Merge master into staging-next

author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> 2021-01-25 01:18:25 +0000
committer: GitHub <noreply@github.com> 2021-01-25 01:18:25 +0000
commit: b10ed56b8e950d57b2f4d9c2a2f21b61416065a4 (patch)
tree: b1cb1628f51986e00a35e15f543aed944a541b52 /pkgs/os-specific/linux
parent: cc8fd11ffb7fe5cd7f1cfa75ea987429f1b2e77d (diff)
parent: b8217bb14abbfa44d19afa1706f6e041114eccbc (diff)
11 files changed, 31 insertions, 67 deletions
diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json
index c75117769d1f..695477417aa8 100644
--- a/pkgs/os-specific/linux/kernel/hardened/patches.json
+++ b/pkgs/os-specific/linux/kernel/hardened/patches.json
@@ -1,32 +1,26 @@
 {
     "4.14": {
-        "extra": ".a",
-        "name": "linux-hardened-4.14.216.a.patch",
-        "sha256": "1pv0akd1dmhm10r9b7xambn3ipl1niypsmb3ibfmxdj4zln0g7aq",
-        "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.216.a/linux-hardened-4.14.216.a.patch"
+        "extra": "-hardened1",
+        "name": "linux-hardened-4.14.217-hardened1.patch",
+        "sha256": "1hb5fa06xw9rn0f77lklrlhb6vajr1hjv64qxv5y03l7zqfsi7lx",
+        "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.217-hardened1/linux-hardened-4.14.217-hardened1.patch"
     },
     "4.19": {
-        "extra": ".a",
-        "name": "linux-hardened-4.19.169.a.patch",
-        "sha256": "0l3n1yjsa777pdxh4ib7phpfrw7c8vr1xwzgs8khnffllj9f16iq",
-        "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.169.a/linux-hardened-4.19.169.a.patch"
+        "extra": "-hardened1",
+        "name": "linux-hardened-4.19.170-hardened1.patch",
+        "sha256": "0wx1bhkxyiqk6r51922dhv29jfkx6kfwk4w3z2rc8shpm6krdngv",
+        "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.170-hardened1/linux-hardened-4.19.170-hardened1.patch"
     },
     "5.10": {
-        "extra": ".a",
-        "name": "linux-hardened-5.10.9.a.patch",
-        "sha256": "0mkwyknafdbc2hqv4j7jjc6wsrrx6a76d69hxh7x90gi0s3f5rfw",
-        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.9.a/linux-hardened-5.10.9.a.patch"
+        "extra": "-hardened1",
+        "name": "linux-hardened-5.10.10-hardened1.patch",
+        "sha256": "0hm8ng073lzqcj5khgpxvr775z0jns9y00qj8b0n63yq0klm2pqh",
+        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.10-hardened1/linux-hardened-5.10.10-hardened1.patch"
     },
     "5.4": {
-        "extra": ".a",
-        "name": "linux-hardened-5.4.91.a.patch",
-        "sha256": "0kqn9g6wh4rp9riwkjmzapmnwk0fd5z18z26j2rqfgq7x4r8d7rm",
-        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.91.a/linux-hardened-5.4.91.a.patch"
-    },
-    "5.9": {
-        "extra": "",
-        "name": "linux-hardened-5.9.16.a.patch",
-        "sha256": "024wdzc9bwgr4nd4z0l6bazcl35jczhsmdl2lb26bvffjwg207rw",
-        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.9.16.a/linux-hardened-5.9.16.a.patch"
+        "extra": "-hardened1",
+        "name": "linux-hardened-5.4.92-hardened1.patch",
+        "sha256": "0qklpyrd20xsyrvw6ij8y337vjfnxlkyyvalzk96ngkvlfv5b7qh",
+        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.92-hardened1/linux-hardened-5.4.92-hardened1.patch"
     }
 }
diff --git a/pkgs/os-specific/linux/kernel/hardened/tag-hardened.patch b/pkgs/os-specific/linux/kernel/hardened/tag-hardened.patch
deleted file mode 100644
index ff8a3a127973..000000000000
--- a/pkgs/os-specific/linux/kernel/hardened/tag-hardened.patch
+++ /dev/null
@@ -1,7 +0,0 @@
-diff --git a/localversion-hardened b/localversion-hardened
-new file mode 100644
-index 0000000000..e578045860
---- /dev/null
-+++ b/localversion-hardened
-@@ -0,0 +1 @@
-+-hardened
diff --git a/pkgs/os-specific/linux/kernel/hardened/update.py b/pkgs/os-specific/linux/kernel/hardened/update.py
index b831c6491095..e96ac9ca8554 100755
--- a/pkgs/os-specific/linux/kernel/hardened/update.py
+++ b/pkgs/os-specific/linux/kernel/hardened/update.py
@@ -101,7 +101,7 @@ def verify_openpgp_signature(
 
 def fetch_patch(*, name: str, release_info: ReleaseInfo) -> Optional[Patch]:
     release = release_info.release
-    extra = f'.{release_info.version[-1]}'
+    extra = f'-{release_info.version[-1]}'
 
     def find_asset(filename: str) -> str:
         try:
@@ -138,7 +138,7 @@ def fetch_patch(*, name: str, release_info: ReleaseInfo) -> Optional[Patch]:
 
 def parse_version(version_str: str) -> Version:
     version: Version = []
-    for component in version_str.split("."):
+    for component in re.split('\.|\-', version_str):
         try:
             version.append(int(component))
         except ValueError:
@@ -208,7 +208,7 @@ failures = False
 releases = {}
 for release in repo.get_releases():
     version = parse_version(release.tag_name)
-    # needs to look like e.g. 5.6.3.a
+    # needs to look like e.g. 5.6.3-hardened1
     if len(version) < 4:
         continue
 
diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix
index c8b90b69d372..d1d9e94e2a6b 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.14.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.14.nix
@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "4.14.216";
+  version = "4.14.217";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "19dvxmqvs1ysl127zqdcqq2pyf7370jj66fd73zdx6ya2pplz1mp";
+    sha256 = "04adj8x7p1has4mh8ygxhqgwb1i08fz9izqw1y6xj5hh8cjnm8v2";
   };
 } // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-4.19.nix b/pkgs/os-specific/linux/kernel/linux-4.19.nix
index bf072e478645..2bc5321ea7f6 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.19.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.19.nix
@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "4.19.169";
+  version = "4.19.170";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "156y4ly7qyy5z7sbp2vccrs7za72k3zi2hfjpskqqd6civdlvln7";
+    sha256 = "0jjvwbxpfvmzj4z6gkd2mh3kz9vh8hsgsm0013866hzgz1j043fx";
   };
 } // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-4.4.nix b/pkgs/os-specific/linux/kernel/linux-4.4.nix
index 1e3b353650a1..9c04ee72238f 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.4.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.4.nix
@@ -1,11 +1,11 @@
 { stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args:
 
 buildLinux (args // rec {
-  version = "4.4.252";
+  version = "4.4.253";
   extraMeta.branch = "4.4";
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "0lchvfvn0kvqh1yixwscz4wrzd965zsxjkpc7nqiw9rhmvma3paf";
+    sha256 = "0nlqnfhrkaj2s582kc0wxqi0881hgp6l9z85qx4ckflc8jwrh7k6";
   };
 } // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-4.9.nix b/pkgs/os-specific/linux/kernel/linux-4.9.nix
index 5e67d55dab00..df298ade0842 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.9.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.9.nix
@@ -1,11 +1,11 @@
 { stdenv, buildPackages, fetchurl, perl, buildLinux, ... } @ args:
 
 buildLinux (args // rec {
-  version = "4.9.252";
+  version = "4.9.253";
   extraMeta.branch = "4.9";
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "1shllgrmxi6darnyzwkzazzjhpwxhm19z1swv40hnm0pbvgxm7hw";
+    sha256 = "065w35vb0qp4fvnwmcx7f92inmx64f9r04zzwcwbs0826nl52nws";
   };
 } // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-5.10.nix b/pkgs/os-specific/linux/kernel/linux-5.10.nix
index ca6f1eeaf49b..0eaa148a49c0 100644
--- a/pkgs/os-specific/linux/kernel/linux-5.10.nix
+++ b/pkgs/os-specific/linux/kernel/linux-5.10.nix
@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "5.10.9";
+  version = "5.10.10";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
-    sha256 = "0la7dklpy6xd79fkzavpmlfyrc60kmmwz491msd95dmvv06kwwvz";
+    sha256 = "06fvgkrn9127xw9kly6l4ws3yv80q8xfqdzaam92lljim5pqdvb0";
   };
 } // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-5.4.nix b/pkgs/os-specific/linux/kernel/linux-5.4.nix
index 28a481b2f8ae..0469b731b894 100644
--- a/pkgs/os-specific/linux/kernel/linux-5.4.nix
+++ b/pkgs/os-specific/linux/kernel/linux-5.4.nix
@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "5.4.91";
+  version = "5.4.92";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
-    sha256 = "05swzh4gb0mk6wzza0k6b0283cygkvj8a2d2b2gab6sb0fxn208f";
+    sha256 = "1zcl4dadyfrgmx6rh0ncy403rsqb1qs092m6zr6b3i14i3wpz4y0";
   };
 } // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-5.9.nix b/pkgs/os-specific/linux/kernel/linux-5.9.nix
deleted file mode 100644
index 5f7db41c9a97..000000000000
--- a/pkgs/os-specific/linux/kernel/linux-5.9.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{ lib, stdenv, buildPackages, fetchurl, perl, buildLinux, modDirVersionArg ? null, ... } @ args:
-
-with lib;
-
-buildLinux (args // rec {
-  version = "5.9.16";
-
-  # modDirVersion needs to be x.y.z, will automatically add .0 if needed
-  modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
-
-  # branchVersion needs to be x.y
-  extraMeta.branch = versions.majorMinor version;
-
-  src = fetchurl {
-    url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
-    sha256 = "11mbnjvb5d5gwbrwlkqvzpg1ij4m19l5wr3wca9iiyg5i2papmxh";
-  };
-} // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix
index 6b1568013b92..e7667bf1bc29 100644
--- a/pkgs/os-specific/linux/kernel/patches.nix
+++ b/pkgs/os-specific/linux/kernel/patches.nix
@@ -33,11 +33,6 @@
 
   cpu-cgroup-v2 = import ./cpu-cgroup-v2-patches;
 
-  tag_hardened = {
-    name = "tag-hardened";
-    patch = ./hardened/tag-hardened.patch;
-  };
-
   hardened = let
     mkPatch = kernelVersion: src: {
       name = lib.removeSuffix ".patch" src.name;
author	github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2021-01-25 01:18:25 +0000
committer	GitHub <noreply@github.com>	2021-01-25 01:18:25 +0000
commit	b10ed56b8e950d57b2f4d9c2a2f21b61416065a4 (patch)
tree	b1cb1628f51986e00a35e15f543aed944a541b52 /pkgs/os-specific/linux
parent	cc8fd11ffb7fe5cd7f1cfa75ea987429f1b2e77d (diff)
parent	b8217bb14abbfa44d19afa1706f6e041114eccbc (diff)