diff options
-rw-r--r-- | .SRCINFO | 16 | ||||
-rw-r--r-- | 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch | 2 | ||||
-rw-r--r-- | 0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch (renamed from 0003-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch) | 2 | ||||
-rw-r--r-- | 0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch | 49 | ||||
-rw-r--r-- | PKGBUILD | 18 |
5 files changed, 15 insertions, 72 deletions
@@ -1,5 +1,5 @@ pkgbase = linux-uksm - pkgver = 4.14.21 + pkgver = 4.14.22 pkgrel = 1 url = https://github.com/dolohow/uksm arch = x86_64 @@ -7,8 +7,8 @@ pkgbase = linux-uksm options = !strip source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.xz source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.sign - source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.21.xz - source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.21.sign + source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.22.xz + source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.22.sign source = https://raw.githubusercontent.com/sirlucjan/kernel_gcc_patch/master/enable_additional_cpu_optimizations_for_gcc_v4.9+_kernel_v4.13+.patch source = https://raw.githubusercontent.com/dolohow/uksm/master/uksm-4.14.patch source = config @@ -17,13 +17,12 @@ pkgbase = linux-uksm source = 99-linux.hook source = linux.preset source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch - source = 0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch - source = 0003-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch + source = 0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886 validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E sha512sums = 77e43a02d766c3d73b7e25c4aafb2e931d6b16e870510c22cef0cdb05c3acb7952b8908ebad12b10ef982c6efbe286364b1544586e715cf38390e483927904d8 sha512sums = SKIP - sha512sums = 90a85a110b8b9ff79e0f7e6e47149bd118e62c479506ef3605c06d688983e5b7da482dc06e0de1133f0cf6860cd66a2340191c827d5809dd3a5f81e271f57e14 + sha512sums = 2e0216fe250ab84c7deee6f0f8751d34de3afbc3c5a0287e53cff6f866f15aad3610b5f8dfd9c514f60c766e8fb87df2e5db49777570ac5433a026848f1a21cf sha512sums = SKIP sha512sums = 5ca7ae20245a54caa71fb570d971d6872d4e888f35c6123b93fbca16baf9a0e2500d6ec931f3906e4faecaaca9cad0d593694d9cab617efd0cb7b5fc09c0fa48 sha512sums = 44b31276d4d712e4e1e1455e128daa079ddd9d72a4620289607faf6134a225737004e8742de79e0283e98ef2d4f746f075e041870d37eab191c93c566f945c7f @@ -32,9 +31,8 @@ pkgbase = linux-uksm sha512sums = 4a8b324aee4cccf3a512ad04ce1a272d14e5b05c8de90feb82075f55ea3845948d817e1b0c6f298f5816834ddd3e5ce0a0e2619866289f3c1ab8fd2f35f04f44 sha512sums = 6346b66f54652256571ef65da8e46db49a95ac5978ecd57a507c6b2a28aee70bb3ff87045ac493f54257c9965da1046a28b72cb5abb0087204d257f14b91fd74 sha512sums = 2dc6b0ba8f7dbf19d2446c5c5f1823587de89f4e28e9595937dd51a87755099656f2acec50e3e2546ea633ad1bfd1c722e0c2b91eef1d609103d8abdc0a7cbaf - sha512sums = 9268112c46f06ff359c91097ad06a7cff546d0b1251f1133a981479fb6f810854585433e8000f287aeffa1b6c4c7da143c7ae2a6760759aa1d0d438141cd66f9 - sha512sums = 9bf06ae89a6e55d2dcc27b510bc034d822c308e2d652c4839e3135e5225b1a9cca1b39f90fd3e5f0d480e09257d0cb6d9d4c0cd89f5b56095f6d999dfff24d37 - sha512sums = 14a9bdadc26a3bbd35baba8d550b39ac941600de7c0c7553fab94e47431e5a58066a561e04891fbfd911f573be801d357d6a9149e51472136bf05ac9b26ab61a + sha512sums = 4586b3fcdf2696b23f1a03007505229074e3a1af98cfdb21ef902f72e1d3b475b7ffbf62cc8607fb1107ead870a9de49a52eed22a516ced803c9f00c079fab76 + sha512sums = e28a7dffc33dedff84e93d99aa1e9d6af07d4b9429062934991d5555e2d655da7566a1390c1c9381738d2afc0b33e28b1196697fd234b18113593276493407a3 pkgname = linux-uksm pkgdesc = Linux Kernel and modules with the UKSM. diff --git a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch index b0abaa0d5492..f6fd943f953e 100644 --- a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch +++ b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch @@ -2,7 +2,7 @@ From 0b716bdb952b678d9bb5eb32198dbc82ec492df2 Mon Sep 17 00:00:00 2001 Message-Id: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> From: Serge Hallyn <serge.hallyn@canonical.com> Date: Fri, 31 May 2013 19:12:12 +0100 -Subject: [PATCH 1/3] add sysctl to disallow unprivileged CLONE_NEWUSER by +Subject: [PATCH 1/2] add sysctl to disallow unprivileged CLONE_NEWUSER by default Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> diff --git a/0003-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch b/0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch index 08c1ff153fd5..3b92eae35ce9 100644 --- a/0003-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch +++ b/0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch @@ -4,7 +4,7 @@ In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffe References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> From: Jim Bride <jim.bride@linux.intel.com> Date: Mon, 6 Nov 2017 13:38:57 -0800 -Subject: [PATCH 3/3] drm/i915/edp: Only use the alternate fixed mode if it's +Subject: [PATCH 2/2] drm/i915/edp: Only use the alternate fixed mode if it's asked for In commit dc911f5bd8aa ("drm/i915/edp: Allow alternate fixed mode for diff --git a/0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch b/0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch deleted file mode 100644 index 9a874b47588e..000000000000 --- a/0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 5a11be3bab2dcd6fe061206662969c4cea46988f Mon Sep 17 00:00:00 2001 -Message-Id: <5a11be3bab2dcd6fe061206662969c4cea46988f.1515173964.git.jan.steffens@gmail.com> -In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> -References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> -From: Steffen Klassert <steffen.klassert@secunet.com> -Date: Fri, 22 Dec 2017 10:44:57 +0100 -Subject: [PATCH 2/3] xfrm: Fix stack-out-of-bounds read on socket policy - lookup. - -When we do tunnel or beet mode, we pass saddr and daddr from the -template to xfrm_state_find(), this is ok. On transport mode, -we pass the addresses from the flowi, assuming that the IP -addresses (and address family) don't change during transformation. -This assumption is wrong in the IPv4 mapped IPv6 case, packet -is IPv4 and template is IPv6. - -Fix this by catching address family missmatches of the policy -and the flow already before we do the lookup. - -Reported-by: syzbot <syzkaller@googlegroups.com> -Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> ---- - net/xfrm/xfrm_policy.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c -index 6bc16bb61b5533ef..50c5f46b5cca942e 100644 ---- a/net/xfrm/xfrm_policy.c -+++ b/net/xfrm/xfrm_policy.c -@@ -1169,9 +1169,15 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir, - again: - pol = rcu_dereference(sk->sk_policy[dir]); - if (pol != NULL) { -- bool match = xfrm_selector_match(&pol->selector, fl, family); -+ bool match; - int err = 0; - -+ if (pol->family != family) { -+ pol = NULL; -+ goto out; -+ } -+ -+ match = xfrm_selector_match(&pol->selector, fl, family); - if (match) { - if ((sk->sk_mark & pol->mark.m) != pol->mark.v) { - pol = NULL; --- -2.15.1 - @@ -51,7 +51,7 @@ _use_current= pkgbase=linux-uksm # pkgname=('linux-uksm' 'linux-uksm-headers' 'linux-uksm-docs') _srcname=linux-4.14 -pkgver=4.14.21 +pkgver=4.14.22 pkgrel=1 arch=('x86_64') url="https://github.com/dolohow/uksm" @@ -80,8 +80,7 @@ source=("https://www.kernel.org/pub/linux/kernel/v4.x/${_srcname}.tar.xz" # standard config files for mkinitcpio ramdisk 'linux.preset' '0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch' - '0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch' - '0003-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch') + '0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch') _kernelname=${pkgbase#linux} @@ -95,14 +94,10 @@ prepare() { ### Disable USER_NS for non-root users by default msg "Disable USER_NS for non-root users by default" patch -Np1 -i ../0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch - - ### Fix https://bugs.archlinux.org/task/56605 - msg "Fix #56605" - patch -Np1 -i ../0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch ### Fix https://bugs.archlinux.org/task/56711 msg "Fix #56711" - patch -Np1 -i ../0003-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch + patch -Np1 -i ../0002-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch ### Patch source with UKSM msg "Patching source with UKSM" @@ -369,7 +364,7 @@ done sha512sums=('77e43a02d766c3d73b7e25c4aafb2e931d6b16e870510c22cef0cdb05c3acb7952b8908ebad12b10ef982c6efbe286364b1544586e715cf38390e483927904d8' 'SKIP' - '90a85a110b8b9ff79e0f7e6e47149bd118e62c479506ef3605c06d688983e5b7da482dc06e0de1133f0cf6860cd66a2340191c827d5809dd3a5f81e271f57e14' + '2e0216fe250ab84c7deee6f0f8751d34de3afbc3c5a0287e53cff6f866f15aad3610b5f8dfd9c514f60c766e8fb87df2e5db49777570ac5433a026848f1a21cf' 'SKIP' '5ca7ae20245a54caa71fb570d971d6872d4e888f35c6123b93fbca16baf9a0e2500d6ec931f3906e4faecaaca9cad0d593694d9cab617efd0cb7b5fc09c0fa48' '44b31276d4d712e4e1e1455e128daa079ddd9d72a4620289607faf6134a225737004e8742de79e0283e98ef2d4f746f075e041870d37eab191c93c566f945c7f' @@ -378,9 +373,8 @@ sha512sums=('77e43a02d766c3d73b7e25c4aafb2e931d6b16e870510c22cef0cdb05c3acb7952b '4a8b324aee4cccf3a512ad04ce1a272d14e5b05c8de90feb82075f55ea3845948d817e1b0c6f298f5816834ddd3e5ce0a0e2619866289f3c1ab8fd2f35f04f44' '6346b66f54652256571ef65da8e46db49a95ac5978ecd57a507c6b2a28aee70bb3ff87045ac493f54257c9965da1046a28b72cb5abb0087204d257f14b91fd74' '2dc6b0ba8f7dbf19d2446c5c5f1823587de89f4e28e9595937dd51a87755099656f2acec50e3e2546ea633ad1bfd1c722e0c2b91eef1d609103d8abdc0a7cbaf' - '9268112c46f06ff359c91097ad06a7cff546d0b1251f1133a981479fb6f810854585433e8000f287aeffa1b6c4c7da143c7ae2a6760759aa1d0d438141cd66f9' - '9bf06ae89a6e55d2dcc27b510bc034d822c308e2d652c4839e3135e5225b1a9cca1b39f90fd3e5f0d480e09257d0cb6d9d4c0cd89f5b56095f6d999dfff24d37' - '14a9bdadc26a3bbd35baba8d550b39ac941600de7c0c7553fab94e47431e5a58066a561e04891fbfd911f573be801d357d6a9149e51472136bf05ac9b26ab61a') + '4586b3fcdf2696b23f1a03007505229074e3a1af98cfdb21ef902f72e1d3b475b7ffbf62cc8607fb1107ead870a9de49a52eed22a516ced803c9f00c079fab76' + 'e28a7dffc33dedff84e93d99aa1e9d6af07d4b9429062934991d5555e2d655da7566a1390c1c9381738d2afc0b33e28b1196697fd234b18113593276493407a3') validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds |