1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-22 23:10:02 +00:00
Commit graph

82778 commits

Author SHA1 Message Date
taku0 90f5be3133 firefox-bin: 45.0.2 -> 46.0.1 2016-05-04 14:50:17 +09:00
Joachim Fasting eecd06409f Merge pull request #15205 from romildo/upd.imlib2
imlib2: 1.4.8 -> 1.4.9
2016-05-04 06:46:26 +02:00
Joachim Fasting 0a61ab5845 Merge pull request #15200 from Pleune/fix/bspwm-java-noreparenting
bspwm: add _JAVA_AWT_WM_NONREPARENTING=1
2016-05-04 06:18:38 +02:00
Joachim Fasting da767356f2
grsecurity: support disabling TCP simultaneous connect
Defaults to OFF because disabling TCP simultaneous connect breaks some
legitimate use cases, notably WebRTC [1], but it's nice to provide the
option for deployments where those features are unneeded anyway.

This is an alternative to https://github.com/NixOS/nixpkgs/pull/4937

[1]: http://article.gmane.org/gmane.linux.documentation/9425
2016-05-04 03:53:24 +02:00
José Romildo Malaquias 3e401a8d01 imlib2: 1.4.8 -> 1.4.9 2016-05-03 22:34:47 -03:00
Svein Ove Aas c5451206ab Init CKAN: The Comprehensive Kerbal Archive Network (#15202)
* ckan: Init at 1.16.1
2016-05-04 02:12:39 +01:00
Joachim Fasting d0306e4ab4 Merge pull request #15201 from romildo/fix.xfce4-whiskermenu-plugin
xfce4-whiskermenu-plugin: 1.5.2 -> 1.5.3
2016-05-04 02:29:20 +02:00
Thomas Tuegel d9f57d5256 Merge pull request #15203 from NixOS/update-poppler
poppler: 0.36.0 -> 0.43.0
2016-05-03 18:29:24 -05:00
Franz Pletz 2acea21155 gitlab: 8.5.7 -> 8.5.12 2016-05-04 01:24:55 +02:00
Franz Pletz 69c14985d0 imagemagick: Disable insecure coders (ImageTragick)
See:

  * https://imagetragick.com/
  * https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
2016-05-04 01:22:02 +02:00
Franz Pletz 05eae0242d imagemagick: 6.9.3-8 -> 6.9.3-9 2016-05-04 01:22:02 +02:00
Joachim Fasting 0bd31bce10
grsecurity: drop support for 4.4 kernels
From now on, only the testing branch of grsecurity will be supported.
Additionally, use only patches from upstream.

It's impossible to provide meaningful support for grsecurity stable.
First, because building and testing \(m \times n \times z) [1], packages
is infeasible.  Second, because stable patches are only available from
upstream for-pay, making us reliant on third-parties for patches. In
addition to creating yet more work for the maintainers, using stable
patches provided by a third-party goes against the wishes of upstream.

nixpkgs provides the tools necessary to build grsecurity kernels for any
version the user chooses, however, provided they pay for, or otherwise
acquire, the patch themselves.

Eventually, we'll want to remove the now obsolete top-level attributes,
but leave them in for now to smoothe migration (they have been removed
from top-level/release.nix, though, because it makes no sense to have
them there).

[1]: where \(m\) is the number of grsecurity flavors, \(n\) is the
number of kernel versions, and z is the size of the `linuxPackages` set
2016-05-04 01:07:53 +02:00
Tobias Geerinckx-Rice 63a63c53d6
poppler: 0.36.0 -> 0.43.0 2016-05-04 00:40:03 +02:00
Tobias Geerinckx-Rice d6e4c1b750
thinkfan: install manual, README and examples
READMEs usually just waste those precious kilobytes, but both the
manual page and --help output refer to this one quite a bit.
2016-05-04 00:39:51 +02:00
José Romildo Malaquias 41b5de4773 xfce4-whiskermenu-plugin: 1.5.2 -> 1.5.3 2016-05-03 19:13:09 -03:00
obadz b1bf11881a spdlog: init at 292bdc5 2016-05-03 23:05:37 +01:00
José Romildo Malaquias 518b9abfd5 xfce4-whiskermenu-plugin: the xfce4-panel binary is in ${xfce4panel.out} 2016-05-03 19:03:46 -03:00
Mitchell Pleune 571e9b5f1f bspwm: add _JAVA_AWT_WM_NONREPARENTING=1
bspwm is not in java's internal list of non-reparrenting
window managers. See https://awesomewm.org/wiki/Problems_with_Java
2016-05-03 17:46:48 -04:00
Tobias Geerinckx-Rice db3ee01ab6
geolite-legacy: 2016-05-02 -> 2016-05-03 2016-05-03 23:42:08 +02:00
Bjørn Forsman 78b6e8c319 jenkins service: improve curl call in postStart
* Perform HTTP HEAD request instead of full GET (lighter weight)
* Don't log output of curl to the journal (it's noise/debug)
* Use explicit http:// URL scheme
* Reduce poll interval from 10s to 2s (respond to state changes
  quicker). Probably not relevant on boot (lots of services compete for
  the CPU), but online service restarts/reloads should be quicker.
* Pass --fail to curl (should be more robust against false positives)
* Use 4 space indent for shell code.
2016-05-03 23:12:45 +02:00
Bjørn Forsman 51e5beca42 jenkins service: remove unneeded (and brittle) part of postStart
The current postStart code holds Jenkins off the "started" state until
Jenkins becomes idle. But it should be enough to wait until Jenkins
start handling HTTP requests to consider it "started".

More reasons why the current approach is bad and we should remove it,
from @coreyoconnor in
https://github.com/NixOS/nixpkgs/issues/14991#issuecomment-216572571:

  1. Repeatedly curling for a specific human-readable string to
  determine "Active" is fragile. For instance, what happens when jenkins
  is localized?

  2. The time jenkins takes to initializes is variable. This (at least
  used to) depend on the number of jobs and any plugin upgrades requested.

  3. Jenkins can be requested to restart from the UI. Which will not
  affect the status of the service. This means that the service being
  "active" does not imply jenkins is initialized. Downstream services
  cannot assume jenkins is initialized if the service is active. Might
  as well accept that and remove the initialized test from service
  startup.

Fixes #14991.
2016-05-03 22:24:13 +02:00
aszlig e7d3166656
nixos/tests/netboot: Fix evaluation error
Regression introduced by dfe608c8a2.

The commit turns the two arguments into one attrset argument so we need
to adapt that to use the new calling convention.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-03 22:05:11 +02:00
Arseniy Seroka 82475a9a7c Merge pull request #15175 from magnetophon/linuxband
linuxband: init at 12.02.1
2016-05-03 22:58:43 +03:00
Arseniy Seroka f3eca5f5d2 Merge pull request #15196 from groxxda/bump/connman
connman: 1.31 -> 1.32
2016-05-03 22:58:20 +03:00
Arseniy Seroka c9fb51451a Merge pull request #15197 from romildo/upd.gtk-xfce-engine
gtk-xfce-engine: 2.10.1 -> 3.2.0
2016-05-03 22:58:02 +03:00
Tobias Geerinckx-Rice 31253ad957
cdrtools: 3.02a03 -> 3.02a06 2016-05-03 20:41:19 +02:00
Tobias Geerinckx-Rice d4d6d9d3d2
ortp: 0.24.2 -> 0.25.0 2016-05-03 20:41:19 +02:00
Tobias Geerinckx-Rice ff6a98612c
seccure: 0.4 -> 0.5 2016-05-03 20:41:19 +02:00
Thomas Tuegel 147d942b54 julia: remove ttuegel from maintainers
ttuegel has not used julia in some time
2016-05-03 13:34:50 -05:00
Alexander Ried 82c141b999 Revert "iptables: add 1.6 branch (init 1.6.0). Not making it the default this time."
This reverts commit 74f7916a9a.

Time to make it the default.
2016-05-03 20:29:52 +02:00
Michael Raskin 0bc13e3af2 iptables: 1.4.21 -> 1.6.0 2016-05-03 20:29:30 +02:00
Tuomas Tynkkynen 980bca286e gcc 4.5, 4.6: Remove broken update-gcc.sh symlinks 2016-05-03 21:29:16 +03:00
José Romildo Malaquias f0da9ff412 gtk-xfce-engine: add support to Gtk3 2016-05-03 15:18:23 -03:00
José Romildo Malaquias f72a2faa28 gtk-xfce-engine: 2.10.1 -> 3.2.0 2016-05-03 15:14:50 -03:00
Alexander Ried d74335da85 connman: make dependency on awk explicit 2016-05-03 20:10:58 +02:00
Alexander Ried b95eebec65 connman: 1.31 -> 1.32
fetch release tarball instead of git checkout and drop autotools

This update is compatible with iptables 1.6.0 (see #12178)
2016-05-03 20:10:54 +02:00
Tobias Geerinckx-Rice 959472a824
nginx: 1.8.1 -> 1.10.0
Changes: http://nginx.org/en/CHANGES-1.10
2016-05-03 20:05:57 +02:00
Alexander Ried a0a6a3df88 libcap: Move old libcap_* aliases to aliases.nix 2016-05-03 19:52:53 +02:00
Alexander Ried 5c295a4925 libcap: Replace occurences of libcap_progs with libcap.out 2016-05-03 19:52:53 +02:00
Alexander Ried 7382afac40 libcap: replace old split with multi-output 2016-05-03 19:52:10 +02:00
Alexander Ried 64ef643833 libcap: 2.24 -> 2.25 2016-05-03 19:52:10 +02:00
Alexander Ried 3fe746cfc2 tinc_pre: 1.1pre-git2016.01.28 -> 1.1pre-14 (#15192)
split the documentation output
remove the tinc-gui binary because python dependencies are not fulfilled
2016-05-03 19:39:53 +02:00
Tobias Geerinckx-Rice bf81306848
gandi-cli: pull out of python-packages.nix 2016-05-03 18:28:23 +02:00
Franz Pletz 6d55b2e9c0 libressl: 2.2.6 -> 2.2.7, 2.3.3 -> 2.3.4
Fix multiple vulnerabilities in libcrypto relating to ASN.1 and encoding.

http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.7-relnotes.txt
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.4-relnotes.txt
2016-05-03 17:22:35 +02:00
Eelco Dolstra 520a7b88db Merge pull request #15191 from nathan7/master
openssl: 1.0.1s -> 1.0.1t, 1.0.2g -> 1.0.2h (CVE-2016-2108 CVE-2016-2107 CVE-2016-2105 CVE-2016-2106 CVE-2016-2109 CVE-2016-2176) [urgent/security]
2016-05-03 17:05:48 +02:00
Nathan Zadoks bdafc6df04 openssl: 1.0.1s -> 1.0.1t, 1.0.2g -> 1.0.2h
CVE-2016-2108, high severity: Memory corruption in the ASN.1 encoder
CVE-2016-2107, high severity: Padding oracle in AES-NI CBC MAC check
CVE-2016-2105, low severity: EVP_EncodeUpdate overflow
CVE-2016-2106, low severity: EVP_EncryptUpdate overflow
CVE-2016-2109, low severity: ASN.1 BIO excessive memory allocation
CVE-2016-2176, low severity: EBCDIC overread
2016-05-03 10:54:15 -04:00
Sebastian Gniazdowski 7c0063bf15 zsh-navigation-tools: 1.4 -> 2.0.7 2016-05-03 14:46:43 +00:00
Franz Pletz 5ca8694095 debootstrap: 1.0.68 -> 1.0.80 2016-05-03 16:15:20 +02:00
Franz Pletz 4825d4033e ddrescue: 1.20 -> 1.21 2016-05-03 16:15:20 +02:00
Franz Pletz b5fdb8585b di: 4.36 -> 4.37 2016-05-03 16:15:20 +02:00