Merge pull request #22910 from joachifm/linux_4_9

linux_4_9: version bump and cve patch

pkgs/os-specific/linux/kernel/linux-4.9.nix

@@ -1,12 +1,12 @@
 { stdenv, fetchurl, perl, buildLinux, ... } @ args:
 
 import ./generic.nix (args // rec {
-  version = "4.9.9";
+  version = "4.9.10";
   extraMeta.branch = "4.9";
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "1vnr6688gg8njmivdzlx21v1f3w02ahca194bjvm15apajcccd96";
+    sha256 = "098mcq3rg05gpammcdfhr2xhcy69ggc9h5g18m4ymnfqdx3havmx";
   };
 
   kernelPatches = args.kernelPatches;

pkgs/os-specific/linux/kernel/patches.nix

@@ -175,4 +175,13 @@ rec {
       };
     };
 
+  sctp_bug_on_CVE_2017_5986 = rec
+    { name = "sctp_BUG_ON_CVE_2017_5986.patch";
+      patch = fetchpatch {
+        inherit name;
+        url = "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=2dcab598484185dea7ec22219c76dcdd59e3cb90";
+        sha256 = "15np10bfm5yzby9zbkrh23qpm91wnprblsk0xn9yjryypnz8njxh";
+      };
+    };
+
 }

pkgs/top-level/all-packages.nix

@@ -11294,6 +11294,7 @@ with pkgs;
         # !!! 4.7 patch doesn't apply, 4.9 patch not up yet, will keep checking
         # kernelPatches.cpu-cgroup-v2."4.7"
         kernelPatches.modinst_arg_list_too_long
+        kernelPatches.sctp_bug_on_CVE_2017_5986
       ]
       ++ lib.optionals ((platform.kernelArch or null) == "mips")
       [ kernelPatches.mips_fpureg_emu