Merge remote-tracking branch 'upstream/master' into staging

nixos/modules/services/printing/cupsd.nix

@@ -277,7 +277,7 @@ in
     # gets loaded, and then cups cannot access the printers.
     boot.blacklistedKernelModules = [ "usblp" ];
 
-    systemd.packages = [ cups ];
+    systemd.packages = [ cups.out ];
 
     systemd.services.cups =
       { wantedBy = [ "multi-user.target" ];

pkgs/applications/misc/xdgmenumaker/default.nix

@@ -0,0 +1,38 @@
+{ stdenv, fetchFromGitHub, txt2tags, python2Packages }:
+
+stdenv.mkDerivation rec {
+  name = "xdgmenumaker-${version}";
+  version = "0.9";
+
+  src = fetchFromGitHub {
+    rev = version;
+    owner = "gapan";
+    repo = "xdgmenumaker";
+    sha256 = "1n29syadsgj0vpnkc8nji4k1c8gminr1xdriz5ck2bcygsgxkdrd";
+  };
+
+  nativeBuildInputs = [
+    txt2tags
+    python2Packages.wrapPython
+  ];
+
+  pythonPath = [
+    python2Packages.pyxdg
+    python2Packages.pygtk
+  ];
+
+  installPhase = ''
+    make install PREFIX=$out DESTDIR=
+    wrapProgram "$out/bin/xdgmenumaker" \
+      --prefix XDG_DATA_DIRS : "$out/share"
+    wrapPythonPrograms
+  '';
+  
+  meta = with stdenv.lib; {
+    description = "Command line tool that generates XDG menus for several window managers";
+    homepage = https://github.com/gapan/xdgmenumaker;
+    license = licenses.gpl2Plus;
+    platforms = platforms.unix;
+    maintainers = [ maintainers.romildo ];
+  };
+}

pkgs/applications/networking/irc/irssi/default.nix

@@ -18,6 +18,7 @@ stdenv.mkDerivation rec {
 
   meta = {
     homepage    = http://irssi.org;
+    description = "A terminal based IRC client";
     platforms   = stdenv.lib.platforms.unix;
     maintainers = with stdenv.lib.maintainers; [ lovek323 ];
   };

pkgs/applications/networking/mailreaders/neomutt/default.nix

@@ -0,0 +1,51 @@
+{ stdenv, fetchFromGitHub, which, autoconf, automake, ncurses, perl
+, cyrus_sasl, gdbm, gpgme, kerberos, libidn, notmuch, openssl }:
+
+stdenv.mkDerivation rec {
+  version = "20160416";
+  name = "neomutt-${version}";
+
+  src = fetchFromGitHub {
+    owner = "neomutt";
+    repo = "neomutt";
+    rev = "neomutt-${version}";
+    sha256 = "1sgc77fyjcf859y896w208fw4rxd0bzhp0c7cp3vacb7lqr07ngb";
+  };
+
+  buildInputs =
+    [ autoconf automake cyrus_sasl gdbm gpgme kerberos libidn ncurses
+      notmuch which openssl perl ];
+
+  configureFlags = [
+    "--enable-debug"
+    "--enable-gpgme"
+    "--enable-hcache"
+    "--enable-imap"
+    "--enable-notmuch"
+    "--enable-pgp"
+    "--enable-pop"
+    "--enable-sidebar"
+    "--enable-smtp"
+    "--with-homespool=mailbox"
+    "--with-gss"
+    "--with-mailpath="
+    "--with-ssl"
+    "--with-sasl"
+    "--with-curses"
+    "--with-regex"
+    "--with-idn"
+
+    # Look in $PATH at runtime, instead of hardcoding /usr/bin/sendmail
+    "ac_cv_path_SENDMAIL=sendmail"
+  ];
+
+  configureScript = "./prepare";
+
+  meta = with stdenv.lib; {
+    description = "A small but very powerful text-based mail client";
+    homepage = http://www.neomutt.org;
+    license = stdenv.lib.licenses.gpl2Plus;
+    platforms = platforms.unix;
+    maintainers = with maintainers; [ hiberno cstrahan ];
+  };
+}

pkgs/development/compilers/gcc/4.9/default.nix

@@ -73,8 +73,8 @@ let version = "4.9.3";
       ++ optional langAda ../gnat-cflags.patch
       ++ optional langFortran ../gfortran-driving.patch
       # The NXConstStr.patch can be removed at 4.9.4
-      ++ optional stdenv.isDarwin ../gfortran-darwin-NXConstStr.patch; 
-	  
+      ++ optional stdenv.isDarwin ../gfortran-darwin-NXConstStr.patch;
+
     javaEcj = fetchurl {
       # The `$(top_srcdir)/ecj.jar' file is automatically picked up at
       # `configure' time.
@@ -218,7 +218,8 @@ stdenv.mkDerivation ({
 
   inherit patches;
 
-  outputs = if langJava then ["out" "man" "info"] else [ "out" "lib" "man" "info" ];
+  outputs = if langJava || langGo then ["out" "man" "info"]
+    else [ "out" "lib" "man" "info" ];
   setOutputFlags = false;
   NIX_NO_SELF_RPATH = true;
 
@@ -316,7 +317,7 @@ stdenv.mkDerivation ({
       )
     fi
   ''
-  + stdenv.lib.optionalString langJava ''
+  + stdenv.lib.optionalString (langJava || langGo) ''
     export lib=$out;
   ''
   ;

pkgs/development/compilers/ghcjs/default.nix

@@ -40,8 +40,8 @@
 
 , ghcjsBootSrc ? fetchgit {
     url = git://github.com/ghcjs/ghcjs-boot.git;
-    rev = "97dea5c4145bf80a1e7cffeb1ecd4d0ecacd5a2f";
-    sha256 = "1cgjzm595l2dx6fibzbkyv23bp1857qia0hb9d8aghf006al558j";
+    rev = "758e79e420403e0f6625eda19b10c46564f7cbb5";
+    sha256 = "0gq1mc86cb2z875a7sdj44yy8g95rwxzkl3z1q8gg33k05s3b58r";
     fetchSubmodules = true;
   }
 , ghcjsBoot ? import ./ghcjs-boot.nix {
@@ -60,8 +60,8 @@ in mkDerivation (rec {
   src = fetchFromGitHub {
     owner = "ghcjs";
     repo = "ghcjs";
-    rev = "13a99c6da40e3700e070e430d4c0f2ea96217b24";
-    sha256 = "01yg6babmhn2bfbmgkddisfj9ai7fc4r08s6acd49s9amcw7g5ld";
+    rev = "689c7753f50353dd05606ed79c51cd5a94d3922a";
+    sha256 = "076020a9gjv8ldj5ckm43sbzq9s6c5xj6lpd8v28ybpiama3m6b4";
   };
   isLibrary = true;
   isExecutable = true;

pkgs/development/compilers/ghcjs/shims.nix

@@ -2,6 +2,6 @@
 fetchFromGitHub {
   owner = "ghcjs";
   repo = "shims";
-  rev = "4df1808d03117ddcd45f276f0ddd85c73e59506a";
-  sha256 = "0nay4pmq3yqqvpz23709i3729840idpcc2ii2jd0xvaj1z61adda";
+  rev = "dc034a035aa73db2c5be34145732090bd74c1b57";
+  sha256 = "18r8kf7g7d2n0rhwcgiz9gsgdmgln1nmwwyj347bpn4zh17qlkqa";
 }

pkgs/development/haskell-modules/ghcjs/stage2.nix

@@ -324,7 +324,7 @@
       }:
       mkDerivation {
         pname = "Cabal";
-        version = "1.22.4.0";
+        version = "1.22.8.0";
         src = "${ghcjsBoot}/boot/cabal/Cabal";
         doCheck = false;
         libraryHaskellDepends = [

pkgs/development/libraries/nghttp2/default.nix

@@ -38,7 +38,7 @@ stdenv.mkDerivation rec {
 
   # Don't use fetchFromGitHub since this needs a bootstrap curl
   src = fetchurl {
-    url = "http://http.debian.net/debian/pool/main/n/nghttp2/nghttp2_${version}.orig.tar.bz2";
+    url = "https://github.com/nghttp2/nghttp2/releases/download/v${version}/nghttp2-${version}.tar.bz2";
     sha256 = "10xz3s624w208pr9xgm4ammc8bc5mi17vy4357hjfd5vmmp5m8b0";
   };
 

pkgs/misc/cups/drivers/brgenml1cupswrapper/default.nix

@@ -1,4 +1,5 @@
-{ stdenv, fetchurl, cups, perl, brgenml1lpr, debugLvl ? "0"}:
+{ stdenv, fetchurl, makeWrapper, cups, perl, coreutils, gnused, gnugrep
+, brgenml1lpr, debugLvl ? "0"}:
 
 /*
     [Setup instructions](http://support.brother.com/g/s/id/linux/en/instruction_prn1a.html).
@@ -21,14 +22,11 @@
 
      1.  >  Error: /tmp/brBrGenML1rc_15642 :cannot open file !!
 
-        This is a non fatal issue. The job will still be printed. However, not sure
-        what kind of information could be lost.
-
-        There should be a more elegant way to patch this.
+        Fixed.
 
      2.  >  touch: cannot touch '/tmp/BrGenML1_latest_print_info': Permission denied
 
-        TODO: Address.
+        Fixed.
 
      3.  >  perl: warning: Falling back to the standard locale ("C").
     
@@ -40,6 +38,17 @@
             perl: warning: Setting locale failed.
 
         TODO: Address.
+
+     4. Since nixos 16.03 release, in `brother_lpdwrapper_BrGenML1`:
+
+        > sh: grep: command not found
+          sh: chmod: command not found
+          sh: cp: command not found
+          Error: /tmp/brBrGenML1rc_1850 :cannot open file !!
+          sh: sed: command not found
+
+        Fixed by use of a wrapper that brings `coreutils`, `gnused`, `gnugrep`
+        in `PATH`.
 */
 
 stdenv.mkDerivation rec {
@@ -55,7 +64,10 @@ stdenv.mkDerivation rec {
     tar xfvz data.tar.gz
   '';
 
-  buildInputs = [ cups perl brgenml1lpr ];
+  nativeBuildInputs = [ makeWrapper ];
+  buildInputs = [ cups perl coreutils gnused gnugrep brgenml1lpr ];
+
+  configurePhase = ":";
   buildPhase = ":";
 
   patchPhase = ''
@@ -67,7 +79,7 @@ stdenv.mkDerivation rec {
       --replace "PRINTER =~" "PRINTER = \"BrGenML1\"; #" \
       --replace "\$DEBUG=0;" "\$DEBUG=${debugLvl};"
 
-    # Fixing issue #2.
+    # Fixing issue #1 and #2.
     substituteInPlace $WRAPPER \
       --replace "\`cp " "\`cp -p " \
       --replace "\$TEMPRC\`" "\$TEMPRC; chmod a+rw \$TEMPRC\`" \
@@ -78,22 +90,30 @@ stdenv.mkDerivation rec {
       --replace "/etc/cups/ppd" "$out/share/cups/model"
   '';
 
+
   installPhase = ''
-    CUPSFILTER=$out/lib/cups/filter
-    CUPSPPD=$out/share/cups/model
+    CUPSFILTER_DIR=$out/lib/cups/filter
+    CUPSPPD_DIR=$out/share/cups/model
+    CUPSWRAPPER_DIR=opt/brother/Printers/BrGenML1/cupswrapper
 
-    CUPSWRAPPER=opt/brother/Printers/BrGenML1/cupswrapper
-    mkdir -p $out/$CUPSWRAPPER
-    cp -rp $CUPSWRAPPER/* $out/$CUPSWRAPPER
+    mkdir -p $out/$CUPSWRAPPER_DIR
+    cp -rp $CUPSWRAPPER_DIR/* $out/$CUPSWRAPPER_DIR
 
-    mkdir -p $CUPSFILTER
-    ln -s $out/$CUPSWRAPPER/brother_lpdwrapper_BrGenML1 $CUPSFILTER
+    mkdir -p $CUPSFILTER_DIR
+    # Fixing issue #4.
+    makeWrapper \
+      $out/$CUPSWRAPPER_DIR/brother_lpdwrapper_BrGenML1 \
+      $CUPSFILTER_DIR/brother_lpdwrapper_BrGenML1 \
+      --prefix PATH : ${coreutils}/bin \
+      --prefix PATH : ${gnused}/bin \
+      --prefix PATH : ${gnugrep}/bin
 
-    mkdir -p $CUPSPPD
-    ln -s $out/$CUPSWRAPPER/brother-BrGenML1-cups-en.ppd $CUPSPPD
+    mkdir -p $CUPSPPD_DIR
+    ln -s $out/$CUPSWRAPPER_DIR/brother-BrGenML1-cups-en.ppd $CUPSPPD_DIR
   '';
 
   dontPatchELF = true;
+  dontStrip = true;
 
   meta = {
     description = "Brother BrGenML1 CUPS wrapper driver";

pkgs/tools/networking/openssh/CVE-2015-8325.patch

@@ -0,0 +1,28 @@
+From 85bdcd7c92fe7ff133bbc4e10a65c91810f88755 Mon Sep 17 00:00:00 2001
+From: Damien Miller <djm@mindrot.org>
+Date: Wed, 13 Apr 2016 10:39:57 +1000
+Subject: [PATCH] ignore PAM environment vars when UseLogin=yes
+
+If PAM is configured to read user-specified environment variables
+and UseLogin=yes in sshd_config, then a hostile local user may
+attack /bin/login via LD_PRELOAD or similar environment variables
+set via PAM.
+
+CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
+---
+ session.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/session.c b/session.c
+index 4859245..4653b09 100644
+--- a/session.c
++++ b/session.c
+@@ -1322,7 +1322,7 @@ do_setup_env(Session *s, const char *shell)
+ 	 * Pull in any environment variables that may have
+ 	 * been set by PAM.
+ 	 */
+-	if (options.use_pam) {
++	if (options.use_pam && !options.use_login) {
+ 		char **p;
+ 
+ 		p = fetch_pam_child_environment();

pkgs/tools/networking/openssh/default.nix

@@ -41,8 +41,10 @@ stdenv.mkDerivation rec {
     '';
 
   patches =
-    [ ./locale_archive.patch
+    [
+      ./locale_archive.patch
       ./fix-host-key-algorithms-plus.patch
+      ./CVE-2015-8325.patch
     ]
     ++ optional withGssapiPatches gssapiSrc;
 

pkgs/tools/networking/urlwatch/default.nix

@@ -1,17 +1,17 @@
 { stdenv, fetchurl, python3Packages }:
 
 python3Packages.buildPythonApplication rec {
-  name = "urlwatch-2.0";
+  name = "urlwatch-2.1";
 
   src = fetchurl {
     url = "http://thp.io/2008/urlwatch/${name}.tar.gz";
-    sha256 = "0j38qzw4jxw41vnnpi6j851hqpv8d6p1cbni6cv8r2vqf5307s3b";
+    sha256 = "0xn435cml9wjwk39117p1diqmvw3jbmv9ccr7230iaf7z59vf9v6";
   };
 
   propagatedBuildInputs = with python3Packages; [
-    keyring
     minidb
     pyyaml
+    requests2
   ];
 
   postFixup = ''

pkgs/top-level/all-packages.nix

@@ -13230,6 +13230,8 @@ in
 
   mutt-kz = callPackage ../applications/networking/mailreaders/mutt-kz { };
 
+  neomutt = callPackage ../applications/networking/mailreaders/neomutt { };
+
   notion = callPackage ../applications/window-managers/notion { };
 
   openshift = callPackage ../applications/networking/cluster/openshift { };
@@ -14422,6 +14424,8 @@ in
     w3m = w3m-batch;
   };
 
+  xdgmenumaker = callPackage ../applications/misc/xdgmenumaker { };
+
   xdotool = callPackage ../tools/X11/xdotool { };
 
   xen_4_5_0 = callPackage ../applications/virtualization/xen/4.5.0.nix { stdenv = overrideCC stdenv gcc49; };
@@ -16031,7 +16035,7 @@ in
 
   beep = callPackage ../misc/beep { };
 
-  brgenml1lpr = callPackage ../misc/cups/drivers/brgenml1lpr {};
+  brgenml1lpr = callPackage_i686 ../misc/cups/drivers/brgenml1lpr {};
 
   brgenml1cupswrapper = callPackage ../misc/cups/drivers/brgenml1cupswrapper {};
 

pkgs/top-level/perl-packages.nix

@@ -365,24 +365,24 @@ let self = _self // overrides; _self = with self; {
     name = "Archive-Extract-0.76";
     src = fetchurl {
       url = "mirror://cpan/authors/id/B/BI/BINGOS/${name}.tar.gz";
-      sha256 = "1z2chz7a5q6024h9rmzpq0z53x0jw7983ia5k1yxsih3lw60irws";
+      sha256 = "9ae7080ca70346dd7d9845c581d2e112f4513ec0f7d79c2011c0e0a2ce874cfc";
     };
-    propagatedBuildInputs = [ if_ ];
+    propagatedBuildInputs = [ self."if" ];
     meta = {
       description = "Generic archive extracting mechanism";
-      license = "perl";
+      license = with stdenv.lib.licenses; [ artistic1 gpl1Plus ];
     };
   };
 
-  ArchiveTar = buildPerlPackage {
+  ArchiveTar = buildPerlPackage rec {
     name = "Archive-Tar-2.04";
     src = fetchurl {
-      url = mirror://cpan/authors/id/B/BI/BINGOS/Archive-Tar-2.04.tar.gz;
+      url = "mirror://cpan/authors/id/B/BI/BINGOS/${name}.tar.gz";
       sha256 = "c3741bba06a468a5a4db6a79d772c55cf2f6673cf33241a6e6a758707a71d293";
     };
     meta = {
       description = "Manipulates TAR archives";
-      license = "perl";
+      license = with stdenv.lib.licenses; [ artistic1 gpl1Plus ];
     };
   };
 
@@ -1819,21 +1819,25 @@ let self = _self // overrides; _self = with self; {
       sha256 = "054d0db62df90f22601f2a18fc84e9ca026d81601f5940b2fcc543e39d69b36b";
     };
     buildInputs = [ ModuleBuild ];
-    propagatedBuildInputs = [ParamsClassify];
+    propagatedBuildInputs = [ ParamsClassify self."if" ];
+    meta = {
+      description = "Dynamic class mixing";
+      license = with stdenv.lib.licenses; [ artistic1 gpl1Plus ];
+    };
   };
 
   ClassMOP = Moose;
 
-  ClassReturnValue = buildPerlPackage {
+  ClassReturnValue = buildPerlPackage rec {
     name = "Class-ReturnValue-0.55";
     src = fetchurl {
-      url = mirror://cpan/authors/id/J/JE/JESSE/Class-ReturnValue-0.55.tar.gz;
+      url = "mirror://cpan/authors/id/J/JE/JESSE/${name}.tar.gz";
       sha256 = "ed3836885d78f734ccd7a98550ec422a616df7c31310c1b7b1f6459f5fb0e4bd";
     };
     propagatedBuildInputs = [ DevelStackTrace ];
     meta = {
       description = "A smart return value object";
-      license = "perl";
+      license = with stdenv.lib.licenses; [ artistic1 gpl1Plus ];
     };
   };
 
@@ -2248,16 +2252,16 @@ let self = _self // overrides; _self = with self; {
     };
   };
 
-  CPAN = buildPerlPackage {
+  CPAN = buildPerlPackage rec {
     name = "CPAN-2.10";
     src = fetchurl {
-      url = mirror://cpan/authors/id/A/AN/ANDK/CPAN-2.10.tar.gz;
+      url = "mirror://cpan/authors/id/A/AN/ANDK/${name}.tar.gz";
       sha256 = "090e9e3d9fca83b89341a75c514c7411b743c887743723dbfe80f30d4ee5f3ad";
     };
-    propagatedBuildInputs = [ ArchiveZip CompressBzip2 Expect FileHomeDir FileWhich JSONPP LWP ModuleSignature TermReadKey TextGlob YAML YAMLLibYAML YAMLSyck ];
+    propagatedBuildInputs = [ ArchiveZip CompressBzip2 Expect FileHomeDir FileWhich JSONPP LWP ModuleBuild ModuleSignature TermReadKey TextGlob YAML YAMLLibYAML YAMLSyck ];
     meta = {
       description = "Query, download and build perl modules from CPAN sites";
-      license = "perl";
+      license = with stdenv.lib.licenses; [ artistic1 gpl1Plus ];
     };
   };