Frederik Rietdijk
1c68570ab2
Merge staging-next into staging
2020-06-05 19:42:16 +02:00
Frederik Rietdijk
43f71029cc
Merge master into staging-next
2020-06-05 19:40:53 +02:00
Tim Steinbach
05b3c7dd66
linux/hardened/patches/5.6: 5.6.15.a -> 5.6.16.a
2020-06-05 09:45:25 -04:00
Tim Steinbach
5537f64700
linux/hardened/patches/5.4: 5.4.43.a -> 5.4.44.a
2020-06-05 09:45:23 -04:00
Tim Steinbach
7ce3d24baa
linux/hardened/patches/4.19: 4.19.125.a -> 4.19.126.a
2020-06-05 09:45:21 -04:00
Tim Steinbach
2c2362cea5
linux/hardened/patches/4.14: 4.14.182.a -> 4.14.183.a
2020-06-05 09:45:19 -04:00
Tim Steinbach
7557c83ea4
linux_latest-libre: 17506 -> 17527
2020-06-05 09:45:08 -04:00
Tim Steinbach
4c5251436b
linux: 5.6.15 -> 5.6.16
2020-06-05 09:37:49 -04:00
Tim Steinbach
6599499cd7
linux: 5.4.43 -> 5.4.44
2020-06-05 09:37:38 -04:00
Tim Steinbach
c511f3bab6
linux: 4.9.225 -> 4.9.226
2020-06-05 09:37:26 -04:00
Tim Steinbach
4bf8aa6b71
linux: 4.4.225 -> 4.4.226
2020-06-05 09:37:11 -04:00
Tim Steinbach
0c574f3357
linux: 4.19.125 -> 4.19.126
2020-06-05 09:37:03 -04:00
Tim Steinbach
877920254a
linux: 4.14.182 -> 4.14.183
2020-06-05 09:36:43 -04:00
Anders Kaseorg
0f2e569505
linux: CONFIG_MOUSE_ELAN_I2C_SMBUS=y
...
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2020-06-04 18:22:23 +02:00
Frederik Rietdijk
08900c0554
Merge master into staging-next
2020-06-04 15:25:54 +02:00
Tim Steinbach
746fe02a5a
linux_latest-libre: 17445 -> 17506
2020-05-30 11:23:42 -04:00
Frederik Rietdijk
03de4c02fb
Merge staging-next into staging
2020-05-28 22:05:36 +02:00
Tim Steinbach
dc9b007637
linux/hardened/patches/5.6: 5.6.14.a -> 5.6.15.a
2020-05-28 09:35:07 -04:00
Tim Steinbach
a1ec9f649e
linux/hardened/patches/5.4: 5.4.42.a -> 5.4.43.a
2020-05-28 09:35:07 -04:00
Tim Steinbach
827df89616
linux/hardened/patches/4.19: 4.19.124.a -> 4.19.125.a
2020-05-28 09:35:06 -04:00
Tim Steinbach
964a5b99f7
linux/hardened/patches/4.14: 4.14.181.a -> 4.14.182.a
2020-05-28 09:35:06 -04:00
Tim Steinbach
3b94b3f0ac
linux: 5.6.14 -> 5.6.15
2020-05-28 09:35:06 -04:00
Tim Steinbach
5c4bd56c45
linux: 5.4.42 -> 5.4.43
2020-05-28 09:35:05 -04:00
Tim Steinbach
583e50cc79
linux: 4.9.224 -> 4.9.225
2020-05-28 09:35:05 -04:00
Tim Steinbach
c1299ef40c
linux: 4.4.224 -> 4.4.225
2020-05-28 09:35:04 -04:00
Tim Steinbach
d5c4986dfa
linux: 4.19.124 -> 4.19.125
2020-05-28 09:35:04 -04:00
Tim Steinbach
90d6c2b642
linux: 4.14.181 -> 4.14.182
2020-05-28 09:35:01 -04:00
Frederik Rietdijk
d578248611
Merge staging-next into staging
2020-05-24 10:10:06 +02:00
Tim Steinbach
cb2686adc3
linux-hardened: Remove 5.5
2020-05-23 10:36:10 -04:00
Frederik Rietdijk
8a77c900dd
Merge staging-next into staging
2020-05-23 10:25:19 +02:00
Tim Steinbach
062cd3e87c
linux: Remove 5.5
...
The 5.5.x series is now EOL
2020-05-22 19:02:51 -04:00
Tim Steinbach
8b66da57ed
linux/hardened/patches/5.6: 5.6.13.a -> 5.6.14.a
2020-05-22 10:51:24 -04:00
Tim Steinbach
f759c5af51
linux/hardened/patches/5.4: 5.4.41.a -> 5.4.42.a
2020-05-22 10:51:22 -04:00
Tim Steinbach
b7de919a94
linux/hardened/patches/4.19: 4.19.123.a -> 4.19.124.a
2020-05-22 10:51:20 -04:00
Tim Steinbach
0c9c846768
linux/hardened/patches/4.14: 4.14.180.a -> 4.14.181.a
2020-05-22 10:51:14 -04:00
Florian Klink
cfb4d0dfe3
Merge pull request #84032 from teto/fix_kernel_merge
...
Fix kernel configuration merge
2020-05-22 13:32:22 +02:00
Tim Steinbach
c768dcfcfc
linux: 5.6.13 -> 5.6.14
2020-05-20 08:27:14 -04:00
Tim Steinbach
2364627a39
linux: 5.4.41 -> 5.4.42
2020-05-20 08:27:07 -04:00
Tim Steinbach
d2f98da120
linux: 4.9.223 -> 4.9.224
2020-05-20 08:27:00 -04:00
Tim Steinbach
ed3766309f
linux: 4.4.223 -> 4.4.224
2020-05-20 08:26:51 -04:00
Tim Steinbach
439a9043a1
linux: 4.19.123 -> 4.19.124
2020-05-20 08:26:43 -04:00
Tim Steinbach
b3e7b6d556
linux: 4.14.180 -> 4.14.181
2020-05-20 08:26:30 -04:00
Tim Steinbach
8b5a3127b3
linux: 5.7-rc4 -> 5.7-rc6
2020-05-19 10:11:10 -04:00
Puck Meerburg
2b5d59cbdc
linux: Enable fbcon deferred takeover when possible
...
This config value ensures that when booting through e.g. UEFI, the
existing framebuffer contents stay put until the first character is
printed. As the default NixOS stage-1 immediately outputs a welcome
message on init, this does not impact it, but it will allow for a cleaner boot when
configured as such.
2020-05-17 17:43:34 +00:00
Tim Steinbach
2c74af6d97
linux/hardened/patches/5.6: 5.6.12.a -> 5.6.13.a
2020-05-15 20:23:17 -04:00
Tim Steinbach
6fd700adf1
linux/hardened/patches/5.4: 5.4.40.a -> 5.4.41.a
2020-05-15 20:23:15 -04:00
Tim Steinbach
d18d18a45d
linux/hardened/patches/4.19: 4.19.122.a -> 4.19.123.a
2020-05-15 20:23:09 -04:00
Tim Steinbach
7ef8639163
linux: 5.6.12 -> 5.6.13
2020-05-14 09:19:09 -04:00
Tim Steinbach
e3ba43b826
linux: 5.4.40 -> 5.4.41
2020-05-14 09:19:02 -04:00
Tim Steinbach
e9dbf2e508
linux: 4.19.122 -> 4.19.123
2020-05-14 09:18:52 -04:00
Matthew Bauer
233e60ca24
Merge pull request #87691 from matthewbauer/linux-rpi3-arm32
...
linux-rpi: use bcm2709 on arm32 rpi3
2020-05-13 10:35:21 -05:00
Matthew Bauer
c78ad0f7f8
linux-rpi: use bcm2709 on arm32 rpi3
...
“bcmrpi3_defconfig” isn’t provided for arm32, so we need to use
bcm2709_config. When on arm64, we can still use bcmrpi3_defconfig
2020-05-12 13:07:00 -05:00
Tim Steinbach
0c9b897241
linux-hardened: Fix kernel version detection
2020-05-12 08:37:08 -04:00
Tim Steinbach
511b503b0d
linux/hardened/patches/5.6: 5.6.11.a -> 5.6.12.a
2020-05-12 08:35:52 -04:00
Tim Steinbach
2646e949b0
linux/hardened/patches/5.4: 5.4.39.a -> 5.4.40.a
2020-05-12 08:35:50 -04:00
Tim Steinbach
fc545e4d23
linux/hardened/patches/4.19: 4.19.121.a -> 4.19.122.a
2020-05-12 08:35:48 -04:00
Tim Steinbach
677ddfef7c
linux/hardened/patches/4.14: 4.14.179.a -> 4.14.180.a
2020-05-12 08:35:46 -04:00
Tim Steinbach
0010ae4960
linux: 5.6.11 -> 5.6.12
2020-05-11 08:43:23 -04:00
Tim Steinbach
98c79eb588
linux: 5.4.39 -> 5.4.40
2020-05-11 08:43:15 -04:00
Tim Steinbach
39426327ce
linux: 4.9.222 -> 4.9.223
2020-05-11 08:43:06 -04:00
Tim Steinbach
ddd1363bff
linux: 4.4.222 -> 4.4.223
2020-05-11 08:42:56 -04:00
Tim Steinbach
36a1ca4daa
linux: 4.19.121 -> 4.19.122
2020-05-11 08:42:49 -04:00
Tim Steinbach
6d183ed8d8
linux: 4.14.179 -> 4.14.180
2020-05-11 08:42:38 -04:00
Emily
4688ec0eb2
linux: explicitly enable AIO
...
This is disabled by default in the linux-hardened patchset, but is
required by e.g. LVM.
Fixes #87260 .
2020-05-10 23:23:38 +01:00
Emily
5a5a2d0342
linux/hardened/update.py: pass encoding to subprocess
2020-05-08 15:49:36 +01:00
Emily
b2ad58536c
linux/hardened/update.py: commit updates in order
2020-05-08 15:49:36 +01:00
Emily
88486c4e76
linux/hardened/update.py: get versions with nix(1)
2020-05-08 15:49:36 +01:00
Emily
e77d174fcd
linux/hardened/update.py: add type annotations
2020-05-08 15:49:35 +01:00
Emily
d6fe0a4e2d
linux/hardened: move files into directory
2020-05-08 15:49:35 +01:00
Emily
abe4bef033
linux/update-hardened.py: use pathlib
2020-05-08 15:49:35 +01:00
Emily
83c4ac2eb3
linux/update-hardened.py: reformat
...
$ isort --multi-line=3 --trailing-comma --force-grid-wrap=0 --use-parentheses …
$ black --line-length=80 …
(per the black documentation)
2020-05-08 15:49:35 +01:00
Tim Steinbach
711667dc3e
linux/hardened-patches/4.14: 4.14.178.a -> 4.14.179.a
2020-05-07 20:56:39 -04:00
Tim Steinbach
3d44729f1e
linux/hardened-patches/4.19: 4.19.120.a -> 4.19.121.a
2020-05-07 20:56:38 -04:00
Tim Steinbach
ced789fa62
linux/hardened-patches/5.4: 5.4.38.a -> 5.4.39.a
2020-05-07 20:56:38 -04:00
Tim Steinbach
603741e751
linux/hardened-patches/5.6: 5.6.10.a -> 5.6.11.a
2020-05-07 20:56:38 -04:00
Tim Steinbach
f82e836e1d
linux: 5.6.10 -> 5.6.11
2020-05-06 15:58:09 -04:00
Tim Steinbach
bcbc507143
linux: 5.4.38 -> 5.4.39
2020-05-06 15:57:20 -04:00
Tim Steinbach
ac287ce319
linux: 4.19.120 -> 4.19.121
2020-05-06 15:56:35 -04:00
Vladimír Čunát
54eb2d1018
Merge branch 'staging-next'
...
Status on Hydra for linuxes seems good enough:
https://hydra.nixos.org/eval/1585703?filter=linux&compare=1585482&full=#tabs-now-fail
2020-05-06 08:20:05 +02:00
Jörg Thalheim
ee8cde8d1c
Merge pull request #86391 from kwohlfahrt/gpio-utils
2020-05-06 06:57:14 +01:00
Tim Steinbach
32585ddcec
linux: 4.9.221 -> 4.9.222
2020-05-05 14:35:55 -04:00
Tim Steinbach
7f75ff0777
linux: 4.4.221 -> 4.4.222
2020-05-05 14:35:46 -04:00
Tim Steinbach
018f49380e
linux: 4.14.178 -> 4.14.179
2020-05-05 14:35:33 -04:00
Frederik Rietdijk
9875bbae75
Merge master into staging-next
2020-05-05 19:51:09 +02:00
Kai Wohlfahrt
89d3a605e3
gpio-tools: init in kernel 5.4
...
Linux provides some tools to interact with the gpiochip interface (which
replaces the deprecated sysfs GPIO interface). Expose these as a
package.
The tool has not changed much recently, so there is no need to package a
version for each kernel.
2020-05-04 15:02:55 +01:00
Tim Steinbach
b6456e528e
linux: 5.7-rc3 -> 5.7-rc4
2020-05-04 08:41:50 -04:00
Tim Steinbach
d51998798f
linux/hardened-patches/4.14: 4.14.177.a -> 4.14.178.a
2020-05-03 13:17:07 -04:00
Tim Steinbach
4df77514e7
linux/hardened-patches/4.19: 4.19.119.a -> 4.19.120.a
2020-05-03 13:17:03 -04:00
Tim Steinbach
c5d56b1790
linux/hardened-patches/5.4: 5.4.36.a -> 5.4.38.a
2020-05-03 13:16:59 -04:00
Tim Steinbach
e7b54c19de
linux/hardened-patches/5.6: 5.6.8.a -> 5.6.10.a
2020-05-03 13:16:49 -04:00
Linus Heckemann
88e07d3a96
Merge pull request #86598 from Valodim/aarch64-hidraw
...
linux: CONFIG_HIDRAW=y
2020-05-03 11:04:56 +02:00
Vincent Breitmoser
bdd2d3ccb2
linux: CONFIG_HIDRAW=y
2020-05-02 17:43:43 +02:00
Tim Steinbach
c46b55e640
linux: 5.6.8 -> 5.6.10
2020-05-02 14:46:24 -04:00
Tim Steinbach
ba19c248b7
linux: 5.4.36 -> 5.4.38
2020-05-02 14:46:24 -04:00
Tim Steinbach
13e51bb636
linux: 4.9.220 -> 4.9.221
2020-05-02 14:46:23 -04:00
Tim Steinbach
7e200a0177
linux: 4.4.220 -> 4.4.221
2020-05-02 14:46:23 -04:00
Tim Steinbach
92c2abe85f
linux: 4.19.119 -> 4.19.120
2020-05-02 14:46:23 -04:00
Tim Steinbach
163e5a8d0c
linux: 4.14.177 -> 4.14.178
2020-05-02 14:46:22 -04:00
Frederik Rietdijk
afb1041148
Merge master into staging-next
2020-05-02 09:39:00 +02:00
Tim Steinbach
61b97c17d6
linux: 5.7-rc2 -> 5.7-rc3
2020-05-01 11:43:43 -04:00
Frederik Rietdijk
484ee79050
Merge staging-next into staging
2020-05-01 08:57:10 +02:00
Tim Steinbach
5fa90ed9e2
linux/hardened-patches/4.19: 4.19.118.a -> 4.19.119.a
2020-04-30 10:05:58 -04:00
Tim Steinbach
22c0c49d61
linux/hardened-patches/5.4: 5.4.35.a -> 5.4.36.a
2020-04-30 10:05:56 -04:00
Tim Steinbach
53ea32be28
linux/hardened-patches/5.6: 5.6.7.a -> 5.6.8.a
2020-04-30 10:05:50 -04:00
Tim Steinbach
bbf8ce13eb
linux: 5.6.7 -> 5.6.8
2020-04-29 15:38:11 -04:00
Tim Steinbach
100e81982d
linux: 5.4.35 -> 5.4.36
2020-04-29 15:38:11 -04:00
Tim Steinbach
ca44d3eb1e
linux: 4.19.118 -> 4.19.119
2020-04-29 15:38:11 -04:00
Florian Klink
f046de4210
Merge pull request #86168 from lblasc/sof-firmware
...
Sound Open Firmware support, sof-firmware: init at 1.4.2, update kernel config
2020-04-29 12:36:53 +02:00
Luka Blaskovic
6fc9fd53db
linux config: enable Sound Open Firmware support
2020-04-29 07:31:49 +00:00
Arian van Putten
d103dc4998
linux: do not depend on systemd indirectly
...
utillinux depends on systemd because:
* uuidd supports socket activation
* lslogins can show recent journal entries
* fstrim comes with a service file (and we use this in NixOS)
* logger can write journal entries
(See https://www.openembedded.org/pipermail/openembedded-core/2015-February/102069.html )
systemd doesn't depend on utillinux but on utillinuxMinimal which is a
version of utillinux without these features to avoid cyclic
dependencies.
With this change, the linux kernel (of which i don't fully understand
why it would depend on util-linux in the first place, but this was added in
https://github.com/NixOS/nixpkgs/pull/32137/files without too much
explanation) depends on the minimal version of util-linux too.
This makes it that every time we change build flags in systemd
the linux kernel doesn't have to wastefully rebuild.
2020-04-28 15:34:44 +02:00
Tim Steinbach
a9fa6028ad
linux/hardened-patches/4.19: 4.19.117.a -> 4.19.118.a
2020-04-26 12:23:07 -04:00
Tim Steinbach
4af476e2b3
linux/hardened-patches/5.4: 5.4.34.a -> 5.4.35.a
2020-04-26 12:23:05 -04:00
Tim Steinbach
334627d92f
linux/hardened-patches/5.6: 5.6.6.a -> 5.6.7.a
2020-04-26 12:23:03 -04:00
Tim Steinbach
be48bf2ba8
linux/hardened-patches/4.14: 4.14.176.a -> 4.14.177.a
2020-04-26 12:23:01 -04:00
Tim Steinbach
4883dde6b7
linux: 4.9.219 -> 4.9.220
2020-04-26 12:22:41 -04:00
Tim Steinbach
6efb2ba2bf
linux: 4.4.219 -> 4.4.220
2020-04-26 12:22:05 -04:00
Tim Steinbach
6617a79ba3
linux: 4.14.176 -> 4.14.177
2020-04-26 12:21:32 -04:00
Austin Seipp
d403911451
linux_testing: 5.6-rc7 -> 5.7-rc2
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2020-04-24 10:58:31 -05:00
Emily
2c1db9649e
linux_*_hardened: index patches by major kernel version
...
This will avoid breaking the build whenever a non-major kernel update
happens. In the update script, we map each kernel version to the latest
patch for the latest kernel version less than or equal to what we
have packaged.
2020-04-23 18:50:26 +01:00
Jörg Thalheim
6dfd563633
linux_latest-hardened: fix evaluation
2020-04-23 16:45:06 +01:00
Jörg Thalheim
1bceaa1cee
linux_hardened: fix evaluation
2020-04-23 15:52:14 +01:00
Tim Steinbach
45c22565f6
linux: 5.6.6 -> 5.6.7
2020-04-23 08:17:15 -04:00
Tim Steinbach
2f10053834
linux: 5.4.34 -> 5.4.35
2020-04-23 08:17:06 -04:00
Tim Steinbach
62a608fd63
linux: 4.19.117 -> 4.19.118
2020-04-23 08:16:58 -04:00
Frederik Rietdijk
cff0669a48
Merge master into staging-next
2020-04-23 08:11:16 +02:00
Tim Steinbach
629068fe5b
linux_latest-libre: 17402 -> 17445
2020-04-22 19:40:01 -04:00
kraem
fca903c7dd
linux/hardened-patches/4.19.117: init at 4.19.117.a
2020-04-22 02:12:28 +02:00
kraem
99f30a5635
linux/hardened-patches/5.4.34: init at 5.4.34.a
2020-04-22 02:12:25 +02:00
kraem
3c81b3df4e
linux/hardened-patches/5.5.19: init at 5.5.19.a
2020-04-22 02:12:21 +02:00
kraem
c8b5e37764
linux/hardened-patches/5.6.6: init at 5.6.6.a
2020-04-22 02:12:17 +02:00
kraem
efafc50f5c
linux/hardened-patches/4.19.116: remove
2020-04-21 22:18:03 +02:00
kraem
8f2e9fcadd
linux/hardened-patches/5.5.18: remove
2020-04-21 22:18:03 +02:00
kraem
9ed70f4e46
linux/hardened-patches/5.6.5: remove
2020-04-21 22:18:03 +02:00
kraem
15807c58ad
linux/hardened-patches/5.4.33: remove
2020-04-21 22:18:02 +02:00
kraem
c9cf25bc61
linux: 5.6.5 -> 5.6.6
2020-04-21 21:59:59 +02:00
kraem
1e23dcbf22
linux: 5.5.18 -> 5.5.19
2020-04-21 21:59:22 +02:00
kraem
18c2b5a9aa
linux: 5.4.33 -> 5.4.34
2020-04-21 21:58:45 +02:00
kraem
e074301be8
linux: 4.19.116 -> 4.19.117
2020-04-21 21:58:03 +02:00
Frederik Rietdijk
803b3d296c
Merge staging-next into staging
2020-04-21 08:29:51 +02:00
kraem
523fe98821
linux/hardened-patches/4.19.116: 4.19.116.NixOS-a -> 4.19.116.a
2020-04-20 10:05:36 -04:00
kraem
45343beffe
linux/hardened-patches/5.4.33: 5.4.33.NixOS-a -> 5.4.33.a
2020-04-20 10:05:36 -04:00
kraem
48d908b731
linux/hardened-patches/5.5.18: init at 5.5.18.a
2020-04-20 10:05:36 -04:00
kraem
0fd9293703
linux/hardened-patches/5.6.5: init at 5.6.5.a
2020-04-20 10:05:36 -04:00
kraem
e7a65e6c41
linux/hardened-patches/5.5.17: remove
2020-04-20 10:05:36 -04:00
kraem
eb41f8122e
linux/hardened-patches/5.6.4: remove
2020-04-20 10:05:36 -04:00
kraem
8879086cfc
linux: 5.5.17 -> 5.5.18
2020-04-20 10:05:36 -04:00
kraem
4307923b86
linux: 5.6.4 -> 5.6.5
2020-04-20 10:05:36 -04:00
Yegor Timoshenko
6f1165a0cb
Merge pull request #84522 from emilazy/add-linux-hardened-patches
...
linux_*_hardened: use linux-hardened patch set
2020-04-19 20:01:35 +03:00
Vladimír Čunát
d96487b9ca
Merge branch 'master' into staging-next
...
Hydra nixpkgs: ?compare=1582510
2020-04-18 07:42:26 +02:00
John Ericson
33c2a76c5e
Merge remote-tracking branch 'upstream/master' into staging
2020-04-17 18:40:51 -04:00
Emily
7fdfe5381d
linux_*_hardened: don't set FORTIFY_SOURCE
...
Upstreamed in anthraxx/linux-hardened@d12c0d5f0c .
2020-04-17 16:13:39 +01:00
Emily
ed89b5b3f1
linux_*_hardened: don't set PANIC_ON_OOPS
...
Upstreamed in anthraxx/linux-hardened@366e0216f1 .
2020-04-17 16:13:39 +01:00
Emily
0d5f1697b7
linux_*_hardened: don't set SLAB_FREELIST_{RANDOM,HARDENED}
...
Upstreamed in anthraxx/linux-hardened@786126f177 ,
anthraxx/linux-hardened@44822ebeb7 .
2020-04-17 16:13:39 +01:00
Emily
4fb796e341
linux_*_hardened: don't set HARDENED_USERCOPY_FALLBACK
...
Upstreamed in anthraxx/linux-hardened@c1fe7a68e3 ,
anthraxx/linux-hardened@2c553a2bb1 .
2020-04-17 16:13:39 +01:00
Emily
3eeb5240ac
linux_*_hardened: don't set DEBUG_LIST
...
Upstreamed in anthraxx/linux-hardened@6b20124185 .
2020-04-17 16:13:39 +01:00
Emily
0611462e33
linux_*_hardened: don't set {,IO_}STRICT_DEVMEM
...
STRICT_DEVMEM is on by default in upstream 5.6.2; IO_STRICT_DEVMEM is
turned on by anthraxx/linux-hardened@103d23cb66 .
Note that anthraxx/linux-hardened@db1d27e10e
disables DEVMEM by default, so this is only relevant if that default is
overridden to turn it back on.
2020-04-17 16:13:39 +01:00
Emily
303bb60fb1
linux_*_hardened: don't set DEBUG_WX
...
Upstreamed in anthraxx/linux-hardened@55ee7417f3 .
2020-04-17 16:13:39 +01:00
Emily
33b94e5a44
linux_*_hardened: don't set BUG_ON_DATA_CORRUPTION
...
Upstreamed in anthraxx/linux-hardened@3fcd15014c .
2020-04-17 16:13:39 +01:00
Emily
db6b327508
linux_*_hardened: don't set LEGACY_VSYSCALL_NONE
...
Upstreamed in anthraxx/linux-hardened@d300b0fdad .
2020-04-17 16:13:39 +01:00
Emily
130f6812be
linux_*_hardened: don't set RANDOMIZE_{BASE,MEMORY}
...
These are on by default for x86 in upstream linux-5.6.2, and turned on
for arm64 by anthraxx/linux-hardened@90f9670bc3 .
2020-04-17 16:13:39 +01:00
Emily
8c68055432
linux_*_hardened: don't set MODIFY_LDT_SYSCALL
...
Upstreamed in anthraxx/linux-hardened@05644876fa .
2020-04-17 16:13:39 +01:00
Emily
8efe83c22e
linux_*_hardened: don't set DEFAULT_MMAP_MIN_ADDR
...
Upstreamed in anthraxx/linux-hardened@f1fe0a64dd .
2020-04-17 16:13:39 +01:00
Emily
3d4c8ae901
linux_*_hardened: don't set VMAP_STACK
...
This has been on by default upstream for as long as it's been an option.
2020-04-17 16:13:39 +01:00
Emily
7d5352df31
linux_*_hardened: don't set X86_X32
...
As far as I can tell, this has never defaulted to on upstream, and our
common kernel configuration doesn't turn it on, so the attack surface
reduction here is somewhat homeopathic.
2020-04-17 16:13:39 +01:00
Emily
0d4f35efd4
linux_*_hardened: use linux-hardened patch set
...
This is an updated version of the former upstream,
https://github.com/AndroidHardeningArchive/linux-hardened , and provides
a minimal set of additional hardening patches on top of upstream.
The patch already incorporates many of our hardened profile defaults,
and releases are timely (Linux 5.5.15 and 5.6.2 were released on
2020-04-02; linux-hardened patches for them came out on 2020-04-03 and
2020-04-04 respectively).
2020-04-17 16:13:39 +01:00
Emily
3d01e802bd
linux: explicitly enable SYSVIPC
...
The linux-hardened patch set removes this default, probably because of
its original focus on Android kernel hardening.
2020-04-17 16:12:29 +01:00
Tim Steinbach
e341107367
linux: 5.4.32 -> 5.4.33
2020-04-17 08:34:01 -04:00
Tim Steinbach
d9258d33be
linux: 4.19.115 -> 4.19.116
2020-04-17 08:34:01 -04:00
Niklas Hambüchen
f16ae2da3e
linux: Enable CONFIG_NET_DROP_MONITOR
by default.
...
Needed for subscribing to dropped packets (e.g. via `dropwatch`).
2020-04-14 20:07:51 +02:00
Jan Tojnar
b4a6714571
Merge branch 'staging-next' into staging
2020-04-13 18:54:59 +02:00
Jan Tojnar
a04625379a
Merge branch 'master' into staging-next
2020-04-13 18:50:35 +02:00
Tim Steinbach
f6e64feb14
linux: 5.6.3 -> 5.6.4
2020-04-13 08:36:35 -04:00
Tim Steinbach
bba4a30f8c
linux: 5.5.16 -> 5.5.17
2020-04-13 08:36:27 -04:00
Tim Steinbach
2b6e16abe0
linux: 5.4.31 -> 5.4.32
2020-04-13 08:36:19 -04:00
Tim Steinbach
f47969645b
linux: 4.9.218 -> 4.9.219
2020-04-13 08:36:11 -04:00
Tim Steinbach
e06d2a4682
linux: 4.19.114 -> 4.19.115
2020-04-13 08:36:04 -04:00
Tim Steinbach
f717bfeedb
linux: 4.14.175 -> 4.14.176
2020-04-13 08:35:56 -04:00
Tim Steinbach
3a8f6159cb
linux: 4.4.218 -> 4.4.219
2020-04-13 08:35:32 -04:00
Matthieu Coudron
bc6b37e967
fixup! kernel: fix errors in configuration
2020-04-11 14:04:25 +02:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs
2020-04-10 17:54:53 +01:00
Jan Tojnar
55a5c128d4
Merge branch 'staging-next' into staging
2020-04-10 12:13:27 +02:00
Jan Tojnar
1ab03c3a76
Merge branch 'master' into staging-next
2020-04-10 12:12:56 +02:00
Tim Steinbach
7bd91fe7af
linux: 5.6.2 -> 5.6.3
2020-04-08 08:51:08 -04:00
Tim Steinbach
1c637d2326
linux: 5.5.15 -> 5.5.16
2020-04-08 08:51:07 -04:00
Tim Steinbach
5653337922
linux: 5.4.30 -> 5.4.31
2020-04-08 08:51:07 -04:00
Eelco Dolstra
50913242ab
Merge pull request #81500 from primeos/tcp-cong-switch-to-cubic
...
linux config: Set TCP_CONG_CUBIC=yes to restore the default
2020-04-06 17:11:31 +02:00
Jörg Thalheim
a737f030cf
Merge pull request #71481 from eadwu/bcachefs/update-10
...
bcachefs: update 10
2020-04-06 15:43:36 +01:00
Edmund Wu
04a5e5ab7c
linux_testing_bcachefs: 5.3.2020.03.25 -> 5.3.2020.04.04
2020-04-06 10:29:33 -04:00
Frederik Rietdijk
edaa972160
Merge staging-next into staging
2020-04-03 21:55:10 +02:00
Florian Klink
35916a8c4b
Merge pull request #83658 from Emantor/topic/kernel-snd-ca0132
...
linux config: enable Creative Soundblaster DSP loading
2020-04-02 22:41:57 +02:00
Tim Steinbach
c36ec10158
linux: 4.9.217 -> 4.9.218
2020-04-02 14:03:09 -04:00
Tim Steinbach
e2df587f25
linux: 4.4.217 -> 4.4.218
2020-04-02 14:03:02 -04:00
Tim Steinbach
782db49b5a
linux: 4.14.174 -> 4.14.175
2020-04-02 14:02:48 -04:00
Tim Steinbach
4fbd9e3ab8
linux: 5.6.1 -> 5.6.2
2020-04-02 10:03:15 -04:00
Tim Steinbach
f2025f2d6d
linux: 5.5.14 -> 5.5.15
2020-04-02 10:03:07 -04:00
Tim Steinbach
bf0b6ab809
linux: 5.4.29 -> 5.4.30
2020-04-02 10:02:52 -04:00
Tim Steinbach
d47ba3e4b5
linux: 4.19.113 -> 4.19.114
2020-04-02 10:02:40 -04:00
Matthieu Coudron
121b17e1ac
kernel: fix errors in configuration
...
With the fix in kernel configuration merging, some kernel configuration items
marked as mandatory now correctly trigger an error when unused (while they
previously were unused).
2020-04-01 22:28:53 +02:00
Matthieu Coudron
b9a4e6953d
kernel: fix config generation
...
Addresses https://github.com/NixOS/nixpkgs/issues/71803 :
Kernel options are not merged as described, especially the "optional"
aspects. The error silences legitimate warnings.
2020-04-01 22:25:57 +02:00
Tim Steinbach
ef3f3f2728
linux_latest-libre: 17387 -> 17402
2020-04-01 10:46:07 -04:00