From fc93b8247610630bbe779cba2d80fdc983fb0dc5 Mon Sep 17 00:00:00 2001 From: Paul Menzel Date: Mon, 27 Jun 2016 14:12:38 +0200 Subject: [PATCH] linux: Add new version 4.4.14 The new Linux kernel release fixes the security issues below [1]. 1. CVE-2016-4997: Corrupted offset allows for arbitrary decrements in compat IPT_SO_SET_REPLACE setsockopt 2. CVE-2016-4998: Out of bounds reads when processing IPT_SO_SET_REPLACE setsockopt From Softpedia [2]: > According to the appended shortlog and the diff from the previous > maintenance update, Linux kernel 4.4.14 LTS adds multiple changes to > the SPARC support, along with various small fixes for other hardware > architectures, including s390, ARM64 (AArch64), PowerPC (PPC), MIPS, > ARM, and x86. Moreover, the networking stack has received various > improvements to the IPv4 and IPv6 protocols, as well as things like > L2TP, Netfilter, Netlink, Open vSwitch, TIPC, Wireless, and switchdev. > > KVM (Kernel-based Virtual Machine) full virtualization solution for > Linux and Intel HDA sound support have been improved as well in Linux > kernel 4.4.14 LTS, along with a few updated drivers, in particular > networking ones (Ethernet, TUN, VXLAN, etc.), but also general-purpose > input/output (GPIO), crypto, PINCTRL, and SCSI drivers. All users of a > GNU/Linux operating system powered by a kernel from the Linux 4.4 LTS > series are urged to update to Linux kernel 4.4.14 LTS as soon as > possible. Also, select `RTC_DRV_CMOS` and `CONFIG_HPET`. The first option is needed, to get `/dev/rtc0`. ``` --- /boot/config-4.4.13.mx64.89 2016-06-17 09:58:30.000000000 +0200 +++ /dev/shm/linux-4.4.14.config 2016-06-27 17:36:14.584655167 +0200 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.4.13 Kernel Configuration +# Linux/x86 4.4.14 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -50,7 +50,7 @@ CONFIG_INIT_ENV_ARG_LIMIT=32 CONFIG_CROSS_COMPILE="" # CONFIG_COMPILE_TEST is not set -CONFIG_LOCALVERSION=".mx64.89" +CONFIG_LOCALVERSION=".mx64.90" CONFIG_LOCALVERSION_AUTO=y CONFIG_HAVE_KERNEL_GZIP=y CONFIG_HAVE_KERNEL_BZIP2=y @@ -398,6 +398,7 @@ CONFIG_CPU_SUP_AMD=y CONFIG_CPU_SUP_CENTAUR=y CONFIG_HPET_TIMER=y +CONFIG_HPET_EMULATE_RTC=y CONFIG_DMI=y CONFIG_GART_IOMMU=y # CONFIG_CALGARY_IOMMU is not set @@ -2146,7 +2147,9 @@ # CONFIG_APPLICOM is not set # CONFIG_MWAVE is not set # CONFIG_RAW_DRIVER is not set -# CONFIG_HPET is not set +CONFIG_HPET=y +CONFIG_HPET_MMAP=y +CONFIG_HPET_MMAP_DEFAULT=y # CONFIG_HANGCHECK_TIMER is not set # CONFIG_TCG_TPM is not set # CONFIG_TELCLOCK is not set @@ -3217,7 +3220,83 @@ CONFIG_EDAC_I5100=y CONFIG_EDAC_I7300=y CONFIG_RTC_LIB=y -# CONFIG_RTC_CLASS is not set +CONFIG_RTC_CLASS=y +CONFIG_RTC_HCTOSYS=y +CONFIG_RTC_HCTOSYS_DEVICE="rtc0" +CONFIG_RTC_SYSTOHC=y +CONFIG_RTC_SYSTOHC_DEVICE="rtc0" +# CONFIG_RTC_DEBUG is not set + +# +# RTC interfaces +# +CONFIG_RTC_INTF_SYSFS=y +# CONFIG_RTC_INTF_PROC is not set +CONFIG_RTC_INTF_DEV=y +# CONFIG_RTC_INTF_DEV_UIE_EMUL is not set +# CONFIG_RTC_DRV_TEST is not set + +# +# I2C RTC drivers +# +# CONFIG_RTC_DRV_ABB5ZES3 is not set +# CONFIG_RTC_DRV_ABX80X is not set +# CONFIG_RTC_DRV_DS1307 is not set +# CONFIG_RTC_DRV_DS1374 is not set +# CONFIG_RTC_DRV_DS1672 is not set +# CONFIG_RTC_DRV_DS3232 is not set +# CONFIG_RTC_DRV_MAX6900 is not set +# CONFIG_RTC_DRV_RS5C372 is not set +# CONFIG_RTC_DRV_ISL1208 is not set +# CONFIG_RTC_DRV_ISL12022 is not set +# CONFIG_RTC_DRV_ISL12057 is not set +# CONFIG_RTC_DRV_X1205 is not set +# CONFIG_RTC_DRV_PCF2127 is not set +# CONFIG_RTC_DRV_PCF8523 is not set +# CONFIG_RTC_DRV_PCF8563 is not set +# CONFIG_RTC_DRV_PCF85063 is not set +# CONFIG_RTC_DRV_PCF8583 is not set +# CONFIG_RTC_DRV_M41T80 is not set +# CONFIG_RTC_DRV_BQ32K is not set +# CONFIG_RTC_DRV_S35390A is not set +# CONFIG_RTC_DRV_FM3130 is not set +# CONFIG_RTC_DRV_RX8581 is not set +# CONFIG_RTC_DRV_RX8025 is not set +# CONFIG_RTC_DRV_EM3027 is not set +# CONFIG_RTC_DRV_RV3029C2 is not set +# CONFIG_RTC_DRV_RV8803 is not set + +# +# SPI RTC drivers +# + +# +# Platform RTC drivers +# +CONFIG_RTC_DRV_CMOS=y +# CONFIG_RTC_DRV_DS1286 is not set +# CONFIG_RTC_DRV_DS1511 is not set +# CONFIG_RTC_DRV_DS1553 is not set +# CONFIG_RTC_DRV_DS1685_FAMILY is not set +# CONFIG_RTC_DRV_DS1742 is not set +# CONFIG_RTC_DRV_DS2404 is not set +# CONFIG_RTC_DRV_STK17TA8 is not set +# CONFIG_RTC_DRV_M48T86 is not set +# CONFIG_RTC_DRV_M48T35 is not set +# CONFIG_RTC_DRV_M48T59 is not set +# CONFIG_RTC_DRV_MSM6242 is not set +# CONFIG_RTC_DRV_BQ4802 is not set +# CONFIG_RTC_DRV_RP5C01 is not set +# CONFIG_RTC_DRV_V3020 is not set + +# +# on-CPU RTC drivers +# + +# +# HID Sensor RTC drivers +# +# CONFIG_RTC_DRV_HID_SENSOR_TIME is not set # CONFIG_DMADEVICES is not set # CONFIG_AUXDISPLAY is not set # CONFIG_UIO is not set ``` [1] http://www.openwall.com/lists/oss-security/2016/06/24/5 [2] http://news.softpedia.com/news/linux-kernel-4-4-14-lts-brings-networking-improvements-multiple-sparc-changes-505657.shtml "Linux Kernel 4.4.14 LTS Brings Networking Improvements, Multiple SPARC Changes" --- linux-4.4.14-90.bee | 82 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100755 linux-4.4.14-90.bee diff --git a/linux-4.4.14-90.bee b/linux-4.4.14-90.bee new file mode 100755 index 000000000..ba3ec5485 --- /dev/null +++ b/linux-4.4.14-90.bee @@ -0,0 +1,82 @@ +#!/bin/env beesh + +# note: CONFIG=/boot/config-WHATEVER BEE_MAKEFLAGS='-j 40' ./linux-xxx.bee + +KERNELVERSION=${PKGVERSION} +if [ -z "${PKGVERSION[3]}" ] ; then + KERNELVERSION=${KERNELVERSION}.0 +fi + +echo $KERNELVERSION + +SRCURL[0]="http://www.kernel.org/pub/linux/kernel/v${PKGVERSION[1]}.x/linux-${PKGVERSION}.tar.xz" + +# backported to stable # PATCHURL+=(/src/mariux/patches/linux-0001-NFS-Fix-attribute-cache-revalidation.patch) +PATCHURL+=(/src/mariux/patches/linux-0002-NFS-Ensure-we-revalidate-attributes-before-using-exe.patch) +PATCHURL+=(/src/mariux/patches/linux-0003-NFSv4-Don-t-perform-cached-access-checks-before-we-v.patch) +PATCHURL+=(/src/mariux/patches/linux-0001-net-better-skb-sender_cpu-and-skb-napi_id-cohabitati.patch) + +# EXCLUDE="" + +#CONFIG= + +KERNELLOCAL=".mx64.${PKGREVISION}" +FULLKERNELVERSION="${KERNELVERSION}${KERNELLOCAL}" + +B=${S} + +mee_patch() { + echo "PATCH $@" + bee_patch $@ +} + +mee_configure() { + echo "configure $@" + if [ -e /proc/config.gz ] ; then + zcat /proc/config.gz >config-current + RUNNING=config-current + else + RUNNING=/boot/config-$(uname -r) + fi + + : ${CONFIG:=${RUNNING}} + + if [ ! -e ${CONFIG} ] ; then + echo "can't find config '${CONFIG}'" + exit 1 + fi + + cp -v ${CONFIG} .config + + LOCALVERSION="\"${KERNELLOCAL}\"" + sed -i -e "s@CONFIG_LOCALVERSION=.*@CONFIG_LOCALVERSION=${LOCALVERSION}@" .config + + echo "doing make -C ${S} olddefconfig in ${PWD} .." + + make olddefconfig + + echo "doing make -C ${S} menuconfig in ${PWD} .." + + make menuconfig +} + +mee_build() { + echo "build $@" + make ${BEE_MAKEFLAGS} +} + +mee_install() { + echo "install $@" + + make modules_install INSTALL_MOD_PATH=${D} + make install INSTALL_PATH=${D}/boot +# make firmware_install INSTALL_MOD_PATH=${D} + + rm -v ${D}/lib/modules/${FULLKERNELVERSION}/{source,build} + + ln -sv /usr/src/linux/${PKGALLPKG}/source ${D}/lib/modules/${FULLKERNELVERSION}/source + ln -sv /usr/src/linux/${PKGALLPKG}/build ${D}/lib/modules/${FULLKERNELVERSION}/build + + ln -sv bzImage-${FULLKERNELVERSION} ${D}/boot/mariux.${PKGREVISION} +} +