Adds programs.mosh.withUtempter (default: true).
The option enables -with-utempter for mosh, allowing it to write to
/var/run/utmp and thus making connected sessions appear in the output
of `who -a`.
For that, a guid-wrapper is required. Also, the path to the `utempter` was
hardcoded in the resulting binary until now (so it could never been found),
thus, libutempter was patched accordingly to point to
/run/wrappers/bin/utempter which at least works when the wrapper is
configured.
This fixes CVE-2018-10184 a potential remote denial of service in the
http/2 module. The version bump also includes various other changes that
are described in the changelog [1]:
2018/05/18 : 1.8.9
- BUG/MINOR: pattern: Add a missing HA_SPIN_INIT() in pat_ref_newid()
- BUG/MAJOR: channel: Fix crash when trying to read from a closed socket
- BUG/MINOR: log: t_idle (%Ti) is not set for some requests
- BUG/MEDIUM: lua: Fix segmentation fault if a Lua task exits
- MINOR: h2: detect presence of CONNECT and/or content-length
- BUG/MEDIUM: h2: implement missing support for chunked encoded uploads
- BUG/MINOR: lua/threads: Make lua's tasks sticky to the current thread
- BUG/MINOR: config: disable http-reuse on TCP proxies
- BUG/MINOR: checks: Fix check->health computation for flapping servers
- BUG/MEDIUM: threads: Fix the sync point for more than 32 threads
- BUG/MINOR: lua: Put tasks to sleep when waiting for data
- DOC/MINOR: clean up LUA documentation re: servers & array/table.
- BUG/MINOR: map: correctly track reference to the last ref_elt being dumped
- BUG/MEDIUM: task: Don't free a task that is about to be run.
- BUG/MINOR: lua: schedule socket task upon lua connect()
- BUG/MINOR: lua: ensure large proxy IDs can be represented
- BUG/MEDIUM: http: don't always abort transfers on CF_SHUTR
- BUG/MEDIUM: pollers: Use a global list for fd shared between threads.
- BUG/MEDIUM: ssl: properly protect SSL cert generation
- BUG/MINOR: spoe: Mistake in error message about SPOE configuration
2018/04/19 : 1.8.8
- BUG/MEDIUM: threads: Fix the max/min calculation because of name clashes
- BUG/MEDIUM: connection: Make sure we have a mux before calling detach().
- BUG/MINOR: http: Return an error in proxy mode when url2sa fails
- BUG/MEDIUM: kqueue: When adding new events, provide an output to get errors.
- BUG/MINOR: cli: Guard against NULL messages when using CLI_ST_PRINT_FREE
- MINOR: cli: Ensure the CLI always outputs an error when it should
- DOC: lua: update the links to the config and Lua API
- BUG/CRITICAL: h2: fix incorrect frame length check
2018/04/07 : 1.8.7
- BUG/MAJOR: cache: always initialize newly created objects
- MINOR: servers: Support alphanumeric characters for the server templates names
2018/04/05 : 1.8.6
- BUG/MINOR: lua: the function returns anything
- BUG/MINOR: lua funtion hlua_socket_settimeout don't check negative values
- BUILD/MINOR: fix build when USE_THREAD is not defined
- MINOR: cli/threads: make "show fd" report thread_sync_io_handler instead of "unknown"
- MINOR: cli: make "show fd" report the mux and mux_ctx pointers when available
- BUILD/MINOR: cli: fix a build warning introduced by last commit
- BUG/MINOR: hpack: fix harmless use of uninitialized value in hpack_dht_insert
- CLEANUP: h2: rename misleading h2c_stream_close() to h2s_close()
- MINOR: h2: provide and use h2s_detach() and h2s_free()
- BUG/MAJOR: h2: remove orphaned streams from the send list before closing
- MINOR: h2: always call h2s_detach() in h2_detach()
- MINOR: h2: fuse h2s_detach() and h2s_free() into h2s_destroy()
- BUG/MEDIUM: h2/threads: never release the task outside of the task handler
- BUG/MEDIUM: h2: don't consider pending data on detach if connection is in error
- BUILD/MINOR: threads: always export thread_sync_io_handler()
- BUG/MEDIUM: h2: always add a stream to the send or fctl list when blocked
- BUG/MINOR: checks: check the conn_stream's readiness and not the connection
- BUG/MINOR: email-alert: Set the mailer port during alert initialization
- BUG/MINOR: cache: fix "show cache" output
- BUG/MINOR: fd: Don't clear the update_mask in fd_insert.
- BUG/MAJOR: cache: fix random crashes caused by incorrect delete() on non-first blocks
- BUG/MINOR: spoe: Initialize variables used during conf parsing before any check
- BUG/MINOR: spoe: Don't release the context buffer in .check_timeouts callbaclk
2018/03/23 : 1.8.5
- BUG/MINOR: threads: fix missing thread lock labels for 1.8
- BUG/MEDIUM: ssl: Don't always treat SSL_ERROR_SYSCALL as unrecovarable.
- BUG/MEDIUM: ssl: Shutdown the connection for reading on SSL_ERROR_SYSCALL
- BUG/MINOR: init: Add missing brackets in the code parsing -sf/-st
- BUG/MINOR: ssl/threads: Make management of the TLS ticket keys files thread-safe
- BUG/MEDIUM: http: Switch the HTTP response in tunnel mode as earlier as possible
- BUG/MEDIUM: ssl/sample: ssl_bc_* fetch keywords are broken.
- DOC: lua: new prototype for function "register_action()"
- DOC: cfgparse: Warn on option (tcp|http)log in backend
- BUG/MINOR: debug/pools: properly handle out-of-memory when building with DEBUG_UAF
- MINOR: debug/pools: make DEBUG_UAF also detect underflows
- BUG/MINOR: h2: Set the target of dbuf_wait to h2c
- MINOR: stats: display the number of threads in the statistics.
- BUG/MEDIUM: h2: always consume any trailing data after end of output buffers
- BUG/MEDIUM: buffer: Fix the wrapping case in bo_putblk
- BUG/MEDIUM: buffer: Fix the wrapping case in bi_putblk
- Revert "BUG/MINOR: send-proxy-v2: string size must include ('\0')"
- MINOR: systemd: Add section for SystemD sandboxing to unit file
- MINOR: systemd: Add SystemD's Protect*= options to the unit file
- MINOR: systemd: Add SystemD's SystemCallFilter option to the unit file
- MINOR/BUILD: fix Lua build on Mac OS X
- BUILD/MINOR: fix Lua build on Mac OS X (again)
- BUG/MINOR: session: Fix tcp-request session failure if handshake.
- CLEANUP: .gitignore: Ignore binaries from the contrib directory
- BUG/MINOR: unix: Don't mess up when removing the socket from the xfer_sock_list.
- BUG/MEDIUM: h2: also arm the h2 timeout when sending
- BUG/MINOR: cli: Fix a crash when passing a negative or too large value to "show fd"
- CLEANUP: ssl: Remove a duplicated #include
- CLEANUP: cli: Remove a leftover debug message
- BUG/MINOR: cli: Fix a typo in the 'set rate-limit' usage
- BUG/MEDIUM: fix a 100% cpu usage with cpu-map and nbthread/nbproc
- BUG/MINOR: force-persist and ignore-persist only apply to backends
- BUG/MEDIUM: spoe: Remove idle applets from idle list when HAProxy is stopping
- BUG/MEDIUM: threads/unix: Fix a deadlock when a listener is temporarily disabled
- BUG/MAJOR: threads/queue: Fix thread-safety issues on the queues management
- BUG/MINOR: dns: don't downgrade DNS accepted payload size automatically
- BUG/MINOR: seemless reload: Fix crash when an interface is specified.
- BUG/MINOR: cli: Fix a crash when sending a command with too many arguments
- BUILD: ssl: Fix build with OpenSSL without NPN capability
- BUG/MINOR: spoa-example: unexpected behavior for more than 127 args
- BUG/MINOR: lua: return bad error messages
- BUG/MEDIUM: tcp-check: single connect rule can't detect DOWN servers
- BUG/MINOR: tcp-check: use the server's service port as a fallback
- BUG/MEDIUM: threads/queue: wake up other threads upon dequeue
- MINOR: log: stop emitting alerts when it's not possible to write on the socket
- BUILD/BUG: enable -fno-strict-overflow by default
- DOC: log: more than 2 log servers are allowed
- DOC: don't suggest using http-server-close
- BUG/MEDIUM: h2: properly account for DATA padding in flow control
- BUG/MINOR: h2: ensure we can never send an RST_STREAM in response to an RST_STREAM
- BUG/MINOR: listener: Don't decrease actconn twice when a new session is rejected
[1] https://www.haproxy.org/download/1.8/src/CHANGELOG
Applies a patch to the dd-agent derivation that fixes a compatibility
issue with the current version of iostat, which no longer contains a
colon after its table headers.
This patch is applied in order for the fix to be backportable to
existing stable releases. A final "proper" fix will be an upgrade to a
newer version of dd-agent, but that requires several other changes.
This fixes#40103.
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/strongswan/versions.
These checks were done:
- built on NixOS
- /nix/store/9qicaqwg2cvmahh3hqwig5bcqpd41k9a-strongswan-5.6.3/bin/pki passed the binary check.
- /nix/store/9qicaqwg2cvmahh3hqwig5bcqpd41k9a-strongswan-5.6.3/bin/charon-cmd passed the binary check.
- Warning: no invocation of /nix/store/9qicaqwg2cvmahh3hqwig5bcqpd41k9a-strongswan-5.6.3/bin/charon-systemd had a zero exit code or showed the expected version
- /nix/store/9qicaqwg2cvmahh3hqwig5bcqpd41k9a-strongswan-5.6.3/bin/ipsec passed the binary check.
- /nix/store/9qicaqwg2cvmahh3hqwig5bcqpd41k9a-strongswan-5.6.3/bin/swanctl passed the binary check.
- 4 of 5 passed binary check by having a zero exit code.
- 1 of 5 passed binary check by having the new version present in output.
- found 5.6.3 with grep in /nix/store/9qicaqwg2cvmahh3hqwig5bcqpd41k9a-strongswan-5.6.3
- directory tree listing: https://gist.github.com/258736889db4e822d054b65e7035147b
- du listing: https://gist.github.com/478dbb4f44b4ed18b112076b17451a4e
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/stunnel/versions.
These checks were done:
- built on NixOS
- Warning: no invocation of /nix/store/9dvqa02pamz2wgzrpsjlzvf02qlmmabj-stunnel-5.46/bin/stunnel3 had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/9dvqa02pamz2wgzrpsjlzvf02qlmmabj-stunnel-5.46/bin/stunnel had a zero exit code or showed the expected version
- 0 of 2 passed binary check by having a zero exit code.
- 0 of 2 passed binary check by having the new version present in output.
- found 5.46 with grep in /nix/store/9dvqa02pamz2wgzrpsjlzvf02qlmmabj-stunnel-5.46
- directory tree listing: https://gist.github.com/fa7d88d4b57706beacb1a6c4ca25a0ab
- du listing: https://gist.github.com/1eb91f78f53c9d1e590c49e38c2869f3
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/wireguard-tools/versions.
These checks were done:
- built on NixOS
- /nix/store/mr991d4pyvfng5bhh06kdlb29mj93cf3-wireguard-tools-0.0.20180524/bin/wg passed the binary check.
- /nix/store/mr991d4pyvfng5bhh06kdlb29mj93cf3-wireguard-tools-0.0.20180524/bin/wg-quick passed the binary check.
- 2 of 2 passed binary check by having a zero exit code.
- 0 of 2 passed binary check by having the new version present in output.
- found 0.0.20180524 with grep in /nix/store/mr991d4pyvfng5bhh06kdlb29mj93cf3-wireguard-tools-0.0.20180524
- directory tree listing: https://gist.github.com/52b47d18275b1b4550ccdd7bfdd16ef0
- du listing: https://gist.github.com/074aac4bf75c6a0a31e18b04cb0ffbc8
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/speedtest-cli/versions.
These checks were done:
- built on NixOS
- /nix/store/rhi9py7nac05v8qsvwjaszp15l5db3p6-speedtest-cli-2.0.1/bin/.speedtest-wrapped passed the binary check.
- /nix/store/rhi9py7nac05v8qsvwjaszp15l5db3p6-speedtest-cli-2.0.1/bin/speedtest passed the binary check.
- /nix/store/rhi9py7nac05v8qsvwjaszp15l5db3p6-speedtest-cli-2.0.1/bin/.speedtest-cli-wrapped passed the binary check.
- /nix/store/rhi9py7nac05v8qsvwjaszp15l5db3p6-speedtest-cli-2.0.1/bin/speedtest-cli passed the binary check.
- 4 of 4 passed binary check by having a zero exit code.
- 4 of 4 passed binary check by having the new version present in output.
- found 2.0.1 with grep in /nix/store/rhi9py7nac05v8qsvwjaszp15l5db3p6-speedtest-cli-2.0.1
- directory tree listing: https://gist.github.com/8474ab8a0bcd232ed8b3f5f9bff112ee
- du listing: https://gist.github.com/f130f280bd23afc5797bf84f764288c4
Lots of packages are missing versions in their name. This adds them
where appropriate. These were found with this command:
$ nix-env -qa -f. | grep -v '\-[0-9A-Za-z.-_+]*$' | grep -v '^hook$'
See issue #41007.
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/stunnel/versions.
These checks were done:
- built on NixOS
- Warning: no invocation of /nix/store/7s4vc01h5glyylky8hsjfbmyxdfr44wl-stunnel-5.45/bin/stunnel3 had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/7s4vc01h5glyylky8hsjfbmyxdfr44wl-stunnel-5.45/bin/stunnel had a zero exit code or showed the expected version
- 0 of 2 passed binary check by having a zero exit code.
- 0 of 2 passed binary check by having the new version present in output.
- found 5.45 with grep in /nix/store/7s4vc01h5glyylky8hsjfbmyxdfr44wl-stunnel-5.45
- directory tree listing: https://gist.github.com/4c607748a7a424c16abcadab39e0a7f7
- du listing: https://gist.github.com/d4b428776b9214e913cb8a97f7698d65
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/urlwatch/versions.
These checks were done:
- built on NixOS
- Warning: no invocation of /nix/store/gpf4j5mmd5zbz0rqj39d57d38f6311pn-urlwatch-2.11/bin/.urlwatch-wrapped had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/gpf4j5mmd5zbz0rqj39d57d38f6311pn-urlwatch-2.11/bin/urlwatch had a zero exit code or showed the expected version
- 0 of 2 passed binary check by having a zero exit code.
- 0 of 2 passed binary check by having the new version present in output.
- found 2.11 with grep in /nix/store/gpf4j5mmd5zbz0rqj39d57d38f6311pn-urlwatch-2.11
- directory tree listing: https://gist.github.com/f36eb5277839d9ca3d15995cec7cc592
- du listing: https://gist.github.com/47f738cad88e3941c1c0f149f8aa4fc7