Unfortunately, the new version fails its test suite AGAIN when the recommended
packages are not build. Makes one wonder whether maybe we should offer the R
developers CI builds that check this. I've reported the issue upstream, let's
see what happens.
The package was originally broken as reported in #38940 and
facebook/osquery#4257. The latest version (3.x) contains several
important fixes for GCC 7, so now we can compile without a much less
complicated patches.
The following changes were needed to fix the derivation:
* Upgrade `osquery/third-party` to the latest rev to be compliant with
osquery 3.
* Keep using an override for the AWS SDK (for a lower closure size and
less compile time), but make the `ec2` API available.
* Added the dependencies `fpm`, `zstd`, `rdkafka`, `rapidjson` to the
build. `linenoise-ng` is obsolete as it's directly bundled with
`osquery/third-party`.
* Fixed the linking issue with `gflags` as recommended in the mailing
list: https://groups.google.com/d/msg/nix-devel/l1blj-mWxtI/J3CwPATBCAAJ
* Dropped the obsolete dependencies `cpp-netlib`, `lz4`, `apt` and
`devicemapper` (thanks @Infinisil).
* Override `OSQUERY_PLATFORM` to provide `nixos:version`
for sandbox and non-NixOS based builds. The `platform-nixos.patch`
file is now obsolete (thanks @flokli).
The patch was rebased against the 3.x branch of `osquery` and contains
mostly old changes. Additionally several testing targets were skipped as
they broke the build.
The functionality has been testing using the following command:
```
mkdir /tmp/osq.log/
./result/bin/osqueryd --pidfile /tmp/osq.pid \
--database_path /tmp/test.db --logger_path /tmp/osq.log
```
With the daemon running the database can be queried easily using
`./result/bin/osqueryi`.
Fixes ticket #38940
See ticket #36453
Further reference can be gathered from the affected Hydra logs for
the master branch: https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.osquery.x86_64-linux
Semi-automatic update. These checks were done:
- built on NixOS
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/optimize_local_ssd -h` got 0 exit code
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/optimize_local_ssd --help` got 0 exit code
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/optimize_local_ssd help` got 0 exit code
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/set_multiqueue -h` got 0 exit code
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/set_multiqueue --help` got 0 exit code
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/set_multiqueue help` got 0 exit code
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/set_multiqueue -V` and found version 20180129
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/set_multiqueue -v` and found version 20180129
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/set_multiqueue --version` and found version 20180129
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/set_multiqueue version` and found version 20180129
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/set_multiqueue -h` and found version 20180129
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/set_multiqueue --help` and found version 20180129
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/set_multiqueue help` and found version 20180129
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/.google_accounts_daemon-wrapped -h` got 0 exit code
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/.google_accounts_daemon-wrapped --help` got 0 exit code
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/google_accounts_daemon -h` got 0 exit code
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/google_accounts_daemon --help` got 0 exit code
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/.google_instance_setup-wrapped -h` got 0 exit code
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/.google_instance_setup-wrapped --help` got 0 exit code
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/google_instance_setup -h` got 0 exit code
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/google_instance_setup --help` got 0 exit code
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/.google_network_setup-wrapped -h` got 0 exit code
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/.google_network_setup-wrapped --help` got 0 exit code
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/google_network_setup -h` got 0 exit code
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/google_network_setup --help` got 0 exit code
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/.google_ip_forwarding_daemon-wrapped -h` got 0 exit code
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/.google_ip_forwarding_daemon-wrapped --help` got 0 exit code
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/.google_ip_forwarding_daemon-wrapped help` got 0 exit code
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/google_ip_forwarding_daemon -h` got 0 exit code
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/google_ip_forwarding_daemon --help` got 0 exit code
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/google_ip_forwarding_daemon help` got 0 exit code
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/.google_clock_skew_daemon-wrapped -h` got 0 exit code
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/.google_clock_skew_daemon-wrapped --help` got 0 exit code
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/.google_clock_skew_daemon-wrapped help` got 0 exit code
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/google_clock_skew_daemon -h` got 0 exit code
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/google_clock_skew_daemon --help` got 0 exit code
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/google_clock_skew_daemon help` got 0 exit code
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/.google_metadata_script_runner-wrapped -h` got 0 exit code
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/.google_metadata_script_runner-wrapped --help` got 0 exit code
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/google_metadata_script_runner -h` got 0 exit code
- ran `/nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129/bin/google_metadata_script_runner --help` got 0 exit code
- found 20180129 with grep in /nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129
- found 20180129 in filename of file in /nix/store/xxf54yjdmhkmsy5h0rrh985lygpi3sjv-google-compute-engine-20180129
only build on Linux
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/sabnzbd/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/rl41iqq34y5lbia598awnnr5zlqvn7p0-sabnzbd-2.3.3/bin/.sabnzbd-wrapped -h’ got 0 exit code
- ran ‘/nix/store/rl41iqq34y5lbia598awnnr5zlqvn7p0-sabnzbd-2.3.3/bin/.sabnzbd-wrapped --help’ got 0 exit code
- ran ‘/nix/store/rl41iqq34y5lbia598awnnr5zlqvn7p0-sabnzbd-2.3.3/bin/sabnzbd -h’ got 0 exit code
- ran ‘/nix/store/rl41iqq34y5lbia598awnnr5zlqvn7p0-sabnzbd-2.3.3/bin/sabnzbd --help’ got 0 exit code
- found 2.3.3 with grep in /nix/store/rl41iqq34y5lbia598awnnr5zlqvn7p0-sabnzbd-2.3.3
- directory tree listing: https://gist.github.com/06ad54e65a99a41896933852c69b59c1
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/sc-controller/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/d6a2kmmbi7lw8xq2yk7si8qd4af897lx-sc-controller-0.4.2/bin/scc -h’ got 0 exit code
- ran ‘/nix/store/d6a2kmmbi7lw8xq2yk7si8qd4af897lx-sc-controller-0.4.2/bin/scc --help’ got 0 exit code
- ran ‘/nix/store/d6a2kmmbi7lw8xq2yk7si8qd4af897lx-sc-controller-0.4.2/bin/scc help’ got 0 exit code
- ran ‘/nix/store/d6a2kmmbi7lw8xq2yk7si8qd4af897lx-sc-controller-0.4.2/bin/..scc-wrapped-wrapped -h’ got 0 exit code
- ran ‘/nix/store/d6a2kmmbi7lw8xq2yk7si8qd4af897lx-sc-controller-0.4.2/bin/..scc-wrapped-wrapped --help’ got 0 exit code
- ran ‘/nix/store/d6a2kmmbi7lw8xq2yk7si8qd4af897lx-sc-controller-0.4.2/bin/..scc-wrapped-wrapped help’ got 0 exit code
- ran ‘/nix/store/d6a2kmmbi7lw8xq2yk7si8qd4af897lx-sc-controller-0.4.2/bin/.scc-wrapped -h’ got 0 exit code
- ran ‘/nix/store/d6a2kmmbi7lw8xq2yk7si8qd4af897lx-sc-controller-0.4.2/bin/.scc-wrapped --help’ got 0 exit code
- ran ‘/nix/store/d6a2kmmbi7lw8xq2yk7si8qd4af897lx-sc-controller-0.4.2/bin/.scc-wrapped help’ got 0 exit code
- found 0.4.2 with grep in /nix/store/d6a2kmmbi7lw8xq2yk7si8qd4af897lx-sc-controller-0.4.2
- directory tree listing: https://gist.github.com/3f673ef175fbb295f67a2384aef61ede
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/urh/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/cs9vqxk0xqcpqcs10bbqhq6h7vdbmyny-urh-2.0.2/bin/.urh-wrapped --version’ and found version 2.0.2
- ran ‘/nix/store/cs9vqxk0xqcpqcs10bbqhq6h7vdbmyny-urh-2.0.2/bin/urh --version’ and found version 2.0.2
- found 2.0.2 with grep in /nix/store/cs9vqxk0xqcpqcs10bbqhq6h7vdbmyny-urh-2.0.2
- directory tree listing: https://gist.github.com/fd267c85c4f90f14b9af167c50b169a0
When using diskrsync over SSH, on the remote machine it calls an executable
equal to argv0. Typically, this is just diskrsync but now that diskrsync is
wrapped, the wrapper uses absolute path to diskrsync and that path doesn't most
likely work on the remote machine. Thus, we need to force argv0 to "diskrsync"
so that it works on the remote machine.
aka 5.01+coreboot-001+
The version maintained by coreboot project is superior to Debian, it
integrates all the Debian patches and fixes a bunch more bugs.
In particular, it fixes SMP freezes and apparent memory errors when
running under coreboot ROM.
With hardening enabled it reports errors on known-good memory modules
on my Thinkpad X230 (Ivy Bridge). It's the same bug as reported in
https://bugs.launchpad.net/ubuntu/+source/memtest86+/+bug/1071209 but
memtest86+ fails on test #9 instead of test #7 (because #7 in 4.20
became #9 in 5.01) and with all the addresses multiplied by 2 (I guess
the bug was reported for i686, and I test on x86_64, it was 2012 after
all).
Setting haskell.packageOverrides like so:
haskell = super.haskell // {
packageOverrides = self: super: {
my-package = ...;
my-other-package = ...;
};
};
causes all compiler-specific package sets to be overridden with those
overrides.
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/gegl/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/2w7m19f387zkwhxbv6k2p8nrrlwqimpn-gegl-0.3.34/bin/gegl -h’ got 0 exit code
- ran ‘/nix/store/2w7m19f387zkwhxbv6k2p8nrrlwqimpn-gegl-0.3.34/bin/gegl --help’ got 0 exit code
- found 0.3.34 with grep in /nix/store/2w7m19f387zkwhxbv6k2p8nrrlwqimpn-gegl-0.3.34
- directory tree listing: https://gist.github.com/96c792a5cd60943effce7884fc50cc3a
I've rebuild all packages that depend on gpgme and everything seems fine
so far (there are a few failures but the ones I've checked are unrelated
to gpgme).
Upstream release notes (Noteworthy changes in version 1.11.1):
* Fixed build problems in the 1.11.0 release.
* Added C++ interfaces which were planned for 1.11.0.
The 1.11.0 release came with these changes:
* New encryption API to support direct key specification including
hidden recipients option and taking keys from a file. This also
allows to enforce the use of a subkey.
* New encryption flag for the new API to enforce the use of plain
mail addresses (addr-spec).
* The import API can now tell whether v3 keys are skipped. These old
and basically broken keys are not anymore supported by GnuPG 2.1.
* The decrypt and verify API will now return the MIME flag as
specified by RFC-4880bis.
* The offline mode now has an effect on gpg by disabling all network
access. [#3831]
* A failed OpenPGP verification how returns the fingerprint of the
intended key if a recent gpg version was used for signature
creation.
* New tool gpgme-json as native messaging server for web browsers.
As of now public key encryption and decryption is supported.
Requires Libgpg-error 1.29.
* New context flag "request-origin" which has an effect when used
with GnuPG 2.2.6 or later.
* New context flag "no-symkey-cache" which has an effect when used
with GnuPG 2.2.7 or later.
* New convenience constant GPGME_KEYLIST_MODE_LOCATE.
* Improved the Python documentation.
* Fixed a potential regression with GnuPG 2.2.6 or later.
* Fixed a crash in the Python bindings on 32 bit platforms. [#3892]
* Various minor fixes.
Critical CVE-2018-6085: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-28
Critical CVE-2018-6086: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-30
High CVE-2018-6087: Use after free in WebAssembly. Reported by Anonymous on 2018-02-20
High CVE-2018-6088: Use after free in PDFium. Reported by Anonymous on 2018-03-15
High CVE-2018-6089: Same origin policy bypass in Service Worker. Reported by Rob Wu on 2018-02-04
High CVE-2018-6090: Heap buffer overflow in Skia. Reported by ZhanJia Song on 2018-03-12
High CVE-2018-6091: Incorrect handling of plug-ins by Service Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-10-05
High CVE-2018-6092: Integer overflow in WebAssembly. Reported by Natalie Silvanovich of Google Project Zero on 2018-03-08
Medium CVE-2018-6093: Same origin bypass in Service Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-11-01
Medium CVE-2018-6094: Exploit hardening regression in Oilpan. Reported by Chris Rohlf on 2016-08-01
Medium CVE-2018-6095: Lack of meaningful user interaction requirement before file upload. Reported by Abdulrahman Alqabandi (@qab) on 2016-08-11
Medium CVE-2018-6096: Fullscreen UI spoof. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-19
Medium CVE-2018-6097: Fullscreen UI spoof. Reported by xisigr of Tencent's Xuanwu Lab on 2018-01-26
Medium CVE-2018-6098: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-01-03
Medium CVE-2018-6099: CORS bypass in ServiceWorker. Reported by Jun Kokatsu (@shhnjk) on 2018-02-03
Medium CVE-2018-6100: URL spoof in Omnibox. Reported by Lnyas Zhang on 2018-02-11
Medium CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools . Reported by Rob Wu on 2018-02-19
Medium CVE-2018-6102: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-20
Medium CVE-2018-6103: UI spoof in Permissions. Reported by Khalil Zhani on 2018-02-24
Medium CVE-2018-6104: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-03-08
Medium CVE-2018-6105: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-01-18
Medium CVE-2018-6106: Incorrect handling of promises in V8. Reported by lokihardt of Google Project Zero on 2018-01-25
Medium CVE-2018-6107: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-02
Medium CVE-2018-6108: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-27
Low CVE-2018-6109: Incorrect handling of files by FileAPI. Reported by Dominik Weber (@DoWeb_) on 2017-04-10
Low CVE-2018-6110: Incorrect handling of plaintext files via file:// . Reported by Wenxiang Qian (aka blastxiang) on 2017-10-24
Low CVE-2018-6111: Heap-use-after-free in DevTools. Reported by Khalil Zhani on 2017-11-02
Low CVE-2018-6112: Incorrect URL handling in DevTools. Reported by Rob Wu on 2017-12-29
Low CVE-2018-6113: URL spoof in Navigation. Reported by Khalil Zhani on 2018-01-25
Low CVE-2018-6114: CSP bypass. Reported by Lnyas Zhang on 2018-02-13
Low CVE-2018-6115: SmartScreen bypass in downloads. Reported by James Feher on 2018-03-07
Low CVE-2018-6116: Incorrect low memory handling in WebAssembly. Reported by Jin from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. on 2018-03-15
Low CVE-2018-6117: Confusing autofill settings. Reported by Spencer Dailey on 2018-03-15
Low CVE-2018-6084: Incorrect use of Distributed Objects in Google Software Updater on MacOS. Reported by Ian Beer of Google Project Zero on 2018-03-15
