summarylogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.SRCINFO36
-rw-r--r--0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch2
-rw-r--r--0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch57
-rw-r--r--0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch (renamed from 0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch)2
-rw-r--r--0003-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch (renamed from 0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch)2
-rw-r--r--PKGBUILD36
6 files changed, 35 insertions, 100 deletions
diff --git a/.SRCINFO b/.SRCINFO
index f0c1108f1f44..b4b1689ba2e1 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,5 +1,5 @@
pkgbase = linux-bfq-mq
- pkgver = 4.14.19
+ pkgver = 4.14.20
pkgrel = 1
url = https://github.com/Algodev-github/bfq-mq/
arch = x86_64
@@ -12,8 +12,8 @@ pkgbase = linux-bfq-mq
options = !strip
source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.xz
source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.sign
- source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.19.xz
- source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.19.sign
+ source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.20.xz
+ source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.20.sign
source = https://raw.githubusercontent.com/sirlucjan/kernel_gcc_patch/master/enable_additional_cpu_optimizations_for_gcc_v4.9+_kernel_v4.13+.patch
source = https://gitlab.com/sirlucjan/kernel-patches/raw/master/4.14/4.14-bfq-sq-mq-git-20180208.patch
source = https://gitlab.com/sirlucjan/kernel-patches/raw/master/4.14/0009-bfq-sq-mq-fix-patching-error-with-20180109.patch
@@ -31,14 +31,13 @@ pkgbase = linux-bfq-mq
source = 99-linux.hook
source = linux.preset
source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
- source = 0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
- source = 0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
- source = 0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
+ source = 0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
+ source = 0003-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886
validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E
sha256sums = f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7
sha256sums = SKIP
- sha256sums = 627c8bb675b760bf6533a7aacce843e222fb61f702777e6bbfb63db073dd9cbf
+ sha256sums = ec38313c7ff463f781fb36502d4b49811a903462f031c5392b95231cc371190f
sha256sums = SKIP
sha256sums = 8b00041911e67654b0bd9602125853a1a94f6155c5cac4f886507554c8324ee8
sha256sums = 0034a8c361c602c1683dd9c3ac4a8713dd28eaced37199f6a0a60f3631dfdc7d
@@ -56,10 +55,9 @@ pkgbase = linux-bfq-mq
sha256sums = 75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919
sha256sums = 5f6ba52aaa528c4fa4b1dc097e8930fad0470d7ac489afcb13313f289ca32184
sha256sums = ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65
- sha256sums = 767af9b833ff51e57738356c7895ccfa8d4a8e386759f34ffe92573f2331e5c0
- sha256sums = f723c341df165e1a6280fdbab013b5f4256c429c4de7330f1f162feccf1fb3d7
- sha256sums = ec69fb66b2e4baff93ba371c38ff9e7527208203b2b3ab7eea182c274e1201c6
- sha256sums = 4b92975a3a961593590c990c0ab731d6ec9ddce30be440dd05f5f31695b97a78
+ sha256sums = a15ec5111b7a16b010ea2060e6eac9a08e33aa3a3371e21eb0cb0f71c968747f
+ sha256sums = 7a3085c71b3d6d88161bf324783740d68eb90a10828a6a92d97ffa85a07d7934
+ sha256sums = 2711b7947a9a844bcae8ddbc7df5e6b772afd74be750b4afadce969c3443268d
pkgname = linux-bfq-mq
pkgdesc = The Linux-bfq-mq kernel and modules with the BFQ-MQ scheduler
@@ -70,19 +68,19 @@ pkgname = linux-bfq-mq
depends = mkinitcpio>=0.7
optdepends = crda: to set the correct wireless channels of your country
optdepends = modprobed-db: Keeps track of EVERY kernel module that has ever been probed - useful for those of us who make localmodconfig
- provides = linux-bfq-mq=4.14.19
- provides = linux=4.14.19
+ provides = linux-bfq-mq=4.14.20
+ provides = linux=4.14.20
backup = etc/mkinitcpio.d/linux-bfq-mq.preset
pkgname = linux-bfq-mq-headers
pkgdesc = Header files and scripts for building modules for Linux-bfq-mq kernel
- depends = linux-bfq-mq=4.14.19
- provides = linux-bfq-mq-headers=4.14.19
- provides = linux-headers=4.14.19
+ depends = linux-bfq-mq=4.14.20
+ provides = linux-bfq-mq-headers=4.14.20
+ provides = linux-headers=4.14.20
pkgname = linux-bfq-mq-docs
pkgdesc = Kernel hackers manual - HTML documentation that comes with the Linux-bfq-mq kernel
- depends = linux-bfq-mq=4.14.19
- provides = linux-bfq-mq-docs=4.14.19
- provides = linux-docs=4.14.19
+ depends = linux-bfq-mq=4.14.20
+ provides = linux-bfq-mq-docs=4.14.20
+ provides = linux-docs=4.14.20
diff --git a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
index 2968c83950c7..b0abaa0d5492 100644
--- a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
+++ b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
@@ -2,7 +2,7 @@ From 0b716bdb952b678d9bb5eb32198dbc82ec492df2 Mon Sep 17 00:00:00 2001
Message-Id: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
From: Serge Hallyn <serge.hallyn@canonical.com>
Date: Fri, 31 May 2013 19:12:12 +0100
-Subject: [PATCH 1/4] add sysctl to disallow unprivileged CLONE_NEWUSER by
+Subject: [PATCH 1/3] add sysctl to disallow unprivileged CLONE_NEWUSER by
default
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
diff --git a/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch b/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
deleted file mode 100644
index 2350bc07c50f..000000000000
--- a/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From e3fff011db7dd80d53b6bda48bcf2313918aa7a8 Mon Sep 17 00:00:00 2001
-Message-Id: <e3fff011db7dd80d53b6bda48bcf2313918aa7a8.1515173964.git.jan.steffens@gmail.com>
-In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
-References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
-From: Mohamed Ghannam <simo.ghannam@gmail.com>
-Date: Tue, 5 Dec 2017 20:58:35 +0000
-Subject: [PATCH 2/4] dccp: CVE-2017-8824: use-after-free in DCCP code
-
-Whenever the sock object is in DCCP_CLOSED state,
-dccp_disconnect() must free dccps_hc_tx_ccid and
-dccps_hc_rx_ccid and set to NULL.
-
-Signed-off-by: Mohamed Ghannam <simo.ghannam@gmail.com>
-Reviewed-by: Eric Dumazet <edumazet@google.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
----
- net/dccp/proto.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/net/dccp/proto.c b/net/dccp/proto.c
-index b68168fcc06aa198..9d43c1f4027408f3 100644
---- a/net/dccp/proto.c
-+++ b/net/dccp/proto.c
-@@ -259,25 +259,30 @@ int dccp_disconnect(struct sock *sk, int flags)
- {
- struct inet_connection_sock *icsk = inet_csk(sk);
- struct inet_sock *inet = inet_sk(sk);
-+ struct dccp_sock *dp = dccp_sk(sk);
- int err = 0;
- const int old_state = sk->sk_state;
-
- if (old_state != DCCP_CLOSED)
- dccp_set_state(sk, DCCP_CLOSED);
-
- /*
- * This corresponds to the ABORT function of RFC793, sec. 3.8
- * TCP uses a RST segment, DCCP a Reset packet with Code 2, "Aborted".
- */
- if (old_state == DCCP_LISTEN) {
- inet_csk_listen_stop(sk);
- } else if (dccp_need_reset(old_state)) {
- dccp_send_reset(sk, DCCP_RESET_CODE_ABORTED);
- sk->sk_err = ECONNRESET;
- } else if (old_state == DCCP_REQUESTING)
- sk->sk_err = ECONNRESET;
-
- dccp_clear_xmit_timers(sk);
-+ ccid_hc_rx_delete(dp->dccps_hc_rx_ccid, sk);
-+ ccid_hc_tx_delete(dp->dccps_hc_tx_ccid, sk);
-+ dp->dccps_hc_rx_ccid = NULL;
-+ dp->dccps_hc_tx_ccid = NULL;
-
- __skb_queue_purge(&sk->sk_receive_queue);
- __skb_queue_purge(&sk->sk_write_queue);
---
-2.15.1
-
diff --git a/0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch b/0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
index fb6e0a4be29a..9a874b47588e 100644
--- a/0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
+++ b/0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
@@ -4,7 +4,7 @@ In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffe
References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
From: Steffen Klassert <steffen.klassert@secunet.com>
Date: Fri, 22 Dec 2017 10:44:57 +0100
-Subject: [PATCH 3/4] xfrm: Fix stack-out-of-bounds read on socket policy
+Subject: [PATCH 2/3] xfrm: Fix stack-out-of-bounds read on socket policy
lookup.
When we do tunnel or beet mode, we pass saddr and daddr from the
diff --git a/0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch b/0003-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
index b865e10691a1..08c1ff153fd5 100644
--- a/0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
+++ b/0003-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
@@ -4,7 +4,7 @@ In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffe
References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
From: Jim Bride <jim.bride@linux.intel.com>
Date: Mon, 6 Nov 2017 13:38:57 -0800
-Subject: [PATCH 4/4] drm/i915/edp: Only use the alternate fixed mode if it's
+Subject: [PATCH 3/3] drm/i915/edp: Only use the alternate fixed mode if it's
asked for
In commit dc911f5bd8aa ("drm/i915/edp: Allow alternate fixed mode for
diff --git a/PKGBUILD b/PKGBUILD
index 81a1964706ba..937238f12f22 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -66,7 +66,7 @@ _mq_enable=
pkgbase=linux-bfq-mq
#pkgbase=linux-custom # Build kernel with a different name
-pkgver=4.14.19
+pkgver=4.14.20
_srcpatch="${pkgver##*\.*\.}"
_srcname="linux-${pkgver%%\.${_srcpatch}}"
pkgrel=1
@@ -131,13 +131,12 @@ source=(# mainline kernel patches
# standard config files for mkinitcpio ramdisk
'linux.preset'
'0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch'
- '0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch'
- '0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch'
- '0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch')
+ '0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch'
+ '0003-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch')
sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7'
'SKIP'
- '627c8bb675b760bf6533a7aacce843e222fb61f702777e6bbfb63db073dd9cbf'
+ 'ec38313c7ff463f781fb36502d4b49811a903462f031c5392b95231cc371190f'
'SKIP'
'8b00041911e67654b0bd9602125853a1a94f6155c5cac4f886507554c8324ee8'
'0034a8c361c602c1683dd9c3ac4a8713dd28eaced37199f6a0a60f3631dfdc7d'
@@ -155,10 +154,9 @@ sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7'
'75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919'
'5f6ba52aaa528c4fa4b1dc097e8930fad0470d7ac489afcb13313f289ca32184'
'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65'
- '767af9b833ff51e57738356c7895ccfa8d4a8e386759f34ffe92573f2331e5c0'
- 'f723c341df165e1a6280fdbab013b5f4256c429c4de7330f1f162feccf1fb3d7'
- 'ec69fb66b2e4baff93ba371c38ff9e7527208203b2b3ab7eea182c274e1201c6'
- '4b92975a3a961593590c990c0ab731d6ec9ddce30be440dd05f5f31695b97a78')
+ 'a15ec5111b7a16b010ea2060e6eac9a08e33aa3a3371e21eb0cb0f71c968747f'
+ '7a3085c71b3d6d88161bf324783740d68eb90a10828a6a92d97ffa85a07d7934'
+ '2711b7947a9a844bcae8ddbc7df5e6b772afd74be750b4afadce969c3443268d')
validpgpkeys=(
'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds
'647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman
@@ -174,20 +172,16 @@ prepare() {
patch -p1 -i ../patch-${pkgver}
### Disable USER_NS for non-root users by default
- msg "Disable USER_NS for non-root users by default"
- patch -Np1 -i ../0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
-
- ### Fix https://nvd.nist.gov/vuln/detail/CVE-2017-8824
- msg "Fix CVE-2017-8824"
- patch -Np1 -i ../0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
+ msg "Disable USER_NS for non-root users by default"
+ patch -Np1 -i ../0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
- ### Fix https://bugs.archlinux.org/task/56605
- msg "Fix #56605"
- patch -Np1 -i ../0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
+ ### Fix https://bugs.archlinux.org/task/56605
+ msg "Fix #56605"
+ patch -Np1 -i ../0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
- ### Fix https://bugs.archlinux.org/task/56711
- msg "Fix #56711"
- patch -Np1 -i ../0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
+ ### Fix https://bugs.archlinux.org/task/56711
+ msg "Fix #56711"
+ patch -Np1 -i ../0003-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
### Patch source with BFQ-SQ-MQ
msg "Fix patching with 20180109"