JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
96,999 Commits 2 Branches 0 Tags 12 GiB
ca7cc96ee8
Commit Graph

5873 Commits

Author SHA1 Message Date
Joachim Fasting
ca7cc96ee8
grsecurity: enable PAX_INITIFY 
Uses gcc plugin to detect more instances where memory used during init
can be freed.
 2016-12-09 15:30:40 +01:00
Tim Steinbach
bfffbb5ea6
linux: 4.8.12 -> 4.8.13 2016-12-09 08:27:11 -05:00
Tim Steinbach
e861a5f7af
linux: 4.4.36 -> 4.4.37 2016-12-09 08:26:46 -05:00
Joachim Fasting
af1202434a
ndiswrapper: mark as broken 
Build fails across all our kernels.  There is a new version 1.60, but
it, too, fails to build.  Until somebody comes along to patch around it,
we might as well mark this as broken.
 2016-12-08 23:12:32 +01:00
Joachim Fasting
5fd4ffe00f
grsecurity: 4.8.12-201612031658 -> 201612062306 2016-12-08 12:22:13 +01:00
Dmytro Rets
e8220d3264
Update broadcom URL for broadcom-sta driver. 2016-12-08 11:50:31 +02:00
Tim Steinbach
c9d1d430ec
linux: 4.9-rc7 -> 4.9-rc8 2016-12-05 19:40:11 -05:00
Joachim Fasting
9578299bbe
grsecurity: 4.8.11-201611271225 -> 4.8.12-201612031658 2016-12-06 01:24:32 +01:00
Joachim Fasting
cc396697a6
grsecurity: enable ability to lock in readonly mounts 2016-12-06 01:24:12 +01:00
Joachim Fasting
0e765c72e5
grsecurity: enable module hardening 2016-12-06 01:23:58 +01:00
Joachim Fasting
071fbcda24
grsecurity: enable optional sysfs restrictions 
Fairly severe, but can be disabled at bootup via
grsec_sysfs_restrict=0. For the NixOS module we ensure that it is
disabled, for systemd compatibility.
 2016-12-06 01:23:36 +01:00
Joachim Fasting
8c1f5afdf3
grsecurity: delay toggling of sysctls until system is up 
We generally trust init, so there's little point in having these enabled
during early bootup; it accomplishes little except fill our logs with
spam.
 2016-12-06 01:22:53 +01:00
Tuomas Tynkkynen
f91458ca38 reattach-to-user-namespace: Set platforms 2016-12-05 02:36:54 +02:00
Tuomas Tynkkynen
9ccc14b1bc linux_rpi: Add some feature flags 
Copied from linux_4_4 (except for the EFI stub thing).

Otherwise the firewall module fails to evaluate:
Failed assertions:
- This kernel does not support rpfilter
 2016-12-04 18:18:06 +02:00
Jörg Thalheim
e00632e200 Merge pull request #20858 from Mic92/lxcfs 
lxcfs: init at 2.0.4
 2016-12-04 11:33:07 +01:00
Tim Steinbach
4f8b74b401 Merge pull request #20866 from NeQuissimus/linux_4_8_12 
linux: 4.8.11 -> 4.8.12
 2016-12-02 18:28:46 -05:00
Tim Steinbach
853b6493c8
linux: 4.8.11 -> 4.8.12 2016-12-02 14:29:00 -05:00
Tim Steinbach
654f5df5dc
linux: 4.4.35 -> 4.4.36 2016-12-02 14:28:26 -05:00
Jörg Thalheim
af609b0254
lxcfs: init at 2.0.4 2016-12-02 13:52:03 +01:00
Tim Steinbach
5afc6b506c
linux: 4.1.35 -> 4.1.36 2016-12-01 20:34:02 -05:00
Joachim F
85ecde87c8 Merge pull request #20804 from danbst/fix-shadow 
shadow: fix collision with coreutils (man groups.1.gz)
 2016-12-01 23:08:30 +01:00
danbst
ac51528df8 shadow: fix collision with coreutils (man groups.1.gz) 
The `groups.1.gz` collides with one from coreutils. The code to fix this
was already present in expression, but wrongly assumes that share/man/man1
directory will be copied to `man` output after `installPhase`.

It turned out, that man directory is set at configure step, so we should
remove file from `man` output.
 2016-11-30 01:44:28 +02:00
Tim Steinbach
18a3225dac
linux: 3.12.67 -> 3.12.68 2016-11-29 17:40:17 -05:00
Tuomas Tynkkynen
8a4d6516ee Merge remote-tracking branch 'upstream/staging' into master 2016-11-30 00:34:23 +02:00
Franz Pletz
e43f2fc868
Revert "lxc: 2.0.4 -> 2.0.6" 
This reverts commit 5d804566df.

This was an error on my part. I had the commit sitting on my local master
and pulled upstream to rebase my commit before pushing. I didn't notice
there was a commit bumping lxc and the auto-merge on the rebase.
 2016-11-29 15:42:37 +01:00
Matt McHenry
f0bdca82c0 linuxPackages.ati_drivers_x11: patch for kernel 4.7+ (#19810) 2016-11-28 19:56:50 +01:00
Franz Pletz
5d804566df
lxc: 2.0.4 -> 2.0.6 
Fixes CVE-2016-8649.

See https://lists.linuxcontainers.org/pipermail/lxc-users/2016-November/012597.html.
 2016-11-28 19:04:42 +01:00
Peter Simons
21a5532c57 Merge pull request #20766 from avnik/update/lxc 
lxc: 2.0.4 -> 2.0.6 (security)
 2016-11-28 15:13:10 +01:00
Alexander V. Nikolaev
a8eeef62e6 lxc: 2.0.4 -> 2.0.6 (security) 
https://security-tracker.debian.org/tracker/CVE-2016-8649
 2016-11-28 15:17:06 +02:00
Alexander V. Nikolaev
121da5e938 lxc: fix sandbox builds 
Package attempt to write /etc/bash_completion.d, I directed it to
"${out}/etc/bash_completion.d" as it was suggested.
 2016-11-28 15:17:05 +02:00
Graham Christensen
04edf297cc Merge pull request #20676 from matthewbauer/file_cmds 
file_cmds: init at 264.1.1
 2016-11-28 06:48:18 -05:00
Joachim Fasting
5da1394a58
Revert "gradm: fix using gradm while the RBAC system is active" 
This reverts commit fdbf7dc8b3.

Unfortunately, while gradm now works when the RBAC system is enabled,
gradm still fails when full system learning is enabled, so I probably
need to try again later.
 2016-11-28 11:41:12 +01:00
Joachim Fasting
b90ed0cc80
grsecurity: 4.8.10-201611232213 -> 4.8.11-201611271225 2016-11-28 11:41:10 +01:00
Joachim Fasting
4c7323545b
Revert "grsecurity: work around for #20490" 
This reverts commit e38b74ba89.

I failed to notice f19c961b4e461da045f2e72e73701059e5117be0; better
use that fix instead.
 2016-11-28 11:40:55 +01:00
Matthew Bauer
bd57e32312
file_cmds: init at 264.1.1 2016-11-27 21:58:07 -06:00
Tim Steinbach
eecf76eaa2
linux: 4.9-rc6 -> 4.9-rc7 2016-11-27 19:48:24 -05:00
Tuomas Tynkkynen
86ea3126bc linux_rpi: 1.20160620 -> 1.20161020 2016-11-28 00:24:00 +02:00
Tuomas Tynkkynen
25d6bfa258 raspberrypifw: 1.20160620 -> 1.20161020 2016-11-28 00:23:40 +02:00
Tim Steinbach
b47307bd74
linux: 4.8.10 -> 4.8.11 2016-11-26 16:29:23 -05:00
Tim Steinbach
cc77360bed
linux: 4.4.34 -> 4.4.35 2016-11-26 16:28:58 -05:00
Jörg Thalheim
01172c2ccf Merge pull request #20591 from NeQuissimus/linux_4_9_rc6 
linux: 4.9-rc5 -> 4.9-rc6
 2016-11-26 16:00:16 +01:00
Vladimír Čunát
925b335607
Merge branch 'master' into staging 2016-11-26 11:27:09 +01:00
Frederik Rietdijk
231cd277df nvidia-x11: 367.57 -> 375.20 2016-11-26 09:31:10 +01:00
Joachim Fasting
fdbf7dc8b3
gradm: fix using gradm while the RBAC system is active 
The built-in ACL prevents the gradm binary from loading dynamic
libraries from the Nix store.  Thus, once the RBAC system is activated,
the gradm binary cannot be used.

Fix by patching in rules to allow references to the Nix store where
appropriate.
 2016-11-26 02:59:35 +01:00
Frederik Rietdijk
6a8c708d6d cryptsetup: use python2 2016-11-24 22:28:04 +01:00
Frederik Rietdijk
d8b0096704 dstat: use python2 2016-11-24 22:28:03 +01:00
Joachim Fasting
f9d787c67b
grsecurity: 4.8.10-201611210813 -> 201611232213 2016-11-24 12:08:12 +01:00
Nikolay Amiantov
be95ceaff2 treewide: quote URLs in my packages 2016-11-24 01:17:52 +03:00
Franz Pletz
7974d7493a
linux: compress kernel image with xz 2016-11-23 02:24:13 +01:00
Tim Steinbach
e4a1b76457
linux: 4.8.9 -> 4.8.10 2016-11-21 18:07:17 -05:00