diff options
| -rw-r--r-- | .SRCINFO | 36 | ||||
| -rw-r--r-- | 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch | 2 | ||||
| -rw-r--r-- | 0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch | 57 | ||||
| -rw-r--r-- | 0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch (renamed from 0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch) | 2 | ||||
| -rw-r--r-- | 0003-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch (renamed from 0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch) | 2 | ||||
| -rw-r--r-- | PKGBUILD | 36 |
6 files changed, 35 insertions, 100 deletions
@@ -1,5 +1,5 @@ pkgbase = linux-bfq-mq - pkgver = 4.14.19 + pkgver = 4.14.20 pkgrel = 1 url = https://github.com/Algodev-github/bfq-mq/ arch = x86_64 @@ -12,8 +12,8 @@ pkgbase = linux-bfq-mq options = !strip source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.xz source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.sign - source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.19.xz - source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.19.sign + source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.20.xz + source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.20.sign source = https://raw.githubusercontent.com/sirlucjan/kernel_gcc_patch/master/enable_additional_cpu_optimizations_for_gcc_v4.9+_kernel_v4.13+.patch source = https://gitlab.com/sirlucjan/kernel-patches/raw/master/4.14/4.14-bfq-sq-mq-git-20180208.patch source = https://gitlab.com/sirlucjan/kernel-patches/raw/master/4.14/0009-bfq-sq-mq-fix-patching-error-with-20180109.patch @@ -31,14 +31,13 @@ pkgbase = linux-bfq-mq source = 99-linux.hook source = linux.preset source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch - source = 0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch - source = 0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch - source = 0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch + source = 0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch + source = 0003-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886 validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E sha256sums = f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7 sha256sums = SKIP - sha256sums = 627c8bb675b760bf6533a7aacce843e222fb61f702777e6bbfb63db073dd9cbf + sha256sums = ec38313c7ff463f781fb36502d4b49811a903462f031c5392b95231cc371190f sha256sums = SKIP sha256sums = 8b00041911e67654b0bd9602125853a1a94f6155c5cac4f886507554c8324ee8 sha256sums = 0034a8c361c602c1683dd9c3ac4a8713dd28eaced37199f6a0a60f3631dfdc7d @@ -56,10 +55,9 @@ pkgbase = linux-bfq-mq sha256sums = 75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919 sha256sums = 5f6ba52aaa528c4fa4b1dc097e8930fad0470d7ac489afcb13313f289ca32184 sha256sums = ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65 - sha256sums = 767af9b833ff51e57738356c7895ccfa8d4a8e386759f34ffe92573f2331e5c0 - sha256sums = f723c341df165e1a6280fdbab013b5f4256c429c4de7330f1f162feccf1fb3d7 - sha256sums = ec69fb66b2e4baff93ba371c38ff9e7527208203b2b3ab7eea182c274e1201c6 - sha256sums = 4b92975a3a961593590c990c0ab731d6ec9ddce30be440dd05f5f31695b97a78 + sha256sums = a15ec5111b7a16b010ea2060e6eac9a08e33aa3a3371e21eb0cb0f71c968747f + sha256sums = 7a3085c71b3d6d88161bf324783740d68eb90a10828a6a92d97ffa85a07d7934 + sha256sums = 2711b7947a9a844bcae8ddbc7df5e6b772afd74be750b4afadce969c3443268d pkgname = linux-bfq-mq pkgdesc = The Linux-bfq-mq kernel and modules with the BFQ-MQ scheduler @@ -70,19 +68,19 @@ pkgname = linux-bfq-mq depends = mkinitcpio>=0.7 optdepends = crda: to set the correct wireless channels of your country optdepends = modprobed-db: Keeps track of EVERY kernel module that has ever been probed - useful for those of us who make localmodconfig - provides = linux-bfq-mq=4.14.19 - provides = linux=4.14.19 + provides = linux-bfq-mq=4.14.20 + provides = linux=4.14.20 backup = etc/mkinitcpio.d/linux-bfq-mq.preset pkgname = linux-bfq-mq-headers pkgdesc = Header files and scripts for building modules for Linux-bfq-mq kernel - depends = linux-bfq-mq=4.14.19 - provides = linux-bfq-mq-headers=4.14.19 - provides = linux-headers=4.14.19 + depends = linux-bfq-mq=4.14.20 + provides = linux-bfq-mq-headers=4.14.20 + provides = linux-headers=4.14.20 pkgname = linux-bfq-mq-docs pkgdesc = Kernel hackers manual - HTML documentation that comes with the Linux-bfq-mq kernel - depends = linux-bfq-mq=4.14.19 - provides = linux-bfq-mq-docs=4.14.19 - provides = linux-docs=4.14.19 + depends = linux-bfq-mq=4.14.20 + provides = linux-bfq-mq-docs=4.14.20 + provides = linux-docs=4.14.20 diff --git a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch index 2968c83950c7..b0abaa0d5492 100644 --- a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch +++ b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch @@ -2,7 +2,7 @@ From 0b716bdb952b678d9bb5eb32198dbc82ec492df2 Mon Sep 17 00:00:00 2001 Message-Id: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> From: Serge Hallyn <serge.hallyn@canonical.com> Date: Fri, 31 May 2013 19:12:12 +0100 -Subject: [PATCH 1/4] add sysctl to disallow unprivileged CLONE_NEWUSER by +Subject: [PATCH 1/3] add sysctl to disallow unprivileged CLONE_NEWUSER by default Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> diff --git a/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch b/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch deleted file mode 100644 index 2350bc07c50f..000000000000 --- a/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch +++ /dev/null @@ -1,57 +0,0 @@ -From e3fff011db7dd80d53b6bda48bcf2313918aa7a8 Mon Sep 17 00:00:00 2001 -Message-Id: <e3fff011db7dd80d53b6bda48bcf2313918aa7a8.1515173964.git.jan.steffens@gmail.com> -In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> -References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> -From: Mohamed Ghannam <simo.ghannam@gmail.com> -Date: Tue, 5 Dec 2017 20:58:35 +0000 -Subject: [PATCH 2/4] dccp: CVE-2017-8824: use-after-free in DCCP code - -Whenever the sock object is in DCCP_CLOSED state, -dccp_disconnect() must free dccps_hc_tx_ccid and -dccps_hc_rx_ccid and set to NULL. - -Signed-off-by: Mohamed Ghannam <simo.ghannam@gmail.com> -Reviewed-by: Eric Dumazet <edumazet@google.com> -Signed-off-by: David S. Miller <davem@davemloft.net> ---- - net/dccp/proto.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/net/dccp/proto.c b/net/dccp/proto.c -index b68168fcc06aa198..9d43c1f4027408f3 100644 ---- a/net/dccp/proto.c -+++ b/net/dccp/proto.c -@@ -259,25 +259,30 @@ int dccp_disconnect(struct sock *sk, int flags) - { - struct inet_connection_sock *icsk = inet_csk(sk); - struct inet_sock *inet = inet_sk(sk); -+ struct dccp_sock *dp = dccp_sk(sk); - int err = 0; - const int old_state = sk->sk_state; - - if (old_state != DCCP_CLOSED) - dccp_set_state(sk, DCCP_CLOSED); - - /* - * This corresponds to the ABORT function of RFC793, sec. 3.8 - * TCP uses a RST segment, DCCP a Reset packet with Code 2, "Aborted". - */ - if (old_state == DCCP_LISTEN) { - inet_csk_listen_stop(sk); - } else if (dccp_need_reset(old_state)) { - dccp_send_reset(sk, DCCP_RESET_CODE_ABORTED); - sk->sk_err = ECONNRESET; - } else if (old_state == DCCP_REQUESTING) - sk->sk_err = ECONNRESET; - - dccp_clear_xmit_timers(sk); -+ ccid_hc_rx_delete(dp->dccps_hc_rx_ccid, sk); -+ ccid_hc_tx_delete(dp->dccps_hc_tx_ccid, sk); -+ dp->dccps_hc_rx_ccid = NULL; -+ dp->dccps_hc_tx_ccid = NULL; - - __skb_queue_purge(&sk->sk_receive_queue); - __skb_queue_purge(&sk->sk_write_queue); --- -2.15.1 - diff --git a/0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch b/0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch index fb6e0a4be29a..9a874b47588e 100644 --- a/0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch +++ b/0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch @@ -4,7 +4,7 @@ In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffe References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> From: Steffen Klassert <steffen.klassert@secunet.com> Date: Fri, 22 Dec 2017 10:44:57 +0100 -Subject: [PATCH 3/4] xfrm: Fix stack-out-of-bounds read on socket policy +Subject: [PATCH 2/3] xfrm: Fix stack-out-of-bounds read on socket policy lookup. When we do tunnel or beet mode, we pass saddr and daddr from the diff --git a/0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch b/0003-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch index b865e10691a1..08c1ff153fd5 100644 --- a/0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch +++ b/0003-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch @@ -4,7 +4,7 @@ In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffe References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> From: Jim Bride <jim.bride@linux.intel.com> Date: Mon, 6 Nov 2017 13:38:57 -0800 -Subject: [PATCH 4/4] drm/i915/edp: Only use the alternate fixed mode if it's +Subject: [PATCH 3/3] drm/i915/edp: Only use the alternate fixed mode if it's asked for In commit dc911f5bd8aa ("drm/i915/edp: Allow alternate fixed mode for @@ -66,7 +66,7 @@ _mq_enable= pkgbase=linux-bfq-mq #pkgbase=linux-custom # Build kernel with a different name -pkgver=4.14.19 +pkgver=4.14.20 _srcpatch="${pkgver##*\.*\.}" _srcname="linux-${pkgver%%\.${_srcpatch}}" pkgrel=1 @@ -131,13 +131,12 @@ source=(# mainline kernel patches # standard config files for mkinitcpio ramdisk 'linux.preset' '0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch' - '0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch' - '0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch' - '0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch') + '0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch' + '0003-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch') sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7' 'SKIP' - '627c8bb675b760bf6533a7aacce843e222fb61f702777e6bbfb63db073dd9cbf' + 'ec38313c7ff463f781fb36502d4b49811a903462f031c5392b95231cc371190f' 'SKIP' '8b00041911e67654b0bd9602125853a1a94f6155c5cac4f886507554c8324ee8' '0034a8c361c602c1683dd9c3ac4a8713dd28eaced37199f6a0a60f3631dfdc7d' @@ -155,10 +154,9 @@ sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7' '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919' '5f6ba52aaa528c4fa4b1dc097e8930fad0470d7ac489afcb13313f289ca32184' 'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65' - '767af9b833ff51e57738356c7895ccfa8d4a8e386759f34ffe92573f2331e5c0' - 'f723c341df165e1a6280fdbab013b5f4256c429c4de7330f1f162feccf1fb3d7' - 'ec69fb66b2e4baff93ba371c38ff9e7527208203b2b3ab7eea182c274e1201c6' - '4b92975a3a961593590c990c0ab731d6ec9ddce30be440dd05f5f31695b97a78') + 'a15ec5111b7a16b010ea2060e6eac9a08e33aa3a3371e21eb0cb0f71c968747f' + '7a3085c71b3d6d88161bf324783740d68eb90a10828a6a92d97ffa85a07d7934' + '2711b7947a9a844bcae8ddbc7df5e6b772afd74be750b4afadce969c3443268d') validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman @@ -174,20 +172,16 @@ prepare() { patch -p1 -i ../patch-${pkgver} ### Disable USER_NS for non-root users by default - msg "Disable USER_NS for non-root users by default" - patch -Np1 -i ../0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch - - ### Fix https://nvd.nist.gov/vuln/detail/CVE-2017-8824 - msg "Fix CVE-2017-8824" - patch -Np1 -i ../0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch + msg "Disable USER_NS for non-root users by default" + patch -Np1 -i ../0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch - ### Fix https://bugs.archlinux.org/task/56605 - msg "Fix #56605" - patch -Np1 -i ../0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch + ### Fix https://bugs.archlinux.org/task/56605 + msg "Fix #56605" + patch -Np1 -i ../0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch - ### Fix https://bugs.archlinux.org/task/56711 - msg "Fix #56711" - patch -Np1 -i ../0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch + ### Fix https://bugs.archlinux.org/task/56711 + msg "Fix #56711" + patch -Np1 -i ../0003-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch ### Patch source with BFQ-SQ-MQ msg "Fix patching with 20180109" |