diff options
author | sirlucjan | 2017-12-26 15:57:32 +0100 |
---|---|---|
committer | sirlucjan | 2017-12-26 15:57:32 +0100 |
commit | a07c0cf6238ea9fa6f62fd30d4a9f5264172e0c3 (patch) | |
tree | 84452136ab13ce470ad13111b243f036241ac0f3 | |
parent | eeb427596f86e3e5b2107a2802b6f4617cfa98c1 (diff) | |
download | aur-a07c0cf6238ea9fa6f62fd30d4a9f5264172e0c3.tar.gz |
Sync with -ARCH
-rw-r--r-- | .SRCINFO | 12 | ||||
-rw-r--r-- | 0001-ALSA-usb-audio-Fix-the-missing-ctl-name-suffix-at-pa.patch | 77 | ||||
-rw-r--r-- | 0001-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch | 72 | ||||
-rw-r--r-- | 0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch | 49 | ||||
-rw-r--r-- | 0003-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch | 114 | ||||
-rw-r--r-- | PKGBUILD | 29 | ||||
-rw-r--r-- | config | 4 |
7 files changed, 349 insertions, 8 deletions
@@ -1,6 +1,6 @@ pkgbase = linux-uksm pkgver = 4.14.9 - pkgrel = 1 + pkgrel = 2 url = https://github.com/dolohow/uksm arch = x86_64 license = GPL2 @@ -23,6 +23,10 @@ pkgbase = linux-uksm source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch source = 0001-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch source = 0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch + source = 0001-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch + source = 0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch + source = 0003-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch + source = 0001-ALSA-usb-audio-Fix-the-missing-ctl-name-suffix-at-pa.patch validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886 validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E sha512sums = 77e43a02d766c3d73b7e25c4aafb2e931d6b16e870510c22cef0cdb05c3acb7952b8908ebad12b10ef982c6efbe286364b1544586e715cf38390e483927904d8 @@ -31,7 +35,7 @@ pkgbase = linux-uksm sha512sums = SKIP sha512sums = 5ca7ae20245a54caa71fb570d971d6872d4e888f35c6123b93fbca16baf9a0e2500d6ec931f3906e4faecaaca9cad0d593694d9cab617efd0cb7b5fc09c0fa48 sha512sums = 44b31276d4d712e4e1e1455e128daa079ddd9d72a4620289607faf6134a225737004e8742de79e0283e98ef2d4f746f075e041870d37eab191c93c566f945c7f - sha512sums = 54a3963d6fd91c765ebeb68ea8422b8838e16080d28b1f66c7567b760ab14cf0400b361e8b0c2779bd9b97adedaeb491ad011fa9fcc88e737df175209b68d7b2 + sha512sums = 7526b8416124e674b902ddf971b551c6fdc718a465ce194768b6affcd2a188b416a0837d1c5da418c8063d38126587a6aa64ea41fc0463c03e026091000227dc sha512sums = 7ad5be75ee422dda3b80edd2eb614d8a9181e2c8228cd68b3881e2fb95953bf2dea6cbe7900ce1013c9de89b2802574b7b24869fc5d7a95d3cc3112c4d27063a sha512sums = 4a8b324aee4cccf3a512ad04ce1a272d14e5b05c8de90feb82075f55ea3845948d817e1b0c6f298f5816834ddd3e5ce0a0e2619866289f3c1ab8fd2f35f04f44 sha512sums = 6346b66f54652256571ef65da8e46db49a95ac5978ecd57a507c6b2a28aee70bb3ff87045ac493f54257c9965da1046a28b72cb5abb0087204d257f14b91fd74 @@ -39,6 +43,10 @@ pkgbase = linux-uksm sha512sums = 6fd42090bd39228ac625d0c2074ae55ac3e8368de63f550951c3ac6e6bfdbaf47ab67e018e21890b8ad75bb6706eff5dce05070ad6c281ecedf2a353d8871d96 sha512sums = 4b461e3f194fd11ec4321cfbe63dbc5f59c2ed0ee71cae5753b64761c6cc816e28fe89f9c472f92a6cf22557ab88243c16f7f2d2e754ba0b47f82608dc9ddc25 sha512sums = 93131d8ad8b118a1c1bcabce357ba7e61233c99188f2d0123977c436e2932555bde4e19de4ca63ac27c6e9b26d8373fb99b52db18b7518122433616d7060082d + sha512sums = 973bf63857968e76d15286aea5add9589e3248b7b70da25629b91618cfdbbd5784cd0d97daccb3168fd369adb41ebd5768788ad25dc54b7a5c0b9f16e07a9d38 + sha512sums = 39bf2a3eeca5efce6c8214c49fba001a767fa3c94157255451a8c4739a3adeef74f2644a2ab6a7a423a65e76466c02d7c1f124cdddcfce37145fc3be92d8fa6c + sha512sums = 5ad03cf5b0acfa1ca554a0462d83c0be8ddf9974d7248b9ff9a516e68dad0425a205b224ca4cf680428feedcc4e7a1153d5aa12a12abfa96a503e9a0d65c712a + sha512sums = 6f01527ed7a25bf78d7c0515c8726a47bef0e99cf1c90f07d0f6a59e70f12e04260eed2c4ca831fb339d3a027085bcd73f8ab3b1968582f75b688823b18716cb pkgname = linux-uksm pkgdesc = Linux Kernel and modules with the UKSM. diff --git a/0001-ALSA-usb-audio-Fix-the-missing-ctl-name-suffix-at-pa.patch b/0001-ALSA-usb-audio-Fix-the-missing-ctl-name-suffix-at-pa.patch new file mode 100644 index 000000000000..fe62f65af163 --- /dev/null +++ b/0001-ALSA-usb-audio-Fix-the-missing-ctl-name-suffix-at-pa.patch @@ -0,0 +1,77 @@ +From 16b5ff888e251b8c4dedd3994d2e85ab25ea7fa4 Mon Sep 17 00:00:00 2001 +Message-Id: <16b5ff888e251b8c4dedd3994d2e85ab25ea7fa4.1514245036.git.jan.steffens@gmail.com> +From: Takashi Iwai <tiwai@suse.de> +Date: Mon, 18 Dec 2017 23:36:57 +0100 +Subject: [PATCH] ALSA: usb-audio: Fix the missing ctl name suffix at parsing + SU + +The commit 89b89d121ffc ("ALSA: usb-audio: Add check return value for +usb_string()") added the check of the return value from +snd_usb_copy_string_desc(), which is correct per se, but it introduced +a regression. In the original code, either the "Clock Source", +"Playback Source" or "Capture Source" suffix is added after the +terminal string, while the commit changed it to add the suffix only +when get_term_name() is failing. It ended up with an incorrect ctl +name like "PCM" instead of "PCM Capture Source". + +Also, even the original code has a similar bug: when the ctl name is +generated from snd_usb_copy_string_desc() for the given iSelector, it +also doesn't put the suffix. + +This patch addresses these issues: the suffix is added always when no +static mapping is found. Also the patch tries to put more comments +and cleans up the if/else block for better readability in order to +avoid the same pitfall again. + +Fixes: 89b89d121ffc ("ALSA: usb-audio: Add check return value for usb_string()") +Reported-and-tested-by: Mauro Santos <registo.mailling@gmail.com> +Cc: <stable@vger.kernel.org> +Signed-off-by: Takashi Iwai <tiwai@suse.de> +--- + sound/usb/mixer.c | 27 ++++++++++++++++----------- + 1 file changed, 16 insertions(+), 11 deletions(-) + +diff --git a/sound/usb/mixer.c b/sound/usb/mixer.c +index 4fde4f8d4444a597..75bce127d768c613 100644 +--- a/sound/usb/mixer.c ++++ b/sound/usb/mixer.c +@@ -2173,20 +2173,25 @@ static int parse_audio_selector_unit(struct mixer_build *state, int unitid, + kctl->private_value = (unsigned long)namelist; + kctl->private_free = usb_mixer_selector_elem_free; + +- nameid = uac_selector_unit_iSelector(desc); ++ /* check the static mapping table at first */ + len = check_mapped_name(map, kctl->id.name, sizeof(kctl->id.name)); +- if (len) +- ; +- else if (nameid) +- len = snd_usb_copy_string_desc(state, nameid, kctl->id.name, +- sizeof(kctl->id.name)); +- else +- len = get_term_name(state, &state->oterm, +- kctl->id.name, sizeof(kctl->id.name), 0); +- + if (!len) { +- strlcpy(kctl->id.name, "USB", sizeof(kctl->id.name)); ++ /* no mapping ? */ ++ /* if iSelector is given, use it */ ++ nameid = uac_selector_unit_iSelector(desc); ++ if (nameid) ++ len = snd_usb_copy_string_desc(state, nameid, ++ kctl->id.name, ++ sizeof(kctl->id.name)); ++ /* ... or pick up the terminal name at next */ ++ if (!len) ++ len = get_term_name(state, &state->oterm, ++ kctl->id.name, sizeof(kctl->id.name), 0); ++ /* ... or use the fixed string "USB" as the last resort */ ++ if (!len) ++ strlcpy(kctl->id.name, "USB", sizeof(kctl->id.name)); + ++ /* and add the proper suffix */ + if (desc->bDescriptorSubtype == UAC2_CLOCK_SELECTOR) + append_ctl_name(kctl, " Clock Source"); + else if ((state->oterm.type & 0xff00) == 0x0100) +-- +2.15.1 + diff --git a/0001-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch b/0001-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch new file mode 100644 index 000000000000..b44eb2ab8898 --- /dev/null +++ b/0001-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch @@ -0,0 +1,72 @@ +From b0bfa7c33cead5dd87267cfd4c29fda47dc1adc4 Mon Sep 17 00:00:00 2001 +Message-Id: <b0bfa7c33cead5dd87267cfd4c29fda47dc1adc4.1514245012.git.jan.steffens@gmail.com> +From: Steffen Klassert <steffen.klassert@secunet.com> +Date: Wed, 15 Nov 2017 06:40:57 +0100 +Subject: [PATCH 1/3] Revert "xfrm: Fix stack-out-of-bounds read in + xfrm_state_find." + +This reverts commit c9f3f813d462c72dbe412cee6a5cbacf13c4ad5e. + +This commit breaks transport mode when the policy template +has widlcard addresses configured, so revert it. + +Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> +--- + net/xfrm/xfrm_policy.c | 29 ++++++++++++++++++----------- + 1 file changed, 18 insertions(+), 11 deletions(-) + +diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c +index 6eb228a70131069b..a2e531bf4f976308 100644 +--- a/net/xfrm/xfrm_policy.c ++++ b/net/xfrm/xfrm_policy.c +@@ -1361,29 +1361,36 @@ xfrm_tmpl_resolve_one(struct xfrm_policy *policy, const struct flowi *fl, + struct net *net = xp_net(policy); + int nx; + int i, error; ++ xfrm_address_t *daddr = xfrm_flowi_daddr(fl, family); ++ xfrm_address_t *saddr = xfrm_flowi_saddr(fl, family); + xfrm_address_t tmp; + + for (nx = 0, i = 0; i < policy->xfrm_nr; i++) { + struct xfrm_state *x; +- xfrm_address_t *local; +- xfrm_address_t *remote; ++ xfrm_address_t *remote = daddr; ++ xfrm_address_t *local = saddr; + struct xfrm_tmpl *tmpl = &policy->xfrm_vec[i]; + +- remote = &tmpl->id.daddr; +- local = &tmpl->saddr; +- if (xfrm_addr_any(local, tmpl->encap_family)) { +- error = xfrm_get_saddr(net, fl->flowi_oif, +- &tmp, remote, +- tmpl->encap_family, 0); +- if (error) +- goto fail; +- local = &tmp; ++ if (tmpl->mode == XFRM_MODE_TUNNEL || ++ tmpl->mode == XFRM_MODE_BEET) { ++ remote = &tmpl->id.daddr; ++ local = &tmpl->saddr; ++ if (xfrm_addr_any(local, tmpl->encap_family)) { ++ error = xfrm_get_saddr(net, fl->flowi_oif, ++ &tmp, remote, ++ tmpl->encap_family, 0); ++ if (error) ++ goto fail; ++ local = &tmp; ++ } + } + + x = xfrm_state_find(remote, local, fl, tmpl, policy, &error, family); + + if (x && x->km.state == XFRM_STATE_VALID) { + xfrm[nx++] = x; ++ daddr = remote; ++ saddr = local; + continue; + } + if (x) { +-- +2.15.1 + diff --git a/0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch b/0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch new file mode 100644 index 000000000000..ad4614492736 --- /dev/null +++ b/0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch @@ -0,0 +1,49 @@ +From 1c3a5e72b70bcfaf342075a3fa5fcbdf99302a3f Mon Sep 17 00:00:00 2001 +Message-Id: <1c3a5e72b70bcfaf342075a3fa5fcbdf99302a3f.1514245012.git.jan.steffens@gmail.com> +In-Reply-To: <b0bfa7c33cead5dd87267cfd4c29fda47dc1adc4.1514245012.git.jan.steffens@gmail.com> +References: <b0bfa7c33cead5dd87267cfd4c29fda47dc1adc4.1514245012.git.jan.steffens@gmail.com> +From: Steffen Klassert <steffen.klassert@secunet.com> +Date: Fri, 22 Dec 2017 10:44:57 +0100 +Subject: [PATCH 2/3] xfrm: Fix stack-out-of-bounds read on socket policy + lookup. + +When we do tunnel or beet mode, we pass saddr and daddr from the +template to xfrm_state_find(), this is ok. On transport mode, +we pass the addresses from the flowi, assuming that the IP +addresses (and address family) don't change during transformation. +This assumption is wrong in the IPv4 mapped IPv6 case, packet +is IPv4 and template is IPv6. + +Fix this by catching address family missmatches of the policy +and the flow already before we do the lookup. + +Reported-by: syzbot <syzkaller@googlegroups.com> +Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> +--- + net/xfrm/xfrm_policy.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c +index a2e531bf4f976308..c79ed3bed5d4dc2f 100644 +--- a/net/xfrm/xfrm_policy.c ++++ b/net/xfrm/xfrm_policy.c +@@ -1169,9 +1169,15 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir, + again: + pol = rcu_dereference(sk->sk_policy[dir]); + if (pol != NULL) { +- bool match = xfrm_selector_match(&pol->selector, fl, family); ++ bool match; + int err = 0; + ++ if (pol->family != family) { ++ pol = NULL; ++ goto out; ++ } ++ ++ match = xfrm_selector_match(&pol->selector, fl, family); + if (match) { + if ((sk->sk_mark & pol->mark.m) != pol->mark.v) { + pol = NULL; +-- +2.15.1 + diff --git a/0003-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch b/0003-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch new file mode 100644 index 000000000000..80a09f9a5469 --- /dev/null +++ b/0003-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch @@ -0,0 +1,114 @@ +From a3c64fe9d978f3ee8f21fac5b410c63fe7cce725 Mon Sep 17 00:00:00 2001 +Message-Id: <a3c64fe9d978f3ee8f21fac5b410c63fe7cce725.1514245012.git.jan.steffens@gmail.com> +In-Reply-To: <b0bfa7c33cead5dd87267cfd4c29fda47dc1adc4.1514245012.git.jan.steffens@gmail.com> +References: <b0bfa7c33cead5dd87267cfd4c29fda47dc1adc4.1514245012.git.jan.steffens@gmail.com> +From: Tejun Heo <tj@kernel.org> +Date: Wed, 20 Dec 2017 07:09:19 -0800 +Subject: [PATCH 3/3] cgroup: fix css_task_iter crash on CSS_TASK_ITER_PROC + +While teaching css_task_iter to handle skipping over tasks which +aren't group leaders, bc2fb7ed089f ("cgroup: add @flags to +css_task_iter_start() and implement CSS_TASK_ITER_PROCS") introduced a +silly bug. + +CSS_TASK_ITER_PROCS is implemented by repeating +css_task_iter_advance() while the advanced cursor is pointing to a +non-leader thread. However, the cursor variable, @l, wasn't updated +when the iteration has to advance to the next css_set and the +following repetition would operate on the terminal @l from the +previous iteration which isn't pointing to a valid task leading to +oopses like the following or infinite looping. + + BUG: unable to handle kernel NULL pointer dereference at 0000000000000254 + IP: __task_pid_nr_ns+0xc7/0xf0 + PGD 0 P4D 0 + Oops: 0000 [#1] SMP + ... + CPU: 2 PID: 1 Comm: systemd Not tainted 4.14.4-200.fc26.x86_64 #1 + Hardware name: System manufacturer System Product Name/PRIME B350M-A, BIOS 3203 11/09/2017 + task: ffff88c4baee8000 task.stack: ffff96d5c3158000 + RIP: 0010:__task_pid_nr_ns+0xc7/0xf0 + RSP: 0018:ffff96d5c315bd50 EFLAGS: 00010206 + RAX: 0000000000000000 RBX: ffff88c4b68c6000 RCX: 0000000000000250 + RDX: ffffffffa5e47960 RSI: 0000000000000000 RDI: ffff88c490f6ab00 + RBP: ffff96d5c315bd50 R08: 0000000000001000 R09: 0000000000000005 + R10: ffff88c4be006b80 R11: ffff88c42f1b8004 R12: ffff96d5c315bf18 + R13: ffff88c42d7dd200 R14: ffff88c490f6a510 R15: ffff88c4b68c6000 + FS: 00007f9446f8ea00(0000) GS:ffff88c4be680000(0000) knlGS:0000000000000000 + CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + CR2: 0000000000000254 CR3: 00000007f956f000 CR4: 00000000003406e0 + Call Trace: + cgroup_procs_show+0x19/0x30 + cgroup_seqfile_show+0x4c/0xb0 + kernfs_seq_show+0x21/0x30 + seq_read+0x2ec/0x3f0 + kernfs_fop_read+0x134/0x180 + __vfs_read+0x37/0x160 + ? security_file_permission+0x9b/0xc0 + vfs_read+0x8e/0x130 + SyS_read+0x55/0xc0 + entry_SYSCALL_64_fastpath+0x1a/0xa5 + RIP: 0033:0x7f94455f942d + RSP: 002b:00007ffe81ba2d00 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 + RAX: ffffffffffffffda RBX: 00005574e2233f00 RCX: 00007f94455f942d + RDX: 0000000000001000 RSI: 00005574e2321a90 RDI: 000000000000002b + RBP: 0000000000000000 R08: 00005574e2321a90 R09: 00005574e231de60 + R10: 00007f94458c8b38 R11: 0000000000000293 R12: 00007f94458c8ae0 + R13: 00007ffe81ba3800 R14: 0000000000000000 R15: 00005574e2116560 + Code: 04 74 0e 89 f6 48 8d 04 76 48 8d 04 c5 f0 05 00 00 48 8b bf b8 05 00 00 48 01 c7 31 c0 48 8b 0f 48 85 c9 74 18 8b b2 30 08 00 00 <3b> 71 04 77 0d 48 c1 e6 05 48 01 f1 48 3b 51 38 74 09 5d c3 8b + RIP: __task_pid_nr_ns+0xc7/0xf0 RSP: ffff96d5c315bd50 + +Fix it by moving the initialization of the cursor below the repeat +label. While at it, rename it to @next for readability. + +Signed-off-by: Tejun Heo <tj@kernel.org> +Fixes: bc2fb7ed089f ("cgroup: add @flags to css_task_iter_start() and implement CSS_TASK_ITER_PROCS") +Cc: stable@vger.kernel.org # v4.14+ +Reported-by: Laura Abbott <labbott@redhat.com> +Reported-by: Bronek Kozicki <brok@incorrekt.com> +Reported-by: George Amanakis <gamanakis@gmail.com> +Signed-off-by: Tejun Heo <tj@kernel.org> +--- + kernel/cgroup/cgroup.c | 14 ++++++-------- + 1 file changed, 6 insertions(+), 8 deletions(-) + +diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c +index 44857278eb8aa6a2..030e4286f14c715e 100644 +--- a/kernel/cgroup/cgroup.c ++++ b/kernel/cgroup/cgroup.c +@@ -4059,26 +4059,24 @@ static void css_task_iter_advance_css_set(struct css_task_iter *it) + + static void css_task_iter_advance(struct css_task_iter *it) + { +- struct list_head *l = it->task_pos; ++ struct list_head *next; + + lockdep_assert_held(&css_set_lock); +- WARN_ON_ONCE(!l); +- + repeat: + /* + * Advance iterator to find next entry. cset->tasks is consumed + * first and then ->mg_tasks. After ->mg_tasks, we move onto the + * next cset. + */ +- l = l->next; ++ next = it->task_pos->next; + +- if (l == it->tasks_head) +- l = it->mg_tasks_head->next; ++ if (next == it->tasks_head) ++ next = it->mg_tasks_head->next; + +- if (l == it->mg_tasks_head) ++ if (next == it->mg_tasks_head) + css_task_iter_advance_css_set(it); + else +- it->task_pos = l; ++ it->task_pos = next; + + /* if PROCS, skip over tasks which aren't group leaders */ + if ((it->flags & CSS_TASK_ITER_PROCS) && it->task_pos && +-- +2.15.1 + @@ -52,7 +52,7 @@ pkgbase=linux-uksm # pkgname=('linux-uksm' 'linux-uksm-headers' 'linux-uksm-docs') _srcname=linux-4.14 pkgver=4.14.9 -pkgrel=1 +pkgrel=2 arch=('x86_64') url="https://github.com/dolohow/uksm" license=('GPL2') @@ -81,7 +81,11 @@ source=("https://www.kernel.org/pub/linux/kernel/v4.x/${_srcname}.tar.xz" 'linux.preset' '0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch' '0001-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch' - '0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch') + '0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch' + '0001-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch' + '0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch' + '0003-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch' + '0001-ALSA-usb-audio-Fix-the-missing-ctl-name-suffix-at-pa.patch') _kernelname=${pkgbase#linux} @@ -104,6 +108,19 @@ prepare() { msg "Fix CVE-2017-8824" patch -Np1 -i ../0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch + ### Fix https://bugs.archlinux.org/task/56605 + msg "Fix #56605" + patch -Np1 -i ../0001-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch + patch -Np1 -i ../0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch + + ### Fix https://bugs.archlinux.org/task/56846 + msg "Fix #56846" + patch -Np1 -i ../0003-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch + + ### Fix https://bugs.archlinux.org/task/56830 + msg "Fix #56830" + patch -Np1 -i ../0001-ALSA-usb-audio-Fix-the-missing-ctl-name-suffix-at-pa.patch + ### Patch source with UKSM msg "Patching source with UKSM" patch -Np1 -i ../${_uksm_patch} @@ -370,14 +387,18 @@ sha512sums=('77e43a02d766c3d73b7e25c4aafb2e931d6b16e870510c22cef0cdb05c3acb7952b 'SKIP' '5ca7ae20245a54caa71fb570d971d6872d4e888f35c6123b93fbca16baf9a0e2500d6ec931f3906e4faecaaca9cad0d593694d9cab617efd0cb7b5fc09c0fa48' '44b31276d4d712e4e1e1455e128daa079ddd9d72a4620289607faf6134a225737004e8742de79e0283e98ef2d4f746f075e041870d37eab191c93c566f945c7f' - '54a3963d6fd91c765ebeb68ea8422b8838e16080d28b1f66c7567b760ab14cf0400b361e8b0c2779bd9b97adedaeb491ad011fa9fcc88e737df175209b68d7b2' + '7526b8416124e674b902ddf971b551c6fdc718a465ce194768b6affcd2a188b416a0837d1c5da418c8063d38126587a6aa64ea41fc0463c03e026091000227dc' '7ad5be75ee422dda3b80edd2eb614d8a9181e2c8228cd68b3881e2fb95953bf2dea6cbe7900ce1013c9de89b2802574b7b24869fc5d7a95d3cc3112c4d27063a' '4a8b324aee4cccf3a512ad04ce1a272d14e5b05c8de90feb82075f55ea3845948d817e1b0c6f298f5816834ddd3e5ce0a0e2619866289f3c1ab8fd2f35f04f44' '6346b66f54652256571ef65da8e46db49a95ac5978ecd57a507c6b2a28aee70bb3ff87045ac493f54257c9965da1046a28b72cb5abb0087204d257f14b91fd74' '2dc6b0ba8f7dbf19d2446c5c5f1823587de89f4e28e9595937dd51a87755099656f2acec50e3e2546ea633ad1bfd1c722e0c2b91eef1d609103d8abdc0a7cbaf' '6fd42090bd39228ac625d0c2074ae55ac3e8368de63f550951c3ac6e6bfdbaf47ab67e018e21890b8ad75bb6706eff5dce05070ad6c281ecedf2a353d8871d96' '4b461e3f194fd11ec4321cfbe63dbc5f59c2ed0ee71cae5753b64761c6cc816e28fe89f9c472f92a6cf22557ab88243c16f7f2d2e754ba0b47f82608dc9ddc25' - '93131d8ad8b118a1c1bcabce357ba7e61233c99188f2d0123977c436e2932555bde4e19de4ca63ac27c6e9b26d8373fb99b52db18b7518122433616d7060082d') + '93131d8ad8b118a1c1bcabce357ba7e61233c99188f2d0123977c436e2932555bde4e19de4ca63ac27c6e9b26d8373fb99b52db18b7518122433616d7060082d' + '973bf63857968e76d15286aea5add9589e3248b7b70da25629b91618cfdbbd5784cd0d97daccb3168fd369adb41ebd5768788ad25dc54b7a5c0b9f16e07a9d38' + '39bf2a3eeca5efce6c8214c49fba001a767fa3c94157255451a8c4739a3adeef74f2644a2ab6a7a423a65e76466c02d7c1f124cdddcfce37145fc3be92d8fa6c' + '5ad03cf5b0acfa1ca554a0462d83c0be8ddf9974d7248b9ff9a516e68dad0425a205b224ca4cf680428feedcc4e7a1153d5aa12a12abfa96a503e9a0d65c712a' + '6f01527ed7a25bf78d7c0515c8726a47bef0e99cf1c90f07d0f6a59e70f12e04260eed2c4ca831fb339d3a027085bcd73f8ab3b1968582f75b688823b18716cb') validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.14.9-1 Kernel Configuration +# Linux/x86 4.14.9-2 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -5346,7 +5346,7 @@ CONFIG_FB_EFI=y # CONFIG_FB_CARMINE is not set # CONFIG_FB_SM501 is not set # CONFIG_FB_SMSCUFX is not set -CONFIG_FB_UDL=m +# CONFIG_FB_UDL is not set # CONFIG_FB_IBM_GXT4500 is not set # CONFIG_FB_VIRTUAL is not set CONFIG_XEN_FBDEV_FRONTEND=m |