about summary refs log tree commit diff
path: root/pkgs
Commit message (Collapse)AuthorAge
* contrast: 0.0.2 -> 0.0.3worldofpeace2020-04-19
|
* Merge pull request #84522 from emilazy/add-linux-hardened-patchesYegor Timoshenko2020-04-19
|\ | | | | linux_*_hardened: use linux-hardened patch set
| * linux_*_hardened: don't set FORTIFY_SOURCEEmily2020-04-17
| | | | | | | | Upstreamed in anthraxx/linux-hardened@d12c0d5f0c43f299634af7268f63929c1aaa10ee.
| * linux_*_hardened: don't set PANIC_ON_OOPSEmily2020-04-17
| | | | | | | | Upstreamed in anthraxx/linux-hardened@366e0216f15b7007c1f8b7ca86df681cbc22b50a.
| * linux_*_hardened: don't set SLAB_FREELIST_{RANDOM,HARDENED}Emily2020-04-17
| | | | | | | | | | Upstreamed in anthraxx/linux-hardened@786126f177aba14110394be49b404beba061292f, anthraxx/linux-hardened@44822ebeb7c3ede030c58cc64fc1c8e8489c9063.
| * linux_*_hardened: don't set HARDENED_USERCOPY_FALLBACKEmily2020-04-17
| | | | | | | | | | Upstreamed in anthraxx/linux-hardened@c1fe7a68e368d05e109e69ee3491da69093883a3, anthraxx/linux-hardened@2c553a2bb115211c8e1c97eb8c949320aeb29a1d.
| * linux_*_hardened: don't set DEBUG_LISTEmily2020-04-17
| | | | | | | | Upstreamed in anthraxx/linux-hardened@6b20124185e0548c1791bc8b7fde053de4fda269.
| * linux_*_hardened: don't set {,IO_}STRICT_DEVMEMEmily2020-04-17
| | | | | | | | | | | | | | | | | | STRICT_DEVMEM is on by default in upstream 5.6.2; IO_STRICT_DEVMEM is turned on by anthraxx/linux-hardened@103d23cb6645c1110fa33f2ce1ed1bba2b094081. Note that anthraxx/linux-hardened@db1d27e10e0e624632ecda9e72abb9ab126da4ce disables DEVMEM by default, so this is only relevant if that default is overridden to turn it back on.
| * linux_*_hardened: don't set DEBUG_WXEmily2020-04-17
| | | | | | | | Upstreamed in anthraxx/linux-hardened@55ee7417f305835e6e0880ecf0b1aa334f7aabf4.
| * linux_*_hardened: don't set BUG_ON_DATA_CORRUPTIONEmily2020-04-17
| | | | | | | | Upstreamed in anthraxx/linux-hardened@3fcd15014c8e99828de0f946611d715411dc611d.
| * linux_*_hardened: don't set LEGACY_VSYSCALL_NONEEmily2020-04-17
| | | | | | | | Upstreamed in anthraxx/linux-hardened@d300b0fdad706daab3a36a8d23b35ebe03c3fc87.
| * linux_*_hardened: don't set RANDOMIZE_{BASE,MEMORY}Emily2020-04-17
| | | | | | | | | | These are on by default for x86 in upstream linux-5.6.2, and turned on for arm64 by anthraxx/linux-hardened@90f9670bc3696f564ac2e874a2b80046b90ea49f.
| * linux_*_hardened: don't set MODIFY_LDT_SYSCALLEmily2020-04-17
| | | | | | | | Upstreamed in anthraxx/linux-hardened@05644876fa5dc3a67a8ea4b396e2214a2f8e8411.
| * linux_*_hardened: don't set DEFAULT_MMAP_MIN_ADDREmily2020-04-17
| | | | | | | | Upstreamed in anthraxx/linux-hardened@f1fe0a64dd532551b048d97b35473c25809f7a0f.
| * linux_*_hardened: don't set VMAP_STACKEmily2020-04-17
| | | | | | | | This has been on by default upstream for as long as it's been an option.
| * linux_*_hardened: don't set X86_X32Emily2020-04-17
| | | | | | | | | | | | As far as I can tell, this has never defaulted to on upstream, and our common kernel configuration doesn't turn it on, so the attack surface reduction here is somewhat homeopathic.
| * linux_*_hardened: use linux-hardened patch setEmily2020-04-17
| | | | | | | | | | | | | | | | | | | | | | This is an updated version of the former upstream, https://github.com/AndroidHardeningArchive/linux-hardened, and provides a minimal set of additional hardening patches on top of upstream. The patch already incorporates many of our hardened profile defaults, and releases are timely (Linux 5.5.15 and 5.6.2 were released on 2020-04-02; linux-hardened patches for them came out on 2020-04-03 and 2020-04-04 respectively).
| * linux: explicitly enable SYSVIPCEmily2020-04-17
| | | | | | | | | | The linux-hardened patch set removes this default, probably because of its original focus on Android kernel hardening.
| * graphene-hardened-malloc: enable on aarch64-linuxEmily2020-04-17
| |
* | Merge pull request #85343 from xrelkd/add/rshijackMario Rodas2020-04-19
|\ \ | | | | | | rshijack: init at 0.3.0
| * | rshijack: init at 0.3.0xrelkd2020-04-19
| | |
* | | terraform: fix /bin/stty reference (#85560)Mario Rodas2020-04-19
| | |
* | | Merge pull request #85499 from bhipple/u/dnnlJörg Thalheim2020-04-19
|\ \ \
| * | | dnnl: 1.2.2 -> 1.4Benjamin Hipple2020-04-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The upstream readme has a note about renaming the git repo and libname: https://github.com/oneapi-src/oneDNN#oneapi-deep-neural-network-library-onednn Changelog: https://github.com/oneapi-src/oneDNN/releases/tag/v1.4
* | | | webkitgtk: 2.28.0 → 2.28.1 (#85378)Jan Tojnar2020-04-19
| | | | | | | | | | | | | | | | Fixes a CVE https://webkitgtk.org/security/WSA-2020-0004.html https://webkitgtk.org/2020/04/13/webkitgtk2.28.1-released.html
* | | | bbswitch: fix build with Linux kernel version >= 5.6.0Peter Simons2020-04-19
| | | | | | | | | | | | | | | | Fixes https://github.com/NixOS/nixpkgs/issues/85564.
* | | | Merge pull request #85538 from gnidorah/openjkAaron Andersen2020-04-19
|\ \ \ \ | | | | | | | | | | openjk: use gcc9
| * | | | openjk: use gcc9gnidorah2020-04-19
| | | | |
* | | | | mitmproxy: 4.0.4 -> 5.1.1rnhmjoj2020-04-19
| | | | |
* | | | | pythonPackages.publicsuffix2: init at 2.2019-12-21rnhmjoj2020-04-19
|/ / / /
* | | | Merge pull request #85532 from marsam/update-leanGabriel Ebner2020-04-19
|\ \ \ \
| * | | | lean: 3.8.0 -> 3.9.0Mario Rodas2020-04-18
| | | | |
* | | | | Merge pull request #85473 from marsam/update-bazeliskMario Rodas2020-04-19
|\ \ \ \ \ | | | | | | | | | | | | bazelisk: 1.3.0 -> 1.4.0
| * | | | | bazelisk: 1.3.0 -> 1.4.0Mario Rodas2020-04-17
| | | | | | | | | | | | | | | | | | | | | | | | Changelog; https://github.com/bazelbuild/bazelisk/releases/tag/v1.4.0
* | | | | | Merge pull request #85471 from bbigras/spotifydMario Rodas2020-04-19
|\ \ \ \ \ \ | | | | | | | | | | | | | | spotifyd: add withMpris and withKeyring optionals
| * | | | | | spotifyd: add withMpris and withKeyring optionalsBruno Bigras2020-04-17
| | | | | | |
* | | | | | | Merge pull request #85512 from ggreif/wasmtimeMatthew Bauer2020-04-18
|\ \ \ \ \ \ \ | |_|_|/ / / / |/| | | | | | wasmtime-0.12.0: fix cargoSha256
| * | | | | | wasmtime-0.12.0: fix cargoSha256Gabor Greif2020-04-18
| | | | | | |
* | | | | | | Merge pull request #85514 from petabyteboy/feature/dockerJaka Hudoklin2020-04-19
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | docker: add git to extraPath
| * | | | | | | docker: add git to extraPathMilan Pässler2020-04-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When building a docker container from git, docker was missing the git binary in $PATH.
* | | | | | | | Revert "calibre: 4.12.0 -> 4.13.0"worldofpeace2020-04-18
| | | | | | | |
* | | | | | | | Merge pull request #85248 from HugoReeves/update-joplin-desktopadisbladis2020-04-19
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | joplin-desktop: 1.0.179 -> 1.0.200
| * | | | | | | | joplin-desktop: add maintainer hugoreeves, change homepageHugo Reeves2020-04-17
| | | | | | | | |
| * | | | | | | | joplin-desktop: 1.0.179 -> 1.0.200Hugo Reeves2020-04-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Builds successfully on NixOS
* | | | | | | | | Merge pull request #85524 from rvolosatovs/update/firaworldofpeace2020-04-18
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | fira: 4.106 -> 4.202
| * | | | | | | | | fira: 4.106 -> 4.202Roman Volosatovs2020-04-19
| | | | | | | | | |
* | | | | | | | | | Revert "[WIP] {help wanted} twolame: 2017-09-27 -> 0.4.0"worldofpeace2020-04-18
| | | | | | | | | |
* | | | | | | | | | firefox-wrapper: don't throw on enableGnomeExtensionsworldofpeace2020-04-18
|/ / / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | We use the config for the native messaging host below this statement.
* | | | | | | | | Merge #84442: staging-next branchVladimír Čunát2020-04-18
|\ \ \ \ \ \ \ \ \
| * \ \ \ \ \ \ \ \ Merge branch 'master' into staging-nextVladimír Čunát2020-04-18
| |\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Hydra nixpkgs: ?compare=1582510
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-07 12:08:00 +0000