Commit Graph

9270 Commits

Author SHA1 Message Date
David J. Weller-Fahy
0b4245c392 empty: init at 0.6.21b
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2021-04-04 22:27:40 -04:00
Sandro Jäckel
76a0a717a9 uutils-coreutils: 0.0.4 -> 0.0.6 2021-04-05 04:25:39 +02:00
Sandro
7c932296e0
Merge pull request #116335 from SuperSandro2000/move-aliases.nix 2021-04-05 04:07:15 +02:00
Sandro
b41bccfb26
Merge pull request #118361 from IvarWithoutBones/bump/discordctl
betterdiscordctl: 1.7.0 -> 1.7.1
2021-04-05 02:49:30 +02:00
github-actions[bot]
0269017eb4
Merge staging-next into staging 2021-04-05 00:16:41 +00:00
github-actions[bot]
44e3fc61fe
Merge master into staging-next 2021-04-05 00:16:38 +00:00
Robert Scott
131299a60f
Merge pull request #118493 from r-ryantm/auto-update/fselect
fselect: 0.7.3 -> 0.7.4
2021-04-05 00:44:13 +01:00
R. RyanTM
ca120f6144 fselect: 0.7.3 -> 0.7.4 2021-04-04 19:26:42 +00:00
Sandro Jäckel
3453b89f4b
lzma: deprecate alias 2021-04-04 19:49:52 +02:00
R. RyanTM
0ae5e0e784 chezmoi: 2.0.7 -> 2.0.8 2021-04-04 17:13:08 +00:00
Thomas Gerbet
7187949817 hdf5: make possible to use the v1.10 API 2021-04-04 13:27:51 +02:00
Frederik Rietdijk
1e7ed8b2f3
Merge branch 'staging' into python-unstable 2021-04-04 12:59:12 +02:00
github-actions[bot]
dc6a8abb69
Merge master into staging-next 2021-04-04 06:05:25 +00:00
Sandro Jäckel
33a395f195
yacc: deprecate alias
and add a new line after the alphabetically sorting to please my inner monk
2021-04-04 03:18:58 +02:00
github-actions[bot]
3bf92ca4db
Merge master into staging-next 2021-04-03 18:18:51 +00:00
fortuneteller2k
e4c1ca9b7c exa: unstable-2021-01-14 -> 0.10.0 2021-04-04 01:37:11 +08:00
Sandro
70833ffb71
Merge pull request #118385 from dotlambda/clickclack-init
clickclack: init at 0.1.1
2021-04-03 18:12:57 +02:00
Frederik Rietdijk
94fa194b9f
Merge pull request #117593 from FRidh/python2alias
Python: be explicit on whether it is python2 or python3 that is used
2021-04-03 18:01:09 +02:00
Fabian Affolter
83fdc0c454
Merge pull request #118200 from r-ryantm/auto-update/chezmoi
chezmoi: 2.0.5 -> 2.0.7
2021-04-03 17:51:08 +02:00
Frederik Rietdijk
1e89d4cccd pythonPackages: move python 2 only expressions to python2-packages.nix 2021-04-03 17:49:45 +02:00
Frederik Rietdijk
5bba64adac i3minator: use python3 2021-04-03 17:06:09 +02:00
IvarWithoutBones
a1579f7076 betterdiscordctl: 1.7.0 -> 1.7.1 2021-04-03 15:47:57 +02:00
github-actions[bot]
bc845e51f0
Merge master into staging-next 2021-04-03 12:06:14 +00:00
WSchnee
dcbcfae56e
ytfzf: 1.1.1 -> 1.1.2 (#118393)
Co-authored-by: Robert Schütz <rschuetz17@gmail.com>
2021-04-03 13:59:27 +02:00
Robert Schütz
3bbb11e0e5 clickclack: init at 0.1.1 2021-04-03 11:04:51 +02:00
Gabriel Ebner
990196a381
Merge pull request #118362 from gebner/ddcutil-warning
ddcutil: use nixos paths for kernel modules
2021-04-03 08:10:49 +02:00
github-actions[bot]
74200a7126
Merge master into staging-next 2021-04-03 00:14:57 +00:00
Nicolas Martin
d80e1d2473
duf: 0.6.0 -> 0.6.2 2021-04-03 01:18:16 +02:00
Robert Schütz
01e7797579 qmk: init at 0.0.45 2021-04-02 23:08:24 +02:00
Gabriel Ebner
fcea555222 ddcutil: use nixos paths for kernel modules 2021-04-02 22:52:36 +02:00
github-actions[bot]
b3a0328b7f
Merge master into staging-next 2021-04-02 18:14:54 +00:00
Sandro
383c8f9090
Merge pull request #118286 from xdHampus/quich 2021-04-02 19:13:11 +02:00
xdHampus
0d5bb58c52 quich: init at 3.1.0 2021-04-02 15:58:52 +00:00
Sandro
63c72acab0
Merge pull request #118247 from happysalada/vector_update 2021-04-02 17:30:26 +02:00
github-actions[bot]
636e58e31b
Merge staging-next into staging 2021-04-02 00:21:46 +00:00
happysalada
e765f20ffb vector: update 12.1 -> 12.2 2021-04-02 07:57:19 +09:00
happysalada
1c32aa3516 vector: formatted with nixpkgs-fmt 2021-04-02 07:55:53 +09:00
Maximilian Bosch
adc0ad268c
diffoscope: 166 -> 171
ChangeLog:
* https://diffoscope.org/news/diffoscope-171-released/
* https://diffoscope.org/news/diffoscope-170-released/
* https://diffoscope.org/news/diffoscope-169-released/
* https://diffoscope.org/news/diffoscope-168-released/
* https://diffoscope.org/news/diffoscope-167-released/
2021-04-01 22:35:31 +02:00
github-actions[bot]
78b864aeee
Merge staging-next into staging 2021-04-01 18:15:42 +00:00
Daniel Nagy
88b18be56d
fzf: add changelog 2021-04-01 17:59:49 +02:00
github-actions[bot]
85e9b4acf4
Merge staging-next into staging 2021-04-01 12:06:32 +00:00
Sandro
a0fb7cbc4c
Merge pull request #118235 from r-ryantm/auto-update/nix-direnv
nix-direnv: 1.2.3 -> 1.2.4
2021-04-01 17:28:59 +02:00
Ryan Mulligan
b4919ea6cf
Merge pull request #118216 from r-ryantm/auto-update/goreleaser
goreleaser: 0.161.1 -> 0.162.0
2021-04-01 06:33:24 -07:00
R. RyanTM
fde16c9112 nix-direnv: 1.2.3 -> 1.2.4 2021-04-01 11:51:02 +00:00
R. RyanTM
a3d5c88915 goreleaser: 0.161.1 -> 0.162.0 2021-04-01 09:03:34 +00:00
zowoq
eb0980855d youtube-dl: 2021.03.31 -> 2021.04.01
https://github.com/ytdl-org/youtube-dl/releases/tag/2021.04.01
2021-04-01 16:19:44 +10:00
R. RyanTM
0ef6a0ac06 chezmoi: 2.0.5 -> 2.0.7 2021-04-01 06:19:30 +00:00
github-actions[bot]
ebc5b12a40
Merge staging-next into staging 2021-04-01 06:05:50 +00:00
Ryan Mulligan
d0986f8943
Merge pull request #118102 from r-ryantm/auto-update/tmux-xpanes
tmux-xpanes: 4.1.2 -> 4.1.3
2021-03-31 20:25:59 -07:00
github-actions[bot]
b152812791
Merge staging-next into staging 2021-04-01 00:15:44 +00:00
Pascal Bach
6ccc27d216
Merge pull request #117654 from r-ryantm/auto-update/plantuml
plantuml: 1.2021.2 -> 1.2021.3
2021-03-31 22:15:26 +02:00
volth
7d252394cc
rrdtool: add passthru.perlModule
... so it can be used in `perl.withPackages`

A bit tricky though, because rrdtool is not in `perlPackages`
```nix
perl.withPackages(p: [ (rrdtool.override{ inherit (p) perl; }) ])
```
2021-03-31 21:35:38 +02:00
rnhmjoj
61b7cab481
treewide: use perl.withPackages when possible
Since 03eaa48 added perl.withPackages, there is a canonical way to
create a perl interpreter from a list of libraries, for use in script
shebangs or generic build inputs. This method is declarative (what we
are doing is clear), produces short shebangs[1] and needs not to wrap
existing scripts.

Unfortunately there are a few exceptions that I've found:

  1. Scripts that are calling perl with the -T switch. This makes perl
  ignore PERL5LIB, which is what perl.withPackages is using to inform
  the interpreter of the library paths.

  2. Perl packages that depends on libraries in their own path. This
  is not possible because perl.withPackages works at build time. The
  workaround is to add `-I $out/${perl.libPrefix}` to the shebang.

In all other cases I propose to switch to perl.withPackages.

[1]: https://lwn.net/Articles/779997/
2021-03-31 21:35:37 +02:00
github-actions[bot]
4da7569841
Merge staging-next into staging 2021-03-31 12:06:29 +00:00
Frederik Rietdijk
9b9e9cff00
Merge pull request #117015 from NixOS/staging-next
Staging next
2021-03-31 12:42:19 +02:00
Fabian Affolter
6cd0a4baf0
Merge pull request #118035 from r-ryantm/auto-update/chezmoi
chezmoi: 2.0.4 -> 2.0.5
2021-03-31 09:14:51 +02:00
github-actions[bot]
cb1554f24c
Merge staging-next into staging 2021-03-31 00:12:32 +00:00
github-actions[bot]
4ba71fb819
Merge master into staging-next 2021-03-31 00:12:29 +00:00
zowoq
124564d5d2 youtube-dl: 2021.03.25 -> 2021.03.31
https://github.com/ytdl-org/youtube-dl/releases/tag/2021.03.31
2021-03-31 06:32:00 +10:00
R. RyanTM
5e003946be tmux-xpanes: 4.1.2 -> 4.1.3 2021-03-30 19:19:46 +00:00
github-actions[bot]
01b3d1558f
Merge staging-next into staging 2021-03-30 18:15:09 +00:00
github-actions[bot]
f555f95ed8
Merge master into staging-next 2021-03-30 18:15:05 +00:00
Sandro
7d0dad76ef
Merge pull request #116936 from hercules-ci/logstash-jdk 2021-03-30 17:22:21 +02:00
Sandro
c58c862bf7
Merge pull request #118060 from r-ryantm/auto-update/grex
grex: 1.1.0 -> 1.2.0
2021-03-30 16:05:26 +02:00
R. RyanTM
78ff084075 grex: 1.1.0 -> 1.2.0 2021-03-30 12:46:10 +00:00
github-actions[bot]
d466353dd5
Merge staging-next into staging 2021-03-30 12:06:28 +00:00
github-actions[bot]
c9e9ff786b
Merge master into staging-next 2021-03-30 12:06:24 +00:00
R. RyanTM
b3a564176a chezmoi: 2.0.4 -> 2.0.5 2021-03-30 09:43:32 +00:00
Sandro
96f66a5159
Merge pull request #117980 from superherointj/package-tfk8s-v0.1.3
tfk8s: 0.1.2 -> 0.1.3
2021-03-30 10:45:37 +02:00
Sandro
5af7428666
Merge pull request #117958 from ivan/tmux-parallel-building
tmux: enable parallel building
2021-03-30 09:45:26 +02:00
github-actions[bot]
2d211c7a3a
Merge staging-next into staging 2021-03-30 06:05:44 +00:00
github-actions[bot]
ce7cdafed9
Merge master into staging-next 2021-03-30 06:05:42 +00:00
R. RyanTM
63dc77958d parallel: 20210222 -> 20210322 2021-03-29 23:00:59 -04:00
José Romildo Malaquias
5f4a67abb1
Merge pull request #117572 from r-ryantm/auto-update/jdupes
jdupes: 1.19.1 -> 1.19.2
2021-03-29 23:41:35 -03:00
superherointj
66e40900d3 tfk8s: 0.1.2 -> 0.1.3 2021-03-29 18:05:29 -03:00
Ivan Kozik
6d4741efbe tmux: enable parallel building 2021-03-29 17:57:39 +00:00
github-actions[bot]
884cf463fd
Merge staging-next into staging 2021-03-29 12:06:29 +00:00
github-actions[bot]
b1788736fd
Merge master into staging-next 2021-03-29 12:06:25 +00:00
Sandro
adc045cd08
Merge pull request #117915 from zhaofengli/dptrp1-setuptools 2021-03-29 14:06:16 +02:00
Zhaofeng Li
a866a76d42 dpt-rp1-py: Add setuptools to propagatedBuildInputs 2021-03-29 00:59:14 -07:00
zowoq
c4fbc272a7 miniserve: 0.12.1 -> 0.13.0
https://github.com/svenstaro/miniserve/releases/tag/v0.13.0
2021-03-29 17:25:54 +10:00
github-actions[bot]
f311dede4c
Merge staging-next into staging 2021-03-29 00:15:53 +00:00
github-actions[bot]
d495e7527f
Merge master into staging-next 2021-03-29 00:15:48 +00:00
Anderson Torres
b9753491a3
Merge pull request #117912 from AndersonTorres/new-urjtag
urjtag: 2019.12 -> 2021.03
2021-03-28 19:56:47 -03:00
Maximilian Bosch
c2836eb953
Merge pull request #117809 from mayflower/graylog-4
graylog: improve JRE handling
2021-03-28 23:47:26 +02:00
AndersonTorres
950085c3dd urjtag: 2019.12 -> 2021.03 2021-03-28 18:46:30 -03:00
Robert Helgesson
f0c01da492
svtplay-dl: 3.0 -> 3.3
PR #117907
2021-03-28 22:27:21 +02:00
Robert Scott
152c3eed2e
Merge pull request #117777 from r-ryantm/auto-update/goreleaser
goreleaser: 0.160.0 -> 0.161.1
2021-03-28 21:03:26 +01:00
Linus Heckemann
22de3c19e7 graylog: improve JRE handling
Since the upstream graylogctl script will prefer finding its java
executable based on JAVA_HOME, we now set this instead of PATH in
order to allow it to find the JRE. By setting it conditionally on it
not already being set, we allow selecting a different JRE at runtime.

We also explicitly use openjdk11, which supports the
UseConcMarkSweepGC option which graylog insists on using.
2021-03-28 14:37:28 +02:00
github-actions[bot]
2ed7687b19
Merge staging-next into staging 2021-03-28 00:15:43 +00:00
github-actions[bot]
732dc6ef8f
Merge master into staging-next 2021-03-28 00:15:41 +00:00
Fabian Affolter
f6d072dcde
Merge pull request #117762 from r-ryantm/auto-update/chezmoi
chezmoi: 2.0.3 -> 2.0.4
2021-03-28 01:08:08 +01:00
R. RyanTM
cb231de72b miniserve: 0.12.0 -> 0.12.1 2021-03-28 05:58:12 +10:00
github-actions[bot]
bef3b9438a
Merge staging-next into staging 2021-03-27 18:14:11 +00:00
github-actions[bot]
95c24d591a
Merge master into staging-next 2021-03-27 18:14:08 +00:00
R. RyanTM
f12df7e100 lazydocker: 0.10 -> 0.12 2021-03-27 15:04:19 +00:00
R. RyanTM
b858559f86 goreleaser: 0.160.0 -> 0.161.1 2021-03-27 11:39:21 +00:00
R. RyanTM
886d435212 chezmoi: 2.0.3 -> 2.0.4 2021-03-27 07:40:09 +00:00
github-actions[bot]
33d1f480ac
Merge staging-next into staging 2021-03-26 18:13:57 +00:00
github-actions[bot]
70fb533d57
Merge master into staging-next 2021-03-26 18:13:54 +00:00
Sandro
8880a6732e
Merge pull request #117659 from siraben/uwuify-init 2021-03-26 17:34:34 +01:00
adisbladis
ee1d429e82
paperlike-go: unstable-2021-03-22 -> unstable-2021-03-26
This adds light controls.
2021-03-26 16:04:34 +02:00
github-actions[bot]
219312a10b
Merge staging-next into staging 2021-03-26 12:06:44 +00:00
github-actions[bot]
eddd1a74ec
Merge master into staging-next 2021-03-26 12:06:41 +00:00
Ben Siraphob
b287d4d591 uwuify: init at 0.2.1 2021-03-26 19:06:23 +07:00
Michael Raskin
5e49fde96d
Merge pull request #115542 from r-ryantm/auto-update/remind
remind: 03.03.01 -> 03.03.05
2021-03-26 11:09:39 +00:00
Jan Tojnar
b3c854b60b
Merge branch 'staging-next' into staging 2021-03-26 07:53:44 +01:00
R. RyanTM
0dcf7cfa33 plantuml: 1.2021.2 -> 1.2021.3 2021-03-26 04:09:58 +00:00
github-actions[bot]
7c9222212f
Merge master into staging-next 2021-03-25 18:14:01 +00:00
adisbladis
21baaaf8c5
paperlike-go: init at unstable-2021-03-22 2021-03-25 17:42:16 +02:00
Frederik Rietdijk
350f9bd822
Merge pull request #117570 from FRidh/python2alias
Python: be explicit on whether it is python2 or python3 that is used
2021-03-25 13:26:35 +01:00
github-actions[bot]
4dc869e403
Merge master into staging-next 2021-03-25 12:06:22 +00:00
Thomas Gerbet
6696362562 hdf5: 1.10.7 -> 1.12.0
Fixes CVE-2020-10809, CVE-2020-10810, CVE-2020-10811 and CVE-2020-10812.
Changes: https://github.com/HDFGroup/hdf5/blob/hdf5-1_12_0/release_docs/RELEASE.txt
2021-03-25 13:03:33 +01:00
Frederik Rietdijk
bccaae647c disper: stay with python2 2021-03-25 12:19:28 +01:00
R. RyanTM
59906d78bd jdupes: 1.19.1 -> 1.19.2 2021-03-25 10:25:19 +00:00
Sandro
3f9d424f34
Merge pull request #117565 from dotlambda/ytfzf-1.1.1
ytfzf: 1.1.0 -> 1.1.1
2021-03-25 09:42:21 +01:00
Robert Schütz
cbd89b2a5f ytfzf: 1.1.0 -> 1.1.1 2021-03-25 09:16:40 +01:00
github-actions[bot]
eb499aa20e
Merge master into staging-next 2021-03-25 00:17:22 +00:00
zowoq
6aa079e2dd youtube-dl: 2021.03.14 -> 2021.03.25
https://github.com/ytdl-org/youtube-dl/releases/tag/2021.03.25
2021-03-25 07:13:26 +10:00
Sandro
fecbec86e9
Merge pull request #116765 from superherointj/tfk8s-0.1.2
tfk8s: 0.1.0 -> 0.1.2
2021-03-24 20:30:06 +01:00
github-actions[bot]
8e2d0e45c0
Merge master into staging-next 2021-03-24 18:10:39 +00:00
Sandro
b3e20ea813
Merge pull request #117383 from siraben/tz-init
tz: init at 0.4
2021-03-24 18:27:56 +01:00
github-actions[bot]
380cb1e995
Merge master into staging-next 2021-03-24 12:11:57 +00:00
Robert Schütz
a710de5592
github-backup: init at 0.39.0 (#116976) 2021-03-24 13:02:12 +01:00
Maximilian Bosch
dd14ecf90e
Merge pull request #117429 from marsam/update-starship
starship: 0.50.0 -> 0.51.0
2021-03-24 11:53:09 +01:00
ajs124
5886dda306 plowshare: spidermonkey_38 -> spidermonkey_78 2021-03-24 10:39:11 +01:00
github-actions[bot]
ca7fa2ef7b
Merge master into staging-next 2021-03-23 18:20:01 +00:00
R. RyanTM
4552283352 pspg: 4.3.1 -> 4.4.0 2021-03-23 13:48:29 -04:00
Ben Siraphob
f0d4a1ce7d tz: init at 0.4 2021-03-24 00:17:58 +07:00
Ryan Mulligan
2525aa43a0
Merge pull request #116949 from r-ryantm/auto-update/lokalise2-cli
lokalise2-cli: 2.6.3 -> 2.6.4
2021-03-23 07:07:01 -07:00
Robert Hensing
9011d59758 logstash-*-oss: Add passthru.tests 2021-03-23 14:42:40 +01:00
github-actions[bot]
963842fb19
Merge master into staging-next 2021-03-23 12:27:46 +00:00
zseri
a9ec3f7b66 digitemp: init at 3.7.2
This does not include digitemp_DS2490, as that seems to require libusb0.1,
which isn't in nixpkgs.
2021-03-23 18:29:35 +08:00
Emery Hemingway
ee80707159 Trim ehmry from some package maintainers
I prefer not to be associated with anything blockchain related.
2021-03-23 10:24:00 +01:00
R. RyanTM
90a9906637 libcpuid: 0.5.0 -> 0.5.1 2021-03-23 10:11:42 +01:00
github-actions[bot]
39e3812215
Merge master into staging-next 2021-03-23 06:18:02 +00:00
David Birks
ee7a7ffc30 microplane: 0.0.26 -> 0.0.28
Also switching from deps to go mod, since they made the change upstream.
2021-03-23 01:20:14 -04:00
Mario Rodas
245fe8f93d starship: 0.50.0 -> 0.51.0
https://github.com/starship/starship/releases/tag/v0.51.0
2021-03-23 04:20:00 +00:00
Ryan Mulligan
444ca81faf
Merge pull request #117189 from r-ryantm/auto-update/goreleaser
goreleaser: 0.159.0 -> 0.160.0
2021-03-22 21:06:33 -07:00
Graham Christensen
7eda163eac
Merge pull request #115310 from mweinelt/grub2
grub: 2.0.4 -> 2.0.6-rc1
2021-03-22 22:34:14 -04:00
Martin Weinelt
97c52d5782
grub: 2.0.4 -> 2.0.6-rc1
Quoting from
https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html:

*******************************************************************************

CVE-2020-14372 grub2: The acpi command allows privileged user to load crafted
               ACPI tables when Secure Boot is enabled
CWE-184
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

GRUB2 enables the use of the command acpi even when Secure Boot is signaled by
the firmware. An attacker with local root privileges to can drop a small SSDT
in /boot/efi and modify grub.cfg to instruct grub to load said SSDT. The SSDT
then gets run by the kernel and it overwrites the kernel lock down configuration
enabling the attacker to load unsigned kernel modules and kexec unsigned code.

Reported-by: Máté Kukri

*******************************************************************************

CVE-2020-25632 grub2: Use-after-free in rmmod command
CWE-416
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

The rmmod implementation for GRUB2 is flawed, allowing an attacker to unload
a module used as dependency without checking if any other dependent module is
still loaded. This leads to an use-after-free scenario possibly allowing an
attacker to execute arbitrary code and by-pass Secure Boot protections.

Reported-by: Chris Coulson (Canonical)

*******************************************************************************

CVE-2020-25647 grub2: Out-of-bound write in grub_usb_device_initialize()
CWE-787
6.9/CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

grub_usb_device_initialize() is called to handle USB device initialization. It
reads out the descriptors it needs from the USB device and uses that data to
fill in some USB data structures. grub_usb_device_initialize() performs very
little bounds checking and simply assumes the USB device provides sane values.
This behavior can trigger memory corruption. If properly exploited, this would
lead to arbitrary code execution allowing the attacker to by-pass Secure Boot
mechanism.

Reported-by: Joseph Tartaro (IOActive) and Ilja van Sprundel (IOActive)

*******************************************************************************

CVE-2020-27749 grub2: Stack buffer overflow in grub_parser_split_cmdline
CWE-121
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

grub_parser_split_cmdline() expands variable names present in the supplied
command line in to their corresponding variable contents and uses a 1kB stack
buffer for temporary storage without sufficient bounds checking. If the
function is called with a command line that references a variable with a
sufficiently large payload, it is possible to overflow the stack buffer,
corrupt the stack frame and control execution. An attacker may use this to
circumvent Secure Boot protections.

Reported-by: Chris Coulson (Canonical)

*******************************************************************************

CVE-2020-27779 grub2: The cutmem command allows privileged user to remove
               memory regions when Secure Boot is enabled
CWE-285
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

The GRUB2's cutmem command does not honor Secure Boot locking. This allows an
privileged attacker to remove address ranges from memory creating an
opportunity to circumvent Secure Boot protections after proper triage about
grub's memory layout.

Reported-by: Teddy Reed

*******************************************************************************

CVE-2021-3418 - grub2: GRUB 2.05 reintroduced CVE-2020-15705
CWE-281
6.4/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

The GRUB2 upstream reintroduced the CVE-2020-15705. This refers to a distro
specific flaw which made upstream in the mentioned version.

If certificates that signed GRUB2 are installed into db, GRUB2 can be booted
directly. It will then boot any kernel without signature validation. The booted
kernel will think it was booted in Secure Boot mode and will implement lock
down, yet it could have been tampered.

This flaw only affects upstream and distributions using the shim_lock verifier.

Reported-by: Dimitri John Ledkov (Canonical)

*******************************************************************************

CVE-2021-20225 grub2: Heap out-of-bounds write in short form option parser
CWE-787
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

The option parser in GRUB2 allows an attacker to write past the end of
a heap-allocated buffer by calling certain commands with a large number
of specific short forms of options.

Reported-by: Daniel Axtens (IBM)

*******************************************************************************

CVE-2021-20233 grub2: Heap out-of-bound write due to mis-calculation of
               space required for quoting
CWE-787
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

There's a flaw on GRUB2 menu rendering code setparam_prefix() in the menu
rendering code performs a length calculation on the assumption that expressing
a quoted single quote will require 3 characters, while it actually requires
4 characters. This allow an attacker to corrupt memory by one byte for each
quote in the input.

Reported-by: Daniel Axtens (IBM)
2021-03-23 02:48:30 +01:00
Sandro
fd45ac69d3
Merge pull request #117251 from jhillyerd/chezmoi
chezmoi: 1.8.11 -> 2.0.3
2021-03-23 02:41:56 +01:00
github-actions[bot]
11ee0bf5d7
Merge master into staging-next 2021-03-23 00:40:24 +00:00
Michele Guerini Rocco
e0c05e18ae
Merge pull request #117267 from r-ryantm/auto-update/bdf2psf
bdf2psf: 1.201 -> 1.202
2021-03-22 23:40:52 +01:00
Sandro
2bb10a1617
Merge pull request #116776 from sternenseemann/fdtools-fix-gcc-clang
fdtools: set platforms to linux only
2021-03-22 21:39:40 +01:00
R. RyanTM
96b7afb496 bdf2psf: 1.201 -> 1.202 2021-03-22 19:10:36 +00:00
James Hillyerd
b9bb7add79 chezmoi: 1.8.11 -> 2.0.3 2021-03-22 10:02:15 -07:00
github-actions[bot]
feda7be375
Merge master into staging-next 2021-03-22 12:26:55 +00:00
Fabian Affolter
f2b936edf5
Merge pull request #117173 from r-ryantm/auto-update/disfetch
disfetch: 1.20 -> 1.21
2021-03-22 13:13:51 +01:00
Sandro
6f9ac9eb8a
Merge pull request #117184 from siraben/fet-sh-update
fet-sh: 1.8 -> 1.9
2021-03-22 12:23:17 +01:00
Ben Siraphob
9398fc3c27 profile-cleaner: expand platforms to all 2021-03-22 15:56:00 +07:00
Ben Siraphob
4eda69a8ec kargo: expand platforms to all 2021-03-22 15:55:48 +07:00
Ben Siraphob
8e86eec6de pdf-parser: expand platforms to all 2021-03-22 15:55:34 +07:00
Ben Siraphob
55ce4c9b03 rmtrash: use stdenvNoCC 2021-03-22 15:47:11 +07:00
R. RyanTM
c7766c5733 goreleaser: 0.159.0 -> 0.160.0 2021-03-22 08:46:13 +00:00
Ben Siraphob
b773fd7e2a fet-sh: 1.8 -> 1.9 2021-03-22 15:20:59 +07:00
R. RyanTM
c1f24ffe09 disfetch: 1.20 -> 1.21 2021-03-22 06:40:35 +00:00
github-actions[bot]
226884645e
Merge master into staging-next 2021-03-22 00:45:52 +00:00
Sandro
dc67e73544
Merge pull request #116650 from r-ryantm/auto-update/rpi-imager
rpi-imager: 1.5 -> 1.6
2021-03-22 00:57:13 +01:00
Sandro
a36820e437
Merge pull request #116226 from r-ryantm/auto-update/upterm
upterm: 0.5.2 -> 0.6.5
2021-03-22 00:43:40 +01:00
Sandro
64fefe03d5
Merge pull request #116790 from mredaelli/handlr
handlr: init at 0.5.0
2021-03-22 00:24:31 +01:00
Jaakko Luttinen
e8e11874b6
polar: init at unstable-2021-01-12 2021-03-21 14:36:33 +02:00
github-actions[bot]
b0455cafa7
Merge master into staging-next 2021-03-21 06:17:15 +00:00
zowoq
9832a6fa5f miniserve: 0.11.0 -> 0.12.0
https://github.com/svenstaro/miniserve/releases/tag/v0.12.0
2021-03-21 16:06:49 +10:00
Ryan Mulligan
42ad5a6636
Merge pull request #115618 from r-ryantm/auto-update/silicon
silicon: 0.4.0 -> 0.4.1
2021-03-20 19:56:12 -07:00
Ryan Mulligan
770f01c278
Merge pull request #116398 from r-ryantm/auto-update/code-minimap
code-minimap: 0.5.0 -> 0.5.1
2021-03-20 19:41:55 -07:00
Martin Weinelt
ec8267c539
Merge branch 'master' into staging-next 2021-03-21 02:22:36 +01:00
Fabian Affolter
ef5d88f081 past-time: init at 0.2.1 2021-03-21 01:04:23 +01:00
Sandro
530f854ba2
Merge pull request #116986 from fabaff/speedtest-cli
librespeed-cli: init at 1.0.7
2021-03-20 19:57:51 +01:00
github-actions[bot]
933682b533
Merge master into staging-next 2021-03-20 18:19:30 +00:00
Sandro
b9000499b7
Merge pull request #116314 from pacien/hidrd-init
hidrd: init at unstable-2019-06-03
2021-03-20 16:28:07 +01:00
Frederik Rietdijk
72aa2d1f78
Merge pull request #115678 from veprbl/pr/coreutils_tests
coreutils: enable tests for non-standard store path
2021-03-20 09:06:40 +01:00
github-actions[bot]
11187b30ca
Merge staging-next into staging 2021-03-20 06:21:50 +00:00
Sandro
0f53fe275e
Merge pull request #116972 from fabaff/boltbrowser
boltbrowser: init at 2.0
2021-03-20 03:33:47 +01:00
Fabian Affolter
12ebccaf38 librespeed-cli: init at 1.0.7 2021-03-19 23:40:37 +01:00
Fabian Affolter
86c2d1bf05 boltbrowser: init at 2.0 2021-03-19 22:18:41 +01:00
github-actions[bot]
6e3a55e059
Merge staging-next into staging 2021-03-19 18:19:40 +00:00
R. RyanTM
d09c94d212 lokalise2-cli: 2.6.3 -> 2.6.4 2021-03-19 17:40:25 +00:00
Frederik Rietdijk
1ecb97eae9 Merge master into staging-next 2021-03-19 18:17:01 +01:00
sternenseemann
00cecf2731 skawarePackages: 2021-02 release
Includes the following version changes:

- skalibs: 2.10.0.1 -> 2.10.0.2
- execline: 2.7.0.0 -> 2.8.0.0
- s6-networking: 2.4.0.0 -> 2.4.1.0
- s6-linux-init: 1.0.6.0 -> 1.0.6.1
- s6: 2.10.0.0 -> 2.10.0.2

Upstream maintainer notes:

------------------------------------------------------------

Mon, 15 Feb 2021 19:50:14 +0000

Hello,

New versions of some of the skarnet.org packages are available.

skalibs-2.10.0.2: bugfixes
execline-2.8.0.0: major version bump, but few and low-impact changes
s6-2.10.0.2: bugfixes
s6-linux-init-1.0.6.1: bugfixes
s6-networking-2.4.1.0: minor version bump

Some details:

* execline-2.8.0.0
  ----------------

- The if program now propagates its child's exit code by default if it
exits.
- The backtick program's -i behaviour (exit on child failure or
presence of a null character in its output) is now the default. Other
behaviours in case of child failure can be obtained via -I, -x or -D
options; -x is the new one.
- These changes are compatible with all the common uses of if and
backtick, but break compatibility in edge cases, which is why a
major version bump is required. This has nothing in common with the
previous major version bump, which had massive changes all over the
place; this one should go smoothly, and will only impact very specific
uses of backtick.

execline now has man pages, thanks to the untiring flexibeast!
The repository can be found here:

https://github.com/flexibeast/execline-man-pages

Please allow some time for the man pages to be updated to reflect
the current HTML documentation. Currently, the man pages document
execline-2.7.0.1; they are accurate for 2.8.0.0 except for the if and
backtick changes.

* s6-linux-init-1.0.6.1
  ---------------------

- Bugfixes.
- When s6-linux-init is built with utmps, the default utmp user for
s6-linux-init-maker was set to "utmp". That was a bug: now, by default,
s6-linux-init-maker does not create the utmp services if the -U option
is not given. If you used s6-linux-init-maker without the -U option
and still need the utmps services, you should explicitly set "-U utmp".

https://skarnet.org/software/s6-linux-init/
git://git.skarnet.org/s6-linux-init

* s6-networking-2.4.1.0
  ---------------------

- Bugfixes (nothing security-related).
- It is now possible to define a maximum amount of time spent in the
TLS handshake no matter how s6-networking has been built. (The -K
option has been implemented for the libtls backend.)
- When SNI has been required, the TLS-related binaries now export
the SSL TLS SNI SERVERNAME option to their application; the variable
contains the relevant server name.

https://skarnet.org/software/s6-networking/
git://git.skarnet.org/s6-networking

s6-networking has man pages as well:
https://github.com/flexibeast/s6-networking-man-pages

Enjoy,
Bug-reports welcome.

--
Laurent

------------------------------------------------------------

Copied from: http://skarnet.org/cgi-bin/archive.cgi?1:mss:1535:202102:lpehbljhhcpaopbnkkbf
2021-03-19 13:51:47 +01:00
github-actions[bot]
29278dcf45
Merge staging-next into staging 2021-03-19 12:26:59 +00:00
github-actions[bot]
c804f22a81
Merge master into staging-next 2021-03-19 12:26:52 +00:00
Sandro
24d3016208
Merge pull request #114016 from oxalica/fix/partition-manager 2021-03-19 13:02:40 +01:00
Frank Doepper
2b16ff3457 nncp: 5.3.3 -> 6.2.0
- change build system from makefile to redo
- license gpl3Only
2021-03-19 12:01:35 +01:00
github-actions[bot]
8c03075f07
Merge staging-next into staging 2021-03-19 00:41:08 +00:00
github-actions[bot]
d73a492e83
Merge master into staging-next 2021-03-19 00:41:01 +00:00
Sandro
711ea2b67d
Merge pull request #116600 from siraben/darwin-mass-fix-buildInputs=0 2021-03-19 00:37:20 +01:00
Sandro
8ce21fbec2
Merge pull request #116760 from rnhmjoj/abduco
abduco: 2018-05-16 -> 2020-04-30
2021-03-18 23:58:29 +01:00
Massimo Redaelli
272e287c7e handlr: init at 0.5.0 2021-03-18 23:45:49 +01:00
SCOTT-HAMILTON
e53281a59b
usbview: init at 2.0 (#116450) 2021-03-18 23:24:20 +01:00
sternenseemann
4b0741093d fdtools: set platforms to linux only
Seems like there is portability trouble preventing it from working on
darwin and likely also BSDs. The website says:

>  On some systems (currently only Linux, as far as I know) they can
> also allocate, lock, and switch virtual consoles.
2021-03-18 21:27:42 +01:00
Profpatsch
82b3b20d72 fdtools: fix missing gcc -> $CC replacement
clang compilation would fail because the author likes to hardcode
`gcc` in the build files.
2021-03-18 21:14:03 +01:00
Jan Tojnar
2445e9a681
Merge branch 'master' into staging-next 2021-03-18 19:24:39 +01:00
Fabian Affolter
9a48ca8027
Merge pull request #112934 from r-ryantm/auto-update/mbuffer
mbuffer: 20200929 -> 20210209
2021-03-18 19:15:43 +01:00
superherointj
642412d0ab tfk8s: 0.1.0 -> 0.1.2 2021-03-18 14:41:33 -03:00
rnhmjoj
7453cb20b1
abduco: 2018-05-16 -> 2020-04-30 2021-03-18 17:20:20 +01:00
Ben Siraphob
bfde7b6b8d vimer: expand platforms to all 2021-03-18 23:02:07 +07:00
Ben Siraphob
2da233a186 sfeed: expand platforms to all 2021-03-18 23:02:07 +07:00
Ben Siraphob
84c06d2717 bash_unit: expand platforms to all 2021-03-18 23:02:06 +07:00
Ben Siraphob
be473683ea ministat: expand platforms to all 2021-03-18 23:02:06 +07:00
Sandro
c86907f324
Merge pull request #116239 from j4m3s-s/add-tea 2021-03-18 16:54:27 +01:00
Jan Tojnar
0136206b12
Merge branch 'master' into staging-next 2021-03-18 13:35:59 +01:00
zowoq
f7393191e7 youtube-dl: 2021.03.03 -> 2021.03.14
https://github.com/ytdl-org/youtube-dl/releases/tag/2021.03.14
2021-03-18 19:20:59 +10:00
Maximilian Bosch
c2e781ef27
Merge pull request #116397 from r-ryantm/auto-update/cicero-tui
cicero-tui: 0.1.4 -> 0.2.0
2021-03-17 19:20:19 +01:00
R. RyanTM
84858b3a76 rpi-imager: 1.5 -> 1.6 2021-03-17 17:51:27 +00:00
Ben Siraphob
3458083b8a git-fire: expand platforms to all 2021-03-17 16:26:38 +07:00
Ben Siraphob
b2c57112d8 bcunit: expand platforms to all 2021-03-17 16:25:35 +07:00
Ben Siraphob
cacacac717 bbe: expand platforms to all 2021-03-17 16:25:16 +07:00
Ben Siraphob
d4e2b08b79 apparix: expand platforms to all 2021-03-17 16:25:00 +07:00
Austin Seipp
00aa8d3995
Merge pull request #116017 from thoughtpolice/nixpkgs/staging/vector-0.12
vector: 0.10.0 -> 0.12.1
2021-03-16 20:20:13 -05:00
Samuel Gräfenstein
817f0fd741
perlPackages: NetLDAP -> perlldap
Fix building with `config.allowAliases = false;`.
2021-03-17 00:00:19 +01:00
github-actions[bot]
974e83db9a
Merge master into staging-next 2021-03-16 12:25:48 +00:00
Sandro
5fa9e2808f
Merge pull request #116441 from yanganto/czkawka-3
czkawka: init at 3.0.0
2021-03-16 12:56:01 +01:00
Antonio Yang
8483e9b387 czkawka: init at 3.0.0 2021-03-16 15:44:04 +08:00
github-actions[bot]
d18aaddde4
Merge master into staging-next 2021-03-16 00:39:08 +00:00
R. RyanTM
ca21d4ff44 vttest: 20200610 -> 20210210 2021-03-15 15:12:24 -04:00
github-actions[bot]
4915d2cb4c
Merge master into staging-next 2021-03-15 18:16:46 +00:00
Ryan Mulligan
adb55a6c29
Merge pull request #116310 from r-ryantm/auto-update/mcfly
mcfly: 0.5.4 -> 0.5.5
2021-03-15 07:46:28 -07:00
github-actions[bot]
dec95bae4a
Merge master into staging-next 2021-03-15 12:25:41 +00:00
R. RyanTM
0d4e75fcea code-minimap: 0.5.0 -> 0.5.1 2021-03-15 10:31:56 +00:00
R. RyanTM
55c6ecf527 cicero-tui: 0.1.4 -> 0.2.0 2021-03-15 10:18:13 +00:00
Sandro
266dc8c3d0
Merge pull request #116342 from dotlambda/ytfzf-1.1.0
ytfzf: 1.0.1 -> 1.1.0
2021-03-15 09:37:03 +01:00
R. RyanTM
0b0ce14b80 yad: 7.3 -> 8.0 2021-03-15 03:39:47 -04:00
R. RyanTM
3f74138ce2 dijo: 0.2.6 -> 0.2.7 2021-03-15 03:29:05 -04:00
github-actions[bot]
8fa4dca9b5
Merge master into staging-next 2021-03-15 00:40:27 +00:00
Ryan Mulligan
1561c538e7
Merge pull request #116033 from r-ryantm/auto-update/pcb2gcode
pcb2gcode: 2.2.3 -> 2.3.0
2021-03-14 16:59:24 -07:00
Robert Schütz
40e2f9fb03 ytfzf: 1.0.1 -> 1.1.0
Prevent ytfzf from installing its own updates.
Add all programs that are possibly used in the script to $PATH.
A 10M increase in closure size seems very acceptable.
2021-03-14 20:03:20 +01:00
github-actions[bot]
c7b23f6440
Merge master into staging-next 2021-03-14 18:17:08 +00:00
Ryan Mulligan
7ae2804166
Merge pull request #116142 from r-ryantm/auto-update/git-town
git-town: 7.4.0 -> 7.5.0
2021-03-14 10:39:53 -07:00
Martin Weinelt
0241873f7f
Merge branch 'master' into staging-next 2021-03-14 17:35:32 +01:00
Sandro
f2cfae49c2
Merge pull request #116263 from fabaff/bump-broadlink
broadlink-cli: 0.16.0 -> 0.17.0
2021-03-14 17:14:51 +01:00
Sandro
290fd59580
Merge pull request #116269 from SuperSandro2000/uutils-coreutils
uutils-coreutils: install symlinks again by converting to stdenv.mkDe…
2021-03-14 16:09:36 +01:00
Ryan Mulligan
994dc4b2af
Merge pull request #116165 from r-ryantm/auto-update/oppai-ng
oppai-ng: 4.0.0 -> 4.1.0
2021-03-14 08:03:13 -07:00
pacien
30b74d3695 hidrd: init at unstable-2019-06-03 2021-03-14 14:55:49 +01:00
R. RyanTM
aefa58af3b mcfly: 0.5.4 -> 0.5.5 2021-03-14 13:10:33 +00:00
github-actions[bot]
8c04f70ddd
Merge master into staging-next 2021-03-14 12:21:07 +00:00
R. RyanTM
8676e8fe71 units: 2.19 -> 2.21 2021-03-14 04:57:50 -04:00
github-actions[bot]
3b97019142
Merge master into staging-next 2021-03-14 06:17:28 +00:00
R. RyanTM
7dd7da5201 pspg: 4.3.0 -> 4.3.1 2021-03-14 00:41:50 -05:00
R. RyanTM
43d381f918 progress: 0.15 -> 0.16 2021-03-14 00:36:45 -05:00
Aaron Janse
6596d10f1d _3mux: 1.0.1 -> 1.1.0 2021-03-13 18:44:59 -08:00
Sandro Jäckel
da4f44311b
uutils-coreutils: install symlinks again by converting to stdenv.mkDerivation which executes make,
add enableMulticallBinary option to generate small binaries and last add
me as a maintainer because I have bigger plans for this package.
2021-03-14 02:15:34 +01:00
github-actions[bot]
c596c93079
Merge master into staging-next 2021-03-14 00:41:40 +00:00
Fabian Affolter
c826ae5b14 broadlink-cli: 0.16.0 -> 0.17.0 2021-03-14 01:15:26 +01:00
James Landrein
6c61c8cad2 tea: init at 0.7.0 2021-03-13 23:12:10 +01:00
Jan Tojnar
01a4d350c7
Merge branch 'master' into staging-next
Reverted https://github.com/NixOS/nixpkgs/pull/115228 for kodi to avoid conflict.

It does not look like unzip would be used but not investigating now to speed up merge conflict resolution.
2021-03-13 19:16:43 +01:00
Austin Seipp
b527f11db8
vector: 0.12.0 -> 0.12.1
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2021-03-13 11:09:10 -06:00
Kid
0e3fb2ae42
fzf: 0.25.1 -> 0.26.0
https://github.com/junegunn/fzf/releases/tag/0.26.0
2021-03-14 01:04:08 +08:00
R. RyanTM
c80586cde4 upterm: 0.5.2 -> 0.6.5 2021-03-13 16:29:21 +00:00
Mario Rodas
6bb2bfd941
Merge pull request #116138 from r-ryantm/auto-update/direnv
direnv: 2.27.0 -> 2.28.0
2021-03-13 11:14:44 -05:00