New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[20.09]: Jellyfin 10.7.1 backport #120523
[20.09]: Jellyfin 10.7.1 backport #120523
Conversation
Result of 3 packages built successfully:
Result of 4 packages built successfully:
|
https://github.com/jellyfin/jellyfin/releases/tag/v10.7.0 (cherry picked from commit da94be3)
(cherry picked from commit 8a487ea)
(cherry picked from commit 7b3d1d6)
Co-authored-by: Felix Tenley <felschr@pm.me> (cherry picked from commit 074e05c)
(cherry picked from commit c112ab2)
(cherry picked from commit a3604fc)
(cherry picked from commit e60fc2c)
fixes advisory GHSA-rgjw-4fwc-9v96
(cherry picked from commit 2ab88a3)
871b6a0
to
1c2bd84
Compare
Updated Jellyfin version to 10.7.5 due to GHSA-rgjw-4fwc-9v96. I couldn't cherry-pick #120344 due to what I think are changes in node2nix, so the commit This fixes also #124643 |
Have you tried applying these changes as patches on top of the 10.6 series? This looks like quite some changes to backport otherwise. |
Unfortunately NixOS 20.09 has reached its end-of-life status on 2021-07-01, one Since we do not accept any changes to its branches anymore, I'm closing this pull |
Motivation for this change
Jellyfin <10.7.1 contains a vulnerability:
See #120388 and #120387. The jellyfin_10_5 package removal will be backported once #120520 is merged.
Since Jellyfin now depends on dotnet 5+, I've also had to backport dotnet / aspnetcore, I hope this is the correct way to do this
cc @nyanloutre, @purcell
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)