1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-30 09:31:01 +00:00
Commit graph

101726 commits

Author SHA1 Message Date
Graham Christensen cc4919da89
xen: patch for XSAs: 197, 199, 207, 208, 209
XSA-197 Issue Description:

> The compiler can emit optimizations in qemu which can lead to double
> fetch vulnerabilities.  Specifically data on the rings shared
> between qemu and the hypervisor (which the guest under control can
> obtain mappings of) can be fetched twice (during which time the
> guest can alter the contents) possibly leading to arbitrary code
> execution in qemu.

More: https://xenbits.xen.org/xsa/advisory-197.html

XSA-199 Issue Description:

> The code in qemu which implements ioport read/write looks up the
> specified ioport address in a dispatch table.  The argument to the
> dispatch function is a uint32_t, and is used without a range check,
> even though the table has entries for only 2^16 ioports.
>
> When qemu is used as a standalone emulator, ioport accesses are
> generated only from cpu instructions emulated by qemu, and are
> therefore necessarily 16-bit, so there is no vulnerability.
>
> When qemu is used as a device model within Xen, io requests are
> generated by the hypervisor and read by qemu from a shared ring.  The
> entries in this ring use a common structure, including a 64-bit
> address field, for various accesses, including ioport addresses.
>
> Xen will write only 16-bit address ioport accesses.  However,
> depending on the Xen and qemu version, the ring may be writeable by
> the guest.  If so, the guest can generate out-of-range ioport
> accesses, resulting in wild pointer accesses within qemu.

More: https://xenbits.xen.org/xsa/advisory-199.html

XSA-207 Issue Description:

> Certain internal state is set up, during domain construction, in
> preparation for possible pass-through device assignment.  On ARM and
> AMD V-i hardware this setup includes memory allocation.  On guest
> teardown, cleanup was erroneously only performed when the guest
> actually had a pass-through device assigned.

More: https://xenbits.xen.org/xsa/advisory-207.html

XSA-209 Issue Description:

> When doing bitblt copy backwards, qemu should negate the blit width.
> This avoids an oob access before the start of video memory.

More: https://xenbits.xen.org/xsa/advisory-208.html

XSA-208 Issue Description:

> In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine
> cirrus_bitblt_cputovideo fails to check wethehr the specified memory
> region is safe.

More: https://xenbits.xen.org/xsa/advisory-209.html
2017-02-22 08:00:45 -05:00
Frederik Rietdijk 026cfee6b0 Docs: update Python contributing guidelines 2017-02-22 13:38:29 +01:00
Peter Hoeg 409dac4155 Merge branch 'u/tg' into real_master 2017-02-22 20:14:26 +08:00
Peter Hoeg 494462e857 terragrunt: 0.10.1 -> 0.10.2 2017-02-22 20:12:25 +08:00
Peter Simons deec3c1dae Merge pull request #23071 from takikawa/add-ndpi-1.8
ndpi: init at 1.8
2017-02-22 10:46:19 +01:00
Asumu Takikawa 85fb29bb49 ndpi: init at 1.8 2017-02-22 00:20:10 -08:00
Franz Pletz 67018e7759
pymol: fix evaluation
cc #23007 @Mounium @Mic92
2017-02-22 08:48:42 +01:00
Franz Pletz 9b81dcfda2
nixos/release-notes: fix typos 2017-02-22 08:45:30 +01:00
Franz Pletz 2a228bdc9b Merge pull request #23064 from NeQuissimus/rkt_1_25_0
rkt: 1.24.0 -> 1.25.0
2017-02-22 07:49:09 +01:00
Tom Hunger bae3d0e49f vowpalwabbit: init at 8.3.2 2017-02-22 07:28:52 +01:00
Franz Pletz 63200708af Merge pull request #23065 from NeQuissimus/gradle_3_4
gradle: 3.3 -> 3.4
2017-02-22 07:27:05 +01:00
Franz Pletz 136ee09ef8 Merge pull request #23066 from NeQuissimus/oh_my_zsh_2017_02_20
oh-my-zsh: 2017-01-15 -> 2017-02-20
2017-02-22 07:20:31 +01:00
Jörg Thalheim 27d4f8c717 Merge pull request #23046 from Zimmi48/patch-2
nixos/manual/networkmanager: add info on nm-applet
2017-02-22 01:40:50 +01:00
Jörg Thalheim 6a044f1841 Merge pull request #23045 from Zimmi48/patch-1
nixos/manual/xserver: propose more alternatives
2017-02-22 01:38:25 +01:00
Mounium eb688ac0a7 pymol: init at 1.8.4 (#23007) 2017-02-22 01:35:09 +01:00
Tim Steinbach 61666724a6
oh-my-zsh: 2017-01-15 -> 2017-02-20 2017-02-21 19:07:59 -05:00
Nick Novitski 7bb0611e2e vim_configurable: Add packPath option to vimrcConfig (#22776)
* vim_configurable: Add packages option to vimrcConfig

Version 8 of vim adds the concept of "vim packages": directories which
contain one or more vim plugins, in either "start" or "opt"
subdirectories. Those in "start" are to be loaded automatically, while
those in "opt" can be loaded manually. Vim detects any packages located
in one of its "packpaths".

The packages option takes a set of sets describing one or more vim
packages, and adds the derivation containing these packages to the
packpath.

* fix documentation.
2017-02-22 01:06:34 +01:00
Tim Steinbach 83f29e9b99
gradle: 3.3 -> 3.4 2017-02-21 19:02:42 -05:00
Tim Steinbach 8b60413e95
rkt: 1.24.0 -> 1.25.0 2017-02-21 18:51:34 -05:00
Peter Hoeg 4ecaed783b utox: remove unnecessary line 2017-02-22 07:49:02 +08:00
Jörg Thalheim 5b14e91717 Merge pull request #22822 from Mic92/iputils
iputils: 20151218 -> 20161105
2017-02-22 00:37:13 +01:00
Peter Hoeg 2cd286b3cf Merge branch 'u/utox' into real_master 2017-02-22 07:33:56 +08:00
Peter Hoeg 2805ac54d8 utox: 0.12.2 -> 0.13.0 2017-02-22 07:33:31 +08:00
Jörg Thalheim 45719174c3
nixos/release-notes: mention iputils changes 2017-02-22 00:32:52 +01:00
Shea Levy fd732dec88 zoom-us: bump 2017-02-21 14:15:44 -05:00
Tristan Helmich 1d64f5f41b
libvirt: expose libvirt qemu configuration file
fixes #22823
2017-02-21 19:20:22 +01:00
Domen Kožar ba267839d1 Merge pull request #23047 from FlorentBecker/remove_pijul
pijul: remove
2017-02-21 16:28:19 +01:00
Joachim F 2379d5e537 Merge pull request #23033 from mdorman/emacs-updates
Automated emacs package updates
2017-02-21 16:27:00 +01:00
Robin Gloster f1e6dc8750
networking.defaultGateway{,6}: fix example 2017-02-21 15:46:00 +01:00
Florent Becker 0a840d4f41 pijul: remove
This version is not working, and it is not even a release upstream
2017-02-21 15:34:28 +01:00
Eelco Dolstra d0d5ea0cdf
Grrr 2017-02-21 15:26:14 +01:00
Eelco Dolstra fac3438a96
Fix Ubuntu 16.10 name 2017-02-21 15:22:30 +01:00
Théo Zimmermann 0994d6af9d nixos/manual/networkmanager: add info on nm-applet 2017-02-21 15:20:10 +01:00
zimbatm 9c1399e476 packer: 0.12.1 -> 0.12.2 2017-02-21 14:10:15 +00:00
Eelco Dolstra 1fdb52ffcc
Add Ubuntu 16.10 2017-02-21 15:08:58 +01:00
Eelco Dolstra acb2acf1f5
VM builds: Use -smp when enableParallelBuilding is set 2017-02-21 15:08:54 +01:00
Eelco Dolstra 012b5a5c45
Add Fedora 25 2017-02-21 15:08:46 +01:00
Théo Zimmermann 361d730f35 nixos/manual/xserver: propose more alternatives 2017-02-21 14:56:26 +01:00
Arseniy Seroka c3aa109041 Merge pull request #22497 from andsild/vint
vint: init at 0.3.11
2017-02-21 16:19:13 +03:00
asildnes 88b8f38e71
vint: init at 0.3.11 2017-02-21 12:48:03 +01:00
Pascal Wittmann 2d05ac72d5 Merge pull request #23037 from matthiasbeyer/revert-sqlitebrowser-update
Revert "sqlitebrowser: 3.8.0 -> 3.9.1"
2017-02-21 11:23:10 +01:00
Matthias Beyer d35695e3e1 Revert "sqlitebrowser: 3.8.0 -> 3.9.1"
This reverts commit f9d7d29fa9.
2017-02-21 10:48:00 +01:00
Jörg Thalheim 0338817f62 vnstat: provide full path of "kill" in ExecReload 2017-02-21 09:26:25 +00:00
Nikolay Amiantov 2cc4703a2d wrappers service: make /run/wrappers a mountpoint
Also remove some compatibility code because the directory in question would be
shadowed by a mountpoint anyway.
2017-02-21 12:13:35 +03:00
Peter Hoeg 8e5b630b49 Merge pull request #22264 from peterhoeg/m/modeswitch
usb-modeswitch: 2.2.1 -> 2.5.0 and nixos module
2017-02-21 16:49:04 +08:00
Matthias C. M. Troffaes 88cc35f1f4 wolfssl: 3.9.10b -> 3.10.3 2017-02-21 09:42:32 +01:00
Peter Hoeg 0789a2a4d6 usb-wwan: nixos module 2017-02-21 16:35:27 +08:00
Franz Pletz 6fd27c7c38
linuxPackages.sch_cake: init at 2017-01-28 2017-02-21 08:24:35 +01:00
Frederik Rietdijk 5bd6331b29 Merge pull request #22944 from johbo/add-trytond
trytond: init at 4.2.1
2017-02-21 08:03:43 +01:00
Matt McHenry 1f4940368a bins: fix permissions issue regenerating albums
since the template files in the nix store are read-only, they can't be
overwritten the second time the album is generated.  using cp's '-f'
option works around this.
2017-02-21 06:37:07 +01:00