Follow-up to the following commits:
abdc5961c3: Fix starting the firewall
e090701e2d: Order before sysinit
Solely use sysinit.target here instead of multi-user.target because we
want to make sure that the iptables rules are applied *before* any
socket units are started.
The reason I've dropped the wantedBy on multi-user.target is that
sysinit.target is already a part of the dependency chain of
multi-user.target.
To make sure that this holds true, I've added a small test case to
ensure that during switch of the configuration the firewall.service is
considered as well.
Tested using the firewall NixOS test.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @edolstra
Probably as a result of 992c514a20, it
was not being started anymore.
My understanding of systemd.special(7) (section "Special passive
system units") is that the firewall should want network-pre.target,
rather than the other way around (not very intuitive...). This in
itself does not cause the firewall to be wanted, which is why the
wanted-by relationship with multi-user.target is necessary.
http://hydra.nixos.org/build/39965589
So far we don't yet need the Qt 5 build for qtkeychain because the two
packages that depend on it are still using Qt 4. However, the next
upstream version of Tomahawk for example already uses Qt 5, so let's
prepare for that.
Tested building against Tomahawk Git master with qt5.qtkeychain.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Upstream changes since version 0.4.0:
* version 0.5.0 (release 2015-05-04):
- Added support for KWallet5 (KDE5/KF)
* version 0.6.0 (release 2016-03-18)
- Added support for the Windows Credential Store
* version 0.6.1 (release 2016-03-31)
- Fix KWallet not working (regressions in 0.6.0)
* version 0.6.2 (release 2016-04-04)
- KWallet: Fixes a crash when storing passwords, seen on Debian/KDE4
* version 0.7.0 (release 2016-05-23)
- Bump SO version due to 0.6 being binary-incompatible to previous
releases
Tomahawk and owncloud-client depend on this library, both are still
building fine after this update.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
The following doesn't seem to be quite right and I have missed this when
I was introducing qtkeychain in the first place:
-- Installing: /nix/store/...-qtkeychain-0.4.0/$out/share/qt/translations/qtkeychain_de.qm
-- Installing: /nix/store/...-qtkeychain-0.4.0/$out/share/qt/translations/qtkeychain_ro.qm
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes the following security problems:
- CVE-2016-5147: Universal XSS in Blink
- CVE-2016-5148: Universal XSS in Blink
- CVE-2016-5149: Script injection in extensions
- CVE-2016-5150: Use after free in Blink
- CVE-2016-5151: Use after free in PDFium
- CVE-2016-5152: Heap overflow in PDFium
- CVE-2016-5153: Use after destruction in Blink
- CVE-2016-5154: Heap overflow in PDFium
- CVE-2016-5155: Address bar spoofing
- CVE-2016-5156: Use after free in event bindings
- CVE-2016-5157: Heap overflow in PDFium
- CVE-2016-5158: Heap overflow in PDFium
- CVE-2016-5159: Heap overflow in PDFium
- CVE-2016-5160: Extensions web accessible resources bypass
- CVE-2016-5161: Type confusion in Blink.
- CVE-2016-5162: Extensions web accessible resources bypass
- CVE-2016-5163: Address bar spoofing
- CVE-2016-5164: Universal XSS using DevTools
- CVE-2016-5165: Script injection in DevTools
- CVE-2016-5166: SMB Relay Attack via Save Page As
- CVE-2016-5167: Various fixes from internal audits, fuzzing and other initiatives
A few additional changes:
1. We load patches from debian for improving privacy and security
2. Now with QT 5.6 instead of 5.5
3. We strip bundled python code and use proper upstream instead