Michael Raskin
b3d1050cf2
Merge pull request #22438 from rnhmjoj/masscan
...
masscan: init at 2016-11-03
2017-04-30 18:40:58 +02:00
Michael Raskin
929eed352b
Merge pull request #22410 from adnelson/upstart_improvements
...
upstart: wrap binaries and patch hard-coded paths
2017-04-30 18:29:33 +02:00
Michael Raskin
a5d36429dc
Merge pull request #22489 from avnik/nixos-locales
...
nixos: allow supply customized locale package
2017-04-30 18:19:31 +02:00
rht
5628cebcf0
/bin/sh -> ${stdenv.shell}
2017-04-30 17:01:07 +02:00
Bjørn Forsman
83129a6eed
qgit: fix meta: maintainer -> maintainers
2017-04-30 16:54:59 +02:00
Vladimír Čunát
57174178c9
lib.makeScope: sync comment after rename in #25285
2017-04-30 15:56:29 +02:00
Frederik Rietdijk
f099f55e5b
Merge pull request #25348 from romildo/upd.libmatroska
...
libmatroska: 1.4.5 -> 1.4.7
2017-04-30 15:32:33 +02:00
Joachim Fasting
56e1133d75
nixos/lock-kernel-modules: fix typo in unitConfig
...
I managed to miss this one somehow ... meh
2017-04-30 15:17:29 +02:00
Joachim Fasting
a1678269f9
nixos/hardened profile: disable user namespaces at runtime
2017-04-30 15:17:27 +02:00
Roman Kuznetsov
86fe3e9c6e
mono: 4.6.0 -> 4.6.2
2017-04-30 14:14:02 +01:00
romildo
a37c5a8064
libmatroska: 1.4.5 -> 1.4.7
2017-04-30 10:04:23 -03:00
Frederik Rietdijk
b7e7646849
Merge pull request #25159 from matthewbauer/wxwidgets-refactor2
...
wxWidgets: move wxGTK-* to one wxWidgets folder
2017-04-30 15:02:18 +02:00
Tim Steinbach
0c4de3c0c9
linux: 4.4.64 -> 4.4.65
2017-04-30 08:58:44 -04:00
Frederik Rietdijk
ab27720bf6
Merge pull request #25298 from lsix/update_libidn2
...
libidn2: 2.0.1 -> 2.0.2
2017-04-30 14:54:27 +02:00
Thomas Tuegel
4e0d21edd1
Merge pull request #25285 from ttuegel/qt--fix-plugin-paths
...
Qt: purify plugin paths, unify Linux and Darwin builders
2017-04-30 07:33:50 -05:00
Daiderd Jordan
5e3de3938e
Merge pull request #25217 from LnL7/darwin-csdp
...
csdp: fix darwin build
2017-04-30 14:33:30 +02:00
Vladimír Čunát
eb4792a03f
nixos manual: add a note about "nofail" FS option
...
Close #1858 , as I think the points have been well resolved.
2017-04-30 14:10:30 +02:00
obadz
f5939cde52
Merge pull request #25341 from womfoo/bump/facter-3.6.4
...
facter: 3.6.0 -> 3.6.4 and related deps
2017-04-30 12:47:20 +01:00
Vladimír Čunát
e8d2b81988
Merge #25302 : krita: 3.1.2.1 -> 3.1.3
2017-04-30 13:44:38 +02:00
Vladimír Čunát
ac0b90f8c7
krita: fixup meta
...
Nix 1.12 (pre) would complain otherwise.
2017-04-30 13:42:35 +02:00
Kranium Gikos Mendoza
673ac9506b
facter: 3.6.0 -> 3.6.4
2017-04-30 21:13:26 +10:00
Kranium Gikos Mendoza
7dbab8b2ff
leatherman: 0.10.1 -> 0.11.2
2017-04-30 21:12:47 +10:00
Kranium Gikos Mendoza
a513a38066
cpp-hocon: 0.1.4 -> 0.1.5
2017-04-30 21:12:29 +10:00
Frederik Rietdijk
e42792ad46
Merge pull request #25028 from armijnhemel/psycopg2
...
psycopg2: 2.6.1 -> 2.7.1
2017-04-30 13:03:55 +02:00
Michael Raskin
ce9c7dd0d6
Merge pull request #21822 from rht/master
...
coq_HEAD: Update to the latest commit
2017-04-30 12:49:20 +02:00
Frederik Rietdijk
b6cffb5d58
pythonPackages: comment explaining what's supposed to be in there
2017-04-30 12:45:52 +02:00
Peter Marheine
53c2f3c52e
cherrypy: 3.2.2 -> 8.7.0
2017-04-30 12:28:46 +02:00
Peter Marheine
88d78f9d46
babelfish: 0.5.3 -> 0.5.5
2017-04-30 12:28:45 +02:00
Peter Marheine
5bd1ea51cb
apscheduler: 3.0.4 -> 3.3.1
2017-04-30 12:28:45 +02:00
Michael Raskin
b5c3586289
Merge pull request #25333 from zraexy/zraexy-nvidia-x11
...
nvidia-x11: switch download urls to https
2017-04-30 12:23:54 +02:00
Michael Raskin
cd9ebdaa18
Merge pull request #25334 from volth/xfce4-dockbarx-plugin
...
xfce4-dockbarx-plugin: init at 0.5
2017-04-30 12:20:02 +02:00
Michael Raskin
689916b98f
Merge pull request #25337 from benley/nm-dnsmasq
...
nixos: optional NetworkManager dnsmasq integration
2017-04-30 12:18:34 +02:00
Michael Raskin
56a90b2fbf
Merge pull request #25338 from changlinli/upgrade-rstudio
...
RStudio: 0.98.110 -> 1.1.216
2017-04-30 12:17:46 +02:00
Peter Marheine
19629c4892
zerobin: disable tests because it doesn't have any
...
It does however contain a copy of cherrypy that doesn't get installed,
which fails tests when it tries to import from cherrypy and gets imports
from the version provided by Nix (which is probably not the same one as
is having its tests run).
2017-04-30 12:10:27 +02:00
Peter Marheine
2074d586a9
terminaltables: init at 3.1.0
2017-04-30 12:10:27 +02:00
Peter Marheine
7c25047677
safe: init at 0.4
2017-04-30 12:10:26 +02:00
Peter Marheine
4bd86e5c51
colorclass: init at 2.2.0
2017-04-30 12:10:25 +02:00
Peter Marheine
044b3c93e7
rebulk: init at 0.8.2
2017-04-30 12:10:25 +02:00
Peter Marheine
fc71c626e7
flask-restplus: init at 0.8.6
2017-04-30 12:10:24 +02:00
Peter Marheine
3af5b60e27
flask-restful: init at 0.3.5
2017-04-30 12:10:24 +02:00
Peter Marheine
0f765d7807
flask-compress: init at 1.3.2
2017-04-30 12:10:23 +02:00
Peter Marheine
1bcc8d026c
aniso8601: init at 1.2.0
2017-04-30 12:10:23 +02:00
Michael Raskin
71306c71c0
torbrowser: comment out the warning, as it got displayed in irrelevant contexts
2017-04-30 12:09:27 +02:00
Joachim Fasting
1dd3ba924b
nixos/hardened profile: disable hibernation
...
Recommended by KSPP
2017-04-30 12:06:11 +02:00
Joachim Fasting
ffa83edf4a
nixos/tests: add tests for exercising various hardening features
...
This test exercises the linux_hardened kernel along with the various
hardening features (enabled via the hardened profile).
Move hidepid test from misc, so that misc can go back to testing a vanilla
configuration.
2017-04-30 12:05:42 +02:00
Joachim Fasting
ab4fa1cce4
tree-wide: prune some dead grsec leaves
...
The beginning of pruning grsecurity/PaX from the tree.
2017-04-30 12:05:41 +02:00
Joachim Fasting
8c98e8ca2f
nixos/hardened profile: use the linux_hardened kernel
2017-04-30 12:05:40 +02:00
Joachim Fasting
62f2a1c2be
linux_hardened: init
...
The rationale for this is to have a place to enable hardening features
that are either too invasive or that may be speculative/yet proven to be
worthwhile for general-purpose kernels.
2017-04-30 12:05:39 +02:00
Joachim Fasting
6a5a5728ee
nixos/hardened profile: lock kernel modules
2017-04-30 12:05:38 +02:00
Joachim Fasting
878ad1ce6e
nixos: add option to lock kernel modules
...
Adds an option `security.lockKernelModules` that, when enabled, disables
kernel module loading once the system reaches its normal operating state.
The rationale for this over simply setting the sysctl knob is to allow
some legitmate kernel module loading to occur; the naive solution breaks
too much to be useful.
The benefit to the user is to help ensure the integrity of the kernel
runtime: only code loaded as part of normal system initialization will be
available in the kernel for the duration of the boot session. This helps
prevent injection of malicious code or unexpected loading of legitimate
but normally unused modules that have exploitable bugs (e.g., DCCP use
after free CVE-2017-6074, n_hldc CVE-2017-2636, XFRM framework
CVE-2017-7184, L2TPv3 CVE-2016-10200).
From an aestethic point of view, enabling this option helps make the
configuration more "declarative".
Closes https://github.com/NixOS/nixpkgs/pull/24681
2017-04-30 12:05:37 +02:00