Thomas Gerbet
725d843cc8
flatpak: 1.12.2 -> 1.12.4
...
Fixes CVE-2021-43860 and CVE-2022-21682
Changes:
https://github.com/flatpak/flatpak/releases/tag/1.12.4
https://github.com/flatpak/flatpak/releases/tag/1.12.3
Security advisories:
https://github.com/flatpak/flatpak/security/advisories/GHSA-qpjc-vq3c-572j
https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx
2022-01-27 13:57:07 -08:00
ajs124
2b14787033
Merge pull request #156396 from helsinki-systems/upd/mysocket
...
mysocketw: switch to fork with version 3.10.27
2022-01-27 22:21:22 +01:00
Robert Hensing
da702fe9d9
Merge pull request #156857 from hercules-ci/fix-version-suffix-convention
...
doc/coding-conventions: Fix version attribute suffix to match reality
2022-01-27 22:16:15 +01:00
Linus Heckemann
81cd4faec2
Merge pull request #156845 from mayflower/nextcloud-group
...
nextcloud: make home group-readable
2022-01-27 22:09:17 +01:00
Daniel Olsen
68e9cd0f7e
nixos/lib: Use SingleLineStr in systemd description
2022-01-27 12:56:36 -08:00
Jan Tojnar
08b1e3e03d
Merge pull request #157043 from tomfitzhenry/spot-0.3.1
...
spot: 0.3.0 -> 0.3.1
2022-01-27 21:55:21 +01:00
Thomas Gerbet
1387fd0fd1
keepalived: 2.2.4 -> 2.2.7
...
Fixes CVE-2021-44225.
https://www.keepalived.org/release-notes/Release-2.2.7.html
2022-01-27 12:39:54 -08:00
Thomas Gerbet
f8c8a8918a
flatpak-builder: 1.2.0 -> 1.2.2
...
Changes:
https://github.com/flatpak/flatpak-builder/releases/tag/1.2.2
https://github.com/flatpak/flatpak-builder/releases/tag/1.2.1
Security advisory:
https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx
2022-01-27 12:38:04 -08:00
R. Ryantm
8909cf13be
python310Packages.azure-mgmt-applicationinsights: 2.0.0 -> 2.1.0
2022-01-27 12:26:51 -08:00
R. Ryantm
f329ced6f2
python310Packages.sqlite-utils: 3.22 -> 3.22.1
2022-01-27 12:25:20 -08:00
R. Ryantm
1b12139305
python39Packages.mautrix: 0.14.5 -> 0.14.6
2022-01-27 12:25:10 -08:00
R. Ryantm
eff0fc087c
python310Packages.sagemaker: 2.73.0 -> 2.74.0
2022-01-27 12:24:50 -08:00
Tom Fitzhenry
4e8deff9c8
spot: 0.3.0 -> 0.3.1
...
https://github.com/xou816/spot/releases/tag/0.3.1
2022-01-28 07:15:32 +11:00
Thomas Gerbet
846fafa68e
lighttpd: 1.4.63 -> 1.4.64
...
https://www.lighttpd.net/2022/1/19/1.4.64/
2022-01-27 21:12:21 +01:00
Sandro
896ab6a275
Merge pull request #156899 from drupol/php/add-ds-extension
2022-01-27 20:58:44 +01:00
Alexander Tsvyashchenko
fa7b83fa48
python3Packages.objax: fix tensorboard dependency ( #156909 )
...
Also moved `jaxlib` to `buildInputs` to avoid injecting it into dependent packages.
2022-01-27 11:45:32 -08:00
Michael Weiss
e5808c2f62
Merge pull request #154003 from primeos/signal-desktop
...
signal-desktop: 5.27.1 -> 5.29.1
2022-01-27 20:44:01 +01:00
Robert Scott
7b13bb9479
Merge pull request #156698 from bachp/poco-1.11.0
...
poco: 1.10.1 -> 1.11.1
2022-01-27 19:42:47 +00:00
Michael Weiss
eeb0e220cd
signal-desktop: 5.29.0 -> 5.29.1
2022-01-27 20:01:19 +01:00
Bernardo Meurer
319850d2a3
Merge pull request #156663 from lovesegfault/nix-refactor
...
nix: factor out common.nix
2022-01-27 10:58:17 -08:00
Renaud
4dc70faa6f
twa: 1.9.1 -> 1.10.0
...
(#156769 )
2022-01-27 19:46:26 +01:00
Jörg Thalheim
956dab36a3
nextcloud: use tmpfiles to create group-readable home
...
users.users.*.createHome makes home only owner-readable.
This breaks nginx reading static assets from nextcloud's home,
after a nixos-rebuild that did not restart nextcloud-setup.
Closes #112639
2022-01-27 19:13:50 +01:00
Will Cohen
7ec99ea7cf
qt5.qtwebkit: add disambiguate handle for darwin ( #156809 )
2022-01-27 13:00:11 -05:00
Fabian Affolter
f90310a12f
Merge pull request #157016 from applePrincess/exploitdb-2022-01-26
...
exploitdb: 2022-01-25 -> 2022-01-26
2022-01-27 18:54:34 +01:00
Bernardo Meurer
fe55576eea
Merge pull request #156997 from TredwellGit/linux
...
Kernels 2022-01-27
2022-01-27 09:52:03 -08:00
ajs124
47a2176ec8
Merge pull request #156998 from mweinelt/smartctl-exporter-fixups
...
prometheus.exporters.smartctl: fixes
2022-01-27 18:49:49 +01:00
Martin Weinelt
3a4bed480a
Merge pull request #156937 from mweinelt/firefox
2022-01-27 18:41:56 +01:00
Bernardo Meurer
5f9b470ff0
Merge pull request #154809 from helsinki-systems/feat/stc-proper-unit-file-parser
...
nixos/switch-to-configuration: Proper unit file parser and clean/fix lower part of the script
2022-01-27 09:35:34 -08:00
Aaron Andersen
3cafa47a66
Merge pull request #157019 from dali99/fix-mx-puppet-discord-module
...
nixos/mx-puppet-discord: Change systemd unit description to avoid new…
2022-01-27 12:02:59 -05:00
maralorn
037eb0a617
Merge pull request #156491 from NixOS/haskell-updates
...
haskellPackages: update stackage and hackage
2022-01-27 18:01:42 +01:00
Malte Brandy
caef341934
Merge branch 'master' into haskell-updates
2022-01-27 17:48:01 +01:00
Malte Brandy
c1e2f12203
haskellPackages: mark builds failing on hydra as broken
...
This commit has been generated by maintainers/scripts/haskell/mark-broken.sh
2022-01-27 17:47:21 +01:00
Stig
196873f601
Merge pull request #155116 from wentasah/amc-add-oodoc
...
auto-multiple-choice: add OpenOfficeOODoc perl module as dependency
2022-01-27 17:37:02 +01:00
Martin Weinelt
12c26aca1f
prometheus.exporters.smartctl: Fix autodiscovery
...
When no devices are given the exporter tries to autodiscover available
disks. The previous DevicePolicy was however preventing the exporter
from accessing any device at all, since only explicitly mentioned ones
were allowed.
This commit adds an allow rule for several device classes that I could
find on my machines, that gets set when no devices are explicitly
configured.
There is an existing problem with nvme devices, that expose a character
device at `/dev/nvme0`, and a (namespaced) block device at
`/dev/nvme0n1`. The character device does not come with permissions that
we could give to the exporter without further impacting the hardening.
crw------- 1 root root 247, 0 27. Jan 03:10 /dev/nvme0
brw-rw---- 1 root disk 259, 0 27. Jan 03:10 /dev/nvme0n1
The autodiscovery only finds the character device, which the exporter
unfortunately does not have access to.
However a simple udev rule can be used to resolve this:
services.udev.extraRules = ''
SUBSYSTEM=="nvme", KERNEL=="nvme[0-9]*", GROUP="disk"
'';
Unfortunately I'm not fully aware of the security implications this
change carries and we should question upstream (systemd) why they did
not include such a rule.
The disk group has no members on any of my machines.
❯ getent group disk
disk❌ 6:
2022-01-27 17:33:27 +01:00
R. RyanTM
899778e8cf
tev: 1.19 -> 1.22
...
* tev: 1.19 -> 1.22 (#156914 )
* tev: don't build on aarch64-linux
Co-authored-by: Renaud <c0bw3b@users.noreply.github.com>
2022-01-27 17:06:22 +01:00
Daniel Olsen
5288bcab0a
nixos/mx-puppet-discord: Change systemd unit description to avoid newline
2022-01-27 16:49:40 +01:00
Lein Matsumaru
93fb37332b
exploitdb: 2022-01-25 -> 2022-01-26
2022-01-27 15:22:33 +00:00
Robert Hensing
d0947df006
Merge pull request #156992 from hercules-ci/revert-153594-doc-optimization
...
Revert 153594 doc optimization
2022-01-27 15:46:36 +01:00
Ryan Mulligan
8328d4a50c
Merge pull request #156929 from r-ryantm/auto-update/sympa
...
sympa: 6.2.66 -> 6.2.68
2022-01-27 06:46:05 -08:00
dasj19
83ab260bbe
tomboy: remove ( #156979 )
...
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2022-01-27 15:21:33 +01:00
Sandro
55eab1b1b7
Merge pull request #156999 from SuperSandro2000/procs
2022-01-27 15:20:45 +01:00
Fabian Affolter
a4e916ad03
Merge pull request #156995 from fabaff/bump-sqlfluff
...
sqlfluff: 0.9.2 -> 0.9.3
2022-01-27 14:59:10 +01:00
Fabian Affolter
fc98f95561
Merge pull request #156990 from r-ryantm/auto-update/python3.10-flux-led
...
python310Packages.flux-led: 0.28.11 -> 0.28.17
2022-01-27 14:58:54 +01:00
Stig
3445b70e5b
Merge pull request #156964 from raboof/perl-libnet-3.12-to-3.13
...
perlPackages.libnet: 3.12 -> 3.13
2022-01-27 14:26:04 +01:00
Sandro
4794b2f047
Merge pull request #154324 from zaninime/sshportal
2022-01-27 14:18:38 +01:00
Sandro
90087b3562
Merge pull request #156828 from willcohen/grass-darwin
2022-01-27 14:16:28 +01:00
Sandro
5a673e356a
Merge pull request #156898 from r-ryantm/auto-update/vgrep
2022-01-27 14:07:13 +01:00
Sandro
27cccd4e49
Merge pull request #151363 from Stunkymonkey/doc-updateWalker
2022-01-27 14:06:36 +01:00
Bobby Rong
c2f5452f26
Merge pull request #156936 from bobby285271/pantheon
...
Pantheon updates 2022-01-26
2022-01-27 21:03:07 +08:00
Sandro Jäckel
b81c67d478
procs: 0.12.0 -> 0.12.1
2022-01-27 13:55:22 +01:00