Commit Graph

1996 Commits

Author SHA1 Message Date
Tim Steinbach b5169fd277 linux: Add cgroups patches for 4.9, 4.10, 4.11 2017-05-02 08:49:39 -04:00
Shea Levy 207a0af06a Add linux 4.11 2017-05-01 19:04:45 -04:00
Michael Raskin 1cce0887ee Merge branch 'master' into mptcp-v91.3 2017-05-01 00:43:08 +02:00
Tim Steinbach 0c4de3c0c9 linux: 4.4.64 -> 4.4.65 2017-04-30 08:58:44 -04:00
Joachim Fasting ab4fa1cce4 tree-wide: prune some dead grsec leaves
The beginning of pruning grsecurity/PaX from the tree.
2017-04-30 12:05:41 +02:00
Joachim Fasting 62f2a1c2be linux_hardened: init
The rationale for this is to have a place to enable hardening features
that are either too invasive or that may be speculative/yet proven to be
worthwhile for general-purpose kernels.
2017-04-30 12:05:39 +02:00
Joachim Fasting 32b8512e54 grsecurity: discontinue support
Upstream has decided to make -testing patches private, effectively ceasing
free support for grsecurity/PaX [1].  Consequently, we can no longer
responsibly support grsecurity on NixOS.

This patch turns the kernel and patch expressions into build errors and
adds a warning to the manual, but retains most of the infrastructure, in
an effort to make the transition smoother.  For 17.09 all of it should
probably be pruned.

[1]: https://grsecurity.net/passing_the_baton.php
2017-04-28 12:35:15 +02:00
Tim Steinbach 7f3b857d0d linux: 4.4.63 -> 4.4.64 2017-04-27 22:12:35 -04:00
Tim Steinbach 08c44a5cac linux: 4.10.12 -> 4.10.13 2017-04-27 22:10:06 -04:00
Tim Steinbach 903fec9922 linux: 4.9.24 -> 4.9.25 2017-04-27 22:07:34 -04:00
Jason A. Donenfeld b1750d699c linux-chromiumos: remove 3.14
3.14 is no longer supported upstream by kernel.org and thus no longer
receives security patches. The git commit mentioned in this .nix isn't
even available in the linked repository --
https://chromium.googlesource.com/chromiumos/third_party/kernel -- so I
think this .nix might be dead anyway. Finally, it specifies 3.14.0,
which is so ridiculously old (the latest was 3.14.79) that nobody
develops for it.

Fixes: #25145
Supports: #25127
2017-04-23 15:47:46 +02:00
Joachim Fasting 9e6c96f8fc grsecurity: 4.9.24-201704210851 -> 4.9.24-2201704220732 2017-04-22 16:37:24 +02:00
Joachim Fasting 05911da7bb grsecurity: 4.9.23-201704181901 -> 4.9.24-201704210851 2017-04-21 15:09:32 +02:00
Tim Steinbach 7fb1b54cc1 linux: 4.4.62 -> 4.4.63 2017-04-21 08:03:43 -04:00
Tim Steinbach 1b3282d52d linux: 4.10.11 -> 4.10.12 2017-04-21 08:01:22 -04:00
Tim Steinbach 4dda88c89d linux: 4.9.23 -> 4.9.24 2017-04-21 07:58:45 -04:00
Joachim Fasting 9902d63e84 grsecurity: 4.9.22-201704120836 -> 4.9.23-201704181901 2017-04-20 00:21:41 +02:00
Tim Steinbach 7643c7c8cc linux: 4.4.61 -> 4.4.62 2017-04-18 08:22:23 -04:00
Tim Steinbach 5283e644ce linux: 4.10.10 -> 4.10.11 2017-04-18 08:20:40 -04:00
Tim Steinbach 1173fe0b49 linux: 4.9.22 -> 4.9.23 2017-04-18 08:15:48 -04:00
Tim Steinbach 5a7b029fa9 linux: 4.11-rc6 -> 4.11-rc7 2017-04-17 07:41:19 -04:00
Tuomas Tynkkynen 3ed0d7e2df kernel-config: Explicitly enable CONFIG_NETFILTER
This is needed by the NixOS firewall, but isn't enabled by the ARM
defconfig nor kernelAutoModules (as 'm' doesn't seem to be an option)
2017-04-14 20:43:50 +03:00
Joachim Fasting 3fa5605b41 grsecurity: 4.9.21-201704091948 -> 4.9.22-201704120836 2017-04-12 18:58:29 +02:00
Tim Steinbach 5f05792417 linux: 4.4.60 -> 4.4.61 2017-04-12 09:17:53 -04:00
Tim Steinbach 6860eedfd6 linux: 4.10.9 -> 4.10.10 2017-04-12 09:16:08 -04:00
Tim Steinbach 224a8f7358 linux: 4.9.21 -> 4.9.22 2017-04-12 09:13:56 -04:00
Tim Steinbach 205abc1fb6 linux: 4.11-rc5 -> 4.11-rc6 2017-04-10 08:34:23 -04:00
Joachim Fasting 7701cbca6b grsecurity: 4.9.20-201703310823 -> 4.9.21-201704091948 2017-04-10 03:34:42 +02:00
Nikolay Amiantov 7099e8da83 linux: build with initrd support by default
We don't require initrd in some cases but still most boot sequences including ARM use it.
2017-04-09 22:46:07 +03:00
Nikolay Amiantov c0e77dba0e linux: add kernelPreferBuiltin platform option
This allows to use kernelAutoModules but still compile in any options that are set so in template config.
It's helpful for ARM and maybe other platforms where defaul configurations are useful because they compile in
modules that we and udev cannot autodetect now.
2017-04-09 22:46:07 +03:00
Tim Steinbach 79f9544eca linux: 4.4.59 -> 4.4.60 2017-04-08 08:04:54 -04:00
Tim Steinbach 1988c1fa41 linux: 4.10.8 -> 4.10.9 2017-04-08 08:02:18 -04:00
Tim Steinbach 016a319b50 linux: 4.9.20 -> 4.9.21 2017-04-08 07:59:27 -04:00
Tim Steinbach a29d0df28c linux: 4.11-rc4 -> 4.11-rc5 2017-04-03 09:02:37 -04:00
Volth b78f16b337 kernel: do not remove .o files on installPhase 2017-04-01 16:05:17 +03:00
Volth ed41d50e9f kernel: fix 9p issues
[tuomas: rename the patch from 9p-hacks to something slighly more
meaningful]
Signed-off-by: Tuomas Tynkkynen <tuomas@tuxera.com>
2017-04-01 15:49:14 +03:00
Joachim Fasting a41668f441 grsecurity: 4.9.19-201703300917 -> 4.9.20-201703310823 2017-04-01 00:08:50 +02:00
Tim Steinbach cb791371c5 linux: 4.4.58 -> 4.4.59 2017-03-31 09:19:07 -04:00
Tim Steinbach bff456bd55 linux: 4.10.7 -> 4.10.8 2017-03-31 09:16:52 -04:00
Tim Steinbach 501429d120 linux: 4.9.19 -> 4.9.20 2017-03-31 09:14:19 -04:00
Tim Steinbach ecca152887 linux: 4.10.6 -> 4.10.7 2017-03-30 22:12:26 -04:00
Tim Steinbach 6b5193bcd9 linux: 4.4.57 -> 4.4.58 2017-03-30 22:12:05 -04:00
Joachim Fasting f9cb8775b3 linux_4_9: 4.9.18 -> 4.9.19 2017-03-30 22:50:38 +02:00
Joachim Fasting 4d4488e793 grsecurity: 4.9.18-201703261106 -> 4.9.19-201703300917 2017-03-30 16:28:34 +02:00
Tim Steinbach 310bb3e6bb linux: 4.11-rc3 -> 4.11-rc4 2017-03-26 19:04:21 -04:00
Joachim Fasting 5fe81c1bdb grsecurity: 4.9.17-201703221829 -> 4.9.18-201703261106 2017-03-26 21:35:36 +02:00
Tim Steinbach 23d0f01e95 linux: 4.4.56 -> 4.4.57 2017-03-26 10:08:56 -04:00
Tim Steinbach c0411ea229 linux: 4.10.5 -> 4.10.6 2017-03-26 10:05:22 -04:00
Tim Steinbach 422a8b9cd1 linux: 4.9.17 -> 4.9.18 2017-03-26 10:00:57 -04:00
Guillaume Maudoux d431ff2776 linux_mptcp: 0.91.2 -> 0.91.3 (kernel 4.1.38) 2017-03-23 22:36:24 +01:00