Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | nixos/doc: update rl-2111 w.r.t. iptables-nft migration | Florian Klink | 2022-03-09 |
| | | | | | | | Follow-up on https://github.com/NixOS/nixpkgs/pull/161426. Explain why having legacy iptables rules installed can lead to confusing firewall behaviour, and provide some guidance on how to fix this. | ||
* | Merge pull request #161426 from flokli/rl-2111-nftables | Florian Klink | 2022-02-24 |
|\ | | | | | nixos/doc: improve release notes for iptables-nft and systemd with nftables backend | ||
| * | nixos/doc: improve release notes for iptables-nft and systemd with nftables ↵ | Florian Klink | 2022-02-22 |
| | | | | | | | | | | | | | | | | | | | | backend This change probably wasn't documented sufficiently in the release notes, neither the fact systemd stopped using iptables on its own in case of nf_tables support. Fixes #156041. | ||
* | | add `/usr` neededForBoot entry to 21.11 release notes | Shahar Dawn Or | 2022-02-23 |
|/ | |||
* | linux: enable BPF_UNPRIV_DEFAULT_OFF between 5.10 and 5.15 | Martin Weinelt | 2022-01-15 |
| | | | | | | | | | | | | | | | | | Disable unprivileged access to BPF syscalls to prevent denial of service and privilege escalation via a) potential speculative execution side-channel-attacks on unmitigated hardware[0] or b) unvalidated memory access in ringbuffer helper functions[1]. Fixes: CVE-2021-4204, CVE-2022-23222 [0] https://ebpf.io/summit-2021-slides/eBPF_Summit_2021-Keynote-Daniel_Borkmann-BPF_and_Spectre.pdf [1] https://www.openwall.com/lists/oss-security/2022/01/13/1 | ||
* | nixos/maddy: Better description, user and group handling | Jonas Heinrich | 2021-12-30 |
| | |||
* | nixos/maddy: Add module for maddy | Jonas Heinrich | 2021-12-07 |
| | | | | Co-authored-by: Patrick Hilhorst <git@hilhorst.be> | ||
* | nixos/doc/manual/release-notes/rl-2111: add prometheus-smartctl-exporter | Martin Weinelt | 2021-12-05 |
| | |||
* | OpenJDK: expose more versions | Philipp Dargel | 2021-12-02 |
| | | | | Provide a way to access all JDK versions. | ||
* | nixos/doc/manual/release-notes/rl-2111: fix multiple option links | Martin Weinelt | 2021-12-02 |
| | |||
* | nixos/doc/manual/release-notes/rl-2111: move highlights introduction | Martin Weinelt | 2021-12-02 |
| | |||
* | Merge pull request #147898 from tomberek/release_bump | Timothy DeHerrera | 2021-11-29 |
|\ | | | | | nixos/rl-21.11: bump | ||
| * | [21.11] update README.md | Tom Bereknyei | 2021-11-29 |
| | | | | | | | | | | | | | | | | [21.11] update upgrading [21.11] update release date run generation | ||
* | | hydrus: 462 -> 463 | Daniel Olsen | 2021-11-28 |
| | | |||
* | | nixos/doc: Add note about big updates regarding hydrus to release notes | Daniel Olsen | 2021-11-28 |
| | | |||
* | | Revert "Merge pull request #141192 from ↵ | Michael Weiss | 2021-11-27 |
|/ | | | | | | | | | | | | | | | | | | | | | | | helsinki-systems/feat/improved-socket-handling2" This reverts commit 57961d2b838cc31fa4ce89641b6a8db544a8471a, reversing changes made to b04f913afce4419f6b777fd64ac52315dbef3aaf. (I.e. this reverts PR #141192.) While well-intended, this change does unfortunately introduce very serious regressions that are especially disruptive/noticeable on desktop systems (e.g. users of Sway will loose their graphical session when running "nixos-rebuild switch"). Therefore, this change has to be reverted ASAP instead of trying to fix it in "production". Note: An updated version should be extensively discussed, reviewed, and tested before re-landing this change as an earlier version also had to be reverted for the exact same issues [0]. Fix: #146727 [0]: https://github.com/NixOS/nixpkgs/pull/73871#issuecomment-559783752 | ||
* | kratos: 0.7.6-alpha.1 -> 0.8.0-alpha.3 | Vladyslav Burzakovskyy | 2021-11-23 |
| | |||
* | nixos/doc: add release notes about retroarch changes | Thiago Kenji Okada | 2021-11-20 |
| | |||
* | gnat: 9 -> 11 | sternenseemann | 2021-11-15 |
| | | | | | | | | Update the default GNAT version from 9 to 11, as GNAT >= 11 is required to compile the 22.* AdaCore libraries. To allow this, we need to pick a patch from ghdl's master fixing a compilation problem with GNAT 11. | ||
* | doc: Explain daemon(IO)NiceLevel removal in release note | Mikael Voss | 2021-11-15 |
| | |||
* | Merge master into staging-next | github-actions[bot] | 2021-11-13 |
|\ | |||
| * | Merge pull request #144933 from Artturin/ananicyinit | Artturi | 2021-11-12 |
| |\ | | | | | | | ananicy: init at unstable-2021-11-05 | ||
| | * | nixos/ananicy: init | Artturin | 2021-11-11 |
| | | | |||
* | | | Merge master into staging-next | github-actions[bot] | 2021-11-11 |
|\| | | |||
| * | | Merge pull request #144618 from fgaz/staticjinja/4.1.1 | Sandro | 2021-11-11 |
| |\ \ | |||
| | * | | staticjinja: 4.1.0 -> 4.1.1 | Francesco Gazzetta | 2021-11-04 |
| | | | | |||
* | | | | Merge master into staging-next | github-actions[bot] | 2021-11-10 |
|\| | | | |||
| * | | | Merge pull request #145227 from Synthetica9/julia-to-stable | Anderson Torres | 2021-11-10 |
| |\ \ \ | | | | | | | | | | | julia: point to -stable instead of -lts | ||
| | * | | | julia: -lts -> -stable | Patrick Hilhorst | 2021-11-09 |
| | | | | | |||
* | | | | | Merge master into staging-next | github-actions[bot] | 2021-11-10 |
|\| | | | | |||
| * | | | | Merge pull request #145181 from helsinki-systems/release-notes/openssh | Janne Heß | 2021-11-09 |
| |\ \ \ \ | | | | | | | | | | | | | nixos/changelog: Mention OpenSSH upgrade | ||
| | * | | | | nixos/changelog: Mention OpenSSH upgrade | Janne Heß | 2021-11-09 |
| | |/ / / | |||
| * / / / | nixos/doc/manual/release-notes/rl-2111: Nix 2.4 | Bernardo Meurer | 2021-11-09 |
| |/ / / | |||
* | | | | Merge master into staging-next | github-actions[bot] | 2021-11-08 |
|\| | | | |||
| * | | | nixos/prometheus: throw a helpful error when ↵ | Bas van Dijk | 2021-11-07 |
| | | | | | | | | | | | | | | | | services.prometheus.environmentFile is defined | ||
| * | | | nixos/prometheus: remove services.prometheus.environmentFile | Bas van Dijk | 2021-11-07 |
| | |/ | |/| | | | | | | | The option `services.prometheus.environmentFile` has been removed since it was causing [issues](https://github.com/NixOS/nixpkgs/issues/126083) and Prometheus now has native support for secret files. | ||
* | | | Merge master into staging-next | github-actions[bot] | 2021-11-07 |
|\| | | |||
| * | | loki: 2.3.0 -> 2.4.0 | happysalada | 2021-11-07 |
| | | | |||
* | | | Merge master into staging-next | github-actions[bot] | 2021-11-07 |
|\| | | |||
| * | | nixos/xmrig: init | Victor Freire | 2021-11-06 |
| | | | |||
* | | | Merge master into staging-next | github-actions[bot] | 2021-11-06 |
|\| | | |||
| * | | nixos/pam: pam_mkhomedir umask to 0077 | Nico Berlee | 2021-11-06 |
| | | | | | | | | | | | | | | | | | | pam_mkhomedir should create homedirs with the same umask as the rest of the system. Currently it creates homedirs with go+rx which makes it readable for other non-privileged users. | ||
| * | | nixosTest: Add xclip as example of stdout blocker | Robert Hensing | 2021-11-06 |
| | | | |||
* | | | Merge master into staging-next | github-actions[bot] | 2021-11-05 |
|\| | | |||
| * | | nixos/unifi: refactor mountpoints | Pascal Bach | 2021-11-05 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Use service internal bind mounts instead of global ones. This also moves the logs to /var/log/unifi on the host and the run directory to /run/unifi. Closes #61424 | ||
| * | | Merge pull request #144239 from illustris/hadoop | Bernardo Meurer | 2021-11-04 |
| |\ \ | | | | | | | | | nixos/hadoop: Add HA services and HTTPFS | ||
| | * | | nixos/hadoop: release notes | illustris | 2021-11-03 |
| | | | | |||
* | | | | Merge branch 'staging-next' into staging | Vladimír Čunát | 2021-11-05 |
|\| | | | |||
| * | | | nixosTest: Document stdout waiting behavior | Robert Hensing | 2021-11-05 |
| | | | | |||
* | | | | Merge staging-next into staging | github-actions[bot] | 2021-11-04 |
|\| | | |