Commit Graph

1040 Commits

Author SHA1 Message Date
R. RyanTM
4bb61a3ba4 singularity: 2.5.1 -> 2.5.2
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/singularity/versions.

<details><summary>Version release notes (from GitHub)</summary>
Greetings Singularity containerizers!

This release contains fixes for a _high severity_ security issue affecting Singularity 2.3.0 through 2.5.1 on kernels that support overlay file systems (CVE-2018-12021). A malicious user with network access to the host system (e.g. ssh) could exploit this vulnerability to access sensitive information on disk and bypass directory image restrictions like those preventing the root file system from being mounted into the container.

Singularity 2.5.2 should be installed immediately, and all previous versions of Singularity should be removed. The vulnerability addressed in this release affects kernels that support overlayfs. If you are unable to upgrade immediately, you should set `enable overlay = no` in `singularity.conf`.

In addition, this release contains a large number of bug fixes.  Details follow:

## [Security related fixes](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12021)
 - Removed the option to use overlay images with `singularity mount`.  This
   flaw could allow a malicious user accessing the host system to access
   sensitive information when coupled with persistent ext3 overlay.
 - Fixed a race condition that might allow a malicious user to bypass directory
   image restrictions, like mounting the host root filesystem as a container
   image

## Bug fixes
 - Fix an error in malloc allocation #1620
 - Honor debug flag when pulling from docker hub #1556
 - Fix a bug with passwd abort #1580
 - Allow user to override singularity.conf "mount home = no" with --home option
   #1496
 - Improve debugging output #1535
 - Fix some bugs in bind mounting #1525
 - Define PR_(S|G)ET_NO_NEW_PRIVS in user space so that these features will
   work with kernels that implement them (like Cray systems) #1506
 - Create /dev/fd and standard streams symlinks in /dev when using minimal dev
   mount or when specifying -c/-C/--contain option #1420
 - Fixed * expansion during app runscript creation #1486

As always, please report any bugs to:
https://github.com/singularityware/singularity/issues/new</details>

These checks were done:

- built on NixOS
- /nix/store/3igwiqi311c18w13y5r7zrgpcnzylg9l-singularity-2.5.2/bin/singularity passed the binary check.
- Warning: no invocation of /nix/store/3igwiqi311c18w13y5r7zrgpcnzylg9l-singularity-2.5.2/bin/run-singularity had a zero exit code or showed the expected version
- 1 of 2 passed binary check by having a zero exit code.
- 0 of 2 passed binary check by having the new version present in output.
- found 2.5.2 with grep in /nix/store/3igwiqi311c18w13y5r7zrgpcnzylg9l-singularity-2.5.2
- directory tree listing: https://gist.github.com/ed6db09ad43a19c6abf2d35d15ef489c
- du listing: https://gist.github.com/9bd23f4d6ee86a9eb2ba7ec5c986741d
2018-07-07 16:41:51 -07:00
Silvan Mosberger
57bccb3cb8 treewide: http -> https sources (#42676)
* treewide: http -> https sources

This updates the source urls of all top-level packages from http to
https where possible.

* buildtorrent: fix url and tab -> spaces
2018-06-28 20:43:35 +02:00
Andrea Bedini
134eca9993 ecs-agent: 1.14.0 -> 1.18.0 (#42359) 2018-06-25 11:15:40 +02:00
R. RyanTM
593ab50d69 spice-vdagent: 0.17.0 -> 0.18.0 (#42204)
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/spice-vdagent/versions.

These checks were done:

- built on NixOS
- /nix/store/jn5icaw3pkbvyh2j34lqnx8w1ikqj7k2-spice-vdagent-0.18.0/bin/spice-vdagent passed the binary check.
- /nix/store/jn5icaw3pkbvyh2j34lqnx8w1ikqj7k2-spice-vdagent-0.18.0/bin/spice-vdagentd passed the binary check.
- 2 of 2 passed binary check by having a zero exit code.
- 0 of 2 passed binary check by having the new version present in output.
- found 0.18.0 with grep in /nix/store/jn5icaw3pkbvyh2j34lqnx8w1ikqj7k2-spice-vdagent-0.18.0
- directory tree listing: https://gist.github.com/b66bf12f870f109e97e063ee890be440
- du listing: https://gist.github.com/6bd67c42fafb9c4b45a004edcf1807fb
2018-06-24 19:08:31 +02:00
Jörg Thalheim
9da836dd03 rancher-compose: remove
I no longer use rancher and can test this derivation.
Also rancher-compose should have the same version as the rancher cluster
used. So it is better to be build by the user using it rather having a
random version in nixpkgs.
2018-06-21 11:11:41 +01:00
Kevin Liu
3e1acfd824 looking-glass-client: a10 -> a11 (#42098)
Requires new dependencies libconfig and nettle.
2018-06-17 18:33:32 +02:00
Bastian Köcher
4f33a90a5e virtualbox: Fixes build with Qt5.11 2018-06-12 16:42:29 +02:00
Sarah Brofeldt
c80e0fbb08 docker: Ensure references to go are removed from docker-containerd (#41849) 2018-06-11 19:45:34 +02:00
Ruben Maher
0b3f13d442 pkgs/qemu: tell qemu where to find smbd if smbdSupport is true (#41615) 2018-06-11 00:18:31 +02:00
Orivej Desh
b42cf67084 xen: enable parallel building 2018-06-09 07:22:29 +00:00
Matthew Justin Bauer
0135f04d77
Merge pull request #40242 from gnidorah/gvt
linux: enable support for iGVT-g VGPU
2018-06-01 23:14:35 -04:00
Orivej Desh
7cadf50be2 virtualbox: fix build after #28029 2018-05-29 23:16:51 +00:00
gnidorah
30dc291331 virt-viewer: support ALSA 2018-05-29 19:25:52 +03:00
John Ericson
8e891e6ed4 Merge remote-tracking branch 'upstream/master' into staging 2018-05-14 10:57:33 -04:00
xeji
66d204188b
virtmanager: add missing virt-install runtime deps (#40380)
virt-install calls some programs from initrdinject.py
that were missing on PATH
2018-05-13 19:58:10 +02:00
John Ericson
2c5d915200 Merge commit '92b7a814f26ee1d37e989431c18518c67285a332' into staging 2018-05-13 01:02:09 -04:00
obadz
f0057a2f27
Merge pull request #40313 from r-ryantm/auto-update/virtualbox
virtualbox: 5.2.10 -> 5.2.12
2018-05-12 14:35:38 +02:00
obadz
d4ec02fa7b Revert "Fix pci_get_bus_and_slot removed in kernel 4.17"
This reverts commit d25607c79d.

Reverted as part of #40313 based on commit author's comment:
https://github.com/NixOS/nixpkgs/pull/40313#issuecomment-388409185
2018-05-12 13:16:10 +01:00
Florian Klink
b6708a4c9a virtualbox: update extpack and guest additions checksums 2018-05-12 13:15:28 +01:00
John Ericson
ee4b56edd3 Merge remote-tracking branch 'upstream/master' into staging 2018-05-11 14:36:08 -04:00
Tim Steinbach
46440d3426
docker-edge: 18.04.0-ce -> 18.05.0-ce 2018-05-11 09:19:41 -04:00
R. RyanTM
2c591d6622 virtualbox: 5.2.10 -> 5.2.12
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/virtualbox/versions.

These checks were done:

- built on NixOS
- ran ‘/nix/store/6769l9s88jlcv3qgxpjsfr1ybkq3yvvb-virtualbox-5.2.12/bin/VBoxManage -h’ got 0 exit code
- ran ‘/nix/store/6769l9s88jlcv3qgxpjsfr1ybkq3yvvb-virtualbox-5.2.12/bin/VBoxManage --help’ got 0 exit code
- ran ‘/nix/store/6769l9s88jlcv3qgxpjsfr1ybkq3yvvb-virtualbox-5.2.12/bin/VBoxManage help’ got 0 exit code
- ran ‘/nix/store/6769l9s88jlcv3qgxpjsfr1ybkq3yvvb-virtualbox-5.2.12/bin/VBoxBalloonCtrl -h’ got 0 exit code
- ran ‘/nix/store/6769l9s88jlcv3qgxpjsfr1ybkq3yvvb-virtualbox-5.2.12/bin/VBoxBalloonCtrl --help’ got 0 exit code
- found 5.2.12 with grep in /nix/store/6769l9s88jlcv3qgxpjsfr1ybkq3yvvb-virtualbox-5.2.12
- directory tree listing: https://gist.github.com/f9bf852a0a8e6e0b4c44a9b68764850b
2018-05-10 21:10:34 -07:00
Frederik Rietdijk
a18b493e02 Merge master into staging 2018-05-09 10:48:01 +02:00
Justin Bedo
48808f1c93
singularity: add missing file dependency 2018-05-09 10:19:38 +10:00
Matthew Bauer
6748534d83 Merge remote-tracking branch 'upstream/master' into staging 2018-05-08 09:36:00 -05:00
scalavision
aad0a825f9 singularity: 2.4.6 -> 2.5.1 2018-05-08 10:40:10 +02:00
Florian Klink
70c57fe363 qemu: fix spaces in postInstall 2018-05-07 19:23:47 +03:00
Unknown
d25607c79d Fix pci_get_bus_and_slot removed in kernel 4.17 2018-05-05 11:22:32 +03:00
John Ericson
cf06e42d1c Merge remote-tracking branch 'upstream/master' into staging 2018-05-03 16:35:36 -04:00
Matthew Justin Bauer
eeb016e8f0
Merge branch 'staging' into fix-ncurses-darwin-extensions 2018-05-02 15:40:38 -05:00
xeji
cd0d2f448b
Merge pull request #39868 from r-ryantm/auto-update/remotebox
remotebox: 2.4 -> 2.5
2018-05-02 20:32:44 +02:00
R. RyanTM
a9f78307e6 remotebox: 2.4 -> 2.5
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/remotebox/versions.

These checks were done:

- built on NixOS
- ran ‘/nix/store/lqc90dpw05j8jvi8n0klma3cipg70h6l-remotebox-2.5/bin/remotebox -h’ got 0 exit code
- found 2.5 with grep in /nix/store/lqc90dpw05j8jvi8n0klma3cipg70h6l-remotebox-2.5
- directory tree listing: https://gist.github.com/52fb098e7f7315de708c331b65eadfb4
2018-05-02 10:11:10 -07:00
Florian Klink
0a80a37672 virtulabox: update guest additions hash
missed in 8eb3167e2e
2018-05-02 08:55:08 +02:00
xeji
f50e688816
Merge pull request #39663 from xeji/xen-4-10-memfd
xen_4_10: fix qemu-xen build error (memfd)
2018-05-02 05:29:43 +02:00
Florian Klink
8eb3167e2e virtualbox: 5.2.8 -> 5.2.10
closes #39182.
2018-05-01 22:50:19 +02:00
Matthew Justin Bauer
a1664a4c53
Merge pull request #39549 from r-ryantm/auto-update/containerd
containerd: 1.0.3 -> 1.1.0
2018-05-01 10:24:34 -05:00
xeji
8b6fe6680f
Merge pull request #39513 from xeji/qemu-2-12
qemu: 2.11.1 -> 2.12.0
2018-04-29 18:41:18 +02:00
xeji
3c4efe448d xen_4_10: fix build (qemu-xen memfd patch) 2018-04-29 00:58:50 +02:00
xeji
00610fe090 qemu-riscv: remove, obsolete with qemu 2.12
upstream qemu 2.12 includes riscv support
2018-04-26 18:15:21 +02:00
Will Dietz
3d4aa7e95d qemu: workaround 'struct sysinfo' conflict musl <--> linux
Most everyone using musl patches the linux headers instead,
but various software uses a local workaround like the
one added in this commit (psutils, for example).

It's not obvious to me which project has the "bug",
and I'm reluctant to even propose modifying our headers
without clear answer on the issue.

Also, modifying those headers triggers rebuild-all-the-things.

Hopefully upstream projects sort this out, in the meantime
adding this define is a bit of a kludge but does the job.

-------

For the curious, the patch usually is something like this:
https://patchwork.kernel.org/patch/3833241/

Here's an updated version that also ensures
kernel users get the sysinfo struct as expected too:
https://raw.githubusercontent.com/openwrt/openwrt/e3c43ade0bae9491aeea50fa361e846bb5002dc0/target/linux/generic/pending-4.14/270-uapi-kernel.h-glibc-specific-inclusion-of-sysinfo.h.patch

(cherry picked from commit dtzWill/nixpkgs@91b5f5a463)
2018-04-26 17:58:16 +02:00
R. RyanTM
8a3cdb993d containerd: 1.0.3 -> 1.1.0
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/containerd/versions.

These checks were done:

- built on NixOS
- ran ‘/nix/store/lmnlz9w8fhf71pxl7wlhv9vsv4k3bnxd-containerd-1.1.0/bin/containerd -h’ got 0 exit code
- ran ‘/nix/store/lmnlz9w8fhf71pxl7wlhv9vsv4k3bnxd-containerd-1.1.0/bin/containerd --help’ got 0 exit code
- ran ‘/nix/store/lmnlz9w8fhf71pxl7wlhv9vsv4k3bnxd-containerd-1.1.0/bin/containerd help’ got 0 exit code
- ran ‘/nix/store/lmnlz9w8fhf71pxl7wlhv9vsv4k3bnxd-containerd-1.1.0/bin/containerd-release -h’ got 0 exit code
- ran ‘/nix/store/lmnlz9w8fhf71pxl7wlhv9vsv4k3bnxd-containerd-1.1.0/bin/containerd-release --help’ got 0 exit code
- ran ‘/nix/store/lmnlz9w8fhf71pxl7wlhv9vsv4k3bnxd-containerd-1.1.0/bin/containerd-release help’ got 0 exit code
- ran ‘/nix/store/lmnlz9w8fhf71pxl7wlhv9vsv4k3bnxd-containerd-1.1.0/bin/ctr -h’ got 0 exit code
- ran ‘/nix/store/lmnlz9w8fhf71pxl7wlhv9vsv4k3bnxd-containerd-1.1.0/bin/ctr --help’ got 0 exit code
- ran ‘/nix/store/lmnlz9w8fhf71pxl7wlhv9vsv4k3bnxd-containerd-1.1.0/bin/ctr help’ got 0 exit code
- found 1.1.0 with grep in /nix/store/lmnlz9w8fhf71pxl7wlhv9vsv4k3bnxd-containerd-1.1.0
- directory tree listing: https://gist.github.com/7b4a990853acfbf946f8abe02582f41d
2018-04-26 06:18:41 -07:00
Tim Steinbach
e0ad325cd4
docker: 18.03.0 -> 18.03.1 2018-04-26 08:02:21 -04:00
adisbladis
d479f3aa8e
Merge pull request #39521 from r-ryantm/auto-update/tini
tini: 0.17.0 -> 0.18.0
2018-04-26 15:29:54 +08:00
R. RyanTM
518eca8256 tini: 0.17.0 -> 0.18.0
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/tini/versions.

These checks were done:

- built on NixOS
- ran ‘/nix/store/h0h2qyxwrvsjy47m1xyv7sxzd2j0ilsi-tini-0.18.0/bin/tini -h’ got 0 exit code
- ran ‘/nix/store/h0h2qyxwrvsjy47m1xyv7sxzd2j0ilsi-tini-0.18.0/bin/tini --version’ and found version 0.18.0
- found 0.18.0 with grep in /nix/store/h0h2qyxwrvsjy47m1xyv7sxzd2j0ilsi-tini-0.18.0
- directory tree listing: https://gist.github.com/c992fd0a24dfc0365d6b62ac567d395c
2018-04-25 21:45:09 -07:00
xeji
3e3b39f173 qemu: 2.11.1 -> 2.12.0 2018-04-26 01:41:53 +02:00
John Ericson
ba52ae5048 treewide: isArm -> isAarch32
Following legacy packing conventions, `isArm` was defined just for
32-bit ARM instruction set. This is confusing to non packagers though,
because Aarch64 is an ARM instruction set.

The official ARM overview for ARMv8[1] is surprisingly not confusing,
given the overall state of affairs for ARM naming conventions, and
offers us a solution. It divides the nomenclature into three levels:

```
ISA:             ARMv8   {-A, -R, -M}
                 /    \
Mode:     Aarch32     Aarch64
             |         /   \
Encoding:   A64      A32   T32
```

At the top is the overall v8 instruction set archicture. Second are the
two modes, defined by bitwidth but differing in other semantics too, and
buttom are the encodings, (hopefully?) isomorphic if they encode the
same mode.

The 32 bit encodings are mostly backwards compatible with previous
non-Thumb and Thumb encodings, and if so we can pun the mode names to
instead mean "sets of compatable or isomorphic encodings", and then
voilà we have nice names for 32-bit and 64-bit arm instruction sets
which do not use the word ARM so as to not confused either laymen or
experienced ARM packages.

[1]: https://developer.arm.com/products/architecture/a-profile
2018-04-25 15:28:55 -04:00
Jan Malakhovski
7438083a4d tree-wide: disable doCheck and doInstallCheck where it fails (the trivial part) 2018-04-25 04:18:46 +00:00
Daiderd Jordan
bca24c02ac
qemu: fix darwin build 2018-04-24 00:19:34 +02:00
Jörg Thalheim
942bc44c55
Merge pull request #39196 from r-ryantm/auto-update/singularity
singularity: 2.4.5 -> 2.4.6
2018-04-21 19:23:59 +01:00
xeji
5be6943696 qemu: add separate output for qemu-ga guest agent 2018-04-20 11:05:50 +02:00