diff options
-rw-r--r-- | kernels/linux-libre-knock/0001-x86-x32-Correct-invalid-use-of-user-timespec-in-the-.patch | 80 | ||||
-rw-r--r-- | kernels/linux-libre-knock/PKGBUILD | 15 |
2 files changed, 5 insertions, 90 deletions
diff --git a/kernels/linux-libre-knock/0001-x86-x32-Correct-invalid-use-of-user-timespec-in-the-.patch b/kernels/linux-libre-knock/0001-x86-x32-Correct-invalid-use-of-user-timespec-in-the-.patch deleted file mode 100644 index 3f1bccc80..000000000 --- a/kernels/linux-libre-knock/0001-x86-x32-Correct-invalid-use-of-user-timespec-in-the-.patch +++ /dev/null @@ -1,80 +0,0 @@ -From 2def2ef2ae5f3990aabdbe8a755911902707d268 Mon Sep 17 00:00:00 2001 -From: PaX Team <pageexec@freemail.hu> -Date: Thu, 30 Jan 2014 16:59:25 -0800 -Subject: [PATCH] x86, x32: Correct invalid use of user timespec in the kernel - -The x32 case for the recvmsg() timout handling is broken: - - asmlinkage long compat_sys_recvmmsg(int fd, struct compat_mmsghdr __user *mmsg, - unsigned int vlen, unsigned int flags, - struct compat_timespec __user *timeout) - { - int datagrams; - struct timespec ktspec; - - if (flags & MSG_CMSG_COMPAT) - return -EINVAL; - - if (COMPAT_USE_64BIT_TIME) - return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen, - flags | MSG_CMSG_COMPAT, - (struct timespec *) timeout); - ... - -The timeout pointer parameter is provided by userland (hence the __user -annotation) but for x32 syscalls it's simply cast to a kernel pointer -and is passed to __sys_recvmmsg which will eventually directly -dereference it for both reading and writing. Other callers to -__sys_recvmmsg properly copy from userland to the kernel first. - -The bug was introduced by commit ee4fa23c4bfc ("compat: Use -COMPAT_USE_64BIT_TIME in net/compat.c") and should affect all kernels -since 3.4 (and perhaps vendor kernels if they backported x32 support -along with this code). - -Note that CONFIG_X86_X32_ABI gets enabled at build time and only if -CONFIG_X86_X32 is enabled and ld can build x32 executables. - -Other uses of COMPAT_USE_64BIT_TIME seem fine. - -This addresses CVE-2014-0038. - -Signed-off-by: PaX Team <pageexec@freemail.hu> -Signed-off-by: H. Peter Anvin <hpa@linux.intel.com> -Cc: <stable@vger.kernel.org> # v3.4+ -Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> ---- - net/compat.c | 9 ++------- - 1 file changed, 2 insertions(+), 7 deletions(-) - -diff --git a/net/compat.c b/net/compat.c -index dd32e34..f50161f 100644 ---- a/net/compat.c -+++ b/net/compat.c -@@ -780,21 +780,16 @@ asmlinkage long compat_sys_recvmmsg(int fd, struct compat_mmsghdr __user *mmsg, - if (flags & MSG_CMSG_COMPAT) - return -EINVAL; - -- if (COMPAT_USE_64BIT_TIME) -- return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen, -- flags | MSG_CMSG_COMPAT, -- (struct timespec *) timeout); -- - if (timeout == NULL) - return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen, - flags | MSG_CMSG_COMPAT, NULL); - -- if (get_compat_timespec(&ktspec, timeout)) -+ if (compat_get_timespec(&ktspec, timeout)) - return -EFAULT; - - datagrams = __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen, - flags | MSG_CMSG_COMPAT, &ktspec); -- if (datagrams > 0 && put_compat_timespec(&ktspec, timeout)) -+ if (datagrams > 0 && compat_put_timespec(&ktspec, timeout)) - datagrams = -EFAULT; - - return datagrams; --- -1.8.5.3 - diff --git a/kernels/linux-libre-knock/PKGBUILD b/kernels/linux-libre-knock/PKGBUILD index 0ca9167b8..0184dc0f1 100644 --- a/kernels/linux-libre-knock/PKGBUILD +++ b/kernels/linux-libre-knock/PKGBUILD @@ -10,11 +10,11 @@ pkgbase=linux-libre-knock # Build stock -LIBRE-KNOCK kernel #pkgbase=linux-libre-custom # Build kernel with a different name _basekernel=3.12 -_sublevel=9 +_sublevel=13 _knockpatchver=${_basekernel}.4 pkgver=${_basekernel}.${_sublevel} -pkgrel=2 -_lxopkgver=${_basekernel}.9 # nearly always the same as pkgver +pkgrel=1 +_lxopkgver=${_basekernel}.12 # nearly always the same as pkgver arch=('i686' 'x86_64' 'mips64el') url="http://linux-libre.fsfla.org/" license=('GPL2') @@ -38,10 +38,9 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn 'rpc_pipe-remove-the-clntXX-dir-if-creating-the-pipe-fails.patch' 'sunrpc-add-an-info-file-for-the-dummy-gssd-pipe.patch' 'rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-notification-fails.patch' - '0001-x86-x32-Correct-invalid-use-of-user-timespec-in-the-.patch' "http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.xz") md5sums=('254f59707b6676b59ce5ca5c3c698319' - '348975e36e4dd27f5d8fc50e92de8922' + 'e2ec796847356b785cb06d0563f3f7d5' '387673a6510de1e1bce8188fc7a72bd1' '6eac169d20fd27b55815b0b2db4a473b' 'f341bc4685a40dc409b144b0f44bb137' @@ -57,8 +56,7 @@ md5sums=('254f59707b6676b59ce5ca5c3c698319' 'cec0bb8981936eab2943b2009b7a6fff' '88d9cddf9e0050a76ec4674f264fb2a1' 'cb9016630212ef07b168892fbcfd4e5d' - '336d2c4afd7ee5f2bdf0dcb1a54df4b2' - '9cdff00e5aa53962869857d64a1ccf01') + 'a9a0ee57377ed6e55957f9671eead03a') if [ "$CARCH" != "mips64el" ]; then # don't use the Loongson-specific patches on non-mips64el arches. unset source[${#source[@]}-1] @@ -107,9 +105,6 @@ prepare() { patch -Np1 -i "${srcdir}/rpc_pipe-fix-cleanup-of-dummy-gssd-directory-when-notification-fails.patch" - # Fix CVE-2014-0038 - patch -p1 -i "${srcdir}/0001-x86-x32-Correct-invalid-use-of-user-timespec-in-the-.patch" - if [ "$CARCH" == "mips64el" ]; then sed -i "s|^EXTRAVERSION.*|EXTRAVERSION =-libre-knock|" Makefile sed -r "s|^( SUBLEVEL = ).*|\1$_sublevel|" \ |