nixpkgs

History

Franz Pletz 4150f5e8ba cc-wrapper: add stackcheck hardening (stack clash) This fixes the Stack Clash issue rediscovered by Qualys. See https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt for more information on the topic, specifically section III. We don't have the kernel mitigation available because it is a Grsecurity feature which we don't support anymore. Other distributions like Gentoo Hardened and Arch already have `-fstack-check` enabled by default. See the Gentoo page on Stack Clash for more information on this solution: https://wiki.gentoo.org/wiki/Hardened/Gentoo_Hardened_and_Stack_Clash This unfortunately doesn't apply to clang because `-fstack-check` is a noop there. Note that the GCC implementation also has problems that could be exploited to circumvent these checks but it is still better than keeping it disabled.		2017-06-22 00:41:53 +02:00
..
agda
build-dotnet-package	buildDotnetPackage: don't depend on invalid quoting in makeWrapper	2017-03-27 18:24:08 +03:00
build-fhs-userenv	buildFHSEnv: add ACLOCAL_PATH	2017-04-12 14:43:08 +03:00
buildenv	buildEnv: use buildPackages.perl so crossDrv works	2017-04-14 02:00:08 -07:00
cc-wrapper	cc-wrapper: add stackcheck hardening (stack clash)	2017-06-22 00:41:53 +02:00
docker	docker tools: fix pull image function	2017-05-26 18:48:16 +02:00
dotnetbuildhelpers
dotnetenv
emacs	emacsWithPackages: support installing larger packages	2017-05-29 12:56:09 +01:00
fetchadc
fetchbower
fetchbzr
fetchcvs
fetchdarcs	fetchdarcs: Use NIX_SSL_CERT_FILE	2017-06-03 20:35:37 +01:00
fetchegg	fetch-*: remove md5 support	2017-03-20 22:23:41 +01:00
fetchfossil
fetchgit	fetchgit: add postFetch argument	2017-06-03 20:51:01 +02:00
fetchgitlocal
fetchgitrevision
fetchgx	ipfs: 0.4.6 -> 0.4.9	2017-05-24 16:31:17 +02:00
fetchhg	fetch-*: remove md5 support	2017-03-20 22:23:41 +01:00
fetchmavenartifact
fetchmtn
fetchnuget	fetch-*: remove md5 support	2017-03-20 22:23:41 +01:00
fetchpatch
fetchrepoproject	fetchRepoProject: typo	2017-03-27 15:04:02 +10:00
fetchs3	fetchs3: init simple S3 downloader	2017-04-25 22:01:32 -04:00
fetchsvn	fetchsvn: set LC_ALL in builder to allow svn to handle unicode filenames	2017-06-04 13:41:28 +01:00
fetchsvnrevision
fetchsvnssh	fetch-*: remove md5 support	2017-03-20 22:23:41 +01:00
fetchurl	fetchurl: add some https ImageMagick mirrors	2017-06-07 15:27:03 +02:00
fetchzip	nix-prefetch-zip: Remove	2017-02-16 11:28:23 +01:00
gcc-cross-wrapper
gcc-wrapper-old
icon-conv-tools
kernel
libredirect	libredirect: allow null paths	2017-05-24 11:29:06 -03:00
make-desktopitem
make-startupitem
make-symlinks
mono-dll-fixer
nuke-references
ocaml
release	/bin/sh -> ${stdenv.shell}	2017-04-30 17:01:07 +02:00
remove-references-to	Add removeReferencesTo for removing specific refs	2017-03-09 12:01:55 +00:00
rust	rust: fix fetch-cargo-deps for git dependencies	2017-05-23 10:01:33 +02:00
setup-hooks	Add a setup hook for detecting $TMPDIR references in RPATHs and wrapper scripts	2017-05-04 20:23:57 +02:00
singularity-tools
src-only
substitute
substitute-files
templaterpm
upstream-updater
vm	NixOS VM tests: Don't create a setgid group in vde_switch	2017-06-07 11:57:36 +02:00
vsenv
build-maven.nix
build-pecl.nix
dhall-to-nix.nix
plugins.nix	Ultrastar (#26524 )	2017-06-14 11:29:31 +02:00
replace-dependency.nix
setup-systemd-units.nix	Add setupSystemdUnits function.	2017-03-24 15:47:51 -04:00
source-from-head-fun.nix
trivial-builders.nix	symlinkJoin: eliminate lndir spam	2017-05-27 16:19:34 -04:00