Commit graph

82606 commits

Author SHA1 Message Date
zimbatm
007ea84222 Merge pull request #15181 from bradediger/ruby-2.3.1
ruby: update 2.3 series to 2.3.1
2016-05-04 10:31:08 +01:00
Joachim Fasting
eecd06409f Merge pull request #15205 from romildo/upd.imlib2
imlib2: 1.4.8 -> 1.4.9
2016-05-04 06:46:26 +02:00
Joachim Fasting
0a61ab5845 Merge pull request #15200 from Pleune/fix/bspwm-java-noreparenting
bspwm: add _JAVA_AWT_WM_NONREPARENTING=1
2016-05-04 06:18:38 +02:00
Joachim Fasting
da767356f2
grsecurity: support disabling TCP simultaneous connect
Defaults to OFF because disabling TCP simultaneous connect breaks some
legitimate use cases, notably WebRTC [1], but it's nice to provide the
option for deployments where those features are unneeded anyway.

This is an alternative to https://github.com/NixOS/nixpkgs/pull/4937

[1]: http://article.gmane.org/gmane.linux.documentation/9425
2016-05-04 03:53:24 +02:00
José Romildo Malaquias
3e401a8d01 imlib2: 1.4.8 -> 1.4.9 2016-05-03 22:34:47 -03:00
Svein Ove Aas
c5451206ab Init CKAN: The Comprehensive Kerbal Archive Network (#15202)
* ckan: Init at 1.16.1
2016-05-04 02:12:39 +01:00
Joachim Fasting
d0306e4ab4 Merge pull request #15201 from romildo/fix.xfce4-whiskermenu-plugin
xfce4-whiskermenu-plugin: 1.5.2 -> 1.5.3
2016-05-04 02:29:20 +02:00
Thomas Tuegel
d9f57d5256 Merge pull request #15203 from NixOS/update-poppler
poppler: 0.36.0 -> 0.43.0
2016-05-03 18:29:24 -05:00
Franz Pletz
2acea21155 gitlab: 8.5.7 -> 8.5.12 2016-05-04 01:24:55 +02:00
Franz Pletz
69c14985d0 imagemagick: Disable insecure coders (ImageTragick)
See:

  * https://imagetragick.com/
  * https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
2016-05-04 01:22:02 +02:00
Franz Pletz
05eae0242d imagemagick: 6.9.3-8 -> 6.9.3-9 2016-05-04 01:22:02 +02:00
Joachim Fasting
0bd31bce10
grsecurity: drop support for 4.4 kernels
From now on, only the testing branch of grsecurity will be supported.
Additionally, use only patches from upstream.

It's impossible to provide meaningful support for grsecurity stable.
First, because building and testing \(m \times n \times z) [1], packages
is infeasible.  Second, because stable patches are only available from
upstream for-pay, making us reliant on third-parties for patches. In
addition to creating yet more work for the maintainers, using stable
patches provided by a third-party goes against the wishes of upstream.

nixpkgs provides the tools necessary to build grsecurity kernels for any
version the user chooses, however, provided they pay for, or otherwise
acquire, the patch themselves.

Eventually, we'll want to remove the now obsolete top-level attributes,
but leave them in for now to smoothe migration (they have been removed
from top-level/release.nix, though, because it makes no sense to have
them there).

[1]: where \(m\) is the number of grsecurity flavors, \(n\) is the
number of kernel versions, and z is the size of the `linuxPackages` set
2016-05-04 01:07:53 +02:00
Tobias Geerinckx-Rice
63a63c53d6
poppler: 0.36.0 -> 0.43.0 2016-05-04 00:40:03 +02:00
Tobias Geerinckx-Rice
d6e4c1b750
thinkfan: install manual, README and examples
READMEs usually just waste those precious kilobytes, but both the
manual page and --help output refer to this one quite a bit.
2016-05-04 00:39:51 +02:00
José Romildo Malaquias
41b5de4773 xfce4-whiskermenu-plugin: 1.5.2 -> 1.5.3 2016-05-03 19:13:09 -03:00
obadz
b1bf11881a spdlog: init at 292bdc5 2016-05-03 23:05:37 +01:00
José Romildo Malaquias
518b9abfd5 xfce4-whiskermenu-plugin: the xfce4-panel binary is in ${xfce4panel.out} 2016-05-03 19:03:46 -03:00
Mitchell Pleune
571e9b5f1f bspwm: add _JAVA_AWT_WM_NONREPARENTING=1
bspwm is not in java's internal list of non-reparrenting
window managers. See https://awesomewm.org/wiki/Problems_with_Java
2016-05-03 17:46:48 -04:00
Tobias Geerinckx-Rice
db3ee01ab6
geolite-legacy: 2016-05-02 -> 2016-05-03 2016-05-03 23:42:08 +02:00
Bjørn Forsman
78b6e8c319 jenkins service: improve curl call in postStart
* Perform HTTP HEAD request instead of full GET (lighter weight)
* Don't log output of curl to the journal (it's noise/debug)
* Use explicit http:// URL scheme
* Reduce poll interval from 10s to 2s (respond to state changes
  quicker). Probably not relevant on boot (lots of services compete for
  the CPU), but online service restarts/reloads should be quicker.
* Pass --fail to curl (should be more robust against false positives)
* Use 4 space indent for shell code.
2016-05-03 23:12:45 +02:00
Bjørn Forsman
51e5beca42 jenkins service: remove unneeded (and brittle) part of postStart
The current postStart code holds Jenkins off the "started" state until
Jenkins becomes idle. But it should be enough to wait until Jenkins
start handling HTTP requests to consider it "started".

More reasons why the current approach is bad and we should remove it,
from @coreyoconnor in
https://github.com/NixOS/nixpkgs/issues/14991#issuecomment-216572571:

  1. Repeatedly curling for a specific human-readable string to
  determine "Active" is fragile. For instance, what happens when jenkins
  is localized?

  2. The time jenkins takes to initializes is variable. This (at least
  used to) depend on the number of jobs and any plugin upgrades requested.

  3. Jenkins can be requested to restart from the UI. Which will not
  affect the status of the service. This means that the service being
  "active" does not imply jenkins is initialized. Downstream services
  cannot assume jenkins is initialized if the service is active. Might
  as well accept that and remove the initialized test from service
  startup.

Fixes #14991.
2016-05-03 22:24:13 +02:00
aszlig
e7d3166656
nixos/tests/netboot: Fix evaluation error
Regression introduced by dfe608c8a2.

The commit turns the two arguments into one attrset argument so we need
to adapt that to use the new calling convention.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-03 22:05:11 +02:00
Arseniy Seroka
82475a9a7c Merge pull request #15175 from magnetophon/linuxband
linuxband: init at 12.02.1
2016-05-03 22:58:43 +03:00
Arseniy Seroka
f3eca5f5d2 Merge pull request #15196 from groxxda/bump/connman
connman: 1.31 -> 1.32
2016-05-03 22:58:20 +03:00
Arseniy Seroka
c9fb51451a Merge pull request #15197 from romildo/upd.gtk-xfce-engine
gtk-xfce-engine: 2.10.1 -> 3.2.0
2016-05-03 22:58:02 +03:00
Tobias Geerinckx-Rice
31253ad957
cdrtools: 3.02a03 -> 3.02a06 2016-05-03 20:41:19 +02:00
Tobias Geerinckx-Rice
d4d6d9d3d2
ortp: 0.24.2 -> 0.25.0 2016-05-03 20:41:19 +02:00
Tobias Geerinckx-Rice
ff6a98612c
seccure: 0.4 -> 0.5 2016-05-03 20:41:19 +02:00
Thomas Tuegel
147d942b54 julia: remove ttuegel from maintainers
ttuegel has not used julia in some time
2016-05-03 13:34:50 -05:00
Tuomas Tynkkynen
980bca286e gcc 4.5, 4.6: Remove broken update-gcc.sh symlinks 2016-05-03 21:29:16 +03:00
José Romildo Malaquias
f0da9ff412 gtk-xfce-engine: add support to Gtk3 2016-05-03 15:18:23 -03:00
José Romildo Malaquias
f72a2faa28 gtk-xfce-engine: 2.10.1 -> 3.2.0 2016-05-03 15:14:50 -03:00
Alexander Ried
d74335da85 connman: make dependency on awk explicit 2016-05-03 20:10:58 +02:00
Alexander Ried
b95eebec65 connman: 1.31 -> 1.32
fetch release tarball instead of git checkout and drop autotools

This update is compatible with iptables 1.6.0 (see #12178)
2016-05-03 20:10:54 +02:00
Alexander Ried
3fe746cfc2 tinc_pre: 1.1pre-git2016.01.28 -> 1.1pre-14 (#15192)
split the documentation output
remove the tinc-gui binary because python dependencies are not fulfilled
2016-05-03 19:39:53 +02:00
Tobias Geerinckx-Rice
bf81306848
gandi-cli: pull out of python-packages.nix 2016-05-03 18:28:23 +02:00
Franz Pletz
6d55b2e9c0 libressl: 2.2.6 -> 2.2.7, 2.3.3 -> 2.3.4
Fix multiple vulnerabilities in libcrypto relating to ASN.1 and encoding.

http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.7-relnotes.txt
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.4-relnotes.txt
2016-05-03 17:22:35 +02:00
Eelco Dolstra
520a7b88db Merge pull request #15191 from nathan7/master
openssl: 1.0.1s -> 1.0.1t, 1.0.2g -> 1.0.2h (CVE-2016-2108 CVE-2016-2107 CVE-2016-2105 CVE-2016-2106 CVE-2016-2109 CVE-2016-2176) [urgent/security]
2016-05-03 17:05:48 +02:00
Nathan Zadoks
bdafc6df04 openssl: 1.0.1s -> 1.0.1t, 1.0.2g -> 1.0.2h
CVE-2016-2108, high severity: Memory corruption in the ASN.1 encoder
CVE-2016-2107, high severity: Padding oracle in AES-NI CBC MAC check
CVE-2016-2105, low severity: EVP_EncodeUpdate overflow
CVE-2016-2106, low severity: EVP_EncryptUpdate overflow
CVE-2016-2109, low severity: ASN.1 BIO excessive memory allocation
CVE-2016-2176, low severity: EBCDIC overread
2016-05-03 10:54:15 -04:00
Franz Pletz
5ca8694095 debootstrap: 1.0.68 -> 1.0.80 2016-05-03 16:15:20 +02:00
Franz Pletz
4825d4033e ddrescue: 1.20 -> 1.21 2016-05-03 16:15:20 +02:00
Franz Pletz
b5fdb8585b di: 4.36 -> 4.37 2016-05-03 16:15:20 +02:00
Franz Pletz
9da6390bae ethtool: 4.0 -> 4.5 2016-05-03 16:15:20 +02:00
Franz Pletz
b8aaa3f130 fping: 3.10 -> 3.13 2016-05-03 16:15:20 +02:00
Franz Pletz
d5dd5e05f1 glxinfo: 8.1.0 -> 8.3.0 2016-05-03 16:15:20 +02:00
Franz Pletz
d1998b93d7 lftp: 4.6.4 -> 4.7.1 2016-05-03 16:15:20 +02:00
Franz Pletz
1ec3e71971 libdvdread: 5.0.2 -> 5.0.3 2016-05-03 16:15:20 +02:00
Franz Pletz
18964796e6 mc: 4.8.12 -> 4.8.16 2016-05-03 16:15:20 +02:00
Franz Pletz
d7338bf9d7 msmtp: 1.6.2 -> 1.6.4 2016-05-03 16:15:20 +02:00
Franz Pletz
dd3c18fe22 openh264: 1.4.0 -> 1.5.0 2016-05-03 16:15:20 +02:00