summarylogtreecommitdiffstats
path: root/PKGBUILD
diff options
context:
space:
mode:
Diffstat (limited to 'PKGBUILD')
-rw-r--r--PKGBUILD19
1 files changed, 17 insertions, 2 deletions
diff --git a/PKGBUILD b/PKGBUILD
index 90c8a5021ca5..9e1a19f6c8ca 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -40,7 +40,7 @@ _use_current=
pkgbase=linux-ck
_srcname=linux-4.14
pkgver=4.14.6
-pkgrel=1
+pkgrel=2
_ckpatchversion=1
arch=('x86_64')
url="https://wiki.archlinux.org/index.php/Linux-ck"
@@ -67,6 +67,9 @@ source=(
"$_preck2/1588e6bf316231685204e358dfe172851b39fd1e.patch"
"$_preck2/df2a75f4864b30011ab6a6f365d9378d8eafa53b.patch"
"$_preck2/a79d648fcde72fc98048d4435bc86864a59fd01b.patch"
+ 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
+ 0001-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch
+ 0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
)
validpgpkeys=(
'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds
@@ -86,7 +89,10 @@ sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7'
'453ccb01d9e56ea3a33621516f0d52568e836d1932ff14e26567cc3fe2101a17'
'd2f59cf1c5187204eced6e53806b187e90698fcb2309955aed4020a15c659ae1'
'3d4d2506795c4bd914959758f5b69ccf5a4f5a21f5d4bfc87bf0aa3b4b58f4c6'
- '0dbf2d23df0b5d023794332872b8b346d0c4994576b778396364e803acac4498')
+ '0dbf2d23df0b5d023794332872b8b346d0c4994576b778396364e803acac4498'
+ '37b86ca3de148a34258e3176dbf41488d9dbd19e93adbd22a062b3c41332ce85'
+ 'c6e7db7dfd6a07e1fd0e20c3a5f0f315f9c2a366fe42214918b756f9a1c9bfa3'
+ '1d69940c6bf1731fa1d1da29b32ec4f594fa360118fe7b128c9810285ebf13e2')
_kernelname=${pkgbase#linux}
@@ -96,6 +102,15 @@ prepare() {
# add upstream patch
patch -p1 -i ../patch-${pkgver}
+ # disable USER_NS for non-root users by default
+ patch -Np1 -i ../0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
+
+ # https://bugs.archlinux.org/task/56575
+ patch -Np1 -i ../0001-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch
+
+ # https://nvd.nist.gov/vuln/detail/CVE-2017-8824
+ patch -Np1 -i ../0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
+
# fix naming schema in EXTRAVERSION of ck patch set
sed -i -re "s/^(.EXTRAVERSION).*$/\1 = /" "../${_ckpatchname}"