From fc93b8247610630bbe779cba2d80fdc983fb0dc5 Mon Sep 17 00:00:00 2001 From: Paul Menzel Date: Mon, 27 Jun 2016 14:12:38 +0200 Subject: [PATCH 1/3] linux: Add new version 4.4.14 The new Linux kernel release fixes the security issues below [1]. 1. CVE-2016-4997: Corrupted offset allows for arbitrary decrements in compat IPT_SO_SET_REPLACE setsockopt 2. CVE-2016-4998: Out of bounds reads when processing IPT_SO_SET_REPLACE setsockopt From Softpedia [2]: > According to the appended shortlog and the diff from the previous > maintenance update, Linux kernel 4.4.14 LTS adds multiple changes to > the SPARC support, along with various small fixes for other hardware > architectures, including s390, ARM64 (AArch64), PowerPC (PPC), MIPS, > ARM, and x86. Moreover, the networking stack has received various > improvements to the IPv4 and IPv6 protocols, as well as things like > L2TP, Netfilter, Netlink, Open vSwitch, TIPC, Wireless, and switchdev. > > KVM (Kernel-based Virtual Machine) full virtualization solution for > Linux and Intel HDA sound support have been improved as well in Linux > kernel 4.4.14 LTS, along with a few updated drivers, in particular > networking ones (Ethernet, TUN, VXLAN, etc.), but also general-purpose > input/output (GPIO), crypto, PINCTRL, and SCSI drivers. All users of a > GNU/Linux operating system powered by a kernel from the Linux 4.4 LTS > series are urged to update to Linux kernel 4.4.14 LTS as soon as > possible. Also, select `RTC_DRV_CMOS` and `CONFIG_HPET`. The first option is needed, to get `/dev/rtc0`. ``` --- /boot/config-4.4.13.mx64.89 2016-06-17 09:58:30.000000000 +0200 +++ /dev/shm/linux-4.4.14.config 2016-06-27 17:36:14.584655167 +0200 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.4.13 Kernel Configuration +# Linux/x86 4.4.14 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -50,7 +50,7 @@ CONFIG_INIT_ENV_ARG_LIMIT=32 CONFIG_CROSS_COMPILE="" # CONFIG_COMPILE_TEST is not set -CONFIG_LOCALVERSION=".mx64.89" +CONFIG_LOCALVERSION=".mx64.90" CONFIG_LOCALVERSION_AUTO=y CONFIG_HAVE_KERNEL_GZIP=y CONFIG_HAVE_KERNEL_BZIP2=y @@ -398,6 +398,7 @@ CONFIG_CPU_SUP_AMD=y CONFIG_CPU_SUP_CENTAUR=y CONFIG_HPET_TIMER=y +CONFIG_HPET_EMULATE_RTC=y CONFIG_DMI=y CONFIG_GART_IOMMU=y # CONFIG_CALGARY_IOMMU is not set @@ -2146,7 +2147,9 @@ # CONFIG_APPLICOM is not set # CONFIG_MWAVE is not set # CONFIG_RAW_DRIVER is not set -# CONFIG_HPET is not set +CONFIG_HPET=y +CONFIG_HPET_MMAP=y +CONFIG_HPET_MMAP_DEFAULT=y # CONFIG_HANGCHECK_TIMER is not set # CONFIG_TCG_TPM is not set # CONFIG_TELCLOCK is not set @@ -3217,7 +3220,83 @@ CONFIG_EDAC_I5100=y CONFIG_EDAC_I7300=y CONFIG_RTC_LIB=y -# CONFIG_RTC_CLASS is not set +CONFIG_RTC_CLASS=y +CONFIG_RTC_HCTOSYS=y +CONFIG_RTC_HCTOSYS_DEVICE="rtc0" +CONFIG_RTC_SYSTOHC=y +CONFIG_RTC_SYSTOHC_DEVICE="rtc0" +# CONFIG_RTC_DEBUG is not set + +# +# RTC interfaces +# +CONFIG_RTC_INTF_SYSFS=y +# CONFIG_RTC_INTF_PROC is not set +CONFIG_RTC_INTF_DEV=y +# CONFIG_RTC_INTF_DEV_UIE_EMUL is not set +# CONFIG_RTC_DRV_TEST is not set + +# +# I2C RTC drivers +# +# CONFIG_RTC_DRV_ABB5ZES3 is not set +# CONFIG_RTC_DRV_ABX80X is not set +# CONFIG_RTC_DRV_DS1307 is not set +# CONFIG_RTC_DRV_DS1374 is not set +# CONFIG_RTC_DRV_DS1672 is not set +# CONFIG_RTC_DRV_DS3232 is not set +# CONFIG_RTC_DRV_MAX6900 is not set +# CONFIG_RTC_DRV_RS5C372 is not set +# CONFIG_RTC_DRV_ISL1208 is not set +# CONFIG_RTC_DRV_ISL12022 is not set +# CONFIG_RTC_DRV_ISL12057 is not set +# CONFIG_RTC_DRV_X1205 is not set +# CONFIG_RTC_DRV_PCF2127 is not set +# CONFIG_RTC_DRV_PCF8523 is not set +# CONFIG_RTC_DRV_PCF8563 is not set +# CONFIG_RTC_DRV_PCF85063 is not set +# CONFIG_RTC_DRV_PCF8583 is not set +# CONFIG_RTC_DRV_M41T80 is not set +# CONFIG_RTC_DRV_BQ32K is not set +# CONFIG_RTC_DRV_S35390A is not set +# CONFIG_RTC_DRV_FM3130 is not set +# CONFIG_RTC_DRV_RX8581 is not set +# CONFIG_RTC_DRV_RX8025 is not set +# CONFIG_RTC_DRV_EM3027 is not set +# CONFIG_RTC_DRV_RV3029C2 is not set +# CONFIG_RTC_DRV_RV8803 is not set + +# +# SPI RTC drivers +# + +# +# Platform RTC drivers +# +CONFIG_RTC_DRV_CMOS=y +# CONFIG_RTC_DRV_DS1286 is not set +# CONFIG_RTC_DRV_DS1511 is not set +# CONFIG_RTC_DRV_DS1553 is not set +# CONFIG_RTC_DRV_DS1685_FAMILY is not set +# CONFIG_RTC_DRV_DS1742 is not set +# CONFIG_RTC_DRV_DS2404 is not set +# CONFIG_RTC_DRV_STK17TA8 is not set +# CONFIG_RTC_DRV_M48T86 is not set +# CONFIG_RTC_DRV_M48T35 is not set +# CONFIG_RTC_DRV_M48T59 is not set +# CONFIG_RTC_DRV_MSM6242 is not set +# CONFIG_RTC_DRV_BQ4802 is not set +# CONFIG_RTC_DRV_RP5C01 is not set +# CONFIG_RTC_DRV_V3020 is not set + +# +# on-CPU RTC drivers +# + +# +# HID Sensor RTC drivers +# +# CONFIG_RTC_DRV_HID_SENSOR_TIME is not set # CONFIG_DMADEVICES is not set # CONFIG_AUXDISPLAY is not set # CONFIG_UIO is not set ``` [1] http://www.openwall.com/lists/oss-security/2016/06/24/5 [2] http://news.softpedia.com/news/linux-kernel-4-4-14-lts-brings-networking-improvements-multiple-sparc-changes-505657.shtml "Linux Kernel 4.4.14 LTS Brings Networking Improvements, Multiple SPARC Changes" --- linux-4.4.14-90.bee | 82 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100755 linux-4.4.14-90.bee diff --git a/linux-4.4.14-90.bee b/linux-4.4.14-90.bee new file mode 100755 index 000000000..ba3ec5485 --- /dev/null +++ b/linux-4.4.14-90.bee @@ -0,0 +1,82 @@ +#!/bin/env beesh + +# note: CONFIG=/boot/config-WHATEVER BEE_MAKEFLAGS='-j 40' ./linux-xxx.bee + +KERNELVERSION=${PKGVERSION} +if [ -z "${PKGVERSION[3]}" ] ; then + KERNELVERSION=${KERNELVERSION}.0 +fi + +echo $KERNELVERSION + +SRCURL[0]="http://www.kernel.org/pub/linux/kernel/v${PKGVERSION[1]}.x/linux-${PKGVERSION}.tar.xz" + +# backported to stable # PATCHURL+=(/src/mariux/patches/linux-0001-NFS-Fix-attribute-cache-revalidation.patch) +PATCHURL+=(/src/mariux/patches/linux-0002-NFS-Ensure-we-revalidate-attributes-before-using-exe.patch) +PATCHURL+=(/src/mariux/patches/linux-0003-NFSv4-Don-t-perform-cached-access-checks-before-we-v.patch) +PATCHURL+=(/src/mariux/patches/linux-0001-net-better-skb-sender_cpu-and-skb-napi_id-cohabitati.patch) + +# EXCLUDE="" + +#CONFIG= + +KERNELLOCAL=".mx64.${PKGREVISION}" +FULLKERNELVERSION="${KERNELVERSION}${KERNELLOCAL}" + +B=${S} + +mee_patch() { + echo "PATCH $@" + bee_patch $@ +} + +mee_configure() { + echo "configure $@" + if [ -e /proc/config.gz ] ; then + zcat /proc/config.gz >config-current + RUNNING=config-current + else + RUNNING=/boot/config-$(uname -r) + fi + + : ${CONFIG:=${RUNNING}} + + if [ ! -e ${CONFIG} ] ; then + echo "can't find config '${CONFIG}'" + exit 1 + fi + + cp -v ${CONFIG} .config + + LOCALVERSION="\"${KERNELLOCAL}\"" + sed -i -e "s@CONFIG_LOCALVERSION=.*@CONFIG_LOCALVERSION=${LOCALVERSION}@" .config + + echo "doing make -C ${S} olddefconfig in ${PWD} .." + + make olddefconfig + + echo "doing make -C ${S} menuconfig in ${PWD} .." + + make menuconfig +} + +mee_build() { + echo "build $@" + make ${BEE_MAKEFLAGS} +} + +mee_install() { + echo "install $@" + + make modules_install INSTALL_MOD_PATH=${D} + make install INSTALL_PATH=${D}/boot +# make firmware_install INSTALL_MOD_PATH=${D} + + rm -v ${D}/lib/modules/${FULLKERNELVERSION}/{source,build} + + ln -sv /usr/src/linux/${PKGALLPKG}/source ${D}/lib/modules/${FULLKERNELVERSION}/source + ln -sv /usr/src/linux/${PKGALLPKG}/build ${D}/lib/modules/${FULLKERNELVERSION}/build + + ln -sv bzImage-${FULLKERNELVERSION} ${D}/boot/mariux.${PKGREVISION} +} + From 878f99d80235c53794cc262921c85116ecd668f1 Mon Sep 17 00:00:00 2001 From: Paul Menzel Date: Mon, 27 Jun 2016 14:38:36 +0200 Subject: [PATCH 2/3] linux-4.4.14: Strip trailing whitespace Run the command `StripWhitespace` from *Vim Better Whitespace Plugin* [1]. [1] https://github.com/ntpeters/vim-better-whitespace --- linux-4.4.14-90.bee | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/linux-4.4.14-90.bee b/linux-4.4.14-90.bee index ba3ec5485..0f13fee15 100755 --- a/linux-4.4.14-90.bee +++ b/linux-4.4.14-90.bee @@ -38,25 +38,25 @@ mee_configure() { else RUNNING=/boot/config-$(uname -r) fi - + : ${CONFIG:=${RUNNING}} - + if [ ! -e ${CONFIG} ] ; then echo "can't find config '${CONFIG}'" exit 1 fi - + cp -v ${CONFIG} .config - + LOCALVERSION="\"${KERNELLOCAL}\"" sed -i -e "s@CONFIG_LOCALVERSION=.*@CONFIG_LOCALVERSION=${LOCALVERSION}@" .config echo "doing make -C ${S} olddefconfig in ${PWD} .." make olddefconfig - + echo "doing make -C ${S} menuconfig in ${PWD} .." - + make menuconfig } @@ -71,12 +71,12 @@ mee_install() { make modules_install INSTALL_MOD_PATH=${D} make install INSTALL_PATH=${D}/boot # make firmware_install INSTALL_MOD_PATH=${D} - + rm -v ${D}/lib/modules/${FULLKERNELVERSION}/{source,build} - - ln -sv /usr/src/linux/${PKGALLPKG}/source ${D}/lib/modules/${FULLKERNELVERSION}/source + + ln -sv /usr/src/linux/${PKGALLPKG}/source ${D}/lib/modules/${FULLKERNELVERSION}/source ln -sv /usr/src/linux/${PKGALLPKG}/build ${D}/lib/modules/${FULLKERNELVERSION}/build - + ln -sv bzImage-${FULLKERNELVERSION} ${D}/boot/mariux.${PKGREVISION} } From a1c26fc285dcea05cb08229e33edd8218b8ce2f5 Mon Sep 17 00:00:00 2001 From: Paul Menzel Date: Mon, 27 Jun 2016 18:10:43 +0200 Subject: [PATCH 3/3] nvidia_linux: Add version 4.4.14 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adapt, Donald’s script, and run it, to build the modules for Linux 4.4.14. ``` $ sudo ./build-nvidia.pl `` --- nvidia_linux-4.4.14-90-340.96-0.bee | 88 +++++++++++++++++++++++++++++ nvidia_linux-4.4.14-90-352.79-0.bee | 88 +++++++++++++++++++++++++++++ 2 files changed, 176 insertions(+) create mode 100755 nvidia_linux-4.4.14-90-340.96-0.bee create mode 100755 nvidia_linux-4.4.14-90-352.79-0.bee diff --git a/nvidia_linux-4.4.14-90-340.96-0.bee b/nvidia_linux-4.4.14-90-340.96-0.bee new file mode 100755 index 000000000..a1efa971c --- /dev/null +++ b/nvidia_linux-4.4.14-90-340.96-0.bee @@ -0,0 +1,88 @@ +#!/bin/env beesh + +# calculate package extra versions and legacy level +# - use extraversions to define nvidia extraversion and/or legacy level +# - legacy level should be the last part of extraversion +# - legacy level 2 to 5 will be calculated from version number.. + +mxnvversion=${PKGEXTRAVERSION##*_} +: ${mxnvversion=current} + +nvextraversion="${PKGEXTRAVERSION_DASH}" + +if [ "${mxnvversion:0:6}" = "legacy" -o "${mxnvversion}" = "current" ] ; then + nvextraversion="${nvextraversion%_*}" + nvextraversion="${nvextraversion#-${mxnvversion}}" +else + if [ "${PKGVERSION:0:4}" = "340." ] ; then + mxnvversion="legacy5" + elif [ "${PKGVERSION:0:4}" = "304." ] ; then + mxnvversion="legacy4" + elif [ "${PKGVERSION:0:7}" = "173.14." ] ; then + mxnvversion="legacy3" + elif [ "${PKGVERSION:0:6}" = "96.43." ] ; then + mxnvversion="legacy2" + else + mxnvversion="current" + fi +fi + +print_info "calculated mxnvversion = '${mxnvversion}'" +print_info "calculated nvextraversion = '${nvextraversion}'" + +NVIDIA_ARCHIVE="NVIDIA-Linux-x86_64-${PKGVERSION}${nvextraversion}.run" + +SRCURL[0]="ftp://download.nvidia.com/XFree86/Linux-x86_64/${PKGVERSION}/${NVIDIA_ARCHIVE}" +#PATCHURL+=('/src/mariux/patches/nvidia-linux-readcr4_writecr4.patch') + +LINUXPKG=${PKGEXTRANAME}.${ARCH} + +LINUXKLOCALVER=$(beeversion --format "%v.mx64.%r" "${LINUXPKG}") + +# '4.4.mx64.75' to '4.4.0.mx64.75' +if [[ $LINUXKLOCALVER =~ ^([0-9]+\.[0-9]+)(\.mx64.*) ]]; then + LINUXKLOCALVER="${BASH_REMATCH[1]}.0${BASH_REMATCH[2]}" +fi + + +build_in_sourcedir +sourcesubdir_append kernel + +: ${BEE_TMP_TMPDIR:=/tmp} + +mee_extract() { + LINUXBUILDARCHIVE="${BEE_BUILDARCHIVEDIR}/${LINUXPKG}.beebuild.tar.bz2" + + print_info "extracting nvidia archive .." + + start_cmd rmdir ${S} + start_cmd sh ${F}/${NVIDIA_ARCHIVE} -x --target ${S} + + if [ -d "/usr/src/linux/${LINUXPKG}/source" ] ; then + LINUXSRCDIR="/usr/src/linux/${LINUXPKG}/source" + elif [ -d "${BEE_TMP_TMPDIR}/${LINUXPKG}/source" ] ; then + LINUXSRCDIR="${BEE_TMP_TMPDIR}/${LINUXPKG}/source" + else + print_info "extracting linux build ${LINUXPKG} .." + start_cmd gtar -xf "${LINUXBUILDARCHIVE}" -C ${BEE_TMP_TMPDIR} + LINUXSRCDIR="${BEE_TMP_TMPDIR}/${LINUXPKG}/source" + fi + + print_info "using kernel sources from ${LINUXSRCDIR} .." +} + +mee_build_pre() { + ln -s ${LINUXSRCDIR}/include ${S}/include +} + +mee_build() { + start_cmd make SYSSRC=${LINUXSRCDIR} module +} + +mee_install() { + mkdir -pv ${D}${DATAROOTDIR}/nvidia/kernel/${LINUXKLOCALVER}/${PKGVERSION} + + cp -v *.ko ${D}${DATAROOTDIR}/nvidia/kernel/${LINUXKLOCALVER}/${PKGVERSION}/ + + ln -s ${PKGVERSION} ${D}${DATAROOTDIR}/nvidia/kernel/${LINUXKLOCALVER}/${mxnvversion} +} diff --git a/nvidia_linux-4.4.14-90-352.79-0.bee b/nvidia_linux-4.4.14-90-352.79-0.bee new file mode 100755 index 000000000..a1efa971c --- /dev/null +++ b/nvidia_linux-4.4.14-90-352.79-0.bee @@ -0,0 +1,88 @@ +#!/bin/env beesh + +# calculate package extra versions and legacy level +# - use extraversions to define nvidia extraversion and/or legacy level +# - legacy level should be the last part of extraversion +# - legacy level 2 to 5 will be calculated from version number.. + +mxnvversion=${PKGEXTRAVERSION##*_} +: ${mxnvversion=current} + +nvextraversion="${PKGEXTRAVERSION_DASH}" + +if [ "${mxnvversion:0:6}" = "legacy" -o "${mxnvversion}" = "current" ] ; then + nvextraversion="${nvextraversion%_*}" + nvextraversion="${nvextraversion#-${mxnvversion}}" +else + if [ "${PKGVERSION:0:4}" = "340." ] ; then + mxnvversion="legacy5" + elif [ "${PKGVERSION:0:4}" = "304." ] ; then + mxnvversion="legacy4" + elif [ "${PKGVERSION:0:7}" = "173.14." ] ; then + mxnvversion="legacy3" + elif [ "${PKGVERSION:0:6}" = "96.43." ] ; then + mxnvversion="legacy2" + else + mxnvversion="current" + fi +fi + +print_info "calculated mxnvversion = '${mxnvversion}'" +print_info "calculated nvextraversion = '${nvextraversion}'" + +NVIDIA_ARCHIVE="NVIDIA-Linux-x86_64-${PKGVERSION}${nvextraversion}.run" + +SRCURL[0]="ftp://download.nvidia.com/XFree86/Linux-x86_64/${PKGVERSION}/${NVIDIA_ARCHIVE}" +#PATCHURL+=('/src/mariux/patches/nvidia-linux-readcr4_writecr4.patch') + +LINUXPKG=${PKGEXTRANAME}.${ARCH} + +LINUXKLOCALVER=$(beeversion --format "%v.mx64.%r" "${LINUXPKG}") + +# '4.4.mx64.75' to '4.4.0.mx64.75' +if [[ $LINUXKLOCALVER =~ ^([0-9]+\.[0-9]+)(\.mx64.*) ]]; then + LINUXKLOCALVER="${BASH_REMATCH[1]}.0${BASH_REMATCH[2]}" +fi + + +build_in_sourcedir +sourcesubdir_append kernel + +: ${BEE_TMP_TMPDIR:=/tmp} + +mee_extract() { + LINUXBUILDARCHIVE="${BEE_BUILDARCHIVEDIR}/${LINUXPKG}.beebuild.tar.bz2" + + print_info "extracting nvidia archive .." + + start_cmd rmdir ${S} + start_cmd sh ${F}/${NVIDIA_ARCHIVE} -x --target ${S} + + if [ -d "/usr/src/linux/${LINUXPKG}/source" ] ; then + LINUXSRCDIR="/usr/src/linux/${LINUXPKG}/source" + elif [ -d "${BEE_TMP_TMPDIR}/${LINUXPKG}/source" ] ; then + LINUXSRCDIR="${BEE_TMP_TMPDIR}/${LINUXPKG}/source" + else + print_info "extracting linux build ${LINUXPKG} .." + start_cmd gtar -xf "${LINUXBUILDARCHIVE}" -C ${BEE_TMP_TMPDIR} + LINUXSRCDIR="${BEE_TMP_TMPDIR}/${LINUXPKG}/source" + fi + + print_info "using kernel sources from ${LINUXSRCDIR} .." +} + +mee_build_pre() { + ln -s ${LINUXSRCDIR}/include ${S}/include +} + +mee_build() { + start_cmd make SYSSRC=${LINUXSRCDIR} module +} + +mee_install() { + mkdir -pv ${D}${DATAROOTDIR}/nvidia/kernel/${LINUXKLOCALVER}/${PKGVERSION} + + cp -v *.ko ${D}${DATAROOTDIR}/nvidia/kernel/${LINUXKLOCALVER}/${PKGVERSION}/ + + ln -s ${PKGVERSION} ${D}${DATAROOTDIR}/nvidia/kernel/${LINUXKLOCALVER}/${mxnvversion} +}