From be2b2dff210295e04077b03d4a58fa248f5fe1c4 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Wed, 13 Sep 2017 12:51:07 -0400 Subject: [PATCH] gnu: linux-libre: Fix CVE-2017-1000251. * gnu/packages/linux.scm (linux-libre, linux-libre-4.9) (linux-libre-4.4, linux-libre-arm-generic): Add patch. --- gnu/packages/linux.scm | 60 ++++++++++++++++++++++++++++++++++++++---- 1 file changed, 55 insertions(+), 5 deletions(-) diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 28a5e5b885..40d9cf240c 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -374,32 +374,82 @@ It has been modified to remove all non-free binary blobs.") (make-linux-libre %linux-libre-version %linux-libre-hash %intel-compatible-systems - #:configuration-file kernel-config)) + #:configuration-file kernel-config + #:patches + (list %boot-logo-patch + (origin + (method url-fetch) + (uri "\ +https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=7c3899324f16a8e50764fc9804bf4b06ac023133") + (file-name "linux-libre-4.13-CVE-2017-1000251.patch") + (sha256 + (base32 + "11pxxrvfvpq9xfahdk73c64w2381w1yqchphjgylzahw4p6mjffh")))))) (define-public linux-libre-4.9 (make-linux-libre "4.9.49" "07k3zn6kqbbyrjmknwvx5d4pnblz9s8sarxym5lgjm8abpvjp347" %intel-compatible-systems - #:configuration-file kernel-config)) + #:configuration-file kernel-config + #:patches + (list %boot-logo-patch + (origin + (method url-fetch) + (uri "\ +https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=2bc1cc696eb173578162d6202a032fb46e3db1f4") + (file-name "linux-libre-4.9-CVE-2017-1000251.patch") + (sha256 + (base32 + "0mpl5mc9s0bs2ls9hvl8dfm8vfaicx87j3n32nswqj4yk61inma5")))))) (define-public linux-libre-4.4 (make-linux-libre "4.4.87" "0yiqs4i4ydgb2kg8xdyqk9rkhymrnd2dw7jf9wnn5kxfwc2nbqpj" %intel-compatible-systems - #:configuration-file kernel-config)) + #:configuration-file kernel-config + #:patches + (list %boot-logo-patch + (origin + (method url-fetch) + (uri "\ +https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=4a01092a5fa819397484fe2b50e9518356858156") + (file-name "linux-libre-4.4-CVE-2017-1000251.patch") + (sha256 + (base32 + "0zmkw9zvzpwy2ihiyfrw6mrf8qzv77cm23lxadr20qvzqlc1xzb3")))))) (define-public linux-libre-4.1 (make-linux-libre "4.1.43" "0ycqmvczj7lm7czilnwpyp14n2lzilyx7m43rsq1qdm2m5rp4q2w" %intel-compatible-systems - #:configuration-file kernel-config)) + #:configuration-file kernel-config + #:patches + (list %boot-logo-patch + (origin + (method url-fetch) + (uri "\ +https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=4a01092a5fa819397484fe2b50e9518356858156") + (file-name "linux-libre-4.4-CVE-2017-1000251.patch") + (sha256 + (base32 + "0zmkw9zvzpwy2ihiyfrw6mrf8qzv77cm23lxadr20qvzqlc1xzb3")))))) (define-public linux-libre-arm-generic (make-linux-libre %linux-libre-version %linux-libre-hash '("armhf-linux") #:defconfig "multi_v7_defconfig" - #:extra-version "arm-generic")) + #:extra-version "arm-generic" + #:patches + (list %boot-logo-patch + (origin + (method url-fetch) + (uri "\ +https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=7c3899324f16a8e50764fc9804bf4b06ac023133") + (file-name "linux-libre-4.13-CVE-2017-1000251.patch") + (sha256 + (base32 + "11pxxrvfvpq9xfahdk73c64w2381w1yqchphjgylzahw4p6mjffh")))))) ;;;