37f7470269
linux: drop 3.12 and 4.1
...
Support ends before 17.09 is released:
https://www.kernel.org/category/releases.html
2017-03-23 22:06:04 +01:00
37a965c1de
linux: 4.10.4 -> 4.10.5
2017-03-23 16:43:31 -04:00
a20602d8e2
linux: 4.4.55 -> 4.4.56
2017-03-23 16:38:46 -04:00
94ab4932ae
grsecurity: 4.9.16-201703180820 -> 4.9.17-201703221829
2017-03-23 01:03:14 +01:00
a2fdf72ec4
linux_4_9: 4.9.16 -> 4.9.17
2017-03-23 01:03:11 +01:00
c60102d177
linux: 4.11-rc2 -> 4.11-rc3
2017-03-21 20:32:36 -04:00
bef5607e20
linux: 4.4.54 -> 4.4.55
2017-03-19 12:18:46 -04:00
6879d560cb
linux: 4.10.3 -> 4.10.4
2017-03-19 12:15:40 -04:00
b5da6ca213
linux_4_9: 4.9.15 -> 4.9.16
2017-03-18 15:32:56 +01:00
d4409817a6
grsecurity: 4.9.15-201703150049 -> 4.9.16-201703180820
2017-03-18 15:32:48 +01:00
ca3fb4d1d4
linux: 4.4.53 -> 4.4.54
2017-03-17 17:25:40 -04:00
81ad24d4d7
linux: 4.10.2 -> 4.10.3
2017-03-17 17:19:59 -04:00
12648a455b
linux_4_9: 4.9.14 -> 4.9.15
2017-03-15 20:03:34 +01:00
9e60a17cb8
grsecurity: 4.9.14-201703121245 -> 4.9.15-201703150049
...
Contains a fix for the n_hdlc double free bug.
2017-03-15 07:25:21 +01:00
44bd7c45dc
linux_4_10: 4.10.1 -> 4.10.2
2017-03-14 23:08:43 +01:00
a691c06556
linux_testing: 4.11-rc1 -> 4.11-rc2
2017-03-14 23:08:43 +01:00
18684a4892
linux: 4.1.38 -> 4.1.39
2017-03-13 20:15:42 -04:00
9ac82a773c
linux: 4.4.52 -> 4.4.53
2017-03-13 20:15:26 -04:00
b2c96062ca
kernel: Add a validity check for modDirVersion
...
Because if you get it wrong, you get a very confusing error message at
the end of the kernel build, which is quite painful as the build can
take a long time.
2017-03-13 18:47:21 +02:00
8091c1b208
linux_4_9: 4.9.13 -> 4.9.14
2017-03-12 18:44:29 +01:00
4c211bdc63
grsecurity: 4.9.13-201703052141 -> 4.9.14-201703121245
2017-03-12 18:44:27 +01:00
c1ccedeaff
linux: make some new config settings optional
...
These are not support on older kernels pre 4.0.
2017-03-11 08:14:29 +01:00
ff2313a6c6
linux: 3.12.70 -> 3.12.71
2017-03-11 08:14:29 +01:00
77c49794cd
linux_testing: 4.10-rc7 -> 4.11-rc1
...
Some config options got removed, so conditionalize them.
2017-03-11 01:27:06 +02:00
5f5b87107f
raspberrypifw, linux_rpi: 1.20161020 -> 1.20170303
2017-03-08 21:35:31 +02:00
17d80c49fa
grsecurity: 4.9.13-201702270729 -> 201703052141
2017-03-06 15:59:30 +01:00
57c6fac3e9
kernel config: Enable IP_MULTICAST
...
This is lacking on ARM and causes libuv tests to fail.
2017-03-04 12:49:50 +02:00
49bdf9803a
linux: IPV6_FOU_TUNNEL is available since 4.7
2017-03-02 17:19:55 +01:00
75e85cae42
linux: enable FOU tunnels and VRF interfaces
2017-03-02 17:19:55 +01:00
a20a53300d
grsecurity: 4.9.13-201702261126 -> 201702270729
2017-02-27 16:04:32 +01:00
f3a6991f3d
grsecurity: 4.9.12-201702231830 -> 4.9.13-201702261126
2017-02-26 18:20:50 +01:00
701544d0a7
linux: 4.9.12 -> 4.9.13
2017-02-26 18:09:16 +01:00
62857b1f21
linux: 4.4.51 -> 4.4.52
2017-02-26 18:09:16 +01:00
8a75569619
linux: 4.10 -> 4.10.1
2017-02-26 18:09:15 +01:00
0150d9a95c
grsecurity: 4.9.11-201702222257 -> 4.9.12-201702231830
2017-02-26 14:01:57 +01:00
d36b1ccc13
Revert "Revert "linux kernels: patch against DCCP double free (CVE-2017-6074)""
...
This reverts commit 53a2baabbe
2017-02-23 19:23:29 -05:00
53a2baabbe
Revert "linux kernels: patch against DCCP double free (CVE-2017-6074)"
...
This reverts commit 1d68edbef4
2017-02-23 18:47:16 -05:00
1d68edbef4
linux kernels: patch against DCCP double free (CVE-2017-6074)
2017-02-23 18:44:43 -05:00
82aae8f631
kernel: 4.4.50 -> 4.4.51
2017-02-23 17:47:51 -05:00
18c2be2862
kernel: 4.9.11 -> 4.9.12
2017-02-23 17:47:18 -05:00
b92501f0d8
grsecurity: 4.9.11-201702181444 -> 201702222257
2017-02-23 19:18:39 +01:00
f454297a7d
linux 4.10
2017-02-20 07:32:46 -05:00
b191ac0d89
Revert "linux 4.10"
...
Somehow the tarball was actually linux 4.4.10
This reverts commit fea71f84d0
2017-02-20 07:29:47 -05:00
fea71f84d0
linux 4.10
2017-02-20 06:47:49 -05:00
7274fc32d2
linux: 4.4.48 -> 4.4.50
2017-02-18 18:40:04 -05:00
2423313581
kernel: 4.9.10 -> 4.9.11
2017-02-18 18:33:36 -05:00
ca016c2626
grsecurity: 4.9.10-201702152052 -> 4.9.11-201702181444
2017-02-18 22:01:16 +01:00
e8007c0e89
linux_4_9: patch for CVE-2017-5986
...
Seems fairly low impact[1] but we might as well patch it until a new 4.9
version is released
[1]: https://bugzilla.redhat.com/show_bug.cgi?id=1420276
2017-02-17 19:11:30 +01:00
73577a2b05
linux_4_9: 4.9.9 -> 4.9.10
2017-02-17 19:11:24 +01:00
bc2f53fd29
grsecurity: 4.9.8-201702071801 -> 4.9.10-201702152052
2017-02-16 14:51:25 +01:00
0ec9e695c8
linux: 3.10.104 -> 3.10.105
2017-02-13 18:47:01 -05:00
c71a893334
Revert "Use looser 9pfs caching in VM tests/builds"
...
This reverts commit bbd03e236a
2017-02-13 14:38:19 +01:00
4af79a7331
Revert "linux: Apply 9p veryloose patch to 4.9"
...
This reverts commit a82810c7a7Fixes #22695 .
2017-02-13 12:16:39 +01:00
9dec33dc4f
linux: 4.9.8 -> 4.9.9
2017-02-09 16:27:29 +01:00
9d8248517e
linux: 4.4.47 -> 4.4.48
2017-02-09 16:27:16 +01:00
dced724c00
linux_3_18: remove due to EOL
2017-02-08 23:50:59 +01:00
bd46a375df
grsecurity: 4.9.8-201702060653 -> 201702071801
2017-02-08 01:31:18 +01:00
cf94e18627
linux-testing: 4.10-rc4 -> 4.10-rc7
...
Tested via building the linux_testing attribute only, not in production.
Verified unpacked tarball with GnuPG:
gpg: Signature made Mon 06 Feb 2017 12:21:50 AM CET
gpg: using RSA key 79BE3E4300411886
gpg: Good signature from "Linus Torvalds <torvalds@linux-foundation.org>" [unknown]
Primary key fingerprint: ABAF 11C6 5A29 70B1 30AB E3C4 79BE 3E43 0041 1886
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-02-07 10:23:50 +01:00
0d422c5db5
grsecurity: 4.8.17-201701151620 -> 4.9.8-201702060653
...
The first release in the 4.9 branch.
I've also migrated my update scripts to SHA-512 so that'll
be the hash of choice for grsec packages going forward.
2017-02-06 15:49:34 +01:00
a2c867fd39
Merge branch 'staging'
2017-02-04 21:02:46 +01:00
73d798549f
protobuf, perf: fix my bad condition on gcc version
2017-02-04 20:58:47 +01:00
949f9aff1d
linux: 3.12.69 -> 3.12.70
2017-02-04 09:18:50 -05:00
7f69dc48b9
linux: 4.9.7 -> 4.9.8
2017-02-04 09:09:19 -05:00
17b5ae4fe4
linux: 4.4.46 -> 4.4.47
2017-02-04 09:09:02 -05:00
26e5b42106
linux: 4.4.45 -> 4.4.46
2017-02-03 18:36:50 -05:00
e7c968fbf2
linuxPackages*.perf: fix build with default gcc
...
Broken since 9842a107
2017-02-03 12:38:18 +01:00
adab4cd58b
Merge branch 'master' into staging
2017-02-03 11:47:38 +01:00
d1738c19bb
kernel: 4.9.6 -> 4.9.7
2017-02-02 21:08:24 +01:00
424cfe7686
Merge remote-tracking branch 'upstream/master' into staging
2017-01-29 02:16:29 +02:00
99c9252e3f
kernel: 4.9.5 -> 4.9.6
2017-01-26 19:56:26 -05:00
4345dfb5ba
kernel: 4.4.44 -> 4.4.45
2017-01-26 19:55:58 -05:00
be0e48e48f
Merge remote-tracking branch 'upstream/master' into staging
2017-01-27 02:18:44 +02:00
e2a2f6d595
Merge pull request #22117 from dezgeg/aarch64-for-merge
...
Aarch64 (ARM64) support
2017-01-26 17:52:28 +02:00
6973c7739e
Merge branch 'master' into staging
...
There were some larger rebuilds because of security.
2017-01-26 16:49:41 +01:00
9842a107da
linuxPackages.perf: fix build with gcc6
2017-01-25 20:12:38 +01:00
b9b95aa4d4
Merge pull request #22034 from mayflower/conntrack-helpers
...
Disable conntrack helper autoloading by default
2017-01-25 14:18:41 +01:00
2bfd83ab6d
platforms.nix: Add some aarch64-specific kernel config
...
This makes Raspberry Pi 3 and some Cavium ThunderX server hardware work.
2017-01-25 02:14:46 +02:00
c50c551142
grsecurity: 4.8.16-201701062021 -> 4.8.17-201701151620
2017-01-25 00:58:57 +01:00
482c67af70
grsecurity: adapt new to mirror url structure
2017-01-25 00:58:54 +01:00
403fdd737e
linux: remove canDisableNetfilterConntrackHelpers feature
...
This feature is available in all kernels in nixpkgs.
2017-01-25 00:28:55 +01:00
fcc51d3256
linux: fix installTargets for AArch64
...
[dezgeg: note that we are currently using just 'Image' instead of
'Image.gz' as U-Boot doesn't support the latter yet. We might switch
once it does since the kernel images are quite big]
2017-01-25 00:01:54 +02:00
a82810c7a7
linux: Apply 9p veryloose patch to 4.9
2017-01-24 13:05:02 +01:00
fc8233a64f
kernel: 4.4.43 -> 4.4.44
2017-01-22 12:11:50 -05:00
61caacbf47
linux: 4.1.36 -> 4.1.38
2017-01-21 20:41:38 +01:00
ce3b98d08b
linux: 3.18.45 -> 3.18.47
2017-01-21 20:41:36 +01:00
34c52896d1
linux 4.9.4 -> 4.9.5
2017-01-20 09:36:04 -05:00
9fc3ce73d1
kernel config: Enable BONDING and TMPFS_POSIX_ACL
...
Yet again something that's lacking on other platforms than x86.
2017-01-18 01:21:08 +02:00
e9109b1b97
linux: 4.4.42 -> 4.4.43
2017-01-17 12:02:46 +01:00
9a9be9296f
linux: 4.9.3 -> 4.9.4
2017-01-17 12:02:46 +01:00
08ddb16865
linux_testing: 4.10-rc2 -> 4.10-rc4
2017-01-16 11:41:13 +02:00
04d11637cb
linux_4_9: enable support for amdgpu on older chipsets
...
Linux 4.9 includes experimental amdgpu support for AMD Southern Islands
chipsets. (By default, only Sea Islands and newer chipsets are supported.)
Southern Islands chips will still use radeon by default, but daring users may
set `services.xserver.videoDrivers = [ "amdgpu" ];` to try the experimental
driver.
2017-01-15 16:29:50 -06:00
295337ead5
linux: 4.9.2 -> 4.9.3
2017-01-14 11:02:26 -05:00
9158b89fd3
linux: 4.4.41 -> 4.4.42
2017-01-14 11:01:52 -05:00
d483a871d1
linux: Remove 4.8
2017-01-11 16:59:29 -05:00
6b01b229c2
linux: 4.9.1 -> 4.9.2
2017-01-10 07:45:19 +01:00
3b17823187
linux: 4.8.16 -> 4.8.17
2017-01-10 07:45:19 +01:00
4c43937af0
linux: 4.4.40 -> 4.4.41
2017-01-10 07:45:18 +01:00
d6ff445f10
grsecurity: 4.8.15-201612301949 -> 4.8.16-201701062021
2017-01-07 08:01:41 +01:00
c1d20ea50c
kernel: 4.9.0 -> 4.9.1
2017-01-06 16:15:18 -05:00
ecf87b11f2
kernel: 4.8.15 -> 4.8.16
2017-01-06 16:15:02 -05:00
8fda707027
kernel: 4.4.39 -> 4.4.40
2017-01-06 16:14:30 -05:00
2a4c8313e4
linux_testing: 4.10-rc1 -> 4.10-rc2
2017-01-03 13:51:23 +02:00
75ce714818
grsecurity: 4.8.15-201612151923 -> 201612301949
2017-01-01 06:01:04 +01:00
bbd03e236a
Use looser 9pfs caching in VM tests/builds
...
This can give significant speed ups, see
7e20254412
2016-12-29 21:26:16 +01:00
c6bcc485de
linux_4_8: add patch to fix CVE-2016-9919
2016-12-28 06:35:11 +01:00
5ba7f33e3a
linux_testing: 4.9-rc8 -> 4.10-rc1
2016-12-27 01:35:10 +02:00
3ffb5ba60c
linux:3.18.44 -> 3.18.45
2016-12-21 21:08:47 -05:00
53e21529d4
linux:3.12.68 -> 3.12.69
2016-12-21 21:08:47 -05:00
0e8e4a08f3
linux: 4.8.14 -> 4.8.15
2016-12-16 08:16:45 -05:00
cb9ff3f7f9
linux: 4.4.38 -> 4.4.39
2016-12-16 08:16:22 -05:00
f0e77cd07d
grsecurity: 4.8.14-201612110933 -> 4.8.15-201612151923
2016-12-16 12:46:44 +01:00
01d022e16b
Merge pull request #21118 from grahamc/fix-rsa-build-failure
...
linux_{4_8,grsec_nixos}: patch to fix build failure
2016-12-13 09:15:50 -05:00
d918c80e13
grsecurity: disable verbose initify
...
Not as useful/informative as I had hoped.
2016-12-13 15:12:34 +01:00
7a813d3f6d
linux_{4_8,grsec_nixos}: patch to fix build failure
...
crypto/rsa_helper.c:18:28: fatal error: rsapubkey-asn1.h: No such file or directory
2016-12-13 07:25:46 -05:00
f6daae391f
linux: add 4.9
2016-12-11 19:33:05 -05:00
601058e0e2
grsecurity: 4.8.13-201612082118 -> 4.8.14-201612110933
2016-12-11 19:09:16 +01:00
f576c490e3
linux: 4.4.37 -> 4.4.38
2016-12-10 15:18:52 -05:00
b69822c505
linux: 4.8.13 -> 4.8.14
2016-12-10 15:15:44 -05:00
bdab6fe5a1
kernel: Use built-in dtbs_install target instead of rolling our own
...
In particular, on aarch64 all the .dtb files will be in subdirectories
and *.dtb won't match anything.
2016-12-10 20:24:08 +02:00
9074d9859e
linux: add patch to fix CVE-2016-8655
...
See https://lwn.net/Articles/708319/ for more information.
2016-12-10 17:08:42 +01:00
2077385421
kernel: enable CONFIG_DYNAMIC_DEBUG (like Fedora and Ubuntu)
...
It was useful in tracking down CIFS + DFS issue, and it's apparently
enabled by default in two major distros.
2016-12-10 00:01:21 +02:00
d429520b13
kernel: add CONFIG_CIFS_* like Fedora, Ubuntu
...
The plan is to fix mounting DFS shares on NixOS (for which some of these
options are needed), but I figured it might be a good idea to enable all
CONFIG_CIFS_* like Fedora 24 and Ubuntu 16.04 while at it. Ubuntu even
has CONFIG_CIFS_SMB311, but as Fedora do not, I left it out.
Mounting DFS shares still doesn't work; need to configure cifs.upcall
and /etc/request-key.conf. Until then, using GVFS as a workaround.
2016-12-10 00:01:21 +02:00
d1a5dc0b1c
grsecurity: 4.8.12-201612062306 -> 4.8.13-201612082118
2016-12-09 15:31:02 +01:00
9a63779d64
grsecurity: use upstream url as the primary source
2016-12-09 15:31:00 +01:00
ca7cc96ee8
grsecurity: enable PAX_INITIFY
...
Uses gcc plugin to detect more instances where memory used during init
can be freed.
2016-12-09 15:30:40 +01:00
bfffbb5ea6
linux: 4.8.12 -> 4.8.13
2016-12-09 08:27:11 -05:00
e861a5f7af
linux: 4.4.36 -> 4.4.37
2016-12-09 08:26:46 -05:00
5fd4ffe00f
grsecurity: 4.8.12-201612031658 -> 201612062306
2016-12-08 12:22:13 +01:00
c9d1d430ec
linux: 4.9-rc7 -> 4.9-rc8
2016-12-05 19:40:11 -05:00
9578299bbe
grsecurity: 4.8.11-201611271225 -> 4.8.12-201612031658
2016-12-06 01:24:32 +01:00
cc396697a6
grsecurity: enable ability to lock in readonly mounts
2016-12-06 01:24:12 +01:00
0e765c72e5
grsecurity: enable module hardening
2016-12-06 01:23:58 +01:00
071fbcda24
grsecurity: enable optional sysfs restrictions
...
Fairly severe, but can be disabled at bootup via
grsec_sysfs_restrict=0. For the NixOS module we ensure that it is
disabled, for systemd compatibility.
2016-12-06 01:23:36 +01:00
8c1f5afdf3
grsecurity: delay toggling of sysctls until system is up
...
We generally trust init, so there's little point in having these enabled
during early bootup; it accomplishes little except fill our logs with
spam.
2016-12-06 01:22:53 +01:00
9ccc14b1bc
linux_rpi: Add some feature flags
...
Copied from linux_4_4 (except for the EFI stub thing).
Otherwise the firewall module fails to evaluate:
Failed assertions:
- This kernel does not support rpfilter
2016-12-04 18:18:06 +02:00
4f8b74b401
Merge pull request #20866 from NeQuissimus/linux_4_8_12
...
linux: 4.8.11 -> 4.8.12
2016-12-02 18:28:46 -05:00
853b6493c8
linux: 4.8.11 -> 4.8.12
2016-12-02 14:29:00 -05:00
654f5df5dc
linux: 4.4.35 -> 4.4.36
2016-12-02 14:28:26 -05:00
5afc6b506c
linux: 4.1.35 -> 4.1.36
2016-12-01 20:34:02 -05:00
18a3225dac
linux: 3.12.67 -> 3.12.68
2016-11-29 17:40:17 -05:00
b90ed0cc80
grsecurity: 4.8.10-201611232213 -> 4.8.11-201611271225
2016-11-28 11:41:10 +01:00
4c7323545b
Revert "grsecurity: work around for #20490 "
...
This reverts commit e38b74ba89
2016-11-28 11:40:55 +01:00
eecf76eaa2
linux: 4.9-rc6 -> 4.9-rc7
2016-11-27 19:48:24 -05:00
86ea3126bc
linux_rpi: 1.20160620 -> 1.20161020
2016-11-28 00:24:00 +02:00
b47307bd74
linux: 4.8.10 -> 4.8.11
2016-11-26 16:29:23 -05:00
cc77360bed
linux: 4.4.34 -> 4.4.35
2016-11-26 16:28:58 -05:00
01172c2ccf
Merge pull request #20591 from NeQuissimus/linux_4_9_rc6
...
linux: 4.9-rc5 -> 4.9-rc6
2016-11-26 16:00:16 +01:00
f9d787c67b
grsecurity: 4.8.10-201611210813 -> 201611232213
2016-11-24 12:08:12 +01:00
7974d7493a
linux: compress kernel image with xz
2016-11-23 02:24:13 +01:00
e4a1b76457
linux: 4.8.9 -> 4.8.10
2016-11-21 18:07:17 -05:00
d62069aca4
linux: 4.4.33 -> 4.4.34
2016-11-21 18:06:57 -05:00
96194467e6
grsecurity: 4.8.8-201611150756 -> 4.8.10-201611210813
2016-11-21 23:15:14 +01:00
f6bbc6c477
linux: 4.9-rc5 -> 4.9-rc6
2016-11-20 17:23:32 -05:00
f7e0bc2ae7
Make all meta.maintainers attributes lists
2016-11-20 18:06:03 +01:00
13491f9f48
Merge pull request #20552 from NeQuissimus/linux_4_8_9
...
linux: 4.8.8 -> 4.8.9
2016-11-19 09:03:00 -05:00
d3b8a77834
linux: 4.4.32 -> 4.4.33
2016-11-19 08:56:31 -05:00
250224bf01
linux: 4.8.8 -> 4.8.9
2016-11-19 08:55:57 -05:00
e38b74ba89
grsecurity: work around for #20490
...
In `scripts/Makefile.modinst`, the code that generates the list of
modules to install passes file names via the command line. When
installing a grsecurity kernel, this list appears to exceed the
shell's argument list limit, as in
make[2]: execvp: /nix/store/[...]-bash-4.3-p46/bin/bash: Argument list too long
The build does not fail, however, but the list of modules to be installed ends
up being empty. Thus, the resulting kernel package output contains no modules,
rendering it useless.
We work around this by patching the makefile to use `find -exec` to
process files. Why this would occur for grsecurity and not other
kernels is unknown, most likely there's something *else* that is
actually causing this behaviour, so this is a temporary fix until that
cause is found.
Fixes https://github.com/NixOS/nixpkgs/issues/20490
2016-11-18 16:14:26 +01:00
a4cd6f1378
Merge pull request #20441 from NeQuissimus/linux_4_4_32
...
linux: 4.4.31 -> 4.4.32
2016-11-15 17:49:00 -05:00
819884119c
Merge pull request #20439 from NeQuissimus/linux_4_8_8
...
linux: 4.8.7 -> 4.8.8
2016-11-15 17:48:07 -05:00
0d4e1b5edd
grsecurity: 4.8.7-201611142350 -> 4.8.8-201611150756
2016-11-15 22:57:25 +01:00
24c342fde7
linux: 4.4.31 -> 4.4.32
2016-11-15 12:31:27 -05:00
9e851d3b11
linux: 4.8.7 -> 4.8.8
2016-11-15 12:30:55 -05:00
afab1a948e
grsecurity: 4.8.7-201611102210 -> 201611142350
2016-11-15 13:11:47 +01:00
a87c8ad05f
linux: 4.9-rc4 -> 4.9-rc5
2016-11-14 09:40:27 -05:00
cad9212813
grsecurity: 4.7.10-201611011946 -> 4.8.7-201611102210
2016-11-14 00:16:19 +01:00
081a871771
Revert "Merge pull request #20302 from spacekitteh/patch-10"
...
This reverts commit e02173c70cc2b4a0d266
2016-11-12 14:02:20 +01:00
e02173c70c
Merge pull request #20302 from spacekitteh/patch-10
...
grsecurity_testing: 4.7.10 -> 4.8.7
2016-11-11 22:03:39 -05:00
fa180d0d63
grsec: 4.8.6 -> 4.8.7
2016-11-12 12:54:47 +10:00
c2b4a0d266
Merge pull request #20327 from NeQuissimus/linux_4_9_rc4
...
linux: 4.9-rc3 -> 4.9-rc4
2016-11-11 18:11:02 -05:00
52cc30cd87
Merge pull request #20326 from NeQuissimus/linux_3_12_67
...
linux: 3.12.66 -> 3.12.67
2016-11-11 18:10:16 -05:00
933dfca167
Merge pull request #20322 from NeQuissimus/linux_4_8_7
...
linux: 4.8.6 -> 4.8.7
2016-11-10 21:12:06 -05:00
ad19b9bde5
linux: 4.9-rc3 -> 4.9-rc4
2016-11-10 21:08:28 -05:00
0a1f39eb91
linux: 4.8.6 -> 4.8.7
2016-11-10 21:07:56 -05:00
579f5fd9dd
linux: 4.4.30 -> 4.4.31
2016-11-10 21:07:24 -05:00
cc62ecc2d9
linux: 3.12.66 -> 3.12.67
2016-11-10 21:06:54 -05:00
74ecbbe4e3
kernel config: Ensure SECCOMP_FILTER is enabled
...
As noted in a97db109a2
2016-11-11 02:10:20 +02:00
cb93b34999
SMB2 support for CIFS
...
[tuomas: removed unneeded kernel version check]
Signed-off-by: Tuomas Tynkkynen <tuomas@tuxera.com>
2016-11-11 02:10:20 +02:00
6476f11f40
grsecurity patch update to kernel 4.8.6
2016-11-10 12:44:22 +10:00
eb9d126d2c
linux_mptcp: 0.91 -> 0.91.2
2016-11-07 14:15:33 +01:00
d9b5cd41c5
grsecurity: 4.7.10-201610262029 -> 201611011946
2016-11-03 13:55:23 +01:00
874abe694a
linux: 4.8.5 -> 4.8.6
2016-11-01 08:58:53 -04:00
ef1a188e07
linux: 4.4.28 -> 4.4.30
2016-11-01 11:31:00 +01:00
3be635b9b5
Merge linux kernel maintenance updates
...
PRs: #19995 #19996 #19997
2016-10-30 17:29:43 +01:00
f154459cf4
linux: 4.9-rc2 -> 4.9-rc3
2016-10-30 10:30:07 -04:00
1af5b2a80c
linux: 4.4.27 -> 4.4.28
2016-10-30 10:29:37 -04:00
8073430d95
linux: 4.8.4 -> 4.8.5
2016-10-30 10:28:55 -04:00
dfdaea1240
grsecurity: 4.7.10-201610222037 -> 201610262029
2016-10-27 15:03:27 +02:00
2f3b62375f
Merge pull request #19891 from NeQuissimus/kernel_4_9_rc2
...
kernel: 4.9-rc1 -> 4.9-rc2
2016-10-27 08:36:23 -04:00
ad2deee7d1
Merge pull request #19894 from NeQuissimus/kernel_3_18_44
...
kernel: 3.18.42 -> 3.18.44
2016-10-27 08:36:17 -04:00
c654ec0f25
Merge pull request #19893 from NeQuissimus/kernel_3_12_66
...
kernel: 3.12.63 -> 3.12.66
2016-10-27 08:36:10 -04:00
00e2bc22db
Merge pull request #19890 from NeQuissimus/kernel_3_10_104
...
kernel: 3.10.103 -> 3.10.104
2016-10-27 08:35:54 -04:00
b02646f93b
kernel: 3.18.42 -> 3.18.44
2016-10-26 19:23:43 -04:00
e5e84ecbbd
kernel: 3.12.63 -> 3.12.66
2016-10-26 19:17:46 -04:00
e4773819f4
kernel: 3.10.103 -> 3.10.104
2016-10-26 19:13:21 -04:00
e9a5cf3f6f
kernel: 4.9-rc1 -> 4.9-rc2
2016-10-26 09:11:00 -04:00
89cd922a6a
kernel: 4.1.33 -> 4.1.35
2016-10-26 09:04:37 -04:00
b3f7d626c1
kernel: remove 4.7
2016-10-24 21:30:00 -04:00
5440c1a64c
grsecurity: 4.7.9-201610200819 -> 4.7.10-201610222037
...
Notably, this pulls in the dirtycow fix from upstream (but I've been
unable to execute the POC exploits on grsec kernels without that fix
...)
2016-10-23 17:14:40 +02:00
a3989b87df
Merge pull request #19772 from NeQuissimus/linux_4_8_4
...
linux: 4.8.3 -> 4.8.4
2016-10-22 12:14:59 -04:00
72d91f95cb
Merge pull request #19771 from NeQuissimus/linux_4_7_10
...
linux: 4.7.9 -> 4.7.10
2016-10-22 12:14:26 -04:00
8d0ca31849
linux: 4.8.3 -> 4.8.4
2016-10-22 12:11:37 -04:00
adbe0e0a13
linux: 4.7.9 -> 4.7.10
2016-10-22 12:11:09 -04:00
4489454b83
linux: 4.4.26 -> 4.4.27
2016-10-22 12:10:34 -04:00
ed5d146e9d
grsecurity: 4.7.7-201610101902 -> 4.7.9-201610200819
2016-10-21 01:50:53 +02:00
fabfb0a900
Merge #19725 : kernel: 4.7.8 -> 4.7.9
2016-10-20 19:45:25 +02:00
963804ba8e
kernel: 4.7.8 -> 4.7.9
2016-10-20 13:08:53 -04:00
0c3e5217fc
kernel: 4.8.2 -> 4.8.3
2016-10-20 13:06:03 -04:00
76a57d83b5
linux: 4.4.25 -> 4.4.26
2016-10-20 13:37:19 +02:00
dac481d999
Merge pull request #19648 from NeQuissimus/linux_4_7_8
...
linux_4_7: 4.7.7 -> 4.7.8
2016-10-19 14:48:47 -04:00
84e4dcb34b
Merge pull request #19649 from NeQuissimus/linux_4_8_2
...
linux_4_8: 4.8.1 -> 4.8.2
2016-10-19 14:38:11 -04:00
70c8de0536
Merge pull request #19652 from NeQuissimus/linux_4_9_rc1
...
linux_testing: 4.8-rc6 -> 4.9-rc1
2016-10-19 14:35:21 -04:00
13f43c7ebc
linux: 4.4.24 -> 4.4.25
2016-10-19 17:11:53 +02:00
59f12d9394
kernel config: Add some filesystem options
...
Enable encryption support for both F2FS and ext4. For ext4 this is a bit
tricky, since pre-4.8 the way to enable it as a module was just
"EXT4_ENCRYPTION=m" but after that it changed to "FS_ENCRYPTION=m &&
EXT4_ENCRYPTION=y".
Also make sure UDF is enabled.
2016-10-19 16:44:08 +03:00
51c9c2f851
linux_testing: 4.8-rc6 -> 4.9-rc1
2016-10-18 11:19:46 -04:00
0acfbaa5b2
linux_4_8: 4.8.1 -> 4.8.2
2016-10-18 10:13:02 -04:00
55adff59f1
linux_4_7: 4.7.7 -> 4.7.8
2016-10-18 10:12:26 -04:00
ce73a3ea0f
grsecurity: 4.7.6-201609301918 -> 4.7.7-201610101902
2016-10-11 13:15:16 +02:00
f0602d2d36
kernel: Make SECURITY_YAMA optional
...
It's highly recommended, but not required to run NixOS.
2016-10-08 17:46:33 +02:00
a000ed181c
linux config: enable the Yama LSM ( #14392 )
...
The Yama Linux Security Module restricts the use of ptrace so that
processes cannot ptrace processes that are not their children. This
prevents attackers from compromising one user-level processes and
snooping on the memory and runtime state of other processes owned
by the same user.
2016-10-08 16:40:12 +02:00
a699eb4798
linux: 4.4.23 -> 4.4.24 ( #19346 )
2016-10-08 07:02:07 +02:00
9481edec56
linux: 4.7.6 -> 4.7.7 ( #19345 )
2016-10-08 07:01:51 +02:00
07e67b33af
linux: 4.8.0 -> 4.8.1 ( #19344 )
2016-10-08 07:01:27 +02:00
435673b948
Revert "Revert "linux*: remove 3.14, as it's no longer maintained""
...
In the end, it is too dangerous to have an unmaintained kernel in
nixpkgs. Revert the revert.
This reverts commit e921725176
2016-10-07 23:26:32 +02:00
e921725176
Revert "linux*: remove 3.14, as it's no longer maintained"
...
This is the simplest way to reenable the use of BLCR
(which at present requires linux version >3.12 <3.18)
until we find a better solution.
This reverts commit 6a9e765e27
2016-10-07 14:31:24 +02:00
a8b61b0aad
Merge pull request #19278 from anderspapitto/local
...
perf: add dependency on libaudit
2016-10-06 11:45:54 +02:00
aa44330963
perf: add dependency on libaudit
...
the `trace` subcommand of perf is only enabled when libaudit is
available at compile time
2016-10-05 17:59:44 -07:00
96fbdf8594
kernel: Disable RT_GROUP_SCHED
...
Follow systemd recommendation
fd74fa791f/README (L96-L103)
2016-10-05 12:52:45 +02:00
e54313d183
Revert "Revert "Linux 4.8""
...
Now featuring @aszlig's modinst_arg_list_too_long patch.
This reverts commit 43bedb970dFixes #19213
2016-10-04 10:10:36 -04:00
43bedb970d
Revert "Linux 4.8"
...
This reverts commit e4958d54b1
2016-10-03 22:04:43 -04:00
e4958d54b1
Linux 4.8
2016-10-03 08:45:45 -04:00
9a9237e0aa
grsecurity: revamp nixos kernel config
...
Cleanup:
- Restructure & add some commentary
- Remove redundant option specs given the auto config
constraints (some are left in for documentation purposes)
Changes:
- GRKERNSEC_CONFIG_VIRT_HOST -> GUEST
The former deselects paravirtualization and friends
- PAX_LATENT_ENTROPY n -> y (implied by auto)
- GRKERNSEC_ACL_HIDEKERN y -> n
Possibly useless with redistribution
2016-10-02 19:25:58 +02:00
1bb7b44cd7
grsecurity: make GRKERNSEC y and PAX y implicit
...
These options should always be specified. Note, an implication of this
change is that not specifying any grsec/PaX options results in a build
failure.
2016-10-02 19:25:58 +02:00
2ec9a1a955
grsecurity: 4.7.5-201609261522 -> 4.7.6-201609301918
2016-10-01 08:47:30 +02:00
22108b7a10
linux_4_7: 4.7.5 -> 4.7.6
2016-10-01 08:46:31 +02:00
613a12a8bd
linux: 4.4.22 -> 4.4.23
2016-09-30 14:41:19 +02:00
ff5cf3abff
linux-3.10: fix build by upstream patch
2016-09-28 19:18:34 +02:00
98a9d815e0
grsecurity: 4.7.4-201609211951 -> 4.7.5-201609261522
2016-09-27 01:43:50 +02:00
3a4a425728
linux: 4.7.4 -> 4.7.5
2016-09-25 14:20:46 +02:00
c83f8a536a
linux: 4.4.20 -> 4.4.22
2016-09-25 14:20:46 +02:00
fdf239fb83
linux: 4.1.31 -> 4.1.33
2016-09-25 14:20:45 +02:00
17402fc4a3
linux: 3.18.40 -> 3.18.42
2016-09-25 14:20:45 +02:00
31ff655e46
kernelPatches: remove unneeded patches
2016-09-25 14:20:45 +02:00
01f465c82b
linux: 3.12.62 -> 3.12.63
2016-09-25 14:20:45 +02:00
b1029abe56
linux: 3.10.102 -> 3.10.103
2016-09-25 14:20:45 +02:00
e8cd27dd8a
linux_4_6: remove, not maintained anymore
2016-09-25 14:20:39 +02:00
ea4d517eb8
Merge pull request #18661 from NeQuissimus/kernel/zbud
...
kernel-common: Add ZBUD
2016-09-25 12:33:08 +04:00
64816cd972
grsecurity: 4.7.4-201609152234 -> 201609211951
2016-09-22 23:40:50 +02:00
e2659de1b2
kernelPatches: remove legacy grsecurity attrs
2016-09-18 15:26:57 +02:00
6a9e765e27
linux*: remove 3.14, as it's no longer maintained
2016-09-17 02:10:53 +02:00
f5c9c4f18a
Merge pull request #18659 from layus/fix-mptcp
...
linux_mptcp: fix config options broken by b4a4a63cc4
2016-09-16 21:06:54 +03:00
a0b643ed06
linux-testing: 4.8-rc4 -> 4.8-rc6
...
Built successfully on my machine, no runtime tests performed.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Verified-with-PGP: ABAF 11C6 5A29 70B1 30AB E3C4 79BE 3E43 0041 1886
2016-09-16 17:57:32 +02:00
77e1be36b9
kernel-common: Add ZBUD, move ZSMALLOC into module space
2016-09-16 15:31:51 +00:00
f0e519d26a
linux_mptcp: fix config options broken by b4a4a63cc4
2016-09-16 13:15:50 +02:00
d082a7c0fd
grsecurity: 4.7.3-201609072139 -> 4.7.4-201609152234
2016-09-16 11:18:42 +02:00
2050f12f4e
linux_4_7: 4.7.3 -> 4.7.4
2016-09-16 11:18:42 +02:00
0f37287df5
treewide: explicitly specify gtk version
2016-09-13 21:09:24 +03:00
0c0188c5d2
kernel config: Explicitly enable some NLS-related things
...
Doesn't affect x86, but ARM can't mount VFAT filesystems without this on
a 3.18 kernel.
2016-09-13 17:06:13 +03:00
b4a4a63cc4
kernel generate-config.pl: Properly support string options
...
Or we get something like:
option not set correctly: NLS_DEFAULT (wanted 'utf8', got '"utf8"')
2016-09-13 17:06:13 +03:00
246bd302ec
kernel generate-config.pl: Be more verbose on errors
2016-09-13 17:06:13 +03:00
91674b75d3
grsecurity: 4.7.2-201608312326 -> 4.7.3-201609072139
2016-09-10 17:06:42 +02:00
bc7e4e390a
linux: 4.4.19 -> 4.4.20
2016-09-08 13:58:05 +02:00
4829cd7f65
kernel: 4.7.2 -> 4.7.3
2016-09-08 01:51:28 +00:00
0ce7b31b09
grsecurity: 4.7.2-201608211829 -> 201608312326
2016-09-01 14:51:33 +02:00
8c4aeb1780
Merge staging into master
...
Brings in:
- changed output order for multiple outputs:
https://github.com/NixOS/nixpkgs/pull/14766
- audit disabled by default
https://github.com/NixOS/nixpkgs/pull/17916
Conflicts:
pkgs/development/libraries/openldap/default.nix
2016-09-01 13:27:27 +03:00
d3dc3d4130
Merge remote-tracking branch 'dezgeg/shuffle-outputs' into staging
...
https://github.com/NixOS/nixpkgs/pull/14766
2016-08-30 12:43:37 +03:00
f19c961b4e
linux-testing: Fix arg list too long in modinst
...
With the default kernel and thus with the build I have tested in
74ec94bfa2
2016-08-30 06:55:52 +02:00
74ec94bfa2
linux/kernel/testing: 4.8-rc3 -> 4.8-rc4
...
Tested by only building the linux_testing attribute, but haven't yet
tested it in production.
I've also fixed the extraMeta.branch attribute.
Verified-with-PGP: ABAF 11C6 5A29 70B1 30AB E3C4 79BE 3E43 0041 1886
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-08-29 20:52:19 +02:00
42e1ec215e
linux/kernel: Remove MLX4_EN_VXLAN for 4.8
...
This option is no longer needed and has been removed in upstream commit
torvalds/linux@a831274a13 .
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-08-29 20:52:19 +02:00
0bce188ec1
linux/kernel: Remove KVM_APIC_ARCHITECTURE for 4.8
...
The option is no longer needed and has been removed upstream in
torvalds/linux@557abc40d1 .
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-08-29 20:52:19 +02:00
0e26cf84fc
kernel: Remove propagatedBuildOutputs
...
Not needed after the shuffle.
2016-08-29 14:49:52 +03:00
b74793bd1c
Merge branch 'master' into staging
...
Conflicts:
pkgs/tools/system/facter/default.nix
2016-08-29 12:44:17 +01:00
e5c3a52afc
grsecurity: fix features.grsecurity
...
Previously, features.grsecurity wasn't actually set due to a bug in the
grsec builder. We now rely on the generic kernel builder to set features
from kernelPatches.
2016-08-29 04:09:40 +02:00
fcf5a24d8c
kernel config: set DEBUG_STACKOVERFLOW regardless of features.grsecurity
...
features.grsecurity has actually been unset for a long time, with no
ill effect on grsec kernel builds so this conditional looks useless.
2016-08-29 04:08:39 +02:00
e17bc25943
Merge remote-tracking branch 'upstream/master' into staging
2016-08-29 00:24:47 +00:00
c004c6e14d
kernel config: Explicitly enable some stuff not enabled by 'make alldefconfig'
...
List of what to enable taken from https://lwn.net/Articles/672587/ .
This doesn't change the resulting x86 configs, but is more useful for
other architectures. For instance, POSIX_MQUEUE is currently missing
on ARM.
2016-08-29 03:07:11 +03:00
3de6e5be50
Merge branch 'master' into staging
...
Conflicts:
pkgs/applications/misc/navit/default.nix
pkgs/applications/networking/mailreaders/alpine/default.nix
pkgs/applications/networking/mailreaders/realpine/default.nix
pkgs/development/compilers/ghc/head.nix
pkgs/development/libraries/openssl/default.nix
pkgs/games/liquidwar/default.nix
pkgs/games/spring/springlobby.nix
pkgs/os-specific/linux/kernel/perf.nix
pkgs/servers/sip/freeswitch/default.nix
pkgs/tools/archivers/cromfs/default.nix
pkgs/tools/graphics/plotutils/default.nix
2016-08-27 23:54:54 +01:00
daa9d5edca
perf: unbreak build since glibc 2.24 upgrade
...
glibc 2.24 deprecated readdir_r, breaking the perf build:
$ nix-build -A linuxPackages.perf
...
CC util/event.o
CC util/evlist.o
util/event.c: In function '__event__synthesize_thread':
util/event.c:448:2: error: 'readdir_r' is deprecated [-Werror=deprecated-declarations]
while (!readdir_r(tasks, &dirent, &next) && next) {
^
In file included from /nix/store/8ic0jwg3p5vcwx52k4781n987hmv0bks-glibc-2.24-dev/include/features.h:368:0,
from /nix/store/8ic0jwg3p5vcwx52k4781n987hmv0bks-glibc-2.24-dev/include/stdint.h:25,
from /nix/store/jsazxc1b86g2ww569ziwhhvkz8z43vjd-gcc-5.4.0/lib/gcc/x86_64-unknown-linux-gnu/5.4.0/include/stdint.h:9,
from /tmp/nix-build-perf-linux-4.4.19.drv-0/linux-4.4.19/tools/include/linux/types.h:6,
from util/event.c:1:
/nix/store/8ic0jwg3p5vcwx52k4781n987hmv0bks-glibc-2.24-dev/include/dirent.h:189:12: note: declared here
extern int __REDIRECT (readdir_r,
^
util/event.c: In function 'perf_event__synthesize_threads':
util/event.c:586:2: error: 'readdir_r' is deprecated [-Werror=deprecated-declarations]
while (!readdir_r(proc, &dirent, &next) && next) {
Fix by adding -Wno-error=deprecated-declarations compile flag.
2016-08-27 10:21:57 +02:00
131cd8f45d
Merge pull request #18005 from gebner/kernel-amd-powerplay
...
kernel: config: enable DRM_AMD_POWERPLAY
2016-08-26 19:04:54 +02:00
40e0e5fb0b
linux_testing: 4.7-rc7 -> 4.8-rc3
2016-08-26 14:47:45 +02:00
aacf6651c1
linux: 4.4.18 -> 4.4.19
2016-08-26 14:47:45 +02:00
90251478ec
linux: 4.1.30 -> 4.1.31
2016-08-26 14:47:45 +02:00
377c851395
linux: 3.18.36 -> 3.18.40
2016-08-26 14:47:45 +02:00
dc37edb36c
linux: 3.14.73 -> 3.14.77
2016-08-26 14:47:45 +02:00
458d477215
linux: 3.12.61 -> 3.12.62
2016-08-26 14:47:45 +02:00
7b01df18a2
kernel: config: enable DRM_AMD_POWERPLAY
2016-08-26 08:45:49 +02:00
2b1fa9da8b
Add initial patches for CPU Controller on Control Group v2
2016-08-25 13:01:40 -04:00
c26de11551
linuxPackages.perf: fix build with new glibc and remove hack
...
elfutils now adds a eu- prefix to avoid collisions
2016-08-24 19:19:02 +00:00
0e8d2725dc
Merge branch 'master' into staging
2016-08-23 18:50:06 +01:00
cf592a8969
grsecurity: 4.7.1-201608161813 -> 4.7.2-201608211829
2016-08-23 01:49:34 +02:00
24a9183f90
Merge branch 'hardened-stdenv' into staging
...
Closes #12895
Amazing work by @globin & @fpletz getting hardened compiler flags by
enabled default on the whole package set
2016-08-22 01:19:35 +01:00
ba50fd7170
Merge branch 'master' into staging
2016-08-22 01:18:11 +01:00
175028582c
linux: 4.7.1 -> 4.7.2
2016-08-21 13:56:45 +00:00
ff22705793
treewide: replace several /sbin paths by /bin
2016-08-19 17:56:45 +03:00
bd68309643
kernel config: Enable SECCOMP
...
This is used by systemd >= 231 and is not enabled in the ARM
multiplatform defconfig.
2016-08-18 16:33:46 +03:00
ba20363f11
grsecurity: 4.7-201608151842 -> 4.7.1-201608161813
2016-08-17 15:19:27 +02:00
2571438988
linux: 4.7 -> 4.7.1
2016-08-17 05:46:00 +02:00
7a4407461b
linux: 4.6.6 -> 4.6.7
...
Fixes CVE-2016-5696.
2016-08-17 05:45:59 +02:00
da95fb368c
linux: 4.4.17 -> 4.4.18
...
Fixes CVE-2016-5696.
2016-08-17 05:45:59 +02:00
2104d28bcd
linux: 4.1.27 -> 4.1.30
...
Fixes CVE-2016-5696.
2016-08-17 05:45:59 +02:00
d82ddd6dc0
grsecurity: 4.7-201608131240 -> 4.7-201608151842
2016-08-16 17:50:37 +02:00
b1cceeda84
grsecurity: enable pax size overflow plugin
2016-08-16 17:50:36 +02:00
3fcb9e6f57
grsecurity: support non-enforcing mode
...
Until we've made sure that most things actually work out of the box, we
need to give people a way of continuing to use the system without
completely disabling grsecurity.
Set sysctl kernel.pax.softmode=1 or boot with pax.softmode=1
2016-08-16 17:50:36 +02:00
33e1c78ae3
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-08-16 07:54:01 +00:00
9adad8612b
Revert "Merge branch 'modprobe-fix' of git://github.com/abbradar/nixpkgs"
...
Was meant to go into staging, sorry
This reverts commit 57b2d1e9b0760b2b9048
2016-08-15 19:05:52 -04:00
57b2d1e9b0
Merge branch 'modprobe-fix' of git://github.com/abbradar/nixpkgs
2016-08-15 19:01:44 -04:00
1afd250676
treewide: replace several /sbin paths by /bin
2016-08-16 00:19:25 +03:00
9062c67914
grsecurity: 4.6.5-201607312210 -> 4.7-201608131240
2016-08-15 20:36:46 +02:00
64c79e8526
linux: 4.6.5 -> 4.6.6
2016-08-15 04:28:08 +02:00
2a8718fb0b
linux_4_5: remove, not support by upstream anymore
2016-08-15 04:28:02 +02:00
bd4490e277
Merge branch 'master' into hardened-stdenv
2016-08-13 16:59:55 +02:00
b2efe2babd
Revert "linux kernel 4.4: fix race during build"
...
Removes patch. Was fixed upstream.
This reverts commit 4788ec1372
2016-08-12 16:42:25 +01:00
b1817fa8a3
linux_mptcp: 0.90.1 (kernel 3.18) -> 0.91 (kernel 4.1) ( #17675 )
2016-08-12 15:14:24 +02:00
b7787d932e
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-08-12 09:46:53 +00:00
18947c9e36
Revert "ecryptfs: fix kernel bug introduced in 4.4.14"
...
The Linux 4.4.17 release fixes the underlying issue
This reverts commit fad9a8841b
2016-08-11 17:15:54 +01:00
e26ac7afd4
linux: 4.4.16 -> 4.4.17
2016-08-11 15:20:07 +02:00
088bcf4ec4
kernel config: Fix 3.10, 3.12, 3.14 builds
2016-08-06 17:06:45 +03:00
44f462bf4d
generate-config.pl: Be more verbose about missing options
...
For instance, the current 3.10 kernel build fails at the end with:
unused option: BRCMFMAC_PCIE
unused option: FW_LOADER_USER_HELPER_FALLBACK
unused option: KEXEC_FILE
unused option: RANDOMIZE_BASE
However, it's not obvious that only the _last_ one is actually fatal to
the build. After this change it's at least somewhat better:
warning: unused option: BRCMFMAC_PCIE
warning: unused option: FW_LOADER_USER_HELPER_FALLBACK
warning: unused option: KEXEC_FILE
error: unused option: RANDOMIZE_BASE
2016-08-06 17:06:45 +03:00
7281740c2e
linux: enable DRM_GMA600 and DRM_GMA3600
...
Adds basic support for Intel GMA3600/3650 (Intel Cedar Trail) platforms
and support for GMA600 (Intel Moorestown/Oaktrail) platforms with LVDS
ports via the gma500_gfx module.
Resolves #14727 Closes #17519
2016-08-05 19:07:40 +02:00
2d6b7aa545
linux: enable some useful networking options
...
All options are enabled by default on Debian and some other
distributions, so these should be safe.
2016-08-05 04:07:31 +02:00
1be4907ca2
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-08-02 13:46:36 +00:00
76f2e827a7
grsecurity: 4.6.5-201607272152 -> 4.6.5-201607312210
2016-08-01 12:46:48 +02:00
63c7b4f9a7
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-07-31 20:51:34 +00:00
83f783c00f
grsecurity: 4.6.4-201607242014 -> 4.6.5-201607272152
2016-07-29 00:24:00 +02:00
9aee2a17af
linux: 4.6.4 -> 4.6.5
...
Removed patch was applied upstream.
2016-07-28 23:05:27 +02:00
b68fe1a572
linux: 4.5.6 -> 4.5.7
2016-07-28 23:05:27 +02:00
42f8df10a2
linux: 4.4.16 -> 4.4.16
2016-07-28 17:03:55 +02:00
f222d98746
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-07-25 12:47:13 +00:00
e725c927d4
grsecurity: 4.6.4-201607192040 -> 4.6.4-201607242014
2016-07-25 09:11:28 +02:00
ac93e9f2c8
Linux 4.7
2016-07-24 18:30:08 -04:00
dd02b6f118
perf: depend on libiberty to get c++ demangling.
2016-07-21 17:27:15 +02:00
1f04b4a566
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-07-21 00:56:43 +00:00
55120ac4cb
grsecurity: 4.6.4-201607112205 -> 4.6.4-201607192040
2016-07-20 10:17:35 +02:00
c93ffb95bc
grsecurity: enable support for setting pax flags via xattrs
...
While useless for binaries within the Nix store, user xattrs are a convenient
alternative for setting PaX flags to executables outside of the store.
To use disable secure memory protections for a non-store file foo, do
$ setfattr -n user.pax.flags -v em foo
2016-07-20 10:17:11 +02:00
5185bc1773
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-07-15 14:41:01 +00:00
927a984de6
kernel: make KEXEC_FILE & KEXEC_JUMP optional to fix i686 build
...
cc @edolstra @dezgeg @domenkozar
2016-07-13 12:49:18 +02:00
fad9a8841b
ecryptfs: fix kernel bug introduced in 4.4.14
...
Introduced by mainline commit 2f36db7
Patch is from http://www.spinics.net/lists/stable/msg137350.html
Fixes #16766
2016-07-13 11:04:07 +02:00
dde259dfb5
linux: Add patch to fix CVE-2016-5829 ( #16824 )
...
Fixed for all available 4.x series kernels.
From CVE-2016-5829:
Multiple heap-based buffer overflows in the hiddev_ioctl_usage function
in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow
local users to cause a denial of service or possibly have unspecified
other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl
call.
2016-07-12 20:56:50 +02:00
416120e0c7
grsecurity: 4.6.3-201607070721 -> 4.6.4-201607112205
2016-07-12 15:15:09 +02:00
47da65923b
kernel: 4.6.3 -> 4.6.4 ( #16875 )
2016-07-12 09:54:57 +02:00
b2b8a89945
linux-testing: 4.7-rc6 -> 4.7-rc7 ( #16854 )
2016-07-11 17:53:41 +02:00
ecc26d7a40
linux: Disable the old IDE subsystem
...
This has long been deprecated in favour of the new ATA support
(CONFIG_ATA).
2016-07-11 15:05:21 +02:00
7b9c493d60
linux: Enable some kernel features
...
This enables a few features that should be useful and safe (they're
all used by the default Ubuntu kernel config), in particular zswap,
wakelocks, kernel load address randomization, userfaultfd (useful for
QEMU), paravirtualized spinlocks and automatic process group
scheduling.
Also removes some configuration conditional on kernel versions that we
no longer support.
2016-07-11 15:04:56 +02:00
1cd7dbc00b
linux: Bump NR_CPUS
...
The default limit (64) is too low for systems like EC2 x1.* instances
or Xeon Phis, so let's increase it.
2016-07-11 14:32:18 +02:00
a2ebf45b47
grsecurity: 4.5.7-201606302132 -> 4.6.3-201607070721
2016-07-07 19:34:58 +02:00
4085f4de5f
Merge branch 'pr-newest-uboot' into master
2016-07-04 15:17:46 +03:00
55aecd308e
linux-rpi: 4.1.20-XXX -> 4.4.13-1.20160620-1
...
- Add a patch to unset CONFIG_LOCALVERSION in the v7 build.
- Copy all the device trees to match the upstream names so U-Boot can
find them. (This is a hack.)
2016-07-04 15:13:29 +03:00
566c990f33
linux-testing: 4.6-rc6 -> 4.7-rc6
...
The config option DEVPTS_MULTIPLE_INSTANCES now no longer exists since
torvalds/linux@eedf265aa0 .
Built successfully on my Hydra instance:
https://headcounter.org/hydra/log/r4n6sv0zld0aj65r7l494757s2r8w8sr-linux-4.7-rc6.drv
Verified unpacked tarball with GnuPG:
ABAF 11C6 5A29 70B1 30AB E3C4 79BE 3E43 0041 1886
gpg: Signature made Mon 04 Jul 2016 08:13:05 AM CEST
gpg: using RSA key 79BE3E4300411886
gpg: Good signature from "Linus Torvalds <torvalds@linux-foundation.org>"
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-07-04 10:46:48 +02:00
640ac5186f
grsecurity: 4.5.7-201606292300 -> 4.5.7-201606302132
2016-07-02 20:37:52 +02:00
51c04b74c1
grsecurity: 4.5.7-201606280009 -> 4.5.7-201606292300
2016-06-30 11:09:59 +02:00
cdcdc25ef3
grsecurity: 4.5.7-201606262019 -> 4.5.7-201606280009
2016-06-28 14:57:20 +02:00
d5eec25ff9
grsecurity: 4.5.7-201606222150 -> 4.5.7-201606262019
2016-06-27 21:42:17 +02:00
7e9affa7ee
linux_4_3: Remove, not maintained anymore
2016-06-27 00:11:16 +02:00
eed51eccef
linux: 3.10.101 -> 3.10.102
2016-06-27 00:11:16 +02:00
b7e0b118d9
linux: 3.12.57 -> 3.12.61
2016-06-27 00:11:04 +02:00
0387eddb51
linux: 3.14.65 -> 3.14.73
2016-06-27 00:10:38 +02:00
6165af4db2
linux: 3.18.29 -> 3.18.36
2016-06-27 00:09:56 +02:00
5806b185bd
linux: 4.1.25 -> 4.1.27
2016-06-27 00:09:30 +02:00
4a942499b4
linux: 4.4.13 -> 4.4.14
2016-06-27 00:08:11 +02:00
4fb72b2fd3
grsecurity: 4.5.7-201606202152 -> 4.5.7-201606222150
2016-06-26 17:27:17 +02:00
125ffff089
kernel: 4.6.2 -> 4.6.3
2016-06-24 22:18:16 +00:00
9d052a2c39
grsecurity: 4.5.7-201606142010 -> 4.5.7-201606202152
2016-06-23 00:55:54 +02:00
453086a15f
linux: 4.4.12 -> 4.4.13
2016-06-20 13:11:55 +02:00
7c32638439
Merge pull request #16259 from layus/update-mptcp
...
linux_mptcp: update 0.90 -> 0.90.1
2016-06-20 09:29:07 +01:00
875fd5af73
grsecurity: 4.5.7-201606110914 -> 4.5.7-201606142010
2016-06-16 14:29:12 +02:00
d73b7d101f
linux_mptcp: 0.90 -> 0.90.1
2016-06-15 22:56:11 +02:00
130b06eb0b
grsecurity: 4.5.7-201606080852 -> 4.5.7-201606110914
2016-06-14 14:18:01 +02:00
886c03ad2e
Merge pull request #16107 from joachifm/grsec-ng
...
Rework grsecurity support
2016-06-14 03:52:50 +02:00
75b9a7beac
grsecurity: implement a single NixOS kernel
...
This patch replaces the old grsecurity kernels with a single NixOS
specific grsecurity kernel. This kernel is intended as a general
purpose kernel, tuned for casual desktop use.
Providing only a single kernel may seem like a regression compared to
offering a multitude of flavors. It is impossible, however, to
effectively test and support that many options. This is amplified by
the reality that very few seem to actually use grsecurity on NixOS,
meaning that bugs go unnoticed for long periods of time, simply because
those code paths end up never being exercised. More generally, it is
hopeless to anticipate imagined needs. It is better to start from a
solid foundation and possibly add more flavours on demand.
While the generic kernel is intended to cover a wide range of use cases,
it cannot cover everything. For some, the configuration will be either
too restrictive or too lenient. In those cases, the recommended
solution is to build a custom kernel --- this is *strongly* recommended
for security sensitive deployments.
Building a custom grsec kernel should be as simple as
```nix
linux_grsec_nixos.override {
extraConfig = ''
GRKERNSEC y
PAX y
# and so on ...
'';
}
```
The generic kernel should be usable both as a KVM guest and host. When
running as a host, the kernel assumes hardware virtualisation support.
Virtualisation systems other than KVM are *unsupported*: users of
non-KVM systems are better served by compiling a custom kernel.
Unlike previous Grsecurity kernels, this configuration disables `/proc`
restrictions in favor of `security.hideProcessInformation`.
Known incompatibilities:
- ZFS: can't load spl and zfs kernel modules; claims incompatibility
with KERNEXEC method `or` and RAP; changing to `bts` does not fix the
problem, which implies we'd have to disable RAP as well for ZFS to
work
- `kexec()`: likely incompatible with KERNEXEC (unverified)
- Xen: likely incompatible with KERNEXEC and UDEREF (unverified)
- Virtualbox: likely incompatible with UDEREF (unverified)
2016-06-14 00:08:20 +02:00
4ae5eb97f1
kernel: set virtualization options regardless of grsec
...
Per my own testing, the NixOS grsecurity kernel works both as a
KVM-based virtualisation host and guest; there appears to be no good
reason to making these conditional on `features.grsecurity`.
More generally, it's unclear what `features.grsecurity` *means*. If
someone configures a grsecurity kernel in such a fashion that it breaks
KVM support, they should know to disable KVM themselves.
2016-06-10 19:27:59 +02:00
d8e4432fe2
kernel: unconditionally disable /dev/kmem
...
This was presumably set for grsecurity compatibility, but now appears
redundant. Grsecurity does not expect nor require /dev/kmem to be
present and so it makes little sense to continue making its inclusion in
the standard kernel dependent on grsecurity.
More generally, given the large number of possible grsecurity
configurations, it is unclear what `features.grsecurity` even
*means* and its use should be discouraged.
2016-06-10 19:27:41 +02:00
4fbafb2395
linux 4.6.1 -> 4.6.2
2016-06-10 09:30:11 -04:00
8031cba2ab
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-06-10 09:27:04 +00:00
edc36a0091
grsecurity: 4.5.6-201606051644 -> 4.5.7-201606080852
2016-06-09 15:40:06 +02:00
20c2ce4954
Merge #16045 : kernel: 4.6.0 -> 4.6.1
2016-06-09 14:37:32 +02:00
c0895be3ee
Merge #16044 : kernel: 4.1.20 -> 4.1.25
2016-06-09 14:36:31 +02:00
f9310c2eee
Merge #16043 : kernel: 4.4.11 -> 4.4.12
2016-06-09 14:34:50 +02:00
269b7d30a7
kernel: 4.6.0 -> 4.6.1
2016-06-07 09:59:19 -04:00
8f4755a0ae
kernel: 4.5.5 -> 4.5.6
2016-06-07 09:58:24 -04:00
a57cbf6546
kernel: 4.4.11 -> 4.4.12
2016-06-07 09:57:47 -04:00
f3ebf13762
kernel: 4.1.20 -> 4.1.25
2016-06-07 09:57:07 -04:00
72899d92d0
grsecurity: 4.5.5-201605291201 -> 4.5.6-201606051644
2016-06-07 15:04:24 +02:00
bac26e08db
Fix lots of fetchgit hashes (fallout from #15469 )
2016-06-03 17:17:08 +03:00
4c99d22f19
kernel: set nx bit on module ro segments
...
Fixes #4757 .
2016-06-03 15:41:47 +02:00
2d382f3d98
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-05-30 19:39:34 +00:00
bfefc54bc5
grsecurity: 4.5.5-201605211442 -> 4.5.5-201605291201
2016-05-29 20:34:24 +02:00
3ee6b22dc3
linux: 4.4.10 -> 4.4.11
2016-05-22 23:05:10 +02:00
5a357d9731
grsecurity: 4.5.5-201605202102 -> 4.5.5-201605211442
2016-05-21 22:28:36 +02:00
79481bd68f
linux: 4.5.4 -> 4.5.5
2016-05-21 07:37:41 +02:00
cdf2ffda9d
grsecurity: 4.5.4-201605131918 -> 4.5.5-201605202102
2016-05-21 07:37:41 +02:00
f8d481754c
Merge remote-tracking branch 'origin/master' into hardened-stdenv
2016-05-18 17:10:02 +02:00
1ea263ef03
linux-4.6: Fix copy-paste error.
...
Thanks to @NeQuissimus for the spot
2016-05-16 13:53:23 -04:00
0373eb86f1
Linux 4.6
2016-05-16 11:56:39 -04:00
f99c86eec1
grsecurity: remove expressions for unsupported versions
...
Retain top-level attributes for now but consolidate compatibility
attributes.
Part of ongoing cleanup, doing it all at once is infeasible.
2016-05-16 09:10:27 +02:00
6194e9d801
kernelPatches.grsecurity: 4.5.4-201605122039 -> 4.5.4-201605131918
...
Also revert to using the grsecurity-scrape mirror; relying on upstream
just isn't viable. Lately, updates have been so frequent that a new
version is released before Hydra even gets around to building the
previous one.
2016-05-14 05:15:35 +02:00
7fdce2feb0
kernelPatches.grsecurity_4_5: 4.5.4-201605112030 -> 4.5.4-201605122039
2016-05-13 23:11:07 +02:00
10aaca8c1f
grsecurity_4_5: 4.5.3-201605080858 -> 4.5.4-201605112030
2016-05-13 20:11:31 +02:00
006f6d9437
linux: 4.5.3 -> 4.5.4
2016-05-13 17:27:51 +02:00
7a8ea6138e
linux: 4.4.9 -> 4.4.10
2016-05-11 20:34:02 +02:00
52477b0a0b
kernelPatches.grsecurity_4_5: 201605060852 -> 201605080858
2016-05-09 16:38:44 +02:00
f53850bf21
kernel: 4.4.8 -> 4.4.9 ( #15276 )
2016-05-06 20:25:29 +02:00
53a4582552
Adding vmlinux to linux kernel 'dev' derivation.
...
It takes some extra 13MB (and in dev, not out), but allows perf to show kernel
symbols when profiling. I think it is worth it.
In my NixOS, I refer to it in the system derivation, for easy telling to perf
through /run/booted-system/vmlinux:
system.extraSystemBuilderCmds = ''
ln -s ${config.boot.kernelPackages.kernel.dev}/vmlinux $out/vmlinux
'';
2016-05-06 18:11:03 +02:00
02d94d335a
kernel: 4.5.2 -> 4.5.3
2016-05-06 11:12:04 -04:00
27061905bd
linuxPackages_grsec_4_5: 3.1-4.5.2-201604290633 -> 3.1-4.5.3-201605060852
2016-05-06 16:37:25 +02:00
1f84e43239
Do some large, concurrency-capable builds on dedicated machines
2016-05-04 18:16:27 +02:00
0bd31bce10
grsecurity: drop support for 4.4 kernels
...
From now on, only the testing branch of grsecurity will be supported.
Additionally, use only patches from upstream.
It's impossible to provide meaningful support for grsecurity stable.
First, because building and testing \(m \times n \times z) [1], packages
is infeasible. Second, because stable patches are only available from
upstream for-pay, making us reliant on third-parties for patches. In
addition to creating yet more work for the maintainers, using stable
patches provided by a third-party goes against the wishes of upstream.
nixpkgs provides the tools necessary to build grsecurity kernels for any
version the user chooses, however, provided they pay for, or otherwise
acquire, the patch themselves.
Eventually, we'll want to remove the now obsolete top-level attributes,
but leave them in for now to smoothe migration (they have been removed
from top-level/release.nix, though, because it makes no sense to have
them there).
[1]: where \(m\) is the number of grsecurity flavors, \(n\) is the
number of kernel versions, and z is the size of the `linuxPackages` set
2016-05-04 01:07:53 +02:00
c92bca56f8
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-05-02 22:58:02 +00:00
7893cb1aea
linuxPackages_grsec_4_1: delete
...
Upstream supports 3.14, 4.4, and 4.5
2016-05-02 11:28:05 +02:00
fecb56fc3f
linuxPackages_grsec_4_5: init at 3.1-4.5.2-201604290633
2016-05-02 11:28:05 +02:00
80f923f26f
linux-testing: 4.6-rc5 -> 4.6-rc6
2016-05-02 02:29:42 +01:00
c494947676
linux_testing: 4.6-rc4 -> 4.6-rc5
2016-04-28 23:59:52 +00:00
7276417870
kernel config: Enable BINFMT_MISC
...
This is enabled in x86 builds but lacking on ARM.
2016-04-28 20:46:34 +03:00
454eefa63b
linux: 4.4.7 -> 4.4.8
2016-04-26 16:39:59 +02:00
90cdfb5414
kernel: 4.5.1 -> 4.5.2
2016-04-20 11:55:13 +01:00
b59a6aa93a
kernel: turn off bindnow hardening
2016-04-19 02:21:57 +00:00
d020caa5b2
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-04-18 13:49:22 +00:00
ec198e3868
linux-testing: 4.6-rc3 -> 4.6-rc4 ( #14803 )
2016-04-18 14:11:25 +01:00
ccc3080857
kernel: 4.4.6 -> 4.4.7 ( #14690 )
2016-04-14 16:30:20 +02:00
af4d84544f
kernel: 4.5 -> 4.5.1 ( #14691 )
2016-04-14 15:57:18 +02:00
39ebb01d6e
Merge branch 'staging', containing closure-size #7701
2016-04-13 09:25:28 +02:00
4788ec1372
linux kernel 4.4: fix race during build
...
Patch drivers/crypto/qat/qat_common/Makefile so that qat_asym_algs.o
explicitly depends on headers qat_rsaprivkey-asn1.h and qat_rsapubkey-asn1.h
Hopefully fixes #14595
2016-04-12 22:45:57 +01:00
5e5ef22d73
linux_testing: 4.6-rc2 -> 4.6-rc3 ( #14592 )
2016-04-11 13:44:34 +01:00
ad7b1e24c2
fan-networking: updated patches from Ubuntu
...
This pulls in updated Fan Networking patches from Ubuntu.
(https://wiki.ubuntu.com/FanNetworking )
closes #14328
2016-04-10 16:07:03 -04:00
30f14243c3
Merge branch 'master' into closure-size
...
Comparison to master evaluations on Hydra:
- 1255515 for nixos
- 1255502 for nixpkgs
2016-04-10 11:17:52 +02:00
3e68106afd
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-04-07 21:52:26 +00:00
4907fc9e8d
Merge pull request #14509 from ragnard/bpf-tracing-kernel-config
...
linux: kernel config for extended BPF support
2016-04-07 11:01:34 +02:00
961d1e847c
linux: kernel config for extended BPF support
...
- Enable BPF_SYSCALL and BPF_EVENTS
- Build modules for NET_CLS_BPF and NET_ACT_BPF
With these config options we can leverage the full potential of BPF for
tracing and instrumenting Linux systems, for example using
libraries/tools like those provided by the bcc project.
2016-04-07 08:14:41 +01:00
b95274cc90
kernel: Don't patchELF manually
...
AFAICT this is done by stdenv nowadays:
bde82098b8/pkgs/development/tools/misc/patchelf/setup-hook.sh (L5)bde82098b8/pkgs/stdenv/generic/setup.sh (L737)http://hydra.nixos.org/build/34131589/nixlog/1/raw
2016-04-06 17:19:43 +03:00
5ca99ae7a7
kernel.i686-linux: disable bindnow hardening
2016-04-06 14:16:42 +00:00
b95a1c4f77
kernel: fix build of 3.10 and 3.12 on i686
...
(cherry picked from commit 23730413fef4be7fe365f452fcaef16c5f4e4b1b)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-04-06 10:36:04 +01:00
bbbaccfa68
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-04-04 15:24:52 +00:00
5ef5e59c56
linux_testing: 4.6-rc1 -> 4.6-rc2
2016-04-03 19:14:31 +00:00
ab15a62c68
Merge branch 'master' into closure-size
...
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
2016-04-01 10:06:01 +02:00
f60c9df0ba
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-03-28 15:16:29 +00:00
c61445357e
Merge pull request #14239 from kragniz/linux-testing-4.6-rc1
...
Linux-testing 4.6-rc1
2016-03-28 15:53:52 +01:00
dd16dcbba4
linux_grsec_3_14: mark as broken
...
First, The patch is outdated, I failed to find it anywhere in the mirror repos.
Second, the build fails, and while it may be "fixed" by ad-hoc patching (it
appears to simply need some missing includes), this would mean shipping a
potentially insecure software package. Given that the only reason to use
grsecurity is security, this is both misleading and exposes users to undue risk.
Finally, the build has been broken for quite a long time with no complaints,
leading me to believe that the number of actual users is quite low.
2016-03-27 21:13:41 +02:00
b07e7bfc7b
Merge remote-tracking branch 'origin/staging'
2016-03-27 13:19:04 +01:00
bd9737cc3e
linux_chromiumos: require 64bit build host
...
I noticed that almost all the Hydra build failures were on i686. Sure
enough, upstream says that you need an x86_64 machine to build the
kernel.
2016-03-27 05:35:04 +02:00
8b7e150bb9
linux-testing: 4.5-rc7 -> 4.6-rc1
2016-03-27 03:10:19 +01:00
695c2e4ee4
kernel-config: do not use NFSD_PNFS on >=4.6
2016-03-27 03:09:30 +01:00
89c6b3c11a
perf: fix build
...
https://hydra.nixos.org/build/33553564/nixlog/1/raw
2016-03-26 18:18:40 +01:00
4393e65a44
Merge pull request #14054 from NeQuissimus/kernel310101
...
kernel: 3.10.99 -> 3.10.101
2016-03-23 11:31:21 +00:00
2a428566e8
Merge pull request #14055 from NeQuissimus/kernel31257
...
kernel: 3.12.55 -> 3.12.57
2016-03-23 11:31:14 +00:00
4b29e2e6cb
Merge pull request #14056 from NeQuissimus/kernel31465
...
kernel: 3.14.63 -> 3.14.65
2016-03-23 11:30:59 +00:00
40b0538239
Update linux raspberry-pi to 4.1.y.
...
I could boot it in pi2; I don't know if I needed new
firmware files in /boot.
2016-03-22 15:09:57 +01:00
6476075ccf
kernel: 3.18.28 -> 3.18.29 ( close #14057 )
2016-03-21 12:39:29 +01:00
379709b404
kernel: 4.1.17 -> 4.1.20 ( close #14058 )
2016-03-21 12:15:25 +01:00
4274edbe40
kernel: 3.14.63 -> 3.14.65
2016-03-19 18:29:40 +00:00
bf41deb889
kernel: 3.12.55 -> 3.12.57
2016-03-19 18:27:41 +00:00
6f5f855a2e
kernel: 3.10.99 -> 3.10.101
2016-03-19 18:25:24 +00:00
4b512321de
linux: 4.4.5 -> 4.4.6
...
CVE-2016-2143
2016-03-17 13:05:57 +01:00
6faa0aea88
linux: 3.18.27 -> 3.18.28
...
CVE-2016-2085
2016-03-17 13:05:13 +01:00
2ac4dba0fb
Merge pull request #13909 from kragniz/linux-4.5
...
linux: add 4.5
2016-03-15 18:12:47 +01:00
3f45f0948d
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-03-15 01:44:24 +00:00
8bdee80d39
linux: add 4.5
2016-03-14 22:34:05 +00:00
a5d8256df4
grsecurity: 4.4.4 -> 4.4.5
2016-03-14 21:29:42 +00:00
7c90420119
kernel: 4.4.4 -> 4.4.5
2016-03-10 01:39:17 +00:00
fedabe3334
Merge pull request #13745 from zohl/linux-chromiumos
...
linux_chromiumos_3_14: kernel option fix
2016-03-08 13:57:32 +03:00
09af15654f
Merge master into closure-size
...
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
255d710757
grsecurity: 4.4.2 -> 4.4.4
...
See #13505 .
2016-03-08 01:03:47 +01:00
eb5a897161
Merge remote-tracking branch 'origin/pr/13505'
...
Fixes #13505 .
2016-03-08 01:01:44 +01:00
9d03355bed
ChromiumOS kernel option fixup
2016-03-08 01:19:42 +03:00
e9fc4e7db6
Merge remote-tracking branch 'origin/master' into hardened-stdenv
2016-03-07 22:08:27 +01:00
cdb0267efe
linux-testing: 4.5-rc6 -> 4.5-rc7
2016-03-07 01:00:33 +00:00
3b1f2e070b
linux_4_4: 4.4.3 -> 4.4.4
2016-03-05 21:50:03 +01:00
af40e356fe
linux_3_14: 3.14.61 -> 3.14.63
2016-03-05 21:50:03 +01:00
354a1935d3
linux_3_12: 3.12.54 -> 3.12.55
2016-03-05 21:50:03 +01:00
5b8361c118
linux_3_10: 3.10.97 -> 3.10.99
2016-03-05 21:50:03 +01:00
cb3d27df93
Merge remote-tracking branch 'origin/master' into hardened-stdenv
2016-03-05 18:55:30 +01:00
aff1f4ab94
Use general hardening flag toggle lists
...
The following parameters are now available:
* hardeningDisable
To disable specific hardening flags
* hardeningEnable
To enable specific hardening flags
Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.
cc-wrapper supports the following flags:
* fortify
* stackprotector
* pie (disabled by default)
* pic
* strictoverflow
* format
* relro
* bindnow
2016-03-05 18:55:26 +01:00
4927ca8397
Merge pull request #13555 from kragniz/linux-testing-4.5-rc6
...
linux-testing: 4.5-rc5 -> 4.5-rc6
2016-03-03 19:03:17 +01:00
fed49425c5
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-03-03 16:11:55 +00:00
ede005ad3f
Enabling Media PCI adapters (needed for PCI DVB cards)
2016-03-01 20:57:46 +01:00
3747aef768
linux-testing: 4.5-rc5 -> 4.5-rc6
2016-02-28 19:13:36 +00:00
3b4765c9e5
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-02-28 16:32:57 +00:00
be3bd972d5
grsecurity: add 4.1 kernel
2016-02-28 15:00:16 +01:00
38614d3f6a
grsecurity: use kernel version instead of testing / stable
2016-02-28 04:10:59 +01:00
4e3d6d3e90
grsecurity: separate fix patches for testing & stable
2016-02-27 19:54:55 +01:00
75f353ffbd
grsecurity: decouple from mainline
2016-02-27 19:33:35 +01:00
7547960546
grsecurity: move version information to one place
2016-02-27 18:36:12 +01:00
d95321b83e
grsecurity: 4.3.4 -> 4.4.2
2016-02-27 18:36:12 +01:00
73e0c261c2
linux: 4.4.2 -> 4.4.3
2016-02-27 16:34:02 +01:00
3477e662e6
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-02-27 00:08:08 +00:00
7506c58d74
linux_3_10: 3.10.96 -> 3.10.97 ( close #13405 )
2016-02-25 23:09:08 +01:00
0e1319f03f
linux-3.10: fixup config by a slightly hacky way
...
For explanation see:
https://github.com/NixOS/nixpkgs/pull/13405#issuecomment-188357637
2016-02-25 23:07:47 +01:00
3ef63227dd
linux-testing: 4.5-rc4 -> 4.5-rc5 ( close #13403 )
2016-02-24 08:17:52 +01:00
642517fbda
linux_3_12: 3.12.53 -> 3.12.54 ( close #13406 )
2016-02-24 08:16:47 +01:00
08cf57204f
linux_3_14: 3.14.60 -> 3.14.61 ( close #13407 )
2016-02-24 08:16:18 +01:00
a2bd90650d
linux_4_3: 4.3.5 -> 4.3.6 ( close #13408 )
2016-02-24 08:15:34 +01:00
5e0105af9b
linux: 4.4.1 -> 4.4.2
2016-02-22 04:52:00 +01:00
bb2639aafc
Merge branch 'curl-7.15-fixup' of https://github.com/zimbatm/nixpkgs into hardened-stdenv
2016-02-22 01:14:22 +00:00
a6638c62a8
Revert "linux: 4.1.17 -> 4.1.18"
...
This reverts commit 6cdf5fe85fhttps://lkml.org/lkml/2016/2/19/748 which is blocking the channel update
due to a failing luksroot test: http://hydra.nixos.org/build/32159615
2016-02-21 17:57:39 +02:00
bc21db3692
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-02-19 21:16:14 +00:00
eff9726d54
linux: 4.3.4 -> 4.3.5
2016-02-18 03:44:19 +01:00
6cdf5fe85f
linux: 4.1.17 -> 4.1.18
2016-02-18 03:44:12 +01:00
d756ff9354
linux: 3.18.26 -> 3.18.27
2016-02-18 03:44:07 +01:00
41698c9efa
Merge branch 'master' into hardened-stdenv
2016-02-15 20:05:29 +01:00
d48f117d06
linux-testing: 4.5-rc3 -> 4.5-rc4
2016-02-14 23:03:26 +00:00
d039c87984
Merge branch 'master' into closure-size
2016-02-14 08:33:51 +01:00
077e24c10d
Revert "linuxPackages.perf: set -Wno-error=bool-compare"
...
This reverts commit 332c84196c
2016-02-10 23:27:37 +00:00
e2eca0c24c
Fix misspelled meta.maintainers attributes
2016-02-10 23:27:34 +00:00
280033235e
grsecurity: use source URL from a scraped repository as grsecurity.net only has the latest version
2016-02-10 23:27:31 +00:00
6040699768
Merge pull request #12890 from NeQuissimus/kernel45rc3
...
linux-testing: 4.5-rc2 -> 4.5-rc3
2016-02-10 21:20:46 +00:00
aea262f654
Fix misspelled meta.maintainers attributes
2016-02-10 14:59:50 +01:00
42deddb17a
grsecurity: use source URL from a scraped repository as grsecurity.net only has the latest version
2016-02-10 00:46:11 +01:00
332c84196c
linuxPackages.perf: set -Wno-error=bool-compare
2016-02-09 23:17:13 +00:00
5969a59052
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-02-09 16:28:44 +00:00
2fabb4b34d
linux-testing: 4.5-rc2 -> 4.5-rc3
2016-02-09 14:38:06 +00:00
9229e9c656
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-02-07 11:17:57 +00:00
12ca23d650
linux-testing: 4.4-rc8 -> 4.5-rc2
2016-02-06 20:54:55 +00:00
ae74c356d9
Merge recent 'staging' into closure-size
...
Let's get rid of those merge conflicts.
2016-02-03 16:57:19 +01:00
7db1cba057
kernel: Let the kernel build system strip modules
...
Since commit 48f51f1185
2016-02-02 22:47:32 +02:00
7b772ae398
linux: Update to 3.10.96, 3.12.53, 3.14.60, 3.18.26, 4.1.17, 4.4.1
2016-02-02 16:38:42 +01:00
48f51f1185
linux: Compress kernel modules
...
This reduces the kernel package from 185 to 62 MiB, for a neglible
boot time cost.
2016-02-01 18:19:23 +01:00
72a30ae66f
linux: Use $SOURCE_DATE_EPOCH as the build timestamp
2016-02-01 18:19:23 +01:00
0a7cd3c110
Remove unused file
2016-02-01 18:19:23 +01:00
b2dc647c1e
linux: adding PCI Expresscard Hotplug support
2016-02-01 11:07:08 +01:00
f6d3b7a2ae
switch hardening flags
2016-01-30 16:36:57 +00:00
954e9903ad
Use a hardened stdenv by default
2016-01-30 16:36:57 +00:00
ef1f64106f
kernel: add back the patch I just removed by accident
2016-01-24 04:12:17 +00:00
78956c77c0
linux: 4.3.3 -> 4.34 (and update grsecurity patches, too)
2016-01-24 03:53:46 +00:00
32d40f0f98
Remove no longer (or never) referenced patches
...
55 files changed, 6041 deletions. Tested with `nix-build -A tarball`.
2016-01-24 02:02:21 +01:00
8f9aea9ccc
grsecurity: fix kernel config and uncomment grsecurity kernels
2016-01-23 16:58:44 +00:00
33cf0792b1
grsecurity-testing: update patches and associated kernel version
2016-01-23 14:29:34 +00:00
29785c5b7a
Merge pull request #12309 from zohl/chromiumos-kernel
...
Add ChromiumOS kernels
2016-01-23 13:13:59 +03:00
4824f73cb3
linux-4.2: remove as it's no longer maintained upstream
...
grsecurity still holds a reference to it,
but I prefer it to fail than to use a version
that is most likely not secure anymore.
2016-01-20 20:15:07 +01:00
23f5e3c90f
linux: patch CVE-2016-0728 ( close #12492 )
...
The PoC provided successfully escalates privileges from a local user to
root. The vulnerability affects any Linux Kernel version 3.8 and higher.
http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/
2016-01-20 09:31:53 +01:00
f8ff4691ed
linux-mptcp: init at 0.90 (kernel 3.18.20), fixes #11149
2016-01-20 02:11:09 +01:00
716aac2519
Merge branch 'staging' into closure-size
2016-01-19 09:55:31 +01:00
42d4175e4e
kernel: 4.1.13 -> 4.1.15 ( close #12408 )
2016-01-15 19:59:52 +01:00
a3a5bc6095
linux_chromiumos_3_14: init at 3.14.0
...
Co-authored-by: Nikolay Amiantov <ab@fmap.me>
2016-01-13 22:43:19 +03:00
ee9e7b7224
linux_chromiumos_3_18: init at 3.18.0
...
Co-authored-by: Nikolay Amiantov <ab@fmap.me>
2016-01-13 22:43:19 +03:00
44274f62f5
linux: Add 4.4
2016-01-12 19:39:00 -05:00
1792ca5810
Increasing mmc possible partitions from 8 to 32.
...
In kernel common config. I have a modern tablet with 18 gpt partitions
on eMMC (Android+Win10 dualboot).
2016-01-11 09:27:58 +01:00
f318049964
kernel: 4.3.2 -> 4.3.3
2016-01-11 02:08:31 +00:00
6fc1c08324
Merge pull request #12143 from NeQuissimus/kernel440rc8
...
linux-testing: 4.4.0-rc7 -> 4.4.0-rc8
2016-01-10 21:07:46 +01:00
be9ad574f7
Adding framebuffer console rotation to kernels.
...
This helps in some weird screens that otherwise show the console 90° turned.
2016-01-07 16:48:46 +01:00
e4b4e9b986
linux: Make Unix domain sockets builtin
...
This hopefully fixes intermittent initrd failures where udevd cannot
create a Unix domain socket:
machine# running udev...
machine# error getting socket: Address family not supported by protocol
machine# error initializing udev control socket
machine# error getting socket: Address family not supported by protocol
The "unix" kernel module is supposed to be loaded automatically, and
clearly that works most of the time, but maybe there is a race
somewhere. In any case, no sane person would run a kernel without Unix
domain sockets, so we may as well make it builtin.
http://hydra.nixos.org/build/30001448
2016-01-07 13:20:53 +01:00
1283e01b38
linux-testing: 4.4.0-rc7 -> 4.4.0-rc8
2016-01-04 20:52:19 +00:00
7ea34af4dd
linux-testing: 4.4.0-rc6 -> 4.4.0-rc7
...
Upstream changes can be found at:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/?id=v4.4-rc7
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-01-02 17:56:03 +01:00
f9f6f41bff
Merge branch 'master' into closure-size
...
TODO: there was more significant refactoring of qtbase and plasma 5.5
on master, and I'm deferring pointing to correct outputs to later.
2015-12-31 09:53:02 +01:00
f6df6d8d46
linux: 3.18.24 -> 3.18.25
2015-12-29 15:56:20 +01:00
a326ab1755
linux-testing: 4.4.0-rc5 -> 4.4.0-rc6
...
Upstream changes can be found at:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/?id=v4.4-rc6
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-12-21 17:16:49 +01:00
45e335aabd
linux-testing: 4.4.0-rc4 -> 4.4.0-rc5
...
Upstream changes can be found at:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/?id=v4.4-rc5
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-12-14 20:29:10 +01:00
18af0f88d0
Linux 4.3: 4.3 -> 4.3.2
2015-12-12 08:46:34 -05:00
5b0352a6a4
Merge branch 'master' into closure-size
2015-12-11 18:31:00 +01:00
fc6d1471ce
linux-testing: Revert build fix for -rc3.
...
This reverts commit 79bd2b08ee
2015-12-11 11:31:05 +01:00
54d6f1f683
linux: 3.14.56 -> 3.14.58
2015-12-10 16:26:33 +01:00
c00feace39
linux-testing: 4.4.0-rc3 -> 4.4.0-rc4
...
Upstream changes can be found at:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/?id=v4.4-rc4
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-12-08 03:51:34 +01:00
e289717414
rename moveToOutput and propagatedBuildInputs
2015-12-02 10:05:36 +01:00
79bd2b08ee
linux-testing: Fix build with default config.
...
Regression introduced by 03a3a905b9torvalds/linux@47ca6ec
this results in a regression due to in a circular dependency between
libcfs and LNet:
depmod: ERROR: Found 2 modules in dependency cycles!
depmod: ERROR: Cycle detected: lnet -> libcfs -> lnet
The discussion regarding this in the LKML is here:
https://lkml.org/lkml/2015/11/2/388
So this adds a patch which is not yet included in mainline and has been
submitted to the LKML at:
https://lkml.org/lkml/2015/11/6/987
Built successfully via "nix-build -A linux-testing".
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-12-01 11:22:29 +01:00
03a3a905b9
linux-testing: 4.4.0-rc1 -> 4.4.0-rc3
...
Upstream changes can be found at:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/?id=v4.4-rc1&id2=v4.4-rc3
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-12-01 09:34:39 +01:00
a412927924
Merge remote-tracking branch 'origin/master' into closure-size
2015-11-25 21:37:30 +01:00
333d69a5f0
Merge staging into closure-size
...
The most complex problems were from dealing with switches reverted in
the meantime (gcc5, gmp6, ncurses6).
It's likely that darwin is (still) broken nontrivially.
2015-11-20 14:32:58 +01:00
16acdb45bd
Revert "kernel: Remove unsupported 3.10, 3.12, 3.14"
...
This reverts commit 2441e002e2
2015-11-19 14:25:16 +01:00
893179e9c1
linux-testing: Bump to 4.4-rc1
2015-11-17 17:21:25 -08:00
9579c9ec7f
Merge commit 'cb21b77' into master.upstream
...
This is a partial merge of staging for builds which are working
2015-11-13 15:53:10 -08:00
6668058a62
linux: add config options needed for a Bay Trail Chromebook
...
Close #10416 .
Got /dev/mmcblk0 on a live CD with these options:
X86_INTEL_LPSS y
PINCTRL_BAYTRAIL y
2015-11-11 15:33:42 +01:00
d4661c7366
kernel: 4.1.12 -> 4.1.13
2015-11-10 16:17:09 -08:00
3950ab9eb9
kernel: 4.2.5 -> 4.2.6
2015-11-10 16:17:06 -08:00
789504dadf
perf: Fix libbfd dependency
...
This fixes C++ symbol demangling.
2015-11-10 22:12:38 +01:00
2441e002e2
kernel: Remove unsupported 3.10, 3.12, 3.14
...
Our base kernel headers were bumped to 3.18 so we can no longer reliably
support kernels older than 3.18
2015-11-09 11:10:42 -08:00
d33c63c19d
kernel: 3.12.49 -> 3.12.50
2015-11-07 15:44:53 -08:00
827adff712
linux: Update to 3.18.24
2015-11-04 13:22:22 +01:00
4b7f374b7d
linux: Add 4.3
2015-11-02 11:01:17 -08:00
ea49c910a5
kernel: 3.18.22 -> 3.18.23
2015-10-30 17:17:14 -07:00
3c14c32975
Really disable the firmware loader user helper fallback
2015-10-30 13:31:51 -04:00
a7157fa2f0
Remove firmware loader fallback.
...
Systemd dropped support in 207 (would be nice if configure failed with a bad flag),
so all this does is add an annoying delay if firmware can't be found by the kernel
2015-10-30 10:29:56 -04:00
c82060df9f
linux-testing: 4.3.0-rc5 -> 4.3.0-rc7
...
Upstream changes can be found at:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/?id=v4.3-rc7&id2=v4.3-rc5
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-10-28 13:59:56 +01:00
d2918797bb
linux: Fix i686 build
2015-10-28 11:09:59 +01:00
221a970e82
kernel: 4.2.3 -> 4.2.5
2015-10-27 23:07:42 -07:00
658d7b285b
kernel: 4.1.11 -> 4.1.12
2015-10-27 23:07:33 -07:00
850fff4448
kernel: 3.14.54 -> 3.14.56
2015-10-27 23:07:17 -07:00
4eaa66c9d2
kernel: 3.10.90 -> 3.10.92
2015-10-27 23:07:09 -07:00
52c9e4415b
linux: Support x2APIC
...
Without this, certain servers with lots of CPU cores would show only
one core.
2015-10-26 16:20:02 +01:00
50ab972b5a
linux: Pass through configuration file
...
This enables "nix-build -A linux.configfile" to get the generated
kernel config.
2015-10-26 16:20:01 +01:00
7e6288c252
kernel: 4.1.10 -> 4.1.11, /cc #10607
...
Boots fine for me on 64-bit.
2015-10-26 08:34:44 +01:00
194357ad20
grsecurityUnstable: 4.1.7 -> 4.2.3
2015-10-15 10:41:04 -07:00
cfb2651959
kernel: 3.12.48 -> 3.12.49
2015-10-15 10:38:01 -07:00
197547e4ba
linux-testing: 4.3.0-rc4 -> 4.3.0-rc5
...
Upstream changes can be found at:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/?id=refs/tags/v4.3-rc5
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-10-13 05:31:43 +02:00
c46dd28ffd
linux-testing: 4.3.0-rc2 -> 4.3.0-rc4
2015-10-05 11:05:31 -07:00
cac0d87d98
kernel: 4.1.9 -> 4.1.10
2015-10-03 22:25:48 -07:00
62fa68e00c
kernel: 3.18.21 -> 3.18.22
2015-10-03 22:25:40 -07:00
23ff27b2c4
kernel: 3.10.89 -> 3.10.90
2015-10-03 22:25:33 -07:00
fc719c2437
Fix kernel config names for BRCMFMAC_*
2015-10-03 15:35:06 -04:00
e7f0b0297d
Linux: Enable PCIe and USB support for brcmfmac
2015-10-03 15:22:52 -04:00
edefa43d49
Linux 4.2: Bump
2015-10-03 15:22:03 -04:00
f361938b21
Merge staging into closure-size
...
This makes gcc5 the default builder, etc.
2015-10-03 15:23:13 +02:00
09637ac363
kernel: Don't propagate the dev output
...
The current default multiple-output propagation rules don't seem to work
too well if the dev output isn't the first one; without this we get an
unnecessary runtime reference to the kernel headers.
2015-10-03 14:08:55 +02:00
277d44f8fb
linux: Update to 3.14.54
2015-10-02 12:02:27 +02:00
c720f06f7c
linux kernel common config: re-enable NFC support
...
As test, Linux kernels were build successfully with NFC support for 3.18.x and
for 4.1.x.
2015-10-01 17:53:51 +02:00
e45e777c37
kernel: Remove uneeded patch for 4.2
2015-09-29 17:47:18 -07:00
05fd70b4be
kernel: 4.2.1 -> 4.2.2
2015-09-29 15:57:30 -07:00
40773c7605
kernel: 4.1.8 -> 4.1.9
2015-09-29 15:57:29 -07:00
84c0098117
Unprivileged overlayfs mounts kernel patch from ubuntu
...
This allows to create overlayfs mounts by unprivileged containers (i.e.
in user and mount namespace). It's super-useful for containers.
The patch is trivial as I understand from the patch description it's
does not have security implications (on top of what user namespaces
already have). And it's enabled in ubuntu long time ago. Here is a proof:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1357025
2015-09-26 00:42:16 +03:00
40396584eb
kernel: 4.2 -> 4.2.1
2015-09-23 12:29:59 -07:00
d5c7b265f7
kernel: 4.1.7 -> 4.1.8
2015-09-23 12:29:59 -07:00
97200b7808
kernel: 3.14.52 -> 3.14.53
2015-09-23 12:29:59 -07:00
397f806453
kernel: 3.12.47 -> 3.12.48
2015-09-23 12:29:59 -07:00
284ea9295e
kernel: 3.10.88 -> 3.10.89
2015-09-23 12:29:59 -07:00
9fbbbd5b68
linux-testing: Update to 4.3.0-rc2
2015-09-21 14:38:49 -07:00
f08fb6e6c7
broadcom-sta: fix build on kernel >= 4.2 ( close #9953 )
...
Also cherry-pick a licensing fix from torvalds/linux@7d3e2eb178
necessary for building broadcom-sta on kernel 4.2.
For more details, see:
https://github.com/longsleep/bcmwl-ubuntu/issues/6
Fixes #9948 .
2015-09-20 08:01:37 +02:00
84505bd36a
grsecurity: Update patches
2015-09-16 13:35:41 -07:00
871baf2278
kernel: 4.1.6 -> 4.1.7
2015-09-16 12:55:36 -07:00
5975687f98
kernel: 3.14.51 -> 3.14.52
2015-09-16 12:55:36 -07:00
72d22e3f4d
kernel: 3.10.87 -> 3.10.88
2015-09-16 12:55:36 -07:00
eb7404d97a
all-packages: Use callPackage where possible
2015-09-14 22:27:19 -06:00
3ebe5f802b
Remove references to /root/test-firmware
...
This is no longer supported by systemd.
2015-09-07 22:55:16 +02:00
0754a213c1
Merge pull request #9643 from dezgeg/pr-perf
...
linuxPackages_*.perf: Fix build after kernel 4.1
2015-09-03 20:24:11 -07:00
710c4c3c9d
linuxPackages_*.perf: Fix build after kernel 4.1
...
In 4.1, the build system changed, and it now wants to execute ld like this:
ld -r -o util/scripting-engines/libperf-in.o util/scripting-engines/trace-event-perl.o util/scripting-engines/trace-event-python.o
The actual problem seems to be that `buildInputs = [elfutils ...]`
causes 'ld' to point to elfutils in PATH instead of the usual binutils.
So remove elfutils from buildInputs and set NIX_CFLAGS_* manually. This
is a slight hack, but there is some precedent:
0761f81da7/pkgs/tools/package-management/rpm/default.nix (L13)Fixes #9095 .
2015-09-03 23:37:15 +03:00
90dc8da64d
linux: Update to 3.18.21
2015-09-03 16:50:31 +02:00
38a74e27de
Remove Linux 4.0
...
It's EOL.
2015-09-03 16:50:31 +02:00
8e26a55dc4
linux: Add 4.2.0
2015-08-30 18:20:19 -07:00
5a303519fa
kernel: 3.12.46 -> 3.12.47
2015-08-28 15:46:34 -07:00
d70c01daec
grsecurity: Update patches
2015-08-18 21:06:45 -07:00
eb859dc816
kernel: 4.1.5 -> 4.1.6
2015-08-18 11:12:34 -07:00
e4fa08711c
kernel: 3.14.50 -> 3.14.51
2015-08-18 11:12:34 -07:00
109ff7ddee
kernel: 3.10.86 -> 3.10.87
2015-08-18 11:12:34 -07:00
c1ee8fefd4
nixos: add support for Ubuntu Fan Networking
...
This provides support for Ubuntu Fan Networking [1].
This includes:
* The fanctl package, and a corresponding NixOS service.
* iproute patches.
* kernel patches.
closes #9188
1: https://wiki.ubuntu.com/FanNetworking
2015-08-13 14:27:14 -04:00
52e55d85cb
kernel: 3.14.49 -> 3.14.50
2015-08-10 23:35:43 -07:00
2cec29f646
linux-3.19: Remove stale nix file
2015-08-10 23:34:32 -07:00
974b9cc8cc
kernel: 4.1.4 -> 4.1.5
2015-08-10 23:34:31 -07:00
9f79c1e6eb
kernel: 3.18.19 -> 3.18.20
2015-08-10 23:34:31 -07:00
5e33890995
kernel: 3.12.45 -> 3.12.46
2015-08-10 23:31:07 -07:00
5fe578d706
kernel: 3.10.85 -> 3.10.86
2015-08-10 23:30:59 -07:00
921055b4a8
kernel: Enable DRM_LOAD_EDID_FIRMWARE
...
This allows specifying drm_kms_helper.edid_firmware to work around displays
that provide bad EDID data.
Documentation: https://www.osadl.org/Single-View.111+M5ec938a7b3b.0.html
2015-08-04 16:38:38 -04:00
04f1b451d7
kernel: 3.14.48 -> 3.14.49
2015-08-04 13:30:08 -07:00
79fb844213
kernel: 4.0.8 -> 4.0.9
2015-08-04 13:28:46 -07:00
a5d6e61c2f
grsecurity: Push testing from 4.0 -> 4.1
2015-08-04 13:28:16 -07:00
ce6b96db6e
kernel-testing: 4.2.0-rc2 -> 4.2.0-rc5
2015-08-03 13:06:22 -07:00
102cfc53bc
kernel: 4.1.3 -> 4.1.4
2015-08-03 12:58:12 -07:00
678efd6df0
kernel: 3.12.44 -> 3.12.45
2015-08-03 12:58:12 -07:00
1684ec0bfc
kernel: 3.10.84 -> 3.10.85
2015-08-03 12:58:12 -07:00
982ce5ed58
Merge pull request #8978 from dezgeg/pr-arm-images
...
ARM SD card image expressions
2015-07-29 14:13:57 +02:00
24c13dfa81
kernel: 4.1.2 -> 4.1.3
2015-07-22 13:14:27 -07:00
612d19e8b4
kernel: 3.18.18 -> 3.18.19
2015-07-22 13:14:27 -07:00
82d0acaf37
kernel-config: Explicitly enable NAMESPACES
...
Namespace support is required by the `unshare` tool used in
`nixos-install`. It's enabled by the x86 defconfig, but not by
e.g. multi_v7_defconfig. So enable it here so that `nixos-install`
can work on ARM.
2015-07-22 16:08:17 +03:00
ec43c69b5d
linux-rpi: Fix modDirVersion
...
This causes build breakage on staging due to #7524 .
2015-07-22 16:08:17 +03:00
069b4a8a57
Remove Linux 3.2 and 3.4
...
These are not supported by systemd so no reason to keep them around.
(cherry picked from commit ee10e165dc
2015-07-22 12:25:32 +02:00
45135c0256
linux-testing: Update to version 4.2.0-rc2.
...
Upstream diff of changes can be found at:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/diff/?id=v4.2-rc2&id2=v4.2-rc1&dt=2
Not tested on my machine right now (well, it's "testing" after all), but
verified the SHA256 from two different connections.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-07-14 07:31:18 +02:00
0245b28796
kernel: 3.14.47 -> 3.14.48
2015-07-11 20:15:05 -07:00
3284b216a4
kernel: 4.0.7 -> 4.0.8
2015-07-11 20:15:05 -07:00
75b7938ba2
kernel: 4.1.1 -> 4.1.2
2015-07-11 20:15:05 -07:00
680e2ced04
kernel: 3.18.17 -> 3.18.18
2015-07-11 20:15:05 -07:00
4529105271
kernel: 3.10.82 -> 3.10.84
2015-07-11 20:15:05 -07:00
5c9f437d2f
linux: 3.14.46 -> 3.14.47
...
CVE-2014-7822
2015-07-09 15:10:12 +02:00
b363927556
linux-testing: 4.2-rc1
2015-07-06 13:45:03 -07:00
145768bf9b
Unmaintain a bunch of packages
2015-07-01 08:11:05 -04:00
d64b3c8a5c
kernel: 3.14.45 -> 3.14.46
2015-06-30 11:28:59 -07:00
43eda80b09
kernel: 3.18.16 -> 3.18.17
2015-06-30 11:20:41 -07:00
Robin Gloster
Tim Steinbach
Joachim Fasting
Franz Pletz
Tuomas Tynkkynen
Graham Christensen
Shea Levy
Eelco Dolstra
aszlig
Vladimír Čunát
Pascal Bach
Tuomas Tynkkynen
Nathan Zadoks
Thomas Tuegel
Bjørn Forsman
Tim Steinbach
Jörg Thalheim
Pascal Wittmann
Sophie Taylor
Peter Hoeg
Guillaume Maudoux
Aneesh Agrawal
Marco Maggesi
Eelco Dolstra
Anders Papitto
Alexander Ried
Nikolay Amiantov
Kirill Boltaev
obadz
Gabriel Ebner
Michal Rus
Lluís Batlle i Rossell
Louis Taylor
zimbatm
Joachim Fasting
Alexander Kjeldaas
Tim Steinbach
obadz
Charles Strahan
Ragnar Dahlén
Domen Kožar
Lluís Batlle i Rossell
Al Zohali
Marko Poikonen
tg(x)
Dan Peebles
Tobias Geerinckx-Rice
Simon Jagoe
Tim Steinbach
Aristid Breitkreuz
Luca Bruno
William A. Kennington III
Brian McKenna
Thomas Strobel
Paul Colomiets
Charles Strahan
Mathnerd314
Jonathan Rudenberg