Commit Graph

205537 Commits

Author SHA1 Message Date
Andreas Rammhold
b21b92947e ansible_2_6: 2.6.17 -> 2.6.20
This addresses the following security issues:

  * CVE-2019-14846 - Several Ansible plugins could disclose aws
    credentials in log files. inventory/aws_ec2.py, inventory/aws_rds.py,
    lookup/aws_account_attribute.py, and lookup/aws_secret.py,
    lookup/aws_ssm.py use the boto3 library from the Ansible process. The
    boto3 library logs credentials at log level DEBUG. If Ansible's
    logging was enabled (by setting LOG_PATH to a value) Ansible would set
    the global log level to DEBUG. This was inherited by boto and would
    then log boto credentials to the file specified by LOG_PATH. This did
    not affect aws ansible modules as those are executed in a separate
    process. This has been fixed by switching to log level INFO
  * Convert CLI provided passwords to text initially, to prevent unsafe
    context being lost when converting from bytes->text during post
    processing of PlayContext. This prevents CLI provided passwords from
    being incorrectly templated (CVE-2019-14856)
  * properly hide parameters marked with no_log in suboptions when
    invalid parameters are passed to the module (CVE-2019-14858)
  * resolves CVE-2019-10206, by avoiding templating passwords from
    prompt as it is probable they have special characters.
  * Handle improper variable substitution that was happening in
    safe_eval, it was always meant to just do 'type enforcement' and have
    Jinja2 deal with all variable interpolation. Also see CVE-2019-10156

Changelog: 9bdb89f740/changelogs/CHANGELOG-v2.6.rst
2019-12-15 21:25:07 +01:00
Andreas Rammhold
71cde971c7 ansible_2_8: 2.8.4 -> 2.8.7
This addresses the following security issues:

  * Ansible: Splunk and Sumologic callback plugins leak sensitive data in logs (CVE-2019-14864)
  * CVE-2019-14846 - Several Ansible plugins could disclose aws
    credentials in log files. inventory/aws_ec2.py, inventory/aws_rds.py,
    lookup/aws_account_attribute.py, and lookup/aws_secret.py,
    lookup/aws_ssm.py use the boto3 library from the Ansible process. The
    boto3 library logs credentials at log level DEBUG. If Ansible's
    logging was enabled (by setting LOG_PATH to a value) Ansible would set
    the global log level to DEBUG. This was inherited by boto and would
    then log boto credentials to the file specified by LOG_PATH. This did
    not affect aws ansible modules as those are executed in a separate
    process. This has been fixed by switching to log level INFO
  * Convert CLI provided passwords to text initially, to prevent unsafe
    context being lost when converting from bytes->text during post
    processing of PlayContext. This prevents CLI provided passwords from
    being incorrectly templated (CVE-2019-14856)
  * properly hide parameters marked with no_log in suboptions when
    invalid parameters are passed to the module (CVE-2019-14858)

Changelog: 24220a618a/changelogs/CHANGELOG-v2.8.rst
2019-12-15 21:25:02 +01:00
Andreas Rammhold
64e2791092 ansible_2_7: 2.7.11 -> 2.7.15
This fixes the following security issues:
  * Ansible: Splunk and Sumologic callback plugins leak sensitive data
    in logs (CVE-2019-14864)
  * CVE-2019-14846 - Several Ansible plugins could disclose aws
    credentials in log files. inventory/aws_ec2.py, inventory/aws_rds.py,
    lookup/aws_account_attribute.py, and lookup/aws_secret.py,
    lookup/aws_ssm.py use the boto3 library from the Ansible process. The
    boto3 library logs credentials at log level DEBUG. If Ansible's
    logging was enabled (by setting LOG_PATH to a value) Ansible would set
    the global log level to DEBUG. This was inherited by boto and would
    then log boto credentials to the file specified by LOG_PATH. This did
    not affect aws ansible modules as those are executed in a separate
    process. This has been fixed by switching to log level INFO
  * Convert CLI provided passwords to text initially, to prevent unsafe
    context being lost when converting from bytes->text during post
    processing of PlayContext. This prevents CLI provided passwords from
    being incorrectly templated (CVE-2019-14856)
  * properly hide parameters marked with no_log in suboptions when invalid
    parameters are passed to the module (CVE-2019-14858)
  * resolves CVE-2019-10206, by avoiding templating passwords from
    prompt as it is probable they have special characters.
  * Handle improper variable substitution that was happening in
    safe_eval, it was always meant to just do 'type enforcement' and have
    Jinja2 deal with all variable interpolation. Also see CVE-2019-10156

Changelog: 0623dedf2d/changelogs/CHANGELOG-v2.7.rst (v2-7-15)
2019-12-15 21:24:59 +01:00
Mario Rodas
eb2d272efd
Merge pull request #75671 from clayrat/tparsec-update
idrisPackages.tparsec: 2019-06-18 -> 2019-09-19
2019-12-15 14:43:44 -05:00
Marco A L Barbosa
5425557214 tectonic: 0.1.11 -> 0.1.12 (#75396) 2019-12-15 11:27:41 -05:00
Danylo Hlynskyi
d206f2304f
nixos containers: disable NixOS manual in container config. (#75659)
This makes ~2.5x speed up of an empty container instantiate, hence reduces
rebuild time of system with many declarative containers.

Note that this doesn't affect production systems much, becaseu those most
likely already include `minimal.nix` profile.
2019-12-15 18:21:52 +02:00
Robert Hensing
9696d79fea
Merge pull request #75691 from thefloweringash/chromium-maintainer
chromium: add thefloweringash (myself) as maintainer
2019-12-15 16:44:57 +01:00
Frederik Rietdijk
08eaac6be3
Merge pull request #75452 from NixOS/staging-next
Staging next
2019-12-15 16:28:08 +01:00
WilliButz
7eaaf728e4
Merge pull request #75679 from marsam/fix-loki-darwin
grafana-loki: fix build on darwin
2019-12-15 16:16:50 +01:00
nyanloutre
2abd0a559c treewide: replace kcalcore dependencies with kcalendarcore 2019-12-15 16:13:49 +01:00
nyanloutre
3ccb0bef9c kdeFrameworks.kcalendarcore: init 2019-12-15 16:13:49 +01:00
Frederik Rietdijk
c20cd71d60 Merge master into staging-next 2019-12-15 16:09:28 +01:00
Mario Rodas
ad3c49da0e
Merge pull request #75686 from matthiasbeyer/update-mutt
mutt: 1.13.0 -> 1.13.1
2019-12-15 09:14:20 -05:00
Mario Rodas
74877f8bd9
Merge pull request #75690 from thefloweringash/tio-platforms
tio: expand platforms to "unix" to include darwin
2019-12-15 09:11:29 -05:00
Florian Klink
0380ed20db
Merge pull request #75657 from flokli/gtkwave-gtk3
gtkwave: build with gtk3
2019-12-15 15:07:07 +01:00
Renaud
2a1a4cad38
Merge pull request #75388 from Lassulus/xplanet
xplanet: 1.3.0 -> 1.3.1
2019-12-15 14:57:48 +01:00
lassulus
3772d04e1c xplanet: 1.3.0 -> 1.3.1 2019-12-15 14:02:36 +01:00
Andrew Childs
b29e3582ac chromium: add thefloweringash (myself) as maintainer
I have an interest in making Chromium available on Aarch64. I'm adding
myself here on a recommendation from @ivan [1].

[1] https://github.com/NixOS/nixpkgs/pull/74015#issuecomment-565780595
2019-12-15 21:34:22 +09:00
Andrew Childs
6e71ffbabf tio: expand platforms to "unix" to include darwin 2019-12-15 21:23:16 +09:00
Matthias Beyer
1915711d87 mutt: 1.13.0 -> 1.13.1
Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
2019-12-15 10:51:20 +01:00
Gabriel Ebner
86ed15dcce
Merge pull request #75678 from marsam/fix-vdirsyncer-darwin
vdirsyncer: fix build on darwin
2019-12-15 10:37:53 +01:00
Jonathan Ringer
1f7ee3e040 python3Packages.ipython: 7.8.0 -> 7.10.1 2019-12-15 01:12:37 -08:00
Vincent Laporte
ed5c0443c1 ocamlPackages.lua-ml: init at 0.9 2019-12-15 08:23:32 +01:00
Philipp Middendorf
2b298a3ef1 quake3e: 2019-09-09 -> 2019-11-29 (#75511) 2019-12-15 02:16:53 -05:00
Vincent Laporte
788148f93c ocaml-top: 1.1.5 → 1.2.0-rc 2019-12-15 08:11:56 +01:00
worldofpeace
80475128fc
Merge pull request #75136 from lovesegfault/beets-check
beets.externalPlugins.check: init at 0.12.0
2019-12-15 00:53:28 -05:00
Bernardo Meurer
171ceb38ff
beets.externalPlugins.check: init at 0.12.0 2019-12-14 21:52:21 -08:00
worldofpeace
1d8ef857ee aesop: fix build
See https://github.com/lainsce/aesop/pull/33
2019-12-15 00:45:38 -05:00
worldofpeace
be13df6c76
Merge pull request #75465 from worldofpeace/gnome-args
doc/gnome: update wrapper args example, remove proliferated uses
2019-12-15 00:13:17 -05:00
worldofpeace
abe3475df8 treewide: remove bash snippets in flags
Co-Authored-By: Jan Tojnar <jtojnar@gmail.com>
2019-12-15 00:10:41 -05:00
Jan Tojnar
6842813bb1
aegisub: slight clean up 2019-12-15 05:44:17 +01:00
worldofpeace
18571d6f0a
Merge pull request #75681 from lovesegfault/nixos-fix-nat
nixos: fix ip46tables invocation in nat
2019-12-14 23:42:50 -05:00
Jan Tojnar
955be27f58
aegisub: fix build 2019-12-15 05:36:24 +01:00
Bernardo Meurer
5ee439eb08
nixos: fix ip46tables invocation in nat 2019-12-14 20:13:12 -08:00
worldofpeace
bfcc281a27
Merge pull request #75138 from mkg20001/feat/add-xapps-cinnamon
cinnamon.xapps: init at 1.6.8
2019-12-14 22:25:11 -05:00
Mario Rodas
9f2092b6a9
grafana-loki: fix build on darwin 2019-12-14 22:22:22 -05:00
worldofpeace
47dcb0439a libgnomekbd: fix dependencies
There were things in Requires that weren't propagated.
2019-12-14 22:22:14 -05:00
Maciej Krüger
580a6f492a pythonModules.xapp: init at 1.8.1 2019-12-14 22:22:14 -05:00
Maciej Krüger
632c4f2c9b cinnamon.xapps: init at 1.6.8 2019-12-14 22:22:14 -05:00
Florian Klink
ac1a5ac2db gtkwave: build with gtk3
gtkwave ships a gtk3 flavour on sourceforge. let's use that one.
2019-12-15 03:54:35 +01:00
Austin Seipp
367676ce82
z3: 4.8.5 -> 4.8.7
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-12-14 20:33:59 -06:00
Austin Seipp
3e88e1b144
vector: 0.5.0 -> 0.6.0
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-12-14 20:33:59 -06:00
Austin Seipp
1446f6ca38
Revert "vector: make some more options override-able"
See the comments in that commit for more information.

This reverts commit b964f4b421.
2019-12-14 20:33:59 -06:00
Mario Rodas
e87cfa0488
Merge pull request #75342 from colemickens/nixpkgs-va
vaapiIntel: unstable-20190211 -> 2.4.0
2019-12-14 21:29:16 -05:00
Mario Rodas
1784ddb805
Merge pull request #75647 from marsam/add-python-twitter
pythonPackages.python-twitter: init at 3.5
2019-12-14 21:18:27 -05:00
Mario Rodas
ba22262959
Merge pull request #75667 from tobim/pkgs/cmake-format
cmake-format: 0.6.2 -> 0.6.3
2019-12-14 21:17:41 -05:00
Andreas Rammhold
928bc00ec4
Merge pull request #75673 from flokli/exa-broken-symlinks
exa: apply patch to not panic on broken symlinks
2019-12-15 02:28:29 +01:00
Mario Rodas
3f9333064b
vdirsyncer: fix build on darwin 2019-12-14 20:20:20 -05:00
Florian Klink
d41dca2f5f exa: apply patch to not panic on broken symlinks
Currently, exa fails when being executed in a git repository with
symlinks pointing to a non-existing location.

This can happen quite often with garbage-collected result links, or in
bazel repositories.

A fix was PR'ed in September at https://github.com/ogham/exa/pull/584,
but upstream seems to be not responding.

Let's apply this patch until there's a release containing the fixes.
2019-12-15 02:18:50 +01:00
worldofpeace
22f57b8925
Merge pull request #75625 from kampka/zsh-history-module
zsh-history: Add tests
2019-12-14 19:51:20 -05:00