Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

linux: 4.14.8 -> 4.14.9 #33049

Merged
merged 1 commit into from Dec 26, 2017
Merged

linux: 4.14.8 -> 4.14.9 #33049

merged 1 commit into from Dec 26, 2017

Conversation

andir
Copy link
Member

@andir andir commented Dec 25, 2017
edited

Motivation for this change

Besides fixes for the recent BPF issues there is also a patch included
that fixes booting on aarch64 (e.g. RPi3) ;-)

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option build-use-sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

@andir
Copy link
Member Author

andir commented Dec 25, 2017

Successfully rebuild it on aarch64, device boots fine.

orivej
orivej reviewed Dec 25, 2017
View reviewed changes
pkgs/os-specific/linux/kernel/manual-config.nix
@@ -243,7 +243,7 @@ stdenv.mkDerivation ((drvAttrs config stdenv.platform (kernelPatches ++ nativeKe

nativeBuildInputs = [ perl bc nettools openssl gmp libmpc mpfr ]
++ optional (stdenv.platform.kernelTarget == "uImage") ubootTools
++ optional (stdenv.lib.versionAtLeast version "4.15") libelf
++ optional (stdenv.lib.versionAtLeast version "4.14") libelf
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do you change this?

@andir
Copy link
Member Author

andir commented Dec 25, 2017 via email

orivej
orivej approved these changes Dec 25, 2017
View reviewed changes
Copy link
Contributor

@orivej orivej left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/cc @NeQuissimus

@andir @vcunat
linux: 4.14.8 -> 4.14.9
63e3eae 
Besides fixes for the recent BPF issues there is also a patch included
that fixes booting on aarch64 (e.g. RPi3) ;-)
@vcunat
Copy link
Member

vcunat commented Dec 26, 2017

(Reversed spurious addition of libelf in parameter list.)

@vcunat vcunat merged commit 63e3eae into NixOS:master Dec 26, 2017
vcunat added a commit that referenced this pull request Dec 26, 2017
@vcunat
Merge #33049: linux: 4.14.8 -> 4.14.9
68bcfb3
@vcunat
Copy link
Member

vcunat commented Dec 26, 2017

BTW, this fixes CVE-2017-16996.

vcunat added a commit that referenced this pull request Dec 26, 2017
@vcunat
Merge #33049: linux: 4.14.8 -> 4.14.9
9d96a85 
(cherry picked from commit 68bcfb3)
Fixes CVE-2017-16996.
@vcunat vcunat added the 8.has: port to stable A PR already has a backport to the stable release. label Dec 26, 2017
@andir andir deleted the linux-4.14.9 branch December 27, 2017 20:17
@adisbladis
Copy link
Member

adisbladis commented Dec 29, 2017
edited

This broke spl, splUnstable (and with that zfs and zfsUnstable and probably a few more out of tree kernel modules as well (some online sources indicate that the nvidia driver also broke with this update but I have not yet tested to build nvidia).

I'm inclined to revert this until the next minor release.

@andir
Copy link
Member Author

andir commented Dec 29, 2017

4.14.10 is already in review phase. Deadline to report regression (since .9) is today 16:45 UTC.

Best practice should be to test all the out-of-tree (potentially lacking behind) kernel modules before bumping the release? I would strictly advice against reverting this as it also fixes some security issues and reverting those fixes would send a pretty neat message.

Anyway: In which way did they break? Do you have some output? Those should be fixed if possible. It most likely is due to back ports from 4.15.

@clefru clefru mentioned this pull request Dec 29, 2017
Closed
@vcunat vcunat mentioned this pull request Dec 29, 2017
Closed
8 tasks
@dezgeg
Copy link
Contributor

dezgeg commented Dec 29, 2017

I think most of the build breakage just needs to be solved in nixpkgs by e.g. #33166

@andersk andersk mentioned this pull request Jan 1, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@orivej orivej orivej approved these changes

@vcunat vcunat vcunat approved these changes

Assignees
No one assigned
Labels
1.severity: security 8.has: port to stable A PR already has a backport to the stable release. 10.rebuild-darwin: 0 10.rebuild-linux: 101-500
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@andir @vcunat @adisbladis @dezgeg @orivej @GrahamcOfBorg