Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
Some changes were made when this patch was committed to rust-next.
Most importantly, the minimum rustc version was updated from 1.77.0 to
1.77.1, and if we use the latest version of the patch, we'll be able
to cleanly apply the 1.78.0 patch.
rust-next gets force pushed sometimes[1], so we shouldn't fetch from
it in a FOD, hence we now have rust-1.77-6.8.patch in-tree, but this
will save us from having rust-1.78.patch in-tree, which we can fetch
from lore.
[1]: https://github.com/Rust-for-Linux/linux/activity?ref=rust-next
|
|
|
|
|
|
|
|
The 1.75 patch can't be fetched, because it doesn't apply. But git
can apply it cleanly, so it must just need to do a three-way merge or
something. Regardless, we need to include a version that patch(1) can
apply in Nixpkgs.
|
|
|
|
Fixes #253418
|
|
Part of all upstream source-trees kernels we currently build.
|
|
|
|
Closes #240017
|
|
Conflicts:
pkgs/os-specific/linux/kernel/patches.nix
pkgs/top-level/linux-kernels.nix
|
|
No longer used.
|
|
This was fixed in 248401cb2c46 ("ice: avoid bonding causing auxiliary
plug/unplug under RTNL lock"), which was backported to all relevant kernels.
|
|
Fetching from a maintainer tree can be unreliable as commits or
even repos may be removed.
|
|
|
|
This applies the patch for CVE-2023-32233 from kernel 4.19 until 6.3,
testing (6.4-rc1 at the moment) is excluded because it already have the
fix and 4.14 doesn't have this fix queued for the next stable kernel.
|
|
This reverts commit 141317dff92656e67ffb726c727766ceffcba52b.
|
|
Reverts a patch that broke WPA auth in offload mode for brcmfmac
(broadcom driver). See
https://lore.kernel.org/linux-wireless/ZAx0TWRBlGfv7pNl@kroah.com/T/#m0bbd179b92fbbcae0498fd642c31c1ecab1968c0
for context.
Had to hack around a bit to make sure this doesn't get applied to
hardened which uses an older patch-level without the problematic patch.
|
|
`ice` driver
Some Equinix Metal instances, such as a3.large.x86, m3.large.x86
(specific hardware revisions), and n3.large.x86, use the `ice` kernel
driver for their network cards, in conjunction with bonded devices.
However, this commit caused a regression where these bonded devices
would deadlock. This was initially reported by Jaroslav Pulchart on
the netdev mailing list[1], and there were follow-up patches from Dave
Ertman[2][3] that attempted to fix this but were not up to snuff for
various reasons[4].
Specifically, v2 of the patch ([3]) appears to fix the issue on some
devices (tested with 8086:159B network cards), while it is still broken
on others (such as an 8086:1593 network card).
We revert the patch exposing the issue until upstream has a working
solution in order to make Equinix Metal instances work reliably again.
[1]: https://lore.kernel.org/netdev/CAK8fFZ6A_Gphw_3-QMGKEFQk=sfCw1Qmq0TVZK3rtAi7vb621A@mail.gmail.com/
[2]: https://patchwork.ozlabs.org/project/intel-wired-lan/patch/20230111183145.1497367-1-david.m.ertman@intel.com/
[3]: https://patchwork.ozlabs.org/project/intel-wired-lan/patch/20230215191757.1826508-1-david.m.ertman@intel.com/
[4]: https://lore.kernel.org/netdev/cb31a911-ba80-e2dc-231f-851757cfd0b8@intel.com/T/#m6e53f8c43093693c10268140126abe99e082dc1c
|
|
These are not referenced.
|
|
lib.importJSON ./file.json
|
|
Until now we merged kernel updates even if no hardened versions were
available yet. On one hand we don't want to delay patch-level updates,
on the other hand users of hardened kernels have frequent breakage now[1].
This change aims to provide a solution this issue:
* The hardened patchset now references the kernel version it's released
for (including a sha256 hash for the fixed-output path of the source
tarball).
* The `hardenedKernelFor`-function doesn't just append hardened patches
now, but also overrides version & src to match the kernel version the
patch was built & tested for.
Refs #140281
[1] https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.linuxPackages_hardened.kernel.x86_64-linux/all
|
|
This reverts commit 24a08441d52480cf3332a100e24fdf9b83a8351a.
|
|
|
|
kernelPatches: ath driver: allow setting regulatory domain
|
|
Hasn't been necessary since ZFS 0.8.3
|
|
|
|
|
|
Ports an OpenWRT patch for Atheros wireless drivers (ath*) which allows
the user to change the regulatory domain code to the one which actually
applies.
All Atheros devices have a regulatory domain burned into their EEPROM.
When using a device as AP, this domain is frequently overly restrictive
when compared to the regulation which applies in the country the device
actually operates in; often, this restriction disallows IR on all
channels making it impossible to use the device as an AP at all.
This commit introduces the NixOS config option
networking.wireless.athUserRegulatoryDomain which, if enabled, applies
the patch and sets the kernel config option ATH_USER_REGD.
The original OpenWRT patch targets Linux 5.8.
|
|
Fixes #108707
|
|
Added temporary patch for a syntax error in the wireless drivers
|
|
|
|
Upstream issue: https://github.com/openzfs/zfs/issues/11097#issuecomment-740682245
|
|
|
|
This will avoid breaking the build whenever a non-major kernel update
happens. In the update script, we map each kernel version to the latest
patch for the latest kernel version less than or equal to what we
have packaged.
|
|
This is an updated version of the former upstream,
https://github.com/AndroidHardeningArchive/linux-hardened, and provides
a minimal set of additional hardening patches on top of upstream.
The patch already incorporates many of our hardened profile defaults,
and releases are timely (Linux 5.5.15 and 5.6.2 were released on
2020-04-02; linux-hardened patches for them came out on 2020-04-03 and
2020-04-04 respectively).
|
|
|
|
|
|
This is necessary for id mapping to work with NFS + Kerberos, and also
touches #68106 and 634638.
|
|
At the moment we experience bad instabilities with linux 5.3:
https://github.com/zfsonlinux/zfs/issues/9346
as the zfs-native method of disabling the FPU is buggy.
|
|
|
|
|
|
|
|
In 5.0er these function were removed from the public interface also zfs needs
them for AVX/AES-NI support. Without this patch for example throughput on a
encrypted zfs dataset drops to 200 MB/s from 1.2 GB/s. These functions were
removed as their was no user within the linux kernel tree itself.
|
|
|
|
https://github.com/NixOS/nixpkgs/issues/60126
https://lkml.org/lkml/2019/4/24/1123
The patch should be removed in the next round of stable releases because the fix should be included.
(cherry picked from commit 1e8a0805890fbb1cce1aa751296c82342b0cae7e)
|
|
Also remove interpreter truncation patch, no longer needed in package tree.
|
|
via https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb5b020a8d38f77209d0472a0fea755299a8ec78
see https://github.com/NixOS/nixpkgs/issues/53672
|
|
There seems to have been an oopsie with the rebase.
|