summary refs log tree commit diff
Commit message (Collapse)AuthorAge
* nixos/google-network-daemon: systemd job type simple instead of oneshot (#49692)Sarah Brofeldt2018-11-03
|
* Merge pull request #48082 from sengaya/ansible-2.7Renaud2018-11-03
|\ | | | | ansible: Update to latest supported releases
| * ansible-lint: fix install testsThilo Uttendorfer2018-11-03
| |
| * ansible_2_7: init at 2.7.1Thilo Uttendorfer2018-11-03
| |
| * ansible_2_6: 2.6.2 -> 2.6.7Thilo Uttendorfer2018-11-03
| |
| * ansible_2_5: 2.5.2 -> 2.5.11Thilo Uttendorfer2018-11-03
| |
* | Merge pull request #49650 from srghma/srghma-patch-1Florian Klink2018-11-03
|\ \ | | | | | | amazon-image: fix typo in comment
| * | fix typoSergei Khoma2018-06-03
| | | | | | | | | based on https://www.ec2instances.info/
* | | tootle: 0.1.5 -> 0.2.0Will Dietz2018-11-03
| | | | | | | | | | | | https://github.com/bleakgrey/tootle/releases/tag/0.2.0
* | | pythonPackages.fastpbkdf2: init at 0.2 (#47988)Jonathan Queiroz2018-11-03
| | |
* | | Merge pull request #49645 from peterhoeg/p/broadlinkRobert Schütz2018-11-03
|\ \ \ | | | | | | | | pythonPackages.broadlink: init at 0.9
| * | | home-assistant: make broadlink module availablePeter Hoeg2018-11-02
| | | |
| * | | pythonPackages.broadlink: init at 0.9Peter Hoeg2018-11-02
| | | |
* | | | home-assistant: 0.81.2 -> 0.81.5Robert Schütz2018-11-03
| | | |
* | | | Merge pull request #49559 from ikarulus/librepcbRenaud2018-11-03
|\ \ \ \ | | | | | | | | | | bump version librepcb-unstable: 2018-06-28 -> 2018-10-31
| * | | | librepcb-unstable: 2018-06-28 -> 2018-10-31Ikarulus2018-11-03
| | | | |
* | | | | Merge pull request #48496 from rvl/bpftraceRenaud2018-11-03
|\ \ \ \ \ | | | | | | | | | | | | linuxPackages.bpftrace: init at unstable-2018-10-27
| * | | | | linuxPackages.bpftrace: init at unstable-2018-10-27Rodney Lorrimar2018-10-28
| | | | | |
* | | | | | Merge pull request #49672 from gnidorah/maxxmarkuskowa2018-11-03
|\ \ \ \ \ \ | | | | | | | | | | | | | | maxx: fix urls
| * | | | | | maxx: fix urlsgnidorah2018-11-03
| | | | | | |
* | | | | | | Merge pull request #49660 from kquick/yices-2.6.1markuskowa2018-11-03
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | yices: 2.6.0 -> 2.6.1
| * | | | | | | yices: 2.6.0 -> 2.6.1Kevin Quick2018-11-02
| | | | | | | |
* | | | | | | | Merge pull request #49652 from dtzWill/update/tor-0.3.4.9Joachim F2018-11-03
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | tor: 0.3.4.8 -> 0.3.4.9
| * | | | | | | | tor: 0.3.4.8 -> 0.3.4.9Will Dietz2018-11-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://gitweb.torproject.org/tor.git/plain/ChangeLog?h=tor-0.3.4.9 Please confirm the sha256 is correct for a verified tarball, I'm not setup (or know how offhand but docs look promising) to do this myself.
* | | | | | | | | Merge #49677: thunderbird*: 60.2.1 -> 60.3.0Vladimír Čunát2018-11-03
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Critical security fixes.
| * | | | | | | | | thunderbird: 60.2.1 -> 60.3.0taku02018-11-03
| | | | | | | | | |
| * | | | | | | | | thunderbird-bin: 60.2.1 -> 60.3.0taku02018-11-01
| | | | | | | | | |
* | | | | | | | | | python.pkgs.bsddb3: enable python3 and testsFrederik Rietdijk2018-11-03
| | | | | | | | | |
* | | | | | | | | | Merge pull request #49663 from flokli/gitlab-11.4.4Florian Klink2018-11-03
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | gitlab: 11.4.3 -> 11.4.4
| * | | | | | | | | | gitlab: 11.4.3 -> 11.4.4Florian Klink2018-11-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | SSRF in Kubernetes integration The GitLab Kubernetes integration was vulnerable to a SSRF issue which could allow an attacker to make requests to access any internal URLs. The issue is now mitigated in the latest release and is assigned CVE-2018-18843.
* | | | | | | | | | | Merge pull request #49585 from periklis/libid3tag-sec-fixesMateusz Kowalczyk2018-11-03
|\ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | libid3tag: patch CVE-2017-11550 and CVE-2017-11551
| * | | | | | | | | | | libid3tag: patch CVE-2017-11550 and CVE-2017-11551Periklis Tsirakidis2018-11-01
| | | | | | | | | | | |
* | | | | | | | | | | | Merge pull request #49680 from symphorien/nix-du-0.3Gabriel Ebner2018-11-03
|\ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | nix-du: 0.2.0 -> 0.3.0
| * | | | | | | | | | | | nix-du: 0.2.0 -> 0.3.0Symphorien Gibol2018-11-03
| | | | | | | | | | | | |
* | | | | | | | | | | | | jq: 1.5 -> 1.6Will Dietz2018-11-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * jq: 1.5 -> 1.6 (!!) (last release was in 2015! :)) * jq: drop darwin patch, appears resolved by upgrade commit history isn't that long, and has a few addressing behavior on osx re:strptime-- and since this patch doesn't apply it seems likely it's been resolved but probably can be checked by any interested folks w/darwin.
* | | | | | | | | | | | | Merge pull request #49467 from CharlesHD/submit/cmusfmRenaud2018-11-03
|\ \ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | cmusfm: init at 2018-10-11
| * | | | | | | | | | | | | cmusfm: init at 2018-10-11CharlesHD2018-10-31
| | | | | | | | | | | | | |
* | | | | | | | | | | | | | Merge pull request #49666 from averelld/rPackages.ps-build-fixPeter Simons2018-11-03
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | r-ps: patchShebangs in ./configure to fix build
| * | | | | | | | | | | | | | r-ps: patchShebangs in ./configure to fix buildAverell Dalton2018-11-02
| | | | | | | | | | | | | | |
* | | | | | | | | | | | | | | Merge pull request #49674 from typetetris/fix-46130Peter Simons2018-11-03
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | haskellPackages.sdl2: test-suite needs x server, so deactivate it
| * | | | | | | | | | | | | | | haskellPackages.sdl2: test-suite needs x server, so deactivate itEric Wolf2018-11-03
| | |_|_|_|_|_|_|_|_|_|_|_|_|/ | |/| | | | | | | | | | | | |
* | | | | | | | | | | | | | | Merge pull request #49673 from danieldk/cargo-asm-securityVladyslav M2018-11-03
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ \ | |_|_|_|_|_|_|_|_|_|/ / / / / |/| | | | | | | | | | | | | | cargo-asm: fix build on macOS Mojave
| * | | | | | | | | | | | | | cargo-asm: fix build on macOS MojaveDaniël de Kok2018-11-03
|/ / / / / / / / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Building cargo-asm on Mojave fails with ld: framework not found Security Add Security as a build input.
* | | | | | | | | | | | | | autoPatchelfHook: Correctly detect PIE binariesaszlig2018-11-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I originally thought it would just be enough to just check for an INTERP section in isExecutable, however this would mean that we don't detect statically linked ELF files, which would break our recent improvement to gracefully handle those. In theory, we are only interested in ELF files that have an INTERP section, so checking for INTERP would be enough. Unfortunately the isExecutable function is already used outside of autoPatchelfHook, so we can't easily get rid of it now, so let's actually strive for more correctness and make isExecutable actually match ELF files that are executable. So what we're doing instead now is to check whether either the ELF type is EXEC *or* we have an INTERP section and if one of them is true we should have an ELF executable, even if it's statically linked. Along the way I also set LANG=C for the invocations of readelf, just to be sure we don't get locale-dependent output. Tested this with the following command (which contains almost[1] all the packages using autoPatchelfHook), checking whether we run into any library-related errors: nix-build -E 'with import ./. { config.allowUnfree = true; }; runCommand "test-executables" { drvs = [ anydesk cups-kyodialog3 elasticsearch franz gurobi masterpdfeditor oracle-instantclient powershell reaper sourcetrail teamviewer unixODBCDrivers.msodbcsql17 virtlyst vk-messenger wavebox zoom-us ]; } ("for i in $drvs; do for b in $i/bin/*; do " + "[ -x \"$b\" ] && timeout 10 \"$b\" || :; done; done") ' Apart from testing against library-related errors I also compared the resulting store paths against the ones prior to this commit. Only anydesk and virtlyst had the same as they didn't have self-references, everything else differed only because of self-references, except elasticsearch, which had the following PIE binaries: * modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/autoconfig * modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/autodetect * modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/categorize * modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/controller * modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/normalize These binaries were now patched, which is what this commit is all about. [1]: I didn't include the "maxx" package (MaXX Interactive Desktop) because the upstream URLs are no longer existing and I couldn't find them elsewhere on the web. Signed-off-by: aszlig <aszlig@nix.build> Fixes: https://github.com/NixOS/nixpkgs/issues/48330 Cc: @gnidorah (for MaXX Interactive Desktop)
* | | | | | | | | | | | | | Revert "stage.nix: pkgsi686Linux only works on x86 family"Matthew Bauer2018-11-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 78ca6d885ffbeba8b2cfe1fe68c3980e74fd4e5d. Broke eval on aarch64
* | | | | | | | | | | | | | Merge pull request #49629 from marsam/feature/fixes-pyreJörg Thalheim2018-11-03
|\ \ \ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | pyre: 0.0.14 -> 0.0.17
| * | | | | | | | | | | | | | pyre: 0.0.14 -> 0.0.17Mario Rodas2018-11-02
| | | | | | | | | | | | | | |
| * | | | | | | | | | | | | | pyre: enable testsMario Rodas2018-11-01
| | | | | | | | | | | | | | |
| * | | | | | | | | | | | | | pyre: fix darwin buildMario Rodas2018-11-01
| | | | | | | | | | | | | | |
* | | | | | | | | | | | | | | stage.nix: pkgsi686Linux only works on x86 familyMatthew Bauer2018-11-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | aarch64 cpus are going to break on pkgsi686Linux packages. See this error: https://hydra.nixos.org/build/82962379/
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-04 07:28:49 +0000