Commit Graph

100565 Commits

Author SHA1 Message Date
Graham Christensen
19f23d00fd
ntfs3g: patch for CVE-2017-0358
From the Debian advisory:

Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write
NTFS driver for FUSE, does not scrub the environment before executing
modprobe with elevated privileges. A local user can take advantage of
this flaw for local root privilege escalation.
2017-02-08 22:12:10 -05:00
John Ericson
e74ec9d84f Merge pull request #22575 from Ericson2314/localSystem
top-level: Allow nixpkgs to take localSystem directly
2017-02-08 22:10:49 -05:00
John Ericson
8cd4c31d6b top-level: Allow nixpkgs to take localSystem directly
This is instead of both system and platform, which is kind of ugly.
2017-02-08 22:06:57 -05:00
Graham Christensen
77e920d874
spice: Patch for CVE-2016-9577, CVE-2016-9578
From the Red Hat advisory:

* A vulnerability was discovered in spice in the server's protocol
  handling. An authenticated attacker could send crafted messages to
  the spice server causing a heap overflow leading to a crash or
  possible code execution. (CVE-2016-9577)

* A vulnerability was discovered in spice in the server's protocol
  handling. An attacker able to connect to the spice server could send
  crafted messages which would cause the process to crash.
  (CVE-2016-9578)
2017-02-08 22:03:11 -05:00
Graham Christensen
379144f54b
salt: 2016.3.3 -> 2016.11.2 for multiple CVEs
From the Arch Linux advisory:

- CVE-2017-5192 (arbitrary code execution): The
  `LocalClient.cmd_batch()` method client does not accept
  `external_auth` credentials and so access to it from salt-api has
  been removed for now. This vulnerability allows code execution for
  already- authenticated users and is only in effect when running
  salt-api as the `root` user.

- CVE-2017-5200 (arbitrary command execution): Salt-api allows
  arbitrary command execution on a salt-master via Salt's ssh_client.
  Users of Salt-API and salt-ssh could execute a command on the salt
  master via a hole when both systems were enabled.
2017-02-08 21:24:10 -05:00
Graham Christensen
e01278b2de Merge pull request #22573 from nlewo/master
rabbitmq: 3.5.8 -> 3.6.6
2017-02-08 20:00:59 -05:00
Tuomas Tynkkynen
05605b41d8 autofs: Some cleanup
The --with-openldap and --with-sasl flags passed here are actually wrong
as they don't point to the dev outputs of the packages. Anyway, autoconf
recognizes the packages as they are in buildInputs.

getBin is generally not needed - binaries can always be referred as
${foo}/bin/bar regardless of whether the package is multiple-output.

meta.version is unnecessary.
2017-02-09 02:50:48 +02:00
Dan Peebles
3e7dffd2b3 pythonPackages.twitter-common-*: add meta
I'd like to share the common meta fields across all of them but it didn't
seem worth it.
2017-02-08 18:24:59 -05:00
Antoine Eiche
b2e7b4b0d7 rabbitmq: 3.5.8 -> 3.6.6
Fix CVE-2015-8786.
2017-02-09 00:12:49 +01:00
Franz Pletz
4494b18fe4
electricsheep: 2.7b33-598d93d90 -> 2.7b33-2017-02-04
Also some cleanups like removed unused buildInputs.
2017-02-08 23:51:02 +01:00
Franz Pletz
6d0806d061
pythonPackages.searx: 0.10.0 -> 0.11.0 2017-02-08 23:51:02 +01:00
Franz Pletz
2ae5b82cb7
pythonPackages.pysocks: 1.5.7 -> 1.6.6 2017-02-08 23:51:01 +01:00
Franz Pletz
603ca4be35
pythonPackages.lxml: 3.7.0 -> 3.7.2 2017-02-08 23:51:01 +01:00
Franz Pletz
de82ce901e
pythonPackages.flask: 0.11.1 -> 0.12 2017-02-08 23:51:00 +01:00
Franz Pletz
4bb27d8622
pythonPackages.ndg-httpsclient: 0.4.0 -> 0.4.2 2017-02-08 23:51:00 +01:00
Franz Pletz
7bb81a5a7b
pythonPackages.certifi: 2016.2.28 -> 2017.1.23 2017-02-08 23:51:00 +01:00
Franz Pletz
65a1762a9b
nginx module: make acme group overrideable easily 2017-02-08 23:50:59 +01:00
Franz Pletz
dced724c00
linux_3_18: remove due to EOL 2017-02-08 23:50:59 +01:00
Dan Peebles
554bfea26f pythonPackages.pex: add meta 2017-02-08 15:22:05 -05:00
Dan Peebles
e012e12402 pythonPackages.pathspec: add meta 2017-02-08 15:10:49 -05:00
Dan Peebles
825ef235ba pythonPackages.pants: fix typo in license 2017-02-08 14:46:05 -05:00
Dan Peebles
84542bb6f4 pythonPackages.pants: add meta 2017-02-08 14:43:12 -05:00
Dan Peebles
4fef9bf857 pythonPackages.ansicolors: add meta 2017-02-08 14:05:13 -05:00
Nikolay Amiantov
5ff9a2a2cb kbd service: don't restart systemd-vconsole-setup
Fixes #22470. Also remove non-relevant comment (we don't deviate from upstream
systemd unit anymore).
2017-02-08 21:50:33 +03:00
Nikolay Amiantov
6f7811143d systemd service: don't install systemd-hwdb-update 2017-02-08 21:42:07 +03:00
Nikolay Amiantov
504774e223 release notes: mention JRE changes and jre_headless 2017-02-08 21:36:22 +03:00
Nikolay Amiantov
1900f22760 jre_headless: add alias 2017-02-08 21:35:58 +03:00
Rok Garbas
17f14c893b Merge pull request #22528 from garbas/fix-networkmanager-openvpn
updating networkmanager and friends
2017-02-08 17:44:23 +01:00
Andrew Cann
3082647e74 trezord: init at 1.2.0 (#22054) 2017-02-08 17:18:22 +01:00
Graham Christensen
ae02508c2a Merge pull request #22555 from peterhoeg/u/wavpack
wavpack: 4.80.0 -> 5.1.0
2017-02-08 10:02:03 -05:00
Moritz Ulrich
827009adb2
digikam5: 5.3.0 -> 5.4.0 2017-02-08 15:41:33 +01:00
Moritz Ulrich
403eb76cc1
rawtherapee: 5.0 -> 5.0-r1 2017-02-08 15:41:32 +01:00
Peter Hoeg
5eaec77732 wavpack: 4.80.0 -> 5.1.0 2017-02-08 22:41:24 +08:00
Nikolay Amiantov
45368ed49d haskellPackages.typed-process: disable tests
Networking is required for them.
2017-02-08 17:39:55 +03:00
Graham Christensen
7db1f727f3
moodle: Remove due to continued security issues. 2017-02-08 09:10:45 -05:00
Graham Christensen
afd59811a1
gstreamer-*: 1.10.2 -> 1.10.3 for multiple CVEs
gst-plugins-bad:
From the Arch Linux advisory:
 - CVE-2017-5843 (arbitrary code execution): A double-free issue has
 been found in gstreamer before 1.10.3, in
 gst_mxf_demux_update_essence_tracks.

- CVE-2017-5848 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in gst_ps_demux_parse_psm.
More: https://lwn.net/Vulnerabilities/713772/

gst-plugins-base:
From the Arch Linux advisory:

- CVE-2017-5837 (denial of service): A floating point exception issue
  has been found in gstreamer before 1.10.3, in
  gst_riff_create_audio_caps.

- CVE-2017-5839 (denial of service): An endless recursion issue
  leading to stack overflow has been found in gstreamer before 1.10.3,
  in gst_riff_create_audio_caps.

- CVE-2017-5842 (arbitrary code execution): An off-by-one write has
  been found in gstreamer before 1.10.3, in
  html_context_handle_element.

- CVE-2017-5844 (denial of service): A floating point exception issue
  has been found in gstreamer before 1.10.3, in
  gst_riff_create_audio_caps.
More: https://lwn.net/Vulnerabilities/713773/

gst-plugins-good:
From the Arch Linux advisory:

- CVE-2016-10198 (denial of service): An invalid memory read flaw has
  been found in gstreamer before 1.10.3, in
  gst_aac_parse_sink_setcaps.

- CVE-2016-10199 (denial of service): An out of bounds read has been
  found in gstreamer before 1.10.3, in qtdemux_tag_add_str_full.

- CVE-2017-5840 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in qtdemux_parse_samples.

- CVE-2017-5841 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.

- CVE-2017-5845 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.
More: https://lwn.net/Vulnerabilities/713774/

gst-plugins-ugly:
From the Arch Linux advisory:

- CVE-2017-5846 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in
  gst_asf_demux_process_ext_stream_props.

- CVE-2017-5847 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in
  gst_asf_demux_process_ext_content_desc.
More: https://lwn.net/Vulnerabilities/713775/

gstreamer:
From the Arch Linux advisory:

An out of bounds read has been found in gstreamer before 1.10.3, in
gst_date_time_new_from_iso8601_string.
More: https://lwn.net/Vulnerabilities/713776/
2017-02-08 08:30:23 -05:00
Antoine Eiche
9d30099b7f nixos/systemd: set r-x group permissions on /var/log/journal
This allows services such as systemd-journal-gateway to access the
systemd journal.

Closes #22288
2017-02-08 16:06:14 +03:00
Peter Simons
d2465227d5 Merge pull request #22506 from rycee/bump/bash-completion
bash-completion: 2.4 -> 2.5
2017-02-08 12:36:08 +01:00
Peter Simons
01fef3f7db taskwarrior: improve meta.description (taskwarrior has nothing to do with GTD) 2017-02-08 11:45:50 +01:00
Peter Simons
187e5d3d74 taskwarrior: patch bug in bash-completion file
The patch was submitted upstream, too.
2017-02-08 11:45:50 +01:00
Pascal Wittmann
3bd6c44b5f Merge pull request #22541 from vrthra/libsixel-1.7.3
libsixel: 1.6.1 -> 1.7.3
2017-02-08 10:21:46 +01:00
Pascal Wittmann
39f2bf0976 Merge pull request #22468 from taktoa/souper
souper: init at 2017-01-05
2017-02-08 09:20:43 +01:00
Domen Kožar
01ca916411
haskell: distribute servant-{elm,docs,auth,auth-server} and logging-effect 2017-02-08 06:11:04 +01:00
Benjamin Staffin
9dc2cb2e84 Merge pull request #22476 from benley/redshift-kde
redshift-plasma-applet: init at 1.0.17
2017-02-07 20:21:56 -05:00
Rahul Gopinath
bac5a018a0 libsixel: 1.6.1 -> 1.7.3 2017-02-07 17:11:13 -08:00
Graham Christensen
0f948f5cdd Merge pull request #22538 from taku0/thunderbird-bin-45.7.1
thunderbird, thunderbird-bin: 45.7.0 -> 45.7.1
2017-02-07 19:49:07 -05:00
taku0
764b1d19f9 thunderbird-bin: 45.7.0 -> 45.7.1 2017-02-08 09:35:07 +09:00
Joachim Fasting
bd46a375df
grsecurity: 4.9.8-201702060653 -> 201702071801 2017-02-08 01:31:18 +01:00
Franz Pletz
1328b9faf0 Merge pull request #22522 from volhovM/update/scudcloud-1.40
scudcloud: 1.38 -> 1.40
2017-02-08 01:06:00 +01:00
Joachim F
98a6cc0d1c Merge pull request #22530 from romildo/upd.jwm
jwm: 1575 -> 1580
2017-02-07 22:39:56 +01:00