Commit graph

2370 commits

Author SHA1 Message Date
Michael Raskin
9c15bb7031 Revert "libreoffice: reinstante and use curl 7.48 before the removal of a required feature. CVE's not fixed because of that decision: a Windows-specific DLL substitution and a mbedSSL/PolarSSL specific insufficient certificate validation"
This reverts commit 8fd84fcb87.

While I was testing my solution, @obadz have committed a different and
hopefully a better one.
2016-08-01 17:32:10 +02:00
Michael Raskin
8fd84fcb87 libreoffice: reinstante and use curl 7.48 before the removal of a required feature. CVE's not fixed because of that decision: a Windows-specific DLL substitution and a mbedSSL/PolarSSL specific insufficient certificate validation 2016-08-01 17:22:41 +02:00
Frederik Rietdijk
ea6bd8fa79 py-unbound: fix evaluation 2016-08-01 10:19:48 +02:00
Frederik Rietdijk
8f9326ffd8 Merge pull request #17323 from arpa2/hashslinger
Hash-slinger: init at  2.7.0
2016-08-01 09:57:12 +02:00
Michiel Leenaars
c8f2d8dae0 py-unbound: init at 1.5.9 2016-08-01 09:51:33 +02:00
Miguel Madrid
fa03b541b2 curl: 7.47.1 -> 7.50.0 (#17152) 2016-07-30 21:38:06 +01:00
Jinjing Wang
c8f535b452 shadowsocks-libev: 2.4.7 -> 2.4.8 (#17366) 2016-07-30 01:20:56 +01:00
Rob Vermaas
9494b764d2 dd-agent: support jmx, needs a separate daemon nowadays.
(cherry picked from commit 1425a1f964adc2e2eb668810f3f158089035cd3d)
2016-07-29 12:42:07 +00:00
Damien Cassou
86393cfc20 Merge pull request #17301 from DamienCassou/offlineimap-7.0.1
offlineimap: 7.0.0 -> 7.0.2
2016-07-27 16:51:32 +02:00
Damien Cassou
b43df7a225 offlineimap: 7.0.0 -> 7.0.2 2016-07-27 16:50:37 +02:00
Joachim Fasting
7646bea560
dnscrypt-proxy: fix faulty use of platforms.allBut
In 63b6498aa0 I added a faulty
use of `platforms.allBut` causing dnscrypt-proxy to continue
being built (and failing) on OS X. D'oh!
2016-07-26 23:10:46 +02:00
José Romildo Malaquias
f2cdd55412 cmst: 2016.01.28 -> 2016.04.03 (#17134) 2016-07-25 20:32:42 +01:00
Arseniy Seroka
88a89dedc6 Merge pull request #17211 from DamienCassou/offlineimap-7.0.0
offlineimap: 6.7.0.2 -> 7.0.0
2016-07-24 15:45:00 +04:00
Tobias Geerinckx-Rice
7c84bd121a
dropbear: 2016.73 -> 2016.74
Security fixes:
- Message printout was vulnerable to format string injection
- dropbearconvert import of OpenSSH keys could run arbitrary code
  as the local dropbearconvert user when parsing malicious key
  files
- dbclient could run arbitrary code as the local dbclient user if
  particular -m or -c arguments are provided
- dbclient or dropbear server could expose process memory to the
  running user if compiled with DEBUG_TRACE and running with -v

Fixes:
- Fix port forwarding failure when connecting to domains that have
  both IPv4 and IPv6 addresses. The bug was introduced in 2015.68
- Fix 100% CPU use while waiting for rekey to complete
2016-07-23 21:29:51 +02:00
Damien Cassou
0f6b69b46e offlineimap: 6.7.0.2 -> 7.0.0 2016-07-23 18:59:01 +02:00
Tuomas Tynkkynen
77a73115cd chrony: Tweak meta
- "repository" -> "repositories"
- reflow longDescription
2016-07-23 13:36:37 +03:00
Daiderd Jordan
e8343fbb38 Merge pull request #17137 from romildo/new.connman-notify
connman-notify: init at 2014-06-23
2016-07-23 00:36:11 +02:00
Graham Christensen
0cbea742ab Merge pull request #17175 from DamienCassou/offlineimap-6.7.0.2
offlineimap: 6.7.0.1 -> 6.7.0.2
2016-07-22 15:44:42 +00:00
Damien Cassou
24e632b242 offlineimap: 6.7.0.1 -> 6.7.0.2 2016-07-22 17:12:57 +02:00
Tobias Geerinckx-Rice
0d7da216be Merge pull request #17166 from peterhoeg/bully
bully: new upstream
2016-07-22 07:45:10 +02:00
Peter Hoeg
729bc134ea bully: new upstream 2016-07-22 13:08:16 +08:00
zimbatm
1018a00b89 Merge pull request #17149 from grahamc/k0001-weighttp-sha256
weighttp: 0.3 -> 0.4
2016-07-21 20:18:50 +01:00
Renzo Carbonara
8859fd948a
weighttp: 0.3 -> 0.4
cgit doesn't generate stable archives, so the SHA changed when there
was a commit earlier this year. Using fetchgit in hopes of stabilizing
the checked out sha.
2016-07-21 08:26:39 -05:00
Tuomas Tynkkynen
212dd434ec atftp: 0.7 -> 0.7.1 2016-07-21 07:22:17 +03:00
Franz Pletz
2ce60ead60 zerotierone: fix evaluation 2016-07-21 04:56:19 +02:00
José Romildo Malaquias
38d896aeee connman-notify: init at 2014-06-23 2016-07-20 22:44:55 -03:00
Rok Garbas
e2f6c6b9d2 Merge pull request #16620 from zimbatm/ronn-0.7.3
Ronn 0.7.3
2016-07-21 01:23:06 +02:00
cransom
4a9b640f37 smokeping: init at 2.6.11 (#17090)
Includes a module for service setup and a test
to verify functionality of both service and pkg.
2016-07-21 01:07:59 +02:00
Franz Pletz
eacabb9993 shncpd: init at 2016-06-22 2016-07-17 17:15:23 +02:00
Franz Pletz
8a6fce5431 ndjbdns: 1.05.9 -> 1.06 2016-07-17 17:15:23 +02:00
Eelco Dolstra
211bed46c4 Merge pull request #17004 from rickynils/openssh_privsep_dir
openssh: Use the default privilege separation dir (/var/empty)
2016-07-17 13:28:44 +02:00
Joachim F
5c837e952d Merge pull request #17001 from womfoo/fix/vtun
vtun: add debian gcc5 fix
2016-07-16 21:26:50 +02:00
Kranium Gikos Mendoza
16cc4dd3a3 vtun: add debian gcc5 fix 2016-07-16 21:07:21 +08:00
Joachim F
0fdd630965 Merge pull request #16726 from womfoo/bump/proxychains-4.2.0
proxychains: 4.0.1-head -> 4.2.0
2016-07-16 13:19:26 +02:00
Rickard Nilsson
4f8f1c30cb openssh: Use the default privilege separation dir (/var/empty)
(This is a rewritten version of the reverted commit
a927709a35, that disables the creation of
/var/empty during build so that sandboxed builds also works. For more
context, see https://github.com/NixOS/nixpkgs/pull/16966)

If running NixOS inside a container where the host's root-owned files
and directories have been mapped to some other uid (like nobody), the
ssh daemon fails to start, producing this error message:

fatal: /nix/store/...-openssh-7.2p2/empty must be owned by root and not group or world-writable.

The reason for this is that when openssh is built, we explicitly set
`--with-privsep-path=$out/empty`. This commit removes that flag which
causes the default directory /var/empty to be used instead. Since NixOS'
activation script correctly sets up that directory, the ssh daemon now
also works within containers that have a non-root-owned nix store.
2016-07-16 10:15:58 +02:00
Frederik Rietdijk
2e986016d0 Merge pull request #16946 from phanimahesh/fix-16198
Fix typo: s/propogate/propagate/
2016-07-15 15:00:01 +02:00
Bjørn Forsman
2ad0a84751 Revert "openssh: Use the default privilege separation dir (/var/empty)"
This reverts commit a927709a35 because it
doesn't build:

$ nix-build -A openssh
...
mkdir /nix/store/yl2xap8n1by3dqxgc4rmrc4s753676a3-openssh-7.2p2/libexec
(umask 022 ; ./mkinstalldirs /var/empty)
mkdir /var
mkdir: cannot create directory '/var': Permission denied
mkdir /var/empty
mkdir: cannot create directory '/var/empty': No such file or directory
make: *** [Makefile:304: install-files] Error 1
builder for ‘/nix/store/ifygp4mqpv7l8cgp0njp8w7lmrl6brpp-openssh-7.2p2.drv’ failed with exit code 2
2016-07-15 12:42:37 +02:00
Rickard Nilsson
a927709a35 openssh: Use the default privilege separation dir (/var/empty)
If running NixOS inside a container where the host's root-owned files
and directories have been mapped to some other uid (like nobody), the
ssh daemon fails to start, producing this error message:

fatal: /nix/store/...-openssh-7.2p2/empty must be owned by root and not group or world-writable.

The reason for this is that when openssh is built, we explicitly set
`--with-privsep-path=$out/empty`. This commit removes that flag which
causes the default directory /var/empty to be used instead. Since NixOS'
activation script correctly sets up that directory, the ssh daemon now
also works within containers that have a non-root-owned nix store.
2016-07-14 20:54:06 +02:00
zimbatm
dc6306a69d zerotierone: 1.1.6 -> 1.1.12 2016-07-14 14:02:54 +01:00
J Phani Mahesh
ac19f09122 wicd: propogatedBuildInputs -> propagatedBuildInputs 2016-07-14 17:23:06 +05:30
Ioannis Koutras
d861911263 ocproxy: init at 1.50 2016-07-13 17:15:23 +03:00
Robert Helgesson
c9b9619636 nethogs: 0.8.1 -> 0.8.5 2016-07-13 13:17:24 +02:00
Arseniy Seroka
a7f87bd518 Merge pull request #16904 from womfoo/fix-bump/smbldaptools-0.9.11
smbldaptools: 0.9.10 -> 0.9.11
2016-07-13 14:52:07 +04:00
Kranium Gikos Mendoza
d5e70a2adc smbldaptools: 0.9.10 -> 0.9.11 2016-07-13 09:01:25 +08:00
joachifm
3df7f3cbc3 Merge pull request #16831 from womfoo/fix-bump/gtkgnutella-1.1.9
gtk-gnutella: fix build and 1.1.5 -> 1.1.9
2016-07-12 16:21:36 +02:00
joachifm
7a54a71c9e Merge pull request #16808 from 4z3/urlwatch
urlwatch: 2.1 -> 2.2
2016-07-12 16:20:17 +02:00
Gabriel Ebner
51e1b2508c Merge pull request #16878 from womfoo/bump/siege-4.0.2
siege: 4.0.1 -> 4.0.2
2016-07-12 08:23:15 +02:00
Kranium Gikos Mendoza
e54223e8bb siege: 4.0.1 -> 4.0.2 2016-07-12 13:31:31 +08:00
Gabriel Ebner
ad41b8fa19 mu: fix build of webkit support and re-enable it 2016-07-11 10:37:31 +02:00
Jookia
ba2232f1f2 srelay: init at 0.4.8b6 (#16833) 2016-07-11 03:41:02 +02:00