diff options
| author | Joakim Hernberg | 2018-02-25 13:11:20 +0100 |
|---|---|---|
| committer | Joakim Hernberg | 2018-02-25 13:11:20 +0100 |
| commit | bc257d4eae02d061139d29c791b3dd310a7755d4 (patch) | |
| tree | 3466d110d468ddd585f93cb4d468bc61b890732a | |
| parent | aee56edc0ffc7c315d462ae337f446b7ed8007c5 (diff) | |
| download | aur-bc257d4eae02d061139d29c791b3dd310a7755d4.tar.gz | |
bump to 4.14.20_rt17-1
| -rw-r--r-- | .SRCINFO | 18 | ||||
| -rw-r--r-- | 0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch | 57 | ||||
| -rw-r--r-- | PKGBUILD | 13 |
3 files changed, 12 insertions, 76 deletions
@@ -1,7 +1,7 @@ # Generated by makepkg 5.0.2 -# Sat Feb 10 15:10:05 UTC 2018 +# Sun Feb 25 12:10:26 UTC 2018 pkgbase = linux-rt - pkgver = 4.14.18_rt15 + pkgver = 4.14.20_rt17 pkgrel = 1 url = https://www.kernel.org/ arch = x86_64 @@ -14,16 +14,15 @@ pkgbase = linux-rt options = !strip source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.xz source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.sign - source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.18.xz - source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.18.sign - source = https://www.kernel.org/pub/linux/kernel/projects/rt/4.14/older/patch-4.14.18-rt15.patch.xz - source = https://www.kernel.org/pub/linux/kernel/projects/rt/4.14/older/patch-4.14.18-rt15.patch.sign + source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.20.xz + source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.20.sign + source = https://www.kernel.org/pub/linux/kernel/projects/rt/4.14/older/patch-4.14.20-rt17.patch.xz + source = https://www.kernel.org/pub/linux/kernel/projects/rt/4.14/older/patch-4.14.20-rt17.patch.sign source = config source = 60-linux-rt.hook source = 90-linux-rt.hook source = linux-rt.preset source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch - source = 0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch source = 0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch source = 0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch source = fix-race-in-PRT-wait-for-completion-simple-wait-code_Nvidia-RT-160319.patch @@ -34,16 +33,15 @@ pkgbase = linux-rt validpgpkeys = E644E2F1D45FA0B2EAA02F33109F098506FF0B14 sha256sums = f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7 sha256sums = SKIP - sha256sums = 8d29e1d10cabd62b32ac56e33de990e0d4f3c6208f57bd3f2c8c02f9eebc0d72 + sha256sums = ec38313c7ff463f781fb36502d4b49811a903462f031c5392b95231cc371190f sha256sums = SKIP - sha256sums = ca5923ba7e8430787d2c549a7e452de50752ec6c205d5cb361c41b0c3511da1c + sha256sums = e513beee302919078c213d4f4f5bfdc8ccbdd777042a4bd87ae06aaa03704efb sha256sums = SKIP sha256sums = be24c49a01142458458516972d427fb2e341f9e16b8e631055bcf19e87e94d7b sha256sums = ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21 sha256sums = 75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919 sha256sums = ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65 sha256sums = d8a865a11665424b21fe6be9265eb287ee6d5646261a486954ddf3a4ee87e78f - sha256sums = 6ce57b8dba43db4c6ee167a8891167b7d1e1e101d5112e776113eb37de5c37d8 sha256sums = 1c1f5792c98369c546840950e6569a690cd88e33d4f0931d2b0b5b88f705aa4d sha256sums = ec7342aab478af79a17ff65cf65bbd6744b0caee8f66c77a39bba61a78e6576d sha256sums = 85f7612edfa129210343d6a4fe4ba2a4ac3542d98b7e28c8896738e7e6541c06 diff --git a/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch b/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch deleted file mode 100644 index 15e4d29b6e14..000000000000 --- a/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch +++ /dev/null @@ -1,57 +0,0 @@ -From e3fff011db7dd80d53b6bda48bcf2313918aa7a8 Mon Sep 17 00:00:00 2001 -Message-Id: <e3fff011db7dd80d53b6bda48bcf2313918aa7a8.1515173964.git.jan.steffens@gmail.com> -In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> -References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> -From: Mohamed Ghannam <simo.ghannam@gmail.com> -Date: Tue, 5 Dec 2017 20:58:35 +0000 -Subject: [PATCH 3/6] dccp: CVE-2017-8824: use-after-free in DCCP code - -Whenever the sock object is in DCCP_CLOSED state, -dccp_disconnect() must free dccps_hc_tx_ccid and -dccps_hc_rx_ccid and set to NULL. - -Signed-off-by: Mohamed Ghannam <simo.ghannam@gmail.com> -Reviewed-by: Eric Dumazet <edumazet@google.com> -Signed-off-by: David S. Miller <davem@davemloft.net> ---- - net/dccp/proto.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/net/dccp/proto.c b/net/dccp/proto.c -index b68168fcc06aa198..9d43c1f4027408f3 100644 ---- a/net/dccp/proto.c -+++ b/net/dccp/proto.c -@@ -259,25 +259,30 @@ int dccp_disconnect(struct sock *sk, int flags) - { - struct inet_connection_sock *icsk = inet_csk(sk); - struct inet_sock *inet = inet_sk(sk); -+ struct dccp_sock *dp = dccp_sk(sk); - int err = 0; - const int old_state = sk->sk_state; - - if (old_state != DCCP_CLOSED) - dccp_set_state(sk, DCCP_CLOSED); - - /* - * This corresponds to the ABORT function of RFC793, sec. 3.8 - * TCP uses a RST segment, DCCP a Reset packet with Code 2, "Aborted". - */ - if (old_state == DCCP_LISTEN) { - inet_csk_listen_stop(sk); - } else if (dccp_need_reset(old_state)) { - dccp_send_reset(sk, DCCP_RESET_CODE_ABORTED); - sk->sk_err = ECONNRESET; - } else if (old_state == DCCP_REQUESTING) - sk->sk_err = ECONNRESET; - - dccp_clear_xmit_timers(sk); -+ ccid_hc_rx_delete(dp->dccps_hc_rx_ccid, sk); -+ ccid_hc_tx_delete(dp->dccps_hc_tx_ccid, sk); -+ dp->dccps_hc_rx_ccid = NULL; -+ dp->dccps_hc_tx_ccid = NULL; - - __skb_queue_purge(&sk->sk_receive_queue); - __skb_queue_purge(&sk->sk_write_queue); --- -2.15.1 - @@ -8,8 +8,8 @@ #pkgbase=linux # Build stock -ARCH kernel pkgbase=linux-rt # Build kernel with a different name _srcname=linux-4.14 -_pkgver=4.14.18 -_rtpatchver=rt15 +_pkgver=4.14.20 +_rtpatchver=rt17 pkgver=${_pkgver}_${_rtpatchver} pkgrel=1 arch=('x86_64') @@ -29,7 +29,6 @@ source=( '90-linux-rt.hook' # pacman hook for initramfs regeneration 'linux-rt.preset' # standard config files for mkinitcpio ramdisk 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch - 0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch 0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch 0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch fix-race-in-PRT-wait-for-completion-simple-wait-code_Nvidia-RT-160319.patch @@ -43,16 +42,15 @@ validpgpkeys=( ) sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7' 'SKIP' - '8d29e1d10cabd62b32ac56e33de990e0d4f3c6208f57bd3f2c8c02f9eebc0d72' + 'ec38313c7ff463f781fb36502d4b49811a903462f031c5392b95231cc371190f' 'SKIP' - 'ca5923ba7e8430787d2c549a7e452de50752ec6c205d5cb361c41b0c3511da1c' + 'e513beee302919078c213d4f4f5bfdc8ccbdd777042a4bd87ae06aaa03704efb' 'SKIP' 'be24c49a01142458458516972d427fb2e341f9e16b8e631055bcf19e87e94d7b' 'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21' '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919' 'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65' 'd8a865a11665424b21fe6be9265eb287ee6d5646261a486954ddf3a4ee87e78f' - '6ce57b8dba43db4c6ee167a8891167b7d1e1e101d5112e776113eb37de5c37d8' '1c1f5792c98369c546840950e6569a690cd88e33d4f0931d2b0b5b88f705aa4d' 'ec7342aab478af79a17ff65cf65bbd6744b0caee8f66c77a39bba61a78e6576d' '85f7612edfa129210343d6a4fe4ba2a4ac3542d98b7e28c8896738e7e6541c06') @@ -74,9 +72,6 @@ prepare() { # disable USER_NS for non-root users by default patch -Np1 -i ../0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch - # https://nvd.nist.gov/vuln/detail/CVE-2017-8824 - patch -Np1 -i ../0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch - # https://bugs.archlinux.org/task/56605 patch -Np1 -i ../0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch |