pyrox.dev / nixpkgs
lol
fork atom

linux_4_8: add patch to fix CVE-2016-9919

Franz Pletz c6bcc485 c311871a

options
unified split
Changed files
+11
pkgs
os-specific
linux
kernel
patches.nix
top-level
all-packages.nix
+10
pkgs/os-specific/linux/kernel/patches.nix 
···

       
165

       
 

       
        sha256 = "19viqjjgq8j8jiz5yhgmzwhqvhwv175q645qdazd1k69d25nv2ki";


     

       
166

       
 

       
      };


     

       
167

       
 

       
    };


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
168

       
 

       
}


     
···

       
165

       
 

       
        sha256 = "19viqjjgq8j8jiz5yhgmzwhqvhwv175q645qdazd1k69d25nv2ki";


     

       
166

       
 

       
      };


     

       
167

       
 

       
    };


     

       
168

       
+

       



     

       
169

       
+

       
  panic_on_icmp6_frag_CVE_2016_9919 = rec


     

       
170

       
+

       
    { name = "panic_on_icmp6_frag_CVE_2016_9919.patch";


     

       
171

       
+

       
      patch = fetchpatch {


     

       
172

       
+

       
        inherit name;


     

       
173

       
+

       
        url = "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=79dc7e3f1cd323be4c81aa1a94faa1b3ed987fb2";


     

       
174

       
+

       
        sha256 = "0mps33r4mnwiy0bmgrzgqkrk59yya17v6kzpv9024g4xlz61rk8p";


     

       
175

       
+

       
      };


     

       
176

       
+

       
    };


     

       
177

       
+

       



     

       
178

       
 

       
}
+1
pkgs/top-level/all-packages.nix 
···

       
11079

       
 

       
        # !!! 4.7 patch doesn't apply, 4.8 patch not up yet, will keep checking


     

       
11080

       
 

       
        # kernelPatches.cpu-cgroup-v2."4.7"


     

       
11081

       
 

       
        kernelPatches.modinst_arg_list_too_long


     

       

       

       
     

       
11082

       
 

       
      ]


     

       
11083

       
 

       
      ++ lib.optionals ((platform.kernelArch or null) == "mips")


     

       
11084

       
 

       
      [ kernelPatches.mips_fpureg_emu


     
···

       
11079

       
 

       
        # !!! 4.7 patch doesn't apply, 4.8 patch not up yet, will keep checking


     

       
11080

       
 

       
        # kernelPatches.cpu-cgroup-v2."4.7"


     

       
11081

       
 

       
        kernelPatches.modinst_arg_list_too_long


     

       
11082

       
+

       
        kernelPatches.panic_on_icmp6_frag_CVE_2016_9919


     

       
11083

       
 

       
      ]


     

       
11084

       
 

       
      ++ lib.optionals ((platform.kernelArch or null) == "mips")


     

       
11085

       
 

       
      [ kernelPatches.mips_fpureg_emu