1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-13 08:05:40 +00:00
Commit graph

6981 commits

Author SHA1 Message Date
Tim Steinbach ecd4c58d0a
plymouth: 0.9.2 -> 0.9.3 2017-08-10 16:21:24 -04:00
Kranium Gikos Mendoza 151fab911e mbpfan: 1.9.1 -> 2.0.1
removed patch for lsmod/grep as they are no longer used (dgraziotin/mbpfan@5f2da79)
2017-08-11 01:52:04 +10:00
Robin Gloster 60418e9196
edac-utils: fix makeWrapper call 2017-08-10 03:44:03 +02:00
Robin Gloster 46a25ea7ea
linuxPackages.bcc: fix using wrapProgram on .c file 2017-08-09 19:45:05 +02:00
Kranium Gikos Mendoza 725089bb2d powerstat: 0.02.11 -> 0.02.12 2017-08-08 23:46:01 +10:00
Kranium Gikos Mendoza c943cf7c26 forkstat: 0.01.17 -> 0.02.00 2017-08-08 23:44:25 +10:00
Tim Steinbach f46f98ad31
Revert 0cf0d7186a
Order common kernel config by functionality
See #27949
2017-08-07 17:34:10 -04:00
davidak 3270aa896b replace "Mac OS X" and "OS X" with "macOS"
as it is the official name since 2016

https://en.wikipedia.org/wiki/Macintosh_operating_systems#Desktop

exception are parts refering to older versions of macOS like

"GUI support for Mac OS X 10.6 - 10.12. Note that Emacs 23 and later [...]"
2017-08-07 21:41:30 +02:00
Tim Steinbach fa10497834 Merge pull request #27684 from gnidorah/bfq
linux: BFQ Group Scheduling support
2017-08-07 11:58:45 -04:00
Tim Steinbach 06af1df857
linux: 4.13-rc3 -> 4.13-rc4 2017-08-07 11:40:01 -04:00
Tim Steinbach ea2a10e143
linux: 4.4.79 -> 4.4.80 2017-08-07 11:35:42 -04:00
Tim Steinbach 4825e4818b
linux: 4.9.40 -> 4.9.41 2017-08-07 11:32:26 -04:00
gnidorah dc21f1ad65 linux: BFQ Group Scheduling support 2017-08-07 10:12:21 +03:00
Tim Steinbach 1ec7242bc2
linux-copperhead: 4.12.4.a -> 4.12.5.a 2017-08-06 22:04:46 -04:00
Tim Steinbach ff9479cd54
linux: 4.12.4 -> 4.12.5 2017-08-06 19:22:15 -04:00
Tim Steinbach 0cf0d7186a
linux-common-config: Refactor, clean up 2017-08-06 19:17:30 -04:00
Joachim Fasting f963014829
linux-hardened-config: various fixups
Note
- the kernel config parser ignores "# foo is unset" comments so they
  have no effect; disabling kernel modules would break *everything* and so
  is ill-suited for a general-purpose kernel anyway --- the hardened nixos
  profile provides a more flexible solution
- removed some overlap with the common config (SECCOMP is *required* by systemd;
  YAMA is enabled by default).
- MODIFY_LDT_SYSCALL is guarded by EXPERT on vanilla so setting it to y breaks
  the build; fix by making it optional
- restored some original comments which I feel are clearer
2017-08-06 23:38:07 +02:00
Heitham Omar 5ac00265a8 linux-common-config: add CONFIG_HOTPLUG_PCI_ACPI 2017-08-06 20:41:28 +02:00
Heitham Omar d3107e4508 openelec-dvb-firmware: init at 0.0.51 2017-08-06 16:29:09 +01:00
Tim Steinbach ff10bafd00
linux: Expand hardened config
Based on latest recommendations at
http://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
2017-08-06 09:58:02 -04:00
Robin Gloster 2b4811887a
kernel: add IP_NF_TARGET_REDIRECT 2017-08-04 08:26:09 +02:00
Jörg Thalheim 3ab208e108 Merge pull request #27924 from carlsverre/wpa_supplicant_bgscan
Enable BGSCAN for wpa_supplicant
2017-08-04 05:51:26 +01:00
Carl Sverre 6b62b566a1 wpa_supplicant: Enable BGSCAN module
Compile wpa_supplicant with the BGSCAN module enabled. This allows the
user to configure an SSID to use the bgscan module.  This module causes
wpa_supplicant to periodically perform a background scan for additional
access points and switch to the one with the highest signal.  This scan
can be kicked off when the current connection drops below a target
threshold signal strength.
2017-08-03 21:37:24 -07:00
Robin Gloster dc13376ee2
wvdial: remove 2017-08-04 02:24:07 +02:00
mimadrid 09e0cc7cc7
Update homepage attributes: http -> https
Homepage link "http://.../" is a permanent redirect to "https://.../" and should be updated
https://repology.org/repository/nix_stable/problems
2017-08-03 11:56:15 +02:00
Silvan Mosberger f5fa5fa4d6 pkgs: refactor needless quoting of homepage meta attribute (#27809)
* pkgs: refactor needless quoting of homepage meta attribute

A lot of packages are needlessly quoting the homepage meta attribute
(about 1400, 22%), this commit refactors all of those instances.

* pkgs: Fixing some links that were wrongfully unquoted in the previous
commit

* Fixed some instances
2017-08-01 22:03:30 +02:00
Franz Pletz 4afb3f4ade
ipsecTools: add patch to fix CVE-2016-10396 2017-08-01 10:26:19 +02:00
Franz Pletz 1a4ce79a0d
pam_ldap: 183 -> 186 2017-08-01 08:36:35 +02:00
Franz Pletz e5e556f19a
irqbalance: 1.1.0 -> 1.2.0 2017-08-01 08:36:33 +02:00
Franz Pletz 9719e43494
jool: 3.5.3 -> 3.5.4 2017-08-01 06:15:59 +02:00
Tuomas Tynkkynen 3db9a2bdff linux_rpi: 1.20170427 -> 1.20170515 2017-07-31 19:47:23 +03:00
Tuomas Tynkkynen 8523ab5e8d raspberrypifw: 1.20170427 -> 1.20170515 2017-07-31 19:47:23 +03:00
Franz Pletz ee8df19a25
batman-adv: 2017.1 -> 2017.2 2017-07-31 12:23:14 +02:00
aszlig 979817d153
linux-testing: 4.13-rc2 -> 4.13-rc3
Tested via building the linux_testing attribute, but didn't test it at
runtime (yet).

Diffed unpacked tarball against my local git clone and the contents
match.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-07-31 09:39:42 +02:00
Robin Gloster a974ee0188
tcp_wrappers: fix weird use of STRINGS in the Makefile 2017-07-30 14:03:31 +02:00
Frederik Rietdijk 20b8e4b4cf Merge remote-tracking branch 'upstream/master' into HEAD 2017-07-30 08:09:11 +02:00
Nikolay Amiantov 69e24c044a kbd: fix build 2017-07-30 01:33:26 +03:00
Nikolay Amiantov 373a623daa Revert "Revert "kbd: 2.0.3 -> 2.0.4""
This reverts commit 00bf3a9dca.
2017-07-30 01:21:44 +03:00
Tim Steinbach 06a513ee05 busybox: 1.27.0 -> 1.27.1 2017-07-29 23:15:40 +02:00
Thomas Tuegel cdb18068cd
zfs: fix invalid use of substituteInPlace
substituteInPlace was invoked with multiple targets on the command line, which
is not supported.

(cherry picked from commit b21defaf51)

Re-applied due to bad merge in b116fa5ff2.
2017-07-29 20:59:08 +02:00
Franz Pletz 65f9631b87
linuxPackages.acpi_call: add patch for 4.12 compat 2017-07-29 18:28:00 +02:00
Aristid Breitkreuz 9d4d963097 wireguard: 0.0.20170706 -> 0.0.20170726 2017-07-29 17:28:18 +02:00
Frederik Rietdijk b2608b8910 Merge remote-tracking branch 'upstream/master' into HEAD 2017-07-29 13:08:11 +02:00
Tim Steinbach a918521c1e
linux-copperhead: 4.12.3.a -> 4.12.4.a 2017-07-28 17:54:37 -04:00
Frederik Rietdijk 55357de67a Merge remote-tracking branch 'upstream/master' into HEAD 2017-07-28 19:37:36 +02:00
Frederik Rietdijk 00bf3a9dca Revert "kbd: 2.0.3 -> 2.0.4"
This reverts commit fd43b50877.

```
substitute(): ERROR: Invalid command line argument: /nix/store/8f42syfzv3cpw3jjq96sdzvnclivi783-kbd-2.0.4/bin/unicode_stop
```

@rnhmjoj please check
2017-07-28 16:11:10 +02:00
Franz Pletz b116fa5ff2
Merge branch 'master' into staging 2017-07-28 16:08:30 +02:00
Tim Steinbach 5a6b5b8daf
linux: 4.4.78 -> 4.4.79 2017-07-28 10:02:29 -04:00
Tim Steinbach 88c0f67ded
linux: 4.9.39 -> 4.9.40 2017-07-28 10:00:25 -04:00
Tim Steinbach f43c445824
linux: 4.12.3 -> 4.12.4 2017-07-28 09:55:48 -04:00
Tim Steinbach e59ecf8a1b Merge pull request #27585 from NeQuissimus/exfat_2017-06-19
exfat-nofuse: 2017-01-03 -> 2017-06-19
2017-07-28 09:16:56 -04:00
Joachim F c36a68e7d3 Merge pull request #27639 from jfrankenau/update-firejail
firejail: 0.9.44.10 -> 0.9.48
2017-07-28 05:45:57 +01:00
Jörg Thalheim 229b249281 sysdig: 0.16.0 -> 0.17.0 2017-07-27 22:21:00 +01:00
Robin Gloster 2799a94963
zfs, spl: 0.6.5.11 -> 0.7.0 2017-07-27 19:00:54 +02:00
Tuomas Tynkkynen 4456076bc7 keyutils: 1.5.9 -> 1.5.10 2017-07-27 18:57:02 +03:00
Nikolay Amiantov 81bb5856eb bbswitch: quote homepage 2017-07-27 17:07:45 +03:00
Peter Hoeg 354c979ea8 mcelog: 148 -> 153 2017-07-27 13:03:26 +08:00
John Ericson 9be40841ea Merge remote-tracking branch 'upstream/master' into staging-base
Conflicts:
	pkgs/build-support/cc-wrapper/default.nix
	pkgs/build-support/gcc-wrapper-old/builder.sh
	pkgs/build-support/trivial-builders.nix
	pkgs/desktops/kde-4.14/kde-package/default.nix
	pkgs/development/compilers/openjdk-darwin/8.nix
	pkgs/development/compilers/openjdk-darwin/default.nix
	pkgs/development/compilers/openjdk/7.nix
	pkgs/development/compilers/openjdk/8.nix
	pkgs/development/compilers/oraclejdk/jdk-linux-base.nix
	pkgs/development/compilers/zulu/default.nix
	pkgs/development/haskell-modules/generic-builder.nix
	pkgs/misc/misc.nix
	pkgs/stdenv/generic/builder.sh
	pkgs/stdenv/generic/setup.sh
2017-07-26 13:46:04 -04:00
rnhmjoj fd43b50877 kbd: 2.0.3 -> 2.0.4 2017-07-26 16:58:53 +03:00
Johannes Frankenau fcf7b6761b firejail: 0.9.44.10 -> 0.9.48 2017-07-25 14:30:36 +02:00
Tim Steinbach 907fa51d68 Merge pull request #27583 from NeQuissimus/cryptodev_1_9
cryptodev: 1.8 -> 1.9
2017-07-24 18:54:52 -04:00
Tim Steinbach 8f77f7b486 Merge pull request #27586 from NeQuissimus/dpdk_17_05_1
dpdk: 16.07.2 -> 17.05.1
2017-07-24 18:54:36 -04:00
Tim Steinbach 1dd6e7dcbc
linux: 4.13-rc1 -> 4.13-rc2 2017-07-24 09:50:32 -04:00
Tim Steinbach c355fd85ed
cryptodev: 1.8 -> 1.9 2017-07-23 16:32:30 -04:00
Tim Steinbach ebf5df0365
exfat-nofuse: 2017-01-03 -> 2017-06-19 2017-07-23 11:43:01 -04:00
Tim Steinbach fe101d0fb7
dpdk: 16.07.2 -> 17.05.1 2017-07-23 11:40:25 -04:00
Jörg Thalheim 887570883e perf: remove binutils patch by wrapper
starting with linux 4.12 our patch no longer applied. In order to
avoid having to maintain patches for different linux kernels it is
easier to use a wrapper instead.
2017-07-23 15:18:02 +01:00
Frederik Rietdijk 29f91c107f Merge remote-tracking branch 'upstream/master' into HEAD 2017-07-23 11:23:43 +02:00
Tim Steinbach 869bb2e486
linux-copperhead: 4.12.2.a -> 4.12.3.a 2017-07-22 19:08:02 -04:00
Graham Christensen 2fb3cc1e6d Merge pull request #27548 from roberth/lvm-update
lvm2: 2.02.140 -> 2.02.173
2017-07-22 09:16:59 -04:00
Thomas Tuegel 6a004bf9c8
Merge branch 'master' into bugfix/staging/stdenv 2017-07-21 20:36:34 -05:00
Thomas Tuegel bec5797290
syslinux: fix invalid use of substituteInPlace
substituteInPlace was invoked with multiple targets on the command line, which
is not supported.
2017-07-21 16:51:53 -05:00
Thomas Tuegel b21defaf51
zfs: fix invalid use of substituteInPlace
substituteInPlace was invoked with multiple targets on the command line, which
is not supported.
2017-07-21 15:47:37 -05:00
Thomas Tuegel 631f6b3e11
systemd: unset RANLIB
Commit 093cc00cdd sets the RANLIB environment
variable by default, causing `make' to invoke the wrong program.
2017-07-21 15:46:40 -05:00
Thomas Tuegel aa11af8bbe
systemd: fix broken source hash 2017-07-21 15:46:33 -05:00
Thomas Tuegel 7d010ab5f4
mdadm: unset STRIP
Commit 093cc00cdd, sets the STRIP environment
variable by default, but this confuses the mdadm Makefile, which uses STRIP as a
flag to `install'.
2017-07-21 15:43:25 -05:00
Robert Hensing fbd3f8698a lvm2: 2.02.140 -> 2.02.173 2017-07-21 16:25:34 +02:00
Tim Steinbach ba9275da88
linux: Remove 4.11
4.11.x has been EOL'd
2017-07-21 07:33:14 -04:00
Tim Steinbach 98ad0f4dab
linux: 4.12.2 -> 4.12.3 2017-07-21 07:28:24 -04:00
Tim Steinbach 232f497169
linux: 4.9.38 -> 4.9.39 2017-07-21 07:25:50 -04:00
Tim Steinbach 5181d7568f
linux: 4.4.77 -> 4.4.78 2017-07-21 07:23:12 -04:00
Al Zohali 0b3d29d4ac linux_samus_4_12: init at 4.12.2
Co-authored-by: Nikolay Amiantov <ab@fmap.me>

fixes #26038
2017-07-18 23:31:18 +01:00
Daniel Peebles bd2e91e3a2 Merge pull request #27318 from copumpkin/darwin-high-sierra
Support High Sierra on Darwin
2017-07-18 17:06:06 -04:00
aszlig c71233f12c
broadcom_sta: Add patch for supporting Linux 4.12
The patch is from Arch Linux at:

https://aur.archlinux.org/cgit/aur.git/tree/linux412.patch?h=broadcom-wl

Tested this by building against the following attributes:

  * linuxPackages.broadcom_sta
  * linuxPackages_latest.broadcom_sta
  * pkgsI686Linux.linuxPackages.broadcom_sta
  * pkgsI686Linux.linuxPackages_latest.broadcom_sta

I have not tested whether this works at runtime, because I do not posess
the hardware.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-07-18 21:37:02 +02:00
Tuomas Tynkkynen 638adf2d90 iproute: 4.11.0 -> 4.12.0 2017-07-18 13:41:06 +03:00
Jörg Thalheim 4154279179 zfsUnstable: mark as stable with 4.12 2017-07-18 11:15:37 +01:00
Frederik Rietdijk 3eceecb90d Merge remote-tracking branch 'upstream/master' into HEAD 2017-07-17 13:52:01 +02:00
Franz Pletz 7f0994c33d
zfsUnstable: 0.7.0-rc4 -> 0.7.0-rc5 2017-07-17 02:53:14 +02:00
Franz Pletz e4eea75fa7
zfs: 0.6.5.10 -> 0.6.5.11 2017-07-17 02:53:14 +02:00
Robin Gloster ae26f291bc
systemd: 233 -> 234 2017-07-16 17:22:45 +02:00
Tim Steinbach df929d6216
linux-copperhead: 4.12.1.a -> 4.12.2.a 2017-07-15 19:44:12 -04:00
Tim Steinbach b103e9317a
linux-testing: 4.12-rc7 -> 4.13-rc1 2017-07-15 19:30:44 -04:00
Tim Steinbach 81b993369c
linux: 4.4.76 -> 4.4.77 2017-07-15 19:25:42 -04:00
Tim Steinbach b04858db1b
linux: 4.9.37 -> 4.9.38
Remove temporary patches to perf as well
2017-07-15 19:22:07 -04:00
Tim Steinbach ccec16579d
linux: 4.11.10 -> 4.11.11 2017-07-15 19:17:06 -04:00
Tim Steinbach c5ef98bb34
linux: 4.12.1 -> 4.12.2 2017-07-15 19:14:44 -04:00
Tim Steinbach 954c66983d
perf: Apply patch for offline kernels
As per https://lkml.org/lkml/2017/7/13/314, perf is broken in 4.9.36 and 4.9.37
Patches in this commit are taken from
https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/commit/?id=39f4f2c018bd831c325e11983f8893caf72fd9eb

This will allow perf to build again and should be included in a future 4.9.x release,
allowing the custom patching to be removed again
2017-07-14 20:07:16 -04:00
Tuomas Tynkkynen 42395a191b kernel-config: Disable Xen on non-x86
There's an upstream build failure on ARM (not directly related to Xen
but rather some other config options it enables). The xen package is
x86_64-only anyways.
2017-07-13 20:12:50 +03:00
Joachim Fasting f90d7b23a7
alienfx: do not attempt to install suid executables 2017-07-13 18:08:56 +02:00
Tim Steinbach 6fda535869
linux-copperhead: Fix modDirVersion 2017-07-13 09:00:44 -04:00
Tim Steinbach 45a2534459
linux-copperhead: 4.12.e -> 4.12.1.a 2017-07-13 08:40:08 -04:00
Tim Steinbach 6131b4d52d
linux: 4.12 -> 4.12.1 2017-07-13 08:36:50 -04:00
Tim Steinbach 24de0bad42
linux: 4.11.9 -> 4.11.10 2017-07-13 08:34:51 -04:00
Tim Steinbach 6da222918e
linux: 4.9.36 -> 4.9.37 2017-07-13 08:30:47 -04:00
Dan Peebles 0419452113 Fix Darwin stdenv to work on 10.13
The main changes are in libSystem, which lost the coretls component in 10.13
and some hardening changes that quietly crash any program that uses %n in
a non-constant format string, so we've needed to patch a lot of programs that
use gnulib.
2017-07-11 21:56:38 -04:00
Tim Steinbach 1434128a18
linux-copperhead: 4.12.d -> 4.12.e 2017-07-11 08:22:56 -04:00
Tobias Geerinckx-Rice 46dc5394cd
Update e-mail address for nckx 2017-07-10 20:54:18 +02:00
Franz Pletz 9a219a7ec0
nettools: 1.60_p20120127084908 -> 1.60_p20161110235919
Some tools now need to be explcitely enabled. This version ships the same
executables as the previous one.
2017-07-10 09:36:04 +02:00
Jörg Thalheim 1532d5632f wireguard: 0.0.20170629 -> 0.0.20170706 2017-07-10 07:31:40 +01:00
Tim Steinbach d38656b3c3
linux-copperhead: 4.12.c -> 4.12.d 2017-07-09 18:20:14 -04:00
Tim Steinbach fca0b3602d
linux-copperhead: 4.12.b -> 4.12.c 2017-07-09 18:16:58 -04:00
Domen Kožar ca76954e49 Merge pull request #27245 from NixOS/osx_private_sdk/cleanup
Get rid of some usages of osx_private_sdk
2017-07-09 22:49:31 +02:00
Domen Kožar e211504db6
Get rid of some usages of osx_private_sdk
For example this reduces haskell closure on
darwin for some packages for almost 500MB.
2017-07-09 22:48:04 +02:00
Daiderd Jordan 980346592c
Merge branch 'staging' into master 2017-07-08 22:22:17 +02:00
Tim Steinbach 50831d543d
busybox: 1.26.2 -> 1.27.0 2017-07-08 13:41:27 -04:00
Tim Steinbach da8bd6df67 Merge pull request #27161 from NeQuissimus/kernel_config_cleanup
linux: Clean up kernel config warnings
2017-07-07 09:00:52 -04:00
gnidorah ff348f4b6d linux: Enable more I/O schedulers 2017-07-07 11:43:48 +03:00
0xABAB b89a5b2210 nfs-utils: Replace reference to /bin/true 2017-07-06 20:43:22 +02:00
Tim Steinbach 968e0b2baf
linux-copperhead: 4.11.8.a -> 4.12.b 2017-07-06 11:42:27 -04:00
Eelco Dolstra 942422a646
Merge branch 'glibc' of https://github.com/rnhmjoj/nixpkgs into staging 2017-07-06 15:14:57 +02:00
Tim Steinbach 3ec2a2f476
linux: Clean up kernel config warnings 2017-07-05 20:09:14 -04:00
Ryan Trinkle 7004641566 Merge pull request #26974 from obsidiansystems/response-file-parsing-speed
cc-wrapper: improve response file parsing speed
2017-07-05 16:18:22 -04:00
Ryan Trinkle 754c3f6ba4 cc-wrapper: fix response file parsing on ios-cross 2017-07-05 16:04:39 -04:00
Franz Pletz e1b29dd6d6
firmwareLinuxNonfree: 2017-04-16 -> 2017-07-05
Fixes #27129.
2017-07-05 19:00:19 +02:00
Tim Steinbach a04afd1594
linux: 4.4.75 -> 4.4.76 2017-07-05 12:54:56 -04:00
Tim Steinbach 05bd289ff8
linux: 4.9.35 -> 4.9.36 2017-07-05 12:52:05 -04:00
Tim Steinbach 00f0f7e9f6
linux: 4.11.8 -> 4.11.9 2017-07-05 12:49:56 -04:00
Vladimír Čunát 49250054d2
Merge #27153: atop: don't chmod u+s 2017-07-05 17:31:16 +02:00
Vladimír Čunát 5328aac7be
Merge branch 'staging'
Comparison looks OK; I'll try some fixes on master directly.
http://hydra.nixos.org/eval/1372577?compare=1372497
2017-07-05 08:55:26 +02:00
Tim Steinbach cd1f998289
Revert "linux-copperhead: 4.11.8.a -> 4.12.a"
This reverts commit cb703f1314.
2017-07-04 20:56:02 -04:00
Jörg Thalheim 0518ec00b5 zfs: update kernel versions constraint for linux 4.12 2017-07-04 17:15:48 +01:00
Tuomas Tynkkynen a4cf83c9b7 psmisc: 23.0 -> 23.1 2017-07-04 17:30:02 +03:00
Tuomas Tynkkynen 06c61f8cc2 iw: 4.3 -> 4.9 2017-07-04 17:30:02 +03:00
Tim Steinbach cb703f1314
linux-copperhead: 4.11.8.a -> 4.12.a 2017-07-03 21:03:58 -04:00
Ricardo M. Correia 4e025437d7 atop: don't chmod u+s, otherwise Nix build fails 2017-07-03 21:15:36 +02:00
Tim Steinbach f130e0027e
linux: Add 4.12 2017-07-03 11:57:40 -04:00
Vladimír Čunát d1a89ae9d7
Merge branch 'master' into staging 2017-07-03 09:48:58 +02:00
es_github 5d989f4d93 kmod-debian-aliases: Fix source tarball URL.
The original URL for this package was pointed at a location that wasn't
longterm-stable, and has by now been removed by Debian.
This commit fixes the URL to point at a debian snapshot entry, which should
stick around for the long run.

Hash is unchanged, so this is safe.
2017-07-03 02:50:24 +01:00
Joachim F 8604630d92 Merge pull request #26939 from dtzWill/fix/perms-fallout-misc-2
Fixup various setuid/setgid permission problems, part 2
2017-06-30 18:30:02 +01:00
Vladimír Čunát ddf864f8aa
Merge branch 'master' into staging
Mass rebuilds from master (>7k on x86_64-linux).
2017-06-30 18:16:58 +02:00
John Ericson 95c8277701 misc pkgs: Remove unneeded *Platform == *Platform comparisons
PR #26007 used these to avoid causing a mass rebuild. Now that we know
things work, we do that to clean up.
2017-06-30 10:09:31 -04:00
Jörg Thalheim 79ecfb515f Merge pull request #26972 from zx2c4/patch-5
wireguard: 0.0.20170613 -> 0.0.20170629
2017-06-30 08:40:40 +01:00
Tim Steinbach 3130f3ed0a
linux-copperhead: 4.11.7.a -> 4.11.8.a
Fixes #26790 by properly including built modules
2017-06-29 23:16:52 -04:00
Jason A. Donenfeld 9ffccc77d9 wireguard: 0.0.20170613 -> 0.0.20170629
Simple version bump.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-29 22:27:52 +02:00
Tim Steinbach 37bc494949
linux: 4.11.7 -> 4.11.8 2017-06-29 08:29:04 -04:00
Tim Steinbach d1aff8d2e5
linux: 4.9.34 -> 4.9.35
Also, remove XSA-216 patches, the fixes are now integrated upstream
2017-06-29 08:26:25 -04:00
Tim Steinbach 6b35f22e28
linux: 4.4.74 -> 4.4.75 2017-06-29 08:20:06 -04:00
John Ericson 16be434b0b Merge accepted cross compilation PRs into staging 2017-06-28 23:17:21 -04:00
Tim Steinbach 4cc729644e Merge pull request #26867 from michalpalka/xen-security-2017.06-new
xen: patch for XSAs: 216, 217, 218, 219, 220, 221, 222, and 224
2017-06-28 22:43:46 -04:00
John Ericson eb052edd6f Merge pull request #26946 from obsidiansystems/wxmsw-fix
wxMSW: Fix syntax --- travis eval did not catch
2017-06-28 22:39:36 -04:00
John Ericson b0ada07f36 wxMSW: Fix syntax --- travis eval did not catch 2017-06-28 22:31:24 -04:00
John Ericson e1faeb574a Merge pull request #26884 from obsidiansystems/purge-stdenv-cross
Purge stdenv cross
2017-06-28 21:39:16 -04:00
hsloan 2f37cad1b9 wxMSW-2.8: Don't use stdenv ? cross 2017-06-28 21:29:07 -04:00
hsloan c4ab3ef580 jom: Don't use stdenc.cross 2017-06-28 21:29:07 -04:00
hsloan 14d3ed8c38 sysvinit: Rely on cc-wrapper to export this env var 2017-06-28 21:29:07 -04:00
hsloan a291194d2f shadow: Don't use stdenv ? cross 2017-06-28 21:28:34 -04:00
hsloan b8ed3c65bb propcps: Rely on cc-wrapper to export this env var 2017-06-28 21:24:25 -04:00
hsloan 66e22e1229 mingetty: Rely on cc-wrapper to export this env var 2017-06-28 21:24:24 -04:00
hsloan 5d83d36389 mdadm: Don't use stdenv.cross 2017-06-28 21:24:24 -04:00
hsloan a210b08d18 klibc: Don't use crossAttrs 2017-06-28 21:24:12 -04:00
hsloan 16781a3892 kernel perf: Don't use stdenv.cross 2017-06-28 20:23:09 -04:00
hsloan 1e3b45cfdb kernel manual-config: Don't use stdenv.cross 2017-06-28 20:23:09 -04:00
hsloan 459d07d41c kernel generic: Don't use stdenv.cross 2017-06-28 20:22:59 -04:00
hsloan c5b4b6c911 kernel-headers: Don't use stdenv.cross 2017-06-28 19:44:04 -04:00
Will Dietz 707145a955 firejail: don't try to set setuid bit 2017-06-28 14:31:47 -05:00
Will Dietz 09d85c49c4 kbdlight: Fix installation permissions
Looks like NixOS creates a security wrapper for this already, FWIW.
2017-06-28 14:31:45 -05:00
Eelco Dolstra 32e492251b
systemd: Apply fix for CVE-2017-9445 2017-06-28 14:08:05 +02:00
Trevor Joynson 068341b1c7 iptstate: init at 2.2.6 (#26878)
* Add iptstate package

* iptstate: nit pick
2017-06-27 18:27:13 +01:00
Tim Steinbach d2e199ca3c
linux: 4.4.73 -> 4.4.74 2017-06-27 08:14:47 -04:00
Tim Steinbach c90a4b8541
linux: 4.12-rc6 -> 4.12-rc7 2017-06-26 09:58:37 -04:00
David McFarland a08024bcb0 procps-ng: allow cygwin 2017-06-26 09:33:09 -03:00
Franz Pletz b788956239
libcgroup: do not set suid bit in nix store 2017-06-26 09:13:34 +02:00
Michał Pałka 80e0cda7ff xen: patch for XSAs: 216, 217, 218, 219, 220, 221, 222, and 224
XSA-216 Issue Description:

> The block interface response structure has some discontiguous fields.
> Certain backends populate the structure fields of an otherwise
> uninitialized instance of this structure on their stacks, leaking
> data through the (internal or trailing) padding field.

More: https://xenbits.xen.org/xsa/advisory-216.html

XSA-217 Issue Description:

> Domains controlling other domains are permitted to map pages owned by
> the domain being controlled.  If the controlling domain unmaps such a
> page without flushing the TLB, and if soon after the domain being
> controlled transfers this page to another PV domain (via
> GNTTABOP_transfer or, indirectly, XENMEM_exchange), and that third
> domain uses the page as a page table, the controlling domain will have
> write access to a live page table until the applicable TLB entry is
> flushed or evicted.  Note that the domain being controlled is
> necessarily HVM, while the controlling domain is PV.

More: https://xenbits.xen.org/xsa/advisory-217.html

XSA-218 Issue Description:

> We have discovered two bugs in the code unmapping grant references.
>
> * When a grant had been mapped twice by a backend domain, and then
> unmapped by two concurrent unmap calls, the frontend may be informed
> that the page had no further mappings when the first call completed rather
> than when the second call completed.
>
> * A race triggerable by an unprivileged guest could cause a grant
> maptrack entry for grants to be "freed" twice.  The ultimate effect of
> this would be for maptrack entries for a single domain to be re-used.

More: https://xenbits.xen.org/xsa/advisory-218.html

XSA-219 Issue Description:

> When using shadow paging, writes to guest pagetables must be trapped and
> emulated, so the shadows can be suitably adjusted as well.
>
> When emulating the write, Xen maps the guests pagetable(s) to make the final
> adjustment and leave the guest's view of its state consistent.
>
> However, when mapping the frame, Xen drops the page reference before
> performing the write.  This is a race window where the underlying frame can
> change ownership.
>
> One possible attack scenario is for the frame to change ownership and to be
> inserted into a PV guest's pagetables.  At that point, the emulated write will
> be an unaudited modification to the PV pagetables whose value is under guest
> control.

More: https://xenbits.xen.org/xsa/advisory-219.html

XSA-220 Issue Description:

> Memory Protection Extensions (MPX) and Protection Key (PKU) are features in
> newer processors, whose state is intended to be per-thread and context
> switched along with all other XSAVE state.
>
> Xen's vCPU context switch code would save and restore the state only
> if the guest had set the relevant XSTATE enable bits.  However,
> surprisingly, the use of these features is not dependent (PKU) or may
> not be dependent (MPX) on having the relevant XSTATE bits enabled.
>
> VMs which use MPX or PKU, and context switch the state manually rather
> than via XSAVE, will have the state leak between vCPUs (possibly,
> between vCPUs in different guests).  This in turn corrupts state in
> the destination vCPU, and hence may lead to weakened protections
>
> Experimentally, MPX appears not to make any interaction with BND*
> state if BNDCFGS.EN is set but XCR0.BND{CSR,REGS} are clear.  However,
> the SDM is not clear in this case; therefore MPX is included in this
> advisory as a precaution.

More: https://xenbits.xen.org/xsa/advisory-220.html

XSA-221 Issue Description:

> When polling event channels, in general arbitrary port numbers can be
> specified.  Specifically, there is no requirement that a polled event
> channel ports has ever been created.  When the code was generalised
> from an earlier implementation, introducing some intermediate
> pointers, a check should have been made that these intermediate
> pointers are non-NULL.  However, that check was omitted.

More: https://xenbits.xen.org/xsa/advisory-221.html

XSA-222 Issue Description:

> Certain actions require removing pages from a guest's P2M
> (Physical-to-Machine) mapping.  When large pages are in use to map
> guest pages in the 2nd-stage page tables, such a removal operation may
> incur a memory allocation (to replace a large mapping with individual
> smaller ones).  If this allocation fails, these errors are ignored by
> the callers, which would then continue and (for example) free the
> referenced page for reuse.  This leaves the guest with a mapping to a
> page it shouldn't have access to.
>
> The allocation involved comes from a separate pool of memory created
> when the domain is created; under normal operating conditions it never
> fails, but a malicious guest may be able to engineer situations where
> this pool is exhausted.

More: https://xenbits.xen.org/xsa/advisory-222.html

XSA-224 Issue Description:

> We have discovered a number of bugs in the code mapping and unmapping
> grant references.
>
> * If a grant is mapped with both the GNTMAP_device_map and
> GNTMAP_host_map flags, but unmapped only with host_map, the device_map
> portion remains but the page reference counts are lowered as though it
> had been removed. This bug can be leveraged cause a page's reference
> counts and type counts to fall to zero while retaining writeable
> mappings to the page.
>
> * Under some specific conditions, if a grant is mapped with both the
> GNTMAP_device_map and GNTMAP_host_map flags, the operation may not
> grab sufficient type counts.  When the grant is then unmapped, the
> type count will be erroneously reduced.  This bug can be leveraged
> cause a page's reference counts and type counts to fall to zero while
> retaining writeable mappings to the page.
>
> * When a grant reference is given to an MMIO region (as opposed to a
> normal guest page), if the grant is mapped with only the
> GNTMAP_device_map flag set, a mapping is created at host_addr anyway.
> This does *not* cause reference counts to change, but there will be no
> record of this mapping, so it will not be considered when reporting
> whether the grant is still in use.

More: https://xenbits.xen.org/xsa/advisory-224.html
2017-06-26 07:01:24 +00:00
Franz Pletz 639b74e7be
Revert "linux: patch CVE-2017-1000364 (stack clash)"
This reverts commit aab71b31d5.

This was integrated into the stable 4.9 and 4.11 kernels.
2017-06-26 02:23:59 +02:00
Franz Pletz 40a04291c9
Merge branch 'master' into staging 2017-06-26 02:23:38 +02:00
Gabriel Ebner 252e9ec84a microcodeIntel: 20161104 -> 20170511 2017-06-25 17:41:57 +02:00
Tim Steinbach 03aed4cfcf
linux-copperhead: 4.11.6.d -> 4.11.7.a 2017-06-24 14:50:41 -04:00
Jörg Thalheim d4f45ae393 Merge pull request #26734 from nh2/statifier-1.7.4
statifier: 1.7.3 -> 1.7.4
2017-06-24 18:16:25 +01:00
Tim Steinbach b06cb59fc1
linux: 4.9.33 -> 4.9.34 2017-06-24 11:22:56 -04:00
Tim Steinbach 3a68f0bb78
linux: 4.11.6 -> 4.11.7 2017-06-24 11:20:32 -04:00
Jörg Thalheim 5e2de6d846 iwd: 2017-04-21 -> 2017-06-02 2017-06-24 10:29:14 +01:00
Jörg Thalheim a087e5a53a lttng-modules: 2.9.1 -> 2.9.3 2017-06-24 10:26:19 +01:00
John Ericson 87fab3d6a5 Merge some merged cross-compilation PRs into into staging 2017-06-23 20:24:27 -04:00
John Ericson a24031317a Merge pull request #26798 from obsidiansystems/ios-cross-stdenv
ios-cross: Just properly use the cc-wrapper
2017-06-23 15:00:19 -04:00
John Ericson afd2bdbad2 Merge pull request #26007 from obsidiansystems/cc-wrapper-prefix
Get rid of gcc-cross-wrapper
2017-06-23 11:22:34 -04:00
Tim Steinbach 4e08459f9b
linux-hardened-copperhead: 4.11.6c -> 4.11.6d 2017-06-22 21:12:20 -04:00
John Ericson f43ae985a6 ios-cross: Just properly use the cc-wrapper
No other downstream derivations are needed anymore.
2017-06-22 17:56:12 -04:00
John Ericson 05b3c87d9d busybox: Modernize and fix cross 2017-06-22 17:53:53 -04:00
John Ericson fc42ec0a5c mingw-w64: Depend on own headers derivation
Without this, a `#include <float.h>` resolves incorrectly. Either the
headers weren't on the include path at all, or they only were for
local, not system, imports.

What's weird is this used to not be a problem. Not sure what other
change in e.g. cc-wrapper would affect this.
2017-06-22 17:53:51 -04:00
John Ericson bb7067f882 mingw-w64: Clean up, especially clarifying staging 2017-06-22 17:53:51 -04:00
Franz Pletz aab71b31d5
linux: patch CVE-2017-1000364 (stack clash) 2017-06-22 00:44:28 +02:00
Franz Pletz 6338c50a84
Merge branch 'master' into staging 2017-06-22 00:41:25 +02:00
Franz Pletz 5389caab83
utillinux: 2.29.2 -> 2.30 2017-06-22 00:38:44 +02:00
Franz Pletz dd3f2e648a
linux_hardened_copperhead: init at 4.11.6.c 2017-06-21 23:49:00 +02:00
Jörg Thalheim e89e96a755 linux_4_11: renable CONFIG_UPROBE_EVENTS
CONFIG_UPROBE_EVENT was renamed to CONFIG_UPROBE_EVENTS.
2017-06-21 17:16:46 +01:00
Niklas Hambüchen 2fe0cd548c statifier: 1.7.3 -> 1.7.4 2017-06-21 01:12:38 +02:00
Franz Pletz f4734e75db
libnl: 3.2.29 -> 3.3.0 2017-06-20 07:03:53 +02:00
Franz Pletz baf28b60e4
libcap_ng: 0.7.7 -> 0.7.8 2017-06-20 05:57:03 +02:00
Franz Pletz 03d1e8a14e
iproute: 4.9.0 -> 4.11.0 2017-06-20 03:56:43 +02:00
Franz Pletz 726645a94f
tpacpi-bat: 3.0 -> 3.1 2017-06-20 03:56:40 +02:00
Franz Pletz 9da4cb176a
lxcfs: 2017-03-02 -> 2.0.7 2017-06-20 03:45:48 +02:00
Franz Pletz eb8c14751a
lxc: 2.0.7 -> 2.0.8 2017-06-20 03:45:47 +02:00
Franz Pletz 05cb49625d
powertop: 2.8 -> 2.9 2017-06-20 03:45:45 +02:00
Tim Steinbach 2764961b87
linux: 4.12-rc5 -> 4.12-rc6 2017-06-19 21:21:15 -04:00
Bart Brouns cb7e49b3df alsa-utils: 1.1.2 -> 1.1.4 2017-06-19 20:00:29 +02:00
Bart Brouns 285a837674 alsa-tools: 1.1.0 -> 1.1.3 2017-06-19 20:00:29 +02:00
Bart Brouns 886f9057e3 alsa-plugins: 1.1.1 -> 1.1.4 2017-06-19 20:00:29 +02:00
Bart Brouns 1837089670 alsa-lib: 1.1.2 -> 1.1.4.1 2017-06-19 20:00:28 +02:00
Vladimír Čunát 629e9c6dc7
Merge branch 'staging'
I don't like to wait for the expat-induced rebuild to happen yet another
time on staging.
2017-06-19 07:29:42 +02:00
Thomas Tuegel c816bbc8a8
qt5: remove makeQtWrapper 2017-06-18 08:44:42 -05:00
Thomas Tuegel 210f688802
qt5: rename qmakeHook to qmake 2017-06-18 08:41:57 -05:00
Jörg Thalheim abc374f127
ply: add kernel version constraint 2017-06-18 12:52:02 +01:00
Vladimír Čunát 8702fd35e2
Merge branch 'master' into staging
... to get in more fixes of setuid/setgid.
2017-06-18 13:22:23 +02:00
Franz Pletz bbb9182cbc
linux: 4.9.32 -> 4.9.33 2017-06-17 18:45:29 +02:00
Franz Pletz a470aa0924
linux: 4.4.72 -> 4.4.73 2017-06-17 18:45:29 +02:00
Franz Pletz c973a4a887
linux: 4.11.5 -> 4.11.6 2017-06-17 18:45:29 +02:00
Franz Pletz de74d2015f
kernelPackages.zfs: 0.6.5.9 -> 0.6.5.10 2017-06-17 15:51:39 +02:00
Vladimír Čunát d88c0cf867
Merge #26628: treewide: setuid/setgid fallout 2017-06-17 13:23:39 +02:00
Jörg Thalheim 878381fd4d rewritefs: add remark to patch 2017-06-17 10:45:35 +01:00
Vladimír Čunát 304391b2f2
Merge branch 'master' into staging
Another couple thousand rebuilds.
2017-06-17 09:58:34 +02:00
Jörg Thalheim c4037ee92b Merge pull request #26583 from mbbx6spp/init-ply-package
ply: init at v1-beta1(9e810b1)
2017-06-16 23:21:23 +01:00
Vladimír Čunát 2a76b6ad69
Merge #26540: utillinux: fix "fstrim --all" 2017-06-16 21:43:26 +02:00
Will Dietz 7270b9b425 rewritefs: Don't attempt to set special bits 2017-06-16 07:22:20 -05:00
Jörg Thalheim f5d98e8e18
ply: fix build 2017-06-15 21:11:35 +01:00
Tim Steinbach b4576c5108
linux: 4.11.4 -> 4.11.5 2017-06-15 08:54:55 -04:00
Tim Steinbach a7efc9f0cd
linux: 4.9.31 -> 4.9.32 2017-06-15 08:53:35 -04:00
Tim Steinbach 07edb44d15
linux: 4.4.71 -> 4.4.72 2017-06-15 08:52:26 -04:00
gnidorah 286c36d737 utillinux: fix "fstrim --all" 2017-06-15 14:05:50 +03:00
Susan Potter fdef885d97
ply: init at v1-beta1(9e810b1) 2017-06-14 17:41:42 -05:00
Charles Strahan 3b1c4fce4f psensor: init at 1.2.0
psensor is a graphical hardware monitoring application for Linux
2017-06-13 18:51:36 -04:00
Will Dietz b83609add3 psmisc: 22.21 -> 23.0
No longer need fuser patch, fixes musl compat.
2017-06-13 22:05:00 +02:00
Jason A. Donenfeld 9d4bf6b155 wireguard: 0.0.20170531 -> 0.0.20170613
Simple version bump. Release notes:

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-13 15:55:56 +02:00
Vladimír Čunát ed070354a9
Merge branch 'staging' 2017-06-13 11:22:56 +02:00
Jörg Thalheim f866cae200
android-udev-rules: 20170305 -> 20170612 2017-06-13 08:07:04 +01:00
timor d74f8351a5 kernel: enable audio jack reconfiguration
Change kernel config to allow for changing the functions of the audio
jacks at run-time as well as at boot time.
2017-06-13 08:50:34 +03:00
Franz Pletz b733a34e8e
firmwareLinuxNonfree: 2017-03-11 -> 2017-04-16 2017-06-12 17:44:44 +02:00
Franz Pletz c34299f592
dmidecode: 3.0 -> 3.1 2017-06-12 17:44:43 +02:00
Eelco Dolstra 63e9d1c51e
perf: Fix perf annotate
This command requires objdump, so make sure it can find it.
2017-06-12 13:23:18 +02:00
Tim Steinbach 5fbab5dfb3
linux: 4.12-rc4 -> 4.12-rc5 2017-06-11 21:37:46 -04:00
Tuomas Tynkkynen fbea1265d5 audit: 2.6.6 -> 2.7.6 2017-06-11 19:46:09 +03:00
Tuomas Tynkkynen 370ace4cf0 kernel: Don't build self-test modules 2017-06-11 19:33:24 +03:00
Jörg Thalheim fe208a1cc8 Merge pull request #26509 from MP2E/musl_update
musl: 1.1.15 -> 1.1.16
2017-06-11 12:59:17 +01:00
Cray Elliott 6bdebf252c musl: 1.1.15 -> 1.1.16 2017-06-10 15:37:40 -07:00
Vladimír Čunát cb9f953c92
Merge branch 'master' into staging
More larger rebuilds.
2017-06-10 10:07:33 +02:00
Joachim Fasting b1f0af7ef6
linuxPackages.evdi: specify minimum kernel version, per upstream
Upstream says 3.16 is the oldest supported kernel.  No versions prior to
3.18 build on Hydra. See e.g., https://hydra.nixos.org/build/53599831.
2017-06-09 12:54:57 +02:00
Vladimír Čunát 10f9fb63f1
nfs-utils: fixup setuid/setgid build problems, hopefully 2017-06-08 20:43:04 +02:00
Vladimír Čunát ae6df000d0
Merge branch 'master' into staging 2017-06-07 18:11:27 +02:00
Vladimír Čunát 1aac1fe5dd
util-linux: fixup setuid/setgid build problems
... hopefully.  Also refactor some nix code a little.
2017-06-07 15:17:40 +02:00
Vladimír Čunát 833bc78dcf
shadow: fixup setuid/setgid build problems, hopefully 2017-06-07 14:21:04 +02:00
Tim Steinbach c7abd6943e
linux: 4.9.30 -> 4.9.31 2017-06-07 08:09:37 -04:00