Commit Graph

5527 Commits

Author SHA1 Message Date
Franz Pletz
3ce7b77517 libnl: 3.2.27 -> 3.2.28 2016-08-25 01:55:41 +02:00
Franz Pletz
a30bf645f2 sinit: 0.9.2 -> 1.0, fix glibc static linking 2016-08-24 21:31:02 +02:00
Franz Pletz
d5189fb7ad lxc: 2.0.3 -> 2.0.4, fixes hardened build 2016-08-24 21:31:02 +02:00
Robin Gloster
c26de11551 linuxPackages.perf: fix build with new glibc and remove hack
elfutils now adds a eu- prefix to avoid collisions
2016-08-24 19:19:02 +00:00
Daiderd Jordan
8b8a74d5d6 Merge pull request #17864 from LnL7/darwin-libsecurity
darwin.libsecurity: fix for gnustep makefiles
2016-08-24 19:56:24 +02:00
Robin Gloster
9e47acb89d otpw: disable stackprotector hardening 2016-08-24 17:19:43 +00:00
Shea Levy
8b9b9fad31 Revert "Revert "Merge branch 'modprobe-fix' of git://github.com/abbradar/nixpkgs""
Revert a revert of a merge that shouldn't have been in master but was intentionally in staging.

Next time I'll do this right after the revert instead of so far down the line...

This reverts commit 9adad8612b.
2016-08-24 07:35:30 -04:00
obadz
0e8d2725dc Merge branch 'master' into staging 2016-08-23 18:50:06 +01:00
Joachim Fasting
cf592a8969
grsecurity: 4.7.1-201608161813 -> 4.7.2-201608211829 2016-08-23 01:49:34 +02:00
obadz
24a9183f90 Merge branch 'hardened-stdenv' into staging
Closes #12895

Amazing work by @globin & @fpletz getting hardened compiler flags by
enabled default on the whole package set
2016-08-22 01:19:35 +01:00
obadz
ba50fd7170 Merge branch 'master' into staging 2016-08-22 01:18:11 +01:00
Tim Steinbach
175028582c
linux: 4.7.1 -> 4.7.2 2016-08-21 13:56:45 +00:00
Daiderd Jordan
a9e913ffbf
darwin.security_tool: fix for gnustep makefiles 2016-08-20 13:43:58 +02:00
Daiderd Jordan
0ec2ba9497
darwin.libsecurity: fix for gnustep makefiles 2016-08-20 13:32:10 +02:00
Mikael Brockman
1f50e2412f libselinux: fix Python binding
Applies unreleased patch from upstream.
2016-08-19 19:06:25 +03:00
Nikolay Amiantov
2abe917f18 kmod: 22 -> 23, add /lib/modules to module directories 2016-08-19 17:57:08 +03:00
Nikolay Amiantov
ff22705793 treewide: replace several /sbin paths by /bin 2016-08-19 17:56:45 +03:00
Nikolay Amiantov
30c9aa2698 kmod: add patch to allow searching for modules in several directories 2016-08-19 17:56:39 +03:00
obadz
1047ed49d9 Merge branch 'master' into staging
Conflicts: pkgs/os-specific/linux/kmod/default.nix cc @abbradar
2016-08-19 15:28:58 +01:00
Tuomas Tynkkynen
bd68309643 kernel config: Enable SECCOMP
This is used by systemd >= 231 and is not enabled in the ARM
multiplatform defconfig.
2016-08-18 16:33:46 +03:00
Joachim Fasting
66a3f0e988
gradm: 3.1-201607172312 -> 3.1-201608131257 2016-08-17 15:19:33 +02:00
Joachim Fasting
ba20363f11
grsecurity: 4.7-201608151842 -> 4.7.1-201608161813 2016-08-17 15:19:27 +02:00
Franz Pletz
2571438988 linux: 4.7 -> 4.7.1 2016-08-17 05:46:00 +02:00
Franz Pletz
7a4407461b linux: 4.6.6 -> 4.6.7
Fixes CVE-2016-5696.
2016-08-17 05:45:59 +02:00
Franz Pletz
da95fb368c linux: 4.4.17 -> 4.4.18
Fixes CVE-2016-5696.
2016-08-17 05:45:59 +02:00
Franz Pletz
2104d28bcd linux: 4.1.27 -> 4.1.30
Fixes CVE-2016-5696.
2016-08-17 05:45:59 +02:00
Frederik Rietdijk
5a501bd828 Remove top-level dbus_python and pythonDBus.
See #11567.

Furthermore, it renames pythonPackages.dbus to pythonPackages.dbus-
python as that's the name upstream uses.

There is a small rebuild but I couldn't figure out the actual cause.
2016-08-16 22:52:37 +02:00
Domen Kožar
40da4e6ce7 fix eval 2016-08-16 22:30:15 +02:00
Robert Helgesson
f396a0b4d0
hd-idle: init at 1.05 2016-08-16 21:59:14 +02:00
Joachim Fasting
d82ddd6dc0
grsecurity: 4.7-201608131240 -> 4.7-201608151842 2016-08-16 17:50:37 +02:00
Joachim Fasting
b1cceeda84
grsecurity: enable pax size overflow plugin 2016-08-16 17:50:36 +02:00
Joachim Fasting
3fcb9e6f57
grsecurity: support non-enforcing mode
Until we've made sure that most things actually work out of the box, we
need to give people a way of continuing to use the system without
completely disabling grsecurity.

Set sysctl kernel.pax.softmode=1 or boot with pax.softmode=1
2016-08-16 17:50:36 +02:00
Robin Gloster
33e1c78ae3 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-16 07:54:01 +00:00
Nikolay Amiantov
081ac25dc6 kmod: 22 -> 23, add /lib/modules to module directories 2016-08-16 02:42:19 +03:00
Shea Levy
9adad8612b Revert "Merge branch 'modprobe-fix' of git://github.com/abbradar/nixpkgs"
Was meant to go into staging, sorry

This reverts commit 57b2d1e9b0, reversing
changes made to 760b2b9048.
2016-08-15 19:05:52 -04:00
Shea Levy
57b2d1e9b0 Merge branch 'modprobe-fix' of git://github.com/abbradar/nixpkgs 2016-08-15 19:01:44 -04:00
Nikolay Amiantov
1afd250676 treewide: replace several /sbin paths by /bin 2016-08-16 00:19:25 +03:00
Nikolay Amiantov
131fca0a85 kmod: add patch to allow searching for modules in several directories 2016-08-16 00:19:25 +03:00
Joachim Fasting
9062c67914
grsecurity: 4.6.5-201607312210 -> 4.7-201608131240 2016-08-15 20:36:46 +02:00
Moritz Ulrich
21df40f85f systemd-cryptsetup-generator: Fix bug.
The annoying wrapper script also wraps `systemd-cryptsetup`. We need to
copy the original binary to $out too.
2016-08-15 12:42:44 +02:00
Nikolay Amiantov
5b296a1470 Merge branch 'master' into staging 2016-08-15 10:34:28 +03:00
Franz Pletz
64c79e8526 linux: 4.6.5 -> 4.6.6 2016-08-15 04:28:08 +02:00
Franz Pletz
2a8718fb0b linux_4_5: remove, not support by upstream anymore 2016-08-15 04:28:02 +02:00
Robin Gloster
a37d695c95 linuxPackages.spl: remove unnecessary substituteInPlace
`substituteInPlace` was operating on a non-existant file.
Updated to use `autoreconfHook`.
2016-08-14 22:55:21 +00:00
Dan Peebles
ea34fe82bc swift-corefoundation: some cleanup
I upstreamed some patches so I'm using those now
2016-08-14 18:22:19 -04:00
Dan Peebles
4705a9a6c1 swift-corefoundation: actually remove spurious dependency 2016-08-14 17:42:03 -04:00
Dan Peebles
6cf13bfe66 swift-corefoundation: remove spurious buildInput
libpthread is part of libSystem, so there's no need to depend on it
explicitly
2016-08-14 17:40:05 -04:00
Dan Peebles
1861744e7c swift-corefoundation: init
This currently only produces a static library, but is a start :) soon we
might be able to incorporate it into our stdenv, but we need to get the
build system to produce a proper .framework first.
2016-08-14 17:35:44 -04:00
Dan Peebles
98b5e3a531 darwin.libpthread: fix messed-up header
We don't actually need the private headers and the private qos.h was
overwriting the public one, causing weird issues downstream (especially
with Swift's CoreFoundation)
2016-08-14 17:34:55 -04:00
Michele Guerini Rocco
7522de2f4b btfs: 2.10 -> 2.11 (#17737)
(cherry picked from commit 340a9571f5)
2016-08-14 21:14:20 +00:00
Robin Gloster
a6c5638565 Revert "btfs: 2.10 -> 2.11 (#17737)"
This reverts commit 340a9571f5.
2016-08-14 21:12:21 +00:00
Michele Guerini Rocco
340a9571f5 btfs: 2.10 -> 2.11 (#17737) 2016-08-14 22:48:56 +02:00
Nikolay Amiantov
3e84cbc4ca autofs5: 5.1.1 -> 5.1.2 2016-08-14 22:39:18 +03:00
Nikolay Amiantov
c60deb0266 quote homepages for better clickability
Done while I was traversing packages which I maintain to save extra clicks on
urxvt (it captures semicolon as a part of URL).
2016-08-14 22:37:10 +03:00
Nikolay Amiantov
b30f4e5e4f android-udev-rules: 2016-04-26 -> 20160805 2016-08-14 22:37:10 +03:00
Dan Peebles
948b7f23bb darwin.{xnu, Libc}: 10.9 -> 10.11
I can't submit this in smaller units because the various components all
depend on one another during the stdenv bootstrap, so I think this is
the smallest sensible change I can make.

I also removed the symbol-hiding shenanigans in Libsystem. It might mess
up compatibility with 10.9 but I don't really want to support the added
complexity and I see little evidence of anyone else wanting to support
it. If someone cares, we might be able to revive compatibility, but for
now it'll stay like this.
2016-08-14 12:53:33 -04:00
Eric Sagnes
f0fef4defb wireguard-unstable: 2016-07-22 -> 2016-08-08 (#17727) 2016-08-14 10:47:16 +00:00
Robin Gloster
99cb230b47 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-14 09:09:20 +00:00
Robin Gloster
8071cafe66 linuxPackages.rtl8812au: fix build 2016-08-14 08:59:55 +00:00
Robin Gloster
2676cf9525 linuxPackages.lttng-modules: fix build 2016-08-14 08:59:19 +00:00
Domen Kožar
a7f8787dbd Merge pull request #17705 from womfoo/bump/hwdata-0.291
hwdata: 0.276 -> 0.291
2016-08-13 17:00:08 +02:00
Franz Pletz
bd4490e277 Merge branch 'master' into hardened-stdenv 2016-08-13 16:59:55 +02:00
Franz Pletz
fa3a35b241 linuxPackages.fusionio-vsl: disable pic hardening (still broken) 2016-08-13 16:55:26 +02:00
Franz Pletz
b2c6d28a1d linuxPackages.ndiswrapper: disable pic hardening (still broken) 2016-08-13 16:50:43 +02:00
Franz Pletz
9e7d118ea2 linuxPackages.nvidia-x11: disable pic & format hardening 2016-08-13 16:49:42 +02:00
Franz Pletz
5103e70a37 linuxPackages.nvidiabl: disable pic hardening 2016-08-13 16:44:39 +02:00
Franz Pletz
73a9ce2ce3 linuxPackages.psmouse_alps: remove, driver in kernel since 3.9 2016-08-13 16:42:35 +02:00
Franz Pletz
62e6bc0bd9 linuxPackages.prl-tools: disable pic hardening 2016-08-13 16:40:42 +02:00
Franz Pletz
f55fd87c8a linuxPackages.ixgbevf: disable pic hardening 2016-08-13 16:30:35 +02:00
Franz Pletz
5e085b7fea linuxPackages.e1000e: disable pic hardening 2016-08-13 16:25:29 +02:00
Franz Pletz
d836b811cb linuxPackages.cryptodev: 1.6 -> 1.8, disable pic hardening 2016-08-13 16:24:38 +02:00
Franz Pletz
f5c9f99877 linuxPackages.ati_drivers_x11: disable pic & format hardening 2016-08-13 16:06:57 +02:00
Franz Pletz
a8deb8d647 linuxPackages.frandom: disable pic hardening 2016-08-13 16:03:32 +02:00
Franz Pletz
7d9d2d6872 linuxPackages.broadcom_sta: disable pic hardening 2016-08-13 16:02:02 +02:00
Robin Gloster
0f274be2fd linuxPackages.ena: disable pic 2016-08-13 10:12:07 +00:00
Kranium Gikos Mendoza
1bbcc7e378 hwdata: 0.276 -> 0.291 2016-08-13 10:06:34 +08:00
Luca Bruno
fda17cfd0e Merge pull request #17703 from womfoo/bump/microcode-intel-20160714
microcode-intel: 20150121 -> 20160714
2016-08-12 21:44:34 +01:00
Kranium Gikos Mendoza
050452dd7f microcode-intel: 20150121 -> 20160714 2016-08-13 03:53:03 +08:00
obadz
b2efe2babd Revert "linux kernel 4.4: fix race during build"
Removes patch. Was fixed upstream.

This reverts commit 4788ec1372.
2016-08-12 16:42:25 +01:00
Guillaume Maudoux
b1817fa8a3 linux_mptcp: 0.90.1 (kernel 3.18) -> 0.91 (kernel 4.1) (#17675) 2016-08-12 15:14:24 +02:00
Robin Gloster
b7787d932e Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-12 09:46:53 +00:00
obadz
18947c9e36 Revert "ecryptfs: fix kernel bug introduced in 4.4.14"
The Linux 4.4.17 release fixes the underlying issue

This reverts commit fad9a8841b.
2016-08-11 17:15:54 +01:00
Michael Raskin
b893d84d53 firejail: 0.9.40-rc1 -> 0.9.42-rc1 2016-08-11 17:57:35 +02:00
Michael Raskin
8b4eb6fa4d eudev: 3.1.5 -> 3.2 2016-08-11 17:57:35 +02:00
Eelco Dolstra
e26ac7afd4 linux: 4.4.16 -> 4.4.17 2016-08-11 15:20:07 +02:00
obadz
1cd9c58834 Merge pull request #17461 from rasendubi/powerpc
cross-compilation: fixes for powerpc-linux-uclibc
2016-08-11 00:51:51 +01:00
Kranium Gikos Mendoza
33166b7434 wireguard: require Linux >= 4.1 for module build (#17632) 2016-08-11 00:25:57 +02:00
Frederik Rietdijk
111d7a2af4 Merge pull request #17623 from matthewbauer/misc
Misc. hydra fixes
2016-08-10 11:35:44 +02:00
Franz Pletz
bba9728cd6 jool: 3.4.2 -> 3.4.4 2016-08-10 07:12:08 +02:00
Franz Pletz
aec9abc8e1 iputils: 20121221 -> 20151218 2016-08-10 07:12:08 +02:00
Matthew
0540e567a8 uksmtools: delete
Sources are not available from GitHub anymore and it appears to be
unmantained. A request was sent to the AUR mailing list to delete it on
May 26, 2016:

https://lists.archlinux.org/pipermail/aur-requests/2016-May/011706.html
2016-08-09 21:06:27 +00:00
Moritz Ulrich
9626707e2b systemd-cryptsetup-generator: Add note to revert 3efadce. 2016-08-09 19:21:58 +02:00
Moritz Ulrich
3efadce03b systemd-cryptsetup-generator: Fix installPhase. 2016-08-09 19:21:25 +02:00
Tuomas Tynkkynen
9a5427f667 klibc: Broken on i686 2016-08-06 17:06:45 +03:00
Tuomas Tynkkynen
088bcf4ec4 kernel config: Fix 3.10, 3.12, 3.14 builds 2016-08-06 17:06:45 +03:00
Tuomas Tynkkynen
44f462bf4d generate-config.pl: Be more verbose about missing options
For instance, the current 3.10 kernel build fails at the end with:

unused option: BRCMFMAC_PCIE
unused option: FW_LOADER_USER_HELPER_FALLBACK
unused option: KEXEC_FILE
unused option: RANDOMIZE_BASE

However, it's not obvious that only the _last_ one is actually fatal to
the build. After this change it's at least somewhat better:

warning: unused option: BRCMFMAC_PCIE
warning: unused option: FW_LOADER_USER_HELPER_FALLBACK
warning: unused option: KEXEC_FILE
error: unused option: RANDOMIZE_BASE
2016-08-06 17:06:45 +03:00
Robin Gloster
bc025e83bd uclibc: disable stackprotector hardening 2016-08-05 18:15:27 +00:00
Michal Rus
7281740c2e
linux: enable DRM_GMA600 and DRM_GMA3600
Adds basic support for Intel GMA3600/3650 (Intel Cedar Trail) platforms
and support for GMA600 (Intel Moorestown/Oaktrail) platforms with LVDS
ports via the gma500_gfx module.

Resolves #14727 Closes #17519
2016-08-05 19:07:40 +02:00
Franz Pletz
2d6b7aa545 linux: enable some useful networking options
All options are enabled by default on Debian and some other
distributions, so these should be safe.
2016-08-05 04:07:31 +02:00
Robin Gloster
1b979d8384 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-03 13:34:44 +00:00