Commit Graph

34906 Commits

Author SHA1 Message Date
Peter Simons
055ab6ba74 Merge pull request #21589 from NixOS/ghc-split-sections
GHC 8.0.2: use -split-sections
2017-02-09 11:17:31 +01:00
Vladimír Čunát
333e36eca0
pythonPackages.gst-python: fix hash after afd59811a1
/cc #22549.
2017-02-09 09:40:36 +01:00
Pascal Wittmann
5de04f6d55 Revert "ocaml-lablgl: use camlp5"
This reverts commit 7a6aac9076.
2017-02-09 09:14:51 +01:00
Pascal Wittmann
b6cc6bd088 yodl: 3.08.01 -> 3.08.02 2017-02-09 09:11:28 +01:00
Vladimír Čunát
4bf9f8afc3
Merge #22578: mesa: add enableRadv ? false
There's no hash change in default settings.
2017-02-09 08:03:34 +01:00
Graham Christensen
77e920d874
spice: Patch for CVE-2016-9577, CVE-2016-9578
From the Red Hat advisory:

* A vulnerability was discovered in spice in the server's protocol
  handling. An authenticated attacker could send crafted messages to
  the spice server causing a heap overflow leading to a crash or
  possible code execution. (CVE-2016-9577)

* A vulnerability was discovered in spice in the server's protocol
  handling. An attacker able to connect to the spice server could send
  crafted messages which would cause the process to crash.
  (CVE-2016-9578)
2017-02-08 22:03:11 -05:00
David McFarland
4ab604b6b8 mesa: add enableRadv 2017-02-08 22:15:03 -04:00
Franz Pletz
6d0806d061
pythonPackages.searx: 0.10.0 -> 0.11.0 2017-02-08 23:51:02 +01:00
Graham Christensen
ae02508c2a Merge pull request #22555 from peterhoeg/u/wavpack
wavpack: 4.80.0 -> 5.1.0
2017-02-08 10:02:03 -05:00
Peter Hoeg
5eaec77732 wavpack: 4.80.0 -> 5.1.0 2017-02-08 22:41:24 +08:00
Nikolay Amiantov
45368ed49d haskellPackages.typed-process: disable tests
Networking is required for them.
2017-02-08 17:39:55 +03:00
Graham Christensen
afd59811a1
gstreamer-*: 1.10.2 -> 1.10.3 for multiple CVEs
gst-plugins-bad:
From the Arch Linux advisory:
 - CVE-2017-5843 (arbitrary code execution): A double-free issue has
 been found in gstreamer before 1.10.3, in
 gst_mxf_demux_update_essence_tracks.

- CVE-2017-5848 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in gst_ps_demux_parse_psm.
More: https://lwn.net/Vulnerabilities/713772/

gst-plugins-base:
From the Arch Linux advisory:

- CVE-2017-5837 (denial of service): A floating point exception issue
  has been found in gstreamer before 1.10.3, in
  gst_riff_create_audio_caps.

- CVE-2017-5839 (denial of service): An endless recursion issue
  leading to stack overflow has been found in gstreamer before 1.10.3,
  in gst_riff_create_audio_caps.

- CVE-2017-5842 (arbitrary code execution): An off-by-one write has
  been found in gstreamer before 1.10.3, in
  html_context_handle_element.

- CVE-2017-5844 (denial of service): A floating point exception issue
  has been found in gstreamer before 1.10.3, in
  gst_riff_create_audio_caps.
More: https://lwn.net/Vulnerabilities/713773/

gst-plugins-good:
From the Arch Linux advisory:

- CVE-2016-10198 (denial of service): An invalid memory read flaw has
  been found in gstreamer before 1.10.3, in
  gst_aac_parse_sink_setcaps.

- CVE-2016-10199 (denial of service): An out of bounds read has been
  found in gstreamer before 1.10.3, in qtdemux_tag_add_str_full.

- CVE-2017-5840 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in qtdemux_parse_samples.

- CVE-2017-5841 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.

- CVE-2017-5845 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in gst_avi_demux_parse_ncdt.
More: https://lwn.net/Vulnerabilities/713774/

gst-plugins-ugly:
From the Arch Linux advisory:

- CVE-2017-5846 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in
  gst_asf_demux_process_ext_stream_props.

- CVE-2017-5847 (denial of service): An out-of-bounds read has been
  found in gstreamer before 1.10.3, in
  gst_asf_demux_process_ext_content_desc.
More: https://lwn.net/Vulnerabilities/713775/

gstreamer:
From the Arch Linux advisory:

An out of bounds read has been found in gstreamer before 1.10.3, in
gst_date_time_new_from_iso8601_string.
More: https://lwn.net/Vulnerabilities/713776/
2017-02-08 08:30:23 -05:00
Pascal Wittmann
3bd6c44b5f Merge pull request #22541 from vrthra/libsixel-1.7.3
libsixel: 1.6.1 -> 1.7.3
2017-02-08 10:21:46 +01:00
Pascal Wittmann
39f2bf0976 Merge pull request #22468 from taktoa/souper
souper: init at 2017-01-05
2017-02-08 09:20:43 +01:00
Domen Kožar
01ca916411
haskell: distribute servant-{elm,docs,auth,auth-server} and logging-effect 2017-02-08 06:11:04 +01:00
Rahul Gopinath
bac5a018a0 libsixel: 1.6.1 -> 1.7.3 2017-02-07 17:11:13 -08:00
Vincent Laporte
3a526deaee libgdiplus: fix install on darwin 2017-02-07 19:58:44 +00:00
Benno Fünfstück
b33124a143 haskell-download: don't test (requires networking) 2017-02-07 15:13:30 +01:00
Benno Fünfstück
57507f08e8 haskell-modules: split off nix-specific overrides and common ones
This allows the nix-specific overrides to be reused for other purposes,
with different haskell package sets, etc.
2017-02-07 15:13:23 +01:00
Peter Simons
5a0368b87c hackage-packages.nix: automatic Haskell package set update
This update was generated by hackage2nix v2.0.4-10-g05c4803 from Hackage revision
5720a6c584.
2017-02-07 15:13:15 +01:00
Peter Simons
d0492177e3 hackage2nix: update list of broken packages 2017-02-07 15:12:13 +01:00
Peter Simons
868eb826e1 LTS Haskell 7.19 2017-02-07 15:12:13 +01:00
Graham Christensen
34157f7a04 Merge pull request #22509 from joachifm/jbig2dec
jbig2dec: update & security patch
2017-02-07 08:28:52 -05:00
Domen Kožar
f031f3105a
GHC 8.0.2: use -split-sections
-split-sections replaced -split-objs with following upsides:

1) -split-objs adds considerable overhead to compile time

2) combined with stripping, it causes issues when cross-compiling

For upstream see https://ghc.haskell.org/trac/ghc/ticket/8405

This is supported only for Linux/Windows using ld linker.

GHC master also turns on -split-sections by default.

Example using stack:

Without splitting

  $ du /nix/store/5paayhibayr73zqfaj458g4k4mv108jn-stack-1.3.2
  4       /nix/store/5paayhibayr73zqfaj458g4k4mv108jn-stack-1.3.2/share/bash-completion/completions
  4       /nix/store/5paayhibayr73zqfaj458g4k4mv108jn-stack-1.3.2/share/bash-completion
  4       /nix/store/5paayhibayr73zqfaj458g4k4mv108jn-stack-1.3.2/share
  23416   /nix/store/5paayhibayr73zqfaj458g4k4mv108jn-stack-1.3.2/bin
  23420   /nix/store/5paayhibayr73zqfaj458g4k4mv108jn-stack-1.3.2

With -split-objs

  $ du /nix/store/fypymm529adpx71gdzm0851xz42wdbz0-stack-1.3.2
  20632   /nix/store/fypymm529adpx71gdzm0851xz42wdbz0-stack-1.3.2/bin
  4 /nix/store/fypymm529adpx71gdzm0851xz42wdbz0-stack-1.3.2/share/bash-completion/completions
  4 /nix/store/fypymm529adpx71gdzm0851xz42wdbz0-stack-1.3.2/share/bash-completion
  4       /nix/store/fypymm529adpx71gdzm0851xz42wdbz0-stack-1.3.2/share
  20636   /nix/store/fypymm529adpx71gdzm0851xz42wdbz0-stack-1.3.2

With -split-sections

  $ du /nix/store/40l6krinx1zx41lr87c4m12hxj4ldf3x-stack-1.3.2
  4       /nix/store/40l6krinx1zx41lr87c4m12hxj4ldf3x-stack-1.3.2/share/bash-completion/completions
  4       /nix/store/40l6krinx1zx41lr87c4m12hxj4ldf3x-stack-1.3.2/share/bash-completion
  4       /nix/store/40l6krinx1zx41lr87c4m12hxj4ldf3x-stack-1.3.2/share
  20672   /nix/store/40l6krinx1zx41lr87c4m12hxj4ldf3x-stack-1.3.2/bin
  20676   /nix/store/40l6krinx1zx41lr87c4m12hxj4ldf3x-stack-1.3.2

Note: you currently need following overrides to build stack on 802:

   vector-algorithms = dontCheck super.vector-algorithms;
   path-io = doJailbreak super.path-io;
   stack = doJailbreak super.stack;

Note: Should also work on GHC 8.0.1, but I'm being careful here.
      We could backport later on.
2017-02-07 14:21:54 +01:00
Remy Goldschmidt
ac72948c94
souper: init at 2017-01-05 2017-02-06 21:57:45 -06:00
Joachim Fasting
83f83ca434
jbig2dec: patch for CVE-2016-9601
Upstream bug: https://bugs.ghostscript.com/show_bug.cgi?id=697457

A new release containing this fix is expected in march; until then,
apply patch from upstream. Note that there have been essentially no
changes between 0.13 and this patch.
2017-02-07 04:07:15 +01:00
Graham Christensen
267813f4f7
Revert "firefox-wrapper: remove gnash support, see #22342"
Accidentally committed other changes

This reverts commit f77bc59af6.
2017-02-06 21:39:09 -05:00
Graham Christensen
f77bc59af6
firefox-wrapper: remove gnash support, see #22342 2017-02-06 21:29:58 -05:00
Joachim Fasting
12284fff17
jbig2dec: 0.11 -> 0.13, new upstream location
The most recent version on the sourceforge page is 0.11 which is quite
old; the official upstream site has 0.13; judging by the commit delta,
there've been quite a few bug fixes etc since 0.11.
2017-02-07 03:09:27 +01:00
Shea Levy
41ba205dda ming: remove.
The project seems dead and there are recent security issues.

See https://lwn.net/Vulnerabilities/712664/
2017-02-06 21:08:57 -05:00
Bjørn Forsman
d3c7a94b77 openocd: 0.9.0 -> 0.10.0
Announcement:
http://openocd.org/2017/01/openocd-0-10-0-release-is-out/

The udev rules were renamed. Add code to automatically detect renames in
the future.
2017-02-06 20:19:36 +01:00
Franz Pletz
8b9e2010b4
libidn2: init at 0.16
wget now needs libidn2 instead of libidn.

cc #22416
2017-02-06 13:18:20 +01:00
Franz Pletz
f629f4e234
libpsl: 0.15.0 -> 0.17.0 2017-02-06 13:18:00 +01:00
Peter Simons
334657518d Merge pull request #22469 from peti/fix-callCabal2nix
callCabal2nix: take "name" parameter as a function argument
2017-02-06 11:46:29 +01:00
Herwig Hochleitner
67ccc41a67 leiningen: 2.6.1 -> 2.7.1 (#22485) 2017-02-06 08:44:20 +01:00
Graham Christensen
5d8d1a5623 Merge pull request #22479 from Szczyp/rhc
rhc: 1.36.4 -> 1.38.7
2017-02-05 22:42:55 -05:00
Volth
c771d499f9 systemtap: 2016-09-16 -> 2017-02-04 2017-02-06 01:54:19 +01:00
Szczyp
33c09a0e40 rhc: 1.36.4 -> 1.38.7
Fix: CVE-2016-10173
2017-02-06 01:10:51 +01:00
Aristid Breitkreuz
00517f1779 rr: 4.4.0 -> 4.5.0 2017-02-05 22:00:42 +01:00
Peter Simons
1f18f65650 callCabal2nix: take "name" parameter as a function argument
The callCabal2nix function cannot reliably determine the appropriate "name" for
the package it's processing. Attempts to derive this information have led to
plenty of evaluation errors, and so I'd like to go for the obvious and reliable
solution now and let the caller specify that bit of information.

Here is an example that demonstrates how to use callCabal2nix.

    let
      pkgs = import <nixpkgs> {};
      src = pkgs.fetchFromGitHub {
        owner = "gtk2hs";
        repo = "gtk2hs";
        rev = "eee61d84edf1dd44f8d380d7d7cae2405de50124";
        sha256 = "12i53grimni0dyjqjydl120z5amcn668w4pfhl8dxscjh4a0l5nb";
      };
    in
      pkgs.haskellPackages.callCabal2nix "gtkhs-tools" "${src}/tools" {}
2017-02-05 21:18:27 +01:00
Peter Simons
956c1fe3e8 Merge pull request #22427 from 3noch/fix-callCabal2nix
haskellPackages.callCabal2nix: provide fallback name
2017-02-05 19:37:19 +01:00
Jascha Geerds
ffb91cc697 docker_compose: Remove upper bound version limitations 2017-02-05 18:39:30 +01:00
Nikolay Amiantov
c226a93a9e pythonPackages.pyqt5: enable qtwebengine support 2017-02-05 15:05:53 +03:00
Nikolay Amiantov
41c1534aed qt5.qtwebengine: fix ca bundle path 2017-02-05 15:05:51 +03:00
Michael Raskin
64666a402f lispPackages.clx: git-20150117 -> git-20170201 2017-02-05 13:03:03 +01:00
Pascal Wittmann
91869fb848 Merge pull request #22452 from kirelagin/libnfc-osx
libnfc: Add missing dependency on readline
2017-02-05 11:15:33 +01:00
Tuomas Tynkkynen
321b639d76 gnu-efi: Remove unneeded aarch64 patch
Not needed after the upgrade to 3.0.5. Yay!
2017-02-05 09:34:31 +02:00
Joachim F
8ba043a540 Merge pull request #22456 from peterhoeg/u/wp
wp-cli: 1.0.0 -> 1.1.0
2017-02-05 05:52:04 +01:00
Thomas Tuegel
f9c684e152 Merge pull request #22404 from cpages/jsoncpp
jsoncpp: update and drop old version
2017-02-04 20:06:53 -06:00
Joachim F
f050f3b9cf Merge pull request #22446 from rnhmjoj/vapoursynth
vapoursynth: R35 -> R36
2017-02-05 01:53:54 +01:00