Commit Graph

1904 Commits

Author SHA1 Message Date
Raphael Robatsch
c2928b54bc hiawatha: Add package test
Tests whether curl can communicate with hiawatha via http and https.
2024-06-12 19:51:16 +02:00
Peder Bergebakken Sundt
4bf63184e2
Merge pull request #308949 from amarshall/librusty_v8-source-provenance
treewide: mark packages using librusty_v8 as binaryNativeCode
2024-06-12 12:46:47 +02:00
Alexis Hildebrandt
755b915a15 treewide: Remove indefinite article from meta.description
nix run nixpkgs#silver-searcher -- -G '\.nix$' -0l 'description.*"[Aa]n?' pkgs \
  | xargs -0 nix run nixpkgs#gnused -- -i '' -Ee 's/(description.*")[Aa]n? (.)/\1\U\2/'
2024-06-09 23:07:45 +02:00
Alexis Hildebrandt
bf995e3641 treewide: Remove ending period from meta.description
nix run nixpkgs#silver-searcher -- -G '\.nix$' -0l 'description.*".*\.";' pkgs \
  | xargs -0 nix run nixpkgs#gnused -- -i '' -Ee 's/(description.*)\.";/\1";/'
2024-06-09 23:04:51 +02:00
Malte Poll
7e537acfea envoy: 1.30.1 -> 1.30.2
Contains security fixes for:
- [CVE-2024-34362: Crash (use-after-free) in EnvoyQuicServerStream](GHSA-hww5-43gv-35jv)
- [CVE-2024-34363: Crash due to uncaught nlohmann JSON exception](GHSA-g979-ph9j-5gg4)
- [CVE-2024-34364: Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response, and other components](GHSA-xcj3-h7vf-fw26)
- [CVE-2024-32974: Crash in EnvoyQuicServerStream::OnInitialHeadersComplete()](GHSA-mgxp-7hhp-8299)
- [CVE-2024-32975: Crash in QuicheDataReader::PeekVarInt62Length()](GHSA-g9mq-6v96-cpqc)
- [CVE-2024-32976: Endless loop while decompressing Brotli data with extra input](GHSA-7wp5-c2vq-4f8m)
- [CVE-2024-23326: Envoy incorrectly accepts HTTP 200 response for entering upgrade mode](GHSA-vcf8-7238-v74c)
2024-06-05 16:56:59 +02:00
Sigmanificient
d48a9bb622 treewide: remove unused fetchpatch arguments 2024-06-04 12:40:25 +02:00
Izorkin
a79f4a9161
angie: 1.5.1 -> 1.5.2 2024-06-03 22:22:09 +03:00
Pol Dellaiera
d89843551b
Merge pull request #310877 from emmanuelrosa/jetty-12.0.9
jetty: 12.0.8 -> 12.0.9
2024-06-02 13:54:46 +02:00
Ryan Lahfa
2181a4548d
Merge pull request #316104 from LeSuisse/nginx-1.26.1-1.27.0
nginxMainline: 1.25.4 -> 1.27.0, nginx: 1.26.0 -> 1.26.1
2024-06-01 01:04:51 +02:00
Luke Granger-Brown
7ec74c627b
Merge pull request #314921 from devusb/pomerium
pomerium: 0.25.2 -> 0.26.0
2024-05-31 13:25:30 +01:00
Thomas Gerbet
35c696f49f nginxMainline: 1.25.4 -> 1.27.0
Fixes CVE-2024-32760, CVE-2024-31079, CVE-2024-35200 and CVE-2024-34161.

Changes:
```

Changes with nginx 1.27.0                                        29 May 2024

    *) Security: when using HTTP/3, processing of a specially crafted QUIC
       session might cause a worker process crash, worker process memory
       disclosure on systems with MTU larger than 4096 bytes, or might have
       potential other impact (CVE-2024-32760, CVE-2024-31079,
       CVE-2024-35200, CVE-2024-34161).
       Thanks to Nils Bars of CISPA.

    *) Feature: variables support in the "proxy_limit_rate",
       "fastcgi_limit_rate", "scgi_limit_rate", and "uwsgi_limit_rate"
       directives.

    *) Bugfix: reduced memory consumption for long-lived requests if "gzip",
       "gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used.

    *) Bugfix: nginx could not be built by gcc 14 if the --with-atomic
       option was used.
       Thanks to Edgar Bonet.

    *) Bugfixes in HTTP/3.

Changes with nginx 1.25.5                                        16 Apr 2024

    *) Feature: virtual servers in the stream module.

    *) Feature: the ngx_stream_pass_module.

    *) Feature: the "deferred", "accept_filter", and "setfib" parameters of
       the "listen" directive in the stream module.

    *) Feature: cache line size detection for some architectures.
       Thanks to Piotr Sikora.

    *) Feature: support for Homebrew on Apple Silicon.
       Thanks to Piotr Sikora.

    *) Bugfix: Windows cross-compilation bugfixes and improvements.
       Thanks to Piotr Sikora.

    *) Bugfix: unexpected connection closure while using 0-RTT in QUIC.
       Thanks to Vladimir Khomutov.
```
2024-05-31 11:32:40 +02:00
Thomas Gerbet
25e4a15f2a nginx: 1.26.0 -> 1.26.1
Fixes CVE-2024-32760, CVE-2024-31079, CVE-2024-35200 and CVE-2024-34161.
Note that the `nginxQuic` derivation rely on `nginxMainline`.

Changes:
```
Changes with nginx 1.26.1                                        29 May 2024

    *) Security: when using HTTP/3, processing of a specially crafted QUIC
       session might cause a worker process crash, worker process memory
       disclosure on systems with MTU larger than 4096 bytes, or might have
       potential other impact (CVE-2024-32760, CVE-2024-31079,
       CVE-2024-35200, CVE-2024-34161).
       Thanks to Nils Bars of CISPA.

    *) Bugfix: reduced memory consumption for long-lived requests if "gzip",
       "gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used.

    *) Bugfix: nginx could not be built by gcc 14 if the --with-atomic
       option was used.
       Thanks to Edgar Bonet.

    *) Bugfix: in HTTP/3.

```
2024-05-31 11:30:28 +02:00
Pol Dellaiera
30881b23db
Merge pull request #299546 from Izorkin/update-angie
angie: add withAcme option
2024-05-27 21:52:47 +02:00
Franz Pletz
e047b23254
Merge pull request #313844 from superherointj/nginx-libgd-optional 2024-05-27 02:10:55 +02:00
Morgan Helton
7ba8d49bd5 pomerium: 0.25.2 -> 0.26.0 2024-05-26 12:29:32 -05:00
Weijia Wang
defedd80f8
Merge pull request #313931 from Lurkki14/gpl2-pkgs-servers
pkgs/servers: remove licenses.gpl2
2024-05-26 14:37:45 +02:00
Izorkin
c0f55c7917
angie: add withAcme option 2024-05-26 13:34:38 +03:00
Emmanuel Rosa
6c62ac1bef jetty: 12.0.8 -> 12.0.9 2024-05-25 15:18:43 -04:00
superherointj
e3e087e9ea nginx: make geoip optional 2024-05-25 12:08:22 -03:00
superherointj
64973309bb nginx: make image filter optional
Reduces nginx package size from 109.88 MiB to 41.99 MiB. Reduction of -67.88 MiB.

GD (libgd.github.io) is a library for the dynamic creation of images.

Co-authored-by: @ulrikstrid
2024-05-25 12:08:22 -03:00
R. Ryantm
510ea77aea angie: 1.4.1 -> 1.5.1 2024-05-25 11:51:38 +00:00
Nick Cao
436a34c741
Merge pull request #313699 from r-ryantm/auto-update/dufs
dufs: 0.40.0 -> 0.41.0
2024-05-23 14:00:58 -04:00
Jussi Kuokkanen
8064d28a4f pkgs/servers: remove licenses.gpl2 2024-05-23 11:49:42 +03:00
superherointj
27a9dd9264 pkgsMusl.nginx: fix build
Fixes:

> error: #warning usage of non-standard #include <sys/cdefs.h> is deprecated [-Werror=cpp]
2024-05-22 20:58:30 -03:00
R. Ryantm
23fbbca6a2 dufs: 0.40.0 -> 0.41.0 2024-05-22 14:41:07 +00:00
Sigmanificient
a2353716f6 treewide: remove unused occurence of fetchurl argument 2024-05-20 05:20:23 +02:00
Thomas Gerbet
b7488ba3b9
Merge pull request #307066 from LeSuisse/nginx-stable-1.26.0
nginxStable: 1.24.0 -> 1.26.0
2024-05-13 14:34:38 +02:00
Andrew Marshall
5e9508802d treewide: mark librusty_v8 as binaryNativeCode
As it is.
2024-05-11 09:28:13 -04:00
Aleksana
632d845324
Merge pull request #308094 from anthonyroussel/update-tomcat
tomcat10: 10.1.20 -> 10.1.23, tomcat9: 9.0.87 -> 9.0.88
2024-05-06 23:23:40 +08:00
Anthony Roussel
154eef1e62
jetty: 12.0.7 -> 12.0.8
https://github.com/jetty/jetty.project/releases/tag/jetty-12.0.8
2024-05-01 12:54:27 +02:00
Anthony Roussel
c027a183a2
tomcat10: 10.1.20 -> 10.1.23 2024-04-30 23:05:37 +02:00
Anthony Roussel
037e6c79c6
tomcat9: 9.0.87 -> 9.0.88 2024-04-30 23:05:23 +02:00
Thomas Gerbet
73d98d9b4a nginxStable: 1.24.0 -> 1.26.0
Changes
http://nginx.org/en/CHANGES-1.26

The 1.24.x branch is now considered EOL.
2024-04-26 23:10:10 +02:00
Claudio Bley
cff95b1624 envoy: Update hash after bazel_6 upgrade 2024-04-26 20:57:53 +02:00
Malte Poll
975307f7ca envoy: 1.27.5 -> 1.30.1
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2024-04-24 15:08:11 +02:00
Paul Meyer
6debc2123a envoy: 1.27.3 -> 1.27.5
Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2024-04-22 15:40:15 +02:00
Sandro
e79a4cbd5c
Merge pull request #304704 from deshaw/upstream-fix-nginxModules.lua 2024-04-17 11:37:59 +02:00
Elliot Cameron
8f67b3d446 nginxModules.spnego-http-auth: fix support for nginx 1.23+ 2024-04-16 23:31:41 -04:00
Elliot Cameron
99afffdc3a nginxModules.lua: remove patch that is already applied
This module was applying a patch that is now included in all versions of Nginx that Nixpkgs supports.
2024-04-16 23:20:55 -04:00
Robert Scott
92b2565469
Merge pull request #303204 from LeSuisse/envoy-CVE-2024-30255-tag
envoy: flag as vulnerable to CVE-2024-30255
2024-04-13 12:24:29 +01:00
Alyssa Ross
8d935aae93 lighttpd: enable debug info 2024-04-11 21:56:18 +02:00
Thomas Gerbet
3ef25cb316 trafficserver: 9.2.3 -> 9.2.4
Fixes CVE-2024-31309.
https://lists.apache.org/thread/f9qh3g3jvy153wh82pz4onrfj1wh13kc

Changes:
https://raw.githubusercontent.com/apache/trafficserver/9.2.x/CHANGELOG-9.2.4
2024-04-11 07:37:19 +02:00
Thomas Gerbet
bc4dc452fa envoy: flag as vulnerable to CVE-2024-30255
Envoy 1.27.4 [0] contains the fix but upgrading it is
not straightforward as the build of the current version
is already broken and only thanks to the caching of the deps
(seems to be the case since the removal of Go 1.20).

Fixing the build seems to require more Bazel knownledge than I have
and the the usual maintainer is currently not available.

[0] https://github.com/envoyproxy/envoy/releases/tag/v1.27.4
2024-04-10 22:43:57 +02:00
Jörg Thalheim
e7ed94636e
Merge pull request #302557 from anthonyroussel/anthonyroussel-stdenvnocc
tomb,win-pvdrivers,tomcat,axis2,jetty: use stdenvNoCC
2024-04-10 09:06:26 +02:00
R. Ryantm
284850eb9b pomerium: 0.25.1 -> 0.25.2 2024-04-10 08:51:49 +02:00
Anthony Roussel
b32b0c5183
tomcat: use stdenvNoCC 2024-04-08 14:31:20 +02:00
Anthony Roussel
d53210f7e0
axis2: use stdenvNoCC 2024-04-08 14:31:13 +02:00
Anthony Roussel
a59474718d
jetty: use stdenvNoCC 2024-04-08 14:31:04 +02:00
Thomas Gerbet
331f875bde apacheHttpd: 2.4.58 -> 2.4.59
Fixes CVE-2024-27316, CVE-2024-27316 and CVE-2023-38709

Changes:
https://downloads.apache.org/httpd/CHANGES_2.4.59
2024-04-04 21:11:38 +02:00
Weijia Wang
c7e0bad032
Merge pull request #299649 from milas/http/unit-1.32.1
unit: 1.32.0 -> 1.32.1
2024-04-03 10:50:32 +02:00