Merge master into staging

There are larger-rebuild changes: gnutls and samba.
author: Vladimír Čunát <vcunat@gmail.com> 2015-07-17 06:37:13 +0200
committer: Vladimír Čunát <vcunat@gmail.com> 2015-07-17 06:38:04 +0200
commit: 9f37e91ec502b68e7a8ebc71b7bf37ad02092a0c (patch)
tree: 946e5c7626f668079bcf35caf203a52c5d33f3c7 /pkgs/development
parent: cf8309ef34b9ec18bc9aeca9e63f984e1be19b56 (diff)
parent: 967abfc78660d0e49a32eac8fe19cec4b6b79d5c (diff)
download: nixpkgs-9f37e91ec502b68e7a8ebc71b7bf37ad02092a0c.tar
nixpkgs-9f37e91ec502b68e7a8ebc71b7bf37ad02092a0c.tar.gz
nixpkgs-9f37e91ec502b68e7a8ebc71b7bf37ad02092a0c.tar.bz2
nixpkgs-9f37e91ec502b68e7a8ebc71b7bf37ad02092a0c.tar.lz
nixpkgs-9f37e91ec502b68e7a8ebc71b7bf37ad02092a0c.tar.xz
nixpkgs-9f37e91ec502b68e7a8ebc71b7bf37ad02092a0c.tar.zst
nixpkgs-9f37e91ec502b68e7a8ebc71b7bf37ad02092a0c.zip
13 files changed, 266 insertions, 30 deletions
diff --git a/pkgs/development/haskell-modules/hackage-packages.nix b/pkgs/development/haskell-modules/hackage-packages.nix
index c62f9071c5f..86a98e6f3f4 100644
--- a/pkgs/development/haskell-modules/hackage-packages.nix
+++ b/pkgs/development/haskell-modules/hackage-packages.nix
@@ -121097,8 +121097,8 @@ self: {
      }:
      mkDerivation {
        pname = "stripe-haskell";
-       version = "0.1.4.0";
-       sha256 = "09s699h2b641bakcgf3f2cwdqb4qb37b4y31vpcq3k8pkbmhy8sf";
+       version = "0.1.4.1";
+       sha256 = "a0ffc70616d4eb86a9e0e0fcb1751cc48f3b6f618d07cf2bb96090276d64d218";
        buildDepends = [
          aeson base bytestring either HsOpenSSL http-streams io-streams mtl
          random text time transformers unordered-containers
diff --git a/pkgs/development/libraries/ffmpeg-full/default.nix b/pkgs/development/libraries/ffmpeg-full/default.nix
index 7d108ba81ef..555576d3a36 100644
--- a/pkgs/development/libraries/ffmpeg-full/default.nix
+++ b/pkgs/development/libraries/ffmpeg-full/default.nix
@@ -231,11 +231,11 @@ assert x11grabExtlib -> libX11 != null && libXv != null;
 
 stdenv.mkDerivation rec {
   name = "ffmpeg-${version}";
-  version = "2.6.3";
+  version = "2.7.1";
 
   src = fetchurl {
     url = "https://www.ffmpeg.org/releases/${name}.tar.bz2";
-    sha256 = "1yqc3vm1xrwf866q262qd4nr9d6ifp4gg183pjdc4sl9np0rissr";
+    sha256 = "087pyx1wxvniq3wgj6z80wrb7ampwwsmwndmr7lymzhm4iyvj1vy";
   };
 
   patchPhase = ''patchShebangs .'';
diff --git a/pkgs/development/libraries/ffmpeg/2.7.nix b/pkgs/development/libraries/ffmpeg/2.7.nix
new file mode 100644
index 00000000000..3e4708fdf46
--- /dev/null
+++ b/pkgs/development/libraries/ffmpeg/2.7.nix
@@ -0,0 +1,7 @@
+{ callPackage, ... } @ args:
+
+callPackage ./generic.nix (args // rec {
+  version = "${branch}.1";
+  branch = "2.7";
+  sha256 = "087pyx1wxvniq3wgj6z80wrb7ampwwsmwndmr7lymzhm4iyvj1vy";
+})
diff --git a/pkgs/development/libraries/gnutls/3.3.nix b/pkgs/development/libraries/gnutls/3.3.nix
index a2c04506a6c..bd95ce07254 100644
--- a/pkgs/development/libraries/gnutls/3.3.nix
+++ b/pkgs/development/libraries/gnutls/3.3.nix
@@ -1,10 +1,10 @@
 { callPackage, fetchurl, ... } @ args:
 
 callPackage ./generic.nix (args // rec {
-  version = "3.3.15";
+  version = "3.3.16";
 
   src = fetchurl {
     url = "ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-${version}.tar.lz";
-    sha256 = "166nynb055vlh6dm1gaqwpcnf4mp7ks8lz2yvm7dlsrkbh3swj5m";
+    sha256 = "1jl5n02mh83ygrrk7rq8vwylv5gdr3wccqs1ynvzr749fd2wq637";
   };
 })
diff --git a/pkgs/development/libraries/gnutls/3.4.nix b/pkgs/development/libraries/gnutls/3.4.nix
index 614834252fa..0558e4127c4 100644
--- a/pkgs/development/libraries/gnutls/3.4.nix
+++ b/pkgs/development/libraries/gnutls/3.4.nix
@@ -1,10 +1,10 @@
 { callPackage, fetchurl, ... } @ args:
 
 callPackage ./generic.nix (args // rec {
-  version = "3.4.2";
+  version = "3.4.3";
 
   src = fetchurl {
     url = "ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/gnutls-${version}.tar.lz";
-    sha256 = "1wzasbrs4ncq4yisqyvifl7mzlyyg1pb0idr4fhjmcfpi13sxlaw";
+    sha256 = "1q4adb1xi9pl00iy3cqs4r1qmwllv1g1r44p6xsg6n65dpyf53q2";
   };
 })
diff --git a/pkgs/development/libraries/libinput/default.nix b/pkgs/development/libraries/libinput/default.nix
index 28880a3ac68..f02b0af8270 100644
--- a/pkgs/development/libraries/libinput/default.nix
+++ b/pkgs/development/libraries/libinput/default.nix
@@ -15,11 +15,11 @@ in
 
 with stdenv.lib;
 stdenv.mkDerivation rec {
-  name = "libinput-0.17.0";
+  name = "libinput-0.20.0";
 
   src = fetchurl {
     url = "http://www.freedesktop.org/software/libinput/${name}.tar.xz";
-    sha256 = "1nr8zg99hk6lz2g2kdvlz13i7cwvrsakakrn3c1w2id7wcxj9nxp";
+    sha256 = "0p8jswag33qjjxd8766hzk460bzhzhw32b6hl2i17aygjz7dynqp";
   };
 
   configureFlags = [
diff --git a/pkgs/development/libraries/libwmf/CVE-2006-3376.patch b/pkgs/development/libraries/libwmf/CVE-2006-3376.patch
new file mode 100644
index 00000000000..4c7519d9c10
--- /dev/null
+++ b/pkgs/development/libraries/libwmf/CVE-2006-3376.patch
@@ -0,0 +1,28 @@
+--- libwmf-0.2.8.4.orig/src/player.c
++++ libwmf-0.2.8.4/src/player.c
+@@ -23,6 +23,7 @@
+ 
+ #include <stdio.h>
+ #include <stdlib.h>
++#include <stdint.h>
+ #include <string.h>
+ #include <math.h>
+ 
+@@ -132,8 +133,14 @@
+ 		}
+ 	}
+ 
+-/*	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char));
+- */	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)  ) * 2 * sizeof (unsigned char));
++	if (MAX_REC_SIZE(API) > UINT32_MAX / 2)
++	{
++		API->err = wmf_E_InsMem;
++		WMF_DEBUG (API,"bailing...");
++		return (API->err);
++	}
++
++ 	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)  ) * 2 * sizeof (unsigned char));
+ 
+ 	if (ERR (API))
+ 	{	WMF_DEBUG (API,"bailing...");
+
diff --git a/pkgs/development/libraries/libwmf/CVE-2009-1364.patch b/pkgs/development/libraries/libwmf/CVE-2009-1364.patch
new file mode 100644
index 00000000000..e2a4501662c
--- /dev/null
+++ b/pkgs/development/libraries/libwmf/CVE-2009-1364.patch
@@ -0,0 +1,11 @@
+--- libwmf-0.2.8.4.orig/src/extra/gd/gd_clip.c
++++ libwmf-0.2.8.4/src/extra/gd/gd_clip.c
+@@ -70,6 +70,7 @@
+ 	{	more = gdRealloc (im->clip->list,(im->clip->max + 8) * sizeof (gdClipRectangle));
+ 		if (more == 0) return;
+ 		im->clip->max += 8;
++		im->clip->list = more;
+ 	}
+ 	im->clip->list[im->clip->count] = (*rect);
+ 	im->clip->count++;
+
diff --git a/pkgs/development/libraries/libwmf/CVE-2015-0848+4588+4695+4696.patch b/pkgs/development/libraries/libwmf/CVE-2015-0848+4588+4695+4696.patch
new file mode 100644
index 00000000000..54d47800298
--- /dev/null
+++ b/pkgs/development/libraries/libwmf/CVE-2015-0848+4588+4695+4696.patch
@@ -0,0 +1,186 @@
+--- libwmf-0.2.8.4.orig/src/player/meta.h
++++ libwmf-0.2.8.4/src/player/meta.h
+@@ -1565,7 +1565,7 @@ static int meta_rgn_create (wmfAPI* API,
+ 	objects = P->objects;
+ 
+ 	i = 0;
+-	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
++	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
+ 
+ 	if (i == NUM_OBJECTS (API))
+ 	{	WMF_ERROR (API,"Object out of range!");
+@@ -2142,7 +2142,7 @@ static int meta_dib_brush (wmfAPI* API,w
+ 	objects = P->objects;
+ 
+ 	i = 0;
+-	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
++	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
+ 
+ 	if (i == NUM_OBJECTS (API))
+ 	{	WMF_ERROR (API,"Object out of range!");
+@@ -2593,9 +2593,10 @@ static int meta_dc_restore (wmfAPI* API,
+ 		polyrect.BR = 0;
+ 
+ 		polyrect.count = 0;
++	
++		if (FR->region_clip) FR->region_clip (API,&polyrect);
+ 	}
+ 
+-	if (FR->region_clip) FR->region_clip (API,&polyrect);
+ 
+ 	return (changed);
+ }
+@@ -3067,7 +3068,7 @@ static int meta_pen_create (wmfAPI* API,
+ 	objects = P->objects;
+ 
+ 	i = 0;
+-	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
++	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
+ 
+ 	if (i == NUM_OBJECTS (API))
+ 	{	WMF_ERROR (API,"Object out of range!");
+@@ -3181,7 +3182,7 @@ static int meta_brush_create (wmfAPI* AP
+ 	objects = P->objects;
+ 
+ 	i = 0;
+-	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
++	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
+ 
+ 	if (i == NUM_OBJECTS (API))
+ 	{	WMF_ERROR (API,"Object out of range!");
+@@ -3288,7 +3289,7 @@ static int meta_font_create (wmfAPI* API
+ 	objects = P->objects;
+ 
+ 	i = 0;
+-	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
++	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
+ 
+ 	if (i == NUM_OBJECTS (API))
+ 	{	WMF_ERROR (API,"Object out of range!");
+@@ -3396,7 +3397,7 @@ static int meta_palette_create (wmfAPI*
+ 	objects = P->objects;
+ 
+ 	i = 0;
+-	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
++	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
+ 
+ 	if (i == NUM_OBJECTS (API))
+ 	{	WMF_ERROR (API,"Object out of range!");
+--- libwmf-0.2.8.4.orig/src/ipa/ipa.h
++++ libwmf-0.2.8.4/src/ipa/ipa.h
+@@ -48,7 +48,7 @@ static int            ReadBlobByte (BMPS
+ static unsigned short ReadBlobLSBShort (BMPSource*);
+ static unsigned long  ReadBlobLSBLong (BMPSource*);
+ static long           TellBlob (BMPSource*);
+-static void           DecodeImage (wmfAPI*,wmfBMP*,BMPSource*,unsigned int,unsigned char*);
++static int            DecodeImage (wmfAPI*,wmfBMP*,BMPSource*,unsigned int,unsigned char*);
+ static void           ReadBMPImage (wmfAPI*,wmfBMP*,BMPSource*);
+ static int            ExtractColor (wmfAPI*,wmfBMP*,wmfRGB*,unsigned int,unsigned int);
+ static void           SetColor (wmfAPI*,wmfBMP*,wmfRGB*,unsigned char,unsigned int,unsigned int);
+--- libwmf-0.2.8.4.orig/src/ipa/ipa/bmp.h
++++ libwmf-0.2.8.4/src/ipa/ipa/bmp.h
+@@ -859,7 +859,7 @@ static long TellBlob (BMPSource* src)
+ %
+ %
+ */
+-static void DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int compression,unsigned char* pixels)
++static int DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int compression,unsigned char* pixels)
+ {	int byte;
+ 	int count;
+ 	int i;
+@@ -870,12 +870,14 @@ static void DecodeImage (wmfAPI* API,wmf
+ 	U32 u;
+ 
+ 	unsigned char* q;
++	unsigned char* end;
+ 
+ 	for (u = 0; u < ((U32) bmp->width * (U32) bmp->height); u++) pixels[u] = 0;
+ 
+ 	byte = 0;
+ 	x = 0;
+ 	q = pixels;
++	end = pixels + bmp->width * bmp->height;
+ 
+ 	for (y = 0; y < bmp->height; )
+ 	{	count = ReadBlobByte (src);
+@@ -884,7 +886,10 @@ static void DecodeImage (wmfAPI* API,wmf
+ 		{	/* Encoded mode. */
+ 			byte = ReadBlobByte (src);
+ 			for (i = 0; i < count; i++)
+-			{	if (compression == 1)
++			{	
++				if (q == end)
++					return 0;
++			 	if (compression == 1)
+ 				{	(*(q++)) = (unsigned char) byte;
+ 				}
+ 				else
+@@ -896,13 +901,15 @@ static void DecodeImage (wmfAPI* API,wmf
+ 		else
+ 		{	/* Escape mode. */
+ 			count = ReadBlobByte (src);
+-			if (count == 0x01) return;
++			if (count == 0x01) return 1;
+ 			switch (count)
+ 			{
+ 			case 0x00:
+ 			 {	/* End of line. */
+ 				x = 0;
+ 				y++;
++				if (y >= bmp->height)
++					return 0;
+ 				q = pixels + y * bmp->width;
+ 				break;
+ 			 }
+@@ -910,13 +917,20 @@ static void DecodeImage (wmfAPI* API,wmf
+ 			 {	/* Delta mode. */
+ 				x += ReadBlobByte (src);
+ 				y += ReadBlobByte (src);
++				if (y >= bmp->height)
++					return 0;
++				if (x >= bmp->width)
++					return 0;
+ 				q = pixels + y * bmp->width + x;
+ 				break;
+ 			 }
+ 			default:
+ 			 {	/* Absolute mode. */
+ 				for (i = 0; i < count; i++)
+-				{	if (compression == 1)
++				{
++					if (q == end)
++						return 0;
++					if (compression == 1)
+ 					{	(*(q++)) = ReadBlobByte (src);
+ 					}
+ 					else
+@@ -943,7 +957,7 @@ static void DecodeImage (wmfAPI* API,wmf
+ 	byte = ReadBlobByte (src);  /* end of line */
+ 	byte = ReadBlobByte (src);
+ 
+-	return;
++	return 1;
+ }
+ 
+ /*
+@@ -1143,8 +1157,18 @@ static void ReadBMPImage (wmfAPI* API,wm
+ 		}
+ 	}
+ 	else
+-	{	/* Convert run-length encoded raster pixels. */
+-		DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image);
++	{
++		if (bmp_info.bits_per_pixel == 8)	/* Convert run-length encoded raster pixels. */
++		{
++			if (!DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image))
++			{	WMF_ERROR (API,"corrupt bmp");
++				API->err = wmf_E_BadFormat;
++			}
++		}
++		else
++		{	WMF_ERROR (API,"Unexpected pixel depth");
++			API->err = wmf_E_BadFormat;
++		}
+ 	}
+ 
+ 	if (ERR (API))
diff --git a/pkgs/development/libraries/libwmf/default.nix b/pkgs/development/libraries/libwmf/default.nix
index 95740882a93..bdede8f18cf 100644
--- a/pkgs/development/libraries/libwmf/default.nix
+++ b/pkgs/development/libraries/libwmf/default.nix
@@ -11,6 +11,11 @@ stdenv.mkDerivation {
 
   buildInputs = [ zlib imagemagick libpng pkgconfig glib freetype libjpeg libxml2 ];
 
+  patches = [
+    ./CVE-2006-3376.patch ./CVE-2009-1364.patch
+    ./CVE-2015-0848+4588+4695+4696.patch
+  ];
+
   meta = {
     description = "WMF library from wvWare";
   };
diff --git a/pkgs/development/lisp-modules/lisp-packages.nix b/pkgs/development/lisp-modules/lisp-packages.nix
index 5e2bdd0cc54..07372153032 100644
--- a/pkgs/development/lisp-modules/lisp-packages.nix
+++ b/pkgs/development/lisp-modules/lisp-packages.nix
@@ -72,14 +72,13 @@ let lispPackages = rec {
 
   cl-unification = buildLispPackage rec {
     baseName = "cl-unification";
-    version = "cvs-2013-10-28";
+    version = "git-2015-07-01";
     description = "";
     deps = [];
-    src = pkgs.fetchcvs {
-      sha256 = "a574b7f9615232366e3e5e7ee400d60dbff23f6d0e1def5a3c77aafdfd786e6a";
-      date = ''2013-10-28'';
-      module = ''cl-unification'';
-      cvsRoot = '':pserver:anonymous:anonymous@common-lisp.net:/project/cl-unification/cvsroot'';
+    src = pkgs.fetchgit {
+      url = "https://gitlab.common-lisp.net/cl-unification/cl-unification.git";
+      sha256 = "01k2k7n98flnzm6mipk4xq2rqmjkjg8rcv4dsgifyxhqjwqf0l24";
+      rev = ''283c94d38d11c806a1fc9db022f0b54dced93bab'';
     };
   };
 
@@ -539,15 +538,14 @@ let lispPackages = rec {
 
   cl-smtp = buildLispPackage rec {
     baseName = "cl-smtp";
-    version = "cvs-2014-11-15";
+    version = "git-2015-07-01";
     description = "SMTP client library";
     deps = [cl-ssl cl-base64 flexi-streams trivial-gray-streams usocket];
-    # Source type: cvs
-    src = pkgs.fetchcvs {
-      sha256 = "15b7lvayn1izzfism7s7rcw2mv1hwgp9l2lgb5na9qxmqzjlw0r9";
-      date = ''2014-11-15'';
-      module = ''cl-smtp'';
-      cvsRoot = '':pserver:anonymous:anonymous@common-lisp.net:/project/cl-smtp/cvsroot'';
+    # Source type: git
+    src = pkgs.fetchgit {
+      url = "https://gitlab.common-lisp.net/cl-smtp/cl-smtp.git";
+      sha256 = "1i66x351cj114r2i8j6bhif5fcysfq5ia91hv7ksjqa4q7rfmpw2";
+      rev = ''2bf946c1d561c0085dba6d6337e3e53d9711a5d2'';
     };
   };
 
diff --git a/pkgs/development/python-modules/setuptools/default.nix b/pkgs/development/python-modules/setuptools/default.nix
index 5db34a9d49d..f6030bb9526 100644
--- a/pkgs/development/python-modules/setuptools/default.nix
+++ b/pkgs/development/python-modules/setuptools/default.nix
@@ -4,11 +4,11 @@ stdenv.mkDerivation rec {
   shortName = "setuptools-${version}";
   name = "${python.executable}-${shortName}";
 
-  version = "7.0";
+  version = "18.0.1";
 
   src = fetchurl {
     url = "http://pypi.python.org/packages/source/s/setuptools/${shortName}.tar.gz";
-    sha256 = "0qg07f035agwcz9m0p3kgdjs18xpl3h00rv28aqsfdyz1wm1m76x";
+    sha256 = "152b4qlpqc54939vfx5ipjpgx0kln02n3ywpm6x25pqysngwjjad";
   };
 
   buildInputs = [ python wrapPython distutils-cfg ];
diff --git a/pkgs/development/tools/misc/lsof/default.nix b/pkgs/development/tools/misc/lsof/default.nix
index af9145bc409..53bbcf22842 100644
--- a/pkgs/development/tools/misc/lsof/default.nix
+++ b/pkgs/development/tools/misc/lsof/default.nix
@@ -1,11 +1,12 @@
-{stdenv, fetchurl}:
+{ stdenv, fetchurl }:
 
-stdenv.mkDerivation {
-  name = "lsof-4.88";
+stdenv.mkDerivation rec {
+  name = "lsof-${version}";
+  version = "4.89";
 
   src = fetchurl {
-    url = "ftp://sunsite.ualberta.ca/pub/Mirror/lsof/lsof_4.88.tar.bz2";
-    sha256 = "16y9wm26rg81mihnzcbdg8h8vhxmq8kn62ssxb8cqydp4q79nvzy";
+    url = "ftp://sunsite.ualberta.ca/pub/Mirror/lsof/lsof_${version}.tar.bz2";
+    sha256 = "061p18v0mhzq517791xkjs8a5dfynq1418a1mwxpji69zp2jzb41";
   };
 
   unpackPhase = "tar xvjf $src; cd lsof_*; tar xvf lsof_*.tar; sourceRoot=$( echo lsof_*/); ";
author	Vladimír Čunát <vcunat@gmail.com>	2015-07-17 06:37:13 +0200
committer	Vladimír Čunát <vcunat@gmail.com>	2015-07-17 06:38:04 +0200
commit	9f37e91ec502b68e7a8ebc71b7bf37ad02092a0c (patch)
tree	946e5c7626f668079bcf35caf203a52c5d33f3c7 /pkgs/development
parent	cf8309ef34b9ec18bc9aeca9e63f984e1be19b56 (diff)
parent	967abfc78660d0e49a32eac8fe19cec4b6b79d5c (diff)
download	nixpkgs-9f37e91ec502b68e7a8ebc71b7bf37ad02092a0c.tar nixpkgs-9f37e91ec502b68e7a8ebc71b7bf37ad02092a0c.tar.gz nixpkgs-9f37e91ec502b68e7a8ebc71b7bf37ad02092a0c.tar.bz2 nixpkgs-9f37e91ec502b68e7a8ebc71b7bf37ad02092a0c.tar.lz nixpkgs-9f37e91ec502b68e7a8ebc71b7bf37ad02092a0c.tar.xz nixpkgs-9f37e91ec502b68e7a8ebc71b7bf37ad02092a0c.tar.zst nixpkgs-9f37e91ec502b68e7a8ebc71b7bf37ad02092a0c.zip