1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-24 14:41:17 +00:00
Commit graph

203 commits

Author SHA1 Message Date
Carles Pagès d5a623cb39 Update 17.03 release notes 2017-04-03 22:54:34 +02:00
Robin Gloster cbd6fb1b3a
Release Notes: tracking UIDs/GIDs is in 17.09 2017-03-31 15:51:37 +02:00
Eelco Dolstra e241fb87a1
Update 17.03 release notes 2017-03-31 15:00:30 +02:00
Robin Gloster 163668f6c4
Release Notes 17.03: update on master 2017-03-30 22:52:08 +02:00
Joachim Fasting c504e14c87
rl-notes 17.03: add notes about changes to the dnscrypt-proxy interface
(cherry picked from commit 9613677176)
2017-03-30 13:36:08 +02:00
Joachim Fasting 8427222eca
rl-notes 17.03: add note about pre-NSS dnscrypt-proxy
(cherry picked from commit de5d4dc147)
2017-03-29 00:05:48 +02:00
Vladimír Čunát c1a9dc3d37
Merge branch 'master' into staging 2017-03-23 13:31:28 +01:00
Eelco Dolstra 86721a5f78
Allow attaching to non-child processes by default
The inability to run strace or gdb is the kind of
developer-unfriendliness that we're used to from OS X, let's not do it
on NixOS.

This restriction can be re-enabled by setting

  boot.kernel.sysctl."kernel.yama.ptrace_scope" = 1;

It might be nice to have a NixOS module for enabling hardened defaults.

Xref #14392.

Thanks @abbradar.
2017-03-21 18:48:35 +01:00
Robin Gloster c93eb74e6a Merge pull request #23838 from mayflower/remove-md5
fetch-*: remove md5 support
2017-03-21 13:27:51 +01:00
Frederik Rietdijk 94eb74eaad Merge remote-tracking branch 'upstream/master' into HEAD 2017-03-21 13:04:37 +01:00
Frederik Rietdijk 4263c53f66 Python changelog 2017-03-21 11:05:03 +01:00
Robin Gloster 5e0f932de0
rl-notes 17.03: info on python module location
closes #11567
2017-03-20 23:28:51 +01:00
Robin Gloster c066dc8416
fetch-*: add md5 support removal to rl-notes 2017-03-20 22:26:02 +01:00
Thomas Tuegel d458b5401a
nixos/fontconfig: add Changelog message about FreeType update 2017-03-20 10:39:48 -05:00
Franz Pletz 8ab2d2ee27
rmilter service: support only one socket 2017-03-17 23:00:34 +01:00
Daiderd Jordan 35a65a6704
release-nodes: move disabledModules to 17.09 2017-03-05 14:17:00 +01:00
Daiderd Jordan d88721e440
modules: add support for module replacement with disabledModules
This is based on a prototype Nicolas B. Pierron worked on during a
discussion we had at FOSDEM.

A new version with a workaround for problems of the reverted original.
Discussion: https://github.com/NixOS/nixpkgs/commit/3f2566689
2017-03-03 13:45:22 +01:00
Vladimír Čunát fcec3e1c72
Revert "modules: add support for module replacement with disabledModules"
This reverts commit 3f2566689d for now.
Evaluation of the tested job got broken, blocking nixos-unstable.
2017-03-01 21:56:01 +01:00
Vladimír Čunát b43614a6bb
Merge branch 'staging'
(Truly, this time :-)
2017-03-01 11:34:44 +01:00
Daiderd Jordan 3f2566689d modules: add support for module replacement with disabledModules
This is based on a prototype Nicolas B. Pierron worked on during a
discussion we had at FOSDEM.
2017-02-28 00:14:48 +01:00
Vladimír Čunát 81b43ccd57
17.09 release notes: fix typos 2017-02-27 23:03:16 +01:00
Robin Gloster 755902b543
release-notes: add 17.09 2017-02-27 20:46:34 +01:00
Vladimír Čunát a1919db7cd
Merge branch 'master' into staging 2017-02-27 20:15:27 +01:00
Frederik Rietdijk f69292ddc0 Python: explain deterministic builds in release notes 2017-02-26 14:51:26 +01:00
Graham Christensen a9c875fc2e
nixpkgs: allow packages to be marked insecure
If a package's meta has `knownVulnerabilities`, like so:

    stdenv.mkDerivation {
      name = "foobar-1.2.3";

      ...

      meta.knownVulnerabilities = [
        "CVE-0000-00000: remote code execution"
        "CVE-0000-00001: local privilege escalation"
      ];
    }

and a user attempts to install the package, they will be greeted with
a warning indicating that maybe they don't want to install it:

    error: Package ‘foobar-1.2.3’ in ‘...default.nix:20’ is marked as insecure, refusing to evaluate.

    Known issues:

     - CVE-0000-00000: remote code execution
     - CVE-0000-00001: local privilege escalation

    You can install it anyway by whitelisting this package, using the
    following methods:

    a) for `nixos-rebuild` you can add ‘foobar-1.2.3’ to
       `nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
       like so:

         {
           nixpkgs.config.permittedInsecurePackages = [
             "foobar-1.2.3"
           ];
         }

    b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
    ‘foobar-1.2.3’ to `permittedInsecurePackages` in
    ~/.config/nixpkgs/config.nix, like so:

         {
           permittedInsecurePackages = [
             "foobar-1.2.3"
           ];
         }

Adding either of these configurations will permit this specific
version to be installed. A third option also exists:

  NIXPKGS_ALLOW_INSECURE=1 nix-build ...

though I specifically avoided having a global file-based toggle to
disable this check. This way, users don't disable it once in order to
get a single package, and then don't realize future packages are
insecure.
2017-02-24 07:41:05 -05:00
Franz Pletz 9b81dcfda2
nixos/release-notes: fix typos 2017-02-22 08:45:30 +01:00
Jörg Thalheim 45719174c3
nixos/release-notes: mention iputils changes 2017-02-22 00:32:52 +01:00
Graham Christensen 7483ba0932
Revert "nix-daemon: default useSandbox to true"
This reverts commit d0a086770a.
2017-02-14 14:13:39 -05:00
Graham Christensen 3be1388963 Merge pull request #22767 from grahamc/sandbox-by-default
nix-daemon: default useSandbox to true
2017-02-14 13:57:44 -05:00
Parnell Springmeyer fb6d13c01a
Addressing feedback and fixing a bug 2017-02-14 07:38:45 -06:00
Parnell Springmeyer 9e36a58649
Merging against upstream master 2017-02-13 17:16:28 -06:00
Graham Christensen d0a086770a
nix-daemon: default useSandbox to true 2017-02-13 18:06:01 -05:00
Robin Gloster 7e5424ac09
php: default to php71 2017-02-13 22:48:45 +01:00
Vladimír Čunát 3348905cde
xorg-server: major bump 1.18.4 -> 1.19.1
I encountered no problems with it.  Nvidia binary drivers are tested,
and AMD ones now both set `abiCompat` to use older server versions.
2017-02-12 13:24:44 +01:00
Edward Tjörnhammar 2f5fdaefec
nixos, doc: dictd dbs move 2017-02-09 22:23:11 +01:00
Edward Tjörnhammar 3c9d73f100
nixos, doc: named nylons 2017-02-09 21:18:57 +01:00
Nikolay Amiantov 504774e223 release notes: mention JRE changes and jre_headless 2017-02-08 21:36:22 +03:00
Nikolay Amiantov 52c7e647ab postfix service: don't empty local_recipient_maps
From Postfix documentation:

With this setting, the Postfix SMTP server will not reject mail with "User
unknown in local recipient table". Don't do this on systems that receive mail
directly from the Internet. With today's worms and viruses, Postfix will become
a backscatter source: it accepts mail for non-existent recipients and then
tries to return that mail as "undeliverable" to the often forged sender
address.
2017-02-06 01:41:27 +03:00
Parnell Springmeyer 6777e6f812
Merging with upstream 2017-01-29 05:54:01 -06:00
Parnell Springmeyer e92b8402b0
Addressing PR feedback 2017-01-28 20:48:03 -08:00
Frederik Rietdijk 46b1ea260a pythonPackages.ansible2: move 2.2 to separate file, make default
`pythonPackages.ansible_2_2` is now the default `ansible`.
2017-01-27 10:15:31 +01:00
Parnell Springmeyer a26a796d5c
Merging against master - updating smokingpig, rebase was going to be messy 2017-01-26 02:00:04 -08:00
Parnell Springmeyer 025555d7f1
More fixes and improvements 2017-01-26 00:05:40 -08:00
Franz Pletz 8d5a4c53b8
nixos/release-notes: document conntrack helper changes 2017-01-25 01:14:05 +01:00
John Ericson 7dc4e43837 nixos doc: Mention cross overhaul in 17.03 release notes 2017-01-24 11:37:56 -05:00
Nicolas B. Pierron 0214d94b24 Remove extra "in" keyword from the release notes about overlays.
Thanks to @teh for reporting this issue on the pull request.
2017-01-17 21:24:44 +00:00
Nicolas B. Pierron 8366525cbf Fix release-notes compilation. 2017-01-16 01:17:33 +01:00
Nicolas B. Pierron 2d6532b330 Update overlay documentation by following nits from aneeshusa. 2017-01-16 01:17:33 +01:00
Nicolas B. Pierron ae7e893de1 Improve the realse notes with the upcoming documentation links, and a better example of how to convert overridePackages usage. 2017-01-16 01:17:33 +01:00
Nicolas B. Pierron 6a83c315ec Add missing line break in the release notes. 2017-01-16 01:17:33 +01:00