Commit Graph

27124 Commits

Author SHA1 Message Date
figsoda
6a32ac7c69 telegraf: add version test 2023-05-28 10:18:00 -04:00
figsoda
a0215e28ea telegraf: fix version 2023-05-28 10:14:26 -04:00
figsoda
bdd9d25e2c
Merge pull request #234555 from r-ryantm/auto-update/telegraf
telegraf: 1.26.2 -> 1.26.3
2023-05-28 10:01:19 -04:00
figsoda
3aed07b966
Merge pull request #234581 from sikmir/flashmq
flashmq: init at 1.4.5
2023-05-28 09:57:55 -04:00
Nikolay Korotkiy
bbefb9b2a3
flashmq: init at 1.4.5 2023-05-28 16:51:14 +04:00
Weijia Wang
4f4d0cc939
Merge pull request #228961 from r-ryantm/auto-update/victoriametrics
victoriametrics: 1.89.1 -> 1.91.0
2023-05-28 10:38:34 +03:00
R. Ryantm
a007ccb08d telegraf: 1.26.2 -> 1.26.3 2023-05-28 04:39:24 +00:00
Weijia Wang
93e6e97194 victoriametrics: add upstream patches 2023-05-28 01:58:50 +03:00
Weijia Wang
b80714f2c1
Merge pull request #234485 from r-ryantm/auto-update/nats-server
nats-server: 2.9.16 -> 2.9.17
2023-05-28 01:42:27 +03:00
Thomas Gerbet
ed33222971 etcd_3_3: mark vulnerable to CVE-2023-32082 2023-05-28 08:04:43 +10:00
Thomas Gerbet
85f15277d0 etcd: switch to etcd_3_5 2023-05-28 08:04:43 +10:00
Weijia Wang
f794726617
Merge pull request #234465 from wegank/influxdb-refactor
influxdb, influxdb2: migrate to bindgenHook
2023-05-27 23:04:00 +03:00
R. Ryantm
cbf3c2f6f5 nats-server: 2.9.16 -> 2.9.17 2023-05-27 19:45:43 +00:00
Weijia Wang
2e290f5676 influxdb2: migrate to bindgenHook 2023-05-27 20:05:57 +03:00
Weijia Wang
26d5c72cac influxdb: migrate to bindgenHook 2023-05-27 20:05:28 +03:00
Thomas Gerbet
55a9632753 metabase: 0.46.2 -> 0.46.4
Fixes CVE-2023-32680.

Changelogs:
https://github.com/metabase/metabase/releases/tag/v0.46.4
https://github.com/metabase/metabase/releases/tag/v0.46.3
2023-05-27 18:42:39 +02:00
Alyssa Ross
6abae5cbb5 xwayland: set meta.mainProgram 2023-05-27 15:00:40 +00:00
Robert Scott
b65f4b653b
Merge pull request #234398 from lorenz/fix-prom
prometheus: skip tests on 32-bit platforms
2023-05-27 15:59:04 +01:00
Lorenz Brun
e1a0a7aa76 prometheus: skip tests on 32-bit platforms 2023-05-27 15:58:45 +02:00
Robert Scott
2d895ae34c
Merge pull request #234392 from lorenz/fix-teleport
teleport: mark as broken on <64 bit platforms
2023-05-27 12:48:04 +01:00
Weijia Wang
ae0b0867da
Merge pull request #234349 from r-ryantm/auto-update/mediamtx
mediamtx: 0.23.0 -> 0.23.3
2023-05-27 12:57:45 +03:00
Lorenz Brun
12be07b11c teleport: mark as broken on <64 bit platforms 2023-05-27 11:18:34 +02:00
R. Ryantm
c256f09dac mediamtx: 0.23.0 -> 0.23.3 2023-05-27 03:05:34 +00:00
figsoda
fba54af741
Merge pull request #234329 from wegank/sonic-server-refactor
sonic-server: migrate to bindgenHook
2023-05-26 21:48:14 -04:00
Ryan Lahfa
d74e5f4a18
Merge pull request #213510 from RaitoBezarius/nginx-proxyprotocol
nixos/nginx: first-class PROXY protocol support
2023-05-27 03:37:33 +02:00
Weijia Wang
442a6dbd36 surrealdb: fix build on aarch64-linux 2023-05-26 21:00:38 -04:00
Weijia Wang
cbb545fbba sonic-server: migrate to bindgenHook 2023-05-27 02:56:05 +03:00
markuskowa
a367e2ba0a
Merge pull request #234174 from markuskowa/upd-nfs-ganesha
nfs-ganesha: 5.1 -> 5.2
2023-05-26 20:30:38 +02:00
Sander
f3a4973aeb meilisearch: allow builds on aarch64-linux 2023-05-26 14:04:33 -04:00
Raito Bezarius
69bb0f94de nixos/nginx: first-class PROXY protocol support
PROXY protocol is a convenient way to carry information about the
originating address/port of a TCP connection across multiple layers of
proxies/NAT, etc.

Currently, it is possible to make use of it in NGINX's NixOS module, but
is painful when we want to enable it "globally".
Technically, this is achieved by reworking the defaultListen options and
the objective is to have a coherent way to specify default listeners in
the current API design.
See `mkDefaultListenVhost` and `defaultListen` for the details.

It adds a safeguard against running a NGINX with no HTTP listeners (e.g.
only PROXY listeners) while asking for ACME certificates over HTTP-01.

An interesting usecase of PROXY protocol is to enable seamless IPv4 to
IPv6 proxy with origin IPv4 address for IPv6-only NGINX servers, it is
demonstrated how to achieve this in the tests, using sniproxy.

Finally, the tests covers:

- NGINX `defaultListen` mechanisms are not broken by these changes;
- NGINX PROXY protocol listeners are working in a final usecase
  (sniproxy);
- uses snakeoil TLS certs from ACME setup with wildcard certificates;

In the future, it is desirable to spoof-attack NGINX in this scenario to
ascertain that `set_real_ip_from` and all the layers are working as
intended and preventing any user from setting their origin IP address to
any arbitrary, opening up the NixOS module to bad™ vulnerabilities.

For now, it is quite hard to achieve while being minimalistic about the
tests dependencies.
2023-05-26 19:48:26 +02:00
Weijia Wang
a84996a76b
Merge pull request #234195 from wegank/389-bump
_389-ds-base: 2.3.1 -> 2.4.1
2023-05-26 15:21:06 +03:00
Weijia Wang
dc57610254 _389-ds-base: 2.3.1 -> 2.4.1 2023-05-26 13:31:03 +03:00
Weijia Wang
3b99ef4582
Merge pull request #234161 from wahjava/update-tailscale
tailscale: 1.40.1 -> 1.42.0
2023-05-26 13:14:49 +03:00
happysalada
938e5e2fbe timescaledb_toolkit: mark broken on darwin 2023-05-26 06:07:33 -04:00
Markus Kowalewski
04f05e328d
nfs-ganesha: 5.1 -> 5.2 2023-05-26 10:57:33 +02:00
Weijia Wang
98fff47d56
Merge pull request #234121 from r-ryantm/auto-update/jackett
jackett: 0.21.17 -> 0.21.34
2023-05-26 11:28:12 +03:00
Weijia Wang
a7f164903c
Merge pull request #234155 from r-ryantm/auto-update/martin
martin: 0.8.2 -> 0.8.3
2023-05-26 11:27:38 +03:00
Weijia Wang
92f37aaa8a
Merge pull request #234064 from drupol/openvscode-server/bump-may-2023
openvscode-server: 1.78.1 -> 1.78.2
2023-05-26 10:32:05 +03:00
Ashish SHUKLA
532f47f28b
tailscale: 1.40.1 -> 1.42.0 2023-05-26 09:11:07 +02:00
Weijia Wang
e8be664256
Merge pull request #234083 from wegank/rippled-insecure
rippled: mark as insecure
2023-05-26 10:10:49 +03:00
R. Ryantm
4d28c34fff martin: 0.8.2 -> 0.8.3 2023-05-26 06:37:57 +00:00
Pol Dellaiera
67ec520e07
openvscode-server: 1.78.1 -> 1.78.2 2023-05-26 08:15:30 +02:00
R. Ryantm
df85fc53a3 jackett: 0.21.17 -> 0.21.34 2023-05-26 02:32:55 +00:00
R. Ryantm
e74103437c rustypaste: 0.9.0 -> 0.9.1 2023-05-26 01:51:00 +00:00
Weijia Wang
8de9fea9ea
Merge pull request #231811 from misuzu/snac2-darwin
snac2: build on darwin
2023-05-26 01:12:40 +03:00
Weijia Wang
1ebd98fe8c rippled: mark as insecure 2023-05-26 00:54:15 +03:00
Yaya
931a1b97f7 nixos/tests/sftpgo: init 2023-05-25 22:46:15 +02:00
Yaya
643d213ea6 sftpgo: add yayayayaka to maintainers 2023-05-25 22:46:15 +02:00
Yaya
2e2d5659d5 sftpgo: Include openapi, static and templates folders
Those are needed for serving the web client
2023-05-25 22:46:15 +02:00
Sandro
32e61ec5ad
Merge pull request #228553 from chvp/bump-hookshot
matrix-hookshot: 3.2.0 -> 4.0.0
2023-05-25 22:04:45 +02:00