Martin Weinelt
398b0cf6bd
python3Packages.PyRMVtransport: 0.3.1 -> 0.3.2
2021-05-06 17:04:38 +02:00
Martin Weinelt
24adc01e2e
nixos/home-assistant: allow netlink sockets and /proc/net inspection
...
Since v2021.5.0 home-assistant uses the ifaddr library in the zeroconf
component to enumerate network interfaces via netlink. Since discovery
is all over the place lets allow AF_NETLINK unconditionally.
It also relies on pyroute2 now, which additionally tries to access files
in /proc/net, so we relax ProtectProc a bit by default as well.
This leaves us with these options unsecured:
✗ PrivateNetwork= Service has access to the host's network 0.5
✗ RestrictAddressFamilies=~AF_(INET|INET6) Service may allocate Internet sockets 0.3
✗ DeviceAllow= Service has a device ACL with some special devices 0.1
✗ IPAddressDeny= Service does not define an IP address allow list 0.2
✗ PrivateDevices= Service potentially has access to hardware devices 0.2
✗ PrivateUsers= Service has access to other users 0.2
✗ SystemCallFilter=~@resources System call allow list defined for service, and @resources is included (e.g. ioprio_set is allowed) 0.2
✗ RestrictAddressFamilies=~AF_NETLINK Service may allocate netlink sockets 0.1
✗ RootDirectory=/RootImage= Service runs within the host's root directory 0.1
✗ SupplementaryGroups= Service runs with supplementary groups 0.1
✗ RestrictAddressFamilies=~AF_UNIX Service may allocate local sockets 0.1
✗ ProcSubset= Service has full access to non-process /proc files (/proc subset=) 0.1
→ Overall exposure level for home-assistant.service: 1.6 OK 🙂
2021-05-06 16:55:53 +02:00
Martin Weinelt
3bab9a19ad
home-assistant: 2021.4.6 -> 2021.5.0
...
https://www.home-assistant.io/blog/2021/05/05/release-20215/
2021-05-06 04:45:55 +02:00
Fabian Affolter
44078074fa
python3Packages.zwave-js-server-python: 0.23.1 -> 0.24.0
2021-05-06 02:30:08 +02:00
happysalada
1374bfa2d3
sqlx-cli: fix darwin build
2021-05-06 08:29:37 +09:00
Robin Gloster
361bea3f00
Merge pull request #121828 from wlib/_1password-1.9.1
...
_1password: 1.8.0 -> 1.9.1
2021-05-05 17:39:48 -05:00
Robin Gloster
15182d1ab3
Merge pull request #121832 from ryantm/gluster-qemu
...
qemu_full: add glusterfs support
2021-05-05 17:37:33 -05:00
Robin Gloster
d0e41f05e2
Merge pull request #121833 from markuskowa/upd-ucx
...
ucx: 1.9.0 -> 1.10.0
2021-05-05 17:37:03 -05:00
Robin Gloster
22bed3c9ee
Merge pull request #121838 from nightmared/transmission-apparmor
...
nixos/transmission: add a missing apparmor rule
2021-05-05 17:33:28 -05:00
Robin Gloster
056d272063
Merge pull request #121843 from rhoriguchi/vscode-extensions.hashicorp.terraform
...
vscode-extensions.hashicorp.terraform: 2.10.1 -> 2.10.2
2021-05-05 17:32:06 -05:00
Robin Gloster
527d3ba49a
Merge pull request #121849 from mayflower/moonlight-ffmpeg4
...
moonlight-embedded: build with ffmpeg 4
2021-05-05 17:28:42 -05:00
R. RyanTM
a1a312b400
stix-two: 2.12 -> 2.13
2021-05-06 00:23:40 +02:00
Robin Gloster
d3ba49889a
Merge pull request #121180 from helsinki-systems/upd/php
...
php: 7.3.23, 8.0.5, 7.4.18
2021-05-05 17:07:07 -05:00
Robin Gloster
b3ea6461fa
Merge pull request #121842 from Ma27/bump-prometheus-wireguard-exporter
...
prometheus-wireguard-exporter: 3.4.2 -> 3.5.0
2021-05-05 16:37:38 -05:00
Martin Weinelt
0b2495c93f
Merge pull request #119470 from fabaff/bump-pykmtronic
...
python3Packages.pykmtronic: 0.0.3 -> 0.3.0
2021-05-05 23:31:29 +02:00
Sandro
6c53939f1a
Merge pull request #121673 from ymarkus/devdocs
...
devdocs-desktop: 0.7.1 -> 0.7.2
2021-05-05 23:27:26 +02:00
Robin Gloster
4368c14126
Merge pull request #121749 from ryantm/libvirt-glusterfs
...
libvirt: add enableGlusterfs option
2021-05-05 16:27:10 -05:00
Sandro
3f27a3cd19
Merge pull request #121721 from romildo/upd.xfce
...
xfce.xfce4-clipman-plugin: 1.6.1 -> 1.6.2
2021-05-05 23:25:27 +02:00
Sandro
9a46072f08
Merge pull request #121703 from dotlambda/abcmidi-2021.04.26
...
abcmidi: 2021.03.30 -> 2021.04.26
2021-05-05 23:24:59 +02:00
Martin Weinelt
fe7f0e8794
Merge pull request #120119 from fabaff/bump-httpcore
2021-05-05 23:24:17 +02:00
Sandro
1cf7fae1de
Merge pull request #121377 from LeSuisse/burpsuite-2021.4.2
...
burpsuite: 2020.12.1 -> 2021.4.2
2021-05-05 23:23:28 +02:00
Robin Gloster
a7b3087f75
moonlight-embedded: build with ffmpeg 4
...
see #120705
2021-05-05 16:23:22 -05:00
Martin Weinelt
47235d6d1a
python3Packages.PyRMVTransport: disable failing test
...
https://github.com/Colin-b/pytest_httpx/issues/40#issuecomment-832116903
2021-05-05 23:23:21 +02:00
Sandro
dbe85c8523
Merge pull request #121704 from dbirks/lens-4.2.4
...
lens: 4.2.0 -> 4.2.4
2021-05-05 23:23:05 +02:00
Sandro
562dac79e1
Merge pull request #121498 from Atemu/update/linux_lqx
...
linux_lqx: 5.11.16 -> 5.11.18
2021-05-05 23:22:43 +02:00
Sandro
1f9d30fc7b
Merge pull request #121691 from sternenseemann/sacc-darwin
...
sacc: fix build on darwin
2021-05-05 23:22:08 +02:00
Markus Kowalewski
8253affdce
ucx: 1.9.0 -> 1.10.0
2021-05-05 23:22:02 +02:00
Sandro
542852c743
Merge pull request #121684 from 06kellyjac/nerdctl
...
nerdctl: 0.8.0 -> 0.8.1
2021-05-05 23:21:38 +02:00
Silvan Mosberger
f445acbe0a
Merge pull request #114955 from berbiche/fix/modules-imports-list
...
lib/modules: provide a better error message when "imports" contains a list
2021-05-05 23:20:39 +02:00
Sandro
37562a2295
Merge pull request #121744 from dschrempf/picard
...
picard: 2.5.6 -> 2.6.2
2021-05-05 23:19:49 +02:00
Sandro
13d88c0bd4
Merge pull request #121754 from r-ryantm/auto-update/agi
...
agi: 1.1.0-dev-20210430 -> 1.1.0-dev-20210504
2021-05-05 23:18:28 +02:00
Sandro
d38e8e763d
Merge pull request #121764 from r-ryantm/auto-update/ginkgo
...
ginkgo: 1.16.1 -> 1.16.2
2021-05-05 23:18:06 +02:00
Sandro
bda0c17c81
Merge pull request #121817 from diogox/master
...
frugal: 3.14.3 -> 3.14.4
2021-05-05 23:16:03 +02:00
Sandro
83a9df1dce
Merge pull request #121793 from r-ryantm/auto-update/fuzzel
...
fuzzel: 1.5.3 -> 1.5.4
2021-05-05 23:15:39 +02:00
Sandro
ca93562b56
Merge pull request #121835 from Ma27/bump-evcxr
2021-05-05 23:07:45 +02:00
Maximilian Bosch
82f4538ebd
prometheus-wireguard-exporter: 3.4.2 -> 3.5.0
...
ChangeLog: https://github.com/MindFlavor/prometheus_wireguard_exporter/releases/tag/3.5.0
2021-05-05 23:00:02 +02:00
Ryan Horiguchi
dea3a01153
vscode-extensions.hashicorp.terraform: 2.10.1 -> 2.10.2
2021-05-05 22:59:05 +02:00
Martin Weinelt
db37438260
python3Packages.sanic-testing: relax httpcore, httpx pins
2021-05-05 22:52:15 +02:00
Ryan Mulligan
063e8ee5cf
libvirt: add enableGlusterfs option
2021-05-05 13:49:28 -07:00
Simon Thoby
1bdda029cd
nixos/services/torrent/transmission.nix: add a missing apparmor rule
...
libbrotli wasn't listed as a dependency for the AppArmor profile of the transmission-daemon binary.
As a result, transmission wouldn't run and would fail, logging this audit message to dmesg:
audit[11595]: AVC apparmor=DENIED operation=open profile=/nix/store/08i1rmakmnpwyxpvp0sfc5hcm106am7w-transmission-3.00/bin/transmission-daemon name=/proc/11595/environ pid=11595 comm=transmission-da requested_mask=r denied_mask=r fsuid=70 ouid=70
2021-05-05 22:47:52 +02:00
Vladimír Čunát
d8ac07dd6b
Merge #121781 : knot-resolver: 5.3.1 -> 5.3.2
2021-05-05 22:47:29 +02:00
Silvan Mosberger
6a50580cb0
Merge pull request #121816 from hercules-ci/revert-99132-recursive-type-deprecation
...
Revert 99132 recursive type deprecation
2021-05-05 22:43:17 +02:00
Maximilian Bosch
f233562967
evcxr: 0.8.1 -> 0.9.0
...
ChangeLog: https://github.com/google/evcxr/blob/v0.9.0/RELEASE_NOTES.md#version-090
2021-05-05 22:39:22 +02:00
Martin Weinelt
a7da21b162
Merge pull request #121792 from fabaff/bump-discordpy
...
python3Packages.discordpy: 1.7.1 -> 1.7.2
2021-05-05 22:29:47 +02:00
Ryan Mulligan
ddcd4ddc2c
qemu_full: add glusterfs support
2021-05-05 13:05:21 -07:00
Fabian Affolter
68474bb1ff
Merge pull request #121751 from MetaDark/pythonPackages.debugpy
...
pythonPackages.debugpy: 1.2.1 → 1.3.0
2021-05-05 21:57:11 +02:00
Fabian Affolter
37c75aaf3e
Merge pull request #120874 from rmcgibbo/astropy
...
python3Packages.astropy: unbreak multiple modules
2021-05-05 21:56:25 +02:00
Fabian Affolter
2839557ff8
python3Packages.pykmtronic: 0.0.3 -> 0.3.0
2021-05-05 21:45:19 +02:00
Sander van der Burg
c5173fe208
Merge pull request #121823 from svanderburg/disnix_update
...
Disnix update
2021-05-05 21:41:00 +02:00
Fabian Affolter
36d95ca9c9
python3Packages.discordpy: 1.7.1 -> 1.7.2
2021-05-05 21:36:09 +02:00