| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Conflicts:
nixpkgs/nixos/modules/config/console.nix
nixpkgs/nixos/modules/services/mail/mailman.nix
nixpkgs/nixos/modules/services/mail/public-inbox.nix
nixpkgs/nixos/modules/services/mail/rss2email.nix
nixpkgs/nixos/modules/services/networking/ssh/sshd.nix
nixpkgs/pkgs/applications/networking/instant-messengers/dino/default.nix
nixpkgs/pkgs/applications/networking/irc/weechat/default.nix
nixpkgs/pkgs/applications/window-managers/sway/default.nix
nixpkgs/pkgs/build-support/go/module.nix
nixpkgs/pkgs/build-support/rust/build-rust-package/default.nix
nixpkgs/pkgs/development/interpreters/python/default.nix
nixpkgs/pkgs/development/node-packages/overrides.nix
nixpkgs/pkgs/development/tools/b4/default.nix
nixpkgs/pkgs/servers/dict/dictd-db.nix
nixpkgs/pkgs/servers/mail/public-inbox/default.nix
nixpkgs/pkgs/tools/security/pinentry/default.nix
nixpkgs/pkgs/tools/text/unoconv/default.nix
nixpkgs/pkgs/top-level/all-packages.nix
|
|
|
|
|
|
| |
This reverts commit e29dd58a0de91c3a3b6b5ebf1b2f02a648b4f9bf.
I don't use this, and it's not worth the merge conflicts.
|
| |
|
|
|
|
|
| |
I don't need to disable any Cairo features, and upstream is switching
to Meson, so won't be interested in these patches.
|
| |
|
|
|
|
| |
(cherry picked from commit 43465c94d4d30c5c977b78ae12f4e1a47a3760ea)
|
|
|
|
|
| |
Fixes: CVE-2023-28686
(cherry picked from commit 81192e2b927f13e8ec70c210682a545363a31e90)
|
|
|
|
| |
(cherry picked from commit bfc4a9d9d33d44f7d183553be8e1712917f1213b)
|
|
|
|
|
|
|
|
| |
On spectrum-os.org, mailman-web is run at /lists. With this change,
it's possible for us to switch from a custom uWSGI configuration to
the one now built in to the Mailman module.
(cherry picked from commit 1cdd9a3fe67b77a2cd23f4bc363cb019e966af71)
|
|
|
|
| |
Required for --tomp4.
|
|
|
|
| |
For shazam.
|
| |
|
| |
|
| |
|
|
|
|
| |
This can break DKIM.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From hosts(5) (emphasis mine):
> For each host a *single* line should be present with the following
> information:
Prior to this change, my hosts file looked like this:
127.0.0.1 localhost
::1 localhost
127.0.0.2 atuin.qyliss.net atuin
::1 atuin.qyliss.net atuin
After this change, it looks like this:
127.0.0.1 localhost
::1 localhost atuin.qyliss.net atuin
127.0.0.2 atuin.qyliss.net atuin
Having multiple lines for the same IP breaks glibc's gethostbyaddr.
The easiest way to demonstrate this is with Python, but a simplified C
program is provided at the end of this message too.
$ python3 -c 'import socket; print(socket.gethostbyaddr("::1"))'
('localhost', [], ['::1'])
With this fix applied:
$ python3 -c 'import socket; print(socket.gethostbyaddr("::1"))'
('localhost', ['atuin.qyliss.net', 'atuin'], ['::1'])
As a higher level example, socket.getfqdn() will return 'localhost'
without this change, and 'atuin.qyliss.net' with it. This was
responsible for my Mailman instance sending mail with @localhost in
the Message-Id.
C program:
#include <err.h>
#include <netdb.h>
#include <sysexits.h>
#include <stdio.h>
int main(void)
{
struct in6_addr addr = { 0 };
addr.s6_addr[sizeof addr.s6_addr - 1] = 1; // ::1
struct hostent *host = gethostbyaddr(&addr, sizeof addr, AF_INET6);
if (!host)
err(EX_OSERR, "gethostbyaddr: %s", hstrerror(h_errno));
printf("name: %s\n", host->h_name);
size_t n;
for (n = 0; host->h_aliases[n]; n++);
printf("aliases (%zu):", n);
for (size_t i = 0; i < n; i++)
printf(" %s", host->h_aliases[i]);
printf("\n");
}
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Conflicts:
nixpkgs/nixos/modules/system/boot/systemd.nix
nixpkgs/pkgs/applications/networking/browsers/firefox/common.nix
nixpkgs/pkgs/applications/version-management/git-and-tools/cgit/common.nix
nixpkgs/pkgs/applications/version-management/git-and-tools/cgit/default.nix
nixpkgs/pkgs/applications/version-management/git-and-tools/cgit/pink.nix
nixpkgs/pkgs/top-level/all-packages.nix
|
|
|
|
| |
(cherry picked from commit ce8cbe3c01fd8ee2de526ccd84bbf9b82397a510)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cgit-pink is a fork of cgit that aims to be better maintained, because
cgit doesn't get a lot of attention any more, and almost every patch
sent in the last couple of years has been ignored.
The build system is exactly the same as cgit's, so I've created a
common cgit builder function. This way, improvements to cgit
packaging (I've already noticed a couple to make!) can be shared
between both packages. If the build systems diverge, we can separate
them out in future.
(cherry picked from commit deab83e11674f1cfbc9d5e5626d12ed9344d8091)
|
|
|
|
|
|
|
| |
I'm a bit confused why this dependency is required only when cross
compiling.
(cherry picked from commit 3c7b77e638b55dae5a90d690e320a0876d6e1d7c)
|
|
|
|
|
|
| |
Recent versions had increased the amount of indentation, which stopped
this applying. The next version will also change the case, so I've
adjusted in advance for that too.
|
|
|
|
|
| |
Conflicts:
nixpkgs/pkgs/applications/networking/browsers/firefox/packages.nix
|
| |
|
|
|
|
|
| |
https://www.mozilla.org/en-US/firefox/98.0/releasenotes/
(cherry picked from commit 7e5b346bd4fc80063d743e076b705e40c2387482)
|
|
|
|
| |
(cherry picked from commit de76433f5407a7661c5534e4d98a96794e35ceac)
|
|
|
|
|
| |
Conflicts:
nixpkgs/pkgs/applications/window-managers/sway/default.nix
|
|
|
|
|
|
|
|
|
|
| |
Conflicts:
nixpkgs/nixos/modules/programs/ssh.nix
nixpkgs/pkgs/applications/networking/browsers/firefox/packages.nix
nixpkgs/pkgs/data/fonts/noto-fonts/default.nix
nixpkgs/pkgs/development/go-modules/generic/default.nix
nixpkgs/pkgs/development/interpreters/ruby/default.nix
nixpkgs/pkgs/development/libraries/mesa/default.nix
|
|
|
|
| |
(cherry picked from commit 1dc68f203cc0d495dcd271d973590511adb1aaa6)
|
|
|
|
| |
(cherry picked from commit 88a7c0e327772fbac71e5c67d3fbad6b8709d092)
|
|
|
|
| |
(cherry picked from commit 2222e9b3f3892554a11910732bc2e73eee6d4dc5)
|
|
|
|
| |
(cherry picked from commit 0a0c1140dc3ca394e29033d059d7c18fd4bdfd7d)
|
|
|
|
| |
(cherry picked from commit 12b90a49fb708bacc883a839db9d449c8c97813e)
|
|
|
|
| |
(cherry picked from commit ee226b91dd32c1eedce8c30e9e63d443bbfd6f18)
|
|
|
|
| |
(cherry picked from commit c1b06381d8a742d9a6214018399b56f443d0717e)
|
|
|
|
| |
(cherry picked from commit eca8a5d6941626d43e05d73635e915a0d3f482ce)
|
|
|
|
| |
(cherry picked from commit 8b36faa20bc86ec9b278c3ca741b94d7fb8b3271)
|
|
|
|
| |
(cherry picked from commit 46223d06c63b9bdf979a714cec4ba7c45d098946)
|
|
|
|
| |
(cherry picked from commit 69dadbcd8bc98f9ab27cbf985059c8511946dafc)
|
|
|
|
| |
(cherry picked from commit c1a712267026f3a2c7d1b0bd48db4842b0595409)
|
|
|
|
| |
(cherry picked from commit 9b760ab5c480c517646def9a5484e361ded9bed7)
|
|
|
|
| |
Duplicate of weechatScripts.weechat-go.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The programs.ssh.knownHosts.*.publicKeyFile is broken, because it's
scoped to a set of host names, but to insert those host names on each
line of the file we'd have to parse out blank lines and comments, so
only the first line works. It would be much easier all round if users
just provided known hosts files in the normal format, and we pointed
ssh directly to them. This way, it would be possible to have multiple
keys for a single host (which is extremely common due to multiple
algorithms being commonplace).
We add an option for this instead of relying on extraConfig, because
we need to make sure /etc/ssh/ssh_known_hosts is always included to
ensure programs.ssh.knownHosts keeps working.
/etc/ssh/ssh_known_hosts2 is another OpenSSH default that seems a bit
weird, but there's no real reason to change that so we'll leave it.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
64b4af52961 ("kmod-blacklist-ubuntu: 22-1.1ubuntu1 -> 28-1ubuntu4")
doubled the size of the default initramfs. This happened because the
upgrade introduced this configuration:
remove iwlwifi \
(/sbin/lsmod | grep -o -e ^iwlmvm -e ^iwldvm -e ^iwlwifi | xargs /sbin/rmmod) \
&& /sbin/modprobe -r mac80211
This meant that the grep and xargs substitutions, which had been
inactive for years, suddenly became active again and became part of
kmod-blacklist-ubuntu's closure.
Since we're already using /run/booted-system for the kmod binaries,
I think it's okay to use it for grep and xargs as well. Both are
required NixOS packages, so they're guaranteed to be there.
Large increases in initramfs size are problematic, because it's often
not possible for users to do anything about them. It's not always
possible to increase the size of /boot, because some filesystems like
ZFS don't support being shrunk to make way for a bigger /boot.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
> We discovered a Local Privilege Escalation (from any user to root) in
> polkit's pkexec, a SUID-root program that is installed by default on
> every major Linux distribution
https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
Fixes: CVE-2021-4034
(cherry picked from commit bd3256cf4f7a651e234403977fa29d4dfde255b8)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Conflicts:
nixpkgs/nixos/modules/misc/documentation.nix
nixpkgs/pkgs/applications/networking/browsers/firefox/packages.nix
nixpkgs/pkgs/applications/window-managers/sway/default.nix
nixpkgs/pkgs/build-support/rust/build-rust-package/default.nix
nixpkgs/pkgs/development/go-modules/generic/default.nix
nixpkgs/pkgs/development/interpreters/ruby/default.nix
nixpkgs/pkgs/development/interpreters/ruby/patchsets.nix
nixpkgs/pkgs/development/libraries/boehm-gc/7.6.6.nix
nixpkgs/pkgs/development/python-modules/django-mailman3/default.nix
nixpkgs/pkgs/servers/mail/mailman/web.nix
nixpkgs/pkgs/top-level/aliases.nix
nixpkgs/pkgs/top-level/all-packages.nix
nixpkgs/pkgs/top-level/impure.nix
|