Commit graph

101791 commits

Author SHA1 Message Date
Frederik Rietdijk
57ded03833 Python 3.4: use system expat and ffi 2017-02-26 14:51:26 +01:00
Frederik Rietdijk
1bbf249bef Python 3.4: improve determinism 2017-02-26 14:51:26 +01:00
Frederik Rietdijk
d33f6f4032 Python 3.6: use system expat and ffi 2017-02-26 14:51:26 +01:00
Frederik Rietdijk
1531b5edd2 Python 3.6: improve determinism 2017-02-26 14:51:26 +01:00
Frederik Rietdijk
14a88e76cf Python 3.5: use system expat and ffi 2017-02-26 14:50:09 +01:00
Frederik Rietdijk
dd3a501a4b Python: mkPythonDerivation: use PYTHONHASHSEED=0 2017-02-26 14:50:09 +01:00
Frederik Rietdijk
8970a9c86e Python 3.5: improve determinism
- Windows installers are indeterministic and we don't need them.
- since Python 3 ensurepip is installed by default. pip is indeteministic and we don't need it.
- rebuild bytecode to ensure its deterministic
2017-02-26 14:50:09 +01:00
Frederik Rietdijk
09f6b03b2e Python 2.7: improve determinism
There is some randomness in the Windows installers. Since we don't need
them, we delete them.
2017-02-26 14:50:09 +01:00
Vladimír Čunát
f157956266
findutils: add the forgotten file (I'm sorry)
/cc #23152.
2017-02-26 09:44:27 +01:00
Vladimír Čunát
39e736b3d9
Merge #23171: curl: 7.53.0 -> 7.53.1 2017-02-26 09:29:11 +01:00
Vladimír Čunát
2f726fed9f
findutils: fixup sandboxed build after #23152 2017-02-26 09:26:22 +01:00
Tim Steinbach
6988d2d456
curl: 7.53.0 -> 7.53.1 2017-02-25 09:03:22 -05:00
Franz Pletz
9d14ea4295
utillinux: 2.29 -> 2.29.2 for CVE-2017-2616
cc #23072
2017-02-25 09:40:36 +01:00
Eelco Dolstra
0081c6a04c Merge pull request #23152 from mogria/updatedb-standalone
findutils: updatedb now uses writable database outside of /nix/store by default
2017-02-24 17:11:58 +01:00
Mogria
417dbaf6a3 findutils: updatedb now uses writable database outside of /nix/store by default
updatedb could only be run by providing the --output parameter,
because it would use a path inside the nix store as it's database.
The default for --output is now /var/cache/locatedb (the same
as in the NixOS locate service)
2017-02-24 16:36:58 +01:00
Frederik Rietdijk
4810677227 Merge pull request #22863 from romildo/upd.pygments
pygments: 2.1.3 -> 2.2.0
2017-02-23 18:45:56 +01:00
Franz Pletz
2055d6cacf
pythonPackages.searx: works with pygments 2.2 2017-02-23 18:41:07 +01:00
Vladimír Čunát
753c18edce
Merge branch 'master' into staging
... to include a security mass rebuild.
2017-02-22 19:59:08 +01:00
Frederik Rietdijk
de4643eb80 diffoscope: 63 -> 77 2017-02-22 19:45:54 +01:00
Vladimír Čunát
f5eea8ba1d
libevent: apply security patches from Debian
/cc #23072.  As with curl, it's nontrivial rebuild but security...
https://lwn.net/Alerts/714571/
2017-02-22 19:00:04 +01:00
Vladimír Čunát
838e29d236
Merge branch 'staging'
There's a security fix for curl inside.
2017-02-22 18:21:58 +01:00
Vladimír Čunát
ebf782829a
Merge #23063: curl: 7.52.1 -> 7.53.0 2017-02-22 18:11:05 +01:00
Vladimír Čunát
145d3ea81c
Merge branch 'master' into staging 2017-02-22 17:47:49 +01:00
Vladimír Čunát
d6cff5783e
gnutls: drop -lunistring on Darwin as well
I didn't intend this substitution to be conditional; I looked wrong.
2017-02-22 17:44:06 +01:00
Gabriel Ebner
b66ec6026c idris: jailbreak
Fixes #23048
2017-02-22 17:36:36 +01:00
Vladimír Čunát
2f1945dcd3
python-3.6: fix random numbers with glibc-2.25
I missed this upstream patch. /cc #22874.
2017-02-22 17:34:33 +01:00
Vladimír Čunát
fe8aa284c2
xcbuild: fixup build with glibc-2.25 2017-02-22 16:58:45 +01:00
Vladimír Čunát
7ccd6f25f0
reptyr: fixup build with glibc-2.25 2017-02-22 16:54:40 +01:00
Vladimír Čunát
1d1dc2dcc3
open-vm-tools: fixup build with glibc-2.25 2017-02-22 16:54:07 +01:00
Vladimír Čunát
7ccaa9e652
solvespace: fixup build with glibc-2.25 2017-02-22 16:45:08 +01:00
Moritz Ulrich
51134cdbfe
digikam5: Fix build after kde merge. 2017-02-22 16:44:08 +01:00
Vladimír Čunát
a04849502d
fstrm: init at 0.3.1 2017-02-22 15:03:21 +01:00
Frederik Rietdijk
3bcd3d2c34 Merge pull request #23061 from nixy/pythonPackages.snakeviz
pythonPackages.snakeviz: init at 0.4.1
2017-02-22 14:31:26 +01:00
Michael Raskin
194d137bd3 wireshark: patch for CVE-2017-6041 2017-02-22 14:17:02 +01:00
Michael Raskin
a8bf87681c kde5.applications.kig: init at 16.12.2 2017-02-22 14:17:02 +01:00
Andrew R. M
99754b2527 pythonPackages.snakeviz: init at 0.4.1 2017-02-22 08:14:53 -05:00
Graham Christensen
cc4919da89
xen: patch for XSAs: 197, 199, 207, 208, 209
XSA-197 Issue Description:

> The compiler can emit optimizations in qemu which can lead to double
> fetch vulnerabilities.  Specifically data on the rings shared
> between qemu and the hypervisor (which the guest under control can
> obtain mappings of) can be fetched twice (during which time the
> guest can alter the contents) possibly leading to arbitrary code
> execution in qemu.

More: https://xenbits.xen.org/xsa/advisory-197.html

XSA-199 Issue Description:

> The code in qemu which implements ioport read/write looks up the
> specified ioport address in a dispatch table.  The argument to the
> dispatch function is a uint32_t, and is used without a range check,
> even though the table has entries for only 2^16 ioports.
>
> When qemu is used as a standalone emulator, ioport accesses are
> generated only from cpu instructions emulated by qemu, and are
> therefore necessarily 16-bit, so there is no vulnerability.
>
> When qemu is used as a device model within Xen, io requests are
> generated by the hypervisor and read by qemu from a shared ring.  The
> entries in this ring use a common structure, including a 64-bit
> address field, for various accesses, including ioport addresses.
>
> Xen will write only 16-bit address ioport accesses.  However,
> depending on the Xen and qemu version, the ring may be writeable by
> the guest.  If so, the guest can generate out-of-range ioport
> accesses, resulting in wild pointer accesses within qemu.

More: https://xenbits.xen.org/xsa/advisory-199.html

XSA-207 Issue Description:

> Certain internal state is set up, during domain construction, in
> preparation for possible pass-through device assignment.  On ARM and
> AMD V-i hardware this setup includes memory allocation.  On guest
> teardown, cleanup was erroneously only performed when the guest
> actually had a pass-through device assigned.

More: https://xenbits.xen.org/xsa/advisory-207.html

XSA-209 Issue Description:

> When doing bitblt copy backwards, qemu should negate the blit width.
> This avoids an oob access before the start of video memory.

More: https://xenbits.xen.org/xsa/advisory-208.html

XSA-208 Issue Description:

> In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine
> cirrus_bitblt_cputovideo fails to check wethehr the specified memory
> region is safe.

More: https://xenbits.xen.org/xsa/advisory-209.html
2017-02-22 08:00:45 -05:00
Frederik Rietdijk
026cfee6b0 Docs: update Python contributing guidelines 2017-02-22 13:38:29 +01:00
Peter Hoeg
409dac4155 Merge branch 'u/tg' into real_master 2017-02-22 20:14:26 +08:00
Peter Hoeg
494462e857 terragrunt: 0.10.1 -> 0.10.2 2017-02-22 20:12:25 +08:00
Peter Simons
deec3c1dae Merge pull request #23071 from takikawa/add-ndpi-1.8
ndpi: init at 1.8
2017-02-22 10:46:19 +01:00
Asumu Takikawa
85fb29bb49 ndpi: init at 1.8 2017-02-22 00:20:10 -08:00
Franz Pletz
67018e7759
pymol: fix evaluation
cc #23007 @Mounium @Mic92
2017-02-22 08:48:42 +01:00
Franz Pletz
9b81dcfda2
nixos/release-notes: fix typos 2017-02-22 08:45:30 +01:00
Franz Pletz
2a228bdc9b Merge pull request #23064 from NeQuissimus/rkt_1_25_0
rkt: 1.24.0 -> 1.25.0
2017-02-22 07:49:09 +01:00
Tom Hunger
bae3d0e49f vowpalwabbit: init at 8.3.2 2017-02-22 07:28:52 +01:00
Franz Pletz
63200708af Merge pull request #23065 from NeQuissimus/gradle_3_4
gradle: 3.3 -> 3.4
2017-02-22 07:27:05 +01:00
Franz Pletz
136ee09ef8 Merge pull request #23066 from NeQuissimus/oh_my_zsh_2017_02_20
oh-my-zsh: 2017-01-15 -> 2017-02-20
2017-02-22 07:20:31 +01:00
Jörg Thalheim
27d4f8c717 Merge pull request #23046 from Zimmi48/patch-2
nixos/manual/networkmanager: add info on nm-applet
2017-02-22 01:40:50 +01:00
Jörg Thalheim
6a044f1841 Merge pull request #23045 from Zimmi48/patch-1
nixos/manual/xserver: propose more alternatives
2017-02-22 01:38:25 +01:00