mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-09-11 15:08:33 +01:00
Code Issues Wiki Activity
97083 commits 218 branches 122 tags 7.1 GiB
Commit graph

5884 commits

Author SHA1 Message Date
Joachim Fasting 601058e0e2
grsecurity: 4.8.13-201612082118 -> 4.8.14-201612110933 2016-12-11 19:09:16 +01:00
Tim Steinbach f576c490e3
linux: 4.4.37 -> 4.4.38 2016-12-10 15:18:52 -05:00
Tim Steinbach b69822c505
linux: 4.8.13 -> 4.8.14 2016-12-10 15:15:44 -05:00
Tuomas Tynkkynen bdab6fe5a1 kernel: Use built-in dtbs_install target instead of rolling our own 
In particular, on aarch64 all the .dtb files will be in subdirectories
and *.dtb won't match anything.
 2016-12-10 20:24:08 +02:00
Franz Pletz 9074d9859e
linux: add patch to fix CVE-2016-8655 
See https://lwn.net/Articles/708319/ for more information.
 2016-12-10 17:08:42 +01:00
Frederik Rietdijk 033525c6b8 dstat: fix bad interpreter: No such file 2016-12-10 14:21:51 +01:00
Bjørn Forsman 2077385421 kernel: enable CONFIG_DYNAMIC_DEBUG (like Fedora and Ubuntu) 
It was useful in tracking down CIFS + DFS issue, and it's apparently
enabled by default in two major distros.
 2016-12-10 00:01:21 +02:00
Bjørn Forsman d429520b13 kernel: add CONFIG_CIFS_* like Fedora, Ubuntu 
The plan is to fix mounting DFS shares on NixOS (for which some of these
options are needed), but I figured it might be a good idea to enable all
CONFIG_CIFS_* like Fedora 24 and Ubuntu 16.04 while at it. Ubuntu even
has CONFIG_CIFS_SMB311, but as Fedora do not, I left it out.

Mounting DFS shares still doesn't work; need to configure cifs.upcall
and /etc/request-key.conf. Until then, using GVFS as a workaround.
 2016-12-10 00:01:21 +02:00
Bjørn Forsman fc6d82cf76 cifs-utils: add 'talloc' to buildInputs, to build cifs.upcall 
Fixes this ./configure symptom:

  configure: WARNING: talloc.h not found, consider installing libtalloc-devel. Disabling cifs.upcall.

and is needed to (eventually) fix CIFS + DFS kernel mount on NixOS.
 2016-12-10 00:01:21 +02:00
Joachim Fasting d1a5dc0b1c
grsecurity: 4.8.12-201612062306 -> 4.8.13-201612082118 2016-12-09 15:31:02 +01:00
Joachim Fasting 9a63779d64
grsecurity: use upstream url as the primary source 2016-12-09 15:31:00 +01:00
Joachim Fasting ca7cc96ee8
grsecurity: enable PAX_INITIFY 
Uses gcc plugin to detect more instances where memory used during init
can be freed.
 2016-12-09 15:30:40 +01:00
Tim Steinbach bfffbb5ea6
linux: 4.8.12 -> 4.8.13 2016-12-09 08:27:11 -05:00
Tim Steinbach e861a5f7af
linux: 4.4.36 -> 4.4.37 2016-12-09 08:26:46 -05:00
Joachim Fasting af1202434a
ndiswrapper: mark as broken 
Build fails across all our kernels.  There is a new version 1.60, but
it, too, fails to build.  Until somebody comes along to patch around it,
we might as well mark this as broken.
 2016-12-08 23:12:32 +01:00
Joachim Fasting 5fd4ffe00f
grsecurity: 4.8.12-201612031658 -> 201612062306 2016-12-08 12:22:13 +01:00
Dmytro Rets e8220d3264
Update broadcom URL for broadcom-sta driver. 2016-12-08 11:50:31 +02:00
Tim Steinbach c9d1d430ec
linux: 4.9-rc7 -> 4.9-rc8 2016-12-05 19:40:11 -05:00
Joachim Fasting 9578299bbe
grsecurity: 4.8.11-201611271225 -> 4.8.12-201612031658 2016-12-06 01:24:32 +01:00
Joachim Fasting cc396697a6
grsecurity: enable ability to lock in readonly mounts 2016-12-06 01:24:12 +01:00
Joachim Fasting 0e765c72e5
grsecurity: enable module hardening 2016-12-06 01:23:58 +01:00
Joachim Fasting 071fbcda24
grsecurity: enable optional sysfs restrictions 
Fairly severe, but can be disabled at bootup via
grsec_sysfs_restrict=0. For the NixOS module we ensure that it is
disabled, for systemd compatibility.
 2016-12-06 01:23:36 +01:00
Joachim Fasting 8c1f5afdf3
grsecurity: delay toggling of sysctls until system is up 
We generally trust init, so there's little point in having these enabled
during early bootup; it accomplishes little except fill our logs with
spam.
 2016-12-06 01:22:53 +01:00
Tuomas Tynkkynen f91458ca38 reattach-to-user-namespace: Set platforms 2016-12-05 02:36:54 +02:00
Tuomas Tynkkynen 9ccc14b1bc linux_rpi: Add some feature flags 
Copied from linux_4_4 (except for the EFI stub thing).

Otherwise the firewall module fails to evaluate:
Failed assertions:
- This kernel does not support rpfilter
 2016-12-04 18:18:06 +02:00
Jörg Thalheim e00632e200 Merge pull request #20858 from Mic92/lxcfs 
lxcfs: init at 2.0.4
 2016-12-04 11:33:07 +01:00
Tim Steinbach 4f8b74b401 Merge pull request #20866 from NeQuissimus/linux_4_8_12 
linux: 4.8.11 -> 4.8.12
 2016-12-02 18:28:46 -05:00
Tim Steinbach 853b6493c8
linux: 4.8.11 -> 4.8.12 2016-12-02 14:29:00 -05:00
Tim Steinbach 654f5df5dc
linux: 4.4.35 -> 4.4.36 2016-12-02 14:28:26 -05:00
Jörg Thalheim af609b0254
lxcfs: init at 2.0.4 2016-12-02 13:52:03 +01:00
Tim Steinbach 5afc6b506c
linux: 4.1.35 -> 4.1.36 2016-12-01 20:34:02 -05:00
Joachim F 85ecde87c8 Merge pull request #20804 from danbst/fix-shadow 
shadow: fix collision with coreutils (man groups.1.gz)
 2016-12-01 23:08:30 +01:00
danbst ac51528df8 shadow: fix collision with coreutils (man groups.1.gz) 
The `groups.1.gz` collides with one from coreutils. The code to fix this
was already present in expression, but wrongly assumes that share/man/man1
directory will be copied to `man` output after `installPhase`.

It turned out, that man directory is set at configure step, so we should
remove file from `man` output.
 2016-11-30 01:44:28 +02:00
Tim Steinbach 18a3225dac
linux: 3.12.67 -> 3.12.68 2016-11-29 17:40:17 -05:00
Tuomas Tynkkynen 8a4d6516ee Merge remote-tracking branch 'upstream/staging' into master 2016-11-30 00:34:23 +02:00
Franz Pletz e43f2fc868
Revert "lxc: 2.0.4 -> 2.0.6" 
This reverts commit 5d804566df.

This was an error on my part. I had the commit sitting on my local master
and pulled upstream to rebase my commit before pushing. I didn't notice
there was a commit bumping lxc and the auto-merge on the rebase.
 2016-11-29 15:42:37 +01:00
Matt McHenry f0bdca82c0 linuxPackages.ati_drivers_x11: patch for kernel 4.7+ (#19810) 2016-11-28 19:56:50 +01:00
Franz Pletz 5d804566df
lxc: 2.0.4 -> 2.0.6 
Fixes CVE-2016-8649.

See https://lists.linuxcontainers.org/pipermail/lxc-users/2016-November/012597.html.
 2016-11-28 19:04:42 +01:00
Peter Simons 21a5532c57 Merge pull request #20766 from avnik/update/lxc 
lxc: 2.0.4 -> 2.0.6 (security)
 2016-11-28 15:13:10 +01:00
Alexander V. Nikolaev a8eeef62e6 lxc: 2.0.4 -> 2.0.6 (security) 
https://security-tracker.debian.org/tracker/CVE-2016-8649
 2016-11-28 15:17:06 +02:00
Alexander V. Nikolaev 121da5e938 lxc: fix sandbox builds 
Package attempt to write /etc/bash_completion.d, I directed it to
"${out}/etc/bash_completion.d" as it was suggested.
 2016-11-28 15:17:05 +02:00
Graham Christensen 04edf297cc Merge pull request #20676 from matthewbauer/file_cmds 
file_cmds: init at 264.1.1
 2016-11-28 06:48:18 -05:00
Joachim Fasting 5da1394a58
Revert "gradm: fix using gradm while the RBAC system is active" 
This reverts commit fdbf7dc8b3.

Unfortunately, while gradm now works when the RBAC system is enabled,
gradm still fails when full system learning is enabled, so I probably
need to try again later.
 2016-11-28 11:41:12 +01:00
Joachim Fasting b90ed0cc80
grsecurity: 4.8.10-201611232213 -> 4.8.11-201611271225 2016-11-28 11:41:10 +01:00
Joachim Fasting 4c7323545b
Revert "grsecurity: work around for #20490" 
This reverts commit e38b74ba89.

I failed to notice f19c961b4e461da045f2e72e73701059e5117be0; better
use that fix instead.
 2016-11-28 11:40:55 +01:00
Matthew Bauer bd57e32312
file_cmds: init at 264.1.1 2016-11-27 21:58:07 -06:00
Tim Steinbach eecf76eaa2
linux: 4.9-rc6 -> 4.9-rc7 2016-11-27 19:48:24 -05:00
Tuomas Tynkkynen 86ea3126bc linux_rpi: 1.20160620 -> 1.20161020 2016-11-28 00:24:00 +02:00
Tuomas Tynkkynen 25d6bfa258 raspberrypifw: 1.20160620 -> 1.20161020 2016-11-28 00:23:40 +02:00
Tim Steinbach b47307bd74
linux: 4.8.10 -> 4.8.11 2016-11-26 16:29:23 -05:00