Commit Graph

1781 Commits

Author SHA1 Message Date
Joachim Fasting
601058e0e2
grsecurity: 4.8.13-201612082118 -> 4.8.14-201612110933 2016-12-11 19:09:16 +01:00
Tim Steinbach
f576c490e3
linux: 4.4.37 -> 4.4.38 2016-12-10 15:18:52 -05:00
Tim Steinbach
b69822c505
linux: 4.8.13 -> 4.8.14 2016-12-10 15:15:44 -05:00
Tuomas Tynkkynen
bdab6fe5a1 kernel: Use built-in dtbs_install target instead of rolling our own
In particular, on aarch64 all the .dtb files will be in subdirectories
and *.dtb won't match anything.
2016-12-10 20:24:08 +02:00
Franz Pletz
9074d9859e
linux: add patch to fix CVE-2016-8655
See https://lwn.net/Articles/708319/ for more information.
2016-12-10 17:08:42 +01:00
Bjørn Forsman
2077385421 kernel: enable CONFIG_DYNAMIC_DEBUG (like Fedora and Ubuntu)
It was useful in tracking down CIFS + DFS issue, and it's apparently
enabled by default in two major distros.
2016-12-10 00:01:21 +02:00
Bjørn Forsman
d429520b13 kernel: add CONFIG_CIFS_* like Fedora, Ubuntu
The plan is to fix mounting DFS shares on NixOS (for which some of these
options are needed), but I figured it might be a good idea to enable all
CONFIG_CIFS_* like Fedora 24 and Ubuntu 16.04 while at it. Ubuntu even
has CONFIG_CIFS_SMB311, but as Fedora do not, I left it out.

Mounting DFS shares still doesn't work; need to configure cifs.upcall
and /etc/request-key.conf. Until then, using GVFS as a workaround.
2016-12-10 00:01:21 +02:00
Joachim Fasting
d1a5dc0b1c
grsecurity: 4.8.12-201612062306 -> 4.8.13-201612082118 2016-12-09 15:31:02 +01:00
Joachim Fasting
9a63779d64
grsecurity: use upstream url as the primary source 2016-12-09 15:31:00 +01:00
Joachim Fasting
ca7cc96ee8
grsecurity: enable PAX_INITIFY
Uses gcc plugin to detect more instances where memory used during init
can be freed.
2016-12-09 15:30:40 +01:00
Tim Steinbach
bfffbb5ea6
linux: 4.8.12 -> 4.8.13 2016-12-09 08:27:11 -05:00
Tim Steinbach
e861a5f7af
linux: 4.4.36 -> 4.4.37 2016-12-09 08:26:46 -05:00
Joachim Fasting
5fd4ffe00f
grsecurity: 4.8.12-201612031658 -> 201612062306 2016-12-08 12:22:13 +01:00
Tim Steinbach
c9d1d430ec
linux: 4.9-rc7 -> 4.9-rc8 2016-12-05 19:40:11 -05:00
Joachim Fasting
9578299bbe
grsecurity: 4.8.11-201611271225 -> 4.8.12-201612031658 2016-12-06 01:24:32 +01:00
Joachim Fasting
cc396697a6
grsecurity: enable ability to lock in readonly mounts 2016-12-06 01:24:12 +01:00
Joachim Fasting
0e765c72e5
grsecurity: enable module hardening 2016-12-06 01:23:58 +01:00
Joachim Fasting
071fbcda24
grsecurity: enable optional sysfs restrictions
Fairly severe, but can be disabled at bootup via
grsec_sysfs_restrict=0. For the NixOS module we ensure that it is
disabled, for systemd compatibility.
2016-12-06 01:23:36 +01:00
Joachim Fasting
8c1f5afdf3
grsecurity: delay toggling of sysctls until system is up
We generally trust init, so there's little point in having these enabled
during early bootup; it accomplishes little except fill our logs with
spam.
2016-12-06 01:22:53 +01:00
Tuomas Tynkkynen
9ccc14b1bc linux_rpi: Add some feature flags
Copied from linux_4_4 (except for the EFI stub thing).

Otherwise the firewall module fails to evaluate:
Failed assertions:
- This kernel does not support rpfilter
2016-12-04 18:18:06 +02:00
Tim Steinbach
4f8b74b401 Merge pull request #20866 from NeQuissimus/linux_4_8_12
linux: 4.8.11 -> 4.8.12
2016-12-02 18:28:46 -05:00
Tim Steinbach
853b6493c8
linux: 4.8.11 -> 4.8.12 2016-12-02 14:29:00 -05:00
Tim Steinbach
654f5df5dc
linux: 4.4.35 -> 4.4.36 2016-12-02 14:28:26 -05:00
Tim Steinbach
5afc6b506c
linux: 4.1.35 -> 4.1.36 2016-12-01 20:34:02 -05:00
Tim Steinbach
18a3225dac
linux: 3.12.67 -> 3.12.68 2016-11-29 17:40:17 -05:00
Joachim Fasting
b90ed0cc80
grsecurity: 4.8.10-201611232213 -> 4.8.11-201611271225 2016-11-28 11:41:10 +01:00
Joachim Fasting
4c7323545b
Revert "grsecurity: work around for #20490"
This reverts commit e38b74ba89.

I failed to notice f19c961b4e461da045f2e72e73701059e5117be0; better
use that fix instead.
2016-11-28 11:40:55 +01:00
Tim Steinbach
eecf76eaa2
linux: 4.9-rc6 -> 4.9-rc7 2016-11-27 19:48:24 -05:00
Tuomas Tynkkynen
86ea3126bc linux_rpi: 1.20160620 -> 1.20161020 2016-11-28 00:24:00 +02:00
Tim Steinbach
b47307bd74
linux: 4.8.10 -> 4.8.11 2016-11-26 16:29:23 -05:00
Tim Steinbach
cc77360bed
linux: 4.4.34 -> 4.4.35 2016-11-26 16:28:58 -05:00
Jörg Thalheim
01172c2ccf Merge pull request #20591 from NeQuissimus/linux_4_9_rc6
linux: 4.9-rc5 -> 4.9-rc6
2016-11-26 16:00:16 +01:00
Joachim Fasting
f9d787c67b
grsecurity: 4.8.10-201611210813 -> 201611232213 2016-11-24 12:08:12 +01:00
Franz Pletz
7974d7493a
linux: compress kernel image with xz 2016-11-23 02:24:13 +01:00
Tim Steinbach
e4a1b76457
linux: 4.8.9 -> 4.8.10 2016-11-21 18:07:17 -05:00
Tim Steinbach
d62069aca4
linux: 4.4.33 -> 4.4.34 2016-11-21 18:06:57 -05:00
Joachim Fasting
96194467e6
grsecurity: 4.8.8-201611150756 -> 4.8.10-201611210813 2016-11-21 23:15:14 +01:00
Tim Steinbach
f6bbc6c477
linux: 4.9-rc5 -> 4.9-rc6 2016-11-20 17:23:32 -05:00
Pascal Wittmann
f7e0bc2ae7
Make all meta.maintainers attributes lists 2016-11-20 18:06:03 +01:00
Tim Steinbach
13491f9f48 Merge pull request #20552 from NeQuissimus/linux_4_8_9
linux: 4.8.8 -> 4.8.9
2016-11-19 09:03:00 -05:00
Tim Steinbach
d3b8a77834
linux: 4.4.32 -> 4.4.33 2016-11-19 08:56:31 -05:00
Tim Steinbach
250224bf01
linux: 4.8.8 -> 4.8.9 2016-11-19 08:55:57 -05:00
Joachim Fasting
e38b74ba89
grsecurity: work around for #20490
In `scripts/Makefile.modinst`, the code that generates the list of
modules to install passes file names via the command line.  When
installing a grsecurity kernel, this list appears to exceed the
shell's argument list limit, as in

    make[2]: execvp: /nix/store/[...]-bash-4.3-p46/bin/bash: Argument list too long

The build does not fail, however, but the list of modules to be installed ends
up being empty.  Thus, the resulting kernel package output contains no modules,
rendering it useless.

We work around this by patching the makefile to use `find -exec` to
process files.  Why this would occur for grsecurity and not other
kernels is unknown, most likely there's something *else* that is
actually causing this behaviour, so this is a temporary fix until that
cause is found.

Fixes https://github.com/NixOS/nixpkgs/issues/20490
2016-11-18 16:14:26 +01:00
Tim Steinbach
a4cd6f1378 Merge pull request #20441 from NeQuissimus/linux_4_4_32
linux: 4.4.31 -> 4.4.32
2016-11-15 17:49:00 -05:00
Tim Steinbach
819884119c Merge pull request #20439 from NeQuissimus/linux_4_8_8
linux: 4.8.7 -> 4.8.8
2016-11-15 17:48:07 -05:00
Joachim Fasting
0d4e1b5edd
grsecurity: 4.8.7-201611142350 -> 4.8.8-201611150756 2016-11-15 22:57:25 +01:00
Tim Steinbach
24c342fde7
linux: 4.4.31 -> 4.4.32 2016-11-15 12:31:27 -05:00
Tim Steinbach
9e851d3b11
linux: 4.8.7 -> 4.8.8 2016-11-15 12:30:55 -05:00
Joachim Fasting
afab1a948e
grsecurity: 4.8.7-201611102210 -> 201611142350 2016-11-15 13:11:47 +01:00
Tim Steinbach
a87c8ad05f
linux: 4.9-rc4 -> 4.9-rc5 2016-11-14 09:40:27 -05:00