diff options
author | graysky | 2019-10-02 16:00:14 -0400 |
---|---|---|
committer | graysky | 2019-10-02 16:00:14 -0400 |
commit | 03834a9b4b4a99848d3480be850a7fcc15f342b2 (patch) | |
tree | c18aeb8a4df9dbd2b522c371fcd5dd9f4cf83f3b | |
parent | 96a9aa1c1f07f56d7e85a16dd95989711f97652f (diff) | |
download | aur-03834a9b4b4a99848d3480be850a7fcc15f342b2.tar.gz |
Update to 5.3.3rc1-1
-rw-r--r-- | .SRCINFO | 20 | ||||
-rw-r--r-- | 0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch | 57 | ||||
-rw-r--r-- | 0002-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch (renamed from 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch) | 66 | ||||
-rw-r--r-- | 0006-Bluetooth-hidp-Fix-assumptions-on-the-return-value-o.patch | 63 | ||||
-rw-r--r-- | PKGBUILD | 15 |
5 files changed, 128 insertions, 93 deletions
@@ -1,5 +1,5 @@ pkgbase = linux-rc - pkgver = 5.3.2rc1 + pkgver = 5.3.3rc1 pkgrel = 1 url = https://www.kernel.org/ arch = x86_64 @@ -9,26 +9,26 @@ pkgbase = linux-rc makedepends = bc makedepends = libelf options = !strip - source = patch-5.3.2-rc1.patch::https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=linux-5.3.y&id2=v5.3.1 - source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.3.1.tar.xz - source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.3.1.tar.sign + source = patch-5.3.3-rc1.patch::https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/patch/?id=linux-5.3.y&id2=v5.3.2 + source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.3.2.tar.xz + source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.3.2.tar.sign source = config source = 60-linux.hook source = 90-linux.hook source = linux.preset - source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch - source = 0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch + source = 0002-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch + source = 0006-Bluetooth-hidp-Fix-assumptions-on-the-return-value-o.patch validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886 validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E - sha256sums = 0e71b34c9b9c515124127abff20be90201099ed741be12cccd62bb2d132475f3 - sha256sums = 9890b5a909d316211d045a95f5f0680e39749f2319cb26d7cd067efaa692f858 + sha256sums = 33dcfeec3d0bc076850e8ec6fecf2eda155d4573008405003a815ef18e9cdb7f + sha256sums = 361f9c953bb5ca7dbc922c3f698170523667f6a2f43961ffb88fa47b6b10fc6b sha256sums = SKIP sha256sums = 166ee15de54cd8385ed12599cf8402009df5e5c59e961e0547c7745fa385b6a2 sha256sums = ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21 sha256sums = c043f3033bb781e2688794a59f6d1f7ed49ef9b13eb77ff9a425df33a244a636 sha256sums = ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65 - sha256sums = 702840a04a8f08bec4688865ae41303dfc9f8c173c8dc10bfa4ffe12fce562a5 - sha256sums = 187fa8d9a6c5777a8930dcecfafdd9d6e9095d4bf96ec060e756fb7c6a88b74d + sha256sums = 57146472c25c492d723e9f74d13c3e5ea01080156890c463be50d0f9d07496cc + sha256sums = c03f15d61b4de37665ee972793cac2f9090546a3d52c375d6a434604a76b0fb6 pkgname = linux-rc pkgdesc = The release candidate kernel and modules diff --git a/0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch b/0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch deleted file mode 100644 index 3ec1d811cb34..000000000000 --- a/0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch +++ /dev/null @@ -1,57 +0,0 @@ -From f6f4d8c026e1bc210432afc6440ce685e6eaa3e9 Mon Sep 17 00:00:00 2001 -From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> -Date: Thu, 7 Dec 2017 13:50:48 +0100 -Subject: [PATCH 2/4] ZEN: Add CONFIG for unprivileged_userns_clone - -This way our default behavior continues to match the vanilla kernel. ---- - init/Kconfig | 16 ++++++++++++++++ - kernel/user_namespace.c | 4 ++++ - 2 files changed, 20 insertions(+) - -diff --git a/init/Kconfig b/init/Kconfig -index 0e2344389501..96f76927710a 100644 ---- a/init/Kconfig -+++ b/init/Kconfig -@@ -1013,6 +1013,22 @@ config USER_NS - - If unsure, say N. - -+config USER_NS_UNPRIVILEGED -+ bool "Allow unprivileged users to create namespaces" -+ default y -+ depends on USER_NS -+ help -+ When disabled, unprivileged users will not be able to create -+ new namespaces. Allowing users to create their own namespaces -+ has been part of several recent local privilege escalation -+ exploits, so if you need user namespaces but are -+ paranoid^Wsecurity-conscious you want to disable this. -+ -+ This setting can be overridden at runtime via the -+ kernel.unprivileged_userns_clone sysctl. -+ -+ If unsure, say Y. -+ - config PID_NS - bool "PID Namespaces" - default y -diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index b2f8b5777670..aa27ecacfb1e 100644 ---- a/kernel/user_namespace.c -+++ b/kernel/user_namespace.c -@@ -22,7 +22,11 @@ - #include <linux/sort.h> - - /* sysctl */ -+#ifdef CONFIG_USER_NS_UNPRIVILEGED -+int unprivileged_userns_clone = 1; -+#else - int unprivileged_userns_clone; -+#endif - - static struct kmem_cache *user_ns_cachep __read_mostly; - static DEFINE_MUTEX(userns_state_mutex); --- -2.22.0 - diff --git a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/0002-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch index fd90e896f3da..acba8fd45cd1 100644 --- a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch +++ b/0002-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch @@ -1,20 +1,46 @@ -From 54ade9c94abac29d31eacc2dc827aa6fe7162854 Mon Sep 17 00:00:00 2001 -From: Serge Hallyn <serge.hallyn@canonical.com> -Date: Fri, 31 May 2013 19:12:12 +0100 -Subject: [PATCH 1/4] add sysctl to disallow unprivileged CLONE_NEWUSER by - default +From 457138ff88d815cadfe3682cb2e4c4b5cb6d5db3 Mon Sep 17 00:00:00 2001 +From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> +Date: Mon, 16 Sep 2019 04:53:20 +0200 +Subject: [PATCH 2/7] ZEN: Add sysctl and CONFIG to disallow unprivileged + CLONE_NEWUSER -Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> -[bwh: Remove unneeded binary sysctl bits] -Signed-off-by: Daniel Micay <danielmicay@gmail.com> +Our default behavior continues to match the vanilla kernel. --- + init/Kconfig | 16 ++++++++++++++++ kernel/fork.c | 15 +++++++++++++++ kernel/sysctl.c | 12 ++++++++++++ - kernel/user_namespace.c | 3 +++ - 3 files changed, 30 insertions(+) + kernel/user_namespace.c | 7 +++++++ + 4 files changed, 50 insertions(+) +diff --git a/init/Kconfig b/init/Kconfig +index bd7d650d4a99..658f9c052151 100644 +--- a/init/Kconfig ++++ b/init/Kconfig +@@ -1091,6 +1091,22 @@ config USER_NS + + If unsure, say N. + ++config USER_NS_UNPRIVILEGED ++ bool "Allow unprivileged users to create namespaces" ++ default y ++ depends on USER_NS ++ help ++ When disabled, unprivileged users will not be able to create ++ new namespaces. Allowing users to create their own namespaces ++ has been part of several recent local privilege escalation ++ exploits, so if you need user namespaces but are ++ paranoid^Wsecurity-conscious you want to disable this. ++ ++ This setting can be overridden at runtime via the ++ kernel.unprivileged_userns_clone sysctl. ++ ++ If unsure, say Y. ++ + config PID_NS + bool "PID Namespaces" + default y diff --git a/kernel/fork.c b/kernel/fork.c -index fe83343da24b..1047576e45ef 100644 +index 541fd805fb88..ffd57c812153 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -106,6 +106,11 @@ @@ -29,7 +55,7 @@ index fe83343da24b..1047576e45ef 100644 /* * Minimum number of threads to boot the kernel -@@ -1765,6 +1770,10 @@ static __latent_entropy struct task_struct *copy_process( +@@ -1788,6 +1793,10 @@ static __latent_entropy struct task_struct *copy_process( if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) return ERR_PTR(-EINVAL); @@ -40,7 +66,7 @@ index fe83343da24b..1047576e45ef 100644 /* * Thread groups must share signals as well, and detached threads * can only be started up within the thread group. -@@ -2653,6 +2662,12 @@ int ksys_unshare(unsigned long unshare_flags) +@@ -2819,6 +2828,12 @@ int ksys_unshare(unsigned long unshare_flags) if (unshare_flags & CLONE_NEWNS) unshare_flags |= CLONE_FS; @@ -54,7 +80,7 @@ index fe83343da24b..1047576e45ef 100644 if (err) goto bad_unshare_out; diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index 1beca96fb625..fb9633b8b385 100644 +index 078950d9605b..baead3605bbe 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -110,6 +110,9 @@ extern int core_uses_pid; @@ -67,7 +93,7 @@ index 1beca96fb625..fb9633b8b385 100644 extern int pid_max; extern int pid_max_min, pid_max_max; extern int percpu_pagelist_fraction; -@@ -532,6 +535,15 @@ static struct ctl_table kern_table[] = { +@@ -545,6 +548,15 @@ static struct ctl_table kern_table[] = { .proc_handler = proc_dointvec, }, #endif @@ -84,19 +110,23 @@ index 1beca96fb625..fb9633b8b385 100644 { .procname = "tainted", diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index 0eff45ce7703..b2f8b5777670 100644 +index 8eadadc478f9..c36ecd19562c 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c -@@ -21,6 +21,9 @@ +@@ -21,6 +21,13 @@ #include <linux/bsearch.h> #include <linux/sort.h> +/* sysctl */ ++#ifdef CONFIG_USER_NS_UNPRIVILEGED ++int unprivileged_userns_clone = 1; ++#else +int unprivileged_userns_clone; ++#endif + static struct kmem_cache *user_ns_cachep __read_mostly; static DEFINE_MUTEX(userns_state_mutex); -- -2.22.0 +2.23.0 diff --git a/0006-Bluetooth-hidp-Fix-assumptions-on-the-return-value-o.patch b/0006-Bluetooth-hidp-Fix-assumptions-on-the-return-value-o.patch new file mode 100644 index 000000000000..80b14314e647 --- /dev/null +++ b/0006-Bluetooth-hidp-Fix-assumptions-on-the-return-value-o.patch @@ -0,0 +1,63 @@ +From 231fa7e96a122c8a11078b48fbe9db3334db9fe4 Mon Sep 17 00:00:00 2001 +From: Dan Elkouby <streetwalkermc@gmail.com> +Date: Fri, 6 Sep 2019 14:06:44 +0300 +Subject: [PATCH 6/7] Bluetooth: hidp: Fix assumptions on the return value of + hidp_send_message + +hidp_send_message was changed to return non-zero values on success, +which some other bits did not expect. This caused spurious errors to be +propagated through the stack, breaking some drivers, such as hid-sony +for the Dualshock 4 in Bluetooth mode. + +As pointed out by Dan Carpenter, hid-microsoft directly relied on that +assumption as well. + +Fixes: 48d9cc9d85dd ("Bluetooth: hidp: Let hidp_send_message return number of queued bytes") + +Signed-off-by: Dan Elkouby <streetwalkermc@gmail.com> +Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com> +Reviewed-by: Jiri Kosina <jkosina@suse.cz> +Signed-off-by: Marcel Holtmann <marcel@holtmann.org> +--- + drivers/hid/hid-microsoft.c | 2 +- + net/bluetooth/hidp/core.c | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/hid/hid-microsoft.c b/drivers/hid/hid-microsoft.c +index 8b3a922bdad3..2cf83856f2e4 100644 +--- a/drivers/hid/hid-microsoft.c ++++ b/drivers/hid/hid-microsoft.c +@@ -303,7 +303,7 @@ static void ms_ff_worker(struct work_struct *work) + r->magnitude[MAGNITUDE_WEAK] = ms->weak; /* right actuator */ + + ret = hid_hw_output_report(hdev, (__u8 *)r, sizeof(*r)); +- if (ret) ++ if (ret < 0) + hid_warn(hdev, "failed to send FF report\n"); + } + +diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c +index 8d889969ae7e..bef84b95e2c4 100644 +--- a/net/bluetooth/hidp/core.c ++++ b/net/bluetooth/hidp/core.c +@@ -267,7 +267,7 @@ static int hidp_get_raw_report(struct hid_device *hid, + set_bit(HIDP_WAITING_FOR_RETURN, &session->flags); + data[0] = report_number; + ret = hidp_send_ctrl_message(session, report_type, data, 1); +- if (ret) ++ if (ret < 0) + goto err; + + /* Wait for the return of the report. The returned report +@@ -343,7 +343,7 @@ static int hidp_set_raw_report(struct hid_device *hid, unsigned char reportnum, + data[0] = reportnum; + set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags); + ret = hidp_send_ctrl_message(session, report_type, data, count); +- if (ret) ++ if (ret < 0) + goto err; + + /* Wait for the ACK from the device. */ +-- +2.23.0 + @@ -6,7 +6,7 @@ pkgbase=linux-rc pkgrel=1 _srcname=linux-5.3 _major=5.3 -_minor=1 +_minor=2 _minorc=$((_minor+1)) _rcver=1 _rcpatch=patch-${_major}.${_minorc}-rc${_rcver} @@ -24,23 +24,22 @@ source=( 60-linux.hook # pacman hook for depmod 90-linux.hook # pacman hook for initramfs regeneration linux.preset # standard config files for mkinitcpio ramdisk - 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch - 0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch - # Arch-Linux-kernel-vx.xx.x-arch1.patch is not needed for rc1 + 0002-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch + 0006-Bluetooth-hidp-Fix-assumptions-on-the-return-value-o.patch ) validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman ) -sha256sums=('0e71b34c9b9c515124127abff20be90201099ed741be12cccd62bb2d132475f3' - '9890b5a909d316211d045a95f5f0680e39749f2319cb26d7cd067efaa692f858' +sha256sums=('33dcfeec3d0bc076850e8ec6fecf2eda155d4573008405003a815ef18e9cdb7f' + '361f9c953bb5ca7dbc922c3f698170523667f6a2f43961ffb88fa47b6b10fc6b' 'SKIP' '166ee15de54cd8385ed12599cf8402009df5e5c59e961e0547c7745fa385b6a2' 'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21' 'c043f3033bb781e2688794a59f6d1f7ed49ef9b13eb77ff9a425df33a244a636' 'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65' - '702840a04a8f08bec4688865ae41303dfc9f8c173c8dc10bfa4ffe12fce562a5' - '187fa8d9a6c5777a8930dcecfafdd9d6e9095d4bf96ec060e756fb7c6a88b74d') + '57146472c25c492d723e9f74d13c3e5ea01080156890c463be50d0f9d07496cc' + 'c03f15d61b4de37665ee972793cac2f9090546a3d52c375d6a434604a76b0fb6') _kernelname=${pkgbase#linux} |