After 82b0945ce2
and ec314f61e4,
the hv_fcopy dameon was renamed to hv_uio_fcopy, breaking
hyperv-daemons.
I added a check to change the binary name based on the kernel
version and to only run the service if the FCOPY_UIO path exists.
The path doesn't exist on my machine (not sure why), so I'm not
actually able to test the daemon but I think this is better than
hyperv being broken for now.
Newer versions of the out-of-tree rtw88 driver feature significantly expanded
hardware support, including many hardware previously supported by the rtl8821au
driver.
Upstream Changes:
* Wi-Fi Easy Connect
- add support for DPP release 3
- allow Configurator parameters to be provided during config exchange
* MACsec
- add support for GCM-AES-256 cipher suite
- remove incorrect EAP Session-Id length constraint
- add hardware offload support for additional drivers
* HE/IEEE 802.11ax/Wi-Fi 6
- support BSS color updates
- various fixes
* EHT/IEEE 802.11be/Wi-Fi 7
- add preliminary support
* support OpenSSL 3.0 API changes
* improve EAP-TLS support for TLSv1.3
* EAP-SIM/AKA: support IMSI privacy
* improve mitigation against DoS attacks when PMF is used
* improve 4-way handshake operations
- discard unencrypted EAPOL frames in additional cases
- use Secure=1 in message 2 during PTK rekeying
* OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
to avoid interoperability issues
* support new SAE AKM suites with variable length keys
* support new AKM for 802.1X/EAP with SHA384
* improve cross-AKM roaming with driver-based SME/BSS selection
* PASN
- extend support for secure ranging
- allow PASN implementation to be used with external programs for
Wi-Fi Aware
* FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
- this is based on additional details being added in the IEEE 802.11
standard
- the new implementation is not backwards compatible, but PMKSA
caching with FT-EAP was, and still is, disabled by default
* support a pregenerated MAC (mac_addr=3) as an alternative mechanism
for using per-network random MAC addresses
* EAP-PEAP: require Phase 2 authentication by default (phase2_auth=1)
to improve security for still unfortunately common invalid
configurations that do not set ca_cert
* extend SCS support for QoS Characteristics
* extend MSCS support
* support unsynchronized service discovery (USD)
* add support for explicit SSID protection in 4-way handshake
(a mitigation for CVE-2023-52424; disabled by default for now, can be
enabled with ssid_protection=1)
- in addition, verify SSID after key setup when beacon protection is
used
* fix SAE H2E rejected groups validation to avoid downgrade attacks
* a large number of other fixes, cleanup, and extensions
Changelog:
http://w1.fi/cgit/hostap/tree/wpa_supplicant/ChangeLog?id=d945ddd368085f255e68328f2d3b020ceea359af
Signed-off-by: Markus Theil <theil.markus@gmail.com>
Upstream Changes:
* Wi-Fi Easy Connect
- add support for DPP release 3
- allow Configurator parameters to be provided during config exchange
* HE/IEEE 802.11ax/Wi-Fi 6
- various fixes
* EHT/IEEE 802.11be/Wi-Fi 7
- add preliminary support
* SAE: add support for fetching the password from a RADIUS server
* support OpenSSL 3.0 API changes
* support background radar detection and CAC with some additional
drivers
* support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3)
* EAP-SIM/AKA: support IMSI privacy
* improve 4-way handshake operations
- use Secure=1 in message 3 during PTK rekeying
* OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases
to avoid interoperability issues
* support new SAE AKM suites with variable length keys
* support new AKM for 802.1X/EAP with SHA384
* extend PASN support for secure ranging
* FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP)
- this is based on additional details being added in the IEEE 802.11
standard
- the new implementation is not backwards compatible
* improved ACS to cover additional channel types/bandwidths
* extended Multiple BSSID support
* fix beacon protection with FT protocol (incorrect BIGTK was provided)
* support unsynchronized service discovery (USD)
* add preliminary support for RADIUS/TLS
* add support for explicit SSID protection in 4-way handshake
(a mitigation for CVE-2023-52424; disabled by default for now, can be
enabled with ssid_protection=1)
* fix SAE H2E rejected groups validation to avoid downgrade attacks
* use stricter validation for some RADIUS messages
* a large number of other fixes, cleanup, and extensions
Changelog:
http://w1.fi/cgit/hostap/tree/hostapd/ChangeLog?id=d945ddd368085f255e68328f2d3b020ceea359af
Signed-off-by: Markus Theil <theil.markus@gmail.com>
Since theey is not active from at least six years.
All the packages on this commit became orphans.
---------------------------------------------------------------------------
There are files not covered by this commit, because they will be adopted
soon. Namely:
- pkgs/by-name/zs/zsync/package.nix
- pkgs/games/bsdgames/default.nix
- pkgs/misc/ghostscript/default.nix
- pkgs/os-specific/linux/kernel/perf/default.nix
- pkgs/tools/system/logrotate/default.nix
Changes:
- fix: properly use the mutex absolute time argument,
timedlock handling and mutex destruction in the ESDM RPC client lib
- fix: race condition in worker thread execution
Changelog:
63ff656a76/CHANGES.md
Signed-off-by: Markus Theil <theil.markus@gmail.com>
Done using `grep -rP 'description\s+=\s+"[^"]+[ ]";' | cut -d ':' -f 1 |
xargs -i nvim {}` and sorting the opened files by hand, avoiding
generated packages list
`SECURITY_DMESG_RESTRICT` is enabled by default by a lot of
other distributions for a quite a while now, NixOS is a bit of an outlier.
The main justification to enable it is that kernel log might leak kernel
pointers which can then be used by exploits to defeat KASLR (NixOS also
enables `kernel.kptr_restrict` by default since 2013).
