diff options
author | alegru | 2023-01-15 21:57:14 +0100 |
---|---|---|
committer | alegru | 2023-01-15 21:58:27 +0100 |
commit | 4ce4fdbbeada7f76d5de00b53b315dc32d82f699 (patch) | |
tree | dbc681856d1d43cfd5d7f6a066459e8c289e0bee | |
parent | f6d563a5406f22ef5356a543cdb11e0dca490480 (diff) | |
download | aur-4ce4fdbbeada7f76d5de00b53b315dc32d82f699.tar.gz |
Update to 5.15.88-1
-rw-r--r-- | .SRCINFO | 12 | ||||
-rw-r--r-- | 0006-Fix-NFSv4-mount-regression.patch | 238 | ||||
-rw-r--r-- | 0006-netfilter-nft_payload-incorrect-arithmetics-when-fetching-vlan-header-bits.patch | 37 | ||||
-rw-r--r-- | PKGBUILD | 8 | ||||
-rw-r--r-- | config | 2 |
5 files changed, 50 insertions, 247 deletions
@@ -1,6 +1,6 @@ pkgbase = linux-vfio-lts pkgdesc = LTS Linux VFIO - pkgver = 5.15.87 + pkgver = 5.15.88 pkgrel = 1 url = https://www.kernel.org/ arch = x86_64 @@ -19,26 +19,28 @@ pkgbase = linux-vfio-lts makedepends = imagemagick makedepends = texlive-latexextra options = !strip - source = https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.15.87.tar.xz - source = https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.15.87.tar.sign + source = https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.15.88.tar.xz + source = https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.15.88.tar.sign source = config source = 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch source = 0002-PCI-Add-more-NVIDIA-controllers-to-the-MSI-masking-q.patch source = 0003-iommu-intel-do-deep-dma-unmapping-to-avoid-kernel-fl.patch source = 0004-Bluetooth-btintel-Fix-bdaddress-comparison-with-garb.patch source = 0005-lg-laptop-Recognize-more-models.patch + source = 0006-netfilter-nft_payload-incorrect-arithmetics-when-fetching-vlan-header-bits.patch source = add-acs-overrides.patch source = i915-vga-arbiter.patch validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886 validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E - sha256sums = e7359bd2935b54fe8bb821cf748591c36a95bed019e752d3e4d5803d9da1ccb4 + sha256sums = 417539fdd96a3af97ef9ad2b51ca13967cb922f53970563b60290b935a81a181 sha256sums = SKIP - sha256sums = 2959597f1c71e44de06ac26c5a2029adbd4e5c6f8c2998e176591566eb0aecb0 + sha256sums = 63e560fe9eff69f07336334a38f22eef8a798ccf6c7a4a90285ea94c70d5fbb4 sha256sums = 7bd64ff894475b3415d792ba8466ba7e8f872af56dbf1aeed0d261fe4008b8b5 sha256sums = 39649dc1dfcb06b411ad124e123769e955a78961b4ea17538c0919a930925549 sha256sums = 56c12551e859cc67520909e64feecbf1b190cee8addef150c5b9d1bb1d40981e sha256sums = 5c1ee81fdd5818442af6081de987f9c1a9ce3c8d183566b3dfc19a8433aa3dde sha256sums = 067e8995fcd6f6ed25e0253e9374c0e179a000c154da3e59ce62634945ac5be9 + sha256sums = e1ba639a62ef788cb5653cbf5601b1534379211c50176e48f0b04ae555941c8d sha256sums = b90be7b79652be61f7d50691000f6a8c75a240dc2eee2667b68d984f67583f77 sha256sums = 856230cfbdc2bb53a4920dfbcb6fb2d58427b7b184e5f94e21f08011d0a2fcc6 diff --git a/0006-Fix-NFSv4-mount-regression.patch b/0006-Fix-NFSv4-mount-regression.patch deleted file mode 100644 index 470822db1b0f..000000000000 --- a/0006-Fix-NFSv4-mount-regression.patch +++ /dev/null @@ -1,238 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: "Jan Alexander Steffens (heftig)" <heftig@archlinux.org> -Date: Sat, 6 Aug 2022 22:54:33 +0200 -Subject: [PATCH] Fix NFSv4 mount regression - -This reverts commit 6f2836341d8a (NFSv4.1 query for fs_location attr on -a new file system, 2022-01-12). - -For: https://bugs.archlinux.org/task/73838 -For: https://bugs.archlinux.org/task/73860 ---- - fs/nfs/client.c | 7 ---- - fs/nfs/nfs4_fs.h | 9 +++-- - fs/nfs/nfs4proc.c | 76 ++++++----------------------------------- - fs/nfs/nfs4state.c | 3 +- - include/linux/nfs_xdr.h | 1 - - 5 files changed, 15 insertions(+), 81 deletions(-) - -diff --git a/fs/nfs/client.c b/fs/nfs/client.c -index 090b16890e3d..551833862171 100644 ---- a/fs/nfs/client.c -+++ b/fs/nfs/client.c -@@ -860,13 +860,6 @@ int nfs_probe_fsinfo(struct nfs_server *server, struct nfs_fh *mntfh, struct nfs - server->namelen = pathinfo.max_namelen; - } - -- if (clp->rpc_ops->discover_trunking != NULL && -- (server->caps & NFS_CAP_FS_LOCATIONS)) { -- error = clp->rpc_ops->discover_trunking(server, mntfh); -- if (error < 0) -- return error; -- } -- - return 0; - } - EXPORT_SYMBOL_GPL(nfs_probe_fsinfo); -diff --git a/fs/nfs/nfs4_fs.h b/fs/nfs/nfs4_fs.h -index f8672a34fd63..36471dd0e82b 100644 ---- a/fs/nfs/nfs4_fs.h -+++ b/fs/nfs/nfs4_fs.h -@@ -261,8 +261,8 @@ struct nfs4_state_maintenance_ops { - }; - - struct nfs4_mig_recovery_ops { -- int (*get_locations)(struct nfs_server *, struct nfs_fh *, -- struct nfs4_fs_locations *, struct page *, const struct cred *); -+ int (*get_locations)(struct inode *, struct nfs4_fs_locations *, -+ struct page *, const struct cred *); - int (*fsid_present)(struct inode *, const struct cred *); - }; - -@@ -304,9 +304,8 @@ extern int nfs4_do_close(struct nfs4_state *state, gfp_t gfp_mask, int wait); - extern int nfs4_server_capabilities(struct nfs_server *server, struct nfs_fh *fhandle); - extern int nfs4_proc_fs_locations(struct rpc_clnt *, struct inode *, const struct qstr *, - struct nfs4_fs_locations *, struct page *); --extern int nfs4_proc_get_locations(struct nfs_server *, struct nfs_fh *, -- struct nfs4_fs_locations *, -- struct page *page, const struct cred *); -+extern int nfs4_proc_get_locations(struct inode *, struct nfs4_fs_locations *, -+ struct page *page, const struct cred *); - extern int nfs4_proc_fsid_present(struct inode *, const struct cred *); - extern struct rpc_clnt *nfs4_proc_lookup_mountpoint(struct inode *, - struct dentry *, -diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c -index cbb39aff8182..3d4dee10cb11 100644 ---- a/fs/nfs/nfs4proc.c -+++ b/fs/nfs/nfs4proc.c -@@ -3963,60 +3963,6 @@ int nfs4_server_capabilities(struct nfs_server *server, struct nfs_fh *fhandle) - return err; - } - --static int _nfs4_discover_trunking(struct nfs_server *server, -- struct nfs_fh *fhandle) --{ -- struct nfs4_fs_locations *locations = NULL; -- struct page *page; -- const struct cred *cred; -- struct nfs_client *clp = server->nfs_client; -- const struct nfs4_state_maintenance_ops *ops = -- clp->cl_mvops->state_renewal_ops; -- int status = -ENOMEM; -- -- cred = ops->get_state_renewal_cred(clp); -- if (cred == NULL) { -- cred = nfs4_get_clid_cred(clp); -- if (cred == NULL) -- return -ENOKEY; -- } -- -- page = alloc_page(GFP_KERNEL); -- locations = kmalloc(sizeof(struct nfs4_fs_locations), GFP_KERNEL); -- if (page == NULL || locations == NULL) -- goto out; -- -- status = nfs4_proc_get_locations(server, fhandle, locations, page, -- cred); -- if (status) -- goto out; --out: -- if (page) -- __free_page(page); -- kfree(locations); -- return status; --} -- --static int nfs4_discover_trunking(struct nfs_server *server, -- struct nfs_fh *fhandle) --{ -- struct nfs4_exception exception = { -- .interruptible = true, -- }; -- struct nfs_client *clp = server->nfs_client; -- int err = 0; -- -- if (!nfs4_has_session(clp)) -- goto out; -- do { -- err = nfs4_handle_exception(server, -- _nfs4_discover_trunking(server, fhandle), -- &exception); -- } while (exception.retry); --out: -- return err; --} -- - static int _nfs4_lookup_root(struct nfs_server *server, struct nfs_fh *fhandle, - struct nfs_fsinfo *info) - { -@@ -7952,18 +7898,18 @@ int nfs4_proc_fs_locations(struct rpc_clnt *client, struct inode *dir, - * appended to this compound to identify the client ID which is - * performing recovery. - */ --static int _nfs40_proc_get_locations(struct nfs_server *server, -- struct nfs_fh *fhandle, -+static int _nfs40_proc_get_locations(struct inode *inode, - struct nfs4_fs_locations *locations, - struct page *page, const struct cred *cred) - { -+ struct nfs_server *server = NFS_SERVER(inode); - struct rpc_clnt *clnt = server->client; - u32 bitmask[2] = { - [0] = FATTR4_WORD0_FSID | FATTR4_WORD0_FS_LOCATIONS, - }; - struct nfs4_fs_locations_arg args = { - .clientid = server->nfs_client->cl_clientid, -- .fh = fhandle, -+ .fh = NFS_FH(inode), - .page = page, - .bitmask = bitmask, - .migration = 1, /* skip LOOKUP */ -@@ -8009,17 +7955,17 @@ static int _nfs40_proc_get_locations(struct nfs_server *server, - * When the client supports GETATTR(fs_locations_info), it can - * be plumbed in here. - */ --static int _nfs41_proc_get_locations(struct nfs_server *server, -- struct nfs_fh *fhandle, -+static int _nfs41_proc_get_locations(struct inode *inode, - struct nfs4_fs_locations *locations, - struct page *page, const struct cred *cred) - { -+ struct nfs_server *server = NFS_SERVER(inode); - struct rpc_clnt *clnt = server->client; - u32 bitmask[2] = { - [0] = FATTR4_WORD0_FSID | FATTR4_WORD0_FS_LOCATIONS, - }; - struct nfs4_fs_locations_arg args = { -- .fh = fhandle, -+ .fh = NFS_FH(inode), - .page = page, - .bitmask = bitmask, - .migration = 1, /* skip LOOKUP */ -@@ -8068,28 +8014,27 @@ static int _nfs41_proc_get_locations(struct nfs_server *server, - * -NFS4ERR_LEASE_MOVED is returned if the server still has leases - * from this client that require migration recovery. - */ --int nfs4_proc_get_locations(struct nfs_server *server, -- struct nfs_fh *fhandle, -+int nfs4_proc_get_locations(struct inode *inode, - struct nfs4_fs_locations *locations, - struct page *page, const struct cred *cred) - { -+ struct nfs_server *server = NFS_SERVER(inode); - struct nfs_client *clp = server->nfs_client; - const struct nfs4_mig_recovery_ops *ops = - clp->cl_mvops->mig_recovery_ops; - struct nfs4_exception exception = { - .interruptible = true, - }; - int status; - - dprintk("%s: FSID %llx:%llx on \"%s\"\n", __func__, - (unsigned long long)server->fsid.major, - (unsigned long long)server->fsid.minor, - clp->cl_hostname); -- nfs_display_fhandle(fhandle, __func__); -+ nfs_display_fhandle(NFS_FH(inode), __func__); - - do { -- status = ops->get_locations(server, fhandle, locations, page, -- cred); -+ status = ops->get_locations(inode, locations, page, cred); - if (status != -NFS4ERR_DELAY) - break; - nfs4_handle_exception(server, status, &exception); -@@ -10586,7 +10531,6 @@ const struct nfs_rpc_ops nfs_v4_clientops = { - .free_client = nfs4_free_client, - .create_server = nfs4_create_server, - .clone_server = nfs_clone_server, -- .discover_trunking = nfs4_discover_trunking, - }; - - static const struct xattr_handler nfs4_xattr_nfs4_acl_handler = { -diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c -index 83c88b54d712..42707e12d35c 100644 ---- a/fs/nfs/nfs4state.c -+++ b/fs/nfs/nfs4state.c -@@ -2098,8 +2098,7 @@ static int nfs4_try_migration(struct nfs_server *server, const struct cred *cred - } - - inode = d_inode(server->super->s_root); -- result = nfs4_proc_get_locations(server, NFS_FH(inode), locations, -- page, cred); -+ result = nfs4_proc_get_locations(inode, locations, page, cred); - if (result) { - dprintk("<-- %s: failed to retrieve fs_locations: %d\n", - __func__, result); -diff --git a/include/linux/nfs_xdr.h b/include/linux/nfs_xdr.h -index ecd74cc34797..e9698b6278a5 100644 ---- a/include/linux/nfs_xdr.h -+++ b/include/linux/nfs_xdr.h -@@ -1805,7 +1805,6 @@ struct nfs_rpc_ops { - struct nfs_server *(*create_server)(struct fs_context *); - struct nfs_server *(*clone_server)(struct nfs_server *, struct nfs_fh *, - struct nfs_fattr *, rpc_authflavor_t); -- int (*discover_trunking)(struct nfs_server *, struct nfs_fh *); - }; - - /* diff --git a/0006-netfilter-nft_payload-incorrect-arithmetics-when-fetching-vlan-header-bits.patch b/0006-netfilter-nft_payload-incorrect-arithmetics-when-fetching-vlan-header-bits.patch new file mode 100644 index 000000000000..ef401a9f86f0 --- /dev/null +++ b/0006-netfilter-nft_payload-incorrect-arithmetics-when-fetching-vlan-header-bits.patch @@ -0,0 +1,37 @@ +From 696e1a48b1a1b01edad542a1ef293665864a4dd0 Mon Sep 17 00:00:00 2001 +From: Pablo Neira Ayuso <pablo@netfilter.org> +Date: Wed, 11 Jan 2023 17:07:33 +0100 +Subject: netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits + +From: Pablo Neira Ayuso <pablo@netfilter.org> + +commit 696e1a48b1a1b01edad542a1ef293665864a4dd0 upstream. + +If the offset + length goes over the ethernet + vlan header, then the +length is adjusted to copy the bytes that are within the boundaries of +the vlan_ethhdr scratchpad area. The remaining bytes beyond ethernet + +vlan header are copied directly from the skbuff data area. + +Fix incorrect arithmetic operator: subtract, not add, the size of the +vlan header in case of double-tagged packets to adjust the length +accordingly to address CVE-2023-0179. + +Reported-by: Davide Ornaghi <d.ornaghi97@gmail.com> +Fixes: f6ae9f120dad ("netfilter: nft_payload: add C-VLAN support") +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + net/netfilter/nft_payload.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/netfilter/nft_payload.c ++++ b/net/netfilter/nft_payload.c +@@ -63,7 +63,7 @@ nft_payload_copy_vlan(u32 *d, const stru + return false; + + if (offset + len > VLAN_ETH_HLEN + vlan_hlen) +- ethlen -= offset + len - VLAN_ETH_HLEN + vlan_hlen; ++ ethlen -= offset + len - VLAN_ETH_HLEN - vlan_hlen; + + memcpy(dst_u8, vlanh + offset - vlan_hlen, ethlen); + @@ -1,7 +1,7 @@ # Maintainer: Andreas Radke <andyrtr@archlinux.org> pkgbase=linux-vfio-lts -pkgver=5.15.87 +pkgver=5.15.88 pkgrel=1 pkgdesc='LTS Linux VFIO' url="https://www.kernel.org/" @@ -21,6 +21,7 @@ source=( 0003-iommu-intel-do-deep-dma-unmapping-to-avoid-kernel-fl.patch 0004-Bluetooth-btintel-Fix-bdaddress-comparison-with-garb.patch 0005-lg-laptop-Recognize-more-models.patch + 0006-netfilter-nft_payload-incorrect-arithmetics-when-fetching-vlan-header-bits.patch add-acs-overrides.patch i915-vga-arbiter.patch ) @@ -29,14 +30,15 @@ validpgpkeys=( '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman ) # https://www.kernel.org/pub/linux/kernel/v5.x/sha256sums.asc -sha256sums=('e7359bd2935b54fe8bb821cf748591c36a95bed019e752d3e4d5803d9da1ccb4' +sha256sums=('417539fdd96a3af97ef9ad2b51ca13967cb922f53970563b60290b935a81a181' 'SKIP' - '2959597f1c71e44de06ac26c5a2029adbd4e5c6f8c2998e176591566eb0aecb0' + '63e560fe9eff69f07336334a38f22eef8a798ccf6c7a4a90285ea94c70d5fbb4' '7bd64ff894475b3415d792ba8466ba7e8f872af56dbf1aeed0d261fe4008b8b5' '39649dc1dfcb06b411ad124e123769e955a78961b4ea17538c0919a930925549' '56c12551e859cc67520909e64feecbf1b190cee8addef150c5b9d1bb1d40981e' '5c1ee81fdd5818442af6081de987f9c1a9ce3c8d183566b3dfc19a8433aa3dde' '067e8995fcd6f6ed25e0253e9374c0e179a000c154da3e59ce62634945ac5be9' + 'e1ba639a62ef788cb5653cbf5601b1534379211c50176e48f0b04ae555941c8d' 'b90be7b79652be61f7d50691000f6a8c75a240dc2eee2667b68d984f67583f77' '856230cfbdc2bb53a4920dfbcb6fb2d58427b7b184e5f94e21f08011d0a2fcc6') @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 5.15.87 Kernel Configuration +# Linux/x86 5.15.88 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 12.2.0" CONFIG_CC_IS_GCC=y |