diff options
| author | Vladimír Čunát <vcunat@gmail.com> | 2015-07-17 06:37:13 +0200 |
|---|---|---|
| committer | Vladimír Čunát <vcunat@gmail.com> | 2015-07-17 06:38:04 +0200 |
| commit | 9f37e91ec502b68e7a8ebc71b7bf37ad02092a0c (patch) | |
| tree | 946e5c7626f668079bcf35caf203a52c5d33f3c7 /pkgs | |
| parent | cf8309ef34b9ec18bc9aeca9e63f984e1be19b56 (diff) | |
| parent | 967abfc78660d0e49a32eac8fe19cec4b6b79d5c (diff) | |
| download | nixpkgs-9f37e91ec502b68e7a8ebc71b7bf37ad02092a0c.tar nixpkgs-9f37e91ec502b68e7a8ebc71b7bf37ad02092a0c.tar.gz nixpkgs-9f37e91ec502b68e7a8ebc71b7bf37ad02092a0c.tar.bz2 nixpkgs-9f37e91ec502b68e7a8ebc71b7bf37ad02092a0c.tar.lz nixpkgs-9f37e91ec502b68e7a8ebc71b7bf37ad02092a0c.tar.xz nixpkgs-9f37e91ec502b68e7a8ebc71b7bf37ad02092a0c.tar.zst nixpkgs-9f37e91ec502b68e7a8ebc71b7bf37ad02092a0c.zip | |
Merge master into staging
There are larger-rebuild changes: gnutls and samba.
Diffstat (limited to 'pkgs')
44 files changed, 789 insertions, 100 deletions
diff --git a/pkgs/applications/altcoins/bitcoin.nix b/pkgs/applications/altcoins/bitcoin.nix index 7be2b90551e..bdd0335fe3b 100644 --- a/pkgs/applications/altcoins/bitcoin.nix +++ b/pkgs/applications/altcoins/bitcoin.nix @@ -6,14 +6,14 @@ with stdenv.lib; stdenv.mkDerivation rec{ name = "bitcoin" + (toString (optional (!withGui) "d")) + "-" + version; - core_version = "0.10.2"; + core_version = "0.11.0"; version = core_version; src = fetchurl { urls = [ "https://bitcoin.org/bin/bitcoin-core-${core_version}/bitcoin-${version}.tar.gz" "mirror://sourceforge/bitcoin/Bitcoin/bitcoin-${core_version}/bitcoin-${version}.tar.gz" ]; - sha256 = "cddf96c71d0a35524fde93380981cf0cf0b51441454a3a68b9be491b9239bfec"; + sha256 = "51ba1756addfa71567559e3f22331c1d908a63571891287689fff7113035d09f"; }; buildInputs = [ pkgconfig autoreconfHook openssl db48 boost zlib diff --git a/pkgs/applications/editors/idea/default.nix b/pkgs/applications/editors/idea/default.nix index b2b6d2ddde5..5d13cf6a4ce 100644 --- a/pkgs/applications/editors/idea/default.nix +++ b/pkgs/applications/editors/idea/default.nix @@ -297,13 +297,13 @@ in phpstorm = buildPhpStorm rec { name = "phpstorm-${version}"; - version = "8.0.3"; - build = "PS-139.1348"; + version = "9.0"; + build = "PS-141.1912"; description = "Professional IDE for Web and PHP developers"; license = stdenv.lib.licenses.unfree; src = fetchurl { url = "https://download.jetbrains.com/webide/PhpStorm-${version}.tar.gz"; - sha256 = "1x67nfr3nap93cx7yhdrp02xvp1v6g74zy7hdmhx41sal7hzy49b"; + sha256 = "1n6p8xiv0nrs6yf0250mpga291msnrfamv573dva9f17cc3df2pp"; }; }; diff --git a/pkgs/applications/editors/leo-editor/default.nix b/pkgs/applications/editors/leo-editor/default.nix new file mode 100644 index 00000000000..4c7e3cc08af --- /dev/null +++ b/pkgs/applications/editors/leo-editor/default.nix @@ -0,0 +1,23 @@ +{ stdenv, pythonPackages, fetchgit }: +pythonPackages.buildPythonPackage rec { + name = "leo-editor-${version}"; + version = "5.1"; + + namePrefix = ""; + + src = fetchgit { + url = "https://github.com/leo-editor/leo-editor"; + rev = "refs/tags/Leo-${version}-final"; + sha256 = "3cc5259609890bbde9cfee71f4f60b959b3f5b740f7d403c99ea2d9796b4758e"; + }; + + propagatedBuildInputs = with pythonPackages; [ pyqt4 sqlite3 ]; + + meta = { + homepage = "http://leoeditor.com"; + description = "A powerful folding editor"; + longDescription = "Leo is a PIM, IDE and outliner that accelerates the work flow of programmers, authors and web designers."; + license = stdenv.lib.licenses.mit; + maintainers = with stdenv.lib.maintainers; [ leonardoce ]; + }; +} diff --git a/pkgs/applications/misc/gnuradio/default.nix b/pkgs/applications/misc/gnuradio/default.nix index 888d39c3732..a5cc1ae0932 100644 --- a/pkgs/applications/misc/gnuradio/default.nix +++ b/pkgs/applications/misc/gnuradio/default.nix @@ -23,11 +23,11 @@ stdenv.mkDerivation rec { name = "gnuradio-${version}"; - version = "3.7.5.1"; + version = "3.7.7.1"; src = fetchurl { url = "http://gnuradio.org/releases/gnuradio/${name}.tar.gz"; - sha256 = "0gg4i8s1z5pcfk8d7n7baxv3lx2cjcizimvbziraj27lcbvpmwar"; + sha256 = "0kjqav1rdyi60vq85djmigyrgh606ga625icwj15iarlqwzv29rb"; }; buildInputs = [ diff --git a/pkgs/applications/misc/gnuradio/wrapper.nix b/pkgs/applications/misc/gnuradio/wrapper.nix new file mode 100644 index 00000000000..cc8dbde273b --- /dev/null +++ b/pkgs/applications/misc/gnuradio/wrapper.nix @@ -0,0 +1,23 @@ +{ stdenv, gnuradio, makeWrapper, python +, extraPackages ? [] }: + +with stdenv.lib; + +stdenv.mkDerivation { + name = (appendToName "with-packages" gnuradio).name; + buildInputs = [ makeWrapper python ]; + + buildCommand = '' + mkdir -p $out/bin + ln -s "${gnuradio}"/bin/* $out/bin/ + + for file in "$out"/bin/*; do + wrapProgram "$file" \ + --prefix PYTHONPATH : ${stdenv.lib.concatStringsSep ":" + (map (path: "$(toPythonPath ${path})") extraPackages)} \ + --prefix GRC_BLOCKS_PATH : ${makeSearchPath "share/gnuradio/grc/blocks" extraPackages} + done + + ''; + inherit (gnuradio) meta; +} diff --git a/pkgs/applications/networking/browsers/chromium/source/sources.nix b/pkgs/applications/networking/browsers/chromium/source/sources.nix index 86dd127aa6b..5410293a792 100644 --- a/pkgs/applications/networking/browsers/chromium/source/sources.nix +++ b/pkgs/applications/networking/browsers/chromium/source/sources.nix @@ -1,21 +1,21 @@ # This file is autogenerated from update.sh in the parent directory. { dev = { - version = "45.0.2431.0"; - sha256 = "0irlrym8r1wa6zb5bg4paxy3h5fg300k5c9vkj3xmhdp567clfja"; - sha256bin32 = "1lfrd7x7cav5mr7pg0a3d4a9dyy6f0rklarprfrcvqwipjkddb3f"; - sha256bin64 = "1jzmkgiqn17ynbv0xljiifvlj1136jq98zrkd4hdmkgv8xrrzd74"; + version = "45.0.2454.6"; + sha256 = "09bhbq3hvsfiac7w6ajd6n1lcdzf2isg1s9sqabrnx9blyds7msh"; + sha256bin32 = "1f38rfd9v91inhd9m2sfcj4bpvq5f03zn8ypvacr9mpwc47rylx3"; + sha256bin64 = "1bfjpjisa0hqiy8kmmgh2mr6zyifpmhr7k5ai44h5szf36768bn6"; }; beta = { - version = "44.0.2403.61"; - sha256 = "16bifaqs3fmfms305c1h10kabsyrscxkywf32pl6zwlzjd3y4ncm"; - sha256bin32 = "1lgqf6bid02pjdzxg1jipfzjqzp5frqxv4bi6q127kky3lz9lmlc"; - sha256bin64 = "1l6cyfn5mraprisib7q5rgy8vvkc7ky8z91c2iqsikjv7nmrm6hv"; + version = "44.0.2403.89"; + sha256 = "161shml5w2i0crl57hkfnizgmii6d70lxxg4rjxmays8g6lrmpds"; + sha256bin32 = "1vk022m9kz9fw82sd94zqzi988ald3p2vlha7pz5wm2dgibwr25g"; + sha256bin64 = "0kvrpqy3fpfzchly65nrh8z2z2i49xpa3pm2k7k18sn0x4bycji0"; }; stable = { - version = "43.0.2357.130"; - sha256 = "0bh093rfiklwj03my9d6x3118k2msbl7fhrxlndx99cnjd1mbyv2"; - sha256bin32 = "083scn6dd11lnd0z5yxd6jfgdxj7iaafssccj8a9ybr1ay894ch1"; - sha256bin64 = "14mfw64ips6nzz6kr8k8dq5253cbqd69hjlc54fl7nqfxi9zw31f"; + version = "43.0.2357.134"; + sha256 = "0nbn25pl3rgyqmy4p5dqr0v08xzkm08lpzsaxzszqpa4w7ivp8fk"; + sha256bin32 = "1xmybw4vs8x2rrg43f7x7yn763wfzr5f8d1jpq49r42qr365q6vs"; + sha256bin64 = "1y79135pmkhvv4cdhdy93jhm0jdx132a6spqqyyhbcr2sn26cq62"; }; } diff --git a/pkgs/applications/version-management/git-and-tools/git/default.nix b/pkgs/applications/version-management/git-and-tools/git/default.nix index 68fd7405ee4..9702a95133c 100644 --- a/pkgs/applications/version-management/git-and-tools/git/default.nix +++ b/pkgs/applications/version-management/git-and-tools/git/default.nix @@ -9,7 +9,7 @@ }: let - version = "2.4.5"; + version = "2.4.6"; svn = subversionClient.override { perlBindings = true; }; in @@ -18,7 +18,7 @@ stdenv.mkDerivation { src = fetchurl { url = "https://www.kernel.org/pub/software/scm/git/git-${version}.tar.xz"; - sha256 = "15045v9ds1jn7csw4dijlz0ybiw3csh34l444vzgh9g0f9gmy6n3"; + sha256 = "1djkjjv491nk6g8rzrb4n75yqdfp3xpiv569nqblaiq33ibl9ndx"; }; patches = [ diff --git a/pkgs/applications/version-management/smartgithg/default.nix b/pkgs/applications/version-management/smartgithg/default.nix index f2a2fadae8c..ccea8ffb3f2 100644 --- a/pkgs/applications/version-management/smartgithg/default.nix +++ b/pkgs/applications/version-management/smartgithg/default.nix @@ -7,7 +7,7 @@ }: let - the_version = "6_5_7"; + the_version = "6_5_9"; in @@ -17,7 +17,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "http://www.syntevo.com/downloads/smartgit/" + "smartgit-generic-${the_version}.tar.gz"; - sha256 = "0db4dxp0dl173z9r8n25zdl1il240p751d2f77cw0nmyibik7q4l"; + sha256 = "09bvx1jgaqfxg8qv9f306bgh3k057shsi2xllxv1vw3xf0pvkbwa"; }; buildInputs = [ diff --git a/pkgs/build-support/fetchbower/default.nix b/pkgs/build-support/fetchbower/default.nix index 11af6dbedf1..7c6b1a8a098 100644 --- a/pkgs/build-support/fetchbower/default.nix +++ b/pkgs/build-support/fetchbower/default.nix @@ -1,9 +1,11 @@ { stdenv, fetch-bower, git }: name: version: target: outputHash: stdenv.mkDerivation { name = "${name}-${version}"; - realBuilder = "${fetch-bower}/bin/fetch-bower"; - args = [ name version target ]; + buildCommand = '' + out=$PWD/out fetch-bower ${name} ${version} ${target} + cp -R out $out + ''; outputHashMode = "recursive"; outputHashAlgo = "sha256"; inherit outputHash; - PATH = "${git}/bin"; + buildInputs = [git fetch-bower]; } diff --git a/pkgs/development/haskell-modules/hackage-packages.nix b/pkgs/development/haskell-modules/hackage-packages.nix index c62f9071c5f..86a98e6f3f4 100644 --- a/pkgs/development/haskell-modules/hackage-packages.nix +++ b/pkgs/development/haskell-modules/hackage-packages.nix @@ -121097,8 +121097,8 @@ self: { }: mkDerivation { pname = "stripe-haskell"; - version = "0.1.4.0"; - sha256 = "09s699h2b641bakcgf3f2cwdqb4qb37b4y31vpcq3k8pkbmhy8sf"; + version = "0.1.4.1"; + sha256 = "a0ffc70616d4eb86a9e0e0fcb1751cc48f3b6f618d07cf2bb96090276d64d218"; buildDepends = [ aeson base bytestring either HsOpenSSL http-streams io-streams mtl random text time transformers unordered-containers diff --git a/pkgs/development/libraries/ffmpeg-full/default.nix b/pkgs/development/libraries/ffmpeg-full/default.nix index 7d108ba81ef..555576d3a36 100644 --- a/pkgs/development/libraries/ffmpeg-full/default.nix +++ b/pkgs/development/libraries/ffmpeg-full/default.nix @@ -231,11 +231,11 @@ assert x11grabExtlib -> libX11 != null && libXv != null; stdenv.mkDerivation rec { name = "ffmpeg-${version}"; - version = "2.6.3"; + version = "2.7.1"; src = fetchurl { url = "https://www.ffmpeg.org/releases/${name}.tar.bz2"; - sha256 = "1yqc3vm1xrwf866q262qd4nr9d6ifp4gg183pjdc4sl9np0rissr"; + sha256 = "087pyx1wxvniq3wgj6z80wrb7ampwwsmwndmr7lymzhm4iyvj1vy"; }; patchPhase = ''patchShebangs .''; diff --git a/pkgs/development/libraries/ffmpeg/2.7.nix b/pkgs/development/libraries/ffmpeg/2.7.nix new file mode 100644 index 00000000000..3e4708fdf46 --- /dev/null +++ b/pkgs/development/libraries/ffmpeg/2.7.nix @@ -0,0 +1,7 @@ +{ callPackage, ... } @ args: + +callPackage ./generic.nix (args // rec { + version = "${branch}.1"; + branch = "2.7"; + sha256 = "087pyx1wxvniq3wgj6z80wrb7ampwwsmwndmr7lymzhm4iyvj1vy"; +}) diff --git a/pkgs/development/libraries/gnutls/3.3.nix b/pkgs/development/libraries/gnutls/3.3.nix index a2c04506a6c..bd95ce07254 100644 --- a/pkgs/development/libraries/gnutls/3.3.nix +++ b/pkgs/development/libraries/gnutls/3.3.nix @@ -1,10 +1,10 @@ { callPackage, fetchurl, ... } @ args: callPackage ./generic.nix (args // rec { - version = "3.3.15"; + version = "3.3.16"; src = fetchurl { url = "ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/gnutls-${version}.tar.lz"; - sha256 = "166nynb055vlh6dm1gaqwpcnf4mp7ks8lz2yvm7dlsrkbh3swj5m"; + sha256 = "1jl5n02mh83ygrrk7rq8vwylv5gdr3wccqs1ynvzr749fd2wq637"; }; }) diff --git a/pkgs/development/libraries/gnutls/3.4.nix b/pkgs/development/libraries/gnutls/3.4.nix index 614834252fa..0558e4127c4 100644 --- a/pkgs/development/libraries/gnutls/3.4.nix +++ b/pkgs/development/libraries/gnutls/3.4.nix @@ -1,10 +1,10 @@ { callPackage, fetchurl, ... } @ args: callPackage ./generic.nix (args // rec { - version = "3.4.2"; + version = "3.4.3"; src = fetchurl { url = "ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/gnutls-${version}.tar.lz"; - sha256 = "1wzasbrs4ncq4yisqyvifl7mzlyyg1pb0idr4fhjmcfpi13sxlaw"; + sha256 = "1q4adb1xi9pl00iy3cqs4r1qmwllv1g1r44p6xsg6n65dpyf53q2"; }; }) diff --git a/pkgs/development/libraries/libinput/default.nix b/pkgs/development/libraries/libinput/default.nix index 28880a3ac68..f02b0af8270 100644 --- a/pkgs/development/libraries/libinput/default.nix +++ b/pkgs/development/libraries/libinput/default.nix @@ -15,11 +15,11 @@ in with stdenv.lib; stdenv.mkDerivation rec { - name = "libinput-0.17.0"; + name = "libinput-0.20.0"; src = fetchurl { url = "http://www.freedesktop.org/software/libinput/${name}.tar.xz"; - sha256 = "1nr8zg99hk6lz2g2kdvlz13i7cwvrsakakrn3c1w2id7wcxj9nxp"; + sha256 = "0p8jswag33qjjxd8766hzk460bzhzhw32b6hl2i17aygjz7dynqp"; }; configureFlags = [ diff --git a/pkgs/development/libraries/libwmf/CVE-2006-3376.patch b/pkgs/development/libraries/libwmf/CVE-2006-3376.patch new file mode 100644 index 00000000000..4c7519d9c10 --- /dev/null +++ b/pkgs/development/libraries/libwmf/CVE-2006-3376.patch @@ -0,0 +1,28 @@ +--- libwmf-0.2.8.4.orig/src/player.c ++++ libwmf-0.2.8.4/src/player.c +@@ -23,6 +23,7 @@ + + #include <stdio.h> + #include <stdlib.h> ++#include <stdint.h> + #include <string.h> + #include <math.h> + +@@ -132,8 +133,14 @@ + } + } + +-/* P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char)); +- */ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char)); ++ if (MAX_REC_SIZE(API) > UINT32_MAX / 2) ++ { ++ API->err = wmf_E_InsMem; ++ WMF_DEBUG (API,"bailing..."); ++ return (API->err); ++ } ++ ++ P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char)); + + if (ERR (API)) + { WMF_DEBUG (API,"bailing..."); + diff --git a/pkgs/development/libraries/libwmf/CVE-2009-1364.patch b/pkgs/development/libraries/libwmf/CVE-2009-1364.patch new file mode 100644 index 00000000000..e2a4501662c --- /dev/null +++ b/pkgs/development/libraries/libwmf/CVE-2009-1364.patch @@ -0,0 +1,11 @@ +--- libwmf-0.2.8.4.orig/src/extra/gd/gd_clip.c ++++ libwmf-0.2.8.4/src/extra/gd/gd_clip.c +@@ -70,6 +70,7 @@ + { more = gdRealloc (im->clip->list,(im->clip->max + 8) * sizeof (gdClipRectangle)); + if (more == 0) return; + im->clip->max += 8; ++ im->clip->list = more; + } + im->clip->list[im->clip->count] = (*rect); + im->clip->count++; + diff --git a/pkgs/development/libraries/libwmf/CVE-2015-0848+4588+4695+4696.patch b/pkgs/development/libraries/libwmf/CVE-2015-0848+4588+4695+4696.patch new file mode 100644 index 00000000000..54d47800298 --- /dev/null +++ b/pkgs/development/libraries/libwmf/CVE-2015-0848+4588+4695+4696.patch @@ -0,0 +1,186 @@ +--- libwmf-0.2.8.4.orig/src/player/meta.h ++++ libwmf-0.2.8.4/src/player/meta.h +@@ -1565,7 +1565,7 @@ static int meta_rgn_create (wmfAPI* API, + objects = P->objects; + + i = 0; +- while (objects[i].type && (i < NUM_OBJECTS (API))) i++; ++ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; + + if (i == NUM_OBJECTS (API)) + { WMF_ERROR (API,"Object out of range!"); +@@ -2142,7 +2142,7 @@ static int meta_dib_brush (wmfAPI* API,w + objects = P->objects; + + i = 0; +- while (objects[i].type && (i < NUM_OBJECTS (API))) i++; ++ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; + + if (i == NUM_OBJECTS (API)) + { WMF_ERROR (API,"Object out of range!"); +@@ -2593,9 +2593,10 @@ static int meta_dc_restore (wmfAPI* API, + polyrect.BR = 0; + + polyrect.count = 0; ++ ++ if (FR->region_clip) FR->region_clip (API,&polyrect); + } + +- if (FR->region_clip) FR->region_clip (API,&polyrect); + + return (changed); + } +@@ -3067,7 +3068,7 @@ static int meta_pen_create (wmfAPI* API, + objects = P->objects; + + i = 0; +- while (objects[i].type && (i < NUM_OBJECTS (API))) i++; ++ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; + + if (i == NUM_OBJECTS (API)) + { WMF_ERROR (API,"Object out of range!"); +@@ -3181,7 +3182,7 @@ static int meta_brush_create (wmfAPI* AP + objects = P->objects; + + i = 0; +- while (objects[i].type && (i < NUM_OBJECTS (API))) i++; ++ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; + + if (i == NUM_OBJECTS (API)) + { WMF_ERROR (API,"Object out of range!"); +@@ -3288,7 +3289,7 @@ static int meta_font_create (wmfAPI* API + objects = P->objects; + + i = 0; +- while (objects[i].type && (i < NUM_OBJECTS (API))) i++; ++ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; + + if (i == NUM_OBJECTS (API)) + { WMF_ERROR (API,"Object out of range!"); +@@ -3396,7 +3397,7 @@ static int meta_palette_create (wmfAPI* + objects = P->objects; + + i = 0; +- while (objects[i].type && (i < NUM_OBJECTS (API))) i++; ++ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; + + if (i == NUM_OBJECTS (API)) + { WMF_ERROR (API,"Object out of range!"); +--- libwmf-0.2.8.4.orig/src/ipa/ipa.h ++++ libwmf-0.2.8.4/src/ipa/ipa.h +@@ -48,7 +48,7 @@ static int ReadBlobByte (BMPS + static unsigned short ReadBlobLSBShort (BMPSource*); + static unsigned long ReadBlobLSBLong (BMPSource*); + static long TellBlob (BMPSource*); +-static void DecodeImage (wmfAPI*,wmfBMP*,BMPSource*,unsigned int,unsigned char*); ++static int DecodeImage (wmfAPI*,wmfBMP*,BMPSource*,unsigned int,unsigned char*); + static void ReadBMPImage (wmfAPI*,wmfBMP*,BMPSource*); + static int ExtractColor (wmfAPI*,wmfBMP*,wmfRGB*,unsigned int,unsigned int); + static void SetColor (wmfAPI*,wmfBMP*,wmfRGB*,unsigned char,unsigned int,unsigned int); +--- libwmf-0.2.8.4.orig/src/ipa/ipa/bmp.h ++++ libwmf-0.2.8.4/src/ipa/ipa/bmp.h +@@ -859,7 +859,7 @@ static long TellBlob (BMPSource* src) + % + % + */ +-static void DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int compression,unsigned char* pixels) ++static int DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int compression,unsigned char* pixels) + { int byte; + int count; + int i; +@@ -870,12 +870,14 @@ static void DecodeImage (wmfAPI* API,wmf + U32 u; + + unsigned char* q; ++ unsigned char* end; + + for (u = 0; u < ((U32) bmp->width * (U32) bmp->height); u++) pixels[u] = 0; + + byte = 0; + x = 0; + q = pixels; ++ end = pixels + bmp->width * bmp->height; + + for (y = 0; y < bmp->height; ) + { count = ReadBlobByte (src); +@@ -884,7 +886,10 @@ static void DecodeImage (wmfAPI* API,wmf + { /* Encoded mode. */ + byte = ReadBlobByte (src); + for (i = 0; i < count; i++) +- { if (compression == 1) ++ { ++ if (q == end) ++ return 0; ++ if (compression == 1) + { (*(q++)) = (unsigned char) byte; + } + else +@@ -896,13 +901,15 @@ static void DecodeImage (wmfAPI* API,wmf + else + { /* Escape mode. */ + count = ReadBlobByte (src); +- if (count == 0x01) return; ++ if (count == 0x01) return 1; + switch (count) + { + case 0x00: + { /* End of line. */ + x = 0; + y++; ++ if (y >= bmp->height) ++ return 0; + q = pixels + y * bmp->width; + break; + } +@@ -910,13 +917,20 @@ static void DecodeImage (wmfAPI* API,wmf + { /* Delta mode. */ + x += ReadBlobByte (src); + y += ReadBlobByte (src); ++ if (y >= bmp->height) ++ return 0; ++ if (x >= bmp->width) ++ return 0; + q = pixels + y * bmp->width + x; + break; + } + default: + { /* Absolute mode. */ + for (i = 0; i < count; i++) +- { if (compression == 1) ++ { ++ if (q == end) ++ return 0; ++ if (compression == 1) + { (*(q++)) = ReadBlobByte (src); + } + else +@@ -943,7 +957,7 @@ static void DecodeImage (wmfAPI* API,wmf + byte = ReadBlobByte (src); /* end of line */ + byte = ReadBlobByte (src); + +- return; ++ return 1; + } + + /* +@@ -1143,8 +1157,18 @@ static void ReadBMPImage (wmfAPI* API,wm + } + } + else +- { /* Convert run-length encoded raster pixels. */ +- DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image); ++ { ++ if (bmp_info.bits_per_pixel == 8) /* Convert run-length encoded raster pixels. */ ++ { ++ if (!DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image)) ++ { WMF_ERROR (API,"corrupt bmp"); ++ API->err = wmf_E_BadFormat; ++ } ++ } ++ else ++ { WMF_ERROR (API,"Unexpected pixel depth"); ++ API->err = wmf_E_BadFormat; ++ } + } + + if (ERR (API)) diff --git a/pkgs/development/libraries/libwmf/default.nix b/pkgs/development/libraries/libwmf/default.nix index 95740882a93..bdede8f18cf 100644 --- a/pkgs/development/libraries/libwmf/default.nix +++ b/pkgs/development/libraries/libwmf/default.nix @@ -11,6 +11,11 @@ stdenv.mkDerivation { buildInputs = [ zlib imagemagick libpng pkgconfig glib freetype libjpeg libxml2 ]; + patches = [ + ./CVE-2006-3376.patch ./CVE-2009-1364.patch + ./CVE-2015-0848+4588+4695+4696.patch + ]; + meta = { description = "WMF library from wvWare"; }; diff --git a/pkgs/development/lisp-modules/lisp-packages.nix b/pkgs/development/lisp-modules/lisp-packages.nix index 5e2bdd0cc54..07372153032 100644 --- a/pkgs/development/lisp-modules/lisp-packages.nix +++ b/pkgs/development/lisp-modules/lisp-packages.nix @@ -72,14 +72,13 @@ let lispPackages = rec { cl-unification = buildLispPackage rec { baseName = "cl-unification"; - version = "cvs-2013-10-28"; + version = "git-2015-07-01"; description = ""; deps = []; - src = pkgs.fetchcvs { - sha256 = "a574b7f9615232366e3e5e7ee400d60dbff23f6d0e1def5a3c77aafdfd786e6a"; - date = ''2013-10-28''; - module = ''cl-unification''; - cvsRoot = '':pserver:anonymous:anonymous@common-lisp.net:/project/cl-unification/cvsroot''; + src = pkgs.fetchgit { + url = "https://gitlab.common-lisp.net/cl-unification/cl-unification.git"; + sha256 = "01k2k7n98flnzm6mipk4xq2rqmjkjg8rcv4dsgifyxhqjwqf0l24"; + rev = ''283c94d38d11c806a1fc9db022f0b54dced93bab''; }; }; @@ -539,15 +538,14 @@ let lispPackages = rec { cl-smtp = buildLispPackage rec { baseName = "cl-smtp"; - version = "cvs-2014-11-15"; + version = "git-2015-07-01"; description = "SMTP client library"; deps = [cl-ssl cl-base64 flexi-streams trivial-gray-streams usocket]; - # Source type: cvs - src = pkgs.fetchcvs { - sha256 = "15b7lvayn1izzfism7s7rcw2mv1hwgp9l2lgb5na9qxmqzjlw0r9"; - date = ''2014-11-15''; - module = ''cl-smtp''; - cvsRoot = '':pserver:anonymous:anonymous@common-lisp.net:/project/cl-smtp/cvsroot''; + # Source type: git + src = pkgs.fetchgit { + url = "https://gitlab.common-lisp.net/cl-smtp/cl-smtp.git"; + sha256 = "1i66x351cj114r2i8j6bhif5fcysfq5ia91hv7ksjqa4q7rfmpw2"; + rev = ''2bf946c1d561c0085dba6d6337e3e53d9711a5d2''; }; }; diff --git a/pkgs/development/python-modules/setuptools/default.nix b/pkgs/development/python-modules/setuptools/default.nix index 5db34a9d49d..f6030bb9526 100644 --- a/pkgs/development/python-modules/setuptools/default.nix +++ b/pkgs/development/python-modules/setuptools/default.nix @@ -4,11 +4,11 @@ stdenv.mkDerivation rec { shortName = "setuptools-${version}"; name = "${python.executable}-${shortName}"; - version = "7.0"; + version = "18.0.1"; src = fetchurl { url = "http://pypi.python.org/packages/source/s/setuptools/${shortName}.tar.gz"; - sha256 = "0qg07f035agwcz9m0p3kgdjs18xpl3h00rv28aqsfdyz1wm1m76x"; + sha256 = "152b4qlpqc54939vfx5ipjpgx0kln02n3ywpm6x25pqysngwjjad"; }; buildInputs = [ python wrapPython distutils-cfg ]; diff --git a/pkgs/development/tools/misc/lsof/default.nix b/pkgs/development/tools/misc/lsof/default.nix index af9145bc409..53bbcf22842 100644 --- a/pkgs/development/tools/misc/lsof/default.nix +++ b/pkgs/development/tools/misc/lsof/default.nix @@ -1,11 +1,12 @@ -{stdenv, fetchurl}: +{ stdenv, fetchurl }: -stdenv.mkDerivation { - name = "lsof-4.88"; +stdenv.mkDerivation rec { + name = "lsof-${version}"; + version = "4.89"; src = fetchurl { - url = "ftp://sunsite.ualberta.ca/pub/Mirror/lsof/lsof_4.88.tar.bz2"; - sha256 = "16y9wm26rg81mihnzcbdg8h8vhxmq8kn62ssxb8cqydp4q79nvzy"; + url = "ftp://sunsite.ualberta.ca/pub/Mirror/lsof/lsof_${version}.tar.bz2"; + sha256 = "061p18v0mhzq517791xkjs8a5dfynq1418a1mwxpji69zp2jzb41"; }; unpackPhase = "tar xvjf $src; cd lsof_*; tar xvf lsof_*.tar; sourceRoot=$( echo lsof_*/); "; diff --git a/pkgs/misc/emulators/fs-uae/default.nix b/pkgs/misc/emulators/fs-uae/default.nix index 545691fa4d0..89f4e2338b4 100644 --- a/pkgs/misc/emulators/fs-uae/default.nix +++ b/pkgs/misc/emulators/fs-uae/default.nix @@ -5,11 +5,11 @@ with stdenv.lib; stdenv.mkDerivation rec{ name = "fs-uae-${version}"; - version = "2.4.1"; + version = "2.4.3"; src = fetchurl { urls = [ "http://fs-uae.net/fs-uae/stable/${version}/${name}.tar.gz" ]; - sha256 = "05gvnrkl1aclq1a6z57k6rmdnsg2ghyjcscwq0w5dhc5vcalv6f0"; + sha256 = "05wngvpqj8kj4wzi5jzzhvs19iljb3m6ba1l2hk4rz68b400ndv6"; }; buildInputs = [ pkgconfig gettext gtk SDL zlib glib openal mesa lua freetype ]; @@ -33,3 +33,5 @@ stdenv.mkDerivation rec{ maintainers = [ maintainers.AndersonTorres ]; }; } +# TODO: testing and Python GUI support +# TODO: SDL2 support diff --git a/pkgs/misc/emulators/mednafen/default.nix b/pkgs/misc/emulators/mednafen/default.nix index e87ac98c838..825968c6163 100644 --- a/pkgs/misc/emulators/mednafen/default.nix +++ b/pkgs/misc/emulators/mednafen/default.nix @@ -7,11 +7,11 @@ stdenv.mkDerivation rec { name = "mednafen-${version}"; - version = "0.9.36.4"; + version = "0.9.38.5"; src = fetchurl { url = "http://downloads.sourceforge.net/project/mednafen/Mednafen/${version}/${name}.tar.bz2"; - sha256 = "0s6dhdar6y64fah2ij98a9gskm0rzcbqdbksicnba8cakc87nsfy"; + sha256 = "1s1qwwlhkxr0vhzvlc1m0ib9lj7cws3cldm2mbjz4b421nxfdi8h"; }; buildInputs = with stdenv.lib; diff --git a/pkgs/misc/emulators/mednafen/server.nix b/pkgs/misc/emulators/mednafen/server.nix index ce361ef9fbc..60e458222d3 100644 --- a/pkgs/misc/emulators/mednafen/server.nix +++ b/pkgs/misc/emulators/mednafen/server.nix @@ -3,11 +3,11 @@ stdenv.mkDerivation rec { name = "mednafen-server-${version}"; - version = "0.5.1"; + version = "0.5.2"; src = fetchurl { url = "http://downloads.sourceforge.net/project/mednafen/Mednafen-Server/${version}/${name}.tar.gz"; - sha256="0c5wvg938y3h4n5lb0dl8pvmjzphhkbba34r6ikpvdahq166ps4j"; + sha256="06fal6hwrb8gw94yp7plhcz55109128cgp35m7zs5vvjf1zfhcs9"; }; postInstall = '' diff --git a/pkgs/servers/ftp/vsftpd/CVE-2015-1419.patch b/pkgs/servers/ftp/vsftpd/CVE-2015-1419.patch new file mode 100644 index 00000000000..0a614439511 --- /dev/null +++ b/pkgs/servers/ftp/vsftpd/CVE-2015-1419.patch @@ -0,0 +1,104 @@ +Description: CVE-2015-1419: config option deny_file is not handled correctly +Author: Marcus Meissner <meissner@suse.com> +Origin: https://bugzilla.novell.com/show_bug.cgi?id=CVE-2015-1419 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776922 +Last-Update: 2015-02-24 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/ls.c +=================================================================== +--- trunk.orig/ls.c ++++ trunk/ls.c +@@ -7,6 +7,7 @@ + * Would you believe, code to handle directory listing. + */ + ++#include <stdlib.h> + #include "ls.h" + #include "access.h" + #include "defs.h" +@@ -243,11 +244,42 @@ vsf_filename_passes_filter(const struct + struct mystr temp_str = INIT_MYSTR; + struct mystr brace_list_str = INIT_MYSTR; + struct mystr new_filter_str = INIT_MYSTR; ++ struct mystr normalize_filename_str = INIT_MYSTR; ++ const char *normname; ++ const char *path; + int ret = 0; + char last_token = 0; + int must_match_at_current_pos = 1; ++ + str_copy(&filter_remain_str, p_filter_str); +- str_copy(&name_remain_str, p_filename_str); ++ ++ /* normalize filepath */ ++ path = str_strdup(p_filename_str); ++ normname = realpath(path, NULL); ++ if (normname == NULL) ++ goto out; ++ str_alloc_text(&normalize_filename_str, normname); ++ ++ if (!str_isempty (&filter_remain_str) && !str_isempty(&normalize_filename_str)) { ++ if (str_get_char_at(p_filter_str, 0) == '/') { ++ if (str_get_char_at(&normalize_filename_str, 0) != '/') { ++ str_getcwd (&name_remain_str); ++ ++ if (str_getlen(&name_remain_str) > 1) /* cwd != root dir */ ++ str_append_char (&name_remain_str, '/'); ++ ++ str_append_str (&name_remain_str, &normalize_filename_str); ++ } ++ else ++ str_copy (&name_remain_str, &normalize_filename_str); ++ } else { ++ if (str_get_char_at(p_filter_str, 0) != '{') ++ str_basename (&name_remain_str, &normalize_filename_str); ++ else ++ str_copy (&name_remain_str, &normalize_filename_str); ++ } ++ } else ++ str_copy(&name_remain_str, &normalize_filename_str); + + while (!str_isempty(&filter_remain_str) && *iters < VSFTP_MATCHITERS_MAX) + { +@@ -379,6 +411,9 @@ vsf_filename_passes_filter(const struct + ret = 0; + } + out: ++ free((char*) normname); ++ free((char*) path); ++ str_free(&normalize_filename_str); + str_free(&filter_remain_str); + str_free(&name_remain_str); + str_free(&temp_str); +Index: trunk/str.c +=================================================================== +--- trunk.orig/str.c ++++ trunk/str.c +@@ -723,3 +723,14 @@ str_replace_unprintable(struct mystr* p_ + } + } + ++void ++str_basename (struct mystr* d_str, const struct mystr* path) ++{ ++ static struct mystr tmp; ++ ++ str_copy (&tmp, path); ++ str_split_char_reverse(&tmp, d_str, '/'); ++ ++ if (str_isempty(d_str)) ++ str_copy (d_str, path); ++} +Index: trunk/str.h +=================================================================== +--- trunk.orig/str.h ++++ trunk/str.h +@@ -101,6 +101,7 @@ void str_replace_unprintable(struct myst + int str_atoi(const struct mystr* p_str); + filesize_t str_a_to_filesize_t(const struct mystr* p_str); + unsigned int str_octal_to_uint(const struct mystr* p_str); ++void str_basename (struct mystr* d_str, const struct mystr* path); + + /* PURPOSE: Extract a line of text (delimited by \n or EOF) from a string + * buffer, starting at character position 'p_pos'. The extracted line will diff --git a/pkgs/servers/ftp/vsftpd/default.nix b/pkgs/servers/ftp/vsftpd/default.nix index 3b9b32898e2..f1ddf87e8c6 100644 --- a/pkgs/servers/ftp/vsftpd/default.nix +++ b/pkgs/servers/ftp/vsftpd/default.nix @@ -8,6 +8,8 @@ stdenv.mkDerivation rec { sha256 = "0mjy345wszskz1vnk83360c1y37arwgap3gwz8hy13sjqpig0imy"; }; + patches = [ ./CVE-2015-1419.patch ]; + preConfigure = stdenv.lib.optionalString sslEnable '' echo "Will enable SSL" sed -i "/VSF_BUILD_SSL/s/^#undef/#define/" builddefs.h diff --git a/pkgs/servers/nosql/cassandra/1.2.nix b/pkgs/servers/nosql/cassandra/1.2.nix new file mode 100644 index 00000000000..75992ceb9ef --- /dev/null +++ b/pkgs/servers/nosql/cassandra/1.2.nix @@ -0,0 +1,52 @@ +{ stdenv +, fetchurl +, jre +, python +, makeWrapper +, gawk +, bash +, getopt +, procps +}: + +let + + version = "1.2.19"; + sha256 = "0zkq3ggpk8ra2siar43vmrn6lmvn902p1g2lrgb46ak1vii6w30w"; + +in + +stdenv.mkDerivation rec { + name = "cassandra-${version}"; + + src = fetchurl { + inherit sha256; + url = "http://apache.cs.utah.edu/cassandra/${version}/apache-${name}-bin.tar.gz"; + }; + + nativeBuildInputs = [ makeWrapper ]; + + installPhase = '' + mkdir $out + mv * $out + + for cmd in cassandra nodetool sstablekeys sstableloader sstableupgrade + do wrapProgram $out/bin/$cmd \ + --set JAVA_HOME ${jre} \ + --prefix PATH : ${bash}/bin \ + --prefix PATH : ${getopt}/bin \ + --prefix PATH : ${gawk}/bin \ + --prefix PATH : ${procps}/bin + done + + wrapProgram $out/bin/cqlsh --prefix PATH : ${python}/bin + ''; + + meta = with stdenv.lib; { + homepage = http://cassandra.apache.org/; + description = "A massively scalable open source NoSQL database"; + platforms = with platforms; all; + license = licenses.asl20; + maintainers = with maintainers; [ bcarrell ]; + }; +} diff --git a/pkgs/servers/samba/4.x.nix b/pkgs/servers/samba/4.x.nix index a31846c54aa..1cdf7ad2ed0 100644 --- a/pkgs/servers/samba/4.x.nix +++ b/pkgs/servers/samba/4.x.nix @@ -19,11 +19,11 @@ with lib; stdenv.mkDerivation rec { - name = "samba-4.2.1"; + name = "samba-4.2.3"; src = fetchurl { url = "mirror://samba/pub/samba/stable/${name}.tar.gz"; - sha256 = "1hsakc8h6rs48xr6i55m90pd53hpxcqjjnlwq8i2rp0nq4ws5sip"; + sha256 = "0z2c17d2id0m59mfdxdljhizp97l29clmw6g5zp93n0q92pabpxn"; }; patches = diff --git a/pkgs/servers/sql/mariadb/default.nix b/pkgs/servers/sql/mariadb/default.nix index 1e962f5df90..27383721ceb 100644 --- a/pkgs/servers/sql/mariadb/default.nix +++ b/pkgs/servers/sql/mariadb/default.nix @@ -5,11 +5,11 @@ with stdenv.lib; stdenv.mkDerivation rec { name = "mariadb-${version}"; - version = "10.0.19"; + version = "10.0.20"; src = fetchurl { url = "https://downloads.mariadb.org/interstitial/mariadb-${version}/source/mariadb-${version}.tar.gz"; - sha256 = "0cm1j4805ypbmrhajn4ar5rqsis1p5haxs7c04b6k540gmfmxgrg"; + sha256 = "0ywb730l68mxvmpik1x2ndbdaaks6dmc17pxspspm5wlqxinjkrs"; }; buildInputs = [ cmake ncurses openssl zlib pcre libxml2 boost judy bison libevent ] diff --git a/pkgs/tools/filesystems/ceph/dev.nix b/pkgs/tools/filesystems/ceph/dev.nix index 3a9aacbcd30..5cc183d1053 100644 --- a/pkgs/tools/filesystems/ceph/dev.nix +++ b/pkgs/tools/filesystems/ceph/dev.nix @@ -1,11 +1,13 @@ { callPackage, fetchgit, ... } @ args: callPackage ./generic.nix (args // rec { - version = "9.0.1"; + version = "9.0.2"; src = fetchgit { url = "https://github.com/ceph/ceph.git"; rev = "refs/tags/v${version}"; - sha256 = "1sq6gim7dik04lih5krwm4qpnf2blby3xj2vz9n4cknjnj0dbg7x"; + sha256 = "0kydjyvb1566mh33p6dlljfx1r4cfdj8ic4i19h5r9vavkc46nf0"; }; + + patches = [ ./fix-pythonpath.patch ]; }) diff --git a/pkgs/tools/filesystems/ceph/fix-pythonpath.patch b/pkgs/tools/filesystems/ceph/fix-pythonpath.patch new file mode 100644 index 00000000000..7458a46aca1 --- /dev/null +++ b/pkgs/tools/filesystems/ceph/fix-pythonpath.patch @@ -0,0 +1,31 @@ +diff --git a/src/Makefile-env.am b/src/Makefile-env.am +index e176596..384e230 100644 +--- a/src/Makefile-env.am ++++ b/src/Makefile-env.am +@@ -40,7 +40,7 @@ check_SCRIPTS = + export VERBOSE = true + + # python unit tests need to know where the scripts are located +-export PYTHONPATH=$(top_srcdir)/src/pybind ++export PYTHONPATH+=:$(top_srcdir)/src/pybind + + # when doing a debug build, make sure to make the targets + if WITH_DEBUG +diff --git a/src/ceph-detect-init/Makefile.am b/src/ceph-detect-init/Makefile.am +index 3e5ad03..66d6683 100644 +--- a/src/ceph-detect-init/Makefile.am ++++ b/src/ceph-detect-init/Makefile.am +@@ -64,9 +64,10 @@ install-data-local:: + if test "$(DESTDIR)" ; then \ + if lsb_release -si | grep --quiet 'Ubuntu\|Debian\|Devuan' ; then \ + options=--install-layout=deb ; \ +- else \ +- options=--prefix=/usr ; \ + fi ; \ + root="--root=$(DESTDIR)" ; \ + fi ; \ +- python setup.py install $$root $$options ++ if test "$(prefix)"; then \ ++ prefix="--prefix=$(prefix)" ; \ ++ fi ; \ ++ python setup.py install $$prefix $$root $$options diff --git a/pkgs/tools/filesystems/ceph/generic.nix b/pkgs/tools/filesystems/ceph/generic.nix index 4d358d6a9c5..b899192aa3c 100644 --- a/pkgs/tools/filesystems/ceph/generic.nix +++ b/pkgs/tools/filesystems/ceph/generic.nix @@ -113,7 +113,9 @@ stdenv.mkDerivation { ]; nativeBuildInputs = [ autoconf automake makeWrapper pkgconfig libtool which ] - ++ optionals (versionAtLeast version "10.0.0") [ pythonPackages.setuptools ]; + ++ optionals (versionAtLeast version "9.0.2") [ + pythonPackages.setuptools pythonPackages.argparse + ]; buildInputs = buildInputs ++ cryptoLibsMap.${cryptoStr} ++ [ boost python libxml2 optYasm optLibatomic_ops optLibs3 malloc pythonPackages.flask zlib ] ++ optional (versionAtLeast version "9.0.0") [ @@ -147,7 +149,7 @@ stdenv.mkDerivation { preConfigure = '' # Ceph expects the arch command to be usable during configure # for detecting the assembly type - mkdir mybin + mkdir -p mybin echo "#${stdenv.shell} -e" >> mybin/arch echo "uname -m" >> mybin/arch chmod +x mybin/arch @@ -157,6 +159,10 @@ stdenv.mkDerivation { # Fix the python site-packages install directory sed -i "s,\(PYTHON\(\|_EXEC\)_PREFIX=\).*,\1'$lib',g" configure + + # Fix the PYTHONPATH for installing ceph-detect-init to $out + mkdir -p "$(toPythonPath $out)" + export PYTHONPATH="$(toPythonPath $out):$PYTHONPATH" ''; configureFlags = [ @@ -200,7 +206,7 @@ stdenv.mkDerivation { ] ++ optional (versionAtLeast version "9.0.1") [ (mkWith false "tcmalloc-minimal" null) (mkWith false "valgrind" null) - ] ++ optional (versionAtLeast version "10.0.0") [ + ] ++ optional (versionAtLeast version "9.0.2") [ (mkWith true "man-pages" null) (mkWith true "systemd-libexec-dir" "\${TMPDIR}") ]; diff --git a/pkgs/tools/filesystems/ceph/git.nix b/pkgs/tools/filesystems/ceph/git.nix index df209b080b0..341c24c04a3 100644 --- a/pkgs/tools/filesystems/ceph/git.nix +++ b/pkgs/tools/filesystems/ceph/git.nix @@ -1,11 +1,13 @@ { callPackage, fetchgit, git, ... } @ args: callPackage ./generic.nix (args // rec { - version = "2015-06-06"; + version = "2015-07-15"; src = fetchgit { url = "git://github.com/ceph/ceph.git"; - rev = "efededa0107eebd4abc0e08dd34200d6ca175626"; - sha256 = "18lcn4misyvgjh7r0vkal480x23yr8pcjwzl4k4hbrpqmm97znp9"; + rev = "66dcbaed3c3c8e4b5367ba1cd2859271e692e7e0"; + sha256 = "05jba4zjrkksrra6rz4kby8vv4ja8fa73wvwcw3yn3mn1x9kyz2g"; }; + + patches = [ ./fix-pythonpath.patch ]; }) diff --git a/pkgs/tools/graphics/eplot/default.nix b/pkgs/tools/graphics/eplot/default.nix new file mode 100644 index 00000000000..a98a5e0aaec --- /dev/null +++ b/pkgs/tools/graphics/eplot/default.nix @@ -0,0 +1,47 @@ +{ stdenv, fetchurl, gnuplot, ruby }: + +stdenv.mkDerivation rec { + name = "eplot-2.07"; + + # Upstream has been contacted (2015-03) regarding providing versioned + # download URLs. Initial response was positive, but no action yet. + src = fetchurl { + url = "http://liris.cnrs.fr/christian.wolf/software/eplot/download/eplot"; + sha256 = "0y9x82i3sfpgxsqz2w42r6iad6ph7vxb7np1xbwapx5iipciclw5"; + }; + + ecSrc = fetchurl { + url = "http://liris.cnrs.fr/christian.wolf/software/eplot/download/ec"; + sha256 = "0fg31g8mrcx14h2rjcf091cbd924n19z55iscaiflspifya30yhd"; + }; + + buildInputs = [ ruby ]; + + unpackPhase = "true"; + + installPhase = '' + mkdir -p "$out/bin" + cp "$src" "$out/bin/eplot" + cp "$ecSrc" "$out/bin/ec" + chmod +x "$out/bin/"* + + sed -i -e "s|gnuplot -persist|${gnuplot}/bin/gnuplot -persist|" "$out/bin/eplot" + ''; + + meta = with stdenv.lib; { + description = "Create plots quickly with gnuplot"; + longDescription = '' + eplot ("easy gnuplot") is a ruby script which allows to pipe data easily + through gnuplot and create plots quickly, which can be saved in + postscript, PDF, PNG or EMF files. Plotting of multiple files into a + single diagram is supported. + + This package also includes the complementary 'ec' tool (say "extract + column"). + ''; + homepage = http://liris.cnrs.fr/christian.wolf/software/eplot/; + license = licenses.gpl2Plus; + platforms = platforms.all; + maintainers = [ maintainers.bjornfor ]; + }; +} diff --git a/pkgs/tools/graphics/fgallery/default.nix b/pkgs/tools/graphics/fgallery/default.nix new file mode 100644 index 00000000000..4b0531aa1ce --- /dev/null +++ b/pkgs/tools/graphics/fgallery/default.nix @@ -0,0 +1,48 @@ +{ stdenv, fetchurl, unzip, makeWrapper, perl, ImageExifTool, JSON +, coreutils, zip, imagemagick, pngcrush, lcms2, fbida +}: + +# TODO: add optional dependencies (snippet from fgallery source): +# +# if(system("jpegoptim -V >/dev/null 2>&1")) { +# $jpegoptim = 0; +# } +# if($facedet && system("facedetect -h >/dev/null 2>&1")) { +# fatal("cannot run \"facedetect\" (see http://www.thregr.org/~wavexx/hacks/facedetect/)"); + +stdenv.mkDerivation rec { + name = "fgallery-1.7"; + + src = fetchurl { + url = "http://www.thregr.org/~wavexx/software/fgallery/releases/${name}.zip"; + sha256 = "1iix6p8viwnsq3zn9vg99sx20nmgk2p5als3j1lk914nz3anvai4"; + }; + + buildInputs = [ unzip makeWrapper perl ImageExifTool JSON ]; + + installPhase = '' + mkdir -p "$out/bin" + mkdir -p "$out/share/fgallery" + + cp -r * "$out/share/fgallery" + ln -s -r "$out/share/fgallery/fgallery" "$out/bin/fgallery" + + # Don't preserve file attributes when copying files to output directories. + # (fgallery copies parts of itself to each output directory, and without + # this change the read-only nix store causes some bumps in the workflow.) + sed -i -e "s|'cp'|'cp', '--no-preserve=all'|g" "$out/share/fgallery/fgallery" + + wrapProgram "$out/share/fgallery/fgallery" \ + --set PERL5LIB "$PERL5LIB" \ + --set PATH "${stdenv.lib.makeSearchPath "bin" + [ coreutils zip imagemagick pngcrush lcms2 fbida ]}" + ''; + + meta = with stdenv.lib; { + description = "Static photo gallery generator"; + homepage = http://www.thregr.org/~wavexx/software/fgallery/; + license = licenses.gpl2; + platforms = platforms.all; + maintainers = [ maintainers.bjornfor ]; + }; +} diff --git a/pkgs/tools/graphics/gmic/default.nix b/pkgs/tools/graphics/gmic/default.nix new file mode 100644 index 00000000000..f0115239f00 --- /dev/null +++ b/pkgs/tools/graphics/gmic/default.nix @@ -0,0 +1,40 @@ +{ stdenv, fetchurl, fftw, zlib, libjpeg, libtiff, libpng }: + +stdenv.mkDerivation rec { + name = "gmic-${version}"; + version = "1.6.5.0"; + + src = fetchurl { + url = "http://gmic.eu/files/source/gmic_${version}.tar.gz"; + sha256 = "1vb6zm5zpqfnzxjvb9yfvczaqacm55rf010ib0yk9f28b17qrjgb"; + }; + + buildInputs = [ fftw zlib libjpeg libtiff libpng ]; + + sourceRoot = "${name}/src"; + + preBuild = '' + buildFlagsArray=( \ + CURL_CFLAGS= CURL_LIBS= \ + EXR_CFLAGS= EXR_LIBS= \ + OPENCV_CFLAGS= OPENCV_LIBS= \ + X11_CFLAGS="-Dcimg_display=0" X11_LIBS= \ + cli \ + ) + ''; + + installPhase = '' + mkdir -p $out/bin + mkdir -p $out/share/man/man1 + + cp -v gmic $out/bin/ + cp -v ../man/gmic.1.gz $out/share/man/man1/ + ''; + + meta = with stdenv.lib; { + description = "G'MIC is an open and full-featured framework for image processing"; + homepage = http://gmic.eu/; + license = licenses.cecill20; + maintainers = [ maintainers.rycee ]; + }; +} diff --git a/pkgs/tools/misc/dtach/default.nix b/pkgs/tools/misc/dtach/default.nix index 7ceecc3690a..000f6cd0f93 100644 --- a/pkgs/tools/misc/dtach/default.nix +++ b/pkgs/tools/misc/dtach/default.nix @@ -8,6 +8,8 @@ stdenv.mkDerivation rec { sha256 = "16614ebddf8ab2811d3dc0e7f329c7de88929ac6a9632d4cb4aef7fe11b8f2a9"; }; + patches = [ ./fix-CVE-2012-3368.patch ]; + installPhase = '' mkdir -p $out/bin cp dtach $out/bin/dtach diff --git a/pkgs/tools/misc/dtach/fix-CVE-2012-3368.patch b/pkgs/tools/misc/dtach/fix-CVE-2012-3368.patch new file mode 100644 index 00000000000..9e556d9325f --- /dev/null +++ b/pkgs/tools/misc/dtach/fix-CVE-2012-3368.patch @@ -0,0 +1,49 @@ +Fix error handling for read from stdin in attach.c + +attach.c did not correctly handle a read from stdin when read returned +an error. The code assigned the return value of read to pkt.len (an +unsigned char) before checking the value. This prevented the error check +from working correctly, since an unsigned integer can never be < 0. + +A packet with an invalid length was then sent to the master, which then +sent 255 bytes of garbage to the program. + +Fix the bug in attach.c and the unchecked packet length bug in master.c. + +Report and initial patch by Enrico Scholz. + +--- a/master.c 2012/07/01 21:26:10 1.14 ++++ b/master.c 2012/07/01 21:44:34 1.15 +@@ -351,7 +351,10 @@ + + /* Push out data to the program. */ + if (pkt.type == MSG_PUSH) +- write(the_pty.fd, pkt.u.buf, pkt.len); ++ { ++ if (pkt.len <= sizeof(pkt.u.buf)) ++ write(the_pty.fd, pkt.u.buf, pkt.len); ++ } + + /* Attach or detach from the program. */ + else if (pkt.type == MSG_ATTACH) +--- a/attach.c 2012/07/01 21:26:10 1.12 ++++ b/attach.c 2012/07/01 21:44:34 1.13 +@@ -237,12 +237,16 @@ + /* stdin activity */ + if (n > 0 && FD_ISSET(0, &readfds)) + { ++ ssize_t len; ++ + pkt.type = MSG_PUSH; + memset(pkt.u.buf, 0, sizeof(pkt.u.buf)); +- pkt.len = read(0, pkt.u.buf, sizeof(pkt.u.buf)); ++ len = read(0, pkt.u.buf, sizeof(pkt.u.buf)); + +- if (pkt.len <= 0) ++ if (len <= 0) + exit(1); ++ ++ pkt.len = len; + process_kbd(s, &pkt); + n--; + } diff --git a/pkgs/tools/networking/tinc/default.nix b/pkgs/tools/networking/tinc/default.nix index eddd3bc31c4..df3465969bb 100644 --- a/pkgs/tools/networking/tinc/default.nix +++ b/pkgs/tools/networking/tinc/default.nix @@ -1,20 +1,20 @@ {stdenv, fetchurl, lzo, openssl, zlib}: stdenv.mkDerivation rec { - version = "1.0.25"; + version = "1.0.26"; name = "tinc-${version}"; src = fetchurl { url = "http://www.tinc-vpn.org/packages/tinc-${version}.tar.gz"; - sha256 = "0cziyiwsfcvk12dahqwi5wh0q326yhayy8ijnrjp7mwlwmacbhf5"; + sha256 = "08ds8s32cjslms1q227ihd6jz35583v378ij4pknfa5xngfijhrb"; }; buildInputs = [ lzo openssl zlib ]; - configureFlags = '' - --localstatedir=/var - --sysconfdir=/etc - ''; + configureFlags = [ + "--localstatedir=/var" + "--sysconfdir=/etc" + ]; meta = { description = "VPN daemon with full mesh routing"; diff --git a/pkgs/tools/networking/tinc/pre.nix b/pkgs/tools/networking/tinc/pre.nix index f05ffdd6a46..3a89922ca9e 100644 --- a/pkgs/tools/networking/tinc/pre.nix +++ b/pkgs/tools/networking/tinc/pre.nix @@ -1,12 +1,12 @@ { stdenv, fetchgit, autoreconfHook, texinfo, ncurses, readline, zlib, lzo, openssl }: stdenv.mkDerivation rec { - name = "tinc-1.1pre-2015-06-20"; + name = "tinc-1.1pre-2015-07-17"; src = fetchgit { url = "git://tinc-vpn.org/tinc"; - rev = "ebffa40aa7832459f63801e3a91cc741e6b339a8"; - sha256 = "0yp40n5cgfadd7lmi28qv7cf5s14qqw5ga76y5xd0fjpacv6akcp"; + rev = "f92c3446f2052a59d1e6a28f1bc7cec278cb1e48"; + sha256 = "1y15fk4i6jm9w3qkami2vgp5zfrm5frjxwfmwr4xiw23bmy9cgim"; }; buildInputs = [ autoreconfHook texinfo ncurses readline zlib lzo openssl ]; diff --git a/pkgs/tools/system/efivar/default.nix b/pkgs/tools/system/efivar/default.nix index d0c84d52daa..a9c3ebd0252 100644 --- a/pkgs/tools/system/efivar/default.nix +++ b/pkgs/tools/system/efivar/default.nix @@ -2,19 +2,21 @@ stdenv.mkDerivation rec { name = "efivar-${version}"; - version = "0.20"; + version = "0.21"; src = fetchFromGitHub { owner = "rhinstaller"; repo = "efivar"; rev = version; - sha256 = "14c8x9dhi4scj42n1cf513b551c1ccm8lwpaqx8h8ydpm2k35qi4"; + sha256 = "0iakv8prvl61mb2wnll02sxlg3kfzh3d4qb41d0bklmnljjkqr8p"; }; buildInputs = [ popt ]; - # 0.20 Relies on symbols from libdl.so which breaks efibootmgr - NIX_LDFLAGS = "-ldl"; + # 0.21 Has build warnings so disable -Werror + postPatch = '' + sed -i 's,-Werror,,g' Make.defaults + ''; installFlags = [ "libdir=$(out)/lib" diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 6771a220bc0..df93687cc4e 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -882,6 +882,8 @@ let gist = callPackage ../tools/text/gist { }; + gmic = callPackage ../tools/graphics/gmic { }; + mcrl = callPackage ../tools/misc/mcrl { }; mcrl2 = callPackage ../tools/misc/mcrl2 { }; @@ -1397,6 +1399,8 @@ let enscript = callPackage ../tools/text/enscript { }; + eplot = callPackage ../tools/graphics/eplot { }; + ethtool = callPackage ../tools/misc/ethtool { }; eternity = callPackage ../games/eternity-engine { }; @@ -1455,6 +1459,10 @@ let fdm = callPackage ../tools/networking/fdm {}; + fgallery = callPackage ../tools/graphics/fgallery { + inherit (perlPackages) ImageExifTool JSON; + }; + flannel = callPackage ../tools/networking/flannel { }; flashbench = callPackage ../os-specific/linux/flashbench { }; @@ -6081,10 +6089,11 @@ let ffmpeg_1_2 = import ../development/libraries/ffmpeg/1.2.nix { inherit callPackage; }; ffmpeg_2_2 = import ../development/libraries/ffmpeg/2.2.nix { inherit callPackage; }; ffmpeg_2_6 = import ../development/libraries/ffmpeg/2.6.nix { inherit callPackage; }; + ffmpeg_2_7 = import ../development/libraries/ffmpeg/2.7.nix { inherit callPackage; }; # Aliases ffmpeg_0 = ffmpeg_0_10; ffmpeg_1 = ffmpeg_1_2; - ffmpeg_2 = ffmpeg_2_6; + ffmpeg_2 = ffmpeg_2_7; ffmpeg = ffmpeg_2; ffmpeg-full = callPackage ../development/libraries/ffmpeg-full { @@ -6359,7 +6368,6 @@ let gnutls33 = callPackage ../development/libraries/gnutls/3.3.nix { guileBindings = config.gnutls.guile or false; - nettle = nettle27; }; gnutls34 = callPackage ../development/libraries/gnutls/3.4.nix { @@ -8753,6 +8761,7 @@ let cadvisor = callPackage ../servers/monitoring/cadvisor { }; + cassandra_1_2 = callPackage ../servers/nosql/cassandra/1.2.nix { }; cassandra_2_0 = callPackage ../servers/nosql/cassandra/2.0.nix { }; cassandra_2_1 = callPackage ../servers/nosql/cassandra/2.1.nix { }; cassandra = cassandra_2_1; @@ -9124,7 +9133,6 @@ let samba4 = callPackage ../servers/samba/4.x.nix { python = python2; kerberos = null; # Bundle kerberos because samba uses internal, non-stable functions - gnutls = gnutls33; # enableLDAP }; @@ -11269,6 +11277,12 @@ let fftw = fftwFloat; }; + gnuradio-wrapper = callPackage ../applications/misc/gnuradio/wrapper.nix { }; + + gnuradio-full = gnuradio-wrapper.override { + extraPackages = [ gnuradio-osmosdr ]; + }; + gnuradio-osmosdr = callPackage ../applications/misc/gnuradio-osmosdr { }; goldendict = callPackage ../applications/misc/goldendict { }; @@ -11816,6 +11830,8 @@ let inherit (gnome) libglade; }; + leo-editor = callPackage ../applications/editors/leo-editor { }; + libowfat = callPackage ../development/libraries/libowfat { }; librecad = callPackage ../applications/misc/librecad { }; diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 666af29cc8e..ad08df9a874 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -293,11 +293,11 @@ let alembic = buildPythonPackage rec { - name = "alembic-0.6.6"; + name = "alembic-0.7.6"; src = pkgs.fetchurl { url = "https://pypi.python.org/packages/source/a/alembic/${name}.tar.gz"; - md5 = "71e4a8f6849e1527abfc4ea33d51f37c"; + sha256 = "0qgglnxsn470ncyipm33j3d5nf5ny2g3wq7fxyy9fv2x4rhs8kw6"; }; buildInputs = with self; [ nose mock ]; @@ -4904,12 +4904,12 @@ let django_1_8 = buildPythonPackage rec { name = "Django-${version}"; - version = "1.8"; + version = "1.8.3"; disabled = pythonOlder "2.7"; src = pkgs.fetchurl { url = "http://www.djangoproject.com/m/releases/1.8/${name}.tar.gz"; - sha256 = "04mlx3920r46vn69alrf4bmv1xqp7m6k1xzwgr798rjcrd1assq6"; + sha256 = "1fjv63rdm45j5057zb7qj4ya4pjwig1jpbwcr0bk1mazq3y59dib"; }; # error: invalid command 'test' @@ -4929,12 +4929,12 @@ let django_1_7 = buildPythonPackage rec { name = "Django-${version}"; - version = "1.7.7"; + version = "1.7.9"; disabled = pythonOlder "2.7"; src = pkgs.fetchurl { url = "http://www.djangoproject.com/m/releases/1.7/${name}.tar.gz"; - sha256 = "0crfpnf246c25887by2fjlxinp4rnhya4ksqfydcls9m0s9gh5j8"; + sha256 = "0q3q46yjjsqwp0ywrkbqwiac13rdvzrd5dchdbnzh3yjwpj9ygsg"; }; # error: invalid command 'test' @@ -4999,11 +4999,11 @@ let django_1_4 = buildPythonPackage rec { name = "Django-${version}"; - version = "1.4.20"; + version = "1.4.21"; src = pkgs.fetchurl { url = "http://www.djangoproject.com/m/releases/1.4/${name}.tar.gz"; - sha256 = "1cgb23afinmbvbaryvy3yj5m40h68mq6gvadcqyv3j64cja73b2q"; + sha256 = "1x5wk3yh6ydbp4sgsxl4qjmdvcazphwkmmm99lfdb04645sijkwk"; }; # error: invalid command 'test' @@ -5583,13 +5583,13 @@ let }; flexget = buildPythonPackage rec { - version = "1.2.278"; + version = "1.2.337"; name = "FlexGet-${version}"; disabled = isPy3k; src = pkgs.fetchurl { url = "https://pypi.python.org/packages/source/F/FlexGet/${name}.tar.gz"; - md5 = "9c8e41d9e59d53cf2c720661b2880719"; + md5 = "2c249c43bc594726f908b1425a8b8081"; }; doCheck = false; |