Commit graph

1015 commits

Author SHA1 Message Date
R. RyanTM
c13c38c75a jetty: 9.4.26.v20200117 -> 9.4.29.v20200521 2020-05-25 23:49:59 +00:00
ajs124
deadc23034 nginxModules.fancyindex: 0.4.3 -> 0.4.4 2020-05-13 13:23:20 +02:00
Izorkin
aa12fb8adb nginxModules: add option allowMemoryWriteExecute
The allowMemoryWriteExecute option is required to checking enabled nginxModules
and disable the nginx sandbox mode MemoryDenyWriteExecute.
2020-05-12 20:03:29 +03:00
Jörg Thalheim
11c18faa4e
Merge pull request #85862 from Izorkin/nginx-paths 2020-05-11 11:17:04 +01:00
Jörg Thalheim
887295fd2d
treewide: remove the-kenny from maintainers
@the-kenny did a good job in the past and is set as maintainer in many package,
however since 2017-2018 he stopped contributing. To create less confusion
in pull requests when people try to request his feedback, I removed him as
maintainer from all packages.
2020-05-09 10:28:57 +01:00
Martin Weinelt
1c7ad58742
apt-cacher-ng: 3.2 → 3.5
Fixes: CVE-2017-7443, CVE-2020-5202
2020-05-06 19:09:31 +02:00
Izorkin
ca2145bdfc nixos/tests: add unit-php test 2020-05-06 13:21:59 +03:00
Izorkin
dc0260f7da unit: add php 7.4 2020-05-06 12:27:13 +03:00
Izorkin
866f6dd677 unit: 1.16.0 -> 1.17.0 2020-05-06 12:27:12 +03:00
Izorkin
f87bc13930 unit: remove drop capabilites patch 2020-05-06 12:27:12 +03:00
Izorkin
98e0cba469 tengine: change logs path 2020-05-04 16:36:38 +03:00
Izorkin
1d71150c73 tengine: add ETag patch 2020-05-04 16:36:38 +03:00
Izorkin
a19800fb48 nginx: change logs path 2020-05-04 16:36:38 +03:00
Aaron Andersen
9218a3599a tomcat-native: 1.2.23 -> 1.2.24 2020-05-03 20:49:02 -04:00
R. RyanTM
bc74bdedae jetty: 9.4.25.v20191220 -> 9.4.26.v20200117 2020-05-02 10:15:25 +02:00
Elis Hirwing
27b9b7b3af
Merge pull request #85026 from talyz/php_buildenv_override
php.buildEnv: Make the exported php package overridable, improve handling of currently enabled extensions, etc
2020-04-29 19:57:37 +02:00
talyz
5cad1b4aff
php: Get rid of the phpXXbase attributes, update docs
Since the introduction of php.unwrapped there's no real need for the
phpXXbase attributes, so let's remove them to lessen potential
confusion and clutter. Also update the docs to make it clear how to
get hold of an unwrapped PHP if needed.
2020-04-29 13:45:48 +02:00
Aaron Andersen
92d9d07c61
Merge pull request #82762 from aanderse/tomcat-native
tomcat-native: init at 1.2.23
2020-04-26 19:48:22 -04:00
talyz
72636bc2f6
php: Get rid of all config.php parameters
Since all options controlled by the config.php parameters can now be
overridden directly, there's no reason to keep them around.
2020-04-26 16:43:23 +02:00
Aaron Andersen
6b3506458e tomcat-native: init at 1.2.23 2020-04-26 09:12:41 -04:00
Izorkin
cbfe203da7 nginxMainline: 1.17.9 -> 1.18.0 2020-04-23 14:34:21 +03:00
Izorkin
2e6cd807d7 nginxStable: 1.16.1 -> 1.18.0 2020-04-23 14:34:13 +03:00
Jan Tojnar
3d8e436917
Merge branch 'master' into staging-next 2020-04-16 10:09:43 +02:00
Maximilian Bosch
401e07d419
Merge pull request #84551 from gnprice/pr-stripDebugList
treewide: Fix types of stripDebugList attrs (and fix doc)
2020-04-14 15:54:52 +02:00
Jan Tojnar
a04625379a
Merge branch 'master' into staging-next 2020-04-13 18:50:35 +02:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
Jan Tojnar
1ab03c3a76
Merge branch 'master' into staging-next 2020-04-10 12:12:56 +02:00
Milan
3847ec0e35
nginxMainline: 1.17.8 -> 1.17.9 (#84743) 2020-04-08 21:19:35 +02:00
Samuel Leathers
72cb7f81fd
Merge pull request #81442 from manveru/bundler-2.1.4
bundler: 1.17.3 -> 2.1.4
2020-04-08 12:44:54 -04:00
talyz
472d5c187b
php.buildEnv: Don't inherit dev from the original php
mkDerivation uses the dev output in buildInputs if it exits, hence the
php-with-extensions package was never built or put into the path of
packages dependent on it during build. With this fix, the php packages
built with buildEnv or withExtensions don't have any dev outputs;
packages which need the dev output can refer to the phpXXbase packages
instead.
2020-04-08 15:13:07 +02:00
Greg Price
7547cf9dfc treewide: Fix up stripDebugList attrs to be lists.
The documentation says this should be a list, and it already is in
about half the expressions that set it.

The difference doesn't matter at present, because these values are all
space-free literals.  But it will in a future with __structuredAttrs .

(The similar attr stripAllList has no users in the nixpkgs tree, so
there's nothing to do to fix any of those up.)
2020-04-06 21:26:52 -07:00
Michael Fellinger
f92600b406
update versions in Gemfile.lock 2020-04-06 15:02:13 +02:00
Frederik Rietdijk
2420184727 Merge staging into staging-next 2020-04-06 08:54:28 +02:00
Elis Hirwing
3b6539896b
Merge pull request #83896 from etu/slim-down-default-php-v3
PHP: Make the default package more sane [v3]
2020-04-05 20:00:03 +02:00
Aaron Andersen
d757d810d0
Merge pull request #84045 from r-ryantm/auto-update/apache-httpd
apacheHttpd: 2.4.41 -> 2.4.43
2020-04-04 19:22:17 -04:00
Elis Hirwing
a5f77d6ea2
php-unit: Drop the declaration of the php-unit attributes since they aren't used 2020-04-03 10:11:11 +02:00
R. RyanTM
f26b2afb93 apacheHttpd: 2.4.41 -> 2.4.43 2020-04-01 22:33:24 +00:00
Elis Hirwing
1983417a2f
unit: Make unit use phpbase packages 2020-03-31 22:06:56 +02:00
Frederik Rietdijk
46ec52f329 buildPython*: use pname 2020-03-30 17:07:41 +02:00
aszlig
e1d63ada02
nginx: Fix ETag patch to ignore realpath(3) error
While our ETag patch works pretty fine if it comes to serving data off
store paths, it unfortunately broke something that might be a bit more
common, namely when using regexes to extract path components of
location directives for example.

Recently, @devhell has reported a bug with a nginx location directive
like this:

  location ~^/\~([a-z0-9_]+)(/.*)?$" {
    alias /home/$1/public_html$2;
  }

While this might look harmless at first glance, it does however cause
issues with our ETag patch. The alias directive gets broken up by nginx
like this:

  *2 http script copy: "/home/"
  *2 http script capture: "foo"
  *2 http script copy: "/public_html/"
  *2 http script capture: "bar.txt"

In our patch however, we use realpath(3) to get the canonicalised path
from ngx_http_core_loc_conf_s.root, which returns the *configured* value
from the root or alias directive. So in the example above, realpath(3)
boils down to the following syscalls:

  lstat("/home", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
  lstat("/home/$1", 0x7ffd08da6f60) = -1 ENOENT (No such file or directory)

During my review[1] of the initial patch, I didn't actually notice that
what we're doing here is returning NGX_ERROR if the realpath(3) call
fails, which in turn causes an HTTP 500 error.

Since our patch actually made the canonicalisation (and thus additional
syscalls) necessary, we really shouldn't introduce an additional error
so let's - at least for now - silently skip return value if realpath(3)
has failed.

However since we're using the unaltered root from the config we have
another issue, consider this root:

  /nix/store/...-abcde/$1

Calling realpath(3) on this path will fail (except if there's a file
called "$1" of course), so even this fix is not enough because it
results in the ETag not being set to the store path hash.

While this is very ugly and we should fix this very soon, it's not as
serious as getting HTTP 500 errors for serving static files.

I added a small NixOS VM test, which uses the example above as a
regression test.

It seems that my memory is failing these days, since apparently I *knew*
about this issue since digging for existing issues in nixpkgs, I found
this similar pull request which I even reviewed:

https://github.com/NixOS/nixpkgs/pull/66532

However, since the comments weren't addressed and the author hasn't
responded to the pull request, I decided to keep this very commit and do
a follow-up pull request.

[1]: https://github.com/NixOS/nixpkgs/pull/48337

Signed-off-by: aszlig <aszlig@nix.build>
Reported-by: @devhell
Acked-by: @7c6f434c
Acked-by: @yorickvP
Merges: https://github.com/NixOS/nixpkgs/pull/80671
Fixes: https://github.com/NixOS/nixpkgs/pull/66532
2020-03-28 02:57:21 +01:00
Emily
7be86f3b3c openresty: 1.15.8.2 -> 1.15.8.3 2020-03-24 11:37:44 -05:00
Aaron Andersen
6283b00f4f
Merge pull request #82319 from aanderse/tomcat-update
tomcat: 7.0.92 -> 7.0.100, 8.5.42 -> 8.5.51, 9.0.21 -> 9.0.31
2020-03-16 15:46:48 -04:00
R. RyanTM
79586e1b74 tomcat_connectors: 1.2.46 -> 1.2.48 2020-03-14 14:30:51 +01:00
Mario Rodas
34914fce19
Merge pull request #82290 from helsinki-systems/upd/ngx_fastcgi_cache_purge
nginxModules.fastcgi-cache-purge: 2.3 -> 2.5
2020-03-13 08:44:44 -05:00
Izorkin
5dbe01af5b unit: 1.15.0 -> 1.16.0 2020-03-12 19:53:13 +00:00
Aaron Andersen
46e7580f24 tomcat9: 9.0.21 -> 9.0.31 2020-03-11 07:51:04 -04:00
Aaron Andersen
22f24f7859 tomcat8: 8.5.42 -> 8.5.51 2020-03-11 07:51:04 -04:00
Aaron Andersen
78b0222cb2 tomcat7: 7.0.92 -> 7.0.100 2020-03-11 07:51:04 -04:00
ajs124
0aec2cdd08 nginxModules.fastcgi-cache-purge: 2.3 -> 2.5
switch to a fork that seems sort of alive
2020-03-10 23:35:15 +01:00
Aaron Andersen
fc7efd51d6
Merge pull request #80182 from dirkx/Redwax-0.22-update
redwax-modules: 0.2.1 -> 0.2.2/0.2.3
2020-02-22 19:03:21 -05:00
Dirk-Willem van Gulik
928c365a1b redwax-modules: 0.2.1 -> 0.2.2/0.2.3 2020-02-21 12:00:00 +01:00
R. RyanTM
56debabe34 mod_wsgi: 4.7.0 -> 4.7.1 2020-02-19 08:54:38 +00:00
Frederik Rietdijk
1a6c3cb06b Merge staging into staging-next 2020-02-11 07:59:53 +01:00
zimbatm
bcdc90a3a7 ruby_2_4: remove
According to https://endoflife.software/programming-languages/server-side-scripting/ruby
ruby 2.4 will go end-of-life in march, where the new release of nixpkgs
will be cut. We won't be able to support it for security updates.

Remove all references to ruby_2_4 and add ruby_2_7 instead where
missing.

Mark packages that depend on ruby 2.4 as broken:
* chefdk
* sonic-pi
2020-02-10 13:23:35 -05:00
R. RyanTM
3815de80c0 unit: 1.14.0 -> 1.15.0 2020-02-10 14:47:35 +00:00
Frederik Rietdijk
03755ed59a Merge master into staging-next 2020-02-09 09:17:51 +01:00
R. RyanTM
fa84aa8adb lighttpd: 1.4.54 -> 1.4.55 2020-02-08 18:13:10 +01:00
Vladimír Čunát
48a997cd76
Merge #66528: glibc: 2.27 -> 2.30 (into staging)
Includes update of stdenv bootstap tools (for three main platforms)
and many package fixes with new glibc.
2020-02-05 13:41:09 +01:00
Emily
6d046e1079 openresty: rebase on top of nginx package
The primary motivation of this change was to allow third-party modules
to be used with OpenResty, but it also results in a significant
reduction of code duplication.
2020-02-04 19:30:40 -06:00
Emily
db3182a65d nginxModules.brotli: v0.1.2 -> unstable
The fork was merged back upstream but has yet to see a formal release.
2020-02-04 19:30:40 -06:00
Will Dietz
500f032729
Merge pull request #78185 from dtzWill/update/nginx-1.17.8
nginxMainline: 1.17.3 -> 1.17.8
2020-02-03 17:35:42 -06:00
Aaron Andersen
e23ba2a1b0 Revert "nixos/httpd: symlink apache configuration to /etc/httpd/httpd.conf for use in the apachectl command"
This reverts commit 336a6f471f.
2020-02-02 08:08:02 -05:00
Maximilian Bosch
1bb18d9e8d
lwan: 0.2 -> 0.3, fix build w/glibc-2.30 2020-02-01 17:30:18 +01:00
Silvan Mosberger
80a2740991
Merge pull request #78265 from Synthetica9/https-homepages
treewide: fix redirected urls
2020-01-27 15:00:53 +01:00
Patrick Hilhorst
593e11fd94
treewide: fix redirected urls
According to https://repology.org/repository/nix_unstable/problems, we have a
lot of packages that have http links that redirect to https as their homepage.
This commit updates all these packages to use the https links as their
homepage.

The following script was used to make these updates:

```

curl https://repology.org/api/v1/repository/nix_unstable/problems \
    | jq '.[] | .problem' -r \
    | rg 'Homepage link "(.+)" is a permanent redirect to "(.+)" and should be updated' --replace 's@$1@$2@' \
    | sort | uniq > script.sed

find -name '*.nix' | xargs -P4 -- sed -f script.sed -i
```
2020-01-22 11:26:22 +01:00
R. RyanTM
359f235769 jetty: 9.4.24.v20191120 -> 9.4.25.v20191220 2020-01-21 16:06:08 -08:00
Will Dietz
92d29418b3
nginxMainline: 1.17.3 -> 1.17.8
http://nginx.org/en/CHANGES
2020-01-21 11:02:11 -06:00
Jörg Thalheim
71c19d3efa
Merge pull request #76537 from Izorkin/unit
unit: 1.13.0 -> 1.14.0
2020-01-21 11:39:41 +00:00
Leonhard Markert
8008905e5a lwan: 0.1 -> 0.2 2020-01-16 16:55:07 +00:00
Aaron Andersen
7260d2eb13
Merge pull request #77326 from aanderse/apacheHttpd
nixos/httpd: symlink apache configuration to /etc/httpd/httpd.conf for use in the apachectl command
2020-01-15 21:02:05 -05:00
Mario Rodas
c7e16e71d0
Merge pull request #77011 from r-ryantm/auto-update/mod_wsgi
mod_wsgi: 4.6.8 -> 4.7.0
2020-01-09 05:34:03 -05:00
Aaron Andersen
336a6f471f nixos/httpd: symlink apache configuration to /etc/httpd/httpd.conf for use in the apachectl command 2020-01-08 10:37:46 -05:00
Aaron Andersen
e9d3a3c7d8
Merge pull request #76417 from dirkx/redwax-modules
mod_ca, mod_crl, mod_csr, mod_ocsp, mod_scep, mod_pkcs12, mod_spkac, mod_timestamp: init at 0.2.1
2020-01-07 20:49:24 -05:00
R. RyanTM
aa4fe9c768 mod_wsgi: 4.6.8 -> 4.7.0 2020-01-05 22:08:04 -08:00
Ryan Mulligan
6de8b8f144
Merge pull request #61722 from Izorkin/pinba-nginx
nginxModules.pinba: init at 13.05.2019
2020-01-04 07:58:18 -08:00
Frederik Rietdijk
7aa2b0215b Merge master into staging-next 2020-01-03 10:25:14 +01:00
aszlig
845e92835d
Merge Last-Modified fix for nginx (#76697)
This fixes the patch for nginx to clear the Last-Modified header if a
static file is served from the Nix store.

So far we only used the ETag from the store path, but if the
Last-Modified header is always set to "Thu, 01 Jan 1970 00:00:01 GMT",
Firefox and Chrome/Chromium seem to ignore the ETag and simply use the
cached content instead of revalidating.

Alongside the fix, this also adds a dedicated NixOS VM test, which uses
WebDriver and Firefox to check whether the content is actually served
from the browser's cache and to have a more real-world test case.
2020-01-02 21:41:59 +01:00
Frederik Rietdijk
f08e3e38d4 Merge master into staging-next 2020-01-02 21:41:13 +01:00
zimbatm
c187844214
unit: add withRuby_2_7 option 2020-01-01 00:25:03 +00:00
Robin Gloster
6ca6ac796b
treewide: configureFlags is a flat list 2019-12-31 01:37:49 +01:00
Robin Gloster
760e23136a
treewide: *inputs are lists 2019-12-31 01:09:25 +01:00
Robin Gloster
313da176d3
treewide: NIX_*_FLAGS -> string 2019-12-31 00:16:46 +01:00
Robin Gloster
5f2b92e3ec
treewide: NIX_*_COMPILE -> string 2019-12-31 00:13:29 +01:00
aszlig
ccf55bead1
nginx: Clear Last-Modified if ETag is from store
This is what I've suspected a while ago[1]:

> Heads-up everyone: After testing this in a few production instances,
> it seems that some browsers still get cache hits for new store paths
> (and changed contents) for some reason. I highly suspect that it might
> be due to the last-modified header (as mentioned in [2]).
>
> Going to test this with last-modified disabled for a little while and
> if this is the case I think we should improve that patch by disabling
> last-modified if serving from a store path.

Much earlier[2] when I reviewed the patch, I wrote this:

> Other than that, it looks good to me.
>
> However, I'm not sure what we should do with Last-Modified header.
> From RFC 2616, section 13.3.4:
>
> - If both an entity tag and a Last-Modified value have been
>   provided by the origin server, SHOULD use both validators in
>   cache-conditional requests. This allows both HTTP/1.0 and
>   HTTP/1.1 caches to respond appropriately.
>
> I'm a bit nervous about the SHOULD here, as user agents in the wild
> could possibly just use Last-Modified and use the cached content
> instead.

Unfortunately, I didn't pursue this any further back then because
@pbogdan noted[3] the following:

> Hmm, could they (assuming they are conforming):
>
>  * If an entity tag has been provided by the origin server, MUST
>    use that entity tag in any cache-conditional request (using If-
>    Match or If-None-Match).

Since running with this patch in some deployments, I found that both
Firefox and Chrome/Chromium do NOT re-validate against the ETag if the
Last-Modified header is still the same.

So I wrote a small NixOS VM test with Geckodriver to have a test case
which is closer to the real world and I indeed was able to reproduce
this.

Whether this is actually a bug in Chrome or Firefox is an entirely
different issue and even IF it is the fault of the browsers and it is
fixed at some point, we'd still need to handle this for older browser
versions.

Apart from clearing the header, I also recreated the patch by using a
plain "git diff" with a small description on top. This should make it
easier for future authors to work on that patch.

[1]: https://github.com/NixOS/nixpkgs/pull/48337#issuecomment-495072764
[2]: https://github.com/NixOS/nixpkgs/pull/48337#issuecomment-451644084
[3]: https://github.com/NixOS/nixpkgs/pull/48337#issuecomment-451646135

Signed-off-by: aszlig <aszlig@nix.build>
2019-12-30 14:30:36 +01:00
Robin Gloster
2157dcd141
treewide: installFlags is a list 2019-12-30 13:22:43 +01:00
Nathan
b0caf68bff
maintainer-list.nix: remove ndowens 2019-12-26 16:47:41 -05:00
Izorkin
b5bd159690 unit: add drop capabilites patch 2019-12-26 17:51:53 +03:00
Izorkin
681dca1b67 unit: 1.13.0 -> 1.14.0 2019-12-26 17:39:14 +03:00
Dirk-Willem van Gulik
f85ec2d896 Additional redwax modules - including comments from review on #75620. 2019-12-24 17:01:04 +01:00
Jörg Thalheim
b9bc38934b
h2o: build with openssl
otherwise we get symbol conflicts, once we link it against applications using
openssl
2019-12-21 22:55:58 +00:00
Izorkin
edddf0ac47 nginxModules.pinba: init at 13.05.2019 2019-12-11 10:06:55 +03:00
Frederik Rietdijk
f3618342ec Merge staging-next into staging 2019-12-10 19:01:27 +01:00
Renaud
f640cf49d1
rdf4store: remove pkg and service modules
(#74214)
2019-12-08 20:33:51 +01:00
Frederik Rietdijk
353ec3f3a8
Merge pull request #73491 from Izorkin/unit
unit: 1.12.0 -> 1.13.0
2019-12-05 10:25:54 +01:00
R. RyanTM
fffce07e96 jetty: 9.4.22.v20191022 -> 9.4.24.v20191120 (#74417)
* jetty: 9.4.22.v20191022 -> 9.4.24.v20191120

* jetty: homepage over https
2019-11-30 22:03:40 +01:00
Jörg Thalheim
571ed9d22e
nginx: reference tests 2019-11-29 12:27:55 +00:00
tekeri
a5f26644d4 Add nginx perl modules (#73198)
* nginx: enable perl_module if perl is given

* nginx: move `perl = null` to toplevel
2019-11-27 17:08:56 +00:00
Izorkin
d5f8c4b1d1 unit: update build configuration 2019-11-24 12:55:21 +03:00
Izorkin
6ae0c68216 unit: 1.12.0 -> 1.13.0 2019-11-24 12:46:36 +03:00
R. RyanTM
f28fad5e2f jetty: 9.4.16.v20190411 -> 9.4.22.v20191022
(#72533)
2019-11-06 19:30:58 +01:00