Commit Graph

211201 Commits

Author SHA1 Message Date
Vladimír Čunát
3c46f9d63b
Merge #79052: libxml2: patch for CVE-2020-7595
... into staging
2020-02-02 09:58:01 +01:00
worldofpeace
50ac34e3e9
Merge pull request #78997 from worldofpeace/nm-1.22.6
networkmanager: 1.22.4 -> 1.22.6
2020-02-01 19:16:00 -05:00
Andrew Dunham
147f32ac2b libxml2: add patch for CVE-2020-7595 2020-02-01 15:23:47 -08:00
worldofpeace
f025935dc6 networkmanager: reorganize directory
This was a bit of a mess.
2020-02-01 17:19:47 -05:00
worldofpeace
6aa47aa042 networkmanager: 1.22.4 -> 1.22.6
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/blob/1.22.6/NEWS
2020-02-01 17:16:02 -05:00
Bas van Dijk
5ff1a53a32
Merge pull request #78769 from basvandijk/staging-perlPackages.TimeDate/use-fetchpatch
perlPackages.TimeDate: use fetchpatch instead of storing the patch
2020-02-01 11:05:58 +01:00
worldofpeace
230edccf3a
Merge pull request #78934 from worldofpeace/pygobject-updates
python3Packages.pygobject3: 3.32.1 -> 3.34.0, python3Packages.pyatspi: 2.32.1 -> 2.34.0
2020-01-31 17:39:04 -05:00
worldofpeace
988d70bac5 python3Packages.pyatspi: 2.32.1 -> 2.34.0
https://gitlab.gnome.org/GNOME/pyatspi2/blob/PYATSPI_2_34_0/NEWS
2020-01-31 17:38:25 -05:00
worldofpeace
a18f9d1fad python3Packages.pygobject3: 3.32.1 -> 3.34.0
https://gitlab.gnome.org/GNOME/pygobject/blob/3.34.0/NEWS
2020-01-31 17:38:25 -05:00
worldofpeace
356e228e74
Merge pull request #78799 from chkno/gnupatch-patches-in-tree
gnupatch: Don't fetch from cgit URLs with unstable hashes
2020-01-31 17:36:45 -05:00
Daiderd Jordan
9078ca6c01
Merge pull request #78820 from kirelagin/macos-gettext-warn
gettext: Add macOS warning patch
2020-01-31 22:34:43 +01:00
Daiderd Jordan
6f38c93e3c
Merge pull request #77632 from LnL7/darwin-macos-version-min
stdenv: make darwin builds reproducable
2020-01-31 22:34:20 +01:00
Daiderd Jordan
68513e4071
cmake: move CMAKE_OSX_ARCHITECTURES out of the stdenv
This was initially introduced in 92188d9d17,
not clear how relevant this still is but i686 isn't supported anymore so
disable it explicitly.
2020-01-31 21:52:13 +01:00
Daiderd Jordan
b984c227d2
cmake: remove CMAKE_OSX_DEPLOYMENT_TARGET overrides
We _do_ want minimum versions in our packages.
2020-01-31 21:52:12 +01:00
Daiderd Jordan
9b579843d4
treewide: use stdenv.macosVersionMin 2020-01-31 21:52:12 +01:00
Daiderd Jordan
6567823996
stdenv: introduce appleSdkVersion and macosVersionMin 2020-01-31 21:52:11 +01:00
Daiderd Jordan
a826b49c97
stdenv: make darwin builds reproducable
Fixes #21629

Passing these extra linker flags removes both the semi-random uuid
included in most binaries as well as making the sdk version consistent
instead of based on the current os version.

    Load command 8
         cmd LC_UUID
     cmdsize 24
        uuid 70FAF921-5DC8-371C-B814-4F121FADFDF4

    Load command 9
          cmd LC_VERSION_MIN_MACOSX
      cmdsize 16
      version 10.12
          sdk 10.13

The -macosx_version_min flag isn't strictly necessary since that's
already handled by MACOSX_DEPLOYMENT_TARGET.
2020-01-31 21:52:07 +01:00
Kirill Elagin
c0d1f26d42 gettext: Remove the rebuild optimisation hack 2020-01-31 15:49:26 -05:00
Kirill Elagin
d9e4fc31ea gettext: Add macOS warning patch
gettext 0.20 fixed a bug with handling locale on macOS, but this caused
it to report an annoying warning on systems where “language”
differs from “region”. See Homebrew issue for details:
<https://github.com/Homebrew/homebrew-core/issues/41139>.

Add upstream patch that has not been released yet.
Details:
<https://www.mail-archive.com/bug-gnulib@gnu.org/msg36768.html>.
2020-01-30 21:22:32 -05:00
Jan Tojnar
16ffc74a32
Merge pull request #71557 from r-ryantm/auto-update/enchant
enchant: 2.2.5 -> 2.2.7
2020-01-31 02:35:35 +01:00
worldofpeace
89cf4af145
Merge pull request #73027 from colemickens/nixpkgs-libxkbcommon
libxkbcommon: 0.8.4 -> 0.10.0
2020-01-30 19:37:39 -05:00
worldofpeace
fcbb4fad66
Merge pull request #78832 from colemickens/nixpkgs-mesa
mesa: 19.3.2 -> 19.3.3
2020-01-30 18:33:04 -05:00
Frederik Rietdijk
a874f10056 Merge staging-next into staging 2020-01-31 00:17:03 +01:00
Frederik Rietdijk
5cc0468a20 Merge staging into staging-next 2020-01-31 00:16:31 +01:00
Frederik Rietdijk
035bbb336a Merge master into staging-next 2020-01-31 00:16:20 +01:00
Alyssa Ross
6ea79d2707 nixos/doc: add Mailman release notes for 20.03 2020-01-30 23:14:45 +00:00
Alyssa Ross
0167eb303f nixos/mailman: make mailman package configurable
This will allow users to provide other archiver plugins than the
default mailman-hyperkitty.
2020-01-30 23:14:45 +00:00
Alyssa Ross
8f4fd4d9f5 nixos/mailman: restart services when config changed 2020-01-30 23:14:45 +00:00
Alyssa Ross
881dd9963f mailman-web: use upstream, improve NixOS module
Previously, some files were copied into the Nixpkgs tree, which meant
we wouldn't easily be able to update them, and was also just messy.

The reason it was done that way before was so that a few NixOS
options could be substituted in.  Some problems with doing it this way
were that the _package_ changed depending on the values of the
settings, which is pretty strange, and also that it only allowed those
few settings to be set.

In the new model, mailman-web is a usable package without needing to
override, and I've implemented the NixOS options in a much more
flexible way.  NixOS' mailman-web config file first reads the
mailman-web settings to use as defaults, but then it loads another
configuration file generated from the new services.mailman.webSettings
option, so _any_ mailman-web Django setting can be customised by the
user, rather than just the three that were supported before.  I've
kept the old options, but there might not really be any good reason to
keep them.
2020-01-30 23:14:45 +00:00
Alyssa Ross
a8538a73a7 mailman: init package for Mailman CLI
We already had python3Packages.mailman, but that's only really usable
as a library.  The only other option was to create a whole Python
environment, which was undesirable to install as a system-wide
package.
2020-01-30 23:14:45 +00:00
Alyssa Ross
8d9636e092 nixos/mailman: don't set Postfix hashes
It's likely that a user might want to set multiple values for
relay_domains, transport_maps, and local_recipient_maps, and the order
is significant.  This means that there's no good way to set these
across multiple NixOS modules, and they should probably all be set
together in the user's Postfix configuration.

So, rather than setting these in the Mailman module, just make the
Mailman module check that the values it needs to occur somewhere, and
advise the user on what to set if not.
2020-01-30 23:14:45 +00:00
Alyssa Ross
db0a3712bb nixos/mailman: support running through uwsgi 2020-01-30 23:14:45 +00:00
Alyssa Ross
bc8eece849 python3.pkgs.mailman-hyperkitty: HTTPS homepage 2020-01-30 23:14:45 +00:00
Alyssa Ross
f254fb9d89 python3Packages.mailmanclient.meta: HTTPS homepage 2020-01-30 23:14:45 +00:00
Alyssa Ross
c397d1909f nixos/mailman: don't keep secrets in the Nix store
This replaces all Mailman secrets with ones that are generated the
first time the service is run.  This replaces the hyperkittyApiKey
option, which would lead to a secret in the world-readable store.
Even worse were the secrets hard-coded into mailman-web, which are not
just world-readable, but identical for all users!

services.mailman.hyperkittyApiKey has been removed, and so can no
longer be used to determine whether to enable Hyperkitty.  In its
place, there is a new option, services.mailman.hyperkitty.enable.  For
consistency, services.mailman.hyperkittyBaseUrl has been renamed to
services.mailman.hyperkitty.baseUrl.
2020-01-30 23:14:45 +00:00
Alyssa Ross
112fa077b1 nixos/mailman: siteOwner default -> example
A default of example.com is useful to nobody.  The correct value of
this depends on the system.
2020-01-30 23:14:45 +00:00
Alyssa Ross
547b91b971 nixos/mailman: add webUser option
Not everybody is using Apache.
2020-01-30 23:14:45 +00:00
worldofpeace
30bfbe7e81
Merge pull request #76157 from worldofpeace/port-gnome3-test
nixosTests.gnome3: port to python
2020-01-30 18:10:08 -05:00
worldofpeace
7651fcfe48 nixosTests.gnome3: wait_for_wayland at login
This prevents the default.target check from just failing.
Blaming it on using systemctl in wait_for_unit (and it's particularly
buggy for user units).
2020-01-30 17:51:01 -05:00
worldofpeace
9888b30924 nixosTests.gnome3: port to python 2020-01-30 17:51:00 -05:00
worldofpeace
ee2d307ef7
Merge pull request #78841 from worldofpeace/fix-typo-rl2003
rl-2003: fix typo
2020-01-30 17:49:21 -05:00
Chuck
2327204ad0 gnupatch: Don't fetch from cgit URLs with unstable hashes
cgit cannot serve patches with stable hashes, so store these patches
in-tree.  cgit community discussion about this problem:
https://lists.zx2c4.com/pipermail/cgit/2017-February/003470.html

We pull the patches in-tree rather than strip cgit footers with fetchpatch
because per https://github.com/NixOS/nixpkgs/pull/61471#issuecomment-493218587
dependencies of fetchpatch cannot use fetchpatch.

Verification that the only difference between the live page, the
patch committed here, and the version cached under the old hash at
tarballs.nixos.org is the cgit version footer:

$ curl -s -L http://tarballs.nixos.org/sha256/"$(nix-hash --type sha256 --to-base16 0iw0lk0yhnhvfjzal48ij6zdr92mgb84jq7fwryy1hdhi47hhq64)" > Allow_input_files_to_be_missing_for_ed-style_patches.patch
$ diff -U0 --label cgit-live <( curl -s -L https://git.savannah.gnu.org/cgit/patch.git/patch/?id=b5a91a01e5d0897facdd0f49d64b76b0f02b43e1 ) Allow_input_files_to_be_missing_for_ed-style_patches.patch
--- cgit-live
+++ Allow_input_files_to_be_missing_for_ed-style_patches.patch  2020-01-29 17:22:00.077312937 -0800
@@ -32 +32 @@
-cgit v1.2.1
+cgit v1.0-41-gc330

$ curl -s -L http://tarballs.nixos.org/sha256/"$(nix-hash --type sha256 --to-base16 1bpy16n3hm5nv9xkrn6c4wglzsdzj3ss1biq16w9kfv48p4hx2vg)" > CVE-2018-1000156.patch
$ diff -U0 --label cgit-live <( curl -s -L https://git.savannah.gnu.org/cgit/patch.git/patch/?id=123eaff0d5d1aebe128295959435b9ca5909c26d ) CVE-2018-1000156.patch
--- cgit-live
+++ CVE-2018-1000156.patch      2020-01-29 17:23:41.021116969 -0800
@@ -210 +210 @@
-cgit v1.2.1
+cgit v1.0-41-gc330
2020-01-30 14:23:33 -08:00
Tim Steinbach
79713f8a90
oh-my-zsh: 2020-01-04 -> 2020-01-30 2020-01-30 16:41:13 -05:00
Tim Steinbach
04e684d4e7
jenkins: 2.204.1 -> 2.204.2 2020-01-30 16:41:12 -05:00
Tim Steinbach
38854fa22c
linux: 5.4.15 -> 5.4.16 2020-01-30 16:41:12 -05:00
Tim Steinbach
586fd9a43a
linux: 4.9.211 -> 4.9.212 2020-01-30 16:41:12 -05:00
Tim Steinbach
53c76abcae
linux: 4.4.211 -> 4.4.212 2020-01-30 16:41:12 -05:00
Tim Steinbach
104287202b
linux: 4.19.98 -> 4.19.100 2020-01-30 16:41:11 -05:00
Tim Steinbach
713b0ec29a
linux: 4.14.167 -> 4.14.169 2020-01-30 16:41:11 -05:00
Franz Pletz
5a07f8ba2d
minetest: 5.1.0 -> 5.1.1 2020-01-30 22:35:35 +01:00