summary refs log tree commit diff
path: root/pkgs/os-specific/linux/kernel
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/os-specific/linux/kernel')
-rw-r--r--pkgs/os-specific/linux/kernel/grsec-path.patch13
-rw-r--r--pkgs/os-specific/linux/kernel/linux-3.10.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/linux-3.12.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/linux-3.14.nix11
-rw-r--r--pkgs/os-specific/linux/kernel/linux-3.18.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/linux-3.19.nix11
-rw-r--r--pkgs/os-specific/linux/kernel/linux-3.4.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/linux-4.0.nix18
-rw-r--r--pkgs/os-specific/linux/kernel/manual-config.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/patches.nix12
10 files changed, 45 insertions, 40 deletions
diff --git a/pkgs/os-specific/linux/kernel/grsec-path.patch b/pkgs/os-specific/linux/kernel/grsec-path.patch
index aaf7d80dc91..6f477c22b5e 100644
--- a/pkgs/os-specific/linux/kernel/grsec-path.patch
+++ b/pkgs/os-specific/linux/kernel/grsec-path.patch
@@ -1,18 +1,17 @@
 diff --git a/kernel/kmod.c b/kernel/kmod.c
-index a26e825..29baec1 100644
+index a689506..30747b4 100644
 --- a/kernel/kmod.c
 +++ b/kernel/kmod.c
-@@ -294,10 +294,9 @@ static int ____call_usermodehelper(void *data)
+@@ -294,10 +294,8 @@ static int ____call_usermodehelper(void *data)
  	   out the path to be used prior to this point and are now operating
  	   on that copy
  	*/
 -	if ((strncmp(sub_info->path, "/sbin/", 6) && strncmp(sub_info->path, "/usr/lib/", 9) &&
 -	     strncmp(sub_info->path, "/lib/", 5) && strncmp(sub_info->path, "/lib64/", 7) &&
--	     strncmp(sub_info->path, "/usr/libexec/", 13) &&
+-	     strncmp(sub_info->path, "/usr/libexec/", 13) && strncmp(sub_info->path, "/usr/bin/", 9) &&
 -	     strcmp(sub_info->path, "/usr/share/apport/apport")) || strstr(sub_info->path, "..")) {
-+        if ((strncmp(sub_info->path, "/sbin/", 6) && strncmp(sub_info->path, "/nix/store/", 11) &&
-+             strncmp(sub_info->path, "/run/current-system/systemd/lib/", 32)) ||
-+             strstr(sub_info->path, "..")) {
- 		printk(KERN_ALERT "grsec: denied exec of usermode helper binary %.950s located outside of /sbin and system library paths\n", sub_info->path);
++	if ((strncmp(sub_info->path, "/sbin/", 6) && strncmp(sub_info->path, "/nix/store/", 11) &&
++	     strncmp(sub_info->path, "/run/current-system/systemd/lib/", 32)) || strstr(sub_info->path, "..")) {
+ 		printk(KERN_ALERT "grsec: denied exec of usermode helper binary %.950s located outside of permitted system paths\n", sub_info->path);
  		retval = -EPERM;
  		goto out;
diff --git a/pkgs/os-specific/linux/kernel/linux-3.10.nix b/pkgs/os-specific/linux/kernel/linux-3.10.nix
index 853b784a335..ff9f2f38243 100644
--- a/pkgs/os-specific/linux/kernel/linux-3.10.nix
+++ b/pkgs/os-specific/linux/kernel/linux-3.10.nix
@@ -1,12 +1,12 @@
 { stdenv, fetchurl, ... } @ args:
 
 import ./generic.nix (args // rec {
-  version = "3.10.73";
+  version = "3.10.75";
   extraMeta.branch = "3.10";
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz";
-    sha256 = "0xy8738sdbw7lbqwkmbhr2zghva5nyfqq163r6jmjr6cfw116kin";
+    sha256 = "00wqcmya2ky9f1djlq99mcq8fyvpabnjnp5cn61japlgk8p7r60q";
   };
 
   features.iwlwifi = true;
diff --git a/pkgs/os-specific/linux/kernel/linux-3.12.nix b/pkgs/os-specific/linux/kernel/linux-3.12.nix
index 951b55c2f35..bd8c7d99daa 100644
--- a/pkgs/os-specific/linux/kernel/linux-3.12.nix
+++ b/pkgs/os-specific/linux/kernel/linux-3.12.nix
@@ -1,12 +1,12 @@
 { stdenv, fetchurl, ... } @ args:
 
 import ./generic.nix (args // rec {
-  version = "3.12.39";
+  version = "3.12.40";
   extraMeta.branch = "3.12";
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz";
-    sha256 = "0svd2rnkrzpmnrv5qd5vfz4wkff6973s68zg5a1blmjs4p5asvl6";
+    sha256 = "1cdivv1n0r057y2wq38ci00im8z24jrnvyz5vwhmnzv0l4qzbhw5";
   };
 
   features.iwlwifi = true;
diff --git a/pkgs/os-specific/linux/kernel/linux-3.14.nix b/pkgs/os-specific/linux/kernel/linux-3.14.nix
index 8289235cd6e..188eb6f699c 100644
--- a/pkgs/os-specific/linux/kernel/linux-3.14.nix
+++ b/pkgs/os-specific/linux/kernel/linux-3.14.nix
@@ -1,22 +1,15 @@
 { stdenv, fetchurl, ... } @ args:
 
 import ./generic.nix (args // rec {
-  version = "3.14.37";
+  version = "3.14.39";
   # Remember to update grsecurity!
   extraMeta.branch = "3.14";
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz";
-    sha256 = "1pq4i97vys38rl8ylx4s08qgh9yz3cl840j1f70yzakmc2017byc";
+    sha256 = "0zgfiqlvmprbn55k9ijf6db027mxlcww76y47g4g7vcj5qrpq6rd";
   };
 
-  # FIXME: remove with the next point release.
-  kernelPatches = args.kernelPatches ++
-    [ { name = "btrfs-fix-deadlock";
-        patch = ./btrfs-fix-deadlock.patch;
-      }
-    ];
-
   features.iwlwifi = true;
   features.efiBootStub = true;
   features.needsCifsUtils = true;
diff --git a/pkgs/os-specific/linux/kernel/linux-3.18.nix b/pkgs/os-specific/linux/kernel/linux-3.18.nix
index 8f1d9bd2765..aabeee6302f 100644
--- a/pkgs/os-specific/linux/kernel/linux-3.18.nix
+++ b/pkgs/os-specific/linux/kernel/linux-3.18.nix
@@ -1,12 +1,12 @@
 { stdenv, fetchurl, ... } @ args:
 
 import ./generic.nix (args // rec {
-  version = "3.18.11";
+  version = "3.18.12";
   extraMeta.branch = "3.18";
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz";
-    sha256 = "19di7k38adnwimxddd1v6flgdsvxhgf8iswjwfyqi2p2bdcb0p5d";
+    sha256 = "06wfgg00vc5a2vvmg158ipbmigx803hdp3lhf4kv25p4sdmvbsl2";
   };
 
   # FIXME: remove with the next point release.
diff --git a/pkgs/os-specific/linux/kernel/linux-3.19.nix b/pkgs/os-specific/linux/kernel/linux-3.19.nix
index e42775f0356..79302819d7c 100644
--- a/pkgs/os-specific/linux/kernel/linux-3.19.nix
+++ b/pkgs/os-specific/linux/kernel/linux-3.19.nix
@@ -1,22 +1,15 @@
 { stdenv, fetchurl, ... } @ args:
 
 import ./generic.nix (args // rec {
-  version = "3.19.3";
+  version = "3.19.5";
   # Remember to update grsecurity!
   extraMeta.branch = "3.19";
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz";
-    sha256 = "0nis1r9fg562ysirzlyvfxvirpcfhxhhpfv3s13ccz20qiqiy46f";
+    sha256 = "0s2yiyk1ks0z2fj8a8g56hkp6mfyvh9c34m1jpixhg9zck9xjdix";
   };
 
-  # FIXME: remove with the next point release.
-  kernelPatches = args.kernelPatches ++
-    [ { name = "btrfs-fix-deadlock";
-        patch = ./btrfs-fix-deadlock.patch;
-      }
-    ];
-
   features.iwlwifi = true;
   features.efiBootStub = true;
   features.needsCifsUtils = true;
diff --git a/pkgs/os-specific/linux/kernel/linux-3.4.nix b/pkgs/os-specific/linux/kernel/linux-3.4.nix
index 2d053023721..eaf5bfad6d8 100644
--- a/pkgs/os-specific/linux/kernel/linux-3.4.nix
+++ b/pkgs/os-specific/linux/kernel/linux-3.4.nix
@@ -1,12 +1,12 @@
 { stdenv, fetchurl, ... } @ args:
 
 import ./generic.nix (args // rec {
-  version = "3.4.106";
+  version = "3.4.107";
   extraMeta.branch = "3.4";
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz";
-    sha256 = "1l1k2kmlz0j12ly63w3mhvdzp5fpc22ajda4kw66fyjx96npm8sc";
+    sha256 = "1y3mxisdcnz3kj416bpnnn9cn3wqqjqvcjadhylc1wypqkpcvphq";
   };
 
   kernelPatches = args.kernelPatches ++
diff --git a/pkgs/os-specific/linux/kernel/linux-4.0.nix b/pkgs/os-specific/linux/kernel/linux-4.0.nix
new file mode 100644
index 00000000000..b63aa7e9932
--- /dev/null
+++ b/pkgs/os-specific/linux/kernel/linux-4.0.nix
@@ -0,0 +1,18 @@
+{ stdenv, fetchurl, ... } @ args:
+
+import ./generic.nix (args // rec {
+  version = "4.0";
+  modDirVersion = "4.0.0";
+  extraMeta.branch = "4.0";
+
+  src = fetchurl {
+    url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
+    sha256 = "14argl6ywkggdvgiycfx4jl2d7290f631ly59wfggj4vjx27sbqg";
+  };
+
+  features.iwlwifi = true;
+  features.efiBootStub = true;
+  features.needsCifsUtils = true;
+  features.canDisableNetfilterConntrackHelpers = true;
+  features.netfilterRPFilter = true;
+} // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/manual-config.nix b/pkgs/os-specific/linux/kernel/manual-config.nix
index ea29c7f9e0c..620df6dd6cf 100644
--- a/pkgs/os-specific/linux/kernel/manual-config.nix
+++ b/pkgs/os-specific/linux/kernel/manual-config.nix
@@ -116,7 +116,9 @@ let
       ++ optional installsFirmware "INSTALL_FW_PATH=$(out)/lib/firmware";
 
       # Some image types need special install targets (e.g. uImage is installed with make uinstall)
-      installTargets = [ (if platform.kernelTarget == "uImage" then "uinstall" else "install") ];
+      installTargets = [ (if platform.kernelTarget == "uImage" then "uinstall" else
+                          if platform.kernelTarget == "zImage" then "zinstall" else
+                          "install") ];
 
       postInstall = (optionalString installsFirmware ''
         mkdir -p $out/lib/firmware
diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix
index 0b17c44be98..998717b1f5d 100644
--- a/pkgs/os-specific/linux/kernel/patches.nix
+++ b/pkgs/os-specific/linux/kernel/patches.nix
@@ -65,17 +65,17 @@ rec {
   };
 
   grsecurity_stable = grsecPatch
-    { kversion  = "3.14.37";
-      revision  = "201504051405";
+    { kversion  = "3.14.39";
+      revision  = "201504190814";
       branch    = "stable";
-      sha256    = "0w1rz5g4wwd22ivii7m7qjgakdynzjwpqxiydx51kiw5j0avkzs3";
+      sha256    = "0pjq0ggifh6hp5y62dl0ydskpmsmzj1cxxjaaqs6fpwn5ndsdji7";
     };
 
   grsecurity_unstable = grsecPatch
-    { kversion  = "3.19.3";
-      revision  = "201504021826";
+    { kversion  = "3.19.5";
+      revision  = "201504190814";
       branch    = "test";
-      sha256    = "0r3gsha4x9bkzg9n4rcwzi9f3hkbqrf8yga1dd83kyd10fns4lzm";
+      sha256    = "0wj9bximhs41b11hh113mishmc1ya8bncc0v91cbrivx5y5hjpz0";
     };
 
   grsec_fix_path =
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-19 16:06:39 +0000