diff options
| author | Vladimír Čunát <vcunat@gmail.com> | 2017-12-04 09:33:39 +0100 |
|---|---|---|
| committer | Vladimír Čunát <vcunat@gmail.com> | 2017-12-04 09:33:39 +0100 |
| commit | 13797ff5224817abcb05926de842eb4e0fb41382 (patch) | |
| tree | 4183d237a06f5aef217d2223729ba6ce17378c2f /pkgs/os-specific/linux/kernel | |
| parent | 561de381bcccfe6792f2908a5022449a05ae0050 (diff) | |
| download | nixpkgs-13797ff5224817abcb05926de842eb4e0fb41382.tar nixpkgs-13797ff5224817abcb05926de842eb4e0fb41382.tar.gz nixpkgs-13797ff5224817abcb05926de842eb4e0fb41382.tar.bz2 nixpkgs-13797ff5224817abcb05926de842eb4e0fb41382.tar.lz nixpkgs-13797ff5224817abcb05926de842eb4e0fb41382.tar.xz nixpkgs-13797ff5224817abcb05926de842eb4e0fb41382.tar.zst nixpkgs-13797ff5224817abcb05926de842eb4e0fb41382.zip | |
linux-4.13: mark as insecure (+required generic changes)
extraMeta was being fed as passthru without being processed by stdenv, so without those changes, adding the security attribute would be useless.
Diffstat (limited to 'pkgs/os-specific/linux/kernel')
| -rw-r--r-- | pkgs/os-specific/linux/kernel/generic.nix | 7 | ||||
| -rw-r--r-- | pkgs/os-specific/linux/kernel/linux-4.13.nix | 6 | ||||
| -rw-r--r-- | pkgs/os-specific/linux/kernel/manual-config.nix | 4 |
3 files changed, 11 insertions, 6 deletions
diff --git a/pkgs/os-specific/linux/kernel/generic.nix b/pkgs/os-specific/linux/kernel/generic.nix index c2f4e6843f5..0d2b7655edb 100644 --- a/pkgs/os-specific/linux/kernel/generic.nix +++ b/pkgs/os-specific/linux/kernel/generic.nix @@ -118,7 +118,7 @@ let }; kernel = buildLinux { - inherit version modDirVersion src kernelPatches stdenv; + inherit version modDirVersion src kernelPatches stdenv extraMeta; configfile = configfile.nativeDrv or configfile; @@ -131,10 +131,7 @@ let passthru = { features = kernelFeatures; - - meta = kernel.meta // extraMeta; - - passthru = kernel.passthru // (removeAttrs passthru [ "passthru" "meta" ]); + passthru = kernel.passthru // (removeAttrs passthru [ "passthru" ]); }; nativeDrv = lib.addPassthru kernel.nativeDrv passthru; diff --git a/pkgs/os-specific/linux/kernel/linux-4.13.nix b/pkgs/os-specific/linux/kernel/linux-4.13.nix index 72ae02bbecd..767f7e35422 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.13.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.13.nix @@ -4,6 +4,12 @@ import ./generic.nix (args // rec { version = "4.13.16"; extraMeta.branch = "4.13"; + # TODO: perhaps try being more concrete (ideally CVE numbers). + extraMeta.knownVulnerabilities = [ + "ALSA: usb-audio: Fix potential out-of-bound access at parsing SU" + "eCryptfs: use after free in ecryptfs_release_messaging()" + ]; + src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; sha256 = "0cf7prqzl1ajbgl98w0symdyn0k5wl5xaf1l5ldgy6l083yg69dh"; diff --git a/pkgs/os-specific/linux/kernel/manual-config.nix b/pkgs/os-specific/linux/kernel/manual-config.nix index b4ee23079d9..9124559ef7a 100644 --- a/pkgs/os-specific/linux/kernel/manual-config.nix +++ b/pkgs/os-specific/linux/kernel/manual-config.nix @@ -39,6 +39,8 @@ in { config ? stdenv.lib.optionalAttrs allowImportFromDerivation (readConfig configfile), # Cross-compiling config crossConfig ? if allowImportFromDerivation then (readConfig crossConfigfile) else config, + # Use defaultMeta // extraMeta + extraMeta ? {}, # Whether to utilize the controversial import-from-derivation feature to parse the config allowImportFromDerivation ? false }: @@ -228,7 +230,7 @@ let maintainers.thoughtpolice ]; platforms = platforms.linux; - }; + } // extraMeta; }; in |