Commit Graph

349644 Commits

Author SHA1 Message Date
Thomas Gerbet
725d843cc8 flatpak: 1.12.2 -> 1.12.4
Fixes CVE-2021-43860 and CVE-2022-21682

Changes:
https://github.com/flatpak/flatpak/releases/tag/1.12.4
https://github.com/flatpak/flatpak/releases/tag/1.12.3

Security advisories:
https://github.com/flatpak/flatpak/security/advisories/GHSA-qpjc-vq3c-572j
https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx
2022-01-27 13:57:07 -08:00
ajs124
2b14787033
Merge pull request #156396 from helsinki-systems/upd/mysocket
mysocketw: switch to fork with version 3.10.27
2022-01-27 22:21:22 +01:00
Robert Hensing
da702fe9d9
Merge pull request #156857 from hercules-ci/fix-version-suffix-convention
doc/coding-conventions: Fix version attribute suffix to match reality
2022-01-27 22:16:15 +01:00
Linus Heckemann
81cd4faec2
Merge pull request #156845 from mayflower/nextcloud-group
nextcloud: make home group-readable
2022-01-27 22:09:17 +01:00
Daniel Olsen
68e9cd0f7e nixos/lib: Use SingleLineStr in systemd description 2022-01-27 12:56:36 -08:00
Jan Tojnar
08b1e3e03d
Merge pull request #157043 from tomfitzhenry/spot-0.3.1
spot: 0.3.0 -> 0.3.1
2022-01-27 21:55:21 +01:00
Thomas Gerbet
1387fd0fd1 keepalived: 2.2.4 -> 2.2.7
Fixes CVE-2021-44225.
https://www.keepalived.org/release-notes/Release-2.2.7.html
2022-01-27 12:39:54 -08:00
Thomas Gerbet
f8c8a8918a flatpak-builder: 1.2.0 -> 1.2.2
Changes:
https://github.com/flatpak/flatpak-builder/releases/tag/1.2.2
https://github.com/flatpak/flatpak-builder/releases/tag/1.2.1

Security advisory:
https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx
2022-01-27 12:38:04 -08:00
R. Ryantm
8909cf13be python310Packages.azure-mgmt-applicationinsights: 2.0.0 -> 2.1.0 2022-01-27 12:26:51 -08:00
R. Ryantm
f329ced6f2 python310Packages.sqlite-utils: 3.22 -> 3.22.1 2022-01-27 12:25:20 -08:00
R. Ryantm
1b12139305 python39Packages.mautrix: 0.14.5 -> 0.14.6 2022-01-27 12:25:10 -08:00
R. Ryantm
eff0fc087c python310Packages.sagemaker: 2.73.0 -> 2.74.0 2022-01-27 12:24:50 -08:00
Tom Fitzhenry
4e8deff9c8 spot: 0.3.0 -> 0.3.1
https://github.com/xou816/spot/releases/tag/0.3.1
2022-01-28 07:15:32 +11:00
Thomas Gerbet
846fafa68e lighttpd: 1.4.63 -> 1.4.64
https://www.lighttpd.net/2022/1/19/1.4.64/
2022-01-27 21:12:21 +01:00
Sandro
896ab6a275
Merge pull request #156899 from drupol/php/add-ds-extension 2022-01-27 20:58:44 +01:00
Alexander Tsvyashchenko
fa7b83fa48
python3Packages.objax: fix tensorboard dependency (#156909)
Also moved `jaxlib` to `buildInputs` to avoid injecting it into dependent packages.
2022-01-27 11:45:32 -08:00
Michael Weiss
e5808c2f62
Merge pull request #154003 from primeos/signal-desktop
signal-desktop: 5.27.1 -> 5.29.1
2022-01-27 20:44:01 +01:00
Robert Scott
7b13bb9479
Merge pull request #156698 from bachp/poco-1.11.0
poco: 1.10.1 -> 1.11.1
2022-01-27 19:42:47 +00:00
Michael Weiss
eeb0e220cd
signal-desktop: 5.29.0 -> 5.29.1 2022-01-27 20:01:19 +01:00
Bernardo Meurer
319850d2a3
Merge pull request #156663 from lovesegfault/nix-refactor
nix: factor out common.nix
2022-01-27 10:58:17 -08:00
Renaud
4dc70faa6f
twa: 1.9.1 -> 1.10.0
(#156769)
2022-01-27 19:46:26 +01:00
Jörg Thalheim
956dab36a3 nextcloud: use tmpfiles to create group-readable home
users.users.*.createHome makes home only owner-readable.
This breaks nginx reading static assets from nextcloud's home,
after a nixos-rebuild that did not restart nextcloud-setup.

Closes #112639
2022-01-27 19:13:50 +01:00
Will Cohen
7ec99ea7cf
qt5.qtwebkit: add disambiguate handle for darwin (#156809) 2022-01-27 13:00:11 -05:00
Fabian Affolter
f90310a12f
Merge pull request #157016 from applePrincess/exploitdb-2022-01-26
exploitdb: 2022-01-25 -> 2022-01-26
2022-01-27 18:54:34 +01:00
Bernardo Meurer
fe55576eea
Merge pull request #156997 from TredwellGit/linux
Kernels 2022-01-27
2022-01-27 09:52:03 -08:00
ajs124
47a2176ec8
Merge pull request #156998 from mweinelt/smartctl-exporter-fixups
prometheus.exporters.smartctl: fixes
2022-01-27 18:49:49 +01:00
Martin Weinelt
3a4bed480a
Merge pull request #156937 from mweinelt/firefox 2022-01-27 18:41:56 +01:00
Bernardo Meurer
5f9b470ff0
Merge pull request #154809 from helsinki-systems/feat/stc-proper-unit-file-parser
nixos/switch-to-configuration: Proper unit file parser and clean/fix lower part of the script
2022-01-27 09:35:34 -08:00
Aaron Andersen
3cafa47a66
Merge pull request #157019 from dali99/fix-mx-puppet-discord-module
nixos/mx-puppet-discord: Change systemd unit description to avoid new…
2022-01-27 12:02:59 -05:00
maralorn
037eb0a617
Merge pull request #156491 from NixOS/haskell-updates
haskellPackages: update stackage and hackage
2022-01-27 18:01:42 +01:00
Malte Brandy
caef341934 Merge branch 'master' into haskell-updates 2022-01-27 17:48:01 +01:00
Malte Brandy
c1e2f12203 haskellPackages: mark builds failing on hydra as broken
This commit has been generated by maintainers/scripts/haskell/mark-broken.sh
2022-01-27 17:47:21 +01:00
Stig
196873f601
Merge pull request #155116 from wentasah/amc-add-oodoc
auto-multiple-choice: add OpenOfficeOODoc perl module as dependency
2022-01-27 17:37:02 +01:00
Martin Weinelt
12c26aca1f
prometheus.exporters.smartctl: Fix autodiscovery
When no devices are given the exporter tries to autodiscover available
disks. The previous DevicePolicy was however preventing the exporter
from accessing any device at all, since only explicitly mentioned ones
were allowed.

This commit adds an allow rule for several device classes that I could
find on my machines, that gets set when no devices are explicitly
configured.

There is an existing problem with nvme devices, that expose a character
device at `/dev/nvme0`, and a (namespaced) block device at
`/dev/nvme0n1`. The character device does not come with permissions that
we could give to the exporter without further impacting the hardening.

  crw------- 1 root root 247, 0 27. Jan 03:10 /dev/nvme0
  brw-rw---- 1 root disk 259, 0 27. Jan 03:10 /dev/nvme0n1

The autodiscovery only finds the character device, which the exporter
unfortunately does not have access to.

However a simple udev rule can be used to resolve this:

  services.udev.extraRules = ''
    SUBSYSTEM=="nvme", KERNEL=="nvme[0-9]*", GROUP="disk"
  '';

Unfortunately I'm not fully aware of the security implications this
change carries and we should question upstream (systemd) why they did
not include such a rule.
The disk group has no members on any of my machines.

  ❯ getent group disk
  disk6:
2022-01-27 17:33:27 +01:00
R. RyanTM
899778e8cf
tev: 1.19 -> 1.22
* tev: 1.19 -> 1.22 (#156914)

* tev: don't build on aarch64-linux

Co-authored-by: Renaud <c0bw3b@users.noreply.github.com>
2022-01-27 17:06:22 +01:00
Daniel Olsen
5288bcab0a nixos/mx-puppet-discord: Change systemd unit description to avoid newline 2022-01-27 16:49:40 +01:00
Lein Matsumaru
93fb37332b
exploitdb: 2022-01-25 -> 2022-01-26 2022-01-27 15:22:33 +00:00
Robert Hensing
d0947df006
Merge pull request #156992 from hercules-ci/revert-153594-doc-optimization
Revert 153594 doc optimization
2022-01-27 15:46:36 +01:00
Ryan Mulligan
8328d4a50c
Merge pull request #156929 from r-ryantm/auto-update/sympa
sympa: 6.2.66 -> 6.2.68
2022-01-27 06:46:05 -08:00
dasj19
83ab260bbe
tomboy: remove (#156979)
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2022-01-27 15:21:33 +01:00
Sandro
55eab1b1b7
Merge pull request #156999 from SuperSandro2000/procs 2022-01-27 15:20:45 +01:00
Fabian Affolter
a4e916ad03
Merge pull request #156995 from fabaff/bump-sqlfluff
sqlfluff: 0.9.2 -> 0.9.3
2022-01-27 14:59:10 +01:00
Fabian Affolter
fc98f95561
Merge pull request #156990 from r-ryantm/auto-update/python3.10-flux-led
python310Packages.flux-led: 0.28.11 -> 0.28.17
2022-01-27 14:58:54 +01:00
Stig
3445b70e5b
Merge pull request #156964 from raboof/perl-libnet-3.12-to-3.13
perlPackages.libnet: 3.12 -> 3.13
2022-01-27 14:26:04 +01:00
Sandro
4794b2f047
Merge pull request #154324 from zaninime/sshportal 2022-01-27 14:18:38 +01:00
Sandro
90087b3562
Merge pull request #156828 from willcohen/grass-darwin 2022-01-27 14:16:28 +01:00
Sandro
5a673e356a
Merge pull request #156898 from r-ryantm/auto-update/vgrep 2022-01-27 14:07:13 +01:00
Sandro
27cccd4e49
Merge pull request #151363 from Stunkymonkey/doc-updateWalker 2022-01-27 14:06:36 +01:00
Bobby Rong
c2f5452f26
Merge pull request #156936 from bobby285271/pantheon
Pantheon updates 2022-01-26
2022-01-27 21:03:07 +08:00
Sandro Jäckel
b81c67d478
procs: 0.12.0 -> 0.12.1 2022-01-27 13:55:22 +01:00