Commit graph

5670 commits

Author SHA1 Message Date
Daniel Peebles
9615afa04b Merge pull request #19517 from dipinhora/darwin-yosemite-support
Re-enable support for OS X 10.10 for darwin.
2016-10-13 22:46:33 -04:00
Franz Pletz
f30f7d0cff
powertop: add homepage, cleanup 2016-10-14 00:02:30 +02:00
dipinhora
6152c1ea7f Re-enable support for OS X 10.10 for darwin. 2016-10-13 11:09:37 -04:00
Graham Christensen
88a47f1950 Merge pull request #19467 from grahamc/nvidia-x11-master
nvidia-x11: 367.35 -> 367.57
2016-10-12 19:07:29 -04:00
Daniel Peebles
77d1fb94f1 Merge pull request #19470 from copumpkin/fix-sierra
Fix Darwin stdenv to work on Sierra
2016-10-12 19:04:03 -04:00
Dan Peebles
d8a0307a5d [darwin.stdenv] Fix to work on Sierra
This reinstates the libSystem selective symbol export machinery we used
to have, but locks it to the symbols that were present in 10.11 and skips
the actual compiled code we put into that library in favor of the system
initialization code. That should make it more stable and less likely to
do weird stuff than the last time we did this.
2016-10-12 00:08:13 -04:00
Graham Christensen
b98c0a668e
nvidia-x11: 367.35 -> 367.57 2016-10-11 19:43:58 -04:00
Vladimír Čunát
9d1dfc9ed0 Merge #18861: add AMDGPU-PRO driver 2016-10-11 19:57:30 +02:00
David McFarland
3b4ce62451 amdgpu-pro: Init at 16.30.3-315407 2016-10-11 14:19:38 -03:00
Joachim Fasting
ce73a3ea0f grsecurity: 4.7.6-201609301918 -> 4.7.7-201610101902 2016-10-11 13:15:16 +02:00
Eelco Dolstra
88f10ad409 aggregateModules: Preserve kernel's modules.{builtin,order}
Fixes #19426.
2016-10-11 11:42:41 +02:00
sternenseemann
3fb2993cb3 maintainers: rename lukasepple according to github account name 2016-10-09 22:04:22 +02:00
Aneesh Agrawal
f0602d2d36 kernel: Make SECURITY_YAMA optional
It's highly recommended, but not required to run NixOS.
2016-10-08 17:46:33 +02:00
Aneesh Agrawal
a000ed181c linux config: enable the Yama LSM (#14392)
The Yama Linux Security Module restricts the use of ptrace so that
processes cannot ptrace processes that are not their children. This
prevents attackers from compromising one user-level processes and
snooping on the memory and runtime state of other processes owned
by the same user.
2016-10-08 16:40:12 +02:00
Tim Steinbach
a699eb4798 linux: 4.4.23 -> 4.4.24 (#19346) 2016-10-08 07:02:07 +02:00
Tim Steinbach
9481edec56 linux: 4.7.6 -> 4.7.7 (#19345) 2016-10-08 07:01:51 +02:00
Tim Steinbach
07e67b33af linux: 4.8.0 -> 4.8.1 (#19344) 2016-10-08 07:01:27 +02:00
Marco Maggesi
435673b948 Revert "Revert "linux*: remove 3.14, as it's no longer maintained""
In the end, it is too dangerous to have an unmaintained kernel in
nixpkgs.  Revert the revert.

This reverts commit e921725176.
2016-10-07 23:26:32 +02:00
Marco Maggesi
e921725176 Revert "linux*: remove 3.14, as it's no longer maintained"
This is the simplest way to reenable the use of BLCR
(which at present requires linux version >3.12 <3.18)
until we find a better solution.

This reverts commit 6a9e765e27.
2016-10-07 14:31:24 +02:00
Jude Taylor
3dee596ed1 reinstate libiconv/libcharset wrapper 2016-10-06 11:56:32 -07:00
Thomas Tuegel
2e255a2edd
Merge branch 'staging' 2016-10-06 09:51:02 -05:00
Eelco Dolstra
a8b61b0aad Merge pull request #19278 from anderspapitto/local
perf: add dependency on libaudit
2016-10-06 11:45:54 +02:00
Anders Papitto
aa44330963 perf: add dependency on libaudit
the `trace` subcommand of perf is only enabled when libaudit is
available at compile time
2016-10-05 17:59:44 -07:00
Jörg Thalheim
638d4b4d71 Merge pull request #19265 from Mic92/rtkit
rtkit: apply security relevant patch
2016-10-06 00:07:35 +02:00
Eelco Dolstra
f084274eeb Merge pull request #19251 from groxxda/patch-2
kernel: Disable RT_GROUP_SCHED
2016-10-05 20:05:18 +02:00
Vladimír Čunát
30f551d8b2 Merge branch 'master' into staging 2016-10-05 19:02:48 +02:00
Jörg Thalheim
c684eb756a
rtkit: *security* Pass uid of caller to polkit
Otherwise, we force polkit to look up the uid itself in /proc, which is racy if
they execve() a setuid binary.
2016-10-05 18:11:02 +02:00
Alexander Ried
96fbdf8594 kernel: Disable RT_GROUP_SCHED
Follow systemd recommendation
fd74fa791f/README (L96-L103)
2016-10-05 12:52:45 +02:00
Alexander Ried
4e91e8cb3d rtkit: add patch from debian to remove ControlGroup stanza
fixes log clutter:
systemd[1]: [/nix/store/....-rtkit-0.11/etc/systemd/system/rtkit-daemon.service:32] Unknown lvalue 'ControlGroup' in section 'Service'
2016-10-05 11:23:11 +02:00
Thomas Tuegel
d067b7bd35
Merge branch 'kde-5' into staging 2016-10-04 21:50:17 -05:00
Shea Levy
e54313d183 Revert "Revert "Linux 4.8""
Now featuring @aszlig's modinst_arg_list_too_long patch.

This reverts commit 43bedb970d.

Fixes #19213
2016-10-04 10:10:36 -04:00
Shea Levy
43bedb970d Revert "Linux 4.8"
This reverts commit e4958d54b1.
2016-10-03 22:04:43 -04:00
Vladimír Čunát
1525568c74 util-linux: fixup patch hash from grandparent merge
And name the file, too.
2016-10-03 23:06:51 +02:00
Jörg Thalheim
45f64a37c9 Merge pull request #19175 from Mic92/util-linux
util-linux: workaround CVE-2016-2779
2016-10-03 22:53:21 +02:00
Jörg Thalheim
888f6a1280 Merge pull request #19199 from wizeman/u/fix-help2man-hash
help2man: fix hash
2016-10-03 19:26:44 +02:00
Franz Pletz
beca8946ee
jool: 3.4.5 -> 3.5.0 2016-10-03 18:25:28 +02:00
Shea Levy
e4958d54b1 Linux 4.8 2016-10-03 08:45:45 -04:00
Eric Sagnes
58d44a376e wireguard: 2016-08-08 -> 2016-10-01 2016-10-03 17:06:11 +09:00
Jörg Thalheim
ba00ba65eb
util-linux: workaround CVE-2016-2779
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779
2016-10-03 08:49:56 +02:00
Joachim Fasting
9a9237e0aa
grsecurity: revamp nixos kernel config
Cleanup:
- Restructure & add some commentary
- Remove redundant option specs given the auto config
  constraints (some are left in for documentation purposes)

Changes:
- GRKERNSEC_CONFIG_VIRT_HOST -> GUEST
  The former deselects paravirtualization and friends
- PAX_LATENT_ENTROPY n -> y (implied by auto)
- GRKERNSEC_ACL_HIDEKERN y -> n
  Possibly useless with redistribution
2016-10-02 19:25:58 +02:00
Joachim Fasting
1bb7b44cd7
grsecurity: make GRKERNSEC y and PAX y implicit
These options should always be specified. Note, an implication of this
change is that not specifying any grsec/PaX options results in a build
failure.
2016-10-02 19:25:58 +02:00
Tuomas Tynkkynen
19225bf5cc Merge remote-tracking branch 'upstream/master' into staging 2016-10-02 10:36:47 +03:00
Tuomas Tynkkynen
f5dd3a703d treewide: Fix more lib.optional misuses 2016-10-02 00:44:10 +03:00
Aneesh Agrawal
fcee1d0b28
Remove redundant -DCMAKE_BUILD_TYPE=Release flags
Since commit 183d05a0 in 2012, this is the default.

fixes #18000
2016-10-01 16:13:41 +02:00
Joachim Fasting
2ec9a1a955
grsecurity: 4.7.5-201609261522 -> 4.7.6-201609301918 2016-10-01 08:47:30 +02:00
Joachim Fasting
22108b7a10
linux_4_7: 4.7.5 -> 4.7.6 2016-10-01 08:46:31 +02:00
Eelco Dolstra
613a12a8bd linux: 4.4.22 -> 4.4.23 2016-09-30 14:41:19 +02:00
Eelco Dolstra
8b09ba32d3 systemd: Apply various upstream bug fixes
This includes the fix for the assertion failure in
https://github.com/systemd/systemd/issues/4234.
2016-09-30 11:23:51 +02:00
rnhmjoj
7cf7572734
btfs: 2.11 -> 2.12 2016-09-30 01:23:16 +02:00
Eelco Dolstra
fe9e5f9f55 pam_usb: Fix evaluation 2016-09-29 20:35:40 +02:00