Graham Christensen
d36b1ccc13
Revert "Revert "linux kernels: patch against DCCP double free (CVE-2017-6074)""
...
This reverts commit 53a2baabbe
.
2017-02-23 19:23:29 -05:00
Graham Christensen
53a2baabbe
Revert "linux kernels: patch against DCCP double free (CVE-2017-6074)"
...
This reverts commit 1d68edbef4
.
2017-02-23 18:47:16 -05:00
Graham Christensen
1d68edbef4
linux kernels: patch against DCCP double free (CVE-2017-6074)
2017-02-23 18:44:43 -05:00
Tim Steinbach
82aae8f631
kernel: 4.4.50 -> 4.4.51
2017-02-23 17:47:51 -05:00
Tim Steinbach
18c2be2862
kernel: 4.9.11 -> 4.9.12
2017-02-23 17:47:18 -05:00
Joachim Fasting
b92501f0d8
grsecurity: 4.9.11-201702181444 -> 201702222257
2017-02-23 19:18:39 +01:00
Shea Levy
f454297a7d
linux 4.10
2017-02-20 07:32:46 -05:00
Shea Levy
b191ac0d89
Revert "linux 4.10"
...
Somehow the tarball was actually linux 4.4.10
This reverts commit fea71f84d0
.
2017-02-20 07:29:47 -05:00
Shea Levy
fea71f84d0
linux 4.10
2017-02-20 06:47:49 -05:00
Tim Steinbach
7274fc32d2
linux: 4.4.48 -> 4.4.50
2017-02-18 18:40:04 -05:00
Tim Steinbach
2423313581
kernel: 4.9.10 -> 4.9.11
2017-02-18 18:33:36 -05:00
Joachim Fasting
ca016c2626
grsecurity: 4.9.10-201702152052 -> 4.9.11-201702181444
2017-02-18 22:01:16 +01:00
Joachim Fasting
e8007c0e89
linux_4_9: patch for CVE-2017-5986
...
Seems fairly low impact[1] but we might as well patch it until a new 4.9
version is released
[1]: https://bugzilla.redhat.com/show_bug.cgi?id=1420276
2017-02-17 19:11:30 +01:00
Joachim Fasting
73577a2b05
linux_4_9: 4.9.9 -> 4.9.10
2017-02-17 19:11:24 +01:00
Joachim Fasting
bc2f53fd29
grsecurity: 4.9.8-201702071801 -> 4.9.10-201702152052
2017-02-16 14:51:25 +01:00
Tim Steinbach
0ec9e695c8
linux: 3.10.104 -> 3.10.105
2017-02-13 18:47:01 -05:00
Eelco Dolstra
c71a893334
Revert "Use looser 9pfs caching in VM tests/builds"
...
This reverts commit bbd03e236a
.
2017-02-13 14:38:19 +01:00
Eelco Dolstra
4af79a7331
Revert "linux: Apply 9p veryloose patch to 4.9"
...
This reverts commit a82810c7a7
.
Fixes #22695 .
2017-02-13 12:16:39 +01:00
Franz Pletz
9dec33dc4f
linux: 4.9.8 -> 4.9.9
2017-02-09 16:27:29 +01:00
Franz Pletz
9d8248517e
linux: 4.4.47 -> 4.4.48
2017-02-09 16:27:16 +01:00
Franz Pletz
dced724c00
linux_3_18: remove due to EOL
2017-02-08 23:50:59 +01:00
Joachim Fasting
bd46a375df
grsecurity: 4.9.8-201702060653 -> 201702071801
2017-02-08 01:31:18 +01:00
aszlig
cf94e18627
linux-testing: 4.10-rc4 -> 4.10-rc7
...
Tested via building the linux_testing attribute only, not in production.
Verified unpacked tarball with GnuPG:
gpg: Signature made Mon 06 Feb 2017 12:21:50 AM CET
gpg: using RSA key 79BE3E4300411886
gpg: Good signature from "Linus Torvalds <torvalds@linux-foundation.org>" [unknown]
Primary key fingerprint: ABAF 11C6 5A29 70B1 30AB E3C4 79BE 3E43 0041 1886
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-02-07 10:23:50 +01:00
Joachim Fasting
0d422c5db5
grsecurity: 4.8.17-201701151620 -> 4.9.8-201702060653
...
The first release in the 4.9 branch.
I've also migrated my update scripts to SHA-512 so that'll
be the hash of choice for grsec packages going forward.
2017-02-06 15:49:34 +01:00
Vladimír Čunát
a2c867fd39
Merge branch 'staging'
2017-02-04 21:02:46 +01:00
Vladimír Čunát
73d798549f
protobuf, perf: fix my bad condition on gcc version
2017-02-04 20:58:47 +01:00
Tim Steinbach
949f9aff1d
linux: 3.12.69 -> 3.12.70
2017-02-04 09:18:50 -05:00
Tim Steinbach
7f69dc48b9
linux: 4.9.7 -> 4.9.8
2017-02-04 09:09:19 -05:00
Tim Steinbach
17b5ae4fe4
linux: 4.4.46 -> 4.4.47
2017-02-04 09:09:02 -05:00
Tim Steinbach
26e5b42106
linux: 4.4.45 -> 4.4.46
2017-02-03 18:36:50 -05:00
Vladimír Čunát
e7c968fbf2
linuxPackages*.perf: fix build with default gcc
...
Broken since 9842a107
.
2017-02-03 12:38:18 +01:00
Vladimír Čunát
adab4cd58b
Merge branch 'master' into staging
2017-02-03 11:47:38 +01:00
Pascal Bach
d1738c19bb
kernel: 4.9.6 -> 4.9.7
2017-02-02 21:08:24 +01:00
Tuomas Tynkkynen
424cfe7686
Merge remote-tracking branch 'upstream/master' into staging
2017-01-29 02:16:29 +02:00
Tim Steinbach
99c9252e3f
kernel: 4.9.5 -> 4.9.6
2017-01-26 19:56:26 -05:00
Tim Steinbach
4345dfb5ba
kernel: 4.4.44 -> 4.4.45
2017-01-26 19:55:58 -05:00
Tuomas Tynkkynen
be0e48e48f
Merge remote-tracking branch 'upstream/master' into staging
2017-01-27 02:18:44 +02:00
Tuomas Tynkkynen
e2a2f6d595
Merge pull request #22117 from dezgeg/aarch64-for-merge
...
Aarch64 (ARM64) support
2017-01-26 17:52:28 +02:00
Vladimír Čunát
6973c7739e
Merge branch 'master' into staging
...
There were some larger rebuilds because of security.
2017-01-26 16:49:41 +01:00
Robin Gloster
9842a107da
linuxPackages.perf: fix build with gcc6
2017-01-25 20:12:38 +01:00
Franz Pletz
b9b95aa4d4
Merge pull request #22034 from mayflower/conntrack-helpers
...
Disable conntrack helper autoloading by default
2017-01-25 14:18:41 +01:00
Tuomas Tynkkynen
2bfd83ab6d
platforms.nix: Add some aarch64-specific kernel config
...
This makes Raspberry Pi 3 and some Cavium ThunderX server hardware work.
2017-01-25 02:14:46 +02:00
Joachim Fasting
c50c551142
grsecurity: 4.8.16-201701062021 -> 4.8.17-201701151620
2017-01-25 00:58:57 +01:00
Joachim Fasting
482c67af70
grsecurity: adapt new to mirror url structure
2017-01-25 00:58:54 +01:00
Franz Pletz
403fdd737e
linux: remove canDisableNetfilterConntrackHelpers feature
...
This feature is available in all kernels in nixpkgs.
2017-01-25 00:28:55 +01:00
Nathan Zadoks
fcc51d3256
linux: fix installTargets for AArch64
...
[dezgeg: note that we are currently using just 'Image' instead of
'Image.gz' as U-Boot doesn't support the latter yet. We might switch
once it does since the kernel images are quite big]
2017-01-25 00:01:54 +02:00
Eelco Dolstra
a82810c7a7
linux: Apply 9p veryloose patch to 4.9
2017-01-24 13:05:02 +01:00
Tim Steinbach
fc8233a64f
kernel: 4.4.43 -> 4.4.44
2017-01-22 12:11:50 -05:00
Franz Pletz
61caacbf47
linux: 4.1.36 -> 4.1.38
2017-01-21 20:41:38 +01:00
Franz Pletz
ce3b98d08b
linux: 3.18.45 -> 3.18.47
2017-01-21 20:41:36 +01:00
Shea Levy
34c52896d1
linux 4.9.4 -> 4.9.5
2017-01-20 09:36:04 -05:00
Tuomas Tynkkynen
9fc3ce73d1
kernel config: Enable BONDING and TMPFS_POSIX_ACL
...
Yet again something that's lacking on other platforms than x86.
2017-01-18 01:21:08 +02:00
Eelco Dolstra
e9109b1b97
linux: 4.4.42 -> 4.4.43
2017-01-17 12:02:46 +01:00
Eelco Dolstra
9a9be9296f
linux: 4.9.3 -> 4.9.4
2017-01-17 12:02:46 +01:00
Tuomas Tynkkynen
08ddb16865
linux_testing: 4.10-rc2 -> 4.10-rc4
2017-01-16 11:41:13 +02:00
Thomas Tuegel
04d11637cb
linux_4_9: enable support for amdgpu on older chipsets
...
Linux 4.9 includes experimental amdgpu support for AMD Southern Islands
chipsets. (By default, only Sea Islands and newer chipsets are supported.)
Southern Islands chips will still use radeon by default, but daring users may
set `services.xserver.videoDrivers = [ "amdgpu" ];` to try the experimental
driver.
2017-01-15 16:29:50 -06:00
Tim Steinbach
295337ead5
linux: 4.9.2 -> 4.9.3
2017-01-14 11:02:26 -05:00
Tim Steinbach
9158b89fd3
linux: 4.4.41 -> 4.4.42
2017-01-14 11:01:52 -05:00
Tim Steinbach
d483a871d1
linux: Remove 4.8
2017-01-11 16:59:29 -05:00
Franz Pletz
6b01b229c2
linux: 4.9.1 -> 4.9.2
2017-01-10 07:45:19 +01:00
Franz Pletz
3b17823187
linux: 4.8.16 -> 4.8.17
2017-01-10 07:45:19 +01:00
Franz Pletz
4c43937af0
linux: 4.4.40 -> 4.4.41
2017-01-10 07:45:18 +01:00
Joachim Fasting
d6ff445f10
grsecurity: 4.8.15-201612301949 -> 4.8.16-201701062021
2017-01-07 08:01:41 +01:00
Tim Steinbach
c1d20ea50c
kernel: 4.9.0 -> 4.9.1
2017-01-06 16:15:18 -05:00
Tim Steinbach
ecf87b11f2
kernel: 4.8.15 -> 4.8.16
2017-01-06 16:15:02 -05:00
Tim Steinbach
8fda707027
kernel: 4.4.39 -> 4.4.40
2017-01-06 16:14:30 -05:00
Tuomas Tynkkynen
2a4c8313e4
linux_testing: 4.10-rc1 -> 4.10-rc2
2017-01-03 13:51:23 +02:00
Joachim Fasting
75ce714818
grsecurity: 4.8.15-201612151923 -> 201612301949
2017-01-01 06:01:04 +01:00
Eelco Dolstra
bbd03e236a
Use looser 9pfs caching in VM tests/builds
...
This can give significant speed ups, see
7e20254412
.
2016-12-29 21:26:16 +01:00
Franz Pletz
c6bcc485de
linux_4_8: add patch to fix CVE-2016-9919
2016-12-28 06:35:11 +01:00
Tuomas Tynkkynen
5ba7f33e3a
linux_testing: 4.9-rc8 -> 4.10-rc1
2016-12-27 01:35:10 +02:00
Graham Christensen
3ffb5ba60c
linux:3.18.44 -> 3.18.45
2016-12-21 21:08:47 -05:00
Graham Christensen
53e21529d4
linux:3.12.68 -> 3.12.69
2016-12-21 21:08:47 -05:00
Tim Steinbach
0e8e4a08f3
linux: 4.8.14 -> 4.8.15
2016-12-16 08:16:45 -05:00
Tim Steinbach
cb9ff3f7f9
linux: 4.4.38 -> 4.4.39
2016-12-16 08:16:22 -05:00
Joachim Fasting
f0e77cd07d
grsecurity: 4.8.14-201612110933 -> 4.8.15-201612151923
2016-12-16 12:46:44 +01:00
Graham Christensen
01d022e16b
Merge pull request #21118 from grahamc/fix-rsa-build-failure
...
linux_{4_8,grsec_nixos}: patch to fix build failure
2016-12-13 09:15:50 -05:00
Joachim Fasting
d918c80e13
grsecurity: disable verbose initify
...
Not as useful/informative as I had hoped.
2016-12-13 15:12:34 +01:00
Graham Christensen
7a813d3f6d
linux_{4_8,grsec_nixos}: patch to fix build failure
...
crypto/rsa_helper.c:18:28: fatal error: rsapubkey-asn1.h: No such file or directory
2016-12-13 07:25:46 -05:00
Shea Levy
f6daae391f
linux: add 4.9
2016-12-11 19:33:05 -05:00
Joachim Fasting
601058e0e2
grsecurity: 4.8.13-201612082118 -> 4.8.14-201612110933
2016-12-11 19:09:16 +01:00
Tim Steinbach
f576c490e3
linux: 4.4.37 -> 4.4.38
2016-12-10 15:18:52 -05:00
Tim Steinbach
b69822c505
linux: 4.8.13 -> 4.8.14
2016-12-10 15:15:44 -05:00
Tuomas Tynkkynen
bdab6fe5a1
kernel: Use built-in dtbs_install target instead of rolling our own
...
In particular, on aarch64 all the .dtb files will be in subdirectories
and *.dtb won't match anything.
2016-12-10 20:24:08 +02:00
Franz Pletz
9074d9859e
linux: add patch to fix CVE-2016-8655
...
See https://lwn.net/Articles/708319/ for more information.
2016-12-10 17:08:42 +01:00
Bjørn Forsman
2077385421
kernel: enable CONFIG_DYNAMIC_DEBUG (like Fedora and Ubuntu)
...
It was useful in tracking down CIFS + DFS issue, and it's apparently
enabled by default in two major distros.
2016-12-10 00:01:21 +02:00
Bjørn Forsman
d429520b13
kernel: add CONFIG_CIFS_* like Fedora, Ubuntu
...
The plan is to fix mounting DFS shares on NixOS (for which some of these
options are needed), but I figured it might be a good idea to enable all
CONFIG_CIFS_* like Fedora 24 and Ubuntu 16.04 while at it. Ubuntu even
has CONFIG_CIFS_SMB311, but as Fedora do not, I left it out.
Mounting DFS shares still doesn't work; need to configure cifs.upcall
and /etc/request-key.conf. Until then, using GVFS as a workaround.
2016-12-10 00:01:21 +02:00
Joachim Fasting
d1a5dc0b1c
grsecurity: 4.8.12-201612062306 -> 4.8.13-201612082118
2016-12-09 15:31:02 +01:00
Joachim Fasting
9a63779d64
grsecurity: use upstream url as the primary source
2016-12-09 15:31:00 +01:00
Joachim Fasting
ca7cc96ee8
grsecurity: enable PAX_INITIFY
...
Uses gcc plugin to detect more instances where memory used during init
can be freed.
2016-12-09 15:30:40 +01:00
Tim Steinbach
bfffbb5ea6
linux: 4.8.12 -> 4.8.13
2016-12-09 08:27:11 -05:00
Tim Steinbach
e861a5f7af
linux: 4.4.36 -> 4.4.37
2016-12-09 08:26:46 -05:00
Joachim Fasting
5fd4ffe00f
grsecurity: 4.8.12-201612031658 -> 201612062306
2016-12-08 12:22:13 +01:00
Tim Steinbach
c9d1d430ec
linux: 4.9-rc7 -> 4.9-rc8
2016-12-05 19:40:11 -05:00
Joachim Fasting
9578299bbe
grsecurity: 4.8.11-201611271225 -> 4.8.12-201612031658
2016-12-06 01:24:32 +01:00
Joachim Fasting
cc396697a6
grsecurity: enable ability to lock in readonly mounts
2016-12-06 01:24:12 +01:00
Joachim Fasting
0e765c72e5
grsecurity: enable module hardening
2016-12-06 01:23:58 +01:00
Joachim Fasting
071fbcda24
grsecurity: enable optional sysfs restrictions
...
Fairly severe, but can be disabled at bootup via
grsec_sysfs_restrict=0. For the NixOS module we ensure that it is
disabled, for systemd compatibility.
2016-12-06 01:23:36 +01:00
Joachim Fasting
8c1f5afdf3
grsecurity: delay toggling of sysctls until system is up
...
We generally trust init, so there's little point in having these enabled
during early bootup; it accomplishes little except fill our logs with
spam.
2016-12-06 01:22:53 +01:00
Tuomas Tynkkynen
9ccc14b1bc
linux_rpi: Add some feature flags
...
Copied from linux_4_4 (except for the EFI stub thing).
Otherwise the firewall module fails to evaluate:
Failed assertions:
- This kernel does not support rpfilter
2016-12-04 18:18:06 +02:00
Tim Steinbach
4f8b74b401
Merge pull request #20866 from NeQuissimus/linux_4_8_12
...
linux: 4.8.11 -> 4.8.12
2016-12-02 18:28:46 -05:00
Tim Steinbach
853b6493c8
linux: 4.8.11 -> 4.8.12
2016-12-02 14:29:00 -05:00
Tim Steinbach
654f5df5dc
linux: 4.4.35 -> 4.4.36
2016-12-02 14:28:26 -05:00
Tim Steinbach
5afc6b506c
linux: 4.1.35 -> 4.1.36
2016-12-01 20:34:02 -05:00
Tim Steinbach
18a3225dac
linux: 3.12.67 -> 3.12.68
2016-11-29 17:40:17 -05:00
Joachim Fasting
b90ed0cc80
grsecurity: 4.8.10-201611232213 -> 4.8.11-201611271225
2016-11-28 11:41:10 +01:00
Joachim Fasting
4c7323545b
Revert "grsecurity: work around for #20490 "
...
This reverts commit e38b74ba89
.
I failed to notice f19c961b4e461da045f2e72e73701059e5117be0; better
use that fix instead.
2016-11-28 11:40:55 +01:00
Tim Steinbach
eecf76eaa2
linux: 4.9-rc6 -> 4.9-rc7
2016-11-27 19:48:24 -05:00
Tuomas Tynkkynen
86ea3126bc
linux_rpi: 1.20160620 -> 1.20161020
2016-11-28 00:24:00 +02:00
Tim Steinbach
b47307bd74
linux: 4.8.10 -> 4.8.11
2016-11-26 16:29:23 -05:00
Tim Steinbach
cc77360bed
linux: 4.4.34 -> 4.4.35
2016-11-26 16:28:58 -05:00
Jörg Thalheim
01172c2ccf
Merge pull request #20591 from NeQuissimus/linux_4_9_rc6
...
linux: 4.9-rc5 -> 4.9-rc6
2016-11-26 16:00:16 +01:00
Joachim Fasting
f9d787c67b
grsecurity: 4.8.10-201611210813 -> 201611232213
2016-11-24 12:08:12 +01:00
Franz Pletz
7974d7493a
linux: compress kernel image with xz
2016-11-23 02:24:13 +01:00
Tim Steinbach
e4a1b76457
linux: 4.8.9 -> 4.8.10
2016-11-21 18:07:17 -05:00
Tim Steinbach
d62069aca4
linux: 4.4.33 -> 4.4.34
2016-11-21 18:06:57 -05:00
Joachim Fasting
96194467e6
grsecurity: 4.8.8-201611150756 -> 4.8.10-201611210813
2016-11-21 23:15:14 +01:00
Tim Steinbach
f6bbc6c477
linux: 4.9-rc5 -> 4.9-rc6
2016-11-20 17:23:32 -05:00
Pascal Wittmann
f7e0bc2ae7
Make all meta.maintainers attributes lists
2016-11-20 18:06:03 +01:00
Tim Steinbach
13491f9f48
Merge pull request #20552 from NeQuissimus/linux_4_8_9
...
linux: 4.8.8 -> 4.8.9
2016-11-19 09:03:00 -05:00
Tim Steinbach
d3b8a77834
linux: 4.4.32 -> 4.4.33
2016-11-19 08:56:31 -05:00
Tim Steinbach
250224bf01
linux: 4.8.8 -> 4.8.9
2016-11-19 08:55:57 -05:00
Joachim Fasting
e38b74ba89
grsecurity: work around for #20490
...
In `scripts/Makefile.modinst`, the code that generates the list of
modules to install passes file names via the command line. When
installing a grsecurity kernel, this list appears to exceed the
shell's argument list limit, as in
make[2]: execvp: /nix/store/[...]-bash-4.3-p46/bin/bash: Argument list too long
The build does not fail, however, but the list of modules to be installed ends
up being empty. Thus, the resulting kernel package output contains no modules,
rendering it useless.
We work around this by patching the makefile to use `find -exec` to
process files. Why this would occur for grsecurity and not other
kernels is unknown, most likely there's something *else* that is
actually causing this behaviour, so this is a temporary fix until that
cause is found.
Fixes https://github.com/NixOS/nixpkgs/issues/20490
2016-11-18 16:14:26 +01:00
Tim Steinbach
a4cd6f1378
Merge pull request #20441 from NeQuissimus/linux_4_4_32
...
linux: 4.4.31 -> 4.4.32
2016-11-15 17:49:00 -05:00
Tim Steinbach
819884119c
Merge pull request #20439 from NeQuissimus/linux_4_8_8
...
linux: 4.8.7 -> 4.8.8
2016-11-15 17:48:07 -05:00
Joachim Fasting
0d4e1b5edd
grsecurity: 4.8.7-201611142350 -> 4.8.8-201611150756
2016-11-15 22:57:25 +01:00
Tim Steinbach
24c342fde7
linux: 4.4.31 -> 4.4.32
2016-11-15 12:31:27 -05:00
Tim Steinbach
9e851d3b11
linux: 4.8.7 -> 4.8.8
2016-11-15 12:30:55 -05:00
Joachim Fasting
afab1a948e
grsecurity: 4.8.7-201611102210 -> 201611142350
2016-11-15 13:11:47 +01:00
Tim Steinbach
a87c8ad05f
linux: 4.9-rc4 -> 4.9-rc5
2016-11-14 09:40:27 -05:00
Joachim Fasting
cad9212813
grsecurity: 4.7.10-201611011946 -> 4.8.7-201611102210
2016-11-14 00:16:19 +01:00
Joachim Fasting
081a871771
Revert "Merge pull request #20302 from spacekitteh/patch-10"
...
This reverts commit e02173c70c
, reversing
changes made to c2b4a0d266
.
Breaks all grsec packages; Not having binary substitutes for no good
reason is disruptive to my workflow, so I'll just revert this for now.
2016-11-12 14:02:20 +01:00
Tim Steinbach
e02173c70c
Merge pull request #20302 from spacekitteh/patch-10
...
grsecurity_testing: 4.7.10 -> 4.8.7
2016-11-11 22:03:39 -05:00
Sophie Taylor
fa180d0d63
grsec: 4.8.6 -> 4.8.7
2016-11-12 12:54:47 +10:00
Tim Steinbach
c2b4a0d266
Merge pull request #20327 from NeQuissimus/linux_4_9_rc4
...
linux: 4.9-rc3 -> 4.9-rc4
2016-11-11 18:11:02 -05:00
Tim Steinbach
52cc30cd87
Merge pull request #20326 from NeQuissimus/linux_3_12_67
...
linux: 3.12.66 -> 3.12.67
2016-11-11 18:10:16 -05:00
Tim Steinbach
933dfca167
Merge pull request #20322 from NeQuissimus/linux_4_8_7
...
linux: 4.8.6 -> 4.8.7
2016-11-10 21:12:06 -05:00
Tim Steinbach
ad19b9bde5
linux: 4.9-rc3 -> 4.9-rc4
2016-11-10 21:08:28 -05:00
Tim Steinbach
0a1f39eb91
linux: 4.8.6 -> 4.8.7
2016-11-10 21:07:56 -05:00
Tim Steinbach
579f5fd9dd
linux: 4.4.30 -> 4.4.31
2016-11-10 21:07:24 -05:00
Tim Steinbach
cc62ecc2d9
linux: 3.12.66 -> 3.12.67
2016-11-10 21:06:54 -05:00
Tuomas Tynkkynen
74ecbbe4e3
kernel config: Ensure SECCOMP_FILTER is enabled
...
As noted in a97db109a2
, SECCOMP_FILTER must be enabled or systemd gets
very unhappy.
2016-11-11 02:10:20 +02:00
Peter Hoeg
cb93b34999
SMB2 support for CIFS
...
[tuomas: removed unneeded kernel version check]
Signed-off-by: Tuomas Tynkkynen <tuomas@tuxera.com>
2016-11-11 02:10:20 +02:00
Sophie Taylor
6476f11f40
grsecurity patch update to kernel 4.8.6
2016-11-10 12:44:22 +10:00
Guillaume Maudoux
eb9d126d2c
linux_mptcp: 0.91 -> 0.91.2
2016-11-07 14:15:33 +01:00
Joachim Fasting
d9b5cd41c5
grsecurity: 4.7.10-201610262029 -> 201611011946
2016-11-03 13:55:23 +01:00
Tim Steinbach
874abe694a
linux: 4.8.5 -> 4.8.6
2016-11-01 08:58:53 -04:00
Eelco Dolstra
ef1a188e07
linux: 4.4.28 -> 4.4.30
2016-11-01 11:31:00 +01:00
Vladimír Čunát
3be635b9b5
Merge linux kernel maintenance updates
...
PRs: #19995 #19996 #19997
2016-10-30 17:29:43 +01:00
Tim Steinbach
f154459cf4
linux: 4.9-rc2 -> 4.9-rc3
2016-10-30 10:30:07 -04:00
Tim Steinbach
1af5b2a80c
linux: 4.4.27 -> 4.4.28
2016-10-30 10:29:37 -04:00
Tim Steinbach
8073430d95
linux: 4.8.4 -> 4.8.5
2016-10-30 10:28:55 -04:00
Joachim Fasting
dfdaea1240
grsecurity: 4.7.10-201610222037 -> 201610262029
2016-10-27 15:03:27 +02:00
Graham Christensen
2f3b62375f
Merge pull request #19891 from NeQuissimus/kernel_4_9_rc2
...
kernel: 4.9-rc1 -> 4.9-rc2
2016-10-27 08:36:23 -04:00
Graham Christensen
ad2deee7d1
Merge pull request #19894 from NeQuissimus/kernel_3_18_44
...
kernel: 3.18.42 -> 3.18.44
2016-10-27 08:36:17 -04:00
Graham Christensen
c654ec0f25
Merge pull request #19893 from NeQuissimus/kernel_3_12_66
...
kernel: 3.12.63 -> 3.12.66
2016-10-27 08:36:10 -04:00
Graham Christensen
00e2bc22db
Merge pull request #19890 from NeQuissimus/kernel_3_10_104
...
kernel: 3.10.103 -> 3.10.104
2016-10-27 08:35:54 -04:00
Tim Steinbach
b02646f93b
kernel: 3.18.42 -> 3.18.44
2016-10-26 19:23:43 -04:00
Tim Steinbach
e5e84ecbbd
kernel: 3.12.63 -> 3.12.66
2016-10-26 19:17:46 -04:00
Tim Steinbach
e4773819f4
kernel: 3.10.103 -> 3.10.104
2016-10-26 19:13:21 -04:00
Tim Steinbach
e9a5cf3f6f
kernel: 4.9-rc1 -> 4.9-rc2
2016-10-26 09:11:00 -04:00
Tim Steinbach
89cd922a6a
kernel: 4.1.33 -> 4.1.35
2016-10-26 09:04:37 -04:00
Tim Steinbach
b3f7d626c1
kernel: remove 4.7
2016-10-24 21:30:00 -04:00
Joachim Fasting
5440c1a64c
grsecurity: 4.7.9-201610200819 -> 4.7.10-201610222037
...
Notably, this pulls in the dirtycow fix from upstream (but I've been
unable to execute the POC exploits on grsec kernels without that fix
...)
2016-10-23 17:14:40 +02:00
Tim Steinbach
a3989b87df
Merge pull request #19772 from NeQuissimus/linux_4_8_4
...
linux: 4.8.3 -> 4.8.4
2016-10-22 12:14:59 -04:00
Tim Steinbach
72d91f95cb
Merge pull request #19771 from NeQuissimus/linux_4_7_10
...
linux: 4.7.9 -> 4.7.10
2016-10-22 12:14:26 -04:00
Tim Steinbach
8d0ca31849
linux: 4.8.3 -> 4.8.4
2016-10-22 12:11:37 -04:00
Tim Steinbach
adbe0e0a13
linux: 4.7.9 -> 4.7.10
2016-10-22 12:11:09 -04:00
Tim Steinbach
4489454b83
linux: 4.4.26 -> 4.4.27
2016-10-22 12:10:34 -04:00
Joachim Fasting
ed5d146e9d
grsecurity: 4.7.7-201610101902 -> 4.7.9-201610200819
2016-10-21 01:50:53 +02:00
Vladimír Čunát
fabfb0a900
Merge #19725 : kernel: 4.7.8 -> 4.7.9
2016-10-20 19:45:25 +02:00
Tim Steinbach
963804ba8e
kernel: 4.7.8 -> 4.7.9
2016-10-20 13:08:53 -04:00
Tim Steinbach
0c3e5217fc
kernel: 4.8.2 -> 4.8.3
2016-10-20 13:06:03 -04:00
Eelco Dolstra
76a57d83b5
linux: 4.4.25 -> 4.4.26
2016-10-20 13:37:19 +02:00
Tim Steinbach
dac481d999
Merge pull request #19648 from NeQuissimus/linux_4_7_8
...
linux_4_7: 4.7.7 -> 4.7.8
2016-10-19 14:48:47 -04:00
Tim Steinbach
84e4dcb34b
Merge pull request #19649 from NeQuissimus/linux_4_8_2
...
linux_4_8: 4.8.1 -> 4.8.2
2016-10-19 14:38:11 -04:00
Tim Steinbach
70c8de0536
Merge pull request #19652 from NeQuissimus/linux_4_9_rc1
...
linux_testing: 4.8-rc6 -> 4.9-rc1
2016-10-19 14:35:21 -04:00
Eelco Dolstra
13f43c7ebc
linux: 4.4.24 -> 4.4.25
2016-10-19 17:11:53 +02:00
Tuomas Tynkkynen
59f12d9394
kernel config: Add some filesystem options
...
Enable encryption support for both F2FS and ext4. For ext4 this is a bit
tricky, since pre-4.8 the way to enable it as a module was just
"EXT4_ENCRYPTION=m" but after that it changed to "FS_ENCRYPTION=m &&
EXT4_ENCRYPTION=y".
Also make sure UDF is enabled.
2016-10-19 16:44:08 +03:00
Tim Steinbach
51c9c2f851
linux_testing: 4.8-rc6 -> 4.9-rc1
2016-10-18 11:19:46 -04:00
Tim Steinbach
0acfbaa5b2
linux_4_8: 4.8.1 -> 4.8.2
2016-10-18 10:13:02 -04:00
Tim Steinbach
55adff59f1
linux_4_7: 4.7.7 -> 4.7.8
2016-10-18 10:12:26 -04:00
Joachim Fasting
ce73a3ea0f
grsecurity: 4.7.6-201609301918 -> 4.7.7-201610101902
2016-10-11 13:15:16 +02:00
Aneesh Agrawal
f0602d2d36
kernel: Make SECURITY_YAMA optional
...
It's highly recommended, but not required to run NixOS.
2016-10-08 17:46:33 +02:00
Aneesh Agrawal
a000ed181c
linux config: enable the Yama LSM ( #14392 )
...
The Yama Linux Security Module restricts the use of ptrace so that
processes cannot ptrace processes that are not their children. This
prevents attackers from compromising one user-level processes and
snooping on the memory and runtime state of other processes owned
by the same user.
2016-10-08 16:40:12 +02:00
Tim Steinbach
a699eb4798
linux: 4.4.23 -> 4.4.24 ( #19346 )
2016-10-08 07:02:07 +02:00
Tim Steinbach
9481edec56
linux: 4.7.6 -> 4.7.7 ( #19345 )
2016-10-08 07:01:51 +02:00
Tim Steinbach
07e67b33af
linux: 4.8.0 -> 4.8.1 ( #19344 )
2016-10-08 07:01:27 +02:00
Marco Maggesi
435673b948
Revert "Revert "linux*: remove 3.14, as it's no longer maintained""
...
In the end, it is too dangerous to have an unmaintained kernel in
nixpkgs. Revert the revert.
This reverts commit e921725176
.
2016-10-07 23:26:32 +02:00
Marco Maggesi
e921725176
Revert "linux*: remove 3.14, as it's no longer maintained"
...
This is the simplest way to reenable the use of BLCR
(which at present requires linux version >3.12 <3.18)
until we find a better solution.
This reverts commit 6a9e765e27
.
2016-10-07 14:31:24 +02:00
Eelco Dolstra
a8b61b0aad
Merge pull request #19278 from anderspapitto/local
...
perf: add dependency on libaudit
2016-10-06 11:45:54 +02:00
Anders Papitto
aa44330963
perf: add dependency on libaudit
...
the `trace` subcommand of perf is only enabled when libaudit is
available at compile time
2016-10-05 17:59:44 -07:00
Alexander Ried
96fbdf8594
kernel: Disable RT_GROUP_SCHED
...
Follow systemd recommendation
fd74fa791f/README (L96-L103)
2016-10-05 12:52:45 +02:00
Shea Levy
e54313d183
Revert "Revert "Linux 4.8""
...
Now featuring @aszlig's modinst_arg_list_too_long patch.
This reverts commit 43bedb970d
.
Fixes #19213
2016-10-04 10:10:36 -04:00
Shea Levy
43bedb970d
Revert "Linux 4.8"
...
This reverts commit e4958d54b1
.
2016-10-03 22:04:43 -04:00
Shea Levy
e4958d54b1
Linux 4.8
2016-10-03 08:45:45 -04:00
Joachim Fasting
9a9237e0aa
grsecurity: revamp nixos kernel config
...
Cleanup:
- Restructure & add some commentary
- Remove redundant option specs given the auto config
constraints (some are left in for documentation purposes)
Changes:
- GRKERNSEC_CONFIG_VIRT_HOST -> GUEST
The former deselects paravirtualization and friends
- PAX_LATENT_ENTROPY n -> y (implied by auto)
- GRKERNSEC_ACL_HIDEKERN y -> n
Possibly useless with redistribution
2016-10-02 19:25:58 +02:00
Joachim Fasting
1bb7b44cd7
grsecurity: make GRKERNSEC y and PAX y implicit
...
These options should always be specified. Note, an implication of this
change is that not specifying any grsec/PaX options results in a build
failure.
2016-10-02 19:25:58 +02:00
Joachim Fasting
2ec9a1a955
grsecurity: 4.7.5-201609261522 -> 4.7.6-201609301918
2016-10-01 08:47:30 +02:00
Joachim Fasting
22108b7a10
linux_4_7: 4.7.5 -> 4.7.6
2016-10-01 08:46:31 +02:00
Eelco Dolstra
613a12a8bd
linux: 4.4.22 -> 4.4.23
2016-09-30 14:41:19 +02:00
Graham Christensen
ff5cf3abff
linux-3.10: fix build by upstream patch
2016-09-28 19:18:34 +02:00
Joachim Fasting
98a9d815e0
grsecurity: 4.7.4-201609211951 -> 4.7.5-201609261522
2016-09-27 01:43:50 +02:00
Franz Pletz
3a4a425728
linux: 4.7.4 -> 4.7.5
2016-09-25 14:20:46 +02:00
Franz Pletz
c83f8a536a
linux: 4.4.20 -> 4.4.22
2016-09-25 14:20:46 +02:00
Franz Pletz
fdf239fb83
linux: 4.1.31 -> 4.1.33
2016-09-25 14:20:45 +02:00
Franz Pletz
17402fc4a3
linux: 3.18.40 -> 3.18.42
2016-09-25 14:20:45 +02:00
Franz Pletz
31ff655e46
kernelPatches: remove unneeded patches
2016-09-25 14:20:45 +02:00
Franz Pletz
01f465c82b
linux: 3.12.62 -> 3.12.63
2016-09-25 14:20:45 +02:00
Franz Pletz
b1029abe56
linux: 3.10.102 -> 3.10.103
2016-09-25 14:20:45 +02:00
Franz Pletz
e8cd27dd8a
linux_4_6: remove, not maintained anymore
2016-09-25 14:20:39 +02:00
Nikolay Amiantov
ea4d517eb8
Merge pull request #18661 from NeQuissimus/kernel/zbud
...
kernel-common: Add ZBUD
2016-09-25 12:33:08 +04:00
Joachim Fasting
64816cd972
grsecurity: 4.7.4-201609152234 -> 201609211951
2016-09-22 23:40:50 +02:00
Joachim Fasting
e2659de1b2
kernelPatches: remove legacy grsecurity attrs
2016-09-18 15:26:57 +02:00
Vladimír Čunát
6a9e765e27
linux*: remove 3.14, as it's no longer maintained
2016-09-17 02:10:53 +02:00
Tuomas Tynkkynen
f5c9c4f18a
Merge pull request #18659 from layus/fix-mptcp
...
linux_mptcp: fix config options broken by b4a4a63cc4
2016-09-16 21:06:54 +03:00
aszlig
a0b643ed06
linux-testing: 4.8-rc4 -> 4.8-rc6
...
Built successfully on my machine, no runtime tests performed.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Verified-with-PGP: ABAF 11C6 5A29 70B1 30AB E3C4 79BE 3E43 0041 1886
2016-09-16 17:57:32 +02:00
Tim Steinbach
77e1be36b9
kernel-common: Add ZBUD, move ZSMALLOC into module space
2016-09-16 15:31:51 +00:00
Guillaume Maudoux
f0e519d26a
linux_mptcp: fix config options broken by b4a4a63cc4
2016-09-16 13:15:50 +02:00
Joachim Fasting
d082a7c0fd
grsecurity: 4.7.3-201609072139 -> 4.7.4-201609152234
2016-09-16 11:18:42 +02:00
Joachim Fasting
2050f12f4e
linux_4_7: 4.7.3 -> 4.7.4
2016-09-16 11:18:42 +02:00
Kirill Boltaev
0f37287df5
treewide: explicitly specify gtk version
2016-09-13 21:09:24 +03:00
Tuomas Tynkkynen
0c0188c5d2
kernel config: Explicitly enable some NLS-related things
...
Doesn't affect x86, but ARM can't mount VFAT filesystems without this on
a 3.18 kernel.
2016-09-13 17:06:13 +03:00
Tuomas Tynkkynen
b4a4a63cc4
kernel generate-config.pl: Properly support string options
...
Or we get something like:
option not set correctly: NLS_DEFAULT (wanted 'utf8', got '"utf8"')
2016-09-13 17:06:13 +03:00
Tuomas Tynkkynen
246bd302ec
kernel generate-config.pl: Be more verbose on errors
2016-09-13 17:06:13 +03:00
Joachim Fasting
91674b75d3
grsecurity: 4.7.2-201608312326 -> 4.7.3-201609072139
2016-09-10 17:06:42 +02:00
Eelco Dolstra
bc7e4e390a
linux: 4.4.19 -> 4.4.20
2016-09-08 13:58:05 +02:00
Tim Steinbach
4829cd7f65
kernel: 4.7.2 -> 4.7.3
2016-09-08 01:51:28 +00:00
Joachim Fasting
0ce7b31b09
grsecurity: 4.7.2-201608211829 -> 201608312326
2016-09-01 14:51:33 +02:00
Tuomas Tynkkynen
8c4aeb1780
Merge staging into master
...
Brings in:
- changed output order for multiple outputs:
https://github.com/NixOS/nixpkgs/pull/14766
- audit disabled by default
https://github.com/NixOS/nixpkgs/pull/17916
Conflicts:
pkgs/development/libraries/openldap/default.nix
2016-09-01 13:27:27 +03:00
Tuomas Tynkkynen
d3dc3d4130
Merge remote-tracking branch 'dezgeg/shuffle-outputs' into staging
...
https://github.com/NixOS/nixpkgs/pull/14766
2016-08-30 12:43:37 +03:00
aszlig
f19c961b4e
linux-testing: Fix arg list too long in modinst
...
With the default kernel and thus with the build I have tested in
74ec94bfa2
, we get an error during
modules_install:
make[2]: execvp: /nix/store/.../bin/bash: Argument list too long
I haven't noticed this build until I actually tried booting using this
kernel because make didn't fail here.
The reason this happens within Nix and probably didn't yet surface in
other distros is that programs only have a limited amount of memory
available for storing the environment and the arguments.
Environment variables however are quite common on Nix and thus we
stumble on problems like this way earlier - in this case Linux 4.8 - but
I have noticed this in 4.7-next as well already.
The fix is far from perfect and suffers performance overhead because we
now run grep for every *.mod file instead of passing all *.mod files
into one single invocation of grep.
But comparing the performance overhead (around 1s on my machine) with
the overall build time of the kernel I think the overhead really is
neglicible.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-08-30 06:55:52 +02:00
aszlig
74ec94bfa2
linux/kernel/testing: 4.8-rc3 -> 4.8-rc4
...
Tested by only building the linux_testing attribute, but haven't yet
tested it in production.
I've also fixed the extraMeta.branch attribute.
Verified-with-PGP: ABAF 11C6 5A29 70B1 30AB E3C4 79BE 3E43 0041 1886
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-08-29 20:52:19 +02:00
aszlig
42e1ec215e
linux/kernel: Remove MLX4_EN_VXLAN for 4.8
...
This option is no longer needed and has been removed in upstream commit
torvalds/linux@a831274a13 .
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-08-29 20:52:19 +02:00
aszlig
0bce188ec1
linux/kernel: Remove KVM_APIC_ARCHITECTURE for 4.8
...
The option is no longer needed and has been removed upstream in
torvalds/linux@557abc40d1 .
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-08-29 20:52:19 +02:00
Tuomas Tynkkynen
0e26cf84fc
kernel: Remove propagatedBuildOutputs
...
Not needed after the shuffle.
2016-08-29 14:49:52 +03:00
obadz
b74793bd1c
Merge branch 'master' into staging
...
Conflicts:
pkgs/tools/system/facter/default.nix
2016-08-29 12:44:17 +01:00
Joachim Fasting
e5c3a52afc
grsecurity: fix features.grsecurity
...
Previously, features.grsecurity wasn't actually set due to a bug in the
grsec builder. We now rely on the generic kernel builder to set features
from kernelPatches.
2016-08-29 04:09:40 +02:00
Joachim Fasting
fcf5a24d8c
kernel config: set DEBUG_STACKOVERFLOW regardless of features.grsecurity
...
features.grsecurity has actually been unset for a long time, with no
ill effect on grsec kernel builds so this conditional looks useless.
2016-08-29 04:08:39 +02:00
Robin Gloster
e17bc25943
Merge remote-tracking branch 'upstream/master' into staging
2016-08-29 00:24:47 +00:00
Tuomas Tynkkynen
c004c6e14d
kernel config: Explicitly enable some stuff not enabled by 'make alldefconfig'
...
List of what to enable taken from https://lwn.net/Articles/672587/ .
This doesn't change the resulting x86 configs, but is more useful for
other architectures. For instance, POSIX_MQUEUE is currently missing
on ARM.
2016-08-29 03:07:11 +03:00
obadz
3de6e5be50
Merge branch 'master' into staging
...
Conflicts:
pkgs/applications/misc/navit/default.nix
pkgs/applications/networking/mailreaders/alpine/default.nix
pkgs/applications/networking/mailreaders/realpine/default.nix
pkgs/development/compilers/ghc/head.nix
pkgs/development/libraries/openssl/default.nix
pkgs/games/liquidwar/default.nix
pkgs/games/spring/springlobby.nix
pkgs/os-specific/linux/kernel/perf.nix
pkgs/servers/sip/freeswitch/default.nix
pkgs/tools/archivers/cromfs/default.nix
pkgs/tools/graphics/plotutils/default.nix
2016-08-27 23:54:54 +01:00
Bjørn Forsman
daa9d5edca
perf: unbreak build since glibc 2.24 upgrade
...
glibc 2.24 deprecated readdir_r, breaking the perf build:
$ nix-build -A linuxPackages.perf
...
CC util/event.o
CC util/evlist.o
util/event.c: In function '__event__synthesize_thread':
util/event.c:448:2: error: 'readdir_r' is deprecated [-Werror=deprecated-declarations]
while (!readdir_r(tasks, &dirent, &next) && next) {
^
In file included from /nix/store/8ic0jwg3p5vcwx52k4781n987hmv0bks-glibc-2.24-dev/include/features.h:368:0,
from /nix/store/8ic0jwg3p5vcwx52k4781n987hmv0bks-glibc-2.24-dev/include/stdint.h:25,
from /nix/store/jsazxc1b86g2ww569ziwhhvkz8z43vjd-gcc-5.4.0/lib/gcc/x86_64-unknown-linux-gnu/5.4.0/include/stdint.h:9,
from /tmp/nix-build-perf-linux-4.4.19.drv-0/linux-4.4.19/tools/include/linux/types.h:6,
from util/event.c:1:
/nix/store/8ic0jwg3p5vcwx52k4781n987hmv0bks-glibc-2.24-dev/include/dirent.h:189:12: note: declared here
extern int __REDIRECT (readdir_r,
^
util/event.c: In function 'perf_event__synthesize_threads':
util/event.c:586:2: error: 'readdir_r' is deprecated [-Werror=deprecated-declarations]
while (!readdir_r(proc, &dirent, &next) && next) {
Fix by adding -Wno-error=deprecated-declarations compile flag.
2016-08-27 10:21:57 +02:00
Gabriel Ebner
131cd8f45d
Merge pull request #18005 from gebner/kernel-amd-powerplay
...
kernel: config: enable DRM_AMD_POWERPLAY
2016-08-26 19:04:54 +02:00
Franz Pletz
40e0e5fb0b
linux_testing: 4.7-rc7 -> 4.8-rc3
2016-08-26 14:47:45 +02:00
Franz Pletz
aacf6651c1
linux: 4.4.18 -> 4.4.19
2016-08-26 14:47:45 +02:00
Franz Pletz
90251478ec
linux: 4.1.30 -> 4.1.31
2016-08-26 14:47:45 +02:00
Franz Pletz
377c851395
linux: 3.18.36 -> 3.18.40
2016-08-26 14:47:45 +02:00
Franz Pletz
dc37edb36c
linux: 3.14.73 -> 3.14.77
2016-08-26 14:47:45 +02:00
Franz Pletz
458d477215
linux: 3.12.61 -> 3.12.62
2016-08-26 14:47:45 +02:00