3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

1605 commits

Author SHA1 Message Date
R. Ryantm 45cb7359f8 dufs: 0.33.0 -> 0.34.1 2023-06-05 00:25:15 +00:00
R. Ryantm 1b4bcd4d8a jetty: 11.0.14 -> 11.0.15 2023-06-04 13:20:44 +00:00
Bjørn Forsman 14fdabbb7b lighttpd: 1.4.69 -> 1.4.71
Changelogs:
https://www.lighttpd.net/2023/5/27/1.4.71/
https://www.lighttpd.net/2023/5/10/1.4.70/

Update the patch that disables legacy crypt tests, because it doesn't
apply anymore.
2023-06-01 17:08:02 +02:00
Weijia Wang 99060dee6f
Merge pull request #234552 from r-ryantm/auto-update/router
router: 1.18.1 -> 1.19.0
2023-05-30 12:22:04 +03:00
R. Ryantm c9b945e0f8 webhook: 2.8.0 -> 2.8.1 2023-05-30 02:04:29 +00:00
Sandro Jäckel 819289b1e5
nginxModules.zstd: add SuperSandro2000 as maintainer 2023-05-29 20:41:08 +02:00
Sandro Jäckel 0000007dcc
nginxModules.vts: 0.2.1 -> 0.2.2, add SuperSandro2000 as maintainer 2023-05-29 20:40:50 +02:00
R. Ryantm cc62398c92 pomerium: 0.22.1 -> 0.22.2 2023-05-29 08:39:07 +00:00
R. Ryantm 6a35ff3d8a router: 1.18.1 -> 1.19.0 2023-05-28 03:48:55 +00:00
Raito Bezarius 69bb0f94de nixos/nginx: first-class PROXY protocol support
PROXY protocol is a convenient way to carry information about the
originating address/port of a TCP connection across multiple layers of
proxies/NAT, etc.

Currently, it is possible to make use of it in NGINX's NixOS module, but
is painful when we want to enable it "globally".
Technically, this is achieved by reworking the defaultListen options and
the objective is to have a coherent way to specify default listeners in
the current API design.
See `mkDefaultListenVhost` and `defaultListen` for the details.

It adds a safeguard against running a NGINX with no HTTP listeners (e.g.
only PROXY listeners) while asking for ACME certificates over HTTP-01.

An interesting usecase of PROXY protocol is to enable seamless IPv4 to
IPv6 proxy with origin IPv4 address for IPv6-only NGINX servers, it is
demonstrated how to achieve this in the tests, using sniproxy.

Finally, the tests covers:

- NGINX `defaultListen` mechanisms are not broken by these changes;
- NGINX PROXY protocol listeners are working in a final usecase
  (sniproxy);
- uses snakeoil TLS certs from ACME setup with wildcard certificates;

In the future, it is desirable to spoof-attack NGINX in this scenario to
ascertain that `set_real_ip_from` and all the layers are working as
intended and preventing any user from setting their origin IP address to
any arbitrary, opening up the NixOS module to bad™ vulnerabilities.

For now, it is quite hard to achieve while being minimalistic about the
tests dependencies.
2023-05-26 19:48:26 +02:00
figsoda 22ec7aebbc treewide/servers: use top-level fetchPypi 2023-05-25 12:06:38 -04:00
Weijia Wang 7ef1ddae9e
Merge pull request #233854 from chkno/hook-spelling
Fix phase name typos in 5 packages' runHook invocations
2023-05-24 23:40:57 +03:00
Sandro c898813431
Merge pull request #233029 from jlamur/nginx-spnego-build-fix
nginx: fix build of module spnego-http-auth
2023-05-24 21:54:24 +02:00
Scott Worley f34465fea5 pomerium: Spell "postBuild" correctly 2023-05-24 09:21:51 -07:00
ajs124 27d53b81cc nginxQuic: share src and version with nginxMainline
quic support was merged
still a separate package, because it uses quictls
and sets configureFlags
2023-05-23 18:37:54 +02:00
ajs124 91ecb7d7ff nginxMainline: 1.24.0 -> 1.25.0 2023-05-23 18:28:04 +02:00
Martin Weinelt 9d0bbc2c12
nginxModules.secure-token: 2020-08-28 -> 1.5 2023-05-22 16:29:55 +02:00
Martin Weinelt 2c1cc78307
nginxModules.vod: 1.29 -> 1.31 2023-05-22 16:29:55 +02:00
Robert Scott 6ace7552e3
Merge pull request #233002 from LeSuisse/tomcat9-9.0.75
tomcat9: 9.0.68 -> 9.0.75
2023-05-20 19:07:43 +01:00
Jules Lamur dcb2cc849e
nginx: fix build of module spnego-http-auth 2023-05-20 16:12:04 +02:00
Robert Scott ca7f83f6df tomcat*: add sourceProvenance binaryBytecode 2023-05-20 13:03:13 +01:00
Thomas Gerbet 0749e39f64 tomcat9: 9.0.68 -> 9.0.75
Fixes CVE-2022-45143 and CVE-2023-28708.

https://tomcat.apache.org/tomcat-9.0-doc/changelog.html
2023-05-20 13:09:20 +02:00
R. Ryantm 17db7c08d8 pomerium: 0.21.3 -> 0.22.1 2023-05-19 10:22:11 +00:00
R. Ryantm b166262b1b router: 1.18.0 -> 1.18.1 2023-05-17 00:05:19 +00:00
Izorkin e5aa2e3b30
unit: add ruby 3.2 2023-05-13 16:55:50 +03:00
Izorkin ba455450b1
unit: remove ruby_2_7 2023-05-13 16:55:50 +03:00
Izorkin baa5550162
unit: 1.29.1 -> 1.30.0 2023-05-13 16:55:47 +03:00
divanorama 4d494b82de
Update pkgs/servers/http/envoy/default.nix 2023-05-12 22:04:55 +02:00
Dmitry Ivankov 5a14400712 bazel_6: 6.1.2 -> 6.2.0
https://github.com/bazelbuild/bazel/releases/tag/6.2.0
2023-05-12 15:33:48 +02:00
Luke Granger-Brown 23cd27508f envoy: 1.25.1 -> 1.26.1 2023-05-12 07:54:56 +00:00
Martin Weinelt 4579dfb9ce
Merge pull request #231193 from mweinelt/couchdb-3.3.2
couchdb3: 3.3.1 -> 3.3.2
2023-05-11 16:03:28 +02:00
Martin Weinelt 34ba6c7e16
couchdb3: 3.3.1 -> 3.3.2
https://docs.couchdb.org/en/latest/whatsnew/3.3.html#version-3-3-2
https://docs.couchdb.org/en/latest/cve/2023-26268.html

Fixes: CVE-2023-26268
2023-05-11 02:41:41 +02:00
Dmitry Ivankov e0d1e77c23 bazel_5: 5.4.0->5.4.1
Also update the updater script.

https://github.com/bazelbuild/bazel/releases/tag/5.4.1

- [X] recalculate fetchAttrs digest for packages built with bazel_5
2023-05-10 16:09:19 +02:00
Sandro 9757bdca3b
Merge pull request #229911 from bbigras/router
router: 1.15.1 -> 1.18.0
2023-05-07 15:42:40 +02:00
Bruno Bigras 5cee3aa13f router: 1.15.1 -> 1.18.0 2023-05-07 01:59:17 -04:00
Thomas Gerbet 62b0017f86 envoy: mark with knownVulnerabilities
Attempts to update `envoy` have not been successful.
Nobody with enough Bazel skills has step up to untangle
the build issues with the latest version.
2023-05-04 23:10:57 +02:00
zowoq 9f8b8befcf nginxModules.zstd: add missing meta 2023-05-04 20:21:37 +10:00
Sandro 7a4d8131fa
Merge pull request #208161 from SuperSandro2000/nginx-modules-meta
nginx: add meta section to modules
2023-05-04 00:59:20 +02:00
Alyssa Ross 2d8c06b637 bozohttpd: 20210227 -> 20220517 2023-05-03 09:38:12 +00:00
R. Ryantm 342ff3209c apacheHttpd: 2.4.56 -> 2.4.57 2023-04-29 07:43:39 +00:00
Sandro Jäckel 50b8c237b7
nginx: move aliases behind config.allowAliases 2023-04-28 21:38:43 +02:00
Sandro Jäckel 0d58522055
nginx: add meta section to modules
Also resolve one github redirect.
2023-04-28 21:38:43 +02:00
R. Ryantm b94c7f3acc jetty: 11.0.13 -> 11.0.14 2023-04-27 07:14:15 +00:00
Weijia Wang da3414f938
Merge pull request #227314 from r-ryantm/auto-update/apacheHttpdPackages.mod_auth_mellon
apacheHttpdPackages.mod_auth_mellon: 0.18.0 -> 0.18.1
2023-04-22 22:42:05 +03:00
Ryan Lahfa 1bcb219bd5
Merge pull request #227026 from LeSuisse/unit-drop-php80
unit: drop PHP 8.0 support, add PHP 8.2 support
2023-04-21 15:21:21 +02:00
R. Ryantm d0070ed03d apacheHttpdPackages.mod_auth_mellon: 0.18.0 -> 0.18.1 2023-04-20 18:47:44 +00:00
Thomas Gerbet 9817e6af85 unit: add PHP 8.2 support 2023-04-19 10:36:33 +02:00
Thomas Gerbet 4855a6f817 unit: drop PHP 8.0 support
PHP 8.0 will be end-of-life before the end of life of the next stable
version of NixOS. Related to #224505.
2023-04-19 10:24:02 +02:00
Bruno Bigras 18a0deb942 router: 1.15.0 -> 1.15.1 2023-04-18 16:14:50 -04:00
Bruno Bigras 2f81686ec8 router: init at 1.15.0
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2023-04-17 20:39:47 -04:00