3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

6825 commits

Author SHA1 Message Date
hsloan b8ed3c65bb propcps: Rely on cc-wrapper to export this env var 2017-06-28 21:24:25 -04:00
hsloan 66e22e1229 mingetty: Rely on cc-wrapper to export this env var 2017-06-28 21:24:24 -04:00
hsloan 5d83d36389 mdadm: Don't use stdenv.cross 2017-06-28 21:24:24 -04:00
hsloan a210b08d18 klibc: Don't use crossAttrs 2017-06-28 21:24:12 -04:00
hsloan 16781a3892 kernel perf: Don't use stdenv.cross 2017-06-28 20:23:09 -04:00
hsloan 1e3b45cfdb kernel manual-config: Don't use stdenv.cross 2017-06-28 20:23:09 -04:00
hsloan 459d07d41c kernel generic: Don't use stdenv.cross 2017-06-28 20:22:59 -04:00
hsloan c5b4b6c911 kernel-headers: Don't use stdenv.cross 2017-06-28 19:44:04 -04:00
Will Dietz 707145a955 firejail: don't try to set setuid bit 2017-06-28 14:31:47 -05:00
Will Dietz 09d85c49c4 kbdlight: Fix installation permissions
Looks like NixOS creates a security wrapper for this already, FWIW.
2017-06-28 14:31:45 -05:00
Eelco Dolstra 32e492251b
systemd: Apply fix for CVE-2017-9445 2017-06-28 14:08:05 +02:00
Trevor Joynson 068341b1c7 iptstate: init at 2.2.6 (#26878)
* Add iptstate package

* iptstate: nit pick
2017-06-27 18:27:13 +01:00
Tim Steinbach d2e199ca3c
linux: 4.4.73 -> 4.4.74 2017-06-27 08:14:47 -04:00
Tim Steinbach c90a4b8541
linux: 4.12-rc6 -> 4.12-rc7 2017-06-26 09:58:37 -04:00
David McFarland a08024bcb0 procps-ng: allow cygwin 2017-06-26 09:33:09 -03:00
Franz Pletz b788956239
libcgroup: do not set suid bit in nix store 2017-06-26 09:13:34 +02:00
Michał Pałka 80e0cda7ff xen: patch for XSAs: 216, 217, 218, 219, 220, 221, 222, and 224
XSA-216 Issue Description:

> The block interface response structure has some discontiguous fields.
> Certain backends populate the structure fields of an otherwise
> uninitialized instance of this structure on their stacks, leaking
> data through the (internal or trailing) padding field.

More: https://xenbits.xen.org/xsa/advisory-216.html

XSA-217 Issue Description:

> Domains controlling other domains are permitted to map pages owned by
> the domain being controlled.  If the controlling domain unmaps such a
> page without flushing the TLB, and if soon after the domain being
> controlled transfers this page to another PV domain (via
> GNTTABOP_transfer or, indirectly, XENMEM_exchange), and that third
> domain uses the page as a page table, the controlling domain will have
> write access to a live page table until the applicable TLB entry is
> flushed or evicted.  Note that the domain being controlled is
> necessarily HVM, while the controlling domain is PV.

More: https://xenbits.xen.org/xsa/advisory-217.html

XSA-218 Issue Description:

> We have discovered two bugs in the code unmapping grant references.
>
> * When a grant had been mapped twice by a backend domain, and then
> unmapped by two concurrent unmap calls, the frontend may be informed
> that the page had no further mappings when the first call completed rather
> than when the second call completed.
>
> * A race triggerable by an unprivileged guest could cause a grant
> maptrack entry for grants to be "freed" twice.  The ultimate effect of
> this would be for maptrack entries for a single domain to be re-used.

More: https://xenbits.xen.org/xsa/advisory-218.html

XSA-219 Issue Description:

> When using shadow paging, writes to guest pagetables must be trapped and
> emulated, so the shadows can be suitably adjusted as well.
>
> When emulating the write, Xen maps the guests pagetable(s) to make the final
> adjustment and leave the guest's view of its state consistent.
>
> However, when mapping the frame, Xen drops the page reference before
> performing the write.  This is a race window where the underlying frame can
> change ownership.
>
> One possible attack scenario is for the frame to change ownership and to be
> inserted into a PV guest's pagetables.  At that point, the emulated write will
> be an unaudited modification to the PV pagetables whose value is under guest
> control.

More: https://xenbits.xen.org/xsa/advisory-219.html

XSA-220 Issue Description:

> Memory Protection Extensions (MPX) and Protection Key (PKU) are features in
> newer processors, whose state is intended to be per-thread and context
> switched along with all other XSAVE state.
>
> Xen's vCPU context switch code would save and restore the state only
> if the guest had set the relevant XSTATE enable bits.  However,
> surprisingly, the use of these features is not dependent (PKU) or may
> not be dependent (MPX) on having the relevant XSTATE bits enabled.
>
> VMs which use MPX or PKU, and context switch the state manually rather
> than via XSAVE, will have the state leak between vCPUs (possibly,
> between vCPUs in different guests).  This in turn corrupts state in
> the destination vCPU, and hence may lead to weakened protections
>
> Experimentally, MPX appears not to make any interaction with BND*
> state if BNDCFGS.EN is set but XCR0.BND{CSR,REGS} are clear.  However,
> the SDM is not clear in this case; therefore MPX is included in this
> advisory as a precaution.

More: https://xenbits.xen.org/xsa/advisory-220.html

XSA-221 Issue Description:

> When polling event channels, in general arbitrary port numbers can be
> specified.  Specifically, there is no requirement that a polled event
> channel ports has ever been created.  When the code was generalised
> from an earlier implementation, introducing some intermediate
> pointers, a check should have been made that these intermediate
> pointers are non-NULL.  However, that check was omitted.

More: https://xenbits.xen.org/xsa/advisory-221.html

XSA-222 Issue Description:

> Certain actions require removing pages from a guest's P2M
> (Physical-to-Machine) mapping.  When large pages are in use to map
> guest pages in the 2nd-stage page tables, such a removal operation may
> incur a memory allocation (to replace a large mapping with individual
> smaller ones).  If this allocation fails, these errors are ignored by
> the callers, which would then continue and (for example) free the
> referenced page for reuse.  This leaves the guest with a mapping to a
> page it shouldn't have access to.
>
> The allocation involved comes from a separate pool of memory created
> when the domain is created; under normal operating conditions it never
> fails, but a malicious guest may be able to engineer situations where
> this pool is exhausted.

More: https://xenbits.xen.org/xsa/advisory-222.html

XSA-224 Issue Description:

> We have discovered a number of bugs in the code mapping and unmapping
> grant references.
>
> * If a grant is mapped with both the GNTMAP_device_map and
> GNTMAP_host_map flags, but unmapped only with host_map, the device_map
> portion remains but the page reference counts are lowered as though it
> had been removed. This bug can be leveraged cause a page's reference
> counts and type counts to fall to zero while retaining writeable
> mappings to the page.
>
> * Under some specific conditions, if a grant is mapped with both the
> GNTMAP_device_map and GNTMAP_host_map flags, the operation may not
> grab sufficient type counts.  When the grant is then unmapped, the
> type count will be erroneously reduced.  This bug can be leveraged
> cause a page's reference counts and type counts to fall to zero while
> retaining writeable mappings to the page.
>
> * When a grant reference is given to an MMIO region (as opposed to a
> normal guest page), if the grant is mapped with only the
> GNTMAP_device_map flag set, a mapping is created at host_addr anyway.
> This does *not* cause reference counts to change, but there will be no
> record of this mapping, so it will not be considered when reporting
> whether the grant is still in use.

More: https://xenbits.xen.org/xsa/advisory-224.html
2017-06-26 07:01:24 +00:00
Franz Pletz 639b74e7be
Revert "linux: patch CVE-2017-1000364 (stack clash)"
This reverts commit aab71b31d5.

This was integrated into the stable 4.9 and 4.11 kernels.
2017-06-26 02:23:59 +02:00
Franz Pletz 40a04291c9
Merge branch 'master' into staging 2017-06-26 02:23:38 +02:00
Gabriel Ebner 252e9ec84a microcodeIntel: 20161104 -> 20170511 2017-06-25 17:41:57 +02:00
Tim Steinbach 03aed4cfcf
linux-copperhead: 4.11.6.d -> 4.11.7.a 2017-06-24 14:50:41 -04:00
Jörg Thalheim d4f45ae393 Merge pull request #26734 from nh2/statifier-1.7.4
statifier: 1.7.3 -> 1.7.4
2017-06-24 18:16:25 +01:00
Tim Steinbach b06cb59fc1
linux: 4.9.33 -> 4.9.34 2017-06-24 11:22:56 -04:00
Tim Steinbach 3a68f0bb78
linux: 4.11.6 -> 4.11.7 2017-06-24 11:20:32 -04:00
Jörg Thalheim 5e2de6d846 iwd: 2017-04-21 -> 2017-06-02 2017-06-24 10:29:14 +01:00
Jörg Thalheim a087e5a53a lttng-modules: 2.9.1 -> 2.9.3 2017-06-24 10:26:19 +01:00
John Ericson 87fab3d6a5 Merge some merged cross-compilation PRs into into staging 2017-06-23 20:24:27 -04:00
John Ericson a24031317a Merge pull request #26798 from obsidiansystems/ios-cross-stdenv
ios-cross: Just properly use the cc-wrapper
2017-06-23 15:00:19 -04:00
John Ericson afd2bdbad2 Merge pull request #26007 from obsidiansystems/cc-wrapper-prefix
Get rid of gcc-cross-wrapper
2017-06-23 11:22:34 -04:00
Tim Steinbach 4e08459f9b
linux-hardened-copperhead: 4.11.6c -> 4.11.6d 2017-06-22 21:12:20 -04:00
John Ericson f43ae985a6 ios-cross: Just properly use the cc-wrapper
No other downstream derivations are needed anymore.
2017-06-22 17:56:12 -04:00
John Ericson 05b3c87d9d busybox: Modernize and fix cross 2017-06-22 17:53:53 -04:00
John Ericson fc42ec0a5c mingw-w64: Depend on own headers derivation
Without this, a `#include <float.h>` resolves incorrectly. Either the
headers weren't on the include path at all, or they only were for
local, not system, imports.

What's weird is this used to not be a problem. Not sure what other
change in e.g. cc-wrapper would affect this.
2017-06-22 17:53:51 -04:00
John Ericson bb7067f882 mingw-w64: Clean up, especially clarifying staging 2017-06-22 17:53:51 -04:00
Franz Pletz aab71b31d5
linux: patch CVE-2017-1000364 (stack clash) 2017-06-22 00:44:28 +02:00
Franz Pletz 6338c50a84
Merge branch 'master' into staging 2017-06-22 00:41:25 +02:00
Franz Pletz 5389caab83
utillinux: 2.29.2 -> 2.30 2017-06-22 00:38:44 +02:00
Franz Pletz dd3f2e648a
linux_hardened_copperhead: init at 4.11.6.c 2017-06-21 23:49:00 +02:00
Jörg Thalheim e89e96a755 linux_4_11: renable CONFIG_UPROBE_EVENTS
CONFIG_UPROBE_EVENT was renamed to CONFIG_UPROBE_EVENTS.
2017-06-21 17:16:46 +01:00
Niklas Hambüchen 2fe0cd548c statifier: 1.7.3 -> 1.7.4 2017-06-21 01:12:38 +02:00
Franz Pletz f4734e75db
libnl: 3.2.29 -> 3.3.0 2017-06-20 07:03:53 +02:00
Franz Pletz baf28b60e4
libcap_ng: 0.7.7 -> 0.7.8 2017-06-20 05:57:03 +02:00
Franz Pletz 03d1e8a14e
iproute: 4.9.0 -> 4.11.0 2017-06-20 03:56:43 +02:00
Franz Pletz 726645a94f
tpacpi-bat: 3.0 -> 3.1 2017-06-20 03:56:40 +02:00
Franz Pletz 9da4cb176a
lxcfs: 2017-03-02 -> 2.0.7 2017-06-20 03:45:48 +02:00
Franz Pletz eb8c14751a
lxc: 2.0.7 -> 2.0.8 2017-06-20 03:45:47 +02:00
Franz Pletz 05cb49625d
powertop: 2.8 -> 2.9 2017-06-20 03:45:45 +02:00
Tim Steinbach 2764961b87
linux: 4.12-rc5 -> 4.12-rc6 2017-06-19 21:21:15 -04:00
Bart Brouns cb7e49b3df alsa-utils: 1.1.2 -> 1.1.4 2017-06-19 20:00:29 +02:00
Bart Brouns 285a837674 alsa-tools: 1.1.0 -> 1.1.3 2017-06-19 20:00:29 +02:00
Bart Brouns 886f9057e3 alsa-plugins: 1.1.1 -> 1.1.4 2017-06-19 20:00:29 +02:00
Bart Brouns 1837089670 alsa-lib: 1.1.2 -> 1.1.4.1 2017-06-19 20:00:28 +02:00
Vladimír Čunát 629e9c6dc7
Merge branch 'staging'
I don't like to wait for the expat-induced rebuild to happen yet another
time on staging.
2017-06-19 07:29:42 +02:00
Thomas Tuegel c816bbc8a8
qt5: remove makeQtWrapper 2017-06-18 08:44:42 -05:00
Thomas Tuegel 210f688802
qt5: rename qmakeHook to qmake 2017-06-18 08:41:57 -05:00
Jörg Thalheim abc374f127
ply: add kernel version constraint 2017-06-18 12:52:02 +01:00
Vladimír Čunát 8702fd35e2
Merge branch 'master' into staging
... to get in more fixes of setuid/setgid.
2017-06-18 13:22:23 +02:00
Franz Pletz bbb9182cbc
linux: 4.9.32 -> 4.9.33 2017-06-17 18:45:29 +02:00
Franz Pletz a470aa0924
linux: 4.4.72 -> 4.4.73 2017-06-17 18:45:29 +02:00
Franz Pletz c973a4a887
linux: 4.11.5 -> 4.11.6 2017-06-17 18:45:29 +02:00
Franz Pletz de74d2015f
kernelPackages.zfs: 0.6.5.9 -> 0.6.5.10 2017-06-17 15:51:39 +02:00
Vladimír Čunát d88c0cf867
Merge #26628: treewide: setuid/setgid fallout 2017-06-17 13:23:39 +02:00
Jörg Thalheim 878381fd4d rewritefs: add remark to patch 2017-06-17 10:45:35 +01:00
Vladimír Čunát 304391b2f2
Merge branch 'master' into staging
Another couple thousand rebuilds.
2017-06-17 09:58:34 +02:00
Jörg Thalheim c4037ee92b Merge pull request #26583 from mbbx6spp/init-ply-package
ply: init at v1-beta1(9e810b1)
2017-06-16 23:21:23 +01:00
Vladimír Čunát 2a76b6ad69
Merge #26540: utillinux: fix "fstrim --all" 2017-06-16 21:43:26 +02:00
Will Dietz 7270b9b425 rewritefs: Don't attempt to set special bits 2017-06-16 07:22:20 -05:00
Jörg Thalheim f5d98e8e18
ply: fix build 2017-06-15 21:11:35 +01:00
Tim Steinbach b4576c5108
linux: 4.11.4 -> 4.11.5 2017-06-15 08:54:55 -04:00
Tim Steinbach a7efc9f0cd
linux: 4.9.31 -> 4.9.32 2017-06-15 08:53:35 -04:00
Tim Steinbach 07edb44d15
linux: 4.4.71 -> 4.4.72 2017-06-15 08:52:26 -04:00
gnidorah 286c36d737 utillinux: fix "fstrim --all" 2017-06-15 14:05:50 +03:00
Susan Potter fdef885d97
ply: init at v1-beta1(9e810b1) 2017-06-14 17:41:42 -05:00
Charles Strahan 3b1c4fce4f psensor: init at 1.2.0
psensor is a graphical hardware monitoring application for Linux
2017-06-13 18:51:36 -04:00
Will Dietz b83609add3 psmisc: 22.21 -> 23.0
No longer need fuser patch, fixes musl compat.
2017-06-13 22:05:00 +02:00
Jason A. Donenfeld 9d4bf6b155 wireguard: 0.0.20170531 -> 0.0.20170613
Simple version bump. Release notes:

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-13 15:55:56 +02:00
Vladimír Čunát ed070354a9
Merge branch 'staging' 2017-06-13 11:22:56 +02:00
Jörg Thalheim f866cae200
android-udev-rules: 20170305 -> 20170612 2017-06-13 08:07:04 +01:00
timor d74f8351a5 kernel: enable audio jack reconfiguration
Change kernel config to allow for changing the functions of the audio
jacks at run-time as well as at boot time.
2017-06-13 08:50:34 +03:00
Franz Pletz b733a34e8e
firmwareLinuxNonfree: 2017-03-11 -> 2017-04-16 2017-06-12 17:44:44 +02:00
Franz Pletz c34299f592
dmidecode: 3.0 -> 3.1 2017-06-12 17:44:43 +02:00
Eelco Dolstra 63e9d1c51e
perf: Fix perf annotate
This command requires objdump, so make sure it can find it.
2017-06-12 13:23:18 +02:00
Tim Steinbach 5fbab5dfb3
linux: 4.12-rc4 -> 4.12-rc5 2017-06-11 21:37:46 -04:00
Tuomas Tynkkynen fbea1265d5 audit: 2.6.6 -> 2.7.6 2017-06-11 19:46:09 +03:00
Tuomas Tynkkynen 370ace4cf0 kernel: Don't build self-test modules 2017-06-11 19:33:24 +03:00
Jörg Thalheim fe208a1cc8 Merge pull request #26509 from MP2E/musl_update
musl: 1.1.15 -> 1.1.16
2017-06-11 12:59:17 +01:00
Cray Elliott 6bdebf252c musl: 1.1.15 -> 1.1.16 2017-06-10 15:37:40 -07:00
Vladimír Čunát cb9f953c92
Merge branch 'master' into staging
More larger rebuilds.
2017-06-10 10:07:33 +02:00
Joachim Fasting b1f0af7ef6
linuxPackages.evdi: specify minimum kernel version, per upstream
Upstream says 3.16 is the oldest supported kernel.  No versions prior to
3.18 build on Hydra. See e.g., https://hydra.nixos.org/build/53599831.
2017-06-09 12:54:57 +02:00
Vladimír Čunát 10f9fb63f1
nfs-utils: fixup setuid/setgid build problems, hopefully 2017-06-08 20:43:04 +02:00
Vladimír Čunát ae6df000d0
Merge branch 'master' into staging 2017-06-07 18:11:27 +02:00
Vladimír Čunát 1aac1fe5dd
util-linux: fixup setuid/setgid build problems
... hopefully.  Also refactor some nix code a little.
2017-06-07 15:17:40 +02:00
Vladimír Čunát 833bc78dcf
shadow: fixup setuid/setgid build problems, hopefully 2017-06-07 14:21:04 +02:00
Tim Steinbach c7abd6943e
linux: 4.9.30 -> 4.9.31 2017-06-07 08:09:37 -04:00
Tim Steinbach 01fc1a80b3
linux: 4.4.70 -> 4.4.71 2017-06-07 08:07:53 -04:00
Tim Steinbach 66faa421c9
linux: 4.11.3 -> 4.11.4 2017-06-07 08:05:45 -04:00
Eelco Dolstra 338cdea332
Merge branch 'master2' of https://github.com/gnidorah/nixpkgs into staging 2017-06-07 11:46:17 +02:00
Franz Pletz f0a4e91612
batman-adv: 2017.0 -> 2017.1 2017-06-06 03:58:11 +02:00
Kier Davis b81124b4fb
Fix hooks not being called when overriding phases in various packages
It's necessary to do this in order to fix ckb's compilation, now that
fixupPhase rejects derivation results containing references to the temporary
build directory. It seems like good practice so I've added it to the
other packages that I maintain.
2017-06-05 19:13:19 +01:00
Joachim F 938742fa0b Merge pull request #26403 from vberger/drbd-fix
drbd: Fix incorrect substitution in derivation
2017-06-05 19:02:20 +01:00
Victor Berger 72b9aad4a2 drbd: Fix incorrect substitution in derivation
Prior to this, the build failed as the generated udev rules file
refers to a non-existing file, due to an incorrect substitution.
2017-06-05 16:20:56 +02:00
Tim Steinbach 7c476b98df
linux: 4.12-rc3 -> 4.12-rc4 2017-06-05 10:01:53 -04:00
Peter Hoeg a0598f9b34 tomb: clean up and use gnupg 2 instead of gnupg 1 2017-06-05 18:02:12 +08:00
Jörg Thalheim 2e08839cbe
sysdig: fix unified cgroup handling 2017-06-05 06:13:58 +01:00
Jörg Thalheim 0886c1b321
wireguard: 0.0.20170517 -> 0.0.20170531 2017-06-03 13:23:02 +01:00
Judson Lester bafcdbbb67 bcc: 0.2.0 -> 0.3.0 (#26315) 2017-06-02 22:23:19 +01:00
georgewhewell daf674491e broadcom-sta: add patch for kernel 4.11+ 2017-06-02 14:19:04 +01:00
Frederik Rietdijk 8b5dc2d67b Merge remote-tracking branch 'upstream/master' into HEAD 2017-06-01 10:17:38 +02:00
Nikolay Amiantov 7b41780a0e linuxPackages.nvidia_x11: move patches to specific versions 2017-05-31 16:52:03 +03:00
Nikolay Amiantov 3b4ef34fa0 Merge pull request #26272 from vcunat/p/nvidia-304
nvidia 304 fixes
2017-05-31 16:31:51 +03:00
Vladimír Čunát 0c4b91505e
nvidia_x11_legacy304: apply patches from Debian
The drivers would build but probably wouldn't work without them.
See #26250.
2017-05-31 10:48:54 +02:00
Vladimír Čunát af58f8de55
nvidia_x11_legacy304: 304.134 -> 304.135 2017-05-31 10:02:56 +02:00
Kranium Gikos Mendoza 153e900b39 smemstat: 0.01.16 -> 0.01.17 2017-05-31 01:01:54 +02:00
Kranium Gikos Mendoza 87a800d494 forkstat: 0.01.16 -> 0.01.17 2017-05-31 01:01:54 +02:00
Kranium Gikos Mendoza 2c53d5dea0 fnotifystat: 0.01.16 -> 0.01.17 2017-05-31 01:01:54 +02:00
Kranium Gikos Mendoza b5a3630050 eventstat: 0.03.03 -> 03.03.04 2017-05-31 01:01:54 +02:00
Vladimír Čunát 983657087b
Merge branch 'master' into staging 2017-05-30 19:39:59 +02:00
Vladimír Čunát 538aa0f808
Merge branch 'staging' (early part)
The comparison looks nice on Hydra.
2017-05-30 16:08:21 +02:00
gnidorah a996fe849f fstrim: Add service 2017-05-30 16:39:27 +03:00
Jörg Thalheim dfebb66f65
systemd: v232 -> v233
Changelog: https://github.com/systemd/systemd/blob/v233/NEWS

Upgrade was pretty smooth. One notably change is the new hybrid cgroup
mode: https://github.com/systemd/systemd/blob/v233/NEWS#L5 It should
provide better compatibility with docker.
2017-05-30 08:47:09 +01:00
Tim Steinbach a78af5196c
linux: 4.12-rc2 -> 4.12-rc3 2017-05-29 09:32:52 -04:00
Daiderd Jordan db4ff1d305 Merge pull request #26091 from LnL7/darwin-cf-10.10
CoreFounation: 10.9 -> 10.10
2017-05-28 20:38:16 +02:00
Daiderd Jordan 91caa85804
darwin-Libsystem: include libplatform headers 2017-05-27 23:19:50 +02:00
Daiderd Jordan 815f25f31b
darwin-CF: 855.17 -> 1153.18 2017-05-27 23:19:49 +02:00
Daiderd Jordan bf58495177
darwin-dispatch: 339.92.1 -> 442.1.4 2017-05-27 23:19:48 +02:00
Daiderd Jordan 857648dd31
darwin-libplatform: init at 125 2017-05-27 23:19:47 +02:00
Daiderd Jordan ff1253200b
darwin-ICU: init at 531.48 2017-05-27 23:19:42 +02:00
Armijn Hemel 0786bb00d2 cifs-utils: 6.5 -> 6.6 2017-05-26 20:56:48 +02:00
Vladimír Čunát 00672dec8a
Merge older staging
This still causes some uncached rebuilds, but master(!) and staging
move too fast forward rebuild-wise, so Hydra might never catch up.
(There are also other occasional problems.)
Therefore I merge at this point where the rebuild isn't that bad.
2017-05-26 15:45:43 +02:00
Tim Steinbach 690a83091b
linux: FS_ENCRYPTION only for >= 4.9 kernels 2017-05-25 18:25:08 -04:00
Tim Steinbach 8f0ca4f44a
linux: 4.4.69 -> 4.4.70 2017-05-25 18:21:54 -04:00
Tim Steinbach 446c57fdb2
linux: 4.9.29 -> 4.9.30 2017-05-25 18:19:16 -04:00
Tim Steinbach f618a6caa1
linux: 4.11.2 -> 4.11.3 2017-05-25 18:16:57 -04:00
Joachim Fasting f0c08e3cd4
autofs5: 5.1.2 -> 5.1.3 2017-05-25 23:53:34 +02:00
Eelco Dolstra 8a07319e7f
ixgbevf: 4.0.3 -> 4.1.2
This fixes

  error: assertion failed at /home/eelco/Dev/nixpkgs-stable/pkgs/os-specific/linux/ixgbevf/default.nix:3:1
  (use ‘--show-trace’ to show detailed location information)

deploying a >=4.10 kernel to EC2. (We could probably also drop the
ixgbevf package with recent kernels, since the ixgbevf module included
in the kernel source tree is recent enough according to Amazon's
recommendation.)
2017-05-24 14:51:39 +02:00
Vladimír Čunát 8004e79415
Merge branch 'master' into staging 2017-05-24 03:24:06 +02:00
Robin Gloster f8b0a25983
acpid: 2.0.27 -> 2.0.28 2017-05-23 02:32:39 +02:00
John Ericson 0d88299019 Merge pull request #25976 from obsidiansystems/no-stdenv-is
Add `*Platform.is*` predicates and alias `stdenv.is*` to `hostPlatform`'s
2017-05-22 13:30:20 -04:00
Arseniy Seroka c734781158 Merge pull request #25958 from Mic92/iwd
iwd: init at unstable-2017-04-21
2017-05-22 20:04:04 +03:00
Tim Steinbach aa73b7df30
linux: 4.12-rc1 -> 4.12-rc2 2017-05-22 11:40:04 -04:00
Frederik Rietdijk 99cfab07b9 Merge remote-tracking branch 'upstream/master' into HEAD 2017-05-22 09:21:40 +02:00
John Ericson 2e7ec6fb70 lib: Make platform predicates more ergonomic to use
`hostPlatform.isDarwin` instead of `lib.system.parse.isDarwin
hostPlatform.parsed`
2017-05-22 00:25:02 -04:00
Joachim Fasting 881385dbcb
linuxPackages.phc-intel: remove use of features.grsecurity
I believe this is the final reference to features.grsecurity.
See also e6c65ecb12
2017-05-21 18:08:07 +02:00
Jörg Thalheim a527a47cd3
iwd: init at unstable-2017-04-21 2017-05-21 11:05:35 +01:00
Tim Steinbach a42c54057f
linux: 4.11.1 -> 4.11.2 2017-05-20 17:17:35 -04:00
Tim Steinbach a551ca61b7
linux: 4.9.28 -> 4.9.29 2017-05-20 17:17:34 -04:00
Tim Steinbach 82852ac60e
linux: 4.4.68 -> 4.4.69 2017-05-20 17:17:33 -04:00
Tuomas Tynkkynen de263072b5 kernel: 4.10 is end-of-life
https://lkml.org/lkml/2017/5/20/75
2017-05-20 19:54:18 +03:00
Jörg Thalheim 0b21bd9dbd Merge pull request #25748 from armijnhemel/hwdata
hwdata: 0.291 -> 0.300
2017-05-20 17:40:31 +01:00
Vladimír Čunát 5aa530f2a8
Merge branch 'master' into staging
A few thousand rebuilds from master.
2017-05-19 08:57:59 +02:00
Nikolay Amiantov 030862f63c linuxPackages.evdi: init at 1.4.1 2017-05-19 02:53:09 +03:00
Nikolay Amiantov e17744067a displaylink: 1.1.62 -> 1.3.52 2017-05-19 02:51:45 +03:00
Joachim Fasting 77ed860114
linux_hardened: enable checks on scatter-gather tables
Recommended by kspp
2017-05-18 12:33:42 +02:00
Vladimír Čunát e9aeb55f3b
Merge branch 'master' into staging 2017-05-18 11:24:18 +02:00
Jörg Thalheim 64acaa1e2d Merge pull request #25646 from zx2c4/wg-psk-change
wireguard: 0.0.20170421 -> 0.0.20170517
2017-05-17 23:58:51 +01:00
John Ericson bec5ffee15 Merge pull request #25232 from obsidiansystems/cross-binutils
Cross binutils
2017-05-17 16:34:56 -04:00
John Ericson 7018dfb9f4 binutils and cctools: Prefix derivation names with target for cross
We want platform triple prefixes and suffixes on derivation names to
be used consistently. The ideom this commit strives for is

 - suffix means build != host, i.e. cross *built* packages. This is
   already done.

 - prefix means build != target, i.e. cross tools. This matches the
   tradition of such binaries themselves being prefixed to disambiguate.]
   Binutils and cctools, as build tools, now use the latter
2017-05-17 15:33:05 -04:00
John Ericson 88ea6463a3 binutils on darwin: Clean up the rats nest
- No more *Cross duplication for binutils on darwin either.
   `cctools_cross` is merged into plain `cctools`, so `buildPackages`
   chains alone are used to disambiguate.

 - Always use a mashup of cctools and actual GNU Binutils as `binutils`.
   Previously, this was only done in the native case as nobody had
   bothered to implement the masher in the cross case. Implemented it
   basically consisted of extending the wrapper to deal with prefixed
   binaries.
2017-05-17 15:33:05 -04:00
Jason A. Donenfeld ef018d8955 wireguard: 0.0.20170421 - 0.0.20170517
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-17 20:25:06 +02:00
Tim Steinbach 8eb302d6d7 Merge pull request #25792 from NeQuissimus/linux_4_12_rc1
linux-testing: 4.11-rc7 -> 4.12-rc1
2017-05-17 08:30:10 -04:00
Vladimír Čunát 515414ed32
Merge branch 'master' into staging 2017-05-16 18:32:43 +02:00
Vladimír Čunát 65ede052fa
treewide: fixup packages with RPATH problems 2017-05-16 18:30:58 +02:00
Tuomas Tynkkynen a35ec5dda6 linux_rpi: 1.20170303 -> 1.20170427 2017-05-15 11:14:59 +03:00
Tuomas Tynkkynen f2e2dde681 raspberrypifw: 1.20170303 -> 1.20170427 2017-05-15 11:14:59 +03:00
Tim Steinbach 336b044dcb
linux-testing: 4.11-rc7 -> 4.12-rc1 2017-05-14 22:03:14 -04:00
Tuomas Tynkkynen ba585648e7 kernel: 4.9.27 -> 4.9.28 2017-05-15 01:28:01 +03:00
Tuomas Tynkkynen 8de08ff145 kernel: 4.4.67 -> 4.4.68 2017-05-15 01:27:50 +03:00
Tuomas Tynkkynen c230aee121 kernel: 4.11 -> 4.11.1 2017-05-15 01:27:41 +03:00
Tuomas Tynkkynen 2f1e6c8686 kernel: 4.10.15 -> 4.10.16 2017-05-15 01:27:30 +03:00
Tuomas Tynkkynen eacfdc38f4 cryptsetup: 1.7.3 -> 1.7.5 2017-05-14 22:37:06 +03:00
Joachim Fasting e6c65ecb12
tree-wide: remove uses of features.grsecurity 2017-05-14 15:08:51 +02:00
Tuomas Tynkkynen d22b1d0ba1 hdparm: 9.51 -> 9.52 2017-05-14 13:47:29 +03:00
Armijn Hemel 6b9996f523 hwdata: 0.291 -> 0.300
webpage change, since fedorahosted is being shut down
2017-05-12 23:28:36 +02:00
Cray Elliott 4f51a1ef32 nvidia-x11: add dbus as a dependency to settings
for the latest beta release, the nvidia-settings binary will not compile
without dbus/dbus.h
2017-05-12 01:30:28 -07:00
Vladimír Čunát 165a6548ad
nvidia_x11_legacy340: fix patch URL to fix #25721
Using fixed-commit URLs and fetchpatch is just more robust.
2017-05-12 10:13:26 +02:00
Cray Elliott 11b8cfb506 nvidia_x11_beta: 378.13 -> 381.22
also remove nvidia 4.10 kernel patch as it is no longer needed
2017-05-11 17:53:19 -07:00
Linus Heckemann 89ce83688c nvidia-x11: fix linux 4.10 patch URL 2017-05-11 17:29:57 -07:00
Linus Heckemann 995d41c091 nvidia stable: 375.39 -> 375.66 2017-05-11 17:29:57 -07:00
Tim Steinbach 8584a16922
linux: 4.10.14 -> 4.10.15 2017-05-09 08:43:37 -04:00
Jörg Thalheim 2e2a5af81f
sysdig: 0.15.0 -> 0.16.0 2017-05-09 09:21:44 +01:00
Joachim Fasting 996b65cfba
linux_hardened: enable structleak plugin
A port of the PaX structleak plugin.  Note that this version of structleak
seems to cover less ground than the PaX original (only marked structs are
zeroed). [1]

[1]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c61f13eaa1ee17728c41370100d2d45c254ce76f
2017-05-09 01:38:26 +02:00
Joachim Fasting 1816e2b960
linux_hardened: BUG on struct validation failure 2017-05-09 01:38:24 +02:00
Joachim Fasting a7ecdffc28
linux_hardened: move to 4.11
Note that DEBUG_RODATA has been split into STRICT_KERNEL_RWX &
STRICT_MODULE_RWX, which are on by default (non-optional).
2017-05-09 01:38:22 +02:00
Joachim Fasting 42c58cd2e8
linux_hardened: compile with stackprotector-strong
Default is regular, which we need to unset for kconfig to accept the new
value.
2017-05-09 01:38:21 +02:00
Eelco Dolstra e2700861fb
shadow: Fix hash 2017-05-08 16:56:05 +02:00
Tim Steinbach 8c74ff6534
linux: 4.9.26 -> 4.9.27 2017-05-08 09:26:26 -04:00
Tim Steinbach 4e2c67ff76
linux: 4.4.66 -> 4.4.67 2017-05-08 09:23:52 -04:00
Eelco Dolstra 7f6abddcd7
shadow: Fix using default shell in useradd
This caused "useradd xyzzy" to produce a user with no shell:

  xyzzy1002💯:/home/xyzzy:

https://github.com/shadow-maint/shadow/pull/33
2017-05-08 15:10:50 +02:00
Jörg Thalheim 192f8e7699
broadcom-bt-firmware: revert to unfree
license was misinterpreted, it is now only conditionally in the all
firmware list included, if `allowUnfree` is set.

fixes #25567
2017-05-08 09:18:11 +01:00
Joachim F 5250d3ec3d Merge pull request #25561 from joachifm/linux-gcc-plugins
linux: support using gcc plugins
2017-05-07 12:31:32 +01:00
Jörg Thalheim cc75ccbf64
broadcom-bt-firmware: change license to redistributal
see also: https://github.com/winterheart/broadcom-bt-firmware/blob/master/LICENSE.broadcom_bcm20702

fixes #25567
2017-05-07 07:33:41 +01:00
Joachim Fasting a04d8532c2
linux: support using gcc plugins
linux 4.8 onwards support gcc plugins.  This patch adds build inputs
required to make use of gcc plugins to the generic kernel build
environment.
2017-05-06 19:47:27 +02:00
Jörg Thalheim 7765e5971c
kernelPackages.zfsUnstable: 0.7.0-rc3 -> 0.7.0-rc4 2017-05-06 07:40:42 +01:00
Jörg Thalheim 4ea961ccc3
kernelPackages.splUnstable: 0.7.0-rc3 -> 0.7.0-rc4 2017-05-06 07:40:28 +01:00
Jörg Thalheim 3156ef2dfd Merge pull request #25478 from zraexy/zraexy-broadcom-bt-firmware
broadcom-bt-firmware: init at 12.0.1.1011
2017-05-04 22:33:06 +01:00
Jörg Thalheim d072ef956d broadcom-bt-firmware: mention package limitations 2017-05-04 22:32:55 +01:00
Tim Steinbach 2a38ecc055
linux: 4.10.13 -> 4.10.14 2017-05-03 20:46:48 -04:00
Tim Steinbach 6076843be3
linux: 4.9.25 -> 4.9.26 2017-05-03 20:44:09 -04:00
Tim Steinbach af933bc7d3
linux: 4.4.65 -> 4.4.66 2017-05-03 20:41:46 -04:00
zraexy d900478e3c broadcom-bt-firmware: init at 12.0.1.1011
broadcom-bt-firmware: init at 12.0.1.1011
2017-05-03 12:51:32 -08:00
zraexy 7845163d6a bt-fw-converter: init at 2017-02-19 2017-05-03 12:51:24 -08:00
Cray Elliott cebce78be9 mwprocapture: fix compile on linux 4.11 2017-05-03 00:11:22 -07:00
Victor Calvert 3d27a84a1c tomb: 2.2 -> 2.4 (#25465) 2017-05-03 00:32:51 +01:00
Jörg Thalheim 7be7902990
zfsUnstable: mark as incompatible with 4.11 (since rc3) 2017-05-02 18:15:53 +02:00
Tim Steinbach b5169fd277
linux: Add cgroups patches for 4.9, 4.10, 4.11 2017-05-02 08:49:39 -04:00
Vladimír Čunát d7501b986a
luajit: 2.1.0-beta2 -> 2.1.0-beta3
The removal of `luaL_reg` alias caused lots of breakage.
Only sysdig and knot-resolver needed (also) other changes.
2017-05-02 14:00:45 +02:00
Shea Levy 207a0af06a Add linux 4.11 2017-05-01 19:04:45 -04:00
Jörg Thalheim 95f6bece88
wpa_supplicant: upgrade to qt5
also inkscape removal patch, as it introduced a bug: #25320
fixes #25320 #25325
2017-05-01 21:23:22 +02:00
Armijn Hemel 5b0dcf95a0 atop: 2.2-3 -> 2.3.0 2017-05-01 14:45:27 +02:00
Michael Raskin 9c39666613 Merge pull request #25107 from armijnhemel/guvcview
guvcview: 2.0.4 -> 2.0.5
2017-05-01 14:15:07 +02:00
Michael Raskin 1cce0887ee Merge branch 'master' into mptcp-v91.3 2017-05-01 00:43:08 +02:00
michael bishop 70863d5326
ioport: init at 1.2 2017-04-30 18:34:17 -03:00
Michael Raskin 763ed66c24 bluez5: install gatttool; reported by @husnoo 2017-04-30 21:12:37 +02:00
Michael Raskin 929eed352b Merge pull request #22410 from adnelson/upstart_improvements
upstart: wrap binaries and patch hard-coded paths
2017-04-30 18:29:33 +02:00
Tim Steinbach 0c4de3c0c9
linux: 4.4.64 -> 4.4.65 2017-04-30 08:58:44 -04:00
Michael Raskin b5c3586289 Merge pull request #25333 from zraexy/zraexy-nvidia-x11
nvidia-x11: switch download urls to https
2017-04-30 12:23:54 +02:00
Joachim Fasting ab4fa1cce4
tree-wide: prune some dead grsec leaves
The beginning of pruning grsecurity/PaX from the tree.
2017-04-30 12:05:41 +02:00
Joachim Fasting 62f2a1c2be
linux_hardened: init
The rationale for this is to have a place to enable hardening features
that are either too invasive or that may be speculative/yet proven to be
worthwhile for general-purpose kernels.
2017-04-30 12:05:39 +02:00
zraexy 563fa2c034 nvidia-x11: switch download urls to https 2017-04-29 13:19:04 -08:00
Jörg Thalheim 6af952fac8
rtkit: fix meta attr 2017-04-29 10:49:12 +02:00
Dan Peebles 90b9719f4f treewide: fix the remaining issues with meta attributes 2017-04-29 04:24:34 +00:00
Joachim Fasting 32b8512e54
grsecurity: discontinue support
Upstream has decided to make -testing patches private, effectively ceasing
free support for grsecurity/PaX [1].  Consequently, we can no longer
responsibly support grsecurity on NixOS.

This patch turns the kernel and patch expressions into build errors and
adds a warning to the manual, but retains most of the infrastructure, in
an effort to make the transition smoother.  For 17.09 all of it should
probably be pruned.

[1]: https://grsecurity.net/passing_the_baton.php
2017-04-28 12:35:15 +02:00
Tim Steinbach 7f3b857d0d
linux: 4.4.63 -> 4.4.64 2017-04-27 22:12:35 -04:00
Tim Steinbach 08c44a5cac
linux: 4.10.12 -> 4.10.13 2017-04-27 22:10:06 -04:00
Tim Steinbach 903fec9922
linux: 4.9.24 -> 4.9.25 2017-04-27 22:07:34 -04:00
John Ericson 761af14778 Merge pull request #25227 from obsidiansystems/cross-purge-binutilsCross
Purge binutilsCross
2017-04-26 09:09:06 -04:00
John Ericson 295315cc87 binutilsCross: Remove and use binutils instead always
See previous commit for what was done to `binutils` to make this
possible.

There were some uses of `forcedNativePackages` added. The
combination of overrides with that attribute is highly spooky: it's
often important that if an overridden package comes from it, the
replaced arguments for that package come from it. Long term this
package set and all the spookiness should be gone and irrelevant:

  "Move along, nothing to see here!"

No hashes should be changed with this commit
2017-04-25 21:36:19 -04:00
Kranium Gikos Mendoza e57bcc7106 facetimehd-firmware: disable aarch64-linux builds 2017-04-26 03:09:24 +03:00
Kranium Gikos Mendoza 88be2f7080 facetimehd: disable aarch64-linux builds 2017-04-26 03:09:24 +03:00
Jörg Thalheim bd47d04294 Merge pull request #25146 from zx2c4/remove-old-chromiumos
linux-chromiumos: remove 3.14
2017-04-25 07:32:51 +02:00
Daniel Peebles 3ae7f249da Merge pull request #25187 from obsidiansystems/remove-stray-kernel-headers
linux-headers: Remove stray linux headers 3.18 nix file
2017-04-24 23:07:58 -04:00
John Ericson af6e4c5b0d Merge pull request #25190 from obsidiansystems/ios-stdenv-tiny-refactor
crossStdenv on iphone: Just get info from `targetPlatform`
2017-04-24 16:57:54 -04:00
John Ericson db5a921945 crossStdenv on iphone: Just get info from targetPlatform 2017-04-24 16:12:26 -04:00
Vladimír Čunát d965e119f2
Merge #24749: amdgpu-pro: 16.60 -> 17.10 2017-04-24 21:53:50 +02:00
John Ericson d4fb8cfc09 linux-headers: Remove stray linux headers 3.18 nix file
In dced724c00 this derivation was
unexposed along (in all-packages.nix) with the removal of linux 3.18[1].
I think this file was left behind by mistake.

[1]: dced724c00 (diff-036410e9211b4336186fc613f7200b12L11174)
2017-04-24 15:25:52 -04:00
Jörg Thalheim 7c44277d38 Merge pull request #25127 from zx2c4/patch-3
wireguard: 0.0.20170409 -> 0.0.20170421
2017-04-24 19:28:23 +02:00
Tuomas Tynkkynen 84982c28de Merge remote-tracking branch 'upstream/master' into staging 2017-04-24 15:04:43 +03:00
evujumenuk aef776836d zfs: Bump incompatibleKernelVersion to "4.11"
https://github.com/zfsonlinux/zfs/releases/tag/zfs-0.6.5.9 attests compatibility with kernel versions up to 4.10.x.
2017-04-23 16:05:38 +02:00
Jason A. Donenfeld b1750d699c linux-chromiumos: remove 3.14
3.14 is no longer supported upstream by kernel.org and thus no longer
receives security patches. The git commit mentioned in this .nix isn't
even available in the linked repository --
https://chromium.googlesource.com/chromiumos/third_party/kernel -- so I
think this .nix might be dead anyway. Finally, it specifies 3.14.0,
which is so ridiculously old (the latest was 3.14.79) that nobody
develops for it.

Fixes: #25145
Supports: #25127
2017-04-23 15:47:46 +02:00
Jörg Thalheim 8deb0e104f
wireguard: do not fail on warning for older kernel 2017-04-23 13:36:02 +02:00
Jörg Thalheim 600a2f2746
wireguard: make myself maintainer 2017-04-23 13:35:52 +02:00
Frederik Rietdijk 4fc9b1852a Merge remote-tracking branch 'upstream/master' into HEAD 2017-04-23 11:26:47 +02:00
Jason A. Donenfeld 75608e1bb3 wireguard: 0.0.20170409 -> 0.0.20170421 2017-04-22 23:34:38 +02:00
Joachim Fasting 9e6c96f8fc
grsecurity: 4.9.24-201704210851 -> 4.9.24-2201704220732 2017-04-22 16:37:24 +02:00
Armijn Hemel 04a43fdb90 guvcview: 2.0.4 -> 2.0.5 2017-04-22 12:45:35 +02:00
Joachim Fasting 05911da7bb
grsecurity: 4.9.23-201704181901 -> 4.9.24-201704210851 2017-04-21 15:09:32 +02:00
Tim Steinbach 7fb1b54cc1
linux: 4.4.62 -> 4.4.63 2017-04-21 08:03:43 -04:00
Tim Steinbach 1b3282d52d
linux: 4.10.11 -> 4.10.12 2017-04-21 08:01:22 -04:00
Tim Steinbach 4dda88c89d
linux: 4.9.23 -> 4.9.24 2017-04-21 07:58:45 -04:00
Linus Heckemann 7e34a9c397 util-linux: fix path to umount in eject 2017-04-20 15:52:31 +01:00