3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

288004 commits

Author SHA1 Message Date
Jan Tojnar 30743d0973
libsigcxx30: init at 3.0.6 2021-05-06 17:30:30 +02:00
John Ericson 470640e7fe treewide: Do a number of no-op cleanups for cross and darwin
I am taking the non-invasive parts of #110914 to hopefully help out with #111988.

In particular:

 - Use `lib.makeScopeWithSplicing` to make the `darwin` package set have
   a proper `callPackage`.

 - Adjust Darwin `stdenv`'s overlays keeping things from the previous
   stage to not stick around too much.

 - Expose `binutilsNoLibc` / `darwin.binutilsNoLibc` to hopefully get us
   closer to a unified LLVM and GCC bootstrap.
2021-05-06 11:17:26 -04:00
Domen Kožar 0fbace6296
Merge pull request #119405 from hercules-ci/openapi-generator-cli-jre-headless
openapi-generator-cli: Use headless jre
2021-05-06 17:09:07 +02:00
R. RyanTM c0226eff76 fcitx5-m17n: 5.0.4 -> 5.0.5 2021-05-06 15:07:45 +00:00
Martin Weinelt 398b0cf6bd
python3Packages.PyRMVtransport: 0.3.1 -> 0.3.2 2021-05-06 17:04:38 +02:00
Martin Weinelt 24adc01e2e
nixos/home-assistant: allow netlink sockets and /proc/net inspection
Since v2021.5.0 home-assistant uses the ifaddr library in the zeroconf
component to enumerate network interfaces via netlink. Since discovery
is all over the place lets allow AF_NETLINK unconditionally.

It also relies on pyroute2 now, which additionally tries to access files
in /proc/net, so we relax ProtectProc a bit by default as well.

This leaves us with these options unsecured:

✗ PrivateNetwork=                                             Service has access to the host's network                                                                 0.5
✗ RestrictAddressFamilies=~AF_(INET|INET6)                    Service may allocate Internet sockets                                                                    0.3
✗ DeviceAllow=                                                Service has a device ACL with some special devices                                                       0.1
✗ IPAddressDeny=                                              Service does not define an IP address allow list                                                         0.2
✗ PrivateDevices=                                             Service potentially has access to hardware devices                                                       0.2
✗ PrivateUsers=                                               Service has access to other users                                                                        0.2
✗ SystemCallFilter=~@resources                                System call allow list defined for service, and @resources is included (e.g. ioprio_set is allowed)      0.2
✗ RestrictAddressFamilies=~AF_NETLINK                         Service may allocate netlink sockets                                                                     0.1
✗ RootDirectory=/RootImage=                                   Service runs within the host's root directory                                                            0.1
✗ SupplementaryGroups=                                        Service runs with supplementary groups                                                                   0.1
✗ RestrictAddressFamilies=~AF_UNIX                            Service may allocate local sockets                                                                       0.1
✗ ProcSubset=                                                 Service has full access to non-process /proc files (/proc subset=)                                       0.1

→ Overall exposure level for home-assistant.service: 1.6 OK 🙂
2021-05-06 16:55:53 +02:00
Raghav Sood eb21311135
Merge pull request #121621 from xwvvvvwx/turbo-geth-2021.04.05
turbo-geth 2021.02.01 -> 2021.04.05
2021-05-06 22:42:56 +08:00
Raghav Sood 9332725620
Merge pull request #121850 from asymmetric/polkadot/0.9.0
polkadot: 0.8.30 -> 0.9.0
2021-05-06 22:36:58 +08:00
Robert Hensing 66fd2ea7ee openapi-generator-cli: Invoke install hooks 2021-05-06 16:25:26 +02:00
Robert Hensing cd855e6746 openapi-generator-cli: Use jre_headless 2021-05-06 16:25:26 +02:00
Robert Hensing 99d5c97a8c openapi-generator-cli: Add passthru.tests.example 2021-05-06 16:25:24 +02:00
sternenseemann eaeb69862c petrinizer: restrict platforms by sbv
sbv has the most limited range of platforms of the dependencies.
2021-05-06 16:24:58 +02:00
Luflosi 00872b6a76
kitty: 0.20.2 -> 0.20.3
https://github.com/kovidgoyal/kitty/releases/tag/v0.20.3
2021-05-06 16:24:25 +02:00
Domen Kožar a4c8569ed5
Merge pull request #121900 from hercules-ci/update-openapi-generator-cli
openapi-generator-cli: 5.0.0 -> 5.1.0
2021-05-06 16:10:37 +02:00
Michael Weiss 93f6089d14
Merge pull request #121914 from primeos/chromiumBeta
chromiumBeta: 91.0.4472.27 -> 91.0.4472.38
2021-05-06 16:03:59 +02:00
Jörg Thalheim 4e783a4cb7
Merge pull request #121724 from Izorkin/update-netdata
netdata: 1.29.3 -> 1.30.1
2021-05-06 14:58:33 +01:00
Maximilian Bosch c5e207c277
matrix-synapse: 1.33.0 -> 1.33.1
ChangeLog: https://github.com/matrix-org/synapse/releases/tag/v1.33.1
2021-05-06 15:51:36 +02:00
José Romildo Malaquias d00b3cbee5 marwaita: 8.0 -> 9.0 2021-05-06 10:49:13 -03:00
Robert Schütz 957371b717 python3Packages.django_3: 3.2 -> 3.2.2
https://www.djangoproject.com/weblog/2021/may/06/security-releases/
2021-05-06 15:20:59 +02:00
Robert Schütz 3d90503875 python3Packages.django_2: 2.2.20 -> 2.2.22
https://www.djangoproject.com/weblog/2021/may/06/security-releases/
2021-05-06 15:20:50 +02:00
José Romildo Malaquias 95b47511b3 xfce.xfce4-panel: 4.16.2 -> 4.16.3 2021-05-06 10:05:38 -03:00
TredwellGit a9f8aec7d0 libreoffice-fresh: 7.1.2.2 -> 7.1.3.2 2021-05-06 12:38:56 +00:00
Michael Weiss 6f6ec9e6f0
chromiumBeta: 91.0.4472.27 -> 91.0.4472.38 2021-05-06 14:26:32 +02:00
Luke Granger-Brown b418e17a4c
Merge pull request #120646 from dotlambda/qtwebengine-ffmpeg
libsForQt5.qtwebengine: use ffmpeg instead of ffmpeg_3
2021-05-06 12:57:17 +01:00
schnusch 6869793514 esbuild: 0.11.15 -> 0.11.19 2021-05-06 13:54:55 +02:00
Robert Schütz bda9e192dd
Merge pull request #120582 from dotlambda/ffmpeg_2-drop
ffmpeg_2: mark as insecure
2021-05-06 13:51:34 +02:00
Gabriel Ebner 46ecc3e1d3
Merge pull request #121845 from fortuneteller2k/fix-and-update-vieb
vieb: 3.4.0 -> 4.5.1
2021-05-06 13:49:17 +02:00
Robert Schütz 5b69bdf891
Merge pull request #121168 from dotlambda/djvulibre-3.5.28
djvulibre: 3.5.27 -> 3.5.28
2021-05-06 13:43:06 +02:00
Robert Schütz 30c3036793
Merge pull request #121151 from dotlambda/libdeltachat-init
libdeltachat: init at 1.54.0
2021-05-06 13:41:16 +02:00
Robert Schütz 688fee8b8a
pythonPackages.pgpy: 0.5.2 -> 0.5.4 (#121270)
https://github.com/SecurityInnovation/PGPy/releases/tag/v0.5.3
https://github.com/SecurityInnovation/PGPy/releases/tag/v0.5.4
2021-05-06 13:40:40 +02:00
Robert Schütz e1ecf73b37 mousai: 0.3.1 -> 0.3.2
https://github.com/SeaDve/Mousai/releases/tag/v0.3.2
2021-05-06 12:54:02 +02:00
Robert Hensing e32d497623
Merge pull request #121899 from hercules-ci/update-elm-json
elmPackages.elm-json: 0.2.7 -> 0.2.10
2021-05-06 11:58:36 +02:00
sternenseemann 73c2dd4aa6 petrinizer: fix build
* take z3 haskell package from haskellPackages
* take sbv 7.13 from haskellPackages, apply patch fixing build
  with GHC >= 8.8.8
2021-05-06 11:43:59 +02:00
Robert Hensing 89fffee73f openapi-generator-cli: 5.0.0 -> 5.1.0 2021-05-06 11:24:56 +02:00
Robert Hensing 377f9ca78d elmPackages.elm-json: 0.2.7 -> 0.2.10 2021-05-06 11:21:40 +02:00
Louis Bettens 40612e40cd brave: 1.23.71 -> 1.24.82 2021-05-06 11:12:14 +02:00
Maximilian Bosch a50b9e6c23
Merge pull request #113716 from Ma27/wpa_multiple
wpa_supplicant: allow both imperative and declarative networks
2021-05-06 11:01:35 +02:00
sternenseemann abf5583c5a haskellPackages.llvm-hs: disable tests on non-x86_64
Should fix build on aarch64, see linked issue.
2021-05-06 10:49:57 +02:00
Maximilian Bosch 77b82f3535
Merge pull request #121875 from Infinisil/small-module-arg-optimization
lib/modules: Small optimization
2021-05-06 10:33:22 +02:00
fortuneteller2k 9802eed170 vieb: 3.4.0 -> 4.5.1 2021-05-06 16:23:09 +08:00
Vladyslav Burzakovskyy 5f42984b67 kratos: init at v0.6.0-alpha.1 2021-05-06 11:19:22 +03:00
Robert Schütz 254fb39b9f presage: init at 0.9.1 2021-05-06 10:16:59 +02:00
Maximilian Bosch 74c58a962b
Merge pull request #121877 from marsam/update-nodejs-16_x
nodejs-16_x: 16.0.0 -> 16.1.0
2021-05-06 10:06:26 +02:00
Mario Rodas 625842b8cf
terraform_0_15: 0.15.1 -> 0.15.2 (#121859)
https://github.com/hashicorp/terraform/releases/tag/v0.15.2
2021-05-06 10:00:22 +02:00
Michael Livshin dacdfa874e distcc: 2016-02-24 -> 2021-03-11 2021-05-06 10:43:38 +03:00
Fabian Affolter 882dd01186
Merge pull request #121879 from r-ryantm/auto-update/gitleaks
gitleaks: 7.4.1 -> 7.5.0
2021-05-06 09:42:35 +02:00
Raghav Sood 123db83348
Merge pull request #121882 from r-ryantm/auto-update/go-ethereum
go-ethereum: 1.10.2 -> 1.10.3
2021-05-06 13:14:41 +08:00
Raghav Sood 21f54d2478
Merge pull request #121876 from centromere/openethereum-3.2.5
openethereum: 3.2.4 -> 3.2.5
2021-05-06 13:14:28 +08:00
Anderson Torres 87a0e85736
Merge pull request #121799 from r-ryantm/auto-update/free42
free42: 3.0.2 -> 3.0.3
2021-05-06 01:40:04 -03:00
R. RyanTM b334d0dc2b go-ethereum: 1.10.2 -> 1.10.3 2021-05-06 04:39:36 +00:00