JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
221,800 Commits 2 Branches 0 Tags 13 GiB
ad9bfe2254
Commit Graph

197038 Commits

Author SHA1 Message Date
Emily
7fdfe5381d linux_*_hardened: don't set FORTIFY_SOURCE 
Upstreamed in anthraxx/linux-hardened@d12c0d5f0c.
 2020-04-17 16:13:39 +01:00
Emily
ed89b5b3f1 linux_*_hardened: don't set PANIC_ON_OOPS 
Upstreamed in anthraxx/linux-hardened@366e0216f1.
 2020-04-17 16:13:39 +01:00
Emily
0d5f1697b7 linux_*_hardened: don't set SLAB_FREELIST_{RANDOM,HARDENED} 
Upstreamed in anthraxx/linux-hardened@786126f177,
anthraxx/linux-hardened@44822ebeb7.
 2020-04-17 16:13:39 +01:00
Emily
4fb796e341 linux_*_hardened: don't set HARDENED_USERCOPY_FALLBACK 
Upstreamed in anthraxx/linux-hardened@c1fe7a68e3,
anthraxx/linux-hardened@2c553a2bb1.
 2020-04-17 16:13:39 +01:00
Emily
3eeb5240ac linux_*_hardened: don't set DEBUG_LIST 
Upstreamed in anthraxx/linux-hardened@6b20124185.
 2020-04-17 16:13:39 +01:00
Emily
0611462e33 linux_*_hardened: don't set {,IO_}STRICT_DEVMEM 
STRICT_DEVMEM is on by default in upstream 5.6.2; IO_STRICT_DEVMEM is
turned on by anthraxx/linux-hardened@103d23cb66.

Note that anthraxx/linux-hardened@db1d27e10e
disables DEVMEM by default, so this is only relevant if that default is
overridden to turn it back on.
 2020-04-17 16:13:39 +01:00
Emily
303bb60fb1 linux_*_hardened: don't set DEBUG_WX 
Upstreamed in anthraxx/linux-hardened@55ee7417f3.
 2020-04-17 16:13:39 +01:00
Emily
33b94e5a44 linux_*_hardened: don't set BUG_ON_DATA_CORRUPTION 
Upstreamed in anthraxx/linux-hardened@3fcd15014c.
 2020-04-17 16:13:39 +01:00
Emily
db6b327508 linux_*_hardened: don't set LEGACY_VSYSCALL_NONE 
Upstreamed in anthraxx/linux-hardened@d300b0fdad.
 2020-04-17 16:13:39 +01:00
Emily
130f6812be linux_*_hardened: don't set RANDOMIZE_{BASE,MEMORY} 
These are on by default for x86 in upstream linux-5.6.2, and turned on
for arm64 by anthraxx/linux-hardened@90f9670bc3.
 2020-04-17 16:13:39 +01:00
Emily
8c68055432 linux_*_hardened: don't set MODIFY_LDT_SYSCALL 
Upstreamed in anthraxx/linux-hardened@05644876fa.
 2020-04-17 16:13:39 +01:00
Emily
8efe83c22e linux_*_hardened: don't set DEFAULT_MMAP_MIN_ADDR 
Upstreamed in anthraxx/linux-hardened@f1fe0a64dd.
 2020-04-17 16:13:39 +01:00
Emily
3d4c8ae901 linux_*_hardened: don't set VMAP_STACK 
This has been on by default upstream for as long as it's been an option.
 2020-04-17 16:13:39 +01:00
Emily
7d5352df31 linux_*_hardened: don't set X86_X32 
As far as I can tell, this has never defaulted to on upstream, and our
common kernel configuration doesn't turn it on, so the attack surface
reduction here is somewhat homeopathic.
 2020-04-17 16:13:39 +01:00
Emily
0d4f35efd4 linux_*_hardened: use linux-hardened patch set 
This is an updated version of the former upstream,
https://github.com/AndroidHardeningArchive/linux-hardened, and provides
a minimal set of additional hardening patches on top of upstream.

The patch already incorporates many of our hardened profile defaults,
and releases are timely (Linux 5.5.15 and 5.6.2 were released on
2020-04-02; linux-hardened patches for them came out on 2020-04-03 and
2020-04-04 respectively).
 2020-04-17 16:13:39 +01:00
Emily
3d01e802bd linux: explicitly enable SYSVIPC 
The linux-hardened patch set removes this default, probably because of
its original focus on Android kernel hardening.
 2020-04-17 16:12:29 +01:00
Emily
10dd3f3de0 graphene-hardened-malloc: enable on aarch64-linux 2020-04-17 16:12:29 +01:00
Jörg Thalheim
a7b3a6982a
Merge pull request #68171 from rileyinman/postcss-cli 2020-04-17 15:24:37 +01:00
Jörg Thalheim
3cb479a31a
Merge pull request #85443 from Mic92/st 2020-04-17 14:55:30 +01:00
nschoe
b584941ab9
st: copy config file in 'prePatch' instead of 'preBuild' 
The patch phase runs after the build phase. Which means than when
using an override to override both 'conf' and 'patches' to provide
a custom config file and apply some patches, it doesn't work:
- first the patches applied (optionally changing config.def.h)
- then preBuild is run which overrides config.def.h with the user
supplied one (effectively cancelling previously applied patches)

By copying the config file in the prePatch phase instead, changes
are kept and applied in order.
 2020-04-17 14:52:40 +01:00
adisbladis
98be297deb
Merge pull request #82651 from adisbladis/mopidyPackages 
mopidy: Create a mopidyPackages set
 2020-04-17 15:44:22 +02:00
worldofpeace
786946a952
Merge pull request #83782 from mkg20001/krita-fix 
krita: disable parallel building #35359
 2020-04-17 09:42:19 -04:00
Peter Hoeg
52c06182eb
nix-prefetch: 0.3.0 -> 0.3.1 (#85367) 
* nix-prefetch: 0.3.0 -> 0.3.1

* nix-prefetch: date in man page

* nix-prefetch: use UTC
 2020-04-17 21:10:24 +08:00
Michael Fellinger
056778b315
crystal: 0.31 -> 0.34 (#85432) 
* crystal: 0.31 -> 0.34

* crystal: use latest llvm

* crystal: skip tests for 0.33
 2020-04-17 21:04:33 +08:00
Tim Steinbach
e341107367
linux: 5.4.32 -> 5.4.33 2020-04-17 08:34:01 -04:00
Tim Steinbach
d9258d33be
linux: 4.19.115 -> 4.19.116 2020-04-17 08:34:01 -04:00
Graham Christensen
b76e3eab18
Merge pull request #84153 from colemickens/nixpkgs-obs-v4lsink 
obs-v4l2sink: init at unstable-20181012
 2020-04-17 08:29:30 -04:00
Michael Weiss
cb5c0a4bbc
chromium{Beta,Dev}: M81 -> M83 -> M84 2020-04-17 13:44:45 +02:00
adisbladis
5340ebe085
mopidy: Create a mopidyPackages set 
This is to avoid mixing python versions in the same plugin closure.
 2020-04-17 12:39:03 +01:00
adisbladis
83cb22963b
mopidy: Move mopidy default.nix to mopidy.nix 
This is in anticipation of a mopidyPackages set
 2020-04-17 12:39:03 +01:00
Florian Klink
357be5c66c
Merge pull request #85385 from takikawa/racket-enable-useprefix 
racket: use --enable-useprefix configure flag.
 2020-04-17 13:17:00 +02:00
Mario Rodas
ba947eba04
Merge pull request #85347 from zowoq/megatools 
megatools: 1.10.2 -> 1.10.3
 2020-04-17 05:54:19 -05:00
Jörg Thalheim
61a03065fd
Merge pull request #84190 from geistesk/platformio-4.3.1 2020-04-17 11:37:07 +01:00
aszlig
3679c8d2d1
pcsc-cyberjack: 3.99.5_SP12 -> 3.99.5_SP13 
Unfortunately, the upstream changelog consists of just the following:

  * Update to the Reiner-SCT repository rev cyberJack@1374

This is not very helpful since I haven't found a public SVN (I assume,
since it's using integer revisions) repository, so I decided to diff the
tarball against the old one, here's what I've found:

  * No longer ship generated files from autotools
  * Add support for REINER SCT cyberJack comfort PL
  * Add support for tanJack USB
  * Allow to override secoder information
  * Lots of whitespace and coding style changes

As mentioned above, the autotools-generated files are no longer shipped,
so I've added autoreconfHook to nativeBuildInputs.

I also verified the source tarball using the upstream hashes found here:

http://downloads.reiner-sct.de/LINUX/Hashwerte/Hashwerte.txt

Signed-off-by: aszlig <aszlig@nix.build>
Merges: https://github.com/NixOS/nixpkgs/pull/84749
 2020-04-17 12:32:57 +02:00
Jörg Thalheim
ee6f5a32bb
python38.pkgs.python-jsonrpc-server: disable for python38 2020-04-17 11:22:35 +01:00
Timo Kaufmann
42ca7c114e
Merge pull request #85176 from timokau/zimports-init 
python.pkgs.zimports: init at 0.2.0
 2020-04-17 09:43:12 +00:00
Sarah Brofeldt
1d20b2872f
Merge pull request #85354 from srhb/k8s-1.18.1 
kubernetes: 1.18.0 -> 1.18.1
 2020-04-17 07:44:30 +02:00
Linus Heckemann
6b23355abb
Merge pull request #85307 from xaverdh/firefox-plugins-cleanup 
firefox-wrapper: remove dead npapi plugin code
 2020-04-17 07:32:41 +02:00
Riley Inman
523152f8c7 postcss-cli: init at 7.1.0 2020-04-17 01:17:07 -04:00
Constantine Glen Evans
919293492b ipe: fix Qt wrapping 
Uses mkDerivation instead of stdenv.mkDerivation, to fix Qt wrapping problem.
 2020-04-16 20:31:22 -07:00
José Romildo Malaquias
3b8a98d639 mpc-qt: 18.08 -> 2019-06-09 
- update to the latest commit in git repository
- use mkDerivation for qt applications
- original repo disappeared from github; use the one from gitlab
 2020-04-16 20:30:34 -07:00
worldofpeace
8d428ac33c
Merge pull request #85249 from kuznero/vscode 
vscode, vscodium: 1.44.0 -> 1.44.1
 2020-04-16 22:29:15 -04:00
Drew Risinger
0b6602c9a2 python3Packages.cirq: fix test failures (ZHF) 
Also build on aarch64 by disabling a few failing tests.
 2020-04-16 18:44:02 -07:00
Niklas Hambüchen
c4455d55d8
Merge pull request #85276 from r-ryantm/auto-update/pidgin-carbons 
pidgin-carbons: 0.1.3 -> 0.2.2
 2020-04-17 02:26:58 +02:00
Niklas Hambüchen
81c9968569 pidgin-carbons: Remove no-longer-maintainer. 
See https://github.com/NixOS/nixpkgs/pull/85276#issuecomment-614832814.
 2020-04-17 02:22:51 +02:00
Maximilian Bosch
e61c924adb
mautrix-whatsapp: 2020-04-02 -> 2020-04-12 2020-04-17 00:28:13 +02:00
Maximilian Bosch
20252ee647
findomain: 1.4.5 -> 1.5.0 
https://github.com/Edu4rdSHL/findomain/releases/tag/1.5.0
 2020-04-17 00:28:13 +02:00
Maximilian Bosch
cd5bc89cca
evcxr: 0.5.0 -> 0.5.1 
582ce09f21/RELEASE_NOTES.md (version-051)
 2020-04-17 00:28:12 +02:00
zowoq
dc85a2e584 megatools: 1.10.2 -> 1.10.3 2020-04-17 08:07:55 +10:00
Zakkor
13c58fbbf4 upwork: init at 5.3.3-883 2020-04-16 14:45:30 -07:00