about summary refs log tree commit diff
path: root/pkgs/os-specific
Commit message (Collapse)AuthorAge
* linux_testing: 5.6-rc7 -> 5.7-rc2Austin Seipp2020-04-24
| | | | Signed-off-by: Austin Seipp <aseipp@pobox.com>
* nvme-cli: 1.10.1 -> 1.11.1Michael Weiss2020-04-24
|
* Merge pull request #85880 from emilazy/linux-hardened-update-resilienceJörg Thalheim2020-04-24
|\
| * linux_*_hardened: index patches by major kernel versionEmily2020-04-23
| | | | | | | | | | | | | | This will avoid breaking the build whenever a non-major kernel update happens. In the update script, we map each kernel version to the latest patch for the latest kernel version less than or equal to what we have packaged.
* | Set version to 0.0.1Savanni D'Gerinel2020-04-23
| | | | | | | | | | | | ZenStates-Linux doesn't actually have a version, so I'm setting the version to 0.0.1 in case the developer eventually does start doing releases.
* | Add a Zenstates derivationSavanni D'Gerinel2020-04-23
|/
* linux_latest-hardened: fix evaluationJörg Thalheim2020-04-23
|
* linux_hardened: fix evaluationJörg Thalheim2020-04-23
|
* linux: 5.6.6 -> 5.6.7Tim Steinbach2020-04-23
|
* linux: 5.4.34 -> 5.4.35Tim Steinbach2020-04-23
|
* linux: 4.19.117 -> 4.19.118Tim Steinbach2020-04-23
|
* Merge master into staging-nextFrederik Rietdijk2020-04-23
|\
| * linux_latest-libre: 17402 -> 17445Tim Steinbach2020-04-22
| |
| * linux/hardened-patches/4.19.117: init at 4.19.117.akraem2020-04-22
| |
| * linux/hardened-patches/5.4.34: init at 5.4.34.akraem2020-04-22
| |
| * linux/hardened-patches/5.5.19: init at 5.5.19.akraem2020-04-22
| |
| * linux/hardened-patches/5.6.6: init at 5.6.6.akraem2020-04-22
| |
| * linux/hardened-patches/4.19.116: removekraem2020-04-21
| |
| * linux/hardened-patches/5.5.18: removekraem2020-04-21
| |
| * linux/hardened-patches/5.6.5: removekraem2020-04-21
| |
| * linux/hardened-patches/5.4.33: removekraem2020-04-21
| |
| * linux: 5.6.5 -> 5.6.6kraem2020-04-21
| |
| * linux: 5.5.18 -> 5.5.19kraem2020-04-21
| |
| * linux: 5.4.33 -> 5.4.34kraem2020-04-21
| |
| * linux: 4.19.116 -> 4.19.117kraem2020-04-21
| |
* | gnupg: use libusb1 (#85374)Linus Heckemann2020-04-21
| | | | | | | | | | | | | | * gnupg: use libusb1 This fixes scdaemon's direct ccid support. * systemd: fix gnupg-minimal
* | Merge staging-next into stagingFrederik Rietdijk2020-04-21
|\|
| * linux/hardened-patches/4.19.116: 4.19.116.NixOS-a -> 4.19.116.akraem2020-04-20
| |
| * linux/hardened-patches/5.4.33: 5.4.33.NixOS-a -> 5.4.33.akraem2020-04-20
| |
| * linux/hardened-patches/5.5.18: init at 5.5.18.akraem2020-04-20
| |
| * linux/hardened-patches/5.6.5: init at 5.6.5.akraem2020-04-20
| |
| * linux/hardened-patches/5.5.17: removekraem2020-04-20
| |
| * linux/hardened-patches/5.6.4: removekraem2020-04-20
| |
| * linux: 5.5.17 -> 5.5.18kraem2020-04-20
| |
| * linux: 5.6.4 -> 5.6.5kraem2020-04-20
| |
| * Merge pull request #84522 from emilazy/add-linux-hardened-patchesYegor Timoshenko2020-04-19
| |\ | | | | | | linux_*_hardened: use linux-hardened patch set
| | * linux_*_hardened: don't set FORTIFY_SOURCEEmily2020-04-17
| | | | | | | | | | | | Upstreamed in anthraxx/linux-hardened@d12c0d5f0c43f299634af7268f63929c1aaa10ee.
| | * linux_*_hardened: don't set PANIC_ON_OOPSEmily2020-04-17
| | | | | | | | | | | | Upstreamed in anthraxx/linux-hardened@366e0216f15b7007c1f8b7ca86df681cbc22b50a.
| | * linux_*_hardened: don't set SLAB_FREELIST_{RANDOM,HARDENED}Emily2020-04-17
| | | | | | | | | | | | | | | Upstreamed in anthraxx/linux-hardened@786126f177aba14110394be49b404beba061292f, anthraxx/linux-hardened@44822ebeb7c3ede030c58cc64fc1c8e8489c9063.
| | * linux_*_hardened: don't set HARDENED_USERCOPY_FALLBACKEmily2020-04-17
| | | | | | | | | | | | | | | Upstreamed in anthraxx/linux-hardened@c1fe7a68e368d05e109e69ee3491da69093883a3, anthraxx/linux-hardened@2c553a2bb115211c8e1c97eb8c949320aeb29a1d.
| | * linux_*_hardened: don't set DEBUG_LISTEmily2020-04-17
| | | | | | | | | | | | Upstreamed in anthraxx/linux-hardened@6b20124185e0548c1791bc8b7fde053de4fda269.
| | * linux_*_hardened: don't set {,IO_}STRICT_DEVMEMEmily2020-04-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | STRICT_DEVMEM is on by default in upstream 5.6.2; IO_STRICT_DEVMEM is turned on by anthraxx/linux-hardened@103d23cb6645c1110fa33f2ce1ed1bba2b094081. Note that anthraxx/linux-hardened@db1d27e10e0e624632ecda9e72abb9ab126da4ce disables DEVMEM by default, so this is only relevant if that default is overridden to turn it back on.
| | * linux_*_hardened: don't set DEBUG_WXEmily2020-04-17
| | | | | | | | | | | | Upstreamed in anthraxx/linux-hardened@55ee7417f305835e6e0880ecf0b1aa334f7aabf4.
| | * linux_*_hardened: don't set BUG_ON_DATA_CORRUPTIONEmily2020-04-17
| | | | | | | | | | | | Upstreamed in anthraxx/linux-hardened@3fcd15014c8e99828de0f946611d715411dc611d.
| | * linux_*_hardened: don't set LEGACY_VSYSCALL_NONEEmily2020-04-17
| | | | | | | | | | | | Upstreamed in anthraxx/linux-hardened@d300b0fdad706daab3a36a8d23b35ebe03c3fc87.
| | * linux_*_hardened: don't set RANDOMIZE_{BASE,MEMORY}Emily2020-04-17
| | | | | | | | | | | | | | | These are on by default for x86 in upstream linux-5.6.2, and turned on for arm64 by anthraxx/linux-hardened@90f9670bc3696f564ac2e874a2b80046b90ea49f.
| | * linux_*_hardened: don't set MODIFY_LDT_SYSCALLEmily2020-04-17
| | | | | | | | | | | | Upstreamed in anthraxx/linux-hardened@05644876fa5dc3a67a8ea4b396e2214a2f8e8411.
| | * linux_*_hardened: don't set DEFAULT_MMAP_MIN_ADDREmily2020-04-17
| | | | | | | | | | | | Upstreamed in anthraxx/linux-hardened@f1fe0a64dd532551b048d97b35473c25809f7a0f.
| | * linux_*_hardened: don't set VMAP_STACKEmily2020-04-17
| | | | | | | | | | | | This has been on by default upstream for as long as it's been an option.
| | * linux_*_hardened: don't set X86_X32Emily2020-04-17
| | | | | | | | | | | | | | | | | | As far as I can tell, this has never defaulted to on upstream, and our common kernel configuration doesn't turn it on, so the attack surface reduction here is somewhat homeopathic.
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-19 18:10:51 +0000