Commit graph

956 commits

Author SHA1 Message Date
Martin Weinelt
1c7ad58742
apt-cacher-ng: 3.2 → 3.5
Fixes: CVE-2017-7443, CVE-2020-5202
2020-05-06 19:09:31 +02:00
Izorkin
ca2145bdfc nixos/tests: add unit-php test 2020-05-06 13:21:59 +03:00
Izorkin
dc0260f7da unit: add php 7.4 2020-05-06 12:27:13 +03:00
Izorkin
866f6dd677 unit: 1.16.0 -> 1.17.0 2020-05-06 12:27:12 +03:00
Izorkin
f87bc13930 unit: remove drop capabilites patch 2020-05-06 12:27:12 +03:00
Aaron Andersen
9218a3599a tomcat-native: 1.2.23 -> 1.2.24 2020-05-03 20:49:02 -04:00
R. RyanTM
bc74bdedae jetty: 9.4.25.v20191220 -> 9.4.26.v20200117 2020-05-02 10:15:25 +02:00
Elis Hirwing
27b9b7b3af
Merge pull request #85026 from talyz/php_buildenv_override
php.buildEnv: Make the exported php package overridable, improve handling of currently enabled extensions, etc
2020-04-29 19:57:37 +02:00
talyz
5cad1b4aff
php: Get rid of the phpXXbase attributes, update docs
Since the introduction of php.unwrapped there's no real need for the
phpXXbase attributes, so let's remove them to lessen potential
confusion and clutter. Also update the docs to make it clear how to
get hold of an unwrapped PHP if needed.
2020-04-29 13:45:48 +02:00
Aaron Andersen
92d9d07c61
Merge pull request #82762 from aanderse/tomcat-native
tomcat-native: init at 1.2.23
2020-04-26 19:48:22 -04:00
talyz
72636bc2f6
php: Get rid of all config.php parameters
Since all options controlled by the config.php parameters can now be
overridden directly, there's no reason to keep them around.
2020-04-26 16:43:23 +02:00
Aaron Andersen
6b3506458e tomcat-native: init at 1.2.23 2020-04-26 09:12:41 -04:00
Izorkin
cbfe203da7 nginxMainline: 1.17.9 -> 1.18.0 2020-04-23 14:34:21 +03:00
Izorkin
2e6cd807d7 nginxStable: 1.16.1 -> 1.18.0 2020-04-23 14:34:13 +03:00
Jan Tojnar
3d8e436917
Merge branch 'master' into staging-next 2020-04-16 10:09:43 +02:00
Maximilian Bosch
401e07d419
Merge pull request #84551 from gnprice/pr-stripDebugList
treewide: Fix types of stripDebugList attrs (and fix doc)
2020-04-14 15:54:52 +02:00
Jan Tojnar
a04625379a
Merge branch 'master' into staging-next 2020-04-13 18:50:35 +02:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
Jan Tojnar
1ab03c3a76
Merge branch 'master' into staging-next 2020-04-10 12:12:56 +02:00
Milan
3847ec0e35
nginxMainline: 1.17.8 -> 1.17.9 (#84743) 2020-04-08 21:19:35 +02:00
Samuel Leathers
72cb7f81fd
Merge pull request #81442 from manveru/bundler-2.1.4
bundler: 1.17.3 -> 2.1.4
2020-04-08 12:44:54 -04:00
talyz
472d5c187b
php.buildEnv: Don't inherit dev from the original php
mkDerivation uses the dev output in buildInputs if it exits, hence the
php-with-extensions package was never built or put into the path of
packages dependent on it during build. With this fix, the php packages
built with buildEnv or withExtensions don't have any dev outputs;
packages which need the dev output can refer to the phpXXbase packages
instead.
2020-04-08 15:13:07 +02:00
Greg Price
7547cf9dfc treewide: Fix up stripDebugList attrs to be lists.
The documentation says this should be a list, and it already is in
about half the expressions that set it.

The difference doesn't matter at present, because these values are all
space-free literals.  But it will in a future with __structuredAttrs .

(The similar attr stripAllList has no users in the nixpkgs tree, so
there's nothing to do to fix any of those up.)
2020-04-06 21:26:52 -07:00
Michael Fellinger
f92600b406
update versions in Gemfile.lock 2020-04-06 15:02:13 +02:00
Frederik Rietdijk
2420184727 Merge staging into staging-next 2020-04-06 08:54:28 +02:00
Elis Hirwing
3b6539896b
Merge pull request #83896 from etu/slim-down-default-php-v3
PHP: Make the default package more sane [v3]
2020-04-05 20:00:03 +02:00
Aaron Andersen
d757d810d0
Merge pull request #84045 from r-ryantm/auto-update/apache-httpd
apacheHttpd: 2.4.41 -> 2.4.43
2020-04-04 19:22:17 -04:00
Elis Hirwing
a5f77d6ea2
php-unit: Drop the declaration of the php-unit attributes since they aren't used 2020-04-03 10:11:11 +02:00
R. RyanTM
f26b2afb93 apacheHttpd: 2.4.41 -> 2.4.43 2020-04-01 22:33:24 +00:00
Elis Hirwing
1983417a2f
unit: Make unit use phpbase packages 2020-03-31 22:06:56 +02:00
Frederik Rietdijk
46ec52f329 buildPython*: use pname 2020-03-30 17:07:41 +02:00
aszlig
e1d63ada02
nginx: Fix ETag patch to ignore realpath(3) error
While our ETag patch works pretty fine if it comes to serving data off
store paths, it unfortunately broke something that might be a bit more
common, namely when using regexes to extract path components of
location directives for example.

Recently, @devhell has reported a bug with a nginx location directive
like this:

  location ~^/\~([a-z0-9_]+)(/.*)?$" {
    alias /home/$1/public_html$2;
  }

While this might look harmless at first glance, it does however cause
issues with our ETag patch. The alias directive gets broken up by nginx
like this:

  *2 http script copy: "/home/"
  *2 http script capture: "foo"
  *2 http script copy: "/public_html/"
  *2 http script capture: "bar.txt"

In our patch however, we use realpath(3) to get the canonicalised path
from ngx_http_core_loc_conf_s.root, which returns the *configured* value
from the root or alias directive. So in the example above, realpath(3)
boils down to the following syscalls:

  lstat("/home", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
  lstat("/home/$1", 0x7ffd08da6f60) = -1 ENOENT (No such file or directory)

During my review[1] of the initial patch, I didn't actually notice that
what we're doing here is returning NGX_ERROR if the realpath(3) call
fails, which in turn causes an HTTP 500 error.

Since our patch actually made the canonicalisation (and thus additional
syscalls) necessary, we really shouldn't introduce an additional error
so let's - at least for now - silently skip return value if realpath(3)
has failed.

However since we're using the unaltered root from the config we have
another issue, consider this root:

  /nix/store/...-abcde/$1

Calling realpath(3) on this path will fail (except if there's a file
called "$1" of course), so even this fix is not enough because it
results in the ETag not being set to the store path hash.

While this is very ugly and we should fix this very soon, it's not as
serious as getting HTTP 500 errors for serving static files.

I added a small NixOS VM test, which uses the example above as a
regression test.

It seems that my memory is failing these days, since apparently I *knew*
about this issue since digging for existing issues in nixpkgs, I found
this similar pull request which I even reviewed:

https://github.com/NixOS/nixpkgs/pull/66532

However, since the comments weren't addressed and the author hasn't
responded to the pull request, I decided to keep this very commit and do
a follow-up pull request.

[1]: https://github.com/NixOS/nixpkgs/pull/48337

Signed-off-by: aszlig <aszlig@nix.build>
Reported-by: @devhell
Acked-by: @7c6f434c
Acked-by: @yorickvP
Merges: https://github.com/NixOS/nixpkgs/pull/80671
Fixes: https://github.com/NixOS/nixpkgs/pull/66532
2020-03-28 02:57:21 +01:00
Emily
7be86f3b3c openresty: 1.15.8.2 -> 1.15.8.3 2020-03-24 11:37:44 -05:00
Aaron Andersen
6283b00f4f
Merge pull request #82319 from aanderse/tomcat-update
tomcat: 7.0.92 -> 7.0.100, 8.5.42 -> 8.5.51, 9.0.21 -> 9.0.31
2020-03-16 15:46:48 -04:00
R. RyanTM
79586e1b74 tomcat_connectors: 1.2.46 -> 1.2.48 2020-03-14 14:30:51 +01:00
Mario Rodas
34914fce19
Merge pull request #82290 from helsinki-systems/upd/ngx_fastcgi_cache_purge
nginxModules.fastcgi-cache-purge: 2.3 -> 2.5
2020-03-13 08:44:44 -05:00
Izorkin
5dbe01af5b unit: 1.15.0 -> 1.16.0 2020-03-12 19:53:13 +00:00
Aaron Andersen
46e7580f24 tomcat9: 9.0.21 -> 9.0.31 2020-03-11 07:51:04 -04:00
Aaron Andersen
22f24f7859 tomcat8: 8.5.42 -> 8.5.51 2020-03-11 07:51:04 -04:00
Aaron Andersen
78b0222cb2 tomcat7: 7.0.92 -> 7.0.100 2020-03-11 07:51:04 -04:00
ajs124
0aec2cdd08 nginxModules.fastcgi-cache-purge: 2.3 -> 2.5
switch to a fork that seems sort of alive
2020-03-10 23:35:15 +01:00
Aaron Andersen
fc7efd51d6
Merge pull request #80182 from dirkx/Redwax-0.22-update
redwax-modules: 0.2.1 -> 0.2.2/0.2.3
2020-02-22 19:03:21 -05:00
Dirk-Willem van Gulik
928c365a1b redwax-modules: 0.2.1 -> 0.2.2/0.2.3 2020-02-21 12:00:00 +01:00
R. RyanTM
56debabe34 mod_wsgi: 4.7.0 -> 4.7.1 2020-02-19 08:54:38 +00:00
Frederik Rietdijk
1a6c3cb06b Merge staging into staging-next 2020-02-11 07:59:53 +01:00
zimbatm
bcdc90a3a7 ruby_2_4: remove
According to https://endoflife.software/programming-languages/server-side-scripting/ruby
ruby 2.4 will go end-of-life in march, where the new release of nixpkgs
will be cut. We won't be able to support it for security updates.

Remove all references to ruby_2_4 and add ruby_2_7 instead where
missing.

Mark packages that depend on ruby 2.4 as broken:
* chefdk
* sonic-pi
2020-02-10 13:23:35 -05:00
R. RyanTM
3815de80c0 unit: 1.14.0 -> 1.15.0 2020-02-10 14:47:35 +00:00
Frederik Rietdijk
03755ed59a Merge master into staging-next 2020-02-09 09:17:51 +01:00
R. RyanTM
fa84aa8adb lighttpd: 1.4.54 -> 1.4.55 2020-02-08 18:13:10 +01:00
Vladimír Čunát
48a997cd76
Merge #66528: glibc: 2.27 -> 2.30 (into staging)
Includes update of stdenv bootstap tools (for three main platforms)
and many package fixes with new glibc.
2020-02-05 13:41:09 +01:00