JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
280,230 Commits 2 Branches 0 Tags 12 GiB
81032dd274
Commit Graph

33951 Commits

Author SHA1 Message Date
Fabian Affolter
0f24db0be9
Merge pull request #117772 from r-ryantm/auto-update/gdu 
gdu: 4.8.1 -> 4.9.0
 2021-03-27 12:20:00 +01:00
Maximilian Bosch
591e97bbd4
Merge pull request #117601 from LeSuisse/vault-1.7.0 
vault: 1.6.3 -> 1.7.0
 2021-03-27 12:03:57 +01:00
R. RyanTM
38b9434ce9 gdu: 4.8.1 -> 4.9.0 2021-03-27 10:56:15 +00:00
R. RyanTM
71e01a65c1 exoscale-cli: 1.24.0 -> 1.26.0 2021-03-27 09:20:03 +00:00
R. RyanTM
cd7b4b64b1 croc: 8.6.11 -> 8.6.12 2021-03-27 08:23:14 +00:00
R. RyanTM
886d435212 chezmoi: 2.0.3 -> 2.0.4 2021-03-27 07:40:09 +00:00
Cole Helbling
30050ab2fc
nixUnstable: pre20210317_8a5203d -> pre20210326_dd77f71 
The flakey test was fixed.
 2021-03-26 23:38:43 -07:00
github-actions[bot]
183f374181
Merge master into staging-next 2021-03-27 06:05:41 +00:00
Mario Rodas
250e0c36b7 shadowsocks-rust: 1.10.1 -> 1.10.2 
https://github.com/shadowsocks/shadowsocks-rust/releases/tag/v1.10.2
 2021-03-27 04:20:00 +00:00
R. RyanTM
1763b9a201 shadowsocks-rust: 1.9.2 -> 1.10.1 2021-03-27 20:20:18 +00:00
Sandro
b58297d606
Merge pull request #117739 from fabaff/zgrab2 
zgrab2: init at 20210327-17a5257
 2021-03-27 02:47:33 +01:00
Fabian Affolter
4f173f616d zgrab2: init at 20210327-17a5257 2021-03-27 01:17:21 +01:00
github-actions[bot]
7fdb452da0
Merge master into staging-next 2021-03-27 00:14:51 +00:00
Michael Raskin
81ac64300e
Merge pull request #117520 from r-ryantm/auto-update/sleuthkit 
sleuthkit: 4.10.1 -> 4.10.2
 2021-03-26 22:41:20 +00:00
github-actions[bot]
70fb533d57
Merge master into staging-next 2021-03-26 18:13:54 +00:00
Sandro
0e5e1f0610
Merge pull request #117259 from teto/aws-lambda-rie 
aws-lambda-rie: init at 1.0
 2021-03-26 18:10:52 +01:00
Sandro
8880a6732e
Merge pull request #117659 from siraben/uwuify-init 2021-03-26 17:34:34 +01:00
Sandro
ca0f54fe7e
Merge pull request #117701 from fabaff/pwncat 
pwncat: init at 0.1.0
 2021-03-26 17:21:16 +01:00
Sandro
97b9e30339
Merge pull request #117694 from payasrelekar/master 
xh: 0.9.1 -> 0.9.2
 2021-03-26 17:07:22 +01:00
Fabian Affolter
23ebec9f7b pwncat: init at 0.1.0 2021-03-26 15:29:14 +01:00
adisbladis
ee1d429e82
paperlike-go: unstable-2021-03-22 -> unstable-2021-03-26 
This adds light controls.
 2021-03-26 16:04:34 +02:00
Payas Relekar
eafe38db5b xh: 0.9.1 -> 0.9.2 2021-03-26 18:55:32 +05:30
github-actions[bot]
eddd1a74ec
Merge master into staging-next 2021-03-26 12:06:41 +00:00
Ben Siraphob
b287d4d591 uwuify: init at 0.2.1 2021-03-26 19:06:23 +07:00
Emery Hemingway
8a93c904a1 gptfdisk: add NixOS test and maintainer 2021-03-26 12:23:02 +01:00
R. RyanTM
90ad480812 gptfdisk: 1.0.6 -> 1.0.7 2021-03-26 12:23:02 +01:00
Michael Raskin
5e49fde96d
Merge pull request #115542 from r-ryantm/auto-update/remind 
remind: 03.03.01 -> 03.03.05
 2021-03-26 11:09:39 +00:00
Sandro
e8daf611e5
Merge pull request #117674 from fabaff/bump-metasploit 
metasploit: 6.0.36 -> 6.0.37
 2021-03-26 11:29:39 +01:00
Sandro
0708f10d37
Merge pull request #117579 from dotlambda/ccnet-drop 2021-03-26 11:11:05 +01:00
Fabian Affolter
cbf4c8549b metasploit: 6.0.36 -> 6.0.37 2021-03-26 10:53:15 +01:00
Sandro
7cf32af12f
Merge pull request #117661 from siraben/stdenv-cleanup2 
treewide: remove redundant stdenv
 2021-03-26 09:52:33 +01:00
Robert Schütz
b0de354dcf ccnet: drop 
Its only user seafile-share does not depend on it anymore and the
upstream repository has not been updated since 2017.
 2021-03-26 09:29:33 +01:00
github-actions[bot]
26fdaef6b2
Merge master into staging-next 2021-03-26 06:05:54 +00:00
Ben Siraphob
7d97e284e8 treewide: remove redundant stdenv 2021-03-26 12:18:16 +07:00
R. RyanTM
0dcf7cfa33 plantuml: 1.2021.2 -> 1.2021.3 2021-03-26 04:09:58 +00:00
Bernardo Meurer
e34dafadb2
beets: unstable-2021-03-08 -> unstable-2021-03-24 2021-03-25 20:14:50 -07:00
Mario Rodas
447fddabb7
Merge pull request #117620 from fabaff/bump-clair 
clair: 4.0.3 -> 4.0.4
 2021-03-25 21:08:07 -05:00
github-actions[bot]
b068d2e437
Merge master into staging-next 2021-03-26 00:15:53 +00:00
Sandro
97101da6b0
Merge pull request #117625 from j4m3s-s/add-oapi-codegen 
oapi-codegen: init at 1.5.6
 2021-03-26 00:24:07 +01:00
Sandro
019908e371
Merge pull request #115885 from MatthewCroughan/fioctl 2021-03-26 00:14:23 +01:00
James Landrein
c516b56942 oapi-codegen: init at 1.5.6 2021-03-26 00:00:38 +01:00
Fabian Affolter
98f676b512 clair: 4.0.3 -> 4.0.4 2021-03-25 23:09:45 +01:00
Lassulus
d89dacc70c
Merge pull request #116977 from r-ryantm/auto-update/shipyard 
shipyard: 0.2.15 -> 0.3.1
 2021-03-25 21:44:29 +01:00
Sascha Grunert
c7dd3db4c5 fuse-overlayfs: 1.4.0 -> 1.5.0 
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2021-03-26 05:32:36 +10:00
github-actions[bot]
7c9222212f
Merge master into staging-next 2021-03-25 18:14:01 +00:00
adisbladis
21baaaf8c5
paperlike-go: init at unstable-2021-03-22 2021-03-25 17:42:16 +02:00
Doron Behar
7f90c2faca
Merge pull request #117215 from r-ryantm/auto-update/miller 
miller: 5.10.0 -> 5.10.1
 2021-03-25 15:18:58 +00:00
Sandro
f4b203985a
Merge pull request #117097 from payasrelekar/master 
xh: 0.7.0 -> 0.9.1
 2021-03-25 15:56:00 +01:00
Thomas Gerbet
ae747206b2 vault: 1.6.3 -> 1.7.0 
Changes: 8e576bb0aa/CHANGELOG.md
 2021-03-25 15:49:48 +01:00
Frederik Rietdijk
350f9bd822
Merge pull request #117570 from FRidh/python2alias 
Python: be explicit on whether it is python2 or python3 that is used
 2021-03-25 13:26:35 +01:00
github-actions[bot]
4dc869e403
Merge master into staging-next 2021-03-25 12:06:22 +00:00
Frederik Rietdijk
9533ed6c65 fio: use python3 2021-03-25 12:47:58 +01:00
Frederik Rietdijk
15a9c8ba60 evemu: use python3 2021-03-25 12:45:03 +01:00
Frederik Rietdijk
02522e4f76 escrotum: stay with python2 2021-03-25 12:39:49 +01:00
Frederik Rietdijk
63434aa261 dtrx: stay with python2 2021-03-25 12:35:28 +01:00
Frederik Rietdijk
bccaae647c disper: stay with python2 2021-03-25 12:19:28 +01:00
Frederik Rietdijk
11cbfae15a cryfs: use python3 2021-03-25 12:12:49 +01:00
Frederik Rietdijk
3842c35a2d dd-agent: stay with python2 2021-03-25 12:08:31 +01:00
Frederik Rietdijk
4551e2260a cipherscan: use python3 2021-03-25 11:28:57 +01:00
Frederik Rietdijk
7aa7f3cdbf chkcrontab: use python3 2021-03-25 11:28:16 +01:00
Frederik Rietdijk
e1253a694f chipsec: use python2 2021-03-25 11:27:08 +01:00
R. RyanTM
59906d78bd jdupes: 1.19.1 -> 1.19.2 2021-03-25 10:25:19 +00:00
Frederik Rietdijk
050fa17bd6 ccnet: use python3 2021-03-25 11:25:09 +01:00
Frederik Rietdijk
f19233bea9 carddav-util: use python2 2021-03-25 11:20:36 +01:00
Frederik Rietdijk
4436ac1056 bud: use python2 2021-03-25 11:10:31 +01:00
Frederik Rietdijk
ff12cb0ef6 blockhash: use python2 2021-03-25 10:57:48 +01:00
Frederik Rietdijk
15d4161931 biblatex-check: use python3 2021-03-25 10:41:25 +01:00
Jörg Thalheim
82515ef0d8
Merge pull request #117301 from mweinelt/borgbackup 2021-03-25 08:45:07 +00:00
Sandro
3f9d424f34
Merge pull request #117565 from dotlambda/ytfzf-1.1.1 
ytfzf: 1.1.0 -> 1.1.1
 2021-03-25 09:42:21 +01:00
Raphael Megzari
3c486fb51c
procs: fix darwin build (#117559) 2021-03-25 04:39:32 -04:00
Robert Schütz
cbd89b2a5f ytfzf: 1.1.0 -> 1.1.1 2021-03-25 09:16:40 +01:00
Jörg Thalheim
51be366f7e
Merge pull request #117543 from marsam/update-sops 
sops: 3.6.1 -> 3.7.0
 2021-03-25 08:08:24 +00:00
Daniël de Kok
445ff0cd50
Merge pull request #117450 from danieldk/rocm-4.1.0 
rocm: 4.0.1 -> 4.1.0
 2021-03-25 08:53:14 +01:00
Fabian Affolter
e597aee0c8
Merge pull request #117521 from r-ryantm/auto-update/sniffglue 
sniffglue: 0.11.1 -> 0.12.0
 2021-03-25 08:31:46 +01:00
github-actions[bot]
8cebf1dc19
Merge master into staging-next 2021-03-25 06:05:58 +00:00
Martin Weinelt
8b7f88b138
Merge pull request #117546 from r-ryantm/auto-update/Ajour 
ajour: 0.7.2 -> 1.0.0
 2021-03-25 01:48:34 +01:00
R. RyanTM
1d671fd0dc ajour: 0.7.2 -> 1.0.0 2021-03-25 00:38:59 +00:00
github-actions[bot]
eb499aa20e
Merge master into staging-next 2021-03-25 00:17:22 +00:00
Sandro
7e43874ad9
Merge pull request #117517 from dotlambda/prs-0.2.5 
prs: 0.2.4 -> 0.2.5
 2021-03-25 00:33:29 +01:00
Mario Rodas
830a55d208 sops: 3.6.1 -> 3.7.0 
https://github.com/mozilla/sops/releases/tag/v3.7.0
 2021-03-24 18:00:00 -05:00
Fabian Affolter
edcf4d694f
sniffglue: specify license 
License is GPLv3+ (https://github.com/kpcyrd/sniffglue#license)
 2021-03-24 23:24:21 +01:00
R. RyanTM
8593ea1d36 bupstash: 0.7.0 -> 0.8.0 2021-03-24 22:18:44 +01:00
Bernardo Meurer
fa9cd72c09
Merge pull request #117360 from midchildan/feat/fuse/darwin 
fuse: use macfuse-stubs instead on Darwin
 2021-03-24 21:18:40 +00:00
R. RyanTM
082d8316b0 sniffglue: 0.11.1 -> 0.12.0 2021-03-24 21:17:30 +00:00
zowoq
6aa079e2dd youtube-dl: 2021.03.14 -> 2021.03.25 
https://github.com/ytdl-org/youtube-dl/releases/tag/2021.03.25
 2021-03-25 07:13:26 +10:00
R. RyanTM
750784d77c sleuthkit: 4.10.1 -> 4.10.2 2021-03-24 21:12:24 +00:00
Robert Schütz
f815b51af2 prs: 0.2.4 -> 0.2.5 2021-03-24 21:35:12 +01:00
Pascal Bach
8004df3ba2
Merge pull request #117489 from r-ryantm/auto-update/minio-client 
minio-client: 2021-03-12T03-36-59Z -> 2021-03-23T05-46-11Z
 2021-03-24 21:34:47 +01:00
Cole Helbling
1d3f053790 nixUnstable: skip flakey tests/ca/substitute.sh 2021-03-24 13:24:36 -07:00
Cole Helbling
fc3227e698 nixUnstable: add util-linuxMinimal to nativeBuildInputs 
Fixes an issue in tests where they can fail with `../common.sh: line 92:
unshare: command not found`.
 2021-03-24 13:24:36 -07:00
Sandro
fecbec86e9
Merge pull request #116765 from superherointj/tfk8s-0.1.2 
tfk8s: 0.1.0 -> 0.1.2
 2021-03-24 20:30:06 +01:00
Sandro
d68bffb200
Merge pull request #117348 from zseri/unbuild 2021-03-24 19:47:35 +01:00
Fabian Affolter
921f305883
Merge pull request #117494 from r-ryantm/auto-update/nuclei 
nuclei: 2.3.1 -> 2.3.2
 2021-03-24 19:31:22 +01:00
github-actions[bot]
8e2d0e45c0
Merge master into staging-next 2021-03-24 18:10:39 +00:00
R. RyanTM
d768698b1f nuclei: 2.3.1 -> 2.3.2 2021-03-24 17:30:55 +00:00
Sandro
b3e20ea813
Merge pull request #117383 from siraben/tz-init 
tz: init at 0.4
 2021-03-24 18:27:56 +01:00
R. RyanTM
1cb4599c1c minio-client: 2021-03-12T03-36-59Z -> 2021-03-23T05-46-11Z 2021-03-24 16:51:58 +00:00
Sandro
19feaef42c
Merge pull request #117407 from fabaff/slowhttptest 
slowhttptest: init at 1.8.2
 2021-03-24 17:43:27 +01:00
Tim Steinbach
7014daec3d awscli: 1.19.33 -> 1.19.34 2021-03-24 09:19:19 -04:00
Sandro
0c51d091cb
Merge pull request #117441 from happysalada/cargo_audit_add_fix 
cargo-audit: add cargo audit fix by default
 2021-03-24 13:54:42 +01:00
Fabian Affolter
31439b8316 slowhttptest: init at 1.8.2 2021-03-24 13:36:21 +01:00
Sandro
06ee8e7580
Merge pull request #117402 from fabaff/bump-ldeep 
ldeep: 1.0.9 -> 1.0.10
 2021-03-24 13:12:39 +01:00
github-actions[bot]
380cb1e995
Merge master into staging-next 2021-03-24 12:11:57 +00:00
Sandro
6b74bbfb96
Merge pull request #117409 from fabaff/sipvicious 
sipvicious: init at 0.3.2
 2021-03-24 13:09:15 +01:00
Robert Schütz
a710de5592
github-backup: init at 0.39.0 (#116976) 2021-03-24 13:02:12 +01:00
Vladimir Serov
ed94d89967
swaycwd: init at 0.0.1 
Co-authored-by: zseri <zseri.devel@ytrizja.de>
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
 2021-03-24 14:55:46 +03:00
Maximilian Bosch
dd14ecf90e
Merge pull request #117429 from marsam/update-starship 
starship: 0.50.0 -> 0.51.0
 2021-03-24 11:53:09 +01:00
ajs124
788575a4de jsawk: spidermonkey_38 -> spidermonkey_78 
the examples from the readme work just fine, with this version
 2021-03-24 10:39:11 +01:00
ajs124
5886dda306 plowshare: spidermonkey_38 -> spidermonkey_78 2021-03-24 10:39:11 +01:00
Daniël de Kok
84fcca07aa rocm-smi: 4.0.0 -> 4.1.0 
This also migrates this derivation from the old deprecated ROC-smi
repository to rocm_smi_lib.
 2021-03-24 10:31:07 +01:00
github-actions[bot]
f29a6f5877
Merge master into staging-next 2021-03-24 06:05:54 +00:00
happysalada
9db47b0a3a cargo-audit: add cargo audit fix by default 2021-03-24 12:36:26 +09:00
R. RyanTM
b8ad44183a emplace: 1.4.0 -> 1.4.1 2021-03-24 01:17:18 +00:00
github-actions[bot]
2417360191
Merge master into staging-next 2021-03-24 00:41:10 +00:00
Silvan Mosberger
1638776b7b
botamusique: init at unstable-2021-03-13 2021-03-24 01:04:57 +01:00
Fabian Affolter
6214cfb3ec sipvicious: init at 0.3.2 2021-03-23 23:18:17 +01:00
zseri
dcba35f22b
zs-apc-spdu-ctl: don't put runtime deps into buildInputs 2021-03-23 22:30:44 +01:00
Fabian Affolter
316146ae56 ldeep: 1.0.9 -> 1.0.10 2021-03-23 21:20:18 +01:00
Flakebi
2ce3eff490
salt: 3002.5 -> 3002.6 2021-03-23 19:38:14 +01:00
github-actions[bot]
ca7fa2ef7b
Merge master into staging-next 2021-03-23 18:20:01 +00:00
R. RyanTM
4552283352 pspg: 4.3.1 -> 4.4.0 2021-03-23 13:48:29 -04:00
Ben Siraphob
f0d4a1ce7d tz: init at 0.4 2021-03-24 00:17:58 +07:00
midchildan
c595604bed
fuse: use macfuse-stubs instead on Darwin 2021-03-23 23:42:16 +09:00
Sandro
70b387da70
Merge pull request #117340 from fabaff/bump-metasploit 
metasploit: 6.0.34 -> 6.0.36
 2021-03-23 15:42:04 +01:00
Oleksii Filonenko
53552a03bf
Merge pull request #116850 from r-ryantm/auto-update/frp 
frp: 0.36.0 -> 0.36.1
 2021-03-23 16:25:33 +02:00
Ryan Mulligan
2525aa43a0
Merge pull request #116949 from r-ryantm/auto-update/lokalise2-cli 
lokalise2-cli: 2.6.3 -> 2.6.4
 2021-03-23 07:07:01 -07:00
Robert Hensing
9011d59758 logstash-*-oss: Add passthru.tests 2021-03-23 14:42:40 +01:00
github-actions[bot]
963842fb19
Merge master into staging-next 2021-03-23 12:27:46 +00:00
zseri
bfa344e273
zstxtns-utils: don't put runtime deps into buildInputs 2021-03-23 13:16:19 +01:00
zseri
2c93f270cd
zs-wait4host: don't put runtime deps into buildInputs 2021-03-23 13:13:38 +01:00
zseri
75499c628b
rpm2targz: don't put runtime deps into buildInputs 2021-03-23 13:07:53 +01:00
Robert Schütz
05bf5d726d borgbackup: move setuptools-scm to nativeBuildInputs 2021-03-23 12:16:03 +01:00
Robert Schütz
966e0302d5 borgbackup: add passthru.tests 2021-03-23 12:08:12 +01:00
Robert Schütz
6761a8ebf6 borgbackup: use correct output for zstd headers 2021-03-23 12:05:31 +01:00
Peter Hoeg
d527d1d528 home-manager: 2021-01-16 -> 2021-03-21 2021-03-23 18:38:25 +08:00
Fabian Affolter
5ec1f89c23 metasploit: 6.0.34 -> 6.0.36 2021-03-23 11:32:40 +01:00
zseri
a9ec3f7b66 digitemp: init at 3.7.2 
This does not include digitemp_DS2490, as that seems to require libusb0.1,
which isn't in nixpkgs.
 2021-03-23 18:29:35 +08:00
R. RyanTM
e1e35e2f51 ibm-sw-tpm2: 1637 -> 1661 2021-03-23 10:19:00 +00:00
Jörg Thalheim
d280e1f78c
Merge pull request #116788 from veprbl/pr/texlive_find_tarballs_fix 
texlive.combine: export `packages` attribute to help find-tarballs.nix
 2021-03-23 09:28:32 +00:00
Emery Hemingway
ee80707159 Trim ehmry from some package maintainers 
I prefer not to be associated with anything blockchain related.
 2021-03-23 10:24:00 +01:00
R. RyanTM
90a9906637 libcpuid: 0.5.0 -> 0.5.1 2021-03-23 10:11:42 +01:00
github-actions[bot]
39e3812215
Merge master into staging-next 2021-03-23 06:18:02 +00:00
David Birks
ee7a7ffc30 microplane: 0.0.26 -> 0.0.28 
Also switching from deps to go mod, since they made the change upstream.
 2021-03-23 01:20:14 -04:00
Mario Rodas
245fe8f93d starship: 0.50.0 -> 0.51.0 
https://github.com/starship/starship/releases/tag/v0.51.0
 2021-03-23 04:20:00 +00:00
Ryan Mulligan
b9f8d6ecdf
Merge pull request #117182 from r-ryantm/auto-update/getmail6 
getmail6: 6.14 -> 6.15
 2021-03-22 21:11:53 -07:00
Ryan Mulligan
444ca81faf
Merge pull request #117189 from r-ryantm/auto-update/goreleaser 
goreleaser: 0.159.0 -> 0.160.0
 2021-03-22 21:06:33 -07:00
Ryan Mulligan
c1721401e3
Merge pull request #117294 from r-ryantm/auto-update/eksctl 
eksctl: 0.40.0 -> 0.41.0
 2021-03-22 21:03:27 -07:00
Graham Christensen
7eda163eac
Merge pull request #115310 from mweinelt/grub2 
grub: 2.0.4 -> 2.0.6-rc1
 2021-03-22 22:34:14 -04:00
Payas Relekar
e46f1a6f65 xh: 0.7.0 -> 0.9.1 2021-03-23 07:56:48 +05:30
Martin Weinelt
97c52d5782
grub: 2.0.4 -> 2.0.6-rc1 
Quoting from
https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html:

*******************************************************************************

CVE-2020-14372 grub2: The acpi command allows privileged user to load crafted
               ACPI tables when Secure Boot is enabled
CWE-184
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

GRUB2 enables the use of the command acpi even when Secure Boot is signaled by
the firmware. An attacker with local root privileges to can drop a small SSDT
in /boot/efi and modify grub.cfg to instruct grub to load said SSDT. The SSDT
then gets run by the kernel and it overwrites the kernel lock down configuration
enabling the attacker to load unsigned kernel modules and kexec unsigned code.

Reported-by: Máté Kukri

*******************************************************************************

CVE-2020-25632 grub2: Use-after-free in rmmod command
CWE-416
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

The rmmod implementation for GRUB2 is flawed, allowing an attacker to unload
a module used as dependency without checking if any other dependent module is
still loaded. This leads to an use-after-free scenario possibly allowing an
attacker to execute arbitrary code and by-pass Secure Boot protections.

Reported-by: Chris Coulson (Canonical)

*******************************************************************************

CVE-2020-25647 grub2: Out-of-bound write in grub_usb_device_initialize()
CWE-787
6.9/CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

grub_usb_device_initialize() is called to handle USB device initialization. It
reads out the descriptors it needs from the USB device and uses that data to
fill in some USB data structures. grub_usb_device_initialize() performs very
little bounds checking and simply assumes the USB device provides sane values.
This behavior can trigger memory corruption. If properly exploited, this would
lead to arbitrary code execution allowing the attacker to by-pass Secure Boot
mechanism.

Reported-by: Joseph Tartaro (IOActive) and Ilja van Sprundel (IOActive)

*******************************************************************************

CVE-2020-27749 grub2: Stack buffer overflow in grub_parser_split_cmdline
CWE-121
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

grub_parser_split_cmdline() expands variable names present in the supplied
command line in to their corresponding variable contents and uses a 1kB stack
buffer for temporary storage without sufficient bounds checking. If the
function is called with a command line that references a variable with a
sufficiently large payload, it is possible to overflow the stack buffer,
corrupt the stack frame and control execution. An attacker may use this to
circumvent Secure Boot protections.

Reported-by: Chris Coulson (Canonical)

*******************************************************************************

CVE-2020-27779 grub2: The cutmem command allows privileged user to remove
               memory regions when Secure Boot is enabled
CWE-285
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

The GRUB2's cutmem command does not honor Secure Boot locking. This allows an
privileged attacker to remove address ranges from memory creating an
opportunity to circumvent Secure Boot protections after proper triage about
grub's memory layout.

Reported-by: Teddy Reed

*******************************************************************************

CVE-2021-3418 - grub2: GRUB 2.05 reintroduced CVE-2020-15705
CWE-281
6.4/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

The GRUB2 upstream reintroduced the CVE-2020-15705. This refers to a distro
specific flaw which made upstream in the mentioned version.

If certificates that signed GRUB2 are installed into db, GRUB2 can be booted
directly. It will then boot any kernel without signature validation. The booted
kernel will think it was booted in Secure Boot mode and will implement lock
down, yet it could have been tampered.

This flaw only affects upstream and distributions using the shim_lock verifier.

Reported-by: Dimitri John Ledkov (Canonical)

*******************************************************************************

CVE-2021-20225 grub2: Heap out-of-bounds write in short form option parser
CWE-787
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

The option parser in GRUB2 allows an attacker to write past the end of
a heap-allocated buffer by calling certain commands with a large number
of specific short forms of options.

Reported-by: Daniel Axtens (IBM)

*******************************************************************************

CVE-2021-20233 grub2: Heap out-of-bound write due to mis-calculation of
               space required for quoting
CWE-787
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

There's a flaw on GRUB2 menu rendering code setparam_prefix() in the menu
rendering code performs a length calculation on the assumption that expressing
a quoted single quote will require 3 characters, while it actually requires
4 characters. This allow an attacker to corrupt memory by one byte for each
quote in the input.

Reported-by: Daniel Axtens (IBM)
 2021-03-23 02:48:30 +01:00
Sandro
fd45ac69d3
Merge pull request #117251 from jhillyerd/chezmoi 
chezmoi: 1.8.11 -> 2.0.3
 2021-03-23 02:41:56 +01:00
Sandro
09fb0da465
Merge pull request #117241 from NeQuissimus/awscli 2021-03-23 02:28:14 +01:00
Sandro
447fb4c904
Merge pull request #117031 from chvp/fix-mu-scripts 
mu: Fix included scripts not finding their dependencies
 2021-03-23 02:27:41 +01:00
github-actions[bot]
11ee0bf5d7
Merge master into staging-next 2021-03-23 00:40:24 +00:00
Martin Weinelt
f146d46156
borgbackup: 1.1.15 -> 1.1.16 
https://github.com/borgbackup/borg/blob/1.1.16/docs/changes.rst\#version-1116-2021-03-23
 2021-03-23 01:01:08 +01:00
R. RyanTM
67493c1ad4 eksctl: 0.40.0 -> 0.41.0 2021-03-22 22:43:42 +00:00
Michele Guerini Rocco
e0c05e18ae
Merge pull request #117267 from r-ryantm/auto-update/bdf2psf 
bdf2psf: 1.201 -> 1.202
 2021-03-22 23:40:52 +01:00
Matthieu Coudron
11779b6bb1 aws-lambda-rie: init at 1.0 
The AWS Runtime Interface Emulator is used to test lambda functions
embedded in containers.
 2021-03-22 22:13:35 +01:00
Sandro
2bb10a1617
Merge pull request #116776 from sternenseemann/fdtools-fix-gcc-clang 
fdtools: set platforms to linux only
 2021-03-22 21:39:40 +01:00
Aaron Andersen
32b9f73065 logrotate: compile with acl support 2021-03-22 15:57:57 -04:00
R. RyanTM
a3fec5f8cd
aws-vault: 6.2.0 -> 6.3.0 (#117006) 2021-03-22 19:47:04 +00:00
R. RyanTM
96b7afb496 bdf2psf: 1.201 -> 1.202 2021-03-22 19:10:36 +00:00
Ryan Mulligan
d70781f103
Merge pull request #117255 from ckauhaus/116923-remove-steghide 
steghide-0.5.1: remove package
 2021-03-22 11:53:41 -07:00
Christian Kauhaus
16302209c2 steghide-0.5.1: remove package 
This package is considered insecure (week RNG seeding). As it has seen
no upstream activity for 18 years, a bug fix is unlikely.

See also:
* CVE-2021-27211
* https://discourse.nixos.org/t/removal-of-insecure-steghide-package/12071

Fixes #116923
 2021-03-22 18:35:23 +01:00
James Hillyerd
b9bb7add79 chezmoi: 1.8.11 -> 2.0.3 2021-03-22 10:02:15 -07:00
R. RyanTM
c4da20ce29 stripe-cli: 1.5.10 -> 1.5.11 2021-03-22 16:42:43 +00:00
Tim Steinbach
84dcedc075
awscli: 1.19.30 -> 1.19.33 2021-03-22 11:24:50 -04:00
Pamplemousse
bf1beb93c5 ipmitool: fix security vulnerability 
Relates to #90825 .

Signed-off-by: Pamplemousse <xav.maso@gmail.com>
 2021-03-22 07:10:30 -07:00
github-actions[bot]
feda7be375
Merge master into staging-next 2021-03-22 12:26:55 +00:00
Fabian Affolter
f2b936edf5
Merge pull request #117173 from r-ryantm/auto-update/disfetch 
disfetch: 1.20 -> 1.21
 2021-03-22 13:13:51 +01:00
R. RyanTM
126e8843f2 miller: 5.10.0 -> 5.10.1 2021-03-22 11:59:05 +00:00
Sandro
6f9ac9eb8a
Merge pull request #117184 from siraben/fet-sh-update 
fet-sh: 1.8 -> 1.9
 2021-03-22 12:23:17 +01:00
Sandro
e905e228ef
Merge pull request #117190 from siraben/darwin-mass-fix-buildInputs=0 2021-03-22 12:04:15 +01:00
Profpatsch
841b753e92 s6-networking: default to bearssl 
18·27 <Profpatsch> skarnet: would you recommend putting bearssl as the default backend for s6-networking?
18·27 <Profpatsch> uh, bearssl isn’t even packaged
18·27 <Profpatsch> yak shave
18·28 <Profpatsch> skarnet: The current backend uses libressl
18·29 <@skarnet> well at least CAFILE works
18·29 <@skarnet> but yes, I would recommend putting bearssl as the default backend
 2021-03-22 10:29:01 +01:00
Ben Siraphob
9398fc3c27 profile-cleaner: expand platforms to all 2021-03-22 15:56:00 +07:00
Ben Siraphob
4eda69a8ec kargo: expand platforms to all 2021-03-22 15:55:48 +07:00
Ben Siraphob
8e86eec6de pdf-parser: expand platforms to all 2021-03-22 15:55:34 +07:00
Ben Siraphob
55ce4c9b03 rmtrash: use stdenvNoCC 2021-03-22 15:47:11 +07:00
R. RyanTM
c7766c5733 goreleaser: 0.159.0 -> 0.160.0 2021-03-22 08:46:13 +00:00
Ben Siraphob
b773fd7e2a fet-sh: 1.8 -> 1.9 2021-03-22 15:20:59 +07:00
R. RyanTM
7093e238c7 getmail6: 6.14 -> 6.15 2021-03-22 08:13:54 +00:00
Ben Siraphob
d3c2b7f276 gopro: expand platforms to unix 2021-03-22 14:22:32 +07:00
Ben Siraphob
062e1ffa1b bento4: expand platforms to unix 2021-03-22 14:22:10 +07:00
R. RyanTM
c1f24ffe09 disfetch: 1.20 -> 1.21 2021-03-22 06:40:35 +00:00
github-actions[bot]
226884645e
Merge master into staging-next 2021-03-22 00:45:52 +00:00
Sandro
70b3fa8c12
Merge pull request #115905 from r-ryantm/auto-update/cargo-audit 
cargo-audit: 0.13.1 -> 0.14.0
 2021-03-22 01:26:56 +01:00
Sandro
777a93a76b
Merge pull request #115547 from r-ryantm/auto-update/screen-message 
screen-message: 0.25 -> 0.26
 2021-03-22 01:08:27 +01:00
Sandro
dc67e73544
Merge pull request #116650 from r-ryantm/auto-update/rpi-imager 
rpi-imager: 1.5 -> 1.6
 2021-03-22 00:57:13 +01:00
Sandro
c7b3fb92ae
Merge pull request #116029 from jojosch/dnsviz-0.9.3 
dnsviz: 0.9.2 -> 0.9.3
 2021-03-22 00:44:04 +01:00
Sandro
a36820e437
Merge pull request #116226 from r-ryantm/auto-update/upterm 
upterm: 0.5.2 -> 0.6.5
 2021-03-22 00:43:40 +01:00
Sandro
a74be91ad3
Merge pull request #116604 from r-ryantm/auto-update/croc 
croc: 8.6.10 -> 8.6.11
 2021-03-22 00:32:08 +01:00
Sandro
64fefe03d5
Merge pull request #116790 from mredaelli/handlr 
handlr: init at 0.5.0
 2021-03-22 00:24:31 +01:00
Sandro
ea3f3e0548
Merge pull request #115587 from r-ryantm/auto-update/spoofer 
spoofer: 1.4.5 -> 1.4.6
 2021-03-21 23:41:48 +01:00
Sandro
209de77f55
Merge pull request #116199 from r-ryantm/auto-update/stripe-cli 
stripe-cli: 1.5.9 -> 1.5.10
 2021-03-21 23:34:35 +01:00
Sandro
f864434064
Merge pull request #117141 from dduan/tre-0.3.5 
tre-command: 0.3.4 -> 0.3.5
 2021-03-21 23:11:20 +01:00
Sandro
06ab2a5176
Merge pull request #115147 from r-ryantm/auto-update/acme-client 
acme-client: 1.1.0 -> 1.2.0
 2021-03-21 21:16:46 +01:00
Sandro
7348f88444
Merge pull request #115566 from r-ryantm/auto-update/smbnetfs 
smbnetfs: 0.6.2 -> 0.6.3
 2021-03-21 21:10:18 +01:00
Sandro
7363c4c4c4
Merge pull request #114185 from joachimschmidt557/update-ytcc 
ytcc: 2.0.1 -> 2.1.0
 2021-03-21 21:08:59 +01:00
Sandro
5bc2358f4b
Merge pull request #115639 from r-ryantm/auto-update/tgt 
tgt: 1.0.79 -> 1.0.80
 2021-03-21 21:05:52 +01:00
Daniel Duan
5427f2a847 tre-command: 0.3.4 -> 0.3.5 
0.3.5 is a minor release with a bug fix for tre-command.

[Release notes](https://github.com/dduan/tre/releases/tag/v0.3.5)
 2021-03-21 12:54:25 -07:00