Commit graph

157972 commits

Author SHA1 Message Date
Edmund Wu
b02355b6e1
glava: 1.5.5 -> 1.5.8 2018-11-04 08:04:41 -05:00
Vladimír Čunát
f3cca2f83c
Merge #49677: thunderbird*: 60.2.1 -> 60.3.0
Critical security fixes.
2018-11-03 13:10:08 +01:00
Frederik Rietdijk
ca7fa914c3 python.pkgs.bsddb3: enable python3 and tests 2018-11-03 12:40:03 +01:00
Florian Klink
a36f49b9d6
Merge pull request #49663 from flokli/gitlab-11.4.4
gitlab: 11.4.3 -> 11.4.4
2018-11-03 12:24:14 +01:00
Mateusz Kowalczyk
0e6d023b06
Merge pull request #49585 from periklis/libid3tag-sec-fixes
libid3tag: patch CVE-2017-11550 and CVE-2017-11551
2018-11-03 19:52:23 +09:00
Gabriel Ebner
5443b3707f
Merge pull request #49680 from symphorien/nix-du-0.3
nix-du: 0.2.0 -> 0.3.0
2018-11-03 11:50:14 +01:00
Will Dietz
ffd083ec44 jq: 1.5 -> 1.6
* jq: 1.5 -> 1.6 (!!)

(last release was in 2015! :))

* jq: drop darwin patch, appears resolved by upgrade

commit history isn't that long, and has a few addressing
behavior on osx re:strptime-- and since this patch
doesn't apply it seems likely it's been resolved
but probably can be checked by any interested folks w/darwin.
2018-11-03 11:47:35 +01:00
Symphorien Gibol
8a8a2f61a9 nix-du: 0.2.0 -> 0.3.0 2018-11-03 11:08:23 +01:00
Renaud
722fcbbb80
Merge pull request #49467 from CharlesHD/submit/cmusfm
cmusfm: init at 2018-10-11
2018-11-03 10:40:08 +01:00
taku0
09d49a1c5d thunderbird: 60.2.1 -> 60.3.0 2018-11-03 18:39:32 +09:00
Peter Simons
d9fa1f9178
Merge pull request #49666 from averelld/rPackages.ps-build-fix
r-ps: patchShebangs in ./configure to fix build
2018-11-03 10:38:30 +01:00
Peter Simons
1cd1a34f8f
Merge pull request #49674 from typetetris/fix-46130
haskellPackages.sdl2: test-suite needs x server, so deactivate it
2018-11-03 10:36:56 +01:00
Vladyslav M
6742bdc845
Merge pull request #49673 from danieldk/cargo-asm-security
cargo-asm: fix build on macOS Mojave
2018-11-03 10:25:25 +02:00
Daniël de Kok
1f21fc5e47 cargo-asm: fix build on macOS Mojave
Building cargo-asm on Mojave fails with

ld: framework not found Security

Add Security as a build input.
2018-11-03 08:47:18 +01:00
aszlig
c64624b843
autoPatchelfHook: Correctly detect PIE binaries
I originally thought it would just be enough to just check for an INTERP
section in isExecutable, however this would mean that we don't detect
statically linked ELF files, which would break our recent improvement to
gracefully handle those.

In theory, we are only interested in ELF files that have an INTERP
section, so checking for INTERP would be enough. Unfortunately the
isExecutable function is already used outside of autoPatchelfHook, so we
can't easily get rid of it now, so let's actually strive for more
correctness and make isExecutable actually match ELF files that are
executable.

So what we're doing instead now is to check whether either the ELF type
is EXEC *or* we have an INTERP section and if one of them is true we
should have an ELF executable, even if it's statically linked.

Along the way I also set LANG=C for the invocations of readelf, just to
be sure we don't get locale-dependent output.

Tested this with the following command (which contains almost[1] all the
packages using autoPatchelfHook), checking whether we run into any
library-related errors:

  nix-build -E 'with import ./. { config.allowUnfree = true; };
    runCommand "test-executables" {
      drvs = [
        anydesk cups-kyodialog3 elasticsearch franz gurobi
        masterpdfeditor oracle-instantclient powershell reaper
        sourcetrail teamviewer unixODBCDrivers.msodbcsql17 virtlyst
        vk-messenger wavebox zoom-us
      ];
    } ("for i in $drvs; do for b in $i/bin/*; do " +
       "[ -x \"$b\" ] && timeout 10 \"$b\" || :; done; done")
  '

Apart from testing against library-related errors I also compared the
resulting store paths against the ones prior to this commit. Only
anydesk and virtlyst had the same as they didn't have self-references,
everything else differed only because of self-references, except
elasticsearch, which had the following PIE binaries:

  * modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/autoconfig
  * modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/autodetect
  * modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/categorize
  * modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/controller
  * modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/normalize

These binaries were now patched, which is what this commit is all about.

[1]: I didn't include the "maxx" package (MaXX Interactive Desktop)
     because the upstream URLs are no longer existing and I couldn't
     find them elsewhere on the web.

Signed-off-by: aszlig <aszlig@nix.build>
Fixes: https://github.com/NixOS/nixpkgs/issues/48330
Cc: @gnidorah (for MaXX Interactive Desktop)
2018-11-03 08:07:42 +01:00
Matthew Bauer
08b5cffe87 Revert "stage.nix: pkgsi686Linux only works on x86 family"
This reverts commit 78ca6d885f.

Broke eval on aarch64
2018-11-03 00:47:39 -05:00
Jörg Thalheim
5ea21ad32a
Merge pull request #49629 from marsam/feature/fixes-pyre
pyre: 0.0.14 -> 0.0.17
2018-11-03 02:32:16 +00:00
Matthew Bauer
78ca6d885f stage.nix: pkgsi686Linux only works on x86 family
aarch64 cpus are going to break on pkgsi686Linux packages.

See this error:

https://hydra.nixos.org/build/82962379/
2018-11-02 21:24:55 -05:00
Matthew Bauer
e9db1e2917 grpc: disable werror for unknown warning option
This seems silly to do an error for. It breaks clang builds.
2018-11-02 21:24:55 -05:00
Matthew Bauer
3085f5fcb8 libobjc2: mark aarch64 as bad platform
Apparently some assembly has not been ported. This commit should fix
it:

b952a21abe (diff-e49aa4e60f8ccec1be46afc5e6ffcee5)

But no release has been made by the gnustep team yet!
2018-11-02 21:24:55 -05:00
Matthew Bauer
8bae7d328e
gsasl: disable check on darwin 2018-11-02 20:41:38 -05:00
Matthew Bauer
0923607ff7
gemrb: add libiconv
https://hydra.nixos.org/build/83508053/
2018-11-02 20:39:40 -05:00
Florian Klink
9e491f732a gitlab: 11.4.3 -> 11.4.4
SSRF in Kubernetes integration
The GitLab Kubernetes integration was vulnerable to a SSRF issue which could allow an attacker to make requests to access any internal URLs. The issue is now mitigated in the latest release and is assigned CVE-2018-18843.
2018-11-03 01:49:49 +01:00
Florian Klink
93f8ff68ea
Merge pull request #49658 from mayflower/gitlab-refactor
gitlab: refactor and fix test
2018-11-03 01:49:23 +01:00
Jörg Thalheim
469cce069b
Merge pull request #49661 from dywedir/bat
bat: fix build on darwin
2018-11-03 00:22:22 +00:00
Matthew Bauer
791e98eb90
Add myself to a few CODEOWNERS paths 2018-11-02 19:07:08 -05:00
Vladyslav Mykhailichenko
d87a2481d2
bat: fix build on darwin 2018-11-03 02:06:08 +02:00
lewo
3fb4eb1c43 nixos/dockerPreloader: preload docker images (#49379)
This module permits to preload Docker image in a VM in order to reduce
OIs on file copies. This module has to be only used in testing
environments, when the test requires several Docker images such as in
Kubernetes tests. In this case,
`virtualisation.dockerPreloader.images` can replace the
`services.kubernetes.kubelet.seedDockerImages` options.

The idea is to populate the /var/lib/docker directory by mounting qcow
files (we uses qcow file to avoid permission issues) that contain images.

For each image specified in
config.virtualisation.dockerPreloader.images:
1. The image is loaded by Docker in a VM
2. The resulting /var/lib/docker is written to a QCOW file

This set of QCOW files can then be used to populate the
/var/lib/docker:
1. Each QCOW is mounted in the VM
2. Symlink are created from these mount points to /var/lib/docker
3. A /var/lib/docker/image/overlay2/repositories.json file is generated
4. The docker daemon is started.
2018-11-03 01:00:53 +01:00
zimbatm
f9bf6cef54
terraform_0_11: 0.11.8 -> 0.11.10 2018-11-03 00:52:24 +01:00
Arian van Putten
13effc913d terraform-providers: Bump all releases (#49582)
Does what it says on the tin. Auto-generated.
2018-11-03 00:50:35 +01:00
Matthew Bauer
29b4ac8e41 release-corss.nix: fix ppc-embedded name
s/powerpc-embedded/ppc-embedded
2018-11-02 18:42:58 -05:00
Eric Wolf
79dace1b30 haskellPackages.sdl2: test-suite needs x server, so deactivate it 2018-11-03 00:11:11 +01:00
Renaud
4e8bed52ce
Merge pull request #49352 from talyz/master
nomachine-client: init at 6.3.6_1
2018-11-03 00:01:10 +01:00
Robert Helgesson
1851203c7b
comfortaa: 2.004 -> 3.001 2018-11-02 23:38:37 +01:00
Robert Helgesson
6b9e570bc2
open-dyslexic: 2014-11-11 -> 2016-06-23 2018-11-02 23:29:29 +01:00
Robert Helgesson
7bade1b0f3
overpass: 3.0.2 -> 3.0.3 2018-11-02 23:23:33 +01:00
Robert Helgesson
2db8372554
pythonPackages.PyICU: 2.0.3 -> 2.2 2018-11-02 23:19:18 +01:00
Robert Helgesson
811509e5a3
abcmidi: 2018.06.23 -> 2018.10.25 2018-11-02 23:19:18 +01:00
Robert Helgesson
a562c5fc75
josm: 14289 -> 14382 2018-11-02 23:19:18 +01:00
Averell Dalton
25e68e3048 r-ps: patchShebangs in ./configure to fix build 2018-11-02 23:02:04 +01:00
Robin Gloster
ec7cb84bf0
gitlab: refactor and fix test 2018-11-02 22:40:21 +01:00
Matthew Bauer
a4234645fe betaflight: don’t use nano
not in newlib
2018-11-02 15:42:33 -05:00
Matthew Bauer
94a2cdebaa inav: don’t use nano
not in newlib
2018-11-02 15:42:32 -05:00
Matthew Bauer
5df22e343d axoloti: don’t hardode paths
Some of these paths are not in gcc-arm-embedded (instead binutils-arm-embedded).
2018-11-02 15:42:32 -05:00
Matthew Bauer
836cbf6a5c opentx: don’t use nano
Vanilla newlib doesn’t install nano.
2018-11-02 15:42:32 -05:00
Matthew Bauer
0b66270ada avrlibc: set platforms to avr-none
It will only build on avr architectures.
2018-11-02 15:42:32 -05:00
Jan Tojnar
3493f44727
Merge pull request #49560 from worldofpeace/eos-third-update
update some elementary thirdparty apps
2018-11-02 21:29:57 +01:00
worldofpeace
0a2420bccd nasc: 0.4.7 -> 0.5.0 2018-11-02 16:01:05 -04:00
Peter Simons
82822c66e4
Merge pull request #48697 from ElvishJerricco/jailbreak-cabal-helper
haskellPackages.cabal-helper: Jailbreak restrictive bounds.
2018-11-02 20:42:42 +01:00
Peter Simons
fdc19ff311 haskell-polyparse: use latest version for ghc-8.6.1 2018-11-02 20:25:13 +01:00