Commit Graph

90950 Commits

Author SHA1 Message Date
Robin Gloster
955b79f462
pcre2: 10.22 -> 10.23 + security fix
CVE-2017-7186

refs nixos/security#57 #24319
2017-03-26 17:13:38 +02:00
Daniel Peebles
826ae5ff21 Merge pull request #24058 from LnL7/go-cacert
go: use NIX_SSL_CERT_FILE for crypto/x509
2017-03-26 11:11:05 -04:00
Joachim Fasting
f2cf8ffdcb
torbrowser: hard-code path to wrapper in desktop file 2017-03-26 17:08:00 +02:00
Joachim Fasting
2ad44935f1
torbrowser: correct internal note about geoip 2017-03-26 17:07:53 +02:00
Thomas Tuegel
41699287b6
vogl: pin to Qt 5.6 2017-03-26 09:40:27 -05:00
Thomas Tuegel
8b50f4c990 Merge pull request #24299 from ttuegel/master--drop-qt-5.7
Drop Qt 5.5 and Qt 5.7 from master
2017-03-26 09:18:38 -05:00
Vincent Laporte
b90d1a4496 ocamlPackages.fmt: 0.8.0 -> 0.8.2 2017-03-26 14:15:11 +00:00
Tim Steinbach
23d0f01e95
linux: 4.4.56 -> 4.4.57 2017-03-26 10:08:56 -04:00
Tim Steinbach
c0411ea229
linux: 4.10.5 -> 4.10.6 2017-03-26 10:05:22 -04:00
Tim Steinbach
422a8b9cd1
linux: 4.9.17 -> 4.9.18 2017-03-26 10:00:57 -04:00
Dmitry Kalinkin
7035325c62 citrix-receiver: fix wrapper, direct dl url, $PWD needs escaping
(edited by @obadz, closes #24320)
2017-03-26 14:28:54 +01:00
ndowens
6c17ad677c
jasper: 2.0.10 -> 2.0.12 2017-03-26 08:20:27 -04:00
Leon Isenberg
65029beb38 libguestfs: add qemu to wrapped PATH
virt-df doesn't find qemu-img otherwise.
2017-03-26 14:10:36 +02:00
Jörg Thalheim
09c91f5fea Merge pull request #24002 from deepfire/vogl
vogl:  init at 2016-05-13
2017-03-26 11:45:37 +02:00
Vincent Laporte
4a8b2c2942 sile: on Darwin, use AppKit for font selection 2017-03-26 08:37:05 +00:00
Joachim F
61c43a0f86 Merge pull request #24342 from WilliButz/master
spotify: 1.0.49.125.g72ee7853-111 -> 1.0.52.717.g2f08534a-47
2017-03-26 09:31:00 +01:00
Kosyrev Serge
03ddb417c3 vogl: init at 2016-05-13 2017-03-26 11:16:13 +03:00
Frederik Rietdijk
fffb511607 Merge pull request #24208 from lsix/update_django_1_10
pythonPackages.django: 1.10.5 -> 1.10.6
2017-03-26 09:43:41 +02:00
Cray Elliott
7bd73bdba3 obs-studio: use upstream crash fixes, drop patch 2017-03-25 21:08:08 -07:00
ndowens
7793669ec9 Merge pull request #24310 from ndowens/advancecomp
advancecomp: 1.19 -> 1.23
2017-03-25 20:18:34 -05:00
Willi Butz
3c090f0e5a
spotify: 1.0.49.125.g72ee7853-111 -> 1.0.52.717.g2f08534a-47 2017-03-26 01:13:11 +01:00
Nikolay Amiantov
66b05cd4e6 ibus-engines: use wrapPythonPrograms
This is needed now that PYTHONPATH is not propagated. Also several packages
with additional dependencies are now properly wrapped.
2017-03-26 02:20:02 +03:00
Nikolay Amiantov
99434abff7 ibus: wrap with GTK dependencies
Without this ibus can't load its settings.
Also don't propagate PYTHONPATH.
2017-03-26 02:20:02 +03:00
Vladimír Čunát
8c4339a9dc
texlive: fix CVE-2016-10243
https://github.com/NixOS/security/issues/104
2017-03-25 23:03:10 +01:00
Edward Tjörnhammar
dc514b246e
i2pd: 2.11.0 -> 2.12.0 2017-03-25 21:42:32 +01:00
Jörg Thalheim
5e0cbbbdb6
keepassx-community: 2.1.2 -> 2.1.3
fixes https://github.com/NixOS/security/issues/105
2017-03-25 21:39:22 +01:00
Edward Tjörnhammar
b35d22b30c
radarr: init at 0.2.0.553 + nixos module 2017-03-25 21:19:55 +01:00
Edward Tjörnhammar
2db5c5cfe2
jackett: init at 0.7.1197 + nixos module 2017-03-25 21:19:44 +01:00
Daiderd Jordan
f422543487 Merge pull request #24329 from cko/nodejs-4_8_1
nodejs-4_x: 4.6.0 -> 4.8.1
2017-03-25 21:18:15 +01:00
Pascal Wittmann
827d48e6b3 Merge pull request #24321 from rbasso/exercism-2.4.0
exercism: 2.3.0 -> 2.4.0
2017-03-25 21:08:05 +01:00
Pascal Wittmann
80b7cdfb31 Merge pull request #24276 from jluttine/yadm-1.07
yadm: 1.05 -> 1.07
2017-03-25 21:06:48 +01:00
Michael Raskin
7b706900e7 graphicsmagick: patch for CVE-2017-6335 2017-03-25 21:04:08 +01:00
Franz Pletz
b00cfd49d5
irssi: 1.0.1 -> 1.0.2 for CVE-2017-7191
See https://irssi.org/security/irssi_sa_2017_03.txt.
2017-03-25 20:44:16 +01:00
Pascal Wittmann
0ac30114c2 Merge pull request #24324 from NeQuissimus/kotlin_1_1_1
kotlin: 1.1 -> 1.1.1
2017-03-25 20:30:30 +01:00
uwap
a616f4ec9b prosody: 0.9.10 -> 0.9.12 (#24269) 2017-03-25 20:14:12 +01:00
Robin Gloster
84c4ea38dc Merge pull request #24332 from WilliButz/master
manticore: fix compiling pml sources
2017-03-25 20:05:59 +01:00
Willi Butz
53dde42153
manticore: fix compiling pml sources
Compiler depends on sources that weren't present in the output.
2017-03-25 19:47:38 +01:00
Christine Koppelt
5861b8b1c9 nodejs-4_x: 4.6.0 -> 4.8.1 2017-03-25 17:29:02 +01:00
Cillian de Róiste
e3938c8e31 drumkv1: 0.8.0 -> 0.8.1 2017-03-25 17:04:44 +01:00
Cillian de Róiste
65593e64c4 drumgizmo: 0.9.11 -> 0.9.12 2017-03-25 16:58:26 +01:00
Joachim F
69a169ef12 Merge pull request #24313 from womfoo/bump/iterm2-3.0.14
iterm2: 3.0.4 -> 3.0.14 + fix build
2017-03-25 16:46:42 +01:00
Thomas Tuegel
9125bab708
dropbox: use vendored Qt 5 libraries 2017-03-25 10:14:51 -05:00
Shea Levy
f087b75941 nix-buffer support: Make process-environment changes actually local 2017-03-25 11:13:25 -04:00
Willi Butz
55d21cad95 manticore: fix build, remove builder.sh (see #23253) 2017-03-25 17:04:55 +02:00
Tim Steinbach
c0d9bce6f7
kotlin: 1.1 -> 1.1.1. 2017-03-25 11:04:41 -04:00
Tim Steinbach
5c841654d8 Merge pull request #24323 from NeQuissimus/git_2_12_2
git: 2.12.0 -> 2.12.2
2017-03-25 11:00:42 -04:00
Joachim Fasting
ecd0e1a2c7
torbrowser: reduce risk of stale Nix store references
This patch restructures the expression and wrapper to minimize Nix store
references captured by the user's state directory.

The previous version would write lots of references to the Nix store into
the user's state directory, resulting in synchronization issues between
the Store and the local state directory.  At best, this would cause TBB to
stop working when the version used to instantiate the local state was
garbage collected; at worst, a user would continue to use the old version
even after an upgrade.

To solve the issue, hard-code as much as possible at the Store side and
minimize the amount of stuff being copied into the local state dir.
Currently, only a few files generated at firefox startup and fontconfig
cache files end up capturing store paths; these files are simply removed
upon every startup.  Otherwise, no capture should occur and the user
should always be using the TBB associated with the tor-browser wrapper
script.

To check for stale Store paths, do
   `grep -Ero '/nix/store/[^/]+' ~/.local/share/tor-browser`
This command should *never* return any other store path than the one
associated with the current tor-browser wrapper script, even after an
update (assuming you've run tor-browser at least once after updating).
Deviations from this general rule are considered bugs from now on.

Note that no attempt has been made to support pluggable transports; they
are still broken with this patch (to be fixed in a follow-up patch).

User visible changes:
- Wrapper retains only environment variables required for TBB to work
- pulseaudioSupport can be toggled independently of mediaSupport (the
  latter weakly implies the former).
- Store local state under $TBB_HOME.  Defaults to $XDG_DATA_HOME/tor-browser
- Stop obnoxious first-run stuff (NoScript redirect, in particular)
- Set desktop item GenericName to Web Browser

Some minor enhancements:
- Disable Hydra builds
- Specify system -> source mapping to make it easier to
  extend supported platforms.
2017-03-25 15:59:18 +01:00
rbasso
97ca8d1105 exercism: 2.3.0 -> 2.4.0 2017-03-25 23:43:12 +09:00
Tim Steinbach
10725a6329
git: 2.12.0 -> 2.12.2 2017-03-25 10:25:54 -04:00
Thomas Tuegel
e6dc95697a
rapcad: pin to Qt 5.6 2017-03-25 09:23:52 -05:00