3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

19192 commits

Author SHA1 Message Date
Kevin Quick 8ff05c85ee Add poly library for manipulating polynomials. 2017-07-06 21:30:30 -07:00
Graham Christensen 665dfda8e4 Merge pull request #27046 from NixOS/revert-26983-i3/allow-custom-configuration
Revert "i3: add `configFile` to enable cutom configuration locations"
2017-07-06 19:39:40 -04:00
Victor Calvert 3ff40547f0 leo-editor: Don't hardcode pythonX.Ym 2017-07-06 18:42:38 -04:00
Victor Calvert 77f8447515 qutebrowser: 0.10.1 -> 0.11.0 2017-07-06 18:41:50 -04:00
Joachim F f834ce36a1 Merge pull request #27176 from mdorman/emacs-updates
Semi-automated Emacs package updates
2017-07-06 23:27:47 +01:00
Linus Heckemann 3f8f8bf5f6 fossil: 1.36 -> 2.2 2017-07-06 23:08:47 +02:00
Michael Alan Dorman 49da250e9c melpa-packages: 2017-07-06
Removals:
 - gregorio-mode: repo no longer exists
2017-07-06 11:15:36 -04:00
Michael Alan Dorman 45d772288e melpa-stable-packages: 2017-07-06 2017-07-06 11:15:36 -04:00
Michael Alan Dorman 47bd753787 org-packages: 2017-07-06 2017-07-06 11:15:33 -04:00
Michael Alan Dorman 54f2ded821 elpa-packages: 2017-07-06 2017-07-06 11:15:30 -04:00
Eelco Dolstra 942422a646
Merge branch 'glibc' of https://github.com/rnhmjoj/nixpkgs into staging 2017-07-06 15:14:57 +02:00
Daniel Brockman 905fff7d3f hsevm: init at 0.3.2 2017-07-06 03:42:07 +02:00
Michael Raskin 05aa2a58db Merge pull request #25600 from johnramsden/nylas-mail
nylas-mail: 2.0.32
2017-07-06 02:04:24 +02:00
John Ramsden 407324faa9
Rename nylas-mail to nylas-mail-bin.
Change pkg in module, and name in pkg.
2017-07-05 16:28:01 -07:00
Michael Raskin bd53744885 Merge pull request #23985 from rht/zcash
zcash: reinit at 1.0.8
2017-07-05 22:27:27 +02:00
Daniel Brockman de6ec55911 seth: 0.5.1 -> 0.5.6 2017-07-05 16:34:31 +02:00
Daniel Brockman 69a8564521 go-ethereum: 1.4.7 -> 1.6.6 2017-07-05 15:58:45 +02:00
Vladimír Čunát 9e1c7ddaae
Merge branch 'master' into staging 2017-07-05 09:53:53 +02:00
Vladimír Čunát 5328aac7be
Merge branch 'staging'
Comparison looks OK; I'll try some fixes on master directly.
http://hydra.nixos.org/eval/1372577?compare=1372497
2017-07-05 08:55:26 +02:00
gnidorah c8eb4d102f rambox: 0.5.9 -> 0.5.10 2017-07-05 04:42:23 +03:00
gnidorah a4c6e02b63 franz: cleanup 2017-07-05 04:42:08 +03:00
Volth b935b21ffd fix regressions where "${repo}-${rev}-scr" pattern was hardcoded 2017-07-04 20:22:13 +00:00
aszlig 12ee0fbd88
virtualbox: Add patch for Linux 4.12
Compiling the kernel modules on Linux 4.12 fails, so I've included an
upstream patch from:

https://www.virtualbox.org/changeset/66927/vbox

The patch is applied against the guest additions as well, where we need
to transform the patch a bit so that we get CR LF line endings (DOS
format), which is what is the case for the guest additions ISO.

I've tested this with all the subtests of the "virtualbox" NixOS VM
tests and they all succeed on x86_64-linux.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-07-04 20:08:42 +02:00
Joachim Fasting f617f30b4c
tor-browser-bundle-bin: communicate with tor over named pipes 2017-07-04 16:25:03 +02:00
Joachim Fasting 92524eb2f1
tor-browser-bundle-bin: 7.0.1 -> 7.0.2 2017-07-04 16:24:55 +02:00
zimbatm 51c481bdcc terraform: 0.9.10 -> 0.9.11 2017-07-04 14:06:33 +01:00
Pascal Wittmann 1e95402803 pdfpc: 4.0.6 -> 4.0.7 2017-07-04 11:34:32 +02:00
Johannes Frankenau 063f110e17 urlscan: 0.8.3 -> 0.8.6 (#27102)
* urlscan: 0.8.3 -> 0.8.6

Moved from python-packages.nix to all-packages.nix because this is not
a Python library but just a Python application.

* Update default.nix

* Update all-packages.nix

* Update default.nix

* Update all-packages.nix
2017-07-04 09:31:36 +02:00
Joachim F 7e86d0e539 Merge pull request #27091 from jfrankenau/init-noice
noice: init at 0.6
2017-07-04 08:30:36 +01:00
Pascal Wittmann ec04f18acb Merge pull request #27092 from adisbladis/add_dr14_tmeter
dr14_tmeter: init at 1.0.16
2017-07-04 07:41:36 +02:00
adisbladis c6f5726398
dr14_tmeter: init at 1.0.16 2017-07-04 09:36:09 +08:00
Mateusz Kowalczyk c31d21c9b1 Merge pull request #27090 from jfrankenau/config-sxiv
sxiv: Add support for custom config
2017-07-03 23:35:53 +01:00
Josef Kemetmueller 7f7b74dfed gogs: Fix cyclic dependency on darwin
This fixes the "cycle detected in the references of" error when building
on darwin. The fix is based on the solution in issue #18131.
2017-07-03 23:47:39 +02:00
romildo fd92bd0d80 qbittorrent: 3.3.12 -> 3.3.13 2017-07-03 16:36:55 -03:00
Pascal Wittmann 24ec6634f4 Merge pull request #27010 from rasendubi/qbittorrent-qmake
qbittorrent: fix build
2017-07-03 21:22:53 +02:00
Jan Tojnar e02d40c33e mypaint: 1.1.0 -> 1.2.1 (#27004) 2017-07-03 21:21:50 +02:00
Johannes Frankenau c2a37617ea nnn: init at 1.2 2017-07-03 20:14:38 +02:00
Johannes Frankenau 5dc2f6b3ad noice: init at 0.6 2017-07-03 15:41:37 +02:00
Johannes Frankenau b424c43465 sxiv: Add support for custom config 2017-07-03 14:42:12 +02:00
Nicolò Balzarotti 08ae945396 drumgizmo: 9.12 -> 9.14 2017-07-03 12:52:43 +02:00
Frederik Rietdijk 01c3847b9c Merge pull request #27051 from magnetophon/notmuch
notmuch: 0.23.5 -> 0.24.2
2017-07-03 10:49:22 +02:00
Frederik Rietdijk 43ca91106d kdevplatform: fix build 2017-07-03 10:10:17 +02:00
Frederik Rietdijk 8f5cf685ad ktorrent: fix build 2017-07-03 10:10:17 +02:00
Frederik Rietdijk 8e66ea0a1d Merge pull request #27041 from jokogr/f/skrooge-drop-kdelibs4support
skrooge: drop kdelibs4support dependency
2017-07-03 09:50:35 +02:00
Vladimír Čunát d1a89ae9d7
Merge branch 'master' into staging 2017-07-03 09:48:58 +02:00
Clemens Lutz 4c1ecbb669 makemkv: 1.10.5 -> 1.10.6 2017-07-02 22:28:28 +02:00
Linus Heckemann b97747a052 firefox wrapper: add libudev to libs
Fixes #26913 (gamepad support).
2017-07-02 17:29:42 +01:00
Bart Brouns 09d626e6f1 notmuch: 0.23.5 -> 0.24.2 2017-07-02 17:17:57 +02:00
Graham Christensen ed59b2c892 Revert "i3: add configFile to enable cutom configuration locations" 2017-07-02 08:48:41 -04:00
Michael Raskin b084b93faa Merge pull request #27034 from mimadrid/update/vifm-0.9
vifm: 0.8.2 -> 0.9
2017-07-02 13:26:01 +02:00
Sebastian Jordan b300472568 guetzli: init at 1.0.1 (#26595)
* guetzli: init at  1.0.1
* guetzli: move pkgconfig from buildInputs to nativeBuildInputs
* guetzli: use fetchFromGitHub instead of fetchgit
2017-07-02 13:01:18 +02:00
Ioannis Koutras a719b1be00 skrooge: drop kdelibs4support dependency
Since Qt 5.7 and Skrooge v2.5.0, the latter can be built without
KDELibs4Support.
2017-07-02 13:55:00 +03:00
Frederik Rietdijk a5a98f98a0 krename: fix build 2017-07-02 11:01:22 +02:00
Frederik Rietdijk 09aa1ca935 Merge pull request #27036 from zraexy/streamlink
streamlink: 0.6.0 -> 0.7.0
2017-07-02 10:55:33 +02:00
zraexy afb27bd4eb streamlink: 0.6.0 -> 0.7.0 2017-07-02 00:44:23 -08:00
mimadrid fd488c4a2a
vifm: 0.8.2 -> 0.9 2017-07-02 10:27:20 +02:00
zraexy 288b408304 redshift-plasma-applet: 1.0.17 -> 1.0.18 2017-07-02 00:25:19 -08:00
volth 756e69bf97 syncthing: don't import from pkgs (#27029) 2017-07-02 01:50:59 +01:00
Bart Brouns b1d79f0ef3 ranger: fix absolute paths in scope.sh 2017-07-02 01:51:40 +02:00
David McFarland 42464f64f7 firefox: fix the drmSupport option
At some point the config flag must have changed from --enable-eme to
--enable-eme=widevine, so it was having no effect.
2017-07-01 19:56:40 -03:00
Emmanuel Rosa f442294719 libreoffice: remove spadmin wrapper
This change removes the spadmin wrapper because the utility was removed from LibreOffice in release 4.3. See https://wiki.documentfoundation.org/ReleaseNotes/4.3#CUPS.2C_fax_machines_and_spadmin which states:

 > The graphical utility spadmin is now removed in favor of these new features and the operating system's standard printer administration tools. (Caolán McNamara)

 Closes #26671
2017-07-01 16:35:36 -04:00
Benno Fünfstück 13c8c847f4 Merge pull request #27007 from jfrankenau/update-i3lock
i3lock: 2.8 -> 2.9.1
2017-07-01 19:59:18 +02:00
Benno Fünfstück be4fc9ec1f Merge pull request #26983 from Ma27/i3/allow-custom-configuration
i3: add `configFile` to enable cutom configuration locations
2017-07-01 19:53:11 +02:00
zimbatm 6f86a1bd09 Terraform 0.9.10 (#27003)
* terraform: remove old 0.9.x versions

* terraform: 0.9.9 -> 0.9.10
2017-07-01 14:16:20 +01:00
Alexey Shmalko 85a8323e8f
qbittorrent: fix build
The qbittorrent has been broken by
210f688802, which adds `qmake` as a
build input. `qmake` is overriding the default configure phase (which
should be `./configure ...` for qbittorrent) so build goes wrong.

Remove `qmake` from build inputs (basically, reverting the said
commit).
2017-07-01 14:29:30 +03:00
Johannes Frankenau 1add3519df ncmpcpp: 0.7.7 -> 0.8 2017-07-01 13:08:01 +02:00
Gabriel Ebner 6acb707f35 Merge pull request #26956 from jfrankenau/neomutt-20170609
neomutt: 20170602 -> 20170609
2017-07-01 12:00:13 +02:00
Pascal Wittmann 2e78ca284e
mcabber: 1.0.5 -> 1.1.0 2017-07-01 10:02:32 +02:00
Johannes Frankenau 36021ddaaf i3lock: 2.8 -> 2.9.1 2017-07-01 09:28:23 +02:00
Maximilian Bosch dd4c1e2b01
i3: add configFile to enable cutom configuration locations
i3 loads its configuration from `~/.config/i3`, but in nix-based systems
you might want to build the config in `~/.nix-profile` using a nix
derivation, so `i3` needs to know where to look for the configuration
file.
2017-07-01 08:20:56 +02:00
Cray Elliott 20d31d7f49 obs-studio: 19.0.2 -> 19.0.3 2017-06-30 19:29:59 -07:00
zimbatm 3dd29b2453 ipfs: 0.4.9 -> 0.4.10 (#27001) 2017-07-01 01:31:52 +01:00
Joachim F a8ba50db3e Merge pull request #26492 from michalpalka/new-xen
xen_4_8: init at 4.8.1
2017-06-30 20:27:04 +01:00
Joachim F 3c29fbe72a Merge pull request #26993 from romildo/upd.mkvtoolnix
mkvtoolnix: 12.0.0 -> 13.0.0
2017-06-30 19:50:42 +01:00
romildo e521b75b9e mkvtoolnix: 12.0.0 -> 13.0.0 2017-06-30 14:01:25 -03:00
Vladimír Čunát ddf864f8aa
Merge branch 'master' into staging
Mass rebuilds from master (>7k on x86_64-linux).
2017-06-30 18:16:58 +02:00
Peter Simons f0c3e5f519 Merge pull request #26987 from peti/r-updates
R: update to version 3.4.1
2017-06-30 17:59:53 +02:00
Joachim F 8f73c57643 Merge pull request #26958 from np/electrum-ltc-dash-protobuf3_2
electrum-{ltc,dash}: use protobuf3_2
2017-06-30 15:47:35 +01:00
Joachim F 772ddec4f0 Merge pull request #26962 from 239/patch-1
opera: 45.0.2552.812 -> 45.0.2552.898
2017-06-30 15:47:00 +01:00
Benno Fünfstück 58a231d944 Merge pull request #26026 from Hodapp87/autotrace
autotrace: init at 0.31.1
2017-06-30 16:34:48 +02:00
Benno Fünfstück 98bd25a02e autotrace: build with pstoedit 2017-06-30 16:32:03 +02:00
John Ericson 95c8277701 misc pkgs: Remove unneeded *Platform == *Platform comparisons
PR #26007 used these to avoid causing a mass rebuild. Now that we know
things work, we do that to clean up.
2017-06-30 10:09:31 -04:00
Benno Fünfstück a0286ca6f0 Merge pull request #26838 from rvolosatovs/init/mopidy-local-sqlite
mopidy-local-sqlite: init at 1.0.0
2017-06-30 15:25:53 +02:00
Silvan Mosberger ab162eeffc buku: added not to remove line on next version 2017-06-30 14:47:55 +02:00
Tim Steinbach 7f9ec267a6 Merge pull request #26988 from taku0/firefox-bin-54.0.1
firefox, firefox-bin: 54.0 -> 54.0.1,  firefox-esr: 52.2.0esr -> 52.2.1esr
2017-06-30 08:40:20 -04:00
taku0 f8559ace71 firefox-esr: 52.2.0esr -> 52.2.1esr 2017-06-30 21:09:00 +09:00
Peter Simons 4c5577b504 R: update to version 3.4.1 2017-06-30 13:37:26 +02:00
Benno Fünfstück 081a071371 Merge pull request #26758 from jensbin/pidgin-sipe
pidgin-sipe: 1.22.0 -> 1.22.1
2017-06-30 11:42:58 +02:00
Silvan Mosberger bc81760a92 buku: test & completions revision 2017-06-29 20:38:14 +02:00
taku0 2330b54470 firefox: 54.0 -> 54.0.1 2017-06-30 03:23:58 +09:00
taku0 8d4e8a73bd firefox-bin: 54.0 -> 54.0.1 2017-06-30 03:23:51 +09:00
Silvan Mosberger fb62250664 buku: Enabled tests and added shell completion 2017-06-29 16:19:24 +02:00
239 9d9c12249d Opera: 45.0.2552.812 -> 45.0.2552.898 2017-06-29 11:48:57 +02:00
Johannes Frankenau 25d47046be neomutt: 20170602 -> 20170609 2017-06-29 10:24:57 +02:00
Nicolas Pouillard 6db9cbfa4c
electrum-{ltc,dash}: use protobuf3_2 2017-06-29 10:07:49 +02:00
Johannes Frankenau 3107f33c9d buku: 2.9 -> 3.0 2017-06-29 09:47:49 +02:00
Jörg Thalheim 793620eff4 Merge pull request #26898 from knedlsepp/update-gogs
gogs: 0.10.18 -> 0.11.19
2017-06-29 08:14:43 +01:00
Jörg Thalheim f14cd40c4b gogs: remove old deps.nix
gogs code is now fully vendored.
2017-06-29 08:12:32 +01:00
Joachim F 332486fc13 Merge pull request #26943 from mdorman/emacs-updates
Automated Emacs Package updates
2017-06-29 07:04:01 +01:00
John Ramsden 8181b075ba
Quoted NIX_CC 2017-06-28 22:29:49 -07:00
Karn Kallio 13ab06b05a kde applications : fix builds by adding missing dependencies
Patch applied by James Cook <james.cook@utoronto.ca>.
2017-06-29 05:01:46 +00:00
Karn Kallio 815764096b Fix akonadi build.
Patch applied by James Cook <james.cook@utoronto.ca>.
2017-06-29 04:51:20 +00:00
John Ericson 16be434b0b Merge accepted cross compilation PRs into staging 2017-06-28 23:17:21 -04:00
Tim Steinbach 4cc729644e Merge pull request #26867 from michalpalka/xen-security-2017.06-new
xen: patch for XSAs: 216, 217, 218, 219, 220, 221, 222, and 224
2017-06-28 22:43:46 -04:00
Tim Steinbach db17c508ef Merge pull request #26915 from diegs/terraform
terraform: 0.9.6 -> 0.9.9.
2017-06-28 22:39:18 -04:00
Tim Steinbach fb8a66dcc9 Merge pull request #26945 from NeQuissimus/virtualbox_32bit
virtualbox: Add ability to disable 32-bit guest support
2017-06-28 22:32:12 -04:00
Tim Steinbach 312c2f7961
virtualbox: Add ability to disable 32-bit guest support 2017-06-28 22:24:19 -04:00
John Ericson e1faeb574a Merge pull request #26884 from obsidiansystems/purge-stdenv-cross
Purge stdenv cross
2017-06-28 21:39:16 -04:00
Jörg Thalheim 7642a76c1a Merge pull request #26926 from dotlambda/master
dmensamenu: init at 1.0.0
2017-06-29 00:29:18 +01:00
Michael Alan Dorman 37f381a970 melpa-packages: 2017-06-28
Removals:
 - relative-line-numbers: removed from melpa
2017-06-28 18:37:31 -04:00
Michael Alan Dorman b2e148faa0 melpa-stable-packages: 2017-06-28
Removals:
 - relative-line-numbers: removed from melpa
2017-06-28 18:37:30 -04:00
Michael Alan Dorman e636454c40 elpa-packages: 2017-06-28 2017-06-28 18:37:30 -04:00
John Ericson aac32fe2d1 vim: cc-wrapper can be relied on to export this env var 2017-06-28 18:31:37 -04:00
John Ericson 9c163cebdd omxplayer: Don't use stdenv.cross 2017-06-28 18:21:05 -04:00
John Ericson ffa535a0cc fossil: Don't use stdenv.cross 2017-06-28 18:21:05 -04:00
John Ericson ca94de8c4c offrss: cc-wrapper can be relied on to export this env var 2017-06-28 18:21:05 -04:00
John Ericson c4443d70df fbida: cc-wrapper can be relied on to export these env vars 2017-06-28 18:21:05 -04:00
John Ericson a11426c523 ImageMagick: Don't use stdenv.cross
I'm guessing the salient aspect here is not cross compiling itself, but
just whether the host platform is MinGW, so I simplified the logic
accordingly
2017-06-28 18:20:38 -04:00
Will Dietz a97c803b4b mendeley: ignore errors attempting to install link handler on startup
It's not critical functionality and AFAICT only fails in environments
that wouldn't benefit from "successfully" installing it anyway.

Fixes #24709
Fixes #24821
2017-06-28 17:05:11 -05:00
Robert Helgesson fa6e946383
eclipse-plugin-jdt: 4.6.2 -> 4.7 2017-06-28 20:56:48 +02:00
Robert Helgesson 556a867186
eclipse-sdk: 4.6.2 -> 4.7 2017-06-28 20:56:48 +02:00
Robert Helgesson 0a52cc1851
eclipse-platform: 4.6.2 -> 4.7 2017-06-28 20:56:43 +02:00
Daniel Peebles 09194cafa8 Merge pull request #26937 from joachifm/lkl-4_11
lkl: 2017-03-24 -> 2017-06-27
2017-06-28 14:35:36 -04:00
Joachim Fasting 0bc3429e77
lkl: 2017-03-24 -> 2017-06-27
Now based on Linux 4.11
2017-06-28 20:14:00 +02:00
Joachim F c7278cfc0b Merge pull request #26887 from taku0/thunderbird-bin-52.2.1
Thunderbird bin 52.2.1
2017-06-28 19:06:38 +01:00
Tim Steinbach add90948bc
docker: 17.03.1-ce -> 17.03.2-ce 2017-06-28 12:49:59 -04:00
Shea Levy 24c59a4452 neuron: enable GUI 2017-06-28 11:59:54 -04:00
Thomas Tuegel 59f94b12f3
dropbox: 28.4.14 -> 29.4.20 2017-06-28 08:38:38 -05:00
Frederik Rietdijk 8a62a9b064 Merge pull request #26125 from volth/webkitgtk-naming
rename webkitgtk24x⇒webkitgtk24x-gtk3; webkitgtk2⇒webkitgtk24x-gtk2
2017-06-28 13:54:38 +02:00
Robert Schütz 1a7745d6ec dmensamenu: init at 1.0.0 2017-06-28 11:43:39 +02:00
Jörg Thalheim ce88027294 jetbrains.gogland: 171.4694.35 -> 171.4694.61 2017-06-28 08:31:08 +01:00
Jörg Thalheim f849eb2018 jetbrains.datagrip: 2017.1.4 -> 2017.1.5 2017-06-28 08:30:59 +01:00
rht fef784d09f
zcash: reinit at 1.0.8 2017-06-28 03:26:30 +02:00
John Ramsden 69ecd62a95
Switched from phases to buildCommand, and moved makeWrapper to nativeBuildInputs as reccomended. 2017-06-27 16:19:49 -07:00
Charles Strahan 8e73afb2e1 zoom-us: don't add mesa to the LD_LIBRARY_PATH
zoom-us was failing to launch under the proprietary nvidia drivers,
as described in the comments of #26596.

Closes #26916
2017-06-27 18:43:20 -04:00
Diego Pontoriero 5b90fa0151
terraform: 0.9.6 -> 0.9.9. 2017-06-27 15:04:11 -07:00
Karn Kallio 07dc20e436 kcachegrind : Fix build by adding missing dependencies. 2017-06-27 22:33:06 +02:00
Shea Levy 4d2597981d Partially revert "terraform: 0.9.4 -> 0.9.6."
Terraform point releases are significant changes, we need to keep old ones around

This reverts commit 6a27b46dee.
2017-06-27 16:26:07 -04:00
Karn Kallio c710ddf7cd okteta : Fix build by adding missing dependencies. 2017-06-27 22:10:00 +02:00
Joachim F 2c30e5e754 Merge pull request #25441 from Hodapp87/draftsight
draftsight: init at 2017-SP1
2017-06-27 21:04:30 +01:00
Joachim F bccd3feed2 Merge pull request #26450 from oxij/pkg/fix/tor-browser
firefoxPackages: tor-browser: use gtk2 by default (like tor-browser-bin does)
2017-06-27 20:41:27 +01:00
Joachim F 4e44b63892 Merge pull request #26453 from oxij/pkg/fix/ranger
ranger: add imagePreviewSupport option and make previews work out of the box
2017-06-27 20:40:57 +01:00
Karn Kallio 67e4072282 k3b : Fix build by adding missing dependencies. 2017-06-27 21:14:00 +02:00
Joachim F c27fc66856 Merge pull request #26904 from Ma27/geogebra/make-language-configurable
geogebra: make `language` configurable
2017-06-27 16:21:00 +01:00
Joachim F bcbf45ff1f Merge pull request #26886 from jonafato/remove-thunderbird-bin-updater
Remove old thunderbird-bin update script
2017-06-27 16:12:37 +01:00
Tim Steinbach 493ae24872 Merge pull request #26870 from lsix/update_nano
nano: 2.8.4 -> 2.8.5
2017-06-27 08:12:52 -04:00
Tim Steinbach 719b506bad Merge pull request #26803 from NeQuissimus/rkt_1_27_0
rkt: 1.26.0 -> 1.27.0
2017-06-27 08:09:40 -04:00
Michał Pałka 7b5d72ce04 xen: patch for XSAs: 216, 217, 218, 219, 220, 221, 222, and 224 (xen 4.8)
This commit contains security patches for xen 4.8. The patches
for XSA-216 applied to the kernel are omitted, as they are part of
80e0cda7ff.

XSA-216 Issue Description:

> The block interface response structure has some discontiguous fields.
> Certain backends populate the structure fields of an otherwise
> uninitialized instance of this structure on their stacks, leaking
> data through the (internal or trailing) padding field.

More: https://xenbits.xen.org/xsa/advisory-216.html

XSA-217 Issue Description:

> Domains controlling other domains are permitted to map pages owned by
> the domain being controlled.  If the controlling domain unmaps such a
> page without flushing the TLB, and if soon after the domain being
> controlled transfers this page to another PV domain (via
> GNTTABOP_transfer or, indirectly, XENMEM_exchange), and that third
> domain uses the page as a page table, the controlling domain will have
> write access to a live page table until the applicable TLB entry is
> flushed or evicted.  Note that the domain being controlled is
> necessarily HVM, while the controlling domain is PV.

More: https://xenbits.xen.org/xsa/advisory-217.html

XSA-218 Issue Description:

> We have discovered two bugs in the code unmapping grant references.
>
> * When a grant had been mapped twice by a backend domain, and then
> unmapped by two concurrent unmap calls, the frontend may be informed
> that the page had no further mappings when the first call completed rather
> than when the second call completed.
>
> * A race triggerable by an unprivileged guest could cause a grant
> maptrack entry for grants to be "freed" twice.  The ultimate effect of
> this would be for maptrack entries for a single domain to be re-used.

More: https://xenbits.xen.org/xsa/advisory-218.html

XSA-219 Issue Description:

> When using shadow paging, writes to guest pagetables must be trapped and
> emulated, so the shadows can be suitably adjusted as well.
>
> When emulating the write, Xen maps the guests pagetable(s) to make the final
> adjustment and leave the guest's view of its state consistent.
>
> However, when mapping the frame, Xen drops the page reference before
> performing the write.  This is a race window where the underlying frame can
> change ownership.
>
> One possible attack scenario is for the frame to change ownership and to be
> inserted into a PV guest's pagetables.  At that point, the emulated write will
> be an unaudited modification to the PV pagetables whose value is under guest
> control.

More: https://xenbits.xen.org/xsa/advisory-219.html

XSA-220 Issue Description:

> Memory Protection Extensions (MPX) and Protection Key (PKU) are features in
> newer processors, whose state is intended to be per-thread and context
> switched along with all other XSAVE state.
>
> Xen's vCPU context switch code would save and restore the state only
> if the guest had set the relevant XSTATE enable bits.  However,
> surprisingly, the use of these features is not dependent (PKU) or may
> not be dependent (MPX) on having the relevant XSTATE bits enabled.
>
> VMs which use MPX or PKU, and context switch the state manually rather
> than via XSAVE, will have the state leak between vCPUs (possibly,
> between vCPUs in different guests).  This in turn corrupts state in
> the destination vCPU, and hence may lead to weakened protections
>
> Experimentally, MPX appears not to make any interaction with BND*
> state if BNDCFGS.EN is set but XCR0.BND{CSR,REGS} are clear.  However,
> the SDM is not clear in this case; therefore MPX is included in this
> advisory as a precaution.

More: https://xenbits.xen.org/xsa/advisory-220.html

XSA-221 Issue Description:

> When polling event channels, in general arbitrary port numbers can be
> specified.  Specifically, there is no requirement that a polled event
> channel ports has ever been created.  When the code was generalised
> from an earlier implementation, introducing some intermediate
> pointers, a check should have been made that these intermediate
> pointers are non-NULL.  However, that check was omitted.

More: https://xenbits.xen.org/xsa/advisory-221.html

XSA-222 Issue Description:

> Certain actions require removing pages from a guest's P2M
> (Physical-to-Machine) mapping.  When large pages are in use to map
> guest pages in the 2nd-stage page tables, such a removal operation may
> incur a memory allocation (to replace a large mapping with individual
> smaller ones).  If this allocation fails, these errors are ignored by
> the callers, which would then continue and (for example) free the
> referenced page for reuse.  This leaves the guest with a mapping to a
> page it shouldn't have access to.
>
> The allocation involved comes from a separate pool of memory created
> when the domain is created; under normal operating conditions it never
> fails, but a malicious guest may be able to engineer situations where
> this pool is exhausted.

More: https://xenbits.xen.org/xsa/advisory-222.html

XSA-224 Issue Description:

> We have discovered a number of bugs in the code mapping and unmapping
> grant references.
>
> * If a grant is mapped with both the GNTMAP_device_map and
> GNTMAP_host_map flags, but unmapped only with host_map, the device_map
> portion remains but the page reference counts are lowered as though it
> had been removed. This bug can be leveraged cause a page's reference
> counts and type counts to fall to zero while retaining writeable
> mappings to the page.
>
> * Under some specific conditions, if a grant is mapped with both the
> GNTMAP_device_map and GNTMAP_host_map flags, the operation may not
> grab sufficient type counts.  When the grant is then unmapped, the
> type count will be erroneously reduced.  This bug can be leveraged
> cause a page's reference counts and type counts to fall to zero while
> retaining writeable mappings to the page.
>
> * When a grant reference is given to an MMIO region (as opposed to a
> normal guest page), if the grant is mapped with only the
> GNTMAP_device_map flag set, a mapping is created at host_addr anyway.
> This does *not* cause reference counts to change, but there will be no
> record of this mapping, so it will not be considered when reporting
> whether the grant is still in use.

More: https://xenbits.xen.org/xsa/advisory-224.html
2017-06-27 12:02:59 +00:00
Michał Pałka 9e6bfbb2f9 xen_4_8: init at 4.8.1
This commit adds the xen_4_8 package to be used instead of
xen (currently at 4.5.5):
 * Add packages xen_4_8, xen_4_8-slim and xen_4_8-light
 * Add packages qemu_xen_4_8 and qemu_xen_4_8-light to be used
   with xen_4_8-slim and xen_4_8-light respectively.
 * Add systemd to buildInputs of xen (it is required by oxenstored)
 * Adapt xen service to work with the new version of xen
 * Use xen-init-dom0 to initlilise dom0 in xen-store
 * Currently, the virtualisation.xen.stored option is ignored
   if xen 4.8 is used
2017-06-27 12:01:53 +00:00
Josef Kemetmueller 2cb5246dd8 gogs: 0.10.18 -> 0.11.19 2017-06-27 11:41:19 +00:00