colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
595,663 Commits 125 Branches 0 Tags 3.4 GiB
4555e6b3ea
Commit Graph

595663 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
R. Ryantm
4555e6b3ea fx: 31.0.0 -> 32.0.0 2024-03-11 22:26:23 +00:00
Adam C. Stephens
1809887dbe
Merge pull request #294443 from evanrichter/init-gitu 
gitu: init at 0.5.4
 2024-03-11 13:47:08 -04:00
Silvan Mosberger
7b4ea5d340
Merge pull request #293664 from tweag/by-name-update-pin 
check-by-name: Update pinned tooling
 2024-03-11 18:40:23 +01:00
Rick van Schijndel
63dc52bdbf
Merge pull request #294981 from wegank/nomacs-refactor 
nomacs: refactor
 2024-03-11 18:35:03 +01:00
Yaya
57df47d918 snipe-it: 6.3.1 -> 6.3.3 
https://github.com/snipe/snipe-it/releases/tag/v6.3.3
 2024-03-11 18:16:36 +01:00
Yaya
c1fd254beb snipe-it: Move to pkgs/by-name/ 2024-03-11 18:16:36 +01:00
Yaya
eb12b77ff0 snipe-it: 6.2.2 -> 6.3.1 
https://github.com/snipe/snipe-it/releases/tag/v6.3.0
https://github.com/snipe/snipe-it/releases/tag/v6.3.1
 2024-03-11 18:16:36 +01:00
Pol Dellaiera
8deb162d09
Merge pull request #293722 from savedra1/clipse-init/0.0.6 
clipse: init at 0.0.6
 2024-03-11 18:05:22 +01:00
Nick Cao
dc4a6bcdca
Merge pull request #294592 from sinavir/aiohttp_better_packaging 
python311Packages.aiohttp-client-cache: Use standard packaging
 2024-03-11 12:44:26 -04:00
David McFarland
c2eb1270d7
Merge pull request #294576 from corngood/dotnet-vmr-size 
dotnet: strip native symbols from runtime
 2024-03-11 13:43:34 -03:00
emilylange
08c37ba899 nixos/lldap: set service UMask=0027 and StateDirectoryMode=0750 
While `/var/lib/lldap` isn't technically accessible by unprivileged
users thanks to `DynamicUser=true`, a user might prefer and change it to
`DynamicUser=false`.

There is currently also a PR open that intends to make `DynamicUser`
configurable via module option.

As such, `jwt_secret_file`, if bootstrapped by the service start
procedure, might be rendered world-readable due to its permissions
(`0644/-rw-r--r--`) defaulting to the service's umask (`022`) and
`/var/lib/lldap` to `0755/drwxr-xr-x` due to `StateDirectoryMode=0755`.

This would usually be fixed by using `(umask 027; openssl ...)` instead
of just `openssl ...`.

However, it was found that another file (`users.db`), this time
bootstrapped by `lldap` itself, also had insufficient permissions
(`0644/-rw-r--r--`) inherited by the global umask and would be left
world-readable as well.

Due to this, we instead change the service's to `027`.

And to lower the impact for already bootstrapped files on existing
instances like `users.db`, set `StateDirectoryMode=0750`.
 2024-03-11 17:34:29 +01:00
emilylange
7501889950 lldap: remove emilylange from maintainers 
I find lldap's defaults security-wise and its security-posture in a
broader sense deeply unsettling for something as security-critical an
authentication server.
 2024-03-11 17:34:29 +01:00
emilylange
61a651e362 nixos/lldap: bootstrap jwt_secret if not provided 
If not provided, lldap defaults to `secretjwtsecret` as value which is
hardcoded in the code base.

See https://github.com/lldap/lldap/blob/v0.5.0/server/src/infra/configuration.rs#L76-L77

This is really bad, because it is trivially easy to generate an admin
access token/cookie as attacker, if a `jwt_secret` is known.
 2024-03-11 17:34:29 +01:00
nixpkgs-merge-bot[bot]
bc3604ee35
Merge pull request #294989 from r-ryantm/auto-update/ast-grep 
ast-grep: 0.19.3 -> 0.19.4
 2024-03-11 16:26:14 +00:00
Paul Meyer
08a5ab8937
Merge pull request #287262 from katexochen/dnf4/4-19-0 
dnf4: 4.18.2 -> 4.19.0
 2024-03-11 17:20:10 +01:00
Pol Dellaiera
54c52cb276
Merge pull request #294334 from ShamrockLee/sourceroot-fix 
treewide: fix hard-coded `sourceRoot` prefix for `fetchgit`-based `src`
 2024-03-11 16:50:57 +01:00
sinavir
06354636e7 python311Packages.aiohttp-client-cache: Use standard packaging 2024-03-11 16:40:42 +01:00
Pol Dellaiera
9336998b51
Merge pull request #295011 from drupol/php/extensions/dom/fix-lower-bound 
phpExtensions.dom: fix lowest extensions
 2024-03-11 16:37:58 +01:00
Nick Cao
1e88f68d65
Merge pull request #294987 from GaetanLepage/rye 
rye: 0.28.0 -> 0.29.0
 2024-03-11 11:37:20 -04:00
Adam C. Stephens
9bc6d4892b
Merge pull request #294976 from r-ryantm/auto-update/sabnzbd 
sabnzbd: 4.2.2 -> 4.2.3
 2024-03-11 11:34:32 -04:00
Nick Cao
c3e5053776
Merge pull request #294776 from r-ryantm/auto-update/python311Packages.persim 
python311Packages.persim: 0.3.2 -> 0.3.5
 2024-03-11 11:31:59 -04:00
Nick Cao
65a57ea8f1
Merge pull request #294480 from r-ryantm/auto-update/frugal 
frugal: 3.17.8 -> 3.17.9
 2024-03-11 11:29:29 -04:00
Nick Cao
fa5174047b
Merge pull request #294525 from r-ryantm/auto-update/python311Packages.google-cloud-asset 
python311Packages.google-cloud-asset: 3.24.3 -> 3.25.0
 2024-03-11 11:28:17 -04:00
Pol Dellaiera
47195dc3d9
phpExtensions.dom: fix lowest extensions 2024-03-11 16:28:15 +01:00
Nick Cao
ace81d4760
Merge pull request #294534 from r-ryantm/auto-update/python311Packages.google-cloud-websecurityscanner 
python311Packages.google-cloud-websecurityscanner: 1.14.2 -> 1.14.3
 2024-03-11 11:27:36 -04:00
Nick Cao
787d63155b
Merge pull request #294276 from r-ryantm/auto-update/conftest 
conftest: 0.49.1 -> 0.50.0
 2024-03-11 11:25:16 -04:00
Nick Cao
983419d857
Merge pull request #294283 from r-ryantm/auto-update/discordo 
discordo: unstable-2024-03-03 -> unstable-2024-03-07
 2024-03-11 11:24:27 -04:00
Nick Cao
996086f259
Merge pull request #294291 from r-ryantm/auto-update/dolt 
dolt: 1.35.0 -> 1.35.1
 2024-03-11 11:24:04 -04:00
Nick Cao
6b775f7508
Merge pull request #294293 from r-ryantm/auto-update/rootlesskit 
rootlesskit: 2.0.1 -> 2.0.2
 2024-03-11 11:23:36 -04:00
Nick Cao
1df6e81d4f
Merge pull request #294402 from r-ryantm/auto-update/zotero 
zotero: 6.0.30 -> 6.0.35
 2024-03-11 11:21:00 -04:00
Nick Cao
15d798ec85
Merge pull request #294422 from r-ryantm/auto-update/schismtracker 
schismtracker: 20240129 -> 20240308
 2024-03-11 11:19:50 -04:00
Nick Cao
e4cbd578c0
Merge pull request #294423 from r-ryantm/auto-update/sesh 
sesh: 0.12.0 -> 0.15.0
 2024-03-11 11:18:57 -04:00
Nick Cao
06b8766d1c
Merge pull request #294424 from r-ryantm/auto-update/pocketbase 
pocketbase: 0.22.2 -> 0.22.3
 2024-03-11 11:18:28 -04:00
Nick Cao
cbfa2e96b2
Merge pull request #293915 from r-ryantm/auto-update/flannel 
flannel: 0.24.2 -> 0.24.3
 2024-03-11 11:16:49 -04:00
Nick Cao
91078e2559
Merge pull request #294211 from r-ryantm/auto-update/wt 
wt: 4.10.0 -> 4.10.4
 2024-03-11 11:14:00 -04:00
Nick Cao
3728168b51
Merge pull request #294224 from r-ryantm/auto-update/dovecot_fts_xapian 
dovecot_fts_xapian: 1.7.4 -> 1.7.6
 2024-03-11 11:13:35 -04:00
Nick Cao
c5be907013
Merge pull request #294264 from r-ryantm/auto-update/rune 
rune: 0.13.1 -> 0.13.2
 2024-03-11 11:12:30 -04:00
Nick Cao
402a68d46a
Merge pull request #294759 from NickCao/v2ray-domain-list-community 
v2ray-domain-list-community: 20240221053250 -> 20240310062737
 2024-03-11 11:11:22 -04:00
Sandro
86e1192133
Merge pull request #293285 from funkeleinhorn/fix-pytest-examples 2024-03-11 16:10:57 +01:00
Nick Cao
25df16498b
Merge pull request #294980 from khaneliman/sketchybar-app-font 
sketchybar-app-font: 2.0.5 -> 2.0.7
 2024-03-11 11:09:49 -04:00
Nick Cao
3dc3f4317e
Merge pull request #294983 from r-ryantm/auto-update/reviewdog 
reviewdog: 0.17.1 -> 0.17.2
 2024-03-11 11:09:31 -04:00
Nick Cao
65176a0b2f
Merge pull request #294984 from r-ryantm/auto-update/pfetch-rs 
pfetch-rs: 2.9.0 -> 2.9.1
 2024-03-11 11:09:15 -04:00
Nick Cao
83c28bafad
Merge pull request #294985 from r-ryantm/auto-update/python312Packages.types-redis 
python312Packages.types-redis: 4.6.0.20240218 -> 4.6.0.20240311
 2024-03-11 11:08:57 -04:00
Nick Cao
b07e7eaa23
Merge pull request #294990 from r-ryantm/auto-update/python312Packages.types-psycopg2 
python312Packages.types-psycopg2: 2.9.21.20240218 -> 2.9.21.20240311
 2024-03-11 11:08:17 -04:00
Nick Cao
8f34152a8d
Merge pull request #294999 from r-ryantm/auto-update/python312Packages.adafruit-io 
python312Packages.adafruit-io: 2.7.1 -> 2.7.2
 2024-03-11 11:07:50 -04:00
Sandro
869ec01e56
Merge pull request #294286 from SuperSandro2000/unbound-remote-config-check 2024-03-11 16:06:31 +01:00
Nick Cao
f06705dadc
Merge pull request #295001 from r-ryantm/auto-update/fastly 
fastly: 10.8.4 -> 10.8.5
 2024-03-11 11:04:42 -04:00
Nick Cao
a2e44ded81
Merge pull request #294969 from r-ryantm/auto-update/python312Packages.types-pyopenssl 
python312Packages.types-pyopenssl: 24.0.0.20240228 -> 24.0.0.20240311
 2024-03-11 11:02:06 -04:00
Nick Cao
db2dc54ff5
Merge pull request #294965 from r-ryantm/auto-update/python312Packages.types-markdown 
python312Packages.types-markdown: 3.5.0.20240129 -> 3.5.0.20240311
 2024-03-11 11:01:48 -04:00
Nick Cao
7d943dbd14
Merge pull request #294959 from r-ryantm/auto-update/python312Packages.types-mock 
python312Packages.types-mock: 5.1.0.20240106 -> 5.1.0.20240311
 2024-03-11 11:01:26 -04:00