Commit Graph

85708 Commits

Author SHA1 Message Date
zimbatm
bc6b93511f Merge pull request #16377 from aszlig/improve-escape-shell-arg
lib: Make escapeShellArg more robust
2016-06-21 14:32:45 +01:00
Bjørn Forsman
6536804848 autorevision: init at 1.14
A shell script for extracting revision information useful in
release/build scripting from repositories.
2016-06-21 15:23:34 +02:00
zimbatm
6596d1eb61 Merge pull request #16389 from mcmtroffaes/feature/wolfssl-3.9.6
wolfssl: 3.9.0 -> 3.9.6, split package
2016-06-21 14:22:44 +01:00
zimbatm
afbba2bffa Merge pull request #16384 from Ericson2314/top-level-to-path
top-level: builtins.toPath no longer needed
2016-06-21 14:21:01 +01:00
Edward Tjörnhammar
f3950f712f
i2pd: 2.7.0 -> 2.8.0
Signed-off-by: Edward Tjörnhammar <ed@cflags.cc>
2016-06-21 15:03:59 +02:00
Frederik Rietdijk
832ac8479b Merge pull request #16049 from teh/master
Update several python packages
2016-06-21 14:45:10 +02:00
Miguel Madrid
4c454fed33 texmaker: 4.4.1 -> 4.5 (#16359) 2016-06-21 14:32:03 +02:00
Frederik Rietdijk
39043e4d6e Merge pull request #16239 from Ralith/matrix-synapse
matrix-synapse: 0.14 -> 0.16
2016-06-21 14:30:33 +02:00
Frederik Rietdijk
8ef747baed Merge pull request #16334 from artuuge/theano_cudnn
Theano-cuda: init at 0.8.2
2016-06-21 14:26:51 +02:00
Matthias C. M. Troffaes
c227201955 wolfssl: 3.9.0 -> 3.9.6, split package 2016-06-21 13:22:06 +01:00
Gabriel Ebner
0a8e613cea aspino: init at 2016-01-31 2016-06-21 13:55:28 +02:00
Gabriel Ebner
8f84a5cb08 glucose, glucose-syrup: init at 4.0 2016-06-21 13:26:51 +02:00
wrb
22a7f3a849 youtube-dl: 2016.05.21.2 -> 2016.06.19.1 (#16338) 2016-06-21 13:12:36 +02:00
Benjamin Saunders
8e47786c0e coturn: init at 4.5.0.3 (#16284) 2016-06-21 12:59:29 +02:00
Peter Simons
bc08bef615 Merge pull request #16382 from Ericson2314/morgue
Remove misc dead code
2016-06-21 11:54:14 +02:00
Edward Tjörnhammar
e945646be3
idea: make jdk overrideable using .override
Signed-off-by: Edward Tjörnhammar <ed@cflags.cc>
2016-06-21 11:09:50 +02:00
John Ericson
98b9403a22 top-level: builtins.toPath no longer needed 2016-06-21 00:19:00 -07:00
John Ericson
7cbf4a56f7 Remove dead pkgs/development/compilers/ghc/with-packages.nix
Superseded by `/pkgs/development/haskell-modules/with-packages-wrapper.nix`
2016-06-20 23:53:09 -07:00
John Ericson
5b7bdb2861 Remove more dead code: stdenvDarwinNaked no longer exists 2016-06-20 23:53:09 -07:00
John Ericson
47d95a7571 Remove dead code in stdenvCross adaptor 2016-06-20 23:53:09 -07:00
Gabriel Ebner
9c5588e99f spass: 3.7 -> 3.9 2016-06-21 08:18:20 +02:00
Gabriel Ebner
e5740b2e8e Merge pull request #16378 from vrthra/screen
screen: 4.3.1 -> 4.4.0
2016-06-21 07:51:00 +02:00
Joachim Fasting
b07051ce6c Merge pull request #16369 from Baughn/factorio
factorio: Bump to 0.12.35
2016-06-21 02:00:52 +02:00
Pascal Wittmann
5844bc63df Merge pull request #16372 from mimadrid/update/filezilla-3.18.0
filezilla: 3.17.0.1 -> 3.18.0
2016-06-21 01:27:36 +02:00
Rahul Gopinath
64260e70f2 screen: 4.3.1 -> 4.4.0
Removed the patches which were specific to 4.3, and redundant configure flags
The darwin specific utmp patch seems to have been accepted too, with
`u->ut_time = now` the default.
2016-06-20 15:24:32 -07:00
aszlig
df475092e9
lib: Make escapeShellArg more robust
Quoting various characters that the shell *may* interpret specially is a
very fragile thing to do.

I've used something more robust all over the place in various Nix
expression I've written just because I didn't trust escapeShellArg.

Here is a proof of concept showing that I was indeed right in
distrusting escapeShellArg:

with import <nixpkgs> {};

let
  payload = runCommand "payload" {} ''
    # \x00 is not allowed for Nix strings, so let's begin at 1
    for i in $(seq 1 255); do
      echo -en "\\x$(printf %02x $i)"
    done > "$out"
  '';

  escapers = with lib; {
    current = escapeShellArg;
    better = arg: let
      backslashEscapes = stringToCharacters "\"\\ ';$`()|<>\r\t*[]&!~#";
      search = backslashEscapes ++ [ "\n" ];
      replace = map (c: "\\${c}") backslashEscapes ++ [ "'\n'" ];
    in replaceStrings search replace (toString arg);
    best = arg: "'${replaceStrings ["'"] ["'\\''"] (toString arg)}'";
  };

  testWith = escaper: let
    escaped = escaper (builtins.readFile payload);
  in runCommand "test" {} ''
    if ! r="$(bash -c ${escapers.best "echo -nE ${escaped}"} 2> /dev/null)"
    then
      echo bash eval error > "$out"
      exit 0
    fi
    if echo -n "$r" | cmp -s "${payload}"; then
      echo success > "$out"
    else
      echo failed > "$out"
    fi
  '';

in runCommand "results" {} ''
  echo "Test results:"
  ${lib.concatStrings (lib.mapAttrsToList (name: impl: ''
    echo "  ${name}: $(< "${testWith impl}")"
  '') escapers)}
  exit 1
''

The resulting output is the following:

Test results:
  best: success
  better: success
  current: bash eval error

I did the "better" implementation just to illustrate that the method of
quoting only "harmful" characters results in madness in terms of
implementation and performance.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @edolstra, @zimbatm
2016-06-20 23:53:36 +02:00
Peter Simons
99c6c9d42f Merge pull request #16370 from rasendubi/haskell-hoogle
haskell-hoogle: adapt to GHC docs split
2016-06-20 23:52:47 +02:00
mimadrid
d7695b790f
filezilla: 3.17.0.1 -> 3.18.0 2016-06-20 22:48:23 +02:00
mimadrid
baab0ff6d3
libfilezilla: 0.5.1 -> 0.5.3 2016-06-20 22:46:41 +02:00
obadz
fb6b4860c7 xl2tpd: add nixos module for service
(required adding execv to libredirect)
2016-06-20 21:41:59 +01:00
obadz
c8d3b166f5 network-manager/l2tp: add workaround for https://github.com/xelerance/xl2tpd/issues/108 2016-06-20 21:41:59 +01:00
Gabriel Ebner
cbb0effa6e wget: 1.17.1 -> 1.18
Fixes #16368.
2016-06-20 22:15:46 +02:00
Alexey Shmalko
87aa864ff9
haskell-hoogle: adapt to GHC docs split
The docs were split at #16167 and broke google support. @peti fixed
build, however hoogle still didn't see packages shipped with GHC. This
patch fixes location of the libraries shipped with GHC.
2016-06-20 22:52:20 +03:00
Svein Ove Aas
7a37c1b6c3 factorio: Disable automatic updates 2016-06-20 20:21:58 +01:00
Svein Ove Aas
989990b3b7 factorio: Bump to 0.12.35 2016-06-20 20:15:52 +01:00
Arseniy Seroka
f529432ca5 Merge pull request #16349 from telotortium/ssh-ident
ssh-ident: init at 2016-04-21
2016-06-20 22:04:57 +03:00
Tobias Geerinckx-Rice
ffd2afd89d
dub: 0.9.25 -> 1.0.0 2016-06-20 19:34:19 +02:00
aszlig
9728554c4f
Merge pull request #16099 (Chromium update)
The changes contain an update of the stable channel (along with beta and
dev as well) fixing 18 security vulnerabilities:

http://googlechromereleases.blogspot.de/2016/06/stable-channel-update.html
http://googlechromereleases.blogspot.de/2016/06/stable-channel-update_6.html
http://googlechromereleases.blogspot.de/2016/06/stable-channel-update_16.html

I've built and tested this at the following evaluation on my Hydra:

https://headcounter.org/hydra/eval/324449
2016-06-20 18:43:41 +02:00
Michael Raskin
ca495a53a5 tptp: fix hash 2016-06-20 18:38:08 +02:00
Gabriel Ebner
0d9bb144d9 dstat: 0.7.2 -> 0.7.3 2016-06-20 18:08:31 +02:00
Gabriel Ebner
05a89a6512 goldendict: 1.5.0.ec86515 -> 1.5.0.rc2 2016-06-20 17:59:37 +02:00
Peter Simons
06d3636596 git-annex: update sha256 hash 2016-06-20 17:01:36 +02:00
Peter Simons
1178ccf085 hackage-packages.nix: update Haskell package set
This update was generated by hackage2nix v20160613-7-g3089457 using the following inputs:

  - Hackage: 08c95c9ddf
  - LTS Haskell: 2a2cddb443
  - Stackage Nightly: 5f88469291
2016-06-20 17:01:36 +02:00
Bjørn Forsman
099d3dc43b microscheme: 0.9.2 -> 0.9.3 2016-06-20 16:29:23 +02:00
Tobias Geerinckx-Rice
bcde5c3353
ganttproject-bin: init at 2.7.2-r1954 2016-06-20 16:04:36 +02:00
Tobias Geerinckx-Rice
5dd3dbdec4
geolite-legacy: 2016-06-13 -> 2016-06-20 2016-06-20 15:58:56 +02:00
Vladimír Čunát
8bf002daac libcxx-3.8: apply Darwin-specific patch only on Darwin
... to better decouple different platforms (in future).
2016-06-20 15:17:41 +02:00
Vladimír Čunát
c67e08e1af Merge #16323: llvmPackages_38 fixes 2016-06-20 15:17:40 +02:00
Eelco Dolstra
c51af01325 apache-httpd: 2.4.18 -> 2.4.20
CVE-2016-1546
2016-06-20 15:17:12 +02:00
obadz
d7960ef4a0 libreoffice: default to (and have hydra build) still rather than fresh
fresh users were experiencing lots of segfaults.

Closes #15825
2016-06-20 13:58:07 +01:00