diff options
author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2021-01-25 01:18:25 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-01-25 01:18:25 +0000 |
commit | b10ed56b8e950d57b2f4d9c2a2f21b61416065a4 (patch) | |
tree | b1cb1628f51986e00a35e15f543aed944a541b52 /pkgs/os-specific/linux | |
parent | cc8fd11ffb7fe5cd7f1cfa75ea987429f1b2e77d (diff) | |
parent | b8217bb14abbfa44d19afa1706f6e041114eccbc (diff) |
Merge master into staging-next
Diffstat (limited to 'pkgs/os-specific/linux')
-rw-r--r-- | pkgs/os-specific/linux/kernel/hardened/patches.json | 38 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/hardened/tag-hardened.patch | 7 | ||||
-rwxr-xr-x | pkgs/os-specific/linux/kernel/hardened/update.py | 6 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-4.14.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-4.19.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-4.4.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-4.9.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-5.10.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-5.4.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-5.9.nix | 18 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/patches.nix | 5 |
11 files changed, 31 insertions, 67 deletions
diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index c75117769d1f..695477417aa8 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -1,32 +1,26 @@ { "4.14": { - "extra": ".a", - "name": "linux-hardened-4.14.216.a.patch", - "sha256": "1pv0akd1dmhm10r9b7xambn3ipl1niypsmb3ibfmxdj4zln0g7aq", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.216.a/linux-hardened-4.14.216.a.patch" + "extra": "-hardened1", + "name": "linux-hardened-4.14.217-hardened1.patch", + "sha256": "1hb5fa06xw9rn0f77lklrlhb6vajr1hjv64qxv5y03l7zqfsi7lx", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.217-hardened1/linux-hardened-4.14.217-hardened1.patch" }, "4.19": { - "extra": ".a", - "name": "linux-hardened-4.19.169.a.patch", - "sha256": "0l3n1yjsa777pdxh4ib7phpfrw7c8vr1xwzgs8khnffllj9f16iq", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.169.a/linux-hardened-4.19.169.a.patch" + "extra": "-hardened1", + "name": "linux-hardened-4.19.170-hardened1.patch", + "sha256": "0wx1bhkxyiqk6r51922dhv29jfkx6kfwk4w3z2rc8shpm6krdngv", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.170-hardened1/linux-hardened-4.19.170-hardened1.patch" }, "5.10": { - "extra": ".a", - "name": "linux-hardened-5.10.9.a.patch", - "sha256": "0mkwyknafdbc2hqv4j7jjc6wsrrx6a76d69hxh7x90gi0s3f5rfw", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.9.a/linux-hardened-5.10.9.a.patch" + "extra": "-hardened1", + "name": "linux-hardened-5.10.10-hardened1.patch", + "sha256": "0hm8ng073lzqcj5khgpxvr775z0jns9y00qj8b0n63yq0klm2pqh", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.10-hardened1/linux-hardened-5.10.10-hardened1.patch" }, "5.4": { - "extra": ".a", - "name": "linux-hardened-5.4.91.a.patch", - "sha256": "0kqn9g6wh4rp9riwkjmzapmnwk0fd5z18z26j2rqfgq7x4r8d7rm", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.91.a/linux-hardened-5.4.91.a.patch" - }, - "5.9": { - "extra": "", - "name": "linux-hardened-5.9.16.a.patch", - "sha256": "024wdzc9bwgr4nd4z0l6bazcl35jczhsmdl2lb26bvffjwg207rw", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.9.16.a/linux-hardened-5.9.16.a.patch" + "extra": "-hardened1", + "name": "linux-hardened-5.4.92-hardened1.patch", + "sha256": "0qklpyrd20xsyrvw6ij8y337vjfnxlkyyvalzk96ngkvlfv5b7qh", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.92-hardened1/linux-hardened-5.4.92-hardened1.patch" } } diff --git a/pkgs/os-specific/linux/kernel/hardened/tag-hardened.patch b/pkgs/os-specific/linux/kernel/hardened/tag-hardened.patch deleted file mode 100644 index ff8a3a127973..000000000000 --- a/pkgs/os-specific/linux/kernel/hardened/tag-hardened.patch +++ /dev/null @@ -1,7 +0,0 @@ -diff --git a/localversion-hardened b/localversion-hardened -new file mode 100644 -index 0000000000..e578045860 ---- /dev/null -+++ b/localversion-hardened -@@ -0,0 +1 @@ -+-hardened diff --git a/pkgs/os-specific/linux/kernel/hardened/update.py b/pkgs/os-specific/linux/kernel/hardened/update.py index b831c6491095..e96ac9ca8554 100755 --- a/pkgs/os-specific/linux/kernel/hardened/update.py +++ b/pkgs/os-specific/linux/kernel/hardened/update.py @@ -101,7 +101,7 @@ def verify_openpgp_signature( def fetch_patch(*, name: str, release_info: ReleaseInfo) -> Optional[Patch]: release = release_info.release - extra = f'.{release_info.version[-1]}' + extra = f'-{release_info.version[-1]}' def find_asset(filename: str) -> str: try: @@ -138,7 +138,7 @@ def fetch_patch(*, name: str, release_info: ReleaseInfo) -> Optional[Patch]: def parse_version(version_str: str) -> Version: version: Version = [] - for component in version_str.split("."): + for component in re.split('\.|\-', version_str): try: version.append(int(component)) except ValueError: @@ -208,7 +208,7 @@ failures = False releases = {} for release in repo.get_releases(): version = parse_version(release.tag_name) - # needs to look like e.g. 5.6.3.a + # needs to look like e.g. 5.6.3-hardened1 if len(version) < 4: continue diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix index c8b90b69d372..d1d9e94e2a6b 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.14.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "4.14.216"; + version = "4.14.217"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "19dvxmqvs1ysl127zqdcqq2pyf7370jj66fd73zdx6ya2pplz1mp"; + sha256 = "04adj8x7p1has4mh8ygxhqgwb1i08fz9izqw1y6xj5hh8cjnm8v2"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.19.nix b/pkgs/os-specific/linux/kernel/linux-4.19.nix index bf072e478645..2bc5321ea7f6 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.19.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.19.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "4.19.169"; + version = "4.19.170"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "156y4ly7qyy5z7sbp2vccrs7za72k3zi2hfjpskqqd6civdlvln7"; + sha256 = "0jjvwbxpfvmzj4z6gkd2mh3kz9vh8hsgsm0013866hzgz1j043fx"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.4.nix b/pkgs/os-specific/linux/kernel/linux-4.4.nix index 1e3b353650a1..9c04ee72238f 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.4.nix @@ -1,11 +1,11 @@ { stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args: buildLinux (args // rec { - version = "4.4.252"; + version = "4.4.253"; extraMeta.branch = "4.4"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0lchvfvn0kvqh1yixwscz4wrzd965zsxjkpc7nqiw9rhmvma3paf"; + sha256 = "0nlqnfhrkaj2s582kc0wxqi0881hgp6l9z85qx4ckflc8jwrh7k6"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.9.nix b/pkgs/os-specific/linux/kernel/linux-4.9.nix index 5e67d55dab00..df298ade0842 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.9.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.9.nix @@ -1,11 +1,11 @@ { stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args: buildLinux (args // rec { - version = "4.9.252"; + version = "4.9.253"; extraMeta.branch = "4.9"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1shllgrmxi6darnyzwkzazzjhpwxhm19z1swv40hnm0pbvgxm7hw"; + sha256 = "065w35vb0qp4fvnwmcx7f92inmx64f9r04zzwcwbs0826nl52nws"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-5.10.nix b/pkgs/os-specific/linux/kernel/linux-5.10.nix index ca6f1eeaf49b..0eaa148a49c0 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.10.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.10.9"; + version = "5.10.10"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "0la7dklpy6xd79fkzavpmlfyrc60kmmwz491msd95dmvv06kwwvz"; + sha256 = "06fvgkrn9127xw9kly6l4ws3yv80q8xfqdzaam92lljim5pqdvb0"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-5.4.nix b/pkgs/os-specific/linux/kernel/linux-5.4.nix index 28a481b2f8ae..0469b731b894 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.4.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.4.91"; + version = "5.4.92"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "05swzh4gb0mk6wzza0k6b0283cygkvj8a2d2b2gab6sb0fxn208f"; + sha256 = "1zcl4dadyfrgmx6rh0ncy403rsqb1qs092m6zr6b3i14i3wpz4y0"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-5.9.nix b/pkgs/os-specific/linux/kernel/linux-5.9.nix deleted file mode 100644 index 5f7db41c9a97..000000000000 --- a/pkgs/os-specific/linux/kernel/linux-5.9.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ lib, stdenv, buildPackages, fetchurl, perl, buildLinux, modDirVersionArg ? null, ... } @ args: - -with lib; - -buildLinux (args // rec { - version = "5.9.16"; - - # modDirVersion needs to be x.y.z, will automatically add .0 if needed - modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; - - # branchVersion needs to be x.y - extraMeta.branch = versions.majorMinor version; - - src = fetchurl { - url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "11mbnjvb5d5gwbrwlkqvzpg1ij4m19l5wr3wca9iiyg5i2papmxh"; - }; -} // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index 6b1568013b92..e7667bf1bc29 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -33,11 +33,6 @@ cpu-cgroup-v2 = import ./cpu-cgroup-v2-patches; - tag_hardened = { - name = "tag-hardened"; - patch = ./hardened/tag-hardened.patch; - }; - hardened = let mkPatch = kernelVersion: src: { name = lib.removeSuffix ".patch" src.name; |