Ricardo M. Correia
9dd9bc7bcc
linux: fix kernel config options
...
Some of the options didn't have correct kernel version constraints,
others had been removed or made optional unnecessarily in #84032 .
2020-06-10 13:17:17 +02:00
Vladimír Čunát
02751f8843
Revert "systemd: avoid rebuild from the parent commit for now"
...
This reverts commit b59847b848
.
2020-06-10 08:53:44 +02:00
Jan Tojnar
acb53e0698
Merge branch 'staging-next' into staging
2020-06-10 04:10:57 +02:00
Jan Tojnar
c637cbe992
Merge branch 'master' into staging-next
2020-06-10 04:10:34 +02:00
Martin Weinelt
08815104f5
microcodeIntel: 20200520 -> 20200609
2020-06-09 23:40:29 +02:00
Michael Weiss
e0c970c0e2
Merge pull request #89820 from primeos/linux_5_7
...
linux_5_7: init at 5.7.1
2020-06-09 15:56:50 +02:00
Martin Weinelt
1c14b52e18
hostapd: apply patches for CVE-2020-12695
...
https://w1.fi/security/2020-1/upnp-subscribe-misbehavior-wps-ap.txt
Fixes: CVE-2020-12695
2020-06-09 14:52:42 +02:00
Benjamin Hipple
722ef6c48b
Merge pull request #89856 from cmacrae/upgrade/yabai/3.1.2
...
yabai: 3.1.1 -> 3.1.2
2020-06-09 00:59:17 -04:00
Tim Steinbach
aa1479c5be
linux: 5.6.16 -> 5.6.17
2020-06-08 20:22:38 -04:00
Tim Steinbach
505e54f340
linux: 5.4.44 -> 5.4.45
2020-06-08 20:22:37 -04:00
Tim Steinbach
4c11426c3f
linux: 4.19.126 -> 4.19.127
2020-06-08 20:22:37 -04:00
cmacrae
154fc03194
yabai: 3.1.1 -> 3.1.2
2020-06-09 00:19:08 +01:00
cmacrae
e9198cb7a5
yabai: 3.1.0 -> 3.1.1
2020-06-08 22:42:42 +01:00
Michael Weiss
19b2efbc39
linux_5_7: init at 5.7.1
...
Changes:
- Copied linux-5.7.nix from linux-5.6.nix
- Add linux_5_7 and linuxPackages_5_7
- Update linux_latest to 5.7
Note:
The kernel patch 'kernelPatches.export_kernel_fpu_functions."5.3"' is
still applied as I copied the list from linux_5_7 (vs. linux_testing).
This patch is probably still required for the ZFS performance.
2020-06-08 17:44:36 +02:00
Frederik Rietdijk
8576d24b2a
Merge staging-next into staging
2020-06-08 12:08:51 +02:00
Vladimír Čunát
b59847b848
systemd: avoid rebuild from the parent commit for now
...
Otherwise we'd be delaying this staging-next cycle noticeably.
2020-06-08 06:28:58 +02:00
John Ericson
a239864fc6
systemd: Fix cross build
...
This was very similar to the Mesa issues fixed in
62e6d73a09
: the user-written code is
looking up an unprefixed binutils program.
[I think we should have a way in Meson of specifying a program prefix in
the cross / native files, as a fallback for any program that isn't
explicitly specified. This could both be availible for user written
rules, and help with the default rules.]
Fixes https://github.com/NixOS/mobile-nixos/issues/161
2020-06-08 00:29:51 +00:00
Georg Haas
a8ee561b0f
jool: 4.0.5 -> 4.0.9
2020-06-07 19:08:59 +02:00
Frederik Rietdijk
d0532e79ae
Merge staging-next into staging
2020-06-07 09:25:46 +02:00
Frederik Rietdijk
6b8223e634
Merge master into staging-next
2020-06-07 09:25:12 +02:00
Mario Rodas
fe753a241f
Merge pull request #89539 from cmacrae/upgrade/yabai/3.1.0
...
yabai: 3.0.2 -> 3.1.0
2020-06-05 20:04:19 -05:00
Samuel Dionne-Riel
3570c1303e
Merge pull request #89571 from samueldr/fix/input-utils/cross
...
input-utils: Fix cross-compilation
2020-06-05 19:53:46 -04:00
Samuel Dionne-Riel
68096cab7f
input-utils: Fix cross-compilation
...
We actually don't need to `strip` using `install`. Stripping is already
part of the fixup. This ends up being a fix we can apply universally,
but works around an issue where `install` doesn't know about the
prefixed `strip` binary.
2020-06-05 18:52:47 -04:00
Matthew Bauer
fa29c1002d
Merge pull request #89356 from wizeman/u/fix-fwupd
...
fwupd: fix configuration on aarch64
2020-06-05 15:36:34 -05:00
Frederik Rietdijk
1c68570ab2
Merge staging-next into staging
2020-06-05 19:42:16 +02:00
Frederik Rietdijk
43f71029cc
Merge master into staging-next
2020-06-05 19:40:53 +02:00
Patryk Wychowaniec
4dee97c43e
lxcfs: Wrap lxc.mount.hook
, so that it detects the mount
command
2020-06-05 16:37:31 +02:00
Tim Steinbach
05b3c7dd66
linux/hardened/patches/5.6: 5.6.15.a -> 5.6.16.a
2020-06-05 09:45:25 -04:00
Tim Steinbach
5537f64700
linux/hardened/patches/5.4: 5.4.43.a -> 5.4.44.a
2020-06-05 09:45:23 -04:00
Tim Steinbach
7ce3d24baa
linux/hardened/patches/4.19: 4.19.125.a -> 4.19.126.a
2020-06-05 09:45:21 -04:00
Tim Steinbach
2c2362cea5
linux/hardened/patches/4.14: 4.14.182.a -> 4.14.183.a
2020-06-05 09:45:19 -04:00
Tim Steinbach
7557c83ea4
linux_latest-libre: 17506 -> 17527
2020-06-05 09:45:08 -04:00
Tim Steinbach
4c5251436b
linux: 5.6.15 -> 5.6.16
2020-06-05 09:37:49 -04:00
Tim Steinbach
6599499cd7
linux: 5.4.43 -> 5.4.44
2020-06-05 09:37:38 -04:00
Tim Steinbach
c511f3bab6
linux: 4.9.225 -> 4.9.226
2020-06-05 09:37:26 -04:00
Tim Steinbach
4bf8aa6b71
linux: 4.4.225 -> 4.4.226
2020-06-05 09:37:11 -04:00
Tim Steinbach
0c574f3357
linux: 4.19.125 -> 4.19.126
2020-06-05 09:37:03 -04:00
Tim Steinbach
877920254a
linux: 4.14.182 -> 4.14.183
2020-06-05 09:36:43 -04:00
cmacrae
74e87de0ad
yabai: 3.0.2 -> 3.1.0
2020-06-05 14:11:39 +01:00
Jörg Thalheim
073d2fc4d5
cgmanager: remove
...
fixes #30023
2020-06-05 09:47:12 +01:00
Benjamin Saunders
38f5fce48a
linuxPackages.rtl88x2bu: init at 2020-05-19
2020-06-04 12:39:54 -07:00
Anders Kaseorg
0f2e569505
linux: CONFIG_MOUSE_ELAN_I2C_SMBUS=y
...
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2020-06-04 18:22:23 +02:00
Michael Weiss
ac0716aa61
iproute: 5.6.0 -> 5.7.0
...
"As usual lots of small fixes, across many utilities. Several qdisc now
have more parameters available. Devlink get most of the fixes." [0]
File changes (additions/removals):
+share/bash-completion/completions/devlink
+share/man/man8/devlink-dpipe.8.gz
+share/man/man8/tc-ct.8.gz
[0]: https://marc.info/?l=linux-netdev&m=159115579900638
2020-06-04 18:13:07 +02:00
Frederik Rietdijk
b76c308ecd
Merge staging-next into staging
2020-06-04 15:28:16 +02:00
Frederik Rietdijk
08900c0554
Merge master into staging-next
2020-06-04 15:25:54 +02:00
Florian Klink
3b1b4fde0c
systemd: systemd.pc: fix systemdsystemunitpath and systemduserunitpath
...
The paths in the generated `systemd.pc` were flipped, fix this:
`systemdsystemunitpath`: `/nix/var/nix/profiles/default/lib/systemd/{user => system}`
`systemduserunitpath`: `/nix/var/nix/profiles/default/lib/systemd/{system => user}`
The paths actually used in the code (further below in that patch) were
correct, so keep them there.
Fixes #59473 .
2020-06-03 22:25:01 +02:00
Daiderd Jordan
7b3a2963d1
treewide: replace base64 encoded hashes
2020-06-03 18:35:19 +02:00
Rovanion Luckey
29fc454d15
pcm: 202003 -> 202005
2020-06-02 12:53:58 -07:00
Neil Mayhew
367b3a99e4
multipath-tools: Fix build failure due to GZIP make var
...
The multipath-tools makefiles use GZIP as a variable name but this is
also the name of the environment variable gzip uses to get its default
options.
Normally, this wouldn't get into the environment but nixpkgs exports
GZIP=-n in a setup hook. This in turn causes make to export its own
value for this variable. gzip objects to having -c in the environment
variable and aborts, causing the build to fail.
2020-06-02 09:38:29 -06:00
Ricardo M. Correia
ec4d914143
fwupd: fix configuration on aarch64
...
The fwupd service was failing on aarch64 with:
fwupd: Failed to load engine: Failed to load remotes: failed to load /etc/fwupd/remotes.d/dell-esrt.conf: No such file or directory
The /etc/fwupd/remotes.d/dell-esrt.conf symlink existed but it pointed to a non-existent file.
2020-06-02 14:23:20 +02:00
James Ravn
46f2bf63a4
firmwareLinuxNonfree: 2020-01-22 -> 2020-05-19
2020-06-01 14:16:22 +01:00
Maximilian Bosch
e90c5fe0ec
linuxPackages.wireguard: 1.0.20200506 -> 1.0.20200520
...
https://lists.zx2c4.com/pipermail/wireguard/2020-May/005450.html
2020-05-31 21:25:56 +02:00
Mario Rodas
8a73ac0f34
Merge pull request #89229 from shardulbee/update-yabai-3.0.2
...
yabai: 3.0.1 -> 3.0.2
2020-05-31 09:53:32 -05:00
Shardul Baral
2d95536210
yabai: 3.0.1 -> 3.0.2
2020-05-31 10:29:34 -04:00
Alexey Shmalko
1607e821ff
Merge pull request #89037 from r-ryantm/auto-update/uclibc-ng
...
uclibc: 1.0.33 -> 1.0.34
2020-05-31 14:31:15 +03:00
Tim Steinbach
746fe02a5a
linux_latest-libre: 17445 -> 17506
2020-05-30 11:23:42 -04:00
Frederik Rietdijk
03de4c02fb
Merge staging-next into staging
2020-05-28 22:05:36 +02:00
R. RyanTM
d4226e3a4b
checksec: 2.1.0 -> 2.2.1
2020-05-28 13:58:27 -05:00
Jethro Kuan
2738ca86bd
rtl88xxau-aircrack: init ( #88870 )
2020-05-28 12:33:25 -04:00
Tim Steinbach
dc9b007637
linux/hardened/patches/5.6: 5.6.14.a -> 5.6.15.a
2020-05-28 09:35:07 -04:00
Tim Steinbach
a1ec9f649e
linux/hardened/patches/5.4: 5.4.42.a -> 5.4.43.a
2020-05-28 09:35:07 -04:00
Tim Steinbach
827df89616
linux/hardened/patches/4.19: 4.19.124.a -> 4.19.125.a
2020-05-28 09:35:06 -04:00
Tim Steinbach
964a5b99f7
linux/hardened/patches/4.14: 4.14.181.a -> 4.14.182.a
2020-05-28 09:35:06 -04:00
Tim Steinbach
3b94b3f0ac
linux: 5.6.14 -> 5.6.15
2020-05-28 09:35:06 -04:00
Tim Steinbach
5c4bd56c45
linux: 5.4.42 -> 5.4.43
2020-05-28 09:35:05 -04:00
Tim Steinbach
583e50cc79
linux: 4.9.224 -> 4.9.225
2020-05-28 09:35:05 -04:00
Tim Steinbach
c1299ef40c
linux: 4.4.224 -> 4.4.225
2020-05-28 09:35:04 -04:00
Tim Steinbach
d5c4986dfa
linux: 4.19.124 -> 4.19.125
2020-05-28 09:35:04 -04:00
Tim Steinbach
90d6c2b642
linux: 4.14.181 -> 4.14.182
2020-05-28 09:35:01 -04:00
Jan Tojnar
19952035d4
Merge pull request #88506 from r-ryantm/auto-update/fwupd
2020-05-27 21:43:35 +02:00
R. RyanTM
84c39bd824
fwts: 20.03.00 -> 20.05.00
2020-05-27 12:38:01 -07:00
R. RyanTM
6e7807b0a0
libratbag: 0.13 -> 0.14
2020-05-27 12:11:50 -07:00
Michael Weiss
4454219156
nvme-cli: 1.11.1 -> 1.11.2
2020-05-27 20:34:12 +02:00
R. RyanTM
9d9519b074
uclibc: 1.0.33 -> 1.0.34
2020-05-27 17:40:50 +00:00
Frederik Rietdijk
362d88c2b1
Merge staging-next into staging
2020-05-27 15:27:28 +02:00
Jan Tojnar
5518a646cd
Merge pull request #87526 from r-ryantm/auto-update/v4l-utils
2020-05-25 13:31:03 +02:00
Michele Guerini Rocco
489fa65007
Merge pull request #88863 from r-ryantm/auto-update/btfs
...
btfs: 2.20 -> 2.21
2020-05-25 21:20:22 +02:00
oxalica
fe3e52c291
earlyoom: patch absolute dbus path and make nixos module up to date ( #88443 )
...
* earlyoom: patch absolute path of dbus-send
* nixos/earlyoom: replace `notificationsCommand` with `enableNotification`
* nixos/earlyoom: setup `systembus-notify` when `enableNotification`
2020-05-25 10:13:55 -05:00
R. RyanTM
a7232067e7
btfs: 2.20 -> 2.21
2020-05-25 09:13:22 +00:00
markuskowa
8d9cbd0afa
Merge pull request #88182 from r-ryantm/auto-update/libfabric
...
libfabric: 1.10.0 -> 1.10.1
2020-05-24 13:36:47 +02:00
Philipp Bartsch
20ebb1330a
usbguard: 0.7.7 -> 0.7.8
2020-05-24 10:36:07 +02:00
Philipp Bartsch
2198d015e5
usbguard: 0.7.6 -> 0.7.7
2020-05-24 10:36:07 +02:00
Frederik Rietdijk
d578248611
Merge staging-next into staging
2020-05-24 10:10:06 +02:00
Tim Steinbach
cb2686adc3
linux-hardened: Remove 5.5
2020-05-23 10:36:10 -04:00
Andreas Rammhold
db90666f95
Merge pull request #88477 from mweinelt/intelMicrocode
...
microcodeIntel: 20200508 → 20200520
2020-05-23 13:48:25 +02:00
Mario Rodas
65f396b86e
Merge pull request #88655 from r-ryantm/auto-update/powerstat
...
powerstat: 0.02.22 -> 0.02.23
2020-05-23 06:44:35 -05:00
Frederik Rietdijk
8a77c900dd
Merge staging-next into staging
2020-05-23 10:25:19 +02:00
R. RyanTM
80887720ca
powerstat: 0.02.22 -> 0.02.23
2020-05-23 05:10:35 +00:00
Tim Steinbach
062cd3e87c
linux: Remove 5.5
...
The 5.5.x series is now EOL
2020-05-22 19:02:51 -04:00
Tim Steinbach
8b66da57ed
linux/hardened/patches/5.6: 5.6.13.a -> 5.6.14.a
2020-05-22 10:51:24 -04:00
Tim Steinbach
f759c5af51
linux/hardened/patches/5.4: 5.4.41.a -> 5.4.42.a
2020-05-22 10:51:22 -04:00
Tim Steinbach
b7de919a94
linux/hardened/patches/4.19: 4.19.123.a -> 4.19.124.a
2020-05-22 10:51:20 -04:00
Tim Steinbach
0c9c846768
linux/hardened/patches/4.14: 4.14.180.a -> 4.14.181.a
2020-05-22 10:51:14 -04:00
Florian Klink
cfb4d0dfe3
Merge pull request #84032 from teto/fix_kernel_merge
...
Fix kernel configuration merge
2020-05-22 13:32:22 +02:00
Orivej Desh
16d7f7edae
Merge branch 'master' into staging
2020-05-22 09:13:23 +00:00
Florian Klink
927b7795cb
Merge pull request #88492 from flokli/current-system-systemctl
...
tree-wide: use systemctl of running system
2020-05-21 20:22:26 +02:00
adisbladis
1b3825ebcb
zfs: 0.8.3 -> 0.8.4
2020-05-21 16:32:19 +01:00
R. RyanTM
9dcffdecb6
fwupd: 1.4.1 -> 1.4.2
2020-05-21 11:13:59 +00:00
Florian Klink
5cca485396
displaylink: run systemctl of the currently running systemd
2020-05-21 10:35:07 +02:00
Martin Weinelt
f49defc85f
microcodeIntel: 20200508 → 20200520
2020-05-21 04:59:10 +02:00
Michael Weiss
0a5a900ff1
fscrypt-experimental: 0.2.7 -> 0.2.8
2020-05-20 18:17:12 +02:00
Tim Steinbach
c768dcfcfc
linux: 5.6.13 -> 5.6.14
2020-05-20 08:27:14 -04:00
Tim Steinbach
2364627a39
linux: 5.4.41 -> 5.4.42
2020-05-20 08:27:07 -04:00
Tim Steinbach
d2f98da120
linux: 4.9.223 -> 4.9.224
2020-05-20 08:27:00 -04:00
Tim Steinbach
ed3766309f
linux: 4.4.223 -> 4.4.224
2020-05-20 08:26:51 -04:00
Tim Steinbach
439a9043a1
linux: 4.19.123 -> 4.19.124
2020-05-20 08:26:43 -04:00
Tim Steinbach
b3e7b6d556
linux: 4.14.180 -> 4.14.181
2020-05-20 08:26:30 -04:00
Tim Steinbach
8b5a3127b3
linux: 5.7-rc4 -> 5.7-rc6
2020-05-19 10:11:10 -04:00
R. RyanTM
d6cf255e65
libfabric: 1.10.0 -> 1.10.1
2020-05-19 10:17:10 +00:00
Peter Hoeg
6d14bfa4ac
Merge pull request #88044 from peterhoeg/u/ena_2_2_7
...
kernelPackages.ena: 2.1.2 -> 2.2.7
2020-05-19 12:28:27 +08:00
Jan Tojnar
0f5ce2fac0
Merge pull request #88099 from zowoq/fwupdate
2020-05-19 01:31:20 +02:00
zowoq
a5cbd4fa35
fwupdate: remove
...
https://github.com/rhboot/fwupdate
This project is no longer supported.
All code has been merged directly into the fwupd project.
Please switch to that.
2020-05-19 08:57:27 +10:00
Jan Tojnar
f8a9c6efac
Merge branch 'staging-next' into staging
2020-05-18 21:09:48 +02:00
Peter Hoeg
ac3e909685
kernelPackages.ena: 2.1.2 -> 2.2.7
2020-05-18 10:29:57 +08:00
Puck Meerburg
2b5d59cbdc
linux: Enable fbcon deferred takeover when possible
...
This config value ensures that when booting through e.g. UEFI, the
existing framebuffer contents stay put until the first character is
printed. As the default NixOS stage-1 immediately outputs a welcome
message on init, this does not impact it, but it will allow for a cleaner boot when
configured as such.
2020-05-17 17:43:34 +00:00
Jan Tojnar
219382bf28
wpa_supplicant_gui: fix build with Inkscape 1.0
2020-05-17 08:40:30 +02:00
Tim Steinbach
2c74af6d97
linux/hardened/patches/5.6: 5.6.12.a -> 5.6.13.a
2020-05-15 20:23:17 -04:00
Tim Steinbach
6fd700adf1
linux/hardened/patches/5.4: 5.4.40.a -> 5.4.41.a
2020-05-15 20:23:15 -04:00
Tim Steinbach
d18d18a45d
linux/hardened/patches/4.19: 4.19.122.a -> 4.19.123.a
2020-05-15 20:23:09 -04:00
John Ericson
ee8cfe4bf3
treewide: pkg-config has targetPrefix
2020-05-16 00:21:21 +00:00
Lila
7517299146
treewide: fix broken AlpineLinux repo links ( #87892 )
2020-05-15 16:58:27 +01:00
Tim Steinbach
7ef8639163
linux: 5.6.12 -> 5.6.13
2020-05-14 09:19:09 -04:00
Tim Steinbach
e3ba43b826
linux: 5.4.40 -> 5.4.41
2020-05-14 09:19:02 -04:00
Tim Steinbach
e9dbf2e508
linux: 4.19.122 -> 4.19.123
2020-05-14 09:18:52 -04:00
Mario Rodas
9917caa5e8
Merge pull request #87542 from cmacrae/upgrade/yabai/3.0.1
...
yabai: 3.0.0 -> 3.0.1
2020-05-14 08:14:56 -05:00
Frederik Rietdijk
404fe35d65
Merge staging-next into staging
2020-05-14 09:37:03 +02:00
Colin L Rice
d6162dab50
go-modules: Update files to use vendorSha256
2020-05-14 07:22:21 +01:00
R. RyanTM
ee2922a4b4
sysstat: 12.3.1 -> 12.3.2
2020-05-13 15:39:50 -07:00
Matthew Bauer
233e60ca24
Merge pull request #87691 from matthewbauer/linux-rpi3-arm32
...
linux-rpi: use bcm2709 on arm32 rpi3
2020-05-13 10:35:21 -05:00
John Ericson
a0c003e5d8
Merge pull request #86166 from Ericson2314/suffix-salt
...
*-wrapper; Switch from `infixSalt` to `suffixSalt`
2020-05-12 18:37:16 -04:00
Gaelan Steele
b6beb43dd7
kexectools: always pass host and target to configure
...
Fixes #56290 .
2020-05-12 12:16:08 -07:00
Matthew Bauer
c78ad0f7f8
linux-rpi: use bcm2709 on arm32 rpi3
...
“bcmrpi3_defconfig” isn’t provided for arm32, so we need to use
bcm2709_config. When on arm64, we can still use bcmrpi3_defconfig
2020-05-12 13:07:00 -05:00
Tim Steinbach
0c9b897241
linux-hardened: Fix kernel version detection
2020-05-12 08:37:08 -04:00
Tim Steinbach
511b503b0d
linux/hardened/patches/5.6: 5.6.11.a -> 5.6.12.a
2020-05-12 08:35:52 -04:00
Tim Steinbach
2646e949b0
linux/hardened/patches/5.4: 5.4.39.a -> 5.4.40.a
2020-05-12 08:35:50 -04:00
Tim Steinbach
fc545e4d23
linux/hardened/patches/4.19: 4.19.121.a -> 4.19.122.a
2020-05-12 08:35:48 -04:00
Tim Steinbach
677ddfef7c
linux/hardened/patches/4.14: 4.14.179.a -> 4.14.180.a
2020-05-12 08:35:46 -04:00
Florian Klink
d6f90e4f9e
Merge pull request #73530 from eadwu/nvidia/systemd-pm
...
nixos/nvidia: include systemd power management
2020-05-12 13:54:45 +02:00
John Ericson
1ac5398589
*-wrapper; Switch from infixSalt
to suffixSalt
...
I hate the thing too even though I made it, and rather just get rid of
it. But we can't do that yet. In the meantime, this brings us more
inline with autoconf and will make it slightly easier for me to write a
pkg-config wrapper, which we need.
2020-05-12 00:44:44 -04:00
Alexey Shmalko
54ded21f74
Merge pull request #87541 from r-ryantm/auto-update/uclibc-ng
...
uclibc: 1.0.32 -> 1.0.33
2020-05-11 15:56:48 +03:00
Tim Steinbach
0010ae4960
linux: 5.6.11 -> 5.6.12
2020-05-11 08:43:23 -04:00
Tim Steinbach
98c79eb588
linux: 5.4.39 -> 5.4.40
2020-05-11 08:43:15 -04:00
Tim Steinbach
39426327ce
linux: 4.9.222 -> 4.9.223
2020-05-11 08:43:06 -04:00
Tim Steinbach
ddd1363bff
linux: 4.4.222 -> 4.4.223
2020-05-11 08:42:56 -04:00
Tim Steinbach
36a1ca4daa
linux: 4.19.121 -> 4.19.122
2020-05-11 08:42:49 -04:00
Tim Steinbach
6d183ed8d8
linux: 4.14.179 -> 4.14.180
2020-05-11 08:42:38 -04:00
Jörg Thalheim
885f65fbff
Merge pull request #86074 from emilazy/refactor-linux-hardened-update-script
2020-05-11 10:40:42 +01:00
Emily
4688ec0eb2
linux: explicitly enable AIO
...
This is disabled by default in the linux-hardened patchset, but is
required by e.g. LVM.
Fixes #87260 .
2020-05-10 23:23:38 +01:00
cmacrae
89be001b27
yabai: 3.0.0 -> 3.0.1
2020-05-10 21:54:13 +01:00
R. RyanTM
596c8150e9
uclibc: 1.0.32 -> 1.0.33
2020-05-10 20:37:42 +00:00
R. RyanTM
ec7e931c90
libv4l: 1.18.0 -> 1.18.1
2020-05-10 18:47:02 +00:00
Edmund Wu
9a269f555a
nixos/nvidia: include systemd power management
2020-05-10 11:25:50 -04:00
Maximilian Bosch
f887d09c89
linuxPackages.wireguard: 1.0.20200429 -> 1.0.20200506
...
https://lists.zx2c4.com/pipermail/wireguard/2020-May/005408.html
2020-05-10 01:35:30 +02:00
Jörg Thalheim
887295fd2d
treewide: remove the-kenny from maintainers
...
@the-kenny did a good job in the past and is set as maintainer in many package,
however since 2017-2018 he stopped contributing. To create less confusion
in pull requests when people try to request his feedback, I removed him as
maintainer from all packages.
2020-05-09 10:28:57 +01:00
R. RyanTM
646fc239d3
libbpf: 0.0.7 -> 0.0.8
2020-05-09 08:57:25 +02:00
R. RyanTM
5e5b684435
mcelog: 168 -> 169
2020-05-09 08:54:35 +02:00
Martin Weinelt
d2ad98b1c9
microcodeIntel: 20191115 → 20200508
2020-05-09 00:06:44 +02:00
Emily
5a5a2d0342
linux/hardened/update.py: pass encoding to subprocess
2020-05-08 15:49:36 +01:00
Emily
b2ad58536c
linux/hardened/update.py: commit updates in order
2020-05-08 15:49:36 +01:00
Emily
88486c4e76
linux/hardened/update.py: get versions with nix(1)
2020-05-08 15:49:36 +01:00
Emily
e77d174fcd
linux/hardened/update.py: add type annotations
2020-05-08 15:49:35 +01:00
Emily
d6fe0a4e2d
linux/hardened: move files into directory
2020-05-08 15:49:35 +01:00
Emily
abe4bef033
linux/update-hardened.py: use pathlib
2020-05-08 15:49:35 +01:00
Emily
83c4ac2eb3
linux/update-hardened.py: reformat
...
$ isort --multi-line=3 --trailing-comma --force-grid-wrap=0 --use-parentheses …
$ black --line-length=80 …
(per the black documentation)
2020-05-08 15:49:35 +01:00
Pavol Rusnak
6abf4a43ad
treewide: per RFC45, remove more unquoted URLs
2020-05-08 15:20:47 +02:00
Tim Steinbach
711667dc3e
linux/hardened-patches/4.14: 4.14.178.a -> 4.14.179.a
2020-05-07 20:56:39 -04:00
Tim Steinbach
3d44729f1e
linux/hardened-patches/4.19: 4.19.120.a -> 4.19.121.a
2020-05-07 20:56:38 -04:00
Tim Steinbach
ced789fa62
linux/hardened-patches/5.4: 5.4.38.a -> 5.4.39.a
2020-05-07 20:56:38 -04:00
Tim Steinbach
603741e751
linux/hardened-patches/5.6: 5.6.10.a -> 5.6.11.a
2020-05-07 20:56:38 -04:00
Vladimír Čunát
fcc68a43aa
Merge branch 'staging-next'
...
The nss update is needed for security update of firefox.
For linux platforms only about 1k aarch64 rebuilds are missing;
the diff on Hydra looks OK. Darwin needs 20k more rebuilds,
but I don't think we want to wait for that.
2020-05-07 19:56:25 +02:00
R. RyanTM
044b8c51c9
pax-utils: 1.2.5 -> 1.2.6
2020-05-06 23:15:13 -07:00
Ryan Mulligan
3e73635e51
Merge pull request #86556 from cmacrae/pkgs/os-specific/darwin/spacebar
...
spacebar: init at v0.5.0
2020-05-06 15:19:38 -07:00
Andreas Rammhold
38d043b116
Merge pull request #87139 from mweinelt/pr/security-patch-names
...
treewide: add CVE identifiers to patches
2020-05-06 23:51:53 +02:00
Martin Weinelt
e24f5eab66
treewide: add CVE identifiers to patches
...
This allows tools like broken.sh to correctly identify the patched
status.
2020-05-06 23:18:09 +02:00
Tim Steinbach
f82e836e1d
linux: 5.6.10 -> 5.6.11
2020-05-06 15:58:09 -04:00
Tim Steinbach
bcbc507143
linux: 5.4.38 -> 5.4.39
2020-05-06 15:57:20 -04:00
Tim Steinbach
ac287ce319
linux: 4.19.120 -> 4.19.121
2020-05-06 15:56:35 -04:00
Jörg Thalheim
d49615dc55
Merge pull request #86918 from Mic92/sysdig
2020-05-06 15:52:29 +01:00
Vladimír Čunát
e8d3c1579b
Merge branch 'staging' into staging-next
2020-05-06 08:22:27 +02:00
Vladimír Čunát
54eb2d1018
Merge branch 'staging-next'
...
Status on Hydra for linuxes seems good enough:
https://hydra.nixos.org/eval/1585703?filter=linux&compare=1585482&full=#tabs-now-fail
2020-05-06 08:20:05 +02:00
Jörg Thalheim
ee8cde8d1c
Merge pull request #86391 from kwohlfahrt/gpio-utils
2020-05-06 06:57:14 +01:00
Jörg Thalheim
b4df84d203
Merge pull request #86989 from r-ryantm/auto-update/lxcfs
2020-05-06 06:29:59 +01:00
Anthony Cowley
bdbffbe91b
hwdata: 0.316 -> 0.335
2020-05-06 00:45:01 -04:00
R. RyanTM
5ed0514b4f
conntrack-tools: 1.4.5 -> 1.4.6
2020-05-05 18:50:47 -07:00
Mario Rodas
e08c758913
Merge pull request #86833 from r-ryantm/auto-update/criu
...
criu: 3.13 -> 3.14
2020-05-05 20:17:53 -05:00
Jan Tojnar
ea38cf9d96
Merge pull request #87017 from jtojnar/fwupd-1.4.1
2020-05-06 01:20:16 +02:00
Jan Tojnar
88d15ee4ef
fwupd: 1.4.0 → 1.4.1
...
ad113b931f
2020-05-06 00:30:11 +02:00
R. RyanTM
03425b0033
lxcfs: 4.0.1 -> 4.0.3
2020-05-05 20:32:26 +00:00
Tim Steinbach
32585ddcec
linux: 4.9.221 -> 4.9.222
2020-05-05 14:35:55 -04:00
Tim Steinbach
7f75ff0777
linux: 4.4.221 -> 4.4.222
2020-05-05 14:35:46 -04:00
Tim Steinbach
018f49380e
linux: 4.14.178 -> 4.14.179
2020-05-05 14:35:33 -04:00
Frederik Rietdijk
9875bbae75
Merge master into staging-next
2020-05-05 19:51:09 +02:00
Jörg Thalheim
330693c502
linuxPackages.sysdig: 0.26.6 -> 0.26.7
2020-05-05 11:21:35 +01:00
124
82dfd10035
syslinux: fix #86846 : build on i686
...
vcunat tried tests.boot.biosCdrom.i686-linux - after small local
modification to make that attribute even exist. Installed file list
also looks fine in comparison with state before the breaking change;
hopefully it will work just fine.
2020-05-05 10:25:44 +02:00
R. RyanTM
6967ad7185
criu: 3.13 -> 3.14
2020-05-04 20:06:29 +00:00
Jörg Thalheim
c5bcac2999
Merge pull request #86779 from r-ryantm/auto-update/bcc
...
linuxPackages_hardened.bcc: 0.13.0 -> 0.14.0
2020-05-04 17:01:22 +01:00
Kai Wohlfahrt
89d3a605e3
gpio-tools: init in kernel 5.4
...
Linux provides some tools to interact with the gpiochip interface (which
replaces the deprecated sysfs GPIO interface). Expose these as a
package.
The tool has not changed much recently, so there is no need to package a
version for each kernel.
2020-05-04 15:02:55 +01:00
R. RyanTM
bd1846f7f4
linuxPackages_hardened.bcc: 0.13.0 -> 0.14.0
2020-05-04 13:33:51 +00:00
Tim Steinbach
b6456e528e
linux: 5.7-rc3 -> 5.7-rc4
2020-05-04 08:41:50 -04:00
Maximilian Bosch
8536aeb415
Merge pull request #86605 from BKPepe/wireguard
...
wireguard-compat: 1.0.20200426 -> 1.0.20200429
2020-05-03 19:38:23 +02:00
Tim Steinbach
d51998798f
linux/hardened-patches/4.14: 4.14.177.a -> 4.14.178.a
2020-05-03 13:17:07 -04:00
Tim Steinbach
4df77514e7
linux/hardened-patches/4.19: 4.19.119.a -> 4.19.120.a
2020-05-03 13:17:03 -04:00
Tim Steinbach
c5d56b1790
linux/hardened-patches/5.4: 5.4.36.a -> 5.4.38.a
2020-05-03 13:16:59 -04:00
Tim Steinbach
e7b54c19de
linux/hardened-patches/5.6: 5.6.8.a -> 5.6.10.a
2020-05-03 13:16:49 -04:00
Josef Schlehofer
e008d5fc98
wireguard-compat: 1.0.20200426 -> 1.0.20200429
2020-05-03 18:39:08 +02:00
Linus Heckemann
88e07d3a96
Merge pull request #86598 from Valodim/aarch64-hidraw
...
linux: CONFIG_HIDRAW=y
2020-05-03 11:04:56 +02:00
Peter Hoeg
4310c1a4a0
Merge pull request #85094 from helsinki-systems/syslinux_efi
...
syslinux: add uefi support
2020-05-03 12:33:54 +08:00
ajs124
a09878c205
syslinux: fix UEFI support
2020-05-03 02:18:46 +02:00
Vincent Breitmoser
bdd2d3ccb2
linux: CONFIG_HIDRAW=y
2020-05-02 17:43:43 +02:00
Daiderd Jordan
64279cff00
Merge pull request #86557 from cmacrae/upgrade/yabai/3.0.0
...
yabai: 2.4.3 -> 3.0.0
2020-05-02 11:34:56 +02:00
Tim Steinbach
c46b55e640
linux: 5.6.8 -> 5.6.10
2020-05-02 14:46:24 -04:00
Tim Steinbach
ba19c248b7
linux: 5.4.36 -> 5.4.38
2020-05-02 14:46:24 -04:00
Tim Steinbach
13e51bb636
linux: 4.9.220 -> 4.9.221
2020-05-02 14:46:23 -04:00
Tim Steinbach
7e200a0177
linux: 4.4.220 -> 4.4.221
2020-05-02 14:46:23 -04:00
Tim Steinbach
92c2abe85f
linux: 4.19.119 -> 4.19.120
2020-05-02 14:46:23 -04:00
Tim Steinbach
163e5a8d0c
linux: 4.14.177 -> 4.14.178
2020-05-02 14:46:22 -04:00
cmacrae
c57532cf4e
spacebar: init at v0.5.0
2020-05-02 10:18:34 +01:00
cmacrae
fe9938ebd4
yabai: 2.4.3 -> 3.0.0
2020-05-02 10:17:32 +01:00
cmacrae
1e16e652d8
skhd: 0.3.0 -> 0.3.5
2020-05-02 09:58:41 +01:00
R. RyanTM
9f2ecb211d
setools: 4.2.2 -> 4.3.0
2020-05-02 10:13:48 +02:00
Frederik Rietdijk
22ea1b9be2
Merge staging-next into staging
2020-05-02 10:13:08 +02:00
Frederik Rietdijk
afb1041148
Merge master into staging-next
2020-05-02 09:39:00 +02:00
Daiderd Jordan
a57cbb1c36
Merge pull request #86411 from cmacrae/pkgs/os-specific/darwin/yabai
...
yabai: init at 2.4.3
2020-05-01 19:40:59 +02:00
Tim Steinbach
61b97c17d6
linux: 5.7-rc2 -> 5.7-rc3
2020-05-01 11:43:43 -04:00
cmacrae
8e8459921a
yabai: init at 2.4.3
2020-05-01 11:57:28 +01:00
Florian Klink
b0aa80e427
Merge pull request #86363 from flokli/systemd-245.5
...
systemd: 245.3 -> 245.5
2020-05-01 12:32:40 +02:00
Frederik Rietdijk
00bbfccecf
Merge staging into staging-next
2020-05-01 09:28:45 +02:00
Daniel Fullmer
45c0523b77
rtl8812au: 5.2.20.2_28373.20190903 -> 5.6.4.2_35491.20200318
2020-05-01 09:25:36 +02:00
Frederik Rietdijk
484ee79050
Merge staging-next into staging
2020-05-01 08:57:10 +02:00
Frederik Rietdijk
2da19f9483
Merge pull request #85653 from veprbl/pr/darwin_binutils_add_man
...
darwin.binutils: propagate man pages from darwin.cctools
2020-05-01 08:49:56 +02:00
Tim Steinbach
5fa90ed9e2
linux/hardened-patches/4.19: 4.19.118.a -> 4.19.119.a
2020-04-30 10:05:58 -04:00
Tim Steinbach
22c0c49d61
linux/hardened-patches/5.4: 5.4.35.a -> 5.4.36.a
2020-04-30 10:05:56 -04:00
Tim Steinbach
53ea32be28
linux/hardened-patches/5.6: 5.6.7.a -> 5.6.8.a
2020-04-30 10:05:50 -04:00
Florian Klink
eb73b71df4
systemd: 245.3 -> 245.5
...
Also, update 0005-Add-some-NixOS-specific-unit-directories.patch to
explain how and where these paths are being used.
2020-04-30 02:08:42 +02:00
Florian Klink
a3082bc6b7
systemd: regenerate patches
...
It seems nix is much more permissive in applying patches than git am.
These patches were regenerated by running
`git am path/to/nixpkgs/pkgs/os-specific/linux/systemd/*.patch`,
and manually running `patch -p1 < path/to/nixpkgs/pkgs/os-specific/linux/systemd/*N.patch`
where necessary.
2020-04-30 01:47:35 +02:00
Tim Steinbach
bbf8ce13eb
linux: 5.6.7 -> 5.6.8
2020-04-29 15:38:11 -04:00
Tim Steinbach
100e81982d
linux: 5.4.35 -> 5.4.36
2020-04-29 15:38:11 -04:00
Tim Steinbach
ca44d3eb1e
linux: 4.19.118 -> 4.19.119
2020-04-29 15:38:11 -04:00
Florian Klink
f046de4210
Merge pull request #86168 from lblasc/sof-firmware
...
Sound Open Firmware support, sof-firmware: init at 1.4.2, update kernel config
2020-04-29 12:36:53 +02:00
Matthieu Coudron
8ce65087c3
broadcom_sta: fix build on 5.6
2020-04-29 11:57:03 +02:00
Florian Klink
fbc63c4a7b
Merge pull request #86208 from arianvp/fix-linux-systemd-dep
...
linux: do not depend on systemd indirectly
2020-04-29 11:56:51 +02:00
Luka Blaskovic
6fc9fd53db
linux config: enable Sound Open Firmware support
2020-04-29 07:31:49 +00:00
Jan Tojnar
2b5e2ffe0a
Merge pull request #86165 from jtojnar/libusb-compat-rename
2020-04-29 08:26:08 +02:00
jakobrs
d21cc14114
v4l2loopback: 0.12.4 -> 0.12.5
2020-04-29 07:19:01 +02:00
worldofpeace
d85aabfb5f
Merge pull request #84449 from doronbehar/improve-guvcview
...
guvcview: fix gsettings filechooser errors
2020-04-28 13:32:13 -04:00
Bruno Bzeznik
75a3a9af8d
libfabric: init at 1.10.0
2020-04-28 17:09:15 +02:00
Arian van Putten
d103dc4998
linux: do not depend on systemd indirectly
...
utillinux depends on systemd because:
* uuidd supports socket activation
* lslogins can show recent journal entries
* fstrim comes with a service file (and we use this in NixOS)
* logger can write journal entries
(See https://www.openembedded.org/pipermail/openembedded-core/2015-February/102069.html )
systemd doesn't depend on utillinux but on utillinuxMinimal which is a
version of utillinux without these features to avoid cyclic
dependencies.
With this change, the linux kernel (of which i don't fully understand
why it would depend on util-linux in the first place, but this was added in
https://github.com/NixOS/nixpkgs/pull/32137/files without too much
explanation) depends on the minimal version of util-linux too.
This makes it that every time we change build flags in systemd
the linux kernel doesn't have to wastefully rebuild.
2020-04-28 15:34:44 +02:00
Bruno Bzeznik
5a16436ffb
libpsm2: init at 11.2.156 ( #85920 )
...
* libpsm2: init at 11.2.156
2020-04-28 11:38:21 +02:00
Luka Blaskovic
fe7f770666
sof-firmware: init at 1.4.2
2020-04-28 05:25:38 +00:00
Jan Tojnar
e89e2edc73
libusb-compat-0_1: rename from libusb
2020-04-28 05:33:41 +02:00
David Terry
e9c44e8956
wireguard-compat: 1.0.20200413 -> 1.0.20200426
...
https://lists.zx2c4.com/pipermail/wireguard/2020-April/005237.html
2020-04-27 08:15:39 +02:00
Tim Steinbach
a9fa6028ad
linux/hardened-patches/4.19: 4.19.117.a -> 4.19.118.a
2020-04-26 12:23:07 -04:00
Tim Steinbach
4af476e2b3
linux/hardened-patches/5.4: 5.4.34.a -> 5.4.35.a
2020-04-26 12:23:05 -04:00
Tim Steinbach
334627d92f
linux/hardened-patches/5.6: 5.6.6.a -> 5.6.7.a
2020-04-26 12:23:03 -04:00
Tim Steinbach
be48bf2ba8
linux/hardened-patches/4.14: 4.14.176.a -> 4.14.177.a
2020-04-26 12:23:01 -04:00
Tim Steinbach
4883dde6b7
linux: 4.9.219 -> 4.9.220
2020-04-26 12:22:41 -04:00
Tim Steinbach
6efb2ba2bf
linux: 4.4.219 -> 4.4.220
2020-04-26 12:22:05 -04:00
Tim Steinbach
6617a79ba3
linux: 4.14.176 -> 4.14.177
2020-04-26 12:21:32 -04:00
Jörg Thalheim
ef959a1d9b
Merge pull request #85984 from Mic92/wireguard
2020-04-26 11:28:55 +01:00
Doron Behar
59588b68cd
guvcview: use libsForQt5.callPackage
2020-04-25 21:14:40 +03:00
Martin Weinelt
3e9f3a3ebd
hostapd: apply patch for CVE-2019-16275
...
AP mode PMF disconnection protection bypass
Published: September 11, 2019
Identifiers:
- CVE-2019-16275
Latest version available from: https://w1.fi/security/2019-7/
Vulnerability
hostapd (and wpa_supplicant when controlling AP mode) did not perform
sufficient source address validation for some received Management frames
and this could result in ending up sending a frame that caused
associated stations to incorrectly believe they were disconnected from
the network even if management frame protection (also known as PMF) was
negotiated for the association. This could be considered to be a denial
of service vulnerability since PMF is supposed to protect from this type
of issues. It should be noted that if PMF is not enabled, there would be
no protocol level protection against this type of denial service
attacks.
An attacker in radio range of the access point could inject a specially
constructed unauthenticated IEEE 802.11 frame to the access point to
cause associated stations to be disconnected and require a reconnection
to the network.
Vulnerable versions/configurations
All hostapd and wpa_supplicants versions with PMF support
(CONFIG_IEEE80211W=y) and a runtime configuration enabled AP mode with
PMF being enabled (optional or required). In addition, this would be
applicable only when using user space based MLME/SME in AP mode, i.e.,
when hostapd (or wpa_supplicant when controlling AP mode) would process
authentication and association management frames. This condition would
be applicable mainly with drivers that use mac80211.
Possible mitigation steps
- Merge the following commit to wpa_supplicant/hostapd and rebuild:
AP: Silently ignore management frame from unexpected source address
This patch is available from https://w1.fi/security/2019-7/
- Update to wpa_supplicant/hostapd v2.10 or newer, once available
2020-04-25 14:35:20 +02:00
Jörg Thalheim
21ec1f5ead
wireguard: 1.0.20200401 -> 1.0.20200413
2020-04-25 11:16:10 +01:00
Maximilian Bosch
61c95a2eec
iwd: 1.6 -> 1.7
2020-04-25 12:13:01 +02:00
Maximilian Bosch
74fcd4f2d6
ell: 0.30 -> 0.31
2020-04-25 12:12:54 +02:00
Doron Behar
6aaab573e2
guvcview: enable to build with both qt5 and gtk3
2020-04-25 12:52:15 +03:00
Doron Behar
ac0f42dee8
guvcview: format arguments
2020-04-25 12:52:15 +03:00
Doron Behar
6bac53e691
guvcview: move some packages to nativeBuildInputs
2020-04-25 12:52:14 +03:00
Doron Behar
d89ed04ea4
guvcview: fix gsettings filechooser errors
2020-04-25 12:52:14 +03:00
0x4A6F
b8d6e5c63f
gobi_loader: fix maintainers
2020-04-24 22:56:56 +02:00
Austin Seipp
d403911451
linux_testing: 5.6-rc7 -> 5.7-rc2
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2020-04-24 10:58:31 -05:00
Michael Weiss
34276b84c5
nvme-cli: 1.10.1 -> 1.11.1
2020-04-24 17:56:08 +02:00
Jörg Thalheim
16e4b9ca69
Merge pull request #85880 from emilazy/linux-hardened-update-resilience
2020-04-24 12:24:23 +01:00
Savanni D'Gerinel
4db7911b5b
Set version to 0.0.1
...
ZenStates-Linux doesn't actually have a version, so I'm setting the
version to 0.0.1 in case the developer eventually does start doing
releases.
2020-04-23 22:17:30 -04:00
Savanni D'Gerinel
bfe072dc4b
Add a Zenstates derivation
2020-04-23 22:08:34 -04:00
Emily
2c1db9649e
linux_*_hardened: index patches by major kernel version
...
This will avoid breaking the build whenever a non-major kernel update
happens. In the update script, we map each kernel version to the latest
patch for the latest kernel version less than or equal to what we
have packaged.
2020-04-23 18:50:26 +01:00
Jörg Thalheim
6dfd563633
linux_latest-hardened: fix evaluation
2020-04-23 16:45:06 +01:00
Jörg Thalheim
1bceaa1cee
linux_hardened: fix evaluation
2020-04-23 15:52:14 +01:00
Tim Steinbach
45c22565f6
linux: 5.6.6 -> 5.6.7
2020-04-23 08:17:15 -04:00
Tim Steinbach
2f10053834
linux: 5.4.34 -> 5.4.35
2020-04-23 08:17:06 -04:00
Tim Steinbach
62a608fd63
linux: 4.19.117 -> 4.19.118
2020-04-23 08:16:58 -04:00
Frederik Rietdijk
cff0669a48
Merge master into staging-next
2020-04-23 08:11:16 +02:00
Tim Steinbach
629068fe5b
linux_latest-libre: 17402 -> 17445
2020-04-22 19:40:01 -04:00
kraem
fca903c7dd
linux/hardened-patches/4.19.117: init at 4.19.117.a
2020-04-22 02:12:28 +02:00
kraem
99f30a5635
linux/hardened-patches/5.4.34: init at 5.4.34.a
2020-04-22 02:12:25 +02:00
kraem
3c81b3df4e
linux/hardened-patches/5.5.19: init at 5.5.19.a
2020-04-22 02:12:21 +02:00
kraem
c8b5e37764
linux/hardened-patches/5.6.6: init at 5.6.6.a
2020-04-22 02:12:17 +02:00
kraem
efafc50f5c
linux/hardened-patches/4.19.116: remove
2020-04-21 22:18:03 +02:00
kraem
8f2e9fcadd
linux/hardened-patches/5.5.18: remove
2020-04-21 22:18:03 +02:00
kraem
9ed70f4e46
linux/hardened-patches/5.6.5: remove
2020-04-21 22:18:03 +02:00
kraem
15807c58ad
linux/hardened-patches/5.4.33: remove
2020-04-21 22:18:02 +02:00
kraem
c9cf25bc61
linux: 5.6.5 -> 5.6.6
2020-04-21 21:59:59 +02:00
kraem
1e23dcbf22
linux: 5.5.18 -> 5.5.19
2020-04-21 21:59:22 +02:00
kraem
18c2b5a9aa
linux: 5.4.33 -> 5.4.34
2020-04-21 21:58:45 +02:00
kraem
e074301be8
linux: 4.19.116 -> 4.19.117
2020-04-21 21:58:03 +02:00
Linus Heckemann
6673a4988e
gnupg: use libusb1 ( #85374 )
...
* gnupg: use libusb1
This fixes scdaemon's direct ccid support.
* systemd: fix gnupg-minimal
2020-04-21 08:35:40 +02:00
Frederik Rietdijk
803b3d296c
Merge staging-next into staging
2020-04-21 08:29:51 +02:00
oxalica
7760cff5d7
util-linux: 2.33.2 -> 2.35.1
2020-04-21 08:12:29 +02:00
Dmitry Kalinkin
c00ad799a0
darwin.cctools: install ar man pages
...
In the distribution they are located in a separate directory from the
others and the standard installation doesn't process them.
2020-04-20 23:56:51 -04:00
Dmitry Kalinkin
125c469d3e
darwin.binutils.bintools: propagate man pages from cctools
2020-04-20 23:49:02 -04:00
Dmitry Kalinkin
3e880bad79
darwin.cctools: split man output
2020-04-20 19:51:49 -04:00
kraem
523fe98821
linux/hardened-patches/4.19.116: 4.19.116.NixOS-a -> 4.19.116.a
2020-04-20 10:05:36 -04:00
kraem
45343beffe
linux/hardened-patches/5.4.33: 5.4.33.NixOS-a -> 5.4.33.a
2020-04-20 10:05:36 -04:00
kraem
48d908b731
linux/hardened-patches/5.5.18: init at 5.5.18.a
2020-04-20 10:05:36 -04:00
kraem
0fd9293703
linux/hardened-patches/5.6.5: init at 5.6.5.a
2020-04-20 10:05:36 -04:00
kraem
e7a65e6c41
linux/hardened-patches/5.5.17: remove
2020-04-20 10:05:36 -04:00
kraem
eb41f8122e
linux/hardened-patches/5.6.4: remove
2020-04-20 10:05:36 -04:00
kraem
8879086cfc
linux: 5.5.17 -> 5.5.18
2020-04-20 10:05:36 -04:00
kraem
4307923b86
linux: 5.6.4 -> 5.6.5
2020-04-20 10:05:36 -04:00
Yegor Timoshenko
6f1165a0cb
Merge pull request #84522 from emilazy/add-linux-hardened-patches
...
linux_*_hardened: use linux-hardened patch set
2020-04-19 20:01:35 +03:00
Peter Simons
00222dbb0e
bbswitch: fix build with Linux kernel version >= 5.6.0
...
Fixes https://github.com/NixOS/nixpkgs/issues/85564 .
2020-04-19 16:25:48 +02:00
Maximilian Bosch
19de59a9be
Merge pull request #85334 from flokli/systemd-mainline2
...
systemd: 243.7 -> 245
2020-04-19 16:02:52 +02:00
Vladimír Čunát
e233a9d4dd
Merge #84442 : staging-next branch
2020-04-18 23:11:00 +02:00
John Ericson
1ea80c2cc3
Merge remote-tracking branch 'upstream/master' into staging
2020-04-18 15:40:49 -04:00
Jan Tojnar
09c4736405
Merge pull request #83755 from jtojnar/jcat-0.1
2020-04-18 20:38:24 +02:00
Mario Rodas
e5dd52b99d
Merge pull request #85422 from marsam/update-lxc
...
lxc: 4.0.1 -> 4.0.2
2020-04-18 13:24:22 -05:00
Jan Tojnar
06e5800a73
fwupd: 1.3.9 → 1.4.0
...
https://github.com/fwupd/fwupd/releases/tag/1.4.0
2020-04-18 19:51:08 +02:00
Pavol Rusnak
fadcfc3ea4
treewide: per RFC45, remove more unquoted URLs
2020-04-18 14:04:37 +02:00
Vladimír Čunát
d96487b9ca
Merge branch 'master' into staging-next
...
Hydra nixpkgs: ?compare=1582510
2020-04-18 07:42:26 +02:00
John Ericson
cc880cd91f
Merge remote-tracking branch 'upstream/master' into staging
2020-04-17 18:50:55 -04:00
John Ericson
e99a409065
Merge pull request #85190 from Ericson2314/fwupdate
...
fwupdate: Clean up -I flags
2020-04-17 18:50:22 -04:00
John Ericson
33c2a76c5e
Merge remote-tracking branch 'upstream/master' into staging
2020-04-17 18:40:51 -04:00
Emily
7fdfe5381d
linux_*_hardened: don't set FORTIFY_SOURCE
...
Upstreamed in anthraxx/linux-hardened@d12c0d5f0c .
2020-04-17 16:13:39 +01:00
Emily
ed89b5b3f1
linux_*_hardened: don't set PANIC_ON_OOPS
...
Upstreamed in anthraxx/linux-hardened@366e0216f1 .
2020-04-17 16:13:39 +01:00
Emily
0d5f1697b7
linux_*_hardened: don't set SLAB_FREELIST_{RANDOM,HARDENED}
...
Upstreamed in anthraxx/linux-hardened@786126f177 ,
anthraxx/linux-hardened@44822ebeb7 .
2020-04-17 16:13:39 +01:00
Emily
4fb796e341
linux_*_hardened: don't set HARDENED_USERCOPY_FALLBACK
...
Upstreamed in anthraxx/linux-hardened@c1fe7a68e3 ,
anthraxx/linux-hardened@2c553a2bb1 .
2020-04-17 16:13:39 +01:00
Emily
3eeb5240ac
linux_*_hardened: don't set DEBUG_LIST
...
Upstreamed in anthraxx/linux-hardened@6b20124185 .
2020-04-17 16:13:39 +01:00
Emily
0611462e33
linux_*_hardened: don't set {,IO_}STRICT_DEVMEM
...
STRICT_DEVMEM is on by default in upstream 5.6.2; IO_STRICT_DEVMEM is
turned on by anthraxx/linux-hardened@103d23cb66 .
Note that anthraxx/linux-hardened@db1d27e10e
disables DEVMEM by default, so this is only relevant if that default is
overridden to turn it back on.
2020-04-17 16:13:39 +01:00
Emily
303bb60fb1
linux_*_hardened: don't set DEBUG_WX
...
Upstreamed in anthraxx/linux-hardened@55ee7417f3 .
2020-04-17 16:13:39 +01:00
Emily
33b94e5a44
linux_*_hardened: don't set BUG_ON_DATA_CORRUPTION
...
Upstreamed in anthraxx/linux-hardened@3fcd15014c .
2020-04-17 16:13:39 +01:00
Emily
db6b327508
linux_*_hardened: don't set LEGACY_VSYSCALL_NONE
...
Upstreamed in anthraxx/linux-hardened@d300b0fdad .
2020-04-17 16:13:39 +01:00
Emily
130f6812be
linux_*_hardened: don't set RANDOMIZE_{BASE,MEMORY}
...
These are on by default for x86 in upstream linux-5.6.2, and turned on
for arm64 by anthraxx/linux-hardened@90f9670bc3 .
2020-04-17 16:13:39 +01:00
Emily
8c68055432
linux_*_hardened: don't set MODIFY_LDT_SYSCALL
...
Upstreamed in anthraxx/linux-hardened@05644876fa .
2020-04-17 16:13:39 +01:00
Emily
8efe83c22e
linux_*_hardened: don't set DEFAULT_MMAP_MIN_ADDR
...
Upstreamed in anthraxx/linux-hardened@f1fe0a64dd .
2020-04-17 16:13:39 +01:00
Emily
3d4c8ae901
linux_*_hardened: don't set VMAP_STACK
...
This has been on by default upstream for as long as it's been an option.
2020-04-17 16:13:39 +01:00
Emily
7d5352df31
linux_*_hardened: don't set X86_X32
...
As far as I can tell, this has never defaulted to on upstream, and our
common kernel configuration doesn't turn it on, so the attack surface
reduction here is somewhat homeopathic.
2020-04-17 16:13:39 +01:00
Emily
0d4f35efd4
linux_*_hardened: use linux-hardened patch set
...
This is an updated version of the former upstream,
https://github.com/AndroidHardeningArchive/linux-hardened , and provides
a minimal set of additional hardening patches on top of upstream.
The patch already incorporates many of our hardened profile defaults,
and releases are timely (Linux 5.5.15 and 5.6.2 were released on
2020-04-02; linux-hardened patches for them came out on 2020-04-03 and
2020-04-04 respectively).
2020-04-17 16:13:39 +01:00
Emily
3d01e802bd
linux: explicitly enable SYSVIPC
...
The linux-hardened patch set removes this default, probably because of
its original focus on Android kernel hardening.
2020-04-17 16:12:29 +01:00
Tim Steinbach
e341107367
linux: 5.4.32 -> 5.4.33
2020-04-17 08:34:01 -04:00
Tim Steinbach
d9258d33be
linux: 4.19.115 -> 4.19.116
2020-04-17 08:34:01 -04:00
Vladimír Čunát
acb4710214
alsaTools: 1.1.7 -> 1.2.2
...
Fixes build regression (after alsa update, I assume).
Despite the version number change, the diff is trivial:
https://git.alsa-project.org/?p=alsa-tools.git;a=log;h=refs/tags/v1.2.2
2020-04-17 13:49:20 +02:00
Florian Klink
b3f14109a8
systemd: explicitly disable portabled for now
...
This hasn't worked with 243, let's disable it for now, until we have
tests and can ensure it works and keeps working.
2020-04-17 00:31:03 +02:00
Florian Klink
ce7c1230ea
systemd: explicitly disable homed for now
...
We don't currently have tests to ensure it works and keeps working.
So instead of having it accidentially working, and possibly breaking it
in the future, disable it for now.
2020-04-17 00:30:52 +02:00
Jörg Thalheim
c18ceab106
systemd: remove myself as maintainer
2020-04-17 00:30:52 +02:00
Florian Klink
b0b7f673dc
systemd: 245 -> 245.3
2020-04-17 00:30:52 +02:00
Florian Klink
d2871a723a
systemd: 244.3 -> 245
2020-04-17 00:30:51 +02:00
Florian Klink
9de0ac3770
systemd: 243.7 -> 244.3
...
This required some changes in how we treat DEFAULT_PATH_NORMAL.
2020-04-17 00:30:51 +02:00
Florian Klink
b4cbcba5b1
systemd: update paths kmod-static-nodes.service
...
The previous patch just removed a `ConditionFileNotEmpty=…` line from
`kmod-static-nodes.service` referring to a location not existing on
NixOS. We know better, and can actually replace this Condition to point
to `run/booted-system/kernel-modules/lib/modules/%v/`, instead of just
patching it out.
2020-04-17 00:28:58 +02:00
Florian Klink
a6710adab2
systemd: join 000{3,8}-Don-t-try-to-unmount-nix-or-nix-store.patch
2020-04-17 00:27:30 +02:00
Florian Klink
4f346cd849
systemd: drop 0017-Fix-mount-option-x-initrd.mount-handling-35268-16.patch
...
This was simply undoing a hunk from
0008-Don-t-try-to-unmount-nix-or-nix-store.patch, so drop that one from
there and omit
0017-Fix-mount-option-x-initrd.mount-handling-35268-16.patch entirely.
2020-04-17 00:27:29 +02:00
Florian Klink
a16ebf8561
systemd: drop 001{4,5}-{catalog,hwdb}-don-t-update-on-install.patch
...
These patches removed logic in the meson install phase invoking
`journalctl --update-catalog` and `systemd-hwdb update`, which would
mutate the running system, and obviously fails in the sandbox.
Upstream also knows this is a bad thing if you're not on the machine you
want to deploy to, so there's logic in there to not execute it when
DESTDIR isn't empty. In our case, it is - as we set --prefix instead for
other reasons, but by just setting DESTIDIR to "/", we can still trigger
these things to be skipped.
The patches removed some context from
0018-Install-default-configuration-into-out-share-factory.patch, which
we need to introduce there to make that patch still apply.
2020-04-17 00:27:29 +02:00