From edad6f7a1d7edae91d8af0cc5dbfca21620b976b Mon Sep 17 00:00:00 2001 From: Kevin Mihelich Date: Tue, 2 Feb 2016 02:43:48 +0000 Subject: [PATCH] core/linux-armv7 to 4.4.1-1 --- core/linux-armv7/PKGBUILD | 18 ++--- core/linux-armv7/config | 12 +-- core/linux-armv7/kernel-CVE-2016-0728.patch | 81 --------------------- 3 files changed, 10 insertions(+), 101 deletions(-) delete mode 100644 core/linux-armv7/kernel-CVE-2016-0728.patch diff --git a/core/linux-armv7/PKGBUILD b/core/linux-armv7/PKGBUILD index 8cef80d9e..141886e46 100644 --- a/core/linux-armv7/PKGBUILD +++ b/core/linux-armv7/PKGBUILD @@ -7,16 +7,16 @@ pkgbase=linux-armv7 _srcname=linux-4.4 _kernelname=${pkgbase#linux} _desc="ARMv7 multi-platform" -pkgver=4.4.0 -pkgrel=5 -rcnrel=armv7-x4 +pkgver=4.4.1 +pkgrel=1 +rcnrel=armv7-x5 arch=('armv7h') url="http://www.kernel.org/" license=('GPL2') makedepends=('xmlto' 'docbook-xsl' 'kmod' 'inetutils' 'bc' 'git' 'uboot-tools' 'vboot-utils' 'dtc') options=('!strip') source=("http://www.kernel.org/pub/linux/kernel/v4.x/${_srcname}.tar.xz" - #"http://www.kernel.org/pub/linux/kernel/v4.x/patch-${pkgver}.xz" + "http://www.kernel.org/pub/linux/kernel/v4.x/patch-${pkgver}.xz" "http://rcn-ee.com/deb/sid-armhf/v${pkgver}-${rcnrel}/patch-${pkgver%.0}-${rcnrel}.diff.gz" '0001-ARM-atags-add-support-for-Marvell-s-u-boot.patch' '0002-ARM-atags-fdt-retrieve-MAC-addresses-from-Marvell-bo.patch' @@ -27,14 +27,14 @@ source=("http://www.kernel.org/pub/linux/kernel/v4.x/${_srcname}.tar.xz" '0007-set-default-cubietruck-led-triggers.patch' '0008-USB-armory-support.patch' '0009-ARM-dts-dove-add-Dove-divider-clocks.patch' - 'kernel-CVE-2016-0728.patch' 'config' 'cmdline' 'kernel.its' 'kernel.keyblock' 'kernel_data_key.vbprivk') md5sums=('9a78fa2eb6c68ca5a40ed5af08142599' - 'fba9d6977e96844eac77c43c7fa4460b' + 'd9e951895c8c249f0bf52d85f3e63bce' + '660a513580e23924133dfa2555014144' '57a686c6674aa9896a590181ac15bdd4' 'd589f8eb618b9e4b15d06d61482b6925' 'f973d396510cfd28a9e0024693d5caa7' @@ -44,8 +44,7 @@ md5sums=('9a78fa2eb6c68ca5a40ed5af08142599' 'a43cc24e0fc27caf96b03a7895dc6543' '47a9efe2f0114b099662706a5c4d45e5' 'cc8885354fd6ce2bb63722a34c4d383a' - '6470e9783bd1c7a8feddc2d67f07afd5' - '923c8afaecdbadcff8a5f98bb65f5a94' + 'ccc0f70e74df8e54b8056a4963efca23' '1813b39074d01af6548951764a0f6444' 'cb2cdd34d6ea18a1411045413d8d18ef' '61c5ff73c136ed07a7aadbf58db3d96a' @@ -55,7 +54,7 @@ prepare() { cd "${srcdir}/${_srcname}" # add upstream patch - #git apply --whitespace=nowarn ../patch-${pkgver} + git apply --whitespace=nowarn ../patch-${pkgver} # RCN patch git apply ../patch-${pkgver%.0}-${rcnrel}.diff @@ -70,7 +69,6 @@ prepare() { git apply ../0007-set-default-cubietruck-led-triggers.patch git apply ../0008-USB-armory-support.patch git apply ../0009-ARM-dts-dove-add-Dove-divider-clocks.patch - git apply ../kernel-CVE-2016-0728.patch cat "${srcdir}/config" > ./.config diff --git a/core/linux-armv7/config b/core/linux-armv7/config index 8d5b6e314..9fab58bce 100644 --- a/core/linux-armv7/config +++ b/core/linux-armv7/config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm 4.4.0-5 Kernel Configuration +# Linux/arm 4.4.1-1 Kernel Configuration # CONFIG_ARM=y CONFIG_ARM_HAS_SG_CHAIN=y @@ -781,7 +781,6 @@ CONFIG_CPU_FREQ_GOV_CONSERVATIVE=y # CPU frequency scaling drivers # CONFIG_CPUFREQ_DT=y -CONFIG_CPUFREQ_VOLTDM=y CONFIG_ARM_BIG_LITTLE_CPUFREQ=y CONFIG_ARM_DT_BL_CPUFREQ=y CONFIG_ARM_VEXPRESS_SPC_CPUFREQ=y @@ -3232,8 +3231,7 @@ CONFIG_HW_CONSOLE=y CONFIG_VT_HW_CONSOLE_BINDING=y CONFIG_UNIX98_PTYS=y CONFIG_DEVPTS_MULTIPLE_INSTANCES=y -CONFIG_LEGACY_PTYS=y -CONFIG_LEGACY_PTY_COUNT=256 +# CONFIG_LEGACY_PTYS is not set # CONFIG_SERIAL_NONSTANDARD is not set CONFIG_NOZOMI=m CONFIG_N_GSM=m @@ -3735,12 +3733,6 @@ CONFIG_POWER_RESET_SYSCON=y CONFIG_POWER_RESET_SYSCON_POWEROFF=y CONFIG_POWER_AVS=y CONFIG_ROCKCHIP_IODOMAIN=y -CONFIG_VOLTAGE_DOMAIN=y - -# -# Voltage Domain Framework Drivers -# -CONFIG_VOLTAGE_DOMAIN_OMAP=y CONFIG_HWMON=y CONFIG_HWMON_VID=m # CONFIG_HWMON_DEBUG_CHIP is not set diff --git a/core/linux-armv7/kernel-CVE-2016-0728.patch b/core/linux-armv7/kernel-CVE-2016-0728.patch deleted file mode 100644 index 49020d7db..000000000 --- a/core/linux-armv7/kernel-CVE-2016-0728.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 23567fd052a9abb6d67fe8e7a9ccdd9800a540f2 Mon Sep 17 00:00:00 2001 -From: Yevgeny Pats -Date: Tue, 19 Jan 2016 22:09:04 +0000 -Subject: KEYS: Fix keyring ref leak in join_session_keyring() - -This fixes CVE-2016-0728. - -If a thread is asked to join as a session keyring the keyring that's already -set as its session, we leak a keyring reference. - -This can be tested with the following program: - - #include - #include - #include - #include - - int main(int argc, const char *argv[]) - { - int i = 0; - key_serial_t serial; - - serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, - "leaked-keyring"); - if (serial < 0) { - perror("keyctl"); - return -1; - } - - if (keyctl(KEYCTL_SETPERM, serial, - KEY_POS_ALL | KEY_USR_ALL) < 0) { - perror("keyctl"); - return -1; - } - - for (i = 0; i < 100; i++) { - serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, - "leaked-keyring"); - if (serial < 0) { - perror("keyctl"); - return -1; - } - } - - return 0; - } - -If, after the program has run, there something like the following line in -/proc/keys: - -3f3d898f I--Q--- 100 perm 3f3f0000 0 0 keyring leaked-keyring: empty - -with a usage count of 100 * the number of times the program has been run, -then the kernel is malfunctioning. If leaked-keyring has zero usages or -has been garbage collected, then the problem is fixed. - -Reported-by: Yevgeny Pats -Signed-off-by: David Howells -Acked-by: Don Zickus -Acked-by: Prarit Bhargava -Acked-by: Jarod Wilson -Signed-off-by: James Morris ---- - security/keys/process_keys.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c -index a3f85d2..e6d50172 100644 ---- a/security/keys/process_keys.c -+++ b/security/keys/process_keys.c -@@ -794,6 +794,7 @@ long join_session_keyring(const char *name) - ret = PTR_ERR(keyring); - goto error2; - } else if (keyring == new->session_keyring) { -+ key_put(keyring); - ret = 0; - goto error2; - } --- -cgit v0.12 -