bump to latest version

2013-02-28 18:41:03 +00:00 · 2013-02-28 18:41:03 +00:00 · 8021bd1421
commit 8021bd1421
parent 98e672d298
4 changed files with 12 additions and 85 deletions
--- a/CVE-2013-1763.patch
+++ b/CVE-2013-1763.patch
@ -1,35 +0,0 @@
 From 6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0 Mon Sep 17 00:00:00 2001
 From: Mathias Krause <minipli@googlemail.com>
 Date: Sat, 23 Feb 2013 01:13:47 +0000
 Subject: [PATCH] sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
 Userland can send a netlink message requesting SOCK_DIAG_BY_FAMILY
 with a family greater or equal then AF_MAX -- the array size of
 sock_diag_handlers[]. The current code does not test for this
 condition therefore is vulnerable to an out-of-bound access opening
 doors for a privilege escalation.
 Signed-off-by: Mathias Krause <minipli@googlemail.com>
 Acked-by: Eric Dumazet <edumazet@google.com>
 Signed-off-by: David S. Miller <davem@davemloft.net>
 ---
 net/core/sock_diag.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)
 diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c
 index 602cd63..750f44f 100644
 --- a/net/core/sock_diag.c
 +++ b/net/core/sock_diag.c
@@ -121,6 +121,9 @@ static int __sock_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
 	if (nlmsg_len(nlh) < sizeof(*req))
 		return -EINVAL;
 +	if (req->sdiag_family >= AF_MAX)
 +		return -EINVAL;
 +
 	hndl = sock_diag_lock_handler(req->sdiag_family);
 	if (hndl == NULL)
 		err = -ENOENT;
 -- 
 1.7.6.5
--- a/27
+++ b/27
@ -4,27 +4,20 @@
 pkgbase=linux               # Build stock -ARCH kernel
 #pkgbase=linux-custom       # Build kernel with a different name
 _srcname=linux-3.8
-pkgver=3.8
+pkgver=3.8.1
-pkgrel=2
+pkgrel=1
 arch=('i686' 'x86_64')
 url="http://www.kernel.org/"
 license=('GPL2')
 makedepends=('xmlto' 'docbook-xsl')
 options=('!strip')
 source=("http://www.kernel.org/pub/linux/kernel/v3.x/${_srcname}.tar.xz"
-        #"http://www.kernel.org/pub/linux/kernel/v3.x/patch-${pkgver}.xz"
+        "http://www.kernel.org/pub/linux/kernel/v3.x/patch-${pkgver}.xz"
        # the main kernel config files
        'config' 'config.x86_64'
        # standard config files for mkinitcpio ramdisk
        'linux.preset'
-        'change-default-console-loglevel.patch'
+        'change-default-console-loglevel.patch')
        'CVE-2013-1763.patch')
 md5sums=('1c738edfc54e7c65faeb90c436104e2f'
         '9710fb1b1e08eb1fc5214dc2fb34ebcc'
         '03b1dad90f3558dba3031901398c1ca4'
         'eb14dcfd80c00852ef81ded6e826826a'
         '9d3c56a4b999c8bfbd4018089a62f662'
         '420991808fe4cba143013427c0737aa9')
 _kernelname=${pkgbase#linux}
@ -32,15 +25,11 @@ build() {
  cd "${srcdir}/${_srcname}"
  # add upstream patch
-  # patch -p1 -i "${srcdir}/patch-${pkgver}"
+  patch -p1 -i "${srcdir}/patch-${pkgver}"
  # add latest fixes from stable queue, if needed
  # http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git
  # Fix security vulnetability CVE-2013-1763.patch
  # https://bugs.archlinux.org/task/34005
  patch -Np1 -i "${srcdir}/CVE-2013-1763.patch"
  # set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param)
  # remove this when a Kconfig knob is made available by upstream
  # (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227)
@ -320,3 +309,9 @@ for _p in ${pkgname[@]}; do
 done
 # vim:set ts=8 sts=2 sw=2 et:
 md5sums=('1c738edfc54e7c65faeb90c436104e2f'
         '50a68679086c346dddb34dedccfae7ee'
         '307107a8b15060e6fc0e48bdaacaed06'
         '03b1dad90f3558dba3031901398c1ca4'
         'eb14dcfd80c00852ef81ded6e826826a'
         '9d3c56a4b999c8bfbd4018089a62f662')
--- a/fat-3.6.x.patch
+++ b/fat-3.6.x.patch
@ -1,33 +0,0 @@
 From: Dave Reisner <dreisner@archlinux.org>
 Date: Thu, 29 Nov 2012 03:18:52 +0000 (+1100)
 Subject: fs/fat: strip "cp" prefix from codepage in display
 X-Git-Tag: next-20121130~1^2~97
 X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fnext%2Flinux-next.git;a=commitdiff_plain;h=f15914873184cc3f2a8d590fa4f7e32ab0a8a405
 fs/fat: strip "cp" prefix from codepage in display
 Option parsing code expects an unsigned integer for the codepage option,
 but prefixes and stores this option with "cp" before passing to
 load_nls().  This makes the displayed option in /proc an invalid one.
 Strip the prefix when printing so that the displayed option is valid for
 reuse.
 Signed-off-by: Dave Reisner <dreisner@archlinux.org>
 Acked-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
 ---
 diff --git a/fs/fat/inode.c b/fs/fat/inode.c
 index 3b733a7..3580681 100644
 --- a/fs/fat/inode.c
 +++ b/fs/fat/inode.c
@@ -726,7 +726,8 @@ static int fat_show_options(struct seq_file *m, struct dentry *root)
 	if (opts->allow_utime)
 		seq_printf(m, ",allow_utime=%04o", opts->allow_utime);
 	if (sbi->nls_disk)
 -		seq_printf(m, ",codepage=%s", sbi->nls_disk->charset);
 +		/* strip "cp" prefix from displayed option */
 +		seq_printf(m, ",codepage=%s", &sbi->nls_disk->charset[2]);
 	if (isvfat) {
 		if (sbi->nls_io)
 			seq_printf(m, ",iocharset=%s", sbi->nls_io->charset);
--- a/linux.install
+++ b/linux.install
@ -2,7 +2,7 @@
 # arg 2:  the old package version
 KERNEL_NAME=
-KERNEL_VERSION=3.8.0-2-ARCH
+KERNEL_VERSION=3.8.1-1-ARCH
 # set a sane PATH to ensure that critical utils like depmod will be found
 export PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'