Skip to content

staging-next-25.11 iteration 1 - 2025-12-06#468267

Merged
vcunat merged 140 commits intorelease-25.11from
staging-next-25.11
Dec 15, 2025
Merged

staging-next-25.11 iteration 1 - 2025-12-06#468267
vcunat merged 140 commits intorelease-25.11from
staging-next-25.11

Conversation

@vcunat
Copy link
Member

@vcunat vcunat commented Dec 6, 2025

qbisi and others added 30 commits November 16, 2025 15:31
@qbisi @mweinelt
python-env: wrap python executable with --resolve-argv0
ba25286 
This commit, together with #442540,
changes the way python environments are built:

  * When generating wrappers for python executables, we inherit argv[0]
    from the wrapper. This causes python to initialize its configuration
    in the environment with all the correct paths.
  * We also resolve argv[0] to absolute path when invoking python from
    PATH. This helps set python's prefix correctly on Darwin.

The end result is that python environments no longer appear to be venvs,
and behave more like a vanilla python installation. In addition it's
possible to create a venv using an environment and use packages from
both the environment and the venv.

(cherry picked from commit abe61db)
@limwa @github-actions
python3Packages.httpcore: remove unused dependencies
677e3c9 
(cherry picked from commit 2e7e7c7)
@wolfgangwalther
Merge branch 'master' into staging-next-25.11
2bdb0a3
@wolfgangwalther
Merge branch 'staging-next-25.11' into staging-25.11
c29a7f5
@reckenrode @github-actions
llvmPackages.clang-tools: add support for -cxx-isystem
f006dea 
This is necessary after #445095,
which moved libc++ to -cxx-isystem to improve compatibility with build
systems that invoke `clang` to compile C++ code.

(cherry picked from commit d46fa26)
@Scrumplex
Revert "curl: enable c-ares"
0116068 
(cherry picked from commit 1af2b4e)
@nixpkgs-ci
Merge master into staging-next-25.11
48bba61
@nixpkgs-ci
Merge staging-next-25.11 into staging-25.11
635b846
@wolfgangwalther
[Backport staging-25.11] python3Packages.httpcore: remove unused depe…
4976fc3 
…ndencies (#462514)
@wolfgangwalther
[Backport staging-25.11] llvmPackages.clang-tools: add support for -c…
2cb8c5d 
…xx-isystem (#462884)
@Scrumplex
[Backport staging-25.11] Revert "curl: enable c-ares" (#462707)
03f30bb
@r-ryantm @github-actions
cacert: 3.115 -> 3.117
52a0908 
(cherry picked from commit 9e6e563)
@nixpkgs-ci
Merge master into staging-next-25.11
9c4a089
@nixpkgs-ci
Merge staging-next-25.11 into staging-25.11
51d6580
@mweinelt
[Backport staging-25.11] cacert: 3.115 -> 3.117 (#463038)
18b9ba2
@nixpkgs-ci
Merge master into staging-next-25.11
5565117
@nixpkgs-ci
Merge staging-next-25.11 into staging-25.11
9add9f5
@nixpkgs-ci
Merge master into staging-next-25.11
7955138
@nixpkgs-ci
Merge staging-next-25.11 into staging-25.11
35fc432
@ryota2357 @github-actions
happy: fix for justStaticExecutables
071a705 
(cherry picked from commit 9eff836)
@wolfgangwalther
[Backport staging-25.11] happy: fix for justStaticExecutables (#463718)
2db559d
@nixpkgs-ci
Merge master into staging-next-25.11
dd49428
@nixpkgs-ci
Merge staging-next-25.11 into staging-25.11
1dfd24b
@reckenrode @github-actions
at-spi2-core: drop patch on Darwin
850aeaa 
This patch is included in 2.58.1.

(cherry picked from commit 2344c36)
@Aleksanaa
[Backport staging-25.11] at-spi2-core: drop patch on Darwin (#464171)
616556a
@martinetd @github-actions
libpng: 1.6.50 -> 1.6.51
5b6c340 
This is a security release and the APNG patch applies as is without
modification from 1.6.50

Link: https://www.openwall.com/lists/oss-security/2025/11/22/1
Fixes: CVE-2025-64505, CVE-2025-64506, CVE-2025-64720, CVE-2025-65018
(cherry picked from commit 2a692fc)
@vcunat @github-actions
gnutls: 3.8.10 -> 3.8.11
f75a818 
Fixes CVE-2025-9820 (low severity)
http://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18
https://lists.gnupg.org/pipermail/gnutls-help/2025-November/004906.html

(cherry picked from commit 0425be6)
@tobim @github-actions
pkgsStatic.cyrus_sasl: fix build
5247c91 
Static linux-pam is marked broken.

(cherry picked from commit 49ba430)
@h0nIg @github-actions
buildEnv: relax constraints about readdir contents
f3283d1 
(cherry picked from commit 866aaf8)
@wolfgangwalther
Merge remote-tracking branch release-25.11 into staging-next-25.11
e54e014
@vcunat
Copy link
Member Author

vcunat commented Dec 10, 2025
edited
Loading

nixpkgs-ci bot and others added 23 commits December 10, 2025 17:30
@nixpkgs-ci
Merge release-25.11 into staging-next-25.11
f0882a7
@wolfgangwalther
Merge branch 'release-25.11' into staging-next-25.11
f1a8b00
@nixpkgs-ci
Merge release-25.11 into staging-next-25.11
d2ea480
@vcunat
autogen: force a rebuild on aarch64-darwin
e0d2da7 
The binary on cache.nixos.org was broken, probably badly signed,
as shown e.g. by ./result-bin/bin/autogen --help
It's unknown how it broke, but we need to rebuild it to fix many builds
https://hydra.nixos.org/build/315983923/nixlog/4/tail

Thanks to emilazy for finding the problem and workaround.
@nixpkgs-ci
Merge release-25.11 into staging-next-25.11
3c57b4a
@nixpkgs-ci
Merge release-25.11 into staging-next-25.11
79cba5f
@nixpkgs-ci
Merge release-25.11 into staging-next-25.11
a768006
@vcunat
postgresql_17: disable parallel building on aarch64-darwin
03c66de 
It's failing on Hydra even after many retries.  I fail to reproduce
the issue and log looks like some parallel-make problem:
https://hydra.nixos.org/build/315811942#tabs-buildsteps

It's weird that other versions and other platforms
don't seem to suffer from this issue.
Unfortunately, hundreds of Hydra jobs depend on this one.
@vcunat
Merge branch 'release-25.11' into staging-next-25.11
916446e
@nixpkgs-ci
Merge release-25.11 into staging-next-25.11
8bfff3f
@r-ryantm @vcunat
apacheHttpdPackages.mod_python: 3.5.0.4 -> 3.5.0.5
d2d2bbb 
(cherry picked from commit 728441c)
This fixes the build.  I haven't investigated what's going on.
https://hydra.nixos.org/build/316138852/nixlog/3/tail
@Mynacol @vcunat
boulder: 2025-04-17 -> v0.20251118.0, fix build
ca2d837 
Boulder has mostly removed keys and certificates for testing in the
meantime. They have to be generated on-the-fly. The ipki keys just
require minica. The webpki keys would require softhsm and this somehow
fails. We currently get away without them, probably because we have
disabled all the tests that require them.

(cherry picked from commit edcf84b)
This fixes the build.  I haven't investigated what's going on.
https://hydra.nixos.org/build/315683959/nixlog/3/tail
@matthiasbeyer @vcunat
cargo-valgrind: Ignore empty_tests_not_leak_in_release_mode
df37ca1 
Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
(cherry picked from commit 717c6fc)
@r-ryantm @vcunat
cargo-valgrind: 2.3.3 -> 2.4.0
0b26337 
(cherry picked from commit 4c883a2)
This fixes the build.  I haven't investigated what's going on.
https://hydra.nixos.org/build/315685706/nixlog/4/tail
@r-ryantm @vcunat
python3Packages.aggdraw: 1.3.19 -> 1.4.1
ded780b 
(cherry picked from commit 8a9d84b)
This fixes the build.  I haven't investigated what's going on.
https://hydra.nixos.org/build/316012891/nixlog/3/tail
@r-ryantm @vcunat
inko: 0.18.1 -> 0.19.1
15dfdbf 
(cherry picked from commit 41c3b51)
This fixes the build.  I haven't investigated what's going on.
https://hydra.nixos.org/build/315744664/nixlog/4/tail
@kirillrdy @vcunat
fittrackee: fix build and tests
f5a0126 
(cherry picked from commit cb2743d)
This fixes the build.  I haven't investigated what's going on.
https://hydra.nixos.org/build/315971344/nixlog/3/tail
@autra @vcunat
kup: 0.9.1 -> 0.10.0 and fix build
7f574f5 
(cherry picked from commit 7916753)
https://hydra.nixos.org/build/316140666/nixlog/3/tail
@dotlambda @vcunat
lparchive2epub: unpin ebooklib
3fc04d8 
(cherry picked from commit fb6b69a)
This fixes the build.  I haven't investigated what's going on.
https://hydra.nixos.org/build/315984931/nixlog/3/tail
@wolfgangwalther @vcunat
haskellPackages.http2-tls: fix eval
a462ae8 
This broke via staging merge.

(cherry picked from commit ee0923a)
(cherry picked from commit 9b2c8bd)
@emilazy @vcunat
python313Packages.libxml2: force rebuild for code signing issue
dd470b6 
Fixes <https://hydra.nixos.org/build/315745363>.
@emilazy
python313Packages.libxml2: force rebuild for code signing issue (#471151
728c713 
)
@nixpkgs-ci
Merge release-25.11 into staging-next-25.11
b13bd53
@vcunat vcunat added this pull request to the merge queue Dec 15, 2025
Merged via the queue into release-25.11 with commit c6f52eb Dec 15, 2025
24 checks passed
@vcunat vcunat mentioned this pull request Dec 29, 2025
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 4.workflow: staging A staging-next or staging-next-XX.YY branch 9.needs: reviewer This PR currently has no reviewers requested and needs attention. 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild on Darwin and must target a staging branch. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.