Commit Graph

8748 Commits

Author SHA1 Message Date
Michael Weiss
ec1082c58f fuse: 2.9.7 -> 2.9.8 (security, CVE-2018-10906)
Upstream changelog:
- SECURITY UPDATE: In previous versions of libfuse it was possible to
  for unprivileged users to specify the allow_other option even when
  this was forbidden in /etc/fuse.conf. The vulnerability is present
  only on systems where SELinux is active (including in permissive
  mode).
- libfuse no longer segfaults when fuse_interrupted() is called outside
  the event loop.
- The fusermount binary has been hardened in several ways to reduce
  potential attack surface. Most importantly, mountpoints and mount
  options must now match a hard-coded whitelist. It is expected that
  this whitelist covers all regular use-cases.
- Fixed rename deadlock on FreeBSD.
2018-07-25 23:53:40 +02:00
Michael Weiss
46cd782b43 fuse3: 3.2.4 -> 3.2.5 (security, CVE-2018-10906)
Upstream changelog:
- SECURITY UPDATE: In previous versions of libfuse it was possible to
  for unprivileged users to specify the allow_other option even when
  this was forbidden in /etc/fuse.conf. The vulnerability is present
  only on systems where SELinux is active (including in permissive
  mode).
- The fusermount binary has been hardened in several ways to reduce
  potential attack surface. Most importantly, mountpoints and mount
  options must now match a hard-coded whitelist. It is expected that
  this whitelist covers all regular use-cases.
- Added a test of seekdir to test_syscalls.
- Fixed readdir bug when non-zero offsets are given to filler and the
  filesystem client, after reading a whole directory, re-reads it from a
  non-zero offset e. g. by calling seekdir followed by readdir.
2018-07-25 23:53:40 +02:00
Daiderd Jordan
7110d87d51
Merge pull request #43892 from periklis/skhd-update
skhd: bump 0.1.1 to 0.2.2
2018-07-25 23:35:50 +02:00
Tim Steinbach
202e270bbf
linux: 4.17.9 -> 4.17.10 2018-07-25 14:21:20 -04:00
Tim Steinbach
6cd6eb0513
linux: 4.14.57 -> 4.14.58 2018-07-25 14:21:12 -04:00
Tim Steinbach
0fde78112e
linux: 4.9.114 -> 4.9.115 2018-07-25 14:21:03 -04:00
Tim Steinbach
a2833a06b9
linux: 4.4.143 -> 4.4.144 2018-07-25 14:20:55 -04:00
Periklis Tsirakidis
09cfb65c99 skhd: bump 0.1.1 to 0.2.2 2018-07-25 11:19:27 +02:00
John Ericson
519e87a449 util-linux: No more crossAttrs
More cleanup will come later
2018-07-24 19:40:46 -04:00
John Ericson
e5d630e99e kmod: Remove crossAttrs
Issue #21191 is indeed fixed now.
2018-07-24 18:39:41 -04:00
John Ericson
d4f5ee8199
Merge pull request #44065 from Ericson2314/no-crossAttrs-master
treewide: Remove some crossAttrs
2018-07-24 18:30:14 -04:00
Profpatsch
4295da8af4 skarnet software: add Profpatsch as maintainer 2018-07-25 00:06:31 +02:00
Profpatsch
710f0f8c10 skarnet software: rename attributes and split outputs
Change the attribute names of camelCased utils to kebab-case to improve
consistency.
Split every package into multiple outputs where possible.
2018-07-25 00:06:31 +02:00
John Ericson
1f9838ea34 jom: Remove crossAttrs
Untested, but I don't think this has ever built.
2018-07-24 17:54:31 -04:00
John Ericson
aa8944f403 hurd: Remove cross attrs 2018-07-24 17:25:40 -04:00
John Ericson
66c41943b3 gnu mig: Remove crossAttrs 2018-07-24 17:25:40 -04:00
Tuomas Tynkkynen
29b84841d2 kernel: Reduce peak disk usage during build
Since commit f620b1b693, the build directory is located inside the
source directory. Thus, the `cp -dpR` copies gigabytes worth of .o files
only to be deleted later on when we trim all non-essential files from
`$dev/lib/modules/${modDirVersion}/source/` thus causing a significant
amount of wasted I/O and peak disk usage.

As `cp` doesn't come with a `--exclude` flag, use rsync. And throw out
the Documentation folder while at it.
2018-07-24 23:36:06 +03:00
Tuomas Tynkkynen
4cec65482a kernel: Respect makeFlagsArray in more places
It's used two lines above, so be consistent.
2018-07-24 23:36:06 +03:00
Tuomas Tynkkynen
c6ed851fe2 kernel: Remove dead code
It's set in the same phase
2018-07-24 23:36:06 +03:00
Tuomas Tynkkynen
e0ce4bee57 kernel: Remove empty preUnpack 2018-07-24 23:36:05 +03:00
Frederik Rietdijk
099c13da1b Merge staging-next into master (#44009)
* substitute(): --subst-var was silently coercing to "" if the variable does not exist.

* libffi: simplify using `checkInputs`

* pythonPackges.hypothesis, pythonPackages.pytest: simpify dependency cycle fix

* utillinux: 2.32 -> 2.32.1

https://lkml.org/lkml/2018/7/16/532

* busybox: 1.29.0 -> 1.29.1

* bind: 9.12.1-P2 -> 9.12.2

https://ftp.isc.org/isc/bind9/9.12.2/RELEASE-NOTES-bind-9.12.2.html

* curl: 7.60.0 -> 7.61.0

* gvfs: make tests run, but disable

* ilmbase: disable tests on i686. Spooky!

* mdds: fix tests

* git: disable checks as tests are run in installcheck

* ruby: disable tests

* libcommuni: disable checks as tests are run in installcheck

* librdf: make tests run, but disable

* neon, neon_0_29: make tests run, but disable

* pciutils: 3.6.0 -> 3.6.1

Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/pciutils/versions.

* mesa: more include fixes

mostly from void-linux (thanks!)

* npth: 1.5 -> 1.6

minor bump

* boost167: Add lockfree next_prior patch

* stdenv: cleanup darwin bootstrapping

Also gets rid of the full python and some of it's dependencies in the
stdenv build closure.

* Revert "pciutils: use standardized equivalent for canonicalize_file_name"

This reverts commit f8db20fb3a.
Patching should no longer be needed with 3.6.1.

* binutils-wrapper: Try to avoid adding unnecessary -L flags

(cherry picked from commit f3758258b8895508475caf83e92bfb236a27ceb9)
Signed-off-by: Domen Kožar <domen@dev.si>

* libffi: don't check on darwin

libffi usages in stdenv broken darwin. We need to disable doCheck for that case.

* "rm $out/share/icons/hicolor/icon-theme.cache" -> hicolor-icon-theme setup-hook

* python.pkgs.pytest: setupHook to prevent creation of .pytest-cache folder, fixes #40273

When `py.test` was run with a folder as argument, it would not only
search for tests in that folder, but also create a .pytest-cache folder.
Not only is this state we don't want, but it was also causing
collisions.

* parity-ui: fix after merge

* python.pkgs.pytest-flake8: disable test, fix build

* Revert "meson: 0.46.1 -> 0.47.0"

With meson 0.47.0 (or 0.47.1, or git)
things are very wrong re:rpath handling
resulting in at best missing libs but
even corrupt binaries :(.

When we run patchelf it masks the problem
by removing obviously busted paths.
Which is probably why this wasn't noticed immediately.

Unfortunately the binary already
has a long series of paths scribbled
in a space intended for a much smaller string;
in my testing it was something like
lengths were 67 with 300+ written to it.

I think we've reported the relevant issues upstream,
but unfortunately it appears our patches
are what introduces the overwrite/corruption
(by no longer being correct in what they assume)

This doesn't look so bad to fix but it's
not something I can spend more time on
at the moment.

--

Interestingly the overwritten string data
(because it is scribbled past the bounds)
remains in the binary and is why we're suddenly
seeing unexpected references in various builds
-- notably this is is the reason we're
seeing the "extra-utils" breakage
that entirely crippled NixOS on master
(and probably on staging before?).

Fixes #43650.

This reverts commit 305ac4dade.

(cherry picked from commit 273d68eff8f7b6cd4ebed3718e5078a0f43cb55d)
Signed-off-by: Domen Kožar <domen@dev.si>
2018-07-24 15:04:48 +01:00
Tim Steinbach
83be1d081b
linux: 4.18-rc5 -> 4.18-rc6 2018-07-22 22:43:14 -04:00
Tim Steinbach
f89e07dd24
linux: 4.17.8 -> 4.17.9 2018-07-22 22:42:54 -04:00
Tim Steinbach
bbf1770e40
linux: 4.14.56 -> 4.14.57 2018-07-22 22:42:37 -04:00
Tim Steinbach
486f37cf5b
linux: 4.9.113 -> 4.9.114 2018-07-22 22:42:24 -04:00
Tim Steinbach
05b0bdb309
linux: 4.4.142 -> 4.4.143 2018-07-22 22:42:13 -04:00
Franz Pletz
5210a073ad
batman-adv: 2018.1 -> 2018.2 2018-07-22 11:16:22 +02:00
Franz Pletz
dbd7dd757f
alfred: 2018.1 -> 2018.2 2018-07-22 11:16:05 +02:00
Frederik Rietdijk
6c72782d36 Merge staging-next into master 2018-07-22 11:04:28 +02:00
Frederik Rietdijk
cd8a3d279a
Merge pull request #43949 from r-ryantm/auto-update/acpid
acpid: 2.0.29 -> 2.0.30
2018-07-22 08:21:03 +02:00
Frederik Rietdijk
c556f41368
Merge pull request #43952 from r-ryantm/auto-update/batctl
batctl: 2018.1 -> 2018.2
2018-07-22 08:20:41 +02:00
R. RyanTM
58e4b0e545 batctl: 2018.1 -> 2018.2
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/batctl/versions.
2018-07-21 20:53:21 -07:00
R. RyanTM
7225c2acd0 acpid: 2.0.29 -> 2.0.30
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/acpid/versions.
2018-07-21 20:25:39 -07:00
Matthew Bauer
916f096911
Merge pull request #43890 from matthewbauer/mingw-fixes
Mingw fixes
2018-07-21 17:04:20 -04:00
Matthew Bauer
53cb8dc09e windows.libgnurx: init 2018-07-21 17:00:05 -04:00
Frederik Rietdijk
ad47d658d1 Merge master into staging-next 2018-07-21 19:43:53 +02:00
Jörg Thalheim
218298b30f
Merge branch 'master' into unused5 2018-07-21 15:41:22 +01:00
volth
52f53c69ce pkgs/*: remove unreferenced function arguments 2018-07-21 02:48:04 +00:00
volth
dda95bae35 [bot] treewide: remove unused 'args@' in lambdas 2018-07-20 19:54:05 +00:00
Graham Christensen
7fdba7c74e
Merge pull request #43834 from ryantm/https2
treewide: http -> https
2018-07-19 21:31:36 -04:00
Ryan Mulligan
df8062c45b treewide: http -> https 2018-07-19 18:12:04 -07:00
Tim Steinbach
037e06f0b3
linux: 4.4.141 -> 4.4.142 2018-07-19 20:50:51 -04:00
Michael Weiss
6c1e45b000 nvme-cli: 1.5 -> 1.6 2018-07-19 22:33:52 +02:00
Frederik Rietdijk
8213ff161c Merge master into staging-next 2018-07-19 18:24:24 +02:00
Matthew Bauer
76999cc40e treewide: remove aliases in nixpkgs
This makes the command ‘nix-env -qa -f. --arg config '{skipAliases =
true;}'’ work in Nixpkgs.

Misc...

- qtikz: use libsForQt5.callPackage

  This ensures we get the right poppler.

- rewrites:

  docbook5_xsl -> docbook_xsl_ns
  docbook_xml_xslt -> docbook_xsl

diffpdf: fixup
2018-07-18 23:25:20 -04:00
Tim Steinbach
8432dec854
linux: 4.17.7 -> 4.17.8 2018-07-18 07:15:00 -04:00
Tim Steinbach
e73a01f3e9
linux: 4.17.6 -> 4.17.7 2018-07-17 09:19:51 -04:00
Tim Steinbach
4f2395ee2e
linux: 4.14.55 -> 4.14.56 2018-07-17 09:19:51 -04:00
Tim Steinbach
9be6011fed
linux: 4.9.112 -> 4.9.113 2018-07-17 09:19:51 -04:00
Tim Steinbach
8aec1a4ba6
linux: 4.4.130 -> 4.4.141 2018-07-17 09:19:51 -04:00