Update to 4.13
This commit is contained in:
parent
418c755613
commit
b066a269e0
|
@ -1,4 +1,6 @@
|
|||
linux (4.13~rc7-1~exp2) UNRELEASED; urgency=medium
|
||||
linux (4.13-1~exp1) UNRELEASED; urgency=medium
|
||||
|
||||
* New upstream release: https://kernelnewbies.org/Linux_4.13
|
||||
|
||||
[ Roger Shimizu ]
|
||||
* debian/bin/buildcheck.py:
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
[abi]
|
||||
abiname: 1
|
||||
abiname: trunk
|
||||
ignore-changes:
|
||||
__cpuhp_*
|
||||
bpf_analyzer
|
||||
|
|
|
@ -1,40 +0,0 @@
|
|||
From: Vladis Dronov <vdronov@redhat.com>
|
||||
Date: Wed, 2 Aug 2017 19:50:14 +0200
|
||||
Subject: xfrm: policy: check policy direction value
|
||||
Origin: https://git.kernel.org/linus/7bab09631c2a303f87a7eb7e3d69e888673b9b7e
|
||||
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-11600
|
||||
|
||||
The 'dir' parameter in xfrm_migrate() is a user-controlled byte which is used
|
||||
as an array index. This can lead to an out-of-bound access, kernel lockup and
|
||||
DoS. Add a check for the 'dir' value.
|
||||
|
||||
This fixes CVE-2017-11600.
|
||||
|
||||
References: https://bugzilla.redhat.com/show_bug.cgi?id=1474928
|
||||
Fixes: 80c9abaabf42 ("[XFRM]: Extension for dynamic update of endpoint address(es)")
|
||||
Cc: <stable@vger.kernel.org> # v2.6.21-rc1
|
||||
Reported-by: "bo Zhang" <zhangbo5891001@gmail.com>
|
||||
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
|
||||
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
|
||||
---
|
||||
net/xfrm/xfrm_policy.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
--- a/net/xfrm/xfrm_policy.c
|
||||
+++ b/net/xfrm/xfrm_policy.c
|
||||
@@ -3301,9 +3301,15 @@ int xfrm_migrate(const struct xfrm_selec
|
||||
struct xfrm_state *x_new[XFRM_MAX_DEPTH];
|
||||
struct xfrm_migrate *mp;
|
||||
|
||||
+ /* Stage 0 - sanity checks */
|
||||
if ((err = xfrm_migrate_check(m, num_migrate)) < 0)
|
||||
goto out;
|
||||
|
||||
+ if (dir >= XFRM_POLICY_MAX) {
|
||||
+ err = -EINVAL;
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
/* Stage 1 - find policy */
|
||||
if ((pol = xfrm_migrate_policy_find(sel, dir, type, net)) == NULL) {
|
||||
err = -ENOENT;
|
|
@ -1,56 +0,0 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Tue, 29 Sep 2015 02:55:06 +0100
|
||||
Subject: [PATCH] alpha: uapi: Add support for __SANE_USERSPACE_TYPES__
|
||||
Forwarded: http://mid.gmane.org/1443659755.2730.14.camel@decadent.org.uk
|
||||
|
||||
This fixes compiler errors in perf such as:
|
||||
|
||||
tests/attr.c: In function 'store_event':
|
||||
tests/attr.c:66:27: error: format '%llu' expects argument of type 'long long unsigned int', but argument 6 has type '__u64 {aka long unsigned int}' [-Werror=format=]
|
||||
snprintf(path, PATH_MAX, "%s/event-%d-%llu-%d", dir,
|
||||
^
|
||||
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
Tested-by: Michael Cree <mcree@orcon.net.nz>
|
||||
Cc: stable@vger.kernel.org
|
||||
---
|
||||
arch/alpha/include/asm/types.h | 2 +-
|
||||
arch/alpha/include/uapi/asm/types.h | 12 +++++++++++-
|
||||
2 files changed, 12 insertions(+), 2 deletions(-)
|
||||
|
||||
# diff --git a/arch/alpha/include/asm/types.h b/arch/alpha/include/asm/types.h
|
||||
# index 4cb4b6d..0bc66e1 100644
|
||||
# --- a/arch/alpha/include/asm/types.h
|
||||
# +++ b/arch/alpha/include/asm/types.h
|
||||
# @@ -1,6 +1,6 @@
|
||||
# #ifndef _ALPHA_TYPES_H
|
||||
# #define _ALPHA_TYPES_H
|
||||
#
|
||||
# -#include <asm-generic/int-ll64.h>
|
||||
# +#include <uapi/asm/types.h>
|
||||
#
|
||||
# #endif /* _ALPHA_TYPES_H */
|
||||
diff --git a/arch/alpha/include/uapi/asm/types.h b/arch/alpha/include/uapi/asm/types.h
|
||||
index 9fd3cd4..8d1024d 100644
|
||||
--- a/arch/alpha/include/uapi/asm/types.h
|
||||
+++ b/arch/alpha/include/uapi/asm/types.h
|
||||
@@ -9,8 +9,18 @@
|
||||
* need to be careful to avoid a name clashes.
|
||||
*/
|
||||
|
||||
-#ifndef __KERNEL__
|
||||
+/*
|
||||
+ * This is here because we used to use l64 for alpha
|
||||
+ * and we don't want to impact user mode with our change to ll64
|
||||
+ * in the kernel.
|
||||
+ *
|
||||
+ * However, some user programs are fine with this. They can
|
||||
+ * flag __SANE_USERSPACE_TYPES__ to get int-ll64.h here.
|
||||
+ */
|
||||
+#if !defined(__SANE_USERSPACE_TYPES__) && !defined(__KERNEL__)
|
||||
#include <asm-generic/int-l64.h>
|
||||
+#else
|
||||
+#include <asm-generic/int-ll64.h>
|
||||
#endif
|
||||
|
||||
#endif /* _UAPI_ALPHA_TYPES_H */
|
|
@ -114,7 +114,6 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
|
|||
|
||||
# Security fixes
|
||||
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
|
||||
bugfix/all/xfrm-policy-check-policy-direction-value.patch
|
||||
|
||||
# Fix exported symbol versions
|
||||
bugfix/alpha/alpha-restore-symbol-versions-for-symbols-exported-f.patch
|
||||
|
@ -129,7 +128,6 @@ bugfix/all/tools-perf-man-date.patch
|
|||
bugfix/all/tools-perf-remove-shebangs.patch
|
||||
bugfix/all/tools-lib-traceevent-use-ldflags.patch
|
||||
bugfix/x86/revert-perf-build-fix-libunwind-feature-detection-on.patch
|
||||
bugfix/alpha/alpha-uapi-add-support-for-__sane_userspace_types__.patch
|
||||
bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch
|
||||
bugfix/all/cpupower-bump-soname-version.patch
|
||||
bugfix/all/cpupower-fix-checks-for-cpu-existence.patch
|
||||
|
|
Loading…
Reference in New Issue