linux: add patch to fix CVE-2016-8655

See https://lwn.net/Articles/708319/ for more information.
This commit is contained in:
Franz Pletz 2016-12-10 17:08:42 +01:00
parent ff15333fe4
commit 9074d9859e
No known key found for this signature in database
GPG Key ID: 846FDED7792617B4
2 changed files with 31 additions and 5 deletions

View File

@ -149,6 +149,14 @@ rec {
url = "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git"
+ "/patch/drivers/lguest/x86/core.c?id=cdd77e87eae52";
sha256 = "04xlx6al10cw039av6jkby7gx64zayj8m1k9iza40sw0fydcfqhc";
};
};
packet_fix_race_condition_CVE_2016_8655 =
{ name = "packet_fix_race_condition_CVE_2016_8655.patch";
patch = fetchpatch {
url = "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=84ac7260236a49c79eede91617700174c2c19b0c";
sha256 = "19viqjjgq8j8jiz5yhgmzwhqvhwv175q645qdazd1k69d25nv2ki";
};
};
};
}

View File

@ -10927,6 +10927,7 @@ in
linux_mptcp = callPackage ../os-specific/linux/kernel/linux-mptcp.nix {
kernelPatches =
[ kernelPatches.bridge_stp_helper
kernelPatches.packet_fix_race_condition_CVE_2016_8655
]
++ lib.optionals ((platform.kernelArch or null) == "mips")
[ kernelPatches.mips_fpureg_emu
@ -10936,11 +10937,18 @@ in
};
linux_rpi = callPackage ../os-specific/linux/kernel/linux-rpi.nix {
kernelPatches = [ kernelPatches.bridge_stp_helper ];
kernelPatches = with kernelPatches; [
bridge_stp_helper
packet_fix_race_condition_CVE_2016_8655
];
};
linux_3_10 = callPackage ../os-specific/linux/kernel/linux-3.10.nix {
kernelPatches = with kernelPatches; [ bridge_stp_helper lguest_entry-linkage ]
kernelPatches = with kernelPatches;
[ bridge_stp_helper
lguest_entry-linkage
packet_fix_race_condition_CVE_2016_8655
]
++ lib.optionals ((platform.kernelArch or null) == "mips")
[ kernelPatches.mips_fpureg_emu
kernelPatches.mips_fpu_sigill
@ -10949,7 +10957,11 @@ in
};
linux_3_12 = callPackage ../os-specific/linux/kernel/linux-3.12.nix {
kernelPatches = with kernelPatches; [ bridge_stp_helper crc_regression ]
kernelPatches = with kernelPatches;
[ bridge_stp_helper
crc_regression
packet_fix_race_condition_CVE_2016_8655
]
++ lib.optionals ((platform.kernelArch or null) == "mips")
[ kernelPatches.mips_fpureg_emu
kernelPatches.mips_fpu_sigill
@ -10958,7 +10970,10 @@ in
};
linux_3_18 = callPackage ../os-specific/linux/kernel/linux-3.18.nix {
kernelPatches = [ kernelPatches.bridge_stp_helper ]
kernelPatches =
[ kernelPatches.bridge_stp_helper
kernelPatches.packet_fix_race_condition_CVE_2016_8655
]
++ lib.optionals ((platform.kernelArch or null) == "mips")
[ kernelPatches.mips_fpureg_emu
kernelPatches.mips_fpu_sigill
@ -10969,6 +10984,7 @@ in
linux_4_1 = callPackage ../os-specific/linux/kernel/linux-4.1.nix {
kernelPatches =
[ kernelPatches.bridge_stp_helper
kernelPatches.packet_fix_race_condition_CVE_2016_8655
]
++ lib.optionals ((platform.kernelArch or null) == "mips")
[ kernelPatches.mips_fpureg_emu
@ -10981,6 +10997,7 @@ in
kernelPatches =
[ kernelPatches.bridge_stp_helper
kernelPatches.cpu-cgroup-v2."4.4"
kernelPatches.packet_fix_race_condition_CVE_2016_8655
]
++ lib.optionals ((platform.kernelArch or null) == "mips")
[ kernelPatches.mips_fpureg_emu
@ -10997,6 +11014,7 @@ in
# !!! 4.7 patch doesn't apply, 4.8 patch not up yet, will keep checking
# kernelPatches.cpu-cgroup-v2."4.7"
kernelPatches.modinst_arg_list_too_long
kernelPatches.packet_fix_race_condition_CVE_2016_8655
]
++ lib.optionals ((platform.kernelArch or null) == "mips")
[ kernelPatches.mips_fpureg_emu