obadz
66d5edf654
chromium: add nixos module security.chromiumSuidSandbox
...
Closes #17460
Changed the wrapper derivation to produce a second output containing the sandbox.
Add a launch wrapper to try and locate the sandbox (either in /var/setuid-wrappers or in /nix/store).
This launch wrapper also sheds libredirect.so from LD_PRELOAD as Chromium does not tolerate it.
Does not trigger a Chromium rebuild.
cc @cleverca22 @joachifm @jasom
2016-08-06 10:27:47 +01:00
cmfwyp
41b8c6d5a9
dejavu-fonts: simplify build process
...
Unicode data and fc-lang are only necessary to generate the status
files and coverage information, which are not used, or indeed even
generated with full-ttf.
2016-08-06 10:24:43 +02:00
cmfwyp
b4c8ea9536
dejavu-fonts: 2.35 -> 2.37
...
Release 2.36 adds and fixes a number of glyphes, and adds the
Tex Gyre DejaVu Math font, a companion font to DejaVu Serif for
typesetting mathematics.
Release 2.37 fixes an issue with condensed typefaces.
The sources are now fetched from GitHub, since the development was
moved from SourceForge to GitHub.
2016-08-06 10:24:43 +02:00
Frederik Rietdijk
356509ad45
pythonPackages.notebook: 4.2.1 -> 4.2.2
2016-08-06 08:36:59 +02:00
Joachim F
af8b7d3a28
Merge pull request #17526 from RamKromberg/fix/wavpack
...
wavpack: 4.75.0 -> 4.80.0
2016-08-06 00:59:08 +02:00
Joachim F
dece583a94
Merge pull request #17484 from srp/nixos-container-terminate
...
nixos-container: add 'terminate' command which 'destroy' now uses
2016-08-05 23:03:38 +02:00
Robin Gloster
fae6264d3a
Merge pull request #17533 from wizeman/u/upd-containers
...
ocamlPackages.containers: 0.16 -> 0.18
2016-08-05 19:15:01 +02:00
Michal Rus
7281740c2e
linux: enable DRM_GMA600 and DRM_GMA3600
...
Adds basic support for Intel GMA3600/3650 (Intel Cedar Trail) platforms
and support for GMA600 (Intel Moorestown/Oaktrail) platforms with LVDS
ports via the gma500_gfx module.
Resolves #14727 Closes #17519
2016-08-05 19:07:40 +02:00
Robin Gloster
7599964915
Merge pull request #17518 from juliendehos/gtksourceviewmm
...
gtksourceviewmm: init at 3.18.0
2016-08-05 19:05:10 +02:00
Robin Gloster
19158a60cf
Merge pull request #17541 from womfoo/bump/wraith-1.4.7
...
wraith: 1.4.6 -> 1.4.7, fixes build
2016-08-05 19:04:02 +02:00
Robin Gloster
71606efc71
Merge pull request #17537 from NeQuissimus/ohmyzsh20160801
...
oh-my-zsh: 2016-07-15 -> 2016-08-01
2016-08-05 19:02:00 +02:00
Kranium Gikos Mendoza
9470b28743
wraith: 1.4.6 -> 1.4.7
2016-08-06 00:05:40 +08:00
Joachim F
b7a4ef1a87
Merge pull request #17492 from k0ral/webkit
...
webkitgtk: 2.10.4 -> 2.10.9
2016-08-05 16:40:00 +02:00
Tim Steinbach
43fd03a6df
oh-my-zsh: 2016-07-15 -> 2016-08-01
2016-08-05 09:53:48 -04:00
Ricardo M. Correia
e5db1995a6
ocamlPackages.containers: 0.16 -> 0.18
2016-08-05 14:35:17 +02:00
Ram Kromberg
76c2988e33
wavpack: 4.75.0 -> 4.80.0
2016-08-05 13:54:56 +03:00
Domen Kožar
1664279f0e
Add nix-repl as release blocker
...
This would have blocked the channel in recent curl bump.
2016-08-05 12:08:44 +02:00
obadz
d6528a1b7f
chromium: fixup commit 33557ac
...
Helps with #17460
@cleverca22 saw calls to SetuidSandboxHost::GetSandboxBinaryPath so we
patch this function instead.
cc @joachifm
2016-08-05 10:55:48 +01:00
Rok Garbas
3823033107
Revert "curl: 7.47.1 -> 7.50.0" ( #17528 )
2016-08-05 11:03:51 +02:00
Rok Garbas
9c6fccf29a
Revert "curl: 7.50.0 -> 7.50.1" ( #17525 )
2016-08-05 10:52:30 +02:00
Julien Dehos
d46d0c4bb1
gtksourceviewmm: init at 3.18.0
2016-08-05 09:53:45 +02:00
Aneesh Agrawal
5e3eb476f5
neovim: remove unused glib dependency ( #17499 )
...
As far as I can tell, neovim has never required glib to build.
The neovim libtermkey does include a demo-glib.c example, but that is
optional.
2016-08-05 09:33:05 +02:00
Kranium Gikos Mendoza
4b62054f4c
curl: 7.50.0 -> 7.50.1 ( #17486 )
2016-08-05 05:00:53 +02:00
Franz Pletz
2d6b7aa545
linux: enable some useful networking options
...
All options are enabled by default on Debian and some other
distributions, so these should be safe.
2016-08-05 04:07:31 +02:00
Franz Pletz
a3f6ca6d17
collectd: 5.5.1 -> 5.5.2 (security)
...
Fixes CVE-2016-6254.
2016-08-05 04:07:31 +02:00
Franz Pletz
6cf7e8d2ed
libreswan: 3.17 -> 3.18 (security)
...
Fixes CVE-2016-5391, see
https://libreswan.org/security/CVE-2016-5391/CVE-2016-5391.txt
2016-08-05 04:07:31 +02:00
Franz Pletz
792f96fbc7
Merge pull request #17489 from mayflower/pkg/gitlab-8-10
...
gitlab: 8.5.12 -> 8.10.3, update module
2016-08-04 23:35:22 +02:00
Tuomas Tynkkynen
0eb827918d
xorg.libpciaccess: Not supported on Darwin
...
http://hydra.nixos.org/build/38160825/nixlog/1/raw
2016-08-04 23:11:45 +03:00
obadz
33557acb36
chromium: add ability to control which sandbox is used
...
First step towards addressing #17460
In order to be able to run the SUID sandbox, which is good for security
and required to run Chromium with any kind of reasonable sandboxing when
using grsecurity kernels, we want to be able to control where the
sandbox comes from in the Chromium wrapper. This commit patches the
appropriate bit of source and adds the same old sandbox to the wrapper
(so it should be a no-op)
2016-08-04 20:37:35 +01:00
koral
b3beab9f03
webkitgtk: 2.10.4 -> 2.10.9
2016-08-04 21:18:38 +02:00
Dinnanid
672447f1ad
eclipse-sdk: 4.5.2 -> 4.6
2016-08-04 20:11:08 +02:00
Dinnanid
b78a70ccc8
eclipse-sdk: 4.5.1 -> 4.5.2
2016-08-04 20:11:08 +02:00
obadz
fbea275286
haskellPackages.ghc-mod: remove override as 5.6.0.0 is ghc8 compatible
...
cc @peti
2016-08-04 17:40:17 +01:00
Brad Ediger
f0f9172017
elm: Constrain aeson-pretty to <0.8 ( #17511 )
...
https://github.com/elm-lang/elm-compiler/pull/1431
2016-08-04 18:08:32 +02:00
Thomas Tuegel
9a29551636
Merge branch 'plasma-5.7'
2016-08-04 10:44:43 -05:00
Peter Hoeg
aded8e40c1
startkde: default to breeze instead of plastik on a fresh login
2016-08-04 10:44:25 -05:00
Thomas Tuegel
5b008e30b4
kdeWrapper: avoid excessive file collisions
2016-08-04 10:40:36 -05:00
Peter Simons
2627b09b82
haskell-applicative-quoters: fix build with GHC 8.x
2016-08-04 17:38:44 +02:00
Thomas Tuegel
c291485b74
kde5.breeze-grub: init at 5.7.3
2016-08-04 10:15:32 -05:00
Thomas Tuegel
bed8eb86c6
kde5.breeze-plymouth: init at 5.7.3
2016-08-04 10:00:12 -05:00
Joachim F
4eef7a4ecf
Merge pull request #17506 from romildo/upd.tint2
...
tint2: 0.12.11 -> 0.12.12
2016-08-04 16:54:34 +02:00
Joachim F
18333473bd
Merge pull request #17507 from romildo/upd.mate
...
mate-themes: 3.20.8 -> 3.20.10
2016-08-04 16:54:18 +02:00
Joachim F
6664471d51
Merge pull request #17505 from Mounium/patch-1
...
flat-plat: Made the theme actually discoverable
2016-08-04 16:50:51 +02:00
Joachim F
5754eec8f6
Merge pull request #15967 from ericbmerritt/fix/nixos-container
...
nixos-container: fix allow alternative nixos paths
2016-08-04 16:50:05 +02:00
Thomas Tuegel
0184f0e47c
kwin: add xwayland input
2016-08-04 09:46:35 -05:00
Thomas Tuegel
29c3fea7b0
kde5.breeze-qt5: add kwayland input
2016-08-04 09:45:54 -05:00
Thomas Tuegel
8117931752
kde5.kscreenlocker: reformat
2016-08-04 09:13:53 -05:00
Eric Merritt
a2feaf6d79
nixos-container: feature add 'config-file' option
...
This adds a config file option to nixos-container.pl that makes it quite
a bit easier to use.
2016-08-04 07:08:56 -07:00
Eric Merritt
fe8f0dbd53
nixos-container: fix allow alternative nixos paths
...
This should be completely backwards compatible. It allows the '-f' part
of the nix-env command to be configured. This greatly eases using
nixos-container as part of development where several nixpkgs
repositories might be tested at the same time.
2016-08-04 07:08:05 -07:00
Thomas Tuegel
44f3ad9ebb
kde5.kinfocenter: display Wayland and OpenGL info
2016-08-04 09:07:17 -05:00