diff options
-rw-r--r-- | libre/linux-libre/CVE-2013-1763.patch | 35 | ||||
-rw-r--r-- | libre/linux-libre/PKGBUILD | 20 | ||||
-rw-r--r-- | libre/linux-libre/config.i686 | 2 | ||||
-rw-r--r-- | libre/linux-libre/config.x86_64 | 2 | ||||
-rw-r--r-- | libre/linux-libre/linux-libre.install | 2 |
5 files changed, 51 insertions, 10 deletions
diff --git a/libre/linux-libre/CVE-2013-1763.patch b/libre/linux-libre/CVE-2013-1763.patch new file mode 100644 index 000000000..82b59a6dc --- /dev/null +++ b/libre/linux-libre/CVE-2013-1763.patch @@ -0,0 +1,35 @@ +From 6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0 Mon Sep 17 00:00:00 2001 +From: Mathias Krause <minipli@googlemail.com> +Date: Sat, 23 Feb 2013 01:13:47 +0000 +Subject: [PATCH] sock_diag: Fix out-of-bounds access to sock_diag_handlers[] + +Userland can send a netlink message requesting SOCK_DIAG_BY_FAMILY +with a family greater or equal then AF_MAX -- the array size of +sock_diag_handlers[]. The current code does not test for this +condition therefore is vulnerable to an out-of-bound access opening +doors for a privilege escalation. + +Signed-off-by: Mathias Krause <minipli@googlemail.com> +Acked-by: Eric Dumazet <edumazet@google.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +--- + net/core/sock_diag.c | 3 +++ + 1 files changed, 3 insertions(+), 0 deletions(-) + +diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c +index 602cd63..750f44f 100644 +--- a/net/core/sock_diag.c ++++ b/net/core/sock_diag.c +@@ -121,6 +121,9 @@ static int __sock_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) + if (nlmsg_len(nlh) < sizeof(*req)) + return -EINVAL; + ++ if (req->sdiag_family >= AF_MAX) ++ return -EINVAL; ++ + hndl = sock_diag_lock_handler(req->sdiag_family); + if (hndl == NULL) + err = -ENOENT; +-- +1.7.6.5 + diff --git a/libre/linux-libre/PKGBUILD b/libre/linux-libre/PKGBUILD index 6842b2712..15bb939d0 100644 --- a/libre/linux-libre/PKGBUILD +++ b/libre/linux-libre/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 178342 2013-02-20 12:32:29Z tpowa $ +# $Id: PKGBUILD 178533 2013-02-25 11:02:32Z tpowa $ # Maintainer: Tobias Powalowski <tpowa@archlinux.org> # Maintainer: Thomas Baechler <thomas@archlinux.org> # Maintainer (Parabola): Nicolás Reynolds <fauno@kiwwwi.com.ar> @@ -13,7 +13,7 @@ _basekernel=3.8 #_sublevel=9 #pkgver=${_basekernel}.${_sublevel} pkgver=${_basekernel} -pkgrel=1 +pkgrel=2 #_lxopkgver=${_basekernel}.8 # nearly always the same as pkgver arch=('i686' 'x86_64' 'mips64el') url="http://linux-libre.fsfla.org/" @@ -29,16 +29,18 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn 'Kbuild' 'Kbuild.platforms' 'boot-logo.patch' - 'change-default-console-loglevel.patch') + 'change-default-console-loglevel.patch' + 'CVE-2013-1763.patch') #"http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.bz2") md5sums=('84c2a77910932ffc7d958744ac9cf2f5' - 'd0ceaebf20b53184c50e7f4980ed45d1' - '0b483b23413dbc451f2b041b9a475c03' + '101e798e00fd9b66a4c86cd30d28b844' + '5f3338af83af116b99746eb8a3ca65e4' 'e49ac236dfeef709f91a3d993ea7b62c' '2967cecc3af9f954ccc822fd63dca6ff' '8267264d9a8966e57fdacd1fa1fc65c4' '04b21c79df0a952c22d681dd4f4562df' - '9d3c56a4b999c8bfbd4018089a62f662') + '9d3c56a4b999c8bfbd4018089a62f662' + '420991808fe4cba143013427c0737aa9') #if [ "$CARCH" != "mips64el" ]; then # # Don't use the Loongson-specific patches on non-mips64el arches. # unset source[${#source[@]}-1] @@ -58,6 +60,10 @@ build() { # Add freedo as boot logo patch -Np1 -i "${srcdir}/boot-logo.patch" + # Fix security vulnetability CVE-2013-1763.patch + # https://bugs.archlinux.org/task/34005 + patch -Np1 -i "${srcdir}/CVE-2013-1763.patch" + # set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param) # remove this when a Kconfig knob is made available by upstream # (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227) @@ -246,7 +252,7 @@ _package-headers() { mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/include" - for i in acpi asm-generic config crypto drm generated linux math-emu \ + for i in acpi asm-generic config crypto drm generated keys linux math-emu \ media net pcmcia scsi sound trace uapi video xen; do cp -a include/${i} "${pkgdir}/usr/src/linux-${_kernver}/include/" done diff --git a/libre/linux-libre/config.i686 b/libre/linux-libre/config.i686 index 1491a2ff6..f6af7876a 100644 --- a/libre/linux-libre/config.i686 +++ b/libre/linux-libre/config.i686 @@ -5866,7 +5866,7 @@ CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024 # CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init" -CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init" +CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/usr/lib/systemd/systemd" CONFIG_SECURITY_APPARMOR=y CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0 # CONFIG_SECURITY_YAMA is not set diff --git a/libre/linux-libre/config.x86_64 b/libre/linux-libre/config.x86_64 index dcf662c3c..5818aa984 100644 --- a/libre/linux-libre/config.x86_64 +++ b/libre/linux-libre/config.x86_64 @@ -5639,7 +5639,7 @@ CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024 # CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init" -CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init" +CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/usr/lib/systemd/systemd" CONFIG_SECURITY_APPARMOR=y CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0 # CONFIG_SECURITY_YAMA is not set diff --git a/libre/linux-libre/linux-libre.install b/libre/linux-libre/linux-libre.install index c94a54bcc..fb7fa81c2 100644 --- a/libre/linux-libre/linux-libre.install +++ b/libre/linux-libre/linux-libre.install @@ -2,7 +2,7 @@ # arg 2: the old package version KERNEL_NAME= -KERNEL_VERSION=3.8.0-1-LIBRE +KERNEL_VERSION=3.8.0-2-LIBRE # set a sane PATH to ensure that critical utils like depmod will be found export PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' |