summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorgithub-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>2023-07-01 00:17:16 +0000
committerGitHub <noreply@github.com>2023-07-01 00:17:16 +0000
commitec1cdfb3c59b6f1e5413d20d9c066fd53a3bdb70 (patch)
tree7ff3c9306e88a3e615330e2aaac5931976e4b3bf
parentMerge release-22.11 into staging-next-22.11 (diff)
parentMerge pull request #240594 from Ma27/linux-kernel-backports-2211 (diff)
downloadnixpkgs-ec1cdfb3c59b6f1e5413d20d9c066fd53a3bdb70.tar.gz
Merge release-22.11 into staging-next-22.11
Diffstat
-rw-r--r--nixos/tests/kernel-generic.nix1
-rw-r--r--pkgs/applications/networking/browsers/brave/default.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/hardened/patches.json70
-rw-r--r--pkgs/os-specific/linux/kernel/linux-4.14.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/linux-4.19.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/linux-5.10.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/linux-5.15.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/linux-5.4.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/linux-6.1.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/linux-6.3.nix8
-rw-r--r--pkgs/os-specific/linux/kernel/patches.nix8
-rw-r--r--pkgs/top-level/all-packages.nix2
-rw-r--r--pkgs/top-level/linux-kernels.nix3
13 files changed, 72 insertions, 48 deletions
diff --git a/nixos/tests/kernel-generic.nix b/nixos/tests/kernel-generic.nix
index 3e74554de339..82d9118c6fb1 100644
--- a/nixos/tests/kernel-generic.nix
+++ b/nixos/tests/kernel-generic.nix
@@ -31,6 +31,7 @@ let
linux_5_10_hardened
linux_5_15_hardened
linux_6_1_hardened
+ linux_6_3_hardened
linux_testing;
};
diff --git a/pkgs/applications/networking/browsers/brave/default.nix b/pkgs/applications/networking/browsers/brave/default.nix
index 66896c491e71..5c61f6aaed4e 100644
--- a/pkgs/applications/networking/browsers/brave/default.nix
+++ b/pkgs/applications/networking/browsers/brave/default.nix
@@ -90,11 +90,11 @@ in
stdenv.mkDerivation rec {
pname = "brave";
- version = "1.52.126";
+ version = "1.52.129";
src = fetchurl {
url = "https://github.com/brave/brave-browser/releases/download/v${version}/brave-browser_${version}_amd64.deb";
- sha256 = "sha256-M/25YFqET4G89S7ihiFige047+fk/jWKpEiD8O22W74=";
+ sha256 = "sha256-v5C8YbYv2gr2Tf+koM3+4s2xtHTabLcJcIlsQx3UxfM=";
};
dontConfigure = true;
diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json
index 48cf3595dbc1..cc093f220046 100644
--- a/pkgs/os-specific/linux/kernel/hardened/patches.json
+++ b/pkgs/os-specific/linux/kernel/hardened/patches.json
@@ -2,61 +2,71 @@
"4.14": {
"patch": {
"extra": "-hardened1",
- "name": "linux-hardened-4.14.317-hardened1.patch",
- "sha256": "11jfmfanziq1k96147ddsavs1jaf201gsxpfm9i2qkz6jqrmqrsn",
- "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.317-hardened1/linux-hardened-4.14.317-hardened1.patch"
+ "name": "linux-hardened-4.14.319-hardened1.patch",
+ "sha256": "1dz59az2k1lg5csx70p4nb634cv57b7ij554hkvln7bp6m9cm1ga",
+ "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.319-hardened1/linux-hardened-4.14.319-hardened1.patch"
},
- "sha256": "0c1wy0m0jnjpc6scrw1y97wsg2d18vb1bi31i1qzlxvgmrd8zwlc",
- "version": "4.14.317"
+ "sha256": "1y8zp9jkyid4g857nfm7xhsya3d9vx2dni8l7ishn2gl087pb95c",
+ "version": "4.14.319"
},
"4.19": {
"patch": {
"extra": "-hardened1",
- "name": "linux-hardened-4.19.285-hardened1.patch",
- "sha256": "183q8c6jxss5q9vp1vvi3l233s0jf0lbn5sylavwzgdjm5anbjdr",
- "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.285-hardened1/linux-hardened-4.19.285-hardened1.patch"
+ "name": "linux-hardened-4.19.287-hardened1.patch",
+ "sha256": "1my4j6i549xw2zzbxnbaarby7584ysy4l1xgw3x8cc848l2m1iqp",
+ "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.287-hardened1/linux-hardened-4.19.287-hardened1.patch"
},
- "sha256": "05nwivdk4w939vrrbn5p2yai1rz7kxqa4bl5f3n6d867b59pg8da",
- "version": "4.19.285"
+ "sha256": "0wracrahi4qm6klsd9bnlwwdcaqbclx2mqc5d7vbvxxzfn69nsi8",
+ "version": "4.19.287"
},
"5.10": {
"patch": {
"extra": "-hardened1",
- "name": "linux-hardened-5.10.183-hardened1.patch",
- "sha256": "13rpr4bgvm6zi7vpf2syxbixgbzcyqz774xil4ffyzi8zqcnbz8s",
- "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.183-hardened1/linux-hardened-5.10.183-hardened1.patch"
+ "name": "linux-hardened-5.10.185-hardened1.patch",
+ "sha256": "05abqsbsr6mjj0yxwwwf2hwsxd3z3jj2wkj0frd1ygb06njkvpjz",
+ "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.185-hardened1/linux-hardened-5.10.185-hardened1.patch"
},
- "sha256": "06b1nlwaqs7g3323zxp1bxfilqpbj700x591vqa9dx6a6p39g520",
- "version": "5.10.183"
+ "sha256": "143hghmj4lxiyavndvdmwg5mig8s2i4ffrmd8zwqqwy8ipn641i8",
+ "version": "5.10.185"
},
"5.15": {
"patch": {
"extra": "-hardened1",
- "name": "linux-hardened-5.15.116-hardened1.patch",
- "sha256": "0bg4yjix7n22r2q97rcrc5svggkczap98ljq3b11688nfjnxbgbp",
- "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.116-hardened1/linux-hardened-5.15.116-hardened1.patch"
+ "name": "linux-hardened-5.15.118-hardened1.patch",
+ "sha256": "07knyxmb0j2bf117md2glyyqj892n4p4jq2ahd8s90fp0x8g6z9a",
+ "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.118-hardened1/linux-hardened-5.15.118-hardened1.patch"
},
- "sha256": "16hpdqlkz2g2pjcml7j55yfym6nbp0zg8f2r969wq9jkpg8wj5zn",
- "version": "5.15.116"
+ "sha256": "1cxm7s19l2f38chxrlvx7crvqcygmc77rhsc3lfx3m84vgdg8ssf",
+ "version": "5.15.118"
},
"5.4": {
"patch": {
"extra": "-hardened1",
- "name": "linux-hardened-5.4.246-hardened1.patch",
- "sha256": "07i8g34r9f6fjnx8bxikydik42s5nyp95q6rfl3rq48q418jd766",
- "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.246-hardened1/linux-hardened-5.4.246-hardened1.patch"
+ "name": "linux-hardened-5.4.248-hardened1.patch",
+ "sha256": "0zd1s6xxpv6j2hmm56x4pg9dxakrmkf29x3vv6pjq3hmcp8ihs4s",
+ "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.248-hardened1/linux-hardened-5.4.248-hardened1.patch"
},
- "sha256": "1snrgvpqpmc0d4aphq8flsmlcjjx9kgknymjlrmazl4ghl57jf09",
- "version": "5.4.246"
+ "sha256": "0d9yn51rg59k39h0w6wmvjqz9n7najm9x8yb79rparbcwwrd3gis",
+ "version": "5.4.248"
},
"6.1": {
"patch": {
"extra": "-hardened1",
- "name": "linux-hardened-6.1.33-hardened1.patch",
- "sha256": "1mfimfs9v6a852vrpckr9v0hlbqy34c3lj5fj50m7m8x25qsin5a",
- "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.33-hardened1/linux-hardened-6.1.33-hardened1.patch"
+ "name": "linux-hardened-6.1.35-hardened1.patch",
+ "sha256": "0s9ld5dnzxyizm8bdv4dc8lh3yfqv45hd65k0sc4swlnb1k96dxb",
+ "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.35-hardened1/linux-hardened-6.1.35-hardened1.patch"
},
- "sha256": "1kfj7mi3n2lfaw4spz5cbvcl1md038figabyg80fha3kxal6nzdq",
- "version": "6.1.33"
+ "sha256": "1b16pk0b45k1q53nzbwv6wh0aqn160b1kip8scywf3axpi1q2dmy",
+ "version": "6.1.35"
+ },
+ "6.3": {
+ "patch": {
+ "extra": "-hardened1",
+ "name": "linux-hardened-6.3.1-hardened1.patch",
+ "sha256": "0wlp6azlkj9xbkwxyari28ixini0jvw2dl653i7ns4l27p0gmayx",
+ "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.3.1-hardened1/linux-hardened-6.3.1-hardened1.patch"
+ },
+ "sha256": "0aizkgwdmdjrgab67yjfaqcmvfh7wb3b3mdq9qfxpq6mlys0yqkq",
+ "version": "6.3.1"
}
}
diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix
index 4c8c5c4d5c5a..a69130dc474c 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.14.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.14.nix
@@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
- version = "4.14.319";
+ version = "4.14.320";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
- sha256 = "1y8zp9jkyid4g857nfm7xhsya3d9vx2dni8l7ishn2gl087pb95c";
+ sha256 = "09bn18jvazkc55bqdjbxy8fbca7vjhi9xl2h02w0sq3f1jf6g0pd";
};
} // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-4.19.nix b/pkgs/os-specific/linux/kernel/linux-4.19.nix
index eaa6ed7694fd..5236bc402758 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.19.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.19.nix
@@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
- version = "4.19.287";
+ version = "4.19.288";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
- sha256 = "0wracrahi4qm6klsd9bnlwwdcaqbclx2mqc5d7vbvxxzfn69nsi8";
+ sha256 = "1sz3jp6kx0axdwp0wsq903q1090rbav9d12m5128335m8p2d1srk";
};
} // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-5.10.nix b/pkgs/os-specific/linux/kernel/linux-5.10.nix
index bab21eb19a36..fd8b8f13ae28 100644
--- a/pkgs/os-specific/linux/kernel/linux-5.10.nix
+++ b/pkgs/os-specific/linux/kernel/linux-5.10.nix
@@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
- version = "5.10.185";
+ version = "5.10.186";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
- sha256 = "143hghmj4lxiyavndvdmwg5mig8s2i4ffrmd8zwqqwy8ipn641i8";
+ sha256 = "1qqv91r13akgik1q4jybf8czskxxizk6lpv4rsvjn9sx2dm2jq0y";
};
} // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-5.15.nix b/pkgs/os-specific/linux/kernel/linux-5.15.nix
index 019eb3ecda33..03c8e23c20ff 100644
--- a/pkgs/os-specific/linux/kernel/linux-5.15.nix
+++ b/pkgs/os-specific/linux/kernel/linux-5.15.nix
@@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
- version = "5.15.118";
+ version = "5.15.119";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
- sha256 = "1cxm7s19l2f38chxrlvx7crvqcygmc77rhsc3lfx3m84vgdg8ssf";
+ sha256 = "1kygpqf6sgkrwg77sv01di23c3n3rn5d44g8k5apx5106pys19bs";
};
} // (args.argsOverride or { }))
diff --git a/pkgs/os-specific/linux/kernel/linux-5.4.nix b/pkgs/os-specific/linux/kernel/linux-5.4.nix
index e646e95d5418..f1a5d9e13f35 100644
--- a/pkgs/os-specific/linux/kernel/linux-5.4.nix
+++ b/pkgs/os-specific/linux/kernel/linux-5.4.nix
@@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
- version = "5.4.248";
+ version = "5.4.249";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
- sha256 = "0d9yn51rg59k39h0w6wmvjqz9n7najm9x8yb79rparbcwwrd3gis";
+ sha256 = "079mylc5j7hk5xn59q3z2xydyh88pq7yipn67x3y7nvf5i35hm6w";
};
} // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-6.1.nix b/pkgs/os-specific/linux/kernel/linux-6.1.nix
index 854680321c48..9bf4afeef935 100644
--- a/pkgs/os-specific/linux/kernel/linux-6.1.nix
+++ b/pkgs/os-specific/linux/kernel/linux-6.1.nix
@@ -3,7 +3,7 @@
with lib;
buildLinux (args // rec {
- version = "6.1.35";
+ version = "6.1.36";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v6.x/linux-${version}.tar.xz";
- sha256 = "1b16pk0b45k1q53nzbwv6wh0aqn160b1kip8scywf3axpi1q2dmy";
+ sha256 = "0szyiah4avicqvlmadjxyh3i9b0xi9ipqjg1qrqgzf9h1wq0xjnq";
};
} // (args.argsOverride or { }))
diff --git a/pkgs/os-specific/linux/kernel/linux-6.3.nix b/pkgs/os-specific/linux/kernel/linux-6.3.nix
index e6778222b004..7fffbca6d2f0 100644
--- a/pkgs/os-specific/linux/kernel/linux-6.3.nix
+++ b/pkgs/os-specific/linux/kernel/linux-6.3.nix
@@ -1,18 +1,18 @@
-{ lib, fetchurl, buildLinux, ... } @ args:
+{ lib, fetchurl, buildLinux, modDirVersionArg ? null, ... } @ args:
with lib;
buildLinux (args // rec {
- version = "6.3.9";
+ version = "6.3.10";
# modDirVersion needs to be x.y.z, will automatically add .0 if needed
- modDirVersion = versions.pad 3 version;
+ modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
# branchVersion needs to be x.y
extraMeta.branch = versions.majorMinor version;
src = fetchurl {
url = "mirror://kernel/linux/kernel/v6.x/linux-${version}.tar.xz";
- sha256 = "0gmi55hhdw1f1qyvd04v17x596yh8wis42vmcd8vhymik49z5v21";
+ sha256 = "1qs6rmh0hk47rmz30fhjj3g7bqrz19w1ldyv6fyiq6djja3avag0";
};
} // (args.argsOverride or { }))
diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix
index f2225096dd5c..9de4fc22aa8b 100644
--- a/pkgs/os-specific/linux/kernel/patches.nix
+++ b/pkgs/os-specific/linux/kernel/patches.nix
@@ -71,4 +71,12 @@
hash = "sha256-DYPWgraXPNeFkjtuDYkFXHnCJ4yDewrukM2CCAqC2BE=";
};
};
+
+ fix-amdgpu-5_15 = {
+ name = "fix-amdgpu-crash";
+ patch = fetchpatch {
+ url = "https://lore.kernel.org/stable/20230628111636.23300-1-mario.limonciello@amd.com/raw";
+ sha256 = "sha256-eAzy+bMiOJwzssOuvrMu7gmmV3PZezaDuVwwx7zNt6M=";
+ };
+ };
}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index f85645105162..ab20c3a4b723 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -25384,6 +25384,8 @@ with pkgs;
linux_5_15_hardened = linuxKernel.kernels.linux_5_15_hardened;
linuxPackages_6_1_hardened = linuxKernel.packages.linux_6_1_hardened;
linux_6_1_hardened = linuxKernel.kernels.linux_6_1_hardened;
+ linuxPackages_6_3_hardened = linuxKernel.packages.linux_6_3_hardened;
+ linux_6_3_hardened = linuxKernel.kernels.linux_6_3_hardened;
# Hardkernel (Odroid) kernels.
linuxPackages_hardkernel_latest = linuxKernel.packageAliases.linux_hardkernel_latest;
diff --git a/pkgs/top-level/linux-kernels.nix b/pkgs/top-level/linux-kernels.nix
index f050bd294809..9dfb1d27f0e1 100644
--- a/pkgs/top-level/linux-kernels.nix
+++ b/pkgs/top-level/linux-kernels.nix
@@ -151,6 +151,7 @@ in {
kernelPatches.bridge_stp_helper
kernelPatches.request_key_helper
kernelPatches.fix-em-ice-bonding
+ kernelPatches.fix-amdgpu-5_15
];
};
@@ -250,6 +251,7 @@ in {
linux_5_19_hardened = throw "linux 5.19 was removed because it has reached its end of life upstream";
linux_6_0_hardened = throw "linux 6.0 was removed because it has reached its end of life upstream";
linux_6_1_hardened = hardenedKernelFor kernels.linux_6_1 { };
+ linux_6_3_hardened = hardenedKernelFor kernels.linux_6_3 { };
}));
/* Linux kernel modules are inherently tied to a specific kernel. So
@@ -578,6 +580,7 @@ in {
linux_5_19_hardened = throw "linux 5.19 was removed because it has reached its end of life upstream";
linux_6_0_hardened = throw "linux 6.0 was removed because it has reached its end of life upstream";
linux_6_1_hardened = recurseIntoAttrs (hardenedPackagesFor kernels.linux_6_1 { });
+ linux_6_3_hardened = recurseIntoAttrs (hardenedPackagesFor kernels.linux_6_3 { });
linux_zen = recurseIntoAttrs (packagesFor kernels.linux_zen);
linux_lqx = recurseIntoAttrs (packagesFor kernels.linux_lqx);
generated by cgit v1.2.3 (git 2.52.0) at 2026-01-17 05:30:14 +0000