Commit graph

108776 commits

Author SHA1 Message Date
Graham Christensen
7d8218a351 Merge pull request #26489 from michalpalka/xen-security
xen: patch for XSAs: 206, 211, 212, 213, 214 and 215
2017-06-09 09:31:42 -04:00
Vladimír Čunát
97f3009bf8
pycairo: fix #26475 - a dead patch download 2017-06-09 15:21:25 +02:00
Michał Pałka
dd3dcceb23 xen: patch for XSAs: 206, 211, 212, 213, 214 and 215
XSA-206 Issue Description:

> xenstored supports transactions, such that if writes which would
> invalidate assumptions of a transaction occur, the entire transaction
> fails.  Typical response on a failed transaction is to simply retry
> the transaction until it succeeds.
>
> Unprivileged domains may issue writes to xenstore which conflict with
> transactions either of the toolstack or of backends such as the driver
> domain. Depending on the exact timing, repeated writes may cause
> transactions made by these entities to fail indefinitely.

More: https://xenbits.xen.org/xsa/advisory-206.html

XSA-211 Issue Description:

> When a graphics update command gets passed to the VGA emulator, there
> are 3 possible modes that can be used to update the display:
>
> * blank - Clears the display
> * text - Treats the display as showing text
> * graph - Treats the display as showing graphics
>
> After the display geometry gets changed (i.e., after the CIRRUS VGA
> emulation has resized the display), the VGA emulator will resize the
> console during the next update command. However, when a blank mode is
> also selected during an update, this resize doesn't happen. The resize
> will be properly handled during the next time a non-blank mode is
> selected during an update.
>
> However, other console components - such as the VNC emulation - will
> operate as though this resize had happened. When the display is
> resized to be larger than before, this can result in a heap overflow
> as console components will expect the display buffer to be larger than
> it is currently allocated.

More: https://xenbits.xen.org/xsa/advisory-211.html

XSA-212 Issue Description:

> The XSA-29 fix introduced an insufficient check on XENMEM_exchange
> input, allowing the caller to drive hypervisor memory accesses outside
> of the guest provided input/output arrays.

More: https://xenbits.xen.org/xsa/advisory-212.html

XSA-213 Issue Description:

> 64-bit PV guests typically use separate (root) page tables for their
> kernel and user modes.  Hypercalls are accessible to guest kernel
> context only, which certain hypercall handlers make assumptions on.
> The IRET hypercall (replacing the identically name CPU instruction)
> is used by guest kernels to transfer control from kernel mode to user
> mode.  If such an IRET hypercall is placed in the middle of a multicall
> batch, subsequent operations invoked by the same multicall batch may
> wrongly assume the guest to still be in kernel mode.  If one or more of
> these subsequent operations involve operations on page tables, they may
> be using the wrong root page table, confusing internal accounting.  As
> a result the guest may gain writable access to some of its page tables.

More: https://xenbits.xen.org/xsa/advisory-213.html

XSA-214 Issue Description:

> The GNTTABOP_transfer operation allows one guest to transfer a page to
> another guest.  The internal processing of this, however, does not
> include zapping the previous type of the page being transferred.  This
> makes it possible for a PV guest to transfer a page previously used as
> part of a segment descriptor table to another guest while retaining the
> "contains segment descriptors" property.
>
> If the destination guest is a PV one of different bitness, it may gain
> access to segment descriptors it is not normally allowed to have, like
> 64-bit code segments in a 32-bit PV guest.
>
> If the destination guest is a HVM one, that guest may freely alter the
> page contents and then hand the page back to the same or another PV
> guest.
>
> In either case, if the destination PV guest then inserts that page into
> one of its own descriptor tables, the page still having the designated
> type results in validation of its contents being skipped.

More: https://xenbits.xen.org/xsa/advisory-214.html

XSA-215 Issue Description:

> Under certain special conditions Xen reports an exception resulting
> from returning to guest mode not via ordinary exception entry points,
> but via a so call failsafe callback.  This callback, unlike exception
> handlers, takes 4 extra arguments on the stack (the saved data
> selectors DS, ES, FS, and GS).  Prior to placing exception or failsafe
> callback frames on the guest kernel stack, Xen checks the linear
> address range to not overlap with hypervisor space.  The range spanned
> by that check was mistakenly not covering these extra 4 slots.

More: https://xenbits.xen.org/xsa/advisory-215.html
2017-06-09 13:09:01 +00:00
Jörg Thalheim
14eeae9d4e Merge pull request #26474 from Mic92/cc-wrapper
cc-wrapper: externalize default_cxx_stdlib_compile
2017-06-09 13:27:53 +01:00
Jörg Thalheim
fdf43ddf4a Merge pull request #26479 from jgertm/jgertm/buck
buck: build buckd as well
2017-06-09 13:26:40 +01:00
Vladimír Čunát
cc9a72a286
virtualboxGuestAdditions: don't install setuid/setgid 2017-06-09 13:09:21 +02:00
Frederik Rietdijk
a78bf7df14 Merge pull request #26437 from vaibhavsagar/unbreak-thumbor
python.pkgs.thumbor: fix package
2017-06-09 12:55:50 +02:00
Joachim Fasting
39f7530e47
tinycc: 0.9.27pre-20170527 -> 0.9.27pre-20170605
Contains further fix to x86_64 codegen (and some less relevant Windows
stuff).
2017-06-09 12:54:59 +02:00
Joachim Fasting
b1f0af7ef6
linuxPackages.evdi: specify minimum kernel version, per upstream
Upstream says 3.16 is the oldest supported kernel.  No versions prior to
3.18 build on Hydra. See e.g., https://hydra.nixos.org/build/53599831.
2017-06-09 12:54:57 +02:00
Frederik Rietdijk
184ab11fc9 Merge pull request #26484 from michalpalka/xen-python-fix
xen: fix pygrub by making sure it is wrapped
2017-06-09 12:45:03 +02:00
romildo
f2e075a241 mkvtoolnix: 11.0.0 -> 12.0.0 2017-06-09 12:44:17 +02:00
Joachim F
7badb92629 Merge pull request #26404 from ambrop72/kdevelop-511
kdevelop: 5.0.4 -> 5.1.1
2017-06-09 08:44:01 +01:00
Peter Simons
fbb5b2ef01 multi-ghc-travis: update to latest git version 2017-06-09 09:23:36 +02:00
Michał Pałka
965668903a xen: fix pygrub by making sure it is wrapped
Recent commit #c10af9e744c91dff1ccc07a52a0b57d1e4d339f3 changed the
behaviour of wrapPythonPrograms, which caused pygrub to no longer
being wrapped. This commit fixes this.
2017-06-09 06:22:03 +00:00
Peter Hoeg
bcf9af560a ncmpc: 0.24 -> 0.27
Upstream has moved to github as well.
2017-06-09 12:55:20 +08:00
Peter Hoeg
207ac3c7b8 mpd_clientlib: 2.10 -> 2.11
Upstream has moved to github as well.
2017-06-09 12:55:20 +08:00
Peter Hoeg
c87f034977 mpd: 0.20.6 -> 0.20.9
Upstream has also moved to github.
2017-06-09 12:04:58 +08:00
Peter Hoeg
292f121fb2 mpc: 0.27 -> 0.28
Upstream has also moved to github
2017-06-09 12:04:58 +08:00
Tuomas Tynkkynen
2bfc977b6e ethtool: 4.10 -> 4.11 2017-06-09 01:58:23 +03:00
Joachim Fasting
8e706b051e
tor: 0.3.0.7 -> 0.3.0.8
Of particular note are fixes for hidden service crashing bugs
(TROVE-2017-004 and TROVE-2017-005).

See https://blog.torproject.org/blog/tor-0308-released-fix-hidden-services-also-are-02429-02514-02612-0278-02814-and-02911
2017-06-09 00:40:25 +02:00
Tim Jäger
cfe23e19ab buck: build buckd as well
buck tries to launch buckd to run in the background. While not neccessary, it
does speed up builds.
2017-06-08 15:36:30 -07:00
Jörg Thalheim
ffdfa662fc Merge pull request #26476 from romildo/upd.jetbrains
jetbrains.clion: 2017.1.1 -> 2017.1.3, jetbrains.idea-community: 2017.1.3 -> 2017.1.4, jetbrains.idea-ultimate: 2017.1.3 -> 2017.1.4
2017-06-08 21:35:24 +01:00
Jörg Thalheim
ff139c49f7 Merge pull request #26438 from jgertm/jgertm/buck
buck: init at v2017.05.31.01
2017-06-08 21:27:33 +01:00
Jörg Thalheim
211736fabf Merge pull request #26472 from romildo/upd.colordiff
colordiff: 1.0.16 -> 1.0.18
2017-06-08 21:25:06 +01:00
Tuomas Tynkkynen
69901f16c9 yle-dl: 2.15 -> 2.16 2017-06-08 23:13:06 +03:00
Tuomas Tynkkynen
211c55b247 strace: 4.16 -> 4.17 2017-06-08 23:13:06 +03:00
Tuomas Tynkkynen
97d29ffbfd nano: 2.8.3 -> 2.8.4 2017-06-08 23:13:06 +03:00
Tuomas Tynkkynen
cd46df3a1e fio: 2.19 -> 2.20 2017-06-08 23:13:06 +03:00
Tuomas Tynkkynen
9e41ba6e96 bastet: 0.43.1 -> 0.43.2 2017-06-08 23:13:06 +03:00
Tuomas Tynkkynen
399afc13e4 afl: 2.41b -> 2.42b 2017-06-08 23:13:06 +03:00
romildo
277b562324 jetbrains.idea-community: 2017.1.3 -> 2017.1.4 2017-06-08 16:57:50 -03:00
romildo
bc1f59fb4f jetbrains.idea-ultimate: 2017.1.3 -> 2017.1.4 2017-06-08 16:45:14 -03:00
John Ericson
2f348884b8 Merge pull request #26471 from obsidiansystems/gcc7-no-cross-arg
gcc 7: Remove `cross` arguments and don't use stdenv.is*
2017-06-08 15:40:35 -04:00
romildo
b57a14810b jetbrains.clion: 2017.1.1 -> 2017.1.3 2017-06-08 15:54:51 -03:00
Jörg Thalheim
e2197465c1
cc-wrapper: externalize default_cxx_stdlib_compile
This value is require to get c++ std include path for libclang based tools (vim plugins in my case).
I currently extract it this with this rather command:

```
eval echo $(nix-instantiate --eval --expr 'with (import <nixpkgs>) {}; clang.default_cxx_stdlib_compile')
```

it did not trigger any recompilation on my system.
2017-06-08 19:50:40 +01:00
Tim Jäger
926f3eada8 buck: cleanup 2017-06-08 11:26:42 -07:00
John Ericson
7a13457253 gcc 7: Remove cross arguments and don't use stdenv.is*
These changes were already done for the older GCCs, but 7 slipped
through the cracks.
2017-06-08 14:08:31 -04:00
romildo
b5fc15610a colordiff: 1.0.16 -> 1.0.18 2017-06-08 14:57:22 -03:00
James Kent
3cb5d52dac pkgs.python.astropy: init at 1.3.3 2017-06-08 17:50:22 +02:00
Frederik Rietdijk
50103e9c08 Merge pull request #26467 from ericsagnes/pkg-update/theano
pythonPackages.Theano: 0.8.1 -> 0.9.0
2017-06-08 16:55:08 +02:00
Rok Garbas
a0afc4f0d1 firefox-*-bin: updates (#26462)
* firefox-beta-bin: 51.0b8 -> 54.0b13

* firefox-devedition-bin: init at 54.0b14

Firefox DevEdition became a new product of Mozilla and is "repackaged"
Firefox Beta with its own release channel and six weeks release cycle as
other channels. It is no longer being built on nightly basis

* updated the update.nix script to facilitata firefox-devedition-bin

* disabling automatic updates by pointing to non existing channel

* f firefoxWrapper looks for gtk3 attribute to wrap the executable gtk3 to wrap the binary with needed ``XDG_DATA_DIRS``
2017-06-08 15:33:24 +02:00
Jörg Thalheim
340b3148c6 Merge pull request #26425 from uskudnik/idea-ultimate-minor-2017.1.3
idea.idea-ultimate: 2017.1.2 -> 2017.1.3
2017-06-08 09:32:02 +01:00
Jörg Thalheim
dffbe98dd6
buck: make propagatedBuildInputs runtime deps 2017-06-08 08:36:59 +01:00
Frederik Rietdijk
a051c75e6f Merge pull request #26466 from ericsagnes/pkg-update/Fab
pythonPackages.Fabric: 1.10.2 -> 1.13.2
2017-06-08 09:36:15 +02:00
Tim Jäger
0576bda744 vagrant: against libffi (#26440)
* Link vagrant against libffi

Vagrant requires libffi to run
with (vagrant-fsnotify)[https://github.com/adrienkohlbecker/vagrant-fsnotify].

* vagrant: nitpick
2017-06-08 07:20:10 +01:00
Jörg Thalheim
0d437af073 Merge pull request #26465 from sigma/pr/fzf-0.16.8
fzf: 0.16.7 -> 0.16.8
2017-06-08 07:10:42 +01:00
Eric Sagnes
a8b9b9b0d8 pythonPackages.Theano: 0.8.1 -> 0.9.0 2017-06-08 14:16:40 +09:00
Eric Sagnes
4f4ba1186e pythonPackages.Fabric: 1.10.2 -> 1.13.2 2017-06-08 13:26:37 +09:00
Yann Hodique
3ac67c1482 fzf: 0.16.7 -> 0.16.8 2017-06-07 17:53:20 -07:00
Michael Weiss
a7450098d4 maim: 3.4.47 -> 5.4.63 2017-06-08 01:51:34 +02:00