Commit Graph

115923 Commits

Author SHA1 Message Date
gwitmond
bd52618c9d
nixos: add option for bind to not resolve local queries (#29503)
When the user specifies the networking.nameservers setting in the
configuration file, it must take precedence over automatically
derived settings.

The culprit was services.bind that made the resolver set to
127.0.0.1 and ignore the nameserver setting.

This patch adds a flag to services.bind to override the nameserver
to localhost. It defaults to true. Setting this to false prevents the
service.bind and dnsmasq.resolveLocalQueries settings from
overriding the users' settings.

Also, when the user specifies a domain to search, it must be set in
the resolver configuration, even if the user does not specify any
nameservers.

(cherry picked from commit 670b4e29ad)

This commit was accidentally merged to 17.09 but was intended for
master. This is the cherry-pick to master.
2017-09-18 22:54:29 +02:00
Franz Pletz
38c14d7132
newsbeuter: fix CVE-2017-14500 2017-09-18 22:45:30 +02:00
Franz Pletz
0653abc07a
gd: 2.2.4 -> 2.2.5 for multiple CVEs
Fixes:
  * CVE-2017-6362
  * CVE-2017-7890
2017-09-18 22:45:30 +02:00
Daiderd Jordan
69bf06ad6c
gperftools: fix darwin build 2017-09-18 22:20:57 +02:00
Daiderd Jordan
6b7e103870
nmap: patch vendored libz for darwin 2017-09-18 22:02:58 +02:00
Franz Pletz
c7ed26b6a9
geolite-legacy: 2017-05-26 -> 2017-09-17 2017-09-18 21:55:41 +02:00
Franz Pletz
ad13618c9b
mirrorbits: init at 0.4 2017-09-18 21:55:41 +02:00
Franz Pletz
316858466a
mercurial: 4.3.1 -> 4.3.2 2017-09-18 21:52:07 +02:00
Franz Pletz
dc08dcf6e7
ssh service: add sftpFlags option 2017-09-18 21:52:07 +02:00
Franz Pletz
a796d692c4
clawsMail: 3.15.0 -> 3.15.1 2017-09-18 21:52:07 +02:00
Franz Pletz
05b1e514bc
matterircd: 0.11.4 -> 0.12.0
This version is compatible with our current Mattermost.
2017-09-18 21:52:06 +02:00
Franz Pletz
94bbe7db22
bluez4: remove, unused and probably vulnerable 2017-09-18 21:19:15 +02:00
Franz Pletz
dadb16a57f
bluez: 5.43 -> 5.47 for CVE-2017-1000250
Fixes #29289.
2017-09-18 21:19:15 +02:00
John Ericson
e1372646aa Merge pull request #29517 from obsidiansystems/cctools-cross
darwin stdenv: cctools override needs to go away when targetPlatform changes
2017-09-18 14:41:09 -04:00
John Ericson
77bd6313bb darwin stdenv: cctools override needs to go away when targetPlatform changes 2017-09-18 14:39:38 -04:00
WilliButz
9198ad65ef tests: add initrd-network-ssh test
starts two VMs:
- one with dropbear listening from initrd,
  waiting for a file
- another connecting via ssh, creating the file
2017-09-18 19:51:46 +02:00
Franz Pletz
ede0ecdc69
potrace: 1.14 -> 1.15
Fixes CVE-2017-12067 and other security issues.

Fixes NixOS/security#107.
2017-09-18 17:24:09 +02:00
Franz Pletz
0e550fd51c
cdo: 1.7.2 -> 1.9.0 2017-09-18 17:24:08 +02:00
WilliButz
0b2d9bbbd2 nixos/tests: add grafana test (#29531) 2017-09-18 16:59:50 +02:00
Franz Pletz
4850bc7080 Merge pull request #29530 from WilliButz/grafanaUpdate
grafana: 4.5.0 -> 4.5.1
2017-09-18 16:58:32 +02:00
Maximilian König
460cd80729 palemoon: 27.4.1 -> 27.4.2 2017-09-18 16:57:02 +02:00
WilliButz
8eb3e45f37
grafana: 4.5.0 -> 4.5.1 2017-09-18 16:28:26 +02:00
Franz Pletz
c9d11b8a1d
apacheHttpd: fix CVE-2017-9798 (Optionsbleed)
https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html
2017-09-18 16:04:03 +02:00
Samuel Leathers
2f9cb45bd4 mpi4py: disabling tests 2017-09-18 15:11:14 +02:00
Bastian Köcher
34b1e4c3db teamspeak_client: Adds missing dependency 2017-09-18 15:04:37 +02:00
Robert Klotzner
a9f60224f8 coturn service: Fix coturn to properly come up (#29415)
properly also in case dhcpcd being used.

Without network-online.target, coturn will fail to listen on addresses that
come up with dhcpcd.
2017-09-18 14:54:32 +02:00
Franz Pletz
b179908414
nixos/networking: network is online if default gw set
Previously services depending on network-online.target would wait until
dhcpcd times out if it was enabled and a static network address
configuration was used. Setting the default gateway statically is enough
for the networking to be considered online.

This also adjusts the relevant networking tests to wait for
network-online.target instead of just network.target.
2017-09-18 14:51:38 +02:00
Jörg Thalheim
a40533f70a Merge pull request #29516 from adisbladis/redis401
redis: 3.2.9 -> 4.0.1
2017-09-18 13:24:20 +01:00
Franz Pletz
decaa2e7bf Merge pull request #29133 from elitak/ipfs
ipfs: workaround for upstream bug; other small fixes
2017-09-18 13:26:39 +02:00
Florian Jacob
839e3c7666 nixos/mysql: declarative users & databases
using Unix socket authentication, ensured on every rebuild.
2017-09-18 13:10:26 +02:00
Peter Hoeg
971eb19dbc ifstat-legacy: init at 1.1 2017-09-18 18:25:54 +08:00
Russell O'Connor
08824d7ae0 bitcoin: 0.14.0 -> 0.15.0 2017-09-18 12:02:38 +02:00
Samuel Leathers
3a33ed7c46 trollius: fix tests 2017-09-18 12:00:46 +02:00
Samuel Leathers
28a9f74769 discogs_client: 2.0.2 -> 2.2.0 2017-09-18 11:59:21 +02:00
Kranium Gikos
662b409b72 influxdb service: fixup postStart script to handle TLS 2017-09-18 11:56:30 +02:00
Justin Humm
b5a5d0ba84 gollum service: init 2017-09-18 11:55:00 +02:00
Maximilian Güntner
44475cae27 tests: ipfs: enable autoMount tests 2017-09-18 00:05:35 -07:00
Eric Litak
1a15c5d8c6 ipfs: autoMount working without root 2017-09-17 23:57:25 -07:00
Eric Litak
6324317c76 ipfs: workaround for upstream bug; doc fixes 2017-09-17 23:57:25 -07:00
Samuel Leathers
700b0945b1 marionette-harness: disable for python 3 2017-09-18 07:35:18 +02:00
Samuel Leathers
cbea57b9c7 marionette-driver: disable for python 3 2017-09-18 07:35:18 +02:00
Samuel Leathers
d355b55e82 interruptingcow: 0.6 -> 0.7 2017-09-18 07:32:57 +02:00
Robert Schütz
107b181523 abcm2ps: init at 8.13.15 2017-09-18 07:26:34 +02:00
adisbladis
ed2f7f509e
redis: 3.2.9 -> 4.0.1 2017-09-18 11:26:16 +08:00
AndersonTorres
3dc65ee2e8 tcllib: 1.15 -> 1.18 2017-09-18 04:05:50 +02:00
Franz Pletz
dd383785f1 Merge pull request #29500 from bkchr/teamspeak_3_1_6
teamspeak_client: 3.1.4 -> 3.1.6
2017-09-18 03:49:55 +02:00
Franz Pletz
e29f6bef6f Merge pull request #29510 from yrashk/awesome-version
awesome: specify version
2017-09-18 01:24:39 +02:00
Yurii Rashkovskii
824b30a715 awesome: specify version
By default, awesome will use "devel" as a version name
(or `git describe`). This has led to awesome always
showing "devel" for its version.

Some extensions depend on version information to figure
out what features they can use.

This change overrides the version for the build from the
derivations' `version` attribute.
2017-09-17 16:02:17 -07:00
Michael Weiss
018a5ae2f4 fetchRepoProject: Fetch into $out and make it deterministic
Fetch into $out and remove all version control files to make it
deterministic (.repo and all .git subdirectories - e.g. the .git/index
files change every time).

Additionally I've changed the default of "useArchive" to false because
fetching with "--archive" will fail for some projects (e.g.
"platform/external/iosched" from the AOSP).

Now, this function should hopefully work for every tag of the AOSP.
2017-09-17 23:16:33 +02:00
Franz Pletz
7db2916648 Merge pull request #29463 from womfoo/fix-build/freeswitch
freeswitch: fix build
2017-09-17 21:29:58 +02:00