Commit graph

5667 commits

Author SHA1 Message Date
obadz
ba50fd7170 Merge branch 'master' into staging 2016-08-22 01:18:11 +01:00
Tim Steinbach
175028582c
linux: 4.7.1 -> 4.7.2 2016-08-21 13:56:45 +00:00
Daiderd Jordan
a9e913ffbf
darwin.security_tool: fix for gnustep makefiles 2016-08-20 13:43:58 +02:00
Daiderd Jordan
0ec2ba9497
darwin.libsecurity: fix for gnustep makefiles 2016-08-20 13:32:10 +02:00
Mikael Brockman
1f50e2412f libselinux: fix Python binding
Applies unreleased patch from upstream.
2016-08-19 19:06:25 +03:00
Nikolay Amiantov
2abe917f18 kmod: 22 -> 23, add /lib/modules to module directories 2016-08-19 17:57:08 +03:00
Nikolay Amiantov
ff22705793 treewide: replace several /sbin paths by /bin 2016-08-19 17:56:45 +03:00
Nikolay Amiantov
30c9aa2698 kmod: add patch to allow searching for modules in several directories 2016-08-19 17:56:39 +03:00
obadz
1047ed49d9 Merge branch 'master' into staging
Conflicts: pkgs/os-specific/linux/kmod/default.nix cc @abbradar
2016-08-19 15:28:58 +01:00
Tuomas Tynkkynen
bd68309643 kernel config: Enable SECCOMP
This is used by systemd >= 231 and is not enabled in the ARM
multiplatform defconfig.
2016-08-18 16:33:46 +03:00
Joachim Fasting
66a3f0e988
gradm: 3.1-201607172312 -> 3.1-201608131257 2016-08-17 15:19:33 +02:00
Joachim Fasting
ba20363f11
grsecurity: 4.7-201608151842 -> 4.7.1-201608161813 2016-08-17 15:19:27 +02:00
Franz Pletz
2571438988 linux: 4.7 -> 4.7.1 2016-08-17 05:46:00 +02:00
Franz Pletz
7a4407461b linux: 4.6.6 -> 4.6.7
Fixes CVE-2016-5696.
2016-08-17 05:45:59 +02:00
Franz Pletz
da95fb368c linux: 4.4.17 -> 4.4.18
Fixes CVE-2016-5696.
2016-08-17 05:45:59 +02:00
Franz Pletz
2104d28bcd linux: 4.1.27 -> 4.1.30
Fixes CVE-2016-5696.
2016-08-17 05:45:59 +02:00
Frederik Rietdijk
5a501bd828 Remove top-level dbus_python and pythonDBus.
See #11567.

Furthermore, it renames pythonPackages.dbus to pythonPackages.dbus-
python as that's the name upstream uses.

There is a small rebuild but I couldn't figure out the actual cause.
2016-08-16 22:52:37 +02:00
Domen Kožar
40da4e6ce7 fix eval 2016-08-16 22:30:15 +02:00
Robert Helgesson
f396a0b4d0
hd-idle: init at 1.05 2016-08-16 21:59:14 +02:00
Joachim Fasting
d82ddd6dc0
grsecurity: 4.7-201608131240 -> 4.7-201608151842 2016-08-16 17:50:37 +02:00
Joachim Fasting
b1cceeda84
grsecurity: enable pax size overflow plugin 2016-08-16 17:50:36 +02:00
Joachim Fasting
3fcb9e6f57
grsecurity: support non-enforcing mode
Until we've made sure that most things actually work out of the box, we
need to give people a way of continuing to use the system without
completely disabling grsecurity.

Set sysctl kernel.pax.softmode=1 or boot with pax.softmode=1
2016-08-16 17:50:36 +02:00
Robin Gloster
33e1c78ae3 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-16 07:54:01 +00:00
Nikolay Amiantov
081ac25dc6 kmod: 22 -> 23, add /lib/modules to module directories 2016-08-16 02:42:19 +03:00
Shea Levy
9adad8612b Revert "Merge branch 'modprobe-fix' of git://github.com/abbradar/nixpkgs"
Was meant to go into staging, sorry

This reverts commit 57b2d1e9b0, reversing
changes made to 760b2b9048.
2016-08-15 19:05:52 -04:00
Shea Levy
57b2d1e9b0 Merge branch 'modprobe-fix' of git://github.com/abbradar/nixpkgs 2016-08-15 19:01:44 -04:00
Nikolay Amiantov
1afd250676 treewide: replace several /sbin paths by /bin 2016-08-16 00:19:25 +03:00
Nikolay Amiantov
131fca0a85 kmod: add patch to allow searching for modules in several directories 2016-08-16 00:19:25 +03:00
Joachim Fasting
9062c67914
grsecurity: 4.6.5-201607312210 -> 4.7-201608131240 2016-08-15 20:36:46 +02:00
Moritz Ulrich
21df40f85f systemd-cryptsetup-generator: Fix bug.
The annoying wrapper script also wraps `systemd-cryptsetup`. We need to
copy the original binary to $out too.
2016-08-15 12:42:44 +02:00
Nikolay Amiantov
5b296a1470 Merge branch 'master' into staging 2016-08-15 10:34:28 +03:00
Franz Pletz
64c79e8526 linux: 4.6.5 -> 4.6.6 2016-08-15 04:28:08 +02:00
Franz Pletz
2a8718fb0b linux_4_5: remove, not support by upstream anymore 2016-08-15 04:28:02 +02:00
Robin Gloster
a37d695c95 linuxPackages.spl: remove unnecessary substituteInPlace
`substituteInPlace` was operating on a non-existant file.
Updated to use `autoreconfHook`.
2016-08-14 22:55:21 +00:00
Dan Peebles
ea34fe82bc swift-corefoundation: some cleanup
I upstreamed some patches so I'm using those now
2016-08-14 18:22:19 -04:00
Dan Peebles
4705a9a6c1 swift-corefoundation: actually remove spurious dependency 2016-08-14 17:42:03 -04:00
Dan Peebles
6cf13bfe66 swift-corefoundation: remove spurious buildInput
libpthread is part of libSystem, so there's no need to depend on it
explicitly
2016-08-14 17:40:05 -04:00
Dan Peebles
1861744e7c swift-corefoundation: init
This currently only produces a static library, but is a start :) soon we
might be able to incorporate it into our stdenv, but we need to get the
build system to produce a proper .framework first.
2016-08-14 17:35:44 -04:00
Dan Peebles
98b5e3a531 darwin.libpthread: fix messed-up header
We don't actually need the private headers and the private qos.h was
overwriting the public one, causing weird issues downstream (especially
with Swift's CoreFoundation)
2016-08-14 17:34:55 -04:00
Michele Guerini Rocco
7522de2f4b btfs: 2.10 -> 2.11 (#17737)
(cherry picked from commit 340a9571f5)
2016-08-14 21:14:20 +00:00
Robin Gloster
a6c5638565 Revert "btfs: 2.10 -> 2.11 (#17737)"
This reverts commit 340a9571f5.
2016-08-14 21:12:21 +00:00
Michele Guerini Rocco
340a9571f5 btfs: 2.10 -> 2.11 (#17737) 2016-08-14 22:48:56 +02:00
Nikolay Amiantov
3e84cbc4ca autofs5: 5.1.1 -> 5.1.2 2016-08-14 22:39:18 +03:00
Nikolay Amiantov
c60deb0266 quote homepages for better clickability
Done while I was traversing packages which I maintain to save extra clicks on
urxvt (it captures semicolon as a part of URL).
2016-08-14 22:37:10 +03:00
Nikolay Amiantov
b30f4e5e4f android-udev-rules: 2016-04-26 -> 20160805 2016-08-14 22:37:10 +03:00
Dan Peebles
948b7f23bb darwin.{xnu, Libc}: 10.9 -> 10.11
I can't submit this in smaller units because the various components all
depend on one another during the stdenv bootstrap, so I think this is
the smallest sensible change I can make.

I also removed the symbol-hiding shenanigans in Libsystem. It might mess
up compatibility with 10.9 but I don't really want to support the added
complexity and I see little evidence of anyone else wanting to support
it. If someone cares, we might be able to revive compatibility, but for
now it'll stay like this.
2016-08-14 12:53:33 -04:00
Eric Sagnes
f0fef4defb wireguard-unstable: 2016-07-22 -> 2016-08-08 (#17727) 2016-08-14 10:47:16 +00:00
Robin Gloster
99cb230b47 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-14 09:09:20 +00:00
Robin Gloster
8071cafe66 linuxPackages.rtl8812au: fix build 2016-08-14 08:59:55 +00:00
Robin Gloster
2676cf9525 linuxPackages.lttng-modules: fix build 2016-08-14 08:59:19 +00:00
Domen Kožar
a7f8787dbd Merge pull request #17705 from womfoo/bump/hwdata-0.291
hwdata: 0.276 -> 0.291
2016-08-13 17:00:08 +02:00
Franz Pletz
bd4490e277 Merge branch 'master' into hardened-stdenv 2016-08-13 16:59:55 +02:00
Franz Pletz
fa3a35b241 linuxPackages.fusionio-vsl: disable pic hardening (still broken) 2016-08-13 16:55:26 +02:00
Franz Pletz
b2c6d28a1d linuxPackages.ndiswrapper: disable pic hardening (still broken) 2016-08-13 16:50:43 +02:00
Franz Pletz
9e7d118ea2 linuxPackages.nvidia-x11: disable pic & format hardening 2016-08-13 16:49:42 +02:00
Franz Pletz
5103e70a37 linuxPackages.nvidiabl: disable pic hardening 2016-08-13 16:44:39 +02:00
Franz Pletz
73a9ce2ce3 linuxPackages.psmouse_alps: remove, driver in kernel since 3.9 2016-08-13 16:42:35 +02:00
Franz Pletz
62e6bc0bd9 linuxPackages.prl-tools: disable pic hardening 2016-08-13 16:40:42 +02:00
Franz Pletz
f55fd87c8a linuxPackages.ixgbevf: disable pic hardening 2016-08-13 16:30:35 +02:00
Franz Pletz
5e085b7fea linuxPackages.e1000e: disable pic hardening 2016-08-13 16:25:29 +02:00
Franz Pletz
d836b811cb linuxPackages.cryptodev: 1.6 -> 1.8, disable pic hardening 2016-08-13 16:24:38 +02:00
Franz Pletz
f5c9f99877 linuxPackages.ati_drivers_x11: disable pic & format hardening 2016-08-13 16:06:57 +02:00
Franz Pletz
a8deb8d647 linuxPackages.frandom: disable pic hardening 2016-08-13 16:03:32 +02:00
Franz Pletz
7d9d2d6872 linuxPackages.broadcom_sta: disable pic hardening 2016-08-13 16:02:02 +02:00
Robin Gloster
0f274be2fd linuxPackages.ena: disable pic 2016-08-13 10:12:07 +00:00
Kranium Gikos Mendoza
1bbcc7e378 hwdata: 0.276 -> 0.291 2016-08-13 10:06:34 +08:00
Luca Bruno
fda17cfd0e Merge pull request #17703 from womfoo/bump/microcode-intel-20160714
microcode-intel: 20150121 -> 20160714
2016-08-12 21:44:34 +01:00
Kranium Gikos Mendoza
050452dd7f microcode-intel: 20150121 -> 20160714 2016-08-13 03:53:03 +08:00
obadz
b2efe2babd Revert "linux kernel 4.4: fix race during build"
Removes patch. Was fixed upstream.

This reverts commit 4788ec1372.
2016-08-12 16:42:25 +01:00
Guillaume Maudoux
b1817fa8a3 linux_mptcp: 0.90.1 (kernel 3.18) -> 0.91 (kernel 4.1) (#17675) 2016-08-12 15:14:24 +02:00
Robin Gloster
b7787d932e Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-12 09:46:53 +00:00
obadz
18947c9e36 Revert "ecryptfs: fix kernel bug introduced in 4.4.14"
The Linux 4.4.17 release fixes the underlying issue

This reverts commit fad9a8841b.
2016-08-11 17:15:54 +01:00
Michael Raskin
b893d84d53 firejail: 0.9.40-rc1 -> 0.9.42-rc1 2016-08-11 17:57:35 +02:00
Michael Raskin
8b4eb6fa4d eudev: 3.1.5 -> 3.2 2016-08-11 17:57:35 +02:00
Eelco Dolstra
e26ac7afd4 linux: 4.4.16 -> 4.4.17 2016-08-11 15:20:07 +02:00
obadz
1cd9c58834 Merge pull request #17461 from rasendubi/powerpc
cross-compilation: fixes for powerpc-linux-uclibc
2016-08-11 00:51:51 +01:00
Kranium Gikos Mendoza
33166b7434 wireguard: require Linux >= 4.1 for module build (#17632) 2016-08-11 00:25:57 +02:00
Frederik Rietdijk
111d7a2af4 Merge pull request #17623 from matthewbauer/misc
Misc. hydra fixes
2016-08-10 11:35:44 +02:00
Franz Pletz
bba9728cd6 jool: 3.4.2 -> 3.4.4 2016-08-10 07:12:08 +02:00
Franz Pletz
aec9abc8e1 iputils: 20121221 -> 20151218 2016-08-10 07:12:08 +02:00
Matthew
0540e567a8 uksmtools: delete
Sources are not available from GitHub anymore and it appears to be
unmantained. A request was sent to the AUR mailing list to delete it on
May 26, 2016:

https://lists.archlinux.org/pipermail/aur-requests/2016-May/011706.html
2016-08-09 21:06:27 +00:00
Moritz Ulrich
9626707e2b systemd-cryptsetup-generator: Add note to revert 3efadce. 2016-08-09 19:21:58 +02:00
Moritz Ulrich
3efadce03b systemd-cryptsetup-generator: Fix installPhase. 2016-08-09 19:21:25 +02:00
Tuomas Tynkkynen
9a5427f667 klibc: Broken on i686 2016-08-06 17:06:45 +03:00
Tuomas Tynkkynen
088bcf4ec4 kernel config: Fix 3.10, 3.12, 3.14 builds 2016-08-06 17:06:45 +03:00
Tuomas Tynkkynen
44f462bf4d generate-config.pl: Be more verbose about missing options
For instance, the current 3.10 kernel build fails at the end with:

unused option: BRCMFMAC_PCIE
unused option: FW_LOADER_USER_HELPER_FALLBACK
unused option: KEXEC_FILE
unused option: RANDOMIZE_BASE

However, it's not obvious that only the _last_ one is actually fatal to
the build. After this change it's at least somewhat better:

warning: unused option: BRCMFMAC_PCIE
warning: unused option: FW_LOADER_USER_HELPER_FALLBACK
warning: unused option: KEXEC_FILE
error: unused option: RANDOMIZE_BASE
2016-08-06 17:06:45 +03:00
Robin Gloster
bc025e83bd uclibc: disable stackprotector hardening 2016-08-05 18:15:27 +00:00
Michal Rus
7281740c2e
linux: enable DRM_GMA600 and DRM_GMA3600
Adds basic support for Intel GMA3600/3650 (Intel Cedar Trail) platforms
and support for GMA600 (Intel Moorestown/Oaktrail) platforms with LVDS
ports via the gma500_gfx module.

Resolves #14727 Closes #17519
2016-08-05 19:07:40 +02:00
Franz Pletz
2d6b7aa545 linux: enable some useful networking options
All options are enabled by default on Debian and some other
distributions, so these should be safe.
2016-08-05 04:07:31 +02:00
Robin Gloster
1b979d8384 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-03 13:34:44 +00:00
Frederik Rietdijk
db06460257 Merge pull request #17447 from FRidh/nvidia
nvidia-x11: fix driSupport32Bit
2016-08-03 08:36:24 +02:00
Alexey Shmalko
5ab8e0d2aa
uclibc: claim maintainership 2016-08-03 03:35:54 +03:00
Tuomas Tynkkynen
21f17d69f6 treewide: Add lots of meta.platforms
Build-tested on x86_64 Linux & Mac.
2016-08-02 21:42:43 +03:00
Tuomas Tynkkynen
2258b21e4b treewide: Add lots of platforms to packages with no meta
Build-tested on x86_64 Linux and on Darwin.
2016-08-02 21:17:44 +03:00
Tuomas Tynkkynen
59ce911810 treewide: Some EOF-whitespace fixes 2016-08-02 21:17:44 +03:00
Franz Pletz
f2a66d4c16 criu: fix merge fail
d020caa5b2 vs. e3d0fe898b
2016-08-02 17:52:51 +02:00
Robin Gloster
1be4907ca2 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-02 13:46:36 +00:00
Frederik Rietdijk
8eb4b3af10 nvidia-x11: fix driSupport32Bit 2016-08-02 13:03:44 +02:00
aszlig
fef4b62657
broadcom_sta: Add patch to fix NULL pointer deref
The patch is from the following Gentoo bug:

https://bugs.gentoo.org/show_bug.cgi?id=523326#c24

Built successfully against Linux 3.18.36, 4.4.16 and 4.7.0.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @phreedom, @vcunat
2016-08-01 21:05:15 +02:00
aszlig
8f08399671
broadcom_sta: Reindent file, no code changes
Let's make sure we indent using two spaces, because the unpackPhase was
indented using four spaces.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-08-01 21:05:15 +02:00
aszlig
4d3545f2a5
broadcom_sta: Add patch for supporting Linux 4.7
Patch is from Arch Linux at:

https://aur.archlinux.org/cgit/aur.git/tree/?h=broadcom-wl

I've tested building against 3.18.36, 4.4.16 and 4.7.0.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @phreedom, @vcunat
2016-08-01 21:05:15 +02:00
aszlig
bd7ce1581d
broadcom_sta: 6.30.223.248 -> 6.30.223.271
The patch for kernel version 3.18 is already applied upstream, so we
don't need it any longer.

Without i686-build-failure.patch, the build for i686-linux fails because
it references rdtscl(), which is no longer available in Linux 4.3.0.

Patch for missing rdtscl() is from Arch Linux:

https://aur.archlinux.org/cgit/aur.git/tree/002-rdtscl.patch?h=broadcom-wl-ck

I've tested building against 32 and 64 bit Linux versions 3.18.36,
4.4.16 and 4.7.0.

The hashes were verified using the ones from the AUR (using the 16 bit
hashes of course):

$ nix-hash --type sha256 --to-base16 1kaqa2dw3nb8k23ffvx46g8jj3wdhz8xa6jp1v3wb35cjfr712sg
4f8b70b293ac8cc5c70e571ad5d1878d0f29d133a46fe7869868d9c19b5058cd
$ nix-hash --type sha256 --to-base16 1gj485qqr190idilacpxwgqyw21il03zph2rddizgj7fbd6pfyaz
5f79774d5beec8f7636b59c0fb07a03108eef1e3fd3245638b20858c714144be

AUR hashes can be found at:

https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=broadcom-wl&id=9d6f10b1b7745fbf5d140ac749e2253caf70daa8#n26

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @phreedom, @vcunat
2016-08-01 21:05:15 +02:00
Karn Kallio
5d11dac8bb nvidia-x11: advance to 365.35 and patch kernel 4.7. 2016-08-01 10:19:57 -04:00
Joachim Fasting
76f2e827a7
grsecurity: 4.6.5-201607272152 -> 4.6.5-201607312210 2016-08-01 12:46:48 +02:00
Robin Gloster
63c7b4f9a7 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-31 20:51:34 +00:00
Robin Gloster
43ba8d295f nvidia-x11: disable pic/format hardening 2016-07-31 20:38:38 +00:00
Eric Sagnes
d6452987fb wireguard: 20160708 -> 2016-07-22 (#17362) 2016-07-31 13:57:37 +02:00
Franz Pletz
2fa9bd5059 hostapd: add patch to fix build with libressl
Fixes #17315.
2016-07-29 12:03:08 +02:00
Joachim Fasting
83f783c00f
grsecurity: 4.6.4-201607242014 -> 4.6.5-201607272152 2016-07-29 00:24:00 +02:00
Franz Pletz
9aee2a17af linux: 4.6.4 -> 4.6.5
Removed patch was applied upstream.
2016-07-28 23:05:27 +02:00
Franz Pletz
b68fe1a572 linux: 4.5.6 -> 4.5.7 2016-07-28 23:05:27 +02:00
Eelco Dolstra
42f8df10a2 linux: 4.4.16 -> 4.4.16 2016-07-28 17:03:55 +02:00
Eelco Dolstra
51871dfb37 systemd: 230 -> 231 2016-07-28 17:03:55 +02:00
rnhmjoj
50cbb5bd30
rewritefs: 2016-02-08 -> 2016-07-27 2016-07-27 03:51:08 +02:00
Vladimír Čunát
375ae11a34 tiptop: init at 2.3 2016-07-26 11:55:23 +02:00
Robin Gloster
f222d98746 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-25 12:47:13 +00:00
Joachim Fasting
e725c927d4
grsecurity: 4.6.4-201607192040 -> 4.6.4-201607242014 2016-07-25 09:11:28 +02:00
Shea Levy
ac93e9f2c8 Linux 4.7 2016-07-24 18:30:08 -04:00
Joachim Fasting
f1187c4605
gradm: ensure that udev rules are actually installed
Another regression on my part: gradm won't install the rules unless
$(DESTDIR)/etc/udev/rules.d exists.
2016-07-24 12:54:07 +02:00
Tuomas Tynkkynen
9cccf35f98 dmraid: Fix typo 2016-07-23 13:24:18 +03:00
Matthew Robbetts
e434ce8f49 hostapd: 2.4 -> v2.5, fixes #17164 2016-07-23 00:56:53 +02:00
Daiderd Jordan
44c5b729b8 osx-private-sdk: Fix hash (#17185)
- use fetchFromGitHub
2016-07-23 00:54:25 +02:00
Joachim Fasting
e4b7b7b028
gradm: 3.1-201507191652 -> 3.1-201607172312 2016-07-22 17:57:26 +02:00
Lluís Batlle i Rossell
dd02b6f118 perf: depend on libiberty to get c++ demangling. 2016-07-21 17:27:15 +02:00
Robin Gloster
1f04b4a566 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-21 00:56:43 +00:00
Robin Gloster
cc540843fe linuxPackages.wireguard: disable pic 2016-07-21 00:01:20 +00:00
Markus Hauck
2a3fe4df43 sysdig: 0.10.0 -> 0.11.0 2016-07-20 21:27:40 +02:00
Joachim Fasting
55120ac4cb
grsecurity: 4.6.4-201607112205 -> 4.6.4-201607192040 2016-07-20 10:17:35 +02:00
Joachim Fasting
c93ffb95bc
grsecurity: enable support for setting pax flags via xattrs
While useless for binaries within the Nix store, user xattrs are a convenient
alternative for setting PaX flags to executables outside of the store.

To use disable secure memory protections for a non-store file foo, do
  $ setfattr -n user.pax.flags -v em foo
2016-07-20 10:17:11 +02:00
Tuomas Tynkkynen
2fefa331e7 busybox: Fix cross build with musl 2016-07-20 02:38:10 +03:00
Graham Christensen
46655e4524 Merge pull request #17085 from j1r1k/gfxtablet-1.4
gfxtablet: git-2013-10-21 -> 1.4
2016-07-19 19:23:47 +00:00
Jiri Marsicek
4a86f9a44f gfxtablet: git-2013-10-21 -> 1.4 2016-07-19 20:47:00 +02:00
Robin Gloster
04d873a626 osx-private-sdk: Fix hash 2016-07-19 12:19:58 +00:00
Joachim F
bb6fb70d6b Merge pull request #16979 from markus1189/sysdig
sysdig: 0.9.0 -> 0.10.0
2016-07-19 12:49:05 +02:00
Robin Gloster
203846b9de Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-19 10:37:02 +00:00
Franz Pletz
039f0e5cb0 firmwareLinuxNonfree: 2016-05-18 -> 2016-07-12 2016-07-19 07:55:27 +02:00
Nikolay Amiantov
28740462e7 busybox: fix static build 2016-07-19 05:20:02 +03:00
Tuomas Tynkkynen
6e0ab36de0 Merge pull request #16963 from womfoo/init/cking-kernel-tools
Init {fnotify,fork,power,smem}stat kernel tools
2016-07-16 21:15:23 +03:00
Tuomas Tynkkynen
a4dfa90139 Merge pull request #17012 from womfoo/fix/lightum
lightum: fix build against systemd-230
2016-07-16 17:12:27 +03:00
Kranium Gikos Mendoza
eb34cf1b6d lightum: fix build against systemd-230 2016-07-16 21:57:23 +08:00
Rickard Nilsson
8fa4dc174f Merge pull request #16899 from kragniz/lxc-2.0.3
lxc: 2.0.1 -> 2.0.3
2016-07-16 10:37:12 +02:00
Kranium Gikos Mendoza
b68689ebb2 smemstat: init at 0.01.14 2016-07-16 12:09:40 +08:00
Kranium Gikos Mendoza
a28dda1102 powerstat: init at 0.02.10 2016-07-16 12:09:40 +08:00
Kranium Gikos Mendoza
f88f31c4f0 forkstat: init at 0.01.13 2016-07-16 12:09:32 +08:00
Robin Gloster
5185bc1773 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-15 14:41:01 +00:00
Markus Hauck
36c906e7c0 sysdig: 0.9.0 -> 0.10.0 2016-07-15 10:35:19 +02:00
Arseniy Seroka
658579cc57 Merge pull request #16961 from womfoo/bump/eventstat-0.03.02
eventstat: 0.02.02 -> 0.03.02
2016-07-14 22:19:33 +04:00
Kranium Gikos Mendoza
b795186f2e fnotifystat: init at 0.01.14 2016-07-15 00:44:41 +08:00
Kranium Gikos Mendoza
cbeb320c47 eventstat: 0.02.02 -> 0.03.02 2016-07-15 00:06:39 +08:00
Vladimír Čunát
1b5ac05845 Merge branch 'staging'
Includes security fixes in gd and libarchive.
2016-07-14 15:51:28 +02:00
Eric Sagnes
c6f99a3a92 wireguard: split module and tools (#16883) 2016-07-13 21:15:11 +02:00
obadz
927a984de6 kernel: make KEXEC_FILE & KEXEC_JUMP optional to fix i686 build
cc @edolstra @dezgeg @domenkozar
2016-07-13 12:49:18 +02:00
obadz
fad9a8841b ecryptfs: fix kernel bug introduced in 4.4.14
Introduced by mainline commit 2f36db7
Patch is from http://www.spinics.net/lists/stable/msg137350.html
Fixes #16766
2016-07-13 11:04:07 +02:00
Nikolay Amiantov
d9aafc885f Merge branch 'early-kbd' into staging 2016-07-13 03:56:07 +03:00
Nikolay Amiantov
1848bfc92d Merge branch 'plymouth' into staging 2016-07-13 03:54:38 +03:00
Louis Taylor
f51f6a36e8 lxc: 2.0.1 -> 2.0.3 2016-07-13 00:35:20 +01:00
Vladimír Čunát
40785f0dac Merge branch 'master' into staging
Hydra nixpkgs: ?compare=1282763
2016-07-12 22:00:10 +02:00
Nikolay Amiantov
6e21246dc4 plymouth: 0.9.0 -> 0.9.2
Use system-wide directories for various resources.
2016-07-12 22:22:28 +03:00
Franz Pletz
dde259dfb5 linux: Add patch to fix CVE-2016-5829 (#16824)
Fixed for all available 4.x series kernels.

From CVE-2016-5829:

  Multiple heap-based buffer overflows in the hiddev_ioctl_usage function
  in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow
  local users to cause a denial of service or possibly have unspecified
  other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl
  call.
2016-07-12 20:56:50 +02:00
Joachim Fasting
416120e0c7
grsecurity: 4.6.3-201607070721 -> 4.6.4-201607112205 2016-07-12 15:15:09 +02:00
Tim Steinbach
47da65923b kernel: 4.6.3 -> 4.6.4 (#16875) 2016-07-12 09:54:57 +02:00
Tim Steinbach
9672c36651 conky: 1.10.1 -> 1.10.3 2016-07-11 23:20:25 +00:00
Eric Sagnes
1b41283eb3 wireguard: init at 20160708 (#16856) 2016-07-11 18:05:23 +02:00
Louis Taylor
b2b8a89945 linux-testing: 4.7-rc6 -> 4.7-rc7 (#16854) 2016-07-11 17:53:41 +02:00
Eelco Dolstra
ecc26d7a40 linux: Disable the old IDE subsystem
This has long been deprecated in favour of the new ATA support
(CONFIG_ATA).
2016-07-11 15:05:21 +02:00
Eelco Dolstra
7b9c493d60 linux: Enable some kernel features
This enables a few features that should be useful and safe (they're
all used by the default Ubuntu kernel config), in particular zswap,
wakelocks, kernel load address randomization, userfaultfd (useful for
QEMU), paravirtualized spinlocks and automatic process group
scheduling.

Also removes some configuration conditional on kernel versions that we
no longer support.
2016-07-11 15:04:56 +02:00
Eelco Dolstra
1cd7dbc00b linux: Bump NR_CPUS
The default limit (64) is too low for systems like EC2 x1.* instances
or Xeon Phis, so let's increase it.
2016-07-11 14:32:18 +02:00
Eelco Dolstra
8710672225 ena: Init at 20160629
This adds the Amazon Elastic Network Adapter kernel module required by
EC2 x1.* instances.
2016-07-11 14:32:18 +02:00
Franz Pletz
0f96c69026 batman-adv: 2016.1 -> 2016.2 2016-07-11 04:04:49 +02:00
Vladimír Čunát
6f07fdf469 v4l-utils: 1.6.3 -> 1.10.1
This fixes build after libjpeg(-turbo) update.
/cc maintainers: @codypoel, @viric.
2016-07-09 18:54:44 +02:00
Nikolay Amiantov
da97ba359e busybox: set default keymap path 2016-07-08 20:44:01 +03:00
Nikolay Amiantov
8b92103ae8 Merge branch 'master' into staging 2016-07-08 20:36:44 +03:00
Nikolay Amiantov
4ae98c2064 Merge branch 'kbd-paths' into staging
Closes #16642
2016-07-08 20:35:25 +03:00
Nikolay Amiantov
00e67f0df0 systemd: use plymouth from system path 2016-07-08 15:23:47 +03:00
Nikolay Amiantov
8bbfba48c4 systemd: move hwdb patch to the fork itself 2016-07-08 15:23:47 +03:00
Nikolay Amiantov
1ac6f1fe25 systemd: update fork revision 2016-07-08 15:23:07 +03:00
Nikolay Amiantov
c89843b604 kbd: split keymaps into kbdKeymaps 2016-07-08 12:52:39 +03:00
zimbatm
2459ddd4f6 Merge pull request #16703 from zimbatm/nologin-error
Nologin error
2016-07-07 22:58:53 +01:00
Joachim Fasting
a2ebf45b47
grsecurity: 4.5.7-201606302132 -> 4.6.3-201607070721 2016-07-07 19:34:58 +02:00
Eelco Dolstra
04eb7492dc ixgbevf: Init at 3.2.2
This driver is necessary for Enhanced Networking on most EC2 instance
types.
2016-07-07 17:51:10 +02:00
Joachim Fasting
2dd009ec97 Merge pull request #16622 from womfoo/bump/sysstat-11.2.5
sysstat: 11.0.7 -> 11.2.5
2016-07-05 19:53:58 +02:00
Tobias Geerinckx-Rice
cb86518fd3
radeontop: 2016-07-03 -> 2016-07-04
Add support for unprivileged use on both the Linux console and X.
2016-07-05 09:29:42 +02:00
zimbatm
c1a202de05 shadow: fix passthru
The shadow package's shellPath wasn't detected properly

Fixes #16428
2016-07-04 15:12:27 +01:00
Eelco Dolstra
03fcbf6317 Merge pull request #16697 from mimadrid/update/perf-tools-20160418
perf-tools: 20150723 -> 20160418
2016-07-04 14:26:05 +02:00
Tuomas Tynkkynen
4085f4de5f Merge branch 'pr-newest-uboot' into master 2016-07-04 15:17:46 +03:00
Tuomas Tynkkynen
55aecd308e linux-rpi: 4.1.20-XXX -> 4.4.13-1.20160620-1
- Add a patch to unset CONFIG_LOCALVERSION in the v7 build.
- Copy all the device trees to match the upstream names so U-Boot can
  find them. (This is a hack.)
2016-07-04 15:13:29 +03:00
mimadrid
b9315a6e24
perf-tools: 20150723 -> 20160418 2016-07-04 12:29:31 +02:00
aszlig
566c990f33
linux-testing: 4.6-rc6 -> 4.7-rc6
The config option DEVPTS_MULTIPLE_INSTANCES now no longer exists since
torvalds/linux@eedf265aa0.

Built successfully on my Hydra instance:

https://headcounter.org/hydra/log/r4n6sv0zld0aj65r7l494757s2r8w8sr-linux-4.7-rc6.drv

Verified unpacked tarball with GnuPG:

ABAF 11C6 5A29 70B1 30AB  E3C4 79BE 3E43 0041 1886

gpg: Signature made Mon 04 Jul 2016 08:13:05 AM CEST
gpg:                using RSA key 79BE3E4300411886
gpg: Good signature from "Linus Torvalds <torvalds@linux-foundation.org>"

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-07-04 10:46:48 +02:00
Tuomas Tynkkynen
1d069ff6ac rtl8723bs: Support all Linux 2016-07-04 02:07:13 +03:00
Tuomas Tynkkynen
d8cd615720 raspberrypifw: 1.20160315 -> 1.20160620
- Use fetchFromGitHub
- Some files in bin/ are now shell scripts, so skip patchelf on any
  non-ELF files.

With this U-Boot can be successfully launched on a RPi 3.
2016-07-04 01:53:13 +03:00
Rastus Vernon
77d9966d93 cryptsetup: update project homepage
The project was moved from code.google.com to gitlab.com.
2016-07-03 21:43:52 +02:00
Tobias Geerinckx-Rice
d01af30994
radeontop: 2015-11-24 -> 2016-07-03 2016-07-03 21:25:19 +02:00
Nikolay Amiantov
8530181246 kbd: add system-wise search paths for NixOS 2016-07-03 03:23:05 +03:00
Joachim Fasting
640ac5186f
grsecurity: 4.5.7-201606292300 -> 4.5.7-201606302132 2016-07-02 20:37:52 +02:00
Michele Guerini Rocco
d75c7d0dcd btfs: 2.9 -> 2.10 (#16603) 2016-06-30 23:39:15 +02:00
Kranium Gikos Mendoza
84a1057b41 sysstat: 11.0.7 -> 11.2.5 2016-06-30 21:39:50 +08:00
Joachim Fasting
51c04b74c1
grsecurity: 4.5.7-201606280009 -> 4.5.7-201606292300 2016-06-30 11:09:59 +02:00
Al Zohali
c4b346a539 conky: added double buffer support
Closes #16515.
2016-06-30 09:48:06 +02:00
Ruslan Babayev
d515d72aba dpdk: pktgen: odp-dpdk: upgrades (#16585)
* dpdk: fix a typo

* dpdk: separate configure phase

* odp-dpdk: 1.8.0.0 -> 1.10.1.0

* pktgen: 3.0.00 -> 3.0.04

* pktgen: add withGtk build option
2016-06-29 10:34:17 +02:00
Vladimír Čunát
3afa246038 Merge branch 'staging'
This includes a security update of expat.
2016-06-29 07:47:04 +02:00
Joachim Fasting
cd3da41b18 Merge pull request #16523 from grahamc/acpitool-patches
acpitool: port debian patches
2016-06-29 00:59:07 +02:00
Joachim Fasting
cdcdc25ef3
grsecurity: 4.5.7-201606262019 -> 4.5.7-201606280009 2016-06-28 14:57:20 +02:00
Joachim Fasting
d5eec25ff9
grsecurity: 4.5.7-201606222150 -> 4.5.7-201606262019 2016-06-27 21:42:17 +02:00
Franz Pletz
4bbb5c7e4c firmwareLinuxNonfree: 2016-01-26 -> 2016-05-18 2016-06-27 00:21:26 +02:00
Franz Pletz
4a16066852 linuxPackages.netatop: 0.7 -> 1.0 2016-06-27 00:20:13 +02:00
Franz Pletz
7e9affa7ee linux_4_3: Remove, not maintained anymore 2016-06-27 00:11:16 +02:00
Franz Pletz
eed51eccef linux: 3.10.101 -> 3.10.102 2016-06-27 00:11:16 +02:00
Franz Pletz
b7e0b118d9 linux: 3.12.57 -> 3.12.61 2016-06-27 00:11:04 +02:00
Franz Pletz
0387eddb51 linux: 3.14.65 -> 3.14.73 2016-06-27 00:10:38 +02:00
Franz Pletz
6165af4db2 linux: 3.18.29 -> 3.18.36 2016-06-27 00:09:56 +02:00
Franz Pletz
5806b185bd linux: 4.1.25 -> 4.1.27 2016-06-27 00:09:30 +02:00
Franz Pletz
4a942499b4 linux: 4.4.13 -> 4.4.14 2016-06-27 00:08:11 +02:00
Graham Christensen
085f98490e
acpitool: port debian patches
Without these patches, specifically the
0001-Do-not-assume-fixed-line-lengths-for-proc-acpi-wakeu.patch (wakeu
patch typo from upstream,) acpitool will consume 100% CPU when reading
long lines (>40 characters) like:

    ADP1	  S4	*disabled  platform:ACPI0003:00
2016-06-26 13:14:10 -05:00
Joachim Fasting
4fb72b2fd3
grsecurity: 4.5.7-201606202152 -> 4.5.7-201606222150 2016-06-26 17:27:17 +02:00
Joachim Fasting
5313f1096a Merge pull request #16510 from womfoo/guvcview
guvcview: 2.0.2 -> 2.0.4
2016-06-26 13:24:54 +02:00
Kranium Gikos Mendoza
66073374af guvcview: 2.0.2 -> 2.0.4 2016-06-26 13:44:24 +08:00
Tim Steinbach
125ffff089 kernel: 4.6.2 -> 4.6.3 2016-06-24 22:18:16 +00:00
Vladimír Čunát
6b27ceb006 Merge 'master' into staging and re-revert merge
... from staging to master, reverted temporarily in aa9a04883e.
2016-06-23 12:09:03 +02:00
Vladimír Čunát
aa9a04883e Revert "Merge branch 'staging'" due to glibc
The main output started to retain dependency on bootstrap-tools; see
https://github.com/NixOS/nixpkgs/pull/15867#issuecomment-227949096

This reverts commit c05d829598, reversing
changes made to f073df60d6.
2016-06-23 09:25:10 +02:00
Joachim Fasting
9d052a2c39
grsecurity: 4.5.7-201606142010 -> 4.5.7-201606202152 2016-06-23 00:55:54 +02:00
Vladimír Čunát
c05d829598 Merge branch 'staging' 2016-06-22 10:49:56 +02:00
Tobias Geerinckx-Rice
eec8d44335
nvidia_x11_legacy*: remove unused nvidia-340.76-kernel-4.0.patch 2016-06-22 03:58:55 +02:00
Gabriel Ebner
0d9bb144d9 dstat: 0.7.2 -> 0.7.3 2016-06-20 18:08:31 +02:00
Bjørn Forsman
bd01fad0ed Captialize meta.description of all packages
In line with the Nixpkgs manual.

A mechanical change, done with this command:

  find pkgs -name "*.nix" | \
      while read f; do \
          sed -e 's/description\s*=\s*"\([a-z]\)/description = "\u\1/' -i "$f"; \
      done

I manually skipped some:

* Descriptions starting with an abbreviation, a user name or package name
* Frequently generated expressions (haskell-packages.nix)
2016-06-20 13:55:52 +02:00
Eelco Dolstra
453086a15f linux: 4.4.12 -> 4.4.13 2016-06-20 13:11:55 +02:00
zimbatm
7c32638439 Merge pull request #16259 from layus/update-mptcp
linux_mptcp: update 0.90 -> 0.90.1
2016-06-20 09:29:07 +01:00
zimbatm
31c158ad45 Merge pull request #16189 from zimbatm/usershell-config
User shell config
2016-06-19 23:36:45 +01:00
Vladimír Čunát
e757404555 Merge branch 'master' into staging
Hydra nixpkgs: ?compare=1279790
2016-06-19 12:33:04 +02:00
Vladimír Čunát
97c484a10f treewide: fix #include errors after gcc-5.4
They were mostly missing <cmath> or <math.h>.
2016-06-19 10:18:30 +02:00
Aristid Breitkreuz
6a3dcb70bc Merge pull request #16112 from abuibrahim/master
odp-dpdk: init at 1.8.0.0
2016-06-18 17:09:13 +02:00
Joachim Fasting
875fd5af73
grsecurity: 4.5.7-201606110914 -> 4.5.7-201606142010 2016-06-16 14:29:12 +02:00
Ruslan Babayev
de67e77e3f odp-dpdk: init at 1.8.0.0
Signed-off-by: Ruslan Babayev <ruslan@babayev.com>
2016-06-15 22:17:03 -07:00
Guillaume Maudoux
d73b7d101f linux_mptcp: 0.90 -> 0.90.1 2016-06-15 22:56:11 +02:00
Joachim Fasting
130b06eb0b
grsecurity: 4.5.7-201606080852 -> 4.5.7-201606110914 2016-06-14 14:18:01 +02:00
Franz Pletz
99cc3fa6ca systemd: Disable stackprotector hardening flag 2016-06-14 10:19:05 +00:00
Joachim Fasting
886c03ad2e Merge pull request #16107 from joachifm/grsec-ng
Rework grsecurity support
2016-06-14 03:52:50 +02:00
Joachim Fasting
75b9a7beac
grsecurity: implement a single NixOS kernel
This patch replaces the old grsecurity kernels with a single NixOS
specific grsecurity kernel.  This kernel is intended as a general
purpose kernel, tuned for casual desktop use.

Providing only a single kernel may seem like a regression compared to
offering a multitude of flavors.  It is impossible, however, to
effectively test and support that many options.  This is amplified by
the reality that very few seem to actually use grsecurity on NixOS,
meaning that bugs go unnoticed for long periods of time, simply because
those code paths end up never being exercised.  More generally, it is
hopeless to anticipate imagined needs.  It is better to start from a
solid foundation and possibly add more flavours on demand.

While the generic kernel is intended to cover a wide range of use cases,
it cannot cover everything.  For some, the configuration will be either
too restrictive or too lenient.  In those cases, the recommended
solution is to build a custom kernel --- this is *strongly* recommended
for security sensitive deployments.

Building a custom grsec kernel should be as simple as
```nix
linux_grsec_nixos.override {
  extraConfig = ''
    GRKERNSEC y
    PAX y
    # and so on ...
  '';
}
```

The generic kernel should be usable both as a KVM guest and host.  When
running as a host, the kernel assumes hardware virtualisation support.
Virtualisation systems other than KVM are *unsupported*: users of
non-KVM systems are better served by compiling a custom kernel.

Unlike previous Grsecurity kernels, this configuration disables `/proc`
restrictions in favor of `security.hideProcessInformation`.

Known incompatibilities:
- ZFS: can't load spl and zfs kernel modules; claims incompatibility
  with KERNEXEC method `or` and RAP; changing to `bts` does not fix the
  problem, which implies we'd have to disable RAP as well for ZFS to
  work
- `kexec()`: likely incompatible with KERNEXEC (unverified)
- Xen: likely incompatible with KERNEXEC and UDEREF (unverified)
- Virtualbox: likely incompatible with UDEREF (unverified)
2016-06-14 00:08:20 +02:00
zimbatm
ae34904ee9 Merge pull request #16160 from vrthra/mupdf
mupdf: 1.8 -> 1.9
2016-06-12 23:26:34 +01:00
zimbatm
e2413ad5a8 shadow: add shellPath passthru
This one is a bit special, it's used to deny users from logging in.
2016-06-12 20:13:32 +01:00
Christoph Hrdinka
473062c9a7 kmod-debian-aliases: 21-1 -> 22-1.1 2016-06-12 20:15:42 +02:00
Rahul Gopinath
b8a525a8b6 jfbview: update mupdf 1.8 -> 1.9 2016-06-12 09:48:34 -07:00
Joachim Fasting
4ae5eb97f1
kernel: set virtualization options regardless of grsec
Per my own testing, the NixOS grsecurity kernel works both as a
KVM-based virtualisation host and guest; there appears to be no good
reason to making these conditional on `features.grsecurity`.

More generally, it's unclear what `features.grsecurity` *means*. If
someone configures a grsecurity kernel in such a fashion that it breaks
KVM support, they should know to disable KVM themselves.
2016-06-10 19:27:59 +02:00
Joachim Fasting
d8e4432fe2
kernel: unconditionally disable /dev/kmem
This was presumably set for grsecurity compatibility, but now appears
redundant.  Grsecurity does not expect nor require /dev/kmem to be
present and so it makes little sense to continue making its inclusion in
the standard kernel dependent on grsecurity.

More generally, given the large number of possible grsecurity
configurations, it is unclear what `features.grsecurity` even
*means* and its use should be discouraged.
2016-06-10 19:27:41 +02:00
Shea Levy
4fbafb2395 linux 4.6.1 -> 4.6.2 2016-06-10 09:30:11 -04:00
Robin Gloster
8031cba2ab Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-06-10 09:27:04 +00:00
Joachim Fasting
edc36a0091
grsecurity: 4.5.6-201606051644 -> 4.5.7-201606080852 2016-06-09 15:40:06 +02:00
Vladimír Čunát
20c2ce4954 Merge #16045: kernel: 4.6.0 -> 4.6.1 2016-06-09 14:37:32 +02:00
Vladimír Čunát
c0895be3ee Merge #16044: kernel: 4.1.20 -> 4.1.25 2016-06-09 14:36:31 +02:00
Vladimír Čunát
f9310c2eee Merge #16043: kernel: 4.4.11 -> 4.4.12 2016-06-09 14:34:50 +02:00
Joachim Fasting
7a29c403fd Merge pull request #16046 from NeQuissimus/kernel456
kernel: 4.5.5 -> 4.5.6
2016-06-09 13:56:13 +02:00