Robin Gloster
a38f1911d3
systemd: 231 -> 232
...
Includes adding some more upstream units and removing obsolete (-.slice) ones.
2017-01-26 17:52:52 +01:00
Tuomas Tynkkynen
e2a2f6d595
Merge pull request #22117 from dezgeg/aarch64-for-merge
...
Aarch64 (ARM64) support
2017-01-26 17:52:28 +02:00
Vladimír Čunát
6973c7739e
Merge branch 'master' into staging
...
There were some larger rebuilds because of security.
2017-01-26 16:49:41 +01:00
Parnell Springmeyer
a26a796d5c
Merging against master - updating smokingpig, rebase was going to be messy
2017-01-26 02:00:04 -08:00
Parnell Springmeyer
025555d7f1
More fixes and improvements
2017-01-26 00:05:40 -08:00
Franz Pletz
4276844cb0
powerstat: 0.2.10 -> 0.2.11
2017-01-26 03:52:50 +01:00
Franz Pletz
f4833ed484
smemstat: 0.01.14 -> 0.01.16
2017-01-26 03:52:50 +01:00
Franz Pletz
d14c7bf046
eventstat: 0.03.02 -> 0.03.03
2017-01-26 03:52:48 +01:00
Franz Pletz
96c35ad06a
fnotifystat: 0.01.14 -> 0.01.16
2017-01-26 03:52:47 +01:00
Franz Pletz
243272cd2e
forkstat: 0.01.14 -> 0.01.16
2017-01-26 03:52:47 +01:00
Graham Christensen
8d342d20b5
libnl: 3.2.28 -> 3.2.29 for CVE-2017-0386
2017-01-25 20:53:18 -05:00
Robin Gloster
9842a107da
linuxPackages.perf: fix build with gcc6
2017-01-25 20:12:38 +01:00
Parnell Springmeyer
bae00e8aa8
setcap-wrapper: Merging with upstream master and resolving conflicts
2017-01-25 11:08:05 -08:00
Franz Pletz
b9b95aa4d4
Merge pull request #22034 from mayflower/conntrack-helpers
...
Disable conntrack helper autoloading by default
2017-01-25 14:18:41 +01:00
Tuomas Tynkkynen
2bfd83ab6d
platforms.nix: Add some aarch64-specific kernel config
...
This makes Raspberry Pi 3 and some Cavium ThunderX server hardware work.
2017-01-25 02:14:46 +02:00
Joachim Fasting
c50c551142
grsecurity: 4.8.16-201701062021 -> 4.8.17-201701151620
2017-01-25 00:58:57 +01:00
Joachim Fasting
482c67af70
grsecurity: adapt new to mirror url structure
2017-01-25 00:58:54 +01:00
Franz Pletz
403fdd737e
linux: remove canDisableNetfilterConntrackHelpers feature
...
This feature is available in all kernels in nixpkgs.
2017-01-25 00:28:55 +01:00
Tuomas Tynkkynen
3519244c72
raspberrypifw: Enable build on Aarch64
...
So that the boot blobs can be copied.
FIXME: This makes the dynamic linker of the ARM binaries point to a
aarch64 linker.
2017-01-25 00:01:54 +02:00
Tuomas Tynkkynen
8999ab9e56
fuse: Add Aarch64 patch from upstream git to fix build
...
See e.g. https://bugs.launchpad.net/linaro-oe/+bug/1087757
2017-01-25 00:01:54 +02:00
Nathan Zadoks
fcc51d3256
linux: fix installTargets for AArch64
...
[dezgeg: note that we are currently using just 'Image' instead of
'Image.gz' as U-Boot doesn't support the latter yet. We might switch
once it does since the kernel images are quite big]
2017-01-25 00:01:54 +02:00
Nathan Zadoks
bfff3d6e23
busybox: Fix in-store invocation of busybox
...
This fixes the usage for stdenv bootstrap.
Additionally, dezgeg ported the patch from 1.25.1 to 1.26.1
2017-01-25 00:01:52 +02:00
Eelco Dolstra
a82810c7a7
linux: Apply 9p veryloose patch to 4.9
2017-01-24 13:05:02 +01:00
Franz Pletz
7c5324f29a
nftables: disable broken xtables support
2017-01-24 11:47:34 +01:00
Franz Pletz
e10cd27269
Merge branch 'staging'
2017-01-23 11:06:41 +01:00
Tim Steinbach
fc8233a64f
kernel: 4.4.43 -> 4.4.44
2017-01-22 12:11:50 -05:00
Franz Pletz
b1e9acfb18
Merge pull request #21990 from Mic92/utillinux
...
utillinux: undo seccomp sandbox and improve purity
2017-01-22 14:15:01 +01:00
Franz Pletz
f09c5c9c45
nftables: 0.6 -> 0.7, enable xtables support
2017-01-22 13:01:01 +01:00
Franz Pletz
210f894c12
iptables: split out dev output
2017-01-22 13:01:01 +01:00
Franz Pletz
016a194ac8
conntrack_tools: 1.4.3 -> 1.4.4
2017-01-22 13:01:01 +01:00
Jörg Thalheim
7cb14d4353
Merge pull request #22020 from Mic92/zfs
...
ZfsUnstable: 0.7.0-rc2 -> 0.7.0-rc3
2017-01-21 23:50:28 +01:00
Franz Pletz
56c6a4391f
zfs: add hint to try unstable version, fix typo
2017-01-21 23:35:55 +01:00
Franz Pletz
61caacbf47
linux: 4.1.36 -> 4.1.38
2017-01-21 20:41:38 +01:00
Franz Pletz
ce3b98d08b
linux: 3.18.45 -> 3.18.47
2017-01-21 20:41:36 +01:00
Jörg Thalheim
adecd56871
splUnstable: 0.7.0-rc2 -> 0.7.0-rc3
2017-01-21 18:18:33 +01:00
Jörg Thalheim
c33e1e06fa
zfsUnstable: 0.7.0-rc2 -> 0.7.0-rc3
2017-01-21 18:18:17 +01:00
Michael Raskin
dc6413399c
eudev: fix build with a fresh gperf
2017-01-21 08:55:17 +01:00
Robert Helgesson
ba4687c3ea
radeontop: 2016-07-04 -> 2016-10-28
...
This is actually version 1.0 but to support `nix-env -u` we continue
using the release date.
2017-01-20 23:14:53 +01:00
Vladimír Čunát
6b6553c768
Merge branch 'staging'
...
It contains security updates. I somehow forgot to push this yesterday.
2017-01-20 16:33:59 +01:00
Shea Levy
34c52896d1
linux 4.9.4 -> 4.9.5
2017-01-20 09:36:04 -05:00
Nikolay Amiantov
d75a3cfb29
Merge pull request #21995 from abbradar/opencl
...
Fix OpenCL support
2017-01-20 12:09:17 +03:00
Nikolay Amiantov
05eee18e7a
linuxPackages.nvidia_x11: fix OpenCL support
...
* Move OpenCL .icd file to the right place;
* Remove libOpenCL.so (we use ocl-icd instead).
2017-01-20 03:37:51 +03:00
Robin Gloster
a6ebca448e
iproute: update fan patches
2017-01-19 17:28:22 +01:00
Jörg Thalheim
104a37a9fb
util-linux: improve purity by using login from shadow
...
replacing shutdown in postPatch phase is not necessary as rtcwake was already
patched to use the search path (the only user of shutdown)
2017-01-19 15:13:38 +01:00
Jörg Thalheim
4b9b1fa945
util-linux: remove seccomp sandbox for CVE-2016-2279
...
the patch for CVE-2016-2779 was reverted by upstream and was not adopted
by any other downstream distributions. Upstream waits for a better fix
in the kernel:
https://www.kernel.org/pub/linux/utils/util-linux/v2.28/v2.28-ReleaseNotes
2017-01-19 15:10:18 +01:00
Vladimír Čunát
40003aa2ed
Merge branch 'master' into staging
2017-01-18 15:54:04 +01:00
Tuomas Tynkkynen
9fc3ce73d1
kernel config: Enable BONDING and TMPFS_POSIX_ACL
...
Yet again something that's lacking on other platforms than x86.
2017-01-18 01:21:08 +02:00
Eelco Dolstra
e9109b1b97
linux: 4.4.42 -> 4.4.43
2017-01-17 12:02:46 +01:00
Eelco Dolstra
9a9be9296f
linux: 4.9.3 -> 4.9.4
2017-01-17 12:02:46 +01:00
Tuomas Tynkkynen
08ddb16865
linux_testing: 4.10-rc2 -> 4.10-rc4
2017-01-16 11:41:13 +02:00
Thomas Tuegel
04d11637cb
linux_4_9: enable support for amdgpu on older chipsets
...
Linux 4.9 includes experimental amdgpu support for AMD Southern Islands
chipsets. (By default, only Sea Islands and newer chipsets are supported.)
Southern Islands chips will still use radeon by default, but daring users may
set `services.xserver.videoDrivers = [ "amdgpu" ];` to try the experimental
driver.
2017-01-15 16:29:50 -06:00
Jörg Thalheim
12b2830446
wireguard: 0.0.20170105 -> 0.0.20170115
2017-01-15 17:33:54 +01:00
Jörg Thalheim
2ab883c9da
sysdig: patch for linux >= 4.9.1
2017-01-15 00:08:12 +01:00
Tim Steinbach
e8d3c74b49
util-linux: 2.28.1 -> 2.29
2017-01-14 12:57:58 -05:00
Tim Steinbach
afb73be9f7
busybox: 1.26.1 -> 1.26.2
2017-01-14 17:19:43 +01:00
Tim Steinbach
295337ead5
linux: 4.9.2 -> 4.9.3
2017-01-14 11:02:26 -05:00
Tim Steinbach
9158b89fd3
linux: 4.4.41 -> 4.4.42
2017-01-14 11:01:52 -05:00
Franz Pletz
44efd447b6
Merge pull request #21816 from NeQuissimus/linux_4_8_removal
...
linux: Remove 4.8
2017-01-12 10:22:29 +01:00
Graham Christensen
d20d38e68d
nvidia_x11_legacy340: 340.96 -> 340.101 for CVE-2016-7382, CVE-2016-7389, CVE-2016-8826
2017-01-11 20:11:20 -05:00
Graham Christensen
9837dce6d2
nvidia_x11_legacy304: 304.131 -> 304.134 for CVE-2016-7382, CVE-2016-7389, CVE-2016-8826
2017-01-11 20:11:14 -05:00
Tim Steinbach
d483a871d1
linux: Remove 4.8
2017-01-11 16:59:29 -05:00
David McFarland
b2da3d3050
amdgpu-pro: 16.40 -> 16.50 ( #21502 )
2017-01-10 15:24:21 +01:00
Michael Raskin
5b9d80646b
mdadm4: init at 4.0
...
Would be just mdadm: 3.3.4 -> 4.0, but it doesn't look like there are
urgent bugfixes, and it is a major release, and wrong RAID handling
kills data, so let's let the early adopters test it a bit.
2017-01-10 14:09:20 +01:00
Franz Pletz
6b01b229c2
linux: 4.9.1 -> 4.9.2
2017-01-10 07:45:19 +01:00
Franz Pletz
3b17823187
linux: 4.8.16 -> 4.8.17
2017-01-10 07:45:19 +01:00
Franz Pletz
4c43937af0
linux: 4.4.40 -> 4.4.41
2017-01-10 07:45:18 +01:00
Pascal Wittmann
18c0b54981
linuxConsoleTools: 1.4.9 -> 1.6.0
2017-01-09 22:08:30 +01:00
Vladimír Čunát
c82baee8ac
sssd: fixup build after bind output changes #21685
2017-01-09 20:24:01 +01:00
Jörg Thalheim
87e1c49298
android-udev-rules: 20170106 -> 20170109
2017-01-09 13:40:31 +01:00
Jörg Thalheim
adbcb37db5
android-udev-rules: 20161014 -> 20170106
2017-01-08 23:40:40 +01:00
Michael Raskin
9653be493a
firejail: 0.9.44.2 -> 0.9.44.4
2017-01-08 13:58:24 +01:00
Joachim Fasting
d6ff445f10
grsecurity: 4.8.15-201612301949 -> 4.8.16-201701062021
2017-01-07 08:01:41 +01:00
Tim Steinbach
c1d20ea50c
kernel: 4.9.0 -> 4.9.1
2017-01-06 16:15:18 -05:00
Tim Steinbach
ecf87b11f2
kernel: 4.8.15 -> 4.8.16
2017-01-06 16:15:02 -05:00
Tim Steinbach
8fda707027
kernel: 4.4.39 -> 4.4.40
2017-01-06 16:14:30 -05:00
Vladimír Čunát
07bf828bd9
Merge branch 'staging'; security /cc #21642
2017-01-06 16:32:47 +01:00
Jörg Thalheim
ca0d747d6d
Merge pull request #21578 from Mic92/zfs
...
zfs: add unstable variant
2017-01-05 12:52:56 +01:00
Jason A. Donenfeld
1ba9a3cd9b
wireguard: 0.0.20161230 -> 0.0.20170105
...
Version bump that contains some new tools.
fixes #21666
2017-01-05 10:38:58 +00:00
Jörg Thalheim
4029470a6f
zfs: add unstable variant
...
Until now nixos only delivered the latest zfs release. This release is often not
compatible with the latest mainline kernel. Therefor an unstable variant is
added, which might be based on testing releases or git revisions.
fixes #21359
2017-01-05 08:40:50 +01:00
Franz Pletz
08d1f28818
Revert "iproute: remove broken fan patch"
...
This reverts commit 0d5a5307be
because it
breaks evaluation. See #21561 .
2017-01-04 22:30:55 +01:00
Jörg Thalheim
0779fdb3e4
Merge pull request #21561 from Mic92/iproute
...
iproute: remove broken fan patch
2017-01-04 21:47:54 +01:00
Daiderd Jordan
27660cfdc0
Merge branch 'master' into staging
2017-01-04 01:42:26 +01:00
Alexander Kahl
61d125b842
sssd: init at 1.14.2
...
perlPackages.TextWrapI18N: init at 0.06
perlPackages.Po4a: init at 0.47
jade: init at 1.2.1
ding-libs: init at 0.6.0
Switch nscd to no-caching mode if SSSD is enabled.
abbradar: disable jade parallel building.
Closes #21150
2017-01-04 03:07:20 +03:00
Daiderd Jordan
6158604d8a
Merge pull request #21603 from abuibrahim/master
...
ofp: init at 2.0.0
2017-01-04 00:12:58 +01:00
Ruslan Babayev
f3e2feb057
ofp: init at 2.0.0
2017-01-03 10:28:46 -08:00
Tim Steinbach
92d0a977d9
Merge pull request #21614 from NeQuissimus/busybox_1_26_1
...
busybox: 1.25.1 -> 1.26.1
2017-01-03 13:09:35 -05:00
Tim Steinbach
9bd93ac6e0
busybox: 1.25.1 -> 1.26.1
2017-01-03 08:40:32 -05:00
Tuomas Tynkkynen
2a4c8313e4
linux_testing: 4.10-rc1 -> 4.10-rc2
2017-01-03 13:51:23 +02:00
Michael Raskin
237629a090
eudev: 3.2 -> 3.2.1
2017-01-02 20:18:49 +01:00
Michael Raskin
11bfe01846
firejail: 0.9.42 -> 0.9.44.2
2017-01-02 20:18:47 +01:00
Balletie
66c745e30d
pommed-light: init at 1.50lw
2017-01-02 19:40:43 +01:00
Jörg Thalheim
1fa75a5bb7
sysdig: 0.12.0 -> 0.13.0
2017-01-02 08:10:47 +01:00
Daiderd Jordan
5a67b130b9
Merge branch 'master' into staging
2017-01-02 00:54:17 +01:00
Ruslan Babayev
1bead81275
pktgen: fix runtime paths
...
The Lua and lscpu path substitution got accidentally removed in
with commit 605b8095ca
2017-01-01 15:44:21 -08:00
Jörg Thalheim
f3052035ee
wireguard: 0.0.20161223 -> 0.0.20161230
...
fixes #21572
2017-01-01 21:24:33 +01:00
Jörg Thalheim
db8c9ef3ff
bcc: git-2016-08-30 -> 0.2.0
2017-01-01 10:29:17 +01:00
Joachim Fasting
75ce714818
grsecurity: 4.8.15-201612151923 -> 201612301949
2017-01-01 06:01:04 +01:00
Jörg Thalheim
0d5a5307be
iproute: remove broken fan patch
2017-01-01 05:17:53 +01:00
Ruslan Babayev
605b8095ca
pktgen: 3.0.13 -> 3.1.0
2016-12-31 16:43:11 -08:00
Ruslan Babayev
aeb41bbf75
odp-dpdk: 2016-08-16 -> 1.12.0.0
2016-12-31 16:23:47 -08:00
Ruslan Babayev
dd45691fe0
dpdk: 16.07 -> 16.07.2
2016-12-31 16:22:52 -08:00
Vladimír Čunát
6bded45883
flex: 2.6.1 -> 2.6.3
...
This resolves some warnings and errors introduced in 2.6.x.
2016-12-30 23:17:08 +01:00
Aneesh Agrawal
652a87018b
googleAuthenticator: 1.0 -> 1.03
2016-12-30 06:49:17 -05:00
Eelco Dolstra
bbd03e236a
Use looser 9pfs caching in VM tests/builds
...
This can give significant speed ups, see
7e20254412
.
2016-12-29 21:26:16 +01:00
Robin Gloster
3fcdbedbef
iproute: 4.8.0 -> 4.9.0
2016-12-29 02:52:55 +01:00
Franz Pletz
1cbb04e72e
iproute: 4.7.0 -> 4.8.0
2016-12-29 02:52:55 +01:00
Robin Gloster
3e8bb7237d
cryptsetup: 1.7.1 -> 1.7.3
2016-12-29 02:52:54 +01:00
Franz Pletz
c2a979fbfd
cryptsetup: 1.7.0 -> 1.7.1
2016-12-29 02:52:54 +01:00
Nikolay Amiantov
cdf306909f
udev182: remove
2016-12-29 00:11:40 +03:00
Nikolay Amiantov
a36a2412ee
libudev0-shim: init at 1
2016-12-29 00:11:40 +03:00
Tuomas Tynkkynen
45338a3077
fuse: Minor cleanup
2016-12-28 17:37:10 +02:00
Franz Pletz
c6bcc485de
linux_4_8: add patch to fix CVE-2016-9919
2016-12-28 06:35:11 +01:00
Tuomas Tynkkynen
5ba7f33e3a
linux_testing: 4.9-rc8 -> 4.10-rc1
2016-12-27 01:35:10 +02:00
Tuomas Tynkkynen
e60bb86d00
kexectools: 2.0.13 -> 2.0.14
...
ARM patch is included upstream now.
2016-12-26 18:54:34 +02:00
Michael Raskin
2c616b0473
xf86-input-wacom: 0.32.0 -> 0.34.0
2016-12-25 22:56:32 +01:00
aszlig
6af6cec8b2
Revert "thin-provisioning-tools: init at 0.6.1"
...
This reverts commit 55b18ac486
.
There is already a "thin-provisioning-tools" package (see
cd1ec18b42
).
Although this one was committed earlier, I'm reverting it because it's
not only older, but it's unreferenced within <nixpkgs>.
Apart from that the packaging of the other package is of higher
packaging quality (maintainer and license, doesn't use "descriptionS",
uses autoreconfHook).
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @globin, @dwe11er, @jagajaga
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-12-25 02:05:49 +01:00
Tuomas Tynkkynen
0e3b56c7b9
alsa-lib: Remove unnecessary crossAttrs
...
It's breaking the cross build.
2016-12-24 22:41:32 +02:00
Jörg Thalheim
c98f3ffea8
wireguard: 0.0.20161218 -> 0.0.20161223
2016-12-24 13:55:32 +01:00
Frederik Rietdijk
9f6bd82364
nvidia-x11: 375.20 -> 375.26
2016-12-23 10:57:28 +01:00
Graham Christensen
3ffb5ba60c
linux:3.18.44 -> 3.18.45
2016-12-21 21:08:47 -05:00
Graham Christensen
53e21529d4
linux:3.12.68 -> 3.12.69
2016-12-21 21:08:47 -05:00
Jason A. Donenfeld
77588ca442
wireguard: 20161209 -> 20161218 ( #21288 )
2016-12-22 03:04:55 +01:00
Joachim Fasting
6758d157d2
multipath-tools: ensure gzip does not capture timestamp
...
gzip is originally called as 'gzip -9 -c'
This is a port of
a8e7ddd1df
Note that it does not seem to make a difference to `nix-build --check`.
2016-12-20 15:31:55 +01:00
Rok Garbas
b7cfbf96d6
tp_smapi: updateScript added
2016-12-18 16:45:33 +01:00
Franz Pletz
eb559d2b07
batman-adv: 2016.4 -> 2016.5
2016-12-18 05:23:38 +01:00
aszlig
ffe71cbe19
kexec-tools: Add patch to fix build on ARM
...
Building on ARM fails with the following error:
kexec/arch/arm/phys_to_virt.o kexec/arch/arm/phys_to_virt.c
kexec/arch/arm/phys_to_virt.c:3:26: fatal error: phys_to_virt.h: No such file or directory
The patch I'm using is from Fedora:
http://pkgs.fedoraproject.org/cgit/rpms/kexec-tools.git/tree/kexec-tools-2.0.13-fix-armv7-build-failure.patch?id=97581f1a435aafa298a4d0bbcfaf40c63a41ce92
It has been reported upstream as well:
http://lists.infradead.org/pipermail/kexec/2016-September/017352.html
I'm adding the patch for all architectures, so that the next person to
upgrade kexec-tools doesn't forget that even while on x86.
Tested building with i686-linux, x86_64-linux and armv7l-linux.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-12-18 04:49:39 +01:00
Tim Steinbach
0e8e4a08f3
linux: 4.8.14 -> 4.8.15
2016-12-16 08:16:45 -05:00
Tim Steinbach
cb9ff3f7f9
linux: 4.4.38 -> 4.4.39
2016-12-16 08:16:22 -05:00
Joachim Fasting
f0e77cd07d
grsecurity: 4.8.14-201612110933 -> 4.8.15-201612151923
2016-12-16 12:46:44 +01:00
Franz Pletz
a4586f87dc
wireguard: 20161129 -> 20161209
2016-12-16 12:16:39 +01:00
Will Dietz
be24f1d364
musl: 1.1.11 -> 1.1.15, add security patch. ( #21023 )
2016-12-16 11:32:28 +01:00
Jörg Thalheim
4714ca8b56
kexec-tools: 2.0.12 -> 2.0.13 ( #21158 )
...
also fix kexec by removing faulty hardeningFlags
2016-12-15 20:48:03 +01:00
Graham Christensen
01d022e16b
Merge pull request #21118 from grahamc/fix-rsa-build-failure
...
linux_{4_8,grsec_nixos}: patch to fix build failure
2016-12-13 09:15:50 -05:00
Joachim Fasting
d918c80e13
grsecurity: disable verbose initify
...
Not as useful/informative as I had hoped.
2016-12-13 15:12:34 +01:00
Graham Christensen
7a813d3f6d
linux_{4_8,grsec_nixos}: patch to fix build failure
...
crypto/rsa_helper.c:18:28: fatal error: rsapubkey-asn1.h: No such file or directory
2016-12-13 07:25:46 -05:00
Jörg Thalheim
7c8d4cd9a9
wireguard: 0.0.20161116.1 -> 0.0.20161129
2016-12-12 14:41:43 +01:00
Shea Levy
f6daae391f
linux: add 4.9
2016-12-11 19:33:05 -05:00
Joachim Fasting
601058e0e2
grsecurity: 4.8.13-201612082118 -> 4.8.14-201612110933
2016-12-11 19:09:16 +01:00
Tim Steinbach
f576c490e3
linux: 4.4.37 -> 4.4.38
2016-12-10 15:18:52 -05:00
Tim Steinbach
b69822c505
linux: 4.8.13 -> 4.8.14
2016-12-10 15:15:44 -05:00
Tuomas Tynkkynen
bdab6fe5a1
kernel: Use built-in dtbs_install target instead of rolling our own
...
In particular, on aarch64 all the .dtb files will be in subdirectories
and *.dtb won't match anything.
2016-12-10 20:24:08 +02:00
Franz Pletz
9074d9859e
linux: add patch to fix CVE-2016-8655
...
See https://lwn.net/Articles/708319/ for more information.
2016-12-10 17:08:42 +01:00
Frederik Rietdijk
033525c6b8
dstat: fix bad interpreter: No such file
2016-12-10 14:21:51 +01:00
Bjørn Forsman
2077385421
kernel: enable CONFIG_DYNAMIC_DEBUG (like Fedora and Ubuntu)
...
It was useful in tracking down CIFS + DFS issue, and it's apparently
enabled by default in two major distros.
2016-12-10 00:01:21 +02:00
Bjørn Forsman
d429520b13
kernel: add CONFIG_CIFS_* like Fedora, Ubuntu
...
The plan is to fix mounting DFS shares on NixOS (for which some of these
options are needed), but I figured it might be a good idea to enable all
CONFIG_CIFS_* like Fedora 24 and Ubuntu 16.04 while at it. Ubuntu even
has CONFIG_CIFS_SMB311, but as Fedora do not, I left it out.
Mounting DFS shares still doesn't work; need to configure cifs.upcall
and /etc/request-key.conf. Until then, using GVFS as a workaround.
2016-12-10 00:01:21 +02:00
Bjørn Forsman
fc6d82cf76
cifs-utils: add 'talloc' to buildInputs, to build cifs.upcall
...
Fixes this ./configure symptom:
configure: WARNING: talloc.h not found, consider installing libtalloc-devel. Disabling cifs.upcall.
and is needed to (eventually) fix CIFS + DFS kernel mount on NixOS.
2016-12-10 00:01:21 +02:00
Joachim Fasting
d1a5dc0b1c
grsecurity: 4.8.12-201612062306 -> 4.8.13-201612082118
2016-12-09 15:31:02 +01:00
Joachim Fasting
9a63779d64
grsecurity: use upstream url as the primary source
2016-12-09 15:31:00 +01:00
Joachim Fasting
ca7cc96ee8
grsecurity: enable PAX_INITIFY
...
Uses gcc plugin to detect more instances where memory used during init
can be freed.
2016-12-09 15:30:40 +01:00
Tim Steinbach
bfffbb5ea6
linux: 4.8.12 -> 4.8.13
2016-12-09 08:27:11 -05:00
Tim Steinbach
e861a5f7af
linux: 4.4.36 -> 4.4.37
2016-12-09 08:26:46 -05:00
Joachim Fasting
af1202434a
ndiswrapper: mark as broken
...
Build fails across all our kernels. There is a new version 1.60, but
it, too, fails to build. Until somebody comes along to patch around it,
we might as well mark this as broken.
2016-12-08 23:12:32 +01:00
Joachim Fasting
5fd4ffe00f
grsecurity: 4.8.12-201612031658 -> 201612062306
2016-12-08 12:22:13 +01:00
Dmytro Rets
e8220d3264
Update broadcom URL for broadcom-sta driver.
2016-12-08 11:50:31 +02:00
Tim Steinbach
c9d1d430ec
linux: 4.9-rc7 -> 4.9-rc8
2016-12-05 19:40:11 -05:00
Joachim Fasting
9578299bbe
grsecurity: 4.8.11-201611271225 -> 4.8.12-201612031658
2016-12-06 01:24:32 +01:00
Joachim Fasting
cc396697a6
grsecurity: enable ability to lock in readonly mounts
2016-12-06 01:24:12 +01:00
Joachim Fasting
0e765c72e5
grsecurity: enable module hardening
2016-12-06 01:23:58 +01:00
Joachim Fasting
071fbcda24
grsecurity: enable optional sysfs restrictions
...
Fairly severe, but can be disabled at bootup via
grsec_sysfs_restrict=0. For the NixOS module we ensure that it is
disabled, for systemd compatibility.
2016-12-06 01:23:36 +01:00
Joachim Fasting
8c1f5afdf3
grsecurity: delay toggling of sysctls until system is up
...
We generally trust init, so there's little point in having these enabled
during early bootup; it accomplishes little except fill our logs with
spam.
2016-12-06 01:22:53 +01:00
Tuomas Tynkkynen
9ccc14b1bc
linux_rpi: Add some feature flags
...
Copied from linux_4_4 (except for the EFI stub thing).
Otherwise the firewall module fails to evaluate:
Failed assertions:
- This kernel does not support rpfilter
2016-12-04 18:18:06 +02:00
Jörg Thalheim
e00632e200
Merge pull request #20858 from Mic92/lxcfs
...
lxcfs: init at 2.0.4
2016-12-04 11:33:07 +01:00
Tim Steinbach
4f8b74b401
Merge pull request #20866 from NeQuissimus/linux_4_8_12
...
linux: 4.8.11 -> 4.8.12
2016-12-02 18:28:46 -05:00
Tim Steinbach
853b6493c8
linux: 4.8.11 -> 4.8.12
2016-12-02 14:29:00 -05:00
Tim Steinbach
654f5df5dc
linux: 4.4.35 -> 4.4.36
2016-12-02 14:28:26 -05:00
Jörg Thalheim
af609b0254
lxcfs: init at 2.0.4
2016-12-02 13:52:03 +01:00
Tim Steinbach
5afc6b506c
linux: 4.1.35 -> 4.1.36
2016-12-01 20:34:02 -05:00
Joachim F
85ecde87c8
Merge pull request #20804 from danbst/fix-shadow
...
shadow: fix collision with coreutils (man groups.1.gz)
2016-12-01 23:08:30 +01:00
danbst
ac51528df8
shadow: fix collision with coreutils (man groups.1.gz)
...
The `groups.1.gz` collides with one from coreutils. The code to fix this
was already present in expression, but wrongly assumes that share/man/man1
directory will be copied to `man` output after `installPhase`.
It turned out, that man directory is set at configure step, so we should
remove file from `man` output.
2016-11-30 01:44:28 +02:00
Tim Steinbach
18a3225dac
linux: 3.12.67 -> 3.12.68
2016-11-29 17:40:17 -05:00
Tuomas Tynkkynen
8a4d6516ee
Merge remote-tracking branch 'upstream/staging' into master
2016-11-30 00:34:23 +02:00
Franz Pletz
e43f2fc868
Revert "lxc: 2.0.4 -> 2.0.6"
...
This reverts commit 5d804566df
.
This was an error on my part. I had the commit sitting on my local master
and pulled upstream to rebase my commit before pushing. I didn't notice
there was a commit bumping lxc and the auto-merge on the rebase.
2016-11-29 15:42:37 +01:00
Matt McHenry
f0bdca82c0
linuxPackages.ati_drivers_x11: patch for kernel 4.7+ ( #19810 )
2016-11-28 19:56:50 +01:00
Franz Pletz
5d804566df
lxc: 2.0.4 -> 2.0.6
...
Fixes CVE-2016-8649.
See https://lists.linuxcontainers.org/pipermail/lxc-users/2016-November/012597.html .
2016-11-28 19:04:42 +01:00
Alexander V. Nikolaev
a8eeef62e6
lxc: 2.0.4 -> 2.0.6 (security)
...
https://security-tracker.debian.org/tracker/CVE-2016-8649
2016-11-28 15:17:06 +02:00
Alexander V. Nikolaev
121da5e938
lxc: fix sandbox builds
...
Package attempt to write /etc/bash_completion.d, I directed it to
"${out}/etc/bash_completion.d" as it was suggested.
2016-11-28 15:17:05 +02:00
Joachim Fasting
5da1394a58
Revert "gradm: fix using gradm while the RBAC system is active"
...
This reverts commit fdbf7dc8b3
.
Unfortunately, while gradm now works when the RBAC system is enabled,
gradm still fails when full system learning is enabled, so I probably
need to try again later.
2016-11-28 11:41:12 +01:00
Joachim Fasting
b90ed0cc80
grsecurity: 4.8.10-201611232213 -> 4.8.11-201611271225
2016-11-28 11:41:10 +01:00
Joachim Fasting
4c7323545b
Revert "grsecurity: work around for #20490 "
...
This reverts commit e38b74ba89
.
I failed to notice f19c961b4e461da045f2e72e73701059e5117be0; better
use that fix instead.
2016-11-28 11:40:55 +01:00
Tim Steinbach
eecf76eaa2
linux: 4.9-rc6 -> 4.9-rc7
2016-11-27 19:48:24 -05:00
Tuomas Tynkkynen
86ea3126bc
linux_rpi: 1.20160620 -> 1.20161020
2016-11-28 00:24:00 +02:00
Tuomas Tynkkynen
25d6bfa258
raspberrypifw: 1.20160620 -> 1.20161020
2016-11-28 00:23:40 +02:00
Tim Steinbach
b47307bd74
linux: 4.8.10 -> 4.8.11
2016-11-26 16:29:23 -05:00
Tim Steinbach
cc77360bed
linux: 4.4.34 -> 4.4.35
2016-11-26 16:28:58 -05:00
Jörg Thalheim
01172c2ccf
Merge pull request #20591 from NeQuissimus/linux_4_9_rc6
...
linux: 4.9-rc5 -> 4.9-rc6
2016-11-26 16:00:16 +01:00
Vladimír Čunát
925b335607
Merge branch 'master' into staging
2016-11-26 11:27:09 +01:00
Frederik Rietdijk
231cd277df
nvidia-x11: 367.57 -> 375.20
2016-11-26 09:31:10 +01:00
Joachim Fasting
fdbf7dc8b3
gradm: fix using gradm while the RBAC system is active
...
The built-in ACL prevents the gradm binary from loading dynamic
libraries from the Nix store. Thus, once the RBAC system is activated,
the gradm binary cannot be used.
Fix by patching in rules to allow references to the Nix store where
appropriate.
2016-11-26 02:59:35 +01:00
Frederik Rietdijk
6a8c708d6d
cryptsetup: use python2
2016-11-24 22:28:04 +01:00
Frederik Rietdijk
d8b0096704
dstat: use python2
2016-11-24 22:28:03 +01:00
Joachim Fasting
f9d787c67b
grsecurity: 4.8.10-201611210813 -> 201611232213
2016-11-24 12:08:12 +01:00
Nikolay Amiantov
be95ceaff2
treewide: quote URLs in my packages
2016-11-24 01:17:52 +03:00
Franz Pletz
7974d7493a
linux: compress kernel image with xz
2016-11-23 02:24:13 +01:00
Tim Steinbach
e4a1b76457
linux: 4.8.9 -> 4.8.10
2016-11-21 18:07:17 -05:00
Tim Steinbach
d62069aca4
linux: 4.4.33 -> 4.4.34
2016-11-21 18:06:57 -05:00
Joachim Fasting
96194467e6
grsecurity: 4.8.8-201611150756 -> 4.8.10-201611210813
2016-11-21 23:15:14 +01:00
Tim Steinbach
f6bbc6c477
linux: 4.9-rc5 -> 4.9-rc6
2016-11-20 17:23:32 -05:00
Joachim Fasting
6d428242a9
linuxPackages.spl: now builds against grsecurity kernel
2016-11-20 23:01:34 +01:00
Joachim Fasting
0df3553a38
paxtest: 0.9.14 -> 0.9.15
2016-11-20 23:01:31 +01:00
Joachim Fasting
32c71c06d2
pax-utils: 1.1.6 -> 1.1.7
2016-11-20 23:01:28 +01:00