1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-02 18:42:15 +00:00
Commit graph

735 commits

Author SHA1 Message Date
Tim Steinbach d95fb5f2ac Merge pull request #24632 from NeQuissimus/docker_17_04
docker-edge: init at 17.04
2017-04-05 20:51:14 -04:00
Tim Steinbach 1e589239b3
docker-edge: init at 17.04 2017-04-05 20:49:26 -04:00
Tim Steinbach 89188e2972
docker-distribution: 2.5.1 -> 2.6.0 2017-04-04 21:01:27 -04:00
Tim Steinbach aefb9671bf
docker: 17.03.0 -> 17.03.1 2017-04-04 13:43:57 -04:00
Franz Pletz 0018cd5a2d
libvirt packages: fix & clean up dependencies 2017-03-28 19:45:01 +02:00
Kosyrev Serge 0c3138e602 virtualbox: a more maintenance-free way of patching refs to dlopen()-affected dependencies 2017-03-28 01:32:11 +03:00
Nikolay Amiantov 52451067c7 virtualbox: wrap with Qt dependencies
Fixes GTK file open dialogs. Also make sure that linked applications really
exist, and update their list.
2017-03-28 00:29:40 +03:00
Franz Pletz 160fd7231e
virt-manager: needs file for building translations 2017-03-25 14:57:45 +01:00
volth 4e749683e6 virt-manager: 1.4.0 -> 1.4.1 (#24149) 2017-03-21 10:20:55 +01:00
Robin Gloster 07252dc83b
virtualbox: 5.1.14 -> 5.1.18 2017-03-20 16:05:20 +01:00
Michael Raskin dfbd2dd659 Merge pull request #23624 from volth/virt-viewer-5.0
virt-viewer: 2.0 -> 5.0
2017-03-18 19:05:11 +01:00
Peter Hoeg ee20e89644 virtmanager-qt: 0.39.60 -> 0.42.67 2017-03-18 12:32:49 +08:00
Tim Steinbach f1c2d047ed Merge pull request #23872 from NeQuissimus/docker_17_03_0
docker: 1.13.1 -> 17.03.0-ce
2017-03-17 10:07:04 -04:00
Dan Peebles dc61ff31a7 xhyve: update and fix to use our Hypervisor framework
(this is a cherry-picked version of f3b65f67d9,
which got reverted because it depended on my 10.11 frameworks, which were
flawed)
2017-03-14 22:38:35 -04:00
Tim Steinbach aed4918795
docker: 1.13.1 -> 17.03.0-ce 2017-03-14 08:02:35 -04:00
Volth d4294265fd virt-viewer: 2.0 -> 5.0 2017-03-14 04:54:11 +00:00
Joachim Fasting d082a29c3a
runc: use removeReferencesTo 2017-03-11 15:17:36 +01:00
Joachim Fasting c4fe196087
docker: use removeReferencesTo 2017-03-11 15:17:34 +01:00
Joachim Fasting 0c6a1eaa43
containerd: use removeReferencesTo 2017-03-11 15:17:32 +01:00
aszlig 0a7673d202
qemu_test: Rebase force-uid0-on-9p.patch
This reverts commit 3a4e2376e4.

The reverted commit caused the fix for CVE-2016-9602 not to be applied
for qemu_test because it conflicts with the force-uid0-on-9p.patch.

So with the rebase of the patch on top of the changes of the
CVE-2016-9602.patch, both patches no longer conflict with each other.

I've tested this with the "misc" NixOS test and it succeeds.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-03-11 15:16:49 +01:00
Franz Pletz 3a4e2376e4
qemu_test: don't apply patch for CVE-2016-9602
Both patches are conflicting. Keeping the vulnerability unpatched in qemu
binaries used for nixos test is tolerable.
2017-03-11 13:43:42 +01:00
Franz Pletz 621e7a9945
qemu: fetch vnc bugfix patch from debian
This version of the patch applies cleanly to the 2.8.0 release.
2017-03-11 09:32:48 +01:00
Franz Pletz c512180f9c
qemu: add patches for multiple CVEs
New upstream patch function and patches for fixing a bug in the patch for
CVE-2017-5667 and the following security issues:

  * CVE-2016-7907
  * CVE-2016-9602
  * CVE-2016-10155
  * CVE-2017-2620
  * CVE-2017-2630
  * CVE-2017-5525
  * CVE-2017-5526
  * CVE-2017-5579
  * CVE-2017-5856
  * CVE-2017-5857
  * CVE-2017-5987
  * CVE-2017-6058
2017-03-11 08:14:29 +01:00
Peter Hoeg bce352949e virtmanager-qt: init at 0.39.60 2017-03-10 11:08:19 +08:00
Jan Malakhovski 916fa0a610 xen: rewrite build expression to be more modular, support upstream qemu and seabios
Also:

* provides a bunch of build options
* documents build options config in longDescription
* provides a bunch of predefined packages and documents them some more
* sources' hashes stay the same
2017-03-05 13:59:28 +00:00
Jan Malakhovski 1c8940a2b8 qemu: add xen support 2017-03-05 13:59:28 +00:00
Jan Malakhovski eff9b09fb7 qemu: separate usbredirSupport option out of spiceSupport option 2017-03-05 13:59:28 +00:00
Tuomas Tynkkynen 439facec2a lkl: Broken on i686
http://hydra.nixos.org/build/49534265
2017-03-02 03:59:31 +02:00
Alexey Shmalko 0d31a76813
virtualbox: fix build
The issue was caused by upgrading `qt` from `qt56` to `qt57`, which
now requires C++11.

For more info, see https://github.com/NixOS/nixpkgs/issues/23257.
2017-02-28 05:35:52 +02:00
Franz Pletz 6bafe64a20
qemu: apply patches for multiple CVEs
Fixes:

  * CVE-2017-2615
  * CVE-2017-5667
  * CVE-2017-5898
  * CVE-2017-5931
  * CVE-2017-5973

We are vulnerable to even more CVEs but those are either not severe like
memory leaks in obscure situations or upstream hasn't acknowledged the
patch yet.

cc #23072
2017-02-25 09:40:53 +01:00
Vladimír Čunát 145d3ea81c
Merge branch 'master' into staging 2017-02-22 17:47:49 +01:00
Vladimír Čunát 1d1dc2dcc3
open-vm-tools: fixup build with glibc-2.25 2017-02-22 16:54:07 +01:00
Graham Christensen cc4919da89
xen: patch for XSAs: 197, 199, 207, 208, 209
XSA-197 Issue Description:

> The compiler can emit optimizations in qemu which can lead to double
> fetch vulnerabilities.  Specifically data on the rings shared
> between qemu and the hypervisor (which the guest under control can
> obtain mappings of) can be fetched twice (during which time the
> guest can alter the contents) possibly leading to arbitrary code
> execution in qemu.

More: https://xenbits.xen.org/xsa/advisory-197.html

XSA-199 Issue Description:

> The code in qemu which implements ioport read/write looks up the
> specified ioport address in a dispatch table.  The argument to the
> dispatch function is a uint32_t, and is used without a range check,
> even though the table has entries for only 2^16 ioports.
>
> When qemu is used as a standalone emulator, ioport accesses are
> generated only from cpu instructions emulated by qemu, and are
> therefore necessarily 16-bit, so there is no vulnerability.
>
> When qemu is used as a device model within Xen, io requests are
> generated by the hypervisor and read by qemu from a shared ring.  The
> entries in this ring use a common structure, including a 64-bit
> address field, for various accesses, including ioport addresses.
>
> Xen will write only 16-bit address ioport accesses.  However,
> depending on the Xen and qemu version, the ring may be writeable by
> the guest.  If so, the guest can generate out-of-range ioport
> accesses, resulting in wild pointer accesses within qemu.

More: https://xenbits.xen.org/xsa/advisory-199.html

XSA-207 Issue Description:

> Certain internal state is set up, during domain construction, in
> preparation for possible pass-through device assignment.  On ARM and
> AMD V-i hardware this setup includes memory allocation.  On guest
> teardown, cleanup was erroneously only performed when the guest
> actually had a pass-through device assigned.

More: https://xenbits.xen.org/xsa/advisory-207.html

XSA-209 Issue Description:

> When doing bitblt copy backwards, qemu should negate the blit width.
> This avoids an oob access before the start of video memory.

More: https://xenbits.xen.org/xsa/advisory-208.html

XSA-208 Issue Description:

> In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine
> cirrus_bitblt_cputovideo fails to check wethehr the specified memory
> region is safe.

More: https://xenbits.xen.org/xsa/advisory-209.html
2017-02-22 08:00:45 -05:00
Tim Steinbach 8b60413e95
rkt: 1.24.0 -> 1.25.0 2017-02-21 18:51:34 -05:00
Vladimír Čunát 3d600726b3
xen: fixup build with glibc-2.25 2017-02-21 18:26:52 +01:00
Benjamin Staffin b42f820bdc Merge pull request #22745 from vdemeester/docker_1_13_1
docker: 1.13.0 -> 1.13.1
2017-02-14 11:47:40 -05:00
Parnell Springmeyer 9e36a58649
Merging against upstream master 2017-02-13 17:16:28 -06:00
Vincent Demeester a50b4d0e03
docker: 1.13.0 -> 1.13.1
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-02-13 16:42:39 +01:00
Vladimír Čunát 31eba21d1d
virtualbox: force xorg-server-1.18 for now
This is getting a little hacky, but hopefully it won't break anything.
2017-02-12 21:07:49 +01:00
Tuomas Tynkkynen a14ef4ad52 open-vm-tools: 10.0.7 -> 10.1.0
Also add an option to disable all the X11 stuff.
2017-02-10 20:12:00 +02:00
Christoph Hrdinka de9720b65f
aqemu: init at 0.9.2 2017-02-10 12:48:29 +01:00
Dan Peebles 03cab2d923 ecs-agent: init at 1.14.0 2017-02-10 04:33:48 +00:00
Tim Steinbach f65a3515f4
rkt: 1.23.0 -> 1.24.0 2017-02-05 11:51:05 -05:00
volth 762cc106b4 virt-top: init at 1.0.8 (#21536) 2017-02-04 16:07:45 +01:00
Pascal Bach 5ca3a7e56f virtualbox: remove upstream-info.json as it is no longer used
We keep the script as it might be useful in the future.
2017-02-02 21:11:08 +01:00
Pascal Bach 599df5e108 virtualbox: 5.1.10 -> 5.1.14 2017-02-02 21:10:01 +01:00
Eelco Dolstra c20cc6d0b3
Excise use of importJSON
Putting information in external JSON files is IMHO not an improvement
over the idiomatic style of Nix expressions. The use of JSON doesn't
add anything over Nix expressions (in fact it removes expressive
power). And scattering package info over lots of little files makes
packages less readable over having the info in one file.
2017-01-30 11:44:08 +01:00
Parnell Springmeyer 6777e6f812
Merging with upstream 2017-01-29 05:54:01 -06:00
Parnell Springmeyer 4aa0923009
Getting rid of the var indirection and using a bin path instead 2017-01-29 04:11:01 -06:00
Parnell Springmeyer e92b8402b0
Addressing PR feedback 2017-01-28 20:48:03 -08:00