5953625fa5
linux: 5.7-rc6 -> 5.8-rc1
2020-06-15 11:10:17 -04:00
407a3d4c5e
linux config: SND_HDA_CODEC_CA0132_DSP for <5.7
...
The default enable for SND_HDA_CODEC_CA0132_DSP was already merged into
5.7-rc1 [1], which means we can adjust the whenOlder to 5.7.
[1]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=652bb5d8df4b3a79ed350db35cda12637e63efa7
2020-06-15 10:14:59 +02:00
59dda0a42a
Merge master into staging-next
2020-06-15 08:07:00 +02:00
4392b4401c
linux/hardened/patches/5.6: 5.6.17.a -> 5.6.18.a
2020-06-14 14:56:19 -04:00
9132965db9
linux/hardened/patches/5.4: 5.4.45.a -> 5.4.46.a
2020-06-14 14:56:17 -04:00
7049657cad
linux/hardened/patches/4.19: 4.19.127.a -> 4.19.128.a
2020-06-14 14:56:13 -04:00
098aae8ee7
linux/hardened/patches/4.14: 4.14.183.a -> 4.14.184.a
2020-06-14 14:56:06 -04:00
1523382160
Merge master into staging-next
2020-06-13 11:02:21 +02:00
3cf2f4d6a3
linux_latest-libre: 17527 -> 17537
2020-06-12 10:13:26 -04:00
febc27b59a
Merge master into staging-next
2020-06-12 08:57:26 +02:00
b23c1abe93
linux: fix kernel config options for i686
...
Even the default pkgsi686Linux.linux was broken.
2020-06-12 08:52:09 +02:00
7296aae54f
linux/hardened/patches/5.6: 5.6.16.a -> 5.6.17.a
2020-06-11 17:57:56 -04:00
0d1be0c2df
linux/hardened/patches/5.4: 5.4.44.a -> 5.4.45.a
2020-06-11 17:57:56 -04:00
909cdaf97a
linux/hardened/patches/4.19: 4.19.126.a -> 4.19.127.a
2020-06-11 17:57:56 -04:00
fa736e19a6
linux: 5.7.1 -> 5.7.2
2020-06-11 17:57:56 -04:00
854359a5aa
linux: 5.6.17 -> 5.6.18
2020-06-11 17:57:55 -04:00
32e76cbb95
linux: 5.4.45 -> 5.4.46
2020-06-11 17:57:55 -04:00
d2f4b27e70
linux: 4.9.226 -> 4.9.227
2020-06-11 17:57:55 -04:00
4cab0f5b16
linux: 4.4.226 -> 4.4.227
2020-06-11 17:57:55 -04:00
1f1f6e72ac
linux: 4.19.127 -> 4.19.128
2020-06-11 17:57:54 -04:00
bd20c1b2c0
linux: 4.14.183 -> 4.14.184
2020-06-11 17:57:51 -04:00
9181f79289
linux: enable force feedback support in HID drivers
2020-06-11 12:41:59 +02:00
34d58cb839
Merge branch 'staging' into staging-next
...
This commit has already been partially rebuilt in
https://hydra.nixos.org/eval/1592635
In particular, the severe security fix for gnutls is contained.
2020-06-10 16:18:40 +02:00
841705284c
linux: fix kernel config options for linux_*hardened
...
Fix config options for linux_hardened and linux_latest_hardened due
to #84302 .
This is a continuation of #88946 .
2020-06-10 16:16:02 +02:00
bbe71613b6
linux: fix kernel config options for 5.7
2020-06-10 14:07:15 +02:00
9dd9bc7bcc
linux: fix kernel config options
...
Some of the options didn't have correct kernel version constraints,
others had been removed or made optional unnecessarily in #84032 .
2020-06-10 13:17:17 +02:00
acb53e0698
Merge branch 'staging-next' into staging
2020-06-10 04:10:57 +02:00
c637cbe992
Merge branch 'master' into staging-next
2020-06-10 04:10:34 +02:00
e0c970c0e2
Merge pull request #89820 from primeos/linux_5_7
...
linux_5_7: init at 5.7.1
2020-06-09 15:56:50 +02:00
aa1479c5be
linux: 5.6.16 -> 5.6.17
2020-06-08 20:22:38 -04:00
505e54f340
linux: 5.4.44 -> 5.4.45
2020-06-08 20:22:37 -04:00
4c11426c3f
linux: 4.19.126 -> 4.19.127
2020-06-08 20:22:37 -04:00
19b2efbc39
linux_5_7: init at 5.7.1
...
Changes:
- Copied linux-5.7.nix from linux-5.6.nix
- Add linux_5_7 and linuxPackages_5_7
- Update linux_latest to 5.7
Note:
The kernel patch 'kernelPatches.export_kernel_fpu_functions."5.3"' is
still applied as I copied the list from linux_5_7 (vs. linux_testing).
This patch is probably still required for the ZFS performance.
2020-06-08 17:44:36 +02:00
1c68570ab2
Merge staging-next into staging
2020-06-05 19:42:16 +02:00
43f71029cc
Merge master into staging-next
2020-06-05 19:40:53 +02:00
05b3c7dd66
linux/hardened/patches/5.6: 5.6.15.a -> 5.6.16.a
2020-06-05 09:45:25 -04:00
5537f64700
linux/hardened/patches/5.4: 5.4.43.a -> 5.4.44.a
2020-06-05 09:45:23 -04:00
7ce3d24baa
linux/hardened/patches/4.19: 4.19.125.a -> 4.19.126.a
2020-06-05 09:45:21 -04:00
2c2362cea5
linux/hardened/patches/4.14: 4.14.182.a -> 4.14.183.a
2020-06-05 09:45:19 -04:00
7557c83ea4
linux_latest-libre: 17506 -> 17527
2020-06-05 09:45:08 -04:00
4c5251436b
linux: 5.6.15 -> 5.6.16
2020-06-05 09:37:49 -04:00
6599499cd7
linux: 5.4.43 -> 5.4.44
2020-06-05 09:37:38 -04:00
c511f3bab6
linux: 4.9.225 -> 4.9.226
2020-06-05 09:37:26 -04:00
4bf8aa6b71
linux: 4.4.225 -> 4.4.226
2020-06-05 09:37:11 -04:00
0c574f3357
linux: 4.19.125 -> 4.19.126
2020-06-05 09:37:03 -04:00
877920254a
linux: 4.14.182 -> 4.14.183
2020-06-05 09:36:43 -04:00
0f2e569505
linux: CONFIG_MOUSE_ELAN_I2C_SMBUS=y
...
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2020-06-04 18:22:23 +02:00
08900c0554
Merge master into staging-next
2020-06-04 15:25:54 +02:00
746fe02a5a
linux_latest-libre: 17445 -> 17506
2020-05-30 11:23:42 -04:00
03de4c02fb
Merge staging-next into staging
2020-05-28 22:05:36 +02:00
dc9b007637
linux/hardened/patches/5.6: 5.6.14.a -> 5.6.15.a
2020-05-28 09:35:07 -04:00
a1ec9f649e
linux/hardened/patches/5.4: 5.4.42.a -> 5.4.43.a
2020-05-28 09:35:07 -04:00
827df89616
linux/hardened/patches/4.19: 4.19.124.a -> 4.19.125.a
2020-05-28 09:35:06 -04:00
964a5b99f7
linux/hardened/patches/4.14: 4.14.181.a -> 4.14.182.a
2020-05-28 09:35:06 -04:00
3b94b3f0ac
linux: 5.6.14 -> 5.6.15
2020-05-28 09:35:06 -04:00
5c4bd56c45
linux: 5.4.42 -> 5.4.43
2020-05-28 09:35:05 -04:00
583e50cc79
linux: 4.9.224 -> 4.9.225
2020-05-28 09:35:05 -04:00
c1299ef40c
linux: 4.4.224 -> 4.4.225
2020-05-28 09:35:04 -04:00
d5c4986dfa
linux: 4.19.124 -> 4.19.125
2020-05-28 09:35:04 -04:00
90d6c2b642
linux: 4.14.181 -> 4.14.182
2020-05-28 09:35:01 -04:00
d578248611
Merge staging-next into staging
2020-05-24 10:10:06 +02:00
cb2686adc3
linux-hardened: Remove 5.5
2020-05-23 10:36:10 -04:00
8a77c900dd
Merge staging-next into staging
2020-05-23 10:25:19 +02:00
062cd3e87c
linux: Remove 5.5
...
The 5.5.x series is now EOL
2020-05-22 19:02:51 -04:00
8b66da57ed
linux/hardened/patches/5.6: 5.6.13.a -> 5.6.14.a
2020-05-22 10:51:24 -04:00
f759c5af51
linux/hardened/patches/5.4: 5.4.41.a -> 5.4.42.a
2020-05-22 10:51:22 -04:00
b7de919a94
linux/hardened/patches/4.19: 4.19.123.a -> 4.19.124.a
2020-05-22 10:51:20 -04:00
0c9c846768
linux/hardened/patches/4.14: 4.14.180.a -> 4.14.181.a
2020-05-22 10:51:14 -04:00
cfb4d0dfe3
Merge pull request #84032 from teto/fix_kernel_merge
...
Fix kernel configuration merge
2020-05-22 13:32:22 +02:00
c768dcfcfc
linux: 5.6.13 -> 5.6.14
2020-05-20 08:27:14 -04:00
2364627a39
linux: 5.4.41 -> 5.4.42
2020-05-20 08:27:07 -04:00
d2f98da120
linux: 4.9.223 -> 4.9.224
2020-05-20 08:27:00 -04:00
ed3766309f
linux: 4.4.223 -> 4.4.224
2020-05-20 08:26:51 -04:00
439a9043a1
linux: 4.19.123 -> 4.19.124
2020-05-20 08:26:43 -04:00
b3e7b6d556
linux: 4.14.180 -> 4.14.181
2020-05-20 08:26:30 -04:00
8b5a3127b3
linux: 5.7-rc4 -> 5.7-rc6
2020-05-19 10:11:10 -04:00
2b5d59cbdc
linux: Enable fbcon deferred takeover when possible
...
This config value ensures that when booting through e.g. UEFI, the
existing framebuffer contents stay put until the first character is
printed. As the default NixOS stage-1 immediately outputs a welcome
message on init, this does not impact it, but it will allow for a cleaner boot when
configured as such.
2020-05-17 17:43:34 +00:00
2c74af6d97
linux/hardened/patches/5.6: 5.6.12.a -> 5.6.13.a
2020-05-15 20:23:17 -04:00
6fd700adf1
linux/hardened/patches/5.4: 5.4.40.a -> 5.4.41.a
2020-05-15 20:23:15 -04:00
d18d18a45d
linux/hardened/patches/4.19: 4.19.122.a -> 4.19.123.a
2020-05-15 20:23:09 -04:00
7ef8639163
linux: 5.6.12 -> 5.6.13
2020-05-14 09:19:09 -04:00
e3ba43b826
linux: 5.4.40 -> 5.4.41
2020-05-14 09:19:02 -04:00
e9dbf2e508
linux: 4.19.122 -> 4.19.123
2020-05-14 09:18:52 -04:00
233e60ca24
Merge pull request #87691 from matthewbauer/linux-rpi3-arm32
...
linux-rpi: use bcm2709 on arm32 rpi3
2020-05-13 10:35:21 -05:00
c78ad0f7f8
linux-rpi: use bcm2709 on arm32 rpi3
...
“bcmrpi3_defconfig” isn’t provided for arm32, so we need to use
bcm2709_config. When on arm64, we can still use bcmrpi3_defconfig
2020-05-12 13:07:00 -05:00
0c9b897241
linux-hardened: Fix kernel version detection
2020-05-12 08:37:08 -04:00
511b503b0d
linux/hardened/patches/5.6: 5.6.11.a -> 5.6.12.a
2020-05-12 08:35:52 -04:00
2646e949b0
linux/hardened/patches/5.4: 5.4.39.a -> 5.4.40.a
2020-05-12 08:35:50 -04:00
fc545e4d23
linux/hardened/patches/4.19: 4.19.121.a -> 4.19.122.a
2020-05-12 08:35:48 -04:00
677ddfef7c
linux/hardened/patches/4.14: 4.14.179.a -> 4.14.180.a
2020-05-12 08:35:46 -04:00
0010ae4960
linux: 5.6.11 -> 5.6.12
2020-05-11 08:43:23 -04:00
98c79eb588
linux: 5.4.39 -> 5.4.40
2020-05-11 08:43:15 -04:00
39426327ce
linux: 4.9.222 -> 4.9.223
2020-05-11 08:43:06 -04:00
ddd1363bff
linux: 4.4.222 -> 4.4.223
2020-05-11 08:42:56 -04:00
36a1ca4daa
linux: 4.19.121 -> 4.19.122
2020-05-11 08:42:49 -04:00
6d183ed8d8
linux: 4.14.179 -> 4.14.180
2020-05-11 08:42:38 -04:00
4688ec0eb2
linux: explicitly enable AIO
...
This is disabled by default in the linux-hardened patchset, but is
required by e.g. LVM.
Fixes #87260 .
2020-05-10 23:23:38 +01:00
5a5a2d0342
linux/hardened/update.py: pass encoding to subprocess
2020-05-08 15:49:36 +01:00
b2ad58536c
linux/hardened/update.py: commit updates in order
2020-05-08 15:49:36 +01:00
88486c4e76
linux/hardened/update.py: get versions with nix(1)
2020-05-08 15:49:36 +01:00
e77d174fcd
linux/hardened/update.py: add type annotations
2020-05-08 15:49:35 +01:00
d6fe0a4e2d
linux/hardened: move files into directory
2020-05-08 15:49:35 +01:00
abe4bef033
linux/update-hardened.py: use pathlib
2020-05-08 15:49:35 +01:00
83c4ac2eb3
linux/update-hardened.py: reformat
...
$ isort --multi-line=3 --trailing-comma --force-grid-wrap=0 --use-parentheses …
$ black --line-length=80 …
(per the black documentation)
2020-05-08 15:49:35 +01:00
711667dc3e
linux/hardened-patches/4.14: 4.14.178.a -> 4.14.179.a
2020-05-07 20:56:39 -04:00
3d44729f1e
linux/hardened-patches/4.19: 4.19.120.a -> 4.19.121.a
2020-05-07 20:56:38 -04:00
ced789fa62
linux/hardened-patches/5.4: 5.4.38.a -> 5.4.39.a
2020-05-07 20:56:38 -04:00
603741e751
linux/hardened-patches/5.6: 5.6.10.a -> 5.6.11.a
2020-05-07 20:56:38 -04:00
f82e836e1d
linux: 5.6.10 -> 5.6.11
2020-05-06 15:58:09 -04:00
bcbc507143
linux: 5.4.38 -> 5.4.39
2020-05-06 15:57:20 -04:00
ac287ce319
linux: 4.19.120 -> 4.19.121
2020-05-06 15:56:35 -04:00
54eb2d1018
Merge branch 'staging-next'
...
Status on Hydra for linuxes seems good enough:
https://hydra.nixos.org/eval/1585703?filter=linux&compare=1585482&full=#tabs-now-fail
2020-05-06 08:20:05 +02:00
ee8cde8d1c
Merge pull request #86391 from kwohlfahrt/gpio-utils
2020-05-06 06:57:14 +01:00
32585ddcec
linux: 4.9.221 -> 4.9.222
2020-05-05 14:35:55 -04:00
7f75ff0777
linux: 4.4.221 -> 4.4.222
2020-05-05 14:35:46 -04:00
018f49380e
linux: 4.14.178 -> 4.14.179
2020-05-05 14:35:33 -04:00
9875bbae75
Merge master into staging-next
2020-05-05 19:51:09 +02:00
89d3a605e3
gpio-tools: init in kernel 5.4
...
Linux provides some tools to interact with the gpiochip interface (which
replaces the deprecated sysfs GPIO interface). Expose these as a
package.
The tool has not changed much recently, so there is no need to package a
version for each kernel.
2020-05-04 15:02:55 +01:00
b6456e528e
linux: 5.7-rc3 -> 5.7-rc4
2020-05-04 08:41:50 -04:00
d51998798f
linux/hardened-patches/4.14: 4.14.177.a -> 4.14.178.a
2020-05-03 13:17:07 -04:00
4df77514e7
linux/hardened-patches/4.19: 4.19.119.a -> 4.19.120.a
2020-05-03 13:17:03 -04:00
c5d56b1790
linux/hardened-patches/5.4: 5.4.36.a -> 5.4.38.a
2020-05-03 13:16:59 -04:00
e7b54c19de
linux/hardened-patches/5.6: 5.6.8.a -> 5.6.10.a
2020-05-03 13:16:49 -04:00
88e07d3a96
Merge pull request #86598 from Valodim/aarch64-hidraw
...
linux: CONFIG_HIDRAW=y
2020-05-03 11:04:56 +02:00
bdd2d3ccb2
linux: CONFIG_HIDRAW=y
2020-05-02 17:43:43 +02:00
c46b55e640
linux: 5.6.8 -> 5.6.10
2020-05-02 14:46:24 -04:00
ba19c248b7
linux: 5.4.36 -> 5.4.38
2020-05-02 14:46:24 -04:00
13e51bb636
linux: 4.9.220 -> 4.9.221
2020-05-02 14:46:23 -04:00
7e200a0177
linux: 4.4.220 -> 4.4.221
2020-05-02 14:46:23 -04:00
92c2abe85f
linux: 4.19.119 -> 4.19.120
2020-05-02 14:46:23 -04:00
163e5a8d0c
linux: 4.14.177 -> 4.14.178
2020-05-02 14:46:22 -04:00
afb1041148
Merge master into staging-next
2020-05-02 09:39:00 +02:00
61b97c17d6
linux: 5.7-rc2 -> 5.7-rc3
2020-05-01 11:43:43 -04:00
484ee79050
Merge staging-next into staging
2020-05-01 08:57:10 +02:00
5fa90ed9e2
linux/hardened-patches/4.19: 4.19.118.a -> 4.19.119.a
2020-04-30 10:05:58 -04:00
22c0c49d61
linux/hardened-patches/5.4: 5.4.35.a -> 5.4.36.a
2020-04-30 10:05:56 -04:00
53ea32be28
linux/hardened-patches/5.6: 5.6.7.a -> 5.6.8.a
2020-04-30 10:05:50 -04:00
bbf8ce13eb
linux: 5.6.7 -> 5.6.8
2020-04-29 15:38:11 -04:00
100e81982d
linux: 5.4.35 -> 5.4.36
2020-04-29 15:38:11 -04:00
ca44d3eb1e
linux: 4.19.118 -> 4.19.119
2020-04-29 15:38:11 -04:00
f046de4210
Merge pull request #86168 from lblasc/sof-firmware
...
Sound Open Firmware support, sof-firmware: init at 1.4.2, update kernel config
2020-04-29 12:36:53 +02:00
6fc9fd53db
linux config: enable Sound Open Firmware support
2020-04-29 07:31:49 +00:00
d103dc4998
linux: do not depend on systemd indirectly
...
utillinux depends on systemd because:
* uuidd supports socket activation
* lslogins can show recent journal entries
* fstrim comes with a service file (and we use this in NixOS)
* logger can write journal entries
(See https://www.openembedded.org/pipermail/openembedded-core/2015-February/102069.html )
systemd doesn't depend on utillinux but on utillinuxMinimal which is a
version of utillinux without these features to avoid cyclic
dependencies.
With this change, the linux kernel (of which i don't fully understand
why it would depend on util-linux in the first place, but this was added in
https://github.com/NixOS/nixpkgs/pull/32137/files without too much
explanation) depends on the minimal version of util-linux too.
This makes it that every time we change build flags in systemd
the linux kernel doesn't have to wastefully rebuild.
2020-04-28 15:34:44 +02:00
a9fa6028ad
linux/hardened-patches/4.19: 4.19.117.a -> 4.19.118.a
2020-04-26 12:23:07 -04:00
4af476e2b3
linux/hardened-patches/5.4: 5.4.34.a -> 5.4.35.a
2020-04-26 12:23:05 -04:00
334627d92f
linux/hardened-patches/5.6: 5.6.6.a -> 5.6.7.a
2020-04-26 12:23:03 -04:00
be48bf2ba8
linux/hardened-patches/4.14: 4.14.176.a -> 4.14.177.a
2020-04-26 12:23:01 -04:00
4883dde6b7
linux: 4.9.219 -> 4.9.220
2020-04-26 12:22:41 -04:00
6efb2ba2bf
linux: 4.4.219 -> 4.4.220
2020-04-26 12:22:05 -04:00
6617a79ba3
linux: 4.14.176 -> 4.14.177
2020-04-26 12:21:32 -04:00
d403911451
linux_testing: 5.6-rc7 -> 5.7-rc2
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2020-04-24 10:58:31 -05:00
2c1db9649e
linux_*_hardened: index patches by major kernel version
...
This will avoid breaking the build whenever a non-major kernel update
happens. In the update script, we map each kernel version to the latest
patch for the latest kernel version less than or equal to what we
have packaged.
2020-04-23 18:50:26 +01:00
6dfd563633
linux_latest-hardened: fix evaluation
2020-04-23 16:45:06 +01:00
1bceaa1cee
linux_hardened: fix evaluation
2020-04-23 15:52:14 +01:00
45c22565f6
linux: 5.6.6 -> 5.6.7
2020-04-23 08:17:15 -04:00
2f10053834
linux: 5.4.34 -> 5.4.35
2020-04-23 08:17:06 -04:00
62a608fd63
linux: 4.19.117 -> 4.19.118
2020-04-23 08:16:58 -04:00
cff0669a48
Merge master into staging-next
2020-04-23 08:11:16 +02:00
629068fe5b
linux_latest-libre: 17402 -> 17445
2020-04-22 19:40:01 -04:00
fca903c7dd
linux/hardened-patches/4.19.117: init at 4.19.117.a
2020-04-22 02:12:28 +02:00
99f30a5635
linux/hardened-patches/5.4.34: init at 5.4.34.a
2020-04-22 02:12:25 +02:00
3c81b3df4e
linux/hardened-patches/5.5.19: init at 5.5.19.a
2020-04-22 02:12:21 +02:00
c8b5e37764
linux/hardened-patches/5.6.6: init at 5.6.6.a
2020-04-22 02:12:17 +02:00
efafc50f5c
linux/hardened-patches/4.19.116: remove
2020-04-21 22:18:03 +02:00
8f2e9fcadd
linux/hardened-patches/5.5.18: remove
2020-04-21 22:18:03 +02:00
9ed70f4e46
linux/hardened-patches/5.6.5: remove
2020-04-21 22:18:03 +02:00
15807c58ad
linux/hardened-patches/5.4.33: remove
2020-04-21 22:18:02 +02:00
c9cf25bc61
linux: 5.6.5 -> 5.6.6
2020-04-21 21:59:59 +02:00
1e23dcbf22
linux: 5.5.18 -> 5.5.19
2020-04-21 21:59:22 +02:00
18c2b5a9aa
linux: 5.4.33 -> 5.4.34
2020-04-21 21:58:45 +02:00
e074301be8
linux: 4.19.116 -> 4.19.117
2020-04-21 21:58:03 +02:00
803b3d296c
Merge staging-next into staging
2020-04-21 08:29:51 +02:00
523fe98821
linux/hardened-patches/4.19.116: 4.19.116.NixOS-a -> 4.19.116.a
2020-04-20 10:05:36 -04:00
45343beffe
linux/hardened-patches/5.4.33: 5.4.33.NixOS-a -> 5.4.33.a
2020-04-20 10:05:36 -04:00
48d908b731
linux/hardened-patches/5.5.18: init at 5.5.18.a
2020-04-20 10:05:36 -04:00
0fd9293703
linux/hardened-patches/5.6.5: init at 5.6.5.a
2020-04-20 10:05:36 -04:00
e7a65e6c41
linux/hardened-patches/5.5.17: remove
2020-04-20 10:05:36 -04:00
eb41f8122e
linux/hardened-patches/5.6.4: remove
2020-04-20 10:05:36 -04:00
8879086cfc
linux: 5.5.17 -> 5.5.18
2020-04-20 10:05:36 -04:00
4307923b86
linux: 5.6.4 -> 5.6.5
2020-04-20 10:05:36 -04:00
6f1165a0cb
Merge pull request #84522 from emilazy/add-linux-hardened-patches
...
linux_*_hardened: use linux-hardened patch set
2020-04-19 20:01:35 +03:00
d96487b9ca
Merge branch 'master' into staging-next
...
Hydra nixpkgs: ?compare=1582510
2020-04-18 07:42:26 +02:00
33c2a76c5e
Merge remote-tracking branch 'upstream/master' into staging
2020-04-17 18:40:51 -04:00
7fdfe5381d
linux_*_hardened: don't set FORTIFY_SOURCE
...
Upstreamed in anthraxx/linux-hardened@d12c0d5f0c .
2020-04-17 16:13:39 +01:00
ed89b5b3f1
linux_*_hardened: don't set PANIC_ON_OOPS
...
Upstreamed in anthraxx/linux-hardened@366e0216f1 .
2020-04-17 16:13:39 +01:00
0d5f1697b7
linux_*_hardened: don't set SLAB_FREELIST_{RANDOM,HARDENED}
...
Upstreamed in anthraxx/linux-hardened@786126f177 ,
anthraxx/linux-hardened@44822ebeb7 .
2020-04-17 16:13:39 +01:00
4fb796e341
linux_*_hardened: don't set HARDENED_USERCOPY_FALLBACK
...
Upstreamed in anthraxx/linux-hardened@c1fe7a68e3 ,
anthraxx/linux-hardened@2c553a2bb1 .
2020-04-17 16:13:39 +01:00
3eeb5240ac
linux_*_hardened: don't set DEBUG_LIST
...
Upstreamed in anthraxx/linux-hardened@6b20124185 .
2020-04-17 16:13:39 +01:00
0611462e33
linux_*_hardened: don't set {,IO_}STRICT_DEVMEM
...
STRICT_DEVMEM is on by default in upstream 5.6.2; IO_STRICT_DEVMEM is
turned on by anthraxx/linux-hardened@103d23cb66 .
Note that anthraxx/linux-hardened@db1d27e10e
disables DEVMEM by default, so this is only relevant if that default is
overridden to turn it back on.
2020-04-17 16:13:39 +01:00
303bb60fb1
linux_*_hardened: don't set DEBUG_WX
...
Upstreamed in anthraxx/linux-hardened@55ee7417f3 .
2020-04-17 16:13:39 +01:00
33b94e5a44
linux_*_hardened: don't set BUG_ON_DATA_CORRUPTION
...
Upstreamed in anthraxx/linux-hardened@3fcd15014c .
2020-04-17 16:13:39 +01:00
db6b327508
linux_*_hardened: don't set LEGACY_VSYSCALL_NONE
...
Upstreamed in anthraxx/linux-hardened@d300b0fdad .
2020-04-17 16:13:39 +01:00
130f6812be
linux_*_hardened: don't set RANDOMIZE_{BASE,MEMORY}
...
These are on by default for x86 in upstream linux-5.6.2, and turned on
for arm64 by anthraxx/linux-hardened@90f9670bc3 .
2020-04-17 16:13:39 +01:00
8c68055432
linux_*_hardened: don't set MODIFY_LDT_SYSCALL
...
Upstreamed in anthraxx/linux-hardened@05644876fa .
2020-04-17 16:13:39 +01:00
8efe83c22e
linux_*_hardened: don't set DEFAULT_MMAP_MIN_ADDR
...
Upstreamed in anthraxx/linux-hardened@f1fe0a64dd .
2020-04-17 16:13:39 +01:00
3d4c8ae901
linux_*_hardened: don't set VMAP_STACK
...
This has been on by default upstream for as long as it's been an option.
2020-04-17 16:13:39 +01:00
7d5352df31
linux_*_hardened: don't set X86_X32
...
As far as I can tell, this has never defaulted to on upstream, and our
common kernel configuration doesn't turn it on, so the attack surface
reduction here is somewhat homeopathic.
2020-04-17 16:13:39 +01:00
0d4f35efd4
linux_*_hardened: use linux-hardened patch set
...
This is an updated version of the former upstream,
https://github.com/AndroidHardeningArchive/linux-hardened , and provides
a minimal set of additional hardening patches on top of upstream.
The patch already incorporates many of our hardened profile defaults,
and releases are timely (Linux 5.5.15 and 5.6.2 were released on
2020-04-02; linux-hardened patches for them came out on 2020-04-03 and
2020-04-04 respectively).
2020-04-17 16:13:39 +01:00
3d01e802bd
linux: explicitly enable SYSVIPC
...
The linux-hardened patch set removes this default, probably because of
its original focus on Android kernel hardening.
2020-04-17 16:12:29 +01:00
e341107367
linux: 5.4.32 -> 5.4.33
2020-04-17 08:34:01 -04:00
Tim Steinbach
Rouven Czerwinski
Frederik Rietdijk
Vladimír Čunát
Linus Heckemann
Ricardo M. Correia
Jan Tojnar
Michael Weiss
Anders Kaseorg
Florian Klink
Puck Meerburg
Matthew Bauer
Emily
Jörg Thalheim
Kai Wohlfahrt
Vincent Breitmoser
Luka Blaskovic
Arian van Putten
Austin Seipp
Jörg Thalheim
kraem
Yegor Timoshenko
John Ericson