diff --git a/debian/changelog b/debian/changelog index 253f022a3..6395327f8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,12 @@ -linux (4.4~rc5-1~exp2) UNRELEASED; urgency=medium +linux (4.4~rc6-1~exp1) UNRELEASED; urgency=medium + * New upstream release candidate + - include/linux/mmdebug.h: should include linux/bug.h + (fixes FTBFS on arm64) + + [ Ben Hutchings ] * [sparc64] udeb: Replace mpt2sas with mpt3sas in scsi-common-modules (fixes FTBFS) - * mm: Fix missing #include in (fixes FTBFS on arm64) -- Ben Hutchings Thu, 17 Dec 2015 04:09:59 +0000 diff --git a/debian/patches/bugfix/all/mm-fix-missing-include-in-linux-mmdebug.h.patch b/debian/patches/bugfix/all/mm-fix-missing-include-in-linux-mmdebug.h.patch deleted file mode 100644 index 2e7a2bcda..000000000 --- a/debian/patches/bugfix/all/mm-fix-missing-include-in-linux-mmdebug.h.patch +++ /dev/null @@ -1,35 +0,0 @@ -From: Ben Hutchings -Date: Sat, 19 Dec 2015 19:10:03 +0000 -Subject: mm: Fix missing #include in -Forwarded: http://mid.gmane.org/20151219203034.GR28542@decadent.org.uk - -The various VM_WARN_ON/VM_BUG_ON macros depend on those defined by -. Most users already include those, but not all; for -example: - - CC arch/arm64/xen/../../arm/xen/grant-table.o -In file included from arch/arm64/include/../../arm/include/asm/xen/page.h:5:0, - from arch/arm64/include/asm/xen/page.h:1, - from include/xen/page.h:28, - from arch/arm64/xen/../../arm/xen/grant-table.c:33: -arch/arm64/include/asm/pgtable.h: In function 'set_pte_at': -arch/arm64/include/asm/pgtable.h:281:3: error: implicit declaration of function 'BUILD_BUG_ON_INVALID' [-Werror=implicit-function-declaration] - VM_WARN_ONCE(!pte_young(pte), - -Signed-off-by: Ben Hutchings ---- - include/linux/mmdebug.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/include/linux/mmdebug.h b/include/linux/mmdebug.h -index 877ef22..772362a 100644 ---- a/include/linux/mmdebug.h -+++ b/include/linux/mmdebug.h -@@ -1,6 +1,7 @@ - #ifndef LINUX_MM_DEBUG_H - #define LINUX_MM_DEBUG_H 1 - -+#include - #include - - struct page; diff --git a/debian/patches/bugfix/all/net-add-validation-for-the-socket-syscall-protocol.patch b/debian/patches/bugfix/all/net-add-validation-for-the-socket-syscall-protocol.patch deleted file mode 100644 index 10e6b65cb..000000000 --- a/debian/patches/bugfix/all/net-add-validation-for-the-socket-syscall-protocol.patch +++ /dev/null @@ -1,82 +0,0 @@ -From: Hannes Frederic Sowa -Subject: net: add validation for the socket syscall protocol argument -Date: Mon, 14 Dec 2015 17:17:49 +0100 -Origin: http://article.gmane.org/gmane.linux.network/391482 - -郭永刚 reported that one could simply crash the kernel as root by -using a simple program: - - int socket_fd; - struct sockaddr_in addr; - addr.sin_port = 0; - addr.sin_addr.s_addr = INADDR_ANY; - addr.sin_family = 10; - - socket_fd = socket(10,3,0x40000000); - connect(socket_fd , &addr,16); - -AF_INET, AF_INET6 sockets actually only support 8-bit protocol -identifiers. inet_sock's skc_protocol field thus is sized accordingly, -thus larger protocol identifiers simply cut off the higher bits and -store a zero in the protocol fields. - -This could lead to e.g. NULL function pointer because as a result of -the cut off inet_num is zero and we call down to inet_autobind, which -is NULL for raw sockets. - -kernel: Call Trace: -kernel: [] ? inet_autobind+0x2e/0x70 -kernel: [] inet_dgram_connect+0x54/0x80 -kernel: [] SYSC_connect+0xd9/0x110 -kernel: [] ? ptrace_notify+0x5b/0x80 -kernel: [] ? syscall_trace_enter_phase2+0x108/0x200 -kernel: [] SyS_connect+0xe/0x10 -kernel: [] tracesys_phase2+0x84/0x89 - -I found no particular commit which introduced this problem. - -CVE: CVE-2015-8543 -Reported-by: 郭永刚 -Signed-off-by: Hannes Frederic Sowa ---- - net/ipv4/af_inet.c | 3 +++ - net/ipv6/af_inet6.c | 3 +++ - net/socket.c | 3 +++ - 3 files changed, 9 insertions(+) - ---- a/net/ipv4/af_inet.c -+++ b/net/ipv4/af_inet.c -@@ -261,6 +261,9 @@ static int inet_create(struct net *net, - int try_loading_module = 0; - int err; - -+ if (protocol >= IPPROTO_MAX) -+ return -EINVAL; -+ - sock->state = SS_UNCONNECTED; - - /* Look for the requested type/protocol pair. */ ---- a/net/ipv6/af_inet6.c -+++ b/net/ipv6/af_inet6.c -@@ -109,6 +109,9 @@ static int inet6_create(struct net *net, - int try_loading_module = 0; - int err; - -+ if (protocol >= IPPROTO_MAX) -+ return -EINVAL; -+ - /* Look for the requested type/protocol pair. */ - lookup_protocol: - err = -ESOCKTNOSUPPORT; ---- a/net/socket.c -+++ b/net/socket.c -@@ -1105,6 +1105,9 @@ int __sock_create(struct net *net, int f - return -EAFNOSUPPORT; - if (type < 0 || type >= SOCK_MAX) - return -EINVAL; -+ /* upper bound should be tested by per-protocol .create callbacks */ -+ if (protocol < 0) -+ return -EINVAL; - - /* Compatibility. - diff --git a/debian/patches/series b/debian/patches/series index 2b983d404..3c0719578 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -67,5 +67,3 @@ features/all/grsecurity/grkernsec_perf_harden.patch bugfix/all/usbvision-fix-overflow-of-interfaces-array.patch bugfix/all/media-usbvision-fix-crash-on-detecting-device-with-i.patch bugfix/x86/drm-i915-shut-up-gen8-sde-irq-dmesg-noise.patch -bugfix/all/net-add-validation-for-the-socket-syscall-protocol.patch -bugfix/all/mm-fix-missing-include-in-linux-mmdebug.h.patch