ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-09-30 01:17:28 +03:00
Code Issues Projects Releases Wiki Activity
78,470 Commits 96 Branches 102 Tags 4.3 GiB
aff1f4ab94
Commit Graph

19 Commits

Author SHA1 Message Date
Franz Pletz
aff1f4ab94 Use general hardening flag toggle lists 
The following parameters are now available:

  * hardeningDisable
    To disable specific hardening flags
  * hardeningEnable
    To enable specific hardening flags

Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.

cc-wrapper supports the following flags:

  * fortify
  * stackprotector
  * pie (disabled by default)
  * pic
  * strictoverflow
  * format
  * relro
  * bindnow
 2016-03-05 18:55:26 +01:00
Robin Gloster
83bf03e1a3 glibc: disable stackprotector hardening 2016-02-27 08:20:53 +00:00
Robin Gloster
3477e662e6 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-02-27 00:08:08 +00:00
Vladimír Čunát
59617de6d7 glibc: 2.22 -> 2.23 
The two patches were included upstream.
(Even the one from guix, except for a whitespace difference.)
 2016-02-21 10:31:14 +01:00
Robin Gloster
bc21db3692 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-02-19 21:16:14 +00:00
Eelco Dolstra
1ab14aad7a glibc: Drop hurd support 
This hasn't been maintained since 2012.

Also, renamed glibc's kernelHeaders argument to linuxHeaders.
 2016-02-18 21:11:15 +01:00
Eelco Dolstra
f98a5946b7 glibc: 2.21 -> 2.22 2016-02-18 20:54:52 +01:00
Nathan Zadoks
b5aa8a4e64 glibc: patch CVE-2015-7547 
The glibc DNS client side resolver is vulnerable to a stack-based buffer
overflow when the getaddrinfo() library function is used. Software using
this function may be exploited with attacker-controlled domain names,
attacker-controlled DNS servers, or through a man-in-the-middle attack.
https://googleonlinesecurity.blogspot.co.uk/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
 2016-02-16 16:15:07 +01:00
Robin Gloster
f6d3b7a2ae switch hardening flags 2016-01-30 16:36:57 +00:00
Franz Pletz
954e9903ad Use a hardened stdenv by default 2016-01-30 16:36:57 +00:00
Eelco Dolstra
6a766f47c2 glibc: Fix assertion failure when using incompatible locale data 
Borrowed from

  http://git.savannah.gnu.org/cgit/guix.git/plain/gnu/packages/patches/glibc-locale-incompatibility.patch

https://github.com/NixOS/nix/issues/599

We may also want to apply

  http://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/patches/glibc-versioned-locpath.patch

but we'll need to ditch locale-archive first. (Apparently
locale-archive is not very useful anymore anyway.)
 2015-12-02 11:27:39 +01:00
Vladimír Čunát
1fbbeff0c1 glibc: apply four security fixes from upstream 
Fixes CVE-2014-8121, CVE-2015-1781 and two unnumbered problems (apparently).
All these commits should be contained in the 2.22 release,
but we don't want that yet due to unresolved locale incompatibilites.
 2015-08-18 20:58:39 +02:00
Vladimír Čunát
596bf235b6 glibc: security fix CVE-2014-8121, fixes #7207 2015-04-09 20:42:35 +02:00
Vladimír Čunát
54fc2db1b8 glibc: update 2.20 -> 2.21, including security fixes 
Fixes #6578.
https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html

- I had to disable one warning-error type.
- One of our patches needed modification - it seemed that just the context
  changed without affecting the purpose of the patch.
 2015-03-03 11:31:01 +01:00
Ludovic Courtès
41b53577a8 unmaintain a bunch of packages 2015-01-13 22:33:49 +01:00
John Wiegley
28b6fb61e6 Change occurrences of gcc to the more general cc 
This is done for the sake of Yosemite, which does not have gcc, and yet
this change is also compatible with Linux.
 2014-12-26 11:06:21 -06:00
Vladimír Čunát
975a822778 glibc: improve nscd version check after e316672dcb 2014-11-11 11:06:57 +01:00
Eelco Dolstra
dac591aae6 glibc: Update to 2.20 2014-10-29 17:54:47 +01:00
Eelco Dolstra
1b55b07eeb glibc/2.19 -> glibc 
We only have one version of Glibc so no need for a separate directory.
 2014-10-29 13:42:59 +01:00