Franz Pletz
6bafe64a20
qemu: apply patches for multiple CVEs
...
Fixes:
* CVE-2017-2615
* CVE-2017-5667
* CVE-2017-5898
* CVE-2017-5931
* CVE-2017-5973
We are vulnerable to even more CVEs but those are either not severe like
memory leaks in obscure situations or upstream hasn't acknowledged the
patch yet.
cc #23072
2017-02-25 09:40:53 +01:00
Peter Hoeg
9f184ac5a1
utox: 0.13.0 -> 0.13.1
2017-02-25 15:55:19 +08:00
Jonathan Rudenberg
87d294fcdd
kodi: Explicitly compile in libcec support
...
Adding this flag prevents silent breakage of CEC support.
2017-02-25 08:53:31 +01:00
Jonathan Rudenberg
a6dffeecfa
libcec: 3.1.0 -> 4.0.2
2017-02-25 08:53:31 +01:00
Franz Pletz
3a4dd97c55
nginx module: fix acme if vhost name != serverName
...
cc #21931 @bobvanderlinden
2017-02-25 08:04:38 +01:00
Peter Hoeg
e564a399d9
Merge pull request #22770 from NickHu/master
...
fdr: init at 4.2.0
2017-02-25 14:50:04 +08:00
Tom Hunger
4a524cf662
Allow directories with a default.nix to be imported as an overlay. Closes #23016 .
...
Note that ${} substitution doesn't work because of the "cannot refer
to other paths" constraint. The paranthesis are needed to enforce
right-first evaluation.
2017-02-25 02:32:04 +01:00
edef
447ba91858
rnv: fix missing rec
( #23162 )
2017-02-25 01:40:02 +01:00
Joachim F
e2f837f743
Merge pull request #23119 from romildo/upd.idea
...
idea.clion: 2016.3.2 -> 2016.3.3
2017-02-24 23:15:53 +01:00
Joachim F
1edc3efa0c
Merge pull request #23132 from ljli/rnv-init
...
rnv: init at 1.7.11
2017-02-24 23:15:35 +01:00
Charles Strahan
4abbe3c5fc
gocode: 20150904 -> 20170219
...
Go completion wasn't working (at least from youcompleteme); this fixes
that.
2017-02-24 17:11:25 -05:00
Franz Pletz
7eb7126f5a
Revert "lxc: fix build for glibc-2.25"
...
This reverts commit 76ae7e19a9
.
2017-02-24 21:45:29 +01:00
Benjamin Staffin
1c555e772e
Merge pull request #23155 from doshitan/fix-prometheus-basic-auth
...
prometheus service: fix basic auth option
2017-02-24 15:08:35 -05:00
Tanner Doshier
b846ce5243
prometheus service: fix basic auth option
...
If some configuration is provided, we need to filter out the `_module` key or
else it breaks prometheus.
2017-02-24 13:32:01 -06:00
Vincent Laporte
690968df54
ocamlPackages.utop: 1.19.2 -> 1.19.3
2017-02-24 19:21:29 +00:00
Vincent Laporte
9493ced9f7
ocamlPackages.{ojquery,tuntap,uri}: adds ocamlbuild as dependency
2017-02-24 19:02:48 +00:00
Vincent Laporte
71739f348e
Revert "ocamlPackages.spacetime: only build with ocaml-4.04"
...
This reverts commit f18ac15dca
.
2017-02-24 19:02:48 +00:00
Joachim F
01fdaee031
Merge pull request #23113 from demin-dmitriy/opera
...
opera: 42.0.2393.517 -> 43.0.2442.991
2017-02-24 19:24:27 +01:00
Joachim F
5abcebe9bf
Merge pull request #23131 from ljli/wlc-update
...
wlc: 0.0.5 -> 0.0.8
2017-02-24 19:23:28 +01:00
Joachim F
5bf8047cfe
Merge pull request #23146 from romildo/upd.xdgmenumaker
...
xdgmenumaker: 1.1 -> 1.4
2017-02-24 18:55:15 +01:00
Joachim F
a9555f580e
Merge pull request #23141 from romildo/upd.greybird
...
greybird: 2016-11-15 -> 2017-02-17
2017-02-24 18:55:03 +01:00
Joachim F
5502efb782
Merge pull request #23138 from leenaars/quickd
...
quickder: 1.0-RC1 -> 1.0-RC2
2017-02-24 18:54:13 +01:00
Joachim F
ad0770fb42
Merge pull request #23144 from romildo/upd.numix-gtk-theme
...
numix-gtk-theme: 2016-11-19 -> 2017-02-15
2017-02-24 18:50:48 +01:00
Joachim F
859f00a6c2
Merge pull request #23145 from romildo/upd.paper-icon-theme
...
paper-icon-theme: 2016-11-05 -> 2017-02-13
2017-02-24 18:50:36 +01:00
Joachim F
63d251f2e3
Merge pull request #23147 from romildo/upd.zuki-themes
...
zuki-themes: 2016-10-20 -> 2017-02-17
2017-02-24 18:50:22 +01:00
Ryan Mulligan
41b56b4b8a
f2fs module: add crc32 dependency to initrd kernel modules, closes #23093
...
f2fs.fsck depends on crc32 module being present in the initrd system,
otherwise, if f2fs is used as the root disk, the system is unbootable.
2017-02-24 18:32:50 +01:00
Franz Pletz
76ae7e19a9
lxc: fix build for glibc-2.25
2017-02-24 17:57:41 +01:00
Franz Pletz
f15cebd28c
jool: 3.5.0 -> 3.5.2
2017-02-24 17:57:41 +01:00
Franz Pletz
114ae6baab
unbound: 1.6.0 -> 1.6.1
2017-02-24 17:57:41 +01:00
Franz Pletz
7cc86f79b4
mumble: 1.2.17 -> 1.2.19
2017-02-24 17:57:41 +01:00
Joachim F
2b5b14fd9b
Merge pull request #23139 from romildo/upd.moka-icon-theme
...
moka-icon-theme: 2016-10-06 -> 2017-02-13
2017-02-24 17:51:12 +01:00
Joachim F
2646d314ff
Merge pull request #23137 from romildo/upd.blackbird
...
blackbird: 2016-07-04 -> 2017-02-20
2017-02-24 17:50:57 +01:00
Joachim F
91101645e7
Merge pull request #23142 from romildo/upd.jwm
...
jwm: 1580 -> 1582
2017-02-24 17:50:31 +01:00
Robin Gloster
bb486ff975
Merge pull request #23125 from Ma27/update/nodejs-v7
...
nodejs: 7.2.1 -> 7.6.0
2017-02-24 17:11:55 +01:00
Peter Hoeg
eae1866c28
sensu: 0.17.1 -> 0.28.0
2017-02-25 00:00:58 +08:00
Bjørn Forsman
64d058f472
Revert "sensu: 0.17.1 -> 0.28.0"
...
This reverts commit 4588f94396
.
Because it breaks nixpkgs evaluation.
2017-02-24 15:13:57 +01:00
Jörg Thalheim
0eefe9bc62
lxc: fix glibc 2.25 incompatibility
2017-02-24 14:00:23 +01:00
Robin Gloster
8f60b43d9c
Merge pull request #23130 from grahamc/insecure-packages-with-docs
...
nixpkgs: allow packages to be marked insecure (this time with docs)
2017-02-24 13:44:28 +01:00
Graham Christensen
30cea5f022
libplist: mark as insecure
...
Patches currently available don't seem to apply.
2017-02-24 07:41:11 -05:00
Graham Christensen
a9c875fc2e
nixpkgs: allow packages to be marked insecure
...
If a package's meta has `knownVulnerabilities`, like so:
stdenv.mkDerivation {
name = "foobar-1.2.3";
...
meta.knownVulnerabilities = [
"CVE-0000-00000: remote code execution"
"CVE-0000-00001: local privilege escalation"
];
}
and a user attempts to install the package, they will be greeted with
a warning indicating that maybe they don't want to install it:
error: Package ‘foobar-1.2.3’ in ‘...default.nix:20’ is marked as insecure, refusing to evaluate.
Known issues:
- CVE-0000-00000: remote code execution
- CVE-0000-00001: local privilege escalation
You can install it anyway by whitelisting this package, using the
following methods:
a) for `nixos-rebuild` you can add ‘foobar-1.2.3’ to
`nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
like so:
{
nixpkgs.config.permittedInsecurePackages = [
"foobar-1.2.3"
];
}
b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
‘foobar-1.2.3’ to `permittedInsecurePackages` in
~/.config/nixpkgs/config.nix, like so:
{
permittedInsecurePackages = [
"foobar-1.2.3"
];
}
Adding either of these configurations will permit this specific
version to be installed. A third option also exists:
NIXPKGS_ALLOW_INSECURE=1 nix-build ...
though I specifically avoided having a global file-based toggle to
disable this check. This way, users don't disable it once in order to
get a single package, and then don't realize future packages are
insecure.
2017-02-24 07:41:05 -05:00
Eelco Dolstra
8e1fa01f3a
nix: 1.11.6 -> 1.11.7
2017-02-24 12:53:53 +01:00
Jascha Geerds
a49be4fcaf
Merge pull request #23143 from romildo/upd.numix-icon-theme
...
numix-icon-theme: 2016-11-13 -> 2017-01-25
2017-02-24 12:20:40 +01:00
Nick Hu
cbe765043f
fdr: init at 4.2.0
2017-02-24 11:00:02 +00:00
romildo
b474c5cd30
zuki-themes: 2016-10-20 -> 2017-02-17
2017-02-24 07:49:15 -03:00
romildo
767e50867c
xdgmenumaker: 1.1 -> 1.4
2017-02-24 07:24:16 -03:00
romildo
08749dd231
paper-icon-theme: 2016-11-05 -> 2017-02-13
2017-02-24 06:57:19 -03:00
romildo
9ae7fb4b60
numix-gtk-theme: 2016-11-19 -> 2017-02-15
2017-02-24 06:48:09 -03:00
romildo
aaa93d32aa
numix-icon-theme: 2016-11-13 -> 2017-01-25
2017-02-24 06:37:46 -03:00
romildo
1872f24c1b
jwm: 1580 -> 1582
2017-02-24 06:29:24 -03:00
romildo
e27a7a3686
greybird: 2016-11-15 -> 2017-02-17
2017-02-24 06:22:42 -03:00