joachifm
1377335689
Merge pull request #14372 from joachifm/hidepid
...
nixos: add option to restrict process information to process owners
2016-04-10 12:44:17 +02:00
Joachim Fasting
cef2814a4f
nixos: add optional process information hiding
...
This module adds an option `security.hideProcessInformation` that, when
enabled, restricts access to process information such as command-line
arguments to the process owner. The module adds a static group "proc"
whose members are exempt from process information hiding.
Ideally, this feature would be implemented by simply adding the
appropriate mount options to `fileSystems."/proc".fsOptions`, but this
was found to not work in vmtests. To ensure that process information
hiding is enforced, we use a systemd service unit that remounts `/proc`
after `systemd-remount-fs.service` has completed.
To verify the correctness of the feature, simple tests were added to
nixos/tests/misc: the test ensures that unprivileged users cannot see
process information owned by another user, while members of "proc" CAN.
Thanks to @abbradar for feedback and suggestions.
2016-04-10 12:27:06 +02:00
joachifm
496a369805
Merge pull request #14561 from micxjo/update-botan
...
botanUnstable: 1.11.28 -> 1.11.29 (security)
2016-04-10 11:56:11 +02:00
Franz Pletz
2463e09173
virtinst: Fix cherry-pick merge
2016-04-10 01:26:45 +02:00
Robin Gloster
fe974894e2
virt-manager: remove sqlalchemy from (transitive) dependencies
...
Is not used according to source code
2016-04-10 01:21:46 +02:00
Franz Pletz
b667040c7c
Merge pull request #14543 from groxxda/fix/minidlna
...
minidlna: logging via journalctl, use systemd runtimedirectory, install manpages
2016-04-10 01:14:48 +02:00
Franz Pletz
2579128897
Merge pull request #14547 from groxxda/bump/wayland
...
wayland: 1.9.0 -> 1.10.0, weston: 1.9.0 -> 1.10.0, wayland-protocols: init at 1.3
2016-04-10 01:11:55 +02:00
Franz Pletz
870ce8fc83
Merge pull request #14544 from groxxda/bump/libinput
...
libinput: 1.2.1 -> 1.2.2, propagate udev dependency
2016-04-10 01:09:18 +02:00
joachifm
44af20f601
Merge pull request #14560 from DamienCassou/khard-0.9.0
...
khard: 0.8.1 -> 0.9.0
2016-04-10 00:50:32 +02:00
zimbatm
3b33c3628a
fixup! Simplify contributing
2016-04-09 20:51:26 +01:00
Joachim Fasting
aec8daed86
duc: fix meta.license
2016-04-09 21:35:29 +02:00
Micxjo Funkcio
3c2e932450
botanUnstable: 1.11.28 -> 1.11.29 (security)
...
This release contains fixes for
* CVE-2016-2849
* CVE-2016-2850
2016-04-09 12:18:55 -07:00
Damien Cassou
2601b32990
khard: 0.8.1 -> 0.9.0
2016-04-09 20:28:34 +02:00
Luca Bruno
73bf336934
duc: init at 1.3.3
2016-04-09 20:08:38 +02:00
Joachim Fasting
6111d5b480
youtube-dl: 2016.02.13 -> 2016.04.06
2016-04-09 19:47:42 +02:00
joachifm
1d36e6ec07
Merge pull request #14382 from aneeshusa/update-ccache-stdenv-documentation
...
ccacheStdenv: provide working example config in docs
2016-04-09 19:38:12 +02:00
Florian Steinel
2486191f39
thttpd: 2.26 -> 2.27
...
from http://www.acme.com/software/thttpd/#releasenotes
New in version 2.27:
- Stats syslogs changed from LOG_INFO to LOG_NOTICE.
- Use memmove() for self-overlapping string copies instead of strcpy().
- Couple of subroutine name changes for consistency.
2016-04-09 19:28:50 +02:00
Tuomas Tynkkynen
03c6434756
Merge pull request #14526 from Profpatsch/fish-completions
...
fish: pick up completion files from other packages
2016-04-09 20:08:46 +03:00
zimbatm
8706726d59
Simplify contributing
...
* Highlight the top mistakes directly in CONTRIBUTING.md
* Remove unecessary cruft from the PR template
2016-04-09 17:59:35 +01:00
joachifm
34732f0369
Merge pull request #14552 from zohl/dumptorrent
...
dumptorrent: init at 1.2
2016-04-09 18:49:22 +02:00
Al Zohali
85129e6c60
dumptorrent: init at 1.2
2016-04-09 19:31:56 +03:00
joachifm
ff52ac75f6
Merge pull request #14191 from mbakke/p7zip-15.14.1
...
p7zip: 9.38 -> 15.14.1
2016-04-09 18:11:28 +02:00
zimbatm
26ad6b8c83
Merge pull request #14555 from thall/ums_6_2_2
...
ums 5.4.0 -> 6.2.2
2016-04-09 17:09:10 +01:00
joachifm
427fda97cb
Merge pull request #14551 from pmahoney/awscli
...
awscli: 1.10.1 -> 1.10.18
2016-04-09 18:08:38 +02:00
joachifm
2b5b90438b
Merge pull request #14554 from sheenobu/bugfix/spotify/upgrade_ssl
...
spotify: 1.0.26.125.g64dc8bc6-14 -> 1.0.27.71.g0a26e3b2-9
2016-04-09 18:05:05 +02:00
joachifm
079c03a2c9
Merge pull request #14539 from colemickens/update-plex
...
Plex: update plex, plexpass; fix plex module to restart
2016-04-09 18:01:58 +02:00
joachifm
ddef34387d
Merge pull request #14518 from CrystalGamma/master
...
lombok: init at 1.16.8
2016-04-09 17:47:15 +02:00
Marius Bakke
5d15c0f5fd
p7zip: 9.38 -> 15.14.1
2016-04-09 14:05:23 +01:00
Marco Maggesi
64a16dee9f
Merge pull request #14556 from vbgl/cryptokit-1.10
...
ocamlPackages.cryptokit: 1.9 -> 1.10
2016-04-09 15:05:01 +02:00
Niclas Thall
8b18b35266
ums 5.4.0 -> 6.2.2
2016-04-09 14:29:23 +02:00
Nicolas B. Pierron
ab707cf8df
Merge pull request #14549 from brandonedens/xserver-dpi
...
Add DPI option to xserver invocation.
2016-04-09 14:22:34 +02:00
Vincent Laporte
30e17a9b71
ocamlPackages.cryptokit: 1.9 -> 1.10
2016-04-09 14:20:03 +02:00
Nikolay Amiantov
cae349102e
ffmpeg: install man pages
2016-04-09 14:03:27 +03:00
Nikolay Amiantov
d023e15cfc
ffmpeg: enable x265 support
2016-04-09 14:02:43 +03:00
Sheena Artrip
50e8994973
spotify: 1.0.26.125.g64dc8bc6-14 -> 1.0.27.71.g0a26e3b2-9
2016-04-09 06:54:00 -04:00
Frederik Rietdijk
dddafe61eb
Merge pull request #14498 from expipiplus1/python-cgkit
...
pythonPackages.cgkit: init at 2.0.0
2016-04-09 11:51:15 +02:00
Jona Stubbe (CrystalGamma)
8430db7e17
lombok: init at 1.16.8
2016-04-09 10:00:08 +02:00
Arseniy Seroka
7da3bba260
Merge pull request #14545 from elitak/wraith
...
wraith: init at 1.4.6
2016-04-09 09:39:13 +03:00
Damien Cassou
569cb205de
Merge pull request #14536 from NicolasPetton/ternjs
...
Add nodePackages.tern
2016-04-09 07:48:24 +02:00
Patrick Mahoney
f14bf70db4
awscli: 1.10.1 -> 1.10.18
...
And awscli dependencies:
botocore: 1.3.23 -> 1.4.9
s3transfer: init at 0.0.1
2016-04-08 22:29:31 -05:00
Brandon Edens
98d9bbaec2
Add DPI option to xserver invocation.
2016-04-08 18:53:42 -07:00
Profpatsch
a011083cda
fish: pick up completion files from other packages
...
Some packages bring their own completions in
/share/fish/vendor_completions.d. Now they are picked up by fish from
every path in NIX_PROFILES.
2016-04-09 00:08:48 +02:00
Alexander Ried
c6a4bc4ae5
weston: 1.9.0 -> 1.10.0
2016-04-08 23:22:58 +02:00
Alexander Ried
7f2d418954
wayland: 1.9.0 -> 1.10.0
2016-04-08 23:22:58 +02:00
Alexander Ried
af82b8f7a7
wayland-protocols: init at 1.3
...
From https://lists.freedesktop.org/archives/wayland-devel/2015-November/025486.html
The purpose of this repository is to decouple Wayland
protocol development from the implementation in weston. wayland-protocols will
have its own releases not coupled with with wayland/weston releases and
will not carry any implementations.
2016-04-08 23:22:51 +02:00
Eric Litak
8fe327a432
wraith: init at 1.4.6
2016-04-08 14:12:13 -07:00
Alexander Ried
9722fa06e9
libinput: propagate udev dependency
2016-04-08 23:11:12 +02:00
Alexander Ried
b080956078
libinput: 1.2.1 -> 1.2.2
2016-04-08 23:11:12 +02:00
Alexander Ried
ed791dbb94
minidlna: install manpages
2016-04-08 23:04:12 +02:00
Alexander Ried
72cd570421
minidlna: use journalctl for logging, systemd for runtimedir
2016-04-08 23:04:12 +02:00