summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.SRCINFO24
-rw-r--r--CVE-2016-0728.patch78
-rw-r--r--PKGBUILD17
3 files changed, 102 insertions, 17 deletions
diff --git a/.SRCINFO b/.SRCINFO
index da7121b..f997493 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
# Generated by makepkg 4.2.1
-# Sun Nov 15 11:52:27 UTC 2015
+# Sun Jan 24 11:49:22 UTC 2016
pkgbase = linux-rt-lts
- pkgver = 3.18.24_rt22
+ pkgver = 3.18.25_rt23
pkgrel = 1
url = http://www.kernel.org/
arch = i686
@@ -15,26 +15,28 @@ pkgbase = linux-rt-lts
options = !strip
source = https://www.kernel.org/pub/linux/kernel/v3.x/linux-3.18.tar.xz
source = https://www.kernel.org/pub/linux/kernel/v3.x/linux-3.18.tar.sign
- source = https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.18.24.xz
- source = https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.18.24.sign
- source = https://www.kernel.org/pub/linux/kernel/projects/rt/3.18/patch-3.18.24-rt22.patch.xz
- source = https://www.kernel.org/pub/linux/kernel/projects/rt/3.18/patch-3.18.24-rt22.patch.sign
+ source = https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.18.25.xz
+ source = https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.18.25.sign
+ source = https://www.kernel.org/pub/linux/kernel/projects/rt/3.18/patch-3.18.25-rt23.patch.xz
+ source = https://www.kernel.org/pub/linux/kernel/projects/rt/3.18/patch-3.18.25-rt23.patch.sign
source = config
source = config.x86_64
source = linux-rt-lts.preset
source = change-default-console-loglevel.patch
source = fix-race-in-PRT-wait-for-completion-simple-wait-code_Nvidia-RT.patch
+ source = CVE-2016-0728.patch
sha256sums = becc413cc9e6d7f5cc52a3ce66d65c3725bc1d1cc1001f4ce6c32b69eb188cbd
sha256sums = SKIP
- sha256sums = d0397cacc44b9097b0ed03e824453d59d709f11095b40d02ad6e34247086b347
+ sha256sums = 78df9b97449715fa4e39158fc27fadbdbb50eab04ac29d1374a95bebaf7adfbf
sha256sums = SKIP
- sha256sums = 4f79a003202a81d16704e68c5545bf40414ba614771fa56716f02417e0fb3c0d
+ sha256sums = f8d608e2237b5da7354d5fafc88644a9736c1ae0a303fc64f360bcb69c78c93d
sha256sums = SKIP
sha256sums = 3c876bd83489e56e62629fc09ce85391bef5ef94cb2feab7751841c221c000c6
sha256sums = 49202f4733bd9de254083a85d0a17390f78e68fc6e4bea9e91bfce7e8167349e
sha256sums = a8886f2c9896f81f59cf0413b3e380cda2fbdc667eb9ce8dfcb0fceb6d92279f
sha256sums = 1256b241cd477b265a3c2d64bdc19ffe3c9bbcee82ea3994c590c2c76e767d99
sha256sums = 7a42d16108eb9a8eacadef3603527fa1beab857cc4db3bd228858488fb1f3fda
+ sha256sums = 03bed5b1c6ef34a917e218a46d38cd1347c5ab5693131996113c6cad275dc4e9
pkgname = linux-rt-lts
pkgdesc = The Linux-rt-lts kernel and modules
@@ -44,20 +46,20 @@ pkgname = linux-rt-lts
depends = kmod
depends = mkinitcpio>=0.7
optdepends = crda: to set the correct wireless channels of your country
- provides = kernel26-rt-lts=3.18.24
+ provides = kernel26-rt-lts=3.18.25
conflicts = kernel26-rt-lts
replaces = kernel26-rt-lts
backup = etc/mkinitcpio.d/linux-rt-lts.preset
pkgname = linux-rt-lts-headers
pkgdesc = Header files and scripts for building modules for Linux-rt-lts kernel
- provides = kernel26-rt-lts-headers=3.18.24
+ provides = kernel26-rt-lts-headers=3.18.25
conflicts = kernel26-rt-lts-headers
replaces = kernel26-rt-lts-headers
pkgname = linux-rt-lts-docs
pkgdesc = Kernel hackers manual - HTML documentation that comes with the Linux-rt-lts kernel
- provides = kernel26-rt-lts-docs=3.18.24
+ provides = kernel26-rt-lts-docs=3.18.25
conflicts = kernel26-rt-lts-docs
replaces = kernel26-rt-lts-docs
diff --git a/CVE-2016-0728.patch b/CVE-2016-0728.patch
new file mode 100644
index 0000000..e915d82
--- /dev/null
+++ b/CVE-2016-0728.patch
@@ -0,0 +1,78 @@
+From 23567fd052a9abb6d67fe8e7a9ccdd9800a540f2 Mon Sep 17 00:00:00 2001
+From: Yevgeny Pats <yevgeny@perception-point.io>
+Date: Tue, 19 Jan 2016 22:09:04 +0000
+Subject: [PATCH] KEYS: Fix keyring ref leak in join_session_keyring()
+
+This fixes CVE-2016-0728.
+
+If a thread is asked to join as a session keyring the keyring that's already
+set as its session, we leak a keyring reference.
+
+This can be tested with the following program:
+
+ #include <stddef.h>
+ #include <stdio.h>
+ #include <sys/types.h>
+ #include <keyutils.h>
+
+ int main(int argc, const char *argv[])
+ {
+ int i = 0;
+ key_serial_t serial;
+
+ serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING,
+ "leaked-keyring");
+ if (serial < 0) {
+ perror("keyctl");
+ return -1;
+ }
+
+ if (keyctl(KEYCTL_SETPERM, serial,
+ KEY_POS_ALL | KEY_USR_ALL) < 0) {
+ perror("keyctl");
+ return -1;
+ }
+
+ for (i = 0; i < 100; i++) {
+ serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING,
+ "leaked-keyring");
+ if (serial < 0) {
+ perror("keyctl");
+ return -1;
+ }
+ }
+
+ return 0;
+ }
+
+If, after the program has run, there something like the following line in
+/proc/keys:
+
+3f3d898f I--Q--- 100 perm 3f3f0000 0 0 keyring leaked-keyring: empty
+
+with a usage count of 100 * the number of times the program has been run,
+then the kernel is malfunctioning. If leaked-keyring has zero usages or
+has been garbage collected, then the problem is fixed.
+
+Reported-by: Yevgeny Pats <yevgeny@perception-point.io>
+Signed-off-by: David Howells <dhowells@redhat.com>
+Acked-by: Don Zickus <dzickus@redhat.com>
+Acked-by: Prarit Bhargava <prarit@redhat.com>
+Acked-by: Jarod Wilson <jarod@redhat.com>
+Signed-off-by: James Morris <james.l.morris@oracle.com>
+---
+ security/keys/process_keys.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
+index a3f85d2a..e6d50172 100644
+--- a/security/keys/process_keys.c
++++ b/security/keys/process_keys.c
+@@ -794,6 +794,7 @@ long join_session_keyring(const char *name)
+ ret = PTR_ERR(keyring);
+ goto error2;
+ } else if (keyring == new->session_keyring) {
++ key_put(keyring);
+ ret = 0;
+ goto error2;
+ }
diff --git a/PKGBUILD b/PKGBUILD
index 383fc7c..1dbe26d 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -8,8 +8,8 @@
#pkgbase=linux # Build stock -ARCH kernel
pkgbase=linux-rt-lts # Build kernel with a different name
_srcname=linux-3.18
-_pkgver=3.18.24
-_rtpatchver=rt22
+_pkgver=3.18.25
+_rtpatchver=rt23
pkgver=${_pkgver}_${_rtpatchver}
pkgrel=1
arch=('i686' 'x86_64')
@@ -26,19 +26,21 @@ source=("https://www.kernel.org/pub/linux/kernel/v3.x/${_srcname}.tar."{xz,sign}
# standard config files for mkinitcpio ramdisk
"${pkgbase}.preset"
'change-default-console-loglevel.patch'
- 'fix-race-in-PRT-wait-for-completion-simple-wait-code_Nvidia-RT.patch')
+ 'fix-race-in-PRT-wait-for-completion-simple-wait-code_Nvidia-RT.patch'
+ 'CVE-2016-0728.patch')
sha256sums=('becc413cc9e6d7f5cc52a3ce66d65c3725bc1d1cc1001f4ce6c32b69eb188cbd'
'SKIP'
- 'd0397cacc44b9097b0ed03e824453d59d709f11095b40d02ad6e34247086b347'
+ '78df9b97449715fa4e39158fc27fadbdbb50eab04ac29d1374a95bebaf7adfbf'
'SKIP'
- '4f79a003202a81d16704e68c5545bf40414ba614771fa56716f02417e0fb3c0d'
+ 'f8d608e2237b5da7354d5fafc88644a9736c1ae0a303fc64f360bcb69c78c93d'
'SKIP'
'3c876bd83489e56e62629fc09ce85391bef5ef94cb2feab7751841c221c000c6'
'49202f4733bd9de254083a85d0a17390f78e68fc6e4bea9e91bfce7e8167349e'
'a8886f2c9896f81f59cf0413b3e380cda2fbdc667eb9ce8dfcb0fceb6d92279f'
'1256b241cd477b265a3c2d64bdc19ffe3c9bbcee82ea3994c590c2c76e767d99'
- '7a42d16108eb9a8eacadef3603527fa1beab857cc4db3bd228858488fb1f3fda')
+ '7a42d16108eb9a8eacadef3603527fa1beab857cc4db3bd228858488fb1f3fda'
+ '03bed5b1c6ef34a917e218a46d38cd1347c5ab5693131996113c6cad275dc4e9')
validpgpkeys=('ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds
'647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman
@@ -70,6 +72,9 @@ prepare() {
# Stops X from hanging on certain NVIDIA cards
msg "fix-race-in-PRT-wait-for-completion-simple-wait-code_Nvidia-RT.patch"
patch -p1 -i "${srcdir}/fix-race-in-PRT-wait-for-completion-simple-wait-code_Nvidia-RT.patch"
+
+ msg "CVE-2016-0728.patch"
+ patch -p1 -i "${srcdir}/CVE-2016-0728.patch"
msg "All patches have successfully been applied"