Commit graph

100579 commits

Author SHA1 Message Date
Franz Pletz
6820e74ff0 Merge pull request #22583 from DerTim1/asterisk
asterisk: 14.1.2 -> 14.2.1, add speex
2017-02-09 11:21:18 +01:00
Rahul Gopinath
a4d952178c mlterm: 3.7.2 -> 3.8.0 2017-02-09 11:20:46 +01:00
Peter Simons
055ab6ba74 Merge pull request #21589 from NixOS/ghc-split-sections
GHC 8.0.2: use -split-sections
2017-02-09 11:17:31 +01:00
Franz Pletz
da5eaa3c21
bind: 9.10.4-P5 -> 9.10.4-P6 for CVE-2017-3135
See https://kb.isc.org/article/AA-01453.

cc #22549
2017-02-09 10:44:16 +01:00
Mica Semrick
c06b6d9446 gimp: 2.8.18 -> 2.8.20 2017-02-09 10:32:25 +01:00
Vladimír Čunát
333e36eca0
pythonPackages.gst-python: fix hash after afd59811a1
/cc #22549.
2017-02-09 09:40:36 +01:00
Pascal Wittmann
5de04f6d55 Revert "ocaml-lablgl: use camlp5"
This reverts commit 7a6aac9076.
2017-02-09 09:14:51 +01:00
Pascal Wittmann
b6cc6bd088 yodl: 3.08.01 -> 3.08.02 2017-02-09 09:11:28 +01:00
Michael Raskin
386ecdcb4d rtmpdump: 2015-01-15 -> 2015-12-30 2017-02-09 08:45:12 +01:00
Tim Digel
d8da56984b asterisk: 14.1.2 -> 14.2.1 2017-02-09 08:29:09 +01:00
Tim Digel
3053e07caa asterisk: add speex codec 2017-02-09 08:29:09 +01:00
Vladimír Čunát
4bf9f8afc3
Merge #22578: mesa: add enableRadv ? false
There's no hash change in default settings.
2017-02-09 08:03:34 +01:00
Graham Christensen
19f23d00fd
ntfs3g: patch for CVE-2017-0358
From the Debian advisory:

Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write
NTFS driver for FUSE, does not scrub the environment before executing
modprobe with elevated privileges. A local user can take advantage of
this flaw for local root privilege escalation.
2017-02-08 22:12:10 -05:00
John Ericson
e74ec9d84f Merge pull request #22575 from Ericson2314/localSystem
top-level: Allow nixpkgs to take localSystem directly
2017-02-08 22:10:49 -05:00
John Ericson
8cd4c31d6b top-level: Allow nixpkgs to take localSystem directly
This is instead of both system and platform, which is kind of ugly.
2017-02-08 22:06:57 -05:00
Graham Christensen
77e920d874
spice: Patch for CVE-2016-9577, CVE-2016-9578
From the Red Hat advisory:

* A vulnerability was discovered in spice in the server's protocol
  handling. An authenticated attacker could send crafted messages to
  the spice server causing a heap overflow leading to a crash or
  possible code execution. (CVE-2016-9577)

* A vulnerability was discovered in spice in the server's protocol
  handling. An attacker able to connect to the spice server could send
  crafted messages which would cause the process to crash.
  (CVE-2016-9578)
2017-02-08 22:03:11 -05:00
Graham Christensen
379144f54b
salt: 2016.3.3 -> 2016.11.2 for multiple CVEs
From the Arch Linux advisory:

- CVE-2017-5192 (arbitrary code execution): The
  `LocalClient.cmd_batch()` method client does not accept
  `external_auth` credentials and so access to it from salt-api has
  been removed for now. This vulnerability allows code execution for
  already- authenticated users and is only in effect when running
  salt-api as the `root` user.

- CVE-2017-5200 (arbitrary command execution): Salt-api allows
  arbitrary command execution on a salt-master via Salt's ssh_client.
  Users of Salt-API and salt-ssh could execute a command on the salt
  master via a hole when both systems were enabled.
2017-02-08 21:24:10 -05:00
David McFarland
4ab604b6b8 mesa: add enableRadv 2017-02-08 22:15:03 -04:00
Graham Christensen
e01278b2de Merge pull request #22573 from nlewo/master
rabbitmq: 3.5.8 -> 3.6.6
2017-02-08 20:00:59 -05:00
Tuomas Tynkkynen
05605b41d8 autofs: Some cleanup
The --with-openldap and --with-sasl flags passed here are actually wrong
as they don't point to the dev outputs of the packages. Anyway, autoconf
recognizes the packages as they are in buildInputs.

getBin is generally not needed - binaries can always be referred as
${foo}/bin/bar regardless of whether the package is multiple-output.

meta.version is unnecessary.
2017-02-09 02:50:48 +02:00
Dan Peebles
3e7dffd2b3 pythonPackages.twitter-common-*: add meta
I'd like to share the common meta fields across all of them but it didn't
seem worth it.
2017-02-08 18:24:59 -05:00
Antoine Eiche
b2e7b4b0d7 rabbitmq: 3.5.8 -> 3.6.6
Fix CVE-2015-8786.
2017-02-09 00:12:49 +01:00
Franz Pletz
4494b18fe4
electricsheep: 2.7b33-598d93d90 -> 2.7b33-2017-02-04
Also some cleanups like removed unused buildInputs.
2017-02-08 23:51:02 +01:00
Franz Pletz
6d0806d061
pythonPackages.searx: 0.10.0 -> 0.11.0 2017-02-08 23:51:02 +01:00
Franz Pletz
2ae5b82cb7
pythonPackages.pysocks: 1.5.7 -> 1.6.6 2017-02-08 23:51:01 +01:00
Franz Pletz
603ca4be35
pythonPackages.lxml: 3.7.0 -> 3.7.2 2017-02-08 23:51:01 +01:00
Franz Pletz
de82ce901e
pythonPackages.flask: 0.11.1 -> 0.12 2017-02-08 23:51:00 +01:00
Franz Pletz
4bb27d8622
pythonPackages.ndg-httpsclient: 0.4.0 -> 0.4.2 2017-02-08 23:51:00 +01:00
Franz Pletz
7bb81a5a7b
pythonPackages.certifi: 2016.2.28 -> 2017.1.23 2017-02-08 23:51:00 +01:00
Franz Pletz
65a1762a9b
nginx module: make acme group overrideable easily 2017-02-08 23:50:59 +01:00
Franz Pletz
dced724c00
linux_3_18: remove due to EOL 2017-02-08 23:50:59 +01:00
Dan Peebles
554bfea26f pythonPackages.pex: add meta 2017-02-08 15:22:05 -05:00
Dan Peebles
e012e12402 pythonPackages.pathspec: add meta 2017-02-08 15:10:49 -05:00
Dan Peebles
825ef235ba pythonPackages.pants: fix typo in license 2017-02-08 14:46:05 -05:00
Dan Peebles
84542bb6f4 pythonPackages.pants: add meta 2017-02-08 14:43:12 -05:00
Dan Peebles
4fef9bf857 pythonPackages.ansicolors: add meta 2017-02-08 14:05:13 -05:00
Nikolay Amiantov
5ff9a2a2cb kbd service: don't restart systemd-vconsole-setup
Fixes #22470. Also remove non-relevant comment (we don't deviate from upstream
systemd unit anymore).
2017-02-08 21:50:33 +03:00
Nikolay Amiantov
6f7811143d systemd service: don't install systemd-hwdb-update 2017-02-08 21:42:07 +03:00
Nikolay Amiantov
504774e223 release notes: mention JRE changes and jre_headless 2017-02-08 21:36:22 +03:00
Nikolay Amiantov
1900f22760 jre_headless: add alias 2017-02-08 21:35:58 +03:00
Rok Garbas
17f14c893b Merge pull request #22528 from garbas/fix-networkmanager-openvpn
updating networkmanager and friends
2017-02-08 17:44:23 +01:00
Andrew Cann
3082647e74 trezord: init at 1.2.0 (#22054) 2017-02-08 17:18:22 +01:00
Graham Christensen
ae02508c2a Merge pull request #22555 from peterhoeg/u/wavpack
wavpack: 4.80.0 -> 5.1.0
2017-02-08 10:02:03 -05:00
Moritz Ulrich
827009adb2
digikam5: 5.3.0 -> 5.4.0 2017-02-08 15:41:33 +01:00
Moritz Ulrich
403eb76cc1
rawtherapee: 5.0 -> 5.0-r1 2017-02-08 15:41:32 +01:00
Peter Hoeg
5eaec77732 wavpack: 4.80.0 -> 5.1.0 2017-02-08 22:41:24 +08:00
Nikolay Amiantov
45368ed49d haskellPackages.typed-process: disable tests
Networking is required for them.
2017-02-08 17:39:55 +03:00
Graham Christensen
7db1f727f3
moodle: Remove due to continued security issues. 2017-02-08 09:10:45 -05:00
Graham Christensen
afd59811a1
gstreamer-*: 1.10.2 -> 1.10.3 for multiple CVEs
gst-plugins-bad:
From the Arch Linux advisory:
 - CVE-2017-5843 (arbitrary code execution): A double-free issue has
 been found in gstreamer before 1.10.3, in
 gst_mxf_demux_update_essence_tracks.

- CVE-2017-5848 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in gst_ps_demux_parse_psm.
More: https://lwn.net/Vulnerabilities/713772/

gst-plugins-base:
From the Arch Linux advisory:

- CVE-2017-5837 (denial of service): A floating point exception issue
  has been found in gstreamer before 1.10.3, in
  gst_riff_create_audio_caps.

- CVE-2017-5839 (denial of service): An endless recursion issue
  leading to stack overflow has been found in gstreamer before 1.10.3,
  in gst_riff_create_audio_caps.

- CVE-2017-5842 (arbitrary code execution): An off-by-one write has
  been found in gstreamer before 1.10.3, in
  html_context_handle_element.

- CVE-2017-5844 (denial of service): A floating point exception issue
  has been found in gstreamer before 1.10.3, in
  gst_riff_create_audio_caps.
More: https://lwn.net/Vulnerabilities/713773/

gst-plugins-good:
From the Arch Linux advisory:

- CVE-2016-10198 (denial of service): An invalid memory read flaw has
  been found in gstreamer before 1.10.3, in
  gst_aac_parse_sink_setcaps.

- CVE-2016-10199 (denial of service): An out of bounds read has been
  found in gstreamer before 1.10.3, in qtdemux_tag_add_str_full.

- CVE-2017-5840 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in qtdemux_parse_samples.

- CVE-2017-5841 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.

- CVE-2017-5845 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.
More: https://lwn.net/Vulnerabilities/713774/

gst-plugins-ugly:
From the Arch Linux advisory:

- CVE-2017-5846 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in
  gst_asf_demux_process_ext_stream_props.

- CVE-2017-5847 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in
  gst_asf_demux_process_ext_content_desc.
More: https://lwn.net/Vulnerabilities/713775/

gstreamer:
From the Arch Linux advisory:

An out of bounds read has been found in gstreamer before 1.10.3, in
gst_date_time_new_from_iso8601_string.
More: https://lwn.net/Vulnerabilities/713776/
2017-02-08 08:30:23 -05:00
Antoine Eiche
9d30099b7f nixos/systemd: set r-x group permissions on /var/log/journal
This allows services such as systemd-journal-gateway to access the
systemd journal.

Closes #22288
2017-02-08 16:06:14 +03:00