73f6410851
cgit: 0.11.2 -> 0.12 for CVE-2016-1899 CVE-2016-1900 CVE-2016-1901
2016-02-27 15:35:19 -06:00
0a2c3ec971
mysql: 5.5.45 -> 5.5.48 for multiple CVEs: CVE-2015-4792 CVE-2015-4802 CVE-2015-4815 CVE-2015-4816 CVE-2015-4819 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4879 CVE-2015-4913
2016-02-27 15:31:52 -06:00
8726c6d506
webkitgtk: Disable Hydra build
...
This package takes an excessive amount of time to build (e.g., right
now Hydra is showing eight concurrent builds of webkitgtk, some of
them running for more than 6 hours). This may also delay channel
updates.
2016-02-27 22:29:24 +01:00
be4ebe0046
perl: 5.22.0 -> 5.22.1
2016-02-27 22:22:26 +01:00
7627bf6f3f
perl: Unify 5.20 and 5.22 expressions
2016-02-27 22:22:26 +01:00
7281144f4b
90secondportraits: init at 1.01b
2016-02-27 22:08:18 +01:00
41d00c436d
sienna: init at 1.0c
2016-02-27 22:01:53 +01:00
77134ea4a5
jasper: patch for CVE-2016-1867
2016-02-27 14:48:29 -06:00
c39cc6cd60
Merge pull request #13512 from magnetophon/yoshimi-1.3.8.2
...
yoshimi: 1.3.7.1 -> 1.3.8.2
2016-02-27 23:38:45 +03:00
a1b69275af
libbsd: 0.7.0 -> 0.8.2 for CVE-2016-2090
2016-02-27 14:32:56 -06:00
3e1b8935c0
mbedtls: 1.3.14 -> 1.3.16 for CVE-2015-8036
2016-02-27 14:23:56 -06:00
a6347a3477
Merge pull request #13511 from magnetophon/ardour-4.7
...
ardour: 4.4-> 4.7
2016-02-27 22:46:04 +03:00
4deefc15ef
yoshimi: 1.3.7.1 -> 1.3.8.2
2016-02-27 20:29:44 +01:00
e6f61b4cf3
fetchurlBoot: Use Nix's builtin fetchurl function
...
This removes the need for curl in bootstrapTools, and enables https
for bootstrap tarballs.
2016-02-27 20:27:24 +01:00
6f8db5b12e
ardour: 4.4-> 4.7
2016-02-27 20:26:20 +01:00
824a1fb5b9
Merge pull request #13496 from zimbatm/no-dots-at-end-of-description
...
Remove all dots at end of descriptions
2016-02-27 21:34:06 +03:00
0a9076b5f8
socat: 2.0.0-b8 -> 2.0.0-b9 (CVE-2016-2217)
...
https://lwn.net/Vulnerabilities/674840/
http://www.dest-unreach.org/socat/contrib/socat-secadv7.html
http://www.dest-unreach.org/socat/contrib/socat-secadv8.html
2016-02-27 19:10:38 +01:00
88d1564985
socat: 1.7.3.0 -> 1.7.3.1 (CVE-2016-2217)
...
https://lwn.net/Vulnerabilities/674840/
http://www.dest-unreach.org/socat/contrib/socat-secadv7.html
http://www.dest-unreach.org/socat/contrib/socat-secadv8.html
2016-02-27 19:10:38 +01:00
58f0071a9e
renoise: Don't use builtins.currentSystem
...
stdenv.system should be almost always used instead of builtins.currentSystem
or cross-evaluation (e.g. evaluating a i686 NixOS system on a 64-bit nix)
will be subtly broken.
2016-02-27 19:58:18 +02:00
6ea526462b
splix: cleanup
...
* remove commented code
* remove unused patch
* fix package naming
2016-02-27 17:36:10 +00:00
17348dc094
Remove all dots at end of descriptions
...
Specially crafted for @JagaJaga
find pkgs -name "*.nix" -exec \
sed -e 's|\(description.*\)\.";|\1";|g' -i {} \;
2016-02-27 17:30:29 +00:00
0fc6de6c3a
U-Boot: Fix ubootTools
...
Oops, I forgot to test build this...
2016-02-27 19:30:17 +02:00
158ff99ae4
chrony: 2.2 -> 2.3
2016-02-27 18:00:07 +01:00
6b20b7c4d7
qemu: 2.4.1 -> 2.5.0 (multiple CVEs)
...
https://lwn.net/Vulnerabilities/666755/
2016-02-27 17:53:22 +01:00
ca2611650a
nghttp2: 1.3.4 -> 1.7.1 (CVE-2016-1544)
...
https://lwn.net/Vulnerabilities/675696/
2016-02-27 17:53:22 +01:00
0c0312d342
Merge pull request #13048 from bendlas/update-i2p
...
i2p: 0.9.23 -> 0.9.24
2016-02-27 17:49:20 +01:00
7dc5ad835a
http-parser: 2.5.0 -> 2.6.1 (CVE-2016-2086, CVE-2016-2216)
...
Fixes build of nodejs-0_10 and nodejs-4_x.
2016-02-27 17:27:17 +01:00
e5bd913ea5
pixman: 0.32.8 -> 0.34.0 (security release)
2016-02-27 17:06:24 +01:00
e3ecee8b13
nodejs: 5.5.0 -> 5.6.0 (CVE-2016-2086, CVE-2016-2216)
...
https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/
2016-02-27 17:06:24 +01:00
6fd20ad747
nodejs: 4.2.3 -> 4.3.0 (CVE-2016-2086, CVE-2016-2216)
...
https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/
2016-02-27 17:06:24 +01:00
3673c5bf52
nodejs: 0.10.41 -> 0.10.42 (CVE-2016-2086, CVE-2016-2216)
...
https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/
2016-02-27 17:06:24 +01:00
c6b1f48e31
libgcrypt: 1.6.4 -> 1.6.5 (CVE-2015-7511)
...
https://www.cs.tau.ac.il/~tromer/ecdh/
2016-02-27 17:06:24 +01:00
ead0fe5b71
Merge pull request #13500 from leenaars/mr_rescue
...
mrrescue: init at 1.02
2016-02-27 18:42:15 +03:00
18bf70619f
Merge pull request #13503 from hrdinka/add/retrofe
...
retrofe: init at 0.6.169
2016-02-27 18:41:28 +03:00
3030dec0d7
yandex-disk: 0.1.5.940 -> 0.1.5.948
2016-02-27 18:39:42 +03:00
73e0c261c2
linux: 4.4.2 -> 4.4.3
2016-02-27 16:34:02 +01:00
c691b6a858
ntp: 4.2.8p4 -> 4.2.8p6 (multiple CVEs)
...
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
2016-02-27 16:34:02 +01:00
571f5b74ed
ffmpeg: 2.8.5 -> 2.8.6 (CVE-2016-2329)
2016-02-27 16:34:02 +01:00
6ae6016d15
libxmp: 4.3.8 -> 4.3.11 (security release)
...
https://lwn.net/Alerts/676256/
2016-02-27 16:31:35 +01:00
ebe7856983
mrrescue: init at 1.02
2016-02-27 16:15:02 +01:00
d1c35db920
retrofe: init at 0.6.169
2016-02-27 15:41:21 +01:00
9d092e324c
xfce.gvfs: don't depend on samba
...
It seems a better fit for Xfce now.
https://github.com/NixOS/nixpkgs/commit/ca3690d426dce3
2016-02-27 15:23:15 +01:00
c59c1f9fe0
e19.efl: remove the openjpeg override
...
/cc #12599 , discussed on:
https://github.com/NixOS/nixpkgs/pull/12599/files#r50664194
2016-02-27 15:23:15 +01:00
bbf113f24a
bitcoin-classic: init at 0.11.2.cl1.b1
...
From #12706 , commits re-split by vcunat.
2016-02-27 15:23:15 +01:00
127edf1194
bitcoin-xt: update 0.11A -> 0.11D
...
From #12706 , commits re-split by vcunat.
2016-02-27 15:23:15 +01:00
98a0484471
eclipse: run with the jdk, not the jre
...
This is necessary so that tools like native2ascii are available to
maven eclipse integration (m2e).
2016-02-27 13:40:38 +01:00
d18a8904c0
kde5.libksysguard: fix build with glibc-2.23
...
... using an upstream patch.
2016-02-27 13:22:22 +01:00
8615f026a4
v8_3_16_14: use default stdenv
2016-02-27 12:16:00 +00:00
cfffac2a90
postfix: use hardening flags from stdenv
2016-02-27 11:50:34 +00:00
21547a61ba
nix-prefetch-git: print out valid nix expression; make --quiet very quiet
2016-02-27 21:26:35 +11:00
13afef0d8e
webkitgtk: fix build with glibc-2.23
...
... by a patch accepted upstream.
2.4 seems to build fine without patching.
2016-02-27 11:07:56 +01:00
14177f5e0b
speed_dreams: remove obsolete variable
2016-02-27 09:38:51 +00:00
d3fb7acb3a
dietlibc: fix merge failure
2016-02-27 09:29:15 +00:00
a8b44c74d3
goPackages.oh: 2015-11-21 -> 2016-02-23
2016-02-27 09:58:58 +01:00
8a3308d5da
goPackages.liner: git 2016-01-24
2016-02-27 09:58:58 +01:00
08893722ba
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-02-27 08:23:17 +00:00
83bf03e1a3
glibc: disable stackprotector hardening
2016-02-27 08:20:53 +00:00
a519416a92
libreoffice: Taking a fix from BLFS for using Glibc 2.23 (isnan is not std::isnan)
2016-02-27 09:10:50 +01:00
b9853c0b9b
ecl: fix source URL
2016-02-27 08:14:01 +01:00
456cbb29d9
nix-prefetch-git: add --quiet flag and minor cleanup
2016-02-27 16:56:38 +11:00
ac94a5d86c
collectd: allow mysql to be null
2016-02-27 12:02:44 +11:00
5176e7ac77
mongodb: enable pie hardening
2016-02-27 00:48:49 +00:00
b3d9562fc8
fix evaluation
2016-02-27 00:43:49 +00:00
272cf5c44f
Merge branch 'ibus'
2016-02-26 18:10:11 -06:00
cb10990fdc
ibus-anthy: upgrade to Python 3
2016-02-26 18:08:48 -06:00
f7f965baaa
ibus-hangul: download release from GitHub
2016-02-26 18:08:48 -06:00
6c85f72a91
ibus-table: 1.9.6 -> 1.9.11
2016-02-26 18:08:48 -06:00
f058f1c1d3
ibus-with-plugins: rewrite wrapper
2016-02-26 18:08:48 -06:00
10e3664c97
ibus: 1.5.11 -> 1.5.13
2016-02-26 18:08:48 -06:00
3477e662e6
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-02-27 00:08:08 +00:00
90525b718f
Merge pull request #11141 from cresh/darwin-msmtp
...
msmtp: Enable on OS X with Keychain integration.
2016-02-27 00:02:53 +00:00
2f38c1be69
Merge pull request #11142 from cresh/darwin-sshpass
...
sshpass: Enable on OS X.
2016-02-27 00:00:01 +00:00
766ad682f1
Merge pull request #13471 from Profpatsch/networkmanager-link-local
...
networkmanager: fix link-local ip addresses
2016-02-27 02:55:31 +03:00
7feaf55b7e
Merge pull request #11314 from anderspapitto/flamegraph
...
FlameGraph: init at 182b24fb
2016-02-26 23:16:27 +00:00
4ecb1ce679
Merge pull request #11274 from robgssp/ldap
...
ldap-client: don't break on test failures
2016-02-26 23:13:27 +00:00
b4dadff542
memcached: enable pie hardening
2016-02-26 23:13:13 +00:00
1f00c52880
Merge pull request #11210 from mitchty/munge-on-osx
...
Munge is buildable/usable on OS X/most unices
2016-02-26 23:10:53 +00:00
1a31447c4c
icecast: enable pie hardening
2016-02-26 23:06:53 +00:00
8b9eccbf2d
radvd: enable pie hardening
2016-02-26 23:03:00 +00:00
35ab3d301f
Merge remote-tracking branch 'upstream/staging'
2016-02-26 22:37:04 +00:00
c3ed0a2494
btrfs-progs: 4.4 -> 4.4.1
...
Bugfix release. Changes:
https://btrfs.wiki.kernel.org/index.php/Changelog#By_version_.28btrfs-progs.29
2016-02-26 23:23:01 +01:00
a7d34722b2
Merge pull request #13493 from zimbatm/alphabetize
...
Alphabetize
2016-02-26 22:16:43 +00:00
9f57b24b01
all-packages: alphabetize deprecated packages
2016-02-26 22:15:41 +00:00
c80a1baa15
Merge pull request #13486 from zimbatm/vim-default-config
...
vim: provide a default vimrc
2016-02-27 01:09:52 +03:00
951dc57716
Merge pull request #13482 from nico202/qnotero
...
qnotero: init at 1.0.0
2016-02-26 22:09:41 +00:00
73a9cd8aee
Revert accidental revert of all-packages.nix gitlab changes during revert of revert of libreoffice update
2016-02-26 23:12:12 +01:00
89f0e25189
vim: provide a default vimrc
...
Minimal sane defaults imported from ArchLinux.
This is basically `set :nocompatible` with some other small changes.
2016-02-26 21:58:21 +00:00
c373daff17
Merge pull request #13495 from heydojo/kernel--use-cdn
...
fetchurl: use kernel.org cdn by default
2016-02-27 00:54:16 +03:00
a94e433936
libreoffice: 5.0.4.2 -> 5.1.0.3 (a new attempt); set XDG_DATA_DIRS for access to GSettings schemas
2016-02-26 22:58:27 +01:00
483a130f89
cpio: patch CVE-2016-2037, out of bounds write ( close #13489 )
2016-02-26 22:46:13 +01:00
4806cddda3
fetchurl: use kernel.org cdn by default
...
- use http://cdn.kernel.org/pub/ as the default mirror
for kernel source requests.
Discovered by browsing :
https://www.kernel.org/introducing-fastly-cdn.html
2016-02-26 21:32:00 +00:00
728b1ce557
qnotero: init at 1.0.0
2016-02-26 22:09:54 +01:00
b9ab76c2b2
Merge pull request #13479 from hrdinka/add/pcsx2
...
pcsx2: init at 1.4.0
2016-02-26 23:56:55 +03:00
3386d73d06
Add galen to all-packages.nix
2016-02-26 21:01:41 +01:00
54b4912566
chromium: Regenerate sources.nix with new updater
...
No changes in functionality, but to make future source updates a bit
easier on the eyes when viewing the diff.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-26 20:55:17 +01:00
28b289efa6
chromium: Refactor updater entirely in Nix
...
The update.sh shell script now is only a call to nix-build, which does
all the hard work of updating the Chromium source channels and the
plugins. It results in a store path with the new sources.nix that
replaces the already existing sources.nix.
Along the way, this has led to a quite massive workaround, which abuses
MD5 collisions to detect whether an URL is existing, because something
like builtins.tryEval (builtins.fetchurl url) unfortunately doesn't
work. Further explanations and implementation details are documented in
the actual implementation.
The drawback of this is that we don't have nice status messages anymore,
but on the upside we have a more robust generation of the sources.nix
file, which now also should work properly on missing upstream
sources/binaries.
This also makes it much easier to implement fetching non-GNU/Linux
versions of Chromium and we have all values from omahaproxy available as
an attribute set (see the csv2nix and channels attributes in the update
attribute).
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-26 20:55:17 +01:00
f6c3b13c7c
ghcjs: pull in ghcjsi branch
2016-02-26 11:27:47 -08:00
26b59efa8a
Merge pull request #13491 from grahamc/patch-1
...
go-1.6: remove the cacert 1.5 patch
2016-02-26 18:58:59 +00:00
082cd3edd3
Merge pull request #13473 from grahamc/libssh2-1.7.0
...
libssh2: 1.6.0 -> 1.7.0
2016-02-26 19:34:54 +01:00
8132a5ae76
go-1.6: remove the cacert 1.5 patch
...
Removed in 58dbaf69b7
2016-02-26 12:32:33 -06:00
Graham Christensen
Eelco Dolstra
Michiel Leenaars
Arseniy Seroka
Bart Brouns
Franz Pletz
Tuomas Tynkkynen
zimbatm
Christoph Hrdinka
Arseniy Seroka
Vladimír Čunát
Jeffrey David Johnson
Matt McHenry
Robin Gloster
Tim Cuthbertson
Marius Bakke
Michael Raskin
Rhys
Thomas Tuegel
Tobias Geerinckx-Rice
Tony White
=
Tobias Pflug
aszlig
Jude Taylor