summarylogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.SRCINFO22
-rw-r--r--0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch57
-rw-r--r--0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch (renamed from 0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch)0
-rw-r--r--0003-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch (renamed from 0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch)0
-rw-r--r--PKGBUILD17
5 files changed, 16 insertions, 80 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 7777d6617665..504bbd1eb62f 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
# Generated by mksrcinfo v8
-# Tue Feb 13 18:44:03 UTC 2018
+# Sat Feb 17 14:23:38 UTC 2018
pkgbase = linux-ck
- pkgver = 4.14.19
+ pkgver = 4.14.20
pkgrel = 1
url = https://wiki.archlinux.org/index.php/Linux-ck
arch = x86_64
@@ -13,8 +13,8 @@ pkgbase = linux-ck
options = !strip
source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.xz
source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.sign
- source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.19.xz
- source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.19.sign
+ source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.20.xz
+ source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.20.sign
source = config
source = 60-linux.hook
source = 90-linux.hook
@@ -28,12 +28,11 @@ pkgbase = linux-ck
source = https://github.com/ckolivas/linux/pull/7/commits/a79d648fcde72fc98048d4435bc86864a59fd01b.patch
source = unfuck_MuQSS_for_4.14.15+.patch::https://github.com/ckolivas/linux/commit/25849740d77dfc089fdbfb53623e50d38a972aff.patch
source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
- source = 0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
- source = 0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
- source = 0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
+ source = 0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
+ source = 0003-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
sha256sums = f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7
sha256sums = SKIP
- sha256sums = 627c8bb675b760bf6533a7aacce843e222fb61f702777e6bbfb63db073dd9cbf
+ sha256sums = ec38313c7ff463f781fb36502d4b49811a903462f031c5392b95231cc371190f
sha256sums = SKIP
sha256sums = fc3033c9f914bf8b6da687b97bca27b897c551993e5737d14e68469793446031
sha256sums = ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21
@@ -48,7 +47,6 @@ pkgbase = linux-ck
sha256sums = 0dbf2d23df0b5d023794332872b8b346d0c4994576b778396364e803acac4498
sha256sums = e0f40fc665ca9fa3cd1f3c9055aa11ea3d5f2790c7c9face69254a24ef27ec04
sha256sums = d8a865a11665424b21fe6be9265eb287ee6d5646261a486954ddf3a4ee87e78f
- sha256sums = 6ce57b8dba43db4c6ee167a8891167b7d1e1e101d5112e776113eb37de5c37d8
sha256sums = 1c1f5792c98369c546840950e6569a690cd88e33d4f0931d2b0b5b88f705aa4d
sha256sums = ec7342aab478af79a17ff65cf65bbd6744b0caee8f66c77a39bba61a78e6576d
@@ -60,12 +58,12 @@ pkgname = linux-ck
depends = kmod
depends = mkinitcpio>=0.7
optdepends = crda: to set the correct wireless channels of your country
- provides = linux-ck=4.14.19
+ provides = linux-ck=4.14.20
backup = etc/mkinitcpio.d/linux-ck.preset
pkgname = linux-ck-headers
pkgdesc = Header files and scripts for building modules for Linux-ck kernel
depends = linux-ck
- provides = linux-ck-headers=4.14.19
- provides = linux-headers=4.14.19
+ provides = linux-ck-headers=4.14.20
+ provides = linux-headers=4.14.20
diff --git a/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch b/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
deleted file mode 100644
index 15e4d29b6e14..000000000000
--- a/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From e3fff011db7dd80d53b6bda48bcf2313918aa7a8 Mon Sep 17 00:00:00 2001
-Message-Id: <e3fff011db7dd80d53b6bda48bcf2313918aa7a8.1515173964.git.jan.steffens@gmail.com>
-In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
-References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
-From: Mohamed Ghannam <simo.ghannam@gmail.com>
-Date: Tue, 5 Dec 2017 20:58:35 +0000
-Subject: [PATCH 3/6] dccp: CVE-2017-8824: use-after-free in DCCP code
-
-Whenever the sock object is in DCCP_CLOSED state,
-dccp_disconnect() must free dccps_hc_tx_ccid and
-dccps_hc_rx_ccid and set to NULL.
-
-Signed-off-by: Mohamed Ghannam <simo.ghannam@gmail.com>
-Reviewed-by: Eric Dumazet <edumazet@google.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
----
- net/dccp/proto.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/net/dccp/proto.c b/net/dccp/proto.c
-index b68168fcc06aa198..9d43c1f4027408f3 100644
---- a/net/dccp/proto.c
-+++ b/net/dccp/proto.c
-@@ -259,25 +259,30 @@ int dccp_disconnect(struct sock *sk, int flags)
- {
- struct inet_connection_sock *icsk = inet_csk(sk);
- struct inet_sock *inet = inet_sk(sk);
-+ struct dccp_sock *dp = dccp_sk(sk);
- int err = 0;
- const int old_state = sk->sk_state;
-
- if (old_state != DCCP_CLOSED)
- dccp_set_state(sk, DCCP_CLOSED);
-
- /*
- * This corresponds to the ABORT function of RFC793, sec. 3.8
- * TCP uses a RST segment, DCCP a Reset packet with Code 2, "Aborted".
- */
- if (old_state == DCCP_LISTEN) {
- inet_csk_listen_stop(sk);
- } else if (dccp_need_reset(old_state)) {
- dccp_send_reset(sk, DCCP_RESET_CODE_ABORTED);
- sk->sk_err = ECONNRESET;
- } else if (old_state == DCCP_REQUESTING)
- sk->sk_err = ECONNRESET;
-
- dccp_clear_xmit_timers(sk);
-+ ccid_hc_rx_delete(dp->dccps_hc_rx_ccid, sk);
-+ ccid_hc_tx_delete(dp->dccps_hc_tx_ccid, sk);
-+ dp->dccps_hc_rx_ccid = NULL;
-+ dp->dccps_hc_tx_ccid = NULL;
-
- __skb_queue_purge(&sk->sk_receive_queue);
- __skb_queue_purge(&sk->sk_write_queue);
---
-2.15.1
-
diff --git a/0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch b/0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
index 6b4de3a648d9..6b4de3a648d9 100644
--- a/0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
+++ b/0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
diff --git a/0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch b/0003-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
index 5d36d15ac47b..5d36d15ac47b 100644
--- a/0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
+++ b/0003-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
diff --git a/PKGBUILD b/PKGBUILD
index d6f362130391..a676acfbe367 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -62,7 +62,7 @@ _localmodcfg=
pkgbase=linux-ck
_srcname=linux-4.14
-pkgver=4.14.19
+pkgver=4.14.20
pkgrel=1
_ckpatchversion=1
arch=('x86_64')
@@ -92,9 +92,8 @@ source=(
"$_preck2/a79d648fcde72fc98048d4435bc86864a59fd01b.patch"
"unfuck_MuQSS_for_4.14.15+.patch::https://github.com/ckolivas/linux/commit/25849740d77dfc089fdbfb53623e50d38a972aff.patch"
0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
- 0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
- 0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
- 0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
+ 0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
+ 0003-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
)
validpgpkeys=(
'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds
@@ -102,7 +101,7 @@ validpgpkeys=(
)
sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7'
'SKIP'
- '627c8bb675b760bf6533a7aacce843e222fb61f702777e6bbfb63db073dd9cbf'
+ 'ec38313c7ff463f781fb36502d4b49811a903462f031c5392b95231cc371190f'
'SKIP'
'fc3033c9f914bf8b6da687b97bca27b897c551993e5737d14e68469793446031'
'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21'
@@ -117,7 +116,6 @@ sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7'
'0dbf2d23df0b5d023794332872b8b346d0c4994576b778396364e803acac4498'
'e0f40fc665ca9fa3cd1f3c9055aa11ea3d5f2790c7c9face69254a24ef27ec04'
'd8a865a11665424b21fe6be9265eb287ee6d5646261a486954ddf3a4ee87e78f'
- '6ce57b8dba43db4c6ee167a8891167b7d1e1e101d5112e776113eb37de5c37d8'
'1c1f5792c98369c546840950e6569a690cd88e33d4f0931d2b0b5b88f705aa4d'
'ec7342aab478af79a17ff65cf65bbd6744b0caee8f66c77a39bba61a78e6576d')
@@ -132,14 +130,11 @@ prepare() {
# disable USER_NS for non-root users by default
patch -Np1 -i ../0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
- # https://nvd.nist.gov/vuln/detail/CVE-2017-8824
- patch -Np1 -i ../0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
-
# https://bugs.archlinux.org/task/56605
- patch -Np1 -i ../0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
+ patch -Np1 -i ../0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
# https://bugs.archlinux.org/task/56711
- patch -Np1 -i ../0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
+ patch -Np1 -i ../0003-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
# fix naming schema in EXTRAVERSION of ck patch set
sed -i -re "s/^(.EXTRAVERSION).*$/\1 = /" "../${_ckpatchname}"