c7abd6943e
linux: 4.9.30 -> 4.9.31
2017-06-07 08:09:37 -04:00
01fc1a80b3
linux: 4.4.70 -> 4.4.71
2017-06-07 08:07:53 -04:00
66faa421c9
linux: 4.11.3 -> 4.11.4
2017-06-07 08:05:45 -04:00
7c476b98df
linux: 4.12-rc3 -> 4.12-rc4
2017-06-05 10:01:53 -04:00
a78af5196c
linux: 4.12-rc2 -> 4.12-rc3
2017-05-29 09:32:52 -04:00
690a83091b
linux: FS_ENCRYPTION only for >= 4.9 kernels
2017-05-25 18:25:08 -04:00
8f0ca4f44a
linux: 4.4.69 -> 4.4.70
2017-05-25 18:21:54 -04:00
446c57fdb2
linux: 4.9.29 -> 4.9.30
2017-05-25 18:19:16 -04:00
f618a6caa1
linux: 4.11.2 -> 4.11.3
2017-05-25 18:16:57 -04:00
aa73b7df30
linux: 4.12-rc1 -> 4.12-rc2
2017-05-22 11:40:04 -04:00
a42c54057f
linux: 4.11.1 -> 4.11.2
2017-05-20 17:17:35 -04:00
a551ca61b7
linux: 4.9.28 -> 4.9.29
2017-05-20 17:17:34 -04:00
82852ac60e
linux: 4.4.68 -> 4.4.69
2017-05-20 17:17:33 -04:00
de263072b5
kernel: 4.10 is end-of-life
...
https://lkml.org/lkml/2017/5/20/75
2017-05-20 19:54:18 +03:00
77ed860114
linux_hardened: enable checks on scatter-gather tables
...
Recommended by kspp
2017-05-18 12:33:42 +02:00
8eb302d6d7
Merge pull request #25792 from NeQuissimus/linux_4_12_rc1
...
linux-testing: 4.11-rc7 -> 4.12-rc1
2017-05-17 08:30:10 -04:00
a35ec5dda6
linux_rpi: 1.20170303 -> 1.20170427
2017-05-15 11:14:59 +03:00
336b044dcb
linux-testing: 4.11-rc7 -> 4.12-rc1
2017-05-14 22:03:14 -04:00
ba585648e7
kernel: 4.9.27 -> 4.9.28
2017-05-15 01:28:01 +03:00
8de08ff145
kernel: 4.4.67 -> 4.4.68
2017-05-15 01:27:50 +03:00
c230aee121
kernel: 4.11 -> 4.11.1
2017-05-15 01:27:41 +03:00
2f1e6c8686
kernel: 4.10.15 -> 4.10.16
2017-05-15 01:27:30 +03:00
8584a16922
linux: 4.10.14 -> 4.10.15
2017-05-09 08:43:37 -04:00
996b65cfba
linux_hardened: enable structleak plugin
...
A port of the PaX structleak plugin. Note that this version of structleak
seems to cover less ground than the PaX original (only marked structs are
zeroed). [1]
[1]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c61f13eaa1ee17728c41370100d2d45c254ce76f
2017-05-09 01:38:26 +02:00
1816e2b960
linux_hardened: BUG on struct validation failure
2017-05-09 01:38:24 +02:00
a7ecdffc28
linux_hardened: move to 4.11
...
Note that DEBUG_RODATA has been split into STRICT_KERNEL_RWX &
STRICT_MODULE_RWX, which are on by default (non-optional).
2017-05-09 01:38:22 +02:00
42c58cd2e8
linux_hardened: compile with stackprotector-strong
...
Default is regular, which we need to unset for kconfig to accept the new
value.
2017-05-09 01:38:21 +02:00
8c74ff6534
linux: 4.9.26 -> 4.9.27
2017-05-08 09:26:26 -04:00
4e2c67ff76
linux: 4.4.66 -> 4.4.67
2017-05-08 09:23:52 -04:00
a04d8532c2
linux: support using gcc plugins
...
linux 4.8 onwards support gcc plugins. This patch adds build inputs
required to make use of gcc plugins to the generic kernel build
environment.
2017-05-06 19:47:27 +02:00
2a38ecc055
linux: 4.10.13 -> 4.10.14
2017-05-03 20:46:48 -04:00
6076843be3
linux: 4.9.25 -> 4.9.26
2017-05-03 20:44:09 -04:00
af933bc7d3
linux: 4.4.65 -> 4.4.66
2017-05-03 20:41:46 -04:00
b5169fd277
linux: Add cgroups patches for 4.9, 4.10, 4.11
2017-05-02 08:49:39 -04:00
207a0af06a
Add linux 4.11
2017-05-01 19:04:45 -04:00
1cce0887ee
Merge branch 'master' into mptcp-v91.3
2017-05-01 00:43:08 +02:00
0c4de3c0c9
linux: 4.4.64 -> 4.4.65
2017-04-30 08:58:44 -04:00
ab4fa1cce4
tree-wide: prune some dead grsec leaves
...
The beginning of pruning grsecurity/PaX from the tree.
2017-04-30 12:05:41 +02:00
62f2a1c2be
linux_hardened: init
...
The rationale for this is to have a place to enable hardening features
that are either too invasive or that may be speculative/yet proven to be
worthwhile for general-purpose kernels.
2017-04-30 12:05:39 +02:00
32b8512e54
grsecurity: discontinue support
...
Upstream has decided to make -testing patches private, effectively ceasing
free support for grsecurity/PaX [1]. Consequently, we can no longer
responsibly support grsecurity on NixOS.
This patch turns the kernel and patch expressions into build errors and
adds a warning to the manual, but retains most of the infrastructure, in
an effort to make the transition smoother. For 17.09 all of it should
probably be pruned.
[1]: https://grsecurity.net/passing_the_baton.php
2017-04-28 12:35:15 +02:00
7f3b857d0d
linux: 4.4.63 -> 4.4.64
2017-04-27 22:12:35 -04:00
08c44a5cac
linux: 4.10.12 -> 4.10.13
2017-04-27 22:10:06 -04:00
903fec9922
linux: 4.9.24 -> 4.9.25
2017-04-27 22:07:34 -04:00
b1750d699c
linux-chromiumos: remove 3.14
...
3.14 is no longer supported upstream by kernel.org and thus no longer
receives security patches. The git commit mentioned in this .nix isn't
even available in the linked repository --
https://chromium.googlesource.com/chromiumos/third_party/kernel -- so I
think this .nix might be dead anyway. Finally, it specifies 3.14.0,
which is so ridiculously old (the latest was 3.14.79) that nobody
develops for it.
Fixes : #25145
Supports: #25127
2017-04-23 15:47:46 +02:00
9e6c96f8fc
grsecurity: 4.9.24-201704210851 -> 4.9.24-2201704220732
2017-04-22 16:37:24 +02:00
05911da7bb
grsecurity: 4.9.23-201704181901 -> 4.9.24-201704210851
2017-04-21 15:09:32 +02:00
7fb1b54cc1
linux: 4.4.62 -> 4.4.63
2017-04-21 08:03:43 -04:00
1b3282d52d
linux: 4.10.11 -> 4.10.12
2017-04-21 08:01:22 -04:00
4dda88c89d
linux: 4.9.23 -> 4.9.24
2017-04-21 07:58:45 -04:00
9902d63e84
grsecurity: 4.9.22-201704120836 -> 4.9.23-201704181901
2017-04-20 00:21:41 +02:00
Tim Steinbach
Tuomas Tynkkynen
Joachim Fasting
Tim Steinbach
Shea Levy
Michael Raskin
Jason A. Donenfeld