diff options
author | Graham Christensen <graham@grahamc.com> | 2017-02-23 18:44:29 -0500 |
---|---|---|
committer | Graham Christensen <graham@grahamc.com> | 2017-02-23 18:44:43 -0500 |
commit | 1d68edbef48f30a4cefc33a85636099582411957 (patch) | |
tree | 29949e352faa0625afc7302bc9d6aebfe59255b4 | |
parent | c71bae03304c5c3437c9cecb68f6aa6e8dbe01f9 (diff) | |
download | nixlib-1d68edbef48f30a4cefc33a85636099582411957.tar nixlib-1d68edbef48f30a4cefc33a85636099582411957.tar.gz nixlib-1d68edbef48f30a4cefc33a85636099582411957.tar.bz2 nixlib-1d68edbef48f30a4cefc33a85636099582411957.tar.lz nixlib-1d68edbef48f30a4cefc33a85636099582411957.tar.xz nixlib-1d68edbef48f30a4cefc33a85636099582411957.tar.zst nixlib-1d68edbef48f30a4cefc33a85636099582411957.zip |
linux kernels: patch against DCCP double free (CVE-2017-6074)
-rw-r--r-- | pkgs/os-specific/linux/kernel/patches.nix | 9 | ||||
-rw-r--r-- | pkgs/top-level/all-packages.nix | 10 |
2 files changed, 19 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index bb6bff1a1f07..c5a6b999f855 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -174,4 +174,13 @@ rec { sha256 = "0mps33r4mnwiy0bmgrzgqkrk59yya17v6kzpv9024g4xlz61rk8p"; }; }; + + DCCP_double_free_vulnerability_CVE-2017-6074 = rec + { name = "DCCP_double_free_vulnerability_CVE-2017-6074.patch"; + patch = fetchpatch { + inherit name; + url = "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4"; + sha256 = "10dmv3d3gj8rvj9h40js4jh8xbr5wyaqiy0kd819mya441mj8ll2"; + }; + }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 1224593a2abb..9e1e6226f224 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -11273,6 +11273,7 @@ with pkgs; kernelPatches = [ kernelPatches.bridge_stp_helper kernelPatches.packet_fix_race_condition_CVE_2016_8655 + kernelPatches.DCCP_double_free_vulnerability_CVE-2017-6074 ] ++ lib.optionals ((platform.kernelArch or null) == "mips") [ kernelPatches.mips_fpureg_emu @@ -11285,6 +11286,7 @@ with pkgs; kernelPatches = with kernelPatches; [ bridge_stp_helper packet_fix_race_condition_CVE_2016_8655 + DCCP_double_free_vulnerability_CVE-2017-6074 ]; }; @@ -11293,6 +11295,7 @@ with pkgs; [ bridge_stp_helper lguest_entry-linkage packet_fix_race_condition_CVE_2016_8655 + DCCP_double_free_vulnerability_CVE-2017-6074 ] ++ lib.optionals ((platform.kernelArch or null) == "mips") [ kernelPatches.mips_fpureg_emu @@ -11304,6 +11307,7 @@ with pkgs; linux_3_12 = callPackage ../os-specific/linux/kernel/linux-3.12.nix { kernelPatches = with kernelPatches; [ bridge_stp_helper + DCCP_double_free_vulnerability_CVE-2017-6074 ] ++ lib.optionals ((platform.kernelArch or null) == "mips") [ kernelPatches.mips_fpureg_emu @@ -11315,6 +11319,7 @@ with pkgs; linux_4_1 = callPackage ../os-specific/linux/kernel/linux-4.1.nix { kernelPatches = [ kernelPatches.bridge_stp_helper + kernelPatches.DCCP_double_free_vulnerability_CVE-2017-6074 ] ++ lib.optionals ((platform.kernelArch or null) == "mips") [ kernelPatches.mips_fpureg_emu @@ -11327,6 +11332,7 @@ with pkgs; kernelPatches = [ kernelPatches.bridge_stp_helper kernelPatches.cpu-cgroup-v2."4.4" + kernelPatches.DCCP_double_free_vulnerability_CVE-2017-6074 ] ++ lib.optionals ((platform.kernelArch or null) == "mips") [ kernelPatches.mips_fpureg_emu @@ -11343,6 +11349,7 @@ with pkgs; # !!! 4.7 patch doesn't apply, 4.9 patch not up yet, will keep checking # kernelPatches.cpu-cgroup-v2."4.7" kernelPatches.modinst_arg_list_too_long + kernelPatches.DCCP_double_free_vulnerability_CVE-2017-6074 ] ++ lib.optionals ((platform.kernelArch or null) == "mips") [ kernelPatches.mips_fpureg_emu @@ -11371,6 +11378,7 @@ with pkgs; kernelPatches = [ kernelPatches.bridge_stp_helper kernelPatches.modinst_arg_list_too_long + kernelPatches.DCCP_double_free_vulnerability_CVE-2017-6074 ] ++ lib.optionals ((platform.kernelArch or null) == "mips") [ kernelPatches.mips_fpureg_emu kernelPatches.mips_fpu_sigill @@ -11383,6 +11391,7 @@ with pkgs; kernelPatches.chromiumos_mfd_fix_dependency kernelPatches.chromiumos_no_link_restrictions kernelPatches.genksyms_fix_segfault + kernelPatches.DCCP_double_free_vulnerability_CVE-2017-6074 ]; }; @@ -11390,6 +11399,7 @@ with pkgs; kernelPatches = [ kernelPatches.chromiumos_Kconfig_fix_entries_3_18 kernelPatches.chromiumos_no_link_restrictions kernelPatches.genksyms_fix_segfault + kernelPatches.DCCP_double_free_vulnerability_CVE-2017-6074 ]; }; |