diff --git a/debian/changelog b/debian/changelog index bebb785e2..a52d42b45 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,15 +1,15 @@ -linux (3.12.2-1~exp1) UNRELEASED; urgency=low +linux (3.12.3-1~exp1) UNRELEASED; urgency=low * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.1 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.2 - libertas: potential oops in debugfs (CVE-2013-6378) - exec/ptrace: fix get_dumpable() incorrect tests (CVE-2013-2929) + https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.3 [ Ben Hutchings ] * [rt] Update to 3.12.0-rt2 and reenable * HID: Enable UHID as module (Closes: #729338) - - HID: uhid: fix leak for 64/32 UHID_CREATE * [sh4] Remove some accidental inconsistencies in config * Enable CHECKPOINT_RESTORE (Closes: #682700) * Enable JUMP_LABEL (Closes: #730071) diff --git a/debian/patches/bugfix/all/HID-uhid-fix-leak-for-64-32-UHID_CREATE.mbox b/debian/patches/bugfix/all/HID-uhid-fix-leak-for-64-32-UHID_CREATE.mbox deleted file mode 100644 index 6d2c9a2b4..000000000 --- a/debian/patches/bugfix/all/HID-uhid-fix-leak-for-64-32-UHID_CREATE.mbox +++ /dev/null @@ -1,28 +0,0 @@ -From: David Herrmann -Date: Tue, 26 Nov 2013 13:58:18 +0100 -Subject: HID: uhid: fix leak for 64/32 UHID_CREATE -Origin: http://mid.gmane.org/1385470698-6036-1-git-send-email-dh.herrmann@gmail.com - -UHID allows short writes so user-space can omit unused fields. We -automatically set them to 0 in the kernel. However, the 64/32 bit -compat-handler didn't do that in the UHID_CREATE fallback. This will -reveal random kernel heap data (of random size, even) to user-space. - -Reported-by: Ben Hutchings -Signed-off-by: David Herrmann -Cc: stable@vger.kernel.org ---- - drivers/hid/uhid.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/drivers/hid/uhid.c -+++ b/drivers/hid/uhid.c -@@ -287,7 +287,7 @@ static int uhid_event_from_user(const ch - */ - struct uhid_create_req_compat *compat; - -- compat = kmalloc(sizeof(*compat), GFP_KERNEL); -+ compat = kzalloc(sizeof(*compat), GFP_KERNEL); - if (!compat) - return -ENOMEM; - diff --git a/debian/patches/bugfix/s390/qeth-avoid-buffer-overflow-in-snmp-ioctl.patch b/debian/patches/bugfix/s390/qeth-avoid-buffer-overflow-in-snmp-ioctl.patch deleted file mode 100644 index d5afa4b97..000000000 --- a/debian/patches/bugfix/s390/qeth-avoid-buffer-overflow-in-snmp-ioctl.patch +++ /dev/null @@ -1,43 +0,0 @@ -From: Ursula Braun -Date: Wed, 6 Nov 2013 09:04:52 +0100 -Subject: qeth: avoid buffer overflow in snmp ioctl -Origin: https://git.kernel.org/linus/6fb392b1a63ae36c31f62bc3fc8630b49d602b62 - -Check user-defined length in snmp ioctl request and allow request -only if it fits into a qeth command buffer. - -Signed-off-by: Ursula Braun -Signed-off-by: Frank Blaschka -Reviewed-by: Heiko Carstens -Reported-by: Nico Golde -Reported-by: Fabian Yamaguchi -Cc: -Signed-off-by: David S. Miller ---- - drivers/s390/net/qeth_core_main.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/drivers/s390/net/qeth_core_main.c b/drivers/s390/net/qeth_core_main.c -index 0a328d0..bd8c09e 100644 ---- a/drivers/s390/net/qeth_core_main.c -+++ b/drivers/s390/net/qeth_core_main.c -@@ -4451,7 +4451,7 @@ int qeth_snmp_command(struct qeth_card *card, char __user *udata) - struct qeth_cmd_buffer *iob; - struct qeth_ipa_cmd *cmd; - struct qeth_snmp_ureq *ureq; -- int req_len; -+ unsigned int req_len; - struct qeth_arp_query_info qinfo = {0, }; - int rc = 0; - -@@ -4467,6 +4467,10 @@ int qeth_snmp_command(struct qeth_card *card, char __user *udata) - /* skip 4 bytes (data_len struct member) to get req_len */ - if (copy_from_user(&req_len, udata + sizeof(int), sizeof(int))) - return -EFAULT; -+ if (req_len > (QETH_BUFSIZE - IPA_PDU_HEADER_SIZE - -+ sizeof(struct qeth_ipacmd_hdr) - -+ sizeof(struct qeth_ipacmd_setadpparms_hdr))) -+ return -EINVAL; - ureq = memdup_user(udata, req_len + sizeof(struct qeth_snmp_ureq_hdr)); - if (IS_ERR(ureq)) { - QETH_CARD_TEXT(card, 2, "snmpnome"); diff --git a/debian/patches/features/all/rt/genirq-Set-the-irq-thread-policy-without-checking-CA.patch b/debian/patches/features/all/rt/genirq-Set-the-irq-thread-policy-without-checking-CA.patch deleted file mode 100644 index d9b20db00..000000000 --- a/debian/patches/features/all/rt/genirq-Set-the-irq-thread-policy-without-checking-CA.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 7f095a71d6bc49d7c33ed33ebc26daf4867ee4c8 Mon Sep 17 00:00:00 2001 -From: Thomas Pfaff -Date: Fri, 11 Oct 2013 12:42:49 +0200 -Subject: [PATCH] genirq: Set the irq thread policy without checking - CAP_SYS_NICE -Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/3.12/patches-3.12.1-rt4.tar.xz - -In commit ee23871389 ("genirq: Set irq thread to RT priority on -creation") we moved the assigment of the thread's priority from the -thread's function into __setup_irq(). That function may run in user -context for instance if the user opens an UART node and then driver -calls requests in the ->open() callback. That user may not have -CAP_SYS_NICE and so the irq thread won't run with the SCHED_OTHER -policy. - -This patch uses sched_setscheduler_nocheck() so we omit the CAP_SYS_NICE -check which is otherwise required for the SCHED_OTHER policy. - -Cc: Ivo Sieben -Cc: stable@vger.kernel.org -Cc: stable-rt@vger.kernel.org -Signed-off-by: Thomas Pfaff -[bigeasy: rewrite the changelog] -Signed-off-by: Sebastian Andrzej Siewior ---- - kernel/irq/manage.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/kernel/irq/manage.c -+++ b/kernel/irq/manage.c -@@ -956,7 +956,7 @@ static int - goto out_mput; - } - -- sched_setscheduler(t, SCHED_FIFO, ¶m); -+ sched_setscheduler_nocheck(t, SCHED_FIFO, ¶m); - - /* - * We keep the reference to the task struct even if diff --git a/debian/patches/series b/debian/patches/series index e58bbdb62..9418ffb71 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -74,11 +74,9 @@ features/all/mvsas-Recognise-device-subsystem-9485-9485-as-88SE94.patch bugfix/all/kbuild-use-nostdinc-in-compile-tests.patch debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch bugfix/all/UAPI-include-asm-byteorder.h-in-linux-raid-md_p.h.patch -bugfix/all/HID-uhid-fix-leak-for-64-32-UHID_CREATE.mbox bugfix/all/net-clamp-msg_namelen-instead-of-returning-an-error.patch bugfix/all/tcp-tsq-restore-minimal-amount-of-queueing.patch bugfix/all/rds-prevent-bug_on-triggered-by-congestion-update-to-loopback.patch bugfix/all/ipv6-fix-headroom-calculation-in-udp6_ufo_fragment.patch -bugfix/s390/qeth-avoid-buffer-overflow-in-snmp-ioctl.patch bugfix/all/xfs-underflow-bug-in-xfs_attrlist_by_handle.patch bugfix/arm/ahci-imx-Explicitly-clear-IMX6Q_GPR13_SATA_MPLL_CLK_.patch diff --git a/debian/patches/series-rt b/debian/patches/series-rt index eef581f08..81f34362a 100644 --- a/debian/patches/series-rt +++ b/debian/patches/series-rt @@ -10,7 +10,6 @@ features/all/rt/lockdep-Correctly-annotate-hardirq-context-in-irq_ex.patch ############################################################ # UPSTREAM FIXES, patches pending ############################################################ -features/all/rt/genirq-Set-the-irq-thread-policy-without-checking-CA.patch ############################################################ # Stuff broken upstream, patches submitted