Commit Graph

917 Commits

Author SHA1 Message Date
Joachim Fasting
0c6a1eaa43
containerd: use removeReferencesTo 2017-03-11 15:17:32 +01:00
aszlig
0a7673d202
qemu_test: Rebase force-uid0-on-9p.patch
This reverts commit 3a4e2376e4.

The reverted commit caused the fix for CVE-2016-9602 not to be applied
for qemu_test because it conflicts with the force-uid0-on-9p.patch.

So with the rebase of the patch on top of the changes of the
CVE-2016-9602.patch, both patches no longer conflict with each other.

I've tested this with the "misc" NixOS test and it succeeds.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-03-11 15:16:49 +01:00
Franz Pletz
3a4e2376e4
qemu_test: don't apply patch for CVE-2016-9602
Both patches are conflicting. Keeping the vulnerability unpatched in qemu
binaries used for nixos test is tolerable.
2017-03-11 13:43:42 +01:00
Franz Pletz
621e7a9945
qemu: fetch vnc bugfix patch from debian
This version of the patch applies cleanly to the 2.8.0 release.
2017-03-11 09:32:48 +01:00
Franz Pletz
c512180f9c
qemu: add patches for multiple CVEs
New upstream patch function and patches for fixing a bug in the patch for
CVE-2017-5667 and the following security issues:

  * CVE-2016-7907
  * CVE-2016-9602
  * CVE-2016-10155
  * CVE-2017-2620
  * CVE-2017-2630
  * CVE-2017-5525
  * CVE-2017-5526
  * CVE-2017-5579
  * CVE-2017-5856
  * CVE-2017-5857
  * CVE-2017-5987
  * CVE-2017-6058
2017-03-11 08:14:29 +01:00
Peter Hoeg
bce352949e virtmanager-qt: init at 0.39.60 2017-03-10 11:08:19 +08:00
Jan Malakhovski
916fa0a610 xen: rewrite build expression to be more modular, support upstream qemu and seabios
Also:

* provides a bunch of build options
* documents build options config in longDescription
* provides a bunch of predefined packages and documents them some more
* sources' hashes stay the same
2017-03-05 13:59:28 +00:00
Jan Malakhovski
1c8940a2b8 qemu: add xen support 2017-03-05 13:59:28 +00:00
Jan Malakhovski
eff9b09fb7 qemu: separate usbredirSupport option out of spiceSupport option 2017-03-05 13:59:28 +00:00
Tuomas Tynkkynen
439facec2a lkl: Broken on i686
http://hydra.nixos.org/build/49534265
2017-03-02 03:59:31 +02:00
Alexey Shmalko
0d31a76813
virtualbox: fix build
The issue was caused by upgrading `qt` from `qt56` to `qt57`, which
now requires C++11.

For more info, see https://github.com/NixOS/nixpkgs/issues/23257.
2017-02-28 05:35:52 +02:00
Franz Pletz
6bafe64a20
qemu: apply patches for multiple CVEs
Fixes:

  * CVE-2017-2615
  * CVE-2017-5667
  * CVE-2017-5898
  * CVE-2017-5931
  * CVE-2017-5973

We are vulnerable to even more CVEs but those are either not severe like
memory leaks in obscure situations or upstream hasn't acknowledged the
patch yet.

cc #23072
2017-02-25 09:40:53 +01:00
Vladimír Čunát
145d3ea81c
Merge branch 'master' into staging 2017-02-22 17:47:49 +01:00
Vladimír Čunát
1d1dc2dcc3
open-vm-tools: fixup build with glibc-2.25 2017-02-22 16:54:07 +01:00
Graham Christensen
cc4919da89
xen: patch for XSAs: 197, 199, 207, 208, 209
XSA-197 Issue Description:

> The compiler can emit optimizations in qemu which can lead to double
> fetch vulnerabilities.  Specifically data on the rings shared
> between qemu and the hypervisor (which the guest under control can
> obtain mappings of) can be fetched twice (during which time the
> guest can alter the contents) possibly leading to arbitrary code
> execution in qemu.

More: https://xenbits.xen.org/xsa/advisory-197.html

XSA-199 Issue Description:

> The code in qemu which implements ioport read/write looks up the
> specified ioport address in a dispatch table.  The argument to the
> dispatch function is a uint32_t, and is used without a range check,
> even though the table has entries for only 2^16 ioports.
>
> When qemu is used as a standalone emulator, ioport accesses are
> generated only from cpu instructions emulated by qemu, and are
> therefore necessarily 16-bit, so there is no vulnerability.
>
> When qemu is used as a device model within Xen, io requests are
> generated by the hypervisor and read by qemu from a shared ring.  The
> entries in this ring use a common structure, including a 64-bit
> address field, for various accesses, including ioport addresses.
>
> Xen will write only 16-bit address ioport accesses.  However,
> depending on the Xen and qemu version, the ring may be writeable by
> the guest.  If so, the guest can generate out-of-range ioport
> accesses, resulting in wild pointer accesses within qemu.

More: https://xenbits.xen.org/xsa/advisory-199.html

XSA-207 Issue Description:

> Certain internal state is set up, during domain construction, in
> preparation for possible pass-through device assignment.  On ARM and
> AMD V-i hardware this setup includes memory allocation.  On guest
> teardown, cleanup was erroneously only performed when the guest
> actually had a pass-through device assigned.

More: https://xenbits.xen.org/xsa/advisory-207.html

XSA-209 Issue Description:

> When doing bitblt copy backwards, qemu should negate the blit width.
> This avoids an oob access before the start of video memory.

More: https://xenbits.xen.org/xsa/advisory-208.html

XSA-208 Issue Description:

> In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine
> cirrus_bitblt_cputovideo fails to check wethehr the specified memory
> region is safe.

More: https://xenbits.xen.org/xsa/advisory-209.html
2017-02-22 08:00:45 -05:00
Tim Steinbach
8b60413e95
rkt: 1.24.0 -> 1.25.0 2017-02-21 18:51:34 -05:00
Vladimír Čunát
3d600726b3
xen: fixup build with glibc-2.25 2017-02-21 18:26:52 +01:00
Benjamin Staffin
b42f820bdc Merge pull request #22745 from vdemeester/docker_1_13_1
docker: 1.13.0 -> 1.13.1
2017-02-14 11:47:40 -05:00
Parnell Springmeyer
9e36a58649
Merging against upstream master 2017-02-13 17:16:28 -06:00
Vincent Demeester
a50b4d0e03
docker: 1.13.0 -> 1.13.1
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-02-13 16:42:39 +01:00
Vladimír Čunát
31eba21d1d
virtualbox: force xorg-server-1.18 for now
This is getting a little hacky, but hopefully it won't break anything.
2017-02-12 21:07:49 +01:00
Tuomas Tynkkynen
a14ef4ad52 open-vm-tools: 10.0.7 -> 10.1.0
Also add an option to disable all the X11 stuff.
2017-02-10 20:12:00 +02:00
Christoph Hrdinka
de9720b65f
aqemu: init at 0.9.2 2017-02-10 12:48:29 +01:00
Dan Peebles
03cab2d923 ecs-agent: init at 1.14.0 2017-02-10 04:33:48 +00:00
Tim Steinbach
f65a3515f4
rkt: 1.23.0 -> 1.24.0 2017-02-05 11:51:05 -05:00
volth
762cc106b4 virt-top: init at 1.0.8 (#21536) 2017-02-04 16:07:45 +01:00
Pascal Bach
5ca3a7e56f virtualbox: remove upstream-info.json as it is no longer used
We keep the script as it might be useful in the future.
2017-02-02 21:11:08 +01:00
Pascal Bach
599df5e108 virtualbox: 5.1.10 -> 5.1.14 2017-02-02 21:10:01 +01:00
Eelco Dolstra
c20cc6d0b3
Excise use of importJSON
Putting information in external JSON files is IMHO not an improvement
over the idiomatic style of Nix expressions. The use of JSON doesn't
add anything over Nix expressions (in fact it removes expressive
power). And scattering package info over lots of little files makes
packages less readable over having the info in one file.
2017-01-30 11:44:08 +01:00
Parnell Springmeyer
6777e6f812
Merging with upstream 2017-01-29 05:54:01 -06:00
Parnell Springmeyer
4aa0923009
Getting rid of the var indirection and using a bin path instead 2017-01-29 04:11:01 -06:00
Parnell Springmeyer
e92b8402b0
Addressing PR feedback 2017-01-28 20:48:03 -08:00
Graham Christensen
f46c5b293b
qemu: 2.7 -> 2.8, drop 2.7 2017-01-26 20:23:40 -05:00
Parnell Springmeyer
a26a796d5c
Merging against master - updating smokingpig, rebase was going to be messy 2017-01-26 02:00:04 -08:00
Dan Peebles
ed83ec1b65 lkl: fix impure reference to /usr/bin/env 2017-01-25 21:30:59 +00:00
Parnell Springmeyer
bae00e8aa8
setcap-wrapper: Merging with upstream master and resolving conflicts 2017-01-25 11:08:05 -08:00
Tim Steinbach
6aae00edfc rkt: 1.22.0 -> 1.23.0 2017-01-23 17:56:46 +01:00
Vincent Demeester
d79fa8850a
Fixing the wrong Git Commit hash in docker version
`DOCKER_GITCOMMIT` needs to match the tagged commit used to build the
binary. The current commit refers to 1.12.1 and wasn't update each
time we updated the package. Using a variable near the version and
adding a comment so we don't forget to update next time.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-01-23 10:32:17 +01:00
Jaka Hudoklin
4884fa4502 Merge pull request #20656 from vdemeester/docker_1_13
Update to docker 1.13.x
2017-01-21 12:19:06 +01:00
Vladimír Čunát
6b6553c768
Merge branch 'staging'
It contains security updates.  I somehow forgot to push this yesterday.
2017-01-20 16:33:59 +01:00
Michael Raskin
ac27b9d836 Merge pull request #22001 from nlewo/qemu-cve
Qemu CVEs
2017-01-20 11:28:14 +00:00
Antoine Eiche
9f1514f086 qemu: fix several CVEs
- CVE 2016-9845
- CVE-2016-9846
- CVE-2016-9907
- CVE-2016-9912
2017-01-20 11:09:02 +01:00
Antoine Eiche
0bd3f82a67 qemu: fix the url of patch for CVE-2016-9921 and CVE-2016-9922 2017-01-20 11:02:22 +01:00
Vincent Demeester
74d4d3e4f9
docker: 1.12.6 -> 1.13.0
- Update docker version to 1.13.0.
- Introduce now docker-proxy package (from libnetmork).
- Use overrideDerivation to set the correct version for docker.
- Update tini to make sure we can build it static.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-01-18 21:33:37 +01:00
Vladimír Čunát
0dc43ab9d6
virt-manager: fixup evaluation to unbreak Hydra
The package itself is probably still broken.  /cc @fridh e94d9cdfaa
2017-01-18 16:07:25 +01:00
Vladimír Čunát
40003aa2ed
Merge branch 'master' into staging 2017-01-18 15:54:04 +01:00
Dan Peebles
3ab26fdb70 lkl: update to d7470730 2017-01-17 18:40:58 +00:00
Dan Peebles
f1a9bc356e lkl: init 2017-01-16 21:24:32 +00:00
Tim Steinbach
490c109928
rkt: 1.21.0 -> 1.22.0 2017-01-11 17:27:19 -05:00
Frederik Rietdijk
e94d9cdfaa virtmanager: use python2 2017-01-11 18:25:10 +01:00
Franz Pletz
260d97ca25
runc: add patches to fix CVE-2016-9962 2017-01-11 12:11:29 +01:00
Franz Pletz
0aa4931671
runc: 2016-06-15 -> 1.0.0-rc2 2017-01-11 10:59:27 +01:00
Franz Pletz
4df30fc74f
containerd: 0.2.3 -> 0.2.5 2017-01-11 10:59:26 +01:00
Franz Pletz
cb07316773
docker: 1.12.5 -> 1.12.6
Fixes CVE-2016-9962.
2017-01-11 10:59:24 +01:00
Graham Christensen
f5ca9a4212
Merge branch 'roundup-15' 2016-12-28 21:04:51 -05:00
Antoine Eiche
bc63738c6f
qemu: fix CVE-2016-9921 and CVE-2016-9922 2016-12-28 20:37:00 -05:00
Antoine Eiche
a5dd311208
qemu: fix CVE-2016-9911 2016-12-28 20:36:53 -05:00
Michael Raskin
442623e499 qemu_28: init at 2.8.0; not updating the main Qemu expression yet because there were some claims about NixOS test fragility 2016-12-28 15:04:51 +01:00
Graham Christensen
4e6c7faf36
xen: patch for many XSAs
- XSA-190
 - XSA-191
 - XSA-192
 - XSA-193
 - XSA-195
 - XSA-196
 - XSA-198
 - XSA-200
 - XSA_202
 - XSA-204
2016-12-21 14:37:47 -05:00
Daiderd Jordan
49e3190efa
Revert "xhyve: update and fix to use our Hypervisor framework"
This reverts commit f3b65f67d9.
2016-12-20 13:02:27 +01:00
Eelco Dolstra
8a0843c3c4
qemu-kvm: Mark the version for tests
(cherry picked from commit d58a4ec1ba77e390c53c09ba6198b78f8568d495)
2016-12-20 10:52:46 +01:00
Dan Peebles
f3b65f67d9 xhyve: update and fix to use our Hypervisor framework 2016-12-19 19:47:24 -05:00
aszlig
c5e5dccd13
Merge pull request #21201 (VirtualBox 5.1.10)
This brings VirtualBox to the latest upstream version, which also fixes
building the modules against kernel 4.9.0.

Tested against all the the "virtualbox" subtests on x86_64-linux.
2016-12-17 15:46:06 +01:00
Tim Steinbach
a5a98290b7
docker: 1.12.3 -> 1.12.5 2016-12-16 08:57:08 -05:00
aszlig
38ea64e867
qemu_test: Make chown() calls to the store a no-op
The "misc" NixOS test is using Nix to query the store and it tries to
change the ownership of it while doing so.

This fails if Nix is not in a seccomp-sandboxed userid namespace, so
let's make chown() a no-op when applied to store paths.

Fixes the misc test (and possibly future tests) on older Nix versions.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-12-16 13:06:25 +01:00
Eelco Dolstra
705829b29a Merge pull request #20500 from aszlig/qemu-patched-for-nixos-tests
nixos/tests: Use a patched QEMU for testing
2016-12-15 12:38:29 +01:00
Peter Hoeg
bea3209d5f virtualbox: 5.1.8 -> 5.1.10 2016-12-15 16:20:33 +08:00
Tim Steinbach
4f0592680c
rkt: 1.20.0 -> 1.21.0 2016-12-11 21:10:28 -05:00
Graham Christensen
a2d6e8a2eb
xen: Fix patch hashes
I had used nix-prefetch-url, where fetchpatch doesn't support it.
2016-12-09 07:22:35 -05:00
Graham Christensen
86da9839b1
xen: Patch for CVE-2016-9385, CVE-2016-9377, and CVE-2016-9378 2016-12-07 20:16:05 -05:00
Tuomas Tynkkynen
8a4d6516ee Merge remote-tracking branch 'upstream/staging' into master 2016-11-30 00:34:23 +02:00
Tim Steinbach
e24df8ea69 rkt: 1.19.0 -> 1.20.0 (#20697) 2016-11-26 17:18:00 +00:00
Vladimír Čunát
925b335607
Merge branch 'master' into staging 2016-11-26 11:27:09 +01:00
Frederik Rietdijk
97259c811e qemu: use python2 2016-11-24 22:28:03 +01:00
Franz Pletz
336bacfa1d
qemu: add patch to fix CVE-2016-7907
cc #20647
2016-11-23 23:23:49 -05:00
Bjørn Forsman
bbe5f99e0b qemu: add curl to buildInputs
Enables support for accessing files over HTTP:

  qemu-system-x86_64 -drive media=cdrom,file=http://host/path.iso,readonly

Increases the closures size from 445 to 447 MiB.
2016-11-23 17:44:02 +01:00
Vladimír Čunát
b69f568f4c
Merge branch 'staging'
Hydra rebuild looks fine; only a few Darwin jobs is queued:
http://hydra.nixos.org/eval/1304891?compare=1304807
2016-11-19 04:35:51 +01:00
Franz Pletz
f4a318b528
qemu: add patches for CVE-2016-7994 & CVE-2016-8668 2016-11-17 22:00:44 +01:00
aszlig
6cfb3b6364
nixos/tests: Use a patched QEMU for testing
The reason to patch QEMU is that with latest Nix, tests like "printing"
or "misc" fail because they expect the store paths to be owned by uid 0
and gid 0.

Starting with NixOS/nix@5e51ffb1c2, Nix
builds inside of a new user namespace. Unfortunately this also means
that bind-mounted store paths that are part of the derivation's inputs
are no longer owned by uid 0 and gid 0 but by uid 65534 and gid 65534.

This in turn causes things like sudo or cups to fail with errors about
insecure file permissions.

So in order to avoid that, let's make sure the VM always gets files
owned by uid 0 and gid 0 and does a no-op when doing a chmod on a store
path.

In addition, this adds a virtualisation.qemu.program option so that we
can make sure that we only use the patched version if we're *really*
running NixOS VM tests (that is, whenever we have imported
test-instrumentation.nix).

Tested against the "misc" and "printing" tests.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-17 17:16:16 +01:00
Vladimír Čunát
b5e89fe9bf
Merge branch 'master' into staging 2016-11-15 00:20:19 +01:00
Justin Bedo
04121437be
singularity: init 2.2 2016-11-15 09:11:53 +11:00
Frederik Rietdijk
84e9328028 virtualbox: python is always needed
even when not building bindings.
2016-11-14 19:09:25 +01:00
Tim Steinbach
ecd1a53df6
rkt: 1.18.0 -> 1.19.0 2016-11-10 21:06:20 -05:00
Tobias Geerinckx-Rice
583af41f3c
remotebox: 2.1 -> 2.2 2016-11-09 02:24:46 +01:00
Frederik Rietdijk
a18ac150a3 virtinst: use python2 2016-11-08 22:48:55 +01:00
Frederik Rietdijk
95c54db397 virtualbox: use python2
and remove python buildInput. Python should only be added when
`pythonBindings` is true.
2016-11-08 22:48:54 +01:00
Tim Steinbach
1ae2f86a32
rkt: 1.17.0 -> 1.18.0 2016-11-05 22:27:42 -04:00
Tobias Geerinckx-Rice
c4f41a0a61
remotebox: 2.0 -> 2.1 2016-11-05 18:44:10 +01:00
Franz Pletz
25c01931bb
qemu: add patches to fix lots of CVEs
Patches from Debian and upstream git repo.

Fixes:

 * CVE-2016-6836
 * CVE-2016-7155
 * CVE-2016-7156
 * CVE-2016-7157
 * CVE-2016-7421
 * CVE-2016-7422
 * CVE-2016-7423
 * CVE-2016-7466
 * CVE-2016-8909
 * CVE-2016-8910
 * CVE-2016-9102
 * CVE-2016-9103
 * CVE-2016-9104
 * CVE-2016-9105
 * CVE-2016-9106

cc #20078
2016-11-03 02:45:16 +01:00
Tim Steinbach
282532e702
docker: 1.12.2 -> 1.12.3 2016-10-27 12:46:04 -04:00
Graham Christensen
69e8bac9cd
virtualbox: 5.1.6 -> 5.1.8 for many CVEs:
From LWN:
From the NVD entries:

CVE-2016-5501: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect confidentiality,
integrity, and availability via vectors related to Core, a different
vulnerability than CVE-2016-5538.

CVE-2016-5538: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect confidentiality,
integrity, and availability via vectors related to Core, a different
vulnerability than CVE-2016-5501.

CVE-2016-5605: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.1.4 in Oracle Virtualization allows remote
attackers to affect confidentiality and integrity via vectors related
to VRDE.

CVE-2016-5608: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect availability via vectors
related to Core, a different vulnerability than CVE-2016-5613.

CVE-2016-5610: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect confidentiality,
integrity, and availability via vectors related to Core.

CVE-2016-5611: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect confidentiality via
vectors related to Core.

CVE-2016-5613: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect availability via vectors
related to Core, a different vulnerability than CVE-2016-5608.
2016-10-26 22:18:00 -04:00
Frederik Rietdijk
7077a270bf Merge remote-tracking branch 'upstream/master' into HEAD 2016-10-26 13:06:43 +02:00
Tuomas Tynkkynen
c78ccb92ec cbfstool: git-2015-07-09 -> 4.5
Fixes build.
2016-10-22 21:07:33 +03:00
Frederik Rietdijk
e56832d730 Merge remote-tracking branch 'upstream/master' into HEAD 2016-10-22 17:23:24 +02:00
Frederik Rietdijk
bd12c10993 openstack: use python2 2016-10-22 16:47:22 +02:00
Frederik Rietdijk
4833f8bada xen: use python2 2016-10-22 16:47:21 +02:00
Jörg Thalheim
a3f38b9adc
rancher-compose: set version during build 2016-10-22 14:40:30 +02:00
Vladimír Čunát
4d5b893002 Merge #19081: gnome-3.22
Also master commits are brought in.
2016-10-20 23:04:10 +02:00
Derek Gonyeo
a0295e21c5 rkt: libsystemd fix (#19658)
As of systemd 231, the LD_LIBRARY_PATH fix applied in the installPhase of rkt's
build was no longer valid, causing rkt to fail to work. This patch changes the
path to point to the new location of libsystemd, which is in ${systemd.lib}.
2016-10-18 20:00:44 +02:00
Jörg Thalheim
dab4f0a720 Merge pull request #19506 from Mic92/rancher-compose
rancher-compose: init at 0.10.0
2016-10-15 22:11:19 +02:00
Jörg Thalheim
d60b74e7db
rancher-compose: init at 0.10.0 2016-10-15 22:06:33 +02:00
Graham Christensen
9b99c9a296 Merge pull request #19570 from NeQuissimus/rkt_1_17_0
rkt: 1.15.0 -> 1.17.0
2016-10-15 07:09:48 -04:00
Tim Steinbach
bb02cf71ef
rkt: 1.15.0 -> 1.17.0 2016-10-14 23:00:54 -04:00
Tim Steinbach
1a23e336a5
docker: 1.12.1 -> 1.12.2 2016-10-14 22:47:18 -04:00
Graham Christensen
4e89b237bc
xen: 4.5.2 -> 4.5.5, drop old versions 2016-10-14 17:09:18 -04:00
Vladimír Čunát
6eeea6effd Python: more evaluation fixups. 2016-10-14 00:03:12 +02:00
Robin Gloster
9838b80e91 docker-distribution: init at 2.5.1 2016-10-12 14:05:09 +02:00
Graham Christensen
86c9b471a6
openstack-neutron: mark as broken
https://github.com/NixOS/nixpkgs/issues/18856
2016-09-28 08:57:26 -04:00
Graham Christensen
c992ac8584 Merge pull request #18921 from grahamc/spice
Spice: Upgrade all the spice packages
2016-09-27 07:42:51 -04:00
Joachim F
a5580c9951 Merge pull request #18765 from aske/ocaml-move
Reorganize ocaml packages
2016-09-26 23:17:53 +02:00
Robin Gloster
2d0c1c6a7c
linuxPackages.virtualboxGuestAdditions: fix with grsecurity 2016-09-26 14:52:49 +02:00
Graham Christensen
0d20194889
spice-vdagent: 0.16.0 -> 0.17.0 2016-09-26 08:20:04 -04:00
Kirill Boltaev
e61663a233 treewide: move to ocaml-ng system 2016-09-26 02:36:49 +03:00
Graham Christensen
5e25995295
qemu: 2.6.1 -> 2.7.0 2016-09-25 15:40:47 -04:00
rushmorem
faf14cbcee rkt: 1.14.0 -> 1.15.0 2016-09-23 11:59:55 +02:00
Domen Kožar
5d1db88a7c virtualboxGuestAdditions: mark as broken on grsecurity
(cherry picked from commit 4821fa2d1971a54847d28dfb3e9039c5e5ae4ded)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-09-21 12:04:19 +02:00
Eelco Dolstra
ddd41a509a virtualbox: Drop dontPatchELF hack
However, this also requires ad8f31df7f
to get rid of gcc_multi.out in the closure.
2016-09-20 18:02:19 +02:00
aszlig
1781e95577
Merge pull request #18567 (VirtualBox 5.1.6)
This introduces VirtualBox version 5.1.6 along with a few refactored
stuff, notably:

  * Kernel modules and user space applications are now separate
    derivations.
  * If config.pulseaudio doesn't exist in nixpkgs config, the default is
    now to build with PulseAudio modules.
  * A new updater to keep VirtualBox up to date.

All subtests in nixos/tests/virtualbox.nix succeed on my machine and
VirtualBox was reported to be working by @DamienCassou (although with
unrelated audio problems for another fix/branch) and @calbrecht.
2016-09-14 02:20:16 +02:00
Domen Kožar
fef171ee76 nova: more transient errored test cases
(cherry picked from commit eb25ce7fbfd92070d75b06060c98b221ac8da290)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-09-13 16:13:06 +02:00
Jaka Hudoklin
7a9dd489d6 Merge pull request #18481 from offlinehacker/pkgs/docker/1.12.1
docker: 1.10.3 -> 1.12.1
2016-09-13 15:59:18 +02:00
aszlig
e19aa3819e
virtualbox: 5.1.4 -> 5.1.6
Upstream changelog without bug numbers:

  * GUI: fixed issue with opening '.vbox' files and it's aliases
  * GUI: keyboard grabbing fixes
  * GUI: fix for passing through Ctrl + mouse-click
  * GUI: fixed automatic deletion of extension pack files
  * USB: fixed showing unknown device instead of the manufacturer or
         product description under certain circumstances
  * XHCI: another fix for a hanging guest under certain conditions, this
          time for Windows 7 guests
  * Serial: fixed high CPU usage with certain USB to serial converters
            on Linux hosts
  * Storage: fixed attaching stream optimized VMDK images
  * Storage: reject image variants which are unsupported by the backend
  * Storage: fixed loading saved states created with VirtualBox 5.0.10
             and older when using a SCSI controller
  * Storage: fixed broken NVMe emulation if the host I/O cache setting
             is enabled
  * Storage: fixed using multiple NVMe controllers if ICH9 is used
  * NVMe: fixed a crash during reset which could happen under certain
          circumstances
  * Audio: fixed microphone input (5.1.2 regression)
  * Audio: fixed crashes under certain conditions (5.1.0 regression)
  * Audio: fixed recording with the ALSA backend (5.1 regression)
  * Audio: fixed stream access mode with OSS backend (5.1 regression,
           thanks to Jung-uk Kim)
  * E1000: do also return masked bits when reading the ICR register,
           this fixes booting from iPXE (5.1.2 regression)
  * BIOS: fixed 4bpp scanline calculation
  * API: relax the check for the version attribute in OVF/OVA appliances
  * Windows hosts: fixed crashes when terminating the VM selector or
                   other VBox COM clients
  * Linux Installer: fixed path to the documentation in .rpm packages
                     (5.1.0 regression)
  * Linux Installer: fixed the vboxdrv.sh script to prevent an SELinux
                     complaint
  * Linux hosts: don't use 32-bit legacy capabilities
  * Linux Additions: Linux 4.8 fix for the kernel display driver
  * Linux Additions: don't load the kernel modules provided by the Linux
                     distribution but load the kernel modules from the
                     official Guest Additions package instead
  * Linux Additions: fix dynamic resizing problems in recent Linux
                     guests
  * User Manual: fixed error in the VBoxManage chapter for the
                 getextradata enumerate example

The full upstream changelog with bug numbers can be found at:

https://www.virtualbox.org/wiki/Changelog-5.1#v6

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-13 14:07:56 +02:00
Jaka Hudoklin
0a518618a2 docker: 1.10.3 -> 1.12.1 2016-09-13 12:50:58 +02:00
aszlig
d2af4c6722
virtualbox: Explicitly state Qt 5 dependencies
In 2942815968, the dependencies for Qt 5
were passed using buildEnv with all the development binaries, headers
and libs. Unfortunately, the build output references that environment
which also increases the size of the runtime closure.

The upstream makefile assumes a common Qt 5 library path, but that's not
the case within Nix, because we have separate paths for the Qt 5
modules.

We now patch the makefile to recognize PATH_QT5_X11_EXTRAS_{LIB,INC} so
that we can pass in the relevant paths from Qt5X11Extras.

In summary, the closure size goes down to 525559600 bytes (501 MB)
instead of 863035544 bytes (823 MB) with vbox-qt5-env.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-13 06:12:42 +02:00
aszlig
8bd89c922d
virtualbox: Split kernel modules into own package
Putting the kernel modules into the same output path as the main
VirtualBox derivation causes all of VirtualBox to be rebuilt on every
single kernel update.

The build process of VirtualBox already outputs the kernel module source
along with the generated files for the configuration of the main
VirtualBox package. We put this into a different output called "modsrc"
which we re-use from linuxPackages.virtualbox, which is now only
containing the resulting kernel modules without the main user space
implementation.

This not only has the advantage of decluttering the Nix expression for
the user space portions but also gets rid of the need to nuke references
and the need to patch out "depmod -a".

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-13 06:12:38 +02:00
aszlig
6d69293f26
virtualbox: Generate and use upstream-info.json
We now no longer need to update VirtualBox manually, which has a few
advantages. Along with making it just easier to update this also makes
the update procedure way less error-prone, for example if people forget
to bump the extension pack revision or to update the guest additions.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-13 06:12:34 +02:00
aszlig
f5ab9c81a8
virtualbox: Add an update script
Just a small updater which should fetch the latest sha256sums from the
upstream site and check whether the current version is the latest one.

The output is in a JSON file in the same directory, which then will be
used by the Nix expressions to fetch the upstream files.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-13 03:24:47 +02:00
Kirill Boltaev
bccd75094f treewide: explicitly specify gtk and related package versions 2016-09-12 18:26:06 +03:00
Christian Albrecht
2942815968 virtualbox: 5.0.26 -> 5.1.4 2016-09-12 17:22:31 +02:00
Jaka Hudoklin
e927620885 containerd: init at 0.2.3 2016-09-12 01:32:03 +02:00
Jaka Hudoklin
71782da103 runc: init at 2016-06-15 2016-09-12 01:32:02 +02:00
Stefan Junker
5100db559a rkt: 1.12.0 -> 1.14.0 (#18360) 2016-09-06 23:04:17 +02:00
Parnell Springmeyer
98c058a1ee Adapting everything for the merged permissions wrappers work. 2016-09-01 19:21:06 -05:00
Данило Глинський (Danylo Hlynskyi)
78cd9f8ebc virtualbox: add headless build (without Qt dependency) (#18026) 2016-09-01 20:54:58 +02:00
Tuomas Tynkkynen
8c4aeb1780 Merge staging into master
Brings in:
    - changed output order for multiple outputs:
      https://github.com/NixOS/nixpkgs/pull/14766
    - audit disabled by default
      https://github.com/NixOS/nixpkgs/pull/17916

 Conflicts:
	pkgs/development/libraries/openldap/default.nix
2016-09-01 13:27:27 +03:00
Robin Gloster
7b1597bec2
qemu: 2.6.0 -> 2.6.1 2016-08-31 13:31:22 +02:00
Robin Gloster
7eaa83a3e9
qemu: patch security issues in 9pfs
CVE-2016-7116, others have no ID assigned, yet.
Fixes from 2.7 tree.
2016-08-31 13:31:22 +02:00
Tuomas Tynkkynen
feed8beb47 virtualbox: Fix glibc dev reference 2016-08-31 12:32:34 +03:00
obadz
c7142c1aa3 Merge branch 'master' into staging 2016-08-28 13:33:13 +01:00
David Guibert
21f2f30740 virtualbox: 5.0.20 -> 5.0.26 2016-08-28 13:45:49 +02:00
Robin Gloster
29c5ccea4a
xen: remove obsolete substituteInPlace 2016-08-27 21:54:30 +00:00
obadz
0e8d2725dc Merge branch 'master' into staging 2016-08-23 18:50:06 +01:00
Franz Pletz
a12b2bfb8b xen: Fix build on Glibc 2.24 2016-08-23 19:17:36 +02:00
Tuomas Tynkkynen
0f3c0e6801 open-vm-tools: use makeBinPath 2016-08-23 04:32:21 +03:00
Tuomas Tynkkynen
282277dbc8 treewide: Use more makeBinPath 2016-08-23 01:18:10 +03:00
Tuomas Tynkkynen
74a3a2cd7e treewide: Use makeBinPath 2016-08-23 01:18:10 +03:00
Tuomas Tynkkynen
51ad423716 treewide: Use makeLibraryPath in 'patchelf --set-rpath' calls 2016-08-23 00:04:39 +03:00
obadz
24a9183f90 Merge branch 'hardened-stdenv' into staging
Closes #12895

Amazing work by @globin & @fpletz getting hardened compiler flags by
enabled default on the whole package set
2016-08-22 01:19:35 +01:00
Frederik Rietdijk
5a501bd828 Remove top-level dbus_python and pythonDBus.
See #11567.

Furthermore, it renames pythonPackages.dbus to pythonPackages.dbus-
python as that's the name upstream uses.

There is a small rebuild but I couldn't figure out the actual cause.
2016-08-16 22:52:37 +02:00
Domen Kožar
584c19b4a5 Merge pull request #17720 from oxij/fix-xen
Fix xen build
2016-08-16 22:06:52 +02:00
Robin Gloster
33e1c78ae3 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-16 07:54:01 +00:00
Jan Malakhovski
fdca71776a xen: cleanup 4.5.0 expression a bit 2016-08-13 21:53:25 +00:00
Jan Malakhovski
16ce708555 xen: fix urls and hashes (fallout from #15469) 2016-08-13 21:53:24 +00:00
Kranium Gikos Mendoza
9a0dfe23d8 tini: fix build 2016-08-13 14:23:20 +08:00
Robin Gloster
b7787d932e Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-12 09:46:53 +00:00
Stefan Junker
918b11e64c rkt: 1.11.0 -> 1.12.0 (#17620) 2016-08-09 22:23:05 +02:00
Robin Gloster
1b979d8384 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-03 13:34:44 +00:00
Franz Pletz
cb0ddbadd9 seabios: 1.9.2 -> 1.9.3 2016-08-02 21:21:02 +02:00
Tuomas Tynkkynen
21f17d69f6 treewide: Add lots of meta.platforms
Build-tested on x86_64 Linux & Mac.
2016-08-02 21:42:43 +03:00
Franz Pletz
15b8491af3 seabios: disable fortify hardening 2016-08-02 17:38:25 +02:00
Robin Gloster
f222d98746 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-25 12:47:13 +00:00
Stefan Junker
04b30b2397 rkt: fix default stage1 location 2016-07-22 18:18:29 -07:00
Stefan Junker
abc3faa294 rkt: 1.10.1 -> 1.11.0 2016-07-22 17:49:38 -07:00
Robin Gloster
203846b9de Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-19 10:37:02 +00:00
Stefan Junker
a9728c2796 rkt: install stage1 ACIs to expected path (#17079)
Makes rkt's `--stage1-from-dir` CLI argument work.
2016-07-19 09:31:52 +02:00
Robin Gloster
5185bc1773 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-15 14:41:01 +00:00
Stefan Junker
efe4d48e8e rkt: 1.9.1 -> 1.10.1 (#16895) 2016-07-14 12:18:07 +02:00
Vladimír Čunát
3afa246038 Merge branch 'staging'
This includes a security update of expat.
2016-06-29 07:47:04 +02:00
Joachim Fasting
b148be7ff9
seabios: 1.7.5.2 -> 1.9.2
Also fixes the build
2016-06-28 01:56:33 +02:00
Franz Pletz
bac698b868 virtmanager: 1.3.1 -> 1.4.0 2016-06-27 00:11:41 +02:00
Stefan Junker
c357a6a7ac rkt: remove incompatible stage1-host 2016-06-24 12:55:03 -07:00
Stefan Junker
5f2d746846 rkt: 1.9.0 -> 1.9.1 2016-06-24 12:54:53 -07:00
Stefan Junker
445f60c1e3 rkt: 1.8.0 -> 1.9.0 2016-06-23 14:15:47 -07:00
Leon Isenberg
ccbb3fa541 docker: Expose completions for fish 2016-06-20 23:41:32 +02:00
Vladimír Čunát
e757404555 Merge branch 'master' into staging
Hydra nixpkgs: ?compare=1279790
2016-06-19 12:33:04 +02:00
Vladimír Čunát
a02e5ad926 virtualbox: fix build with gcc-5.4 by Debian patch 2016-06-19 10:40:07 +02:00
Joachim Fasting
886c03ad2e Merge pull request #16107 from joachifm/grsec-ng
Rework grsecurity support
2016-06-14 03:52:50 +02:00
Joachim Fasting
dae5f53d25
qemu: apply PaX markings 2016-06-14 03:38:18 +02:00
Robin Gloster
8031cba2ab Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-06-10 09:27:04 +00:00
Stefan Junker
42b3156b4e rkt: 1.7.0 -> 1.8.0 2016-06-09 16:28:30 -07:00
Stefan Junker
2e6b257edf rkt: 1.5.1 -> 1.7.0 (#15958) 2016-06-08 16:43:42 +01:00
Tuomas Tynkkynen
bac26e08db Fix lots of fetchgit hashes (fallout from #15469) 2016-06-03 17:17:08 +03:00
zimbatm
a6593a16f7 virtualbox: give full url for downloading the ext (#15869)
The user only has to agree on the terms and conditions before
downloading the file. We might as well give him access to the full URL
by default.
2016-06-01 10:01:04 +01:00
Robin Gloster
2d382f3d98 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-05-30 19:39:34 +00:00
obadz
f0de1c75b5 docker: fix build with systemd 230 2016-05-27 15:42:15 +01:00
Vladimír Čunát
81039713fa Merge branch 'master' into staging
... to get the systemd update (rebuilding ~7k jobs).
2016-05-26 16:50:22 +02:00
Rickard Nilsson
13b8606241 qemu: 2.5.1 -> 2.6.0 2016-05-25 10:42:45 +02:00
Nathan Zadoks
99177c7377 docker: remove enableLxc parameter
LXC support was removed in Docker 1.4 (November 2015), and isn't coming
back.
2016-05-24 11:08:20 -04:00
Tuomas Tynkkynen
f81af4e6f0 treewide: Make explicit that 'dev' output of glib is used 2016-05-19 10:00:35 +02:00
Franz Pletz
f8d481754c
Merge remote-tracking branch 'origin/master' into hardened-stdenv 2016-05-18 17:10:02 +02:00
Michael Raskin
fde921578a virtualboxGuestAdditions: update hash for virtualbox 5.0.20 2016-05-17 08:44:32 +02:00
Michael Raskin
4f5e4ad69c virtualbox: 5.0.14 -> 5.0.20 2016-05-16 22:42:27 +02:00
zimbatm
3ade1e7d3e Merge branch 'pr/14911' 2016-05-05 21:28:27 +01:00
Joaquim Pedro França Simão
133dc10e5a open-vm-tools: fixes host VMware errors 2016-05-05 21:27:54 +01:00
Joaquim Pedro França Simão
0ecef73966 open-vm-tools: updates to 10.0.7 and fixes compilation erros 2016-05-05 21:27:54 +01:00
Stefan Junker
213f0f23a8 rkt: 1.4.0 -> 1.5.1 2016-05-05 12:01:58 +02:00
Robin Gloster
c92bca56f8 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-05-02 22:58:02 +00:00
Stefan Junker
07d305af32 rkt: 1.2.0 -> 1.4.0 2016-04-23 20:57:19 +02:00
Sheena Artrip
50d6c3ba38
virtualbox: obey NIX_BUILD_CORES for make invocation 2016-04-22 02:41:23 -04:00
Robin Gloster
d020caa5b2 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-04-18 13:49:22 +00:00
Nathan Zadoks
ebdd600732 docker: allow disabling btrfs and devicemapper 2016-04-17 00:41:17 +02:00
obadz
bf5e339d24 virtualbox: dontPatchELF = true
Workaround patchelf#93 and help move forward on #14595
2016-04-14 17:05:31 +01:00
Vladimír Čunát
30f14243c3 Merge branch 'master' into closure-size
Comparison to master evaluations on Hydra:
  - 1255515 for nixos
  - 1255502 for nixpkgs
2016-04-10 11:17:52 +02:00
Franz Pletz
2463e09173 virtinst: Fix cherry-pick merge 2016-04-10 01:26:45 +02:00
Robin Gloster
fe974894e2 virt-manager: remove sqlalchemy from (transitive) dependencies
Is not used according to source code
2016-04-10 01:21:46 +02:00
Vladimír Čunát
d1df28f8e5 Merge 'staging' into closure-size
This is mainly to get the update of bootstrap tools.
Otherwise there were mysterious segfaults:
https://github.com/NixOS/nixpkgs/pull/7701#issuecomment-203389817
2016-04-07 14:40:51 +02:00
Robin Gloster
3437b52e6b qboot: turn off stackprotector and pic hardening 2016-04-03 11:41:30 +00:00
Robin Gloster
696d85a62d Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-04-03 11:01:57 +00:00
Vladimír Čunát
ab15a62c68 Merge branch 'master' into closure-size
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
2016-04-01 10:06:01 +02:00
Frederik Rietdijk
97a29ff817 Merge pull request #14110 from lancelotsix/clean_sqlalchemy_legacy
Clean sqlalchemy legacy
2016-03-31 10:52:53 +02:00
Franz Pletz
2e08d8234e Merge remote-tracking branch 'origin/master' 2016-03-31 10:06:30 +02:00
Domen Kožar
8a34a3b37a qemu: 2.5.0 -> 2.5.1
Hopefully this also fixes installer tests on i686
2016-03-30 15:12:41 +01:00
Robin Gloster
f60c9df0ba Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-03-28 15:16:29 +00:00
Derek Gonyeo
587fbb5b15 rkt: v1.1.0 -> v1.2.0 2016-03-22 14:59:55 -07:00
Lancelot SIX
8dd955cc10 virtinst: remove sqlalchemy7 dependency
sqlalchemy is never used:

```
$ nix-shell default.nix -A virtinst
$ unpackPhase && cd virtinst-*
$ grep -r sqlalchemy .
$
```
2016-03-21 21:09:20 +01:00
Pierre Dal-Pra
d97805ccd0 docker: 1.10.0 -> 1.10.3 2016-03-18 22:12:42 +01:00
Robin Gloster
3f45f0948d Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-03-15 01:44:24 +00:00
Domen Kožar
9ad60eae48 xen: remove unneeded depds now that stubdom is disabled 2016-03-09 18:56:25 +00:00
Domen Kožar
086a7d138d xen: disable stubdom due to #13590 2016-03-09 13:51:45 +00:00
Vladimír Čunát
09af15654f Merge master into closure-size
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
Franz Pletz
40d90ef8ac Merge pull request #13561 from matthewbauer/qemu-mac
qemu: compile with cocoa for darwin support
2016-03-08 02:15:09 +01:00
Robin Gloster
1b4ec4b495 linuxPackages.virtualbox: disable fortify/pic/stackprotector 2016-03-06 15:48:16 +00:00
Franz Pletz
cb3d27df93 Merge remote-tracking branch 'origin/master' into hardened-stdenv 2016-03-05 18:55:30 +01:00
Franz Pletz
aff1f4ab94 Use general hardening flag toggle lists
The following parameters are now available:

  * hardeningDisable
    To disable specific hardening flags
  * hardeningEnable
    To enable specific hardening flags

Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.

cc-wrapper supports the following flags:

  * fortify
  * stackprotector
  * pie (disabled by default)
  * pic
  * strictoverflow
  * format
  * relro
  * bindnow
2016-03-05 18:55:26 +01:00
Frederik Rietdijk
36506df7fe Merge pull request #13448 from lancelotsix/use_recent_sqlalchemy_as_default
pythonPackages.sqlalchemy: follows upstream, use "sqlalchemy7" for lecagy
2016-03-05 11:07:50 -05:00
Matthew Bauer
864ec69c84 qemu: compile with cocoa for darwin support
This uses the --enable-cocoa flag in qemu to build in Darwin.
2016-03-04 17:45:34 -06:00
Adam Boseley
5b83791207 spice-vdagentd service : initial at 0.16.0 2016-03-05 07:56:47 +10:00
Stefan Junker
13bd76b525 pkgs/rkt: 1.0.0 -> 1.1.0 2016-03-03 19:57:15 +01:00
Robin Gloster
d47857c3d9 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-03-01 21:09:17 +00:00
aszlig
605cc4fdeb
Merge pull request #13052 from @bendlas
Updates VirtualBox from version 5.0.12 to 5.0.14.

Upstream changes are (without bug IDs):

 * GUI: properly limit the number of VCPUs to the number of physical cores
        on Mac OS X
 * Audio: fixed a bug which prevented loading a saved state of a saved
          guests with HDA emulation (5.0.12 regression)
 * Audio: don't crash if the backend is unable to initialize
 * Audio: fixed audio capture on Mac OS X
 * Storage: fixed a possible crash when attaching the same ISO image
            multiple times to the same VM
 * BIOS: properly report if two floppy drives are attached
 * USB: fixed a problem with filters which would not capture the device
        under certain circumstances (5.0.10 regression)
 * ExtPack: black-list Extension Packs older than 4.3.30 due to
            incompatible changes not being properly handled in the past
 * Windows hosts: fixed a regression which caused robocopy to fail
 * Linux hosts: properly create the /sbin/rcvboxdrv symbolic link (5.0.12
                regression)
 * Mac OS X hosts: several fixes for USB on El Capitan
 * Linux Additions: fixes for Linux 4.5

Full upstream changelog with bug IDs can be found at:

  https://www.virtualbox.org/wiki/Changelog

The reason I was reluctant to merge this before were these symbol lookup
errors:

  vboxsf: Unknown symbol VBoxGuest_RTMemTmpFree (err 0)
  vboxsf: Unknown symbol VBoxGuestIDCCall (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTSemFastMutexRequest (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTSemFastMutexRelease (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTLogRelGetDefaultInstanceEx (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTErrConvertToErrno (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTSemFastMutexCreate (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTSemFastMutexDestroy (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTMemContFree (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTSemMutexRelease (err 0)
  vboxsf: Unknown symbol VBoxGuestIDCOpen (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTAssertShouldPanic (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTMemContAlloc (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTSemMutexRequest (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTSemMutexCreate (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTMemTmpAllocTag (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTSemMutexDestroy (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTAssertMsg1Weak (err 0)
  vboxsf: Unknown symbol VBoxGuestIDCClose (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTAssertMsg2Weak (err 0)

However, after testing it against 5.0.12, the same errors occur there as
well, so it is likely related to our VM tests.
2016-03-01 03:36:44 +01:00
Robin Gloster
3b4765c9e5 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-02-28 16:32:57 +00:00
zimbatm
69ce5cb656 use the sourceforge mirrors everywhere
find pkgs -name "*.nix" -exec sed -r \
    "s|https?://downloads.sourceforge.net/|mirror://sourceforge/|g" -i {} \;
2016-02-28 12:07:42 +00:00
Franz Pletz
6b20b7c4d7 qemu: 2.4.1 -> 2.5.0 (multiple CVEs)
https://lwn.net/Vulnerabilities/666755/
2016-02-27 17:53:22 +01:00
Lancelot SIX
0467a17858 pythonPackages.sqlalchemy: follows upstream, sqlalchemy7 for lecagy
This makes pythonPackages.sqlalchemy the most up to date revision (it
was called sqlalchemy_1_0 before), and maintains the various “legacy”
versions available as pythonPackages.sqlalchemyX for X in {7,8,9}.

All derivations that required `sqlalchemy_1_0` now require `sqlalchemy`
while those that required `sqlalchemy` now require `sqlalchemy7`.

The derivations are not changed, only the attribute names they are
bound to.
2016-02-27 12:11:12 +01:00
Robin Gloster
3477e662e6 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-02-27 00:08:08 +00:00
Frederik Rietdijk
4d06bf70f4 buildPythonApplication: use new function for Python applications 2016-02-19 13:16:41 +01:00
Herwig Hochleitner
bd3ca11e0d virtualbox: 5.0.12 -> 5.0.14 2016-02-16 21:59:11 +01:00
Vladimír Čunát
d039c87984 Merge branch 'master' into closure-size 2016-02-14 08:33:51 +01:00
Robin Gloster
a53bd9daa8 xen: turn off pic hardening 2016-02-11 01:44:23 +00:00
Robin Gloster
63d4e59add seabios: turn off pic and stackprotector hardening 2016-02-10 23:27:37 +00:00
Robin Gloster
e264f1077b bochs: turn off format hardening 2016-02-09 10:29:34 +00:00
Robin Gloster
82daf82e61 xen: turn off fortify 2016-02-09 01:10:57 +00:00
Robin Gloster
5b535580fd cbfstool: turn off fortify 2016-02-09 01:00:21 +00:00
Robin Gloster
2f1567ad33 OVMF: no stackprotector/pic/fortify hardening 2016-02-08 23:18:03 +00:00
Robin Gloster
859a150373 linuxPackages.virtualboxGuestAdditions: no pic hardening 2016-02-07 22:45:28 +00:00
Robin Gloster
9229e9c656 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-02-07 11:17:57 +00:00
Cole Mickens
14dfebd364 rkt: reset stage1 to rkt's recommended version 2016-02-05 11:18:12 -08:00
Arseniy Seroka
50f94c2751 Merge pull request #12831 from colemickens/rkt-1.0.0
rkt 0.15.0 -> 1.0.0 + trousers
2016-02-05 17:32:45 +03:00
Cole Mickens
34f59ae390 rkt 0.15.0 -> 1.0.0 + trousers 2016-02-04 22:52:55 -08:00
Cole Mickens
712eb6b7e0 docker 1.9.1 -> 1.10.0 2016-02-04 22:52:06 -08:00
Vladimír Čunát
54299b60c4 Merge #12779: Mass replace pkg}/bin-style strings
... to refer to correct outputs
2016-02-03 17:25:22 +01:00