diff options
-rw-r--r-- | .SRCINFO | 18 | ||||
-rw-r--r-- | 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch | 6 | ||||
-rw-r--r-- | 0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch | 10 | ||||
-rw-r--r-- | 0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch | 10 | ||||
-rw-r--r-- | 0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch | 49 | ||||
-rw-r--r-- | 0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch (renamed from 0004-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch) | 10 | ||||
-rw-r--r-- | 0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch | 42 | ||||
-rw-r--r-- | PKGBUILD | 24 |
8 files changed, 137 insertions, 32 deletions
@@ -1,8 +1,8 @@ # Generated by mksrcinfo v8 -# Fri Jan 5 20:32:20 UTC 2018 +# Fri Jan 5 22:31:48 UTC 2018 pkgbase = linux-ck pkgver = 4.14.12 - pkgrel = 1 + pkgrel = 2 url = https://wiki.archlinux.org/index.php/Linux-ck arch = x86_64 license = GPL2 @@ -29,7 +29,9 @@ pkgbase = linux-ck source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch source = 0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch source = 0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch - source = 0004-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch + source = 0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch + source = 0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch + source = 0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch sha256sums = f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7 sha256sums = SKIP sha256sums = da5d8db44b0988e4c45346899d3f5a51f8bd6c25f14e729615ca9ff9f17bdefd @@ -45,10 +47,12 @@ pkgbase = linux-ck sha256sums = d2f59cf1c5187204eced6e53806b187e90698fcb2309955aed4020a15c659ae1 sha256sums = 3d4d2506795c4bd914959758f5b69ccf5a4f5a21f5d4bfc87bf0aa3b4b58f4c6 sha256sums = 0dbf2d23df0b5d023794332872b8b346d0c4994576b778396364e803acac4498 - sha256sums = 06bc1d8b1cd153c3146a4376d833f5769b980e5ef5eae99ddaaeb48bf514dae2 - sha256sums = b90bef87574f30ec66c0f10d089bea56a9e974b6d052fee3071b1ff21360724b - sha256sums = f38531dee9fd8a59202ce96ac5b40446f1f035b89788ea9ecb2fb3909f703a25 - sha256sums = 8e1b303957ddd829c0c9ad7c012cd32f2354ff3c8c1b85da3d7f8a54524f3711 + sha256sums = d8a865a11665424b21fe6be9265eb287ee6d5646261a486954ddf3a4ee87e78f + sha256sums = 9251c03da9d4b64591d77f490ff144d4ba514e66e74294ada541bf827306c9c4 + sha256sums = 6ce57b8dba43db4c6ee167a8891167b7d1e1e101d5112e776113eb37de5c37d8 + sha256sums = 1c1f5792c98369c546840950e6569a690cd88e33d4f0931d2b0b5b88f705aa4d + sha256sums = c3d743a0e193294bc5fbae65e7ba69fd997cd8b2ded9c9a45c5151d71d9cfb95 + sha256sums = ec7342aab478af79a17ff65cf65bbd6744b0caee8f66c77a39bba61a78e6576d pkgname = linux-ck pkgdesc = The Linux-ck kernel and modules with the ck1 patchset featuring MuQSS CPU scheduler v0.162 diff --git a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch index 64341b9b7026..c3364a49db0e 100644 --- a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch +++ b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch @@ -1,8 +1,8 @@ -From fb89d912d5f7289d3a922c77b671e36e1c740f5e Mon Sep 17 00:00:00 2001 -Message-Id: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> +From 0b716bdb952b678d9bb5eb32198dbc82ec492df2 Mon Sep 17 00:00:00 2001 +Message-Id: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> From: Serge Hallyn <serge.hallyn@canonical.com> Date: Fri, 31 May 2013 19:12:12 +0100 -Subject: [PATCH 1/7] add sysctl to disallow unprivileged CLONE_NEWUSER by +Subject: [PATCH 1/6] add sysctl to disallow unprivileged CLONE_NEWUSER by default Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> diff --git a/0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch b/0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch index 8c23c9a543ba..9961ab6f9273 100644 --- a/0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch +++ b/0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch @@ -1,10 +1,10 @@ -From 8c6956686606b9c3661e74a410c8cb2fc276c5ee Mon Sep 17 00:00:00 2001 -Message-Id: <8c6956686606b9c3661e74a410c8cb2fc276c5ee.1514959852.git.jan.steffens@gmail.com> -In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> -References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> +From e6a5e05524563626d14c1745619e37e79cb5a3a7 Mon Sep 17 00:00:00 2001 +Message-Id: <e6a5e05524563626d14c1745619e37e79cb5a3a7.1515173964.git.jan.steffens@gmail.com> +In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> +References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> From: Benjamin Poirier <bpoirier@suse.com> Date: Mon, 11 Dec 2017 16:26:40 +0900 -Subject: [PATCH 2/7] e1000e: Fix e1000_check_for_copper_link_ich8lan return +Subject: [PATCH 2/6] e1000e: Fix e1000_check_for_copper_link_ich8lan return value. e1000e_check_for_copper_link() and e1000_check_for_copper_link_ich8lan() diff --git a/0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch b/0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch index d7872e2a1cc2..15e4d29b6e14 100644 --- a/0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch +++ b/0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch @@ -1,10 +1,10 @@ -From b81e273fb227373a2951c7256ab11a87d5333a9d Mon Sep 17 00:00:00 2001 -Message-Id: <b81e273fb227373a2951c7256ab11a87d5333a9d.1514959852.git.jan.steffens@gmail.com> -In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> -References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> +From e3fff011db7dd80d53b6bda48bcf2313918aa7a8 Mon Sep 17 00:00:00 2001 +Message-Id: <e3fff011db7dd80d53b6bda48bcf2313918aa7a8.1515173964.git.jan.steffens@gmail.com> +In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> +References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> From: Mohamed Ghannam <simo.ghannam@gmail.com> Date: Tue, 5 Dec 2017 20:58:35 +0000 -Subject: [PATCH 3/7] dccp: CVE-2017-8824: use-after-free in DCCP code +Subject: [PATCH 3/6] dccp: CVE-2017-8824: use-after-free in DCCP code Whenever the sock object is in DCCP_CLOSED state, dccp_disconnect() must free dccps_hc_tx_ccid and diff --git a/0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch b/0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch new file mode 100644 index 000000000000..6b4de3a648d9 --- /dev/null +++ b/0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch @@ -0,0 +1,49 @@ +From 5a11be3bab2dcd6fe061206662969c4cea46988f Mon Sep 17 00:00:00 2001 +Message-Id: <5a11be3bab2dcd6fe061206662969c4cea46988f.1515173964.git.jan.steffens@gmail.com> +In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> +References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> +From: Steffen Klassert <steffen.klassert@secunet.com> +Date: Fri, 22 Dec 2017 10:44:57 +0100 +Subject: [PATCH 4/6] xfrm: Fix stack-out-of-bounds read on socket policy + lookup. + +When we do tunnel or beet mode, we pass saddr and daddr from the +template to xfrm_state_find(), this is ok. On transport mode, +we pass the addresses from the flowi, assuming that the IP +addresses (and address family) don't change during transformation. +This assumption is wrong in the IPv4 mapped IPv6 case, packet +is IPv4 and template is IPv6. + +Fix this by catching address family missmatches of the policy +and the flow already before we do the lookup. + +Reported-by: syzbot <syzkaller@googlegroups.com> +Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> +--- + net/xfrm/xfrm_policy.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c +index 6bc16bb61b5533ef..50c5f46b5cca942e 100644 +--- a/net/xfrm/xfrm_policy.c ++++ b/net/xfrm/xfrm_policy.c +@@ -1169,9 +1169,15 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir, + again: + pol = rcu_dereference(sk->sk_policy[dir]); + if (pol != NULL) { +- bool match = xfrm_selector_match(&pol->selector, fl, family); ++ bool match; + int err = 0; + ++ if (pol->family != family) { ++ pol = NULL; ++ goto out; ++ } ++ ++ match = xfrm_selector_match(&pol->selector, fl, family); + if (match) { + if ((sk->sk_mark & pol->mark.m) != pol->mark.v) { + pol = NULL; +-- +2.15.1 + diff --git a/0004-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch b/0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch index 0a54ce129b3b..3090318aacb8 100644 --- a/0004-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch +++ b/0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch @@ -1,10 +1,10 @@ -From a79cb4d4e540c72a601ca0494e914565c16e2893 Mon Sep 17 00:00:00 2001 -Message-Id: <a79cb4d4e540c72a601ca0494e914565c16e2893.1514959852.git.jan.steffens@gmail.com> -In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> -References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> +From eadda028a73a567edd8462ccd0e8c28e023cde28 Mon Sep 17 00:00:00 2001 +Message-Id: <eadda028a73a567edd8462ccd0e8c28e023cde28.1515173964.git.jan.steffens@gmail.com> +In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> +References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> From: Tejun Heo <tj@kernel.org> Date: Wed, 20 Dec 2017 07:09:19 -0800 -Subject: [PATCH 6/7] cgroup: fix css_task_iter crash on CSS_TASK_ITER_PROC +Subject: [PATCH 5/6] cgroup: fix css_task_iter crash on CSS_TASK_ITER_PROC While teaching css_task_iter to handle skipping over tasks which aren't group leaders, bc2fb7ed089f ("cgroup: add @flags to diff --git a/0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch b/0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch new file mode 100644 index 000000000000..5d36d15ac47b --- /dev/null +++ b/0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch @@ -0,0 +1,42 @@ +From cf45be4971bdd769c09e2a11db483510cd0bcc5f Mon Sep 17 00:00:00 2001 +Message-Id: <cf45be4971bdd769c09e2a11db483510cd0bcc5f.1515173964.git.jan.steffens@gmail.com> +In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> +References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> +From: Jim Bride <jim.bride@linux.intel.com> +Date: Mon, 6 Nov 2017 13:38:57 -0800 +Subject: [PATCH 6/6] drm/i915/edp: Only use the alternate fixed mode if it's + asked for + +In commit dc911f5bd8aa ("drm/i915/edp: Allow alternate fixed mode for +eDP if available."), the patch allows for the use of an alternate fixed +mode if it is available, but the patch was not ensuring that the only +time the alternate mode is used is when it is specifically requested. +This patch adds an additional comparison to intel_edp_compare_alt_mode +to ensure that we only use the alternate mode if it is directly +requested. + +Fixes: dc911f5bd8aac ("Allow alternate fixed mode for eDP if available.") +Cc: David Weinehall <david.weinehall@linux.intel.com> +Cc: Rodrigo Vivi <rodrigo.vivi@intel.com> +Signed-off-by: Jim Bride <jim.bride@linux.intel.com> +--- + drivers/gpu/drm/i915/intel_dp.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c +index 09f274419eea1c74..838cee312e8e6978 100644 +--- a/drivers/gpu/drm/i915/intel_dp.c ++++ b/drivers/gpu/drm/i915/intel_dp.c +@@ -1632,7 +1632,8 @@ static bool intel_edp_compare_alt_mode(struct drm_display_mode *m1, + m1->vdisplay == m2->vdisplay && + m1->vsync_start == m2->vsync_start && + m1->vsync_end == m2->vsync_end && +- m1->vtotal == m2->vtotal); ++ m1->vtotal == m2->vtotal && ++ m1->vrefresh == m2->vrefresh); + return bres; + } + +-- +2.15.1 + @@ -63,7 +63,7 @@ _use_current= pkgbase=linux-ck _srcname=linux-4.14 pkgver=4.14.12 -pkgrel=1 +pkgrel=2 _ckpatchversion=1 arch=('x86_64') url="https://wiki.archlinux.org/index.php/Linux-ck" @@ -93,7 +93,9 @@ source=( 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch 0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch 0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch - 0004-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch + 0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch + 0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch + 0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch ) validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds @@ -114,10 +116,12 @@ sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7' 'd2f59cf1c5187204eced6e53806b187e90698fcb2309955aed4020a15c659ae1' '3d4d2506795c4bd914959758f5b69ccf5a4f5a21f5d4bfc87bf0aa3b4b58f4c6' '0dbf2d23df0b5d023794332872b8b346d0c4994576b778396364e803acac4498' - '06bc1d8b1cd153c3146a4376d833f5769b980e5ef5eae99ddaaeb48bf514dae2' - 'b90bef87574f30ec66c0f10d089bea56a9e974b6d052fee3071b1ff21360724b' - 'f38531dee9fd8a59202ce96ac5b40446f1f035b89788ea9ecb2fb3909f703a25' - '8e1b303957ddd829c0c9ad7c012cd32f2354ff3c8c1b85da3d7f8a54524f3711') + 'd8a865a11665424b21fe6be9265eb287ee6d5646261a486954ddf3a4ee87e78f' + '9251c03da9d4b64591d77f490ff144d4ba514e66e74294ada541bf827306c9c4' + '6ce57b8dba43db4c6ee167a8891167b7d1e1e101d5112e776113eb37de5c37d8' + '1c1f5792c98369c546840950e6569a690cd88e33d4f0931d2b0b5b88f705aa4d' + 'c3d743a0e193294bc5fbae65e7ba69fd997cd8b2ded9c9a45c5151d71d9cfb95' + 'ec7342aab478af79a17ff65cf65bbd6744b0caee8f66c77a39bba61a78e6576d') _kernelname=${pkgbase#linux} @@ -137,8 +141,14 @@ prepare() { # https://nvd.nist.gov/vuln/detail/CVE-2017-8824 patch -Np1 -i ../0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch + # https://bugs.archlinux.org/task/56605 + patch -Np1 -i ../0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch + # https://bugs.archlinux.org/task/56846 - patch -Np1 -i ../0004-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch + patch -Np1 -i ../0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch + + # https://bugs.archlinux.org/task/56711 + patch -Np1 -i ../0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch # fix naming schema in EXTRAVERSION of ck patch set sed -i -re "s/^(.EXTRAVERSION).*$/\1 = /" "../${_ckpatchname}" |