about summary refs log tree commit diff
Commit message (Collapse)AuthorAge
* asterisk: add speex codecTim Digel2017-02-09
|
* ntfs3g: patch for CVE-2017-0358Graham Christensen2017-02-08
| | | | | | | | | From the Debian advisory: Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.
* Merge pull request #22575 from Ericson2314/localSystemJohn Ericson2017-02-08
|\ | | | | top-level: Allow nixpkgs to take localSystem directly
| * top-level: Allow nixpkgs to take localSystem directlyJohn Ericson2017-02-08
| | | | | | | | This is instead of both system and platform, which is kind of ugly.
* | spice: Patch for CVE-2016-9577, CVE-2016-9578Graham Christensen2017-02-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | From the Red Hat advisory: * A vulnerability was discovered in spice in the server's protocol handling. An authenticated attacker could send crafted messages to the spice server causing a heap overflow leading to a crash or possible code execution. (CVE-2016-9577) * A vulnerability was discovered in spice in the server's protocol handling. An attacker able to connect to the spice server could send crafted messages which would cause the process to crash. (CVE-2016-9578)
* | salt: 2016.3.3 -> 2016.11.2 for multiple CVEsGraham Christensen2017-02-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | From the Arch Linux advisory: - CVE-2017-5192 (arbitrary code execution): The `LocalClient.cmd_batch()` method client does not accept `external_auth` credentials and so access to it from salt-api has been removed for now. This vulnerability allows code execution for already- authenticated users and is only in effect when running salt-api as the `root` user. - CVE-2017-5200 (arbitrary command execution): Salt-api allows arbitrary command execution on a salt-master via Salt's ssh_client. Users of Salt-API and salt-ssh could execute a command on the salt master via a hole when both systems were enabled.
* | Merge pull request #22573 from nlewo/masterGraham Christensen2017-02-08
|\ \ | | | | | | rabbitmq: 3.5.8 -> 3.6.6
| * | rabbitmq: 3.5.8 -> 3.6.6Antoine Eiche2017-02-09
| | | | | | | | | | | | Fix CVE-2015-8786.
* | | autofs: Some cleanupTuomas Tynkkynen2017-02-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The --with-openldap and --with-sasl flags passed here are actually wrong as they don't point to the dev outputs of the packages. Anyway, autoconf recognizes the packages as they are in buildInputs. getBin is generally not needed - binaries can always be referred as ${foo}/bin/bar regardless of whether the package is multiple-output. meta.version is unnecessary.
* | | pythonPackages.twitter-common-*: add metaDan Peebles2017-02-08
| | | | | | | | | | | | I'd like to share the common meta fields across all of them but it didn't seem worth it.
* | | electricsheep: 2.7b33-598d93d90 -> 2.7b33-2017-02-04Franz Pletz2017-02-08
| | | | | | | | | | | | Also some cleanups like removed unused buildInputs.
* | | pythonPackages.searx: 0.10.0 -> 0.11.0Franz Pletz2017-02-08
| | |
* | | pythonPackages.pysocks: 1.5.7 -> 1.6.6Franz Pletz2017-02-08
| | |
* | | pythonPackages.lxml: 3.7.0 -> 3.7.2Franz Pletz2017-02-08
| | |
* | | pythonPackages.flask: 0.11.1 -> 0.12Franz Pletz2017-02-08
| | |
* | | pythonPackages.ndg-httpsclient: 0.4.0 -> 0.4.2Franz Pletz2017-02-08
| | |
* | | pythonPackages.certifi: 2016.2.28 -> 2017.1.23Franz Pletz2017-02-08
| | |
* | | nginx module: make acme group overrideable easilyFranz Pletz2017-02-08
| | |
* | | linux_3_18: remove due to EOLFranz Pletz2017-02-08
|/ /
* | pythonPackages.pex: add metaDan Peebles2017-02-08
| |
* | pythonPackages.pathspec: add metaDan Peebles2017-02-08
| |
* | pythonPackages.pants: fix typo in licenseDan Peebles2017-02-08
| |
* | pythonPackages.pants: add metaDan Peebles2017-02-08
| |
* | pythonPackages.ansicolors: add metaDan Peebles2017-02-08
| |
* | kbd service: don't restart systemd-vconsole-setupNikolay Amiantov2017-02-08
| | | | | | | | | | Fixes #22470. Also remove non-relevant comment (we don't deviate from upstream systemd unit anymore).
* | systemd service: don't install systemd-hwdb-updateNikolay Amiantov2017-02-08
| |
* | release notes: mention JRE changes and jre_headlessNikolay Amiantov2017-02-08
| |
* | jre_headless: add aliasNikolay Amiantov2017-02-08
| |
* | Merge pull request #22528 from garbas/fix-networkmanager-openvpnRok Garbas2017-02-08
|\ \ | | | | | | updating networkmanager and friends
| * | networkmanager_strongswan: 1.4.0 -> 1.4.1Rok Garbas2017-02-07
| | |
| * | networkmanager_openvpn: 1.2.6 -> 1.2.8Rok Garbas2017-02-07
| | |
| * | networkmanager_openconnect: 1.2.2 -> 1.2.4Rok Garbas2017-02-07
| | |
| * | networkmanager(applet): 1.4.2 -> 1.4.4Rok Garbas2017-02-07
| | |
* | | trezord: init at 1.2.0 (#22054)Andrew Cann2017-02-08
| | |
* | | Merge pull request #22555 from peterhoeg/u/wavpackGraham Christensen2017-02-08
|\ \ \ | | | | | | | | wavpack: 4.80.0 -> 5.1.0
| * | | wavpack: 4.80.0 -> 5.1.0Peter Hoeg2017-02-08
| | | |
* | | | digikam5: 5.3.0 -> 5.4.0Moritz Ulrich2017-02-08
| | | |
* | | | rawtherapee: 5.0 -> 5.0-r1Moritz Ulrich2017-02-08
| | | |
* | | | haskellPackages.typed-process: disable testsNikolay Amiantov2017-02-08
| | | | | | | | | | | | | | | | Networking is required for them.
* | | | moodle: Remove due to continued security issues.Graham Christensen2017-02-08
| | | |
* | | | gstreamer-*: 1.10.2 -> 1.10.3 for multiple CVEsGraham Christensen2017-02-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | gst-plugins-bad: From the Arch Linux advisory: - CVE-2017-5843 (arbitrary code execution): A double-free issue has been found in gstreamer before 1.10.3, in gst_mxf_demux_update_essence_tracks. - CVE-2017-5848 (denial of service): An out-of-bounds read has been found in gstreamer before 1.10.3, in gst_ps_demux_parse_psm. More: https://lwn.net/Vulnerabilities/713772/ gst-plugins-base: From the Arch Linux advisory: - CVE-2017-5837 (denial of service): A floating point exception issue has been found in gstreamer before 1.10.3, in gst_riff_create_audio_caps. - CVE-2017-5839 (denial of service): An endless recursion issue leading to stack overflow has been found in gstreamer before 1.10.3, in gst_riff_create_audio_caps. - CVE-2017-5842 (arbitrary code execution): An off-by-one write has been found in gstreamer before 1.10.3, in html_context_handle_element. - CVE-2017-5844 (denial of service): A floating point exception issue has been found in gstreamer before 1.10.3, in gst_riff_create_audio_caps. More: https://lwn.net/Vulnerabilities/713773/ gst-plugins-good: From the Arch Linux advisory: - CVE-2016-10198 (denial of service): An invalid memory read flaw has been found in gstreamer before 1.10.3, in gst_aac_parse_sink_setcaps. - CVE-2016-10199 (denial of service): An out of bounds read has been found in gstreamer before 1.10.3, in qtdemux_tag_add_str_full. - CVE-2017-5840 (denial of service): An out-of-bounds read has been found in gstreamer before 1.10.3, in qtdemux_parse_samples. - CVE-2017-5841 (denial of service): An out-of-bounds read has been found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt. - CVE-2017-5845 (denial of service): An out-of-bounds read has been found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt. More: https://lwn.net/Vulnerabilities/713774/ gst-plugins-ugly: From the Arch Linux advisory: - CVE-2017-5846 (denial of service): An out-of-bounds read has been found in gstreamer before 1.10.3, in gst_asf_demux_process_ext_stream_props. - CVE-2017-5847 (denial of service): An out-of-bounds read has been found in gstreamer before 1.10.3, in gst_asf_demux_process_ext_content_desc. More: https://lwn.net/Vulnerabilities/713775/ gstreamer: From the Arch Linux advisory: An out of bounds read has been found in gstreamer before 1.10.3, in gst_date_time_new_from_iso8601_string. More: https://lwn.net/Vulnerabilities/713776/
* | | | nixos/systemd: set r-x group permissions on /var/log/journalAntoine Eiche2017-02-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows services such as systemd-journal-gateway to access the systemd journal. Closes #22288
* | | | Merge pull request #22506 from rycee/bump/bash-completionPeter Simons2017-02-08
|\ \ \ \ | |/ / / |/| | | bash-completion: 2.4 -> 2.5
| * | | bash-completion: 2.4 -> 2.5Robert Helgesson2017-02-06
| | | |
* | | | taskwarrior: improve meta.description (taskwarrior has nothing to do with GTD)Peter Simons2017-02-08
| | | |
* | | | taskwarrior: patch bug in bash-completion filePeter Simons2017-02-08
| | | | | | | | | | | | | | | | The patch was submitted upstream, too.
* | | | Merge pull request #22541 from vrthra/libsixel-1.7.3Pascal Wittmann2017-02-08
|\ \ \ \ | | | | | | | | | | libsixel: 1.6.1 -> 1.7.3
| * | | | libsixel: 1.6.1 -> 1.7.3Rahul Gopinath2017-02-07
| | | | |
* | | | | Merge pull request #22468 from taktoa/souperPascal Wittmann2017-02-08
|\ \ \ \ \ | | | | | | | | | | | | souper: init at 2017-01-05
| * | | | | souper: init at 2017-01-05Remy Goldschmidt2017-02-06
| | | | | |
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-07 01:11:55 +0000