From 33574c570879548f1999343aa487e6e9f22503bd Mon Sep 17 00:00:00 2001 From: Sander van der Burg Date: Mon, 19 Jul 2021 19:09:00 +0200 Subject: [PATCH 01/16] arj: init at 3.10.22 (cherry picked from commit 37601fd76d96a8c83a980061adda9529d665d5b9) --- pkgs/tools/archivers/arj/default.nix | 150 +++++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 + 2 files changed, 152 insertions(+) create mode 100644 pkgs/tools/archivers/arj/default.nix diff --git a/pkgs/tools/archivers/arj/default.nix b/pkgs/tools/archivers/arj/default.nix new file mode 100644 index 00000000000..e09e390fa47 --- /dev/null +++ b/pkgs/tools/archivers/arj/default.nix @@ -0,0 +1,150 @@ +{stdenv, lib, fetchurl, fetchpatch, autoreconfHook}: + +stdenv.mkDerivation rec { + pname = "arj"; + version = "3.10.22"; + + src = fetchurl { + url = "mirror://sourceforge/${pname}/${pname}-${version}.tar.gz"; + sha256 = "1nx7jqxwqkihhdmdbahhzqhjqshzw1jcsvwddmxrwrn8rjdlr7jq"; + }; + + patches = [ + (fetchpatch { + url = "https://sources.debian.org/data/main/a/arj/3.10.22-24/debian/patches/001_arches_align.patch"; + sha256 = "0i3qclm2mh98c04rqpx1r4qagd3wpxlkj7lvq0ddpkmr8bm0fh0m"; + }) + + (fetchpatch { + url = "https://sources.debian.org/data/main/a/arj/3.10.22-24/debian/patches/002_no_remove_static_const.patch"; + sha256 = "0zfjqmjsj0y1kfzxbp29v6nxq5qwgazhb9clqc544sm5zn0bdp8n"; + }) + + (fetchpatch { + url = "https://sources.debian.org/data/main/a/arj/3.10.22-24/debian/patches/003_64_bit_clean.patch"; + sha256 = "0mda9fkaqf2s1xl6vlbkbq20362h3is9dpml9kfmacpbifl4dx3n"; + }) + + (fetchpatch { + url = "https://sources.debian.org/data/main/a/arj/3.10.22-24/debian/patches/004_parallel_build.patch"; + sha256 = "0gam6k7jknzmbjlf1r6c9kjh5s5h76pd31v59cnaqiycwiy8z6q9"; + }) + + (fetchpatch { + url = "https://sources.debian.org/data/main/a/arj/3.10.22-24/debian/patches/005_use_system_strnlen.patch"; + sha256 = "0q0ypm8mdsxd0rl1k0id6fdx5m7mvqgwcla4r250cmc6zqzpib6d"; + }) + + (fetchpatch { + url = "https://sources.debian.org/data/main/a/arj/3.10.22-24/debian/patches/006_use_safe_strcpy.patch"; + sha256 = "1garad95s34cix3kd77lz37andrcnz19glzkfdnkjaq7ldvzwikc"; + }) + + (fetchpatch { + url = "https://sources.debian.org/data/main/a/arj/3.10.22-24/debian/patches/hurd_no_fcntl_getlk.patch"; + sha256 = "0b3hpn4qypimrw9ar2n4h24886sl6pmim4lb4ly1wqcq0f73arva"; + }) + + (fetchpatch { + url = "https://sources.debian.org/data/main/a/arj/3.10.22-24/debian/patches/security_format.patch"; + sha256 = "0q67cvln55p38bm0xwd2cgppqmkp2nfar2pg1zj78f7ncn35lbvf"; + }) + + (fetchpatch { + url = "https://sources.debian.org/data/main/a/arj/3.10.22-24/debian/patches/doc_refer_robert_k_jung.patch"; + sha256 = "1wxdx0m6a9vdvjlaycwsissn75l1ni7grg8n6qmkynz2vrcvgzb1"; + }) + + (fetchpatch { + url = "https://sources.debian.org/data/main/a/arj/3.10.22-24/debian/patches/gnu_build_fix.patch"; + sha256 = "19ycp1rak7l6ql28m50v95ls621w3sl8agw5r5va73svkgh8hc3g"; + }) + + (fetchpatch { + url = "https://sources.debian.org/data/main/a/arj/3.10.22-24/debian/patches/gnu_build_flags.patch"; + sha256 = "1jw1y9i9lw1idgi4l9cycwsql1hcz1m4f3k2iybwsgx0acaw695q"; + }) + + (fetchpatch { + url = "https://sources.debian.org/data/main/a/arj/3.10.22-24/debian/patches/gnu_build_strip.patch"; + sha256 = "1b18khj6cxnjyqk2ycygwqlcs20hrsbf4h6bckl99dxnpbq5blxi"; + }) + + (fetchpatch { + url = "https://sources.debian.org/data/main/a/arj/3.10.22-24/debian/patches/gnu_build_pie.patch"; + sha256 = "1jqswxgc1plipblf055n9175fbanfi6fb67lnzk8dcvxjn227fs3"; + }) + + (fetchpatch { + url = "https://sources.debian.org/data/main/a/arj/3.10.22-24/debian/patches/self_integrity_64bit.patch"; + sha256 = "0s5zdq81a0f83hdg9hy6lqn3xvckx9y9r20awczm9mbf11vi01cb"; + }) + + (fetchpatch { + url = "https://sources.debian.org/data/main/a/arj/3.10.22-24/debian/patches/security-afl.patch"; + sha256 = "0yajcwpghij8wg21a0kkp3f9x7anz5m121jx2vnkyn04bvi9541a"; + }) + + (fetchpatch { + url = "https://sources.debian.org/data/main/a/arj/3.10.22-24/debian/patches/security-traversal-dir.patch"; + sha256 = "10lv3867k0wm2s0cyf40hkxfqbjaxm4aph5ivk2q2rjkracrn2y4"; + }) + + (fetchpatch { + url = "https://sources.debian.org/data/main/a/arj/3.10.22-24/debian/patches/security-traversal-symlink.patch"; + sha256 = "095pdfskxwh0jnyy31dpz10s2ppv8n7lvvn4q722y3g71d0c79qq"; + }) + + (fetchpatch { + url = "https://sources.debian.org/data/main/a/arj/3.10.22-24/debian/patches/out-of-bounds-read.patch"; + sha256 = "0ps9lqkbqzlhzr2bnr47sir431z1nywr7nagkmk42iki4d96v0jq"; + }) + + (fetchpatch { + url = "https://sources.debian.org/data/main/a/arj/3.10.22-24/debian/patches/remove_build_date.patch"; + sha256 = "1vjlfq6firxpj068l9acyqs77mfydn1rwgr2jmxgsy9mq0fw1dsc"; + }) + + (fetchpatch { + url = "https://sources.debian.org/data/main/a/arj/3.10.22-24/debian/patches/reproducible_help_archive.patch"; + sha256 = "0l3qi9f140pwc6fk8qdbxx4g9d8zlf45asimmr8wfpbi4pf59n8i"; + }) + + (fetchpatch { + url = "https://sources.debian.org/data/main/a/arj/3.10.22-24/debian/patches/gnu_build_cross.patch"; + sha256 = "1vb0vbh3jbxj192q47vg3f41l343ghcz2ypbrrm2bkbpwm5cl8qr"; + }) + + (fetchpatch { + url = "https://sources.debian.org/data/main/a/arj/3.10.22-24/debian/patches/fix-time_t-usage.patch"; + sha256 = "012c6pnf5y4jwn715kxn3vjy088rm905959j6yh8bslyx84qaijv"; + }) + + (fetchpatch { + url = "https://sources.debian.org/data/main/a/arj/3.10.22-24/debian/patches/gnu_build_fix_autoreconf.patch"; + sha256 = "0yhxbdasnbqcg1nyx2379fpbr7fmdlv4n2nlxrv1z1vbc7rlvw9d"; + }) + ]; + + nativeBuildInputs = [ autoreconfHook ]; + + preAutoreconf = '' + cd gnu + ''; + + postConfigure = '' + cd .. + ''; + + meta = with lib; { + description = "Open-source implementation of the world-famous ARJ archiver"; + longDescription = '' + This version of ARJ has been created with an intent to preserve maximum + compatibility and retain the feature set of the original ARJ archiver as + provided by ARJ Software, Inc. + ''; + license = licenses.gpl2Plus; + maintainers = [ maintainers.sander ]; + platforms = platforms.unix; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 91a0792812b..9a46a640a85 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -1099,6 +1099,8 @@ in argyllcms = callPackage ../tools/graphics/argyllcms {}; + arj = callPackage ../tools/archivers/arj { }; + arp-scan = callPackage ../tools/misc/arp-scan { }; inherit (callPackages ../data/fonts/arphic {}) From 21c1bbc973b4753da7ac7402bedd6d53faeada36 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Tue, 20 Jul 2021 19:06:15 +0000 Subject: [PATCH 02/16] linux: 4.14.239 -> 4.14.240 (cherry picked from commit 82af4b58ee24caaec68e3803763c0e6dbedf3784) --- pkgs/os-specific/linux/kernel/linux-4.14.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix index 5b94b7ea9b6..ccecc433a4a 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.14.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "4.14.239"; + version = "4.14.240"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "167zwm3giizv42m0xjz71xnb2swlwiaw0xw0dg8j8mb74hz1drx0"; + sha256 = "1k65qwzlnqnh9ym0n2fxpa8nk2qwvykwhwgaixk3b7ndzmr8b6c8"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_4_14 ]; From 0df57cdc249cea19abf1483f28d758edec834a88 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Tue, 20 Jul 2021 19:06:20 +0000 Subject: [PATCH 03/16] linux: 4.19.197 -> 4.19.198 (cherry picked from commit 9c153cccd2e1dbae481ac1578c36017b742adbd2) --- pkgs/os-specific/linux/kernel/linux-4.19.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/linux-4.19.nix b/pkgs/os-specific/linux/kernel/linux-4.19.nix index 3785c6b5536..4ed06ee2205 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.19.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.19.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "4.19.197"; + version = "4.19.198"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "10kj442qaky6rpl65k5rrvd3p6mdgz4p321zvf4s312ixfdja0g6"; + sha256 = "13k0r6a4n8nbni64a18wqzy0pg4vn1zw2li78xrm78rqcrnah85y"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_4_19 ]; From 8e34af05ab91c79d277dff566ceb930e086970c3 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Tue, 20 Jul 2021 19:06:26 +0000 Subject: [PATCH 04/16] linux: 4.4.275 -> 4.4.276 (cherry picked from commit 067c21c9647fcc9e38b77b67ad932672374f098f) --- pkgs/os-specific/linux/kernel/linux-4.4.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/linux-4.4.nix b/pkgs/os-specific/linux/kernel/linux-4.4.nix index 5b7050b7069..6c2595386e0 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.4.nix @@ -1,13 +1,13 @@ { buildPackages, fetchurl, perl, buildLinux, nixosTests, stdenv, ... } @ args: buildLinux (args // rec { - version = "4.4.275"; + version = "4.4.276"; extraMeta.branch = "4.4"; extraMeta.broken = stdenv.isAarch64; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1aiwq6019sibsw5smj6ii28cr64dv24c19k4n8c09nakhmhcg94i"; + sha256 = "1hf9h5kr1ws2lvinzq6cv7aps8af1kx4q8j4bsk2vv4i2zvmfr7y"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_4_4 ]; From 6f6efc8dda526a3d641a61f210c182caf529718f Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Tue, 20 Jul 2021 19:06:31 +0000 Subject: [PATCH 05/16] linux: 4.9.275 -> 4.9.276 (cherry picked from commit c6eff0d2f599621fa4936e2c605823e3489a7044) --- pkgs/os-specific/linux/kernel/linux-4.9.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/linux-4.9.nix b/pkgs/os-specific/linux/kernel/linux-4.9.nix index 71a5f5eec31..0dc5cfeae6e 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.9.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.9.nix @@ -1,13 +1,13 @@ { buildPackages, fetchurl, perl, buildLinux, nixosTests, stdenv, ... } @ args: buildLinux (args // rec { - version = "4.9.275"; + version = "4.9.276"; extraMeta.branch = "4.9"; extraMeta.broken = stdenv.isAarch64; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "08mz7mzmhk5n1gwadrc5fw8s40jk0rayvdpjcricl4sv56574lb6"; + sha256 = "16jp05jhmqcp8lawqga69gxn1acdkxsskn3a6wf0635863fky3hv"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_4_9 ]; From 243d04c44432abc9d4450c13e4a702e7910c99d3 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Tue, 20 Jul 2021 19:06:37 +0000 Subject: [PATCH 06/16] linux: 5.10.51 -> 5.10.52 (cherry picked from commit f61350ac8916d99611aaf5b8fcb6be120114c7e9) --- pkgs/os-specific/linux/kernel/linux-5.10.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/linux-5.10.nix b/pkgs/os-specific/linux/kernel/linux-5.10.nix index 23e4099438b..f59cca3e12f 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.10.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.10.51"; + version = "5.10.52"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1qkssvqk29svn10ws3lrnzfbmlvzrixkf7r7lslc7k3lqa9yiflm"; + sha256 = "0ydf09wsg0pkjm9dk8y730ksg15p5rlbhq445zx8k191zah5g7kn"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_10 ]; From 33f224ada6f4dc107c9dd9b3517265dba3b9a730 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Tue, 20 Jul 2021 19:06:43 +0000 Subject: [PATCH 07/16] linux: 5.12.18 -> 5.12.19 (cherry picked from commit a703195804f27720118120bf80fda99531969fe2) --- pkgs/os-specific/linux/kernel/linux-5.12.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/linux-5.12.nix b/pkgs/os-specific/linux/kernel/linux-5.12.nix index fe180d95563..e1e7aec2ce2 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.12.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.12.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.12.18"; + version = "5.12.19"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "12sjscf53z6fc1jah3i2578r3a0i7rkw2jmqi0w328a22i0paakg"; + sha256 = "0wscz736n13m833cd12lskn47r0b8ki4fhgpjnwga0jsab9iqf79"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_12 ]; From 6b8d90260081ca16e6fe6827ae4c9cccdffa8e30 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Tue, 20 Jul 2021 19:06:49 +0000 Subject: [PATCH 08/16] linux: 5.13.3 -> 5.13.4 (cherry picked from commit 5b3a23670c3bdbd3a4ad7e7fe62c4e4c9e0132d9) --- pkgs/os-specific/linux/kernel/linux-5.13.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/linux-5.13.nix b/pkgs/os-specific/linux/kernel/linux-5.13.nix index 4bb0f5deef1..82defad373b 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.13.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.13.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.13.3"; + version = "5.13.4"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1ir80wn019kslv6ysiqxdvarrjlr8b3skk1s43cwki3x2cjnxskq"; + sha256 = "0v3x1q1r0r8lyjg5hsj7yayfxqcgfj01p86ya4s0i9jaclpwv4ki"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_13 ]; From dacef47f628277637c958a7100c93405807c5800 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Tue, 20 Jul 2021 19:06:55 +0000 Subject: [PATCH 09/16] linux: 5.4.133 -> 5.4.134 (cherry picked from commit ebd057e9efd8e8810c011b0dba9840109bab65f3) --- pkgs/os-specific/linux/kernel/linux-5.4.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/linux-5.4.nix b/pkgs/os-specific/linux/kernel/linux-5.4.nix index 318d0887fb9..c4e08b685b5 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.4.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.4.133"; + version = "5.4.134"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "0c08jp5k5h4c2s4pbpyvnvzczr79jh833wy9jv15nkvqp3xnd8w9"; + sha256 = "0haqw1w6f8p330ydbsl7iml1x0qqrv63az6921p2a70n88b8dyy9"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_4 ]; From 0a96eec01270a5bcbb61ba30e83899487747867c Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Tue, 20 Jul 2021 19:07:15 +0000 Subject: [PATCH 10/16] linux/hardened/patches/4.14: 4.14.239-hardened1 -> 4.14.240-hardened1 (cherry picked from commit 02f4b95e1dfde6c71e230e9b4f17ab4323c306dd) --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 5ff1221e3bd..49d11fbab02 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -1,9 +1,9 @@ { "4.14": { "extra": "-hardened1", - "name": "linux-hardened-4.14.239-hardened1.patch", - "sha256": "1yfg6c75y1dp627qn8c4795sc9vwywc5dl95ngg8zk15n5d7j9in", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.239-hardened1/linux-hardened-4.14.239-hardened1.patch" + "name": "linux-hardened-4.14.240-hardened1.patch", + "sha256": "0j5zp0f8s4w3f60yam2spg3bx56bdjvv0mh632zlhchz8rdk5zs4", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.240-hardened1/linux-hardened-4.14.240-hardened1.patch" }, "4.19": { "extra": "-hardened1", From 3e9e9473cbc9cbae20dad9c4e256fc3e8576ea50 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Tue, 20 Jul 2021 19:07:16 +0000 Subject: [PATCH 11/16] linux/hardened/patches/4.19: 4.19.197-hardened1 -> 4.19.198-hardened1 (cherry picked from commit 8bf83e8c874642b020169c201866817bc1c8d402) --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 49d11fbab02..7a296d4ec57 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -7,9 +7,9 @@ }, "4.19": { "extra": "-hardened1", - "name": "linux-hardened-4.19.197-hardened1.patch", - "sha256": "1cbcas5kl6k8hn60p08pvw073mrv8lkrav3pc9sxvdcscdbwkkpr", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.197-hardened1/linux-hardened-4.19.197-hardened1.patch" + "name": "linux-hardened-4.19.198-hardened1.patch", + "sha256": "18c5j00xiwc0xn5klcrwazk6wvjiy3cixbfbrw4xj7zal9r5p6q9", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.198-hardened1/linux-hardened-4.19.198-hardened1.patch" }, "5.10": { "extra": "-hardened1", From d528d5874634617f4d89fe682c77e092e3cc3e7d Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Tue, 20 Jul 2021 19:07:17 +0000 Subject: [PATCH 12/16] linux/hardened/patches/5.10: 5.10.51-hardened1 -> 5.10.52-hardened1 (cherry picked from commit 60e9f5c2d76c7892b1031884723a6a3f45e7552e) --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 7a296d4ec57..6edd5c798e8 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -13,9 +13,9 @@ }, "5.10": { "extra": "-hardened1", - "name": "linux-hardened-5.10.51-hardened1.patch", - "sha256": "0s9q7vlhnsd484kzg9mnqc7zab09ch3i3w654wvhkxk9zy4kgzhr", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.51-hardened1/linux-hardened-5.10.51-hardened1.patch" + "name": "linux-hardened-5.10.52-hardened1.patch", + "sha256": "062a32rb1g5xk1npiz9fa114k7g4x9pmygycn3alc0phngjmvr98", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.52-hardened1/linux-hardened-5.10.52-hardened1.patch" }, "5.12": { "extra": "-hardened1", From 454e3fc4afe51953ad1062206e8a141364343f8f Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Tue, 20 Jul 2021 19:07:18 +0000 Subject: [PATCH 13/16] linux/hardened/patches/5.12: 5.12.18-hardened1 -> 5.12.19-hardened1 (cherry picked from commit a718b4ae916113e98a4a113ffc52c53106d1bd97) --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 6edd5c798e8..d4a12754554 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -19,9 +19,9 @@ }, "5.12": { "extra": "-hardened1", - "name": "linux-hardened-5.12.18-hardened1.patch", - "sha256": "0mlff4ylnx1pvswamhsms9366jw618ic8w42rnzrwqhasfnwkqjb", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.12.18-hardened1/linux-hardened-5.12.18-hardened1.patch" + "name": "linux-hardened-5.12.19-hardened1.patch", + "sha256": "1nr3922gd6il69k5cpp9g3knpy6yjb6jsmpi9k4v02bkvypg86dc", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.12.19-hardened1/linux-hardened-5.12.19-hardened1.patch" }, "5.4": { "extra": "-hardened1", From 2822d00c6a45f05436e473251904cfcd482df6aa Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Tue, 20 Jul 2021 19:07:19 +0000 Subject: [PATCH 14/16] linux/hardened/patches/5.4: 5.4.133-hardened1 -> 5.4.134-hardened1 (cherry picked from commit ac887a4abc6529cf7817539db2709107cfbad573) --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index d4a12754554..412e5041500 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -25,8 +25,8 @@ }, "5.4": { "extra": "-hardened1", - "name": "linux-hardened-5.4.133-hardened1.patch", - "sha256": "0nnsyl2fxv7nnj7c47nnr753yh5x3wbny7ml8x23f5zdvjz43yfj", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.133-hardened1/linux-hardened-5.4.133-hardened1.patch" + "name": "linux-hardened-5.4.134-hardened1.patch", + "sha256": "0iay6dxwd1vqj02ljf0ghncrqpr6b0gby90xiza8kkk8wnh3r9hh", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.134-hardened1/linux-hardened-5.4.134-hardened1.patch" } } From 8fe750c560f222348e93b5d16f236d38e2492e89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Janne=20He=C3=9F?= Date: Tue, 20 Jul 2021 15:27:15 +0200 Subject: [PATCH 15/16] systemd: Patch CVE-2021-33910 (cherry picked from commit b361dcf0bd3610d1fea6b44d72404add188da51d) --- pkgs/os-specific/linux/systemd/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix index c13f97fcde7..a33bb3c1a1d 100644 --- a/pkgs/os-specific/linux/systemd/default.nix +++ b/pkgs/os-specific/linux/systemd/default.nix @@ -157,6 +157,13 @@ stdenv.mkDerivation { url = "https://github.com/systemd/systemd/commit/ab1aa6368a883bce88e3162fee2bea14aacedf23.patch"; sha256 = "1b280l5jrjsg8qhsang199mpqjhkpix4c8bm3blknjnq9iv43add"; }) + + # Fix CVE-2021-33910, disclosed 2021-07-20 + (fetchpatch { + name = "CVE-2021-33910.patch"; + url = "https://github.com/systemd/systemd/commit/441e0115646d54f080e5c3bb0ba477c892861ab9.patch"; + sha256 = "1g1lk95igaadg67kah9bpi4zsc01rg398sd1247ghjsvl5hxn4v4"; + }) ]; postPatch = '' From 677b13b2c545ccfee579c020bf6a8fb595463524 Mon Sep 17 00:00:00 2001 From: Alyssa Ross Date: Wed, 30 Jun 2021 14:50:25 +0000 Subject: [PATCH 16/16] linuxPackages_latest: 5.12.12 -> 5.13 Fixes: 367a53a82b0 ("linux_5_13: init at 5.13") (cherry picked from commit 0c21d0fd7035d65e48d561a64d1ad1454c640aff) --- pkgs/top-level/all-packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 9a46a640a85..d12c932cf83 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -20716,7 +20716,7 @@ in # Update this when adding the newest kernel major version! # And update linux_latest_for_hardened below if the patches are already available - linuxPackages_latest = linuxPackages_5_12; + linuxPackages_latest = linuxPackages_5_13; linux_latest = linuxPackages_latest.kernel; # Realtime kernel packages.