3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

5447 commits

Author SHA1 Message Date
Franz Pletz f30f7d0cff
powertop: add homepage, cleanup 2016-10-14 00:02:30 +02:00
Graham Christensen 88a47f1950 Merge pull request #19467 from grahamc/nvidia-x11-master
nvidia-x11: 367.35 -> 367.57
2016-10-12 19:07:29 -04:00
Graham Christensen b98c0a668e
nvidia-x11: 367.35 -> 367.57 2016-10-11 19:43:58 -04:00
Vladimír Čunát 9d1dfc9ed0 Merge #18861: add AMDGPU-PRO driver 2016-10-11 19:57:30 +02:00
David McFarland 3b4ce62451 amdgpu-pro: Init at 16.30.3-315407 2016-10-11 14:19:38 -03:00
Joachim Fasting ce73a3ea0f grsecurity: 4.7.6-201609301918 -> 4.7.7-201610101902 2016-10-11 13:15:16 +02:00
Eelco Dolstra 88f10ad409 aggregateModules: Preserve kernel's modules.{builtin,order}
Fixes #19426.
2016-10-11 11:42:41 +02:00
sternenseemann 3fb2993cb3 maintainers: rename lukasepple according to github account name 2016-10-09 22:04:22 +02:00
Aneesh Agrawal f0602d2d36 kernel: Make SECURITY_YAMA optional
It's highly recommended, but not required to run NixOS.
2016-10-08 17:46:33 +02:00
Aneesh Agrawal a000ed181c linux config: enable the Yama LSM (#14392)
The Yama Linux Security Module restricts the use of ptrace so that
processes cannot ptrace processes that are not their children. This
prevents attackers from compromising one user-level processes and
snooping on the memory and runtime state of other processes owned
by the same user.
2016-10-08 16:40:12 +02:00
Tim Steinbach a699eb4798 linux: 4.4.23 -> 4.4.24 (#19346) 2016-10-08 07:02:07 +02:00
Tim Steinbach 9481edec56 linux: 4.7.6 -> 4.7.7 (#19345) 2016-10-08 07:01:51 +02:00
Tim Steinbach 07e67b33af linux: 4.8.0 -> 4.8.1 (#19344) 2016-10-08 07:01:27 +02:00
Marco Maggesi 435673b948 Revert "Revert "linux*: remove 3.14, as it's no longer maintained""
In the end, it is too dangerous to have an unmaintained kernel in
nixpkgs.  Revert the revert.

This reverts commit e921725176.
2016-10-07 23:26:32 +02:00
Marco Maggesi e921725176 Revert "linux*: remove 3.14, as it's no longer maintained"
This is the simplest way to reenable the use of BLCR
(which at present requires linux version >3.12 <3.18)
until we find a better solution.

This reverts commit 6a9e765e27.
2016-10-07 14:31:24 +02:00
Thomas Tuegel 2e255a2edd
Merge branch 'staging' 2016-10-06 09:51:02 -05:00
Eelco Dolstra a8b61b0aad Merge pull request #19278 from anderspapitto/local
perf: add dependency on libaudit
2016-10-06 11:45:54 +02:00
Anders Papitto aa44330963 perf: add dependency on libaudit
the `trace` subcommand of perf is only enabled when libaudit is
available at compile time
2016-10-05 17:59:44 -07:00
Jörg Thalheim 638d4b4d71 Merge pull request #19265 from Mic92/rtkit
rtkit: apply security relevant patch
2016-10-06 00:07:35 +02:00
Eelco Dolstra f084274eeb Merge pull request #19251 from groxxda/patch-2
kernel: Disable RT_GROUP_SCHED
2016-10-05 20:05:18 +02:00
Vladimír Čunát 30f551d8b2 Merge branch 'master' into staging 2016-10-05 19:02:48 +02:00
Jörg Thalheim c684eb756a
rtkit: *security* Pass uid of caller to polkit
Otherwise, we force polkit to look up the uid itself in /proc, which is racy if
they execve() a setuid binary.
2016-10-05 18:11:02 +02:00
Alexander Ried 96fbdf8594 kernel: Disable RT_GROUP_SCHED
Follow systemd recommendation
fd74fa791f/README (L96-L103)
2016-10-05 12:52:45 +02:00
Alexander Ried 4e91e8cb3d rtkit: add patch from debian to remove ControlGroup stanza
fixes log clutter:
systemd[1]: [/nix/store/....-rtkit-0.11/etc/systemd/system/rtkit-daemon.service:32] Unknown lvalue 'ControlGroup' in section 'Service'
2016-10-05 11:23:11 +02:00
Thomas Tuegel d067b7bd35
Merge branch 'kde-5' into staging 2016-10-04 21:50:17 -05:00
Shea Levy e54313d183 Revert "Revert "Linux 4.8""
Now featuring @aszlig's modinst_arg_list_too_long patch.

This reverts commit 43bedb970d.

Fixes #19213
2016-10-04 10:10:36 -04:00
Shea Levy 43bedb970d Revert "Linux 4.8"
This reverts commit e4958d54b1.
2016-10-03 22:04:43 -04:00
Vladimír Čunát 1525568c74 util-linux: fixup patch hash from grandparent merge
And name the file, too.
2016-10-03 23:06:51 +02:00
Jörg Thalheim 45f64a37c9 Merge pull request #19175 from Mic92/util-linux
util-linux: workaround CVE-2016-2779
2016-10-03 22:53:21 +02:00
Jörg Thalheim 888f6a1280 Merge pull request #19199 from wizeman/u/fix-help2man-hash
help2man: fix hash
2016-10-03 19:26:44 +02:00
Franz Pletz beca8946ee
jool: 3.4.5 -> 3.5.0 2016-10-03 18:25:28 +02:00
Shea Levy e4958d54b1 Linux 4.8 2016-10-03 08:45:45 -04:00
Eric Sagnes 58d44a376e wireguard: 2016-08-08 -> 2016-10-01 2016-10-03 17:06:11 +09:00
Jörg Thalheim ba00ba65eb
util-linux: workaround CVE-2016-2779
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779
2016-10-03 08:49:56 +02:00
Joachim Fasting 9a9237e0aa
grsecurity: revamp nixos kernel config
Cleanup:
- Restructure & add some commentary
- Remove redundant option specs given the auto config
  constraints (some are left in for documentation purposes)

Changes:
- GRKERNSEC_CONFIG_VIRT_HOST -> GUEST
  The former deselects paravirtualization and friends
- PAX_LATENT_ENTROPY n -> y (implied by auto)
- GRKERNSEC_ACL_HIDEKERN y -> n
  Possibly useless with redistribution
2016-10-02 19:25:58 +02:00
Joachim Fasting 1bb7b44cd7
grsecurity: make GRKERNSEC y and PAX y implicit
These options should always be specified. Note, an implication of this
change is that not specifying any grsec/PaX options results in a build
failure.
2016-10-02 19:25:58 +02:00
Tuomas Tynkkynen 19225bf5cc Merge remote-tracking branch 'upstream/master' into staging 2016-10-02 10:36:47 +03:00
Tuomas Tynkkynen f5dd3a703d treewide: Fix more lib.optional misuses 2016-10-02 00:44:10 +03:00
Aneesh Agrawal fcee1d0b28
Remove redundant -DCMAKE_BUILD_TYPE=Release flags
Since commit 183d05a0 in 2012, this is the default.

fixes #18000
2016-10-01 16:13:41 +02:00
Joachim Fasting 2ec9a1a955
grsecurity: 4.7.5-201609261522 -> 4.7.6-201609301918 2016-10-01 08:47:30 +02:00
Joachim Fasting 22108b7a10
linux_4_7: 4.7.5 -> 4.7.6 2016-10-01 08:46:31 +02:00
Eelco Dolstra 613a12a8bd linux: 4.4.22 -> 4.4.23 2016-09-30 14:41:19 +02:00
Eelco Dolstra 8b09ba32d3 systemd: Apply various upstream bug fixes
This includes the fix for the assertion failure in
https://github.com/systemd/systemd/issues/4234.
2016-09-30 11:23:51 +02:00
rnhmjoj 7cf7572734
btfs: 2.11 -> 2.12 2016-09-30 01:23:16 +02:00
Eelco Dolstra fe9e5f9f55 pam_usb: Fix evaluation 2016-09-29 20:35:40 +02:00
Eelco Dolstra 518340624d Merge remote-tracking branch 'origin/master' into staging 2016-09-29 13:06:14 +02:00
Eelco Dolstra c5ddb7dd56 Move useSetUID to pam_usb, the only place where it's used 2016-09-29 13:05:28 +02:00
Yochai ca9c21b0ab rtl8812au: 4.2.2-1 -> 4.3.20 2016-09-29 09:29:22 +03:00
Graham Christensen ff5cf3abff linux-3.10: fix build by upstream patch 2016-09-28 19:18:34 +02:00
Vladimír Čunát 77604964b6 Merge branch 'master' into staging 2016-09-28 17:13:59 +02:00