| Commit message (Collapse) | Author | Age |
| |
|
|\
| |
| | |
linux_*_hardened: use linux-hardened patch set
|
| |
| |
| |
| | |
Upstreamed in anthraxx/linux-hardened@d12c0d5f0c43f299634af7268f63929c1aaa10ee.
|
| |
| |
| |
| | |
Upstreamed in anthraxx/linux-hardened@366e0216f15b7007c1f8b7ca86df681cbc22b50a.
|
| |
| |
| |
| |
| | |
Upstreamed in anthraxx/linux-hardened@786126f177aba14110394be49b404beba061292f,
anthraxx/linux-hardened@44822ebeb7c3ede030c58cc64fc1c8e8489c9063.
|
| |
| |
| |
| |
| | |
Upstreamed in anthraxx/linux-hardened@c1fe7a68e368d05e109e69ee3491da69093883a3,
anthraxx/linux-hardened@2c553a2bb115211c8e1c97eb8c949320aeb29a1d.
|
| |
| |
| |
| | |
Upstreamed in anthraxx/linux-hardened@6b20124185e0548c1791bc8b7fde053de4fda269.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
STRICT_DEVMEM is on by default in upstream 5.6.2; IO_STRICT_DEVMEM is
turned on by anthraxx/linux-hardened@103d23cb6645c1110fa33f2ce1ed1bba2b094081.
Note that anthraxx/linux-hardened@db1d27e10e0e624632ecda9e72abb9ab126da4ce
disables DEVMEM by default, so this is only relevant if that default is
overridden to turn it back on.
|
| |
| |
| |
| | |
Upstreamed in anthraxx/linux-hardened@55ee7417f305835e6e0880ecf0b1aa334f7aabf4.
|
| |
| |
| |
| | |
Upstreamed in anthraxx/linux-hardened@3fcd15014c8e99828de0f946611d715411dc611d.
|
| |
| |
| |
| | |
Upstreamed in anthraxx/linux-hardened@d300b0fdad706daab3a36a8d23b35ebe03c3fc87.
|
| |
| |
| |
| |
| | |
These are on by default for x86 in upstream linux-5.6.2, and turned on
for arm64 by anthraxx/linux-hardened@90f9670bc3696f564ac2e874a2b80046b90ea49f.
|
| |
| |
| |
| | |
Upstreamed in anthraxx/linux-hardened@05644876fa5dc3a67a8ea4b396e2214a2f8e8411.
|
| |
| |
| |
| | |
Upstreamed in anthraxx/linux-hardened@f1fe0a64dd532551b048d97b35473c25809f7a0f.
|
| |
| |
| |
| | |
This has been on by default upstream for as long as it's been an option.
|
| |
| |
| |
| |
| |
| | |
As far as I can tell, this has never defaulted to on upstream, and our
common kernel configuration doesn't turn it on, so the attack surface
reduction here is somewhat homeopathic.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is an updated version of the former upstream,
https://github.com/AndroidHardeningArchive/linux-hardened, and provides
a minimal set of additional hardening patches on top of upstream.
The patch already incorporates many of our hardened profile defaults,
and releases are timely (Linux 5.5.15 and 5.6.2 were released on
2020-04-02; linux-hardened patches for them came out on 2020-04-03 and
2020-04-04 respectively).
|
| |
| |
| |
| |
| | |
The linux-hardened patch set removes this default, probably because of
its original focus on Android kernel hardening.
|
| | |
|
|\ \
| | |
| | | |
rshijack: init at 0.3.0
|
| | | |
|
| | | |
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The upstream readme has a note about renaming the git repo and libname:
https://github.com/oneapi-src/oneDNN#oneapi-deep-neural-network-library-onednn
Changelog: https://github.com/oneapi-src/oneDNN/releases/tag/v1.4
|
| | | |
| | | |
| | | |
| | | | |
Fixes a CVE https://webkitgtk.org/security/WSA-2020-0004.html
https://webkitgtk.org/2020/04/13/webkitgtk2.28.1-released.html
|
| | | |
| | | |
| | | |
| | | | |
Fixes https://github.com/NixOS/nixpkgs/issues/85564.
|
|\ \ \ \
| | | | |
| | | | | |
openjk: use gcc9
|
| | | | | |
|
| | | | | |
|
|/ / / / |
|
|\ \ \ \ |
|
| | | | | |
|
|\ \ \ \ \
| | | | | |
| | | | | | |
bazelisk: 1.3.0 -> 1.4.0
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Changelog; https://github.com/bazelbuild/bazelisk/releases/tag/v1.4.0
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
spotifyd: add withMpris and withKeyring optionals
|
| | | | | | | |
|
|\ \ \ \ \ \ \
| |_|_|/ / / /
|/| | | | | | |
wasmtime-0.12.0: fix cargoSha256
|
| | | | | | | |
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
docker: add git to extraPath
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
When building a docker container from git, docker was missing the git
binary in $PATH.
|
| | | | | | | | |
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
joplin-desktop: 1.0.179 -> 1.0.200
|
| | | | | | | | | |
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Builds successfully on NixOS
|
|\ \ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | | |
fira: 4.106 -> 4.202
|
| | | | | | | | | | |
|
| | | | | | | | | | |
|
|/ / / / / / / / /
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
We use the config for the native messaging host below this statement.
|
|\ \ \ \ \ \ \ \ \ |
|
| |\ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
Hydra nixpkgs: ?compare=1582510
|