1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-19 12:11:28 +00:00
Commit graph

87996 commits

Author SHA1 Message Date
obadz 66d5edf654 chromium: add nixos module security.chromiumSuidSandbox
Closes #17460

Changed the wrapper derivation to produce a second output containing the sandbox.
Add a launch wrapper to try and locate the sandbox (either in /var/setuid-wrappers or in /nix/store).
This launch wrapper also sheds libredirect.so from LD_PRELOAD as Chromium does not tolerate it.

Does not trigger a Chromium rebuild.

cc @cleverca22 @joachifm @jasom
2016-08-06 10:27:47 +01:00
cmfwyp 41b8c6d5a9
dejavu-fonts: simplify build process
Unicode data and fc-lang are only necessary to generate the status
files and coverage information, which are not used, or indeed even
generated with full-ttf.
2016-08-06 10:24:43 +02:00
cmfwyp b4c8ea9536
dejavu-fonts: 2.35 -> 2.37
Release 2.36 adds and fixes a number of glyphes, and adds the
Tex Gyre DejaVu Math font, a companion font to DejaVu Serif for
typesetting mathematics.

Release 2.37 fixes an issue with condensed typefaces.

The sources are now fetched from GitHub, since the development was
moved from SourceForge to GitHub.
2016-08-06 10:24:43 +02:00
Frederik Rietdijk 356509ad45 pythonPackages.notebook: 4.2.1 -> 4.2.2 2016-08-06 08:36:59 +02:00
Gabriel Ebner 22088b4b25 nixos/x11: make nvidia driver work again
The nvidia driver module directly sets the services.xserver.drivers
option, while still having nvidia/nvidiaBeta/... etc. in the
videoDrivers option.
2016-08-06 07:26:25 +02:00
Joachim F af8b7d3a28 Merge pull request #17526 from RamKromberg/fix/wavpack
wavpack: 4.75.0 -> 4.80.0
2016-08-06 00:59:08 +02:00
Joachim F dece583a94 Merge pull request #17484 from srp/nixos-container-terminate
nixos-container: add 'terminate' command which 'destroy' now uses
2016-08-05 23:03:38 +02:00
Robin Gloster f4e1041e31 Merge pull request #17503 from peterhoeg/ssh
ssh module: ignore exit code when socket activated
2016-08-05 19:58:06 +02:00
Joachim F f044035a9e Merge pull request #17470 from layus/synaptics-conflict
Warn for conflict between synaptics and libinput
2016-08-05 19:26:07 +02:00
Robin Gloster fae6264d3a Merge pull request #17533 from wizeman/u/upd-containers
ocamlPackages.containers: 0.16 -> 0.18
2016-08-05 19:15:01 +02:00
Michal Rus 7281740c2e
linux: enable DRM_GMA600 and DRM_GMA3600
Adds basic support for Intel GMA3600/3650 (Intel Cedar Trail) platforms
and support for GMA600 (Intel Moorestown/Oaktrail) platforms with LVDS
ports via the gma500_gfx module.

Resolves #14727 Closes #17519
2016-08-05 19:07:40 +02:00
Robin Gloster 7599964915 Merge pull request #17518 from juliendehos/gtksourceviewmm
gtksourceviewmm: init at 3.18.0
2016-08-05 19:05:10 +02:00
Robin Gloster 19158a60cf Merge pull request #17541 from womfoo/bump/wraith-1.4.7
wraith: 1.4.6 -> 1.4.7, fixes build
2016-08-05 19:04:02 +02:00
Robin Gloster 71606efc71 Merge pull request #17537 from NeQuissimus/ohmyzsh20160801
oh-my-zsh: 2016-07-15 -> 2016-08-01
2016-08-05 19:02:00 +02:00
Gabriel Ebner 5e6ac5fcf3 nixos/x11: output sections for modesetting driver
See #17487.
2016-08-05 18:31:04 +02:00
Kranium Gikos Mendoza 9470b28743 wraith: 1.4.6 -> 1.4.7 2016-08-06 00:05:40 +08:00
Joachim F 632f9060f1 Merge pull request #17363 from MatrixAI/zsh-helpdir
zsh: Added HELPDIR variable for interactive shells
2016-08-05 16:45:28 +02:00
Joachim F b7a4ef1a87 Merge pull request #17492 from k0ral/webkit
webkitgtk: 2.10.4 -> 2.10.9
2016-08-05 16:40:00 +02:00
Tim Steinbach 43fd03a6df oh-my-zsh: 2016-07-15 -> 2016-08-01 2016-08-05 09:53:48 -04:00
Ricardo M. Correia e5db1995a6 ocamlPackages.containers: 0.16 -> 0.18 2016-08-05 14:35:17 +02:00
Ram Kromberg 76c2988e33 wavpack: 4.75.0 -> 4.80.0 2016-08-05 13:54:56 +03:00
Domen Kožar 1664279f0e Add nix-repl as release blocker
This would have blocked the channel in recent curl bump.
2016-08-05 12:08:44 +02:00
obadz d6528a1b7f chromium: fixup commit 33557ac
Helps with #17460

@cleverca22 saw calls to SetuidSandboxHost::GetSandboxBinaryPath so we
patch this function instead.

cc @joachifm
2016-08-05 10:55:48 +01:00
Rok Garbas 3823033107 Revert "curl: 7.47.1 -> 7.50.0" (#17528) 2016-08-05 11:03:51 +02:00
Rok Garbas 9c6fccf29a Revert "curl: 7.50.0 -> 7.50.1" (#17525) 2016-08-05 10:52:30 +02:00
Julien Dehos d46d0c4bb1 gtksourceviewmm: init at 3.18.0 2016-08-05 09:53:45 +02:00
Aneesh Agrawal 5e3eb476f5 neovim: remove unused glib dependency (#17499)
As far as I can tell, neovim has never required glib to build.
The neovim libtermkey does include a demo-glib.c example, but that is
optional.
2016-08-05 09:33:05 +02:00
Kranium Gikos Mendoza 4b62054f4c curl: 7.50.0 -> 7.50.1 (#17486) 2016-08-05 05:00:53 +02:00
Franz Pletz 2d6b7aa545 linux: enable some useful networking options
All options are enabled by default on Debian and some other
distributions, so these should be safe.
2016-08-05 04:07:31 +02:00
Franz Pletz a3f6ca6d17 collectd: 5.5.1 -> 5.5.2 (security)
Fixes CVE-2016-6254.
2016-08-05 04:07:31 +02:00
Franz Pletz 6cf7e8d2ed libreswan: 3.17 -> 3.18 (security)
Fixes CVE-2016-5391, see

  https://libreswan.org/security/CVE-2016-5391/CVE-2016-5391.txt
2016-08-05 04:07:31 +02:00
Franz Pletz 792f96fbc7 Merge pull request #17489 from mayflower/pkg/gitlab-8-10
gitlab: 8.5.12 -> 8.10.3, update module
2016-08-04 23:35:22 +02:00
Tuomas Tynkkynen 2ea72fa9c8 nixos/luksroot: Reference correct output of openssl 2016-08-04 23:12:39 +03:00
Tuomas Tynkkynen 0eb827918d xorg.libpciaccess: Not supported on Darwin
http://hydra.nixos.org/build/38160825/nixlog/1/raw
2016-08-04 23:11:45 +03:00
obadz 33557acb36 chromium: add ability to control which sandbox is used
First step towards addressing #17460

In order to be able to run the SUID sandbox, which is good for security
and required to run Chromium with any kind of reasonable sandboxing when
using grsecurity kernels, we want to be able to control where the
sandbox comes from in the Chromium wrapper. This commit patches the
appropriate bit of source and adds the same old sandbox to the wrapper
(so it should be a no-op)
2016-08-04 20:37:35 +01:00
koral b3beab9f03 webkitgtk: 2.10.4 -> 2.10.9 2016-08-04 21:18:38 +02:00
Dinnanid 672447f1ad
eclipse-sdk: 4.5.2 -> 4.6 2016-08-04 20:11:08 +02:00
Dinnanid b78a70ccc8
eclipse-sdk: 4.5.1 -> 4.5.2 2016-08-04 20:11:08 +02:00
obadz fbea275286 haskellPackages.ghc-mod: remove override as 5.6.0.0 is ghc8 compatible
cc @peti
2016-08-04 17:40:17 +01:00
Brad Ediger f0f9172017 elm: Constrain aeson-pretty to <0.8 (#17511)
https://github.com/elm-lang/elm-compiler/pull/1431
2016-08-04 18:08:32 +02:00
Thomas Tuegel 9a29551636 Merge branch 'plasma-5.7' 2016-08-04 10:44:43 -05:00
Peter Hoeg aded8e40c1 startkde: default to breeze instead of plastik on a fresh login 2016-08-04 10:44:25 -05:00
Thomas Tuegel 5b008e30b4 kdeWrapper: avoid excessive file collisions 2016-08-04 10:40:36 -05:00
Peter Simons 2627b09b82 haskell-applicative-quoters: fix build with GHC 8.x 2016-08-04 17:38:44 +02:00
obadz 037d9c6cab nixos-install: add options --closure, --no-channel-copy, --no-root-passwd, and --no-bootloader
Closes #17236

nix-build -A tests.installer.simple '<nixos/release.nix>' succeeds ✓
2016-08-04 16:22:25 +01:00
Thomas Tuegel c291485b74 kde5.breeze-grub: init at 5.7.3 2016-08-04 10:15:32 -05:00
Thomas Tuegel bed8eb86c6 kde5.breeze-plymouth: init at 5.7.3 2016-08-04 10:00:12 -05:00
Joachim F 4eef7a4ecf Merge pull request #17506 from romildo/upd.tint2
tint2: 0.12.11 -> 0.12.12
2016-08-04 16:54:34 +02:00
Joachim F 18333473bd Merge pull request #17507 from romildo/upd.mate
mate-themes: 3.20.8 -> 3.20.10
2016-08-04 16:54:18 +02:00
Joachim F 6664471d51 Merge pull request #17505 from Mounium/patch-1
flat-plat: Made the theme actually discoverable
2016-08-04 16:50:51 +02:00