[arch-commits] Commit in linux/trunk (11 files)
Date: Friday, January 19, 2018 @ 18:50:16
Author: heftig
Revision: 315156
4.14.14-1
Added:
linux/trunk/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
(from rev 314310,
linux/trunk/0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch)
linux/trunk/0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
(from rev 314310,
linux/trunk/0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch)
linux/trunk/0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
(from rev 314310,
linux/trunk/0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch)
Modified:
linux/trunk/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
linux/trunk/PKGBUILD
linux/trunk/config
Deleted:
linux/trunk/0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch
linux/trunk/0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
linux/trunk/0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
linux/trunk/0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
linux/trunk/0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
-+
0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch | 12 -
0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch | 57 +
0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch | 75 --
0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch | 57 -
0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch | 49
0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch | 42 +++
0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch | 49
0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch | 114
--
0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch | 42 ---
PKGBUILD| 36 +--
config |4
11 files changed, 170 insertions(+), 367 deletions(-)
Modified: 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
===
--- 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
2018-01-19 18:50:03 UTC (rev 315155)
+++ 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
2018-01-19 18:50:16 UTC (rev 315156)
@@ -1,8 +1,8 @@
-From 0b716bdb952b678d9bb5eb32198dbc82ec492df2 Mon Sep 17 00:00:00 2001
-Message-Id:
<0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steff...@gmail.com>
+From 4e54373158caa50df5402fdd3db1794c5394026b Mon Sep 17 00:00:00 2001
+Message-Id:
<4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steff...@gmail.com>
From: Serge Hallyn
Date: Fri, 31 May 2013 19:12:12 +0100
-Subject: [PATCH 1/6] add sysctl to disallow unprivileged CLONE_NEWUSER by
+Subject: [PATCH 1/4] add sysctl to disallow unprivileged CLONE_NEWUSER by
default
Signed-off-by: Serge Hallyn
@@ -15,7 +15,7 @@
3 files changed, 30 insertions(+)
diff --git a/kernel/fork.c b/kernel/fork.c
-index 500ce64517d93e68..35f5860958b40e9b 100644
+index 500ce64517d9..35f5860958b4 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -102,6 +102,11 @@
@@ -55,7 +55,7 @@
if (err)
goto bad_unshare_out;
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
-index 56aca862c4f584f5..e8402ba393c1915d 100644
+index 56aca862c4f5..e8402ba393c1 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -105,6 +105,9 @@ extern int core_uses_pid;
@@ -85,7 +85,7 @@
{
.procname = "tainted",
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
-index c490f1e4313b998a..dd03bd39d7bf194d 100644
+index c490f1e4313b..dd03bd39d7bf 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
@@ -24,6 +24,9 @@
Copied: linux/trunk/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
(from rev 314310,
linux/trunk/0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch)
===
--- 0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
(rev 0)
+++ 0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch 2018-01-19
18:50:16 UTC (rev 315156)
@@ -0,0 +1,57 @@
+From 8514970bf07bd1cc522f50e882e0159a51a39264 Mon Sep 17 00:00:00 2001
+Message-Id:
<8514970bf07bd1cc522f50e882e0159a51a39264.1516188238.git.jan.steff...@gmail.com>
+In-Reply-To:
<4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steff...@gmail.com>
+References:
<4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steff...@gmail.com>
+From: Mohamed Ghannam
+Date: Tue, 5 Dec 2017 20:58:35 +
+Subject: [PATCH 2/4] dccp: CVE-2017-8824: use-after-free in DCCP code
+
+Whenever the sock object is in DCCP_CLOSED state,
+dccp_disconnect() must free dccps_hc_tx_ccid and
+dc
[arch-commits] Commit in linux/trunk (11 files)
Date: Friday, January 5, 2018 @ 22:24:00 Author: heftig Revision: 314107 4.14.12-1 Added: linux/trunk/0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch (from rev 313949, linux/trunk/0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch) linux/trunk/0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch (from rev 313949, linux/trunk/0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch) linux/trunk/0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch Modified: linux/trunk/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch linux/trunk/0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch linux/trunk/0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch linux/trunk/PKGBUILD Deleted: linux/trunk/0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch linux/trunk/0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch linux/trunk/0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch linux/trunk/0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch -+ 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch |6 0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch | 10 0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch | 10 0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch | 74 -- 0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch | 49 0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch | 114 ++ 0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch | 49 0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch | 114 -- 0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch | 42 +++ 0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch | 42 --- PKGBUILD| 33 +- 11 files changed, 233 insertions(+), 310 deletions(-) Modified: 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch === --- 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch 2018-01-05 20:54:08 UTC (rev 314106) +++ 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch 2018-01-05 22:24:00 UTC (rev 314107) @@ -1,8 +1,8 @@ -From fb89d912d5f7289d3a922c77b671e36e1c740f5e Mon Sep 17 00:00:00 2001 -Message-Id: +From 0b716bdb952b678d9bb5eb32198dbc82ec492df2 Mon Sep 17 00:00:00 2001 +Message-Id: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steff...@gmail.com> From: Serge Hallyn Date: Fri, 31 May 2013 19:12:12 +0100 -Subject: [PATCH 1/7] add sysctl to disallow unprivileged CLONE_NEWUSER by +Subject: [PATCH 1/6] add sysctl to disallow unprivileged CLONE_NEWUSER by default Signed-off-by: Serge Hallyn Modified: 0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch === --- 0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch 2018-01-05 20:54:08 UTC (rev 314106) +++ 0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch 2018-01-05 22:24:00 UTC (rev 314107) @@ -1,10 +1,10 @@ -From 8c6956686606b9c3661e74a410c8cb2fc276c5ee Mon Sep 17 00:00:00 2001 -Message-Id: <8c6956686606b9c3661e74a410c8cb2fc276c5ee.1514959852.git.jan.steff...@gmail.com> -In-Reply-To: -References: +From e6a5e05524563626d14c1745619e37e79cb5a3a7 Mon Sep 17 00:00:00 2001 +Message-Id: +In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steff...@gmail.com> +References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steff...@gmail.com> From: Benjamin Poirier Date: Mon, 11 Dec 2017 16:26:40 +0900 -Subject: [PATCH 2/7] e1000e: Fix e1000_check_for_copper_link_ich8lan return +Subject: [PATCH 2/6] e1000e: Fix e1000_check_for_copper_link_ich8lan return value. e1000e_check_for_copper_link() and e1000_check_for_copper_link_ich8lan() Modified: 0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch === --- 0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch 2018-01-05 20:54:08 UTC (rev 314106) +++ 0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch 2018-01-05 22:24:00 UTC (rev 314107) @@ -1,10 +1,10 @@ -From b81e273fb227373a2951c7256ab11a87d5333a9d Mon Sep 17 00:00:00 2001 -Message-Id: -In-Reply-To: -References: +From e3fff011db7dd80d53b6bda48bcf2313918aa7a8 Mon Sep 17 00:00:00 2001 +Message-Id: +In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steff...@gmail.com> +References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steff...@gmail.com> From: Mohamed Ghannam Date: Tue, 5 Dec 2017 20:58:35 + -Subject: [PATCH 3/7] dccp: CVE-2017-8824: use-after-f
