[Backport release-24.05] Linux Hardened Kernel Updates for 2024-11-06 (#354173)

This commit is contained in:
Fabián Heredia Montiel 2024-11-07 09:04:40 -06:00 committed by GitHub
commit 935ab9ef50
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 40 additions and 25 deletions

View File

@ -206,11 +206,11 @@ pkgs/development/python-modules/buildcatrust/ @ajs124 @lukegb @mweinelt
/nixos/tests/postgresql.nix @thoughtpolice /nixos/tests/postgresql.nix @thoughtpolice
# Hardened profile & related modules # Hardened profile & related modules
/nixos/modules/profiles/hardened.nix @joachifm /nixos/modules/profiles/hardened.nix @joachifm
/nixos/modules/security/lock-kernel-modules.nix @joachifm /nixos/modules/security/lock-kernel-modules.nix @joachifm
/nixos/modules/security/misc.nix @joachifm /nixos/modules/security/misc.nix @joachifm
/nixos/tests/hardened.nix @joachifm /nixos/tests/hardened.nix @joachifm
/pkgs/os-specific/linux/kernel/hardened/config.nix @joachifm /pkgs/os-specific/linux/kernel/hardened/ @fabianhjr @joachifm
# Home Automation # Home Automation
/nixos/modules/services/home-automation/home-assistant.nix @mweinelt /nixos/modules/services/home-automation/home-assistant.nix @mweinelt

View File

@ -31,6 +31,7 @@ let
linux_5_15_hardened linux_5_15_hardened
linux_6_1_hardened linux_6_1_hardened
linux_6_6_hardened linux_6_6_hardened
linux_6_11_hardened
linux_rt_5_4 linux_rt_5_4
linux_rt_5_10 linux_rt_5_10
linux_rt_5_15 linux_rt_5_15

View File

@ -12,22 +12,22 @@
"5.10": { "5.10": {
"patch": { "patch": {
"extra": "-hardened1", "extra": "-hardened1",
"name": "linux-hardened-v5.10.226-hardened1.patch", "name": "linux-hardened-v5.10.228-hardened1.patch",
"sha256": "1vxcr0f3ikkg10wcvq76djxzmhlc6h5fv34xf8vm48wfi7ryajbk", "sha256": "1fzpiv9gn2krbx2v61j1dzzsdm0qlgps4rjdkzmi8a8fv9g1iq0p",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/v5.10.226-hardened1/linux-hardened-v5.10.226-hardened1.patch" "url": "https://github.com/anthraxx/linux-hardened/releases/download/v5.10.228-hardened1/linux-hardened-v5.10.228-hardened1.patch"
}, },
"sha256": "19hwwl5sbya65mch7fwmji2cli9b8796zjqbmkybjrarg1j9m8gn", "sha256": "0wkvn49sdy9ykyz6cqdqd9yplqfhc6b255w6wc17ky182mzqvk3n",
"version": "5.10.226" "version": "5.10.228"
}, },
"5.15": { "5.15": {
"patch": { "patch": {
"extra": "-hardened1", "extra": "-hardened1",
"name": "linux-hardened-v5.15.167-hardened1.patch", "name": "linux-hardened-v5.15.170-hardened1.patch",
"sha256": "1mwww490bf5i1njzyprnamfn8n471r94klgn7wghwi2f5vsn6j9g", "sha256": "16b3dzfgx737hsr16n9j3v4lr1qrl5vgsjmmcri0szbcd5sm0620",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/v5.15.167-hardened1/linux-hardened-v5.15.167-hardened1.patch" "url": "https://github.com/anthraxx/linux-hardened/releases/download/v5.15.170-hardened1/linux-hardened-v5.15.170-hardened1.patch"
}, },
"sha256": "0c6s6l5sz9ibws7bymb393ww0z9i3amsk1yx0bahipz3xhc1yxdi", "sha256": "1ag7fvixhdcyxv6rqfsvq2wh02g64r4rx8izvfb33nfnld2nangx",
"version": "5.15.167" "version": "5.15.170"
}, },
"5.4": { "5.4": {
"patch": { "patch": {
@ -42,21 +42,31 @@
"6.1": { "6.1": {
"patch": { "patch": {
"extra": "-hardened1", "extra": "-hardened1",
"name": "linux-hardened-v6.1.112-hardened1.patch", "name": "linux-hardened-v6.1.115-hardened1.patch",
"sha256": "1kna12dhs1csg2cd9ixm261pgnc44v7q67njd0z1mnjrk9q1y7n6", "sha256": "1vly83nqpridysywj8aby6pmzjgz7jlk6ni957s9v05gfkvf906l",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/v6.1.112-hardened1/linux-hardened-v6.1.112-hardened1.patch" "url": "https://github.com/anthraxx/linux-hardened/releases/download/v6.1.115-hardened1/linux-hardened-v6.1.115-hardened1.patch"
}, },
"sha256": "094z3wfcxqx2rbi072i5frshpy6rdvk39aahwm9nc07vc8sxxn4b", "sha256": "0vxs6zj4p0ihcp11h3svqy3wa1yph0f1vzc8dlvqh60zgs1bmn0g",
"version": "6.1.112" "version": "6.1.115"
},
"6.11": {
"patch": {
"extra": "-hardened1",
"name": "linux-hardened-v6.11.6-hardened1.patch",
"sha256": "0g5drxsknvhcd80s1mwmbbc9d3v3qpj4c7rha95ygzwxidvagr9f",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/v6.11.6-hardened1/linux-hardened-v6.11.6-hardened1.patch"
},
"sha256": "1kiky6viwrgm47slpv234lfq1wrwj29p5rx168gix3q0jw0zcm69",
"version": "6.11.6"
}, },
"6.6": { "6.6": {
"patch": { "patch": {
"extra": "-hardened1", "extra": "-hardened1",
"name": "linux-hardened-v6.6.53-hardened1.patch", "name": "linux-hardened-v6.6.59-hardened1.patch",
"sha256": "09i25qrn18psyrzr8srav4zcbyqmn2z8ycfk9fix2pdfxsaxl8h9", "sha256": "1vdyryd0m9rr0z2pznq6jyxbdhy4w4x85c37gfl4sbbcs9549gnw",
"url": "https://github.com/anthraxx/linux-hardened/releases/download/v6.6.53-hardened1/linux-hardened-v6.6.53-hardened1.patch" "url": "https://github.com/anthraxx/linux-hardened/releases/download/v6.6.59-hardened1/linux-hardened-v6.6.59-hardened1.patch"
}, },
"sha256": "0yfpyiz57wz9rkwif6n3k2n87waw46ad0h7h0pwhnar53cfihp98", "sha256": "0vd76ccd4li4wsg04gc4nai9f4y1nknz967qby0i53y0v046hq93",
"version": "6.6.53" "version": "6.6.59"
} }
} }

View File

@ -27314,6 +27314,8 @@ with pkgs;
linux_6_1_hardened = linuxKernel.kernels.linux_6_1_hardened; linux_6_1_hardened = linuxKernel.kernels.linux_6_1_hardened;
linuxPackages_6_6_hardened = linuxKernel.packages.linux_6_6_hardened; linuxPackages_6_6_hardened = linuxKernel.packages.linux_6_6_hardened;
linux_6_6_hardened = linuxKernel.kernels.linux_6_6_hardened; linux_6_6_hardened = linuxKernel.kernels.linux_6_6_hardened;
linuxPackages_6_11_hardened = linuxKernel.packages.linux_6_11_hardened;
linux_6_11_hardened = linuxKernel.kernels.linux_6_11_hardened;
# GNU Linux-libre kernels # GNU Linux-libre kernels
linuxPackages-libre = linuxKernel.packages.linux_libre; linuxPackages-libre = linuxKernel.packages.linux_libre;

View File

@ -260,6 +260,7 @@ in {
linux_5_15_hardened = hardenedKernelFor kernels.linux_5_15 { }; linux_5_15_hardened = hardenedKernelFor kernels.linux_5_15 { };
linux_6_1_hardened = hardenedKernelFor kernels.linux_6_1 { }; linux_6_1_hardened = hardenedKernelFor kernels.linux_6_1 { };
linux_6_6_hardened = hardenedKernelFor kernels.linux_6_6 { }; linux_6_6_hardened = hardenedKernelFor kernels.linux_6_6 { };
linux_6_11_hardened = hardenedKernelFor kernels.linux_6_11 { };
} // lib.optionalAttrs config.allowAliases { } // lib.optionalAttrs config.allowAliases {
linux_4_9 = throw "linux 4.9 was removed because it will reach its end of life within 22.11"; linux_4_9 = throw "linux 4.9 was removed because it will reach its end of life within 22.11";
@ -662,6 +663,7 @@ in {
linux_5_15_hardened = recurseIntoAttrs (packagesFor kernels.linux_5_15_hardened); linux_5_15_hardened = recurseIntoAttrs (packagesFor kernels.linux_5_15_hardened);
linux_6_1_hardened = recurseIntoAttrs (packagesFor kernels.linux_6_1_hardened); linux_6_1_hardened = recurseIntoAttrs (packagesFor kernels.linux_6_1_hardened);
linux_6_6_hardened = recurseIntoAttrs (packagesFor kernels.linux_6_6_hardened); linux_6_6_hardened = recurseIntoAttrs (packagesFor kernels.linux_6_6_hardened);
linux_6_11_hardened = recurseIntoAttrs (packagesFor kernels.linux_6_11_hardened);
linux_zen = recurseIntoAttrs (packagesFor kernels.linux_zen); linux_zen = recurseIntoAttrs (packagesFor kernels.linux_zen);
linux_lqx = recurseIntoAttrs (packagesFor kernels.linux_lqx); linux_lqx = recurseIntoAttrs (packagesFor kernels.linux_lqx);