Commit Graph

6754 Commits

Author SHA1 Message Date
Tim Steinbach
ba9275da88
linux: Remove 4.11
4.11.x has been EOL'd
2017-07-21 07:33:14 -04:00
Tim Steinbach
98ad0f4dab
linux: 4.12.2 -> 4.12.3 2017-07-21 07:28:24 -04:00
Tim Steinbach
232f497169
linux: 4.9.38 -> 4.9.39 2017-07-21 07:25:50 -04:00
Tim Steinbach
5181d7568f
linux: 4.4.77 -> 4.4.78 2017-07-21 07:23:12 -04:00
Al Zohali
0b3d29d4ac linux_samus_4_12: init at 4.12.2
Co-authored-by: Nikolay Amiantov <ab@fmap.me>

fixes #26038
2017-07-18 23:31:18 +01:00
Daniel Peebles
bd2e91e3a2 Merge pull request #27318 from copumpkin/darwin-high-sierra
Support High Sierra on Darwin
2017-07-18 17:06:06 -04:00
aszlig
c71233f12c
broadcom_sta: Add patch for supporting Linux 4.12
The patch is from Arch Linux at:

https://aur.archlinux.org/cgit/aur.git/tree/linux412.patch?h=broadcom-wl

Tested this by building against the following attributes:

  * linuxPackages.broadcom_sta
  * linuxPackages_latest.broadcom_sta
  * pkgsI686Linux.linuxPackages.broadcom_sta
  * pkgsI686Linux.linuxPackages_latest.broadcom_sta

I have not tested whether this works at runtime, because I do not posess
the hardware.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-07-18 21:37:02 +02:00
Tuomas Tynkkynen
638adf2d90 iproute: 4.11.0 -> 4.12.0 2017-07-18 13:41:06 +03:00
Jörg Thalheim
4154279179 zfsUnstable: mark as stable with 4.12 2017-07-18 11:15:37 +01:00
Frederik Rietdijk
3eceecb90d Merge remote-tracking branch 'upstream/master' into HEAD 2017-07-17 13:52:01 +02:00
Franz Pletz
7f0994c33d
zfsUnstable: 0.7.0-rc4 -> 0.7.0-rc5 2017-07-17 02:53:14 +02:00
Franz Pletz
e4eea75fa7
zfs: 0.6.5.10 -> 0.6.5.11 2017-07-17 02:53:14 +02:00
Robin Gloster
ae26f291bc
systemd: 233 -> 234 2017-07-16 17:22:45 +02:00
Tim Steinbach
df929d6216
linux-copperhead: 4.12.1.a -> 4.12.2.a 2017-07-15 19:44:12 -04:00
Tim Steinbach
b103e9317a
linux-testing: 4.12-rc7 -> 4.13-rc1 2017-07-15 19:30:44 -04:00
Tim Steinbach
81b993369c
linux: 4.4.76 -> 4.4.77 2017-07-15 19:25:42 -04:00
Tim Steinbach
b04858db1b
linux: 4.9.37 -> 4.9.38
Remove temporary patches to perf as well
2017-07-15 19:22:07 -04:00
Tim Steinbach
ccec16579d
linux: 4.11.10 -> 4.11.11 2017-07-15 19:17:06 -04:00
Tim Steinbach
c5ef98bb34
linux: 4.12.1 -> 4.12.2 2017-07-15 19:14:44 -04:00
Tim Steinbach
954c66983d
perf: Apply patch for offline kernels
As per https://lkml.org/lkml/2017/7/13/314, perf is broken in 4.9.36 and 4.9.37
Patches in this commit are taken from
https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/commit/?id=39f4f2c018bd831c325e11983f8893caf72fd9eb

This will allow perf to build again and should be included in a future 4.9.x release,
allowing the custom patching to be removed again
2017-07-14 20:07:16 -04:00
Tuomas Tynkkynen
42395a191b kernel-config: Disable Xen on non-x86
There's an upstream build failure on ARM (not directly related to Xen
but rather some other config options it enables). The xen package is
x86_64-only anyways.
2017-07-13 20:12:50 +03:00
Joachim Fasting
f90d7b23a7
alienfx: do not attempt to install suid executables 2017-07-13 18:08:56 +02:00
Tim Steinbach
6fda535869
linux-copperhead: Fix modDirVersion 2017-07-13 09:00:44 -04:00
Tim Steinbach
45a2534459
linux-copperhead: 4.12.e -> 4.12.1.a 2017-07-13 08:40:08 -04:00
Tim Steinbach
6131b4d52d
linux: 4.12 -> 4.12.1 2017-07-13 08:36:50 -04:00
Tim Steinbach
24de0bad42
linux: 4.11.9 -> 4.11.10 2017-07-13 08:34:51 -04:00
Tim Steinbach
6da222918e
linux: 4.9.36 -> 4.9.37 2017-07-13 08:30:47 -04:00
Dan Peebles
0419452113 Fix Darwin stdenv to work on 10.13
The main changes are in libSystem, which lost the coretls component in 10.13
and some hardening changes that quietly crash any program that uses %n in
a non-constant format string, so we've needed to patch a lot of programs that
use gnulib.
2017-07-11 21:56:38 -04:00
Tim Steinbach
1434128a18
linux-copperhead: 4.12.d -> 4.12.e 2017-07-11 08:22:56 -04:00
Tobias Geerinckx-Rice
46dc5394cd
Update e-mail address for nckx 2017-07-10 20:54:18 +02:00
Franz Pletz
9a219a7ec0
nettools: 1.60_p20120127084908 -> 1.60_p20161110235919
Some tools now need to be explcitely enabled. This version ships the same
executables as the previous one.
2017-07-10 09:36:04 +02:00
Jörg Thalheim
1532d5632f wireguard: 0.0.20170629 -> 0.0.20170706 2017-07-10 07:31:40 +01:00
Tim Steinbach
d38656b3c3
linux-copperhead: 4.12.c -> 4.12.d 2017-07-09 18:20:14 -04:00
Tim Steinbach
fca0b3602d
linux-copperhead: 4.12.b -> 4.12.c 2017-07-09 18:16:58 -04:00
Domen Kožar
ca76954e49 Merge pull request #27245 from NixOS/osx_private_sdk/cleanup
Get rid of some usages of osx_private_sdk
2017-07-09 22:49:31 +02:00
Domen Kožar
e211504db6
Get rid of some usages of osx_private_sdk
For example this reduces haskell closure on
darwin for some packages for almost 500MB.
2017-07-09 22:48:04 +02:00
Daiderd Jordan
980346592c
Merge branch 'staging' into master 2017-07-08 22:22:17 +02:00
Tim Steinbach
50831d543d
busybox: 1.26.2 -> 1.27.0 2017-07-08 13:41:27 -04:00
Tim Steinbach
da8bd6df67 Merge pull request #27161 from NeQuissimus/kernel_config_cleanup
linux: Clean up kernel config warnings
2017-07-07 09:00:52 -04:00
gnidorah
ff348f4b6d linux: Enable more I/O schedulers 2017-07-07 11:43:48 +03:00
0xABAB
b89a5b2210 nfs-utils: Replace reference to /bin/true 2017-07-06 20:43:22 +02:00
Tim Steinbach
968e0b2baf
linux-copperhead: 4.11.8.a -> 4.12.b 2017-07-06 11:42:27 -04:00
Eelco Dolstra
942422a646
Merge branch 'glibc' of https://github.com/rnhmjoj/nixpkgs into staging 2017-07-06 15:14:57 +02:00
Tim Steinbach
3ec2a2f476
linux: Clean up kernel config warnings 2017-07-05 20:09:14 -04:00
Ryan Trinkle
7004641566 Merge pull request #26974 from obsidiansystems/response-file-parsing-speed
cc-wrapper: improve response file parsing speed
2017-07-05 16:18:22 -04:00
Ryan Trinkle
754c3f6ba4 cc-wrapper: fix response file parsing on ios-cross 2017-07-05 16:04:39 -04:00
Franz Pletz
e1b29dd6d6
firmwareLinuxNonfree: 2017-04-16 -> 2017-07-05
Fixes #27129.
2017-07-05 19:00:19 +02:00
Tim Steinbach
a04afd1594
linux: 4.4.75 -> 4.4.76 2017-07-05 12:54:56 -04:00
Tim Steinbach
05bd289ff8
linux: 4.9.35 -> 4.9.36 2017-07-05 12:52:05 -04:00
Tim Steinbach
00f0f7e9f6
linux: 4.11.8 -> 4.11.9 2017-07-05 12:49:56 -04:00
Vladimír Čunát
49250054d2
Merge #27153: atop: don't chmod u+s 2017-07-05 17:31:16 +02:00
Vladimír Čunát
5328aac7be
Merge branch 'staging'
Comparison looks OK; I'll try some fixes on master directly.
http://hydra.nixos.org/eval/1372577?compare=1372497
2017-07-05 08:55:26 +02:00
Tim Steinbach
cd1f998289
Revert "linux-copperhead: 4.11.8.a -> 4.12.a"
This reverts commit cb703f1314.
2017-07-04 20:56:02 -04:00
Jörg Thalheim
0518ec00b5 zfs: update kernel versions constraint for linux 4.12 2017-07-04 17:15:48 +01:00
Tuomas Tynkkynen
a4cf83c9b7 psmisc: 23.0 -> 23.1 2017-07-04 17:30:02 +03:00
Tuomas Tynkkynen
06c61f8cc2 iw: 4.3 -> 4.9 2017-07-04 17:30:02 +03:00
Tim Steinbach
cb703f1314
linux-copperhead: 4.11.8.a -> 4.12.a 2017-07-03 21:03:58 -04:00
Ricardo M. Correia
4e025437d7 atop: don't chmod u+s, otherwise Nix build fails 2017-07-03 21:15:36 +02:00
Tim Steinbach
f130e0027e
linux: Add 4.12 2017-07-03 11:57:40 -04:00
Vladimír Čunát
d1a89ae9d7
Merge branch 'master' into staging 2017-07-03 09:48:58 +02:00
es_github
5d989f4d93 kmod-debian-aliases: Fix source tarball URL.
The original URL for this package was pointed at a location that wasn't
longterm-stable, and has by now been removed by Debian.
This commit fixes the URL to point at a debian snapshot entry, which should
stick around for the long run.

Hash is unchanged, so this is safe.
2017-07-03 02:50:24 +01:00
Joachim F
8604630d92 Merge pull request #26939 from dtzWill/fix/perms-fallout-misc-2
Fixup various setuid/setgid permission problems, part 2
2017-06-30 18:30:02 +01:00
Vladimír Čunát
ddf864f8aa
Merge branch 'master' into staging
Mass rebuilds from master (>7k on x86_64-linux).
2017-06-30 18:16:58 +02:00
John Ericson
95c8277701 misc pkgs: Remove unneeded *Platform == *Platform comparisons
PR #26007 used these to avoid causing a mass rebuild. Now that we know
things work, we do that to clean up.
2017-06-30 10:09:31 -04:00
Jörg Thalheim
79ecfb515f Merge pull request #26972 from zx2c4/patch-5
wireguard: 0.0.20170613 -> 0.0.20170629
2017-06-30 08:40:40 +01:00
Tim Steinbach
3130f3ed0a
linux-copperhead: 4.11.7.a -> 4.11.8.a
Fixes #26790 by properly including built modules
2017-06-29 23:16:52 -04:00
Jason A. Donenfeld
9ffccc77d9 wireguard: 0.0.20170613 -> 0.0.20170629
Simple version bump.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-29 22:27:52 +02:00
Tim Steinbach
37bc494949
linux: 4.11.7 -> 4.11.8 2017-06-29 08:29:04 -04:00
Tim Steinbach
d1aff8d2e5
linux: 4.9.34 -> 4.9.35
Also, remove XSA-216 patches, the fixes are now integrated upstream
2017-06-29 08:26:25 -04:00
Tim Steinbach
6b35f22e28
linux: 4.4.74 -> 4.4.75 2017-06-29 08:20:06 -04:00
John Ericson
16be434b0b Merge accepted cross compilation PRs into staging 2017-06-28 23:17:21 -04:00
Tim Steinbach
4cc729644e Merge pull request #26867 from michalpalka/xen-security-2017.06-new
xen: patch for XSAs: 216, 217, 218, 219, 220, 221, 222, and 224
2017-06-28 22:43:46 -04:00
John Ericson
eb052edd6f Merge pull request #26946 from obsidiansystems/wxmsw-fix
wxMSW: Fix syntax --- travis eval did not catch
2017-06-28 22:39:36 -04:00
John Ericson
b0ada07f36 wxMSW: Fix syntax --- travis eval did not catch 2017-06-28 22:31:24 -04:00
John Ericson
e1faeb574a Merge pull request #26884 from obsidiansystems/purge-stdenv-cross
Purge stdenv cross
2017-06-28 21:39:16 -04:00
hsloan
2f37cad1b9 wxMSW-2.8: Don't use stdenv ? cross 2017-06-28 21:29:07 -04:00
hsloan
c4ab3ef580 jom: Don't use stdenc.cross 2017-06-28 21:29:07 -04:00
hsloan
14d3ed8c38 sysvinit: Rely on cc-wrapper to export this env var 2017-06-28 21:29:07 -04:00
hsloan
a291194d2f shadow: Don't use stdenv ? cross 2017-06-28 21:28:34 -04:00
hsloan
b8ed3c65bb propcps: Rely on cc-wrapper to export this env var 2017-06-28 21:24:25 -04:00
hsloan
66e22e1229 mingetty: Rely on cc-wrapper to export this env var 2017-06-28 21:24:24 -04:00
hsloan
5d83d36389 mdadm: Don't use stdenv.cross 2017-06-28 21:24:24 -04:00
hsloan
a210b08d18 klibc: Don't use crossAttrs 2017-06-28 21:24:12 -04:00
hsloan
16781a3892 kernel perf: Don't use stdenv.cross 2017-06-28 20:23:09 -04:00
hsloan
1e3b45cfdb kernel manual-config: Don't use stdenv.cross 2017-06-28 20:23:09 -04:00
hsloan
459d07d41c kernel generic: Don't use stdenv.cross 2017-06-28 20:22:59 -04:00
hsloan
c5b4b6c911 kernel-headers: Don't use stdenv.cross 2017-06-28 19:44:04 -04:00
Will Dietz
707145a955 firejail: don't try to set setuid bit 2017-06-28 14:31:47 -05:00
Will Dietz
09d85c49c4 kbdlight: Fix installation permissions
Looks like NixOS creates a security wrapper for this already, FWIW.
2017-06-28 14:31:45 -05:00
Eelco Dolstra
32e492251b
systemd: Apply fix for CVE-2017-9445 2017-06-28 14:08:05 +02:00
Trevor Joynson
068341b1c7 iptstate: init at 2.2.6 (#26878)
* Add iptstate package

* iptstate: nit pick
2017-06-27 18:27:13 +01:00
Tim Steinbach
d2e199ca3c
linux: 4.4.73 -> 4.4.74 2017-06-27 08:14:47 -04:00
Tim Steinbach
c90a4b8541
linux: 4.12-rc6 -> 4.12-rc7 2017-06-26 09:58:37 -04:00
David McFarland
a08024bcb0 procps-ng: allow cygwin 2017-06-26 09:33:09 -03:00
Franz Pletz
b788956239
libcgroup: do not set suid bit in nix store 2017-06-26 09:13:34 +02:00
Michał Pałka
80e0cda7ff xen: patch for XSAs: 216, 217, 218, 219, 220, 221, 222, and 224
XSA-216 Issue Description:

> The block interface response structure has some discontiguous fields.
> Certain backends populate the structure fields of an otherwise
> uninitialized instance of this structure on their stacks, leaking
> data through the (internal or trailing) padding field.

More: https://xenbits.xen.org/xsa/advisory-216.html

XSA-217 Issue Description:

> Domains controlling other domains are permitted to map pages owned by
> the domain being controlled.  If the controlling domain unmaps such a
> page without flushing the TLB, and if soon after the domain being
> controlled transfers this page to another PV domain (via
> GNTTABOP_transfer or, indirectly, XENMEM_exchange), and that third
> domain uses the page as a page table, the controlling domain will have
> write access to a live page table until the applicable TLB entry is
> flushed or evicted.  Note that the domain being controlled is
> necessarily HVM, while the controlling domain is PV.

More: https://xenbits.xen.org/xsa/advisory-217.html

XSA-218 Issue Description:

> We have discovered two bugs in the code unmapping grant references.
>
> * When a grant had been mapped twice by a backend domain, and then
> unmapped by two concurrent unmap calls, the frontend may be informed
> that the page had no further mappings when the first call completed rather
> than when the second call completed.
>
> * A race triggerable by an unprivileged guest could cause a grant
> maptrack entry for grants to be "freed" twice.  The ultimate effect of
> this would be for maptrack entries for a single domain to be re-used.

More: https://xenbits.xen.org/xsa/advisory-218.html

XSA-219 Issue Description:

> When using shadow paging, writes to guest pagetables must be trapped and
> emulated, so the shadows can be suitably adjusted as well.
>
> When emulating the write, Xen maps the guests pagetable(s) to make the final
> adjustment and leave the guest's view of its state consistent.
>
> However, when mapping the frame, Xen drops the page reference before
> performing the write.  This is a race window where the underlying frame can
> change ownership.
>
> One possible attack scenario is for the frame to change ownership and to be
> inserted into a PV guest's pagetables.  At that point, the emulated write will
> be an unaudited modification to the PV pagetables whose value is under guest
> control.

More: https://xenbits.xen.org/xsa/advisory-219.html

XSA-220 Issue Description:

> Memory Protection Extensions (MPX) and Protection Key (PKU) are features in
> newer processors, whose state is intended to be per-thread and context
> switched along with all other XSAVE state.
>
> Xen's vCPU context switch code would save and restore the state only
> if the guest had set the relevant XSTATE enable bits.  However,
> surprisingly, the use of these features is not dependent (PKU) or may
> not be dependent (MPX) on having the relevant XSTATE bits enabled.
>
> VMs which use MPX or PKU, and context switch the state manually rather
> than via XSAVE, will have the state leak between vCPUs (possibly,
> between vCPUs in different guests).  This in turn corrupts state in
> the destination vCPU, and hence may lead to weakened protections
>
> Experimentally, MPX appears not to make any interaction with BND*
> state if BNDCFGS.EN is set but XCR0.BND{CSR,REGS} are clear.  However,
> the SDM is not clear in this case; therefore MPX is included in this
> advisory as a precaution.

More: https://xenbits.xen.org/xsa/advisory-220.html

XSA-221 Issue Description:

> When polling event channels, in general arbitrary port numbers can be
> specified.  Specifically, there is no requirement that a polled event
> channel ports has ever been created.  When the code was generalised
> from an earlier implementation, introducing some intermediate
> pointers, a check should have been made that these intermediate
> pointers are non-NULL.  However, that check was omitted.

More: https://xenbits.xen.org/xsa/advisory-221.html

XSA-222 Issue Description:

> Certain actions require removing pages from a guest's P2M
> (Physical-to-Machine) mapping.  When large pages are in use to map
> guest pages in the 2nd-stage page tables, such a removal operation may
> incur a memory allocation (to replace a large mapping with individual
> smaller ones).  If this allocation fails, these errors are ignored by
> the callers, which would then continue and (for example) free the
> referenced page for reuse.  This leaves the guest with a mapping to a
> page it shouldn't have access to.
>
> The allocation involved comes from a separate pool of memory created
> when the domain is created; under normal operating conditions it never
> fails, but a malicious guest may be able to engineer situations where
> this pool is exhausted.

More: https://xenbits.xen.org/xsa/advisory-222.html

XSA-224 Issue Description:

> We have discovered a number of bugs in the code mapping and unmapping
> grant references.
>
> * If a grant is mapped with both the GNTMAP_device_map and
> GNTMAP_host_map flags, but unmapped only with host_map, the device_map
> portion remains but the page reference counts are lowered as though it
> had been removed. This bug can be leveraged cause a page's reference
> counts and type counts to fall to zero while retaining writeable
> mappings to the page.
>
> * Under some specific conditions, if a grant is mapped with both the
> GNTMAP_device_map and GNTMAP_host_map flags, the operation may not
> grab sufficient type counts.  When the grant is then unmapped, the
> type count will be erroneously reduced.  This bug can be leveraged
> cause a page's reference counts and type counts to fall to zero while
> retaining writeable mappings to the page.
>
> * When a grant reference is given to an MMIO region (as opposed to a
> normal guest page), if the grant is mapped with only the
> GNTMAP_device_map flag set, a mapping is created at host_addr anyway.
> This does *not* cause reference counts to change, but there will be no
> record of this mapping, so it will not be considered when reporting
> whether the grant is still in use.

More: https://xenbits.xen.org/xsa/advisory-224.html
2017-06-26 07:01:24 +00:00
Franz Pletz
639b74e7be
Revert "linux: patch CVE-2017-1000364 (stack clash)"
This reverts commit aab71b31d5.

This was integrated into the stable 4.9 and 4.11 kernels.
2017-06-26 02:23:59 +02:00
Franz Pletz
40a04291c9
Merge branch 'master' into staging 2017-06-26 02:23:38 +02:00
Gabriel Ebner
252e9ec84a microcodeIntel: 20161104 -> 20170511 2017-06-25 17:41:57 +02:00
Tim Steinbach
03aed4cfcf
linux-copperhead: 4.11.6.d -> 4.11.7.a 2017-06-24 14:50:41 -04:00