1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-19 12:28:51 +00:00
Commit graph

101857 commits

Author SHA1 Message Date
Dmitry Kalinkin cb1b08a871
herwig: 7.0.3 -> 7.0.4 2017-03-01 22:53:41 -05:00
Dmitry Kalinkin ac51822ee8
pythonPackages.python-sybase: init at 0.40pre2 2017-03-01 22:53:41 -05:00
Dmitry Kalinkin 2198a7c747
pythonPackages.graphviz: init at 0.5.2 2017-03-01 22:53:41 -05:00
Dmitry Kalinkin e60805061b
pythonPackages.pyhepmc: init at 0.5.0 2017-03-01 22:53:40 -05:00
Dmitry Kalinkin fa8afc05c0
pythonPackages.rootpy: 0.8.3 -> 0.9.0 2017-02-27 15:40:01 -05:00
Jörg Thalheim 0eefe9bc62 lxc: fix glibc 2.25 incompatibility 2017-02-24 14:00:23 +01:00
Robin Gloster 8f60b43d9c Merge pull request #23130 from grahamc/insecure-packages-with-docs
nixpkgs: allow packages to be marked insecure (this time with docs)
2017-02-24 13:44:28 +01:00
Graham Christensen 30cea5f022
libplist: mark as insecure
Patches currently available don't seem to apply.
2017-02-24 07:41:11 -05:00
Graham Christensen a9c875fc2e
nixpkgs: allow packages to be marked insecure
If a package's meta has `knownVulnerabilities`, like so:

    stdenv.mkDerivation {
      name = "foobar-1.2.3";

      ...

      meta.knownVulnerabilities = [
        "CVE-0000-00000: remote code execution"
        "CVE-0000-00001: local privilege escalation"
      ];
    }

and a user attempts to install the package, they will be greeted with
a warning indicating that maybe they don't want to install it:

    error: Package ‘foobar-1.2.3’ in ‘...default.nix:20’ is marked as insecure, refusing to evaluate.

    Known issues:

     - CVE-0000-00000: remote code execution
     - CVE-0000-00001: local privilege escalation

    You can install it anyway by whitelisting this package, using the
    following methods:

    a) for `nixos-rebuild` you can add ‘foobar-1.2.3’ to
       `nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
       like so:

         {
           nixpkgs.config.permittedInsecurePackages = [
             "foobar-1.2.3"
           ];
         }

    b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
    ‘foobar-1.2.3’ to `permittedInsecurePackages` in
    ~/.config/nixpkgs/config.nix, like so:

         {
           permittedInsecurePackages = [
             "foobar-1.2.3"
           ];
         }

Adding either of these configurations will permit this specific
version to be installed. A third option also exists:

  NIXPKGS_ALLOW_INSECURE=1 nix-build ...

though I specifically avoided having a global file-based toggle to
disable this check. This way, users don't disable it once in order to
get a single package, and then don't realize future packages are
insecure.
2017-02-24 07:41:05 -05:00
Eelco Dolstra 8e1fa01f3a
nix: 1.11.6 -> 1.11.7 2017-02-24 12:53:53 +01:00
Jascha Geerds a49be4fcaf Merge pull request #23143 from romildo/upd.numix-icon-theme
numix-icon-theme: 2016-11-13 -> 2017-01-25
2017-02-24 12:20:40 +01:00
romildo aaa93d32aa numix-icon-theme: 2016-11-13 -> 2017-01-25 2017-02-24 06:37:46 -03:00
Peter Hoeg 9e59945383 calibre: 2.79.1 -> 2.80.0 2017-02-24 17:20:23 +08:00
Pascal Wittmann 3af06724fa Merge pull request #23136 from ljli/global-enhance
global: support universal-ctags
2017-02-24 08:37:39 +01:00
Peter Hoeg 4588f94396 sensu: 0.17.1 -> 0.28.0 2017-02-24 15:30:15 +08:00
Leon Isenberg 3211ff1b50 global: support universal-ctags 2017-02-24 07:51:39 +01:00
Peter Hoeg 8e3d0b8323 awless: 0.0.13 -> 0.0.14 2017-02-24 11:15:26 +08:00
Graham Christensen d36b1ccc13
Revert "Revert "linux kernels: patch against DCCP double free (CVE-2017-6074)""
This reverts commit 53a2baabbe.
2017-02-23 19:23:29 -05:00
Graham Christensen 53a2baabbe
Revert "linux kernels: patch against DCCP double free (CVE-2017-6074)"
This reverts commit 1d68edbef4.
2017-02-23 18:47:16 -05:00
Graham Christensen 1d68edbef4
linux kernels: patch against DCCP double free (CVE-2017-6074) 2017-02-23 18:44:43 -05:00
Shea Levy c71bae0330 long-shebang: 1.1.0 -> 1.2.0 2017-02-23 18:27:12 -05:00
Tim Steinbach 82aae8f631
kernel: 4.4.50 -> 4.4.51 2017-02-23 17:47:51 -05:00
Tim Steinbach 18c2be2862
kernel: 4.9.11 -> 4.9.12 2017-02-23 17:47:18 -05:00
Domen Kožar afb7d04dd6
elmPackages: fix #22932 2017-02-23 22:58:40 +01:00
Bjørn Forsman 52eab0376c spotify: 1.0.49.125.g72ee7853-83 -> 1.0.49.125.g72ee7853-111 2017-02-23 22:20:49 +01:00
Pascal Wittmann 04dcda3da4
homebank: 5.1.3 -> 5.1.4 2017-02-23 22:18:45 +01:00
John Wiegley 6bbddcf7d1
xcbuild: Guard a glibc-only postPatch with \!isDarwin 2017-02-23 11:32:52 -08:00
Vincent Laporte 75b187b0f7 ocamlPackages.eliom: adds ocamlbuild as a dependency 2017-02-23 19:10:33 +00:00
Vincent Laporte a9b0c95ad4 ocamlPackages.ppx_sexp_conv: init at 113.33.01+4.03 2017-02-23 19:07:38 +00:00
Vincent Laporte 7ca9e6776d ocamlPackages.ppx_type_conv: init at 113.33.02+4.03 2017-02-23 19:04:01 +00:00
Vincent Laporte d6bc0c9236 ocamlPackages.ppx_optcomp: init at 113.33.0[01]+4.03 2017-02-23 18:34:17 +00:00
Vincent Laporte 63796fd38f ocamlPackages.ppx_core: init at 113.33.01+4.03 2017-02-23 18:28:15 +00:00
Vincent Laporte be427d6e51 ocamlPackages.sexplib: init at 113.33.00+4.03 2017-02-23 18:25:56 +00:00
Joachim Fasting b92501f0d8
grsecurity: 4.9.11-201702181444 -> 201702222257 2017-02-23 19:18:39 +01:00
Jason A. Donenfeld 67b4f726c8 wireguard: 0.0.20170214 -> 0.0.20170223
Simple version bump.
2017-02-23 19:07:42 +01:00
Franz Pletz 4730993ca6 Merge pull request #23109 from dtzWill/update/neo4j
neo4j: update and fix JVM parameters in NixOS module
2017-02-23 19:02:32 +01:00
Profpatsch 8e54fced98 flpsed: ghostscript patch, fixes, new url
gs was called at runtime, fix the execvp call.
The url changed to its own domain.
A little face-lift for the package code.
2017-02-23 18:52:30 +01:00
Robin Gloster b707552b5b
phpPackages.xdebug: 2.4.0RC3 -> 2.5.0
fixes #23098
2017-02-23 18:51:53 +01:00
Franz Pletz d508ef88f7 Merge pull request #23082 from mayflower/graylog_update
graylog: update + module plugin support
2017-02-23 17:42:57 +01:00
Robin Gloster 940492cef5 Merge pull request #22634 from Ekleog/dhparams
dhparams module: initialize
2017-02-23 17:16:04 +01:00
Vladimír Čunát cb63a0b2da
knot-resolver: maintenance 1.2.2 -> 1.2.3
Just tiny fixes for some rare circumstances.
https://lists.nic.cz/pipermail/knot-dns-users/2017-February/001066.html
2017-02-23 16:23:23 +01:00
Franz Pletz a689c7c792
pythonPackages.xdot: fix wrapper 2017-02-23 16:07:41 +01:00
Franz Pletz 4905c1c54f
prosody service: needs working network connectivity 2017-02-23 16:07:41 +01:00
Franz Pletz 66f553974b
dhcpcd service: fix network-online.target integration
When dhcpcd instead of networkd is used, the network-online.target behaved
the same as network.target, resulting in broken services that need a working
network connectivity when being started.

This commit makes dhcpcd wait for a lease and makes it wanted by
network-online.target. In turn, network-online.target is now wanted by
multi-user.target, so it will be activated at every boot.
2017-02-23 16:07:40 +01:00
Graham Christensen 0cfa40d122 Merge pull request #23108 from NixOS/revert-22890-mark-as-insecure
Revert "nixpkgs: allow packages to be marked insecure"
2017-02-23 09:42:23 -05:00
Graham Christensen 59d61ef34a Revert "nixpkgs: allow packages to be marked insecure" 2017-02-23 09:41:42 -05:00
Will Dietz bc15b4222b nixos/neo4j: Update to default JVM options from current release.
The options previously listed here were the defaults back in 2.1.x.
2017-02-23 08:41:29 -06:00
Will Dietz 2da2731045 neo4j: 3.0.6 -> 3.1.1 2017-02-23 08:41:28 -06:00
Robin Gloster 274994785d
networking module: remove reference to removed ip-up.target 2017-02-23 15:25:19 +01:00
Tristan Helmich 7420922806 graylog module: add plugin support 2017-02-23 15:21:29 +01:00