Commit graph

106844 commits

Author SHA1 Message Date
Frederik Rietdijk
b7e7646849 Merge pull request #25159 from matthewbauer/wxwidgets-refactor2
wxWidgets: move wxGTK-* to one wxWidgets folder
2017-04-30 15:02:18 +02:00
Tim Steinbach
0c4de3c0c9
linux: 4.4.64 -> 4.4.65 2017-04-30 08:58:44 -04:00
Frederik Rietdijk
ab27720bf6 Merge pull request #25298 from lsix/update_libidn2
libidn2: 2.0.1 -> 2.0.2
2017-04-30 14:54:27 +02:00
Vladimír Čunát
9860e77f79
Merge branch 'master' into staging 2017-04-30 14:40:39 +02:00
Thomas Tuegel
4e0d21edd1 Merge pull request #25285 from ttuegel/qt--fix-plugin-paths
Qt: purify plugin paths, unify Linux and Darwin builders
2017-04-30 07:33:50 -05:00
Daiderd Jordan
5e3de3938e Merge pull request #25217 from LnL7/darwin-csdp
csdp: fix darwin build
2017-04-30 14:33:30 +02:00
Linus Heckemann
3e31f2a645 dolphin-emu: include more dependencies
Previously, dolphin would build against vendored copies of the
libraries (shipped in source code form). This would result both
in a longer build (wxWidgets takes a while to build!) and in
bulkier binaries that wouldn't share libraries with others,
along with using fixed versions of curl and mbedtls which may
be left with unpatched security vulnerabilities.
2017-04-30 13:20:52 +01:00
Vladimír Čunát
eb4792a03f
nixos manual: add a note about "nofail" FS option
Close #1858, as I think the points have been well resolved.
2017-04-30 14:10:30 +02:00
obadz
f5939cde52 Merge pull request #25341 from womfoo/bump/facter-3.6.4
facter: 3.6.0 -> 3.6.4 and related deps
2017-04-30 12:47:20 +01:00
Vladimír Čunát
e8d2b81988
Merge #25302: krita: 3.1.2.1 -> 3.1.3 2017-04-30 13:44:38 +02:00
Vladimír Čunát
ac0b90f8c7
krita: fixup meta
Nix 1.12 (pre) would complain otherwise.
2017-04-30 13:42:35 +02:00
Kranium Gikos Mendoza
673ac9506b facter: 3.6.0 -> 3.6.4 2017-04-30 21:13:26 +10:00
Kranium Gikos Mendoza
7dbab8b2ff leatherman: 0.10.1 -> 0.11.2 2017-04-30 21:12:47 +10:00
Kranium Gikos Mendoza
a513a38066 cpp-hocon: 0.1.4 -> 0.1.5 2017-04-30 21:12:29 +10:00
Frederik Rietdijk
e42792ad46 Merge pull request #25028 from armijnhemel/psycopg2
psycopg2: 2.6.1 -> 2.7.1
2017-04-30 13:03:55 +02:00
David Izquierdo
b8463e97b6 pythonPackages.markupsafe: 0.23 -> 1.0 2017-04-30 12:56:38 +02:00
Michael Raskin
ce9c7dd0d6 Merge pull request #21822 from rht/master
coq_HEAD: Update to the latest commit
2017-04-30 12:49:20 +02:00
Frederik Rietdijk
b6cffb5d58 pythonPackages: comment explaining what's supposed to be in there 2017-04-30 12:45:52 +02:00
Peter Marheine
53c2f3c52e cherrypy: 3.2.2 -> 8.7.0 2017-04-30 12:28:46 +02:00
Peter Marheine
88d78f9d46 babelfish: 0.5.3 -> 0.5.5 2017-04-30 12:28:45 +02:00
Peter Marheine
5bd1ea51cb apscheduler: 3.0.4 -> 3.3.1 2017-04-30 12:28:45 +02:00
Michael Raskin
b5c3586289 Merge pull request #25333 from zraexy/zraexy-nvidia-x11
nvidia-x11: switch download urls to https
2017-04-30 12:23:54 +02:00
Michael Raskin
cd9ebdaa18 Merge pull request #25334 from volth/xfce4-dockbarx-plugin
xfce4-dockbarx-plugin: init at 0.5
2017-04-30 12:20:02 +02:00
Michael Raskin
689916b98f Merge pull request #25337 from benley/nm-dnsmasq
nixos: optional NetworkManager dnsmasq integration
2017-04-30 12:18:34 +02:00
Michael Raskin
56a90b2fbf Merge pull request #25338 from changlinli/upgrade-rstudio
RStudio: 0.98.110 -> 1.1.216
2017-04-30 12:17:46 +02:00
Peter Marheine
19629c4892 zerobin: disable tests because it doesn't have any
It does however contain a copy of cherrypy that doesn't get installed,
which fails tests when it tries to import from cherrypy and gets imports
from the version provided by Nix (which is probably not the same one as
is having its tests run).
2017-04-30 12:10:27 +02:00
Peter Marheine
2074d586a9 terminaltables: init at 3.1.0 2017-04-30 12:10:27 +02:00
Peter Marheine
7c25047677 safe: init at 0.4 2017-04-30 12:10:26 +02:00
Peter Marheine
4bd86e5c51 colorclass: init at 2.2.0 2017-04-30 12:10:25 +02:00
Peter Marheine
044b3c93e7 rebulk: init at 0.8.2 2017-04-30 12:10:25 +02:00
Peter Marheine
fc71c626e7 flask-restplus: init at 0.8.6 2017-04-30 12:10:24 +02:00
Peter Marheine
3af5b60e27 flask-restful: init at 0.3.5 2017-04-30 12:10:24 +02:00
Peter Marheine
0f765d7807 flask-compress: init at 1.3.2 2017-04-30 12:10:23 +02:00
Peter Marheine
1bcc8d026c aniso8601: init at 1.2.0 2017-04-30 12:10:23 +02:00
Michael Raskin
71306c71c0 torbrowser: comment out the warning, as it got displayed in irrelevant contexts 2017-04-30 12:09:27 +02:00
Joachim Fasting
1dd3ba924b
nixos/hardened profile: disable hibernation
Recommended by KSPP
2017-04-30 12:06:11 +02:00
Joachim Fasting
ffa83edf4a
nixos/tests: add tests for exercising various hardening features
This test exercises the linux_hardened kernel along with the various
hardening features (enabled via the hardened profile).

Move hidepid test from misc, so that misc can go back to testing a vanilla
configuration.
2017-04-30 12:05:42 +02:00
Joachim Fasting
ab4fa1cce4
tree-wide: prune some dead grsec leaves
The beginning of pruning grsecurity/PaX from the tree.
2017-04-30 12:05:41 +02:00
Joachim Fasting
8c98e8ca2f
nixos/hardened profile: use the linux_hardened kernel 2017-04-30 12:05:40 +02:00
Joachim Fasting
62f2a1c2be
linux_hardened: init
The rationale for this is to have a place to enable hardening features
that are either too invasive or that may be speculative/yet proven to be
worthwhile for general-purpose kernels.
2017-04-30 12:05:39 +02:00
Joachim Fasting
6a5a5728ee
nixos/hardened profile: lock kernel modules 2017-04-30 12:05:38 +02:00
Joachim Fasting
878ad1ce6e
nixos: add option to lock kernel modules
Adds an option `security.lockKernelModules` that, when enabled, disables
kernel module loading once the system reaches its normal operating state.

The rationale for this over simply setting the sysctl knob is to allow
some legitmate kernel module loading to occur; the naive solution breaks
too much to be useful.

The benefit to the user is to help ensure the integrity of the kernel
runtime: only code loaded as part of normal system initialization will be
available in the kernel for the duration of the boot session.  This helps
prevent injection of malicious code or unexpected loading of legitimate
but normally unused modules that have exploitable bugs (e.g., DCCP use
after free CVE-2017-6074, n_hldc CVE-2017-2636, XFRM framework
CVE-2017-7184, L2TPv3 CVE-2016-10200).

From an aestethic point of view, enabling this option helps make the
configuration more "declarative".

Closes https://github.com/NixOS/nixpkgs/pull/24681
2017-04-30 12:05:37 +02:00
Changlin Li
d6f602c247 RStudio: 0.98.110 -> 1.1.216
This fixes incompatibilities introduced by a new R version in
d16c38a260

It also fixes #25315 as a result.
2017-04-30 05:47:33 -04:00
Vladimír Čunát
7ee05dff30
Merge: efl: 1.18.x -> 1.19.0 (close #25095)
I used a setupHook instead of patching expressions for individual
reverse dependencies (four were broken).
2017-04-30 11:36:36 +02:00
Vladimír Čunát
18a7f7d4a5
efl: set $HOME for reverse dependencies 2017-04-30 11:35:59 +02:00
Vladimír Čunát
aa044dd105
efl: wrap the first line
It was >400 chars long!
2017-04-30 11:35:30 +02:00
Jörg Thalheim
fa5196e47e Merge pull request #25005 from Lassulus/copytoram
nixos/stage1: add copytoram support
2017-04-30 11:22:45 +02:00
Frederik Rietdijk
dce7ebbd9b pythonPackages.basemap: build wheel, fixes #24621 2017-04-30 10:37:04 +02:00
Frederik Rietdijk
a4aaf5adfd pyside: fix on Python 3.x, closes #25328
Pyside requires several tools that do not provide Python modules. They
therefore do not need to be build Python-version dependent and so we
move them out of `python-packages.nix`.

Furthermore, shiboken needs libxml2 and libxslt libraries but not their
Python bindings.
2017-04-30 10:33:19 +02:00
Michael Raskin
d729a25a3e Merge pull request #21321 from rardiol/worldengine
Worldengine
2017-04-30 10:28:40 +02:00