Commit Graph

58308 Commits

Author SHA1 Message Date
mancha
7b531e2845 unzip: fix CVE-2014-9636 patch
Close #6544, fixes #6543.
vcunat: no security impact; just fixes false rejections of some rarer
inputs - a problem introduced by the CVE patch.
2015-02-24 10:55:50 +01:00
Peter Simons
d3dd218bc2 haskell-generic-builder: consistently use $TMPDIR to refer to the designated place for temporary files
Resolves https://github.com/NixOS/nixpkgs/issues/6525.
2015-02-23 11:46:44 +01:00
Peter Simons
b8bf8e502c ghc: re-instate code that configures statically linked builds by default
The compiler should not expect to have dynamic versions of all libraries
available, because that configuration doesn't play along nicely with statically
linked libraries.

Fixes https://github.com/NixOS/nixpkgs/issues/6399.
2015-02-22 21:55:27 +01:00
Eduard Bachmakov
0e9a0c9913 mesa: big update, and related improvements (close #6367)
* Remove upstreamed patch
* EGL driver dirs are no longer a thing, see mesa commit
  407450eb84f5a1b466a2eff19b85cdee7ac15dfb
  Patching runtime search dir in sources instead (by vcunat).
* static-gallium patch dropped as it causes visibility issues with
  nouveau
* rtti patch dropped as it the relevant configuration has been removed
  upstream; properly fixed by an LLVM flag now
* Checks disabled. This is known and solved upstream. Checks will be
  re-enabled in a future commit when updating to a version containing
  the fixes
* Use llvm-3.5 now (by vcunat).
2015-02-22 20:08:08 +01:00
Eduard Bachmakov
c0def4a169 llvm-3.5: enable RTTI to support mesa
Extracted from #6367.
2015-02-22 20:03:14 +01:00
Vladimír Čunát
99a740aa21 xf86-video-vmware: update 2015-02-22 20:01:04 +01:00
Vladimír Čunát
bb2be45e08 xorg: update various modules 2015-02-22 20:01:04 +01:00
Vladimír Čunát
bb587dd5cc dbus: security bump to fix CVE-2015-0245 2015-02-22 20:01:03 +01:00
Vladimír Čunát
fe76b8e608 libdrm: update 2015-02-22 20:01:03 +01:00
Vladimír Čunát
3d9e9f6571 glibc: fix -lgcc_s linking
https://github.com/NixOS/nixpkgs/commit/65221567c12eb20d12#commitcomment-9515597
2015-02-22 20:01:03 +01:00
Vladimír Čunát
a00f771551 gnugrep: fix CVE-2015-1345 by upstream patch 2015-02-22 20:01:03 +01:00
Vladimír Čunát
2fd5f06ace recode: fix build, needing texinfo now
Also make the build inputs native (no references are retained).
2015-02-22 20:01:03 +01:00
Vladimír Čunát
ff1a5a2528 libtool: update
I see nothing dangerous in NEWS.
Also refactored the expression.
2015-02-22 20:01:02 +01:00
Vladimír Čunát
e8288a7e2e grep: update
The 2.21 update fixes NixOS/nix#464.
2015-02-22 20:01:02 +01:00
Vladimír Čunát
a112709b02 automake: use 1.14.* as the default
I see 1.15 has been released recently,
but that's probably too new to be the default.
2015-02-22 20:01:02 +01:00
Vladimír Čunát
bb8d3ad2de Merge 'master' into staging 2015-02-22 19:18:07 +01:00
Domen Kožar
e5d8e23b7b Merge pull request #6519 from brendanlong/syncthing-0.10.23
syncthing: Update to 0.10.23
2015-02-22 09:25:08 -08:00
Brendan Long
82a00d1686 syncthing: Update to 0.10.23 2015-02-22 11:23:01 -06:00
Peter Simons
80101c8329 Disable some broken R packages. 2015-02-22 18:22:35 +01:00
Bjørn Forsman
d5017499a2 nixos/redis: capitalize service description 2015-02-22 16:54:14 +01:00
Bjørn Forsman
25a6745310 nixos/fail2ban: capitalize service description 2015-02-22 16:54:14 +01:00
Domen Kožar
562d0c87ff Merge pull request #6517 from sbruce/pymongo
Added pymongo-2.8 python package
2015-02-22 07:24:42 -08:00
Arseniy Seroka
44fc3b26d2 distrho: fix name 2015-02-22 18:12:34 +03:00
Bjørn Forsman
6667e964e9 xclip: set meta.platforms 2015-02-22 16:04:55 +01:00
Shaun Bruce
c2c561ad4d Added pymongo-2.8 python package 2015-02-22 08:03:45 -07:00
Lluís Batlle i Rossell
9fbbefb994 Update xclip to a more recent version (svn)
This can do -target, so it can work with images.

(cherry picked from commit 58a004999b6721fb8e55e397c0c3293d4f96fb7b)
2015-02-22 15:25:49 +01:00
Lluís Batlle i Rossell
4e99901961 nixos: Adding OATH in pam.
(cherry picked from commit cb3cba54a1b87c376d0801238cb827eadb18e39e)

Conflicts:
	nixos/modules/security/pam.nix
2015-02-22 15:25:38 +01:00
cillianderoiste
d44573e16f Merge pull request #6469 from rushmorem/jshon-package
Add jshon package
2015-02-22 14:10:08 +01:00
cillianderoiste
db97a23be3 Merge pull request #6461 from henrytill/hsetroot
hsetroot: fix libX11 error
2015-02-22 14:06:47 +01:00
cillianderoiste
7d719dd785 Merge pull request #6480 from jagajaga/fix_names
Fix names (use date instead of revs) and update pkgs (cont)
2015-02-22 14:05:07 +01:00
cillianderoiste
3440039769 Merge pull request #6493 from bcdarwin/teyjus
new package: teyjus 2.0-b2
2015-02-22 13:58:11 +01:00
cillianderoiste
ba4cb54297 Merge pull request #6507 from nathanielbaxter/dev/quazip
quazip: update from 0.7 to 0.7.1
2015-02-22 13:56:23 +01:00
Bjørn Forsman
6e070cb9d9 avr-gcc-with-avr-libc: remove unused gcc-4.6 patch
Unused since dd4e1d4225 (avr-gcc-with-avr-libc: Update to latest versions.)
2015-02-22 12:41:14 +01:00
宋文武
397066cf5d dvtm: Update to 0.14 2015-02-22 19:39:31 +08:00
Bjørn Forsman
419a4166a7 nixos/haproxy: small cleanup
* Add option types
* Rewrite option descriptions
* /var/run/haproxy.pid => /run/haproxy.pid (canonical location)
2015-02-22 12:29:34 +01:00
lethalman
fb41f0302e Merge pull request #6234 from valeriangalliat/iojs
Add io.js
2015-02-22 12:26:22 +01:00
Ambroz Bizjak
dd4e1d4225 avr-gcc-with-avr-libc: Update to latest versions.
Also modernize the Nix expression.
2015-02-22 12:17:35 +01:00
Valérian Galliat
62b17c8bf1 io.js: shared libraries
@lethalman courtesy <https://github.com/NixOS/nixpkgs/pull/6234#issuecomment-75429850>.
2015-02-22 12:00:34 +01:00
aszlig
089bdce621
Re-re-revert "chromium: remove preferLocalBuild".
This reverts commit 0696b0ef78.

Okay, now finally, let's get this straight. We actually *want*
preferLocalBuild, *because* we have improved the source splitup in
c92dbffeac.

The idea is to use local builds in order to prevent the source being
pushed to a remote machine, splitted up there (and thus copied again)
and then being copied *again* FROM the remote machine.

"DOH!" - as @edolstra or @rbvermaa would call it... and good d^Hnight.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-02-22 08:31:25 +01:00
aszlig
7cd6dd9ada
inkscape: Clean up and update to version 0.91.
This now also includes support vor visio and cdr and also adds the
missing dependency on libexif.

Forcing -lX11 in NIX_LDFLAGS is no longer needed in 0.91, so we drop
that as well as the patch and the --with-python configure flag, which is
now no longer even valid.

Tests now seem to run fine without -j1 as well.

I also tested it against the DXF test file mentioned in #3449, to be
sure we don't regress here.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-02-22 08:14:53 +01:00
aszlig
030895f075
nixos/dhcpcd: Only run resume commands if enabled.
The networkd implementation sets systemd.services.dhcpcd.enable to
false in nixos/modules/tasks/network-interfaces-systemd.nix. So we need
to respect that in the dhcpcd module.

If we don't, the resumeCommand is set nevertheless, which causes the
post-resume.service to fail after resuming:

Failed to reload dhcpcd.service: Unit dhcpcd.service is masked.
post-resume.service: main process exited, code=exited, status=1/FAILURE
Failed to start Post-Resume Actions.
Dependency failed for Post-Resume Actions.
Unit post-resume.service entered failed state.
post-resume.service failed.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-02-22 08:09:04 +01:00
aszlig
0696b0ef78
Re-revert "chromium: remove preferLocalBuild".
This reverts commit 26f024626c.

I actually wasn't reading the "remove" in the commit message, so sorry
for the brainfart/noise.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-02-22 08:07:23 +01:00
aszlig
26f024626c
Revert "chromium: remove preferLocalBuild"
This reverts commit fdb5cf8107.

The reason I'm reverting this is that the implications this had on the
IO load of Hydra are fixed by c92dbffeac.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-02-22 07:55:33 +01:00
aszlig
9de4caddc1
nixos/tests/chromium: Check new userns sandbox.
Since Chromium version 42, we have a new user namespaces sandbox in the
upstream project. It's more integrated so the chrome://sandbox page
reports it as "Namespace Sandbox" instead of SUID sandbox, which we were
re-using (or abusing?) in our patch.

So if either "SUID Sandbox" or "Namespace Sandbox" reports with "Yes",
it's fine on our side.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-02-22 07:52:53 +01:00
aszlig
c92dbffeac
chromium: Split up the source tarball on the fly.
So far we've done the source code split up by using the generic
unpackPhase and copying it all over into the different outputs.

However, this had the problem of generating the I/O load of about three
times the size of the source tree: First at fetchurl of the tarball
(although it's not as much because it's compressed), second at
unpackPhase and third at installPhase.

Now we don't use installPhase anymore and directly unpack into the
output paths, which unfortunately becomes quite a bit more complex
because we need to transform the paths of the tar file on the fly.

I've also tried using GNU Tar's --to-command option to even untar *and*
patch it at the same time, but forking for every single file in the
tarball gets REALLY slow and also gets even more complex than this two
stage approach because you need to make sure that the patch file is
applied correctly, for example for files that don't yet exist but are to
be created by the patch file.

We're using --anchored and --no-wildcards-match-slash here to prevent
accidentally excluding files we don't want to exclude. One example is
something like v8/tools/gyp/v8.gyp.

So the current approach is some compromise between complexity and speed
and should hopefully get rid of the Hydra build timeouts by lowering I/O
load.

See here for examples of builds having this issue:

http://hydra.nixos.org/build/19045023
http://hydra.nixos.org/build/19044973
http://hydra.nixos.org/build/19044968
http://hydra.nixos.org/build/19045019

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-02-22 07:52:53 +01:00
aszlig
0aad4b7ee4
chromium: Update all channels to latest versions.
Overview of the updated versions:

stable: 40.0.2214.91 -> 40.0.2214.115
beta:   41.0.2272.16 -> 41.0.2272.64
dev:    41.0.2272.16 -> 42.0.2305.3

Introduces 42.0.2305.3 as the new dev version, which no longer requires
our user namespaces sandbox patch. Thanks to everyone participating in
https://crbug.com/312380 for finally having this upstream.

In the course of supporting the official namespace sandbox (that's what
the user namespace sandbox is called), a few things needed to be fixed
for version 42:

 * Add an updated nix_plugin_paths.patch, because the old
   one tries to patch the path for libpdf, which is now natively included
   in Chromium.

 * Don't copy libpdf.so to libexec path for version 42, it's no longer
   needed as it's completely built-in now.

 * Disable SUID sandbox directly in the source instead of going the easy
   route of passing --disable-setuid-sandbox. The reason is that with
   the command line flag a nasty nagbar will appear.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-02-22 07:52:52 +01:00
Nathaniel Baxter
e149afe3a1 quazip: update from 0.7 to 0.7.1 2015-02-22 15:16:39 +11:00
Thomas Tuegel
d15d0bebc3 kde5: remove file collisions 2015-02-21 20:58:43 -06:00
Thomas Tuegel
a1c76a061f Merge branch 'zotero' 2015-02-21 20:23:40 -06:00
Thomas Tuegel
d62eabc563 Merge branch 'hplip' 2015-02-21 20:23:13 -06:00