Tobias Mayer
2d9f3e32d9
arrow-cpp: 3.0.0 -> 4.0.0
...
arrow-cpp: cleanup
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2021-04-30 20:30:59 +02:00
Tobias Mayer
f5704c862d
xsimd: init at 7.5.0
...
xsimd: format
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
xsimd: fix on macOS
xsimd: Use fetchFromGitHub
2021-04-30 20:30:46 +02:00
Peter Simons
e20a75ec74
hackage2nix: update list of broken packages
...
... so that there are no failing builds on Hydra.
Ping @rkrzr because icepeak is broken.
2021-04-30 20:30:15 +02:00
Martin Weinelt
f1e7183f69
nixos/tests/zigbee2mqtt: relax DevicePolicy and log systemd-analye security
2021-04-30 19:42:26 +02:00
Martin Weinelt
a691549f7e
nixos/zigbee2mqtt: harden systemd unit
...
This is what is still exposed, and it allows me to control my lamps from
within home-assistant.
✗ PrivateNetwork= Service has access to the host's network 0.5
✗ RestrictAddressFamilies=~AF_(INET|INET6) Service may allocate Internet sockets 0.3
✗ DeviceAllow= Service has a device ACL with some special devices 0.1
✗ IPAddressDeny= Service does not define an IP address allow list 0.2
✗ PrivateDevices= Service potentially has access to hardware devices 0.2
✗ RootDirectory=/RootImage= Service runs within the host's root directory 0.1
✗ SupplementaryGroups= Service runs with supplementary groups 0.1
✗ MemoryDenyWriteExecute= Service may create writable executable memory mappings 0.1
→ Overall exposure level for zigbee2mqtt.service: 1.3 OK 🙂
2021-04-30 19:42:26 +02:00
Martin Weinelt
e0f1e1f7bf
nixos/zigbee2mqtt: convert to rfc42 style settings
2021-04-30 19:42:26 +02:00
Konstantin Alekseev
7ee53c0c4f
python2Packages.importlib-resources: use version 3.3.1 for python2
2021-04-30 19:10:50 +02:00
Martin Weinelt
0ae04ca063
Merge pull request #121290 from petabyteboy/feature/firefox-latest-rust
2021-04-30 19:00:32 +02:00
Martin Weinelt
506bc7ba02
nixos/nginx: update hardening settings
...
- Set an explicit umask that allows u+rwx and g+r.
- Adds `ProtectControlGroups` and `ProtectKernelLogs`, there should be
no need to access either.
- Adds `ProtectClock` to prevent write-access to the system clock.
- `ProtectProc` hides processes from other users within the /proc
filesystem and `ProcSubSet` hides all files/directories unrelated to
the process management of the units process.
- Sets `RemoveIPC`, as there is no SysV or POSIX IPC within nginx that I
know of.
- Restricts the creation of arbitrary namespaces
- Adds a reasonable `SystemCallFilter` preventing calls to @privileged,
@obsolete and others.
And finally applies some sorting based on the order these options appear
in systemd.exec(5).
2021-04-30 18:49:43 +02:00
Milan Pässler
903e23ad36
firefox-esr: use latest Rust
...
Firefox ESR 78.x used to have a problem with Rust >= 1.46, but it works
with latest Rust now!
2021-04-30 17:50:01 +02:00
Robert Schütz
c8dff328e5
Merge pull request #120447 from AluisioASG/aasg/dyndnsc-0.6.1
...
dyndnsc: 0.5.1 -> 0.6.1
2021-04-30 17:35:33 +02:00
Robert Schütz
93507828b2
passExtensions.pass-import: fix tests
2021-04-30 17:16:28 +02:00
Kim Lindberger
fdd6ca8fce
Merge pull request #118898 from talyz/gitlab-memory-bloat
...
nixos/gitlab: Add options to tame GitLab's memory usage somewhat
2021-04-30 16:58:30 +02:00
Robert Schütz
93edfffab6
pythonPackages.pykeepass: run tests
2021-04-30 16:53:36 +02:00
Aaron Andersen
445c114b49
Merge pull request #121162 from r-ryantm/auto-update/kodi-inputstream-adaptive
...
kodiPackages.inputstream-adaptive: 2.6.13 -> 2.6.14
2021-04-30 10:45:18 -04:00
Aluísio Augusto Silva Gonçalves
093ab98c80
dyndnsc: 0.5.1 -> 0.6.1
2021-04-30 11:40:29 -03:00
Aluísio Augusto Silva Gonçalves
932ec5518e
python3Packages.pytest-console-scripts: init at 1.2.0
...
Thanks to @kvas-it for cutting a release with the patches needed to make
tests work.
2021-04-30 11:40:29 -03:00
Aluísio Augusto Silva Gonçalves
0463f91e04
python3Packages.sanic-auth: fix tests ( #121279 )
...
After #120881 , packages using Sanic's `app.test_client` or
`app.asgi_client` need to depend on `sanic-testing` as well.
2021-04-30 16:40:24 +02:00
Aluísio Augusto Silva Gonçalves
98822ee896
python3Packages.json-logging: init at 1.3.0
2021-04-30 11:33:04 -03:00
Michael Weiss
774550baf5
Merge pull request #119615 from Synthetica9/cage-0.1.3
...
cage: 0.1.2.1 -> 0.1.3
2021-04-30 16:27:11 +02:00
Guillaume Girol
0c9ed22e64
Merge pull request #119562 from symphorien/fusermountsetuid
...
fuse: fix mount.fuse -o setuid=...
2021-04-30 14:26:39 +00:00
Michael Weiss
28b8cff301
nixos/tests/cage: Fix the test with wlroots 0.13
...
See #119615 for more details. The aarch64-linux test failed with
"qemu-system-aarch64: Virtio VGA not available" so I've restricted the
test to x86_64-linux (the virtio paravirtualized 3D graphics driver is
likely only available on very few platforms).
2021-04-30 15:57:04 +02:00
Michael Weiss
c89bf45195
Merge pull request #121267 from samuelgrf/fix-google-chrome-dev
...
google-chrome-dev: fix error on startup
2021-04-30 15:52:14 +02:00
pennae
317a2c9f26
nixos/nix-containers: add tests for early/no-machined container stop
2021-04-30 15:43:27 +02:00
Patrick Hilhorst
4263479d3e
cage: 0.1.2.1 -> 0.1.3
2021-04-30 15:38:12 +02:00
Robert Schütz
dc68eb58bb
Merge pull request #120881 from AluisioASG/aasg/sanic-routing
...
python3Packages.sanic: 21.3.2 -> 21.3.4; fix tests
2021-04-30 15:20:49 +02:00
Sandro
e68f542c32
Merge pull request #121260 from Mic92/cutter
2021-04-30 15:13:26 +02:00
ajs124
cd349a4a62
Merge pull request #121019 from r-ryantm/auto-update/gitlab-pages
...
gitlab-pages: 1.35.0 -> 1.38.0
2021-04-30 15:12:10 +02:00
Sandro
c9c351c5ef
Merge pull request #121166 from timothyklim/master
...
nvidia-x11: 460.27.04 -> 465.27
2021-04-30 15:08:53 +02:00
Sandro
bcfd1b2f2c
Merge pull request #121038 from sikmir/josm
...
josm: 17702 → 17833
2021-04-30 15:02:36 +02:00
Henri Menke
c9f1544978
sof-firmware: 1.6 -> 1.7 ( #121181 )
2021-04-30 15:02:09 +02:00
Sandro
9a80c030b6
Merge pull request #120754 from netcrns/netcrns/movine
2021-04-30 15:01:44 +02:00
Sandro
09fb96f975
Merge pull request #120763 from vale981/master
2021-04-30 15:00:55 +02:00
Aluísio Augusto Silva Gonçalves
bd815d2121
python3Packages.sanic: 21.3.2 -> 21.3.4
...
While we're at it, revise the dependencies lists; there's been a couple
of break-ups with 21.3.0.
2021-04-30 09:56:09 -03:00
Aluísio Augusto Silva Gonçalves
192b28a75f
python3Packages.sanic-testing: init at 0.3.1
2021-04-30 09:56:09 -03:00
Aluísio Augusto Silva Gonçalves
550bb02269
python3Packages.sanic-routing: init at 0.6.2
2021-04-30 09:56:09 -03:00
Aluísio Augusto Silva Gonçalves
5b971598f0
python3Packages.pytest-sanic: mark as broken with sanic >= 21.3.0
...
pytest-sanic is incompatible with the current version of Sanic, see
sanic-org/sanic#2095 and yunstanford/pytest-sanic#50 . While it is
broken, we also need it to run Sanic's tests (for which case it works
just fine).
2021-04-30 09:56:09 -03:00
Samuel Gräfenstein
c9d89c2f55
google-chrome-dev: fix error on startup
...
Fix `[..]/crashpad_handler: No such file or directory`.
2021-04-30 14:54:55 +02:00
Sandro
dd829d287a
Merge pull request #121205 from r-ryantm/auto-update/libgpiod
...
libgpiod: 1.6.2 -> 1.6.3
2021-04-30 14:53:19 +02:00
Sandro
87769f35d4
Merge pull request #121199 from r-ryantm/auto-update/helm
...
kubernetes-helm: 3.5.3 -> 3.5.4
2021-04-30 14:51:13 +02:00
Sandro
039d5a2d1a
Merge pull request #120707 from onsails/ffsend
...
ffsend: fix build on darwin
2021-04-30 14:47:55 +02:00
Timothy Klim
ebb59d3b11
nvidia-x11: 460.27.04 -> 465.27
2021-04-30 19:45:48 +07:00
Sandro
536ae468d2
Merge pull request #120018 from blargg/yadm
...
yadm: 2.5.0 -> 3.1.0
2021-04-30 14:45:44 +02:00
Sandro
217ee74d64
Merge pull request #121013 from eduardosm/pyface
...
pythonPackages.pyface: fix build
2021-04-30 14:36:41 +02:00
Daniël de Kok
2e27fa876d
Merge pull request #121010 from Flakebi/amdvlk
...
amdvlk: 2021.Q1.6 -> 2021.Q2.2
2021-04-30 14:31:55 +02:00
Martin Weinelt
de6af39b43
Merge pull request #120859 from mweinelt/fastd
...
fastd: fix build on aarch64
2021-04-30 14:31:22 +02:00
Sandro
c47fc06de1
Merge pull request #120921 from sikmir/libosmium
...
libosmium: 2.16.0 → 2.17.0
2021-04-30 14:11:45 +02:00
Sandro
2af7eeed29
Merge pull request #120944 from fabaff/bump-graphql-core
...
python3Packages.graphql-core: 3.1.3 -> 3.1.4
2021-04-30 14:10:50 +02:00
Sandro
833cd36d44
Merge pull request #120723 from jlesquembre/maven
...
maven: 3.6.3 -> 3.8.1
2021-04-30 14:01:40 +02:00
Sandro
7a217983de
Merge pull request #120755 from eduardosm/frescobaldi
...
frescobaldi: 3.1.1 -> 3.1.3
2021-04-30 14:01:23 +02:00