Commit graph

5264 commits

Author SHA1 Message Date
Robin Gloster
9e47acb89d otpw: disable stackprotector hardening 2016-08-24 17:19:43 +00:00
obadz
0e8d2725dc Merge branch 'master' into staging 2016-08-23 18:50:06 +01:00
Joachim Fasting
cf592a8969
grsecurity: 4.7.1-201608161813 -> 4.7.2-201608211829 2016-08-23 01:49:34 +02:00
obadz
24a9183f90 Merge branch 'hardened-stdenv' into staging
Closes #12895

Amazing work by @globin & @fpletz getting hardened compiler flags by
enabled default on the whole package set
2016-08-22 01:19:35 +01:00
obadz
ba50fd7170 Merge branch 'master' into staging 2016-08-22 01:18:11 +01:00
Tim Steinbach
175028582c
linux: 4.7.1 -> 4.7.2 2016-08-21 13:56:45 +00:00
Nikolay Amiantov
2abe917f18 kmod: 22 -> 23, add /lib/modules to module directories 2016-08-19 17:57:08 +03:00
Nikolay Amiantov
ff22705793 treewide: replace several /sbin paths by /bin 2016-08-19 17:56:45 +03:00
Nikolay Amiantov
30c9aa2698 kmod: add patch to allow searching for modules in several directories 2016-08-19 17:56:39 +03:00
obadz
1047ed49d9 Merge branch 'master' into staging
Conflicts: pkgs/os-specific/linux/kmod/default.nix cc @abbradar
2016-08-19 15:28:58 +01:00
Tuomas Tynkkynen
bd68309643 kernel config: Enable SECCOMP
This is used by systemd >= 231 and is not enabled in the ARM
multiplatform defconfig.
2016-08-18 16:33:46 +03:00
Joachim Fasting
66a3f0e988
gradm: 3.1-201607172312 -> 3.1-201608131257 2016-08-17 15:19:33 +02:00
Joachim Fasting
ba20363f11
grsecurity: 4.7-201608151842 -> 4.7.1-201608161813 2016-08-17 15:19:27 +02:00
Franz Pletz
2571438988 linux: 4.7 -> 4.7.1 2016-08-17 05:46:00 +02:00
Franz Pletz
7a4407461b linux: 4.6.6 -> 4.6.7
Fixes CVE-2016-5696.
2016-08-17 05:45:59 +02:00
Franz Pletz
da95fb368c linux: 4.4.17 -> 4.4.18
Fixes CVE-2016-5696.
2016-08-17 05:45:59 +02:00
Franz Pletz
2104d28bcd linux: 4.1.27 -> 4.1.30
Fixes CVE-2016-5696.
2016-08-17 05:45:59 +02:00
Frederik Rietdijk
5a501bd828 Remove top-level dbus_python and pythonDBus.
See #11567.

Furthermore, it renames pythonPackages.dbus to pythonPackages.dbus-
python as that's the name upstream uses.

There is a small rebuild but I couldn't figure out the actual cause.
2016-08-16 22:52:37 +02:00
Domen Kožar
40da4e6ce7 fix eval 2016-08-16 22:30:15 +02:00
Robert Helgesson
f396a0b4d0
hd-idle: init at 1.05 2016-08-16 21:59:14 +02:00
Joachim Fasting
d82ddd6dc0
grsecurity: 4.7-201608131240 -> 4.7-201608151842 2016-08-16 17:50:37 +02:00
Joachim Fasting
b1cceeda84
grsecurity: enable pax size overflow plugin 2016-08-16 17:50:36 +02:00
Joachim Fasting
3fcb9e6f57
grsecurity: support non-enforcing mode
Until we've made sure that most things actually work out of the box, we
need to give people a way of continuing to use the system without
completely disabling grsecurity.

Set sysctl kernel.pax.softmode=1 or boot with pax.softmode=1
2016-08-16 17:50:36 +02:00
Robin Gloster
33e1c78ae3 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-16 07:54:01 +00:00
Nikolay Amiantov
081ac25dc6 kmod: 22 -> 23, add /lib/modules to module directories 2016-08-16 02:42:19 +03:00
Shea Levy
9adad8612b Revert "Merge branch 'modprobe-fix' of git://github.com/abbradar/nixpkgs"
Was meant to go into staging, sorry

This reverts commit 57b2d1e9b0, reversing
changes made to 760b2b9048.
2016-08-15 19:05:52 -04:00
Shea Levy
57b2d1e9b0 Merge branch 'modprobe-fix' of git://github.com/abbradar/nixpkgs 2016-08-15 19:01:44 -04:00
Nikolay Amiantov
1afd250676 treewide: replace several /sbin paths by /bin 2016-08-16 00:19:25 +03:00
Nikolay Amiantov
131fca0a85 kmod: add patch to allow searching for modules in several directories 2016-08-16 00:19:25 +03:00
Joachim Fasting
9062c67914
grsecurity: 4.6.5-201607312210 -> 4.7-201608131240 2016-08-15 20:36:46 +02:00
Moritz Ulrich
21df40f85f systemd-cryptsetup-generator: Fix bug.
The annoying wrapper script also wraps `systemd-cryptsetup`. We need to
copy the original binary to $out too.
2016-08-15 12:42:44 +02:00
Franz Pletz
64c79e8526 linux: 4.6.5 -> 4.6.6 2016-08-15 04:28:08 +02:00
Franz Pletz
2a8718fb0b linux_4_5: remove, not support by upstream anymore 2016-08-15 04:28:02 +02:00
Robin Gloster
a37d695c95 linuxPackages.spl: remove unnecessary substituteInPlace
`substituteInPlace` was operating on a non-existant file.
Updated to use `autoreconfHook`.
2016-08-14 22:55:21 +00:00
Michele Guerini Rocco
7522de2f4b btfs: 2.10 -> 2.11 (#17737)
(cherry picked from commit 340a9571f5)
2016-08-14 21:14:20 +00:00
Robin Gloster
a6c5638565 Revert "btfs: 2.10 -> 2.11 (#17737)"
This reverts commit 340a9571f5.
2016-08-14 21:12:21 +00:00
Michele Guerini Rocco
340a9571f5 btfs: 2.10 -> 2.11 (#17737) 2016-08-14 22:48:56 +02:00
Nikolay Amiantov
3e84cbc4ca autofs5: 5.1.1 -> 5.1.2 2016-08-14 22:39:18 +03:00
Nikolay Amiantov
c60deb0266 quote homepages for better clickability
Done while I was traversing packages which I maintain to save extra clicks on
urxvt (it captures semicolon as a part of URL).
2016-08-14 22:37:10 +03:00
Nikolay Amiantov
b30f4e5e4f android-udev-rules: 2016-04-26 -> 20160805 2016-08-14 22:37:10 +03:00
Eric Sagnes
f0fef4defb wireguard-unstable: 2016-07-22 -> 2016-08-08 (#17727) 2016-08-14 10:47:16 +00:00
Robin Gloster
99cb230b47 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-14 09:09:20 +00:00
Robin Gloster
8071cafe66 linuxPackages.rtl8812au: fix build 2016-08-14 08:59:55 +00:00
Robin Gloster
2676cf9525 linuxPackages.lttng-modules: fix build 2016-08-14 08:59:19 +00:00
Domen Kožar
a7f8787dbd Merge pull request #17705 from womfoo/bump/hwdata-0.291
hwdata: 0.276 -> 0.291
2016-08-13 17:00:08 +02:00
Franz Pletz
bd4490e277 Merge branch 'master' into hardened-stdenv 2016-08-13 16:59:55 +02:00
Franz Pletz
fa3a35b241 linuxPackages.fusionio-vsl: disable pic hardening (still broken) 2016-08-13 16:55:26 +02:00
Franz Pletz
b2c6d28a1d linuxPackages.ndiswrapper: disable pic hardening (still broken) 2016-08-13 16:50:43 +02:00
Franz Pletz
9e7d118ea2 linuxPackages.nvidia-x11: disable pic & format hardening 2016-08-13 16:49:42 +02:00
Franz Pletz
5103e70a37 linuxPackages.nvidiabl: disable pic hardening 2016-08-13 16:44:39 +02:00