Joachim Fasting
cad9212813
grsecurity: 4.7.10-201611011946 -> 4.8.7-201611102210
2016-11-14 00:16:19 +01:00
Joachim Fasting
081a871771
Revert "Merge pull request #20302 from spacekitteh/patch-10"
...
This reverts commit e02173c70c
, reversing
changes made to c2b4a0d266
.
Breaks all grsec packages; Not having binary substitutes for no good
reason is disruptive to my workflow, so I'll just revert this for now.
2016-11-12 14:02:20 +01:00
Tim Steinbach
e02173c70c
Merge pull request #20302 from spacekitteh/patch-10
...
grsecurity_testing: 4.7.10 -> 4.8.7
2016-11-11 22:03:39 -05:00
Sophie Taylor
fa180d0d63
grsec: 4.8.6 -> 4.8.7
2016-11-12 12:54:47 +10:00
Tim Steinbach
c2b4a0d266
Merge pull request #20327 from NeQuissimus/linux_4_9_rc4
...
linux: 4.9-rc3 -> 4.9-rc4
2016-11-11 18:11:02 -05:00
Tim Steinbach
52cc30cd87
Merge pull request #20326 from NeQuissimus/linux_3_12_67
...
linux: 3.12.66 -> 3.12.67
2016-11-11 18:10:16 -05:00
Tim Steinbach
933dfca167
Merge pull request #20322 from NeQuissimus/linux_4_8_7
...
linux: 4.8.6 -> 4.8.7
2016-11-10 21:12:06 -05:00
Tim Steinbach
ad19b9bde5
linux: 4.9-rc3 -> 4.9-rc4
2016-11-10 21:08:28 -05:00
Tim Steinbach
0a1f39eb91
linux: 4.8.6 -> 4.8.7
2016-11-10 21:07:56 -05:00
Tim Steinbach
579f5fd9dd
linux: 4.4.30 -> 4.4.31
2016-11-10 21:07:24 -05:00
Tim Steinbach
cc62ecc2d9
linux: 3.12.66 -> 3.12.67
2016-11-10 21:06:54 -05:00
Tuomas Tynkkynen
74ecbbe4e3
kernel config: Ensure SECCOMP_FILTER is enabled
...
As noted in a97db109a2
, SECCOMP_FILTER must be enabled or systemd gets
very unhappy.
2016-11-11 02:10:20 +02:00
Peter Hoeg
cb93b34999
SMB2 support for CIFS
...
[tuomas: removed unneeded kernel version check]
Signed-off-by: Tuomas Tynkkynen <tuomas@tuxera.com>
2016-11-11 02:10:20 +02:00
Sophie Taylor
6476f11f40
grsecurity patch update to kernel 4.8.6
2016-11-10 12:44:22 +10:00
Guillaume Maudoux
eb9d126d2c
linux_mptcp: 0.91 -> 0.91.2
2016-11-07 14:15:33 +01:00
Joachim Fasting
d9b5cd41c5
grsecurity: 4.7.10-201610262029 -> 201611011946
2016-11-03 13:55:23 +01:00
Tim Steinbach
874abe694a
linux: 4.8.5 -> 4.8.6
2016-11-01 08:58:53 -04:00
Eelco Dolstra
ef1a188e07
linux: 4.4.28 -> 4.4.30
2016-11-01 11:31:00 +01:00
Vladimír Čunát
3be635b9b5
Merge linux kernel maintenance updates
...
PRs: #19995 #19996 #19997
2016-10-30 17:29:43 +01:00
Tim Steinbach
f154459cf4
linux: 4.9-rc2 -> 4.9-rc3
2016-10-30 10:30:07 -04:00
Tim Steinbach
1af5b2a80c
linux: 4.4.27 -> 4.4.28
2016-10-30 10:29:37 -04:00
Tim Steinbach
8073430d95
linux: 4.8.4 -> 4.8.5
2016-10-30 10:28:55 -04:00
Joachim Fasting
dfdaea1240
grsecurity: 4.7.10-201610222037 -> 201610262029
2016-10-27 15:03:27 +02:00
Graham Christensen
2f3b62375f
Merge pull request #19891 from NeQuissimus/kernel_4_9_rc2
...
kernel: 4.9-rc1 -> 4.9-rc2
2016-10-27 08:36:23 -04:00
Graham Christensen
ad2deee7d1
Merge pull request #19894 from NeQuissimus/kernel_3_18_44
...
kernel: 3.18.42 -> 3.18.44
2016-10-27 08:36:17 -04:00
Graham Christensen
c654ec0f25
Merge pull request #19893 from NeQuissimus/kernel_3_12_66
...
kernel: 3.12.63 -> 3.12.66
2016-10-27 08:36:10 -04:00
Graham Christensen
00e2bc22db
Merge pull request #19890 from NeQuissimus/kernel_3_10_104
...
kernel: 3.10.103 -> 3.10.104
2016-10-27 08:35:54 -04:00
Tim Steinbach
b02646f93b
kernel: 3.18.42 -> 3.18.44
2016-10-26 19:23:43 -04:00
Tim Steinbach
e5e84ecbbd
kernel: 3.12.63 -> 3.12.66
2016-10-26 19:17:46 -04:00
Tim Steinbach
e4773819f4
kernel: 3.10.103 -> 3.10.104
2016-10-26 19:13:21 -04:00
Tim Steinbach
e9a5cf3f6f
kernel: 4.9-rc1 -> 4.9-rc2
2016-10-26 09:11:00 -04:00
Tim Steinbach
89cd922a6a
kernel: 4.1.33 -> 4.1.35
2016-10-26 09:04:37 -04:00
Tim Steinbach
b3f7d626c1
kernel: remove 4.7
2016-10-24 21:30:00 -04:00
Joachim Fasting
5440c1a64c
grsecurity: 4.7.9-201610200819 -> 4.7.10-201610222037
...
Notably, this pulls in the dirtycow fix from upstream (but I've been
unable to execute the POC exploits on grsec kernels without that fix
...)
2016-10-23 17:14:40 +02:00
Tim Steinbach
a3989b87df
Merge pull request #19772 from NeQuissimus/linux_4_8_4
...
linux: 4.8.3 -> 4.8.4
2016-10-22 12:14:59 -04:00
Tim Steinbach
72d91f95cb
Merge pull request #19771 from NeQuissimus/linux_4_7_10
...
linux: 4.7.9 -> 4.7.10
2016-10-22 12:14:26 -04:00
Tim Steinbach
8d0ca31849
linux: 4.8.3 -> 4.8.4
2016-10-22 12:11:37 -04:00
Tim Steinbach
adbe0e0a13
linux: 4.7.9 -> 4.7.10
2016-10-22 12:11:09 -04:00
Tim Steinbach
4489454b83
linux: 4.4.26 -> 4.4.27
2016-10-22 12:10:34 -04:00
Joachim Fasting
ed5d146e9d
grsecurity: 4.7.7-201610101902 -> 4.7.9-201610200819
2016-10-21 01:50:53 +02:00
Vladimír Čunát
fabfb0a900
Merge #19725 : kernel: 4.7.8 -> 4.7.9
2016-10-20 19:45:25 +02:00
Tim Steinbach
963804ba8e
kernel: 4.7.8 -> 4.7.9
2016-10-20 13:08:53 -04:00
Tim Steinbach
0c3e5217fc
kernel: 4.8.2 -> 4.8.3
2016-10-20 13:06:03 -04:00
Eelco Dolstra
76a57d83b5
linux: 4.4.25 -> 4.4.26
2016-10-20 13:37:19 +02:00
Tim Steinbach
dac481d999
Merge pull request #19648 from NeQuissimus/linux_4_7_8
...
linux_4_7: 4.7.7 -> 4.7.8
2016-10-19 14:48:47 -04:00
Tim Steinbach
84e4dcb34b
Merge pull request #19649 from NeQuissimus/linux_4_8_2
...
linux_4_8: 4.8.1 -> 4.8.2
2016-10-19 14:38:11 -04:00
Tim Steinbach
70c8de0536
Merge pull request #19652 from NeQuissimus/linux_4_9_rc1
...
linux_testing: 4.8-rc6 -> 4.9-rc1
2016-10-19 14:35:21 -04:00
Eelco Dolstra
13f43c7ebc
linux: 4.4.24 -> 4.4.25
2016-10-19 17:11:53 +02:00
Tuomas Tynkkynen
59f12d9394
kernel config: Add some filesystem options
...
Enable encryption support for both F2FS and ext4. For ext4 this is a bit
tricky, since pre-4.8 the way to enable it as a module was just
"EXT4_ENCRYPTION=m" but after that it changed to "FS_ENCRYPTION=m &&
EXT4_ENCRYPTION=y".
Also make sure UDF is enabled.
2016-10-19 16:44:08 +03:00
Tim Steinbach
51c9c2f851
linux_testing: 4.8-rc6 -> 4.9-rc1
2016-10-18 11:19:46 -04:00
Tim Steinbach
0acfbaa5b2
linux_4_8: 4.8.1 -> 4.8.2
2016-10-18 10:13:02 -04:00
Tim Steinbach
55adff59f1
linux_4_7: 4.7.7 -> 4.7.8
2016-10-18 10:12:26 -04:00
Joachim Fasting
ce73a3ea0f
grsecurity: 4.7.6-201609301918 -> 4.7.7-201610101902
2016-10-11 13:15:16 +02:00
Aneesh Agrawal
f0602d2d36
kernel: Make SECURITY_YAMA optional
...
It's highly recommended, but not required to run NixOS.
2016-10-08 17:46:33 +02:00
Aneesh Agrawal
a000ed181c
linux config: enable the Yama LSM ( #14392 )
...
The Yama Linux Security Module restricts the use of ptrace so that
processes cannot ptrace processes that are not their children. This
prevents attackers from compromising one user-level processes and
snooping on the memory and runtime state of other processes owned
by the same user.
2016-10-08 16:40:12 +02:00
Tim Steinbach
a699eb4798
linux: 4.4.23 -> 4.4.24 ( #19346 )
2016-10-08 07:02:07 +02:00
Tim Steinbach
9481edec56
linux: 4.7.6 -> 4.7.7 ( #19345 )
2016-10-08 07:01:51 +02:00
Tim Steinbach
07e67b33af
linux: 4.8.0 -> 4.8.1 ( #19344 )
2016-10-08 07:01:27 +02:00
Marco Maggesi
435673b948
Revert "Revert "linux*: remove 3.14, as it's no longer maintained""
...
In the end, it is too dangerous to have an unmaintained kernel in
nixpkgs. Revert the revert.
This reverts commit e921725176
.
2016-10-07 23:26:32 +02:00
Marco Maggesi
e921725176
Revert "linux*: remove 3.14, as it's no longer maintained"
...
This is the simplest way to reenable the use of BLCR
(which at present requires linux version >3.12 <3.18)
until we find a better solution.
This reverts commit 6a9e765e27
.
2016-10-07 14:31:24 +02:00
Eelco Dolstra
a8b61b0aad
Merge pull request #19278 from anderspapitto/local
...
perf: add dependency on libaudit
2016-10-06 11:45:54 +02:00
Anders Papitto
aa44330963
perf: add dependency on libaudit
...
the `trace` subcommand of perf is only enabled when libaudit is
available at compile time
2016-10-05 17:59:44 -07:00
Alexander Ried
96fbdf8594
kernel: Disable RT_GROUP_SCHED
...
Follow systemd recommendation
fd74fa791f/README (L96-L103)
2016-10-05 12:52:45 +02:00
Shea Levy
e54313d183
Revert "Revert "Linux 4.8""
...
Now featuring @aszlig's modinst_arg_list_too_long patch.
This reverts commit 43bedb970d
.
Fixes #19213
2016-10-04 10:10:36 -04:00
Shea Levy
43bedb970d
Revert "Linux 4.8"
...
This reverts commit e4958d54b1
.
2016-10-03 22:04:43 -04:00
Shea Levy
e4958d54b1
Linux 4.8
2016-10-03 08:45:45 -04:00
Joachim Fasting
9a9237e0aa
grsecurity: revamp nixos kernel config
...
Cleanup:
- Restructure & add some commentary
- Remove redundant option specs given the auto config
constraints (some are left in for documentation purposes)
Changes:
- GRKERNSEC_CONFIG_VIRT_HOST -> GUEST
The former deselects paravirtualization and friends
- PAX_LATENT_ENTROPY n -> y (implied by auto)
- GRKERNSEC_ACL_HIDEKERN y -> n
Possibly useless with redistribution
2016-10-02 19:25:58 +02:00
Joachim Fasting
1bb7b44cd7
grsecurity: make GRKERNSEC y and PAX y implicit
...
These options should always be specified. Note, an implication of this
change is that not specifying any grsec/PaX options results in a build
failure.
2016-10-02 19:25:58 +02:00
Joachim Fasting
2ec9a1a955
grsecurity: 4.7.5-201609261522 -> 4.7.6-201609301918
2016-10-01 08:47:30 +02:00
Joachim Fasting
22108b7a10
linux_4_7: 4.7.5 -> 4.7.6
2016-10-01 08:46:31 +02:00
Eelco Dolstra
613a12a8bd
linux: 4.4.22 -> 4.4.23
2016-09-30 14:41:19 +02:00
Graham Christensen
ff5cf3abff
linux-3.10: fix build by upstream patch
2016-09-28 19:18:34 +02:00
Joachim Fasting
98a9d815e0
grsecurity: 4.7.4-201609211951 -> 4.7.5-201609261522
2016-09-27 01:43:50 +02:00
Franz Pletz
3a4a425728
linux: 4.7.4 -> 4.7.5
2016-09-25 14:20:46 +02:00
Franz Pletz
c83f8a536a
linux: 4.4.20 -> 4.4.22
2016-09-25 14:20:46 +02:00
Franz Pletz
fdf239fb83
linux: 4.1.31 -> 4.1.33
2016-09-25 14:20:45 +02:00
Franz Pletz
17402fc4a3
linux: 3.18.40 -> 3.18.42
2016-09-25 14:20:45 +02:00
Franz Pletz
31ff655e46
kernelPatches: remove unneeded patches
2016-09-25 14:20:45 +02:00
Franz Pletz
01f465c82b
linux: 3.12.62 -> 3.12.63
2016-09-25 14:20:45 +02:00
Franz Pletz
b1029abe56
linux: 3.10.102 -> 3.10.103
2016-09-25 14:20:45 +02:00
Franz Pletz
e8cd27dd8a
linux_4_6: remove, not maintained anymore
2016-09-25 14:20:39 +02:00
Nikolay Amiantov
ea4d517eb8
Merge pull request #18661 from NeQuissimus/kernel/zbud
...
kernel-common: Add ZBUD
2016-09-25 12:33:08 +04:00
Joachim Fasting
64816cd972
grsecurity: 4.7.4-201609152234 -> 201609211951
2016-09-22 23:40:50 +02:00
Joachim Fasting
e2659de1b2
kernelPatches: remove legacy grsecurity attrs
2016-09-18 15:26:57 +02:00
Vladimír Čunát
6a9e765e27
linux*: remove 3.14, as it's no longer maintained
2016-09-17 02:10:53 +02:00
Tuomas Tynkkynen
f5c9c4f18a
Merge pull request #18659 from layus/fix-mptcp
...
linux_mptcp: fix config options broken by b4a4a63cc4
2016-09-16 21:06:54 +03:00
aszlig
a0b643ed06
linux-testing: 4.8-rc4 -> 4.8-rc6
...
Built successfully on my machine, no runtime tests performed.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Verified-with-PGP: ABAF 11C6 5A29 70B1 30AB E3C4 79BE 3E43 0041 1886
2016-09-16 17:57:32 +02:00
Tim Steinbach
77e1be36b9
kernel-common: Add ZBUD, move ZSMALLOC into module space
2016-09-16 15:31:51 +00:00
Guillaume Maudoux
f0e519d26a
linux_mptcp: fix config options broken by b4a4a63cc4
2016-09-16 13:15:50 +02:00
Joachim Fasting
d082a7c0fd
grsecurity: 4.7.3-201609072139 -> 4.7.4-201609152234
2016-09-16 11:18:42 +02:00
Joachim Fasting
2050f12f4e
linux_4_7: 4.7.3 -> 4.7.4
2016-09-16 11:18:42 +02:00
Kirill Boltaev
0f37287df5
treewide: explicitly specify gtk version
2016-09-13 21:09:24 +03:00
Tuomas Tynkkynen
0c0188c5d2
kernel config: Explicitly enable some NLS-related things
...
Doesn't affect x86, but ARM can't mount VFAT filesystems without this on
a 3.18 kernel.
2016-09-13 17:06:13 +03:00
Tuomas Tynkkynen
b4a4a63cc4
kernel generate-config.pl: Properly support string options
...
Or we get something like:
option not set correctly: NLS_DEFAULT (wanted 'utf8', got '"utf8"')
2016-09-13 17:06:13 +03:00
Tuomas Tynkkynen
246bd302ec
kernel generate-config.pl: Be more verbose on errors
2016-09-13 17:06:13 +03:00
Joachim Fasting
91674b75d3
grsecurity: 4.7.2-201608312326 -> 4.7.3-201609072139
2016-09-10 17:06:42 +02:00
Eelco Dolstra
bc7e4e390a
linux: 4.4.19 -> 4.4.20
2016-09-08 13:58:05 +02:00
Tim Steinbach
4829cd7f65
kernel: 4.7.2 -> 4.7.3
2016-09-08 01:51:28 +00:00
Joachim Fasting
0ce7b31b09
grsecurity: 4.7.2-201608211829 -> 201608312326
2016-09-01 14:51:33 +02:00
Tuomas Tynkkynen
8c4aeb1780
Merge staging into master
...
Brings in:
- changed output order for multiple outputs:
https://github.com/NixOS/nixpkgs/pull/14766
- audit disabled by default
https://github.com/NixOS/nixpkgs/pull/17916
Conflicts:
pkgs/development/libraries/openldap/default.nix
2016-09-01 13:27:27 +03:00
Tuomas Tynkkynen
d3dc3d4130
Merge remote-tracking branch 'dezgeg/shuffle-outputs' into staging
...
https://github.com/NixOS/nixpkgs/pull/14766
2016-08-30 12:43:37 +03:00
aszlig
f19c961b4e
linux-testing: Fix arg list too long in modinst
...
With the default kernel and thus with the build I have tested in
74ec94bfa2
, we get an error during
modules_install:
make[2]: execvp: /nix/store/.../bin/bash: Argument list too long
I haven't noticed this build until I actually tried booting using this
kernel because make didn't fail here.
The reason this happens within Nix and probably didn't yet surface in
other distros is that programs only have a limited amount of memory
available for storing the environment and the arguments.
Environment variables however are quite common on Nix and thus we
stumble on problems like this way earlier - in this case Linux 4.8 - but
I have noticed this in 4.7-next as well already.
The fix is far from perfect and suffers performance overhead because we
now run grep for every *.mod file instead of passing all *.mod files
into one single invocation of grep.
But comparing the performance overhead (around 1s on my machine) with
the overall build time of the kernel I think the overhead really is
neglicible.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-08-30 06:55:52 +02:00
aszlig
74ec94bfa2
linux/kernel/testing: 4.8-rc3 -> 4.8-rc4
...
Tested by only building the linux_testing attribute, but haven't yet
tested it in production.
I've also fixed the extraMeta.branch attribute.
Verified-with-PGP: ABAF 11C6 5A29 70B1 30AB E3C4 79BE 3E43 0041 1886
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-08-29 20:52:19 +02:00
aszlig
42e1ec215e
linux/kernel: Remove MLX4_EN_VXLAN for 4.8
...
This option is no longer needed and has been removed in upstream commit
torvalds/linux@a831274a13 .
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-08-29 20:52:19 +02:00
aszlig
0bce188ec1
linux/kernel: Remove KVM_APIC_ARCHITECTURE for 4.8
...
The option is no longer needed and has been removed upstream in
torvalds/linux@557abc40d1 .
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-08-29 20:52:19 +02:00
Tuomas Tynkkynen
0e26cf84fc
kernel: Remove propagatedBuildOutputs
...
Not needed after the shuffle.
2016-08-29 14:49:52 +03:00
obadz
b74793bd1c
Merge branch 'master' into staging
...
Conflicts:
pkgs/tools/system/facter/default.nix
2016-08-29 12:44:17 +01:00
Joachim Fasting
e5c3a52afc
grsecurity: fix features.grsecurity
...
Previously, features.grsecurity wasn't actually set due to a bug in the
grsec builder. We now rely on the generic kernel builder to set features
from kernelPatches.
2016-08-29 04:09:40 +02:00
Joachim Fasting
fcf5a24d8c
kernel config: set DEBUG_STACKOVERFLOW regardless of features.grsecurity
...
features.grsecurity has actually been unset for a long time, with no
ill effect on grsec kernel builds so this conditional looks useless.
2016-08-29 04:08:39 +02:00
Robin Gloster
e17bc25943
Merge remote-tracking branch 'upstream/master' into staging
2016-08-29 00:24:47 +00:00
Tuomas Tynkkynen
c004c6e14d
kernel config: Explicitly enable some stuff not enabled by 'make alldefconfig'
...
List of what to enable taken from https://lwn.net/Articles/672587/ .
This doesn't change the resulting x86 configs, but is more useful for
other architectures. For instance, POSIX_MQUEUE is currently missing
on ARM.
2016-08-29 03:07:11 +03:00
obadz
3de6e5be50
Merge branch 'master' into staging
...
Conflicts:
pkgs/applications/misc/navit/default.nix
pkgs/applications/networking/mailreaders/alpine/default.nix
pkgs/applications/networking/mailreaders/realpine/default.nix
pkgs/development/compilers/ghc/head.nix
pkgs/development/libraries/openssl/default.nix
pkgs/games/liquidwar/default.nix
pkgs/games/spring/springlobby.nix
pkgs/os-specific/linux/kernel/perf.nix
pkgs/servers/sip/freeswitch/default.nix
pkgs/tools/archivers/cromfs/default.nix
pkgs/tools/graphics/plotutils/default.nix
2016-08-27 23:54:54 +01:00
Bjørn Forsman
daa9d5edca
perf: unbreak build since glibc 2.24 upgrade
...
glibc 2.24 deprecated readdir_r, breaking the perf build:
$ nix-build -A linuxPackages.perf
...
CC util/event.o
CC util/evlist.o
util/event.c: In function '__event__synthesize_thread':
util/event.c:448:2: error: 'readdir_r' is deprecated [-Werror=deprecated-declarations]
while (!readdir_r(tasks, &dirent, &next) && next) {
^
In file included from /nix/store/8ic0jwg3p5vcwx52k4781n987hmv0bks-glibc-2.24-dev/include/features.h:368:0,
from /nix/store/8ic0jwg3p5vcwx52k4781n987hmv0bks-glibc-2.24-dev/include/stdint.h:25,
from /nix/store/jsazxc1b86g2ww569ziwhhvkz8z43vjd-gcc-5.4.0/lib/gcc/x86_64-unknown-linux-gnu/5.4.0/include/stdint.h:9,
from /tmp/nix-build-perf-linux-4.4.19.drv-0/linux-4.4.19/tools/include/linux/types.h:6,
from util/event.c:1:
/nix/store/8ic0jwg3p5vcwx52k4781n987hmv0bks-glibc-2.24-dev/include/dirent.h:189:12: note: declared here
extern int __REDIRECT (readdir_r,
^
util/event.c: In function 'perf_event__synthesize_threads':
util/event.c:586:2: error: 'readdir_r' is deprecated [-Werror=deprecated-declarations]
while (!readdir_r(proc, &dirent, &next) && next) {
Fix by adding -Wno-error=deprecated-declarations compile flag.
2016-08-27 10:21:57 +02:00
Gabriel Ebner
131cd8f45d
Merge pull request #18005 from gebner/kernel-amd-powerplay
...
kernel: config: enable DRM_AMD_POWERPLAY
2016-08-26 19:04:54 +02:00
Franz Pletz
40e0e5fb0b
linux_testing: 4.7-rc7 -> 4.8-rc3
2016-08-26 14:47:45 +02:00
Franz Pletz
aacf6651c1
linux: 4.4.18 -> 4.4.19
2016-08-26 14:47:45 +02:00
Franz Pletz
90251478ec
linux: 4.1.30 -> 4.1.31
2016-08-26 14:47:45 +02:00
Franz Pletz
377c851395
linux: 3.18.36 -> 3.18.40
2016-08-26 14:47:45 +02:00
Franz Pletz
dc37edb36c
linux: 3.14.73 -> 3.14.77
2016-08-26 14:47:45 +02:00
Franz Pletz
458d477215
linux: 3.12.61 -> 3.12.62
2016-08-26 14:47:45 +02:00
Gabriel Ebner
7b01df18a2
kernel: config: enable DRM_AMD_POWERPLAY
2016-08-26 08:45:49 +02:00
Shea Levy
2b1fa9da8b
Add initial patches for CPU Controller on Control Group v2
2016-08-25 13:01:40 -04:00
Robin Gloster
c26de11551
linuxPackages.perf: fix build with new glibc and remove hack
...
elfutils now adds a eu- prefix to avoid collisions
2016-08-24 19:19:02 +00:00
obadz
0e8d2725dc
Merge branch 'master' into staging
2016-08-23 18:50:06 +01:00
Joachim Fasting
cf592a8969
grsecurity: 4.7.1-201608161813 -> 4.7.2-201608211829
2016-08-23 01:49:34 +02:00
obadz
24a9183f90
Merge branch 'hardened-stdenv' into staging
...
Closes #12895
Amazing work by @globin & @fpletz getting hardened compiler flags by
enabled default on the whole package set
2016-08-22 01:19:35 +01:00
obadz
ba50fd7170
Merge branch 'master' into staging
2016-08-22 01:18:11 +01:00
Tim Steinbach
175028582c
linux: 4.7.1 -> 4.7.2
2016-08-21 13:56:45 +00:00
Nikolay Amiantov
ff22705793
treewide: replace several /sbin paths by /bin
2016-08-19 17:56:45 +03:00
Tuomas Tynkkynen
bd68309643
kernel config: Enable SECCOMP
...
This is used by systemd >= 231 and is not enabled in the ARM
multiplatform defconfig.
2016-08-18 16:33:46 +03:00
Joachim Fasting
ba20363f11
grsecurity: 4.7-201608151842 -> 4.7.1-201608161813
2016-08-17 15:19:27 +02:00
Franz Pletz
2571438988
linux: 4.7 -> 4.7.1
2016-08-17 05:46:00 +02:00
Franz Pletz
7a4407461b
linux: 4.6.6 -> 4.6.7
...
Fixes CVE-2016-5696.
2016-08-17 05:45:59 +02:00
Franz Pletz
da95fb368c
linux: 4.4.17 -> 4.4.18
...
Fixes CVE-2016-5696.
2016-08-17 05:45:59 +02:00
Franz Pletz
2104d28bcd
linux: 4.1.27 -> 4.1.30
...
Fixes CVE-2016-5696.
2016-08-17 05:45:59 +02:00
Joachim Fasting
d82ddd6dc0
grsecurity: 4.7-201608131240 -> 4.7-201608151842
2016-08-16 17:50:37 +02:00
Joachim Fasting
b1cceeda84
grsecurity: enable pax size overflow plugin
2016-08-16 17:50:36 +02:00
Joachim Fasting
3fcb9e6f57
grsecurity: support non-enforcing mode
...
Until we've made sure that most things actually work out of the box, we
need to give people a way of continuing to use the system without
completely disabling grsecurity.
Set sysctl kernel.pax.softmode=1 or boot with pax.softmode=1
2016-08-16 17:50:36 +02:00
Robin Gloster
33e1c78ae3
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-08-16 07:54:01 +00:00
Shea Levy
9adad8612b
Revert "Merge branch 'modprobe-fix' of git://github.com/abbradar/nixpkgs"
...
Was meant to go into staging, sorry
This reverts commit 57b2d1e9b0
, reversing
changes made to 760b2b9048
.
2016-08-15 19:05:52 -04:00
Shea Levy
57b2d1e9b0
Merge branch 'modprobe-fix' of git://github.com/abbradar/nixpkgs
2016-08-15 19:01:44 -04:00
Nikolay Amiantov
1afd250676
treewide: replace several /sbin paths by /bin
2016-08-16 00:19:25 +03:00
Joachim Fasting
9062c67914
grsecurity: 4.6.5-201607312210 -> 4.7-201608131240
2016-08-15 20:36:46 +02:00
Franz Pletz
64c79e8526
linux: 4.6.5 -> 4.6.6
2016-08-15 04:28:08 +02:00
Franz Pletz
2a8718fb0b
linux_4_5: remove, not support by upstream anymore
2016-08-15 04:28:02 +02:00
Franz Pletz
bd4490e277
Merge branch 'master' into hardened-stdenv
2016-08-13 16:59:55 +02:00
obadz
b2efe2babd
Revert "linux kernel 4.4: fix race during build"
...
Removes patch. Was fixed upstream.
This reverts commit 4788ec1372
.
2016-08-12 16:42:25 +01:00
Guillaume Maudoux
b1817fa8a3
linux_mptcp: 0.90.1 (kernel 3.18) -> 0.91 (kernel 4.1) ( #17675 )
2016-08-12 15:14:24 +02:00
Robin Gloster
b7787d932e
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-08-12 09:46:53 +00:00
obadz
18947c9e36
Revert "ecryptfs: fix kernel bug introduced in 4.4.14"
...
The Linux 4.4.17 release fixes the underlying issue
This reverts commit fad9a8841b
.
2016-08-11 17:15:54 +01:00
Eelco Dolstra
e26ac7afd4
linux: 4.4.16 -> 4.4.17
2016-08-11 15:20:07 +02:00
Tuomas Tynkkynen
088bcf4ec4
kernel config: Fix 3.10, 3.12, 3.14 builds
2016-08-06 17:06:45 +03:00
Tuomas Tynkkynen
44f462bf4d
generate-config.pl: Be more verbose about missing options
...
For instance, the current 3.10 kernel build fails at the end with:
unused option: BRCMFMAC_PCIE
unused option: FW_LOADER_USER_HELPER_FALLBACK
unused option: KEXEC_FILE
unused option: RANDOMIZE_BASE
However, it's not obvious that only the _last_ one is actually fatal to
the build. After this change it's at least somewhat better:
warning: unused option: BRCMFMAC_PCIE
warning: unused option: FW_LOADER_USER_HELPER_FALLBACK
warning: unused option: KEXEC_FILE
error: unused option: RANDOMIZE_BASE
2016-08-06 17:06:45 +03:00
Michal Rus
7281740c2e
linux: enable DRM_GMA600 and DRM_GMA3600
...
Adds basic support for Intel GMA3600/3650 (Intel Cedar Trail) platforms
and support for GMA600 (Intel Moorestown/Oaktrail) platforms with LVDS
ports via the gma500_gfx module.
Resolves #14727 Closes #17519
2016-08-05 19:07:40 +02:00
Franz Pletz
2d6b7aa545
linux: enable some useful networking options
...
All options are enabled by default on Debian and some other
distributions, so these should be safe.
2016-08-05 04:07:31 +02:00
Robin Gloster
1be4907ca2
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-08-02 13:46:36 +00:00
Joachim Fasting
76f2e827a7
grsecurity: 4.6.5-201607272152 -> 4.6.5-201607312210
2016-08-01 12:46:48 +02:00
Robin Gloster
63c7b4f9a7
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-07-31 20:51:34 +00:00
Joachim Fasting
83f783c00f
grsecurity: 4.6.4-201607242014 -> 4.6.5-201607272152
2016-07-29 00:24:00 +02:00
Franz Pletz
9aee2a17af
linux: 4.6.4 -> 4.6.5
...
Removed patch was applied upstream.
2016-07-28 23:05:27 +02:00
Franz Pletz
b68fe1a572
linux: 4.5.6 -> 4.5.7
2016-07-28 23:05:27 +02:00
Eelco Dolstra
42f8df10a2
linux: 4.4.16 -> 4.4.16
2016-07-28 17:03:55 +02:00
Robin Gloster
f222d98746
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-07-25 12:47:13 +00:00
Joachim Fasting
e725c927d4
grsecurity: 4.6.4-201607192040 -> 4.6.4-201607242014
2016-07-25 09:11:28 +02:00
Shea Levy
ac93e9f2c8
Linux 4.7
2016-07-24 18:30:08 -04:00
Lluís Batlle i Rossell
dd02b6f118
perf: depend on libiberty to get c++ demangling.
2016-07-21 17:27:15 +02:00
Robin Gloster
1f04b4a566
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-07-21 00:56:43 +00:00
Joachim Fasting
55120ac4cb
grsecurity: 4.6.4-201607112205 -> 4.6.4-201607192040
2016-07-20 10:17:35 +02:00
Joachim Fasting
c93ffb95bc
grsecurity: enable support for setting pax flags via xattrs
...
While useless for binaries within the Nix store, user xattrs are a convenient
alternative for setting PaX flags to executables outside of the store.
To use disable secure memory protections for a non-store file foo, do
$ setfattr -n user.pax.flags -v em foo
2016-07-20 10:17:11 +02:00
Robin Gloster
5185bc1773
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-07-15 14:41:01 +00:00
obadz
927a984de6
kernel: make KEXEC_FILE & KEXEC_JUMP optional to fix i686 build
...
cc @edolstra @dezgeg @domenkozar
2016-07-13 12:49:18 +02:00
obadz
fad9a8841b
ecryptfs: fix kernel bug introduced in 4.4.14
...
Introduced by mainline commit 2f36db7
Patch is from http://www.spinics.net/lists/stable/msg137350.html
Fixes #16766
2016-07-13 11:04:07 +02:00
Franz Pletz
dde259dfb5
linux: Add patch to fix CVE-2016-5829 ( #16824 )
...
Fixed for all available 4.x series kernels.
From CVE-2016-5829:
Multiple heap-based buffer overflows in the hiddev_ioctl_usage function
in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow
local users to cause a denial of service or possibly have unspecified
other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl
call.
2016-07-12 20:56:50 +02:00
Joachim Fasting
416120e0c7
grsecurity: 4.6.3-201607070721 -> 4.6.4-201607112205
2016-07-12 15:15:09 +02:00
Tim Steinbach
47da65923b
kernel: 4.6.3 -> 4.6.4 ( #16875 )
2016-07-12 09:54:57 +02:00
Louis Taylor
b2b8a89945
linux-testing: 4.7-rc6 -> 4.7-rc7 ( #16854 )
2016-07-11 17:53:41 +02:00
Eelco Dolstra
ecc26d7a40
linux: Disable the old IDE subsystem
...
This has long been deprecated in favour of the new ATA support
(CONFIG_ATA).
2016-07-11 15:05:21 +02:00
Eelco Dolstra
7b9c493d60
linux: Enable some kernel features
...
This enables a few features that should be useful and safe (they're
all used by the default Ubuntu kernel config), in particular zswap,
wakelocks, kernel load address randomization, userfaultfd (useful for
QEMU), paravirtualized spinlocks and automatic process group
scheduling.
Also removes some configuration conditional on kernel versions that we
no longer support.
2016-07-11 15:04:56 +02:00
Eelco Dolstra
1cd7dbc00b
linux: Bump NR_CPUS
...
The default limit (64) is too low for systems like EC2 x1.* instances
or Xeon Phis, so let's increase it.
2016-07-11 14:32:18 +02:00
Joachim Fasting
a2ebf45b47
grsecurity: 4.5.7-201606302132 -> 4.6.3-201607070721
2016-07-07 19:34:58 +02:00
Tuomas Tynkkynen
4085f4de5f
Merge branch 'pr-newest-uboot' into master
2016-07-04 15:17:46 +03:00
Tuomas Tynkkynen
55aecd308e
linux-rpi: 4.1.20-XXX -> 4.4.13-1.20160620-1
...
- Add a patch to unset CONFIG_LOCALVERSION in the v7 build.
- Copy all the device trees to match the upstream names so U-Boot can
find them. (This is a hack.)
2016-07-04 15:13:29 +03:00
aszlig
566c990f33
linux-testing: 4.6-rc6 -> 4.7-rc6
...
The config option DEVPTS_MULTIPLE_INSTANCES now no longer exists since
torvalds/linux@eedf265aa0 .
Built successfully on my Hydra instance:
https://headcounter.org/hydra/log/r4n6sv0zld0aj65r7l494757s2r8w8sr-linux-4.7-rc6.drv
Verified unpacked tarball with GnuPG:
ABAF 11C6 5A29 70B1 30AB E3C4 79BE 3E43 0041 1886
gpg: Signature made Mon 04 Jul 2016 08:13:05 AM CEST
gpg: using RSA key 79BE3E4300411886
gpg: Good signature from "Linus Torvalds <torvalds@linux-foundation.org>"
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-07-04 10:46:48 +02:00
Joachim Fasting
640ac5186f
grsecurity: 4.5.7-201606292300 -> 4.5.7-201606302132
2016-07-02 20:37:52 +02:00
Joachim Fasting
51c04b74c1
grsecurity: 4.5.7-201606280009 -> 4.5.7-201606292300
2016-06-30 11:09:59 +02:00
Joachim Fasting
cdcdc25ef3
grsecurity: 4.5.7-201606262019 -> 4.5.7-201606280009
2016-06-28 14:57:20 +02:00
Joachim Fasting
d5eec25ff9
grsecurity: 4.5.7-201606222150 -> 4.5.7-201606262019
2016-06-27 21:42:17 +02:00
Franz Pletz
7e9affa7ee
linux_4_3: Remove, not maintained anymore
2016-06-27 00:11:16 +02:00
Franz Pletz
eed51eccef
linux: 3.10.101 -> 3.10.102
2016-06-27 00:11:16 +02:00
Franz Pletz
b7e0b118d9
linux: 3.12.57 -> 3.12.61
2016-06-27 00:11:04 +02:00
Franz Pletz
0387eddb51
linux: 3.14.65 -> 3.14.73
2016-06-27 00:10:38 +02:00
Franz Pletz
6165af4db2
linux: 3.18.29 -> 3.18.36
2016-06-27 00:09:56 +02:00
Franz Pletz
5806b185bd
linux: 4.1.25 -> 4.1.27
2016-06-27 00:09:30 +02:00
Franz Pletz
4a942499b4
linux: 4.4.13 -> 4.4.14
2016-06-27 00:08:11 +02:00
Joachim Fasting
4fb72b2fd3
grsecurity: 4.5.7-201606202152 -> 4.5.7-201606222150
2016-06-26 17:27:17 +02:00
Tim Steinbach
125ffff089
kernel: 4.6.2 -> 4.6.3
2016-06-24 22:18:16 +00:00
Joachim Fasting
9d052a2c39
grsecurity: 4.5.7-201606142010 -> 4.5.7-201606202152
2016-06-23 00:55:54 +02:00
Eelco Dolstra
453086a15f
linux: 4.4.12 -> 4.4.13
2016-06-20 13:11:55 +02:00
zimbatm
7c32638439
Merge pull request #16259 from layus/update-mptcp
...
linux_mptcp: update 0.90 -> 0.90.1
2016-06-20 09:29:07 +01:00
Joachim Fasting
875fd5af73
grsecurity: 4.5.7-201606110914 -> 4.5.7-201606142010
2016-06-16 14:29:12 +02:00