summaryrefslogtreecommitdiff
path: root/libre/linux-libre-lts
diff options
context:
space:
mode:
Diffstat (limited to 'libre/linux-libre-lts')
-rw-r--r--libre/linux-libre-lts/CVE-2012-0056.patch269
-rw-r--r--libre/linux-libre-lts/PKGBUILD20
-rw-r--r--libre/linux-libre-lts/linux-libre-lts.install2
-rw-r--r--libre/linux-libre-lts/linux-libre-lts.preset2
4 files changed, 12 insertions, 281 deletions
diff --git a/libre/linux-libre-lts/CVE-2012-0056.patch b/libre/linux-libre-lts/CVE-2012-0056.patch
deleted file mode 100644
index 4098f3506..000000000
--- a/libre/linux-libre-lts/CVE-2012-0056.patch
+++ /dev/null
@@ -1,269 +0,0 @@
-From e268337dfe26dfc7efd422a804dbb27977a3cccc Mon Sep 17 00:00:00 2001
-From: Linus Torvalds <torvalds@linux-foundation.org>
-Date: Tue, 17 Jan 2012 15:21:19 -0800
-Subject: proc: clean up and fix /proc/<pid>/mem handling
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-From: Linus Torvalds <torvalds@linux-foundation.org>
-
-commit e268337dfe26dfc7efd422a804dbb27977a3cccc upstream.
-
-Jüri Aedla reported that the /proc/<pid>/mem handling really isn't very
-robust, and it also doesn't match the permission checking of any of the
-other related files.
-
-This changes it to do the permission checks at open time, and instead of
-tracking the process, it tracks the VM at the time of the open. That
-simplifies the code a lot, but does mean that if you hold the file
-descriptor open over an execve(), you'll continue to read from the _old_
-VM.
-
-That is different from our previous behavior, but much simpler. If
-somebody actually finds a load where this matters, we'll need to revert
-this commit.
-
-I suspect that nobody will ever notice - because the process mapping
-addresses will also have changed as part of the execve. So you cannot
-actually usefully access the fd across a VM change simply because all
-the offsets for IO would have changed too.
-
-Reported-by: Jüri Aedla <asd@ut.ee>
-Cc: Al Viro <viro@zeniv.linux.org.uk>
-Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
----
- fs/proc/base.c | 145 +++++++++++++++------------------------------------------
- 1 file changed, 39 insertions(+), 106 deletions(-)
-
---- a/fs/proc/base.c
-+++ b/fs/proc/base.c
-@@ -194,65 +194,7 @@ static int proc_root_link(struct inode *
- return result;
- }
-
--static struct mm_struct *__check_mem_permission(struct task_struct *task)
--{
-- struct mm_struct *mm;
--
-- mm = get_task_mm(task);
-- if (!mm)
-- return ERR_PTR(-EINVAL);
--
-- /*
-- * A task can always look at itself, in case it chooses
-- * to use system calls instead of load instructions.
-- */
-- if (task == current)
-- return mm;
--
-- /*
-- * If current is actively ptrace'ing, and would also be
-- * permitted to freshly attach with ptrace now, permit it.
-- */
-- if (task_is_stopped_or_traced(task)) {
-- int match;
-- rcu_read_lock();
-- match = (tracehook_tracer_task(task) == current);
-- rcu_read_unlock();
-- if (match && ptrace_may_access(task, PTRACE_MODE_ATTACH))
-- return mm;
-- }
--
-- /*
-- * No one else is allowed.
-- */
-- mmput(mm);
-- return ERR_PTR(-EPERM);
--}
--
--/*
-- * If current may access user memory in @task return a reference to the
-- * corresponding mm, otherwise ERR_PTR.
-- */
--static struct mm_struct *check_mem_permission(struct task_struct *task)
--{
-- struct mm_struct *mm;
-- int err;
--
-- /*
-- * Avoid racing if task exec's as we might get a new mm but validate
-- * against old credentials.
-- */
-- err = mutex_lock_killable(&task->signal->cred_guard_mutex);
-- if (err)
-- return ERR_PTR(err);
--
-- mm = __check_mem_permission(task);
-- mutex_unlock(&task->signal->cred_guard_mutex);
--
-- return mm;
--}
--
--struct mm_struct *mm_for_maps(struct task_struct *task)
-+static struct mm_struct *mm_access(struct task_struct *task, unsigned int mode)
- {
- struct mm_struct *mm;
- int err;
-@@ -263,7 +205,7 @@ struct mm_struct *mm_for_maps(struct tas
-
- mm = get_task_mm(task);
- if (mm && mm != current->mm &&
-- !ptrace_may_access(task, PTRACE_MODE_READ)) {
-+ !ptrace_may_access(task, mode)) {
- mmput(mm);
- mm = ERR_PTR(-EACCES);
- }
-@@ -272,6 +214,11 @@ struct mm_struct *mm_for_maps(struct tas
- return mm;
- }
-
-+struct mm_struct *mm_for_maps(struct task_struct *task)
-+{
-+ return mm_access(task, PTRACE_MODE_READ);
-+}
-+
- static int proc_pid_cmdline(struct task_struct *task, char * buffer)
- {
- int res = 0;
-@@ -816,38 +763,39 @@ static const struct file_operations proc
-
- static int mem_open(struct inode* inode, struct file* file)
- {
-- file->private_data = (void*)((long)current->self_exec_id);
-+ struct task_struct *task = get_proc_task(file->f_path.dentry->d_inode);
-+ struct mm_struct *mm;
-+
-+ if (!task)
-+ return -ESRCH;
-+
-+ mm = mm_access(task, PTRACE_MODE_ATTACH);
-+ put_task_struct(task);
-+
-+ if (IS_ERR(mm))
-+ return PTR_ERR(mm);
-+
- /* OK to pass negative loff_t, we can catch out-of-range */
- file->f_mode |= FMODE_UNSIGNED_OFFSET;
-+ file->private_data = mm;
-+
- return 0;
- }
-
- static ssize_t mem_read(struct file * file, char __user * buf,
- size_t count, loff_t *ppos)
- {
-- struct task_struct *task = get_proc_task(file->f_path.dentry->d_inode);
-+ int ret;
- char *page;
- unsigned long src = *ppos;
-- int ret = -ESRCH;
-- struct mm_struct *mm;
-+ struct mm_struct *mm = file->private_data;
-
-- if (!task)
-- goto out_no_task;
-+ if (!mm)
-+ return 0;
-
-- ret = -ENOMEM;
- page = (char *)__get_free_page(GFP_TEMPORARY);
- if (!page)
-- goto out;
--
-- mm = check_mem_permission(task);
-- ret = PTR_ERR(mm);
-- if (IS_ERR(mm))
-- goto out_free;
--
-- ret = -EIO;
--
-- if (file->private_data != (void*)((long)current->self_exec_id))
-- goto out_put;
-+ return -ENOMEM;
-
- ret = 0;
-
-@@ -874,13 +822,7 @@ static ssize_t mem_read(struct file * fi
- }
- *ppos = src;
-
--out_put:
-- mmput(mm);
--out_free:
- free_page((unsigned long) page);
--out:
-- put_task_struct(task);
--out_no_task:
- return ret;
- }
-
-@@ -889,27 +831,15 @@ static ssize_t mem_write(struct file * f
- {
- int copied;
- char *page;
-- struct task_struct *task = get_proc_task(file->f_path.dentry->d_inode);
- unsigned long dst = *ppos;
-- struct mm_struct *mm;
-+ struct mm_struct *mm = file->private_data;
-
-- copied = -ESRCH;
-- if (!task)
-- goto out_no_task;
-+ if (!mm)
-+ return 0;
-
-- copied = -ENOMEM;
- page = (char *)__get_free_page(GFP_TEMPORARY);
- if (!page)
-- goto out_task;
--
-- mm = check_mem_permission(task);
-- copied = PTR_ERR(mm);
-- if (IS_ERR(mm))
-- goto out_free;
--
-- copied = -EIO;
-- if (file->private_data != (void *)((long)current->self_exec_id))
-- goto out_mm;
-+ return -ENOMEM;
-
- copied = 0;
- while (count > 0) {
-@@ -933,13 +863,7 @@ static ssize_t mem_write(struct file * f
- }
- *ppos = dst;
-
--out_mm:
-- mmput(mm);
--out_free:
- free_page((unsigned long) page);
--out_task:
-- put_task_struct(task);
--out_no_task:
- return copied;
- }
-
-@@ -959,11 +883,20 @@ loff_t mem_lseek(struct file *file, loff
- return file->f_pos;
- }
-
-+static int mem_release(struct inode *inode, struct file *file)
-+{
-+ struct mm_struct *mm = file->private_data;
-+
-+ mmput(mm);
-+ return 0;
-+}
-+
- static const struct file_operations proc_mem_operations = {
- .llseek = mem_lseek,
- .read = mem_read,
- .write = mem_write,
- .open = mem_open,
-+ .release = mem_release,
- };
-
- static ssize_t environ_read(struct file *file, char __user *buf,
diff --git a/libre/linux-libre-lts/PKGBUILD b/libre/linux-libre-lts/PKGBUILD
index 4c7de83e5..3593442f9 100644
--- a/libre/linux-libre-lts/PKGBUILD
+++ b/libre/linux-libre-lts/PKGBUILD
@@ -9,9 +9,9 @@ pkgname=('linux-libre-lts' 'linux-libre-lts-headers') # Build stock -LIBRE kerne
# pkgname=linux-custom # Build kernel with a different name
_kernelname=-LIBRE-LTS
_basekernel=3.0
-_sublevel=29
+_sublevel=32
pkgver=${_basekernel}.${_sublevel}
-_lxopkgver=${_basekernel}.27 # nearly always the same as pkgver
+_lxopkgver=${_basekernel}.31 # nearly always the same as pkgver
pkgrel=1
arch=('i686' 'x86_64' 'mips64el')
url="http://linux-libre.fsfla.org/"
@@ -32,17 +32,17 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn
'ext4-options.patch'
"http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.bz2")
md5sums=('5f64180fe7df4e574dac5911b78f5067'
- '6c1dcf39863434add4043d0a3678001f'
+ '1fc88c19baf04fbb37385712ad9c4d57'
'df7e69a7b238c6492b589cc2beb894d2'
'2ef390e115d6ae1c074c30fec9258442'
- 'd2c0701480bce49fd4b40dc46b9863f1'
+ 'c072b17032e80debc6a8626299245d46'
'2967cecc3af9f954ccc822fd63dca6ff'
'8267264d9a8966e57fdacd1fa1fc65c4'
'04b21c79df0a952c22d681dd4f4562df'
'9d3c56a4b999c8bfbd4018089a62f662'
'263725f20c0b9eb9c353040792d644e5'
'f36222e7ce20c8e4dc27376f9be60f6c'
- '6f0a19113e73495e24873c31feab8464')
+ 'bacdceaf5ce186cfe69dffc89cd246a0')
if [ "$CARCH" != "mips64el" ]; then
# Don't use the Loongson-specific patches on non-mips64el arches.
unset source[${#source[@]}-1]
@@ -141,7 +141,7 @@ build() {
package_linux-libre-lts() {
pkgdesc="The Linux-libre Kernel and modules - stable longtime supported kernel package suitable for servers"
- depends=('coreutils' 'module-init-tools>=3.16')
+ depends=('coreutils' 'kmod')
optdepends=('crda: to set the correct wireless channels of your country')
provides=('kernel26-lts' "linux-lts=$pkgver")
conflicts=('kernel26-lts' 'kernel26-libre-lts' 'linux-lts')
@@ -199,10 +199,10 @@ package_linux-libre-lts() {
# gzip -9 all modules to save 100MB of space
find "${pkgdir}" -name '*.ko' -exec gzip -9 {} \;
# make room for external modules
- ln -s "../extramodules-${_basekernel}${_kernelname:--LIBRE}" "${pkgdir}/lib/modules/${_kernver}/extramodules"
+ ln -s "../extramodules-${_basekernel}${_kernelname:--LIBRE-LTS}" "${pkgdir}/lib/modules/${_kernver}/extramodules"
# add real version for building modules and running depmod from post_install/upgrade
- mkdir -p "${pkgdir}/lib/modules/extramodules-${_basekernel}${_kernelname:--LIBRE}"
- echo "${_kernver}" > "${pkgdir}/lib/modules/extramodules-${_basekernel}${_kernelname:--LIBRE}/version"
+ mkdir -p "${pkgdir}/lib/modules/extramodules-${_basekernel}${_kernelname:--LIBRE-LTS}"
+ echo "${_kernver}" > "${pkgdir}/lib/modules/extramodules-${_basekernel}${_kernelname:--LIBRE-LTS}/version"
}
package_linux-libre-lts-headers() {
@@ -348,7 +348,7 @@ package_linux-libre-lts-headers() {
done
# remove unneeded architectures
- rm -rf "${pkgdir}"/usr/src/linux-${_kernver}/arch/{alpha,arm,arm26,avr32,blackfin,cris,frv,h8300,ia64,m32r,m68k,m68knommu,microblaze,mn10300,parisc,powerpc,ppc,s390,sh,sh64,sparc,sparc64,um,v850,xtensa}
+ rm -rf "${pkgdir}"/usr/src/linux-${_kernver}/arch/{alpha,arm,arm26,avr32,blackfin,cris,frv,h8300,ia64,m32r,m68k,m68knommu,microblaze,mn10300,parisc,powerpc,ppc,s390,score,sh,sh64,sparc,sparc64,tile,um,unicore32,v850,xtensa}
if [ "$CARCH" = "mips64el" ]; then
rm -rf ${pkgdir}/usr/src/linux-${_kernver}/arch/x86
else
diff --git a/libre/linux-libre-lts/linux-libre-lts.install b/libre/linux-libre-lts/linux-libre-lts.install
index 714f68a17..6cd9761a7 100644
--- a/libre/linux-libre-lts/linux-libre-lts.install
+++ b/libre/linux-libre-lts/linux-libre-lts.install
@@ -2,7 +2,7 @@
# arg 2: the old package version
KERNEL_NAME=-lts
-KERNEL_VERSION=3.0.29-1-LIBRE-LTS
+KERNEL_VERSION=3.0.32-1-LIBRE-LTS
post_install () {
# updating module dependencies
diff --git a/libre/linux-libre-lts/linux-libre-lts.preset b/libre/linux-libre-lts/linux-libre-lts.preset
index 4621af434..37cf35ed0 100644
--- a/libre/linux-libre-lts/linux-libre-lts.preset
+++ b/libre/linux-libre-lts/linux-libre-lts.preset
@@ -1,4 +1,4 @@
-# mkinitcpio preset file for the 'linux' package
+# mkinitcpio preset file for the 'linux-libre-lts' package
ALL_config="/etc/mkinitcpio.conf"
ALL_kver="/boot/vmlinuz-linux-libre-lts"
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-28 03:05:00 +0000