diff options
| -rw-r--r-- | gnu-system.am | 1 | ||||
| -rw-r--r-- | gnu/packages/linux.scm | 6 | ||||
| -rw-r--r-- | gnu/packages/patches/linux-libre-CVE-2016-0728.patch | 84 |
3 files changed, 2 insertions, 89 deletions
diff --git a/gnu-system.am b/gnu-system.am index f91e66f0d5..bac13ce748 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -589,7 +589,6 @@ dist_patch_DATA = \ gnu/packages/patches/libwmf-CVE-2015-4695.patch \ gnu/packages/patches/libwmf-CVE-2015-4696.patch \ gnu/packages/patches/libxslt-CVE-2015-7995.patch \ - gnu/packages/patches/linux-libre-CVE-2016-0728.patch \ gnu/packages/patches/lirc-localstatedir.patch \ gnu/packages/patches/libpthread-glibc-preparation.patch \ gnu/packages/patches/lm-sensors-hwmon-attrs.patch \ diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 6500aa51f5..136daf0952 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -212,7 +212,7 @@ for SYSTEM, or #f if there is no configuration for SYSTEM." #f))) (define-public linux-libre - (let* ((version "4.4") + (let* ((version "4.4.1") (build-phase '(lambda* (#:key system inputs #:allow-other-keys #:rest args) ;; Apply the neat patch. @@ -286,9 +286,7 @@ for SYSTEM, or #f if there is no configuration for SYSTEM." (uri (linux-libre-urls version)) (sha256 (base32 - "1839xsaifs7vvyblzin8jps0gqi10xmz1l9p4x0j27vmdj39jgpm")) - (patches - (list (search-patch "linux-libre-CVE-2016-0728.patch"))))) + "1d6wzhbpz0g79iwlkv10qmig518risz9bi3qw8wdn7j2xs7ij1j2")))) (build-system gnu-build-system) (supported-systems '("x86_64-linux" "i686-linux")) (native-inputs `(("perl" ,perl) diff --git a/gnu/packages/patches/linux-libre-CVE-2016-0728.patch b/gnu/packages/patches/linux-libre-CVE-2016-0728.patch deleted file mode 100644 index 254d6c1aea..0000000000 --- a/gnu/packages/patches/linux-libre-CVE-2016-0728.patch +++ /dev/null @@ -1,84 +0,0 @@ -Copied from -https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/patch/?id=23567fd052a9abb6d67fe8e7a9ccdd9800a540f2 - -From 23567fd052a9abb6d67fe8e7a9ccdd9800a540f2 Mon Sep 17 00:00:00 2001 -From: Yevgeny Pats <yevgeny@perception-point.io> -Date: Tue, 19 Jan 2016 22:09:04 +0000 -Subject: KEYS: Fix keyring ref leak in join_session_keyring() - -This fixes CVE-2016-0728. - -If a thread is asked to join as a session keyring the keyring that's already -set as its session, we leak a keyring reference. - -This can be tested with the following program: - - #include <stddef.h> - #include <stdio.h> - #include <sys/types.h> - #include <keyutils.h> - - int main(int argc, const char *argv[]) - { - int i = 0; - key_serial_t serial; - - serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, - "leaked-keyring"); - if (serial < 0) { - perror("keyctl"); - return -1; - } - - if (keyctl(KEYCTL_SETPERM, serial, - KEY_POS_ALL | KEY_USR_ALL) < 0) { - perror("keyctl"); - return -1; - } - - for (i = 0; i < 100; i++) { - serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, - "leaked-keyring"); - if (serial < 0) { - perror("keyctl"); - return -1; - } - } - - return 0; - } - -If, after the program has run, there something like the following line in -/proc/keys: - -3f3d898f I--Q--- 100 perm 3f3f0000 0 0 keyring leaked-keyring: empty - -with a usage count of 100 * the number of times the program has been run, -then the kernel is malfunctioning. If leaked-keyring has zero usages or -has been garbage collected, then the problem is fixed. - -Reported-by: Yevgeny Pats <yevgeny@perception-point.io> -Signed-off-by: David Howells <dhowells@redhat.com> -Acked-by: Don Zickus <dzickus@redhat.com> -Acked-by: Prarit Bhargava <prarit@redhat.com> -Acked-by: Jarod Wilson <jarod@redhat.com> -Signed-off-by: James Morris <james.l.morris@oracle.com> ---- - security/keys/process_keys.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c -index a3f85d2..e6d50172 100644 ---- a/security/keys/process_keys.c -+++ b/security/keys/process_keys.c -@@ -794,6 +794,7 @@ long join_session_keyring(const char *name) - ret = PTR_ERR(keyring); - goto error2; - } else if (keyring == new->session_keyring) { -+ key_put(keyring); - ret = 0; - goto error2; - } --- -cgit v0.12 - |