Tamara Schmitz
b80c3284d5
nixos/hardened: update hardened profile to new recommendations
...
Borrowing from here to match hardened profile with more recent kernels:
* https://madaidans-insecurities.github.io/guides/linux-hardening.html?#boot-parameters
* https://github.com/a13xp0p0v/kernel-hardening-checker/
Removed "slub_debug" as that option disables kernel memory address
hashing. You also see a big warning about this in the dmesg:
"This system shows unhashed kernel memory addresses via the console, logs, and other interfaces."
"init_on_alloc=1" and "init_on_free=1" zeroes all SLAB and SLUB allocations. Introduced in 6471384af2a6530696fc0203bafe4de41a23c9ef. Also the default for the Android Google kernel btw. It is on by default through the KConfig.
"slab_nomerge" prevents the merging of slab/slub caches. These are
effectively slab/slub pools.
"LEGACY_VSYSCALL_NONE" disables the older vsyscall mechanic that relies on
static address. It got superseeded by vdsos a decade ago. Read some
LWN.net to learn more ;)
"debugfs=off" I'm sure there are some few userspace programs that rely on
debugfs, but they shouldn't.
Most other things mentioned on the blog where already the default on a
running machine or may not be applicable.
Most other Kconfigs changes come from the kernel hardening checker and
were added, when they were not applied to the kernel already.
Unsure about CONFIG_STATIC_USERMODEHELPER. Would need testing.
2024-01-27 20:43:58 +00:00
Jerry Starke
944aef9fb7
linuxKernel.kernels.linux_lqx: 6.7.1-lqx1 -> 6.7.2-lqx1
2024-01-26 22:17:51 +01:00
Jerry Starke
3390aa1aed
linuxKernel.kernels.linux_zen: 6.7.1-zen1 -> 6.7.2-zen1
2024-01-26 22:16:32 +01:00
Kiskae
2817ffc8e1
linuxPackages_latest.nvidiaPackages.{latest,vulkan_beta}.open: broken on 6.7
2024-01-26 18:05:51 +01:00
R. Ryantm
3f5f020da5
pcm: 202311 -> 202401
2024-01-26 16:41:12 +01:00
Maximilian Bosch
704180bbbb
Merge pull request #283883 from alyssais/linux-5.10.209
...
Linux kernels 2024-01-25
2024-01-26 12:12:47 +01:00
Nick Cao
6620368452
Merge pull request #283804 from Kiskae/nvidia/535.43.23
...
linuxPackages.nvidiaPackages.vulkan_beta: 535.43.22 -> 535.43.23
2024-01-25 22:10:36 -05:00
Alyssa Ross
e264cdc38b
linux_6_1: 6.1.74 -> 6.1.75
2024-01-26 01:43:12 +01:00
Alyssa Ross
f8f2cdd2c7
linux_6_6: 6.6.13 -> 6.6.14
2024-01-26 01:42:58 +01:00
Alyssa Ross
02c63fa701
linux_6_7: 6.7.1 -> 6.7.2
2024-01-26 01:42:47 +01:00
R. Ryantm
914bb49f4e
bpftrace: 0.19.1 -> 0.20.0
2024-01-26 01:06:23 +01:00
Alyssa Ross
249fef32c4
linux_5_15: 5.15.147 -> 5.15.148
2024-01-26 00:37:55 +01:00
Alyssa Ross
bf749233db
linux_4_19: 4.19.305 -> 4.19.306
2024-01-26 00:11:45 +01:00
Alyssa Ross
214ce1fd7a
linux_5_4: 5.4.267 -> 5.4.268
2024-01-26 00:11:33 +01:00
Alyssa Ross
749faf6609
linux_5_10: 5.10.208 -> 5.10.209
2024-01-26 00:11:17 +01:00
K900
aeda66611b
Revert "mdevctl: 1.2.0 -> 1.3.0"
2024-01-25 22:25:39 +03:00
Kiskae
c789a32040
linuxPackages.nvidiaPackages.vulkan_beta: 535.43.22 -> 535.43.23
2024-01-25 18:42:38 +01:00
Nick Cao
d559047519
Merge pull request #283562 from Kiskae/nvidia/550.40.07
...
linuxPackages.nvidiaPackages.beta: 545.23.06 -> 550.40.07
2024-01-25 08:53:25 -05:00
Nick Cao
e9780ce6c6
Merge pull request #283573 from NickCao/uhk-agent
...
uhk-agent: 3.2.2 -> 3.3.0
2024-01-25 07:57:29 -05:00
Nick Cao
31766fca35
Merge pull request #283729 from trofi/nvidia-x11-revert-useLibs-assert
...
nvidia-x11: revert "add an assert that `useSettings` implies more tha…
2024-01-25 07:24:43 -05:00
github-actions[bot]
8c2ba7797a
Merge master into staging-next
2024-01-25 12:01:19 +00:00
Naïm Favier
6d11e88fed
Merge pull request #280945 from katexochen/treewide/unref-patches
...
treewide: cleanup unreferenced patch files
2024-01-25 12:42:50 +01:00
Sergei Trofimovich
b2ee4908ad
nvidia-x11: revert "add an assert that useSettings
implies more than libsOnly
"
...
THe change caused nixGL instantiation failures:
- https://github.com/nix-community/nixGL/issues/157
- https://github.com/nix-community/nixGL/issues/154
I missed the fact that there is no easy way to oberride `useSettings` as
it's an internal argument as ollosed to `useLibs`.
Instead of fixing it let's revert it back and try again later.
This reverts commit 9c51fb0606
.
2024-01-25 10:09:22 +00:00
Vladimír Čunát
a763026780
linux-pam: fixup build on musl
...
In particular, nixStatic was blocked by this.
https://hydra.nixos.org/build/247250976/nixlog/46/tail
2024-01-25 09:16:25 +01:00
github-actions[bot]
a4b5a14b07
Merge master into staging-next
2024-01-25 00:02:13 +00:00
Alyssa Ross
0a95fd24f0
Merge remote-tracking branch 'origin/master' into staging-next
...
Conflicts:
pkgs/development/libraries/libunwind/default.nix
2024-01-24 22:00:49 +01:00
Nick Cao
81294f9c6c
uhk-agent: 3.2.2 -> 3.3.0
...
Diff: https://github.com/UltimateHackingKeyboard/agent/compare/v3.2.2...v3.3.0
2024-01-24 14:34:21 -05:00
r-vdp
643b6647fb
fwupd: move to by-name
2024-01-24 20:29:08 +01:00
r-vdp
28ea07d4e3
fwupd: 1.9.11 -> 1.9.12
...
The fwupd daemon refuses to start when there is an uefi_capsule key without any
values in the config file, so I modified the module to only include this
key when there are actually values that go inside.
2024-01-24 20:29:01 +01:00
Kiskae
0f71ad2021
linuxPackages.nvidiaPackages.beta: 545.23.06 -> 550.40.07
2024-01-24 20:06:59 +01:00
kirillrdy
0192f366a4
Merge pull request #277694 from TheBrainScrambler/nvidia-390-update
...
nvidia-x11.legacy_390: fix bug
2024-01-24 22:35:27 +09:00
Sandro
a26e82d881
Merge pull request #283311 from r-ryantm/auto-update/intel-compute-runtime
2024-01-24 13:16:24 +01:00
github-actions[bot]
bd24648ae1
Merge master into staging-next
2024-01-24 06:00:59 +00:00
Nick Cao
3cea6265e4
Merge pull request #281172 from otavio/bu
...
linuxPackages.rtl88x2bu: unstable-2023-09-24 -> unstable-2023-11-29
2024-01-23 19:38:36 -05:00
Nick Cao
3e81f47b8c
Merge pull request #282426 from Luflosi/update/linuxPackages.apfs
...
linuxPackages.apfs: 0.3.6 -> 0.3.7
2024-01-23 19:34:09 -05:00
Nick Cao
01d56f8b34
Merge pull request #283325 from deepfire/0-gh-fix-rtl8812au
...
rtl8812au: fix build by bumping to unstable-2024-01-19
2024-01-23 19:31:44 -05:00
github-actions[bot]
6a4e9dff73
Merge master into staging-next
2024-01-24 00:02:25 +00:00
Franz Pletz
5b91a0cca2
Merge pull request #282738 from mkg20001/openwrt
2024-01-23 23:13:11 +01:00
R. Ryantm
5c33190276
intel-compute-runtime: 23.35.27191.9 -> 23.43.27642.18
2024-01-23 21:14:00 +00:00
Kosyrev Serge
61686ba251
rtl8812au: fix build by bumping to unstable-2024-01-19
...
The build failure:
/build/source/os_dep/linux/ioctl_cfg80211.c:10473:26: error: initialization of 'int (*)(struct wiphy *, struct net_device *, struct cfg80211_ap_update *)' from incompatible pointer type 'int (*)(struct wiphy *, struct net_device *, struct cfg80211_beacon_data *)' [8;;https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wincompatible-pointer-types-Werror=incompatible-pointer-types8 ;;]
10473 | .change_beacon = cfg80211_rtw_change_beacon,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
/build/source/os_dep/linux/ioctl_cfg80211.c:10473:26: note: (near initialization for 'rtw_cfg80211_ops.change_beacon')
2024-01-24 00:07:51 +04:00
R. Ryantm
bb404b0e99
rdma-core: 49.0 -> 49.1
2024-01-23 17:42:02 +00:00
github-actions[bot]
568f381221
Merge master into staging-next
2024-01-23 12:01:17 +00:00
Franz Pletz
e7c61397a6
Merge pull request #283118 from panchoh/iotop_meta.mainProgram
...
iotop: add meta.mainProgram
2024-01-23 08:31:03 +01:00
Atemu
4a322ccd6a
Merge pull request #282529 from zzzsyyy/update/xanmod
...
linux_xanmod, linux_xanmod_latest: 2024-01-20
2024-01-23 08:07:21 +01:00
pancho horrillo
d7168269c8
iotop: add meta.mainProgram
2024-01-23 07:39:53 +01:00
github-actions[bot]
70e275b1cb
Merge master into staging-next
2024-01-23 06:00:55 +00:00
github-actions[bot]
8303a96c2d
Merge master into staging-next
2024-01-23 00:02:30 +00:00
pancho horrillo
242faeffee
iotop-c: add meta.mainProgram
2024-01-23 00:25:36 +01:00
Alyssa Ross
d6fc2bf149
linux/hardened/patches/6.6: 6.6.12-hardened1 -> 6.6.13-hardened1
2024-01-22 20:23:03 +01:00
Alyssa Ross
c909e231a2
linux/hardened/patches/6.1: 6.1.73-hardened1 -> 6.1.74-hardened1
2024-01-22 20:23:03 +01:00