Jörg Thalheim
638d4b4d71
Merge pull request #19265 from Mic92/rtkit
...
rtkit: apply security relevant patch
2016-10-06 00:07:35 +02:00
Eelco Dolstra
f084274eeb
Merge pull request #19251 from groxxda/patch-2
...
kernel: Disable RT_GROUP_SCHED
2016-10-05 20:05:18 +02:00
Jörg Thalheim
c684eb756a
rtkit: *security* Pass uid of caller to polkit
...
Otherwise, we force polkit to look up the uid itself in /proc, which is racy if
they execve() a setuid binary.
2016-10-05 18:11:02 +02:00
Alexander Ried
96fbdf8594
kernel: Disable RT_GROUP_SCHED
...
Follow systemd recommendation
fd74fa791f/README (L96-L103)
2016-10-05 12:52:45 +02:00
Alexander Ried
4e91e8cb3d
rtkit: add patch from debian to remove ControlGroup stanza
...
fixes log clutter:
systemd[1]: [/nix/store/....-rtkit-0.11/etc/systemd/system/rtkit-daemon.service:32] Unknown lvalue 'ControlGroup' in section 'Service'
2016-10-05 11:23:11 +02:00
Shea Levy
e54313d183
Revert "Revert "Linux 4.8""
...
Now featuring @aszlig's modinst_arg_list_too_long patch.
This reverts commit 43bedb970d
.
Fixes #19213
2016-10-04 10:10:36 -04:00
Shea Levy
43bedb970d
Revert "Linux 4.8"
...
This reverts commit e4958d54b1
.
2016-10-03 22:04:43 -04:00
Franz Pletz
beca8946ee
jool: 3.4.5 -> 3.5.0
2016-10-03 18:25:28 +02:00
Shea Levy
e4958d54b1
Linux 4.8
2016-10-03 08:45:45 -04:00
Eric Sagnes
58d44a376e
wireguard: 2016-08-08 -> 2016-10-01
2016-10-03 17:06:11 +09:00
Joachim Fasting
9a9237e0aa
grsecurity: revamp nixos kernel config
...
Cleanup:
- Restructure & add some commentary
- Remove redundant option specs given the auto config
constraints (some are left in for documentation purposes)
Changes:
- GRKERNSEC_CONFIG_VIRT_HOST -> GUEST
The former deselects paravirtualization and friends
- PAX_LATENT_ENTROPY n -> y (implied by auto)
- GRKERNSEC_ACL_HIDEKERN y -> n
Possibly useless with redistribution
2016-10-02 19:25:58 +02:00
Joachim Fasting
1bb7b44cd7
grsecurity: make GRKERNSEC y and PAX y implicit
...
These options should always be specified. Note, an implication of this
change is that not specifying any grsec/PaX options results in a build
failure.
2016-10-02 19:25:58 +02:00
Tuomas Tynkkynen
f5dd3a703d
treewide: Fix more lib.optional misuses
2016-10-02 00:44:10 +03:00
Aneesh Agrawal
fcee1d0b28
Remove redundant -DCMAKE_BUILD_TYPE=Release flags
...
Since commit 183d05a0
in 2012, this is the default.
fixes #18000
2016-10-01 16:13:41 +02:00
Joachim Fasting
2ec9a1a955
grsecurity: 4.7.5-201609261522 -> 4.7.6-201609301918
2016-10-01 08:47:30 +02:00
Joachim Fasting
22108b7a10
linux_4_7: 4.7.5 -> 4.7.6
2016-10-01 08:46:31 +02:00
Eelco Dolstra
613a12a8bd
linux: 4.4.22 -> 4.4.23
2016-09-30 14:41:19 +02:00
Eelco Dolstra
8b09ba32d3
systemd: Apply various upstream bug fixes
...
This includes the fix for the assertion failure in
https://github.com/systemd/systemd/issues/4234 .
2016-09-30 11:23:51 +02:00
rnhmjoj
7cf7572734
btfs: 2.11 -> 2.12
2016-09-30 01:23:16 +02:00
Eelco Dolstra
fe9e5f9f55
pam_usb: Fix evaluation
2016-09-29 20:35:40 +02:00
Eelco Dolstra
c5ddb7dd56
Move useSetUID to pam_usb, the only place where it's used
2016-09-29 13:05:28 +02:00
Yochai
ca9c21b0ab
rtl8812au: 4.2.2-1 -> 4.3.20
2016-09-29 09:29:22 +03:00
Graham Christensen
ff5cf3abff
linux-3.10: fix build by upstream patch
2016-09-28 19:18:34 +02:00
Alexander Ried
d666196a44
iproute2: fix bash completion
...
apparently bash expects only files in its completion folder and not
subfolders.
2016-09-27 18:20:07 +02:00
Joachim Fasting
98a9d815e0
grsecurity: 4.7.4-201609211951 -> 4.7.5-201609261522
2016-09-27 01:43:50 +02:00
zimbatm
0e91a0bbe7
Merge pull request #18943 from Mic92/busybox
...
busybox: 1.23.2 -> 1.24.2
2016-09-26 12:23:22 +01:00
Frederik Rietdijk
3ba16c8234
Do not use top-level buildPythonPackage or buildPythonApplication
...
but instead use the one in pythonPackages.
2016-09-26 11:10:51 +02:00
Joachim Fasting
e1395365ea
spl: fix eval
...
xref: 30ae939142
2016-09-25 16:16:33 +02:00
Alexander Ried
7615d6385a
iproute2: 4.5.0 -> 4.7.0 ( #18435 )
...
iproute now packages a bash-completion file which it installs to
$BASH_COMPDIR.
* fanpatch: adjust for new version
- The patch did not apply because the code around the additions changed.
- The patch uses functions that got changed [1] & [2], I adjusted the
patch to use the safe version. Probably not needed but better safe
than sorry.
[1] format_host: http://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/commit/?id=a418e451643e77fe36861e53359587ba8aa41873
[2] rt_addr_n2a: http://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/commit/?id=7faf1588a755edb9c9cabbe1d3211265e9826d28
2016-09-25 15:07:03 +02:00
Franz Pletz
30ae939142
linuxPackages.spl: don't mark as broken on kernel >= 4.7
...
Compatibility added in c8c688b0c9
.
2016-09-25 14:55:45 +02:00
Franz Pletz
6e063a49b1
linuxPackages.jool: 3.4.4 -> 3.4.5
2016-09-25 14:20:46 +02:00
Franz Pletz
c8c688b0c9
linuxPackages.zfs: 0.6.5.7 -> 0.6.5.8
...
Adds compatibility for 4.7 & 4.8 Linux kernels.
2016-09-25 14:20:46 +02:00
Franz Pletz
3a4a425728
linux: 4.7.4 -> 4.7.5
2016-09-25 14:20:46 +02:00
Franz Pletz
c83f8a536a
linux: 4.4.20 -> 4.4.22
2016-09-25 14:20:46 +02:00
Franz Pletz
fdf239fb83
linux: 4.1.31 -> 4.1.33
2016-09-25 14:20:45 +02:00
Franz Pletz
17402fc4a3
linux: 3.18.40 -> 3.18.42
2016-09-25 14:20:45 +02:00
Franz Pletz
31ff655e46
kernelPatches: remove unneeded patches
2016-09-25 14:20:45 +02:00
Franz Pletz
01f465c82b
linux: 3.12.62 -> 3.12.63
2016-09-25 14:20:45 +02:00
Franz Pletz
b1029abe56
linux: 3.10.102 -> 3.10.103
2016-09-25 14:20:45 +02:00
Franz Pletz
e8cd27dd8a
linux_4_6: remove, not maintained anymore
2016-09-25 14:20:39 +02:00
Jörg Thalheim
74876b0cad
busybox: 1.23.2 -> 1.24.2
...
fixes https://lwn.net/Vulnerabilities/696815/
2016-09-25 13:21:29 +02:00
Nikolay Amiantov
ea4d517eb8
Merge pull request #18661 from NeQuissimus/kernel/zbud
...
kernel-common: Add ZBUD
2016-09-25 12:33:08 +04:00
Joachim Fasting
64816cd972
grsecurity: 4.7.4-201609152234 -> 201609211951
2016-09-22 23:40:50 +02:00
Joachim F
fc4751eccc
Merge pull request #18751 from TvoroG/rtlwifi
...
rtlwifi_new: init at 2016-09-12
2016-09-22 22:50:46 +02:00
Luca Bruno
cf6815275a
Merge pull request #18814 from tavyc/nvme-cli
...
nvme-cli: init at 0.9
2016-09-22 21:47:57 +01:00
Octavian Cerna
b26dff4ea5
nvme-cli: init at 0.9
2016-09-21 21:45:38 +03:00
Domen Kožar
d199d5041a
ena: mark as broken on chromiumos
...
(cherry picked from commit bc06f19efb9a13a2b3fafbdc2ce35427e64c9402)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-09-21 12:04:17 +02:00
Marsel
52dd323047
rtlwifi_new: init at 2016-09-12
2016-09-20 16:18:24 +03:00
Kirill Boltaev
d2bbc631ff
pktgen: disable parallel building
2016-09-19 05:28:43 +03:00
Joachim Fasting
e2659de1b2
kernelPatches: remove legacy grsecurity attrs
2016-09-18 15:26:57 +02:00