diff options
Diffstat (limited to 'pkgs/os-specific/linux/kernel')
-rw-r--r-- | pkgs/os-specific/linux/kernel/grsec-path.patch | 13 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-3.10.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-3.12.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-3.14.nix | 11 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-3.18.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-3.19.nix | 11 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-3.4.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-4.0.nix | 18 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/manual-config.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/patches.nix | 12 |
10 files changed, 45 insertions, 40 deletions
diff --git a/pkgs/os-specific/linux/kernel/grsec-path.patch b/pkgs/os-specific/linux/kernel/grsec-path.patch index aaf7d80dc91..6f477c22b5e 100644 --- a/pkgs/os-specific/linux/kernel/grsec-path.patch +++ b/pkgs/os-specific/linux/kernel/grsec-path.patch @@ -1,18 +1,17 @@ diff --git a/kernel/kmod.c b/kernel/kmod.c -index a26e825..29baec1 100644 +index a689506..30747b4 100644 --- a/kernel/kmod.c +++ b/kernel/kmod.c -@@ -294,10 +294,9 @@ static int ____call_usermodehelper(void *data) +@@ -294,10 +294,8 @@ static int ____call_usermodehelper(void *data) out the path to be used prior to this point and are now operating on that copy */ - if ((strncmp(sub_info->path, "/sbin/", 6) && strncmp(sub_info->path, "/usr/lib/", 9) && - strncmp(sub_info->path, "/lib/", 5) && strncmp(sub_info->path, "/lib64/", 7) && -- strncmp(sub_info->path, "/usr/libexec/", 13) && +- strncmp(sub_info->path, "/usr/libexec/", 13) && strncmp(sub_info->path, "/usr/bin/", 9) && - strcmp(sub_info->path, "/usr/share/apport/apport")) || strstr(sub_info->path, "..")) { -+ if ((strncmp(sub_info->path, "/sbin/", 6) && strncmp(sub_info->path, "/nix/store/", 11) && -+ strncmp(sub_info->path, "/run/current-system/systemd/lib/", 32)) || -+ strstr(sub_info->path, "..")) { - printk(KERN_ALERT "grsec: denied exec of usermode helper binary %.950s located outside of /sbin and system library paths\n", sub_info->path); ++ if ((strncmp(sub_info->path, "/sbin/", 6) && strncmp(sub_info->path, "/nix/store/", 11) && ++ strncmp(sub_info->path, "/run/current-system/systemd/lib/", 32)) || strstr(sub_info->path, "..")) { + printk(KERN_ALERT "grsec: denied exec of usermode helper binary %.950s located outside of permitted system paths\n", sub_info->path); retval = -EPERM; goto out; diff --git a/pkgs/os-specific/linux/kernel/linux-3.10.nix b/pkgs/os-specific/linux/kernel/linux-3.10.nix index 853b784a335..ff9f2f38243 100644 --- a/pkgs/os-specific/linux/kernel/linux-3.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-3.10.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, ... } @ args: import ./generic.nix (args // rec { - version = "3.10.73"; + version = "3.10.75"; extraMeta.branch = "3.10"; src = fetchurl { url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz"; - sha256 = "0xy8738sdbw7lbqwkmbhr2zghva5nyfqq163r6jmjr6cfw116kin"; + sha256 = "00wqcmya2ky9f1djlq99mcq8fyvpabnjnp5cn61japlgk8p7r60q"; }; features.iwlwifi = true; diff --git a/pkgs/os-specific/linux/kernel/linux-3.12.nix b/pkgs/os-specific/linux/kernel/linux-3.12.nix index 951b55c2f35..bd8c7d99daa 100644 --- a/pkgs/os-specific/linux/kernel/linux-3.12.nix +++ b/pkgs/os-specific/linux/kernel/linux-3.12.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, ... } @ args: import ./generic.nix (args // rec { - version = "3.12.39"; + version = "3.12.40"; extraMeta.branch = "3.12"; src = fetchurl { url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz"; - sha256 = "0svd2rnkrzpmnrv5qd5vfz4wkff6973s68zg5a1blmjs4p5asvl6"; + sha256 = "1cdivv1n0r057y2wq38ci00im8z24jrnvyz5vwhmnzv0l4qzbhw5"; }; features.iwlwifi = true; diff --git a/pkgs/os-specific/linux/kernel/linux-3.14.nix b/pkgs/os-specific/linux/kernel/linux-3.14.nix index 8289235cd6e..188eb6f699c 100644 --- a/pkgs/os-specific/linux/kernel/linux-3.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-3.14.nix @@ -1,22 +1,15 @@ { stdenv, fetchurl, ... } @ args: import ./generic.nix (args // rec { - version = "3.14.37"; + version = "3.14.39"; # Remember to update grsecurity! extraMeta.branch = "3.14"; src = fetchurl { url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz"; - sha256 = "1pq4i97vys38rl8ylx4s08qgh9yz3cl840j1f70yzakmc2017byc"; + sha256 = "0zgfiqlvmprbn55k9ijf6db027mxlcww76y47g4g7vcj5qrpq6rd"; }; - # FIXME: remove with the next point release. - kernelPatches = args.kernelPatches ++ - [ { name = "btrfs-fix-deadlock"; - patch = ./btrfs-fix-deadlock.patch; - } - ]; - features.iwlwifi = true; features.efiBootStub = true; features.needsCifsUtils = true; diff --git a/pkgs/os-specific/linux/kernel/linux-3.18.nix b/pkgs/os-specific/linux/kernel/linux-3.18.nix index 8f1d9bd2765..aabeee6302f 100644 --- a/pkgs/os-specific/linux/kernel/linux-3.18.nix +++ b/pkgs/os-specific/linux/kernel/linux-3.18.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, ... } @ args: import ./generic.nix (args // rec { - version = "3.18.11"; + version = "3.18.12"; extraMeta.branch = "3.18"; src = fetchurl { url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz"; - sha256 = "19di7k38adnwimxddd1v6flgdsvxhgf8iswjwfyqi2p2bdcb0p5d"; + sha256 = "06wfgg00vc5a2vvmg158ipbmigx803hdp3lhf4kv25p4sdmvbsl2"; }; # FIXME: remove with the next point release. diff --git a/pkgs/os-specific/linux/kernel/linux-3.19.nix b/pkgs/os-specific/linux/kernel/linux-3.19.nix index e42775f0356..79302819d7c 100644 --- a/pkgs/os-specific/linux/kernel/linux-3.19.nix +++ b/pkgs/os-specific/linux/kernel/linux-3.19.nix @@ -1,22 +1,15 @@ { stdenv, fetchurl, ... } @ args: import ./generic.nix (args // rec { - version = "3.19.3"; + version = "3.19.5"; # Remember to update grsecurity! extraMeta.branch = "3.19"; src = fetchurl { url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz"; - sha256 = "0nis1r9fg562ysirzlyvfxvirpcfhxhhpfv3s13ccz20qiqiy46f"; + sha256 = "0s2yiyk1ks0z2fj8a8g56hkp6mfyvh9c34m1jpixhg9zck9xjdix"; }; - # FIXME: remove with the next point release. - kernelPatches = args.kernelPatches ++ - [ { name = "btrfs-fix-deadlock"; - patch = ./btrfs-fix-deadlock.patch; - } - ]; - features.iwlwifi = true; features.efiBootStub = true; features.needsCifsUtils = true; diff --git a/pkgs/os-specific/linux/kernel/linux-3.4.nix b/pkgs/os-specific/linux/kernel/linux-3.4.nix index 2d053023721..eaf5bfad6d8 100644 --- a/pkgs/os-specific/linux/kernel/linux-3.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-3.4.nix @@ -1,12 +1,12 @@ { stdenv, fetchurl, ... } @ args: import ./generic.nix (args // rec { - version = "3.4.106"; + version = "3.4.107"; extraMeta.branch = "3.4"; src = fetchurl { url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz"; - sha256 = "1l1k2kmlz0j12ly63w3mhvdzp5fpc22ajda4kw66fyjx96npm8sc"; + sha256 = "1y3mxisdcnz3kj416bpnnn9cn3wqqjqvcjadhylc1wypqkpcvphq"; }; kernelPatches = args.kernelPatches ++ diff --git a/pkgs/os-specific/linux/kernel/linux-4.0.nix b/pkgs/os-specific/linux/kernel/linux-4.0.nix new file mode 100644 index 00000000000..b63aa7e9932 --- /dev/null +++ b/pkgs/os-specific/linux/kernel/linux-4.0.nix @@ -0,0 +1,18 @@ +{ stdenv, fetchurl, ... } @ args: + +import ./generic.nix (args // rec { + version = "4.0"; + modDirVersion = "4.0.0"; + extraMeta.branch = "4.0"; + + src = fetchurl { + url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; + sha256 = "14argl6ywkggdvgiycfx4jl2d7290f631ly59wfggj4vjx27sbqg"; + }; + + features.iwlwifi = true; + features.efiBootStub = true; + features.needsCifsUtils = true; + features.canDisableNetfilterConntrackHelpers = true; + features.netfilterRPFilter = true; +} // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/manual-config.nix b/pkgs/os-specific/linux/kernel/manual-config.nix index ea29c7f9e0c..620df6dd6cf 100644 --- a/pkgs/os-specific/linux/kernel/manual-config.nix +++ b/pkgs/os-specific/linux/kernel/manual-config.nix @@ -116,7 +116,9 @@ let ++ optional installsFirmware "INSTALL_FW_PATH=$(out)/lib/firmware"; # Some image types need special install targets (e.g. uImage is installed with make uinstall) - installTargets = [ (if platform.kernelTarget == "uImage" then "uinstall" else "install") ]; + installTargets = [ (if platform.kernelTarget == "uImage" then "uinstall" else + if platform.kernelTarget == "zImage" then "zinstall" else + "install") ]; postInstall = (optionalString installsFirmware '' mkdir -p $out/lib/firmware diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index 0b17c44be98..998717b1f5d 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -65,17 +65,17 @@ rec { }; grsecurity_stable = grsecPatch - { kversion = "3.14.37"; - revision = "201504051405"; + { kversion = "3.14.39"; + revision = "201504190814"; branch = "stable"; - sha256 = "0w1rz5g4wwd22ivii7m7qjgakdynzjwpqxiydx51kiw5j0avkzs3"; + sha256 = "0pjq0ggifh6hp5y62dl0ydskpmsmzj1cxxjaaqs6fpwn5ndsdji7"; }; grsecurity_unstable = grsecPatch - { kversion = "3.19.3"; - revision = "201504021826"; + { kversion = "3.19.5"; + revision = "201504190814"; branch = "test"; - sha256 = "0r3gsha4x9bkzg9n4rcwzi9f3hkbqrf8yga1dd83kyd10fns4lzm"; + sha256 = "0wj9bximhs41b11hh113mishmc1ya8bncc0v91cbrivx5y5hjpz0"; }; grsec_fix_path = |