Commit Graph

11704 Commits

Author SHA1 Message Date
Timo Kaufmann
925640d499
Merge pull request #105631 from TredwellGit/xorg.xorgserver
xorg.xorgserver: 1.20.9 -> 1.20.10 (CVE-2020-14360 CVE-2020-25712)
2020-12-04 22:28:03 +01:00
R. RyanTM
0e0b2c8030 postsrsd: 1.7 -> 1.8 2020-12-04 20:29:25 +00:00
Sandro
af1be63859
Merge pull request #105897 from r-ryantm/auto-update/navidrome
navidrome: 0.38.0 -> 0.39.0
2020-12-04 20:54:02 +01:00
github-actions[bot]
cb36dd7449
Merge master into staging-next 2020-12-04 18:14:51 +00:00
R. RyanTM
577e615d60 navidrome: 0.38.0 -> 0.39.0 2020-12-04 17:49:17 +00:00
Raghav Sood
e57fa51069
Merge pull request #105892 from priegger/fix/prometheus-nginx-exporter
prometheus-nginx-exporter: 0.6.0 -> 0.8.0
2020-12-04 15:59:09 +00:00
Sandro
cec981420c
Merge pull request #105859 from r-ryantm/auto-update/dolt
dolt: 0.22.1 -> 0.22.5
2020-12-04 16:58:53 +01:00
R. RyanTM
9d5b19145b jackett: 0.16.2269 -> 0.16.2291 2020-12-04 14:39:17 +00:00
R. RyanTM
6f5dfaacd2 dolt: 0.22.1 -> 0.22.5 2020-12-04 09:42:55 +00:00
github-actions[bot]
82b9b02331
Merge master into staging-next 2020-12-04 06:16:26 +00:00
Raghav Sood
3a3e8e6a8b
Merge pull request #105242 from RaghavSood/microhttpd/version
libmicrohttpd dependents: fix build
2020-12-04 05:37:48 +00:00
Hunter Jones
657fef798b gpsd: 3.16 -> 3.21 2020-12-03 16:10:40 -06:00
github-actions[bot]
1aeec1f039
Merge master into staging-next 2020-12-03 18:14:40 +00:00
Sandro
c273a4be19
Merge pull request #105792 from marsam/update-postgresql-auto-failover
postgresqlPackages.pg_auto_failover: 1.4.0 -> 1.4.1
2020-12-03 18:50:34 +01:00
Gabriel Ebner
ad6e8d14ad hsphfpd: 2020-10-25 -> 2020-11-27 2020-12-03 17:19:15 +01:00
Markus S. Wamser
ded8dc1c46 gatling: 0.15 -> 0.16, libowfat: drop patch for header location 2020-12-03 15:02:50 +01:00
github-actions[bot]
5b73e3087a
Merge master into staging-next 2020-12-03 12:18:45 +00:00
Sandro
0b3c471560
Merge pull request #105766 from r-ryantm/auto-update/pounce
pounce: 2.0 -> 2.1p1
2020-12-03 09:39:37 +01:00
R. RyanTM
069e414aad pounce: 2.0 -> 2.1p1 2020-12-03 06:05:11 +00:00
R. RyanTM
4aabd257ea postsrsd: 1.6 -> 1.7 2020-12-03 05:27:35 +00:00
Mario Rodas
79b25549cf postgresqlPackages.pg_auto_failover: 1.4.0 -> 1.4.1
https://github.com/citusdata/pg_auto_failover/releases/tag/v1.4.1
2020-12-03 04:20:00 +00:00
github-actions[bot]
58274c4f8d
Merge master into staging-next 2020-12-03 00:36:28 +00:00
Sandro
1c95b26cf9
Merge pull request #105701 from r-ryantm/auto-update/lighttpd
lighttpd: 1.4.55 -> 1.4.56
2020-12-02 21:57:54 +01:00
Martin Weinelt
bdbcbddde6
Merge pull request #105711 from cransom/cassandra-maintainer
cassandra: remove maintainer cransom
2020-12-02 19:42:37 +01:00
Casey Ransom
f6e974e701 cassandra: remove maintainer cransom
I've been disconnected from Cassandra for years now, I wouldn't be an
appropriate maintainer.
2020-12-02 11:01:14 -05:00
R. RyanTM
e1c319def2 lighttpd: 1.4.55 -> 1.4.56 2020-12-02 15:06:14 +00:00
github-actions[bot]
89e8bf0f2a
Merge master into staging-next 2020-12-02 12:30:55 +00:00
Samir Hafez
68b7bb0a85
plexRaw: 1.20.5.3600-47c0d9038 -> 1.21.0.3711-b509cc236 2020-12-02 12:12:11 +00:00
Mario Rodas
eaa41389fe
Merge pull request #105659 from r-ryantm/auto-update/gitlab-pages
gitlab-pages: 1.28.0 -> 1.30.0
2020-12-02 05:15:22 -05:00
Florian Klink
e76e8cf22e openresty: 1.17.8 -> 1.19.3
Also, add a quick comment about what fixPatch does.
2020-12-02 09:08:02 +01:00
R. RyanTM
466daa42ad gitlab-pages: 1.28.0 -> 1.30.0 2020-12-02 06:44:21 +00:00
TredwellGit
0309973b82 xorg.xorgserver: 1.20.9 -> 1.20.10
https://lists.x.org/archives/xorg-announce/2020-December/003067.html
https://lists.x.org/archives/xorg-announce/2020-December/003066.html
2020-12-01 23:47:01 +00:00
adisbladis
7b3f9e9b75
pinnwand: Use poetry from pythonPackages
Ideally this software should be repackaged using Poetry2nix rather
that using pythonPackages.

As it is now things are packaged incorrectly.

cc @mweinelt
2020-12-01 14:28:39 +01:00
Frederik Rietdijk
ff90abd5dd Merge staging-next into staging 2020-12-01 14:23:10 +01:00
Sandro
e468b15989
Merge pull request #105531 from r-ryantm/auto-update/nats-streaming-server
nats-streaming-server: 0.17.0 -> 0.19.0
2020-12-01 13:54:06 +01:00
Sandro
dc4e4ef7c1
Merge pull request #105569 from r-ryantm/auto-update/tarssh
tarssh: 0.4.0 -> 0.5.0
2020-12-01 13:51:43 +01:00
Sandro
f857376455
Merge pull request #105572 from r-ryantm/auto-update/thanos
thanos: 0.17.0 -> 0.17.1
2020-12-01 13:51:31 +01:00
R. RyanTM
d6750d0d3d thanos: 0.17.0 -> 0.17.1 2020-12-01 10:52:51 +00:00
R. RyanTM
1c7236ce79 tarssh: 0.4.0 -> 0.5.0 2020-12-01 10:07:55 +00:00
Sandro
2161ba80af
Merge pull request #105551 from r-ryantm/auto-update/rtsp-simple-server
rtsp-simple-server: 0.12.1 -> 0.12.2
2020-12-01 11:07:24 +01:00
Sandro
6a16833921
Merge pull request #105553 from r-ryantm/auto-update/sabnzbd
sabnzbd: 3.0.1 -> 3.1.1
2020-12-01 10:45:38 +01:00
Sandro
4c5ef510bc
Merge pull request #105535 from IvarWithoutBones/peach-init-0.9.8
peach: init at 0.9.8
2020-12-01 10:43:21 +01:00
Simon Waibl
eb079d22f8
Merge pull request #105166 from SamirHafez/plex-updateScript
plex: Add an updateScript
2020-12-01 09:34:52 +01:00
R. RyanTM
45ab2f37ec sabnzbd: 3.0.1 -> 3.1.1 2020-12-01 07:56:53 +00:00
R. RyanTM
6f3d901e53 rtsp-simple-server: 0.12.1 -> 0.12.2 2020-12-01 07:39:48 +00:00
IvarWithoutBones
f2341a3054 peach: init at 0.9.8 2020-12-01 04:47:19 +01:00
R. RyanTM
134aadac43 nats-streaming-server: 0.17.0 -> 0.19.0 2020-12-01 03:09:14 +00:00
Jan Tojnar
27b974d84b
Merge branch 'staging-next' into staging 2020-12-01 03:26:36 +01:00
Sandro
6fd25c4460
Merge pull request #105512 from r-ryantm/auto-update/jackett
jackett: 0.16.2236 -> 0.16.2269
2020-12-01 01:27:56 +01:00
R. RyanTM
17a6cabb64 jackett: 0.16.2236 -> 0.16.2269 2020-11-30 23:06:11 +00:00
Philipp Riegger
77f87c1ca2 prometheus-nginx-exporter: 0.6.0 -> 0.8.0 2020-11-30 23:12:47 +01:00
Maximilian Bosch
c55af95e8f
gotify-server: fix UI delivery
After bisecting `nixpkgs-master` I realized that the usage of
`-trimpath`[0] by default for Go modules[1] is responsible for breaking UI
delivery of `gotify-server`[2].

This behavior can only be turned off by setting `allowGoReference` to
`true`.

We may want to find a better long-term fix, but given that this only
affects a leaf-package and actually fixes the problem, this is good
enough for now.

Fixes #105472

[0] https://golang.org/doc/go1.13#go-command
[1] 4e9f7bbf85
[2] https://hydra.nixos.org/build/131660876
2020-11-30 23:00:18 +01:00
Milan Pässler
e2aeff77f5 unifiBeta: 6.0.28 -> 6.0.36 2020-11-30 22:28:14 +01:00
Sandro
9a01a5747e
Merge pull request #105468 from r-ryantm/auto-update/consul
consul: 1.8.6 -> 1.9.0
2020-11-30 20:22:21 +01:00
Frederik Rietdijk
9a63b3d3d6
Merge pull request #104781 from NixOS/staging-next
Staging next
2020-11-30 18:27:29 +01:00
R. RyanTM
fc12e58629 consul: 1.8.6 -> 1.9.0 2020-11-30 17:01:50 +00:00
Samir Hafez
8a20b502c8
plex: Add an updateScript 2020-11-30 14:41:03 +00:00
0x4A6F
7a6405448d
routinator: 0.8.0 -> 0.8.1 2020-11-30 10:18:04 +00:00
Maximilian Bosch
ee3c23e0a3
documize-community: 3.8.1 -> 3.8.2
https://github.com/documize/community/releases/tag/v3.8.2
2020-11-30 10:36:24 +01:00
Maximilian Bosch
878e80c596
mautrix-telegram: fix application
* In 0.9 the entrypoint got removed as it's recommended to use
  `python -m`[1]. However, our build layer for python relies on
  that, so I added a patch to re-add this.

* The tests in the upstream sources appear abandoned, so those are
  skipped. Therefore it's also pointless to add `pytest-runner` to the
  `nativeBuildInputs` as it's not used and only blows up the build
  closure.

  A second patch modifies the requirements, so ow `pytest-runner` isn't
  needed anymore.

[1] a565853c5e
2020-11-29 21:28:07 +01:00
Mario Rodas
3652f50b1f
Merge pull request #105340 from r-ryantm/auto-update/pgbouncer
pgbouncer: 1.14.0 -> 1.15.0
2020-11-29 12:12:27 -05:00
Luke Granger-Brown
b4ca0dd5f5 pulseaudio: 13.0 -> 14.0 2020-11-29 13:27:45 +00:00
Frederik Rietdijk
05d1c49209 Merge staging-next into staging 2020-11-29 13:51:33 +01:00
Frederik Rietdijk
0d8491cb2b Merge master into staging-next 2020-11-29 13:51:10 +01:00
Jörg Thalheim
baf2814f48
redis: disable systemd in musl build 2020-11-29 11:15:28 +01:00
Raghav Sood
78378e1f31
fileshare: fix build 2020-11-29 09:33:58 +00:00
Vladimír Čunát
48b3694562
Merge #104825: xorg.libX11: 1.6.12 -> 1.7.0 (security) 2020-11-29 09:55:14 +01:00
R. RyanTM
ce6c6fa81f pgbouncer: 1.14.0 -> 1.15.0 2020-11-29 08:38:11 +00:00
Sandro Jäckel
cb22277648 mautrix-telegram: 0.8.2 -> 0.9.0 2020-11-29 00:31:10 -08:00
R. RyanTM
694a371f12 pdns-recursor: 4.4.0 -> 4.4.1 2020-11-29 05:40:58 +00:00
John Ericson
73425f6c3b Merge remote-tracking branch 'upstream/master' into staging 2020-11-28 21:33:03 -05:00
Sandro
0afb53d338
Merge pull request #90414 from r-ryantm/auto-update/nats-streaming-server
nats-streaming-server: 0.16.2 -> 0.17.0
2020-11-29 02:51:50 +01:00
Sandro
a1f96bced2
Merge pull request #105306 from marsam/update-plpgsql_check
postgresqlPackages.plpgsql_check: 1.13.1 -> 1.15.1
2020-11-29 02:47:10 +01:00
Benjamin Hipple
9f84dea4a6
Merge pull request #105286 from lukegb/clickhouse
clickhouse: use system LLVM
2020-11-28 20:39:54 -05:00
Benjamin Hipple
9426084fec
Merge pull request #102114 from MetaDark/fetchzip
fetchzip: remove write permissions for unpacked files
2020-11-28 19:18:14 -05:00
markuskowa
b83e5dbc3c
Merge pull request #104363 from Izorkin/nginx-unit
unit: 1.20.0 -> 1.21.0
2020-11-29 00:32:35 +01:00
Sandro
11b75530a1
Merge pull request #90312 from r-ryantm/auto-update/bosun
bosun: 0.5.0 -> 0.8.0-preview
2020-11-28 23:52:40 +01:00
Guillaume Girol
ebe455a410
Merge pull request #103287 from happysalada/postgresql_add_debug
postgresql: add debug versions
2020-11-28 20:40:32 +00:00
Luke Granger-Brown
6e39a67aec clickhouse: use system LLVM
Building LLVM pieces is a huge contributor to build times, and probably
bloats binary size as well. Fortunately, there's a knob for this
specific thing (-DUNBUNDLED=ON seems broken and requires some libraries
which aren't packaged for Nix at the moment).

Hopefully this will make clickhouse able to build on OfBorg.
2020-11-28 20:40:22 +00:00
Sandro
0ea2b220a7
Merge pull request #105276 from r-ryantm/auto-update/memcached
memcached: 1.6.8 -> 1.6.9
2020-11-28 21:17:42 +01:00
R. RyanTM
6e8c5582c9 memcached: 1.6.8 -> 1.6.9 2020-11-28 19:14:10 +00:00
StigP
4a50ba8fca
Merge pull request #105237 from r-ryantm/auto-update/metabase
metabase: 0.37.1 -> 0.37.2
2020-11-28 18:30:27 +01:00
Sandro
d962647d0a
Merge pull request #105209 from r-ryantm/auto-update/ircd-hybrid
ircdHybrid: 8.2.24 -> 8.2.35
2020-11-28 17:09:46 +01:00
Doron Behar
ba59cb6a6a
Merge pull request #104496 from freezeboy/update-tautulli
tautulli: 2.2.4 -> 2.6.1
2020-11-28 17:59:33 +02:00
Andreas Rammhold
9ea8fd6df1
Merge pull request #104841 from redvers/update_cassandra_3.0.17_to_3.0.23_cve-2020-13946
cassandra_3_0: 3.0.17 -> 3.0.23
2020-11-28 16:43:03 +01:00
Mario Rodas
49bfd31410
Merge pull request #105211 from r-ryantm/auto-update/jetty
jetty: 9.4.34.v20201102 -> 9.4.35.v20201120
2020-11-28 10:21:15 -05:00
R. RyanTM
2e72a7b6c6 metabase: 0.37.1 -> 0.37.2 2020-11-28 15:20:05 +00:00
Frederik Rietdijk
9e062723b2 Merge master into staging-next 2020-11-28 08:53:47 +01:00
R. RyanTM
5df56b087d jetty: 9.4.34.v20201102 -> 9.4.35.v20201120 2020-11-28 05:54:25 +00:00
R. RyanTM
57bd035ca6 ircdHybrid: 8.2.24 -> 8.2.35 2020-11-28 05:03:25 +00:00
Sandro
fcf65032d2
Merge pull request #97271 from Twey/rainloop-multiple-instances
rainloop: allow multiple instances to use the same package
2020-11-28 00:15:54 +01:00
Sandro
c2b4e80d51
Merge pull request #100908 from r-ryantm/auto-update/cppzmq 2020-11-27 23:22:03 +01:00
Sandro Jäckel
d607ea4740
ursadb: mark broken on darwin 2020-11-27 23:19:16 +01:00
R. RyanTM
f4c44e6314 etcd_3_4: 3.4.13 -> 3.4.14 2020-11-28 07:45:56 +10:00
ajs124
e0ba6d34c2
Merge pull request #104819 from helsinki-systems/upd/nginx
nginx: 1.19.4 -> 1.19.5
2020-11-27 18:56:01 +01:00
Frederik Rietdijk
ce9c513856 Merge staging-next into staging 2020-11-27 15:09:41 +01:00
Frederik Rietdijk
b2a3891e12 Merge master into staging-next 2020-11-27 15:09:19 +01:00
Mario Rodas
e422ca4566
Merge pull request #105114 from marsam/update-postgresql-hll
postgresqlPackages.pg_hll: 2.14 -> 2.15
2020-11-27 08:47:03 -05:00
StigP
4e5342cce4
Merge pull request #104955 from r-ryantm/auto-update/dolt
dolt: 0.22.0 -> 0.22.1
2020-11-27 08:47:33 +01:00
Mario Rodas
736db6273b postgresqlPackages.pg_topn: 2.3.0 -> 2.3.1 2020-11-27 04:20:00 +00:00
R. RyanTM
215337d484
traefik: 2.3.3 -> 2.3.4 (#105097) 2020-11-26 18:26:06 -08:00
Sandro
6ecdb286b0
Merge pull request #101464 from Synthetica9/redirected-urls
treewide: ran ./maintainers/scripts/update_redirected_urls.sh
2020-11-27 01:27:24 +01:00
Patrick Hilhorst
a6b3bb24e4
treewide: ran ./maintainers/scripts/update_redirected_urls.sh 2020-11-27 01:23:57 +01:00
Martin Weinelt
1927e40d50 homeassistant: 0.118.3 -> 0.118.4 2020-11-26 14:22:13 -08:00
Sandro
befd364093
Merge pull request #105068 from r-ryantm/auto-update/sickgear
sickgear: 0.23.0 -> 0.23.2
2020-11-26 23:03:41 +01:00
Ryan Mulligan
16aa38f9f2
Merge pull request #105022 from r-ryantm/auto-update/microserver
microserver: 0.1.8 -> 0.2.0
2020-11-26 12:50:26 -08:00
MetaDark
4a5c49363a fetchzip: remove write permissions for unpacked files
Fixes https://github.com/NixOS/nixpkgs/issues/38649
2020-11-26 15:30:12 -05:00
R. RyanTM
387e080c59 sickgear: 0.23.0 -> 0.23.2 2020-11-26 20:02:44 +00:00
freezeboy
fdad84f092 tautulli: 2.2.4 -> 2.6.1 2020-11-26 20:04:07 +01:00
Sandro
f21a35dfcd
Merge pull request #102143 from lovesegfault/klipper-0.9.1
klipper: 0.8.0 -> 0.9.1
2020-11-26 19:45:11 +01:00
Sandro
fbc9fbdc44
Merge pull request #101420 from SuperSandro2000/minio
minio: 2020-08-08T04-50-06Z -> 2020-10-18T21-54-12Z
2020-11-26 19:37:14 +01:00
Sandro Jäckel
ffb8c1c4ec
microserver: Fix compilation on Darwin 2020-11-26 19:23:03 +01:00
Martin Weinelt
aed0567737
Merge pull request #104417 from mweinelt/home-assistant
homeassistant: 0.118.1 -> 0.118.3
2020-11-26 19:22:16 +01:00
Sandro
1880892b7b
Merge pull request #104996 from r-ryantm/auto-update/jackett
jackett: 0.16.2152 -> 0.16.2236
2020-11-26 19:09:22 +01:00
Pavol Rusnak
e6e85c4a95
Merge pull request #105000 from SamirHafez/plex-enable-aarch64
plex: Add aarch64 platform
2020-11-26 17:29:34 +01:00
Martin Weinelt
abd9ef1607
Merge pull request #105006 from ymarkus/fix-postfixMySQL
postfix: fix "cant find <mysql.h>" when building with "withMySQL = true"
2020-11-26 14:32:25 +01:00
Sandro
febb627290
Merge pull request #105015 from r-ryantm/auto-update/mackerel-agent
mackerel-agent: 0.70.2 -> 0.70.3
2020-11-26 13:30:20 +01:00
R. RyanTM
7a95b9b6ae microserver: 0.1.8 -> 0.2.0 2020-11-26 11:20:03 +00:00
R. RyanTM
158e31a07e mackerel-agent: 0.70.2 -> 0.70.3 2020-11-26 10:47:09 +00:00
Yannick Markus
0e87647421
postfix: fix "cant find <mysql.h>" 2020-11-26 10:56:11 +01:00
Samir Hafez
d92396d06a
plex: Add aarch64 platform 2020-11-26 08:45:16 +00:00
R. RyanTM
109bcd82b0 jackett: 0.16.2152 -> 0.16.2236 2020-11-26 08:10:11 +00:00
Sandro
ab867cfbae
Merge pull request #104981 from r-ryantm/auto-update/gortr
gortr: 0.14.6 -> 0.14.7
2020-11-26 09:09:15 +01:00
R. RyanTM
beb87dff73 gortr: 0.14.6 -> 0.14.7 2020-11-26 06:16:59 +00:00
Mario Rodas
587ef34841 postgresqlPackages.pg_hll: 2.14 -> 2.15 2020-11-26 04:20:00 +00:00
R. RyanTM
0d589439a6 dolt: 0.22.0 -> 0.22.1 2020-11-26 02:08:48 +00:00
Sandro
500cbe0256
Merge pull request #104857 from redvers/update_corosync_2.4.3_to_2.4.5_cve-2008-1084 2020-11-26 02:57:37 +01:00
Sandro
0677e4efbf
Merge pull request #102271 from symphorien/check-systemd
check_systemd: init at 2.2.1
2020-11-26 02:56:13 +01:00
Mario Rodas
96aff01d12
Merge pull request #104943 from r-ryantm/auto-update/bazarr
bazarr: 0.9.0.6 -> 0.9.0.7
2020-11-25 19:40:06 -05:00
Mario Rodas
fa8cba5c62
Merge pull request #104598 from r-ryantm/auto-update/thanos
thanos: 0.16.0 -> 0.17.0
2020-11-25 19:22:01 -05:00
R. RyanTM
b74f7ce8f3 bazarr: 0.9.0.6 -> 0.9.0.7 2020-11-25 22:20:13 +00:00
Red Davies
2ddb0c7400 corosync: 2.4.3 -> 2.4.5
Reason0: Changed name metadata to pname and version metadata.
Reason1: Fixes CVE-2018-1084

Corosync is prone to an integer-overflow vulnerability.

Attackers can exploit this issue to execute arbitrary code
in the context of the affected application. Failed exploit
attempts will likely cause a denial-of-service condition.

Fixed in 2.4.4

See issue: #90784
2020-11-25 17:01:30 -05:00
Symphorien Gibol
590aa37109 check_systemd: init at 2.2.1
and remove pynagsystemd, which it replaces.
2020-11-25 22:48:39 +01:00
Sandro
83b309f657
Merge pull request #104895 from StillerHarpo/master
monetdb: 11.39.5 -> 11.39.7
2020-11-25 21:30:19 +01:00
WilliButz
4e4d498ffc
grafana: 7.3.3 -> 7.3.4
https://github.com/grafana/grafana/releases/tag/v7.3.4
2020-11-25 19:38:15 +01:00
R. RyanTM
c024d24d4f consul: 1.8.5 -> 1.8.6 2020-11-25 09:10:18 -08:00
Florian Engel
588cf72443 monetdb: 11.39.5 -> 11.39.7 2020-11-25 13:49:23 +01:00
Mario Rodas
d28f3cacde postgresqlPackages.plpgsql_check: 1.13.1 -> 1.15.1 2020-11-25 04:20:00 +00:00
Red Davies
1431c3cc60 cassandra_3_0: 3.0.17 -> 3.0.23
Reason: Fixes CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability

Description:
It is possible for a local attacker without access to the Apache Cassandra
process or configuration files to manipulate the RMI registry to perform a
man-in-the-middle attack and capture user names and passwords used to access
the JMX interface. The attacker can then use these credentials to access
the JMX interface and perform unauthorised operations.

Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables
this issue to be exploited remotely.

3.0.x users should upgrade to 3.0.22
2020-11-24 21:21:56 -05:00
Red Davies
ee1b13dd13 cassandra_2_2: 2.2.14 -> 2.2.19
Reason: Fixes CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability

Description:
It is possible for a local attacker without access to the Apache Cassandra
process or configuration files to manipulate the RMI registry to perform a
man-in-the-middle attack and capture user names and passwords used to access
the JMX interface. The attacker can then use these credentials to access
the JMX interface and perform unauthorised operations.

Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables
this issue to be exploited remotely.

2.2.x users should upgrade to 2.2.18
2020-11-24 20:58:37 -05:00
Red Davies
b0f1fea52f cassandra_2_1: 2.1.20 -> 2.1.22
Reason: Fixes CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability

Description:
It is possible for a local attacker without access to the Apache Cassandra
process or configuration files to manipulate the RMI registry to perform a
man-in-the-middle attack and capture user names and passwords used to access
the JMX interface. The attacker can then use these credentials to access
the JMX interface and perform unauthorised operations.

Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables
this issue to be exploited remotely.

2.1.x users should upgrade to 2.1.22
2020-11-24 20:42:29 -05:00
Red Davies
90d2986368 cassandra: 3.11.4 -> 3.11.9
Reason: Fixes CVE-2020-13946 Apache Cassandra RMI Rebind Vulnerability

Description:
It is possible for a local attacker without access to the Apache Cassandra
process or configuration files to manipulate the RMI registry to perform a
man-in-the-middle attack and capture user names and passwords used to access
the JMX interface. The attacker can then use these credentials to access
the JMX interface and perform unauthorised operations.

Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables
this issue to be exploited remotely.

3.11.x users should upgrade to 3.11.8
2020-11-24 20:24:32 -05:00
TredwellGit
95e815b5ff xorg.libX11: 1.6.12 -> 1.7.0
https://lists.x.org/archives/xorg-announce/2020-November/003065.html
2020-11-24 23:54:22 +00:00
TredwellGit
233849a14d xorg.xprop: 1.2.4 -> 1.2.5
https://lists.x.org/archives/xorg-announce/2020-November/003064.html
2020-11-24 23:42:45 +00:00
Sandro
232f4e0cb4
Merge pull request #102930 from freezeboy/update-ome
oven-media-engine: 0.10.4 -> 0.10.8
2020-11-25 00:24:31 +01:00
ajs124
db17db5318 nginx: 1.19.4 -> 1.19.5 2020-11-25 00:21:44 +01:00
Sandro
38fce64788
Merge pull request #82296 from nyanloutre/slimserver_7_9_2
slimserver: 7.9.1 -> 7.9.2
2020-11-25 00:07:52 +01:00
Graham Christensen
d9c3f13df3
Merge pull request #104776 from grahamc/utillinux
utillinux: rename to util-linux
2020-11-24 15:14:36 -05:00
Graham Christensen
bc49a0815a
utillinux: rename to util-linux 2020-11-24 12:42:06 -05:00
Ryan Mulligan
6cd01ef18b
Merge pull request #91360 from numkem/adguardhome_0.102.0
adguardhome: 0.101.0 -> 0.102.0
2020-11-24 07:31:04 -08:00