Robin Gloster
f60c9df0ba
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-03-28 15:16:29 +00:00
Eelco Dolstra
38afa836b3
openvpn: 2.3.8 -> 2.3.10
...
In particular, this fixes the systemd-ask-password regression
re-introduced by cb1c818491
.
2016-03-27 23:29:53 +02:00
Domen Kožar
b07e7bfc7b
Merge remote-tracking branch 'origin/staging'
2016-03-27 13:19:04 +01:00
Joachim Fasting
1f78d14028
curl3: mark as broken
...
This is an ancient version of curl, that currently has 19 known vulnerabilities.
It is used by and was added to support only one package.
2016-03-26 13:18:48 +01:00
Pascal Wittmann
0d84a3fde2
eggdrop: fix build with gcc5
2016-03-25 19:57:07 +01:00
Marius Bakke
8afda7e421
s3cmd: 1.5.2 -> 1.6.1
2016-03-25 05:19:35 +00:00
Tobias Geerinckx-Rice
bcb030a5a4
minissdpd: 1.5.20160301 -> 1.5.20160301
2016-03-24 21:33:18 +01:00
Tobias Geerinckx-Rice
6db204b7d9
netsniff-ng: 0.6.0 -> 0.6.1
2016-03-24 20:23:59 +01:00
Joachim Fasting
db6ae35bd9
cadaver: fix build against newer versions of openssl
...
Apply patch from Arch Linux.
See https://hydra.nixos.org/build/33258957/nixlog/1/raw
2016-03-24 19:05:14 +01:00
Nikolay Amiantov
0c6db0ca48
cc-wrapper: add option to skip flags for native optimizations
2016-03-24 20:16:17 +03:00
Joachim Fasting
63b6498aa0
dnscrypt-proxy: disable darwin build
...
The darwin build has been broken for a long time and I'm unable to
properly debug the issue.
What appears to be happening is that the symbol `HAVE_SANDBOX_INIT` ends
up being defined as 1 while `HAVE_SANDBOX_H` ends up being 0, resulting in
undefined reference errors when `sandbox_init()` is called (because
`<sandbox.h>` is not included first).
This is a regression from dnscrypt-proxy 1.6.0 to 1.6.1.
For context, sandbox.h is a deprecated OSX mechanism for sandboxing.
The build failure is at
https://hydra.nixos.org/build/32705849/nixlog/1/raw
This patch closes NixOS/nixpkgs#14064
2016-03-24 17:14:22 +01:00
joachifm
96af7c6dcb
Merge pull request #14171 from NeQuissimus/pptp180
...
pptp: 1.7.2 -> 1.8.0
2016-03-24 12:58:54 +00:00
Pascal Wittmann
fcc0bf2d05
axel: 2.5 -> 2.6
2016-03-24 00:07:40 +01:00
Tim Steinbach
3fc2f99907
pptp: 1.7.2 -> 1.8.0
2016-03-23 23:01:39 +00:00
Pascal Wittmann
2bb151f91b
atftp: fix build by using gcc49
...
See #13559
2016-03-22 16:42:07 +01:00
Franz Pletz
bf9f211ae3
whois: 5.2.10 -> 5.2.11
2016-03-22 00:52:40 +01:00
Franz Pletz
fbdcbaf25c
horst: 2015-07-22 -> 2016-03-15
2016-03-21 22:07:25 +01:00
Pascal Wittmann
806f71370c
amuleGui: fix build
...
See #13559
2016-03-21 21:29:39 +01:00
Tobias Geerinckx-Rice
a685456213
dropbear: 2016.72 -> 2016.73
...
Changes: https://matt.ucc.asn.au/dropbear/CHANGES .
2016-03-20 23:20:56 +01:00
Teo Klestrup Röijezon
ab29cfefab
haproxy: 1.5.14 -> 1.6.4
2016-03-17 16:04:03 +01:00
Sheena Artrip
0cae22a370
meta: Add sheenobu as maintainer for relevant packages.
...
freeradius: add sheenobu as maintainer
sipsak: add sheenobu as maintainer
2016-03-15 21:45:49 -04:00
Robin Gloster
3f45f0948d
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-03-15 01:44:24 +00:00
Edward Tjörnhammar
e433a3015a
i2pd: 2.4.0 -> 2.5.1
2016-03-13 21:36:29 +01:00
zimbatm
099d7dc1b8
Merge pull request #13878 from DamienCassou/offlineimap-6.7.0
...
offlineimap: 6.6.1 -> 6.7.0
2016-03-13 18:29:04 +00:00
Damien Cassou
8c660e0301
offlineimap: 6.6.1 -> 6.7.0
2016-03-13 08:44:53 +01:00
Joachim Fasting
6da91e9e4a
dnscrypt-wrapper: refactorings
...
- use fetchFromGitHub
- move build deps to nativeBuildInputs
- use https for meta.homepage
2016-03-12 19:06:57 +01:00
Joachim Fasting
b3592d0b20
dnscrypt-proxy: refactorings
...
- move build deps to nativeBuildInputs
- use https urls
2016-03-12 18:53:28 +01:00
José Romildo Malaquias
607ea3ef76
uget: init at 2.0.5
2016-03-12 10:05:49 -03:00
Eelco Dolstra
b7fe9712dd
Merge pull request #13824 from aneeshusa/update-openssh-to-7.2p2
...
openssh: 7.2p1 -> 7.2p2 for OSA x11fwd.adv
2016-03-11 10:52:14 +01:00
Tobias Geerinckx-Rice
e834a7c05b
dropbear: 2015.71 -> 2016.72
...
Bugfix release:
- Validate X11 forwarding input. Could allow bypass of
authorized_keys command= restrictions.
2016-03-11 03:08:02 +01:00
Aneesh Agrawal
2dd09b634e
openssh: update homepage link
...
Unfortunately, the site is not available over HTTPS.
2016-03-10 18:40:00 -05:00
Aneesh Agrawal
e5ca25eb7a
openssh: 7.2p1 -> 7.2p2 for OSA x11fwd.adv
...
Fixes OpenSSH Security Advisory x11fwd.adv, which is available at
http://www.openssh.com/txt/x11fwd.adv .
2016-03-10 18:01:33 -05:00
Domen Kožar
83766949c1
speedtest-cli: 0.3.1 -> 0.3.4 (fix runtime)
2016-03-10 20:42:37 +00:00
Aneesh Agrawal
ce74aac132
openssh: update GSSAPI patch to openssh 7.2
2016-03-08 16:11:56 -05:00
Aneesh Agrawal
9e86984fe0
openssh: decouple gssapi patch from kerberos
...
The GSSAPI patch is useful but maintained by Debian, not upstream, and
can be slow to update. To avoid breaking openssh_with_kerberos when
the openssh version is bumped but the GSSAPI patch has not been updated,
don't enable the GSSAPI patch implicitly but require it to be explicitly
enabled.
2016-03-08 15:14:25 -05:00
Franz Pletz
ac73835b54
quicktun: Remove custom hardening, now enabled by default
2016-03-08 00:39:39 +01:00
Franz Pletz
e9fc4e7db6
Merge remote-tracking branch 'origin/master' into hardened-stdenv
2016-03-07 22:08:27 +01:00
joachifm
453686a24a
Merge pull request #13705 from aneeshusa/use-bin-instead-of-sbin-for-openssh
...
openssh: use bin instead of sbin folder
2016-03-07 12:03:37 +00:00
joachifm
884627a6ef
Merge pull request #13720 from aneeshusa/allow-compiling-openssh-without-linking-openssl
...
openssh: allow building without linking openssl
2016-03-07 11:55:36 +00:00
Aneesh Agrawal
14201da332
openssh: allow building without linking openssl
...
http://undeadly.org/cgi?action=article&sid=20140430045723 has the
original announcement of this option. Note, openssl headers are still
required at build time, see this comment:
http://www.gossamer-threads.com/lists/openssh/dev/61125#61125
2016-03-06 16:36:55 -05:00
Marius Bakke
7135553cf1
unbound: drop sbin directory
2016-03-06 12:50:41 +00:00
Marius Bakke
14e6b7aeb9
unbound: 1.5.7 -> 1.5.8
2016-03-06 12:11:40 +00:00
Vladimír Čunát
a458a9f78f
curl: use an official download link
...
It works now that we have e6f61b4cf3
.
2016-03-06 11:12:23 +01:00
Aneesh Agrawal
bb39304ce6
openssh: use bin instead of sbin folder
...
References #11939 .
2016-03-05 23:56:32 -05:00
Franz Pletz
1fb09c1e7d
dhcpcd: enable PIE hardening
2016-03-06 00:15:49 +01:00
Franz Pletz
aff1f4ab94
Use general hardening flag toggle lists
...
The following parameters are now available:
* hardeningDisable
To disable specific hardening flags
* hardeningEnable
To enable specific hardening flags
Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.
cc-wrapper supports the following flags:
* fortify
* stackprotector
* pie (disabled by default)
* pic
* strictoverflow
* format
* relro
* bindnow
2016-03-05 18:55:26 +01:00
Robin Gloster
fed49425c5
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-03-03 16:11:55 +00:00
joachifm
1b1379a68d
Merge pull request #13531 from magnetophon/connman-dmenu-master
...
connman-dmenu: init at git-29-9-2015
2016-03-03 13:07:44 +00:00
Nikolay Amiantov
f442830c55
libreswan: specify that we don't support parallel building
2016-03-02 18:56:32 +03:00
Nikolay Amiantov
23dd97ee88
Merge commit 'refs/pull/13412/head' of git://github.com/NixOS/nixpkgs
2016-03-02 18:56:24 +03:00