[arch-commits] Commit in linux/trunk (11 files)
Date: Friday, January 19, 2018 @ 18:50:16 Author: heftig Revision: 315156 4.14.14-1 Added: linux/trunk/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch (from rev 314310, linux/trunk/0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch) linux/trunk/0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch (from rev 314310, linux/trunk/0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch) linux/trunk/0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch (from rev 314310, linux/trunk/0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch) Modified: linux/trunk/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch linux/trunk/PKGBUILD linux/trunk/config Deleted: linux/trunk/0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch linux/trunk/0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch linux/trunk/0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch linux/trunk/0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch linux/trunk/0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch -+ 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch | 12 - 0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch | 57 + 0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch | 75 -- 0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch | 57 - 0003-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch | 49 0004-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch | 42 +++ 0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch | 49 0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch | 114 -- 0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch | 42 --- PKGBUILD| 36 +-- config |4 11 files changed, 170 insertions(+), 367 deletions(-) Modified: 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch === --- 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch 2018-01-19 18:50:03 UTC (rev 315155) +++ 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch 2018-01-19 18:50:16 UTC (rev 315156) @@ -1,8 +1,8 @@ -From 0b716bdb952b678d9bb5eb32198dbc82ec492df2 Mon Sep 17 00:00:00 2001 -Message-Id: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steff...@gmail.com> +From 4e54373158caa50df5402fdd3db1794c5394026b Mon Sep 17 00:00:00 2001 +Message-Id: <4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steff...@gmail.com> From: Serge Hallyn Date: Fri, 31 May 2013 19:12:12 +0100 -Subject: [PATCH 1/6] add sysctl to disallow unprivileged CLONE_NEWUSER by +Subject: [PATCH 1/4] add sysctl to disallow unprivileged CLONE_NEWUSER by default Signed-off-by: Serge Hallyn @@ -15,7 +15,7 @@ 3 files changed, 30 insertions(+) diff --git a/kernel/fork.c b/kernel/fork.c -index 500ce64517d93e68..35f5860958b40e9b 100644 +index 500ce64517d9..35f5860958b4 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -102,6 +102,11 @@ @@ -55,7 +55,7 @@ if (err) goto bad_unshare_out; diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index 56aca862c4f584f5..e8402ba393c1915d 100644 +index 56aca862c4f5..e8402ba393c1 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -105,6 +105,9 @@ extern int core_uses_pid; @@ -85,7 +85,7 @@ { .procname = "tainted", diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index c490f1e4313b998a..dd03bd39d7bf194d 100644 +index c490f1e4313b..dd03bd39d7bf 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c @@ -24,6 +24,9 @@ Copied: linux/trunk/0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch (from rev 314310, linux/trunk/0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch) === --- 0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch (rev 0) +++ 0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch 2018-01-19 18:50:16 UTC (rev 315156) @@ -0,0 +1,57 @@ +From 8514970bf07bd1cc522f50e882e0159a51a39264 Mon Sep 17 00:00:00 2001 +Message-Id: <8514970bf07bd1cc522f50e882e0159a51a39264.1516188238.git.jan.steff...@gmail.com> +In-Reply-To: <4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steff...@gmail.com> +References: <4e54373158caa50df5402fdd3db1794c5394026b.1516188238.git.jan.steff...@gmail.com> +From: Mohamed Ghannam +Date: Tue, 5 Dec 2017 20:58:35 + +Subject: [PATCH 2/4] dccp: CVE-2017-8824: use-after-free in DCCP code + +Whenever the sock object is in DCCP_CLOSED state, +dccp_disconnect() must free dccps_hc_tx_ccid and +dc
[arch-commits] Commit in linux/trunk (11 files)
Date: Friday, January 5, 2018 @ 22:24:00 Author: heftig Revision: 314107 4.14.12-1 Added: linux/trunk/0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch (from rev 313949, linux/trunk/0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch) linux/trunk/0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch (from rev 313949, linux/trunk/0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch) linux/trunk/0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch Modified: linux/trunk/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch linux/trunk/0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch linux/trunk/0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch linux/trunk/PKGBUILD Deleted: linux/trunk/0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch linux/trunk/0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch linux/trunk/0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch linux/trunk/0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch -+ 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch |6 0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch | 10 0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch | 10 0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch | 74 -- 0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch | 49 0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch | 114 ++ 0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch | 49 0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch | 114 -- 0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch | 42 +++ 0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch | 42 --- PKGBUILD| 33 +- 11 files changed, 233 insertions(+), 310 deletions(-) Modified: 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch === --- 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch 2018-01-05 20:54:08 UTC (rev 314106) +++ 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch 2018-01-05 22:24:00 UTC (rev 314107) @@ -1,8 +1,8 @@ -From fb89d912d5f7289d3a922c77b671e36e1c740f5e Mon Sep 17 00:00:00 2001 -Message-Id: +From 0b716bdb952b678d9bb5eb32198dbc82ec492df2 Mon Sep 17 00:00:00 2001 +Message-Id: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steff...@gmail.com> From: Serge Hallyn Date: Fri, 31 May 2013 19:12:12 +0100 -Subject: [PATCH 1/7] add sysctl to disallow unprivileged CLONE_NEWUSER by +Subject: [PATCH 1/6] add sysctl to disallow unprivileged CLONE_NEWUSER by default Signed-off-by: Serge Hallyn Modified: 0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch === --- 0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch 2018-01-05 20:54:08 UTC (rev 314106) +++ 0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch 2018-01-05 22:24:00 UTC (rev 314107) @@ -1,10 +1,10 @@ -From 8c6956686606b9c3661e74a410c8cb2fc276c5ee Mon Sep 17 00:00:00 2001 -Message-Id: <8c6956686606b9c3661e74a410c8cb2fc276c5ee.1514959852.git.jan.steff...@gmail.com> -In-Reply-To: -References: +From e6a5e05524563626d14c1745619e37e79cb5a3a7 Mon Sep 17 00:00:00 2001 +Message-Id: +In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steff...@gmail.com> +References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steff...@gmail.com> From: Benjamin Poirier Date: Mon, 11 Dec 2017 16:26:40 +0900 -Subject: [PATCH 2/7] e1000e: Fix e1000_check_for_copper_link_ich8lan return +Subject: [PATCH 2/6] e1000e: Fix e1000_check_for_copper_link_ich8lan return value. e1000e_check_for_copper_link() and e1000_check_for_copper_link_ich8lan() Modified: 0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch === --- 0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch 2018-01-05 20:54:08 UTC (rev 314106) +++ 0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch 2018-01-05 22:24:00 UTC (rev 314107) @@ -1,10 +1,10 @@ -From b81e273fb227373a2951c7256ab11a87d5333a9d Mon Sep 17 00:00:00 2001 -Message-Id: -In-Reply-To: -References: +From e3fff011db7dd80d53b6bda48bcf2313918aa7a8 Mon Sep 17 00:00:00 2001 +Message-Id: +In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steff...@gmail.com> +References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steff...@gmail.com> From: Mohamed Ghannam Date: Tue, 5 Dec 2017 20:58:35 + -Subject: [PATCH 3/7] dccp: CVE-2017-8824: use-after-f