Commit graph

108858 commits

Author SHA1 Message Date
Bjørn Forsman
7a0e958b97 nixos/acme: support "full.pem" (for lighttpd)
* Create "full.pem" from selfsigned certificate
* Tell simp_le to create "full.pem"
* Inject service dependency between lighttpd and the generation of certificates

Side note: According to the internet these servers also use the
"full.pem" format: pound, ejabberd, pure-ftpd.
2017-06-09 19:35:17 +02:00
Simon Lackerbauer
7d87d234d3 lbreakout2: init at 2.6.5 2017-06-09 19:23:40 +02:00
Michael Weiss
b615c2e992 android-studio: 2.3.2.0 -> 2.3.3.0 2017-06-09 18:46:54 +02:00
ikervagyok
55ca2cf495 minecraft-server: 1.11.2 -> 1.12 (#26458) 2017-06-09 17:07:31 +01:00
Joachim F
66e82eaea8 Merge pull request #26488 from romildo/upd.jwm
jwm: 1582 -> 1594
2017-06-09 15:33:54 +01:00
Simon Lackerbauer
762aa2b819 lbreakout2: init at 2.6.5 2017-06-09 16:31:36 +02:00
Simon Lackerbauer
ff621bc0ee Merge branch 'lbreakout2' of github.com:ciil/nixpkgs into lbreakout2 2017-06-09 16:24:56 +02:00
Graham Christensen
7d8218a351 Merge pull request #26489 from michalpalka/xen-security
xen: patch for XSAs: 206, 211, 212, 213, 214 and 215
2017-06-09 09:31:42 -04:00
Vladimír Čunát
97f3009bf8
pycairo: fix #26475 - a dead patch download 2017-06-09 15:21:25 +02:00
Michał Pałka
dd3dcceb23 xen: patch for XSAs: 206, 211, 212, 213, 214 and 215
XSA-206 Issue Description:

> xenstored supports transactions, such that if writes which would
> invalidate assumptions of a transaction occur, the entire transaction
> fails.  Typical response on a failed transaction is to simply retry
> the transaction until it succeeds.
>
> Unprivileged domains may issue writes to xenstore which conflict with
> transactions either of the toolstack or of backends such as the driver
> domain. Depending on the exact timing, repeated writes may cause
> transactions made by these entities to fail indefinitely.

More: https://xenbits.xen.org/xsa/advisory-206.html

XSA-211 Issue Description:

> When a graphics update command gets passed to the VGA emulator, there
> are 3 possible modes that can be used to update the display:
>
> * blank - Clears the display
> * text - Treats the display as showing text
> * graph - Treats the display as showing graphics
>
> After the display geometry gets changed (i.e., after the CIRRUS VGA
> emulation has resized the display), the VGA emulator will resize the
> console during the next update command. However, when a blank mode is
> also selected during an update, this resize doesn't happen. The resize
> will be properly handled during the next time a non-blank mode is
> selected during an update.
>
> However, other console components - such as the VNC emulation - will
> operate as though this resize had happened. When the display is
> resized to be larger than before, this can result in a heap overflow
> as console components will expect the display buffer to be larger than
> it is currently allocated.

More: https://xenbits.xen.org/xsa/advisory-211.html

XSA-212 Issue Description:

> The XSA-29 fix introduced an insufficient check on XENMEM_exchange
> input, allowing the caller to drive hypervisor memory accesses outside
> of the guest provided input/output arrays.

More: https://xenbits.xen.org/xsa/advisory-212.html

XSA-213 Issue Description:

> 64-bit PV guests typically use separate (root) page tables for their
> kernel and user modes.  Hypercalls are accessible to guest kernel
> context only, which certain hypercall handlers make assumptions on.
> The IRET hypercall (replacing the identically name CPU instruction)
> is used by guest kernels to transfer control from kernel mode to user
> mode.  If such an IRET hypercall is placed in the middle of a multicall
> batch, subsequent operations invoked by the same multicall batch may
> wrongly assume the guest to still be in kernel mode.  If one or more of
> these subsequent operations involve operations on page tables, they may
> be using the wrong root page table, confusing internal accounting.  As
> a result the guest may gain writable access to some of its page tables.

More: https://xenbits.xen.org/xsa/advisory-213.html

XSA-214 Issue Description:

> The GNTTABOP_transfer operation allows one guest to transfer a page to
> another guest.  The internal processing of this, however, does not
> include zapping the previous type of the page being transferred.  This
> makes it possible for a PV guest to transfer a page previously used as
> part of a segment descriptor table to another guest while retaining the
> "contains segment descriptors" property.
>
> If the destination guest is a PV one of different bitness, it may gain
> access to segment descriptors it is not normally allowed to have, like
> 64-bit code segments in a 32-bit PV guest.
>
> If the destination guest is a HVM one, that guest may freely alter the
> page contents and then hand the page back to the same or another PV
> guest.
>
> In either case, if the destination PV guest then inserts that page into
> one of its own descriptor tables, the page still having the designated
> type results in validation of its contents being skipped.

More: https://xenbits.xen.org/xsa/advisory-214.html

XSA-215 Issue Description:

> Under certain special conditions Xen reports an exception resulting
> from returning to guest mode not via ordinary exception entry points,
> but via a so call failsafe callback.  This callback, unlike exception
> handlers, takes 4 extra arguments on the stack (the saved data
> selectors DS, ES, FS, and GS).  Prior to placing exception or failsafe
> callback frames on the guest kernel stack, Xen checks the linear
> address range to not overlap with hypervisor space.  The range spanned
> by that check was mistakenly not covering these extra 4 slots.

More: https://xenbits.xen.org/xsa/advisory-215.html
2017-06-09 13:09:01 +00:00
romildo
44681c53d6 jwm: 1582 -> 1594 2017-06-09 09:30:20 -03:00
Jörg Thalheim
14eeae9d4e Merge pull request #26474 from Mic92/cc-wrapper
cc-wrapper: externalize default_cxx_stdlib_compile
2017-06-09 13:27:53 +01:00
Jörg Thalheim
fdf43ddf4a Merge pull request #26479 from jgertm/jgertm/buck
buck: build buckd as well
2017-06-09 13:26:40 +01:00
Vladimír Čunát
cc9a72a286
virtualboxGuestAdditions: don't install setuid/setgid 2017-06-09 13:09:21 +02:00
Frederik Rietdijk
a78bf7df14 Merge pull request #26437 from vaibhavsagar/unbreak-thumbor
python.pkgs.thumbor: fix package
2017-06-09 12:55:50 +02:00
Joachim Fasting
39f7530e47
tinycc: 0.9.27pre-20170527 -> 0.9.27pre-20170605
Contains further fix to x86_64 codegen (and some less relevant Windows
stuff).
2017-06-09 12:54:59 +02:00
Joachim Fasting
b1f0af7ef6
linuxPackages.evdi: specify minimum kernel version, per upstream
Upstream says 3.16 is the oldest supported kernel.  No versions prior to
3.18 build on Hydra. See e.g., https://hydra.nixos.org/build/53599831.
2017-06-09 12:54:57 +02:00
Frederik Rietdijk
184ab11fc9 Merge pull request #26484 from michalpalka/xen-python-fix
xen: fix pygrub by making sure it is wrapped
2017-06-09 12:45:03 +02:00
romildo
f2e075a241 mkvtoolnix: 11.0.0 -> 12.0.0 2017-06-09 12:44:17 +02:00
midchildan
54b23e605c
tilix: init at 1.6.1 2017-06-09 16:53:47 +09:00
midchildan
0f93270aba
gtkd: init at 3.6.5 2017-06-09 16:53:46 +09:00
Joachim F
7badb92629 Merge pull request #26404 from ambrop72/kdevelop-511
kdevelop: 5.0.4 -> 5.1.1
2017-06-09 08:44:01 +01:00
Simon Lackerbauer
63e967a33a lbreakout2: init at 2.6.5 2017-06-09 09:25:28 +02:00
Peter Simons
fbb5b2ef01 multi-ghc-travis: update to latest git version 2017-06-09 09:23:36 +02:00
Simon Lackerbauer
d6138238e3 add package for lbreakout2, a breakout clone from the popular lgames
series
2017-06-09 09:21:17 +02:00
Michał Pałka
965668903a xen: fix pygrub by making sure it is wrapped
Recent commit #c10af9e744c91dff1ccc07a52a0b57d1e4d339f3 changed the
behaviour of wrapPythonPrograms, which caused pygrub to no longer
being wrapped. This commit fixes this.
2017-06-09 06:22:03 +00:00
Peter Hoeg
bcf9af560a ncmpc: 0.24 -> 0.27
Upstream has moved to github as well.
2017-06-09 12:55:20 +08:00
Peter Hoeg
207ac3c7b8 mpd_clientlib: 2.10 -> 2.11
Upstream has moved to github as well.
2017-06-09 12:55:20 +08:00
Peter Hoeg
c87f034977 mpd: 0.20.6 -> 0.20.9
Upstream has also moved to github.
2017-06-09 12:04:58 +08:00
Peter Hoeg
292f121fb2 mpc: 0.27 -> 0.28
Upstream has also moved to github
2017-06-09 12:04:58 +08:00
Tuomas Tynkkynen
2bfc977b6e ethtool: 4.10 -> 4.11 2017-06-09 01:58:23 +03:00
Joachim Fasting
8e706b051e
tor: 0.3.0.7 -> 0.3.0.8
Of particular note are fixes for hidden service crashing bugs
(TROVE-2017-004 and TROVE-2017-005).

See https://blog.torproject.org/blog/tor-0308-released-fix-hidden-services-also-are-02429-02514-02612-0278-02814-and-02911
2017-06-09 00:40:25 +02:00
Tim Jäger
cfe23e19ab buck: build buckd as well
buck tries to launch buckd to run in the background. While not neccessary, it
does speed up builds.
2017-06-08 15:36:30 -07:00
André-Patrick Bubel
55f0f9e1a4
profanity: enable tray icon support
Profanity can show a tray icon, e.g. showing that messages were received.
This enables support for the feature.
2017-06-08 22:55:42 +02:00
Jörg Thalheim
ffdfa662fc Merge pull request #26476 from romildo/upd.jetbrains
jetbrains.clion: 2017.1.1 -> 2017.1.3, jetbrains.idea-community: 2017.1.3 -> 2017.1.4, jetbrains.idea-ultimate: 2017.1.3 -> 2017.1.4
2017-06-08 21:35:24 +01:00
Jörg Thalheim
ff139c49f7 Merge pull request #26438 from jgertm/jgertm/buck
buck: init at v2017.05.31.01
2017-06-08 21:27:33 +01:00
Jörg Thalheim
211736fabf Merge pull request #26472 from romildo/upd.colordiff
colordiff: 1.0.16 -> 1.0.18
2017-06-08 21:25:06 +01:00
Mathias Schreck
9540cc4645 nodejs: 8.0.0 -> 8.1.0 2017-06-08 22:15:57 +02:00
Tuomas Tynkkynen
69901f16c9 yle-dl: 2.15 -> 2.16 2017-06-08 23:13:06 +03:00
Tuomas Tynkkynen
211c55b247 strace: 4.16 -> 4.17 2017-06-08 23:13:06 +03:00
Tuomas Tynkkynen
97d29ffbfd nano: 2.8.3 -> 2.8.4 2017-06-08 23:13:06 +03:00
Tuomas Tynkkynen
cd46df3a1e fio: 2.19 -> 2.20 2017-06-08 23:13:06 +03:00
Tuomas Tynkkynen
9e41ba6e96 bastet: 0.43.1 -> 0.43.2 2017-06-08 23:13:06 +03:00
Tuomas Tynkkynen
399afc13e4 afl: 2.41b -> 2.42b 2017-06-08 23:13:06 +03:00
romildo
277b562324 jetbrains.idea-community: 2017.1.3 -> 2017.1.4 2017-06-08 16:57:50 -03:00
romildo
bc1f59fb4f jetbrains.idea-ultimate: 2017.1.3 -> 2017.1.4 2017-06-08 16:45:14 -03:00
John Ericson
2f348884b8 Merge pull request #26471 from obsidiansystems/gcc7-no-cross-arg
gcc 7: Remove `cross` arguments and don't use stdenv.is*
2017-06-08 15:40:35 -04:00
romildo
b57a14810b jetbrains.clion: 2017.1.1 -> 2017.1.3 2017-06-08 15:54:51 -03:00
Jörg Thalheim
e2197465c1
cc-wrapper: externalize default_cxx_stdlib_compile
This value is require to get c++ std include path for libclang based tools (vim plugins in my case).
I currently extract it this with this rather command:

```
eval echo $(nix-instantiate --eval --expr 'with (import <nixpkgs>) {}; clang.default_cxx_stdlib_compile')
```

it did not trigger any recompilation on my system.
2017-06-08 19:50:40 +01:00
Tim Jäger
926f3eada8 buck: cleanup 2017-06-08 11:26:42 -07:00