Commit Graph

168443 Commits

Author SHA1 Message Date
Jörg Thalheim
31188d75ef
Merge pull request #55419 from worldofpeace/polkit-CVE-2019-6133
polkit: fix CVE-2019-6133
2019-02-08 08:04:39 +00:00
Domen Kožar
9bffdaa1b7
Merge pull request #55421 from grahamc/ninjarepro
ninja: make reproducible
2019-02-08 13:37:09 +07:00
worldofpeace
3abe344987
ninja: Add comment explaining the consistent ID patch
Co-Authored-By: grahamc <graham@grahamc.com>
2019-02-07 18:26:51 -05:00
worldofpeace
7da64c9fbe polkit: fix CVE-2019-6133
Jann Horn of Google found that Polkit doesn't properly check
if a process is already authenticated, which can lead to an
authentication reuse by a different user[0]. See also [1]

Closes #55391

[0]: https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
[1]: https://gitlab.freedesktop.org/polkit/polkit/issues/75
2019-02-07 18:07:08 -05:00
Graham Christensen
21cdf28a83
ninja: make reproducible
See https://github.com/ninja-build/ninja/pull/1529
2019-02-07 18:04:59 -05:00
Averell Dalton
91aeda1432 python: sysconfig: fix paths 2019-02-07 18:52:08 +01:00
Andrew Dunham
274afc4932 go: build each package single-threaded (#53390)
I noticed that I was seeing the Go compiler build things in parallel even when I'd set `-j1 --cores 1`. It appears that the compiler, by default, uses the number of CPUs that are available to perform a build, while nixpkgs parallelizes at the directory level.

In order to change the fewest assumptions, this explicitly tells the Go compiler to run single-threaded. The flag's documentation is:

```
-p n
	the number of programs, such as build commands or
	test binaries, that can be run in parallel.
	The default is the number of CPUs available.
```

So this should function as expected. Feedback appreciated!
2019-02-07 14:39:53 +00:00
Graham Christensen
3e3e7379cd
Merge pull request #55373 from grahamc/keyutils
keyutils: patch out unreproducibility
2019-02-07 07:21:26 -05:00
Graham Christensen
1bcbbe08e4
keyutils: patch out unreproducibility 2019-02-06 22:20:16 -05:00
Andreas Rammhold
2d381653e2
Merge pull request #55174 from dtzWill/update/rhash-1.3.8
rhash: 1.3.6 -> 1.3.8
2019-02-06 11:40:02 +01:00
Eelco Dolstra
e3c36178fe
Merge pull request #55158 from grahamc/reproducible-perl
perl: make reproducible
2019-02-04 15:32:47 +01:00
Graham Christensen
df8b6728a8
perl: make reproducible
Perl likes to capture impure data, needlessly.

 - Configure time (cf_time): make 1 second past epoch
 - Target system (uname): use less uname information
2019-02-04 09:10:22 -05:00
Will Dietz
994c3eaec8 rhash: run functional tests not consistency of source dist :) 2019-02-04 01:49:02 -06:00
Will Dietz
bffabe5de1 rhash: 1.3.6 -> 1.3.8
https://github.com/rhash/RHash/releases/tag/v1.3.8
https://github.com/rhash/RHash/releases/tag/v1.3.7
2019-02-04 01:49:02 -06:00
worldofpeace
2b344e6a74 pantheon.elementary-videos: remove comment 2019-02-03 16:10:36 -05:00
worldofpeace
a45eb67711 pantheon.elementary-capnet-assist: 2.2.2 -> 2.2.3 2019-02-03 16:10:36 -05:00
worldofpeace
97af256e5e pantheon.elementary-screenshot-tool: 1.6.0 -> 1.6.1 2019-02-03 16:10:35 -05:00
worldofpeace
14a5549e70 pantheon.elementary-files: 4.1.3 -> 4.1.4 2019-02-03 16:10:35 -05:00
Franz Pletz
97507ffc8b
Merge pull request #55046 from FlorianFranzen/cmake_no_pkg_reg
cmake: disable package registry
2019-02-03 08:32:43 +00:00
Timo Kaufmann
33db01e6d9
sage: add compatibility for sphinx 1.8.3 (#55078)
Since https://github.com/NixOS/nixpkgs/pull/48841 was replaced by
https://github.com/NixOS/nixpkgs/pull/54186, this needs to be done
separately.
2019-02-02 13:02:07 +01:00
Will Dietz
b6e50b3a3c
Merge pull request #55008 from dtzWill/update/ninja-1.9.0
ninja: 1.8.2 -> 1.9.0
2019-02-02 00:58:59 -06:00
Will Dietz
d0fbcdbf3f
Merge pull request #55021 from dtzWill/update/inkscape-0.92.4
inkscape: 0.92.3 -> 0.92.4
2019-02-02 00:57:18 -06:00
Dmitry Kalinkin
4094aa3b3c
Merge pull request #50773 from veprbl/pr/epoxy153
epoxy: 1.5.2 -> 1.5.3
2019-02-01 17:41:39 -05:00
Jan Tojnar
d42ef371c9
Merge pull request #54909 from tollb/fix/wrap-gapps-hook_unnecessary_symlink_wrap
wrap-gapps-hook.sh: only wrap links when required
2019-02-01 14:20:37 +01:00
Vladimír Čunát
f55f45f273
pantheon, aliases: remove remaining gst-ffmpeg
This fixes evaluation.  I'm not sure why pantheon.elementary-videos
was mixing gst 1 with old gst-ffmpeg.
/cc #48637, #50220.
2019-02-01 09:43:57 +01:00
Vladimír Čunát
8ba516664b
Merge branch 'staging-next' into staging 2019-02-01 09:42:53 +01:00
Vladimír Čunát
5effa4e0f9
Merge branch 'master' into staging-next
Comments on conflicts:
- llvm: d6f401e1 vs. 469ecc70 - docs for 6 and 7 say the default is
  to build all targets, so we should be fine
- some pypi hashes: they were equivalent, just base16 vs. base32
2019-02-01 09:22:29 +01:00
adisbladis
8f58e00226
vgo2nix: unstable-2018-12-02 -> unstable-2019-02-01 2019-02-01 06:19:15 +00:00
adisbladis
affee8aa47
go_1_9: Drop go 1.9
Unsupported by upstream
2019-02-01 06:19:14 +00:00
Will Dietz
d00ca4476c
Merge pull request #55019 from dtzWill/update/mesa-18.3.3
mesa: 18.3.2 -> 18.3.3
2019-01-31 22:48:34 -06:00
Will Dietz
1411a5f8de
Merge pull request #55012 from dtzWill/update/harfbuzz-2.3.1
harfbuzz: 2.3.0 -> 2.3.1
2019-01-31 22:47:16 -06:00
Domen Kožar
8b85a86023
nixops: 1.6 -> 1.6.1 2019-02-01 11:39:58 +07:00
Herwig Hochleitner
f7165b2ad6 i2p: 0.9.37 -> 0.9.38 2019-02-01 03:56:15 +01:00
Bruce Toll
bbb2f93cee wrap-gapps-hook.sh: only wrap links when required
Unless dontWrapGapps is set, the wrap-gapps-hook.sh will currently
wrap all executables (and symbolic links to executables) found under
the target directories: bin and libexec.

As a result, if a symbolic link in a target directory points to an
executable in a target directory, both will get wrapped.  This
causes an extra shell/exec when following the symbolic link,
as well as increasing the size of the final executable's environment.

To avoid wrapping a link to an already wrapped executable, this
commit splits the determination of what gets wrapped into two phases:

1. All binaries under the target directories are wrapped and logged
   with "Wrapping program ..."

2. All links to executables under the target directories are
   identified and checked to see if they reference an executable
   under one of the target directories.

   If yes, the required wrapping has already been performed on
   the associated binary (in phase 1), so no wrapping is done
   and "Not wrapping link: ... (already wrapped)" is logged.

   If no, the link points at an executable that hasn't been
   wrapped, so the link is wrapped and "Wrapping link: ..." is logged.

As an example, the yelp package has a bin directory that contains
an executable "yelp" and a symbolic link "gnome-help" -> "yelp".

Prior to this commit, the bin directory would contain these files
after wrapping:

  gnome-help          -- wrapper to exec .gnome-help-wrapped
  .gnome-help-wrapped -- a symbolic link to yelp
  yelp                -- wrapper to exec .yelp-wrapped
  .yelp-wrapped       -- the original yelp binary

After this commit, the bin directory will instead contain:

  gnome-help          -- a symbolic link to yelp
  yelp                -- wrapper to exec .yelp-wrapped
  .yelp-wrapped       -- the original yelp binary

NOTE: The primary motivation for this commit is to avoid obscuring
the fact that two or more paths are simple aliases and expected to
behave identically. It also reduces the likelihood of hitting
limits related to environment variable size.

LIMITATION: The method used above is intended to be conservative
and will still wrap symbolic links to other symbolic links when
the ultimate target is outside of bin or libexec.
2019-01-31 20:14:30 -05:00
Matthew Bauer
830879d4c4
cc-wrapper: set priority to 10 2019-01-31 20:07:55 -05:00
Will Dietz
c01c16f09a inkscape: 0.92.3 -> 0.92.4
https://inkscape.org/news/2019/01/17/inkscape-launches-version-0924/
2019-01-31 18:18:56 -06:00
Will Dietz
f69df75655 mesa: 18.3.2 -> 18.3.3
https://www.mesa3d.org/relnotes/18.3.3.html
2019-01-31 17:20:26 -06:00
Léo Gaspard
85ff56cdde
Merge branch 'pr-54933'
* pr-54933:
  redmine: 3.4.6 -> 3.4.8
2019-01-31 23:52:53 +01:00
Jan Tojnar
65e6d80ecd
Merge pull request #53425 from dtzWill/update/fwupd-1.2.3
fwupd: 1.2.1 -> 1.2.3

Co-authored-by: Jan Tojnar <jtojnar@gmail.com>
2019-01-31 23:22:38 +01:00
Jörg Thalheim
1321f17bc1
Merge pull request #54580 from plapadoo/gprof2dot-latest
gprof2dot: 2015-04-27 -> 2017-09-19
2019-01-31 21:50:39 +00:00
worldofpeace
3b61faf52b typora: 0.9.53 -> 0.9.64, remove electron blob
Also dropped the i386 archive.
2019-01-31 21:42:27 +00:00
Dmitry Kalinkin
c0d3182f79
Merge pull request #53585 from Scriptkiddi/litecli
litecli: init at 1.0.0
2019-01-31 16:05:30 -05:00
markuskowa
c3065c55d4
Merge pull request #54879 from markuskowa/upd-rdma-core
rdma-core: 21 -> 22
2019-01-31 21:57:24 +01:00
Dmitry Kalinkin
f3fe429d44
litecli: fix tests 2019-01-31 15:43:35 -05:00
Jörg Thalheim
e3f98419e1
Merge pull request #54535 from rvolosatovs/update/go
Go 1.10.8 and 1.11.5
2019-01-31 20:36:23 +00:00
Will Dietz
c2bb029133 harfbuzz: 2.3.0 -> 2.3.1
https://github.com/harfbuzz/harfbuzz/releases/tag/2.3.1
2019-01-31 14:16:27 -06:00
Michael Weiss
6190c120a6
lf: 8 -> 9 2019-01-31 21:04:13 +01:00
Alyssa Ross
2183d3167e
Merge commit 'refs/pull/53622/head' of https://github.com/NixOS/nixpkgs into staging 2019-01-31 20:00:30 +00:00
John Wiegley
7239ffcc3c
coqPackages.equations: 1.2-beta-8.9 for coq_8_9 2019-01-31 11:56:07 -08:00
Matthew Bauer
8020bd6869
Merge pull request #35884 from dtzWill/fix/man-in-outputsToInstall
default to including "man" in outputsToInstall
2019-01-31 14:55:12 -05:00