linux_*, except testing, 4.14: apply patch for CVE-2023-32233

This applies the patch for CVE-2023-32233 from kernel 4.19 until 6.3, testing (6.4-rc1 at the moment) is excluded because it already have the fix and 4.14 doesn't have this fix queued for the next stable kernel.
2023-05-09 22:27:23 +02:00 · 2023-05-09 22:27:23 +02:00 · 99e65bb00d
parent c66d3f2aff
commit 99e65bb00d
2 changed files with 19 additions and 0 deletions
--- a/pkgs/os-specific/linux/kernel/patches.nix
+++ b/pkgs/os-specific/linux/kernel/patches.nix
@ -62,4 +62,13 @@
    name = "fix-em-ice-bonding";
    patch = ./fix-em-ice-bonding.patch;
  };
+
+  CVE-2023-32233 = rec {
+    name = "CVE-2023-32233";
+    patch = fetchpatch {
+      name = name + ".patch";
+      url = "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c1592a89942e9678f7d9c8030efa777c0d57edab";
+      hash = "sha256-DYPWgraXPNeFkjtuDYkFXHnCJ4yDewrukM2CCAqC2BE=";
+    };
+  };
 }
--- a/pkgs/top-level/linux-kernels.nix
+++ b/pkgs/top-level/linux-kernels.nix
@ -115,6 +115,7 @@ in {
        [ kernelPatches.bridge_stp_helper
          kernelPatches.request_key_helper
          kernelPatches.modinst_arg_list_too_long
+          kernelPatches.CVE-2023-32233
        ];
    };

@ -123,6 +124,7 @@ in {
        kernelPatches.bridge_stp_helper
        kernelPatches.request_key_helper
        kernelPatches.rtl8761b_support
+        kernelPatches.CVE-2023-32233
      ];
    };

@ -130,6 +132,7 @@ in {
      kernelPatches = [
        kernelPatches.bridge_stp_helper
        kernelPatches.request_key_helper
+        kernelPatches.CVE-2023-32233
      ];
    };

@ -137,6 +140,7 @@ in {
      kernelPatches = [
        kernelPatches.bridge_stp_helper
        kernelPatches.request_key_helper
+        kernelPatches.CVE-2023-32233
      ];
    };

@ -145,6 +149,7 @@ in {
        kernelPatches.bridge_stp_helper
        kernelPatches.request_key_helper
        kernelPatches.export-rt-sched-migrate
+        kernelPatches.CVE-2023-32233
      ];
    };

@ -153,6 +158,7 @@ in {
        kernelPatches.bridge_stp_helper
        kernelPatches.request_key_helper
        kernelPatches.fix-em-ice-bonding
+        kernelPatches.CVE-2023-32233
      ];
    };

@ -169,6 +175,7 @@ in {
        kernelPatches.bridge_stp_helper
        kernelPatches.request_key_helper
        kernelPatches.fix-em-ice-bonding
+        kernelPatches.CVE-2023-32233
      ];
    };

@ -178,6 +185,7 @@ in {
        kernelPatches.request_key_helper
        kernelPatches.fix-em-ice-bonding
        kernelPatches.export-rt-sched-migrate
+        kernelPatches.CVE-2023-32233
      ];
    };

@ -186,6 +194,7 @@ in {
        kernelPatches.bridge_stp_helper
        kernelPatches.request_key_helper
        kernelPatches.fix-em-ice-bonding
+        kernelPatches.CVE-2023-32233
      ];
    };

@ -194,6 +203,7 @@ in {
        kernelPatches.bridge_stp_helper
        kernelPatches.request_key_helper
        kernelPatches.fix-em-ice-bonding
+        kernelPatches.CVE-2023-32233
      ];
    };