From 837bc45331149581101930cab2894b7377e23c3f Mon Sep 17 00:00:00 2001 From: Jan Alexander Steffens Date: Fri, 19 Jan 2018 18:50:16 +0000 Subject: [PATCH] 4.14.14-1 --- ...sallow-unprivileged-CLONE_NEWUSER-by.patch | 12 +- ...017-8824-use-after-free-in-DCCP-code.patch | 12 +- ..._check_for_copper_link_ich8lan-retur.patch | 75 ------------ ...ut-of-bounds-read-on-socket-policy-l.patch | 12 +- ...y-use-the-alternate-fixed-mode-if-it.patch | 12 +- ...ask_iter-crash-on-CSS_TASK_ITER_PROC.patch | 114 ------------------ PKGBUILD | 36 ++---- config | 4 +- 8 files changed, 40 insertions(+), 237 deletions(-) rename 0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch => 0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch (80%) delete mode 100644 0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch rename 0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch => 0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch (78%) rename 0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch => 0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch (77%) delete mode 100644 0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch diff --git a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch index c3364a4..a989d66 100644 --- a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch +++ b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch @@ -1,8 +1,8 @@ -From 0b716bdb952b678d9bb5eb32198dbc82ec492df2 Mon Sep 17 00:00:00 2001 -Message-Id: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> +From 4e54373158caa50df5402fdd3db1794c5394026b Mon Sep 17 00:00:00 2001 +Message-Id: <4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steffens@gmail.com> From: Serge Hallyn Date: Fri, 31 May 2013 19:12:12 +0100 -Subject: [PATCH 1/6] add sysctl to disallow unprivileged CLONE_NEWUSER by +Subject: [PATCH 1/4] add sysctl to disallow unprivileged CLONE_NEWUSER by default Signed-off-by: Serge Hallyn @@ -15,7 +15,7 @@ Signed-off-by: Daniel Micay 3 files changed, 30 insertions(+) diff --git a/kernel/fork.c b/kernel/fork.c -index 500ce64517d93e68..35f5860958b40e9b 100644 +index 500ce64517d9..35f5860958b4 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -102,6 +102,11 @@ @@ -55,7 +55,7 @@ index 500ce64517d93e68..35f5860958b40e9b 100644 if (err) goto bad_unshare_out; diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index 56aca862c4f584f5..e8402ba393c1915d 100644 +index 56aca862c4f5..e8402ba393c1 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -105,6 +105,9 @@ extern int core_uses_pid; @@ -85,7 +85,7 @@ index 56aca862c4f584f5..e8402ba393c1915d 100644 { .procname = "tainted", diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index c490f1e4313b998a..dd03bd39d7bf194d 100644 +index c490f1e4313b..dd03bd39d7bf 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c @@ -24,6 +24,9 @@ diff --git a/0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch b/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch similarity index 80% rename from 0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch rename to 0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch index 15e4d29..da886c8 100644 --- a/0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch +++ b/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch @@ -1,10 +1,10 @@ -From e3fff011db7dd80d53b6bda48bcf2313918aa7a8 Mon Sep 17 00:00:00 2001 -Message-Id: -In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> -References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> +From 8514970bf07bd1cc522f50e882e0159a51a39264 Mon Sep 17 00:00:00 2001 +Message-Id: <8514970bf07bd1cc522f50e882e0159a51a39264.1516188238.git.jan.steffens@gmail.com> +In-Reply-To: <4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steffens@gmail.com> +References: <4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steffens@gmail.com> From: Mohamed Ghannam Date: Tue, 5 Dec 2017 20:58:35 +0000 -Subject: [PATCH 3/6] dccp: CVE-2017-8824: use-after-free in DCCP code +Subject: [PATCH 2/4] dccp: CVE-2017-8824: use-after-free in DCCP code Whenever the sock object is in DCCP_CLOSED state, dccp_disconnect() must free dccps_hc_tx_ccid and @@ -18,7 +18,7 @@ Signed-off-by: David S. Miller 1 file changed, 5 insertions(+) diff --git a/net/dccp/proto.c b/net/dccp/proto.c -index b68168fcc06aa198..9d43c1f4027408f3 100644 +index b68168fcc06a..9d43c1f40274 100644 --- a/net/dccp/proto.c +++ b/net/dccp/proto.c @@ -259,25 +259,30 @@ int dccp_disconnect(struct sock *sk, int flags) diff --git a/0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch b/0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch deleted file mode 100644 index 9961ab6..0000000 --- a/0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch +++ /dev/null @@ -1,75 +0,0 @@ -From e6a5e05524563626d14c1745619e37e79cb5a3a7 Mon Sep 17 00:00:00 2001 -Message-Id: -In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> -References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> -From: Benjamin Poirier -Date: Mon, 11 Dec 2017 16:26:40 +0900 -Subject: [PATCH 2/6] e1000e: Fix e1000_check_for_copper_link_ich8lan return - value. - -e1000e_check_for_copper_link() and e1000_check_for_copper_link_ich8lan() -are the two functions that may be assigned to mac.ops.check_for_link when -phy.media_type == e1000_media_type_copper. Commit 19110cfbb34d ("e1000e: -Separate signaling for link check/link up") changed the meaning of the -return value of check_for_link for copper media but only adjusted the first -function. This patch adjusts the second function likewise. - -Reported-by: Christian Hesse -Reported-by: Gabriel C -Link: https://bugzilla.kernel.org/show_bug.cgi?id=198047 -Fixes: 19110cfbb34d ("e1000e: Separate signaling for link check/link up") -Tested-by: Christian Hesse -Signed-off-by: Benjamin Poirier ---- - drivers/net/ethernet/intel/e1000e/ich8lan.c | 11 ++++++++--- - 1 file changed, 8 insertions(+), 3 deletions(-) - -diff --git a/drivers/net/ethernet/intel/e1000e/ich8lan.c b/drivers/net/ethernet/intel/e1000e/ich8lan.c -index d6d4ed7acf031172..31277d3bb7dc1241 100644 ---- a/drivers/net/ethernet/intel/e1000e/ich8lan.c -+++ b/drivers/net/ethernet/intel/e1000e/ich8lan.c -@@ -1367,22 +1367,25 @@ static s32 e1000_disable_ulp_lpt_lp(struct e1000_hw *hw, bool force) - * Checks to see of the link status of the hardware has changed. If a - * change in link status has been detected, then we read the PHY registers - * to get the current speed/duplex if link exists. -+ * -+ * Returns a negative error code (-E1000_ERR_*) or 0 (link down) or 1 (link -+ * up). - **/ - static s32 e1000_check_for_copper_link_ich8lan(struct e1000_hw *hw) - { - struct e1000_mac_info *mac = &hw->mac; - s32 ret_val, tipg_reg = 0; - u16 emi_addr, emi_val = 0; - bool link; - u16 phy_reg; - - /* We only want to go out to the PHY registers to see if Auto-Neg - * has completed and/or if our link status has changed. The - * get_link_status flag is set upon receiving a Link Status - * Change or Rx Sequence Error interrupt. - */ - if (!mac->get_link_status) -- return 0; -+ return 1; - - /* First we want to see if the MII Status Register reports - * link. If so, then we want to get the current speed/duplex -@@ -1613,10 +1616,12 @@ static s32 e1000_check_for_copper_link_ich8lan(struct e1000_hw *hw) - * different link partner. - */ - ret_val = e1000e_config_fc_after_link_up(hw); -- if (ret_val) -+ if (ret_val) { - e_dbg("Error configuring flow control\n"); -+ return ret_val; -+ } - -- return ret_val; -+ return 1; - } - - static s32 e1000_get_variants_ich8lan(struct e1000_adapter *adapter) --- -2.15.1 - diff --git a/0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch b/0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch similarity index 78% rename from 0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch rename to 0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch index 6b4de3a..8a3ea30 100644 --- a/0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch +++ b/0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch @@ -1,10 +1,10 @@ -From 5a11be3bab2dcd6fe061206662969c4cea46988f Mon Sep 17 00:00:00 2001 -Message-Id: <5a11be3bab2dcd6fe061206662969c4cea46988f.1515173964.git.jan.steffens@gmail.com> -In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> -References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> +From c9c8995fc83b476fdf3fc0c4b498feef2949ec75 Mon Sep 17 00:00:00 2001 +Message-Id: +In-Reply-To: <4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steffens@gmail.com> +References: <4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steffens@gmail.com> From: Steffen Klassert Date: Fri, 22 Dec 2017 10:44:57 +0100 -Subject: [PATCH 4/6] xfrm: Fix stack-out-of-bounds read on socket policy +Subject: [PATCH 3/4] xfrm: Fix stack-out-of-bounds read on socket policy lookup. When we do tunnel or beet mode, we pass saddr and daddr from the @@ -24,7 +24,7 @@ Signed-off-by: Steffen Klassert 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c -index 6bc16bb61b5533ef..50c5f46b5cca942e 100644 +index 6bc16bb61b55..50c5f46b5cca 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -1169,9 +1169,15 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir, diff --git a/0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch b/0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch similarity index 77% rename from 0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch rename to 0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch index 5d36d15..f77c9b5 100644 --- a/0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch +++ b/0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch @@ -1,10 +1,10 @@ -From cf45be4971bdd769c09e2a11db483510cd0bcc5f Mon Sep 17 00:00:00 2001 -Message-Id: -In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> -References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> +From e722c8d112f0aa9621d7d4da5223cfc7aeb45e88 Mon Sep 17 00:00:00 2001 +Message-Id: +In-Reply-To: <4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steffens@gmail.com> +References: <4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steffens@gmail.com> From: Jim Bride Date: Mon, 6 Nov 2017 13:38:57 -0800 -Subject: [PATCH 6/6] drm/i915/edp: Only use the alternate fixed mode if it's +Subject: [PATCH 4/4] drm/i915/edp: Only use the alternate fixed mode if it's asked for In commit dc911f5bd8aa ("drm/i915/edp: Allow alternate fixed mode for @@ -24,7 +24,7 @@ Signed-off-by: Jim Bride 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c -index 09f274419eea1c74..838cee312e8e6978 100644 +index 09f274419eea..838cee312e8e 100644 --- a/drivers/gpu/drm/i915/intel_dp.c +++ b/drivers/gpu/drm/i915/intel_dp.c @@ -1632,7 +1632,8 @@ static bool intel_edp_compare_alt_mode(struct drm_display_mode *m1, diff --git a/0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch b/0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch deleted file mode 100644 index 3090318..0000000 --- a/0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch +++ /dev/null @@ -1,114 +0,0 @@ -From eadda028a73a567edd8462ccd0e8c28e023cde28 Mon Sep 17 00:00:00 2001 -Message-Id: -In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> -References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com> -From: Tejun Heo -Date: Wed, 20 Dec 2017 07:09:19 -0800 -Subject: [PATCH 5/6] cgroup: fix css_task_iter crash on CSS_TASK_ITER_PROC - -While teaching css_task_iter to handle skipping over tasks which -aren't group leaders, bc2fb7ed089f ("cgroup: add @flags to -css_task_iter_start() and implement CSS_TASK_ITER_PROCS") introduced a -silly bug. - -CSS_TASK_ITER_PROCS is implemented by repeating -css_task_iter_advance() while the advanced cursor is pointing to a -non-leader thread. However, the cursor variable, @l, wasn't updated -when the iteration has to advance to the next css_set and the -following repetition would operate on the terminal @l from the -previous iteration which isn't pointing to a valid task leading to -oopses like the following or infinite looping. - - BUG: unable to handle kernel NULL pointer dereference at 0000000000000254 - IP: __task_pid_nr_ns+0xc7/0xf0 - PGD 0 P4D 0 - Oops: 0000 [#1] SMP - ... - CPU: 2 PID: 1 Comm: systemd Not tainted 4.14.4-200.fc26.x86_64 #1 - Hardware name: System manufacturer System Product Name/PRIME B350M-A, BIOS 3203 11/09/2017 - task: ffff88c4baee8000 task.stack: ffff96d5c3158000 - RIP: 0010:__task_pid_nr_ns+0xc7/0xf0 - RSP: 0018:ffff96d5c315bd50 EFLAGS: 00010206 - RAX: 0000000000000000 RBX: ffff88c4b68c6000 RCX: 0000000000000250 - RDX: ffffffffa5e47960 RSI: 0000000000000000 RDI: ffff88c490f6ab00 - RBP: ffff96d5c315bd50 R08: 0000000000001000 R09: 0000000000000005 - R10: ffff88c4be006b80 R11: ffff88c42f1b8004 R12: ffff96d5c315bf18 - R13: ffff88c42d7dd200 R14: ffff88c490f6a510 R15: ffff88c4b68c6000 - FS: 00007f9446f8ea00(0000) GS:ffff88c4be680000(0000) knlGS:0000000000000000 - CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 - CR2: 0000000000000254 CR3: 00000007f956f000 CR4: 00000000003406e0 - Call Trace: - cgroup_procs_show+0x19/0x30 - cgroup_seqfile_show+0x4c/0xb0 - kernfs_seq_show+0x21/0x30 - seq_read+0x2ec/0x3f0 - kernfs_fop_read+0x134/0x180 - __vfs_read+0x37/0x160 - ? security_file_permission+0x9b/0xc0 - vfs_read+0x8e/0x130 - SyS_read+0x55/0xc0 - entry_SYSCALL_64_fastpath+0x1a/0xa5 - RIP: 0033:0x7f94455f942d - RSP: 002b:00007ffe81ba2d00 EFLAGS: 00000293 ORIG_RAX: 0000000000000000 - RAX: ffffffffffffffda RBX: 00005574e2233f00 RCX: 00007f94455f942d - RDX: 0000000000001000 RSI: 00005574e2321a90 RDI: 000000000000002b - RBP: 0000000000000000 R08: 00005574e2321a90 R09: 00005574e231de60 - R10: 00007f94458c8b38 R11: 0000000000000293 R12: 00007f94458c8ae0 - R13: 00007ffe81ba3800 R14: 0000000000000000 R15: 00005574e2116560 - Code: 04 74 0e 89 f6 48 8d 04 76 48 8d 04 c5 f0 05 00 00 48 8b bf b8 05 00 00 48 01 c7 31 c0 48 8b 0f 48 85 c9 74 18 8b b2 30 08 00 00 <3b> 71 04 77 0d 48 c1 e6 05 48 01 f1 48 3b 51 38 74 09 5d c3 8b - RIP: __task_pid_nr_ns+0xc7/0xf0 RSP: ffff96d5c315bd50 - -Fix it by moving the initialization of the cursor below the repeat -label. While at it, rename it to @next for readability. - -Signed-off-by: Tejun Heo -Fixes: bc2fb7ed089f ("cgroup: add @flags to css_task_iter_start() and implement CSS_TASK_ITER_PROCS") -Cc: stable@vger.kernel.org # v4.14+ -Reported-by: Laura Abbott -Reported-by: Bronek Kozicki -Reported-by: George Amanakis -Signed-off-by: Tejun Heo ---- - kernel/cgroup/cgroup.c | 14 ++++++-------- - 1 file changed, 6 insertions(+), 8 deletions(-) - -diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c -index 44857278eb8aa6a2..030e4286f14c715e 100644 ---- a/kernel/cgroup/cgroup.c -+++ b/kernel/cgroup/cgroup.c -@@ -4059,26 +4059,24 @@ static void css_task_iter_advance_css_set(struct css_task_iter *it) - - static void css_task_iter_advance(struct css_task_iter *it) - { -- struct list_head *l = it->task_pos; -+ struct list_head *next; - - lockdep_assert_held(&css_set_lock); -- WARN_ON_ONCE(!l); -- - repeat: - /* - * Advance iterator to find next entry. cset->tasks is consumed - * first and then ->mg_tasks. After ->mg_tasks, we move onto the - * next cset. - */ -- l = l->next; -+ next = it->task_pos->next; - -- if (l == it->tasks_head) -- l = it->mg_tasks_head->next; -+ if (next == it->tasks_head) -+ next = it->mg_tasks_head->next; - -- if (l == it->mg_tasks_head) -+ if (next == it->mg_tasks_head) - css_task_iter_advance_css_set(it); - else -- it->task_pos = l; -+ it->task_pos = next; - - /* if PROCS, skip over tasks which aren't group leaders */ - if ((it->flags & CSS_TASK_ITER_PROCS) && it->task_pos && --- -2.15.1 - diff --git a/PKGBUILD b/PKGBUILD index 8cb9bd6..7711fbd 100644 --- a/PKGBUILD +++ b/PKGBUILD @@ -4,7 +4,7 @@ pkgbase=linux # Build stock -ARCH kernel #pkgbase=linux-custom # Build kernel with a different name _srcname=linux-4.14 -pkgver=4.14.13 +pkgver=4.14.14 pkgrel=1 arch=('x86_64') url="https://www.kernel.org/" @@ -21,11 +21,9 @@ source=( '90-linux.hook' # pacman hook for initramfs regeneration 'linux.preset' # standard config files for mkinitcpio ramdisk 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch - 0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch - 0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch - 0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch - 0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch - 0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch + 0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch + 0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch + 0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch ) validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds @@ -33,18 +31,16 @@ validpgpkeys=( ) sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7' 'SKIP' - 'ce897f467e80452f29d7a7a8809e8585ea12192a2c32e4d18578f64b043e802e' + '62d656b98f0dc143216cb9650bd9b96cd83d92925731e9f0bec5eb4d6358e603' 'SKIP' - '24b8cf6829dafcb2b5c76cffaae6438ad2d432f13d6551fa1c8f25e66b751ed4' + 'edaf7bebcaf3032e3bf15353e0773e39872c73fc024ca4d23383195a13745b2e' 'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21' '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919' 'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65' - 'd8a865a11665424b21fe6be9265eb287ee6d5646261a486954ddf3a4ee87e78f' - '9251c03da9d4b64591d77f490ff144d4ba514e66e74294ada541bf827306c9c4' - '6ce57b8dba43db4c6ee167a8891167b7d1e1e101d5112e776113eb37de5c37d8' - '1c1f5792c98369c546840950e6569a690cd88e33d4f0931d2b0b5b88f705aa4d' - 'c3d743a0e193294bc5fbae65e7ba69fd997cd8b2ded9c9a45c5151d71d9cfb95' - 'ec7342aab478af79a17ff65cf65bbd6744b0caee8f66c77a39bba61a78e6576d') + '36b1118c8dedadc4851150ddd4eb07b1c58ac5bbf3022cc2501a27c2b476da98' + '5694022613bb49a77d3dfafdd2e635e9015e0a9069c58a07e99bdc5df6520311' + '2f46093fde72eabc0fd25eff5065d780619fc5e7d2143d048877a8220d6291b0' + '6364edabad4182dcf148ae7c14d8f45d61037d4539e76486f978f1af3a090794') _kernelname=${pkgbase#linux} @@ -63,20 +59,14 @@ prepare() { # disable USER_NS for non-root users by default patch -Np1 -i ../0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch - # https://bugs.archlinux.org/task/56575 - patch -Np1 -i ../0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch - # https://nvd.nist.gov/vuln/detail/CVE-2017-8824 - patch -Np1 -i ../0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch + patch -Np1 -i ../0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch # https://bugs.archlinux.org/task/56605 - patch -Np1 -i ../0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch - - # https://bugs.archlinux.org/task/56846 - patch -Np1 -i ../0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch + patch -Np1 -i ../0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch # https://bugs.archlinux.org/task/56711 - patch -Np1 -i ../0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch + patch -Np1 -i ../0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch cp -Tf ../config .config diff --git a/config b/config index 31a820d..ca2bcf3 100644 --- a/config +++ b/config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.14.11-1 Kernel Configuration +# Linux/x86 4.14.14-1 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -449,6 +449,7 @@ CONFIG_X86_FAST_FEATURE_TESTS=y CONFIG_X86_X2APIC=y CONFIG_X86_MPPARSE=y # CONFIG_GOLDFISH is not set +CONFIG_RETPOLINE=y CONFIG_INTEL_RDT=y # CONFIG_X86_EXTENDED_PLATFORM is not set CONFIG_X86_INTEL_LPSS=y @@ -1855,6 +1856,7 @@ CONFIG_DEV_COREDUMP=y CONFIG_SYS_HYPERVISOR=y # CONFIG_GENERIC_CPU_DEVICES is not set CONFIG_GENERIC_CPU_AUTOPROBE=y +CONFIG_GENERIC_CPU_VULNERABILITIES=y CONFIG_REGMAP=y CONFIG_REGMAP_I2C=y CONFIG_REGMAP_SPI=y