Commit graph

101787 commits

Author SHA1 Message Date
Frederik Rietdijk
14a88e76cf Python 3.5: use system expat and ffi 2017-02-26 14:50:09 +01:00
Frederik Rietdijk
dd3a501a4b Python: mkPythonDerivation: use PYTHONHASHSEED=0 2017-02-26 14:50:09 +01:00
Frederik Rietdijk
8970a9c86e Python 3.5: improve determinism
- Windows installers are indeterministic and we don't need them.
- since Python 3 ensurepip is installed by default. pip is indeteministic and we don't need it.
- rebuild bytecode to ensure its deterministic
2017-02-26 14:50:09 +01:00
Frederik Rietdijk
09f6b03b2e Python 2.7: improve determinism
There is some randomness in the Windows installers. Since we don't need
them, we delete them.
2017-02-26 14:50:09 +01:00
Vladimír Čunát
f157956266
findutils: add the forgotten file (I'm sorry)
/cc #23152.
2017-02-26 09:44:27 +01:00
Vladimír Čunát
39e736b3d9
Merge #23171: curl: 7.53.0 -> 7.53.1 2017-02-26 09:29:11 +01:00
Vladimír Čunát
2f726fed9f
findutils: fixup sandboxed build after #23152 2017-02-26 09:26:22 +01:00
Tim Steinbach
6988d2d456
curl: 7.53.0 -> 7.53.1 2017-02-25 09:03:22 -05:00
Franz Pletz
9d14ea4295
utillinux: 2.29 -> 2.29.2 for CVE-2017-2616
cc #23072
2017-02-25 09:40:36 +01:00
Eelco Dolstra
0081c6a04c Merge pull request #23152 from mogria/updatedb-standalone
findutils: updatedb now uses writable database outside of /nix/store by default
2017-02-24 17:11:58 +01:00
Mogria
417dbaf6a3 findutils: updatedb now uses writable database outside of /nix/store by default
updatedb could only be run by providing the --output parameter,
because it would use a path inside the nix store as it's database.
The default for --output is now /var/cache/locatedb (the same
as in the NixOS locate service)
2017-02-24 16:36:58 +01:00
Frederik Rietdijk
4810677227 Merge pull request #22863 from romildo/upd.pygments
pygments: 2.1.3 -> 2.2.0
2017-02-23 18:45:56 +01:00
Franz Pletz
2055d6cacf
pythonPackages.searx: works with pygments 2.2 2017-02-23 18:41:07 +01:00
Vladimír Čunát
753c18edce
Merge branch 'master' into staging
... to include a security mass rebuild.
2017-02-22 19:59:08 +01:00
Frederik Rietdijk
de4643eb80 diffoscope: 63 -> 77 2017-02-22 19:45:54 +01:00
Vladimír Čunát
f5eea8ba1d
libevent: apply security patches from Debian
/cc #23072.  As with curl, it's nontrivial rebuild but security...
https://lwn.net/Alerts/714571/
2017-02-22 19:00:04 +01:00
Vladimír Čunát
838e29d236
Merge branch 'staging'
There's a security fix for curl inside.
2017-02-22 18:21:58 +01:00
Vladimír Čunát
ebf782829a
Merge #23063: curl: 7.52.1 -> 7.53.0 2017-02-22 18:11:05 +01:00
Vladimír Čunát
145d3ea81c
Merge branch 'master' into staging 2017-02-22 17:47:49 +01:00
Vladimír Čunát
d6cff5783e
gnutls: drop -lunistring on Darwin as well
I didn't intend this substitution to be conditional; I looked wrong.
2017-02-22 17:44:06 +01:00
Gabriel Ebner
b66ec6026c idris: jailbreak
Fixes #23048
2017-02-22 17:36:36 +01:00
Vladimír Čunát
2f1945dcd3
python-3.6: fix random numbers with glibc-2.25
I missed this upstream patch. /cc #22874.
2017-02-22 17:34:33 +01:00
Vladimír Čunát
fe8aa284c2
xcbuild: fixup build with glibc-2.25 2017-02-22 16:58:45 +01:00
Vladimír Čunát
7ccd6f25f0
reptyr: fixup build with glibc-2.25 2017-02-22 16:54:40 +01:00
Vladimír Čunát
1d1dc2dcc3
open-vm-tools: fixup build with glibc-2.25 2017-02-22 16:54:07 +01:00
Vladimír Čunát
7ccaa9e652
solvespace: fixup build with glibc-2.25 2017-02-22 16:45:08 +01:00
Moritz Ulrich
51134cdbfe
digikam5: Fix build after kde merge. 2017-02-22 16:44:08 +01:00
Vladimír Čunát
a04849502d
fstrm: init at 0.3.1 2017-02-22 15:03:21 +01:00
Frederik Rietdijk
3bcd3d2c34 Merge pull request #23061 from nixy/pythonPackages.snakeviz
pythonPackages.snakeviz: init at 0.4.1
2017-02-22 14:31:26 +01:00
Michael Raskin
194d137bd3 wireshark: patch for CVE-2017-6041 2017-02-22 14:17:02 +01:00
Michael Raskin
a8bf87681c kde5.applications.kig: init at 16.12.2 2017-02-22 14:17:02 +01:00
Andrew R. M
99754b2527 pythonPackages.snakeviz: init at 0.4.1 2017-02-22 08:14:53 -05:00
Graham Christensen
cc4919da89
xen: patch for XSAs: 197, 199, 207, 208, 209
XSA-197 Issue Description:

> The compiler can emit optimizations in qemu which can lead to double
> fetch vulnerabilities.  Specifically data on the rings shared
> between qemu and the hypervisor (which the guest under control can
> obtain mappings of) can be fetched twice (during which time the
> guest can alter the contents) possibly leading to arbitrary code
> execution in qemu.

More: https://xenbits.xen.org/xsa/advisory-197.html

XSA-199 Issue Description:

> The code in qemu which implements ioport read/write looks up the
> specified ioport address in a dispatch table.  The argument to the
> dispatch function is a uint32_t, and is used without a range check,
> even though the table has entries for only 2^16 ioports.
>
> When qemu is used as a standalone emulator, ioport accesses are
> generated only from cpu instructions emulated by qemu, and are
> therefore necessarily 16-bit, so there is no vulnerability.
>
> When qemu is used as a device model within Xen, io requests are
> generated by the hypervisor and read by qemu from a shared ring.  The
> entries in this ring use a common structure, including a 64-bit
> address field, for various accesses, including ioport addresses.
>
> Xen will write only 16-bit address ioport accesses.  However,
> depending on the Xen and qemu version, the ring may be writeable by
> the guest.  If so, the guest can generate out-of-range ioport
> accesses, resulting in wild pointer accesses within qemu.

More: https://xenbits.xen.org/xsa/advisory-199.html

XSA-207 Issue Description:

> Certain internal state is set up, during domain construction, in
> preparation for possible pass-through device assignment.  On ARM and
> AMD V-i hardware this setup includes memory allocation.  On guest
> teardown, cleanup was erroneously only performed when the guest
> actually had a pass-through device assigned.

More: https://xenbits.xen.org/xsa/advisory-207.html

XSA-209 Issue Description:

> When doing bitblt copy backwards, qemu should negate the blit width.
> This avoids an oob access before the start of video memory.

More: https://xenbits.xen.org/xsa/advisory-208.html

XSA-208 Issue Description:

> In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine
> cirrus_bitblt_cputovideo fails to check wethehr the specified memory
> region is safe.

More: https://xenbits.xen.org/xsa/advisory-209.html
2017-02-22 08:00:45 -05:00
Frederik Rietdijk
026cfee6b0 Docs: update Python contributing guidelines 2017-02-22 13:38:29 +01:00
Peter Hoeg
409dac4155 Merge branch 'u/tg' into real_master 2017-02-22 20:14:26 +08:00
Peter Hoeg
494462e857 terragrunt: 0.10.1 -> 0.10.2 2017-02-22 20:12:25 +08:00
Peter Simons
deec3c1dae Merge pull request #23071 from takikawa/add-ndpi-1.8
ndpi: init at 1.8
2017-02-22 10:46:19 +01:00
Asumu Takikawa
85fb29bb49 ndpi: init at 1.8 2017-02-22 00:20:10 -08:00
Franz Pletz
67018e7759
pymol: fix evaluation
cc #23007 @Mounium @Mic92
2017-02-22 08:48:42 +01:00
Franz Pletz
9b81dcfda2
nixos/release-notes: fix typos 2017-02-22 08:45:30 +01:00
Franz Pletz
2a228bdc9b Merge pull request #23064 from NeQuissimus/rkt_1_25_0
rkt: 1.24.0 -> 1.25.0
2017-02-22 07:49:09 +01:00
Tom Hunger
bae3d0e49f vowpalwabbit: init at 8.3.2 2017-02-22 07:28:52 +01:00
Franz Pletz
63200708af Merge pull request #23065 from NeQuissimus/gradle_3_4
gradle: 3.3 -> 3.4
2017-02-22 07:27:05 +01:00
Franz Pletz
136ee09ef8 Merge pull request #23066 from NeQuissimus/oh_my_zsh_2017_02_20
oh-my-zsh: 2017-01-15 -> 2017-02-20
2017-02-22 07:20:31 +01:00
Jörg Thalheim
27d4f8c717 Merge pull request #23046 from Zimmi48/patch-2
nixos/manual/networkmanager: add info on nm-applet
2017-02-22 01:40:50 +01:00
Jörg Thalheim
6a044f1841 Merge pull request #23045 from Zimmi48/patch-1
nixos/manual/xserver: propose more alternatives
2017-02-22 01:38:25 +01:00
Mounium
eb688ac0a7 pymol: init at 1.8.4 (#23007) 2017-02-22 01:35:09 +01:00
Tim Steinbach
61666724a6
oh-my-zsh: 2017-01-15 -> 2017-02-20 2017-02-21 19:07:59 -05:00
Nick Novitski
7bb0611e2e vim_configurable: Add packPath option to vimrcConfig (#22776)
* vim_configurable: Add packages option to vimrcConfig

Version 8 of vim adds the concept of "vim packages": directories which
contain one or more vim plugins, in either "start" or "opt"
subdirectories. Those in "start" are to be loaded automatically, while
those in "opt" can be loaded manually. Vim detects any packages located
in one of its "packpaths".

The packages option takes a set of sets describing one or more vim
packages, and adds the derivation containing these packages to the
packpath.

* fix documentation.
2017-02-22 01:06:34 +01:00
Tim Steinbach
83f29e9b99
gradle: 3.3 -> 3.4 2017-02-21 19:02:42 -05:00