| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | pipenv: 2021.11.23 -> 2022.1.8•••(cherry picked from commit 06b0520f3ce87dcda9abaabea07ee0b7006d9c7f)
origin/backport-154079-to-release-21.11 | R. Ryantm | 2022-01-31 | 1 | -2/+2 |
| * | Merge pull request #157539 from mweinelt/21.11/fix-smartctl-exporter-capab-typo•••[21.11] prometheus.exporters.smartctl: multiple fixes | ajs124 | 2022-01-31 | 1 | -2/+13 |
| |\ |
|
| | * | nixos/smartctl-exporter: fix typo in rawio capab•••(cherry picked from commit 9d8a23f66e4742969483efdea17b5fb9c0182269)
| Martin Weinelt | 2022-01-31 | 1 | -2/+2 |
| | * | prometheus.exporters.smartctl: Fix autodiscovery•••When no devices are given the exporter tries to autodiscover available
disks. The previous DevicePolicy was however preventing the exporter
from accessing any device at all, since only explicitly mentioned ones
were allowed.
This commit adds an allow rule for several device classes that I could
find on my machines, that gets set when no devices are explicitly
configured.
There is an existing problem with nvme devices, that expose a character
device at `/dev/nvme0`, and a (namespaced) block device at
`/dev/nvme0n1`. The character device does not come with permissions that
we could give to the exporter without further impacting the hardening.
crw------- 1 root root 247, 0 27. Jan 03:10 /dev/nvme0
brw-rw---- 1 root disk 259, 0 27. Jan 03:10 /dev/nvme0n1
The autodiscovery only finds the character device, which the exporter
unfortunately does not have access to.
However a simple udev rule can be used to resolve this:
services.udev.extraRules = ''
SUBSYSTEM=="nvme", KERNEL=="nvme[0-9]*", GROUP="disk"
'';
Unfortunately I'm not fully aware of the security implications this
change carries and we should question upstream (systemd) why they did
not include such a rule.
The disk group has no members on any of my machines.
❯ getent group disk
disk:x:6:
(cherry picked from commit 12c26aca1fd55ab99f831bedc865a626eee39f80)
| Martin Weinelt | 2022-01-31 | 1 | -2/+11 |
| | * | prometheus.exporters.smartctl: Allow RAWIO•••This allows the exporter to perform SCSI commands and interact with hpsa
and cciss devices.
(cherry picked from commit f860b289d4d7a45c38b7dbe8f74bf0d09d86f313)
| Martin Weinelt | 2022-01-31 | 1 | -0/+2 |
| |/ |
|
| * | Merge pull request #157453 from NixOS/backport-157286-to-release-21.11•••[Backport release-21.11] Kernels 2022-01-29 | Maximilian Bosch | 2022-01-31 | 8 | -16/+16 |
| |\ |
|
| | * | linux: 5.4.174 -> 5.4.175•••(cherry picked from commit 2c30d76cd20a3aad905db5324357933e2da2d59a)
| TredwellGit | 2022-01-30 | 1 | -2/+2 |
| | * | linux: 5.16.3 -> 5.16.4•••(cherry picked from commit 46708c6a5b554946b2a55bdfb46976b00a0fdda7)
| TredwellGit | 2022-01-30 | 1 | -2/+2 |
| | * | linux: 5.15.17 -> 5.15.18•••(cherry picked from commit 2461a530ff0e6d4430f06f37d9b1f9fabe446dc8)
| TredwellGit | 2022-01-30 | 1 | -2/+2 |
| | * | linux: 5.10.94 -> 5.10.95•••(cherry picked from commit e21b404b64cc5346cd132575951765fb400c5902)
| TredwellGit | 2022-01-30 | 1 | -2/+2 |
| | * | linux: 4.9.298 -> 4.9.299•••(cherry picked from commit dd0e39a900489925f9c272bdc6d74b323816dd95)
| TredwellGit | 2022-01-30 | 1 | -2/+2 |
| | * | linux: 4.4.300 -> 4.4.301•••(cherry picked from commit be3505956a39c3d7396dabcc71a59870866a6768)
| TredwellGit | 2022-01-30 | 1 | -2/+2 |
| | * | linux: 4.19.226 -> 4.19.227•••(cherry picked from commit 291e5ba35e1b1b8af08d6f415289171c8052a37b)
| TredwellGit | 2022-01-30 | 1 | -2/+2 |
| | * | linux: 4.14.263 -> 4.14.264•••(cherry picked from commit 4d7d225171d0ff92c2b699de6dc3c025dbe3a02f)
| TredwellGit | 2022-01-30 | 1 | -2/+2 |
| * | | Merge pull request #157385 from NixOS/backport-157375-to-release-21.11•••[Backport release-21.11] wiki-js: 2.5.272 -> 2.5.274 | Maximilian Bosch | 2022-01-31 | 1 | -2/+2 |
| |\ \ |
|
| | * | | wiki-js: 2.5.272 -> 2.5.274•••ChangeLog: https://github.com/Requarks/wiki/releases/tag/2.5.274
(cherry picked from commit 9690362f6270a66035e050fe1bda63ce0e751bdd)
| Maximilian Bosch | 2022-01-30 | 1 | -2/+2 |
| * | | | Merge pull request #157389 from NixOS/backport-157270-to-release-21.11•••[Backport release-21.11] nextcloud: 21.0.7 -> 21.0.8, 22.2.3 -> 22.2.4, 23.0.0 -> 23.0.1 | Maximilian Bosch | 2022-01-31 | 1 | -6/+6 |
| |\ \ \ |
|
| | * | | | nextcloud23: 23.0.0 -> 23.0.1•••(cherry picked from commit 7d87529de990edce3a24f2ac5a86a85b6c3e0bb5)
| Lara | 2022-01-30 | 1 | -2/+2 |
| | * | | | nextcloud22: 22.2.3 -> 22.2.4•••(cherry picked from commit f6038cf1eed439b6e18da73746eb25367287ccc3)
| Lara | 2022-01-30 | 1 | -2/+2 |
| | * | | | nextcloud21: 21.0.7 -> 21.0.8•••(cherry picked from commit e5da53ba72361150931f369c5db0bffaf1068071)
| Lara | 2022-01-30 | 1 | -2/+2 |
| | |/ / |
|
| * | | | Merge pull request #157323 from NixOS/backport-157250-to-release-21.11•••[Backport release-21.11] perlPackages.ImageExifTool: 12.29 -> 12.39 | Stig | 2022-01-31 | 3 | -24/+10 |
| |\ \ \ |
|
| | * | | | python3Packages.mat2: 0.12.2 -> 0.12.3•••(cherry picked from commit a989a4b55cf350f189f690500d5d6918f0285747)
| Robert Schütz | 2022-01-30 | 2 | -22/+8 |
| | * | | | perlPackages.ImageExifTool: 12.29 -> 12.39•••Fixes CVE-2022-23935.
https://exiftool.org/history.html
(cherry picked from commit 3be5d9cfcedb09639c779cd9e17738a1d0edae5d)
| Thomas Gerbet | 2022-01-29 | 1 | -2/+2 |
| * | | | | Merge pull request #156380 from Ma27/backport-mautrix-telegram•••[21.11] mautrix-telegram: 0.10.2 -> 0.11.1 | Maximilian Bosch | 2022-01-31 | 3 | -35/+20 |
| |\ \ \ \
| |_|_|/
|/| | | |
|
| | * | | | nixos/mautrix-telegram: run alembic only if available•••(cherry picked from commit 407d75ae113b00d09f8591ad4cfe89f096791243)
| Yureka | 2022-01-23 | 1 | -1/+1 |
| | * | | | mautrix-telegram: 0.10.2 -> 0.11.1•••Backport of the commits
* 4713109cae7b95cdd474194d41b609b6dd4a6185 (mautrix-telegram: 0.10.2 -> 0.11.0)
* 0630d5c38180af29fc40323ed485e0e9d4b2c9a3 (mautrix-telegram: remove alembic passthru)
* 2d42d654aa482de067d30285d8d5bdce5e32ec62 (mautrix-telegram: 0.11.0 -> 0.11.1)
Also added an override for `mautrix` since we cannot backport these
updates as it'd break at least `mautrix-signal`.
While this is technically a breaking change, we don't really have a
choice since Telegram expects all kinds of consuming software to also
display & support "Promotions", otherwise these apps will be
deactivated. To quote the message I got from Telegram in December:
> We ask that you make sure that these sponsored messages are supported and
> properly displayed in your app by January 1, 2022. Unfortunately, Telegram
> cannot financially sustain apps that support Telegram Channels but do not
> display official sponsored messages – such apps will have to be disconnected.
| Yureka | 2022-01-23 | 2 | -34/+19 |
| * | | | | Merge pull request #157321 from NixOS/backport-157176-to-release-21.11•••[Backport release-21.11] perlPackages.CPAN: 2.28 -> 2.29 | Stig | 2022-01-30 | 1 | -4/+4 |
| |\ \ \ \ |
|
| | * | | | | perlPackages.CPAN: 2.28 -> 2.29•••Fixes CVE-2020-16156
https://metacpan.org/release/ANDK/CPAN-2.29/source/Changes
(cherry picked from commit e6d73949cff6d45522a2c539686c06b0056e13f2)
origin/backport-157176-to-release-21.11 | Thomas Gerbet | 2022-01-29 | 1 | -4/+4 |
| | | |/ /
| |/| | |
|
| * | | | | Merge pull request #157296 from NixOS/backport-157174-to-release-21.11•••[Backport release-21.11] perlPackages.CPANChecksums: 2.12 -> 2.14 | Stig | 2022-01-30 | 1 | -3/+3 |
| |\ \ \ \ |
|
| | * | | | | perlPackages.CPANChecksums: 2.12 -> 2.14•••Fixes CVE-2020-16155.
https://metacpan.org/release/ANDK/CPAN-Checksums-2.14/source/Changes
(cherry picked from commit 929a256be467a5fa387f767fa0de6045d713405e)
origin/backport-157174-to-release-21.11 | Thomas Gerbet | 2022-01-29 | 1 | -3/+3 |
| * | | | | | Merge pull request #154620 from NixOS/backport-154320-to-release-21.11•••[Backport release-21.11] nscd service: fix ordering and start automatically | Janne Heß | 2022-01-30 | 1 | -1/+3 |
| |\ \ \ \ \
| |_|_|_|/
|/| | | | |
|
| | * | | | | nscd service: fix ordering and start automatically•••During working on #150837 I discovered that `google-oslogin` test
started failing, and so did some of my development machines. Turns out
it was because nscd doesn't start by default; rather it's wanted by
NSS lookup targets, which are not always fired up.
To quote from section on systemd.special(7) on `nss-user-lookup.target`:
> All services which provide parts of the user/group database should be
> ordered before this target, and pull it in.
Following this advice and comparing our unit to official `sssd.service`
unit (which is a similar service), we now pull NSS lookup targets from
the service, while starting it with `multi-user.target`.
(cherry picked from commit b451eca621d8cd52345e2094e46e970719b6a902)
origin/backport-154320-to-release-21.11 | Nikolay Amiantov | 2022-01-11 | 1 | -1/+3 |
| * | | | | | Merge pull request #157159 from NixOS/backport-149448-to-release-21.11•••[Backport release-21.11] podman: 3.4.2 -> 3.4.3 | adisbladis | 2022-01-30 | 1 | -2/+2 |
| |\ \ \ \ \
| |_|_|/ /
|/| | | | |
|
| | * | | | | podman: 3.4.2 -> 3.4.3•••https://github.com/containers/podman/releases/tag/v3.4.3
(cherry picked from commit 56a556cdb1a8b60cd2cd7c5eb769ca856e0612ed)
origin/backport-149448-to-release-21.11 | zowoq | 2022-01-28 | 1 | -2/+2 |
| * | | | | | Merge #156696: staging-next: 21.11 iteration 6 | Vladimír Čunát | 2022-01-29 | 19 | -33/+218 |
| |\ \ \ \ \
| |_|_|/ /
|/| | | | |
|
| | * | | | | Merge release-21.11 into staging-next-21.11 | github-actions[bot] | 2022-01-29 | 2 | -4/+4 |
| | |\ \ \ \ |
|
| | * \ \ \ \ | Merge branch 'release-21.11' into staging-next-21.11 | Vladimír Čunát | 2022-01-28 | 14 | -27/+49 |
| | |\ \ \ \ \ |
|
| | * \ \ \ \ \ | Merge #156128: webkitgtk: 2.34.3 -> 2.34.4•••...into staging-next-21.11
| Vladimír Čunát | 2022-01-28 | 1 | -2/+2 |
| | |\ \ \ \ \ \ |
|
| | | * | | | | | | webkitgtk: 2.34.3 -> 2.34.4•••https://webkitgtk.org/security/WSA-2022-0001.html
(cherry picked from commit a574ff9929f906208cd42827c7d3a0256bd18705)
| Martin Weinelt | 2022-01-22 | 1 | -2/+2 |
| | * | | | | | | | Merge release-21.11 into staging-next-21.11 | github-actions[bot] | 2022-01-28 | 21 | -469/+484 |
| | |\ \ \ \ \ \ \ |
|
| | * \ \ \ \ \ \ \ | Merge #156939: go: 1.16.9 -> 1.16.13 (into staging-next-21.11) | Vladimír Čunát | 2022-01-27 | 1 | -2/+2 |
| | |\ \ \ \ \ \ \ \ |
|
| | | * | | | | | | | | go_1_16: 1.16.12 -> 1.16.13•••(cherry picked from commit d50b6bff8956e674ff4091f2ff27e965c078b215)
| zowoq | 2022-01-26 | 1 | -2/+2 |
| | | * | | | | | | | | go_1_16: 1.16.11 -> 1.16.12•••(cherry picked from commit 5d33b5183b2efa38002cf3eff5ff8b352cfa5c19)
| zowoq | 2022-01-26 | 1 | -2/+2 |
| | | * | | | | | | | | go_1_16: 1.16.10 -> 1.16.11•••(cherry picked from commit 2100043ba9c5d173c7b2213e3ef7ca6c693f35e9)
| zowoq | 2022-01-26 | 1 | -2/+2 |
| | | * | | | | | | | | go_1_16: 1.16.9 -> 1.16.10•••(cherry picked from commit cc8cade9bab34326e9c191782718ae4bf9b3867d)
| zowoq | 2022-01-26 | 1 | -2/+2 |
| | * | | | | | | | | | Merge release-21.11 into staging-next-21.11 | github-actions[bot] | 2022-01-27 | 6 | -16/+31 |
| | |\| | | | | | | | |
|
| | * | | | | | | | | | libredirect: fix build for aarch64-darwin (PR #156839)•••(cherry picked from commit 4bde5a3a68d8d7095017f57c831b6f9540848e16 / PR #156460)
Co-authored-by: Jonathan Ringer <jonringer117@gmail.com>
Co-authored-by: Vladimír Čunát <v@cunat.cz> | github-actions[bot] | 2022-01-26 | 1 | -1/+7 |
| | * | | | | | | | | | Merge release-21.11 into staging-next-21.11 | github-actions[bot] | 2022-01-26 | 38 | -1347/+1518 |
| | |\ \ \ \ \ \ \ \ \ |
|
| | * \ \ \ \ \ \ \ \ \ | Merge branch 'staging-21.11' into staging-next-21.11 | Vladimír Čunát | 2022-01-25 | 8 | -6/+101 |
| | |\ \ \ \ \ \ \ \ \ \ |
|
| | | * \ \ \ \ \ \ \ \ \ | Merge #156692: glibc: 2.33-71 -> 2.33-78 (into staging-21.11) | Vladimír Čunát | 2022-01-25 | 2 | -1/+1 |
| | | |\ \ \ \ \ \ \ \ \ \ |
|
