Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | linux/hardened-patches/4.19.117: init at 4.19.117.a | kraem | 2020-04-22 |
| | |||
* | linux/hardened-patches/5.4.34: init at 5.4.34.a | kraem | 2020-04-22 |
| | |||
* | linux/hardened-patches/5.5.19: init at 5.5.19.a | kraem | 2020-04-22 |
| | |||
* | linux/hardened-patches/5.6.6: init at 5.6.6.a | kraem | 2020-04-22 |
| | |||
* | linux/hardened-patches/4.19.116: remove | kraem | 2020-04-21 |
| | |||
* | linux/hardened-patches/5.5.18: remove | kraem | 2020-04-21 |
| | |||
* | linux/hardened-patches/5.6.5: remove | kraem | 2020-04-21 |
| | |||
* | linux/hardened-patches/5.4.33: remove | kraem | 2020-04-21 |
| | |||
* | linux: 5.6.5 -> 5.6.6 | kraem | 2020-04-21 |
| | |||
* | linux: 5.5.18 -> 5.5.19 | kraem | 2020-04-21 |
| | |||
* | linux: 5.4.33 -> 5.4.34 | kraem | 2020-04-21 |
| | |||
* | linux: 4.19.116 -> 4.19.117 | kraem | 2020-04-21 |
| | |||
* | linux/hardened-patches/4.19.116: 4.19.116.NixOS-a -> 4.19.116.a | kraem | 2020-04-20 |
| | |||
* | linux/hardened-patches/5.4.33: 5.4.33.NixOS-a -> 5.4.33.a | kraem | 2020-04-20 |
| | |||
* | linux/hardened-patches/5.5.18: init at 5.5.18.a | kraem | 2020-04-20 |
| | |||
* | linux/hardened-patches/5.6.5: init at 5.6.5.a | kraem | 2020-04-20 |
| | |||
* | linux/hardened-patches/5.5.17: remove | kraem | 2020-04-20 |
| | |||
* | linux/hardened-patches/5.6.4: remove | kraem | 2020-04-20 |
| | |||
* | linux: 5.5.17 -> 5.5.18 | kraem | 2020-04-20 |
| | |||
* | linux: 5.6.4 -> 5.6.5 | kraem | 2020-04-20 |
| | |||
* | Merge pull request #84522 from emilazy/add-linux-hardened-patches | Yegor Timoshenko | 2020-04-19 |
|\ | | | | | linux_*_hardened: use linux-hardened patch set | ||
| * | linux_*_hardened: don't set FORTIFY_SOURCE | Emily | 2020-04-17 |
| | | | | | | | | Upstreamed in anthraxx/linux-hardened@d12c0d5f0c43f299634af7268f63929c1aaa10ee. | ||
| * | linux_*_hardened: don't set PANIC_ON_OOPS | Emily | 2020-04-17 |
| | | | | | | | | Upstreamed in anthraxx/linux-hardened@366e0216f15b7007c1f8b7ca86df681cbc22b50a. | ||
| * | linux_*_hardened: don't set SLAB_FREELIST_{RANDOM,HARDENED} | Emily | 2020-04-17 |
| | | | | | | | | | | Upstreamed in anthraxx/linux-hardened@786126f177aba14110394be49b404beba061292f, anthraxx/linux-hardened@44822ebeb7c3ede030c58cc64fc1c8e8489c9063. | ||
| * | linux_*_hardened: don't set HARDENED_USERCOPY_FALLBACK | Emily | 2020-04-17 |
| | | | | | | | | | | Upstreamed in anthraxx/linux-hardened@c1fe7a68e368d05e109e69ee3491da69093883a3, anthraxx/linux-hardened@2c553a2bb115211c8e1c97eb8c949320aeb29a1d. | ||
| * | linux_*_hardened: don't set DEBUG_LIST | Emily | 2020-04-17 |
| | | | | | | | | Upstreamed in anthraxx/linux-hardened@6b20124185e0548c1791bc8b7fde053de4fda269. | ||
| * | linux_*_hardened: don't set {,IO_}STRICT_DEVMEM | Emily | 2020-04-17 |
| | | | | | | | | | | | | | | | | | | STRICT_DEVMEM is on by default in upstream 5.6.2; IO_STRICT_DEVMEM is turned on by anthraxx/linux-hardened@103d23cb6645c1110fa33f2ce1ed1bba2b094081. Note that anthraxx/linux-hardened@db1d27e10e0e624632ecda9e72abb9ab126da4ce disables DEVMEM by default, so this is only relevant if that default is overridden to turn it back on. | ||
| * | linux_*_hardened: don't set DEBUG_WX | Emily | 2020-04-17 |
| | | | | | | | | Upstreamed in anthraxx/linux-hardened@55ee7417f305835e6e0880ecf0b1aa334f7aabf4. | ||
| * | linux_*_hardened: don't set BUG_ON_DATA_CORRUPTION | Emily | 2020-04-17 |
| | | | | | | | | Upstreamed in anthraxx/linux-hardened@3fcd15014c8e99828de0f946611d715411dc611d. | ||
| * | linux_*_hardened: don't set LEGACY_VSYSCALL_NONE | Emily | 2020-04-17 |
| | | | | | | | | Upstreamed in anthraxx/linux-hardened@d300b0fdad706daab3a36a8d23b35ebe03c3fc87. | ||
| * | linux_*_hardened: don't set RANDOMIZE_{BASE,MEMORY} | Emily | 2020-04-17 |
| | | | | | | | | | | These are on by default for x86 in upstream linux-5.6.2, and turned on for arm64 by anthraxx/linux-hardened@90f9670bc3696f564ac2e874a2b80046b90ea49f. | ||
| * | linux_*_hardened: don't set MODIFY_LDT_SYSCALL | Emily | 2020-04-17 |
| | | | | | | | | Upstreamed in anthraxx/linux-hardened@05644876fa5dc3a67a8ea4b396e2214a2f8e8411. | ||
| * | linux_*_hardened: don't set DEFAULT_MMAP_MIN_ADDR | Emily | 2020-04-17 |
| | | | | | | | | Upstreamed in anthraxx/linux-hardened@f1fe0a64dd532551b048d97b35473c25809f7a0f. | ||
| * | linux_*_hardened: don't set VMAP_STACK | Emily | 2020-04-17 |
| | | | | | | | | This has been on by default upstream for as long as it's been an option. | ||
| * | linux_*_hardened: don't set X86_X32 | Emily | 2020-04-17 |
| | | | | | | | | | | | | As far as I can tell, this has never defaulted to on upstream, and our common kernel configuration doesn't turn it on, so the attack surface reduction here is somewhat homeopathic. | ||
| * | linux_*_hardened: use linux-hardened patch set | Emily | 2020-04-17 |
| | | | | | | | | | | | | | | | | | | | | | | This is an updated version of the former upstream, https://github.com/AndroidHardeningArchive/linux-hardened, and provides a minimal set of additional hardening patches on top of upstream. The patch already incorporates many of our hardened profile defaults, and releases are timely (Linux 5.5.15 and 5.6.2 were released on 2020-04-02; linux-hardened patches for them came out on 2020-04-03 and 2020-04-04 respectively). | ||
| * | linux: explicitly enable SYSVIPC | Emily | 2020-04-17 |
| | | | | | | | | | | The linux-hardened patch set removes this default, probably because of its original focus on Android kernel hardening. | ||
* | | bbswitch: fix build with Linux kernel version >= 5.6.0 | Peter Simons | 2020-04-19 |
| | | | | | | | | Fixes https://github.com/NixOS/nixpkgs/issues/85564. | ||
* | | Merge #84442: staging-next branch | Vladimír Čunát | 2020-04-18 |
|\ \ | |||
| * \ | Merge branch 'master' into staging-next | Vladimír Čunát | 2020-04-18 |
| |\ \ | | | | | | | | | | | | | Hydra nixpkgs: ?compare=1582510 | ||
| * | | | alsaTools: 1.1.7 -> 1.2.2 | Vladimír Čunát | 2020-04-17 |
| | | | | | | | | | | | | | | | | | | | | | | | | Fixes build regression (after alsa update, I assume). Despite the version number change, the diff is trivial: https://git.alsa-project.org/?p=alsa-tools.git;a=log;h=refs/tags/v1.2.2 | ||
| * | | | Merge branch 'master' into staging-next | Jan Tojnar | 2020-04-16 |
| |\ \ \ | |||
| * \ \ \ | Merge branch 'master' into staging-next | Jan Tojnar | 2020-04-13 |
| |\ \ \ \ | |||
| * \ \ \ \ | Merge branch 'master' into staging-next | Jan Tojnar | 2020-04-10 |
| |\ \ \ \ \ | |||
| * \ \ \ \ \ | Merge staging into staging-next | Frederik Rietdijk | 2020-04-06 |
| |\ \ \ \ \ \ | |||
| | * \ \ \ \ \ | Merge pull request #83155 from roastiek/alsa-upgrade | Frederik Rietdijk | 2020-04-05 |
| | |\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | alsa-lib: 1.1.9 -> 1.2.2 and new alsa conf packages | ||
| | | * | | | | | | alsaLib: 1.1.9 -> 1.2.2 | Rostislav Benes | 2020-03-29 |
| | | | | | | | | | |||
| | | * | | | | | | alsa-topology-conf: init at 1.2.2 | Rostislav Benes | 2020-03-29 |
| | | | | | | | | | |||
| | | * | | | | | | alsa-ucm-conf: init at 1.2.2 | Rostislav Benes | 2020-03-29 |
| | | | | | | | | | |||
| | * | | | | | | | Merge staging-next into staging | Frederik Rietdijk | 2020-04-05 |
| | |\ \ \ \ \ \ \ |