1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-23 14:11:36 +00:00
Commit graph

101801 commits

Author SHA1 Message Date
Vladimír Čunát d00c26a595
unbound: lighten direct security deps of libunbound
Unfortunately, it seems easiest to build all twice.
Debian testing does this in a very similar way.

Tested briefly some individual queries and resperf :-)
2017-02-27 18:23:20 +01:00
Vladimír Čunát 78e4f9d8d7
libevent: split _openssl into a separate output
... to save ~3.4 MB of openssl from the default closure.
2017-02-27 18:18:39 +01:00
Frederik Rietdijk 079353e208 Python 2.7: increase priority - fixup
From the manual:

> This attribute should be a number, with a higher value denoting a
lower priority. The default priority is 0.

Just passing -5 or -10 wasn't sufficient, so let's make it -100.
2017-02-26 16:27:45 +01:00
Frederik Rietdijk 57afc0f5ef pythonPackages.packaging: 16.7 -> 16.8 2017-02-26 16:07:52 +01:00
Frederik Rietdijk 1b66b6a5ff pythonPackages.pyparsing: 2.1.8 -> 2.1.10 2017-02-26 16:07:52 +01:00
Frederik Rietdijk 4bc1d02698 Python 2.7: increase priority
Higher priority than Python 3.x so that `/bin/python` points to
`/bin/python2` in case both 2 and 3 are installed.
2017-02-26 16:07:52 +01:00
Frederik Rietdijk 04c41e753b Merge pull request #22585 from FRidh/repr
Python: deterministic interpreters
2017-02-26 14:52:07 +01:00
Frederik Rietdijk f69292ddc0 Python: explain deterministic builds in release notes 2017-02-26 14:51:26 +01:00
Frederik Rietdijk 37704e90e2 Python: explain deterministic build in docs 2017-02-26 14:51:26 +01:00
Frederik Rietdijk 04b7a2791e Python 3.4: improve determinism 2017-02-26 14:51:26 +01:00
Frederik Rietdijk 57ded03833 Python 3.4: use system expat and ffi 2017-02-26 14:51:26 +01:00
Frederik Rietdijk 1bbf249bef Python 3.4: improve determinism 2017-02-26 14:51:26 +01:00
Frederik Rietdijk d33f6f4032 Python 3.6: use system expat and ffi 2017-02-26 14:51:26 +01:00
Frederik Rietdijk 1531b5edd2 Python 3.6: improve determinism 2017-02-26 14:51:26 +01:00
Frederik Rietdijk 14a88e76cf Python 3.5: use system expat and ffi 2017-02-26 14:50:09 +01:00
Frederik Rietdijk dd3a501a4b Python: mkPythonDerivation: use PYTHONHASHSEED=0 2017-02-26 14:50:09 +01:00
Frederik Rietdijk 8970a9c86e Python 3.5: improve determinism
- Windows installers are indeterministic and we don't need them.
- since Python 3 ensurepip is installed by default. pip is indeteministic and we don't need it.
- rebuild bytecode to ensure its deterministic
2017-02-26 14:50:09 +01:00
Frederik Rietdijk 09f6b03b2e Python 2.7: improve determinism
There is some randomness in the Windows installers. Since we don't need
them, we delete them.
2017-02-26 14:50:09 +01:00
Vladimír Čunát f157956266
findutils: add the forgotten file (I'm sorry)
/cc #23152.
2017-02-26 09:44:27 +01:00
Vladimír Čunát 39e736b3d9
Merge #23171: curl: 7.53.0 -> 7.53.1 2017-02-26 09:29:11 +01:00
Vladimír Čunát 2f726fed9f
findutils: fixup sandboxed build after #23152 2017-02-26 09:26:22 +01:00
Tim Steinbach 6988d2d456
curl: 7.53.0 -> 7.53.1 2017-02-25 09:03:22 -05:00
Franz Pletz 9d14ea4295
utillinux: 2.29 -> 2.29.2 for CVE-2017-2616
cc #23072
2017-02-25 09:40:36 +01:00
Eelco Dolstra 0081c6a04c Merge pull request #23152 from mogria/updatedb-standalone
findutils: updatedb now uses writable database outside of /nix/store by default
2017-02-24 17:11:58 +01:00
Mogria 417dbaf6a3 findutils: updatedb now uses writable database outside of /nix/store by default
updatedb could only be run by providing the --output parameter,
because it would use a path inside the nix store as it's database.
The default for --output is now /var/cache/locatedb (the same
as in the NixOS locate service)
2017-02-24 16:36:58 +01:00
Frederik Rietdijk 4810677227 Merge pull request #22863 from romildo/upd.pygments
pygments: 2.1.3 -> 2.2.0
2017-02-23 18:45:56 +01:00
Franz Pletz 2055d6cacf
pythonPackages.searx: works with pygments 2.2 2017-02-23 18:41:07 +01:00
Vladimír Čunát 753c18edce
Merge branch 'master' into staging
... to include a security mass rebuild.
2017-02-22 19:59:08 +01:00
Frederik Rietdijk de4643eb80 diffoscope: 63 -> 77 2017-02-22 19:45:54 +01:00
Vladimír Čunát f5eea8ba1d
libevent: apply security patches from Debian
/cc #23072.  As with curl, it's nontrivial rebuild but security...
https://lwn.net/Alerts/714571/
2017-02-22 19:00:04 +01:00
Vladimír Čunát 838e29d236
Merge branch 'staging'
There's a security fix for curl inside.
2017-02-22 18:21:58 +01:00
Vladimír Čunát ebf782829a
Merge #23063: curl: 7.52.1 -> 7.53.0 2017-02-22 18:11:05 +01:00
Vladimír Čunát 145d3ea81c
Merge branch 'master' into staging 2017-02-22 17:47:49 +01:00
Vladimír Čunát d6cff5783e
gnutls: drop -lunistring on Darwin as well
I didn't intend this substitution to be conditional; I looked wrong.
2017-02-22 17:44:06 +01:00
Gabriel Ebner b66ec6026c idris: jailbreak
Fixes #23048
2017-02-22 17:36:36 +01:00
Vladimír Čunát 2f1945dcd3
python-3.6: fix random numbers with glibc-2.25
I missed this upstream patch. /cc #22874.
2017-02-22 17:34:33 +01:00
Vladimír Čunát fe8aa284c2
xcbuild: fixup build with glibc-2.25 2017-02-22 16:58:45 +01:00
Vladimír Čunát 7ccd6f25f0
reptyr: fixup build with glibc-2.25 2017-02-22 16:54:40 +01:00
Vladimír Čunát 1d1dc2dcc3
open-vm-tools: fixup build with glibc-2.25 2017-02-22 16:54:07 +01:00
Vladimír Čunát 7ccaa9e652
solvespace: fixup build with glibc-2.25 2017-02-22 16:45:08 +01:00
Moritz Ulrich 51134cdbfe
digikam5: Fix build after kde merge. 2017-02-22 16:44:08 +01:00
Vladimír Čunát a04849502d
fstrm: init at 0.3.1 2017-02-22 15:03:21 +01:00
Frederik Rietdijk 3bcd3d2c34 Merge pull request #23061 from nixy/pythonPackages.snakeviz
pythonPackages.snakeviz: init at 0.4.1
2017-02-22 14:31:26 +01:00
Michael Raskin 194d137bd3 wireshark: patch for CVE-2017-6041 2017-02-22 14:17:02 +01:00
Michael Raskin a8bf87681c kde5.applications.kig: init at 16.12.2 2017-02-22 14:17:02 +01:00
Andrew R. M 99754b2527 pythonPackages.snakeviz: init at 0.4.1 2017-02-22 08:14:53 -05:00
Graham Christensen cc4919da89
xen: patch for XSAs: 197, 199, 207, 208, 209
XSA-197 Issue Description:

> The compiler can emit optimizations in qemu which can lead to double
> fetch vulnerabilities.  Specifically data on the rings shared
> between qemu and the hypervisor (which the guest under control can
> obtain mappings of) can be fetched twice (during which time the
> guest can alter the contents) possibly leading to arbitrary code
> execution in qemu.

More: https://xenbits.xen.org/xsa/advisory-197.html

XSA-199 Issue Description:

> The code in qemu which implements ioport read/write looks up the
> specified ioport address in a dispatch table.  The argument to the
> dispatch function is a uint32_t, and is used without a range check,
> even though the table has entries for only 2^16 ioports.
>
> When qemu is used as a standalone emulator, ioport accesses are
> generated only from cpu instructions emulated by qemu, and are
> therefore necessarily 16-bit, so there is no vulnerability.
>
> When qemu is used as a device model within Xen, io requests are
> generated by the hypervisor and read by qemu from a shared ring.  The
> entries in this ring use a common structure, including a 64-bit
> address field, for various accesses, including ioport addresses.
>
> Xen will write only 16-bit address ioport accesses.  However,
> depending on the Xen and qemu version, the ring may be writeable by
> the guest.  If so, the guest can generate out-of-range ioport
> accesses, resulting in wild pointer accesses within qemu.

More: https://xenbits.xen.org/xsa/advisory-199.html

XSA-207 Issue Description:

> Certain internal state is set up, during domain construction, in
> preparation for possible pass-through device assignment.  On ARM and
> AMD V-i hardware this setup includes memory allocation.  On guest
> teardown, cleanup was erroneously only performed when the guest
> actually had a pass-through device assigned.

More: https://xenbits.xen.org/xsa/advisory-207.html

XSA-209 Issue Description:

> When doing bitblt copy backwards, qemu should negate the blit width.
> This avoids an oob access before the start of video memory.

More: https://xenbits.xen.org/xsa/advisory-208.html

XSA-208 Issue Description:

> In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine
> cirrus_bitblt_cputovideo fails to check wethehr the specified memory
> region is safe.

More: https://xenbits.xen.org/xsa/advisory-209.html
2017-02-22 08:00:45 -05:00
Frederik Rietdijk 026cfee6b0 Docs: update Python contributing guidelines 2017-02-22 13:38:29 +01:00
Peter Hoeg 409dac4155 Merge branch 'u/tg' into real_master 2017-02-22 20:14:26 +08:00
Peter Hoeg 494462e857 terragrunt: 0.10.1 -> 0.10.2 2017-02-22 20:12:25 +08:00