about summary refs log tree commit diff
path: root/pkgs/os-specific/linux/kernel/hardened
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/os-specific/linux/kernel/hardened')
-rw-r--r--pkgs/os-specific/linux/kernel/hardened/config.nix5
-rw-r--r--pkgs/os-specific/linux/kernel/hardened/patches.json24
2 files changed, 15 insertions, 14 deletions
diff --git a/pkgs/os-specific/linux/kernel/hardened/config.nix b/pkgs/os-specific/linux/kernel/hardened/config.nix
index 95510fe218e3..c817f1044271 100644
--- a/pkgs/os-specific/linux/kernel/hardened/config.nix
+++ b/pkgs/os-specific/linux/kernel/hardened/config.nix
@@ -40,11 +40,12 @@ assert (versionAtLeast version "4.9");
   # Perform additional validation of commonly targeted structures.
   DEBUG_CREDENTIALS     = yes;
   DEBUG_NOTIFIERS       = yes;
-  DEBUG_PI_LIST         = yes; # doesn't BUG()
+  DEBUG_PI_LIST         = whenOlder "5.2" yes; # doesn't BUG()
+  DEBUG_PLIST           = whenAtLeast "5.2" yes;
   DEBUG_SG              = yes;
   SCHED_STACK_END_CHECK = yes;
 
-  REFCOUNT_FULL = whenAtLeast "4.13" yes;
+  REFCOUNT_FULL = whenBetween "4.13" "5.5" yes;
 
   # Randomize page allocator when page_alloc.shuffle=1
   SHUFFLE_PAGE_ALLOCATOR = whenAtLeast "5.2" yes;
diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json
index 59e6e768a4b2..2e4ea7478065 100644
--- a/pkgs/os-specific/linux/kernel/hardened/patches.json
+++ b/pkgs/os-specific/linux/kernel/hardened/patches.json
@@ -1,22 +1,22 @@
 {
     "4.14": {
-        "name": "linux-hardened-4.14.182.a.patch",
-        "sha256": "1kkchcv3qkm41rgscm12ii852q2846crbpvafywz31qg62lb6qig",
-        "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.182.a/linux-hardened-4.14.182.a.patch"
+        "name": "linux-hardened-4.14.183.a.patch",
+        "sha256": "0k9dg37q3hcm13iyw662indwy23aylc03ldqfn7613c7ymqmbzj7",
+        "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.183.a/linux-hardened-4.14.183.a.patch"
     },
     "4.19": {
-        "name": "linux-hardened-4.19.125.a.patch",
-        "sha256": "1dhb8syp4j7hc4mx3s7c2x0gxil5dw7jh0swfqzjm02npbwpp19r",
-        "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.125.a/linux-hardened-4.19.125.a.patch"
+        "name": "linux-hardened-4.19.127.a.patch",
+        "sha256": "00nfcs5yn2a70an3ygzzv4s3qa3hf7pni4ad70aw87vyvrqlyx3k",
+        "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.127.a/linux-hardened-4.19.127.a.patch"
     },
     "5.4": {
-        "name": "linux-hardened-5.4.43.a.patch",
-        "sha256": "14d9sg1f2a0fnr2q9z6ck5biip1kbzqqwlg4xzpwv83vaycq4i3b",
-        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.43.a/linux-hardened-5.4.43.a.patch"
+        "name": "linux-hardened-5.4.45.a.patch",
+        "sha256": "0gihrcxqg3hax20xhvna4lmgsivari6wwsyqz09w34v8p1fhd5nx",
+        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.45.a/linux-hardened-5.4.45.a.patch"
     },
     "5.6": {
-        "name": "linux-hardened-5.6.15.a.patch",
-        "sha256": "0gvp4mra07aj22mrjj8gzd3k7z1zafvak461iajrxfjhzh1z3bdf",
-        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.15.a/linux-hardened-5.6.15.a.patch"
+        "name": "linux-hardened-5.6.17.a.patch",
+        "sha256": "0nci30k7xh56b6454cd0hkpvpkfqb98cqdpvjaamlnmiphz4sk1f",
+        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.6.17.a/linux-hardened-5.6.17.a.patch"
     }
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-23 09:23:30 +0000