Commit graph

106495 commits

Author SHA1 Message Date
Michael Raskin
b3d1050cf2 Merge pull request #22438 from rnhmjoj/masscan
masscan: init at 2016-11-03
2017-04-30 18:40:58 +02:00
Michael Raskin
929eed352b Merge pull request #22410 from adnelson/upstart_improvements
upstart: wrap binaries and patch hard-coded paths
2017-04-30 18:29:33 +02:00
Michael Raskin
a5d36429dc Merge pull request #22489 from avnik/nixos-locales
nixos:  allow supply customized locale package
2017-04-30 18:19:31 +02:00
rht
5628cebcf0 /bin/sh -> ${stdenv.shell} 2017-04-30 17:01:07 +02:00
Bjørn Forsman
83129a6eed qgit: fix meta: maintainer -> maintainers 2017-04-30 16:54:59 +02:00
Vladimír Čunát
57174178c9
lib.makeScope: sync comment after rename in #25285 2017-04-30 15:56:29 +02:00
Frederik Rietdijk
f099f55e5b Merge pull request #25348 from romildo/upd.libmatroska
libmatroska: 1.4.5 -> 1.4.7
2017-04-30 15:32:33 +02:00
Joachim Fasting
56e1133d75
nixos/lock-kernel-modules: fix typo in unitConfig
I managed to miss this one somehow ... meh
2017-04-30 15:17:29 +02:00
Joachim Fasting
a1678269f9
nixos/hardened profile: disable user namespaces at runtime 2017-04-30 15:17:27 +02:00
Roman Kuznetsov
86fe3e9c6e mono: 4.6.0 -> 4.6.2 2017-04-30 14:14:02 +01:00
romildo
a37c5a8064 libmatroska: 1.4.5 -> 1.4.7 2017-04-30 10:04:23 -03:00
Frederik Rietdijk
b7e7646849 Merge pull request #25159 from matthewbauer/wxwidgets-refactor2
wxWidgets: move wxGTK-* to one wxWidgets folder
2017-04-30 15:02:18 +02:00
Tim Steinbach
0c4de3c0c9
linux: 4.4.64 -> 4.4.65 2017-04-30 08:58:44 -04:00
Frederik Rietdijk
ab27720bf6 Merge pull request #25298 from lsix/update_libidn2
libidn2: 2.0.1 -> 2.0.2
2017-04-30 14:54:27 +02:00
Thomas Tuegel
4e0d21edd1 Merge pull request #25285 from ttuegel/qt--fix-plugin-paths
Qt: purify plugin paths, unify Linux and Darwin builders
2017-04-30 07:33:50 -05:00
Daiderd Jordan
5e3de3938e Merge pull request #25217 from LnL7/darwin-csdp
csdp: fix darwin build
2017-04-30 14:33:30 +02:00
Vladimír Čunát
eb4792a03f
nixos manual: add a note about "nofail" FS option
Close #1858, as I think the points have been well resolved.
2017-04-30 14:10:30 +02:00
obadz
f5939cde52 Merge pull request #25341 from womfoo/bump/facter-3.6.4
facter: 3.6.0 -> 3.6.4 and related deps
2017-04-30 12:47:20 +01:00
Vladimír Čunát
e8d2b81988
Merge #25302: krita: 3.1.2.1 -> 3.1.3 2017-04-30 13:44:38 +02:00
Vladimír Čunát
ac0b90f8c7
krita: fixup meta
Nix 1.12 (pre) would complain otherwise.
2017-04-30 13:42:35 +02:00
Kranium Gikos Mendoza
673ac9506b facter: 3.6.0 -> 3.6.4 2017-04-30 21:13:26 +10:00
Kranium Gikos Mendoza
7dbab8b2ff leatherman: 0.10.1 -> 0.11.2 2017-04-30 21:12:47 +10:00
Kranium Gikos Mendoza
a513a38066 cpp-hocon: 0.1.4 -> 0.1.5 2017-04-30 21:12:29 +10:00
Frederik Rietdijk
e42792ad46 Merge pull request #25028 from armijnhemel/psycopg2
psycopg2: 2.6.1 -> 2.7.1
2017-04-30 13:03:55 +02:00
Michael Raskin
ce9c7dd0d6 Merge pull request #21822 from rht/master
coq_HEAD: Update to the latest commit
2017-04-30 12:49:20 +02:00
Frederik Rietdijk
b6cffb5d58 pythonPackages: comment explaining what's supposed to be in there 2017-04-30 12:45:52 +02:00
Peter Marheine
53c2f3c52e cherrypy: 3.2.2 -> 8.7.0 2017-04-30 12:28:46 +02:00
Peter Marheine
88d78f9d46 babelfish: 0.5.3 -> 0.5.5 2017-04-30 12:28:45 +02:00
Peter Marheine
5bd1ea51cb apscheduler: 3.0.4 -> 3.3.1 2017-04-30 12:28:45 +02:00
Michael Raskin
b5c3586289 Merge pull request #25333 from zraexy/zraexy-nvidia-x11
nvidia-x11: switch download urls to https
2017-04-30 12:23:54 +02:00
Michael Raskin
cd9ebdaa18 Merge pull request #25334 from volth/xfce4-dockbarx-plugin
xfce4-dockbarx-plugin: init at 0.5
2017-04-30 12:20:02 +02:00
Michael Raskin
689916b98f Merge pull request #25337 from benley/nm-dnsmasq
nixos: optional NetworkManager dnsmasq integration
2017-04-30 12:18:34 +02:00
Michael Raskin
56a90b2fbf Merge pull request #25338 from changlinli/upgrade-rstudio
RStudio: 0.98.110 -> 1.1.216
2017-04-30 12:17:46 +02:00
Peter Marheine
19629c4892 zerobin: disable tests because it doesn't have any
It does however contain a copy of cherrypy that doesn't get installed,
which fails tests when it tries to import from cherrypy and gets imports
from the version provided by Nix (which is probably not the same one as
is having its tests run).
2017-04-30 12:10:27 +02:00
Peter Marheine
2074d586a9 terminaltables: init at 3.1.0 2017-04-30 12:10:27 +02:00
Peter Marheine
7c25047677 safe: init at 0.4 2017-04-30 12:10:26 +02:00
Peter Marheine
4bd86e5c51 colorclass: init at 2.2.0 2017-04-30 12:10:25 +02:00
Peter Marheine
044b3c93e7 rebulk: init at 0.8.2 2017-04-30 12:10:25 +02:00
Peter Marheine
fc71c626e7 flask-restplus: init at 0.8.6 2017-04-30 12:10:24 +02:00
Peter Marheine
3af5b60e27 flask-restful: init at 0.3.5 2017-04-30 12:10:24 +02:00
Peter Marheine
0f765d7807 flask-compress: init at 1.3.2 2017-04-30 12:10:23 +02:00
Peter Marheine
1bcc8d026c aniso8601: init at 1.2.0 2017-04-30 12:10:23 +02:00
Michael Raskin
71306c71c0 torbrowser: comment out the warning, as it got displayed in irrelevant contexts 2017-04-30 12:09:27 +02:00
Joachim Fasting
1dd3ba924b
nixos/hardened profile: disable hibernation
Recommended by KSPP
2017-04-30 12:06:11 +02:00
Joachim Fasting
ffa83edf4a
nixos/tests: add tests for exercising various hardening features
This test exercises the linux_hardened kernel along with the various
hardening features (enabled via the hardened profile).

Move hidepid test from misc, so that misc can go back to testing a vanilla
configuration.
2017-04-30 12:05:42 +02:00
Joachim Fasting
ab4fa1cce4
tree-wide: prune some dead grsec leaves
The beginning of pruning grsecurity/PaX from the tree.
2017-04-30 12:05:41 +02:00
Joachim Fasting
8c98e8ca2f
nixos/hardened profile: use the linux_hardened kernel 2017-04-30 12:05:40 +02:00
Joachim Fasting
62f2a1c2be
linux_hardened: init
The rationale for this is to have a place to enable hardening features
that are either too invasive or that may be speculative/yet proven to be
worthwhile for general-purpose kernels.
2017-04-30 12:05:39 +02:00
Joachim Fasting
6a5a5728ee
nixos/hardened profile: lock kernel modules 2017-04-30 12:05:38 +02:00
Joachim Fasting
878ad1ce6e
nixos: add option to lock kernel modules
Adds an option `security.lockKernelModules` that, when enabled, disables
kernel module loading once the system reaches its normal operating state.

The rationale for this over simply setting the sysctl knob is to allow
some legitmate kernel module loading to occur; the naive solution breaks
too much to be useful.

The benefit to the user is to help ensure the integrity of the kernel
runtime: only code loaded as part of normal system initialization will be
available in the kernel for the duration of the boot session.  This helps
prevent injection of malicious code or unexpected loading of legitimate
but normally unused modules that have exploitable bugs (e.g., DCCP use
after free CVE-2017-6074, n_hldc CVE-2017-2636, XFRM framework
CVE-2017-7184, L2TPv3 CVE-2016-10200).

From an aestethic point of view, enabling this option helps make the
configuration more "declarative".

Closes https://github.com/NixOS/nixpkgs/pull/24681
2017-04-30 12:05:37 +02:00