Commit graph

142180 commits

Author SHA1 Message Date
Andreas Rammhold
e179003026
nixos/tests; add haproxy 2018-06-08 22:31:47 +02:00
Andreas Rammhold
ea8b37c1c8
haproxy: fix CVE-2018-11469 2018-06-04 22:11:09 +02:00
Andreas Rammhold
6d03390d12
haproxy: 1.8.4 -> 1.8.9
This fixes CVE-2018-10184 a potential remote denial of service in the
http/2 module. The version bump also includes various other changes that
are described in the changelog [1]:

2018/05/18 : 1.8.9
    - BUG/MINOR: pattern: Add a missing HA_SPIN_INIT() in pat_ref_newid()
    - BUG/MAJOR: channel: Fix crash when trying to read from a closed socket
    - BUG/MINOR: log: t_idle (%Ti) is not set for some requests
    - BUG/MEDIUM: lua: Fix segmentation fault if a Lua task exits
    - MINOR: h2: detect presence of CONNECT and/or content-length
    - BUG/MEDIUM: h2: implement missing support for chunked encoded uploads
    - BUG/MINOR: lua/threads: Make lua's tasks sticky to the current thread
    - BUG/MINOR: config: disable http-reuse on TCP proxies
    - BUG/MINOR: checks: Fix check->health computation for flapping servers
    - BUG/MEDIUM: threads: Fix the sync point for more than 32 threads
    - BUG/MINOR: lua: Put tasks to sleep when waiting for data
    - DOC/MINOR: clean up LUA documentation re: servers & array/table.
    - BUG/MINOR: map: correctly track reference to the last ref_elt being dumped
    - BUG/MEDIUM: task: Don't free a task that is about to be run.
    - BUG/MINOR: lua: schedule socket task upon lua connect()
    - BUG/MINOR: lua: ensure large proxy IDs can be represented
    - BUG/MEDIUM: http: don't always abort transfers on CF_SHUTR
    - BUG/MEDIUM: pollers: Use a global list for fd shared between threads.
    - BUG/MEDIUM: ssl: properly protect SSL cert generation
    - BUG/MINOR: spoe: Mistake in error message about SPOE configuration

2018/04/19 : 1.8.8
    - BUG/MEDIUM: threads: Fix the max/min calculation because of name clashes
    - BUG/MEDIUM: connection: Make sure we have a mux before calling detach().
    - BUG/MINOR: http: Return an error in proxy mode when url2sa fails
    - BUG/MEDIUM: kqueue: When adding new events, provide an output to get errors.
    - BUG/MINOR: cli: Guard against NULL messages when using CLI_ST_PRINT_FREE
    - MINOR: cli: Ensure the CLI always outputs an error when it should
    - DOC: lua: update the links to the config and Lua API
    - BUG/CRITICAL: h2: fix incorrect frame length check

2018/04/07 : 1.8.7
    - BUG/MAJOR: cache: always initialize newly created objects
    - MINOR: servers: Support alphanumeric characters for the server templates names

2018/04/05 : 1.8.6
    - BUG/MINOR: lua: the function returns anything
    - BUG/MINOR: lua funtion hlua_socket_settimeout don't check negative values
    - BUILD/MINOR: fix build when USE_THREAD is not defined
    - MINOR: cli/threads: make "show fd" report thread_sync_io_handler instead of "unknown"
    - MINOR: cli: make "show fd" report the mux and mux_ctx pointers when available
    - BUILD/MINOR: cli: fix a build warning introduced by last commit
    - BUG/MINOR: hpack: fix harmless use of uninitialized value in hpack_dht_insert
    - CLEANUP: h2: rename misleading h2c_stream_close() to h2s_close()
    - MINOR: h2: provide and use h2s_detach() and h2s_free()
    - BUG/MAJOR: h2: remove orphaned streams from the send list before closing
    - MINOR: h2: always call h2s_detach() in h2_detach()
    - MINOR: h2: fuse h2s_detach() and h2s_free() into h2s_destroy()
    - BUG/MEDIUM: h2/threads: never release the task outside of the task handler
    - BUG/MEDIUM: h2: don't consider pending data on detach if connection is in error
    - BUILD/MINOR: threads: always export thread_sync_io_handler()
    - BUG/MEDIUM: h2: always add a stream to the send or fctl list when blocked
    - BUG/MINOR: checks: check the conn_stream's readiness and not the connection
    - BUG/MINOR: email-alert: Set the mailer port during alert initialization
    - BUG/MINOR: cache: fix "show cache" output
    - BUG/MINOR: fd: Don't clear the update_mask in fd_insert.
    - BUG/MAJOR: cache: fix random crashes caused by incorrect delete() on non-first blocks
    - BUG/MINOR: spoe: Initialize variables used during conf parsing before any check
    - BUG/MINOR: spoe: Don't release the context buffer in .check_timeouts callbaclk

2018/03/23 : 1.8.5
    - BUG/MINOR: threads: fix missing thread lock labels for 1.8
    - BUG/MEDIUM: ssl: Don't always treat SSL_ERROR_SYSCALL as unrecovarable.
    - BUG/MEDIUM: ssl: Shutdown the connection for reading on SSL_ERROR_SYSCALL
    - BUG/MINOR: init: Add missing brackets in the code parsing -sf/-st
    - BUG/MINOR: ssl/threads: Make management of the TLS ticket keys files thread-safe
    - BUG/MEDIUM: http: Switch the HTTP response in tunnel mode as earlier as possible
    - BUG/MEDIUM: ssl/sample: ssl_bc_* fetch keywords are broken.
    - DOC: lua: new prototype for function "register_action()"
    - DOC: cfgparse: Warn on option (tcp|http)log in backend
    - BUG/MINOR: debug/pools: properly handle out-of-memory when building with DEBUG_UAF
    - MINOR: debug/pools: make DEBUG_UAF also detect underflows
    - BUG/MINOR: h2: Set the target of dbuf_wait to h2c
    - MINOR: stats: display the number of threads in the statistics.
    - BUG/MEDIUM: h2: always consume any trailing data after end of output buffers
    - BUG/MEDIUM: buffer: Fix the wrapping case in bo_putblk
    - BUG/MEDIUM: buffer: Fix the wrapping case in bi_putblk
    - Revert "BUG/MINOR: send-proxy-v2: string size must include ('\0')"
    - MINOR: systemd: Add section for SystemD sandboxing to unit file
    - MINOR: systemd: Add SystemD's Protect*= options to the unit file
    - MINOR: systemd: Add SystemD's SystemCallFilter option to the unit file
    - MINOR/BUILD: fix Lua build on Mac OS X
    - BUILD/MINOR: fix Lua build on Mac OS X (again)
    - BUG/MINOR: session: Fix tcp-request session failure if handshake.
    - CLEANUP: .gitignore: Ignore binaries from the contrib directory
    - BUG/MINOR: unix: Don't mess up when removing the socket from the xfer_sock_list.
    - BUG/MEDIUM: h2: also arm the h2 timeout when sending
    - BUG/MINOR: cli: Fix a crash when passing a negative or too large value to "show fd"
    - CLEANUP: ssl: Remove a duplicated #include
    - CLEANUP: cli: Remove a leftover debug message
    - BUG/MINOR: cli: Fix a typo in the 'set rate-limit' usage
    - BUG/MEDIUM: fix a 100% cpu usage with cpu-map and nbthread/nbproc
    - BUG/MINOR: force-persist and ignore-persist only apply to backends
    - BUG/MEDIUM: spoe: Remove idle applets from idle list when HAProxy is stopping
    - BUG/MEDIUM: threads/unix: Fix a deadlock when a listener is temporarily disabled
    - BUG/MAJOR: threads/queue: Fix thread-safety issues on the queues management
    - BUG/MINOR: dns: don't downgrade DNS accepted payload size automatically
    - BUG/MINOR: seemless reload: Fix crash when an interface is specified.
    - BUG/MINOR: cli: Fix a crash when sending a command with too many arguments
    - BUILD: ssl: Fix build with OpenSSL without NPN capability
    - BUG/MINOR: spoa-example: unexpected behavior for more than 127 args
    - BUG/MINOR: lua: return bad error messages
    - BUG/MEDIUM: tcp-check: single connect rule can't detect DOWN servers
    - BUG/MINOR: tcp-check: use the server's service port as a fallback
    - BUG/MEDIUM: threads/queue: wake up other threads upon dequeue
    - MINOR: log: stop emitting alerts when it's not possible to write on the socket
    - BUILD/BUG: enable -fno-strict-overflow by default
    - DOC: log: more than 2 log servers are allowed
    - DOC: don't suggest using http-server-close
    - BUG/MEDIUM: h2: properly account for DATA padding in flow control
    - BUG/MINOR: h2: ensure we can never send an RST_STREAM in response to an RST_STREAM
    - BUG/MINOR: listener: Don't decrease actconn twice when a new session is rejected

[1] https://www.haproxy.org/download/1.8/src/CHANGELOG
2018-06-04 22:10:49 +02:00
Daiderd Jordan
0b458a4129
Merge pull request #41449 from flokli/vinagre-build
gnome3.vinagre: fix build
2018-06-04 21:32:20 +02:00
Matthew Justin Bauer
f34b498bd2
vinagre: disable format hardening
https://hydra.nixos.org/build/75464534/nixlog/1
2018-06-04 14:52:32 -04:00
Tim Steinbach
39444569e0
linux: Add 4.17 2018-06-04 14:12:03 -04:00
Florian Klink
67eaab86b4 gnome3.vinagre: fix build
Currently, vinagre fails to build with the following message:

vinagre/vinagre-utils.c: In function 'vinagre_utils_request_credential':
vinagre/vinagre-utils.c:686:2: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
  _tmp12_ = g_strdup_printf (_tmp10_, _tmp11_);
  ^~~~~~~

vinagre-utils.c seems to be generated from vinagre-utils.vala. I
couldn't find anything weird in here, so let's disable
-Werror=format-nonliteral for now as done elsewhere, too.
2018-06-04 16:24:38 +02:00
Tim Steinbach
5c4a404b0d
linux-copperhead: 4.16.12.a -> 4.16.13.a 2018-06-04 10:22:39 -04:00
Rob Vermaas
c548814b81
julia: add some version info to passthru, will be used by julia2nix 2018-06-04 15:06:33 +02:00
Rob Vermaas
19332e4d52
Merge pull request #41311 from AmineChikhaoui/fix-gce-fetch-ssh
GCE image: properly remove the temporary ssh host keys files/directory
2018-06-04 11:38:07 +02:00
AmineChikhaoui
1398d0c312
avoid redundant rm calls 2018-06-04 10:23:40 +01:00
Orivej Desh
e5dedc5f3b perlPackages.CPANPLUS: add cpanp dependency 2018-06-04 08:40:39 +00:00
Orivej Desh
07e1ae54a6 plotutils: fix parallel building
E.g. https://hydra.nixos.org/build/75429322:

     b_closepl.c:21:10: fatal error: xmi.h: No such file or directory
     make[2]: *** [Makefile:958: b_closepl.lo] Error 1
     make[2]: Leaving directory '/build/plotutils-2.6/libplot'
2018-06-04 06:49:02 +00:00
Thomas Kerber
61f5b9d6c4 nixos/gitea: Respect gitea-dump enable option. (#41437) 2018-06-04 08:41:20 +02:00
Geoffrey Huntley
ca0e52edc3 kubernetes: corrected spelling mistake in docs (#41439) 2018-06-04 05:45:25 +00:00
Orivej Desh
1c7acb09fa python.pkgs.trustme: fix python2 build 2018-06-04 04:06:09 +00:00
Orivej Desh
6db9f4685a python.pkgs.cairocffi: update tests for Cairo 1.15.12
Fixes #41183
2018-06-04 02:37:14 +00:00
Orivej Desh
264254568b python.pkgs.cairocffi: 0.8.0 -> 0.8.1 2018-06-04 02:00:32 +00:00
Orivej Desh
39c2df48d5 freecell-solver: fix build 2018-06-04 00:47:56 +00:00
Orivej Desh
5b96694e2d perlPackages.CPANPLUS: restore build inputs removed in #41394 2018-06-03 22:47:19 +00:00
Will Fancher
ea52ca64e8 Fix GHCJS 8.4/8.2 in sandboxed builds (#41411) 2018-06-03 23:28:17 +02:00
lewo
0644b4d948 dockerTools.pullImage: expose image* attributes (#41366)
Attributes `imageName` and `imageTag` are exposed if the image is
built by our Nix tools but not if the image is pulled. So, we expose
these attributes for convenience and homogeneity.
2018-06-03 22:58:23 +02:00
Matthew Justin Bauer
332b9dedc8
rust: disable tests on darwin
See https://github.com/rust-lang/rust/issues/51006

Tests frequently fail on Darwin. Not sure why but it's easier to just disable for now.
2018-06-03 16:56:17 -04:00
Orivej Desh
93cb47a2fc python.pkgs.detox: 0.11 -> 0.12
Fixes build with python.pkgs.tox 3.0.0.
2018-06-03 20:48:54 +00:00
Orivej Desh
64fd1ceb38 certbot: disable check on darwin
On Hydra it fails with "Too many open files":
https://hydra.nixos.org/build/64286041
https://hydra.nixos.org/build/75419471
2018-06-03 20:42:53 +00:00
Orivej Desh
214b35d115 freeimage: fix build with glibc 2.27 2018-06-03 20:38:08 +00:00
Mario Rodas
76f6dc1772 shadowsocks-libev: supports darwin (#41421) 2018-06-03 22:20:21 +02:00
Maximilian Bosch
a47d34cebe pythonPackages.jira: fix build (#41419)
The build for `pythonPackages.jira` failed with the following error:

```
Download error on https://pypi.python.org/simple/sphinx/: [Errno -2] Name or service not known -- Some packages may not be found!
Couldn't find index page for 'sphinx' (maybe misspelled?)
Download error on https://pypi.python.org/simple/: [Errno -2] Name or service not known -- Some packages may not be found!
No local packages or working download links found for sphinx>=1.6.5
Traceback (most recent call last):
  ...
  File "/nix/store/bp4dillg6xxblpf00v8d9nxfx3bnggfy-python3.6-bootstrapped-pip-10.0.1/lib/python3.6/site-packages/setuptools/command/easy_install.py", line 667, in easy_install
    raise DistutilsError(msg)
distutils.errors.DistutilsError: Could not find suitable distribution for Requirement.parse('sphinx>=1.6.5')
builder for '/nix/store/8dv7mpspyk6kxwnzqb43rzm4q5j14xp0-python3.6-jira-1.0.15.drv' failed with exit code 1
```

The root issue is most likely caused by some docs fixes upstream
(519183d874)
which were released in 1.0.15. The bump (without the fix) has been
performed in 7a6bf668fb. Since `sphinx`
isn't needed during runtime, it's not necessary to use it as
`propagatedBuildInput`. In order to work around this the dependency had
to be removed from from `setup.py`.

See https://hydra.nixos.org/build/75004048 for further reference
2018-06-03 22:11:29 +02:00
xeji
ca11e5acfa
Merge pull request #41424 from dasJ/schema2ldif
schema2ldif: Init at 1.3
2018-06-03 22:10:47 +02:00
Orivej Desh
96606abf82 SDL: propagate libiconv
SDL/SDL.h includes SDL/SDL_stdinc.h which includes iconv.h, therefore all
packages that include SDL.h should be able to include iconv.h

Fixes SDL_gfx, SDL_image etc. on Darwin.
2018-06-03 20:00:40 +00:00
Janne Heß
f569a0a684 schema2ldif: Init at 1.3 2018-06-03 21:39:06 +02:00
Janne Heß
b3e7923b94 nixos/exim: Add unit restart trigger (#41418) 2018-06-03 21:22:55 +02:00
Janne Heß
c1419f0e63 Add myself as maintainer for dnsdist
See Mic92's comment at #38658
2018-06-03 20:46:40 +02:00
Janne Heß
fdafb70453 Add myself as maintainer 2018-06-03 20:46:01 +02:00
xeji
bb7d67d74a
Merge pull request #41410 from jokogr/u/jetbrains-idea-2018.1.4
Jetbrains IDEA: 2018.1.3 -> 2018.1.4
2018-06-03 19:24:47 +02:00
Vladyslav M
e92c428593 synapse-bt: init at 2018-06-04 (#41402) 2018-06-03 19:10:38 +02:00
Vladyslav M
2c382eda62 skim: 0.3.2 -> 0.4.0 (#41417) 2018-06-03 19:02:28 +02:00
xeji
003dd8588b
Merge pull request #41409 from ruuda/imagemagick-fftw
imagemagick: depend on fftw for fft feature
2018-06-03 18:58:44 +02:00
xeji
e4ad5639c0
Merge pull request #41139 from Moredread/freecad-0.17
freecad: 0.16.6712 -> 0.17
2018-06-03 18:29:43 +02:00
Benjamin Hipple
646767e961 ctags: fix source url (#41382) 2018-06-03 18:15:51 +02:00
Vladimír Čunát
448d7d648d
Merge branch 'staging'
It's only half-rebuilt on Hydra, but it brings a security fix.
2018-06-03 13:52:13 +02:00
Ioannis Koutras
60762627bf jetbrains.idea-ultimate: 2018.1.3 -> 2018.1.4 2018-06-03 14:01:12 +03:00
Ioannis Koutras
613e4dec6b jetbrains.idea-community: 2018.1.3 -> 2018.1.4 2018-06-03 14:01:02 +03:00
Jörg Thalheim
318920725a
Merge pull request #41400 from Chiiruno/dev/multimc
multimc: 0.6.1 -> 0.6.2
2018-06-03 11:48:25 +01:00
Jörg Thalheim
b240ab11ae
Merge pull request #41350 from Mic92/godep
godep: remove in favor of dep
2018-06-03 11:39:38 +01:00
Jörg Thalheim
d036073bcf
Merge pull request #41373 from volth/bitwise
lib: bitAnd, bitOr, bitXor
2018-06-03 11:38:56 +01:00
Ruud van Asseldonk
122f66a513 imagemagick: set license metadata 2018-06-03 12:09:02 +02:00
Ruud van Asseldonk
33a51d78a2 imagemagick: depend on fftw for fft feature 2018-06-03 12:05:17 +02:00
Peter Simons
da11a27109
Merge pull request #41334 from jhenahan/patch-3
configuration-ghc-8.4.x: bump to dhall_1_14_0
2018-06-03 12:03:42 +02:00
Andreas Rammhold
033798f961
Merge pull request #41405 from andir/prosody-cve-2018-10847
prosody: 0.10.1 -> 0.10.2
2018-06-03 10:34:27 +02:00