Commit graph

158362 commits

Author SHA1 Message Date
gnidorah
15c2fb7ba1 sway-beta module: add missing pieces 2018-11-03 20:27:40 +03:00
Aaron Andersen
1b725def23 solr: 4.10.3 -> 7.5.0, refactor service to reflect major changes in version bump, NixOS test included 2018-11-03 13:14:13 -04:00
Edward Tjörnhammar
df28b4b6e5
x11basic: init at 1.26 2018-11-03 17:58:02 +01:00
Dmitry Kalinkin
f6aac1cc66 yoda: 1.7.1 -> 1.7.3 (#49654) 2018-11-03 17:27:19 +01:00
Lysergia
b0068a2abe lightdm-mini-greeter: 0.3.3 -> 0.3.4 (#49655)
New upstream release.
2018-11-03 17:24:00 +01:00
Tristan Helmich
5a1708b1ab shutter: 0.94 -> 0.94.2 (#49546)
* shutter: 0.94 -> 0.94.2

* shutter: dependencies refresh

procps and perlPackages.FileBaseDir were missing
Perl package JSONMaybeXS replaces JSONXS
Moved makeWrapper to nativeBuildInputs
2018-11-03 17:00:30 +01:00
Periklis Tsirakidis
74ef823422 alacritty: fix build on darwin 2018-11-03 16:39:56 +01:00
Renaud
8b54203727
Merge pull request #49656 from siddharthist/folly
folly: 2018.08.27.00 -> 2018.10.29.00
2018-11-03 16:35:02 +01:00
Edward Tjörnhammar
dff14ecfbf
i2pd: 2.21.0 -> 2.21.1 2018-11-03 16:25:19 +01:00
Sarah Brofeldt
99c052bac4 nixos/google-network-daemon: systemd job type simple instead of oneshot (#49692) 2018-11-03 16:16:17 +01:00
Renaud
78a6ee6cfc
Merge pull request #48082 from sengaya/ansible-2.7
ansible: Update to latest supported releases
2018-11-03 16:13:50 +01:00
Florian Klink
4d51002216
Merge pull request #49650 from srghma/srghma-patch-1
amazon-image: fix typo in comment
2018-11-03 16:04:47 +01:00
Will Dietz
e9d31c85a4 tootle: 0.1.5 -> 0.2.0
https://github.com/bleakgrey/tootle/releases/tag/0.2.0
2018-11-03 09:56:06 -05:00
Jonathan Queiroz
4b095c6c05 pythonPackages.fastpbkdf2: init at 0.2 (#47988) 2018-11-03 15:41:16 +01:00
Robert Schütz
4870522f87
Merge pull request #49645 from peterhoeg/p/broadlink
pythonPackages.broadlink: init at 0.9
2018-11-03 15:37:02 +01:00
Robert Schütz
c1324d571d home-assistant: 0.81.2 -> 0.81.5 2018-11-03 15:25:56 +01:00
Renaud
848f2f3d0d
Merge pull request #49559 from ikarulus/librepcb
bump version librepcb-unstable: 2018-06-28 -> 2018-10-31
2018-11-03 14:38:39 +01:00
Renaud
721ab2e148
Merge pull request #48496 from rvl/bpftrace
linuxPackages.bpftrace: init at unstable-2018-10-27
2018-11-03 13:43:49 +01:00
markuskowa
684e77dac3
Merge pull request #49672 from gnidorah/maxx
maxx: fix urls
2018-11-03 13:40:21 +01:00
markuskowa
759c26b05b
Merge pull request #49660 from kquick/yices-2.6.1
yices: 2.6.0 -> 2.6.1
2018-11-03 13:28:54 +01:00
Joachim F
0e76e1320c
Merge pull request #49652 from dtzWill/update/tor-0.3.4.9
tor: 0.3.4.8 -> 0.3.4.9
2018-11-03 12:27:19 +00:00
Vladimír Čunát
f3cca2f83c
Merge #49677: thunderbird*: 60.2.1 -> 60.3.0
Critical security fixes.
2018-11-03 13:10:08 +01:00
Ikarulus
f5af5b19f4 librepcb-unstable: 2018-06-28 -> 2018-10-31 2018-11-03 13:01:41 +01:00
Matthew Harm Bekkema
9973a266ab firefox-esr-60: 60.2.2 -> 60.3.0 [critical security fixes]
This update bumps the package to the latest stable version containing a
few security fixes:

- CVE-2018-12392: Crash with nested event loops
  When manipulating user events in nested loops while opening a document
  through script, it is possible to trigger a potentially exploitable
  crash due to poor event handling.

- CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript
  A potential vulnerability was found in 32-bit builds where an integer
  overflow during the conversion of scripts to an internal UTF-16
  representation could result in allocating a buffer too small for the
  conversion. This leads to a possible out-of-bounds write.
  Note: 64-bit builds are not vulnerable to this issue.

- CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting
  By rewriting the Host request headers using the webRequest API, a
  WebExtension can bypass domain restrictions through domain fronting.
  This would allow access to domains that share a host that are
  otherwise restricted.

- CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts
  A vulnerability where a WebExtension can run content scripts in
  disallowed contexts following navigation or other events. This allows
  for potential privilege escalation by the WebExtension on sites where
  content scripts should not be run.

- CVE-2018-12397: Missing warning prompt when WebExtension requests local file access
  A WebExtension can request access to local files without the warning
  prompt stating that the extension will "Access your data for all
  websites" being displayed to the user. This allows extensions to run
  content scripts in local pages without permission warnings when a
  local file is opened.

- CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3
  Mozilla developers and community members Daniel Veditz and Philipp
  reported memory safety bugs present in Firefox ESR 60.2. Some of these
  bugs showed evidence of memory corruption and we presume that with
  enough effort that some of these could be exploited to run arbitrary
  code.

- CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
  Mozilla developers and community members Christian Holler, Bob Owen,
  Boris Zbarsky, Calixte Denizet, Jason Kratzer, Jed Davis, Taegeon Lee,
  Philipp, Ronald Crane, Raul Gurzau, Gary Kwong, Tyson Smith, Raymond
  Forbes, and Bogdan Tara reported memory safety bugs present in Firefox
  62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory
  corruption and we presume that with enough effort that some of these
  could be exploited to run arbitrary code.

Source: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/
2018-11-03 22:51:36 +11:00
Frederik Rietdijk
ca7fa914c3 python.pkgs.bsddb3: enable python3 and tests 2018-11-03 12:40:03 +01:00
Florian Klink
a36f49b9d6
Merge pull request #49663 from flokli/gitlab-11.4.4
gitlab: 11.4.3 -> 11.4.4
2018-11-03 12:24:14 +01:00
Mateusz Kowalczyk
0e6d023b06
Merge pull request #49585 from periklis/libid3tag-sec-fixes
libid3tag: patch CVE-2017-11550 and CVE-2017-11551
2018-11-03 19:52:23 +09:00
Gabriel Ebner
5443b3707f
Merge pull request #49680 from symphorien/nix-du-0.3
nix-du: 0.2.0 -> 0.3.0
2018-11-03 11:50:14 +01:00
Will Dietz
ffd083ec44 jq: 1.5 -> 1.6
* jq: 1.5 -> 1.6 (!!)

(last release was in 2015! :))

* jq: drop darwin patch, appears resolved by upgrade

commit history isn't that long, and has a few addressing
behavior on osx re:strptime-- and since this patch
doesn't apply it seems likely it's been resolved
but probably can be checked by any interested folks w/darwin.
2018-11-03 11:47:35 +01:00
Symphorien Gibol
8a8a2f61a9 nix-du: 0.2.0 -> 0.3.0 2018-11-03 11:08:23 +01:00
Renaud
722fcbbb80
Merge pull request #49467 from CharlesHD/submit/cmusfm
cmusfm: init at 2018-10-11
2018-11-03 10:40:08 +01:00
taku0
09d49a1c5d thunderbird: 60.2.1 -> 60.3.0 2018-11-03 18:39:32 +09:00
Peter Simons
d9fa1f9178
Merge pull request #49666 from averelld/rPackages.ps-build-fix
r-ps: patchShebangs in ./configure to fix build
2018-11-03 10:38:30 +01:00
Peter Simons
1cd1a34f8f
Merge pull request #49674 from typetetris/fix-46130
haskellPackages.sdl2: test-suite needs x server, so deactivate it
2018-11-03 10:36:56 +01:00
Vladyslav M
6742bdc845
Merge pull request #49673 from danieldk/cargo-asm-security
cargo-asm: fix build on macOS Mojave
2018-11-03 10:25:25 +02:00
Daniël de Kok
1f21fc5e47 cargo-asm: fix build on macOS Mojave
Building cargo-asm on Mojave fails with

ld: framework not found Security

Add Security as a build input.
2018-11-03 08:47:18 +01:00
gnidorah
fc96e53587 maxx: fix urls 2018-11-03 10:43:39 +03:00
aszlig
c64624b843
autoPatchelfHook: Correctly detect PIE binaries
I originally thought it would just be enough to just check for an INTERP
section in isExecutable, however this would mean that we don't detect
statically linked ELF files, which would break our recent improvement to
gracefully handle those.

In theory, we are only interested in ELF files that have an INTERP
section, so checking for INTERP would be enough. Unfortunately the
isExecutable function is already used outside of autoPatchelfHook, so we
can't easily get rid of it now, so let's actually strive for more
correctness and make isExecutable actually match ELF files that are
executable.

So what we're doing instead now is to check whether either the ELF type
is EXEC *or* we have an INTERP section and if one of them is true we
should have an ELF executable, even if it's statically linked.

Along the way I also set LANG=C for the invocations of readelf, just to
be sure we don't get locale-dependent output.

Tested this with the following command (which contains almost[1] all the
packages using autoPatchelfHook), checking whether we run into any
library-related errors:

  nix-build -E 'with import ./. { config.allowUnfree = true; };
    runCommand "test-executables" {
      drvs = [
        anydesk cups-kyodialog3 elasticsearch franz gurobi
        masterpdfeditor oracle-instantclient powershell reaper
        sourcetrail teamviewer unixODBCDrivers.msodbcsql17 virtlyst
        vk-messenger wavebox zoom-us
      ];
    } ("for i in $drvs; do for b in $i/bin/*; do " +
       "[ -x \"$b\" ] && timeout 10 \"$b\" || :; done; done")
  '

Apart from testing against library-related errors I also compared the
resulting store paths against the ones prior to this commit. Only
anydesk and virtlyst had the same as they didn't have self-references,
everything else differed only because of self-references, except
elasticsearch, which had the following PIE binaries:

  * modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/autoconfig
  * modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/autodetect
  * modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/categorize
  * modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/controller
  * modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/normalize

These binaries were now patched, which is what this commit is all about.

[1]: I didn't include the "maxx" package (MaXX Interactive Desktop)
     because the upstream URLs are no longer existing and I couldn't
     find them elsewhere on the web.

Signed-off-by: aszlig <aszlig@nix.build>
Fixes: https://github.com/NixOS/nixpkgs/issues/48330
Cc: @gnidorah (for MaXX Interactive Desktop)
2018-11-03 08:07:42 +01:00
Matthew Bauer
370ce8fcd3 stage.nix: throw error on incorrect pkgsi686Linux usage
pkgsi686Linux now throws an error with a message as opposed to the
previous assertion.
2018-11-03 00:58:58 -05:00
Matthew Bauer
4a8fc5b9aa treewide: remove pkgs_i686
This was getting evaluated eagerly causing assertion failures in
aarch64 systems. We can replace usages of pkgs_i686 with
pkgs.pkgsi686Linux.
2018-11-03 00:56:39 -05:00
Matthew Bauer
b3ab4d1f8e Revert "Revert "stage.nix: pkgsi686Linux only works on x86 family""
This reverts commit 08b5cffe87.
2018-11-03 00:52:14 -05:00
Matthew Bauer
08b5cffe87 Revert "stage.nix: pkgsi686Linux only works on x86 family"
This reverts commit 78ca6d885f.

Broke eval on aarch64
2018-11-03 00:47:39 -05:00
Wael M. Nasreddine
e09e5297d3
vim-plugins: vim-go: provide the binaries required for the plugin to be functional 2018-11-02 22:04:44 -07:00
Wael M. Nasreddine
e2355c6973
iferr: init unstable at 2018-06-15 2018-11-02 22:04:44 -07:00
Wael M. Nasreddine
fce50a7880
impl: init unstable at 2018-02-27 2018-11-02 22:04:44 -07:00
Wael M. Nasreddine
6a09bfc8bc
gometalinter: init at 2.0.11 2018-11-02 22:04:44 -07:00
Wael M. Nasreddine
a1faa70368
gosec: init at 1.1.0 2018-11-02 22:04:43 -07:00
Wael M. Nasreddine
cfa5c7f896
maligned: init unstable at 2018-07-07 2018-11-02 22:04:43 -07:00
Wael M. Nasreddine
ed31a46727
interfacer: init at unstable 2018-08-31 2018-11-02 22:04:43 -07:00
Wael M. Nasreddine
1efe4d9005
gocyclo: init unstable at 2015-02-08 2018-11-02 22:04:43 -07:00