Commit Graph

2138 Commits

Author SHA1 Message Date
Robin Gloster
f60c9df0ba Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-03-28 15:16:29 +00:00
Eelco Dolstra
38afa836b3 openvpn: 2.3.8 -> 2.3.10
In particular, this fixes the systemd-ask-password regression
re-introduced by cb1c818491.
2016-03-27 23:29:53 +02:00
Domen Kožar
b07e7bfc7b Merge remote-tracking branch 'origin/staging' 2016-03-27 13:19:04 +01:00
Joachim Fasting
1f78d14028 curl3: mark as broken
This is an ancient version of curl, that currently has 19 known vulnerabilities.
It is used by and was added to support only one package.
2016-03-26 13:18:48 +01:00
Pascal Wittmann
0d84a3fde2 eggdrop: fix build with gcc5 2016-03-25 19:57:07 +01:00
Marius Bakke
8afda7e421 s3cmd: 1.5.2 -> 1.6.1 2016-03-25 05:19:35 +00:00
Tobias Geerinckx-Rice
bcb030a5a4 minissdpd: 1.5.20160301 -> 1.5.20160301 2016-03-24 21:33:18 +01:00
Tobias Geerinckx-Rice
6db204b7d9 netsniff-ng: 0.6.0 -> 0.6.1 2016-03-24 20:23:59 +01:00
Joachim Fasting
db6ae35bd9 cadaver: fix build against newer versions of openssl
Apply patch from Arch Linux.

See https://hydra.nixos.org/build/33258957/nixlog/1/raw
2016-03-24 19:05:14 +01:00
Nikolay Amiantov
0c6db0ca48 cc-wrapper: add option to skip flags for native optimizations 2016-03-24 20:16:17 +03:00
Joachim Fasting
63b6498aa0 dnscrypt-proxy: disable darwin build
The darwin build has been broken for a long time and I'm unable to
properly debug the issue.

What appears to be happening is that the symbol `HAVE_SANDBOX_INIT` ends
up being defined as 1 while `HAVE_SANDBOX_H` ends up being 0, resulting in
undefined reference errors when `sandbox_init()` is called (because
`<sandbox.h>` is not included first).
This is a regression from dnscrypt-proxy 1.6.0 to 1.6.1.

For context, sandbox.h is a deprecated OSX mechanism for sandboxing.

The build failure is at
https://hydra.nixos.org/build/32705849/nixlog/1/raw

This patch closes NixOS/nixpkgs#14064
2016-03-24 17:14:22 +01:00
joachifm
96af7c6dcb Merge pull request #14171 from NeQuissimus/pptp180
pptp: 1.7.2 -> 1.8.0
2016-03-24 12:58:54 +00:00
Pascal Wittmann
fcc0bf2d05 axel: 2.5 -> 2.6 2016-03-24 00:07:40 +01:00
Tim Steinbach
3fc2f99907 pptp: 1.7.2 -> 1.8.0 2016-03-23 23:01:39 +00:00
Pascal Wittmann
2bb151f91b atftp: fix build by using gcc49
See #13559
2016-03-22 16:42:07 +01:00
Franz Pletz
bf9f211ae3 whois: 5.2.10 -> 5.2.11 2016-03-22 00:52:40 +01:00
Franz Pletz
fbdcbaf25c horst: 2015-07-22 -> 2016-03-15 2016-03-21 22:07:25 +01:00
Pascal Wittmann
806f71370c amuleGui: fix build
See #13559
2016-03-21 21:29:39 +01:00
Tobias Geerinckx-Rice
a685456213 dropbear: 2016.72 -> 2016.73
Changes: https://matt.ucc.asn.au/dropbear/CHANGES.
2016-03-20 23:20:56 +01:00
Teo Klestrup Röijezon
ab29cfefab haproxy: 1.5.14 -> 1.6.4 2016-03-17 16:04:03 +01:00
Sheena Artrip
0cae22a370 meta: Add sheenobu as maintainer for relevant packages.
freeradius: add sheenobu as maintainer

sipsak: add sheenobu as maintainer
2016-03-15 21:45:49 -04:00
Robin Gloster
3f45f0948d Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-03-15 01:44:24 +00:00
Edward Tjörnhammar
e433a3015a i2pd: 2.4.0 -> 2.5.1 2016-03-13 21:36:29 +01:00
zimbatm
099d7dc1b8 Merge pull request #13878 from DamienCassou/offlineimap-6.7.0
offlineimap: 6.6.1 -> 6.7.0
2016-03-13 18:29:04 +00:00
Damien Cassou
8c660e0301 offlineimap: 6.6.1 -> 6.7.0 2016-03-13 08:44:53 +01:00
Joachim Fasting
6da91e9e4a dnscrypt-wrapper: refactorings
- use fetchFromGitHub
- move build deps to nativeBuildInputs
- use https for meta.homepage
2016-03-12 19:06:57 +01:00
Joachim Fasting
b3592d0b20 dnscrypt-proxy: refactorings
- move build deps to nativeBuildInputs
- use https urls
2016-03-12 18:53:28 +01:00
José Romildo Malaquias
607ea3ef76 uget: init at 2.0.5 2016-03-12 10:05:49 -03:00
Eelco Dolstra
b7fe9712dd Merge pull request #13824 from aneeshusa/update-openssh-to-7.2p2
openssh: 7.2p1 -> 7.2p2 for OSA x11fwd.adv
2016-03-11 10:52:14 +01:00
Tobias Geerinckx-Rice
e834a7c05b dropbear: 2015.71 -> 2016.72
Bugfix release:
- Validate X11 forwarding input. Could allow bypass of
  authorized_keys command= restrictions.
2016-03-11 03:08:02 +01:00
Aneesh Agrawal
2dd09b634e openssh: update homepage link
Unfortunately, the site is not available over HTTPS.
2016-03-10 18:40:00 -05:00
Aneesh Agrawal
e5ca25eb7a openssh: 7.2p1 -> 7.2p2 for OSA x11fwd.adv
Fixes OpenSSH Security Advisory x11fwd.adv, which is available at
http://www.openssh.com/txt/x11fwd.adv.
2016-03-10 18:01:33 -05:00
Domen Kožar
83766949c1 speedtest-cli: 0.3.1 -> 0.3.4 (fix runtime) 2016-03-10 20:42:37 +00:00
Aneesh Agrawal
ce74aac132 openssh: update GSSAPI patch to openssh 7.2 2016-03-08 16:11:56 -05:00
Aneesh Agrawal
9e86984fe0 openssh: decouple gssapi patch from kerberos
The GSSAPI patch is useful but maintained by Debian, not upstream, and
can be slow to update. To avoid breaking openssh_with_kerberos when
the openssh version is bumped but the GSSAPI patch has not been updated,
don't enable the GSSAPI patch implicitly but require it to be explicitly
enabled.
2016-03-08 15:14:25 -05:00
Franz Pletz
ac73835b54 quicktun: Remove custom hardening, now enabled by default 2016-03-08 00:39:39 +01:00
Franz Pletz
e9fc4e7db6 Merge remote-tracking branch 'origin/master' into hardened-stdenv 2016-03-07 22:08:27 +01:00
joachifm
453686a24a Merge pull request #13705 from aneeshusa/use-bin-instead-of-sbin-for-openssh
openssh: use bin instead of sbin folder
2016-03-07 12:03:37 +00:00
joachifm
884627a6ef Merge pull request #13720 from aneeshusa/allow-compiling-openssh-without-linking-openssl
openssh: allow building without linking openssl
2016-03-07 11:55:36 +00:00
Aneesh Agrawal
14201da332 openssh: allow building without linking openssl
http://undeadly.org/cgi?action=article&sid=20140430045723 has the
original announcement of this option. Note, openssl headers are still
required at build time, see this comment:
http://www.gossamer-threads.com/lists/openssh/dev/61125#61125
2016-03-06 16:36:55 -05:00
Marius Bakke
7135553cf1 unbound: drop sbin directory 2016-03-06 12:50:41 +00:00
Marius Bakke
14e6b7aeb9 unbound: 1.5.7 -> 1.5.8 2016-03-06 12:11:40 +00:00
Vladimír Čunát
a458a9f78f curl: use an official download link
It works now that we have e6f61b4cf3.
2016-03-06 11:12:23 +01:00
Aneesh Agrawal
bb39304ce6 openssh: use bin instead of sbin folder
References #11939.
2016-03-05 23:56:32 -05:00
Franz Pletz
1fb09c1e7d dhcpcd: enable PIE hardening 2016-03-06 00:15:49 +01:00
Franz Pletz
aff1f4ab94 Use general hardening flag toggle lists
The following parameters are now available:

  * hardeningDisable
    To disable specific hardening flags
  * hardeningEnable
    To enable specific hardening flags

Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.

cc-wrapper supports the following flags:

  * fortify
  * stackprotector
  * pie (disabled by default)
  * pic
  * strictoverflow
  * format
  * relro
  * bindnow
2016-03-05 18:55:26 +01:00
Robin Gloster
fed49425c5 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-03-03 16:11:55 +00:00
joachifm
1b1379a68d Merge pull request #13531 from magnetophon/connman-dmenu-master
connman-dmenu: init at git-29-9-2015
2016-03-03 13:07:44 +00:00
Nikolay Amiantov
f442830c55 libreswan: specify that we don't support parallel building 2016-03-02 18:56:32 +03:00
Nikolay Amiantov
23dd97ee88 Merge commit 'refs/pull/13412/head' of git://github.com/NixOS/nixpkgs 2016-03-02 18:56:24 +03:00