Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | linux_testing: 5.6-rc7 -> 5.7-rc2 | Austin Seipp | 2020-04-24 |
| | | | | Signed-off-by: Austin Seipp <aseipp@pobox.com> | ||
* | nvme-cli: 1.10.1 -> 1.11.1 | Michael Weiss | 2020-04-24 |
| | |||
* | Merge pull request #85880 from emilazy/linux-hardened-update-resilience | Jörg Thalheim | 2020-04-24 |
|\ | |||
| * | linux_*_hardened: index patches by major kernel version | Emily | 2020-04-23 |
| | | | | | | | | | | | | | | This will avoid breaking the build whenever a non-major kernel update happens. In the update script, we map each kernel version to the latest patch for the latest kernel version less than or equal to what we have packaged. | ||
* | | Set version to 0.0.1 | Savanni D'Gerinel | 2020-04-23 |
| | | | | | | | | | | | | ZenStates-Linux doesn't actually have a version, so I'm setting the version to 0.0.1 in case the developer eventually does start doing releases. | ||
* | | Add a Zenstates derivation | Savanni D'Gerinel | 2020-04-23 |
|/ | |||
* | linux_latest-hardened: fix evaluation | Jörg Thalheim | 2020-04-23 |
| | |||
* | linux_hardened: fix evaluation | Jörg Thalheim | 2020-04-23 |
| | |||
* | linux: 5.6.6 -> 5.6.7 | Tim Steinbach | 2020-04-23 |
| | |||
* | linux: 5.4.34 -> 5.4.35 | Tim Steinbach | 2020-04-23 |
| | |||
* | linux: 4.19.117 -> 4.19.118 | Tim Steinbach | 2020-04-23 |
| | |||
* | Merge master into staging-next | Frederik Rietdijk | 2020-04-23 |
|\ | |||
| * | linux_latest-libre: 17402 -> 17445 | Tim Steinbach | 2020-04-22 |
| | | |||
| * | linux/hardened-patches/4.19.117: init at 4.19.117.a | kraem | 2020-04-22 |
| | | |||
| * | linux/hardened-patches/5.4.34: init at 5.4.34.a | kraem | 2020-04-22 |
| | | |||
| * | linux/hardened-patches/5.5.19: init at 5.5.19.a | kraem | 2020-04-22 |
| | | |||
| * | linux/hardened-patches/5.6.6: init at 5.6.6.a | kraem | 2020-04-22 |
| | | |||
| * | linux/hardened-patches/4.19.116: remove | kraem | 2020-04-21 |
| | | |||
| * | linux/hardened-patches/5.5.18: remove | kraem | 2020-04-21 |
| | | |||
| * | linux/hardened-patches/5.6.5: remove | kraem | 2020-04-21 |
| | | |||
| * | linux/hardened-patches/5.4.33: remove | kraem | 2020-04-21 |
| | | |||
| * | linux: 5.6.5 -> 5.6.6 | kraem | 2020-04-21 |
| | | |||
| * | linux: 5.5.18 -> 5.5.19 | kraem | 2020-04-21 |
| | | |||
| * | linux: 5.4.33 -> 5.4.34 | kraem | 2020-04-21 |
| | | |||
| * | linux: 4.19.116 -> 4.19.117 | kraem | 2020-04-21 |
| | | |||
* | | gnupg: use libusb1 (#85374) | Linus Heckemann | 2020-04-21 |
| | | | | | | | | | | | | | | * gnupg: use libusb1 This fixes scdaemon's direct ccid support. * systemd: fix gnupg-minimal | ||
* | | Merge staging-next into staging | Frederik Rietdijk | 2020-04-21 |
|\| | |||
| * | linux/hardened-patches/4.19.116: 4.19.116.NixOS-a -> 4.19.116.a | kraem | 2020-04-20 |
| | | |||
| * | linux/hardened-patches/5.4.33: 5.4.33.NixOS-a -> 5.4.33.a | kraem | 2020-04-20 |
| | | |||
| * | linux/hardened-patches/5.5.18: init at 5.5.18.a | kraem | 2020-04-20 |
| | | |||
| * | linux/hardened-patches/5.6.5: init at 5.6.5.a | kraem | 2020-04-20 |
| | | |||
| * | linux/hardened-patches/5.5.17: remove | kraem | 2020-04-20 |
| | | |||
| * | linux/hardened-patches/5.6.4: remove | kraem | 2020-04-20 |
| | | |||
| * | linux: 5.5.17 -> 5.5.18 | kraem | 2020-04-20 |
| | | |||
| * | linux: 5.6.4 -> 5.6.5 | kraem | 2020-04-20 |
| | | |||
| * | Merge pull request #84522 from emilazy/add-linux-hardened-patches | Yegor Timoshenko | 2020-04-19 |
| |\ | | | | | | | linux_*_hardened: use linux-hardened patch set | ||
| | * | linux_*_hardened: don't set FORTIFY_SOURCE | Emily | 2020-04-17 |
| | | | | | | | | | | | | Upstreamed in anthraxx/linux-hardened@d12c0d5f0c43f299634af7268f63929c1aaa10ee. | ||
| | * | linux_*_hardened: don't set PANIC_ON_OOPS | Emily | 2020-04-17 |
| | | | | | | | | | | | | Upstreamed in anthraxx/linux-hardened@366e0216f15b7007c1f8b7ca86df681cbc22b50a. | ||
| | * | linux_*_hardened: don't set SLAB_FREELIST_{RANDOM,HARDENED} | Emily | 2020-04-17 |
| | | | | | | | | | | | | | | | Upstreamed in anthraxx/linux-hardened@786126f177aba14110394be49b404beba061292f, anthraxx/linux-hardened@44822ebeb7c3ede030c58cc64fc1c8e8489c9063. | ||
| | * | linux_*_hardened: don't set HARDENED_USERCOPY_FALLBACK | Emily | 2020-04-17 |
| | | | | | | | | | | | | | | | Upstreamed in anthraxx/linux-hardened@c1fe7a68e368d05e109e69ee3491da69093883a3, anthraxx/linux-hardened@2c553a2bb115211c8e1c97eb8c949320aeb29a1d. | ||
| | * | linux_*_hardened: don't set DEBUG_LIST | Emily | 2020-04-17 |
| | | | | | | | | | | | | Upstreamed in anthraxx/linux-hardened@6b20124185e0548c1791bc8b7fde053de4fda269. | ||
| | * | linux_*_hardened: don't set {,IO_}STRICT_DEVMEM | Emily | 2020-04-17 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | STRICT_DEVMEM is on by default in upstream 5.6.2; IO_STRICT_DEVMEM is turned on by anthraxx/linux-hardened@103d23cb6645c1110fa33f2ce1ed1bba2b094081. Note that anthraxx/linux-hardened@db1d27e10e0e624632ecda9e72abb9ab126da4ce disables DEVMEM by default, so this is only relevant if that default is overridden to turn it back on. | ||
| | * | linux_*_hardened: don't set DEBUG_WX | Emily | 2020-04-17 |
| | | | | | | | | | | | | Upstreamed in anthraxx/linux-hardened@55ee7417f305835e6e0880ecf0b1aa334f7aabf4. | ||
| | * | linux_*_hardened: don't set BUG_ON_DATA_CORRUPTION | Emily | 2020-04-17 |
| | | | | | | | | | | | | Upstreamed in anthraxx/linux-hardened@3fcd15014c8e99828de0f946611d715411dc611d. | ||
| | * | linux_*_hardened: don't set LEGACY_VSYSCALL_NONE | Emily | 2020-04-17 |
| | | | | | | | | | | | | Upstreamed in anthraxx/linux-hardened@d300b0fdad706daab3a36a8d23b35ebe03c3fc87. | ||
| | * | linux_*_hardened: don't set RANDOMIZE_{BASE,MEMORY} | Emily | 2020-04-17 |
| | | | | | | | | | | | | | | | These are on by default for x86 in upstream linux-5.6.2, and turned on for arm64 by anthraxx/linux-hardened@90f9670bc3696f564ac2e874a2b80046b90ea49f. | ||
| | * | linux_*_hardened: don't set MODIFY_LDT_SYSCALL | Emily | 2020-04-17 |
| | | | | | | | | | | | | Upstreamed in anthraxx/linux-hardened@05644876fa5dc3a67a8ea4b396e2214a2f8e8411. | ||
| | * | linux_*_hardened: don't set DEFAULT_MMAP_MIN_ADDR | Emily | 2020-04-17 |
| | | | | | | | | | | | | Upstreamed in anthraxx/linux-hardened@f1fe0a64dd532551b048d97b35473c25809f7a0f. | ||
| | * | linux_*_hardened: don't set VMAP_STACK | Emily | 2020-04-17 |
| | | | | | | | | | | | | This has been on by default upstream for as long as it's been an option. | ||
| | * | linux_*_hardened: don't set X86_X32 | Emily | 2020-04-17 |
| | | | | | | | | | | | | | | | | | | As far as I can tell, this has never defaulted to on upstream, and our common kernel configuration doesn't turn it on, so the attack surface reduction here is somewhat homeopathic. |