Joachim Fasting
dfd77a046d
hardened-config: ensure STRICT_KERNEL_RWX
...
This is y in the default config, but enable it explicitly here to catch
situations where it has been disabled (explicitly or implicitly).
2019-01-05 14:07:35 +01:00
Joachim Fasting
1801aad7b8
hardened-config: clarify MODIFY_LDT_SYSCALL
...
This likely never worked; MODIFY_LDT_SYSCALL depends on EXPERT; enabling
EXPERT however seems to introduce quite a few changes that would need to be
properly vetted.
The version guard is unnecessary, however, as this config has been supported
since 4.3.
2019-01-05 14:07:34 +01:00
Joachim Fasting
abc8ed3fca
hardened-config: clarify readonly LSM hooks config
...
SECURITY_WRITABLE_HOOKS is implicitly controlled by SECURITY_SELINUX_DISABLE;
explicitly unsetting results in an error because the configfile builder fails
to detect that it has in fact been unset (reporting it as an unused option).
For now, leave WRITABLE_HOOKS as an "optional" config for documentation
purposes.
2019-01-05 14:07:33 +01:00
Joachim Fasting
c68e8b05f0
Revert "linux-hardened: Disable GCC_PLUGIN_RANDSTRUCT"
...
This reverts commit 5dda1324be
.
Presumably this was done to work around build errors or something but it
works fine now.
2019-01-05 14:07:21 +01:00
Frederik Rietdijk
60a3973a55
Merge staging-next into staging
2019-01-05 10:15:00 +01:00
Michael Weiss
e7e18206dd
fuse: 2.9.8 -> 2.9.9
2019-01-05 02:26:02 +01:00
Joachim F
893c51bda8
Merge pull request #53369 from delroth/kernel-hardening
...
Re-add security features based on GCC plugins in 4.18+ hardened kernels
2019-01-04 21:49:53 +00:00
Pierre Bourdon
0f7ca26a48
kernel/hardened-config.nix: add STACKLEAK plugin on 4.20+
2019-01-04 22:24:50 +01:00
Pierre Bourdon
9dc0d94896
kernel/hardened-config.nix: re-enable GCC plugins
2019-01-04 22:24:50 +01:00
Pierre Bourdon
c789f642f0
kernel/generic.nix: provide required dependencies for GCC plugins builds
2019-01-04 22:24:50 +01:00
Frederik Rietdijk
9618abe87c
Merge master into staging-next
2019-01-04 21:13:19 +01:00
Matthew Bauer
030f66400d
darwin.adv_cmds: fix build
2019-01-04 10:28:22 -06:00
Lengyel Balazs
f4a53ff3bc
treewide/xorg: replace *proto with xorgproto
2019-01-04 14:38:57 +01:00
Dominik Xaver Hörl
b7967e9dc4
dbus-broker: 13 -> 17
2019-01-04 14:36:30 +01:00
Benno Fünfstück
7817aa3641
linux-rpi: set correct hydraPlatforms ( #53325 )
2019-01-03 22:42:14 +01:00
Matthew Bauer
8cb2d35760
darwin: fix typos in install scripts
...
fixes some issues in my commits in:
- basic_cmds
- network_cmds
(cherry picked from commit f283145308aec6aa9a8c3c6cbd4864718ccb7c53)
2019-01-03 15:20:26 -06:00
Matthew Bauer
8505e710e7
Revert "darwin 10.12 commits"
...
Reverts commits bumping to macOS stuff to 10.12:
commit ec1f78d1cb
.
commit d0dc91d24f
.
commit a1d297374d
.
commit 425112151d
.
commit e6f7f2928f
.
2019-01-03 15:20:26 -06:00
Jörg Thalheim
31682848cb
android-udev-rules: 20180112 -> 20181031
2019-01-03 20:56:39 +01:00
Frederik Rietdijk
092e3b50a8
Merge master into staging-next
2019-01-02 21:08:27 +01:00
Joachim F
88c516dd55
Merge pull request #52606 from lopsided98/linux-hardkernel-update
...
linux_hardkernel_4_14: 4.14.85-152 -> 4.14.87-153
2019-01-02 18:16:47 +00:00
Vladimír Čunát
70bff06140
Merge branch 'master' into staging
2019-01-02 17:19:23 +01:00
David Guibert
d8e907ba18
conky: 1.11.0 -> 1.11.1 ( #53157 )
...
This fixes #52797 .
2019-01-02 09:54:22 +01:00
Jan Tojnar
b2b921bdca
Merge pull request #53149 from jtojnar/qrencode-cleanup
...
qrencode: merge with libqrencode
2019-01-02 02:18:22 +01:00
R. RyanTM
46e7ce0526
lxc: 3.0.2 -> 3.0.3 ( #52239 )
...
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/lxc/versions
2019-01-01 20:35:37 +01:00
Jan Tojnar
c5c2ac4f45
qrencode: merge with libqrencode
2019-01-01 17:19:07 +01:00
Will Dietz
d60806b90b
i2c-toools: touchups, NFCI. (reviewer suggestions, thanks!)
2018-12-31 11:26:07 -06:00
Frederik Rietdijk
070290bda7
Merge master into staging-next
2018-12-31 12:00:36 +01:00
Tim Steinbach
d6805baded
linux: 4.19.12 -> 4.19.13
2018-12-30 09:57:54 -05:00
Tim Steinbach
226eb52715
linux: 4.14.90 -> 4.14.91
2018-12-30 09:57:54 -05:00
Tim Steinbach
a7bd7a38ea
linux: 4.9.147 -> 4.9.148
2018-12-30 09:57:53 -05:00
Matthew Bauer
ec1f78d1cb
darwin.libunwind: fix hash
2018-12-30 00:00:30 -06:00
Matthew Bauer
4f522648cb
darwin: fix *_cmds installation
...
These just copy commands from Products/Release/. But with #52256 we
now build .dsym directories that somehow wind up in Products/Release/.
This makes things more exact by just copying the files in Products/Release/.
2018-12-29 23:58:10 -06:00
Matthew Bauer
d0dc91d24f
darwin: bump apple_sdks to 10.12
...
(cherry picked from commit 0b468bf0335eaa606fccfe98d4a36c3efbe83f2a)
2018-12-29 20:17:05 -06:00
Ivan Kozik
1c8fea18e2
kernel/patches.nix: remove hard tabs
2018-12-28 09:06:56 +01:00
Matthew Bauer
a1d297374d
darwin.hfs: put headers in hfs/ directory
...
This is where they are supposed to go. My mistake in the original
commit.
2018-12-27 11:18:28 -06:00
Frederik Rietdijk
10afccf145
Merge staging-next into staging
2018-12-27 18:11:34 +01:00
Dmitry Kalinkin
3edd5cb227
Merge pull request #51294 from eadwu/nvidia_x11/legacy_390
...
nvidia: expose nvidia_x11_legacy390
2018-12-27 09:08:53 -05:00
markuskowa
98561c789c
Merge pull request #52597 from lopsided98/lvm2-no-parallel
...
lvm2: disable parallel building
2018-12-27 14:21:25 +01:00
Samuel Dionne-Riel
889ef35303
linuxPackages_4_{19,20}: works around bug with overlayfs.
...
See: https://github.com/NixOS/nixpkgs/issues/48828#issuecomment-445208626
2018-12-26 22:51:31 +00:00
Samuel Dionne-Riel
7093970e1d
linuxPackages.ena: 1.5.2 -> 2.0.2
2018-12-26 11:03:10 +00:00
Samuel Dionne-Riel
d8cf1db93f
linuxPackages.ndiswrapper: updated to fix build on recent kernels
...
While the upstream commit says 4.18, it builds for 4.19 and 4.20.
2018-12-26 11:03:10 +00:00
Frederik Rietdijk
e45ca47f14
Merge staging-next into staging
2018-12-26 09:30:32 +01:00
Craig Younkins
8b12b17df3
treewide: Fix broken Gmane URLs
2018-12-25 22:34:55 -05:00
Jan Tojnar
c45e9d0fac
Merge branch 'master' into staging
2018-12-25 17:03:57 +01:00
Ben Wolsieffer
369af2f5b2
lvm2: disable parallel building
2018-12-24 15:10:48 -05:00
Michael Raskin
aac3ae3be6
Merge pull request #52762 from r-ryantm/auto-update/sysdig
...
linuxPackages.sysdig: 0.24.1 -> 0.24.2
2018-12-24 18:18:04 +00:00
Tim Steinbach
24cdaa7b48
linux-libre: 15715 -> 15814
2018-12-24 12:33:24 -05:00
Tim Steinbach
8f9c2f9726
linux: Add 4.20
2018-12-24 12:33:24 -05:00
Jan Tojnar
ef935fa101
Merge branch 'master' into staging
2018-12-24 15:02:29 +01:00
R. RyanTM
4fa7bbf486
linuxPackages.sysdig: 0.24.1 -> 0.24.2
...
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/sysdig/versions
2018-12-24 02:17:58 -08:00
Michael Weiss
1259a24c05
fuse3: 3.3.0 -> 3.4.1
2018-12-22 17:56:42 +01:00
Tim Steinbach
af6c117fac
linux: 4.19.11 -> 4.19.12
2018-12-21 09:11:02 -05:00
Tim Steinbach
dea57f15e9
linux: 4.14.89 -> 4.14.90
2018-12-21 09:10:54 -05:00
Tim Steinbach
a5f447e16a
linux: 4.9.146 -> 4.9.147
2018-12-21 09:10:45 -05:00
Tim Steinbach
54ce2e016b
linux: 4.4.168 -> 4.4.169
2018-12-21 09:10:24 -05:00
Tim Steinbach
98ac5710bd
kernel-config: CIFS_POSIX no longer exists
2018-12-21 09:10:17 -05:00
Ben Wolsieffer
2b02350d39
linux_hardkernel_4_14: 4.14.85-152 -> 4.14.87-153
2018-12-20 21:15:07 -05:00
Maximilian Bosch
66bea3d206
Merge pull request #52538 from dtzWill/update/fwts-18.12.00
...
fwts: 18.11.00 -> 18.12.00
2018-12-20 19:35:58 +01:00
Tim Steinbach
1b84b9f725
linux: 4.19.10 -> 4.19.11
2018-12-20 10:46:17 -05:00
Matthew Bauer
425112151d
darwin: remove missing symbols
...
these symbols are not needed apparently
2018-12-19 23:46:06 -06:00
Will Dietz
76127c322d
fwts: enable parallel building
2018-12-19 13:37:57 -06:00
Will Dietz
926965d4b1
fwts: 18.11.00 -> 18.12.00
2018-12-19 13:37:31 -06:00
Frederik Rietdijk
9ab61ab8e2
Merge staging-next into staging
2018-12-19 09:00:36 +01:00
Frederik Rietdijk
911d1853ca
Merge master into staging-next
2018-12-19 08:57:41 +01:00
R. RyanTM
cbf9402574
libcap: 2.25 -> 2.26
...
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/libcap/versions
2018-12-18 15:33:16 -05:00
volth
fed7914539
Merge branch 'staging' into make-perl-pathd
2018-12-18 17:13:27 +00:00
Matthew Bauer
59ec6b559d
Merge pull request #52256 from matthewbauer/52148-fix
...
Provide real dsymutil to darwin stdenv
2018-12-18 10:00:24 -06:00
Matthew Bauer
d1dfc92187
Merge pull request #47678 from matthewbauer/landmarks
...
Update macOS frameworks to 10.12
2018-12-18 09:59:44 -06:00
Tim Steinbach
4d14879081
linux: 4.4.167 -> 4.4.168
2018-12-18 09:12:34 -05:00
Frederik Rietdijk
826ab7026e
Merge master into staging-next
2018-12-18 09:22:17 +01:00
Matthew Bauer
06bf67d7dd
Merge pull request #51018 from plchldr/rtl8821a
...
rtl8821a: init at 5.1.5
2018-12-17 23:36:36 -06:00
Tim Steinbach
31ddf1f136
linux: 4.19.9 -> 4.19.10
2018-12-17 09:19:41 -05:00
Tim Steinbach
c5234d7dbd
linux: 4.14.88 -> 4.14.89
2018-12-17 09:19:41 -05:00
Tim Steinbach
53c490a7ee
linux: 4.9.145 -> 4.9.146
2018-12-17 09:19:41 -05:00
Franz Pletz
4a73fb9717
Merge pull request #52158 from danielfullmer/rtl8812au-5.2.20.2
...
rtl8812au: 5.2.20_25672.20171213 -> 5.2.20.2_28373.20180619
2018-12-17 11:53:14 +00:00
Franz Pletz
307404bfa5
Merge pull request #52423 from eadwu/linux_testing/4.20-rc7
...
linux_testing: 4.20-rc6 -> 4.20-rc7
2018-12-17 11:17:56 +00:00
Ivan Kozik
9314c6a563
firejail: disable parallel building
...
firejail was frequently failing to build on my Hydra machine at -j16, and
the error looked like a typical parallel build problem:
<3>make[1]: Entering directory '/build/firejail-0.9.56/src/fcopy'
<3>gcc -ggdb -O2 -DVERSION='"0.9.56"' -DPREFIX='"/nix/store/0dm1agiwiggn8pmnqkknil7mkh25il0k-firejail-0.9.56"' -DSYSCONFDIR='"/nix/store/0dm1agiwiggn8pmnqkknil7mkh25il0k-firejail-0.9.56/etc/firejail"' -DLIBDIR='"/nix/store/0dm1agiwiggn8pmnqkknil7mkh25il0k-firejail-0.9.56/lib"' -DHAVE_X11 -DHAVE_PRIVATE_HOME -DHAVE_OVERLAYFS -DHAVE_SECCOMP -DHAVE_GLOBALCFG -DHAVE_SECCOMP_H -DHAVE_CHROOT -DHAVE_NETWORK -DHAVE_USERNS -DHAVE_FILE_TRANSFER -DHAVE_WHITELIST -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -c main.c -o main.o
<3>gcc -pie -Wl,-z,relro -Wl,-z,now -lpthread -o fcopy main.o
<3>make[1]: Leaving directory '/build/firejail-0.9.56/src/fcopy'
<3>make -C src/fldd
<3>make[1]: Entering directory '/build/firejail-0.9.56/src/fldd'
<3>gcc -ggdb -O2 -DVERSION='"0.9.56"' -DPREFIX='"/nix/store/0dm1agiwiggn8pmnqkknil7mkh25il0k-firejail-0.9.56"' -DSYSCONFDIR='"/nix/store/0dm1agiwiggn8pmnqkknil7mkh25il0k-firejail-0.9.56/etc/firejail"' -DLIBDIR='"/nix/store/0dm1agiwiggn8pmnqkknil7mkh25il0k-firejail-0.9.56/lib"' -DHAVE_X11 -DHAVE_PRIVATE_HOME -DHAVE_OVERLAYFS -DHAVE_SECCOMP -DHAVE_GLOBALCFG -DHAVE_SECCOMP_H -DHAVE_CHROOT -DHAVE_NETWORK -DHAVE_USERNS -DHAVE_FILE_TRANSFER -DHAVE_WHITELIST -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -c main.c -o main.o
<3>gcc -pie -Wl,-z,relro -Wl,-z,now -lpthread -o fldd main.o ../lib/ldd_utils.o
<3>make[1]: Leaving directory '/build/firejail-0.9.56/src/fldd'
<3>make -C src/libpostexecseccomp
<3>make[1]: Entering directory '/build/firejail-0.9.56/src/libpostexecseccomp'
<3>gcc -ggdb -O2 -DVERSION='"0.9.56"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIC -Wformat -Wformat-security -c libpostexecseccomp.c -o libpostexecseccomp.o
<3>gcc -pie -Wl,-z,relro -Wl,-z,now -shared -fPIC -z relro -o libpostexecseccomp.so libpostexecseccomp.o -ldl
<3>make[1]: Leaving directory '/build/firejail-0.9.56/src/libpostexecseccomp'
<3>src/fseccomp/fseccomp default seccomp
<3>src/fsec-optimize/fsec-optimize seccomp
<3>/nix/store/6abyjgibafsbhlc7v7lab50mb3dj81jg-bash-4.4-p23/bin/bash: src/fsec-optimize/fsec-optimize: No such file or directory
<3>make: *** [Makefile:43: filters] Error 127
<3>builder for '/nix/store/30srqmpqrjyr11nhx4jbpr84m9pnmyv5-firejail-0.9.56.drv' failed with exit code 2
2018-12-17 06:41:44 +00:00
Matthew Bauer
e6f7f2928f
darwin: 10.11 → 10.12
...
Lots of stuff has gotten moved around. Many security libraries have been merged
into the Security monorepo. I’ve cleared them out for now, we will
need to modify Security to build them!
This also moves some things around to more clearly separate
bootstrapping the stdenv from everything else. We want the “normal”
mode to be the non-bootstrapped version. When you ask for “Security”,
you want the actual built software, not a crippled one.
- Add TARGET_OS_OSX to darwin.libSystem. Looks like something
introduced in 10.12. TARGET_OS_MAC is only set when building for
desktop (iOS will have TARGET_OS_MAC set)
- Bump darwin.dtrace
- Bump darwin.libpthread
- Remove SmartCardServices, libsecurity*, etc.
- Install some more headers for darling.
2018-12-17 00:07:09 -06:00
Edmund Wu
cb6c9af457
linux_testing: 4.20-rc6 -> 4.20-rc7
2018-12-16 22:09:03 -05:00
Franz Pletz
b213de9328
Merge pull request #52265 from ikervagyok/firmware
...
firmware-linux-nonfree: 20181017 -> 20181213
2018-12-17 02:18:07 +00:00
Lengyel Balazs
374a672424
firmware-linux-nonfree: 20181017 -> 20181213
2018-12-17 03:16:46 +01:00
Ben Wolsieffer
f554d4e40f
raspberrypifw: 1.20180919 -> 1.20181112
2018-12-17 02:01:13 +00:00
Jan Tojnar
aead6e12f9
Merge remote-tracking branch 'upstream/master' into staging
2018-12-16 22:55:06 +01:00
R. RyanTM
f6bcf08516
lxcfs: 3.0.2 -> 3.0.3
...
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/lxcfs/versions
2018-12-16 19:11:30 +00:00
markuskowa
28a3c61ecd
Merge pull request #52282 from r-ryantm/auto-update/ipset
...
ipset: 7.0 -> 7.1
2018-12-16 19:45:51 +01:00
Linus Heckemann
c081bded6c
Merge pull request #52366 from r-ryantm/auto-update/cryptsetup
...
cryptsetup: 2.0.5 -> 2.0.6
2018-12-16 17:25:22 +01:00
R. RyanTM
db250b9f84
conky: 1.10.8 -> 1.11.0
...
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/conky/versions
2018-12-16 17:08:57 +01:00
R. RyanTM
7f61a7814e
cryptsetup: 2.0.5 -> 2.0.6
...
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/cryptsetup/versions
2018-12-16 04:53:29 -08:00
R. RyanTM
52d0b872e4
ipset: 7.0 -> 7.1
...
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/ipset/versions
2018-12-15 17:49:55 -08:00
Matthew Bauer
78cabc3ca9
libffado: refactor lib-prefixed package
2018-12-15 14:43:57 -06:00
Matthew Bauer
0a996c8ef3
darwin: use llvm’s dsymutil instead of dummy version
...
We were previously using a dummy wrapper for dsymutil. This meant that
debug symbols were not getting generated when dsymutil was otherwise
available. This should fix that issue & provide a real dsymutil from
llvm.
Fixes #52148 .
2018-12-15 12:26:11 -06:00
Daniel Fullmer
82c3d05d9e
rtl8812au: 5.2.20_25672.20171213 -> 5.2.20.2_28373.20180619
2018-12-14 23:10:43 -05:00
volth
bb9557eb7c
lib.makePerlPath -> perlPackages.makePerlPath
2018-12-15 03:50:31 +00:00
Matthew Bauer
6f78e300a1
Merge pull request #51881 from matthewbauer/static-fixes
...
pkgsStatic fix for macOS
2018-12-14 21:08:35 -06:00
Dmitry Kalinkin
73c6b3a59c
Merge pull request #51895 from cdepillabout/add-sixaxis-support-to-bluez
...
bluez: add support for the sixaxis controller
2018-12-14 20:49:10 -05:00
worldofpeace
b7fbde893a
Merge pull request #48519 from dtzWill/update/fwupd-1.1.3
...
fwupd: 1.1.2 -> 1.2.1
2018-12-13 11:50:48 -05:00
Tim Steinbach
5a15ab7b5d
linux: 4.19.8 -> 4.19.9
2018-12-13 06:58:15 -05:00
Tim Steinbach
f335fa6d74
linux: 4.14.87 -> 4.14.88
2018-12-13 06:58:07 -05:00
Tim Steinbach
1f92bdcd94
linux: 4.9.144 -> 4.9.145
2018-12-13 06:57:58 -05:00
Tim Steinbach
adf8cdd67d
linux: 4.4.166 -> 4.4.167
2018-12-13 06:57:42 -05:00