diff options
| author | Vladimír Čunát <vcunat@gmail.com> | 2016-12-17 20:29:25 +0100 |
|---|---|---|
| committer | Vladimír Čunát <vcunat@gmail.com> | 2016-12-17 20:29:25 +0100 |
| commit | 86e4c9ed463b0e71e046c902638c0c0ed99e666f (patch) | |
| tree | 973c37b48082a59980d3544eb6e0e0050a7db306 /pkgs/os-specific | |
| parent | d12e540739a773319bbedf7714f3c482dedf39a1 (diff) | |
| parent | ffb90e8c4fc0c8ed2d0fb817e5dafbded1c5a6c8 (diff) | |
| download | nixlib-86e4c9ed463b0e71e046c902638c0c0ed99e666f.tar nixlib-86e4c9ed463b0e71e046c902638c0c0ed99e666f.tar.gz nixlib-86e4c9ed463b0e71e046c902638c0c0ed99e666f.tar.bz2 nixlib-86e4c9ed463b0e71e046c902638c0c0ed99e666f.tar.lz nixlib-86e4c9ed463b0e71e046c902638c0c0ed99e666f.tar.xz nixlib-86e4c9ed463b0e71e046c902638c0c0ed99e666f.tar.zst nixlib-86e4c9ed463b0e71e046c902638c0c0ed99e666f.zip | |
Merge branch 'master' into staging
Diffstat (limited to 'pkgs/os-specific')
15 files changed, 158 insertions, 72 deletions
diff --git a/pkgs/os-specific/darwin/apple-source-releases/CoreOSMakefiles/default.nix b/pkgs/os-specific/darwin/apple-source-releases/CoreOSMakefiles/default.nix deleted file mode 100644 index 203ca010d62a..000000000000 --- a/pkgs/os-specific/darwin/apple-source-releases/CoreOSMakefiles/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ stdenv, appleDerivation, unifdef }: - -appleDerivation { - buildInputs = [ unifdef ]; - - phases = [ "unpackPhase" "installPhase" ]; - - preInstall = '' - substituteInPlace Makefile \ - --replace "rsync -a --exclude=.svn --exclude=.git" "cp -r" - - substituteInPlace Standard/Commands.in \ - --replace "/bin/sh" "bash" \ - --replace "/usr/bin/compress" "compress" \ - --replace "/usr/bin/gzip" "gzip" \ - --replace "/bin/pax" "pax" \ - --replace "/usr/bin/tar" "tar" \ - --replace "xcrun -find" "echo" \ - --replace '$(Install_Program_Group) -s' '$(Install_Program_Group)' \ - --replace '$(Install_Program_Mode) -s' '$(Install_Program_Mode)' - - substituteInPlace ReleaseControl/Common.make \ - --replace "/tmp" "$TMPDIR" - - substituteInPlace ReleaseControl/BSDCommon.make \ - --replace '$(shell xcrun -find -sdk $(SDKROOT) cc)' "cc" - - export DSTROOT=$out - ''; -} diff --git a/pkgs/os-specific/darwin/apple-source-releases/default.nix b/pkgs/os-specific/darwin/apple-source-releases/default.nix index c245a790695c..4108bc60c270 100644 --- a/pkgs/os-specific/darwin/apple-source-releases/default.nix +++ b/pkgs/os-specific/darwin/apple-source-releases/default.nix @@ -40,6 +40,7 @@ let basic_cmds = "55"; adv_cmds = "163"; file_cmds = "264.1.1"; + shell_cmds = "187"; }; "osx-10.11.5" = { Libc = "1082.50.1"; # 10.11.6 still unreleased :/ @@ -115,9 +116,6 @@ let "osx-10.5.8" = { adv_cmds = "119"; }; - "osx-10.5" = { - CoreOSMakeFiles = "40"; - }; "dev-tools-7.0" = { bootstrap_cmds = "93"; }; @@ -195,7 +193,6 @@ let CommonCrypto = applePackage "CommonCrypto" "osx-10.11.6" "0vllfpb8f4f97wj2vpdd7w5k9ibnsbr6ff1zslpp6q323h01n25y" {}; configd = applePackage "configd" "osx-10.8.5" "1gxakahk8gallf16xmhxhprdxkh3prrmzxnmxfvj0slr0939mmr2" {}; copyfile = applePackage "copyfile" "osx-10.11.6" "1rkf3iaxmjz5ycgrmf0g971kh90jb2z1zqxg5vlqz001s4y457gs" {}; - CoreOSMakefiles = applePackage "CoreOSMakefiles" "osx-10.5" "0kxp53spbn7109l7cvhi88pmfsi81lwmbws819b6wr3hm16v84f4" {}; Csu = applePackage "Csu" "osx-10.11.6" "0yh5mslyx28xzpv8qww14infkylvc1ssi57imhi471fs91sisagj" {}; dtrace = applePackage "dtrace" "osx-10.11.6" "0pp5x8dgvzmg9vvg32hpy2brm17dpmbwrcr4prsmdmfvd4767wc0" {}; dyld = applePackage "dyld" "osx-10.11.6" "0qkjmjazm2zpgvwqizhandybr9cm3gz9pckx8rmf0py03faafc08" {}; @@ -233,6 +230,7 @@ let developer_cmds = applePackage "developer_cmds" "osx-10.11.6" "1r9c2b6dcl22diqf90x58psvz797d3lxh4r2wppr7lldgbgn24di" {}; network_cmds = applePackage "network_cmds" "osx-10.11.6" "0lhi9wz84qr1r2ab3fb4nvmdg9gxn817n5ldg7zw9gnf3wwn42kw" {}; file_cmds = applePackage "file_cmds" "osx-10.11.6" "1zfxbmasps529pnfdjvc13p7ws2cfx8pidkplypkswyff0nff4wp" {}; + shell_cmds = applePackage "shell_cmds" "osx-10.11.6" "0084k271v66h4jqp7q7rmjvv7w4mvhx3aq860qs8jbd30canm86n" {}; libsecurity_apple_csp = libsecPackage "libsecurity_apple_csp" "osx-10.7.5" "1ngyn1ik27n4x981px3kfd1z1n8zx7r5w812b6qfjpy5nw4h746w" {}; libsecurity_apple_cspdl = libsecPackage "libsecurity_apple_cspdl" "osx-10.7.5" "1svqa5fhw7p7njzf8bzg7zgc5776aqjhdbnlhpwmr5hmz5i0x8r7" {}; diff --git a/pkgs/os-specific/darwin/apple-source-releases/shell_cmds/default.nix b/pkgs/os-specific/darwin/apple-source-releases/shell_cmds/default.nix new file mode 100644 index 000000000000..f434e15794ea --- /dev/null +++ b/pkgs/os-specific/darwin/apple-source-releases/shell_cmds/default.nix @@ -0,0 +1,45 @@ +{ stdenv, appleDerivation, xcbuild }: + +appleDerivation rec { + buildInputs = [ xcbuild ]; + + patchPhase = '' + # NOTE: these hashes must be recalculated for each version change + + # disables: + # - su ('security/pam_appl.h' file not found) + # - find (Undefined symbol '_get_date') + # - w (Undefined symbol '_res_9_init') + substituteInPlace shell_cmds.xcodeproj/project.pbxproj \ + --replace "FCBA168714A146D000AA698B /* PBXTargetDependency */," "" \ + --replace "FCBA165914A146D000AA698B /* PBXTargetDependency */," "" \ + --replace "FCBA169514A146D000AA698B /* PBXTargetDependency */," "" + + # disable w, test install + # get rid of permission stuff + substituteInPlace xcodescripts/install-files.sh \ + --replace 'ln -f "$BINDIR/w" "$BINDIR/uptime"' "" \ + --replace 'ln -f "$DSTROOT/bin/test" "$DSTROOT/bin/["' "" \ + --replace "-o root -g wheel -m 0755" "" \ + --replace "-o root -g wheel -m 0644" "" + ''; + + # temporary install phase until xcodebuild has "install" support + installPhase = '' + mkdir -p $out/usr/bin + install shell_cmds-*/Build/Products/Release/* $out/usr/bin + + export DSTROOT=$out + export SRCROOT=$PWD + . xcodescripts/install-files.sh + + mv $out/usr/* $out + mv $out/private/etc $out + rmdir $out/usr $out/private + ''; + + meta = { + platforms = stdenv.lib.platforms.darwin; + maintainers = with stdenv.lib.maintainers; [ matthewbauer ]; + }; +} diff --git a/pkgs/os-specific/linux/dstat/default.nix b/pkgs/os-specific/linux/dstat/default.nix index c8e40a4c7ac8..ccedc381504f 100644 --- a/pkgs/os-specific/linux/dstat/default.nix +++ b/pkgs/os-specific/linux/dstat/default.nix @@ -1,6 +1,6 @@ { stdenv, fetchurl, python2Packages }: -stdenv.mkDerivation rec { +python2Packages.mkPythonDerivation rec { name = "dstat-${version}"; version = "0.7.3"; @@ -9,21 +9,10 @@ stdenv.mkDerivation rec { sha256 = "16286z3y2lc9nsq8njzjkv6k2vyxrj9xiixj1k3gnsbvhlhkirj6"; }; - buildInputs = with python2Packages; [ python-wifi wrapPython ]; - - pythonPath = with python2Packages; [ python-wifi ]; - - patchPhase = '' - sed -i -e 's|/usr/bin/env python|${python2Packages.python.interpreter}|' \ - -e "s|/usr/share/dstat|$out/share/dstat|" dstat - ''; + propagatedBuildInputs = with python2Packages; [ python-wifi ]; makeFlags = [ "prefix=$(out)" ]; - postInstall = '' - wrapPythonProgramsIn $out/bin "$out $pythonPath" - ''; - meta = with stdenv.lib; { homepage = http://dag.wieers.com/home-made/dstat/; description = "Versatile resource statistics tool"; diff --git a/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix b/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix index 895c0ec42ef8..ed8942b10669 100644 --- a/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix +++ b/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix @@ -23,8 +23,6 @@ PAX_XATTR_PAX_FLAGS y PAX_EI_PAX n PAX_INITIFY y -# initify is a fairly recent feature, enable verbose mode to aid in debugging -PAX_INITIFY_VERBOSE y # The bts instrumentation method is compatible with binary only modules. # diff --git a/pkgs/os-specific/linux/kernel/linux-4.4.nix b/pkgs/os-specific/linux/kernel/linux-4.4.nix index 184e420373a9..6eb6e4663e97 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.4.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "4.4.37"; + version = "4.4.39"; extraMeta.branch = "4.4"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1pyfva1ld4yfzc0gyz3q4m7j6k88l813akp5hhszfg8m69bzn27d"; + sha256 = "188ij72z05sbzrn438r9awpf2pvpv8p2iykfcxs2kxibn23c2jw6"; }; kernelPatches = args.kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/linux-4.8.nix b/pkgs/os-specific/linux/kernel/linux-4.8.nix index 786589ca534c..7a6ce4533e9e 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.8.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.8.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "4.8.13"; + version = "4.8.15"; extraMeta.branch = "4.8"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "06sp47ivgqfnbjk73hdk70jhjh7xv3xbj1xzarch9sbj9as6cp8d"; + sha256 = "1vlgacsdcww333n9vm2pmdfkcpkjhavrh1aalrr7p6vj2c4jc18n"; }; kernelPatches = args.kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/linux-4.9.nix b/pkgs/os-specific/linux/kernel/linux-4.9.nix new file mode 100644 index 000000000000..f154e143e03a --- /dev/null +++ b/pkgs/os-specific/linux/kernel/linux-4.9.nix @@ -0,0 +1,20 @@ +{ stdenv, fetchurl, perl, buildLinux, ... } @ args: + +import ./generic.nix (args // rec { + version = "4.9"; + modDirVersion = "4.9.0"; + extraMeta.branch = "4.9"; + + src = fetchurl { + url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; + sha256 = "029098dcffab74875e086ae970e3828456838da6e0ba22ce3f64ef764f3d7f1a"; + }; + + kernelPatches = args.kernelPatches; + + features.iwlwifi = true; + features.efiBootStub = true; + features.needsCifsUtils = true; + features.canDisableNetfilterConntrackHelpers = true; + features.netfilterRPFilter = true; +} // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-grsecurity.nix b/pkgs/os-specific/linux/kernel/linux-grsecurity.nix index 786589ca534c..7a6ce4533e9e 100644 --- a/pkgs/os-specific/linux/kernel/linux-grsecurity.nix +++ b/pkgs/os-specific/linux/kernel/linux-grsecurity.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "4.8.13"; + version = "4.8.15"; extraMeta.branch = "4.8"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "06sp47ivgqfnbjk73hdk70jhjh7xv3xbj1xzarch9sbj9as6cp8d"; + sha256 = "1vlgacsdcww333n9vm2pmdfkcpkjhavrh1aalrr7p6vj2c4jc18n"; }; kernelPatches = args.kernelPatches; diff --git a/pkgs/os-specific/linux/kernel/manual-config.nix b/pkgs/os-specific/linux/kernel/manual-config.nix index 4ab688c26af3..5f890b9b9fe6 100644 --- a/pkgs/os-specific/linux/kernel/manual-config.nix +++ b/pkgs/os-specific/linux/kernel/manual-config.nix @@ -129,9 +129,7 @@ let '' + (optionalString installsFirmware '' mkdir -p $out/lib/firmware '') + (if (platform ? kernelDTB && platform.kernelDTB) then '' - make $makeFlags "''${makeFlagsArray[@]}" dtbs - mkdir -p $out/dtbs - cp $buildRoot/arch/$karch/boot/dts/*.dtb $out/dtbs + make $makeFlags "''${makeFlagsArray[@]}" dtbs dtbs_install INSTALL_DTBS_PATH=$out/dtbs '' else "") + (if isModular then '' if [ -z "$dontStrip" ]; then installFlagsArray+=("INSTALL_MOD_STRIP=1") diff --git a/pkgs/os-specific/linux/kernel/multithreaded-rsapubkey-asn1.patch b/pkgs/os-specific/linux/kernel/multithreaded-rsapubkey-asn1.patch new file mode 100644 index 000000000000..9f5790862b65 --- /dev/null +++ b/pkgs/os-specific/linux/kernel/multithreaded-rsapubkey-asn1.patch @@ -0,0 +1,45 @@ + +From Yang Shi <> +Subject [PATCH] crypto: rsa - fix a potential race condition in build +Date Fri, 2 Dec 2016 15:41:04 -0800 + + +When building kernel with RSA enabled with multithreaded, the below +compile failure might be caught: + +| /buildarea/kernel-source/crypto/rsa_helper.c:18:28: fatal error: rsapubkey-asn1.h: No such file or directory +| #include "rsapubkey-asn1.h" +| ^ +| compilation terminated. +| CC crypto/rsa-pkcs1pad.o +| CC crypto/algboss.o +| CC crypto/testmgr.o +| make[3]: *** [/buildarea/kernel-source/scripts/Makefile.build:289: crypto/rsa_helper.o] Error 1 +| make[3]: *** Waiting for unfinished jobs.... +| make[2]: *** [/buildarea/kernel-source/Makefile:969: crypto] Error 2 +| make[1]: *** [Makefile:150: sub-make] Error 2 +| make: *** [Makefile:24: __sub-make] Error 2 + +The header file is not generated before rsa_helper is compiled, so +adding dependency to avoid such issue. + +Signed-off-by: Yang Shi <yang.shi@windriver.com> + +--- + crypto/Makefile | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/crypto/Makefile b/crypto/Makefile +index 99cc64a..8db39f9 100644 +--- a/crypto/Makefile ++++ b/crypto/Makefile +@@ -40,6 +40,7 @@ obj-$(CONFIG_CRYPTO_ECDH) += ecdh_generic.o + + $(obj)/rsapubkey-asn1.o: $(obj)/rsapubkey-asn1.c $(obj)/rsapubkey-asn1.h + $(obj)/rsaprivkey-asn1.o: $(obj)/rsaprivkey-asn1.c $(obj)/rsaprivkey-asn1.h ++$(obj)/rsa_helper.o: $(obj)/rsa_helper.c $(obj)/rsaprivkey-asn1.h + clean-files += rsapubkey-asn1.c rsapubkey-asn1.h + clean-files += rsaprivkey-asn1.c rsaprivkey-asn1.h + +-- +2.0.2 diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index 3fab12b64a6e..74cf8d156afd 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -41,6 +41,12 @@ in rec { + multithreaded_rsapubkey = + { + name = "multithreaded-rsapubkey-asn1.patch"; + patch = ./multithreaded-rsapubkey-asn1.patch; + }; + bridge_stp_helper = { name = "bridge-stp-helper"; patch = ./bridge-stp-helper.patch; @@ -89,9 +95,9 @@ rec { }; grsecurity_testing = grsecPatch - { kver = "4.8.13"; - grrev = "201612082118"; - sha256 = "0cvw6sbinzlcxap8mf934ksgksgdd8w8pf8jfp82fbyiz53klfn1"; + { kver = "4.8.15"; + grrev = "201612151923"; + sha256 = "1di4v0b0sn7ibg9vrn8w7d5vjxd2mdlxdmqsnyd6xyn8g00fra89"; }; # This patch relaxes grsec constraints on the location of usermode helpers, @@ -149,6 +155,14 @@ rec { url = "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git" + "/patch/drivers/lguest/x86/core.c?id=cdd77e87eae52"; sha256 = "04xlx6al10cw039av6jkby7gx64zayj8m1k9iza40sw0fydcfqhc"; + }; + }; + + packet_fix_race_condition_CVE_2016_8655 = + { name = "packet_fix_race_condition_CVE_2016_8655.patch"; + patch = fetchpatch { + url = "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=84ac7260236a49c79eede91617700174c2c19b0c"; + sha256 = "19viqjjgq8j8jiz5yhgmzwhqvhwv175q645qdazd1k69d25nv2ki"; + }; }; - }; } diff --git a/pkgs/os-specific/linux/kexectools/default.nix b/pkgs/os-specific/linux/kexectools/default.nix index cb30de44a81a..1b18fb590170 100644 --- a/pkgs/os-specific/linux/kexectools/default.nix +++ b/pkgs/os-specific/linux/kexectools/default.nix @@ -2,17 +2,17 @@ stdenv.mkDerivation rec { name = "kexec-tools-${version}"; - version = "2.0.12"; + version = "2.0.13"; src = fetchurl { urls = [ "mirror://kernel/linux/utils/kernel/kexec/${name}.tar.xz" "http://horms.net/projects/kexec/kexec-tools/${name}.tar.xz" ]; - sha256 = "03cj7w2l5fqn72xfhl4q6z0zbziwkp9bfn0gs7gaf9i44jv6gkhl"; + sha256 = "1k75p9h29xx57l1c69ravm4pg9pmriqxmwja12hgrnvi251ayjw7"; }; - hardeningDisable = [ "format" ]; + hardeningDisable = [ "format" "pic" "relro" ]; buildInputs = [ zlib ]; diff --git a/pkgs/os-specific/linux/musl/default.nix b/pkgs/os-specific/linux/musl/default.nix index ae0c7703de61..dd12a18dc82d 100644 --- a/pkgs/os-specific/linux/musl/default.nix +++ b/pkgs/os-specific/linux/musl/default.nix @@ -1,12 +1,12 @@ -{ stdenv, fetchurl }: +{ stdenv, fetchurl, fetchpatch }: stdenv.mkDerivation rec { name = "musl-${version}"; - version = "1.1.11"; + version = "1.1.15"; src = fetchurl { url = "http://www.musl-libc.org/releases/${name}.tar.gz"; - sha256 = "0grmmah3d9wajii26010plpinv3cbiq3kfqsblgn84kv3fjnv7mv"; + sha256 = "1ymhxkskivzph0q34zadwfglc5gyahqajm7chqqn2zraxv3lgr4p"; }; enableParallelBuilding = true; @@ -22,6 +22,15 @@ stdenv.mkDerivation rec { configureFlags = [ "--enable-shared" "--enable-static" + "--disable-gcc-wrapper" + ]; + + patches = [ + # CVE-2016-8859: http://www.openwall.com/lists/oss-security/2016/10/19/1 + (fetchpatch { + url = "https://git.musl-libc.org/cgit/musl/patch/?id=c3edc06d1e1360f3570db9155d6b318ae0d0f0f7"; + sha256 = "15ih0aj27lz4sgq8r5jndc3qy5gz3ciraavrqpp0vw8h5wjcsb9v"; + }) ]; dontDisableStatic = true; diff --git a/pkgs/os-specific/linux/wireguard/default.nix b/pkgs/os-specific/linux/wireguard/default.nix index 9a378988608a..e1b17f8f9fcd 100644 --- a/pkgs/os-specific/linux/wireguard/default.nix +++ b/pkgs/os-specific/linux/wireguard/default.nix @@ -4,13 +4,13 @@ assert kernel != null -> stdenv.lib.versionAtLeast kernel.version "4.1"; let - name = "wireguard-experimental-${version}"; + name = "wireguard-${version}"; - version = "0.0.20161116.1"; + version = "0.0.20161209"; src = fetchurl { - url = "https://git.zx2c4.com/WireGuard/snapshot/WireGuard-experimental-${version}.tar.xz"; - sha256 = "1393p1fllxvl4j0c8qz35k39crmcwrp8rjwxwn1wyhhrks8rs3bk"; + url = "https://git.zx2c4.com/WireGuard/snapshot/WireGuard-${version}.tar.xz"; + sha256 = "11n8dq8a8w0qj8xg5np9w02kmk14hn5hphv2h4bjw9hs8yxvkaya"; }; meta = with stdenv.lib; { |