diff --git a/trunk/PKGBUILD b/trunk/PKGBUILD index c70cd95..bc32aee 100644 --- a/trunk/PKGBUILD +++ b/trunk/PKGBUILD @@ -24,6 +24,8 @@ source=( 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch 0001-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch 0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch + 2-2-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_state_find..diff::https://patchwork.ozlabs.org/patch/838470/raw + 4-8-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-lookup..diff::https://patchwork.ozlabs.org/patch/852277/raw ) validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds @@ -39,7 +41,9 @@ sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7' 'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65' '37b86ca3de148a34258e3176dbf41488d9dbd19e93adbd22a062b3c41332ce85' 'c6e7db7dfd6a07e1fd0e20c3a5f0f315f9c2a366fe42214918b756f9a1c9bfa3' - '1d69940c6bf1731fa1d1da29b32ec4f594fa360118fe7b128c9810285ebf13e2') + '1d69940c6bf1731fa1d1da29b32ec4f594fa360118fe7b128c9810285ebf13e2' + '46a85ae78d43fcc64c88b1ea3655ac5419246c2a058a5320a151c41fd47ef2aa' + '44ad0a8503b1b47a2d9d93e4752a5b7e169ef40acb04638c18a2e6664e5345b5') _kernelname=${pkgbase#linux} @@ -63,6 +67,9 @@ prepare() { # https://nvd.nist.gov/vuln/detail/CVE-2017-8824 patch -Np1 -i ../0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch + patch -p1 -i "${srcdir}/2-2-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_state_find..diff" + patch -p1 -i "${srcdir}/4-8-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-lookup..diff" + cp -Tf ../config .config if [ "${_kernelname}" != "" ]; then