As per project's README:
> Recent systems can resolve IPv6 host names using getaddrinfo(). This
> primitive is not present in all libcs and does not work in all of
> them either. Support in glibc was broken before 2.3. Some embedded
> libs may not properly work either, thus, support is disabled by
> default, meaning that some host names which only resolve as IPv6
> addresses will not resolve and configs might emit an error during
> parsing. If you know that your OS libc has reliable support for
> getaddrinfo(), you can add USE_GETADDRINFO=1 on the make command
> line to enable it. This is the recommended option for most Linux
> distro packagers since it's working fine on all recent mainstream
> distros. It is automatically enabled on Solaris 8 and above, as it's
> known to work.
Without this option, it is not possible for HAProxy to solve IPv6-only
names. This option is enabled in Debian builds without any notable
adverse effect.
The patches previously applied have been included upstream. Upstream
changelog (only MAJOR/MEDIUM):
2018/07/30 : 1.8.13
- BUG/MEDIUM: h2: don't accept new streams if conn_streams are still in excess
- BUG/MEDIUM: h2: never leave pending data in the output buffer on close
- BUG/MEDIUM: h2: make sure the last stream closes the connection after a timeout
- BUG/MEDIUM: threads: Fix the exit condition of the thread barrier
- BUG/MEDIUM: stream-int: don't immediately enable reading when the buffer was reportedly full
- BUG/MEDIUM: stats: don't ask for more data as long as we're responding
- BUG/MEDIUM: threads/sync: use sched_yield when available
- BUG/MEDIUM: h2: prevent orphaned streams from blocking a connection forever
- BUG/MEDIUM: threads: properly fix nbthreads == MAX_THREADS
- BUG/MEDIUM: threads: unbreak "bind" referencing an incorrect thread number
- MEDIUM: proxy_protocol: Convert IPs to v6 when protocols are mixed
2018/06/27 : 1.8.12
- BUG/MAJOR: stick_table: Complete incomplete SEGV fix
2018/06/26 : 1.8.11
- BUG/MAJOR: Stick-tables crash with segfault when the key is not in the stick-table
2018/06/22 : 1.8.10
- BUG/MEDIUM: spoe: Flags are not encoded in network order
- BUG/MEDIUM: contrib/mod_defender: Use network order to encode/decode flags
- BUG/MEDIUM: contrib/modsecurity: Use network order to encode/decode flags
- BUG/MEDIUM: cache: don't cache when an Authorization header is present
- BUG/MEDIUM: dns: Delay the attempt to run a DNS resolution on check failure.
- BUG/MEDIUM: fd: Only check update_mask against all_threads_mask.
- BUG/MEDIUM: servers: Add srv_addr default placeholder to the state file
- BUG/MEDIUM: lua/socket: Length required read doesn't work
- BUG/MEDIUM: stick-tables: Decrement ref_cnt in table_* converters
- BUG/MEDIUM: spoe: Return an error when the wrong ACK is received in sync mode
- BUG/MEDIUM: lua/socket: wrong scheduling for sockets
- BUG/MAJOR: lua: Dead lock with sockets
- BUG/MEDIUM: lua/socket: Notification error
- BUG/MEDIUM: lua/socket: Sheduling error on write: may dead-lock
- BUG/MEDIUM: lua/socket: Buffer error, may segfault
- MAJOR: spoe: upgrade the SPOP version to 2.0 and remove the support for 1.0
- BUG/MEDIUM: threads: handle signal queue only in thread 0
- BUG/MAJOR: map: fix a segfault when using http-request set-map
- BUG/MAJOR: ssl: Random crash with cipherlist capture
- BUG/MAJOR: ssl: OpenSSL context is stored in non-reserved memory slot
- BUG/MEDIUM: fd: Don't modify the update_mask in fd_dodelete().
- BUG/MEDIUM: threads: Use the sync point to check active jobs and exit
`ocserv` is a VPN server which follows the openconnect protocol
(https://github.com/openconnect/protocol). The packaging is slightly
inspired by the AUR version
(https://aur.archlinux.org/packages/ocserv/).
This patch initializes the package written in C, the man pages and a
module for a simple systemd unit to run the VPN server. The package
supports the following authentication methods for the server:
* `plain` (mostly username/password)
* `pam`
The third method (`radius`) is currently not supported since `nixpkgs`
misses a packaged client.
The module can be used like this:
``` nix
{
services.ocserv = {
enable = true;
config = ''
...
'';
};
}
```
The option `services.ocserv.config` is required on purpose to
ensure that nobody just enables the service and experiences unexpected
side-effects on the system. For a full reference, please refer to the
man pages, the online docs or the example value.
The docs recommend to simply use `nobody` as user, so no extra user has
been added to the internal user list. Instead a configuration like
this can be used:
```
run-as-user = nobody
run-as-group = nogroup
```
/cc @tenten8401
Fixes#42594
* substitute(): --subst-var was silently coercing to "" if the variable does not exist.
* libffi: simplify using `checkInputs`
* pythonPackges.hypothesis, pythonPackages.pytest: simpify dependency cycle fix
* utillinux: 2.32 -> 2.32.1
https://lkml.org/lkml/2018/7/16/532
* busybox: 1.29.0 -> 1.29.1
* bind: 9.12.1-P2 -> 9.12.2
https://ftp.isc.org/isc/bind9/9.12.2/RELEASE-NOTES-bind-9.12.2.html
* curl: 7.60.0 -> 7.61.0
* gvfs: make tests run, but disable
* ilmbase: disable tests on i686. Spooky!
* mdds: fix tests
* git: disable checks as tests are run in installcheck
* ruby: disable tests
* libcommuni: disable checks as tests are run in installcheck
* librdf: make tests run, but disable
* neon, neon_0_29: make tests run, but disable
* pciutils: 3.6.0 -> 3.6.1
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/pciutils/versions.
* mesa: more include fixes
mostly from void-linux (thanks!)
* npth: 1.5 -> 1.6
minor bump
* boost167: Add lockfree next_prior patch
* stdenv: cleanup darwin bootstrapping
Also gets rid of the full python and some of it's dependencies in the
stdenv build closure.
* Revert "pciutils: use standardized equivalent for canonicalize_file_name"
This reverts commit f8db20fb3a.
Patching should no longer be needed with 3.6.1.
* binutils-wrapper: Try to avoid adding unnecessary -L flags
(cherry picked from commit f3758258b8895508475caf83e92bfb236a27ceb9)
Signed-off-by: Domen Kožar <domen@dev.si>
* libffi: don't check on darwin
libffi usages in stdenv broken darwin. We need to disable doCheck for that case.
* "rm $out/share/icons/hicolor/icon-theme.cache" -> hicolor-icon-theme setup-hook
* python.pkgs.pytest: setupHook to prevent creation of .pytest-cache folder, fixes#40273
When `py.test` was run with a folder as argument, it would not only
search for tests in that folder, but also create a .pytest-cache folder.
Not only is this state we don't want, but it was also causing
collisions.
* parity-ui: fix after merge
* python.pkgs.pytest-flake8: disable test, fix build
* Revert "meson: 0.46.1 -> 0.47.0"
With meson 0.47.0 (or 0.47.1, or git)
things are very wrong re:rpath handling
resulting in at best missing libs but
even corrupt binaries :(.
When we run patchelf it masks the problem
by removing obviously busted paths.
Which is probably why this wasn't noticed immediately.
Unfortunately the binary already
has a long series of paths scribbled
in a space intended for a much smaller string;
in my testing it was something like
lengths were 67 with 300+ written to it.
I think we've reported the relevant issues upstream,
but unfortunately it appears our patches
are what introduces the overwrite/corruption
(by no longer being correct in what they assume)
This doesn't look so bad to fix but it's
not something I can spend more time on
at the moment.
--
Interestingly the overwritten string data
(because it is scribbled past the bounds)
remains in the binary and is why we're suddenly
seeing unexpected references in various builds
-- notably this is is the reason we're
seeing the "extra-utils" breakage
that entirely crippled NixOS on master
(and probably on staging before?).
Fixes#43650.
This reverts commit 305ac4dade.
(cherry picked from commit 273d68eff8f7b6cd4ebed3718e5078a0f43cb55d)
Signed-off-by: Domen Kožar <domen@dev.si>
Since years I'm not maintaining anything of the list below other
than some updates when I needed them for some reason. Other people
is doing that maintenance on my behalf so I better take me out but
for very few packages. Finally!
This makes the command ‘nix-env -qa -f. --arg config '{skipAliases =
true;}'’ work in Nixpkgs.
Misc...
- qtikz: use libsForQt5.callPackage
This ensures we get the right poppler.
- rewrites:
docbook5_xsl -> docbook_xsl_ns
docbook_xml_xslt -> docbook_xsl
diffpdf: fixup
> whois (5.3.2) unstable; urgency=medium
>
> * Added the .ge TLD server.
> * Updated the charset for whois.nic.cl. (Closes: #900047)
> * Updated the list of new gTLDs.
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/http-prompt/versions.
<details><summary>Version release notes (from GitHub)</summary>
* Fix bug: Handle OpenAPI `basePath` properly (#140, #141)</details>
These checks were done:
- built on NixOS
- /nix/store/1gzy7b5js44k972zrjzd5g2rjk00l901-http-prompt-0.11.2/bin/.http-prompt-wrapped passed the binary check.
- /nix/store/1gzy7b5js44k972zrjzd5g2rjk00l901-http-prompt-0.11.2/bin/http-prompt passed the binary check.
- 2 of 2 passed binary check by having a zero exit code.
- 2 of 2 passed binary check by having the new version present in output.
- found 0.11.2 with grep in /nix/store/1gzy7b5js44k972zrjzd5g2rjk00l901-http-prompt-0.11.2
- directory tree listing: https://gist.github.com/9cc6cb35afe53057b07f364f2b4bfae8
- du listing: https://gist.github.com/7ef9ede9ef7a82a304847cf671cef769
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/xl2tpd/versions.
These checks were done:
- built on NixOS
- /nix/store/xvvr6zvnn8q3k0021bp74yfql82yp7q1-xl2tpd-1.3.12/bin/pfc passed the binary check.
- /nix/store/xvvr6zvnn8q3k0021bp74yfql82yp7q1-xl2tpd-1.3.12/bin/xl2tpd passed the binary check.
- /nix/store/xvvr6zvnn8q3k0021bp74yfql82yp7q1-xl2tpd-1.3.12/bin/xl2tpd-control passed the binary check.
- 2 of 3 passed binary check by having a zero exit code.
- 1 of 3 passed binary check by having the new version present in output.
- found 1.3.12 with grep in /nix/store/xvvr6zvnn8q3k0021bp74yfql82yp7q1-xl2tpd-1.3.12
- directory tree listing: https://gist.github.com/9e7e06daf4d57291dbefde0aff0da546
- du listing: https://gist.github.com/0eb400f5c7f43510ed9dc63f43181d95
* treewide: http -> https sources
This updates the source urls of all top-level packages from http to
https where possible.
* buildtorrent: fix url and tab -> spaces
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/zerotierone/versions.
These checks were done:
- built on NixOS
- Warning: no invocation of /nix/store/vd1y0dqqxk8dm0g7daw4anxfip7l97cm-zerotierone-1.2.10/bin/zerotier-idtool had a zero exit code or showed the expected version
- /nix/store/vd1y0dqqxk8dm0g7daw4anxfip7l97cm-zerotierone-1.2.10/bin/zerotier-cli passed the binary check.
- /nix/store/vd1y0dqqxk8dm0g7daw4anxfip7l97cm-zerotierone-1.2.10/bin/zerotier-one passed the binary check.
- 2 of 3 passed binary check by having a zero exit code.
- 2 of 3 passed binary check by having the new version present in output.
- directory tree listing: https://gist.github.com/87164b4a118f54881debe8986fa9d125
- du listing: https://gist.github.com/d1842159ba2f6272856b4451d5860bf7
In particular, this contains Firefox-related and libgcrypt updates.
Other larger rebuilds would apparently need lots of time to catch up
on Hydra, due to nontrivial rebuilds in other branches than staging.
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/speedtest-cli/versions.
These checks were done:
- built on NixOS
- /nix/store/a4chlrm6z1ar1q81dxnyza2caw326mba-speedtest-cli-2.0.2/bin/.speedtest-wrapped passed the binary check.
- /nix/store/a4chlrm6z1ar1q81dxnyza2caw326mba-speedtest-cli-2.0.2/bin/speedtest passed the binary check.
- /nix/store/a4chlrm6z1ar1q81dxnyza2caw326mba-speedtest-cli-2.0.2/bin/.speedtest-cli-wrapped passed the binary check.
- /nix/store/a4chlrm6z1ar1q81dxnyza2caw326mba-speedtest-cli-2.0.2/bin/speedtest-cli passed the binary check.
- 4 of 4 passed binary check by having a zero exit code.
- 4 of 4 passed binary check by having the new version present in output.
- found 2.0.2 with grep in /nix/store/a4chlrm6z1ar1q81dxnyza2caw326mba-speedtest-cli-2.0.2
- directory tree listing: https://gist.github.com/6b0bc77e82e32f36a5b79985ecdfc141
- du listing: https://gist.github.com/d6c4b589c95fcdaad30bc0b4e265e6e6
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/unbound/versions.
These checks were done:
- built on NixOS
- Warning: no invocation of /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound-checkconf had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound-control had a zero exit code or showed the expected version
- /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound-host passed the binary check.
- Warning: no invocation of /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound-anchor had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound-control-setup had a zero exit code or showed the expected version
- 1 of 6 passed binary check by having a zero exit code.
- 0 of 6 passed binary check by having the new version present in output.
- found 1.7.2 with grep in /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2
- directory tree listing: https://gist.github.com/24f2136689bd3209095feb3b71734811
- du listing: https://gist.github.com/9efb5b527b161e93a47f0237c7d556a8
