Commit Graph

974 Commits

Author SHA1 Message Date
Michael Raskin 132ace5fe6
Merge pull request #89344 from JJJollyjim/openresty-no-perl
openresty: disable perl module by default
2020-06-20 18:45:44 +00:00
Jamie McClymont dca001e923 nginx: change how the perl module is configured
Previously, http_perl_module was disabled by overriding perl=null -- this means
it is impossible to disable http_perl_module in openresty, since openresty
requires perl for its configure scripts.
2020-06-20 14:22:34 +12:00
R. RyanTM 778ffb0334 webhook: 2.6.8 -> 2.7.0 2020-06-17 11:53:57 -07:00
Doron Behar 01d4e2fe33 treewide: use ffmpeg_3 explicitly if not wanted otherwise
After making `ffmpeg` point to the latest `ffmpeg_4`, all packages that
used `ffmpeg` without requiring a specific version now use ffmpeg_3
explicitly so they shouldn't change.
2020-06-12 11:55:31 -07:00
Jörg Thalheim 3a46981e3c
Merge pull request #89241 from Izorkin/nginx-update
nginxMainline: 1.18.0 -> 1.19.0
2020-06-06 13:19:43 +01:00
Jamie McClymont 85760026a0 openresty: make compatible with nixos nginx module 2020-06-02 17:00:09 +12:00
Florian Klink 8ae5866152
Merge pull request #89224 from etu/fix-unit-php-extensions
unit: Expose PHP expressions used so it can easily be accessed for configs
2020-05-31 16:05:30 +02:00
Izorkin 70b11a0f50 nginxMainline: 1.18.0 -> 1.19.0 2020-05-31 09:46:48 +03:00
Elis Hirwing a4bf2cc166
unit: Expose PHP expressions used so it can easily be accessed for configs 2020-05-30 18:52:41 +02:00
Izorkin ea956bb53b unit: 1.17.0 -> 1.18.0 2020-05-30 19:28:25 +03:00
R. RyanTM c13c38c75a jetty: 9.4.26.v20200117 -> 9.4.29.v20200521 2020-05-25 23:49:59 +00:00
ajs124 deadc23034 nginxModules.fancyindex: 0.4.3 -> 0.4.4 2020-05-13 13:23:20 +02:00
Izorkin aa12fb8adb nginxModules: add option allowMemoryWriteExecute
The allowMemoryWriteExecute option is required to checking enabled nginxModules
and disable the nginx sandbox mode MemoryDenyWriteExecute.
2020-05-12 20:03:29 +03:00
Jörg Thalheim 11c18faa4e
Merge pull request #85862 from Izorkin/nginx-paths 2020-05-11 11:17:04 +01:00
Jörg Thalheim 887295fd2d
treewide: remove the-kenny from maintainers
@the-kenny did a good job in the past and is set as maintainer in many package,
however since 2017-2018 he stopped contributing. To create less confusion
in pull requests when people try to request his feedback, I removed him as
maintainer from all packages.
2020-05-09 10:28:57 +01:00
Martin Weinelt 1c7ad58742
apt-cacher-ng: 3.2 → 3.5
Fixes: CVE-2017-7443, CVE-2020-5202
2020-05-06 19:09:31 +02:00
Izorkin ca2145bdfc nixos/tests: add unit-php test 2020-05-06 13:21:59 +03:00
Izorkin dc0260f7da unit: add php 7.4 2020-05-06 12:27:13 +03:00
Izorkin 866f6dd677 unit: 1.16.0 -> 1.17.0 2020-05-06 12:27:12 +03:00
Izorkin f87bc13930 unit: remove drop capabilites patch 2020-05-06 12:27:12 +03:00
Izorkin 98e0cba469 tengine: change logs path 2020-05-04 16:36:38 +03:00
Izorkin 1d71150c73 tengine: add ETag patch 2020-05-04 16:36:38 +03:00
Izorkin a19800fb48 nginx: change logs path 2020-05-04 16:36:38 +03:00
Aaron Andersen 9218a3599a tomcat-native: 1.2.23 -> 1.2.24 2020-05-03 20:49:02 -04:00
R. RyanTM bc74bdedae jetty: 9.4.25.v20191220 -> 9.4.26.v20200117 2020-05-02 10:15:25 +02:00
Elis Hirwing 27b9b7b3af
Merge pull request #85026 from talyz/php_buildenv_override
php.buildEnv: Make the exported php package overridable, improve handling of currently enabled extensions, etc
2020-04-29 19:57:37 +02:00
talyz 5cad1b4aff
php: Get rid of the phpXXbase attributes, update docs
Since the introduction of php.unwrapped there's no real need for the
phpXXbase attributes, so let's remove them to lessen potential
confusion and clutter. Also update the docs to make it clear how to
get hold of an unwrapped PHP if needed.
2020-04-29 13:45:48 +02:00
Aaron Andersen 92d9d07c61
Merge pull request #82762 from aanderse/tomcat-native
tomcat-native: init at 1.2.23
2020-04-26 19:48:22 -04:00
talyz 72636bc2f6
php: Get rid of all config.php parameters
Since all options controlled by the config.php parameters can now be
overridden directly, there's no reason to keep them around.
2020-04-26 16:43:23 +02:00
Aaron Andersen 6b3506458e tomcat-native: init at 1.2.23 2020-04-26 09:12:41 -04:00
Izorkin cbfe203da7 nginxMainline: 1.17.9 -> 1.18.0 2020-04-23 14:34:21 +03:00
Izorkin 2e6cd807d7 nginxStable: 1.16.1 -> 1.18.0 2020-04-23 14:34:13 +03:00
Jan Tojnar 3d8e436917
Merge branch 'master' into staging-next 2020-04-16 10:09:43 +02:00
Maximilian Bosch 401e07d419
Merge pull request #84551 from gnprice/pr-stripDebugList
treewide: Fix types of stripDebugList attrs (and fix doc)
2020-04-14 15:54:52 +02:00
Jan Tojnar a04625379a
Merge branch 'master' into staging-next 2020-04-13 18:50:35 +02:00
Michael Reilly 84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
Jan Tojnar 1ab03c3a76
Merge branch 'master' into staging-next 2020-04-10 12:12:56 +02:00
Milan 3847ec0e35
nginxMainline: 1.17.8 -> 1.17.9 (#84743) 2020-04-08 21:19:35 +02:00
Samuel Leathers 72cb7f81fd
Merge pull request #81442 from manveru/bundler-2.1.4
bundler: 1.17.3 -> 2.1.4
2020-04-08 12:44:54 -04:00
talyz 472d5c187b
php.buildEnv: Don't inherit dev from the original php
mkDerivation uses the dev output in buildInputs if it exits, hence the
php-with-extensions package was never built or put into the path of
packages dependent on it during build. With this fix, the php packages
built with buildEnv or withExtensions don't have any dev outputs;
packages which need the dev output can refer to the phpXXbase packages
instead.
2020-04-08 15:13:07 +02:00
Greg Price 7547cf9dfc treewide: Fix up stripDebugList attrs to be lists.
The documentation says this should be a list, and it already is in
about half the expressions that set it.

The difference doesn't matter at present, because these values are all
space-free literals.  But it will in a future with __structuredAttrs .

(The similar attr stripAllList has no users in the nixpkgs tree, so
there's nothing to do to fix any of those up.)
2020-04-06 21:26:52 -07:00
Michael Fellinger f92600b406
update versions in Gemfile.lock 2020-04-06 15:02:13 +02:00
Frederik Rietdijk 2420184727 Merge staging into staging-next 2020-04-06 08:54:28 +02:00
Elis Hirwing 3b6539896b
Merge pull request #83896 from etu/slim-down-default-php-v3
PHP: Make the default package more sane [v3]
2020-04-05 20:00:03 +02:00
Aaron Andersen d757d810d0
Merge pull request #84045 from r-ryantm/auto-update/apache-httpd
apacheHttpd: 2.4.41 -> 2.4.43
2020-04-04 19:22:17 -04:00
Elis Hirwing a5f77d6ea2
php-unit: Drop the declaration of the php-unit attributes since they aren't used 2020-04-03 10:11:11 +02:00
R. RyanTM f26b2afb93 apacheHttpd: 2.4.41 -> 2.4.43 2020-04-01 22:33:24 +00:00
Elis Hirwing 1983417a2f
unit: Make unit use phpbase packages 2020-03-31 22:06:56 +02:00
Frederik Rietdijk 46ec52f329 buildPython*: use pname 2020-03-30 17:07:41 +02:00
aszlig e1d63ada02
nginx: Fix ETag patch to ignore realpath(3) error
While our ETag patch works pretty fine if it comes to serving data off
store paths, it unfortunately broke something that might be a bit more
common, namely when using regexes to extract path components of
location directives for example.

Recently, @devhell has reported a bug with a nginx location directive
like this:

  location ~^/\~([a-z0-9_]+)(/.*)?$" {
    alias /home/$1/public_html$2;
  }

While this might look harmless at first glance, it does however cause
issues with our ETag patch. The alias directive gets broken up by nginx
like this:

  *2 http script copy: "/home/"
  *2 http script capture: "foo"
  *2 http script copy: "/public_html/"
  *2 http script capture: "bar.txt"

In our patch however, we use realpath(3) to get the canonicalised path
from ngx_http_core_loc_conf_s.root, which returns the *configured* value
from the root or alias directive. So in the example above, realpath(3)
boils down to the following syscalls:

  lstat("/home", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
  lstat("/home/$1", 0x7ffd08da6f60) = -1 ENOENT (No such file or directory)

During my review[1] of the initial patch, I didn't actually notice that
what we're doing here is returning NGX_ERROR if the realpath(3) call
fails, which in turn causes an HTTP 500 error.

Since our patch actually made the canonicalisation (and thus additional
syscalls) necessary, we really shouldn't introduce an additional error
so let's - at least for now - silently skip return value if realpath(3)
has failed.

However since we're using the unaltered root from the config we have
another issue, consider this root:

  /nix/store/...-abcde/$1

Calling realpath(3) on this path will fail (except if there's a file
called "$1" of course), so even this fix is not enough because it
results in the ETag not being set to the store path hash.

While this is very ugly and we should fix this very soon, it's not as
serious as getting HTTP 500 errors for serving static files.

I added a small NixOS VM test, which uses the example above as a
regression test.

It seems that my memory is failing these days, since apparently I *knew*
about this issue since digging for existing issues in nixpkgs, I found
this similar pull request which I even reviewed:

https://github.com/NixOS/nixpkgs/pull/66532

However, since the comments weren't addressed and the author hasn't
responded to the pull request, I decided to keep this very commit and do
a follow-up pull request.

[1]: https://github.com/NixOS/nixpkgs/pull/48337

Signed-off-by: aszlig <aszlig@nix.build>
Reported-by: @devhell
Acked-by: @7c6f434c
Acked-by: @yorickvP
Merges: https://github.com/NixOS/nixpkgs/pull/80671
Fixes: https://github.com/NixOS/nixpkgs/pull/66532
2020-03-28 02:57:21 +01:00