diff options
| author | Fabián Heredia Montiel <303897+fabianhjr@users.noreply.github.com> | 2023-12-29 12:36:18 -0600 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-12-29 12:36:18 -0600 |
| commit | 6d9b8ec9aa7c9f89a734ca10c433383f5df5258a (patch) | |
| tree | d424de0618aad3f07e3545665f51c166724da3b4 | |
| parent | Merge pull request #277374 from NixOS/backport-276814-to-release-23.05 (diff) | |
| parent | linux/hardened/patches/5.15: 5.15.144-hardened1 -> 5.15.145-hardened1 (diff) | |
| download | nixpkgs-6d9b8ec9aa7c9f89a734ca10c433383f5df5258a.tar.gz | |
Merge pull request #277569 from alyssais/release-23.05-linux-5.15.154
23.05 kernel backports
| -rw-r--r-- | pkgs/os-specific/linux/kernel/hardened/config.nix | 2 | ||||
| -rw-r--r-- | pkgs/os-specific/linux/kernel/hardened/patches.json | 70 | ||||
| -rw-r--r-- | pkgs/os-specific/linux/kernel/kernels-org.json | 8 | ||||
| -rw-r--r-- | pkgs/os-specific/linux/kernel/linux-libre.nix | 4 | ||||
| -rw-r--r-- | pkgs/os-specific/linux/kernel/linux-rt-5.10.nix | 6 |
5 files changed, 45 insertions, 45 deletions
diff --git a/pkgs/os-specific/linux/kernel/hardened/config.nix b/pkgs/os-specific/linux/kernel/hardened/config.nix index 92192eb79f89..7aa9c5117352 100644 --- a/pkgs/os-specific/linux/kernel/hardened/config.nix +++ b/pkgs/os-specific/linux/kernel/hardened/config.nix @@ -34,7 +34,7 @@ assert (versionAtLeast version "4.9"); STRICT_KERNEL_RWX = yes; # Perform additional validation of commonly targeted structures. - DEBUG_CREDENTIALS = yes; + DEBUG_CREDENTIALS = whenOlder "6.6" yes; DEBUG_NOTIFIERS = yes; DEBUG_PI_LIST = whenOlder "5.2" yes; # doesn't BUG() DEBUG_PLIST = whenAtLeast "5.2" yes; diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index cc410ae8b8af..f33c0489157c 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -2,62 +2,62 @@ "4.14": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-4.14.332-hardened1.patch", - "sha256": "1nda3z8hkyfw53dzk1v5zwpzhm75gizsixfmrh8ylaghhk5s8yw3", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.332-hardened1/linux-hardened-4.14.332-hardened1.patch" + "name": "linux-hardened-4.14.333-hardened1.patch", + "sha256": "18pz0g5k3iw6npsp6msyl33ci3jsnw6zv87pagz9scvzgxnsy68h", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.333-hardened1/linux-hardened-4.14.333-hardened1.patch" }, - "sha256": "1f4q0acbp917myjmgiy4haxp78yak5h1rj5g937r6mkykwb6nb14", - "version": "4.14.332" + "sha256": "0j5nrankrhi56qzmyjg1pznqx1zgk5f7cfa154smjbn3zlm7lcv6", + "version": "4.14.333" }, "4.19": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-4.19.301-hardened1.patch", - "sha256": "0arlwp0g4anqlnivyc8y6rq9mhq1ivmy4i0d8kqvwpc2b3wcc525", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.301-hardened1/linux-hardened-4.19.301-hardened1.patch" + "name": "linux-hardened-4.19.303-hardened1.patch", + "sha256": "0bmf88vid8312rrdy4b1bnq4x2rhkiihp01b2j2jmpjbdsj2qbya", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.303-hardened1/linux-hardened-4.19.303-hardened1.patch" }, - "sha256": "1fr05fl8fyyjgsqj8fppd5v378d7sazvpqlq4sl875851fd9nmb2", - "version": "4.19.301" + "sha256": "0dlbl47xs7z4yf9cxbxqzd7zs1f9070jr6ck231wgppa6lwwwb82", + "version": "4.19.303" }, "5.10": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.10.203-hardened1.patch", - "sha256": "19inx95ynyzhh2h9xdg2yw4yfa5nfcw2dh2a7vw4mf0bqdv2iqvc", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.203-hardened1/linux-hardened-5.10.203-hardened1.patch" + "name": "linux-hardened-5.10.205-hardened1.patch", + "sha256": "0viz1pybmh8vld40s2gh73a63743c3v7g2dbrsbqqjkh8xvn28zk", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.205-hardened1/linux-hardened-5.10.205-hardened1.patch" }, - "sha256": "0xr8p7kfr1v3s41fv55ph0l8d9s2p146dl2fh3r2y09lrvwwxssn", - "version": "5.10.203" + "sha256": "0qw8g0h4k0b4dyvspbj51cwr68ihwjzsi2b2261ipy3l1nl1fln5", + "version": "5.10.205" }, "5.15": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.15.142-hardened1.patch", - "sha256": "0x4bsf638rrdrp9b389i6nlprwsfc25qpld50yfcjinqhiykd269", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.142-hardened1/linux-hardened-5.15.142-hardened1.patch" + "name": "linux-hardened-5.15.145-hardened1.patch", + "sha256": "0jip4c7r41a3nzgv6zzrkjg4flb0ri6ar60l246ixzyp9sv19x9r", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.145-hardened1/linux-hardened-5.15.145-hardened1.patch" }, - "sha256": "0xjn16b02f8d6c0m8vrbmk85kdyfy8m46s80rnkb0nnwfx9cjxld", - "version": "5.15.142" + "sha256": "086nssif66s86wkixz4yb7xilz1k49g32l0ib28r8fjzc23rv95j", + "version": "5.15.145" }, "5.4": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.4.263-hardened1.patch", - "sha256": "1v59qzjp9v78y7fkj884a77pjsk4ggplkfh1fq2blj04g7v1zhgv", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.263-hardened1/linux-hardened-5.4.263-hardened1.patch" + "name": "linux-hardened-5.4.265-hardened1.patch", + "sha256": "17bs86fxv5l1dm0knvcnj5940r06pq41gd3fp71rn1p1kwk622y3", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.265-hardened1/linux-hardened-5.4.265-hardened1.patch" }, - "sha256": "1y1mfwjsilrx8x8jnjlyh8r9zlygjjqdf7pay92jv2qijjddpl2h", - "version": "5.4.263" + "sha256": "05cvvwjiznn7hfd02qklklalg0chahvh5v18w64lcva6kzj9kbjd", + "version": "5.4.265" }, "6.1": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.1.67-hardened1.patch", - "sha256": "0jcn2k79l90dys4nrwqha89jv9d1ffghhvlqk9vibfs7y3zrlpbr", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.67-hardened1/linux-hardened-6.1.67-hardened1.patch" + "name": "linux-hardened-6.1.69-hardened1.patch", + "sha256": "1dbwnf6bsxl9m03cngfpf3yb95j719r46dy9x8al59d9p8k0h9bn", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.69-hardened1/linux-hardened-6.1.69-hardened1.patch" }, - "sha256": "11cjqll3b7iq3mblwyzjrd5ph8avgk23f4mw4shm8j6ai5rdndvm", - "version": "6.1.67" + "sha256": "0hdm28k49kmy9r96hckps0bvvaq9m06l72n8ih305rccs6a2cgby", + "version": "6.1.69" }, "6.5": { "patch": { @@ -72,11 +72,11 @@ "6.6": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.6.6-hardened1.patch", - "sha256": "0jhhixayka13rb0cd0qbsqpb7awayjdbn8qyx7wya1y83cgyn2ly", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.6.6-hardened1/linux-hardened-6.6.6-hardened1.patch" + "name": "linux-hardened-6.6.8-hardened1.patch", + "sha256": "0mjrp3bxvb1pprc5v2grxk1r3ifldch35lqsxyky1nvlzhphhgb9", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.6.8-hardened1/linux-hardened-6.6.8-hardened1.patch" }, - "sha256": "1j14n8b012pv3r7i9p762jyabzn2nv1ranxyw5lk3c9lg68hmxzb", - "version": "6.6.6" + "sha256": "05i4ayj9wyjkd1s8ixx7bxwcyagqyx8rhj1zvbc3cjqyw4sc8djh", + "version": "6.6.8" } } diff --git a/pkgs/os-specific/linux/kernel/kernels-org.json b/pkgs/os-specific/linux/kernel/kernels-org.json index 9698e3699644..852b29f8ed6c 100644 --- a/pkgs/os-specific/linux/kernel/kernels-org.json +++ b/pkgs/os-specific/linux/kernel/kernels-org.json @@ -1,7 +1,7 @@ { "testing": { - "version": "6.7-rc6", - "hash": "sha256:164jik11lv35jxfbci3vdb413qi241w51jrisilvfqy8ap0ccs4k" + "version": "6.7-rc7", + "hash": "sha256:1w1np05mqyviykj0gyx6z2l9ql4f909dy0ximh0gkcpkgy6zz9qc" }, "6.5": { "version": "6.5.13", @@ -16,8 +16,8 @@ "hash": "sha256:0hdm28k49kmy9r96hckps0bvvaq9m06l72n8ih305rccs6a2cgby" }, "5.15": { - "version": "5.15.144", - "hash": "sha256:0fsv18q64q17ad7mq818wfhb11dax4bdvbvqyk5ilxyfmypsylzh" + "version": "5.15.145", + "hash": "sha256:086nssif66s86wkixz4yb7xilz1k49g32l0ib28r8fjzc23rv95j" }, "5.10": { "version": "5.10.205", diff --git a/pkgs/os-specific/linux/kernel/linux-libre.nix b/pkgs/os-specific/linux/kernel/linux-libre.nix index 9cf5f46cfb80..9308cba46f13 100644 --- a/pkgs/os-specific/linux/kernel/linux-libre.nix +++ b/pkgs/os-specific/linux/kernel/linux-libre.nix @@ -1,8 +1,8 @@ { stdenv, lib, fetchsvn, linux , scripts ? fetchsvn { url = "https://www.fsfla.org/svn/fsfla/software/linux-libre/releases/branches/"; - rev = "19441"; - sha256 = "1z0x8cw9nr7qf5qh3xjf6rg20q0i79bg71lik847sabyb6vcrk0z"; + rev = "19453"; + sha256 = "12jy0kyhl9dsp20yprbw27kzh1p4qxi5m5zy9j7sglm9ajrbnkar"; } , ... }: diff --git a/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix b/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix index ce26a38ed069..58a1be131962 100644 --- a/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-rt-5.10.nix @@ -6,7 +6,7 @@ , ... } @ args: let - version = "5.10.201-rt98"; # updated by ./update-rt.sh + version = "5.10.204-rt100"; # updated by ./update-rt.sh branch = lib.versions.majorMinor version; kversion = builtins.elemAt (lib.splitString "-" version) 0; in buildLinux (args // { @@ -17,14 +17,14 @@ in buildLinux (args // { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz"; - sha256 = "0642y6qj2d4aww6jcki81ba53pvjyfazjxgzgj8brqx8ixchdz3a"; + sha256 = "1vnamiyr378q52xgkg7kvpx80zck729dim77vp06a3q6n580g5gz"; }; kernelPatches = let rt-patch = { name = "rt"; patch = fetchurl { url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz"; - sha256 = "1g7xbjsfrgins3agz9sq9ia13h5k9605gak7s14z5i4vd34y8pk8"; + sha256 = "1zbpkira8wf3w46586af72k43j8xkj15f0dgq86z975vl60hdk68"; }; }; in [ rt-patch ] ++ kernelPatches; |