Commit Graph

79 Commits

Author SHA1 Message Date
Franz Pletz
8678f14ac9
kerberos: 1.15 -> 1.15.2 for CVE-2017-11462 2017-09-28 14:52:37 +02:00
Jörg Thalheim
0016d925e4 kerberos: store state in /var/lib instead of $out/var 2017-09-12 14:30:18 +01:00
Franz Pletz
a957761abd
libheimdal: 2015-09-13 -> 7.4.0 for CVE-2017-11103
The git snapshot was based on 7.0 which is vulnerable.
2017-08-01 10:26:19 +02:00
tkatchev
6d211110f5 libkrb5: fix issue #16161. 2017-01-19 13:16:46 +03:00
Nikolay Amiantov
f84344ed41 libkrb5: 1.14.3 -> 1.15 2016-12-20 21:29:59 +03:00
Frederik Rietdijk
db0df92bbf heimdal: use python2
because of print statement
2016-10-18 23:16:06 +02:00
Robin Gloster
452f182356
krb5: 1.14.2 -> 1.14.3
fixes CVE-2016-3120
2016-09-18 23:47:56 +02:00
Vladimír Čunát
b626e83838 Merge #16291: krb5: fix compilation on weird prefixes
(when nix store prefix contains a "+" character)
2016-06-20 14:46:19 +02:00
Dmitry Kalinkin
2a91dd0f65 krb5: fix for stores with paths containing '+' character 2016-06-17 15:37:51 -04:00
Tuomas Tynkkynen
e80e4ba2bb treewide: Make explicit that 'dev' output of sqlite is used 2016-05-19 10:04:34 +02:00
Tuomas Tynkkynen
2a73de6e6c treewide: Make explicit that 'dev' output of openssl is used 2016-05-19 10:02:23 +02:00
Tuomas Tynkkynen
5eb01cd0ad treewide: Make explicit that 'dev' output of openldap is used 2016-05-19 10:00:50 +02:00
Shea Levy
edb0b7e36f krb5: 1.14 -> 1.14.2 (security updates) 2016-05-02 14:19:37 -04:00
Vladimír Čunát
9b091e8a0c krb5: simplify unpacking 2016-01-05 09:37:51 +01:00
Vladimír Čunát
1878ac9335 tree-wide: various cleanups
It's mainly refactoring and mass-rebuild simplifications without any
real impact (besides better readability).
2016-01-02 11:29:45 +01:00
janus
cbcab5521b FreeBSD: re-add heimdal 2016-01-01 17:01:13 +00:00
janus
55aa9163cc FreeBSD: minor fixes, add notes and make stdenv more robust 2016-01-01 17:01:13 +00:00
janus
a472d836f6 FreeBSD: apr-util, cyrus-sasl, berkeley db, glib, gnutls, kerberos, libelf-freebsd, openldap, serf, guile, tet, shishi, gawk, gnugrep 2016-01-01 17:01:13 +00:00
janus
9897b35661 FreeBSD: patch expat, kerberos, libedit, ossp-uuid, lz4, sharutils, add libelf-freebsd 2016-01-01 17:01:13 +00:00
Luca Bruno
51512d4c8f heimdal: try disabling parallel builds due to hydra issues
cc @wkennington
2015-09-29 10:49:33 +02:00
William A. Kennington III
5a0759971f heimdal: 2015-06-17 -> 2015-09-13 2015-09-16 13:14:23 -07:00
Eelco Dolstra
f41201ef97 heimdal: Fix description 2015-07-27 00:27:19 +02:00
William A. Kennington III
9c5ef0469c krb5: 1.13.1 -> 1.13.2 2015-06-26 23:02:20 -07:00
William A. Kennington III
943b282800 heimdal: Always install hcrypto 2015-06-26 22:45:20 -07:00
William A. Kennington III
a13fe2db47 Fix redundancy 2015-06-26 22:41:58 -07:00
William A. Kennington III
769ea09360 heimdal: Use the git version and breakout into a library 2015-06-26 22:41:25 -07:00
William A. Kennington III
b6322e1215 krb5: Break out into a lib and not lib version 2015-06-26 22:05:47 -07:00
Bjørn Forsman
52184b53c0 Revert "Revert "Explicitly pass -pthread flag to fix the build after some updates""
This reverts commit 6cfea50ad1.

I think the reason for the revert was because of patch dependencies. We really
need this patch to fix heimdal build.

Or else:

  $ nix-build -A heimdal
  ...
  /tmp/nix-build-heimdal-1.5.3.drv-0/heimdal-1.5.3/base/.libs/libheimbase.so: undefined reference to `pthread_getspecific'
  /tmp/nix-build-heimdal-1.5.3.drv-0/heimdal-1.5.3/base/.libs/libheimbase.so: undefined reference to `pthread_key_create'
  /tmp/nix-build-heimdal-1.5.3.drv-0/heimdal-1.5.3/base/.libs/libheimbase.so: undefined reference to `pthread_setspecific'
  collect2: error: ld returned 1 exit status
  Makefile:509: recipe for target 'tc' failed
  make[2]: *** [tc] Error 1
2015-06-06 09:23:33 +02:00
Eelco Dolstra
020cb43f55 Revert "kerberos: Modernize build"
This reverts commit 9740b0d12d.
2015-06-04 14:54:52 +02:00
Eelco Dolstra
056e2c8d6a Revert "heimdal: Disable DCE as it was breaking the build"
This reverts commit 0f2de4c64e.
2015-06-04 14:54:52 +02:00
Eelco Dolstra
6cfea50ad1 Revert "Explicitly pass -pthread flag to fix the build after some updates"
This reverts commit ed38a2d32b.
2015-06-04 14:54:52 +02:00
Eelco Dolstra
1e6e52c2ac Revert "krb5: 1.13.1 -> 1.13.2"
This reverts commit 85932bc5a9.
2015-06-04 14:54:48 +02:00
Eelco Dolstra
1b32ae03f3 Revert "krb5: Fixes"
This reverts commit a74e4863f3.
2015-06-04 14:54:48 +02:00
Eelco Dolstra
c449f292d2 Revert "krb5: Make lib build parallel"
This reverts commit ac2f05a50a.
2015-06-04 14:54:48 +02:00
Eelco Dolstra
3096d03435 Revert "Refactor mkFlag / shouldUsePkg into the nixpkgs libraries"
This reverts commit 25a148fa19.
2015-06-04 14:54:48 +02:00
William A. Kennington III
ac2f05a50a krb5: Make lib build parallel 2015-05-29 10:12:29 -07:00
William A. Kennington III
a74e4863f3 krb5: Fixes 2015-05-29 10:12:00 -07:00
William A. Kennington III
85932bc5a9 krb5: 1.13.1 -> 1.13.2 2015-05-28 02:20:08 -07:00
William A. Kennington III
25a148fa19 Refactor mkFlag / shouldUsePkg into the nixpkgs libraries 2015-05-22 13:26:55 -07:00
Michael Raskin
ed38a2d32b Explicitly pass -pthread flag to fix the build after some updates 2015-05-10 13:46:31 +02:00
William A. Kennington III
0f2de4c64e heimdal: Disable DCE as it was breaking the build 2015-05-05 13:56:44 -07:00
William A. Kennington III
9740b0d12d kerberos: Modernize build 2015-05-03 20:30:09 -07:00
Spencer Whitt
1c0f1ce949 krb5: fix Darwin build by providing mig 2015-04-07 12:51:14 -04:00
William A. Kennington III
35b442abc3 krb5: Make linux only 2015-04-04 20:04:15 -07:00
William A. Kennington III
e15cd2375e kerberos: Add development string 2015-03-04 16:48:52 -08:00
William A. Kennington III
524e815af1 krb5: 1.13 -> 1.13.1 2015-02-18 18:20:53 -08:00
William A. Kennington III
942e179974 heimdal: Correct the openssl dependency 2015-01-09 09:01:46 -08:00
aszlig
e957d71680
heimdal: Move openssh to propagatedBuildInputs.
A few more libraries were switched to using the kerberos attribute
instead of krb5 in 5fe7439. So those libraries are now built against
heimbal instead of MIT kerberos.

One of those libraries is libtirpc, which results in the following build
output:

http://hydra.nixos.org/build/18423661/nixlog/1/raw

The reason for this is, that "pkgconfig --libs" of heimdal lists
-lcrypto (which is part of OpenSSL), which is not propagated to
libtirpc.

See here (lines wrapped with backslash at the end of line):

$ nix-shell -p heimdal pkgconfig --command 'pkg-config --libs heimdal-gssapi'
-L/nix/store/cxjkl33j0mb4ilffaijl7gschbjzfv35-heimdal-1.5.3/lib -lgssapi \
-lheimntlm -lkrb5 -lhx509 -lcom_err -lcrypto -lasn1 -lwind -lroken -lcrypt \
-ldl -lresolv -pthread

Versus using MIT kerberos:

$ nix-shell -p krb5 pkgconfig --command 'pkg-config --libs krb5'
-L/nix/store/91vyw8yn89qnv8m8b35kgc4c4v7zp9as-krb5-1.13/lib -lkrb5 \
-lk5crypto -lcom_err

So the latter only lists libraries that are part of krb5 itself.

By adding openssh to propagatedBuildInputs, we should be able to build
any package that depends on either krb5/heimdal without any missing
dependencies.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-01-06 17:11:16 +01:00
William A. Kennington III
bd0567ecd4 heimdal: Build hcrypto for depdendant applications 2015-01-02 17:22:37 -08:00
William A. Kennington III
c66cc0719f heimdal: Fix spacing 2015-01-02 00:24:49 -08:00