Commit Graph

85573 Commits

Author SHA1 Message Date
Ambroz Bizjak
7102c3c0c4 cura: Fix breakage due to numpy change. (#16234)
Upstream bug report: https://github.com/daid/Cura/issues/1461
2016-06-15 13:42:32 +01:00
David Craven
54f80775cb rust: Refactoring of rust and cargo packages 2016-06-15 12:47:13 +02:00
Paweł Pacana
f3d202150c buildkite-agent: 2.1.8 ~> 2.1.13 2016-06-15 11:52:04 +02:00
Wout Mertens
3bbdfe5df7 Merge pull request #16232 from matthewbauer/makeself-fix-header
makeself: header wasn't being patched correctly
2016-06-15 09:44:33 +02:00
Peter Hoeg
54e806e690 syncthing: 0.13.4 -> 0.13.7 2016-06-15 12:59:41 +08:00
Rushmore Mushambi
48de566e54 Merge pull request #16231 from rushmorem/lizardfs
lizardfs: init at 3.9.4
2016-06-15 04:48:21 +02:00
rushmorem
c4435493aa lizardfs: init at 3.9.4
LizardFS is a highly reliable, scalable and efficient distributed file
system.
2016-06-15 04:23:44 +02:00
artuuge
be0ade9d03 pycuda: init at 2016.1 2016-06-15 00:47:55 +02:00
artuuge
dd5a46f85d pytools: init at 2016.2.1 2016-06-15 00:39:48 +02:00
David Craven
d8a7aaf179 rustc: Prepare for 1.10.0 release 2016-06-14 23:09:21 +02:00
David Craven
447dce99da rustc: Enable crosscompiling std crates 2016-06-14 23:09:21 +02:00
David Craven
0720373dfc cargo: Use stable releases instead of snapshots 2016-06-14 23:09:21 +02:00
Arseniy Seroka
06027595fc
vimPlugins: update 2016-06-15 2016-06-15 00:03:59 +03:00
Robert Helgesson
34ebc3c085 perl-CGI: 4.28 -> 4.31 2016-06-14 22:13:38 +02:00
Robert Helgesson
b0e02cecb6 perl-PDF-API2: 2.027 -> 2.028 2016-06-14 22:13:21 +02:00
Robert Helgesson
4a69b81213 perl-Readonly: 2.04 -> 2.05 2016-06-14 22:13:07 +02:00
Ambroz Bizjak
b422df0e99 crrcsim: 0.9.12 -> 0.9.13 2016-06-14 21:50:53 +02:00
Matthew Bauer
a221ff5569 makeself: header wasn't being patched correctly 2016-06-14 19:17:29 +00:00
Robert Helgesson
2968db5b7b perl-Crypt-JWT: 0.011 -> 0.017 2016-06-14 20:43:04 +02:00
Robert Helgesson
3d1eea2225 perl-CryptX: 0.035 -> 0.036 2016-06-14 20:42:43 +02:00
Robert Helgesson
ee0684fa1e perl-Math-BigInt: 1.999722 -> 1.999723 2016-06-14 20:41:21 +02:00
artuuge
d1f38e2adc make clblas-cuda and libgpuarray-cuda more functorial 2016-06-14 20:01:51 +02:00
Tobias Geerinckx-Rice
9f996d6406
tzdata: 2016d -> 2016e 2016-06-14 18:27:57 +02:00
Tobias Geerinckx-Rice
156a14d153
geolite-legacy: 2016-06-08 -> 2016-06-13 2016-06-14 18:27:56 +02:00
Lluís Batlle i Rossell
93912d99d2 Adding nvenc support to ffmpeg (default off)
I add the nvidia-video-sdk header files, required to make it work.

You have to set nvenct=true to ffmpeg-full and nonfreeLicensing=true to
ffmpeg-full to use this.
2016-06-14 17:51:55 +02:00
Kranium Gikos Mendoza
f79930849a openldap: add -h urlList in service so LDAP TLS could be enabled 2016-06-14 23:47:02 +08:00
José Romildo Malaquias
e72d29020c libxfce4ui: add libICE and libSM as propagated build inputs 2016-06-14 11:53:11 -03:00
José Romildo Malaquias
370cc4f44f libxfce4ui: use nativeBuildInputs for dependencies not needed at runtime 2016-06-14 11:51:04 -03:00
Arseniy Seroka
186a6a207d Merge pull request #16222 from kamilchm/rework-go
Fixes #16181 - using bin output for Go services
2016-06-14 17:19:17 +03:00
Joachim Fasting
c94f4f85c5 Merge pull request #16226 from bobvanderlinden/fix-lsyncd
lsyncd: removed support for Darwin
2016-06-14 15:04:48 +02:00
Joachim Fasting
f04291abe5 Merge pull request #16138 from romildo/upd.arc
arc-gtk-theme-git: 2016-06-02 -> 2016-06-06
2016-06-14 15:04:18 +02:00
Joachim Fasting
d27006b82b
dnscrypt-wrapper: 0.2 -> 0.2.1 2016-06-14 14:22:18 +02:00
Joachim Fasting
130b06eb0b
grsecurity: 4.5.7-201606080852 -> 4.5.7-201606110914 2016-06-14 14:18:01 +02:00
Peter Simons
39d657ec04 Merge pull request #16167 from rasendubi/ghc-docs
GHC: Split docs
2016-06-14 12:32:42 +02:00
José Romildo Malaquias
1f77d3cd09
idea.idea-{community,ultimate}: 2016.1.2 -> 2016.1.3
(cherry picked from commit a6fd3e8680ff3da7ddc55c8d8dfd38e17f9fcd1f)
2016-06-14 12:28:27 +02:00
Edward Tjörnhammar
efb519d2f4
i2pd: 2.6.0 -> 2.7.0 2016-06-14 12:28:27 +02:00
Luca Bruno
63b2bf108d Merge pull request #16224 from aneeshusa/enable-multiple-outputs-for-tmux
tmux: enable multiple outputs
2016-06-14 10:57:18 +02:00
Bob van der Linden
61431e239b lsyncd: removed support for Darwin 2016-06-14 10:46:56 +02:00
Moritz Ulrich
dc3cfbbe0f Merge pull request #16225 from hiberno/update-rofi-pass
rofi-pass: 1.3.1 -> 1.3.2
2016-06-14 10:31:17 +02:00
Christian Lask
4e59526bf4 rofi-pass: 1.3.1 -> 1.3.2
Note: You'll need to add the `_rofi` command to your config of rofi-pass
to make this release work. Refer to config.example for an example of
how this might look like. For more information on this change, see
75cf715158.
2016-06-14 10:07:59 +02:00
Joachim Fasting
886c03ad2e Merge pull request #16107 from joachifm/grsec-ng
Rework grsecurity support
2016-06-14 03:52:50 +02:00
Joachim Fasting
7bda8f0a8f
grsecurity: add a xen guest kernel
This is for the benefit of users who want to quickly get up and running
on a Xen host, for which the stock NixOS kernel is likely unsuitable.
2016-06-14 03:38:19 +02:00
Joachim Fasting
544b42f8f5
top-level/release.nix: remove obsolete grsec jobs 2016-06-14 03:38:19 +02:00
Joachim Fasting
dae5f53d25
qemu: apply PaX markings 2016-06-14 03:38:18 +02:00
Joachim Fasting
09cf92ccee
nixos: flesh out the grsecurity test suite
I've failed to figure out what why `paxtest blackhat` hangs the vm, and
have resigned to running individual `paxtest` programs.  This provides
limited coverage, but at least verifies that some important features are
in fact working.

Ideas for future work includes a subtest for basic desktop
functionality.
2016-06-14 03:38:18 +02:00
Joachim Fasting
a53452f3e1
nixos: remove the grsecurity GID
This GID was used to exempt users from Grsecurity's
`/proc` restrictions; we now prefer to rely on
`security.hideProcessInformation`, which uses the `proc` group
for this purpose.  That leaves no use for the grsecurity GID.

More generally, having only a single GID to, presumably, serve as the
default for all of grsecurity's GID based exemption/resriction schemes
would be problematic in any event, so if we decide to enable those
grsecurity features in the future, more specific GIDs should be added.
2016-06-14 03:38:17 +02:00
Joachim Fasting
0677cc61c8
nixos: rewrite the grsecurity module
The new module is specifically adapted to the NixOS Grsecurity/PaX
kernel.  The module declares the required kernel configurations and
so *should* be somewhat compatible with custom Grsecurity kernels.

The module exposes only a limited number of options, minimising the need
for user intervention beyond enabling the module. For experts,
Grsecurity/PaX behavior may be configured via `boot.kernelParams` and
`boot.kernel.sysctl`.

The module assumes the user knows what she's doing (esp. if she decides
to modify configuration values not directly exposed by the module).

Administration of Grsecurity's role based access control system is yet
to be implemented.
2016-06-14 03:38:12 +02:00
Joachim Fasting
3123c7df37 Merge pull request #16204 from vrthra/mlterm
mlterm: Disable darwin compilaton
2016-06-14 03:09:46 +02:00
Tuomas Tynkkynen
7ae1e9bb6d multi_v7_defconfig: Enable AHCI_IMX 2016-06-14 01:31:57 +03:00
Joachim Fasting
75b9a7beac
grsecurity: implement a single NixOS kernel
This patch replaces the old grsecurity kernels with a single NixOS
specific grsecurity kernel.  This kernel is intended as a general
purpose kernel, tuned for casual desktop use.

Providing only a single kernel may seem like a regression compared to
offering a multitude of flavors.  It is impossible, however, to
effectively test and support that many options.  This is amplified by
the reality that very few seem to actually use grsecurity on NixOS,
meaning that bugs go unnoticed for long periods of time, simply because
those code paths end up never being exercised.  More generally, it is
hopeless to anticipate imagined needs.  It is better to start from a
solid foundation and possibly add more flavours on demand.

While the generic kernel is intended to cover a wide range of use cases,
it cannot cover everything.  For some, the configuration will be either
too restrictive or too lenient.  In those cases, the recommended
solution is to build a custom kernel --- this is *strongly* recommended
for security sensitive deployments.

Building a custom grsec kernel should be as simple as
```nix
linux_grsec_nixos.override {
  extraConfig = ''
    GRKERNSEC y
    PAX y
    # and so on ...
  '';
}
```

The generic kernel should be usable both as a KVM guest and host.  When
running as a host, the kernel assumes hardware virtualisation support.
Virtualisation systems other than KVM are *unsupported*: users of
non-KVM systems are better served by compiling a custom kernel.

Unlike previous Grsecurity kernels, this configuration disables `/proc`
restrictions in favor of `security.hideProcessInformation`.

Known incompatibilities:
- ZFS: can't load spl and zfs kernel modules; claims incompatibility
  with KERNEXEC method `or` and RAP; changing to `bts` does not fix the
  problem, which implies we'd have to disable RAP as well for ZFS to
  work
- `kexec()`: likely incompatible with KERNEXEC (unverified)
- Xen: likely incompatible with KERNEXEC and UDEREF (unverified)
- Virtualbox: likely incompatible with UDEREF (unverified)
2016-06-14 00:08:20 +02:00