+6

maintainers/maintainer-list.nix

··· 15775 15775 githubId = 1891350; 15776 15776 name = "Michael Raskin"; 15777 15777 }; 15778 15778 + raspher = { 15779 15779 + email = "raspher@protonmail.com"; 15780 15780 + github = "raspher"; 15781 15781 + githubId = 23345803; 15782 15782 + name = "Szymon Scholz"; 15783 15783 + }; 15778 15784 ratcornu = { 15779 15785 email = "ratcornu@skaven.org"; 15780 15786 github = "RatCornu";

-1

nixos/modules/module-list.nix

··· 317 317 ./security/oath.nix 318 318 ./security/pam.nix 319 319 ./security/pam_mount.nix 320 320 - ./security/pam_usb.nix 321 320 ./security/please.nix 322 321 ./security/polkit.nix 323 322 ./security/rngd.nix

-12

nixos/modules/security/pam.nix

··· 205 205 }; 206 206 }; 207 207 208 208 - usbAuth = mkOption { 209 209 - default = config.security.pam.usb.enable; 210 210 - defaultText = literalExpression "config.security.pam.usb.enable"; 211 211 - type = types.bool; 212 212 - description = lib.mdDoc '' 213 213 - If set, users listed in 214 214 - {file}`/etc/pamusb.conf` are able to log in 215 215 - with the associated USB key. 216 216 - ''; 217 217 - }; 218 218 - 219 208 otpwAuth = mkOption { 220 209 default = config.security.pam.enableOTPW; 221 210 defaultText = literalExpression "config.security.pam.enableOTPW"; ··· 665 654 authfile = u2f.authFile; 666 655 appid = u2f.appId; 667 656 }; }) 668 668 - { name = "usb"; enable = cfg.usbAuth; control = "sufficient"; modulePath = "${pkgs.pam_usb}/lib/security/pam_usb.so"; } 669 657 (let ussh = config.security.pam.ussh; in { name = "ussh"; enable = config.security.pam.ussh.enable && cfg.usshAuth; control = ussh.control; modulePath = "${pkgs.pam_ussh}/lib/security/pam_ussh.so"; settings = { 670 658 ca_file = ussh.caFile; 671 659 authorized_principals = ussh.authorizedPrincipals;

-51

nixos/modules/security/pam_usb.nix

··· 1 1 - { config, lib, pkgs, ... }: 2 2 - 3 3 - with lib; 4 4 - 5 5 - let 6 6 - 7 7 - cfg = config.security.pam.usb; 8 8 - 9 9 - anyUsbAuth = any (attrByPath ["usbAuth"] false) (attrValues config.security.pam.services); 10 10 - 11 11 - in 12 12 - 13 13 - { 14 14 - options = { 15 15 - 16 16 - security.pam.usb = { 17 17 - enable = mkOption { 18 18 - type = types.bool; 19 19 - default = false; 20 20 - description = lib.mdDoc '' 21 21 - Enable USB login for all login systems that support it. For 22 22 - more information, visit <https://github.com/aluzzardi/pam_usb/wiki/Getting-Started#setting-up-devices-and-users>. 23 23 - ''; 24 24 - }; 25 25 - 26 26 - }; 27 27 - 28 28 - }; 29 29 - 30 30 - config = mkIf (cfg.enable || anyUsbAuth) { 31 31 - 32 32 - # Make sure pmount and pumount are setuid wrapped. 33 33 - security.wrappers = { 34 34 - pmount = 35 35 - { setuid = true; 36 36 - owner = "root"; 37 37 - group = "root"; 38 38 - source = "${pkgs.pmount.out}/bin/pmount"; 39 39 - }; 40 40 - pumount = 41 41 - { setuid = true; 42 42 - owner = "root"; 43 43 - group = "root"; 44 44 - source = "${pkgs.pmount.out}/bin/pumount"; 45 45 - }; 46 46 - }; 47 47 - 48 48 - environment.systemPackages = [ pkgs.pmount ]; 49 49 - 50 50 - }; 51 51 - }

+2 -2

pkgs/applications/networking/cluster/terraform/default.nix

··· 167 167 mkTerraform = attrs: pluggable (generic attrs); 168 168 169 169 terraform_1 = mkTerraform { 170 170 - version = "1.7.2"; 171 171 - hash = "sha256-jTzZWmYeKF87Er2i7XHquM8oQyF4q/qoBf4DdMqv7L8="; 170 170 + version = "1.7.3"; 171 171 + hash = "sha256-/NnpmZLCEoSwJYsHmMxQ8HRxzsyCm91oc6T+mcsaNv0="; 172 172 vendorHash = "sha256-DI4YTjdFFvfby8ExEY3KoK4J9YKK5LPpMbelzFMDVVs="; 173 173 patches = [ ./provider-path-0_15.patch ]; 174 174 passthru = {

+1

pkgs/by-name/gc/gcli/package.nix

··· 29 29 license = licenses.bsd2; 30 30 mainProgram = "gcli"; 31 31 maintainers = with maintainers; [ kenran ]; 32 32 + platforms = platforms.unix; 32 33 }; 33 34 }

+43

pkgs/by-name/pe/peergos/package.nix

··· 1 1 + { lib 2 2 + , stdenv 3 3 + , fetchurl 4 4 + , jre 5 5 + , makeWrapper 6 6 + }: 7 7 + 8 8 + let 9 9 + version = "0.14.1"; 10 10 + peergos = fetchurl { 11 11 + url = "https://github.com/Peergos/web-ui/releases/download/v${version}/Peergos.jar"; 12 12 + hash = "sha256-oCsUuFxTAL0vAabGggGhZHaF40A5TLfkT15HYPiKHlU="; 13 13 + }; 14 14 + in 15 15 + stdenv.mkDerivation rec { 16 16 + pname = "peergos"; 17 17 + inherit version; 18 18 + 19 19 + dontUnpack = true; 20 20 + dontBuild = true; 21 21 + 22 22 + nativeBuildInputs = [ makeWrapper ]; 23 23 + 24 24 + installPhase = '' 25 25 + runHook preInstall 26 26 + 27 27 + install -D ${peergos} $out/share/java/peergos.jar 28 28 + makeWrapper ${lib.getExe jre} $out/bin/${pname} \ 29 29 + --add-flags "-jar -Djava.library.path=native-lib $out/share/java/${pname}.jar" 30 30 + 31 31 + runHook postInstall 32 32 + ''; 33 33 + 34 34 + meta = with lib; { 35 35 + description = "A p2p, secure file storage, social network and application protocol"; 36 36 + homepage = "https://peergos.org/"; 37 37 + # peergos have agpt3 license, peergos-web-ui have gpl3, both are used 38 38 + license = [ licenses.agpl3Only licenses.gpl3Only ]; 39 39 + platforms = platforms.all; 40 40 + maintainers = with maintainers; [ raspher ]; 41 41 + sourceProvenance = with sourceTypes; [ binaryBytecode ]; 42 42 + }; 43 43 + }

+13 -14

pkgs/development/python-modules/clldutils/default.nix

··· 2 2 , attrs 3 3 , buildPythonPackage 4 4 , colorlog 5 5 - , csvw 6 5 , fetchFromGitHub 7 6 , git 8 8 - , isPy27 9 7 , lxml 10 8 , markdown 11 9 , markupsafe ··· 15 13 , pytest-mock 16 14 , pytestCheckHook 17 15 , python-dateutil 16 16 + , pythonOlder 17 17 + , setuptools 18 18 , tabulate 19 19 }: 20 20 21 21 buildPythonPackage rec { 22 22 pname = "clldutils"; 23 23 - version = "3.19.0"; 24 24 - format = "setuptools"; 25 25 - disabled = isPy27; 23 23 + version = "3.21.0"; 24 24 + pyproject = true; 25 25 + disabled = pythonOlder "3.8"; 26 26 27 27 src = fetchFromGitHub { 28 28 owner = "clld"; 29 29 repo = pname; 30 30 rev = "v${version}"; 31 31 - hash = "sha256-dva0lbbTxvETDPkACxpI3PPzWh5gz87Fv6W3lTjNv3Q="; 31 31 + hash = "sha256-OD+WJ9JuYZb/oXDgVqL4i5YlcVEt0+swq0SB3cutyRo="; 32 32 }; 33 33 34 34 patchPhase = '' 35 35 - substituteInPlace setup.cfg --replace "--cov" "" 35 35 + substituteInPlace setup.cfg \ 36 36 + --replace-fail "--cov" "" 36 37 ''; 37 38 39 39 + nativeBuildInputs = [ 40 40 + setuptools 41 41 + ]; 42 42 + 38 43 propagatedBuildInputs = [ 39 44 attrs 40 45 colorlog 41 41 - csvw 42 46 lxml 43 47 markdown 44 48 markupsafe ··· 55 59 git 56 60 ]; 57 61 58 58 - disabledTests = [ 59 59 - # uses pytest.approx which is not supported in a boolean context in pytest7 60 60 - "test_to_dec" 61 61 - "test_roundtrip" 62 62 - ]; 63 63 - 64 62 meta = with lib; { 63 63 + changelog = "https://github.com/clld/clldutils/blob/${src.rev}/CHANGES.md"; 65 64 description = "Utilities for clld apps without the overhead of requiring pyramid, rdflib et al"; 66 65 homepage = "https://github.com/clld/clldutils"; 67 66 license = licenses.asl20;

+2 -2

pkgs/development/python-modules/colorlog/default.nix

··· 7 7 8 8 buildPythonPackage rec { 9 9 pname = "colorlog"; 10 10 - version = "6.8.0"; 10 10 + version = "6.8.2"; 11 11 pyproject = true; 12 12 13 13 src = fetchPypi { 14 14 inherit pname version; 15 15 - hash = "sha256-+7b9+dVoXyUX84j7Kbsn1U6GVN0x9YvCo7IX6WepXKY="; 15 15 + hash = "sha256-Pj4HmkH+taG2T5eLXqT0YECpTxHw6Lu4Jh49u+ymTUQ="; 16 16 }; 17 17 18 18 nativeBuildInputs = [

+2 -2

pkgs/development/python-modules/posthog/default.nix

··· 14 14 }: 15 15 let 16 16 pname = "posthog"; 17 17 - version = "3.3.4"; 17 17 + version = "3.4.0"; 18 18 in 19 19 buildPythonPackage { 20 20 inherit pname version; ··· 24 24 owner = "PostHog"; 25 25 repo = "posthog-python"; 26 26 rev = "refs/tags/v${version}"; 27 27 - hash = "sha256-xw6mbcEuW3bt5XmJ7ADE34Pm7MEOqJM08NBde8yqeBg="; 27 27 + hash = "sha256-ziqUXQdmzKdrwbk7iYwCbNg+jiXiB9l3QaosY5VA3YA="; 28 28 }; 29 29 30 30 propagatedBuildInputs = [

-81

pkgs/os-specific/linux/pam_usb/default.nix

··· 1 1 - { lib, stdenv, fetchurl, makeWrapper, dbus, libxml2, pam, pkg-config, pmount, python2Packages, writeScript, runtimeShell }: 2 2 - 3 3 - let 4 4 - 5 5 - # Search in the environment if the same program exists with a set uid or 6 6 - # set gid bit. If it exists, run the first program found, otherwise run 7 7 - # the default binary. 8 8 - useSetUID = drv: path: 9 9 - let 10 10 - name = baseNameOf path; 11 11 - bin = "${drv}${path}"; 12 12 - in assert name != ""; 13 13 - writeScript "setUID-${name}" '' 14 14 - #!${runtimeShell} 15 15 - inode=$(stat -Lc %i ${bin}) 16 16 - for file in $(type -ap ${name}); do 17 17 - case $(stat -Lc %a $file) in 18 18 - ([2-7][0-7][0-7][0-7]) 19 19 - if test -r "$file".real; then 20 20 - orig=$(cat "$file".real) 21 21 - if test $inode = $(stat -Lc %i "$orig"); then 22 22 - exec "$file" "$@" 23 23 - fi 24 24 - fi;; 25 25 - esac 26 26 - done 27 27 - exec ${bin} "$@" 28 28 - ''; 29 29 - 30 30 - pmountBin = useSetUID pmount "/bin/pmount"; 31 31 - pumountBin = useSetUID pmount "/bin/pumount"; 32 32 - inherit (python2Packages) python dbus-python; 33 33 - in 34 34 - 35 35 - stdenv.mkDerivation rec { 36 36 - pname = "pam_usb"; 37 37 - version = "0.5.0"; 38 38 - 39 39 - src = fetchurl { 40 40 - url = "mirror://sourceforge/pamusb/pam_usb-${version}.tar.gz"; 41 41 - sha256 = "1g1w0s9d8mfld8abrn405ll5grv3xgs0b0hsganrz6qafdq9j7q1"; 42 42 - }; 43 43 - 44 44 - nativeBuildInputs = [ 45 45 - makeWrapper 46 46 - pkg-config 47 47 - ]; 48 48 - 49 49 - buildInputs = [ 50 50 - # pam_usb dependencies 51 51 - dbus libxml2 pam pmount 52 52 - # pam_usb's tools dependencies 53 53 - python 54 54 - # cElementTree is included with python 2.5 and later. 55 55 - ]; 56 56 - 57 57 - preBuild = '' 58 58 - makeFlagsArray=(DESTDIR=$out) 59 59 - substituteInPlace ./src/volume.c \ 60 60 - --replace 'pmount' '${pmountBin}' \ 61 61 - --replace 'pumount' '${pumountBin}' 62 62 - ''; 63 63 - 64 64 - # pmount is append to the PATH because pmounts binaries should have a set uid bit. 65 65 - postInstall = '' 66 66 - mv $out/usr/* $out/. # fix color */ 67 67 - rm -rf $out/usr 68 68 - for prog in $out/bin/pamusb-conf $out/bin/pamusb-agent; do 69 69 - substituteInPlace $prog --replace '/usr/bin/env python' '/bin/python' 70 70 - wrapProgram $prog \ 71 71 - --prefix PYTHONPATH : "$(toPythonPath ${dbus-python})" 72 72 - done 73 73 - ''; 74 74 - 75 75 - meta = { 76 76 - homepage = "http://pamusb.org/"; 77 77 - description = "Authentication using USB Flash Drives"; 78 78 - license = lib.licenses.gpl2; 79 79 - platforms = lib.platforms.linux; 80 80 - }; 81 81 - }

+42

pkgs/servers/apache-airflow/default.nix

··· 7 7 let 8 8 python = python3.override { 9 9 packageOverrides = pySelf: pySuper: { 10 10 + connexion = pySuper.connexion.overridePythonAttrs (o: rec { 11 11 + version = "2.14.2"; 12 12 + src = fetchFromGitHub { 13 13 + owner = "spec-first"; 14 14 + repo = "connexion"; 15 15 + rev = "refs/tags/${version}"; 16 16 + hash = "sha256-1v1xCHY3ZnZG/Vu9wN/it7rLKC/StoDefoMNs+hMjIs="; 17 17 + }; 18 18 + nativeBuildInputs = with pySelf; [ 19 19 + setuptools 20 20 + pythonRelaxDepsHook 21 21 + ]; 22 22 + pythonRelaxDeps = [ 23 23 + "werkzeug" 24 24 + ]; 25 25 + propagatedBuildInputs = with pySelf; [ 26 26 + aiohttp 27 27 + aiohttp-jinja2 28 28 + aiohttp-swagger 29 29 + clickclick 30 30 + flask 31 31 + inflection 32 32 + jsonschema 33 33 + openapi-spec-validator 34 34 + packaging 35 35 + pyyaml 36 36 + requests 37 37 + swagger-ui-bundle 38 38 + ]; 39 39 + nativeCheckInputs = with pySelf; [ 40 40 + aiohttp-remotes 41 41 + decorator 42 42 + pytest-aiohttp 43 43 + pytestCheckHook 44 44 + testfixtures 45 45 + ]; 46 46 + disabledTests = [ 47 47 + "test_app" 48 48 + "test_openapi_yaml_behind_proxy" 49 49 + "test_swagger_ui" 50 50 + ]; 51 51 + }); 10 52 flask = pySuper.flask.overridePythonAttrs (o: rec { 11 53 version = "2.2.5"; 12 54 src = fetchPypi {

+4

pkgs/servers/apache-airflow/python-package.nix

··· 332 332 homepage = "https://airflow.apache.org/"; 333 333 license = licenses.asl20; 334 334 maintainers = with maintainers; [ bhipple gbpdt ingenieroariel ]; 335 335 + knownVulnerabilities = [ 336 336 + "CVE-2023-50943" 337 337 + "CVE-2023-50944" 338 338 + ]; 335 339 }; 336 340 }

+2 -2

pkgs/tools/misc/topicctl/default.nix

··· 2 2 3 3 buildGoModule rec { 4 4 pname = "topicctl"; 5 5 - version = "1.13.0"; 5 5 + version = "1.14.0"; 6 6 7 7 src = fetchFromGitHub { 8 8 owner = "segmentio"; 9 9 repo = "topicctl"; 10 10 rev = "v${version}"; 11 11 - sha256 = "sha256-sCjlEG34j8+uDI/W1mzzcrXn0c/B3/ca5N4VL9gKEjc="; 11 11 + sha256 = "sha256-Vmx+6UXNWCnVmLskk1J4Pug3+99cdk4WXjA2zO4agvU="; 12 12 }; 13 13 14 14 vendorHash = "sha256-+mnnvdna1g6JE29weOJZmdO3jFp2a75dV9wK2XcWJ9s=";

+2 -12

pkgs/tools/system/zram-generator/Cargo.lock

··· 239 239 ] 240 240 241 241 [[package]] 242 242 - name = "redox_syscall" 243 243 - version = "0.4.1" 244 244 - source = "registry+https://github.com/rust-lang/crates.io-index" 245 245 - checksum = "4722d768eff46b75989dd134e5c353f0d6296e5aaa3132e776cbdb56be7731aa" 246 246 - dependencies = [ 247 247 - "bitflags 1.3.2", 248 248 - ] 249 249 - 250 250 - [[package]] 251 242 name = "rust-ini" 252 243 version = "0.17.0" 253 244 source = "registry+https://github.com/rust-lang/crates.io-index" ··· 283 274 284 275 [[package]] 285 276 name = "tempfile" 286 286 - version = "3.9.0" 277 277 + version = "3.10.0" 287 278 source = "registry+https://github.com/rust-lang/crates.io-index" 288 288 - checksum = "01ce4141aa927a6d1bd34a041795abd0db1cccba5d5f24b009f694bdf3a1f3fa" 279 279 + checksum = "a365e8cd18e44762ef95d87f284f4b5cd04107fec2ff3052bd6a3e6069669e67" 289 280 dependencies = [ 290 281 "cfg-if", 291 282 "fastrand", 292 292 - "redox_syscall", 293 283 "rustix", 294 284 "windows-sys", 295 285 ]

+3 -2

pkgs/top-level/aliases.nix

··· 799 799 800 800 ### P ### 801 801 802 802 - packet-cli = metal-cli; # Added 2021-10-25 803 802 PageEdit = pageedit; # Added 2024-01-21 803 803 + packet-cli = metal-cli; # Added 2021-10-25 804 804 palemoon = throw "palemoon has been dropped due to python2 being EOL and marked insecure. Use 'palemoon-bin' instead"; # Added 2023-05-18 805 805 + pam_usb = throw "'pam_usb' has been removed: abandoned by upstream since 2015."; # Added 2023-10-30 806 806 + paper-note = throw "paper-note has been removed: abandoned by upstream"; # Added 2023-05-03 805 807 paperless = paperless-ngx; # Added 2021-06-06 806 808 paperless-ng = paperless-ngx; # Added 2022-04-11 807 807 - paper-note = throw "paper-note has been removed: abandoned by upstream"; # Added 2023-05-03 808 809 parity = openethereum; # Added 2020-08-01 809 810 partition-manager = libsForQt5.partitionmanager; # Added 2024-01-08 810 811 pash = throw "'pash' has been removed: abandoned by upstream. Use 'powershell' instead"; # Added 2023-09-16

-2

pkgs/top-level/all-packages.nix

··· 28381 28381 28382 28382 pam_u2f = callPackage ../os-specific/linux/pam_u2f { }; 28383 28383 28384 28384 - pam_usb = callPackage ../os-specific/linux/pam_usb { }; 28385 28385 - 28386 28384 pam_ussh = callPackage ../os-specific/linux/pam_ussh { }; 28387 28385 28388 28386 paxctl = callPackage ../os-specific/linux/paxctl { };