Commit Graph

6414 Commits

Author SHA1 Message Date
Tim Steinbach
232f497169
linux: 4.9.38 -> 4.9.39 2017-07-21 07:25:50 -04:00
Tim Steinbach
5181d7568f
linux: 4.4.77 -> 4.4.78 2017-07-21 07:23:12 -04:00
Al Zohali
0b3d29d4ac linux_samus_4_12: init at 4.12.2
Co-authored-by: Nikolay Amiantov <ab@fmap.me>

fixes #26038
2017-07-18 23:31:18 +01:00
aszlig
c71233f12c
broadcom_sta: Add patch for supporting Linux 4.12
The patch is from Arch Linux at:

https://aur.archlinux.org/cgit/aur.git/tree/linux412.patch?h=broadcom-wl

Tested this by building against the following attributes:

  * linuxPackages.broadcom_sta
  * linuxPackages_latest.broadcom_sta
  * pkgsI686Linux.linuxPackages.broadcom_sta
  * pkgsI686Linux.linuxPackages_latest.broadcom_sta

I have not tested whether this works at runtime, because I do not posess
the hardware.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-07-18 21:37:02 +02:00
Tuomas Tynkkynen
638adf2d90 iproute: 4.11.0 -> 4.12.0 2017-07-18 13:41:06 +03:00
Jörg Thalheim
4154279179 zfsUnstable: mark as stable with 4.12 2017-07-18 11:15:37 +01:00
Frederik Rietdijk
3eceecb90d Merge remote-tracking branch 'upstream/master' into HEAD 2017-07-17 13:52:01 +02:00
Franz Pletz
7f0994c33d
zfsUnstable: 0.7.0-rc4 -> 0.7.0-rc5 2017-07-17 02:53:14 +02:00
Franz Pletz
e4eea75fa7
zfs: 0.6.5.10 -> 0.6.5.11 2017-07-17 02:53:14 +02:00
Robin Gloster
ae26f291bc
systemd: 233 -> 234 2017-07-16 17:22:45 +02:00
Tim Steinbach
df929d6216
linux-copperhead: 4.12.1.a -> 4.12.2.a 2017-07-15 19:44:12 -04:00
Tim Steinbach
b103e9317a
linux-testing: 4.12-rc7 -> 4.13-rc1 2017-07-15 19:30:44 -04:00
Tim Steinbach
81b993369c
linux: 4.4.76 -> 4.4.77 2017-07-15 19:25:42 -04:00
Tim Steinbach
b04858db1b
linux: 4.9.37 -> 4.9.38
Remove temporary patches to perf as well
2017-07-15 19:22:07 -04:00
Tim Steinbach
ccec16579d
linux: 4.11.10 -> 4.11.11 2017-07-15 19:17:06 -04:00
Tim Steinbach
c5ef98bb34
linux: 4.12.1 -> 4.12.2 2017-07-15 19:14:44 -04:00
Tim Steinbach
954c66983d
perf: Apply patch for offline kernels
As per https://lkml.org/lkml/2017/7/13/314, perf is broken in 4.9.36 and 4.9.37
Patches in this commit are taken from
https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/commit/?id=39f4f2c018bd831c325e11983f8893caf72fd9eb

This will allow perf to build again and should be included in a future 4.9.x release,
allowing the custom patching to be removed again
2017-07-14 20:07:16 -04:00
Tuomas Tynkkynen
42395a191b kernel-config: Disable Xen on non-x86
There's an upstream build failure on ARM (not directly related to Xen
but rather some other config options it enables). The xen package is
x86_64-only anyways.
2017-07-13 20:12:50 +03:00
Joachim Fasting
f90d7b23a7
alienfx: do not attempt to install suid executables 2017-07-13 18:08:56 +02:00
Tim Steinbach
6fda535869
linux-copperhead: Fix modDirVersion 2017-07-13 09:00:44 -04:00
Tim Steinbach
45a2534459
linux-copperhead: 4.12.e -> 4.12.1.a 2017-07-13 08:40:08 -04:00
Tim Steinbach
6131b4d52d
linux: 4.12 -> 4.12.1 2017-07-13 08:36:50 -04:00
Tim Steinbach
24de0bad42
linux: 4.11.9 -> 4.11.10 2017-07-13 08:34:51 -04:00
Tim Steinbach
6da222918e
linux: 4.9.36 -> 4.9.37 2017-07-13 08:30:47 -04:00
Tim Steinbach
1434128a18
linux-copperhead: 4.12.d -> 4.12.e 2017-07-11 08:22:56 -04:00
Tobias Geerinckx-Rice
46dc5394cd
Update e-mail address for nckx 2017-07-10 20:54:18 +02:00
Franz Pletz
9a219a7ec0
nettools: 1.60_p20120127084908 -> 1.60_p20161110235919
Some tools now need to be explcitely enabled. This version ships the same
executables as the previous one.
2017-07-10 09:36:04 +02:00
Jörg Thalheim
1532d5632f wireguard: 0.0.20170629 -> 0.0.20170706 2017-07-10 07:31:40 +01:00
Tim Steinbach
d38656b3c3
linux-copperhead: 4.12.c -> 4.12.d 2017-07-09 18:20:14 -04:00
Tim Steinbach
fca0b3602d
linux-copperhead: 4.12.b -> 4.12.c 2017-07-09 18:16:58 -04:00
Tim Steinbach
50831d543d
busybox: 1.26.2 -> 1.27.0 2017-07-08 13:41:27 -04:00
Tim Steinbach
da8bd6df67 Merge pull request #27161 from NeQuissimus/kernel_config_cleanup
linux: Clean up kernel config warnings
2017-07-07 09:00:52 -04:00
gnidorah
ff348f4b6d linux: Enable more I/O schedulers 2017-07-07 11:43:48 +03:00
0xABAB
b89a5b2210 nfs-utils: Replace reference to /bin/true 2017-07-06 20:43:22 +02:00
Tim Steinbach
968e0b2baf
linux-copperhead: 4.11.8.a -> 4.12.b 2017-07-06 11:42:27 -04:00
Tim Steinbach
3ec2a2f476
linux: Clean up kernel config warnings 2017-07-05 20:09:14 -04:00
Franz Pletz
e1b29dd6d6
firmwareLinuxNonfree: 2017-04-16 -> 2017-07-05
Fixes #27129.
2017-07-05 19:00:19 +02:00
Tim Steinbach
a04afd1594
linux: 4.4.75 -> 4.4.76 2017-07-05 12:54:56 -04:00
Tim Steinbach
05bd289ff8
linux: 4.9.35 -> 4.9.36 2017-07-05 12:52:05 -04:00
Tim Steinbach
00f0f7e9f6
linux: 4.11.8 -> 4.11.9 2017-07-05 12:49:56 -04:00
Vladimír Čunát
49250054d2
Merge #27153: atop: don't chmod u+s 2017-07-05 17:31:16 +02:00
Vladimír Čunát
5328aac7be
Merge branch 'staging'
Comparison looks OK; I'll try some fixes on master directly.
http://hydra.nixos.org/eval/1372577?compare=1372497
2017-07-05 08:55:26 +02:00
Tim Steinbach
cd1f998289
Revert "linux-copperhead: 4.11.8.a -> 4.12.a"
This reverts commit cb703f1314.
2017-07-04 20:56:02 -04:00
Jörg Thalheim
0518ec00b5 zfs: update kernel versions constraint for linux 4.12 2017-07-04 17:15:48 +01:00
Tuomas Tynkkynen
a4cf83c9b7 psmisc: 23.0 -> 23.1 2017-07-04 17:30:02 +03:00
Tuomas Tynkkynen
06c61f8cc2 iw: 4.3 -> 4.9 2017-07-04 17:30:02 +03:00
Tim Steinbach
cb703f1314
linux-copperhead: 4.11.8.a -> 4.12.a 2017-07-03 21:03:58 -04:00
Ricardo M. Correia
4e025437d7 atop: don't chmod u+s, otherwise Nix build fails 2017-07-03 21:15:36 +02:00
Tim Steinbach
f130e0027e
linux: Add 4.12 2017-07-03 11:57:40 -04:00
Vladimír Čunát
d1a89ae9d7
Merge branch 'master' into staging 2017-07-03 09:48:58 +02:00
es_github
5d989f4d93 kmod-debian-aliases: Fix source tarball URL.
The original URL for this package was pointed at a location that wasn't
longterm-stable, and has by now been removed by Debian.
This commit fixes the URL to point at a debian snapshot entry, which should
stick around for the long run.

Hash is unchanged, so this is safe.
2017-07-03 02:50:24 +01:00
Joachim F
8604630d92 Merge pull request #26939 from dtzWill/fix/perms-fallout-misc-2
Fixup various setuid/setgid permission problems, part 2
2017-06-30 18:30:02 +01:00
Vladimír Čunát
ddf864f8aa
Merge branch 'master' into staging
Mass rebuilds from master (>7k on x86_64-linux).
2017-06-30 18:16:58 +02:00
John Ericson
95c8277701 misc pkgs: Remove unneeded *Platform == *Platform comparisons
PR #26007 used these to avoid causing a mass rebuild. Now that we know
things work, we do that to clean up.
2017-06-30 10:09:31 -04:00
Jörg Thalheim
79ecfb515f Merge pull request #26972 from zx2c4/patch-5
wireguard: 0.0.20170613 -> 0.0.20170629
2017-06-30 08:40:40 +01:00
Tim Steinbach
3130f3ed0a
linux-copperhead: 4.11.7.a -> 4.11.8.a
Fixes #26790 by properly including built modules
2017-06-29 23:16:52 -04:00
Jason A. Donenfeld
9ffccc77d9 wireguard: 0.0.20170613 -> 0.0.20170629
Simple version bump.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-06-29 22:27:52 +02:00
Tim Steinbach
37bc494949
linux: 4.11.7 -> 4.11.8 2017-06-29 08:29:04 -04:00
Tim Steinbach
d1aff8d2e5
linux: 4.9.34 -> 4.9.35
Also, remove XSA-216 patches, the fixes are now integrated upstream
2017-06-29 08:26:25 -04:00
Tim Steinbach
6b35f22e28
linux: 4.4.74 -> 4.4.75 2017-06-29 08:20:06 -04:00
John Ericson
16be434b0b Merge accepted cross compilation PRs into staging 2017-06-28 23:17:21 -04:00
Tim Steinbach
4cc729644e Merge pull request #26867 from michalpalka/xen-security-2017.06-new
xen: patch for XSAs: 216, 217, 218, 219, 220, 221, 222, and 224
2017-06-28 22:43:46 -04:00
John Ericson
e1faeb574a Merge pull request #26884 from obsidiansystems/purge-stdenv-cross
Purge stdenv cross
2017-06-28 21:39:16 -04:00
hsloan
14d3ed8c38 sysvinit: Rely on cc-wrapper to export this env var 2017-06-28 21:29:07 -04:00
hsloan
a291194d2f shadow: Don't use stdenv ? cross 2017-06-28 21:28:34 -04:00
hsloan
b8ed3c65bb propcps: Rely on cc-wrapper to export this env var 2017-06-28 21:24:25 -04:00
hsloan
66e22e1229 mingetty: Rely on cc-wrapper to export this env var 2017-06-28 21:24:24 -04:00
hsloan
5d83d36389 mdadm: Don't use stdenv.cross 2017-06-28 21:24:24 -04:00
hsloan
a210b08d18 klibc: Don't use crossAttrs 2017-06-28 21:24:12 -04:00
hsloan
16781a3892 kernel perf: Don't use stdenv.cross 2017-06-28 20:23:09 -04:00
hsloan
1e3b45cfdb kernel manual-config: Don't use stdenv.cross 2017-06-28 20:23:09 -04:00
hsloan
459d07d41c kernel generic: Don't use stdenv.cross 2017-06-28 20:22:59 -04:00
hsloan
c5b4b6c911 kernel-headers: Don't use stdenv.cross 2017-06-28 19:44:04 -04:00
Will Dietz
707145a955 firejail: don't try to set setuid bit 2017-06-28 14:31:47 -05:00
Will Dietz
09d85c49c4 kbdlight: Fix installation permissions
Looks like NixOS creates a security wrapper for this already, FWIW.
2017-06-28 14:31:45 -05:00
Eelco Dolstra
32e492251b
systemd: Apply fix for CVE-2017-9445 2017-06-28 14:08:05 +02:00
Trevor Joynson
068341b1c7 iptstate: init at 2.2.6 (#26878)
* Add iptstate package

* iptstate: nit pick
2017-06-27 18:27:13 +01:00
Tim Steinbach
d2e199ca3c
linux: 4.4.73 -> 4.4.74 2017-06-27 08:14:47 -04:00
Tim Steinbach
c90a4b8541
linux: 4.12-rc6 -> 4.12-rc7 2017-06-26 09:58:37 -04:00
David McFarland
a08024bcb0 procps-ng: allow cygwin 2017-06-26 09:33:09 -03:00
Franz Pletz
b788956239
libcgroup: do not set suid bit in nix store 2017-06-26 09:13:34 +02:00
Michał Pałka
80e0cda7ff xen: patch for XSAs: 216, 217, 218, 219, 220, 221, 222, and 224
XSA-216 Issue Description:

> The block interface response structure has some discontiguous fields.
> Certain backends populate the structure fields of an otherwise
> uninitialized instance of this structure on their stacks, leaking
> data through the (internal or trailing) padding field.

More: https://xenbits.xen.org/xsa/advisory-216.html

XSA-217 Issue Description:

> Domains controlling other domains are permitted to map pages owned by
> the domain being controlled.  If the controlling domain unmaps such a
> page without flushing the TLB, and if soon after the domain being
> controlled transfers this page to another PV domain (via
> GNTTABOP_transfer or, indirectly, XENMEM_exchange), and that third
> domain uses the page as a page table, the controlling domain will have
> write access to a live page table until the applicable TLB entry is
> flushed or evicted.  Note that the domain being controlled is
> necessarily HVM, while the controlling domain is PV.

More: https://xenbits.xen.org/xsa/advisory-217.html

XSA-218 Issue Description:

> We have discovered two bugs in the code unmapping grant references.
>
> * When a grant had been mapped twice by a backend domain, and then
> unmapped by two concurrent unmap calls, the frontend may be informed
> that the page had no further mappings when the first call completed rather
> than when the second call completed.
>
> * A race triggerable by an unprivileged guest could cause a grant
> maptrack entry for grants to be "freed" twice.  The ultimate effect of
> this would be for maptrack entries for a single domain to be re-used.

More: https://xenbits.xen.org/xsa/advisory-218.html

XSA-219 Issue Description:

> When using shadow paging, writes to guest pagetables must be trapped and
> emulated, so the shadows can be suitably adjusted as well.
>
> When emulating the write, Xen maps the guests pagetable(s) to make the final
> adjustment and leave the guest's view of its state consistent.
>
> However, when mapping the frame, Xen drops the page reference before
> performing the write.  This is a race window where the underlying frame can
> change ownership.
>
> One possible attack scenario is for the frame to change ownership and to be
> inserted into a PV guest's pagetables.  At that point, the emulated write will
> be an unaudited modification to the PV pagetables whose value is under guest
> control.

More: https://xenbits.xen.org/xsa/advisory-219.html

XSA-220 Issue Description:

> Memory Protection Extensions (MPX) and Protection Key (PKU) are features in
> newer processors, whose state is intended to be per-thread and context
> switched along with all other XSAVE state.
>
> Xen's vCPU context switch code would save and restore the state only
> if the guest had set the relevant XSTATE enable bits.  However,
> surprisingly, the use of these features is not dependent (PKU) or may
> not be dependent (MPX) on having the relevant XSTATE bits enabled.
>
> VMs which use MPX or PKU, and context switch the state manually rather
> than via XSAVE, will have the state leak between vCPUs (possibly,
> between vCPUs in different guests).  This in turn corrupts state in
> the destination vCPU, and hence may lead to weakened protections
>
> Experimentally, MPX appears not to make any interaction with BND*
> state if BNDCFGS.EN is set but XCR0.BND{CSR,REGS} are clear.  However,
> the SDM is not clear in this case; therefore MPX is included in this
> advisory as a precaution.

More: https://xenbits.xen.org/xsa/advisory-220.html

XSA-221 Issue Description:

> When polling event channels, in general arbitrary port numbers can be
> specified.  Specifically, there is no requirement that a polled event
> channel ports has ever been created.  When the code was generalised
> from an earlier implementation, introducing some intermediate
> pointers, a check should have been made that these intermediate
> pointers are non-NULL.  However, that check was omitted.

More: https://xenbits.xen.org/xsa/advisory-221.html

XSA-222 Issue Description:

> Certain actions require removing pages from a guest's P2M
> (Physical-to-Machine) mapping.  When large pages are in use to map
> guest pages in the 2nd-stage page tables, such a removal operation may
> incur a memory allocation (to replace a large mapping with individual
> smaller ones).  If this allocation fails, these errors are ignored by
> the callers, which would then continue and (for example) free the
> referenced page for reuse.  This leaves the guest with a mapping to a
> page it shouldn't have access to.
>
> The allocation involved comes from a separate pool of memory created
> when the domain is created; under normal operating conditions it never
> fails, but a malicious guest may be able to engineer situations where
> this pool is exhausted.

More: https://xenbits.xen.org/xsa/advisory-222.html

XSA-224 Issue Description:

> We have discovered a number of bugs in the code mapping and unmapping
> grant references.
>
> * If a grant is mapped with both the GNTMAP_device_map and
> GNTMAP_host_map flags, but unmapped only with host_map, the device_map
> portion remains but the page reference counts are lowered as though it
> had been removed. This bug can be leveraged cause a page's reference
> counts and type counts to fall to zero while retaining writeable
> mappings to the page.
>
> * Under some specific conditions, if a grant is mapped with both the
> GNTMAP_device_map and GNTMAP_host_map flags, the operation may not
> grab sufficient type counts.  When the grant is then unmapped, the
> type count will be erroneously reduced.  This bug can be leveraged
> cause a page's reference counts and type counts to fall to zero while
> retaining writeable mappings to the page.
>
> * When a grant reference is given to an MMIO region (as opposed to a
> normal guest page), if the grant is mapped with only the
> GNTMAP_device_map flag set, a mapping is created at host_addr anyway.
> This does *not* cause reference counts to change, but there will be no
> record of this mapping, so it will not be considered when reporting
> whether the grant is still in use.

More: https://xenbits.xen.org/xsa/advisory-224.html
2017-06-26 07:01:24 +00:00
Franz Pletz
639b74e7be
Revert "linux: patch CVE-2017-1000364 (stack clash)"
This reverts commit aab71b31d5.

This was integrated into the stable 4.9 and 4.11 kernels.
2017-06-26 02:23:59 +02:00
Franz Pletz
40a04291c9
Merge branch 'master' into staging 2017-06-26 02:23:38 +02:00
Gabriel Ebner
252e9ec84a microcodeIntel: 20161104 -> 20170511 2017-06-25 17:41:57 +02:00
Tim Steinbach
03aed4cfcf
linux-copperhead: 4.11.6.d -> 4.11.7.a 2017-06-24 14:50:41 -04:00
Jörg Thalheim
d4f45ae393 Merge pull request #26734 from nh2/statifier-1.7.4
statifier: 1.7.3 -> 1.7.4
2017-06-24 18:16:25 +01:00
Tim Steinbach
b06cb59fc1
linux: 4.9.33 -> 4.9.34 2017-06-24 11:22:56 -04:00
Tim Steinbach
3a68f0bb78
linux: 4.11.6 -> 4.11.7 2017-06-24 11:20:32 -04:00
Jörg Thalheim
5e2de6d846 iwd: 2017-04-21 -> 2017-06-02 2017-06-24 10:29:14 +01:00
Jörg Thalheim
a087e5a53a lttng-modules: 2.9.1 -> 2.9.3 2017-06-24 10:26:19 +01:00
John Ericson
87fab3d6a5 Merge some merged cross-compilation PRs into into staging 2017-06-23 20:24:27 -04:00
John Ericson
afd2bdbad2 Merge pull request #26007 from obsidiansystems/cc-wrapper-prefix
Get rid of gcc-cross-wrapper
2017-06-23 11:22:34 -04:00
Tim Steinbach
4e08459f9b
linux-hardened-copperhead: 4.11.6c -> 4.11.6d 2017-06-22 21:12:20 -04:00
John Ericson
05b3c87d9d busybox: Modernize and fix cross 2017-06-22 17:53:53 -04:00
Franz Pletz
aab71b31d5
linux: patch CVE-2017-1000364 (stack clash) 2017-06-22 00:44:28 +02:00
Franz Pletz
6338c50a84
Merge branch 'master' into staging 2017-06-22 00:41:25 +02:00
Franz Pletz
5389caab83
utillinux: 2.29.2 -> 2.30 2017-06-22 00:38:44 +02:00
Franz Pletz
dd3f2e648a
linux_hardened_copperhead: init at 4.11.6.c 2017-06-21 23:49:00 +02:00
Jörg Thalheim
e89e96a755 linux_4_11: renable CONFIG_UPROBE_EVENTS
CONFIG_UPROBE_EVENT was renamed to CONFIG_UPROBE_EVENTS.
2017-06-21 17:16:46 +01:00