diff options
-rw-r--r-- | .SRCINFO | 14 | ||||
-rw-r--r-- | 0001-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch | 73 | ||||
-rw-r--r-- | 0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch | 57 | ||||
-rw-r--r-- | PKGBUILD | 18 | ||||
-rw-r--r-- | config | 2 |
5 files changed, 154 insertions, 10 deletions
@@ -1,5 +1,5 @@ pkgbase = linux-max98090 - pkgver = 4.14.6 + pkgver = 4.14.7 pkgrel = 1 url = https://www.kernel.org/ arch = x86_64 @@ -14,24 +14,28 @@ pkgbase = linux-max98090 options = !strip source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.xz source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.sign - source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.6.xz - source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.6.sign + source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.7.xz + source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.7.sign source = config source = 60-linux.hook source = 90-linux.hook source = linux.preset source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch + source = 0001-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch + source = 0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886 validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E sha256sums = f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7 sha256sums = SKIP - sha256sums = c75b40f450f147014a08987949aafb71d9fcd3e91e443f5c8e4edbf1bbc386c6 + sha256sums = 5c286695439b4a1a2c7a112cf41aae0441b03ef41dfe83a0d61161c16dc265f5 sha256sums = SKIP - sha256sums = 663d414be1974c371d7430c469ba5b1142bcbfa11bbe55b6066b0af8c06c0e30 + sha256sums = cee483f6ef070a646e32b2dcd9ec9525ddf739cebb2136cac938004a73eb6c38 sha256sums = ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21 sha256sums = 75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919 sha256sums = ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65 sha256sums = 37b86ca3de148a34258e3176dbf41488d9dbd19e93adbd22a062b3c41332ce85 + sha256sums = c6e7db7dfd6a07e1fd0e20c3a5f0f315f9c2a366fe42214918b756f9a1c9bfa3 + sha256sums = 1d69940c6bf1731fa1d1da29b32ec4f594fa360118fe7b128c9810285ebf13e2 pkgname = linux-max98090 pkgdesc = The Archlinux kernel and modules with a fix for baytrail max98090 sound diff --git a/0001-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch b/0001-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch new file mode 100644 index 000000000000..7e3ecbde40ff --- /dev/null +++ b/0001-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch @@ -0,0 +1,73 @@ +From c3c1af44db713ac6624e729ea4832d0ce70685e0 Mon Sep 17 00:00:00 2001 +Message-Id: <c3c1af44db713ac6624e729ea4832d0ce70685e0.1513282811.git.jan.steffens@gmail.com> +From: Benjamin Poirier <bpoirier@suse.com> +Date: Mon, 11 Dec 2017 16:26:40 +0900 +Subject: [PATCH 1/2] e1000e: Fix e1000_check_for_copper_link_ich8lan return + value. + +e1000e_check_for_copper_link() and e1000_check_for_copper_link_ich8lan() +are the two functions that may be assigned to mac.ops.check_for_link when +phy.media_type == e1000_media_type_copper. Commit 19110cfbb34d ("e1000e: +Separate signaling for link check/link up") changed the meaning of the +return value of check_for_link for copper media but only adjusted the first +function. This patch adjusts the second function likewise. + +Reported-by: Christian Hesse <list@eworm.de> +Reported-by: Gabriel C <nix.or.die@gmail.com> +Link: https://bugzilla.kernel.org/show_bug.cgi?id=198047 +Fixes: 19110cfbb34d ("e1000e: Separate signaling for link check/link up") +Tested-by: Christian Hesse <list@eworm.de> +Signed-off-by: Benjamin Poirier <bpoirier@suse.com> +--- + drivers/net/ethernet/intel/e1000e/ich8lan.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/drivers/net/ethernet/intel/e1000e/ich8lan.c b/drivers/net/ethernet/intel/e1000e/ich8lan.c +index d6d4ed7acf031172..31277d3bb7dc1241 100644 +--- a/drivers/net/ethernet/intel/e1000e/ich8lan.c ++++ b/drivers/net/ethernet/intel/e1000e/ich8lan.c +@@ -1367,22 +1367,25 @@ static s32 e1000_disable_ulp_lpt_lp(struct e1000_hw *hw, bool force) + * Checks to see of the link status of the hardware has changed. If a + * change in link status has been detected, then we read the PHY registers + * to get the current speed/duplex if link exists. ++ * ++ * Returns a negative error code (-E1000_ERR_*) or 0 (link down) or 1 (link ++ * up). + **/ + static s32 e1000_check_for_copper_link_ich8lan(struct e1000_hw *hw) + { + struct e1000_mac_info *mac = &hw->mac; + s32 ret_val, tipg_reg = 0; + u16 emi_addr, emi_val = 0; + bool link; + u16 phy_reg; + + /* We only want to go out to the PHY registers to see if Auto-Neg + * has completed and/or if our link status has changed. The + * get_link_status flag is set upon receiving a Link Status + * Change or Rx Sequence Error interrupt. + */ + if (!mac->get_link_status) +- return 0; ++ return 1; + + /* First we want to see if the MII Status Register reports + * link. If so, then we want to get the current speed/duplex +@@ -1613,10 +1616,12 @@ static s32 e1000_check_for_copper_link_ich8lan(struct e1000_hw *hw) + * different link partner. + */ + ret_val = e1000e_config_fc_after_link_up(hw); +- if (ret_val) ++ if (ret_val) { + e_dbg("Error configuring flow control\n"); ++ return ret_val; ++ } + +- return ret_val; ++ return 1; + } + + static s32 e1000_get_variants_ich8lan(struct e1000_adapter *adapter) +-- +2.15.1 + diff --git a/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch b/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch new file mode 100644 index 000000000000..26311bf3bb54 --- /dev/null +++ b/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch @@ -0,0 +1,57 @@ +From 80d3e994e0631d9135cadf20a0b5ad483d7e9bbb Mon Sep 17 00:00:00 2001 +Message-Id: <80d3e994e0631d9135cadf20a0b5ad483d7e9bbb.1513282811.git.jan.steffens@gmail.com> +In-Reply-To: <c3c1af44db713ac6624e729ea4832d0ce70685e0.1513282811.git.jan.steffens@gmail.com> +References: <c3c1af44db713ac6624e729ea4832d0ce70685e0.1513282811.git.jan.steffens@gmail.com> +From: Mohamed Ghannam <simo.ghannam@gmail.com> +Date: Tue, 5 Dec 2017 20:58:35 +0000 +Subject: [PATCH 2/2] dccp: CVE-2017-8824: use-after-free in DCCP code + +Whenever the sock object is in DCCP_CLOSED state, +dccp_disconnect() must free dccps_hc_tx_ccid and +dccps_hc_rx_ccid and set to NULL. + +Signed-off-by: Mohamed Ghannam <simo.ghannam@gmail.com> +Reviewed-by: Eric Dumazet <edumazet@google.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +--- + net/dccp/proto.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/net/dccp/proto.c b/net/dccp/proto.c +index b68168fcc06aa198..9d43c1f4027408f3 100644 +--- a/net/dccp/proto.c ++++ b/net/dccp/proto.c +@@ -259,25 +259,30 @@ int dccp_disconnect(struct sock *sk, int flags) + { + struct inet_connection_sock *icsk = inet_csk(sk); + struct inet_sock *inet = inet_sk(sk); ++ struct dccp_sock *dp = dccp_sk(sk); + int err = 0; + const int old_state = sk->sk_state; + + if (old_state != DCCP_CLOSED) + dccp_set_state(sk, DCCP_CLOSED); + + /* + * This corresponds to the ABORT function of RFC793, sec. 3.8 + * TCP uses a RST segment, DCCP a Reset packet with Code 2, "Aborted". + */ + if (old_state == DCCP_LISTEN) { + inet_csk_listen_stop(sk); + } else if (dccp_need_reset(old_state)) { + dccp_send_reset(sk, DCCP_RESET_CODE_ABORTED); + sk->sk_err = ECONNRESET; + } else if (old_state == DCCP_REQUESTING) + sk->sk_err = ECONNRESET; + + dccp_clear_xmit_timers(sk); ++ ccid_hc_rx_delete(dp->dccps_hc_rx_ccid, sk); ++ ccid_hc_tx_delete(dp->dccps_hc_tx_ccid, sk); ++ dp->dccps_hc_rx_ccid = NULL; ++ dp->dccps_hc_tx_ccid = NULL; + + __skb_queue_purge(&sk->sk_receive_queue); + __skb_queue_purge(&sk->sk_write_queue); +-- +2.15.1 + @@ -3,7 +3,7 @@ pkgbase=linux-max98090 _srcname=linux-4.14 -pkgver=4.14.6 +pkgver=4.14.7 pkgrel=1 arch=('x86_64') url="https://www.kernel.org/" @@ -20,6 +20,8 @@ source=( '90-linux.hook' # pacman hook for initramfs regeneration 'linux.preset' # standard config files for mkinitcpio ramdisk '0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch' + '0001-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch' + '0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch' ) validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds @@ -27,13 +29,15 @@ validpgpkeys=( ) sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7' 'SKIP' - 'c75b40f450f147014a08987949aafb71d9fcd3e91e443f5c8e4edbf1bbc386c6' + '5c286695439b4a1a2c7a112cf41aae0441b03ef41dfe83a0d61161c16dc265f5' 'SKIP' - '663d414be1974c371d7430c469ba5b1142bcbfa11bbe55b6066b0af8c06c0e30' + 'cee483f6ef070a646e32b2dcd9ec9525ddf739cebb2136cac938004a73eb6c38' 'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21' '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919' 'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65' - '37b86ca3de148a34258e3176dbf41488d9dbd19e93adbd22a062b3c41332ce85') + '37b86ca3de148a34258e3176dbf41488d9dbd19e93adbd22a062b3c41332ce85' + 'c6e7db7dfd6a07e1fd0e20c3a5f0f315f9c2a366fe42214918b756f9a1c9bfa3' + '1d69940c6bf1731fa1d1da29b32ec4f594fa360118fe7b128c9810285ebf13e2') _kernelname=${pkgbase#linux} @@ -51,6 +55,12 @@ prepare() { # disable USER_NS for non-root users by default patch -Np1 -i ../0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch + # https://bugs.archlinux.org/task/56575 + patch -Np1 -i ../0001-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch + + # https://nvd.nist.gov/vuln/detail/CVE-2017-8824 + patch -Np1 -i ../0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch + cp -Tf ../config .config if [ "${_kernelname}" != "" ]; then @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.14.6-1 Kernel Configuration +# Linux/x86 4.14.7-1 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y |