Commit graph

82974 commits

Author SHA1 Message Date
Joachim Fasting
0bd31bce10
grsecurity: drop support for 4.4 kernels
From now on, only the testing branch of grsecurity will be supported.
Additionally, use only patches from upstream.

It's impossible to provide meaningful support for grsecurity stable.
First, because building and testing \(m \times n \times z) [1], packages
is infeasible.  Second, because stable patches are only available from
upstream for-pay, making us reliant on third-parties for patches. In
addition to creating yet more work for the maintainers, using stable
patches provided by a third-party goes against the wishes of upstream.

nixpkgs provides the tools necessary to build grsecurity kernels for any
version the user chooses, however, provided they pay for, or otherwise
acquire, the patch themselves.

Eventually, we'll want to remove the now obsolete top-level attributes,
but leave them in for now to smoothe migration (they have been removed
from top-level/release.nix, though, because it makes no sense to have
them there).

[1]: where \(m\) is the number of grsecurity flavors, \(n\) is the
number of kernel versions, and z is the size of the `linuxPackages` set
2016-05-04 01:07:53 +02:00
Tobias Geerinckx-Rice
63a63c53d6
poppler: 0.36.0 -> 0.43.0 2016-05-04 00:40:03 +02:00
Tobias Geerinckx-Rice
d6e4c1b750
thinkfan: install manual, README and examples
READMEs usually just waste those precious kilobytes, but both the
manual page and --help output refer to this one quite a bit.
2016-05-04 00:39:51 +02:00
José Romildo Malaquias
41b5de4773 xfce4-whiskermenu-plugin: 1.5.2 -> 1.5.3 2016-05-03 19:13:09 -03:00
obadz
b1bf11881a spdlog: init at 292bdc5 2016-05-03 23:05:37 +01:00
José Romildo Malaquias
518b9abfd5 xfce4-whiskermenu-plugin: the xfce4-panel binary is in ${xfce4panel.out} 2016-05-03 19:03:46 -03:00
Mitchell Pleune
571e9b5f1f bspwm: add _JAVA_AWT_WM_NONREPARENTING=1
bspwm is not in java's internal list of non-reparrenting
window managers. See https://awesomewm.org/wiki/Problems_with_Java
2016-05-03 17:46:48 -04:00
Tobias Geerinckx-Rice
db3ee01ab6
geolite-legacy: 2016-05-02 -> 2016-05-03 2016-05-03 23:42:08 +02:00
Bjørn Forsman
78b6e8c319 jenkins service: improve curl call in postStart
* Perform HTTP HEAD request instead of full GET (lighter weight)
* Don't log output of curl to the journal (it's noise/debug)
* Use explicit http:// URL scheme
* Reduce poll interval from 10s to 2s (respond to state changes
  quicker). Probably not relevant on boot (lots of services compete for
  the CPU), but online service restarts/reloads should be quicker.
* Pass --fail to curl (should be more robust against false positives)
* Use 4 space indent for shell code.
2016-05-03 23:12:45 +02:00
Bjørn Forsman
51e5beca42 jenkins service: remove unneeded (and brittle) part of postStart
The current postStart code holds Jenkins off the "started" state until
Jenkins becomes idle. But it should be enough to wait until Jenkins
start handling HTTP requests to consider it "started".

More reasons why the current approach is bad and we should remove it,
from @coreyoconnor in
https://github.com/NixOS/nixpkgs/issues/14991#issuecomment-216572571:

  1. Repeatedly curling for a specific human-readable string to
  determine "Active" is fragile. For instance, what happens when jenkins
  is localized?

  2. The time jenkins takes to initializes is variable. This (at least
  used to) depend on the number of jobs and any plugin upgrades requested.

  3. Jenkins can be requested to restart from the UI. Which will not
  affect the status of the service. This means that the service being
  "active" does not imply jenkins is initialized. Downstream services
  cannot assume jenkins is initialized if the service is active. Might
  as well accept that and remove the initialized test from service
  startup.

Fixes #14991.
2016-05-03 22:24:13 +02:00
aszlig
e7d3166656
nixos/tests/netboot: Fix evaluation error
Regression introduced by dfe608c8a2.

The commit turns the two arguments into one attrset argument so we need
to adapt that to use the new calling convention.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-03 22:05:11 +02:00
Arseniy Seroka
82475a9a7c Merge pull request #15175 from magnetophon/linuxband
linuxband: init at 12.02.1
2016-05-03 22:58:43 +03:00
Arseniy Seroka
f3eca5f5d2 Merge pull request #15196 from groxxda/bump/connman
connman: 1.31 -> 1.32
2016-05-03 22:58:20 +03:00
Arseniy Seroka
c9fb51451a Merge pull request #15197 from romildo/upd.gtk-xfce-engine
gtk-xfce-engine: 2.10.1 -> 3.2.0
2016-05-03 22:58:02 +03:00
Tobias Geerinckx-Rice
31253ad957
cdrtools: 3.02a03 -> 3.02a06 2016-05-03 20:41:19 +02:00
Tobias Geerinckx-Rice
d4d6d9d3d2
ortp: 0.24.2 -> 0.25.0 2016-05-03 20:41:19 +02:00
Tobias Geerinckx-Rice
ff6a98612c
seccure: 0.4 -> 0.5 2016-05-03 20:41:19 +02:00
Thomas Tuegel
147d942b54 julia: remove ttuegel from maintainers
ttuegel has not used julia in some time
2016-05-03 13:34:50 -05:00
Alexander Ried
82c141b999 Revert "iptables: add 1.6 branch (init 1.6.0). Not making it the default this time."
This reverts commit 74f7916a9a.

Time to make it the default.
2016-05-03 20:29:52 +02:00
Michael Raskin
0bc13e3af2 iptables: 1.4.21 -> 1.6.0 2016-05-03 20:29:30 +02:00
Tuomas Tynkkynen
980bca286e gcc 4.5, 4.6: Remove broken update-gcc.sh symlinks 2016-05-03 21:29:16 +03:00
José Romildo Malaquias
f0da9ff412 gtk-xfce-engine: add support to Gtk3 2016-05-03 15:18:23 -03:00
José Romildo Malaquias
f72a2faa28 gtk-xfce-engine: 2.10.1 -> 3.2.0 2016-05-03 15:14:50 -03:00
Alexander Ried
d74335da85 connman: make dependency on awk explicit 2016-05-03 20:10:58 +02:00
Alexander Ried
b95eebec65 connman: 1.31 -> 1.32
fetch release tarball instead of git checkout and drop autotools

This update is compatible with iptables 1.6.0 (see #12178)
2016-05-03 20:10:54 +02:00
Tobias Geerinckx-Rice
959472a824
nginx: 1.8.1 -> 1.10.0
Changes: http://nginx.org/en/CHANGES-1.10
2016-05-03 20:05:57 +02:00
Alexander Ried
a0a6a3df88 libcap: Move old libcap_* aliases to aliases.nix 2016-05-03 19:52:53 +02:00
Alexander Ried
5c295a4925 libcap: Replace occurences of libcap_progs with libcap.out 2016-05-03 19:52:53 +02:00
Alexander Ried
7382afac40 libcap: replace old split with multi-output 2016-05-03 19:52:10 +02:00
Alexander Ried
64ef643833 libcap: 2.24 -> 2.25 2016-05-03 19:52:10 +02:00
Alexander Ried
3fe746cfc2 tinc_pre: 1.1pre-git2016.01.28 -> 1.1pre-14 (#15192)
split the documentation output
remove the tinc-gui binary because python dependencies are not fulfilled
2016-05-03 19:39:53 +02:00
Tobias Geerinckx-Rice
bf81306848
gandi-cli: pull out of python-packages.nix 2016-05-03 18:28:23 +02:00
Franz Pletz
6d55b2e9c0 libressl: 2.2.6 -> 2.2.7, 2.3.3 -> 2.3.4
Fix multiple vulnerabilities in libcrypto relating to ASN.1 and encoding.

http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.7-relnotes.txt
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.4-relnotes.txt
2016-05-03 17:22:35 +02:00
Eelco Dolstra
520a7b88db Merge pull request #15191 from nathan7/master
openssl: 1.0.1s -> 1.0.1t, 1.0.2g -> 1.0.2h (CVE-2016-2108 CVE-2016-2107 CVE-2016-2105 CVE-2016-2106 CVE-2016-2109 CVE-2016-2176) [urgent/security]
2016-05-03 17:05:48 +02:00
Nathan Zadoks
bdafc6df04 openssl: 1.0.1s -> 1.0.1t, 1.0.2g -> 1.0.2h
CVE-2016-2108, high severity: Memory corruption in the ASN.1 encoder
CVE-2016-2107, high severity: Padding oracle in AES-NI CBC MAC check
CVE-2016-2105, low severity: EVP_EncodeUpdate overflow
CVE-2016-2106, low severity: EVP_EncryptUpdate overflow
CVE-2016-2109, low severity: ASN.1 BIO excessive memory allocation
CVE-2016-2176, low severity: EBCDIC overread
2016-05-03 10:54:15 -04:00
Sebastian Gniazdowski
7c0063bf15 zsh-navigation-tools: 1.4 -> 2.0.7 2016-05-03 14:46:43 +00:00
Franz Pletz
5ca8694095 debootstrap: 1.0.68 -> 1.0.80 2016-05-03 16:15:20 +02:00
Franz Pletz
4825d4033e ddrescue: 1.20 -> 1.21 2016-05-03 16:15:20 +02:00
Franz Pletz
b5fdb8585b di: 4.36 -> 4.37 2016-05-03 16:15:20 +02:00
Franz Pletz
9da6390bae ethtool: 4.0 -> 4.5 2016-05-03 16:15:20 +02:00
Franz Pletz
b8aaa3f130 fping: 3.10 -> 3.13 2016-05-03 16:15:20 +02:00
Franz Pletz
d5dd5e05f1 glxinfo: 8.1.0 -> 8.3.0 2016-05-03 16:15:20 +02:00
Franz Pletz
d1998b93d7 lftp: 4.6.4 -> 4.7.1 2016-05-03 16:15:20 +02:00
Franz Pletz
1ec3e71971 libdvdread: 5.0.2 -> 5.0.3 2016-05-03 16:15:20 +02:00
Franz Pletz
18964796e6 mc: 4.8.12 -> 4.8.16 2016-05-03 16:15:20 +02:00
Franz Pletz
d7338bf9d7 msmtp: 1.6.2 -> 1.6.4 2016-05-03 16:15:20 +02:00
Franz Pletz
dd3c18fe22 openh264: 1.4.0 -> 1.5.0 2016-05-03 16:15:20 +02:00
Franz Pletz
b701ea82e7 netperf: 2.6.0 -> 2.7.0 2016-05-03 16:15:20 +02:00
Franz Pletz
50884acd84 lzip: 1.16 -> 1.17 2016-05-03 16:15:20 +02:00
Franz Pletz
dc576f9403 libxmp: 4.3.11 -> 4.3.12 2016-05-03 16:15:20 +02:00