mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-03 19:15:39 +00:00
Code Issues Wiki Activity
100644 commits 218 branches 125 tags 5.8 GiB
Commit graph

1843 commits

Author SHA1 Message Date
Eelco Dolstra bbd03e236a
Use looser 9pfs caching in VM tests/builds 
This can give significant speed ups, see
7e20254412.
 2016-12-29 21:26:16 +01:00
Franz Pletz c6bcc485de
linux_4_8: add patch to fix CVE-2016-9919 2016-12-28 06:35:11 +01:00
Tuomas Tynkkynen 5ba7f33e3a linux_testing: 4.9-rc8 -> 4.10-rc1 2016-12-27 01:35:10 +02:00
Graham Christensen 3ffb5ba60c
linux:3.18.44 -> 3.18.45 2016-12-21 21:08:47 -05:00
Graham Christensen 53e21529d4
linux:3.12.68 -> 3.12.69 2016-12-21 21:08:47 -05:00
Tim Steinbach 0e8e4a08f3
linux: 4.8.14 -> 4.8.15 2016-12-16 08:16:45 -05:00
Tim Steinbach cb9ff3f7f9
linux: 4.4.38 -> 4.4.39 2016-12-16 08:16:22 -05:00
Joachim Fasting f0e77cd07d
grsecurity: 4.8.14-201612110933 -> 4.8.15-201612151923 2016-12-16 12:46:44 +01:00
Graham Christensen 01d022e16b Merge pull request #21118 from grahamc/fix-rsa-build-failure 
linux_{4_8,grsec_nixos}: patch to fix build failure
 2016-12-13 09:15:50 -05:00
Joachim Fasting d918c80e13
grsecurity: disable verbose initify 
Not as useful/informative as I had hoped.
 2016-12-13 15:12:34 +01:00
Graham Christensen 7a813d3f6d
linux_{4_8,grsec_nixos}: patch to fix build failure 
crypto/rsa_helper.c:18:28: fatal error: rsapubkey-asn1.h: No such file or directory
 2016-12-13 07:25:46 -05:00
Shea Levy f6daae391f linux: add 4.9 2016-12-11 19:33:05 -05:00
Joachim Fasting 601058e0e2
grsecurity: 4.8.13-201612082118 -> 4.8.14-201612110933 2016-12-11 19:09:16 +01:00
Tim Steinbach f576c490e3
linux: 4.4.37 -> 4.4.38 2016-12-10 15:18:52 -05:00
Tim Steinbach b69822c505
linux: 4.8.13 -> 4.8.14 2016-12-10 15:15:44 -05:00
Tuomas Tynkkynen bdab6fe5a1 kernel: Use built-in dtbs_install target instead of rolling our own 
In particular, on aarch64 all the .dtb files will be in subdirectories
and *.dtb won't match anything.
 2016-12-10 20:24:08 +02:00
Franz Pletz 9074d9859e
linux: add patch to fix CVE-2016-8655 
See https://lwn.net/Articles/708319/ for more information.
 2016-12-10 17:08:42 +01:00
Bjørn Forsman 2077385421 kernel: enable CONFIG_DYNAMIC_DEBUG (like Fedora and Ubuntu) 
It was useful in tracking down CIFS + DFS issue, and it's apparently
enabled by default in two major distros.
 2016-12-10 00:01:21 +02:00
Bjørn Forsman d429520b13 kernel: add CONFIG_CIFS_* like Fedora, Ubuntu 
The plan is to fix mounting DFS shares on NixOS (for which some of these
options are needed), but I figured it might be a good idea to enable all
CONFIG_CIFS_* like Fedora 24 and Ubuntu 16.04 while at it. Ubuntu even
has CONFIG_CIFS_SMB311, but as Fedora do not, I left it out.

Mounting DFS shares still doesn't work; need to configure cifs.upcall
and /etc/request-key.conf. Until then, using GVFS as a workaround.
 2016-12-10 00:01:21 +02:00
Joachim Fasting d1a5dc0b1c
grsecurity: 4.8.12-201612062306 -> 4.8.13-201612082118 2016-12-09 15:31:02 +01:00
Joachim Fasting 9a63779d64
grsecurity: use upstream url as the primary source 2016-12-09 15:31:00 +01:00
Joachim Fasting ca7cc96ee8
grsecurity: enable PAX_INITIFY 
Uses gcc plugin to detect more instances where memory used during init
can be freed.
 2016-12-09 15:30:40 +01:00
Tim Steinbach bfffbb5ea6
linux: 4.8.12 -> 4.8.13 2016-12-09 08:27:11 -05:00
Tim Steinbach e861a5f7af
linux: 4.4.36 -> 4.4.37 2016-12-09 08:26:46 -05:00
Joachim Fasting 5fd4ffe00f
grsecurity: 4.8.12-201612031658 -> 201612062306 2016-12-08 12:22:13 +01:00
Tim Steinbach c9d1d430ec
linux: 4.9-rc7 -> 4.9-rc8 2016-12-05 19:40:11 -05:00
Joachim Fasting 9578299bbe
grsecurity: 4.8.11-201611271225 -> 4.8.12-201612031658 2016-12-06 01:24:32 +01:00
Joachim Fasting cc396697a6
grsecurity: enable ability to lock in readonly mounts 2016-12-06 01:24:12 +01:00
Joachim Fasting 0e765c72e5
grsecurity: enable module hardening 2016-12-06 01:23:58 +01:00
Joachim Fasting 071fbcda24
grsecurity: enable optional sysfs restrictions 
Fairly severe, but can be disabled at bootup via
grsec_sysfs_restrict=0. For the NixOS module we ensure that it is
disabled, for systemd compatibility.
 2016-12-06 01:23:36 +01:00
Joachim Fasting 8c1f5afdf3
grsecurity: delay toggling of sysctls until system is up 
We generally trust init, so there's little point in having these enabled
during early bootup; it accomplishes little except fill our logs with
spam.
 2016-12-06 01:22:53 +01:00
Tuomas Tynkkynen 9ccc14b1bc linux_rpi: Add some feature flags 
Copied from linux_4_4 (except for the EFI stub thing).

Otherwise the firewall module fails to evaluate:
Failed assertions:
- This kernel does not support rpfilter
 2016-12-04 18:18:06 +02:00
Tim Steinbach 4f8b74b401 Merge pull request #20866 from NeQuissimus/linux_4_8_12 
linux: 4.8.11 -> 4.8.12
 2016-12-02 18:28:46 -05:00
Tim Steinbach 853b6493c8
linux: 4.8.11 -> 4.8.12 2016-12-02 14:29:00 -05:00
Tim Steinbach 654f5df5dc
linux: 4.4.35 -> 4.4.36 2016-12-02 14:28:26 -05:00
Tim Steinbach 5afc6b506c
linux: 4.1.35 -> 4.1.36 2016-12-01 20:34:02 -05:00
Tim Steinbach 18a3225dac
linux: 3.12.67 -> 3.12.68 2016-11-29 17:40:17 -05:00
Joachim Fasting b90ed0cc80
grsecurity: 4.8.10-201611232213 -> 4.8.11-201611271225 2016-11-28 11:41:10 +01:00
Joachim Fasting 4c7323545b
Revert "grsecurity: work around for #20490" 
This reverts commit e38b74ba89.

I failed to notice f19c961b4e461da045f2e72e73701059e5117be0; better
use that fix instead.
 2016-11-28 11:40:55 +01:00
Tim Steinbach eecf76eaa2
linux: 4.9-rc6 -> 4.9-rc7 2016-11-27 19:48:24 -05:00
Tuomas Tynkkynen 86ea3126bc linux_rpi: 1.20160620 -> 1.20161020 2016-11-28 00:24:00 +02:00
Tim Steinbach b47307bd74
linux: 4.8.10 -> 4.8.11 2016-11-26 16:29:23 -05:00
Tim Steinbach cc77360bed
linux: 4.4.34 -> 4.4.35 2016-11-26 16:28:58 -05:00
Jörg Thalheim 01172c2ccf Merge pull request #20591 from NeQuissimus/linux_4_9_rc6 
linux: 4.9-rc5 -> 4.9-rc6
 2016-11-26 16:00:16 +01:00
Joachim Fasting f9d787c67b
grsecurity: 4.8.10-201611210813 -> 201611232213 2016-11-24 12:08:12 +01:00
Franz Pletz 7974d7493a
linux: compress kernel image with xz 2016-11-23 02:24:13 +01:00
Tim Steinbach e4a1b76457
linux: 4.8.9 -> 4.8.10 2016-11-21 18:07:17 -05:00
Tim Steinbach d62069aca4
linux: 4.4.33 -> 4.4.34 2016-11-21 18:06:57 -05:00
Joachim Fasting 96194467e6
grsecurity: 4.8.8-201611150756 -> 4.8.10-201611210813 2016-11-21 23:15:14 +01:00
Tim Steinbach f6bbc6c477
linux: 4.9-rc5 -> 4.9-rc6 2016-11-20 17:23:32 -05:00
Pascal Wittmann f7e0bc2ae7
Make all meta.maintainers attributes lists 2016-11-20 18:06:03 +01:00
Tim Steinbach 13491f9f48 Merge pull request #20552 from NeQuissimus/linux_4_8_9 
linux: 4.8.8 -> 4.8.9
 2016-11-19 09:03:00 -05:00
Tim Steinbach d3b8a77834
linux: 4.4.32 -> 4.4.33 2016-11-19 08:56:31 -05:00
Tim Steinbach 250224bf01
linux: 4.8.8 -> 4.8.9 2016-11-19 08:55:57 -05:00
Joachim Fasting e38b74ba89
grsecurity: work around for #20490 
In `scripts/Makefile.modinst`, the code that generates the list of
modules to install passes file names via the command line.  When
installing a grsecurity kernel, this list appears to exceed the
shell's argument list limit, as in

    make[2]: execvp: /nix/store/[...]-bash-4.3-p46/bin/bash: Argument list too long

The build does not fail, however, but the list of modules to be installed ends
up being empty.  Thus, the resulting kernel package output contains no modules,
rendering it useless.

We work around this by patching the makefile to use `find -exec` to
process files.  Why this would occur for grsecurity and not other
kernels is unknown, most likely there's something *else* that is
actually causing this behaviour, so this is a temporary fix until that
cause is found.

Fixes https://github.com/NixOS/nixpkgs/issues/20490
 2016-11-18 16:14:26 +01:00
Tim Steinbach a4cd6f1378 Merge pull request #20441 from NeQuissimus/linux_4_4_32 
linux: 4.4.31 -> 4.4.32
 2016-11-15 17:49:00 -05:00
Tim Steinbach 819884119c Merge pull request #20439 from NeQuissimus/linux_4_8_8 
linux: 4.8.7 -> 4.8.8
 2016-11-15 17:48:07 -05:00
Joachim Fasting 0d4e1b5edd
grsecurity: 4.8.7-201611142350 -> 4.8.8-201611150756 2016-11-15 22:57:25 +01:00
Tim Steinbach 24c342fde7
linux: 4.4.31 -> 4.4.32 2016-11-15 12:31:27 -05:00
Tim Steinbach 9e851d3b11
linux: 4.8.7 -> 4.8.8 2016-11-15 12:30:55 -05:00
Joachim Fasting afab1a948e
grsecurity: 4.8.7-201611102210 -> 201611142350 2016-11-15 13:11:47 +01:00
Tim Steinbach a87c8ad05f
linux: 4.9-rc4 -> 4.9-rc5 2016-11-14 09:40:27 -05:00
Joachim Fasting cad9212813
grsecurity: 4.7.10-201611011946 -> 4.8.7-201611102210 2016-11-14 00:16:19 +01:00
Joachim Fasting 081a871771
Revert "Merge pull request #20302 from spacekitteh/patch-10" 
This reverts commit e02173c70c, reversing
changes made to c2b4a0d266.

Breaks all grsec packages; Not having binary substitutes for no good
reason is disruptive to my workflow, so I'll just revert this for now.
 2016-11-12 14:02:20 +01:00
Tim Steinbach e02173c70c Merge pull request #20302 from spacekitteh/patch-10 
grsecurity_testing: 4.7.10 -> 4.8.7
 2016-11-11 22:03:39 -05:00
Sophie Taylor fa180d0d63 grsec: 4.8.6 -> 4.8.7 2016-11-12 12:54:47 +10:00
Tim Steinbach c2b4a0d266 Merge pull request #20327 from NeQuissimus/linux_4_9_rc4 
linux: 4.9-rc3 -> 4.9-rc4
 2016-11-11 18:11:02 -05:00
Tim Steinbach 52cc30cd87 Merge pull request #20326 from NeQuissimus/linux_3_12_67 
linux: 3.12.66 -> 3.12.67
 2016-11-11 18:10:16 -05:00
Tim Steinbach 933dfca167 Merge pull request #20322 from NeQuissimus/linux_4_8_7 
linux: 4.8.6 -> 4.8.7
 2016-11-10 21:12:06 -05:00
Tim Steinbach ad19b9bde5
linux: 4.9-rc3 -> 4.9-rc4 2016-11-10 21:08:28 -05:00
Tim Steinbach 0a1f39eb91
linux: 4.8.6 -> 4.8.7 2016-11-10 21:07:56 -05:00
Tim Steinbach 579f5fd9dd
linux: 4.4.30 -> 4.4.31 2016-11-10 21:07:24 -05:00
Tim Steinbach cc62ecc2d9
linux: 3.12.66 -> 3.12.67 2016-11-10 21:06:54 -05:00
Tuomas Tynkkynen 74ecbbe4e3 kernel config: Ensure SECCOMP_FILTER is enabled 
As noted in a97db109a2, SECCOMP_FILTER must be enabled or systemd gets
very unhappy.
 2016-11-11 02:10:20 +02:00
Peter Hoeg cb93b34999 SMB2 support for CIFS 
[tuomas: removed unneeded kernel version check]
Signed-off-by: Tuomas Tynkkynen <tuomas@tuxera.com>
 2016-11-11 02:10:20 +02:00
Sophie Taylor 6476f11f40 grsecurity patch update to kernel 4.8.6 2016-11-10 12:44:22 +10:00
Guillaume Maudoux eb9d126d2c linux_mptcp: 0.91 -> 0.91.2 2016-11-07 14:15:33 +01:00
Joachim Fasting d9b5cd41c5
grsecurity: 4.7.10-201610262029 -> 201611011946 2016-11-03 13:55:23 +01:00
Tim Steinbach 874abe694a
linux: 4.8.5 -> 4.8.6 2016-11-01 08:58:53 -04:00
Eelco Dolstra ef1a188e07 linux: 4.4.28 -> 4.4.30 2016-11-01 11:31:00 +01:00
Vladimír Čunát 3be635b9b5
Merge linux kernel maintenance updates 
PRs: #19995 #19996 #19997
 2016-10-30 17:29:43 +01:00
Tim Steinbach f154459cf4
linux: 4.9-rc2 -> 4.9-rc3 2016-10-30 10:30:07 -04:00
Tim Steinbach 1af5b2a80c
linux: 4.4.27 -> 4.4.28 2016-10-30 10:29:37 -04:00
Tim Steinbach 8073430d95
linux: 4.8.4 -> 4.8.5 2016-10-30 10:28:55 -04:00
Joachim Fasting dfdaea1240
grsecurity: 4.7.10-201610222037 -> 201610262029 2016-10-27 15:03:27 +02:00
Graham Christensen 2f3b62375f Merge pull request #19891 from NeQuissimus/kernel_4_9_rc2 
kernel: 4.9-rc1 -> 4.9-rc2
 2016-10-27 08:36:23 -04:00
Graham Christensen ad2deee7d1 Merge pull request #19894 from NeQuissimus/kernel_3_18_44 
kernel: 3.18.42 -> 3.18.44
 2016-10-27 08:36:17 -04:00
Graham Christensen c654ec0f25 Merge pull request #19893 from NeQuissimus/kernel_3_12_66 
kernel: 3.12.63 -> 3.12.66
 2016-10-27 08:36:10 -04:00
Graham Christensen 00e2bc22db Merge pull request #19890 from NeQuissimus/kernel_3_10_104 
kernel: 3.10.103 -> 3.10.104
 2016-10-27 08:35:54 -04:00
Tim Steinbach b02646f93b
kernel: 3.18.42 -> 3.18.44 2016-10-26 19:23:43 -04:00
Tim Steinbach e5e84ecbbd
kernel: 3.12.63 -> 3.12.66 2016-10-26 19:17:46 -04:00
Tim Steinbach e4773819f4
kernel: 3.10.103 -> 3.10.104 2016-10-26 19:13:21 -04:00
Tim Steinbach e9a5cf3f6f
kernel: 4.9-rc1 -> 4.9-rc2 2016-10-26 09:11:00 -04:00
Tim Steinbach 89cd922a6a
kernel: 4.1.33 -> 4.1.35 2016-10-26 09:04:37 -04:00
Tim Steinbach b3f7d626c1
kernel: remove 4.7 2016-10-24 21:30:00 -04:00
Joachim Fasting 5440c1a64c
grsecurity: 4.7.9-201610200819 -> 4.7.10-201610222037 
Notably, this pulls in the dirtycow fix from upstream (but I've been
unable to execute the POC exploits on grsec kernels without that fix
...)
 2016-10-23 17:14:40 +02:00
Tim Steinbach a3989b87df Merge pull request #19772 from NeQuissimus/linux_4_8_4 
linux: 4.8.3 -> 4.8.4
 2016-10-22 12:14:59 -04:00
Tim Steinbach 72d91f95cb Merge pull request #19771 from NeQuissimus/linux_4_7_10 
linux: 4.7.9 -> 4.7.10
 2016-10-22 12:14:26 -04:00
Tim Steinbach 8d0ca31849
linux: 4.8.3 -> 4.8.4 2016-10-22 12:11:37 -04:00
Tim Steinbach adbe0e0a13
linux: 4.7.9 -> 4.7.10 2016-10-22 12:11:09 -04:00