Commit Graph

475 Commits

Author SHA1 Message Date
Franz Pletz
cb3d27df93 Merge remote-tracking branch 'origin/master' into hardened-stdenv 2016-03-05 18:55:30 +01:00
Franz Pletz
aff1f4ab94 Use general hardening flag toggle lists
The following parameters are now available:

  * hardeningDisable
    To disable specific hardening flags
  * hardeningEnable
    To enable specific hardening flags

Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.

cc-wrapper supports the following flags:

  * fortify
  * stackprotector
  * pie (disabled by default)
  * pic
  * strictoverflow
  * format
  * relro
  * bindnow
2016-03-05 18:55:26 +01:00
Frederik Rietdijk
36506df7fe Merge pull request #13448 from lancelotsix/use_recent_sqlalchemy_as_default
pythonPackages.sqlalchemy: follows upstream, use "sqlalchemy7" for lecagy
2016-03-05 11:07:50 -05:00
Adam Boseley
5b83791207 spice-vdagentd service : initial at 0.16.0 2016-03-05 07:56:47 +10:00
Stefan Junker
13bd76b525 pkgs/rkt: 1.0.0 -> 1.1.0 2016-03-03 19:57:15 +01:00
Robin Gloster
d47857c3d9 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-03-01 21:09:17 +00:00
aszlig
605cc4fdeb
Merge pull request #13052 from @bendlas
Updates VirtualBox from version 5.0.12 to 5.0.14.

Upstream changes are (without bug IDs):

 * GUI: properly limit the number of VCPUs to the number of physical cores
        on Mac OS X
 * Audio: fixed a bug which prevented loading a saved state of a saved
          guests with HDA emulation (5.0.12 regression)
 * Audio: don't crash if the backend is unable to initialize
 * Audio: fixed audio capture on Mac OS X
 * Storage: fixed a possible crash when attaching the same ISO image
            multiple times to the same VM
 * BIOS: properly report if two floppy drives are attached
 * USB: fixed a problem with filters which would not capture the device
        under certain circumstances (5.0.10 regression)
 * ExtPack: black-list Extension Packs older than 4.3.30 due to
            incompatible changes not being properly handled in the past
 * Windows hosts: fixed a regression which caused robocopy to fail
 * Linux hosts: properly create the /sbin/rcvboxdrv symbolic link (5.0.12
                regression)
 * Mac OS X hosts: several fixes for USB on El Capitan
 * Linux Additions: fixes for Linux 4.5

Full upstream changelog with bug IDs can be found at:

  https://www.virtualbox.org/wiki/Changelog

The reason I was reluctant to merge this before were these symbol lookup
errors:

  vboxsf: Unknown symbol VBoxGuest_RTMemTmpFree (err 0)
  vboxsf: Unknown symbol VBoxGuestIDCCall (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTSemFastMutexRequest (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTSemFastMutexRelease (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTLogRelGetDefaultInstanceEx (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTErrConvertToErrno (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTSemFastMutexCreate (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTSemFastMutexDestroy (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTMemContFree (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTSemMutexRelease (err 0)
  vboxsf: Unknown symbol VBoxGuestIDCOpen (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTAssertShouldPanic (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTMemContAlloc (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTSemMutexRequest (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTSemMutexCreate (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTMemTmpAllocTag (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTSemMutexDestroy (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTAssertMsg1Weak (err 0)
  vboxsf: Unknown symbol VBoxGuestIDCClose (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTAssertMsg2Weak (err 0)

However, after testing it against 5.0.12, the same errors occur there as
well, so it is likely related to our VM tests.
2016-03-01 03:36:44 +01:00
Robin Gloster
3b4765c9e5 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-02-28 16:32:57 +00:00
zimbatm
69ce5cb656 use the sourceforge mirrors everywhere
find pkgs -name "*.nix" -exec sed -r \
    "s|https?://downloads.sourceforge.net/|mirror://sourceforge/|g" -i {} \;
2016-02-28 12:07:42 +00:00
Franz Pletz
6b20b7c4d7 qemu: 2.4.1 -> 2.5.0 (multiple CVEs)
https://lwn.net/Vulnerabilities/666755/
2016-02-27 17:53:22 +01:00
Lancelot SIX
0467a17858 pythonPackages.sqlalchemy: follows upstream, sqlalchemy7 for lecagy
This makes pythonPackages.sqlalchemy the most up to date revision (it
was called sqlalchemy_1_0 before), and maintains the various “legacy”
versions available as pythonPackages.sqlalchemyX for X in {7,8,9}.

All derivations that required `sqlalchemy_1_0` now require `sqlalchemy`
while those that required `sqlalchemy` now require `sqlalchemy7`.

The derivations are not changed, only the attribute names they are
bound to.
2016-02-27 12:11:12 +01:00
Robin Gloster
3477e662e6 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-02-27 00:08:08 +00:00
Frederik Rietdijk
4d06bf70f4 buildPythonApplication: use new function for Python applications 2016-02-19 13:16:41 +01:00
Herwig Hochleitner
bd3ca11e0d virtualbox: 5.0.12 -> 5.0.14 2016-02-16 21:59:11 +01:00
Robin Gloster
a53bd9daa8 xen: turn off pic hardening 2016-02-11 01:44:23 +00:00
Robin Gloster
63d4e59add seabios: turn off pic and stackprotector hardening 2016-02-10 23:27:37 +00:00
Robin Gloster
e264f1077b bochs: turn off format hardening 2016-02-09 10:29:34 +00:00
Robin Gloster
82daf82e61 xen: turn off fortify 2016-02-09 01:10:57 +00:00
Robin Gloster
5b535580fd cbfstool: turn off fortify 2016-02-09 01:00:21 +00:00
Robin Gloster
2f1567ad33 OVMF: no stackprotector/pic/fortify hardening 2016-02-08 23:18:03 +00:00
Robin Gloster
859a150373 linuxPackages.virtualboxGuestAdditions: no pic hardening 2016-02-07 22:45:28 +00:00
Robin Gloster
9229e9c656 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-02-07 11:17:57 +00:00
Cole Mickens
14dfebd364 rkt: reset stage1 to rkt's recommended version 2016-02-05 11:18:12 -08:00
Arseniy Seroka
50f94c2751 Merge pull request #12831 from colemickens/rkt-1.0.0
rkt 0.15.0 -> 1.0.0 + trousers
2016-02-05 17:32:45 +03:00
Cole Mickens
34f59ae390 rkt 0.15.0 -> 1.0.0 + trousers 2016-02-04 22:52:55 -08:00
Cole Mickens
712eb6b7e0 docker 1.9.1 -> 1.10.0 2016-02-04 22:52:06 -08:00
Robin Gloster
359b1726a5 xen: turn off stackprotector hardening 2016-01-30 16:36:57 +00:00
Robin Gloster
f6d3b7a2ae switch hardening flags 2016-01-30 16:36:57 +00:00
Franz Pletz
954e9903ad Use a hardened stdenv by default 2016-01-30 16:36:57 +00:00
Tobias Geerinckx-Rice
9fb8020e4e Add version attribute where maintainers |= nckx
This will probably be mandatory soon, and is a step in the right
direction. Removes the deprecated meta.version, and move some meta
sections to the end of the file where I should have put them in
the first place.
2016-01-25 17:35:21 +01:00
Vladimír Čunát
0957359568 Merge branch 'staging' 2016-01-22 13:48:35 +01:00
Domen Kožar
b39c51a362 Merge pull request #12323 from kragniz/rkt-v0.15.0
rkt: 0.14.0 -> 0.15.0
2016-01-21 22:27:33 +01:00
aszlig
c92d7481a5
multipath_tools: Rename to multipath-tools
See http://nixos.org/nixpkgs/manual/#sec-package-naming

I've added an alias for multipath_tools to make sure that we don't break
existing configurations referencing the old name.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-01-21 16:18:38 +01:00
Robin Gloster
53b389327e refactor to use autoreconfHook where possible
Close #12446.
2016-01-18 10:45:31 +01:00
Tobias Geerinckx-Rice
b01b11c657 virtualbox: 5.0.10 -> 5.0.12
This is a maintenance release.
Changes: https://www.virtualbox.org/wiki/Changelog.
2016-01-18 03:57:09 +01:00
Louis Taylor
6309f48137 rkt: 0.14.0 -> 0.15.0 2016-01-15 18:09:58 +00:00
Franz Pletz
a224badfea Merge pull request #12373 from nathan7/docker-journald
docker: enable journald support
2016-01-15 00:54:55 +01:00
Nathan Zadoks
9c9a5353f9 docker: enable journald support 2016-01-14 16:01:19 +01:00
Stefan Junker
1e9a4a6d5b fixup! rkt: align stage1 information with upstream source 2016-01-04 13:08:11 +01:00
Arseniy Seroka
387b38e10b Revert "rkt: align stage1 information with upstream source" 2016-01-04 14:39:34 +03:00
Arseniy Seroka
014ee32abd Merge pull request #11946 from steveeJ/rkt
rkt: align stage1 information with upstream source
2016-01-04 14:39:05 +03:00
Tobias Geerinckx-Rice
82419575aa btrfsProgs -> canonical btrfs-progs 2016-01-03 20:38:44 +01:00
Robin Gloster
729fb7a440 virt-viewer: fix build and clean up 2015-12-28 21:44:12 +00:00
Domen Kožar
af25cc9427 fix virtviewer build 2015-12-28 22:39:22 +01:00
Stefan Junker
e3630bcf89 rkt: align stage1 information with upstream source
We rely on the upstream tests and hence should not change the
constellation.

See: https://github.com/coreos/rkt/blob/v0.14.0/stage1/usr_from_coreos/coreos-common.mk

Additionally add the "fly" stage1.
2015-12-28 14:20:12 +01:00
Derek Gonyeo
540c520cf6 rkt: bump version 0.13.0 -> 0.14.0, fixes #11885 2015-12-23 01:27:26 +01:00
Nathan Zadoks
d5e5a7dbc3 docker: 1.9.0 -> 1.9.1 2015-12-21 12:18:22 +01:00
Pascal Wittmann
63b7648870 Merge pull request #11755 from steveeJ/rkt-v0.13
rkt: bump version 0.12.0 -> 0.13.0
2015-12-16 13:03:57 +01:00
Domen Kožar
caa9c53d6e qemu: enable numa 2015-12-15 23:41:55 +01:00
Stefan Junker
a4cd9f771a rkt: bump version 0.12.0 -> 0.13.0 2015-12-15 23:03:28 +01:00