Commit Graph

76443 Commits

Author SHA1 Message Date
obadz
66d5edf654 chromium: add nixos module security.chromiumSuidSandbox
Closes #17460

Changed the wrapper derivation to produce a second output containing the sandbox.
Add a launch wrapper to try and locate the sandbox (either in /var/setuid-wrappers or in /nix/store).
This launch wrapper also sheds libredirect.so from LD_PRELOAD as Chromium does not tolerate it.

Does not trigger a Chromium rebuild.

cc @cleverca22 @joachifm @jasom
2016-08-06 10:27:47 +01:00
cmfwyp
41b8c6d5a9
dejavu-fonts: simplify build process
Unicode data and fc-lang are only necessary to generate the status
files and coverage information, which are not used, or indeed even
generated with full-ttf.
2016-08-06 10:24:43 +02:00
cmfwyp
b4c8ea9536
dejavu-fonts: 2.35 -> 2.37
Release 2.36 adds and fixes a number of glyphes, and adds the
Tex Gyre DejaVu Math font, a companion font to DejaVu Serif for
typesetting mathematics.

Release 2.37 fixes an issue with condensed typefaces.

The sources are now fetched from GitHub, since the development was
moved from SourceForge to GitHub.
2016-08-06 10:24:43 +02:00
Frederik Rietdijk
356509ad45 pythonPackages.notebook: 4.2.1 -> 4.2.2 2016-08-06 08:36:59 +02:00
Joachim F
af8b7d3a28 Merge pull request #17526 from RamKromberg/fix/wavpack
wavpack: 4.75.0 -> 4.80.0
2016-08-06 00:59:08 +02:00
Joachim F
dece583a94 Merge pull request #17484 from srp/nixos-container-terminate
nixos-container: add 'terminate' command which 'destroy' now uses
2016-08-05 23:03:38 +02:00
Robin Gloster
fae6264d3a Merge pull request #17533 from wizeman/u/upd-containers
ocamlPackages.containers: 0.16 -> 0.18
2016-08-05 19:15:01 +02:00
Michal Rus
7281740c2e
linux: enable DRM_GMA600 and DRM_GMA3600
Adds basic support for Intel GMA3600/3650 (Intel Cedar Trail) platforms
and support for GMA600 (Intel Moorestown/Oaktrail) platforms with LVDS
ports via the gma500_gfx module.

Resolves #14727 Closes #17519
2016-08-05 19:07:40 +02:00
Robin Gloster
7599964915 Merge pull request #17518 from juliendehos/gtksourceviewmm
gtksourceviewmm: init at 3.18.0
2016-08-05 19:05:10 +02:00
Robin Gloster
19158a60cf Merge pull request #17541 from womfoo/bump/wraith-1.4.7
wraith: 1.4.6 -> 1.4.7, fixes build
2016-08-05 19:04:02 +02:00
Robin Gloster
71606efc71 Merge pull request #17537 from NeQuissimus/ohmyzsh20160801
oh-my-zsh: 2016-07-15 -> 2016-08-01
2016-08-05 19:02:00 +02:00
Kranium Gikos Mendoza
9470b28743 wraith: 1.4.6 -> 1.4.7 2016-08-06 00:05:40 +08:00
Joachim F
b7a4ef1a87 Merge pull request #17492 from k0ral/webkit
webkitgtk: 2.10.4 -> 2.10.9
2016-08-05 16:40:00 +02:00
Tim Steinbach
43fd03a6df oh-my-zsh: 2016-07-15 -> 2016-08-01 2016-08-05 09:53:48 -04:00
Ricardo M. Correia
e5db1995a6 ocamlPackages.containers: 0.16 -> 0.18 2016-08-05 14:35:17 +02:00
Ram Kromberg
76c2988e33 wavpack: 4.75.0 -> 4.80.0 2016-08-05 13:54:56 +03:00
Domen Kožar
1664279f0e Add nix-repl as release blocker
This would have blocked the channel in recent curl bump.
2016-08-05 12:08:44 +02:00
obadz
d6528a1b7f chromium: fixup commit 33557ac
Helps with #17460

@cleverca22 saw calls to SetuidSandboxHost::GetSandboxBinaryPath so we
patch this function instead.

cc @joachifm
2016-08-05 10:55:48 +01:00
Rok Garbas
3823033107 Revert "curl: 7.47.1 -> 7.50.0" (#17528) 2016-08-05 11:03:51 +02:00
Rok Garbas
9c6fccf29a Revert "curl: 7.50.0 -> 7.50.1" (#17525) 2016-08-05 10:52:30 +02:00
Julien Dehos
d46d0c4bb1 gtksourceviewmm: init at 3.18.0 2016-08-05 09:53:45 +02:00
Aneesh Agrawal
5e3eb476f5 neovim: remove unused glib dependency (#17499)
As far as I can tell, neovim has never required glib to build.
The neovim libtermkey does include a demo-glib.c example, but that is
optional.
2016-08-05 09:33:05 +02:00
Kranium Gikos Mendoza
4b62054f4c curl: 7.50.0 -> 7.50.1 (#17486) 2016-08-05 05:00:53 +02:00
Franz Pletz
2d6b7aa545 linux: enable some useful networking options
All options are enabled by default on Debian and some other
distributions, so these should be safe.
2016-08-05 04:07:31 +02:00
Franz Pletz
a3f6ca6d17 collectd: 5.5.1 -> 5.5.2 (security)
Fixes CVE-2016-6254.
2016-08-05 04:07:31 +02:00
Franz Pletz
6cf7e8d2ed libreswan: 3.17 -> 3.18 (security)
Fixes CVE-2016-5391, see

  https://libreswan.org/security/CVE-2016-5391/CVE-2016-5391.txt
2016-08-05 04:07:31 +02:00
Franz Pletz
792f96fbc7 Merge pull request #17489 from mayflower/pkg/gitlab-8-10
gitlab: 8.5.12 -> 8.10.3, update module
2016-08-04 23:35:22 +02:00
Tuomas Tynkkynen
0eb827918d xorg.libpciaccess: Not supported on Darwin
http://hydra.nixos.org/build/38160825/nixlog/1/raw
2016-08-04 23:11:45 +03:00
obadz
33557acb36 chromium: add ability to control which sandbox is used
First step towards addressing #17460

In order to be able to run the SUID sandbox, which is good for security
and required to run Chromium with any kind of reasonable sandboxing when
using grsecurity kernels, we want to be able to control where the
sandbox comes from in the Chromium wrapper. This commit patches the
appropriate bit of source and adds the same old sandbox to the wrapper
(so it should be a no-op)
2016-08-04 20:37:35 +01:00
koral
b3beab9f03 webkitgtk: 2.10.4 -> 2.10.9 2016-08-04 21:18:38 +02:00
Dinnanid
672447f1ad
eclipse-sdk: 4.5.2 -> 4.6 2016-08-04 20:11:08 +02:00
Dinnanid
b78a70ccc8
eclipse-sdk: 4.5.1 -> 4.5.2 2016-08-04 20:11:08 +02:00
obadz
fbea275286 haskellPackages.ghc-mod: remove override as 5.6.0.0 is ghc8 compatible
cc @peti
2016-08-04 17:40:17 +01:00
Brad Ediger
f0f9172017 elm: Constrain aeson-pretty to <0.8 (#17511)
https://github.com/elm-lang/elm-compiler/pull/1431
2016-08-04 18:08:32 +02:00
Thomas Tuegel
9a29551636 Merge branch 'plasma-5.7' 2016-08-04 10:44:43 -05:00
Peter Hoeg
aded8e40c1 startkde: default to breeze instead of plastik on a fresh login 2016-08-04 10:44:25 -05:00
Thomas Tuegel
5b008e30b4 kdeWrapper: avoid excessive file collisions 2016-08-04 10:40:36 -05:00
Peter Simons
2627b09b82 haskell-applicative-quoters: fix build with GHC 8.x 2016-08-04 17:38:44 +02:00
Thomas Tuegel
c291485b74 kde5.breeze-grub: init at 5.7.3 2016-08-04 10:15:32 -05:00
Thomas Tuegel
bed8eb86c6 kde5.breeze-plymouth: init at 5.7.3 2016-08-04 10:00:12 -05:00
Joachim F
4eef7a4ecf Merge pull request #17506 from romildo/upd.tint2
tint2: 0.12.11 -> 0.12.12
2016-08-04 16:54:34 +02:00
Joachim F
18333473bd Merge pull request #17507 from romildo/upd.mate
mate-themes: 3.20.8 -> 3.20.10
2016-08-04 16:54:18 +02:00
Joachim F
6664471d51 Merge pull request #17505 from Mounium/patch-1
flat-plat: Made the theme actually discoverable
2016-08-04 16:50:51 +02:00
Joachim F
5754eec8f6 Merge pull request #15967 from ericbmerritt/fix/nixos-container
nixos-container: fix allow alternative nixos paths
2016-08-04 16:50:05 +02:00
Thomas Tuegel
0184f0e47c kwin: add xwayland input 2016-08-04 09:46:35 -05:00
Thomas Tuegel
29c3fea7b0 kde5.breeze-qt5: add kwayland input 2016-08-04 09:45:54 -05:00
Thomas Tuegel
8117931752 kde5.kscreenlocker: reformat 2016-08-04 09:13:53 -05:00
Eric Merritt
a2feaf6d79 nixos-container: feature add 'config-file' option
This adds a config file option to nixos-container.pl that makes it quite
a bit easier to use.
2016-08-04 07:08:56 -07:00
Eric Merritt
fe8f0dbd53 nixos-container: fix allow alternative nixos paths
This should be completely backwards compatible. It allows the '-f' part
of the nix-env command to be configured. This greatly eases using
nixos-container as part of development where several nixpkgs
repositories might be tested at the same time.
2016-08-04 07:08:05 -07:00
Thomas Tuegel
44f3ad9ebb kde5.kinfocenter: display Wayland and OpenGL info 2016-08-04 09:07:17 -05:00