diff options
| -rw-r--r-- | .SRCINFO | 32 | ||||
| -rw-r--r-- | 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch | 2 | ||||
| -rw-r--r-- | 0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch (renamed from 0003-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch) | 2 | ||||
| -rw-r--r-- | 0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch | 49 | ||||
| -rw-r--r-- | PKGBUILD | 20 |
5 files changed, 24 insertions, 81 deletions
@@ -1,5 +1,5 @@ pkgbase = linux-bfq-mq - pkgver = 4.14.21 + pkgver = 4.14.22 pkgrel = 1 url = https://github.com/Algodev-github/bfq-mq/ arch = x86_64 @@ -12,8 +12,8 @@ pkgbase = linux-bfq-mq options = !strip source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.xz source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.sign - source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.21.xz - source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.21.sign + source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.22.xz + source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.22.sign source = https://raw.githubusercontent.com/sirlucjan/kernel_gcc_patch/master/enable_additional_cpu_optimizations_for_gcc_v4.9+_kernel_v4.13+.patch source = https://gitlab.com/sirlucjan/kernel-patches/raw/master/4.14/4.14-bfq-sq-mq-git-20180208.patch source = https://gitlab.com/sirlucjan/kernel-patches/raw/master/4.14/0009-bfq-sq-mq-fix-patching-error-with-20180109.patch @@ -31,13 +31,12 @@ pkgbase = linux-bfq-mq source = 99-linux.hook source = linux.preset source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch - source = 0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch - source = 0003-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch + source = 0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886 validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E sha256sums = f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7 sha256sums = SKIP - sha256sums = 4d888fb78a52e556948483c8410159a83c51195eb7637f084d6f19f014fff448 + sha256sums = 6df3b1cea7091380949dcb33a8313bdfd4b26227584569753ff6c8d161ee1cf7 sha256sums = SKIP sha256sums = 8b00041911e67654b0bd9602125853a1a94f6155c5cac4f886507554c8324ee8 sha256sums = 0034a8c361c602c1683dd9c3ac4a8713dd28eaced37199f6a0a60f3631dfdc7d @@ -55,9 +54,8 @@ pkgbase = linux-bfq-mq sha256sums = 75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919 sha256sums = 5f6ba52aaa528c4fa4b1dc097e8930fad0470d7ac489afcb13313f289ca32184 sha256sums = ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65 - sha256sums = a15ec5111b7a16b010ea2060e6eac9a08e33aa3a3371e21eb0cb0f71c968747f - sha256sums = 7a3085c71b3d6d88161bf324783740d68eb90a10828a6a92d97ffa85a07d7934 - sha256sums = 2711b7947a9a844bcae8ddbc7df5e6b772afd74be750b4afadce969c3443268d + sha256sums = 4532c63833f85cf459b3666beb369020c7158ff1970f4d3ef028c7758a0918b4 + sha256sums = a3152233b6b2fc91eaf68b59ec5d0f8997871c74aa7440e8b840c186e5991381 pkgname = linux-bfq-mq pkgdesc = The Linux-bfq-mq kernel and modules with the BFQ-MQ scheduler @@ -68,19 +66,19 @@ pkgname = linux-bfq-mq depends = mkinitcpio>=0.7 optdepends = crda: to set the correct wireless channels of your country optdepends = modprobed-db: Keeps track of EVERY kernel module that has ever been probed - useful for those of us who make localmodconfig - provides = linux-bfq-mq=4.14.21 - provides = linux=4.14.21 + provides = linux-bfq-mq=4.14.22 + provides = linux=4.14.22 backup = etc/mkinitcpio.d/linux-bfq-mq.preset pkgname = linux-bfq-mq-headers pkgdesc = Header files and scripts for building modules for Linux-bfq-mq kernel - depends = linux-bfq-mq=4.14.21 - provides = linux-bfq-mq-headers=4.14.21 - provides = linux-headers=4.14.21 + depends = linux-bfq-mq=4.14.22 + provides = linux-bfq-mq-headers=4.14.22 + provides = linux-headers=4.14.22 pkgname = linux-bfq-mq-docs pkgdesc = Kernel hackers manual - HTML documentation that comes with the Linux-bfq-mq kernel - depends = linux-bfq-mq=4.14.21 - provides = linux-bfq-mq-docs=4.14.21 - provides = linux-docs=4.14.21 + depends = linux-bfq-mq=4.14.22 + provides = linux-bfq-mq-docs=4.14.22 + provides = linux-docs=4.14.22 diff --git a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch index b0abaa0d5492..f6fd943f953e 100644 --- a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch +++ b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch @@ -2,7 +2,7 @@ From 0b716bdb952b678d9bb5eb32198dbc82ec492df2 Mon Sep 17 00:00:00 2001 Message-Id: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> From: Serge Hallyn <serge.hallyn@canonical.com> Date: Fri, 31 May 2013 19:12:12 +0100 -Subject: [PATCH 1/3] add sysctl to disallow unprivileged CLONE_NEWUSER by +Subject: [PATCH 1/2] add sysctl to disallow unprivileged CLONE_NEWUSER by default Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> diff --git a/0003-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch b/0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch index 08c1ff153fd5..3b92eae35ce9 100644 --- a/0003-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch +++ b/0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch @@ -4,7 +4,7 @@ In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffe References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> From: Jim Bride <jim.bride@linux.intel.com> Date: Mon, 6 Nov 2017 13:38:57 -0800 -Subject: [PATCH 3/3] drm/i915/edp: Only use the alternate fixed mode if it's +Subject: [PATCH 2/2] drm/i915/edp: Only use the alternate fixed mode if it's asked for In commit dc911f5bd8aa ("drm/i915/edp: Allow alternate fixed mode for diff --git a/0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch b/0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch deleted file mode 100644 index 9a874b47588e..000000000000 --- a/0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 5a11be3bab2dcd6fe061206662969c4cea46988f Mon Sep 17 00:00:00 2001 -Message-Id: <5a11be3bab2dcd6fe061206662969c4cea46988f.1515173964.git.jan.steffens@gmail.com> -In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> -References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> -From: Steffen Klassert <steffen.klassert@secunet.com> -Date: Fri, 22 Dec 2017 10:44:57 +0100 -Subject: [PATCH 2/3] xfrm: Fix stack-out-of-bounds read on socket policy - lookup. - -When we do tunnel or beet mode, we pass saddr and daddr from the -template to xfrm_state_find(), this is ok. On transport mode, -we pass the addresses from the flowi, assuming that the IP -addresses (and address family) don't change during transformation. -This assumption is wrong in the IPv4 mapped IPv6 case, packet -is IPv4 and template is IPv6. - -Fix this by catching address family missmatches of the policy -and the flow already before we do the lookup. - -Reported-by: syzbot <syzkaller@googlegroups.com> -Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> ---- - net/xfrm/xfrm_policy.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c -index 6bc16bb61b5533ef..50c5f46b5cca942e 100644 ---- a/net/xfrm/xfrm_policy.c -+++ b/net/xfrm/xfrm_policy.c -@@ -1169,9 +1169,15 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir, - again: - pol = rcu_dereference(sk->sk_policy[dir]); - if (pol != NULL) { -- bool match = xfrm_selector_match(&pol->selector, fl, family); -+ bool match; - int err = 0; - -+ if (pol->family != family) { -+ pol = NULL; -+ goto out; -+ } -+ -+ match = xfrm_selector_match(&pol->selector, fl, family); - if (match) { - if ((sk->sk_mark & pol->mark.m) != pol->mark.v) { - pol = NULL; --- -2.15.1 - @@ -66,7 +66,7 @@ _mq_enable= pkgbase=linux-bfq-mq #pkgbase=linux-custom # Build kernel with a different name -pkgver=4.14.21 +pkgver=4.14.22 _srcpatch="${pkgver##*\.*\.}" _srcname="linux-${pkgver%%\.${_srcpatch}}" pkgrel=1 @@ -131,12 +131,11 @@ source=(# mainline kernel patches # standard config files for mkinitcpio ramdisk 'linux.preset' '0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch' - '0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch' - '0003-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch') + '0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch') sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7' 'SKIP' - '4d888fb78a52e556948483c8410159a83c51195eb7637f084d6f19f014fff448' + '6df3b1cea7091380949dcb33a8313bdfd4b26227584569753ff6c8d161ee1cf7' 'SKIP' '8b00041911e67654b0bd9602125853a1a94f6155c5cac4f886507554c8324ee8' '0034a8c361c602c1683dd9c3ac4a8713dd28eaced37199f6a0a60f3631dfdc7d' @@ -154,9 +153,8 @@ sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7' '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919' '5f6ba52aaa528c4fa4b1dc097e8930fad0470d7ac489afcb13313f289ca32184' 'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65' - 'a15ec5111b7a16b010ea2060e6eac9a08e33aa3a3371e21eb0cb0f71c968747f' - '7a3085c71b3d6d88161bf324783740d68eb90a10828a6a92d97ffa85a07d7934' - '2711b7947a9a844bcae8ddbc7df5e6b772afd74be750b4afadce969c3443268d') + '4532c63833f85cf459b3666beb369020c7158ff1970f4d3ef028c7758a0918b4' + 'a3152233b6b2fc91eaf68b59ec5d0f8997871c74aa7440e8b840c186e5991381') validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman @@ -175,13 +173,9 @@ prepare() { msg "Disable USER_NS for non-root users by default" patch -Np1 -i ../0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch - ### Fix https://bugs.archlinux.org/task/56605 - msg "Fix #56605" - patch -Np1 -i ../0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch - - ### Fix https://bugs.archlinux.org/task/56711 + ### Fix https://bugs.archlinux.org/task/56711 msg "Fix #56711" - patch -Np1 -i ../0003-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch + patch -Np1 -i ../0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch ### Patch source with BFQ-SQ-MQ msg "Fix patching with 20180109" |