Commit Graph

108781 Commits

Author SHA1 Message Date
Bjørn Forsman 7a0e958b97 nixos/acme: support "full.pem" (for lighttpd)
* Create "full.pem" from selfsigned certificate
* Tell simp_le to create "full.pem"
* Inject service dependency between lighttpd and the generation of certificates

Side note: According to the internet these servers also use the
"full.pem" format: pound, ejabberd, pure-ftpd.
2017-06-09 19:35:17 +02:00
Michael Weiss b615c2e992 android-studio: 2.3.2.0 -> 2.3.3.0 2017-06-09 18:46:54 +02:00
ikervagyok 55ca2cf495 minecraft-server: 1.11.2 -> 1.12 (#26458) 2017-06-09 17:07:31 +01:00
Joachim F 66e82eaea8 Merge pull request #26488 from romildo/upd.jwm
jwm: 1582 -> 1594
2017-06-09 15:33:54 +01:00
Graham Christensen 7d8218a351 Merge pull request #26489 from michalpalka/xen-security
xen: patch for XSAs: 206, 211, 212, 213, 214 and 215
2017-06-09 09:31:42 -04:00
Vladimír Čunát 97f3009bf8
pycairo: fix #26475 - a dead patch download 2017-06-09 15:21:25 +02:00
Michał Pałka dd3dcceb23 xen: patch for XSAs: 206, 211, 212, 213, 214 and 215
XSA-206 Issue Description:

> xenstored supports transactions, such that if writes which would
> invalidate assumptions of a transaction occur, the entire transaction
> fails.  Typical response on a failed transaction is to simply retry
> the transaction until it succeeds.
>
> Unprivileged domains may issue writes to xenstore which conflict with
> transactions either of the toolstack or of backends such as the driver
> domain. Depending on the exact timing, repeated writes may cause
> transactions made by these entities to fail indefinitely.

More: https://xenbits.xen.org/xsa/advisory-206.html

XSA-211 Issue Description:

> When a graphics update command gets passed to the VGA emulator, there
> are 3 possible modes that can be used to update the display:
>
> * blank - Clears the display
> * text - Treats the display as showing text
> * graph - Treats the display as showing graphics
>
> After the display geometry gets changed (i.e., after the CIRRUS VGA
> emulation has resized the display), the VGA emulator will resize the
> console during the next update command. However, when a blank mode is
> also selected during an update, this resize doesn't happen. The resize
> will be properly handled during the next time a non-blank mode is
> selected during an update.
>
> However, other console components - such as the VNC emulation - will
> operate as though this resize had happened. When the display is
> resized to be larger than before, this can result in a heap overflow
> as console components will expect the display buffer to be larger than
> it is currently allocated.

More: https://xenbits.xen.org/xsa/advisory-211.html

XSA-212 Issue Description:

> The XSA-29 fix introduced an insufficient check on XENMEM_exchange
> input, allowing the caller to drive hypervisor memory accesses outside
> of the guest provided input/output arrays.

More: https://xenbits.xen.org/xsa/advisory-212.html

XSA-213 Issue Description:

> 64-bit PV guests typically use separate (root) page tables for their
> kernel and user modes.  Hypercalls are accessible to guest kernel
> context only, which certain hypercall handlers make assumptions on.
> The IRET hypercall (replacing the identically name CPU instruction)
> is used by guest kernels to transfer control from kernel mode to user
> mode.  If such an IRET hypercall is placed in the middle of a multicall
> batch, subsequent operations invoked by the same multicall batch may
> wrongly assume the guest to still be in kernel mode.  If one or more of
> these subsequent operations involve operations on page tables, they may
> be using the wrong root page table, confusing internal accounting.  As
> a result the guest may gain writable access to some of its page tables.

More: https://xenbits.xen.org/xsa/advisory-213.html

XSA-214 Issue Description:

> The GNTTABOP_transfer operation allows one guest to transfer a page to
> another guest.  The internal processing of this, however, does not
> include zapping the previous type of the page being transferred.  This
> makes it possible for a PV guest to transfer a page previously used as
> part of a segment descriptor table to another guest while retaining the
> "contains segment descriptors" property.
>
> If the destination guest is a PV one of different bitness, it may gain
> access to segment descriptors it is not normally allowed to have, like
> 64-bit code segments in a 32-bit PV guest.
>
> If the destination guest is a HVM one, that guest may freely alter the
> page contents and then hand the page back to the same or another PV
> guest.
>
> In either case, if the destination PV guest then inserts that page into
> one of its own descriptor tables, the page still having the designated
> type results in validation of its contents being skipped.

More: https://xenbits.xen.org/xsa/advisory-214.html

XSA-215 Issue Description:

> Under certain special conditions Xen reports an exception resulting
> from returning to guest mode not via ordinary exception entry points,
> but via a so call failsafe callback.  This callback, unlike exception
> handlers, takes 4 extra arguments on the stack (the saved data
> selectors DS, ES, FS, and GS).  Prior to placing exception or failsafe
> callback frames on the guest kernel stack, Xen checks the linear
> address range to not overlap with hypervisor space.  The range spanned
> by that check was mistakenly not covering these extra 4 slots.

More: https://xenbits.xen.org/xsa/advisory-215.html
2017-06-09 13:09:01 +00:00
romildo 44681c53d6 jwm: 1582 -> 1594 2017-06-09 09:30:20 -03:00
Jörg Thalheim 14eeae9d4e Merge pull request #26474 from Mic92/cc-wrapper
cc-wrapper: externalize default_cxx_stdlib_compile
2017-06-09 13:27:53 +01:00
Jörg Thalheim fdf43ddf4a Merge pull request #26479 from jgertm/jgertm/buck
buck: build buckd as well
2017-06-09 13:26:40 +01:00
Vladimír Čunát cc9a72a286
virtualboxGuestAdditions: don't install setuid/setgid 2017-06-09 13:09:21 +02:00
Frederik Rietdijk a78bf7df14 Merge pull request #26437 from vaibhavsagar/unbreak-thumbor
python.pkgs.thumbor: fix package
2017-06-09 12:55:50 +02:00
Joachim Fasting 39f7530e47
tinycc: 0.9.27pre-20170527 -> 0.9.27pre-20170605
Contains further fix to x86_64 codegen (and some less relevant Windows
stuff).
2017-06-09 12:54:59 +02:00
Joachim Fasting b1f0af7ef6
linuxPackages.evdi: specify minimum kernel version, per upstream
Upstream says 3.16 is the oldest supported kernel.  No versions prior to
3.18 build on Hydra. See e.g., https://hydra.nixos.org/build/53599831.
2017-06-09 12:54:57 +02:00
Frederik Rietdijk 184ab11fc9 Merge pull request #26484 from michalpalka/xen-python-fix
xen: fix pygrub by making sure it is wrapped
2017-06-09 12:45:03 +02:00
romildo f2e075a241 mkvtoolnix: 11.0.0 -> 12.0.0 2017-06-09 12:44:17 +02:00
Joachim F 7badb92629 Merge pull request #26404 from ambrop72/kdevelop-511
kdevelop: 5.0.4 -> 5.1.1
2017-06-09 08:44:01 +01:00
Peter Simons fbb5b2ef01 multi-ghc-travis: update to latest git version 2017-06-09 09:23:36 +02:00
Michał Pałka 965668903a xen: fix pygrub by making sure it is wrapped
Recent commit #c10af9e744c91dff1ccc07a52a0b57d1e4d339f3 changed the
behaviour of wrapPythonPrograms, which caused pygrub to no longer
being wrapped. This commit fixes this.
2017-06-09 06:22:03 +00:00
Peter Hoeg bcf9af560a ncmpc: 0.24 -> 0.27
Upstream has moved to github as well.
2017-06-09 12:55:20 +08:00
Peter Hoeg 207ac3c7b8 mpd_clientlib: 2.10 -> 2.11
Upstream has moved to github as well.
2017-06-09 12:55:20 +08:00
Peter Hoeg c87f034977 mpd: 0.20.6 -> 0.20.9
Upstream has also moved to github.
2017-06-09 12:04:58 +08:00
Peter Hoeg 292f121fb2 mpc: 0.27 -> 0.28
Upstream has also moved to github
2017-06-09 12:04:58 +08:00
Tuomas Tynkkynen 2bfc977b6e ethtool: 4.10 -> 4.11 2017-06-09 01:58:23 +03:00
Joachim Fasting 8e706b051e
tor: 0.3.0.7 -> 0.3.0.8
Of particular note are fixes for hidden service crashing bugs
(TROVE-2017-004 and TROVE-2017-005).

See https://blog.torproject.org/blog/tor-0308-released-fix-hidden-services-also-are-02429-02514-02612-0278-02814-and-02911
2017-06-09 00:40:25 +02:00
Tim Jäger cfe23e19ab buck: build buckd as well
buck tries to launch buckd to run in the background. While not neccessary, it
does speed up builds.
2017-06-08 15:36:30 -07:00
Jörg Thalheim ffdfa662fc Merge pull request #26476 from romildo/upd.jetbrains
jetbrains.clion: 2017.1.1 -> 2017.1.3, jetbrains.idea-community: 2017.1.3 -> 2017.1.4, jetbrains.idea-ultimate: 2017.1.3 -> 2017.1.4
2017-06-08 21:35:24 +01:00
Jörg Thalheim ff139c49f7 Merge pull request #26438 from jgertm/jgertm/buck
buck: init at v2017.05.31.01
2017-06-08 21:27:33 +01:00
Jörg Thalheim 211736fabf Merge pull request #26472 from romildo/upd.colordiff
colordiff: 1.0.16 -> 1.0.18
2017-06-08 21:25:06 +01:00
Tuomas Tynkkynen 69901f16c9 yle-dl: 2.15 -> 2.16 2017-06-08 23:13:06 +03:00
Tuomas Tynkkynen 211c55b247 strace: 4.16 -> 4.17 2017-06-08 23:13:06 +03:00
Tuomas Tynkkynen 97d29ffbfd nano: 2.8.3 -> 2.8.4 2017-06-08 23:13:06 +03:00
Tuomas Tynkkynen cd46df3a1e fio: 2.19 -> 2.20 2017-06-08 23:13:06 +03:00
Tuomas Tynkkynen 9e41ba6e96 bastet: 0.43.1 -> 0.43.2 2017-06-08 23:13:06 +03:00
Tuomas Tynkkynen 399afc13e4 afl: 2.41b -> 2.42b 2017-06-08 23:13:06 +03:00
romildo 277b562324 jetbrains.idea-community: 2017.1.3 -> 2017.1.4 2017-06-08 16:57:50 -03:00
romildo bc1f59fb4f jetbrains.idea-ultimate: 2017.1.3 -> 2017.1.4 2017-06-08 16:45:14 -03:00
John Ericson 2f348884b8 Merge pull request #26471 from obsidiansystems/gcc7-no-cross-arg
gcc 7: Remove `cross` arguments and don't use stdenv.is*
2017-06-08 15:40:35 -04:00
romildo b57a14810b jetbrains.clion: 2017.1.1 -> 2017.1.3 2017-06-08 15:54:51 -03:00
Jörg Thalheim e2197465c1
cc-wrapper: externalize default_cxx_stdlib_compile
This value is require to get c++ std include path for libclang based tools (vim plugins in my case).
I currently extract it this with this rather command:

```
eval echo $(nix-instantiate --eval --expr 'with (import <nixpkgs>) {}; clang.default_cxx_stdlib_compile')
```

it did not trigger any recompilation on my system.
2017-06-08 19:50:40 +01:00
Tim Jäger 926f3eada8 buck: cleanup 2017-06-08 11:26:42 -07:00
John Ericson 7a13457253 gcc 7: Remove `cross` arguments and don't use stdenv.is*
These changes were already done for the older GCCs, but 7 slipped
through the cracks.
2017-06-08 14:08:31 -04:00
romildo b5fc15610a colordiff: 1.0.16 -> 1.0.18 2017-06-08 14:57:22 -03:00
James Kent 3cb5d52dac pkgs.python.astropy: init at 1.3.3 2017-06-08 17:50:22 +02:00
Frederik Rietdijk 50103e9c08 Merge pull request #26467 from ericsagnes/pkg-update/theano
pythonPackages.Theano: 0.8.1 -> 0.9.0
2017-06-08 16:55:08 +02:00
Rok Garbas a0afc4f0d1 firefox-*-bin: updates (#26462)
* firefox-beta-bin: 51.0b8 -> 54.0b13

* firefox-devedition-bin: init at 54.0b14

Firefox DevEdition became a new product of Mozilla and is "repackaged"
Firefox Beta with its own release channel and six weeks release cycle as
other channels. It is no longer being built on nightly basis

* updated the update.nix script to facilitata firefox-devedition-bin

* disabling automatic updates by pointing to non existing channel

* f firefoxWrapper looks for gtk3 attribute to wrap the executable gtk3 to wrap the binary with needed ``XDG_DATA_DIRS``
2017-06-08 15:33:24 +02:00
Jörg Thalheim 340b3148c6 Merge pull request #26425 from uskudnik/idea-ultimate-minor-2017.1.3
idea.idea-ultimate: 2017.1.2 -> 2017.1.3
2017-06-08 09:32:02 +01:00
Jörg Thalheim dffbe98dd6
buck: make propagatedBuildInputs runtime deps 2017-06-08 08:36:59 +01:00
Frederik Rietdijk a051c75e6f Merge pull request #26466 from ericsagnes/pkg-update/Fab
pythonPackages.Fabric: 1.10.2 -> 1.13.2
2017-06-08 09:36:15 +02:00
Tim Jäger 0576bda744 vagrant: against libffi (#26440)
* Link vagrant against libffi

Vagrant requires libffi to run
with (vagrant-fsnotify)[https://github.com/adrienkohlbecker/vagrant-fsnotify].

* vagrant: nitpick
2017-06-08 07:20:10 +01:00