cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
nixpkgs/pkgs/os-specific/linux/kernel/patches.nix
Raito Bezarius 99e65bb00d linux_*, except testing, 4.14: apply patch for CVE-2023-32233 
This applies the patch for CVE-2023-32233 from kernel 4.19 until 6.3,
testing (6.4-rc1 at the moment) is excluded because it already have the
fix and 4.14 doesn't have this fix queued for the next stable kernel.
2023-05-09 22:50:32 +02:00

74 lines
2.1 KiB
Nix
Raw Blame History

{ lib, fetchpatch, fetchurl }:
{
ath_regd_optional = rec {
name = "ath_regd_optional";
patch = fetchpatch {
name = name + ".patch";
url = "https://github.com/openwrt/openwrt/raw/ed2015c38617ed6624471e77f27fbb0c58c8c660/package/kernel/mac80211/patches/ath/402-ath_regd_optional.patch";
sha256 = "1ssDXSweHhF+pMZyd6kSrzeW60eb6MO6tlf0il17RC0=";
postFetch = ''
sed -i 's/CPTCFG_/CONFIG_/g' $out
sed -i '/--- a\/local-symbols/,$d' $out
'';
};
};
bridge_stp_helper =
{ name = "bridge-stp-helper";
patch = ./bridge-stp-helper.patch;
};
request_key_helper =
{ name = "request-key-helper";
patch = ./request-key-helper.patch;
};
request_key_helper_updated =
{ name = "request-key-helper-updated";
patch = ./request-key-helper-updated.patch;
};
modinst_arg_list_too_long =
{ name = "modinst-arglist-too-long";
patch = ./modinst-arg-list-too-long.patch;
};
cpu-cgroup-v2 = import ./cpu-cgroup-v2-patches;
hardened = let
mkPatch = kernelVersion: { version, sha256, patch }: let src = patch; in {
name = lib.removeSuffix ".patch" src.name;
patch = fetchurl (lib.filterAttrs (k: v: k != "extra") src);
extra = src.extra;
inherit version sha256;
};
patches = lib.importJSON ./hardened/patches.json;
in lib.mapAttrs mkPatch patches;
# Adapted for Linux 5.4 from:
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04896832c94aae4842100cafb8d3a73e1bed3a45
rtl8761b_support =
{ name = "rtl8761b-support";
patch = ./rtl8761b-support.patch;
};
export-rt-sched-migrate = {
name = "export-rt-sched-migrate";
patch = ./export-rt-sched-migrate.patch;
};
fix-em-ice-bonding = {
name = "fix-em-ice-bonding";
patch = ./fix-em-ice-bonding.patch;
};
CVE-2023-32233 = rec {
name = "CVE-2023-32233";
patch = fetchpatch {
name = name + ".patch";
url = "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c1592a89942e9678f7d9c8030efa777c0d57edab";
hash = "sha256-DYPWgraXPNeFkjtuDYkFXHnCJ4yDewrukM2CCAqC2BE=";
};
};
}
Reference in a new issue View git blame Copy permalink