3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

1094 commits

Author SHA1 Message Date
Franz Pletz d21e682dde
virtmanager: 1.5.0 -> 1.5.1 2018-03-05 18:06:29 +01:00
Vladimír Čunát 565bd805e6
Merge branch 'master' 2018-03-05 14:53:27 +01:00
Ryan Mulligan 348f4b05dc seabios: 1.9.3 -> 1.11.0
Semi-automatic update. These checks were performed:

- built on NixOS
- found 1.11.0 with grep in /nix/store/m55my69q0dc6rbvf7sfz3mln7vca1d53-seabios-1.11.0
- found 1.11.0 in filename of file in /nix/store/m55my69q0dc6rbvf7sfz3mln7vca1d53-seabios-1.11.0

cc "@tstrobel"
2018-03-04 17:33:29 +00:00
Tuomas Tynkkynen 984fa1c2ee cbfstool: 4.5 -> 4.7, fixes build 2018-03-03 22:06:35 +02:00
Ryan Mulligan 1cddc1ecaf remotebox: 2.2 -> 2.4
Semi-automatic update. These checks were performed:

- built on NixOS
- found 2.4 with grep in /nix/store/5p43l2r5y6m0sdpyxwcwiv381ycglami-remotebox-2.4
- found 2.4 in filename of file in /nix/store/5p43l2r5y6m0sdpyxwcwiv381ycglami-remotebox-2.4
2018-03-01 15:41:37 +01:00
Jörg Thalheim 8ed4e67235
Merge pull request #33066 from Mic92/rkt
rkt: needs libacl in LD_LIBRARY_PATH at runtime
2018-03-01 09:14:59 +00:00
Tim Steinbach 3b9cf7aadc
docker: 17.12.0 -> 17.12.1 2018-02-28 12:48:17 -05:00
Tim Steinbach 3187f3fe25
containerd: 1.0.1 -> 1.0.2 2018-02-25 13:32:12 -05:00
Jan Tojnar a31d98f312
tree-wide: autorename gnome packages to use dashes 2018-02-25 17:41:16 +01:00
Alexander V. Nikolaev 0acec7e984 treewide: transition mesa to libGLU_combined 2018-02-24 17:06:49 +02:00
Jörg Thalheim aa6d6cc78f
Merge pull request #35151 from xeji/virtmanager-cleanup
virtmanager: 1.4.3 -> 1.5.0, cleanup dependencies
2018-02-23 11:31:21 +00:00
Peter Hoeg af2d94fed5 virtmanager-qt: 0.48.79 -> 0.52.80 2018-02-23 13:19:05 +08:00
Shea Levy 0022708d6d
qemu-riscv: Add initrd support patch 2018-02-20 09:11:06 -05:00
xeji 1cbccb95a7 virtmanager: set platforms to linux
since dependency libvirt-glib currently doesn't build on Darwin
2018-02-20 12:47:34 +01:00
Shea Levy 2f310cfa8b
qemu: Fix statfs flag.
Compile-tested the right package this time...
2018-02-18 21:47:07 -05:00
xeji 7460dc318b virtmanager: 1.5.0: sha512->sha256 (readability) 2018-02-19 01:15:47 +01:00
xeji b0eb4d6390 virtmanager: 1.5.0: add gtk3 dependency
otherwise virt-manager startup fails with
Typelib file for namespace 'Pango', version '1.0' not found: Could not open display: :0
2018-02-19 01:02:47 +01:00
xeji 911f408b5e virtmanager: 1.4.3 -> 1.5.0, cleanup dependencies
remove unneeded dependencies, see issue #34043
2018-02-18 23:19:41 +01:00
Shea Levy e3f947a19a
Add missing files 2018-02-18 14:33:43 -05:00
Shea Levy 4839b568de
qemu: Add patch for statfs f_flags in Linux user mode. 2018-02-18 14:08:22 -05:00
Joachim F 20815fc80b
Merge pull request #35112 from oxij/pkgs/fix-xen
xen_4_8: fix build
2018-02-18 17:27:03 +00:00
Shea Levy d4e1ef7b7b
qemu-riscv: 2.11.50pre57991_713f2c1164 -> 2.11.50pre58771_af435b709d 2018-02-18 09:28:54 -05:00
Jan Malakhovski 23e68d119d xenPackages.xen_4_8-vanilla: stop overriding cc
Nothing requires gcc49 in this version.
2018-02-18 13:46:51 +00:00
Jan Malakhovski b1047f34f7 xenPackages.xen_4_8-vanilla: fix build of qemu-xen
They merged that XSA and moved the tag.
2018-02-18 13:46:44 +00:00
Shea Levy 890c0b9654
qemu-riscv: Init at 2.11.50pre57991_713f2c1164.
Fixes #35087
2018-02-17 20:29:11 -05:00
Shea Levy ecf4825f32
qemu: 2.11.0 -> 2.11.1 2018-02-17 19:32:13 -05:00
Graham Christensen 5aabf0fc34
Merge pull request #33898 from oxij/nixos/related-packages-v5
nixos: doc: implement related packages in the manual (again)
2018-02-09 20:36:27 -05:00
Kevin Liu a5524e46f9
looking-glass-client: restrict to x86_64-linux
The AArch64 build fails after trying to pull in tmmintrin.h:

```
../common/memcpySSE.h:24:23: fatal error: tmmintrin.h: No such file or directory
 #include <tmmintrin.h>
                       ^
compilation terminated.
make: *** [Makefile:29: .build/renderers/opengl.o] Error 1
```

Which are SSSE3 intrinsics unsupported on ARM. This package also likely would
not be useful on ARM, as it requires KVM and a compatible KVM guest running
the frame relay (usually Windows).
2018-02-09 15:48:18 -05:00
Jan Malakhovski 06adc17455 xen, qemu: passthru the path to qemu-system-i386 2018-02-09 19:51:07 +00:00
Tim Steinbach 4ffe462b10
docker-edge: 18.01.0 -> 18.02.0 2018-02-09 10:25:58 -05:00
Kevin Liu 93532b0d3a
looking-glass-client: init at a10 2018-02-02 01:46:00 +01:00
aszlig f96aafd403
virtualbox: 5.2.4 -> 5.2.6
Upstream changes without issue IDs:

 * GUI: fixed occasional screen corruption when host screen resolution
        is changed
 * User interface: increase proposed disk size when creating new VMs for
                   Windows 7 and newer
 * User interface: various improvements for high resolution screens
 * VMM: Fixed problems using 256MB VRAM in raw-mode VMs
 * Audio: implemented support for audio playback and recording for macOS
          guests
 * Audio: further timing improvements for Windows 10 guests
 * Linux hosts: fixed problem accessing mini-toolbar under XFCE

The full changelog including issue IDs can be found at:

https://www.virtualbox.org/wiki/Changelog#v6

What was not mentioned in the changelog is that this release fixes
compiling the VirtualBox modules against kernel 4.15, which was added in
commit 61043ad4d1.

Tested this by running all of the tests in nixos/tests/virtualbox.nix.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @flokli, @svanderburg
2018-01-31 23:38:35 +01:00
Tim Steinbach 078fc69425
Merge pull request #33746 from NeQuissimus/docker_18_01
docker-edge: 17.12.0 -> 18.01.0
2018-01-30 14:06:19 +00:00
Franz Pletz 0cecf0b548
virt-viewer: 5.0 -> 6.0 2018-01-28 18:52:27 +01:00
Tim Steinbach 3d2948e009
docker: Fix build after containerd update 2018-01-19 11:26:59 -05:00
Tim Steinbach d45b33fbaa
Merge pull request #29300 from vdemeester/update-containerd-1
containerd: 0.2.9 -> 1.0.1
2018-01-18 23:10:13 +00:00
Vincent Demeester ef07118a80
containerd: 0.2.9 -> 1.0.1
Update containerd to its latest release !

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2018-01-18 13:31:53 -08:00
Tobias Geerinckx-Rice 0f84673f3d
Remove nckx as a maintainer for all packages
Goodbye, and thanks for all the Nix...
2018-01-16 23:00:49 +01:00
Andrey Golovizin 3eb0ddcfc4
virt-manager: add gobjectIntrospection to nativeBuildInputs 2018-01-14 13:31:03 +01:00
Tim Steinbach 438452f07a
docker-edge: 17.12.0 -> 18.01.0 2018-01-11 09:15:47 -05:00
Peter Hoeg 7e8e582e0c virtmanager-qt: 0.45.75 -> 0.48.79 2018-01-06 22:12:42 +08:00
Samuel Dionne-Riel 7b97c8c0c8 treewide: homepage+src updates (found by repology, #33263) 2018-01-05 20:42:46 +01:00
Tim Steinbach b084b36010
docker: 17.{09,11} -> 17.12 2018-01-02 09:11:33 -05:00
David Guibert 1e77d0b975 kernel 4.14 require libelf to compile modules.
[...]
make modules -C /nix/store/h1vzl6bq4wif3m8dd1bw2p3fv4shjg3n-linux-4.14.9-dev/lib/modules/4.14.9/build EXTRA_CFLAGS=-Werror-implicit-function-declaration M=/tmp/nix-build-spl-kernel-2017-11-16-4.14.9.drv-0/source/build
/nix/store/h1vzl6bq4wif3m8dd1bw2p3fv4shjg3n-linux-4.14.9-dev/lib/modules/4.14.9/source/Makefile:939: *** "Cannot generate ORC metadata for CONFIG_UNWINDER_ORC=y, please install libelf-dev, libelf-devel or elfutils-libelf-devel". Stop.

This patch introduces kernel.moduleBuildDependencies to avoid the logic "stdenv.lib.optional (stdenv.lib.versionAtLeast kernel.version "4.14") libelf" in multiple places.

[dezgeg did some minor tweaks on top]
2017-12-29 23:08:17 +02:00
Jörg Thalheim 40658a4886 rkt: needs libacl in LD_LIBRARY_PATH at runtime
Rkt opens libacl at runtime to apply acls to the journal directory.
2017-12-26 09:12:17 +01:00
Joachim F e6542d0609
Merge pull request #32916 from jbedo/singularity-2.4
singularity: 2.2 -> 2.4
2017-12-25 13:30:42 +00:00
Orivej Desh c3cfdc17bf
Merge pull request #32983 from flokli/virtualbox-5.2.4
virtualbox: 5.2.2 -> 5.2.4
2017-12-23 16:29:59 +00:00
Graham Christensen b5a61f2c59
Revert "nixos: doc: implement related packages in the manual" 2017-12-23 07:19:45 -05:00
Florian Klink eb12741c7a virtualbox: add license 2017-12-23 03:16:18 +00:00
Florian Klink 035dfacf43 virtualbox: add flokli as maintainer 2017-12-23 03:16:18 +00:00
Florian Klink e2c6ea72a1 virtualbox: 5.2.2 -> 5.2.4 2017-12-23 03:16:18 +00:00
Arseniy Seroka 36e02645eb
Merge pull request #32424 from oxij/nixos/related-packages
nixos: doc: implement related packages in the manual
2017-12-23 03:34:58 +03:00
Justin Bedo db927ea35b
singularity: 2.2 -> 2.4 2017-12-21 10:50:06 +11:00
volth 489d3e7d06 qemu: fix bin/qemu-kvm on aarch64 + minor fixes
* $out/bin/qemu-kvm should point to qemu-system-aarch64 on aarch64, libvirt expect it
 * makeWrapper codes are separated as some architectures might require additional command flags (https://github.com/NixOS/nixpkgs/issues/31606#issuecomment-349675127)
 * x86_64-on-i686 is not a native emulation and not supported by KVM, so it is removed from the list
2017-12-19 06:22:16 +02:00
Orivej Desh 24b7408881
Merge pull request #32703 from volth/patch-80
qemu: 2.10.1 -> 2.11.0
2017-12-17 02:23:17 +00:00
makefu 7d5692c9ed
neutron: rip
part of openstack cleanup
2017-12-15 16:08:37 +01:00
makefu 71767ee3c7
glance: rip
part of openstack cleanup
2017-12-15 16:08:10 +01:00
makefu d3d94992cf
keystone: rip
part of openstack cleanup
2017-12-15 16:06:44 +01:00
volth fbaa749621
qemu: 2.10.1 -> 2.11.0 2017-12-15 08:49:32 +00:00
makefu 5369400bb0
nova: rip
part of openstack cleanup
2017-12-13 18:16:29 +01:00
Andreas Rammhold 276683071b
xen: Added patches for XSA-248, XSA-249, XSA-250, XSA-251 2017-12-12 13:34:35 +01:00
Andreas Rammhold 834bdd25a3 xen: apply patches for XSA-246 & XSA-247 (CVE-2017-{17044,17045}) 2017-12-12 13:20:03 +01:00
John Doe 750a7c677b libvirt: remove xen dependency on aarch64 2017-12-11 19:46:05 +02:00
Tim Steinbach 0781951e75
docker: 17.09.0 -> 17.09.1 2017-12-10 14:16:27 -05:00
Jörg Thalheim 379907ca1a
Merge pull request #32394 from flokli/virtualbox-headless
virtualboxHeadless: fix build, cleanup buildInputs
2017-12-09 09:46:24 +00:00
Jan Malakhovski 7a92c2074d xen, qemu: passthru the path to qemu-system-i386 2017-12-07 21:27:32 +00:00
Florian Klink 7441e007b4 virtualbox: add docbook_xsl, docbook_xml_dtd_43
These threw warnings when building man pages.

Also move some buildInputs to nativeBuildInputs.
2017-12-07 01:55:58 +01:00
Florian Klink c8ee4d0928 virtualbox: patch HostServices/SharedClipboard/x11-stub.cpp to use RT_NOREF
Signed-off-by: Florian Klink <flokli@flokli.de>
2017-12-07 01:46:18 +01:00
Frederik Rietdijk a2adaf21f8
Merge pull request #32070 from adisbladis/virt-manager-1_4_3
virt-manager: 1.4.2 -> 1.4.3
2017-12-05 20:38:52 +01:00
Andreas Rammhold d72974a207 qemu: apply patch for CVE-2017-17381
More details at [1].

[1] http://www.openwall.com/lists/oss-security/2017/12/05/2
2017-12-05 10:18:42 +01:00
Tuomas Tynkkynen 8c3b96e58c virtualbox: Broken on non-x86
https://hydra.nixos.org/build/65212946
2017-12-03 19:51:59 +02:00
Tuomas Tynkkynen 56ecf95468 open-vm-tools: Broken on non-x86
https://hydra.nixos.org/build/65049444
2017-12-03 19:51:58 +02:00
Antoine Eiche 268d3656db qemu: fix CVE-2017-15118
See https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html
2017-11-29 11:19:50 +01:00
adisbladis 92edbb0a71
virt-manager: 1.4.2 -> 1.4.3 2017-11-26 18:41:41 +08:00
Tuomas Tynkkynen 3b2056536c qemu: Rename x86Only option to hostCpuOnly
And also make it work on ARM and Aarch64.
2017-11-26 11:13:20 +02:00
Tuomas Tynkkynen eb3925ff62 qemu: Disable numactl on ARM
32-bit ARM doesn't do numa.
2017-11-26 11:13:20 +02:00
aszlig e5c24abf3b
virtualbox: 5.2.0 -> 5.2.2
Upstream changes without issue IDs:

 * User interface: various improvements for high resolution screens
 * User interface: added functionality to duplicate optical and floppy
                   images
 * User interface: various improvements for the virtual media manager
 * VMM: fixed emulation so that Plan 9 guests can start once more (5.1.0
        regression)
 * Storage: fixed regression breaking iSCSI
 * Audio: added HDA support for more exotic guests (e.g. Haiku)
 * Serial: fixed hanging I/O when using named pipes on Windows (5.2.0
           regression)
 * Serial: fixed broken communication with certain devices on Linux
           hosts
 * USB/OHCI: improved behavior so that the controller state after a VM
             reset is closer to the initial state after VM start
 * EFI: fixed HFS+ driver which in rare cases failed to access most
        files on a volume
 * Shared clipboard: fixed hang with OS X host and Linux guest
 * Linux hosts: fixed kernel module compilation and start failures with
                Linux kernel 4.14
 * X11 hosts: better handle WM_CLASS setting
 * Linux guests: fixed kernel module compilation and other problems with
                 Linux kernel 4.14
 * Linux guests: fixed various 5.2.0 regressions
 * Bridged networking: fixed duplicate EtherType in VLAN/priority tags
                       on Linux (5.2.0 regression)

The full changelog including issue IDs can be found at:

https://www.virtualbox.org/wiki/Changelog

Aside from just bumping the version number I also had to strip 3 levels
of the paths included in the guest-additions patches, because the
version was hardcoded in there and the patches still apply as-is.

I've re-added the stripped path using patchFlags and the -d option of
the patch utility.

Tested this by running all of the tests in the "virtualbox" NixOS VM
test module, here is the URL to the finished evaluation on my Hydra:

https://headcounter.org/hydra/eval/380191

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @NeQuissimus, @orivej, @etu, @vcunat
Issue: https://github.com/NixOS/nixpkgs/issues/31640
Issue: https://github.com/NixOS/nixpkgs/pull/31037
2017-11-24 23:10:57 +01:00
Tim Steinbach 44f1d45833
Merge pull request #31899 from NeQuissimus/docker_17_11
docker-edge: 17.10 -> 17.11
2017-11-22 13:05:49 +00:00
Tuomas Tynkkynen 91d2cf9642 lkl: Supports aarch64
ARMv6 and ARMv7 didn't work when I tried.
2017-11-22 00:01:13 +02:00
Tim Steinbach 3901f08f10
docker-edge: 17.10 -> 17.11 2017-11-21 09:23:48 -05:00
Periklis Tsirakidis 1434c5ed9c fixup! docker-cli: enable darwin support 2017-11-20 20:30:46 +01:00
Periklis Tsirakidis 4a2bd8ed14 fixup! docker-cli: enable darwin support 2017-11-20 20:16:08 +01:00
Periklis Tsirakidis 0f0ffa70a0 docker-cli: enable darwin support 2017-11-20 20:07:00 +01:00
Orivej Desh 4cc5d222ce bochs: fix build with glibc 2.26
Tracking issue: #31696
2017-11-16 13:00:28 +00:00
Orivej Desh 41e0d4b68d vpcs: fix build with glibc 2.26
Tracking issue: #31696
2017-11-16 12:30:39 +00:00
Tim Steinbach dd53d0f1a0
virtualbox: 5.1.26 -> 5.2.0 2017-11-15 10:14:44 -05:00
Orivej Desh b8cc69b31e lkl: 2017-10-18 -> 2017-11-10 2017-11-11 20:25:18 +00:00
Pascal Wittmann 24e87b49b6
Change many homepage urls from http to https #30636 2017-11-10 22:13:46 +01:00
adisbladis 849dd43891
tini: 0.13.1 -> 0.16.1 2017-11-11 01:54:57 +08:00
Vladimír Čunát 18aada9c4c
virtualbox: fixup build with glibc-2.26
Explanation:
https://www.linuxquestions.org/questions/slackware-14/sbo-scripts-not-building-on-current-read-1st-post-pls-4175561999/page46.html#post5753698
2017-11-08 10:00:32 +01:00
José Romildo Malaquias 62204a59c7
Merge branch 'master' into upd.lxqt 2017-11-02 10:27:39 -02:00
José Romildo Malaquias 82e75a0bac Merge branch 'upd.lxqt' of github.com:romildo/nixpkgs into upd.lxqt 2017-11-02 10:22:22 -02:00
José Romildo Malaquias d9f9c0d0d1 qtermwidget: keep version 0.7.1, needed by virt-manager-qt 2017-11-02 10:15:48 -02:00
Peter Hoeg 7c83413a7d virtmanager-qt: 0.43.72 -> 0.45.75 2017-11-02 14:03:58 +08:00
Tim Steinbach 69050c7077
Merge pull request #30896 from NeQuissimus/xen_xsa
xen: 4.8.1 -> 4.8.2; apply XSAs
2017-10-31 07:03:23 -04:00
Herwig Hochleitner 2ede55a37b virtualbox: move extensionPack from meta to passthru 2017-10-29 02:03:46 +02:00
Tim Steinbach 54f8dfda53
xen: Create XSA patch directory 2017-10-28 10:19:12 -04:00
Herwig Hochleitner e05135d80e virtualbox: expose extensionPack in meta
This way it can be added to system.extraDependencies to save it from gc
2017-10-28 15:10:34 +02:00
Franz Pletz b3dc24c8c8
qemu: 2.9.1 -> 2.10.1 2017-10-25 17:49:35 +02:00
Wout Mertens 7144f88c48 open-vm-tools: Fix rebooting on NixOS 2017-10-23 13:59:37 +02:00
Vincent Laporte 1923cabeb4 ocamlPackages: default to 4.04 2017-10-19 17:57:14 +02:00
Tim Steinbach 606487e19c Merge pull request #30522 from NeQuissimus/docker_17_10
docker: add 17.10.0-ce
2017-10-19 07:39:50 -04:00
Joachim Fasting a8a38feeeb
lkl: 2017-08-09 -> 2017-10-18
Based on linux 4.13
2017-10-18 22:11:37 +02:00
Tim Steinbach de3d191b91
docker: add 17.10.0-ce 2017-10-18 08:25:25 -04:00
Tim Steinbach 7fa69c4e8c Merge pull request #30126 from NeQuissimus/rkt_1_29_0
rkt: 1.28.1 -> 1.29.0
2017-10-07 15:45:39 -04:00
Tim Steinbach f192ce9730
rkt: 1.28.1 -> 1.29.0 2017-10-05 09:47:30 -04:00
Orivej Desh fda26c8476 Merge branch 'master' into staging
* master: (271 commits)
  pysmbc: clarify license
  pysmbc: fix license
  bazel: 0.5.4 -> 0.6.0 (#29990)
  googler: init at 3.3
  go: declare support for aarch64
  firefox-beta-bin: 56.0b5 -> 57.0b4
  spotify: 1.0.64.401.g9d720389-21 -> 1.0.64.407.g9bd02c2d-26
  gogs: 0.11.19 -> 0.11.29
  grafana: 4.5.1 -> 4.5.2
  mopidy-iris: 3.4.1 -> 3.4.9
  nextcloud: 12.0.2 -> 12.0.3
  haskell-json-autotype: jailbreak to fix build within LTS 9.x
  kore: fix up
  kore: init at 2.0.0
  glusterfs service: fix issues with useRpcbind
  tig: 2.2.2 -> 2.3.0
  haskell-hspec-core: enable test suite again
  hackage-packages.nix: automatic Haskell package set update
  librsvg: fix thumbnailer path
  awscli: 1.11.108 -> 1.11.162
  ...
2017-10-02 00:22:12 +00:00
Franz Pletz df86f19968
virt-what: init at 1.18 2017-09-29 00:07:37 +02:00
John Ericson f037625f87 Merge remote-tracking branch 'upstream/staging' into deps-reorg 2017-09-28 12:32:57 -04:00
Franz Pletz 536ab403d4
qemu: 2.9.0 -> 2.9.1
Security and bugfix release.
2017-09-28 16:59:41 +02:00
Orivej Desh f1ffca9ac6 docker: fix docker_17_06 build
Broken by #29843
2017-09-28 11:59:53 +02:00
Tim Steinbach 825e417457
docker: add 17.09.0-ce 2017-09-27 08:18:40 -04:00
Peter Hoeg 4f25b7b6b3 open-vm-tools: 10.1.0 -> 10.1.10 2017-09-25 09:41:29 +08:00
John Ericson ed14223f8c treewide: Manual fix more pkg-config build-inputs 2017-09-21 15:49:54 -04:00
John Ericson 531e4b80c9 misc pkgs: Basic sed to get fix pkgconfig and autoreconfHook buildInputs
Only acts on one-line dependency lists.
2017-09-21 15:49:53 -04:00
Vincent Demeester 19ba982b40
runc: 1.0.0-rc3 -> 1.0.0-rc4
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-09-19 11:55:01 +02:00
Bjørn Forsman 67c70aa581 OVMF: add 'src' attribute
No functional change, but allows getting the source via the standard
attribute: `nix-build -A OVMF.src`.
2017-09-13 17:30:28 +02:00
Tuomas Tynkkynen 84544c5bc2 seabios: Only works on x86
https://hydra.nixos.org/build/60949790
2017-09-13 15:18:15 +03:00
Michael Weiss 6373c9606d vpcs: init at 0.8 2017-09-11 18:54:30 +02:00
Michael Weiss 1011c76598 dynamips: init at 0.2.17 2017-09-11 15:17:56 +02:00
Tim Steinbach 054ed6abc3 Merge pull request #29042 from NeQuissimus/docker_17_06_2
docker: 17.06.1-ce -> 17.06.2-ce
2017-09-06 15:04:22 -04:00
Tim Steinbach 8bd1a220d9
docker: 17.06.1-ce -> 17.06.2-ce 2017-09-05 19:57:29 -04:00
Jaka Hudoklin 3ca311d74d spice-vdagent: systemd-logind integration
This change adds systemd as dependency to enable user session
integration with systemd-logind
2017-09-03 16:14:17 +02:00
Heitham Omar 6dcc77bdb8 docker: add libseccomp to build 2017-08-30 20:28:43 +02:00
Tim Steinbach 693d2403f1 docker-edge: 17.06 -> 17.07 2017-08-30 13:04:45 +02:00
Tim Steinbach 52b56bf02d
containerd: 0.2.5 -> 0.2.9 2017-08-28 20:22:00 -04:00
Robin Gloster 815cffc3f2
docker-distribution: 2.6.0 -> 2.6.2 2017-08-28 12:54:41 +02:00
Jörg Thalheim 0f789e7a0c Merge pull request #28618 from lheckemann/edk2-2017
edk2: 2014-12-10 -> UDK2017
2017-08-28 11:03:47 +01:00
Linus Heckemann f6afe064a0 edk2: 2014-12-10 -> UDK2017 2017-08-27 19:41:10 +01:00
Tim Steinbach 5b1134cb79
docker: 17.06.0-ce -> 17.06.1-ce 2017-08-18 16:39:43 -04:00
Matthew Bauer 725f7ca2ef coreboot: use https for homepage 2017-08-17 15:04:37 -07:00
Tim Jäger 0c1c3d2b99 qemu: fix HDA recording latency
Very long latency occurs for audio inputs when simulating an Intel HDA device.

Patch courtesy of Volker Rümeling.
https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03336.html
2017-08-16 09:48:49 +02:00
Frederik Rietdijk 13bbaee21d Merge pull request #27881 from mimadrid/fix/http-https
Update homepage attributes: http -> https
2017-08-13 21:53:20 +02:00
Frederik Rietdijk 7ebcd39a0f Merge commit '4c49205' into HEAD 2017-08-13 18:34:59 +02:00
Franz Pletz 9ac5525f87
virtmanager: 1.4.1 -> 1.4.2 2017-08-12 11:05:22 +02:00
Joachim F 9dfc290027 Merge pull request #28045 from roberth/fix-xen-216-qemuu
xen-4.8: update changed patch hash
2017-08-11 20:08:52 +00:00
Domen Kožar 486e1c3c16 Merge pull request #27998 from davidak/macOS
replace "Mac OS X" and "OS X" with "macOS"
2017-08-11 13:01:36 +02:00
Robin Gloster 700f7614cd Partly revert "python.buildEnv: only wrap executables"
This partly reverts commit 4495bfe138.

The xen changes should not have been commited.

(cherry picked from commit 206a4c9aba)
2017-08-10 19:28:07 +02:00
Frederik Rietdijk 9f73f22c64 Merge commit 'b1f5305abd7b1b3d7ed180d9d00301da6e323e41' into HEAD 2017-08-10 19:26:16 +02:00
Robin Gloster 206a4c9aba
Partly revert "python.buildEnv: only wrap executables"
This partly reverts commit 4495bfe138.

The xen changes should not have been commited.
2017-08-10 12:55:46 +02:00
Frederik Rietdijk b0c30f436e Merge remote-tracking branch 'upstream/master' into HEAD 2017-08-10 10:41:23 +02:00
Dan Peebles ed55bdb501 lkl: 2017-06-27 -> 2017-08-09
Just bumping the package version to pick up a bugfix.

Fixes #28055
2017-08-09 14:23:27 +00:00
Robin Gloster 4495bfe138
python.buildEnv: only wrap executables 2017-08-09 15:07:03 +02:00
Robert Hensing 57506bbb28 xen-4.8: update changed patch hash 2017-08-08 17:40:50 +00:00
davidak 3270aa896b replace "Mac OS X" and "OS X" with "macOS"
as it is the official name since 2016

https://en.wikipedia.org/wiki/Macintosh_operating_systems#Desktop

exception are parts refering to older versions of macOS like

"GUI support for Mac OS X 10.6 - 10.12. Note that Emacs 23 and later [...]"
2017-08-07 21:41:30 +02:00
Tim Steinbach d3203c7876 Merge pull request #27938 from NeQuissimus/rkt_1_28_1
rkt: 1.28.0 -> 1.28.1
2017-08-04 22:18:56 -04:00
Benno Fünfstück 268374cafe docker: update runc commit
This updates to the new runc as was also done upstream:

f3ef17e47d

In particular, it fixes an issue where output of interactive docker containers
would not reset correctly to the beginning of a line.
2017-08-04 23:04:08 +02:00
Tim Steinbach 92461b8f9c
rkt: 1.28.0 -> 1.28.1 2017-08-04 12:06:00 -04:00
mimadrid 09e0cc7cc7
Update homepage attributes: http -> https
Homepage link "http://.../" is a permanent redirect to "https://.../" and should be updated
https://repology.org/repository/nix_stable/problems
2017-08-03 11:56:15 +02:00
Silvan Mosberger f5fa5fa4d6 pkgs: refactor needless quoting of homepage meta attribute (#27809)
* pkgs: refactor needless quoting of homepage meta attribute

A lot of packages are needlessly quoting the homepage meta attribute
(about 1400, 22%), this commit refactors all of those instances.

* pkgs: Fixing some links that were wrongfully unquoted in the previous
commit

* Fixed some instances
2017-08-01 22:03:30 +02:00
Frederik Rietdijk 740d76371e Merge commit 'ba68231273bea4cba01413fd2a0e56d68db9234c' into HEAD 2017-07-31 09:12:15 +02:00
Robin Gloster 88ca4724b2
virtualboxGuestAdditions: fix hash 2017-07-30 13:29:57 +02:00
Frederik Rietdijk b2608b8910 Merge remote-tracking branch 'upstream/master' into HEAD 2017-07-29 13:08:11 +02:00
Tim Steinbach 321438d786
rkt: 1.27.0 -> 1.28.0 2017-07-29 00:16:44 -04:00
Franz Pletz b116fa5ff2
Merge branch 'master' into staging 2017-07-28 16:08:30 +02:00
Tim Steinbach 147477b048
virtualbox: 5.1.24 -> 5.1.26
Fix #27666
2017-07-27 22:14:17 -04:00
John Ericson 9be40841ea Merge remote-tracking branch 'upstream/master' into staging-base
Conflicts:
	pkgs/build-support/cc-wrapper/default.nix
	pkgs/build-support/gcc-wrapper-old/builder.sh
	pkgs/build-support/trivial-builders.nix
	pkgs/desktops/kde-4.14/kde-package/default.nix
	pkgs/development/compilers/openjdk-darwin/8.nix
	pkgs/development/compilers/openjdk-darwin/default.nix
	pkgs/development/compilers/openjdk/7.nix
	pkgs/development/compilers/openjdk/8.nix
	pkgs/development/compilers/oraclejdk/jdk-linux-base.nix
	pkgs/development/compilers/zulu/default.nix
	pkgs/development/haskell-modules/generic-builder.nix
	pkgs/misc/misc.nix
	pkgs/stdenv/generic/builder.sh
	pkgs/stdenv/generic/setup.sh
2017-07-26 13:46:04 -04:00
Tim Steinbach ee6edb8af5
virtualbox: 5.1.22 -> 5.1.24 2017-07-23 22:22:33 -04:00
Frederik Rietdijk 29f91c107f Merge remote-tracking branch 'upstream/master' into HEAD 2017-07-23 11:23:43 +02:00
Thomas Tuegel fe800447c2
qemu: unset CPP
Commit 093cc00cdd sets the environment variable
`CPP' by default, but this interferes with dependency calculation.
2017-07-21 16:49:24 -05:00
Vincent Demeester 19325558f1 Fix docker packaging without sandbox
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-07-21 10:00:47 +02:00
AndersonTorres a3aa0ba18b bochs: 2.6.8 -> 2.6.9 2017-07-15 08:53:15 -03:00
Vincent Demeester ec570448a0
docker-ce: 17.03.02-ce -> 17.06.0-ce
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-07-10 09:58:32 +02:00
aszlig 12ee0fbd88
virtualbox: Add patch for Linux 4.12
Compiling the kernel modules on Linux 4.12 fails, so I've included an
upstream patch from:

https://www.virtualbox.org/changeset/66927/vbox

The patch is applied against the guest additions as well, where we need
to transform the patch a bit so that we get CR LF line endings (DOS
format), which is what is the case for the guest additions ISO.

I've tested this with all the subtests of the "virtualbox" NixOS VM
tests and they all succeed on x86_64-linux.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-07-04 20:08:42 +02:00
Joachim F a8ba50db3e Merge pull request #26492 from michalpalka/new-xen
xen_4_8: init at 4.8.1
2017-06-30 20:27:04 +01:00
Tim Steinbach 4cc729644e Merge pull request #26867 from michalpalka/xen-security-2017.06-new
xen: patch for XSAs: 216, 217, 218, 219, 220, 221, 222, and 224
2017-06-28 22:43:46 -04:00
Tim Steinbach fb8a66dcc9 Merge pull request #26945 from NeQuissimus/virtualbox_32bit
virtualbox: Add ability to disable 32-bit guest support
2017-06-28 22:32:12 -04:00
Tim Steinbach 312c2f7961
virtualbox: Add ability to disable 32-bit guest support 2017-06-28 22:24:19 -04:00
Joachim Fasting 0bc3429e77
lkl: 2017-03-24 -> 2017-06-27
Now based on Linux 4.11
2017-06-28 20:14:00 +02:00
Tim Steinbach add90948bc
docker: 17.03.1-ce -> 17.03.2-ce 2017-06-28 12:49:59 -04:00
Michał Pałka 7b5d72ce04 xen: patch for XSAs: 216, 217, 218, 219, 220, 221, 222, and 224 (xen 4.8)
This commit contains security patches for xen 4.8. The patches
for XSA-216 applied to the kernel are omitted, as they are part of
80e0cda7ff.

XSA-216 Issue Description:

> The block interface response structure has some discontiguous fields.
> Certain backends populate the structure fields of an otherwise
> uninitialized instance of this structure on their stacks, leaking
> data through the (internal or trailing) padding field.

More: https://xenbits.xen.org/xsa/advisory-216.html

XSA-217 Issue Description:

> Domains controlling other domains are permitted to map pages owned by
> the domain being controlled.  If the controlling domain unmaps such a
> page without flushing the TLB, and if soon after the domain being
> controlled transfers this page to another PV domain (via
> GNTTABOP_transfer or, indirectly, XENMEM_exchange), and that third
> domain uses the page as a page table, the controlling domain will have
> write access to a live page table until the applicable TLB entry is
> flushed or evicted.  Note that the domain being controlled is
> necessarily HVM, while the controlling domain is PV.

More: https://xenbits.xen.org/xsa/advisory-217.html

XSA-218 Issue Description:

> We have discovered two bugs in the code unmapping grant references.
>
> * When a grant had been mapped twice by a backend domain, and then
> unmapped by two concurrent unmap calls, the frontend may be informed
> that the page had no further mappings when the first call completed rather
> than when the second call completed.
>
> * A race triggerable by an unprivileged guest could cause a grant
> maptrack entry for grants to be "freed" twice.  The ultimate effect of
> this would be for maptrack entries for a single domain to be re-used.

More: https://xenbits.xen.org/xsa/advisory-218.html

XSA-219 Issue Description:

> When using shadow paging, writes to guest pagetables must be trapped and
> emulated, so the shadows can be suitably adjusted as well.
>
> When emulating the write, Xen maps the guests pagetable(s) to make the final
> adjustment and leave the guest's view of its state consistent.
>
> However, when mapping the frame, Xen drops the page reference before
> performing the write.  This is a race window where the underlying frame can
> change ownership.
>
> One possible attack scenario is for the frame to change ownership and to be
> inserted into a PV guest's pagetables.  At that point, the emulated write will
> be an unaudited modification to the PV pagetables whose value is under guest
> control.

More: https://xenbits.xen.org/xsa/advisory-219.html

XSA-220 Issue Description:

> Memory Protection Extensions (MPX) and Protection Key (PKU) are features in
> newer processors, whose state is intended to be per-thread and context
> switched along with all other XSAVE state.
>
> Xen's vCPU context switch code would save and restore the state only
> if the guest had set the relevant XSTATE enable bits.  However,
> surprisingly, the use of these features is not dependent (PKU) or may
> not be dependent (MPX) on having the relevant XSTATE bits enabled.
>
> VMs which use MPX or PKU, and context switch the state manually rather
> than via XSAVE, will have the state leak between vCPUs (possibly,
> between vCPUs in different guests).  This in turn corrupts state in
> the destination vCPU, and hence may lead to weakened protections
>
> Experimentally, MPX appears not to make any interaction with BND*
> state if BNDCFGS.EN is set but XCR0.BND{CSR,REGS} are clear.  However,
> the SDM is not clear in this case; therefore MPX is included in this
> advisory as a precaution.

More: https://xenbits.xen.org/xsa/advisory-220.html

XSA-221 Issue Description:

> When polling event channels, in general arbitrary port numbers can be
> specified.  Specifically, there is no requirement that a polled event
> channel ports has ever been created.  When the code was generalised
> from an earlier implementation, introducing some intermediate
> pointers, a check should have been made that these intermediate
> pointers are non-NULL.  However, that check was omitted.

More: https://xenbits.xen.org/xsa/advisory-221.html

XSA-222 Issue Description:

> Certain actions require removing pages from a guest's P2M
> (Physical-to-Machine) mapping.  When large pages are in use to map
> guest pages in the 2nd-stage page tables, such a removal operation may
> incur a memory allocation (to replace a large mapping with individual
> smaller ones).  If this allocation fails, these errors are ignored by
> the callers, which would then continue and (for example) free the
> referenced page for reuse.  This leaves the guest with a mapping to a
> page it shouldn't have access to.
>
> The allocation involved comes from a separate pool of memory created
> when the domain is created; under normal operating conditions it never
> fails, but a malicious guest may be able to engineer situations where
> this pool is exhausted.

More: https://xenbits.xen.org/xsa/advisory-222.html

XSA-224 Issue Description:

> We have discovered a number of bugs in the code mapping and unmapping
> grant references.
>
> * If a grant is mapped with both the GNTMAP_device_map and
> GNTMAP_host_map flags, but unmapped only with host_map, the device_map
> portion remains but the page reference counts are lowered as though it
> had been removed. This bug can be leveraged cause a page's reference
> counts and type counts to fall to zero while retaining writeable
> mappings to the page.
>
> * Under some specific conditions, if a grant is mapped with both the
> GNTMAP_device_map and GNTMAP_host_map flags, the operation may not
> grab sufficient type counts.  When the grant is then unmapped, the
> type count will be erroneously reduced.  This bug can be leveraged
> cause a page's reference counts and type counts to fall to zero while
> retaining writeable mappings to the page.
>
> * When a grant reference is given to an MMIO region (as opposed to a
> normal guest page), if the grant is mapped with only the
> GNTMAP_device_map flag set, a mapping is created at host_addr anyway.
> This does *not* cause reference counts to change, but there will be no
> record of this mapping, so it will not be considered when reporting
> whether the grant is still in use.

More: https://xenbits.xen.org/xsa/advisory-224.html
2017-06-27 12:02:59 +00:00
Michał Pałka 9e6bfbb2f9 xen_4_8: init at 4.8.1
This commit adds the xen_4_8 package to be used instead of
xen (currently at 4.5.5):
 * Add packages xen_4_8, xen_4_8-slim and xen_4_8-light
 * Add packages qemu_xen_4_8 and qemu_xen_4_8-light to be used
   with xen_4_8-slim and xen_4_8-light respectively.
 * Add systemd to buildInputs of xen (it is required by oxenstored)
 * Adapt xen service to work with the new version of xen
 * Use xen-init-dom0 to initlilise dom0 in xen-store
 * Currently, the virtualisation.xen.stored option is ignored
   if xen 4.8 is used
2017-06-27 12:01:53 +00:00
Michał Pałka 80e0cda7ff xen: patch for XSAs: 216, 217, 218, 219, 220, 221, 222, and 224
XSA-216 Issue Description:

> The block interface response structure has some discontiguous fields.
> Certain backends populate the structure fields of an otherwise
> uninitialized instance of this structure on their stacks, leaking
> data through the (internal or trailing) padding field.

More: https://xenbits.xen.org/xsa/advisory-216.html

XSA-217 Issue Description:

> Domains controlling other domains are permitted to map pages owned by
> the domain being controlled.  If the controlling domain unmaps such a
> page without flushing the TLB, and if soon after the domain being
> controlled transfers this page to another PV domain (via
> GNTTABOP_transfer or, indirectly, XENMEM_exchange), and that third
> domain uses the page as a page table, the controlling domain will have
> write access to a live page table until the applicable TLB entry is
> flushed or evicted.  Note that the domain being controlled is
> necessarily HVM, while the controlling domain is PV.

More: https://xenbits.xen.org/xsa/advisory-217.html

XSA-218 Issue Description:

> We have discovered two bugs in the code unmapping grant references.
>
> * When a grant had been mapped twice by a backend domain, and then
> unmapped by two concurrent unmap calls, the frontend may be informed
> that the page had no further mappings when the first call completed rather
> than when the second call completed.
>
> * A race triggerable by an unprivileged guest could cause a grant
> maptrack entry for grants to be "freed" twice.  The ultimate effect of
> this would be for maptrack entries for a single domain to be re-used.

More: https://xenbits.xen.org/xsa/advisory-218.html

XSA-219 Issue Description:

> When using shadow paging, writes to guest pagetables must be trapped and
> emulated, so the shadows can be suitably adjusted as well.
>
> When emulating the write, Xen maps the guests pagetable(s) to make the final
> adjustment and leave the guest's view of its state consistent.
>
> However, when mapping the frame, Xen drops the page reference before
> performing the write.  This is a race window where the underlying frame can
> change ownership.
>
> One possible attack scenario is for the frame to change ownership and to be
> inserted into a PV guest's pagetables.  At that point, the emulated write will
> be an unaudited modification to the PV pagetables whose value is under guest
> control.

More: https://xenbits.xen.org/xsa/advisory-219.html

XSA-220 Issue Description:

> Memory Protection Extensions (MPX) and Protection Key (PKU) are features in
> newer processors, whose state is intended to be per-thread and context
> switched along with all other XSAVE state.
>
> Xen's vCPU context switch code would save and restore the state only
> if the guest had set the relevant XSTATE enable bits.  However,
> surprisingly, the use of these features is not dependent (PKU) or may
> not be dependent (MPX) on having the relevant XSTATE bits enabled.
>
> VMs which use MPX or PKU, and context switch the state manually rather
> than via XSAVE, will have the state leak between vCPUs (possibly,
> between vCPUs in different guests).  This in turn corrupts state in
> the destination vCPU, and hence may lead to weakened protections
>
> Experimentally, MPX appears not to make any interaction with BND*
> state if BNDCFGS.EN is set but XCR0.BND{CSR,REGS} are clear.  However,
> the SDM is not clear in this case; therefore MPX is included in this
> advisory as a precaution.

More: https://xenbits.xen.org/xsa/advisory-220.html

XSA-221 Issue Description:

> When polling event channels, in general arbitrary port numbers can be
> specified.  Specifically, there is no requirement that a polled event
> channel ports has ever been created.  When the code was generalised
> from an earlier implementation, introducing some intermediate
> pointers, a check should have been made that these intermediate
> pointers are non-NULL.  However, that check was omitted.

More: https://xenbits.xen.org/xsa/advisory-221.html

XSA-222 Issue Description:

> Certain actions require removing pages from a guest's P2M
> (Physical-to-Machine) mapping.  When large pages are in use to map
> guest pages in the 2nd-stage page tables, such a removal operation may
> incur a memory allocation (to replace a large mapping with individual
> smaller ones).  If this allocation fails, these errors are ignored by
> the callers, which would then continue and (for example) free the
> referenced page for reuse.  This leaves the guest with a mapping to a
> page it shouldn't have access to.
>
> The allocation involved comes from a separate pool of memory created
> when the domain is created; under normal operating conditions it never
> fails, but a malicious guest may be able to engineer situations where
> this pool is exhausted.

More: https://xenbits.xen.org/xsa/advisory-222.html

XSA-224 Issue Description:

> We have discovered a number of bugs in the code mapping and unmapping
> grant references.
>
> * If a grant is mapped with both the GNTMAP_device_map and
> GNTMAP_host_map flags, but unmapped only with host_map, the device_map
> portion remains but the page reference counts are lowered as though it
> had been removed. This bug can be leveraged cause a page's reference
> counts and type counts to fall to zero while retaining writeable
> mappings to the page.
>
> * Under some specific conditions, if a grant is mapped with both the
> GNTMAP_device_map and GNTMAP_host_map flags, the operation may not
> grab sufficient type counts.  When the grant is then unmapped, the
> type count will be erroneously reduced.  This bug can be leveraged
> cause a page's reference counts and type counts to fall to zero while
> retaining writeable mappings to the page.
>
> * When a grant reference is given to an MMIO region (as opposed to a
> normal guest page), if the grant is mapped with only the
> GNTMAP_device_map flag set, a mapping is created at host_addr anyway.
> This does *not* cause reference counts to change, but there will be no
> record of this mapping, so it will not be considered when reporting
> whether the grant is still in use.

More: https://xenbits.xen.org/xsa/advisory-224.html
2017-06-26 07:01:24 +00:00
Tim Steinbach 328617accd
rkt: 1.26.0 -> 1.27.0 2017-06-23 19:24:19 -04:00
aszlig 63fb845fcf
virtualbox: Rebase hardened.patch on top of 5.1.22
The merge of the version bump in
6fb9f89238 didn't take care of our patch
for the hardening mode and thus enabling VirtualBox without also
force-disabling hardening mode will result in a build error.

While the patch is largely identical with the old version, I've removed
one particular change around the following code:

    if (pFsObjState->Stat.st_mode & S_IWOTH)
        return supR3HardenedSetError3(VERR_SUPLIB_WORLD_WRITABLE, pErrInfo,
                                      "World writable: '", pszPath, "'");

In the old version of the patch we have checked whether the path is
within the Nix store and suppressed the error return if that's the case.

The reason why I did that in the first place was because we had a bunch
of symlinks which were writable.

In VirtualBox 5.1.22 the code specifically checks whether the file is a
symlink, so we can safely drop our change.

Tested via all of the "virtualbox" NixOS VM subtests and they now all
succeed.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-06-23 05:48:54 +02:00
Tim Steinbach 6fb9f89238 Merge pull request #25368 from bachp/virtualbox-5.1.22
virtualbox: 5.1.18 -> 5.1.22
2017-06-22 21:23:47 -04:00
Peter Hoeg 63011015b9 virtmanager-qt: 0.43.70.2 -> 0.43.72 2017-06-19 19:26:19 +08:00
Thomas Tuegel c816bbc8a8
qt5: remove makeQtWrapper 2017-06-18 08:44:42 -05:00
Jörg Thalheim f2e1e7f3cd Merge pull request #26503 from vdemeester/update-runc
Update runc to 1.0.0-rc3
2017-06-10 22:48:03 +01:00
Vincent Demeester 46b00e0b15
Update runc to 1.0.0-rc3
- Fix compilation problems
- Remove patches as those are included in the sources now

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-10 18:05:57 +02:00
Graham Christensen 7d8218a351 Merge pull request #26489 from michalpalka/xen-security
xen: patch for XSAs: 206, 211, 212, 213, 214 and 215
2017-06-09 09:31:42 -04:00
Michał Pałka dd3dcceb23 xen: patch for XSAs: 206, 211, 212, 213, 214 and 215
XSA-206 Issue Description:

> xenstored supports transactions, such that if writes which would
> invalidate assumptions of a transaction occur, the entire transaction
> fails.  Typical response on a failed transaction is to simply retry
> the transaction until it succeeds.
>
> Unprivileged domains may issue writes to xenstore which conflict with
> transactions either of the toolstack or of backends such as the driver
> domain. Depending on the exact timing, repeated writes may cause
> transactions made by these entities to fail indefinitely.

More: https://xenbits.xen.org/xsa/advisory-206.html

XSA-211 Issue Description:

> When a graphics update command gets passed to the VGA emulator, there
> are 3 possible modes that can be used to update the display:
>
> * blank - Clears the display
> * text - Treats the display as showing text
> * graph - Treats the display as showing graphics
>
> After the display geometry gets changed (i.e., after the CIRRUS VGA
> emulation has resized the display), the VGA emulator will resize the
> console during the next update command. However, when a blank mode is
> also selected during an update, this resize doesn't happen. The resize
> will be properly handled during the next time a non-blank mode is
> selected during an update.
>
> However, other console components - such as the VNC emulation - will
> operate as though this resize had happened. When the display is
> resized to be larger than before, this can result in a heap overflow
> as console components will expect the display buffer to be larger than
> it is currently allocated.

More: https://xenbits.xen.org/xsa/advisory-211.html

XSA-212 Issue Description:

> The XSA-29 fix introduced an insufficient check on XENMEM_exchange
> input, allowing the caller to drive hypervisor memory accesses outside
> of the guest provided input/output arrays.

More: https://xenbits.xen.org/xsa/advisory-212.html

XSA-213 Issue Description:

> 64-bit PV guests typically use separate (root) page tables for their
> kernel and user modes.  Hypercalls are accessible to guest kernel
> context only, which certain hypercall handlers make assumptions on.
> The IRET hypercall (replacing the identically name CPU instruction)
> is used by guest kernels to transfer control from kernel mode to user
> mode.  If such an IRET hypercall is placed in the middle of a multicall
> batch, subsequent operations invoked by the same multicall batch may
> wrongly assume the guest to still be in kernel mode.  If one or more of
> these subsequent operations involve operations on page tables, they may
> be using the wrong root page table, confusing internal accounting.  As
> a result the guest may gain writable access to some of its page tables.

More: https://xenbits.xen.org/xsa/advisory-213.html

XSA-214 Issue Description:

> The GNTTABOP_transfer operation allows one guest to transfer a page to
> another guest.  The internal processing of this, however, does not
> include zapping the previous type of the page being transferred.  This
> makes it possible for a PV guest to transfer a page previously used as
> part of a segment descriptor table to another guest while retaining the
> "contains segment descriptors" property.
>
> If the destination guest is a PV one of different bitness, it may gain
> access to segment descriptors it is not normally allowed to have, like
> 64-bit code segments in a 32-bit PV guest.
>
> If the destination guest is a HVM one, that guest may freely alter the
> page contents and then hand the page back to the same or another PV
> guest.
>
> In either case, if the destination PV guest then inserts that page into
> one of its own descriptor tables, the page still having the designated
> type results in validation of its contents being skipped.

More: https://xenbits.xen.org/xsa/advisory-214.html

XSA-215 Issue Description:

> Under certain special conditions Xen reports an exception resulting
> from returning to guest mode not via ordinary exception entry points,
> but via a so call failsafe callback.  This callback, unlike exception
> handlers, takes 4 extra arguments on the stack (the saved data
> selectors DS, ES, FS, and GS).  Prior to placing exception or failsafe
> callback frames on the guest kernel stack, Xen checks the linear
> address range to not overlap with hypervisor space.  The range spanned
> by that check was mistakenly not covering these extra 4 slots.

More: https://xenbits.xen.org/xsa/advisory-215.html
2017-06-09 13:09:01 +00:00
Vladimír Čunát cc9a72a286
virtualboxGuestAdditions: don't install setuid/setgid 2017-06-09 13:09:21 +02:00
Michał Pałka 965668903a xen: fix pygrub by making sure it is wrapped
Recent commit #c10af9e744c91dff1ccc07a52a0b57d1e4d339f3 changed the
behaviour of wrapPythonPrograms, which caused pygrub to no longer
being wrapped. This commit fixes this.
2017-06-09 06:22:03 +00:00
midchildan 7060a692c5
virtmanager: Fix python import error 2017-06-05 23:42:25 +09:00
Robin Gloster 13f2f8673b
OVMF: fix build
$fd for the output was overwritten during the build
2017-05-29 12:21:17 +02:00
Tim Steinbach 9237459d60
rkt: 1.25.0 -> 1.26.0 2017-05-25 18:13:54 -04:00
Joachim Fasting 49ecd62c08
lkl: split outputs
Breaking out lib allows users to link against lkl without pulling the
kitchen sink into their closure.
2017-05-24 01:07:26 +02:00
Joachim Fasting e0b623a56d
lkl: break description into longDescription and a briefer descr 2017-05-24 01:07:24 +02:00
Joachim Fasting 8c8f40a128
lkl: d747073 -> 2017-03-24
- Moves to a more recent kernel (4.10, I think ...)
- API break re the previous version
- cptofs: fix root directory copy
- add support for disks with custom ops
- add LKL_HIJACK_NET_QDISC to configure qdisc policy
- add LKL_HIJACK_SYSCTL to configure sysctl values
2017-05-24 01:07:23 +02:00
Joachim Fasting e983d4306e
lkl: bc & python are native build inputs 2017-05-24 01:07:22 +02:00
Joachim Fasting e845495edb
lkl: add meta.homepage 2017-05-24 01:07:14 +02:00
Peter Hoeg 5b45342832 virtmanager-qt: 0.43.70 -> 0.43.70.2 2017-05-23 17:54:20 +08:00
Joachim F 07ceaa2ec8 Merge pull request #25896 from joachifm/ovmf
ovmf: split firmware image files
2017-05-21 14:48:29 +01:00
Joachim Fasting 874b81b31f
treewide: s,enableParallelBuild(s),enableParallelBuilding,g 2017-05-20 17:16:17 +02:00
Joachim Fasting 252dcd62f3
OVMF: separate output for ovmf binaries
OVMF{,CODE,VARS}.fd are now available in a dedicated fd output, greatly
reducing the closure in the common case where only those files are used (a
few MBs versus several hundred MBs for the full OVMF).

Note: it's unclear why `dontPatchELF` is now necessary for the build to
pass (on my end, at any rate) but it doesn't make much sense to run this
fixup anyway,

Note: my reading of xen's INSTALL suggests that --with-system-ovmf should
point directly to the OVMF binary.  As such, the previous invocation was
incorrect (it pointed to the root of the OVMF tree).  In any case, I have
only built xen with `--with-system-ovmf`, I have not tested it.

Fixes https://github.com/NixOS/nixpkgs/issues/25854
Closes https://github.com/NixOS/nixpkgs/pull/25855
2017-05-20 12:33:48 +02:00
Jörg Thalheim 618f9aa52c
docker-proxy: remove go references
related to #25861
2017-05-17 22:14:34 +01:00
Peter Hoeg 68f335c6cd virtmanager-qt: 0.42.67 -> 0.43.70 2017-05-14 11:21:51 +08:00
Vincent Demeester 398f6ed7d3
docker-edge: 17.04 to 17.05
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-05-09 10:11:05 +02:00
Frederik Rietdijk ef4442e827 Python: replace requests2 with requests tree-wide
See f63eb58573

The `requests2` attribute now throws an error informing that `requests`
should be used instead.
2017-05-07 12:56:09 +02:00