Merge master into staging

6 files changed, 39 insertions, 8 deletions

diff --git a/pkgs/servers/monitoring/net-snmp/CVE-2018-18065.patch b/pkgs/servers/monitoring/net-snmp/CVE-2018-18065.patch
new file mode 100644
index 000000000000..c33f7bb03fa8
--- /dev/null
+++ b/pkgs/servers/monitoring/net-snmp/CVE-2018-18065.patch
@@ -0,0 +1,30 @@
+commit 7ffb8e25a0db851953155de91f0170e9bf8c457d
+Author: Robert Story <rstory@freesnmp.com>
+Date:   Thu Oct 6 10:43:10 2016 -0400
+
+    CHANGES: BUG: 2743: snmpd crashes when receiving a GetNext PDU with multiple Varbinds
+    
+    skip out-of-range varbinds when calling next handler
+
+diff --git a/agent/helpers/table.c b/agent/helpers/table.c
+index 32a08033a..2666638b5 100644
+--- a/agent/helpers/table.c
++++ b/agent/helpers/table.c
+@@ -340,6 +340,8 @@ table_helper_handler(netsnmp_mib_handler *handler,
+             else if (reqinfo->mode == MODE_GET)
+                 table_helper_cleanup(reqinfo, request,
+                                      SNMP_NOSUCHOBJECT);
++            else
++                request->processed = 1; /* skip if next handler called */
+             continue;
+         }
+ 
+@@ -409,6 +411,8 @@ table_helper_handler(netsnmp_mib_handler *handler,
+                 else if (reqinfo->mode == MODE_GET)
+                     table_helper_cleanup(reqinfo, request,
+                                          SNMP_NOSUCHOBJECT);
++                else
++                    request->processed = 1; /* skip if next handler called */
+                 continue;
+             }
+             /*
diff --git a/pkgs/servers/monitoring/net-snmp/default.nix b/pkgs/servers/monitoring/net-snmp/default.nix
index a6b738270a9a..0e7a53306eb4 100644
--- a/pkgs/servers/monitoring/net-snmp/default.nix
+++ b/pkgs/servers/monitoring/net-snmp/default.nix
@@ -19,6 +19,7 @@ stdenv.mkDerivation rec {
     (fetchAlpinePatch "fix-includes.patch" "0zpkbb6k366qpq4dax5wknwprhwnhighcp402mlm7950d39zfa3m")
     (fetchAlpinePatch "netsnmp-swinst-crash.patch" "0gh164wy6zfiwiszh58fsvr25k0ns14r3099664qykgpmickkqid")
     (fetchAlpinePatch "remove-U64-typedef.patch" "1msxyhcqkvhqa03dwb50288g7f6nbrcd9cs036m9xc8jdgjb8k8j")
+    ./CVE-2018-18065.patch
   ];
 
   preConfigure =
diff --git a/pkgs/servers/monitoring/prometheus/alertmanager.nix b/pkgs/servers/monitoring/prometheus/alertmanager.nix
index 38b789261773..516a537bb247 100644
--- a/pkgs/servers/monitoring/prometheus/alertmanager.nix
+++ b/pkgs/servers/monitoring/prometheus/alertmanager.nix
@@ -2,7 +2,7 @@
 
 buildGoPackage rec {
   name = "alertmanager-${version}";
-  version = "0.15.1";
+  version = "0.15.2";
   rev = "v${version}";
 
   goPackagePath = "github.com/prometheus/alertmanager";
@@ -11,7 +11,7 @@ buildGoPackage rec {
     inherit rev;
     owner = "prometheus";
     repo = "alertmanager";
-    sha256 = "110l8xy3bkgq137hvvz2v5cr464j02fy43lvgd3l8n5v8qmv81vy";
+    sha256 = "1r4j22jnxayicz9hn0pwm77cgzzywr5haq0hwz6sx5j2xwjmnwm7";
   };
 
   # Tests exist, but seem to clash with the firewall.
diff --git a/pkgs/servers/monitoring/prometheus/default.nix b/pkgs/servers/monitoring/prometheus/default.nix
index b254b8470c42..2430a8cf1711 100644
--- a/pkgs/servers/monitoring/prometheus/default.nix
+++ b/pkgs/servers/monitoring/prometheus/default.nix
@@ -50,7 +50,7 @@ in rec {
   };
 
   prometheus_2 = generic {
-    version = "2.3.2";
-    sha256 = "09q3p3kvgrvgyfkkvpy2mmlr6jxzxad6nzjni3iycs4bahsxl27a";
+    version = "2.4.3";
+    sha256 = "1kci2zhh4ixil0b72d138vm8006y117mw51wsyz8j0gyy4180msj";
   };
 }
diff --git a/pkgs/servers/monitoring/uchiwa/bower-packages.nix b/pkgs/servers/monitoring/uchiwa/bower-packages.nix
index f18ea3875516..a8180c5de3dc 100644
--- a/pkgs/servers/monitoring/uchiwa/bower-packages.nix
+++ b/pkgs/servers/monitoring/uchiwa/bower-packages.nix
@@ -1,7 +1,7 @@
 # Generated by bower2nix v3.2.0 (https://github.com/rvl/bower2nix)
 { fetchbower, buildEnv }:
 buildEnv { name = "bower-env"; ignoreCollisions = true; paths = [
-  (fetchbower "uchiwa-web" "1.2.0" "1.2.0" "0733ha6bahzg9qlvhz75agi8hwwqdk99hfx9j8dhpdf1v5xkj2fz")
+  (fetchbower "uchiwa-web" "1.3.1" "1.3.1" "0vhfwm4z3d4v4p2vfq1vvk4fifxm43f8lyccwpgmw153z4gj14gk")
   (fetchbower "angular" "1.6.10" "~1.6.3" "0ag8xddsgxx5yka4wjq4ala4y6z3x2g1vc3x7a1n291fzz26p7ws")
   (fetchbower "angular-bootstrap" "2.2.0" "~2.2.0" "11r2nlwp6xrim2y6lnrr8v064mx3bmlxchqpg1i803v9zxz3q53d")
   (fetchbower "angular-cookies" "1.6.10" "~1.6.3" "0bjgmz5jnw06dfxhq9sajj62fk0b3v4j9p7nb45x8bl8rzkf25pn")
@@ -19,7 +19,7 @@ buildEnv { name = "bower-env"; ignoreCollisions = true; paths = [
   (fetchbower "highlightjs" "9.1.0" "~9.1.0" "0ld1da3h416a5j8v3v50rrpm4xwvvq8k8y2vwncvaqm9cqddz4s3")
   (fetchbower "moment" "2.16.0" "~2.16.0" "1mji892i60f2aw3vhl6878acrcgh0ycn3r4af0ivnjf8az2b9n71")
   (fetchbower "moment-picker" "0.9.11" "~0.9.7" "0p2g6rp2kcixydrga9lfihg4bxb598rvpi8n8l59mp549diy7vsb")
-  (fetchbower "ua-parser-js" "0.7.17" "~0.7.12" "1dx46rm9han9fj409rjxrlnrk9zxmaqbnn62ljnh32ihngd4yxh0")
+  (fetchbower "ua-parser-js" "0.7.18" "~0.7.12" "0qi7y5yrsdh2brpmwx0xs53bzr4pja5x1k2875x6zh259ag3zdkn")
   (fetchbower "jsoneditor" "5.5.11" "~5.5.10" "1gfsf8jqnd3hb3r9s9246mg40iqxk2ix8k4bjnrsbfmg6cd3xw6x")
   (fetchbower "jquery" "3.3.1" ">= 1.9.0" "1l891s3vgnpi1g8ksplid9jvrvnnv6lci8vraix4ssy50i264rkx")
 ]; }
diff --git a/pkgs/servers/monitoring/uchiwa/src.nix b/pkgs/servers/monitoring/uchiwa/src.nix
index 0cf6815fbe5d..51c343d01da8 100644
--- a/pkgs/servers/monitoring/uchiwa/src.nix
+++ b/pkgs/servers/monitoring/uchiwa/src.nix
@@ -1,4 +1,4 @@
 {
-    version = "1.2.0-1";
-    sha256  = "1gj9cr0gkiivxdlq7ha6gxq9s8s26j79crijkrlrsqpg59jz063p";
+    version = "1.3.1-1";
+    sha256  = "1cjb7k19iy79hh9gbjx67yrz44y92s516d0h403bf6w272g23yzi";
 }