Jörg Thalheim
7c8d4cd9a9
wireguard: 0.0.20161116.1 -> 0.0.20161129
2016-12-12 14:41:43 +01:00
Shea Levy
f6daae391f
linux: add 4.9
2016-12-11 19:33:05 -05:00
Joachim Fasting
601058e0e2
grsecurity: 4.8.13-201612082118 -> 4.8.14-201612110933
2016-12-11 19:09:16 +01:00
Tim Steinbach
f576c490e3
linux: 4.4.37 -> 4.4.38
2016-12-10 15:18:52 -05:00
Tim Steinbach
b69822c505
linux: 4.8.13 -> 4.8.14
2016-12-10 15:15:44 -05:00
Tuomas Tynkkynen
bdab6fe5a1
kernel: Use built-in dtbs_install target instead of rolling our own
...
In particular, on aarch64 all the .dtb files will be in subdirectories
and *.dtb won't match anything.
2016-12-10 20:24:08 +02:00
Franz Pletz
9074d9859e
linux: add patch to fix CVE-2016-8655
...
See https://lwn.net/Articles/708319/ for more information.
2016-12-10 17:08:42 +01:00
Frederik Rietdijk
033525c6b8
dstat: fix bad interpreter: No such file
2016-12-10 14:21:51 +01:00
Bjørn Forsman
2077385421
kernel: enable CONFIG_DYNAMIC_DEBUG (like Fedora and Ubuntu)
...
It was useful in tracking down CIFS + DFS issue, and it's apparently
enabled by default in two major distros.
2016-12-10 00:01:21 +02:00
Bjørn Forsman
d429520b13
kernel: add CONFIG_CIFS_* like Fedora, Ubuntu
...
The plan is to fix mounting DFS shares on NixOS (for which some of these
options are needed), but I figured it might be a good idea to enable all
CONFIG_CIFS_* like Fedora 24 and Ubuntu 16.04 while at it. Ubuntu even
has CONFIG_CIFS_SMB311, but as Fedora do not, I left it out.
Mounting DFS shares still doesn't work; need to configure cifs.upcall
and /etc/request-key.conf. Until then, using GVFS as a workaround.
2016-12-10 00:01:21 +02:00
Bjørn Forsman
fc6d82cf76
cifs-utils: add 'talloc' to buildInputs, to build cifs.upcall
...
Fixes this ./configure symptom:
configure: WARNING: talloc.h not found, consider installing libtalloc-devel. Disabling cifs.upcall.
and is needed to (eventually) fix CIFS + DFS kernel mount on NixOS.
2016-12-10 00:01:21 +02:00
Joachim Fasting
d1a5dc0b1c
grsecurity: 4.8.12-201612062306 -> 4.8.13-201612082118
2016-12-09 15:31:02 +01:00
Joachim Fasting
9a63779d64
grsecurity: use upstream url as the primary source
2016-12-09 15:31:00 +01:00
Joachim Fasting
ca7cc96ee8
grsecurity: enable PAX_INITIFY
...
Uses gcc plugin to detect more instances where memory used during init
can be freed.
2016-12-09 15:30:40 +01:00
Tim Steinbach
bfffbb5ea6
linux: 4.8.12 -> 4.8.13
2016-12-09 08:27:11 -05:00
Tim Steinbach
e861a5f7af
linux: 4.4.36 -> 4.4.37
2016-12-09 08:26:46 -05:00
Joachim Fasting
af1202434a
ndiswrapper: mark as broken
...
Build fails across all our kernels. There is a new version 1.60, but
it, too, fails to build. Until somebody comes along to patch around it,
we might as well mark this as broken.
2016-12-08 23:12:32 +01:00
Joachim Fasting
5fd4ffe00f
grsecurity: 4.8.12-201612031658 -> 201612062306
2016-12-08 12:22:13 +01:00
Dmytro Rets
e8220d3264
Update broadcom URL for broadcom-sta driver.
2016-12-08 11:50:31 +02:00
Tim Steinbach
c9d1d430ec
linux: 4.9-rc7 -> 4.9-rc8
2016-12-05 19:40:11 -05:00
Joachim Fasting
9578299bbe
grsecurity: 4.8.11-201611271225 -> 4.8.12-201612031658
2016-12-06 01:24:32 +01:00
Joachim Fasting
cc396697a6
grsecurity: enable ability to lock in readonly mounts
2016-12-06 01:24:12 +01:00
Joachim Fasting
0e765c72e5
grsecurity: enable module hardening
2016-12-06 01:23:58 +01:00
Joachim Fasting
071fbcda24
grsecurity: enable optional sysfs restrictions
...
Fairly severe, but can be disabled at bootup via
grsec_sysfs_restrict=0. For the NixOS module we ensure that it is
disabled, for systemd compatibility.
2016-12-06 01:23:36 +01:00
Joachim Fasting
8c1f5afdf3
grsecurity: delay toggling of sysctls until system is up
...
We generally trust init, so there's little point in having these enabled
during early bootup; it accomplishes little except fill our logs with
spam.
2016-12-06 01:22:53 +01:00
Tuomas Tynkkynen
f91458ca38
reattach-to-user-namespace: Set platforms
2016-12-05 02:36:54 +02:00
Tuomas Tynkkynen
9ccc14b1bc
linux_rpi: Add some feature flags
...
Copied from linux_4_4 (except for the EFI stub thing).
Otherwise the firewall module fails to evaluate:
Failed assertions:
- This kernel does not support rpfilter
2016-12-04 18:18:06 +02:00
Jörg Thalheim
e00632e200
Merge pull request #20858 from Mic92/lxcfs
...
lxcfs: init at 2.0.4
2016-12-04 11:33:07 +01:00
Tim Steinbach
4f8b74b401
Merge pull request #20866 from NeQuissimus/linux_4_8_12
...
linux: 4.8.11 -> 4.8.12
2016-12-02 18:28:46 -05:00
Tim Steinbach
853b6493c8
linux: 4.8.11 -> 4.8.12
2016-12-02 14:29:00 -05:00
Tim Steinbach
654f5df5dc
linux: 4.4.35 -> 4.4.36
2016-12-02 14:28:26 -05:00
Jörg Thalheim
af609b0254
lxcfs: init at 2.0.4
2016-12-02 13:52:03 +01:00
Tim Steinbach
5afc6b506c
linux: 4.1.35 -> 4.1.36
2016-12-01 20:34:02 -05:00
Joachim F
85ecde87c8
Merge pull request #20804 from danbst/fix-shadow
...
shadow: fix collision with coreutils (man groups.1.gz)
2016-12-01 23:08:30 +01:00
danbst
ac51528df8
shadow: fix collision with coreutils (man groups.1.gz)
...
The `groups.1.gz` collides with one from coreutils. The code to fix this
was already present in expression, but wrongly assumes that share/man/man1
directory will be copied to `man` output after `installPhase`.
It turned out, that man directory is set at configure step, so we should
remove file from `man` output.
2016-11-30 01:44:28 +02:00
Tim Steinbach
18a3225dac
linux: 3.12.67 -> 3.12.68
2016-11-29 17:40:17 -05:00
Tuomas Tynkkynen
8a4d6516ee
Merge remote-tracking branch 'upstream/staging' into master
2016-11-30 00:34:23 +02:00
Franz Pletz
e43f2fc868
Revert "lxc: 2.0.4 -> 2.0.6"
...
This reverts commit 5d804566df
.
This was an error on my part. I had the commit sitting on my local master
and pulled upstream to rebase my commit before pushing. I didn't notice
there was a commit bumping lxc and the auto-merge on the rebase.
2016-11-29 15:42:37 +01:00
Matt McHenry
f0bdca82c0
linuxPackages.ati_drivers_x11: patch for kernel 4.7+ ( #19810 )
2016-11-28 19:56:50 +01:00
Franz Pletz
5d804566df
lxc: 2.0.4 -> 2.0.6
...
Fixes CVE-2016-8649.
See https://lists.linuxcontainers.org/pipermail/lxc-users/2016-November/012597.html .
2016-11-28 19:04:42 +01:00
Peter Simons
21a5532c57
Merge pull request #20766 from avnik/update/lxc
...
lxc: 2.0.4 -> 2.0.6 (security)
2016-11-28 15:13:10 +01:00
Alexander V. Nikolaev
a8eeef62e6
lxc: 2.0.4 -> 2.0.6 (security)
...
https://security-tracker.debian.org/tracker/CVE-2016-8649
2016-11-28 15:17:06 +02:00
Alexander V. Nikolaev
121da5e938
lxc: fix sandbox builds
...
Package attempt to write /etc/bash_completion.d, I directed it to
"${out}/etc/bash_completion.d" as it was suggested.
2016-11-28 15:17:05 +02:00
Graham Christensen
04edf297cc
Merge pull request #20676 from matthewbauer/file_cmds
...
file_cmds: init at 264.1.1
2016-11-28 06:48:18 -05:00
Joachim Fasting
5da1394a58
Revert "gradm: fix using gradm while the RBAC system is active"
...
This reverts commit fdbf7dc8b3
.
Unfortunately, while gradm now works when the RBAC system is enabled,
gradm still fails when full system learning is enabled, so I probably
need to try again later.
2016-11-28 11:41:12 +01:00
Joachim Fasting
b90ed0cc80
grsecurity: 4.8.10-201611232213 -> 4.8.11-201611271225
2016-11-28 11:41:10 +01:00
Joachim Fasting
4c7323545b
Revert "grsecurity: work around for #20490 "
...
This reverts commit e38b74ba89
.
I failed to notice f19c961b4e461da045f2e72e73701059e5117be0; better
use that fix instead.
2016-11-28 11:40:55 +01:00
Matthew Bauer
bd57e32312
file_cmds: init at 264.1.1
2016-11-27 21:58:07 -06:00
Tim Steinbach
eecf76eaa2
linux: 4.9-rc6 -> 4.9-rc7
2016-11-27 19:48:24 -05:00
Tuomas Tynkkynen
86ea3126bc
linux_rpi: 1.20160620 -> 1.20161020
2016-11-28 00:24:00 +02:00