Updates VirtualBox from version 5.0.12 to 5.0.14.
Upstream changes are (without bug IDs):
* GUI: properly limit the number of VCPUs to the number of physical cores
on Mac OS X
* Audio: fixed a bug which prevented loading a saved state of a saved
guests with HDA emulation (5.0.12 regression)
* Audio: don't crash if the backend is unable to initialize
* Audio: fixed audio capture on Mac OS X
* Storage: fixed a possible crash when attaching the same ISO image
multiple times to the same VM
* BIOS: properly report if two floppy drives are attached
* USB: fixed a problem with filters which would not capture the device
under certain circumstances (5.0.10 regression)
* ExtPack: black-list Extension Packs older than 4.3.30 due to
incompatible changes not being properly handled in the past
* Windows hosts: fixed a regression which caused robocopy to fail
* Linux hosts: properly create the /sbin/rcvboxdrv symbolic link (5.0.12
regression)
* Mac OS X hosts: several fixes for USB on El Capitan
* Linux Additions: fixes for Linux 4.5
Full upstream changelog with bug IDs can be found at:
https://www.virtualbox.org/wiki/Changelog
The reason I was reluctant to merge this before were these symbol lookup
errors:
vboxsf: Unknown symbol VBoxGuest_RTMemTmpFree (err 0)
vboxsf: Unknown symbol VBoxGuestIDCCall (err 0)
vboxsf: Unknown symbol VBoxGuest_RTSemFastMutexRequest (err 0)
vboxsf: Unknown symbol VBoxGuest_RTSemFastMutexRelease (err 0)
vboxsf: Unknown symbol VBoxGuest_RTLogRelGetDefaultInstanceEx (err 0)
vboxsf: Unknown symbol VBoxGuest_RTErrConvertToErrno (err 0)
vboxsf: Unknown symbol VBoxGuest_RTSemFastMutexCreate (err 0)
vboxsf: Unknown symbol VBoxGuest_RTSemFastMutexDestroy (err 0)
vboxsf: Unknown symbol VBoxGuest_RTMemContFree (err 0)
vboxsf: Unknown symbol VBoxGuest_RTSemMutexRelease (err 0)
vboxsf: Unknown symbol VBoxGuestIDCOpen (err 0)
vboxsf: Unknown symbol VBoxGuest_RTAssertShouldPanic (err 0)
vboxsf: Unknown symbol VBoxGuest_RTMemContAlloc (err 0)
vboxsf: Unknown symbol VBoxGuest_RTSemMutexRequest (err 0)
vboxsf: Unknown symbol VBoxGuest_RTSemMutexCreate (err 0)
vboxsf: Unknown symbol VBoxGuest_RTMemTmpAllocTag (err 0)
vboxsf: Unknown symbol VBoxGuest_RTSemMutexDestroy (err 0)
vboxsf: Unknown symbol VBoxGuest_RTAssertMsg1Weak (err 0)
vboxsf: Unknown symbol VBoxGuestIDCClose (err 0)
vboxsf: Unknown symbol VBoxGuest_RTAssertMsg2Weak (err 0)
However, after testing it against 5.0.12, the same errors occur there as
well, so it is likely related to our VM tests.
stdenv.system should be almost always used instead of builtins.currentSystem
or cross-evaluation (e.g. evaluating a i686 NixOS system on a 64-bit nix)
will be subtly broken.
No changes in functionality, but to make future source updates a bit
easier on the eyes when viewing the diff.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
The update.sh shell script now is only a call to nix-build, which does
all the hard work of updating the Chromium source channels and the
plugins. It results in a store path with the new sources.nix that
replaces the already existing sources.nix.
Along the way, this has led to a quite massive workaround, which abuses
MD5 collisions to detect whether an URL is existing, because something
like builtins.tryEval (builtins.fetchurl url) unfortunately doesn't
work. Further explanations and implementation details are documented in
the actual implementation.
The drawback of this is that we don't have nice status messages anymore,
but on the upside we have a more robust generation of the sources.nix
file, which now also should work properly on missing upstream
sources/binaries.
This also makes it much easier to implement fetching non-GNU/Linux
versions of Chromium and we have all values from omahaproxy available as
an attribute set (see the csv2nix and channels attributes in the update
attribute).
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This fixes the previous attempt (in commit 46d1dd5) to make ctags' ctags
override emacs' ctags. The higher the value of the priority attribute,
the higher the priority (see the definition of `buildEnv`).
As stated in the parent commit, the 32bit Chrome package is not
available upstream, so let's at least provide the SHA256 hash for the
64bit package.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Until now, if we have a failure to fetch either the 32bit Debian package
or the 64bit Debian package, neither of these will be put into
sources.nix.
Unfortunately the beta/dev channels do not have a 32bit Debian package,
so even though there is a 64bit Debian package available we don't get
plugins *at* *all*.
This also introduces a nicer error message rather than just failing with
an assertion in fetchurl because we did not provide url/urls.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Updates gitlab to the current stable version and fixes a lot of features that
were broken, at least with the current version and our configuration.
Quite a lot of sweat and tears has gone into testing nearly all features and
reading/patching the Gitlab source as we're about to deploy gitlab for our
whole company.
Things to note:
* The gitlab config is now written as a nix attribute set and will be
converted to JSON. Gitlab uses YAML but JSON is a subset of YAML.
The `extraConfig` opition is also an attribute set that will be merged
with the default config. This way *all* Gitlab options are supported.
* Some paths like uploads and configs are hardcoded in rails (at least
after my study of the Gitlab source). This is why they are linked from
the Gitlab root to /run/gitlab and then linked to the configurable
`statePath`.
* Backup & restore should work out of the box from another Gitlab instance.
* gitlab-git-http-server has been replaced by gitlab-workhorse upstream.
Push & pull over HTTPS works perfectly. Communication to gitlab is done
over unix sockets. An HTTP server is required to proxy requests to
gitlab-workhorse over another unix socket at
`/run/gitlab/gitlab-workhorse.socket`.
* The user & group running gitlab are now configurable. These can even be
changed for live instances.
* The initial email address & password of the root user can be configured.
Fixes#8598.
By default all plugins from pkgs.gimpPlugins set are enabled.
Default location of plugins changed from $out/${gimp.name} to
$out/lib/gimp/${majorVersion}. Resulting derivation for gimp+plugins
is set as search path for plugins by default (additional tweaking in
gimprc done for old plugin scheme should be removed)
From the debian security mailing list:
Several vulnerabilities have been discovered in the chromium web browser.
CVE-2016-1622
It was discovered that a maliciously crafted extension could bypass
the Same Origin Policy.
CVE-2016-1623
Mariusz Mlynski discovered a way to bypass the Same Origin Policy.
CVE-2016-1624
lukezli discovered a buffer overflow issue in the Brotli library.
CVE-2016-1625
Jann Horn discovered a way to cause the Chrome Instant feature to
navigate to unintended destinations.
CVE-2016-1626
An out-of-bounds read issue was discovered in the openjpeg library.
CVE-2016-1627
It was discovered that the Developer Tools did not validate URLs.
CVE-2016-1628
An out-of-bounds read issue was discovered in the pdfium library.
CVE-2016-1629
A way to bypass the Same Origin Policy was discovered in Blink/WebKit,
along with a way to escape the chromium sandbox.