Commit Graph

1996 Commits

Author SHA1 Message Date
Tim Steinbach 8fda707027 kernel: 4.4.39 -> 4.4.40 2017-01-06 16:14:30 -05:00
Tuomas Tynkkynen 2a4c8313e4 linux_testing: 4.10-rc1 -> 4.10-rc2 2017-01-03 13:51:23 +02:00
Joachim Fasting 75ce714818 grsecurity: 4.8.15-201612151923 -> 201612301949 2017-01-01 06:01:04 +01:00
Eelco Dolstra bbd03e236a Use looser 9pfs caching in VM tests/builds
This can give significant speed ups, see
https://github.com/edolstra/linux/commit/7e20254412c780a2102761fee92cb1d32ceeaefd.
2016-12-29 21:26:16 +01:00
Franz Pletz c6bcc485de linux_4_8: add patch to fix CVE-2016-9919 2016-12-28 06:35:11 +01:00
Tuomas Tynkkynen 5ba7f33e3a linux_testing: 4.9-rc8 -> 4.10-rc1 2016-12-27 01:35:10 +02:00
Graham Christensen 3ffb5ba60c linux:3.18.44 -> 3.18.45 2016-12-21 21:08:47 -05:00
Graham Christensen 53e21529d4 linux:3.12.68 -> 3.12.69 2016-12-21 21:08:47 -05:00
Tim Steinbach 0e8e4a08f3 linux: 4.8.14 -> 4.8.15 2016-12-16 08:16:45 -05:00
Tim Steinbach cb9ff3f7f9 linux: 4.4.38 -> 4.4.39 2016-12-16 08:16:22 -05:00
Joachim Fasting f0e77cd07d grsecurity: 4.8.14-201612110933 -> 4.8.15-201612151923 2016-12-16 12:46:44 +01:00
Graham Christensen 01d022e16b Merge pull request #21118 from grahamc/fix-rsa-build-failure
linux_{4_8,grsec_nixos}: patch to fix build failure
2016-12-13 09:15:50 -05:00
Joachim Fasting d918c80e13 grsecurity: disable verbose initify
Not as useful/informative as I had hoped.
2016-12-13 15:12:34 +01:00
Graham Christensen 7a813d3f6d linux_{4_8,grsec_nixos}: patch to fix build failure
crypto/rsa_helper.c:18:28: fatal error: rsapubkey-asn1.h: No such file or directory
2016-12-13 07:25:46 -05:00
Shea Levy f6daae391f linux: add 4.9 2016-12-11 19:33:05 -05:00
Joachim Fasting 601058e0e2 grsecurity: 4.8.13-201612082118 -> 4.8.14-201612110933 2016-12-11 19:09:16 +01:00
Tim Steinbach f576c490e3 linux: 4.4.37 -> 4.4.38 2016-12-10 15:18:52 -05:00
Tim Steinbach b69822c505 linux: 4.8.13 -> 4.8.14 2016-12-10 15:15:44 -05:00
Tuomas Tynkkynen bdab6fe5a1 kernel: Use built-in dtbs_install target instead of rolling our own
In particular, on aarch64 all the .dtb files will be in subdirectories
and *.dtb won't match anything.
2016-12-10 20:24:08 +02:00
Franz Pletz 9074d9859e linux: add patch to fix CVE-2016-8655
See https://lwn.net/Articles/708319/ for more information.
2016-12-10 17:08:42 +01:00
Bjørn Forsman 2077385421 kernel: enable CONFIG_DYNAMIC_DEBUG (like Fedora and Ubuntu)
It was useful in tracking down CIFS + DFS issue, and it's apparently
enabled by default in two major distros.
2016-12-10 00:01:21 +02:00
Bjørn Forsman d429520b13 kernel: add CONFIG_CIFS_* like Fedora, Ubuntu
The plan is to fix mounting DFS shares on NixOS (for which some of these
options are needed), but I figured it might be a good idea to enable all
CONFIG_CIFS_* like Fedora 24 and Ubuntu 16.04 while at it. Ubuntu even
has CONFIG_CIFS_SMB311, but as Fedora do not, I left it out.

Mounting DFS shares still doesn't work; need to configure cifs.upcall
and /etc/request-key.conf. Until then, using GVFS as a workaround.
2016-12-10 00:01:21 +02:00
Joachim Fasting d1a5dc0b1c grsecurity: 4.8.12-201612062306 -> 4.8.13-201612082118 2016-12-09 15:31:02 +01:00
Joachim Fasting 9a63779d64 grsecurity: use upstream url as the primary source 2016-12-09 15:31:00 +01:00
Joachim Fasting ca7cc96ee8 grsecurity: enable PAX_INITIFY
Uses gcc plugin to detect more instances where memory used during init
can be freed.
2016-12-09 15:30:40 +01:00
Tim Steinbach bfffbb5ea6 linux: 4.8.12 -> 4.8.13 2016-12-09 08:27:11 -05:00
Tim Steinbach e861a5f7af linux: 4.4.36 -> 4.4.37 2016-12-09 08:26:46 -05:00
Joachim Fasting 5fd4ffe00f grsecurity: 4.8.12-201612031658 -> 201612062306 2016-12-08 12:22:13 +01:00
Tim Steinbach c9d1d430ec linux: 4.9-rc7 -> 4.9-rc8 2016-12-05 19:40:11 -05:00
Joachim Fasting 9578299bbe grsecurity: 4.8.11-201611271225 -> 4.8.12-201612031658 2016-12-06 01:24:32 +01:00
Joachim Fasting cc396697a6 grsecurity: enable ability to lock in readonly mounts 2016-12-06 01:24:12 +01:00
Joachim Fasting 0e765c72e5 grsecurity: enable module hardening 2016-12-06 01:23:58 +01:00
Joachim Fasting 071fbcda24 grsecurity: enable optional sysfs restrictions
Fairly severe, but can be disabled at bootup via
grsec_sysfs_restrict=0. For the NixOS module we ensure that it is
disabled, for systemd compatibility.
2016-12-06 01:23:36 +01:00
Joachim Fasting 8c1f5afdf3 grsecurity: delay toggling of sysctls until system is up
We generally trust init, so there's little point in having these enabled
during early bootup; it accomplishes little except fill our logs with
spam.
2016-12-06 01:22:53 +01:00
Tuomas Tynkkynen 9ccc14b1bc linux_rpi: Add some feature flags
Copied from linux_4_4 (except for the EFI stub thing).

Otherwise the firewall module fails to evaluate:
Failed assertions:
- This kernel does not support rpfilter
2016-12-04 18:18:06 +02:00
Tim Steinbach 4f8b74b401 Merge pull request #20866 from NeQuissimus/linux_4_8_12
linux: 4.8.11 -> 4.8.12
2016-12-02 18:28:46 -05:00
Tim Steinbach 853b6493c8 linux: 4.8.11 -> 4.8.12 2016-12-02 14:29:00 -05:00
Tim Steinbach 654f5df5dc linux: 4.4.35 -> 4.4.36 2016-12-02 14:28:26 -05:00
Tim Steinbach 5afc6b506c linux: 4.1.35 -> 4.1.36 2016-12-01 20:34:02 -05:00
Tim Steinbach 18a3225dac linux: 3.12.67 -> 3.12.68 2016-11-29 17:40:17 -05:00
Joachim Fasting b90ed0cc80 grsecurity: 4.8.10-201611232213 -> 4.8.11-201611271225 2016-11-28 11:41:10 +01:00
Joachim Fasting 4c7323545b Revert "grsecurity: work around for #20490"
This reverts commit e38b74ba89.

I failed to notice f19c961b4e461da045f2e72e73701059e5117be0; better
use that fix instead.
2016-11-28 11:40:55 +01:00
Tim Steinbach eecf76eaa2 linux: 4.9-rc6 -> 4.9-rc7 2016-11-27 19:48:24 -05:00
Tuomas Tynkkynen 86ea3126bc linux_rpi: 1.20160620 -> 1.20161020 2016-11-28 00:24:00 +02:00
Tim Steinbach b47307bd74 linux: 4.8.10 -> 4.8.11 2016-11-26 16:29:23 -05:00
Tim Steinbach cc77360bed linux: 4.4.34 -> 4.4.35 2016-11-26 16:28:58 -05:00
Jörg Thalheim 01172c2ccf Merge pull request #20591 from NeQuissimus/linux_4_9_rc6
linux: 4.9-rc5 -> 4.9-rc6
2016-11-26 16:00:16 +01:00
Joachim Fasting f9d787c67b grsecurity: 4.8.10-201611210813 -> 201611232213 2016-11-24 12:08:12 +01:00
Franz Pletz 7974d7493a linux: compress kernel image with xz 2016-11-23 02:24:13 +01:00
Tim Steinbach e4a1b76457 linux: 4.8.9 -> 4.8.10 2016-11-21 18:07:17 -05:00