Commit Graph

109847 Commits

Author SHA1 Message Date
Will Dietz
1e9a9ba149 creduce: 2.6.0 -> 2.7.0, now uses LLVM 4 2017-06-22 07:47:53 -05:00
aszlig
9c57f3b5c0
python-modules/trezor: Fix build
Regression introduced by 76beb08313.

With version 0.7.15 a few additional dependencies are needed by trezor,
mainly a newer version of protobuf bindings and requests.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @np
2017-06-22 14:29:25 +02:00
Jörg Thalheim
5041df4411 doc/languages-frameworks/vim: add custom vimrc & packages 2017-06-22 13:25:03 +01:00
rnhmjoj
d8027bd9c4
pythonPackages.pygraphviz: fix build 2017-06-22 13:33:30 +02:00
Domen Kožar
bb9e23837a
haskellPackages: make configuration-{nix,common}.nix configurable
The motivation is to be able to get rid of common configuration
when initial packages differs since common configuration assumes
a very specific version set.

cc @jmitchell @peti
2017-06-22 13:25:53 +02:00
Joachim Schiele
3d52203ab2 sshd.nix: Added nixops usage warning of openssh.authorizedKeys.keys usage 2017-06-22 11:50:09 +02:00
Eric Bailey
505508a813 Update BEAM docs
Improve beam docs:
 * correct spelling
 * update per pandoc changes
 * capitalize titles
 * capitalize BEAM throughout and use "the BEAM" when referring to the virtual machine.
 * tweak grammar and phrasing
 * reformat build-tools-rebar3 section
 * add more links
 * re-wrap <para>s

Also update <programlisting>s
* normalize whitespace
* don't double quote homepage
* use $ in all shell snippets
2017-06-22 11:32:46 +02:00
Jörg Thalheim
f12006bd96 hound: 20160919 -> 20170324 2017-06-22 10:03:10 +01:00
Michael Raskin
a06c5123b3 Merge pull request #26759 from lsix/update_unifont
unifont: 9.0.06 -> 10.0.01
2017-06-22 09:28:00 +02:00
Michael Raskin
744bdac78e Re-add iolib subsystems 2017-06-22 09:31:41 +02:00
David Izquierdo
aa2b643e4b tdesktop: 1.0.27 -> 1.1.7 2017-06-22 09:20:51 +02:00
Jörg Thalheim
3e430a8ee5 dale: fix linking against llvm libs 2017-06-22 08:14:34 +01:00
Lancelot SIX
95c98b9bf5
unifont: 9.0.06 -> 10.0.01
See http://lists.gnu.org/archive/html/info-gnu/2017-06/msg00009.html
for release information
2017-06-22 09:03:23 +02:00
Frederik Rietdijk
f25720cacb python.pkgs.pylint: fix build on python2, fixes #26745 2017-06-22 07:46:30 +02:00
Frederik Rietdijk
8f45ee77ac Merge pull request #26751 from orivej/python-dogpile-cache
python-dogpile-cache: do not depend on dogpile_core
2017-06-22 07:24:19 +02:00
aszlig
bcaf2f6dbe
nixos/tests/sddm: Fix detecting login screen
Tesseract seems to have a hard time detecting the "ALICE FOOBAR" text,
so let's match on "Select your user and enter password" instead.

Ran the test on x86_64-linux and it now succeeds.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-06-22 06:26:08 +02:00
aszlig
4007ee974c
vlock: Don't try to install setuid binary
With newer Nix it's (fortunately) no longer possible to create a file
with setuid bits, even though the permissions are fixed later the build
will fail during installPhase already.

I've verified whether the contents of the output path are the same as
before this change and the contents match.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-06-22 04:01:27 +02:00
aszlig
7a99036cef
nixos/release-combined: Add keymap tests
We really want to break channel updates whenever we break something like
this, because this actually will hit machines out there and can be very
much annoying (we had broken keymaps a few times which is why I
introduced these tests in the first place).

Just to be sure I don't break channel updates with this commit, I ran
all of the keymap tests and they all succeeded.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-06-22 03:33:35 +02:00
aszlig
44c64fef16
nixos/xserver: Improve checking keyboard layout
Enumerating the symbols directory doesn't include variants, so we're now
basically doing what "localectl list-x11-keymap-layouts" does but we use
sed instead.

The reason I'm not using localectl directly is because the path to
rules/base.lst is hardcoded in the systemd source.

Of course, the XKB specification allows for much more complicated rules,
but at least this should cover the most basic ones including variants.

So the sed expression itself is just for listing the available layouts
and variants and we use a grep with -xF to match only full lines without
interpreting regular expressions.

This should again allow to set "dvorak" as the layout option.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @lheckemann
Fixes: #25526
2017-06-22 03:24:28 +02:00
Franz Pletz
c3a8595276
cc-wrapper: fix darwin
Clang doesn't support -fstack-check=specific, only -fstack-check. Still a
noop, though.
2017-06-22 02:44:04 +02:00
Franz Pletz
bf08c50cbc
cli53: fix eval 2017-06-22 02:00:10 +02:00
Will Dietz
a3b2ccb7b4 upx: 3.93 -> 3.94
* Use release tarball
* Cleanup a bit
2017-06-21 18:54:10 -05:00
Franz Pletz
196bf8b0c7 Merge pull request #26750 from mayflower/fix/stack-clash-hardening
Mitigate Stack Clash
2017-06-22 01:53:14 +02:00
Franz Pletz
5e2df7039d
libmicrohttpd: 0.9.53 -> 0.9.55 2017-06-22 01:34:18 +02:00
Franz Pletz
0977c17f83
sqlite3: 3.19.2 -> 3.19.3 2017-06-22 01:33:55 +02:00
aszlig
7c0f6f4be5
pyopenssl: 16.2.0 -> 17.0.0 and fix tests
Upstream changes:

 * Added OpenSSL.X509Store.set_time() to set a custom verification time
   when verifying certificate chains. pyca/pyopenssl#567
 * Added a collection of functions for working with OCSP stapling. None
   of these functions make it possible to validate OCSP assertions, only
   to staple them into the handshake and to retrieve the stapled
   assertion if provided. Users will need to write their own code to
   handle OCSP assertions. We specifically added:
   Context.set_ocsp_server_callback, Context.set_ocsp_client_callback,
   and Connection.request_ocsp. pyca/pyopenssl#580
 * Changed the SSL module's memory allocation policy to avoid zeroing
   memory it allocates when unnecessary. This reduces CPU usage and
   memory allocation time by an amount proportional to the size of the
   allocation. For applications that process a lot of TLS data or that
   use very lage allocations this can provide considerable performance
   improvements. pyca/pyopenssl#578
 * Automatically set SSL_CTX_set_ecdh_auto() on OpenSSL.SSL.Context.
   pyca/pyopenssl#575
 * Fix empty exceptions from OpenSSL.crypto.load_privatekey().
   pyca/pyopenssl#581

The full upstream changelog can be found at:

https://pyopenssl.readthedocs.io/en/17.0.0/changelog.html

I've also added a patch from pyca/pyopenssl#637 in order to fix the
tests, which was the main reason for the version bump because that patch
won't apply for 16.2.0.

According to the upstream changelog there should be no
backwards-incompatible changes, but I've tested building against some of
the packages depending on pyopenssl anyway. Regardless of this, the
build for pyopenssl fails right now anyway, so the worst that could
happen via this commit would be that we break something that's already
broken.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-06-22 01:30:10 +02:00
mimadrid
4d93d257f7 sqlite3: 3.17.0 -> 3.19.2 2017-06-22 01:24:31 +02:00
Profpatsch
5cbc6ca9bb lib/generators: put more information in toPretty lambdas
With `builtins.functionArgs` we can get some information if the first argument
is an attrset and whether the contained fields have default values. Encode that
into the pretty-printed lambda.
2017-06-22 00:58:59 +02:00
Profpatsch
feb8cbdc38 lib/debug: traceSeqN & traceSeqValN
Strict trace functions that only go down to a specified depth.
Handy to get a better picture and prevent infinite recursions.
2017-06-22 00:58:59 +02:00
Profpatsch
b1ffe5e4c0 lib/generators: toPretty
`toPretty` implements a pretty printer for nix values.
2017-06-22 00:58:59 +02:00
Franz Pletz
2296bf394e
glibc: patch CVE-2017-1000366 (stack clash) 2017-06-22 00:44:35 +02:00
Franz Pletz
aab71b31d5
linux: patch CVE-2017-1000364 (stack clash) 2017-06-22 00:44:28 +02:00
Franz Pletz
16aa92305b
exim: patch CVE-2017-1000369 (stack clash) 2017-06-22 00:44:05 +02:00
Franz Pletz
6a850d2b11
coreutils: fix tests depending on setuid/setgid bits 2017-06-22 00:41:53 +02:00
Franz Pletz
4150f5e8ba
cc-wrapper: add stackcheck hardening (stack clash)
This fixes the Stack Clash issue rediscovered by Qualys. See
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
for more information on the topic, specifically section III.

We don't have the kernel mitigation available because it is a Grsecurity
feature which we don't support anymore. Other distributions like Gentoo
Hardened and Arch already have `-fstack-check` enabled by default.

See the Gentoo page on Stack Clash for more information on this solution:
https://wiki.gentoo.org/wiki/Hardened/Gentoo_Hardened_and_Stack_Clash

This unfortunately doesn't apply to clang because `-fstack-check` is a
noop there. Note that the GCC implementation also has problems that could
be exploited to circumvent these checks but it is still better than
keeping it disabled.
2017-06-22 00:41:53 +02:00
Franz Pletz
6338c50a84
Merge branch 'master' into staging 2017-06-22 00:41:25 +02:00
Franz Pletz
29a485a8cd
libev: 4.22 -> 4.24 2017-06-22 00:38:44 +02:00
Franz Pletz
5389caab83
utillinux: 2.29.2 -> 2.30 2017-06-22 00:38:44 +02:00
Franz Pletz
dd3f2e648a
linux_hardened_copperhead: init at 4.11.6.c 2017-06-21 23:49:00 +02:00
Franz Pletz
febe37a24a
webkitgtk: 2.16.3 -> 2.16.4 for multiple CVEs
Fixes:

  * CVE-2017-2538
  * CVE-2017-2424

See https://webkitgtk.org/security/WSA-2017-0005.html
2017-06-21 23:49:00 +02:00
Daiderd Jordan
7469eb9fed
stress: enable on darwin 2017-06-21 23:26:43 +02:00
Graham Christensen
dd265313e7 Merge pull request #26736 from grahamc/improve-nixos-test-debug
Improve nixos test debug
2017-06-21 17:26:18 -04:00
Michael Raskin
bc47794ab5 quicklispPackages: update
Escape things by default in derivation names (i.e. digit cannot be the
first character etc.)

Update Quicklisp (tracking upstream); list new missing dependencies

Add some minimal README about ql-to-nix
2017-06-21 22:17:48 +02:00
Volth
bf5c57e1b8 jetbrains.{ruby-mine,webstorm,datagrip,phpstorm}: 2017.1 -> 2017.1.4 2017-06-21 19:35:02 +00:00
Orivej Desh
03a6297b6c python-dogpile-cache: do not depend on dogpile_core 2017-06-21 18:44:42 +00:00
Martin Wohlert
80ace7383d libopus: 1.1.5 -> 1.2
> http://opus-codec.org/release/stable/2017/06/20/libopus-1_2.html

Changes since 1.1.x include:

- Speech quality improvements especially in the 12-20 kbit/s range
- Improved VBR encoding for hybrid mode
- More aggressive use of wider speech bandwidth, including fullband speech starting at 14 kbit/s
- Music quality improvements in the 32-48 kb/s range
- Generic and SSE CELT optimizations
- Support for directly encoding packets up to 120 ms
- DTX support for CELT mode
- SILK CBR improvements
- Support for all of the fixes in draft-ietf-codec-opus-update-06 (the mono downmix and the folding fixes need --enable-update-draft)
- Many bug fixes, including integer wrap-arounds discovered through fuzzing (no security implications)
2017-06-21 18:27:01 +02:00
Jörg Thalheim
e89e96a755 linux_4_11: renable CONFIG_UPROBE_EVENTS
CONFIG_UPROBE_EVENT was renamed to CONFIG_UPROBE_EVENTS.
2017-06-21 17:16:46 +01:00
Domen Kožar
7bd918b364
hydra-evaluator: depend on jq 2017-06-21 15:35:07 +02:00
Domen Kožar
be4a4ef701
hydra: 2017-04-26 -> 2017-06-21 2017-06-21 15:30:02 +02:00
Yann Hodique
0d72dfdcdf hugo: fix github repo owner 2017-06-21 06:13:31 -07:00