diff options
Diffstat (limited to 'pkgs/os-specific/linux')
-rw-r--r-- | pkgs/os-specific/linux/kernel/hardened/patches.json | 30 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-4.14.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-4.19.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-4.4.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-4.9.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-5.10.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-5.12.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-5.13.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-5.4.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-xanmod.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/lsiutil/default.nix | 59 | ||||
-rw-r--r-- | pkgs/os-specific/linux/systemd/default.nix | 7 |
12 files changed, 71 insertions, 61 deletions
diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index eac71ee36aa..412e5041500 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -1,32 +1,32 @@ { "4.14": { "extra": "-hardened1", - "name": "linux-hardened-4.14.239-hardened1.patch", - "sha256": "1yfg6c75y1dp627qn8c4795sc9vwywc5dl95ngg8zk15n5d7j9in", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.239-hardened1/linux-hardened-4.14.239-hardened1.patch" + "name": "linux-hardened-4.14.240-hardened1.patch", + "sha256": "0j5zp0f8s4w3f60yam2spg3bx56bdjvv0mh632zlhchz8rdk5zs4", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.240-hardened1/linux-hardened-4.14.240-hardened1.patch" }, "4.19": { "extra": "-hardened1", - "name": "linux-hardened-4.19.197-hardened1.patch", - "sha256": "1cbcas5kl6k8hn60p08pvw073mrv8lkrav3pc9sxvdcscdbwkkpr", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.197-hardened1/linux-hardened-4.19.197-hardened1.patch" + "name": "linux-hardened-4.19.198-hardened1.patch", + "sha256": "18c5j00xiwc0xn5klcrwazk6wvjiy3cixbfbrw4xj7zal9r5p6q9", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.198-hardened1/linux-hardened-4.19.198-hardened1.patch" }, "5.10": { "extra": "-hardened1", - "name": "linux-hardened-5.10.50-hardened1.patch", - "sha256": "0z57cdvyaarl5p0b6sj93pag34wvf128s30ymkc4m50a60kp7cr8", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.50-hardened1/linux-hardened-5.10.50-hardened1.patch" + "name": "linux-hardened-5.10.52-hardened1.patch", + "sha256": "062a32rb1g5xk1npiz9fa114k7g4x9pmygycn3alc0phngjmvr98", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.52-hardened1/linux-hardened-5.10.52-hardened1.patch" }, "5.12": { "extra": "-hardened1", - "name": "linux-hardened-5.12.17-hardened1.patch", - "sha256": "09vh04a1sa80shm0z5if31j5r8s4syrqv4i22q5pnnfnlzhbqk59", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.12.17-hardened1/linux-hardened-5.12.17-hardened1.patch" + "name": "linux-hardened-5.12.19-hardened1.patch", + "sha256": "1nr3922gd6il69k5cpp9g3knpy6yjb6jsmpi9k4v02bkvypg86dc", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.12.19-hardened1/linux-hardened-5.12.19-hardened1.patch" }, "5.4": { "extra": "-hardened1", - "name": "linux-hardened-5.4.132-hardened1.patch", - "sha256": "0a4n8ss16qqbrbxajlad4j7nc10ipdnl70yz6ppryyw94i5lf5pb", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.132-hardened1/linux-hardened-5.4.132-hardened1.patch" + "name": "linux-hardened-5.4.134-hardened1.patch", + "sha256": "0iay6dxwd1vqj02ljf0ghncrqpr6b0gby90xiza8kkk8wnh3r9hh", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.134-hardened1/linux-hardened-5.4.134-hardened1.patch" } } diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix index 5b94b7ea9b6..ccecc433a4a 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.14.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "4.14.239"; + version = "4.14.240"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "167zwm3giizv42m0xjz71xnb2swlwiaw0xw0dg8j8mb74hz1drx0"; + sha256 = "1k65qwzlnqnh9ym0n2fxpa8nk2qwvykwhwgaixk3b7ndzmr8b6c8"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_4_14 ]; diff --git a/pkgs/os-specific/linux/kernel/linux-4.19.nix b/pkgs/os-specific/linux/kernel/linux-4.19.nix index 3785c6b5536..4ed06ee2205 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.19.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.19.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "4.19.197"; + version = "4.19.198"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "10kj442qaky6rpl65k5rrvd3p6mdgz4p321zvf4s312ixfdja0g6"; + sha256 = "13k0r6a4n8nbni64a18wqzy0pg4vn1zw2li78xrm78rqcrnah85y"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_4_19 ]; diff --git a/pkgs/os-specific/linux/kernel/linux-4.4.nix b/pkgs/os-specific/linux/kernel/linux-4.4.nix index 5b7050b7069..6c2595386e0 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.4.nix @@ -1,13 +1,13 @@ { buildPackages, fetchurl, perl, buildLinux, nixosTests, stdenv, ... } @ args: buildLinux (args // rec { - version = "4.4.275"; + version = "4.4.276"; extraMeta.branch = "4.4"; extraMeta.broken = stdenv.isAarch64; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1aiwq6019sibsw5smj6ii28cr64dv24c19k4n8c09nakhmhcg94i"; + sha256 = "1hf9h5kr1ws2lvinzq6cv7aps8af1kx4q8j4bsk2vv4i2zvmfr7y"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_4_4 ]; diff --git a/pkgs/os-specific/linux/kernel/linux-4.9.nix b/pkgs/os-specific/linux/kernel/linux-4.9.nix index 71a5f5eec31..0dc5cfeae6e 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.9.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.9.nix @@ -1,13 +1,13 @@ { buildPackages, fetchurl, perl, buildLinux, nixosTests, stdenv, ... } @ args: buildLinux (args // rec { - version = "4.9.275"; + version = "4.9.276"; extraMeta.branch = "4.9"; extraMeta.broken = stdenv.isAarch64; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "08mz7mzmhk5n1gwadrc5fw8s40jk0rayvdpjcricl4sv56574lb6"; + sha256 = "16jp05jhmqcp8lawqga69gxn1acdkxsskn3a6wf0635863fky3hv"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_4_9 ]; diff --git a/pkgs/os-specific/linux/kernel/linux-5.10.nix b/pkgs/os-specific/linux/kernel/linux-5.10.nix index 988de97e03b..f59cca3e12f 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.10.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.10.50"; + version = "5.10.52"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "0dmlpy9k7am99495bxcm46i4y6g34d1fzdkzz3wgzb4mgmx35nlb"; + sha256 = "0ydf09wsg0pkjm9dk8y730ksg15p5rlbhq445zx8k191zah5g7kn"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_10 ]; diff --git a/pkgs/os-specific/linux/kernel/linux-5.12.nix b/pkgs/os-specific/linux/kernel/linux-5.12.nix index 82218dc1cef..e1e7aec2ce2 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.12.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.12.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.12.17"; + version = "5.12.19"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1ghyqxfxslxzr7273vj2yn14pkdnkja3wk50xxhavpvf87i8c40j"; + sha256 = "0wscz736n13m833cd12lskn47r0b8ki4fhgpjnwga0jsab9iqf79"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_12 ]; diff --git a/pkgs/os-specific/linux/kernel/linux-5.13.nix b/pkgs/os-specific/linux/kernel/linux-5.13.nix index da90ee69de8..82defad373b 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.13.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.13.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.13.2"; + version = "5.13.4"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "0dx9khk7fh003xyb3xix0kc0rmjncg7ric5p830zhadnrw4hv563"; + sha256 = "0v3x1q1r0r8lyjg5hsj7yayfxqcgfj01p86ya4s0i9jaclpwv4ki"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_13 ]; diff --git a/pkgs/os-specific/linux/kernel/linux-5.4.nix b/pkgs/os-specific/linux/kernel/linux-5.4.nix index 003f1e96e4f..c4e08b685b5 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.4.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.4.132"; + version = "5.4.134"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1vq0dmrn7gl2vprm08l8by5ja3xjgggrcd38vqg7b7jpnfzssrl4"; + sha256 = "0haqw1w6f8p330ydbsl7iml1x0qqrv63az6921p2a70n88b8dyy9"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_4 ]; diff --git a/pkgs/os-specific/linux/kernel/linux-xanmod.nix b/pkgs/os-specific/linux/kernel/linux-xanmod.nix index 04c17eac255..758f6fd998a 100644 --- a/pkgs/os-specific/linux/kernel/linux-xanmod.nix +++ b/pkgs/os-specific/linux/kernel/linux-xanmod.nix @@ -1,7 +1,7 @@ { lib, stdenv, buildLinux, fetchFromGitHub, ... } @ args: let - version = "5.13.1"; + version = "5.13.4"; suffix = "xanmod1-cacule"; in buildLinux (args // rec { @@ -12,7 +12,7 @@ buildLinux (args // rec { owner = "xanmod"; repo = "linux"; rev = modDirVersion; - sha256 = "sha256-QC2BgsbytpKQs7TyuXt4aan8hUwd43pHj2ApYXv0HAA="; + sha256 = "sha256-jSV5dL6myB4WeokYBwoBtQaOfLaUgvseYtReyjLGOhU="; }; structuredExtraConfig = with lib.kernel; { diff --git a/pkgs/os-specific/linux/lsiutil/default.nix b/pkgs/os-specific/linux/lsiutil/default.nix index 1b1acdb535f..f88cdcda523 100644 --- a/pkgs/os-specific/linux/lsiutil/default.nix +++ b/pkgs/os-specific/linux/lsiutil/default.nix @@ -1,41 +1,44 @@ -{ lib, stdenv, fetchurl, unzip }: +{ lib +, stdenv +, fetchurl +, kmod +, coreutils +}: -let - - version = "1.60"; +stdenv.mkDerivation rec { + pname = "lsiutil"; + version = "1.72"; src = fetchurl { - name = "lsiutil-${version}.zip"; - url = "http://www.lsi.com/DistributionSystem/AssetDocument/support/downloads/hbas/fibre_channel/hardware_drivers/LSIUtil%20Kit_${version}.zip"; - sha256 = "1d4337faa56e24f7d98db87b9de94d6e2c17ab671f4e301b93833eea08b9e426"; + url = "https://github.com/exactassembly/meta-xa-stm/raw/f96cf6e13f3c9c980f5651510dd96279b9b2af4f/recipes-support/lsiutil/files/lsiutil-${version}.tar.gz"; + sha256 = "sha256-aTi+EogY1aDWYq3anjRkjz1mzINVfUPQbOPHthxrvS4="; }; -in - -stdenv.mkDerivation { - pname = "lsiutils"; - inherit version; + buildPhase = '' + runHook preBuild - srcs = [ src "Source/lsiutil.tar.gz" ]; + substituteInPlace lsiutil.c \ + --replace /sbin/modprobe "${kmod}/bin/modprobe" \ + --replace /bin/mknod "${coreutils}/bin/mknod" + gcc -Wall -O lsiutil.c -o lsiutil - nativeBuildInputs = [ unzip ]; + runHook postBuild + ''; - sourceRoot = "lsiutil"; + installPhase = '' + runHook preInstall - preBuild = - '' - mkdir -p $out/bin - substituteInPlace Makefile --replace /usr/bin $out/bin - substituteInPlace lsiutil.c \ - --replace /sbin/modprobe modprobe \ - --replace /bin/mknod $(type -P mknod) - ''; + mkdir -p "$out/bin" + install -Dm755 lsiutil "$out/bin/lsiutil" - installPhase = "true"; + runHook postInstall + ''; - meta = { - homepage = "http://www.lsi.com/"; - description = "LSI Logic Fusion MPT command line management tool"; - license = lib.licenses.unfree; + meta = with lib; { + homepage = "https://github.com/exactassembly/meta-xa-stm/tree/master/recipes-support/lsiutil/files"; + description = "Configuration utility for MPT adapters (FC, SCSI, and SAS/SATA)"; + license = licenses.unfree; + platforms = platforms.linux; + maintainers = with maintainers; [ Luflosi ]; }; } diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index c13f97fcde7..a33bb3c1a1d 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -157,6 +157,13 @@ stdenv.mkDerivation { url = "https://github.com/systemd/systemd/commit/ab1aa6368a883bce88e3162fee2bea14aacedf23.patch"; sha256 = "1b280l5jrjsg8qhsang199mpqjhkpix4c8bm3blknjnq9iv43add"; }) + + # Fix CVE-2021-33910, disclosed 2021-07-20 + (fetchpatch { + name = "CVE-2021-33910.patch"; + url = "https://github.com/systemd/systemd/commit/441e0115646d54f080e5c3bb0ba477c892861ab9.patch"; + sha256 = "1g1lk95igaadg67kah9bpi4zsc01rg398sd1247ghjsvl5hxn4v4"; + }) ]; postPatch = '' |