diff options
| author | Alyssa Ross <hi@alyssa.is> | 2020-07-13 23:20:04 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2020-07-13 23:21:06 +0000 |
| commit | a42c1d6d62656dcf9bd85de620f2e200a5ad22d8 (patch) | |
| tree | 7d481fea9872f62a034452612be17f4494159baa /nixpkgs/pkgs/os-specific/linux/kernel/hardened | |
| parent | 55f69a6b0e53c1c4b3e0396937c53bf5662b5519 (diff) | |
| parent | 9480bae337095fd24f61380bce3174fdfe926a00 (diff) | |
| download | nixlib-a42c1d6d62656dcf9bd85de620f2e200a5ad22d8.tar nixlib-a42c1d6d62656dcf9bd85de620f2e200a5ad22d8.tar.gz nixlib-a42c1d6d62656dcf9bd85de620f2e200a5ad22d8.tar.bz2 nixlib-a42c1d6d62656dcf9bd85de620f2e200a5ad22d8.tar.lz nixlib-a42c1d6d62656dcf9bd85de620f2e200a5ad22d8.tar.xz nixlib-a42c1d6d62656dcf9bd85de620f2e200a5ad22d8.tar.zst nixlib-a42c1d6d62656dcf9bd85de620f2e200a5ad22d8.zip | |
Merge commit '9480bae337095fd24f61380bce3174fdfe926a00'
This is the last nixos-unstable release before 13b2903169f, which I'm a bit nervous about. So I want the update including that one to be as small as possible, hence going to this one first.
Diffstat (limited to 'nixpkgs/pkgs/os-specific/linux/kernel/hardened')
| -rw-r--r-- | nixpkgs/pkgs/os-specific/linux/kernel/hardened/config.nix | 5 | ||||
| -rw-r--r-- | nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json | 24 |
2 files changed, 15 insertions, 14 deletions
diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/hardened/config.nix b/nixpkgs/pkgs/os-specific/linux/kernel/hardened/config.nix index 95510fe218e3..c817f1044271 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/hardened/config.nix +++ b/nixpkgs/pkgs/os-specific/linux/kernel/hardened/config.nix @@ -40,11 +40,12 @@ assert (versionAtLeast version "4.9"); # Perform additional validation of commonly targeted structures. DEBUG_CREDENTIALS = yes; DEBUG_NOTIFIERS = yes; - DEBUG_PI_LIST = yes; # doesn't BUG() + DEBUG_PI_LIST = whenOlder "5.2" yes; # doesn't BUG() + DEBUG_PLIST = whenAtLeast "5.2" yes; DEBUG_SG = yes; SCHED_STACK_END_CHECK = yes; - REFCOUNT_FULL = whenAtLeast "4.13" yes; + REFCOUNT_FULL = whenBetween "4.13" "5.5" yes; # Randomize page allocator when page_alloc.shuffle=1 SHUFFLE_PAGE_ALLOCATOR = whenAtLeast "5.2" yes; diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json b/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json index 59e6e768a4b2..654615ebe500 100644 --- a/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/nixpkgs/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -1,22 +1,22 @@ { "4.14": { - "name": "linux-hardened-4.14.182.a.patch", - "sha256": "1kkchcv3qkm41rgscm12ii852q2846crbpvafywz31qg62lb6qig", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.182.a/linux-hardened-4.14.182.a.patch" + "name": "linux-hardened-4.14.184.a.patch", + "sha256": "1g12kz6ikdwp6b7000pfy3myga90mvxyl04b9267fk88jwih6yhk", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.184.a/linux-hardened-4.14.184.a.patch" }, "4.19": { - "name": "linux-hardened-4.19.125.a.patch", - "sha256": "1dhb8syp4j7hc4mx3s7c2x0gxil5dw7jh0swfqzjm02npbwpp19r", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.125.a/linux-hardened-4.19.125.a.patch" + "name": "linux-hardened-4.19.128.a.patch", + "sha256": "19ayzx9rf4j31ypavxwamd290lm95wmi7v165avxslahnx6pdsxs", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.128.a/linux-hardened-4.19.128.a.patch" }, "5.4": { - "name": "linux-hardened-5.4.43.a.patch", - "sha256": "14d9sg1f2a0fnr2q9z6ck5biip1kbzqqwlg4xzpwv83vaycq4i3b", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.43.a/linux-hardened-5.4.43.a.patch" + "name": "linux-hardened-5.4.46.a.patch", + "sha256": "0f2d53na7g6dhiba2ym09lm4fp3hwm6kw6mpm5jk46jmb6j7iwk5", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.46.a/linux-hardened-5.4.46.a.patch" }, "5.6": { - "name": "linux-hardened-5.6.15.a.patch", - "sha256": "0gvp4mra07aj22mrjj8gzd3k7z1zafvak461iajrxfjhzh1z3bdf", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.15.a/linux-hardened-5.6.15.a.patch" + "name": "linux-hardened-5.6.18.a.patch", + "sha256": "0idvgjg7kji4w3341acfqywi0qqn3pvxcmiz70cd7inhlqaqrw63", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.18.a/linux-hardened-5.6.18.a.patch" } } |