From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: [PATCH 1/1] gnu: linux-libre@4.1, linux-libre@4.4, linux-libre@4.9: Fix CVE-2017-6074. Date: Wed, 22 Feb 2017 12:11:48 -0500 Message-ID: Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:35184) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cgaSk-00064e-8Y for guix-devel@gnu.org; Wed, 22 Feb 2017 12:12:23 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cgaSh-0000HS-Ja for guix-devel@gnu.org; Wed, 22 Feb 2017 12:12:22 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:52757) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cgaSh-0000HG-34 for guix-devel@gnu.org; Wed, 22 Feb 2017 12:12:19 -0500 Received: from localhost.localdomain (c-73-188-17-148.hsd1.pa.comcast.net [73.188.17.148]) by mail.messagingengine.com (Postfix) with ESMTPA id 08EB97E31E for ; Wed, 22 Feb 2017 12:12:18 -0500 (EST) List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org * gnu/packages/linux.scm (linux-libre-4.1, linux-libre-4.4, linux-libre-4.9): Add patch for CVE-2017-6074. --- gnu/packages/linux.scm | 36 +++++++++++++++++++++++++++++++++--- 1 file changed, 33 insertions(+), 3 deletions(-) diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 5342c7f92..a6c564b27 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -351,19 +351,49 @@ It has been modified to remove all non-free binary blobs.") (make-linux-libre "4.9.11" "1gypfg2984zr4z7hihnl3bbpxnk1mrqbynb6xd8ad2v2z04aw13q" %intel-compatible-systems - #:configuration-file kernel-config)) + #:configuration-file kernel-config + #:patches + (list %boot-logo-patch + (origin + (method url-fetch) + (uri "\ +https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4") + (file-name "linux-libre-CVE-2017-6074.patch") + (sha256 + (base32 + "1x40slfz1qxgiaznyy13bwlh34450pkyyrkljpyjlx6c4mrzb1jj")))))) (define-public linux-libre-4.4 (make-linux-libre "4.4.50" "0c157kk0vgrb1fsyy4q3czqdg4npgql82n6p303afy8ylh2w6d3l" %intel-compatible-systems - #:configuration-file kernel-config)) + #:configuration-file kernel-config + #:patches + (list %boot-logo-patch + (origin + (method url-fetch) + (uri "\ +https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4") + (file-name "linux-libre-CVE-2017-6074.patch") + (sha256 + (base32 + "1x40slfz1qxgiaznyy13bwlh34450pkyyrkljpyjlx6c4mrzb1jj")))))) (define-public linux-libre-4.1 (make-linux-libre "4.1.38" "165kmzglhg63hn7y4q7r6cb2dpsljxiq1czvgyx0bkd1vd2bcvsa" %intel-compatible-systems - #:configuration-file kernel-config)) + #:configuration-file kernel-config + #:patches + (list %boot-logo-patch + (origin + (method url-fetch) + (uri "\ +https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4") + (file-name "linux-libre-CVE-2017-6074.patch") + (sha256 + (base32 + "1x40slfz1qxgiaznyy13bwlh34450pkyyrkljpyjlx6c4mrzb1jj")))))) (define-public linux-libre-arm-generic (make-linux-libre %linux-libre-version -- 2.11.1