Tim Steinbach
224a8f7358
linux: 4.9.21 -> 4.9.22
2017-04-12 09:13:56 -04:00
Tim Steinbach
205abc1fb6
linux: 4.11-rc5 -> 4.11-rc6
2017-04-10 08:34:23 -04:00
Joachim Fasting
7701cbca6b
grsecurity: 4.9.20-201703310823 -> 4.9.21-201704091948
2017-04-10 03:34:42 +02:00
Nikolay Amiantov
7099e8da83
linux: build with initrd support by default
...
We don't require initrd in some cases but still most boot sequences including ARM use it.
2017-04-09 22:46:07 +03:00
Nikolay Amiantov
c0e77dba0e
linux: add kernelPreferBuiltin platform option
...
This allows to use kernelAutoModules but still compile in any options that are set so in template config.
It's helpful for ARM and maybe other platforms where defaul configurations are useful because they compile in
modules that we and udev cannot autodetect now.
2017-04-09 22:46:07 +03:00
Tim Steinbach
79f9544eca
linux: 4.4.59 -> 4.4.60
2017-04-08 08:04:54 -04:00
Tim Steinbach
1988c1fa41
linux: 4.10.8 -> 4.10.9
2017-04-08 08:02:18 -04:00
Tim Steinbach
016a319b50
linux: 4.9.20 -> 4.9.21
2017-04-08 07:59:27 -04:00
Tim Steinbach
a29d0df28c
linux: 4.11-rc4 -> 4.11-rc5
2017-04-03 09:02:37 -04:00
Volth
b78f16b337
kernel: do not remove .o files on installPhase
2017-04-01 16:05:17 +03:00
Volth
ed41d50e9f
kernel: fix 9p issues
...
[tuomas: rename the patch from 9p-hacks to something slighly more
meaningful]
Signed-off-by: Tuomas Tynkkynen <tuomas@tuxera.com>
2017-04-01 15:49:14 +03:00
Joachim Fasting
a41668f441
grsecurity: 4.9.19-201703300917 -> 4.9.20-201703310823
2017-04-01 00:08:50 +02:00
Tim Steinbach
cb791371c5
linux: 4.4.58 -> 4.4.59
2017-03-31 09:19:07 -04:00
Tim Steinbach
bff456bd55
linux: 4.10.7 -> 4.10.8
2017-03-31 09:16:52 -04:00
Tim Steinbach
501429d120
linux: 4.9.19 -> 4.9.20
2017-03-31 09:14:19 -04:00
Tim Steinbach
ecca152887
linux: 4.10.6 -> 4.10.7
2017-03-30 22:12:26 -04:00
Tim Steinbach
6b5193bcd9
linux: 4.4.57 -> 4.4.58
2017-03-30 22:12:05 -04:00
Joachim Fasting
f9cb8775b3
linux_4_9: 4.9.18 -> 4.9.19
2017-03-30 22:50:38 +02:00
Joachim Fasting
4d4488e793
grsecurity: 4.9.18-201703261106 -> 4.9.19-201703300917
2017-03-30 16:28:34 +02:00
Tim Steinbach
310bb3e6bb
linux: 4.11-rc3 -> 4.11-rc4
2017-03-26 19:04:21 -04:00
Joachim Fasting
5fe81c1bdb
grsecurity: 4.9.17-201703221829 -> 4.9.18-201703261106
2017-03-26 21:35:36 +02:00
Tim Steinbach
23d0f01e95
linux: 4.4.56 -> 4.4.57
2017-03-26 10:08:56 -04:00
Tim Steinbach
c0411ea229
linux: 4.10.5 -> 4.10.6
2017-03-26 10:05:22 -04:00
Tim Steinbach
422a8b9cd1
linux: 4.9.17 -> 4.9.18
2017-03-26 10:00:57 -04:00
Guillaume Maudoux
d431ff2776
linux_mptcp: 0.91.2 -> 0.91.3 (kernel 4.1.38)
2017-03-23 22:36:24 +01:00
Robin Gloster
37f7470269
linux: drop 3.12 and 4.1
...
Support ends before 17.09 is released:
https://www.kernel.org/category/releases.html
2017-03-23 22:06:04 +01:00
Tim Steinbach
37a965c1de
linux: 4.10.4 -> 4.10.5
2017-03-23 16:43:31 -04:00
Tim Steinbach
a20602d8e2
linux: 4.4.55 -> 4.4.56
2017-03-23 16:38:46 -04:00
Joachim Fasting
94ab4932ae
grsecurity: 4.9.16-201703180820 -> 4.9.17-201703221829
2017-03-23 01:03:14 +01:00
Joachim Fasting
a2fdf72ec4
linux_4_9: 4.9.16 -> 4.9.17
2017-03-23 01:03:11 +01:00
Tim Steinbach
c60102d177
linux: 4.11-rc2 -> 4.11-rc3
2017-03-21 20:32:36 -04:00
Tim Steinbach
bef5607e20
linux: 4.4.54 -> 4.4.55
2017-03-19 12:18:46 -04:00
Tim Steinbach
6879d560cb
linux: 4.10.3 -> 4.10.4
2017-03-19 12:15:40 -04:00
Joachim Fasting
b5da6ca213
linux_4_9: 4.9.15 -> 4.9.16
2017-03-18 15:32:56 +01:00
Joachim Fasting
d4409817a6
grsecurity: 4.9.15-201703150049 -> 4.9.16-201703180820
2017-03-18 15:32:48 +01:00
Tim Steinbach
ca3fb4d1d4
linux: 4.4.53 -> 4.4.54
2017-03-17 17:25:40 -04:00
Tim Steinbach
81ad24d4d7
linux: 4.10.2 -> 4.10.3
2017-03-17 17:19:59 -04:00
Joachim Fasting
12648a455b
linux_4_9: 4.9.14 -> 4.9.15
2017-03-15 20:03:34 +01:00
Joachim Fasting
9e60a17cb8
grsecurity: 4.9.14-201703121245 -> 4.9.15-201703150049
...
Contains a fix for the n_hdlc double free bug.
2017-03-15 07:25:21 +01:00
Franz Pletz
44bd7c45dc
linux_4_10: 4.10.1 -> 4.10.2
2017-03-14 23:08:43 +01:00
Franz Pletz
a691c06556
linux_testing: 4.11-rc1 -> 4.11-rc2
2017-03-14 23:08:43 +01:00
Tim Steinbach
18684a4892
linux: 4.1.38 -> 4.1.39
2017-03-13 20:15:42 -04:00
Tim Steinbach
9ac82a773c
linux: 4.4.52 -> 4.4.53
2017-03-13 20:15:26 -04:00
Tuomas Tynkkynen
b2c96062ca
kernel: Add a validity check for modDirVersion
...
Because if you get it wrong, you get a very confusing error message at
the end of the kernel build, which is quite painful as the build can
take a long time.
2017-03-13 18:47:21 +02:00
Joachim Fasting
8091c1b208
linux_4_9: 4.9.13 -> 4.9.14
2017-03-12 18:44:29 +01:00
Joachim Fasting
4c211bdc63
grsecurity: 4.9.13-201703052141 -> 4.9.14-201703121245
2017-03-12 18:44:27 +01:00
Franz Pletz
c1ccedeaff
linux: make some new config settings optional
...
These are not support on older kernels pre 4.0.
2017-03-11 08:14:29 +01:00
Franz Pletz
ff2313a6c6
linux: 3.12.70 -> 3.12.71
2017-03-11 08:14:29 +01:00
Tuomas Tynkkynen
77c49794cd
linux_testing: 4.10-rc7 -> 4.11-rc1
...
Some config options got removed, so conditionalize them.
2017-03-11 01:27:06 +02:00
Tuomas Tynkkynen
5f5b87107f
raspberrypifw, linux_rpi: 1.20161020 -> 1.20170303
2017-03-08 21:35:31 +02:00
Joachim Fasting
17d80c49fa
grsecurity: 4.9.13-201702270729 -> 201703052141
2017-03-06 15:59:30 +01:00
Tuomas Tynkkynen
57c6fac3e9
kernel config: Enable IP_MULTICAST
...
This is lacking on ARM and causes libuv tests to fail.
2017-03-04 12:49:50 +02:00
Franz Pletz
49bdf9803a
linux: IPV6_FOU_TUNNEL is available since 4.7
2017-03-02 17:19:55 +01:00
Franz Pletz
75e85cae42
linux: enable FOU tunnels and VRF interfaces
2017-03-02 17:19:55 +01:00
Joachim Fasting
a20a53300d
grsecurity: 4.9.13-201702261126 -> 201702270729
2017-02-27 16:04:32 +01:00
Joachim Fasting
f3a6991f3d
grsecurity: 4.9.12-201702231830 -> 4.9.13-201702261126
2017-02-26 18:20:50 +01:00
Franz Pletz
701544d0a7
linux: 4.9.12 -> 4.9.13
2017-02-26 18:09:16 +01:00
Franz Pletz
62857b1f21
linux: 4.4.51 -> 4.4.52
2017-02-26 18:09:16 +01:00
Franz Pletz
8a75569619
linux: 4.10 -> 4.10.1
2017-02-26 18:09:15 +01:00
Joachim Fasting
0150d9a95c
grsecurity: 4.9.11-201702222257 -> 4.9.12-201702231830
2017-02-26 14:01:57 +01:00
Graham Christensen
d36b1ccc13
Revert "Revert "linux kernels: patch against DCCP double free (CVE-2017-6074)""
...
This reverts commit 53a2baabbe
2017-02-23 19:23:29 -05:00
Graham Christensen
53a2baabbe
Revert "linux kernels: patch against DCCP double free (CVE-2017-6074)"
...
This reverts commit 1d68edbef4
2017-02-23 18:47:16 -05:00
Graham Christensen
1d68edbef4
linux kernels: patch against DCCP double free (CVE-2017-6074)
2017-02-23 18:44:43 -05:00
Tim Steinbach
82aae8f631
kernel: 4.4.50 -> 4.4.51
2017-02-23 17:47:51 -05:00
Tim Steinbach
18c2be2862
kernel: 4.9.11 -> 4.9.12
2017-02-23 17:47:18 -05:00
Joachim Fasting
b92501f0d8
grsecurity: 4.9.11-201702181444 -> 201702222257
2017-02-23 19:18:39 +01:00
Shea Levy
f454297a7d
linux 4.10
2017-02-20 07:32:46 -05:00
Shea Levy
b191ac0d89
Revert "linux 4.10"
...
Somehow the tarball was actually linux 4.4.10
This reverts commit fea71f84d0
2017-02-20 07:29:47 -05:00
Shea Levy
fea71f84d0
linux 4.10
2017-02-20 06:47:49 -05:00
Tim Steinbach
7274fc32d2
linux: 4.4.48 -> 4.4.50
2017-02-18 18:40:04 -05:00
Tim Steinbach
2423313581
kernel: 4.9.10 -> 4.9.11
2017-02-18 18:33:36 -05:00
Joachim Fasting
ca016c2626
grsecurity: 4.9.10-201702152052 -> 4.9.11-201702181444
2017-02-18 22:01:16 +01:00
Joachim Fasting
e8007c0e89
linux_4_9: patch for CVE-2017-5986
...
Seems fairly low impact[1] but we might as well patch it until a new 4.9
version is released
[1]: https://bugzilla.redhat.com/show_bug.cgi?id=1420276
2017-02-17 19:11:30 +01:00
Joachim Fasting
73577a2b05
linux_4_9: 4.9.9 -> 4.9.10
2017-02-17 19:11:24 +01:00
Joachim Fasting
bc2f53fd29
grsecurity: 4.9.8-201702071801 -> 4.9.10-201702152052
2017-02-16 14:51:25 +01:00
Tim Steinbach
0ec9e695c8
linux: 3.10.104 -> 3.10.105
2017-02-13 18:47:01 -05:00
Eelco Dolstra
c71a893334
Revert "Use looser 9pfs caching in VM tests/builds"
...
This reverts commit bbd03e236a
2017-02-13 14:38:19 +01:00
Eelco Dolstra
4af79a7331
Revert "linux: Apply 9p veryloose patch to 4.9"
...
This reverts commit a82810c7a7Fixes #22695 .
2017-02-13 12:16:39 +01:00
Franz Pletz
9dec33dc4f
linux: 4.9.8 -> 4.9.9
2017-02-09 16:27:29 +01:00
Franz Pletz
9d8248517e
linux: 4.4.47 -> 4.4.48
2017-02-09 16:27:16 +01:00
Franz Pletz
dced724c00
linux_3_18: remove due to EOL
2017-02-08 23:50:59 +01:00
Joachim Fasting
bd46a375df
grsecurity: 4.9.8-201702060653 -> 201702071801
2017-02-08 01:31:18 +01:00
aszlig
cf94e18627
linux-testing: 4.10-rc4 -> 4.10-rc7
...
Tested via building the linux_testing attribute only, not in production.
Verified unpacked tarball with GnuPG:
gpg: Signature made Mon 06 Feb 2017 12:21:50 AM CET
gpg: using RSA key 79BE3E4300411886
gpg: Good signature from "Linus Torvalds <torvalds@linux-foundation.org>" [unknown]
Primary key fingerprint: ABAF 11C6 5A29 70B1 30AB E3C4 79BE 3E43 0041 1886
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-02-07 10:23:50 +01:00
Joachim Fasting
0d422c5db5
grsecurity: 4.8.17-201701151620 -> 4.9.8-201702060653
...
The first release in the 4.9 branch.
I've also migrated my update scripts to SHA-512 so that'll
be the hash of choice for grsec packages going forward.
2017-02-06 15:49:34 +01:00
Vladimír Čunát
a2c867fd39
Merge branch 'staging'
2017-02-04 21:02:46 +01:00
Vladimír Čunát
73d798549f
protobuf, perf: fix my bad condition on gcc version
2017-02-04 20:58:47 +01:00
Tim Steinbach
949f9aff1d
linux: 3.12.69 -> 3.12.70
2017-02-04 09:18:50 -05:00
Tim Steinbach
7f69dc48b9
linux: 4.9.7 -> 4.9.8
2017-02-04 09:09:19 -05:00
Tim Steinbach
17b5ae4fe4
linux: 4.4.46 -> 4.4.47
2017-02-04 09:09:02 -05:00
Tim Steinbach
26e5b42106
linux: 4.4.45 -> 4.4.46
2017-02-03 18:36:50 -05:00
Vladimír Čunát
e7c968fbf2
linuxPackages*.perf: fix build with default gcc
...
Broken since 9842a107
2017-02-03 12:38:18 +01:00
Vladimír Čunát
adab4cd58b
Merge branch 'master' into staging
2017-02-03 11:47:38 +01:00
Pascal Bach
d1738c19bb
kernel: 4.9.6 -> 4.9.7
2017-02-02 21:08:24 +01:00
Tuomas Tynkkynen
424cfe7686
Merge remote-tracking branch 'upstream/master' into staging
2017-01-29 02:16:29 +02:00
Tim Steinbach
99c9252e3f
kernel: 4.9.5 -> 4.9.6
2017-01-26 19:56:26 -05:00
Tim Steinbach
4345dfb5ba
kernel: 4.4.44 -> 4.4.45
2017-01-26 19:55:58 -05:00
Tuomas Tynkkynen
be0e48e48f
Merge remote-tracking branch 'upstream/master' into staging
2017-01-27 02:18:44 +02:00
Tuomas Tynkkynen
e2a2f6d595
Merge pull request #22117 from dezgeg/aarch64-for-merge
...
Aarch64 (ARM64) support
2017-01-26 17:52:28 +02:00
Vladimír Čunát
6973c7739e
Merge branch 'master' into staging
...
There were some larger rebuilds because of security.
2017-01-26 16:49:41 +01:00
Robin Gloster
9842a107da
linuxPackages.perf: fix build with gcc6
2017-01-25 20:12:38 +01:00
Franz Pletz
b9b95aa4d4
Merge pull request #22034 from mayflower/conntrack-helpers
...
Disable conntrack helper autoloading by default
2017-01-25 14:18:41 +01:00
Tuomas Tynkkynen
2bfd83ab6d
platforms.nix: Add some aarch64-specific kernel config
...
This makes Raspberry Pi 3 and some Cavium ThunderX server hardware work.
2017-01-25 02:14:46 +02:00
Joachim Fasting
c50c551142
grsecurity: 4.8.16-201701062021 -> 4.8.17-201701151620
2017-01-25 00:58:57 +01:00
Joachim Fasting
482c67af70
grsecurity: adapt new to mirror url structure
2017-01-25 00:58:54 +01:00
Franz Pletz
403fdd737e
linux: remove canDisableNetfilterConntrackHelpers feature
...
This feature is available in all kernels in nixpkgs.
2017-01-25 00:28:55 +01:00
Nathan Zadoks
fcc51d3256
linux: fix installTargets for AArch64
...
[dezgeg: note that we are currently using just 'Image' instead of
'Image.gz' as U-Boot doesn't support the latter yet. We might switch
once it does since the kernel images are quite big]
2017-01-25 00:01:54 +02:00
Eelco Dolstra
a82810c7a7
linux: Apply 9p veryloose patch to 4.9
2017-01-24 13:05:02 +01:00
Tim Steinbach
fc8233a64f
kernel: 4.4.43 -> 4.4.44
2017-01-22 12:11:50 -05:00
Franz Pletz
61caacbf47
linux: 4.1.36 -> 4.1.38
2017-01-21 20:41:38 +01:00
Franz Pletz
ce3b98d08b
linux: 3.18.45 -> 3.18.47
2017-01-21 20:41:36 +01:00
Shea Levy
34c52896d1
linux 4.9.4 -> 4.9.5
2017-01-20 09:36:04 -05:00
Tuomas Tynkkynen
9fc3ce73d1
kernel config: Enable BONDING and TMPFS_POSIX_ACL
...
Yet again something that's lacking on other platforms than x86.
2017-01-18 01:21:08 +02:00
Eelco Dolstra
e9109b1b97
linux: 4.4.42 -> 4.4.43
2017-01-17 12:02:46 +01:00
Eelco Dolstra
9a9be9296f
linux: 4.9.3 -> 4.9.4
2017-01-17 12:02:46 +01:00
Tuomas Tynkkynen
08ddb16865
linux_testing: 4.10-rc2 -> 4.10-rc4
2017-01-16 11:41:13 +02:00
Thomas Tuegel
04d11637cb
linux_4_9: enable support for amdgpu on older chipsets
...
Linux 4.9 includes experimental amdgpu support for AMD Southern Islands
chipsets. (By default, only Sea Islands and newer chipsets are supported.)
Southern Islands chips will still use radeon by default, but daring users may
set `services.xserver.videoDrivers = [ "amdgpu" ];` to try the experimental
driver.
2017-01-15 16:29:50 -06:00
Tim Steinbach
295337ead5
linux: 4.9.2 -> 4.9.3
2017-01-14 11:02:26 -05:00
Tim Steinbach
9158b89fd3
linux: 4.4.41 -> 4.4.42
2017-01-14 11:01:52 -05:00
Tim Steinbach
d483a871d1
linux: Remove 4.8
2017-01-11 16:59:29 -05:00
Franz Pletz
6b01b229c2
linux: 4.9.1 -> 4.9.2
2017-01-10 07:45:19 +01:00
Franz Pletz
3b17823187
linux: 4.8.16 -> 4.8.17
2017-01-10 07:45:19 +01:00
Franz Pletz
4c43937af0
linux: 4.4.40 -> 4.4.41
2017-01-10 07:45:18 +01:00
Joachim Fasting
d6ff445f10
grsecurity: 4.8.15-201612301949 -> 4.8.16-201701062021
2017-01-07 08:01:41 +01:00
Tim Steinbach
c1d20ea50c
kernel: 4.9.0 -> 4.9.1
2017-01-06 16:15:18 -05:00
Tim Steinbach
ecf87b11f2
kernel: 4.8.15 -> 4.8.16
2017-01-06 16:15:02 -05:00
Tim Steinbach
8fda707027
kernel: 4.4.39 -> 4.4.40
2017-01-06 16:14:30 -05:00
Tuomas Tynkkynen
2a4c8313e4
linux_testing: 4.10-rc1 -> 4.10-rc2
2017-01-03 13:51:23 +02:00
Joachim Fasting
75ce714818
grsecurity: 4.8.15-201612151923 -> 201612301949
2017-01-01 06:01:04 +01:00
Eelco Dolstra
bbd03e236a
Use looser 9pfs caching in VM tests/builds
...
This can give significant speed ups, see
7e20254412
2016-12-29 21:26:16 +01:00
Franz Pletz
c6bcc485de
linux_4_8: add patch to fix CVE-2016-9919
2016-12-28 06:35:11 +01:00
Tuomas Tynkkynen
5ba7f33e3a
linux_testing: 4.9-rc8 -> 4.10-rc1
2016-12-27 01:35:10 +02:00
Graham Christensen
3ffb5ba60c
linux:3.18.44 -> 3.18.45
2016-12-21 21:08:47 -05:00
Graham Christensen
53e21529d4
linux:3.12.68 -> 3.12.69
2016-12-21 21:08:47 -05:00
Tim Steinbach
0e8e4a08f3
linux: 4.8.14 -> 4.8.15
2016-12-16 08:16:45 -05:00
Tim Steinbach
cb9ff3f7f9
linux: 4.4.38 -> 4.4.39
2016-12-16 08:16:22 -05:00
Joachim Fasting
f0e77cd07d
grsecurity: 4.8.14-201612110933 -> 4.8.15-201612151923
2016-12-16 12:46:44 +01:00
Graham Christensen
01d022e16b
Merge pull request #21118 from grahamc/fix-rsa-build-failure
...
linux_{4_8,grsec_nixos}: patch to fix build failure
2016-12-13 09:15:50 -05:00
Joachim Fasting
d918c80e13
grsecurity: disable verbose initify
...
Not as useful/informative as I had hoped.
2016-12-13 15:12:34 +01:00
Graham Christensen
7a813d3f6d
linux_{4_8,grsec_nixos}: patch to fix build failure
...
crypto/rsa_helper.c:18:28: fatal error: rsapubkey-asn1.h: No such file or directory
2016-12-13 07:25:46 -05:00
Shea Levy
f6daae391f
linux: add 4.9
2016-12-11 19:33:05 -05:00
Joachim Fasting
601058e0e2
grsecurity: 4.8.13-201612082118 -> 4.8.14-201612110933
2016-12-11 19:09:16 +01:00
Tim Steinbach
f576c490e3
linux: 4.4.37 -> 4.4.38
2016-12-10 15:18:52 -05:00
Tim Steinbach
b69822c505
linux: 4.8.13 -> 4.8.14
2016-12-10 15:15:44 -05:00
Tuomas Tynkkynen
bdab6fe5a1
kernel: Use built-in dtbs_install target instead of rolling our own
...
In particular, on aarch64 all the .dtb files will be in subdirectories
and *.dtb won't match anything.
2016-12-10 20:24:08 +02:00
Franz Pletz
9074d9859e
linux: add patch to fix CVE-2016-8655
...
See https://lwn.net/Articles/708319/ for more information.
2016-12-10 17:08:42 +01:00
Bjørn Forsman
2077385421
kernel: enable CONFIG_DYNAMIC_DEBUG (like Fedora and Ubuntu)
...
It was useful in tracking down CIFS + DFS issue, and it's apparently
enabled by default in two major distros.
2016-12-10 00:01:21 +02:00
Bjørn Forsman
d429520b13
kernel: add CONFIG_CIFS_* like Fedora, Ubuntu
...
The plan is to fix mounting DFS shares on NixOS (for which some of these
options are needed), but I figured it might be a good idea to enable all
CONFIG_CIFS_* like Fedora 24 and Ubuntu 16.04 while at it. Ubuntu even
has CONFIG_CIFS_SMB311, but as Fedora do not, I left it out.
Mounting DFS shares still doesn't work; need to configure cifs.upcall
and /etc/request-key.conf. Until then, using GVFS as a workaround.
2016-12-10 00:01:21 +02:00
Joachim Fasting
d1a5dc0b1c
grsecurity: 4.8.12-201612062306 -> 4.8.13-201612082118
2016-12-09 15:31:02 +01:00
Joachim Fasting
9a63779d64
grsecurity: use upstream url as the primary source
2016-12-09 15:31:00 +01:00
Joachim Fasting
ca7cc96ee8
grsecurity: enable PAX_INITIFY
...
Uses gcc plugin to detect more instances where memory used during init
can be freed.
2016-12-09 15:30:40 +01:00
Tim Steinbach
bfffbb5ea6
linux: 4.8.12 -> 4.8.13
2016-12-09 08:27:11 -05:00
Tim Steinbach
e861a5f7af
linux: 4.4.36 -> 4.4.37
2016-12-09 08:26:46 -05:00
Joachim Fasting
5fd4ffe00f
grsecurity: 4.8.12-201612031658 -> 201612062306
2016-12-08 12:22:13 +01:00
Tim Steinbach
c9d1d430ec
linux: 4.9-rc7 -> 4.9-rc8
2016-12-05 19:40:11 -05:00
Joachim Fasting
9578299bbe
grsecurity: 4.8.11-201611271225 -> 4.8.12-201612031658
2016-12-06 01:24:32 +01:00
Joachim Fasting
cc396697a6
grsecurity: enable ability to lock in readonly mounts
2016-12-06 01:24:12 +01:00
Joachim Fasting
0e765c72e5
grsecurity: enable module hardening
2016-12-06 01:23:58 +01:00
Joachim Fasting
071fbcda24
grsecurity: enable optional sysfs restrictions
...
Fairly severe, but can be disabled at bootup via
grsec_sysfs_restrict=0. For the NixOS module we ensure that it is
disabled, for systemd compatibility.
2016-12-06 01:23:36 +01:00
Joachim Fasting
8c1f5afdf3
grsecurity: delay toggling of sysctls until system is up
...
We generally trust init, so there's little point in having these enabled
during early bootup; it accomplishes little except fill our logs with
spam.
2016-12-06 01:22:53 +01:00
Tuomas Tynkkynen
9ccc14b1bc
linux_rpi: Add some feature flags
...
Copied from linux_4_4 (except for the EFI stub thing).
Otherwise the firewall module fails to evaluate:
Failed assertions:
- This kernel does not support rpfilter
2016-12-04 18:18:06 +02:00
Tim Steinbach
4f8b74b401
Merge pull request #20866 from NeQuissimus/linux_4_8_12
...
linux: 4.8.11 -> 4.8.12
2016-12-02 18:28:46 -05:00
Tim Steinbach
853b6493c8
linux: 4.8.11 -> 4.8.12
2016-12-02 14:29:00 -05:00
Tim Steinbach
654f5df5dc
linux: 4.4.35 -> 4.4.36
2016-12-02 14:28:26 -05:00
Tim Steinbach
5afc6b506c
linux: 4.1.35 -> 4.1.36
2016-12-01 20:34:02 -05:00
Tim Steinbach
18a3225dac
linux: 3.12.67 -> 3.12.68
2016-11-29 17:40:17 -05:00
Joachim Fasting
b90ed0cc80
grsecurity: 4.8.10-201611232213 -> 4.8.11-201611271225
2016-11-28 11:41:10 +01:00
Joachim Fasting
4c7323545b
Revert "grsecurity: work around for #20490 "
...
This reverts commit e38b74ba89
2016-11-28 11:40:55 +01:00
Tim Steinbach
eecf76eaa2
linux: 4.9-rc6 -> 4.9-rc7
2016-11-27 19:48:24 -05:00
Tuomas Tynkkynen
86ea3126bc
linux_rpi: 1.20160620 -> 1.20161020
2016-11-28 00:24:00 +02:00
Tim Steinbach
b47307bd74
linux: 4.8.10 -> 4.8.11
2016-11-26 16:29:23 -05:00
Tim Steinbach
cc77360bed
linux: 4.4.34 -> 4.4.35
2016-11-26 16:28:58 -05:00
Jörg Thalheim
01172c2ccf
Merge pull request #20591 from NeQuissimus/linux_4_9_rc6
...
linux: 4.9-rc5 -> 4.9-rc6
2016-11-26 16:00:16 +01:00
Joachim Fasting
f9d787c67b
grsecurity: 4.8.10-201611210813 -> 201611232213
2016-11-24 12:08:12 +01:00
Franz Pletz
7974d7493a
linux: compress kernel image with xz
2016-11-23 02:24:13 +01:00
Tim Steinbach
e4a1b76457
linux: 4.8.9 -> 4.8.10
2016-11-21 18:07:17 -05:00
Tim Steinbach
d62069aca4
linux: 4.4.33 -> 4.4.34
2016-11-21 18:06:57 -05:00
Joachim Fasting
96194467e6
grsecurity: 4.8.8-201611150756 -> 4.8.10-201611210813
2016-11-21 23:15:14 +01:00
Tim Steinbach
f6bbc6c477
linux: 4.9-rc5 -> 4.9-rc6
2016-11-20 17:23:32 -05:00
Pascal Wittmann
f7e0bc2ae7
Make all meta.maintainers attributes lists
2016-11-20 18:06:03 +01:00
Tim Steinbach
13491f9f48
Merge pull request #20552 from NeQuissimus/linux_4_8_9
...
linux: 4.8.8 -> 4.8.9
2016-11-19 09:03:00 -05:00
Tim Steinbach
d3b8a77834
linux: 4.4.32 -> 4.4.33
2016-11-19 08:56:31 -05:00
Tim Steinbach
250224bf01
linux: 4.8.8 -> 4.8.9
2016-11-19 08:55:57 -05:00
Joachim Fasting
e38b74ba89
grsecurity: work around for #20490
...
In `scripts/Makefile.modinst`, the code that generates the list of
modules to install passes file names via the command line. When
installing a grsecurity kernel, this list appears to exceed the
shell's argument list limit, as in
make[2]: execvp: /nix/store/[...]-bash-4.3-p46/bin/bash: Argument list too long
The build does not fail, however, but the list of modules to be installed ends
up being empty. Thus, the resulting kernel package output contains no modules,
rendering it useless.
We work around this by patching the makefile to use `find -exec` to
process files. Why this would occur for grsecurity and not other
kernels is unknown, most likely there's something *else* that is
actually causing this behaviour, so this is a temporary fix until that
cause is found.
Fixes https://github.com/NixOS/nixpkgs/issues/20490
2016-11-18 16:14:26 +01:00
Tim Steinbach
a4cd6f1378
Merge pull request #20441 from NeQuissimus/linux_4_4_32
...
linux: 4.4.31 -> 4.4.32
2016-11-15 17:49:00 -05:00
Tim Steinbach
819884119c
Merge pull request #20439 from NeQuissimus/linux_4_8_8
...
linux: 4.8.7 -> 4.8.8
2016-11-15 17:48:07 -05:00
Joachim Fasting
0d4e1b5edd
grsecurity: 4.8.7-201611142350 -> 4.8.8-201611150756
2016-11-15 22:57:25 +01:00
Tim Steinbach
24c342fde7
linux: 4.4.31 -> 4.4.32
2016-11-15 12:31:27 -05:00
Tim Steinbach
9e851d3b11
linux: 4.8.7 -> 4.8.8
2016-11-15 12:30:55 -05:00
Joachim Fasting
afab1a948e
grsecurity: 4.8.7-201611102210 -> 201611142350
2016-11-15 13:11:47 +01:00
Tim Steinbach
a87c8ad05f
linux: 4.9-rc4 -> 4.9-rc5
2016-11-14 09:40:27 -05:00
Joachim Fasting
cad9212813
grsecurity: 4.7.10-201611011946 -> 4.8.7-201611102210
2016-11-14 00:16:19 +01:00
Joachim Fasting
081a871771
Revert "Merge pull request #20302 from spacekitteh/patch-10"
...
This reverts commit e02173c70cc2b4a0d266
2016-11-12 14:02:20 +01:00
Tim Steinbach
e02173c70c
Merge pull request #20302 from spacekitteh/patch-10
...
grsecurity_testing: 4.7.10 -> 4.8.7
2016-11-11 22:03:39 -05:00
Sophie Taylor
fa180d0d63
grsec: 4.8.6 -> 4.8.7
2016-11-12 12:54:47 +10:00
Tim Steinbach
c2b4a0d266
Merge pull request #20327 from NeQuissimus/linux_4_9_rc4
...
linux: 4.9-rc3 -> 4.9-rc4
2016-11-11 18:11:02 -05:00
Tim Steinbach
52cc30cd87
Merge pull request #20326 from NeQuissimus/linux_3_12_67
...
linux: 3.12.66 -> 3.12.67
2016-11-11 18:10:16 -05:00
Tim Steinbach
933dfca167
Merge pull request #20322 from NeQuissimus/linux_4_8_7
...
linux: 4.8.6 -> 4.8.7
2016-11-10 21:12:06 -05:00
Tim Steinbach
ad19b9bde5
linux: 4.9-rc3 -> 4.9-rc4
2016-11-10 21:08:28 -05:00
Tim Steinbach
0a1f39eb91
linux: 4.8.6 -> 4.8.7
2016-11-10 21:07:56 -05:00
Tim Steinbach
579f5fd9dd
linux: 4.4.30 -> 4.4.31
2016-11-10 21:07:24 -05:00
Tim Steinbach
cc62ecc2d9
linux: 3.12.66 -> 3.12.67
2016-11-10 21:06:54 -05:00
Tuomas Tynkkynen
74ecbbe4e3
kernel config: Ensure SECCOMP_FILTER is enabled
...
As noted in a97db109a2
2016-11-11 02:10:20 +02:00
Peter Hoeg
cb93b34999
SMB2 support for CIFS
...
[tuomas: removed unneeded kernel version check]
Signed-off-by: Tuomas Tynkkynen <tuomas@tuxera.com>
2016-11-11 02:10:20 +02:00
Sophie Taylor
6476f11f40
grsecurity patch update to kernel 4.8.6
2016-11-10 12:44:22 +10:00
Guillaume Maudoux
eb9d126d2c
linux_mptcp: 0.91 -> 0.91.2
2016-11-07 14:15:33 +01:00
Joachim Fasting
d9b5cd41c5
grsecurity: 4.7.10-201610262029 -> 201611011946
2016-11-03 13:55:23 +01:00
Tim Steinbach
874abe694a
linux: 4.8.5 -> 4.8.6
2016-11-01 08:58:53 -04:00
Eelco Dolstra
ef1a188e07
linux: 4.4.28 -> 4.4.30
2016-11-01 11:31:00 +01:00
Vladimír Čunát
3be635b9b5
Merge linux kernel maintenance updates
...
PRs: #19995 #19996 #19997
2016-10-30 17:29:43 +01:00
Tim Steinbach
f154459cf4
linux: 4.9-rc2 -> 4.9-rc3
2016-10-30 10:30:07 -04:00
Tim Steinbach
1af5b2a80c
linux: 4.4.27 -> 4.4.28
2016-10-30 10:29:37 -04:00
Tim Steinbach
8073430d95
linux: 4.8.4 -> 4.8.5
2016-10-30 10:28:55 -04:00
Joachim Fasting
dfdaea1240
grsecurity: 4.7.10-201610222037 -> 201610262029
2016-10-27 15:03:27 +02:00
Graham Christensen
2f3b62375f
Merge pull request #19891 from NeQuissimus/kernel_4_9_rc2
...
kernel: 4.9-rc1 -> 4.9-rc2
2016-10-27 08:36:23 -04:00
Graham Christensen
ad2deee7d1
Merge pull request #19894 from NeQuissimus/kernel_3_18_44
...
kernel: 3.18.42 -> 3.18.44
2016-10-27 08:36:17 -04:00
Graham Christensen
c654ec0f25
Merge pull request #19893 from NeQuissimus/kernel_3_12_66
...
kernel: 3.12.63 -> 3.12.66
2016-10-27 08:36:10 -04:00
Graham Christensen
00e2bc22db
Merge pull request #19890 from NeQuissimus/kernel_3_10_104
...
kernel: 3.10.103 -> 3.10.104
2016-10-27 08:35:54 -04:00
Tim Steinbach
b02646f93b
kernel: 3.18.42 -> 3.18.44
2016-10-26 19:23:43 -04:00
Tim Steinbach
e5e84ecbbd
kernel: 3.12.63 -> 3.12.66
2016-10-26 19:17:46 -04:00
Tim Steinbach
e4773819f4
kernel: 3.10.103 -> 3.10.104
2016-10-26 19:13:21 -04:00
Tim Steinbach
e9a5cf3f6f
kernel: 4.9-rc1 -> 4.9-rc2
2016-10-26 09:11:00 -04:00
Tim Steinbach
89cd922a6a
kernel: 4.1.33 -> 4.1.35
2016-10-26 09:04:37 -04:00
Tim Steinbach
b3f7d626c1
kernel: remove 4.7
2016-10-24 21:30:00 -04:00
Joachim Fasting
5440c1a64c
grsecurity: 4.7.9-201610200819 -> 4.7.10-201610222037
...
Notably, this pulls in the dirtycow fix from upstream (but I've been
unable to execute the POC exploits on grsec kernels without that fix
...)
2016-10-23 17:14:40 +02:00
Tim Steinbach
a3989b87df
Merge pull request #19772 from NeQuissimus/linux_4_8_4
...
linux: 4.8.3 -> 4.8.4
2016-10-22 12:14:59 -04:00
Tim Steinbach
72d91f95cb
Merge pull request #19771 from NeQuissimus/linux_4_7_10
...
linux: 4.7.9 -> 4.7.10
2016-10-22 12:14:26 -04:00
Tim Steinbach
8d0ca31849
linux: 4.8.3 -> 4.8.4
2016-10-22 12:11:37 -04:00
Tim Steinbach
adbe0e0a13
linux: 4.7.9 -> 4.7.10
2016-10-22 12:11:09 -04:00
Tim Steinbach
4489454b83
linux: 4.4.26 -> 4.4.27
2016-10-22 12:10:34 -04:00
Joachim Fasting
ed5d146e9d
grsecurity: 4.7.7-201610101902 -> 4.7.9-201610200819
2016-10-21 01:50:53 +02:00
Vladimír Čunát
fabfb0a900
Merge #19725 : kernel: 4.7.8 -> 4.7.9
2016-10-20 19:45:25 +02:00
Tim Steinbach
963804ba8e
kernel: 4.7.8 -> 4.7.9
2016-10-20 13:08:53 -04:00
Tim Steinbach
0c3e5217fc
kernel: 4.8.2 -> 4.8.3
2016-10-20 13:06:03 -04:00
Eelco Dolstra
76a57d83b5
linux: 4.4.25 -> 4.4.26
2016-10-20 13:37:19 +02:00
Tim Steinbach
dac481d999
Merge pull request #19648 from NeQuissimus/linux_4_7_8
...
linux_4_7: 4.7.7 -> 4.7.8
2016-10-19 14:48:47 -04:00
Tim Steinbach
84e4dcb34b
Merge pull request #19649 from NeQuissimus/linux_4_8_2
...
linux_4_8: 4.8.1 -> 4.8.2
2016-10-19 14:38:11 -04:00
Tim Steinbach
70c8de0536
Merge pull request #19652 from NeQuissimus/linux_4_9_rc1
...
linux_testing: 4.8-rc6 -> 4.9-rc1
2016-10-19 14:35:21 -04:00
Eelco Dolstra
13f43c7ebc
linux: 4.4.24 -> 4.4.25
2016-10-19 17:11:53 +02:00
Tuomas Tynkkynen
59f12d9394
kernel config: Add some filesystem options
...
Enable encryption support for both F2FS and ext4. For ext4 this is a bit
tricky, since pre-4.8 the way to enable it as a module was just
"EXT4_ENCRYPTION=m" but after that it changed to "FS_ENCRYPTION=m &&
EXT4_ENCRYPTION=y".
Also make sure UDF is enabled.
2016-10-19 16:44:08 +03:00
Tim Steinbach
51c9c2f851
linux_testing: 4.8-rc6 -> 4.9-rc1
2016-10-18 11:19:46 -04:00
Tim Steinbach
0acfbaa5b2
linux_4_8: 4.8.1 -> 4.8.2
2016-10-18 10:13:02 -04:00
Tim Steinbach
55adff59f1
linux_4_7: 4.7.7 -> 4.7.8
2016-10-18 10:12:26 -04:00
Joachim Fasting
ce73a3ea0f
grsecurity: 4.7.6-201609301918 -> 4.7.7-201610101902
2016-10-11 13:15:16 +02:00
Aneesh Agrawal
f0602d2d36
kernel: Make SECURITY_YAMA optional
...
It's highly recommended, but not required to run NixOS.
2016-10-08 17:46:33 +02:00
Aneesh Agrawal
a000ed181c
linux config: enable the Yama LSM ( #14392 )
...
The Yama Linux Security Module restricts the use of ptrace so that
processes cannot ptrace processes that are not their children. This
prevents attackers from compromising one user-level processes and
snooping on the memory and runtime state of other processes owned
by the same user.
2016-10-08 16:40:12 +02:00
Tim Steinbach
a699eb4798
linux: 4.4.23 -> 4.4.24 ( #19346 )
2016-10-08 07:02:07 +02:00
Tim Steinbach
9481edec56
linux: 4.7.6 -> 4.7.7 ( #19345 )
2016-10-08 07:01:51 +02:00
Tim Steinbach
07e67b33af
linux: 4.8.0 -> 4.8.1 ( #19344 )
2016-10-08 07:01:27 +02:00
Marco Maggesi
435673b948
Revert "Revert "linux*: remove 3.14, as it's no longer maintained""
...
In the end, it is too dangerous to have an unmaintained kernel in
nixpkgs. Revert the revert.
This reverts commit e921725176
2016-10-07 23:26:32 +02:00
Marco Maggesi
e921725176
Revert "linux*: remove 3.14, as it's no longer maintained"
...
This is the simplest way to reenable the use of BLCR
(which at present requires linux version >3.12 <3.18)
until we find a better solution.
This reverts commit 6a9e765e27
2016-10-07 14:31:24 +02:00
