Commit Graph

287637 Commits

Author SHA1 Message Date
John Ericson
a3e54cb582 Merge remote-tracking branch 'upstream/staging-next' into staging 2021-05-06 15:48:25 -04:00
github-actions[bot]
5f7ad00ae9
Merge master into staging-next 2021-05-06 18:24:47 +00:00
Emery Hemingway
dfacb8329b nym: remove unused inputs 2021-05-06 19:54:46 +02:00
Andrey Kuznetsov
f9104687f6 nym: 0.8.1 -> 0.10.0 2021-05-06 19:46:16 +02:00
Fabian Affolter
28907d3bff
Merge pull request #121677 from fabaff/bump-labelbox
python3Packages.labelbox: 2.5.1 -> 2.5.4
2021-05-06 18:42:27 +02:00
R. RyanTM
59bf1c28dc
kubecfg: 0.18.0 -> 0.19.0 (#121884) 2021-05-06 12:22:25 -04:00
Martin Weinelt
6a09bc4405
Merge pull request #121865 from mweinelt/home-assistant 2021-05-06 18:05:00 +02:00
Martin Weinelt
51836ac425
Merge pull request #121705 from mweinelt/esphome
esphome: 1.16.0 -> 1.17.1
2021-05-06 18:03:51 +02:00
John Ericson
8e84cafcd9
Merge pull request #121654 from Ericson2314/darwin-cross-prep
treewide: Do a number of no-op cleanups for cross and darwin
2021-05-06 11:38:09 -04:00
Thomas Tuegel
67c476a5cc
Merge pull request #121682 from dasj19/clementine-translations
clementine: added support for translations
2021-05-06 10:36:12 -05:00
Thomas Tuegel
3548951109
Merge pull request #121256 from FliegendeWurst/k3b-ffmpeg
k3b: ffmpeg_3 -> ffmpeg
2021-05-06 10:34:32 -05:00
John Ericson
470640e7fe treewide: Do a number of no-op cleanups for cross and darwin
I am taking the non-invasive parts of #110914 to hopefully help out with #111988.

In particular:

 - Use `lib.makeScopeWithSplicing` to make the `darwin` package set have
   a proper `callPackage`.

 - Adjust Darwin `stdenv`'s overlays keeping things from the previous
   stage to not stick around too much.

 - Expose `binutilsNoLibc` / `darwin.binutilsNoLibc` to hopefully get us
   closer to a unified LLVM and GCC bootstrap.
2021-05-06 11:17:26 -04:00
Domen Kožar
0fbace6296
Merge pull request #119405 from hercules-ci/openapi-generator-cli-jre-headless
openapi-generator-cli: Use headless jre
2021-05-06 17:09:07 +02:00
Martin Weinelt
398b0cf6bd
python3Packages.PyRMVtransport: 0.3.1 -> 0.3.2 2021-05-06 17:04:38 +02:00
Martin Weinelt
24adc01e2e
nixos/home-assistant: allow netlink sockets and /proc/net inspection
Since v2021.5.0 home-assistant uses the ifaddr library in the zeroconf
component to enumerate network interfaces via netlink. Since discovery
is all over the place lets allow AF_NETLINK unconditionally.

It also relies on pyroute2 now, which additionally tries to access files
in /proc/net, so we relax ProtectProc a bit by default as well.

This leaves us with these options unsecured:

✗ PrivateNetwork=                                             Service has access to the host's network                                                                 0.5
✗ RestrictAddressFamilies=~AF_(INET|INET6)                    Service may allocate Internet sockets                                                                    0.3
✗ DeviceAllow=                                                Service has a device ACL with some special devices                                                       0.1
✗ IPAddressDeny=                                              Service does not define an IP address allow list                                                         0.2
✗ PrivateDevices=                                             Service potentially has access to hardware devices                                                       0.2
✗ PrivateUsers=                                               Service has access to other users                                                                        0.2
✗ SystemCallFilter=~@resources                                System call allow list defined for service, and @resources is included (e.g. ioprio_set is allowed)      0.2
✗ RestrictAddressFamilies=~AF_NETLINK                         Service may allocate netlink sockets                                                                     0.1
✗ RootDirectory=/RootImage=                                   Service runs within the host's root directory                                                            0.1
✗ SupplementaryGroups=                                        Service runs with supplementary groups                                                                   0.1
✗ RestrictAddressFamilies=~AF_UNIX                            Service may allocate local sockets                                                                       0.1
✗ ProcSubset=                                                 Service has full access to non-process /proc files (/proc subset=)                                       0.1

→ Overall exposure level for home-assistant.service: 1.6 OK 🙂
2021-05-06 16:55:53 +02:00
Raghav Sood
eb21311135
Merge pull request #121621 from xwvvvvwx/turbo-geth-2021.04.05
turbo-geth 2021.02.01 -> 2021.04.05
2021-05-06 22:42:56 +08:00
Raghav Sood
9332725620
Merge pull request #121850 from asymmetric/polkadot/0.9.0
polkadot: 0.8.30 -> 0.9.0
2021-05-06 22:36:58 +08:00
Robert Hensing
66fd2ea7ee openapi-generator-cli: Invoke install hooks 2021-05-06 16:25:26 +02:00
Robert Hensing
cd855e6746 openapi-generator-cli: Use jre_headless 2021-05-06 16:25:26 +02:00
Robert Hensing
99d5c97a8c openapi-generator-cli: Add passthru.tests.example 2021-05-06 16:25:24 +02:00
Domen Kožar
a4c8569ed5
Merge pull request #121900 from hercules-ci/update-openapi-generator-cli
openapi-generator-cli: 5.0.0 -> 5.1.0
2021-05-06 16:10:37 +02:00
Michael Weiss
93f6089d14
Merge pull request #121914 from primeos/chromiumBeta
chromiumBeta: 91.0.4472.27 -> 91.0.4472.38
2021-05-06 16:03:59 +02:00
Jörg Thalheim
4e783a4cb7
Merge pull request #121724 from Izorkin/update-netdata
netdata: 1.29.3 -> 1.30.1
2021-05-06 14:58:33 +01:00
Michael Weiss
6f6ec9e6f0
chromiumBeta: 91.0.4472.27 -> 91.0.4472.38 2021-05-06 14:26:32 +02:00
github-actions[bot]
c63e69cd89
Merge staging-next into staging 2021-05-06 12:23:32 +00:00
github-actions[bot]
c77804b44f
Merge master into staging-next 2021-05-06 12:23:30 +00:00
Luke Granger-Brown
b418e17a4c
Merge pull request #120646 from dotlambda/qtwebengine-ffmpeg
libsForQt5.qtwebengine: use ffmpeg instead of ffmpeg_3
2021-05-06 12:57:17 +01:00
Robert Schütz
bda9e192dd
Merge pull request #120582 from dotlambda/ffmpeg_2-drop
ffmpeg_2: mark as insecure
2021-05-06 13:51:34 +02:00
Gabriel Ebner
46ecc3e1d3
Merge pull request #121845 from fortuneteller2k/fix-and-update-vieb
vieb: 3.4.0 -> 4.5.1
2021-05-06 13:49:17 +02:00
Robert Schütz
5b69bdf891
Merge pull request #121168 from dotlambda/djvulibre-3.5.28
djvulibre: 3.5.27 -> 3.5.28
2021-05-06 13:43:06 +02:00
Robert Schütz
30c3036793
Merge pull request #121151 from dotlambda/libdeltachat-init
libdeltachat: init at 1.54.0
2021-05-06 13:41:16 +02:00
Robert Schütz
688fee8b8a
pythonPackages.pgpy: 0.5.2 -> 0.5.4 (#121270)
https://github.com/SecurityInnovation/PGPy/releases/tag/v0.5.3
https://github.com/SecurityInnovation/PGPy/releases/tag/v0.5.4
2021-05-06 13:40:40 +02:00
Robert Hensing
e32d497623
Merge pull request #121899 from hercules-ci/update-elm-json
elmPackages.elm-json: 0.2.7 -> 0.2.10
2021-05-06 11:58:36 +02:00
Robert Hensing
89fffee73f openapi-generator-cli: 5.0.0 -> 5.1.0 2021-05-06 11:24:56 +02:00
Robert Hensing
377f9ca78d elmPackages.elm-json: 0.2.7 -> 0.2.10 2021-05-06 11:21:40 +02:00
Maximilian Bosch
a50b9e6c23
Merge pull request #113716 from Ma27/wpa_multiple
wpa_supplicant: allow both imperative and declarative networks
2021-05-06 11:01:35 +02:00
Maximilian Bosch
77b82f3535
Merge pull request #121875 from Infinisil/small-module-arg-optimization
lib/modules: Small optimization
2021-05-06 10:33:22 +02:00
fortuneteller2k
9802eed170 vieb: 3.4.0 -> 4.5.1 2021-05-06 16:23:09 +08:00
Maximilian Bosch
74c58a962b
Merge pull request #121877 from marsam/update-nodejs-16_x
nodejs-16_x: 16.0.0 -> 16.1.0
2021-05-06 10:06:26 +02:00
Mario Rodas
625842b8cf
terraform_0_15: 0.15.1 -> 0.15.2 (#121859)
https://github.com/hashicorp/terraform/releases/tag/v0.15.2
2021-05-06 10:00:22 +02:00
Fabian Affolter
882dd01186
Merge pull request #121879 from r-ryantm/auto-update/gitleaks
gitleaks: 7.4.1 -> 7.5.0
2021-05-06 09:42:35 +02:00
Jan Tojnar
d9f177eb4d
Merge branch 'staging-next' into staging
The transmission conflict was non-trivial:
- libbrotli added to apparmor rules <1bdda029cd>
- apparmor rules rewritten <b280e64078>

Chosen the rewrite and verified that brotli is part of the rule set generated by `apparmorRulesFromClosure`.
2021-05-06 08:42:50 +02:00
github-actions[bot]
305e1c9446
Merge master into staging-next 2021-05-06 06:20:15 +00:00
Raghav Sood
123db83348
Merge pull request #121882 from r-ryantm/auto-update/go-ethereum
go-ethereum: 1.10.2 -> 1.10.3
2021-05-06 13:14:41 +08:00
Raghav Sood
21f54d2478
Merge pull request #121876 from centromere/openethereum-3.2.5
openethereum: 3.2.4 -> 3.2.5
2021-05-06 13:14:28 +08:00
Anderson Torres
87a0e85736
Merge pull request #121799 from r-ryantm/auto-update/free42
free42: 3.0.2 -> 3.0.3
2021-05-06 01:40:04 -03:00
R. RyanTM
b334d0dc2b go-ethereum: 1.10.2 -> 1.10.3 2021-05-06 04:39:36 +00:00
Maciej Krüger
7155c11426
Merge pull request #121871 from otavio/topic/anydesk-6-1-1
anydesk: 6.1.0 -> 6.1.1
2021-05-06 06:36:35 +02:00
R. RyanTM
4f8435de76 gitleaks: 7.4.1 -> 7.5.0 2021-05-06 04:26:05 +00:00
Mario Rodas
ce0e20df34
Merge pull request #121347 from r-ryantm/auto-update/cargo-watch
cargo-watch: 7.6.1 -> 7.7.2
2021-05-05 23:12:08 -05:00