3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

110182 commits

Author SHA1 Message Date
Franz Pletz 271d3f7a43
prometheus service: globalConfig.labels is obsolete
Due to the version bump in e60c958811.
2017-06-27 01:53:03 +02:00
Franz Pletz b8bfc8dae2
httpd: don't install suid executables into nix store 2017-06-27 01:51:18 +02:00
WilliButz 72ed360277 freeradius: 3.0.12 -> 3.0.14 (#26874) 2017-06-27 01:44:00 +02:00
Frederik Rietdijk 9dbfd87ab6 Merge pull request #26849 from vbgl/skrooge-2.8
skrooge: 2.7.0 -> 2.8.1
2017-06-26 22:23:36 +02:00
Frederik Rietdijk 25b12febee Merge pull request #26857 from jerith666/krfb-qtx11extras
krfb: add new qtx11extras dependency
2017-06-26 22:16:28 +02:00
Daniel Peebles 2dc0eaf0f1 Merge pull request #26797 from LnL7/erlang-versions
erlang: remove erlangR16 and all versioned variants from all-packages
2017-06-26 16:04:28 -04:00
Daiderd Jordan 1389f28cd0 Merge pull request #26804 from LnL7/erlangR19
erlang: change default to R19
2017-06-26 22:00:03 +02:00
Robert Vollmert c3da83cd40 v8_3_16_14: fix OS X build
Issues addressed:
- xcode build failed with
    ... was built for newer OSX version (10.10) than being linked (10.5)
  fixed by setting GYP mac deployment target to the nix value
- a gyp bug when SDKROOT is not set (and removed an orphaned gyp patch
- path to python in generated gyp-mac-tool
- noisy build due to static assert warnings, by silencing warnings
- use of system xcodebuild and libtool replaced by darwin.cctools
2017-06-26 21:28:43 +02:00
Jörg Thalheim 2da82a1d19 racerd: 2016-12-24 -> 2017-02-17 2017-06-26 20:22:09 +01:00
Michael Zaccari 107fabf41c jruby: 9.0.5.0 -> 9.1.5.0 2017-06-26 14:45:15 -04:00
Vladimír Čunát ce8178ed93
qtinstaller: fix broken meta
The invalid meta.outputsToInstall has been blocking channel updates.
https://mailman.science.uu.nl/pipermail/nix-dev/2017-June/023991.html
2017-06-26 19:47:19 +02:00
Vincent Laporte 456089b74d ocamlPackages.mlgmp: disable for OCaml ≥ 4.03 2017-06-26 19:38:47 +02:00
Vincent Laporte ac83ef3994 glsurf: 3.3 -> 3.3.1 2017-06-26 19:24:33 +02:00
Jörg Thalheim a9ba1e101e rustNightlyBin: 2017-05-30 -> 2017-06-26 2017-06-26 15:18:55 +01:00
Tim Steinbach c90a4b8541
linux: 4.12-rc6 -> 4.12-rc7 2017-06-26 09:58:37 -04:00
Nick Hu 24156c64b4 dfhack: 0.43.05-alpha4 -> 0.43.05-r1 2017-06-26 10:18:55 +01:00
Lancelot SIX 1b792b4edf
nano: 2.8.4 -> 2.8.5
See http://lists.gnu.org/archive/html/info-gnu/2017-06/msg00012.html
for release information.
2017-06-26 11:01:55 +02:00
Jörg Thalheim ff04c361cf Merge pull request #26812 from bramd/fix/brltty-5.5
brltty: 5.4 -> 5.5
2017-06-26 10:01:30 +01:00
Peter Simons 003cd41310 zsh: extend default $fpath configured by NixOS to find "vendor-completions" 2017-06-26 10:50:52 +02:00
tv ea44ca47f3 security-wrapper: run activation script after specialfs
Ensures that parentWrapperDir exists before it is used.

Closes #26851
2017-06-26 09:26:16 +02:00
Nicolas Truessel 813feae594 chromium: 59.0.3071.86 -> 59.0.3071.109 2017-06-26 09:24:56 +02:00
Franz Pletz b788956239
libcgroup: do not set suid bit in nix store 2017-06-26 09:13:34 +02:00
Emmanuel Rosa 994998e475 thunderbird: 52.2.0 -> 52.2.1 2017-06-26 09:01:45 +02:00
Michał Pałka 80e0cda7ff xen: patch for XSAs: 216, 217, 218, 219, 220, 221, 222, and 224
XSA-216 Issue Description:

> The block interface response structure has some discontiguous fields.
> Certain backends populate the structure fields of an otherwise
> uninitialized instance of this structure on their stacks, leaking
> data through the (internal or trailing) padding field.

More: https://xenbits.xen.org/xsa/advisory-216.html

XSA-217 Issue Description:

> Domains controlling other domains are permitted to map pages owned by
> the domain being controlled.  If the controlling domain unmaps such a
> page without flushing the TLB, and if soon after the domain being
> controlled transfers this page to another PV domain (via
> GNTTABOP_transfer or, indirectly, XENMEM_exchange), and that third
> domain uses the page as a page table, the controlling domain will have
> write access to a live page table until the applicable TLB entry is
> flushed or evicted.  Note that the domain being controlled is
> necessarily HVM, while the controlling domain is PV.

More: https://xenbits.xen.org/xsa/advisory-217.html

XSA-218 Issue Description:

> We have discovered two bugs in the code unmapping grant references.
>
> * When a grant had been mapped twice by a backend domain, and then
> unmapped by two concurrent unmap calls, the frontend may be informed
> that the page had no further mappings when the first call completed rather
> than when the second call completed.
>
> * A race triggerable by an unprivileged guest could cause a grant
> maptrack entry for grants to be "freed" twice.  The ultimate effect of
> this would be for maptrack entries for a single domain to be re-used.

More: https://xenbits.xen.org/xsa/advisory-218.html

XSA-219 Issue Description:

> When using shadow paging, writes to guest pagetables must be trapped and
> emulated, so the shadows can be suitably adjusted as well.
>
> When emulating the write, Xen maps the guests pagetable(s) to make the final
> adjustment and leave the guest's view of its state consistent.
>
> However, when mapping the frame, Xen drops the page reference before
> performing the write.  This is a race window where the underlying frame can
> change ownership.
>
> One possible attack scenario is for the frame to change ownership and to be
> inserted into a PV guest's pagetables.  At that point, the emulated write will
> be an unaudited modification to the PV pagetables whose value is under guest
> control.

More: https://xenbits.xen.org/xsa/advisory-219.html

XSA-220 Issue Description:

> Memory Protection Extensions (MPX) and Protection Key (PKU) are features in
> newer processors, whose state is intended to be per-thread and context
> switched along with all other XSAVE state.
>
> Xen's vCPU context switch code would save and restore the state only
> if the guest had set the relevant XSTATE enable bits.  However,
> surprisingly, the use of these features is not dependent (PKU) or may
> not be dependent (MPX) on having the relevant XSTATE bits enabled.
>
> VMs which use MPX or PKU, and context switch the state manually rather
> than via XSAVE, will have the state leak between vCPUs (possibly,
> between vCPUs in different guests).  This in turn corrupts state in
> the destination vCPU, and hence may lead to weakened protections
>
> Experimentally, MPX appears not to make any interaction with BND*
> state if BNDCFGS.EN is set but XCR0.BND{CSR,REGS} are clear.  However,
> the SDM is not clear in this case; therefore MPX is included in this
> advisory as a precaution.

More: https://xenbits.xen.org/xsa/advisory-220.html

XSA-221 Issue Description:

> When polling event channels, in general arbitrary port numbers can be
> specified.  Specifically, there is no requirement that a polled event
> channel ports has ever been created.  When the code was generalised
> from an earlier implementation, introducing some intermediate
> pointers, a check should have been made that these intermediate
> pointers are non-NULL.  However, that check was omitted.

More: https://xenbits.xen.org/xsa/advisory-221.html

XSA-222 Issue Description:

> Certain actions require removing pages from a guest's P2M
> (Physical-to-Machine) mapping.  When large pages are in use to map
> guest pages in the 2nd-stage page tables, such a removal operation may
> incur a memory allocation (to replace a large mapping with individual
> smaller ones).  If this allocation fails, these errors are ignored by
> the callers, which would then continue and (for example) free the
> referenced page for reuse.  This leaves the guest with a mapping to a
> page it shouldn't have access to.
>
> The allocation involved comes from a separate pool of memory created
> when the domain is created; under normal operating conditions it never
> fails, but a malicious guest may be able to engineer situations where
> this pool is exhausted.

More: https://xenbits.xen.org/xsa/advisory-222.html

XSA-224 Issue Description:

> We have discovered a number of bugs in the code mapping and unmapping
> grant references.
>
> * If a grant is mapped with both the GNTMAP_device_map and
> GNTMAP_host_map flags, but unmapped only with host_map, the device_map
> portion remains but the page reference counts are lowered as though it
> had been removed. This bug can be leveraged cause a page's reference
> counts and type counts to fall to zero while retaining writeable
> mappings to the page.
>
> * Under some specific conditions, if a grant is mapped with both the
> GNTMAP_device_map and GNTMAP_host_map flags, the operation may not
> grab sufficient type counts.  When the grant is then unmapped, the
> type count will be erroneously reduced.  This bug can be leveraged
> cause a page's reference counts and type counts to fall to zero while
> retaining writeable mappings to the page.
>
> * When a grant reference is given to an MMIO region (as opposed to a
> normal guest page), if the grant is mapped with only the
> GNTMAP_device_map flag set, a mapping is created at host_addr anyway.
> This does *not* cause reference counts to change, but there will be no
> record of this mapping, so it will not be considered when reporting
> whether the grant is still in use.

More: https://xenbits.xen.org/xsa/advisory-224.html
2017-06-26 07:01:24 +00:00
Bas van Dijk 35e5719fe9 elasticsearch: 5.4.0 -> 5.4.2 2017-06-26 08:47:28 +02:00
Vincent Laporte 4c0203b094 ocamlPackages.lablgtk_2_14: disable for OCaml ≥ 4.04 2017-06-26 08:39:05 +02:00
Jörg Thalheim 7df83abe85 keepassx-community: 2.1.4 -> 2.2.0 2017-06-26 07:31:44 +01:00
Vincent Laporte 8d8fdce611 ocamlPackages.lablgtk: don’t strip 2017-06-26 08:27:03 +02:00
Vincent Laporte 6b89bcbaa6 ocamlPackages.core_bench: fix on OCaml ≥ 4.03 2017-06-26 07:57:17 +02:00
Vincent Laporte e082162f09 ocamlPackages.type_conv-{108,109}: disable for OCaml ≥ 4.03 2017-06-26 05:02:42 +02:00
Vincent Laporte 41b3b2c077 ocamlPackages.sexplib_p4: disable for OCaml ≥ 4.03 2017-06-26 04:38:49 +02:00
Vincent Laporte 459f17a8d5 ocamlPackages.uri_p4: disable for OCaml ≥ 4.03 2017-06-26 04:10:02 +02:00
Vincent Laporte 7829eb794f ocamlPackages.reason: 1.13.4 -> 2.0.0 2017-06-26 04:10:02 +02:00
Vincent Laporte f0dbe18e9b ocamlPackages.twt: don’t strip 2017-06-26 04:10:02 +02:00
Pascal Bach aa66c9ad37 minio service: add inital service
features:
- change listen port and address
- configure config and data directory
- basic test to check if minio server starts
2017-06-26 04:07:37 +02:00
Pascal Bach e5def4442e minio: 20170316 -> 20170613 2017-06-26 04:07:37 +02:00
Franz Pletz d4002bd6d4 Merge pull request #26863 from cleverca22/update-toxvpn
toxvpn: 20161230 -> 2017-06-25
2017-06-26 03:51:51 +02:00
Franz Pletz d80f2e18c6
uthash: 1.9.9 -> 2.0.2 2017-06-26 03:48:42 +02:00
Franz Pletz edf5cbdc33
librsync: 1.0.0 -> 2.0.0 2017-06-26 03:48:41 +02:00
Franz Pletz 1a7f330335
burp_1_3: remove 2017-06-26 03:48:41 +02:00
Franz Pletz 356bac704a
burp: 1.4.40 -> 2.0.54 2017-06-26 03:48:41 +02:00
Franz Pletz 3156263876
rsync: build with iconv, zlib & popt from nixpkgs
The rsync binary was previously built without iconv support which is needed
for utf-8 conversions on darwin. Fixes #26864.

Additionally rsync used to be built with bundled versions of zlib and popt
that were outdated. This decreases the size of the rsync binary by ~82KB.
2017-06-26 03:48:41 +02:00
Tim Steinbach 1a25495b63
git: 2.13.1 -> 2.13.2 2017-06-25 21:13:23 -04:00
AndersonTorres 0e14a8621d mpv: eliminate config.mpv options
Removing all `config.mpv.*` options will improve readability. MPV has many
configurable options, and using the config approach is prone to confusion and
unnecessary code duplication. If needed, the user can `override` the relevant
variables in the function itself, so no functionality is lost.

Closes issue #26786
2017-06-26 02:51:09 +02:00
taku0 800deb5273 thunderbird: 52.2.0 -> 52.2.1 2017-06-26 09:08:38 +09:00
taku0 22773a20e5 thunderbird-bin: 52.2.0 -> 52.2.1 2017-06-26 09:08:28 +09:00
michael bishop bb16bced36
toxvpn: 20161230 -> 2017-06-25 2017-06-25 20:17:20 -03:00
Pascal Bach 572786387d gitlab-runner: 9.2.0 -> 9.3.0 2017-06-26 01:08:30 +02:00
aszlig bd63daae03
chromium: Add installation of libGLESv2.so
The following errors occur when you start Chromium prior to this commit:

[2534:2534:0625/202928.673160:ERROR:gl_implementation.cc(246)] Failed to
load .../libexec/chromium/swiftshader/libGLESv2.so:
../libexec/chromium/swiftshader/libGLESv2.so: cannot open shared object
file: No such file or directory
[2534:2534:0625/202928.674434:ERROR:gpu_child_thread.cc(174)] Exiting
GPU process due to errors during initialization

While in theory we do not strictly need libGLESv2.so, in practice this
means that the GPU process isn't starting up at all which in turn leads
to crawling rendering performance on some sites.

So let's install all shared libraries in swiftshader.

I've tested this with the chromium.stable NixOS VM test and also locally
on my machine and the errors as well as the performance issues are gone.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-06-25 22:43:25 +02:00
Matt McHenry cbb39f4382 krfb: add new qtx11extras dependency 2017-06-25 15:35:59 -04:00