This patch adds handling of a directory becoming a symlink in
/etc. Before this patch, the directory wasn't removed and then
symlinking failed, which caused directory not being updated at all.
The idea for the patch goes to @abbradar at
https://github.com/NixOS/nixpkgs/issues/16978#issuecomment-232921903:
> A heuristic idea for this -- a function `isStatic :: Path -> Bool`:
>
> * if path `/etc/foo` is a file, return True iff it's a symlink to `/etc/static/foo`.
> * if path is a directory, return True iff for all items in it `isStatic` is True.
>
> On any conflicts, if old path is static, it's safe to replace and/or
> delete stale. Otherwise make a backup and notify the user via a
> journal entry and console output.
The only difference here -- it will not replace user configs.
This also fixes https://github.com/NixOS/nixpkgs/issues/16978.
* pitivi: 0.95 -> 0.96 (fixes startup error)
The upgrade of gtk3 to v3.20 broke pitivi, causing it to segfault after
the user closes the Welcome dialog. This release fixes that.
New dependencies: gst-transcoder and dbus.
(pitivi imports dbus if it finds the GNOME_DESKTOP_SESSION_ID
environment variable. Without dbus there will be some ugly errors for
GNOME desktop users.)
* pitivi: use wrapGAppsHook instead of makeWrapper
Allows us to remove preFixup.
* pitivi: move meta section to the end
Like most Nix package files are written.
Default v8 was fixed at 3.30.33, so running nix-build nixpkgs -A v8
would give us version 3.30.33, whereas nix-env -i v8 would install
version 4.5.107. Now, both commands build 4.5.107, and there is still an
option to install version 3.30.33
Similar to #14272, but fixes 4.5 build rather than generic.
- Ignores errors due to strict-overflow warnings
- Strips clang-only '-Wno-format-pedantic' flag out since this build
uses gcc
Security fixes:
- Message printout was vulnerable to format string injection
- dropbearconvert import of OpenSSH keys could run arbitrary code
as the local dropbearconvert user when parsing malicious key
files
- dbclient could run arbitrary code as the local dbclient user if
particular -m or -c arguments are provided
- dbclient or dropbear server could expose process memory to the
running user if compiled with DEBUG_TRACE and running with -v
Fixes:
- Fix port forwarding failure when connecting to domains that have
both IPv4 and IPv6 addresses. The bug was introduced in 2015.68
- Fix 100% CPU use while waiting for rekey to complete
