diff options
author | Björn Bidar | 2018-01-05 19:36:15 +0100 |
---|---|---|
committer | Björn Bidar | 2018-01-05 19:36:15 +0100 |
commit | 6624b87e6ab80e8ca53c11cb7a9199fa0acb14f4 (patch) | |
tree | 97b989929ce13e3a7634a0b205aa5dcd9ea6817d | |
parent | 4393e73a6675205df8b909529300cdb1dcbe25ae (diff) | |
download | aur-6624b87e6ab80e8ca53c11cb7a9199fa0acb14f4.tar.gz |
linux-pf: upkg
-rw-r--r-- | .SRCINFO | 41 | ||||
-rw-r--r-- | 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch | 15 | ||||
-rw-r--r-- | 0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch (renamed from 0001-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch) | 12 | ||||
-rw-r--r-- | 0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch (renamed from 0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch) | 12 | ||||
-rw-r--r-- | 0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch (renamed from 0003-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch) | 10 | ||||
-rw-r--r-- | PKGBUILD | 29 |
6 files changed, 56 insertions, 63 deletions
@@ -1,8 +1,8 @@ # Generated by mksrcinfo v8 -# Tue Dec 26 20:41:49 UTC 2017 +# Fri Jan 5 18:35:51 UTC 2018 pkgbase = linux-pf - pkgdesc = Linux kernel and modules with the pf-kernel patch [-ck patchset (BFS included), TuxOnIce, BFQ], uksm and aufs3 - pkgver = 4.14.7 + pkgdesc = Linux kernel and modules with the pf-kernel patch (uksm, PDS). + pkgver = 4.14.8 pkgrel = 1 url = http://pf.natalenko.name/ arch = i686 @@ -20,29 +20,27 @@ pkgbase = linux-pf source = config.i686 source = config.x86_64 source = linux.preset - source = https://github.com/pfactum/pf-kernel/compare/v4.14...v4.14-pf7.diff + source = https://github.com/pfactum/pf-kernel/compare/v4.14...v4.14-pf8.diff source = 90-linux.hook source = 60-linux.hook - source = 0001-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch - source = 0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch - source = 0003-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch - source = 0001-ALSA-usb-audio-Fix-the-missing-ctl-name-suffix-at-pa.patch + source = 0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch + source = 0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch + source = 0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch sha256sums = f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7 sha256sums = 102d518779dc312af35faf7e07ff01df3c04521d40d8757fc4e8eba9c595c395 sha256sums = 943e1e6e1518edc8ab86023805f8f88f3672871a4039ccf8a9e97c33e95ae395 sha256sums = 82d660caa11db0cd34fd550a049d7296b4a9dcd28f2a50c81418066d6e598864 - sha256sums = 71855b1aa2e4aec2695f4ee12ad7a65fcb33b1fe17315cfcca6ce9162bc9e391 + sha256sums = e8765a6a553b914b21e59dfe4d2311aba1d518bfcc71d32802d3bc0fa4874369 sha256sums = 75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919 sha256sums = ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21 - sha256sums = ed3266ab03f836f57de0faf8a10ffd7566c909515c2649de99adaab2fac4aa32 - sha256sums = 64a014f7e1b4588728b3ea9538beee67ec63fb792d890c7be9cc13ddc2121b00 - sha256sums = 3d4c41086c077fbd515d04f5e59c0c258f700433c5da3365d960b696c2e56efb - sha256sums = 95f0d0a94983b0dafd295f660a663f9be5ef2fcb9646098426a5d12b59f50638 - sha256sums = 37b86ca3de148a34258e3176dbf41488d9dbd19e93adbd22a062b3c41332ce85 + sha256sums = 705d5fbfce00ccc20490bdfb5853d67d86ac00c845de6ecb13e414214b48daeb + sha256sums = 0a249248534a17f14fab7e14994811ae81fe324668a82ff41f3bcabeeae1460f + sha256sums = 8e1b303957ddd829c0c9ad7c012cd32f2354ff3c8c1b85da3d7f8a54524f3711 + sha256sums = 06bc1d8b1cd153c3146a4376d833f5769b980e5ef5eae99ddaaeb48bf514dae2 pkgname = linux-pf - pkgdesc = Linux kernel and modules with the pf-kernel patch [-ck patchset (BFS included), TuxOnIce, BFQ] and aufs3 + pkgdesc = Linux kernel and modules with the pf-kernel patch (uksm, PDS) groups = base depends = coreutils depends = linux-firmware @@ -51,29 +49,26 @@ pkgname = linux-pf optdepends = linux-docs: Kernel hackers manual - HTML documentation that comes with the Linux kernel. optdepends = crda: to set the correct wireless channels of your country optdepends = pm-utils: utilities and scripts for suspend and hibernate power management - optdepends = tuxonice-userui: TuxOnIce userspace user interface - optdepends = hibernate-script: set of scripts for managing TuxOnIce, hibernation and suspend to RAM + optdepends = x optdepends = nvidia-pf: NVIDIA drivers for linux-pf optdepends = nvidia-beta-all: NVIDIA drivers for all installed kernels optdepends = modprobed-db: Keeps track of EVERY kernel module that has ever been probed. Useful for make localmodconfig. - provides = linux-pf=4.14.7 - provides = aufs3 + provides = linux-pf=4.14.8 provides = linux-tomoyo conflicts = linux-pf conflicts = kernel26-pf replaces = kernel26-pf - replaces = aufs3 pkgname = linux-pf-headers pkgdesc = Header files and scripts for building modules for linux-pf kernel. depends = linux-pf - provides = linux-pf-headers=4.14.7 + provides = linux-pf-headers=4.14.8 conflicts = linux-pf-headers pkgname = linux-pf-preset-default pkgdesc = Linux-pf default preset install = linux.install - depends = linux-pf=4.14.7 - provides = linux-pf-preset=4.14.7 + depends = linux-pf=4.14.8 + provides = linux-pf-preset=4.14.8 backup = etc/mkinitcpio.d/linux-pf.preset diff --git a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch index 29582c2bf608..64341b9b7026 100644 --- a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch +++ b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch @@ -1,8 +1,9 @@ -From 5ec2dd3a095442ec1a21d86042a4994f2ba24e63 Mon Sep 17 00:00:00 2001 -Message-Id: <5ec2dd3a095442ec1a21d86042a4994f2ba24e63.1512651251.git.jan.steffens@gmail.com> +From fb89d912d5f7289d3a922c77b671e36e1c740f5e Mon Sep 17 00:00:00 2001 +Message-Id: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> From: Serge Hallyn <serge.hallyn@canonical.com> Date: Fri, 31 May 2013 19:12:12 +0100 -Subject: [PATCH] add sysctl to disallow unprivileged CLONE_NEWUSER by default +Subject: [PATCH 1/7] add sysctl to disallow unprivileged CLONE_NEWUSER by + default Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> [bwh: Remove unneeded binary sysctl bits] @@ -14,7 +15,7 @@ Signed-off-by: Daniel Micay <danielmicay@gmail.com> 3 files changed, 30 insertions(+) diff --git a/kernel/fork.c b/kernel/fork.c -index 07cc743698d3668e..4011d68a8ff9305c 100644 +index 500ce64517d93e68..35f5860958b40e9b 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -102,6 +102,11 @@ @@ -29,7 +30,7 @@ index 07cc743698d3668e..4011d68a8ff9305c 100644 /* * Minimum number of threads to boot the kernel -@@ -1555,6 +1560,10 @@ static __latent_entropy struct task_struct *copy_process( +@@ -1554,6 +1559,10 @@ static __latent_entropy struct task_struct *copy_process( if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) return ERR_PTR(-EINVAL); @@ -40,7 +41,7 @@ index 07cc743698d3668e..4011d68a8ff9305c 100644 /* * Thread groups must share signals as well, and detached threads * can only be started up within the thread group. -@@ -2348,6 +2357,12 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) +@@ -2347,6 +2356,12 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) if (unshare_flags & CLONE_NEWNS) unshare_flags |= CLONE_FS; @@ -54,7 +55,7 @@ index 07cc743698d3668e..4011d68a8ff9305c 100644 if (err) goto bad_unshare_out; diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index b86520ed3fb60fbf..f7dab3760839f1a1 100644 +index 56aca862c4f584f5..e8402ba393c1915d 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -105,6 +105,9 @@ extern int core_uses_pid; diff --git a/0001-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch b/0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch index b44eb2ab8898..4dca618a8c03 100644 --- a/0001-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch +++ b/0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch @@ -1,8 +1,10 @@ -From b0bfa7c33cead5dd87267cfd4c29fda47dc1adc4 Mon Sep 17 00:00:00 2001 -Message-Id: <b0bfa7c33cead5dd87267cfd4c29fda47dc1adc4.1514245012.git.jan.steffens@gmail.com> +From d03c0ef520f40c6de691c37e0f168c87b3423015 Mon Sep 17 00:00:00 2001 +Message-Id: <d03c0ef520f40c6de691c37e0f168c87b3423015.1514959852.git.jan.steffens@gmail.com> +In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> +References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> From: Steffen Klassert <steffen.klassert@secunet.com> Date: Wed, 15 Nov 2017 06:40:57 +0100 -Subject: [PATCH 1/3] Revert "xfrm: Fix stack-out-of-bounds read in +Subject: [PATCH 4/7] Revert "xfrm: Fix stack-out-of-bounds read in xfrm_state_find." This reverts commit c9f3f813d462c72dbe412cee6a5cbacf13c4ad5e. @@ -16,10 +18,10 @@ Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c -index 6eb228a70131069b..a2e531bf4f976308 100644 +index 2a6093840e7e856e..6bc16bb61b5533ef 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c -@@ -1361,29 +1361,36 @@ xfrm_tmpl_resolve_one(struct xfrm_policy *policy, const struct flowi *fl, +@@ -1362,29 +1362,36 @@ xfrm_tmpl_resolve_one(struct xfrm_policy *policy, const struct flowi *fl, struct net *net = xp_net(policy); int nx; int i, error; diff --git a/0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch b/0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch index ad4614492736..edd7b24a32d6 100644 --- a/0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch +++ b/0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch @@ -1,10 +1,10 @@ -From 1c3a5e72b70bcfaf342075a3fa5fcbdf99302a3f Mon Sep 17 00:00:00 2001 -Message-Id: <1c3a5e72b70bcfaf342075a3fa5fcbdf99302a3f.1514245012.git.jan.steffens@gmail.com> -In-Reply-To: <b0bfa7c33cead5dd87267cfd4c29fda47dc1adc4.1514245012.git.jan.steffens@gmail.com> -References: <b0bfa7c33cead5dd87267cfd4c29fda47dc1adc4.1514245012.git.jan.steffens@gmail.com> +From 3721d64246982f91a5bf863fc17ac60ff722e0c4 Mon Sep 17 00:00:00 2001 +Message-Id: <3721d64246982f91a5bf863fc17ac60ff722e0c4.1514959852.git.jan.steffens@gmail.com> +In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> +References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> From: Steffen Klassert <steffen.klassert@secunet.com> Date: Fri, 22 Dec 2017 10:44:57 +0100 -Subject: [PATCH 2/3] xfrm: Fix stack-out-of-bounds read on socket policy +Subject: [PATCH 5/7] xfrm: Fix stack-out-of-bounds read on socket policy lookup. When we do tunnel or beet mode, we pass saddr and daddr from the @@ -24,7 +24,7 @@ Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c -index a2e531bf4f976308..c79ed3bed5d4dc2f 100644 +index 6bc16bb61b5533ef..50c5f46b5cca942e 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -1169,9 +1169,15 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir, diff --git a/0003-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch b/0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch index 80a09f9a5469..0a54ce129b3b 100644 --- a/0003-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch +++ b/0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch @@ -1,10 +1,10 @@ -From a3c64fe9d978f3ee8f21fac5b410c63fe7cce725 Mon Sep 17 00:00:00 2001 -Message-Id: <a3c64fe9d978f3ee8f21fac5b410c63fe7cce725.1514245012.git.jan.steffens@gmail.com> -In-Reply-To: <b0bfa7c33cead5dd87267cfd4c29fda47dc1adc4.1514245012.git.jan.steffens@gmail.com> -References: <b0bfa7c33cead5dd87267cfd4c29fda47dc1adc4.1514245012.git.jan.steffens@gmail.com> +From a79cb4d4e540c72a601ca0494e914565c16e2893 Mon Sep 17 00:00:00 2001 +Message-Id: <a79cb4d4e540c72a601ca0494e914565c16e2893.1514959852.git.jan.steffens@gmail.com> +In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> +References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> From: Tejun Heo <tj@kernel.org> Date: Wed, 20 Dec 2017 07:09:19 -0800 -Subject: [PATCH 3/3] cgroup: fix css_task_iter crash on CSS_TASK_ITER_PROC +Subject: [PATCH 6/7] cgroup: fix css_task_iter crash on CSS_TASK_ITER_PROC While teaching css_task_iter to handle skipping over tasks which aren't group leaders, bc2fb7ed089f ("cgroup: add @flags to @@ -10,7 +10,7 @@ _minor=14 _basekernel=${_major}.${_minor} _srcname=linux-${_major}.${_minor} pkgbase=linux-pf -_pfrel=7 +_pfrel=8 _kernelname=-pf _pfpatchhome="https://github.com/pfactum/pf-kernel/compare" _pfpatchname="v$_major.$_minor...v$_major.$_minor-pf$_pfrel.diff" @@ -83,10 +83,9 @@ source=("https://www.kernel.org/pub/linux/kernel/v${_major}.x/linux-${_basekerne "${_pfpatchhome}/${_pfpatchname}" # the -pf patchset "90-linux.hook" "60-linux.hook" - '0001-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch' - '0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch' - '0003-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch' - '0001-ALSA-usb-audio-Fix-the-missing-ctl-name-suffix-at-pa.patch' + '0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch' + '0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch' + '0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch' '0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch' ) # 'cx23885_move_CI_AC_registration_to_a_separate_function.patch' @@ -104,16 +103,13 @@ prepare() { # disable USER_NS for non-root users by default patch -Np1 -i ../0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch - # https://bugs.archlinux.org/task/56605 - patch -Np1 -i ../0001-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch - patch -Np1 -i ../0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch + patch -Np1 -i ../0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch + patch -Np1 -i ../0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch # https://bugs.archlinux.org/task/56846 - patch -Np1 -i ../0003-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch + patch -Np1 -i ../0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch - # https://bugs.archlinux.org/task/56830 - patch -Np1 -i ../0001-ALSA-usb-audio-Fix-the-missing-ctl-name-suffix-at-pa.patch # end linux-ARCH patches # fix ci invalid PC card inserted issue hopefully @@ -689,12 +685,11 @@ sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7' '102d518779dc312af35faf7e07ff01df3c04521d40d8757fc4e8eba9c595c395' '943e1e6e1518edc8ab86023805f8f88f3672871a4039ccf8a9e97c33e95ae395' '82d660caa11db0cd34fd550a049d7296b4a9dcd28f2a50c81418066d6e598864' - '71855b1aa2e4aec2695f4ee12ad7a65fcb33b1fe17315cfcca6ce9162bc9e391' + 'e8765a6a553b914b21e59dfe4d2311aba1d518bfcc71d32802d3bc0fa4874369' '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919' 'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21' - 'ed3266ab03f836f57de0faf8a10ffd7566c909515c2649de99adaab2fac4aa32' - '64a014f7e1b4588728b3ea9538beee67ec63fb792d890c7be9cc13ddc2121b00' - '3d4c41086c077fbd515d04f5e59c0c258f700433c5da3365d960b696c2e56efb' - '95f0d0a94983b0dafd295f660a663f9be5ef2fcb9646098426a5d12b59f50638' - '37b86ca3de148a34258e3176dbf41488d9dbd19e93adbd22a062b3c41332ce85') + '705d5fbfce00ccc20490bdfb5853d67d86ac00c845de6ecb13e414214b48daeb' + '0a249248534a17f14fab7e14994811ae81fe324668a82ff41f3bcabeeae1460f' + '8e1b303957ddd829c0c9ad7c012cd32f2354ff3c8c1b85da3d7f8a54524f3711' + '06bc1d8b1cd153c3146a4376d833f5769b980e5ef5eae99ddaaeb48bf514dae2') |