Update to 4.13
This commit is contained in:
parent
418c755613
commit
b066a269e0
|
@ -1,4 +1,6 @@
|
||||||
linux (4.13~rc7-1~exp2) UNRELEASED; urgency=medium
|
linux (4.13-1~exp1) UNRELEASED; urgency=medium
|
||||||
|
|
||||||
|
* New upstream release: https://kernelnewbies.org/Linux_4.13
|
||||||
|
|
||||||
[ Roger Shimizu ]
|
[ Roger Shimizu ]
|
||||||
* debian/bin/buildcheck.py:
|
* debian/bin/buildcheck.py:
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
[abi]
|
[abi]
|
||||||
abiname: 1
|
abiname: trunk
|
||||||
ignore-changes:
|
ignore-changes:
|
||||||
__cpuhp_*
|
__cpuhp_*
|
||||||
bpf_analyzer
|
bpf_analyzer
|
||||||
|
|
|
@ -1,40 +0,0 @@
|
||||||
From: Vladis Dronov <vdronov@redhat.com>
|
|
||||||
Date: Wed, 2 Aug 2017 19:50:14 +0200
|
|
||||||
Subject: xfrm: policy: check policy direction value
|
|
||||||
Origin: https://git.kernel.org/linus/7bab09631c2a303f87a7eb7e3d69e888673b9b7e
|
|
||||||
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-11600
|
|
||||||
|
|
||||||
The 'dir' parameter in xfrm_migrate() is a user-controlled byte which is used
|
|
||||||
as an array index. This can lead to an out-of-bound access, kernel lockup and
|
|
||||||
DoS. Add a check for the 'dir' value.
|
|
||||||
|
|
||||||
This fixes CVE-2017-11600.
|
|
||||||
|
|
||||||
References: https://bugzilla.redhat.com/show_bug.cgi?id=1474928
|
|
||||||
Fixes: 80c9abaabf42 ("[XFRM]: Extension for dynamic update of endpoint address(es)")
|
|
||||||
Cc: <stable@vger.kernel.org> # v2.6.21-rc1
|
|
||||||
Reported-by: "bo Zhang" <zhangbo5891001@gmail.com>
|
|
||||||
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
|
|
||||||
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
|
|
||||||
---
|
|
||||||
net/xfrm/xfrm_policy.c | 6 ++++++
|
|
||||||
1 file changed, 6 insertions(+)
|
|
||||||
|
|
||||||
--- a/net/xfrm/xfrm_policy.c
|
|
||||||
+++ b/net/xfrm/xfrm_policy.c
|
|
||||||
@@ -3301,9 +3301,15 @@ int xfrm_migrate(const struct xfrm_selec
|
|
||||||
struct xfrm_state *x_new[XFRM_MAX_DEPTH];
|
|
||||||
struct xfrm_migrate *mp;
|
|
||||||
|
|
||||||
+ /* Stage 0 - sanity checks */
|
|
||||||
if ((err = xfrm_migrate_check(m, num_migrate)) < 0)
|
|
||||||
goto out;
|
|
||||||
|
|
||||||
+ if (dir >= XFRM_POLICY_MAX) {
|
|
||||||
+ err = -EINVAL;
|
|
||||||
+ goto out;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
/* Stage 1 - find policy */
|
|
||||||
if ((pol = xfrm_migrate_policy_find(sel, dir, type, net)) == NULL) {
|
|
||||||
err = -ENOENT;
|
|
|
@ -1,56 +0,0 @@
|
||||||
From: Ben Hutchings <ben@decadent.org.uk>
|
|
||||||
Date: Tue, 29 Sep 2015 02:55:06 +0100
|
|
||||||
Subject: [PATCH] alpha: uapi: Add support for __SANE_USERSPACE_TYPES__
|
|
||||||
Forwarded: http://mid.gmane.org/1443659755.2730.14.camel@decadent.org.uk
|
|
||||||
|
|
||||||
This fixes compiler errors in perf such as:
|
|
||||||
|
|
||||||
tests/attr.c: In function 'store_event':
|
|
||||||
tests/attr.c:66:27: error: format '%llu' expects argument of type 'long long unsigned int', but argument 6 has type '__u64 {aka long unsigned int}' [-Werror=format=]
|
|
||||||
snprintf(path, PATH_MAX, "%s/event-%d-%llu-%d", dir,
|
|
||||||
^
|
|
||||||
|
|
||||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|
||||||
Tested-by: Michael Cree <mcree@orcon.net.nz>
|
|
||||||
Cc: stable@vger.kernel.org
|
|
||||||
---
|
|
||||||
arch/alpha/include/asm/types.h | 2 +-
|
|
||||||
arch/alpha/include/uapi/asm/types.h | 12 +++++++++++-
|
|
||||||
2 files changed, 12 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
# diff --git a/arch/alpha/include/asm/types.h b/arch/alpha/include/asm/types.h
|
|
||||||
# index 4cb4b6d..0bc66e1 100644
|
|
||||||
# --- a/arch/alpha/include/asm/types.h
|
|
||||||
# +++ b/arch/alpha/include/asm/types.h
|
|
||||||
# @@ -1,6 +1,6 @@
|
|
||||||
# #ifndef _ALPHA_TYPES_H
|
|
||||||
# #define _ALPHA_TYPES_H
|
|
||||||
#
|
|
||||||
# -#include <asm-generic/int-ll64.h>
|
|
||||||
# +#include <uapi/asm/types.h>
|
|
||||||
#
|
|
||||||
# #endif /* _ALPHA_TYPES_H */
|
|
||||||
diff --git a/arch/alpha/include/uapi/asm/types.h b/arch/alpha/include/uapi/asm/types.h
|
|
||||||
index 9fd3cd4..8d1024d 100644
|
|
||||||
--- a/arch/alpha/include/uapi/asm/types.h
|
|
||||||
+++ b/arch/alpha/include/uapi/asm/types.h
|
|
||||||
@@ -9,8 +9,18 @@
|
|
||||||
* need to be careful to avoid a name clashes.
|
|
||||||
*/
|
|
||||||
|
|
||||||
-#ifndef __KERNEL__
|
|
||||||
+/*
|
|
||||||
+ * This is here because we used to use l64 for alpha
|
|
||||||
+ * and we don't want to impact user mode with our change to ll64
|
|
||||||
+ * in the kernel.
|
|
||||||
+ *
|
|
||||||
+ * However, some user programs are fine with this. They can
|
|
||||||
+ * flag __SANE_USERSPACE_TYPES__ to get int-ll64.h here.
|
|
||||||
+ */
|
|
||||||
+#if !defined(__SANE_USERSPACE_TYPES__) && !defined(__KERNEL__)
|
|
||||||
#include <asm-generic/int-l64.h>
|
|
||||||
+#else
|
|
||||||
+#include <asm-generic/int-ll64.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#endif /* _UAPI_ALPHA_TYPES_H */
|
|
|
@ -114,7 +114,6 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
|
||||||
|
|
||||||
# Security fixes
|
# Security fixes
|
||||||
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
|
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
|
||||||
bugfix/all/xfrm-policy-check-policy-direction-value.patch
|
|
||||||
|
|
||||||
# Fix exported symbol versions
|
# Fix exported symbol versions
|
||||||
bugfix/alpha/alpha-restore-symbol-versions-for-symbols-exported-f.patch
|
bugfix/alpha/alpha-restore-symbol-versions-for-symbols-exported-f.patch
|
||||||
|
@ -129,7 +128,6 @@ bugfix/all/tools-perf-man-date.patch
|
||||||
bugfix/all/tools-perf-remove-shebangs.patch
|
bugfix/all/tools-perf-remove-shebangs.patch
|
||||||
bugfix/all/tools-lib-traceevent-use-ldflags.patch
|
bugfix/all/tools-lib-traceevent-use-ldflags.patch
|
||||||
bugfix/x86/revert-perf-build-fix-libunwind-feature-detection-on.patch
|
bugfix/x86/revert-perf-build-fix-libunwind-feature-detection-on.patch
|
||||||
bugfix/alpha/alpha-uapi-add-support-for-__sane_userspace_types__.patch
|
|
||||||
bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch
|
bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch
|
||||||
bugfix/all/cpupower-bump-soname-version.patch
|
bugfix/all/cpupower-bump-soname-version.patch
|
||||||
bugfix/all/cpupower-fix-checks-for-cpu-existence.patch
|
bugfix/all/cpupower-fix-checks-for-cpu-existence.patch
|
||||||
|
|
Loading…
Reference in New Issue