diff --git a/nixos/tests/kernel-generic.nix b/nixos/tests/kernel-generic.nix index 3e74554de339..82d9118c6fb1 100644 --- a/nixos/tests/kernel-generic.nix +++ b/nixos/tests/kernel-generic.nix @@ -31,6 +31,7 @@ let linux_5_10_hardened linux_5_15_hardened linux_6_1_hardened + linux_6_3_hardened linux_testing; }; diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 48cf3595dbc1..cc093f220046 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -2,61 +2,71 @@ "4.14": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-4.14.317-hardened1.patch", - "sha256": "11jfmfanziq1k96147ddsavs1jaf201gsxpfm9i2qkz6jqrmqrsn", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.317-hardened1/linux-hardened-4.14.317-hardened1.patch" + "name": "linux-hardened-4.14.319-hardened1.patch", + "sha256": "1dz59az2k1lg5csx70p4nb634cv57b7ij554hkvln7bp6m9cm1ga", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.319-hardened1/linux-hardened-4.14.319-hardened1.patch" }, - "sha256": "0c1wy0m0jnjpc6scrw1y97wsg2d18vb1bi31i1qzlxvgmrd8zwlc", - "version": "4.14.317" + "sha256": "1y8zp9jkyid4g857nfm7xhsya3d9vx2dni8l7ishn2gl087pb95c", + "version": "4.14.319" }, "4.19": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-4.19.285-hardened1.patch", - "sha256": "183q8c6jxss5q9vp1vvi3l233s0jf0lbn5sylavwzgdjm5anbjdr", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.285-hardened1/linux-hardened-4.19.285-hardened1.patch" + "name": "linux-hardened-4.19.287-hardened1.patch", + "sha256": "1my4j6i549xw2zzbxnbaarby7584ysy4l1xgw3x8cc848l2m1iqp", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.287-hardened1/linux-hardened-4.19.287-hardened1.patch" }, - "sha256": "05nwivdk4w939vrrbn5p2yai1rz7kxqa4bl5f3n6d867b59pg8da", - "version": "4.19.285" + "sha256": "0wracrahi4qm6klsd9bnlwwdcaqbclx2mqc5d7vbvxxzfn69nsi8", + "version": "4.19.287" }, "5.10": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.10.183-hardened1.patch", - "sha256": "13rpr4bgvm6zi7vpf2syxbixgbzcyqz774xil4ffyzi8zqcnbz8s", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.183-hardened1/linux-hardened-5.10.183-hardened1.patch" + "name": "linux-hardened-5.10.185-hardened1.patch", + "sha256": "05abqsbsr6mjj0yxwwwf2hwsxd3z3jj2wkj0frd1ygb06njkvpjz", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.185-hardened1/linux-hardened-5.10.185-hardened1.patch" }, - "sha256": "06b1nlwaqs7g3323zxp1bxfilqpbj700x591vqa9dx6a6p39g520", - "version": "5.10.183" + "sha256": "143hghmj4lxiyavndvdmwg5mig8s2i4ffrmd8zwqqwy8ipn641i8", + "version": "5.10.185" }, "5.15": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.15.116-hardened1.patch", - "sha256": "0bg4yjix7n22r2q97rcrc5svggkczap98ljq3b11688nfjnxbgbp", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.116-hardened1/linux-hardened-5.15.116-hardened1.patch" + "name": "linux-hardened-5.15.118-hardened1.patch", + "sha256": "07knyxmb0j2bf117md2glyyqj892n4p4jq2ahd8s90fp0x8g6z9a", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.15.118-hardened1/linux-hardened-5.15.118-hardened1.patch" }, - "sha256": "16hpdqlkz2g2pjcml7j55yfym6nbp0zg8f2r969wq9jkpg8wj5zn", - "version": "5.15.116" + "sha256": "1cxm7s19l2f38chxrlvx7crvqcygmc77rhsc3lfx3m84vgdg8ssf", + "version": "5.15.118" }, "5.4": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-5.4.246-hardened1.patch", - "sha256": "07i8g34r9f6fjnx8bxikydik42s5nyp95q6rfl3rq48q418jd766", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.246-hardened1/linux-hardened-5.4.246-hardened1.patch" + "name": "linux-hardened-5.4.248-hardened1.patch", + "sha256": "0zd1s6xxpv6j2hmm56x4pg9dxakrmkf29x3vv6pjq3hmcp8ihs4s", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.248-hardened1/linux-hardened-5.4.248-hardened1.patch" }, - "sha256": "1snrgvpqpmc0d4aphq8flsmlcjjx9kgknymjlrmazl4ghl57jf09", - "version": "5.4.246" + "sha256": "0d9yn51rg59k39h0w6wmvjqz9n7najm9x8yb79rparbcwwrd3gis", + "version": "5.4.248" }, "6.1": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-6.1.33-hardened1.patch", - "sha256": "1mfimfs9v6a852vrpckr9v0hlbqy34c3lj5fj50m7m8x25qsin5a", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.33-hardened1/linux-hardened-6.1.33-hardened1.patch" + "name": "linux-hardened-6.1.35-hardened1.patch", + "sha256": "0s9ld5dnzxyizm8bdv4dc8lh3yfqv45hd65k0sc4swlnb1k96dxb", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.1.35-hardened1/linux-hardened-6.1.35-hardened1.patch" }, - "sha256": "1kfj7mi3n2lfaw4spz5cbvcl1md038figabyg80fha3kxal6nzdq", - "version": "6.1.33" + "sha256": "1b16pk0b45k1q53nzbwv6wh0aqn160b1kip8scywf3axpi1q2dmy", + "version": "6.1.35" + }, + "6.3": { + "patch": { + "extra": "-hardened1", + "name": "linux-hardened-6.3.1-hardened1.patch", + "sha256": "0wlp6azlkj9xbkwxyari28ixini0jvw2dl653i7ns4l27p0gmayx", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.3.1-hardened1/linux-hardened-6.3.1-hardened1.patch" + }, + "sha256": "0aizkgwdmdjrgab67yjfaqcmvfh7wb3b3mdq9qfxpq6mlys0yqkq", + "version": "6.3.1" } } diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix index a41e15e863df..5d759c36acfe 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.14.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "4.14.319"; + version = "4.14.320"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = versions.pad 3 version; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "1y8zp9jkyid4g857nfm7xhsya3d9vx2dni8l7ishn2gl087pb95c"; + sha256 = "09bn18jvazkc55bqdjbxy8fbca7vjhi9xl2h02w0sq3f1jf6g0pd"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-4.19.nix b/pkgs/os-specific/linux/kernel/linux-4.19.nix index 147c8f1396f7..47c8cc9cbe05 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.19.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.19.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "4.19.287"; + version = "4.19.288"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = versions.pad 3 version; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "0wracrahi4qm6klsd9bnlwwdcaqbclx2mqc5d7vbvxxzfn69nsi8"; + sha256 = "1sz3jp6kx0axdwp0wsq903q1090rbav9d12m5128335m8p2d1srk"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-5.10.nix b/pkgs/os-specific/linux/kernel/linux-5.10.nix index a94a85fd02a3..f550778eac90 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.10.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.10.185"; + version = "5.10.186"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = versions.pad 3 version; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "143hghmj4lxiyavndvdmwg5mig8s2i4ffrmd8zwqqwy8ipn641i8"; + sha256 = "1qqv91r13akgik1q4jybf8czskxxizk6lpv4rsvjn9sx2dm2jq0y"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-5.15.nix b/pkgs/os-specific/linux/kernel/linux-5.15.nix index c25fdecffa37..2eb629ab6446 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.15.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.15.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.15.118"; + version = "5.15.119"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = versions.pad 3 version; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1cxm7s19l2f38chxrlvx7crvqcygmc77rhsc3lfx3m84vgdg8ssf"; + sha256 = "1kygpqf6sgkrwg77sv01di23c3n3rn5d44g8k5apx5106pys19bs"; }; } // (args.argsOverride or { })) diff --git a/pkgs/os-specific/linux/kernel/linux-5.4.nix b/pkgs/os-specific/linux/kernel/linux-5.4.nix index c5d708ff6d99..99205ad33962 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.4.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.4.248"; + version = "5.4.249"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = versions.pad 3 version; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "0d9yn51rg59k39h0w6wmvjqz9n7najm9x8yb79rparbcwwrd3gis"; + sha256 = "079mylc5j7hk5xn59q3z2xydyh88pq7yipn67x3y7nvf5i35hm6w"; }; } // (args.argsOverride or {})) diff --git a/pkgs/os-specific/linux/kernel/linux-6.1.nix b/pkgs/os-specific/linux/kernel/linux-6.1.nix index b3d7132ca905..0d14248c5fe1 100644 --- a/pkgs/os-specific/linux/kernel/linux-6.1.nix +++ b/pkgs/os-specific/linux/kernel/linux-6.1.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "6.1.35"; + version = "6.1.36"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = versions.pad 3 version; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v6.x/linux-${version}.tar.xz"; - sha256 = "1b16pk0b45k1q53nzbwv6wh0aqn160b1kip8scywf3axpi1q2dmy"; + sha256 = "0szyiah4avicqvlmadjxyh3i9b0xi9ipqjg1qrqgzf9h1wq0xjnq"; }; } // (args.argsOverride or { })) diff --git a/pkgs/os-specific/linux/kernel/linux-6.3.nix b/pkgs/os-specific/linux/kernel/linux-6.3.nix index e6778222b004..9a5d1ad8e5c4 100644 --- a/pkgs/os-specific/linux/kernel/linux-6.3.nix +++ b/pkgs/os-specific/linux/kernel/linux-6.3.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "6.3.9"; + version = "6.3.10"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = versions.pad 3 version; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v6.x/linux-${version}.tar.xz"; - sha256 = "0gmi55hhdw1f1qyvd04v17x596yh8wis42vmcd8vhymik49z5v21"; + sha256 = "1qs6rmh0hk47rmz30fhjj3g7bqrz19w1ldyv6fyiq6djja3avag0"; }; } // (args.argsOverride or { })) diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index 972235c7f852..2b46be2199a8 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -66,4 +66,12 @@ hash = "sha256-DYPWgraXPNeFkjtuDYkFXHnCJ4yDewrukM2CCAqC2BE="; }; }; + + fix-amdgpu-5_15 = { + name = "fix-amdgpu-crash"; + patch = fetchpatch { + url = "https://lore.kernel.org/stable/20230628111636.23300-1-mario.limonciello@amd.com/raw"; + sha256 = "sha256-eAzy+bMiOJwzssOuvrMu7gmmV3PZezaDuVwwx7zNt6M="; + }; + }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index bfb8cca7cdfb..4876e40926bb 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -27460,6 +27460,8 @@ with pkgs; linux_5_15_hardened = linuxKernel.kernels.linux_5_15_hardened; linuxPackages_6_1_hardened = linuxKernel.packages.linux_6_1_hardened; linux_6_1_hardened = linuxKernel.kernels.linux_6_1_hardened; + linuxPackages_6_3_hardened = linuxKernel.packages.linux_6_3_hardened; + linux_6_3_hardened = linuxKernel.kernels.linux_6_3_hardened; # Hardkernel (Odroid) kernels. linuxPackages_hardkernel_latest = linuxKernel.packageAliases.linux_hardkernel_latest; diff --git a/pkgs/top-level/linux-kernels.nix b/pkgs/top-level/linux-kernels.nix index fea9eea010be..3f448f4cdeb0 100644 --- a/pkgs/top-level/linux-kernels.nix +++ b/pkgs/top-level/linux-kernels.nix @@ -150,6 +150,7 @@ in { kernelPatches = [ kernelPatches.bridge_stp_helper kernelPatches.request_key_helper + kernelPatches.fix-amdgpu-5_15 ]; }; @@ -275,6 +276,7 @@ in { linux_5_10_hardened = hardenedKernelFor kernels.linux_5_10 { }; linux_5_15_hardened = hardenedKernelFor kernels.linux_5_15 { }; linux_6_1_hardened = hardenedKernelFor kernels.linux_6_1 { }; + linux_6_3_hardened = hardenedKernelFor kernels.linux_6_3 { }; } // lib.optionalAttrs config.allowAliases { linux_4_9 = throw "linux 4.9 was removed because it will reach its end of life within 22.11"; @@ -621,6 +623,7 @@ in { linux_5_10_hardened = recurseIntoAttrs (packagesFor kernels.linux_5_10_hardened); linux_5_15_hardened = recurseIntoAttrs (packagesFor kernels.linux_5_15_hardened); linux_6_1_hardened = recurseIntoAttrs (packagesFor kernels.linux_6_1_hardened); + linux_6_3_hardened = recurseIntoAttrs (packagesFor kernels.linux_6_3_hardened); linux_zen = recurseIntoAttrs (packagesFor kernels.linux_zen); linux_lqx = recurseIntoAttrs (packagesFor kernels.linux_lqx);