summary refs log tree commit diff
path: root/pkgs/os-specific
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/os-specific')
-rw-r--r--pkgs/os-specific/darwin/cctools/ld-tbd-v2.patch98
-rw-r--r--pkgs/os-specific/darwin/cctools/port.nix37
-rw-r--r--pkgs/os-specific/darwin/cctools/support-ios.patch13
-rw-r--r--pkgs/os-specific/darwin/cctools/undo-unknown-triple.patch17
-rw-r--r--pkgs/os-specific/darwin/darling/default.nix2
-rw-r--r--pkgs/os-specific/darwin/ios-cross/default.nix61
-rw-r--r--pkgs/os-specific/darwin/ios-sdk-pkgs/default.nix68
-rw-r--r--pkgs/os-specific/linux/acpid/default.nix4
-rw-r--r--pkgs/os-specific/linux/alsa-oss/default.nix4
-rw-r--r--pkgs/os-specific/linux/alsa-plugins/default.nix4
-rw-r--r--pkgs/os-specific/linux/alsa-tools/default.nix4
-rw-r--r--pkgs/os-specific/linux/hwdata/default.nix6
-rw-r--r--pkgs/os-specific/linux/kernel/linux-4.14.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/linux-4.15.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/linux-4.16.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/linux-4.4.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/linux-4.9.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/linux-copperhead-hardened.nix4
-rw-r--r--pkgs/os-specific/linux/mcelog/default.nix4
-rw-r--r--pkgs/os-specific/linux/pam_u2f/default.nix4
-rw-r--r--pkgs/os-specific/linux/sysstat/default.nix4
21 files changed, 258 insertions, 96 deletions
diff --git a/pkgs/os-specific/darwin/cctools/ld-tbd-v2.patch b/pkgs/os-specific/darwin/cctools/ld-tbd-v2.patch
new file mode 100644
index 000000000000..9aae2be1d033
--- /dev/null
+++ b/pkgs/os-specific/darwin/cctools/ld-tbd-v2.patch
@@ -0,0 +1,98 @@
+diff --git a/cctools/ld64/src/ld/parsers/textstub_dylib_file.cpp b/cctools/ld64/src/ld/parsers/textstub_dylib_file.cpp
+index 09c0e12..ac6b085 100644
+--- a/cctools/ld64/src/ld/parsers/textstub_dylib_file.cpp
++++ b/cctools/ld64/src/ld/parsers/textstub_dylib_file.cpp
+@@ -187,6 +187,7 @@ struct DynamicLibrary {
+ 	ld::File::ObjcConstraint _objcConstraint;
+ 	Options::Platform _platform;
+ 	std::vector<Token> _allowedClients;
++	std::vector<Token> _allowableClients;
+ 	std::vector<Token> _reexportedLibraries;
+ 	std::vector<Token> _symbols;
+ 	std::vector<Token> _classes;
+@@ -246,6 +247,14 @@ class TBDFile {
+ 		});
+ 	}
+ 
++	void parseAllowableClients(DynamicLibrary& lib) {
++		if ( !hasOptionalToken("allowable-clients") )
++			return;
++		parseFlowSequence([&](Token name) {
++			lib._allowableClients.emplace_back(name);
++		});
++	}
++
+ 	void parseReexportedDylibs(DynamicLibrary& lib) {
+ 		if ( !hasOptionalToken("re-exports") )
+ 			return;
+@@ -306,6 +315,21 @@ class TBDFile {
+ 		return false;
+ 	}
+ 
++	void skipUUIDs(DynamicLibrary& lib) {
++		expectToken("uuids");
++		while ( true ) {
++			auto token = next();
++			if ( token == "]" )
++				break;
++		}
++	}
++
++	void skipParentUmbrella(DynamicLibrary& lib) {
++		if (!hasOptionalToken("parent-umbrella"))
++			return;
++		next();
++	}
++
+ 	void parsePlatform(DynamicLibrary& lib) {
+ 		expectToken("platform");
+ 
+@@ -410,6 +434,7 @@ class TBDFile {
+ 			}
+ 
+ 			parseAllowedClients(lib);
++			parseAllowableClients(lib);
+ 			parseReexportedDylibs(lib);
+ 			parseSymbols(lib);
+ 			if ( !hasOptionalToken("-") )
+@@ -455,17 +480,21 @@ class TBDFile {
+ 			return result.front();
+ 	}
+ 
+-	void parseDocument(DynamicLibrary& lib, std::string &requestedArchName) {
++	void parseDocument(DynamicLibrary& lib, std::string &requestedArchName, bool isTbdV2) {
+ 		auto selectedArchName = parseAndSelectArchitecture(requestedArchName);
+ 		if (selectedArchName.empty())
+ 			throwf("invalid arch");
+ 
++		if(isTbdV2)
++			skipUUIDs(lib);
+ 		parsePlatform(lib);
+ 		parseInstallName(lib);
+ 		parseCurrentVersion(lib);
+ 		parseCompatibilityVersion(lib);
+ 		parseSwiftVersion(lib);
+ 		parseObjCConstraint(lib);
++		if(isTbdV2)
++			skipParentUmbrella(lib);
+ 		parseExportsBlock(lib, selectedArchName);
+ 	}
+ 
+@@ -476,7 +505,8 @@ public:
+ 		_tokenizer.reset();
+ 		DynamicLibrary lib;
+ 		expectToken("---");
+-		parseDocument(lib, requestedArchName);
++		auto isTbdV2 = hasOptionalToken("!tapi-tbd-v2");
++		parseDocument(lib, requestedArchName, isTbdV2);
+ 		expectToken("...");
+ 		return lib;
+ 	}
+@@ -486,6 +516,7 @@ public:
+ 		auto token = next();
+ 		if ( token != "---" )
+ 			return false;
++		hasOptionalToken("!tapi-tbd-v2");
+ 		return !parseAndSelectArchitecture(requestedArchName).empty();
+ 	}
+ 
diff --git a/pkgs/os-specific/darwin/cctools/port.nix b/pkgs/os-specific/darwin/cctools/port.nix
index 55995c1592d1..d8abdc2c6f84 100644
--- a/pkgs/os-specific/darwin/cctools/port.nix
+++ b/pkgs/os-specific/darwin/cctools/port.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchFromGitHub, makeWrapper, autoconf, automake, libtool_2
+{ stdenv, fetchFromGitHub, makeWrapper, autoconf, automake, libtool_2, autoreconfHook
 , llvm, libcxx, libcxxabi, clang, libuuid
 , libobjc ? null, maloader ? null, xctoolchain ? null
 , hostPlatform, targetPlatform
@@ -6,6 +6,14 @@
 }:
 
 let
+
+  # We need to use an old version of cctools-port to support linking TBD files
+  # in the iOS SDK. Note that this only provides support for SDK versions up to
+  # 10.x. For 11.0 and higher we will need to upgrade to a newer cctools than the
+  # default version here, which can support the new TBD format via Apple's
+  # libtapi.
+  useOld = targetPlatform.isiOS;
+
   # The targetPrefix prepended to binary names to allow multiple binuntils on the
   # PATH to both be usable.
   targetPrefix = stdenv.lib.optionalString
@@ -16,10 +24,12 @@ in
 # Non-Darwin alternatives
 assert (!hostPlatform.isDarwin) -> (maloader != null && xctoolchain != null);
 
+assert enableDumpNormalizedLibArgs -> (!useOld);
+
 let
   baseParams = rec {
     name = "${targetPrefix}cctools-port-${version}";
-    version = "895";
+    version = if useOld then "886" else "895";
 
     src = fetchFromGitHub (if enableDumpNormalizedLibArgs then {
       owner  = "tpoechtrager";
@@ -27,6 +37,11 @@ let
       # master with https://github.com/tpoechtrager/cctools-port/pull/34
       rev    = "8395d4b2c3350356e2fb02f5e04f4f463c7388df";
       sha256 = "10vbf1cfzx02q8chc77s84fp2kydjpx2y682mr6mrbb7sq5rwh8f";
+    } else if useOld then {
+      owner  = "tpoechtrager";
+      repo   = "cctools-port";
+      rev    = "02f0b8ecd87a3951653d838a321ae744815e21a5";
+      sha256 = "0bzyabzr5dvbxglr74d0kbrk2ij5x7s5qcamqi1v546q1had1wz1";
     } else {
       owner  = "tpoechtrager";
       repo   = "cctools-port";
@@ -36,7 +51,11 @@ let
 
     outputs = [ "out" "dev" ];
 
-    nativeBuildInputs = [ autoconf automake libtool_2 ];
+    nativeBuildInputs = [
+      autoconf automake libtool_2
+    ] ++ stdenv.lib.optionals useOld [
+      autoreconfHook
+    ];
     buildInputs = [ libuuid ] ++
       # Only need llvm and clang if the stdenv isn't already clang-based (TODO: just make a stdenv.cc.isClang)
       stdenv.lib.optionals (!stdenv.isDarwin) [ llvm clang ] ++
@@ -44,9 +63,14 @@ let
 
     patches = [
       ./ld-rpath-nonfinal.patch ./ld-ignore-rpath-link.patch
+    ] ++ stdenv.lib.optionals useOld [
+      # See https://github.com/tpoechtrager/cctools-port/issues/24. Remove when that's fixed.
+      ./undo-unknown-triple.patch
+      ./ld-tbd-v2.patch
+      ./support-ios.patch
     ];
 
-    __propagatedImpureHostDeps = [
+    __propagatedImpureHostDeps = stdenv.lib.optionals (!useOld) [
       # As far as I can tell, otool from cctools is the only thing that depends on these two, and we should fix them
       "/usr/lib/libobjc.A.dylib"
       "/usr/lib/libobjc.dylib"
@@ -86,12 +110,15 @@ let
       EOF
     '' + stdenv.lib.optionalString (!stdenv.isDarwin) ''
       sed -i -e 's|clang++|& -I${libcxx}/include/c++/v1|' cctools/autogen.sh
+    '' + stdenv.lib.optionalString useOld ''
+      cd cctools
     '';
 
     # TODO: this builds an ld without support for LLVM's LTO. We need to teach it, but that's rather
     # hairy to handle during bootstrap. Perhaps it could be optional?
-    preConfigure = ''
+    preConfigure = stdenv.lib.optionalString (!useOld) ''
       cd cctools
+    '' + ''
       sh autogen.sh
     '';
 
diff --git a/pkgs/os-specific/darwin/cctools/support-ios.patch b/pkgs/os-specific/darwin/cctools/support-ios.patch
new file mode 100644
index 000000000000..f78c6b63ac80
--- /dev/null
+++ b/pkgs/os-specific/darwin/cctools/support-ios.patch
@@ -0,0 +1,13 @@
+diff --git a/cctools/configure.ac b/cctools/configure.ac
+index 56e8f24..0b4b3ff 100644
+--- a/cctools/configure.ac
++++ b/cctools/configure.ac
+@@ -39,7 +39,7 @@ EXTRACXXFLAGS=""
+ WARNINGS=""
+ 
+ case $host_os in
+-  darwin* )
++  darwin* | ios*)
+     isdarwin=yes
+     AM_CONDITIONAL([ISDARWIN], [true])
+   ;;
diff --git a/pkgs/os-specific/darwin/cctools/undo-unknown-triple.patch b/pkgs/os-specific/darwin/cctools/undo-unknown-triple.patch
new file mode 100644
index 000000000000..7df9bdd16dab
--- /dev/null
+++ b/pkgs/os-specific/darwin/cctools/undo-unknown-triple.patch
@@ -0,0 +1,17 @@
+diff --git a/cctools/as/driver.c b/cctools/as/driver.c
+index b06d085..c03397a 100644
+--- a/cctools/as/driver.c
++++ b/cctools/as/driver.c
+@@ -363,12 +363,6 @@ char **envp)
+ 	    /* Add -c or clang will run ld(1). */
+ 	    new_argv[j] = "-c";
+ 	    j++;
+-	    /* cctools-port start */
+-	    new_argv[j] = "-target";
+-	    j++;
+-	    new_argv[j] = "unknown-apple-darwin";
+-	    j++;
+-	    /* cctools-port end */
+ 	    new_argv[j] = NULL;
+ 	    if(execute(new_argv, verbose))
+ 		exit(0);
diff --git a/pkgs/os-specific/darwin/darling/default.nix b/pkgs/os-specific/darwin/darling/default.nix
index e440f1cd7098..b9d806cded23 100644
--- a/pkgs/os-specific/darwin/darling/default.nix
+++ b/pkgs/os-specific/darwin/darling/default.nix
@@ -8,7 +8,7 @@ stdenv.mkDerivation rec {
     repo = pname;
     owner = "darlinghq";
     rev = "d2cc5fa748003aaa70ad4180fff0a9a85dc65e9b";
-    sha256 = "1mkcnzy1cfpwghgvb9pszhy9jy6534y8krw8inwl9fqfd0w019wz";
+    sha256 = "1sdl0ysa3yfdvkq0x7vkdl64g7mcfy3qx70saf1d8rnhycbxjgjg";
   };
 
   # only packaging sandbox for now
diff --git a/pkgs/os-specific/darwin/ios-cross/default.nix b/pkgs/os-specific/darwin/ios-cross/default.nix
deleted file mode 100644
index 175e9738ef9e..000000000000
--- a/pkgs/os-specific/darwin/ios-cross/default.nix
+++ /dev/null
@@ -1,61 +0,0 @@
-{ runCommand
-, lib
-, llvm
-, clang
-, binutils
-, stdenv
-, coreutils
-, gnugrep
-, buildPackages
-, hostPlatform
-, targetPlatform
-}:
-
-/* As of this writing, known-good prefix/arch/simulator triples:
- * aarch64-apple-darwin14 | arm64  | false
- * arm-apple-darwin10     | armv7  | false
- * i386-apple-darwin11    | i386   | true
- * x86_64-apple-darwin14  | x86_64 | true
- */
-
-# Apple uses somewhat non-standard names for this. We could fall back on
-# `targetPlatform.parsed.cpu.name`, but that would be a more standard one and
-# likely to fail. Better just to require something manual.
-assert targetPlatform ? arch;
-
-let
-
-  prefix = targetPlatform.config;
-  inherit (targetPlatform) arch;
-  simulator = targetPlatform.isiPhoneSimulator or false;
-
-  sdkType = if simulator then "Simulator" else "OS";
-
-  sdkVer = "10.2";
-
-  sdk = "/Applications/Xcode.app/Contents/Developer/Platforms/iPhone${sdkType}.platform/Developer/SDKs/iPhone${sdkType}${sdkVer}.sdk";
-
-in (import ../../../build-support/cc-wrapper {
-    inherit stdenv coreutils gnugrep runCommand buildPackages;
-    nativeTools = false;
-    nativeLibc = false;
-    inherit binutils;
-    libc = runCommand "empty-libc" {} "mkdir -p $out/{lib,include}";
-    inherit (clang) cc;
-    inherit hostPlatform targetPlatform;
-    extraBuildCommands = ''
-      if ! [ -d ${sdk} ]; then
-          echo "You must have ${sdkVer} of the iPhone${sdkType} sdk installed at ${sdk}" >&2
-          exit 1
-      fi
-      # ugh
-      tr '\n' ' ' < $out/nix-support/cc-cflags > cc-cflags.tmp
-      mv cc-cflags.tmp $out/nix-support/cc-cflags
-      echo "-target ${prefix} -arch ${arch} -idirafter ${sdk}/usr/include ${if simulator then "-mios-simulator-version-min=7.0" else "-miphoneos-version-min=7.0"}" >> $out/nix-support/cc-cflags
-
-      # Purposefully overwrite libc-ldflags-before, cctools ld doesn't know dynamic-linker and cc-wrapper doesn't do cross-compilation well enough to adjust
-      echo "-arch ${arch} -L${sdk}/usr/lib ${lib.optionalString simulator "-L${sdk}/usr/lib/system "}-i${if simulator then "os_simulator" else "phoneos"}_version_min 7.0.0" > $out/nix-support/libc-ldflags-before
-    '';
-  }) // {
-    inherit sdkType sdkVer sdk;
-  }
diff --git a/pkgs/os-specific/darwin/ios-sdk-pkgs/default.nix b/pkgs/os-specific/darwin/ios-sdk-pkgs/default.nix
new file mode 100644
index 000000000000..5b9f30b62c39
--- /dev/null
+++ b/pkgs/os-specific/darwin/ios-sdk-pkgs/default.nix
@@ -0,0 +1,68 @@
+{ lib, hostPlatform, targetPlatform
+, clang-unwrapped
+, binutils-unwrapped
+, runCommand
+, stdenv
+, wrapBintoolsWith
+, wrapCCWith
+, buildIosSdk, targetIosSdkPkgs
+}:
+
+let
+
+minSdkVersion = "9.0";
+
+iosPlatformArch = { parsed, ... }: {
+  "arm"     = "armv7";
+  "aarch64" = "arm64";
+  "x86_64"  = "x86_64";
+}.${parsed.cpu.name};
+
+in
+
+rec {
+  # TODO(kmicklas): Make a pure version of this for each supported SDK version.
+  sdk = rec {
+    name = "ios-sdk";
+    type = "derivation";
+    outPath = "/Applications/Xcode.app/Contents/Developer/Platforms/iPhone${sdkType}.platform/Developer/SDKs/iPhone${sdkType}${version}.sdk";
+
+    sdkType = if targetPlatform.isiPhoneSimulator then "Simulator" else "OS";
+    version = targetPlatform.sdkVer;
+  };
+
+  binutils = wrapBintoolsWith {
+    libc = targetIosSdkPkgs.libraries;
+    bintools = binutils-unwrapped;
+    extraBuildCommands = ''
+      echo "-arch ${iosPlatformArch targetPlatform}" >> $out/nix-support/libc-ldflags
+    '';
+  };
+
+  clang = (wrapCCWith {
+    cc = clang-unwrapped;
+    bintools = binutils;
+    libc = targetIosSdkPkgs.libraries;
+    extraBuildCommands = ''
+      tr '\n' ' ' < $out/nix-support/cc-cflags > cc-cflags.tmp
+      mv cc-cflags.tmp $out/nix-support/cc-cflags
+      echo "-target ${targetPlatform.config} -arch ${iosPlatformArch targetPlatform}" >> $out/nix-support/cc-cflags
+      echo "-isystem ${sdk}/usr/include -isystem ${sdk}/usr/include/c++/4.2.1/ -stdlib=libstdc++" >> $out/nix-support/cc-cflags
+      echo "${if targetPlatform.isiPhoneSimulator then "-mios-simulator-version-min" else "-miphoneos-version-min"}=${minSdkVersion}" >> $out/nix-support/cc-cflags
+    '';
+  }) // {
+    inherit sdk;
+  };
+
+  libraries = let sdk = buildIosSdk; in runCommand "libSystem-prebuilt" {
+    passthru = {
+      inherit sdk;
+    };
+  } ''
+    if ! [ -d ${sdk} ]; then
+        echo "You must have version ${sdk.version} of the iPhone${sdk.sdkType} sdk installed at ${sdk}" >&2
+        exit 1
+    fi
+    ln -s ${sdk}/usr $out
+  '';
+}
diff --git a/pkgs/os-specific/linux/acpid/default.nix b/pkgs/os-specific/linux/acpid/default.nix
index c209cf6e3162..7a234b16c913 100644
--- a/pkgs/os-specific/linux/acpid/default.nix
+++ b/pkgs/os-specific/linux/acpid/default.nix
@@ -1,11 +1,11 @@
 { stdenv, fetchurl }:
 
 stdenv.mkDerivation rec {
-  name = "acpid-2.0.28";
+  name = "acpid-2.0.29";
 
   src = fetchurl {
     url = "mirror://sourceforge/acpid2/${name}.tar.xz";
-    sha256 = "043igasvp1l6nv5rzh4sksmymay2qn20anl4zm4zvwnkn1a3l34q";
+    sha256 = "1zq38al07z92r2md18zivrzgjqnn7m2wahdpgri6wijwjwkknl2q";
   };
 
   meta = with stdenv.lib; {
diff --git a/pkgs/os-specific/linux/alsa-oss/default.nix b/pkgs/os-specific/linux/alsa-oss/default.nix
index 0d02daebe1d7..5cd937a37928 100644
--- a/pkgs/os-specific/linux/alsa-oss/default.nix
+++ b/pkgs/os-specific/linux/alsa-oss/default.nix
@@ -1,14 +1,14 @@
 {stdenv, fetchurl, alsaLib, gettext, ncurses, libsamplerate}:
 
 stdenv.mkDerivation rec {
-  name = "alsa-oss-1.0.28";
+  name = "alsa-oss-1.1.6";
 
   src = fetchurl {
     urls = [
       "ftp://ftp.alsa-project.org/pub/oss-lib/${name}.tar.bz2"
       "http://alsa.cybermirror.org/oss-lib/${name}.tar.bz2"
     ];
-    sha256 = "1mbabiywxjjlvdh257j3a0v4vvy69mwwnvc3xlq7pg50i2m2rris";
+    sha256 = "1sj512wyci5qv8cisps96xngh7y9r5mv18ybqnazy18zwr1zgly3";
   };
 
   buildInputs = [ alsaLib ncurses libsamplerate ];
diff --git a/pkgs/os-specific/linux/alsa-plugins/default.nix b/pkgs/os-specific/linux/alsa-plugins/default.nix
index dc11d21ff1cb..f57f84b293b5 100644
--- a/pkgs/os-specific/linux/alsa-plugins/default.nix
+++ b/pkgs/os-specific/linux/alsa-plugins/default.nix
@@ -1,14 +1,14 @@
 { stdenv, fetchurl, lib, pkgconfig, alsaLib, libogg, libpulseaudio ? null, libjack2 ? null }:
 
 stdenv.mkDerivation rec {
-  name = "alsa-plugins-1.1.5";
+  name = "alsa-plugins-1.1.6";
 
   src = fetchurl {
     urls = [
       "ftp://ftp.alsa-project.org/pub/plugins/${name}.tar.bz2"
       "http://alsa.cybermirror.org/plugins/${name}.tar.bz2"
     ];
-    sha256 = "073zpgvj4pldmzqq97l40wngvbqnvrkc8yw153mgny9kypwaazbr";
+    sha256 = "04qcwkisbh0d6lnh0rw1k6n869fbs6zbfq6yvb41rymiwgmk27bg";
   };
 
   # ToDo: a52, etc.?
diff --git a/pkgs/os-specific/linux/alsa-tools/default.nix b/pkgs/os-specific/linux/alsa-tools/default.nix
index d1cae06d7fff..67cae46164fc 100644
--- a/pkgs/os-specific/linux/alsa-tools/default.nix
+++ b/pkgs/os-specific/linux/alsa-tools/default.nix
@@ -4,14 +4,14 @@
 
 stdenv.mkDerivation rec {
   name = "alsa-tools-${version}";
-  version = "1.1.5";
+  version = "1.1.6";
 
   src = fetchurl {
     urls = [
       "ftp://ftp.alsa-project.org/pub/tools/${name}.tar.bz2"
       "http://alsa.cybermirror.org/tools/${name}.tar.bz2"
     ];
-    sha256 = "0d6m5dm5yskfr6q42cv1ihp5lfgv4a67nj39gpp26ll3vrknag5w";
+    sha256 = "09rjb6hw1mn9y1jfdfj5djncgc2cr5wfps83k56rf6k4zg14v76n";
   };
 
   nativeBuildInputs = [ pkgconfig ];
diff --git a/pkgs/os-specific/linux/hwdata/default.nix b/pkgs/os-specific/linux/hwdata/default.nix
index 724242c588a1..15b3903ddd1a 100644
--- a/pkgs/os-specific/linux/hwdata/default.nix
+++ b/pkgs/os-specific/linux/hwdata/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   name = "hwdata-${version}";
-  version = "0.310";
+  version = "0.311";
 
   src = fetchurl {
-    url = "https://github.com/vcrhonek/hwdata/archive/v0.310.tar.gz";
-    sha256 = "08mhwwc9g9cpfyxrwwviflkdk2jnqs6hc95iv4r5d59hqrj5kida";
+    url = "https://github.com/vcrhonek/hwdata/archive/v0.311.tar.gz";
+    sha256 = "159av9wvl3biryxd5pgqcwz6wkdaa0ydmcysmzznx939mfv7w18z";
   };
 
   preConfigure = "patchShebangs ./configure";
diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix
index ba589b70b6b3..e064dbfd85bd 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.14.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.14.nix
@@ -3,13 +3,13 @@
 with stdenv.lib;
 
 buildLinux (args // rec {
-  version = "4.14.34";
+  version = "4.14.35";
 
   # branchVersion needs to be x.y
   extraMeta.branch = concatStrings (intersperse "." (take 2 (splitString "." version)));
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "1f9bl4qw61xw49y5xz1wyilg8gh0wv9k868fh8n3hp17hm66qavq";
+    sha256 = "01zfbd766y8hfsd248lffaj6d4ghl4j918m3yvl892p84xsp5aq2";
   };
 } // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-4.15.nix b/pkgs/os-specific/linux/kernel/linux-4.15.nix
index 63bfc79e62d2..07f408027d8e 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.15.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.15.nix
@@ -3,7 +3,7 @@
 with stdenv.lib;
 
 buildLinux (args // rec {
-  version = "4.15.17";
+  version = "4.15.18";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = concatStrings (intersperse "." (take 3 (splitString "." "${version}.0")));
@@ -13,6 +13,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "1f20h22rrchvqd653a3ih8q6l13zl47bp6k2339x9ihq40rg5m9g";
+    sha256 = "0hdg5h91zwypsgb1lp1m5q1iak1g00rml54fh6j7nj8dgrqwv29z";
   };
 } // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-4.16.nix b/pkgs/os-specific/linux/kernel/linux-4.16.nix
index aa225c8e7c79..343d7c9f9dac 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.16.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.16.nix
@@ -3,7 +3,7 @@
 with stdenv.lib;
 
 buildLinux (args // rec {
-  version = "4.16.2";
+  version = "4.16.3";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = concatStrings (intersperse "." (take 3 (splitString "." "${version}.0")));
@@ -13,6 +13,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "157q43px707nizqwzi5nk87c0nvdif9fbi751f71wpgfp3iiy2s7";
+    sha256 = "18w1dhq5dnmcqc3d8imwm90zwfw0fhda7sy5fjwkhzm93nl72s8d";
   };
 } // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-4.4.nix b/pkgs/os-specific/linux/kernel/linux-4.4.nix
index b59748541123..b14418964da5 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.4.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.4.nix
@@ -1,11 +1,11 @@
 { stdenv, buildPackages, hostPlatform, fetchurl, perl, buildLinux, ... } @ args:
 
 buildLinux (args // rec {
-  version = "4.4.127";
+  version = "4.4.128";
   extraMeta.branch = "4.4";
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "1gscsvijik24p0skhjnhqxlvzj3kfy5cmn3x9wn6ka687hwjb3qa";
+    sha256 = "1c5nlxazn2ijfra1bn3x4fdz3fx02j76hg430jgyij61vndgi5ka";
   };
 } // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-4.9.nix b/pkgs/os-specific/linux/kernel/linux-4.9.nix
index 86ddcf99dbe8..2f10bcc0ea80 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.9.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.9.nix
@@ -1,11 +1,11 @@
 { stdenv, buildPackages, hostPlatform, fetchurl, perl, buildLinux, ... } @ args:
 
 buildLinux (args // rec {
-  version = "4.9.93";
+  version = "4.9.95";
   extraMeta.branch = "4.9";
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "00srda6plvirmrr0bjgiksf00ssiigf5cqi4giy4mij5r6v8mxsq";
+    sha256 = "1x4z66v6zl4q0hzinzb1wvlq9fd3v4sbwj9lay69f3vdq8knsnly";
   };
 } // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-copperhead-hardened.nix b/pkgs/os-specific/linux/kernel/linux-copperhead-hardened.nix
index 0075cfbe165c..5685e6dd904d 100644
--- a/pkgs/os-specific/linux/kernel/linux-copperhead-hardened.nix
+++ b/pkgs/os-specific/linux/kernel/linux-copperhead-hardened.nix
@@ -3,9 +3,9 @@
 with stdenv.lib;
 
 let
-  version = "4.15.17";
+  version = "4.15.18";
   revision = "a";
-  sha256 = "0rm5dlfj3ryz879p04px1y3hvlfgh3ryk13ihldnl2j1dzl2046i";
+  sha256 = "1wld16i3r06mqxwwkghsxnnivg1jpc6c15y9iclhdgl4srcs1qp6";
 
   # modVersion needs to be x.y.z, will automatically add .0 if needed
   modVersion = concatStrings (intersperse "." (take 3 (splitString "." "${version}.0")));
diff --git a/pkgs/os-specific/linux/mcelog/default.nix b/pkgs/os-specific/linux/mcelog/default.nix
index 30c2b05b8e1e..4ebc1c00f7af 100644
--- a/pkgs/os-specific/linux/mcelog/default.nix
+++ b/pkgs/os-specific/linux/mcelog/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   name = "mcelog-${version}";
-  version = "156";
+  version = "157";
 
   src = fetchFromGitHub {
     owner  = "andikleen";
     repo   = "mcelog";
     rev    = "v${version}";
-    sha256 = "0mv4sxcysl3m9wqybg6b363mawr9amzhc9v53775p4p2a47z774r";
+    sha256 = "1965axyfizv2jg412a4wrrghgswwvvgymk7mbwaraw3xl9p21wgv";
   };
 
   postPatch = ''
diff --git a/pkgs/os-specific/linux/pam_u2f/default.nix b/pkgs/os-specific/linux/pam_u2f/default.nix
index f58dadfd10ce..0f0b6ebb37a6 100644
--- a/pkgs/os-specific/linux/pam_u2f/default.nix
+++ b/pkgs/os-specific/linux/pam_u2f/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   name    = "pam_u2f-${version}";
-  version = "1.0.4";
+  version = "1.0.5";
 
   src     = fetchurl {
     url = "https://developers.yubico.com/pam-u2f/Releases/${name}.tar.gz";
-    sha256 = "189j0wgx6fs146vfp88djqpl1flpfb3962l1a2marlp6d12jwm3i";
+    sha256 = "0bbwy9k3002anhkv67zwck3dry7blqnnp291dc4qsjrca0blw217";
   };
 
   nativeBuildInputs = [ pkgconfig ];
diff --git a/pkgs/os-specific/linux/sysstat/default.nix b/pkgs/os-specific/linux/sysstat/default.nix
index d8e95ff74c43..db9f05f5f4d8 100644
--- a/pkgs/os-specific/linux/sysstat/default.nix
+++ b/pkgs/os-specific/linux/sysstat/default.nix
@@ -1,11 +1,11 @@
 { stdenv, fetchurl, gettext, bzip2 }:
 
 stdenv.mkDerivation rec {
-  name = "sysstat-11.7.2";
+  name = "sysstat-11.7.3";
 
   src = fetchurl {
     url = "http://perso.orange.fr/sebastien.godard/${name}.tar.xz";
-    sha256 = "169yh9d0ags9xrn5g0k42wd1c895117zbzs257cjxqnb2vk0a38v";
+    sha256 = "1sk6rhdqr8xsm456fkhkcmbnqgkymqqs3jkapcf8mrnsx36gz94f";
   };
 
   buildInputs = [ gettext ];