Graham Christensen
37bc2c0bbf
broadcom-sta: Support linux-4.8
2016-10-15 08:06:30 -04:00
Tim Steinbach
b43c0dab8e
conky: 1.10.3 -> 1.10.5
2016-10-14 23:16:45 -04:00
Daniel Peebles
9615afa04b
Merge pull request #19517 from dipinhora/darwin-yosemite-support
...
Re-enable support for OS X 10.10 for darwin.
2016-10-13 22:46:33 -04:00
Franz Pletz
f30f7d0cff
powertop: add homepage, cleanup
2016-10-14 00:02:30 +02:00
dipinhora
6152c1ea7f
Re-enable support for OS X 10.10 for darwin.
2016-10-13 11:09:37 -04:00
Graham Christensen
88a47f1950
Merge pull request #19467 from grahamc/nvidia-x11-master
...
nvidia-x11: 367.35 -> 367.57
2016-10-12 19:07:29 -04:00
Daniel Peebles
77d1fb94f1
Merge pull request #19470 from copumpkin/fix-sierra
...
Fix Darwin stdenv to work on Sierra
2016-10-12 19:04:03 -04:00
Dan Peebles
d8a0307a5d
[darwin.stdenv] Fix to work on Sierra
...
This reinstates the libSystem selective symbol export machinery we used
to have, but locks it to the symbols that were present in 10.11 and skips
the actual compiled code we put into that library in favor of the system
initialization code. That should make it more stable and less likely to
do weird stuff than the last time we did this.
2016-10-12 00:08:13 -04:00
Graham Christensen
b98c0a668e
nvidia-x11: 367.35 -> 367.57
2016-10-11 19:43:58 -04:00
Vladimír Čunát
9d1dfc9ed0
Merge #18861 : add AMDGPU-PRO driver
2016-10-11 19:57:30 +02:00
David McFarland
3b4ce62451
amdgpu-pro: Init at 16.30.3-315407
2016-10-11 14:19:38 -03:00
Joachim Fasting
ce73a3ea0f
grsecurity: 4.7.6-201609301918 -> 4.7.7-201610101902
2016-10-11 13:15:16 +02:00
Eelco Dolstra
88f10ad409
aggregateModules: Preserve kernel's modules.{builtin,order}
...
Fixes #19426 .
2016-10-11 11:42:41 +02:00
sternenseemann
3fb2993cb3
maintainers: rename lukasepple according to github account name
2016-10-09 22:04:22 +02:00
Aneesh Agrawal
f0602d2d36
kernel: Make SECURITY_YAMA optional
...
It's highly recommended, but not required to run NixOS.
2016-10-08 17:46:33 +02:00
Aneesh Agrawal
a000ed181c
linux config: enable the Yama LSM ( #14392 )
...
The Yama Linux Security Module restricts the use of ptrace so that
processes cannot ptrace processes that are not their children. This
prevents attackers from compromising one user-level processes and
snooping on the memory and runtime state of other processes owned
by the same user.
2016-10-08 16:40:12 +02:00
Tim Steinbach
a699eb4798
linux: 4.4.23 -> 4.4.24 ( #19346 )
2016-10-08 07:02:07 +02:00
Tim Steinbach
9481edec56
linux: 4.7.6 -> 4.7.7 ( #19345 )
2016-10-08 07:01:51 +02:00
Tim Steinbach
07e67b33af
linux: 4.8.0 -> 4.8.1 ( #19344 )
2016-10-08 07:01:27 +02:00
Marco Maggesi
435673b948
Revert "Revert "linux*: remove 3.14, as it's no longer maintained""
...
In the end, it is too dangerous to have an unmaintained kernel in
nixpkgs. Revert the revert.
This reverts commit e921725176
.
2016-10-07 23:26:32 +02:00
Marco Maggesi
e921725176
Revert "linux*: remove 3.14, as it's no longer maintained"
...
This is the simplest way to reenable the use of BLCR
(which at present requires linux version >3.12 <3.18)
until we find a better solution.
This reverts commit 6a9e765e27
.
2016-10-07 14:31:24 +02:00
Jude Taylor
3dee596ed1
reinstate libiconv/libcharset wrapper
2016-10-06 11:56:32 -07:00
Thomas Tuegel
2e255a2edd
Merge branch 'staging'
2016-10-06 09:51:02 -05:00
Eelco Dolstra
a8b61b0aad
Merge pull request #19278 from anderspapitto/local
...
perf: add dependency on libaudit
2016-10-06 11:45:54 +02:00
Anders Papitto
aa44330963
perf: add dependency on libaudit
...
the `trace` subcommand of perf is only enabled when libaudit is
available at compile time
2016-10-05 17:59:44 -07:00
Jörg Thalheim
638d4b4d71
Merge pull request #19265 from Mic92/rtkit
...
rtkit: apply security relevant patch
2016-10-06 00:07:35 +02:00
Eelco Dolstra
f084274eeb
Merge pull request #19251 from groxxda/patch-2
...
kernel: Disable RT_GROUP_SCHED
2016-10-05 20:05:18 +02:00
Vladimír Čunát
30f551d8b2
Merge branch 'master' into staging
2016-10-05 19:02:48 +02:00
Jörg Thalheim
c684eb756a
rtkit: *security* Pass uid of caller to polkit
...
Otherwise, we force polkit to look up the uid itself in /proc, which is racy if
they execve() a setuid binary.
2016-10-05 18:11:02 +02:00
Alexander Ried
96fbdf8594
kernel: Disable RT_GROUP_SCHED
...
Follow systemd recommendation
fd74fa791f/README (L96-L103)
2016-10-05 12:52:45 +02:00
Alexander Ried
4e91e8cb3d
rtkit: add patch from debian to remove ControlGroup stanza
...
fixes log clutter:
systemd[1]: [/nix/store/....-rtkit-0.11/etc/systemd/system/rtkit-daemon.service:32] Unknown lvalue 'ControlGroup' in section 'Service'
2016-10-05 11:23:11 +02:00
Thomas Tuegel
d067b7bd35
Merge branch 'kde-5' into staging
2016-10-04 21:50:17 -05:00
Shea Levy
e54313d183
Revert "Revert "Linux 4.8""
...
Now featuring @aszlig's modinst_arg_list_too_long patch.
This reverts commit 43bedb970d
.
Fixes #19213
2016-10-04 10:10:36 -04:00
Shea Levy
43bedb970d
Revert "Linux 4.8"
...
This reverts commit e4958d54b1
.
2016-10-03 22:04:43 -04:00
Vladimír Čunát
1525568c74
util-linux: fixup patch hash from grandparent merge
...
And name the file, too.
2016-10-03 23:06:51 +02:00
Jörg Thalheim
45f64a37c9
Merge pull request #19175 from Mic92/util-linux
...
util-linux: workaround CVE-2016-2779
2016-10-03 22:53:21 +02:00
Jörg Thalheim
888f6a1280
Merge pull request #19199 from wizeman/u/fix-help2man-hash
...
help2man: fix hash
2016-10-03 19:26:44 +02:00
Franz Pletz
beca8946ee
jool: 3.4.5 -> 3.5.0
2016-10-03 18:25:28 +02:00
Shea Levy
e4958d54b1
Linux 4.8
2016-10-03 08:45:45 -04:00
Eric Sagnes
58d44a376e
wireguard: 2016-08-08 -> 2016-10-01
2016-10-03 17:06:11 +09:00
Jörg Thalheim
ba00ba65eb
util-linux: workaround CVE-2016-2779
...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779
2016-10-03 08:49:56 +02:00
Joachim Fasting
9a9237e0aa
grsecurity: revamp nixos kernel config
...
Cleanup:
- Restructure & add some commentary
- Remove redundant option specs given the auto config
constraints (some are left in for documentation purposes)
Changes:
- GRKERNSEC_CONFIG_VIRT_HOST -> GUEST
The former deselects paravirtualization and friends
- PAX_LATENT_ENTROPY n -> y (implied by auto)
- GRKERNSEC_ACL_HIDEKERN y -> n
Possibly useless with redistribution
2016-10-02 19:25:58 +02:00
Joachim Fasting
1bb7b44cd7
grsecurity: make GRKERNSEC y and PAX y implicit
...
These options should always be specified. Note, an implication of this
change is that not specifying any grsec/PaX options results in a build
failure.
2016-10-02 19:25:58 +02:00
Tuomas Tynkkynen
19225bf5cc
Merge remote-tracking branch 'upstream/master' into staging
2016-10-02 10:36:47 +03:00
Tuomas Tynkkynen
f5dd3a703d
treewide: Fix more lib.optional misuses
2016-10-02 00:44:10 +03:00
Aneesh Agrawal
fcee1d0b28
Remove redundant -DCMAKE_BUILD_TYPE=Release flags
...
Since commit 183d05a0
in 2012, this is the default.
fixes #18000
2016-10-01 16:13:41 +02:00
Joachim Fasting
2ec9a1a955
grsecurity: 4.7.5-201609261522 -> 4.7.6-201609301918
2016-10-01 08:47:30 +02:00
Joachim Fasting
22108b7a10
linux_4_7: 4.7.5 -> 4.7.6
2016-10-01 08:46:31 +02:00
Eelco Dolstra
613a12a8bd
linux: 4.4.22 -> 4.4.23
2016-09-30 14:41:19 +02:00
Eelco Dolstra
8b09ba32d3
systemd: Apply various upstream bug fixes
...
This includes the fix for the assertion failure in
https://github.com/systemd/systemd/issues/4234 .
2016-09-30 11:23:51 +02:00