1 files changed, 16 insertions, 5 deletions

diff --git a/PKGBUILD b/PKGBUILD
index 205fad14b5b2..ef66f7b91a39 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -5,7 +5,7 @@
 pkgbase=linux-selinux
 _srcname=linux-4.11
 pkgver=4.11.6
-pkgrel=1
+pkgrel=3
 arch=('i686' 'x86_64')
 url="https://www.kernel.org/"
 license=('GPL2')
@@ -21,16 +21,22 @@ source=("https://www.kernel.org/pub/linux/kernel/v4.x/${_srcname}.tar.xz"
         # pacman hook for initramfs regeneration
         '90-linux.hook'
         # standard config files for mkinitcpio ramdisk
-        'linux.preset')
+        'linux.preset'
+        CVE-2017-1000364.mm-larger-stack-guard-gap-between-vmas.patch
+        CVE-2017-1000364.mm-fix-new-crash-in-unmapped_area_topdown.patch
+        CVE-2017-1000364.fixup.allow-stack-to-grow-up-to-address-space-limit.patch)
 
 sha256sums=('b67ecafd0a42b3383bf4d82f0850cbff92a7e72a215a6d02f42ddbafcf42a7d6'
             'SKIP'
             '00c0b804ccda18d6ed4a32ba0be049a80363aa2bc084733a22da03f435d992a4'
             'SKIP'
-            'cdb71954e601a1a9bed9e9fb3ba7d8d704953d8bc816dbadee9ef0ddbac3e8ed'
-            '37907b939ccbfefb31d1caa655d95f9828a368ecf9631ff02c7bd73ec1ff9209'
+            '07caad444b2bfea964135d161742ea84601bed448393f3389a486b5cd10f6db5'
+            '6dd031414c3677ecafb2886a38616bca0e8a52850150f9341bc95038118541c4'
             '834bd254b56ab71d73f59b3221f056c72f559553c04718e350ab2a3e2991afe0'
-            'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65')
+            'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65'
+            'e1b6a237894fb9e7bf142eb97b5e53c2e46a15ff69ef11593007f254b9faa160'
+            'beede1721c92bae39049be5bcb30e4274406dc53c41436bf75bd44238ee8efe4'
+            'de9c4f81b51c497de930b365f63633a005e3b8bcfbb21be93fe0cbab84ed9f76')
 validpgpkeys=(
               'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds
               '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman
@@ -44,6 +50,11 @@ prepare() {
   # add upstream patch
   patch -p1 -i "${srcdir}/patch-${pkgver}"
 
+  # security patches
+  patch -p1 < "${srcdir}/CVE-2017-1000364.mm-larger-stack-guard-gap-between-vmas.patch"
+  patch -p1 < "${srcdir}/CVE-2017-1000364.mm-fix-new-crash-in-unmapped_area_topdown.patch"
+  patch -p1 < "${srcdir}/CVE-2017-1000364.fixup.allow-stack-to-grow-up-to-address-space-limit.patch"
+
   # add latest fixes from stable queue, if needed
   # http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git