Commit Graph

5297 Commits

Author SHA1 Message Date
Kranium Gikos Mendoza
bbafdefd86 mbpfan: include buffer overflow patch 2016-08-31 19:25:28 +08:00
obadz
0e9d355397 musl: disable stackprotector hardening
Prevents busybox segfault
2016-08-29 13:04:29 +01:00
obadz
b74793bd1c Merge branch 'master' into staging
Conflicts:
	pkgs/tools/system/facter/default.nix
2016-08-29 12:44:17 +01:00
Joachim Fasting
898edb0fbc lttng-modules: 2.6.3 -> 2.8.0
Full changelog at
https://git.lttng.org/?p=lttng-modules.git;a=blob_plain;f=ChangeLog;hb=4d484e547c486f902a60216dc421cb891b772431

Built against linux and linux_latest

cc @bjornfor
2016-08-29 11:39:44 +02:00
Joachim Fasting
e5c3a52afc
grsecurity: fix features.grsecurity
Previously, features.grsecurity wasn't actually set due to a bug in the
grsec builder. We now rely on the generic kernel builder to set features
from kernelPatches.
2016-08-29 04:09:40 +02:00
Joachim Fasting
b56f7acc78
batman-adv: mark as broken on -grsec
Looks to be incompatible with the PaX constification plugin:

> /tmp/nix-build-batman-adv-2016.2-4.7.2.drv-0/batman-adv-2016.2/net/batman-adv/soft-interface.c:1065:22:
error: constified variable 'batadv_link_ops' placed into writable
section ".data..read_mostly"
 struct rtnl_link_ops batadv_link_ops __read_mostly = {

https://hydra.nixos.org/build/39312033/log/raw
2016-08-29 04:09:40 +02:00
Joachim Fasting
fcf5a24d8c
kernel config: set DEBUG_STACKOVERFLOW regardless of features.grsecurity
features.grsecurity has actually been unset for a long time, with no
ill effect on grsec kernel builds so this conditional looks useless.
2016-08-29 04:08:39 +02:00
Kranium Gikos Mendoza
268cb1a08b forkstat: 0.01.13 -> 0.01.14 (#18076) 2016-08-29 01:38:01 +00:00
Robin Gloster
e17bc25943
Merge remote-tracking branch 'upstream/master' into staging 2016-08-29 00:24:47 +00:00
Tuomas Tynkkynen
c004c6e14d kernel config: Explicitly enable some stuff not enabled by 'make alldefconfig'
List of what to enable taken from https://lwn.net/Articles/672587/.
This doesn't change the resulting x86 configs, but is more useful for
other architectures. For instance, POSIX_MQUEUE is currently missing
on ARM.
2016-08-29 03:07:11 +03:00
obadz
3de6e5be50 Merge branch 'master' into staging
Conflicts:
      pkgs/applications/misc/navit/default.nix
      pkgs/applications/networking/mailreaders/alpine/default.nix
      pkgs/applications/networking/mailreaders/realpine/default.nix
      pkgs/development/compilers/ghc/head.nix
      pkgs/development/libraries/openssl/default.nix
      pkgs/games/liquidwar/default.nix
      pkgs/games/spring/springlobby.nix
      pkgs/os-specific/linux/kernel/perf.nix
      pkgs/servers/sip/freeswitch/default.nix
      pkgs/tools/archivers/cromfs/default.nix
      pkgs/tools/graphics/plotutils/default.nix
2016-08-27 23:54:54 +01:00
Bjørn Forsman
daa9d5edca perf: unbreak build since glibc 2.24 upgrade
glibc 2.24 deprecated readdir_r, breaking the perf build:

  $ nix-build -A linuxPackages.perf
  ...
    CC       util/event.o
    CC       util/evlist.o
  util/event.c: In function '__event__synthesize_thread':
  util/event.c:448:2: error: 'readdir_r' is deprecated [-Werror=deprecated-declarations]
    while (!readdir_r(tasks, &dirent, &next) && next) {
    ^
  In file included from /nix/store/8ic0jwg3p5vcwx52k4781n987hmv0bks-glibc-2.24-dev/include/features.h:368:0,
                   from /nix/store/8ic0jwg3p5vcwx52k4781n987hmv0bks-glibc-2.24-dev/include/stdint.h:25,
                   from /nix/store/jsazxc1b86g2ww569ziwhhvkz8z43vjd-gcc-5.4.0/lib/gcc/x86_64-unknown-linux-gnu/5.4.0/include/stdint.h:9,
                   from /tmp/nix-build-perf-linux-4.4.19.drv-0/linux-4.4.19/tools/include/linux/types.h:6,
                   from util/event.c:1:
  /nix/store/8ic0jwg3p5vcwx52k4781n987hmv0bks-glibc-2.24-dev/include/dirent.h:189:12: note: declared here
   extern int __REDIRECT (readdir_r,
              ^
  util/event.c: In function 'perf_event__synthesize_threads':
  util/event.c:586:2: error: 'readdir_r' is deprecated [-Werror=deprecated-declarations]
    while (!readdir_r(proc, &dirent, &next) && next) {

Fix by adding -Wno-error=deprecated-declarations compile flag.
2016-08-27 10:21:57 +02:00
Gabriel Ebner
131cd8f45d Merge pull request #18005 from gebner/kernel-amd-powerplay
kernel: config: enable DRM_AMD_POWERPLAY
2016-08-26 19:04:54 +02:00
Franz Pletz
f75ab31234
sysklogd: fix broken build caused by new glibc version 2016-08-26 15:03:19 +02:00
Franz Pletz
40e0e5fb0b
linux_testing: 4.7-rc7 -> 4.8-rc3 2016-08-26 14:47:45 +02:00
Franz Pletz
aacf6651c1
linux: 4.4.18 -> 4.4.19 2016-08-26 14:47:45 +02:00
Franz Pletz
90251478ec
linux: 4.1.30 -> 4.1.31 2016-08-26 14:47:45 +02:00
Franz Pletz
377c851395
linux: 3.18.36 -> 3.18.40 2016-08-26 14:47:45 +02:00
Franz Pletz
dc37edb36c
linux: 3.14.73 -> 3.14.77 2016-08-26 14:47:45 +02:00
Franz Pletz
458d477215
linux: 3.12.61 -> 3.12.62 2016-08-26 14:47:45 +02:00
Michael Raskin
7e631101b9 lxc: 2.0.3 -> 2.0.4 2016-08-26 13:43:35 +02:00
Gabriel Ebner
7b01df18a2 kernel: config: enable DRM_AMD_POWERPLAY 2016-08-26 08:45:49 +02:00
Shea Levy
2b1fa9da8b Add initial patches for CPU Controller on Control Group v2 2016-08-25 13:01:40 -04:00
Lancelot SIX
7fd44eafa6 Merge pull request #17817 from mbrock/libselinux-fix
libselinux: fix Python binding

Built and tested locally.
2016-08-25 12:43:19 +02:00
Robin Gloster
eddc0a5549
treewide: fix darwin builds by using getOutput
This fixes eval for pkgs referring to optional static output
2016-08-25 08:44:20 +00:00
Franz Pletz
df275f5b85 treewide: fix darwin builds by referring to stdenv's libc 2016-08-25 02:56:25 +02:00
Franz Pletz
29ec1c6b09 audit: 2.4.4 -> 2.6.6 2016-08-25 01:56:36 +02:00
Franz Pletz
f0f95d03ca utillinux: 2.28 -> 2.28.1 2016-08-25 01:55:42 +02:00
Franz Pletz
3ce7b77517 libnl: 3.2.27 -> 3.2.28 2016-08-25 01:55:41 +02:00
Franz Pletz
a30bf645f2 sinit: 0.9.2 -> 1.0, fix glibc static linking 2016-08-24 21:31:02 +02:00
Franz Pletz
d5189fb7ad lxc: 2.0.3 -> 2.0.4, fixes hardened build 2016-08-24 21:31:02 +02:00
Robin Gloster
c26de11551 linuxPackages.perf: fix build with new glibc and remove hack
elfutils now adds a eu- prefix to avoid collisions
2016-08-24 19:19:02 +00:00
Robin Gloster
9e47acb89d otpw: disable stackprotector hardening 2016-08-24 17:19:43 +00:00
obadz
0e8d2725dc Merge branch 'master' into staging 2016-08-23 18:50:06 +01:00
Joachim Fasting
cf592a8969
grsecurity: 4.7.1-201608161813 -> 4.7.2-201608211829 2016-08-23 01:49:34 +02:00
obadz
24a9183f90 Merge branch 'hardened-stdenv' into staging
Closes #12895

Amazing work by @globin & @fpletz getting hardened compiler flags by
enabled default on the whole package set
2016-08-22 01:19:35 +01:00
obadz
ba50fd7170 Merge branch 'master' into staging 2016-08-22 01:18:11 +01:00
Tim Steinbach
175028582c
linux: 4.7.1 -> 4.7.2 2016-08-21 13:56:45 +00:00
Mikael Brockman
1f50e2412f libselinux: fix Python binding
Applies unreleased patch from upstream.
2016-08-19 19:06:25 +03:00
Nikolay Amiantov
2abe917f18 kmod: 22 -> 23, add /lib/modules to module directories 2016-08-19 17:57:08 +03:00
Nikolay Amiantov
ff22705793 treewide: replace several /sbin paths by /bin 2016-08-19 17:56:45 +03:00
Nikolay Amiantov
30c9aa2698 kmod: add patch to allow searching for modules in several directories 2016-08-19 17:56:39 +03:00
obadz
1047ed49d9 Merge branch 'master' into staging
Conflicts: pkgs/os-specific/linux/kmod/default.nix cc @abbradar
2016-08-19 15:28:58 +01:00
Tuomas Tynkkynen
bd68309643 kernel config: Enable SECCOMP
This is used by systemd >= 231 and is not enabled in the ARM
multiplatform defconfig.
2016-08-18 16:33:46 +03:00
Joachim Fasting
66a3f0e988
gradm: 3.1-201607172312 -> 3.1-201608131257 2016-08-17 15:19:33 +02:00
Joachim Fasting
ba20363f11
grsecurity: 4.7-201608151842 -> 4.7.1-201608161813 2016-08-17 15:19:27 +02:00
Franz Pletz
2571438988 linux: 4.7 -> 4.7.1 2016-08-17 05:46:00 +02:00
Franz Pletz
7a4407461b linux: 4.6.6 -> 4.6.7
Fixes CVE-2016-5696.
2016-08-17 05:45:59 +02:00
Franz Pletz
da95fb368c linux: 4.4.17 -> 4.4.18
Fixes CVE-2016-5696.
2016-08-17 05:45:59 +02:00
Franz Pletz
2104d28bcd linux: 4.1.27 -> 4.1.30
Fixes CVE-2016-5696.
2016-08-17 05:45:59 +02:00