Skip to content

Commit

Permalink
Merge pull request NixOS#274043 from NixOS/backport-273841-to-release…
Browse files Browse the repository at this point in the history 
…-23.05

[Backport release-23.05] Linux hardened kernel updates for 2023-12-12
  • Loading branch information
@dasJ
dasJ authored Dec 15, 2023
2 parents 4f256f8 + 5ef770e commit 9f617c1
Show file tree
Hide file tree
Showing 3 changed files with 46 additions and 42 deletions.
84 changes: 42 additions & 42 deletions pkgs/os-specific/linux/kernel/hardened/patches.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,81 +2,81 @@
"4.14": {
"patch": {
"extra": "-hardened1",
"name": "linux-hardened-4.14.328-hardened1.patch",
"sha256": "1qq2l4nwhxgl4drx6isc1ly892kffjq4hqb4zadqs6sxvsdm7x57",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.328-hardened1/linux-hardened-4.14.328-hardened1.patch"
"name": "linux-hardened-4.14.332-hardened1.patch",
"sha256": "1nda3z8hkyfw53dzk1v5zwpzhm75gizsixfmrh8ylaghhk5s8yw3",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.332-hardened1/linux-hardened-4.14.332-hardened1.patch"
},
"sha256": "1igcpvnhwwrczfdsafmszvi0456k7f6j4cgpfw6v6afw09p95d8x",
"version": "4.14.328"
"sha256": "1f4q0acbp917myjmgiy4haxp78yak5h1rj5g937r6mkykwb6nb14",
"version": "4.14.332"
},
"4.19": {
"patch": {
"extra": "-hardened1",
"name": "linux-hardened-4.19.297-hardened1.patch",
"sha256": "1qj09bynl7ml880xpc2956jn0b1gmm77yf3jc45v3jq3610jhna4",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.297-hardened1/linux-hardened-4.19.297-hardened1.patch"
"name": "linux-hardened-4.19.301-hardened1.patch",
"sha256": "0arlwp0g4anqlnivyc8y6rq9mhq1ivmy4i0d8kqvwpc2b3wcc525",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.301-hardened1/linux-hardened-4.19.301-hardened1.patch"
},
"sha256": "0c9xxqgv2i36hrr06dwz7f3idc04xpv0a5pxg08xdh03cnyf12cx",
"version": "4.19.297"
"sha256": "1fr05fl8fyyjgsqj8fppd5v378d7sazvpqlq4sl875851fd9nmb2",
"version": "4.19.301"
},
"5.10": {
"patch": {
"extra": "-hardened1",
"name": "linux-hardened-5.10.199-hardened1.patch",
"sha256": "10vwd5wygfnxpbz15bq56pjygba3vqqal0d7xry2bch4p444pp5f",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.199-hardened1/linux-hardened-5.10.199-hardened1.patch"
"name": "linux-hardened-5.10.203-hardened1.patch",
"sha256": "19inx95ynyzhh2h9xdg2yw4yfa5nfcw2dh2a7vw4mf0bqdv2iqvc",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.203-hardened1/linux-hardened-5.10.203-hardened1.patch"
},
"sha256": "1h944syk7n6c4j1djlx19n77alzwbxcdza77c9ykicgfynhpgsm0",
"version": "5.10.199"
"sha256": "0xr8p7kfr1v3s41fv55ph0l8d9s2p146dl2fh3r2y09lrvwwxssn",
"version": "5.10.203"
},
"5.15": {
"patch": {
"extra": "-hardened1",
"name": "linux-hardened-5.15.137-hardened1.patch",
"sha256": "19gs1w380qgvazwjwhxypizpfx71faa7hsji0x5cgyw6vxhi6l1b",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.137-hardened1/linux-hardened-5.15.137-hardened1.patch"
"name": "linux-hardened-5.15.142-hardened1.patch",
"sha256": "0x4bsf638rrdrp9b389i6nlprwsfc25qpld50yfcjinqhiykd269",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.142-hardened1/linux-hardened-5.15.142-hardened1.patch"
},
"sha256": "1xxjbxldrhmnh2q6rykpxyfbj8xqgl82q30n8sfavrzr14bb4jcp",
"version": "5.15.137"
"sha256": "0xjn16b02f8d6c0m8vrbmk85kdyfy8m46s80rnkb0nnwfx9cjxld",
"version": "5.15.142"
},
"5.4": {
"patch": {
"extra": "-hardened1",
"name": "linux-hardened-5.4.259-hardened1.patch",
"sha256": "1w8ipflgisd127gmx6wyz8p5qfi8cfd2a5j2xgibspkf45nzfwi8",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.259-hardened1/linux-hardened-5.4.259-hardened1.patch"
"name": "linux-hardened-5.4.263-hardened1.patch",
"sha256": "1v59qzjp9v78y7fkj884a77pjsk4ggplkfh1fq2blj04g7v1zhgv",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.263-hardened1/linux-hardened-5.4.263-hardened1.patch"
},
"sha256": "195v4fidavzm637glj6580006mrcaygnbj4za874imb62bxf9rpz",
"version": "5.4.259"
"sha256": "1y1mfwjsilrx8x8jnjlyh8r9zlygjjqdf7pay92jv2qijjddpl2h",
"version": "5.4.263"
},
"6.1": {
"patch": {
"extra": "-hardened1",
"name": "linux-hardened-6.1.61-hardened1.patch",
"sha256": "0d9zhh32dx1q828q50kmznmsa6yinppbklhgg8ix7b7k23857ha6",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.61-hardened1/linux-hardened-6.1.61-hardened1.patch"
"name": "linux-hardened-6.1.67-hardened1.patch",
"sha256": "0jcn2k79l90dys4nrwqha89jv9d1ffghhvlqk9vibfs7y3zrlpbr",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.67-hardened1/linux-hardened-6.1.67-hardened1.patch"
},
"sha256": "1kk4d7ph6pvgdrdmaklg15wf58nw9n7yqgkag7jdvqinzh99sb5d",
"version": "6.1.61"
"sha256": "11cjqll3b7iq3mblwyzjrd5ph8avgk23f4mw4shm8j6ai5rdndvm",
"version": "6.1.67"
},
"6.4": {
"6.5": {
"patch": {
"extra": "-hardened1",
"name": "linux-hardened-6.4.16-hardened1.patch",
"sha256": "10lydnnhhq9ynng1gfaqh1mncsb0dmr27zzcbygs1xigy2bl70n9",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/6.4.16-hardened1/linux-hardened-6.4.16-hardened1.patch"
"name": "linux-hardened-6.5.13-hardened1.patch",
"sha256": "1fj6yaq2gdjlj2h19vkm13jrx0yiczj6pvric1kq1r6cprqrkkki",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/6.5.13-hardened1/linux-hardened-6.5.13-hardened1.patch"
},
"sha256": "0zgj1z97jyx7wf12zrnlcp0mj4cl43ais9qsy6dh1jwylf2fq9ln",
"version": "6.4.16"
"sha256": "1dfbbydmayfj9npx3z0g38p574pmcx3qgs49dv0npigl48wd9yvq",
"version": "6.5.13"
},
"6.5": {
"6.6": {
"patch": {
"extra": "-hardened1",
"name": "linux-hardened-6.5.10-hardened1.patch",
"sha256": "0p2lj7ryiizr1sxvm2kgds3l8sg9fns35y2fcyqq61lg7ymzj1fi",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/6.5.10-hardened1/linux-hardened-6.5.10-hardened1.patch"
"name": "linux-hardened-6.6.6-hardened1.patch",
"sha256": "0jhhixayka13rb0cd0qbsqpb7awayjdbn8qyx7wya1y83cgyn2ly",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/6.6.6-hardened1/linux-hardened-6.6.6-hardened1.patch"
},
"sha256": "12sswml8jvabv6bqx35lg3jj6gq8jjk365rghjngdy5d0j34jpx1",
"version": "6.5.10"
"sha256": "1j14n8b012pv3r7i9p762jyabzn2nv1ranxyw5lk3c9lg68hmxzb",
"version": "6.6.6"
}
}
2 changes: 2 additions & 0 deletions pkgs/top-level/all-packages.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27114,6 +27114,8 @@ with pkgs;
linux_6_1_hardened = linuxKernel.kernels.linux_6_1_hardened;
linuxPackages_6_5_hardened = linuxKernel.packages.linux_6_5_hardened;
linux_6_5_hardened = linuxKernel.kernels.linux_6_5_hardened;
linuxPackages_6_6_hardened = linuxKernel.packages.linux_6_6_hardened;
linux_6_6_hardened = linuxKernel.kernels.linux_6_6_hardened;

# Hardkernel (Odroid) kernels.
linuxPackages_hardkernel_latest = linuxKernel.packageAliases.linux_hardkernel_latest;
Expand Down
2 changes: 2 additions & 0 deletions pkgs/top-level/linux-kernels.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -287,6 +287,7 @@ in {
linux_5_15_hardened = hardenedKernelFor kernels.linux_5_15 { };
linux_6_1_hardened = hardenedKernelFor kernels.linux_6_1 { };
linux_6_5_hardened = hardenedKernelFor kernels.linux_6_5 { };
linux_6_6_hardened = hardenedKernelFor kernels.linux_6_6 { };

} // lib.optionalAttrs config.allowAliases {
linux_4_9 = throw "linux 4.9 was removed because it will reach its end of life within 22.11";
Expand Down Expand Up @@ -637,6 +638,7 @@ in {
linux_5_15_hardened = recurseIntoAttrs (packagesFor kernels.linux_5_15_hardened);
linux_6_1_hardened = recurseIntoAttrs (packagesFor kernels.linux_6_1_hardened);
linux_6_5_hardened = recurseIntoAttrs (packagesFor kernels.linux_6_5_hardened);
linux_6_6_hardened = recurseIntoAttrs (packagesFor kernels.linux_6_6_hardened);

linux_zen = recurseIntoAttrs (packagesFor kernels.linux_zen);
linux_lqx = recurseIntoAttrs (packagesFor kernels.linux_lqx);
Expand Down

0 comments on commit 9f617c1

Please sign in to comment.