Commit Graph

18815 Commits

Author SHA1 Message Date
Robert Hensing
3d48fa72d3 elm-github-install: init at 1.0.1 2017-06-30 10:22:18 +02:00
Profpatsch
da012dda01 adbfs-rootless: init at 2016-10-02 2017-06-29 08:44:43 +02:00
Tim Steinbach
4cc729644e Merge pull request #26867 from michalpalka/xen-security-2017.06-new
xen: patch for XSAs: 216, 217, 218, 219, 220, 221, 222, and 224
2017-06-28 22:43:46 -04:00
Tim Steinbach
db17c508ef Merge pull request #26915 from diegs/terraform
terraform: 0.9.6 -> 0.9.9.
2017-06-28 22:39:18 -04:00
Jörg Thalheim
7642a76c1a Merge pull request #26926 from dotlambda/master
dmensamenu: init at 1.0.0
2017-06-29 00:29:18 +01:00
Jörg Thalheim
d0a9189a03 Merge pull request #26941 from volth/certstrap-1.0.1
certstrap: init at 1.0.1
2017-06-28 23:34:10 +01:00
Volth
8797e3edd2 certstrap: init at 1.0.1 2017-06-28 21:16:38 +00:00
Shea Levy
24c59a4452 neuron: enable GUI 2017-06-28 11:59:54 -04:00
Domen Kožar
5015dea12a
stack2nix: depend on stack binary as well 2017-06-28 16:35:08 +02:00
Domen Kožar
8de4530b4a
Add static binary for stack2nix 2017-06-28 16:21:42 +02:00
Jörg Thalheim
cc63c5d32c bench: add static executable from haskellPackages 2017-06-28 14:42:54 +01:00
Pascal Wittmann
3dea2941e0 Merge pull request #26712 from gnidorah/master2
nas: init at 1.9.4
2017-06-28 15:20:23 +02:00
Frederik Rietdijk
8a62a9b064 Merge pull request #26125 from volth/webkitgtk-naming
rename webkitgtk24x⇒webkitgtk24x-gtk3; webkitgtk2⇒webkitgtk24x-gtk2
2017-06-28 13:54:38 +02:00
gnidorah
69aa5f5540 nas: init at 1.9.4 2017-06-28 14:13:20 +03:00
Robert Schütz
1a7745d6ec dmensamenu: init at 1.0.0 2017-06-28 11:43:39 +02:00
Diego Pontoriero
5b90fa0151
terraform: 0.9.6 -> 0.9.9. 2017-06-27 15:04:11 -07:00
Shea Levy
4d2597981d Partially revert "terraform: 0.9.4 -> 0.9.6."
Terraform point releases are significant changes, we need to keep old ones around

This reverts commit 6a27b46dee.
2017-06-27 16:26:07 -04:00
Joachim F
2c30e5e754 Merge pull request #25441 from Hodapp87/draftsight
draftsight: init at 2017-SP1
2017-06-27 21:04:30 +01:00
leenaars
10126e13ef openpa: init at 1.0.4 (#26033) 2017-06-27 20:52:23 +01:00
Joachim F
767a8b2e9a Merge pull request #26073 from florianjacob/piwik-package
piwik & piwik service: init at 3.0.4
2017-06-27 20:51:16 +01:00
Trevor Joynson
068341b1c7 iptstate: init at 2.2.6 (#26878)
* Add iptstate package

* iptstate: nit pick
2017-06-27 18:27:13 +01:00
Daiderd Jordan
5740c9e0e1 Merge pull request #26772 from robx/fix-v8
v8_3_16_14: fix OS X build by passing deployment version
2017-06-27 18:31:28 +02:00
Daniel Peebles
2dc0eaf0f1 Merge pull request #26797 from LnL7/erlang-versions
erlang: remove erlangR16 and all versioned variants from all-packages
2017-06-26 16:04:28 -04:00
Daiderd Jordan
1389f28cd0 Merge pull request #26804 from LnL7/erlangR19
erlang: change default to R19
2017-06-26 22:00:03 +02:00
Robert Vollmert
c3da83cd40 v8_3_16_14: fix OS X build
Issues addressed:
- xcode build failed with
    ... was built for newer OSX version (10.10) than being linked (10.5)
  fixed by setting GYP mac deployment target to the nix value
- a gyp bug when SDKROOT is not set (and removed an orphaned gyp patch
- path to python in generated gyp-mac-tool
- noisy build due to static assert warnings, by silencing warnings
- use of system xcodebuild and libtool replaced by darwin.cctools
2017-06-26 21:28:43 +02:00
Vincent Laporte
ac83ef3994 glsurf: 3.3 -> 3.3.1 2017-06-26 19:24:33 +02:00
Michał Pałka
80e0cda7ff xen: patch for XSAs: 216, 217, 218, 219, 220, 221, 222, and 224
XSA-216 Issue Description:

> The block interface response structure has some discontiguous fields.
> Certain backends populate the structure fields of an otherwise
> uninitialized instance of this structure on their stacks, leaking
> data through the (internal or trailing) padding field.

More: https://xenbits.xen.org/xsa/advisory-216.html

XSA-217 Issue Description:

> Domains controlling other domains are permitted to map pages owned by
> the domain being controlled.  If the controlling domain unmaps such a
> page without flushing the TLB, and if soon after the domain being
> controlled transfers this page to another PV domain (via
> GNTTABOP_transfer or, indirectly, XENMEM_exchange), and that third
> domain uses the page as a page table, the controlling domain will have
> write access to a live page table until the applicable TLB entry is
> flushed or evicted.  Note that the domain being controlled is
> necessarily HVM, while the controlling domain is PV.

More: https://xenbits.xen.org/xsa/advisory-217.html

XSA-218 Issue Description:

> We have discovered two bugs in the code unmapping grant references.
>
> * When a grant had been mapped twice by a backend domain, and then
> unmapped by two concurrent unmap calls, the frontend may be informed
> that the page had no further mappings when the first call completed rather
> than when the second call completed.
>
> * A race triggerable by an unprivileged guest could cause a grant
> maptrack entry for grants to be "freed" twice.  The ultimate effect of
> this would be for maptrack entries for a single domain to be re-used.

More: https://xenbits.xen.org/xsa/advisory-218.html

XSA-219 Issue Description:

> When using shadow paging, writes to guest pagetables must be trapped and
> emulated, so the shadows can be suitably adjusted as well.
>
> When emulating the write, Xen maps the guests pagetable(s) to make the final
> adjustment and leave the guest's view of its state consistent.
>
> However, when mapping the frame, Xen drops the page reference before
> performing the write.  This is a race window where the underlying frame can
> change ownership.
>
> One possible attack scenario is for the frame to change ownership and to be
> inserted into a PV guest's pagetables.  At that point, the emulated write will
> be an unaudited modification to the PV pagetables whose value is under guest
> control.

More: https://xenbits.xen.org/xsa/advisory-219.html

XSA-220 Issue Description:

> Memory Protection Extensions (MPX) and Protection Key (PKU) are features in
> newer processors, whose state is intended to be per-thread and context
> switched along with all other XSAVE state.
>
> Xen's vCPU context switch code would save and restore the state only
> if the guest had set the relevant XSTATE enable bits.  However,
> surprisingly, the use of these features is not dependent (PKU) or may
> not be dependent (MPX) on having the relevant XSTATE bits enabled.
>
> VMs which use MPX or PKU, and context switch the state manually rather
> than via XSAVE, will have the state leak between vCPUs (possibly,
> between vCPUs in different guests).  This in turn corrupts state in
> the destination vCPU, and hence may lead to weakened protections
>
> Experimentally, MPX appears not to make any interaction with BND*
> state if BNDCFGS.EN is set but XCR0.BND{CSR,REGS} are clear.  However,
> the SDM is not clear in this case; therefore MPX is included in this
> advisory as a precaution.

More: https://xenbits.xen.org/xsa/advisory-220.html

XSA-221 Issue Description:

> When polling event channels, in general arbitrary port numbers can be
> specified.  Specifically, there is no requirement that a polled event
> channel ports has ever been created.  When the code was generalised
> from an earlier implementation, introducing some intermediate
> pointers, a check should have been made that these intermediate
> pointers are non-NULL.  However, that check was omitted.

More: https://xenbits.xen.org/xsa/advisory-221.html

XSA-222 Issue Description:

> Certain actions require removing pages from a guest's P2M
> (Physical-to-Machine) mapping.  When large pages are in use to map
> guest pages in the 2nd-stage page tables, such a removal operation may
> incur a memory allocation (to replace a large mapping with individual
> smaller ones).  If this allocation fails, these errors are ignored by
> the callers, which would then continue and (for example) free the
> referenced page for reuse.  This leaves the guest with a mapping to a
> page it shouldn't have access to.
>
> The allocation involved comes from a separate pool of memory created
> when the domain is created; under normal operating conditions it never
> fails, but a malicious guest may be able to engineer situations where
> this pool is exhausted.

More: https://xenbits.xen.org/xsa/advisory-222.html

XSA-224 Issue Description:

> We have discovered a number of bugs in the code mapping and unmapping
> grant references.
>
> * If a grant is mapped with both the GNTMAP_device_map and
> GNTMAP_host_map flags, but unmapped only with host_map, the device_map
> portion remains but the page reference counts are lowered as though it
> had been removed. This bug can be leveraged cause a page's reference
> counts and type counts to fall to zero while retaining writeable
> mappings to the page.
>
> * Under some specific conditions, if a grant is mapped with both the
> GNTMAP_device_map and GNTMAP_host_map flags, the operation may not
> grab sufficient type counts.  When the grant is then unmapped, the
> type count will be erroneously reduced.  This bug can be leveraged
> cause a page's reference counts and type counts to fall to zero while
> retaining writeable mappings to the page.
>
> * When a grant reference is given to an MMIO region (as opposed to a
> normal guest page), if the grant is mapped with only the
> GNTMAP_device_map flag set, a mapping is created at host_addr anyway.
> This does *not* cause reference counts to change, but there will be no
> record of this mapping, so it will not be considered when reporting
> whether the grant is still in use.

More: https://xenbits.xen.org/xsa/advisory-224.html
2017-06-26 07:01:24 +00:00
Bas van Dijk
35e5719fe9 elasticsearch: 5.4.0 -> 5.4.2 2017-06-26 08:47:28 +02:00
Franz Pletz
1a7f330335
burp_1_3: remove 2017-06-26 03:48:41 +02:00
AndersonTorres
0e14a8621d mpv: eliminate config.mpv options
Removing all `config.mpv.*` options will improve readability. MPV has many
configurable options, and using the config approach is prone to confusion and
unnecessary code duplication. If needed, the user can `override` the relevant
variables in the function itself, so no functionality is lost.

Closes issue #26786
2017-06-26 02:51:09 +02:00
Jörg Thalheim
239920d745 Merge pull request #26831 from volth/plv8-init-2.0.3
plv8: init at 2.0.3
2017-06-25 18:20:37 +01:00
Jörg Thalheim
a93225fc6c Merge pull request #26835 from unaizalakain/init_qgo
qgo: init at unstable-2016-06-23
2017-06-25 12:05:32 +01:00
Jörg Thalheim
7a10cc84a0 rustRegistry: switch to mkDerivation
fixes #26582
2017-06-25 11:56:29 +01:00
tilpner
c610f99d8f Expose custom Rust registry versions
This allows users to specify a custom registry src,
because currently every packager would need to create
an outdated Cargo.lock just to be compatible with the
probably outdated rustRegistry in nixpkgs.

Currently there is no easy way to convince cargo to
do that, so this makes that workaround unnecessary.
2017-06-25 11:56:15 +01:00
Jörg Thalheim
46427b77f4 Merge pull request #26690 from DIzFer/telegram-update
tdesktop: 1.0.27 -> 1.1.7
2017-06-25 11:37:21 +01:00
Unai Zalakain
6e52efe9eb
qgo: init at unstable-2016-06-23 2017-06-25 12:29:18 +02:00
Jörg Thalheim
3913522a41 Merge pull request #26828 from rvolosatovs/init/mopidy-local-images
mopidy-local-images: init at 1.0.0
2017-06-25 08:39:56 +01:00
Volth
60e19e7393 plv8: init at 2.0.3 2017-06-25 01:20:51 +00:00
Volth
649a036dcc nailgun: init at 0.9.1 2017-06-25 01:08:09 +00:00
Roman Volosatovs
4ebaed854f
mopidy-local-images: init at 1.0.0 2017-06-25 00:26:02 +02:00
Thomas Tuegel
1593bd2423 Merge pull request #26817 from ttuegel/qt-5.9
Qt 5.9
2017-06-24 15:19:36 -05:00
Jörg Thalheim
09704d35f2 Merge pull request #26762 from dtzWill/update/creduce
creduce: 2.6.0 -> 2.7.0, now uses LLVM 4
2017-06-24 19:59:30 +01:00
Jörg Thalheim
8f9d3bfddb Merge pull request #26594 from jchildren/master
antlr4_7: init at 4.7
2017-06-24 18:55:08 +01:00
Samuel Leathers
5d7fd7e7fa mailhog: init at 1.0.0 (#26821)
* mailhog: init at 1.0.0

* formatting nitpicks
2017-06-24 17:05:34 +01:00
Thomas Tuegel
22b10bac78
qt5: 5.8.0 -> 5.9.0
Qt 5.8 is immediately removed because its support window is ended.

The qtlocation module is built with `enableParallelBuilding = false` so that the
clipper library will be built before the components which link to it.

kjs now depends directly on pcre. The dependency was previously propagated from
qtbase, which now depends on pcre2.
2017-06-24 07:43:57 -05:00
Peter Hoeg
276adb96fa heimdall: 1.4.1 -> 1.4.2 2017-06-24 12:49:11 +08:00
Daiderd Jordan
dc1ae6f18d
erlang: use R18 for packages that don't work with R19 2017-06-24 01:52:31 +02:00
aszlig
06271b6eba
krita: Fix build dependencies
First of all, we need a newer version of Vc, because at least version
1.1.0 is required for Krita 3.1.3.

Also, qtmultimedia and qtx11extras were missing.

Built and tested successfully on my machine.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @abbradar
2017-06-23 22:15:05 +02:00
Daiderd Jordan
0fafa0d7d7
erlang: remove erlangR16 and all versioned variants from all-packages
Fixes #24047

All of the variants are still available in the beam.interpreters attrset.
2017-06-23 19:58:05 +02:00
Daiderd Jordan
b0b5911fc1 Merge pull request #26764 from mdaiter/erlangR20
erlangR20: init
2017-06-23 19:37:49 +02:00