linux-selinux 4.14.14-1 update

author: Nicolas Iooss 2018-01-22 19:40:21 +0100
committer: Nicolas Iooss 2018-01-22 19:40:21 +0100
commit: 83917475abbf3300c10197b97453c190e621157c (patch)
tree: aceb63a5d1862f9a55a8964391a0dfd3a34400af
parent: dd67c81d2a6c6fd3b44a8bb44c31f1fd162a2ff0 (diff)
download: aur-83917475abbf3300c10197b97453c190e621157c.tar.gz
9 files changed, 52 insertions, 253 deletions
diff --git a/.SRCINFO b/.SRCINFO
index c5561567f875..435259cd4983 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,5 +1,5 @@
 pkgbase = linux-selinux
-	pkgver = 4.14.13
+	pkgver = 4.14.14
 	pkgrel = 1
 	url = https://www.kernel.org/
 	arch = x86_64
@@ -13,34 +13,30 @@ pkgbase = linux-selinux
 	options = !strip
 	source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.xz
 	source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.sign
-	source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.13.xz
-	source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.13.sign
+	source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.14.xz
+	source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.14.sign
 	source = config
 	source = 60-linux.hook
 	source = 90-linux.hook
 	source = linux.preset
 	source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
-	source = 0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch
-	source = 0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
-	source = 0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
-	source = 0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
-	source = 0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
+	source = 0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
+	source = 0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
+	source = 0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
 	validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886
 	validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E
 	sha256sums = f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7
 	sha256sums = SKIP
-	sha256sums = ce897f467e80452f29d7a7a8809e8585ea12192a2c32e4d18578f64b043e802e
+	sha256sums = 62d656b98f0dc143216cb9650bd9b96cd83d92925731e9f0bec5eb4d6358e603
 	sha256sums = SKIP
-	sha256sums = 5bc9eb004b0ff43d6947b95417afe7cdcafb2f685fd65c233c8d16c2926848d4
+	sha256sums = b2dc7d940d4de0740fa0ed36a54921a34bfa455855f0a8422cc8cfdf3c694f6a
 	sha256sums = ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21
 	sha256sums = 75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919
 	sha256sums = ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65
-	sha256sums = d8a865a11665424b21fe6be9265eb287ee6d5646261a486954ddf3a4ee87e78f
-	sha256sums = 9251c03da9d4b64591d77f490ff144d4ba514e66e74294ada541bf827306c9c4
-	sha256sums = 6ce57b8dba43db4c6ee167a8891167b7d1e1e101d5112e776113eb37de5c37d8
-	sha256sums = 1c1f5792c98369c546840950e6569a690cd88e33d4f0931d2b0b5b88f705aa4d
-	sha256sums = c3d743a0e193294bc5fbae65e7ba69fd997cd8b2ded9c9a45c5151d71d9cfb95
-	sha256sums = ec7342aab478af79a17ff65cf65bbd6744b0caee8f66c77a39bba61a78e6576d
+	sha256sums = 36b1118c8dedadc4851150ddd4eb07b1c58ac5bbf3022cc2501a27c2b476da98
+	sha256sums = 5694022613bb49a77d3dfafdd2e635e9015e0a9069c58a07e99bdc5df6520311
+	sha256sums = 2f46093fde72eabc0fd25eff5065d780619fc5e7d2143d048877a8220d6291b0
+	sha256sums = 6364edabad4182dcf148ae7c14d8f45d61037d4539e76486f978f1af3a090794
 
 pkgname = linux-selinux
 	pkgdesc = The Linux-selinux kernel and modules
diff --git a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
index c3364a49db0e..a989d666aa76 100644
--- a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
+++ b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
@@ -1,8 +1,8 @@
-From 0b716bdb952b678d9bb5eb32198dbc82ec492df2 Mon Sep 17 00:00:00 2001
-Message-Id: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
+From 4e54373158caa50df5402fdd3db1794c5394026b Mon Sep 17 00:00:00 2001
+Message-Id: <4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steffens@gmail.com>
 From: Serge Hallyn <serge.hallyn@canonical.com>
 Date: Fri, 31 May 2013 19:12:12 +0100
-Subject: [PATCH 1/6] add sysctl to disallow unprivileged CLONE_NEWUSER by
+Subject: [PATCH 1/4] add sysctl to disallow unprivileged CLONE_NEWUSER by
  default
 
 Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
@@ -15,7 +15,7 @@ Signed-off-by: Daniel Micay <danielmicay@gmail.com>
  3 files changed, 30 insertions(+)
 
 diff --git a/kernel/fork.c b/kernel/fork.c
-index 500ce64517d93e68..35f5860958b40e9b 100644
+index 500ce64517d9..35f5860958b4 100644
 --- a/kernel/fork.c
 +++ b/kernel/fork.c
 @@ -102,6 +102,11 @@
@@ -55,7 +55,7 @@ index 500ce64517d93e68..35f5860958b40e9b 100644
  	if (err)
  		goto bad_unshare_out;
 diff --git a/kernel/sysctl.c b/kernel/sysctl.c
-index 56aca862c4f584f5..e8402ba393c1915d 100644
+index 56aca862c4f5..e8402ba393c1 100644
 --- a/kernel/sysctl.c
 +++ b/kernel/sysctl.c
 @@ -105,6 +105,9 @@ extern int core_uses_pid;
@@ -85,7 +85,7 @@ index 56aca862c4f584f5..e8402ba393c1915d 100644
  	{
  		.procname	= "tainted",
 diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
-index c490f1e4313b998a..dd03bd39d7bf194d 100644
+index c490f1e4313b..dd03bd39d7bf 100644
 --- a/kernel/user_namespace.c
 +++ b/kernel/user_namespace.c
 @@ -24,6 +24,9 @@
diff --git a/0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch b/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
index 15e4d29b6e14..da886c8a50f6 100644
--- a/0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
+++ b/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
@@ -1,10 +1,10 @@
-From e3fff011db7dd80d53b6bda48bcf2313918aa7a8 Mon Sep 17 00:00:00 2001
-Message-Id: <e3fff011db7dd80d53b6bda48bcf2313918aa7a8.1515173964.git.jan.steffens@gmail.com>
-In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
-References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
+From 8514970bf07bd1cc522f50e882e0159a51a39264 Mon Sep 17 00:00:00 2001
+Message-Id: <8514970bf07bd1cc522f50e882e0159a51a39264.1516188238.git.jan.steffens@gmail.com>
+In-Reply-To: <4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steffens@gmail.com>
+References: <4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steffens@gmail.com>
 From: Mohamed Ghannam <simo.ghannam@gmail.com>
 Date: Tue, 5 Dec 2017 20:58:35 +0000
-Subject: [PATCH 3/6] dccp: CVE-2017-8824: use-after-free in DCCP code
+Subject: [PATCH 2/4] dccp: CVE-2017-8824: use-after-free in DCCP code
 
 Whenever the sock object is in DCCP_CLOSED state,
 dccp_disconnect() must free dccps_hc_tx_ccid and
@@ -18,7 +18,7 @@ Signed-off-by: David S. Miller <davem@davemloft.net>
  1 file changed, 5 insertions(+)
 
 diff --git a/net/dccp/proto.c b/net/dccp/proto.c
-index b68168fcc06aa198..9d43c1f4027408f3 100644
+index b68168fcc06a..9d43c1f40274 100644
 --- a/net/dccp/proto.c
 +++ b/net/dccp/proto.c
 @@ -259,25 +259,30 @@ int dccp_disconnect(struct sock *sk, int flags)
diff --git a/0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch b/0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch
deleted file mode 100644
index 9961ab6f9273..000000000000
--- a/0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-From e6a5e05524563626d14c1745619e37e79cb5a3a7 Mon Sep 17 00:00:00 2001
-Message-Id: <e6a5e05524563626d14c1745619e37e79cb5a3a7.1515173964.git.jan.steffens@gmail.com>
-In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
-References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
-From: Benjamin Poirier <bpoirier@suse.com>
-Date: Mon, 11 Dec 2017 16:26:40 +0900
-Subject: [PATCH 2/6] e1000e: Fix e1000_check_for_copper_link_ich8lan return
- value.
-
-e1000e_check_for_copper_link() and e1000_check_for_copper_link_ich8lan()
-are the two functions that may be assigned to mac.ops.check_for_link when
-phy.media_type == e1000_media_type_copper. Commit 19110cfbb34d ("e1000e:
-Separate signaling for link check/link up") changed the meaning of the
-return value of check_for_link for copper media but only adjusted the first
-function. This patch adjusts the second function likewise.
-
-Reported-by: Christian Hesse <list@eworm.de>
-Reported-by: Gabriel C <nix.or.die@gmail.com>
-Link: https://bugzilla.kernel.org/show_bug.cgi?id=198047
-Fixes: 19110cfbb34d ("e1000e: Separate signaling for link check/link up")
-Tested-by: Christian Hesse <list@eworm.de>
-Signed-off-by: Benjamin Poirier <bpoirier@suse.com>
----
- drivers/net/ethernet/intel/e1000e/ich8lan.c | 11 ++++++++---
- 1 file changed, 8 insertions(+), 3 deletions(-)
-
-diff --git a/drivers/net/ethernet/intel/e1000e/ich8lan.c b/drivers/net/ethernet/intel/e1000e/ich8lan.c
-index d6d4ed7acf031172..31277d3bb7dc1241 100644
---- a/drivers/net/ethernet/intel/e1000e/ich8lan.c
-+++ b/drivers/net/ethernet/intel/e1000e/ich8lan.c
-@@ -1367,22 +1367,25 @@ static s32 e1000_disable_ulp_lpt_lp(struct e1000_hw *hw, bool force)
-  *  Checks to see of the link status of the hardware has changed.  If a
-  *  change in link status has been detected, then we read the PHY registers
-  *  to get the current speed/duplex if link exists.
-+ *
-+ *  Returns a negative error code (-E1000_ERR_*) or 0 (link down) or 1 (link
-+ *  up).
-  **/
- static s32 e1000_check_for_copper_link_ich8lan(struct e1000_hw *hw)
- {
- 	struct e1000_mac_info *mac = &hw->mac;
- 	s32 ret_val, tipg_reg = 0;
- 	u16 emi_addr, emi_val = 0;
- 	bool link;
- 	u16 phy_reg;
- 
- 	/* We only want to go out to the PHY registers to see if Auto-Neg
- 	 * has completed and/or if our link status has changed.  The
- 	 * get_link_status flag is set upon receiving a Link Status
- 	 * Change or Rx Sequence Error interrupt.
- 	 */
- 	if (!mac->get_link_status)
--		return 0;
-+		return 1;
- 
- 	/* First we want to see if the MII Status Register reports
- 	 * link.  If so, then we want to get the current speed/duplex
-@@ -1613,10 +1616,12 @@ static s32 e1000_check_for_copper_link_ich8lan(struct e1000_hw *hw)
- 	 * different link partner.
- 	 */
- 	ret_val = e1000e_config_fc_after_link_up(hw);
--	if (ret_val)
-+	if (ret_val) {
- 		e_dbg("Error configuring flow control\n");
-+		return ret_val;
-+	}
- 
--	return ret_val;
-+	return 1;
- }
- 
- static s32 e1000_get_variants_ich8lan(struct e1000_adapter *adapter)
--- 
-2.15.1
-
diff --git a/0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch b/0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
index 6b4de3a648d9..8a3ea3008a14 100644
--- a/0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
+++ b/0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
@@ -1,10 +1,10 @@
-From 5a11be3bab2dcd6fe061206662969c4cea46988f Mon Sep 17 00:00:00 2001
-Message-Id: <5a11be3bab2dcd6fe061206662969c4cea46988f.1515173964.git.jan.steffens@gmail.com>
-In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
-References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
+From c9c8995fc83b476fdf3fc0c4b498feef2949ec75 Mon Sep 17 00:00:00 2001
+Message-Id: <c9c8995fc83b476fdf3fc0c4b498feef2949ec75.1516188238.git.jan.steffens@gmail.com>
+In-Reply-To: <4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steffens@gmail.com>
+References: <4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steffens@gmail.com>
 From: Steffen Klassert <steffen.klassert@secunet.com>
 Date: Fri, 22 Dec 2017 10:44:57 +0100
-Subject: [PATCH 4/6] xfrm: Fix stack-out-of-bounds read on socket policy
+Subject: [PATCH 3/4] xfrm: Fix stack-out-of-bounds read on socket policy
  lookup.
 
 When we do tunnel or beet mode, we pass saddr and daddr from the
@@ -24,7 +24,7 @@ Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
  1 file changed, 7 insertions(+), 1 deletion(-)
 
 diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
-index 6bc16bb61b5533ef..50c5f46b5cca942e 100644
+index 6bc16bb61b55..50c5f46b5cca 100644
 --- a/net/xfrm/xfrm_policy.c
 +++ b/net/xfrm/xfrm_policy.c
 @@ -1169,9 +1169,15 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir,
diff --git a/0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch b/0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
index 5d36d15ac47b..f77c9b5c12c4 100644
--- a/0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
+++ b/0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
@@ -1,10 +1,10 @@
-From cf45be4971bdd769c09e2a11db483510cd0bcc5f Mon Sep 17 00:00:00 2001
-Message-Id: <cf45be4971bdd769c09e2a11db483510cd0bcc5f.1515173964.git.jan.steffens@gmail.com>
-In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
-References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
+From e722c8d112f0aa9621d7d4da5223cfc7aeb45e88 Mon Sep 17 00:00:00 2001
+Message-Id: <e722c8d112f0aa9621d7d4da5223cfc7aeb45e88.1516188238.git.jan.steffens@gmail.com>
+In-Reply-To: <4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steffens@gmail.com>
+References: <4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steffens@gmail.com>
 From: Jim Bride <jim.bride@linux.intel.com>
 Date: Mon, 6 Nov 2017 13:38:57 -0800
-Subject: [PATCH 6/6] drm/i915/edp: Only use the alternate fixed mode if it's
+Subject: [PATCH 4/4] drm/i915/edp: Only use the alternate fixed mode if it's
  asked for
 
 In commit dc911f5bd8aa ("drm/i915/edp: Allow alternate fixed mode for
@@ -24,7 +24,7 @@ Signed-off-by: Jim Bride <jim.bride@linux.intel.com>
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c
-index 09f274419eea1c74..838cee312e8e6978 100644
+index 09f274419eea..838cee312e8e 100644
 --- a/drivers/gpu/drm/i915/intel_dp.c
 +++ b/drivers/gpu/drm/i915/intel_dp.c
 @@ -1632,7 +1632,8 @@ static bool intel_edp_compare_alt_mode(struct drm_display_mode *m1,
diff --git a/0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch b/0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
deleted file mode 100644
index 3090318aacb8..000000000000
--- a/0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
+++ /dev/null
@@ -1,114 +0,0 @@
-From eadda028a73a567edd8462ccd0e8c28e023cde28 Mon Sep 17 00:00:00 2001
-Message-Id: <eadda028a73a567edd8462ccd0e8c28e023cde28.1515173964.git.jan.steffens@gmail.com>
-In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
-References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
-From: Tejun Heo <tj@kernel.org>
-Date: Wed, 20 Dec 2017 07:09:19 -0800
-Subject: [PATCH 5/6] cgroup: fix css_task_iter crash on CSS_TASK_ITER_PROC
-
-While teaching css_task_iter to handle skipping over tasks which
-aren't group leaders, bc2fb7ed089f ("cgroup: add @flags to
-css_task_iter_start() and implement CSS_TASK_ITER_PROCS") introduced a
-silly bug.
-
-CSS_TASK_ITER_PROCS is implemented by repeating
-css_task_iter_advance() while the advanced cursor is pointing to a
-non-leader thread.  However, the cursor variable, @l, wasn't updated
-when the iteration has to advance to the next css_set and the
-following repetition would operate on the terminal @l from the
-previous iteration which isn't pointing to a valid task leading to
-oopses like the following or infinite looping.
-
-  BUG: unable to handle kernel NULL pointer dereference at 0000000000000254
-  IP: __task_pid_nr_ns+0xc7/0xf0
-  PGD 0 P4D 0
-  Oops: 0000 [#1] SMP
-  ...
-  CPU: 2 PID: 1 Comm: systemd Not tainted 4.14.4-200.fc26.x86_64 #1
-  Hardware name: System manufacturer System Product Name/PRIME B350M-A, BIOS 3203 11/09/2017
-  task: ffff88c4baee8000 task.stack: ffff96d5c3158000
-  RIP: 0010:__task_pid_nr_ns+0xc7/0xf0
-  RSP: 0018:ffff96d5c315bd50 EFLAGS: 00010206
-  RAX: 0000000000000000 RBX: ffff88c4b68c6000 RCX: 0000000000000250
-  RDX: ffffffffa5e47960 RSI: 0000000000000000 RDI: ffff88c490f6ab00
-  RBP: ffff96d5c315bd50 R08: 0000000000001000 R09: 0000000000000005
-  R10: ffff88c4be006b80 R11: ffff88c42f1b8004 R12: ffff96d5c315bf18
-  R13: ffff88c42d7dd200 R14: ffff88c490f6a510 R15: ffff88c4b68c6000
-  FS:  00007f9446f8ea00(0000) GS:ffff88c4be680000(0000) knlGS:0000000000000000
-  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
-  CR2: 0000000000000254 CR3: 00000007f956f000 CR4: 00000000003406e0
-  Call Trace:
-   cgroup_procs_show+0x19/0x30
-   cgroup_seqfile_show+0x4c/0xb0
-   kernfs_seq_show+0x21/0x30
-   seq_read+0x2ec/0x3f0
-   kernfs_fop_read+0x134/0x180
-   __vfs_read+0x37/0x160
-   ? security_file_permission+0x9b/0xc0
-   vfs_read+0x8e/0x130
-   SyS_read+0x55/0xc0
-   entry_SYSCALL_64_fastpath+0x1a/0xa5
-  RIP: 0033:0x7f94455f942d
-  RSP: 002b:00007ffe81ba2d00 EFLAGS: 00000293 ORIG_RAX: 0000000000000000
-  RAX: ffffffffffffffda RBX: 00005574e2233f00 RCX: 00007f94455f942d
-  RDX: 0000000000001000 RSI: 00005574e2321a90 RDI: 000000000000002b
-  RBP: 0000000000000000 R08: 00005574e2321a90 R09: 00005574e231de60
-  R10: 00007f94458c8b38 R11: 0000000000000293 R12: 00007f94458c8ae0
-  R13: 00007ffe81ba3800 R14: 0000000000000000 R15: 00005574e2116560
-  Code: 04 74 0e 89 f6 48 8d 04 76 48 8d 04 c5 f0 05 00 00 48 8b bf b8 05 00 00 48 01 c7 31 c0 48 8b 0f 48 85 c9 74 18 8b b2 30 08 00 00 <3b> 71 04 77 0d 48 c1 e6 05 48 01 f1 48 3b 51 38 74 09 5d c3 8b
-  RIP: __task_pid_nr_ns+0xc7/0xf0 RSP: ffff96d5c315bd50
-
-Fix it by moving the initialization of the cursor below the repeat
-label.  While at it, rename it to @next for readability.
-
-Signed-off-by: Tejun Heo <tj@kernel.org>
-Fixes: bc2fb7ed089f ("cgroup: add @flags to css_task_iter_start() and implement CSS_TASK_ITER_PROCS")
-Cc: stable@vger.kernel.org # v4.14+
-Reported-by: Laura Abbott <labbott@redhat.com>
-Reported-by: Bronek Kozicki <brok@incorrekt.com>
-Reported-by: George Amanakis <gamanakis@gmail.com>
-Signed-off-by: Tejun Heo <tj@kernel.org>
----
- kernel/cgroup/cgroup.c | 14 ++++++--------
- 1 file changed, 6 insertions(+), 8 deletions(-)
-
-diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
-index 44857278eb8aa6a2..030e4286f14c715e 100644
---- a/kernel/cgroup/cgroup.c
-+++ b/kernel/cgroup/cgroup.c
-@@ -4059,26 +4059,24 @@ static void css_task_iter_advance_css_set(struct css_task_iter *it)
- 
- static void css_task_iter_advance(struct css_task_iter *it)
- {
--	struct list_head *l = it->task_pos;
-+	struct list_head *next;
- 
- 	lockdep_assert_held(&css_set_lock);
--	WARN_ON_ONCE(!l);
--
- repeat:
- 	/*
- 	 * Advance iterator to find next entry.  cset->tasks is consumed
- 	 * first and then ->mg_tasks.  After ->mg_tasks, we move onto the
- 	 * next cset.
- 	 */
--	l = l->next;
-+	next = it->task_pos->next;
- 
--	if (l == it->tasks_head)
--		l = it->mg_tasks_head->next;
-+	if (next == it->tasks_head)
-+		next = it->mg_tasks_head->next;
- 
--	if (l == it->mg_tasks_head)
-+	if (next == it->mg_tasks_head)
- 		css_task_iter_advance_css_set(it);
- 	else
--		it->task_pos = l;
-+		it->task_pos = next;
- 
- 	/* if PROCS, skip over tasks which aren't group leaders */
- 	if ((it->flags & CSS_TASK_ITER_PROCS) && it->task_pos &&
--- 
-2.15.1
-
diff --git a/PKGBUILD b/PKGBUILD
index d53f7243730c..34985a76b508 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -5,7 +5,7 @@
 
 pkgbase=linux-selinux
 _srcname=linux-4.14
-pkgver=4.14.13
+pkgver=4.14.14
 pkgrel=1
 arch=('x86_64')
 url="https://www.kernel.org/"
@@ -23,11 +23,9 @@ source=(
   '90-linux.hook'  # pacman hook for initramfs regeneration
   'linux.preset'   # standard config files for mkinitcpio ramdisk
   0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
-  0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch
-  0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
-  0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
-  0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
-  0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
+  0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
+  0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
+  0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
 )
 validpgpkeys=(
   'ABAF11C65A2970B130ABE3C479BE3E4300411886'  # Linus Torvalds
@@ -35,18 +33,16 @@ validpgpkeys=(
 )
 sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7'
             'SKIP'
-            'ce897f467e80452f29d7a7a8809e8585ea12192a2c32e4d18578f64b043e802e'
+            '62d656b98f0dc143216cb9650bd9b96cd83d92925731e9f0bec5eb4d6358e603'
             'SKIP'
-            '5bc9eb004b0ff43d6947b95417afe7cdcafb2f685fd65c233c8d16c2926848d4'
+            'b2dc7d940d4de0740fa0ed36a54921a34bfa455855f0a8422cc8cfdf3c694f6a'
             'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21'
             '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919'
             'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65'
-            'd8a865a11665424b21fe6be9265eb287ee6d5646261a486954ddf3a4ee87e78f'
-            '9251c03da9d4b64591d77f490ff144d4ba514e66e74294ada541bf827306c9c4'
-            '6ce57b8dba43db4c6ee167a8891167b7d1e1e101d5112e776113eb37de5c37d8'
-            '1c1f5792c98369c546840950e6569a690cd88e33d4f0931d2b0b5b88f705aa4d'
-            'c3d743a0e193294bc5fbae65e7ba69fd997cd8b2ded9c9a45c5151d71d9cfb95'
-            'ec7342aab478af79a17ff65cf65bbd6744b0caee8f66c77a39bba61a78e6576d')
+            '36b1118c8dedadc4851150ddd4eb07b1c58ac5bbf3022cc2501a27c2b476da98'
+            '5694022613bb49a77d3dfafdd2e635e9015e0a9069c58a07e99bdc5df6520311'
+            '2f46093fde72eabc0fd25eff5065d780619fc5e7d2143d048877a8220d6291b0'
+            '6364edabad4182dcf148ae7c14d8f45d61037d4539e76486f978f1af3a090794')
 
 _kernelname=${pkgbase#linux}
 
@@ -65,20 +61,14 @@ prepare() {
   # disable USER_NS for non-root users by default
   patch -Np1 -i ../0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
 
-  # https://bugs.archlinux.org/task/56575
-  patch -Np1 -i ../0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch
-
   # https://nvd.nist.gov/vuln/detail/CVE-2017-8824
-  patch -Np1 -i ../0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
+  patch -Np1 -i ../0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
 
   # https://bugs.archlinux.org/task/56605
-  patch -Np1 -i ../0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
-
-  # https://bugs.archlinux.org/task/56846
-  patch -Np1 -i ../0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
+  patch -Np1 -i ../0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
 
   # https://bugs.archlinux.org/task/56711
-  patch -Np1 -i ../0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
+  patch -Np1 -i ../0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
 
   cp -Tf ../config .config
 
diff --git a/config b/config
index 215e84b584c7..5e1ec3ac65f0 100644
--- a/config
+++ b/config
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.14.11-1 Kernel Configuration
+# Linux/x86 4.14.14-1 Kernel Configuration
 #
 CONFIG_64BIT=y
 CONFIG_X86_64=y
@@ -452,6 +452,7 @@ CONFIG_X86_FAST_FEATURE_TESTS=y
 CONFIG_X86_X2APIC=y
 CONFIG_X86_MPPARSE=y
 # CONFIG_GOLDFISH is not set
+CONFIG_RETPOLINE=y
 CONFIG_INTEL_RDT=y
 # CONFIG_X86_EXTENDED_PLATFORM is not set
 CONFIG_X86_INTEL_LPSS=y
@@ -1859,6 +1860,7 @@ CONFIG_DEV_COREDUMP=y
 CONFIG_SYS_HYPERVISOR=y
 # CONFIG_GENERIC_CPU_DEVICES is not set
 CONFIG_GENERIC_CPU_AUTOPROBE=y
+CONFIG_GENERIC_CPU_VULNERABILITIES=y
 CONFIG_REGMAP=y
 CONFIG_REGMAP_I2C=y
 CONFIG_REGMAP_SPI=y
author	Nicolas Iooss	2018-01-22 19:40:21 +0100
committer	Nicolas Iooss	2018-01-22 19:40:21 +0100
commit	83917475abbf3300c10197b97453c190e621157c (patch)
tree	aceb63a5d1862f9a55a8964391a0dfd3a34400af
parent	dd67c81d2a6c6fd3b44a8bb44c31f1fd162a2ff0 (diff)
download	aur-83917475abbf3300c10197b97453c190e621157c.tar.gz