Commit Graph

5815 Commits

Author SHA1 Message Date
Dmytro Rets
e8220d3264
Update broadcom URL for broadcom-sta driver. 2016-12-08 11:50:31 +02:00
Tim Steinbach
c9d1d430ec
linux: 4.9-rc7 -> 4.9-rc8 2016-12-05 19:40:11 -05:00
Joachim Fasting
9578299bbe
grsecurity: 4.8.11-201611271225 -> 4.8.12-201612031658 2016-12-06 01:24:32 +01:00
Joachim Fasting
cc396697a6
grsecurity: enable ability to lock in readonly mounts 2016-12-06 01:24:12 +01:00
Joachim Fasting
0e765c72e5
grsecurity: enable module hardening 2016-12-06 01:23:58 +01:00
Joachim Fasting
071fbcda24
grsecurity: enable optional sysfs restrictions
Fairly severe, but can be disabled at bootup via
grsec_sysfs_restrict=0. For the NixOS module we ensure that it is
disabled, for systemd compatibility.
2016-12-06 01:23:36 +01:00
Joachim Fasting
8c1f5afdf3
grsecurity: delay toggling of sysctls until system is up
We generally trust init, so there's little point in having these enabled
during early bootup; it accomplishes little except fill our logs with
spam.
2016-12-06 01:22:53 +01:00
Tuomas Tynkkynen
9ccc14b1bc linux_rpi: Add some feature flags
Copied from linux_4_4 (except for the EFI stub thing).

Otherwise the firewall module fails to evaluate:
Failed assertions:
- This kernel does not support rpfilter
2016-12-04 18:18:06 +02:00
Jörg Thalheim
e00632e200 Merge pull request #20858 from Mic92/lxcfs
lxcfs: init at 2.0.4
2016-12-04 11:33:07 +01:00
Tim Steinbach
4f8b74b401 Merge pull request #20866 from NeQuissimus/linux_4_8_12
linux: 4.8.11 -> 4.8.12
2016-12-02 18:28:46 -05:00
Tim Steinbach
853b6493c8
linux: 4.8.11 -> 4.8.12 2016-12-02 14:29:00 -05:00
Tim Steinbach
654f5df5dc
linux: 4.4.35 -> 4.4.36 2016-12-02 14:28:26 -05:00
Jörg Thalheim
af609b0254
lxcfs: init at 2.0.4 2016-12-02 13:52:03 +01:00
Tim Steinbach
5afc6b506c
linux: 4.1.35 -> 4.1.36 2016-12-01 20:34:02 -05:00
Joachim F
85ecde87c8 Merge pull request #20804 from danbst/fix-shadow
shadow: fix collision with coreutils (man groups.1.gz)
2016-12-01 23:08:30 +01:00
danbst
ac51528df8 shadow: fix collision with coreutils (man groups.1.gz)
The `groups.1.gz` collides with one from coreutils. The code to fix this
was already present in expression, but wrongly assumes that share/man/man1
directory will be copied to `man` output after `installPhase`.

It turned out, that man directory is set at configure step, so we should
remove file from `man` output.
2016-11-30 01:44:28 +02:00
Tim Steinbach
18a3225dac
linux: 3.12.67 -> 3.12.68 2016-11-29 17:40:17 -05:00
Tuomas Tynkkynen
8a4d6516ee Merge remote-tracking branch 'upstream/staging' into master 2016-11-30 00:34:23 +02:00
Franz Pletz
e43f2fc868
Revert "lxc: 2.0.4 -> 2.0.6"
This reverts commit 5d804566df.

This was an error on my part. I had the commit sitting on my local master
and pulled upstream to rebase my commit before pushing. I didn't notice
there was a commit bumping lxc and the auto-merge on the rebase.
2016-11-29 15:42:37 +01:00
Matt McHenry
f0bdca82c0 linuxPackages.ati_drivers_x11: patch for kernel 4.7+ (#19810) 2016-11-28 19:56:50 +01:00
Franz Pletz
5d804566df
lxc: 2.0.4 -> 2.0.6
Fixes CVE-2016-8649.

See https://lists.linuxcontainers.org/pipermail/lxc-users/2016-November/012597.html.
2016-11-28 19:04:42 +01:00
Alexander V. Nikolaev
a8eeef62e6 lxc: 2.0.4 -> 2.0.6 (security)
https://security-tracker.debian.org/tracker/CVE-2016-8649
2016-11-28 15:17:06 +02:00
Alexander V. Nikolaev
121da5e938 lxc: fix sandbox builds
Package attempt to write /etc/bash_completion.d, I directed it to
"${out}/etc/bash_completion.d" as it was suggested.
2016-11-28 15:17:05 +02:00
Joachim Fasting
5da1394a58
Revert "gradm: fix using gradm while the RBAC system is active"
This reverts commit fdbf7dc8b3.

Unfortunately, while gradm now works when the RBAC system is enabled,
gradm still fails when full system learning is enabled, so I probably
need to try again later.
2016-11-28 11:41:12 +01:00
Joachim Fasting
b90ed0cc80
grsecurity: 4.8.10-201611232213 -> 4.8.11-201611271225 2016-11-28 11:41:10 +01:00
Joachim Fasting
4c7323545b
Revert "grsecurity: work around for #20490"
This reverts commit e38b74ba89.

I failed to notice f19c961b4e461da045f2e72e73701059e5117be0; better
use that fix instead.
2016-11-28 11:40:55 +01:00
Tim Steinbach
eecf76eaa2
linux: 4.9-rc6 -> 4.9-rc7 2016-11-27 19:48:24 -05:00
Tuomas Tynkkynen
86ea3126bc linux_rpi: 1.20160620 -> 1.20161020 2016-11-28 00:24:00 +02:00
Tuomas Tynkkynen
25d6bfa258 raspberrypifw: 1.20160620 -> 1.20161020 2016-11-28 00:23:40 +02:00
Tim Steinbach
b47307bd74
linux: 4.8.10 -> 4.8.11 2016-11-26 16:29:23 -05:00
Tim Steinbach
cc77360bed
linux: 4.4.34 -> 4.4.35 2016-11-26 16:28:58 -05:00
Jörg Thalheim
01172c2ccf Merge pull request #20591 from NeQuissimus/linux_4_9_rc6
linux: 4.9-rc5 -> 4.9-rc6
2016-11-26 16:00:16 +01:00
Vladimír Čunát
925b335607
Merge branch 'master' into staging 2016-11-26 11:27:09 +01:00
Frederik Rietdijk
231cd277df nvidia-x11: 367.57 -> 375.20 2016-11-26 09:31:10 +01:00
Joachim Fasting
fdbf7dc8b3
gradm: fix using gradm while the RBAC system is active
The built-in ACL prevents the gradm binary from loading dynamic
libraries from the Nix store.  Thus, once the RBAC system is activated,
the gradm binary cannot be used.

Fix by patching in rules to allow references to the Nix store where
appropriate.
2016-11-26 02:59:35 +01:00
Frederik Rietdijk
6a8c708d6d cryptsetup: use python2 2016-11-24 22:28:04 +01:00
Frederik Rietdijk
d8b0096704 dstat: use python2 2016-11-24 22:28:03 +01:00
Joachim Fasting
f9d787c67b
grsecurity: 4.8.10-201611210813 -> 201611232213 2016-11-24 12:08:12 +01:00
Nikolay Amiantov
be95ceaff2 treewide: quote URLs in my packages 2016-11-24 01:17:52 +03:00
Franz Pletz
7974d7493a
linux: compress kernel image with xz 2016-11-23 02:24:13 +01:00
Tim Steinbach
e4a1b76457
linux: 4.8.9 -> 4.8.10 2016-11-21 18:07:17 -05:00
Tim Steinbach
d62069aca4
linux: 4.4.33 -> 4.4.34 2016-11-21 18:06:57 -05:00
Joachim Fasting
96194467e6
grsecurity: 4.8.8-201611150756 -> 4.8.10-201611210813 2016-11-21 23:15:14 +01:00
Tim Steinbach
f6bbc6c477
linux: 4.9-rc5 -> 4.9-rc6 2016-11-20 17:23:32 -05:00
Joachim Fasting
6d428242a9
linuxPackages.spl: now builds against grsecurity kernel 2016-11-20 23:01:34 +01:00
Joachim Fasting
0df3553a38
paxtest: 0.9.14 -> 0.9.15 2016-11-20 23:01:31 +01:00
Joachim Fasting
32c71c06d2
pax-utils: 1.1.6 -> 1.1.7 2016-11-20 23:01:28 +01:00
Pascal Wittmann
f7e0bc2ae7
Make all meta.maintainers attributes lists 2016-11-20 18:06:03 +01:00
Franz Pletz
1fec301ac5
zfs: remove zfs-tests
Removes runtime dependency on gcc and reduces closure size by more than 110MB.
2016-11-20 04:49:42 +01:00
Franz Pletz
94731510c4
wireguard: 0.0.20161110 -> 0.0.20161116.1 2016-11-20 04:48:56 +01:00
Tim Steinbach
13491f9f48 Merge pull request #20552 from NeQuissimus/linux_4_8_9
linux: 4.8.8 -> 4.8.9
2016-11-19 09:03:00 -05:00
Tim Steinbach
d3b8a77834
linux: 4.4.32 -> 4.4.33 2016-11-19 08:56:31 -05:00
Tim Steinbach
250224bf01
linux: 4.8.8 -> 4.8.9 2016-11-19 08:55:57 -05:00
Vladimír Čunát
b69f568f4c
Merge branch 'staging'
Hydra rebuild looks fine; only a few Darwin jobs is queued:
http://hydra.nixos.org/eval/1304891?compare=1304807
2016-11-19 04:35:51 +01:00
Joachim Fasting
e38b74ba89
grsecurity: work around for #20490
In `scripts/Makefile.modinst`, the code that generates the list of
modules to install passes file names via the command line.  When
installing a grsecurity kernel, this list appears to exceed the
shell's argument list limit, as in

    make[2]: execvp: /nix/store/[...]-bash-4.3-p46/bin/bash: Argument list too long

The build does not fail, however, but the list of modules to be installed ends
up being empty.  Thus, the resulting kernel package output contains no modules,
rendering it useless.

We work around this by patching the makefile to use `find -exec` to
process files.  Why this would occur for grsecurity and not other
kernels is unknown, most likely there's something *else* that is
actually causing this behaviour, so this is a temporary fix until that
cause is found.

Fixes https://github.com/NixOS/nixpkgs/issues/20490
2016-11-18 16:14:26 +01:00
Vladimír Čunát
8b565d6478
Merge #20081: update alsa lib, plugins and utils 2016-11-17 11:26:00 +01:00
Franz Pletz
ba73dbbda6
batman-adv: 2016.3 -> 2016.4 2016-11-17 08:14:18 +01:00
Tim Steinbach
a4cd6f1378 Merge pull request #20441 from NeQuissimus/linux_4_4_32
linux: 4.4.31 -> 4.4.32
2016-11-15 17:49:00 -05:00
Tim Steinbach
819884119c Merge pull request #20439 from NeQuissimus/linux_4_8_8
linux: 4.8.7 -> 4.8.8
2016-11-15 17:48:07 -05:00
Joachim Fasting
0d4e1b5edd
grsecurity: 4.8.7-201611142350 -> 4.8.8-201611150756 2016-11-15 22:57:25 +01:00
Tim Steinbach
24c342fde7
linux: 4.4.31 -> 4.4.32 2016-11-15 12:31:27 -05:00
Tim Steinbach
9e851d3b11
linux: 4.8.7 -> 4.8.8 2016-11-15 12:30:55 -05:00
Joachim Fasting
afab1a948e
grsecurity: 4.8.7-201611102210 -> 201611142350 2016-11-15 13:11:47 +01:00
Franz Pletz
c9bd751a16 Merge pull request #20405 from Mic92/wireguard
wireguard: 2016-10-25 -> 0.0.20161110
2016-11-15 01:54:17 +01:00
Thomas Tuegel
ad7d59c59f Merge pull request #20369 from asymmetric/bluez
bluez: 5.40 -> 5.43
2016-11-14 15:27:41 -06:00
Tim Steinbach
f7fd568678 Merge pull request #20413 from NeQuissimus/linux_4_9_rc5
linux: 4.9-rc4 -> 4.9-rc5
2016-11-14 10:05:20 -05:00
Tim Steinbach
a87c8ad05f
linux: 4.9-rc4 -> 4.9-rc5 2016-11-14 09:40:27 -05:00
Tim Steinbach
91ae568ec7
broadcom_sta: Fix hash 2016-11-14 09:36:06 -05:00
Jörg Thalheim
c0f9bc9b4e
wireguard: 2016-10-25 -> 0.0.20161110 2016-11-14 09:29:58 +01:00
Joachim Fasting
cad9212813
grsecurity: 4.7.10-201611011946 -> 4.8.7-201611102210 2016-11-14 00:16:19 +01:00
Vladimír Čunát
1ac5869907
Merge #19936: vulkan / amdgpu-pro update 2016-11-13 20:06:40 +01:00
David McFarland
3d4a280c35 amdgpu-pro: 16.30.3-315407 -> 16.40-348864 2016-11-13 12:44:28 -04:00
David McFarland
e1a25aeb65 amdgpu-pro: fix kernel module for linux-4.8 2016-11-13 12:44:28 -04:00
David McFarland
6bf27c2cae vulkan-loader: allow validation layers to be enabled
The loader now uses XDK_DATA_DIRS to find drivers and layers.
2016-11-13 12:44:27 -04:00
Lorenzo Manacorda
b83c0783d3 bluez: 5.40 -> 5.43 2016-11-12 18:12:10 +01:00
Joachim Fasting
081a871771
Revert "Merge pull request #20302 from spacekitteh/patch-10"
This reverts commit e02173c70c, reversing
changes made to c2b4a0d266.

Breaks all grsec packages; Not having binary substitutes for no good
reason is disruptive to my workflow, so I'll just revert this for now.
2016-11-12 14:02:20 +01:00
Tim Steinbach
e02173c70c Merge pull request #20302 from spacekitteh/patch-10
grsecurity_testing: 4.7.10 -> 4.8.7
2016-11-11 22:03:39 -05:00
Sophie Taylor
fa180d0d63 grsec: 4.8.6 -> 4.8.7 2016-11-12 12:54:47 +10:00
Tim Steinbach
c2b4a0d266 Merge pull request #20327 from NeQuissimus/linux_4_9_rc4
linux: 4.9-rc3 -> 4.9-rc4
2016-11-11 18:11:02 -05:00
Tim Steinbach
52cc30cd87 Merge pull request #20326 from NeQuissimus/linux_3_12_67
linux: 3.12.66 -> 3.12.67
2016-11-11 18:10:16 -05:00
Tim Steinbach
933dfca167 Merge pull request #20322 from NeQuissimus/linux_4_8_7
linux: 4.8.6 -> 4.8.7
2016-11-10 21:12:06 -05:00
Tim Steinbach
ad19b9bde5
linux: 4.9-rc3 -> 4.9-rc4 2016-11-10 21:08:28 -05:00
Tim Steinbach
0a1f39eb91
linux: 4.8.6 -> 4.8.7 2016-11-10 21:07:56 -05:00
Tim Steinbach
579f5fd9dd
linux: 4.4.30 -> 4.4.31 2016-11-10 21:07:24 -05:00
Tim Steinbach
cc62ecc2d9
linux: 3.12.66 -> 3.12.67 2016-11-10 21:06:54 -05:00
Tuomas Tynkkynen
74ecbbe4e3 kernel config: Ensure SECCOMP_FILTER is enabled
As noted in a97db109a2, SECCOMP_FILTER must be enabled or systemd gets
very unhappy.
2016-11-11 02:10:20 +02:00
Peter Hoeg
cb93b34999 SMB2 support for CIFS
[tuomas: removed unneeded kernel version check]
Signed-off-by: Tuomas Tynkkynen <tuomas@tuxera.com>
2016-11-11 02:10:20 +02:00
Sophie Taylor
6476f11f40 grsecurity patch update to kernel 4.8.6 2016-11-10 12:44:22 +10:00
Tim Digel
4a7cf195a4 molly-guard: init at 0.6.3 2016-11-09 14:39:44 +01:00
Tobias Geerinckx-Rice
ea301adfd1
pagemon: 0.01.08 -> 0.01.10 2016-11-09 02:24:50 +01:00
Tobias Geerinckx-Rice
11dacb7e2c
mcelog: 142 -> 144 2016-11-09 02:24:45 +01:00
Kjetil Ørbekk
0d5caf138a tpacpi-bat: init at 3.0 (#20213) 2016-11-08 02:46:34 +01:00
Guillaume Maudoux
eb9d126d2c linux_mptcp: 0.91 -> 0.91.2 2016-11-07 14:15:33 +01:00
Joachim Fasting
ae5d404509
lttng-modules: 2.8.0 -> 2.8.3
Fixes build against linux >=4.8

Full changelog at
https://git.lttng.org/?p=lttng-tools.git;a=blob_plain;f=ChangeLog;hb=13dc409a5ea439b96b805c3c71886a3fcfad18e8

Tested with nix-build -A linuxPackages.lttng-modules -A linuxPackages_latest.lttng-modules
2016-11-06 13:57:34 +01:00
Lorenzo Manacorda
98fb9ded4e light: 0.9 -> 1.0 (#20193)
Update to version 1.0
2016-11-06 03:47:22 +01:00
Tobias Geerinckx-Rice
cd2d81ab52
mcelog: 138 -> 142 2016-11-05 18:44:10 +01:00
Tim Steinbach
cc7c28332b
Remove ttysnoop
No longer exists
2016-11-04 11:18:52 -04:00
Tim Steinbach
20c2980640
Remove cryopid
No longer builds / exists
2016-11-03 21:43:17 -04:00
Yochai Meir
e70560ff98 rtl8812au: compiles on linux 4.8 2016-11-03 19:53:37 +02:00
Bjørn Forsman
a6283c1126 devmem2: init at 2004-08-05
A simple program to read/write from/to any location in memory.

Unfortunately the homepage doesn't have a versioned source code download
URL. On the other hand, the program is pretty stable, with no change for
the last 12 years...
2016-11-03 15:44:56 +01:00
Joachim Fasting
d9b5cd41c5
grsecurity: 4.7.10-201610262029 -> 201611011946 2016-11-03 13:55:23 +01:00
Bart Brouns
af0f12299b alsa-utils: 1.1.0 -> 1.1.2 2016-11-02 13:07:28 +01:00
Bart Brouns
01fe648552 alsa-plugins: 1.1.0 -> 1.1.1 2016-11-02 13:07:21 +01:00
Bart Brouns
2e1871fdd9 alsa-lib: 1.1.1 -> 1.1.2 2016-11-02 13:07:15 +01:00
Tim Steinbach
874abe694a
linux: 4.8.5 -> 4.8.6 2016-11-01 08:58:53 -04:00
Shea Levy
2dbaf3a336 lksctp-tools: init at 1.0.17 2016-11-01 07:28:41 -04:00
Eelco Dolstra
ef1a188e07 linux: 4.4.28 -> 4.4.30 2016-11-01 11:31:00 +01:00
Franz Pletz
cbd4c9f78b
iputils: install manpage for traceroute6 2016-10-31 14:33:59 +01:00
Moritz Ulrich
7e4c7d6af0 wpa_supplicant_gui: Add forgotten patch. 2016-10-30 22:29:44 +01:00
Moritz Ulrich
19bdc31ed6 wpa_supplicant_gui: Replace inkscape with imagemagick in build process. 2016-10-30 22:28:08 +01:00
Vladimír Čunát
3be635b9b5
Merge linux kernel maintenance updates
PRs: #19995 #19996 #19997
2016-10-30 17:29:43 +01:00
Jörg Thalheim
c1b0ec5266
android-udev-rules: 20160805 -> 20161014 2016-10-30 17:05:11 +01:00
Tim Steinbach
f154459cf4
linux: 4.9-rc2 -> 4.9-rc3 2016-10-30 10:30:07 -04:00
Tim Steinbach
1af5b2a80c
linux: 4.4.27 -> 4.4.28 2016-10-30 10:29:37 -04:00
Tim Steinbach
8073430d95
linux: 4.8.4 -> 4.8.5 2016-10-30 10:28:55 -04:00
Tim Steinbach
4a70445fff Merge pull request #19903 from carlsverre/update/sysdig
sysdig: 0.10.0 -> 0.12.0
2016-10-27 14:10:39 -04:00
Tim Steinbach
81b0db3915 Merge pull request #19910 from NeQuissimus/busybox_1_25_1
busybox: 1.24.2 -> 1.25.1
2016-10-27 12:47:46 -04:00
Tim Steinbach
a5c1985fef
busybox: 1.24.2 -> 1.25.1 2016-10-27 09:31:21 -04:00
Joachim Fasting
dfdaea1240
grsecurity: 4.7.10-201610222037 -> 201610262029 2016-10-27 15:03:27 +02:00
Graham Christensen
2f3b62375f Merge pull request #19891 from NeQuissimus/kernel_4_9_rc2
kernel: 4.9-rc1 -> 4.9-rc2
2016-10-27 08:36:23 -04:00
Graham Christensen
ad2deee7d1 Merge pull request #19894 from NeQuissimus/kernel_3_18_44
kernel: 3.18.42 -> 3.18.44
2016-10-27 08:36:17 -04:00
Graham Christensen
c654ec0f25 Merge pull request #19893 from NeQuissimus/kernel_3_12_66
kernel: 3.12.63 -> 3.12.66
2016-10-27 08:36:10 -04:00
Graham Christensen
00e2bc22db Merge pull request #19890 from NeQuissimus/kernel_3_10_104
kernel: 3.10.103 -> 3.10.104
2016-10-27 08:35:54 -04:00
Tim Steinbach
b86310fccf wpa_supplicant: 2.5 -> 2.6 (#19913) 2016-10-27 13:57:56 +02:00
Tim Steinbach
b02646f93b
kernel: 3.18.42 -> 3.18.44 2016-10-26 19:23:43 -04:00
Tim Steinbach
e5e84ecbbd
kernel: 3.12.63 -> 3.12.66 2016-10-26 19:17:46 -04:00
Tim Steinbach
e4773819f4
kernel: 3.10.103 -> 3.10.104 2016-10-26 19:13:21 -04:00
Vladimír Čunát
6404a30afb
Merge #19892: kernel: 4.1.33 -> 4.1.35 2016-10-26 22:11:30 +02:00
Carl Sverre
96a3e00929 sysdig: 0.10.0 -> 0.12.0 2016-10-26 11:19:41 -07:00
Franz Pletz
6e17ee638c
wireguard: 2016-10-01 -> 2016-10-25 2016-10-26 16:49:52 +02:00
Tim Steinbach
e9a5cf3f6f
kernel: 4.9-rc1 -> 4.9-rc2 2016-10-26 09:11:00 -04:00
Tim Steinbach
89cd922a6a
kernel: 4.1.33 -> 4.1.35 2016-10-26 09:04:37 -04:00
Frederik Rietdijk
7077a270bf Merge remote-tracking branch 'upstream/master' into HEAD 2016-10-26 13:06:43 +02:00
Tim Steinbach
b3f7d626c1
kernel: remove 4.7 2016-10-24 21:30:00 -04:00
Joachim Fasting
5440c1a64c
grsecurity: 4.7.9-201610200819 -> 4.7.10-201610222037
Notably, this pulls in the dirtycow fix from upstream (but I've been
unable to execute the POC exploits on grsec kernels without that fix
...)
2016-10-23 17:14:40 +02:00
Tim Steinbach
a3989b87df Merge pull request #19772 from NeQuissimus/linux_4_8_4
linux: 4.8.3 -> 4.8.4
2016-10-22 12:14:59 -04:00
Tim Steinbach
72d91f95cb Merge pull request #19771 from NeQuissimus/linux_4_7_10
linux: 4.7.9 -> 4.7.10
2016-10-22 12:14:26 -04:00
Tim Steinbach
8d0ca31849
linux: 4.8.3 -> 4.8.4 2016-10-22 12:11:37 -04:00
Tim Steinbach
adbe0e0a13
linux: 4.7.9 -> 4.7.10 2016-10-22 12:11:09 -04:00
Tim Steinbach
4489454b83
linux: 4.4.26 -> 4.4.27 2016-10-22 12:10:34 -04:00
Frederik Rietdijk
e56832d730 Merge remote-tracking branch 'upstream/master' into HEAD 2016-10-22 17:23:24 +02:00
Joachim Fasting
ed5d146e9d
grsecurity: 4.7.7-201610101902 -> 4.7.9-201610200819 2016-10-21 01:50:53 +02:00
Vladimír Čunát
4d5b893002 Merge #19081: gnome-3.22
Also master commits are brought in.
2016-10-20 23:04:10 +02:00
Vladimír Čunát
fabfb0a900 Merge #19725: kernel: 4.7.8 -> 4.7.9 2016-10-20 19:45:25 +02:00
Tim Steinbach
963804ba8e
kernel: 4.7.8 -> 4.7.9 2016-10-20 13:08:53 -04:00
Tim Steinbach
0c3e5217fc
kernel: 4.8.2 -> 4.8.3 2016-10-20 13:06:03 -04:00
Eelco Dolstra
76a57d83b5 linux: 4.4.25 -> 4.4.26 2016-10-20 13:37:19 +02:00
Tim Steinbach
dac481d999 Merge pull request #19648 from NeQuissimus/linux_4_7_8
linux_4_7: 4.7.7 -> 4.7.8
2016-10-19 14:48:47 -04:00
Tim Steinbach
84e4dcb34b Merge pull request #19649 from NeQuissimus/linux_4_8_2
linux_4_8: 4.8.1 -> 4.8.2
2016-10-19 14:38:11 -04:00
Tim Steinbach
70c8de0536 Merge pull request #19652 from NeQuissimus/linux_4_9_rc1
linux_testing: 4.8-rc6 -> 4.9-rc1
2016-10-19 14:35:21 -04:00
Eelco Dolstra
13f43c7ebc linux: 4.4.24 -> 4.4.25 2016-10-19 17:11:53 +02:00
Tuomas Tynkkynen
59f12d9394 kernel config: Add some filesystem options
Enable encryption support for both F2FS and ext4. For ext4 this is a bit
tricky, since pre-4.8 the way to enable it as a module was just
"EXT4_ENCRYPTION=m" but after that it changed to "FS_ENCRYPTION=m &&
EXT4_ENCRYPTION=y".

Also make sure UDF is enabled.
2016-10-19 16:44:08 +03:00
Frederik Rietdijk
58c41ecd35 crda: use python2 2016-10-18 23:16:08 +02:00
Frederik Rietdijk
e9f8ee3ab4 iotop: use python2 2016-10-18 23:14:35 +02:00
Tuomas Tynkkynen
ba42683e9a libselinux: Fix ARM build failure
Avoid this warning (which is in turn an error via -Werror):
````
avc_internal.c: In function 'avc_netlink_receive':
avc_internal.c:105:25: error: cast increases required alignment of target type [-Werror=cast-align]
 struct nlmsghdr *nlh = (struct nlmsghdr *)buf;
                        ^
````

The code allocates abuffer with "__attribute__ ((aligned))",
then passes it via a 'char*' parameter, which is then finally cast,
causing the warning. So the code is ok but compiler is not smart
enough to see it.

It seems that -Wcast-align is a no-op on x86, so this shows up on ARM
only.
2016-10-18 23:54:29 +03:00
Tim Steinbach
51c9c2f851
linux_testing: 4.8-rc6 -> 4.9-rc1 2016-10-18 11:19:46 -04:00
Tim Steinbach
0acfbaa5b2
linux_4_8: 4.8.1 -> 4.8.2 2016-10-18 10:13:02 -04:00
Tim Steinbach
55adff59f1
linux_4_7: 4.7.7 -> 4.7.8 2016-10-18 10:12:26 -04:00
Graham Christensen
3bd1e62a6d Merge pull request #19578 from grahamc/facetimehd
facetimehd: 2016-05-02 -> 2016-10-09
2016-10-17 17:11:18 -04:00
Jörg Thalheim
756a6949f8 Merge pull request #19603 from aneeshusa/adopt-google-authenticator
[WIP] Adopt google authenticator
2016-10-16 22:06:40 +02:00
Nikolay Amiantov
40547dd4c4 cachefilesd: init at 0.10.9 2016-10-16 19:58:29 +03:00
Aneesh Agrawal
31b4fcd0b7 google-authenticator: adopt package 2016-10-16 12:42:51 -04:00
Graham Christensen
634a098940
linuxPackages.nvidia_x11: Remove us prefix from mirror
At the time of the last upgrade, the new driver wasn't available on
anything but their US mirror. Pinning to the US mirror isn't
recommended or preferable, but I did it anyway to be able to get the
upgrade out.
2016-10-16 11:08:17 -04:00
Graham Christensen
37bc2c0bbf
broadcom-sta: Support linux-4.8 2016-10-15 08:06:30 -04:00
Graham Christensen
2525a3d682
facetimehd: 2016-05-02 -> 2016-10-09 2016-10-15 07:42:08 -04:00
Tim Steinbach
b43c0dab8e
conky: 1.10.3 -> 1.10.5 2016-10-14 23:16:45 -04:00
Vladimír Čunát
061758490f Merge branch 'master' into staging
... to get the openssl mass rebuild: 942dbf89c.
2016-10-14 13:16:11 +02:00
Vladimír Čunát
6eeea6effd Python: more evaluation fixups. 2016-10-14 00:03:12 +02:00
Franz Pletz
f30f7d0cff
powertop: add homepage, cleanup 2016-10-14 00:02:30 +02:00
Graham Christensen
88a47f1950 Merge pull request #19467 from grahamc/nvidia-x11-master
nvidia-x11: 367.35 -> 367.57
2016-10-12 19:07:29 -04:00
Graham Christensen
b98c0a668e
nvidia-x11: 367.35 -> 367.57 2016-10-11 19:43:58 -04:00
Vladimír Čunát
9d1dfc9ed0 Merge #18861: add AMDGPU-PRO driver 2016-10-11 19:57:30 +02:00
David McFarland
3b4ce62451 amdgpu-pro: Init at 16.30.3-315407 2016-10-11 14:19:38 -03:00
Joachim Fasting
ce73a3ea0f grsecurity: 4.7.6-201609301918 -> 4.7.7-201610101902 2016-10-11 13:15:16 +02:00
Eelco Dolstra
88f10ad409 aggregateModules: Preserve kernel's modules.{builtin,order}
Fixes #19426.
2016-10-11 11:42:41 +02:00
sternenseemann
3fb2993cb3 maintainers: rename lukasepple according to github account name 2016-10-09 22:04:22 +02:00
Aneesh Agrawal
f0602d2d36 kernel: Make SECURITY_YAMA optional
It's highly recommended, but not required to run NixOS.
2016-10-08 17:46:33 +02:00
Aneesh Agrawal
a000ed181c linux config: enable the Yama LSM (#14392)
The Yama Linux Security Module restricts the use of ptrace so that
processes cannot ptrace processes that are not their children. This
prevents attackers from compromising one user-level processes and
snooping on the memory and runtime state of other processes owned
by the same user.
2016-10-08 16:40:12 +02:00
Tim Steinbach
a699eb4798 linux: 4.4.23 -> 4.4.24 (#19346) 2016-10-08 07:02:07 +02:00
Tim Steinbach
9481edec56 linux: 4.7.6 -> 4.7.7 (#19345) 2016-10-08 07:01:51 +02:00
Tim Steinbach
07e67b33af linux: 4.8.0 -> 4.8.1 (#19344) 2016-10-08 07:01:27 +02:00
Marco Maggesi
435673b948 Revert "Revert "linux*: remove 3.14, as it's no longer maintained""
In the end, it is too dangerous to have an unmaintained kernel in
nixpkgs.  Revert the revert.

This reverts commit e921725176.
2016-10-07 23:26:32 +02:00
Marco Maggesi
e921725176 Revert "linux*: remove 3.14, as it's no longer maintained"
This is the simplest way to reenable the use of BLCR
(which at present requires linux version >3.12 <3.18)
until we find a better solution.

This reverts commit 6a9e765e27.
2016-10-07 14:31:24 +02:00
Thomas Tuegel
2e255a2edd
Merge branch 'staging' 2016-10-06 09:51:02 -05:00
Eelco Dolstra
a8b61b0aad Merge pull request #19278 from anderspapitto/local
perf: add dependency on libaudit
2016-10-06 11:45:54 +02:00
Anders Papitto
aa44330963 perf: add dependency on libaudit
the `trace` subcommand of perf is only enabled when libaudit is
available at compile time
2016-10-05 17:59:44 -07:00
Jörg Thalheim
638d4b4d71 Merge pull request #19265 from Mic92/rtkit
rtkit: apply security relevant patch
2016-10-06 00:07:35 +02:00
Eelco Dolstra
f084274eeb Merge pull request #19251 from groxxda/patch-2
kernel: Disable RT_GROUP_SCHED
2016-10-05 20:05:18 +02:00
Vladimír Čunát
30f551d8b2 Merge branch 'master' into staging 2016-10-05 19:02:48 +02:00
Jörg Thalheim
c684eb756a
rtkit: *security* Pass uid of caller to polkit
Otherwise, we force polkit to look up the uid itself in /proc, which is racy if
they execve() a setuid binary.
2016-10-05 18:11:02 +02:00
Alexander Ried
96fbdf8594 kernel: Disable RT_GROUP_SCHED
Follow systemd recommendation
fd74fa791f/README (L96-L103)
2016-10-05 12:52:45 +02:00
Alexander Ried
4e91e8cb3d rtkit: add patch from debian to remove ControlGroup stanza
fixes log clutter:
systemd[1]: [/nix/store/....-rtkit-0.11/etc/systemd/system/rtkit-daemon.service:32] Unknown lvalue 'ControlGroup' in section 'Service'
2016-10-05 11:23:11 +02:00
Thomas Tuegel
d067b7bd35
Merge branch 'kde-5' into staging 2016-10-04 21:50:17 -05:00
Shea Levy
e54313d183 Revert "Revert "Linux 4.8""
Now featuring @aszlig's modinst_arg_list_too_long patch.

This reverts commit 43bedb970d.

Fixes #19213
2016-10-04 10:10:36 -04:00
Shea Levy
43bedb970d Revert "Linux 4.8"
This reverts commit e4958d54b1.
2016-10-03 22:04:43 -04:00
Vladimír Čunát
1525568c74 util-linux: fixup patch hash from grandparent merge
And name the file, too.
2016-10-03 23:06:51 +02:00
Jörg Thalheim
45f64a37c9 Merge pull request #19175 from Mic92/util-linux
util-linux: workaround CVE-2016-2779
2016-10-03 22:53:21 +02:00
Jörg Thalheim
888f6a1280 Merge pull request #19199 from wizeman/u/fix-help2man-hash
help2man: fix hash
2016-10-03 19:26:44 +02:00
Franz Pletz
beca8946ee
jool: 3.4.5 -> 3.5.0 2016-10-03 18:25:28 +02:00
Shea Levy
e4958d54b1 Linux 4.8 2016-10-03 08:45:45 -04:00
Eric Sagnes
58d44a376e wireguard: 2016-08-08 -> 2016-10-01 2016-10-03 17:06:11 +09:00
Jörg Thalheim
ba00ba65eb
util-linux: workaround CVE-2016-2779
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779
2016-10-03 08:49:56 +02:00
Joachim Fasting
9a9237e0aa
grsecurity: revamp nixos kernel config
Cleanup:
- Restructure & add some commentary
- Remove redundant option specs given the auto config
  constraints (some are left in for documentation purposes)

Changes:
- GRKERNSEC_CONFIG_VIRT_HOST -> GUEST
  The former deselects paravirtualization and friends
- PAX_LATENT_ENTROPY n -> y (implied by auto)
- GRKERNSEC_ACL_HIDEKERN y -> n
  Possibly useless with redistribution
2016-10-02 19:25:58 +02:00
Joachim Fasting
1bb7b44cd7
grsecurity: make GRKERNSEC y and PAX y implicit
These options should always be specified. Note, an implication of this
change is that not specifying any grsec/PaX options results in a build
failure.
2016-10-02 19:25:58 +02:00
Tuomas Tynkkynen
19225bf5cc Merge remote-tracking branch 'upstream/master' into staging 2016-10-02 10:36:47 +03:00
Tuomas Tynkkynen
f5dd3a703d treewide: Fix more lib.optional misuses 2016-10-02 00:44:10 +03:00
Aneesh Agrawal
fcee1d0b28
Remove redundant -DCMAKE_BUILD_TYPE=Release flags
Since commit 183d05a0 in 2012, this is the default.

fixes #18000
2016-10-01 16:13:41 +02:00
Joachim Fasting
2ec9a1a955
grsecurity: 4.7.5-201609261522 -> 4.7.6-201609301918 2016-10-01 08:47:30 +02:00
Joachim Fasting
22108b7a10
linux_4_7: 4.7.5 -> 4.7.6 2016-10-01 08:46:31 +02:00
Eelco Dolstra
613a12a8bd linux: 4.4.22 -> 4.4.23 2016-09-30 14:41:19 +02:00
Eelco Dolstra
8b09ba32d3 systemd: Apply various upstream bug fixes
This includes the fix for the assertion failure in
https://github.com/systemd/systemd/issues/4234.
2016-09-30 11:23:51 +02:00
rnhmjoj
7cf7572734
btfs: 2.11 -> 2.12 2016-09-30 01:23:16 +02:00
Eelco Dolstra
fe9e5f9f55 pam_usb: Fix evaluation 2016-09-29 20:35:40 +02:00
Eelco Dolstra
518340624d Merge remote-tracking branch 'origin/master' into staging 2016-09-29 13:06:14 +02:00
Eelco Dolstra
c5ddb7dd56 Move useSetUID to pam_usb, the only place where it's used 2016-09-29 13:05:28 +02:00
Yochai
ca9c21b0ab rtl8812au: 4.2.2-1 -> 4.3.20 2016-09-29 09:29:22 +03:00
Graham Christensen
ff5cf3abff linux-3.10: fix build by upstream patch 2016-09-28 19:18:34 +02:00
Vladimír Čunát
77604964b6 Merge branch 'master' into staging 2016-09-28 17:13:59 +02:00
Vladimír Čunát
3e1afeaa5b libsepol: temporary fixup after flex security update
/cc #18909.
2016-09-28 11:12:05 +02:00
Alexander Ried
d666196a44
iproute2: fix bash completion
apparently bash expects only files in its completion folder and not
subfolders.
2016-09-27 18:20:07 +02:00
Joachim Fasting
98a9d815e0
grsecurity: 4.7.4-201609211951 -> 4.7.5-201609261522 2016-09-27 01:43:50 +02:00
zimbatm
0e91a0bbe7 Merge pull request #18943 from Mic92/busybox
busybox: 1.23.2 -> 1.24.2
2016-09-26 12:23:22 +01:00
Frederik Rietdijk
3ba16c8234 Do not use top-level buildPythonPackage or buildPythonApplication
but instead use the one in pythonPackages.
2016-09-26 11:10:51 +02:00
Joachim Fasting
e1395365ea
spl: fix eval
xref: 30ae939142
2016-09-25 16:16:33 +02:00
Alexander Ried
7615d6385a iproute2: 4.5.0 -> 4.7.0 (#18435)
iproute now packages a bash-completion file which it installs to
$BASH_COMPDIR.

* fanpatch: adjust for new version

- The patch did not apply because the code around the additions changed.
- The patch uses functions that got changed [1] & [2], I adjusted the
  patch to use the safe version. Probably not needed but better safe
  than sorry.
[1] format_host: http://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/commit/?id=a418e451643e77fe36861e53359587ba8aa41873
[2] rt_addr_n2a: http://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/commit/?id=7faf1588a755edb9c9cabbe1d3211265e9826d28
2016-09-25 15:07:03 +02:00
Franz Pletz
30ae939142
linuxPackages.spl: don't mark as broken on kernel >= 4.7
Compatibility added in c8c688b0c9.
2016-09-25 14:55:45 +02:00
Franz Pletz
6e063a49b1
linuxPackages.jool: 3.4.4 -> 3.4.5 2016-09-25 14:20:46 +02:00
Franz Pletz
c8c688b0c9
linuxPackages.zfs: 0.6.5.7 -> 0.6.5.8
Adds compatibility for 4.7 & 4.8 Linux kernels.
2016-09-25 14:20:46 +02:00
Franz Pletz
3a4a425728
linux: 4.7.4 -> 4.7.5 2016-09-25 14:20:46 +02:00
Franz Pletz
c83f8a536a
linux: 4.4.20 -> 4.4.22 2016-09-25 14:20:46 +02:00
Franz Pletz
fdf239fb83
linux: 4.1.31 -> 4.1.33 2016-09-25 14:20:45 +02:00
Franz Pletz
17402fc4a3
linux: 3.18.40 -> 3.18.42 2016-09-25 14:20:45 +02:00
Franz Pletz
31ff655e46
kernelPatches: remove unneeded patches 2016-09-25 14:20:45 +02:00
Franz Pletz
01f465c82b
linux: 3.12.62 -> 3.12.63 2016-09-25 14:20:45 +02:00
Franz Pletz
b1029abe56
linux: 3.10.102 -> 3.10.103 2016-09-25 14:20:45 +02:00
Franz Pletz
e8cd27dd8a
linux_4_6: remove, not maintained anymore 2016-09-25 14:20:39 +02:00
Jörg Thalheim
74876b0cad
busybox: 1.23.2 -> 1.24.2
fixes https://lwn.net/Vulnerabilities/696815/
2016-09-25 13:21:29 +02:00
Nikolay Amiantov
ea4d517eb8 Merge pull request #18661 from NeQuissimus/kernel/zbud
kernel-common: Add ZBUD
2016-09-25 12:33:08 +04:00
Joachim Fasting
64816cd972
grsecurity: 4.7.4-201609152234 -> 201609211951 2016-09-22 23:40:50 +02:00
Joachim F
fc4751eccc Merge pull request #18751 from TvoroG/rtlwifi
rtlwifi_new: init at 2016-09-12
2016-09-22 22:50:46 +02:00
Luca Bruno
cf6815275a Merge pull request #18814 from tavyc/nvme-cli
nvme-cli: init at 0.9
2016-09-22 21:47:57 +01:00
Octavian Cerna
b26dff4ea5 nvme-cli: init at 0.9 2016-09-21 21:45:38 +03:00
Domen Kožar
d199d5041a ena: mark as broken on chromiumos
(cherry picked from commit bc06f19efb)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-09-21 12:04:17 +02:00
Marsel
52dd323047 rtlwifi_new: init at 2016-09-12 2016-09-20 16:18:24 +03:00
Kirill Boltaev
d2bbc631ff pktgen: disable parallel building 2016-09-19 05:28:43 +03:00
Joachim Fasting
e2659de1b2
kernelPatches: remove legacy grsecurity attrs 2016-09-18 15:26:57 +02:00
Charles Strahan
d5e24d3f80
fanctl: 0.9.0 -> 0.12.0 2016-09-17 22:37:39 -04:00
Vladimír Čunát
6a9e765e27 linux*: remove 3.14, as it's no longer maintained 2016-09-17 02:10:53 +02:00
Vladimír Čunát
12a45a8496 Merge #18237: ati_drivers_x11: patch for kernel 4.6 2016-09-17 01:29:27 +02:00
rushmorem
7be7620e51 fuse: 2.9.5 -> 2.9.7 2016-09-16 22:28:14 +02:00