https://about.gitlab.com/blog/2019/12/10/critical-security-release-gitlab-12-5-4-released/
Insufficient parameter sanitization for Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions. The issue is now mitigated in the latest release and is assigned CVE-2019-19628.
When transferring a public project to a private group, private code would be disclosed via the Group Search API provided by Elasticsearch integration. The issue is now mitigated in the latest release and is assigned CVE-2019-19629.
The Git dependency has been upgraded to 2.22.2 in order to apply security fixes detailed here.
CVE-2019-19604 was identified by the GitLab Security Research team. For more information on that issue, please visit the GitLab Security Research Advisory
closes#75506.
Having a default session resulted in GDM not remembering the last used
session.
So do not force the session until setSessionScript is made aware of the
last session used.
Install again default deps.edn. deps.edn was embedded in clojure jar,
but that change was reverted, see
a34969513f
Update derivation to produce only one output. Multiple outputs was
introduced by #35140, but I don't think is necessary anymore.
When 'grafting' '/nix/store/<hash>-loopback.cfg' from disk onto
'/boot/grub/loopback.cfg' on the iso, the parent 'grub' directory does not
exist yet. In this case it is automatically created and inherits its
attributes, including timestamp, from /nix/store.
This is correct/expected/intentional behavior of xorriso, but has the
undesired result of leaking the timestamps of /nix/store into the iso. For
this reason we put the loopback.cfg in a
'/nix/store/<hash>-loopback.cfg/grub/loopback.cfg' instead, so it will inherit
the attributes from the correctly-timestamped
'/nix/store/<hash>-loopback.cfg/grub' directory.
For the same reason we move '/EFI/boot/efi-background.png' down in the list
so it is grafted after its parent '/EFI/boot' directory is created with
the correct timestamp.
fixes#74944
Since testresources declares `Requires-Dist: pbr (>=1.8)` and imports
`pbr.version`, any user of testresources also needs to have pbr.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
People have only been using this for the spell-entry widget, i.e even
hexchat just has the code vendored and are maintaining it themselves.
There is a continuation that could be packaged if anyone needs it
* https://github.com/TingPing/libsexy3
but currently no package within nixpkgs has a use for this.
This package actually uses the old abandoned code base.
However the code base has been revieved by new maintainers
* https://github.com/projecthamster/
if there is a request for it could be re-added to nixpkgs.
