3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

17571 commits

Author SHA1 Message Date
Felix Buehler 34950c7359 sinit: refactor 2022-01-16 16:23:21 +01:00
Jörg Thalheim 5a6a12256d
Merge pull request #154157 from yaxitech/sgx-ssl
sgx-ssl: init at lin_2.15.1_1.1.1l
2022-01-16 06:05:10 +00:00
Bernardo Meurer 4fa2647449
Merge pull request #154994 from mweinelt/kernel-disable-unpriv-ebpf
linux: enable BPF_UNPRIV_DEFAULT_OFF on 5.10 and later
2022-01-16 00:46:51 +00:00
Bernardo Meurer 00cd3d063c
Merge pull request #154976 from TredwellGit/linux
Kernels 2022-01-14
2022-01-16 00:41:11 +00:00
Martin Weinelt 3ee206291a
linux: enable BPF_UNPRIV_DEFAULT_OFF between 5.10 and 5.15
Disable unprivileged access to BPF syscalls to prevent denial of service
and privilege escalation via

a) potential speculative execution side-channel-attacks on unmitigated
hardware[0]

or

b) unvalidated memory access in ringbuffer helper functions[1].

Fixes: CVE-2021-4204, CVE-2022-23222

[0] https://ebpf.io/summit-2021-slides/eBPF_Summit_2021-Keynote-Daniel_Borkmann-BPF_and_Spectre.pdf
[1] https://www.openwall.com/lists/oss-security/2022/01/13/1
2022-01-15 23:44:19 +01:00
Vincent Haupert 6639cd8c65 sgx-ssl: don't run test app in installCheckPhase
Although we build the test app in SGX simulation mode which does not
require hardware SGX support, SGX SSL fails to initialize on non-Intel
CPUs. This is unexpected (and inconsistent with the `sgx-sdk` sample
code we run in the `installCheckPhase`) and subject to an upstream
issue: https://github.com/intel/intel-sgx-ssl/issues/113

Revert this commit as soon as the issue is resolved by Intel.
2022-01-15 13:08:31 +01:00
arcnmx 36026bb0c4 linuxPackages.kvmfr: patch for 5.16 2022-01-14 15:14:39 -08:00
Jonathan Ringer 97a8c7228a linuxPackages.nvidia_x11_beta: 495.29.05 -> 510.39.01 2022-01-14 12:34:41 -08:00
R. RyanTM 162d4c51b3
ryzenadj: 0.8.2 -> 0.8.3
(#154582)
2022-01-14 16:58:04 +01:00
markuskowa eb7348fea9
Merge pull request #154872 from markuskowa/upd-rdma-core
rdma-core: 38.0 -> 38.1
2022-01-14 10:45:11 +01:00
TredwellGit e19681509b linux/hardened/patches/5.4: 5.4.170-hardened1 -> 5.4.171-hardened1 2022-01-14 02:25:10 +00:00
TredwellGit ead5545be3 linux/hardened/patches/5.15: 5.15.12-hardened1 -> 5.15.14-hardened1 2022-01-14 02:25:01 +00:00
TredwellGit f14a7feff2 linux/hardened/patches/5.10: 5.10.89-hardened1 -> 5.10.91-hardened1 2022-01-14 02:24:52 +00:00
TredwellGit 56224051e3 linux/hardened/patches/4.19: 4.19.224-hardened1 -> 4.19.225-hardened1 2022-01-14 02:24:42 +00:00
TredwellGit 230a6813d9 linux/hardened/patches/4.14: 4.14.261-hardened1 -> 4.14.262-hardened1 2022-01-14 02:24:34 +00:00
TredwellGit c5f9bb4d21 linux-rt_5_4: 5.4.161-rt67 -> 5.4.170-rt68 2022-01-14 02:23:37 +00:00
Martin Weinelt 99ee04b5d1 cryptsetup: 2.4.2 -> 2.4.3 2022-01-13 18:24:48 +01:00
Sandro Jäckel 24e553ceab
maloader: use fetchFromGitHub 2022-01-13 17:16:39 +01:00
Markus Kowalewski 442dc01aac
rdma-core: 38.0 -> 38.1 2022-01-13 11:20:40 +01:00
Andreas Stührk db091609ff sgx-ssl: init at lin_2.15.1_1.1.1l
Co-authored-by: Vincent Haupert <mail@vincent-haupert.de>
2022-01-12 19:24:39 +01:00
Julian Stecklina 7a73bd3d08 linuxPackages.tuxedo-keyboard: update description to point to module 2022-01-12 11:47:53 +01:00
Julian Stecklina ea9647d202 linuxPackages.tuxedo-keyboard: 3.0.8 -> 3.0.9 2022-01-12 11:47:53 +01:00
R. Ryantm 734af73298 bpftrace: 0.14.0 -> 0.14.1 2022-01-12 04:01:33 -06:00
Bobby Rong b7c1fcea75
Merge pull request #154682 from IvarWithoutBones/bump/tuigreet
tuigreet: 0.6.1 -> 0.7.1
2022-01-12 17:11:27 +08:00
TredwellGit 61dd0c8e85 linux: 5.4.170 -> 5.4.171 2022-01-11 16:37:55 +00:00
TredwellGit 4cf69dc13a linux: 5.15.13 -> 5.15.14 2022-01-11 16:37:49 +00:00
TredwellGit caa8c4963d linux: 5.10.90 -> 5.10.91 2022-01-11 16:37:40 +00:00
TredwellGit 84e167d8b3 linux: 4.9.296 -> 4.9.297 2022-01-11 16:37:32 +00:00
TredwellGit e30d75558e linux: 4.4.298 -> 4.4.299 2022-01-11 16:37:26 +00:00
TredwellGit 7bf2f23df2 linux: 4.19.224 -> 4.19.225 2022-01-11 16:37:20 +00:00
TredwellGit 169ed1335f linux: 4.14.261 -> 4.14.262 2022-01-11 16:37:14 +00:00
R. Ryantm 9fd9e5e56e android-udev-rules: 20210501 -> 20220102 2022-01-11 18:33:26 +03:00
Bobby Rong 1c22065e93
Merge pull request #154360 from r-ryantm/auto-update/autosuspend
autosuspend: 4.0.1 -> 4.1.0
2022-01-11 17:41:22 +08:00
R. Ryantm de69cfae3c autosuspend: 4.0.1 -> 4.1.0 2022-01-11 00:37:13 +00:00
Bernardo Meurer 5f36161ae1
linuxKernel.kernels: mark {IO_,}STRICT_DEVMEM optional to unbreak hardened kernels 2022-01-10 17:49:30 -03:00
Martin Weinelt e2aab32379 batman-adv: 2021.1 -> 2021.4
https://www.open-mesh.org/news/106
https://www.open-mesh.org/news/105
https://www.open-mesh.org/news/104
2022-01-10 16:32:48 +00:00
Alyssa Ross 0a99fa0331 linux_latest: 5.15.12 -> 5.16 2022-01-10 16:32:48 +00:00
Bernardo Meurer d72a2e7baf
firmwareLinuxNonfree -> linux-firmware
This renames our `firmwareLinuxNonfree` package to `linux-firmware`.
There is prior art for this in multiple other distros[1][2][3].

Besides making the package more discoverable by those searching for the
usual name, this also brings it in-line with the `kebab-case` we
normally see in `nixpkgs` pnames, and removes the `Nonfree` information
from the name, which I consider redundant given it's present in
`meta.license`.

The corresponding alias has been added, so this shouldn't break
anything.

[1]: https://archlinux.org/packages/core/any/linux-firmware/
[2]: https://src.fedoraproject.org/rpms/linux-firmware
[3]: https://packages.gentoo.org/packages/sys-kernel/linux-firmware
2022-01-10 12:28:03 -03:00
Bernardo Meurer bbb703f8cf
Merge pull request #154287 from lovesegfault/linux-config-fix-soundwire
linuxKernel.kernels: also enable SND_SOC_SOF_INTEL_SOUNDWIRE_LINK after 5.10
2022-01-10 14:40:40 +00:00
Bernardo Meurer a9eb0470c3
Merge pull request #153923 from qbit/vmm_clock
os-specific/linux/vmm_clock: add vmm_clock
2022-01-10 14:22:35 +00:00
Bernardo Meurer c1376aedd7
linuxKernel.kernels: also enable SND_SOC_SOF_INTEL_SOUNDWIRE_LINK between 5.10-5.11 2022-01-10 11:15:24 -03:00
Aaron Bieber 40e761918d vmm_clock: init at 0.1.0 2022-01-10 06:53:08 -07:00
Bernardo Meurer c9248a6d87
Merge pull request #154274 from L-as/alsa-firmware 2022-01-10 13:14:36 +00:00
Bernardo Meurer 325f561c68
Merge pull request #154253 from brandonweeks/kspp 2022-01-10 12:57:53 +00:00
Las Safin 9968242e1e
alsa-firmware: 1.2.1 -> 1.2.4
Thanks @sternenseemann and @collares !
2022-01-10 11:43:10 +00:00
Bobby Rong b426ea250c
Merge pull request #151649 from r-ryantm/auto-update/alsa-plugins
alsa-plugins: 1.2.5 -> 1.2.6
2022-01-10 19:36:19 +08:00
Brandon Weeks 8f200e0e38 linux: enable IO_STRICT_DEVMEM 2022-01-09 21:34:42 -08:00
Bernardo Meurer 0cd9bb5dc1
Merge pull request #154240 from alyssais/kvmfr-5.16 2022-01-10 04:57:48 +00:00
Bernardo Meurer 5eb3005275
Merge pull request #154179 from vcunat/p/liquidtux-broken 2022-01-10 04:48:37 +00:00
Bernardo Meurer 501a2c13cc
Merge pull request #154181 from brandonweeks/debug_list 2022-01-10 04:48:21 +00:00