Martin Weinelt
24adc01e2e
nixos/home-assistant: allow netlink sockets and /proc/net inspection
...
Since v2021.5.0 home-assistant uses the ifaddr library in the zeroconf
component to enumerate network interfaces via netlink. Since discovery
is all over the place lets allow AF_NETLINK unconditionally.
It also relies on pyroute2 now, which additionally tries to access files
in /proc/net, so we relax ProtectProc a bit by default as well.
This leaves us with these options unsecured:
✗ PrivateNetwork= Service has access to the host's network 0.5
✗ RestrictAddressFamilies=~AF_(INET|INET6) Service may allocate Internet sockets 0.3
✗ DeviceAllow= Service has a device ACL with some special devices 0.1
✗ IPAddressDeny= Service does not define an IP address allow list 0.2
✗ PrivateDevices= Service potentially has access to hardware devices 0.2
✗ PrivateUsers= Service has access to other users 0.2
✗ SystemCallFilter=~@resources System call allow list defined for service, and @resources is included (e.g. ioprio_set is allowed) 0.2
✗ RestrictAddressFamilies=~AF_NETLINK Service may allocate netlink sockets 0.1
✗ RootDirectory=/RootImage= Service runs within the host's root directory 0.1
✗ SupplementaryGroups= Service runs with supplementary groups 0.1
✗ RestrictAddressFamilies=~AF_UNIX Service may allocate local sockets 0.1
✗ ProcSubset= Service has full access to non-process /proc files (/proc subset=) 0.1
→ Overall exposure level for home-assistant.service: 1.6 OK 🙂
2021-05-06 16:55:53 +02:00
Raghav Sood
eb21311135
Merge pull request #121621 from xwvvvvwx/turbo-geth-2021.04.05
...
turbo-geth 2021.02.01 -> 2021.04.05
2021-05-06 22:42:56 +08:00
Raghav Sood
9332725620
Merge pull request #121850 from asymmetric/polkadot/0.9.0
...
polkadot: 0.8.30 -> 0.9.0
2021-05-06 22:36:58 +08:00
Robert Hensing
66fd2ea7ee
openapi-generator-cli: Invoke install hooks
2021-05-06 16:25:26 +02:00
Robert Hensing
cd855e6746
openapi-generator-cli: Use jre_headless
2021-05-06 16:25:26 +02:00
Robert Hensing
99d5c97a8c
openapi-generator-cli: Add passthru.tests.example
2021-05-06 16:25:24 +02:00
Domen Kožar
a4c8569ed5
Merge pull request #121900 from hercules-ci/update-openapi-generator-cli
...
openapi-generator-cli: 5.0.0 -> 5.1.0
2021-05-06 16:10:37 +02:00
Michael Weiss
93f6089d14
Merge pull request #121914 from primeos/chromiumBeta
...
chromiumBeta: 91.0.4472.27 -> 91.0.4472.38
2021-05-06 16:03:59 +02:00
Jörg Thalheim
4e783a4cb7
Merge pull request #121724 from Izorkin/update-netdata
...
netdata: 1.29.3 -> 1.30.1
2021-05-06 14:58:33 +01:00
Michael Weiss
6f6ec9e6f0
chromiumBeta: 91.0.4472.27 -> 91.0.4472.38
2021-05-06 14:26:32 +02:00
Luke Granger-Brown
b418e17a4c
Merge pull request #120646 from dotlambda/qtwebengine-ffmpeg
...
libsForQt5.qtwebengine: use ffmpeg instead of ffmpeg_3
2021-05-06 12:57:17 +01:00
Robert Schütz
bda9e192dd
Merge pull request #120582 from dotlambda/ffmpeg_2-drop
...
ffmpeg_2: mark as insecure
2021-05-06 13:51:34 +02:00
Gabriel Ebner
46ecc3e1d3
Merge pull request #121845 from fortuneteller2k/fix-and-update-vieb
...
vieb: 3.4.0 -> 4.5.1
2021-05-06 13:49:17 +02:00
Robert Schütz
5b69bdf891
Merge pull request #121168 from dotlambda/djvulibre-3.5.28
...
djvulibre: 3.5.27 -> 3.5.28
2021-05-06 13:43:06 +02:00
Robert Schütz
30c3036793
Merge pull request #121151 from dotlambda/libdeltachat-init
...
libdeltachat: init at 1.54.0
2021-05-06 13:41:16 +02:00
Robert Schütz
688fee8b8a
pythonPackages.pgpy: 0.5.2 -> 0.5.4 ( #121270 )
...
https://github.com/SecurityInnovation/PGPy/releases/tag/v0.5.3
https://github.com/SecurityInnovation/PGPy/releases/tag/v0.5.4
2021-05-06 13:40:40 +02:00
Robert Hensing
e32d497623
Merge pull request #121899 from hercules-ci/update-elm-json
...
elmPackages.elm-json: 0.2.7 -> 0.2.10
2021-05-06 11:58:36 +02:00
Robert Hensing
89fffee73f
openapi-generator-cli: 5.0.0 -> 5.1.0
2021-05-06 11:24:56 +02:00
Robert Hensing
377f9ca78d
elmPackages.elm-json: 0.2.7 -> 0.2.10
2021-05-06 11:21:40 +02:00
Maximilian Bosch
a50b9e6c23
Merge pull request #113716 from Ma27/wpa_multiple
...
wpa_supplicant: allow both imperative and declarative networks
2021-05-06 11:01:35 +02:00
Maximilian Bosch
77b82f3535
Merge pull request #121875 from Infinisil/small-module-arg-optimization
...
lib/modules: Small optimization
2021-05-06 10:33:22 +02:00
fortuneteller2k
9802eed170
vieb: 3.4.0 -> 4.5.1
2021-05-06 16:23:09 +08:00
Maximilian Bosch
74c58a962b
Merge pull request #121877 from marsam/update-nodejs-16_x
...
nodejs-16_x: 16.0.0 -> 16.1.0
2021-05-06 10:06:26 +02:00
Mario Rodas
625842b8cf
terraform_0_15: 0.15.1 -> 0.15.2 ( #121859 )
...
https://github.com/hashicorp/terraform/releases/tag/v0.15.2
2021-05-06 10:00:22 +02:00
Fabian Affolter
882dd01186
Merge pull request #121879 from r-ryantm/auto-update/gitleaks
...
gitleaks: 7.4.1 -> 7.5.0
2021-05-06 09:42:35 +02:00
Raghav Sood
123db83348
Merge pull request #121882 from r-ryantm/auto-update/go-ethereum
...
go-ethereum: 1.10.2 -> 1.10.3
2021-05-06 13:14:41 +08:00
Raghav Sood
21f54d2478
Merge pull request #121876 from centromere/openethereum-3.2.5
...
openethereum: 3.2.4 -> 3.2.5
2021-05-06 13:14:28 +08:00
Anderson Torres
87a0e85736
Merge pull request #121799 from r-ryantm/auto-update/free42
...
free42: 3.0.2 -> 3.0.3
2021-05-06 01:40:04 -03:00
R. RyanTM
b334d0dc2b
go-ethereum: 1.10.2 -> 1.10.3
2021-05-06 04:39:36 +00:00
Maciej Krüger
7155c11426
Merge pull request #121871 from otavio/topic/anydesk-6-1-1
...
anydesk: 6.1.0 -> 6.1.1
2021-05-06 06:36:35 +02:00
R. RyanTM
4f8435de76
gitleaks: 7.4.1 -> 7.5.0
2021-05-06 04:26:05 +00:00
Mario Rodas
ce0e20df34
Merge pull request #121347 from r-ryantm/auto-update/cargo-watch
...
cargo-watch: 7.6.1 -> 7.7.2
2021-05-05 23:12:08 -05:00
Mario Rodas
d4d3f29223
Merge pull request #121656 from r-ryantm/auto-update/kbs2
...
kbs2: 0.2.6 -> 0.3.0
2021-05-05 22:51:27 -05:00
Mario Rodas
a2a367dcfb
Merge pull request #121671 from r-ryantm/auto-update/breezy
...
breezy: 3.1.0 -> 3.2.0
2021-05-05 22:50:51 -05:00
Mario Rodas
101ab29b40
Merge pull request #121079 from r-ryantm/auto-update/dnsproxy
...
dnsproxy: 0.37.2 -> 0.37.3
2021-05-05 22:41:37 -05:00
Mario Rodas
a468d76fbd
Merge pull request #120999 from r-ryantm/auto-update/inter
...
inter: 3.15 -> 3.18
2021-05-05 22:40:55 -05:00
Mario Rodas
0d1d2c6510
Merge pull request #121363 from r-ryantm/auto-update/lefthook
...
lefthook: 0.7.3 -> 0.7.4
2021-05-05 22:27:56 -05:00
Mario Rodas
d0b013c5c3
Merge pull request #121681 from r-ryantm/auto-update/eksctl
...
eksctl: 0.46.0 -> 0.47.0
2021-05-05 22:27:02 -05:00
Alex Wied
f8c104d116
openethereum: 3.2.4 -> 3.2.5
2021-05-05 23:15:18 -04:00
Mario Rodas
425b825953
Merge pull request #121861 from marsam/update-lxc
...
lxc: 4.0.8 -> 4.0.9
2021-05-05 22:11:12 -05:00
Silvan Mosberger
98c77a0b2d
lib/modules: Small optimization
2021-05-06 04:59:27 +02:00
Martin Weinelt
3bab9a19ad
home-assistant: 2021.4.6 -> 2021.5.0
...
https://www.home-assistant.io/blog/2021/05/05/release-20215/
2021-05-06 04:45:55 +02:00
Uri Baghin
a4026fb952
perceptualdiff: fix darwin support ( #121646 )
2021-05-05 22:36:08 -04:00
Otavio Salvador
fbf1c83c0b
anydesk: 6.1.0 -> 6.1.1
...
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
2021-05-05 22:48:26 -03:00
Fabian Affolter
44078074fa
python3Packages.zwave-js-server-python: 0.23.1 -> 0.24.0
2021-05-06 02:30:08 +02:00
happysalada
1374bfa2d3
sqlx-cli: fix darwin build
2021-05-06 08:29:37 +09:00
Robin Gloster
361bea3f00
Merge pull request #121828 from wlib/_1password-1.9.1
...
_1password: 1.8.0 -> 1.9.1
2021-05-05 17:39:48 -05:00
Robin Gloster
15182d1ab3
Merge pull request #121832 from ryantm/gluster-qemu
...
qemu_full: add glusterfs support
2021-05-05 17:37:33 -05:00
Robin Gloster
d0e41f05e2
Merge pull request #121833 from markuskowa/upd-ucx
...
ucx: 1.9.0 -> 1.10.0
2021-05-05 17:37:03 -05:00
Robin Gloster
22bed3c9ee
Merge pull request #121838 from nightmared/transmission-apparmor
...
nixos/transmission: add a missing apparmor rule
2021-05-05 17:33:28 -05:00