Also passthrough the meta of the package to have description,
homepage, license, maintainers and other metadata passed through to
the commonly used attribute.
With the default configuration, the libraries are generated with a
-2_4.24.dylib suffix, and linking with -l...-2_4 doesn't work. Pass
the configure option to turn off the suffix.
Changes since the last release
New and changed parameters
POWERLEVEL9K_DIR_TRUNCATE_BEFORE_MARKER can now be set to last (equivalent to true from older versions) or first (new feature).
Bug fixes
gitstatus once again works on 32-bit ARM Linux (armv6l and armv7l).
Google moved their oslogin guest tools to another repository.
Point src to there, and bump to the latest version
There's now a Makefile, so we can avoid having our own custom
installPhase, and we also get manpages.
I successfully ran the oslogin tests, so assuming the google cloud
metadata server still behaves like in our test, logins should work.
I saw a nscd segfault, not sure if it's caused by this or was already
the case before.
It'd be great if someone could test this on an actual VM.
Instead of using two different php packages in php-packages.nix, one
wrapper and one unwrapped, simply use the wrapper and use its
"unwrapped" attribute when necessary. Also, get rid of the packages
and extensions attributes from the base package, since they're no
longer needed.
Since the introduction of php.unwrapped there's no real need for the
phpXXbase attributes, so let's remove them to lessen potential
confusion and clutter. Also update the docs to make it clear how to
get hold of an unwrapped PHP if needed.
Fixes: CVE-2020-6061, CVE-2020-6062
An exploitable heap overflow vulnerability exists in the way CoTURN
4.5.1.1 web server parses POST requests. A specially crafted HTTP
POST request can lead to information leaks and other misbehavior.
An attacker needs to send an HTTPS request to trigger this vulnerability.
An exploitable denial-of-service vulnerability exists in the way
CoTURN 4.5.1.1 web server parses POST requests. A specially crafted
HTTP POST request can lead to server crash and denial of service.
An attacker needs to send an HTTP request to trigger this vulnerability.
https://github.com/fish-shell/fish-shell/compare/3.1.1...3.1.2
"This release of fish fixes a major issue discovered in fish 3.1.1:
Commands such as `fzf` and `enhancd`, when used with `eval`, would hang.
`eval` buffered output too aggressively, which has been fixed."
The logging "sed-patch" that was introduced for version 20190611 worked poorly:
it was too intrusive (breaking the --logfile option), and it didn't prevent
using in-store file for logging by default. The new logging patch (an actual
"diff-patch") is less intrusive: it just changes the default log file's
location to be the current directory instead of the executable's directory.
Fixes: CVE-2019-14834
A vulnerability was found in dnsmasq before version 2.81, where the
memory leak allows remote attackers to cause a denial of service
(memory consumption) via vectors involving DHCP response creation.
Changelog:
version 2.81
Improve cache behaviour for TCP connections. For ease of
implementaion, dnsmasq has always forked a new process to handle
each incoming TCP connection. A side-effect of this is that
any DNS queries answered from TCP connections are not cached:
when TCP connections were rare, this was not a problem.
With the coming of DNSSEC, it is now the case that some
DNSSEC queries have answers which spill to TCP, and if,
for instance, this applies to the keys for the root, then
those never get cached, and performance is very bad.
This fix passes cache entries back from the TCP child process to
the main server process, and fixes the problem.
Remove the NO_FORK compile-time option, and support for uclinux.
In an era where everything has an MMU, this looks like
an anachronism, and it adds to (Ok, multiplies!) the
combinatorial explosion of compile-time options. Thanks to
Kevin Darbyshire-Bryant for the patch.
Fix line-counting when reading /etc/hosts and friends; for
correct error messages. Thanks to Christian Rosentreter
for reporting this.
Fix bug in DNS non-terminal code, added in 2.80, which could
sometimes cause a NODATA rather than an NXDOMAIN reply.
Thanks to Norman Rasmussen, Sven Mueller and Maciej Żenczykowski
for spotting and diagnosing the bug and providing patches.
Support TCP-fastopen (RFC-7413) on both incoming and
outgoing TCP connections, if supported and enabled in the OS.
Improve kernel-capability manipulation code under Linux. Dnsmasq
now fails early if a required capability is not available, and
tries not to request capabilities not required by its
configuration.
Add --shared-network config. This enables allocation of addresses
by the DHCP server in subnets where the server (or relay) does not
have an interface on the network in that subnet. Many thanks to
kamp.de for sponsoring this feature.
Fix broken contrib/lease_tools/dhcp_lease_time.c. A packet
validation check got borked in commit 2b38e382 and release 2.80.
Thanks to Tomasz Szajner for spotting this.
Fix compilation against nettle version 3.5 and later.
Fix spurious DNSSEC validation failures when the auth section
of a reply contains unsigned RRs from a signed zone,
with the exception that NSEC and NSEC3 RRs must always be signed.
Thanks to Tore Anderson for spotting and diagnosing the bug.
Add --dhcp-ignore-clid. This disables reading of DHCP client
identifier option (option 61), so clients are only identified by
MAC addresses.
Fix a bug which stopped --dhcp-name-match from working when a hostname
is supplied in --dhcp-host. Thanks to James Feeney for spotting this.
Fix bug which caused very rarely caused zero-length DHCPv6 packets.
Thanks to Dereck Higgins for spotting this.
Add --tftp-single-port option.
Enhance --conf-dir to load files in a deterministic order. Thanks to
Evgenii Seliavka for the suggestion and initial patch.
In the router advert code, handle case where we have two
different interfaces on the same IPv6 net, and we are doing
RA/DHCP service on only one of them. Thanks to NIIBE Yutaka
for spotting this case and making the initial patch.
Support prefixed ranges of ipv6 addresses in dhcp-host.
This eases problems chain-netbooting, where each link in the
chain requests an address using a different UID. With a single
address, only one gets the "static" address, but with this
fix, enough addresses can be reserved for all the stages of the
boot. Many thanks to Harald Jensås for his work on this idea and
earlier patches.
Add filtering by tag of --dhcp-host directives. Based on a patch
by Harald Jensås.
Allow empty server spec in --rev-server, to match --server.
Remove DSA signature verification from DNSSEC, as specified in
RFC 8624. Thanks to Loganaden Velvindron for the original patch.
Add --script-on-renewal option.
* treewide Drop unneeded go 1.12 overrides
* Fix packr to be go module compatible.
I updated to version 2.8.0 which is the latest on master.
Then due to the 2 different sets of go modules which are used, I split
the build into two different derivations, then merged them togethor
using symlinkJoin to have the same output structure as the existing derivation.
* Remove consul dependency on go1.12
I updated the consul version to 1.7.2 and flipped it to building using
modules.
* Remove go1.12 from perkeep.
Update the version to the latest unstable on master.
* Update scaleway-cli to not be pinned to go1.12
Switched the version to 1.20
* Update prometheus-varnish-exporter to not depend on go1.12
* Update lnd to build with go1.12
Updated the version
Forced only building subpackages with main to prevent panics over
multiple modules in one repo
* Remove go1.12 from openshift
Had to update the version to 4.1.0 and do a bit of munging to get this
to work
* Remove go1.12 completely.
These are no longer needed.
* Update bazel-watcher and make it build with go 1.14
The gstreamer plugin provides support for additional common
file/tagging formats like id3 tags in mp3 files. In addition, it
e.g. exposes more tags than the FLAC plugin for FLAC files.
Increase of closure size: 86.71 MB (52.8%)
Fixes: CVE-2020-12243
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters
with nested boolean expressions can result in denial of service
(daemon crash).
Changes since the last release
Bug fixes
Configuration wizard no longer redraws screen every second
Configuration wizard no longer prints spurious errors before the charset screen
Configuration wizard once again honors prompt frame selection
VirtualBox ships with "alternative BIOS sources" for its virtual BIOS.
These are generated by first compiling the BIOS C sources with the
Open Watcom toolchain, disassembling the output and checking in the
disassembly into the VirtualBox repo.
The result means that the BIOS C code cannot be patched, because it's
not compiled from the C sources, if Open Watcom is not there.
As Open Watcom is now available in nixpkgs, we can just ignore the
alternative BIOS sources and compile it from C directly.
From the release notes:
* Require OCaml 4.03 and handle stdlib deprecations.
* Drop result depency.
* Drop ocb-stubblr dependency
The library has also been re-licensed from BSD3 to ISC.
These .desktop files set InitialPreference>1 which will override other
associations even the .desktop appears first in XDG_DATA_DIRS. This
applies to:
- org.kde.kate.desktop
- org.kde.kwrite.desktop
- kfmclient_html.desktop
- okularApplication_txt.desktop
Fixes#86137
Until recently, libusb-compat propagated libusb1 and many packages unknowingly used it to obtain libusb1.
When https://github.com/NixOS/nixpkgs/pull/82944 removed this evil propagation, it broke many packages with such incorrect assumption.
This patch trades the breakage of packages wanting libusb1 caused by the PR for a hopefully less common breakage of the packages relying on the compat library.
It was added in 4d7cc55344
without any rationale. python2.pkgs.nxt-python seems to build without it.
Maybe it for some reason uses the libusb-0.1 backend but propagating the compat library would not enable that.
https://github.com/fish-shell/fish-shell/compare/3.1.0...3.1.1
The patch we had to use for Apple SDKs was merged upstream, so it can be
dropped. I ran nixpkgs-fmt, and removed the `with stdenv.lib;` scope
expander.
Additionally, did a little bit of cleanup. I plan on refactoring this
more down the line, but this'll do for now.
I finally figured out why we use `fetchurl` for the tagged release: the
published release tarballs contain a version file, which the
`build_tools/git_version_gen.sh` script reads (and uses as the version
if it exists). The other thing it contains are pre-generated docs for
various `fish` builtins. I've expanded the comment to document this so
nobody is as confused as I was when I first saw it. (Though I plan to
change this and add sphinx as a native build input in order to build the
docs ourselves.)
The only reason to pass build inputs is to extend the unpackPhase with
custom unpack commands. Eg: add "unrar" to unpack rar sources. And those
should really be passed as native build inputs. Why? Because
nativeBuildInputs is for dependencies that are used at build time but
will not propagate as runtime dependencies. And also, cross-compilation.
Changes since the last release
Wizard
Configuration wizard now reacts to terminal size changes in real time and can function at much smaller terminal dimensions.
Configs with prompt_char now have vi_mode disabled by default.
Generated configs now unset DEFAULT_USER.
Classic and Rainbow configs now set POWERLEVEL9K_MULTILINE_NEWLINE_PROMPT_GAP_BACKGROUND. This makes it easier to define 3-line prompt.
New parameters
If POWERLEVEL9K_CONFIG_FILE is set, configuration wizard will write configs to the specified location instead of the default ${ZDOTDIR:-~}/.p10k.zsh.
gitstatus
Support older macOS versions (at least El Capitan; even older versions might work).
Support Linux on armv6, i386 and i686.
Support cygwin and msys2 on i686.
macOS builds now use iconv from Homebrew.
gitstatusd binaries are now being built with https://github.com/romkatv/gitstatus/blob/release/mbuild.
Misc
The default icon for proxy segment is now ↔ instead of ⮂. The old icon is missing in many fonts.
Bug fixes
gitstatus once again works on 64-bit Linux without glibc.
Instant prompt no longer gets gradually slower over time when XDG_HOME_CACHE is on a slow filesystem.
Instant prompt no longer prints spurious erros when XDG_HOME_CACHE is on NTFS.
The old-style (and discouraged) custom prompts now work on zsh 5.3.1.
Configuration wizard once again presents "extra icons" and "fluent prompt" options when using 12-hour time format.
While it's already possible to invoke `update-data` with the `--rev`
argument, one still needs to run all later phases manually.
Fix this, by having `update-all` also accept a `--rev` argument, and
pass it down to `update-data`.
Also, make the help text a bit more usable, by suggesting the usual
versioning scheme used these times.