3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

332 commits

Author SHA1 Message Date
Florian Klink 788abdba4b nixos/doc: update rl-2111 w.r.t. iptables-nft migration
Follow-up on https://github.com/NixOS/nixpkgs/pull/161426.

Explain why having legacy iptables rules installed can lead to confusing
firewall behaviour, and provide some guidance on how to fix this.
2022-03-09 15:30:36 +01:00
Florian Klink 6ebc6ca13f
Merge pull request #161426 from flokli/rl-2111-nftables
nixos/doc: improve release notes for iptables-nft and systemd with nftables backend
2022-02-24 17:22:17 +01:00
Shahar Dawn Or f48ff2a079 add /usr neededForBoot entry to 21.11 release notes 2022-02-23 11:49:24 -05:00
Florian Klink 753a43caf0 nixos/doc: improve release notes for iptables-nft and systemd with nftables backend
This change probably wasn't documented sufficiently in the release
notes, neither the fact systemd stopped using iptables on its own in
case of nf_tables support.

Fixes #156041.
2022-02-22 23:17:29 +01:00
Martin Weinelt 3ee206291a
linux: enable BPF_UNPRIV_DEFAULT_OFF between 5.10 and 5.15
Disable unprivileged access to BPF syscalls to prevent denial of service
and privilege escalation via

a) potential speculative execution side-channel-attacks on unmitigated
hardware[0]

or

b) unvalidated memory access in ringbuffer helper functions[1].

Fixes: CVE-2021-4204, CVE-2022-23222

[0] https://ebpf.io/summit-2021-slides/eBPF_Summit_2021-Keynote-Daniel_Borkmann-BPF_and_Spectre.pdf
[1] https://www.openwall.com/lists/oss-security/2022/01/13/1
2022-01-15 23:44:19 +01:00
Jonas Heinrich 71c423671b nixos/maddy: Better description, user and group handling 2021-12-30 14:17:00 +01:00
Jonas Heinrich ecd88f91a0
nixos/maddy: Add module for maddy
Co-authored-by: Patrick Hilhorst <git@hilhorst.be>
2021-12-07 22:58:22 +01:00
Martin Weinelt 68dc5484e9 nixos/doc/manual/release-notes/rl-2111: add prometheus-smartctl-exporter 2021-12-05 03:18:17 +01:00
Philipp Dargel a3401f6e33 OpenJDK: expose more versions
Provide a way to access all JDK versions.
2021-12-02 17:54:20 -08:00
Martin Weinelt 34d4676e9d
nixos/doc/manual/release-notes/rl-2111: fix multiple option links 2021-12-02 19:03:05 +01:00
Martin Weinelt d1da5658a6
nixos/doc/manual/release-notes/rl-2111: move highlights introduction 2021-12-02 18:45:04 +01:00
Timothy DeHerrera 2f0f91fe69
Merge pull request #147898 from tomberek/release_bump
nixos/rl-21.11: bump
2021-11-29 19:12:44 -07:00
Timothy DeHerrera b1faa37cdf 21.11 Release Notes: fix typos 2021-11-29 20:15:37 -05:00
Tom Bereknyei af92f1c0cc [21.11] update README.md
[21.11] update upgrading

[21.11] update release date

run generation
2021-11-29 20:15:35 -05:00
Daniel Olsen 0fff6b89ea hydrus: 462 -> 463 2021-11-28 04:11:31 +01:00
Daniel Olsen 40fb87f5ca nixos/doc: Add note about big updates regarding hydrus to release notes 2021-11-28 04:11:30 +01:00
Michael Weiss 1cfecb636b
Revert "Merge pull request #141192 from helsinki-systems/feat/improved-socket-handling2"
This reverts commit 57961d2b83, reversing
changes made to b04f913afc.
(I.e. this reverts PR #141192.)

While well-intended, this change does unfortunately introduce very
serious regressions that are especially disruptive/noticeable on desktop
systems (e.g. users of Sway will loose their graphical session when
running "nixos-rebuild switch").

Therefore, this change has to be reverted ASAP instead of trying to fix
it in "production".
Note: An updated version should be extensively discussed, reviewed, and
tested before re-landing this change as an earlier version also had to
be reverted for the exact same issues [0].

Fix: #146727

[0]: https://github.com/NixOS/nixpkgs/pull/73871#issuecomment-559783752
2021-11-27 17:22:22 +01:00
Vladyslav Burzakovskyy 4deec4ec53 kratos: 0.7.6-alpha.1 -> 0.8.0-alpha.3 2021-11-23 16:11:48 +01:00
Thiago Kenji Okada 36f6fd1f41 nixos/doc: add release notes about retroarch changes 2021-11-20 16:34:01 -03:00
sternenseemann debf4fc929 gnat: 9 -> 11
Update the default GNAT version from 9 to 11, as GNAT >= 11 is required
to compile the 22.* AdaCore libraries.

To allow this, we need to pick a patch from ghdl's master fixing a
compilation problem with GNAT 11.
2021-11-15 22:41:56 +01:00
Mikael Voss aeaafd1502 doc: Explain daemon(IO)NiceLevel removal in release note 2021-11-15 18:34:17 +01:00
github-actions[bot] c0c7fbda14
Merge master into staging-next 2021-11-13 00:01:45 +00:00
Artturi 4e61e1242c
Merge pull request #144933 from Artturin/ananicyinit
ananicy: init at unstable-2021-11-05
2021-11-12 21:08:14 +02:00
github-actions[bot] f2d7271432
Merge master into staging-next 2021-11-11 18:01:13 +00:00
Sandro 8f5e231aae
Merge pull request #144618 from fgaz/staticjinja/4.1.1 2021-11-11 14:43:45 +01:00
Artturin 8743e81cd3 nixos/ananicy: init 2021-11-11 02:05:42 +02:00
github-actions[bot] 259e08cd22
Merge master into staging-next 2021-11-10 18:01:21 +00:00
Anderson Torres d8f5d7f06b
Merge pull request #145227 from Synthetica9/julia-to-stable
julia: point to -stable instead of -lts
2021-11-10 12:58:23 -03:00
github-actions[bot] 6e4d2d1f10
Merge master into staging-next 2021-11-10 00:01:31 +00:00
Janne Heß edb295084a
Merge pull request #145181 from helsinki-systems/release-notes/openssh
nixos/changelog: Mention OpenSSH upgrade
2021-11-09 21:56:43 +01:00
Bernardo Meurer 8aa7ae22b8
nixos/doc/manual/release-notes/rl-2111: Nix 2.4 2021-11-09 10:47:08 -08:00
Patrick Hilhorst 6a75497278
julia: -lts -> -stable 2021-11-09 19:05:26 +01:00
Janne Heß fd567ad54a
nixos/changelog: Mention OpenSSH upgrade 2021-11-09 11:38:30 +01:00
github-actions[bot] f14d7cb2f6
Merge master into staging-next 2021-11-08 18:01:24 +00:00
Bas van Dijk 7f7780daa5 nixos/prometheus: throw a helpful error when services.prometheus.environmentFile is defined 2021-11-07 19:04:24 +00:00
Bas van Dijk 0e4abb0df7 nixos/prometheus: remove services.prometheus.environmentFile
The option `services.prometheus.environmentFile` has been removed since it was causing [issues](https://github.com/NixOS/nixpkgs/issues/126083) and Prometheus now has native support for secret files.
2021-11-07 14:45:40 +00:00
github-actions[bot] e0cac44f90
Merge master into staging-next 2021-11-07 12:01:18 +00:00
happysalada db34ebb557 loki: 2.3.0 -> 2.4.0 2021-11-07 18:40:42 +09:00
github-actions[bot] 9166210176
Merge master into staging-next 2021-11-07 00:01:38 +00:00
Victor Freire 46180e407e nixos/xmrig: init 2021-11-06 15:04:14 -03:00
github-actions[bot] eeb7e66e97
Merge master into staging-next 2021-11-06 18:01:01 +00:00
Nico Berlee 90bac670c0 nixos/pam: pam_mkhomedir umask to 0077
pam_mkhomedir should create homedirs with the same umask as the rest
of the system. Currently it creates homedirs with go+rx which makes
it readable for other non-privileged users.
2021-11-06 17:45:00 +02:00
Robert Hensing 2a4d433b1f nixosTest: Add xclip as example of stdout blocker 2021-11-06 13:46:51 +01:00
github-actions[bot] 2663e5b623
Merge master into staging-next 2021-11-05 12:01:17 +00:00
Pascal Bach 0f60c45e9c nixos/unifi: refactor mountpoints
Use service internal bind mounts instead of global ones.

This also moves the logs to /var/log/unifi on the host
and the run directory to /run/unifi.

Closes #61424
2021-11-05 12:20:40 +01:00
Vladimír Čunát 555a4016a2
Merge branch 'staging-next' into staging 2021-11-05 10:48:58 +01:00
Bernardo Meurer 1403ce522d
Merge pull request #144239 from illustris/hadoop
nixos/hadoop: Add HA services and HTTPFS
2021-11-04 23:30:47 -07:00
Robert Hensing 698fb089d8 nixosTest: Document stdout waiting behavior 2021-11-05 02:41:25 +01:00
github-actions[bot] 20bee66ec8
Merge staging-next into staging 2021-11-04 18:01:44 +00:00
Francesco Gazzetta 7c6d4c902a staticjinja: 4.1.0 -> 4.1.1 2021-11-04 15:27:22 +01:00