| Commit message (Collapse) | Author | Age |
| |
|
|
|
|
|
|
|
|
|
|
| |
Conflicts:
nixpkgs/nixos/modules/system/boot/systemd.nix
nixpkgs/pkgs/applications/networking/browsers/firefox/common.nix
nixpkgs/pkgs/applications/version-management/git-and-tools/cgit/common.nix
nixpkgs/pkgs/applications/version-management/git-and-tools/cgit/default.nix
nixpkgs/pkgs/applications/version-management/git-and-tools/cgit/pink.nix
nixpkgs/pkgs/top-level/all-packages.nix
|
|
|
|
| |
(cherry picked from commit ce8cbe3c01fd8ee2de526ccd84bbf9b82397a510)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cgit-pink is a fork of cgit that aims to be better maintained, because
cgit doesn't get a lot of attention any more, and almost every patch
sent in the last couple of years has been ignored.
The build system is exactly the same as cgit's, so I've created a
common cgit builder function. This way, improvements to cgit
packaging (I've already noticed a couple to make!) can be shared
between both packages. If the build systems diverge, we can separate
them out in future.
(cherry picked from commit deab83e11674f1cfbc9d5e5626d12ed9344d8091)
|
|
|
|
|
|
|
| |
I'm a bit confused why this dependency is required only when cross
compiling.
(cherry picked from commit 3c7b77e638b55dae5a90d690e320a0876d6e1d7c)
|
|
|
|
|
|
| |
Recent versions had increased the amount of indentation, which stopped
this applying. The next version will also change the case, so I've
adjusted in advance for that too.
|
|
|
|
|
| |
Conflicts:
nixpkgs/pkgs/applications/networking/browsers/firefox/packages.nix
|
| |
|
|
|
|
|
| |
https://www.mozilla.org/en-US/firefox/98.0/releasenotes/
(cherry picked from commit 7e5b346bd4fc80063d743e076b705e40c2387482)
|
|
|
|
| |
(cherry picked from commit de76433f5407a7661c5534e4d98a96794e35ceac)
|
|
|
|
|
| |
Conflicts:
nixpkgs/pkgs/applications/window-managers/sway/default.nix
|
|
|
|
|
|
|
|
|
|
| |
Conflicts:
nixpkgs/nixos/modules/programs/ssh.nix
nixpkgs/pkgs/applications/networking/browsers/firefox/packages.nix
nixpkgs/pkgs/data/fonts/noto-fonts/default.nix
nixpkgs/pkgs/development/go-modules/generic/default.nix
nixpkgs/pkgs/development/interpreters/ruby/default.nix
nixpkgs/pkgs/development/libraries/mesa/default.nix
|
|
|
|
| |
(cherry picked from commit 1dc68f203cc0d495dcd271d973590511adb1aaa6)
|
|
|
|
| |
(cherry picked from commit 88a7c0e327772fbac71e5c67d3fbad6b8709d092)
|
|
|
|
| |
(cherry picked from commit 2222e9b3f3892554a11910732bc2e73eee6d4dc5)
|
|
|
|
| |
(cherry picked from commit 0a0c1140dc3ca394e29033d059d7c18fd4bdfd7d)
|
|
|
|
| |
(cherry picked from commit 12b90a49fb708bacc883a839db9d449c8c97813e)
|
|
|
|
| |
(cherry picked from commit ee226b91dd32c1eedce8c30e9e63d443bbfd6f18)
|
|
|
|
| |
(cherry picked from commit c1b06381d8a742d9a6214018399b56f443d0717e)
|
|
|
|
| |
(cherry picked from commit eca8a5d6941626d43e05d73635e915a0d3f482ce)
|
|
|
|
| |
(cherry picked from commit 8b36faa20bc86ec9b278c3ca741b94d7fb8b3271)
|
|
|
|
| |
(cherry picked from commit 46223d06c63b9bdf979a714cec4ba7c45d098946)
|
|
|
|
| |
(cherry picked from commit 69dadbcd8bc98f9ab27cbf985059c8511946dafc)
|
|
|
|
| |
(cherry picked from commit c1a712267026f3a2c7d1b0bd48db4842b0595409)
|
|
|
|
| |
(cherry picked from commit 9b760ab5c480c517646def9a5484e361ded9bed7)
|
|
|
|
| |
Duplicate of weechatScripts.weechat-go.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The programs.ssh.knownHosts.*.publicKeyFile is broken, because it's
scoped to a set of host names, but to insert those host names on each
line of the file we'd have to parse out blank lines and comments, so
only the first line works. It would be much easier all round if users
just provided known hosts files in the normal format, and we pointed
ssh directly to them. This way, it would be possible to have multiple
keys for a single host (which is extremely common due to multiple
algorithms being commonplace).
We add an option for this instead of relying on extraConfig, because
we need to make sure /etc/ssh/ssh_known_hosts is always included to
ensure programs.ssh.knownHosts keeps working.
/etc/ssh/ssh_known_hosts2 is another OpenSSH default that seems a bit
weird, but there's no real reason to change that so we'll leave it.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
64b4af52961 ("kmod-blacklist-ubuntu: 22-1.1ubuntu1 -> 28-1ubuntu4")
doubled the size of the default initramfs. This happened because the
upgrade introduced this configuration:
remove iwlwifi \
(/sbin/lsmod | grep -o -e ^iwlmvm -e ^iwldvm -e ^iwlwifi | xargs /sbin/rmmod) \
&& /sbin/modprobe -r mac80211
This meant that the grep and xargs substitutions, which had been
inactive for years, suddenly became active again and became part of
kmod-blacklist-ubuntu's closure.
Since we're already using /run/booted-system for the kmod binaries,
I think it's okay to use it for grep and xargs as well. Both are
required NixOS packages, so they're guaranteed to be there.
Large increases in initramfs size are problematic, because it's often
not possible for users to do anything about them. It's not always
possible to increase the size of /boot, because some filesystems like
ZFS don't support being shrunk to make way for a bigger /boot.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
> We discovered a Local Privilege Escalation (from any user to root) in
> polkit's pkexec, a SUID-root program that is installed by default on
> every major Linux distribution
https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
Fixes: CVE-2021-4034
(cherry picked from commit bd3256cf4f7a651e234403977fa29d4dfde255b8)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Conflicts:
nixpkgs/nixos/modules/misc/documentation.nix
nixpkgs/pkgs/applications/networking/browsers/firefox/packages.nix
nixpkgs/pkgs/applications/window-managers/sway/default.nix
nixpkgs/pkgs/build-support/rust/build-rust-package/default.nix
nixpkgs/pkgs/development/go-modules/generic/default.nix
nixpkgs/pkgs/development/interpreters/ruby/default.nix
nixpkgs/pkgs/development/interpreters/ruby/patchsets.nix
nixpkgs/pkgs/development/libraries/boehm-gc/7.6.6.nix
nixpkgs/pkgs/development/python-modules/django-mailman3/default.nix
nixpkgs/pkgs/servers/mail/mailman/web.nix
nixpkgs/pkgs/top-level/aliases.nix
nixpkgs/pkgs/top-level/all-packages.nix
nixpkgs/pkgs/top-level/impure.nix
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sa-update.service starts by making an HTTP GET request to
http://spamassassin.apache.org/updates/MIRRORED.BY, which now
redirects to HTTPS. Since we didn't have the appropriate library
available to handle HTTPS, rule updates would fail:
Jan 03 12:35:03 atuin systemd[1]: Starting sa-update.service...
Jan 03 12:35:10 atuin sa-update-start[1250]: Update available for channel updates.spamassassin.org: 1895535 -> 1896618
Jan 03 12:35:10 atuin sa-update-start[1250]: http: (lwp) hotpatching IO::Socket::INET by module IO::Socket::IP
Jan 03 12:35:11 atuin sa-update-start[1250]: http: (lwp) GET http://spamassassin.apache.org/updates/MIRRORED.BY, 501 Protocol scheme 'https' is not supported (LWP::Protocol::https not installed)
Jan 03 12:35:11 atuin sa-update-start[1250]: error: unable to refresh mirrors file for channel updates.spamassassin.org, using old file
Jan 03 12:35:11 atuin sa-update-start[1250]: error: no mirror data available for channel updates.spamassassin.org
Jan 03 12:35:11 atuin sa-update-start[1250]: channel 'updates.spamassassin.org': MIRRORED.BY file contents were missing, channel failed
Jan 03 12:35:11 atuin sa-update-start[1250]: Update failed, exiting with code 4
Jan 03 12:35:11 atuin systemd[1]: sa-update.service: Main process exited, code=exited, status=4/NOPERMISSION
Jan 03 12:35:11 atuin systemd[1]: sa-update.service: Failed with result 'exit-code'.
Jan 03 12:35:11 atuin systemd[1]: Failed to start sa-update.service.
|
| |
|
|
|
|
| |
(cherry picked from commit 7dfcaf5e73feebe12606dbc4c08128af75797fa4)
|
|
|
|
|
|
|
|
|
|
| |
initrd-linux: -12427.8 KiB
linux: -12419.3 KiB
nc2k9ym14spzz2pgq6hn84k8k9zgf686: ∅ → ε, +102451.2 KiB
nixos-system-turingmachine: 21.11.20211015.a2dcfa2 → 21.11.20211017.c6f77b7
visjwxsjqmh8c9lxnrxsw5w19zszflm6: ε → ∅, -102451.0 KiB
zfs-kernel: -12419.3 KiB
(cherry picked from commit eefdd9ffb29fad8e650ef8f063d8e4eab4e1e3c2)
|
|
|
|
| |
This wasn't set before, leaving it to default to the unsafe "nogroup".
|
|
|
|
|
|
|
|
| |
Conflicts:
nixpkgs/nixos/modules/services/networking/ssh/sshd.nix
nixpkgs/pkgs/applications/networking/irc/weechat/scripts/default.nix
nixpkgs/pkgs/development/node-packages/default.nix
nixpkgs/pkgs/development/python-modules/priority/deadline.patch
|
|
|
|
| |
This reverts commit beba9f4200b63f1ebca305efb92dd2407caaf40e.
|
|
|
|
|
| |
Conflicts:
nixpkgs/nixos/modules/config/update-users-groups.pl
|
| |
|
|
|
|
|
| |
qcluster won't be happy if it's started before the database migrations
have been run.
|
| |
|
| |
|
|
|
|
|
|
|
| |
fix CVE-2021-37601
annoucement: https://blog.prosody.im/prosody-0.11.10-released/
(cherry picked from commit b977d45922c2a64290b62d0725619caf12e00f78)
|
| |
|
| |
|
|
|
|
|
| |
https://github.com/openzfs/zfs/releases/tag/zfs-2.1.0-rc8
(cherry picked from commit 5ef8322daa6007ef0256460c0de339f70d718e50)
|
|
|
|
|
| |
Fixes: 367a53a82b0 ("linux_5_13: init at 5.13")
(cherry picked from commit 0c21d0fd7035d65e48d561a64d1ad1454c640aff)
|
| |
|
|
|
|
| |
Mailman is not currently compatible with 1.4, our default in Nixpkgs.
|