diff options
Diffstat (limited to 'PKGBUILD')
-rw-r--r-- | PKGBUILD | 19 |
1 files changed, 17 insertions, 2 deletions
@@ -40,7 +40,7 @@ _use_current= pkgbase=linux-ck _srcname=linux-4.14 pkgver=4.14.6 -pkgrel=1 +pkgrel=2 _ckpatchversion=1 arch=('x86_64') url="https://wiki.archlinux.org/index.php/Linux-ck" @@ -67,6 +67,9 @@ source=( "$_preck2/1588e6bf316231685204e358dfe172851b39fd1e.patch" "$_preck2/df2a75f4864b30011ab6a6f365d9378d8eafa53b.patch" "$_preck2/a79d648fcde72fc98048d4435bc86864a59fd01b.patch" + 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch + 0001-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch + 0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch ) validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds @@ -86,7 +89,10 @@ sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7' '453ccb01d9e56ea3a33621516f0d52568e836d1932ff14e26567cc3fe2101a17' 'd2f59cf1c5187204eced6e53806b187e90698fcb2309955aed4020a15c659ae1' '3d4d2506795c4bd914959758f5b69ccf5a4f5a21f5d4bfc87bf0aa3b4b58f4c6' - '0dbf2d23df0b5d023794332872b8b346d0c4994576b778396364e803acac4498') + '0dbf2d23df0b5d023794332872b8b346d0c4994576b778396364e803acac4498' + '37b86ca3de148a34258e3176dbf41488d9dbd19e93adbd22a062b3c41332ce85' + 'c6e7db7dfd6a07e1fd0e20c3a5f0f315f9c2a366fe42214918b756f9a1c9bfa3' + '1d69940c6bf1731fa1d1da29b32ec4f594fa360118fe7b128c9810285ebf13e2') _kernelname=${pkgbase#linux} @@ -96,6 +102,15 @@ prepare() { # add upstream patch patch -p1 -i ../patch-${pkgver} + # disable USER_NS for non-root users by default + patch -Np1 -i ../0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch + + # https://bugs.archlinux.org/task/56575 + patch -Np1 -i ../0001-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch + + # https://nvd.nist.gov/vuln/detail/CVE-2017-8824 + patch -Np1 -i ../0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch + # fix naming schema in EXTRAVERSION of ck patch set sed -i -re "s/^(.EXTRAVERSION).*$/\1 = /" "../${_ckpatchname}" |