JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
258,242 Commits 2 Branches 0 Tags 13 GiB
3b85d7d54f
Commit Graph

11694 Commits

Author SHA1 Message Date
Frederik Rietdijk
3b85d7d54f
Merge pull request #106321 from NixOS/staging-next 
Staging next
 2020-12-11 15:56:17 +01:00
Linus Heckemann
5978c30736
Merge pull request #106598 from Ma27/nextcloud-update 
nextcloud: 19.0.4 -> 19.0.6, 20.0.1 -> 20.0.3, mark v19 as insecure
 2020-12-11 14:30:28 +01:00
Maximilian Bosch
520b10453f
nextcloud: 19.0.4 -> 19.0.6, 20.0.1 -> 20.0.3, mark v19 as insecure 
ChangeLogs:

* https://nextcloud.com/changelog/#20-0-3
* https://nextcloud.com/changelog/#19-0-6

For Nextcloud 20, security advisories for CVE-2020-8259[1] &
CVE-2020-8152[2] were published. The only way to fix those is to upgrade
to v20, although v19 and v18 are supported, the issue won't be fixed
there[3].

Even though both CVEs are only related to the encryption module[4] which
is turned off by default, I decided to add a vulnerability note to
`nextcloud19` since CVE-2020-8259's is rated as "High" by NIST (in
contrast to Nextcloud which rates it as "Low").

If one is not affected by the issue, `nextcloud19` can still be used by
declaring `permittedInsecurePackages`[5].

[1] https://nvd.nist.gov/vuln/detail/CVE-2020-8259,
    https://nextcloud.com/security/advisory/?id=NC-SA-2020-041
[2] https://nvd.nist.gov/vuln/detail/CVE-2020-8152,
    https://nextcloud.com/security/advisory/?id=NC-SA-2020-040
[3] https://help.nextcloud.com/t/fixes-for-cve-2020-8259-cve-2020-8152-in-nextcloud-18-19/98289
[4] https://docs.nextcloud.com/server/20/admin_manual/configuration_files/encryption_configuration.html
[5] https://nixos.org/manual/nixpkgs/stable/#sec-allow-insecure

Closes #106212
 2020-12-11 12:39:57 +01:00
github-actions[bot]
43f4575008
Merge master into staging-next 2020-12-11 06:17:52 +00:00
Jörg Thalheim
d22d9227f1
Merge pull request #106601 from Mic92/frab 
frab: remove package
 2020-12-11 05:27:55 +00:00
Mario Rodas
32bf00445b
Merge pull request #106616 from 0x4A6F/master-promscale 
promscale: 0.1.2 -> 0.1.3
 2020-12-10 22:08:46 -05:00
Mario Rodas
1084629766
Merge pull request #106584 from r-ryantm/auto-update/jackett 
jackett: 0.16.2347 -> 0.17.15
 2020-12-10 21:14:53 -05:00
github-actions[bot]
614876ef33
Merge master into staging-next 2020-12-11 00:40:21 +00:00
0x4A6F
e8237c8f94
promscale: 0.1.2 -> 0.1.3 2020-12-11 00:24:07 +00:00
Mario Rodas
a0aba95515
beanstalkd: install manpage (#106544) 2020-12-10 21:35:29 +00:00
Jörg Thalheim
6fa3728805
frab: remove package 
broken since 2018
 2020-12-10 22:24:11 +01:00
R. RyanTM
81125225d6 jackett: 0.16.2347 -> 0.17.15 2020-12-10 18:28:34 +00:00
github-actions[bot]
79e586aa98
Merge master into staging-next 2020-12-10 18:15:33 +00:00
WilliButz
daf9fa3518
grafana: 7.3.4 -> 7.3.5 
https://github.com/grafana/grafana/releases/tag/v7.3.5
 2020-12-10 14:28:54 +01:00
Jan Tojnar
4f20afbc19
Merge branch 'master' into staging-next 2020-12-10 04:39:30 +01:00
Martin Weinelt
3d12bf304b
Merge pull request #106315 from maralorn/rscs 
rust-synapse-compress-state: init at 0.1.0
 2020-12-09 22:27:39 +01:00
Sandro
db99b2549a
Merge pull request #106414 from marsam/update-postgresqlPackages.pg_hll 
postgresqlPackages.pg_hll: 2.15 -> 2.15.1
 2020-12-09 21:46:20 +01:00
stigo
c92afdced7
Merge pull request #104889 from ztzg/x-16104-zookeeper-update 
zookeeper: 3.4.12 -> 3.6.2 & assorted changes
 2020-12-09 21:33:31 +01:00
github-actions[bot]
faad8493f7
Merge master into staging-next 2020-12-09 18:15:18 +00:00
Maximilian Bosch
ace2457eaf
Merge pull request #106436 from Ma27/matrix-updates 
matrix-synapse: 1.23.0 -> 1.24.0, element-*: 1.7.14 -> 1.7.15
 2020-12-09 19:13:09 +01:00
Damien Diederen
f77d01ffc5 zookeeper: 3.4.12 -> 3.6.2 
A big jump, but the structure hasn't changed much.

This recipe is still based on a binary release provided by upstream.

(It might be interesting to start doing our own builds at some point,
to split client from server, and/or to create packages for removed
"contribs" such as 'zooInspector'.  Upstream intends to further slim
down its release tarballs as most deployments only need specific assets.)
 2020-12-09 15:46:38 +01:00
Martin Weinelt
35d4f19991
Merge pull request #106437 from 0x4A6F/master-routinator 
routinator: 0.8.1 -> 0.8.2
 2020-12-09 13:55:11 +01:00
Robert Hensing
48929049d7
Merge pull request #104838 from redvers/update_cassandra_2.1.20_to_2.1.22_cve-2020-13946 
cassandra_2_1: 2.1.20 -> 2.1.22
 2020-12-09 13:21:04 +01:00
Robert Hensing
ed03f1a594
Merge pull request #104840 from redvers/update_cassandra_2.2.14_to_2.2.19_cve-2020-13946 
cassandra_2_2: 2.2.14 -> 2.2.19
 2020-12-09 13:20:34 +01:00
github-actions[bot]
4090c86280
Merge master into staging-next 2020-12-09 12:20:10 +00:00
Robert Hensing
f41b7f6153
Merge pull request #104835 from redvers/update_cassandra_3.11.4_3.11.9_cve-2020-13946 
cassandra: 3.11.4 -> 3.11.9
 2020-12-09 13:19:53 +01:00
0x4A6F
02b7ec6a94
routinator: 0.8.1 -> 0.8.2 2020-12-09 11:53:39 +00:00
Maximilian Bosch
917cac4663
matrix-synapse: 1.23.0 -> 1.24.0 
ChangeLog: https://github.com/matrix-org/synapse/releases/tag/v1.24.0

This release contains two security advisories:

* CVE-2020-26257[1]: possible DDoS in the federation API.
* CVE-2020-1971[2]: to be fixed in #106362[3].

[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26257
[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971
[3] https://github.com/NixOS/nixpkgs/pull/106362
 2020-12-09 12:30:49 +01:00
Vladimír Čunát
ace04464b6
knot-resolver: 5.2.0 -> 5.2.1 
https://gitlab.nic.cz/knot/knot-resolver/-/tags/v5.2.1
 2020-12-09 11:07:28 +01:00
github-actions[bot]
7d6630d7db
Merge master into staging-next 2020-12-09 00:39:29 +00:00
Sandro
7e2c7c6748
Merge pull request #106338 from r-ryantm/auto-update/webhook 
webhook: 2.7.0 -> 2.8.0
 2020-12-09 01:25:24 +01:00
Austin Seipp
60c15a17c2
Merge pull request #106047 from r-ryantm/auto-update/metabase 
metabase: 0.37.2 -> 0.37.3
 2020-12-08 13:20:10 -06:00
Mario Rodas
43fbe06819
Merge pull request #106071 from r-ryantm/auto-update/nsd 
nsd: 4.3.3 -> 4.3.4
 2020-12-08 13:44:06 -05:00
github-actions[bot]
e729ab0408
Merge master into staging-next 2020-12-08 18:15:38 +00:00
Domen Kožar
02698c9618
hsphfpd: 2020-11-27 -> 2020-12-05 2020-12-08 17:15:05 +01:00
github-actions[bot]
4549c836e7
Merge master into staging-next 2020-12-08 12:19:44 +00:00
Mario Rodas
2ca80a9baa postgresqlPackages.pg_hll: 2.15 -> 2.15.1 2020-12-08 04:20:00 -05:00
R. RyanTM
34318b7c42 webhook: 2.7.0 -> 2.8.0 2020-12-08 09:12:54 +00:00
Mario Rodas
69b545abb7
Merge pull request #106314 from r-ryantm/auto-update/postsrsd 
postsrsd: 1.8 -> 1.9
 2020-12-08 04:11:17 -05:00
Mario Rodas
186ead851f
Merge pull request #106326 from r-ryantm/auto-update/sickgear 
sickgear: 0.23.4 -> 0.23.5
 2020-12-08 04:02:56 -05:00
github-actions[bot]
e539b57990
Merge master into staging-next 2020-12-08 06:17:44 +00:00
R. RyanTM
342421b498 sickgear: 0.23.4 -> 0.23.5 2020-12-08 05:47:33 +00:00
Sandro
ea549c46b6
Merge pull request #105830 from wamserma/gatling16 2020-12-08 05:52:11 +01:00
TredwellGit
88fcd687d0 xorg.xrandr: 1.5.0 -> 1.5.1 
https://lists.x.org/archives/xorg-announce/2019-August/003018.html
 2020-12-08 05:20:24 +01:00
R. RyanTM
24f37c858a postsrsd: 1.8 -> 1.9 2020-12-08 03:10:37 +00:00
Malte Brandy
9329daa507
rust-synapse-compress-state: init at 0.1.0 
"A tool to compress some state in a Synapse instance's database"
 2020-12-08 04:10:09 +01:00
github-actions[bot]
db90e75ade
Merge staging-next into staging 2020-12-08 00:39:07 +00:00
Ryan Mulligan
1e688c5dda
Merge pull request #106282 from r-ryantm/auto-update/jackett 
jackett: 0.16.2291 -> 0.16.2347
 2020-12-07 14:28:47 -08:00
Gabriel Ebner
a474f0d1e6
Merge pull request #105275 from lukegb/nixpkgs-pa14 
pulseaudio: 13.0 -> 14.0
 2020-12-07 22:45:47 +01:00
R. RyanTM
06fe1afa48 jackett: 0.16.2291 -> 0.16.2347 2020-12-07 20:54:36 +00:00