Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

upgrade-2020-06-07-0a11634a29c #352

Open
wants to merge 348 commits into
base: nixos-19.09
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
348 commits
Select commit Hold shift + click to select a range
3b9b10e
openjpeg: add patch for CVE-2020-8112
mmilata Mar 12, 2020
c26a26d
Merge #78736: cpio: 2.12 -> 2.13 (into staging-19.09)
vcunat Mar 15, 2020
021b296
Merge branch 'staging-19.09' into release-19.09
vcunat Mar 15, 2020
686362c
Merge branch 'staging-19.09' into release-19.09
vcunat Mar 15, 2020
0c2b734
Merge branch 'release-19.09' into staging-19.09
vcunat Mar 15, 2020
45f415a
libssh: 0.8.7 -> 0.8.8
mmilata Mar 13, 2020
cdd33cb
lz4: 1.9.1 -> 1.9.2 (PR #82437)
mmilata Mar 12, 2020
7d27cc8
samba4: patch all remaining security issues
vcunat Mar 15, 2020
a9d4746
python3Packages.signedjson: 1.0.0 -> 1.1.0
Ma27 Feb 18, 2020
dce33f1
matrix-synapse: 1.9.1 -> 1.11.1
Ma27 Mar 16, 2020
107ffbb
Merge branch 'staging-19.09' into release-19.09
vcunat Mar 16, 2020
9a808dd
libxml2: add patch for CVE-2019-20388
mmilata Mar 12, 2020
311c3fd
nextcloud: 16.0.8 -> 16.0.9
flokli Mar 15, 2020
8d7fd7e
Merge pull request #82697 from flokli/19.09-nextcloud-16.0.9
flokli Mar 16, 2020
4f69f2c
opensmtpd: mark as insecure due to CVE-2020-8794 / #80978
obadz Mar 17, 2020
7db6a85
opensmtpd: 6.4.2p1 -> 6.6.1p1
flokli Nov 8, 2019
3ecd571
opensmtpd: 6.6.1p1 -> 6.6.2p1
fpletz Jan 29, 2020
7a106bd
opensmtpd: 6.6.2p1 -> 6.6.3p1
r-ryantm Feb 13, 2020
521c676
opensmtpd: 6.6.3p1 -> 6.6.4p1
andir Feb 24, 2020
ce282f0
Revert "opensmtpd: mark as insecure due to CVE-2020-8794 / #80978"
Mic92 Mar 17, 2020
fe67f42
Revert "opensmtpd: apply patch for CVE-2020-7247.patch"
Mic92 Mar 17, 2020
29431a0
opensmtpd: build against openssl
Mic92 Mar 17, 2020
bf7c0f0
Merge pull request #82775 from Mic92/opensmtpd-backport
obadz Mar 17, 2020
41f1484
openssl: 1.1.1d -> 1.1.1e
andir Mar 17, 2020
30fdf95
Merge remote-tracking branch 'origin/release-19.09' into staging-19.09
veprbl Mar 17, 2020
0e1cf19
buildGoModule: disable consult the checksum database on build
marsam Dec 1, 2019
dd9a493
tailscale: init at 0.96-33
Mar 8, 2020
65ff637
tailscale: 0.96-33 -> 0.97-0.
danderson Mar 18, 2020
87834cb
Merge pull request #82791 from andir/19.09/openssl
andir Mar 18, 2020
b0055f4
Merge branch 'staging-19.09' into release-19.09
vcunat Mar 18, 2020
0e01f4f
brave: 1.4.96 -> 1.5.112
JeffLabonte Mar 18, 2020
8963012
Merge pull request #81789 from JeffLabonte/19_09-brave_1.4.95_to_1.4.96
grahamc Mar 19, 2020
493a837
riot-web: 1.5.10 -> 1.5.13
Ma27 Mar 17, 2020
5d89c0b
linuxPackages.wireguard: 0.0.20200215 -> 0.0.20200318
Ma27 Mar 19, 2020
49eed3a
Revert "openssl: 1.1.1d -> 1.1.1e"
KamilaBorowska Mar 19, 2020
359de6b
chromium: 80.0.3987.132 -> 80.0.3987.149
primeos Mar 18, 2020
490d066
wireguard-tools: 1.0.20200206 -> 1.0.20200319
Ma27 Mar 19, 2020
db12da3
Merge pull request #82958 from primeos/chromium-backport
primeos Mar 20, 2020
2cc4474
nodejs-12_x: 12.14.1 -> 12.15.0
marsam Feb 6, 2020
9b2a26d
nodejs-12_x: 12.15.0 -> 12.16.0
marsam Feb 11, 2020
8e47767
nodejs-12_x: 12.16.0 -> 12.16.1
marsam Feb 19, 2020
2071e3b
openssl(_1_1): patch CVE-2019-1551
vcunat Mar 21, 2020
b2d71b4
Merge openssl(_1_1) downgrade (into release-19.09)
vcunat Mar 21, 2020
36cbcdc
grafana: 6.6.2 -> 6.7.0
Frostman Mar 19, 2020
c3a9111
grafana: 6.7.0 -> 6.7.1
Frostman Mar 21, 2020
85600b7
grafana: add Frostman to maintainers
Frostman Mar 21, 2020
4aac2c3
grafana: Drop Frostman from maintainers
dasJ Mar 22, 2020
8b8e73a
Merge pull request #83109 from helsinki-systems/bp-drop-frostman
Ma27 Mar 22, 2020
534e341
linux: 5.4.24 -> 5.4.25
NeQuissimus Mar 14, 2020
fb2dcec
linux: 4.14.173 -> 4.14.174
NeQuissimus Mar 22, 2020
5801ac4
linux: 4.19.109 -> 4.19.112
NeQuissimus Mar 22, 2020
dbea1f6
linux: 4.4.216 -> 4.4.217
NeQuissimus Mar 22, 2020
7dfe28c
linux: 4.9.216 -> 4.9.217
NeQuissimus Mar 22, 2020
216cd6c
linux: 5.4.25 -> 5.4.27
NeQuissimus Mar 22, 2020
75569aa
tailscale: switch version and git ref to use a tag.
danderson Mar 23, 2020
609a3da
tailscale: build using Go 1.13 explicitly.
danderson Mar 18, 2020
96c4045
Add packages.json to the tarball job
edolstra Mar 24, 2020
0ce53c4
Compress optionsJSON using brotli
edolstra Mar 24, 2020
1a54743
nixos/release-small.nix: Export options job
edolstra Mar 24, 2020
c0ce6d0
protonvpn-cli-ng: 2.2.0 -> 2.2.2
JeffLabonte Mar 4, 2020
da19ebc
gitlab: 12.8.6 -> 12.8.7 (#82838) (#83354)
talyz Mar 25, 2020
67643b0
linux: 4.19.112 -> 4.19.113
NeQuissimus Mar 25, 2020
6f11eda
linux: 5.4.27 -> 5.4.28
NeQuissimus Mar 25, 2020
ae48415
Merge pull request #83328 from JeffLabonte/update_protonvpn_ng_2.2.0-…
bhipple Mar 26, 2020
d5895b9
signal-desktop: 1.32.1 -> 1.32.2
primeos Mar 26, 2020
59c3b5f
Merge pull request #83417 from primeos/signal-desktop-backport
primeos Mar 26, 2020
008fc89
nix-bash-completions: 0.6.7 -> 0.6.8 (#81019)
hedning Mar 5, 2020
df07596
wire-desktop: Fix StartupWMClass
arianvp Mar 24, 2020
a932b1c
signal-desktop: 1.32.2 -> 1.32.3
primeos Mar 26, 2020
3be8b45
Merge pull request #83450 from primeos/signal-desktop-backport
primeos Mar 26, 2020
fbdb1ae
gitlab: 12.8.7 -> 12.8.8
flokli Mar 27, 2020
1881b34
matrix-synapse: 1.11.1 -> 1.12.0
ajs124 Mar 23, 2020
64a3ccb
Merge pull request #82831 from danderson/tailscale-19.09
grahamc Mar 27, 2020
939178c
bluez: apply patches for CVE-2020-0556
bhipple Mar 14, 2020
598a9cb
nginx: Fix ETag patch to ignore realpath(3) error
aszlig Feb 20, 2020
28dd9c3
tor-browser-bundle-bin: 9.0.5 -> 9.0.7
scaredmushroom Mar 28, 2020
95d7551
Merge branch 'release-19.09' into staging-19.09
vcunat Mar 28, 2020
54e8994
riot-desktop: fix StartupWMClass
worldofpeace Mar 28, 2020
ace3bb3
Merge pull request #83602 from scaredmushroom/tor-browser-bundle-bin_…
Ma27 Mar 29, 2020
ac678d9
Merge branch 'release-19.09' into staging-19.09
vcunat Mar 28, 2020
e8f5908
Merge branch 'staging-19.09' into release-19.09
vcunat Mar 29, 2020
1bf2637
Merge #83013: exiv2: patch CVE-2019-20421
vcunat Mar 29, 2020
e7ad715
brave: 1.5.112 -> 1.5.115
JeffLabonte Mar 22, 2020
c7363c2
make-tarball.nix: Strip source directory from packages.json
edolstra Mar 29, 2020
2015db3
python3Packages.twisted: fix CVE-2020-10109
Ma27 Mar 27, 2020
a8639df
python3Packages.pysaml2: fix tests
Ma27 Mar 29, 2020
856dbd1
ghc-8.4.4.nix: Do not use git.haskell.org
nomeata Mar 29, 2020
ce73818
Merge pull request #83026 from wmertens/nodejs-backport
wmertens Mar 30, 2020
58dec78
mattermost-desktop: fix filechooser causing crash
evils Nov 6, 2019
6d445f8
mattermost-desktop: version 4.2.3 -> 4.3.1
evils Nov 5, 2019
85d879e
grafana: 6.7.1 -> 6.6.2
Ma27 Mar 31, 2020
d011e47
Merge pull request #83516 from Ma27/synapse-19.09
lheckemann Apr 1, 2020
6011c05
ruby_2_5: 2.5.7 -> 2.5.8
marsam Mar 31, 2020
deb8fd1
ruby_2_6: 2.6.5 -> 2.6.6
marsam Mar 31, 2020
926c763
linux: 5.4.28 -> 5.4.29
NeQuissimus Apr 1, 2020
190fbfd
chromium: fix webrtc interaction with pulseaudio
peti Mar 23, 2020
5ae092f
chromium: I accidentally added the webrtc patch into the wrong section
peti Mar 24, 2020
96614c2
chromium: 80.0.3987.149 -> 80.0.3987.162
primeos Apr 1, 2020
c221bb2
linux: 4.19.113 -> 4.19.114
NeQuissimus Apr 2, 2020
c5ad5d0
linux: 5.4.29 -> 5.4.30
NeQuissimus Apr 2, 2020
7d82b77
linux: 4.14.174 -> 4.14.175
NeQuissimus Apr 2, 2020
c95a98e
linux: 4.4.217 -> 4.4.218
NeQuissimus Apr 2, 2020
0ee9cef
linux: 4.9.217 -> 4.9.218
NeQuissimus Apr 2, 2020
1ca8a06
chromium: 80.0.3987.162 -> 80.0.3987.163
primeos Apr 2, 2020
6ce362a
Merge pull request #84107 from primeos/chromium-backport
primeos Apr 3, 2020
7a429e7
linuxPackages.wireguard: 0.0.20200318 -> 1.0.20200401
Ma27 Apr 1, 2020
f7f1d53
firefox: 74.0 -> 74.0.1
andir Apr 4, 2020
a90f68b
firefox-esr: 68.6.0esr -> 68.6.1esr
andir Apr 4, 2020
3c0b770
firefox-beta-bin: 75.0b1 -> 75.0b11
andir Apr 4, 2020
ca1ee17
firefox-bin: 74.0 -> 74.0.1
andir Apr 4, 2020
2d0be77
firefox-devedition-bin: 75.0b1 -> 75.0b12
andir Apr 4, 2020
b3e1b81
apacheHttpd: 2.4.41 -> 2.4.43
r-ryantm Apr 1, 2020
e10c65c
Merge pull request #84251 from andir/19.09/firefox
andir Apr 4, 2020
c1ef04e
Merge #84273: gnutls: 3.6.11.1 -> 3.6.13 [security]
vcunat Apr 5, 2020
30b05e1
wire-desktop: mac 3.15.3621 -> 3.16.3630
toonn Apr 6, 2020
f86271a
Merge pull request #84496 from toonn/release-19.09
flokli Apr 6, 2020
528b5b6
brave: 1.5.115 -> 1.5.123
JeffLabonte Apr 3, 2020
832d4e9
libvpx_1_8: init at 1.8.2
andir Apr 7, 2020
70bca49
firefox: prepare for version 75
andir Apr 6, 2020
0ffd59a
firefox: use nodejs-12_x for firefox >= 75
andir Apr 7, 2020
5f4b02f
firefox: 74.0.1 -> 75.0
andir Apr 7, 2020
0280d88
firefox-esr-68: 68.6.1esr -> 68.7.0esr
andir Apr 7, 2020
9dda51b
firefox-bin: 74.0.1 -> 75.0
andir Apr 7, 2020
08a7e09
firefox-beta-bin: 75.0b11 -> 76.0b1
andir Apr 7, 2020
aaffe07
firefox-devedition-bin: 75.0b12 -> 76.0b1
andir Apr 7, 2020
16d0add
Merge pull request #84590 from andir/19.09/firefox
andir Apr 7, 2020
be180f6
signal-desktop: 1.32.3 -> 1.33.0
primeos Apr 8, 2020
82de063
chromium: Ignore unknown warning options
primeos Apr 2, 2020
631a5ef
chromiumDev: Remove a patch that is already applied
primeos Apr 2, 2020
dd0d0e6
chromiumBeta: Fix the build
primeos Apr 7, 2020
7c60e5c
chromium: 80.0.3987.163 -> 81.0.4044.92
primeos Apr 7, 2020
35cfc19
Merge pull request #84708 from primeos/signal-desktop-backport
primeos Apr 8, 2020
6a8c4f7
linux: 5.4.30 -> 5.4.31
NeQuissimus Apr 8, 2020
7770f3a
Merge pull request #84709 from primeos/chromium-backport
primeos Apr 8, 2020
77b9000
vocal: add missing glib-networking
Mic92 Apr 8, 2020
52577ba
Merge pull request #84294 from aanderse/httpd-19.09
aanderse Apr 9, 2020
60c4ddb
linuxPackagesFor: wireguard: noop for kernel >= 5.6
d-xo Dec 30, 2019
ebf64ea
tor-browser-bundle-bin: 9.0.7 -> 9.0.9
andriokha Apr 9, 2020
02f2241
Merge pull request #84892 from andriokha/tor-browser-bundle-bin-9.0.9…
joachifm Apr 10, 2020
99a27f4
Merge #84773: thunderbird*: 68.6.0 -> 68.7.0 (security)
vcunat Apr 9, 2020
839cd8d
Merge #83022: simutrans: 120.2.2 -> 120.4.1 (unbreak)
vcunat Apr 12, 2020
5fa2612
Merge pull request #84536 from JeffLabonte/19.09-brave_1.5.115_to_1.5…
marsam Apr 12, 2020
f35e61d
linux: 4.4.218 -> 4.4.219
NeQuissimus Apr 13, 2020
f52196c
linux: 4.14.175 -> 4.14.176
NeQuissimus Apr 13, 2020
81ca80c
linux: 4.19.114 -> 4.19.115
NeQuissimus Apr 13, 2020
fec536f
linux: 4.9.218 -> 4.9.219
NeQuissimus Apr 13, 2020
ee95a68
linux: 5.4.31 -> 5.4.32
NeQuissimus Apr 13, 2020
f6c1d3b
luminance-hdr: use Qt5's mkDerivation
dominikh Apr 5, 2020
b67bc34
Merge pull request #79772 from wamserma/fix-aspell-CVEs-backport
risicle Apr 15, 2020
dd46307
Merge branch 'staging-19.09' into release-19.09
vcunat Apr 16, 2020
4f86f06
git: 2.23.1 -> 2.23.2 (CVE-2020-5260)
vcunat Apr 16, 2020
6f5b979
[19.09] flashplayer: 32.0.0.330 -> 32.0.0.363
taku0 Apr 14, 2020
9cb226c
chromium: 81.0.4044.92 -> 81.0.4044.113
primeos Apr 16, 2020
9eeef58
Merge pull request #85409 from tollb/flashplayer-32.0.0.363-release-1…
7c6f434c Apr 16, 2020
648a695
nexus: 3.18.1-01 -> 3.22.0-02
zaninime Apr 17, 2020
27c9e08
Merge pull request #85405 from primeos/chromium-backport
primeos Apr 17, 2020
6c9572a
linux: 4.19.115 -> 4.19.116
NeQuissimus Apr 17, 2020
36586a9
linux: 5.4.32 -> 5.4.33
NeQuissimus Apr 17, 2020
fed820b
Merge pull request #85429 from zaninime/backport-nexus
Ma27 Apr 17, 2020
3bd563f
maintainers: add wamserma
wamserma Apr 18, 2020
fdd75ab
maintainers: backport gazally
ehmry Apr 12, 2020
9237a09
yggdrasil: backport at 0.3.10
ehmry Apr 12, 2020
dff7016
chromium{Beta,Dev}: M81 -> M83 -> M84
primeos Apr 16, 2020
c0439ba
chromiumBeta: Mark as broken
primeos Apr 22, 2020
e45440a
chromium: 81.0.4044.113 -> 81.0.4044.122
primeos Apr 21, 2020
5a3490d
Merge pull request #85760 from primeos/chromium-backport
flokli Apr 22, 2020
a9750db
Merge release-19.09 into staging-19.09
FRidh Apr 22, 2020
cae3ac8
git: 2.23.2 -> 2.23.3 (security, CVE-2020-11008)
primeos Apr 22, 2020
336ef08
enyo-doom: use qt5's mkDerivation
mmilata Apr 7, 2020
fef4a36
httraqt: use qt5's mkDerivation
mmilata Apr 7, 2020
a508612
yabause: use qt5's mkDerivation
mmilata Apr 7, 2020
640e0d4
calaos_installer: use qt5's mkDerivation
mmilata Apr 7, 2020
afc608d
caneda: use qt5's mkDerivation
mmilata Apr 7, 2020
52ee2d5
valentina: use qt5's mkDerivation
mmilata Apr 7, 2020
163b434
traverso: use qt5's mkDerivation
mmilata Apr 7, 2020
8f63757
swift-im: use qt5's mkDerivation
mmilata Apr 7, 2020
754a796
ricochet: use qt5's mkDerivation
mmilata Apr 7, 2020
c988766
qstopmotion: use qt5's mkDerivation
mmilata Apr 7, 2020
fa24ad0
qmediathekview: use qt5's mkDerivation
mmilata Apr 7, 2020
9b1849a
qcomicbook: use qt5's mkDerivation
mmilata Apr 7, 2020
24490a6
phototonic: use qt5's mkDerivation
mmilata Apr 7, 2020
02635e3
openbrf: use qt5's mkDerivation
mmilata Apr 7, 2020
51e4700
okteta: use qt5's mkDerivation
mmilata Apr 7, 2020
c601b3e
mindforger: use qt5's mkDerivation
mmilata Apr 7, 2020
7a6c6ba
dfasma: use qt5's mkDerivation
mmilata Apr 7, 2020
183bb76
bomi: use qt5's mkDerivation
mmilata Apr 7, 2020
77e281f
awesomebump: use qt5's mkDerivation
mmilata Apr 7, 2020
1cbdf95
aqemu: use qt5's mkDerivation
mmilata Apr 7, 2020
ef7e187
qt-box-editor: use qt5's mkDerivation
mmilata Apr 7, 2020
64301c0
rocket: use qt5's mkDerivation
mmilata Apr 7, 2020
641f664
pro-office-calculator: use qt5's mkDerivation
mmilata Apr 7, 2020
0dd1ea1
iannix: use qt5's mkDerivation
mmilata Apr 7, 2020
7d215ac
glogg: use qt5's mkDerivation
mmilata Apr 7, 2020
8c7b082
firebird-emu: use qt5's mkDerivation
mmilata Apr 7, 2020
2ebfd55
colord-kde: use qt5's mkDerivation
mmilata Apr 7, 2020
0b8156d
candle: use qt5's mkDerivation
mmilata Apr 7, 2020
dacd7f3
tensor: use qt5's mkDerivation
mmilata Apr 7, 2020
f37435d
openssl: patch CVE-2020-1967
mweinelt Apr 22, 2020
04273c3
Merge pull request #85818 from mweinelt/19.09/openssl/cve-2020-1967
andir Apr 23, 2020
9642f12
Merge staging-19.09 into release-19.09
FRidh Apr 23, 2020
bfee698
gnome3.mutter: fix desktop freezing after ~50 days idle
worldofpeace Apr 24, 2020
c4799f0
gnome3.mutter328: backports from gnome-3-28
worldofpeace Apr 24, 2020
54a3772
hostapd: apply patch for CVE-2019-16275
mweinelt Apr 25, 2020
39a1ac5
Merge pull request #86001 from mweinelt/19.09/hostapd/cve-2019-16275
worldofpeace Apr 25, 2020
e6d222f
Merge pull request #85805 from mmilata/qt5-mkDerivation-stdenv-19.09
worldofpeace Apr 25, 2020
4a0df0c
ninja: fix 404'ing patch
cole-h Apr 22, 2020
f907dc9
nixos/gitlab: Fix services.gitlab.enableStartTLSAuto
talyz Apr 28, 2020
9ffae2a
Merge pull request #86191 from talyz/release-19.09
talyz Apr 28, 2020
7b9f3c8
gitlab: 12.8.8 -> 12.8.9
flokli Apr 20, 2020
57df0aa
gitlab: support passing --rev to the `update-all` script
flokli Apr 20, 2020
767ca36
gitlab-workhorse: 8.21.1 -> 8.21.2
flokli Apr 20, 2020
68169a7
gitaly: 12.8.8 -> 12.8.9
flokli Apr 20, 2020
a7ceb25
gitlab: update.py: invoke bundle lock manually
manveru Apr 21, 2020
4b39bb8
chromium: 81.0.4044.122 -> 81.0.4044.129
primeos Apr 28, 2020
ac3ed15
coturn: apply patch for CVE-2020-6061/6062
mweinelt Apr 28, 2020
1d06d40
Merge pull request #86271 from mweinelt/19.09/coturn/CVE-2020-6061+6062
rasendubi Apr 29, 2020
e27493e
monotone: openssl in botan is not needed, so drop to avoid old openssl
7c6f434c Apr 29, 2020
511766d
Merge pull request #86340 from 7c6f434c/monotone-no-botan-openssl-19.09
7c6f434c Apr 29, 2020
87819f9
roundcube: 1.3.10 -> 1.3.11
Ma27 Apr 29, 2020
322fd89
Merge pull request #86297 from primeos/chromium-backport
primeos Apr 30, 2020
24d07de
gitaly: 12.8.9 -> 12.8.10
flokli Apr 30, 2020
a73c7cb
gitlab: 12.8.9 -> 12.8.10
flokli Apr 30, 2020
85f3b47
Merge pull request #86461 from talyz/19.09-gitlab-12.8.10
flokli May 1, 2020
7da8a5a
salt: 2019.2.0 -> 2019.2.4
Flakebi Apr 30, 2020
4f820be
Merge pull request #86651 from Flakebi/salt-19.09
bhipple May 3, 2020
0fa8e3c
nss_3_52: 3.51 -> 3.52
andir May 4, 2020
72212cb
firefox: 75.0 -> 76.0
andir May 4, 2020
26316a2
firefox-bin: 75.0 -> 76.0
andir May 4, 2020
8f570a3
firefox-esr-68: 68.7.0esr -> 68.8.0esr
andir May 4, 2020
3f1f251
Merge pull request #86811 from andir/19.09/firefox76
andir May 5, 2020
b79f64b
chromium: 81.0.4044.129 -> 81.0.4044.138
primeos May 5, 2020
278db00
Merge pull request #87078 from primeos/chromium-backport
primeos May 6, 2020
5967390
Merge #87066: thunderbird*: 68.7.0 -> 68.8.0 (security)
vcunat May 8, 2020
d858110
monero: fix rcp.restricted option
vojta001 May 11, 2020
9cefaf9
firefox: Add patch to fix AES GCM IV bit size
aszlig May 12, 2020
810e561
firefox: 76.0 -> 76.0.1
andir May 14, 2020
31dcaa5
Merge pull request #87772 from andir/19.09/firefox
andir May 14, 2020
69e4ae5
chromium: Mark as insecure
primeos May 20, 2020
2efedf8
Merge pull request #88368 from primeos/chromium-eol
lheckemann May 20, 2020
a689086
bind: 9.14.9 -> 9.14.12 (security, PR #88159)
vcunat May 19, 2020
35eda4a
pdns-recursor: 4.2.0 -> 4.2.2 (security)
vcunat May 23, 2020
7071e76
ffmpeg_4: 4.2.2 -> 4.2.3
zowoq May 22, 2020
76248ee
ffmpeg-full: 4.2.2 -> 4.2.3
zowoq May 22, 2020
d82bae4
ffmpeg_2_8: 2.8.15 -> 2.8.16
zowoq May 22, 2020
61421ed
ip2unix: 2.1.1 -> 2.1.2
aszlig May 27, 2020
2f9bafa
ip2unix: 2.1.2 -> 2.1.3
aszlig Jun 1, 2020
5d0d3ef
wire-desktop: linux 3.17.2924 -> 3.18.2925
toonn Jun 2, 2020
44170df
wire-desktop: mac 3.17.3666 -> 3.18.3728
toonn Jun 2, 2020
d5151a9
Merge #89474: thunderbird*: 68.8.0 -> 68.9.0 (security)
vcunat Jun 5, 2020
0a11634
Merge pull request #86994 from toonn/release-19.09
flokli Jun 6, 2020
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion doc/languages-frameworks/gnome.xml
Original file line number Diff line number Diff line change
Expand Up @@ -224,7 +224,7 @@ mkDerivation {
</term>
<listitem>
<para>
You can rely on applications depending on the library set the necessary environment variables but that it often easy to miss. Instead we recommend to patch the paths in the source code whenever possible. Here are some examples:
You can rely on applications depending on the library setting the necessary environment variables but that is often easy to miss. Instead we recommend to patch the paths in the source code whenever possible. Here are some examples:
<itemizedlist>
<listitem xml:id="ssec-gnome-common-issues-unwrappable-package-gnome-shell-ext">
<para>
Expand Down
34 changes: 34 additions & 0 deletions maintainers/maintainer-list.nix
Original file line number Diff line number Diff line change
Expand Up @@ -2360,6 +2360,12 @@
github = "gavinrogers";
name = "Gavin Rogers";
};
gazally = {
email = "[email protected]";
github = "gazally";
githubId = 16470252;
name = "Gemini Lasswell";
};
gebner = {
email = "[email protected]";
github = "gebner";
Expand Down Expand Up @@ -2912,6 +2918,12 @@
githubId = 1198065;
name = "Jeffrey David Johnson";
};
jefflabonte = {
email = "[email protected]";
github = "jefflabonte";
githubId = 9425955;
name = "Jean-François Labonté";
};
jensbin = {
email = "[email protected]";
github = "jensbin";
Expand Down Expand Up @@ -3178,6 +3190,16 @@
githubId = 4611077;
name = "Raymond Gauthier";
};
jtcoolen = {
email = "[email protected]";
name = "Julien Coolen";
github = "jtcoolen";
githubId = 54635632;
keys = [{
longkeyid = "rsa4096/0x19642151C218F6F5";
fingerprint = "4C68 56EE DFDA 20FB 77E8 9169 1964 2151 C218 F6F5";
}];
};
jtobin = {
email = "[email protected]";
github = "jtobin";
Expand Down Expand Up @@ -3963,6 +3985,12 @@
githubId = 1269099;
name = "Marius Bakke";
};
mbaillie = {
email = "[email protected]";
github = "martinbaillie";
githubId = 613740;
name = "Martin Baillie";
};
mbbx6spp = {
email = "[email protected]";
github = "mbbx6spp";
Expand Down Expand Up @@ -6836,6 +6864,12 @@
githubId = 3889405;
name = "vyp";
};
wamserma = {
name = "Markus S. Wamser";
email = "[email protected]";
github = "wamserma";
githubId = 60148;
};
waynr = {
name = "Wayne Warren";
email = "[email protected]";
Expand Down
4 changes: 4 additions & 0 deletions nixos/lib/make-options-doc/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,7 @@ in {

optionsJSON = pkgs.runCommand "options.json"
{ meta.description = "List of NixOS options in JSON format";
buildInputs = [ pkgs.brotli ];
}
''
# Export list of options in different format.
Expand All @@ -141,8 +142,11 @@ in {

cp ${builtins.toFile "options.json" (builtins.unsafeDiscardStringContext (builtins.toJSON optionsNix))} $dst/options.json

brotli -9 < $dst/options.json > $dst/options.json.br

mkdir -p $out/nix-support
echo "file json $dst/options.json" >> $out/nix-support/hydra-build-products
echo "file json-br $dst/options.json.br" >> $out/nix-support/hydra-build-products
''; # */

optionsDocBook = pkgs.runCommand "options-docbook.xml" {} ''
Expand Down
2 changes: 1 addition & 1 deletion nixos/maintainers/scripts/ec2/create-amis.sh
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ state_dir=$HOME/amis/ec2-images
home_region=eu-west-1
bucket=nixos-amis

regions=(eu-west-1 eu-west-2 eu-west-3 eu-central-1
regions=(eu-west-1 eu-west-2 eu-west-3 eu-central-1 eu-north-1
us-east-1 us-east-2 us-west-1 us-west-2
ca-central-1
ap-southeast-1 ap-southeast-2 ap-northeast-1 ap-northeast-2
Expand Down
2 changes: 2 additions & 0 deletions nixos/modules/module-list.nix
Original file line number Diff line number Diff line change
Expand Up @@ -704,6 +704,7 @@
./services/networking/syncthing.nix
./services/networking/syncthing-relay.nix
./services/networking/syncplay.nix
./services/networking/tailscale.nix
./services/networking/tcpcrypt.nix
./services/networking/teamspeak3.nix
./services/networking/tedicross.nix
Expand All @@ -727,6 +728,7 @@
./services/networking/xinetd.nix
./services/networking/xl2tpd.nix
./services/networking/xrdp.nix
./services/networking/yggdrasil.nix
./services/networking/zerobin.nix
./services/networking/zeronet.nix
./services/networking/zerotierone.nix
Expand Down
2 changes: 1 addition & 1 deletion nixos/modules/services/misc/gitlab.nix
Original file line number Diff line number Diff line change
Expand Up @@ -182,7 +182,7 @@ let
${optionalString (cfg.smtp.passwordFile != null) ''password: "@smtpPassword@",''}
domain: "${cfg.smtp.domain}",
${optionalString (cfg.smtp.authentication != null) "authentication: :${cfg.smtp.authentication},"}
enable_starttls_auto: ${toString cfg.smtp.enableStartTLSAuto},
enable_starttls_auto: ${boolToString cfg.smtp.enableStartTLSAuto},
ca_file: "/etc/ssl/certs/ca-certificates.crt",
openssl_verify_mode: '${cfg.smtp.opensslVerifyMode}'
}
Expand Down
2 changes: 1 addition & 1 deletion nixos/modules/services/networking/monero.nix
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ let
rpc-login=${rpc.user}:${rpc.password}
''}
${optionalString rpc.restricted ''
restrict-rpc=1
restricted-rpc=1
''}

limit-rate-up=${toString limits.upload}
Expand Down
46 changes: 46 additions & 0 deletions nixos/modules/services/networking/tailscale.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
{ config, lib, pkgs, ... }:

with lib;

let cfg = config.services.tailscale;
in {
meta.maintainers = with maintainers; [ danderson mbaillie ];

options.services.tailscale = {
enable = mkEnableOption "Tailscale client daemon";

port = mkOption {
type = types.port;
default = 41641;
description = "The port to listen on for tunnel traffic (0=autoselect).";
};
};

config = mkIf cfg.enable {
systemd.services.tailscale = {
description = "Tailscale client daemon";

after = [ "network-pre.target" ];
wants = [ "network-pre.target" ];
wantedBy = [ "multi-user.target" ];

unitConfig = {
StartLimitIntervalSec = 0;
StartLimitBurst = 0;
};

serviceConfig = {
ExecStart =
"${pkgs.tailscale}/bin/tailscaled --port ${toString cfg.port}";

RuntimeDirectory = "tailscale";
RuntimeDirectoryMode = 755;

StateDirectory = "tailscale";
StateDirectoryMode = 700;

Restart = "on-failure";
};
};
};
}
187 changes: 187 additions & 0 deletions nixos/modules/services/networking/yggdrasil.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,187 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.yggdrasil;
configProvided = (cfg.config != {});
configAsFile = (if configProvided then
toString (pkgs.writeTextFile {
name = "yggdrasil-conf";
text = builtins.toJSON cfg.config;
})
else null);
configFileProvided = (cfg.configFile != null);
generateConfig = (
if configProvided && configFileProvided then
"${pkgs.jq}/bin/jq -s add ${configAsFile} ${cfg.configFile}"
else if configProvided then
"cat ${configAsFile}"
else if configFileProvided then
"cat ${cfg.configFile}"
else
"${cfg.package}/bin/yggdrasil -genconf"
);

in {
options = with types; {
services.yggdrasil = {
enable = mkEnableOption "the yggdrasil system service";

configFile = mkOption {
type = nullOr str;
default = null;
example = "/run/keys/yggdrasil.conf";
description = ''
A file which contains JSON configuration for yggdrasil.

You do not have to supply a complete configuration, as
yggdrasil will use default values for anything which is
omitted. If the encryption and signing keys are omitted,
yggdrasil will generate new ones each time the service is
started, resulting in a random IPv6 address on the yggdrasil
network each time.

If both this option and <option>config</option> are
supplied, they will be combined, with values from
<option>config</option> taking precedence.

You can use the command <code>nix-shell -p yggdrasil --run
"yggdrasil -genconf -json"</code> to generate a default
JSON configuration.
'';
};

config = mkOption {
type = attrs;
default = {};
example = {
Peers = [
"tcp://aa.bb.cc.dd:eeeee"
"tcp://[aaaa:bbbb:cccc:dddd::eeee]:fffff"
];
Listen = [
"tcp://0.0.0.0:xxxxx"
];
};
description = ''
Configuration for yggdrasil, as a Nix attribute set.

Warning: this is stored in the WORLD-READABLE Nix store!
Therefore, it is not appropriate for private keys. If you
do not specify the keys, yggdrasil will generate a new set
each time the service is started, creating a random IPv6
address on the yggdrasil network each time.

If you wish to specify the keys, use
<option>configFile</option>. If both
<option>configFile</option> and <option>config</option> are
supplied, they will be combined, with values from
<option>config</option> taking precedence.

You can use the command <code>nix-shell -p yggdrasil --run
"yggdrasil -genconf"</code> to generate default
configuration values with documentation.
'';
};

openMulticastPort = mkOption {
type = bool;
default = false;
description = ''
Whether to open the UDP port used for multicast peer
discovery. The NixOS firewall blocks link-local
communication, so in order to make local peering work you
will also need to set <code>LinkLocalTCPPort</code> in your
yggdrasil configuration (<option>config</option> or
<option>configFile</option>) to a port number other than 0,
and then add that port to
<option>networking.firewall.allowedTCPPorts</option>.
'';
};

denyDhcpcdInterfaces = mkOption {
type = listOf str;
default = [];
example = [ "tap*" ];
description = ''
Disable the DHCP client for any interface whose name matches
any of the shell glob patterns in this list. Use this
option to prevent the DHCP client from broadcasting requests
on the yggdrasil network. It is only necessary to do so
when yggdrasil is running in TAP mode, because TUN
interfaces do not support broadcasting.
'';
};

package = mkOption {
type = package;
default = pkgs.yggdrasil;
defaultText = "pkgs.yggdrasil";
description = "Yggdrasil package to use.";
};
};
};

config = mkIf cfg.enable {
assertions = [
{ assertion = config.networking.enableIPv6;
message = "networking.enableIPv6 must be true for yggdrasil to work";
}
];

systemd.services.yggdrasil = {
description = "Yggdrasil Network Service";
path = [ cfg.package ] ++ optional (configProvided && configFileProvided) pkgs.jq;
bindsTo = [ "network-online.target" ];
after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];

preStart = ''
${generateConfig} | yggdrasil -normaliseconf -useconf > /run/yggdrasil/yggdrasil.conf
'';

serviceConfig = {
ExecStart = "${cfg.package}/bin/yggdrasil -useconffile /run/yggdrasil/yggdrasil.conf";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
Restart = "always";

RuntimeDirectory = "yggdrasil";
RuntimeDirectoryMode = "0700";
BindReadOnlyPaths = mkIf configFileProvided
[ "${cfg.configFile}" ];

# TODO: as of yggdrasil 0.3.8 and systemd 243, yggdrasil fails
# to set up the network adapter when DynamicUser is set. See
# github.com/yggdrasil-network/yggdrasil-go/issues/557. The
# following options are implied by DynamicUser according to
# the systemd.exec documentation, and can be removed if the
# upstream issue is fixed and DynamicUser is set to true:
PrivateTmp = true;
RemoveIPC = true;
NoNewPrivileges = true;
ProtectSystem = "strict";
RestrictSUIDSGID = true;
# End of list of options implied by DynamicUser.

AmbientCapabilities = "CAP_NET_ADMIN";
CapabilityBoundingSet = "CAP_NET_ADMIN";
MemoryDenyWriteExecute = true;
ProtectControlGroups = true;
ProtectHome = "tmpfs";
ProtectKernelModules = true;
ProtectKernelTunables = true;
RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK";
RestrictNamespaces = true;
RestrictRealtime = true;
SystemCallArchitectures = "native";
SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @resources";
};
};

networking.dhcpcd.denyInterfaces = cfg.denyDhcpcdInterfaces;
networking.firewall.allowedUDPPorts = mkIf cfg.openMulticastPort [ 9001 ];

# Make yggdrasilctl available on the command line.
environment.systemPackages = [ cfg.package ];
};
meta.maintainers = with lib.maintainers; [ gazally ];
}
10 changes: 10 additions & 0 deletions nixos/modules/services/networking/zerotierone.nix
Original file line number Diff line number Diff line change
Expand Up @@ -63,5 +63,15 @@ in
networking.firewall.allowedUDPPorts = [ cfg.port ];

environment.systemPackages = [ cfg.package ];

# Prevent systemd from potentially changing the MAC address
environment.etc."systemd/network/50-zerotier.link".text = ''
[Match]
OriginalName=zt*

[Link]
AutoNegotiation=false
MACAddressPolicy=none
'';
};
}
1 change: 0 additions & 1 deletion nixos/release-combined.nix
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,6 @@ in rec {
(all "nixos.tests.containers-imperative")
(all "nixos.tests.containers-ipv4")
(all "nixos.tests.containers-ipv6")
"nixos.tests.chromium.x86_64-linux"
(all "nixos.tests.firefox")
(all "nixos.tests.firewall")
(all "nixos.tests.fontconfig-default-fonts")
Expand Down
Loading