Joachim Fasting
87bc514620
hardened-config: enable the SafeSetID LSM
...
The purpose of this LSM is to allow processes to drop to a less privileged
user id without having to grant them full CAP_SETUID (or use file caps).
The LSM allows configuring a whitelist policy of permitted from:to uid
transitions. The policy is enforced upon calls to setuid(2) and related
syscalls.
Policies are configured through securityfs by writing to
- safesetid/add_whitelist_policy ; and
- safesetid/flush_whitelist_policies
A process attempting a transition not permitted by current policy is killed
(to avoid accidentally running with higher privileges than intended).
A uid that has a configured policy is prevented from obtaining auxiliary
setuid privileges (e.g., setting up user namespaces).
See also: https://www.kernel.org/doc/html/latest/admin-guide/LSM/SafeSetID.html
2019-05-07 13:39:24 +02:00
Renaud
7085da0cef
Merge pull request #60870 from dkudriavtsev/patch-1
...
miraclecast: 20170427 -> 20190403
2019-05-07 13:37:39 +02:00
Renaud
029adb3ad4
Merge pull request #61003 from r-ryantm/auto-update/ocaml4.06.1-ppxlib
...
ocamlPackages.ppxlib: 0.5.0 -> 0.6.0
2019-05-07 13:19:50 +02:00
Frederik Rietdijk
01b99a67e9
Merge pull request #61028 from marsam/update-cedille
...
cedille: fix hash
2019-05-07 13:11:33 +02:00
Renaud
ad36fb38e2
Merge pull request #60992 from danieldk/cargo-asm-0.1.17
...
cargo-asm: 0.1.16 -> 0.1.17
2019-05-07 13:11:17 +02:00
R. RyanTM
af46c07eaf
python37Packages.lark-parser: 0.6.6 -> 0.7.0
...
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/python3.7-lark-parser/versions
2019-05-07 13:08:31 +02:00
Andrew Childs
1d754bbe94
qscintilla: fix dylib names on Darwin
...
On Darwin dylibs are intended to have their install names set to their
absolute path. Without an absolute path, applications using these
libraries will have invalid references embedded, and will be unable to
locate the libraries at runtime.
2019-05-07 13:08:00 +02:00
Elis Hirwing
0269936094
Merge pull request #61080 from DIzFer/jellyfin-remove-emby-ref
...
jellyfin: remove assertion if emby enabled: no emby module exists
2019-05-07 12:48:26 +02:00
Renaud
78b8ff9be0
Merge pull request #61017 from r-ryantm/auto-update/python3.7-Cerberus
...
python37Packages.cerberus: 1.2 -> 1.3
2019-05-07 12:23:28 +02:00
Robin Gloster
97450715da
Merge pull request #60678 from mayflower/atomicparsley-cross
...
atomicparsley: fix cross
2019-05-07 09:50:04 +00:00
Jörg Thalheim
2146e1023a
Merge pull request #61076 from Mic92/linux-fpu
...
linux_5_0: restore __kernel_fpu_{begin,restore}
2019-05-07 10:35:04 +01:00
Renaud
843a062c43
Merge pull request #61016 from r-ryantm/auto-update/python3.7-braintree
...
python37Packages.braintree: 3.52.0 -> 3.53.0
2019-05-07 11:30:36 +02:00
Jörg Thalheim
33220585a8
Merge pull request #61071 from dtzWill/update/creduce-2.9.0
...
creduce: 2.8.0 -> 2.9.0, llvm7
2019-05-07 10:05:02 +01:00
David Izquierdo
b24a87fafe
jellyfin: remove assertion if emby enabled: no emby module exists
2019-05-07 11:04:57 +02:00
Jörg Thalheim
7ed04c2a6f
postgresqlPackages.timescaledb: 1.2.2 -> 1.3.0 ( #61074 )
...
postgresqlPackages.timescaledb: 1.2.2 -> 1.3.0
2019-05-07 09:54:33 +01:00
Renaud
1303cc1136
Merge pull request #60972 from r-ryantm/auto-update/geos
...
geos: 3.7.1 -> 3.7.2
2019-05-07 10:39:07 +02:00
Joachim Fasting
7defc47944
tor-browser-bundle-bin: meta.homepage is a regular string
2019-05-07 09:48:16 +02:00
Joachim Fasting
501c2c28a4
tor-browser-bundle-bin: 8.0.8 -> 8.0.9
2019-05-07 09:48:10 +02:00
Jörg Thalheim
a3f8a25ab3
python.pkgs.imread: inherit native libs on callsite
...
this avoids potential namespace collisions between python libs
and packages from all-packags.nix:
https://github.com/NixOS/nixpkgs/pull/61033#issuecomment-489926103
2019-05-07 07:34:13 +01:00
Jörg Thalheim
6bcc5e2080
pythonPackages.imread: 0.6 -> 0.7.0 ( #61033 )
...
pythonPackages.imread: 0.6 -> 0.7.0
2019-05-07 07:23:33 +01:00
Jörg Thalheim
8da4d318d1
nix-review: 2.0.0 -> 2.0.1 ( #61078 )
...
nix-review: 2.0.0 -> 2.0.1
2019-05-07 07:19:19 +01:00
Jörg Thalheim
4a0fcfd3cc
flow: 0.98.0 -> 0.98.1 ( #61075 )
...
flow: 0.98.0 -> 0.98.1
2019-05-07 07:16:42 +01:00
Jörg Thalheim
cf5ed1d004
nix-review: 2.0.0 -> 2.0.1
2019-05-07 07:12:55 +01:00
Jörg Thalheim
dd2052ce36
awesome: use makeWrapper rather than wrapProgram ( #61060 )
...
awesome: use makeWrapper rather than wrapProgram
2019-05-07 07:07:36 +01:00
Jörg Thalheim
3a83427e6d
Merge pull request #61055 from nyanloutre/radarr_update_0_2_0_1344
...
radarr: 0.2.0.1293 -> 0.2.0.1344
2019-05-07 07:05:49 +01:00
Jörg Thalheim
6d207876db
Merge pull request #61057 from dywedir/i3status-rust
...
i3status-rust: 0.9.0.2019-03-21 -> 0.9.0.2019-04-27
2019-05-07 07:05:15 +01:00
Jörg Thalheim
c28f0c39d2
Merge pull request #61073 from marsam/fix-mpv-darwin
...
mpv: fix darwin build
2019-05-07 06:59:41 +01:00
Mario Rodas
2d6f91f26c
Merge pull request #61064 from mstojcevich/influxdb-176
...
influxdb: 1.7.5 -> 1.7.6
2019-05-07 00:32:41 -05:00
Michael Raskin
2ca644ea9a
Merge pull request #61070 from dtzWill/update/libreoffice-fresh-6.2.3.2
...
libreoffice-fresh: 6.2.2.2 -> 6.2.3.2
2019-05-07 05:16:55 +00:00
adisbladis
ca088617ac
firefox-beta-bin: 67.0b16 -> 67.0b17
2019-05-07 06:10:31 +01:00
adisbladis
5985cd73dc
firefox-devedition-bin: 67.0b7 -> 67.0b17
2019-05-07 06:10:31 +01:00
adisbladis
baf17a4042
pipenv: Add missing build input virtualenv-clone
2019-05-07 06:10:28 +01:00
Mario Rodas
dbba6f0b3c
flow: 0.98.0 -> 0.98.1
2019-05-07 00:05:00 -05:00
Mario Rodas
5a9983a76e
postgresqlPackages.timescaledb: 1.2.2 -> 1.3.0
2019-05-07 00:02:25 -05:00
Mario Rodas
20eda8246c
mpv: fix darwin build
2019-05-06 23:57:10 -05:00
Mario Rodas
bdbd5f6026
Merge pull request #61044 from greydot/fix-pipenv-deps
...
pipenv: fix missing dependency issue (#61027 )
2019-05-06 23:53:19 -05:00
Will Dietz
5fe0547457
creduce: 2.8.0 -> 2.9.0, llvm7
2019-05-06 23:39:56 -05:00
Will Dietz
d90da9197a
libreoffice-fresh: 6.2.2.2 -> 6.2.3.2
2019-05-06 23:38:11 -05:00
Mario Rodas
5e407fcbb0
Merge pull request #61042 from xrelkd/update/cargo-bloat
...
cargo-bloat: 0.6.2 -> 0.6.3
2019-05-06 22:07:24 -05:00
Profpatsch
6ad3c59f03
ultrastar-manager: 2017-05-24 -> 2019-04-23
2019-05-07 02:02:11 +02:00
Profpatsch
59aef0aa9c
ultrastar-creator: 2017-04-12 -> 2019-04-23
2019-05-07 02:02:11 +02:00
Profpatsch
3a0fbc17e2
libbass: update
2019-05-07 02:02:11 +02:00
Marcus Stojcevich
118487b694
influxdb: 1.7.5 -> 1.7.6
2019-05-06 19:38:37 -04:00
Renaud
0852a6e22a
Merge pull request #59654 from r-ryantm/auto-update/python3.7-fonttools
...
python37Packages.fonttools: 3.39.0 -> 3.41.0
2019-05-06 23:51:14 +02:00
Renaud
dfac1543d0
pythonPackages.fonttools: 3.40.0 -> 3.41.0
...
and specify license
2019-05-06 22:42:31 +02:00
Renaud
7c93bbec22
Merge pull request #60957 from r-ryantm/auto-update/bacula
...
bacula: 9.4.2 -> 9.4.3
2019-05-06 22:33:22 +02:00
Renaud
c9f1f40cb2
Merge pull request #60525 from r-ryantm/auto-update/flacon
...
flacon: 5.2.0 -> 5.4.0
2019-05-06 22:30:47 +02:00
Stefano Mazzucco
88f84c08d7
awesome: use makeWrapper rather than wrapProgram
...
Using wrapProgram makes so that the generated "awesome" wrapper duplicates its
command line options at every restart.
As @psychon puts it:
> AwesomeWM restarts via execvp(argv[0], argv). In NixOS, wrapProgram is used
> to generate a wrapper around the real binary. wrapProgram calls makeWrapper
> with --argv0 '$0'. I guess this is what makes awesomeWM run the wrapper again
> on restart. Without this --argv0 awesomeWM would directly restart itself
> instead of the wrapper, I think.
2019-05-06 21:08:55 +01:00
Renaud
834d8018f3
Merge pull request #60963 from r-ryantm/auto-update/dovecot-pigeonhole
...
dovecot_pigeonhole: 0.5.5 -> 0.5.6
2019-05-06 22:01:02 +02:00
Matthew Bauer
69cf07ec0f
Merge pull request #60828 from matthewbauer/mark-bad-platforms
...
Mark some bad platforms
2019-05-06 15:54:08 -04:00