Commit graph

641 commits

Author SHA1 Message Date
Franz Pletz
336bacfa1d
qemu: add patch to fix CVE-2016-7907
cc #20647
2016-11-23 23:23:49 -05:00
Bjørn Forsman
bbe5f99e0b qemu: add curl to buildInputs
Enables support for accessing files over HTTP:

  qemu-system-x86_64 -drive media=cdrom,file=http://host/path.iso,readonly

Increases the closures size from 445 to 447 MiB.
2016-11-23 17:44:02 +01:00
Vladimír Čunát
b69f568f4c
Merge branch 'staging'
Hydra rebuild looks fine; only a few Darwin jobs is queued:
http://hydra.nixos.org/eval/1304891?compare=1304807
2016-11-19 04:35:51 +01:00
Franz Pletz
f4a318b528
qemu: add patches for CVE-2016-7994 & CVE-2016-8668 2016-11-17 22:00:44 +01:00
Vladimír Čunát
b5e89fe9bf
Merge branch 'master' into staging 2016-11-15 00:20:19 +01:00
Justin Bedo
04121437be
singularity: init 2.2 2016-11-15 09:11:53 +11:00
Frederik Rietdijk
84e9328028 virtualbox: python is always needed
even when not building bindings.
2016-11-14 19:09:25 +01:00
Tim Steinbach
ecd1a53df6
rkt: 1.18.0 -> 1.19.0 2016-11-10 21:06:20 -05:00
Tobias Geerinckx-Rice
583af41f3c
remotebox: 2.1 -> 2.2 2016-11-09 02:24:46 +01:00
Frederik Rietdijk
a18ac150a3 virtinst: use python2 2016-11-08 22:48:55 +01:00
Frederik Rietdijk
95c54db397 virtualbox: use python2
and remove python buildInput. Python should only be added when
`pythonBindings` is true.
2016-11-08 22:48:54 +01:00
Tim Steinbach
1ae2f86a32
rkt: 1.17.0 -> 1.18.0 2016-11-05 22:27:42 -04:00
Tobias Geerinckx-Rice
c4f41a0a61
remotebox: 2.0 -> 2.1 2016-11-05 18:44:10 +01:00
Franz Pletz
25c01931bb
qemu: add patches to fix lots of CVEs
Patches from Debian and upstream git repo.

Fixes:

 * CVE-2016-6836
 * CVE-2016-7155
 * CVE-2016-7156
 * CVE-2016-7157
 * CVE-2016-7421
 * CVE-2016-7422
 * CVE-2016-7423
 * CVE-2016-7466
 * CVE-2016-8909
 * CVE-2016-8910
 * CVE-2016-9102
 * CVE-2016-9103
 * CVE-2016-9104
 * CVE-2016-9105
 * CVE-2016-9106

cc #20078
2016-11-03 02:45:16 +01:00
Tim Steinbach
282532e702
docker: 1.12.2 -> 1.12.3 2016-10-27 12:46:04 -04:00
Graham Christensen
69e8bac9cd
virtualbox: 5.1.6 -> 5.1.8 for many CVEs:
From LWN:
From the NVD entries:

CVE-2016-5501: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect confidentiality,
integrity, and availability via vectors related to Core, a different
vulnerability than CVE-2016-5538.

CVE-2016-5538: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect confidentiality,
integrity, and availability via vectors related to Core, a different
vulnerability than CVE-2016-5501.

CVE-2016-5605: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.1.4 in Oracle Virtualization allows remote
attackers to affect confidentiality and integrity via vectors related
to VRDE.

CVE-2016-5608: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect availability via vectors
related to Core, a different vulnerability than CVE-2016-5613.

CVE-2016-5610: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect confidentiality,
integrity, and availability via vectors related to Core.

CVE-2016-5611: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect confidentiality via
vectors related to Core.

CVE-2016-5613: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect availability via vectors
related to Core, a different vulnerability than CVE-2016-5608.
2016-10-26 22:18:00 -04:00
Frederik Rietdijk
7077a270bf Merge remote-tracking branch 'upstream/master' into HEAD 2016-10-26 13:06:43 +02:00
Tuomas Tynkkynen
c78ccb92ec cbfstool: git-2015-07-09 -> 4.5
Fixes build.
2016-10-22 21:07:33 +03:00
Frederik Rietdijk
e56832d730 Merge remote-tracking branch 'upstream/master' into HEAD 2016-10-22 17:23:24 +02:00
Frederik Rietdijk
bd12c10993 openstack: use python2 2016-10-22 16:47:22 +02:00
Frederik Rietdijk
4833f8bada xen: use python2 2016-10-22 16:47:21 +02:00
Jörg Thalheim
a3f38b9adc
rancher-compose: set version during build 2016-10-22 14:40:30 +02:00
Vladimír Čunát
4d5b893002 Merge #19081: gnome-3.22
Also master commits are brought in.
2016-10-20 23:04:10 +02:00
Derek Gonyeo
a0295e21c5 rkt: libsystemd fix (#19658)
As of systemd 231, the LD_LIBRARY_PATH fix applied in the installPhase of rkt's
build was no longer valid, causing rkt to fail to work. This patch changes the
path to point to the new location of libsystemd, which is in ${systemd.lib}.
2016-10-18 20:00:44 +02:00
Jörg Thalheim
dab4f0a720 Merge pull request #19506 from Mic92/rancher-compose
rancher-compose: init at 0.10.0
2016-10-15 22:11:19 +02:00
Jörg Thalheim
d60b74e7db
rancher-compose: init at 0.10.0 2016-10-15 22:06:33 +02:00
Graham Christensen
9b99c9a296 Merge pull request #19570 from NeQuissimus/rkt_1_17_0
rkt: 1.15.0 -> 1.17.0
2016-10-15 07:09:48 -04:00
Tim Steinbach
bb02cf71ef
rkt: 1.15.0 -> 1.17.0 2016-10-14 23:00:54 -04:00
Tim Steinbach
1a23e336a5
docker: 1.12.1 -> 1.12.2 2016-10-14 22:47:18 -04:00
Graham Christensen
4e89b237bc
xen: 4.5.2 -> 4.5.5, drop old versions 2016-10-14 17:09:18 -04:00
Vladimír Čunát
6eeea6effd Python: more evaluation fixups. 2016-10-14 00:03:12 +02:00
Robin Gloster
9838b80e91 docker-distribution: init at 2.5.1 2016-10-12 14:05:09 +02:00
Graham Christensen
86c9b471a6
openstack-neutron: mark as broken
https://github.com/NixOS/nixpkgs/issues/18856
2016-09-28 08:57:26 -04:00
Graham Christensen
c992ac8584 Merge pull request #18921 from grahamc/spice
Spice: Upgrade all the spice packages
2016-09-27 07:42:51 -04:00
Joachim F
a5580c9951 Merge pull request #18765 from aske/ocaml-move
Reorganize ocaml packages
2016-09-26 23:17:53 +02:00
Robin Gloster
2d0c1c6a7c
linuxPackages.virtualboxGuestAdditions: fix with grsecurity 2016-09-26 14:52:49 +02:00
Graham Christensen
0d20194889
spice-vdagent: 0.16.0 -> 0.17.0 2016-09-26 08:20:04 -04:00
Kirill Boltaev
e61663a233 treewide: move to ocaml-ng system 2016-09-26 02:36:49 +03:00
Graham Christensen
5e25995295
qemu: 2.6.1 -> 2.7.0 2016-09-25 15:40:47 -04:00
rushmorem
faf14cbcee rkt: 1.14.0 -> 1.15.0 2016-09-23 11:59:55 +02:00
Domen Kožar
5d1db88a7c virtualboxGuestAdditions: mark as broken on grsecurity
(cherry picked from commit 4821fa2d1971a54847d28dfb3e9039c5e5ae4ded)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-09-21 12:04:19 +02:00
Eelco Dolstra
ddd41a509a virtualbox: Drop dontPatchELF hack
However, this also requires ad8f31df7f
to get rid of gcc_multi.out in the closure.
2016-09-20 18:02:19 +02:00
aszlig
1781e95577
Merge pull request #18567 (VirtualBox 5.1.6)
This introduces VirtualBox version 5.1.6 along with a few refactored
stuff, notably:

  * Kernel modules and user space applications are now separate
    derivations.
  * If config.pulseaudio doesn't exist in nixpkgs config, the default is
    now to build with PulseAudio modules.
  * A new updater to keep VirtualBox up to date.

All subtests in nixos/tests/virtualbox.nix succeed on my machine and
VirtualBox was reported to be working by @DamienCassou (although with
unrelated audio problems for another fix/branch) and @calbrecht.
2016-09-14 02:20:16 +02:00
Domen Kožar
fef171ee76 nova: more transient errored test cases
(cherry picked from commit eb25ce7fbfd92070d75b06060c98b221ac8da290)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-09-13 16:13:06 +02:00
Jaka Hudoklin
7a9dd489d6 Merge pull request #18481 from offlinehacker/pkgs/docker/1.12.1
docker: 1.10.3 -> 1.12.1
2016-09-13 15:59:18 +02:00
aszlig
e19aa3819e
virtualbox: 5.1.4 -> 5.1.6
Upstream changelog without bug numbers:

  * GUI: fixed issue with opening '.vbox' files and it's aliases
  * GUI: keyboard grabbing fixes
  * GUI: fix for passing through Ctrl + mouse-click
  * GUI: fixed automatic deletion of extension pack files
  * USB: fixed showing unknown device instead of the manufacturer or
         product description under certain circumstances
  * XHCI: another fix for a hanging guest under certain conditions, this
          time for Windows 7 guests
  * Serial: fixed high CPU usage with certain USB to serial converters
            on Linux hosts
  * Storage: fixed attaching stream optimized VMDK images
  * Storage: reject image variants which are unsupported by the backend
  * Storage: fixed loading saved states created with VirtualBox 5.0.10
             and older when using a SCSI controller
  * Storage: fixed broken NVMe emulation if the host I/O cache setting
             is enabled
  * Storage: fixed using multiple NVMe controllers if ICH9 is used
  * NVMe: fixed a crash during reset which could happen under certain
          circumstances
  * Audio: fixed microphone input (5.1.2 regression)
  * Audio: fixed crashes under certain conditions (5.1.0 regression)
  * Audio: fixed recording with the ALSA backend (5.1 regression)
  * Audio: fixed stream access mode with OSS backend (5.1 regression,
           thanks to Jung-uk Kim)
  * E1000: do also return masked bits when reading the ICR register,
           this fixes booting from iPXE (5.1.2 regression)
  * BIOS: fixed 4bpp scanline calculation
  * API: relax the check for the version attribute in OVF/OVA appliances
  * Windows hosts: fixed crashes when terminating the VM selector or
                   other VBox COM clients
  * Linux Installer: fixed path to the documentation in .rpm packages
                     (5.1.0 regression)
  * Linux Installer: fixed the vboxdrv.sh script to prevent an SELinux
                     complaint
  * Linux hosts: don't use 32-bit legacy capabilities
  * Linux Additions: Linux 4.8 fix for the kernel display driver
  * Linux Additions: don't load the kernel modules provided by the Linux
                     distribution but load the kernel modules from the
                     official Guest Additions package instead
  * Linux Additions: fix dynamic resizing problems in recent Linux
                     guests
  * User Manual: fixed error in the VBoxManage chapter for the
                 getextradata enumerate example

The full upstream changelog with bug numbers can be found at:

https://www.virtualbox.org/wiki/Changelog-5.1#v6

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-13 14:07:56 +02:00
Jaka Hudoklin
0a518618a2 docker: 1.10.3 -> 1.12.1 2016-09-13 12:50:58 +02:00
aszlig
d2af4c6722
virtualbox: Explicitly state Qt 5 dependencies
In 2942815968, the dependencies for Qt 5
were passed using buildEnv with all the development binaries, headers
and libs. Unfortunately, the build output references that environment
which also increases the size of the runtime closure.

The upstream makefile assumes a common Qt 5 library path, but that's not
the case within Nix, because we have separate paths for the Qt 5
modules.

We now patch the makefile to recognize PATH_QT5_X11_EXTRAS_{LIB,INC} so
that we can pass in the relevant paths from Qt5X11Extras.

In summary, the closure size goes down to 525559600 bytes (501 MB)
instead of 863035544 bytes (823 MB) with vbox-qt5-env.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-13 06:12:42 +02:00
aszlig
8bd89c922d
virtualbox: Split kernel modules into own package
Putting the kernel modules into the same output path as the main
VirtualBox derivation causes all of VirtualBox to be rebuilt on every
single kernel update.

The build process of VirtualBox already outputs the kernel module source
along with the generated files for the configuration of the main
VirtualBox package. We put this into a different output called "modsrc"
which we re-use from linuxPackages.virtualbox, which is now only
containing the resulting kernel modules without the main user space
implementation.

This not only has the advantage of decluttering the Nix expression for
the user space portions but also gets rid of the need to nuke references
and the need to patch out "depmod -a".

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-13 06:12:38 +02:00
aszlig
6d69293f26
virtualbox: Generate and use upstream-info.json
We now no longer need to update VirtualBox manually, which has a few
advantages. Along with making it just easier to update this also makes
the update procedure way less error-prone, for example if people forget
to bump the extension pack revision or to update the guest additions.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-13 06:12:34 +02:00