diff options
author | Robin Gloster <mail@glob.in> | 2016-08-12 09:46:53 +0000 |
---|---|---|
committer | Robin Gloster <mail@glob.in> | 2016-08-12 09:46:53 +0000 |
commit | b7787d932ec9cbd82ea6bc7c69d8df159b606fdc (patch) | |
tree | c4b6af2e6b49732ce5c6982cb8512ce9b7f1f34d /pkgs/os-specific/linux | |
parent | bc025e83bd6c44df38851ef23da53359a0e62841 (diff) | |
parent | 532b2222965377e77ed884c463ee2751fb51dba3 (diff) | |
download | nixpkgs-b7787d932ec9cbd82ea6bc7c69d8df159b606fdc.tar nixpkgs-b7787d932ec9cbd82ea6bc7c69d8df159b606fdc.tar.gz nixpkgs-b7787d932ec9cbd82ea6bc7c69d8df159b606fdc.tar.bz2 nixpkgs-b7787d932ec9cbd82ea6bc7c69d8df159b606fdc.tar.lz nixpkgs-b7787d932ec9cbd82ea6bc7c69d8df159b606fdc.tar.xz nixpkgs-b7787d932ec9cbd82ea6bc7c69d8df159b606fdc.tar.zst nixpkgs-b7787d932ec9cbd82ea6bc7c69d8df159b606fdc.zip |
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
Diffstat (limited to 'pkgs/os-specific/linux')
-rw-r--r-- | pkgs/os-specific/linux/eudev/default.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/firejail/default.nix | 8 | ||||
-rw-r--r-- | pkgs/os-specific/linux/iputils/default.nix | 10 | ||||
-rw-r--r-- | pkgs/os-specific/linux/jool/source.nix | 6 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/common-config.nix | 20 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/ecryptfs-fix-mmap-bug.patch | 20 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/generate-config.pl | 2 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-4.4.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/patches.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/klibc/default.nix | 2 | ||||
-rw-r--r-- | pkgs/os-specific/linux/systemd/cryptsetup-generator.nix | 7 | ||||
-rw-r--r-- | pkgs/os-specific/linux/uclibc/default.nix | 1 | ||||
-rw-r--r-- | pkgs/os-specific/linux/uksmtools/default.nix | 27 | ||||
-rw-r--r-- | pkgs/os-specific/linux/wireguard/default.nix | 3 |
14 files changed, 47 insertions, 71 deletions
diff --git a/pkgs/os-specific/linux/eudev/default.nix b/pkgs/os-specific/linux/eudev/default.nix index e9fcf5d8c4d..8ab4da2da8c 100644 --- a/pkgs/os-specific/linux/eudev/default.nix +++ b/pkgs/os-specific/linux/eudev/default.nix @@ -3,10 +3,10 @@ let s = # Generated upstream information rec { baseName="eudev"; - version = "3.1.5"; + version = "3.2"; name="${baseName}-${version}"; url="http://dev.gentoo.org/~blueness/eudev/eudev-${version}.tar.gz"; - sha256 = "0akg9gcc3c2p56xbhlvbybqavcprly5q0bvk655zwl6d62j8an7p"; + sha256 = "099w62ncq78nxpxizf910mx18hc8x4qvzw3azjd00fir89wmyjnq"; }; buildInputs = [ glib pkgconfig gperf utillinux diff --git a/pkgs/os-specific/linux/firejail/default.nix b/pkgs/os-specific/linux/firejail/default.nix index dac0eb0d0f5..ce2f860efc8 100644 --- a/pkgs/os-specific/linux/firejail/default.nix +++ b/pkgs/os-specific/linux/firejail/default.nix @@ -3,11 +3,10 @@ let s = # Generated upstream information rec { baseName="firejail"; - version="0.9.40"; + version="0.9.42-rc1"; name="${baseName}-${version}"; - hash="1vr0z694wibjkcpmyg7lz68r53z857c8hsb02cqxi4lfkkcmzgh2"; - url="mirror://sourceforge/project/firejail/firejail/firejail-0.9.40-rc1.tar.bz2"; - sha256="1vr0z694wibjkcpmyg7lz68r53z857c8hsb02cqxi4lfkkcmzgh2"; + url="mirror://sourceforge/project/firejail/firejail/firejail-0.9.42~rc1.tar.bz2"; + sha256="11br6xp86bxs1ic2x683hbvg1hk8v2wp8cw6blj0zz3cdl0pcjqf"; }; buildInputs = [ which @@ -18,6 +17,7 @@ stdenv.mkDerivation { inherit buildInputs; src = fetchurl { inherit (s) url sha256; + name = "${s.name}.tar.bz2"; }; preConfigure = '' diff --git a/pkgs/os-specific/linux/iputils/default.nix b/pkgs/os-specific/linux/iputils/default.nix index 9bce875570e..f6fcef11eb0 100644 --- a/pkgs/os-specific/linux/iputils/default.nix +++ b/pkgs/os-specific/linux/iputils/default.nix @@ -1,17 +1,17 @@ { stdenv, fetchurl, libsysfs, gnutls, openssl, libcap, sp, docbook_sgml_dtd_31 -, SGMLSpm }: +, SGMLSpm, libgcrypt }: assert stdenv ? glibc; let - time = "20121221"; + time = "20151218"; in stdenv.mkDerivation rec { name = "iputils-${time}"; src = fetchurl { url = "http://www.skbuff.net/iputils/iputils-s${time}.tar.bz2"; - sha256 = "17riqp8dh8dvx32zv3hyrghpxz6xnxa6vai9b4yc485nqngm83s5"; + sha256 = "189592jlkhxdgy8jc07m4bsl41ik9r6i6aaqb532prai37bmi7sl"; }; prePatch = '' @@ -20,7 +20,9 @@ stdenv.mkDerivation rec { makeFlags = "USE_GNUTLS=no"; - buildInputs = [ libsysfs openssl libcap sp docbook_sgml_dtd_31 SGMLSpm ]; + buildInputs = [ + libsysfs openssl libcap sp docbook_sgml_dtd_31 SGMLSpm libgcrypt + ]; buildFlags = "man all ninfod"; diff --git a/pkgs/os-specific/linux/jool/source.nix b/pkgs/os-specific/linux/jool/source.nix index 7a341b9e82b..60415c0d009 100644 --- a/pkgs/os-specific/linux/jool/source.nix +++ b/pkgs/os-specific/linux/jool/source.nix @@ -1,9 +1,9 @@ { fetchzip }: rec { - version = "3.4.2"; + version = "3.4.4"; src = fetchzip { - url = "https://www.jool.mx/download/Jool-${version}.zip"; - sha256 = "1qv7wwipylb76n8m8vphbf9rgxrryb42dsyw6mm43zjc9knsz7r0"; + url = "https://github.com/NICMx/releases/raw/master/Jool/Jool-${version}.zip"; + sha256 = "1k5iyfzjdzl5q64234r806pf6b3qdflvjpw06pnwl0ycj05p5frr"; }; } diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 37e3859cd05..f591bdf13d6 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -112,11 +112,21 @@ with stdenv.lib; IPV6_PRIVACY y ''} NETFILTER_ADVANCED y + IP_ROUTE_VERBOSE y + IP_MROUTE_MULTIPLE_TABLES y IP_VS_PROTO_TCP y IP_VS_PROTO_UDP y IP_VS_PROTO_ESP y IP_VS_PROTO_AH y IP_DCCP_CCID3 n # experimental + IPV6_ROUTER_PREF y + IPV6_ROUTE_INFO y + IPV6_OPTIMISTIC_DAD y + IPV6_MULTIPLE_TABLES y + IPV6_SUBTREES y + IPV6_MROUTE y + IPV6_MROUTE_MULTIPLE_TABLES y + IPV6_PIMSM_V2 y CLS_U32_PERF y CLS_U32_MARK y ${optionalString (stdenv.system == "x86_64-linux") '' @@ -126,6 +136,10 @@ with stdenv.lib; NET_CLS_BPF m NET_ACT_BPF m ''} + L2TP_V3 y + L2TP_IP m + L2TP_ETH m + BRIDGE_VLAN_FILTERING y # Wireless networking. CFG80211_WEXT? y # Without it, ipw2200 drivers don't build @@ -165,6 +179,8 @@ with stdenv.lib; # Allow specifying custom EDID on the kernel command line DRM_LOAD_EDID_FIRMWARE y VGA_SWITCHEROO y # Hybrid graphics support + DRM_GMA600 y + DRM_GMA3600 y # Sound. SND_DYNAMIC_MINORS y @@ -255,7 +271,7 @@ with stdenv.lib; DEBUG_SET_MODULE_RONX? y # Detect writes to read-only module pages # Security related features. - RANDOMIZE_BASE y + RANDOMIZE_BASE? y STRICT_DEVMEM y # Filter access to /dev/mem SECURITY_SELINUX_BOOTPARAM_VALUE 0 # Disable SELinux by default DEVKMEM n # Disable /dev/kmem @@ -482,7 +498,7 @@ with stdenv.lib; # zram support (e.g for in-memory compressed swap). ZSMALLOC y ZRAM m - ZSWAP y + ZSWAP? y # Enable PCIe and USB for the brcmfmac driver BRCMFMAC_USB? y diff --git a/pkgs/os-specific/linux/kernel/ecryptfs-fix-mmap-bug.patch b/pkgs/os-specific/linux/kernel/ecryptfs-fix-mmap-bug.patch deleted file mode 100644 index 7f94669a9f4..00000000000 --- a/pkgs/os-specific/linux/kernel/ecryptfs-fix-mmap-bug.patch +++ /dev/null @@ -1,20 +0,0 @@ -Signed-off-by: Tyler Hicks <tyhicks@xxxxxxxxxxxxx> -Tested-by: Tyler Hicks <tyhicks@xxxxxxxxxxxxx> # 4.4.y, 3.18.y -Cc: <stable@xxxxxxxxxxxxxxx> # 4.5- ---- - fs/ecryptfs/kthread.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/fs/ecryptfs/kthread.c b/fs/ecryptfs/kthread.c -index e818f5a..b9faeab 100644 ---- a/fs/ecryptfs/kthread.c -+++ b/fs/ecryptfs/kthread.c -@@ -171,7 +171,7 @@ int ecryptfs_privileged_open(struct file **lower_file, - goto out; - } - have_file: -- if ((*lower_file)->f_op->mmap == NULL) { -+ if ((*lower_file)->f_op->mmap == NULL && !d_is_dir(lower_dentry)) { - fput(*lower_file); - *lower_file = NULL; - rc = -EMEDIUMTYPE; diff --git a/pkgs/os-specific/linux/kernel/generate-config.pl b/pkgs/os-specific/linux/kernel/generate-config.pl index 20abe1015c3..e5fa780c6e7 100644 --- a/pkgs/os-specific/linux/kernel/generate-config.pl +++ b/pkgs/os-specific/linux/kernel/generate-config.pl @@ -134,7 +134,7 @@ close CONFIG; foreach my $name (sort (keys %answers)) { my $f = $requiredAnswers{$name} && $ENV{'ignoreConfigErrors'} ne "1" - ? sub { die @_; } : sub { warn @_; }; + ? sub { die "error: " . $_[0]; } : sub { warn "warning: " . $_[0]; }; &$f("unused option: $name\n") unless defined $config{$name}; &$f("option not set correctly: $name\n") if $config{$name} && $config{$name} ne $answers{$name}; diff --git a/pkgs/os-specific/linux/kernel/linux-4.4.nix b/pkgs/os-specific/linux/kernel/linux-4.4.nix index 4dd3444d524..56ab62e95e5 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.4.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "4.4.16"; + version = "4.4.17"; extraMeta.branch = "4.4"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "18v4n7yypl4c8k69zrnf9g09pilh47y0ciy3mwbksz2kmw4yq573"; + sha256 = "10ags1n345irx1bi3fyal326b3m5myndz19v0klbvxhd3i3m350m"; }; kernelPatches = args.kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index 375f0e3b0b4..56963d89efa 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -148,8 +148,4 @@ rec { sha256 = "14rm1qr87p7a5prz8g5fwbpxzdp3ighj095x8rvhm8csm20wspyy"; }; }; - ecryptfs_fix_mmap_bug = - { name = "ecryptfs_fix_mmap_bug"; - patch = ./ecryptfs-fix-mmap-bug.patch; - }; } diff --git a/pkgs/os-specific/linux/klibc/default.nix b/pkgs/os-specific/linux/klibc/default.nix index 122ca9d5522..84b66ac0d9c 100644 --- a/pkgs/os-specific/linux/klibc/default.nix +++ b/pkgs/os-specific/linux/klibc/default.nix @@ -48,6 +48,6 @@ stdenv.mkDerivation rec { ''; meta = { - platforms = stdenv.lib.platforms.linux; + platforms = [ "x86_64-linux" ]; }; } diff --git a/pkgs/os-specific/linux/systemd/cryptsetup-generator.nix b/pkgs/os-specific/linux/systemd/cryptsetup-generator.nix index 2935990755c..3d617ece1c0 100644 --- a/pkgs/os-specific/linux/systemd/cryptsetup-generator.nix +++ b/pkgs/os-specific/linux/systemd/cryptsetup-generator.nix @@ -15,11 +15,16 @@ stdenv.lib.overrideDerivation systemd (p: { make $makeFlags systemd-cryptsetup-generator ''; + # For some reason systemd-cryptsetup-generator is a wrapper-script + # with the current release of systemd. We want the real one. + + # TODO: Revert 3efadce when the wrapper-script is gone installPhase = '' mkdir -p $out/lib/systemd/ cp systemd-cryptsetup $out/lib/systemd/systemd-cryptsetup + cp .libs/*.so $out/lib/ mkdir -p $out/lib/systemd/system-generators/ - cp systemd-cryptsetup-generator $out/lib/systemd/system-generators/systemd-cryptsetup-generator + cp .libs/systemd-cryptsetup-generator $out/lib/systemd/system-generators/systemd-cryptsetup-generator ''; }) diff --git a/pkgs/os-specific/linux/uclibc/default.nix b/pkgs/os-specific/linux/uclibc/default.nix index c64297f0529..81c8b7b4df7 100644 --- a/pkgs/os-specific/linux/uclibc/default.nix +++ b/pkgs/os-specific/linux/uclibc/default.nix @@ -106,6 +106,7 @@ stdenv.mkDerivation { meta = { homepage = http://www.uclibc.org/; description = "A small implementation of the C library"; + maintainers = with stdenv.lib.maintainers; [ rasendubi ]; license = stdenv.lib.licenses.lgpl2; platforms = stdenv.lib.platforms.linux; }; diff --git a/pkgs/os-specific/linux/uksmtools/default.nix b/pkgs/os-specific/linux/uksmtools/default.nix deleted file mode 100644 index 4efc2d42f2b..00000000000 --- a/pkgs/os-specific/linux/uksmtools/default.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ stdenv, fetchgit, cmake }: - -stdenv.mkDerivation rec { - name = "uksmtools-${version}"; - version = "2015-09-25"; - - # This project uses git submodules, which fetchFromGitHub doesn't support: - src = fetchgit { - sha256 = "1nj53f24qjp0d87fzrz0y72rmv6lhxyiaqrsbd9v423h5zpmkrnj"; - rev = "9f59a3a0b494b758aa91d7d8fa04e21b5e6463c0"; - url = "https://github.com/pfactum/uksmtools.git"; - }; - - nativeBuildInputs = [ cmake ]; - - enableParallelBuilding = true; - - doCheck = false; - - meta = with stdenv.lib; { - description = "Tools to control Linux UKSM (Ultra Kernel Same-page Merging)"; - homepage = https://github.com/pfactum/uksmtools/; - license = licenses.gpl3Plus; - platforms = platforms.linux; - maintainers = with maintainers; [ nckx ]; - }; -} diff --git a/pkgs/os-specific/linux/wireguard/default.nix b/pkgs/os-specific/linux/wireguard/default.nix index 4ade0af9815..ab347961375 100644 --- a/pkgs/os-specific/linux/wireguard/default.nix +++ b/pkgs/os-specific/linux/wireguard/default.nix @@ -1,5 +1,8 @@ { stdenv, fetchgit, libmnl, kernel ? null }: +# module requires Linux >= 4.1 https://www.wireguard.io/install/#kernel-requirements +assert kernel != null -> stdenv.lib.versionAtLeast kernel.version "4.1"; + let name = "wireguard-unstable-${version}"; |