From 56b115af69a2cdcc9db26ca249dfce575ef1bb9f Mon Sep 17 00:00:00 2001 From: Jan-Simon Möller Date: Wed, 28 Jun 2017 01:46:34 +0200 Subject: Fix CVE-2017-1000364 by backporting the patches for rpi3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Backport of patches from upstream for 4.4 - https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=v4.4.74&id=4b359430674caa2c98d0049a6941f157d2a33741 - https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=v4.4.74&id=f41512c6acb71c63cf4e3bd50934365ae2a23891 - https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=v4.4.74&id=1f2284fac2180d7a9442c796d9755e3ce7ab0bd9 Backport of patches from upstream for 4.9 - https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-4.9.y&id=cfc0eb403816c5c4f9667d959de5e22789b5421e - https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-4.9.y&id=5d10ad6297260e9b85e7645ee544a6115bb229e4 - https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-4.9.y&id=ce7fe8595902c3f03ef528c2dc1928b3f4b67fcf Bug-AGL: SPEC-705 Change-Id: If330fb7de09ab00f84d35a1e4c5343f958fcbf56 Signed-off-by: Jan-Simon Möller Reviewed-on: https://gerrit.automotivelinux.org/gerrit/9857 Tested-by: Jenkins Job builder account Reviewed-by: Leon Anavi --- .../recipes-kernel/linux/linux-raspberrypi_%.bbappend | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_%.bbappend') diff --git a/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_%.bbappend b/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_%.bbappend index 841798265..6557ce03c 100644 --- a/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_%.bbappend +++ b/meta-agl-bsp/meta-raspberrypi/recipes-kernel/linux/linux-raspberrypi_%.bbappend @@ -4,6 +4,14 @@ SRC_URI_append = "\ ${@base_conditional('USE_FAYTECH_MONITOR', '1', 'file://0002-faytech-fix-rpi.patch', '', d)} \ " +# Fix CVE-2017-1000364 +SRC_URI_append = "\ + file://0001-mm-larger-stack-guard-gap-between-vmas.patch \ + file://0002-Allow-stack-to-grow-up-to-address-space-limit.patch \ + file://0003-mm-fix-new-crash-in-unmapped_area_topdown.patch \ +" + + do_configure_append_smack() { # SMACK and Co kernel_configure_variable IP_NF_SECURITY m -- cgit 1.2.3-korg