02/02: gnu: linux-libre: Add fixes for CVE-2016-8655 et al.

[Mark H. Weaver]

mhw pushed a commit to branch master
in repository guix.

commit 6b2921c3acf2cc808128af97784929365f8582af
Author: Mark H Weaver <address@hidden>
Date:   Fri Dec 9 18:19:22 2016 -0500

    gnu: linux-libre: Add fixes for CVE-2016-8655 et al.
    
    * gnu/packages/linux.scm (linux-libre, linux-libre-arm-generic):
    Add patches for CVE-2016-8655 and the vulnerability described in
    <http://seclists.org/oss-sec/2016/q4/644>.
---
 gnu/packages/linux.scm |   40 ++++++++++++++++++++++++++++++++++++++--
 1 file changed, 38 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index a7a7f2d..f3c84c6 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -330,7 +330,25 @@ It has been modified to remove all non-free binary blobs.")
   (make-linux-libre "4.8.13"
                     "1n1bhasqih8acag2glwaqsh76avpinvchvwg6g4q1pfm2vs1499x"
                     %intel-compatible-systems
-                    #:configuration-file kernel-config))
+                    #:configuration-file kernel-config
+                    #:patches
+                    (list %boot-logo-patch
+                          (origin
+                            (method url-fetch)
+                            (uri "\
+https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=9bd018da073c1360c260d2e11e0da9b24911c4a8";)
+                            (file-name "linux-libre-4.8-CVE-2016-8655.patch")
+                            (sha256
+                             (base32
+                              
"1pq80vnwv01l0rj2g0r7i4rjnx3ll8iq4rpl6w3fmc77agdb3bpq")))
+                          (origin
+                            (method url-fetch)
+                            (uri "\
+https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=af8a38c78233a3356c626c1fabfc93c66094e6e8";)
+                            (file-name "linux-libre-4.8-iovec-fix.patch")
+                            (sha256
+                             (base32
+                              
"082a5dpkgsc0mjlzqc03d815xx8gdqk0s4glvi4y1b9vl8c4vmwy"))))))
 
 (define-public linux-libre-4.4
   (make-linux-libre "4.4.37"
@@ -371,7 +389,25 @@ 
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable-rc.git/patch/?i
                     %linux-libre-hash
                     '("armhf-linux")
                     #:defconfig "multi_v7_defconfig"
-                    #:extra-version "arm-generic"))
+                    #:extra-version "arm-generic"
+                    #:patches
+                    (list %boot-logo-patch
+                          (origin
+                            (method url-fetch)
+                            (uri "\
+https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=9bd018da073c1360c260d2e11e0da9b24911c4a8";)
+                            (file-name "linux-libre-4.8-CVE-2016-8655.patch")
+                            (sha256
+                             (base32
+                              
"1pq80vnwv01l0rj2g0r7i4rjnx3ll8iq4rpl6w3fmc77agdb3bpq")))
+                          (origin
+                            (method url-fetch)
+                            (uri "\
+https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=af8a38c78233a3356c626c1fabfc93c66094e6e8";)
+                            (file-name "linux-libre-4.8-iovec-fix.patch")
+                            (sha256
+                             (base32
+                              
"082a5dpkgsc0mjlzqc03d815xx8gdqk0s4glvi4y1b9vl8c4vmwy"))))))
 
 
 ;;;