From b361dcf0bd3610d1fea6b44d72404add188da51d Mon Sep 17 00:00:00 2001 From: Janne Heß Date: Tue, 20 Jul 2021 15:27:15 +0200 Subject: systemd: Patch CVE-2021-33910 --- pkgs/os-specific/linux/systemd/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'pkgs/os-specific/linux') diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index c13f97fcde7..a33bb3c1a1d 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -157,6 +157,13 @@ stdenv.mkDerivation { url = "https://github.com/systemd/systemd/commit/ab1aa6368a883bce88e3162fee2bea14aacedf23.patch"; sha256 = "1b280l5jrjsg8qhsang199mpqjhkpix4c8bm3blknjnq9iv43add"; }) + + # Fix CVE-2021-33910, disclosed 2021-07-20 + (fetchpatch { + name = "CVE-2021-33910.patch"; + url = "https://github.com/systemd/systemd/commit/441e0115646d54f080e5c3bb0ba477c892861ab9.patch"; + sha256 = "1g1lk95igaadg67kah9bpi4zsc01rg398sd1247ghjsvl5hxn4v4"; + }) ]; postPatch = '' -- cgit 1.4.1 From 82af4b58ee24caaec68e3803763c0e6dbedf3784 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Tue, 20 Jul 2021 19:06:15 +0000 Subject: linux: 4.14.239 -> 4.14.240 --- pkgs/os-specific/linux/kernel/linux-4.14.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific/linux') diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix index 5b94b7ea9b6..ccecc433a4a 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.14.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "4.14.239"; + version = "4.14.240"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "167zwm3giizv42m0xjz71xnb2swlwiaw0xw0dg8j8mb74hz1drx0"; + sha256 = "1k65qwzlnqnh9ym0n2fxpa8nk2qwvykwhwgaixk3b7ndzmr8b6c8"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_4_14 ]; -- cgit 1.4.1 From 9c153cccd2e1dbae481ac1578c36017b742adbd2 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Tue, 20 Jul 2021 19:06:20 +0000 Subject: linux: 4.19.197 -> 4.19.198 --- pkgs/os-specific/linux/kernel/linux-4.19.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific/linux') diff --git a/pkgs/os-specific/linux/kernel/linux-4.19.nix b/pkgs/os-specific/linux/kernel/linux-4.19.nix index 3785c6b5536..4ed06ee2205 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.19.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.19.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "4.19.197"; + version = "4.19.198"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "10kj442qaky6rpl65k5rrvd3p6mdgz4p321zvf4s312ixfdja0g6"; + sha256 = "13k0r6a4n8nbni64a18wqzy0pg4vn1zw2li78xrm78rqcrnah85y"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_4_19 ]; -- cgit 1.4.1 From 067c21c9647fcc9e38b77b67ad932672374f098f Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Tue, 20 Jul 2021 19:06:26 +0000 Subject: linux: 4.4.275 -> 4.4.276 --- pkgs/os-specific/linux/kernel/linux-4.4.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific/linux') diff --git a/pkgs/os-specific/linux/kernel/linux-4.4.nix b/pkgs/os-specific/linux/kernel/linux-4.4.nix index 5b7050b7069..6c2595386e0 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.4.nix @@ -1,13 +1,13 @@ { buildPackages, fetchurl, perl, buildLinux, nixosTests, stdenv, ... } @ args: buildLinux (args // rec { - version = "4.4.275"; + version = "4.4.276"; extraMeta.branch = "4.4"; extraMeta.broken = stdenv.isAarch64; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1aiwq6019sibsw5smj6ii28cr64dv24c19k4n8c09nakhmhcg94i"; + sha256 = "1hf9h5kr1ws2lvinzq6cv7aps8af1kx4q8j4bsk2vv4i2zvmfr7y"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_4_4 ]; -- cgit 1.4.1 From c6eff0d2f599621fa4936e2c605823e3489a7044 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Tue, 20 Jul 2021 19:06:31 +0000 Subject: linux: 4.9.275 -> 4.9.276 --- pkgs/os-specific/linux/kernel/linux-4.9.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific/linux') diff --git a/pkgs/os-specific/linux/kernel/linux-4.9.nix b/pkgs/os-specific/linux/kernel/linux-4.9.nix index 71a5f5eec31..0dc5cfeae6e 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.9.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.9.nix @@ -1,13 +1,13 @@ { buildPackages, fetchurl, perl, buildLinux, nixosTests, stdenv, ... } @ args: buildLinux (args // rec { - version = "4.9.275"; + version = "4.9.276"; extraMeta.branch = "4.9"; extraMeta.broken = stdenv.isAarch64; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "08mz7mzmhk5n1gwadrc5fw8s40jk0rayvdpjcricl4sv56574lb6"; + sha256 = "16jp05jhmqcp8lawqga69gxn1acdkxsskn3a6wf0635863fky3hv"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_4_9 ]; -- cgit 1.4.1 From f61350ac8916d99611aaf5b8fcb6be120114c7e9 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Tue, 20 Jul 2021 19:06:37 +0000 Subject: linux: 5.10.51 -> 5.10.52 --- pkgs/os-specific/linux/kernel/linux-5.10.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific/linux') diff --git a/pkgs/os-specific/linux/kernel/linux-5.10.nix b/pkgs/os-specific/linux/kernel/linux-5.10.nix index 23e4099438b..f59cca3e12f 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.10.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.10.51"; + version = "5.10.52"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1qkssvqk29svn10ws3lrnzfbmlvzrixkf7r7lslc7k3lqa9yiflm"; + sha256 = "0ydf09wsg0pkjm9dk8y730ksg15p5rlbhq445zx8k191zah5g7kn"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_10 ]; -- cgit 1.4.1 From a703195804f27720118120bf80fda99531969fe2 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Tue, 20 Jul 2021 19:06:43 +0000 Subject: linux: 5.12.18 -> 5.12.19 --- pkgs/os-specific/linux/kernel/linux-5.12.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific/linux') diff --git a/pkgs/os-specific/linux/kernel/linux-5.12.nix b/pkgs/os-specific/linux/kernel/linux-5.12.nix index fe180d95563..e1e7aec2ce2 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.12.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.12.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.12.18"; + version = "5.12.19"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "12sjscf53z6fc1jah3i2578r3a0i7rkw2jmqi0w328a22i0paakg"; + sha256 = "0wscz736n13m833cd12lskn47r0b8ki4fhgpjnwga0jsab9iqf79"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_12 ]; -- cgit 1.4.1 From 5b3a23670c3bdbd3a4ad7e7fe62c4e4c9e0132d9 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Tue, 20 Jul 2021 19:06:49 +0000 Subject: linux: 5.13.3 -> 5.13.4 --- pkgs/os-specific/linux/kernel/linux-5.13.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific/linux') diff --git a/pkgs/os-specific/linux/kernel/linux-5.13.nix b/pkgs/os-specific/linux/kernel/linux-5.13.nix index 4bb0f5deef1..82defad373b 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.13.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.13.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.13.3"; + version = "5.13.4"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1ir80wn019kslv6ysiqxdvarrjlr8b3skk1s43cwki3x2cjnxskq"; + sha256 = "0v3x1q1r0r8lyjg5hsj7yayfxqcgfj01p86ya4s0i9jaclpwv4ki"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_13 ]; -- cgit 1.4.1 From ebd057e9efd8e8810c011b0dba9840109bab65f3 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Tue, 20 Jul 2021 19:06:55 +0000 Subject: linux: 5.4.133 -> 5.4.134 --- pkgs/os-specific/linux/kernel/linux-5.4.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/os-specific/linux') diff --git a/pkgs/os-specific/linux/kernel/linux-5.4.nix b/pkgs/os-specific/linux/kernel/linux-5.4.nix index 318d0887fb9..c4e08b685b5 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.4.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.4.133"; + version = "5.4.134"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "0c08jp5k5h4c2s4pbpyvnvzczr79jh833wy9jv15nkvqp3xnd8w9"; + sha256 = "0haqw1w6f8p330ydbsl7iml1x0qqrv63az6921p2a70n88b8dyy9"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_4 ]; -- cgit 1.4.1 From 02f4b95e1dfde6c71e230e9b4f17ab4323c306dd Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Tue, 20 Jul 2021 19:07:15 +0000 Subject: linux/hardened/patches/4.14: 4.14.239-hardened1 -> 4.14.240-hardened1 --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific/linux') diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 5ff1221e3bd..49d11fbab02 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -1,9 +1,9 @@ { "4.14": { "extra": "-hardened1", - "name": "linux-hardened-4.14.239-hardened1.patch", - "sha256": "1yfg6c75y1dp627qn8c4795sc9vwywc5dl95ngg8zk15n5d7j9in", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.239-hardened1/linux-hardened-4.14.239-hardened1.patch" + "name": "linux-hardened-4.14.240-hardened1.patch", + "sha256": "0j5zp0f8s4w3f60yam2spg3bx56bdjvv0mh632zlhchz8rdk5zs4", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.240-hardened1/linux-hardened-4.14.240-hardened1.patch" }, "4.19": { "extra": "-hardened1", -- cgit 1.4.1 From 8bf83e8c874642b020169c201866817bc1c8d402 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Tue, 20 Jul 2021 19:07:16 +0000 Subject: linux/hardened/patches/4.19: 4.19.197-hardened1 -> 4.19.198-hardened1 --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific/linux') diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 49d11fbab02..7a296d4ec57 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -7,9 +7,9 @@ }, "4.19": { "extra": "-hardened1", - "name": "linux-hardened-4.19.197-hardened1.patch", - "sha256": "1cbcas5kl6k8hn60p08pvw073mrv8lkrav3pc9sxvdcscdbwkkpr", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.197-hardened1/linux-hardened-4.19.197-hardened1.patch" + "name": "linux-hardened-4.19.198-hardened1.patch", + "sha256": "18c5j00xiwc0xn5klcrwazk6wvjiy3cixbfbrw4xj7zal9r5p6q9", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.198-hardened1/linux-hardened-4.19.198-hardened1.patch" }, "5.10": { "extra": "-hardened1", -- cgit 1.4.1 From 60e9f5c2d76c7892b1031884723a6a3f45e7552e Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Tue, 20 Jul 2021 19:07:17 +0000 Subject: linux/hardened/patches/5.10: 5.10.51-hardened1 -> 5.10.52-hardened1 --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific/linux') diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 7a296d4ec57..6edd5c798e8 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -13,9 +13,9 @@ }, "5.10": { "extra": "-hardened1", - "name": "linux-hardened-5.10.51-hardened1.patch", - "sha256": "0s9q7vlhnsd484kzg9mnqc7zab09ch3i3w654wvhkxk9zy4kgzhr", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.51-hardened1/linux-hardened-5.10.51-hardened1.patch" + "name": "linux-hardened-5.10.52-hardened1.patch", + "sha256": "062a32rb1g5xk1npiz9fa114k7g4x9pmygycn3alc0phngjmvr98", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.52-hardened1/linux-hardened-5.10.52-hardened1.patch" }, "5.12": { "extra": "-hardened1", -- cgit 1.4.1 From a718b4ae916113e98a4a113ffc52c53106d1bd97 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Tue, 20 Jul 2021 19:07:18 +0000 Subject: linux/hardened/patches/5.12: 5.12.18-hardened1 -> 5.12.19-hardened1 --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific/linux') diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 6edd5c798e8..d4a12754554 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -19,9 +19,9 @@ }, "5.12": { "extra": "-hardened1", - "name": "linux-hardened-5.12.18-hardened1.patch", - "sha256": "0mlff4ylnx1pvswamhsms9366jw618ic8w42rnzrwqhasfnwkqjb", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.12.18-hardened1/linux-hardened-5.12.18-hardened1.patch" + "name": "linux-hardened-5.12.19-hardened1.patch", + "sha256": "1nr3922gd6il69k5cpp9g3knpy6yjb6jsmpi9k4v02bkvypg86dc", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.12.19-hardened1/linux-hardened-5.12.19-hardened1.patch" }, "5.4": { "extra": "-hardened1", -- cgit 1.4.1 From ac887a4abc6529cf7817539db2709107cfbad573 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Tue, 20 Jul 2021 19:07:19 +0000 Subject: linux/hardened/patches/5.4: 5.4.133-hardened1 -> 5.4.134-hardened1 --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'pkgs/os-specific/linux') diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index d4a12754554..412e5041500 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -25,8 +25,8 @@ }, "5.4": { "extra": "-hardened1", - "name": "linux-hardened-5.4.133-hardened1.patch", - "sha256": "0nnsyl2fxv7nnj7c47nnr753yh5x3wbny7ml8x23f5zdvjz43yfj", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.133-hardened1/linux-hardened-5.4.133-hardened1.patch" + "name": "linux-hardened-5.4.134-hardened1.patch", + "sha256": "0iay6dxwd1vqj02ljf0ghncrqpr6b0gby90xiza8kkk8wnh3r9hh", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.134-hardened1/linux-hardened-5.4.134-hardened1.patch" } } -- cgit 1.4.1