colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #296253 from Ma27/linux-kernel-updates

Browse Source 
Linux kernel updates 2024-03-15, mitigation for RFDS (CVE-2023-28746)
This commit is contained in:
K900 2024-03-16 08:05:25 +03:00 committed by GitHub
commit 01bf867765
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 57 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
pkgs/os-specific/linux/kernel/hardened/patches.json
View File

@ -2,52 +2,52 @@
"4.19": {
"patch": {
"extra": "-hardened1",
"name": "linux-hardened-4.19.307-hardened1.patch",
"sha256": "01i15w3qzwag2v4r5r5bqyk337pidhmcfif228f286cnjnqz5d7h",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.307-hardened1/linux-hardened-4.19.307-hardened1.patch"
"name": "linux-hardened-4.19.309-hardened1.patch",
"sha256": "1hww72w5anmfr9czqbl31glzl70s34492k9qz9zax141zg1sf6sp",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.309-hardened1/linux-hardened-4.19.309-hardened1.patch"
},
"sha256": "0lp3fc7sqy48vpcl2g0n1bz7i1hp9k0nlz3i1xfh9l056ihzzvl3",
"version": "4.19.307"
"sha256": "1yc45kfiwdqsqa11sxafs82b0day6qvgjcll8rx9vipidsmagbcm",
"version": "4.19.309"
},
"5.10": {
"patch": {
"extra": "-hardened1",
"name": "linux-hardened-5.10.210-hardened1.patch",
"sha256": "1fdkkl303kvw9sg9lpzg83157xrl9jcl4jjli1gi2a4j0yz2479n",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.210-hardened1/linux-hardened-5.10.210-hardened1.patch"
"name": "linux-hardened-5.10.212-hardened1.patch",
"sha256": "0h04i94vshhcli5m4qpnqg4vsi5v1ifvdhhklk7c0bvkfk35cbml",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.212-hardened1/linux-hardened-5.10.212-hardened1.patch"
},
"sha256": "0vggj3a71awc1w803cdzrnkn88rxr7l1xh9mmdcw9hzxj1d3r9jf",
"version": "5.10.210"
"sha256": "14vll2bghd52wngjxy78hgglydcxka59yziji0w56dcdpmky9wqc",
"version": "5.10.212"
},
"5.15": {
"patch": {
"extra": "-hardened1",
"name": "linux-hardened-5.15.149-hardened1.patch",
"sha256": "1y56l5l50h673a4n2pb3i3wh494lpnlw9vvdfr6m0jr0vymldb57",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.149-hardened1/linux-hardened-5.15.149-hardened1.patch"
"name": "linux-hardened-5.15.151-hardened1.patch",
"sha256": "040jc5n9qsdz2wv5ksfvc28vd72nmya2i2f0ps0jiras6l2wlhjz",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.151-hardened1/linux-hardened-5.15.151-hardened1.patch"
},
"sha256": "1c01fnaghj55mkgsgddznq1zq4mswsa05rz00kmh1d3y6sd8115x",
"version": "5.15.149"
"sha256": "0jby224ncdardjwmf8c59s5j71inpvdlzah984ilf2b6y85pc7la",
"version": "5.15.151"
},
"5.4": {
"patch": {
"extra": "-hardened1",
"name": "linux-hardened-5.4.269-hardened1.patch",
"sha256": "06vf0mlp822i4bkpsxbyk1xjlbzabqpncy8qw9zajpjajwv87d7x",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.269-hardened1/linux-hardened-5.4.269-hardened1.patch"
"name": "linux-hardened-5.4.271-hardened1.patch",
"sha256": "0rw5il7885d0d3k2hmh46541svib6rp32g00fcl5bw37ydmq3z8b",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.271-hardened1/linux-hardened-5.4.271-hardened1.patch"
},
"sha256": "1kqqm4hpif3jy2ycnb0dfjgzyn18vqhm1i5q7d7rkisks33bwm7z",
"version": "5.4.269"
"sha256": "0l2qv4xlhnry9crs90rkihsxyny6jz8kxw08bfad7nys9hrn3g6d",
"version": "5.4.271"
},
"6.1": {
"patch": {
"extra": "-hardened1",
"name": "linux-hardened-6.1.79-hardened1.patch",
"sha256": "0inip6pmlwrj75vwjimkjgvh4jn6ldrq5312r02xh1i95qb0sg3a",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.79-hardened1/linux-hardened-6.1.79-hardened1.patch"
"name": "linux-hardened-6.1.81-hardened1.patch",
"sha256": "0af9dxdsa858zyqc0vsrzg098afhg5vpb2wpr6gj2ykwc13iaf07",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.81-hardened1/linux-hardened-6.1.81-hardened1.patch"
},
"sha256": "16xkd0hcslqlcf55d4ivzhf1fkhfs5yy0m9arbax8pmm5yi9r97s",
"version": "6.1.79"
"sha256": "0arl96yrqplbmp2gjyqcfma1lgc30kbn95m0sflv0yyldwf8dg8f",
"version": "6.1.81"
},
"6.5": {
"patch": {
@ -62,12 +62,12 @@
"6.6": {
"patch": {
"extra": "-hardened1",
"name": "linux-hardened-6.6.18-hardened1.patch",
"sha256": "0svlck53b7bd38b9b0hzgppmhm59d35r2vqv30ga85ghkvc61byn",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/6.6.18-hardened1/linux-hardened-6.6.18-hardened1.patch"
"name": "linux-hardened-6.6.21-hardened1.patch",
"sha256": "0k35s5pj92lvfp6kw3isg78zc3gijsg0xbzcyvxdkmhzaq8j6i1i",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/6.6.21-hardened1/linux-hardened-6.6.21-hardened1.patch"
},
"sha256": "07cv97l5jiakmmv35n0ganvqfr0590b02f3qb617qkx1zg2xhhsf",
"version": "6.6.18"
"sha256": "0mz420w99agr7jv1jgqfr4fjhzbv005xif086sqx556s900l62zf",
"version": "6.6.21"
},
"6.7": {
"patch": {

32
pkgs/os-specific/linux/kernel/kernels-org.json
View File

@ -4,35 +4,35 @@
"hash": "sha256:0q9isgv6lxzrmb4idl0spxv2l7fsk3nn4cdq0vdw9c8lyzrh5yy0"
},
"6.1": {
"version": "6.1.81",
"hash": "sha256:0arl96yrqplbmp2gjyqcfma1lgc30kbn95m0sflv0yyldwf8dg8f"
"version": "6.1.82",
"hash": "sha256:01pcrcjp5mifjjmfz7j1jb8nhq8nkxspavxmv1l7d1qnskcx4l6i"
},
"5.15": {
"version": "5.15.151",
"hash": "sha256:0jby224ncdardjwmf8c59s5j71inpvdlzah984ilf2b6y85pc7la"
"version": "5.15.152",
"hash": "sha256:0zm4wkryj4mim4fr7pf5g9rlzh31yb1c40lkp85lvcm5yhjm507h"
},
"5.10": {
"version": "5.10.212",
"hash": "sha256:14vll2bghd52wngjxy78hgglydcxka59yziji0w56dcdpmky9wqc"
"version": "5.10.213",
"hash": "sha256:105df7w6m5a3fngi6ajqs5qblaq4lbxsgcppllrk7v1r68i31kw4"
},
"5.4": {
"version": "5.4.271",
"hash": "sha256:0l2qv4xlhnry9crs90rkihsxyny6jz8kxw08bfad7nys9hrn3g6d"
"version": "5.4.272",
"hash": "sha256:0rp3waqrm489crcrms2ls7fxcw5jdkjhazvx82z68gj0kaaxb69m"
},
"4.19": {
"version": "4.19.309",
"hash": "sha256:1yc45kfiwdqsqa11sxafs82b0day6qvgjcll8rx9vipidsmagbcm"
"version": "4.19.310",
"hash": "sha256:0sfy2g9jzxd8ia0idll72l7npi2kssdkz29h8jjxhilgmg299v4m"
},
"6.6": {
"version": "6.6.21",
"hash": "sha256:0mz420w99agr7jv1jgqfr4fjhzbv005xif086sqx556s900l62zf"
"version": "6.6.22",
"hash": "sha256:1x52c6ywmspp3naishzsknhy7i0b7mv9baxx25a0y987cjsygqr3"
},
"6.7": {
"version": "6.7.9",
"hash": "sha256:0inkvyrvq60j9lxgivkivq3qh94lsfc1dpv6vwgxmy3q0zy37mqg"
"version": "6.7.10",
"hash": "sha256:00vw90mypcliq0d72jdh1ql2dfmm7gpswln2qycxdz7rfsrrzfd9"
},
"6.8": {
"version": "6.8",
"hash": "sha256:1wv5x7qhcd05m8m0myyqm2il6mha1sx11h7ppf8yjsxvx2jdwsf9"
"version": "6.8.1",
"hash": "sha256:0s7zgk9m545v8y7qjhv7cprrh58j46gpmb8iynyhy2hlwcv8j34d"
}
}

4
pkgs/os-specific/linux/kernel/linux-libre.nix
View File

@ -1,8 +1,8 @@
{ stdenv, lib, fetchsvn, linux
, scripts ? fetchsvn {
url = "https://www.fsfla.org/svn/fsfla/software/linux-libre/releases/branches/";
rev = "19500";
sha256 = "1xlicxwb1j5m4yjyw9ybyffmilzg7xh847jxfl4jy318vjpkmffr";
rev = "19509";
sha256 = "0dkjvpb075jdasvic8sfpy0dj48fsxgj2yl0zrply7gkaahgns8q";
}
, ...
}:

6
pkgs/os-specific/linux/kernel/linux-rt-5.10.nix
View File

@ -6,7 +6,7 @@
, ... } @ args:
let
version = "5.10.210-rt102"; # updated by ./update-rt.sh
version = "5.10.211-rt103"; # updated by ./update-rt.sh
branch = lib.versions.majorMinor version;
kversion = builtins.elemAt (lib.splitString "-" version) 0;
in buildLinux (args // {
@ -17,14 +17,14 @@ in buildLinux (args // {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz";
sha256 = "0vggj3a71awc1w803cdzrnkn88rxr7l1xh9mmdcw9hzxj1d3r9jf";
sha256 = "1cir36s369fl6s46x16xnjg0wdlnkipsp2zhz11m9d3z205hly1s";
};
kernelPatches = let rt-patch = {
name = "rt";
patch = fetchurl {
url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz";
sha256 = "1q4365ix990iw33a63cpn61qvgf8rkzf658xyi0hnr6292hlvajj";
sha256 = "07br63p90gwmijxq8ad7iyi4d3fkm6jwwl2s2k1549bbaldchbk6";
};
}; in [ rt-patch ] ++ kernelPatches;

6
pkgs/os-specific/linux/kernel/linux-rt-5.4.nix
View File

@ -6,7 +6,7 @@
, ... } @ args:
let
version = "5.4.264-rt88"; # updated by ./update-rt.sh
version = "5.4.271-rt89"; # updated by ./update-rt.sh
branch = lib.versions.majorMinor version;
kversion = builtins.elemAt (lib.splitString "-" version) 0;
in buildLinux (args // {
@ -14,14 +14,14 @@ in buildLinux (args // {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v5.x/linux-${kversion}.tar.xz";
sha256 = "1c5n47dq9khb15hz24a000k3hj913vv1dda6famnm8wpjbfr176k";
sha256 = "0l2qv4xlhnry9crs90rkihsxyny6jz8kxw08bfad7nys9hrn3g6d";
};
kernelPatches = let rt-patch = {
name = "rt";
patch = fetchurl {
url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz";
sha256 = "1yzdiip1fm9szx2hhvq9ph7jq00qglb1skis6gv0184g0ls2qddg";
sha256 = "15k9jja5yd9zf5yhd7hhydwh4hksg2mybk66jhdjsryh4w9jav7z";
};
}; in [ rt-patch ] ++ kernelPatches;

6
pkgs/os-specific/linux/kernel/linux-rt-6.6.nix
View File

@ -6,7 +6,7 @@
, ... } @ args:
let
version = "6.6.20-rt25"; # updated by ./update-rt.sh
version = "6.6.21-rt26"; # updated by ./update-rt.sh
branch = lib.versions.majorMinor version;
kversion = builtins.elemAt (lib.splitString "-" version) 0;
in buildLinux (args // {
@ -18,14 +18,14 @@ in buildLinux (args // {
src = fetchurl {
url = "mirror://kernel/linux/kernel/v6.x/linux-${kversion}.tar.xz";
sha256 = "08nxv2240d2ak6p2vsbjasnp7askamswby3h6cclhhihkgrwgxp2";
sha256 = "0mz420w99agr7jv1jgqfr4fjhzbv005xif086sqx556s900l62zf";
};
kernelPatches = let rt-patch = {
name = "rt";
patch = fetchurl {
url = "mirror://kernel/linux/kernel/projects/rt/${branch}/older/patch-${version}.patch.xz";
sha256 = "1sfalbcfzzjmskxpix1850cypg4zixwzbd9rmpg37n8lclivn2gv";
sha256 = "1sh2jkm3h52a5dkc72xgrw1kz1faw1kzhpbqg64gsxbivmxfvf21";
};
}; in [ rt-patch ] ++ kernelPatches;