summary refs log tree commit diff
path: root/pkgs/os-specific/linux
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/os-specific/linux')
-rw-r--r--pkgs/os-specific/linux/kernel/hardened/patches.json30
-rw-r--r--pkgs/os-specific/linux/kernel/linux-4.14.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/linux-4.19.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/linux-4.4.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/linux-4.9.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/linux-5.10.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/linux-5.12.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/linux-5.13.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/linux-5.4.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/linux-xanmod.nix4
-rw-r--r--pkgs/os-specific/linux/lsiutil/default.nix59
-rw-r--r--pkgs/os-specific/linux/systemd/default.nix7
12 files changed, 71 insertions, 61 deletions
diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json
index eac71ee36aa..412e5041500 100644
--- a/pkgs/os-specific/linux/kernel/hardened/patches.json
+++ b/pkgs/os-specific/linux/kernel/hardened/patches.json
@@ -1,32 +1,32 @@
 {
     "4.14": {
         "extra": "-hardened1",
-        "name": "linux-hardened-4.14.239-hardened1.patch",
-        "sha256": "1yfg6c75y1dp627qn8c4795sc9vwywc5dl95ngg8zk15n5d7j9in",
-        "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.239-hardened1/linux-hardened-4.14.239-hardened1.patch"
+        "name": "linux-hardened-4.14.240-hardened1.patch",
+        "sha256": "0j5zp0f8s4w3f60yam2spg3bx56bdjvv0mh632zlhchz8rdk5zs4",
+        "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.240-hardened1/linux-hardened-4.14.240-hardened1.patch"
     },
     "4.19": {
         "extra": "-hardened1",
-        "name": "linux-hardened-4.19.197-hardened1.patch",
-        "sha256": "1cbcas5kl6k8hn60p08pvw073mrv8lkrav3pc9sxvdcscdbwkkpr",
-        "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.197-hardened1/linux-hardened-4.19.197-hardened1.patch"
+        "name": "linux-hardened-4.19.198-hardened1.patch",
+        "sha256": "18c5j00xiwc0xn5klcrwazk6wvjiy3cixbfbrw4xj7zal9r5p6q9",
+        "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.198-hardened1/linux-hardened-4.19.198-hardened1.patch"
     },
     "5.10": {
         "extra": "-hardened1",
-        "name": "linux-hardened-5.10.50-hardened1.patch",
-        "sha256": "0z57cdvyaarl5p0b6sj93pag34wvf128s30ymkc4m50a60kp7cr8",
-        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.50-hardened1/linux-hardened-5.10.50-hardened1.patch"
+        "name": "linux-hardened-5.10.52-hardened1.patch",
+        "sha256": "062a32rb1g5xk1npiz9fa114k7g4x9pmygycn3alc0phngjmvr98",
+        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.52-hardened1/linux-hardened-5.10.52-hardened1.patch"
     },
     "5.12": {
         "extra": "-hardened1",
-        "name": "linux-hardened-5.12.17-hardened1.patch",
-        "sha256": "09vh04a1sa80shm0z5if31j5r8s4syrqv4i22q5pnnfnlzhbqk59",
-        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.12.17-hardened1/linux-hardened-5.12.17-hardened1.patch"
+        "name": "linux-hardened-5.12.19-hardened1.patch",
+        "sha256": "1nr3922gd6il69k5cpp9g3knpy6yjb6jsmpi9k4v02bkvypg86dc",
+        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.12.19-hardened1/linux-hardened-5.12.19-hardened1.patch"
     },
     "5.4": {
         "extra": "-hardened1",
-        "name": "linux-hardened-5.4.132-hardened1.patch",
-        "sha256": "0a4n8ss16qqbrbxajlad4j7nc10ipdnl70yz6ppryyw94i5lf5pb",
-        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.132-hardened1/linux-hardened-5.4.132-hardened1.patch"
+        "name": "linux-hardened-5.4.134-hardened1.patch",
+        "sha256": "0iay6dxwd1vqj02ljf0ghncrqpr6b0gby90xiza8kkk8wnh3r9hh",
+        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.134-hardened1/linux-hardened-5.4.134-hardened1.patch"
     }
 }
diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix
index 5b94b7ea9b6..ccecc433a4a 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.14.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.14.nix
@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "4.14.239";
+  version = "4.14.240";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,7 +13,7 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "167zwm3giizv42m0xjz71xnb2swlwiaw0xw0dg8j8mb74hz1drx0";
+    sha256 = "1k65qwzlnqnh9ym0n2fxpa8nk2qwvykwhwgaixk3b7ndzmr8b6c8";
   };
 
   kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_4_14 ];
diff --git a/pkgs/os-specific/linux/kernel/linux-4.19.nix b/pkgs/os-specific/linux/kernel/linux-4.19.nix
index 3785c6b5536..4ed06ee2205 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.19.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.19.nix
@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "4.19.197";
+  version = "4.19.198";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,7 +13,7 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "10kj442qaky6rpl65k5rrvd3p6mdgz4p321zvf4s312ixfdja0g6";
+    sha256 = "13k0r6a4n8nbni64a18wqzy0pg4vn1zw2li78xrm78rqcrnah85y";
   };
 
   kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_4_19 ];
diff --git a/pkgs/os-specific/linux/kernel/linux-4.4.nix b/pkgs/os-specific/linux/kernel/linux-4.4.nix
index 5b7050b7069..6c2595386e0 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.4.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.4.nix
@@ -1,13 +1,13 @@
 { buildPackages, fetchurl, perl, buildLinux, nixosTests, stdenv, ... } @ args:
 
 buildLinux (args // rec {
-  version = "4.4.275";
+  version = "4.4.276";
   extraMeta.branch = "4.4";
   extraMeta.broken = stdenv.isAarch64;
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "1aiwq6019sibsw5smj6ii28cr64dv24c19k4n8c09nakhmhcg94i";
+    sha256 = "1hf9h5kr1ws2lvinzq6cv7aps8af1kx4q8j4bsk2vv4i2zvmfr7y";
   };
 
   kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_4_4 ];
diff --git a/pkgs/os-specific/linux/kernel/linux-4.9.nix b/pkgs/os-specific/linux/kernel/linux-4.9.nix
index 71a5f5eec31..0dc5cfeae6e 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.9.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.9.nix
@@ -1,13 +1,13 @@
 { buildPackages, fetchurl, perl, buildLinux, nixosTests, stdenv, ... } @ args:
 
 buildLinux (args // rec {
-  version = "4.9.275";
+  version = "4.9.276";
   extraMeta.branch = "4.9";
   extraMeta.broken = stdenv.isAarch64;
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "08mz7mzmhk5n1gwadrc5fw8s40jk0rayvdpjcricl4sv56574lb6";
+    sha256 = "16jp05jhmqcp8lawqga69gxn1acdkxsskn3a6wf0635863fky3hv";
   };
 
   kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_4_9 ];
diff --git a/pkgs/os-specific/linux/kernel/linux-5.10.nix b/pkgs/os-specific/linux/kernel/linux-5.10.nix
index 988de97e03b..f59cca3e12f 100644
--- a/pkgs/os-specific/linux/kernel/linux-5.10.nix
+++ b/pkgs/os-specific/linux/kernel/linux-5.10.nix
@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "5.10.50";
+  version = "5.10.52";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,7 +13,7 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
-    sha256 = "0dmlpy9k7am99495bxcm46i4y6g34d1fzdkzz3wgzb4mgmx35nlb";
+    sha256 = "0ydf09wsg0pkjm9dk8y730ksg15p5rlbhq445zx8k191zah5g7kn";
   };
 
   kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_10 ];
diff --git a/pkgs/os-specific/linux/kernel/linux-5.12.nix b/pkgs/os-specific/linux/kernel/linux-5.12.nix
index 82218dc1cef..e1e7aec2ce2 100644
--- a/pkgs/os-specific/linux/kernel/linux-5.12.nix
+++ b/pkgs/os-specific/linux/kernel/linux-5.12.nix
@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "5.12.17";
+  version = "5.12.19";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,7 +13,7 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
-    sha256 = "1ghyqxfxslxzr7273vj2yn14pkdnkja3wk50xxhavpvf87i8c40j";
+    sha256 = "0wscz736n13m833cd12lskn47r0b8ki4fhgpjnwga0jsab9iqf79";
   };
 
   kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_12 ];
diff --git a/pkgs/os-specific/linux/kernel/linux-5.13.nix b/pkgs/os-specific/linux/kernel/linux-5.13.nix
index da90ee69de8..82defad373b 100644
--- a/pkgs/os-specific/linux/kernel/linux-5.13.nix
+++ b/pkgs/os-specific/linux/kernel/linux-5.13.nix
@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "5.13.2";
+  version = "5.13.4";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,7 +13,7 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
-    sha256 = "0dx9khk7fh003xyb3xix0kc0rmjncg7ric5p830zhadnrw4hv563";
+    sha256 = "0v3x1q1r0r8lyjg5hsj7yayfxqcgfj01p86ya4s0i9jaclpwv4ki";
   };
 
   kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_13 ];
diff --git a/pkgs/os-specific/linux/kernel/linux-5.4.nix b/pkgs/os-specific/linux/kernel/linux-5.4.nix
index 003f1e96e4f..c4e08b685b5 100644
--- a/pkgs/os-specific/linux/kernel/linux-5.4.nix
+++ b/pkgs/os-specific/linux/kernel/linux-5.4.nix
@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "5.4.132";
+  version = "5.4.134";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,7 +13,7 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
-    sha256 = "1vq0dmrn7gl2vprm08l8by5ja3xjgggrcd38vqg7b7jpnfzssrl4";
+    sha256 = "0haqw1w6f8p330ydbsl7iml1x0qqrv63az6921p2a70n88b8dyy9";
   };
 
   kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_4 ];
diff --git a/pkgs/os-specific/linux/kernel/linux-xanmod.nix b/pkgs/os-specific/linux/kernel/linux-xanmod.nix
index 04c17eac255..758f6fd998a 100644
--- a/pkgs/os-specific/linux/kernel/linux-xanmod.nix
+++ b/pkgs/os-specific/linux/kernel/linux-xanmod.nix
@@ -1,7 +1,7 @@
 { lib, stdenv, buildLinux, fetchFromGitHub, ... } @ args:
 
 let
-  version = "5.13.1";
+  version = "5.13.4";
   suffix = "xanmod1-cacule";
 in
 buildLinux (args // rec {
@@ -12,7 +12,7 @@ buildLinux (args // rec {
     owner = "xanmod";
     repo = "linux";
     rev = modDirVersion;
-    sha256 = "sha256-QC2BgsbytpKQs7TyuXt4aan8hUwd43pHj2ApYXv0HAA=";
+    sha256 = "sha256-jSV5dL6myB4WeokYBwoBtQaOfLaUgvseYtReyjLGOhU=";
   };
 
   structuredExtraConfig = with lib.kernel; {
diff --git a/pkgs/os-specific/linux/lsiutil/default.nix b/pkgs/os-specific/linux/lsiutil/default.nix
index 1b1acdb535f..f88cdcda523 100644
--- a/pkgs/os-specific/linux/lsiutil/default.nix
+++ b/pkgs/os-specific/linux/lsiutil/default.nix
@@ -1,41 +1,44 @@
-{ lib, stdenv, fetchurl, unzip }:
+{ lib
+, stdenv
+, fetchurl
+, kmod
+, coreutils
+}:
 
-let
-
-  version = "1.60";
+stdenv.mkDerivation rec {
+  pname = "lsiutil";
+  version = "1.72";
 
   src = fetchurl {
-    name = "lsiutil-${version}.zip";
-    url = "http://www.lsi.com/DistributionSystem/AssetDocument/support/downloads/hbas/fibre_channel/hardware_drivers/LSIUtil%20Kit_${version}.zip";
-    sha256 = "1d4337faa56e24f7d98db87b9de94d6e2c17ab671f4e301b93833eea08b9e426";
+    url = "https://github.com/exactassembly/meta-xa-stm/raw/f96cf6e13f3c9c980f5651510dd96279b9b2af4f/recipes-support/lsiutil/files/lsiutil-${version}.tar.gz";
+    sha256 = "sha256-aTi+EogY1aDWYq3anjRkjz1mzINVfUPQbOPHthxrvS4=";
   };
 
-in
-
-stdenv.mkDerivation {
-  pname = "lsiutils";
-  inherit version;
+  buildPhase = ''
+    runHook preBuild
 
-  srcs = [ src "Source/lsiutil.tar.gz" ];
+    substituteInPlace lsiutil.c \
+      --replace /sbin/modprobe "${kmod}/bin/modprobe" \
+      --replace /bin/mknod "${coreutils}/bin/mknod"
+    gcc -Wall -O lsiutil.c -o lsiutil
 
-  nativeBuildInputs = [ unzip ];
+    runHook postBuild
+  '';
 
-  sourceRoot = "lsiutil";
+  installPhase = ''
+    runHook preInstall
 
-  preBuild =
-    ''
-      mkdir -p $out/bin
-      substituteInPlace Makefile --replace /usr/bin $out/bin
-      substituteInPlace lsiutil.c \
-        --replace /sbin/modprobe modprobe \
-        --replace /bin/mknod $(type -P mknod)
-    '';
+    mkdir -p "$out/bin"
+    install -Dm755 lsiutil "$out/bin/lsiutil"
 
-  installPhase = "true";
+    runHook postInstall
+  '';
 
-  meta = {
-    homepage = "http://www.lsi.com/";
-    description = "LSI Logic Fusion MPT command line management tool";
-    license = lib.licenses.unfree;
+  meta = with lib; {
+    homepage = "https://github.com/exactassembly/meta-xa-stm/tree/master/recipes-support/lsiutil/files";
+    description = "Configuration utility for MPT adapters (FC, SCSI, and SAS/SATA)";
+    license = licenses.unfree;
+    platforms = platforms.linux;
+    maintainers = with maintainers; [ Luflosi ];
   };
 }
diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix
index c13f97fcde7..a33bb3c1a1d 100644
--- a/pkgs/os-specific/linux/systemd/default.nix
+++ b/pkgs/os-specific/linux/systemd/default.nix
@@ -157,6 +157,13 @@ stdenv.mkDerivation {
       url = "https://github.com/systemd/systemd/commit/ab1aa6368a883bce88e3162fee2bea14aacedf23.patch";
       sha256 = "1b280l5jrjsg8qhsang199mpqjhkpix4c8bm3blknjnq9iv43add";
     })
+
+    # Fix CVE-2021-33910, disclosed 2021-07-20
+    (fetchpatch {
+      name = "CVE-2021-33910.patch";
+      url = "https://github.com/systemd/systemd/commit/441e0115646d54f080e5c3bb0ba477c892861ab9.patch";
+      sha256 = "1g1lk95igaadg67kah9bpi4zsc01rg398sd1247ghjsvl5hxn4v4";
+    })
   ];
 
   postPatch = ''
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-04-18 15:10:16 +0000