diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2016-02-02 16:38:42 +0100 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2016-02-02 16:38:42 +0100 |
commit | 7b772ae3987d461318e76472756658a6160dac27 (patch) | |
tree | 4bb2038fde2f36c9a92c574a2bc0f00229864b5b /pkgs/os-specific | |
parent | b90f0116cd9581ba713cb58a5d51e5cc537795b3 (diff) |
linux: Update to 3.10.96, 3.12.53, 3.14.60, 3.18.26, 4.1.17, 4.4.1
Diffstat (limited to 'pkgs/os-specific')
-rw-r--r-- | pkgs/os-specific/linux/kernel/cve-2016-0728.patch | 78 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-3.10.nix | 6 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-3.12.nix | 6 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-3.14.nix | 7 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-3.18.nix | 6 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-4.1.nix | 6 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-4.4.nix | 7 |
7 files changed, 18 insertions, 98 deletions
diff --git a/pkgs/os-specific/linux/kernel/cve-2016-0728.patch b/pkgs/os-specific/linux/kernel/cve-2016-0728.patch deleted file mode 100644 index 5eec95c629303..0000000000000 --- a/pkgs/os-specific/linux/kernel/cve-2016-0728.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 05fd13592b60c3e9873f56705f80ff934e98b046 Mon Sep 17 00:00:00 2001 -From: David Howells <dhowells@redhat.com> -Date: Mon, 18 Jan 2016 10:53:31 +0000 -Subject: [PATCH] KEYS: Fix keyring ref leak in join_session_keyring() - -This fixes CVE-2016-0728. - -If a thread is asked to join as a session keyring the keyring that's already -set as its session, we leak a keyring reference. - -This can be tested with the following program: - - #include <stddef.h> - #include <stdio.h> - #include <sys/types.h> - #include <keyutils.h> - - int main(int argc, const char *argv[]) - { - int i = 0; - key_serial_t serial; - - serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, - "leaked-keyring"); - if (serial < 0) { - perror("keyctl"); - return -1; - } - - if (keyctl(KEYCTL_SETPERM, serial, - KEY_POS_ALL | KEY_USR_ALL) < 0) { - perror("keyctl"); - return -1; - } - - for (i = 0; i < 100; i++) { - serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, - "leaked-keyring"); - if (serial < 0) { - perror("keyctl"); - return -1; - } - } - - return 0; - } - -If, after the program has run, there something like the following line in -/proc/keys: - -3f3d898f I--Q--- 100 perm 3f3f0000 0 0 keyring leaked-keyring: empty - -with a usage count of 100 * the number of times the program has been run, -then the kernel is malfunctioning. If leaked-keyring has zero usages or -has been garbage collected, then the problem is fixed. - -Reported-by: Yevgeny Pats <yevgeny@perception-point.io> -Signed-off-by: David Howells <dhowells@redhat.com> -RH-bugzilla: 1298036 ---- - security/keys/process_keys.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c -index 43b4cddbf2b3..7877e5cd4e23 100644 ---- a/security/keys/process_keys.c -+++ b/security/keys/process_keys.c -@@ -794,6 +794,7 @@ long join_session_keyring(const char *name) - ret = PTR_ERR(keyring); - goto error2; - } else if (keyring == new->session_keyring) { -+ key_put(keyring); - ret = 0; - goto error2; - } --- -2.5.0 - diff --git a/pkgs/os-specific/linux/kernel/linux-3.10.nix b/pkgs/os-specific/linux/kernel/linux-3.10.nix index 6a4531d9deb48..afca9b9c35e46 100644 --- a/pkgs/os-specific/linux/kernel/linux-3.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-3.10.nix @@ -1,15 +1,15 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "3.10.92"; + version = "3.10.96"; extraMeta.branch = "3.10"; src = fetchurl { url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz"; - sha256 = "0z0jdix1mfpnnc8cxw7rzpnhxdayckpnrasvxi1qf0dwhcqgk92d"; + sha256 = "0wnlvbyg92q48kz5cn3bznjkkzpsik8z51dqhcxdpddy1k6iqb3k"; }; - kernelPatches = args.kernelPatches ++ [ { name = "cve-2016-0728"; patch = ./cve-2016-0728.patch; } ]; + kernelPatches = args.kernelPatches; features.iwlwifi = true; features.efiBootStub = true; diff --git a/pkgs/os-specific/linux/kernel/linux-3.12.nix b/pkgs/os-specific/linux/kernel/linux-3.12.nix index 1e58d4e50291e..378a2b854f9eb 100644 --- a/pkgs/os-specific/linux/kernel/linux-3.12.nix +++ b/pkgs/os-specific/linux/kernel/linux-3.12.nix @@ -1,15 +1,15 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "3.12.50"; + version = "3.12.53"; extraMeta.branch = "3.12"; src = fetchurl { url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz"; - sha256 = "1bn07wsrcbg4qgqd4v2810c3qc0ifbcza0fyj8s54yd78g9qj4lj"; + sha256 = "1f2h4z8lk1s0h5lw7n3yb47dhpbr7gzma7ifsslwhyjg7s44cb27"; }; - kernelPatches = args.kernelPatches ++ [ { name = "cve-2016-0728"; patch = ./cve-2016-0728.patch; } ]; + kernelPatches = args.kernelPatches; features.iwlwifi = true; features.efiBootStub = true; diff --git a/pkgs/os-specific/linux/kernel/linux-3.14.nix b/pkgs/os-specific/linux/kernel/linux-3.14.nix index 62f1be8b92b13..9ad5a336de3bb 100644 --- a/pkgs/os-specific/linux/kernel/linux-3.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-3.14.nix @@ -1,16 +1,15 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "3.14.58"; - # Remember to update grsecurity! + version = "3.14.60"; extraMeta.branch = "3.14"; src = fetchurl { url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz"; - sha256 = "0jw1023cpn4bjmi0db86lrxri9xj75cj8p2iqs44jabvh35idl7l"; + sha256 = "1zwq0j4slqg33z4yyk5s35hdzrq0g7jk1bd2kvgvkyqn1dkkvh0j"; }; - kernelPatches = args.kernelPatches ++ [ { name = "cve-2016-0728"; patch = ./cve-2016-0728.patch; } ]; + kernelPatches = args.kernelPatches; features.iwlwifi = true; features.efiBootStub = true; diff --git a/pkgs/os-specific/linux/kernel/linux-3.18.nix b/pkgs/os-specific/linux/kernel/linux-3.18.nix index 86258308c1e03..9b90ea3556b13 100644 --- a/pkgs/os-specific/linux/kernel/linux-3.18.nix +++ b/pkgs/os-specific/linux/kernel/linux-3.18.nix @@ -1,15 +1,15 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "3.18.25"; + version = "3.18.26"; extraMeta.branch = "3.18"; src = fetchurl { url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz"; - sha256 = "14pz8mvk48i2y1ffkhczjcm2icpb2g9xlpzyrvvis42n5178fjf6"; + sha256 = "0bhf8x1h5crc9kimprjs7q74p86gsqsdr8nz54nv33c6zmryqsic"; }; - kernelPatches = args.kernelPatches ++ [ { name = "cve-2016-0728"; patch = ./cve-2016-0728.patch; } ]; + kernelPatches = args.kernelPatches; features.iwlwifi = true; features.efiBootStub = true; diff --git a/pkgs/os-specific/linux/kernel/linux-4.1.nix b/pkgs/os-specific/linux/kernel/linux-4.1.nix index 29d4870597a37..fbcfa17a8bc78 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.1.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.1.nix @@ -1,15 +1,15 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "4.1.15"; + version = "4.1.17"; extraMeta.branch = "4.1"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "18sr0dl5ax6pcx6nqp9drb4l6a38g07vxihiqpbwb231jv68h8j7"; + sha256 = "084ij19vgm27ljrjabqqmlqn27p168nsm9grhr6rajid4n79h6ab"; }; - kernelPatches = args.kernelPatches ++ [ { name = "cve-2016-0728"; patch = ./cve-2016-0728.patch; } ]; + kernelPatches = args.kernelPatches; features.iwlwifi = true; features.efiBootStub = true; diff --git a/pkgs/os-specific/linux/kernel/linux-4.4.nix b/pkgs/os-specific/linux/kernel/linux-4.4.nix index cf17e915f8bf5..18bc11926214b 100644 --- a/pkgs/os-specific/linux/kernel/linux-4.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-4.4.nix @@ -1,16 +1,15 @@ { stdenv, fetchurl, perl, buildLinux, ... } @ args: import ./generic.nix (args // rec { - version = "4.4"; - modDirVersion = "4.4.0"; + version = "4.4.1"; extraMeta.branch = "4.4"; src = fetchurl { url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; - sha256 = "401d7c8fef594999a460d10c72c5a94e9c2e1022f16795ec51746b0d165418b2"; + sha256 = "0mwaqvl7dkasidciah1al57a1djnsk46ha5mjy4psq2inj71klky"; }; - kernelPatches = args.kernelPatches ++ [ { name = "cve-2016-0728"; patch = ./cve-2016-0728.patch; } ]; + kernelPatches = args.kernelPatches; features.iwlwifi = true; features.efiBootStub = true; |