Date: Thursday, February 28, 2013 @ 19:41:03 Author: tpowa Revision: 178913
upgpkg: linux 3.8.1-1 bump to latest version Modified: linux/trunk/PKGBUILD linux/trunk/linux.install Deleted: linux/trunk/CVE-2013-1763.patch linux/trunk/fat-3.6.x.patch ---------------------+ CVE-2013-1763.patch | 35 ----------------------------------- PKGBUILD | 27 +++++++++++---------------- fat-3.6.x.patch | 33 --------------------------------- linux.install | 2 +- 4 files changed, 12 insertions(+), 85 deletions(-) Deleted: CVE-2013-1763.patch =================================================================== --- CVE-2013-1763.patch 2013-02-28 18:37:56 UTC (rev 178912) +++ CVE-2013-1763.patch 2013-02-28 18:41:03 UTC (rev 178913) @@ -1,35 +0,0 @@ -From 6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0 Mon Sep 17 00:00:00 2001 -From: Mathias Krause <mini...@googlemail.com> -Date: Sat, 23 Feb 2013 01:13:47 +0000 -Subject: [PATCH] sock_diag: Fix out-of-bounds access to sock_diag_handlers[] - -Userland can send a netlink message requesting SOCK_DIAG_BY_FAMILY -with a family greater or equal then AF_MAX -- the array size of -sock_diag_handlers[]. The current code does not test for this -condition therefore is vulnerable to an out-of-bound access opening -doors for a privilege escalation. - -Signed-off-by: Mathias Krause <mini...@googlemail.com> -Acked-by: Eric Dumazet <eduma...@google.com> -Signed-off-by: David S. Miller <da...@davemloft.net> ---- - net/core/sock_diag.c | 3 +++ - 1 files changed, 3 insertions(+), 0 deletions(-) - -diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c -index 602cd63..750f44f 100644 ---- a/net/core/sock_diag.c -+++ b/net/core/sock_diag.c -@@ -121,6 +121,9 @@ static int __sock_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) - if (nlmsg_len(nlh) < sizeof(*req)) - return -EINVAL; - -+ if (req->sdiag_family >= AF_MAX) -+ return -EINVAL; -+ - hndl = sock_diag_lock_handler(req->sdiag_family); - if (hndl == NULL) - err = -ENOENT; --- -1.7.6.5 - Modified: PKGBUILD =================================================================== --- PKGBUILD 2013-02-28 18:37:56 UTC (rev 178912) +++ PKGBUILD 2013-02-28 18:41:03 UTC (rev 178913) @@ -5,27 +5,20 @@ pkgbase=linux # Build stock -ARCH kernel #pkgbase=linux-custom # Build kernel with a different name _srcname=linux-3.8 -pkgver=3.8 -pkgrel=2 +pkgver=3.8.1 +pkgrel=1 arch=('i686' 'x86_64') url="http://www.kernel.org/" license=('GPL2') makedepends=('xmlto' 'docbook-xsl') options=('!strip') source=("http://www.kernel.org/pub/linux/kernel/v3.x/${_srcname}.tar.xz" - #"http://www.kernel.org/pub/linux/kernel/v3.x/patch-${pkgver}.xz" + "http://www.kernel.org/pub/linux/kernel/v3.x/patch-${pkgver}.xz" # the main kernel config files 'config' 'config.x86_64' # standard config files for mkinitcpio ramdisk 'linux.preset' - 'change-default-console-loglevel.patch' - 'CVE-2013-1763.patch') -md5sums=('1c738edfc54e7c65faeb90c436104e2f' - '9710fb1b1e08eb1fc5214dc2fb34ebcc' - '03b1dad90f3558dba3031901398c1ca4' - 'eb14dcfd80c00852ef81ded6e826826a' - '9d3c56a4b999c8bfbd4018089a62f662' - '420991808fe4cba143013427c0737aa9') + 'change-default-console-loglevel.patch') _kernelname=${pkgbase#linux} @@ -33,15 +26,11 @@ cd "${srcdir}/${_srcname}" # add upstream patch - # patch -p1 -i "${srcdir}/patch-${pkgver}" + patch -p1 -i "${srcdir}/patch-${pkgver}" # add latest fixes from stable queue, if needed # http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git - # Fix security vulnetability CVE-2013-1763.patch - # https://bugs.archlinux.org/task/34005 - patch -Np1 -i "${srcdir}/CVE-2013-1763.patch" - # set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param) # remove this when a Kconfig knob is made available by upstream # (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227) @@ -321,3 +310,9 @@ done # vim:set ts=8 sts=2 sw=2 et: +md5sums=('1c738edfc54e7c65faeb90c436104e2f' + '50a68679086c346dddb34dedccfae7ee' + '307107a8b15060e6fc0e48bdaacaed06' + '03b1dad90f3558dba3031901398c1ca4' + 'eb14dcfd80c00852ef81ded6e826826a' + '9d3c56a4b999c8bfbd4018089a62f662') Deleted: fat-3.6.x.patch =================================================================== --- fat-3.6.x.patch 2013-02-28 18:37:56 UTC (rev 178912) +++ fat-3.6.x.patch 2013-02-28 18:41:03 UTC (rev 178913) @@ -1,33 +0,0 @@ -From: Dave Reisner <dreis...@archlinux.org> -Date: Thu, 29 Nov 2012 03:18:52 +0000 (+1100) -Subject: fs/fat: strip "cp" prefix from codepage in display -X-Git-Tag: next-20121130~1^2~97 -X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fnext%2Flinux-next.git;a=commitdiff_plain;h=f15914873184cc3f2a8d590fa4f7e32ab0a8a405 - -fs/fat: strip "cp" prefix from codepage in display - -Option parsing code expects an unsigned integer for the codepage option, -but prefixes and stores this option with "cp" before passing to -load_nls(). This makes the displayed option in /proc an invalid one. -Strip the prefix when printing so that the displayed option is valid for -reuse. - -Signed-off-by: Dave Reisner <dreis...@archlinux.org> -Acked-by: OGAWA Hirofumi <hirof...@mail.parknet.co.jp> -Signed-off-by: Andrew Morton <a...@linux-foundation.org> ---- - -diff --git a/fs/fat/inode.c b/fs/fat/inode.c -index 3b733a7..3580681 100644 ---- a/fs/fat/inode.c -+++ b/fs/fat/inode.c -@@ -726,7 +726,8 @@ static int fat_show_options(struct seq_file *m, struct dentry *root) - if (opts->allow_utime) - seq_printf(m, ",allow_utime=%04o", opts->allow_utime); - if (sbi->nls_disk) -- seq_printf(m, ",codepage=%s", sbi->nls_disk->charset); -+ /* strip "cp" prefix from displayed option */ -+ seq_printf(m, ",codepage=%s", &sbi->nls_disk->charset[2]); - if (isvfat) { - if (sbi->nls_io) - seq_printf(m, ",iocharset=%s", sbi->nls_io->charset); Modified: linux.install =================================================================== --- linux.install 2013-02-28 18:37:56 UTC (rev 178912) +++ linux.install 2013-02-28 18:41:03 UTC (rev 178913) @@ -2,7 +2,7 @@ # arg 2: the old package version KERNEL_NAME= -KERNEL_VERSION=3.8.0-2-ARCH +KERNEL_VERSION=3.8.1-1-ARCH # set a sane PATH to ensure that critical utils like depmod will be found export PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'