diff options
-rw-r--r-- | pkgs/os-specific/linux/kernel/patches.nix | 9 | ||||
-rw-r--r-- | pkgs/top-level/all-packages.nix | 10 |
2 files changed, 19 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index bb6bff1a1f0..c5a6b999f85 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -174,4 +174,13 @@ rec { sha256 = "0mps33r4mnwiy0bmgrzgqkrk59yya17v6kzpv9024g4xlz61rk8p"; }; }; + + DCCP_double_free_vulnerability_CVE-2017-6074 = rec + { name = "DCCP_double_free_vulnerability_CVE-2017-6074.patch"; + patch = fetchpatch { + inherit name; + url = "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4"; + sha256 = "10dmv3d3gj8rvj9h40js4jh8xbr5wyaqiy0kd819mya441mj8ll2"; + }; + }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 1224593a2ab..9e1e6226f22 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -11273,6 +11273,7 @@ with pkgs; kernelPatches = [ kernelPatches.bridge_stp_helper kernelPatches.packet_fix_race_condition_CVE_2016_8655 + kernelPatches.DCCP_double_free_vulnerability_CVE-2017-6074 ] ++ lib.optionals ((platform.kernelArch or null) == "mips") [ kernelPatches.mips_fpureg_emu @@ -11285,6 +11286,7 @@ with pkgs; kernelPatches = with kernelPatches; [ bridge_stp_helper packet_fix_race_condition_CVE_2016_8655 + DCCP_double_free_vulnerability_CVE-2017-6074 ]; }; @@ -11293,6 +11295,7 @@ with pkgs; [ bridge_stp_helper lguest_entry-linkage packet_fix_race_condition_CVE_2016_8655 + DCCP_double_free_vulnerability_CVE-2017-6074 ] ++ lib.optionals ((platform.kernelArch or null) == "mips") [ kernelPatches.mips_fpureg_emu @@ -11304,6 +11307,7 @@ with pkgs; linux_3_12 = callPackage ../os-specific/linux/kernel/linux-3.12.nix { kernelPatches = with kernelPatches; [ bridge_stp_helper + DCCP_double_free_vulnerability_CVE-2017-6074 ] ++ lib.optionals ((platform.kernelArch or null) == "mips") [ kernelPatches.mips_fpureg_emu @@ -11315,6 +11319,7 @@ with pkgs; linux_4_1 = callPackage ../os-specific/linux/kernel/linux-4.1.nix { kernelPatches = [ kernelPatches.bridge_stp_helper + kernelPatches.DCCP_double_free_vulnerability_CVE-2017-6074 ] ++ lib.optionals ((platform.kernelArch or null) == "mips") [ kernelPatches.mips_fpureg_emu @@ -11327,6 +11332,7 @@ with pkgs; kernelPatches = [ kernelPatches.bridge_stp_helper kernelPatches.cpu-cgroup-v2."4.4" + kernelPatches.DCCP_double_free_vulnerability_CVE-2017-6074 ] ++ lib.optionals ((platform.kernelArch or null) == "mips") [ kernelPatches.mips_fpureg_emu @@ -11343,6 +11349,7 @@ with pkgs; # !!! 4.7 patch doesn't apply, 4.9 patch not up yet, will keep checking # kernelPatches.cpu-cgroup-v2."4.7" kernelPatches.modinst_arg_list_too_long + kernelPatches.DCCP_double_free_vulnerability_CVE-2017-6074 ] ++ lib.optionals ((platform.kernelArch or null) == "mips") [ kernelPatches.mips_fpureg_emu @@ -11371,6 +11378,7 @@ with pkgs; kernelPatches = [ kernelPatches.bridge_stp_helper kernelPatches.modinst_arg_list_too_long + kernelPatches.DCCP_double_free_vulnerability_CVE-2017-6074 ] ++ lib.optionals ((platform.kernelArch or null) == "mips") [ kernelPatches.mips_fpureg_emu kernelPatches.mips_fpu_sigill @@ -11383,6 +11391,7 @@ with pkgs; kernelPatches.chromiumos_mfd_fix_dependency kernelPatches.chromiumos_no_link_restrictions kernelPatches.genksyms_fix_segfault + kernelPatches.DCCP_double_free_vulnerability_CVE-2017-6074 ]; }; @@ -11390,6 +11399,7 @@ with pkgs; kernelPatches = [ kernelPatches.chromiumos_Kconfig_fix_entries_3_18 kernelPatches.chromiumos_no_link_restrictions kernelPatches.genksyms_fix_segfault + kernelPatches.DCCP_double_free_vulnerability_CVE-2017-6074 ]; }; |