3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

286849 commits

Author SHA1 Message Date
AndersonTorres 27525f6c4d kid3: ffmpeg_3 -> ffmpeg
And refactor.
2021-04-30 17:39:08 -03:00
AndersonTorres 6d365578bf aegisub: ffmpeg_3 -> ffmpeg
And refactor.
2021-04-30 17:39:08 -03:00
Maximilian Bosch 3a7d278b54
Merge pull request #120895 from r-ryantm/auto-update/cargo-deb
cargo-deb: 1.29.1 -> 1.29.2
2021-04-30 22:36:44 +02:00
Maximilian Bosch 543e84a00f
Merge pull request #121167 from r-ryantm/auto-update/leftwm
leftwm: 0.2.6 -> 0.2.7
2021-04-30 22:29:46 +02:00
Maximilian Bosch f476258fdf
Merge pull request #121287 from dotlambda/pass-import-fix
passExtensions.pass-import: fix tests
2021-04-30 22:18:06 +02:00
Maximilian Bosch ac1ce993be
vagrant: 2.2.15 -> 2.2.16
ChangeLog: https://github.com/hashicorp/vagrant/blob/v2.2.16/CHANGELOG.md#2216-april-29-2021
2021-04-30 22:06:45 +02:00
Peter Simons b6b5fe550d all-cabal-hashes: update to Hackage at 2021-04-30T19:36:25Z 2021-04-30 22:02:27 +02:00
Martin Weinelt efb30a191e
Merge pull request #120529 from mweinelt/zigbee2mqtt 2021-04-30 21:59:22 +02:00
Peter Simons 9a597deb23
Merge pull request #120446 from NixOS/haskell-updates
Update Haskell package set to Stackage Nightly 2021-04-23 (plus other fixes)
2021-04-30 21:53:43 +02:00
R. RyanTM d25741e707 logcheck: 1.3.22 -> 1.3.23 2021-04-30 19:49:55 +00:00
Michael Weiss 1be2221634
wayland-protocols: 1.20 -> 1.21
Announcement:
https://lists.freedesktop.org/archives/wayland-devel/2021-April/041815.html
2021-04-30 21:45:59 +02:00
Glowpelt 9465ce4e10 rtl88xxau-aircrack: fc0194 -> c0ce81
Linux Kernel 5.8 or about there broke the previous version of this
driver.
2021-04-30 19:45:26 +00:00
Mario Rodas 33f9d30558
rclone: 1.55.0 -> 1.55.1 (#121297) 2021-04-30 21:43:41 +02:00
Maximilian Bosch 02c3bd2187
nixos/gitea: set umask for secret creation
This ensures that newly created secrets will have the permissions
`0640`. With this change it's ensured that no sensitive information will
be word-readable at any time.

Related to #121293.

Strictly speaking this is a breaking change since each new directory
(including data-files) aren't world-readable anymore, but actually these
shouldn't be, unless there's a good reason for it.
2021-04-30 21:39:11 +02:00
R. RyanTM fef20991e8 macchina: 0.6.9 -> 0.7.2 2021-04-30 19:37:43 +00:00
Florian Klink 44a0debca7
Merge pull request #121021 from pennae/container-sigterm
nixos/nix-containers: use SIGTERM to stop containers
2021-04-30 21:35:16 +02:00
Léo Gaspard b522e483b9
kcov: add metadata and passthru.tests (#121308) 2021-04-30 21:26:26 +02:00
lunik1 248a57d61a
nixos/adguardhome: init (#120568) 2021-04-30 20:55:31 +02:00
Peter Simons 37656dc208 git-annex: update sha256 hash for the new version 2021-04-30 20:45:03 +02:00
R. RyanTM 8a3ef67925
kcov: 36 -> 38 (#121160) 2021-04-30 20:44:04 +02:00
Martin Weinelt 62de527dc3
nixos/zigbee2mqtt: start maintaing the module 2021-04-30 20:40:04 +02:00
Martin Weinelt 2b61d9ea01
nixos/zigbee2mqtt: create migration path from config to settings 2021-04-30 20:39:21 +02:00
Peter Simons e3185a56b5 hackage-packages.nix: automatic Haskell package set update
This update was generated by hackage2nix v2.17.0-8-ge18310f from Hackage revision
8185884e7b.
2021-04-30 20:37:43 +02:00
Tobias Mayer 2d9f3e32d9
arrow-cpp: 3.0.0 -> 4.0.0
arrow-cpp: cleanup

Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2021-04-30 20:30:59 +02:00
Tobias Mayer f5704c862d
xsimd: init at 7.5.0
xsimd: format

Co-authored-by: Sandro <sandro.jaeckel@gmail.com>

xsimd: fix on macOS

xsimd: Use fetchFromGitHub
2021-04-30 20:30:46 +02:00
Peter Simons e20a75ec74 hackage2nix: update list of broken packages
... so that there are no failing builds on Hydra.

Ping @rkrzr because icepeak is broken.
2021-04-30 20:30:15 +02:00
github-actions[bot] 20ebbe6b59
Merge staging-next into staging 2021-04-30 18:26:34 +00:00
github-actions[bot] 28b0400c8e
Merge master into staging-next 2021-04-30 18:26:32 +00:00
Martin Weinelt f1e7183f69
nixos/tests/zigbee2mqtt: relax DevicePolicy and log systemd-analye security 2021-04-30 19:42:26 +02:00
Martin Weinelt a691549f7e
nixos/zigbee2mqtt: harden systemd unit
This is what is still exposed, and it allows me to control my lamps from
within home-assistant.

✗ PrivateNetwork=                                             Service has access to the host's network                                            0.5
✗ RestrictAddressFamilies=~AF_(INET|INET6)                    Service may allocate Internet sockets                                               0.3
✗ DeviceAllow=                                                Service has a device ACL with some special devices                                  0.1
✗ IPAddressDeny=                                              Service does not define an IP address allow list                                    0.2
✗ PrivateDevices=                                             Service potentially has access to hardware devices                                  0.2
✗ RootDirectory=/RootImage=                                   Service runs within the host's root directory                                       0.1
✗ SupplementaryGroups=                                        Service runs with supplementary groups                                              0.1
✗ MemoryDenyWriteExecute=                                     Service may create writable executable memory mappings                              0.1

→ Overall exposure level for zigbee2mqtt.service: 1.3 OK 🙂
2021-04-30 19:42:26 +02:00
Martin Weinelt e0f1e1f7bf
nixos/zigbee2mqtt: convert to rfc42 style settings 2021-04-30 19:42:26 +02:00
Konstantin Alekseev 7ee53c0c4f python2Packages.importlib-resources: use version 3.3.1 for python2 2021-04-30 19:10:50 +02:00
Martin Weinelt 0ae04ca063
Merge pull request #121290 from petabyteboy/feature/firefox-latest-rust 2021-04-30 19:00:32 +02:00
Martin Weinelt 506bc7ba02
nixos/nginx: update hardening settings
- Set an explicit umask that allows u+rwx and g+r.
- Adds `ProtectControlGroups` and `ProtectKernelLogs`, there should be
  no need to access either.
- Adds `ProtectClock` to prevent write-access to the system clock.
- `ProtectProc` hides processes from other users within the /proc
  filesystem and `ProcSubSet` hides all files/directories unrelated to
  the process management of the units process.
- Sets `RemoveIPC`, as there is no SysV or POSIX IPC within nginx that I
  know of.
- Restricts the creation of arbitrary namespaces
- Adds a reasonable `SystemCallFilter` preventing calls to @privileged,
  @obsolete and others.

And finally applies some sorting based on the order these options appear
in systemd.exec(5).
2021-04-30 18:49:43 +02:00
Milan Pässler 903e23ad36
firefox-esr: use latest Rust
Firefox ESR 78.x used to have a problem with Rust >= 1.46, but it works
with latest Rust now!
2021-04-30 17:50:01 +02:00
Robert Schütz c8dff328e5
Merge pull request #120447 from AluisioASG/aasg/dyndnsc-0.6.1
dyndnsc: 0.5.1 -> 0.6.1
2021-04-30 17:35:33 +02:00
John Ericson 17305d2df0
Merge pull request #111487 from Ericson2314/llvm-outputs-and-cross-compile-tools
llvmPackages: Clean up outputs
2021-04-30 11:28:08 -04:00
Robert Schütz 93507828b2 passExtensions.pass-import: fix tests 2021-04-30 17:16:28 +02:00
Kim Lindberger fdd6ca8fce
Merge pull request #118898 from talyz/gitlab-memory-bloat
nixos/gitlab: Add options to tame GitLab's memory usage somewhat
2021-04-30 16:58:30 +02:00
Robert Schütz 93edfffab6 pythonPackages.pykeepass: run tests 2021-04-30 16:53:36 +02:00
Aaron Andersen 445c114b49
Merge pull request #121162 from r-ryantm/auto-update/kodi-inputstream-adaptive
kodiPackages.inputstream-adaptive: 2.6.13 -> 2.6.14
2021-04-30 10:45:18 -04:00
Aluísio Augusto Silva Gonçalves 093ab98c80
dyndnsc: 0.5.1 -> 0.6.1 2021-04-30 11:40:29 -03:00
Aluísio Augusto Silva Gonçalves 932ec5518e
python3Packages.pytest-console-scripts: init at 1.2.0
Thanks to @kvas-it for cutting a release with the patches needed to make
tests work.
2021-04-30 11:40:29 -03:00
Aluísio Augusto Silva Gonçalves 0463f91e04
python3Packages.sanic-auth: fix tests (#121279)
After #120881, packages using Sanic's `app.test_client` or
`app.asgi_client` need to depend on `sanic-testing` as well.
2021-04-30 16:40:24 +02:00
Aluísio Augusto Silva Gonçalves 98822ee896
python3Packages.json-logging: init at 1.3.0 2021-04-30 11:33:04 -03:00
Michael Weiss 774550baf5
Merge pull request #119615 from Synthetica9/cage-0.1.3
cage: 0.1.2.1 -> 0.1.3
2021-04-30 16:27:11 +02:00
Guillaume Girol 0c9ed22e64
Merge pull request #119562 from symphorien/fusermountsetuid
fuse: fix mount.fuse -o setuid=...
2021-04-30 14:26:39 +00:00
Alyssa Ross a7dd5ca90f systemd: fix build 2021-04-30 14:06:53 +00:00
Michael Weiss 28b8cff301
nixos/tests/cage: Fix the test with wlroots 0.13
See #119615 for more details. The aarch64-linux test failed with
"qemu-system-aarch64: Virtio VGA not available" so I've restricted the
test to x86_64-linux (the virtio paravirtualized 3D graphics driver is
likely only available on very few platforms).
2021-04-30 15:57:04 +02:00
Alyssa Ross f27de651fd
netbsd.libcurses: fix build 2021-04-30 13:56:27 +00:00