Commit Graph

5667 Commits

Author SHA1 Message Date
Joachim Fasting
af1202434a
ndiswrapper: mark as broken
Build fails across all our kernels.  There is a new version 1.60, but
it, too, fails to build.  Until somebody comes along to patch around it,
we might as well mark this as broken.
2016-12-08 23:12:32 +01:00
Joachim Fasting
5fd4ffe00f
grsecurity: 4.8.12-201612031658 -> 201612062306 2016-12-08 12:22:13 +01:00
Dmytro Rets
e8220d3264
Update broadcom URL for broadcom-sta driver. 2016-12-08 11:50:31 +02:00
Tim Steinbach
c9d1d430ec
linux: 4.9-rc7 -> 4.9-rc8 2016-12-05 19:40:11 -05:00
Joachim Fasting
9578299bbe
grsecurity: 4.8.11-201611271225 -> 4.8.12-201612031658 2016-12-06 01:24:32 +01:00
Joachim Fasting
cc396697a6
grsecurity: enable ability to lock in readonly mounts 2016-12-06 01:24:12 +01:00
Joachim Fasting
0e765c72e5
grsecurity: enable module hardening 2016-12-06 01:23:58 +01:00
Joachim Fasting
071fbcda24
grsecurity: enable optional sysfs restrictions
Fairly severe, but can be disabled at bootup via
grsec_sysfs_restrict=0. For the NixOS module we ensure that it is
disabled, for systemd compatibility.
2016-12-06 01:23:36 +01:00
Joachim Fasting
8c1f5afdf3
grsecurity: delay toggling of sysctls until system is up
We generally trust init, so there's little point in having these enabled
during early bootup; it accomplishes little except fill our logs with
spam.
2016-12-06 01:22:53 +01:00
Tuomas Tynkkynen
9ccc14b1bc linux_rpi: Add some feature flags
Copied from linux_4_4 (except for the EFI stub thing).

Otherwise the firewall module fails to evaluate:
Failed assertions:
- This kernel does not support rpfilter
2016-12-04 18:18:06 +02:00
Jörg Thalheim
e00632e200 Merge pull request #20858 from Mic92/lxcfs
lxcfs: init at 2.0.4
2016-12-04 11:33:07 +01:00
Tim Steinbach
4f8b74b401 Merge pull request #20866 from NeQuissimus/linux_4_8_12
linux: 4.8.11 -> 4.8.12
2016-12-02 18:28:46 -05:00
Tim Steinbach
853b6493c8
linux: 4.8.11 -> 4.8.12 2016-12-02 14:29:00 -05:00
Tim Steinbach
654f5df5dc
linux: 4.4.35 -> 4.4.36 2016-12-02 14:28:26 -05:00
Jörg Thalheim
af609b0254
lxcfs: init at 2.0.4 2016-12-02 13:52:03 +01:00
Tim Steinbach
5afc6b506c
linux: 4.1.35 -> 4.1.36 2016-12-01 20:34:02 -05:00
Joachim F
85ecde87c8 Merge pull request #20804 from danbst/fix-shadow
shadow: fix collision with coreutils (man groups.1.gz)
2016-12-01 23:08:30 +01:00
danbst
ac51528df8 shadow: fix collision with coreutils (man groups.1.gz)
The `groups.1.gz` collides with one from coreutils. The code to fix this
was already present in expression, but wrongly assumes that share/man/man1
directory will be copied to `man` output after `installPhase`.

It turned out, that man directory is set at configure step, so we should
remove file from `man` output.
2016-11-30 01:44:28 +02:00
Tim Steinbach
18a3225dac
linux: 3.12.67 -> 3.12.68 2016-11-29 17:40:17 -05:00
Tuomas Tynkkynen
8a4d6516ee Merge remote-tracking branch 'upstream/staging' into master 2016-11-30 00:34:23 +02:00
Franz Pletz
e43f2fc868
Revert "lxc: 2.0.4 -> 2.0.6"
This reverts commit 5d804566df.

This was an error on my part. I had the commit sitting on my local master
and pulled upstream to rebase my commit before pushing. I didn't notice
there was a commit bumping lxc and the auto-merge on the rebase.
2016-11-29 15:42:37 +01:00
Matt McHenry
f0bdca82c0 linuxPackages.ati_drivers_x11: patch for kernel 4.7+ (#19810) 2016-11-28 19:56:50 +01:00
Franz Pletz
5d804566df
lxc: 2.0.4 -> 2.0.6
Fixes CVE-2016-8649.

See https://lists.linuxcontainers.org/pipermail/lxc-users/2016-November/012597.html.
2016-11-28 19:04:42 +01:00
Alexander V. Nikolaev
a8eeef62e6 lxc: 2.0.4 -> 2.0.6 (security)
https://security-tracker.debian.org/tracker/CVE-2016-8649
2016-11-28 15:17:06 +02:00
Alexander V. Nikolaev
121da5e938 lxc: fix sandbox builds
Package attempt to write /etc/bash_completion.d, I directed it to
"${out}/etc/bash_completion.d" as it was suggested.
2016-11-28 15:17:05 +02:00
Joachim Fasting
5da1394a58
Revert "gradm: fix using gradm while the RBAC system is active"
This reverts commit fdbf7dc8b3.

Unfortunately, while gradm now works when the RBAC system is enabled,
gradm still fails when full system learning is enabled, so I probably
need to try again later.
2016-11-28 11:41:12 +01:00
Joachim Fasting
b90ed0cc80
grsecurity: 4.8.10-201611232213 -> 4.8.11-201611271225 2016-11-28 11:41:10 +01:00
Joachim Fasting
4c7323545b
Revert "grsecurity: work around for #20490"
This reverts commit e38b74ba89.

I failed to notice f19c961b4e461da045f2e72e73701059e5117be0; better
use that fix instead.
2016-11-28 11:40:55 +01:00
Tim Steinbach
eecf76eaa2
linux: 4.9-rc6 -> 4.9-rc7 2016-11-27 19:48:24 -05:00
Tuomas Tynkkynen
86ea3126bc linux_rpi: 1.20160620 -> 1.20161020 2016-11-28 00:24:00 +02:00
Tuomas Tynkkynen
25d6bfa258 raspberrypifw: 1.20160620 -> 1.20161020 2016-11-28 00:23:40 +02:00
Tim Steinbach
b47307bd74
linux: 4.8.10 -> 4.8.11 2016-11-26 16:29:23 -05:00
Tim Steinbach
cc77360bed
linux: 4.4.34 -> 4.4.35 2016-11-26 16:28:58 -05:00
Jörg Thalheim
01172c2ccf Merge pull request #20591 from NeQuissimus/linux_4_9_rc6
linux: 4.9-rc5 -> 4.9-rc6
2016-11-26 16:00:16 +01:00
Vladimír Čunát
925b335607
Merge branch 'master' into staging 2016-11-26 11:27:09 +01:00
Frederik Rietdijk
231cd277df nvidia-x11: 367.57 -> 375.20 2016-11-26 09:31:10 +01:00
Joachim Fasting
fdbf7dc8b3
gradm: fix using gradm while the RBAC system is active
The built-in ACL prevents the gradm binary from loading dynamic
libraries from the Nix store.  Thus, once the RBAC system is activated,
the gradm binary cannot be used.

Fix by patching in rules to allow references to the Nix store where
appropriate.
2016-11-26 02:59:35 +01:00
Frederik Rietdijk
6a8c708d6d cryptsetup: use python2 2016-11-24 22:28:04 +01:00
Frederik Rietdijk
d8b0096704 dstat: use python2 2016-11-24 22:28:03 +01:00
Joachim Fasting
f9d787c67b
grsecurity: 4.8.10-201611210813 -> 201611232213 2016-11-24 12:08:12 +01:00
Nikolay Amiantov
be95ceaff2 treewide: quote URLs in my packages 2016-11-24 01:17:52 +03:00
Franz Pletz
7974d7493a
linux: compress kernel image with xz 2016-11-23 02:24:13 +01:00
Tim Steinbach
e4a1b76457
linux: 4.8.9 -> 4.8.10 2016-11-21 18:07:17 -05:00
Tim Steinbach
d62069aca4
linux: 4.4.33 -> 4.4.34 2016-11-21 18:06:57 -05:00
Joachim Fasting
96194467e6
grsecurity: 4.8.8-201611150756 -> 4.8.10-201611210813 2016-11-21 23:15:14 +01:00
Tim Steinbach
f6bbc6c477
linux: 4.9-rc5 -> 4.9-rc6 2016-11-20 17:23:32 -05:00
Joachim Fasting
6d428242a9
linuxPackages.spl: now builds against grsecurity kernel 2016-11-20 23:01:34 +01:00
Joachim Fasting
0df3553a38
paxtest: 0.9.14 -> 0.9.15 2016-11-20 23:01:31 +01:00
Joachim Fasting
32c71c06d2
pax-utils: 1.1.6 -> 1.1.7 2016-11-20 23:01:28 +01:00
Pascal Wittmann
f7e0bc2ae7
Make all meta.maintainers attributes lists 2016-11-20 18:06:03 +01:00
Franz Pletz
1fec301ac5
zfs: remove zfs-tests
Removes runtime dependency on gcc and reduces closure size by more than 110MB.
2016-11-20 04:49:42 +01:00
Franz Pletz
94731510c4
wireguard: 0.0.20161110 -> 0.0.20161116.1 2016-11-20 04:48:56 +01:00
Tim Steinbach
13491f9f48 Merge pull request #20552 from NeQuissimus/linux_4_8_9
linux: 4.8.8 -> 4.8.9
2016-11-19 09:03:00 -05:00
Tim Steinbach
d3b8a77834
linux: 4.4.32 -> 4.4.33 2016-11-19 08:56:31 -05:00
Tim Steinbach
250224bf01
linux: 4.8.8 -> 4.8.9 2016-11-19 08:55:57 -05:00
Vladimír Čunát
b69f568f4c
Merge branch 'staging'
Hydra rebuild looks fine; only a few Darwin jobs is queued:
http://hydra.nixos.org/eval/1304891?compare=1304807
2016-11-19 04:35:51 +01:00
Joachim Fasting
e38b74ba89
grsecurity: work around for #20490
In `scripts/Makefile.modinst`, the code that generates the list of
modules to install passes file names via the command line.  When
installing a grsecurity kernel, this list appears to exceed the
shell's argument list limit, as in

    make[2]: execvp: /nix/store/[...]-bash-4.3-p46/bin/bash: Argument list too long

The build does not fail, however, but the list of modules to be installed ends
up being empty.  Thus, the resulting kernel package output contains no modules,
rendering it useless.

We work around this by patching the makefile to use `find -exec` to
process files.  Why this would occur for grsecurity and not other
kernels is unknown, most likely there's something *else* that is
actually causing this behaviour, so this is a temporary fix until that
cause is found.

Fixes https://github.com/NixOS/nixpkgs/issues/20490
2016-11-18 16:14:26 +01:00
Vladimír Čunát
8b565d6478
Merge #20081: update alsa lib, plugins and utils 2016-11-17 11:26:00 +01:00
Franz Pletz
ba73dbbda6
batman-adv: 2016.3 -> 2016.4 2016-11-17 08:14:18 +01:00
Tim Steinbach
a4cd6f1378 Merge pull request #20441 from NeQuissimus/linux_4_4_32
linux: 4.4.31 -> 4.4.32
2016-11-15 17:49:00 -05:00
Tim Steinbach
819884119c Merge pull request #20439 from NeQuissimus/linux_4_8_8
linux: 4.8.7 -> 4.8.8
2016-11-15 17:48:07 -05:00
Joachim Fasting
0d4e1b5edd
grsecurity: 4.8.7-201611142350 -> 4.8.8-201611150756 2016-11-15 22:57:25 +01:00
Tim Steinbach
24c342fde7
linux: 4.4.31 -> 4.4.32 2016-11-15 12:31:27 -05:00
Tim Steinbach
9e851d3b11
linux: 4.8.7 -> 4.8.8 2016-11-15 12:30:55 -05:00
Joachim Fasting
afab1a948e
grsecurity: 4.8.7-201611102210 -> 201611142350 2016-11-15 13:11:47 +01:00
Franz Pletz
c9bd751a16 Merge pull request #20405 from Mic92/wireguard
wireguard: 2016-10-25 -> 0.0.20161110
2016-11-15 01:54:17 +01:00
Thomas Tuegel
ad7d59c59f Merge pull request #20369 from asymmetric/bluez
bluez: 5.40 -> 5.43
2016-11-14 15:27:41 -06:00
Tim Steinbach
f7fd568678 Merge pull request #20413 from NeQuissimus/linux_4_9_rc5
linux: 4.9-rc4 -> 4.9-rc5
2016-11-14 10:05:20 -05:00
Tim Steinbach
a87c8ad05f
linux: 4.9-rc4 -> 4.9-rc5 2016-11-14 09:40:27 -05:00
Tim Steinbach
91ae568ec7
broadcom_sta: Fix hash 2016-11-14 09:36:06 -05:00
Jörg Thalheim
c0f9bc9b4e
wireguard: 2016-10-25 -> 0.0.20161110 2016-11-14 09:29:58 +01:00
Joachim Fasting
cad9212813
grsecurity: 4.7.10-201611011946 -> 4.8.7-201611102210 2016-11-14 00:16:19 +01:00
Vladimír Čunát
1ac5869907
Merge #19936: vulkan / amdgpu-pro update 2016-11-13 20:06:40 +01:00
David McFarland
3d4a280c35 amdgpu-pro: 16.30.3-315407 -> 16.40-348864 2016-11-13 12:44:28 -04:00
David McFarland
e1a25aeb65 amdgpu-pro: fix kernel module for linux-4.8 2016-11-13 12:44:28 -04:00
David McFarland
6bf27c2cae vulkan-loader: allow validation layers to be enabled
The loader now uses XDK_DATA_DIRS to find drivers and layers.
2016-11-13 12:44:27 -04:00
Lorenzo Manacorda
b83c0783d3 bluez: 5.40 -> 5.43 2016-11-12 18:12:10 +01:00
Joachim Fasting
081a871771
Revert "Merge pull request #20302 from spacekitteh/patch-10"
This reverts commit e02173c70c, reversing
changes made to c2b4a0d266.

Breaks all grsec packages; Not having binary substitutes for no good
reason is disruptive to my workflow, so I'll just revert this for now.
2016-11-12 14:02:20 +01:00
Tim Steinbach
e02173c70c Merge pull request #20302 from spacekitteh/patch-10
grsecurity_testing: 4.7.10 -> 4.8.7
2016-11-11 22:03:39 -05:00
Sophie Taylor
fa180d0d63 grsec: 4.8.6 -> 4.8.7 2016-11-12 12:54:47 +10:00
Tim Steinbach
c2b4a0d266 Merge pull request #20327 from NeQuissimus/linux_4_9_rc4
linux: 4.9-rc3 -> 4.9-rc4
2016-11-11 18:11:02 -05:00
Tim Steinbach
52cc30cd87 Merge pull request #20326 from NeQuissimus/linux_3_12_67
linux: 3.12.66 -> 3.12.67
2016-11-11 18:10:16 -05:00
Tim Steinbach
933dfca167 Merge pull request #20322 from NeQuissimus/linux_4_8_7
linux: 4.8.6 -> 4.8.7
2016-11-10 21:12:06 -05:00
Tim Steinbach
ad19b9bde5
linux: 4.9-rc3 -> 4.9-rc4 2016-11-10 21:08:28 -05:00
Tim Steinbach
0a1f39eb91
linux: 4.8.6 -> 4.8.7 2016-11-10 21:07:56 -05:00
Tim Steinbach
579f5fd9dd
linux: 4.4.30 -> 4.4.31 2016-11-10 21:07:24 -05:00
Tim Steinbach
cc62ecc2d9
linux: 3.12.66 -> 3.12.67 2016-11-10 21:06:54 -05:00
Tuomas Tynkkynen
74ecbbe4e3 kernel config: Ensure SECCOMP_FILTER is enabled
As noted in a97db109a2, SECCOMP_FILTER must be enabled or systemd gets
very unhappy.
2016-11-11 02:10:20 +02:00
Peter Hoeg
cb93b34999 SMB2 support for CIFS
[tuomas: removed unneeded kernel version check]
Signed-off-by: Tuomas Tynkkynen <tuomas@tuxera.com>
2016-11-11 02:10:20 +02:00
Sophie Taylor
6476f11f40 grsecurity patch update to kernel 4.8.6 2016-11-10 12:44:22 +10:00
Tim Digel
4a7cf195a4 molly-guard: init at 0.6.3 2016-11-09 14:39:44 +01:00
Tobias Geerinckx-Rice
ea301adfd1
pagemon: 0.01.08 -> 0.01.10 2016-11-09 02:24:50 +01:00
Tobias Geerinckx-Rice
11dacb7e2c
mcelog: 142 -> 144 2016-11-09 02:24:45 +01:00
Kjetil Ørbekk
0d5caf138a tpacpi-bat: init at 3.0 (#20213) 2016-11-08 02:46:34 +01:00
Guillaume Maudoux
eb9d126d2c linux_mptcp: 0.91 -> 0.91.2 2016-11-07 14:15:33 +01:00
Joachim Fasting
ae5d404509
lttng-modules: 2.8.0 -> 2.8.3
Fixes build against linux >=4.8

Full changelog at
https://git.lttng.org/?p=lttng-tools.git;a=blob_plain;f=ChangeLog;hb=13dc409a5ea439b96b805c3c71886a3fcfad18e8

Tested with nix-build -A linuxPackages.lttng-modules -A linuxPackages_latest.lttng-modules
2016-11-06 13:57:34 +01:00
Lorenzo Manacorda
98fb9ded4e light: 0.9 -> 1.0 (#20193)
Update to version 1.0
2016-11-06 03:47:22 +01:00
Tobias Geerinckx-Rice
cd2d81ab52
mcelog: 138 -> 142 2016-11-05 18:44:10 +01:00
Tim Steinbach
cc7c28332b
Remove ttysnoop
No longer exists
2016-11-04 11:18:52 -04:00
Tim Steinbach
20c2980640
Remove cryopid
No longer builds / exists
2016-11-03 21:43:17 -04:00