72d91f95cb
Merge pull request #19771 from NeQuissimus/linux_4_7_10
...
linux: 4.7.9 -> 4.7.10
2016-10-22 12:14:26 -04:00
8d0ca31849
linux: 4.8.3 -> 4.8.4
2016-10-22 12:11:37 -04:00
adbe0e0a13
linux: 4.7.9 -> 4.7.10
2016-10-22 12:11:09 -04:00
4489454b83
linux: 4.4.26 -> 4.4.27
2016-10-22 12:10:34 -04:00
ed5d146e9d
grsecurity: 4.7.7-201610101902 -> 4.7.9-201610200819
2016-10-21 01:50:53 +02:00
fabfb0a900
Merge #19725 : kernel: 4.7.8 -> 4.7.9
2016-10-20 19:45:25 +02:00
963804ba8e
kernel: 4.7.8 -> 4.7.9
2016-10-20 13:08:53 -04:00
0c3e5217fc
kernel: 4.8.2 -> 4.8.3
2016-10-20 13:06:03 -04:00
76a57d83b5
linux: 4.4.25 -> 4.4.26
2016-10-20 13:37:19 +02:00
dac481d999
Merge pull request #19648 from NeQuissimus/linux_4_7_8
...
linux_4_7: 4.7.7 -> 4.7.8
2016-10-19 14:48:47 -04:00
84e4dcb34b
Merge pull request #19649 from NeQuissimus/linux_4_8_2
...
linux_4_8: 4.8.1 -> 4.8.2
2016-10-19 14:38:11 -04:00
70c8de0536
Merge pull request #19652 from NeQuissimus/linux_4_9_rc1
...
linux_testing: 4.8-rc6 -> 4.9-rc1
2016-10-19 14:35:21 -04:00
13f43c7ebc
linux: 4.4.24 -> 4.4.25
2016-10-19 17:11:53 +02:00
59f12d9394
kernel config: Add some filesystem options
...
Enable encryption support for both F2FS and ext4. For ext4 this is a bit
tricky, since pre-4.8 the way to enable it as a module was just
"EXT4_ENCRYPTION=m" but after that it changed to "FS_ENCRYPTION=m &&
EXT4_ENCRYPTION=y".
Also make sure UDF is enabled.
2016-10-19 16:44:08 +03:00
51c9c2f851
linux_testing: 4.8-rc6 -> 4.9-rc1
2016-10-18 11:19:46 -04:00
0acfbaa5b2
linux_4_8: 4.8.1 -> 4.8.2
2016-10-18 10:13:02 -04:00
55adff59f1
linux_4_7: 4.7.7 -> 4.7.8
2016-10-18 10:12:26 -04:00
ce73a3ea0f
grsecurity: 4.7.6-201609301918 -> 4.7.7-201610101902
2016-10-11 13:15:16 +02:00
f0602d2d36
kernel: Make SECURITY_YAMA optional
...
It's highly recommended, but not required to run NixOS.
2016-10-08 17:46:33 +02:00
a000ed181c
linux config: enable the Yama LSM ( #14392 )
...
The Yama Linux Security Module restricts the use of ptrace so that
processes cannot ptrace processes that are not their children. This
prevents attackers from compromising one user-level processes and
snooping on the memory and runtime state of other processes owned
by the same user.
2016-10-08 16:40:12 +02:00
a699eb4798
linux: 4.4.23 -> 4.4.24 ( #19346 )
2016-10-08 07:02:07 +02:00
9481edec56
linux: 4.7.6 -> 4.7.7 ( #19345 )
2016-10-08 07:01:51 +02:00
07e67b33af
linux: 4.8.0 -> 4.8.1 ( #19344 )
2016-10-08 07:01:27 +02:00
435673b948
Revert "Revert "linux*: remove 3.14, as it's no longer maintained""
...
In the end, it is too dangerous to have an unmaintained kernel in
nixpkgs. Revert the revert.
This reverts commit e921725176
2016-10-07 23:26:32 +02:00
e921725176
Revert "linux*: remove 3.14, as it's no longer maintained"
...
This is the simplest way to reenable the use of BLCR
(which at present requires linux version >3.12 <3.18)
until we find a better solution.
This reverts commit 6a9e765e27
2016-10-07 14:31:24 +02:00
a8b61b0aad
Merge pull request #19278 from anderspapitto/local
...
perf: add dependency on libaudit
2016-10-06 11:45:54 +02:00
aa44330963
perf: add dependency on libaudit
...
the `trace` subcommand of perf is only enabled when libaudit is
available at compile time
2016-10-05 17:59:44 -07:00
96fbdf8594
kernel: Disable RT_GROUP_SCHED
...
Follow systemd recommendation
fd74fa791f/README (L96-L103)
2016-10-05 12:52:45 +02:00
e54313d183
Revert "Revert "Linux 4.8""
...
Now featuring @aszlig's modinst_arg_list_too_long patch.
This reverts commit 43bedb970dFixes #19213
2016-10-04 10:10:36 -04:00
43bedb970d
Revert "Linux 4.8"
...
This reverts commit e4958d54b1
2016-10-03 22:04:43 -04:00
e4958d54b1
Linux 4.8
2016-10-03 08:45:45 -04:00
9a9237e0aa
grsecurity: revamp nixos kernel config
...
Cleanup:
- Restructure & add some commentary
- Remove redundant option specs given the auto config
constraints (some are left in for documentation purposes)
Changes:
- GRKERNSEC_CONFIG_VIRT_HOST -> GUEST
The former deselects paravirtualization and friends
- PAX_LATENT_ENTROPY n -> y (implied by auto)
- GRKERNSEC_ACL_HIDEKERN y -> n
Possibly useless with redistribution
2016-10-02 19:25:58 +02:00
1bb7b44cd7
grsecurity: make GRKERNSEC y and PAX y implicit
...
These options should always be specified. Note, an implication of this
change is that not specifying any grsec/PaX options results in a build
failure.
2016-10-02 19:25:58 +02:00
2ec9a1a955
grsecurity: 4.7.5-201609261522 -> 4.7.6-201609301918
2016-10-01 08:47:30 +02:00
22108b7a10
linux_4_7: 4.7.5 -> 4.7.6
2016-10-01 08:46:31 +02:00
613a12a8bd
linux: 4.4.22 -> 4.4.23
2016-09-30 14:41:19 +02:00
ff5cf3abff
linux-3.10: fix build by upstream patch
2016-09-28 19:18:34 +02:00
98a9d815e0
grsecurity: 4.7.4-201609211951 -> 4.7.5-201609261522
2016-09-27 01:43:50 +02:00
3a4a425728
linux: 4.7.4 -> 4.7.5
2016-09-25 14:20:46 +02:00
c83f8a536a
linux: 4.4.20 -> 4.4.22
2016-09-25 14:20:46 +02:00
fdf239fb83
linux: 4.1.31 -> 4.1.33
2016-09-25 14:20:45 +02:00
17402fc4a3
linux: 3.18.40 -> 3.18.42
2016-09-25 14:20:45 +02:00
31ff655e46
kernelPatches: remove unneeded patches
2016-09-25 14:20:45 +02:00
01f465c82b
linux: 3.12.62 -> 3.12.63
2016-09-25 14:20:45 +02:00
b1029abe56
linux: 3.10.102 -> 3.10.103
2016-09-25 14:20:45 +02:00
e8cd27dd8a
linux_4_6: remove, not maintained anymore
2016-09-25 14:20:39 +02:00
ea4d517eb8
Merge pull request #18661 from NeQuissimus/kernel/zbud
...
kernel-common: Add ZBUD
2016-09-25 12:33:08 +04:00
64816cd972
grsecurity: 4.7.4-201609152234 -> 201609211951
2016-09-22 23:40:50 +02:00
e2659de1b2
kernelPatches: remove legacy grsecurity attrs
2016-09-18 15:26:57 +02:00
6a9e765e27
linux*: remove 3.14, as it's no longer maintained
2016-09-17 02:10:53 +02:00
f5c9c4f18a
Merge pull request #18659 from layus/fix-mptcp
...
linux_mptcp: fix config options broken by b4a4a63cc4
2016-09-16 21:06:54 +03:00
a0b643ed06
linux-testing: 4.8-rc4 -> 4.8-rc6
...
Built successfully on my machine, no runtime tests performed.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Verified-with-PGP: ABAF 11C6 5A29 70B1 30AB E3C4 79BE 3E43 0041 1886
2016-09-16 17:57:32 +02:00
77e1be36b9
kernel-common: Add ZBUD, move ZSMALLOC into module space
2016-09-16 15:31:51 +00:00
f0e519d26a
linux_mptcp: fix config options broken by b4a4a63cc4
2016-09-16 13:15:50 +02:00
d082a7c0fd
grsecurity: 4.7.3-201609072139 -> 4.7.4-201609152234
2016-09-16 11:18:42 +02:00
2050f12f4e
linux_4_7: 4.7.3 -> 4.7.4
2016-09-16 11:18:42 +02:00
0f37287df5
treewide: explicitly specify gtk version
2016-09-13 21:09:24 +03:00
0c0188c5d2
kernel config: Explicitly enable some NLS-related things
...
Doesn't affect x86, but ARM can't mount VFAT filesystems without this on
a 3.18 kernel.
2016-09-13 17:06:13 +03:00
b4a4a63cc4
kernel generate-config.pl: Properly support string options
...
Or we get something like:
option not set correctly: NLS_DEFAULT (wanted 'utf8', got '"utf8"')
2016-09-13 17:06:13 +03:00
246bd302ec
kernel generate-config.pl: Be more verbose on errors
2016-09-13 17:06:13 +03:00
91674b75d3
grsecurity: 4.7.2-201608312326 -> 4.7.3-201609072139
2016-09-10 17:06:42 +02:00
bc7e4e390a
linux: 4.4.19 -> 4.4.20
2016-09-08 13:58:05 +02:00
4829cd7f65
kernel: 4.7.2 -> 4.7.3
2016-09-08 01:51:28 +00:00
0ce7b31b09
grsecurity: 4.7.2-201608211829 -> 201608312326
2016-09-01 14:51:33 +02:00
8c4aeb1780
Merge staging into master
...
Brings in:
- changed output order for multiple outputs:
https://github.com/NixOS/nixpkgs/pull/14766
- audit disabled by default
https://github.com/NixOS/nixpkgs/pull/17916
Conflicts:
pkgs/development/libraries/openldap/default.nix
2016-09-01 13:27:27 +03:00
d3dc3d4130
Merge remote-tracking branch 'dezgeg/shuffle-outputs' into staging
...
https://github.com/NixOS/nixpkgs/pull/14766
2016-08-30 12:43:37 +03:00
f19c961b4e
linux-testing: Fix arg list too long in modinst
...
With the default kernel and thus with the build I have tested in
74ec94bfa2
2016-08-30 06:55:52 +02:00
74ec94bfa2
linux/kernel/testing: 4.8-rc3 -> 4.8-rc4
...
Tested by only building the linux_testing attribute, but haven't yet
tested it in production.
I've also fixed the extraMeta.branch attribute.
Verified-with-PGP: ABAF 11C6 5A29 70B1 30AB E3C4 79BE 3E43 0041 1886
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-08-29 20:52:19 +02:00
42e1ec215e
linux/kernel: Remove MLX4_EN_VXLAN for 4.8
...
This option is no longer needed and has been removed in upstream commit
torvalds/linux@a831274a13 .
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-08-29 20:52:19 +02:00
0bce188ec1
linux/kernel: Remove KVM_APIC_ARCHITECTURE for 4.8
...
The option is no longer needed and has been removed upstream in
torvalds/linux@557abc40d1 .
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-08-29 20:52:19 +02:00
0e26cf84fc
kernel: Remove propagatedBuildOutputs
...
Not needed after the shuffle.
2016-08-29 14:49:52 +03:00
b74793bd1c
Merge branch 'master' into staging
...
Conflicts:
pkgs/tools/system/facter/default.nix
2016-08-29 12:44:17 +01:00
e5c3a52afc
grsecurity: fix features.grsecurity
...
Previously, features.grsecurity wasn't actually set due to a bug in the
grsec builder. We now rely on the generic kernel builder to set features
from kernelPatches.
2016-08-29 04:09:40 +02:00
fcf5a24d8c
kernel config: set DEBUG_STACKOVERFLOW regardless of features.grsecurity
...
features.grsecurity has actually been unset for a long time, with no
ill effect on grsec kernel builds so this conditional looks useless.
2016-08-29 04:08:39 +02:00
e17bc25943
Merge remote-tracking branch 'upstream/master' into staging
2016-08-29 00:24:47 +00:00
c004c6e14d
kernel config: Explicitly enable some stuff not enabled by 'make alldefconfig'
...
List of what to enable taken from https://lwn.net/Articles/672587/ .
This doesn't change the resulting x86 configs, but is more useful for
other architectures. For instance, POSIX_MQUEUE is currently missing
on ARM.
2016-08-29 03:07:11 +03:00
3de6e5be50
Merge branch 'master' into staging
...
Conflicts:
pkgs/applications/misc/navit/default.nix
pkgs/applications/networking/mailreaders/alpine/default.nix
pkgs/applications/networking/mailreaders/realpine/default.nix
pkgs/development/compilers/ghc/head.nix
pkgs/development/libraries/openssl/default.nix
pkgs/games/liquidwar/default.nix
pkgs/games/spring/springlobby.nix
pkgs/os-specific/linux/kernel/perf.nix
pkgs/servers/sip/freeswitch/default.nix
pkgs/tools/archivers/cromfs/default.nix
pkgs/tools/graphics/plotutils/default.nix
2016-08-27 23:54:54 +01:00
daa9d5edca
perf: unbreak build since glibc 2.24 upgrade
...
glibc 2.24 deprecated readdir_r, breaking the perf build:
$ nix-build -A linuxPackages.perf
...
CC util/event.o
CC util/evlist.o
util/event.c: In function '__event__synthesize_thread':
util/event.c:448:2: error: 'readdir_r' is deprecated [-Werror=deprecated-declarations]
while (!readdir_r(tasks, &dirent, &next) && next) {
^
In file included from /nix/store/8ic0jwg3p5vcwx52k4781n987hmv0bks-glibc-2.24-dev/include/features.h:368:0,
from /nix/store/8ic0jwg3p5vcwx52k4781n987hmv0bks-glibc-2.24-dev/include/stdint.h:25,
from /nix/store/jsazxc1b86g2ww569ziwhhvkz8z43vjd-gcc-5.4.0/lib/gcc/x86_64-unknown-linux-gnu/5.4.0/include/stdint.h:9,
from /tmp/nix-build-perf-linux-4.4.19.drv-0/linux-4.4.19/tools/include/linux/types.h:6,
from util/event.c:1:
/nix/store/8ic0jwg3p5vcwx52k4781n987hmv0bks-glibc-2.24-dev/include/dirent.h:189:12: note: declared here
extern int __REDIRECT (readdir_r,
^
util/event.c: In function 'perf_event__synthesize_threads':
util/event.c:586:2: error: 'readdir_r' is deprecated [-Werror=deprecated-declarations]
while (!readdir_r(proc, &dirent, &next) && next) {
Fix by adding -Wno-error=deprecated-declarations compile flag.
2016-08-27 10:21:57 +02:00
131cd8f45d
Merge pull request #18005 from gebner/kernel-amd-powerplay
...
kernel: config: enable DRM_AMD_POWERPLAY
2016-08-26 19:04:54 +02:00
40e0e5fb0b
linux_testing: 4.7-rc7 -> 4.8-rc3
2016-08-26 14:47:45 +02:00
aacf6651c1
linux: 4.4.18 -> 4.4.19
2016-08-26 14:47:45 +02:00
90251478ec
linux: 4.1.30 -> 4.1.31
2016-08-26 14:47:45 +02:00
377c851395
linux: 3.18.36 -> 3.18.40
2016-08-26 14:47:45 +02:00
dc37edb36c
linux: 3.14.73 -> 3.14.77
2016-08-26 14:47:45 +02:00
458d477215
linux: 3.12.61 -> 3.12.62
2016-08-26 14:47:45 +02:00
7b01df18a2
kernel: config: enable DRM_AMD_POWERPLAY
2016-08-26 08:45:49 +02:00
2b1fa9da8b
Add initial patches for CPU Controller on Control Group v2
2016-08-25 13:01:40 -04:00
c26de11551
linuxPackages.perf: fix build with new glibc and remove hack
...
elfutils now adds a eu- prefix to avoid collisions
2016-08-24 19:19:02 +00:00
0e8d2725dc
Merge branch 'master' into staging
2016-08-23 18:50:06 +01:00
cf592a8969
grsecurity: 4.7.1-201608161813 -> 4.7.2-201608211829
2016-08-23 01:49:34 +02:00
24a9183f90
Merge branch 'hardened-stdenv' into staging
...
Closes #12895
Amazing work by @globin & @fpletz getting hardened compiler flags by
enabled default on the whole package set
2016-08-22 01:19:35 +01:00
ba50fd7170
Merge branch 'master' into staging
2016-08-22 01:18:11 +01:00
175028582c
linux: 4.7.1 -> 4.7.2
2016-08-21 13:56:45 +00:00
ff22705793
treewide: replace several /sbin paths by /bin
2016-08-19 17:56:45 +03:00
bd68309643
kernel config: Enable SECCOMP
...
This is used by systemd >= 231 and is not enabled in the ARM
multiplatform defconfig.
2016-08-18 16:33:46 +03:00
ba20363f11
grsecurity: 4.7-201608151842 -> 4.7.1-201608161813
2016-08-17 15:19:27 +02:00
2571438988
linux: 4.7 -> 4.7.1
2016-08-17 05:46:00 +02:00
7a4407461b
linux: 4.6.6 -> 4.6.7
...
Fixes CVE-2016-5696.
2016-08-17 05:45:59 +02:00
da95fb368c
linux: 4.4.17 -> 4.4.18
...
Fixes CVE-2016-5696.
2016-08-17 05:45:59 +02:00
2104d28bcd
linux: 4.1.27 -> 4.1.30
...
Fixes CVE-2016-5696.
2016-08-17 05:45:59 +02:00
d82ddd6dc0
grsecurity: 4.7-201608131240 -> 4.7-201608151842
2016-08-16 17:50:37 +02:00
b1cceeda84
grsecurity: enable pax size overflow plugin
2016-08-16 17:50:36 +02:00
3fcb9e6f57
grsecurity: support non-enforcing mode
...
Until we've made sure that most things actually work out of the box, we
need to give people a way of continuing to use the system without
completely disabling grsecurity.
Set sysctl kernel.pax.softmode=1 or boot with pax.softmode=1
2016-08-16 17:50:36 +02:00
33e1c78ae3
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-08-16 07:54:01 +00:00
9adad8612b
Revert "Merge branch 'modprobe-fix' of git://github.com/abbradar/nixpkgs"
...
Was meant to go into staging, sorry
This reverts commit 57b2d1e9b0760b2b9048
2016-08-15 19:05:52 -04:00
57b2d1e9b0
Merge branch 'modprobe-fix' of git://github.com/abbradar/nixpkgs
2016-08-15 19:01:44 -04:00
1afd250676
treewide: replace several /sbin paths by /bin
2016-08-16 00:19:25 +03:00
9062c67914
grsecurity: 4.6.5-201607312210 -> 4.7-201608131240
2016-08-15 20:36:46 +02:00
64c79e8526
linux: 4.6.5 -> 4.6.6
2016-08-15 04:28:08 +02:00
2a8718fb0b
linux_4_5: remove, not support by upstream anymore
2016-08-15 04:28:02 +02:00
bd4490e277
Merge branch 'master' into hardened-stdenv
2016-08-13 16:59:55 +02:00
b2efe2babd
Revert "linux kernel 4.4: fix race during build"
...
Removes patch. Was fixed upstream.
This reverts commit 4788ec1372
2016-08-12 16:42:25 +01:00
b1817fa8a3
linux_mptcp: 0.90.1 (kernel 3.18) -> 0.91 (kernel 4.1) ( #17675 )
2016-08-12 15:14:24 +02:00
b7787d932e
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-08-12 09:46:53 +00:00
18947c9e36
Revert "ecryptfs: fix kernel bug introduced in 4.4.14"
...
The Linux 4.4.17 release fixes the underlying issue
This reverts commit fad9a8841b
2016-08-11 17:15:54 +01:00
e26ac7afd4
linux: 4.4.16 -> 4.4.17
2016-08-11 15:20:07 +02:00
088bcf4ec4
kernel config: Fix 3.10, 3.12, 3.14 builds
2016-08-06 17:06:45 +03:00
44f462bf4d
generate-config.pl: Be more verbose about missing options
...
For instance, the current 3.10 kernel build fails at the end with:
unused option: BRCMFMAC_PCIE
unused option: FW_LOADER_USER_HELPER_FALLBACK
unused option: KEXEC_FILE
unused option: RANDOMIZE_BASE
However, it's not obvious that only the _last_ one is actually fatal to
the build. After this change it's at least somewhat better:
warning: unused option: BRCMFMAC_PCIE
warning: unused option: FW_LOADER_USER_HELPER_FALLBACK
warning: unused option: KEXEC_FILE
error: unused option: RANDOMIZE_BASE
2016-08-06 17:06:45 +03:00
7281740c2e
linux: enable DRM_GMA600 and DRM_GMA3600
...
Adds basic support for Intel GMA3600/3650 (Intel Cedar Trail) platforms
and support for GMA600 (Intel Moorestown/Oaktrail) platforms with LVDS
ports via the gma500_gfx module.
Resolves #14727 Closes #17519
2016-08-05 19:07:40 +02:00
2d6b7aa545
linux: enable some useful networking options
...
All options are enabled by default on Debian and some other
distributions, so these should be safe.
2016-08-05 04:07:31 +02:00
1be4907ca2
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-08-02 13:46:36 +00:00
76f2e827a7
grsecurity: 4.6.5-201607272152 -> 4.6.5-201607312210
2016-08-01 12:46:48 +02:00
63c7b4f9a7
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-07-31 20:51:34 +00:00
83f783c00f
grsecurity: 4.6.4-201607242014 -> 4.6.5-201607272152
2016-07-29 00:24:00 +02:00
9aee2a17af
linux: 4.6.4 -> 4.6.5
...
Removed patch was applied upstream.
2016-07-28 23:05:27 +02:00
b68fe1a572
linux: 4.5.6 -> 4.5.7
2016-07-28 23:05:27 +02:00
42f8df10a2
linux: 4.4.16 -> 4.4.16
2016-07-28 17:03:55 +02:00
f222d98746
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-07-25 12:47:13 +00:00
e725c927d4
grsecurity: 4.6.4-201607192040 -> 4.6.4-201607242014
2016-07-25 09:11:28 +02:00
ac93e9f2c8
Linux 4.7
2016-07-24 18:30:08 -04:00
dd02b6f118
perf: depend on libiberty to get c++ demangling.
2016-07-21 17:27:15 +02:00
1f04b4a566
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-07-21 00:56:43 +00:00
55120ac4cb
grsecurity: 4.6.4-201607112205 -> 4.6.4-201607192040
2016-07-20 10:17:35 +02:00
c93ffb95bc
grsecurity: enable support for setting pax flags via xattrs
...
While useless for binaries within the Nix store, user xattrs are a convenient
alternative for setting PaX flags to executables outside of the store.
To use disable secure memory protections for a non-store file foo, do
$ setfattr -n user.pax.flags -v em foo
2016-07-20 10:17:11 +02:00
5185bc1773
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-07-15 14:41:01 +00:00
927a984de6
kernel: make KEXEC_FILE & KEXEC_JUMP optional to fix i686 build
...
cc @edolstra @dezgeg @domenkozar
2016-07-13 12:49:18 +02:00
fad9a8841b
ecryptfs: fix kernel bug introduced in 4.4.14
...
Introduced by mainline commit 2f36db7
Patch is from http://www.spinics.net/lists/stable/msg137350.html
Fixes #16766
2016-07-13 11:04:07 +02:00
dde259dfb5
linux: Add patch to fix CVE-2016-5829 ( #16824 )
...
Fixed for all available 4.x series kernels.
From CVE-2016-5829:
Multiple heap-based buffer overflows in the hiddev_ioctl_usage function
in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow
local users to cause a denial of service or possibly have unspecified
other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl
call.
2016-07-12 20:56:50 +02:00
416120e0c7
grsecurity: 4.6.3-201607070721 -> 4.6.4-201607112205
2016-07-12 15:15:09 +02:00
47da65923b
kernel: 4.6.3 -> 4.6.4 ( #16875 )
2016-07-12 09:54:57 +02:00
b2b8a89945
linux-testing: 4.7-rc6 -> 4.7-rc7 ( #16854 )
2016-07-11 17:53:41 +02:00
ecc26d7a40
linux: Disable the old IDE subsystem
...
This has long been deprecated in favour of the new ATA support
(CONFIG_ATA).
2016-07-11 15:05:21 +02:00
7b9c493d60
linux: Enable some kernel features
...
This enables a few features that should be useful and safe (they're
all used by the default Ubuntu kernel config), in particular zswap,
wakelocks, kernel load address randomization, userfaultfd (useful for
QEMU), paravirtualized spinlocks and automatic process group
scheduling.
Also removes some configuration conditional on kernel versions that we
no longer support.
2016-07-11 15:04:56 +02:00
1cd7dbc00b
linux: Bump NR_CPUS
...
The default limit (64) is too low for systems like EC2 x1.* instances
or Xeon Phis, so let's increase it.
2016-07-11 14:32:18 +02:00
a2ebf45b47
grsecurity: 4.5.7-201606302132 -> 4.6.3-201607070721
2016-07-07 19:34:58 +02:00
4085f4de5f
Merge branch 'pr-newest-uboot' into master
2016-07-04 15:17:46 +03:00
55aecd308e
linux-rpi: 4.1.20-XXX -> 4.4.13-1.20160620-1
...
- Add a patch to unset CONFIG_LOCALVERSION in the v7 build.
- Copy all the device trees to match the upstream names so U-Boot can
find them. (This is a hack.)
2016-07-04 15:13:29 +03:00
566c990f33
linux-testing: 4.6-rc6 -> 4.7-rc6
...
The config option DEVPTS_MULTIPLE_INSTANCES now no longer exists since
torvalds/linux@eedf265aa0 .
Built successfully on my Hydra instance:
https://headcounter.org/hydra/log/r4n6sv0zld0aj65r7l494757s2r8w8sr-linux-4.7-rc6.drv
Verified unpacked tarball with GnuPG:
ABAF 11C6 5A29 70B1 30AB E3C4 79BE 3E43 0041 1886
gpg: Signature made Mon 04 Jul 2016 08:13:05 AM CEST
gpg: using RSA key 79BE3E4300411886
gpg: Good signature from "Linus Torvalds <torvalds@linux-foundation.org>"
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-07-04 10:46:48 +02:00
640ac5186f
grsecurity: 4.5.7-201606292300 -> 4.5.7-201606302132
2016-07-02 20:37:52 +02:00
51c04b74c1
grsecurity: 4.5.7-201606280009 -> 4.5.7-201606292300
2016-06-30 11:09:59 +02:00
cdcdc25ef3
grsecurity: 4.5.7-201606262019 -> 4.5.7-201606280009
2016-06-28 14:57:20 +02:00
d5eec25ff9
grsecurity: 4.5.7-201606222150 -> 4.5.7-201606262019
2016-06-27 21:42:17 +02:00
7e9affa7ee
linux_4_3: Remove, not maintained anymore
2016-06-27 00:11:16 +02:00
eed51eccef
linux: 3.10.101 -> 3.10.102
2016-06-27 00:11:16 +02:00
b7e0b118d9
linux: 3.12.57 -> 3.12.61
2016-06-27 00:11:04 +02:00
0387eddb51
linux: 3.14.65 -> 3.14.73
2016-06-27 00:10:38 +02:00
6165af4db2
linux: 3.18.29 -> 3.18.36
2016-06-27 00:09:56 +02:00
5806b185bd
linux: 4.1.25 -> 4.1.27
2016-06-27 00:09:30 +02:00
4a942499b4
linux: 4.4.13 -> 4.4.14
2016-06-27 00:08:11 +02:00
4fb72b2fd3
grsecurity: 4.5.7-201606202152 -> 4.5.7-201606222150
2016-06-26 17:27:17 +02:00
125ffff089
kernel: 4.6.2 -> 4.6.3
2016-06-24 22:18:16 +00:00
9d052a2c39
grsecurity: 4.5.7-201606142010 -> 4.5.7-201606202152
2016-06-23 00:55:54 +02:00
453086a15f
linux: 4.4.12 -> 4.4.13
2016-06-20 13:11:55 +02:00
7c32638439
Merge pull request #16259 from layus/update-mptcp
...
linux_mptcp: update 0.90 -> 0.90.1
2016-06-20 09:29:07 +01:00
875fd5af73
grsecurity: 4.5.7-201606110914 -> 4.5.7-201606142010
2016-06-16 14:29:12 +02:00
d73b7d101f
linux_mptcp: 0.90 -> 0.90.1
2016-06-15 22:56:11 +02:00
130b06eb0b
grsecurity: 4.5.7-201606080852 -> 4.5.7-201606110914
2016-06-14 14:18:01 +02:00
886c03ad2e
Merge pull request #16107 from joachifm/grsec-ng
...
Rework grsecurity support
2016-06-14 03:52:50 +02:00
75b9a7beac
grsecurity: implement a single NixOS kernel
...
This patch replaces the old grsecurity kernels with a single NixOS
specific grsecurity kernel. This kernel is intended as a general
purpose kernel, tuned for casual desktop use.
Providing only a single kernel may seem like a regression compared to
offering a multitude of flavors. It is impossible, however, to
effectively test and support that many options. This is amplified by
the reality that very few seem to actually use grsecurity on NixOS,
meaning that bugs go unnoticed for long periods of time, simply because
those code paths end up never being exercised. More generally, it is
hopeless to anticipate imagined needs. It is better to start from a
solid foundation and possibly add more flavours on demand.
While the generic kernel is intended to cover a wide range of use cases,
it cannot cover everything. For some, the configuration will be either
too restrictive or too lenient. In those cases, the recommended
solution is to build a custom kernel --- this is *strongly* recommended
for security sensitive deployments.
Building a custom grsec kernel should be as simple as
```nix
linux_grsec_nixos.override {
extraConfig = ''
GRKERNSEC y
PAX y
# and so on ...
'';
}
```
The generic kernel should be usable both as a KVM guest and host. When
running as a host, the kernel assumes hardware virtualisation support.
Virtualisation systems other than KVM are *unsupported*: users of
non-KVM systems are better served by compiling a custom kernel.
Unlike previous Grsecurity kernels, this configuration disables `/proc`
restrictions in favor of `security.hideProcessInformation`.
Known incompatibilities:
- ZFS: can't load spl and zfs kernel modules; claims incompatibility
with KERNEXEC method `or` and RAP; changing to `bts` does not fix the
problem, which implies we'd have to disable RAP as well for ZFS to
work
- `kexec()`: likely incompatible with KERNEXEC (unverified)
- Xen: likely incompatible with KERNEXEC and UDEREF (unverified)
- Virtualbox: likely incompatible with UDEREF (unverified)
2016-06-14 00:08:20 +02:00
4ae5eb97f1
kernel: set virtualization options regardless of grsec
...
Per my own testing, the NixOS grsecurity kernel works both as a
KVM-based virtualisation host and guest; there appears to be no good
reason to making these conditional on `features.grsecurity`.
More generally, it's unclear what `features.grsecurity` *means*. If
someone configures a grsecurity kernel in such a fashion that it breaks
KVM support, they should know to disable KVM themselves.
2016-06-10 19:27:59 +02:00
d8e4432fe2
kernel: unconditionally disable /dev/kmem
...
This was presumably set for grsecurity compatibility, but now appears
redundant. Grsecurity does not expect nor require /dev/kmem to be
present and so it makes little sense to continue making its inclusion in
the standard kernel dependent on grsecurity.
More generally, given the large number of possible grsecurity
configurations, it is unclear what `features.grsecurity` even
*means* and its use should be discouraged.
2016-06-10 19:27:41 +02:00
4fbafb2395
linux 4.6.1 -> 4.6.2
2016-06-10 09:30:11 -04:00
8031cba2ab
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-06-10 09:27:04 +00:00
edc36a0091
grsecurity: 4.5.6-201606051644 -> 4.5.7-201606080852
2016-06-09 15:40:06 +02:00
20c2ce4954
Merge #16045 : kernel: 4.6.0 -> 4.6.1
2016-06-09 14:37:32 +02:00
c0895be3ee
Merge #16044 : kernel: 4.1.20 -> 4.1.25
2016-06-09 14:36:31 +02:00
f9310c2eee
Merge #16043 : kernel: 4.4.11 -> 4.4.12
2016-06-09 14:34:50 +02:00
269b7d30a7
kernel: 4.6.0 -> 4.6.1
2016-06-07 09:59:19 -04:00
8f4755a0ae
kernel: 4.5.5 -> 4.5.6
2016-06-07 09:58:24 -04:00
a57cbf6546
kernel: 4.4.11 -> 4.4.12
2016-06-07 09:57:47 -04:00
f3ebf13762
kernel: 4.1.20 -> 4.1.25
2016-06-07 09:57:07 -04:00
72899d92d0
grsecurity: 4.5.5-201605291201 -> 4.5.6-201606051644
2016-06-07 15:04:24 +02:00
bac26e08db
Fix lots of fetchgit hashes (fallout from #15469 )
2016-06-03 17:17:08 +03:00
4c99d22f19
kernel: set nx bit on module ro segments
...
Fixes #4757 .
2016-06-03 15:41:47 +02:00
2d382f3d98
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-05-30 19:39:34 +00:00
bfefc54bc5
grsecurity: 4.5.5-201605211442 -> 4.5.5-201605291201
2016-05-29 20:34:24 +02:00
3ee6b22dc3
linux: 4.4.10 -> 4.4.11
2016-05-22 23:05:10 +02:00
5a357d9731
grsecurity: 4.5.5-201605202102 -> 4.5.5-201605211442
2016-05-21 22:28:36 +02:00
79481bd68f
linux: 4.5.4 -> 4.5.5
2016-05-21 07:37:41 +02:00
cdf2ffda9d
grsecurity: 4.5.4-201605131918 -> 4.5.5-201605202102
2016-05-21 07:37:41 +02:00
f8d481754c
Merge remote-tracking branch 'origin/master' into hardened-stdenv
2016-05-18 17:10:02 +02:00
1ea263ef03
linux-4.6: Fix copy-paste error.
...
Thanks to @NeQuissimus for the spot
2016-05-16 13:53:23 -04:00
0373eb86f1
Linux 4.6
2016-05-16 11:56:39 -04:00
f99c86eec1
grsecurity: remove expressions for unsupported versions
...
Retain top-level attributes for now but consolidate compatibility
attributes.
Part of ongoing cleanup, doing it all at once is infeasible.
2016-05-16 09:10:27 +02:00
6194e9d801
kernelPatches.grsecurity: 4.5.4-201605122039 -> 4.5.4-201605131918
...
Also revert to using the grsecurity-scrape mirror; relying on upstream
just isn't viable. Lately, updates have been so frequent that a new
version is released before Hydra even gets around to building the
previous one.
2016-05-14 05:15:35 +02:00
7fdce2feb0
kernelPatches.grsecurity_4_5: 4.5.4-201605112030 -> 4.5.4-201605122039
2016-05-13 23:11:07 +02:00
10aaca8c1f
grsecurity_4_5: 4.5.3-201605080858 -> 4.5.4-201605112030
2016-05-13 20:11:31 +02:00
006f6d9437
linux: 4.5.3 -> 4.5.4
2016-05-13 17:27:51 +02:00
7a8ea6138e
linux: 4.4.9 -> 4.4.10
2016-05-11 20:34:02 +02:00
52477b0a0b
kernelPatches.grsecurity_4_5: 201605060852 -> 201605080858
2016-05-09 16:38:44 +02:00
f53850bf21
kernel: 4.4.8 -> 4.4.9 ( #15276 )
2016-05-06 20:25:29 +02:00
53a4582552
Adding vmlinux to linux kernel 'dev' derivation.
...
It takes some extra 13MB (and in dev, not out), but allows perf to show kernel
symbols when profiling. I think it is worth it.
In my NixOS, I refer to it in the system derivation, for easy telling to perf
through /run/booted-system/vmlinux:
system.extraSystemBuilderCmds = ''
ln -s ${config.boot.kernelPackages.kernel.dev}/vmlinux $out/vmlinux
'';
2016-05-06 18:11:03 +02:00
02d94d335a
kernel: 4.5.2 -> 4.5.3
2016-05-06 11:12:04 -04:00
27061905bd
linuxPackages_grsec_4_5: 3.1-4.5.2-201604290633 -> 3.1-4.5.3-201605060852
2016-05-06 16:37:25 +02:00
1f84e43239
Do some large, concurrency-capable builds on dedicated machines
2016-05-04 18:16:27 +02:00
0bd31bce10
grsecurity: drop support for 4.4 kernels
...
From now on, only the testing branch of grsecurity will be supported.
Additionally, use only patches from upstream.
It's impossible to provide meaningful support for grsecurity stable.
First, because building and testing \(m \times n \times z) [1], packages
is infeasible. Second, because stable patches are only available from
upstream for-pay, making us reliant on third-parties for patches. In
addition to creating yet more work for the maintainers, using stable
patches provided by a third-party goes against the wishes of upstream.
nixpkgs provides the tools necessary to build grsecurity kernels for any
version the user chooses, however, provided they pay for, or otherwise
acquire, the patch themselves.
Eventually, we'll want to remove the now obsolete top-level attributes,
but leave them in for now to smoothe migration (they have been removed
from top-level/release.nix, though, because it makes no sense to have
them there).
[1]: where \(m\) is the number of grsecurity flavors, \(n\) is the
number of kernel versions, and z is the size of the `linuxPackages` set
2016-05-04 01:07:53 +02:00
c92bca56f8
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-05-02 22:58:02 +00:00
7893cb1aea
linuxPackages_grsec_4_1: delete
...
Upstream supports 3.14, 4.4, and 4.5
2016-05-02 11:28:05 +02:00
fecb56fc3f
linuxPackages_grsec_4_5: init at 3.1-4.5.2-201604290633
2016-05-02 11:28:05 +02:00
80f923f26f
linux-testing: 4.6-rc5 -> 4.6-rc6
2016-05-02 02:29:42 +01:00
c494947676
linux_testing: 4.6-rc4 -> 4.6-rc5
2016-04-28 23:59:52 +00:00
7276417870
kernel config: Enable BINFMT_MISC
...
This is enabled in x86 builds but lacking on ARM.
2016-04-28 20:46:34 +03:00
454eefa63b
linux: 4.4.7 -> 4.4.8
2016-04-26 16:39:59 +02:00
90cdfb5414
kernel: 4.5.1 -> 4.5.2
2016-04-20 11:55:13 +01:00
b59a6aa93a
kernel: turn off bindnow hardening
2016-04-19 02:21:57 +00:00
d020caa5b2
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-04-18 13:49:22 +00:00
ec198e3868
linux-testing: 4.6-rc3 -> 4.6-rc4 ( #14803 )
2016-04-18 14:11:25 +01:00
ccc3080857
kernel: 4.4.6 -> 4.4.7 ( #14690 )
2016-04-14 16:30:20 +02:00
af4d84544f
kernel: 4.5 -> 4.5.1 ( #14691 )
2016-04-14 15:57:18 +02:00
39ebb01d6e
Merge branch 'staging', containing closure-size #7701
2016-04-13 09:25:28 +02:00
4788ec1372
linux kernel 4.4: fix race during build
...
Patch drivers/crypto/qat/qat_common/Makefile so that qat_asym_algs.o
explicitly depends on headers qat_rsaprivkey-asn1.h and qat_rsapubkey-asn1.h
Hopefully fixes #14595
2016-04-12 22:45:57 +01:00
5e5ef22d73
linux_testing: 4.6-rc2 -> 4.6-rc3 ( #14592 )
2016-04-11 13:44:34 +01:00
ad7b1e24c2
fan-networking: updated patches from Ubuntu
...
This pulls in updated Fan Networking patches from Ubuntu.
(https://wiki.ubuntu.com/FanNetworking )
closes #14328
2016-04-10 16:07:03 -04:00
30f14243c3
Merge branch 'master' into closure-size
...
Comparison to master evaluations on Hydra:
- 1255515 for nixos
- 1255502 for nixpkgs
2016-04-10 11:17:52 +02:00
3e68106afd
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-04-07 21:52:26 +00:00
4907fc9e8d
Merge pull request #14509 from ragnard/bpf-tracing-kernel-config
...
linux: kernel config for extended BPF support
2016-04-07 11:01:34 +02:00
961d1e847c
linux: kernel config for extended BPF support
...
- Enable BPF_SYSCALL and BPF_EVENTS
- Build modules for NET_CLS_BPF and NET_ACT_BPF
With these config options we can leverage the full potential of BPF for
tracing and instrumenting Linux systems, for example using
libraries/tools like those provided by the bcc project.
2016-04-07 08:14:41 +01:00
b95274cc90
kernel: Don't patchELF manually
...
AFAICT this is done by stdenv nowadays:
bde82098b8/pkgs/development/tools/misc/patchelf/setup-hook.sh (L5)bde82098b8/pkgs/stdenv/generic/setup.sh (L737)http://hydra.nixos.org/build/34131589/nixlog/1/raw
2016-04-06 17:19:43 +03:00
5ca99ae7a7
kernel.i686-linux: disable bindnow hardening
2016-04-06 14:16:42 +00:00
b95a1c4f77
kernel: fix build of 3.10 and 3.12 on i686
...
(cherry picked from commit 23730413fef4be7fe365f452fcaef16c5f4e4b1b)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-04-06 10:36:04 +01:00
bbbaccfa68
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-04-04 15:24:52 +00:00
5ef5e59c56
linux_testing: 4.6-rc1 -> 4.6-rc2
2016-04-03 19:14:31 +00:00
ab15a62c68
Merge branch 'master' into closure-size
...
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
2016-04-01 10:06:01 +02:00
f60c9df0ba
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-03-28 15:16:29 +00:00
c61445357e
Merge pull request #14239 from kragniz/linux-testing-4.6-rc1
...
Linux-testing 4.6-rc1
2016-03-28 15:53:52 +01:00
dd16dcbba4
linux_grsec_3_14: mark as broken
...
First, The patch is outdated, I failed to find it anywhere in the mirror repos.
Second, the build fails, and while it may be "fixed" by ad-hoc patching (it
appears to simply need some missing includes), this would mean shipping a
potentially insecure software package. Given that the only reason to use
grsecurity is security, this is both misleading and exposes users to undue risk.
Finally, the build has been broken for quite a long time with no complaints,
leading me to believe that the number of actual users is quite low.
2016-03-27 21:13:41 +02:00
b07e7bfc7b
Merge remote-tracking branch 'origin/staging'
2016-03-27 13:19:04 +01:00
bd9737cc3e
linux_chromiumos: require 64bit build host
...
I noticed that almost all the Hydra build failures were on i686. Sure
enough, upstream says that you need an x86_64 machine to build the
kernel.
2016-03-27 05:35:04 +02:00
8b7e150bb9
linux-testing: 4.5-rc7 -> 4.6-rc1
2016-03-27 03:10:19 +01:00
695c2e4ee4
kernel-config: do not use NFSD_PNFS on >=4.6
2016-03-27 03:09:30 +01:00
89c6b3c11a
perf: fix build
...
https://hydra.nixos.org/build/33553564/nixlog/1/raw
2016-03-26 18:18:40 +01:00
4393e65a44
Merge pull request #14054 from NeQuissimus/kernel310101
...
kernel: 3.10.99 -> 3.10.101
2016-03-23 11:31:21 +00:00
2a428566e8
Merge pull request #14055 from NeQuissimus/kernel31257
...
kernel: 3.12.55 -> 3.12.57
2016-03-23 11:31:14 +00:00
4b29e2e6cb
Merge pull request #14056 from NeQuissimus/kernel31465
...
kernel: 3.14.63 -> 3.14.65
2016-03-23 11:30:59 +00:00
40b0538239
Update linux raspberry-pi to 4.1.y.
...
I could boot it in pi2; I don't know if I needed new
firmware files in /boot.
2016-03-22 15:09:57 +01:00
6476075ccf
kernel: 3.18.28 -> 3.18.29 ( close #14057 )
2016-03-21 12:39:29 +01:00
379709b404
kernel: 4.1.17 -> 4.1.20 ( close #14058 )
2016-03-21 12:15:25 +01:00
4274edbe40
kernel: 3.14.63 -> 3.14.65
2016-03-19 18:29:40 +00:00
bf41deb889
kernel: 3.12.55 -> 3.12.57
2016-03-19 18:27:41 +00:00
6f5f855a2e
kernel: 3.10.99 -> 3.10.101
2016-03-19 18:25:24 +00:00
4b512321de
linux: 4.4.5 -> 4.4.6
...
CVE-2016-2143
2016-03-17 13:05:57 +01:00
6faa0aea88
linux: 3.18.27 -> 3.18.28
...
CVE-2016-2085
2016-03-17 13:05:13 +01:00
2ac4dba0fb
Merge pull request #13909 from kragniz/linux-4.5
...
linux: add 4.5
2016-03-15 18:12:47 +01:00
3f45f0948d
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-03-15 01:44:24 +00:00
8bdee80d39
linux: add 4.5
2016-03-14 22:34:05 +00:00
a5d8256df4
grsecurity: 4.4.4 -> 4.4.5
2016-03-14 21:29:42 +00:00
7c90420119
kernel: 4.4.4 -> 4.4.5
2016-03-10 01:39:17 +00:00
fedabe3334
Merge pull request #13745 from zohl/linux-chromiumos
...
linux_chromiumos_3_14: kernel option fix
2016-03-08 13:57:32 +03:00
09af15654f
Merge master into closure-size
...
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
255d710757
grsecurity: 4.4.2 -> 4.4.4
...
See #13505 .
2016-03-08 01:03:47 +01:00
eb5a897161
Merge remote-tracking branch 'origin/pr/13505'
...
Fixes #13505 .
2016-03-08 01:01:44 +01:00
9d03355bed
ChromiumOS kernel option fixup
2016-03-08 01:19:42 +03:00
e9fc4e7db6
Merge remote-tracking branch 'origin/master' into hardened-stdenv
2016-03-07 22:08:27 +01:00
cdb0267efe
linux-testing: 4.5-rc6 -> 4.5-rc7
2016-03-07 01:00:33 +00:00
3b1f2e070b
linux_4_4: 4.4.3 -> 4.4.4
2016-03-05 21:50:03 +01:00
af40e356fe
linux_3_14: 3.14.61 -> 3.14.63
2016-03-05 21:50:03 +01:00
354a1935d3
linux_3_12: 3.12.54 -> 3.12.55
2016-03-05 21:50:03 +01:00
5b8361c118
linux_3_10: 3.10.97 -> 3.10.99
2016-03-05 21:50:03 +01:00
cb3d27df93
Merge remote-tracking branch 'origin/master' into hardened-stdenv
2016-03-05 18:55:30 +01:00
aff1f4ab94
Use general hardening flag toggle lists
...
The following parameters are now available:
* hardeningDisable
To disable specific hardening flags
* hardeningEnable
To enable specific hardening flags
Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.
cc-wrapper supports the following flags:
* fortify
* stackprotector
* pie (disabled by default)
* pic
* strictoverflow
* format
* relro
* bindnow
2016-03-05 18:55:26 +01:00
4927ca8397
Merge pull request #13555 from kragniz/linux-testing-4.5-rc6
...
linux-testing: 4.5-rc5 -> 4.5-rc6
2016-03-03 19:03:17 +01:00
fed49425c5
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-03-03 16:11:55 +00:00
ede005ad3f
Enabling Media PCI adapters (needed for PCI DVB cards)
2016-03-01 20:57:46 +01:00
3747aef768
linux-testing: 4.5-rc5 -> 4.5-rc6
2016-02-28 19:13:36 +00:00
3b4765c9e5
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-02-28 16:32:57 +00:00
be3bd972d5
grsecurity: add 4.1 kernel
2016-02-28 15:00:16 +01:00
38614d3f6a
grsecurity: use kernel version instead of testing / stable
2016-02-28 04:10:59 +01:00
4e3d6d3e90
grsecurity: separate fix patches for testing & stable
2016-02-27 19:54:55 +01:00
75f353ffbd
grsecurity: decouple from mainline
2016-02-27 19:33:35 +01:00
7547960546
grsecurity: move version information to one place
2016-02-27 18:36:12 +01:00
d95321b83e
grsecurity: 4.3.4 -> 4.4.2
2016-02-27 18:36:12 +01:00
73e0c261c2
linux: 4.4.2 -> 4.4.3
2016-02-27 16:34:02 +01:00
3477e662e6
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-02-27 00:08:08 +00:00
7506c58d74
linux_3_10: 3.10.96 -> 3.10.97 ( close #13405 )
2016-02-25 23:09:08 +01:00
0e1319f03f
linux-3.10: fixup config by a slightly hacky way
...
For explanation see:
https://github.com/NixOS/nixpkgs/pull/13405#issuecomment-188357637
2016-02-25 23:07:47 +01:00
3ef63227dd
linux-testing: 4.5-rc4 -> 4.5-rc5 ( close #13403 )
2016-02-24 08:17:52 +01:00
642517fbda
linux_3_12: 3.12.53 -> 3.12.54 ( close #13406 )
2016-02-24 08:16:47 +01:00
08cf57204f
linux_3_14: 3.14.60 -> 3.14.61 ( close #13407 )
2016-02-24 08:16:18 +01:00
a2bd90650d
linux_4_3: 4.3.5 -> 4.3.6 ( close #13408 )
2016-02-24 08:15:34 +01:00
5e0105af9b
linux: 4.4.1 -> 4.4.2
2016-02-22 04:52:00 +01:00
bb2639aafc
Merge branch 'curl-7.15-fixup' of https://github.com/zimbatm/nixpkgs into hardened-stdenv
2016-02-22 01:14:22 +00:00
a6638c62a8
Revert "linux: 4.1.17 -> 4.1.18"
...
This reverts commit 6cdf5fe85fhttps://lkml.org/lkml/2016/2/19/748 which is blocking the channel update
due to a failing luksroot test: http://hydra.nixos.org/build/32159615
2016-02-21 17:57:39 +02:00
bc21db3692
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-02-19 21:16:14 +00:00
eff9726d54
linux: 4.3.4 -> 4.3.5
2016-02-18 03:44:19 +01:00
6cdf5fe85f
linux: 4.1.17 -> 4.1.18
2016-02-18 03:44:12 +01:00
d756ff9354
linux: 3.18.26 -> 3.18.27
2016-02-18 03:44:07 +01:00
41698c9efa
Merge branch 'master' into hardened-stdenv
2016-02-15 20:05:29 +01:00
d48f117d06
linux-testing: 4.5-rc3 -> 4.5-rc4
2016-02-14 23:03:26 +00:00
d039c87984
Merge branch 'master' into closure-size
2016-02-14 08:33:51 +01:00
077e24c10d
Revert "linuxPackages.perf: set -Wno-error=bool-compare"
...
This reverts commit 332c84196c
2016-02-10 23:27:37 +00:00
e2eca0c24c
Fix misspelled meta.maintainers attributes
2016-02-10 23:27:34 +00:00
280033235e
grsecurity: use source URL from a scraped repository as grsecurity.net only has the latest version
2016-02-10 23:27:31 +00:00
6040699768
Merge pull request #12890 from NeQuissimus/kernel45rc3
...
linux-testing: 4.5-rc2 -> 4.5-rc3
2016-02-10 21:20:46 +00:00
aea262f654
Fix misspelled meta.maintainers attributes
2016-02-10 14:59:50 +01:00
42deddb17a
grsecurity: use source URL from a scraped repository as grsecurity.net only has the latest version
2016-02-10 00:46:11 +01:00
332c84196c
linuxPackages.perf: set -Wno-error=bool-compare
2016-02-09 23:17:13 +00:00
5969a59052
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-02-09 16:28:44 +00:00
2fabb4b34d
linux-testing: 4.5-rc2 -> 4.5-rc3
2016-02-09 14:38:06 +00:00
9229e9c656
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-02-07 11:17:57 +00:00
12ca23d650
linux-testing: 4.4-rc8 -> 4.5-rc2
2016-02-06 20:54:55 +00:00
ae74c356d9
Merge recent 'staging' into closure-size
...
Let's get rid of those merge conflicts.
2016-02-03 16:57:19 +01:00
7db1cba057
kernel: Let the kernel build system strip modules
...
Since commit 48f51f1185
2016-02-02 22:47:32 +02:00
7b772ae398
linux: Update to 3.10.96, 3.12.53, 3.14.60, 3.18.26, 4.1.17, 4.4.1
2016-02-02 16:38:42 +01:00
48f51f1185
linux: Compress kernel modules
...
This reduces the kernel package from 185 to 62 MiB, for a neglible
boot time cost.
2016-02-01 18:19:23 +01:00
72a30ae66f
linux: Use $SOURCE_DATE_EPOCH as the build timestamp
2016-02-01 18:19:23 +01:00
0a7cd3c110
Remove unused file
2016-02-01 18:19:23 +01:00
b2dc647c1e
linux: adding PCI Expresscard Hotplug support
2016-02-01 11:07:08 +01:00
f6d3b7a2ae
switch hardening flags
2016-01-30 16:36:57 +00:00
954e9903ad
Use a hardened stdenv by default
2016-01-30 16:36:57 +00:00
ef1f64106f
kernel: add back the patch I just removed by accident
2016-01-24 04:12:17 +00:00
78956c77c0
linux: 4.3.3 -> 4.34 (and update grsecurity patches, too)
2016-01-24 03:53:46 +00:00
32d40f0f98
Remove no longer (or never) referenced patches
...
55 files changed, 6041 deletions. Tested with `nix-build -A tarball`.
2016-01-24 02:02:21 +01:00
8f9aea9ccc
grsecurity: fix kernel config and uncomment grsecurity kernels
2016-01-23 16:58:44 +00:00
33cf0792b1
grsecurity-testing: update patches and associated kernel version
2016-01-23 14:29:34 +00:00
29785c5b7a
Merge pull request #12309 from zohl/chromiumos-kernel
...
Add ChromiumOS kernels
2016-01-23 13:13:59 +03:00
4824f73cb3
linux-4.2: remove as it's no longer maintained upstream
...
grsecurity still holds a reference to it,
but I prefer it to fail than to use a version
that is most likely not secure anymore.
2016-01-20 20:15:07 +01:00
23f5e3c90f
linux: patch CVE-2016-0728 ( close #12492 )
...
The PoC provided successfully escalates privileges from a local user to
root. The vulnerability affects any Linux Kernel version 3.8 and higher.
http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/
2016-01-20 09:31:53 +01:00
f8ff4691ed
linux-mptcp: init at 0.90 (kernel 3.18.20), fixes #11149
2016-01-20 02:11:09 +01:00
716aac2519
Merge branch 'staging' into closure-size
2016-01-19 09:55:31 +01:00
42d4175e4e
kernel: 4.1.13 -> 4.1.15 ( close #12408 )
2016-01-15 19:59:52 +01:00
a3a5bc6095
linux_chromiumos_3_14: init at 3.14.0
...
Co-authored-by: Nikolay Amiantov <ab@fmap.me>
2016-01-13 22:43:19 +03:00
ee9e7b7224
linux_chromiumos_3_18: init at 3.18.0
...
Co-authored-by: Nikolay Amiantov <ab@fmap.me>
2016-01-13 22:43:19 +03:00
44274f62f5
linux: Add 4.4
2016-01-12 19:39:00 -05:00
1792ca5810
Increasing mmc possible partitions from 8 to 32.
...
In kernel common config. I have a modern tablet with 18 gpt partitions
on eMMC (Android+Win10 dualboot).
2016-01-11 09:27:58 +01:00
f318049964
kernel: 4.3.2 -> 4.3.3
2016-01-11 02:08:31 +00:00
6fc1c08324
Merge pull request #12143 from NeQuissimus/kernel440rc8
...
linux-testing: 4.4.0-rc7 -> 4.4.0-rc8
2016-01-10 21:07:46 +01:00
be9ad574f7
Adding framebuffer console rotation to kernels.
...
This helps in some weird screens that otherwise show the console 90° turned.
2016-01-07 16:48:46 +01:00
e4b4e9b986
linux: Make Unix domain sockets builtin
...
This hopefully fixes intermittent initrd failures where udevd cannot
create a Unix domain socket:
machine# running udev...
machine# error getting socket: Address family not supported by protocol
machine# error initializing udev control socket
machine# error getting socket: Address family not supported by protocol
The "unix" kernel module is supposed to be loaded automatically, and
clearly that works most of the time, but maybe there is a race
somewhere. In any case, no sane person would run a kernel without Unix
domain sockets, so we may as well make it builtin.
http://hydra.nixos.org/build/30001448
2016-01-07 13:20:53 +01:00
1283e01b38
linux-testing: 4.4.0-rc7 -> 4.4.0-rc8
2016-01-04 20:52:19 +00:00
7ea34af4dd
linux-testing: 4.4.0-rc6 -> 4.4.0-rc7
...
Upstream changes can be found at:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/?id=v4.4-rc7
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-01-02 17:56:03 +01:00
f9f6f41bff
Merge branch 'master' into closure-size
...
TODO: there was more significant refactoring of qtbase and plasma 5.5
on master, and I'm deferring pointing to correct outputs to later.
2015-12-31 09:53:02 +01:00
f6df6d8d46
linux: 3.18.24 -> 3.18.25
2015-12-29 15:56:20 +01:00
a326ab1755
linux-testing: 4.4.0-rc5 -> 4.4.0-rc6
...
Upstream changes can be found at:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/?id=v4.4-rc6
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-12-21 17:16:49 +01:00
45e335aabd
linux-testing: 4.4.0-rc4 -> 4.4.0-rc5
...
Upstream changes can be found at:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/?id=v4.4-rc5
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-12-14 20:29:10 +01:00
18af0f88d0
Linux 4.3: 4.3 -> 4.3.2
2015-12-12 08:46:34 -05:00
5b0352a6a4
Merge branch 'master' into closure-size
2015-12-11 18:31:00 +01:00
fc6d1471ce
linux-testing: Revert build fix for -rc3.
...
This reverts commit 79bd2b08ee
2015-12-11 11:31:05 +01:00
54d6f1f683
linux: 3.14.56 -> 3.14.58
2015-12-10 16:26:33 +01:00
c00feace39
linux-testing: 4.4.0-rc3 -> 4.4.0-rc4
...
Upstream changes can be found at:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/?id=v4.4-rc4
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-12-08 03:51:34 +01:00
e289717414
rename moveToOutput and propagatedBuildInputs
2015-12-02 10:05:36 +01:00
79bd2b08ee
linux-testing: Fix build with default config.
...
Regression introduced by 03a3a905b9torvalds/linux@47ca6ec
this results in a regression due to in a circular dependency between
libcfs and LNet:
depmod: ERROR: Found 2 modules in dependency cycles!
depmod: ERROR: Cycle detected: lnet -> libcfs -> lnet
The discussion regarding this in the LKML is here:
https://lkml.org/lkml/2015/11/2/388
So this adds a patch which is not yet included in mainline and has been
submitted to the LKML at:
https://lkml.org/lkml/2015/11/6/987
Built successfully via "nix-build -A linux-testing".
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-12-01 11:22:29 +01:00
03a3a905b9
linux-testing: 4.4.0-rc1 -> 4.4.0-rc3
...
Upstream changes can be found at:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/?id=v4.4-rc1&id2=v4.4-rc3
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-12-01 09:34:39 +01:00
a412927924
Merge remote-tracking branch 'origin/master' into closure-size
2015-11-25 21:37:30 +01:00
333d69a5f0
Merge staging into closure-size
...
The most complex problems were from dealing with switches reverted in
the meantime (gcc5, gmp6, ncurses6).
It's likely that darwin is (still) broken nontrivially.
2015-11-20 14:32:58 +01:00
16acdb45bd
Revert "kernel: Remove unsupported 3.10, 3.12, 3.14"
...
This reverts commit 2441e002e2
2015-11-19 14:25:16 +01:00
893179e9c1
linux-testing: Bump to 4.4-rc1
2015-11-17 17:21:25 -08:00
9579c9ec7f
Merge commit 'cb21b77' into master.upstream
...
This is a partial merge of staging for builds which are working
2015-11-13 15:53:10 -08:00
6668058a62
linux: add config options needed for a Bay Trail Chromebook
...
Close #10416 .
Got /dev/mmcblk0 on a live CD with these options:
X86_INTEL_LPSS y
PINCTRL_BAYTRAIL y
2015-11-11 15:33:42 +01:00
d4661c7366
kernel: 4.1.12 -> 4.1.13
2015-11-10 16:17:09 -08:00
3950ab9eb9
kernel: 4.2.5 -> 4.2.6
2015-11-10 16:17:06 -08:00
789504dadf
perf: Fix libbfd dependency
...
This fixes C++ symbol demangling.
2015-11-10 22:12:38 +01:00
2441e002e2
kernel: Remove unsupported 3.10, 3.12, 3.14
...
Our base kernel headers were bumped to 3.18 so we can no longer reliably
support kernels older than 3.18
2015-11-09 11:10:42 -08:00
d33c63c19d
kernel: 3.12.49 -> 3.12.50
2015-11-07 15:44:53 -08:00
827adff712
linux: Update to 3.18.24
2015-11-04 13:22:22 +01:00
4b7f374b7d
linux: Add 4.3
2015-11-02 11:01:17 -08:00
ea49c910a5
kernel: 3.18.22 -> 3.18.23
2015-10-30 17:17:14 -07:00
3c14c32975
Really disable the firmware loader user helper fallback
2015-10-30 13:31:51 -04:00
a7157fa2f0
Remove firmware loader fallback.
...
Systemd dropped support in 207 (would be nice if configure failed with a bad flag),
so all this does is add an annoying delay if firmware can't be found by the kernel
2015-10-30 10:29:56 -04:00
c82060df9f
linux-testing: 4.3.0-rc5 -> 4.3.0-rc7
...
Upstream changes can be found at:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/?id=v4.3-rc7&id2=v4.3-rc5
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-10-28 13:59:56 +01:00
d2918797bb
linux: Fix i686 build
2015-10-28 11:09:59 +01:00
221a970e82
kernel: 4.2.3 -> 4.2.5
2015-10-27 23:07:42 -07:00
658d7b285b
kernel: 4.1.11 -> 4.1.12
2015-10-27 23:07:33 -07:00
850fff4448
kernel: 3.14.54 -> 3.14.56
2015-10-27 23:07:17 -07:00
4eaa66c9d2
kernel: 3.10.90 -> 3.10.92
2015-10-27 23:07:09 -07:00
52c9e4415b
linux: Support x2APIC
...
Without this, certain servers with lots of CPU cores would show only
one core.
2015-10-26 16:20:02 +01:00
50ab972b5a
linux: Pass through configuration file
...
This enables "nix-build -A linux.configfile" to get the generated
kernel config.
2015-10-26 16:20:01 +01:00
7e6288c252
kernel: 4.1.10 -> 4.1.11, /cc #10607
...
Boots fine for me on 64-bit.
2015-10-26 08:34:44 +01:00
194357ad20
grsecurityUnstable: 4.1.7 -> 4.2.3
2015-10-15 10:41:04 -07:00
cfb2651959
kernel: 3.12.48 -> 3.12.49
2015-10-15 10:38:01 -07:00
197547e4ba
linux-testing: 4.3.0-rc4 -> 4.3.0-rc5
...
Upstream changes can be found at:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/?id=refs/tags/v4.3-rc5
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-10-13 05:31:43 +02:00
c46dd28ffd
linux-testing: 4.3.0-rc2 -> 4.3.0-rc4
2015-10-05 11:05:31 -07:00
cac0d87d98
kernel: 4.1.9 -> 4.1.10
2015-10-03 22:25:48 -07:00
62fa68e00c
kernel: 3.18.21 -> 3.18.22
2015-10-03 22:25:40 -07:00
23ff27b2c4
kernel: 3.10.89 -> 3.10.90
2015-10-03 22:25:33 -07:00
fc719c2437
Fix kernel config names for BRCMFMAC_*
2015-10-03 15:35:06 -04:00
e7f0b0297d
Linux: Enable PCIe and USB support for brcmfmac
2015-10-03 15:22:52 -04:00
edefa43d49
Linux 4.2: Bump
2015-10-03 15:22:03 -04:00
f361938b21
Merge staging into closure-size
...
This makes gcc5 the default builder, etc.
2015-10-03 15:23:13 +02:00
09637ac363
kernel: Don't propagate the dev output
...
The current default multiple-output propagation rules don't seem to work
too well if the dev output isn't the first one; without this we get an
unnecessary runtime reference to the kernel headers.
2015-10-03 14:08:55 +02:00
277d44f8fb
linux: Update to 3.14.54
2015-10-02 12:02:27 +02:00
c720f06f7c
linux kernel common config: re-enable NFC support
...
As test, Linux kernels were build successfully with NFC support for 3.18.x and
for 4.1.x.
2015-10-01 17:53:51 +02:00
e45e777c37
kernel: Remove uneeded patch for 4.2
2015-09-29 17:47:18 -07:00
05fd70b4be
kernel: 4.2.1 -> 4.2.2
2015-09-29 15:57:30 -07:00
40773c7605
kernel: 4.1.8 -> 4.1.9
2015-09-29 15:57:29 -07:00
84c0098117
Unprivileged overlayfs mounts kernel patch from ubuntu
...
This allows to create overlayfs mounts by unprivileged containers (i.e.
in user and mount namespace). It's super-useful for containers.
The patch is trivial as I understand from the patch description it's
does not have security implications (on top of what user namespaces
already have). And it's enabled in ubuntu long time ago. Here is a proof:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1357025
2015-09-26 00:42:16 +03:00
40396584eb
kernel: 4.2 -> 4.2.1
2015-09-23 12:29:59 -07:00
d5c7b265f7
kernel: 4.1.7 -> 4.1.8
2015-09-23 12:29:59 -07:00
97200b7808
kernel: 3.14.52 -> 3.14.53
2015-09-23 12:29:59 -07:00
397f806453
kernel: 3.12.47 -> 3.12.48
2015-09-23 12:29:59 -07:00
284ea9295e
kernel: 3.10.88 -> 3.10.89
2015-09-23 12:29:59 -07:00
9fbbbd5b68
linux-testing: Update to 4.3.0-rc2
2015-09-21 14:38:49 -07:00
f08fb6e6c7
broadcom-sta: fix build on kernel >= 4.2 ( close #9953 )
...
Also cherry-pick a licensing fix from torvalds/linux@7d3e2eb178
necessary for building broadcom-sta on kernel 4.2.
For more details, see:
https://github.com/longsleep/bcmwl-ubuntu/issues/6
Fixes #9948 .
2015-09-20 08:01:37 +02:00
84505bd36a
grsecurity: Update patches
2015-09-16 13:35:41 -07:00
871baf2278
kernel: 4.1.6 -> 4.1.7
2015-09-16 12:55:36 -07:00
5975687f98
kernel: 3.14.51 -> 3.14.52
2015-09-16 12:55:36 -07:00
72d22e3f4d
kernel: 3.10.87 -> 3.10.88
2015-09-16 12:55:36 -07:00
eb7404d97a
all-packages: Use callPackage where possible
2015-09-14 22:27:19 -06:00
3ebe5f802b
Remove references to /root/test-firmware
...
This is no longer supported by systemd.
2015-09-07 22:55:16 +02:00
0754a213c1
Merge pull request #9643 from dezgeg/pr-perf
...
linuxPackages_*.perf: Fix build after kernel 4.1
2015-09-03 20:24:11 -07:00
710c4c3c9d
linuxPackages_*.perf: Fix build after kernel 4.1
...
In 4.1, the build system changed, and it now wants to execute ld like this:
ld -r -o util/scripting-engines/libperf-in.o util/scripting-engines/trace-event-perl.o util/scripting-engines/trace-event-python.o
The actual problem seems to be that `buildInputs = [elfutils ...]`
causes 'ld' to point to elfutils in PATH instead of the usual binutils.
So remove elfutils from buildInputs and set NIX_CFLAGS_* manually. This
is a slight hack, but there is some precedent:
0761f81da7/pkgs/tools/package-management/rpm/default.nix (L13)Fixes #9095 .
2015-09-03 23:37:15 +03:00
90dc8da64d
linux: Update to 3.18.21
2015-09-03 16:50:31 +02:00
38a74e27de
Remove Linux 4.0
...
It's EOL.
2015-09-03 16:50:31 +02:00
8e26a55dc4
linux: Add 4.2.0
2015-08-30 18:20:19 -07:00
5a303519fa
kernel: 3.12.46 -> 3.12.47
2015-08-28 15:46:34 -07:00
d70c01daec
grsecurity: Update patches
2015-08-18 21:06:45 -07:00
eb859dc816
kernel: 4.1.5 -> 4.1.6
2015-08-18 11:12:34 -07:00
e4fa08711c
kernel: 3.14.50 -> 3.14.51
2015-08-18 11:12:34 -07:00
109ff7ddee
kernel: 3.10.86 -> 3.10.87
2015-08-18 11:12:34 -07:00
c1ee8fefd4
nixos: add support for Ubuntu Fan Networking
...
This provides support for Ubuntu Fan Networking [1].
This includes:
* The fanctl package, and a corresponding NixOS service.
* iproute patches.
* kernel patches.
closes #9188
1: https://wiki.ubuntu.com/FanNetworking
2015-08-13 14:27:14 -04:00
52e55d85cb
kernel: 3.14.49 -> 3.14.50
2015-08-10 23:35:43 -07:00
2cec29f646
linux-3.19: Remove stale nix file
2015-08-10 23:34:32 -07:00
974b9cc8cc
kernel: 4.1.4 -> 4.1.5
2015-08-10 23:34:31 -07:00
9f79c1e6eb
kernel: 3.18.19 -> 3.18.20
2015-08-10 23:34:31 -07:00
5e33890995
kernel: 3.12.45 -> 3.12.46
2015-08-10 23:31:07 -07:00
5fe578d706
kernel: 3.10.85 -> 3.10.86
2015-08-10 23:30:59 -07:00
921055b4a8
kernel: Enable DRM_LOAD_EDID_FIRMWARE
...
This allows specifying drm_kms_helper.edid_firmware to work around displays
that provide bad EDID data.
Documentation: https://www.osadl.org/Single-View.111+M5ec938a7b3b.0.html
2015-08-04 16:38:38 -04:00
04f1b451d7
kernel: 3.14.48 -> 3.14.49
2015-08-04 13:30:08 -07:00
79fb844213
kernel: 4.0.8 -> 4.0.9
2015-08-04 13:28:46 -07:00
a5d6e61c2f
grsecurity: Push testing from 4.0 -> 4.1
2015-08-04 13:28:16 -07:00
ce6b96db6e
kernel-testing: 4.2.0-rc2 -> 4.2.0-rc5
2015-08-03 13:06:22 -07:00
102cfc53bc
kernel: 4.1.3 -> 4.1.4
2015-08-03 12:58:12 -07:00
678efd6df0
kernel: 3.12.44 -> 3.12.45
2015-08-03 12:58:12 -07:00
1684ec0bfc
kernel: 3.10.84 -> 3.10.85
2015-08-03 12:58:12 -07:00
982ce5ed58
Merge pull request #8978 from dezgeg/pr-arm-images
...
ARM SD card image expressions
2015-07-29 14:13:57 +02:00
24c13dfa81
kernel: 4.1.2 -> 4.1.3
2015-07-22 13:14:27 -07:00
612d19e8b4
kernel: 3.18.18 -> 3.18.19
2015-07-22 13:14:27 -07:00
82d0acaf37
kernel-config: Explicitly enable NAMESPACES
...
Namespace support is required by the `unshare` tool used in
`nixos-install`. It's enabled by the x86 defconfig, but not by
e.g. multi_v7_defconfig. So enable it here so that `nixos-install`
can work on ARM.
2015-07-22 16:08:17 +03:00
ec43c69b5d
linux-rpi: Fix modDirVersion
...
This causes build breakage on staging due to #7524 .
2015-07-22 16:08:17 +03:00
069b4a8a57
Remove Linux 3.2 and 3.4
...
These are not supported by systemd so no reason to keep them around.
(cherry picked from commit ee10e165dc
2015-07-22 12:25:32 +02:00
45135c0256
linux-testing: Update to version 4.2.0-rc2.
...
Upstream diff of changes can be found at:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/diff/?id=v4.2-rc2&id2=v4.2-rc1&dt=2
Not tested on my machine right now (well, it's "testing" after all), but
verified the SHA256 from two different connections.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-07-14 07:31:18 +02:00
0245b28796
kernel: 3.14.47 -> 3.14.48
2015-07-11 20:15:05 -07:00
3284b216a4
kernel: 4.0.7 -> 4.0.8
2015-07-11 20:15:05 -07:00
75b7938ba2
kernel: 4.1.1 -> 4.1.2
2015-07-11 20:15:05 -07:00
680e2ced04
kernel: 3.18.17 -> 3.18.18
2015-07-11 20:15:05 -07:00
4529105271
kernel: 3.10.82 -> 3.10.84
2015-07-11 20:15:05 -07:00
5c9f437d2f
linux: 3.14.46 -> 3.14.47
...
CVE-2014-7822
2015-07-09 15:10:12 +02:00
b363927556
linux-testing: 4.2-rc1
2015-07-06 13:45:03 -07:00
145768bf9b
Unmaintain a bunch of packages
2015-07-01 08:11:05 -04:00
d64b3c8a5c
kernel: 3.14.45 -> 3.14.46
2015-06-30 11:28:59 -07:00
43eda80b09
kernel: 3.18.16 -> 3.18.17
2015-06-30 11:20:41 -07:00
b25930c4c8
kernel: 4.0.6 -> 4.0.7
2015-06-30 11:20:41 -07:00
3f7d195762
kernel: 4.1 -> 4.1.1
2015-06-30 11:20:40 -07:00
34cb1a202b
kernel: 3.10.81 -> 3.10.82
2015-06-30 11:16:21 -07:00
f895960e84
Merge pull request #8256 from dezgeg/pr-i686-kconfig
...
kernel-config: Fix 4.0 build on 32-bit
2015-06-26 13:23:35 +02:00
b08d384da8
kernel: 3.14.44 -> 3.14.45
2015-06-24 18:12:20 -07:00
2f255eafd9
kernel: 4.0.5 -> 4.0.6
2015-06-24 18:11:25 -07:00
16e0a98483
kernel: 3.10.80 -> 3.10.81
2015-06-24 18:09:40 -07:00
bd9433c90d
kernel: Add version 4.1 latest
2015-06-22 12:41:23 -07:00
c48433d575
kernel: 3.4.107 -> 3.4.108
2015-06-22 12:35:56 -07:00
046ba6b7db
linux-testing: 4.1-rc7 -> 4.1-rc8
2015-06-15 11:37:05 -07:00
2fd74f43b5
kernel: 3.18.14 -> 3.18.16
2015-06-15 11:32:46 -07:00
b325c1556a
kernel: 3.12.43 -> 3.12.44
2015-06-15 11:32:46 -07:00
e26bfbe26f
grsecurity: Update stable and test patches
...
stable: 3.1-3.14.43-201506021902 -> 3.1-3.14.44-201506082249
test: 3.1-4.0.4-201506021902 -> 3.1-4.0.5-201506082251
2015-06-10 18:33:28 +02:00
62b75c64d4
kernel-config: Fix 4.0 build on 32-bit
...
KVM_COMPAT apparently enables 32-bit compability syscalls for KVM, and
as such can be enabled only on a 64-bit system.
Resolves error http://hydra.nixos.org/build/23014132/nixlog/1/raw :
GOT: #
GOT: # configuration written to .config
GOT: #
GOT: make[1]: Leaving directory '/tmp/nix-build-linux-config-4.0.5.drv-0/build'
GOT: make: Leaving directory '/tmp/nix-build-linux-config-4.0.5.drv-0/linux-4.0.5'
unused option: KVM_COMPAT
builder for ‘/nix/store/7kskdvmzs116f1fm55ghm0crjniw9q0a-linux-config-4.0.5.drv’ failed with exit code 255
2015-06-10 00:28:01 +03:00
87b9cceefd
linux-testing: Update to new version 4.1-rc7.
...
Includes fixes for DRM, MIPS, iSCSI, ALSA, USB, bna and wireless and
more. Full diff can be found here:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/diff/?id=v4.1-rc7&id2=v4.1-rc6
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-06-08 15:12:47 +02:00
514a9fdf87
Merge pull request #8173 from dezgeg/pr-kernel-config
...
kernel-config: Enable framebuffer console for BIOS systems & /proc/config.gz for ARM
2015-06-07 10:14:51 -07:00
0a8e830196
kernel: 4.0.4 -> 4.0.5
2015-06-06 12:32:58 -07:00
24042f3803
kernel: 3.14.43 -> 3.14.44
2015-06-06 12:32:58 -07:00
1adef3db3d
kernel: 3.10.79 -> 3.10.80
2015-06-06 12:32:58 -07:00
6be70d17c0
kernel-config: Enable IKCONFIG so ARM gets /proc/config.gz
...
IKCONFIG must be enabled so IKCONFIG_PROC can be set. On x86 IKCONFIG
gets implicitly enabled by kernelAutoModules in platforms.nix. But ARM
doesn't use kernelAutoModules, so IKCONFIG_PROC won't get enabled
without this patch.
2015-06-04 11:28:35 +03:00
9c2f2bc893
kernel-config: Enable FB_VESA and FRAMEBUFFER_CONSOLE
...
Commit 159fed47bcFixes #8139
2015-06-04 11:26:20 +03:00
07c26ee680
grsecurity: Update stable and test patches
...
stable: 3.1-3.14.43-201505272112 -> 3.1-3.14.43-201506021902
test: 3.1-4.0.4-201505272113 -> 3.1-4.0.4-201506021902
2015-06-03 19:38:05 +02:00
2f96621b6a
linux-testing: 4.1-rc5 -> 4.1-rc6
2015-06-02 11:03:53 -07:00
b59d52daf7
grsecurity: Update stable and test patches
...
stable: 3.1-3.14.43-201505222221 -> 3.1-3.14.43-201505272112
test: 3.1-4.0.4-201505222222 -> 3.1-4.0.4-201505272113
2015-05-29 19:49:46 +02:00
c0f09411e8
grsecurity: Update stable and test patches
...
stable: 3.1-3.14.43-201505191737 -> 3.1-3.14.43-201505222221
test: 3.1-4.0.4-201505182014 -> 3.1-4.0.4-201505222222
2015-05-27 20:27:43 +02:00
988ede2c6b
linux-testing: 4.1-rc4 -> 4.1-rc5
2015-05-26 01:36:35 -07:00
37ca982a66
linux-testing: 4.1-rc4
2015-05-24 15:40:58 -07:00
5277bf945d
grsecurity: Update stable patch from 3.1-3.14.43-201505181929 -> 3.1-3.14.43-201505191737
2015-05-21 14:45:56 +02:00
8d7d9723af
kernel: 3.18.13 -> 3.18.14
2015-05-20 23:00:43 -07:00
3462d04e27
kernel: 3.12.42 -> 3.12.43
2015-05-20 23:00:28 -07:00
0cb3c2d684
grsecurity: Update stable and test patches
...
stable: 3.1-3.14.43-201505171736 -> 3.1-3.14.43-201505181929
test: 3.1-4.0.4-201505171737 -> 3.1-4.0.4-201505182014
2015-05-19 19:21:31 +02:00
8dbd385e1c
kernel config: Fix grsecurity-specific config
...
Refs 13a38440c6
2015-05-18 14:32:29 -04:00
9265918fea
kernel: 3.14.42 -> 3.14.43
2015-05-18 01:45:49 -07:00
4a7a3cd8a5
kernel: 4.0.3 -> 4.0.4
2015-05-18 01:43:03 -07:00
b679ccdca5
kernel: 3.10.78 -> 3.10.79
2015-05-18 01:36:24 -07:00
ec1a281f0a
kernel-config: Fix for i686
2015-05-17 03:02:44 -07:00
13a38440c6
kernel-config: Grsecurity fixes
2015-05-15 18:38:15 -07:00
bca69399a8
kernel-config: kvm changes
2015-05-15 18:38:15 -07:00
7aae0f3115
kernel-config: mlx4-en enable vxlan offloading
2015-05-15 18:38:15 -07:00
19d5b1e37a
kernel-config: nfs changes
2015-05-15 18:38:14 -07:00
fcf15de248
kernel: 3.14.41 -> 3.14.42
2015-05-15 18:38:14 -07:00
90659e2735
kernel: 4.0.2 -> 4.0.3
2015-05-15 18:38:14 -07:00
c360d741c9
kernel: 3.2.68 -> 3.2.69
2015-05-15 18:38:14 -07:00
28c17395f5
kernel: 3.19.7 -> 3.19.8
2015-05-15 18:38:14 -07:00
35c0e0583d
kernel: 3.10.77 -> 3.10.78
2015-05-15 18:38:14 -07:00
bb4d658f64
Merge branch 'master' into staging
...
Conflicts:
nixos/doc/manual/release-notes/rl-unstable.xml
nixos/modules/services/printing/cupsd.nix
pkgs/applications/misc/calibre/default.nix
pkgs/development/haskell-modules/hackage-packages.nix
pkgs/development/libraries/libsodium/default.nix
pkgs/misc/emulators/wine/unstable.nix
pkgs/top-level/all-packages.nix
2015-05-11 10:05:23 +02:00
aa75bb25d8
grsecurity: Update stable and test patches
...
stable: 3.1-3.14.41-201505072056 -> 3.1-3.14.41-201505101121
test: 3.1-4.0.2-201505072057 -> 3.1-4.0.2-201505101122
2015-05-11 02:45:38 +02:00
c9395e1e92
Merge branch 'master' into staging
2015-05-08 05:59:50 -07:00
a5312e581f
kernel: Remove obsolete btrfs patch
2015-05-08 05:27:55 -07:00
61be2ceb27
kernel: Move grsecurity update warning
2015-05-07 20:45:48 -07:00
8209d3f78b
kernel: 3.14.40 -> 3.14.41
2015-05-07 20:34:26 -07:00
0e4057b167
kernel: 4.0.1 -> 4.0.2
2015-05-07 20:32:24 -07:00
5b4cd639dd
kernel: 3.19.6 -> 3.19.7
2015-05-07 20:32:23 -07:00
b4a8eaaf87
kernel: 3.18.12 -> 3.18.13
2015-05-07 20:32:23 -07:00
185d7c062b
kernel: 3.12.40 -> 3.12.42
2015-05-07 19:26:48 -07:00
f4a016081a
kernel: 3.10.76 -> 3.10.77
2015-05-07 19:26:20 -07:00
1b982918f5
Merge pull request #7740 from dezgeg/arm
...
ARM changes for the Jetson TK1 (and other multiplatform boards)
2015-05-07 20:53:07 +02:00
074c4a7f78
Merge remote-tracking branch 'upstream/master' into staging
2015-05-07 01:44:49 -07:00
9fc72c8ab8
kernel: Install DTBs into a subdirectory
...
This avoids the pollution of the top-level kernel output directory and
also simplifies the boot entry generator script I will be using on ARM.
2015-05-07 06:04:10 +03:00
0c5be7164c
sheevaplug: fix kernel build.
...
I added platform.kernelMakeFlags. This allows setting the required
parameter to make the required kernel uImage for the sheevaplug,
since it became a platform with devicetree (3.10).
I have tried it with linux 3.18 and it built fine.
2015-05-06 09:50:51 +02:00
b95fa1c852
grsecurity: Update stable and test patches
...
stable: 3.1-3.14.40-201504290821 -> 3.1-3.14.40-201504302118
test: 3.1-3.19.6-201504290821 -> 3.1-3.19.6-201504302119
2015-05-02 01:03:05 +02:00
084d1143e6
kernel: 3.14.39 -> 3.14.40
2015-04-29 14:34:11 -07:00
dfd7b26e3a
kernel: 3.19.5 -> 3.19.6
2015-04-29 14:33:23 -07:00
0414465137
kernel: 4.0 -> 4.0.1
2015-04-29 14:33:23 -07:00
6a34c8fbac
kernel: 3.10.75 -> 3.10.76
2015-04-29 14:31:33 -07:00
37ab5f0ad0
kernel: 3.18.11 -> 3.18.12
2015-04-22 14:49:43 -07:00
dbaeb7c428
kernel: 3.14.38 -> 3.14.39
2015-04-20 22:41:47 -07:00
2c35a4aa39
kernel: 3.19.4 -> 3.19.5
2015-04-20 22:40:31 -07:00
d82fa84357
kernel: 3.10.74 -> 3.10.75
2015-04-20 22:37:40 -07:00
c6234ad07b
kernel: 3.4.106 -> 3.4.107
2015-04-17 16:55:14 -07:00
98d77cd1a5
Fixed zImage installation when building Linux.
...
When building kernels outputting a zImage, the zImage wasn't correctly copied in
to the installation. This broke the build process entirely, at least on my ARM
machine.
2015-04-16 22:00:58 -04:00
b46dae268a
grsec_path: Update patch
2015-04-15 16:22:42 -07:00
0fd4774781
kernel: 3.14.37 -> 3.14.38
2015-04-15 16:22:42 -07:00
2ded7833ed
kernel: 3.19.3 -> 3.19.4
2015-04-15 16:22:42 -07:00
44dcac2e2b
kernel: 3.10.73 -> 3.10.74
2015-04-15 16:22:42 -07:00
114ffa0d6c
Oops, forgot to update the hash
2015-04-12 19:23:35 -04:00
e01c96d14c
Add linux 4.0
...
Untested yet, my build machine is too slow
2015-04-12 19:17:53 -04:00
c1f586e275
kernel: 3.12.39 -> 3.12.40
2015-04-10 23:23:53 -07:00
285d64d2f0
kernel: add patch to fix btrfs deadlocks to affected kernels
2015-04-08 20:49:12 +03:00
22bb53dfe2
linux-testing: 4.0-rc6 -> 4.0-rc7
2015-04-06 20:12:08 -07:00
6566738b29
grsecurity: Update stable and test patches
...
stable: 3.1-3.14.37-201503270048 -> 3.1-3.14.37-201504051405
test: 3.1-3.19.3-201503270049 -> 3.1-3.19.3-201504021826
2015-04-06 18:26:05 +02:00
8a2deb7abe
linux: disable UEVENT_HELPER by default on versions >= 3.15
2015-04-06 14:00:03 +02:00
bfe79e4b9a
kernel: 3.18.10 -> 3.18.11
2015-04-04 19:47:21 -07:00
5bf407ada4
linux-testing: 4.0-rc4 -> 4.0-rc6
2015-03-31 14:28:42 -07:00
c9bbf2228f
Merge pull request #7069 from taktoa/master
...
Fixed grsecurity path patch for testing (3.19)
2015-03-30 02:36:34 -07:00
c31f1d99a5
fix linux 3.2/3.4 builds
2015-03-29 21:41:05 +02:00
d567e12eb7
Fix grsec-path.patch (2)
2015-03-29 14:26:11 -04:00
d68e248418
Fixed grsec-path.patch
2015-03-29 14:26:00 -04:00
a639c710ae
Merge pull request #6968 from oxij/unquestionably-good
...
Easy to check to be unquestionably good changes
2015-03-28 13:16:13 +03:00
304b3c077c
kernel: 3.14.36 -> 3.14.37
2015-03-27 10:45:13 -07:00
ca12b0b304
kernel: 3.19.2 -> 3.19.3
2015-03-27 10:44:19 -07:00
7a9e7905db
kernel: 3.10.72 -> 3.10.73
2015-03-27 10:42:28 -07:00
89bfacdf90
kernel: add a warning/note at the top of common-config so that people would hopefully stop breaking the older kernels
2015-03-26 12:43:42 +00:00
4d47c0dd24
kernel-config: Add microcode support + early loading on new kernels
2015-03-25 11:30:03 -07:00
a040e15a48
kernel: 3.18.9 -> 3.18.10
2015-03-25 11:24:47 -07:00
5cac50b3bf
kernel: add support for experimental Realtek2800 models
...
tested with AVM Fritz wlan Stick N
2015-03-22 13:49:29 +01:00
0f5a5cae76
grsecurity: Update test patch from 3.1-3.19.2-201503182219 -> 3.1-3.19.2-201503201903
2015-03-21 06:23:26 +01:00
6437ad00f0
kernel/common-config: More fixes
2015-03-20 15:05:43 -07:00
6e404cb338
linux-testing: 4.0.0-rc2 -> 4.0.0-rc4
2015-03-20 15:02:01 -07:00
9dc8335294
kernel/common-config: Fix older kernels
2015-03-20 14:41:03 -07:00
36ada70250
kernel: 3.14.35 -> 3.14.36
2015-03-20 14:21:39 -07:00
a7c32c8ea5
kernel: 3.19.1 -> 3.19.2
2015-03-20 14:19:49 -07:00
b9537d17f6
kernel: 3.12.38 -> 3.12.39
2015-03-20 14:16:01 -07:00
0517907801
kernel: 3.10.71 -> 3.10.72
2015-03-20 14:15:59 -07:00
cb7b0f3c1b
Merge pull request #6898 from joachifm/redundant-params
...
kernelPatches: remove unused parameters
2015-03-19 15:31:03 +01:00
cd55b6b5bb
kernelPatches: remove unused parameters
2015-03-19 14:08:16 +01:00
7c8247a8c5
grsecurity: Update stable and test patches
...
stable: 3.1-3.14.35-201503071140 -> 3.1-3.14.35-201503092203
test: 3.1-3.18.9-201503071142 -> 3.1-3.19.1-201503122205
2015-03-15 03:49:58 +01:00
ebef573641
Merge pull request #6476 from ts468/squashfs
...
Change kernel config: improve squashfs support of kernel
2015-03-12 21:41:53 +01:00
fa3bcc4f1c
perf: Use libunwind and libbfd
...
This gives better stack traces.
2015-03-11 18:15:48 +01:00
798e613e16
kernel: Enable kprobes and other tracing features
...
All of these should have minimal performance impact unless enabled at
runtime.
2015-03-11 17:14:37 +01:00
6b666dca7c
kernel: 3.14.34 -> 3.14.35
2015-03-08 14:58:46 -07:00
cf9d5ceda1
kernel: 3.18.8 -> 3.18.9
2015-03-08 14:57:44 -07:00
a086f5df70
kernel: 3.2.67 -> 3.2.68
2015-03-08 14:57:44 -07:00
4c01585211
kernel: 3.19 -> 3.19.1
2015-03-08 14:57:43 -07:00
09e477a045
kernel: 3.10.70 -> 3.10.71
2015-03-08 14:55:11 -07:00
0d1c39443b
Change kernel config: improve squashfs support of kernel
2015-03-08 13:58:00 +01:00
d1e302121a
Merging changes to make more things build on rpi2
2015-03-06 15:43:32 +00:00
3b9b620656
Revert "linux: disable UEVENT_HELPER*"
...
This reverts commit 9f87f3ccb0
2015-03-06 15:59:06 +01:00
cfd9b77e82
kernel: I hope to fix the dtbs thing
...
I thought $arch was defined. Now I'm using karch, that should serve for cross
building as well.
2015-03-05 09:10:19 +00:00
31cccd88ed
kernel: Trying to fix makeflags of 'make dtbs'
2015-03-05 09:10:17 +00:00
42c6115872
kernel: I forgot $makeFlags in make dtbs
2015-03-05 09:10:15 +00:00
3e92c4e0ff
Trying to make DTBs if set in platform.
2015-03-05 09:09:34 +00:00
56989d9f20
Updating the raspberry pi kernel sources to recent, for pi2
2015-03-05 09:09:32 +00:00
c502efc72a
linux: Enable Intel idle driver
...
Also build the performance governor into the kernel so there is a sane
default. Note that cpufreq.service will still load "ondemand" on
non-pstate systems.
2015-03-04 17:11:41 +01:00
26da67ff73
Kernel config: Separate power management and debugging
2015-03-04 17:10:47 +01:00
8ed8277c74
linux-testing: Update to version 4.0-rc2.
...
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-03-04 15:42:44 +01:00
791b970c6e
linux/kernel: Remove EXT2_FS_XIP for version 4.0.
...
The option has been removed in torvalds/linux@6cd176a and thus we
shouldn't try to set it for kernel version 4.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-03-04 15:42:44 +01:00
24f25e6f9a
kernel: 3.18.7 -> 3.18.8
2015-03-02 19:52:26 -08:00
103f9820f6
kernel: 3.14.33 -> 3.14.34
2015-03-02 19:52:26 -08:00
f97b6e891c
kernel: Update testing to 4.0-rc1
2015-03-02 19:52:26 -08:00
3ab435dfa8
kernel: 3.2.66 -> 3.2.67
2015-03-02 19:52:26 -08:00
08b47c57f7
kernel: 3.12.37 -> 3.12.38
2015-03-02 19:52:26 -08:00
cb24bc18b9
kernel: 3.10.69 -> 3.10.70
2015-03-02 19:52:26 -08:00
584ca36462
linux: Disable CONFIG_DEBUG_STACKOVERFLOW
...
This got enabled accidentally in
e64e3ad88a
2015-03-02 23:36:05 +01:00
9f87f3ccb0
linux: disable UEVENT_HELPER*
...
Deprecated since 2006: http://lwn.net/Articles/166954/
2015-03-01 03:31:59 +01:00
e196cd5611
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.33-201502200812 -> 3.1-3.14.33-201502222137
test: 3.0-3.18.7-201502200813 -> 3.1-3.18.7-201502222138
2015-02-23 18:38:13 +01:00
50bf56fd09
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.33-201502181906 -> 3.0-3.14.33-201502200812
test: 3.0-3.18.7-201502180834 -> 3.0-3.18.7-201502200813
2015-02-20 14:29:45 +01:00
830c76d6ba
Merge branch 'xen_kernel' of git://github.com/ts468/nixpkgs
...
Add kernel config form dom0 of Xen
2015-02-20 07:49:46 -05:00
99eb8705cd
grsecurity: Update stable patch from 3.0-3.14.33-201502180832 -> 3.0-3.14.33-201502181906
2015-02-19 04:47:44 +01:00
c5a7115721
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.32-201502062101 -> 3.0-3.14.33-201502180832
test: 3.0-3.18.6-201502062100 -> 3.0-3.18.7-201502180834
2015-02-18 17:24:53 +01:00
eb97dc0013
Add kernel config for dom0 of Xen
2015-02-16 20:52:06 +01:00
58a04a9359
kernel: 3.14.32 -> 3.14.33
2015-02-13 13:42:20 -08:00
b41222e5c6
kernel: 3.10.68 -> 3.10.69
2015-02-13 13:42:20 -08:00
a15f149f74
kernel: 3.18.6 -> 3.18.7
2015-02-13 13:42:19 -08:00
a43db5fa20
kernel: common-config.nix: enable FANOTIFY
2015-02-12 19:39:44 +01:00
a5c072a610
kernel: common-config.nix: remove useless 'FTRACE n' before 'y'
2015-02-11 05:29:48 +01:00
57f2d329ac
linux_3_{10,12,14}: fix upstream regression, fixes #6231
...
Some modules wouldn't load crc32c dependency due to module renaming.
2015-02-10 13:45:20 +01:00
0e73d1f9a5
Mark the kernel branch; put in the reminder about grsecurity
2015-02-09 21:51:48 +03:00
14978d8674
kernel: Add 3.19 as latest
2015-02-09 10:42:19 -08:00
c4d21cf1c4
kernel: 3.14.31 -> 3.14.32
2015-02-07 12:08:09 -08:00
f103b0f78b
kernel: 3.18.5 -> 3.18.6
2015-02-07 12:07:17 -08:00
321743728d
kernel: Remove outdated kernel 3.17
2015-02-07 12:05:55 -08:00
0ea09cf926
kernel: 3.10.67 -> 3.10.68
2015-02-07 12:04:43 -08:00
6517e5c0a8
kernel: 3.4.105 -> 3.4.106
2015-02-04 19:55:47 +01:00
c45372f038
Merge commit 'cfb29ab882323d379aba20a95020c7c24f883eae'
...
Partial staging merge, including cc-wrapper fixes
Conflicts:
pkgs/applications/audio/spotify/default.nix
pkgs/build-support/cc-wrapper/default.nix
pkgs/development/compilers/cryptol/1.8.x.nix
2015-02-02 21:14:28 -05:00
78bbd6f7c6
linux-testing: Update to version 3.19-rc7.
...
Running -rc6 always feels kinda rusty and old, so there is the pressing
urge to update... into the future... swooooooosh!
Signature verified against key with fingerprint:
ABAF 11C6 5A29 70B1 30AB E3C4 79BE 3E43 0041 1886
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-02-02 19:50:56 +01:00
12378faab2
kernel: 3.19-rc5 -> 3.19-rc6
2015-02-01 15:53:48 -08:00
4a29a4baac
kernel: 3.12.36 -> 3.12.37
2015-02-01 10:57:47 +03:00
bbd6384f62
kernel: 3.14.29 -> 3.14.31
2015-01-31 18:55:09 -08:00
8a2f7375d6
kernel: 3.18.3 -> 3.18.5
2015-01-31 18:54:59 -08:00
3e1b504cbe
kernel: 3.10.65 -> 3.10.67
2015-01-31 17:46:04 -08:00
8ac1765e28
linux-testing: Update to version 3.19-rc5.
...
Using linux-testing for a bunch of machines, I'd actually expect it to
be more recent than the latest stable, but until now it actually was
behind.
Since torvalds/linux@464ed18ebd , the option
PM_RUNTIME doesn't exist anymore, so we need to remove it from our
common config.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-01-22 09:56:37 +01:00
23ffd6ad22
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.29-201501182217 -> 3.0-3.14.29-201501211943
test: 3.0-3.18.3-201501182219 -> 3.0-3.18.3-201501211944
2015-01-22 05:39:01 +01:00
ec6b82a0c2
Merge branch 'master' into staging.
2015-01-19 18:41:17 +01:00
fb921695b6
kernel: Fix grsec patch for 3.18.3
2015-01-18 21:11:07 -08:00
2c02b7caff
kernel: 3.14.28 -> 3.14.29
2015-01-18 21:11:07 -08:00
f23cb7d925
kernel: 3.12.35 -> 3.12.36
2015-01-18 21:11:07 -08:00
9fce7cced9
kernel: 3.10.64 -> 3.10.65
2015-01-18 21:11:07 -08:00
46a938ad3a
linux 3.18.3
2015-01-17 16:31:13 +00:00
88089559b9
Merge #5676 : gcc-wrapper -> cc-wrapper and related
2015-01-17 08:43:04 +01:00
1f28bfa284
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.28-201501120819 -> 3.0-3.14.28-201501142323
test: 3.0-3.18.2-201501120821 -> 3.0-3.18.2-201501142325
2015-01-16 02:47:12 +01:00
1ec68e0d13
kernel: Fix path to stp bridge helper
2015-01-14 10:34:28 -08:00
3d4b315d91
Revert "kernel: Add a patch to remove checks for bridge stp helpers"
...
This reverts commit f64c3ce18d
2015-01-13 15:34:26 -08:00
f64c3ce18d
kernel: Add a patch to remove checks for bridge stp helpers
2015-01-13 15:24:02 -08:00
1575bc652e
Merge branch 'master' into staging
...
Conflicts (simple):
pkgs/os-specific/linux/util-linux/default.nix
It seems this merge creates a new stdenv hash,
because we had changes on both branches :-/
2015-01-13 18:07:11 +01:00
757071af5b
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.28-201501111421 -> 3.0-3.14.28-201501120819
test: 3.0-3.18.2-201501111422 -> 3.0-3.18.2-201501120821
2015-01-12 18:21:22 +01:00
97783b87c0
kernel: 3.14.27 -> 3.14.28
2015-01-11 23:59:13 -08:00
33651bb865
kernel: 3.18.1 -> 3.18.2
2015-01-11 23:58:19 -08:00
6521141d09
kernel: Remove 3.16
2015-01-11 23:55:38 -08:00
ba6648b142
kernel: 3.2.65 -> 3.2.66
2015-01-11 23:55:37 -08:00
980758bdee
kernel: 3.17.7 -> 3.17.8
2015-01-11 23:55:37 -08:00
38eb7af3cd
kernel: 3.10.63 -> 3.10.64
2015-01-11 23:55:37 -08:00
e0098e8408
Revert "linux kernel: set VFIO_PCI_VGA to `y` for versions > 3.9"
...
This reverts commit 774486a149
2015-01-07 10:55:06 -08:00
774486a149
linux kernel: set VFIO_PCI_VGA to `y` for versions > 3.9
...
This allows to passthrough PCI video adapters to KVM virtual machines.
VFIO_PCI is set to `m` by default, which means this will not affect
non-users.
2015-01-07 11:08:58 +00:00
e90bfba2f6
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.27-201412280859 -> 3.0-3.14.27-201501042018
test: 3.0-3.18.1-201412281149 -> 3.0-3.18.1-201501042021
2015-01-07 05:49:56 +01:00
e9d868de63
kernel: enable intel_pstate
2015-01-06 03:07:32 +03:00
6671aff83e
linux kernel determinism: unify timestamp style
...
Testing showed the linux build is sensitive to /usr/include/ncursesw
unless chrooted (on non-nixos).
On a single chrooted nixos machine, -A linux is binary reproducible.
CC #2281 & @alexanderkjeldaas.
2015-01-03 13:54:32 +01:00
c510f3da49
fix eval /cc @vcunat
2015-01-02 13:55:19 +01:00
d8c5d95330
determinism: change some fixed timestamp to != (time_t)0
...
vcunat removed the unrelated glib change.
Conflicts:
pkgs/development/libraries/glib/default.nix
pkgs/os-specific/linux/kernel/generic.nix
pkgs/os-specific/linux/kernel/manual-config.nix
2014-12-30 17:03:39 +01:00
1d44322d53
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.27-201412211908 -> 3.0-3.14.27-201412280859
test: 3.0-3.17.7-201412211910 -> 3.0-3.18.1-201412281149
2014-12-29 03:00:47 +01:00
a8e33da2dd
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.27-201412170659 -> 3.0-3.14.27-201412211908
test: 3.0-3.17.7-201412170700 -> 3.0-3.17.7-201412211910
2014-12-22 20:33:00 +01:00
7e8c5b578a
kernel: 3.14.26 -> 3.14.27
2014-12-17 14:36:38 -08:00
eea5383b48
kernel: 3.17.6 -> 3.17.7
2014-12-17 14:36:29 -08:00
be96c7e283
Revert "kernel: 3.14.26 -> 3.14.27"
...
This reverts commit 4eaecca7b1
2014-12-16 14:15:55 -08:00
66332cdee1
Revert "kernel: 3.17.6 -> 3.17.7"
...
This reverts commit d3a61d88aa
2014-12-16 14:15:47 -08:00
d3a61d88aa
kernel: 3.17.6 -> 3.17.7
2014-12-16 14:13:03 -08:00
4eaecca7b1
kernel: 3.14.26 -> 3.14.27
2014-12-16 14:12:57 -08:00
8643578aa5
kernel: 3.2.64 -> 3.2.65
2014-12-16 14:12:21 -08:00
980c702342
kernel: 3.18 -> 3.18.1
2014-12-16 14:12:21 -08:00
6ea3763f22
kernel: 3.12.34 -> 3.12.35
2014-12-16 14:11:13 -08:00
7c2b8b333f
kernel: 3.10.62 -> 3.10.63
2014-12-16 14:11:07 -08:00
042f266e10
kernel: 3.14.25 -> 3.14.26
2014-12-08 23:24:50 -08:00
c8abfe37ab
kernel: 3.17.4 -> 3.17.6
2014-12-08 23:23:42 -08:00
20e2d94089
kernel: 3.4.104 -> 3.4.105
2014-12-08 23:21:40 -08:00
845f647b86
kernel: 3.12.33 -> 3.12.34
2014-12-08 23:21:07 -08:00
98791f57c8
kernel: 3.10.61 -> 3.10.62
2014-12-08 23:21:04 -08:00
a6f4c3624e
kernel: Add 3.18
2014-12-08 23:18:04 -08:00
4aa3eec330
Merge branch 'master' into staging
...
Conflicts:
pkgs/development/libraries/fontconfig/default.nix
2014-12-07 14:02:48 +01:00
7ce1cbed93
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.25-201411260106 -> 3.0-3.14.25-201412040016
test: 3.0-3.17.4-201411260107 -> 3.0-3.17.4-201412040017
2014-12-05 18:26:21 +01:00
fe21ac3903
linux: 3.18.0-rc6 -> 3.18.0-rc7
2014-12-01 01:49:05 -08:00
cbd2305d4d
Merge branch 'master' into staging
2014-11-28 18:59:07 +01:00
6f31905563
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.25-201411231452 -> 3.0-3.14.25-201411260106
test: 3.0-3.17.4-201411231452 -> 3.0-3.17.4-201411260107
2014-11-27 18:36:01 +01:00
a68c1adc35
*: fix builds by disregarding warning from new glibc
...
Says: #warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE"
CC: #4803 . There will likely appear more of these errors on Hydra in time.
2014-11-26 23:40:03 +01:00
c07f81ce89
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.25-201411220954 -> 3.0-3.14.25-201411231452
test: 3.0-3.17.4-201411220955 -> 3.0-3.17.4-201411231452
2014-11-24 03:53:28 +01:00
acefc22209
kernel: 3.18.0-rc5 -> 3.18.0-rc6
2014-11-23 16:49:25 -08:00
d1493bc1ee
kernel: 3.14.24 -> 3.14.25
2014-11-23 02:47:36 -08:00
30578e30d8
kernel: 3.17.3 -> 3.17.4
2014-11-22 16:50:16 -05:00
30597a9c7a
kernel: 3.12.32 -> 3.12.33
2014-11-21 14:39:15 -08:00
f1b9f88e5b
kernel: 3.10.60 -> 3.10.61
2014-11-21 14:38:48 -08:00
eac8fcff1a
kernel: 3.18-rc4 -> 3.18-rc5
2014-11-17 00:13:04 -08:00
f4a27311b7
kernel: 3.14.23 -> 3.14.24
2014-11-14 23:03:54 -08:00
0ef4ee5d06
kernel: 3.17.2 -> 3.17.3
2014-11-14 23:03:47 -08:00
1a405c999e
kernel: Remove 3.15
2014-11-14 11:05:51 -08:00
256669cf41
kernel: Remove 3.17 buildfix
2014-11-14 10:59:46 -08:00
642a161112
kernel: 3.2.63 -> 3.2.64
2014-11-14 10:59:46 -08:00
2fab8d1198
kernel: 3.10.59 -> 3.10.60
2014-11-14 10:49:29 -08:00
557a3c92e3
kernel: Don't enable the iommu by default as this breaks for some hardware
2014-11-13 16:23:49 -08:00
7ff9cd2c41
more kernel fixes
2014-11-11 09:22:18 +01:00
189e73de98
kernel-testing: 3.18-rc3 -> 3.18-rc4
2014-11-10 22:30:43 -08:00
b9388e9711
fix kernel builds on 32bit linux
2014-11-11 07:06:09 +01:00
e78a1603fc
linux: Enable BPF_JIT only on 64-bit
...
It's not supported on i686.
http://hydra.nixos.org/build/16834647
2014-11-10 20:21:28 +01:00
c108ab47be
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.23-201411062033 -> 3.0-3.14.23-201411091053
test: 3.0-3.17.2-201411062034 -> 3.0-3.17.2-201411091054
2014-11-10 19:34:00 +01:00
5701e40681
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.23-201410312212 -> 3.0-3.14.23-201411062033
test: 3.0-3.17.2-201410312213 -> 3.0-3.17.2-201411062034
2014-11-09 02:47:54 +01:00
27b79a0469
Merge pull request #4780 from ambrop72/kernel-ppp-filter
...
kernel: Enable PPP_FILTER by default.
2014-11-08 12:41:13 +01:00
d88c5eed1d
kernel: Add more supported features
2014-11-08 02:44:19 -08:00
a0696b4536
linux_3_12: fix hash
2014-11-07 12:39:04 +01:00
1d5147dd17
linux: Update to 3.12.32
2014-11-06 15:12:01 +01:00
a97452a000
linux: Update testing 3.17-rc2 -> 3.18-rc3
2014-11-03 14:14:53 -05:00
fc533f0e84
kernel: Enable PPP_FILTER by default.
...
pppd will try to use it to improve efficiency and complain if it's not available
(but is is not mandatory).
2014-11-02 15:10:09 +01:00
268c72b92b
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.22-201410250026 -> 3.0-3.14.23-201410312212
test: 3.0-3.17.1-201410281754 -> 3.0-3.17.2-201410312213
2014-11-01 17:25:22 +01:00
85972fb58d
Document likely breakage when people update the kernel.
2014-11-01 09:35:20 +01:00
0467a79129
kernel: 3.16.6 -> 3.16.7
2014-10-30 14:39:17 -07:00
5b37f998fd
kernel: 3.14.22 -> 3.14.23
2014-10-30 14:38:41 -07:00
3ff30fa254
kernel: 3.10.58 -> 3.10.59
2014-10-30 14:38:10 -07:00
6e91f53d87
kernel: Add update script
2014-10-30 14:37:22 -07:00
659db7e5b2
linux-3.17: bump
2014-10-30 13:09:18 -04:00
a9170c0dba
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.22-201410192047 -> 3.0-3.14.22-201410250026
test: 3.0-3.17.1-201410192051 -> 3.0-3.17.1-201410281754
2014-10-30 12:47:36 +01:00
bac50c5c1f
linux: Update to 3.12.31
2014-10-27 11:21:18 +01:00
2c0cc6cedc
Merge pull request #4587 from uzska/master
...
Added line SCSI_SAS_ATA y on line 62
2014-10-24 09:39:40 +02:00
005bb796e6
Updated grsec.
2014-10-22 02:18:41 +02:00
38ed4d4d0f
linux: Enable FW_LOADER_USER_HELPER_FALLBACK
...
We don't really need this anymore, except that our docs say that you
can put firmware in /root/test-firmware, which doesn't work via
/sys/module/firmware_class/parameters/path.
2014-10-20 13:25:00 +02:00
0fa57137cf
Added line SCSI_SAS_ATA y on line 62
...
This kernel change will make the nixOS live cd detect the hard drive upon boot.
2014-10-17 13:31:08 -07:00
13b9917298
kernel: Fix missing ;
2014-10-16 13:58:18 -07:00
1962fd80f6
kernel: 3.4.103 -> 3.4.104
2014-10-16 13:56:14 -07:00
fdb4e34459
kernel: 3.2.62 -> 3.2.63
2014-10-16 13:56:10 -07:00
0a82ce360d
kernel: 3.17 -> 3.17.1
2014-10-16 13:56:06 -07:00
b8ee248137
kernel: 3.16.4 -> 3.16.6
2014-10-16 13:56:01 -07:00
287ce68d38
kernel: 3.14.20 -> 3.14.22
2014-10-16 13:55:55 -07:00
8c138fd489
kernel: 3.12.29 -> 3.12.30
2014-10-16 13:55:50 -07:00
242070abfc
kernel: 3.10.56 -> 3.10.58
2014-10-16 13:55:38 -07:00
c615793317
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.19-201409282024 -> 3.0-3.14.20-201410062037
test: 3.0-3.16.3-201409282025 -> 3.0-3.16.4-201410062041
2014-10-07 16:55:49 +02:00
5b80f24b9d
kernel: 3.16.3 -> 3.16.4
2014-10-05 21:34:31 -07:00
c2a301731a
kernel: 3.14.19 -> 3.14.20
2014-10-05 21:34:18 -07:00
4a2ecb2c62
kernel: 3.12.28 -> 3.12.29
2014-10-05 21:34:04 -07:00
c4c28e36e6
kernel: 3.10.55 -> 3.10.56
2014-10-05 21:33:50 -07:00
4397ec5cab
Add Linux 3.17
2014-10-06 02:43:58 +04:00
bbdc35d4dd
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.19-201409180900 -> 3.0-3.14.19-201409282024
test: 3.0-3.16.3-201409180901 -> 3.0-3.16.3-201409282025
2014-09-29 14:44:20 +02:00
cf61fa8013
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.18-201409060013 -> 3.0-3.14.19-201409180900
test: 3.0-3.16.2-201409060014 -> 3.0-3.16.3-201409180901
2014-09-25 23:37:26 +02:00
df12cc6ad0
kernel: 3.16.2 -> 3.16.3
2014-09-19 16:28:45 -07:00
a235f6fc70
kernel: 3.14.18 -> 3.14.19
2014-09-19 16:28:32 -07:00
03f044bb5a
kernel: 3.10.54 -> 3.10.55
2014-09-19 16:28:20 -07:00
19b1fafe5f
linux: Update to 3.12.28
2014-09-08 15:49:27 +02:00
238a84ac78
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.17-201408260041 -> 3.0-3.14.18-201409060013
test: 3.0-3.15.10-201408212335 -> 3.0-3.16.2-201409060014
2014-09-08 15:16:38 +02:00
844aef5bcf
kernel: 3.16.1 -> 3.16.2
2014-09-06 18:10:13 -07:00
ed7ce2bd81
kernel: 3.14.17 -> 3.14.18
2014-09-06 18:10:01 -07:00
d3f80b36ba
kernel: 3.10.53 -> 3.10.54
2014-09-06 18:09:48 -07:00
0bb14e4fea
Disable NFC on 3.17 or above
...
This should only be temporary, but there's a bug in the 3.17 rc1 and rc2 that leads to cyclic module dependencies and a segfault during the build process.
2014-08-29 01:49:32 -04:00
1eb08ee693
Add patch to fix 3.17 build breakage (also submitted to lkml, but not yet merged)
2014-08-28 22:45:32 -04:00
2dc2699ca4
linux/grsec: updates
...
3.15.10 is EOL soon, but grsecurity/unstable hasn't moved to 3.16.x yet.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-08-27 15:14:19 -05:00
ce6b86cc68
Fix various evaluation problems
...
http://hydra.nixos.org/build/13616685
2014-08-22 11:57:40 +02:00
e4752d7877
linux: Enable ACLs in ext3
...
http://hydra.nixos.org/build/13462892
2014-08-18 14:33:09 +02:00
83b2d409ff
kernel: 3.2.60 -> 3.2.62
2014-08-14 12:48:06 -05:00
b07f77b2fb
kernel: 3.4.101 -> 3.4.103
2014-08-14 12:46:53 -05:00
ca68015291
kernel: 3.10.51 -> 3.10.53
2014-08-14 12:45:14 -05:00
f143df3a09
kernel 3.14.15 -> 3.14.17
2014-08-14 12:44:25 -05:00
ca0aa7e8d1
kernel: 3.15.8 -> 3.15.10
2014-08-14 12:43:41 -05:00
e9ae222199
kernel: 3.16 -> 3.16.1
2014-08-14 12:42:53 -05:00
8a7f3c3618
Mark a bunch of packages as broken or not supported on Darwin
2014-08-08 17:59:02 +02:00
4834717507
linux-kernel: Add new upstream version 3.16.
...
Also set linux_latest to it as well.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-08-04 02:41:54 +02:00
317d4253ea
kernel: 3.15.7 -> 3.15.8
2014-08-02 18:04:08 -05:00
63cc1fd8ad
kernel: 3.14.14 -> 3.14.15
2014-08-02 18:02:15 -05:00
eb9ee180d9
kernel: 3.12.25 -> 3.12.26
2014-08-02 18:00:46 -05:00
89d5655670
kernel: 3.10.50 -> 3.10.51
2014-08-02 17:58:31 -05:00
ae11e59949
kernel: 3.4.100 -> 3.4.101
2014-08-02 17:56:53 -05:00
ff747dd24f
kernel: 3.15.5 -> 3.15.7
2014-07-29 13:17:11 -05:00
2494e2bb09
kernel: 3.14.12 -> 3.14.14
2014-07-29 13:15:42 -05:00
dd9a5aeade
kernel: 3.10.48 -> 3.10.50
2014-07-29 13:13:38 -05:00
47d50bf684
kernel: 3.4.98 -> 3.4.100
2014-07-29 13:08:37 -05:00
7a45996233
Turn some license strings into lib.licenses values
2014-07-28 11:31:14 +02:00
0852d9e364
linux: Update to 3.12.25
2014-07-24 18:14:53 +02:00
28cb0f58c4
linux: only enable CONFIG_NFS_SWAP for v3.6+ kernels
...
Linux v3.6 is the earliest version with CONFIG_NFS_SWAP support. This
change unbreaks NixOS tests for older kernels.
2014-07-16 12:13:06 +02:00
85e444f4f8
linux: Enable NFSv4.1, v4.2 clients and swap on NFS
...
I'm only enabling for kernels >= 3.11 to be conservative, because clients and
servers automatically negotiate and use the highest mutually supported version
by default, but only in kernel 3.11 server NFSv4.1 support actually became RFC
compliant.
I'm also adding support for swap on NFS, which is enabled by default on
Ubuntu kernels.
2014-07-15 15:07:25 +02:00
eb659e89b4
linux_*: update, including CVE-2014-4699 (most likely)
...
CC #3196 . No updates yet on 3.2 and 3.12 branches.
2014-07-09 22:54:08 +02:00
1596c3a012
linux: Update to 3.12.24
...
CVE-2014-4508, CVE-2014-0206.
2014-07-07 18:21:34 +02:00
b50074929e
grsecurity: Update stable and test patches
...
stable: 3.0-3.14.9-201406262057 -> 3.0-3.14.10-201407012152
test: 3.0-3.15.2-201406262058 -> 3.0-3.15.3-201407012153
2014-07-03 11:37:19 +02:00
d4243e2a00
linux: Update to 3.14.10
2014-07-03 11:35:28 +02:00
e303e18608
Update Linux 3.15 to 3.15.3
2014-07-01 14:28:52 +04:00
efb0c56db4
Update linux_testing and enable parallel build of Linux kernel
2014-06-30 10:52:33 +04:00
0ecfc6cb49
Merge pull request #2213 from thoughtpolice/kernel-config
...
nixos: make several kernel common-config options optional
2014-06-30 09:01:08 +04:00
dd56bfbd00
kernel/grsec: updates
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-06-27 00:52:12 -05:00
7998a598b6
linux-3.13: remove, as it's vulnerable
...
CC #3090 .
2014-06-26 11:50:15 +02:00
7f97fafe4f
linux-3.12: security update .22 ->.23, CVE-2014-0206
...
CC #3090 .
2014-06-26 11:33:00 +02:00
0399c5ee24
grsecurity: update stable/testing kernels, refactoring
...
This updates the new stable kernel to 3.14, and the new testing kernel
to 3.15.
This also removes the vserver kernel, since it's probably not nearly as
used.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-06-22 22:29:10 -05:00
c68e3418fb
Update 3.16-rc to -rc2: -rc1 has problems with mounting BtrFS, will test -rc2
2014-06-22 19:45:07 +04:00
b8ede68b25
kernel/grsec: updates
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-06-21 22:13:49 -05:00
8297a26746
Create an option to build 3.16-rc1 which carries a new Wireless driver; make USB_DEBUG optional as it seems to be planned to disappear in 3.16.
2014-06-18 00:23:48 +02:00
5bc69209b1
linux-3.15: upgrade to 3.15.1
2014-06-17 08:17:38 +02:00
27c72f337b
linux: Update to 3.12.22
...
Fixes CVE-2014-3153 (local privilege escalation via futex()).
2014-06-13 17:44:02 +02:00
8bb2313915
kernel: Add 3.15
2014-06-08 16:39:47 -05:00
d91eacd720
kernel: 3.14.5 -> 3.14.6 ( close #2868 )
2014-06-08 09:12:05 +02:00
b43421221f
kernel/grsec: updates; add mainline package for brave souls
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-06-05 06:06:19 -05:00
246edc3df2
linux: Update to 3.12.21
2014-06-05 12:54:37 +02:00
3a0b265af9
kernel: 3.14.4 -> 3.14.5 ( close #2831 )
2014-06-05 10:34:40 +02:00
f9c05a3bad
Merge pull request #2378 from wizeman/u/kernel-zram
...
linux: Add support for zram
2014-05-27 01:40:18 -07:00
2ee6c0c63e
linux: Update to 3.12.20
2014-05-19 16:03:37 +02:00
ac38b32974
kernel/grsec: another optional option
...
This should fix the testing kernels.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-18 08:57:10 -05:00
e64e3ad88a
kernel: only use DEBUG_STACKOVERFLOW if !grsecurity
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-18 08:56:52 -05:00
80d0e31a94
kernel: allow features to be used in common-config
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-18 08:49:32 -05:00
657998dbcb
kernel/common-config: Another optional option
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 19:44:03 -05:00
b5b434c98a
kernel: make some common-config options optional for grsec
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 16:37:22 -05:00
4f27ad14a1
grsec: refactor grsecurity packages
...
This now provides a handful of different grsecurity kernels for slightly
different 'flavors' of packages. This doesn't change the grsecurity
module to use them just yet, however.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 14:09:43 -05:00
cb894d4fc3
grsec: updates
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 14:09:09 -05:00
92abc4c610
kernel: enable AppArmor by default
...
AppArmor only requires a few patches to the 3.2 and 3.4 kernels in order
to work properly (with the minor catch grsecurity -stable includes the
3.2 patches.) This adds them to the kernel builds by default, removes
features.apparmor (since it's always true) and makes it the default MAC
system.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 14:09:09 -05:00
3efdeef6a3
linux-3.{4,10}: update
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 14:09:09 -05:00
3d1d9bb7dd
linux-3.12: Apply patch for CVE-2014-0196
2014-05-14 14:11:48 +02:00
9c8ee7a7e5
linux: minor updates, probably often fixing CVE-2014-0196
2014-05-13 20:00:21 +02:00
abbf643ae2
linux: Update to 3.12.19
...
Backport: 14.04
2014-05-13 13:28:14 +02:00
92f7781f00
kernel/grsecurity: stable/longterm/testing updates
...
kernels:
- longterm: 3.4.87 -> 3.4.88
- longterm: 3.10.37 -> 3.10.38
- stable: 3.13.10 -> 3.13.11
- stable: 3.14.1 -> 3.14.2
grsecurity:
- test: 3.0-3.14.1-201404241722 -> 3.0-3.14.2-201404270907
NOTE: technically the 3.13 stable kernel is now EOL. However, it will
become the long-term grsecurity stable kernel, and will have ongoing
support from Canonical.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-27 08:41:42 -05:00
efae8ce543
grsecurity: Update all patches
...
stable: 3.0-3.2.57-201404182109 -> 3.0-3.2.57-201404241714
test: 3.0-3.14.1-201404201132 -> 3.0-3.14.1-201404241722
vserver: 3.0-3.2.57-vs2.3.2.16-201404182110 -> 3.0-3.2.57-vs2.3.2.16-201404241715
2014-04-25 04:41:58 +02:00
f0e3775f2e
linux: Add support for zram
2014-04-24 23:47:08 +02:00
116d52c6df
linux-3.12: bump .17 -> .18
2014-04-24 20:02:34 +02:00
5d5ca7b260
grsecurity: Update all patches
...
stable: 3.0-3.2.57-201404131252 -> 3.0-3.2.57-201404182109
test: 3.0-3.13.10-201404141717 -> 3.0-3.14.1-201404201132
vserver: 3.0-3.2.57-vs2.3.2.16-201404131253 -> 3.0-3.2.57-vs2.3.2.16-201404182110
2014-04-21 18:46:41 +02:00
4e8c2f0ff9
Merge branch 'systemd-update'
2014-04-20 19:31:01 +02:00
5da309fcaa
linux: Enable SND_DYNAMIC_MINORS
...
This is necessary if you get:
kernel: Too many HDMI devices
kernel: Consider building the kernel with CONFIG_SND_DYNAMIC_MINORS=y
2014-04-18 21:50:00 +02:00
3f01caa89f
linux: Enable transparent hugepages
2014-04-16 22:40:07 +02:00
ba2f861f05
kernel: stable/longterm updates
...
- stable: 3.14 -> 3.14.1
- longterm: 3.10.36 -> 3.10.37
- longterm: 3.4.86 -> 3.4.86
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-14 19:46:39 -05:00
1b113178ee
grsecurity: Update test patch from 3.0-3.13.9-201404131254 -> 3.0-3.13.10-201404141717
2014-04-15 00:16:29 +02:00
3a1c9a2945
linux: Update to 3.13.10
2014-04-15 00:16:29 +02:00
73b4b287bb
linux: Don't use underscores in the timestamp
2014-04-14 21:06:04 +02:00
788d9a13fb
grsecurity: stable/vserver/testing updates
...
- stable: 201404111812 -> 201404131252
- vserver: vs2.3.2.16-201404111814 -> vs2.3.2.16-201404131253
- testing: 201404111815 -> 201404131254
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-13 13:11:17 -05:00
172dc1336f
nixos: add grsecurity module ( #1875 )
...
This module implements a significant refactoring in grsecurity
configuration for NixOS, making it far more usable by default and much
easier to configure.
- New security.grsecurity NixOS attributes.
- All grsec kernels supported
- Allows default 'auto' grsec configuration, or custom config
- Supports custom kernel options through kernelExtraConfig
- Defaults to high-security - user must choose kernel, server/desktop
mode, and any virtualisation software. That's all.
- kptr_restrict is fixed under grsecurity (it's unwriteable)
- grsecurity patch creation is now significantly abstracted
- only need revision, version, and SHA1
- kernel version requirements are asserted for sanity
- built kernels can have the uname specify the exact grsec version
for development or bug reports. Off by default (requires
`security.grsecurity.config.verboseVersion = true;`)
- grsecurity sysctl support
- By default, disabled.
- For people who enable it, NixOS deploys a 'grsec-lock' systemd
service which runs at startup. You are expected to configure sysctl
through NixOS like you regularly would, which will occur before the
service is started. As a result, changing sysctl settings requires
a reboot.
- New default group: 'grsecurity'
- Root is a member by default
- GRKERNSEC_PROC_GID is implicitly set to the 'grsecurity' GID,
making it possible to easily add users to this group for /proc
access
- AppArmor is now automatically enabled where it wasn't before, despite
implying features.apparmor = true
The most trivial example of enabling grsecurity in your kernel is by
specifying:
security.grsecurity.enable = true;
security.grsecurity.testing = true; # testing 3.13 kernel
security.grsecurity.config.system = "desktop"; # or "server"
This specifies absolutely no virtualisation support. In general, you
probably at least want KVM host support, which is a little more work.
So:
security.grsecurity.enable = true;
security.grsecurity.stable = true; # enable stable 3.2 kernel
security.grsecurity.config = {
system = "server";
priority = "security";
virtualisationConfig = "host";
virtualisationSoftware = "kvm";
hardwareVirtualisation = true;
}
This module has primarily been tested on Hetzner EX40 & VQ7 servers
using NixOps.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-11 22:43:51 -05:00
acbf28145c
nixos: make several kernel common-config options optional
...
Realistically, common-config is useful, but there are a lot of things in
there that are non-optionally specified that aren't always useful. For
example, when deploying grsecurity, I don't want the bluetooth,
wireless, or input joystick/extra filesystem stack (XFS, etc), nor the
staging drivers tree.
The problem is that if you specify this in your own kernel config in the
grsecurity module, by saying 'BT n' to turn off bluetooth,
common-config turns on 'BT_HCIUART_BCSP y', which then becomes unused
and errors out.
This is really just an arbitrary picking at the moment, but it should be
OK.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-11 22:39:29 -05:00
5dfc6584a5
grsecurity: Update stable patch from 3.0-3.2.56-201404062126 -> 3.0-3.2.57-201404091758
2014-04-10 00:37:33 +02:00
c50abd0e13
linux: Update to 3.2.57
2014-04-10 00:37:33 +02:00
3ff158289a
lockdep: refactor into non-kernel package
...
Lockdep doesn't *really* require the kernel package - just the kernel
sources. It's really a user-space tool just compiled from some portable
code within the kernel, nothing more.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-08 19:21:55 -05:00
05ec851050
kernel: longterm updates
...
- longterm: 3.4.85 -> 3.4.86
- longterm: 3.10.35 -> 3.10.36
- longterm: 3.12.15 -> 3.12.17
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-07 13:56:50 -05:00
807fad571a
grsecurity: Update stable and test patches
...
stable: 3.0-3.2.56-201404012135 -> 3.0-3.2.56-201404062126
test: 3.0-3.13.8-201404011912 -> 3.0-3.13.9-201404062127
2014-04-07 15:31:12 +02:00
c494289c12
linux: Update to 3.13.9
2014-04-07 15:31:12 +02:00
c69eb7c2c1
Remove timestamp from the kernel.
2014-04-05 08:40:55 +02:00
0c66dbaee6
Enable CC_STACKPROTECTOR_REGULAR on linux 3.14+
2014-04-02 17:58:54 -04:00
8146737127
Merge #2090 : add new lockdep tool from Linux 3.14
2014-04-02 20:55:30 +02:00
52d233af22
grsecurity: Update stable patch from 3.0-3.2.55-201403300851 -> 3.0-3.2.56-201404012135
2014-04-02 15:11:33 +02:00
e8c6c60b93
linux: Update to 3.2.56
2014-04-02 15:11:32 +02:00
407a6857c6
grsecurity: Update stable and test patches
...
stable: 3.0-3.2.55-201403252026 -> 3.0-3.2.55-201403300851
test: 3.0-3.13.7-201403252047 -> 3.0-3.13.8-201404011912
2014-04-02 02:16:59 +02:00
19bc051ca1
kernel: stable/longterm updates
...
- longterm: 3.4.83 -> 3.4.85
- longterm: 3.10.33 -> 3.10.35
- longterm: 3.12.14 -> 3.12.15
- stable: 3.13.7 -> 3.13.8
NOTE: This will break the testing grsec kernel at the moment (there's
not a 3.13.8 patch yet), but it's destined to be upgraded to 3.14 soon
anyway.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-01 11:11:10 +02:00
7288f25bd1
kernel: stable/longterm updates
...
- longterm: 3.4.83 -> 3.4.85
- longterm: 3.10.33 -> 3.10.35
- longterm: 3.12.14 -> 3.12.15
- stable: 3.13.7 -> 3.13.8
NOTE: This will break the testing grsec kernel at the moment (there's
not a 3.18.8 patch yet), but it's destined to be upgraded to 3.14 soon
anyway.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-01 03:03:00 -05:00
1459896be1
kernel: add myself to maintainer list
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-01 02:59:20 -05:00
bdff718c5b
kernel: add lockdep expression
...
Lockdep is the kernel's locking validation/debugging tool and has seen
heavy pro-active usage and development. In Linux 3.14, it's now
available directly to userspace for the same purpose. It comes with a
convenient utility to LD_PRELOAD a shared library for validation, or a
user-space API to link to directly.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-01 01:20:46 -05:00
9493159017
kernel: remove 3.11 series (EOL)
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-01 00:56:23 -05:00
2d4ce25b5b
Add linux 3.14
2014-03-31 20:54:47 -04:00
911f332279
grsecurity: Update stable and test patches
...
stable: 3.0-3.2.55-201403202347 -> 3.0-3.2.55-201403252026
test: 3.0-3.13.6-201403202349 -> 3.0-3.13.7-201403252047
2014-03-26 23:07:57 +00:00
1c73e6f9d8
linux: Update to 3.13.7
2014-03-26 23:07:57 +00:00
9db587bf7d
grsecurity: Update stable and test patches
...
stable: 3.0-3.2.55-201403172027 -> 3.0-3.2.55-201403202347
test: 3.0-3.13.6-201403172032 -> 3.0-3.13.6-201403202349
2014-03-21 15:41:32 +01:00
00cfc70b10
linux: update to 3.12.14 and 3.10.33
2014-03-21 15:38:52 +01:00
e4961c63f7
Remove sec_perm patch that was needed by AUFS
...
Now the kernel is unpatched by default on non-MIPS!
2014-03-21 04:37:23 -04:00
cc69228119
grsecurity: Update stable and test patches
...
stable: 3.0-3.2.55-201403142107 -> 3.0-3.2.55-201403172027
test: 3.0-3.13.6-201403142112 -> 3.0-3.13.6-201403172032
2014-03-18 16:51:25 +01:00
c0f3f6e396
linux: Update to 3.4.83
2014-03-17 11:25:48 +01:00
e76c059b23
grsecurity: Fix grsec-path.patch to apply with newest patches
2014-03-15 18:01:47 +01:00
ceec014020
grsecurity: Update stable and test patches
...
stable: 3.0-3.2.55-201403122114 -> 3.0-3.2.55-201403142107
test: 3.0-3.13.6-201403122116 -> 3.0-3.13.6-201403142112
2014-03-15 04:15:28 +01:00
0f72effdd9
The derivation primop doesn't play well with null outputs attribute
2014-03-13 15:05:15 -04:00
86b8cf954a
grsecurity: Update stable and test patches
...
stable: 3.0-3.2.55-201403072107 -> 3.0-3.2.55-201403122114
test: 3.0-3.13.6-201403072241 -> 3.0-3.13.6-201403122116
2014-03-13 02:28:58 +01:00
d999872b8d
grsecurity: Update stable and test patches
...
stable: 3.0-3.2.55-201403022154 -> 3.0-3.2.55-201403072107
test: 3.0-3.13.5-201403031445 -> 3.0-3.13.6-201403072241
2014-03-10 17:23:17 +01:00
9b650b074b
linux: Update to 3.13.6
2014-03-10 17:23:17 +01:00
c4d5757e29
grsecurity updates
...
- stable: 3.0-3.2.55-201402241936 -> 3.0-3.2.55-201403022154
- testing: 3.0-3.13.5-201402241943 -> 3.0-3.13.5-201403031445
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-04 01:13:22 +01:00
69a83ba99f
grsecurity: Update stable and test patches
...
stable: 3.0-3.2.55-201402221305 -> 3.0-3.2.55-201402241936
test: 3.0-3.13.4-201402221308 -> 3.0-3.13.5-201402241943
2014-03-03 02:16:58 +01:00
8109de905a
linux: Update to 3.13.5
2014-03-03 02:16:50 +01:00
05c19ced9b
linuxPackages_3_12.perf: update from 3.12.12 to 3.12.13
2014-02-26 20:49:27 +02:00
7f4b97d495
grsecurity: stable/testing updates
...
- stable: 3.0-3.2.55-201402201903 -> 3.0-3.2.55-201402221305
- testing: 3.0-3.13.4-201402201908 -> 3.0-3.13.4-201402221308
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-22 20:29:25 +01:00
18f65f3640
grsecurity: stable/testing updates
...
- stable: 3.0-3.2.55-201402192249 -> 3.0-3.2.55-201402201903
- testing: 3.0-3.13.3-201402192252 -> 3.0-3.13.4-201402201908
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-20 20:21:16 -06:00
a1dc5ea707
kernel: stable updates
...
- 3.13 stable: 3.13.3 -> 3.13.4
- 3.12 stable: 3.12.11 -> 3.12.12
- 3.10 longterm: 3.10.30 -> 3.10.31
- 3.4 longterm: 3.4.80 -> 3.4.81
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-20 20:21:11 -06:00
58e08a1a4f
grsecurity: stable/testing updates
...
- stable: 3.0-3.2.55-201402152203 -> 3.0-3.2.55-201402192249
- testing: 3.0-3.13.3-201402152204 -> 3.0-3.13.3-201402192252
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-20 04:53:19 -06:00
c137015328
grsecurity updates.
...
- stable: 3.0-3.2.54-201402062221 -> 3.0-3.2.55-201402152203
- testing: 3.0-3.13.3-201402132113 -> 3.0-3.13.3-201402152204
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-17 07:27:51 -06:00
8e349e721c
linux: 3.2.54 -> 3.2.55
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-17 07:27:51 -06:00
52248aa7a2
kernel: 3.12.10 -> 3.12.11 ( close #1743 )
2014-02-16 14:20:09 +01:00
daa2827b99
grsecurity: update patch
2014-02-14 18:13:05 +02:00
fc213ccfa8
linux_3_13: update from 3.13.2 to 3.13.3
2014-02-14 16:56:38 +02:00
699509db14
linux_3_10: update from 3.10.29 to 3.10.30
2014-02-14 16:55:44 +02:00
ad4e2bd499
linux_3_4: update from 3.4.79 to 3.4.80
2014-02-14 16:55:44 +02:00
69f4bdac6e
linux: add git repository and branch meta
2014-02-14 10:45:36 +02:00
b31547654d
grsecurity: Update stable and test patches
...
stable: 3.0-3.2.54-201401191012 -> 3.0-3.2.54-201402062221
test: 3.0-3.12.8-201401191015 -> 3.0-3.13.2-201402062224
2014-02-08 16:16:58 +01:00
Tim Steinbach
Tim Steinbach
Joachim Fasting
Vladimír Čunát
Eelco Dolstra
Tuomas Tynkkynen
Aneesh Agrawal
Marco Maggesi
Eelco Dolstra
Anders Papitto
Alexander Ried
Shea Levy
Graham Christensen
Franz Pletz
Nikolay Amiantov
Tuomas Tynkkynen
aszlig
Guillaume Maudoux
Kirill Boltaev
obadz
Robin Gloster
Bjørn Forsman
Gabriel Ebner
Michal Rus
Lluís Batlle i Rossell
Louis Taylor
zimbatm
Joachim Fasting
Alexander Kjeldaas
Tim Steinbach
obadz
Charles Strahan
Ragnar Dahlén
Domen Kožar
Lluís Batlle i Rossell
Al Zohali
Marko Poikonen
tg(x)
Dan Peebles
Tobias Geerinckx-Rice
Nathan Zadoks
Simon Jagoe
Tim Steinbach
Aristid Breitkreuz
Luca Bruno
William A. Kennington III
Brian McKenna
Thomas Strobel
Paul Colomiets
Charles Strahan
Mathnerd314
Jonathan Rudenberg
Ricardo M. Correia
Jookia
Remy Goldschmidt
Arseniy Seroka
Jan Malakhovski
Mathijs Kwik
Michael Raskin
Peter Simons
lethalman
ambrop7@gmail.com
uzska
Daniel Peebles
Austin Seipp
Mateusz Kowalczyk
Evgeny Egorochkin