# HG changeset patch
# User Pascal Bellard <pascal.bellard@slitaz.org>
# Date 1387453104 0
# Node ID 8aa134add845551c1100b050d2416f9f5417c6ba
# Parent  76e02aa1ee77ebd1c0cbcd96c20873b32b7095af
linux: add CVE-2013-2929 fix

diff -r 76e02aa1ee77 -r 8aa134add845 linux-kvm/receipt
--- a/linux-kvm/receipt	Thu Dec 19 00:21:19 2013 +0100
+++ b/linux-kvm/receipt	Thu Dec 19 11:38:24 2013 +0000
@@ -21,6 +21,7 @@
     export _pkg
     $wanted_stuff/list_modules.sh arch/x86/kvm drivers/virtio drivers/lguest \
     drivers/char/hw_random/virtio-rng.ko.xz \
+    drivers/char/virtio_console.ko.xz \
     drivers/net/virtio_net.ko.xz drivers/block/virtio_blk.ko.xz | \
     while read module; do
     	dir=$path/$(dirname $module)
diff -r 76e02aa1ee77 -r 8aa134add845 linux/receipt
--- a/linux/receipt	Thu Dec 19 00:21:19 2013 +0100
+++ b/linux/receipt	Thu Dec 19 11:38:24 2013 +0000
@@ -135,6 +135,7 @@
 $PACKAGE-header.u
 $PACKAGE-freeinitrd.u
 $PACKAGE-subroot.u
+$PACKAGE-CVE-2013-2929.u
 aufs3-base.patch
 aufs3-standalone.patch
 aufs3-loopback.patch
diff -r 76e02aa1ee77 -r 8aa134add845 linux/stuff/linux-CVE-2013-2929.u
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/linux/stuff/linux-CVE-2013-2929.u	Thu Dec 19 11:38:24 2013 +0000
@@ -0,0 +1,47 @@
+https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=4004afd5f51ad0a86be405522b1ecf28ba66f4e5
+--- linux-3.2.53/arch/ia64/include/asm/processor.h
++++ linux-3.2.53/arch/ia64/include/asm/processor.h
+@@ -320,7 +320,7 @@
+ 	regs->loadrs = 0;									\
+ 	regs->r8 = get_dumpable(current->mm);	/* set "don't zap registers" flag */		\
+ 	regs->r12 = new_sp - 16;	/* allocate 16 byte scratch area */			\
+-	if (unlikely(!get_dumpable(current->mm))) {							\
++	if (unlikely(get_dumpable(current->mm) != SUID_DUMP_USER)) {							\
+ 		/*										\
+ 		 * Zap scratch regs to avoid leaking bits between processes with different	\
+ 		 * uid/privileges.								\
+--- linux-3.2.53/include/linux/binfmts.h
++++ linux-3.2.53/include/linux/binfmts.h
+@@ -112,9 +112,6 @@
+ extern void would_dump(struct linux_binprm *, struct file *);
+ 
+ extern int suid_dumpable;
+-#define SUID_DUMP_DISABLE	0	/* No setuid dumping */
+-#define SUID_DUMP_USER		1	/* Dump as user of process */
+-#define SUID_DUMP_ROOT		2	/* Dump as root */
+ 
+ /* Stack area protections */
+ #define EXSTACK_DEFAULT   0	/* Whatever the arch defaults to */
+--- linux-3.2.53/include/linux/sched.h
++++ linux-3.2.53/include/linux/sched.h
+@@ -402,6 +402,9 @@
+ 
+ extern void set_dumpable(struct mm_struct *mm, int value);
+ extern int get_dumpable(struct mm_struct *mm);
++#define SUID_DUMP_DISABLE	0	/* No setuid dumping */
++#define SUID_DUMP_USER		1	/* Dump as user of process */
++#define SUID_DUMP_ROOT		2	/* Dump as root */
+ 
+ /* mm flags */
+ /* dumpable bits */
+--- linux-3.2.53/kernel/ptrace.c
++++ linux-3.2.53/kernel/ptrace.c
+@@ -246,7 +246,7 @@
+ 	smp_rmb();
+ 	if (task->mm)
+ 		dumpable = get_dumpable(task->mm);
+-	if (!dumpable && !task_ns_capable(task, CAP_SYS_PTRACE))
++	if (dumpable != SUID_DUMP_USER && !task_ns_capable(task, CAP_SYS_PTRACE))
+ 		return -EPERM;
+ 
+ 	return security_ptrace_access_check(task, mode);
diff -r 76e02aa1ee77 -r 8aa134add845 linux/stuff/linux-subroot.u2
--- a/linux/stuff/linux-subroot.u2	Thu Dec 19 00:21:19 2013 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,61 +0,0 @@
-Allow to boot on any directories in a filesystem. You will be able to :
-- have several distributions in one partition
-- use effectively the disk space between several distributions
-- deduplicate files across several distributions
-
-The bad news : you can't remount /
-
-example: bzImage rw root=/dev/sda1:/var/os/slitaz-4.0 screen=1024x768x24
-
-Signed-off-by: Pascal Bellard <pascal.bellard@slitaz.org>
---- linux-3.2.40/Documentation/kernel-parameters.txt
-+++ linux-3.2.40/Documentation/kernel-parameters.txt
-@@ -2304,8 +2304,9 @@
- 
- 	ro		[KNL] Mount root device read-only on boot
- 
--	root=		[KNL] Root filesystem
-+	root=		[KNL] Root filesystem and root directory
- 			See name_to_dev_t comment in init/do_mounts.c.
-+			Format: <root_filesystem>[:root_directory]
- 
- 	rootdelay=	[KNL] Delay (in seconds) to pause before attempting to
- 			mount the root filesystem
---- linux-3.2.40/init/do_mounts.c
-+++ linux-3.2.40/init/do_mounts.c
-@@ -28,6 +28,7 @@
- int root_mountflags = MS_RDONLY | MS_SILENT;
- static char * __initdata root_device_name;
- static char __initdata saved_root_name[64];
-+static char __initdata saved_root_directory[256];
- static int root_wait;
- 
- dev_t ROOT_DEV;
-@@ -255,7 +256,20 @@
- 
- static int __init root_dev_setup(char *line)
- {
-+	char *s;
-+
-+	strcpy(saved_root_directory, ".");
- 	strlcpy(saved_root_name, line, sizeof(saved_root_name));
-+	s = strchr(saved_root_name, ':');
-+	if (s) {
-+		*s = '\0';
-+		s = strchr(line, ':') + 1;
-+		while (*s == '/')
-+			s++;
-+		if (*s)
-+			strlcpy(saved_root_directory, s,
-+				sizeof(saved_root_directory));
-+	}
- 	return 1;
- }
- 
-@@ -554,5 +568,5 @@
- out:
- 	devtmpfs_mount("dev");
- 	sys_mount(".", "/", NULL, MS_MOVE, NULL);
--	sys_chroot((const char __user __force *)".");
-+	sys_chroot((const char __user __force *)saved_root_directory);
- }