1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-27 08:01:14 +00:00
Commit graph

768 commits

Author SHA1 Message Date
Maximilian Bosch 839c0ea7a5
treewide: *Inputs are flat lists 2019-12-31 01:10:02 +01:00
Robin Gloster 760e23136a
treewide: *inputs are lists 2019-12-31 01:09:25 +01:00
Jonathan Ringer 8043df949b aws_shell: fix dep issues 2019-12-30 16:46:51 +01:00
Jonathan Ringer fe058ee1ed awscli: fix build 2019-12-30 16:46:51 +01:00
Jonathan Ringer e1bb62f9bc azure-cli: 2.0.77 -> 2.0.78 2019-12-30 16:46:50 +01:00
Jan Tojnar a69e309794
Merge branch 'staging-next' into staging 2019-12-30 05:24:03 +01:00
Florian Klink 0aa09d3c75 simpl_le: 0.16.0 -> 0.17.0 2019-12-29 19:30:31 +01:00
Florian Klink d07796b871 certbot: 0.39.0 -> 1.0.0 2019-12-29 19:30:31 +01:00
Frederik Rietdijk 5aed91512d Merge staging-next into staging 2019-12-29 10:20:05 +01:00
Maximilian Bosch fa28c7750a
Merge pull request #76442 from r-ryantm/auto-update/tigervnc
tigervnc: 1.10.0 -> 1.10.1
2019-12-26 20:31:01 +01:00
Jan Tojnar 4bbc6cc66f
Merge branch 'staging-next' into staging 2019-12-25 05:18:52 +01:00
R. RyanTM e91f467811 tigervnc: 1.10.0 -> 1.10.1 2019-12-24 12:01:35 -08:00
Mario Rodas 2f2047c378
Merge pull request #75196 from r-ryantm/auto-update/bubblewrap
bubblewrap: 0.3.3 -> 0.4.0
2019-12-22 18:11:52 -05:00
Mario Rodas 932f5f6b88
clair: 2.0.9 -> 2.1.2 2019-12-22 00:00:00 -05:00
Terje Larsen 7a99d1e392
awscli: pin colorama to 0.4.1
This is pinned to 0.4.1 in the upstream awscli package.
2019-12-20 14:23:12 +01:00
Mario Rodas b066646e04
docker-credential-helpers: init at 0.6.3 2019-12-15 18:18:18 -05:00
Andreas Rammhold b21b92947e ansible_2_6: 2.6.17 -> 2.6.20
This addresses the following security issues:

  * CVE-2019-14846 - Several Ansible plugins could disclose aws
    credentials in log files. inventory/aws_ec2.py, inventory/aws_rds.py,
    lookup/aws_account_attribute.py, and lookup/aws_secret.py,
    lookup/aws_ssm.py use the boto3 library from the Ansible process. The
    boto3 library logs credentials at log level DEBUG. If Ansible's
    logging was enabled (by setting LOG_PATH to a value) Ansible would set
    the global log level to DEBUG. This was inherited by boto and would
    then log boto credentials to the file specified by LOG_PATH. This did
    not affect aws ansible modules as those are executed in a separate
    process. This has been fixed by switching to log level INFO
  * Convert CLI provided passwords to text initially, to prevent unsafe
    context being lost when converting from bytes->text during post
    processing of PlayContext. This prevents CLI provided passwords from
    being incorrectly templated (CVE-2019-14856)
  * properly hide parameters marked with no_log in suboptions when
    invalid parameters are passed to the module (CVE-2019-14858)
  * resolves CVE-2019-10206, by avoiding templating passwords from
    prompt as it is probable they have special characters.
  * Handle improper variable substitution that was happening in
    safe_eval, it was always meant to just do 'type enforcement' and have
    Jinja2 deal with all variable interpolation. Also see CVE-2019-10156

Changelog: 9bdb89f740/changelogs/CHANGELOG-v2.6.rst
2019-12-15 21:25:07 +01:00
Andreas Rammhold 64e2791092 ansible_2_7: 2.7.11 -> 2.7.15
This fixes the following security issues:
  * Ansible: Splunk and Sumologic callback plugins leak sensitive data
    in logs (CVE-2019-14864)
  * CVE-2019-14846 - Several Ansible plugins could disclose aws
    credentials in log files. inventory/aws_ec2.py, inventory/aws_rds.py,
    lookup/aws_account_attribute.py, and lookup/aws_secret.py,
    lookup/aws_ssm.py use the boto3 library from the Ansible process. The
    boto3 library logs credentials at log level DEBUG. If Ansible's
    logging was enabled (by setting LOG_PATH to a value) Ansible would set
    the global log level to DEBUG. This was inherited by boto and would
    then log boto credentials to the file specified by LOG_PATH. This did
    not affect aws ansible modules as those are executed in a separate
    process. This has been fixed by switching to log level INFO
  * Convert CLI provided passwords to text initially, to prevent unsafe
    context being lost when converting from bytes->text during post
    processing of PlayContext. This prevents CLI provided passwords from
    being incorrectly templated (CVE-2019-14856)
  * properly hide parameters marked with no_log in suboptions when invalid
    parameters are passed to the module (CVE-2019-14858)
  * resolves CVE-2019-10206, by avoiding templating passwords from
    prompt as it is probable they have special characters.
  * Handle improper variable substitution that was happening in
    safe_eval, it was always meant to just do 'type enforcement' and have
    Jinja2 deal with all variable interpolation. Also see CVE-2019-10156

Changelog: 0623dedf2d/changelogs/CHANGELOG-v2.7.rst (v2-7-15)
2019-12-15 21:24:59 +01:00
itsHMR a46e3ebae5 tigervnc: add perl to buildInputs (#75367)
tigervnc ships vncserver, quote from the documentation:
vncserver - a wrapper script which makes starting Xvnc more convenient vncserver requires Perl.
2019-12-14 18:06:01 +01:00
Jonathan Ringer 8f8d977f2a azure-cli: freeze azure-mgmt-recoveryservicesbackup 2019-12-10 18:28:21 -08:00
Sarah Brofeldt b6a61da54e
Merge pull request #75290 from marsam/update-awsweeper
awsweeper: init at 0.4.1
2019-12-09 17:02:02 +01:00
Mario Rodas 5419097ccd
procs: 0.8.13 -> 0.8.16 2019-12-09 04:20:00 -05:00
Mario Rodas cf79e2bdba
awsweeper: init at 0.4.1 2019-12-08 04:20:00 -05:00
R. RyanTM 910feb39aa bubblewrap: 0.3.3 -> 0.4.0 2019-12-07 18:26:55 -08:00
Benjamin Hipple d52cfb7661 awscli: remove unnecessary override on python prompt_toolkit
This override to the old 1.x version of `prompt_toolkit` appears to be
unnecessary; removing it does not change the hash of `awscli`.

In a follow-up, we could likely remove the RSA override as well, if we're OK
with patching out the `setup.cfg` requirements. This dropped support for some
old modules, but appears to not break API compatibility otherwise:
https://github.com/sybrenstuvel/python-rsa/blob/master/CHANGELOG.md#version-40---released-2018-09-16
2019-12-07 19:17:55 +01:00
xrelkd 9a4f4691ae eksctl: 0.11.0 -> 0.11.1 2019-12-06 21:03:24 +08:00
Timo Kaufmann cc6cf0a96a
Merge pull request #74371 from bbigras/lego
lego: 3.0.2 -> 3.2.0
2019-12-05 09:39:52 +01:00
xrelkd 76480b60b8 eksctl: 0.10.2 -> 0.11.0 2019-12-05 10:51:54 +08:00
Jonathan Ringer 313deeeb52 azure-cli: freeze azure-mgmt-imagebuilder 2019-12-03 00:17:58 -08:00
Jonathan Ringer 519558a9e7 azure-cli: freeze azure-mgmt-sqlvirtualmachine at 0.4.0 2019-12-02 23:46:15 -08:00
Jonathan Ringer b59adfc731 azure-cli: 2.0.76 -> 2.0.77 2019-12-01 19:47:46 -08:00
R. RyanTM 0321a2aa12 tigervnc: 1.9.0 -> 1.10.0
* tigervnc: 1.9.0 -> 1.10.0 (#74679)
+ refresh meta.homepage
2019-11-30 15:42:50 +01:00
Jonathan Ringer d24d36b20c azure-cli: freeze cosmosdb 2019-11-29 13:51:34 -08:00
Bruno Bigras bedc67f760 lego: 3.0.2 -> 3.2.0 2019-11-28 00:28:19 -05:00
Mario Rodas 0f3cf4234d
Merge pull request #74108 from r-ryantm/auto-update/aws-google-auth
aws-google-auth: 0.0.32 -> 0.0.33
2019-11-25 05:32:25 -05:00
Michael Raskin 98dc6b59bf fbvnc: init at 1.0.2 2019-11-25 10:29:03 +01:00
R. RyanTM 1433f5f3c4 aws-google-auth: 0.0.32 -> 0.0.33 2019-11-25 00:08:56 -08:00
Robert Scott 2482f8b8dc tightvnc: add patches for four CVEs
Security fixes for:
* CVE-2019-8287
* CVE-2019-15678
* CVE-2019-15679
* CVE-2019-15680

mostly adapted from patches fixing similar issues in the actively
maintained libvnc

(#73970)
2019-11-24 19:44:01 +01:00
Jonathan Ringer 85fc419d42 azure-cli: init at 2.0.76 2019-11-23 19:47:04 -08:00
xrelkd 86e305b4c9 eksctl: 0.9.0 -> 0.10.2 2019-11-22 23:19:20 +08:00
Jonathan Ringer 6a983b61d4 elasticsearch-curator: move out of python-packages
Upstream froze click to <7, which means it will only
work with overrides, which means it can't compose
with other python modules.
2019-11-19 07:38:27 -08:00
Jos van Bakel 10600289ee awslogs: propagate setuptools
(#71172)
2019-11-14 14:31:13 +01:00
xrelkd 735a8290c2 eksctl: 0.8.0 -> 0.9.0 2019-11-13 00:22:51 -08:00
Dmitry Kalinkin 7272491194
Merge pull request #72373 from jlesquembre/pulumi-fix
pulumi: install providers and add update script
2019-11-06 11:32:33 -05:00
José Luis Lafuente 7622f30ed2
pulumi: install providers and add update script
Without providers (also called plugins) pulumi doesn't do much. The way
they work, if you want to use a provider, pulimi will look for it in
your PATH, and if not found it will download it. Providers are just
executables, but third party binaries usually don't work on nixos unless
they are patched with the patchelf utility. Because of that, I'm
installing some patched providers with the main pulumi binary.

I'm also adding a small script helper to generate the hashes for all the
binaries.
2019-11-04 16:03:58 +01:00
xrelkd 940263f96e eksctl: 0.7.0 -> 0.8.0 2019-11-01 13:38:55 +08:00
Mario Rodas b861611b73 procs: 0.8.11 -> 0.8.13 2019-10-30 21:14:43 -07:00
Mario Rodas 6ceb1924ff
Merge pull request #72307 from jlesquembre/pulumi
pulumi: 1.3.4 -> 1.4.0
2019-10-30 19:17:03 -05:00
Simonas Kazlauskas 38462b0956 berglas: 0.2.0 → 0.2.1 2019-10-30 21:52:06 +02:00
José Luis Lafuente 9c68a03cdc
pulumi: 1.3.4 -> 1.4.0 2019-10-30 17:11:49 +01:00