From 06e9c1c633540d4e3881279a10e58786253f8288 Mon Sep 17 00:00:00 2001
From: David P <megver83@parabola.nu>
Date: Thu, 28 Feb 2019 22:03:08 -0300
Subject: upgpkg: libre/linux-libre-pae 4.20.13_gnu-1

Signed-off-by: David P <megver83@parabola.nu>
---
 ...to-disallow-unprivileged-CLONE_NEWUSER-by.patch | 15 +++----
 ...002-exec-Fix-mem-leak-in-kernel_read_file.patch | 49 ++++++++++++++++++++++
 libre/linux-libre-pae/PKGBUILD                     | 42 +++++++++----------
 libre/linux-libre-pae/config                       |  3 +-
 4 files changed, 79 insertions(+), 30 deletions(-)
 create mode 100644 libre/linux-libre-pae/0002-exec-Fix-mem-leak-in-kernel_read_file.patch

diff --git a/libre/linux-libre-pae/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch b/libre/linux-libre-pae/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
index 1acba9de4..3eb5364d2 100644
--- a/libre/linux-libre-pae/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
+++ b/libre/linux-libre-pae/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
@@ -1,7 +1,8 @@
-From c0e9080c8b76a81fb0f5d2cbd920a24b7f17d11e Mon Sep 17 00:00:00 2001
+From 93e8ac0b24945cfad9b7e1a1e933436b55653627 Mon Sep 17 00:00:00 2001
 From: Serge Hallyn <serge.hallyn@canonical.com>
 Date: Fri, 31 May 2013 19:12:12 +0100
-Subject: [PATCH] add sysctl to disallow unprivileged CLONE_NEWUSER by default
+Subject: [PATCH 1/2] add sysctl to disallow unprivileged CLONE_NEWUSER by
+ default
 
 Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
 [bwh: Remove unneeded binary sysctl bits]
@@ -13,7 +14,7 @@ Signed-off-by: Daniel Micay <danielmicay@gmail.com>
  3 files changed, 30 insertions(+)
 
 diff --git a/kernel/fork.c b/kernel/fork.c
-index e2a5156bc9c3..74d59b69d494 100644
+index 906cd0c13d15..0d1d30ad91e7 100644
 --- a/kernel/fork.c
 +++ b/kernel/fork.c
 @@ -104,6 +104,11 @@
@@ -28,7 +29,7 @@ index e2a5156bc9c3..74d59b69d494 100644
  
  /*
   * Minimum number of threads to boot the kernel
-@@ -1698,6 +1703,10 @@ static __latent_entropy struct task_struct *copy_process(
+@@ -1699,6 +1704,10 @@ static __latent_entropy struct task_struct *copy_process(
  	if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS))
  		return ERR_PTR(-EINVAL);
  
@@ -39,7 +40,7 @@ index e2a5156bc9c3..74d59b69d494 100644
  	/*
  	 * Thread groups must share signals as well, and detached threads
  	 * can only be started up within the thread group.
-@@ -2522,6 +2531,12 @@ int ksys_unshare(unsigned long unshare_flags)
+@@ -2532,6 +2541,12 @@ int ksys_unshare(unsigned long unshare_flags)
  	if (unshare_flags & CLONE_NEWNS)
  		unshare_flags |= CLONE_FS;
  
@@ -53,7 +54,7 @@ index e2a5156bc9c3..74d59b69d494 100644
  	if (err)
  		goto bad_unshare_out;
 diff --git a/kernel/sysctl.c b/kernel/sysctl.c
-index 5fc724e4e454..bea075b4bb48 100644
+index 9ee261fce89e..ab26ddeab33d 100644
 --- a/kernel/sysctl.c
 +++ b/kernel/sysctl.c
 @@ -106,6 +106,9 @@ extern int core_uses_pid;
@@ -97,5 +98,5 @@ index 923414a246e9..6b9dbc257e34 100644
  static DEFINE_MUTEX(userns_state_mutex);
  
 -- 
-2.20.1
+2.21.0
 
diff --git a/libre/linux-libre-pae/0002-exec-Fix-mem-leak-in-kernel_read_file.patch b/libre/linux-libre-pae/0002-exec-Fix-mem-leak-in-kernel_read_file.patch
new file mode 100644
index 000000000..9378d7869
--- /dev/null
+++ b/libre/linux-libre-pae/0002-exec-Fix-mem-leak-in-kernel_read_file.patch
@@ -0,0 +1,49 @@
+From 27e47a912be60a699de9b06679b90621f2a8cdb5 Mon Sep 17 00:00:00 2001
+From: YueHaibing <yuehaibing@huawei.com>
+Date: Tue, 19 Feb 2019 10:10:38 +0800
+Subject: [PATCH 2/2] exec: Fix mem leak in kernel_read_file
+
+syzkaller report this:
+BUG: memory leak
+unreferenced object 0xffffc9000488d000 (size 9195520):
+  comm "syz-executor.0", pid 2752, jiffies 4294787496 (age 18.757s)
+  hex dump (first 32 bytes):
+    ff ff ff ff ff ff ff ff a8 00 00 00 01 00 00 00  ................
+    02 00 00 00 00 00 00 00 80 a1 7a c1 ff ff ff ff  ..........z.....
+  backtrace:
+    [<000000000863775c>] __vmalloc_node mm/vmalloc.c:1795 [inline]
+    [<000000000863775c>] __vmalloc_node_flags mm/vmalloc.c:1809 [inline]
+    [<000000000863775c>] vmalloc+0x8c/0xb0 mm/vmalloc.c:1831
+    [<000000003f668111>] kernel_read_file+0x58f/0x7d0 fs/exec.c:924
+    [<000000002385813f>] kernel_read_file_from_fd+0x49/0x80 fs/exec.c:993
+    [<0000000011953ff1>] __do_sys_finit_module+0x13b/0x2a0 kernel/module.c:3895
+    [<000000006f58491f>] do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290
+    [<00000000ee78baf4>] entry_SYSCALL_64_after_hwframe+0x49/0xbe
+    [<00000000241f889b>] 0xffffffffffffffff
+
+It should goto 'out_free' lable to free allocated buf while kernel_read
+fails.
+
+Fixes: 39d637af5aa7 ("vfs: forbid write access when reading a file into memory")
+Signed-off-by: YueHaibing <yuehaibing@huawei.com>
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+---
+ fs/exec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fs/exec.c b/fs/exec.c
+index fc281b738a98..20c33029a062 100644
+--- a/fs/exec.c
++++ b/fs/exec.c
+@@ -929,7 +929,7 @@ int kernel_read_file(struct file *file, void **buf, loff_t *size,
+ 		bytes = kernel_read(file, *buf + pos, i_size - pos, &pos);
+ 		if (bytes < 0) {
+ 			ret = bytes;
+-			goto out;
++			goto out_free;
+ 		}
+ 
+ 		if (bytes == 0)
+-- 
+2.21.0
+
diff --git a/libre/linux-libre-pae/PKGBUILD b/libre/linux-libre-pae/PKGBUILD
index 979011c1f..7c34378ae 100644
--- a/libre/linux-libre-pae/PKGBUILD
+++ b/libre/linux-libre-pae/PKGBUILD
@@ -11,7 +11,7 @@
 
 pkgbase=linux-libre-pae
 _srcbasever=4.20-gnu
-_srcver=4.20.11-gnu
+_srcver=4.20.13-gnu
 
 _replacesarchkernel=('linux%') # '%' gets replaced with _kernelname
 _replacesoldkernels=() # '%' gets replaced with _kernelname
@@ -22,7 +22,7 @@ _archpkgver=${_srcver%-*}
 pkgver=${_srcver//-/_}
 pkgrel=1
 arch=(i686)
-url="https://linux-libre.fsfla.org/"
+url='https://linux-libre.fsfla.org/'
 license=(GPL2)
 makedepends=(xmlto kmod inetutils bc libelf python-sphinx graphviz)
 options=('!strip')
@@ -33,15 +33,16 @@ source=(
   "https://repo.parabola.nu/other/linux-libre/logos/logo_linux_mono.pbm"{,.sig}
   "https://repo.parabola.nu/other/linux-libre/logos/logo_linux_vga16.ppm"{,.sig}
   # the main kernel config file
-  'config'
+  config
   # pacman hooks for depmod and initramfs regeneration
-  '60-linux.hook' '90-linux.hook'
+  60-linux.hook 90-linux.hook
   # standard config files for mkinitcpio ramdisk
-  'linux.preset'
+  linux.preset
   # other patches
-  '0001-usb-serial-gadget-no-TTY-hangup-on-USB-disconnect-WI.patch'
-  '0002-fix-Atmel-maXTouch-touchscreen-support.patch'
-  '0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch'
+  0001-usb-serial-gadget-no-TTY-hangup-on-USB-disconnect-WI.patch
+  0002-fix-Atmel-maXTouch-touchscreen-support.patch
+  0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
+  0002-exec-Fix-mem-leak-in-kernel_read_file.patch
 )
 validpgpkeys=(
   '474402C8C582DAFBE389C427BCB7CF877E7D47A7' # Alexandre Oliva
@@ -49,7 +50,7 @@ validpgpkeys=(
 )
 sha512sums=('a4a0a25fd490c051deb32ff84ba51e8807bfc8db1ad46c22c7807e9be2e5db5e1c22c211e47fca2509d5d75d64626fb28e9bbc8ccadc565f27fe9c8e47e12dc4'
             'SKIP'
-            '3cb387665734be799f3c833939f0938e17216f08aff5113a85a845dcf382d997f3574e8ea30c0fb6d5e85295106a347324c3b50858939d4568b6fa25c40a05ff'
+            'bea80ca53fef50f0987c0954653bb116770088c449bef2cf85049f45dd0c55cd38a7a33b769c8ad6b4127bd071ff8502f8e8f479df828cc641dbc0e8a7cc2d0e'
             'SKIP'
             '13cb5bc42542e7b8bb104d5f68253f6609e463b6799800418af33eb0272cc269aaa36163c3e6f0aacbdaaa1d05e2827a4a7c4a08a029238439ed08b89c564bb3'
             'SKIP'
@@ -57,13 +58,14 @@ sha512sums=('a4a0a25fd490c051deb32ff84ba51e8807bfc8db1ad46c22c7807e9be2e5db5e1c2
             'SKIP'
             '7a3716bfe3b9f546da309c7492f3e08f8f506813afeb1c737a474c83313d5c313cf4582b65215c2cfce3b74d9d1021c96e8badafe8f6e5b01fe28d2b5c61ae78'
             'SKIP'
-            'c2219cdb529725555b26f9ef64264772a8da1fc36dd608248fec80c9fddadad6ab41bf207e9355967beabb0a1116313d1f5c124a9b258f23bee1b4445ac41b29'
+            '16ba533134479ddef45a04bbe3137447c9229a4443efed4ff6948ee89c7ebcf7f8412aade03f2890d7c60a5e75e6610eb19c537139eea3452a491d2d391258d4'
             '7ad5be75ee422dda3b80edd2eb614d8a9181e2c8228cd68b3881e2fb95953bf2dea6cbe7900ce1013c9de89b2802574b7b24869fc5d7a95d3cc3112c4d27063a'
             '4a8b324aee4cccf3a512ad04ce1a272d14e5b05c8de90feb82075f55ea3845948d817e1b0c6f298f5816834ddd3e5ce0a0e2619866289f3c1ab8fd2f35f04f44'
             '2dc6b0ba8f7dbf19d2446c5c5f1823587de89f4e28e9595937dd51a87755099656f2acec50e3e2546ea633ad1bfd1c722e0c2b91eef1d609103d8abdc0a7cbaf'
             '02af4dd2a007e41db0c63822c8ab3b80b5d25646af1906dc85d0ad9bb8bbf5236f8e381d7f91cf99ed4b0978c50aee37cb9567cdeef65b7ec3d91b882852b1af'
             'b8fe56e14006ab866970ddbd501c054ae37186ddc065bb869cf7d18db8c0d455118d5bda3255fb66a0dde38b544655cfe9040ffe46e41d19830b47959b2fb168'
-            '9d24dff68a11aee6b5f1b6b003b27603a8c431e76c3cb638e852cd8c0ccd2a298b1116bbad0dc816e9de7d987dcf329a5d250673067ec125760eee543f65eed5')
+            '26f3f19cf7bd5f57f74f295c7b35bcdfc40214267b982008a5198e3a18500c21ed25dafee9d607a6848b27b803ff03643c5a0d899341df7e74de43e3fd11b92a'
+            'ba32e552f49906b88c4e6115f76c95fb710703e51acd361dcfc0284db2ea48cefa66dff36d7e429aabae56ba82763654417558c294ccea3a6e5c03deea93db71')
 
 _kernelname=${pkgbase#linux-libre}
 _replacesarchkernel=("${_replacesarchkernel[@]/\%/${_kernelname}}")
@@ -82,8 +84,9 @@ prepare() {
   install -m644 -t drivers/video/logo \
     ../logo_linux_{clut224.ppm,vga16.ppm,mono.pbm}
 
-  # Arch's linux patches
+  # add Arch patches
   patch -p1 -i ../0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
+  patch -p1 -i ../0002-exec-Fix-mem-leak-in-kernel_read_file.patch
 
   # maintain the TTY over USB disconnects
   # http://www.coreboot.org/EHCI_Gadget_Debug
@@ -124,22 +127,19 @@ _package() {
   install=linux.install
 
   local kernver="$(<version)"
+  local modulesdir="$pkgdir/usr/lib/modules/$kernver"
 
   cd $_srcname
 
   msg2 "Installing boot image..."
-  local image="$pkgdir/boot/vmlinuz-$pkgbase"
-  install -Dm644 "$(make -s image_name)" "$image"
+  # systemd expects to find the kernel here to allow hibernation
+  # https://github.com/systemd/systemd/commit/edda44605f06a41fb86b7ab8128dcf99161d2344
+  install -Dm644 "$(make -s image_name)" "$modulesdir/vmlinuz"
+  install -Dm644 "$modulesdir/vmlinuz" "$pkgdir/boot/vmlinuz-$pkgbase"
 
   msg2 "Installing modules..."
-  local modulesdir="$pkgdir/usr/lib/modules/$kernver"
-  mkdir -p "$modulesdir"
   make INSTALL_MOD_PATH="$pkgdir/usr" modules_install
 
-  # systemd expects to find the kernel here to allow hibernation
-  # https://github.com/systemd/systemd/commit/edda44605f06a41fb86b7ab8128dcf99161d2344
-  ln -sr "$image" "$modulesdir/vmlinuz"
-
   # a place for external modules,
   # with version file for building modules and running depmod from hook
   local extramodules="extramodules$_kernelname"
@@ -261,7 +261,7 @@ _package-docs() {
   provides=("${_replacesarchkernel[@]/%/-docs=${_archpkgver}}")
   conflicts=("${_replacesarchkernel[@]/%/-docs}" "${_replacesoldkernels[@]/%/-docs}")
   replaces=("${_replacesarchkernel[@]/%/-docs}" "${_replacesoldkernels[@]/%/-docs}")
-  
+
   local builddir="$pkgdir/usr/lib/modules/$(<version)/build"
 
   cd $_srcname
diff --git a/libre/linux-libre-pae/config b/libre/linux-libre-pae/config
index 3d54772e0..ebf55c457 100644
--- a/libre/linux-libre-pae/config
+++ b/libre/linux-libre-pae/config
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.20.11-gnu Kernel Configuration
+# Linux/x86 4.20.13-gnu Kernel Configuration
 #
 
 #
@@ -4918,7 +4918,6 @@ CONFIG_MFD_AS3711=y
 CONFIG_MFD_AS3722=m
 CONFIG_PMIC_ADP5520=y
 CONFIG_MFD_AAT2870_CORE=y
-CONFIG_MFD_AT91_USART=m
 CONFIG_MFD_ATMEL_FLEXCOM=m
 CONFIG_MFD_ATMEL_HLCDC=m
 CONFIG_MFD_BCM590XX=m
-- 
cgit v1.2.3