Commit graph

1998 commits

Author SHA1 Message Date
Tim Steinbach
422a8b9cd1
linux: 4.9.17 -> 4.9.18 2017-03-26 10:00:57 -04:00
Guillaume Maudoux
d431ff2776 linux_mptcp: 0.91.2 -> 0.91.3 (kernel 4.1.38) 2017-03-23 22:36:24 +01:00
Robin Gloster
37f7470269
linux: drop 3.12 and 4.1
Support ends before 17.09 is released:
https://www.kernel.org/category/releases.html
2017-03-23 22:06:04 +01:00
Tim Steinbach
37a965c1de
linux: 4.10.4 -> 4.10.5 2017-03-23 16:43:31 -04:00
Tim Steinbach
a20602d8e2
linux: 4.4.55 -> 4.4.56 2017-03-23 16:38:46 -04:00
Joachim Fasting
94ab4932ae
grsecurity: 4.9.16-201703180820 -> 4.9.17-201703221829 2017-03-23 01:03:14 +01:00
Joachim Fasting
a2fdf72ec4
linux_4_9: 4.9.16 -> 4.9.17 2017-03-23 01:03:11 +01:00
Tim Steinbach
c60102d177
linux: 4.11-rc2 -> 4.11-rc3 2017-03-21 20:32:36 -04:00
Tim Steinbach
bef5607e20
linux: 4.4.54 -> 4.4.55 2017-03-19 12:18:46 -04:00
Tim Steinbach
6879d560cb
linux: 4.10.3 -> 4.10.4 2017-03-19 12:15:40 -04:00
Joachim Fasting
b5da6ca213
linux_4_9: 4.9.15 -> 4.9.16 2017-03-18 15:32:56 +01:00
Joachim Fasting
d4409817a6
grsecurity: 4.9.15-201703150049 -> 4.9.16-201703180820 2017-03-18 15:32:48 +01:00
Tim Steinbach
ca3fb4d1d4
linux: 4.4.53 -> 4.4.54 2017-03-17 17:25:40 -04:00
Tim Steinbach
81ad24d4d7
linux: 4.10.2 -> 4.10.3 2017-03-17 17:19:59 -04:00
Joachim Fasting
12648a455b
linux_4_9: 4.9.14 -> 4.9.15 2017-03-15 20:03:34 +01:00
Joachim Fasting
9e60a17cb8
grsecurity: 4.9.14-201703121245 -> 4.9.15-201703150049
Contains a fix for the n_hdlc double free bug.
2017-03-15 07:25:21 +01:00
Franz Pletz
44bd7c45dc
linux_4_10: 4.10.1 -> 4.10.2 2017-03-14 23:08:43 +01:00
Franz Pletz
a691c06556
linux_testing: 4.11-rc1 -> 4.11-rc2 2017-03-14 23:08:43 +01:00
Tim Steinbach
18684a4892
linux: 4.1.38 -> 4.1.39 2017-03-13 20:15:42 -04:00
Tim Steinbach
9ac82a773c
linux: 4.4.52 -> 4.4.53 2017-03-13 20:15:26 -04:00
Tuomas Tynkkynen
b2c96062ca kernel: Add a validity check for modDirVersion
Because if you get it wrong, you get a very confusing error message at
the end of the kernel build, which is quite painful as the build can
take a long time.
2017-03-13 18:47:21 +02:00
Joachim Fasting
8091c1b208
linux_4_9: 4.9.13 -> 4.9.14 2017-03-12 18:44:29 +01:00
Joachim Fasting
4c211bdc63
grsecurity: 4.9.13-201703052141 -> 4.9.14-201703121245 2017-03-12 18:44:27 +01:00
Franz Pletz
c1ccedeaff
linux: make some new config settings optional
These are not support on older kernels pre 4.0.
2017-03-11 08:14:29 +01:00
Franz Pletz
ff2313a6c6
linux: 3.12.70 -> 3.12.71 2017-03-11 08:14:29 +01:00
Tuomas Tynkkynen
77c49794cd linux_testing: 4.10-rc7 -> 4.11-rc1
Some config options got removed, so conditionalize them.
2017-03-11 01:27:06 +02:00
Tuomas Tynkkynen
5f5b87107f raspberrypifw, linux_rpi: 1.20161020 -> 1.20170303 2017-03-08 21:35:31 +02:00
Joachim Fasting
17d80c49fa
grsecurity: 4.9.13-201702270729 -> 201703052141 2017-03-06 15:59:30 +01:00
Tuomas Tynkkynen
57c6fac3e9 kernel config: Enable IP_MULTICAST
This is lacking on ARM and causes libuv tests to fail.
2017-03-04 12:49:50 +02:00
Franz Pletz
49bdf9803a
linux: IPV6_FOU_TUNNEL is available since 4.7 2017-03-02 17:19:55 +01:00
Franz Pletz
75e85cae42
linux: enable FOU tunnels and VRF interfaces 2017-03-02 17:19:55 +01:00
Joachim Fasting
a20a53300d
grsecurity: 4.9.13-201702261126 -> 201702270729 2017-02-27 16:04:32 +01:00
Joachim Fasting
f3a6991f3d
grsecurity: 4.9.12-201702231830 -> 4.9.13-201702261126 2017-02-26 18:20:50 +01:00
Franz Pletz
701544d0a7
linux: 4.9.12 -> 4.9.13 2017-02-26 18:09:16 +01:00
Franz Pletz
62857b1f21
linux: 4.4.51 -> 4.4.52 2017-02-26 18:09:16 +01:00
Franz Pletz
8a75569619
linux: 4.10 -> 4.10.1 2017-02-26 18:09:15 +01:00
Joachim Fasting
0150d9a95c
grsecurity: 4.9.11-201702222257 -> 4.9.12-201702231830 2017-02-26 14:01:57 +01:00
Graham Christensen
d36b1ccc13
Revert "Revert "linux kernels: patch against DCCP double free (CVE-2017-6074)""
This reverts commit 53a2baabbe.
2017-02-23 19:23:29 -05:00
Graham Christensen
53a2baabbe
Revert "linux kernels: patch against DCCP double free (CVE-2017-6074)"
This reverts commit 1d68edbef4.
2017-02-23 18:47:16 -05:00
Graham Christensen
1d68edbef4
linux kernels: patch against DCCP double free (CVE-2017-6074) 2017-02-23 18:44:43 -05:00
Tim Steinbach
82aae8f631
kernel: 4.4.50 -> 4.4.51 2017-02-23 17:47:51 -05:00
Tim Steinbach
18c2be2862
kernel: 4.9.11 -> 4.9.12 2017-02-23 17:47:18 -05:00
Joachim Fasting
b92501f0d8
grsecurity: 4.9.11-201702181444 -> 201702222257 2017-02-23 19:18:39 +01:00
Shea Levy
f454297a7d linux 4.10 2017-02-20 07:32:46 -05:00
Shea Levy
b191ac0d89 Revert "linux 4.10"
Somehow the tarball was actually linux 4.4.10

This reverts commit fea71f84d0.
2017-02-20 07:29:47 -05:00
Shea Levy
fea71f84d0 linux 4.10 2017-02-20 06:47:49 -05:00
Tim Steinbach
7274fc32d2
linux: 4.4.48 -> 4.4.50 2017-02-18 18:40:04 -05:00
Tim Steinbach
2423313581
kernel: 4.9.10 -> 4.9.11 2017-02-18 18:33:36 -05:00
Joachim Fasting
ca016c2626
grsecurity: 4.9.10-201702152052 -> 4.9.11-201702181444 2017-02-18 22:01:16 +01:00
Joachim Fasting
e8007c0e89
linux_4_9: patch for CVE-2017-5986
Seems fairly low impact[1] but we might as well patch it until a new 4.9
version is released

[1]: https://bugzilla.redhat.com/show_bug.cgi?id=1420276
2017-02-17 19:11:30 +01:00
Joachim Fasting
73577a2b05
linux_4_9: 4.9.9 -> 4.9.10 2017-02-17 19:11:24 +01:00
Joachim Fasting
bc2f53fd29
grsecurity: 4.9.8-201702071801 -> 4.9.10-201702152052 2017-02-16 14:51:25 +01:00
Tim Steinbach
0ec9e695c8
linux: 3.10.104 -> 3.10.105 2017-02-13 18:47:01 -05:00
Eelco Dolstra
c71a893334
Revert "Use looser 9pfs caching in VM tests/builds"
This reverts commit bbd03e236a.
2017-02-13 14:38:19 +01:00
Eelco Dolstra
4af79a7331
Revert "linux: Apply 9p veryloose patch to 4.9"
This reverts commit a82810c7a7.

Fixes #22695.
2017-02-13 12:16:39 +01:00
Franz Pletz
9dec33dc4f
linux: 4.9.8 -> 4.9.9 2017-02-09 16:27:29 +01:00
Franz Pletz
9d8248517e
linux: 4.4.47 -> 4.4.48 2017-02-09 16:27:16 +01:00
Franz Pletz
dced724c00
linux_3_18: remove due to EOL 2017-02-08 23:50:59 +01:00
Joachim Fasting
bd46a375df
grsecurity: 4.9.8-201702060653 -> 201702071801 2017-02-08 01:31:18 +01:00
aszlig
cf94e18627
linux-testing: 4.10-rc4 -> 4.10-rc7
Tested via building the linux_testing attribute only, not in production.

Verified unpacked tarball with GnuPG:

gpg: Signature made Mon 06 Feb 2017 12:21:50 AM CET
gpg:                using RSA key 79BE3E4300411886
gpg: Good signature from "Linus Torvalds <torvalds@linux-foundation.org>" [unknown]
Primary key fingerprint: ABAF 11C6 5A29 70B1 30AB  E3C4 79BE 3E43 0041 1886

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-02-07 10:23:50 +01:00
Joachim Fasting
0d422c5db5
grsecurity: 4.8.17-201701151620 -> 4.9.8-201702060653
The first release in the 4.9 branch.

I've also migrated my update scripts to SHA-512 so that'll
be the hash of choice for grsec packages going forward.
2017-02-06 15:49:34 +01:00
Vladimír Čunát
a2c867fd39
Merge branch 'staging' 2017-02-04 21:02:46 +01:00
Vladimír Čunát
73d798549f
protobuf, perf: fix my bad condition on gcc version 2017-02-04 20:58:47 +01:00
Tim Steinbach
949f9aff1d
linux: 3.12.69 -> 3.12.70 2017-02-04 09:18:50 -05:00
Tim Steinbach
7f69dc48b9
linux: 4.9.7 -> 4.9.8 2017-02-04 09:09:19 -05:00
Tim Steinbach
17b5ae4fe4
linux: 4.4.46 -> 4.4.47 2017-02-04 09:09:02 -05:00
Tim Steinbach
26e5b42106
linux: 4.4.45 -> 4.4.46 2017-02-03 18:36:50 -05:00
Vladimír Čunát
e7c968fbf2
linuxPackages*.perf: fix build with default gcc
Broken since 9842a107.
2017-02-03 12:38:18 +01:00
Vladimír Čunát
adab4cd58b
Merge branch 'master' into staging 2017-02-03 11:47:38 +01:00
Pascal Bach
d1738c19bb kernel: 4.9.6 -> 4.9.7 2017-02-02 21:08:24 +01:00
Tuomas Tynkkynen
424cfe7686 Merge remote-tracking branch 'upstream/master' into staging 2017-01-29 02:16:29 +02:00
Tim Steinbach
99c9252e3f
kernel: 4.9.5 -> 4.9.6 2017-01-26 19:56:26 -05:00
Tim Steinbach
4345dfb5ba
kernel: 4.4.44 -> 4.4.45 2017-01-26 19:55:58 -05:00
Tuomas Tynkkynen
be0e48e48f Merge remote-tracking branch 'upstream/master' into staging 2017-01-27 02:18:44 +02:00
Tuomas Tynkkynen
e2a2f6d595 Merge pull request #22117 from dezgeg/aarch64-for-merge
Aarch64 (ARM64) support
2017-01-26 17:52:28 +02:00
Vladimír Čunát
6973c7739e
Merge branch 'master' into staging
There were some larger rebuilds because of security.
2017-01-26 16:49:41 +01:00
Robin Gloster
9842a107da
linuxPackages.perf: fix build with gcc6 2017-01-25 20:12:38 +01:00
Franz Pletz
b9b95aa4d4 Merge pull request #22034 from mayflower/conntrack-helpers
Disable conntrack helper autoloading by default
2017-01-25 14:18:41 +01:00
Tuomas Tynkkynen
2bfd83ab6d platforms.nix: Add some aarch64-specific kernel config
This makes Raspberry Pi 3 and some Cavium ThunderX server hardware work.
2017-01-25 02:14:46 +02:00
Joachim Fasting
c50c551142
grsecurity: 4.8.16-201701062021 -> 4.8.17-201701151620 2017-01-25 00:58:57 +01:00
Joachim Fasting
482c67af70
grsecurity: adapt new to mirror url structure 2017-01-25 00:58:54 +01:00
Franz Pletz
403fdd737e
linux: remove canDisableNetfilterConntrackHelpers feature
This feature is available in all kernels in nixpkgs.
2017-01-25 00:28:55 +01:00
Nathan Zadoks
fcc51d3256 linux: fix installTargets for AArch64
[dezgeg: note that we are currently using just 'Image' instead of
'Image.gz' as U-Boot doesn't support the latter yet. We might switch
once it does since the kernel images are quite big]
2017-01-25 00:01:54 +02:00
Eelco Dolstra
a82810c7a7
linux: Apply 9p veryloose patch to 4.9 2017-01-24 13:05:02 +01:00
Tim Steinbach
fc8233a64f
kernel: 4.4.43 -> 4.4.44 2017-01-22 12:11:50 -05:00
Franz Pletz
61caacbf47
linux: 4.1.36 -> 4.1.38 2017-01-21 20:41:38 +01:00
Franz Pletz
ce3b98d08b
linux: 3.18.45 -> 3.18.47 2017-01-21 20:41:36 +01:00
Shea Levy
34c52896d1 linux 4.9.4 -> 4.9.5 2017-01-20 09:36:04 -05:00
Tuomas Tynkkynen
9fc3ce73d1 kernel config: Enable BONDING and TMPFS_POSIX_ACL
Yet again something that's lacking on other platforms than x86.
2017-01-18 01:21:08 +02:00
Eelco Dolstra
e9109b1b97
linux: 4.4.42 -> 4.4.43 2017-01-17 12:02:46 +01:00
Eelco Dolstra
9a9be9296f
linux: 4.9.3 -> 4.9.4 2017-01-17 12:02:46 +01:00
Tuomas Tynkkynen
08ddb16865 linux_testing: 4.10-rc2 -> 4.10-rc4 2017-01-16 11:41:13 +02:00
Thomas Tuegel
04d11637cb
linux_4_9: enable support for amdgpu on older chipsets
Linux 4.9 includes experimental amdgpu support for AMD Southern Islands
chipsets. (By default, only Sea Islands and newer chipsets are supported.)
Southern Islands chips will still use radeon by default, but daring users may
set `services.xserver.videoDrivers = [ "amdgpu" ];` to try the experimental
driver.
2017-01-15 16:29:50 -06:00
Tim Steinbach
295337ead5
linux: 4.9.2 -> 4.9.3 2017-01-14 11:02:26 -05:00
Tim Steinbach
9158b89fd3
linux: 4.4.41 -> 4.4.42 2017-01-14 11:01:52 -05:00
Tim Steinbach
d483a871d1
linux: Remove 4.8 2017-01-11 16:59:29 -05:00
Franz Pletz
6b01b229c2
linux: 4.9.1 -> 4.9.2 2017-01-10 07:45:19 +01:00
Franz Pletz
3b17823187
linux: 4.8.16 -> 4.8.17 2017-01-10 07:45:19 +01:00
Franz Pletz
4c43937af0
linux: 4.4.40 -> 4.4.41 2017-01-10 07:45:18 +01:00
Joachim Fasting
d6ff445f10
grsecurity: 4.8.15-201612301949 -> 4.8.16-201701062021 2017-01-07 08:01:41 +01:00
Tim Steinbach
c1d20ea50c
kernel: 4.9.0 -> 4.9.1 2017-01-06 16:15:18 -05:00
Tim Steinbach
ecf87b11f2
kernel: 4.8.15 -> 4.8.16 2017-01-06 16:15:02 -05:00
Tim Steinbach
8fda707027
kernel: 4.4.39 -> 4.4.40 2017-01-06 16:14:30 -05:00
Tuomas Tynkkynen
2a4c8313e4 linux_testing: 4.10-rc1 -> 4.10-rc2 2017-01-03 13:51:23 +02:00
Joachim Fasting
75ce714818
grsecurity: 4.8.15-201612151923 -> 201612301949 2017-01-01 06:01:04 +01:00
Eelco Dolstra
bbd03e236a
Use looser 9pfs caching in VM tests/builds
This can give significant speed ups, see
7e20254412.
2016-12-29 21:26:16 +01:00
Franz Pletz
c6bcc485de
linux_4_8: add patch to fix CVE-2016-9919 2016-12-28 06:35:11 +01:00
Tuomas Tynkkynen
5ba7f33e3a linux_testing: 4.9-rc8 -> 4.10-rc1 2016-12-27 01:35:10 +02:00
Graham Christensen
3ffb5ba60c
linux:3.18.44 -> 3.18.45 2016-12-21 21:08:47 -05:00
Graham Christensen
53e21529d4
linux:3.12.68 -> 3.12.69 2016-12-21 21:08:47 -05:00
Tim Steinbach
0e8e4a08f3
linux: 4.8.14 -> 4.8.15 2016-12-16 08:16:45 -05:00
Tim Steinbach
cb9ff3f7f9
linux: 4.4.38 -> 4.4.39 2016-12-16 08:16:22 -05:00
Joachim Fasting
f0e77cd07d
grsecurity: 4.8.14-201612110933 -> 4.8.15-201612151923 2016-12-16 12:46:44 +01:00
Graham Christensen
01d022e16b Merge pull request #21118 from grahamc/fix-rsa-build-failure
linux_{4_8,grsec_nixos}: patch to fix build failure
2016-12-13 09:15:50 -05:00
Joachim Fasting
d918c80e13
grsecurity: disable verbose initify
Not as useful/informative as I had hoped.
2016-12-13 15:12:34 +01:00
Graham Christensen
7a813d3f6d
linux_{4_8,grsec_nixos}: patch to fix build failure
crypto/rsa_helper.c:18:28: fatal error: rsapubkey-asn1.h: No such file or directory
2016-12-13 07:25:46 -05:00
Shea Levy
f6daae391f linux: add 4.9 2016-12-11 19:33:05 -05:00
Joachim Fasting
601058e0e2
grsecurity: 4.8.13-201612082118 -> 4.8.14-201612110933 2016-12-11 19:09:16 +01:00
Tim Steinbach
f576c490e3
linux: 4.4.37 -> 4.4.38 2016-12-10 15:18:52 -05:00
Tim Steinbach
b69822c505
linux: 4.8.13 -> 4.8.14 2016-12-10 15:15:44 -05:00
Tuomas Tynkkynen
bdab6fe5a1 kernel: Use built-in dtbs_install target instead of rolling our own
In particular, on aarch64 all the .dtb files will be in subdirectories
and *.dtb won't match anything.
2016-12-10 20:24:08 +02:00
Franz Pletz
9074d9859e
linux: add patch to fix CVE-2016-8655
See https://lwn.net/Articles/708319/ for more information.
2016-12-10 17:08:42 +01:00
Bjørn Forsman
2077385421 kernel: enable CONFIG_DYNAMIC_DEBUG (like Fedora and Ubuntu)
It was useful in tracking down CIFS + DFS issue, and it's apparently
enabled by default in two major distros.
2016-12-10 00:01:21 +02:00
Bjørn Forsman
d429520b13 kernel: add CONFIG_CIFS_* like Fedora, Ubuntu
The plan is to fix mounting DFS shares on NixOS (for which some of these
options are needed), but I figured it might be a good idea to enable all
CONFIG_CIFS_* like Fedora 24 and Ubuntu 16.04 while at it. Ubuntu even
has CONFIG_CIFS_SMB311, but as Fedora do not, I left it out.

Mounting DFS shares still doesn't work; need to configure cifs.upcall
and /etc/request-key.conf. Until then, using GVFS as a workaround.
2016-12-10 00:01:21 +02:00
Joachim Fasting
d1a5dc0b1c
grsecurity: 4.8.12-201612062306 -> 4.8.13-201612082118 2016-12-09 15:31:02 +01:00
Joachim Fasting
9a63779d64
grsecurity: use upstream url as the primary source 2016-12-09 15:31:00 +01:00
Joachim Fasting
ca7cc96ee8
grsecurity: enable PAX_INITIFY
Uses gcc plugin to detect more instances where memory used during init
can be freed.
2016-12-09 15:30:40 +01:00
Tim Steinbach
bfffbb5ea6
linux: 4.8.12 -> 4.8.13 2016-12-09 08:27:11 -05:00
Tim Steinbach
e861a5f7af
linux: 4.4.36 -> 4.4.37 2016-12-09 08:26:46 -05:00
Joachim Fasting
5fd4ffe00f
grsecurity: 4.8.12-201612031658 -> 201612062306 2016-12-08 12:22:13 +01:00
Tim Steinbach
c9d1d430ec
linux: 4.9-rc7 -> 4.9-rc8 2016-12-05 19:40:11 -05:00
Joachim Fasting
9578299bbe
grsecurity: 4.8.11-201611271225 -> 4.8.12-201612031658 2016-12-06 01:24:32 +01:00
Joachim Fasting
cc396697a6
grsecurity: enable ability to lock in readonly mounts 2016-12-06 01:24:12 +01:00
Joachim Fasting
0e765c72e5
grsecurity: enable module hardening 2016-12-06 01:23:58 +01:00
Joachim Fasting
071fbcda24
grsecurity: enable optional sysfs restrictions
Fairly severe, but can be disabled at bootup via
grsec_sysfs_restrict=0. For the NixOS module we ensure that it is
disabled, for systemd compatibility.
2016-12-06 01:23:36 +01:00
Joachim Fasting
8c1f5afdf3
grsecurity: delay toggling of sysctls until system is up
We generally trust init, so there's little point in having these enabled
during early bootup; it accomplishes little except fill our logs with
spam.
2016-12-06 01:22:53 +01:00
Tuomas Tynkkynen
9ccc14b1bc linux_rpi: Add some feature flags
Copied from linux_4_4 (except for the EFI stub thing).

Otherwise the firewall module fails to evaluate:
Failed assertions:
- This kernel does not support rpfilter
2016-12-04 18:18:06 +02:00
Tim Steinbach
4f8b74b401 Merge pull request #20866 from NeQuissimus/linux_4_8_12
linux: 4.8.11 -> 4.8.12
2016-12-02 18:28:46 -05:00
Tim Steinbach
853b6493c8
linux: 4.8.11 -> 4.8.12 2016-12-02 14:29:00 -05:00
Tim Steinbach
654f5df5dc
linux: 4.4.35 -> 4.4.36 2016-12-02 14:28:26 -05:00
Tim Steinbach
5afc6b506c
linux: 4.1.35 -> 4.1.36 2016-12-01 20:34:02 -05:00
Tim Steinbach
18a3225dac
linux: 3.12.67 -> 3.12.68 2016-11-29 17:40:17 -05:00
Joachim Fasting
b90ed0cc80
grsecurity: 4.8.10-201611232213 -> 4.8.11-201611271225 2016-11-28 11:41:10 +01:00
Joachim Fasting
4c7323545b
Revert "grsecurity: work around for #20490"
This reverts commit e38b74ba89.

I failed to notice f19c961b4e461da045f2e72e73701059e5117be0; better
use that fix instead.
2016-11-28 11:40:55 +01:00
Tim Steinbach
eecf76eaa2
linux: 4.9-rc6 -> 4.9-rc7 2016-11-27 19:48:24 -05:00
Tuomas Tynkkynen
86ea3126bc linux_rpi: 1.20160620 -> 1.20161020 2016-11-28 00:24:00 +02:00
Tim Steinbach
b47307bd74
linux: 4.8.10 -> 4.8.11 2016-11-26 16:29:23 -05:00
Tim Steinbach
cc77360bed
linux: 4.4.34 -> 4.4.35 2016-11-26 16:28:58 -05:00
Jörg Thalheim
01172c2ccf Merge pull request #20591 from NeQuissimus/linux_4_9_rc6
linux: 4.9-rc5 -> 4.9-rc6
2016-11-26 16:00:16 +01:00
Joachim Fasting
f9d787c67b
grsecurity: 4.8.10-201611210813 -> 201611232213 2016-11-24 12:08:12 +01:00