Vladimír Čunát
3be635b9b5
Merge linux kernel maintenance updates
...
PRs: #19995 #19996 #19997
2016-10-30 17:29:43 +01:00
Jörg Thalheim
c1b0ec5266
android-udev-rules: 20160805 -> 20161014
2016-10-30 17:05:11 +01:00
Tim Steinbach
f154459cf4
linux: 4.9-rc2 -> 4.9-rc3
2016-10-30 10:30:07 -04:00
Tim Steinbach
1af5b2a80c
linux: 4.4.27 -> 4.4.28
2016-10-30 10:29:37 -04:00
Tim Steinbach
8073430d95
linux: 4.8.4 -> 4.8.5
2016-10-30 10:28:55 -04:00
Tim Steinbach
4a70445fff
Merge pull request #19903 from carlsverre/update/sysdig
...
sysdig: 0.10.0 -> 0.12.0
2016-10-27 14:10:39 -04:00
Tim Steinbach
81b0db3915
Merge pull request #19910 from NeQuissimus/busybox_1_25_1
...
busybox: 1.24.2 -> 1.25.1
2016-10-27 12:47:46 -04:00
Tim Steinbach
a5c1985fef
busybox: 1.24.2 -> 1.25.1
2016-10-27 09:31:21 -04:00
Joachim Fasting
dfdaea1240
grsecurity: 4.7.10-201610222037 -> 201610262029
2016-10-27 15:03:27 +02:00
Graham Christensen
2f3b62375f
Merge pull request #19891 from NeQuissimus/kernel_4_9_rc2
...
kernel: 4.9-rc1 -> 4.9-rc2
2016-10-27 08:36:23 -04:00
Graham Christensen
ad2deee7d1
Merge pull request #19894 from NeQuissimus/kernel_3_18_44
...
kernel: 3.18.42 -> 3.18.44
2016-10-27 08:36:17 -04:00
Graham Christensen
c654ec0f25
Merge pull request #19893 from NeQuissimus/kernel_3_12_66
...
kernel: 3.12.63 -> 3.12.66
2016-10-27 08:36:10 -04:00
Graham Christensen
00e2bc22db
Merge pull request #19890 from NeQuissimus/kernel_3_10_104
...
kernel: 3.10.103 -> 3.10.104
2016-10-27 08:35:54 -04:00
Tim Steinbach
b86310fccf
wpa_supplicant: 2.5 -> 2.6 ( #19913 )
2016-10-27 13:57:56 +02:00
Tim Steinbach
b02646f93b
kernel: 3.18.42 -> 3.18.44
2016-10-26 19:23:43 -04:00
Tim Steinbach
e5e84ecbbd
kernel: 3.12.63 -> 3.12.66
2016-10-26 19:17:46 -04:00
Tim Steinbach
e4773819f4
kernel: 3.10.103 -> 3.10.104
2016-10-26 19:13:21 -04:00
Vladimír Čunát
6404a30afb
Merge #19892 : kernel: 4.1.33 -> 4.1.35
2016-10-26 22:11:30 +02:00
Carl Sverre
96a3e00929
sysdig: 0.10.0 -> 0.12.0
2016-10-26 11:19:41 -07:00
Franz Pletz
6e17ee638c
wireguard: 2016-10-01 -> 2016-10-25
2016-10-26 16:49:52 +02:00
Tim Steinbach
e9a5cf3f6f
kernel: 4.9-rc1 -> 4.9-rc2
2016-10-26 09:11:00 -04:00
Tim Steinbach
89cd922a6a
kernel: 4.1.33 -> 4.1.35
2016-10-26 09:04:37 -04:00
Frederik Rietdijk
7077a270bf
Merge remote-tracking branch 'upstream/master' into HEAD
2016-10-26 13:06:43 +02:00
Tim Steinbach
b3f7d626c1
kernel: remove 4.7
2016-10-24 21:30:00 -04:00
Joachim Fasting
5440c1a64c
grsecurity: 4.7.9-201610200819 -> 4.7.10-201610222037
...
Notably, this pulls in the dirtycow fix from upstream (but I've been
unable to execute the POC exploits on grsec kernels without that fix
...)
2016-10-23 17:14:40 +02:00
Tim Steinbach
a3989b87df
Merge pull request #19772 from NeQuissimus/linux_4_8_4
...
linux: 4.8.3 -> 4.8.4
2016-10-22 12:14:59 -04:00
Tim Steinbach
72d91f95cb
Merge pull request #19771 from NeQuissimus/linux_4_7_10
...
linux: 4.7.9 -> 4.7.10
2016-10-22 12:14:26 -04:00
Tim Steinbach
8d0ca31849
linux: 4.8.3 -> 4.8.4
2016-10-22 12:11:37 -04:00
Tim Steinbach
adbe0e0a13
linux: 4.7.9 -> 4.7.10
2016-10-22 12:11:09 -04:00
Tim Steinbach
4489454b83
linux: 4.4.26 -> 4.4.27
2016-10-22 12:10:34 -04:00
Frederik Rietdijk
e56832d730
Merge remote-tracking branch 'upstream/master' into HEAD
2016-10-22 17:23:24 +02:00
Joachim Fasting
ed5d146e9d
grsecurity: 4.7.7-201610101902 -> 4.7.9-201610200819
2016-10-21 01:50:53 +02:00
Vladimír Čunát
4d5b893002
Merge #19081 : gnome-3.22
...
Also master commits are brought in.
2016-10-20 23:04:10 +02:00
Vladimír Čunát
fabfb0a900
Merge #19725 : kernel: 4.7.8 -> 4.7.9
2016-10-20 19:45:25 +02:00
Tim Steinbach
963804ba8e
kernel: 4.7.8 -> 4.7.9
2016-10-20 13:08:53 -04:00
Tim Steinbach
0c3e5217fc
kernel: 4.8.2 -> 4.8.3
2016-10-20 13:06:03 -04:00
Eelco Dolstra
76a57d83b5
linux: 4.4.25 -> 4.4.26
2016-10-20 13:37:19 +02:00
Tim Steinbach
dac481d999
Merge pull request #19648 from NeQuissimus/linux_4_7_8
...
linux_4_7: 4.7.7 -> 4.7.8
2016-10-19 14:48:47 -04:00
Tim Steinbach
84e4dcb34b
Merge pull request #19649 from NeQuissimus/linux_4_8_2
...
linux_4_8: 4.8.1 -> 4.8.2
2016-10-19 14:38:11 -04:00
Tim Steinbach
70c8de0536
Merge pull request #19652 from NeQuissimus/linux_4_9_rc1
...
linux_testing: 4.8-rc6 -> 4.9-rc1
2016-10-19 14:35:21 -04:00
Eelco Dolstra
13f43c7ebc
linux: 4.4.24 -> 4.4.25
2016-10-19 17:11:53 +02:00
Tuomas Tynkkynen
59f12d9394
kernel config: Add some filesystem options
...
Enable encryption support for both F2FS and ext4. For ext4 this is a bit
tricky, since pre-4.8 the way to enable it as a module was just
"EXT4_ENCRYPTION=m" but after that it changed to "FS_ENCRYPTION=m &&
EXT4_ENCRYPTION=y".
Also make sure UDF is enabled.
2016-10-19 16:44:08 +03:00
Frederik Rietdijk
58c41ecd35
crda: use python2
2016-10-18 23:16:08 +02:00
Frederik Rietdijk
e9f8ee3ab4
iotop: use python2
2016-10-18 23:14:35 +02:00
Tuomas Tynkkynen
ba42683e9a
libselinux: Fix ARM build failure
...
Avoid this warning (which is in turn an error via -Werror):
````
avc_internal.c: In function 'avc_netlink_receive':
avc_internal.c:105:25: error: cast increases required alignment of target type [-Werror=cast-align]
struct nlmsghdr *nlh = (struct nlmsghdr *)buf;
^
````
The code allocates abuffer with "__attribute__ ((aligned))",
then passes it via a 'char*' parameter, which is then finally cast,
causing the warning. So the code is ok but compiler is not smart
enough to see it.
It seems that -Wcast-align is a no-op on x86, so this shows up on ARM
only.
2016-10-18 23:54:29 +03:00
Tim Steinbach
51c9c2f851
linux_testing: 4.8-rc6 -> 4.9-rc1
2016-10-18 11:19:46 -04:00
Tim Steinbach
0acfbaa5b2
linux_4_8: 4.8.1 -> 4.8.2
2016-10-18 10:13:02 -04:00
Tim Steinbach
55adff59f1
linux_4_7: 4.7.7 -> 4.7.8
2016-10-18 10:12:26 -04:00
Graham Christensen
3bd1e62a6d
Merge pull request #19578 from grahamc/facetimehd
...
facetimehd: 2016-05-02 -> 2016-10-09
2016-10-17 17:11:18 -04:00
Jörg Thalheim
756a6949f8
Merge pull request #19603 from aneeshusa/adopt-google-authenticator
...
[WIP] Adopt google authenticator
2016-10-16 22:06:40 +02:00
Nikolay Amiantov
40547dd4c4
cachefilesd: init at 0.10.9
2016-10-16 19:58:29 +03:00
Aneesh Agrawal
31b4fcd0b7
google-authenticator: adopt package
2016-10-16 12:42:51 -04:00
Graham Christensen
634a098940
linuxPackages.nvidia_x11: Remove us prefix from mirror
...
At the time of the last upgrade, the new driver wasn't available on
anything but their US mirror. Pinning to the US mirror isn't
recommended or preferable, but I did it anyway to be able to get the
upgrade out.
2016-10-16 11:08:17 -04:00
Graham Christensen
37bc2c0bbf
broadcom-sta: Support linux-4.8
2016-10-15 08:06:30 -04:00
Graham Christensen
2525a3d682
facetimehd: 2016-05-02 -> 2016-10-09
2016-10-15 07:42:08 -04:00
Tim Steinbach
b43c0dab8e
conky: 1.10.3 -> 1.10.5
2016-10-14 23:16:45 -04:00
Vladimír Čunát
061758490f
Merge branch 'master' into staging
...
... to get the openssl mass rebuild: 942dbf89c
.
2016-10-14 13:16:11 +02:00
Vladimír Čunát
6eeea6effd
Python: more evaluation fixups.
2016-10-14 00:03:12 +02:00
Franz Pletz
f30f7d0cff
powertop: add homepage, cleanup
2016-10-14 00:02:30 +02:00
Graham Christensen
88a47f1950
Merge pull request #19467 from grahamc/nvidia-x11-master
...
nvidia-x11: 367.35 -> 367.57
2016-10-12 19:07:29 -04:00
Graham Christensen
b98c0a668e
nvidia-x11: 367.35 -> 367.57
2016-10-11 19:43:58 -04:00
Vladimír Čunát
9d1dfc9ed0
Merge #18861 : add AMDGPU-PRO driver
2016-10-11 19:57:30 +02:00
David McFarland
3b4ce62451
amdgpu-pro: Init at 16.30.3-315407
2016-10-11 14:19:38 -03:00
Joachim Fasting
ce73a3ea0f
grsecurity: 4.7.6-201609301918 -> 4.7.7-201610101902
2016-10-11 13:15:16 +02:00
Eelco Dolstra
88f10ad409
aggregateModules: Preserve kernel's modules.{builtin,order}
...
Fixes #19426 .
2016-10-11 11:42:41 +02:00
sternenseemann
3fb2993cb3
maintainers: rename lukasepple according to github account name
2016-10-09 22:04:22 +02:00
Aneesh Agrawal
f0602d2d36
kernel: Make SECURITY_YAMA optional
...
It's highly recommended, but not required to run NixOS.
2016-10-08 17:46:33 +02:00
Aneesh Agrawal
a000ed181c
linux config: enable the Yama LSM ( #14392 )
...
The Yama Linux Security Module restricts the use of ptrace so that
processes cannot ptrace processes that are not their children. This
prevents attackers from compromising one user-level processes and
snooping on the memory and runtime state of other processes owned
by the same user.
2016-10-08 16:40:12 +02:00
Tim Steinbach
a699eb4798
linux: 4.4.23 -> 4.4.24 ( #19346 )
2016-10-08 07:02:07 +02:00
Tim Steinbach
9481edec56
linux: 4.7.6 -> 4.7.7 ( #19345 )
2016-10-08 07:01:51 +02:00
Tim Steinbach
07e67b33af
linux: 4.8.0 -> 4.8.1 ( #19344 )
2016-10-08 07:01:27 +02:00
Marco Maggesi
435673b948
Revert "Revert "linux*: remove 3.14, as it's no longer maintained""
...
In the end, it is too dangerous to have an unmaintained kernel in
nixpkgs. Revert the revert.
This reverts commit e921725176
.
2016-10-07 23:26:32 +02:00
Marco Maggesi
e921725176
Revert "linux*: remove 3.14, as it's no longer maintained"
...
This is the simplest way to reenable the use of BLCR
(which at present requires linux version >3.12 <3.18)
until we find a better solution.
This reverts commit 6a9e765e27
.
2016-10-07 14:31:24 +02:00
Thomas Tuegel
2e255a2edd
Merge branch 'staging'
2016-10-06 09:51:02 -05:00
Eelco Dolstra
a8b61b0aad
Merge pull request #19278 from anderspapitto/local
...
perf: add dependency on libaudit
2016-10-06 11:45:54 +02:00
Anders Papitto
aa44330963
perf: add dependency on libaudit
...
the `trace` subcommand of perf is only enabled when libaudit is
available at compile time
2016-10-05 17:59:44 -07:00
Jörg Thalheim
638d4b4d71
Merge pull request #19265 from Mic92/rtkit
...
rtkit: apply security relevant patch
2016-10-06 00:07:35 +02:00
Eelco Dolstra
f084274eeb
Merge pull request #19251 from groxxda/patch-2
...
kernel: Disable RT_GROUP_SCHED
2016-10-05 20:05:18 +02:00
Vladimír Čunát
30f551d8b2
Merge branch 'master' into staging
2016-10-05 19:02:48 +02:00
Jörg Thalheim
c684eb756a
rtkit: *security* Pass uid of caller to polkit
...
Otherwise, we force polkit to look up the uid itself in /proc, which is racy if
they execve() a setuid binary.
2016-10-05 18:11:02 +02:00
Alexander Ried
96fbdf8594
kernel: Disable RT_GROUP_SCHED
...
Follow systemd recommendation
fd74fa791f/README (L96-L103)
2016-10-05 12:52:45 +02:00
Alexander Ried
4e91e8cb3d
rtkit: add patch from debian to remove ControlGroup stanza
...
fixes log clutter:
systemd[1]: [/nix/store/....-rtkit-0.11/etc/systemd/system/rtkit-daemon.service:32] Unknown lvalue 'ControlGroup' in section 'Service'
2016-10-05 11:23:11 +02:00
Thomas Tuegel
d067b7bd35
Merge branch 'kde-5' into staging
2016-10-04 21:50:17 -05:00
Shea Levy
e54313d183
Revert "Revert "Linux 4.8""
...
Now featuring @aszlig's modinst_arg_list_too_long patch.
This reverts commit 43bedb970d
.
Fixes #19213
2016-10-04 10:10:36 -04:00
Shea Levy
43bedb970d
Revert "Linux 4.8"
...
This reverts commit e4958d54b1
.
2016-10-03 22:04:43 -04:00
Vladimír Čunát
1525568c74
util-linux: fixup patch hash from grandparent merge
...
And name the file, too.
2016-10-03 23:06:51 +02:00
Jörg Thalheim
45f64a37c9
Merge pull request #19175 from Mic92/util-linux
...
util-linux: workaround CVE-2016-2779
2016-10-03 22:53:21 +02:00
Jörg Thalheim
888f6a1280
Merge pull request #19199 from wizeman/u/fix-help2man-hash
...
help2man: fix hash
2016-10-03 19:26:44 +02:00
Franz Pletz
beca8946ee
jool: 3.4.5 -> 3.5.0
2016-10-03 18:25:28 +02:00
Shea Levy
e4958d54b1
Linux 4.8
2016-10-03 08:45:45 -04:00
Eric Sagnes
58d44a376e
wireguard: 2016-08-08 -> 2016-10-01
2016-10-03 17:06:11 +09:00
Jörg Thalheim
ba00ba65eb
util-linux: workaround CVE-2016-2779
...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779
2016-10-03 08:49:56 +02:00
Joachim Fasting
9a9237e0aa
grsecurity: revamp nixos kernel config
...
Cleanup:
- Restructure & add some commentary
- Remove redundant option specs given the auto config
constraints (some are left in for documentation purposes)
Changes:
- GRKERNSEC_CONFIG_VIRT_HOST -> GUEST
The former deselects paravirtualization and friends
- PAX_LATENT_ENTROPY n -> y (implied by auto)
- GRKERNSEC_ACL_HIDEKERN y -> n
Possibly useless with redistribution
2016-10-02 19:25:58 +02:00
Joachim Fasting
1bb7b44cd7
grsecurity: make GRKERNSEC y and PAX y implicit
...
These options should always be specified. Note, an implication of this
change is that not specifying any grsec/PaX options results in a build
failure.
2016-10-02 19:25:58 +02:00
Tuomas Tynkkynen
19225bf5cc
Merge remote-tracking branch 'upstream/master' into staging
2016-10-02 10:36:47 +03:00
Tuomas Tynkkynen
f5dd3a703d
treewide: Fix more lib.optional misuses
2016-10-02 00:44:10 +03:00
Aneesh Agrawal
fcee1d0b28
Remove redundant -DCMAKE_BUILD_TYPE=Release flags
...
Since commit 183d05a0
in 2012, this is the default.
fixes #18000
2016-10-01 16:13:41 +02:00
Joachim Fasting
2ec9a1a955
grsecurity: 4.7.5-201609261522 -> 4.7.6-201609301918
2016-10-01 08:47:30 +02:00
Joachim Fasting
22108b7a10
linux_4_7: 4.7.5 -> 4.7.6
2016-10-01 08:46:31 +02:00
Eelco Dolstra
613a12a8bd
linux: 4.4.22 -> 4.4.23
2016-09-30 14:41:19 +02:00