3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

6745 commits

Author SHA1 Message Date
Corbin Simpson 69f23d9e73 enhanced-ctorrent: fix CVE-2009-1759 (#39311)
Patches from Debian.
2018-04-22 22:42:20 +01:00
Matthew Justin Bauer c8e58113b2
Merge pull request #38801 from worldofpeace/wire-desktop
wire-desktop: init at 3.0.2816
2018-04-21 20:47:56 -05:00
Herwig Hochleitner 2b29e40153 chromium: 65.0.3325.181 -> 66.0.3359.117
Critical CVE-2018-6085: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-28
Critical CVE-2018-6086: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-30
High CVE-2018-6087: Use after free in WebAssembly. Reported by Anonymous on 2018-02-20
High CVE-2018-6088: Use after free in PDFium. Reported by Anonymous on 2018-03-15
High CVE-2018-6089: Same origin policy bypass in Service Worker. Reported by Rob Wu on 2018-02-04
High CVE-2018-6090: Heap buffer overflow in Skia. Reported by ZhanJia Song on 2018-03-12
High CVE-2018-6091: Incorrect handling of plug-ins by Service Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-10-05
High CVE-2018-6092: Integer overflow in WebAssembly. Reported by Natalie Silvanovich of Google Project Zero on 2018-03-08
Medium CVE-2018-6093: Same origin bypass in Service Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-11-01
Medium CVE-2018-6094: Exploit hardening regression in Oilpan. Reported by Chris Rohlf on 2016-08-01
Medium CVE-2018-6095: Lack of meaningful user interaction requirement before file upload. Reported by Abdulrahman Alqabandi (@qab) on 2016-08-11
Medium CVE-2018-6096: Fullscreen UI spoof. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-19
Medium CVE-2018-6097: Fullscreen UI spoof. Reported by xisigr of Tencent's Xuanwu Lab on 2018-01-26
Medium CVE-2018-6098: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-01-03
Medium CVE-2018-6099: CORS bypass in ServiceWorker. Reported by Jun Kokatsu (@shhnjk) on 2018-02-03
Medium CVE-2018-6100: URL spoof in Omnibox. Reported by Lnyas Zhang on 2018-02-11
Medium CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools . Reported by Rob Wu on 2018-02-19
Medium CVE-2018-6102: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-20
Medium CVE-2018-6103: UI spoof in Permissions. Reported by Khalil Zhani on 2018-02-24
Medium CVE-2018-6104: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-03-08
Medium CVE-2018-6105: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-01-18
Medium CVE-2018-6106: Incorrect handling of promises in V8. Reported by lokihardt of Google Project Zero on 2018-01-25
Medium CVE-2018-6107: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-02
Medium CVE-2018-6108: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-27
Low CVE-2018-6109: Incorrect handling of files by FileAPI. Reported by Dominik Weber (@DoWeb_) on 2017-04-10
Low CVE-2018-6110: Incorrect handling of plaintext files via file:// . Reported by Wenxiang Qian (aka blastxiang) on 2017-10-24
Low CVE-2018-6111: Heap-use-after-free in DevTools. Reported by Khalil Zhani on 2017-11-02
Low CVE-2018-6112: Incorrect URL handling in DevTools. Reported by Rob Wu on 2017-12-29
Low CVE-2018-6113: URL spoof in Navigation. Reported by Khalil Zhani on 2018-01-25
Low CVE-2018-6114: CSP bypass. Reported by Lnyas Zhang on 2018-02-13
Low CVE-2018-6115: SmartScreen bypass in downloads. Reported by James Feher on 2018-03-07
Low CVE-2018-6116: Incorrect low memory handling in WebAssembly. Reported by Jin from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. on 2018-03-15
Low CVE-2018-6117: Confusing autofill settings. Reported by Spencer Dailey on 2018-03-15
Low CVE-2018-6084: Incorrect use of Distributed Objects in Google Software Updater on MacOS. Reported by Ian Beer of Google Project Zero on 2018-03-15
2018-04-21 14:57:45 +02:00
R. RyanTM 951d6a9f93 inboxer: 1.0.4 -> 1.1.2 (#39233)
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/inboxer/versions.

These checks were done:

- built on NixOS
- Warning: no binary found that responded to help or version flags. (This warning appears even if the package isn't expected to have binaries.)
- found 1.1.2 with grep in /nix/store/dbk6jvgi9kc56yh5grh1d3yndcwd0965-inboxer-1.1.2
- directory tree listing: https://gist.github.com/fd594eb2f8f8083359d8736e32edee72
2018-04-20 16:03:24 +02:00
Michael Weiss 5131977f1b gns3Packages.{server,gui}{Stable,Preview}: 2.1.4 -> 2.1.5 2018-04-19 22:34:32 +02:00
worldofpeace 754b30ef00 wire-desktop: init at 3.0.2816 2018-04-19 13:50:35 -04:00
Matthew Justin Bauer 78cfa7bbd0
Merge pull request #38976 from volth/patch-124
tixati: 2.55 -> 2.57
2018-04-19 11:59:15 -05:00
Peter Hoeg da4695009c freerdp: 2.0.0-rc1 -> 2.0.0-rc2 2018-04-19 10:31:19 +08:00
Jörg Thalheim d308ac9233
Merge pull request #39064 from r-ryantm/auto-update/frostwire
frostwire-bin: 6.6.3 -> 6.6.5
2018-04-17 20:26:28 +01:00
Matthew Bauer 52893d5276 treewide: move "extensions" drvs to dir
This cleans up the tree for pkgs/applications somewhat. Should not
change any hashes.
2018-04-17 13:50:49 -05:00
Michael Weiss 9cb0b49673 signal-desktop-beta: Mark as broken (really outdated) 2018-04-17 18:26:53 +02:00
Michael Weiss b500edc44c quiterss: 0.18.9 -> 0.18.10 2018-04-17 18:16:23 +02:00
Matthew Justin Bauer 2f0f9b4d0f
Merge pull request #37512 from MHOOO/patch-1
Fix spark scripts that use dirname
2018-04-17 10:41:12 -05:00
Matthew Justin Bauer 0418f5ee65
Merge pull request #38321 from jensbin/openshift_mount_fix
openshift: Fix binary paths for oc cluster up to work
2018-04-17 10:11:07 -05:00
Matthew Justin Bauer 80facf99da
Merge pull request #38189 from r-ryantm/auto-update/palemoon
palemoon: 27.8.0 -> 27.8.3
2018-04-17 09:57:06 -05:00
Matthew Justin Bauer 3207b7e71d
Merge pull request #38311 from qfjp/submit/finch-fix
Use lib/purple-2 directory instead of lib/pidgin
2018-04-17 09:55:00 -05:00
Peter Hoeg 5b3c2b189b
Merge pull request #38828 from luke-clifton/ipfs-update
ipfs: 0.4.13 -> 0.4.14
2018-04-17 14:23:01 +00:00
R. RyanTM d4cc20c0cc frostwire-bin: 6.6.3 -> 6.6.5
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/frostwire/versions.

These checks were done:

- built on NixOS
- Warning: no binary found that responded to help or version flags. (This warning appears even if the package isn't expected to have binaries.)
- found 6.6.5 with grep in /nix/store/6cgry9k7i6ni9a7axglsm5akmibryimi-frostwire-6.6.5
- directory tree listing: https://gist.github.com/e29014b6db646e0dd934f79b2e387703
2018-04-17 05:07:21 -07:00
adisbladis 195d5679e8
Merge pull request #38986 from scode/scode/signal-171-update
signal-desktop: 0.7.0 -> 0.7.1
2018-04-16 20:12:43 +08:00
Jörg Thalheim 5ad99e6b05 firefox-bin: add hint on how to update 2018-04-16 11:38:04 +01:00
Peter Schuller 70588bc82e signal-desktop: 0.7.0 -> 0.7.1 2018-04-15 21:19:20 -07:00
volth fa9359110b
tixati: 2.55 -> 2.57 2018-04-15 21:38:32 +00:00
Jörg Thalheim fb9d7e0aa0
Merge pull request #38902 from Ekleog/nheko-0.3.1
nheko: 0.3.0 -> 0.3.1
2018-04-15 19:54:55 +01:00
S. Nordin Abouzahra 92f0d31b94
purple-discord: init at 2018-04-10 2018-04-15 11:20:23 +02:00
Matthias Beyer 792c99df34 mutt: 1.9.4 -> 1.9.5 2018-04-15 08:27:58 +02:00
Elis Hirwing 8b19b14bda testssl: 2.9.5-4 -> 2.9.5-5 (#38936)
Changelog:
https://github.com/drwetter/testssl.sh/releases/tag/v2.9.5-5

Also improved expression.
2018-04-14 21:17:44 +02:00
Alexandre Peyroux 256b0b5a2d c14: 2017-05-15 -> 0.3 (#38905) 2018-04-14 08:29:30 +01:00
Léo Gaspard 59bf698238
nheko: 0.3.0 -> 0.3.1 2018-04-13 15:57:41 +02:00
Tim Steinbach 32d620d739
hipchat: 4.30.3.1670 -> 4.30.4.1672 2018-04-13 09:39:06 -04:00
Maximilian Güntner 119570cd83
backintime-qt4: package is broken
the install phase writes into /nix :

```
<snip>
install -d
/nix/store/1kc8xcni0wp4y35vafh03rdxvqkrsxvl-backintime-qt4-1.1.24/../etc/dbus-1/system.d
install --mode=644 net.launchpad.backintime.serviceHelper.conf
/nix/store/1kc8xcni0wp4y35vafh03rdxvqkrsxvl-backintime-qt4-1.1.24/../etc/dbus-1/system.d
<snap>
```
2018-04-13 14:13:22 +02:00
Yegor Timoshenko ae1318043b
Merge pull request #38890 from r-ryantm/auto-update/signal-desktop
signal-desktop: 1.6.1 -> 1.7.0
2018-04-13 09:57:26 +00:00
lewo 4043fff3bc
Merge pull request #38423 from mbode/heptio-ark_0_7_1
heptio-ark: init at 0.7.1
2018-04-13 08:50:40 +02:00
R. RyanTM 50c6900fd4 signal-desktop: 1.6.1 -> 1.7.0
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/signal-desktop/versions.

These checks were done:

- built on NixOS
- Warning: no binary found that responded to help or version flags. (This warning appears even if the package isn't expected to have binaries.)
- found 1.7.0 with grep in /nix/store/xkslw2sdzbpbzy0ddd0f5qxk1wkfahs6-signal-desktop-1.7.0
- directory tree listing: https://gist.github.com/05c86387ecf6ea0334f3d0c18b44542e
2018-04-12 23:03:32 -07:00
Yegor Timoshenko 6207cb9302
Merge pull request #38827 from r-ryantm/auto-update/riot-web
riot-web: 0.13.5 -> 0.14.0
2018-04-12 22:26:11 +00:00
Maximilian Bode 2e1c5c00c7 heptio-ark: init at 0.7.1 2018-04-12 20:59:10 +02:00
Benjamin Saunders cd24ae7a1b purple-hangouts: 2017-10-08 -> 2018-03-28 (#38819) 2018-04-12 13:24:21 +02:00
R. RyanTM ba337a2d5c riot-web: 0.13.5 -> 0.14.0
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/riot-web/versions.

These checks were done:

- built on NixOS
- Warning: no binary found that responded to help or version flags. (This warning appears even if the package isn't expected to have binaries.)
- found 0.14.0 with grep in /nix/store/rrr1riavdg8sysb7ksvfqwr9az3jvlbm-riot-web-0.14.0
- directory tree listing: https://gist.github.com/586766758d4a74da4f7c241391412e10
2018-04-12 00:58:26 -07:00
Luke Clifton 7c3475563b ipfs 0.4.13 -> 0.4.14 2018-04-12 15:55:46 +08:00
R. RyanTM 35121b1973 syncplay: 1.5.2 -> 1.5.3 (#38693)
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/syncplay/versions.

These checks were done:

- built on NixOS
- ran ‘/nix/store/dfjzzxr9ih0cpmz3ls5xcmfaf2qrhmhh-syncplay-1.5.3/bin/.syncplay-server-wrapped -h’ got 0 exit code
- ran ‘/nix/store/dfjzzxr9ih0cpmz3ls5xcmfaf2qrhmhh-syncplay-1.5.3/bin/.syncplay-server-wrapped --help’ got 0 exit code
- ran ‘/nix/store/dfjzzxr9ih0cpmz3ls5xcmfaf2qrhmhh-syncplay-1.5.3/bin/syncplay-server -h’ got 0 exit code
- ran ‘/nix/store/dfjzzxr9ih0cpmz3ls5xcmfaf2qrhmhh-syncplay-1.5.3/bin/syncplay-server --help’ got 0 exit code
- found 1.5.3 with grep in /nix/store/dfjzzxr9ih0cpmz3ls5xcmfaf2qrhmhh-syncplay-1.5.3
- directory tree listing: https://gist.github.com/52097c8cbb187c4fb391af784f94d056
2018-04-11 17:25:10 +02:00
Pascal Wittmann 7427b58266 Switch suckless.org URLs to https
(cherry picked from commit 22f212537f)
2018-04-11 15:11:55 +02:00
Frederik Rietdijk ee6894ca12 Merge staging into master 2018-04-11 14:55:52 +02:00
Michael Raskin 896cc0847a
Merge pull request #38765 from taku0/flashplayer-29.0.0.140
flashplayer: 29.0.0.113 -> 29.0.0.140 [Critical security fixes]
2018-04-11 11:59:11 +00:00
Tim Steinbach cb7f774265
minikube: 0.25.2 -> 0.26.0 2018-04-10 18:45:13 -04:00
Frederik Rietdijk 6023849ba1 Merge master into staging 2018-04-10 19:23:42 +02:00
taku0 f92dc58c71 flashplayer: 29.0.0.113 -> 29.0.0.140 2018-04-10 21:14:20 +09:00
Jean-Baptiste Giraudeau d6e8371071
terraform_0_11: 0.11.5 -> 0.11.6 2018-04-10 10:39:53 +02:00
Robert Schütz 80fc5f2a24 Merge branch 'master' into staging 2018-04-10 09:13:36 +02:00
Matthew Justin Bauer 4531f181d9
Merge pull request #35121 from xeji/firehol-35114
firehol: 3.1.5: fix errors when running firehol command
2018-04-09 14:22:32 -05:00
Jörg Thalheim 43a3cfe0c2
Merge pull request #38654 from etu/testssl-update
testssl: 2.9.5-3 -> 2.9.5-4
2018-04-09 19:16:26 +01:00
Elis Hirwing 7b4ed22b54
testssl: 2.9.5-3 -> 2.9.5-4
Changelog:
https://github.com/drwetter/testssl.sh/releases/tag/v2.9.5-4

Also improved the expression to be more readable.
2018-04-09 18:49:50 +02:00