| Commit message (Collapse) | Author | Age |
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| | |
linux_*_hardened: use linux-hardened patch set
|
| |
| |
| |
| | |
Upstreamed in anthraxx/linux-hardened@d12c0d5f0c43f299634af7268f63929c1aaa10ee.
|
| |
| |
| |
| | |
Upstreamed in anthraxx/linux-hardened@366e0216f15b7007c1f8b7ca86df681cbc22b50a.
|
| |
| |
| |
| |
| | |
Upstreamed in anthraxx/linux-hardened@786126f177aba14110394be49b404beba061292f,
anthraxx/linux-hardened@44822ebeb7c3ede030c58cc64fc1c8e8489c9063.
|
| |
| |
| |
| |
| | |
Upstreamed in anthraxx/linux-hardened@c1fe7a68e368d05e109e69ee3491da69093883a3,
anthraxx/linux-hardened@2c553a2bb115211c8e1c97eb8c949320aeb29a1d.
|
| |
| |
| |
| | |
Upstreamed in anthraxx/linux-hardened@6b20124185e0548c1791bc8b7fde053de4fda269.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
STRICT_DEVMEM is on by default in upstream 5.6.2; IO_STRICT_DEVMEM is
turned on by anthraxx/linux-hardened@103d23cb6645c1110fa33f2ce1ed1bba2b094081.
Note that anthraxx/linux-hardened@db1d27e10e0e624632ecda9e72abb9ab126da4ce
disables DEVMEM by default, so this is only relevant if that default is
overridden to turn it back on.
|
| |
| |
| |
| | |
Upstreamed in anthraxx/linux-hardened@55ee7417f305835e6e0880ecf0b1aa334f7aabf4.
|
| |
| |
| |
| | |
Upstreamed in anthraxx/linux-hardened@3fcd15014c8e99828de0f946611d715411dc611d.
|
| |
| |
| |
| | |
Upstreamed in anthraxx/linux-hardened@d300b0fdad706daab3a36a8d23b35ebe03c3fc87.
|
| |
| |
| |
| |
| | |
These are on by default for x86 in upstream linux-5.6.2, and turned on
for arm64 by anthraxx/linux-hardened@90f9670bc3696f564ac2e874a2b80046b90ea49f.
|
| |
| |
| |
| | |
Upstreamed in anthraxx/linux-hardened@05644876fa5dc3a67a8ea4b396e2214a2f8e8411.
|
| |
| |
| |
| | |
Upstreamed in anthraxx/linux-hardened@f1fe0a64dd532551b048d97b35473c25809f7a0f.
|
| |
| |
| |
| | |
This has been on by default upstream for as long as it's been an option.
|
| |
| |
| |
| |
| |
| | |
As far as I can tell, this has never defaulted to on upstream, and our
common kernel configuration doesn't turn it on, so the attack surface
reduction here is somewhat homeopathic.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is an updated version of the former upstream,
https://github.com/AndroidHardeningArchive/linux-hardened, and provides
a minimal set of additional hardening patches on top of upstream.
The patch already incorporates many of our hardened profile defaults,
and releases are timely (Linux 5.5.15 and 5.6.2 were released on
2020-04-02; linux-hardened patches for them came out on 2020-04-03 and
2020-04-04 respectively).
|
| |
| |
| |
| |
| | |
The linux-hardened patch set removes this default, probably because of
its original focus on Android kernel hardening.
|
| |
| |
| |
| | |
Fixes https://github.com/NixOS/nixpkgs/issues/85564.
|
|\ \ |
|
| |\ \
| | | |
| | | |
| | | | |
Hydra nixpkgs: ?compare=1582510
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes build regression (after alsa update, I assume).
Despite the version number change, the diff is trivial:
https://git.alsa-project.org/?p=alsa-tools.git;a=log;h=refs/tags/v1.2.2
|
| |\ \ \ |
|
| |\ \ \ \ |
|
| |\ \ \ \ \ |
|
| |\ \ \ \ \ \ |
|
| | |\ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
alsa-lib: 1.1.9 -> 1.2.2 and new alsa conf packages
|
| | | | | | | | | |
|
| | | | | | | | | |
|
| | | | | | | | | |
|
| | |\ \ \ \ \ \ \ |
|
| | |\ \ \ \ \ \ \ \ |
|
| | |\ \ \ \ \ \ \ \ \
| | | | | | | | | | | |
| | | | | | | | | | | | |
linux config: enable Creative Soundblaster DSP loading
|
| | | | |_|/ / / / / /
| | | |/| | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
Since we select everything as a module, snd_hda_codec_ca0132 is built as
well. DSP loading is not enabled by default, but without it the
soundcard produces timeouts within ALSA and does not emit sound.
Explicitly enable the firmware loading to ensure Soundblaster
Z/Zx/ZxR/Recon devices can be used with NixOS.
The patch to enable this by default in the kernel is staged for 5.8.
|
|\ \ \ \ \ \ \ \ \ \ \ |
|
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
https://github.com/fwupd/fwupd/releases/tag/1.4.0
|
|\ \ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
lxc: 4.0.1 -> 4.0.2
|
| | |_|_|_|_|_|_|_|/ / /
| |/| | | | | | | | | | |
|
| |_|_|_|_|_|_|_|_|/ /
|/| | | | | | | | | | |
|
|\ \ \ \ \ \ \ \ \ \ \
| |_|_|_|_|_|_|_|_|_|/
|/| | | | | | | | | | |
fwupdate: Clean up -I flags
|
| | |_|_|_|_|_|_|_|/
| |/| | | | | | | | |
|
| | | | | | | | | | |
|
| |/ / / / / / / /
|/| | | | | | | | |
|