nixpkgs

mirror of https://github.com/NixOS/nixpkgs.git synced 2025-01-21 12:23:55 +00:00

Author	SHA1	Message	Date
Maximilian Bosch	0a10c17c8d	hedgedoc: 1.8.2 -> 1.9.0, fixes CVE-2021-39175 ChangeLog: https://github.com/hedgedoc/hedgedoc/releases/tag/1.9.0 As documented in the Nix expression, I unfortunately had to patch `yarn.lock` manually (the `yarn.nix` result isn't affected by this). By adding a `git+https`-prefix to `midi "https://github.com/paulrosen/MIDI.js.git#abcjs"` in the lock-file I ensured that `yarn` actually uses the `MIDI.js` from the offline-cache from `yarn2nix` rather than trying to download a tarball from GitHub. Also, this release contains a fix for CVE-2021-39175 which doesn't seem to be backported to 1.8. To quote NVD[1]: > In versions prior to 1.9.0, an unauthenticated attacker can inject > arbitrary JavaScript into the speaker-notes of the slide-mode feature > by embedding an iframe hosting the malicious code into the slides or by > embedding the HedgeDoc instance into another page. Even though it "only" has a medium rating by NVD (6.1), this seems rather problematic to me (also, GitHub rates this as "High"), so it's actually a candidate for a backport. [1] https://nvd.nist.gov/vuln/detail/CVE-2021-39175	2021-09-19 00:18:18 +02:00
Thomas Tuegel	0ef24f212a	Merge pull request #138029 from oxalica/fix/xf86input-pc xorg.xf86*: fix include dir	2021-09-17 12:10:44 -05:00
Sandro	d4f282e393	Merge pull request #137743 from r-ryantm/auto-update/samba	2021-09-17 11:51:57 +02:00
figsoda	3afdd0c724	Merge pull request #134543 from r-ryantm/auto-update/vsftpd vsftpd: 3.0.3 -> 3.0.5	2021-09-16 22:03:25 -04:00
figsoda	2386f5ae95	Merge pull request #138023 from r-ryantm/auto-update/livepeer livepeer: 0.5.15 -> 0.5.20	2021-09-16 19:23:01 -04:00
Robert Scott	c1dac4490e	Merge pull request #138061 from Stunkymonkey/switch-fetchFromGitLab quantum-espresso,postgresql11Packages.pg_ed25519: switch to fetchFromGitlab	2021-09-16 23:53:23 +01:00
Sandro	6fe9bb1ba3	Merge pull request #137842 from r-ryantm/auto-update/libreddit	2021-09-16 22:57:17 +02:00
Sandro	417c87d0f8	Merge pull request #138138 from aanderse/tomcat-native	2021-09-16 21:04:13 +02:00
Sandro	b90798f5b6	Merge pull request #138136 from aanderse/apacheHttpd	2021-09-16 20:30:29 +02:00
Sandro	62c7b14f0c	Merge pull request #138139 from aanderse/tomcat-updates	2021-09-16 20:29:37 +02:00
Sandro	c8d8f2b563	Merge pull request #138144 from aanderse/zabbix	2021-09-16 20:24:49 +02:00
Sandro	088f2accbc	Merge pull request #138154 from Ma27/bump-grafana	2021-09-16 20:13:22 +02:00
Bill Ewanick	ad79645eff	lemmy-server: 0.11.3 -> 0.12.2	2021-09-16 10:26:10 -07:00
Bill Ewanick	62f24d0c57	lemmy-ui: init at 0.12.2	2021-09-16 10:26:10 -07:00
Bill Ewanick	00b7ced782	lemmy: move to server.nix	2021-09-16 10:26:10 -07:00
Maximilian Bosch	72a064fb98	grafana: 8.1.3 -> 8.1.4 ChangeLog: https://github.com/grafana/grafana/releases/tag/v8.1.4	2021-09-16 17:01:51 +02:00
Aaron Andersen	94683a072a	zabbix50: 5.0.12 -> 5.0.15	2021-09-16 09:35:38 -04:00
Aaron Andersen	68e2c5e22d	zabbix40: 4.0.31 -> 4.0.33	2021-09-16 09:26:24 -04:00
Aaron Andersen	2b6f96fc1a	tomcat10: 10.0.6 -> 10.0.11	2021-09-16 09:22:55 -04:00
Aaron Andersen	dfa5b4643b	tomcat9: 9.0.46 -> 9.0.53	2021-09-16 09:21:50 -04:00
Aaron Andersen	1ddc9bd87b	tomcat-native: 1.2.30 -> 1.2.31	2021-09-16 09:17:53 -04:00
Aaron Andersen	0518560cf1	apacheHttpd: 2.4.48 -> 2.4.49	2021-09-16 09:12:44 -04:00
Bobby Rong	41be3077b9	Merge pull request #137820 from sumnerevans/heisenbridge-1.1.0 heisenbridge: 1.0.1 -> 1.1.0	2021-09-16 20:19:43 +08:00
R. RyanTM	fea9321b05	grafana-agent: 0.18.2 -> 0.18.4	2021-09-16 10:06:19 +00:00
Martin Weinelt	5de4afa614	home-assistant: 2021.8.8 -> 2021.9.6	2021-09-16 04:22:32 +02:00
Felix Buehler	af8ebcb776	postgresql11Packages.pg_ed25519: switch to fetchFromGitLab	2021-09-15 23:14:26 +02:00
oxalica	6076184227	xorg.xf86*: fix include dir `installFlags` do not work since .pc files are generated during configure phase. We need to override them with configure flags.	2021-09-16 00:42:24 +08:00
R. RyanTM	cb7056c900	livepeer: 0.5.15 -> 0.5.20	2021-09-15 15:53:47 +00:00
Doron Behar	037987ce63	Merge pull request #137913 from r-ryantm/auto-update/rtsp-simple-server rtsp-simple-server: 0.17.2 -> 0.17.3	2021-09-15 10:45:20 +03:00
Bobby Rong	238d2f84ae	Merge pull request #136966 from plumelo/updates/atlassian-jira-8.19 atlassian-jira: 8.16.1 -> 8.19	2021-09-15 15:22:24 +08:00
github-actions[bot]	5663f4625d	Merge master into staging-next	2021-09-15 06:01:20 +00:00
Bobby Rong	24749c0013	Merge pull request #137855 from r-ryantm/auto-update/nats-server nats-server: 2.4.0 -> 2.5.0	2021-09-15 09:59:28 +08:00
R. RyanTM	6875f62e49	teleport: 7.0.3 -> 7.1.0	2021-09-14 20:22:34 -04:00
R. RyanTM	d37f5847d3	rtsp-simple-server: 0.17.2 -> 0.17.3	2021-09-14 22:01:29 +00:00
github-actions[bot]	91c89490cc	Merge master into staging-next	2021-09-14 18:01:05 +00:00
R. RyanTM	7bea76e0d2	nats-server: 2.4.0 -> 2.5.0	2021-09-14 17:20:49 +00:00
Ryan Mulligan	2a58c796aa	Merge pull request #137559 from r-ryantm/auto-update/jicofo jicofo: 1.0-756 -> 1.0-798	2021-09-14 08:48:58 -07:00
Ryan Mulligan	65954160d9	Merge pull request #137563 from r-ryantm/auto-update/jitsi-meet jitsi-meet: 1.0.5056 -> 1.0.5307	2021-09-14 08:48:39 -07:00
Ryan Mulligan	2faf821b80	Merge pull request #137568 from r-ryantm/auto-update/jitsi-videobridge jitsi-videobridge: 2.1-508-gb24f756c -> 2.1-551-g2ad6eb0b	2021-09-14 08:48:22 -07:00
R. RyanTM	7f0832382c	libreddit: 0.14.14 -> 0.15.1	2021-09-14 15:35:47 +00:00
Artturi	2d3fd7e4a2	Merge pull request #137728 from r-ryantm/auto-update/smcroute	2021-09-14 17:11:05 +03:00
Artturi	e7ea0371e8	Merge pull request #137723 from r-ryantm/auto-update/bazarr bazarr: 0.9.8 -> 0.9.9	2021-09-14 17:09:54 +03:00
Artturi	97f4cede36	Merge pull request #137721 from r-ryantm/auto-update/Tautulli	2021-09-14 17:09:10 +03:00
Artturi	6f7f5006cd	Merge pull request #137805 from r-ryantm/auto-update/imgproxy imgproxy: 2.16.7 -> 2.17.0	2021-09-14 16:46:18 +03:00
Artturi	3d91c57c98	Merge pull request #137775 from r-ryantm/auto-update/rspamd rspamd: 2.7 -> 3.0	2021-09-14 16:38:56 +03:00
Sumner Evans	27f6bd4643	heisenbridge: 1.0.1 -> 1.1.0 https://github.com/hifi/heisenbridge/releases/tag/v1.1.0	2021-09-14 08:52:26 -04:00
Sandro	a226bd8616	Merge pull request #137788 from r-ryantm/auto-update/gobgpd	2021-09-14 14:15:58 +02:00
github-actions[bot]	6f038e8b11	Merge master into staging-next	2021-09-14 12:01:03 +00:00
R. RyanTM	93af22c6c4	imgproxy: 2.16.7 -> 2.17.0	2021-09-14 11:54:33 +00:00
R. RyanTM	fbbf173376	gobgpd: 2.30.0 -> 2.31.0	2021-09-14 09:40:28 +00:00

1 2 3 4 5 ...

16080 Commits