Commit Graph

11569 Commits

Author SHA1 Message Date
Michiel Leenaars
0a4f1bc7f7 Sylk: 2.7.0 -> 2.7.2 2020-05-15 10:39:50 +02:00
José Romildo Malaquias
740cc35059
Merge pull request #87777 from romildo/upd.balsa
balsa: 2.5.9 -> 2.6.1
2020-05-14 19:37:47 -03:00
Nikolay Korotkiy
131663718e
newsboat: fix on darwin 2020-05-14 19:51:25 +03:00
Mario Rodas
b51a82932f
Merge pull request #87733 from taku0/flashplayer-32.0.0.371
flashplayer: 32.0.0.363 -> 32.0.0.371
2020-05-14 08:05:29 -05:00
zowoq
aade6fc7b0 cni-plugins: switch to buildGoModule 2020-05-14 17:36:30 +10:00
Jörg Thalheim
e6907df061
ipfs: switch to vendored tarball 2020-05-14 07:22:27 +01:00
Jörg Thalheim
cdb8539006
jx: 2.1.31 -> 2.1.31 2020-05-14 07:22:26 +01:00
Colin L Rice
d6162dab50
go-modules: Update files to use vendorSha256 2020-05-14 07:22:21 +01:00
Sarah Brofeldt
4c2a228508
Merge pull request #87778 from zowoq/cni
cni-plugins: 0.8.5 -> 0.8.6
2020-05-14 06:52:35 +02:00
Mario Rodas
0b72a749ae
terraform: 0.12.24 -> 0.12.25
Changelog: https://github.com/hashicorp/terraform/releases/tag/v0.12.25
2020-05-13 20:20:20 -05:00
zowoq
dcb013d85c cni-plugins: 0.8.5 -> 0.8.6
https://github.com/containernetworking/plugins/releases/tag/v0.8.6
2020-05-14 10:57:02 +10:00
José Romildo Malaquias
d56c2a0b24 balsa: 2.5.9 -> 2.6.1
Remove --with-gpgme as gpg is fixed build requirement now.
2020-05-13 21:46:27 -03:00
Andreas Rammhold
8ba41a1e14
Merge pull request #87708 from aszlig/firefox-nss-3.52-fix
firefox: Add patch to fix AES GCM IV bit size
2020-05-13 23:21:04 +02:00
José Romildo Malaquias
7172181c3d balsa: sort dependence list 2020-05-13 18:17:28 -03:00
José Romildo Malaquias
717656fd03 balsa: format with nixpkgs-fmt 2020-05-13 18:13:35 -03:00
Marek Mahut
dd2fffd04c
Merge pull request #87075 from prusnak/openbazaar
openbazaar: init at 0.14.2
2020-05-13 18:21:44 +02:00
Rok Garbas
2b51171fb6
Merge pull request #87686 from lovesegfault/zoom-us-5.0.4
zoom-us: 5.0.399860.0429 -> 5.0.403652.0509
2020-05-13 14:24:04 +02:00
Mario Rodas
d5a8dc3f4d
Merge pull request #87713 from zowoq/minikube
minikube: 1.10.0 -> 1.10.1
2020-05-13 01:26:41 -05:00
R. RyanTM
bef44fc4ae znc: 1.7.5 -> 1.8.0 2020-05-12 22:11:10 -07:00
zowoq
ff720ad8af minikube: 1.10.0 -> 1.10.1
https://github.com/kubernetes/minikube/releases/tag/v1.10.1
2020-05-13 13:20:49 +10:00
Lynn Dong
60c0d55e09 helmsman: init at 3.3.0 2020-05-12 18:07:36 -07:00
aszlig
8fb49973ce
firefox: Add patch to fix AES GCM IV bit size
Regression introduced by bce5268a21.

The bit size of the initialisation vector for AES GCM has been
introduced in NSS version 3.52 in the CK_GCM_PARMS struct via the
ulIvBits field.

Unfortunately, Firefox 68.8.0 and 76.0 do not set this field and thus it
gets initialised to zero, which in turn causes IV generation to fail.

I found out about this because WebRTC stopped working after updating to
NSS 3.52 and so I started bisecting.

Since there wasn't an obvious error in Firefox hinting towards NSS but
instead just the video stream ended up as a "null" stream, I didn't
suspect the NSS update to be the culprit at first. So I verified a few
times and then also started bisecting the actual commit in NSS that
caused the issue.

This turned out to be the problematic change:

https://phabricator.services.mozilla.com/D63241

> One notable change was caused by an inconsistancy between the spec and
> the released headers in PKCS#11 v2.40. CK_GCM_PARAMS had an extra
> field in the header that was not in the spec. OASIS considers the
> header file to be normative, so PKCS#11 v3.0 resolved the issue in
> favor of the header file definition.

Since the test I've used[1] was a bit flaky, I still didn't believe the
result of the bisect to be accurate, but after running the test several
times leading same results I dug through the above change line by line
to get more clues.

It fortunately didn't take that long to stumble upon the ulIvBits change
(which is actually documented in the NSS 3.52 release notes[4], but I
managed to blatantly ignore it for some reason) and started checking the
Firefox source tree for changes regarding that field.

Initialisation of that new field has been introduced[2] in preparation
for the 76 release, but subsequently got reverted[3] prior to the
release, because Firefox 76 is expected to be shipped with NSS 3.51,
which didn't have the ulIvBits field.

The patch I'm adding here is just a reintroduction of that change,
because we're using NSS 3.52. Not initialising that field will break
WebRTC and WebCrypto, which I think the former seems to gain in
popularity these days ;-)

Tested the change against the mentioned VM test[1] and also by testing
manually using Jitsi Meet and Nextcloud Talk.

[1]: https://github.com/aszlig/avonc/tree/884315838b6f0ebb32b/tests/talk
[2]: https://hg.mozilla.org/mozilla-central/rev/3ed30e6b6de1
[3]: https://hg.mozilla.org/mozilla-central/rev/665137da70ee
[4]: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.52_release_notes

Signed-off-by: aszlig <aszlig@nix.build>
2020-05-13 02:23:12 +02:00
Bernardo Meurer
4e4f5cb925
zoom-us: 5.0.399860.0429 -> 5.0.403652.0509 2020-05-12 10:09:12 -07:00
Robert Schütz
52fcfd3876 qutebrowser: 1.11.0 -> 1.11.1
fixes CVE-2020-11054
2020-05-12 18:46:09 +02:00
zowoq
9452d34b14 minikube: 1.9.2 -> 1.10.0
https://github.com/kubernetes/minikube/releases/tag/v1.10.0
2020-05-12 19:47:31 +10:00
taku0
d8fa222ca2 flashplayer: 32.0.0.363 -> 32.0.0.371 2020-05-12 18:31:02 +09:00
Elis Hirwing
47d1cd332c
Merge pull request #87552 from r-ryantm/auto-update/testssl.sh
testssl: 3.0 -> 3.0.1
2020-05-11 08:22:16 +02:00
R. RyanTM
183378d1d5 testssl: 3.0 -> 3.0.1 2020-05-10 21:49:32 +00:00
Pavol Rusnak
47df73b221
openbazaar-client: init at 2.4.4 2020-05-10 23:32:59 +02:00
Pavol Rusnak
731cbde2c0
openbazaar: init at 0.14.2 2020-05-10 23:32:58 +02:00
Ryan Mulligan
84982d1664
Merge pull request #87523 from r-ryantm/auto-update/tixati
tixati: 2.72 -> 2.73
2020-05-10 12:42:46 -07:00
Kim Lindberger
7451f11730
google-drive-ocamlfuse: 0.7.2 -> 0.7.21 (#86469)
ocamlPackages.ocamlfuse: 2.7.1_cvs5 -> 2.7.1_cvs6_e35e76b
2020-05-10 21:24:18 +02:00
R. RyanTM
ab3dfc3fb5 tixati: 2.72 -> 2.73 2020-05-10 18:29:10 +00:00
Luke Granger-Brown
5da1393030 deluge: add glib so its hook works.
At the moment, runing `deluge` with the deluge package installed returns
"No GSettings schemas are installed on the system".

After this patch, XDG_DATA_DIRS includes the gsettings-desktop-schemas,
which means the program actually manages to launch.
2020-05-10 19:24:09 +02:00
R. RyanTM
23bacaa090 remmina: 1.4.1 -> 1.4.3 2020-05-10 09:35:19 -07:00
R. RyanTM
9c15de6ea4 suricata: 5.0.2 -> 5.0.3 2020-05-10 09:35:02 -07:00
Daniël de Kok
b1792c41f6 resilio-sync: 2.6.4 -> 2.7.0
Changelog:

https://help.resilio.com/hc/en-us/articles/206216855-Sync-2-x-change-log
2020-05-10 16:01:14 +02:00
Ryan Mulligan
f88bdf383b
Merge pull request #87460 from r-ryantm/auto-update/qbittorrent
qbittorrent: 4.2.2 -> 4.2.5
2020-05-10 06:36:20 -07:00
Jörg Thalheim
24055420f9
Merge pull request #87283 from Luflosi/patch-dino 2020-05-10 14:09:39 +01:00
Michael Weiss
22fef8ebb1
tdesktop: 2.1.2 -> 2.1.4 2020-05-10 15:08:06 +02:00
Michael Weiss
1104de365e
gns3-{gui,server}: 2.2.7 -> 2.2.8 2020-05-10 14:58:38 +02:00
R. RyanTM
35729638c8 qbittorrent: 4.2.2 -> 4.2.5 2020-05-10 02:08:10 +00:00
Luflosi
099bc11d38
dino: allow newer versions of libsignal-protocol-c
The exact version of libsignal-protocol-c used by dino is hard-coded to 2.3.2 because "libsignal-protocol-c has a history of breaking compatibility on the patch level". This prevents libsignal-protocol-c from being updated in https://github.com/NixOS/nixpkgs/pull/83736. Upstream already allows newer versions in the latest git master, so patch the source with this commit. Unfortunately patching doesn't work with git submodules but since the submodule is not used anyways, simply ignore this part of the patch.
2020-05-10 00:35:37 +02:00
Luflosi
5317280ade
ipfs: 0.5.0 -> 0.5.1
https://github.com/ipfs/go-ipfs/releases/tag/v0.5.1
2020-05-09 17:33:34 +02:00
Jörg Thalheim
887295fd2d
treewide: remove the-kenny from maintainers
@the-kenny did a good job in the past and is set as maintainer in many package,
however since 2017-2018 he stopped contributing. To create less confusion
in pull requests when people try to request his feedback, I removed him as
maintainer from all packages.
2020-05-09 10:28:57 +01:00
xiorcale
ccfe14cb3b github username: kjuvi -> xiorcale 2020-05-09 09:08:18 +02:00
Linus Heckemann
9df981d3f4 freerdp: 2.0.0 -> 2.1.0 2020-05-09 09:05:07 +02:00
R. RyanTM
ae15422200 cloudflared: 2020.2.1 -> 2020.3.2 2020-05-09 08:58:22 +02:00
R. RyanTM
1b790c5099 maestral: 0.6.3 -> 0.6.4 2020-05-09 08:56:34 +02:00
Euan Kemp
e61dc85117 k3s: fix build for aarch64
The upstream project already builds and releases for aarch64. This makes
the couple small tweaks that I found necessary for k3s to cross-compile
for aarch64.

I also ran it through nixpkgs-fmt.
2020-05-09 08:37:06 +02:00