summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--libre/linux-libre/CVE-2013-1763.patch35
-rw-r--r--libre/linux-libre/PKGBUILD20
-rw-r--r--libre/linux-libre/config.i6862
-rw-r--r--libre/linux-libre/config.x86_642
-rw-r--r--libre/linux-libre/linux-libre.install2
5 files changed, 51 insertions, 10 deletions
diff --git a/libre/linux-libre/CVE-2013-1763.patch b/libre/linux-libre/CVE-2013-1763.patch
new file mode 100644
index 000000000..82b59a6dc
--- /dev/null
+++ b/libre/linux-libre/CVE-2013-1763.patch
@@ -0,0 +1,35 @@
+From 6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0 Mon Sep 17 00:00:00 2001
+From: Mathias Krause <minipli@googlemail.com>
+Date: Sat, 23 Feb 2013 01:13:47 +0000
+Subject: [PATCH] sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
+
+Userland can send a netlink message requesting SOCK_DIAG_BY_FAMILY
+with a family greater or equal then AF_MAX -- the array size of
+sock_diag_handlers[]. The current code does not test for this
+condition therefore is vulnerable to an out-of-bound access opening
+doors for a privilege escalation.
+
+Signed-off-by: Mathias Krause <minipli@googlemail.com>
+Acked-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+ net/core/sock_diag.c | 3 +++
+ 1 files changed, 3 insertions(+), 0 deletions(-)
+
+diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c
+index 602cd63..750f44f 100644
+--- a/net/core/sock_diag.c
++++ b/net/core/sock_diag.c
+@@ -121,6 +121,9 @@ static int __sock_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
+ if (nlmsg_len(nlh) < sizeof(*req))
+ return -EINVAL;
+
++ if (req->sdiag_family >= AF_MAX)
++ return -EINVAL;
++
+ hndl = sock_diag_lock_handler(req->sdiag_family);
+ if (hndl == NULL)
+ err = -ENOENT;
+--
+1.7.6.5
+
diff --git a/libre/linux-libre/PKGBUILD b/libre/linux-libre/PKGBUILD
index 6842b2712..15bb939d0 100644
--- a/libre/linux-libre/PKGBUILD
+++ b/libre/linux-libre/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 178342 2013-02-20 12:32:29Z tpowa $
+# $Id: PKGBUILD 178533 2013-02-25 11:02:32Z tpowa $
# Maintainer: Tobias Powalowski <tpowa@archlinux.org>
# Maintainer: Thomas Baechler <thomas@archlinux.org>
# Maintainer (Parabola): Nicolás Reynolds <fauno@kiwwwi.com.ar>
@@ -13,7 +13,7 @@ _basekernel=3.8
#_sublevel=9
#pkgver=${_basekernel}.${_sublevel}
pkgver=${_basekernel}
-pkgrel=1
+pkgrel=2
#_lxopkgver=${_basekernel}.8 # nearly always the same as pkgver
arch=('i686' 'x86_64' 'mips64el')
url="http://linux-libre.fsfla.org/"
@@ -29,16 +29,18 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn
'Kbuild'
'Kbuild.platforms'
'boot-logo.patch'
- 'change-default-console-loglevel.patch')
+ 'change-default-console-loglevel.patch'
+ 'CVE-2013-1763.patch')
#"http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.bz2")
md5sums=('84c2a77910932ffc7d958744ac9cf2f5'
- 'd0ceaebf20b53184c50e7f4980ed45d1'
- '0b483b23413dbc451f2b041b9a475c03'
+ '101e798e00fd9b66a4c86cd30d28b844'
+ '5f3338af83af116b99746eb8a3ca65e4'
'e49ac236dfeef709f91a3d993ea7b62c'
'2967cecc3af9f954ccc822fd63dca6ff'
'8267264d9a8966e57fdacd1fa1fc65c4'
'04b21c79df0a952c22d681dd4f4562df'
- '9d3c56a4b999c8bfbd4018089a62f662')
+ '9d3c56a4b999c8bfbd4018089a62f662'
+ '420991808fe4cba143013427c0737aa9')
#if [ "$CARCH" != "mips64el" ]; then
# # Don't use the Loongson-specific patches on non-mips64el arches.
# unset source[${#source[@]}-1]
@@ -58,6 +60,10 @@ build() {
# Add freedo as boot logo
patch -Np1 -i "${srcdir}/boot-logo.patch"
+ # Fix security vulnetability CVE-2013-1763.patch
+ # https://bugs.archlinux.org/task/34005
+ patch -Np1 -i "${srcdir}/CVE-2013-1763.patch"
+
# set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param)
# remove this when a Kconfig knob is made available by upstream
# (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227)
@@ -246,7 +252,7 @@ _package-headers() {
mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/include"
- for i in acpi asm-generic config crypto drm generated linux math-emu \
+ for i in acpi asm-generic config crypto drm generated keys linux math-emu \
media net pcmcia scsi sound trace uapi video xen; do
cp -a include/${i} "${pkgdir}/usr/src/linux-${_kernver}/include/"
done
diff --git a/libre/linux-libre/config.i686 b/libre/linux-libre/config.i686
index 1491a2ff6..f6af7876a 100644
--- a/libre/linux-libre/config.i686
+++ b/libre/linux-libre/config.i686
@@ -5866,7 +5866,7 @@ CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048
CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024
# CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set
CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init"
-CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init"
+CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/usr/lib/systemd/systemd"
CONFIG_SECURITY_APPARMOR=y
CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0
# CONFIG_SECURITY_YAMA is not set
diff --git a/libre/linux-libre/config.x86_64 b/libre/linux-libre/config.x86_64
index dcf662c3c..5818aa984 100644
--- a/libre/linux-libre/config.x86_64
+++ b/libre/linux-libre/config.x86_64
@@ -5639,7 +5639,7 @@ CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048
CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024
# CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set
CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init"
-CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init"
+CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/usr/lib/systemd/systemd"
CONFIG_SECURITY_APPARMOR=y
CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0
# CONFIG_SECURITY_YAMA is not set
diff --git a/libre/linux-libre/linux-libre.install b/libre/linux-libre/linux-libre.install
index c94a54bcc..fb7fa81c2 100644
--- a/libre/linux-libre/linux-libre.install
+++ b/libre/linux-libre/linux-libre.install
@@ -2,7 +2,7 @@
# arg 2: the old package version
KERNEL_NAME=
-KERNEL_VERSION=3.8.0-1-LIBRE
+KERNEL_VERSION=3.8.0-2-LIBRE
# set a sane PATH to ensure that critical utils like depmod will be found
export PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'