diff options
Diffstat (limited to 'pkgs/os-specific/linux/kernel')
-rw-r--r-- | pkgs/os-specific/linux/kernel/hardened-config.nix | 25 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-4.14.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-4.17.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-4.18.nix | 18 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-4.4.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-4.9.nix | 4 |
6 files changed, 40 insertions, 19 deletions
diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 7e277617b61..309b5f6c74e 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -103,16 +103,17 @@ PAGE_POISONING_ZERO y PANIC_ON_OOPS y PANIC_TIMEOUT -1 -GCC_PLUGINS y # Enable gcc plugin options +${optionalString (versionOlder version "4.18") '' + GCC_PLUGINS y # Enable gcc plugin options + # Gather additional entropy at boot time for systems that may not have appropriate entropy sources. + GCC_PLUGIN_LATENT_ENTROPY y -# Gather additional entropy at boot time for systems that may not have appropriate entropy sources. -GCC_PLUGIN_LATENT_ENTROPY y - -${optionalString (versionAtLeast version "4.11") '' - GCC_PLUGIN_STRUCTLEAK y # A port of the PaX structleak plugin -''} -${optionalString (versionAtLeast version "4.14") '' - GCC_PLUGIN_STRUCTLEAK_BYREF_ALL y # Also cover structs passed by address + ${optionalString (versionAtLeast version "4.11") '' + GCC_PLUGIN_STRUCTLEAK y # A port of the PaX structleak plugin + ''} + ${optionalString (versionAtLeast version "4.14") '' + GCC_PLUGIN_STRUCTLEAK_BYREF_ALL y # Also cover structs passed by address + ''} ''} # Disable various dangerous settings @@ -121,8 +122,10 @@ PROC_KCORE n # Exposes kernel text image layout INET_DIAG n # Has been used for heap based attacks in the past # Use -fstack-protector-strong (gcc 4.9+) for best stack canary coverage. -CC_STACKPROTECTOR_REGULAR n -CC_STACKPROTECTOR_STRONG y +${optionalString (versionOlder version "4.18") '' + CC_STACKPROTECTOR_REGULAR n + CC_STACKPROTECTOR_STRONG y +''} # Enable compile/run-time buffer overflow detection ala glibc's _FORTIFY_SOURCE ${optionalString (versionAtLeast version "4.13") '' diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix index 9c9957d2193..400574a3144 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.14.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.14.61"; + version = "4.14.62"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStrings (intersperse "." (take 3 (splitString "." "${version}.0"))) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1s3h3js073h4ww2dryip91d2lvmgv439ly2vya9x7rvilwhwa3hd"; + sha256 = "1ar29ikway5im17iw9ag1fxivr7sbj8nhxxw347xqmp1irz4vjji"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.17.nix b/pkgs/os-specific/linux/kernel/linux-4.17.nix index b98cf98904e..fda3b77c0a8 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.17.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.17.nix @@ -3,7 +3,7 @@ with stdenv.lib; buildLinux (args // rec { - version = "4.17.13"; + version = "4.17.14"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStrings (intersperse "." (take 3 (splitString "." "${version}.0"))) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0x1zas3jwvhjkifh20cwpd2g0glgr8m7h8lqng7awrd116xkw2w2"; + sha256 = "1bxsiishhw6ichifqglkbcmgc0518ih396yi23clvrsfyj6h6in8"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.18.nix b/pkgs/os-specific/linux/kernel/linux-4.18.nix new file mode 100644 index 00000000000..4f183b696cc --- /dev/null +++ b/pkgs/os-specific/linux/kernel/linux-4.18.nix @@ -0,0 +1,18 @@ +{ stdenv, buildPackages, hostPlatform, fetchurl, perl, buildLinux, modDirVersionArg ? null, ... } @ args: + +with stdenv.lib; + +buildLinux (args // rec { + version = "4.18"; + + # modDirVersion needs to be x.y.z, will automatically add .0 if needed + modDirVersion = if (modDirVersionArg == null) then concatStrings (intersperse "." (take 3 (splitString "." "${version}.0"))) else modDirVersionArg; + + # branchVersion needs to be x.y + extraMeta.branch = concatStrings (intersperse "." (take 2 (splitString "." version))); + + src = fetchurl { + url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; + sha256 = "1wgay4k8wj08fc711j290fvi81x75yib8iaa6r7csc7mkvsbrn0r"; + }; +} // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.4.nix b/pkgs/os-specific/linux/kernel/linux-4.4.nix index 60a4d5a76ed..60113959665 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.4.nix @@ -1,11 +1,11 @@ { stdenv, buildPackages, hostPlatform, fetchurl, perl, buildLinux, ... } @ args: buildLinux (args // rec { - version = "4.4.146"; + version = "4.4.147"; extraMeta.branch = "4.4"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1xbxw6yvbjam0xj8j44h730dpf5v94pcf9j7iivcmasgjp61120z"; + sha256 = "06mcilxd5qi8snycb5bhy52icbbwfl056xwmra66yknmpycyad67"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.9.nix b/pkgs/os-specific/linux/kernel/linux-4.9.nix index 1863aadf8f1..d29855a093e 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.9.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.9.nix @@ -1,11 +1,11 @@ { stdenv, buildPackages, hostPlatform, fetchurl, perl, buildLinux, ... } @ args: buildLinux (args // rec { - version = "4.9.118"; + version = "4.9.119"; extraMeta.branch = "4.9"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0myx79rmxgjbr87r815vybmbg6iqgd3nycildrpwsh301kj8kxvx"; + sha256 = "0d8bwsma9j7dhgymcfbchr8k3503w5vp3p18mfqv81x6l40pzqa9"; }; } // (args.argsOverride or {})) |