1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-28 16:42:09 +00:00
Commit graph

5579 commits

Author SHA1 Message Date
Franz Pletz 2d6b7aa545 linux: enable some useful networking options
All options are enabled by default on Debian and some other
distributions, so these should be safe.
2016-08-05 04:07:31 +02:00
Robin Gloster 1b979d8384 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-03 13:34:44 +00:00
Frederik Rietdijk db06460257 Merge pull request #17447 from FRidh/nvidia
nvidia-x11: fix driSupport32Bit
2016-08-03 08:36:24 +02:00
Alexey Shmalko 5ab8e0d2aa
uclibc: claim maintainership 2016-08-03 03:35:54 +03:00
Tuomas Tynkkynen 21f17d69f6 treewide: Add lots of meta.platforms
Build-tested on x86_64 Linux & Mac.
2016-08-02 21:42:43 +03:00
Tuomas Tynkkynen 2258b21e4b treewide: Add lots of platforms to packages with no meta
Build-tested on x86_64 Linux and on Darwin.
2016-08-02 21:17:44 +03:00
Tuomas Tynkkynen 59ce911810 treewide: Some EOF-whitespace fixes 2016-08-02 21:17:44 +03:00
Franz Pletz f2a66d4c16 criu: fix merge fail
d020caa5b2 vs. e3d0fe898b
2016-08-02 17:52:51 +02:00
Robin Gloster 1be4907ca2 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-02 13:46:36 +00:00
Frederik Rietdijk 8eb4b3af10 nvidia-x11: fix driSupport32Bit 2016-08-02 13:03:44 +02:00
aszlig fef4b62657
broadcom_sta: Add patch to fix NULL pointer deref
The patch is from the following Gentoo bug:

https://bugs.gentoo.org/show_bug.cgi?id=523326#c24

Built successfully against Linux 3.18.36, 4.4.16 and 4.7.0.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @phreedom, @vcunat
2016-08-01 21:05:15 +02:00
aszlig 8f08399671
broadcom_sta: Reindent file, no code changes
Let's make sure we indent using two spaces, because the unpackPhase was
indented using four spaces.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-08-01 21:05:15 +02:00
aszlig 4d3545f2a5
broadcom_sta: Add patch for supporting Linux 4.7
Patch is from Arch Linux at:

https://aur.archlinux.org/cgit/aur.git/tree/?h=broadcom-wl

I've tested building against 3.18.36, 4.4.16 and 4.7.0.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @phreedom, @vcunat
2016-08-01 21:05:15 +02:00
aszlig bd7ce1581d
broadcom_sta: 6.30.223.248 -> 6.30.223.271
The patch for kernel version 3.18 is already applied upstream, so we
don't need it any longer.

Without i686-build-failure.patch, the build for i686-linux fails because
it references rdtscl(), which is no longer available in Linux 4.3.0.

Patch for missing rdtscl() is from Arch Linux:

https://aur.archlinux.org/cgit/aur.git/tree/002-rdtscl.patch?h=broadcom-wl-ck

I've tested building against 32 and 64 bit Linux versions 3.18.36,
4.4.16 and 4.7.0.

The hashes were verified using the ones from the AUR (using the 16 bit
hashes of course):

$ nix-hash --type sha256 --to-base16 1kaqa2dw3nb8k23ffvx46g8jj3wdhz8xa6jp1v3wb35cjfr712sg
4f8b70b293ac8cc5c70e571ad5d1878d0f29d133a46fe7869868d9c19b5058cd
$ nix-hash --type sha256 --to-base16 1gj485qqr190idilacpxwgqyw21il03zph2rddizgj7fbd6pfyaz
5f79774d5beec8f7636b59c0fb07a03108eef1e3fd3245638b20858c714144be

AUR hashes can be found at:

https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=broadcom-wl&id=9d6f10b1b7745fbf5d140ac749e2253caf70daa8#n26

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @phreedom, @vcunat
2016-08-01 21:05:15 +02:00
Karn Kallio 5d11dac8bb nvidia-x11: advance to 365.35 and patch kernel 4.7. 2016-08-01 10:19:57 -04:00
Joachim Fasting 76f2e827a7
grsecurity: 4.6.5-201607272152 -> 4.6.5-201607312210 2016-08-01 12:46:48 +02:00
Robin Gloster 63c7b4f9a7 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-31 20:51:34 +00:00
Robin Gloster 43ba8d295f nvidia-x11: disable pic/format hardening 2016-07-31 20:38:38 +00:00
Eric Sagnes d6452987fb wireguard: 20160708 -> 2016-07-22 (#17362) 2016-07-31 13:57:37 +02:00
Franz Pletz 2fa9bd5059 hostapd: add patch to fix build with libressl
Fixes #17315.
2016-07-29 12:03:08 +02:00
Joachim Fasting 83f783c00f
grsecurity: 4.6.4-201607242014 -> 4.6.5-201607272152 2016-07-29 00:24:00 +02:00
Franz Pletz 9aee2a17af linux: 4.6.4 -> 4.6.5
Removed patch was applied upstream.
2016-07-28 23:05:27 +02:00
Franz Pletz b68fe1a572 linux: 4.5.6 -> 4.5.7 2016-07-28 23:05:27 +02:00
Eelco Dolstra 42f8df10a2 linux: 4.4.16 -> 4.4.16 2016-07-28 17:03:55 +02:00
Eelco Dolstra 51871dfb37 systemd: 230 -> 231 2016-07-28 17:03:55 +02:00
rnhmjoj 50cbb5bd30
rewritefs: 2016-02-08 -> 2016-07-27 2016-07-27 03:51:08 +02:00
Vladimír Čunát 375ae11a34 tiptop: init at 2.3 2016-07-26 11:55:23 +02:00
Robin Gloster f222d98746 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-25 12:47:13 +00:00
Joachim Fasting e725c927d4
grsecurity: 4.6.4-201607192040 -> 4.6.4-201607242014 2016-07-25 09:11:28 +02:00
Shea Levy ac93e9f2c8 Linux 4.7 2016-07-24 18:30:08 -04:00
Joachim Fasting f1187c4605
gradm: ensure that udev rules are actually installed
Another regression on my part: gradm won't install the rules unless
$(DESTDIR)/etc/udev/rules.d exists.
2016-07-24 12:54:07 +02:00
Tuomas Tynkkynen 9cccf35f98 dmraid: Fix typo 2016-07-23 13:24:18 +03:00
Matthew Robbetts e434ce8f49 hostapd: 2.4 -> v2.5, fixes #17164 2016-07-23 00:56:53 +02:00
Daiderd Jordan 44c5b729b8 osx-private-sdk: Fix hash (#17185)
- use fetchFromGitHub
2016-07-23 00:54:25 +02:00
Joachim Fasting e4b7b7b028
gradm: 3.1-201507191652 -> 3.1-201607172312 2016-07-22 17:57:26 +02:00
Lluís Batlle i Rossell dd02b6f118 perf: depend on libiberty to get c++ demangling. 2016-07-21 17:27:15 +02:00
Robin Gloster 1f04b4a566 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-21 00:56:43 +00:00
Robin Gloster cc540843fe linuxPackages.wireguard: disable pic 2016-07-21 00:01:20 +00:00
Markus Hauck 2a3fe4df43 sysdig: 0.10.0 -> 0.11.0 2016-07-20 21:27:40 +02:00
Joachim Fasting 55120ac4cb
grsecurity: 4.6.4-201607112205 -> 4.6.4-201607192040 2016-07-20 10:17:35 +02:00
Joachim Fasting c93ffb95bc
grsecurity: enable support for setting pax flags via xattrs
While useless for binaries within the Nix store, user xattrs are a convenient
alternative for setting PaX flags to executables outside of the store.

To use disable secure memory protections for a non-store file foo, do
  $ setfattr -n user.pax.flags -v em foo
2016-07-20 10:17:11 +02:00
Tuomas Tynkkynen 2fefa331e7 busybox: Fix cross build with musl 2016-07-20 02:38:10 +03:00
Graham Christensen 46655e4524 Merge pull request #17085 from j1r1k/gfxtablet-1.4
gfxtablet: git-2013-10-21 -> 1.4
2016-07-19 19:23:47 +00:00
Jiri Marsicek 4a86f9a44f gfxtablet: git-2013-10-21 -> 1.4 2016-07-19 20:47:00 +02:00
Robin Gloster 04d873a626 osx-private-sdk: Fix hash 2016-07-19 12:19:58 +00:00
Joachim F bb6fb70d6b Merge pull request #16979 from markus1189/sysdig
sysdig: 0.9.0 -> 0.10.0
2016-07-19 12:49:05 +02:00
Robin Gloster 203846b9de Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-19 10:37:02 +00:00
Franz Pletz 039f0e5cb0 firmwareLinuxNonfree: 2016-05-18 -> 2016-07-12 2016-07-19 07:55:27 +02:00
Nikolay Amiantov 28740462e7 busybox: fix static build 2016-07-19 05:20:02 +03:00
Tuomas Tynkkynen 6e0ab36de0 Merge pull request #16963 from womfoo/init/cking-kernel-tools
Init {fnotify,fork,power,smem}stat kernel tools
2016-07-16 21:15:23 +03:00
Tuomas Tynkkynen a4dfa90139 Merge pull request #17012 from womfoo/fix/lightum
lightum: fix build against systemd-230
2016-07-16 17:12:27 +03:00
Kranium Gikos Mendoza eb34cf1b6d lightum: fix build against systemd-230 2016-07-16 21:57:23 +08:00
Rickard Nilsson 8fa4dc174f Merge pull request #16899 from kragniz/lxc-2.0.3
lxc: 2.0.1 -> 2.0.3
2016-07-16 10:37:12 +02:00
Kranium Gikos Mendoza b68689ebb2 smemstat: init at 0.01.14 2016-07-16 12:09:40 +08:00
Kranium Gikos Mendoza a28dda1102 powerstat: init at 0.02.10 2016-07-16 12:09:40 +08:00
Kranium Gikos Mendoza f88f31c4f0 forkstat: init at 0.01.13 2016-07-16 12:09:32 +08:00
Robin Gloster 5185bc1773 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-15 14:41:01 +00:00
Markus Hauck 36c906e7c0 sysdig: 0.9.0 -> 0.10.0 2016-07-15 10:35:19 +02:00
Arseniy Seroka 658579cc57 Merge pull request #16961 from womfoo/bump/eventstat-0.03.02
eventstat: 0.02.02 -> 0.03.02
2016-07-14 22:19:33 +04:00
Kranium Gikos Mendoza b795186f2e fnotifystat: init at 0.01.14 2016-07-15 00:44:41 +08:00
Kranium Gikos Mendoza cbeb320c47 eventstat: 0.02.02 -> 0.03.02 2016-07-15 00:06:39 +08:00
Vladimír Čunát 1b5ac05845 Merge branch 'staging'
Includes security fixes in gd and libarchive.
2016-07-14 15:51:28 +02:00
Eric Sagnes c6f99a3a92 wireguard: split module and tools (#16883) 2016-07-13 21:15:11 +02:00
obadz 927a984de6 kernel: make KEXEC_FILE & KEXEC_JUMP optional to fix i686 build
cc @edolstra @dezgeg @domenkozar
2016-07-13 12:49:18 +02:00
obadz fad9a8841b ecryptfs: fix kernel bug introduced in 4.4.14
Introduced by mainline commit 2f36db7
Patch is from http://www.spinics.net/lists/stable/msg137350.html
Fixes #16766
2016-07-13 11:04:07 +02:00
Nikolay Amiantov d9aafc885f Merge branch 'early-kbd' into staging 2016-07-13 03:56:07 +03:00
Nikolay Amiantov 1848bfc92d Merge branch 'plymouth' into staging 2016-07-13 03:54:38 +03:00
Louis Taylor f51f6a36e8 lxc: 2.0.1 -> 2.0.3 2016-07-13 00:35:20 +01:00
Vladimír Čunát 40785f0dac Merge branch 'master' into staging
Hydra nixpkgs: ?compare=1282763
2016-07-12 22:00:10 +02:00
Nikolay Amiantov 6e21246dc4 plymouth: 0.9.0 -> 0.9.2
Use system-wide directories for various resources.
2016-07-12 22:22:28 +03:00
Franz Pletz dde259dfb5 linux: Add patch to fix CVE-2016-5829 (#16824)
Fixed for all available 4.x series kernels.

From CVE-2016-5829:

  Multiple heap-based buffer overflows in the hiddev_ioctl_usage function
  in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow
  local users to cause a denial of service or possibly have unspecified
  other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl
  call.
2016-07-12 20:56:50 +02:00
Joachim Fasting 416120e0c7
grsecurity: 4.6.3-201607070721 -> 4.6.4-201607112205 2016-07-12 15:15:09 +02:00
Tim Steinbach 47da65923b kernel: 4.6.3 -> 4.6.4 (#16875) 2016-07-12 09:54:57 +02:00
Tim Steinbach 9672c36651 conky: 1.10.1 -> 1.10.3 2016-07-11 23:20:25 +00:00
Eric Sagnes 1b41283eb3 wireguard: init at 20160708 (#16856) 2016-07-11 18:05:23 +02:00
Louis Taylor b2b8a89945 linux-testing: 4.7-rc6 -> 4.7-rc7 (#16854) 2016-07-11 17:53:41 +02:00
Eelco Dolstra ecc26d7a40 linux: Disable the old IDE subsystem
This has long been deprecated in favour of the new ATA support
(CONFIG_ATA).
2016-07-11 15:05:21 +02:00
Eelco Dolstra 7b9c493d60 linux: Enable some kernel features
This enables a few features that should be useful and safe (they're
all used by the default Ubuntu kernel config), in particular zswap,
wakelocks, kernel load address randomization, userfaultfd (useful for
QEMU), paravirtualized spinlocks and automatic process group
scheduling.

Also removes some configuration conditional on kernel versions that we
no longer support.
2016-07-11 15:04:56 +02:00
Eelco Dolstra 1cd7dbc00b linux: Bump NR_CPUS
The default limit (64) is too low for systems like EC2 x1.* instances
or Xeon Phis, so let's increase it.
2016-07-11 14:32:18 +02:00
Eelco Dolstra 8710672225 ena: Init at 20160629
This adds the Amazon Elastic Network Adapter kernel module required by
EC2 x1.* instances.
2016-07-11 14:32:18 +02:00
Franz Pletz 0f96c69026 batman-adv: 2016.1 -> 2016.2 2016-07-11 04:04:49 +02:00
Vladimír Čunát 6f07fdf469 v4l-utils: 1.6.3 -> 1.10.1
This fixes build after libjpeg(-turbo) update.
/cc maintainers: @codypoel, @viric.
2016-07-09 18:54:44 +02:00
Nikolay Amiantov da97ba359e busybox: set default keymap path 2016-07-08 20:44:01 +03:00
Nikolay Amiantov 8b92103ae8 Merge branch 'master' into staging 2016-07-08 20:36:44 +03:00
Nikolay Amiantov 4ae98c2064 Merge branch 'kbd-paths' into staging
Closes #16642
2016-07-08 20:35:25 +03:00
Nikolay Amiantov 00e67f0df0 systemd: use plymouth from system path 2016-07-08 15:23:47 +03:00
Nikolay Amiantov 8bbfba48c4 systemd: move hwdb patch to the fork itself 2016-07-08 15:23:47 +03:00
Nikolay Amiantov 1ac6f1fe25 systemd: update fork revision 2016-07-08 15:23:07 +03:00
Nikolay Amiantov c89843b604 kbd: split keymaps into kbdKeymaps 2016-07-08 12:52:39 +03:00
zimbatm 2459ddd4f6 Merge pull request #16703 from zimbatm/nologin-error
Nologin error
2016-07-07 22:58:53 +01:00
Joachim Fasting a2ebf45b47
grsecurity: 4.5.7-201606302132 -> 4.6.3-201607070721 2016-07-07 19:34:58 +02:00
Eelco Dolstra 04eb7492dc ixgbevf: Init at 3.2.2
This driver is necessary for Enhanced Networking on most EC2 instance
types.
2016-07-07 17:51:10 +02:00
Joachim Fasting 2dd009ec97 Merge pull request #16622 from womfoo/bump/sysstat-11.2.5
sysstat: 11.0.7 -> 11.2.5
2016-07-05 19:53:58 +02:00
Tobias Geerinckx-Rice cb86518fd3
radeontop: 2016-07-03 -> 2016-07-04
Add support for unprivileged use on both the Linux console and X.
2016-07-05 09:29:42 +02:00
zimbatm c1a202de05 shadow: fix passthru
The shadow package's shellPath wasn't detected properly

Fixes #16428
2016-07-04 15:12:27 +01:00
Eelco Dolstra 03fcbf6317 Merge pull request #16697 from mimadrid/update/perf-tools-20160418
perf-tools: 20150723 -> 20160418
2016-07-04 14:26:05 +02:00
Tuomas Tynkkynen 4085f4de5f Merge branch 'pr-newest-uboot' into master 2016-07-04 15:17:46 +03:00
Tuomas Tynkkynen 55aecd308e linux-rpi: 4.1.20-XXX -> 4.4.13-1.20160620-1
- Add a patch to unset CONFIG_LOCALVERSION in the v7 build.
- Copy all the device trees to match the upstream names so U-Boot can
  find them. (This is a hack.)
2016-07-04 15:13:29 +03:00
mimadrid b9315a6e24
perf-tools: 20150723 -> 20160418 2016-07-04 12:29:31 +02:00
aszlig 566c990f33
linux-testing: 4.6-rc6 -> 4.7-rc6
The config option DEVPTS_MULTIPLE_INSTANCES now no longer exists since
torvalds/linux@eedf265aa0.

Built successfully on my Hydra instance:

https://headcounter.org/hydra/log/r4n6sv0zld0aj65r7l494757s2r8w8sr-linux-4.7-rc6.drv

Verified unpacked tarball with GnuPG:

ABAF 11C6 5A29 70B1 30AB  E3C4 79BE 3E43 0041 1886

gpg: Signature made Mon 04 Jul 2016 08:13:05 AM CEST
gpg:                using RSA key 79BE3E4300411886
gpg: Good signature from "Linus Torvalds <torvalds@linux-foundation.org>"

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-07-04 10:46:48 +02:00
Tuomas Tynkkynen 1d069ff6ac rtl8723bs: Support all Linux 2016-07-04 02:07:13 +03:00
Tuomas Tynkkynen d8cd615720 raspberrypifw: 1.20160315 -> 1.20160620
- Use fetchFromGitHub
- Some files in bin/ are now shell scripts, so skip patchelf on any
  non-ELF files.

With this U-Boot can be successfully launched on a RPi 3.
2016-07-04 01:53:13 +03:00
Rastus Vernon 77d9966d93 cryptsetup: update project homepage
The project was moved from code.google.com to gitlab.com.
2016-07-03 21:43:52 +02:00
Tobias Geerinckx-Rice d01af30994
radeontop: 2015-11-24 -> 2016-07-03 2016-07-03 21:25:19 +02:00
Nikolay Amiantov 8530181246 kbd: add system-wise search paths for NixOS 2016-07-03 03:23:05 +03:00
Joachim Fasting 640ac5186f
grsecurity: 4.5.7-201606292300 -> 4.5.7-201606302132 2016-07-02 20:37:52 +02:00
Michele Guerini Rocco d75c7d0dcd btfs: 2.9 -> 2.10 (#16603) 2016-06-30 23:39:15 +02:00
Kranium Gikos Mendoza 84a1057b41 sysstat: 11.0.7 -> 11.2.5 2016-06-30 21:39:50 +08:00
Joachim Fasting 51c04b74c1
grsecurity: 4.5.7-201606280009 -> 4.5.7-201606292300 2016-06-30 11:09:59 +02:00
Al Zohali c4b346a539 conky: added double buffer support
Closes #16515.
2016-06-30 09:48:06 +02:00
Ruslan Babayev d515d72aba dpdk: pktgen: odp-dpdk: upgrades (#16585)
* dpdk: fix a typo

* dpdk: separate configure phase

* odp-dpdk: 1.8.0.0 -> 1.10.1.0

* pktgen: 3.0.00 -> 3.0.04

* pktgen: add withGtk build option
2016-06-29 10:34:17 +02:00
Vladimír Čunát 3afa246038 Merge branch 'staging'
This includes a security update of expat.
2016-06-29 07:47:04 +02:00
Joachim Fasting cd3da41b18 Merge pull request #16523 from grahamc/acpitool-patches
acpitool: port debian patches
2016-06-29 00:59:07 +02:00
Joachim Fasting cdcdc25ef3
grsecurity: 4.5.7-201606262019 -> 4.5.7-201606280009 2016-06-28 14:57:20 +02:00
Joachim Fasting d5eec25ff9
grsecurity: 4.5.7-201606222150 -> 4.5.7-201606262019 2016-06-27 21:42:17 +02:00
Franz Pletz 4bbb5c7e4c firmwareLinuxNonfree: 2016-01-26 -> 2016-05-18 2016-06-27 00:21:26 +02:00
Franz Pletz 4a16066852 linuxPackages.netatop: 0.7 -> 1.0 2016-06-27 00:20:13 +02:00
Franz Pletz 7e9affa7ee linux_4_3: Remove, not maintained anymore 2016-06-27 00:11:16 +02:00
Franz Pletz eed51eccef linux: 3.10.101 -> 3.10.102 2016-06-27 00:11:16 +02:00
Franz Pletz b7e0b118d9 linux: 3.12.57 -> 3.12.61 2016-06-27 00:11:04 +02:00
Franz Pletz 0387eddb51 linux: 3.14.65 -> 3.14.73 2016-06-27 00:10:38 +02:00
Franz Pletz 6165af4db2 linux: 3.18.29 -> 3.18.36 2016-06-27 00:09:56 +02:00
Franz Pletz 5806b185bd linux: 4.1.25 -> 4.1.27 2016-06-27 00:09:30 +02:00
Franz Pletz 4a942499b4 linux: 4.4.13 -> 4.4.14 2016-06-27 00:08:11 +02:00
Graham Christensen 085f98490e
acpitool: port debian patches
Without these patches, specifically the
0001-Do-not-assume-fixed-line-lengths-for-proc-acpi-wakeu.patch (wakeu
patch typo from upstream,) acpitool will consume 100% CPU when reading
long lines (>40 characters) like:

    ADP1	  S4	*disabled  platform:ACPI0003:00
2016-06-26 13:14:10 -05:00
Joachim Fasting 4fb72b2fd3
grsecurity: 4.5.7-201606202152 -> 4.5.7-201606222150 2016-06-26 17:27:17 +02:00
Joachim Fasting 5313f1096a Merge pull request #16510 from womfoo/guvcview
guvcview: 2.0.2 -> 2.0.4
2016-06-26 13:24:54 +02:00
Kranium Gikos Mendoza 66073374af guvcview: 2.0.2 -> 2.0.4 2016-06-26 13:44:24 +08:00
Tim Steinbach 125ffff089 kernel: 4.6.2 -> 4.6.3 2016-06-24 22:18:16 +00:00
Vladimír Čunát 6b27ceb006 Merge 'master' into staging and re-revert merge
... from staging to master, reverted temporarily in aa9a04883e.
2016-06-23 12:09:03 +02:00
Vladimír Čunát aa9a04883e Revert "Merge branch 'staging'" due to glibc
The main output started to retain dependency on bootstrap-tools; see
https://github.com/NixOS/nixpkgs/pull/15867#issuecomment-227949096

This reverts commit c05d829598, reversing
changes made to f073df60d6.
2016-06-23 09:25:10 +02:00
Joachim Fasting 9d052a2c39
grsecurity: 4.5.7-201606142010 -> 4.5.7-201606202152 2016-06-23 00:55:54 +02:00
Vladimír Čunát c05d829598 Merge branch 'staging' 2016-06-22 10:49:56 +02:00
Tobias Geerinckx-Rice eec8d44335
nvidia_x11_legacy*: remove unused nvidia-340.76-kernel-4.0.patch 2016-06-22 03:58:55 +02:00
Gabriel Ebner 0d9bb144d9 dstat: 0.7.2 -> 0.7.3 2016-06-20 18:08:31 +02:00
Bjørn Forsman bd01fad0ed Captialize meta.description of all packages
In line with the Nixpkgs manual.

A mechanical change, done with this command:

  find pkgs -name "*.nix" | \
      while read f; do \
          sed -e 's/description\s*=\s*"\([a-z]\)/description = "\u\1/' -i "$f"; \
      done

I manually skipped some:

* Descriptions starting with an abbreviation, a user name or package name
* Frequently generated expressions (haskell-packages.nix)
2016-06-20 13:55:52 +02:00
Eelco Dolstra 453086a15f linux: 4.4.12 -> 4.4.13 2016-06-20 13:11:55 +02:00
zimbatm 7c32638439 Merge pull request #16259 from layus/update-mptcp
linux_mptcp: update 0.90 -> 0.90.1
2016-06-20 09:29:07 +01:00
zimbatm 31c158ad45 Merge pull request #16189 from zimbatm/usershell-config
User shell config
2016-06-19 23:36:45 +01:00
Vladimír Čunát e757404555 Merge branch 'master' into staging
Hydra nixpkgs: ?compare=1279790
2016-06-19 12:33:04 +02:00
Vladimír Čunát 97c484a10f treewide: fix #include errors after gcc-5.4
They were mostly missing <cmath> or <math.h>.
2016-06-19 10:18:30 +02:00
Aristid Breitkreuz 6a3dcb70bc Merge pull request #16112 from abuibrahim/master
odp-dpdk: init at 1.8.0.0
2016-06-18 17:09:13 +02:00
Joachim Fasting 875fd5af73
grsecurity: 4.5.7-201606110914 -> 4.5.7-201606142010 2016-06-16 14:29:12 +02:00
Ruslan Babayev de67e77e3f odp-dpdk: init at 1.8.0.0
Signed-off-by: Ruslan Babayev <ruslan@babayev.com>
2016-06-15 22:17:03 -07:00
Guillaume Maudoux d73b7d101f linux_mptcp: 0.90 -> 0.90.1 2016-06-15 22:56:11 +02:00
Joachim Fasting 130b06eb0b
grsecurity: 4.5.7-201606080852 -> 4.5.7-201606110914 2016-06-14 14:18:01 +02:00
Franz Pletz 99cc3fa6ca systemd: Disable stackprotector hardening flag 2016-06-14 10:19:05 +00:00
Joachim Fasting 886c03ad2e Merge pull request #16107 from joachifm/grsec-ng
Rework grsecurity support
2016-06-14 03:52:50 +02:00
Joachim Fasting 75b9a7beac
grsecurity: implement a single NixOS kernel
This patch replaces the old grsecurity kernels with a single NixOS
specific grsecurity kernel.  This kernel is intended as a general
purpose kernel, tuned for casual desktop use.

Providing only a single kernel may seem like a regression compared to
offering a multitude of flavors.  It is impossible, however, to
effectively test and support that many options.  This is amplified by
the reality that very few seem to actually use grsecurity on NixOS,
meaning that bugs go unnoticed for long periods of time, simply because
those code paths end up never being exercised.  More generally, it is
hopeless to anticipate imagined needs.  It is better to start from a
solid foundation and possibly add more flavours on demand.

While the generic kernel is intended to cover a wide range of use cases,
it cannot cover everything.  For some, the configuration will be either
too restrictive or too lenient.  In those cases, the recommended
solution is to build a custom kernel --- this is *strongly* recommended
for security sensitive deployments.

Building a custom grsec kernel should be as simple as
```nix
linux_grsec_nixos.override {
  extraConfig = ''
    GRKERNSEC y
    PAX y
    # and so on ...
  '';
}
```

The generic kernel should be usable both as a KVM guest and host.  When
running as a host, the kernel assumes hardware virtualisation support.
Virtualisation systems other than KVM are *unsupported*: users of
non-KVM systems are better served by compiling a custom kernel.

Unlike previous Grsecurity kernels, this configuration disables `/proc`
restrictions in favor of `security.hideProcessInformation`.

Known incompatibilities:
- ZFS: can't load spl and zfs kernel modules; claims incompatibility
  with KERNEXEC method `or` and RAP; changing to `bts` does not fix the
  problem, which implies we'd have to disable RAP as well for ZFS to
  work
- `kexec()`: likely incompatible with KERNEXEC (unverified)
- Xen: likely incompatible with KERNEXEC and UDEREF (unverified)
- Virtualbox: likely incompatible with UDEREF (unverified)
2016-06-14 00:08:20 +02:00
zimbatm ae34904ee9 Merge pull request #16160 from vrthra/mupdf
mupdf: 1.8 -> 1.9
2016-06-12 23:26:34 +01:00
zimbatm e2413ad5a8 shadow: add shellPath passthru
This one is a bit special, it's used to deny users from logging in.
2016-06-12 20:13:32 +01:00
Christoph Hrdinka 473062c9a7 kmod-debian-aliases: 21-1 -> 22-1.1 2016-06-12 20:15:42 +02:00
Rahul Gopinath b8a525a8b6 jfbview: update mupdf 1.8 -> 1.9 2016-06-12 09:48:34 -07:00
Joachim Fasting 4ae5eb97f1
kernel: set virtualization options regardless of grsec
Per my own testing, the NixOS grsecurity kernel works both as a
KVM-based virtualisation host and guest; there appears to be no good
reason to making these conditional on `features.grsecurity`.

More generally, it's unclear what `features.grsecurity` *means*. If
someone configures a grsecurity kernel in such a fashion that it breaks
KVM support, they should know to disable KVM themselves.
2016-06-10 19:27:59 +02:00
Joachim Fasting d8e4432fe2
kernel: unconditionally disable /dev/kmem
This was presumably set for grsecurity compatibility, but now appears
redundant.  Grsecurity does not expect nor require /dev/kmem to be
present and so it makes little sense to continue making its inclusion in
the standard kernel dependent on grsecurity.

More generally, given the large number of possible grsecurity
configurations, it is unclear what `features.grsecurity` even
*means* and its use should be discouraged.
2016-06-10 19:27:41 +02:00
Shea Levy 4fbafb2395 linux 4.6.1 -> 4.6.2 2016-06-10 09:30:11 -04:00
Robin Gloster 8031cba2ab Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-06-10 09:27:04 +00:00
Joachim Fasting edc36a0091
grsecurity: 4.5.6-201606051644 -> 4.5.7-201606080852 2016-06-09 15:40:06 +02:00
Vladimír Čunát 20c2ce4954 Merge #16045: kernel: 4.6.0 -> 4.6.1 2016-06-09 14:37:32 +02:00
Vladimír Čunát c0895be3ee Merge #16044: kernel: 4.1.20 -> 4.1.25 2016-06-09 14:36:31 +02:00
Vladimír Čunát f9310c2eee Merge #16043: kernel: 4.4.11 -> 4.4.12 2016-06-09 14:34:50 +02:00
Joachim Fasting 7a29c403fd Merge pull request #16046 from NeQuissimus/kernel456
kernel: 4.5.5 -> 4.5.6
2016-06-09 13:56:13 +02:00
Ruslan Babayev ff8362aeb4 pktgen: build with the same CFLAGS as dpdk 2016-06-07 20:11:50 -07:00
Tuomas Tynkkynen f2e6c25dc9 fusionio: Use makeLibraryPath 2016-06-07 21:18:10 +03:00
Tim Steinbach 269b7d30a7 kernel: 4.6.0 -> 4.6.1 2016-06-07 09:59:19 -04:00
Tim Steinbach 8f4755a0ae kernel: 4.5.5 -> 4.5.6 2016-06-07 09:58:24 -04:00
Tim Steinbach a57cbf6546 kernel: 4.4.11 -> 4.4.12 2016-06-07 09:57:47 -04:00
Tim Steinbach f3ebf13762 kernel: 4.1.20 -> 4.1.25 2016-06-07 09:57:07 -04:00
Joachim Fasting 72899d92d0
grsecurity: 4.5.5-201605291201 -> 4.5.6-201606051644 2016-06-07 15:04:24 +02:00
Tobias Geerinckx-Rice 0264d34058
mcelog: 137 -> 138 2016-06-07 12:49:26 +02:00
Tuomas Tynkkynen bac26e08db Fix lots of fetchgit hashes (fallout from #15469) 2016-06-03 17:17:08 +03:00
Alexander Kjeldaas 4c99d22f19 kernel: set nx bit on module ro segments
Fixes #4757.
2016-06-03 15:41:47 +02:00
Joachim Fasting 45c6dee427 Merge pull request #15884 from grahamc/nvidia-x11
nvidia-x11: 361.42 -> 361.45.11
2016-06-02 23:26:39 +02:00
Domen Kožar 55b8868baf Merge pull request #15919 from abuibrahim/master
dpdk: refactor to allow building extapps
2016-06-02 17:25:53 +01:00
Tuomas Tynkkynen 06c0209d53 systemd: Disable systemd-boot on ARM
Temporary workaround for the EFI stuff not working.
2016-06-02 14:54:44 +03:00
Ruslan Babayev 6d3fcd33d7 pktgen: init at 3.0.00 2016-06-02 02:12:06 -07:00
Ruslan Babayev 49b985b241 dpdk: make primary output usable as RTE_SDK 2016-06-02 02:12:06 -07:00
Ruslan Babayev 7334e925b4 dpdk: separate kernel modules 2016-06-02 02:12:06 -07:00
Ruslan Babayev 9f3c0f9716 dpdk: move apps to examples output 2016-06-02 02:12:06 -07:00
Ruslan Babayev 6a7f257e88 dpdk: install examples to bin 2016-06-02 02:12:06 -07:00
Ruslan Babayev e54ef8bb16 dpdk: add dependencies for vm_power_mgr example 2016-06-02 02:12:06 -07:00
Graham Christensen 180417f385
nvidia-x11: 361.42 -> 361.45.11 2016-05-31 22:23:54 -05:00
Tobias Pflug 68b0f2f500 reattach-to-user-namespace: fix sha (#15871) 2016-06-01 01:40:50 +02:00
Franz Pletz d3e0849785 batman-adv: 2016.0 -> 2016.1 2016-05-31 20:10:26 +02:00
Eelco Dolstra 66d5ca6f42 systemd: Build EFI image 2016-05-31 17:02:33 +02:00
Robin Gloster 878e24b35a linuxPackages.dpdk: disable pic hardening 2016-05-31 12:35:54 +00:00
Robin Gloster 2d382f3d98 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-05-30 19:39:34 +00:00
Bjørn Forsman 2661511cdb bluez: 5.39 -> 5.40
A bugfix release:
http://www.bluez.org/release-of-bluez-5-40/

(I've tested this with nox-review; no new breakage.)
2016-05-30 20:56:59 +02:00
Joachim Fasting bfefc54bc5
grsecurity: 4.5.5-201605211442 -> 4.5.5-201605291201 2016-05-29 20:34:24 +02:00
Marius Bakke 4561a649f4 openvswitch: 2.3.1 -> 2.5.0 (#15729) 2016-05-28 16:02:04 +02:00
rnhmjoj 862ccab89c
btfs: 2.8 -> 2.9 2016-05-28 15:21:15 +02:00
Thomas Tuegel fe57d54992 Merge pull request #15733 from mbakke/bluez-5.39
bluez5: 5.37 -> 5.39
2016-05-28 07:24:44 -05:00
Vladimír Čunát e4832c7541 Merge branch 'staging'
Includes a security update of libxml2.
2016-05-27 15:58:40 +02:00
Luca Bruno 663beaa79f Revert "Revert "systemd: 229 -> 230""
This reverts commit 11894782ed.

cc @edolstra, re-reverting. Looks like it's an intended systemd change.
2016-05-27 11:07:29 +02:00
Luca Bruno 11894782ed Revert "systemd: 229 -> 230"
This reverts commit a2f21a54a1.

cc @edolstra the new version does not install many .pc files
like login, journal, daemon, ...
2016-05-27 11:06:21 +02:00
Joachim Fasting 1c07183dc1 Merge pull request #15728 from grahamc/facetimehd-firmware
Facetimehd-Firmware: Update,  add update documentation, add myself as maintainer
2016-05-27 00:21:21 +02:00
Graham Christensen f993e6543a
facetimehd, facetimehd-firmware: Add grahamc as a maintainer 2016-05-26 14:10:03 -05:00
Graham Christensen 24a87685e2
facetimehd: Document updating the facetimehd-firmware 2016-05-26 14:10:01 -05:00
aszlig 6f8d2d6917
kmscon: Fix build against systemd 230
From the changelog:

  The compatibility libraries libsystemd-daemon.so,
  libsystemd-journal.so, libsystemd-id128.so, and libsystemd-login.so
  which have been deprecated since systemd-209 have been removed along
  with the corresponding pkg-config files. All symbols provided by those
  libraries are provided by libsystemd.so.

So let's just replace the use of libsystemd-daemon and libsystemd-login
with libsystemd in the configure script until a new version of kmscon
comes along.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-26 21:05:55 +02:00
Graham Christensen 27bf0d203d
facetimehd-firmware: 1.43 -> 1.43_4 2016-05-26 14:05:45 -05:00
Vladimír Čunát 81039713fa Merge branch 'master' into staging
... to get the systemd update (rebuilding ~7k jobs).
2016-05-26 16:50:22 +02:00
Eelco Dolstra a2f21a54a1 systemd: 229 -> 230
See https://github.com/systemd/systemd/blob/v230/NEWS for details.

The main incompatible change is that processes are now killed by
default when you exit a session. Thus, for example, using nohup in an
SSH session no longer works. You have to use "loginctl enable-linger"
and "systemd-run --user" to create a process that survives logout.
2016-05-26 16:20:00 +02:00
Marius Bakke 8af730b0a9 bluez5: 5.37 -> 5.39 2016-05-25 20:30:28 +01:00
Tobias Geerinckx-Rice 9efd3d444e
cifs_utils: 6.4 -> 6.5; maintain 2016-05-25 02:06:47 +02:00
Nahum Shalman 5420f7f6e0 spl: 0.6.5.6 -> 0.6.5.7 (#15669) 2016-05-24 16:24:17 +02:00
Joachim Fasting 1badc60338
paxtest: refactoring
- Use standard phase hooks
- Install test helpers into $out/lib/paxtest instead of dumping
  them into PATH
- Set PAXBIN=paxctl so that the appropriate pax flags are set
2016-05-24 16:14:41 +02:00
Rok Garbas 66dc2d50dd tp-smapi: 0.41 -> 0.42 2016-05-24 13:26:47 +02:00
Rok Garbas 81eceb14be zfs: 0.6.5.6 -> 0.6.5.7 2016-05-24 12:36:08 +02:00
Franz Pletz 075f36aeda lxc: 2.0.0 -> 2.0.1 2016-05-23 19:30:45 +02:00
Vladimír Čunát 0b192a0976 Merge branch 'master' into staging
That's to get mesa rebuild from master, as it's nontrivial.
2016-05-23 09:02:10 +02:00
Eelco Dolstra 3ee6b22dc3 linux: 4.4.10 -> 4.4.11 2016-05-22 23:05:10 +02:00
Vladimír Čunát c4661e9643 Merge: make dev output references explicit
This is a rebase of most commits from #14766,
resolving conflicts and a few other evaluation problems.
2016-05-22 12:09:23 +02:00
Joachim Fasting 5a357d9731
grsecurity: 4.5.5-201605202102 -> 4.5.5-201605211442 2016-05-21 22:28:36 +02:00
Kranium Gikos Mendoza bc93957bb5 facetimehd: git-20160127 -> git-20160503
Fixes issues with kernels newer than 4.4.
2016-05-21 21:19:54 +02:00
Joachim Fasting 79481bd68f
linux: 4.5.4 -> 4.5.5 2016-05-21 07:37:41 +02:00
Joachim Fasting cdf2ffda9d
grsecurity: 4.5.4-201605131918 -> 4.5.5-201605202102 2016-05-21 07:37:41 +02:00
Edward Tjörnhammar f7aed7a00d
ati-drivers: migrate some patches from gentoo ati-drivers
https://anaongit.gentoo.org/git/repo/gentoo.git @ 52dac7bdbb16f2353b15137165b69056034d7ad0
and parents for further source information.
2016-05-20 13:14:31 +02:00
Nikolay Amiantov 74cba61eb0 linuxPackages.dpdk: force deterministic arch yet again 2016-05-19 13:53:24 +03:00
Vladimír Čunát c02f0ade90 fix evaluation on darwin, fixing tarball job fully 2016-05-19 10:04:43 +02:00
Tuomas Tynkkynen 1819181726 treewide: Make explicit that 'dev' output of xorgserver is used 2016-05-19 10:04:41 +02:00
Tuomas Tynkkynen 51ca347278 treewide: Make explicit that 'dev' output of libXxf86vm is used 2016-05-19 10:04:40 +02:00
Tuomas Tynkkynen 99acb412ab treewide: Make explicit that 'dev' output of ncurses is used 2016-05-19 10:00:49 +02:00
Tuomas Tynkkynen 603dcd6263 treewide: Make explicit that 'dev' output of libnl is used 2016-05-19 10:00:43 +02:00
Tuomas Tynkkynen 3865e739de treewide: Make explicit that 'dev' output of binutils-raw is used 2016-05-19 10:00:26 +02:00
Tuomas Tynkkynen e6e1e69b4f Merge pull request #14479 from ragnard/bcc
bcc: init at git-2016-05-18
2016-05-19 05:05:18 +03:00
Domen Kožar a7ca56428a dpdk: set NIX_ENFORCE_NO_NATIVE = 0 to fix build
Since 0c6db0ca48 the build would fail
since it relies on sse instructions.

cc @abbradar to be sure this is correct fix
2016-05-18 16:25:57 +01:00
Franz Pletz f8d481754c
Merge remote-tracking branch 'origin/master' into hardened-stdenv 2016-05-18 17:10:02 +02:00
Tobias Geerinckx-Rice b71463128c
lm_sensors: add Fedora mirror
Upstream's down, causing build failures on machines not mine.
Verified against cached upstream tarball in my store.
2016-05-18 15:58:01 +02:00
Tobias Geerinckx-Rice 311b56b764
lm_sensors: 3.3.5 -> 3.4.0 2016-05-18 15:55:22 +02:00
Ragnar Dahlén 897df5b6a7 bcc: init at git-2016-05-18 2016-05-18 11:09:18 +01:00
Domen Kožar b49bf121b8 rename iElectric to domenkozar to match GitHub 2016-05-17 13:00:47 +01:00
Tobias Geerinckx-Rice 806ce6323e
mcelog: 136 -> 137 2016-05-17 00:49:57 +02:00
Franz Pletz e98a0bc9e0 Merge pull request #15476 from matthiasbeyer/update-unmaintained
Update unmaintained packages
2016-05-16 23:45:11 +02:00
Peter Simons 8e462995ba Bring my stdenv.lib.maintainers user name in line with my github nick. 2016-05-16 22:49:55 +02:00
Shea Levy 1ea263ef03 linux-4.6: Fix copy-paste error.
Thanks to @NeQuissimus for the spot
2016-05-16 13:53:23 -04:00
Shea Levy 0373eb86f1 Linux 4.6 2016-05-16 11:56:39 -04:00
Matthias Beyer d0abe9fb35 lsscsi: 0.27 -> 0.28 2016-05-16 16:12:22 +02:00
Vladimír Čunát e5d40c6fa3 Merge branch 'staging'
Hydra is only half-finished, but we'd better get secure glibc fast.
2016-05-16 10:15:28 +02:00
Joachim Fasting f99c86eec1
grsecurity: remove expressions for unsupported versions
Retain top-level attributes for now but consolidate compatibility
attributes.

Part of ongoing cleanup, doing it all at once is infeasible.
2016-05-16 09:10:27 +02:00
Joachim Fasting 4cf524e588
udev182: fix build against linux 4.4 headers
Fix from https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=libudev0
2016-05-16 01:35:57 +02:00
Vladimír Čunát 024d44dd61 Merge #15449: update default Linux headers
...to those of the default NixOS kernel
2016-05-14 22:25:04 +02:00
Vladimír Čunát 26e8e3e654 util-linux: use sha256 instead of sha512 again
/cc #15048. I believe the usage of sha512 here at this point
brings very little gain and can be quite painful to some users.
2016-05-14 22:19:28 +02:00
Tuomas Tynkkynen b7437eb012 tcp_wrappers: Remove separate builder.sh and use standard stdenv phases
For instance, this means that the binaries get stripped properly
(previously this package retained a reference to glibc headers).
2016-05-14 21:05:58 +03:00
Joachim Fasting c9750f5382
linuxHeaders_4_4: init at 4.4.10 2016-05-14 09:14:00 +02:00
Joachim Fasting 77022120f7 Merge pull request #15347 from joachifm/kernel-headers-cleanup
linuxHeaders cleanup
2016-05-14 08:53:48 +02:00
Joachim Fasting 6194e9d801
kernelPatches.grsecurity: 4.5.4-201605122039 -> 4.5.4-201605131918
Also revert to using the grsecurity-scrape mirror; relying on upstream
just isn't viable. Lately, updates have been so frequent that a new
version is released before Hydra even gets around to building the
previous one.
2016-05-14 05:15:35 +02:00
Joachim Fasting 7fdce2feb0
kernelPatches.grsecurity_4_5: 4.5.4-201605112030 -> 4.5.4-201605122039 2016-05-13 23:11:07 +02:00
Joachim Fasting 10aaca8c1f
grsecurity_4_5: 4.5.3-201605080858 -> 4.5.4-201605112030 2016-05-13 20:11:31 +02:00
Joachim Fasting ec2ddf284d
systemd: get linuxHeaders from stdenv
Building against anything other than the headers used to build libc
doesn't really make any sense.
2016-05-13 19:35:09 +02:00
Franz Pletz 006f6d9437 linux: 4.5.3 -> 4.5.4 2016-05-13 17:27:51 +02:00