summary refs log tree commit diff
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2016-12-09 18:21:19 -0500
committerMark H Weaver <mhw@netris.org>2016-12-09 18:36:03 -0500
commit1134e99d8600bb4eb6a8f0dda90858431c9a097f (patch)
tree8e01d5aa5d7ce6d36d07107721a057cdf6a57034
parent27991c97e64c95be4cae7f2b0a843565df329215 (diff)
downloadguix-1134e99d8600bb4eb6a8f0dda90858431c9a097f.tar.gz
gnu: linux-libre@4.4: Add fixes for CVE-2016-8655 et al.
* gnu/packages/linux.scm (linux-libre-4.4): Add patches for CVE-2016-8655 and
the vulnerability described in <http://seclists.org/oss-sec/2016/q4/644>.
-rw-r--r--gnu/packages/linux.scm20
1 files changed, 19 insertions, 1 deletions
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index b133dd94e3..a7a7f2d83d 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -336,7 +336,25 @@ It has been modified to remove all non-free binary blobs.")
   (make-linux-libre "4.4.37"
                     "1zw3hwpgxkxwplb81in5969vgbaamcwqarmxj3aq88yg6bqnh6b5"
                     %intel-compatible-systems
-                    #:configuration-file kernel-config))
+                    #:configuration-file kernel-config
+                    #:patches
+                    (list %boot-logo-patch
+                          (origin
+                            (method url-fetch)
+                            (uri "\
+https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=668dc0c33815e4f9ec02989785658516d343bc31")
+                            (file-name "linux-libre-4.4-CVE-2016-8655.patch")
+                            (sha256
+                             (base32
+                              "1bzgj36y8v7gflq3dlhmbbvvn9098a4yk4pcpixdz5c5pm7wrdv3")))
+                          (origin
+                            (method url-fetch)
+                            (uri "\
+https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=82330dbfb463389f2b0214dbcc69b78cc8e6cf8f")
+                            (file-name "linux-libre-4.4-iovec-fix.patch")
+                            (sha256
+                             (base32
+                              "1mqmgiqjm4pf4b3jzknclmdjfaqqr4708gcdgzhn84brrcm5iz30"))))))
 
 (define-public linux-libre-4.1
   (make-linux-libre "4.1.36"