diff --git a/core/linux-mmp/PKGBUILD b/core/linux-mmp/PKGBUILD index a5f798f15..cfcdcc941 100644 --- a/core/linux-mmp/PKGBUILD +++ b/core/linux-mmp/PKGBUILD @@ -7,8 +7,8 @@ pkgbase=linux-mmp _srcname=linux-3.10 _kernelname=${pkgbase#linux} _desc="Marvell PXA168/MMP platforms" -pkgver=3.10.93 -pkgrel=2 +pkgver=3.10.95 +pkgrel=1 arch=('armv7h') url="https://github.com/Marvell-Semi/PXA168_kernel/tree/gplugd-dev" license=('GPL2') @@ -17,12 +17,10 @@ options=('!strip') source=("http://www.kernel.org/pub/linux/kernel/v3.x/${_srcname}.tar.xz" "http://www.kernel.org/pub/linux/kernel/v3.x/patch-${pkgver}.xz" 'http://archlinuxarm.org/builder/src/0001-Guruplug-Display-support.patch' - 'kernel-CVE-2016-0728.patch' 'config') md5sums=('4f25cd5bec5f8d5a7d935b3f2ccb8481' - 'c096f38d1c8960fbb77f05249808f198' + '460cdd4357501b316a38ad282ba92d96' 'abaf1ca25f914085c5c54b5ecdb2ca4e' - '6470e9783bd1c7a8feddc2d67f07afd5' 'e0df8b4bc3c48a4a05c4c60c5818abe6') prepare() { @@ -34,9 +32,6 @@ prepare() { # gplugd patch git apply --whitespace=nowarn ../0001-Guruplug-Display-support.patch - # CVE-2016-0728 - git apply ../kernel-CVE-2016-0728.patch - cat "${srcdir}/config" > ./.config # add pkgrel to extraversion diff --git a/core/linux-mmp/kernel-CVE-2016-0728.patch b/core/linux-mmp/kernel-CVE-2016-0728.patch deleted file mode 100644 index 49020d7db..000000000 --- a/core/linux-mmp/kernel-CVE-2016-0728.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 23567fd052a9abb6d67fe8e7a9ccdd9800a540f2 Mon Sep 17 00:00:00 2001 -From: Yevgeny Pats -Date: Tue, 19 Jan 2016 22:09:04 +0000 -Subject: KEYS: Fix keyring ref leak in join_session_keyring() - -This fixes CVE-2016-0728. - -If a thread is asked to join as a session keyring the keyring that's already -set as its session, we leak a keyring reference. - -This can be tested with the following program: - - #include - #include - #include - #include - - int main(int argc, const char *argv[]) - { - int i = 0; - key_serial_t serial; - - serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, - "leaked-keyring"); - if (serial < 0) { - perror("keyctl"); - return -1; - } - - if (keyctl(KEYCTL_SETPERM, serial, - KEY_POS_ALL | KEY_USR_ALL) < 0) { - perror("keyctl"); - return -1; - } - - for (i = 0; i < 100; i++) { - serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, - "leaked-keyring"); - if (serial < 0) { - perror("keyctl"); - return -1; - } - } - - return 0; - } - -If, after the program has run, there something like the following line in -/proc/keys: - -3f3d898f I--Q--- 100 perm 3f3f0000 0 0 keyring leaked-keyring: empty - -with a usage count of 100 * the number of times the program has been run, -then the kernel is malfunctioning. If leaked-keyring has zero usages or -has been garbage collected, then the problem is fixed. - -Reported-by: Yevgeny Pats -Signed-off-by: David Howells -Acked-by: Don Zickus -Acked-by: Prarit Bhargava -Acked-by: Jarod Wilson -Signed-off-by: James Morris ---- - security/keys/process_keys.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c -index a3f85d2..e6d50172 100644 ---- a/security/keys/process_keys.c -+++ b/security/keys/process_keys.c -@@ -794,6 +794,7 @@ long join_session_keyring(const char *name) - ret = PTR_ERR(keyring); - goto error2; - } else if (keyring == new->session_keyring) { -+ key_put(keyring); - ret = 0; - goto error2; - } --- -cgit v0.12 -