Update to 4.14.13rc1-1

author: graysky 2018-01-08 15:48:29 -0500
committer: graysky 2018-01-08 15:48:29 -0500
commit: ed7f0aa35261a2b3507f5cbb72d0875b41181d16 (patch)
tree: e541d2cf252348389029528c7c7c16819ae12584
parent: b8350f633547b314bf5b2dd383abc5e79df557ef (diff)
download: aur-ed7f0aa35261a2b3507f5cbb72d0875b41181d16.tar.gz
8 files changed, 146 insertions, 41 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 90ca5442cc45..8412b4339a11 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
 # Generated by mksrcinfo v8
-# Fri Jan  5 20:15:14 UTC 2018
+# Mon Jan  8 20:48:29 UTC 2018
 pkgbase = linux-rc
-	pkgver = 4.14.12rc1
+	pkgver = 4.14.13rc1
 	pkgrel = 1
 	url = http://www.kernel.org/
 	arch = x86_64
@@ -13,10 +13,10 @@ pkgbase = linux-rc
 	options = !strip
 	source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.xz
 	source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.sign
-	source = http://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.11.xz
-	source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.11.sign
-	source = https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.12-rc1.xz
-	source = https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.12-rc1.sign
+	source = http://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.12.xz
+	source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.12.sign
+	source = https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.13-rc1.xz
+	source = https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.13-rc1.sign
 	source = config
 	source = 60-linux.hook
 	source = 90-linux.hook
@@ -24,21 +24,25 @@ pkgbase = linux-rc
 	source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
 	source = 0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch
 	source = 0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
-	source = 0004-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
+	source = 0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
+	source = 0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
+	source = 0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
 	sha256sums = f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7
 	sha256sums = SKIP
-	sha256sums = f588b62d7ee1d2ebdc24afa0e256ff2f8812d5cab3bf572bf02e7c4525922bf9
+	sha256sums = da5d8db44b0988e4c45346899d3f5a51f8bd6c25f14e729615ca9ff9f17bdefd
 	sha256sums = SKIP
-	sha256sums = 4ccc8f4f7c63361369ee5dee0074ced0cf492637f33aa89fe673dc5ef08d6825
+	sha256sums = 61943fd5af266b3a7881b027fc57b6b68757fbc5f028088f4560e02c0059aa55
 	sha256sums = SKIP
 	sha256sums = 24b8cf6829dafcb2b5c76cffaae6438ad2d432f13d6551fa1c8f25e66b751ed4
 	sha256sums = ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21
 	sha256sums = 75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919
 	sha256sums = ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65
-	sha256sums = 06bc1d8b1cd153c3146a4376d833f5769b980e5ef5eae99ddaaeb48bf514dae2
-	sha256sums = b90bef87574f30ec66c0f10d089bea56a9e974b6d052fee3071b1ff21360724b
-	sha256sums = f38531dee9fd8a59202ce96ac5b40446f1f035b89788ea9ecb2fb3909f703a25
-	sha256sums = 8e1b303957ddd829c0c9ad7c012cd32f2354ff3c8c1b85da3d7f8a54524f3711
+	sha256sums = d8a865a11665424b21fe6be9265eb287ee6d5646261a486954ddf3a4ee87e78f
+	sha256sums = 9251c03da9d4b64591d77f490ff144d4ba514e66e74294ada541bf827306c9c4
+	sha256sums = 6ce57b8dba43db4c6ee167a8891167b7d1e1e101d5112e776113eb37de5c37d8
+	sha256sums = 1c1f5792c98369c546840950e6569a690cd88e33d4f0931d2b0b5b88f705aa4d
+	sha256sums = c3d743a0e193294bc5fbae65e7ba69fd997cd8b2ded9c9a45c5151d71d9cfb95
+	sha256sums = ec7342aab478af79a17ff65cf65bbd6744b0caee8f66c77a39bba61a78e6576d
 
 pkgname = linux-rc
 	pkgdesc = The release candidate kernel and modules
diff --git a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
index 64341b9b7026..c3364a49db0e 100644
--- a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
+++ b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
@@ -1,8 +1,8 @@
-From fb89d912d5f7289d3a922c77b671e36e1c740f5e Mon Sep 17 00:00:00 2001
-Message-Id: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
+From 0b716bdb952b678d9bb5eb32198dbc82ec492df2 Mon Sep 17 00:00:00 2001
+Message-Id: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
 From: Serge Hallyn <serge.hallyn@canonical.com>
 Date: Fri, 31 May 2013 19:12:12 +0100
-Subject: [PATCH 1/7] add sysctl to disallow unprivileged CLONE_NEWUSER by
+Subject: [PATCH 1/6] add sysctl to disallow unprivileged CLONE_NEWUSER by
  default
 
 Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
diff --git a/0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch b/0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch
index 8c23c9a543ba..9961ab6f9273 100644
--- a/0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch
+++ b/0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch
@@ -1,10 +1,10 @@
-From 8c6956686606b9c3661e74a410c8cb2fc276c5ee Mon Sep 17 00:00:00 2001
-Message-Id: <8c6956686606b9c3661e74a410c8cb2fc276c5ee.1514959852.git.jan.steffens@gmail.com>
-In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
-References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
+From e6a5e05524563626d14c1745619e37e79cb5a3a7 Mon Sep 17 00:00:00 2001
+Message-Id: <e6a5e05524563626d14c1745619e37e79cb5a3a7.1515173964.git.jan.steffens@gmail.com>
+In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
+References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
 From: Benjamin Poirier <bpoirier@suse.com>
 Date: Mon, 11 Dec 2017 16:26:40 +0900
-Subject: [PATCH 2/7] e1000e: Fix e1000_check_for_copper_link_ich8lan return
+Subject: [PATCH 2/6] e1000e: Fix e1000_check_for_copper_link_ich8lan return
  value.
 
 e1000e_check_for_copper_link() and e1000_check_for_copper_link_ich8lan()
diff --git a/0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch b/0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
index d7872e2a1cc2..15e4d29b6e14 100644
--- a/0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
+++ b/0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
@@ -1,10 +1,10 @@
-From b81e273fb227373a2951c7256ab11a87d5333a9d Mon Sep 17 00:00:00 2001
-Message-Id: <b81e273fb227373a2951c7256ab11a87d5333a9d.1514959852.git.jan.steffens@gmail.com>
-In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
-References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
+From e3fff011db7dd80d53b6bda48bcf2313918aa7a8 Mon Sep 17 00:00:00 2001
+Message-Id: <e3fff011db7dd80d53b6bda48bcf2313918aa7a8.1515173964.git.jan.steffens@gmail.com>
+In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
+References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
 From: Mohamed Ghannam <simo.ghannam@gmail.com>
 Date: Tue, 5 Dec 2017 20:58:35 +0000
-Subject: [PATCH 3/7] dccp: CVE-2017-8824: use-after-free in DCCP code
+Subject: [PATCH 3/6] dccp: CVE-2017-8824: use-after-free in DCCP code
 
 Whenever the sock object is in DCCP_CLOSED state,
 dccp_disconnect() must free dccps_hc_tx_ccid and
diff --git a/0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch b/0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
new file mode 100644
index 000000000000..6b4de3a648d9
--- /dev/null
+++ b/0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
@@ -0,0 +1,49 @@
+From 5a11be3bab2dcd6fe061206662969c4cea46988f Mon Sep 17 00:00:00 2001
+Message-Id: <5a11be3bab2dcd6fe061206662969c4cea46988f.1515173964.git.jan.steffens@gmail.com>
+In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
+References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
+From: Steffen Klassert <steffen.klassert@secunet.com>
+Date: Fri, 22 Dec 2017 10:44:57 +0100
+Subject: [PATCH 4/6] xfrm: Fix stack-out-of-bounds read on socket policy
+ lookup.
+
+When we do tunnel or beet mode, we pass saddr and daddr from the
+template to xfrm_state_find(), this is ok. On transport mode,
+we pass the addresses from the flowi, assuming that the IP
+addresses (and address family) don't change during transformation.
+This assumption is wrong in the IPv4 mapped IPv6 case, packet
+is IPv4 and template is IPv6.
+
+Fix this by catching address family missmatches of the policy
+and the flow already before we do the lookup.
+
+Reported-by: syzbot <syzkaller@googlegroups.com>
+Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
+---
+ net/xfrm/xfrm_policy.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
+index 6bc16bb61b5533ef..50c5f46b5cca942e 100644
+--- a/net/xfrm/xfrm_policy.c
++++ b/net/xfrm/xfrm_policy.c
+@@ -1169,9 +1169,15 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir,
+  again:
+ 	pol = rcu_dereference(sk->sk_policy[dir]);
+ 	if (pol != NULL) {
+-		bool match = xfrm_selector_match(&pol->selector, fl, family);
++		bool match;
+ 		int err = 0;
+ 
++		if (pol->family != family) {
++			pol = NULL;
++			goto out;
++		}
++
++		match = xfrm_selector_match(&pol->selector, fl, family);
+ 		if (match) {
+ 			if ((sk->sk_mark & pol->mark.m) != pol->mark.v) {
+ 				pol = NULL;
+-- 
+2.15.1
+
diff --git a/0004-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch b/0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
index 0a54ce129b3b..3090318aacb8 100644
--- a/0004-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
+++ b/0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
@@ -1,10 +1,10 @@
-From a79cb4d4e540c72a601ca0494e914565c16e2893 Mon Sep 17 00:00:00 2001
-Message-Id: <a79cb4d4e540c72a601ca0494e914565c16e2893.1514959852.git.jan.steffens@gmail.com>
-In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
-References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
+From eadda028a73a567edd8462ccd0e8c28e023cde28 Mon Sep 17 00:00:00 2001
+Message-Id: <eadda028a73a567edd8462ccd0e8c28e023cde28.1515173964.git.jan.steffens@gmail.com>
+In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
+References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
 From: Tejun Heo <tj@kernel.org>
 Date: Wed, 20 Dec 2017 07:09:19 -0800
-Subject: [PATCH 6/7] cgroup: fix css_task_iter crash on CSS_TASK_ITER_PROC
+Subject: [PATCH 5/6] cgroup: fix css_task_iter crash on CSS_TASK_ITER_PROC
 
 While teaching css_task_iter to handle skipping over tasks which
 aren't group leaders, bc2fb7ed089f ("cgroup: add @flags to
diff --git a/0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch b/0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
new file mode 100644
index 000000000000..5d36d15ac47b
--- /dev/null
+++ b/0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
@@ -0,0 +1,42 @@
+From cf45be4971bdd769c09e2a11db483510cd0bcc5f Mon Sep 17 00:00:00 2001
+Message-Id: <cf45be4971bdd769c09e2a11db483510cd0bcc5f.1515173964.git.jan.steffens@gmail.com>
+In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
+References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
+From: Jim Bride <jim.bride@linux.intel.com>
+Date: Mon, 6 Nov 2017 13:38:57 -0800
+Subject: [PATCH 6/6] drm/i915/edp: Only use the alternate fixed mode if it's
+ asked for
+
+In commit dc911f5bd8aa ("drm/i915/edp: Allow alternate fixed mode for
+eDP if available."), the patch allows for the use of an alternate fixed
+mode if it is available, but the patch was not ensuring that the only
+time the alternate mode is used is when it is specifically requested.
+This patch adds an additional comparison to intel_edp_compare_alt_mode
+to ensure that we only use the alternate mode if it is directly
+requested.
+
+Fixes: dc911f5bd8aac ("Allow alternate fixed mode for eDP if available.")
+Cc: David Weinehall <david.weinehall@linux.intel.com>
+Cc: Rodrigo Vivi <rodrigo.vivi@intel.com>
+Signed-off-by: Jim Bride <jim.bride@linux.intel.com>
+---
+ drivers/gpu/drm/i915/intel_dp.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c
+index 09f274419eea1c74..838cee312e8e6978 100644
+--- a/drivers/gpu/drm/i915/intel_dp.c
++++ b/drivers/gpu/drm/i915/intel_dp.c
+@@ -1632,7 +1632,8 @@ static bool intel_edp_compare_alt_mode(struct drm_display_mode *m1,
+ 			m1->vdisplay == m2->vdisplay &&
+ 			m1->vsync_start == m2->vsync_start &&
+ 			m1->vsync_end == m2->vsync_end &&
+-			m1->vtotal == m2->vtotal);
++			m1->vtotal == m2->vtotal &&
++			m1->vrefresh == m2->vrefresh);
+ 	return bres;
+ }
+ 
+-- 
+2.15.1
+
diff --git a/PKGBUILD b/PKGBUILD
index 3b5c23c492cd..24a1e67831a1 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -4,8 +4,8 @@
 
 pkgbase=linux-rc
 _srcname=linux-4.14
-_stable=4.14.11
-_patchver=4.14.12
+_stable=4.14.12
+_patchver=4.14.13
 _rcver=1
 pkgver=${_patchver}rc${_rcver}
 _rcpatch=patch-${_patchver}-rc${_rcver}
@@ -29,7 +29,9 @@ source=(
   0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
   0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch
   0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
-  0004-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
+  0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
+  0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
+  0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
 )
 validpgpkeys=(
   'ABAF11C65A2970B130ABE3C479BE3E4300411886'  # Linus Torvalds
@@ -37,18 +39,20 @@ validpgpkeys=(
 )
 sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7'
             'SKIP'
-            'f588b62d7ee1d2ebdc24afa0e256ff2f8812d5cab3bf572bf02e7c4525922bf9'
+            'da5d8db44b0988e4c45346899d3f5a51f8bd6c25f14e729615ca9ff9f17bdefd'
             'SKIP'
-            '4ccc8f4f7c63361369ee5dee0074ced0cf492637f33aa89fe673dc5ef08d6825'
+            '61943fd5af266b3a7881b027fc57b6b68757fbc5f028088f4560e02c0059aa55'
             'SKIP'
             '24b8cf6829dafcb2b5c76cffaae6438ad2d432f13d6551fa1c8f25e66b751ed4'
             'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21'
             '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919'
             'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65'
-            '06bc1d8b1cd153c3146a4376d833f5769b980e5ef5eae99ddaaeb48bf514dae2'
-            'b90bef87574f30ec66c0f10d089bea56a9e974b6d052fee3071b1ff21360724b'
-            'f38531dee9fd8a59202ce96ac5b40446f1f035b89788ea9ecb2fb3909f703a25'
-            '8e1b303957ddd829c0c9ad7c012cd32f2354ff3c8c1b85da3d7f8a54524f3711')
+            'd8a865a11665424b21fe6be9265eb287ee6d5646261a486954ddf3a4ee87e78f'
+            '9251c03da9d4b64591d77f490ff144d4ba514e66e74294ada541bf827306c9c4'
+            '6ce57b8dba43db4c6ee167a8891167b7d1e1e101d5112e776113eb37de5c37d8'
+            '1c1f5792c98369c546840950e6569a690cd88e33d4f0931d2b0b5b88f705aa4d'
+            'c3d743a0e193294bc5fbae65e7ba69fd997cd8b2ded9c9a45c5151d71d9cfb95'
+            'ec7342aab478af79a17ff65cf65bbd6744b0caee8f66c77a39bba61a78e6576d')
 
 _kernelname=${pkgbase#linux}
 
@@ -76,8 +80,14 @@ prepare() {
   # https://nvd.nist.gov/vuln/detail/CVE-2017-8824
   patch -Np1 -i ../0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
 
+  # https://bugs.archlinux.org/task/56605
+  patch -Np1 -i ../0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
+
   # https://bugs.archlinux.org/task/56846
-  patch -Np1 -i ../0004-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
+  patch -Np1 -i ../0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
+
+  # https://bugs.archlinux.org/task/56711
+  patch -Np1 -i ../0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
 
   cp -Tf ../config .config
author	graysky	2018-01-08 15:48:29 -0500
committer	graysky	2018-01-08 15:48:29 -0500
commit	ed7f0aa35261a2b3507f5cbb72d0875b41181d16 (patch)
tree	e541d2cf252348389029528c7c7c16819ae12584
parent	b8350f633547b314bf5b2dd383abc5e79df557ef (diff)
download	aur-ed7f0aa35261a2b3507f5cbb72d0875b41181d16.tar.gz