summary refs log tree commit diff
Commit message (Collapse)AuthorAge
...
| * | | | | | | | | nixpkgs: allow packages to be marked insecureGraham Christensen2017-02-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If a package's meta has `knownVulnerabilities`, like so: stdenv.mkDerivation { name = "foobar-1.2.3"; ... meta.knownVulnerabilities = [ "CVE-0000-00000: remote code execution" "CVE-0000-00001: local privilege escalation" ]; } and a user attempts to install the package, they will be greeted with a warning indicating that maybe they don't want to install it: error: Package ‘foobar-1.2.3’ in ‘...default.nix:20’ is marked as insecure, refusing to evaluate. Known issues: - CVE-0000-00000: remote code execution - CVE-0000-00001: local privilege escalation You can install it anyway by whitelisting this package, using the following methods: a) for `nixos-rebuild` you can add ‘foobar-1.2.3’ to `nixpkgs.config.permittedInsecurePackages` in the configuration.nix, like so: { nixpkgs.config.permittedInsecurePackages = [ "foobar-1.2.3" ]; } b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add ‘foobar-1.2.3’ to `permittedInsecurePackages` in ~/.config/nixpkgs/config.nix, like so: { permittedInsecurePackages = [ "foobar-1.2.3" ]; } Adding either of these configurations will permit this specific version to be installed. A third option also exists: NIXPKGS_ALLOW_INSECURE=1 nix-build ... though I specifically avoided having a global file-based toggle to disable this check. This way, users don't disable it once in order to get a single package, and then don't realize future packages are insecure.
* | | | | | | | | | nix: 1.11.6 -> 1.11.7Eelco Dolstra2017-02-24
| | | | | | | | | |
* | | | | | | | | | Merge pull request #23143 from romildo/upd.numix-icon-themeJascha Geerds2017-02-24
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | numix-icon-theme: 2016-11-13 -> 2017-01-25
| * | | | | | | | | | numix-icon-theme: 2016-11-13 -> 2017-01-25romildo2017-02-24
| | |_|/ / / / / / / | |/| | | | | | | |
* / | | | | | | | | calibre: 2.79.1 -> 2.80.0Peter Hoeg2017-02-24
|/ / / / / / / / /
* | | | | | | | | Merge pull request #23136 from ljli/global-enhancePascal Wittmann2017-02-24
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | global: support universal-ctags
| * | | | | | | | | global: support universal-ctagsLeon Isenberg2017-02-24
| | |_|_|/ / / / / | |/| | | | | | |
* / | | | | | | | sensu: 0.17.1 -> 0.28.0Peter Hoeg2017-02-24
|/ / / / / / / /
* / / / / / / / awless: 0.0.13 -> 0.0.14Peter Hoeg2017-02-24
|/ / / / / / /
* | | | | | | Revert "Revert "linux kernels: patch against DCCP double free (CVE-2017-6074)""Graham Christensen2017-02-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 53a2baabbeb29ce0180b0353deb623139f1808bd.
* | | | | | | Revert "linux kernels: patch against DCCP double free (CVE-2017-6074)"Graham Christensen2017-02-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 1d68edbef48f30a4cefc33a85636099582411957.
* | | | | | | linux kernels: patch against DCCP double free (CVE-2017-6074)Graham Christensen2017-02-23
| | | | | | |
* | | | | | | long-shebang: 1.1.0 -> 1.2.0Shea Levy2017-02-23
| | | | | | |
* | | | | | | kernel: 4.4.50 -> 4.4.51Tim Steinbach2017-02-23
| | | | | | |
* | | | | | | kernel: 4.9.11 -> 4.9.12Tim Steinbach2017-02-23
|/ / / / / /
* | | | | | elmPackages: fix #22932Domen Kožar2017-02-23
| | | | | |
* | | | | | spotify: 1.0.49.125.g72ee7853-83 -> 1.0.49.125.g72ee7853-111Bjørn Forsman2017-02-23
| | | | | |
* | | | | | homebank: 5.1.3 -> 5.1.4Pascal Wittmann2017-02-23
| | | | | |
* | | | | | xcbuild: Guard a glibc-only postPatch with \!isDarwinJohn Wiegley2017-02-23
| | | | | |
* | | | | | ocamlPackages.eliom: adds ocamlbuild as a dependencyVincent Laporte2017-02-23
| | | | | |
* | | | | | ocamlPackages.ppx_sexp_conv: init at 113.33.01+4.03Vincent Laporte2017-02-23
| | | | | |
* | | | | | ocamlPackages.ppx_type_conv: init at 113.33.02+4.03Vincent Laporte2017-02-23
| |_|_|/ / |/| | | |
* | | | | ocamlPackages.ppx_optcomp: init at 113.33.0[01]+4.03Vincent Laporte2017-02-23
| | | | |
* | | | | ocamlPackages.ppx_core: init at 113.33.01+4.03Vincent Laporte2017-02-23
| | | | |
* | | | | ocamlPackages.sexplib: init at 113.33.00+4.03Vincent Laporte2017-02-23
| | | | |
* | | | | grsecurity: 4.9.11-201702181444 -> 201702222257Joachim Fasting2017-02-23
| | | | |
* | | | | wireguard: 0.0.20170214 -> 0.0.20170223Jason A. Donenfeld2017-02-23
| | | | | | | | | | | | | | | Simple version bump.
* | | | | Merge pull request #23109 from dtzWill/update/neo4jFranz Pletz2017-02-23
|\ \ \ \ \ | | | | | | | | | | | | neo4j: update and fix JVM parameters in NixOS module
| * | | | | nixos/neo4j: Update to default JVM options from current release.Will Dietz2017-02-23
| | | | | | | | | | | | | | | | | | | | | | | | The options previously listed here were the defaults back in 2.1.x.
| * | | | | neo4j: 3.0.6 -> 3.1.1Will Dietz2017-02-23
| | | | | |
* | | | | | flpsed: ghostscript patch, fixes, new urlProfpatsch2017-02-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | gs was called at runtime, fix the execvp call. The url changed to its own domain. A little face-lift for the package code.
* | | | | | phpPackages.xdebug: 2.4.0RC3 -> 2.5.0Robin Gloster2017-02-23
| | | | | | | | | | | | | | | | | | | | | | | | fixes #23098
* | | | | | Merge pull request #23082 from mayflower/graylog_updateFranz Pletz2017-02-23
|\ \ \ \ \ \ | | | | | | | | | | | | | | graylog: update + module plugin support
| * | | | | | graylog module: add plugin supportTristan Helmich2017-02-23
| | | | | | |
| * | | | | | graylog: 2.1.2 -> 2.2.1Tristan Helmich2017-02-22
| | | | | | |
* | | | | | | Merge pull request #22634 from Ekleog/dhparamsRobin Gloster2017-02-23
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | dhparams module: initialize
| * | | | | | | dhparams module: initializeLéo Gaspard2017-02-18
| | | | | | | |
* | | | | | | | knot-resolver: maintenance 1.2.2 -> 1.2.3Vladimír Čunát2017-02-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Just tiny fixes for some rare circumstances. https://lists.nic.cz/pipermail/knot-dns-users/2017-February/001066.html
* | | | | | | | pythonPackages.xdot: fix wrapperFranz Pletz2017-02-23
| | | | | | | |
* | | | | | | | prosody service: needs working network connectivityFranz Pletz2017-02-23
| | | | | | | |
* | | | | | | | dhcpcd service: fix network-online.target integrationFranz Pletz2017-02-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When dhcpcd instead of networkd is used, the network-online.target behaved the same as network.target, resulting in broken services that need a working network connectivity when being started. This commit makes dhcpcd wait for a lease and makes it wanted by network-online.target. In turn, network-online.target is now wanted by multi-user.target, so it will be activated at every boot.
* | | | | | | | Merge pull request #23108 from NixOS/revert-22890-mark-as-insecureGraham Christensen2017-02-23
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Revert "nixpkgs: allow packages to be marked insecure"
| * | | | | | | | Revert "nixpkgs: allow packages to be marked insecure"Graham Christensen2017-02-23
|/ / / / / / / /
* | | | | / / / networking module: remove reference to removed ip-up.targetRobin Gloster2017-02-23
| |_|_|_|/ / / |/| | | | | |
* | | | | | | idea-ultimate: 2016.3.3 -> 2016.3.4Jascha Geerds2017-02-23
| | | | | | |
* | | | | | | dnsperf: init at 2.1.0.0Vladimír Čunát2017-02-23
| | | | | | |
* | | | | | | Merge pull request #22890 from grahamc/mark-as-insecureGraham Christensen2017-02-23
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | nixpkgs: allow packages to be marked insecure
| * | | | | | | libplist: mark as insecureGraham Christensen2017-02-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Patches currently available don't seem to apply.
| * | | | | | | nixpkgs: allow packages to be marked insecureGraham Christensen2017-02-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If a package's meta has `knownVulnerabilities`, like so: stdenv.mkDerivation { name = "foobar-1.2.3"; ... meta.knownVulnerabilities = [ "CVE-0000-00000: remote code execution" "CVE-0000-00001: local privilege escalation" ]; } and a user attempts to install the package, they will be greeted with a warning indicating that maybe they don't want to install it: error: Package ‘foobar-1.2.3’ in ‘...default.nix:20’ is marked as insecure, refusing to evaluate. Known issues: - CVE-0000-00000: remote code execution - CVE-0000-00001: local privilege escalation You can install it anyway by whitelisting this package, using the following methods: a) for `nixos-rebuild` you can add ‘foobar-1.2.3’ to `nixpkgs.config.permittedInsecurePackages` in the configuration.nix, like so: { nixpkgs.config.permittedInsecurePackages = [ "foobar-1.2.3" ]; } b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add ‘foobar-1.2.3’ to `permittedInsecurePackages` in ~/.config/nixpkgs/config.nix, like so: { permittedInsecurePackages = [ "foobar-1.2.3" ]; } Adding either of these configurations will permit this specific version to be installed. A third option also exists: NIXPKGS_ALLOW_INSECURE=1 nix-build ... though I specifically avoided having a global file-based toggle to disable this check. This way, users don't disable it once in order to get a single package, and then don't realize future packages are insecure.
* | | | | | | | octoprint: jailbreak Jinja2Nikolay Amiantov2017-02-23
| | | | | | | |
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-30 15:49:02 +0000