Commit Graph

1607 Commits

Author SHA1 Message Date
R. Ryantm
9d228d71b5 dufs: 0.34.1 -> 0.34.2 2023-06-24 19:37:53 +00:00
Franz Pletz
6a4b949a95
nginxMainline: 1.25.0 -> 1.25.1 2023-06-21 13:47:28 +02:00
R. Ryantm
45cb7359f8 dufs: 0.33.0 -> 0.34.1 2023-06-05 00:25:15 +00:00
R. Ryantm
1b4bcd4d8a jetty: 11.0.14 -> 11.0.15 2023-06-04 13:20:44 +00:00
Bjørn Forsman
14fdabbb7b lighttpd: 1.4.69 -> 1.4.71
Changelogs:
https://www.lighttpd.net/2023/5/27/1.4.71/
https://www.lighttpd.net/2023/5/10/1.4.70/

Update the patch that disables legacy crypt tests, because it doesn't
apply anymore.
2023-06-01 17:08:02 +02:00
Weijia Wang
99060dee6f
Merge pull request #234552 from r-ryantm/auto-update/router
router: 1.18.1 -> 1.19.0
2023-05-30 12:22:04 +03:00
R. Ryantm
c9b945e0f8 webhook: 2.8.0 -> 2.8.1 2023-05-30 02:04:29 +00:00
Sandro Jäckel
819289b1e5
nginxModules.zstd: add SuperSandro2000 as maintainer 2023-05-29 20:41:08 +02:00
Sandro Jäckel
0000007dcc
nginxModules.vts: 0.2.1 -> 0.2.2, add SuperSandro2000 as maintainer 2023-05-29 20:40:50 +02:00
R. Ryantm
cc62398c92 pomerium: 0.22.1 -> 0.22.2 2023-05-29 08:39:07 +00:00
R. Ryantm
6a35ff3d8a router: 1.18.1 -> 1.19.0 2023-05-28 03:48:55 +00:00
Raito Bezarius
69bb0f94de nixos/nginx: first-class PROXY protocol support
PROXY protocol is a convenient way to carry information about the
originating address/port of a TCP connection across multiple layers of
proxies/NAT, etc.

Currently, it is possible to make use of it in NGINX's NixOS module, but
is painful when we want to enable it "globally".
Technically, this is achieved by reworking the defaultListen options and
the objective is to have a coherent way to specify default listeners in
the current API design.
See `mkDefaultListenVhost` and `defaultListen` for the details.

It adds a safeguard against running a NGINX with no HTTP listeners (e.g.
only PROXY listeners) while asking for ACME certificates over HTTP-01.

An interesting usecase of PROXY protocol is to enable seamless IPv4 to
IPv6 proxy with origin IPv4 address for IPv6-only NGINX servers, it is
demonstrated how to achieve this in the tests, using sniproxy.

Finally, the tests covers:

- NGINX `defaultListen` mechanisms are not broken by these changes;
- NGINX PROXY protocol listeners are working in a final usecase
  (sniproxy);
- uses snakeoil TLS certs from ACME setup with wildcard certificates;

In the future, it is desirable to spoof-attack NGINX in this scenario to
ascertain that `set_real_ip_from` and all the layers are working as
intended and preventing any user from setting their origin IP address to
any arbitrary, opening up the NixOS module to bad™ vulnerabilities.

For now, it is quite hard to achieve while being minimalistic about the
tests dependencies.
2023-05-26 19:48:26 +02:00
figsoda
22ec7aebbc treewide/servers: use top-level fetchPypi 2023-05-25 12:06:38 -04:00
Weijia Wang
7ef1ddae9e
Merge pull request #233854 from chkno/hook-spelling
Fix phase name typos in 5 packages' runHook invocations
2023-05-24 23:40:57 +03:00
Sandro
c898813431
Merge pull request #233029 from jlamur/nginx-spnego-build-fix
nginx: fix build of module spnego-http-auth
2023-05-24 21:54:24 +02:00
Scott Worley
f34465fea5 pomerium: Spell "postBuild" correctly 2023-05-24 09:21:51 -07:00
ajs124
27d53b81cc nginxQuic: share src and version with nginxMainline
quic support was merged
still a separate package, because it uses quictls
and sets configureFlags
2023-05-23 18:37:54 +02:00
ajs124
91ecb7d7ff nginxMainline: 1.24.0 -> 1.25.0 2023-05-23 18:28:04 +02:00
Martin Weinelt
9d0bbc2c12
nginxModules.secure-token: 2020-08-28 -> 1.5 2023-05-22 16:29:55 +02:00
Martin Weinelt
2c1cc78307
nginxModules.vod: 1.29 -> 1.31 2023-05-22 16:29:55 +02:00
Robert Scott
6ace7552e3
Merge pull request #233002 from LeSuisse/tomcat9-9.0.75
tomcat9: 9.0.68 -> 9.0.75
2023-05-20 19:07:43 +01:00
Jules Lamur
dcb2cc849e
nginx: fix build of module spnego-http-auth 2023-05-20 16:12:04 +02:00
Robert Scott
ca7f83f6df tomcat*: add sourceProvenance binaryBytecode 2023-05-20 13:03:13 +01:00
Thomas Gerbet
0749e39f64 tomcat9: 9.0.68 -> 9.0.75
Fixes CVE-2022-45143 and CVE-2023-28708.

https://tomcat.apache.org/tomcat-9.0-doc/changelog.html
2023-05-20 13:09:20 +02:00
R. Ryantm
17db7c08d8 pomerium: 0.21.3 -> 0.22.1 2023-05-19 10:22:11 +00:00
R. Ryantm
b166262b1b router: 1.18.0 -> 1.18.1 2023-05-17 00:05:19 +00:00
Izorkin
e5aa2e3b30
unit: add ruby 3.2 2023-05-13 16:55:50 +03:00
Izorkin
ba455450b1
unit: remove ruby_2_7 2023-05-13 16:55:50 +03:00
Izorkin
baa5550162
unit: 1.29.1 -> 1.30.0 2023-05-13 16:55:47 +03:00
divanorama
4d494b82de
Update pkgs/servers/http/envoy/default.nix 2023-05-12 22:04:55 +02:00
Dmitry Ivankov
5a14400712 bazel_6: 6.1.2 -> 6.2.0
https://github.com/bazelbuild/bazel/releases/tag/6.2.0
2023-05-12 15:33:48 +02:00
Luke Granger-Brown
23cd27508f envoy: 1.25.1 -> 1.26.1 2023-05-12 07:54:56 +00:00
Martin Weinelt
4579dfb9ce
Merge pull request #231193 from mweinelt/couchdb-3.3.2
couchdb3: 3.3.1 -> 3.3.2
2023-05-11 16:03:28 +02:00
Martin Weinelt
34ba6c7e16
couchdb3: 3.3.1 -> 3.3.2
https://docs.couchdb.org/en/latest/whatsnew/3.3.html#version-3-3-2
https://docs.couchdb.org/en/latest/cve/2023-26268.html

Fixes: CVE-2023-26268
2023-05-11 02:41:41 +02:00
Dmitry Ivankov
e0d1e77c23 bazel_5: 5.4.0->5.4.1
Also update the updater script.

https://github.com/bazelbuild/bazel/releases/tag/5.4.1

- [X] recalculate fetchAttrs digest for packages built with bazel_5
2023-05-10 16:09:19 +02:00
Sandro
9757bdca3b
Merge pull request #229911 from bbigras/router
router: 1.15.1 -> 1.18.0
2023-05-07 15:42:40 +02:00
Bruno Bigras
5cee3aa13f router: 1.15.1 -> 1.18.0 2023-05-07 01:59:17 -04:00
Thomas Gerbet
62b0017f86 envoy: mark with knownVulnerabilities
Attempts to update `envoy` have not been successful.
Nobody with enough Bazel skills has step up to untangle
the build issues with the latest version.
2023-05-04 23:10:57 +02:00
zowoq
9f8b8befcf nginxModules.zstd: add missing meta 2023-05-04 20:21:37 +10:00
Sandro
7a4d8131fa
Merge pull request #208161 from SuperSandro2000/nginx-modules-meta
nginx: add meta section to modules
2023-05-04 00:59:20 +02:00
Alyssa Ross
2d8c06b637 bozohttpd: 20210227 -> 20220517 2023-05-03 09:38:12 +00:00
R. Ryantm
342ff3209c apacheHttpd: 2.4.56 -> 2.4.57 2023-04-29 07:43:39 +00:00
Sandro Jäckel
50b8c237b7
nginx: move aliases behind config.allowAliases 2023-04-28 21:38:43 +02:00
Sandro Jäckel
0d58522055
nginx: add meta section to modules
Also resolve one github redirect.
2023-04-28 21:38:43 +02:00
R. Ryantm
b94c7f3acc jetty: 11.0.13 -> 11.0.14 2023-04-27 07:14:15 +00:00
Weijia Wang
da3414f938
Merge pull request #227314 from r-ryantm/auto-update/apacheHttpdPackages.mod_auth_mellon
apacheHttpdPackages.mod_auth_mellon: 0.18.0 -> 0.18.1
2023-04-22 22:42:05 +03:00
Ryan Lahfa
1bcb219bd5
Merge pull request #227026 from LeSuisse/unit-drop-php80
unit: drop PHP 8.0 support, add PHP 8.2 support
2023-04-21 15:21:21 +02:00
R. Ryantm
d0070ed03d apacheHttpdPackages.mod_auth_mellon: 0.18.0 -> 0.18.1 2023-04-20 18:47:44 +00:00
Thomas Gerbet
9817e6af85 unit: add PHP 8.2 support 2023-04-19 10:36:33 +02:00
Thomas Gerbet
4855a6f817 unit: drop PHP 8.0 support
PHP 8.0 will be end-of-life before the end of life of the next stable
version of NixOS. Related to #224505.
2023-04-19 10:24:02 +02:00