Franz Pletz
3ce7b77517
libnl: 3.2.27 -> 3.2.28
2016-08-25 01:55:41 +02:00
Franz Pletz
a30bf645f2
sinit: 0.9.2 -> 1.0, fix glibc static linking
2016-08-24 21:31:02 +02:00
Franz Pletz
d5189fb7ad
lxc: 2.0.3 -> 2.0.4, fixes hardened build
2016-08-24 21:31:02 +02:00
Robin Gloster
c26de11551
linuxPackages.perf: fix build with new glibc and remove hack
...
elfutils now adds a eu- prefix to avoid collisions
2016-08-24 19:19:02 +00:00
Daiderd Jordan
8b8a74d5d6
Merge pull request #17864 from LnL7/darwin-libsecurity
...
darwin.libsecurity: fix for gnustep makefiles
2016-08-24 19:56:24 +02:00
Robin Gloster
9e47acb89d
otpw: disable stackprotector hardening
2016-08-24 17:19:43 +00:00
Shea Levy
8b9b9fad31
Revert "Revert "Merge branch 'modprobe-fix' of git://github.com/abbradar/nixpkgs""
...
Revert a revert of a merge that shouldn't have been in master but was intentionally in staging.
Next time I'll do this right after the revert instead of so far down the line...
This reverts commit 9adad8612b
.
2016-08-24 07:35:30 -04:00
obadz
0e8d2725dc
Merge branch 'master' into staging
2016-08-23 18:50:06 +01:00
Joachim Fasting
cf592a8969
grsecurity: 4.7.1-201608161813 -> 4.7.2-201608211829
2016-08-23 01:49:34 +02:00
obadz
24a9183f90
Merge branch 'hardened-stdenv' into staging
...
Closes #12895
Amazing work by @globin & @fpletz getting hardened compiler flags by
enabled default on the whole package set
2016-08-22 01:19:35 +01:00
obadz
ba50fd7170
Merge branch 'master' into staging
2016-08-22 01:18:11 +01:00
Tim Steinbach
175028582c
linux: 4.7.1 -> 4.7.2
2016-08-21 13:56:45 +00:00
Daiderd Jordan
a9e913ffbf
darwin.security_tool: fix for gnustep makefiles
2016-08-20 13:43:58 +02:00
Daiderd Jordan
0ec2ba9497
darwin.libsecurity: fix for gnustep makefiles
2016-08-20 13:32:10 +02:00
Mikael Brockman
1f50e2412f
libselinux: fix Python binding
...
Applies unreleased patch from upstream.
2016-08-19 19:06:25 +03:00
Nikolay Amiantov
2abe917f18
kmod: 22 -> 23, add /lib/modules to module directories
2016-08-19 17:57:08 +03:00
Nikolay Amiantov
ff22705793
treewide: replace several /sbin paths by /bin
2016-08-19 17:56:45 +03:00
Nikolay Amiantov
30c9aa2698
kmod: add patch to allow searching for modules in several directories
2016-08-19 17:56:39 +03:00
obadz
1047ed49d9
Merge branch 'master' into staging
...
Conflicts: pkgs/os-specific/linux/kmod/default.nix cc @abbradar
2016-08-19 15:28:58 +01:00
Tuomas Tynkkynen
bd68309643
kernel config: Enable SECCOMP
...
This is used by systemd >= 231 and is not enabled in the ARM
multiplatform defconfig.
2016-08-18 16:33:46 +03:00
Joachim Fasting
66a3f0e988
gradm: 3.1-201607172312 -> 3.1-201608131257
2016-08-17 15:19:33 +02:00
Joachim Fasting
ba20363f11
grsecurity: 4.7-201608151842 -> 4.7.1-201608161813
2016-08-17 15:19:27 +02:00
Franz Pletz
2571438988
linux: 4.7 -> 4.7.1
2016-08-17 05:46:00 +02:00
Franz Pletz
7a4407461b
linux: 4.6.6 -> 4.6.7
...
Fixes CVE-2016-5696.
2016-08-17 05:45:59 +02:00
Franz Pletz
da95fb368c
linux: 4.4.17 -> 4.4.18
...
Fixes CVE-2016-5696.
2016-08-17 05:45:59 +02:00
Franz Pletz
2104d28bcd
linux: 4.1.27 -> 4.1.30
...
Fixes CVE-2016-5696.
2016-08-17 05:45:59 +02:00
Frederik Rietdijk
5a501bd828
Remove top-level dbus_python and pythonDBus.
...
See #11567 .
Furthermore, it renames pythonPackages.dbus to pythonPackages.dbus-
python as that's the name upstream uses.
There is a small rebuild but I couldn't figure out the actual cause.
2016-08-16 22:52:37 +02:00
Domen Kožar
40da4e6ce7
fix eval
2016-08-16 22:30:15 +02:00
Robert Helgesson
f396a0b4d0
hd-idle: init at 1.05
2016-08-16 21:59:14 +02:00
Joachim Fasting
d82ddd6dc0
grsecurity: 4.7-201608131240 -> 4.7-201608151842
2016-08-16 17:50:37 +02:00
Joachim Fasting
b1cceeda84
grsecurity: enable pax size overflow plugin
2016-08-16 17:50:36 +02:00
Joachim Fasting
3fcb9e6f57
grsecurity: support non-enforcing mode
...
Until we've made sure that most things actually work out of the box, we
need to give people a way of continuing to use the system without
completely disabling grsecurity.
Set sysctl kernel.pax.softmode=1 or boot with pax.softmode=1
2016-08-16 17:50:36 +02:00
Robin Gloster
33e1c78ae3
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-08-16 07:54:01 +00:00
Nikolay Amiantov
081ac25dc6
kmod: 22 -> 23, add /lib/modules to module directories
2016-08-16 02:42:19 +03:00
Shea Levy
9adad8612b
Revert "Merge branch 'modprobe-fix' of git://github.com/abbradar/nixpkgs"
...
Was meant to go into staging, sorry
This reverts commit 57b2d1e9b0
, reversing
changes made to 760b2b9048
.
2016-08-15 19:05:52 -04:00
Shea Levy
57b2d1e9b0
Merge branch 'modprobe-fix' of git://github.com/abbradar/nixpkgs
2016-08-15 19:01:44 -04:00
Nikolay Amiantov
1afd250676
treewide: replace several /sbin paths by /bin
2016-08-16 00:19:25 +03:00
Nikolay Amiantov
131fca0a85
kmod: add patch to allow searching for modules in several directories
2016-08-16 00:19:25 +03:00
Joachim Fasting
9062c67914
grsecurity: 4.6.5-201607312210 -> 4.7-201608131240
2016-08-15 20:36:46 +02:00
Moritz Ulrich
21df40f85f
systemd-cryptsetup-generator: Fix bug.
...
The annoying wrapper script also wraps `systemd-cryptsetup`. We need to
copy the original binary to $out too.
2016-08-15 12:42:44 +02:00
Nikolay Amiantov
5b296a1470
Merge branch 'master' into staging
2016-08-15 10:34:28 +03:00
Franz Pletz
64c79e8526
linux: 4.6.5 -> 4.6.6
2016-08-15 04:28:08 +02:00
Franz Pletz
2a8718fb0b
linux_4_5: remove, not support by upstream anymore
2016-08-15 04:28:02 +02:00
Robin Gloster
a37d695c95
linuxPackages.spl: remove unnecessary substituteInPlace
...
`substituteInPlace` was operating on a non-existant file.
Updated to use `autoreconfHook`.
2016-08-14 22:55:21 +00:00
Dan Peebles
ea34fe82bc
swift-corefoundation: some cleanup
...
I upstreamed some patches so I'm using those now
2016-08-14 18:22:19 -04:00
Dan Peebles
4705a9a6c1
swift-corefoundation: actually remove spurious dependency
2016-08-14 17:42:03 -04:00
Dan Peebles
6cf13bfe66
swift-corefoundation: remove spurious buildInput
...
libpthread is part of libSystem, so there's no need to depend on it
explicitly
2016-08-14 17:40:05 -04:00
Dan Peebles
1861744e7c
swift-corefoundation: init
...
This currently only produces a static library, but is a start :) soon we
might be able to incorporate it into our stdenv, but we need to get the
build system to produce a proper .framework first.
2016-08-14 17:35:44 -04:00
Dan Peebles
98b5e3a531
darwin.libpthread: fix messed-up header
...
We don't actually need the private headers and the private qos.h was
overwriting the public one, causing weird issues downstream (especially
with Swift's CoreFoundation)
2016-08-14 17:34:55 -04:00
Michele Guerini Rocco
7522de2f4b
btfs: 2.10 -> 2.11 ( #17737 )
...
(cherry picked from commit 340a9571f5
)
2016-08-14 21:14:20 +00:00
Robin Gloster
a6c5638565
Revert "btfs: 2.10 -> 2.11 ( #17737 )"
...
This reverts commit 340a9571f5
.
2016-08-14 21:12:21 +00:00
Michele Guerini Rocco
340a9571f5
btfs: 2.10 -> 2.11 ( #17737 )
2016-08-14 22:48:56 +02:00
Nikolay Amiantov
3e84cbc4ca
autofs5: 5.1.1 -> 5.1.2
2016-08-14 22:39:18 +03:00
Nikolay Amiantov
c60deb0266
quote homepages for better clickability
...
Done while I was traversing packages which I maintain to save extra clicks on
urxvt (it captures semicolon as a part of URL).
2016-08-14 22:37:10 +03:00
Nikolay Amiantov
b30f4e5e4f
android-udev-rules: 2016-04-26 -> 20160805
2016-08-14 22:37:10 +03:00
Dan Peebles
948b7f23bb
darwin.{xnu, Libc}: 10.9 -> 10.11
...
I can't submit this in smaller units because the various components all
depend on one another during the stdenv bootstrap, so I think this is
the smallest sensible change I can make.
I also removed the symbol-hiding shenanigans in Libsystem. It might mess
up compatibility with 10.9 but I don't really want to support the added
complexity and I see little evidence of anyone else wanting to support
it. If someone cares, we might be able to revive compatibility, but for
now it'll stay like this.
2016-08-14 12:53:33 -04:00
Eric Sagnes
f0fef4defb
wireguard-unstable: 2016-07-22 -> 2016-08-08 ( #17727 )
2016-08-14 10:47:16 +00:00
Robin Gloster
99cb230b47
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-08-14 09:09:20 +00:00
Robin Gloster
8071cafe66
linuxPackages.rtl8812au: fix build
2016-08-14 08:59:55 +00:00
Robin Gloster
2676cf9525
linuxPackages.lttng-modules: fix build
2016-08-14 08:59:19 +00:00
Domen Kožar
a7f8787dbd
Merge pull request #17705 from womfoo/bump/hwdata-0.291
...
hwdata: 0.276 -> 0.291
2016-08-13 17:00:08 +02:00
Franz Pletz
bd4490e277
Merge branch 'master' into hardened-stdenv
2016-08-13 16:59:55 +02:00
Franz Pletz
fa3a35b241
linuxPackages.fusionio-vsl: disable pic hardening (still broken)
2016-08-13 16:55:26 +02:00
Franz Pletz
b2c6d28a1d
linuxPackages.ndiswrapper: disable pic hardening (still broken)
2016-08-13 16:50:43 +02:00
Franz Pletz
9e7d118ea2
linuxPackages.nvidia-x11: disable pic & format hardening
2016-08-13 16:49:42 +02:00
Franz Pletz
5103e70a37
linuxPackages.nvidiabl: disable pic hardening
2016-08-13 16:44:39 +02:00
Franz Pletz
73a9ce2ce3
linuxPackages.psmouse_alps: remove, driver in kernel since 3.9
2016-08-13 16:42:35 +02:00
Franz Pletz
62e6bc0bd9
linuxPackages.prl-tools: disable pic hardening
2016-08-13 16:40:42 +02:00
Franz Pletz
f55fd87c8a
linuxPackages.ixgbevf: disable pic hardening
2016-08-13 16:30:35 +02:00
Franz Pletz
5e085b7fea
linuxPackages.e1000e: disable pic hardening
2016-08-13 16:25:29 +02:00
Franz Pletz
d836b811cb
linuxPackages.cryptodev: 1.6 -> 1.8, disable pic hardening
2016-08-13 16:24:38 +02:00
Franz Pletz
f5c9f99877
linuxPackages.ati_drivers_x11: disable pic & format hardening
2016-08-13 16:06:57 +02:00
Franz Pletz
a8deb8d647
linuxPackages.frandom: disable pic hardening
2016-08-13 16:03:32 +02:00
Franz Pletz
7d9d2d6872
linuxPackages.broadcom_sta: disable pic hardening
2016-08-13 16:02:02 +02:00
Robin Gloster
0f274be2fd
linuxPackages.ena: disable pic
2016-08-13 10:12:07 +00:00
Kranium Gikos Mendoza
1bbcc7e378
hwdata: 0.276 -> 0.291
2016-08-13 10:06:34 +08:00
Luca Bruno
fda17cfd0e
Merge pull request #17703 from womfoo/bump/microcode-intel-20160714
...
microcode-intel: 20150121 -> 20160714
2016-08-12 21:44:34 +01:00
Kranium Gikos Mendoza
050452dd7f
microcode-intel: 20150121 -> 20160714
2016-08-13 03:53:03 +08:00
obadz
b2efe2babd
Revert "linux kernel 4.4: fix race during build"
...
Removes patch. Was fixed upstream.
This reverts commit 4788ec1372
.
2016-08-12 16:42:25 +01:00
Guillaume Maudoux
b1817fa8a3
linux_mptcp: 0.90.1 (kernel 3.18) -> 0.91 (kernel 4.1) ( #17675 )
2016-08-12 15:14:24 +02:00
Robin Gloster
b7787d932e
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-08-12 09:46:53 +00:00
obadz
18947c9e36
Revert "ecryptfs: fix kernel bug introduced in 4.4.14"
...
The Linux 4.4.17 release fixes the underlying issue
This reverts commit fad9a8841b
.
2016-08-11 17:15:54 +01:00
Michael Raskin
b893d84d53
firejail: 0.9.40-rc1 -> 0.9.42-rc1
2016-08-11 17:57:35 +02:00
Michael Raskin
8b4eb6fa4d
eudev: 3.1.5 -> 3.2
2016-08-11 17:57:35 +02:00
Eelco Dolstra
e26ac7afd4
linux: 4.4.16 -> 4.4.17
2016-08-11 15:20:07 +02:00
obadz
1cd9c58834
Merge pull request #17461 from rasendubi/powerpc
...
cross-compilation: fixes for powerpc-linux-uclibc
2016-08-11 00:51:51 +01:00
Kranium Gikos Mendoza
33166b7434
wireguard: require Linux >= 4.1 for module build ( #17632 )
2016-08-11 00:25:57 +02:00
Frederik Rietdijk
111d7a2af4
Merge pull request #17623 from matthewbauer/misc
...
Misc. hydra fixes
2016-08-10 11:35:44 +02:00
Franz Pletz
bba9728cd6
jool: 3.4.2 -> 3.4.4
2016-08-10 07:12:08 +02:00
Franz Pletz
aec9abc8e1
iputils: 20121221 -> 20151218
2016-08-10 07:12:08 +02:00
Matthew
0540e567a8
uksmtools: delete
...
Sources are not available from GitHub anymore and it appears to be
unmantained. A request was sent to the AUR mailing list to delete it on
May 26, 2016:
https://lists.archlinux.org/pipermail/aur-requests/2016-May/011706.html
2016-08-09 21:06:27 +00:00
Moritz Ulrich
9626707e2b
systemd-cryptsetup-generator: Add note to revert 3efadce
.
2016-08-09 19:21:58 +02:00
Moritz Ulrich
3efadce03b
systemd-cryptsetup-generator: Fix installPhase.
2016-08-09 19:21:25 +02:00
Tuomas Tynkkynen
9a5427f667
klibc: Broken on i686
2016-08-06 17:06:45 +03:00
Tuomas Tynkkynen
088bcf4ec4
kernel config: Fix 3.10, 3.12, 3.14 builds
2016-08-06 17:06:45 +03:00
Tuomas Tynkkynen
44f462bf4d
generate-config.pl: Be more verbose about missing options
...
For instance, the current 3.10 kernel build fails at the end with:
unused option: BRCMFMAC_PCIE
unused option: FW_LOADER_USER_HELPER_FALLBACK
unused option: KEXEC_FILE
unused option: RANDOMIZE_BASE
However, it's not obvious that only the _last_ one is actually fatal to
the build. After this change it's at least somewhat better:
warning: unused option: BRCMFMAC_PCIE
warning: unused option: FW_LOADER_USER_HELPER_FALLBACK
warning: unused option: KEXEC_FILE
error: unused option: RANDOMIZE_BASE
2016-08-06 17:06:45 +03:00
Robin Gloster
bc025e83bd
uclibc: disable stackprotector hardening
2016-08-05 18:15:27 +00:00
Michal Rus
7281740c2e
linux: enable DRM_GMA600 and DRM_GMA3600
...
Adds basic support for Intel GMA3600/3650 (Intel Cedar Trail) platforms
and support for GMA600 (Intel Moorestown/Oaktrail) platforms with LVDS
ports via the gma500_gfx module.
Resolves #14727 Closes #17519
2016-08-05 19:07:40 +02:00
Franz Pletz
2d6b7aa545
linux: enable some useful networking options
...
All options are enabled by default on Debian and some other
distributions, so these should be safe.
2016-08-05 04:07:31 +02:00
Robin Gloster
1b979d8384
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-08-03 13:34:44 +00:00