diff options
| -rw-r--r-- | abs/core/linux/CVE-2016-0728.patch | 78 | ||||
| -rw-r--r-- | abs/core/linux/PKGBUILD | 40 | ||||
| -rw-r--r-- | abs/core/linux/config | 2 | ||||
| -rw-r--r-- | abs/core/linux/config.x86_64 | 2 | ||||
| -rw-r--r-- | abs/core/linux/linux.install.pkg | 2 | ||||
| -rw-r--r-- | abs/core/linux/suspend-xfs.patch | 12 | ||||
| -rw-r--r-- | abs/core/linux/tpmdd-devel-v3-base-platform-fix-binding-for-drivers-without-probe-callback.patch | 24 |
7 files changed, 17 insertions, 143 deletions
diff --git a/abs/core/linux/CVE-2016-0728.patch b/abs/core/linux/CVE-2016-0728.patch deleted file mode 100644 index e915d82..0000000 --- a/abs/core/linux/CVE-2016-0728.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 23567fd052a9abb6d67fe8e7a9ccdd9800a540f2 Mon Sep 17 00:00:00 2001 -From: Yevgeny Pats <yevgeny@perception-point.io> -Date: Tue, 19 Jan 2016 22:09:04 +0000 -Subject: [PATCH] KEYS: Fix keyring ref leak in join_session_keyring() - -This fixes CVE-2016-0728. - -If a thread is asked to join as a session keyring the keyring that's already -set as its session, we leak a keyring reference. - -This can be tested with the following program: - - #include <stddef.h> - #include <stdio.h> - #include <sys/types.h> - #include <keyutils.h> - - int main(int argc, const char *argv[]) - { - int i = 0; - key_serial_t serial; - - serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, - "leaked-keyring"); - if (serial < 0) { - perror("keyctl"); - return -1; - } - - if (keyctl(KEYCTL_SETPERM, serial, - KEY_POS_ALL | KEY_USR_ALL) < 0) { - perror("keyctl"); - return -1; - } - - for (i = 0; i < 100; i++) { - serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, - "leaked-keyring"); - if (serial < 0) { - perror("keyctl"); - return -1; - } - } - - return 0; - } - -If, after the program has run, there something like the following line in -/proc/keys: - -3f3d898f I--Q--- 100 perm 3f3f0000 0 0 keyring leaked-keyring: empty - -with a usage count of 100 * the number of times the program has been run, -then the kernel is malfunctioning. If leaked-keyring has zero usages or -has been garbage collected, then the problem is fixed. - -Reported-by: Yevgeny Pats <yevgeny@perception-point.io> -Signed-off-by: David Howells <dhowells@redhat.com> -Acked-by: Don Zickus <dzickus@redhat.com> -Acked-by: Prarit Bhargava <prarit@redhat.com> -Acked-by: Jarod Wilson <jarod@redhat.com> -Signed-off-by: James Morris <james.l.morris@oracle.com> ---- - security/keys/process_keys.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c -index a3f85d2a..e6d50172 100644 ---- a/security/keys/process_keys.c -+++ b/security/keys/process_keys.c -@@ -794,6 +794,7 @@ long join_session_keyring(const char *name) - ret = PTR_ERR(keyring); - goto error2; - } else if (keyring == new->session_keyring) { -+ key_put(keyring); - ret = 0; - goto error2; - } diff --git a/abs/core/linux/PKGBUILD b/abs/core/linux/PKGBUILD index d54233d..f69c7f1 100644 --- a/abs/core/linux/PKGBUILD +++ b/abs/core/linux/PKGBUILD @@ -5,8 +5,8 @@ pkgbase=linux # Build stock -ARCH kernel #pkgbase=linux-custom # Build kernel with a different name _srcname=linux-4.4 -pkgver=4.4 -pkgrel=5 +pkgver=4.4.3 +pkgrel=1 arch=('i686' 'x86_64') url="http://www.kernel.org/" license=('GPL2') @@ -14,17 +14,14 @@ makedepends=('xmlto' 'docbook-xsl' 'kmod' 'inetutils' 'bc') options=('!strip') source=("https://www.kernel.org/pub/linux/kernel/v4.x/${_srcname}.tar.xz" "https://www.kernel.org/pub/linux/kernel/v4.x/${_srcname}.tar.sign" - #"https://www.kernel.org/pub/linux/kernel/v4.x/patch-${pkgver}.xz" - #"https://www.kernel.org/pub/linux/kernel/v4.x/patch-${pkgver}.sign" + "https://www.kernel.org/pub/linux/kernel/v4.x/patch-${pkgver}.xz" + "https://www.kernel.org/pub/linux/kernel/v4.x/patch-${pkgver}.sign" # the main kernel config files 'config' 'config.x86_64' # standard config files for mkinitcpio ramdisk 'linux.preset' 'change-default-console-loglevel.patch' - '0001-sdhci-revert.patch' - 'tpmdd-devel-v3-base-platform-fix-binding-for-drivers-without-probe-callback.patch' - 'CVE-2016-0728.patch' - 'suspend-xfs.patch') + '0001-sdhci-revert.patch') validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds @@ -37,7 +34,7 @@ prepare() { cd "${srcdir}/${_srcname}" # add upstream patch - #patch -p1 -i "${srcdir}/patch-${pkgver}" + patch -p1 -i "${srcdir}/patch-${pkgver}" # add latest fixes from stable queue, if needed # http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git @@ -47,22 +44,11 @@ prepare() { # https://bugzilla.kernel.org/show_bug.cgi?id=106541 patch -Rp1 -i "${srcdir}/0001-sdhci-revert.patch" - # fixes #47805 kernel panics on platform modules - # https://bugzilla.kernel.org/show_bug.cgi?id=110751 - patch -Np1 -i "${srcdir}/tpmdd-devel-v3-base-platform-fix-binding-for-drivers-without-probe-callback.patch" - - # fixes #47820 CVE-2016-0728.patch - patch -Np1 -i "${srcdir}/CVE-2016-0728.patch" - # set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param) # remove this when a Kconfig knob is made available by upstream # (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227) patch -p1 -i "${srcdir}/change-default-console-loglevel.patch" - # fix suspend with xfs - # http://oss.sgi.com/pipermail/xfs/2016-January/046036.html - patch -Np1 --ignore-whitespace -i "${srcdir}/suspend-xfs.patch" - if [ "${CARCH}" = "x86_64" ]; then cat "${srcdir}/config.x86_64" > ./.config else @@ -156,6 +142,9 @@ _package() { mkdir -p "${pkgdir}/usr" mv "${pkgdir}/lib" "${pkgdir}/usr/" + #remove nouveau + find $pkgdir/usr/lib -name "nouvea*" -exec rm -f {} \; + # add vmlinux install -D -m644 vmlinux "${pkgdir}/usr/lib/modules/${_kernver}/build/vmlinux" } @@ -307,11 +296,10 @@ done # vim:set ts=8 sts=2 sw=2 et: md5sums=('9a78fa2eb6c68ca5a40ed5af08142599' 'SKIP' - '11117629de25c921ad42f949c5133b96' - '8afd1ad1a2454a4daed71fc91a7a3fbc' + '078427483ee96f3e072e7b5409b5a117' + 'SKIP' + 'be50f82adaeb685d41eb55acd1b09134' + 'd254ffa0b91d459529ec23a1cdeceb35' 'eb14dcfd80c00852ef81ded6e826826a' 'df7fceae6ee5d7e7be7b60ecd7f6bb35' - 'e1093d9bc718f362344ab56b85d4fb76' - 'a00ad770d2a49a282a8bbf951852c2a1' - 'c018da62d8f3a48e8a8985a1af43185d' - '0e3f4e1ec0ae38a30852e4b7af9de693') + 'e1093d9bc718f362344ab56b85d4fb76') diff --git a/abs/core/linux/config b/abs/core/linux/config index 8020666..53cfc82 100644 --- a/abs/core/linux/config +++ b/abs/core/linux/config @@ -7546,7 +7546,7 @@ CONFIG_X86_PTDUMP_CORE=y # CONFIG_EFI_PGT_DUMP is not set CONFIG_DEBUG_RODATA=y # CONFIG_DEBUG_RODATA_TEST is not set -CONFIG_DEBUG_WX=y +# CONFIG_DEBUG_WX is not set CONFIG_DEBUG_SET_MODULE_RONX=y # CONFIG_DEBUG_NX_TEST is not set CONFIG_DOUBLEFAULT=y diff --git a/abs/core/linux/config.x86_64 b/abs/core/linux/config.x86_64 index 7f63808..90ea644 100644 --- a/abs/core/linux/config.x86_64 +++ b/abs/core/linux/config.x86_64 @@ -7286,7 +7286,7 @@ CONFIG_X86_PTDUMP_CORE=y # CONFIG_EFI_PGT_DUMP is not set CONFIG_DEBUG_RODATA=y # CONFIG_DEBUG_RODATA_TEST is not set -CONFIG_DEBUG_WX=y +# CONFIG_DEBUG_WX is not set CONFIG_DEBUG_SET_MODULE_RONX=y # CONFIG_DEBUG_NX_TEST is not set CONFIG_DOUBLEFAULT=y diff --git a/abs/core/linux/linux.install.pkg b/abs/core/linux/linux.install.pkg index 090bdda..27c2171 100644 --- a/abs/core/linux/linux.install.pkg +++ b/abs/core/linux/linux.install.pkg @@ -2,7 +2,7 @@ # arg 2: the old package version KERNEL_NAME= -KERNEL_VERSION=4.4.0-5-ARCH +KERNEL_VERSION=4.4.3-1-ARCH post_install () { # updating module dependencies diff --git a/abs/core/linux/suspend-xfs.patch b/abs/core/linux/suspend-xfs.patch deleted file mode 100644 index 39705b2..0000000 --- a/abs/core/linux/suspend-xfs.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/fs/xfs/xfs_trans_ail.c b/fs/xfs/xfs_trans_ail.c -index aa67339..4f18fd9 100644 ---- a/fs/xfs/xfs_trans_ail.c -+++ b/fs/xfs/xfs_trans_ail.c -@@ -497,7 +497,6 @@ xfsaild( - long tout = 0; /* milliseconds */ - - current->flags |= PF_MEMALLOC; -- set_freezable(); - - while (!kthread_should_stop()) { - if (tout && tout <= 20) diff --git a/abs/core/linux/tpmdd-devel-v3-base-platform-fix-binding-for-drivers-without-probe-callback.patch b/abs/core/linux/tpmdd-devel-v3-base-platform-fix-binding-for-drivers-without-probe-callback.patch deleted file mode 100644 index 691ab79..0000000 --- a/abs/core/linux/tpmdd-devel-v3-base-platform-fix-binding-for-drivers-without-probe-callback.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff --git a/drivers/base/platform.c b/drivers/base/platform.c -index 1dd6d3b..176b59f 100644 ---- a/drivers/base/platform.c -+++ b/drivers/base/platform.c -@@ -513,10 +513,15 @@ static int platform_drv_probe(struct device *_dev) - return ret; - - ret = dev_pm_domain_attach(_dev, true); -- if (ret != -EPROBE_DEFER && drv->probe) { -- ret = drv->probe(dev); -- if (ret) -- dev_pm_domain_detach(_dev, true); -+ if (ret != -EPROBE_DEFER) { -+ if (drv->probe) { -+ ret = drv->probe(dev); -+ if (ret) -+ dev_pm_domain_detach(_dev, true); -+ } else { -+ /* don't fail if just dev_pm_domain_attach failed */ -+ ret = 0; -+ } - } - - if (drv->prevent_deferred_probe && ret == -EPROBE_DEFER) { |