Commit Graph

595732 Commits

Author SHA1 Message Date
Sergey
6951771604
git-agecrypt: unstable-2023-07-14 -> unstable-2024-03-11 2024-03-11 22:53:01 +00:00
Ilan Joselevich
f5736d920c
Merge pull request #293307 from Kranzes/rust-analyzer
rust-analyzer-unwrapped: 2024-02-26 -> 2024-03-11
2024-03-12 00:30:56 +02:00
Leona Maroni
d850591416
Merge pull request #294816 from Stunkymonkey/python-pyqt6-xstatic-jquery-ui-normalize
python312Packages.xstatic-jquery-ui: normalize pname
2024-03-11 23:17:47 +01:00
Felix Bühler
9cb36f9c14
Merge pull request #294810 from Stunkymonkey/python-imread-normalize
python312Packages.imread: normalize pname
2024-03-11 23:15:20 +01:00
Artturi
d4099372a1
Merge pull request #267753 from RadovanSk/nixos-unstable
xp-pen-deco-01-v2-driver: 3.2.3.230215-1 -> 3.4.9-231023
2024-03-11 23:39:01 +02:00
Pol Dellaiera
25d428ef16
Merge pull request #291734 from jfly/update-kikit
kikit: 1.4.0 -> 1.5.0
2024-03-11 22:35:14 +01:00
Yt
154a02b06e
Merge pull request #295090 from joshbainbridge/update-mods
mods: 1.1.0 -> 1.2.2
2024-03-11 21:31:40 +00:00
Adam C. Stephens
80226b1d65
Merge pull request #295065 from jnsgruk/lxd-ui-0.8
lxd-ui: 0.6 -> 0.7
2024-03-11 17:24:36 -04:00
Pol Dellaiera
564e4ebe17
Merge pull request #295066 from r-ryantm/auto-update/disko
disko: 1.4.0 -> 1.4.1
2024-03-11 22:19:44 +01:00
Pol Dellaiera
e60561eb6e
Merge pull request #295056 from drupol/php/extensions/dom/fix-lower-bounds-part2
phpExtensions.dom: update bounds for PHP82 and PHP81
2024-03-11 22:14:14 +01:00
Pol Dellaiera
bf8462aeba
Merge pull request #294992 from TheMaxMur/feature/vscode-extensions
vscode-extensions: add new extensions
2024-03-11 22:09:54 +01:00
Pascal Bach
48dbdff7aa
Merge pull request #294710 from Scrumplex/pkgs/gimp-plugin-gap/fix-build
gimpPlugins.gap: 2.6.0 -> 2.6.0-unstable-2023-05-20
2024-03-11 21:43:24 +01:00
Robert Hensing
e8d7a2d11c
Merge pull request #295020 from philiptaron/remove-top-level-with-in-lib-part4
lib/tests: remove top-level `with` in `lib/tests`
2024-03-11 21:38:07 +01:00
Adam C. Stephens
b9a1cf2f56
Merge pull request #294488 from brprice/remove-rnix-lsp
rnix-lsp: remove package
2024-03-11 16:35:44 -04:00
Leona Maroni
eac1b02ae8
Merge pull request #295095 from robsliwi/chore/bump-paperless-ngx
paperless-ngx: 2.6.1 -> 2.6.2
2024-03-11 21:34:08 +01:00
Vincenzo Mantova
12ee5fb271
texlive.bin.dvisvgm: 3.0.3 -> 3.1.2 (#294817)
Build dvisvgm from upstream sources to align with binaries distributed
by TeX Live.
2024-03-11 16:12:51 -04:00
R. Ryantm
ef12e2a930 asciidoctorj: 2.5.11 -> 2.5.12 2024-03-11 21:02:48 +01:00
Artturi
643436f412
Merge pull request #292930 from simonhollingshead/musescore-arm
musescore: Remove 'broken' for aarch64-linux.
2024-03-11 21:48:06 +02:00
Adam C. Stephens
09f211116e
Merge pull request #294802 from mkg20001/incus-ui-split
incus.ui: upgrade zabbly patches, split from lxd
2024-03-11 15:42:04 -04:00
Robert Sliwinski
0897539a66 paperless-ngx: 2.6.1 -> 2.6.2
https://github.com/paperless-ngx/paperless-ngx/releases/tag/v2.6.2
https://github.com/paperless-ngx/paperless-ngx/compare/v2.6.1...v2.6.2
2024-03-11 20:41:12 +01:00
R. Ryantm
93c6b3e129 apk-tools: 2.14.0 -> 2.14.1 2024-03-11 20:39:45 +01:00
R. Ryantm
ee0bc95d48 python312Packages.schema-salad: 8.5.20240102191336.dev7+g8e95468 -> 8.5.20240311110950 2024-03-11 15:32:56 -04:00
Josh Bainbridge
c42d695778
mods: 1.1.0 -> 1.2.2
Signed-off-by: Josh Bainbridge <josh.bainbridge@gmail.com>
2024-03-11 19:32:47 +00:00
Jon Seager
8ab31764fc homepage-dashboard: remove trailing period from meta.description 2024-03-11 20:30:39 +01:00
Jon Seager
bb27f930c8 homepage-dashboard: add changelog to meta 2024-03-11 20:30:39 +01:00
Jon Seager
62fddf40a9 homepage-dashboard: 0.8.8 -> 0.8.9
https://github.com/gethomepage/homepage/releases/tag/v0.8.9

Remove patch which is now included upstream.
2024-03-11 20:30:39 +01:00
Jon Seager
c58f136b53 homepage-dashboard: enable nix-update-script 2024-03-11 20:30:39 +01:00
Weijia Wang
e16d9a1782
Merge pull request #294870 from Aleksanaa/varia
varia: init at 2024.2.29-2
2024-03-11 20:19:15 +01:00
Ivan Mincik
26ce32abdb
Merge pull request #295070 from imincik/gdal-bump-java-source-option
gdal: bump java source option
2024-03-11 19:01:50 +00:00
Thomas Gerbet
98201cd1cc
Merge pull request #294954 from NixOS/dependabot/github_actions/cachix/install-nix-action-26
build(deps): bump cachix/install-nix-action from 25 to 26
2024-03-11 19:59:57 +01:00
Maciej Krüger
b7f3150793
incus.ui: upgrade zabbly patches, split from lxd 2024-03-11 19:58:02 +01:00
Felix Bühler
f20d97a06b
Merge pull request #294794 from Stunkymonkey/python-ipy-normalize
python312Packages.ipy: normalize pname and folder
2024-03-11 19:50:00 +01:00
Nikolay Korotkiy
587a40f999
Merge pull request #293237 from imincik/shapely-2.0.3
python3Packages.shapely: 2.0.2 -> 2.0.3
2024-03-11 22:12:53 +04:00
Cosima Neidahl
a44e09da5e
Merge pull request #294555 from r-ryantm/auto-update/miriway
miriway: unstable-2024-02-14 -> unstable-2024-03-06
2024-03-11 19:04:18 +01:00
Adam C. Stephens
1809887dbe
Merge pull request #294443 from evanrichter/init-gitu
gitu: init at 0.5.4
2024-03-11 13:47:08 -04:00
Silvan Mosberger
7b4ea5d340
Merge pull request #293664 from tweag/by-name-update-pin
check-by-name: Update pinned tooling
2024-03-11 18:40:23 +01:00
Ivan Mincik
f35a9d2707 gdal: bump java source option
Bump java source option to fix build with JDK 21.

Closes #294940
2024-03-11 18:38:21 +01:00
Rick van Schijndel
63dc52bdbf
Merge pull request #294981 from wegank/nomacs-refactor
nomacs: refactor
2024-03-11 18:35:03 +01:00
R. Ryantm
598f085755 disko: 1.4.0 -> 1.4.1 2024-03-11 17:32:12 +00:00
Jon Seager
5813108ee2
lxd-ui: 0.6 -> 0.7 2024-03-11 17:31:34 +00:00
Yaya
57df47d918 snipe-it: 6.3.1 -> 6.3.3
https://github.com/snipe/snipe-it/releases/tag/v6.3.3
2024-03-11 18:16:36 +01:00
Yaya
c1fd254beb snipe-it: Move to pkgs/by-name/ 2024-03-11 18:16:36 +01:00
Yaya
eb12b77ff0 snipe-it: 6.2.2 -> 6.3.1
https://github.com/snipe/snipe-it/releases/tag/v6.3.0
https://github.com/snipe/snipe-it/releases/tag/v6.3.1
2024-03-11 18:16:36 +01:00
Pol Dellaiera
8deb162d09
Merge pull request #293722 from savedra1/clipse-init/0.0.6
clipse: init at 0.0.6
2024-03-11 18:05:22 +01:00
Pol Dellaiera
cb4d58b28d
phpExtensions.dom: update bounds for PHP82 and PHP81 2024-03-11 17:49:29 +01:00
Nick Cao
dc4a6bcdca
Merge pull request #294592 from sinavir/aiohttp_better_packaging
python311Packages.aiohttp-client-cache: Use standard packaging
2024-03-11 12:44:26 -04:00
David McFarland
c2eb1270d7
Merge pull request #294576 from corngood/dotnet-vmr-size
dotnet: strip native symbols from runtime
2024-03-11 13:43:34 -03:00
emilylange
08c37ba899 nixos/lldap: set service UMask=0027 and StateDirectoryMode=0750
While `/var/lib/lldap` isn't technically accessible by unprivileged
users thanks to `DynamicUser=true`, a user might prefer and change it to
`DynamicUser=false`.

There is currently also a PR open that intends to make `DynamicUser`
configurable via module option.

As such, `jwt_secret_file`, if bootstrapped by the service start
procedure, might be rendered world-readable due to its permissions
(`0644/-rw-r--r--`) defaulting to the service's umask (`022`) and
`/var/lib/lldap` to `0755/drwxr-xr-x` due to `StateDirectoryMode=0755`.

This would usually be fixed by using `(umask 027; openssl ...)` instead
of just `openssl ...`.

However, it was found that another file (`users.db`), this time
bootstrapped by `lldap` itself, also had insufficient permissions
(`0644/-rw-r--r--`) inherited by the global umask and would be left
world-readable as well.

Due to this, we instead change the service's to `027`.

And to lower the impact for already bootstrapped files on existing
instances like `users.db`, set `StateDirectoryMode=0750`.
2024-03-11 17:34:29 +01:00
emilylange
7501889950 lldap: remove emilylange from maintainers
I find lldap's defaults security-wise and its security-posture in a
broader sense deeply unsettling for something as security-critical an
authentication server.
2024-03-11 17:34:29 +01:00
emilylange
61a651e362 nixos/lldap: bootstrap jwt_secret if not provided
If not provided, lldap defaults to `secretjwtsecret` as value which is
hardcoded in the code base.

See https://github.com/lldap/lldap/blob/v0.5.0/server/src/infra/configuration.rs#L76-L77

This is really bad, because it is trivially easy to generate an admin
access token/cookie as attacker, if a `jwt_secret` is known.
2024-03-11 17:34:29 +01:00