diff options
-rw-r--r-- | pkgs/os-specific/linux/kernel/patches.nix | 10 | ||||
-rw-r--r-- | pkgs/top-level/all-packages.nix | 23 |
2 files changed, 28 insertions, 5 deletions
diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index a5de48298e11..4f8d57acc17b 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, pkgs }: +{ stdenv, fetchurl, fetchpatch, pkgs }: let @@ -140,4 +140,12 @@ rec { { name = "qat_common_Makefile"; patch = ./qat_common_Makefile.patch; }; + + hiddev_CVE_2016_5829 = + { name = "hiddev_CVE_2016_5829"; + patch = fetchpatch { + url = "https://sources.debian.net/data/main/l/linux/4.6.3-1/debian/patches/bugfix/all/HID-hiddev-validate-num_values-for-HIDIOCGUSAGES-HID.patch"; + sha256 = "14rm1qr87p7a5prz8g5fwbpxzdp3ighj095x8rvhm8csm20wspyy"; + }; + }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 38d7250d2800..4d40567f262e 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -10938,7 +10938,10 @@ in }; linux_4_1 = callPackage ../os-specific/linux/kernel/linux-4.1.nix { - kernelPatches = [ kernelPatches.bridge_stp_helper ] + kernelPatches = + [ kernelPatches.bridge_stp_helper + kernelPatches.hiddev_CVE_2016_5829 + ] ++ lib.optionals ((platform.kernelArch or null) == "mips") [ kernelPatches.mips_fpureg_emu kernelPatches.mips_fpu_sigill @@ -10947,7 +10950,11 @@ in }; linux_4_4 = callPackage ../os-specific/linux/kernel/linux-4.4.nix { - kernelPatches = [ kernelPatches.bridge_stp_helper kernelPatches.qat_common_Makefile ] + kernelPatches = + [ kernelPatches.bridge_stp_helper + kernelPatches.qat_common_Makefile + kernelPatches.hiddev_CVE_2016_5829 + ] ++ lib.optionals ((platform.kernelArch or null) == "mips") [ kernelPatches.mips_fpureg_emu kernelPatches.mips_fpu_sigill @@ -10956,7 +10963,11 @@ in }; linux_4_5 = callPackage ../os-specific/linux/kernel/linux-4.5.nix { - kernelPatches = [ kernelPatches.bridge_stp_helper kernelPatches.qat_common_Makefile ] + kernelPatches = + [ kernelPatches.bridge_stp_helper + kernelPatches.qat_common_Makefile + kernelPatches.hiddev_CVE_2016_5829 + ] ++ lib.optionals ((platform.kernelArch or null) == "mips") [ kernelPatches.mips_fpureg_emu kernelPatches.mips_fpu_sigill @@ -10965,7 +10976,11 @@ in }; linux_4_6 = callPackage ../os-specific/linux/kernel/linux-4.6.nix { - kernelPatches = [ kernelPatches.bridge_stp_helper kernelPatches.qat_common_Makefile ] + kernelPatches = + [ kernelPatches.bridge_stp_helper + kernelPatches.qat_common_Makefile + kernelPatches.hiddev_CVE_2016_5829 + ] ++ lib.optionals ((platform.kernelArch or null) == "mips") [ kernelPatches.mips_fpureg_emu kernelPatches.mips_fpu_sigill |