Frederik Rietdijk
58c41ecd35
crda: use python2
2016-10-18 23:16:08 +02:00
Frederik Rietdijk
e9f8ee3ab4
iotop: use python2
2016-10-18 23:14:35 +02:00
Vladimír Čunát
061758490f
Merge branch 'master' into staging
...
... to get the openssl mass rebuild: 942dbf89c
.
2016-10-14 13:16:11 +02:00
Vladimír Čunát
6eeea6effd
Python: more evaluation fixups.
2016-10-14 00:03:12 +02:00
Franz Pletz
f30f7d0cff
powertop: add homepage, cleanup
2016-10-14 00:02:30 +02:00
Graham Christensen
88a47f1950
Merge pull request #19467 from grahamc/nvidia-x11-master
...
nvidia-x11: 367.35 -> 367.57
2016-10-12 19:07:29 -04:00
Graham Christensen
b98c0a668e
nvidia-x11: 367.35 -> 367.57
2016-10-11 19:43:58 -04:00
Vladimír Čunát
9d1dfc9ed0
Merge #18861 : add AMDGPU-PRO driver
2016-10-11 19:57:30 +02:00
David McFarland
3b4ce62451
amdgpu-pro: Init at 16.30.3-315407
2016-10-11 14:19:38 -03:00
Joachim Fasting
ce73a3ea0f
grsecurity: 4.7.6-201609301918 -> 4.7.7-201610101902
2016-10-11 13:15:16 +02:00
Eelco Dolstra
88f10ad409
aggregateModules: Preserve kernel's modules.{builtin,order}
...
Fixes #19426 .
2016-10-11 11:42:41 +02:00
sternenseemann
3fb2993cb3
maintainers: rename lukasepple according to github account name
2016-10-09 22:04:22 +02:00
Aneesh Agrawal
f0602d2d36
kernel: Make SECURITY_YAMA optional
...
It's highly recommended, but not required to run NixOS.
2016-10-08 17:46:33 +02:00
Aneesh Agrawal
a000ed181c
linux config: enable the Yama LSM ( #14392 )
...
The Yama Linux Security Module restricts the use of ptrace so that
processes cannot ptrace processes that are not their children. This
prevents attackers from compromising one user-level processes and
snooping on the memory and runtime state of other processes owned
by the same user.
2016-10-08 16:40:12 +02:00
Tim Steinbach
a699eb4798
linux: 4.4.23 -> 4.4.24 ( #19346 )
2016-10-08 07:02:07 +02:00
Tim Steinbach
9481edec56
linux: 4.7.6 -> 4.7.7 ( #19345 )
2016-10-08 07:01:51 +02:00
Tim Steinbach
07e67b33af
linux: 4.8.0 -> 4.8.1 ( #19344 )
2016-10-08 07:01:27 +02:00
Marco Maggesi
435673b948
Revert "Revert "linux*: remove 3.14, as it's no longer maintained""
...
In the end, it is too dangerous to have an unmaintained kernel in
nixpkgs. Revert the revert.
This reverts commit e921725176
.
2016-10-07 23:26:32 +02:00
Marco Maggesi
e921725176
Revert "linux*: remove 3.14, as it's no longer maintained"
...
This is the simplest way to reenable the use of BLCR
(which at present requires linux version >3.12 <3.18)
until we find a better solution.
This reverts commit 6a9e765e27
.
2016-10-07 14:31:24 +02:00
Thomas Tuegel
2e255a2edd
Merge branch 'staging'
2016-10-06 09:51:02 -05:00
Eelco Dolstra
a8b61b0aad
Merge pull request #19278 from anderspapitto/local
...
perf: add dependency on libaudit
2016-10-06 11:45:54 +02:00
Anders Papitto
aa44330963
perf: add dependency on libaudit
...
the `trace` subcommand of perf is only enabled when libaudit is
available at compile time
2016-10-05 17:59:44 -07:00
Jörg Thalheim
638d4b4d71
Merge pull request #19265 from Mic92/rtkit
...
rtkit: apply security relevant patch
2016-10-06 00:07:35 +02:00
Eelco Dolstra
f084274eeb
Merge pull request #19251 from groxxda/patch-2
...
kernel: Disable RT_GROUP_SCHED
2016-10-05 20:05:18 +02:00
Vladimír Čunát
30f551d8b2
Merge branch 'master' into staging
2016-10-05 19:02:48 +02:00
Jörg Thalheim
c684eb756a
rtkit: *security* Pass uid of caller to polkit
...
Otherwise, we force polkit to look up the uid itself in /proc, which is racy if
they execve() a setuid binary.
2016-10-05 18:11:02 +02:00
Alexander Ried
96fbdf8594
kernel: Disable RT_GROUP_SCHED
...
Follow systemd recommendation
fd74fa791f/README (L96-L103)
2016-10-05 12:52:45 +02:00
Alexander Ried
4e91e8cb3d
rtkit: add patch from debian to remove ControlGroup stanza
...
fixes log clutter:
systemd[1]: [/nix/store/....-rtkit-0.11/etc/systemd/system/rtkit-daemon.service:32] Unknown lvalue 'ControlGroup' in section 'Service'
2016-10-05 11:23:11 +02:00
Thomas Tuegel
d067b7bd35
Merge branch 'kde-5' into staging
2016-10-04 21:50:17 -05:00
Shea Levy
e54313d183
Revert "Revert "Linux 4.8""
...
Now featuring @aszlig's modinst_arg_list_too_long patch.
This reverts commit 43bedb970d
.
Fixes #19213
2016-10-04 10:10:36 -04:00
Shea Levy
43bedb970d
Revert "Linux 4.8"
...
This reverts commit e4958d54b1
.
2016-10-03 22:04:43 -04:00
Vladimír Čunát
1525568c74
util-linux: fixup patch hash from grandparent merge
...
And name the file, too.
2016-10-03 23:06:51 +02:00
Jörg Thalheim
45f64a37c9
Merge pull request #19175 from Mic92/util-linux
...
util-linux: workaround CVE-2016-2779
2016-10-03 22:53:21 +02:00
Jörg Thalheim
888f6a1280
Merge pull request #19199 from wizeman/u/fix-help2man-hash
...
help2man: fix hash
2016-10-03 19:26:44 +02:00
Franz Pletz
beca8946ee
jool: 3.4.5 -> 3.5.0
2016-10-03 18:25:28 +02:00
Shea Levy
e4958d54b1
Linux 4.8
2016-10-03 08:45:45 -04:00
Eric Sagnes
58d44a376e
wireguard: 2016-08-08 -> 2016-10-01
2016-10-03 17:06:11 +09:00
Jörg Thalheim
ba00ba65eb
util-linux: workaround CVE-2016-2779
...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779
2016-10-03 08:49:56 +02:00
Joachim Fasting
9a9237e0aa
grsecurity: revamp nixos kernel config
...
Cleanup:
- Restructure & add some commentary
- Remove redundant option specs given the auto config
constraints (some are left in for documentation purposes)
Changes:
- GRKERNSEC_CONFIG_VIRT_HOST -> GUEST
The former deselects paravirtualization and friends
- PAX_LATENT_ENTROPY n -> y (implied by auto)
- GRKERNSEC_ACL_HIDEKERN y -> n
Possibly useless with redistribution
2016-10-02 19:25:58 +02:00
Joachim Fasting
1bb7b44cd7
grsecurity: make GRKERNSEC y and PAX y implicit
...
These options should always be specified. Note, an implication of this
change is that not specifying any grsec/PaX options results in a build
failure.
2016-10-02 19:25:58 +02:00
Tuomas Tynkkynen
19225bf5cc
Merge remote-tracking branch 'upstream/master' into staging
2016-10-02 10:36:47 +03:00
Tuomas Tynkkynen
f5dd3a703d
treewide: Fix more lib.optional misuses
2016-10-02 00:44:10 +03:00
Aneesh Agrawal
fcee1d0b28
Remove redundant -DCMAKE_BUILD_TYPE=Release flags
...
Since commit 183d05a0
in 2012, this is the default.
fixes #18000
2016-10-01 16:13:41 +02:00
Joachim Fasting
2ec9a1a955
grsecurity: 4.7.5-201609261522 -> 4.7.6-201609301918
2016-10-01 08:47:30 +02:00
Joachim Fasting
22108b7a10
linux_4_7: 4.7.5 -> 4.7.6
2016-10-01 08:46:31 +02:00
Eelco Dolstra
613a12a8bd
linux: 4.4.22 -> 4.4.23
2016-09-30 14:41:19 +02:00
Eelco Dolstra
8b09ba32d3
systemd: Apply various upstream bug fixes
...
This includes the fix for the assertion failure in
https://github.com/systemd/systemd/issues/4234 .
2016-09-30 11:23:51 +02:00
rnhmjoj
7cf7572734
btfs: 2.11 -> 2.12
2016-09-30 01:23:16 +02:00
Eelco Dolstra
fe9e5f9f55
pam_usb: Fix evaluation
2016-09-29 20:35:40 +02:00
Eelco Dolstra
518340624d
Merge remote-tracking branch 'origin/master' into staging
2016-09-29 13:06:14 +02:00