R. Ryantm
45cb7359f8
dufs: 0.33.0 -> 0.34.1
2023-06-05 00:25:15 +00:00
R. Ryantm
1b4bcd4d8a
jetty: 11.0.14 -> 11.0.15
2023-06-04 13:20:44 +00:00
Bjørn Forsman
14fdabbb7b
lighttpd: 1.4.69 -> 1.4.71
...
Changelogs:
https://www.lighttpd.net/2023/5/27/1.4.71/
https://www.lighttpd.net/2023/5/10/1.4.70/
Update the patch that disables legacy crypt tests, because it doesn't
apply anymore.
2023-06-01 17:08:02 +02:00
Weijia Wang
99060dee6f
Merge pull request #234552 from r-ryantm/auto-update/router
...
router: 1.18.1 -> 1.19.0
2023-05-30 12:22:04 +03:00
R. Ryantm
c9b945e0f8
webhook: 2.8.0 -> 2.8.1
2023-05-30 02:04:29 +00:00
Sandro Jäckel
819289b1e5
nginxModules.zstd: add SuperSandro2000 as maintainer
2023-05-29 20:41:08 +02:00
Sandro Jäckel
0000007dcc
nginxModules.vts: 0.2.1 -> 0.2.2, add SuperSandro2000 as maintainer
2023-05-29 20:40:50 +02:00
R. Ryantm
cc62398c92
pomerium: 0.22.1 -> 0.22.2
2023-05-29 08:39:07 +00:00
R. Ryantm
6a35ff3d8a
router: 1.18.1 -> 1.19.0
2023-05-28 03:48:55 +00:00
Raito Bezarius
69bb0f94de
nixos/nginx: first-class PROXY protocol support
...
PROXY protocol is a convenient way to carry information about the
originating address/port of a TCP connection across multiple layers of
proxies/NAT, etc.
Currently, it is possible to make use of it in NGINX's NixOS module, but
is painful when we want to enable it "globally".
Technically, this is achieved by reworking the defaultListen options and
the objective is to have a coherent way to specify default listeners in
the current API design.
See `mkDefaultListenVhost` and `defaultListen` for the details.
It adds a safeguard against running a NGINX with no HTTP listeners (e.g.
only PROXY listeners) while asking for ACME certificates over HTTP-01.
An interesting usecase of PROXY protocol is to enable seamless IPv4 to
IPv6 proxy with origin IPv4 address for IPv6-only NGINX servers, it is
demonstrated how to achieve this in the tests, using sniproxy.
Finally, the tests covers:
- NGINX `defaultListen` mechanisms are not broken by these changes;
- NGINX PROXY protocol listeners are working in a final usecase
(sniproxy);
- uses snakeoil TLS certs from ACME setup with wildcard certificates;
In the future, it is desirable to spoof-attack NGINX in this scenario to
ascertain that `set_real_ip_from` and all the layers are working as
intended and preventing any user from setting their origin IP address to
any arbitrary, opening up the NixOS module to bad™ vulnerabilities.
For now, it is quite hard to achieve while being minimalistic about the
tests dependencies.
2023-05-26 19:48:26 +02:00
figsoda
22ec7aebbc
treewide/servers: use top-level fetchPypi
2023-05-25 12:06:38 -04:00
Weijia Wang
7ef1ddae9e
Merge pull request #233854 from chkno/hook-spelling
...
Fix phase name typos in 5 packages' runHook invocations
2023-05-24 23:40:57 +03:00
Sandro
c898813431
Merge pull request #233029 from jlamur/nginx-spnego-build-fix
...
nginx: fix build of module spnego-http-auth
2023-05-24 21:54:24 +02:00
Scott Worley
f34465fea5
pomerium: Spell "postBuild" correctly
2023-05-24 09:21:51 -07:00
ajs124
27d53b81cc
nginxQuic: share src and version with nginxMainline
...
quic support was merged
still a separate package, because it uses quictls
and sets configureFlags
2023-05-23 18:37:54 +02:00
ajs124
91ecb7d7ff
nginxMainline: 1.24.0 -> 1.25.0
2023-05-23 18:28:04 +02:00
Martin Weinelt
9d0bbc2c12
nginxModules.secure-token: 2020-08-28 -> 1.5
2023-05-22 16:29:55 +02:00
Martin Weinelt
2c1cc78307
nginxModules.vod: 1.29 -> 1.31
2023-05-22 16:29:55 +02:00
Robert Scott
6ace7552e3
Merge pull request #233002 from LeSuisse/tomcat9-9.0.75
...
tomcat9: 9.0.68 -> 9.0.75
2023-05-20 19:07:43 +01:00
Jules Lamur
dcb2cc849e
nginx: fix build of module spnego-http-auth
2023-05-20 16:12:04 +02:00
Robert Scott
ca7f83f6df
tomcat*: add sourceProvenance binaryBytecode
2023-05-20 13:03:13 +01:00
Thomas Gerbet
0749e39f64
tomcat9: 9.0.68 -> 9.0.75
...
Fixes CVE-2022-45143 and CVE-2023-28708.
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html
2023-05-20 13:09:20 +02:00
R. Ryantm
17db7c08d8
pomerium: 0.21.3 -> 0.22.1
2023-05-19 10:22:11 +00:00
R. Ryantm
b166262b1b
router: 1.18.0 -> 1.18.1
2023-05-17 00:05:19 +00:00
Izorkin
e5aa2e3b30
unit: add ruby 3.2
2023-05-13 16:55:50 +03:00
Izorkin
ba455450b1
unit: remove ruby_2_7
2023-05-13 16:55:50 +03:00
Izorkin
baa5550162
unit: 1.29.1 -> 1.30.0
2023-05-13 16:55:47 +03:00
divanorama
4d494b82de
Update pkgs/servers/http/envoy/default.nix
2023-05-12 22:04:55 +02:00
Dmitry Ivankov
5a14400712
bazel_6: 6.1.2 -> 6.2.0
...
https://github.com/bazelbuild/bazel/releases/tag/6.2.0
2023-05-12 15:33:48 +02:00
Luke Granger-Brown
23cd27508f
envoy: 1.25.1 -> 1.26.1
2023-05-12 07:54:56 +00:00
Martin Weinelt
4579dfb9ce
Merge pull request #231193 from mweinelt/couchdb-3.3.2
...
couchdb3: 3.3.1 -> 3.3.2
2023-05-11 16:03:28 +02:00
Martin Weinelt
34ba6c7e16
couchdb3: 3.3.1 -> 3.3.2
...
https://docs.couchdb.org/en/latest/whatsnew/3.3.html#version-3-3-2
https://docs.couchdb.org/en/latest/cve/2023-26268.html
Fixes: CVE-2023-26268
2023-05-11 02:41:41 +02:00
Dmitry Ivankov
e0d1e77c23
bazel_5: 5.4.0->5.4.1
...
Also update the updater script.
https://github.com/bazelbuild/bazel/releases/tag/5.4.1
- [X] recalculate fetchAttrs digest for packages built with bazel_5
2023-05-10 16:09:19 +02:00
Sandro
9757bdca3b
Merge pull request #229911 from bbigras/router
...
router: 1.15.1 -> 1.18.0
2023-05-07 15:42:40 +02:00
Bruno Bigras
5cee3aa13f
router: 1.15.1 -> 1.18.0
2023-05-07 01:59:17 -04:00
Thomas Gerbet
62b0017f86
envoy: mark with knownVulnerabilities
...
Attempts to update `envoy` have not been successful.
Nobody with enough Bazel skills has step up to untangle
the build issues with the latest version.
2023-05-04 23:10:57 +02:00
zowoq
9f8b8befcf
nginxModules.zstd: add missing meta
2023-05-04 20:21:37 +10:00
Sandro
7a4d8131fa
Merge pull request #208161 from SuperSandro2000/nginx-modules-meta
...
nginx: add meta section to modules
2023-05-04 00:59:20 +02:00
Alyssa Ross
2d8c06b637
bozohttpd: 20210227 -> 20220517
2023-05-03 09:38:12 +00:00
R. Ryantm
342ff3209c
apacheHttpd: 2.4.56 -> 2.4.57
2023-04-29 07:43:39 +00:00
Sandro Jäckel
50b8c237b7
nginx: move aliases behind config.allowAliases
2023-04-28 21:38:43 +02:00
Sandro Jäckel
0d58522055
nginx: add meta section to modules
...
Also resolve one github redirect.
2023-04-28 21:38:43 +02:00
R. Ryantm
b94c7f3acc
jetty: 11.0.13 -> 11.0.14
2023-04-27 07:14:15 +00:00
Weijia Wang
da3414f938
Merge pull request #227314 from r-ryantm/auto-update/apacheHttpdPackages.mod_auth_mellon
...
apacheHttpdPackages.mod_auth_mellon: 0.18.0 -> 0.18.1
2023-04-22 22:42:05 +03:00
Ryan Lahfa
1bcb219bd5
Merge pull request #227026 from LeSuisse/unit-drop-php80
...
unit: drop PHP 8.0 support, add PHP 8.2 support
2023-04-21 15:21:21 +02:00
R. Ryantm
d0070ed03d
apacheHttpdPackages.mod_auth_mellon: 0.18.0 -> 0.18.1
2023-04-20 18:47:44 +00:00
Thomas Gerbet
9817e6af85
unit: add PHP 8.2 support
2023-04-19 10:36:33 +02:00
Thomas Gerbet
4855a6f817
unit: drop PHP 8.0 support
...
PHP 8.0 will be end-of-life before the end of life of the next stable
version of NixOS. Related to #224505 .
2023-04-19 10:24:02 +02:00
Bruno Bigras
18a0deb942
router: 1.15.0 -> 1.15.1
2023-04-18 16:14:50 -04:00
Bruno Bigras
2f81686ec8
router: init at 1.15.0
...
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2023-04-17 20:39:47 -04:00