From 9062beff66ee5c106bc7bf3645ff42b1928aec3e Mon Sep 17 00:00:00 2001
From: André Fabian Silva Delgado <emulatorman@lavabit.com>
Date: Mon, 25 Feb 2013 13:47:47 -0200
Subject: linux-libre-3.8-2: updating revision

* Add /usr/lib/systemd/systemd for tomoyo startup
* Fix security issue https://bugs.archlinux.org/task/34005
---
 libre/linux-libre/CVE-2013-1763.patch | 35 +++++++++++++++++++++++++++++++++++
 libre/linux-libre/PKGBUILD            | 20 +++++++++++++-------
 libre/linux-libre/config.i686         |  2 +-
 libre/linux-libre/config.x86_64       |  2 +-
 libre/linux-libre/linux-libre.install |  2 +-
 5 files changed, 51 insertions(+), 10 deletions(-)
 create mode 100644 libre/linux-libre/CVE-2013-1763.patch

(limited to 'libre/linux-libre')

diff --git a/libre/linux-libre/CVE-2013-1763.patch b/libre/linux-libre/CVE-2013-1763.patch
new file mode 100644
index 000000000..82b59a6dc
--- /dev/null
+++ b/libre/linux-libre/CVE-2013-1763.patch
@@ -0,0 +1,35 @@
+From 6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0 Mon Sep 17 00:00:00 2001
+From: Mathias Krause <minipli@googlemail.com>
+Date: Sat, 23 Feb 2013 01:13:47 +0000
+Subject: [PATCH] sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
+
+Userland can send a netlink message requesting SOCK_DIAG_BY_FAMILY
+with a family greater or equal then AF_MAX -- the array size of
+sock_diag_handlers[]. The current code does not test for this
+condition therefore is vulnerable to an out-of-bound access opening
+doors for a privilege escalation.
+
+Signed-off-by: Mathias Krause <minipli@googlemail.com>
+Acked-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+ net/core/sock_diag.c |    3 +++
+ 1 files changed, 3 insertions(+), 0 deletions(-)
+
+diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c
+index 602cd63..750f44f 100644
+--- a/net/core/sock_diag.c
++++ b/net/core/sock_diag.c
+@@ -121,6 +121,9 @@ static int __sock_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
+ 	if (nlmsg_len(nlh) < sizeof(*req))
+ 		return -EINVAL;
+ 
++	if (req->sdiag_family >= AF_MAX)
++		return -EINVAL;
++
+ 	hndl = sock_diag_lock_handler(req->sdiag_family);
+ 	if (hndl == NULL)
+ 		err = -ENOENT;
+-- 
+1.7.6.5
+
diff --git a/libre/linux-libre/PKGBUILD b/libre/linux-libre/PKGBUILD
index 6842b2712..15bb939d0 100644
--- a/libre/linux-libre/PKGBUILD
+++ b/libre/linux-libre/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 178342 2013-02-20 12:32:29Z tpowa $
+# $Id: PKGBUILD 178533 2013-02-25 11:02:32Z tpowa $
 # Maintainer: Tobias Powalowski <tpowa@archlinux.org>
 # Maintainer: Thomas Baechler <thomas@archlinux.org>
 # Maintainer (Parabola): Nicolás Reynolds <fauno@kiwwwi.com.ar>
@@ -13,7 +13,7 @@ _basekernel=3.8
 #_sublevel=9
 #pkgver=${_basekernel}.${_sublevel}
 pkgver=${_basekernel}
-pkgrel=1
+pkgrel=2
 #_lxopkgver=${_basekernel}.8 # nearly always the same as pkgver
 arch=('i686' 'x86_64' 'mips64el')
 url="http://linux-libre.fsfla.org/"
@@ -29,16 +29,18 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn
         'Kbuild'
         'Kbuild.platforms'
         'boot-logo.patch'
-        'change-default-console-loglevel.patch')
+        'change-default-console-loglevel.patch'
+        'CVE-2013-1763.patch')
         #"http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.bz2")
 md5sums=('84c2a77910932ffc7d958744ac9cf2f5'
-         'd0ceaebf20b53184c50e7f4980ed45d1'
-         '0b483b23413dbc451f2b041b9a475c03'
+         '101e798e00fd9b66a4c86cd30d28b844'
+         '5f3338af83af116b99746eb8a3ca65e4'
          'e49ac236dfeef709f91a3d993ea7b62c'
          '2967cecc3af9f954ccc822fd63dca6ff'
          '8267264d9a8966e57fdacd1fa1fc65c4'
          '04b21c79df0a952c22d681dd4f4562df'
-         '9d3c56a4b999c8bfbd4018089a62f662')
+         '9d3c56a4b999c8bfbd4018089a62f662'
+         '420991808fe4cba143013427c0737aa9')
 #if [ "$CARCH" != "mips64el" ]; then
 #    # Don't use the Loongson-specific patches on non-mips64el arches.
 #    unset source[${#source[@]}-1]
@@ -58,6 +60,10 @@ build() {
   # Add freedo as boot logo
   patch -Np1 -i "${srcdir}/boot-logo.patch"
 
+  # Fix security vulnetability CVE-2013-1763.patch
+  # https://bugs.archlinux.org/task/34005
+  patch -Np1 -i "${srcdir}/CVE-2013-1763.patch"
+
   # set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param)
   # remove this when a Kconfig knob is made available by upstream
   # (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227)
@@ -246,7 +252,7 @@ _package-headers() {
 
   mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/include"
 
-  for i in acpi asm-generic config crypto drm generated linux math-emu \
+  for i in acpi asm-generic config crypto drm generated keys linux math-emu \
     media net pcmcia scsi sound trace uapi video xen; do
     cp -a include/${i} "${pkgdir}/usr/src/linux-${_kernver}/include/"
   done
diff --git a/libre/linux-libre/config.i686 b/libre/linux-libre/config.i686
index 1491a2ff6..f6af7876a 100644
--- a/libre/linux-libre/config.i686
+++ b/libre/linux-libre/config.i686
@@ -5866,7 +5866,7 @@ CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048
 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024
 # CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set
 CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init"
-CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init"
+CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/usr/lib/systemd/systemd"
 CONFIG_SECURITY_APPARMOR=y
 CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0
 # CONFIG_SECURITY_YAMA is not set
diff --git a/libre/linux-libre/config.x86_64 b/libre/linux-libre/config.x86_64
index dcf662c3c..5818aa984 100644
--- a/libre/linux-libre/config.x86_64
+++ b/libre/linux-libre/config.x86_64
@@ -5639,7 +5639,7 @@ CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048
 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024
 # CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set
 CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init"
-CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init"
+CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/usr/lib/systemd/systemd"
 CONFIG_SECURITY_APPARMOR=y
 CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0
 # CONFIG_SECURITY_YAMA is not set
diff --git a/libre/linux-libre/linux-libre.install b/libre/linux-libre/linux-libre.install
index c94a54bcc..fb7fa81c2 100644
--- a/libre/linux-libre/linux-libre.install
+++ b/libre/linux-libre/linux-libre.install
@@ -2,7 +2,7 @@
 # arg 2:  the old package version
 
 KERNEL_NAME=
-KERNEL_VERSION=3.8.0-1-LIBRE
+KERNEL_VERSION=3.8.0-2-LIBRE
 
 # set a sane PATH to ensure that critical utils like depmod will be found
 export PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
-- 
cgit v1.2.3