linux kernels: patch against DCCP double free (CVE-2017-6074)

pyrox.dev / nixpkgs

fork atom

lol

fork atom

Graham Christensen 9 years ago 1d68edbe c71bae03

+19

2 changed files

expand all

pkgs

os-specific

linux

kernel

patches.nix

top-level

all-packages.nix

pkgs/os-specific/linux/kernel/patches.nix

··· 174 174 sha256 = "0mps33r4mnwiy0bmgrzgqkrk59yya17v6kzpv9024g4xlz61rk8p"; 175 175 }; 176 176 }; 177 + 178 + DCCP_double_free_vulnerability_CVE-2017-6074 = rec 179 + { name = "DCCP_double_free_vulnerability_CVE-2017-6074.patch"; 180 + patch = fetchpatch { 181 + inherit name; 182 + url = "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4"; 183 + sha256 = "10dmv3d3gj8rvj9h40js4jh8xbr5wyaqiy0kd819mya441mj8ll2"; 184 + }; 185 + }; 177 186 }

+10

pkgs/top-level/all-packages.nix

··· 11273 11273 kernelPatches = 11274 11274 [ kernelPatches.bridge_stp_helper 11275 11275 kernelPatches.packet_fix_race_condition_CVE_2016_8655 11276 + kernelPatches.DCCP_double_free_vulnerability_CVE-2017-6074 11276 11277 ] 11277 11278 ++ lib.optionals ((platform.kernelArch or null) == "mips") 11278 11279 [ kernelPatches.mips_fpureg_emu ··· 11285 11286 kernelPatches = with kernelPatches; [ 11286 11287 bridge_stp_helper 11287 11288 packet_fix_race_condition_CVE_2016_8655 11289 + DCCP_double_free_vulnerability_CVE-2017-6074 11288 11290 ]; 11289 11291 }; 11290 11292 ··· 11293 11295 [ bridge_stp_helper 11294 11296 lguest_entry-linkage 11295 11297 packet_fix_race_condition_CVE_2016_8655 11298 + DCCP_double_free_vulnerability_CVE-2017-6074 11296 11299 ] 11297 11300 ++ lib.optionals ((platform.kernelArch or null) == "mips") 11298 11301 [ kernelPatches.mips_fpureg_emu ··· 11304 11307 linux_3_12 = callPackage ../os-specific/linux/kernel/linux-3.12.nix { 11305 11308 kernelPatches = with kernelPatches; 11306 11309 [ bridge_stp_helper 11310 + DCCP_double_free_vulnerability_CVE-2017-6074 11307 11311 ] 11308 11312 ++ lib.optionals ((platform.kernelArch or null) == "mips") 11309 11313 [ kernelPatches.mips_fpureg_emu ··· 11315 11319 linux_4_1 = callPackage ../os-specific/linux/kernel/linux-4.1.nix { 11316 11320 kernelPatches = 11317 11321 [ kernelPatches.bridge_stp_helper 11322 + kernelPatches.DCCP_double_free_vulnerability_CVE-2017-6074 11318 11323 ] 11319 11324 ++ lib.optionals ((platform.kernelArch or null) == "mips") 11320 11325 [ kernelPatches.mips_fpureg_emu ··· 11327 11332 kernelPatches = 11328 11333 [ kernelPatches.bridge_stp_helper 11329 11334 kernelPatches.cpu-cgroup-v2."4.4" 11335 + kernelPatches.DCCP_double_free_vulnerability_CVE-2017-6074 11330 11336 ] 11331 11337 ++ lib.optionals ((platform.kernelArch or null) == "mips") 11332 11338 [ kernelPatches.mips_fpureg_emu ··· 11343 11349 # !!! 4.7 patch doesn't apply, 4.9 patch not up yet, will keep checking 11344 11350 # kernelPatches.cpu-cgroup-v2."4.7" 11345 11351 kernelPatches.modinst_arg_list_too_long 11352 + kernelPatches.DCCP_double_free_vulnerability_CVE-2017-6074 11346 11353 ] 11347 11354 ++ lib.optionals ((platform.kernelArch or null) == "mips") 11348 11355 [ kernelPatches.mips_fpureg_emu ··· 11371 11378 kernelPatches = [ 11372 11379 kernelPatches.bridge_stp_helper 11373 11380 kernelPatches.modinst_arg_list_too_long 11381 + kernelPatches.DCCP_double_free_vulnerability_CVE-2017-6074 11374 11382 ] ++ lib.optionals ((platform.kernelArch or null) == "mips") [ 11375 11383 kernelPatches.mips_fpureg_emu 11376 11384 kernelPatches.mips_fpu_sigill ··· 11383 11391 kernelPatches.chromiumos_mfd_fix_dependency 11384 11392 kernelPatches.chromiumos_no_link_restrictions 11385 11393 kernelPatches.genksyms_fix_segfault 11394 + kernelPatches.DCCP_double_free_vulnerability_CVE-2017-6074 11386 11395 ]; 11387 11396 }; 11388 11397 ··· 11390 11399 kernelPatches = [ kernelPatches.chromiumos_Kconfig_fix_entries_3_18 11391 11400 kernelPatches.chromiumos_no_link_restrictions 11392 11401 kernelPatches.genksyms_fix_segfault 11402 + kernelPatches.DCCP_double_free_vulnerability_CVE-2017-6074 11393 11403 ]; 11394 11404 }; 11395 11405