bump to latest version

CVE-2013-1763.patch

@@ -1,35 +0,0 @@
-From 6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0 Mon Sep 17 00:00:00 2001
-From: Mathias Krause <minipli@googlemail.com>
-Date: Sat, 23 Feb 2013 01:13:47 +0000
-Subject: [PATCH] sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
-
-Userland can send a netlink message requesting SOCK_DIAG_BY_FAMILY
-with a family greater or equal then AF_MAX -- the array size of
-sock_diag_handlers[]. The current code does not test for this
-condition therefore is vulnerable to an out-of-bound access opening
-doors for a privilege escalation.
-
-Signed-off-by: Mathias Krause <minipli@googlemail.com>
-Acked-by: Eric Dumazet <edumazet@google.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
----
- net/core/sock_diag.c |    3 +++
- 1 files changed, 3 insertions(+), 0 deletions(-)
-
-diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c
-index 602cd63..750f44f 100644
---- a/net/core/sock_diag.c
-+++ b/net/core/sock_diag.c
-@@ -121,6 +121,9 @@ static int __sock_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
- 	if (nlmsg_len(nlh) < sizeof(*req))
- 		return -EINVAL;
- 
-+	if (req->sdiag_family >= AF_MAX)
-+		return -EINVAL;
-+
- 	hndl = sock_diag_lock_handler(req->sdiag_family);
- 	if (hndl == NULL)
- 		err = -ENOENT;
--- 
-1.7.6.5
-

PKGBUILD

@@ -4,27 +4,20 @@
 pkgbase=linux               # Build stock -ARCH kernel
 #pkgbase=linux-custom       # Build kernel with a different name
 _srcname=linux-3.8
-pkgver=3.8
-pkgrel=2
+pkgver=3.8.1
+pkgrel=1
 arch=('i686' 'x86_64')
 url="http://www.kernel.org/"
 license=('GPL2')
 makedepends=('xmlto' 'docbook-xsl')
 options=('!strip')
 source=("http://www.kernel.org/pub/linux/kernel/v3.x/${_srcname}.tar.xz"
-        #"http://www.kernel.org/pub/linux/kernel/v3.x/patch-${pkgver}.xz"
+        "http://www.kernel.org/pub/linux/kernel/v3.x/patch-${pkgver}.xz"
         # the main kernel config files
         'config' 'config.x86_64'
         # standard config files for mkinitcpio ramdisk
         'linux.preset'
-        'change-default-console-loglevel.patch'
-        'CVE-2013-1763.patch')
-md5sums=('1c738edfc54e7c65faeb90c436104e2f'
-         '9710fb1b1e08eb1fc5214dc2fb34ebcc'
-         '03b1dad90f3558dba3031901398c1ca4'
-         'eb14dcfd80c00852ef81ded6e826826a'
-         '9d3c56a4b999c8bfbd4018089a62f662'
-         '420991808fe4cba143013427c0737aa9')
+        'change-default-console-loglevel.patch')
 
 _kernelname=${pkgbase#linux}
 
@@ -32,15 +25,11 @@ build() {
   cd "${srcdir}/${_srcname}"
 
   # add upstream patch
-  # patch -p1 -i "${srcdir}/patch-${pkgver}"
+  patch -p1 -i "${srcdir}/patch-${pkgver}"
 
   # add latest fixes from stable queue, if needed
   # http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git
 
-  # Fix security vulnetability CVE-2013-1763.patch
-  # https://bugs.archlinux.org/task/34005
-  patch -Np1 -i "${srcdir}/CVE-2013-1763.patch"
-
   # set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param)
   # remove this when a Kconfig knob is made available by upstream
   # (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227)
@@ -320,3 +309,9 @@ for _p in ${pkgname[@]}; do
 done
 
 # vim:set ts=8 sts=2 sw=2 et:
+md5sums=('1c738edfc54e7c65faeb90c436104e2f'
+         '50a68679086c346dddb34dedccfae7ee'
+         '307107a8b15060e6fc0e48bdaacaed06'
+         '03b1dad90f3558dba3031901398c1ca4'
+         'eb14dcfd80c00852ef81ded6e826826a'
+         '9d3c56a4b999c8bfbd4018089a62f662')

fat-3.6.x.patch

@@ -1,33 +0,0 @@
-From: Dave Reisner <dreisner@archlinux.org>
-Date: Thu, 29 Nov 2012 03:18:52 +0000 (+1100)
-Subject: fs/fat: strip "cp" prefix from codepage in display
-X-Git-Tag: next-20121130~1^2~97
-X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fnext%2Flinux-next.git;a=commitdiff_plain;h=f15914873184cc3f2a8d590fa4f7e32ab0a8a405
-
-fs/fat: strip "cp" prefix from codepage in display
-
-Option parsing code expects an unsigned integer for the codepage option,
-but prefixes and stores this option with "cp" before passing to
-load_nls().  This makes the displayed option in /proc an invalid one.
-Strip the prefix when printing so that the displayed option is valid for
-reuse.
-
-Signed-off-by: Dave Reisner <dreisner@archlinux.org>
-Acked-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
-Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
----
-
-diff --git a/fs/fat/inode.c b/fs/fat/inode.c
-index 3b733a7..3580681 100644
---- a/fs/fat/inode.c
-+++ b/fs/fat/inode.c
-@@ -726,7 +726,8 @@ static int fat_show_options(struct seq_file *m, struct dentry *root)
- 	if (opts->allow_utime)
- 		seq_printf(m, ",allow_utime=%04o", opts->allow_utime);
- 	if (sbi->nls_disk)
--		seq_printf(m, ",codepage=%s", sbi->nls_disk->charset);
-+		/* strip "cp" prefix from displayed option */
-+		seq_printf(m, ",codepage=%s", &sbi->nls_disk->charset[2]);
- 	if (isvfat) {
- 		if (sbi->nls_io)
- 			seq_printf(m, ",iocharset=%s", sbi->nls_io->charset);

linux.install

@@ -2,7 +2,7 @@
 # arg 2:  the old package version
 
 KERNEL_NAME=
-KERNEL_VERSION=3.8.0-2-ARCH
+KERNEL_VERSION=3.8.1-1-ARCH
 
 # set a sane PATH to ensure that critical utils like depmod will be found
 export PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'