alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity
224865 commits 217 branches 121 tags 4.5 GiB
Commit graph

3688 commits

Author SHA1 Message Date
Tim Steinbach 629068fe5b
linux_latest-libre: 17402 -> 17445 2020-04-22 19:40:01 -04:00
kraem fca903c7dd
linux/hardened-patches/4.19.117: init at 4.19.117.a 2020-04-22 02:12:28 +02:00
kraem 99f30a5635
linux/hardened-patches/5.4.34: init at 5.4.34.a 2020-04-22 02:12:25 +02:00
kraem 3c81b3df4e
linux/hardened-patches/5.5.19: init at 5.5.19.a 2020-04-22 02:12:21 +02:00
kraem c8b5e37764
linux/hardened-patches/5.6.6: init at 5.6.6.a 2020-04-22 02:12:17 +02:00
kraem efafc50f5c
linux/hardened-patches/4.19.116: remove 2020-04-21 22:18:03 +02:00
kraem 8f2e9fcadd
linux/hardened-patches/5.5.18: remove 2020-04-21 22:18:03 +02:00
kraem 9ed70f4e46
linux/hardened-patches/5.6.5: remove 2020-04-21 22:18:03 +02:00
kraem 15807c58ad
linux/hardened-patches/5.4.33: remove 2020-04-21 22:18:02 +02:00
kraem c9cf25bc61
linux: 5.6.5 -> 5.6.6 2020-04-21 21:59:59 +02:00
kraem 1e23dcbf22
linux: 5.5.18 -> 5.5.19 2020-04-21 21:59:22 +02:00
kraem 18c2b5a9aa
linux: 5.4.33 -> 5.4.34 2020-04-21 21:58:45 +02:00
kraem e074301be8
linux: 4.19.116 -> 4.19.117 2020-04-21 21:58:03 +02:00
Frederik Rietdijk 803b3d296c Merge staging-next into staging 2020-04-21 08:29:51 +02:00
kraem 523fe98821 linux/hardened-patches/4.19.116: 4.19.116.NixOS-a -> 4.19.116.a 2020-04-20 10:05:36 -04:00
kraem 45343beffe linux/hardened-patches/5.4.33: 5.4.33.NixOS-a -> 5.4.33.a 2020-04-20 10:05:36 -04:00
kraem 48d908b731 linux/hardened-patches/5.5.18: init at 5.5.18.a 2020-04-20 10:05:36 -04:00
kraem 0fd9293703 linux/hardened-patches/5.6.5: init at 5.6.5.a 2020-04-20 10:05:36 -04:00
kraem e7a65e6c41 linux/hardened-patches/5.5.17: remove 2020-04-20 10:05:36 -04:00
kraem eb41f8122e linux/hardened-patches/5.6.4: remove 2020-04-20 10:05:36 -04:00
kraem 8879086cfc linux: 5.5.17 -> 5.5.18 2020-04-20 10:05:36 -04:00
kraem 4307923b86 linux: 5.6.4 -> 5.6.5 2020-04-20 10:05:36 -04:00
Yegor Timoshenko 6f1165a0cb
Merge pull request #84522 from emilazy/add-linux-hardened-patches 
linux_*_hardened: use linux-hardened patch set
 2020-04-19 20:01:35 +03:00
Vladimír Čunát d96487b9ca
Merge branch 'master' into staging-next 
Hydra nixpkgs: ?compare=1582510
 2020-04-18 07:42:26 +02:00
John Ericson 33c2a76c5e Merge remote-tracking branch 'upstream/master' into staging 2020-04-17 18:40:51 -04:00
Emily 7fdfe5381d linux_*_hardened: don't set FORTIFY_SOURCE 
Upstreamed in anthraxx/linux-hardened@d12c0d5f0c.
 2020-04-17 16:13:39 +01:00
Emily ed89b5b3f1 linux_*_hardened: don't set PANIC_ON_OOPS 
Upstreamed in anthraxx/linux-hardened@366e0216f1.
 2020-04-17 16:13:39 +01:00
Emily 0d5f1697b7 linux_*_hardened: don't set SLAB_FREELIST_{RANDOM,HARDENED} 
Upstreamed in anthraxx/linux-hardened@786126f177,
anthraxx/linux-hardened@44822ebeb7.
 2020-04-17 16:13:39 +01:00
Emily 4fb796e341 linux_*_hardened: don't set HARDENED_USERCOPY_FALLBACK 
Upstreamed in anthraxx/linux-hardened@c1fe7a68e3,
anthraxx/linux-hardened@2c553a2bb1.
 2020-04-17 16:13:39 +01:00
Emily 3eeb5240ac linux_*_hardened: don't set DEBUG_LIST 
Upstreamed in anthraxx/linux-hardened@6b20124185.
 2020-04-17 16:13:39 +01:00
Emily 0611462e33 linux_*_hardened: don't set {,IO_}STRICT_DEVMEM 
STRICT_DEVMEM is on by default in upstream 5.6.2; IO_STRICT_DEVMEM is
turned on by anthraxx/linux-hardened@103d23cb66.

Note that anthraxx/linux-hardened@db1d27e10e
disables DEVMEM by default, so this is only relevant if that default is
overridden to turn it back on.
 2020-04-17 16:13:39 +01:00
Emily 303bb60fb1 linux_*_hardened: don't set DEBUG_WX 
Upstreamed in anthraxx/linux-hardened@55ee7417f3.
 2020-04-17 16:13:39 +01:00
Emily 33b94e5a44 linux_*_hardened: don't set BUG_ON_DATA_CORRUPTION 
Upstreamed in anthraxx/linux-hardened@3fcd15014c.
 2020-04-17 16:13:39 +01:00
Emily db6b327508 linux_*_hardened: don't set LEGACY_VSYSCALL_NONE 
Upstreamed in anthraxx/linux-hardened@d300b0fdad.
 2020-04-17 16:13:39 +01:00
Emily 130f6812be linux_*_hardened: don't set RANDOMIZE_{BASE,MEMORY} 
These are on by default for x86 in upstream linux-5.6.2, and turned on
for arm64 by anthraxx/linux-hardened@90f9670bc3.
 2020-04-17 16:13:39 +01:00
Emily 8c68055432 linux_*_hardened: don't set MODIFY_LDT_SYSCALL 
Upstreamed in anthraxx/linux-hardened@05644876fa.
 2020-04-17 16:13:39 +01:00
Emily 8efe83c22e linux_*_hardened: don't set DEFAULT_MMAP_MIN_ADDR 
Upstreamed in anthraxx/linux-hardened@f1fe0a64dd.
 2020-04-17 16:13:39 +01:00
Emily 3d4c8ae901 linux_*_hardened: don't set VMAP_STACK 
This has been on by default upstream for as long as it's been an option.
 2020-04-17 16:13:39 +01:00
Emily 7d5352df31 linux_*_hardened: don't set X86_X32 
As far as I can tell, this has never defaulted to on upstream, and our
common kernel configuration doesn't turn it on, so the attack surface
reduction here is somewhat homeopathic.
 2020-04-17 16:13:39 +01:00
Emily 0d4f35efd4 linux_*_hardened: use linux-hardened patch set 
This is an updated version of the former upstream,
https://github.com/AndroidHardeningArchive/linux-hardened, and provides
a minimal set of additional hardening patches on top of upstream.

The patch already incorporates many of our hardened profile defaults,
and releases are timely (Linux 5.5.15 and 5.6.2 were released on
2020-04-02; linux-hardened patches for them came out on 2020-04-03 and
2020-04-04 respectively).
 2020-04-17 16:13:39 +01:00
Emily 3d01e802bd linux: explicitly enable SYSVIPC 
The linux-hardened patch set removes this default, probably because of
its original focus on Android kernel hardening.
 2020-04-17 16:12:29 +01:00
Tim Steinbach e341107367
linux: 5.4.32 -> 5.4.33 2020-04-17 08:34:01 -04:00
Tim Steinbach d9258d33be
linux: 4.19.115 -> 4.19.116 2020-04-17 08:34:01 -04:00
Niklas Hambüchen f16ae2da3e linux: Enable CONFIG_NET_DROP_MONITOR by default. 
Needed for subscribing to dropped packets (e.g. via `dropwatch`).
 2020-04-14 20:07:51 +02:00
Jan Tojnar b4a6714571
Merge branch 'staging-next' into staging 2020-04-13 18:54:59 +02:00
Jan Tojnar a04625379a
Merge branch 'master' into staging-next 2020-04-13 18:50:35 +02:00
Tim Steinbach f6e64feb14
linux: 5.6.3 -> 5.6.4 2020-04-13 08:36:35 -04:00
Tim Steinbach bba4a30f8c
linux: 5.5.16 -> 5.5.17 2020-04-13 08:36:27 -04:00
Tim Steinbach 2b6e16abe0
linux: 5.4.31 -> 5.4.32 2020-04-13 08:36:19 -04:00
Tim Steinbach f47969645b
linux: 4.9.218 -> 4.9.219 2020-04-13 08:36:11 -04:00
Tim Steinbach e06d2a4682
linux: 4.19.114 -> 4.19.115 2020-04-13 08:36:04 -04:00
Tim Steinbach f717bfeedb
linux: 4.14.175 -> 4.14.176 2020-04-13 08:35:56 -04:00
Tim Steinbach 3a8f6159cb
linux: 4.4.218 -> 4.4.219 2020-04-13 08:35:32 -04:00
Michael Reilly 84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
Jan Tojnar 55a5c128d4
Merge branch 'staging-next' into staging 2020-04-10 12:13:27 +02:00
Jan Tojnar 1ab03c3a76
Merge branch 'master' into staging-next 2020-04-10 12:12:56 +02:00
Tim Steinbach 7bd91fe7af
linux: 5.6.2 -> 5.6.3 2020-04-08 08:51:08 -04:00
Tim Steinbach 1c637d2326
linux: 5.5.15 -> 5.5.16 2020-04-08 08:51:07 -04:00
Tim Steinbach 5653337922
linux: 5.4.30 -> 5.4.31 2020-04-08 08:51:07 -04:00
Eelco Dolstra 50913242ab
Merge pull request #81500 from primeos/tcp-cong-switch-to-cubic 
linux config: Set TCP_CONG_CUBIC=yes to restore the default
 2020-04-06 17:11:31 +02:00
Jörg Thalheim a737f030cf
Merge pull request #71481 from eadwu/bcachefs/update-10 
bcachefs: update 10
 2020-04-06 15:43:36 +01:00
Edmund Wu 04a5e5ab7c
linux_testing_bcachefs: 5.3.2020.03.25 -> 5.3.2020.04.04 2020-04-06 10:29:33 -04:00
Frederik Rietdijk edaa972160 Merge staging-next into staging 2020-04-03 21:55:10 +02:00
Florian Klink 35916a8c4b Merge pull request #83658 from Emantor/topic/kernel-snd-ca0132 
linux config: enable Creative Soundblaster DSP loading
 2020-04-02 22:41:57 +02:00
Tim Steinbach c36ec10158
linux: 4.9.217 -> 4.9.218 2020-04-02 14:03:09 -04:00
Tim Steinbach e2df587f25
linux: 4.4.217 -> 4.4.218 2020-04-02 14:03:02 -04:00
Tim Steinbach 782db49b5a
linux: 4.14.174 -> 4.14.175 2020-04-02 14:02:48 -04:00
Tim Steinbach 4fbd9e3ab8
linux: 5.6.1 -> 5.6.2 2020-04-02 10:03:15 -04:00
Tim Steinbach f2025f2d6d
linux: 5.5.14 -> 5.5.15 2020-04-02 10:03:07 -04:00
Tim Steinbach bf0b6ab809
linux: 5.4.29 -> 5.4.30 2020-04-02 10:02:52 -04:00
Tim Steinbach d47ba3e4b5
linux: 4.19.113 -> 4.19.114 2020-04-02 10:02:40 -04:00
Tim Steinbach ef3f3f2728
linux_latest-libre: 17387 -> 17402 2020-04-01 10:46:07 -04:00
Tim Steinbach 902ebcdd44
linux: 5.5.13 -> 5.5.14 2020-04-01 10:46:06 -04:00
Tim Steinbach 7bae57f249
linux: 5.4.28 -> 5.4.29 2020-04-01 10:46:06 -04:00
Tim Steinbach 7f56fdd997
linux: Init 5.6.1 
Change linux_latest to 5.6
 2020-04-01 10:46:02 -04:00
Tim Steinbach c76bad0ec0
linux: 5.6-rc5 -> 5.6-rc7 2020-03-29 16:50:02 -04:00
Rouven Czerwinski 62cdbd678c linux config: enable SND CA0132 DSP loading 
Since we select everything as a module, snd_hda_codec_ca0132 is built as
well. DSP loading is not enabled by default, but without it the
soundcard produces timeouts within ALSA and does not emit sound.
Explicitly enable the firmware loading to ensure Soundblaster
Z/Zx/ZxR/Recon devices can be used with NixOS.
The patch to enable this by default in the kernel is staged for 5.8.
 2020-03-29 21:11:17 +02:00
Jörg Thalheim ac45e96d2f
Merge pull request #83220 from dasj19/linux-libre-fix 
linux-libre: added --force flag for deblobbing.
 2020-03-29 15:03:22 +01:00
Edmund Wu 00e7a675f7
linux_testing_bcachefs: 5.2.2019.10.12 -> 5.3.2020.03.25 2020-03-26 12:12:43 -04:00
Tim Steinbach ec87ed26e6
linux: 5.5.11 -> 5.5.13 2020-03-25 13:03:19 -04:00
Tim Steinbach bec620d85b
linux: 5.4.27 -> 5.4.28 2020-03-25 13:03:10 -04:00
Tim Steinbach 9105efdcde
linux: 4.19.112 -> 4.19.113 2020-03-25 13:02:56 -04:00
Daniel Șerbănescu 8431497dd2 linux-libre: added --force flag for deblobbing. 2020-03-23 16:07:13 +01:00
Tim Steinbach f0d17c2a17
linux_latest-libre: 17322 -> 17387 2020-03-22 12:05:45 -04:00
Tim Steinbach 8055a37aca
linux: 5.5.9 -> 5.5.11 2020-03-22 12:05:34 -04:00
Tim Steinbach 05716b70b0
linux: 5.4.25 -> 5.4.27 2020-03-22 12:05:08 -04:00
Tim Steinbach 07ffdf9de3
linux: 4.9.216 -> 4.9.217 2020-03-22 12:04:42 -04:00
Tim Steinbach 04d15d1839
linux: 4.4.216 -> 4.4.217 2020-03-22 12:04:20 -04:00
Tim Steinbach 8e278a8e2d
linux: 4.19.109 -> 4.19.112 2020-03-22 12:03:57 -04:00
Tim Steinbach 1315193c36
linux: 4.14.173 -> 4.14.174 2020-03-22 12:02:43 -04:00
Graham Christensen 244178e166
Merge pull request #82006 from emilazy/enable-linux-hardened-ia32-emulation 
linuxPackages_{,_latest,_testing}_hardened: enable 32-bit emulation
 2020-03-14 09:20:58 -04:00
Tim Steinbach f9fcf29ef2
linux: 5.4.24 -> 5.4.25 2020-03-14 04:58:48 -04:00
Silvan Mosberger eff447b321
Merge pull request #70157 from teto/lib_kernel 
Add lib.kernel
 2020-03-12 23:53:42 +01:00
Tim Steinbach cd167a02b8
linux: 5.6-rc3 -> 5.6-rc5 2020-03-12 05:57:21 -04:00
Tim Steinbach 85c46f5a5a
linux: 5.5.8 -> 5.5.9 2020-03-12 05:57:20 -04:00
Tim Steinbach 930fc70bfc
linux: 4.9.215 -> 4.9.216 2020-03-12 05:57:20 -04:00
Tim Steinbach 3d12317a7e
linux: 4.4.215 -> 4.4.216 2020-03-12 05:57:20 -04:00
Tim Steinbach 24898ff826
linux: 4.19.108 -> 4.19.109 2020-03-12 05:57:20 -04:00
Tim Steinbach ff6e097af1
linux: 4.14.172 -> 4.14.173 2020-03-12 05:57:19 -04:00
Emily b628400f5e linuxPackages_{,_latest,_testing}_hardened: enable 32-bit emulation 
Per discussion in #81943.

Resolves #79798.
 2020-03-07 18:50:40 +00:00