3.6.20 is a security release in order to address CVE-2013-4475 (ACLs are
not checked on opening an alternate data stream on a file or directory)
and CVE-2013-4476 (Private key in key.pem world readable).
And 3.6.19 had some bug fixes:
http://www.samba.org/samba/history/samba-3.6.19.html
This drops the patch for ZBX-7091, because it hase been fixed upstream.
Other upstream changes can be found at the following URL:
http://www.zabbix.com/rn2.0.9.php
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
* Remove package name
* Start with upper case letter
* Remove trailing period
Also reword some descriptions and move some long descriptions to
longDescription.
I'm not touching generated packages.
- The 1.13 branch gets no updates since April,
so I thought it's a good time to switch.
- Some xorg modules needed to be updated to build,
but some don't have the update (probably all very obscure).
- Maybe it would be good to update the intel driver (or some others),
I don't know.
There are many more packages to fix, this is just a start.
Rules:
* Don't repeat the package name (not always that easy...)
* Start with capital letter
* Don't end with full stop
* Don't start with "The ..." or "A ..."
I've also added descriptions to some packages and rewritten others.
This also adds pkgconfig to the dependency list so we don't need to
specify the path to OpenSSL anymore, because we need pkgconfig in order
to correctly find Lua anyway.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
- Add config to defaults.yaml, to allow topologies to include their own storm.yaml.
- Symlink extra jars in lib/ since it's nearly impossible to add a classpath to Storm's config.
- Include native jzmq library in java.library.path
- Use package default args.
- The bin/storm script makes too many assumptions about file locations and java classpath that I couldn't figure out a better way.
Fix jzmq build on NixOS: java source was treated as ASCII.
Conflicts (a little tricky, I did some cleanup of interacting changes):
pkgs/development/compilers/llvm/default.nix
pkgs/development/libraries/libpng/default.nix
pkgs/tools/package-management/nixops/default.nix
pkgs/top-level/all-packages.nix
We already have mini_httpd, but IMHO it is *too* minimal as in not very
flexible in configuration (for example, I haven't found any runtime
configuration for disabling logging), so that's why I decided to add
thttpd, which serves quite well as an ad-hoc HTTPd.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
The source has HOSTNAME=`hostname` (capture output of hostname command)
but currently it is replaced with HOSTNAME="/path/to/hostname" (which is
just a plain string). Fix it by substituting with
HOSTNAME=`/path/to/hostname`.
I also added a patch that makes dovecot search for
plugins in /var/lib/dovecot/modules. This way, you
can add plugins from several packages without running
into circular dependencies. The module dir needs to
be populated before the dovecot service is started,
for example. This is currently not done in NixOS, so
you need to implement your own service in order to
get the plugins working.
The module patch has not been added to the old 2.1.x
package.
This should fix support for TLS and in addition, we now _only_ depend on one
library rather than OpenSSL *and* GnuTLS as we no longer need iksemel.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
When building PostgreSQL with plugins under NixOS, NixOS will create a
postgresql-and-plugins directory which symlinks PostgreSQL and all the plugins
into a single directory. Unfortunately, the plugins will not actually be usable
by PostgreSQL because it will still try and locate them in the original
PostgreSQL share directory, not postgresql-and-plugins.
In this commit, I have patched resolve_symlinks to always return success, which
matches the behavior if HAVE_READLINK is false (so presumably invalid paths are
never passed to this function).
This uses recurseForDerivations directly after using callPackage magic to ensure
that the input attributes can be overriden *and* nix-env shows the package as in
recurseIntoAttrs.
The reason for making this optional is because there probably is only a minority
of people who want to use XMPP and we don't want to introduce an additional
dependency for the majority, do we?
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
The BIND configure script finds extra dependencies in /usr/include and /usr/lib,
and activates additional features if it does. This may cause the build to fail
on systems that cannot use a chroot environment. Actively disabling those
additional features prevents this issue from occurring.
This modifies how the `riak` and `riak-admin` scripts work such that one has to specify environment variables for where the data, log, and etc directories live.
* Add needed dependencies:
coreutils, python, ruby, java and several Perl modules (Time::HiRes
1.9.724 is no longer available, bump to 1.9725)
* Use sha256 instead of md5 (more secure)
* Wrap munin perl scripts so they find their dependencies at runtime
* Rework meta description attributes.
FIXME/TODO: munin is still not usable; it tries to write log files and
web graphs to its installation path.
See #490 discussion.
This reverts commit 1278859d31, reversing
changes made to 0c020c98f9.
Conflicts:
pkgs/desktops/xfce/core/xfce4-session.nix (take master)
pkgs/lib/misc.nix (auto)
With this patch support for SSL is compiled into lighttpd.
IMO encryption is in most use cases important, therefore SSL support should be build in. This would simplify the setup of a standard web application a lot.
SSL support of lighttpd is documented at
http://redmine.lighttpd.net/projects/1/wiki/Docs_SSL
Before, files were put in /var, requiring the server to be run as a
privileged user even when just testing locally. This can be overridden
by setting the SYS_PREFIX env variable, or on a more coarse-grained
basis in /etc/rabbitmq/rabbitmq-env.conf
Signed-off-by: Shea Levy <shea@shealevy.com>
- update some modules to work with the newer server
- fix many other modules via overrides
- huge cleanup in overrides via better propagation
and pixman include flattening
- URLs of XCB stuff have been moved
The build complains about missing "file" and "which" commands, so add them as
build inputs.
"file" is used by the autotools configure script to tweak what -m flag
(if any) to pass to the linker when it asks it for shared library
support.
Here is an example of -m values for GNU ld:
Supported emulations:
elf_x86_64
elf32_x86_64
elf_i386
i386linux
elf_l1om
elf_k1om
"which" is used in the build phase to look for svnversion and git, to build a
version stamp. Since we build from a release tarball (and don't pass svn or git
as inputs either), this check fails and falls back to the version number in the
tarball.
There is one build warning left, but I think this is normal on NixOS:
/tmp/nix-build-lighttpd-1.4.32.drv-0/lighttpd-1.4.32/libtool: line 1085: ldconfig: command not found
One important denial of service (in 1.4.31) fix: CVE-2012-5533[1].
NOTE: There are some errors about missing commands during the build, but
I'm pretty sure they were there before. And the result seems to be
working anyway...
* /usr/bin/file: No such file or directory
* /bin/sh: line 2: which: command not found
* /tmp/nix-build-lighttpd-1.4.32.drv-0/lighttpd-1.4.32/libtool: line 1085: ldconfig: command not found
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5533
First, pass in `self' again so that overriding works properly (thanks
for pointing that out, @edolstra)
Second, instead of having linuxPackages*.kernel mean something different
inside the set and out, add a new attribute linuxPackages*.kernelDev,
which for the generic kernel is simply linuxPackages*.kernel but for the
manual-config kernel is the `dev' output (which has the build tree,
source tree, etc.)
The second change required trivial modifications in a bunch of
expressions, I verified that all of the linuxPackages* sets defined in
all-packages.nix have the same drv paths before and after the change.
Signed-off-by: Shea Levy <shea@shealevy.com>
The original fix modified a generated file instead of the
manually-maintained overrides file. Checked by inspection.
Signed-off-by: Shea Levy <shea@shealevy.com>