4.14.9-1
This commit is contained in:
parent
0ef0dd60d1
commit
5bc96756cc
@ -0,0 +1,77 @@
|
|||||||
|
From 16b5ff888e251b8c4dedd3994d2e85ab25ea7fa4 Mon Sep 17 00:00:00 2001
|
||||||
|
Message-Id: <16b5ff888e251b8c4dedd3994d2e85ab25ea7fa4.1514245036.git.jan.steffens@gmail.com>
|
||||||
|
From: Takashi Iwai <tiwai@suse.de>
|
||||||
|
Date: Mon, 18 Dec 2017 23:36:57 +0100
|
||||||
|
Subject: [PATCH] ALSA: usb-audio: Fix the missing ctl name suffix at parsing
|
||||||
|
SU
|
||||||
|
|
||||||
|
The commit 89b89d121ffc ("ALSA: usb-audio: Add check return value for
|
||||||
|
usb_string()") added the check of the return value from
|
||||||
|
snd_usb_copy_string_desc(), which is correct per se, but it introduced
|
||||||
|
a regression. In the original code, either the "Clock Source",
|
||||||
|
"Playback Source" or "Capture Source" suffix is added after the
|
||||||
|
terminal string, while the commit changed it to add the suffix only
|
||||||
|
when get_term_name() is failing. It ended up with an incorrect ctl
|
||||||
|
name like "PCM" instead of "PCM Capture Source".
|
||||||
|
|
||||||
|
Also, even the original code has a similar bug: when the ctl name is
|
||||||
|
generated from snd_usb_copy_string_desc() for the given iSelector, it
|
||||||
|
also doesn't put the suffix.
|
||||||
|
|
||||||
|
This patch addresses these issues: the suffix is added always when no
|
||||||
|
static mapping is found. Also the patch tries to put more comments
|
||||||
|
and cleans up the if/else block for better readability in order to
|
||||||
|
avoid the same pitfall again.
|
||||||
|
|
||||||
|
Fixes: 89b89d121ffc ("ALSA: usb-audio: Add check return value for usb_string()")
|
||||||
|
Reported-and-tested-by: Mauro Santos <registo.mailling@gmail.com>
|
||||||
|
Cc: <stable@vger.kernel.org>
|
||||||
|
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
||||||
|
---
|
||||||
|
sound/usb/mixer.c | 27 ++++++++++++++++-----------
|
||||||
|
1 file changed, 16 insertions(+), 11 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/sound/usb/mixer.c b/sound/usb/mixer.c
|
||||||
|
index 4fde4f8d4444a597..75bce127d768c613 100644
|
||||||
|
--- a/sound/usb/mixer.c
|
||||||
|
+++ b/sound/usb/mixer.c
|
||||||
|
@@ -2173,20 +2173,25 @@ static int parse_audio_selector_unit(struct mixer_build *state, int unitid,
|
||||||
|
kctl->private_value = (unsigned long)namelist;
|
||||||
|
kctl->private_free = usb_mixer_selector_elem_free;
|
||||||
|
|
||||||
|
- nameid = uac_selector_unit_iSelector(desc);
|
||||||
|
+ /* check the static mapping table at first */
|
||||||
|
len = check_mapped_name(map, kctl->id.name, sizeof(kctl->id.name));
|
||||||
|
- if (len)
|
||||||
|
- ;
|
||||||
|
- else if (nameid)
|
||||||
|
- len = snd_usb_copy_string_desc(state, nameid, kctl->id.name,
|
||||||
|
- sizeof(kctl->id.name));
|
||||||
|
- else
|
||||||
|
- len = get_term_name(state, &state->oterm,
|
||||||
|
- kctl->id.name, sizeof(kctl->id.name), 0);
|
||||||
|
-
|
||||||
|
if (!len) {
|
||||||
|
- strlcpy(kctl->id.name, "USB", sizeof(kctl->id.name));
|
||||||
|
+ /* no mapping ? */
|
||||||
|
+ /* if iSelector is given, use it */
|
||||||
|
+ nameid = uac_selector_unit_iSelector(desc);
|
||||||
|
+ if (nameid)
|
||||||
|
+ len = snd_usb_copy_string_desc(state, nameid,
|
||||||
|
+ kctl->id.name,
|
||||||
|
+ sizeof(kctl->id.name));
|
||||||
|
+ /* ... or pick up the terminal name at next */
|
||||||
|
+ if (!len)
|
||||||
|
+ len = get_term_name(state, &state->oterm,
|
||||||
|
+ kctl->id.name, sizeof(kctl->id.name), 0);
|
||||||
|
+ /* ... or use the fixed string "USB" as the last resort */
|
||||||
|
+ if (!len)
|
||||||
|
+ strlcpy(kctl->id.name, "USB", sizeof(kctl->id.name));
|
||||||
|
|
||||||
|
+ /* and add the proper suffix */
|
||||||
|
if (desc->bDescriptorSubtype == UAC2_CLOCK_SELECTOR)
|
||||||
|
append_ctl_name(kctl, " Clock Source");
|
||||||
|
else if ((state->oterm.type & 0xff00) == 0x0100)
|
||||||
|
--
|
||||||
|
2.15.1
|
||||||
|
|
@ -0,0 +1,72 @@
|
|||||||
|
From b0bfa7c33cead5dd87267cfd4c29fda47dc1adc4 Mon Sep 17 00:00:00 2001
|
||||||
|
Message-Id: <b0bfa7c33cead5dd87267cfd4c29fda47dc1adc4.1514245012.git.jan.steffens@gmail.com>
|
||||||
|
From: Steffen Klassert <steffen.klassert@secunet.com>
|
||||||
|
Date: Wed, 15 Nov 2017 06:40:57 +0100
|
||||||
|
Subject: [PATCH 1/3] Revert "xfrm: Fix stack-out-of-bounds read in
|
||||||
|
xfrm_state_find."
|
||||||
|
|
||||||
|
This reverts commit c9f3f813d462c72dbe412cee6a5cbacf13c4ad5e.
|
||||||
|
|
||||||
|
This commit breaks transport mode when the policy template
|
||||||
|
has widlcard addresses configured, so revert it.
|
||||||
|
|
||||||
|
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
|
||||||
|
---
|
||||||
|
net/xfrm/xfrm_policy.c | 29 ++++++++++++++++++-----------
|
||||||
|
1 file changed, 18 insertions(+), 11 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
|
||||||
|
index 6eb228a70131069b..a2e531bf4f976308 100644
|
||||||
|
--- a/net/xfrm/xfrm_policy.c
|
||||||
|
+++ b/net/xfrm/xfrm_policy.c
|
||||||
|
@@ -1361,29 +1361,36 @@ xfrm_tmpl_resolve_one(struct xfrm_policy *policy, const struct flowi *fl,
|
||||||
|
struct net *net = xp_net(policy);
|
||||||
|
int nx;
|
||||||
|
int i, error;
|
||||||
|
+ xfrm_address_t *daddr = xfrm_flowi_daddr(fl, family);
|
||||||
|
+ xfrm_address_t *saddr = xfrm_flowi_saddr(fl, family);
|
||||||
|
xfrm_address_t tmp;
|
||||||
|
|
||||||
|
for (nx = 0, i = 0; i < policy->xfrm_nr; i++) {
|
||||||
|
struct xfrm_state *x;
|
||||||
|
- xfrm_address_t *local;
|
||||||
|
- xfrm_address_t *remote;
|
||||||
|
+ xfrm_address_t *remote = daddr;
|
||||||
|
+ xfrm_address_t *local = saddr;
|
||||||
|
struct xfrm_tmpl *tmpl = &policy->xfrm_vec[i];
|
||||||
|
|
||||||
|
- remote = &tmpl->id.daddr;
|
||||||
|
- local = &tmpl->saddr;
|
||||||
|
- if (xfrm_addr_any(local, tmpl->encap_family)) {
|
||||||
|
- error = xfrm_get_saddr(net, fl->flowi_oif,
|
||||||
|
- &tmp, remote,
|
||||||
|
- tmpl->encap_family, 0);
|
||||||
|
- if (error)
|
||||||
|
- goto fail;
|
||||||
|
- local = &tmp;
|
||||||
|
+ if (tmpl->mode == XFRM_MODE_TUNNEL ||
|
||||||
|
+ tmpl->mode == XFRM_MODE_BEET) {
|
||||||
|
+ remote = &tmpl->id.daddr;
|
||||||
|
+ local = &tmpl->saddr;
|
||||||
|
+ if (xfrm_addr_any(local, tmpl->encap_family)) {
|
||||||
|
+ error = xfrm_get_saddr(net, fl->flowi_oif,
|
||||||
|
+ &tmp, remote,
|
||||||
|
+ tmpl->encap_family, 0);
|
||||||
|
+ if (error)
|
||||||
|
+ goto fail;
|
||||||
|
+ local = &tmp;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
x = xfrm_state_find(remote, local, fl, tmpl, policy, &error, family);
|
||||||
|
|
||||||
|
if (x && x->km.state == XFRM_STATE_VALID) {
|
||||||
|
xfrm[nx++] = x;
|
||||||
|
+ daddr = remote;
|
||||||
|
+ saddr = local;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
if (x) {
|
||||||
|
--
|
||||||
|
2.15.1
|
||||||
|
|
@ -0,0 +1,49 @@
|
|||||||
|
From 1c3a5e72b70bcfaf342075a3fa5fcbdf99302a3f Mon Sep 17 00:00:00 2001
|
||||||
|
Message-Id: <1c3a5e72b70bcfaf342075a3fa5fcbdf99302a3f.1514245012.git.jan.steffens@gmail.com>
|
||||||
|
In-Reply-To: <b0bfa7c33cead5dd87267cfd4c29fda47dc1adc4.1514245012.git.jan.steffens@gmail.com>
|
||||||
|
References: <b0bfa7c33cead5dd87267cfd4c29fda47dc1adc4.1514245012.git.jan.steffens@gmail.com>
|
||||||
|
From: Steffen Klassert <steffen.klassert@secunet.com>
|
||||||
|
Date: Fri, 22 Dec 2017 10:44:57 +0100
|
||||||
|
Subject: [PATCH 2/3] xfrm: Fix stack-out-of-bounds read on socket policy
|
||||||
|
lookup.
|
||||||
|
|
||||||
|
When we do tunnel or beet mode, we pass saddr and daddr from the
|
||||||
|
template to xfrm_state_find(), this is ok. On transport mode,
|
||||||
|
we pass the addresses from the flowi, assuming that the IP
|
||||||
|
addresses (and address family) don't change during transformation.
|
||||||
|
This assumption is wrong in the IPv4 mapped IPv6 case, packet
|
||||||
|
is IPv4 and template is IPv6.
|
||||||
|
|
||||||
|
Fix this by catching address family missmatches of the policy
|
||||||
|
and the flow already before we do the lookup.
|
||||||
|
|
||||||
|
Reported-by: syzbot <syzkaller@googlegroups.com>
|
||||||
|
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
|
||||||
|
---
|
||||||
|
net/xfrm/xfrm_policy.c | 8 +++++++-
|
||||||
|
1 file changed, 7 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
|
||||||
|
index a2e531bf4f976308..c79ed3bed5d4dc2f 100644
|
||||||
|
--- a/net/xfrm/xfrm_policy.c
|
||||||
|
+++ b/net/xfrm/xfrm_policy.c
|
||||||
|
@@ -1169,9 +1169,15 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir,
|
||||||
|
again:
|
||||||
|
pol = rcu_dereference(sk->sk_policy[dir]);
|
||||||
|
if (pol != NULL) {
|
||||||
|
- bool match = xfrm_selector_match(&pol->selector, fl, family);
|
||||||
|
+ bool match;
|
||||||
|
int err = 0;
|
||||||
|
|
||||||
|
+ if (pol->family != family) {
|
||||||
|
+ pol = NULL;
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ match = xfrm_selector_match(&pol->selector, fl, family);
|
||||||
|
if (match) {
|
||||||
|
if ((sk->sk_mark & pol->mark.m) != pol->mark.v) {
|
||||||
|
pol = NULL;
|
||||||
|
--
|
||||||
|
2.15.1
|
||||||
|
|
114
0003-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
Normal file
114
0003-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
Normal file
@ -0,0 +1,114 @@
|
|||||||
|
From a3c64fe9d978f3ee8f21fac5b410c63fe7cce725 Mon Sep 17 00:00:00 2001
|
||||||
|
Message-Id: <a3c64fe9d978f3ee8f21fac5b410c63fe7cce725.1514245012.git.jan.steffens@gmail.com>
|
||||||
|
In-Reply-To: <b0bfa7c33cead5dd87267cfd4c29fda47dc1adc4.1514245012.git.jan.steffens@gmail.com>
|
||||||
|
References: <b0bfa7c33cead5dd87267cfd4c29fda47dc1adc4.1514245012.git.jan.steffens@gmail.com>
|
||||||
|
From: Tejun Heo <tj@kernel.org>
|
||||||
|
Date: Wed, 20 Dec 2017 07:09:19 -0800
|
||||||
|
Subject: [PATCH 3/3] cgroup: fix css_task_iter crash on CSS_TASK_ITER_PROC
|
||||||
|
|
||||||
|
While teaching css_task_iter to handle skipping over tasks which
|
||||||
|
aren't group leaders, bc2fb7ed089f ("cgroup: add @flags to
|
||||||
|
css_task_iter_start() and implement CSS_TASK_ITER_PROCS") introduced a
|
||||||
|
silly bug.
|
||||||
|
|
||||||
|
CSS_TASK_ITER_PROCS is implemented by repeating
|
||||||
|
css_task_iter_advance() while the advanced cursor is pointing to a
|
||||||
|
non-leader thread. However, the cursor variable, @l, wasn't updated
|
||||||
|
when the iteration has to advance to the next css_set and the
|
||||||
|
following repetition would operate on the terminal @l from the
|
||||||
|
previous iteration which isn't pointing to a valid task leading to
|
||||||
|
oopses like the following or infinite looping.
|
||||||
|
|
||||||
|
BUG: unable to handle kernel NULL pointer dereference at 0000000000000254
|
||||||
|
IP: __task_pid_nr_ns+0xc7/0xf0
|
||||||
|
PGD 0 P4D 0
|
||||||
|
Oops: 0000 [#1] SMP
|
||||||
|
...
|
||||||
|
CPU: 2 PID: 1 Comm: systemd Not tainted 4.14.4-200.fc26.x86_64 #1
|
||||||
|
Hardware name: System manufacturer System Product Name/PRIME B350M-A, BIOS 3203 11/09/2017
|
||||||
|
task: ffff88c4baee8000 task.stack: ffff96d5c3158000
|
||||||
|
RIP: 0010:__task_pid_nr_ns+0xc7/0xf0
|
||||||
|
RSP: 0018:ffff96d5c315bd50 EFLAGS: 00010206
|
||||||
|
RAX: 0000000000000000 RBX: ffff88c4b68c6000 RCX: 0000000000000250
|
||||||
|
RDX: ffffffffa5e47960 RSI: 0000000000000000 RDI: ffff88c490f6ab00
|
||||||
|
RBP: ffff96d5c315bd50 R08: 0000000000001000 R09: 0000000000000005
|
||||||
|
R10: ffff88c4be006b80 R11: ffff88c42f1b8004 R12: ffff96d5c315bf18
|
||||||
|
R13: ffff88c42d7dd200 R14: ffff88c490f6a510 R15: ffff88c4b68c6000
|
||||||
|
FS: 00007f9446f8ea00(0000) GS:ffff88c4be680000(0000) knlGS:0000000000000000
|
||||||
|
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
|
||||||
|
CR2: 0000000000000254 CR3: 00000007f956f000 CR4: 00000000003406e0
|
||||||
|
Call Trace:
|
||||||
|
cgroup_procs_show+0x19/0x30
|
||||||
|
cgroup_seqfile_show+0x4c/0xb0
|
||||||
|
kernfs_seq_show+0x21/0x30
|
||||||
|
seq_read+0x2ec/0x3f0
|
||||||
|
kernfs_fop_read+0x134/0x180
|
||||||
|
__vfs_read+0x37/0x160
|
||||||
|
? security_file_permission+0x9b/0xc0
|
||||||
|
vfs_read+0x8e/0x130
|
||||||
|
SyS_read+0x55/0xc0
|
||||||
|
entry_SYSCALL_64_fastpath+0x1a/0xa5
|
||||||
|
RIP: 0033:0x7f94455f942d
|
||||||
|
RSP: 002b:00007ffe81ba2d00 EFLAGS: 00000293 ORIG_RAX: 0000000000000000
|
||||||
|
RAX: ffffffffffffffda RBX: 00005574e2233f00 RCX: 00007f94455f942d
|
||||||
|
RDX: 0000000000001000 RSI: 00005574e2321a90 RDI: 000000000000002b
|
||||||
|
RBP: 0000000000000000 R08: 00005574e2321a90 R09: 00005574e231de60
|
||||||
|
R10: 00007f94458c8b38 R11: 0000000000000293 R12: 00007f94458c8ae0
|
||||||
|
R13: 00007ffe81ba3800 R14: 0000000000000000 R15: 00005574e2116560
|
||||||
|
Code: 04 74 0e 89 f6 48 8d 04 76 48 8d 04 c5 f0 05 00 00 48 8b bf b8 05 00 00 48 01 c7 31 c0 48 8b 0f 48 85 c9 74 18 8b b2 30 08 00 00 <3b> 71 04 77 0d 48 c1 e6 05 48 01 f1 48 3b 51 38 74 09 5d c3 8b
|
||||||
|
RIP: __task_pid_nr_ns+0xc7/0xf0 RSP: ffff96d5c315bd50
|
||||||
|
|
||||||
|
Fix it by moving the initialization of the cursor below the repeat
|
||||||
|
label. While at it, rename it to @next for readability.
|
||||||
|
|
||||||
|
Signed-off-by: Tejun Heo <tj@kernel.org>
|
||||||
|
Fixes: bc2fb7ed089f ("cgroup: add @flags to css_task_iter_start() and implement CSS_TASK_ITER_PROCS")
|
||||||
|
Cc: stable@vger.kernel.org # v4.14+
|
||||||
|
Reported-by: Laura Abbott <labbott@redhat.com>
|
||||||
|
Reported-by: Bronek Kozicki <brok@incorrekt.com>
|
||||||
|
Reported-by: George Amanakis <gamanakis@gmail.com>
|
||||||
|
Signed-off-by: Tejun Heo <tj@kernel.org>
|
||||||
|
---
|
||||||
|
kernel/cgroup/cgroup.c | 14 ++++++--------
|
||||||
|
1 file changed, 6 insertions(+), 8 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
|
||||||
|
index 44857278eb8aa6a2..030e4286f14c715e 100644
|
||||||
|
--- a/kernel/cgroup/cgroup.c
|
||||||
|
+++ b/kernel/cgroup/cgroup.c
|
||||||
|
@@ -4059,26 +4059,24 @@ static void css_task_iter_advance_css_set(struct css_task_iter *it)
|
||||||
|
|
||||||
|
static void css_task_iter_advance(struct css_task_iter *it)
|
||||||
|
{
|
||||||
|
- struct list_head *l = it->task_pos;
|
||||||
|
+ struct list_head *next;
|
||||||
|
|
||||||
|
lockdep_assert_held(&css_set_lock);
|
||||||
|
- WARN_ON_ONCE(!l);
|
||||||
|
-
|
||||||
|
repeat:
|
||||||
|
/*
|
||||||
|
* Advance iterator to find next entry. cset->tasks is consumed
|
||||||
|
* first and then ->mg_tasks. After ->mg_tasks, we move onto the
|
||||||
|
* next cset.
|
||||||
|
*/
|
||||||
|
- l = l->next;
|
||||||
|
+ next = it->task_pos->next;
|
||||||
|
|
||||||
|
- if (l == it->tasks_head)
|
||||||
|
- l = it->mg_tasks_head->next;
|
||||||
|
+ if (next == it->tasks_head)
|
||||||
|
+ next = it->mg_tasks_head->next;
|
||||||
|
|
||||||
|
- if (l == it->mg_tasks_head)
|
||||||
|
+ if (next == it->mg_tasks_head)
|
||||||
|
css_task_iter_advance_css_set(it);
|
||||||
|
else
|
||||||
|
- it->task_pos = l;
|
||||||
|
+ it->task_pos = next;
|
||||||
|
|
||||||
|
/* if PROCS, skip over tasks which aren't group leaders */
|
||||||
|
if ((it->flags & CSS_TASK_ITER_PROCS) && it->task_pos &&
|
||||||
|
--
|
||||||
|
2.15.1
|
||||||
|
|
26
PKGBUILD
26
PKGBUILD
@ -4,7 +4,7 @@
|
|||||||
pkgbase=linux # Build stock -ARCH kernel
|
pkgbase=linux # Build stock -ARCH kernel
|
||||||
#pkgbase=linux-custom # Build kernel with a different name
|
#pkgbase=linux-custom # Build kernel with a different name
|
||||||
_srcname=linux-4.14
|
_srcname=linux-4.14
|
||||||
pkgver=4.14.8
|
pkgver=4.14.9
|
||||||
pkgrel=1
|
pkgrel=1
|
||||||
arch=('x86_64')
|
arch=('x86_64')
|
||||||
url="https://www.kernel.org/"
|
url="https://www.kernel.org/"
|
||||||
@ -23,6 +23,10 @@ source=(
|
|||||||
0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
|
0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
|
||||||
0001-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch
|
0001-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch
|
||||||
0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
|
0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
|
||||||
|
0001-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch
|
||||||
|
0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
|
||||||
|
0003-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
|
||||||
|
0001-ALSA-usb-audio-Fix-the-missing-ctl-name-suffix-at-pa.patch
|
||||||
)
|
)
|
||||||
validpgpkeys=(
|
validpgpkeys=(
|
||||||
'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds
|
'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds
|
||||||
@ -30,15 +34,19 @@ validpgpkeys=(
|
|||||||
)
|
)
|
||||||
sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7'
|
sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7'
|
||||||
'SKIP'
|
'SKIP'
|
||||||
'42eaed731b716244514b765c199e8f675d79287d7630e5c2911053ad52a1fa0a'
|
'5edc955bb67b04c7ed426b1df17a3e322e32ad9fdda9c6abb53ab6eca7faf704'
|
||||||
'SKIP'
|
'SKIP'
|
||||||
'3d139e6cfc42a0bb52a6c49a2bb94ff523dc728b8d548178dbc0a90726eb4151'
|
'4d12ed868b05720c3d263c8454622c67bdee6969400049d7adac7b00907ad195'
|
||||||
'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21'
|
'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21'
|
||||||
'75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919'
|
'75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919'
|
||||||
'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65'
|
'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65'
|
||||||
'37b86ca3de148a34258e3176dbf41488d9dbd19e93adbd22a062b3c41332ce85'
|
'37b86ca3de148a34258e3176dbf41488d9dbd19e93adbd22a062b3c41332ce85'
|
||||||
'c6e7db7dfd6a07e1fd0e20c3a5f0f315f9c2a366fe42214918b756f9a1c9bfa3'
|
'c6e7db7dfd6a07e1fd0e20c3a5f0f315f9c2a366fe42214918b756f9a1c9bfa3'
|
||||||
'1d69940c6bf1731fa1d1da29b32ec4f594fa360118fe7b128c9810285ebf13e2')
|
'1d69940c6bf1731fa1d1da29b32ec4f594fa360118fe7b128c9810285ebf13e2'
|
||||||
|
'ed3266ab03f836f57de0faf8a10ffd7566c909515c2649de99adaab2fac4aa32'
|
||||||
|
'64a014f7e1b4588728b3ea9538beee67ec63fb792d890c7be9cc13ddc2121b00'
|
||||||
|
'3d4c41086c077fbd515d04f5e59c0c258f700433c5da3365d960b696c2e56efb'
|
||||||
|
'95f0d0a94983b0dafd295f660a663f9be5ef2fcb9646098426a5d12b59f50638')
|
||||||
|
|
||||||
_kernelname=${pkgbase#linux}
|
_kernelname=${pkgbase#linux}
|
||||||
|
|
||||||
@ -62,6 +70,16 @@ prepare() {
|
|||||||
# https://nvd.nist.gov/vuln/detail/CVE-2017-8824
|
# https://nvd.nist.gov/vuln/detail/CVE-2017-8824
|
||||||
patch -Np1 -i ../0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
|
patch -Np1 -i ../0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
|
||||||
|
|
||||||
|
# https://bugs.archlinux.org/task/56605
|
||||||
|
patch -Np1 -i ../0001-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch
|
||||||
|
patch -Np1 -i ../0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
|
||||||
|
|
||||||
|
# https://bugs.archlinux.org/task/56846
|
||||||
|
patch -Np1 -i ../0003-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
|
||||||
|
|
||||||
|
# https://bugs.archlinux.org/task/56830
|
||||||
|
patch -Np1 -i ../0001-ALSA-usb-audio-Fix-the-missing-ctl-name-suffix-at-pa.patch
|
||||||
|
|
||||||
cp -Tf ../config .config
|
cp -Tf ../config .config
|
||||||
|
|
||||||
if [ "${_kernelname}" != "" ]; then
|
if [ "${_kernelname}" != "" ]; then
|
||||||
|
10
config
10
config
@ -1,6 +1,6 @@
|
|||||||
#
|
#
|
||||||
# Automatically generated file; DO NOT EDIT.
|
# Automatically generated file; DO NOT EDIT.
|
||||||
# Linux/x86 4.14.6-1 Kernel Configuration
|
# Linux/x86 4.14.9-1 Kernel Configuration
|
||||||
#
|
#
|
||||||
CONFIG_64BIT=y
|
CONFIG_64BIT=y
|
||||||
CONFIG_X86_64=y
|
CONFIG_X86_64=y
|
||||||
@ -5325,7 +5325,7 @@ CONFIG_FB_EFI=y
|
|||||||
# CONFIG_FB_CARMINE is not set
|
# CONFIG_FB_CARMINE is not set
|
||||||
# CONFIG_FB_SM501 is not set
|
# CONFIG_FB_SM501 is not set
|
||||||
# CONFIG_FB_SMSCUFX is not set
|
# CONFIG_FB_SMSCUFX is not set
|
||||||
CONFIG_FB_UDL=m
|
# CONFIG_FB_UDL is not set
|
||||||
# CONFIG_FB_IBM_GXT4500 is not set
|
# CONFIG_FB_IBM_GXT4500 is not set
|
||||||
# CONFIG_FB_VIRTUAL is not set
|
# CONFIG_FB_VIRTUAL is not set
|
||||||
CONFIG_XEN_FBDEV_FRONTEND=m
|
CONFIG_XEN_FBDEV_FRONTEND=m
|
||||||
@ -8111,9 +8111,9 @@ CONFIG_OPTIMIZE_INLINING=y
|
|||||||
# CONFIG_DEBUG_NMI_SELFTEST is not set
|
# CONFIG_DEBUG_NMI_SELFTEST is not set
|
||||||
# CONFIG_X86_DEBUG_FPU is not set
|
# CONFIG_X86_DEBUG_FPU is not set
|
||||||
# CONFIG_PUNIT_ATOM_DEBUG is not set
|
# CONFIG_PUNIT_ATOM_DEBUG is not set
|
||||||
# CONFIG_FRAME_POINTER_UNWINDER is not set
|
CONFIG_UNWINDER_ORC=y
|
||||||
CONFIG_ORC_UNWINDER=y
|
# CONFIG_UNWINDER_FRAME_POINTER is not set
|
||||||
# CONFIG_GUESS_UNWINDER is not set
|
# CONFIG_UNWINDER_GUESS is not set
|
||||||
|
|
||||||
#
|
#
|
||||||
# Security options
|
# Security options
|
||||||
|
Loading…
Reference in New Issue
Block a user