Update to 4.12.11
This commit is contained in:
Salvatore Bonaccorso
parent
9dd4ddef21
commit
68b6e32819
|
|
@ -1,4 +1,4 @@
|
|||
linux (4.12.10-1) UNRELEASED; urgency=medium
|
||||
linux (4.12.11-1) UNRELEASED; urgency=medium
|
||||
|
||||
* New upstream stable update:
|
||||
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.7
|
||||
|
|
@ -195,6 +195,34 @@ linux (4.12.10-1) UNRELEASED; urgency=medium
|
|||
- Clarify (and fix) MAX_LFS_FILESIZE macros
|
||||
- ACPI: EC: Fix regression related to wrong ECDT initialization order
|
||||
- [powerpc*] mm: Ensure cpumask update is ordered
|
||||
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.11
|
||||
- [arm64] mm: abort uaccess retries upon fatal signal
|
||||
- [x86] io: Add "memory" clobber to insb/insw/insl/outsb/outsw/outsl
|
||||
- [mips*] irqchip: mips-gic: SYNC after enabling GIC region
|
||||
- Input: synaptics - fix device info appearing different on reconnect
|
||||
- Input: xpad - fix PowerA init quirk for some gamepad models
|
||||
- crypto: chacha20 - fix handling of chunked input
|
||||
- [x86] i2c: ismt: Don't duplicate the receive length for block reads
|
||||
- [x86] i2c: ismt: Return EMSGSIZE for block reads with bogus length
|
||||
- crypto: algif_skcipher - only call put_page on referenced and used pages
|
||||
- mm, uprobes: fix multiple free of ->uprobes_state.xol_area
|
||||
- mm, madvise: ensure poisoned pages are removed from per-cpu lists
|
||||
- ceph: fix readpage from fscache
|
||||
- cpumask: fix spurious cpumask_of_node() on non-NUMA multi-node configs
|
||||
- cpuset: Fix incorrect memory_pressure control file mapping
|
||||
- CIFS: Fix maximum SMB2 header size
|
||||
- CIFS: remove endian related sparse warning
|
||||
- dm mpath: do not lock up a CPU with requeuing activity
|
||||
- [x86] drm/vmwgfx: Fix F26 Wayland screen update issue
|
||||
- [arm64, armhf] wl1251: add a missing spin_lock_init()
|
||||
- [arm64] mmc: sdhci-xenon: add set_power callback
|
||||
- lib/mpi: kunmap after finishing accessing buffer
|
||||
- xfrm: policy: check policy direction value
|
||||
- drm/ttm: Fix accounting error when fail to get pages for pool
|
||||
- nvme: fix the definition of the doorbell buffer config support bit
|
||||
- drm/nouveau/i2c/gf119-: add support for address-only transactions
|
||||
- epoll: fix race between ep_poll_callback(POLLFREE) and
|
||||
ep_free()/ep_remove()
|
||||
|
||||
[ Ben Hutchings ]
|
||||
* [alpha] udeb: Add i2c-modules (fixes FTBFS)
|
||||
|
|
|
|||
|
|
@ -1,40 +0,0 @@
|
|||
From: Vladis Dronov <vdronov@redhat.com>
|
||||
Date: Wed, 2 Aug 2017 19:50:14 +0200
|
||||
Subject: xfrm: policy: check policy direction value
|
||||
Origin: https://git.kernel.org/linus/7bab09631c2a303f87a7eb7e3d69e888673b9b7e
|
||||
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-11600
|
||||
|
||||
The 'dir' parameter in xfrm_migrate() is a user-controlled byte which is used
|
||||
as an array index. This can lead to an out-of-bound access, kernel lockup and
|
||||
DoS. Add a check for the 'dir' value.
|
||||
|
||||
This fixes CVE-2017-11600.
|
||||
|
||||
References: https://bugzilla.redhat.com/show_bug.cgi?id=1474928
|
||||
Fixes: 80c9abaabf42 ("[XFRM]: Extension for dynamic update of endpoint address(es)")
|
||||
Cc: <stable@vger.kernel.org> # v2.6.21-rc1
|
||||
Reported-by: "bo Zhang" <zhangbo5891001@gmail.com>
|
||||
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
|
||||
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
|
||||
---
|
||||
net/xfrm/xfrm_policy.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
--- a/net/xfrm/xfrm_policy.c
|
||||
+++ b/net/xfrm/xfrm_policy.c
|
||||
@@ -3301,9 +3301,15 @@ int xfrm_migrate(const struct xfrm_selec
|
||||
struct xfrm_state *x_new[XFRM_MAX_DEPTH];
|
||||
struct xfrm_migrate *mp;
|
||||
|
||||
+ /* Stage 0 - sanity checks */
|
||||
if ((err = xfrm_migrate_check(m, num_migrate)) < 0)
|
||||
goto out;
|
||||
|
||||
+ if (dir >= XFRM_POLICY_MAX) {
|
||||
+ err = -EINVAL;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
/* Stage 1 - find policy */
|
||||
if ((pol = xfrm_migrate_policy_find(sel, dir, type, net)) == NULL) {
|
||||
err = -ENOENT;
|
||||
|
|
@ -1,56 +0,0 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Tue, 29 Sep 2015 02:55:06 +0100
|
||||
Subject: [PATCH] alpha: uapi: Add support for __SANE_USERSPACE_TYPES__
|
||||
Forwarded: http://mid.gmane.org/1443659755.2730.14.camel@decadent.org.uk
|
||||
|
||||
This fixes compiler errors in perf such as:
|
||||
|
||||
tests/attr.c: In function 'store_event':
|
||||
tests/attr.c:66:27: error: format '%llu' expects argument of type 'long long unsigned int', but argument 6 has type '__u64 {aka long unsigned int}' [-Werror=format=]
|
||||
snprintf(path, PATH_MAX, "%s/event-%d-%llu-%d", dir,
|
||||
^
|
||||
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
Tested-by: Michael Cree <mcree@orcon.net.nz>
|
||||
Cc: stable@vger.kernel.org
|
||||
---
|
||||
arch/alpha/include/asm/types.h | 2 +-
|
||||
arch/alpha/include/uapi/asm/types.h | 12 +++++++++++-
|
||||
2 files changed, 12 insertions(+), 2 deletions(-)
|
||||
|
||||
# diff --git a/arch/alpha/include/asm/types.h b/arch/alpha/include/asm/types.h
|
||||
# index 4cb4b6d..0bc66e1 100644
|
||||
# --- a/arch/alpha/include/asm/types.h
|
||||
# +++ b/arch/alpha/include/asm/types.h
|
||||
# @@ -1,6 +1,6 @@
|
||||
# #ifndef _ALPHA_TYPES_H
|
||||
# #define _ALPHA_TYPES_H
|
||||
#
|
||||
# -#include <asm-generic/int-ll64.h>
|
||||
# +#include <uapi/asm/types.h>
|
||||
#
|
||||
# #endif /* _ALPHA_TYPES_H */
|
||||
diff --git a/arch/alpha/include/uapi/asm/types.h b/arch/alpha/include/uapi/asm/types.h
|
||||
index 9fd3cd4..8d1024d 100644
|
||||
--- a/arch/alpha/include/uapi/asm/types.h
|
||||
+++ b/arch/alpha/include/uapi/asm/types.h
|
||||
@@ -9,8 +9,18 @@
|
||||
* need to be careful to avoid a name clashes.
|
||||
*/
|
||||
|
||||
-#ifndef __KERNEL__
|
||||
+/*
|
||||
+ * This is here because we used to use l64 for alpha
|
||||
+ * and we don't want to impact user mode with our change to ll64
|
||||
+ * in the kernel.
|
||||
+ *
|
||||
+ * However, some user programs are fine with this. They can
|
||||
+ * flag __SANE_USERSPACE_TYPES__ to get int-ll64.h here.
|
||||
+ */
|
||||
+#if !defined(__SANE_USERSPACE_TYPES__) && !defined(__KERNEL__)
|
||||
#include <asm-generic/int-l64.h>
|
||||
+#else
|
||||
+#include <asm-generic/int-ll64.h>
|
||||
#endif
|
||||
|
||||
#endif /* _UAPI_ALPHA_TYPES_H */
|
||||
|
|
@ -122,7 +122,6 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
|
|||
|
||||
# Security fixes
|
||||
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
|
||||
bugfix/all/xfrm-policy-check-policy-direction-value.patch
|
||||
|
||||
# Fix exported symbol versions
|
||||
bugfix/alpha/alpha-restore-symbol-versions-for-symbols-exported-f.patch
|
||||
|
|
@ -137,7 +136,6 @@ bugfix/all/tools-perf-man-date.patch
|
|||
bugfix/all/tools-perf-remove-shebangs.patch
|
||||
bugfix/all/tools-lib-traceevent-use-ldflags.patch
|
||||
bugfix/x86/revert-perf-build-fix-libunwind-feature-detection-on.patch
|
||||
bugfix/alpha/alpha-uapi-add-support-for-__sane_userspace_types__.patch
|
||||
bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch
|
||||
bugfix/all/cpupower-bump-soname-version.patch
|
||||
bugfix/all/cpupower-fix-checks-for-cpu-existence.patch
|
||||
|
|
|
|||
Loading…
Reference in New Issue