Merge master into staging

There are larger-rebuild changes: gnutls and samba.

5 files changed, 162 insertions, 4 deletions

diff --git a/pkgs/servers/ftp/vsftpd/CVE-2015-1419.patch b/pkgs/servers/ftp/vsftpd/CVE-2015-1419.patch
new file mode 100644
index 000000000000..0a6144395116
--- /dev/null
+++ b/pkgs/servers/ftp/vsftpd/CVE-2015-1419.patch
@@ -0,0 +1,104 @@
+Description: CVE-2015-1419: config option deny_file is not handled correctly
+Author: Marcus Meissner <meissner@suse.com>
+Origin: https://bugzilla.novell.com/show_bug.cgi?id=CVE-2015-1419
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776922
+Last-Update: 2015-02-24
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: trunk/ls.c
+===================================================================
+--- trunk.orig/ls.c
++++ trunk/ls.c
+@@ -7,6 +7,7 @@
+  * Would you believe, code to handle directory listing.
+  */
+ 
++#include <stdlib.h>
+ #include "ls.h"
+ #include "access.h"
+ #include "defs.h"
+@@ -243,11 +244,42 @@ vsf_filename_passes_filter(const struct
+   struct mystr temp_str = INIT_MYSTR;
+   struct mystr brace_list_str = INIT_MYSTR;
+   struct mystr new_filter_str = INIT_MYSTR;
++  struct mystr normalize_filename_str = INIT_MYSTR;
++  const char *normname;
++  const char *path;
+   int ret = 0;
+   char last_token = 0;
+   int must_match_at_current_pos = 1;
++
+   str_copy(&filter_remain_str, p_filter_str);
+-  str_copy(&name_remain_str, p_filename_str);
++
++  /* normalize filepath */
++  path = str_strdup(p_filename_str);
++  normname = realpath(path, NULL);
++  if (normname == NULL)
++     goto out;
++  str_alloc_text(&normalize_filename_str, normname);
++
++  if (!str_isempty (&filter_remain_str) && !str_isempty(&normalize_filename_str)) {
++    if (str_get_char_at(p_filter_str, 0) == '/') {
++      if (str_get_char_at(&normalize_filename_str, 0) != '/') {
++        str_getcwd (&name_remain_str);
++
++        if (str_getlen(&name_remain_str) > 1) /* cwd != root dir */
++          str_append_char (&name_remain_str, '/');
++
++        str_append_str (&name_remain_str, &normalize_filename_str);
++      }
++      else
++       str_copy (&name_remain_str, &normalize_filename_str);
++    } else {
++      if (str_get_char_at(p_filter_str, 0) != '{')
++        str_basename (&name_remain_str, &normalize_filename_str);
++      else
++        str_copy (&name_remain_str, &normalize_filename_str);
++    }
++  } else
++    str_copy(&name_remain_str, &normalize_filename_str);
+ 
+   while (!str_isempty(&filter_remain_str) && *iters < VSFTP_MATCHITERS_MAX)
+   {
+@@ -379,6 +411,9 @@ vsf_filename_passes_filter(const struct
+     ret = 0;
+   }
+ out:
++  free((char*) normname);
++  free((char*) path);
++  str_free(&normalize_filename_str);
+   str_free(&filter_remain_str);
+   str_free(&name_remain_str);
+   str_free(&temp_str);
+Index: trunk/str.c
+===================================================================
+--- trunk.orig/str.c
++++ trunk/str.c
+@@ -723,3 +723,14 @@ str_replace_unprintable(struct mystr* p_
+   }
+ }
+ 
++void
++str_basename (struct mystr* d_str, const struct mystr* path)
++{
++  static struct mystr tmp;
++
++  str_copy (&tmp, path);
++  str_split_char_reverse(&tmp, d_str, '/');
++
++  if (str_isempty(d_str))
++   str_copy (d_str, path);
++}
+Index: trunk/str.h
+===================================================================
+--- trunk.orig/str.h
++++ trunk/str.h
+@@ -101,6 +101,7 @@ void str_replace_unprintable(struct myst
+ int str_atoi(const struct mystr* p_str);
+ filesize_t str_a_to_filesize_t(const struct mystr* p_str);
+ unsigned int str_octal_to_uint(const struct mystr* p_str);
++void str_basename (struct mystr* d_str, const struct mystr* path);
+ 
+ /* PURPOSE: Extract a line of text (delimited by \n or EOF) from a string
+  * buffer, starting at character position 'p_pos'. The extracted line will
diff --git a/pkgs/servers/ftp/vsftpd/default.nix b/pkgs/servers/ftp/vsftpd/default.nix
index 3b9b32898e2f..f1ddf87e8c6a 100644
--- a/pkgs/servers/ftp/vsftpd/default.nix
+++ b/pkgs/servers/ftp/vsftpd/default.nix
@@ -8,6 +8,8 @@ stdenv.mkDerivation rec {
     sha256 = "0mjy345wszskz1vnk83360c1y37arwgap3gwz8hy13sjqpig0imy";
   };
 
+  patches = [ ./CVE-2015-1419.patch ];
+
   preConfigure = stdenv.lib.optionalString sslEnable ''
     echo "Will enable SSL"
     sed -i "/VSF_BUILD_SSL/s/^#undef/#define/" builddefs.h
diff --git a/pkgs/servers/nosql/cassandra/1.2.nix b/pkgs/servers/nosql/cassandra/1.2.nix
new file mode 100644
index 000000000000..75992ceb9ef5
--- /dev/null
+++ b/pkgs/servers/nosql/cassandra/1.2.nix
@@ -0,0 +1,52 @@
+{ stdenv
+, fetchurl
+, jre
+, python
+, makeWrapper
+, gawk
+, bash
+, getopt
+, procps
+}:
+
+let
+
+  version = "1.2.19";
+  sha256 = "0zkq3ggpk8ra2siar43vmrn6lmvn902p1g2lrgb46ak1vii6w30w";
+
+in
+
+stdenv.mkDerivation rec {
+  name = "cassandra-${version}";
+
+  src = fetchurl {
+    inherit sha256;
+    url = "http://apache.cs.utah.edu/cassandra/${version}/apache-${name}-bin.tar.gz";
+  };
+
+  nativeBuildInputs = [ makeWrapper ];
+
+  installPhase = ''
+    mkdir $out
+    mv * $out
+
+    for cmd in cassandra nodetool sstablekeys sstableloader sstableupgrade
+      do wrapProgram $out/bin/$cmd \
+        --set JAVA_HOME ${jre} \
+        --prefix PATH : ${bash}/bin \
+        --prefix PATH : ${getopt}/bin \
+        --prefix PATH : ${gawk}/bin \
+        --prefix PATH : ${procps}/bin
+    done
+
+    wrapProgram $out/bin/cqlsh --prefix PATH : ${python}/bin
+    '';
+
+  meta = with stdenv.lib; {
+    homepage = http://cassandra.apache.org/;
+    description = "A massively scalable open source NoSQL database";
+    platforms = with platforms; all;
+    license = licenses.asl20;
+    maintainers = with maintainers; [ bcarrell ];
+  };
+}
diff --git a/pkgs/servers/samba/4.x.nix b/pkgs/servers/samba/4.x.nix
index a31846c54aab..1cdf7ad2ed00 100644
--- a/pkgs/servers/samba/4.x.nix
+++ b/pkgs/servers/samba/4.x.nix
@@ -19,11 +19,11 @@
 with lib;
 
 stdenv.mkDerivation rec {
-  name = "samba-4.2.1";
+  name = "samba-4.2.3";
 
   src = fetchurl {
     url = "mirror://samba/pub/samba/stable/${name}.tar.gz";
-    sha256 = "1hsakc8h6rs48xr6i55m90pd53hpxcqjjnlwq8i2rp0nq4ws5sip";
+    sha256 = "0z2c17d2id0m59mfdxdljhizp97l29clmw6g5zp93n0q92pabpxn";
   };
 
   patches =
diff --git a/pkgs/servers/sql/mariadb/default.nix b/pkgs/servers/sql/mariadb/default.nix
index 1e962f5df90d..27383721cebb 100644
--- a/pkgs/servers/sql/mariadb/default.nix
+++ b/pkgs/servers/sql/mariadb/default.nix
@@ -5,11 +5,11 @@
 with stdenv.lib;
 stdenv.mkDerivation rec {
   name = "mariadb-${version}";
-  version = "10.0.19";
+  version = "10.0.20";
 
   src = fetchurl {
     url    = "https://downloads.mariadb.org/interstitial/mariadb-${version}/source/mariadb-${version}.tar.gz";
-    sha256 = "0cm1j4805ypbmrhajn4ar5rqsis1p5haxs7c04b6k540gmfmxgrg";
+    sha256 = "0ywb730l68mxvmpik1x2ndbdaaks6dmc17pxspspm5wlqxinjkrs";
   };
 
   buildInputs = [ cmake ncurses openssl zlib pcre libxml2 boost judy bison libevent ]