3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

320 commits

Author SHA1 Message Date
obadz 24a9183f90 Merge branch 'hardened-stdenv' into staging
Closes #12895

Amazing work by @globin & @fpletz getting hardened compiler flags by
enabled default on the whole package set
2016-08-22 01:19:35 +01:00
Franz Pletz 2709079569 postgresql: security updates for all versions
Fixes CVE-2016-5423 and CVE-2016-5424.

See https://www.postgresql.org/about/news/1688/.
2016-08-16 18:35:22 +02:00
Robin Gloster 33e1c78ae3 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-16 07:54:01 +00:00
Dan Peebles ccd16f87d5 mariadb: re-enable jemalloc on darwin and fix impurity
CMake in its usual infinite wisdom searches all over the system for java
and finds the host OSX java and JNI headers. It then decides to build the
connector and fails later on because we didn't actually tell Nix that we
wanted java in scope. So instead, we just tell CMake that we don't want
the jdbc connector. I believe it does the same with GSS, so I disable
that stuff too. None of this should affect Linux, but let me know if it
does somheow.
2016-08-14 15:08:23 -04:00
Franz Pletz bd4490e277 Merge branch 'master' into hardened-stdenv 2016-08-13 16:59:55 +02:00
Vladimír Čunát 1c9307d348 mariadb on Darwin: another attempt to fix
Adding jemalloc to buildInputs didn't work out a97df891,
as jemalloc doesn't build correctly on Darwin ATM.
2016-08-13 09:03:33 +02:00
Robin Gloster b7787d932e Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-12 09:46:53 +00:00
Vladimír Čunát a97df891fe mariadb: use jemalloc on every platform
It seems to be failing to configure without it on Darwin:
http://hydra.nixos.org/build/38440660/nixlog/1/raw
This doesn't cause a rebuild on Linux platforms.
2016-08-11 19:25:51 +02:00
Vladimír Čunát 6f5c6fb6a1 mariadb: remove darwin patch that no longer applies
Hopefully it isn't needed anymore.
2016-08-10 22:07:33 +02:00
Vladimír Čunát b94559dc7f mariadb: make the attribute point to the full build
It will create least surprises. Only those who want to go light
have to choose.
2016-08-07 22:44:57 +02:00
Vladimír Čunát 9a072482e6 mariadb: completely separate a server-less build
libmysqlclient is all that most closures need; now it's smaller and
quick to build. For cases that need a server (via executable or lib),
there's a full build for now; later it could be slimmed by removing the
client stuff.
2016-08-07 20:46:36 +02:00
Robin Gloster 1b979d8384 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-03 13:34:44 +00:00
Tuomas Tynkkynen 21f17d69f6 treewide: Add lots of meta.platforms
Build-tested on x86_64 Linux & Mac.
2016-08-02 21:42:43 +03:00
Tuomas Tynkkynen 2258b21e4b treewide: Add lots of platforms to packages with no meta
Build-tested on x86_64 Linux and on Darwin.
2016-08-02 21:17:44 +03:00
Robin Gloster 63c7b4f9a7 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-31 20:51:34 +00:00
Franz Pletz 8605d76f17 Revert "mariadb: 10.1.9 -> 10.1.16 (security)"
This reverts commit 55bd6da9fb.

Fixes #17340.
2016-07-28 22:31:43 +02:00
Franz Pletz 55bd6da9fb mariadb: 10.1.9 -> 10.1.16 (security) 2016-07-28 06:56:14 +02:00
Franz Pletz 975d33e640 mysql51: remove, not maintained anymore 2016-07-28 06:56:13 +02:00
Robin Gloster f222d98746 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-25 12:47:13 +00:00
Graham Christensen f4d5d6e73e mysql: 5.5.49 -> 5.5.50 for CVEs (#17160)
Problems include buffer overflows, null pointer dereferences, and
other bugfixes.

 - CVE-2016-3477
 - CVE-2016-3521
 - CVE-2016-3615
 - CVE-2016-5440

Details:
https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html
2016-07-23 01:13:28 +02:00
Robin Gloster 8031cba2ab Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-06-10 09:27:04 +00:00
Matthias Beyer 0ac6b862ac postgresql: 9.5.1 -> 9.5.3, potentially fixes CVE-2016-2193, CVE-2016-3065 2016-05-31 15:51:23 +02:00
Matthias Beyer c5ab5b7750 postgresql94: 9.4.6 -> 9.4.7 2016-05-31 15:51:22 +02:00
Matthias Beyer f62bd73225 postgresql93: 9.3.11 -> 9.3.12 2016-05-31 15:51:22 +02:00
Matthias Beyer fe5e3c2e59 postgresql92: 9.2.15 -> 9.2.16 2016-05-31 15:51:22 +02:00
Matthias Beyer 8b5c712648 postgresql91: 9.1.20 -> 9.1.21 2016-05-31 15:51:22 +02:00
Robin Gloster 2d382f3d98 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-05-30 19:39:34 +00:00
Vladimír Čunát 81039713fa Merge branch 'master' into staging
... to get the systemd update (rebuilding ~7k jobs).
2016-05-26 16:50:22 +02:00
Tobias Geerinckx-Rice fd0a4c3910
mysql55: 5.5.48 -> 5.5.49
Should fix CVE-2016-0666, -0648, -0647, -0643, and -0642. CC @vcunat.
2016-05-24 15:00:49 +02:00
Vladimír Čunát c4661e9643 Merge: make dev output references explicit
This is a rebase of most commits from #14766,
resolving conflicts and a few other evaluation problems.
2016-05-22 12:09:23 +02:00
Vladimír Čunát 019e9a9aa6 Merge #15421: mariadb: wrap mysqld with --basedir 2016-05-20 10:50:13 +02:00
Tuomas Tynkkynen 8d473f107c treewide: Make explicit that 'dev' output of readline is used 2016-05-19 10:03:35 +02:00
Tuomas Tynkkynen 2a73de6e6c treewide: Make explicit that 'dev' output of openssl is used 2016-05-19 10:02:23 +02:00
Franz Pletz f8d481754c
Merge remote-tracking branch 'origin/master' into hardened-stdenv 2016-05-18 17:10:02 +02:00
Sebastián Bernardo Galkin edaecb41db
postgis: fix build after output splits
Fixes #15236

Two changes were needed:

- pg_config from postgresql package wasn't reporting the correct location for
the pgxs extension system, after the output split
- json_c is now split in dev and out outputs, postgis configure doesn't find the
library location properly

Closes #15470
2016-05-15 11:49:59 +02:00
Phil Wetzel 6ce89e174f mariadb: wrap mysqld with --basedir 2016-05-12 18:22:53 -04:00
Robin Gloster 9820cb1bf2 use dontBuild instead of hacks
changes:
 * buildPhase = "true"
 * buildPhase = ":"
2016-05-04 10:11:04 +00:00
Robin Gloster d020caa5b2 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-04-18 13:49:22 +00:00
Arseniy Seroka 0b3827d04a Merge pull request #14772 from cleverca22/mariadb
mariadb: fix arm builds
2016-04-17 22:16:24 +03:00
Dan Peebles 5ced92f83b mariadb: fix build on darwin
My simplistic test seemed to work just fine, so I assume the
install_name_tool shenanigans became unnecessary at some point.
2016-04-17 14:49:25 -04:00
michael bishop 437468d5ea
mariadb: fix arm builds 2016-04-17 00:40:10 -03:00
Vladimír Čunát d1df28f8e5 Merge 'staging' into closure-size
This is mainly to get the update of bootstrap tools.
Otherwise there were mysterious segfaults:
https://github.com/NixOS/nixpkgs/pull/7701#issuecomment-203389817
2016-04-07 14:40:51 +02:00
Robin Gloster a73a28de7b fix grammar errors 2016-04-06 16:16:23 +00:00
Vladimír Čunát ab15a62c68 Merge branch 'master' into closure-size
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
2016-04-01 10:06:01 +02:00
Domen Kožar b07e7bfc7b Merge remote-tracking branch 'origin/staging' 2016-03-27 13:19:04 +01:00
Eelco Dolstra 523f4f2f69 mariadb: Disable parallel building again
It still fails intermittently on lex_token.h.

http://hydra.nixos.org/build/33571559
2016-03-23 20:11:07 +01:00
Johannes Bornhold 67b1acd989 mysql55: Allow to build on darwin 2016-03-18 14:23:14 +01:00
Graham Christensen dbf41ebee7 mysql_jdbc: 5.1.32 -> 5.1.38 2016-03-14 20:16:30 -05:00
Thomas Tuegel 3ef7671cea ncurses: combine $lib and $out outputs
The $lib output refers to the terminfo database in $out, which is about
10x larger than the ncurses shared library. Splitting these outputs
saves a small amount of space for any derivations that use the terminfo
database but not the ncurses library, but we do not have evidence that
any such exist.
2016-03-08 11:35:24 -06:00
Vladimír Čunát 09af15654f Merge master into closure-size
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00