diff options
Diffstat (limited to 'pkgs/os-specific')
36 files changed, 257 insertions, 150 deletions
diff --git a/pkgs/os-specific/darwin/apple-sdk/default.nix b/pkgs/os-specific/darwin/apple-sdk/default.nix index c1e09c20111..1148fe5c4a1 100644 --- a/pkgs/os-specific/darwin/apple-sdk/default.nix +++ b/pkgs/os-specific/darwin/apple-sdk/default.nix @@ -31,6 +31,10 @@ let mv System/* . rmdir System + pushd lib + ln -s -L /usr/lib/libcups*.dylib . + popd + cd Library/Frameworks/QuartzCore.framework/Versions/A/Headers for file in CI*.h; do rm $file diff --git a/pkgs/os-specific/darwin/apple-source-releases/CoreOSMakefiles/default.nix b/pkgs/os-specific/darwin/apple-source-releases/CoreOSMakefiles/default.nix deleted file mode 100644 index 203ca010d62..00000000000 --- a/pkgs/os-specific/darwin/apple-source-releases/CoreOSMakefiles/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ stdenv, appleDerivation, unifdef }: - -appleDerivation { - buildInputs = [ unifdef ]; - - phases = [ "unpackPhase" "installPhase" ]; - - preInstall = '' - substituteInPlace Makefile \ - --replace "rsync -a --exclude=.svn --exclude=.git" "cp -r" - - substituteInPlace Standard/Commands.in \ - --replace "/bin/sh" "bash" \ - --replace "/usr/bin/compress" "compress" \ - --replace "/usr/bin/gzip" "gzip" \ - --replace "/bin/pax" "pax" \ - --replace "/usr/bin/tar" "tar" \ - --replace "xcrun -find" "echo" \ - --replace '$(Install_Program_Group) -s' '$(Install_Program_Group)' \ - --replace '$(Install_Program_Mode) -s' '$(Install_Program_Mode)' - - substituteInPlace ReleaseControl/Common.make \ - --replace "/tmp" "$TMPDIR" - - substituteInPlace ReleaseControl/BSDCommon.make \ - --replace '$(shell xcrun -find -sdk $(SDKROOT) cc)' "cc" - - export DSTROOT=$out - ''; -} diff --git a/pkgs/os-specific/darwin/apple-source-releases/default.nix b/pkgs/os-specific/darwin/apple-source-releases/default.nix index 69dc2283645..4108bc60c27 100644 --- a/pkgs/os-specific/darwin/apple-source-releases/default.nix +++ b/pkgs/os-specific/darwin/apple-source-releases/default.nix @@ -40,6 +40,7 @@ let basic_cmds = "55"; adv_cmds = "163"; file_cmds = "264.1.1"; + shell_cmds = "187"; }; "osx-10.11.5" = { Libc = "1082.50.1"; # 10.11.6 still unreleased :/ @@ -115,9 +116,6 @@ let "osx-10.5.8" = { adv_cmds = "119"; }; - "osx-10.5" = { - CoreOSMakeFiles = "40"; - }; "dev-tools-7.0" = { bootstrap_cmds = "93"; }; @@ -195,7 +193,6 @@ let CommonCrypto = applePackage "CommonCrypto" "osx-10.11.6" "0vllfpb8f4f97wj2vpdd7w5k9ibnsbr6ff1zslpp6q323h01n25y" {}; configd = applePackage "configd" "osx-10.8.5" "1gxakahk8gallf16xmhxhprdxkh3prrmzxnmxfvj0slr0939mmr2" {}; copyfile = applePackage "copyfile" "osx-10.11.6" "1rkf3iaxmjz5ycgrmf0g971kh90jb2z1zqxg5vlqz001s4y457gs" {}; - CoreOSMakefiles = applePackage "CoreOSMakefiles" "osx-10.5" "0kxp53spbn7109l7cvhi88pmfsi81lwmbws819b6wr3hm16v84f4" {}; Csu = applePackage "Csu" "osx-10.11.6" "0yh5mslyx28xzpv8qww14infkylvc1ssi57imhi471fs91sisagj" {}; dtrace = applePackage "dtrace" "osx-10.11.6" "0pp5x8dgvzmg9vvg32hpy2brm17dpmbwrcr4prsmdmfvd4767wc0" {}; dyld = applePackage "dyld" "osx-10.11.6" "0qkjmjazm2zpgvwqizhandybr9cm3gz9pckx8rmf0py03faafc08" {}; @@ -220,7 +217,7 @@ let libresolv = applePackage "libresolv" "osx-10.11.6" "09flfdi3dlzq0yap32sxidacpc4nn4va7z12a6viip21ix2xb2gf" {}; Libsystem = applePackage "Libsystem" "osx-10.11.6" "1nfkmbqml587v2s1d1y2s2v8nmr577jvk51y6vqrfvsrhdhc2w94" {}; libutil = applePackage "libutil" "osx-10.11.6" "1gmgmcyqdyc684ih7dimdmxdljnq7mzjy5iqbf589wc0pa8h5abm" {}; - libunwind = applePackage "libunwind" "osx-10.11.6" "16nhx2pahh9d62mvszc88q226q5lwjankij276fxwrm8wb50zzlx" {}; + libunwind = applePackage "libunwind" "osx-10.11.6" "0miffaa41cv0lzf8az5k1j1ng8jvqvxcr4qrlkf3xyj479arbk1b" {}; mDNSResponder = applePackage "mDNSResponder" "osx-10.11.6" "069incq28a78yh1bnr17h9cd5if5mwqpq8ahnkyxxx25fkaxgzcf" {}; objc4 = applePackage "objc4" "osx-10.11.6" "00b7vbgxni8frrqyi69b4njjihlwydzjd9zj9x4z5dbx8jabkvrj" {}; ppp = applePackage "ppp" "osx-10.11.6" "1dql6r1v0vbcs04958nn2i6p31yfsxyy51jca63bm5mf0gxalk3f" {}; @@ -233,6 +230,7 @@ let developer_cmds = applePackage "developer_cmds" "osx-10.11.6" "1r9c2b6dcl22diqf90x58psvz797d3lxh4r2wppr7lldgbgn24di" {}; network_cmds = applePackage "network_cmds" "osx-10.11.6" "0lhi9wz84qr1r2ab3fb4nvmdg9gxn817n5ldg7zw9gnf3wwn42kw" {}; file_cmds = applePackage "file_cmds" "osx-10.11.6" "1zfxbmasps529pnfdjvc13p7ws2cfx8pidkplypkswyff0nff4wp" {}; + shell_cmds = applePackage "shell_cmds" "osx-10.11.6" "0084k271v66h4jqp7q7rmjvv7w4mvhx3aq860qs8jbd30canm86n" {}; libsecurity_apple_csp = libsecPackage "libsecurity_apple_csp" "osx-10.7.5" "1ngyn1ik27n4x981px3kfd1z1n8zx7r5w812b6qfjpy5nw4h746w" {}; libsecurity_apple_cspdl = libsecPackage "libsecurity_apple_cspdl" "osx-10.7.5" "1svqa5fhw7p7njzf8bzg7zgc5776aqjhdbnlhpwmr5hmz5i0x8r7" {}; diff --git a/pkgs/os-specific/darwin/apple-source-releases/libunwind/default.nix b/pkgs/os-specific/darwin/apple-source-releases/libunwind/default.nix index 81a45d99a86..b4b2b685895 100644 --- a/pkgs/os-specific/darwin/apple-source-releases/libunwind/default.nix +++ b/pkgs/os-specific/darwin/apple-source-releases/libunwind/default.nix @@ -1,15 +1,16 @@ { stdenv, appleDerivation, dyld, osx_private_sdk }: appleDerivation { - phases = [ "unpackPhase" "installPhase" ]; + buildPhase = ":"; + # install headers only installPhase = '' mkdir -p $out/lib cp -R include $out/include ''; meta = with stdenv.lib; { - maintainers = with maintainers; [ copumpkin ]; + maintainers = with maintainers; [ copumpkin lnl7 ]; platforms = platforms.darwin; license = licenses.apsl20; }; diff --git a/pkgs/os-specific/darwin/apple-source-releases/shell_cmds/default.nix b/pkgs/os-specific/darwin/apple-source-releases/shell_cmds/default.nix new file mode 100644 index 00000000000..f434e15794e --- /dev/null +++ b/pkgs/os-specific/darwin/apple-source-releases/shell_cmds/default.nix @@ -0,0 +1,45 @@ +{ stdenv, appleDerivation, xcbuild }: + +appleDerivation rec { + buildInputs = [ xcbuild ]; + + patchPhase = '' + # NOTE: these hashes must be recalculated for each version change + + # disables: + # - su ('security/pam_appl.h' file not found) + # - find (Undefined symbol '_get_date') + # - w (Undefined symbol '_res_9_init') + substituteInPlace shell_cmds.xcodeproj/project.pbxproj \ + --replace "FCBA168714A146D000AA698B /* PBXTargetDependency */," "" \ + --replace "FCBA165914A146D000AA698B /* PBXTargetDependency */," "" \ + --replace "FCBA169514A146D000AA698B /* PBXTargetDependency */," "" + + # disable w, test install + # get rid of permission stuff + substituteInPlace xcodescripts/install-files.sh \ + --replace 'ln -f "$BINDIR/w" "$BINDIR/uptime"' "" \ + --replace 'ln -f "$DSTROOT/bin/test" "$DSTROOT/bin/["' "" \ + --replace "-o root -g wheel -m 0755" "" \ + --replace "-o root -g wheel -m 0644" "" + ''; + + # temporary install phase until xcodebuild has "install" support + installPhase = '' + mkdir -p $out/usr/bin + install shell_cmds-*/Build/Products/Release/* $out/usr/bin + + export DSTROOT=$out + export SRCROOT=$PWD + . xcodescripts/install-files.sh + + mv $out/usr/* $out + mv $out/private/etc $out + rmdir $out/usr $out/private + ''; + + meta = { + platforms = stdenv.lib.platforms.darwin; + maintainers = with stdenv.lib.maintainers; [ matthewbauer ]; + }; +} diff --git a/pkgs/os-specific/linux/alsa-lib/default.nix b/pkgs/os-specific/linux/alsa-lib/default.nix index b525cbfc261..3205275ff93 100644 --- a/pkgs/os-specific/linux/alsa-lib/default.nix +++ b/pkgs/os-specific/linux/alsa-lib/default.nix @@ -27,12 +27,6 @@ stdenv.mkDerivation rec { outputs = [ "out" "dev" ]; - crossAttrs = { - patchPhase = '' - sed -i s/extern/static/g include/iatomic.h - ''; - }; - meta = with stdenv.lib; { homepage = http://www.alsa-project.org/; description = "ALSA, the Advanced Linux Sound Architecture libraries"; diff --git a/pkgs/os-specific/linux/batman-adv/alfred.nix b/pkgs/os-specific/linux/batman-adv/alfred.nix index 6a5dced454c..0ee928754db 100644 --- a/pkgs/os-specific/linux/batman-adv/alfred.nix +++ b/pkgs/os-specific/linux/batman-adv/alfred.nix @@ -1,14 +1,14 @@ { stdenv, fetchurl, pkgconfig, gpsd, libcap, libnl }: let - ver = "2016.4"; + ver = "2016.5"; in stdenv.mkDerivation rec { name = "alfred-${ver}"; src = fetchurl { url = "http://downloads.open-mesh.org/batman/releases/batman-adv-${ver}/${name}.tar.gz"; - sha256 = "0p8x8m1bdk560d64v010ck7dgm301cy7panxijczcf4p74clh835"; + sha256 = "1ln997qyknkfm7xp4vx5lm0z833ksn1gn4dyjvr3qr1pgyzvmcrp"; }; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/os-specific/linux/batman-adv/batctl.nix b/pkgs/os-specific/linux/batman-adv/batctl.nix index 4fd022a418b..c8cab86413f 100644 --- a/pkgs/os-specific/linux/batman-adv/batctl.nix +++ b/pkgs/os-specific/linux/batman-adv/batctl.nix @@ -1,14 +1,14 @@ { stdenv, fetchurl, pkgconfig, libnl }: let - ver = "2016.4"; + ver = "2016.5"; in stdenv.mkDerivation rec { name = "batctl-${ver}"; src = fetchurl { url = "http://downloads.open-mesh.org/batman/releases/batman-adv-${ver}/${name}.tar.gz"; - sha256 = "1ybn2akwj29hsjps6qgvg1ncf238002d3r7fik627ig8cgmx0wi4"; + sha256 = "1saa088ggsr7bwlvnzpgjj6zqn51j0km96f4x1djhj55hwfypv87"; }; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/os-specific/linux/batman-adv/default.nix b/pkgs/os-specific/linux/batman-adv/default.nix index ce0ef1ad105..04446998624 100644 --- a/pkgs/os-specific/linux/batman-adv/default.nix +++ b/pkgs/os-specific/linux/batman-adv/default.nix @@ -2,14 +2,14 @@ #assert stdenv.lib.versionOlder kernel.version "3.17"; -let base = "batman-adv-2016.4"; in +let base = "batman-adv-2016.5"; in stdenv.mkDerivation rec { name = "${base}-${kernel.version}"; src = fetchurl { url = "http://downloads.open-mesh.org/batman/releases/${base}/${base}.tar.gz"; - sha256 = "1sshl700gwfnqih95q1kp7sya71svp8px2rn14dbb790hgfkc4mw"; + sha256 = "1dqdzpxdrgqpgkc6bqfvbvx5x18bpd9y459j0iyva47lqj8gr86h"; }; hardeningDisable = [ "pic" ]; diff --git a/pkgs/os-specific/linux/broadcom-sta/default.nix b/pkgs/os-specific/linux/broadcom-sta/default.nix index 5814c184e66..c548b55105d 100644 --- a/pkgs/os-specific/linux/broadcom-sta/default.nix +++ b/pkgs/os-specific/linux/broadcom-sta/default.nix @@ -15,7 +15,7 @@ stdenv.mkDerivation { name = "broadcom-sta-${version}-${kernel.version}"; src = fetchurl { - url = "http://www.broadcom.com/docs/linux_sta/${tarball}"; + url = "https://docs.broadcom.com/docs-and-downloads/docs/linux_sta/${tarball}"; sha256 = hashes."${stdenv.system}"; }; diff --git a/pkgs/os-specific/linux/cifs-utils/default.nix b/pkgs/os-specific/linux/cifs-utils/default.nix index 6dcf8e11a3e..f69319b5256 100644 --- a/pkgs/os-specific/linux/cifs-utils/default.nix +++ b/pkgs/os-specific/linux/cifs-utils/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, kerberos, keyutils, pam }: +{ stdenv, fetchurl, kerberos, keyutils, pam, talloc }: stdenv.mkDerivation rec { name = "cifs-utils-${version}"; @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { sha256 = "1xs9rwqfpx8qj5mcmagw6y1hzwc71zhzb5r8hv06sz16p1w6axz2"; }; - buildInputs = [ kerberos keyutils pam ]; + buildInputs = [ kerberos keyutils pam talloc ]; makeFlags = "root_sbindir=$(out)/sbin"; diff --git a/pkgs/os-specific/linux/dstat/default.nix b/pkgs/os-specific/linux/dstat/default.nix index c8e40a4c7ac..ccedc381504 100644 --- a/pkgs/os-specific/linux/dstat/default.nix +++ b/pkgs/os-specific/linux/dstat/default.nix @@ -1,6 +1,6 @@ { stdenv, fetchurl, python2Packages }: -stdenv.mkDerivation rec { +python2Packages.mkPythonDerivation rec { name = "dstat-${version}"; version = "0.7.3"; @@ -9,21 +9,10 @@ stdenv.mkDerivation rec { sha256 = "16286z3y2lc9nsq8njzjkv6k2vyxrj9xiixj1k3gnsbvhlhkirj6"; }; - buildInputs = with python2Packages; [ python-wifi wrapPython ]; - - pythonPath = with python2Packages; [ python-wifi ]; - - patchPhase = '' - sed -i -e 's|/usr/bin/env python|${python2Packages.python.interpreter}|' \ - -e "s|/usr/share/dstat|$out/share/dstat|" dstat - ''; + propagatedBuildInputs = with python2Packages; [ python-wifi ]; makeFlags = [ "prefix=$(out)" ]; - postInstall = '' - wrapPythonProgramsIn $out/bin "$out $pythonPath" - ''; - meta = with stdenv.lib; { homepage = http://dag.wieers.com/home-made/dstat/; description = "Versatile resource statistics tool"; diff --git a/pkgs/os-specific/linux/fuse/default.nix b/pkgs/os-specific/linux/fuse/default.nix index 46f242b2ea0..34b6aa1378c 100644 --- a/pkgs/os-specific/linux/fuse/default.nix +++ b/pkgs/os-specific/linux/fuse/default.nix @@ -1,13 +1,10 @@ { stdenv, fetchFromGitHub, utillinux - ,autoconf, automake, libtool, gettext }: +, autoconf, automake, libtool, gettext }: stdenv.mkDerivation rec { name = "fuse-${version}"; - version = "2.9.7"; - #builder = ./builder.sh; - src = fetchFromGitHub { owner = "libfuse"; repo = "libfuse"; @@ -17,8 +14,6 @@ stdenv.mkDerivation rec { buildInputs = [ utillinux autoconf automake libtool gettext ]; - inherit utillinux; - preConfigure = '' export MOUNT_FUSE_PATH=$out/sbin @@ -32,7 +27,7 @@ stdenv.mkDerivation rec { sed -e 's@/bin/@${utillinux}/bin/@g' -i lib/mount_util.c sed -e 's@CONFIG_RPATH=/usr/share/gettext/config.rpath@CONFIG_RPATH=${gettext}/share/gettext/config.rpath@' -i makeconf.sh - + ./makeconf.sh ''; diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 2ae714ea089..bd99a7979ee 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -31,6 +31,7 @@ with stdenv.lib; # Debugging. DEBUG_KERNEL y + DYNAMIC_DEBUG y TIMER_STATS y BACKTRACE_SELF_TEST n CPU_NOTIFIER_ERROR_INJECT? n @@ -260,6 +261,11 @@ with stdenv.lib; CIFS_XATTR y CIFS_POSIX y CIFS_FSCACHE y + CIFS_STATS y + CIFS_WEAK_PW_HASH y + CIFS_UPCALL y + CIFS_ACL y + CIFS_DFS_UPCALL y CIFS_SMB2 y ${optionalString (versionAtLeast version "3.12") '' CEPH_FSCACHE y diff --git a/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix b/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix index 64722635f41..ed8942b1066 100644 --- a/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix +++ b/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix @@ -22,6 +22,8 @@ PAX_PT_PAX_FLAGS y PAX_XATTR_PAX_FLAGS y PAX_EI_PAX n +PAX_INITIFY y + # The bts instrumentation method is compatible with binary only modules. # # Note: if platform supports SMEP, we could do without this diff --git a/pkgs/os-specific/linux/kernel/linux-3.12.nix b/pkgs/os-specific/linux/kernel/linux-3.12.nix index 72fbe15b02d..95ca51a972e 100644 --- a/pkgs/os-specific/linux/kernel/linux-3.12.nix +++ b/pkgs/os-specific/linux/kernel/linux-3.12.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "3.12.68"; + version = "3.12.69"; extraMeta.branch = "3.12"; src = fetchurl { url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz"; - sha256 = "0k4kwxmm6vj840k4v6iyswsajaxsb5g9vrc7mzr4grflfbjrgh14"; + sha256 = "1pzghmj0j2shms4n3knryigy73qssskd6awbgk6mmyg42wypbcmm"; }; kernelPatches = args.kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/linux-3.18.nix b/pkgs/os-specific/linux/kernel/linux-3.18.nix index 4a18f2e498b..727126de388 100644 --- a/pkgs/os-specific/linux/kernel/linux-3.18.nix +++ b/pkgs/os-specific/linux/kernel/linux-3.18.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "3.18.44"; + version = "3.18.45"; extraMeta.branch = "3.18"; src = fetchurl { url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz"; - sha256 = "1cjdh9w2q164r53k06vv6nhxwjzm69nha5wndp8r1hjywjwcqqan"; + sha256 = "1qwvqrlzpf57zvh57dsdk4c4swgbasf2ab75vcn2py8l7jl6rxf0"; }; kernelPatches = args.kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/linux-4.4.nix b/pkgs/os-specific/linux/kernel/linux-4.4.nix index 6d9fc79cd9f..6eb6e4663e9 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.4.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "4.4.36"; + version = "4.4.39"; extraMeta.branch = "4.4"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1gh3i7ss0wnh3irpff3j079jwyccslbzkw9zxjjp600lcc5hva9h"; + sha256 = "188ij72z05sbzrn438r9awpf2pvpv8p2iykfcxs2kxibn23c2jw6"; }; kernelPatches = args.kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/linux-4.8.nix b/pkgs/os-specific/linux/kernel/linux-4.8.nix index 715af76267c..7a6ce4533e9 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.8.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.8.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "4.8.12"; + version = "4.8.15"; extraMeta.branch = "4.8"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "03i5q36aqlxir3dy213civkaz1lnwzzv6s3vaafgkdj7fzvqcx44"; + sha256 = "1vlgacsdcww333n9vm2pmdfkcpkjhavrh1aalrr7p6vj2c4jc18n"; }; kernelPatches = args.kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/linux-4.9.nix b/pkgs/os-specific/linux/kernel/linux-4.9.nix new file mode 100644 index 00000000000..f154e143e03 --- /dev/null +++ b/pkgs/os-specific/linux/kernel/linux-4.9.nix @@ -0,0 +1,20 @@ +{ stdenv, fetchurl, perl, buildLinux, ... } @ args: + +import ./generic.nix (args // rec { + version = "4.9"; + modDirVersion = "4.9.0"; + extraMeta.branch = "4.9"; + + src = fetchurl { + url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; + sha256 = "029098dcffab74875e086ae970e3828456838da6e0ba22ce3f64ef764f3d7f1a"; + }; + + kernelPatches = args.kernelPatches; + + features.iwlwifi = true; + features.efiBootStub = true; + features.needsCifsUtils = true; + features.canDisableNetfilterConntrackHelpers = true; + features.netfilterRPFilter = true; +} // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-grsecurity.nix b/pkgs/os-specific/linux/kernel/linux-grsecurity.nix index 715af76267c..7a6ce4533e9 100644 --- a/pkgs/os-specific/linux/kernel/linux-grsecurity.nix +++ b/pkgs/os-specific/linux/kernel/linux-grsecurity.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "4.8.12"; + version = "4.8.15"; extraMeta.branch = "4.8"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "03i5q36aqlxir3dy213civkaz1lnwzzv6s3vaafgkdj7fzvqcx44"; + sha256 = "1vlgacsdcww333n9vm2pmdfkcpkjhavrh1aalrr7p6vj2c4jc18n"; }; kernelPatches = args.kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/linux-testing.nix b/pkgs/os-specific/linux/kernel/linux-testing.nix index 394469d06fa..10bea69a3c4 100644 --- a/pkgs/os-specific/linux/kernel/linux-testing.nix +++ b/pkgs/os-specific/linux/kernel/linux-testing.nix @@ -1,13 +1,13 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "4.9-rc8"; - modDirVersion = "4.9.0-rc8"; - extraMeta.branch = "4.9"; + version = "4.10-rc1"; + modDirVersion = "4.10.0-rc1"; + extraMeta.branch = "4.10"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/testing/linux-${version}.tar.xz"; - sha256 = "1xyham8by966mavk5wxy6va5cq2lf2d1jiqps70kcc4064v365r7"; + sha256 = "1s7axcii6jzm77ivmy26llf4z6dprfp3sb1v35fchl9bkzaivaly"; }; features.iwlwifi = true; diff --git a/pkgs/os-specific/linux/kernel/manual-config.nix b/pkgs/os-specific/linux/kernel/manual-config.nix index 4ab688c26af..5f890b9b9fe 100644 --- a/pkgs/os-specific/linux/kernel/manual-config.nix +++ b/pkgs/os-specific/linux/kernel/manual-config.nix @@ -129,9 +129,7 @@ let '' + (optionalString installsFirmware '' mkdir -p $out/lib/firmware '') + (if (platform ? kernelDTB && platform.kernelDTB) then '' - make $makeFlags "''${makeFlagsArray[@]}" dtbs - mkdir -p $out/dtbs - cp $buildRoot/arch/$karch/boot/dts/*.dtb $out/dtbs + make $makeFlags "''${makeFlagsArray[@]}" dtbs dtbs_install INSTALL_DTBS_PATH=$out/dtbs '' else "") + (if isModular then '' if [ -z "$dontStrip" ]; then installFlagsArray+=("INSTALL_MOD_STRIP=1") diff --git a/pkgs/os-specific/linux/kernel/multithreaded-rsapubkey-asn1.patch b/pkgs/os-specific/linux/kernel/multithreaded-rsapubkey-asn1.patch new file mode 100644 index 00000000000..9f5790862b6 --- /dev/null +++ b/pkgs/os-specific/linux/kernel/multithreaded-rsapubkey-asn1.patch @@ -0,0 +1,45 @@ + +From Yang Shi <> +Subject [PATCH] crypto: rsa - fix a potential race condition in build +Date Fri, 2 Dec 2016 15:41:04 -0800 + + +When building kernel with RSA enabled with multithreaded, the below +compile failure might be caught: + +| /buildarea/kernel-source/crypto/rsa_helper.c:18:28: fatal error: rsapubkey-asn1.h: No such file or directory +| #include "rsapubkey-asn1.h" +| ^ +| compilation terminated. +| CC crypto/rsa-pkcs1pad.o +| CC crypto/algboss.o +| CC crypto/testmgr.o +| make[3]: *** [/buildarea/kernel-source/scripts/Makefile.build:289: crypto/rsa_helper.o] Error 1 +| make[3]: *** Waiting for unfinished jobs.... +| make[2]: *** [/buildarea/kernel-source/Makefile:969: crypto] Error 2 +| make[1]: *** [Makefile:150: sub-make] Error 2 +| make: *** [Makefile:24: __sub-make] Error 2 + +The header file is not generated before rsa_helper is compiled, so +adding dependency to avoid such issue. + +Signed-off-by: Yang Shi <yang.shi@windriver.com> + +--- + crypto/Makefile | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/crypto/Makefile b/crypto/Makefile +index 99cc64a..8db39f9 100644 +--- a/crypto/Makefile ++++ b/crypto/Makefile +@@ -40,6 +40,7 @@ obj-$(CONFIG_CRYPTO_ECDH) += ecdh_generic.o + + $(obj)/rsapubkey-asn1.o: $(obj)/rsapubkey-asn1.c $(obj)/rsapubkey-asn1.h + $(obj)/rsaprivkey-asn1.o: $(obj)/rsaprivkey-asn1.c $(obj)/rsaprivkey-asn1.h ++$(obj)/rsa_helper.o: $(obj)/rsa_helper.c $(obj)/rsaprivkey-asn1.h + clean-files += rsapubkey-asn1.c rsapubkey-asn1.h + clean-files += rsaprivkey-asn1.c rsaprivkey-asn1.h + +-- +2.0.2 diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index 124518c36b2..1ad1155f8c3 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -25,10 +25,13 @@ let inherit grver kver grrev; patch = fetchurl { - # When updating versions/hashes, ALWAYS use the official version; we use - # this mirror only because upstream removes sources files immediately upon - # releasing a new version ... - url = "https://raw.githubusercontent.com/slashbeast/grsecurity-scrape/master/${grbranch}/${name}.patch"; + urls = [ + "https://grsecurity.net/${grbranch}/${name}.patch" + # When updating versions/hashes, ALWAYS use the official + # version; we use this mirror only because upstream removes + # source files immediately upon releasing a new version ... + "https://raw.githubusercontent.com/slashbeast/grsecurity-scrape/master/${grbranch}/${name}.patch" + ]; inherit sha256; }; @@ -38,6 +41,12 @@ in rec { + multithreaded_rsapubkey = + { + name = "multithreaded-rsapubkey-asn1.patch"; + patch = ./multithreaded-rsapubkey-asn1.patch; + }; + bridge_stp_helper = { name = "bridge-stp-helper"; patch = ./bridge-stp-helper.patch; @@ -86,9 +95,9 @@ rec { }; grsecurity_testing = grsecPatch - { kver = "4.8.12"; - grrev = "201612031658"; - sha256 = "06n96jk471xp7m8sf504bw9x6mk893jpymglgw037b21cbv88rrp"; + { kver = "4.8.15"; + grrev = "201612151923"; + sha256 = "1di4v0b0sn7ibg9vrn8w7d5vjxd2mdlxdmqsnyd6xyn8g00fra89"; }; # This patch relaxes grsec constraints on the location of usermode helpers, @@ -146,6 +155,24 @@ rec { url = "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git" + "/patch/drivers/lguest/x86/core.c?id=cdd77e87eae52"; sha256 = "04xlx6al10cw039av6jkby7gx64zayj8m1k9iza40sw0fydcfqhc"; + }; }; - }; + + packet_fix_race_condition_CVE_2016_8655 = + { name = "packet_fix_race_condition_CVE_2016_8655.patch"; + patch = fetchpatch { + url = "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=84ac7260236a49c79eede91617700174c2c19b0c"; + sha256 = "19viqjjgq8j8jiz5yhgmzwhqvhwv175q645qdazd1k69d25nv2ki"; + }; + }; + + panic_on_icmp6_frag_CVE_2016_9919 = rec + { name = "panic_on_icmp6_frag_CVE_2016_9919.patch"; + patch = fetchpatch { + inherit name; + url = "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=79dc7e3f1cd323be4c81aa1a94faa1b3ed987fb2"; + sha256 = "0mps33r4mnwiy0bmgrzgqkrk59yya17v6kzpv9024g4xlz61rk8p"; + }; + }; + } diff --git a/pkgs/os-specific/linux/kexectools/default.nix b/pkgs/os-specific/linux/kexectools/default.nix index cb30de44a81..206dc6889e8 100644 --- a/pkgs/os-specific/linux/kexectools/default.nix +++ b/pkgs/os-specific/linux/kexectools/default.nix @@ -2,17 +2,17 @@ stdenv.mkDerivation rec { name = "kexec-tools-${version}"; - version = "2.0.12"; + version = "2.0.14"; src = fetchurl { urls = [ "mirror://kernel/linux/utils/kernel/kexec/${name}.tar.xz" "http://horms.net/projects/kexec/kexec-tools/${name}.tar.xz" ]; - sha256 = "03cj7w2l5fqn72xfhl4q6z0zbziwkp9bfn0gs7gaf9i44jv6gkhl"; + sha256 = "1ihd3kzw8xnc5skq4pb633rr80007knjm4n1dd67a24xkplygcpz"; }; - hardeningDisable = [ "format" ]; + hardeningDisable = [ "format" "pic" "relro" ]; buildInputs = [ zlib ]; diff --git a/pkgs/os-specific/linux/multipath-tools/default.nix b/pkgs/os-specific/linux/multipath-tools/default.nix index f60ece0fcec..0e0178e8845 100644 --- a/pkgs/os-specific/linux/multipath-tools/default.nix +++ b/pkgs/os-specific/linux/multipath-tools/default.nix @@ -15,6 +15,8 @@ stdenv.mkDerivation rec { ' libmultipath/defaults.h sed -i -e 's,\$(DESTDIR)/\(usr/\)\?,$(prefix)/,g' \ kpartx/Makefile libmpathpersist/Makefile + sed -i -e "s,GZIP = .*, GZIP = gzip -9n -c," \ + Makefile.inc ''; nativeBuildInputs = [ gzip ]; diff --git a/pkgs/os-specific/linux/musl/default.nix b/pkgs/os-specific/linux/musl/default.nix index ae0c7703de6..dd12a18dc82 100644 --- a/pkgs/os-specific/linux/musl/default.nix +++ b/pkgs/os-specific/linux/musl/default.nix @@ -1,12 +1,12 @@ -{ stdenv, fetchurl }: +{ stdenv, fetchurl, fetchpatch }: stdenv.mkDerivation rec { name = "musl-${version}"; - version = "1.1.11"; + version = "1.1.15"; src = fetchurl { url = "http://www.musl-libc.org/releases/${name}.tar.gz"; - sha256 = "0grmmah3d9wajii26010plpinv3cbiq3kfqsblgn84kv3fjnv7mv"; + sha256 = "1ymhxkskivzph0q34zadwfglc5gyahqajm7chqqn2zraxv3lgr4p"; }; enableParallelBuilding = true; @@ -22,6 +22,15 @@ stdenv.mkDerivation rec { configureFlags = [ "--enable-shared" "--enable-static" + "--disable-gcc-wrapper" + ]; + + patches = [ + # CVE-2016-8859: http://www.openwall.com/lists/oss-security/2016/10/19/1 + (fetchpatch { + url = "https://git.musl-libc.org/cgit/musl/patch/?id=c3edc06d1e1360f3570db9155d6b318ae0d0f0f7"; + sha256 = "15ih0aj27lz4sgq8r5jndc3qy5gz3ciraavrqpp0vw8h5wjcsb9v"; + }) ]; dontDisableStatic = true; diff --git a/pkgs/os-specific/linux/ndiswrapper/default.nix b/pkgs/os-specific/linux/ndiswrapper/default.nix index eabc2840881..c22ffb60df8 100644 --- a/pkgs/os-specific/linux/ndiswrapper/default.nix +++ b/pkgs/os-specific/linux/ndiswrapper/default.nix @@ -38,5 +38,6 @@ stdenv.mkDerivation { description = "Ndis driver wrapper for the Linux kernel"; homepage = http://sourceforge.net/projects/ndiswrapper; license = "GPL"; + broken = true; }; } diff --git a/pkgs/os-specific/linux/nvidia-x11/default.nix b/pkgs/os-specific/linux/nvidia-x11/default.nix index 69e4de69f9c..967a98d9566 100644 --- a/pkgs/os-specific/linux/nvidia-x11/default.nix +++ b/pkgs/os-specific/linux/nvidia-x11/default.nix @@ -12,7 +12,7 @@ assert (!libsOnly) -> kernel != null; let - versionNumber = "375.20"; + versionNumber = "375.26"; # Policy: use the highest stable version as the default (on our master). inherit (stdenv.lib) makeLibraryPath; @@ -30,12 +30,12 @@ stdenv.mkDerivation { if stdenv.system == "i686-linux" then fetchurl { url = "http://download.nvidia.com/XFree86/Linux-x86/${versionNumber}/NVIDIA-Linux-x86-${versionNumber}.run"; - sha256 = "0da3mgfmkhs576wfkdmk8pbmvsksalkwz8a75vnhk0385fnd6yfc"; + sha256 = "0yv19rkz2wzzj0fygfjb1mh21iy769kff3yg2kzk8bsiwnmcyybw"; } else if stdenv.system == "x86_64-linux" then fetchurl { url = "http://download.nvidia.com/XFree86/Linux-x86_64/${versionNumber}/NVIDIA-Linux-x86_64-${versionNumber}.run"; - sha256 = "02v20xns8w4flpllibc684g5yghi5dy28avsarccjyn5knhl03ni"; + sha256 = "1kqy9ayja3g5znj2hzx8pklz8qi0b0l9da7c3ldg3hlxf31v4hjg"; } else throw "nvidia-x11 does not support platform ${stdenv.system}"; diff --git a/pkgs/os-specific/linux/thin-provisioning-tools/default.nix b/pkgs/os-specific/linux/thin-provisioning-tools/default.nix deleted file mode 100644 index c075c3f1667..00000000000 --- a/pkgs/os-specific/linux/thin-provisioning-tools/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ stdenv, fetchFromGitHub, autoconf, pkgconfig, utillinux, coreutils, expat, libaio, boost}: - -let - version = "0.6.1"; -in - -stdenv.mkDerivation { - name = "thin-provisioning-tools-${version}"; - - src = fetchFromGitHub { - owner = "jthornber"; - repo = "thin-provisioning-tools"; - rev = "e46bdfd4cc6cdb13852de8aba4e3019425ab0a89"; - sha256 = "061rw33nw16g71ij05axl713wimawx54h2ggpqxvzy7iyi6lhdcm"; - }; - - nativeBuildInputs = [ autoconf pkgconfig expat libaio boost ]; - - preConfigure = - '' - autoconf - ''; - - meta = { - homepage = https://github.com/jthornber/thin-provisioning-tools; - descriptions = "Tools for manipulating the metadata of the device-mapper targets (dm-thin-pool, dm-cache, dm-era)"; - platforms = stdenv.lib.platforms.linux; - inherit version; - }; -} diff --git a/pkgs/os-specific/linux/tp_smapi/default.nix b/pkgs/os-specific/linux/tp_smapi/default.nix index f0f25f14e49..272b1368dec 100644 --- a/pkgs/os-specific/linux/tp_smapi/default.nix +++ b/pkgs/os-specific/linux/tp_smapi/default.nix @@ -1,13 +1,12 @@ -{stdenv, fetchurl, kernel}: +{ stdenv, fetchurl, kernel, writeScript, coreutils, gnugrep, jq, curl +}: -stdenv.mkDerivation rec { - version = "0.42"; - name = "tp_smapi-${version}-${kernel.version}"; +let + data = stdenv.lib.importJSON ./update.json; +in stdenv.mkDerivation rec { + name = "tp_smapi-${data.version}-${kernel.version}"; - src = fetchurl { - url = "https://github.com/evgeni/tp_smapi/releases/download/tp-smapi%2F0.42/tp_smapi-${version}.tgz"; - sha256 = "09rdg7fm423x6sbbw3lvnvmk4nyc33az8ar93xgq0n9qii49z3bv"; - }; + src = fetchurl { inherit (data) url sha256; }; hardeningDisable = [ "pic" ]; @@ -25,6 +24,10 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; + passthru.updateScript = import ./update.nix { + inherit writeScript coreutils gnugrep jq curl; + }; + meta = { description = "IBM ThinkPad hardware functions driver"; homepage = "https://github.com/evgeni/tp_smapi/tree/tp-smapi/0.41"; diff --git a/pkgs/os-specific/linux/tp_smapi/update.json b/pkgs/os-specific/linux/tp_smapi/update.json new file mode 100644 index 00000000000..15e9801e7f2 --- /dev/null +++ b/pkgs/os-specific/linux/tp_smapi/update.json @@ -0,0 +1,5 @@ +{ + "version": "0.42", + "url": "https://github.com/evgeni/tp_smapi/archive/tp-smapi/0.42.tar.gz", + "sha256": "cd28bf6ee21b2c27b88d947cb0bfcb19648c7daa5d350115403dbcad05849381" +} diff --git a/pkgs/os-specific/linux/tp_smapi/update.nix b/pkgs/os-specific/linux/tp_smapi/update.nix new file mode 100644 index 00000000000..0c97d18472c --- /dev/null +++ b/pkgs/os-specific/linux/tp_smapi/update.nix @@ -0,0 +1,23 @@ +{ writeScript, coreutils, gnugrep, jq, curl +}: + +writeScript "update-tp_smapi" '' +PATH=${coreutils}/bin:${gnugrep}/bin:${jq}/bin:${curl}/bin + +pushd pkgs/os-specific/linux/tp_smapi + +tmpfile=`mktemp` +tags=`curl -s https://api.github.com/repos/evgeni/tp_smapi/tags` +latest_tag=`echo $tags | jq -r '.[] | .name' | grep -oP "^tp-smapi/\K.*" | sort --version-sort | tail -1` +sha256=`curl -sL "https://github.com/evgeni/tp_smapi/archive/tp-smapi/$latest_tag.tar.gz" | sha256sum | cut -d" " -f1` + +cat > update.json <<EOF +{ + "version": "$latest_tag", + "url": "https://github.com/evgeni/tp_smapi/archive/tp-smapi/$latest_tag.tar.gz", + "sha256": "$sha256" +} +EOF + +popd +'' diff --git a/pkgs/os-specific/linux/wireguard/default.nix b/pkgs/os-specific/linux/wireguard/default.nix index 9a378988608..06b012fa434 100644 --- a/pkgs/os-specific/linux/wireguard/default.nix +++ b/pkgs/os-specific/linux/wireguard/default.nix @@ -4,13 +4,13 @@ assert kernel != null -> stdenv.lib.versionAtLeast kernel.version "4.1"; let - name = "wireguard-experimental-${version}"; + name = "wireguard-${version}"; - version = "0.0.20161116.1"; + version = "0.0.20161223"; src = fetchurl { - url = "https://git.zx2c4.com/WireGuard/snapshot/WireGuard-experimental-${version}.tar.xz"; - sha256 = "1393p1fllxvl4j0c8qz35k39crmcwrp8rjwxwn1wyhhrks8rs3bk"; + url = "https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${version}.tar.xz"; + sha256 = "0wmrsap34nd1x4gvz80isgsjjxbplvkrxnw56qlaqxkycvv8zndv"; }; meta = with stdenv.lib; { diff --git a/pkgs/os-specific/linux/xf86-input-wacom/default.nix b/pkgs/os-specific/linux/xf86-input-wacom/default.nix index 3d3b52acf6f..b308a5ec3c3 100644 --- a/pkgs/os-specific/linux/xf86-input-wacom/default.nix +++ b/pkgs/os-specific/linux/xf86-input-wacom/default.nix @@ -3,11 +3,11 @@ , ncurses, pkgconfig, randrproto, xorgserver, xproto, udev, libXinerama, pixman }: stdenv.mkDerivation rec { - name = "xf86-input-wacom-0.32.0"; + name = "xf86-input-wacom-0.34.0"; src = fetchurl { url = "mirror://sourceforge/linuxwacom/${name}.tar.bz2"; - sha256 = "03c73vi5rrcr92442k82f4kbabp21yqcrqi6ak2afl41zjdar5wc"; + sha256 = "0idhkigl0pnyp08sqm6bqfb4h20v6rjrb71z1gdv59gk7d7qwpgi"; }; buildInputs = [ inputproto libX11 libXext libXi libXrandr libXrender |