diff options
-rw-r--r-- | .SRCINFO | 22 | ||||
-rw-r--r-- | 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch | 6 | ||||
-rw-r--r-- | 0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch | 10 | ||||
-rw-r--r-- | 0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch | 10 | ||||
-rw-r--r-- | 0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch (renamed from 0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch) | 10 | ||||
-rw-r--r-- | 0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch (renamed from 0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch) | 10 | ||||
-rw-r--r-- | 0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch | 42 | ||||
-rw-r--r-- | PKGBUILD | 28 |
8 files changed, 92 insertions, 46 deletions
@@ -1,13 +1,9 @@ pkgbase = linux-uksm pkgver = 4.14.12 - pkgrel = 1 + pkgrel = 2 url = https://github.com/dolohow/uksm arch = x86_64 license = GPL2 - makedepends = kmod - makedepends = inetutils - makedepends = bc - makedepends = libelf options = !strip source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.xz source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.sign @@ -23,8 +19,9 @@ pkgbase = linux-uksm source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch source = 0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch source = 0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch - source = 0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch - source = 0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch + source = 0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch + source = 0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch + source = 0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886 validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E sha512sums = 77e43a02d766c3d73b7e25c4aafb2e931d6b16e870510c22cef0cdb05c3acb7952b8908ebad12b10ef982c6efbe286364b1544586e715cf38390e483927904d8 @@ -38,11 +35,12 @@ pkgbase = linux-uksm sha512sums = 4a8b324aee4cccf3a512ad04ce1a272d14e5b05c8de90feb82075f55ea3845948d817e1b0c6f298f5816834ddd3e5ce0a0e2619866289f3c1ab8fd2f35f04f44 sha512sums = 6346b66f54652256571ef65da8e46db49a95ac5978ecd57a507c6b2a28aee70bb3ff87045ac493f54257c9965da1046a28b72cb5abb0087204d257f14b91fd74 sha512sums = 2dc6b0ba8f7dbf19d2446c5c5f1823587de89f4e28e9595937dd51a87755099656f2acec50e3e2546ea633ad1bfd1c722e0c2b91eef1d609103d8abdc0a7cbaf - sha512sums = 05f2c577450cfeae4b66a7d022a9dd0dab0dbf36e9738423efa8f45aaf0755b48a89f1f88b042946205e681458f76c5c5177c16869094839b7b234e0e2b27511 - sha512sums = fd9bdc818326fa36c9f1813d0d1821de5e325b646e1c307c197ad38bada7f298d35b4bc1bbf1c2854689f3ba71144879e799a1123037caccd6e3f64edfc22d54 - sha512sums = 814517d08c35cc886fe3382619d41107d6139a703c27186d0ce58e187eaf4e84891572e58246750ac8602555794ed6f74d946565b98860787a0aa617fb946dda - sha512sums = e6605e923c967b5f8db619868b15ea5b0d4254c62cf12bb920f38659933d6ca25a643d3e044c4915a8309071461f5f14c55d0aa0329c113bce4780d4fa3afbb7 - sha512sums = 0dec1482efe6e5d762a3061f365e43191484f055b738112452b8ca39e162b935d99cf16b25c0b253d6b532fabc54bde2f5c09be91887156ed6ae06d1558f94b9 + sha512sums = 46447e0257b7ad5db932eb50a241d046716f21b9c12698c9d83d5f3ef52aff4ba603b79a26616347e6993dcc4ec7452aef3c0c9cf430c73955ee8e61c62194a7 + sha512sums = 6f3b1efe81ac806217dd199a629f2d1ed55c6393ba1d90600cd2d2f41a865dca680e131b668265cc3e665be748295aea1b65877d737064661450d5cd089f0d96 + sha512sums = baa77972acdc1820af6ea82ae72e1dbc793bde242d77a5176ab29444c8a3e3c3670907a5e289045d1246e2dd706cdab64659f82605e2f84b30d5b3c8f3272de5 + sha512sums = 096eb9bbdeacae276145fc7b28946e8f6a432f9b5159b8a33d1df00c820d8b96780cc84541c30bb75bf8d9324ecb3222c2bcd9630d5310ef1d17d6fad0f68a15 + sha512sums = cfc7ee58c22639ed6a891ad6f42b2fbe15f684d706c8026b8b0cb463a06d8446ac06cacdac47a1e1c91028bea1611ae2e5d017a7e07a5471589039f33501966b + sha512sums = fcc40dc86dd432be76854e3c51889db488de0f1029ecc227b92c4f58c62ba928f7dc3b9515ac3ca0a08d6a0a72ca4a1a754d47c4fb274fe89f09a2a336088e7a pkgname = linux-uksm pkgdesc = Linux Kernel and modules with the UKSM. diff --git a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch index 64341b9b7026..c3364a49db0e 100644 --- a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch +++ b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch @@ -1,8 +1,8 @@ -From fb89d912d5f7289d3a922c77b671e36e1c740f5e Mon Sep 17 00:00:00 2001 -Message-Id: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> +From 0b716bdb952b678d9bb5eb32198dbc82ec492df2 Mon Sep 17 00:00:00 2001 +Message-Id: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> From: Serge Hallyn <serge.hallyn@canonical.com> Date: Fri, 31 May 2013 19:12:12 +0100 -Subject: [PATCH 1/7] add sysctl to disallow unprivileged CLONE_NEWUSER by +Subject: [PATCH 1/6] add sysctl to disallow unprivileged CLONE_NEWUSER by default Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> diff --git a/0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch b/0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch index 8c23c9a543ba..9961ab6f9273 100644 --- a/0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch +++ b/0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch @@ -1,10 +1,10 @@ -From 8c6956686606b9c3661e74a410c8cb2fc276c5ee Mon Sep 17 00:00:00 2001 -Message-Id: <8c6956686606b9c3661e74a410c8cb2fc276c5ee.1514959852.git.jan.steffens@gmail.com> -In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> -References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> +From e6a5e05524563626d14c1745619e37e79cb5a3a7 Mon Sep 17 00:00:00 2001 +Message-Id: <e6a5e05524563626d14c1745619e37e79cb5a3a7.1515173964.git.jan.steffens@gmail.com> +In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> +References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> From: Benjamin Poirier <bpoirier@suse.com> Date: Mon, 11 Dec 2017 16:26:40 +0900 -Subject: [PATCH 2/7] e1000e: Fix e1000_check_for_copper_link_ich8lan return +Subject: [PATCH 2/6] e1000e: Fix e1000_check_for_copper_link_ich8lan return value. e1000e_check_for_copper_link() and e1000_check_for_copper_link_ich8lan() diff --git a/0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch b/0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch index d7872e2a1cc2..15e4d29b6e14 100644 --- a/0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch +++ b/0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch @@ -1,10 +1,10 @@ -From b81e273fb227373a2951c7256ab11a87d5333a9d Mon Sep 17 00:00:00 2001 -Message-Id: <b81e273fb227373a2951c7256ab11a87d5333a9d.1514959852.git.jan.steffens@gmail.com> -In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> -References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> +From e3fff011db7dd80d53b6bda48bcf2313918aa7a8 Mon Sep 17 00:00:00 2001 +Message-Id: <e3fff011db7dd80d53b6bda48bcf2313918aa7a8.1515173964.git.jan.steffens@gmail.com> +In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> +References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> From: Mohamed Ghannam <simo.ghannam@gmail.com> Date: Tue, 5 Dec 2017 20:58:35 +0000 -Subject: [PATCH 3/7] dccp: CVE-2017-8824: use-after-free in DCCP code +Subject: [PATCH 3/6] dccp: CVE-2017-8824: use-after-free in DCCP code Whenever the sock object is in DCCP_CLOSED state, dccp_disconnect() must free dccps_hc_tx_ccid and diff --git a/0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch b/0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch index edd7b24a32d6..6b4de3a648d9 100644 --- a/0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch +++ b/0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch @@ -1,10 +1,10 @@ -From 3721d64246982f91a5bf863fc17ac60ff722e0c4 Mon Sep 17 00:00:00 2001 -Message-Id: <3721d64246982f91a5bf863fc17ac60ff722e0c4.1514959852.git.jan.steffens@gmail.com> -In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> -References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> +From 5a11be3bab2dcd6fe061206662969c4cea46988f Mon Sep 17 00:00:00 2001 +Message-Id: <5a11be3bab2dcd6fe061206662969c4cea46988f.1515173964.git.jan.steffens@gmail.com> +In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> +References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> From: Steffen Klassert <steffen.klassert@secunet.com> Date: Fri, 22 Dec 2017 10:44:57 +0100 -Subject: [PATCH 5/7] xfrm: Fix stack-out-of-bounds read on socket policy +Subject: [PATCH 4/6] xfrm: Fix stack-out-of-bounds read on socket policy lookup. When we do tunnel or beet mode, we pass saddr and daddr from the diff --git a/0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch b/0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch index 0a54ce129b3b..3090318aacb8 100644 --- a/0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch +++ b/0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch @@ -1,10 +1,10 @@ -From a79cb4d4e540c72a601ca0494e914565c16e2893 Mon Sep 17 00:00:00 2001 -Message-Id: <a79cb4d4e540c72a601ca0494e914565c16e2893.1514959852.git.jan.steffens@gmail.com> -In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> -References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> +From eadda028a73a567edd8462ccd0e8c28e023cde28 Mon Sep 17 00:00:00 2001 +Message-Id: <eadda028a73a567edd8462ccd0e8c28e023cde28.1515173964.git.jan.steffens@gmail.com> +In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> +References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> From: Tejun Heo <tj@kernel.org> Date: Wed, 20 Dec 2017 07:09:19 -0800 -Subject: [PATCH 6/7] cgroup: fix css_task_iter crash on CSS_TASK_ITER_PROC +Subject: [PATCH 5/6] cgroup: fix css_task_iter crash on CSS_TASK_ITER_PROC While teaching css_task_iter to handle skipping over tasks which aren't group leaders, bc2fb7ed089f ("cgroup: add @flags to diff --git a/0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch b/0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch new file mode 100644 index 000000000000..5d36d15ac47b --- /dev/null +++ b/0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch @@ -0,0 +1,42 @@ +From cf45be4971bdd769c09e2a11db483510cd0bcc5f Mon Sep 17 00:00:00 2001 +Message-Id: <cf45be4971bdd769c09e2a11db483510cd0bcc5f.1515173964.git.jan.steffens@gmail.com> +In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> +References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> +From: Jim Bride <jim.bride@linux.intel.com> +Date: Mon, 6 Nov 2017 13:38:57 -0800 +Subject: [PATCH 6/6] drm/i915/edp: Only use the alternate fixed mode if it's + asked for + +In commit dc911f5bd8aa ("drm/i915/edp: Allow alternate fixed mode for +eDP if available."), the patch allows for the use of an alternate fixed +mode if it is available, but the patch was not ensuring that the only +time the alternate mode is used is when it is specifically requested. +This patch adds an additional comparison to intel_edp_compare_alt_mode +to ensure that we only use the alternate mode if it is directly +requested. + +Fixes: dc911f5bd8aac ("Allow alternate fixed mode for eDP if available.") +Cc: David Weinehall <david.weinehall@linux.intel.com> +Cc: Rodrigo Vivi <rodrigo.vivi@intel.com> +Signed-off-by: Jim Bride <jim.bride@linux.intel.com> +--- + drivers/gpu/drm/i915/intel_dp.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c +index 09f274419eea1c74..838cee312e8e6978 100644 +--- a/drivers/gpu/drm/i915/intel_dp.c ++++ b/drivers/gpu/drm/i915/intel_dp.c +@@ -1632,7 +1632,8 @@ static bool intel_edp_compare_alt_mode(struct drm_display_mode *m1, + m1->vdisplay == m2->vdisplay && + m1->vsync_start == m2->vsync_start && + m1->vsync_end == m2->vsync_end && +- m1->vtotal == m2->vtotal); ++ m1->vtotal == m2->vtotal && ++ m1->vrefresh == m2->vrefresh); + return bres; + } + +-- +2.15.1 + @@ -52,12 +52,12 @@ pkgbase=linux-uksm # pkgname=('linux-uksm' 'linux-uksm-headers' 'linux-uksm-docs') _srcname=linux-4.14 pkgver=4.14.12 -pkgrel=1 +pkgrel=2 arch=('x86_64') url="https://github.com/dolohow/uksm" license=('GPL2') options=('!strip') -makedepends=('kmod' 'inetutils' 'bc' 'libelf') +#makedepends=('kmod' 'inetutils' 'bc' 'libelf') _uksm_path="https://raw.githubusercontent.com/dolohow/uksm/master" _uksm_patch="uksm-4.14.patch" _gcc_path="https://raw.githubusercontent.com/sirlucjan/kernel_gcc_patch/master" @@ -82,8 +82,9 @@ source=("https://www.kernel.org/pub/linux/kernel/v4.x/${_srcname}.tar.xz" '0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch' '0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch' '0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch' - '0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch' - '0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch') + '0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch' + '0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch' + '0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch') _kernelname=${pkgbase#linux} @@ -108,11 +109,15 @@ prepare() { ### Fix https://bugs.archlinux.org/task/56605 msg "Fix #56605" - patch -Np1 -i ../0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch + patch -Np1 -i ../0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch ### Fix https://bugs.archlinux.org/task/56846 msg "Fix #56846" - patch -Np1 -i ../0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch + patch -Np1 -i ../0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch + + ### Fix https://bugs.archlinux.org/task/56711 + msg "Fix #56711" + patch -Np1 -i ../0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch ### Patch source with UKSM msg "Patching source with UKSM" @@ -389,11 +394,12 @@ sha512sums=('77e43a02d766c3d73b7e25c4aafb2e931d6b16e870510c22cef0cdb05c3acb7952b '4a8b324aee4cccf3a512ad04ce1a272d14e5b05c8de90feb82075f55ea3845948d817e1b0c6f298f5816834ddd3e5ce0a0e2619866289f3c1ab8fd2f35f04f44' '6346b66f54652256571ef65da8e46db49a95ac5978ecd57a507c6b2a28aee70bb3ff87045ac493f54257c9965da1046a28b72cb5abb0087204d257f14b91fd74' '2dc6b0ba8f7dbf19d2446c5c5f1823587de89f4e28e9595937dd51a87755099656f2acec50e3e2546ea633ad1bfd1c722e0c2b91eef1d609103d8abdc0a7cbaf' - '05f2c577450cfeae4b66a7d022a9dd0dab0dbf36e9738423efa8f45aaf0755b48a89f1f88b042946205e681458f76c5c5177c16869094839b7b234e0e2b27511' - 'fd9bdc818326fa36c9f1813d0d1821de5e325b646e1c307c197ad38bada7f298d35b4bc1bbf1c2854689f3ba71144879e799a1123037caccd6e3f64edfc22d54' - '814517d08c35cc886fe3382619d41107d6139a703c27186d0ce58e187eaf4e84891572e58246750ac8602555794ed6f74d946565b98860787a0aa617fb946dda' - 'e6605e923c967b5f8db619868b15ea5b0d4254c62cf12bb920f38659933d6ca25a643d3e044c4915a8309071461f5f14c55d0aa0329c113bce4780d4fa3afbb7' - '0dec1482efe6e5d762a3061f365e43191484f055b738112452b8ca39e162b935d99cf16b25c0b253d6b532fabc54bde2f5c09be91887156ed6ae06d1558f94b9') + '46447e0257b7ad5db932eb50a241d046716f21b9c12698c9d83d5f3ef52aff4ba603b79a26616347e6993dcc4ec7452aef3c0c9cf430c73955ee8e61c62194a7' + '6f3b1efe81ac806217dd199a629f2d1ed55c6393ba1d90600cd2d2f41a865dca680e131b668265cc3e665be748295aea1b65877d737064661450d5cd089f0d96' + 'baa77972acdc1820af6ea82ae72e1dbc793bde242d77a5176ab29444c8a3e3c3670907a5e289045d1246e2dd706cdab64659f82605e2f84b30d5b3c8f3272de5' + '096eb9bbdeacae276145fc7b28946e8f6a432f9b5159b8a33d1df00c820d8b96780cc84541c30bb75bf8d9324ecb3222c2bcd9630d5310ef1d17d6fad0f68a15' + 'cfc7ee58c22639ed6a891ad6f42b2fbe15f684d706c8026b8b0cb463a06d8446ac06cacdac47a1e1c91028bea1611ae2e5d017a7e07a5471589039f33501966b' + 'fcc40dc86dd432be76854e3c51889db488de0f1029ecc227b92c4f58c62ba928f7dc3b9515ac3ca0a08d6a0a72ca4a1a754d47c4fb274fe89f09a2a336088e7a') validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds |