summaryrefslogtreecommitdiff
path: root/libre
diff options
context:
space:
mode:
authorroot <root@rshg054.dnsready.net>2012-02-02 23:14:44 +0000
committerroot <root@rshg054.dnsready.net>2012-02-02 23:14:44 +0000
commit22e5f5bf64eba5c65674eeb3a8167de2854dbe0e (patch)
treeeb874eff6206b4a1557f42bc02ee9e54c43bc882 /libre
parentac5ada660240f37d7347e42123071990f616e418 (diff)
Thu Feb 2 23:14:44 UTC 2012
Diffstat (limited to 'libre')
-rw-r--r--libre/crosstool-ng/PKGBUILD4
-rw-r--r--libre/filesystem/PKGBUILD22
-rw-r--r--libre/filesystem/filesystem.install3
-rw-r--r--libre/filesystem/issue1
-rw-r--r--libre/filesystem/modprobe.d.usb-load-ehci-first4
-rw-r--r--libre/initscripts/PKGBUILD4
-rw-r--r--libre/linux-libre/CVE-2012-0056.patch268
-rw-r--r--libre/linux-libre/PKGBUILD6
-rw-r--r--libre/linux-libre/linux-libre.install2
-rw-r--r--libre/pacman/PKGBUILD5
-rw-r--r--libre/pacman/rePKGBUILD2
11 files changed, 293 insertions, 28 deletions
diff --git a/libre/crosstool-ng/PKGBUILD b/libre/crosstool-ng/PKGBUILD
index 8843af016..5341fa6f5 100644
--- a/libre/crosstool-ng/PKGBUILD
+++ b/libre/crosstool-ng/PKGBUILD
@@ -2,7 +2,7 @@
# Maintainer (Parabola): fauno <fauno@kiwwwi.com.ar>
pkgname=crosstool-ng
-pkgver=1.13.0
+pkgver=1.13.2
pkgrel=1
pkgdesc="A versatile cross toolchain generator (eglibc addons patch)"
arch=('i686' 'x86_64')
@@ -26,4 +26,4 @@ package() {
cd $srcdir/$pkgname-$pkgver
make DESTDIR=$pkgdir install
}
-md5sums=('55fba9f37b9f9ed0aeb6c50fbd8b6429')
+md5sums=('749cf70568ad07d1b13fdcd25b163553')
diff --git a/libre/filesystem/PKGBUILD b/libre/filesystem/PKGBUILD
index ea1e0e4f9..733d34aa3 100644
--- a/libre/filesystem/PKGBUILD
+++ b/libre/filesystem/PKGBUILD
@@ -1,10 +1,10 @@
-# $Id: PKGBUILD 140217 2011-10-09 23:32:13Z dreisner $
+# $Id: PKGBUILD 147201 2012-01-24 06:36:12Z bisson $
# Maintainer: Tom Gundersen <teg@jklm.no>
# Maintainer (Parabola): fauno <fauno@kiwwwi.com.ar>
pkgname=filesystem
-pkgver=2011.10
-pkgrel=1
+pkgver=2011.12
+pkgrel=2
pkgdesc='Base filesystem for Parabola'
arch=('any')
license=('GPL')
@@ -19,7 +19,7 @@ source=('group' 'issue' 'nsswitch.conf' 'securetty' 'host.conf' 'ld.so.conf'
'passwd' 'shadow' 'fstab' 'crypttab' 'hosts' 'motd' 'resolv.conf' 'shells'
'gshadow' 'profile' 'modprobe.d.usb-load-ehci-first')
md5sums=('772fe869b921698cc3e6fde73c4ac85a'
- '140787c0dc6f3f1272cfd381b92b0155'
+ '6be47d893fd49b2e4a8c0e811b350861'
'13753e4e0964f3652b0cc60a28528bdf'
'4c4540eeb748bf1f71d631b8c1dcf0b3'
'f28150d4c0b22a017be51b9f7f9977ed'
@@ -34,7 +34,7 @@ md5sums=('772fe869b921698cc3e6fde73c4ac85a'
'22518e922891f9359f971f4f5b4e793c'
'd2dc4e39dbdea75b107f91789e3274ab'
'f3b6ae7db8adffaaa4bffc6099dcbd50'
- '8098ffd9fbf890468d3198277596b85a')
+ 'a8a962370cd0128465d514e6a1f74130')
package() {
cd ${srcdir}
@@ -56,6 +56,7 @@ package() {
for f in fstab group host.conf hosts issue ld.so.conf motd nsswitch.conf passwd resolv.conf securetty shells profile; do
install -m644 ${srcdir}/${f} ${pkgdir}/etc/
done
+ ln -s /proc/self/mounts ${pkgdir}/etc/mtab
for f in gshadow shadow crypttab; do
install -m600 ${srcdir}/${f} ${pkgdir}/etc/
done
@@ -63,16 +64,15 @@ package() {
install -D -m644 ${srcdir}/modprobe.d.usb-load-ehci-first ${pkgdir}/lib/modprobe.d/usb-load-ehci-first.conf
# setup /var
- for d in cache/man local opt run log/old lib/misc empty; do
+ for d in cache/man local opt log/old lib/misc empty; do
install -d -m755 ${pkgdir}/var/${d}
done
- install -d -m1777 ${pkgdir}/var/{lock,tmp,spool/mail}
+ install -d -m1777 ${pkgdir}/var/{tmp,spool/mail}
# allow setgid games to write scores
install -d -m775 -g games ${pkgdir}/var/games
- ln -s spool/mail ${pkgdir}/var/mail
- # prevent pacman from removing directory (FS#16886)
- touch ${pkgdir}/var/empty/.keep
-
+ ln -s /var/spool/mail ${pkgdir}/var/mail
+ ln -s /run ${pkgdir}/var/run
+ ln -s /run/lock ${pkgdir}/var/lock
#
# setup /usr hierarchy
diff --git a/libre/filesystem/filesystem.install b/libre/filesystem/filesystem.install
index 640cd5c1d..0ecc27e65 100644
--- a/libre/filesystem/filesystem.install
+++ b/libre/filesystem/filesystem.install
@@ -1,9 +1,6 @@
post_install() {
[ -f var/log/lastlog ] || : >var/log/lastlog
[ -f var/log/wtmp ] || : >var/log/wtmp
- [ -f var/run/utmp ] || : >var/run/utmp
- chown root:20 var/run/utmp
- chmod 664 var/run/utmp
[ -f var/log/btmp ] || (: >var/log/btmp && bin/chmod 600 var/log/btmp)
# workaround for bug #7194
# readded due to bug #9465
diff --git a/libre/filesystem/issue b/libre/filesystem/issue
index 323abdbf7..b001c55dd 100644
--- a/libre/filesystem/issue
+++ b/libre/filesystem/issue
@@ -1,3 +1,2 @@
-
Parabola GNU/Linux-libre \r (\n) (\l)
diff --git a/libre/filesystem/modprobe.d.usb-load-ehci-first b/libre/filesystem/modprobe.d.usb-load-ehci-first
index 3b5db0e7a..947379411 100644
--- a/libre/filesystem/modprobe.d.usb-load-ehci-first
+++ b/libre/filesystem/modprobe.d.usb-load-ehci-first
@@ -1,2 +1,2 @@
-install ohci_hcd /sbin/modprobe ehci_hcd ; /sbin/modprobe --ignore-install ohci_hcd $CMDLINE_OPTS
-install uhci_hcd /sbin/modprobe ehci_hcd ; /sbin/modprobe --ignore-install uhci_hcd $CMDLINE_OPTS
+softdep ohci_hcd pre: ehci_hcd
+softdep uhci_hcd pre: ehci_hcd
diff --git a/libre/initscripts/PKGBUILD b/libre/initscripts/PKGBUILD
index 9ce6cd8ae..f8b70de29 100644
--- a/libre/initscripts/PKGBUILD
+++ b/libre/initscripts/PKGBUILD
@@ -4,7 +4,7 @@
# Maintainer (Parabola): Nicolas Reynolds <fauno@kiwwwi.com.ar>
pkgname=initscripts
-pkgver=2011.12.14
+pkgver=2012.02.1
pkgrel=1
pkgdesc="System initialization/bootup scripts (Parabola branding)"
arch=('any')
@@ -28,5 +28,5 @@ package() {
make DESTDIR=${pkgdir} install
install -D -m644 ${srcdir}/wireless.conf.d ${pkgdir}/etc/conf.d/wireless
}
-md5sums=('55f010509c91d2a236df49a82af48b4b'
+md5sums=('db7506749d240cbe1e5988d3a81d72a9'
'027576534885b8d5dded9be546057b12')
diff --git a/libre/linux-libre/CVE-2012-0056.patch b/libre/linux-libre/CVE-2012-0056.patch
new file mode 100644
index 000000000..6a83fef1c
--- /dev/null
+++ b/libre/linux-libre/CVE-2012-0056.patch
@@ -0,0 +1,268 @@
+From e268337dfe26dfc7efd422a804dbb27977a3cccc Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Tue, 17 Jan 2012 15:21:19 -0800
+Subject: [PATCH] proc: clean up and fix /proc/<pid>/mem handling
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+Jüri Aedla reported that the /proc/<pid>/mem handling really isn't very
+robust, and it also doesn't match the permission checking of any of the
+other related files.
+
+This changes it to do the permission checks at open time, and instead of
+tracking the process, it tracks the VM at the time of the open. That
+simplifies the code a lot, but does mean that if you hold the file
+descriptor open over an execve(), you'll continue to read from the _old_
+VM.
+
+That is different from our previous behavior, but much simpler. If
+somebody actually finds a load where this matters, we'll need to revert
+this commit.
+
+I suspect that nobody will ever notice - because the process mapping
+addresses will also have changed as part of the execve. So you cannot
+actually usefully access the fd across a VM change simply because all
+the offsets for IO would have changed too.
+
+Reported-by: Jüri Aedla <asd@ut.ee>
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+---
+ fs/proc/base.c | 145 +++++++++++++++-----------------------------------------
+ 1 files changed, 39 insertions(+), 106 deletions(-)
+
+diff --git a/fs/proc/base.c b/fs/proc/base.c
+index 5485a53..662ddf2 100644
+--- a/fs/proc/base.c
++++ b/fs/proc/base.c
+@@ -198,65 +198,7 @@ static int proc_root_link(struct dentry *dentry, struct path *path)
+ return result;
+ }
+
+-static struct mm_struct *__check_mem_permission(struct task_struct *task)
+-{
+- struct mm_struct *mm;
+-
+- mm = get_task_mm(task);
+- if (!mm)
+- return ERR_PTR(-EINVAL);
+-
+- /*
+- * A task can always look at itself, in case it chooses
+- * to use system calls instead of load instructions.
+- */
+- if (task == current)
+- return mm;
+-
+- /*
+- * If current is actively ptrace'ing, and would also be
+- * permitted to freshly attach with ptrace now, permit it.
+- */
+- if (task_is_stopped_or_traced(task)) {
+- int match;
+- rcu_read_lock();
+- match = (ptrace_parent(task) == current);
+- rcu_read_unlock();
+- if (match && ptrace_may_access(task, PTRACE_MODE_ATTACH))
+- return mm;
+- }
+-
+- /*
+- * No one else is allowed.
+- */
+- mmput(mm);
+- return ERR_PTR(-EPERM);
+-}
+-
+-/*
+- * If current may access user memory in @task return a reference to the
+- * corresponding mm, otherwise ERR_PTR.
+- */
+-static struct mm_struct *check_mem_permission(struct task_struct *task)
+-{
+- struct mm_struct *mm;
+- int err;
+-
+- /*
+- * Avoid racing if task exec's as we might get a new mm but validate
+- * against old credentials.
+- */
+- err = mutex_lock_killable(&task->signal->cred_guard_mutex);
+- if (err)
+- return ERR_PTR(err);
+-
+- mm = __check_mem_permission(task);
+- mutex_unlock(&task->signal->cred_guard_mutex);
+-
+- return mm;
+-}
+-
+-struct mm_struct *mm_for_maps(struct task_struct *task)
++static struct mm_struct *mm_access(struct task_struct *task, unsigned int mode)
+ {
+ struct mm_struct *mm;
+ int err;
+@@ -267,7 +209,7 @@ struct mm_struct *mm_for_maps(struct task_struct *task)
+
+ mm = get_task_mm(task);
+ if (mm && mm != current->mm &&
+- !ptrace_may_access(task, PTRACE_MODE_READ)) {
++ !ptrace_may_access(task, mode)) {
+ mmput(mm);
+ mm = ERR_PTR(-EACCES);
+ }
+@@ -276,6 +218,11 @@ struct mm_struct *mm_for_maps(struct task_struct *task)
+ return mm;
+ }
+
++struct mm_struct *mm_for_maps(struct task_struct *task)
++{
++ return mm_access(task, PTRACE_MODE_READ);
++}
++
+ static int proc_pid_cmdline(struct task_struct *task, char * buffer)
+ {
+ int res = 0;
+@@ -752,38 +699,39 @@ static const struct file_operations proc_single_file_operations = {
+
+ static int mem_open(struct inode* inode, struct file* file)
+ {
+- file->private_data = (void*)((long)current->self_exec_id);
++ struct task_struct *task = get_proc_task(file->f_path.dentry->d_inode);
++ struct mm_struct *mm;
++
++ if (!task)
++ return -ESRCH;
++
++ mm = mm_access(task, PTRACE_MODE_ATTACH);
++ put_task_struct(task);
++
++ if (IS_ERR(mm))
++ return PTR_ERR(mm);
++
+ /* OK to pass negative loff_t, we can catch out-of-range */
+ file->f_mode |= FMODE_UNSIGNED_OFFSET;
++ file->private_data = mm;
++
+ return 0;
+ }
+
+ static ssize_t mem_read(struct file * file, char __user * buf,
+ size_t count, loff_t *ppos)
+ {
+- struct task_struct *task = get_proc_task(file->f_path.dentry->d_inode);
++ int ret;
+ char *page;
+ unsigned long src = *ppos;
+- int ret = -ESRCH;
+- struct mm_struct *mm;
++ struct mm_struct *mm = file->private_data;
+
+- if (!task)
+- goto out_no_task;
++ if (!mm)
++ return 0;
+
+- ret = -ENOMEM;
+ page = (char *)__get_free_page(GFP_TEMPORARY);
+ if (!page)
+- goto out;
+-
+- mm = check_mem_permission(task);
+- ret = PTR_ERR(mm);
+- if (IS_ERR(mm))
+- goto out_free;
+-
+- ret = -EIO;
+-
+- if (file->private_data != (void*)((long)current->self_exec_id))
+- goto out_put;
++ return -ENOMEM;
+
+ ret = 0;
+
+@@ -810,13 +758,7 @@ static ssize_t mem_read(struct file * file, char __user * buf,
+ }
+ *ppos = src;
+
+-out_put:
+- mmput(mm);
+-out_free:
+ free_page((unsigned long) page);
+-out:
+- put_task_struct(task);
+-out_no_task:
+ return ret;
+ }
+
+@@ -825,27 +767,15 @@ static ssize_t mem_write(struct file * file, const char __user *buf,
+ {
+ int copied;
+ char *page;
+- struct task_struct *task = get_proc_task(file->f_path.dentry->d_inode);
+ unsigned long dst = *ppos;
+- struct mm_struct *mm;
++ struct mm_struct *mm = file->private_data;
+
+- copied = -ESRCH;
+- if (!task)
+- goto out_no_task;
++ if (!mm)
++ return 0;
+
+- copied = -ENOMEM;
+ page = (char *)__get_free_page(GFP_TEMPORARY);
+ if (!page)
+- goto out_task;
+-
+- mm = check_mem_permission(task);
+- copied = PTR_ERR(mm);
+- if (IS_ERR(mm))
+- goto out_free;
+-
+- copied = -EIO;
+- if (file->private_data != (void *)((long)current->self_exec_id))
+- goto out_mm;
++ return -ENOMEM;
+
+ copied = 0;
+ while (count > 0) {
+@@ -869,13 +799,7 @@ static ssize_t mem_write(struct file * file, const char __user *buf,
+ }
+ *ppos = dst;
+
+-out_mm:
+- mmput(mm);
+-out_free:
+ free_page((unsigned long) page);
+-out_task:
+- put_task_struct(task);
+-out_no_task:
+ return copied;
+ }
+
+@@ -895,11 +819,20 @@ loff_t mem_lseek(struct file *file, loff_t offset, int orig)
+ return file->f_pos;
+ }
+
++static int mem_release(struct inode *inode, struct file *file)
++{
++ struct mm_struct *mm = file->private_data;
++
++ mmput(mm);
++ return 0;
++}
++
+ static const struct file_operations proc_mem_operations = {
+ .llseek = mem_lseek,
+ .read = mem_read,
+ .write = mem_write,
+ .open = mem_open,
++ .release = mem_release,
+ };
+
+ static ssize_t environ_read(struct file *file, char __user *buf,
+--
+1.7.6.5
+
diff --git a/libre/linux-libre/PKGBUILD b/libre/linux-libre/PKGBUILD
index 3bd2c7fe6..bc6b67c12 100644
--- a/libre/linux-libre/PKGBUILD
+++ b/libre/linux-libre/PKGBUILD
@@ -9,7 +9,7 @@ pkgname=('linux-libre' 'linux-libre-headers' 'linux-libre-docs') # Build stock -
# pkgname=linux-custom # Build kernel with a different name
_kernelname=${pkgname#linux-libre}
_basekernel=3.2
-pkgver=${_basekernel}.1
+pkgver=${_basekernel}.2
pkgrel=1
arch=('i686' 'x86_64' 'mips64el')
url="http://linux-libre.fsfla.org/"
@@ -341,8 +341,8 @@ package_linux-libre-docs() {
rm -f "${pkgdir}/usr/src/linux-${_kernver}/Documentation/DocBook/Makefile"
}
md5sums=('27c641c4f6785fc647cdd3e44963a55c'
- '6e0c99536652e7deb71acbadc980b586'
- 'fb12372c5c7bc4e5328b38953616c7a5'
+ '39d471f90b754fd60529166cd37e5e0d'
+ '5c654bfed9005675317794c492bd2d8c'
'92f62a90c1df8d74704a510d28146c52'
'576ba68b171efd4a3333736c30f334ef'
'a8a3843046926eb7ab81312cd438c5c5'
diff --git a/libre/linux-libre/linux-libre.install b/libre/linux-libre/linux-libre.install
index f08840c94..6dc0e247d 100644
--- a/libre/linux-libre/linux-libre.install
+++ b/libre/linux-libre/linux-libre.install
@@ -2,7 +2,7 @@
# arg 2: the old package version
KERNEL_NAME=
-KERNEL_VERSION=3.2.1-1-LIBRE
+KERNEL_VERSION=3.2.2-1-LIBRE
post_install () {
# updating module dependencies
diff --git a/libre/pacman/PKGBUILD b/libre/pacman/PKGBUILD
index 00ed5e69c..00faf0842 100644
--- a/libre/pacman/PKGBUILD
+++ b/libre/pacman/PKGBUILD
@@ -1,11 +1,11 @@
# vim: set ts=2 sw=2 et:
-# $Id: PKGBUILD 145836 2012-01-02 19:39:43Z dreisner $
+# $Id: PKGBUILD 146568 2012-01-13 16:47:02Z dreisner $
# Maintainer: Dan McGee <dan@archlinux.org>
# Maintainer: Dave Reisner <dave@archlinux.org>
pkgname=pacman
pkgver=4.0.1
-pkgrel=3
+pkgrel=4
pkgdesc="A library-based package manager with dependency support"
arch=('i686' 'x86_64' 'mips64el')
url="http://www.archlinux.org/pacman/"
@@ -13,6 +13,7 @@ license=('GPL')
groups=('base')
depends=('bash' 'glibc>=2.15' 'libarchive>=3.0.2' 'curl>=7.19.4'
'gpgme' 'pacman-mirrorlist')
+makedepends=('asciidoc')
optdepends=('fakeroot: for makepkg usage as normal user')
backup=(etc/pacman.conf etc/makepkg.conf)
install=pacman.install
diff --git a/libre/pacman/rePKGBUILD b/libre/pacman/rePKGBUILD
index 3648f2a18..3967b90ab 100644
--- a/libre/pacman/rePKGBUILD
+++ b/libre/pacman/rePKGBUILD
@@ -2,7 +2,7 @@
source PKGBUILD
CARCH=x86_64
unset build package md5sums source
-_repo=testing
+_repo=core
source=(PKGBUILD
ftp://ftp.archlinux.org/${_repo}/os/${CARCH}/${pkgname%-libre}-$pkgver-$pkgrel-$CARCH$PKGEXT
# files for pkg modifications