Commit Graph

320 Commits

Author SHA1 Message Date
obadz
24a9183f90 Merge branch 'hardened-stdenv' into staging
Closes #12895

Amazing work by @globin & @fpletz getting hardened compiler flags by
enabled default on the whole package set
2016-08-22 01:19:35 +01:00
Franz Pletz
2709079569 postgresql: security updates for all versions
Fixes CVE-2016-5423 and CVE-2016-5424.

See https://www.postgresql.org/about/news/1688/.
2016-08-16 18:35:22 +02:00
Robin Gloster
33e1c78ae3 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-16 07:54:01 +00:00
Dan Peebles
ccd16f87d5 mariadb: re-enable jemalloc on darwin and fix impurity
CMake in its usual infinite wisdom searches all over the system for java
and finds the host OSX java and JNI headers. It then decides to build the
connector and fails later on because we didn't actually tell Nix that we
wanted java in scope. So instead, we just tell CMake that we don't want
the jdbc connector. I believe it does the same with GSS, so I disable
that stuff too. None of this should affect Linux, but let me know if it
does somheow.
2016-08-14 15:08:23 -04:00
Franz Pletz
bd4490e277 Merge branch 'master' into hardened-stdenv 2016-08-13 16:59:55 +02:00
Vladimír Čunát
1c9307d348 mariadb on Darwin: another attempt to fix
Adding jemalloc to buildInputs didn't work out a97df891,
as jemalloc doesn't build correctly on Darwin ATM.
2016-08-13 09:03:33 +02:00
Robin Gloster
b7787d932e Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-12 09:46:53 +00:00
Vladimír Čunát
a97df891fe mariadb: use jemalloc on every platform
It seems to be failing to configure without it on Darwin:
http://hydra.nixos.org/build/38440660/nixlog/1/raw
This doesn't cause a rebuild on Linux platforms.
2016-08-11 19:25:51 +02:00
Vladimír Čunát
6f5c6fb6a1 mariadb: remove darwin patch that no longer applies
Hopefully it isn't needed anymore.
2016-08-10 22:07:33 +02:00
Vladimír Čunát
b94559dc7f mariadb: make the attribute point to the full build
It will create least surprises. Only those who want to go light
have to choose.
2016-08-07 22:44:57 +02:00
Vladimír Čunát
9a072482e6 mariadb: completely separate a server-less build
libmysqlclient is all that most closures need; now it's smaller and
quick to build. For cases that need a server (via executable or lib),
there's a full build for now; later it could be slimmed by removing the
client stuff.
2016-08-07 20:46:36 +02:00
Robin Gloster
1b979d8384 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-03 13:34:44 +00:00
Tuomas Tynkkynen
21f17d69f6 treewide: Add lots of meta.platforms
Build-tested on x86_64 Linux & Mac.
2016-08-02 21:42:43 +03:00
Tuomas Tynkkynen
2258b21e4b treewide: Add lots of platforms to packages with no meta
Build-tested on x86_64 Linux and on Darwin.
2016-08-02 21:17:44 +03:00
Robin Gloster
63c7b4f9a7 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-31 20:51:34 +00:00
Franz Pletz
8605d76f17 Revert "mariadb: 10.1.9 -> 10.1.16 (security)"
This reverts commit 55bd6da9fb.

Fixes #17340.
2016-07-28 22:31:43 +02:00
Franz Pletz
55bd6da9fb mariadb: 10.1.9 -> 10.1.16 (security) 2016-07-28 06:56:14 +02:00
Franz Pletz
975d33e640 mysql51: remove, not maintained anymore 2016-07-28 06:56:13 +02:00
Robin Gloster
f222d98746 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-25 12:47:13 +00:00
Graham Christensen
f4d5d6e73e mysql: 5.5.49 -> 5.5.50 for CVEs (#17160)
Problems include buffer overflows, null pointer dereferences, and
other bugfixes.

 - CVE-2016-3477
 - CVE-2016-3521
 - CVE-2016-3615
 - CVE-2016-5440

Details:
https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html
2016-07-23 01:13:28 +02:00
Robin Gloster
8031cba2ab Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-06-10 09:27:04 +00:00
Matthias Beyer
0ac6b862ac postgresql: 9.5.1 -> 9.5.3, potentially fixes CVE-2016-2193, CVE-2016-3065 2016-05-31 15:51:23 +02:00
Matthias Beyer
c5ab5b7750 postgresql94: 9.4.6 -> 9.4.7 2016-05-31 15:51:22 +02:00
Matthias Beyer
f62bd73225 postgresql93: 9.3.11 -> 9.3.12 2016-05-31 15:51:22 +02:00
Matthias Beyer
fe5e3c2e59 postgresql92: 9.2.15 -> 9.2.16 2016-05-31 15:51:22 +02:00
Matthias Beyer
8b5c712648 postgresql91: 9.1.20 -> 9.1.21 2016-05-31 15:51:22 +02:00
Robin Gloster
2d382f3d98 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-05-30 19:39:34 +00:00
Vladimír Čunát
81039713fa Merge branch 'master' into staging
... to get the systemd update (rebuilding ~7k jobs).
2016-05-26 16:50:22 +02:00
Tobias Geerinckx-Rice
fd0a4c3910
mysql55: 5.5.48 -> 5.5.49
Should fix CVE-2016-0666, -0648, -0647, -0643, and -0642. CC @vcunat.
2016-05-24 15:00:49 +02:00
Vladimír Čunát
c4661e9643 Merge: make dev output references explicit
This is a rebase of most commits from #14766,
resolving conflicts and a few other evaluation problems.
2016-05-22 12:09:23 +02:00
Vladimír Čunát
019e9a9aa6 Merge #15421: mariadb: wrap mysqld with --basedir 2016-05-20 10:50:13 +02:00
Tuomas Tynkkynen
8d473f107c treewide: Make explicit that 'dev' output of readline is used 2016-05-19 10:03:35 +02:00
Tuomas Tynkkynen
2a73de6e6c treewide: Make explicit that 'dev' output of openssl is used 2016-05-19 10:02:23 +02:00
Franz Pletz
f8d481754c
Merge remote-tracking branch 'origin/master' into hardened-stdenv 2016-05-18 17:10:02 +02:00
Sebastián Bernardo Galkin
edaecb41db
postgis: fix build after output splits
Fixes #15236

Two changes were needed:

- pg_config from postgresql package wasn't reporting the correct location for
the pgxs extension system, after the output split
- json_c is now split in dev and out outputs, postgis configure doesn't find the
library location properly

Closes #15470
2016-05-15 11:49:59 +02:00
Phil Wetzel
6ce89e174f mariadb: wrap mysqld with --basedir 2016-05-12 18:22:53 -04:00
Robin Gloster
9820cb1bf2 use dontBuild instead of hacks
changes:
 * buildPhase = "true"
 * buildPhase = ":"
2016-05-04 10:11:04 +00:00
Robin Gloster
d020caa5b2 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-04-18 13:49:22 +00:00
Arseniy Seroka
0b3827d04a Merge pull request #14772 from cleverca22/mariadb
mariadb: fix arm builds
2016-04-17 22:16:24 +03:00
Dan Peebles
5ced92f83b mariadb: fix build on darwin
My simplistic test seemed to work just fine, so I assume the
install_name_tool shenanigans became unnecessary at some point.
2016-04-17 14:49:25 -04:00
michael bishop
437468d5ea
mariadb: fix arm builds 2016-04-17 00:40:10 -03:00
Vladimír Čunát
d1df28f8e5 Merge 'staging' into closure-size
This is mainly to get the update of bootstrap tools.
Otherwise there were mysterious segfaults:
https://github.com/NixOS/nixpkgs/pull/7701#issuecomment-203389817
2016-04-07 14:40:51 +02:00
Robin Gloster
a73a28de7b fix grammar errors 2016-04-06 16:16:23 +00:00
Vladimír Čunát
ab15a62c68 Merge branch 'master' into closure-size
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
2016-04-01 10:06:01 +02:00
Domen Kožar
b07e7bfc7b Merge remote-tracking branch 'origin/staging' 2016-03-27 13:19:04 +01:00
Eelco Dolstra
523f4f2f69 mariadb: Disable parallel building again
It still fails intermittently on lex_token.h.

http://hydra.nixos.org/build/33571559
2016-03-23 20:11:07 +01:00
Johannes Bornhold
67b1acd989 mysql55: Allow to build on darwin 2016-03-18 14:23:14 +01:00
Graham Christensen
dbf41ebee7 mysql_jdbc: 5.1.32 -> 5.1.38 2016-03-14 20:16:30 -05:00
Thomas Tuegel
3ef7671cea ncurses: combine $lib and $out outputs
The $lib output refers to the terminfo database in $out, which is about
10x larger than the ncurses shared library. Splitting these outputs
saves a small amount of space for any derivations that use the terminfo
database but not the ncurses library, but we do not have evidence that
any such exist.
2016-03-08 11:35:24 -06:00
Vladimír Čunát
09af15654f Merge master into closure-size
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00