mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-25 03:17:13 +00:00
Code Issues Wiki Activity
102295 commits 204 branches 125 tags 10 GiB
Commit graph

1867 commits

Author SHA1 Message Date
Shea Levy ac93e9f2c8 Linux 4.7 2016-07-24 18:30:08 -04:00
Lluís Batlle i Rossell dd02b6f118 perf: depend on libiberty to get c++ demangling. 2016-07-21 17:27:15 +02:00
Robin Gloster 1f04b4a566 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-21 00:56:43 +00:00
Joachim Fasting 55120ac4cb
grsecurity: 4.6.4-201607112205 -> 4.6.4-201607192040 2016-07-20 10:17:35 +02:00
Joachim Fasting c93ffb95bc
grsecurity: enable support for setting pax flags via xattrs 
While useless for binaries within the Nix store, user xattrs are a convenient
alternative for setting PaX flags to executables outside of the store.

To use disable secure memory protections for a non-store file foo, do
  $ setfattr -n user.pax.flags -v em foo
 2016-07-20 10:17:11 +02:00
Robin Gloster 5185bc1773 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-15 14:41:01 +00:00
obadz 927a984de6 kernel: make KEXEC_FILE & KEXEC_JUMP optional to fix i686 build 
cc @edolstra @dezgeg @domenkozar
 2016-07-13 12:49:18 +02:00
obadz fad9a8841b ecryptfs: fix kernel bug introduced in 4.4.14 
Introduced by mainline commit 2f36db7
Patch is from http://www.spinics.net/lists/stable/msg137350.html
Fixes #16766
 2016-07-13 11:04:07 +02:00
Franz Pletz dde259dfb5 linux: Add patch to fix CVE-2016-5829 (#16824) 
Fixed for all available 4.x series kernels.

From CVE-2016-5829:

  Multiple heap-based buffer overflows in the hiddev_ioctl_usage function
  in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow
  local users to cause a denial of service or possibly have unspecified
  other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl
  call.
 2016-07-12 20:56:50 +02:00
Joachim Fasting 416120e0c7
grsecurity: 4.6.3-201607070721 -> 4.6.4-201607112205 2016-07-12 15:15:09 +02:00
Tim Steinbach 47da65923b kernel: 4.6.3 -> 4.6.4 (#16875) 2016-07-12 09:54:57 +02:00
Louis Taylor b2b8a89945 linux-testing: 4.7-rc6 -> 4.7-rc7 (#16854) 2016-07-11 17:53:41 +02:00
Eelco Dolstra ecc26d7a40 linux: Disable the old IDE subsystem 
This has long been deprecated in favour of the new ATA support
(CONFIG_ATA).
 2016-07-11 15:05:21 +02:00
Eelco Dolstra 7b9c493d60 linux: Enable some kernel features 
This enables a few features that should be useful and safe (they're
all used by the default Ubuntu kernel config), in particular zswap,
wakelocks, kernel load address randomization, userfaultfd (useful for
QEMU), paravirtualized spinlocks and automatic process group
scheduling.

Also removes some configuration conditional on kernel versions that we
no longer support.
 2016-07-11 15:04:56 +02:00
Eelco Dolstra 1cd7dbc00b linux: Bump NR_CPUS 
The default limit (64) is too low for systems like EC2 x1.* instances
or Xeon Phis, so let's increase it.
 2016-07-11 14:32:18 +02:00
Joachim Fasting a2ebf45b47
grsecurity: 4.5.7-201606302132 -> 4.6.3-201607070721 2016-07-07 19:34:58 +02:00
Tuomas Tynkkynen 4085f4de5f Merge branch 'pr-newest-uboot' into master 2016-07-04 15:17:46 +03:00
Tuomas Tynkkynen 55aecd308e linux-rpi: 4.1.20-XXX -> 4.4.13-1.20160620-1 
- Add a patch to unset CONFIG_LOCALVERSION in the v7 build.
- Copy all the device trees to match the upstream names so U-Boot can
  find them. (This is a hack.)
 2016-07-04 15:13:29 +03:00
aszlig 566c990f33
linux-testing: 4.6-rc6 -> 4.7-rc6 
The config option DEVPTS_MULTIPLE_INSTANCES now no longer exists since
torvalds/linux@eedf265aa0.

Built successfully on my Hydra instance:

https://headcounter.org/hydra/log/r4n6sv0zld0aj65r7l494757s2r8w8sr-linux-4.7-rc6.drv

Verified unpacked tarball with GnuPG:

ABAF 11C6 5A29 70B1 30AB  E3C4 79BE 3E43 0041 1886

gpg: Signature made Mon 04 Jul 2016 08:13:05 AM CEST
gpg:                using RSA key 79BE3E4300411886
gpg: Good signature from "Linus Torvalds <torvalds@linux-foundation.org>"

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2016-07-04 10:46:48 +02:00
Joachim Fasting 640ac5186f
grsecurity: 4.5.7-201606292300 -> 4.5.7-201606302132 2016-07-02 20:37:52 +02:00
Joachim Fasting 51c04b74c1
grsecurity: 4.5.7-201606280009 -> 4.5.7-201606292300 2016-06-30 11:09:59 +02:00
Joachim Fasting cdcdc25ef3
grsecurity: 4.5.7-201606262019 -> 4.5.7-201606280009 2016-06-28 14:57:20 +02:00
Joachim Fasting d5eec25ff9
grsecurity: 4.5.7-201606222150 -> 4.5.7-201606262019 2016-06-27 21:42:17 +02:00
Franz Pletz 7e9affa7ee linux_4_3: Remove, not maintained anymore 2016-06-27 00:11:16 +02:00
Franz Pletz eed51eccef linux: 3.10.101 -> 3.10.102 2016-06-27 00:11:16 +02:00
Franz Pletz b7e0b118d9 linux: 3.12.57 -> 3.12.61 2016-06-27 00:11:04 +02:00
Franz Pletz 0387eddb51 linux: 3.14.65 -> 3.14.73 2016-06-27 00:10:38 +02:00
Franz Pletz 6165af4db2 linux: 3.18.29 -> 3.18.36 2016-06-27 00:09:56 +02:00
Franz Pletz 5806b185bd linux: 4.1.25 -> 4.1.27 2016-06-27 00:09:30 +02:00
Franz Pletz 4a942499b4 linux: 4.4.13 -> 4.4.14 2016-06-27 00:08:11 +02:00
Joachim Fasting 4fb72b2fd3
grsecurity: 4.5.7-201606202152 -> 4.5.7-201606222150 2016-06-26 17:27:17 +02:00
Tim Steinbach 125ffff089 kernel: 4.6.2 -> 4.6.3 2016-06-24 22:18:16 +00:00
Joachim Fasting 9d052a2c39
grsecurity: 4.5.7-201606142010 -> 4.5.7-201606202152 2016-06-23 00:55:54 +02:00
Eelco Dolstra 453086a15f linux: 4.4.12 -> 4.4.13 2016-06-20 13:11:55 +02:00
zimbatm 7c32638439 Merge pull request #16259 from layus/update-mptcp 
linux_mptcp: update 0.90 -> 0.90.1
 2016-06-20 09:29:07 +01:00
Joachim Fasting 875fd5af73
grsecurity: 4.5.7-201606110914 -> 4.5.7-201606142010 2016-06-16 14:29:12 +02:00
Guillaume Maudoux d73b7d101f linux_mptcp: 0.90 -> 0.90.1 2016-06-15 22:56:11 +02:00
Joachim Fasting 130b06eb0b
grsecurity: 4.5.7-201606080852 -> 4.5.7-201606110914 2016-06-14 14:18:01 +02:00
Joachim Fasting 886c03ad2e Merge pull request #16107 from joachifm/grsec-ng 
Rework grsecurity support
 2016-06-14 03:52:50 +02:00
Joachim Fasting 75b9a7beac
grsecurity: implement a single NixOS kernel 
This patch replaces the old grsecurity kernels with a single NixOS
specific grsecurity kernel.  This kernel is intended as a general
purpose kernel, tuned for casual desktop use.

Providing only a single kernel may seem like a regression compared to
offering a multitude of flavors.  It is impossible, however, to
effectively test and support that many options.  This is amplified by
the reality that very few seem to actually use grsecurity on NixOS,
meaning that bugs go unnoticed for long periods of time, simply because
those code paths end up never being exercised.  More generally, it is
hopeless to anticipate imagined needs.  It is better to start from a
solid foundation and possibly add more flavours on demand.

While the generic kernel is intended to cover a wide range of use cases,
it cannot cover everything.  For some, the configuration will be either
too restrictive or too lenient.  In those cases, the recommended
solution is to build a custom kernel --- this is *strongly* recommended
for security sensitive deployments.

Building a custom grsec kernel should be as simple as
```nix
linux_grsec_nixos.override {
  extraConfig = ''
    GRKERNSEC y
    PAX y
    # and so on ...
  '';
}
```

The generic kernel should be usable both as a KVM guest and host.  When
running as a host, the kernel assumes hardware virtualisation support.
Virtualisation systems other than KVM are *unsupported*: users of
non-KVM systems are better served by compiling a custom kernel.

Unlike previous Grsecurity kernels, this configuration disables `/proc`
restrictions in favor of `security.hideProcessInformation`.

Known incompatibilities:
- ZFS: can't load spl and zfs kernel modules; claims incompatibility
  with KERNEXEC method `or` and RAP; changing to `bts` does not fix the
  problem, which implies we'd have to disable RAP as well for ZFS to
  work
- `kexec()`: likely incompatible with KERNEXEC (unverified)
- Xen: likely incompatible with KERNEXEC and UDEREF (unverified)
- Virtualbox: likely incompatible with UDEREF (unverified)
 2016-06-14 00:08:20 +02:00
Joachim Fasting 4ae5eb97f1
kernel: set virtualization options regardless of grsec 
Per my own testing, the NixOS grsecurity kernel works both as a
KVM-based virtualisation host and guest; there appears to be no good
reason to making these conditional on `features.grsecurity`.

More generally, it's unclear what `features.grsecurity` *means*. If
someone configures a grsecurity kernel in such a fashion that it breaks
KVM support, they should know to disable KVM themselves.
 2016-06-10 19:27:59 +02:00
Joachim Fasting d8e4432fe2
kernel: unconditionally disable /dev/kmem 
This was presumably set for grsecurity compatibility, but now appears
redundant.  Grsecurity does not expect nor require /dev/kmem to be
present and so it makes little sense to continue making its inclusion in
the standard kernel dependent on grsecurity.

More generally, given the large number of possible grsecurity
configurations, it is unclear what `features.grsecurity` even
*means* and its use should be discouraged.
 2016-06-10 19:27:41 +02:00
Shea Levy 4fbafb2395 linux 4.6.1 -> 4.6.2 2016-06-10 09:30:11 -04:00
Robin Gloster 8031cba2ab Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-06-10 09:27:04 +00:00
Joachim Fasting edc36a0091
grsecurity: 4.5.6-201606051644 -> 4.5.7-201606080852 2016-06-09 15:40:06 +02:00
Vladimír Čunát 20c2ce4954 Merge #16045: kernel: 4.6.0 -> 4.6.1 2016-06-09 14:37:32 +02:00
Vladimír Čunát c0895be3ee Merge #16044: kernel: 4.1.20 -> 4.1.25 2016-06-09 14:36:31 +02:00
Vladimír Čunát f9310c2eee Merge #16043: kernel: 4.4.11 -> 4.4.12 2016-06-09 14:34:50 +02:00
Tim Steinbach 269b7d30a7 kernel: 4.6.0 -> 4.6.1 2016-06-07 09:59:19 -04:00
Tim Steinbach 8f4755a0ae kernel: 4.5.5 -> 4.5.6 2016-06-07 09:58:24 -04:00
Tim Steinbach a57cbf6546 kernel: 4.4.11 -> 4.4.12 2016-06-07 09:57:47 -04:00
Tim Steinbach f3ebf13762 kernel: 4.1.20 -> 4.1.25 2016-06-07 09:57:07 -04:00
Joachim Fasting 72899d92d0
grsecurity: 4.5.5-201605291201 -> 4.5.6-201606051644 2016-06-07 15:04:24 +02:00
Tuomas Tynkkynen bac26e08db Fix lots of fetchgit hashes (fallout from #15469) 2016-06-03 17:17:08 +03:00
Alexander Kjeldaas 4c99d22f19 kernel: set nx bit on module ro segments 
Fixes #4757.
 2016-06-03 15:41:47 +02:00
Robin Gloster 2d382f3d98 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-05-30 19:39:34 +00:00
Joachim Fasting bfefc54bc5
grsecurity: 4.5.5-201605211442 -> 4.5.5-201605291201 2016-05-29 20:34:24 +02:00
Eelco Dolstra 3ee6b22dc3 linux: 4.4.10 -> 4.4.11 2016-05-22 23:05:10 +02:00
Joachim Fasting 5a357d9731
grsecurity: 4.5.5-201605202102 -> 4.5.5-201605211442 2016-05-21 22:28:36 +02:00
Joachim Fasting 79481bd68f
linux: 4.5.4 -> 4.5.5 2016-05-21 07:37:41 +02:00
Joachim Fasting cdf2ffda9d
grsecurity: 4.5.4-201605131918 -> 4.5.5-201605202102 2016-05-21 07:37:41 +02:00
Franz Pletz f8d481754c
Merge remote-tracking branch 'origin/master' into hardened-stdenv 2016-05-18 17:10:02 +02:00
Shea Levy 1ea263ef03 linux-4.6: Fix copy-paste error. 
Thanks to @NeQuissimus for the spot
 2016-05-16 13:53:23 -04:00
Shea Levy 0373eb86f1 Linux 4.6 2016-05-16 11:56:39 -04:00
Joachim Fasting f99c86eec1
grsecurity: remove expressions for unsupported versions 
Retain top-level attributes for now but consolidate compatibility
attributes.

Part of ongoing cleanup, doing it all at once is infeasible.
 2016-05-16 09:10:27 +02:00
Joachim Fasting 6194e9d801
kernelPatches.grsecurity: 4.5.4-201605122039 -> 4.5.4-201605131918 
Also revert to using the grsecurity-scrape mirror; relying on upstream
just isn't viable. Lately, updates have been so frequent that a new
version is released before Hydra even gets around to building the
previous one.
 2016-05-14 05:15:35 +02:00
Joachim Fasting 7fdce2feb0
kernelPatches.grsecurity_4_5: 4.5.4-201605112030 -> 4.5.4-201605122039 2016-05-13 23:11:07 +02:00
Joachim Fasting 10aaca8c1f
grsecurity_4_5: 4.5.3-201605080858 -> 4.5.4-201605112030 2016-05-13 20:11:31 +02:00
Franz Pletz 006f6d9437 linux: 4.5.3 -> 4.5.4 2016-05-13 17:27:51 +02:00
Eelco Dolstra 7a8ea6138e linux: 4.4.9 -> 4.4.10 2016-05-11 20:34:02 +02:00
Joachim Fasting 52477b0a0b
kernelPatches.grsecurity_4_5: 201605060852 -> 201605080858 2016-05-09 16:38:44 +02:00
Tim Steinbach f53850bf21 kernel: 4.4.8 -> 4.4.9 (#15276) 2016-05-06 20:25:29 +02:00
Lluís Batlle i Rossell 53a4582552 Adding vmlinux to linux kernel 'dev' derivation. 
It takes some extra 13MB (and in dev, not out), but allows perf to show kernel
symbols when profiling. I think it is worth it.

In my NixOS, I refer to it in the system derivation, for easy telling to perf
through /run/booted-system/vmlinux:

  system.extraSystemBuilderCmds = ''
    ln -s ${config.boot.kernelPackages.kernel.dev}/vmlinux $out/vmlinux
  '';
 2016-05-06 18:11:03 +02:00
Tim Steinbach 02d94d335a
kernel: 4.5.2 -> 4.5.3 2016-05-06 11:12:04 -04:00
Joachim Fasting 27061905bd
linuxPackages_grsec_4_5: 3.1-4.5.2-201604290633 -> 3.1-4.5.3-201605060852 2016-05-06 16:37:25 +02:00
Eelco Dolstra 1f84e43239 Do some large, concurrency-capable builds on dedicated machines 2016-05-04 18:16:27 +02:00
Joachim Fasting 0bd31bce10
grsecurity: drop support for 4.4 kernels 
From now on, only the testing branch of grsecurity will be supported.
Additionally, use only patches from upstream.

It's impossible to provide meaningful support for grsecurity stable.
First, because building and testing \(m \times n \times z) [1], packages
is infeasible.  Second, because stable patches are only available from
upstream for-pay, making us reliant on third-parties for patches. In
addition to creating yet more work for the maintainers, using stable
patches provided by a third-party goes against the wishes of upstream.

nixpkgs provides the tools necessary to build grsecurity kernels for any
version the user chooses, however, provided they pay for, or otherwise
acquire, the patch themselves.

Eventually, we'll want to remove the now obsolete top-level attributes,
but leave them in for now to smoothe migration (they have been removed
from top-level/release.nix, though, because it makes no sense to have
them there).

[1]: where \(m\) is the number of grsecurity flavors, \(n\) is the
number of kernel versions, and z is the size of the `linuxPackages` set
 2016-05-04 01:07:53 +02:00
Robin Gloster c92bca56f8 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-05-02 22:58:02 +00:00
Joachim Fasting 7893cb1aea
linuxPackages_grsec_4_1: delete 
Upstream supports 3.14, 4.4, and 4.5
 2016-05-02 11:28:05 +02:00
Joachim Fasting fecb56fc3f
linuxPackages_grsec_4_5: init at 3.1-4.5.2-201604290633 2016-05-02 11:28:05 +02:00
Louis Taylor 80f923f26f linux-testing: 4.6-rc5 -> 4.6-rc6 2016-05-02 02:29:42 +01:00
Tim Steinbach c494947676 linux_testing: 4.6-rc4 -> 4.6-rc5 2016-04-28 23:59:52 +00:00
Tuomas Tynkkynen 7276417870 kernel config: Enable BINFMT_MISC 
This is enabled in x86 builds but lacking on ARM.
 2016-04-28 20:46:34 +03:00
Eelco Dolstra 454eefa63b linux: 4.4.7 -> 4.4.8 2016-04-26 16:39:59 +02:00
Louis Taylor 90cdfb5414 kernel: 4.5.1 -> 4.5.2 2016-04-20 11:55:13 +01:00
Robin Gloster b59a6aa93a kernel: turn off bindnow hardening 2016-04-19 02:21:57 +00:00
Robin Gloster d020caa5b2 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-04-18 13:49:22 +00:00
Louis Taylor ec198e3868 linux-testing: 4.6-rc3 -> 4.6-rc4 (#14803) 2016-04-18 14:11:25 +01:00
Tim Steinbach ccc3080857 kernel: 4.4.6 -> 4.4.7 (#14690) 2016-04-14 16:30:20 +02:00
Tim Steinbach af4d84544f kernel: 4.5 -> 4.5.1 (#14691) 2016-04-14 15:57:18 +02:00
Vladimír Čunát 39ebb01d6e Merge branch 'staging', containing closure-size #7701 2016-04-13 09:25:28 +02:00
obadz 4788ec1372 linux kernel 4.4: fix race during build 
Patch drivers/crypto/qat/qat_common/Makefile so that qat_asym_algs.o
explicitly depends on headers qat_rsaprivkey-asn1.h and qat_rsapubkey-asn1.h

Hopefully fixes #14595
 2016-04-12 22:45:57 +01:00
Tim Steinbach 5e5ef22d73 linux_testing: 4.6-rc2 -> 4.6-rc3 (#14592) 2016-04-11 13:44:34 +01:00
Charles Strahan ad7b1e24c2 fan-networking: updated patches from Ubuntu 
This pulls in updated Fan Networking patches from Ubuntu.
(https://wiki.ubuntu.com/FanNetworking)

closes #14328
 2016-04-10 16:07:03 -04:00
Vladimír Čunát 30f14243c3 Merge branch 'master' into closure-size 
Comparison to master evaluations on Hydra:
  - 1255515 for nixos
  - 1255502 for nixpkgs
 2016-04-10 11:17:52 +02:00
Robin Gloster 3e68106afd Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-04-07 21:52:26 +00:00
Eelco Dolstra 4907fc9e8d Merge pull request #14509 from ragnard/bpf-tracing-kernel-config 
linux: kernel config for extended BPF support
 2016-04-07 11:01:34 +02:00
Ragnar Dahlén 961d1e847c linux: kernel config for extended BPF support 
- Enable BPF_SYSCALL and BPF_EVENTS
- Build modules for NET_CLS_BPF and NET_ACT_BPF

With these config options we can leverage the full potential of BPF for
tracing and instrumenting Linux systems, for example using
libraries/tools like those provided by the bcc project.
 2016-04-07 08:14:41 +01:00
Tuomas Tynkkynen b95274cc90 kernel: Don't patchELF manually 
AFAICT this is done by stdenv nowadays:

bde82098b8/pkgs/development/tools/misc/patchelf/setup-hook.sh (L5)
bde82098b8/pkgs/stdenv/generic/setup.sh (L737)

Might help /be somehow related to these mysterious errors that seem to
occur sometimes (?):

http://hydra.nixos.org/build/34131589/nixlog/1/raw
 2016-04-06 17:19:43 +03:00
Robin Gloster 5ca99ae7a7 kernel.i686-linux: disable bindnow hardening 2016-04-06 14:16:42 +00:00
Domen Kožar b95a1c4f77 kernel: fix build of 3.10 and 3.12 on i686 
(cherry picked from commit 23730413fe)
Signed-off-by: Domen Kožar <domen@dev.si>
 2016-04-06 10:36:04 +01:00
Robin Gloster bbbaccfa68 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-04-04 15:24:52 +00:00
Tim Steinbach 5ef5e59c56 linux_testing: 4.6-rc1 -> 4.6-rc2 2016-04-03 19:14:31 +00:00
Vladimír Čunát ab15a62c68 Merge branch 'master' into closure-size 
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
 2016-04-01 10:06:01 +02:00
Robin Gloster f60c9df0ba Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-03-28 15:16:29 +00:00
Domen Kožar c61445357e Merge pull request #14239 from kragniz/linux-testing-4.6-rc1 
Linux-testing 4.6-rc1
 2016-03-28 15:53:52 +01:00
Joachim Fasting dd16dcbba4 linux_grsec_3_14: mark as broken 
First, The patch is outdated, I failed to find it anywhere in the mirror repos.
Second, the build fails, and while it may be "fixed" by ad-hoc patching (it
appears to simply need some missing includes), this would mean shipping a
potentially insecure software package. Given that the only reason to use
grsecurity is security, this is both misleading and exposes users to undue risk.
Finally, the build has been broken for quite a long time with no complaints,
leading me to believe that the number of actual users is quite low.
 2016-03-27 21:13:41 +02:00
Domen Kožar b07e7bfc7b Merge remote-tracking branch 'origin/staging' 2016-03-27 13:19:04 +01:00
Joachim Fasting bd9737cc3e linux_chromiumos: require 64bit build host 
I noticed that almost all the Hydra build failures were on i686. Sure
enough, upstream says that you need an x86_64 machine to build the
kernel.
 2016-03-27 05:35:04 +02:00
Louis Taylor 8b7e150bb9 linux-testing: 4.5-rc7 -> 4.6-rc1 2016-03-27 03:10:19 +01:00
Louis Taylor 695c2e4ee4 kernel-config: do not use NFSD_PNFS on >=4.6 2016-03-27 03:09:30 +01:00
Joachim Fasting 89c6b3c11a perf: fix build 
https://hydra.nixos.org/build/33553564/nixlog/1/raw
 2016-03-26 18:18:40 +01:00
Domen Kožar 4393e65a44 Merge pull request #14054 from NeQuissimus/kernel310101 
kernel: 3.10.99 -> 3.10.101
 2016-03-23 11:31:21 +00:00
Domen Kožar 2a428566e8 Merge pull request #14055 from NeQuissimus/kernel31257 
kernel: 3.12.55 -> 3.12.57
 2016-03-23 11:31:14 +00:00
Domen Kožar 4b29e2e6cb Merge pull request #14056 from NeQuissimus/kernel31465 
kernel: 3.14.63 -> 3.14.65
 2016-03-23 11:30:59 +00:00
Lluís Batlle i Rossell 40b0538239 Update linux raspberry-pi to 4.1.y. 
I could boot it in pi2; I don't know if I needed new
firmware files in /boot.
 2016-03-22 15:09:57 +01:00
Tim Steinbach 6476075ccf kernel: 3.18.28 -> 3.18.29 (close #14057) 2016-03-21 12:39:29 +01:00
Tim Steinbach 379709b404 kernel: 4.1.17 -> 4.1.20 (close #14058) 2016-03-21 12:15:25 +01:00
Tim Steinbach 4274edbe40 kernel: 3.14.63 -> 3.14.65 2016-03-19 18:29:40 +00:00
Tim Steinbach bf41deb889 kernel: 3.12.55 -> 3.12.57 2016-03-19 18:27:41 +00:00
Tim Steinbach 6f5f855a2e kernel: 3.10.99 -> 3.10.101 2016-03-19 18:25:24 +00:00
Eelco Dolstra 4b512321de linux: 4.4.5 -> 4.4.6 
CVE-2016-2143
 2016-03-17 13:05:57 +01:00
Eelco Dolstra 6faa0aea88 linux: 3.18.27 -> 3.18.28 
CVE-2016-2085
 2016-03-17 13:05:13 +01:00
Robin Gloster 2ac4dba0fb Merge pull request #13909 from kragniz/linux-4.5 
linux: add 4.5
 2016-03-15 18:12:47 +01:00
Robin Gloster 3f45f0948d Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-03-15 01:44:24 +00:00
Louis Taylor 8bdee80d39 linux: add 4.5 2016-03-14 22:34:05 +00:00
Tim Steinbach a5d8256df4 grsecurity: 4.4.4 -> 4.4.5 2016-03-14 21:29:42 +00:00
Tim Steinbach 7c90420119 kernel: 4.4.4 -> 4.4.5 2016-03-10 01:39:17 +00:00
Nikolay Amiantov fedabe3334 Merge pull request #13745 from zohl/linux-chromiumos 
linux_chromiumos_3_14: kernel option fix
 2016-03-08 13:57:32 +03:00
Vladimír Čunát 09af15654f Merge master into closure-size 
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
 2016-03-08 09:58:19 +01:00
Franz Pletz 255d710757 grsecurity: 4.4.2 -> 4.4.4 
See #13505.
 2016-03-08 01:03:47 +01:00
Franz Pletz eb5a897161 Merge remote-tracking branch 'origin/pr/13505' 
Fixes #13505.
 2016-03-08 01:01:44 +01:00
Al Zohali 9d03355bed ChromiumOS kernel option fixup 2016-03-08 01:19:42 +03:00
Franz Pletz e9fc4e7db6 Merge remote-tracking branch 'origin/master' into hardened-stdenv 2016-03-07 22:08:27 +01:00
Louis Taylor cdb0267efe linux-testing: 4.5-rc6 -> 4.5-rc7 2016-03-07 01:00:33 +00:00
Franz Pletz 3b1f2e070b linux_4_4: 4.4.3 -> 4.4.4 2016-03-05 21:50:03 +01:00
Franz Pletz af40e356fe linux_3_14: 3.14.61 -> 3.14.63 2016-03-05 21:50:03 +01:00
Franz Pletz 354a1935d3 linux_3_12: 3.12.54 -> 3.12.55 2016-03-05 21:50:03 +01:00
Franz Pletz 5b8361c118 linux_3_10: 3.10.97 -> 3.10.99 2016-03-05 21:50:03 +01:00
Franz Pletz cb3d27df93 Merge remote-tracking branch 'origin/master' into hardened-stdenv 2016-03-05 18:55:30 +01:00
Franz Pletz aff1f4ab94 Use general hardening flag toggle lists 
The following parameters are now available:

  * hardeningDisable
    To disable specific hardening flags
  * hardeningEnable
    To enable specific hardening flags

Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.

cc-wrapper supports the following flags:

  * fortify
  * stackprotector
  * pie (disabled by default)
  * pic
  * strictoverflow
  * format
  * relro
  * bindnow
 2016-03-05 18:55:26 +01:00
Franz Pletz 4927ca8397 Merge pull request #13555 from kragniz/linux-testing-4.5-rc6 
linux-testing: 4.5-rc5 -> 4.5-rc6
 2016-03-03 19:03:17 +01:00
Robin Gloster fed49425c5 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-03-03 16:11:55 +00:00
Marko Poikonen ede005ad3f Enabling Media PCI adapters (needed for PCI DVB cards) 2016-03-01 20:57:46 +01:00
Louis Taylor 3747aef768 linux-testing: 4.5-rc5 -> 4.5-rc6 2016-02-28 19:13:36 +00:00
Robin Gloster 3b4765c9e5 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-02-28 16:32:57 +00:00
tg(x) be3bd972d5 grsecurity: add 4.1 kernel 2016-02-28 15:00:16 +01:00
tg(x) 38614d3f6a grsecurity: use kernel version instead of testing / stable 2016-02-28 04:10:59 +01:00
tg(x) 4e3d6d3e90 grsecurity: separate fix patches for testing & stable 2016-02-27 19:54:55 +01:00
tg(x) 75f353ffbd grsecurity: decouple from mainline 2016-02-27 19:33:35 +01:00
tg(x) 7547960546 grsecurity: move version information to one place 2016-02-27 18:36:12 +01:00
tg(x) d95321b83e grsecurity: 4.3.4 -> 4.4.2 2016-02-27 18:36:12 +01:00
Franz Pletz 73e0c261c2 linux: 4.4.2 -> 4.4.3 2016-02-27 16:34:02 +01:00
Robin Gloster 3477e662e6 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-02-27 00:08:08 +00:00
Tim Steinbach 7506c58d74 linux_3_10: 3.10.96 -> 3.10.97 (close #13405) 2016-02-25 23:09:08 +01:00
Tuomas Tynkkynen 0e1319f03f linux-3.10: fixup config by a slightly hacky way 
For explanation see:
https://github.com/NixOS/nixpkgs/pull/13405#issuecomment-188357637
 2016-02-25 23:07:47 +01:00
Tim Steinbach 3ef63227dd linux-testing: 4.5-rc4 -> 4.5-rc5 (close #13403) 2016-02-24 08:17:52 +01:00
Tim Steinbach 642517fbda linux_3_12: 3.12.53 -> 3.12.54 (close #13406) 2016-02-24 08:16:47 +01:00
Tim Steinbach 08cf57204f linux_3_14: 3.14.60 -> 3.14.61 (close #13407) 2016-02-24 08:16:18 +01:00
Tim Steinbach a2bd90650d linux_4_3: 4.3.5 -> 4.3.6 (close #13408) 2016-02-24 08:15:34 +01:00
Franz Pletz 5e0105af9b linux: 4.4.1 -> 4.4.2 2016-02-22 04:52:00 +01:00
Robin Gloster bb2639aafc Merge branch 'curl-7.15-fixup' of https://github.com/zimbatm/nixpkgs into hardened-stdenv 2016-02-22 01:14:22 +00:00
Tuomas Tynkkynen a6638c62a8 Revert "linux: 4.1.17 -> 4.1.18" 
This reverts commit 6cdf5fe85f.

This version has a crypto regression:
https://lkml.org/lkml/2016/2/19/748 which is blocking the channel update
due to a failing luksroot test: http://hydra.nixos.org/build/32159615
 2016-02-21 17:57:39 +02:00
Robin Gloster bc21db3692 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-02-19 21:16:14 +00:00
Franz Pletz eff9726d54 linux: 4.3.4 -> 4.3.5 2016-02-18 03:44:19 +01:00
Franz Pletz 6cdf5fe85f linux: 4.1.17 -> 4.1.18 2016-02-18 03:44:12 +01:00
Franz Pletz d756ff9354 linux: 3.18.26 -> 3.18.27 2016-02-18 03:44:07 +01:00
Franz Pletz 41698c9efa Merge branch 'master' into hardened-stdenv 2016-02-15 20:05:29 +01:00
Louis Taylor d48f117d06 linux-testing: 4.5-rc3 -> 4.5-rc4 2016-02-14 23:03:26 +00:00
Vladimír Čunát d039c87984 Merge branch 'master' into closure-size 2016-02-14 08:33:51 +01:00
Robin Gloster 077e24c10d Revert "linuxPackages.perf: set -Wno-error=bool-compare" 
This reverts commit 332c84196c.

only works on gcc5
 2016-02-10 23:27:37 +00:00
Eelco Dolstra e2eca0c24c Fix misspelled meta.maintainers attributes 2016-02-10 23:27:34 +00:00
tg(x) 280033235e grsecurity: use source URL from a scraped repository as grsecurity.net only has the latest version 2016-02-10 23:27:31 +00:00
Domen Kožar 6040699768 Merge pull request #12890 from NeQuissimus/kernel45rc3 
linux-testing: 4.5-rc2 -> 4.5-rc3
 2016-02-10 21:20:46 +00:00
Eelco Dolstra aea262f654 Fix misspelled meta.maintainers attributes 2016-02-10 14:59:50 +01:00
tg(x) 42deddb17a grsecurity: use source URL from a scraped repository as grsecurity.net only has the latest version 2016-02-10 00:46:11 +01:00
Robin Gloster 332c84196c linuxPackages.perf: set -Wno-error=bool-compare 2016-02-09 23:17:13 +00:00
Robin Gloster 5969a59052 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-02-09 16:28:44 +00:00
Tim Steinbach 2fabb4b34d linux-testing: 4.5-rc2 -> 4.5-rc3 2016-02-09 14:38:06 +00:00
Robin Gloster 9229e9c656 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-02-07 11:17:57 +00:00
Louis Taylor 12ca23d650 linux-testing: 4.4-rc8 -> 4.5-rc2 2016-02-06 20:54:55 +00:00
Vladimír Čunát ae74c356d9 Merge recent 'staging' into closure-size 
Let's get rid of those merge conflicts.
 2016-02-03 16:57:19 +01:00
Tuomas Tynkkynen 7db1cba057 kernel: Let the kernel build system strip modules 
Since commit 48f51f1185 we let the kernel build system compress the
modules, which makes the original strip expression not work. Let the
kernel build system strip them as well so they get stripped.
 2016-02-02 22:47:32 +02:00
Eelco Dolstra 7b772ae398 linux: Update to 3.10.96, 3.12.53, 3.14.60, 3.18.26, 4.1.17, 4.4.1 2016-02-02 16:38:42 +01:00
Eelco Dolstra 48f51f1185 linux: Compress kernel modules 
This reduces the kernel package from 185 to 62 MiB, for a neglible
boot time cost.
 2016-02-01 18:19:23 +01:00
Eelco Dolstra 72a30ae66f linux: Use $SOURCE_DATE_EPOCH as the build timestamp 2016-02-01 18:19:23 +01:00
Eelco Dolstra 0a7cd3c110 Remove unused file 2016-02-01 18:19:23 +01:00
Lluís Batlle i Rossell b2dc647c1e linux: adding PCI Expresscard Hotplug support 2016-02-01 11:07:08 +01:00
Robin Gloster f6d3b7a2ae switch hardening flags 2016-01-30 16:36:57 +00:00
Franz Pletz 954e9903ad Use a hardened stdenv by default 2016-01-30 16:36:57 +00:00
Dan Peebles ef1f64106f kernel: add back the patch I just removed by accident 2016-01-24 04:12:17 +00:00
Dan Peebles 78956c77c0 linux: 4.3.3 -> 4.34 (and update grsecurity patches, too) 2016-01-24 03:53:46 +00:00
Tobias Geerinckx-Rice 32d40f0f98 Remove no longer (or never) referenced patches 
55 files changed, 6041 deletions. Tested with `nix-build -A tarball`.
 2016-01-24 02:02:21 +01:00
Dan Peebles 8f9aea9ccc grsecurity: fix kernel config and uncomment grsecurity kernels 2016-01-23 16:58:44 +00:00
Dan Peebles 33cf0792b1 grsecurity-testing: update patches and associated kernel version 2016-01-23 14:29:34 +00:00
Nikolay Amiantov 29785c5b7a Merge pull request #12309 from zohl/chromiumos-kernel 
Add ChromiumOS kernels
 2016-01-23 13:13:59 +03:00
Vladimír Čunát 4824f73cb3 linux-4.2: remove as it's no longer maintained upstream 
grsecurity still holds a reference to it,
but I prefer it to fail than to use a version
that is most likely not secure anymore.
 2016-01-20 20:15:07 +01:00
Nathan Zadoks 23f5e3c90f linux: patch CVE-2016-0728 (close #12492) 
The PoC provided successfully escalates privileges from a local user to
root. The vulnerability affects any Linux Kernel version 3.8 and higher.
http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/
 2016-01-20 09:31:53 +01:00
Guillaume Maudoux f8ff4691ed linux-mptcp: init at 0.90 (kernel 3.18.20), fixes #11149 2016-01-20 02:11:09 +01:00
Vladimír Čunát 716aac2519 Merge branch 'staging' into closure-size 2016-01-19 09:55:31 +01:00
Simon Jagoe 42d4175e4e kernel: 4.1.13 -> 4.1.15 (close #12408) 2016-01-15 19:59:52 +01:00
Al Zohali a3a5bc6095 linux_chromiumos_3_14: init at 3.14.0 
Co-authored-by: Nikolay Amiantov <ab@fmap.me>
 2016-01-13 22:43:19 +03:00
Al Zohali ee9e7b7224 linux_chromiumos_3_18: init at 3.18.0 
Co-authored-by: Nikolay Amiantov <ab@fmap.me>
 2016-01-13 22:43:19 +03:00
Shea Levy 44274f62f5 linux: Add 4.4 2016-01-12 19:39:00 -05:00
Lluís Batlle i Rossell 1792ca5810 Increasing mmc possible partitions from 8 to 32. 
In kernel common config. I have a modern tablet with 18 gpt partitions
on eMMC (Android+Win10 dualboot).
 2016-01-11 09:27:58 +01:00
Tim Steinbach f318049964 kernel: 4.3.2 -> 4.3.3 2016-01-11 02:08:31 +00:00
Aristid Breitkreuz 6fc1c08324 Merge pull request #12143 from NeQuissimus/kernel440rc8 
linux-testing: 4.4.0-rc7 -> 4.4.0-rc8
 2016-01-10 21:07:46 +01:00
Lluís Batlle i Rossell be9ad574f7 Adding framebuffer console rotation to kernels. 
This helps in some weird screens that otherwise show the console 90° turned.
 2016-01-07 16:48:46 +01:00
Eelco Dolstra e4b4e9b986 linux: Make Unix domain sockets builtin 
This hopefully fixes intermittent initrd failures where udevd cannot
create a Unix domain socket:

  machine# running udev...
  machine# error getting socket: Address family not supported by protocol
  machine# error initializing udev control socket
  machine# error getting socket: Address family not supported by protocol

The "unix" kernel module is supposed to be loaded automatically, and
clearly that works most of the time, but maybe there is a race
somewhere. In any case, no sane person would run a kernel without Unix
domain sockets, so we may as well make it builtin.

http://hydra.nixos.org/build/30001448
 2016-01-07 13:20:53 +01:00
Tim Steinbach 1283e01b38 linux-testing: 4.4.0-rc7 -> 4.4.0-rc8 2016-01-04 20:52:19 +00:00
aszlig 7ea34af4dd
linux-testing: 4.4.0-rc6 -> 4.4.0-rc7 
Upstream changes can be found at:

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/?id=v4.4-rc7

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2016-01-02 17:56:03 +01:00
Vladimír Čunát f9f6f41bff Merge branch 'master' into closure-size 
TODO: there was more significant refactoring of qtbase and plasma 5.5
on master, and I'm deferring pointing to correct outputs to later.
 2015-12-31 09:53:02 +01:00
Eelco Dolstra f6df6d8d46 linux: 3.18.24 -> 3.18.25 2015-12-29 15:56:20 +01:00
aszlig a326ab1755
linux-testing: 4.4.0-rc5 -> 4.4.0-rc6 
Upstream changes can be found at:

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/?id=v4.4-rc6

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2015-12-21 17:16:49 +01:00
aszlig 45e335aabd
linux-testing: 4.4.0-rc4 -> 4.4.0-rc5 
Upstream changes can be found at:

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/?id=v4.4-rc5

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2015-12-14 20:29:10 +01:00
Shea Levy 18af0f88d0 Linux 4.3: 4.3 -> 4.3.2 2015-12-12 08:46:34 -05:00
Luca Bruno 5b0352a6a4 Merge branch 'master' into closure-size 2015-12-11 18:31:00 +01:00
aszlig fc6d1471ce
linux-testing: Revert build fix for -rc3. 
This reverts commit 79bd2b08ee.

The commit was from an upstream commit anyway and has since been applied
to mainline.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2015-12-11 11:31:05 +01:00
Eelco Dolstra 54d6f1f683 linux: 3.14.56 -> 3.14.58 2015-12-10 16:26:33 +01:00
aszlig c00feace39
linux-testing: 4.4.0-rc3 -> 4.4.0-rc4 
Upstream changes can be found at:

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/?id=v4.4-rc4

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2015-12-08 03:51:34 +01:00
Luca Bruno e289717414 rename moveToOutput and propagatedBuildInputs 2015-12-02 10:05:36 +01:00
aszlig 79bd2b08ee
linux-testing: Fix build with default config. 
Regression introduced by 03a3a905b9.

Our default config includes all modules and since torvalds/linux@47ca6ec
this results in a regression due to in a circular dependency between
libcfs and LNet:

depmod: ERROR: Found 2 modules in dependency cycles!
depmod: ERROR: Cycle detected: lnet -> libcfs -> lnet

The discussion regarding this in the LKML is here:

https://lkml.org/lkml/2015/11/2/388

So this adds a patch which is not yet included in mainline and has been
submitted to the LKML at:

https://lkml.org/lkml/2015/11/6/987

Built successfully via "nix-build -A linux-testing".

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2015-12-01 11:22:29 +01:00
aszlig 03a3a905b9
linux-testing: 4.4.0-rc1 -> 4.4.0-rc3 
Upstream changes can be found at:

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/?id=v4.4-rc1&id2=v4.4-rc3

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2015-12-01 09:34:39 +01:00
Luca Bruno a412927924 Merge remote-tracking branch 'origin/master' into closure-size 2015-11-25 21:37:30 +01:00
Vladimír Čunát 333d69a5f0 Merge staging into closure-size 
The most complex problems were from dealing with switches reverted in
the meantime (gcc5, gmp6, ncurses6).
It's likely that darwin is (still) broken nontrivially.
 2015-11-20 14:32:58 +01:00
Eelco Dolstra 16acdb45bd Revert "kernel: Remove unsupported 3.10, 3.12, 3.14" 
This reverts commit 2441e002e2. The
motivation for removing them was not very convincing. Also, we need
3.14 on some Hydra build machines.
 2015-11-19 14:25:16 +01:00
William A. Kennington III 893179e9c1 linux-testing: Bump to 4.4-rc1 2015-11-17 17:21:25 -08:00
William A. Kennington III 9579c9ec7f Merge commit 'cb21b77' into master.upstream 
This is a partial merge of staging for builds which are working
 2015-11-13 15:53:10 -08:00
Brian McKenna 6668058a62 linux: add config options needed for a Bay Trail Chromebook 
Close #10416.
Got /dev/mmcblk0 on a live CD with these options:

    X86_INTEL_LPSS y
    PINCTRL_BAYTRAIL y
 2015-11-11 15:33:42 +01:00
William A. Kennington III d4661c7366 kernel: 4.1.12 -> 4.1.13 2015-11-10 16:17:09 -08:00
William A. Kennington III 3950ab9eb9 kernel: 4.2.5 -> 4.2.6 2015-11-10 16:17:06 -08:00
Eelco Dolstra 789504dadf perf: Fix libbfd dependency 
This fixes C++ symbol demangling.
 2015-11-10 22:12:38 +01:00
William A. Kennington III 2441e002e2 kernel: Remove unsupported 3.10, 3.12, 3.14 
Our base kernel headers were bumped to 3.18 so we can no longer reliably
support kernels older than 3.18
 2015-11-09 11:10:42 -08:00
William A. Kennington III d33c63c19d kernel: 3.12.49 -> 3.12.50 2015-11-07 15:44:53 -08:00
Eelco Dolstra 827adff712 linux: Update to 3.18.24 2015-11-04 13:22:22 +01:00
William A. Kennington III 4b7f374b7d linux: Add 4.3 2015-11-02 11:01:17 -08:00
William A. Kennington III ea49c910a5 kernel: 3.18.22 -> 3.18.23 2015-10-30 17:17:14 -07:00
Shea Levy 3c14c32975 Really disable the firmware loader user helper fallback 2015-10-30 13:31:51 -04:00
Shea Levy a7157fa2f0 Remove firmware loader fallback. 
Systemd dropped support in 207 (would be nice if configure failed with a bad flag),
so all this does is add an annoying delay if firmware can't be found by the kernel
 2015-10-30 10:29:56 -04:00
aszlig c82060df9f
linux-testing: 4.3.0-rc5 -> 4.3.0-rc7 
Upstream changes can be found at:

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/?id=v4.3-rc7&id2=v4.3-rc5

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2015-10-28 13:59:56 +01:00
Eelco Dolstra d2918797bb linux: Fix i686 build 2015-10-28 11:09:59 +01:00
William A. Kennington III 221a970e82 kernel: 4.2.3 -> 4.2.5 2015-10-27 23:07:42 -07:00
William A. Kennington III 658d7b285b kernel: 4.1.11 -> 4.1.12 2015-10-27 23:07:33 -07:00
William A. Kennington III 850fff4448 kernel: 3.14.54 -> 3.14.56 2015-10-27 23:07:17 -07:00
William A. Kennington III 4eaa66c9d2 kernel: 3.10.90 -> 3.10.92 2015-10-27 23:07:09 -07:00
Eelco Dolstra 52c9e4415b linux: Support x2APIC 
Without this, certain servers with lots of CPU cores would show only
one core.
 2015-10-26 16:20:02 +01:00
Eelco Dolstra 50ab972b5a linux: Pass through configuration file 
This enables "nix-build -A linux.configfile" to get the generated
kernel config.
 2015-10-26 16:20:01 +01:00
Vladimír Čunát 7e6288c252 kernel: 4.1.10 -> 4.1.11, /cc #10607 
Boots fine for me on 64-bit.
 2015-10-26 08:34:44 +01:00
William A. Kennington III 194357ad20 grsecurityUnstable: 4.1.7 -> 4.2.3 2015-10-15 10:41:04 -07:00
William A. Kennington III cfb2651959 kernel: 3.12.48 -> 3.12.49 2015-10-15 10:38:01 -07:00
aszlig 197547e4ba
linux-testing: 4.3.0-rc4 -> 4.3.0-rc5 
Upstream changes can be found at:

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/?id=refs/tags/v4.3-rc5

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2015-10-13 05:31:43 +02:00
William A. Kennington III c46dd28ffd linux-testing: 4.3.0-rc2 -> 4.3.0-rc4 2015-10-05 11:05:31 -07:00
William A. Kennington III cac0d87d98 kernel: 4.1.9 -> 4.1.10 2015-10-03 22:25:48 -07:00
William A. Kennington III 62fa68e00c kernel: 3.18.21 -> 3.18.22 2015-10-03 22:25:40 -07:00
William A. Kennington III 23ff27b2c4 kernel: 3.10.89 -> 3.10.90 2015-10-03 22:25:33 -07:00
Shea Levy fc719c2437 Fix kernel config names for BRCMFMAC_* 2015-10-03 15:35:06 -04:00
Shea Levy e7f0b0297d Linux: Enable PCIe and USB support for brcmfmac 2015-10-03 15:22:52 -04:00
Shea Levy edefa43d49 Linux 4.2: Bump 2015-10-03 15:22:03 -04:00
Vladimír Čunát f361938b21 Merge staging into closure-size 
This makes gcc5 the default builder, etc.
 2015-10-03 15:23:13 +02:00
Tuomas Tynkkynen 09637ac363 kernel: Don't propagate the dev output 
The current default multiple-output propagation rules don't seem to work
too well if the dev output isn't the first one; without this we get an
unnecessary runtime reference to the kernel headers.
 2015-10-03 14:08:55 +02:00
Eelco Dolstra 277d44f8fb linux: Update to 3.14.54 2015-10-02 12:02:27 +02:00
Thomas Strobel c720f06f7c linux kernel common config: re-enable NFC support 
As test, Linux kernels were build successfully with NFC support for 3.18.x and
for 4.1.x.
 2015-10-01 17:53:51 +02:00
William A. Kennington III e45e777c37 kernel: Remove uneeded patch for 4.2 2015-09-29 17:47:18 -07:00
William A. Kennington III 05fd70b4be kernel: 4.2.1 -> 4.2.2 2015-09-29 15:57:30 -07:00
William A. Kennington III 40773c7605 kernel: 4.1.8 -> 4.1.9 2015-09-29 15:57:29 -07:00
Paul Colomiets 84c0098117 Unprivileged overlayfs mounts kernel patch from ubuntu 
This allows to create overlayfs mounts by unprivileged containers (i.e.
in user and mount namespace). It's super-useful for containers.

The patch is trivial as I understand from the patch description it's
does not have security implications (on top of what user namespaces
already have). And it's enabled in ubuntu long time ago. Here is a proof:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1357025
 2015-09-26 00:42:16 +03:00
William A. Kennington III 40396584eb kernel: 4.2 -> 4.2.1 2015-09-23 12:29:59 -07:00
William A. Kennington III d5c7b265f7 kernel: 4.1.7 -> 4.1.8 2015-09-23 12:29:59 -07:00
William A. Kennington III 97200b7808 kernel: 3.14.52 -> 3.14.53 2015-09-23 12:29:59 -07:00
William A. Kennington III 397f806453 kernel: 3.12.47 -> 3.12.48 2015-09-23 12:29:59 -07:00
William A. Kennington III 284ea9295e kernel: 3.10.88 -> 3.10.89 2015-09-23 12:29:59 -07:00
William A. Kennington III 9fbbbd5b68 linux-testing: Update to 4.3.0-rc2 2015-09-21 14:38:49 -07:00
Charles Strahan f08fb6e6c7 broadcom-sta: fix build on kernel >= 4.2 (close #9953) 
Also cherry-pick a licensing fix from torvalds/linux@7d3e2eb178
necessary for building broadcom-sta on kernel 4.2.

For more details, see:
https://github.com/longsleep/bcmwl-ubuntu/issues/6

Fixes #9948.
 2015-09-20 08:01:37 +02:00
William A. Kennington III 84505bd36a grsecurity: Update patches 2015-09-16 13:35:41 -07:00
William A. Kennington III 871baf2278 kernel: 4.1.6 -> 4.1.7 2015-09-16 12:55:36 -07:00
William A. Kennington III 5975687f98 kernel: 3.14.51 -> 3.14.52 2015-09-16 12:55:36 -07:00
William A. Kennington III 72d22e3f4d kernel: 3.10.87 -> 3.10.88 2015-09-16 12:55:36 -07:00
Mathnerd314 eb7404d97a all-packages: Use callPackage where possible 2015-09-14 22:27:19 -06:00
Eelco Dolstra 3ebe5f802b Remove references to /root/test-firmware 
This is no longer supported by systemd.
 2015-09-07 22:55:16 +02:00
William A. Kennington III 0754a213c1 Merge pull request #9643 from dezgeg/pr-perf 
linuxPackages_*.perf: Fix build after kernel 4.1
 2015-09-03 20:24:11 -07:00
Tuomas Tynkkynen 710c4c3c9d linuxPackages_*.perf: Fix build after kernel 4.1 
In 4.1, the build system changed, and it now wants to execute ld like this:

ld -r -o util/scripting-engines/libperf-in.o util/scripting-engines/trace-event-perl.o util/scripting-engines/trace-event-python.o

The actual problem seems to be that `buildInputs = [elfutils ...]`
causes 'ld' to point to elfutils in PATH instead of the usual binutils.

So remove elfutils from buildInputs and set NIX_CFLAGS_* manually. This
is a slight hack, but there is some precedent:
0761f81da7/pkgs/tools/package-management/rpm/default.nix (L13)

Fixes #9095.
 2015-09-03 23:37:15 +03:00
Eelco Dolstra 90dc8da64d linux: Update to 3.18.21 2015-09-03 16:50:31 +02:00
Eelco Dolstra 38a74e27de Remove Linux 4.0 
It's EOL.
 2015-09-03 16:50:31 +02:00
William A. Kennington III 8e26a55dc4 linux: Add 4.2.0 2015-08-30 18:20:19 -07:00
William A. Kennington III 5a303519fa kernel: 3.12.46 -> 3.12.47 2015-08-28 15:46:34 -07:00
William A. Kennington III d70c01daec grsecurity: Update patches 2015-08-18 21:06:45 -07:00
William A. Kennington III eb859dc816 kernel: 4.1.5 -> 4.1.6 2015-08-18 11:12:34 -07:00
William A. Kennington III e4fa08711c kernel: 3.14.50 -> 3.14.51 2015-08-18 11:12:34 -07:00
William A. Kennington III 109ff7ddee kernel: 3.10.86 -> 3.10.87 2015-08-18 11:12:34 -07:00
Charles Strahan c1ee8fefd4 nixos: add support for Ubuntu Fan Networking 
This provides support for Ubuntu Fan Networking [1].

This includes:

* The fanctl package, and a corresponding NixOS service.
* iproute patches.
* kernel patches.

closes #9188

1: https://wiki.ubuntu.com/FanNetworking
 2015-08-13 14:27:14 -04:00
William A. Kennington III 52e55d85cb kernel: 3.14.49 -> 3.14.50 2015-08-10 23:35:43 -07:00
William A. Kennington III 2cec29f646 linux-3.19: Remove stale nix file 2015-08-10 23:34:32 -07:00
William A. Kennington III 974b9cc8cc kernel: 4.1.4 -> 4.1.5 2015-08-10 23:34:31 -07:00
William A. Kennington III 9f79c1e6eb kernel: 3.18.19 -> 3.18.20 2015-08-10 23:34:31 -07:00
William A. Kennington III 5e33890995 kernel: 3.12.45 -> 3.12.46 2015-08-10 23:31:07 -07:00
William A. Kennington III 5fe578d706 kernel: 3.10.85 -> 3.10.86 2015-08-10 23:30:59 -07:00
Jonathan Rudenberg 921055b4a8 kernel: Enable DRM_LOAD_EDID_FIRMWARE 
This allows specifying drm_kms_helper.edid_firmware to work around displays
that provide bad EDID data.

Documentation: https://www.osadl.org/Single-View.111+M5ec938a7b3b.0.html
 2015-08-04 16:38:38 -04:00
William A. Kennington III 04f1b451d7 kernel: 3.14.48 -> 3.14.49 2015-08-04 13:30:08 -07:00
William A. Kennington III 79fb844213 kernel: 4.0.8 -> 4.0.9 2015-08-04 13:28:46 -07:00
William A. Kennington III a5d6e61c2f grsecurity: Push testing from 4.0 -> 4.1 2015-08-04 13:28:16 -07:00
William A. Kennington III ce6b96db6e kernel-testing: 4.2.0-rc2 -> 4.2.0-rc5 2015-08-03 13:06:22 -07:00
William A. Kennington III 102cfc53bc kernel: 4.1.3 -> 4.1.4 2015-08-03 12:58:12 -07:00
William A. Kennington III 678efd6df0 kernel: 3.12.44 -> 3.12.45 2015-08-03 12:58:12 -07:00
William A. Kennington III 1684ec0bfc kernel: 3.10.84 -> 3.10.85 2015-08-03 12:58:12 -07:00
viric 982ce5ed58 Merge pull request #8978 from dezgeg/pr-arm-images 
ARM SD card image expressions
 2015-07-29 14:13:57 +02:00
William A. Kennington III 24c13dfa81 kernel: 4.1.2 -> 4.1.3 2015-07-22 13:14:27 -07:00
William A. Kennington III 612d19e8b4 kernel: 3.18.18 -> 3.18.19 2015-07-22 13:14:27 -07:00
Tuomas Tynkkynen 82d0acaf37 kernel-config: Explicitly enable NAMESPACES 
Namespace support is required by the `unshare` tool used in
`nixos-install`. It's enabled by the x86 defconfig, but not by
e.g. multi_v7_defconfig. So enable it here so that `nixos-install`
can work on ARM.
 2015-07-22 16:08:17 +03:00
Tuomas Tynkkynen ec43c69b5d linux-rpi: Fix modDirVersion 
This causes build breakage on staging due to #7524.
 2015-07-22 16:08:17 +03:00
Eelco Dolstra 069b4a8a57 Remove Linux 3.2 and 3.4 
These are not supported by systemd so no reason to keep them around.

(cherry picked from commit ee10e165dc)

Conflicts:
	pkgs/os-specific/linux/kernel/linux-3.4.nix
 2015-07-22 12:25:32 +02:00
aszlig 45135c0256
linux-testing: Update to version 4.2.0-rc2. 
Upstream diff of changes can be found at:

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/diff/?id=v4.2-rc2&id2=v4.2-rc1&dt=2

Not tested on my machine right now (well, it's "testing" after all), but
verified the SHA256 from two different connections.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2015-07-14 07:31:18 +02:00
William A. Kennington III 0245b28796 kernel: 3.14.47 -> 3.14.48 2015-07-11 20:15:05 -07:00
William A. Kennington III 3284b216a4 kernel: 4.0.7 -> 4.0.8 2015-07-11 20:15:05 -07:00
William A. Kennington III 75b7938ba2 kernel: 4.1.1 -> 4.1.2 2015-07-11 20:15:05 -07:00
William A. Kennington III 680e2ced04 kernel: 3.18.17 -> 3.18.18 2015-07-11 20:15:05 -07:00
William A. Kennington III 4529105271 kernel: 3.10.82 -> 3.10.84 2015-07-11 20:15:05 -07:00
Eelco Dolstra 5c9f437d2f linux: 3.14.46 -> 3.14.47 
CVE-2014-7822
 2015-07-09 15:10:12 +02:00
William A. Kennington III b363927556 linux-testing: 4.2-rc1 2015-07-06 13:45:03 -07:00
Shea Levy 145768bf9b Unmaintain a bunch of packages 2015-07-01 08:11:05 -04:00
William A. Kennington III d64b3c8a5c kernel: 3.14.45 -> 3.14.46 2015-06-30 11:28:59 -07:00
William A. Kennington III 43eda80b09 kernel: 3.18.16 -> 3.18.17 2015-06-30 11:20:41 -07:00
William A. Kennington III b25930c4c8 kernel: 4.0.6 -> 4.0.7 2015-06-30 11:20:41 -07:00
William A. Kennington III 3f7d195762 kernel: 4.1 -> 4.1.1 2015-06-30 11:20:40 -07:00
William A. Kennington III 34cb1a202b kernel: 3.10.81 -> 3.10.82 2015-06-30 11:16:21 -07:00
Domen Kožar f895960e84 Merge pull request #8256 from dezgeg/pr-i686-kconfig 
kernel-config: Fix 4.0 build on 32-bit
 2015-06-26 13:23:35 +02:00
William A. Kennington III b08d384da8 kernel: 3.14.44 -> 3.14.45 2015-06-24 18:12:20 -07:00
William A. Kennington III 2f255eafd9 kernel: 4.0.5 -> 4.0.6 2015-06-24 18:11:25 -07:00
William A. Kennington III 16e0a98483 kernel: 3.10.80 -> 3.10.81 2015-06-24 18:09:40 -07:00
William A. Kennington III bd9433c90d kernel: Add version 4.1 latest 2015-06-22 12:41:23 -07:00
William A. Kennington III c48433d575 kernel: 3.4.107 -> 3.4.108 2015-06-22 12:35:56 -07:00
William A. Kennington III 046ba6b7db linux-testing: 4.1-rc7 -> 4.1-rc8 2015-06-15 11:37:05 -07:00
William A. Kennington III 2fd74f43b5 kernel: 3.18.14 -> 3.18.16 2015-06-15 11:32:46 -07:00
William A. Kennington III b325c1556a kernel: 3.12.43 -> 3.12.44 2015-06-15 11:32:46 -07:00
Ricardo M. Correia e26bfbe26f grsecurity: Update stable and test patches 
stable: 3.1-3.14.43-201506021902 -> 3.1-3.14.44-201506082249
test:   3.1-4.0.4-201506021902   -> 3.1-4.0.5-201506082251
 2015-06-10 18:33:28 +02:00
Tuomas Tynkkynen 62b75c64d4 kernel-config: Fix 4.0 build on 32-bit 
KVM_COMPAT apparently enables 32-bit compability syscalls for KVM, and
as such can be enabled only on a 64-bit system.

Resolves error http://hydra.nixos.org/build/23014132/nixlog/1/raw:
GOT: #
GOT: # configuration written to .config
GOT: #
GOT: make[1]: Leaving directory '/tmp/nix-build-linux-config-4.0.5.drv-0/build'
GOT: make: Leaving directory '/tmp/nix-build-linux-config-4.0.5.drv-0/linux-4.0.5'
unused option: KVM_COMPAT
builder for ‘/nix/store/7kskdvmzs116f1fm55ghm0crjniw9q0a-linux-config-4.0.5.drv’ failed with exit code 255
 2015-06-10 00:28:01 +03:00
aszlig 87b9cceefd
linux-testing: Update to new version 4.1-rc7. 
Includes fixes for DRM, MIPS, iSCSI, ALSA, USB, bna and wireless and
more. Full diff can be found here:

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/diff/?id=v4.1-rc7&id2=v4.1-rc6

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2015-06-08 15:12:47 +02:00
William A. Kennington III 514a9fdf87 Merge pull request #8173 from dezgeg/pr-kernel-config 
kernel-config: Enable framebuffer console for BIOS systems & /proc/config.gz for ARM
 2015-06-07 10:14:51 -07:00
William A. Kennington III 0a8e830196 kernel: 4.0.4 -> 4.0.5 2015-06-06 12:32:58 -07:00
William A. Kennington III 24042f3803 kernel: 3.14.43 -> 3.14.44 2015-06-06 12:32:58 -07:00
William A. Kennington III 1adef3db3d kernel: 3.10.79 -> 3.10.80 2015-06-06 12:32:58 -07:00
Tuomas Tynkkynen 6be70d17c0 kernel-config: Enable IKCONFIG so ARM gets /proc/config.gz 
IKCONFIG must be enabled so IKCONFIG_PROC can be set. On x86 IKCONFIG
gets implicitly enabled by kernelAutoModules in platforms.nix. But ARM
doesn't use kernelAutoModules, so IKCONFIG_PROC won't get enabled
without this patch.
 2015-06-04 11:28:35 +03:00
Tuomas Tynkkynen 9c2f2bc893 kernel-config: Enable FB_VESA and FRAMEBUFFER_CONSOLE 
Commit 159fed47bc (nixos/grub: Fix video display on efi) changed BIOS
systems to start in non-text mode as well. Enable FB_VESA to get a
framebuffer console on BIOS systems. Change FRAMEBUFFER_CONSOLE to 'y'
instead of the default 'm' to so the user doesn't need to manually load
the fbcon module anymore.

Other distros have similar defaults, at least on Arch:
    CONFIG_FB_VESA=y
    CONFIG_FRAMEBUFFER_CONSOLE=y
and on Ubuntu (12.04):
    CONFIG_FB_VESA=m
    CONFIG_FRAMEBUFFER_CONSOLE=y

Fixes #8139
 2015-06-04 11:26:20 +03:00
Ricardo M. Correia 07c26ee680 grsecurity: Update stable and test patches 
stable: 3.1-3.14.43-201505272112 -> 3.1-3.14.43-201506021902
test:   3.1-4.0.4-201505272113   -> 3.1-4.0.4-201506021902
 2015-06-03 19:38:05 +02:00
William A. Kennington III 2f96621b6a linux-testing: 4.1-rc5 -> 4.1-rc6 2015-06-02 11:03:53 -07:00
Ricardo M. Correia b59d52daf7 grsecurity: Update stable and test patches 
stable: 3.1-3.14.43-201505222221 -> 3.1-3.14.43-201505272112
test:   3.1-4.0.4-201505222222   -> 3.1-4.0.4-201505272113
 2015-05-29 19:49:46 +02:00
Ricardo M. Correia c0f09411e8 grsecurity: Update stable and test patches 
stable: 3.1-3.14.43-201505191737 -> 3.1-3.14.43-201505222221
test:   3.1-4.0.4-201505182014   -> 3.1-4.0.4-201505222222
 2015-05-27 20:27:43 +02:00
William A. Kennington III 988ede2c6b linux-testing: 4.1-rc4 -> 4.1-rc5 2015-05-26 01:36:35 -07:00
William A. Kennington III 37ca982a66 linux-testing: 4.1-rc4 2015-05-24 15:40:58 -07:00
Ricardo M. Correia 5277bf945d grsecurity: Update stable patch from 3.1-3.14.43-201505181929 -> 3.1-3.14.43-201505191737 2015-05-21 14:45:56 +02:00
William A. Kennington III 8d7d9723af kernel: 3.18.13 -> 3.18.14 2015-05-20 23:00:43 -07:00