8 files changed, 61 insertions, 83 deletions
diff --git a/libre/blender-libre/PKGBUILD b/libre/blender-libre/PKGBUILD
index 83cd9437c..94e5b00cb 100644
--- a/libre/blender-libre/PKGBUILD
+++ b/libre/blender-libre/PKGBUILD
@@ -17,8 +17,8 @@ else
 fi
 pkgdesc="Fully integrated 3D graphics creation suite, without nonfree cuda-toolkit and redcode image format support$spndesc"
 pkgver=2.66
-pkgrel=1
-pkgaev=7
+pkgrel=2
+pkgaev=6
 arch=(
   i686
   x86_64
@@ -29,83 +29,21 @@ license=(
 )
 url="http://www.${pkgbase%$pkgflag}.org"
 depends=(
-  # used by ldd software "glibc package software"
-  # dependencies tree of binaries software (root) #
+  desktop-file-utils
   ffmpeg
   fftw
   freetype2
+  hicolor-icon-theme
   jack
   libpng
   libtiff
   openal
   openimageio
-  opencolorio
-  # external softwares dependencies #
   opencollada
-  # softwares dependencies for desktop files and mime types #
-  desktop-file-utils
-  hicolor-icon-theme
+  opencolorio
+  openshadinglanguage
   shared-mime-info
   xdg-utils
-  # dependencies tree of binaries software (child) #
-  #alsa-lib
-  #boost-libs
-  #bzip2
-  #celt
-  #dbus-core
-  #flac
-  #gcc-libs
-  #glew
-  #glibc
-  #glu
-  #gsm
-  #icu
-  #ilmbase
-  #json-c
-  #lame
-  #libasyncns
-  #libdrm
-  #libgl
-  #libglapi
-  #libice
-  #libjpeg-turbo
-  #libogg
-  #libpulse
-  #libsndfile
-  #libsm
-  #libtheora
-  #libva
-  #libvorbis
-  #libvpx
-  #libx11
-  #libxau
-  #libxcb
-  #libxdamage
-  #libxdmcp
-  #libxext
-  #libxfixes
-  #libxi
-  #libxml2
-  #libxmu
-  #libxt
-  #libxxf86vm
-  #ocr
-  #openexr
-  #opencore-amr
-  #openjpeg
-  #openssl
-  #pcre
-  #python
-  #rtmpdump
-  #sdl-libre
-  #schroedinger
-  #speex
-  #util-linux
-  #x264
-  #xvidcore
-  #xz
-  #v4l-utils
-  #zlib
 )
 if [ $spacenav == true ]; then
   depends+=(
@@ -161,6 +99,7 @@ build() {
     -DWITH_CODEC_SNDFILE=ON\
     -DWITH_CYCLES=ON\
     -DWITH_CYCLES_CUDA_BINARIES=OFF\
+    -DWITH_CYCLES_OSL=ON\
     -DWITH_FFTW3=ON\
     -DWITH_GAMEENGINE=ON\
     -DWITH_IMAGE_REDCODE=OFF\
@@ -171,9 +110,7 @@ build() {
     -DWITH_PLAYER=ON\
     -DWITH_PYTHON_INSTALL=OFF\
     -DWITH_SYSTEM_GLEW=ON
-
   setarch $CARCH make $MAKEFLAGS
-
   setarch $CARCH make
 }
 
diff --git a/libre/linux-libre-kmod-alx/PKGBUILD b/libre/linux-libre-kmod-alx/PKGBUILD
index d64060918..33220b55a 100644
--- a/libre/linux-libre-kmod-alx/PKGBUILD
+++ b/libre/linux-libre-kmod-alx/PKGBUILD
@@ -1,12 +1,12 @@
 # Maintainer: André Silva <emulatorman@lavabit.com>
 
 _kernver=3.8
-_kernrel=1
+_kernrel=2
 pkgname=('linux-libre-kmod-alx')
 _version=v3.8-rc7
 _pkgver=3.8-rc7-1-u
 pkgver=3.8rc7.1
-pkgrel=4
+pkgrel=5
 pkgdesc='Atheros alx ethernet device driver for linux-libre kernel'
 arch=('i686' 'x86_64')
 url='http://www.linuxfoundation.org/collaborate/workgroups/networking/alx'
diff --git a/libre/linux-libre/CVE-2013-1763.patch b/libre/linux-libre/CVE-2013-1763.patch
new file mode 100644
index 000000000..82b59a6dc
--- /dev/null
+++ b/libre/linux-libre/CVE-2013-1763.patch
@@ -0,0 +1,35 @@
+From 6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0 Mon Sep 17 00:00:00 2001
+From: Mathias Krause <minipli@googlemail.com>
+Date: Sat, 23 Feb 2013 01:13:47 +0000
+Subject: [PATCH] sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
+
+Userland can send a netlink message requesting SOCK_DIAG_BY_FAMILY
+with a family greater or equal then AF_MAX -- the array size of
+sock_diag_handlers[]. The current code does not test for this
+condition therefore is vulnerable to an out-of-bound access opening
+doors for a privilege escalation.
+
+Signed-off-by: Mathias Krause <minipli@googlemail.com>
+Acked-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+ net/core/sock_diag.c |    3 +++
+ 1 files changed, 3 insertions(+), 0 deletions(-)
+
+diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c
+index 602cd63..750f44f 100644
+--- a/net/core/sock_diag.c
++++ b/net/core/sock_diag.c
+@@ -121,6 +121,9 @@ static int __sock_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
+ 	if (nlmsg_len(nlh) < sizeof(*req))
+ 		return -EINVAL;
+ 
++	if (req->sdiag_family >= AF_MAX)
++		return -EINVAL;
++
+ 	hndl = sock_diag_lock_handler(req->sdiag_family);
+ 	if (hndl == NULL)
+ 		err = -ENOENT;
+-- 
+1.7.6.5
+
diff --git a/libre/linux-libre/PKGBUILD b/libre/linux-libre/PKGBUILD
index 6842b2712..15bb939d0 100644
--- a/libre/linux-libre/PKGBUILD
+++ b/libre/linux-libre/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 178342 2013-02-20 12:32:29Z tpowa $
+# $Id: PKGBUILD 178533 2013-02-25 11:02:32Z tpowa $
 # Maintainer: Tobias Powalowski <tpowa@archlinux.org>
 # Maintainer: Thomas Baechler <thomas@archlinux.org>
 # Maintainer (Parabola): Nicolás Reynolds <fauno@kiwwwi.com.ar>
@@ -13,7 +13,7 @@ _basekernel=3.8
 #_sublevel=9
 #pkgver=${_basekernel}.${_sublevel}
 pkgver=${_basekernel}
-pkgrel=1
+pkgrel=2
 #_lxopkgver=${_basekernel}.8 # nearly always the same as pkgver
 arch=('i686' 'x86_64' 'mips64el')
 url="http://linux-libre.fsfla.org/"
@@ -29,16 +29,18 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn
         'Kbuild'
         'Kbuild.platforms'
         'boot-logo.patch'
-        'change-default-console-loglevel.patch')
+        'change-default-console-loglevel.patch'
+        'CVE-2013-1763.patch')
         #"http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.bz2")
 md5sums=('84c2a77910932ffc7d958744ac9cf2f5'
-         'd0ceaebf20b53184c50e7f4980ed45d1'
-         '0b483b23413dbc451f2b041b9a475c03'
+         '101e798e00fd9b66a4c86cd30d28b844'
+         '5f3338af83af116b99746eb8a3ca65e4'
          'e49ac236dfeef709f91a3d993ea7b62c'
          '2967cecc3af9f954ccc822fd63dca6ff'
          '8267264d9a8966e57fdacd1fa1fc65c4'
          '04b21c79df0a952c22d681dd4f4562df'
-         '9d3c56a4b999c8bfbd4018089a62f662')
+         '9d3c56a4b999c8bfbd4018089a62f662'
+         '420991808fe4cba143013427c0737aa9')
 #if [ "$CARCH" != "mips64el" ]; then
 #    # Don't use the Loongson-specific patches on non-mips64el arches.
 #    unset source[${#source[@]}-1]
@@ -58,6 +60,10 @@ build() {
   # Add freedo as boot logo
   patch -Np1 -i "${srcdir}/boot-logo.patch"
 
+  # Fix security vulnetability CVE-2013-1763.patch
+  # https://bugs.archlinux.org/task/34005
+  patch -Np1 -i "${srcdir}/CVE-2013-1763.patch"
+
   # set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param)
   # remove this when a Kconfig knob is made available by upstream
   # (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227)
@@ -246,7 +252,7 @@ _package-headers() {
 
   mkdir -p "${pkgdir}/usr/src/linux-${_kernver}/include"
 
-  for i in acpi asm-generic config crypto drm generated linux math-emu \
+  for i in acpi asm-generic config crypto drm generated keys linux math-emu \
     media net pcmcia scsi sound trace uapi video xen; do
     cp -a include/${i} "${pkgdir}/usr/src/linux-${_kernver}/include/"
   done
diff --git a/libre/linux-libre/config.i686 b/libre/linux-libre/config.i686
index 1491a2ff6..f6af7876a 100644
--- a/libre/linux-libre/config.i686
+++ b/libre/linux-libre/config.i686
@@ -5866,7 +5866,7 @@ CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048
 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024
 # CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set
 CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init"
-CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init"
+CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/usr/lib/systemd/systemd"
 CONFIG_SECURITY_APPARMOR=y
 CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0
 # CONFIG_SECURITY_YAMA is not set
diff --git a/libre/linux-libre/config.x86_64 b/libre/linux-libre/config.x86_64
index dcf662c3c..5818aa984 100644
--- a/libre/linux-libre/config.x86_64
+++ b/libre/linux-libre/config.x86_64
@@ -5639,7 +5639,7 @@ CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048
 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024
 # CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set
 CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init"
-CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init"
+CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/usr/lib/systemd/systemd"
 CONFIG_SECURITY_APPARMOR=y
 CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=0
 # CONFIG_SECURITY_YAMA is not set
diff --git a/libre/linux-libre/linux-libre.install b/libre/linux-libre/linux-libre.install
index c94a54bcc..fb7fa81c2 100644
--- a/libre/linux-libre/linux-libre.install
+++ b/libre/linux-libre/linux-libre.install
@@ -2,7 +2,7 @@
 # arg 2:  the old package version
 
 KERNEL_NAME=
-KERNEL_VERSION=3.8.0-1-LIBRE
+KERNEL_VERSION=3.8.0-2-LIBRE
 
 # set a sane PATH to ensure that critical utils like depmod will be found
 export PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
diff --git a/libre/luxblend25/PKGBUILD b/libre/luxblend25/PKGBUILD
index 6d249b329..44ef6a542 100644
--- a/libre/luxblend25/PKGBUILD
+++ b/libre/luxblend25/PKGBUILD
@@ -32,7 +32,7 @@ replaces=(
   $pkgname
 )
 source=(
-  "https://src.$pkgbase.net/$pkgname/archive/$srcver.tar.bz2"
+  "http://src.$pkgbase.net/$pkgname/archive/$srcver.tar.bz2"
 )
 sha512sums=(
   f5aadc77e699f6b7259ece271b0c50ca7be5858bb628b99aedbb23b64e5587ac59cc3d1c52e063ba89c9d340f915727046e4d3017b26238425d43d3bba14f017