Commit a507a2b5 authored by abveritas's avatar abveritas

linux rebuild for security patch

parent ee003145
...@@ -3,12 +3,12 @@ ...@@ -3,12 +3,12 @@
# #
# maintainer abveritas@chakra-project.org # maintainer abveritas@chakra-project.org
_kver="3.7.6-1-CHAKRA" _kver="3.7.6-2-CHAKRA"
pkgname=acpi-call pkgname=acpi-call
_pkgname=acpi_call _pkgname=acpi_call
pkgver=1.0.0 pkgver=1.0.0
pkgrel=3 pkgrel=4
pkgdesc="A kernel module that enables you to call parameterless ACPI methods by writing the method name to /proc/acpi/call, e.g. to turn off discrete graphics card in a dual graphics environment (like NVIDIA Optimus)." pkgdesc="A kernel module that enables you to call parameterless ACPI methods by writing the method name to /proc/acpi/call, e.g. to turn off discrete graphics card in a dual graphics environment (like NVIDIA Optimus)."
arch=('x86_64') arch=('x86_64')
url=("http://github.com/mkottman/acpi_call") url=("http://github.com/mkottman/acpi_call")
......
...@@ -9,7 +9,7 @@ pkgname=('linux' 'linux-headers' 'linux-docs') ...@@ -9,7 +9,7 @@ pkgname=('linux' 'linux-headers' 'linux-docs')
_kernelname=${pkgname#linux} _kernelname=${pkgname#linux}
_basekernel=3.7 _basekernel=3.7
pkgver=3.7.6 pkgver=3.7.6
pkgrel=1 pkgrel=2
arch=('x86_64') arch=('x86_64')
url="http://www.kernel.org/" url="http://www.kernel.org/"
license=('GPL2') license=('GPL2')
...@@ -32,7 +32,8 @@ source=("http://www.kernel.org/pub/linux/kernel/v3.x/linux-3.7.tar.xz" ...@@ -32,7 +32,8 @@ source=("http://www.kernel.org/pub/linux/kernel/v3.x/linux-3.7.tar.xz"
'change-default-console-loglevel.patch' 'change-default-console-loglevel.patch'
'fat-3.6.x.patch' 'fat-3.6.x.patch'
'sp5100_tco-Add-SB8x0-chipset-support2.patch' 'sp5100_tco-Add-SB8x0-chipset-support2.patch'
'ath3k.patch') 'ath3k.patch'
'security.patch')
md5sums=('21223369d682bcf44bcdfe1521095983' md5sums=('21223369d682bcf44bcdfe1521095983'
'ec61c44f37585a768d41c0439101ef9c' 'ec61c44f37585a768d41c0439101ef9c'
'05befa9b6c2a91015f89d6cda6802198' '05befa9b6c2a91015f89d6cda6802198'
...@@ -47,7 +48,8 @@ md5sums=('21223369d682bcf44bcdfe1521095983' ...@@ -47,7 +48,8 @@ md5sums=('21223369d682bcf44bcdfe1521095983'
'65cbe8e4c8efaf96dd162102e46ce81d' '65cbe8e4c8efaf96dd162102e46ce81d'
'88d501404f172dac6fcb248978251560' '88d501404f172dac6fcb248978251560'
'57ee9aa09bdec07a5ce2b553b94c7039' '57ee9aa09bdec07a5ce2b553b94c7039'
'd393a0bbd762bf9d6f42d770b89e6811') 'd393a0bbd762bf9d6f42d770b89e6811'
'fc4928d107d638bb106901f1bfedd684')
build() { build() {
cd "${srcdir}/linux-${_basekernel}" cd "${srcdir}/linux-${_basekernel}"
...@@ -65,6 +67,10 @@ build() { ...@@ -65,6 +67,10 @@ build() {
#patch -p1 -i "${srcdir}/sp5100_tco-Add-SB8x0-chipset-support2.patch" #patch -p1 -i "${srcdir}/sp5100_tco-Add-SB8x0-chipset-support2.patch"
# bug http://chakra-linux.org/bugs/index.php?do=details&task_id=501 # bug http://chakra-linux.org/bugs/index.php?do=details&task_id=501
patch -p1 -i "${srcdir}/ath3k.patch" patch -p1 -i "${srcdir}/ath3k.patch"
# Fix out-of-bounds access to sock_diag_handlerscurrent, code does not test for
# this condition therefore is vulnerable to an out-of-bound access opening doors
# for a privilege escalation
patch -p1 -i "${srcdir}/security.patch"
# set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param) # set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param)
# remove this when a Kconfig knob is made available by upstream # remove this when a Kconfig knob is made available by upstream
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
# arg 2: the old package version # arg 2: the old package version
KERNEL_NAME= KERNEL_NAME=
KERNEL_VERSION=3.7.6-1-CHAKRA KERNEL_VERSION=3.7.6-2-CHAKRA
# set a sane PATH to ensure that critical utils like depmod will be found # set a sane PATH to ensure that critical utils like depmod will be found
export PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' export PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
......
From: Mathias Krause <minipli@googlemail.com>
Date: Sat, 23 Feb 2013 01:13:47 +0000 (+0000)
Subject: sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
X-Git-Url: https://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fdavem%2Fnet.git;a=commitdiff_plain;h=6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0;hp=c9b20a5effcb29acf0f8a2a31c875073b2a0c74e
sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
Userland can send a netlink message requesting SOCK_DIAG_BY_FAMILY
with a family greater or equal then AF_MAX -- the array size of
sock_diag_handlers[]. The current code does not test for this
condition therefore is vulnerable to an out-of-bound access opening
doors for a privilege escalation.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c
index 602cd63..750f44f 100644
--- a/net/core/sock_diag.c
+++ b/net/core/sock_diag.c
@@ -121,6 +121,9 @@ static int __sock_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
if (nlmsg_len(nlh) < sizeof(*req))
return -EINVAL;
+ if (req->sdiag_family >= AF_MAX)
+ return -EINVAL;
+
hndl = sock_diag_lock_handler(req->sdiag_family);
if (hndl == NULL)
err = -ENOENT;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment