Graham Christensen
a9c875fc2e
nixpkgs: allow packages to be marked insecure
...
If a package's meta has `knownVulnerabilities`, like so:
stdenv.mkDerivation {
name = "foobar-1.2.3";
...
meta.knownVulnerabilities = [
"CVE-0000-00000: remote code execution"
"CVE-0000-00001: local privilege escalation"
];
}
and a user attempts to install the package, they will be greeted with
a warning indicating that maybe they don't want to install it:
error: Package ‘foobar-1.2.3’ in ‘...default.nix:20’ is marked as insecure, refusing to evaluate.
Known issues:
- CVE-0000-00000: remote code execution
- CVE-0000-00001: local privilege escalation
You can install it anyway by whitelisting this package, using the
following methods:
a) for `nixos-rebuild` you can add ‘foobar-1.2.3’ to
`nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
like so:
{
nixpkgs.config.permittedInsecurePackages = [
"foobar-1.2.3"
];
}
b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
‘foobar-1.2.3’ to `permittedInsecurePackages` in
~/.config/nixpkgs/config.nix, like so:
{
permittedInsecurePackages = [
"foobar-1.2.3"
];
}
Adding either of these configurations will permit this specific
version to be installed. A third option also exists:
NIXPKGS_ALLOW_INSECURE=1 nix-build ...
though I specifically avoided having a global file-based toggle to
disable this check. This way, users don't disable it once in order to
get a single package, and then don't realize future packages are
insecure.
2017-02-24 07:41:05 -05:00
Eelco Dolstra
8e1fa01f3a
nix: 1.11.6 -> 1.11.7
2017-02-24 12:53:53 +01:00
Jascha Geerds
a49be4fcaf
Merge pull request #23143 from romildo/upd.numix-icon-theme
...
numix-icon-theme: 2016-11-13 -> 2017-01-25
2017-02-24 12:20:40 +01:00
Nick Hu
cbe765043f
fdr: init at 4.2.0
2017-02-24 11:00:02 +00:00
romildo
b474c5cd30
zuki-themes: 2016-10-20 -> 2017-02-17
2017-02-24 07:49:15 -03:00
romildo
767e50867c
xdgmenumaker: 1.1 -> 1.4
2017-02-24 07:24:16 -03:00
romildo
08749dd231
paper-icon-theme: 2016-11-05 -> 2017-02-13
2017-02-24 06:57:19 -03:00
romildo
9ae7fb4b60
numix-gtk-theme: 2016-11-19 -> 2017-02-15
2017-02-24 06:48:09 -03:00
romildo
aaa93d32aa
numix-icon-theme: 2016-11-13 -> 2017-01-25
2017-02-24 06:37:46 -03:00
romildo
1872f24c1b
jwm: 1580 -> 1582
2017-02-24 06:29:24 -03:00
romildo
e27a7a3686
greybird: 2016-11-15 -> 2017-02-17
2017-02-24 06:22:42 -03:00
Peter Hoeg
9e59945383
calibre: 2.79.1 -> 2.80.0
2017-02-24 17:20:23 +08:00
romildo
e4ab4a733c
moka-icon-theme: 2016-10-06 -> 2017-02-13
2017-02-24 06:10:52 -03:00
Michiel Leenaars
29d6460084
quickder: 1.0-RC1 -> 1.0-RC2
2017-02-24 10:02:13 +01:00
romildo
5b2199fcc6
blackbird: 2016-07-04 -> 2017-02-20
2017-02-24 05:45:11 -03:00
Pascal Wittmann
3af06724fa
Merge pull request #23136 from ljli/global-enhance
...
global: support universal-ctags
2017-02-24 08:37:39 +01:00
Peter Hoeg
4588f94396
sensu: 0.17.1 -> 0.28.0
2017-02-24 15:30:15 +08:00
Leon Isenberg
d556f53517
rnv: init at 1.7.11
2017-02-24 08:26:09 +01:00
Leon Isenberg
3211ff1b50
global: support universal-ctags
2017-02-24 07:51:39 +01:00
Leon Isenberg
1eaf76ac7a
wlc: 0.0.5 -> 0.0.8
2017-02-24 06:58:19 +01:00
Peter Hoeg
8e3d0b8323
awless: 0.0.13 -> 0.0.14
2017-02-24 11:15:26 +08:00
Graham Christensen
d36b1ccc13
Revert "Revert "linux kernels: patch against DCCP double free (CVE-2017-6074)""
...
This reverts commit 53a2baabbe
.
2017-02-23 19:23:29 -05:00
Graham Christensen
53a2baabbe
Revert "linux kernels: patch against DCCP double free (CVE-2017-6074)"
...
This reverts commit 1d68edbef4
.
2017-02-23 18:47:16 -05:00
Graham Christensen
1d68edbef4
linux kernels: patch against DCCP double free (CVE-2017-6074)
2017-02-23 18:44:43 -05:00
Shea Levy
c71bae0330
long-shebang: 1.1.0 -> 1.2.0
2017-02-23 18:27:12 -05:00
Tim Steinbach
82aae8f631
kernel: 4.4.50 -> 4.4.51
2017-02-23 17:47:51 -05:00
Tim Steinbach
18c2be2862
kernel: 4.9.11 -> 4.9.12
2017-02-23 17:47:18 -05:00
Maximilian Bosch
e20575cf5f
nodejs: 7.2.1 -> 7.6.0
2017-02-23 23:38:35 +01:00
Domen Kožar
afb7d04dd6
elmPackages: fix #22932
2017-02-23 22:58:40 +01:00
Bjørn Forsman
52eab0376c
spotify: 1.0.49.125.g72ee7853-83 -> 1.0.49.125.g72ee7853-111
2017-02-23 22:20:49 +01:00
Pascal Wittmann
04dcda3da4
homebank: 5.1.3 -> 5.1.4
2017-02-23 22:18:45 +01:00
romildo
f67a097488
idea.clion: 2016.3.2 -> 2016.3.3
2017-02-23 16:55:18 -03:00
John Wiegley
6bbddcf7d1
xcbuild: Guard a glibc-only postPatch with \!isDarwin
2017-02-23 11:32:52 -08:00
Vincent Laporte
75b187b0f7
ocamlPackages.eliom: adds ocamlbuild as a dependency
2017-02-23 19:10:33 +00:00
Vincent Laporte
a9b0c95ad4
ocamlPackages.ppx_sexp_conv: init at 113.33.01+4.03
2017-02-23 19:07:38 +00:00
Vincent Laporte
7ca9e6776d
ocamlPackages.ppx_type_conv: init at 113.33.02+4.03
2017-02-23 19:04:01 +00:00
Vincent Laporte
d6bc0c9236
ocamlPackages.ppx_optcomp: init at 113.33.0[01]+4.03
2017-02-23 18:34:17 +00:00
Vincent Laporte
63796fd38f
ocamlPackages.ppx_core: init at 113.33.01+4.03
2017-02-23 18:28:15 +00:00
Vincent Laporte
be427d6e51
ocamlPackages.sexplib: init at 113.33.00+4.03
2017-02-23 18:25:56 +00:00
Joachim Fasting
b92501f0d8
grsecurity: 4.9.11-201702181444 -> 201702222257
2017-02-23 19:18:39 +01:00
Jason A. Donenfeld
67b4f726c8
wireguard: 0.0.20170214 -> 0.0.20170223
...
Simple version bump.
2017-02-23 19:07:42 +01:00
Franz Pletz
4730993ca6
Merge pull request #23109 from dtzWill/update/neo4j
...
neo4j: update and fix JVM parameters in NixOS module
2017-02-23 19:02:32 +01:00
Profpatsch
8e54fced98
flpsed: ghostscript patch, fixes, new url
...
gs was called at runtime, fix the execvp call.
The url changed to its own domain.
A little face-lift for the package code.
2017-02-23 18:52:30 +01:00
Robin Gloster
b707552b5b
phpPackages.xdebug: 2.4.0RC3 -> 2.5.0
...
fixes #23098
2017-02-23 18:51:53 +01:00
Franz Pletz
d508ef88f7
Merge pull request #23082 from mayflower/graylog_update
...
graylog: update + module plugin support
2017-02-23 17:42:57 +01:00
Demin Dmitriy
db0316d8b2
opera: 42.0.2393.517 -> 43.0.2442.991
2017-02-23 19:25:20 +03:00
Robin Gloster
940492cef5
Merge pull request #22634 from Ekleog/dhparams
...
dhparams module: initialize
2017-02-23 17:16:04 +01:00
Vladimír Čunát
cb63a0b2da
knot-resolver: maintenance 1.2.2 -> 1.2.3
...
Just tiny fixes for some rare circumstances.
https://lists.nic.cz/pipermail/knot-dns-users/2017-February/001066.html
2017-02-23 16:23:23 +01:00
Franz Pletz
a689c7c792
pythonPackages.xdot: fix wrapper
2017-02-23 16:07:41 +01:00
Franz Pletz
4905c1c54f
prosody service: needs working network connectivity
2017-02-23 16:07:41 +01:00