diff options
Diffstat (limited to 'pkgs/os-specific/linux/kernel')
-rw-r--r-- | pkgs/os-specific/linux/kernel/common-config.nix | 56 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-3.10.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-3.12.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-3.14.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-3.18.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-3.19.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-3.2.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-4.0.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/patches.nix | 12 |
9 files changed, 64 insertions, 32 deletions
diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 5fdfdb3b6a13..25b707614ed0 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -190,18 +190,26 @@ with stdenv.lib; OCFS2_DEBUG_MASKLOG? n BTRFS_FS_POSIX_ACL y UBIFS_FS_ADVANCED_COMPR? y + ${optionalString (versionAtLeast version "4.0") '' + NFSD_PNFS y + ''} + NFSD_V2_ACL y + NFSD_V3 y + NFSD_V3_ACL y + NFSD_V4 y + ${optionalString (versionAtLeast version "3.11") '' + NFSD_V4_SECURITY_LABEL y + ''} + NFS_FSCACHE y ${optionalString (versionAtLeast version "3.6") '' NFS_SWAP y ''} + NFS_V3_ACL y ${optionalString (versionAtLeast version "3.11") '' NFS_V4_1 y # NFSv4.1 client support NFS_V4_2 y + NFS_V4_SECURITY_LABEL y ''} - NFSD_V2_ACL y - NFSD_V3 y - NFSD_V3_ACL y - NFSD_V4 y - NFS_FSCACHE y CIFS_XATTR y CIFS_POSIX y CIFS_FSCACHE y @@ -226,7 +234,9 @@ with stdenv.lib; # Security related features. STRICT_DEVMEM y # Filter access to /dev/mem SECURITY_SELINUX_BOOTPARAM_VALUE 0 # Disable SELinux by default - DEVKMEM? n # Disable /dev/kmem + ${optionalString (!(features.grsecurity or false)) '' + DEVKMEM n # Disable /dev/kmem + ''} ${if versionOlder version "3.14" then '' CC_STACKPROTECTOR? y # Detect buffer overflows on the stack '' else '' @@ -292,6 +302,9 @@ with stdenv.lib; LOGO n # not needed MEDIA_ATTACH y MEGARAID_NEWGEN y + ${optionalString (versionAtLeast version "3.15") '' + MLX4_EN_VXLAN y + ''} MODVERSIONS y MOUSE_PS2_ELANTECH y # Elantech PS/2 protocol extension MTRR_SANITIZER y @@ -367,15 +380,34 @@ with stdenv.lib; # Virtualisation. PARAVIRT? y - ${if versionAtLeast version "3.10" then '' - HYPERVISOR_GUEST? y - '' else '' - PARAVIRT_GUEST? y - ''} - KVM_GUEST? y + ${optionalString (!(features.grsecurity or false)) + (if versionAtLeast version "3.10" then '' + HYPERVISOR_GUEST y + '' else '' + PARAVIRT_GUEST? y + '') + } + KVM_APIC_ARCHITECTURE y + KVM_ASYNC_PF y ${optionalString (versionOlder version "3.7") '' KVM_CLOCK? y ''} + ${optionalString (versionAtLeast version "4.0") '' + KVM_COMPAT y + ''} + ${optionalString (versionAtLeast version "3.10") '' + KVM_DEVICE_ASSIGNMENT? y + ''} + ${optionalString (versionAtLeast version "4.0") '' + KVM_GENERIC_DIRTYLOG_READ_PROTECT y + ''} + ${optionalString (!features.grsecurity or true) '' + KVM_GUEST y + ''} + KVM_MMIO y + ${optionalString (versionAtLeast version "3.13") '' + KVM_VFIO y + ''} XEN? y XEN_DOM0? y ${optionalString ((versionAtLeast version "3.18") && (features.xen_dom0 or false)) '' diff --git a/pkgs/os-specific/linux/kernel/linux-3.10.nix b/pkgs/os-specific/linux/kernel/linux-3.10.nix index a6ceb5b09547..b270f0852f64 100644 --- a/pkgs/os-specific/linux/kernel/linux-3.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-3.10.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, ... } @ args: import ./generic.nix (args // rec { - version = "3.10.77"; + version = "3.10.79"; extraMeta.branch = "3.10"; src = fetchurl { url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz"; - sha256 = "1vx2sg0pab3b3rflwhxrimwx18azqayys8zidzr6sv0x7ir9bc31"; + sha256 = "0m30c9v4pvim72ha8ya8w6y691a8zkcrhxhj43kh668q1yqpqvkp"; }; features.iwlwifi = true; diff --git a/pkgs/os-specific/linux/kernel/linux-3.12.nix b/pkgs/os-specific/linux/kernel/linux-3.12.nix index 810087b55a76..2646bf93b0ac 100644 --- a/pkgs/os-specific/linux/kernel/linux-3.12.nix +++ b/pkgs/os-specific/linux/kernel/linux-3.12.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, ... } @ args: import ./generic.nix (args // rec { - version = "3.12.42"; + version = "3.12.43"; extraMeta.branch = "3.12"; src = fetchurl { url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz"; - sha256 = "0vp6yllal2gcyng1kklp9n8r18fhcb1m1ssavjbcbfax5chi7w5s"; + sha256 = "08nsppn3rpwydkq0pd8k8fgjfm67y2nbbrcz1hri227crxxx13dm"; }; features.iwlwifi = true; diff --git a/pkgs/os-specific/linux/kernel/linux-3.14.nix b/pkgs/os-specific/linux/kernel/linux-3.14.nix index 75ab538ddf5e..52fa5eba109e 100644 --- a/pkgs/os-specific/linux/kernel/linux-3.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-3.14.nix @@ -1,13 +1,13 @@ { stdenv, fetchurl, ... } @ args: import ./generic.nix (args // rec { - version = "3.14.41"; + version = "3.14.43"; # Remember to update grsecurity! extraMeta.branch = "3.14"; src = fetchurl { url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz"; - sha256 = "0qghsf648nvzsh2x44x3w0d8lciml8rj6dvglqvmq1zcg492k8i2"; + sha256 = "1m5gdzff46xm24p5x5ajxka99g0maf1y50nj59mbjccbqx3s7kvf"; }; features.iwlwifi = true; diff --git a/pkgs/os-specific/linux/kernel/linux-3.18.nix b/pkgs/os-specific/linux/kernel/linux-3.18.nix index eb694497931d..592086b65474 100644 --- a/pkgs/os-specific/linux/kernel/linux-3.18.nix +++ b/pkgs/os-specific/linux/kernel/linux-3.18.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, ... } @ args: import ./generic.nix (args // rec { - version = "3.18.13"; + version = "3.18.14"; extraMeta.branch = "3.18"; src = fetchurl { url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz"; - sha256 = "043bqjvbamzi201csgnw7hsf8810qm0dn7x9p0kc7s9p9jnyq79n"; + sha256 = "1xh0vvn1l2g1kkg54f0mg0inbpsiqs24ybgsakksmcpcadjgqk1i"; }; features.iwlwifi = true; diff --git a/pkgs/os-specific/linux/kernel/linux-3.19.nix b/pkgs/os-specific/linux/kernel/linux-3.19.nix index 03c0db556263..90c5f9e31d3f 100644 --- a/pkgs/os-specific/linux/kernel/linux-3.19.nix +++ b/pkgs/os-specific/linux/kernel/linux-3.19.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, ... } @ args: import ./generic.nix (args // rec { - version = "3.19.7"; + version = "3.19.8"; extraMeta.branch = "3.19"; src = fetchurl { url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz"; - sha256 = "0xd38f7g5yfn0b6b2l4qr022f9hcr82ddbysjs4npbgk5ms7341k"; + sha256 = "0yg2mlq0h9my6k1bg3b255w4qnyx609ngh1nhssx3gbzslwf0jyg"; }; features.iwlwifi = true; diff --git a/pkgs/os-specific/linux/kernel/linux-3.2.nix b/pkgs/os-specific/linux/kernel/linux-3.2.nix index 54cf9bc9324a..2fc240f6196d 100644 --- a/pkgs/os-specific/linux/kernel/linux-3.2.nix +++ b/pkgs/os-specific/linux/kernel/linux-3.2.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, ... } @ args: import ./generic.nix (args // rec { - version = "3.2.68"; + version = "3.2.69"; extraMeta.branch = "3.2"; src = fetchurl { url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz"; - sha256 = "0yz3k3qqr13r6fa2f8i83rryiawy4rrd7qk2zx6jxq6byfd31ba2"; + sha256 = "0fs7aj3vn51dlx7yfgkx05qpki2msh6j2irwajd9bw0l26cbycd3"; }; # We don't provide these patches if grsecurity is enabled, because diff --git a/pkgs/os-specific/linux/kernel/linux-4.0.nix b/pkgs/os-specific/linux/kernel/linux-4.0.nix index a5dafd4c8066..9c7fb2c3bd8d 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.0.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.0.nix @@ -1,13 +1,13 @@ { stdenv, fetchurl, ... } @ args: import ./generic.nix (args // rec { - version = "4.0.2"; + version = "4.0.4"; # Remember to update grsecurity! extraMeta.branch = "4.0"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1jq4583wwqmwqkqlkck57fxw18xszng92b6ma3avf0djd11b2izz"; + sha256 = "1j5l87z6gd05cqzg680id0x1nk38kd6sjffd2lifl0fz5k6iqr9h"; }; features.iwlwifi = true; diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index 4e5facc4483b..348b26b3d3b1 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -65,17 +65,17 @@ rec { }; grsecurity_stable = grsecPatch - { kversion = "3.14.41"; - revision = "201505101121"; + { kversion = "3.14.43"; + revision = "201505191737"; branch = "stable"; - sha256 = "1jiwc6qvimccmlm62sfp2ch173h7ki1h11facywpnb4wms7izk6g"; + sha256 = "1ijrqmdwpdbkp10lhjw8msv0y02d98v5xgq6xb62ksrdb6k27fiw"; }; grsecurity_unstable = grsecPatch - { kversion = "4.0.2"; - revision = "201505101122"; + { kversion = "4.0.4"; + revision = "201505182014"; branch = "test"; - sha256 = "14fi31xwlgirbwk7f1xh8vanjxk8b473rz7z38savl4nx2wr5r24"; + sha256 = "1l1s00zbyzr53p46yj6yh75dbayg9kigv5r6g9mr5irfs5p8s2ay"; }; grsec_fix_path = |