Hello community, here is the log from the commit of package kernel-source for openSUSE:Factory checked in at 2016-12-01 10:21:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kernel-source (Old) and /work/SRC/openSUSE:Factory/.kernel-source.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kernel-source" Changes: -------- --- /work/SRC/openSUSE:Factory/kernel-source/kernel-64kb.changes 2016-11-23 13:36:55.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.kernel-source.new/kernel-64kb.changes 2016-12-01 10:21:08.000000000 +0100 @@ -1,0 +2,32 @@ +Sat Nov 26 17:26:36 CET 2016 - jsl...@suse.cz + +- Linux 4.8.11 (: :). +- commit 8e531aa + +------------------------------------------------------------------- +Fri Nov 25 16:49:16 CET 2016 - ti...@suse.de + +- ASoC: intel: Fix crash at suspend/resume without card + registration (bsc#1010690). +- commit b60c8fd + +------------------------------------------------------------------- +Fri Nov 25 14:43:05 CET 2016 - ti...@suse.de + +- Revert "ACPI: Execute _PTS before system reboot" (bsc#101220). +- commit 95e516a + +------------------------------------------------------------------- +Fri Nov 25 11:33:45 CET 2016 - ti...@suse.de + +- xc2028: Fix use-after-free bug properly (CVE-2016-7913 + bsc#1010478). +- commit 534ac6c + +------------------------------------------------------------------- +Thu Nov 24 13:30:01 CET 2016 - mkube...@suse.cz + +- Update patches.kernel.org/patch-4.8.7-8 references (add CVE-2016-9555 bsc#1011685). +- commit d81bac1 + +------------------------------------------------------------------- kernel-debug.changes: same change kernel-default.changes: same change kernel-docs.changes: same change kernel-lpae.changes: same change kernel-obs-build.changes: same change kernel-obs-qa.changes: same change kernel-pae.changes: same change kernel-source.changes: same change kernel-syms.changes: same change kernel-syzkaller.changes: same change kernel-vanilla.changes: same change ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kernel-64kb.spec ++++++ --- /var/tmp/diff_new_pack.F62qNQ/_old 2016-12-01 10:21:13.000000000 +0100 +++ /var/tmp/diff_new_pack.F62qNQ/_new 2016-12-01 10:21:13.000000000 +0100 @@ -20,7 +20,7 @@ # needssslcertforbuild %define srcversion 4.8 -%define patchversion 4.8.10 +%define patchversion 4.8.11 %define variant %{nil} %define vanilla_only 0 @@ -60,9 +60,9 @@ Summary: Kernel with 64kb PAGE_SIZE License: GPL-2.0 Group: System/Kernel -Version: 4.8.10 +Version: 4.8.11 %if 0%{?is_kotd} -Release: <RELEASE>.gd1ec066 +Release: <RELEASE>.gff417d1 %else Release: 0 %endif kernel-debug.spec: same change kernel-default.spec: same change ++++++ kernel-docs.spec ++++++ --- /var/tmp/diff_new_pack.F62qNQ/_old 2016-12-01 10:21:13.000000000 +0100 +++ /var/tmp/diff_new_pack.F62qNQ/_new 2016-12-01 10:21:13.000000000 +0100 @@ -16,7 +16,7 @@ # -%define patchversion 4.8.10 +%define patchversion 4.8.11 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -33,9 +33,9 @@ Summary: Kernel Documentation (man pages) License: GPL-2.0 Group: Documentation/Man -Version: 4.8.10 +Version: 4.8.11 %if 0%{?is_kotd} -Release: <RELEASE>.gd1ec066 +Release: <RELEASE>.gff417d1 %else Release: 0 %endif ++++++ kernel-lpae.spec ++++++ --- /var/tmp/diff_new_pack.F62qNQ/_old 2016-12-01 10:21:13.000000000 +0100 +++ /var/tmp/diff_new_pack.F62qNQ/_new 2016-12-01 10:21:13.000000000 +0100 @@ -20,7 +20,7 @@ # needssslcertforbuild %define srcversion 4.8 -%define patchversion 4.8.10 +%define patchversion 4.8.11 %define variant %{nil} %define vanilla_only 0 @@ -60,9 +60,9 @@ Summary: Kernel for LPAE enabled systems License: GPL-2.0 Group: System/Kernel -Version: 4.8.10 +Version: 4.8.11 %if 0%{?is_kotd} -Release: <RELEASE>.gd1ec066 +Release: <RELEASE>.gff417d1 %else Release: 0 %endif ++++++ kernel-obs-build.spec ++++++ --- /var/tmp/diff_new_pack.F62qNQ/_old 2016-12-01 10:21:13.000000000 +0100 +++ /var/tmp/diff_new_pack.F62qNQ/_new 2016-12-01 10:21:13.000000000 +0100 @@ -19,7 +19,7 @@ #!BuildIgnore: post-build-checks -%define patchversion 4.8.10 +%define patchversion 4.8.11 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -51,9 +51,9 @@ Summary: package kernel and initrd for OBS VM builds License: GPL-2.0 Group: SLES -Version: 4.8.10 +Version: 4.8.11 %if 0%{?is_kotd} -Release: <RELEASE>.gd1ec066 +Release: <RELEASE>.gff417d1 %else Release: 0 %endif ++++++ kernel-obs-qa.spec ++++++ --- /var/tmp/diff_new_pack.F62qNQ/_old 2016-12-01 10:21:13.000000000 +0100 +++ /var/tmp/diff_new_pack.F62qNQ/_new 2016-12-01 10:21:13.000000000 +0100 @@ -17,7 +17,7 @@ # needsrootforbuild -%define patchversion 4.8.10 +%define patchversion 4.8.11 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -36,9 +36,9 @@ Summary: Basic QA tests for the kernel License: GPL-2.0 Group: SLES -Version: 4.8.10 +Version: 4.8.11 %if 0%{?is_kotd} -Release: <RELEASE>.gd1ec066 +Release: <RELEASE>.gff417d1 %else Release: 0 %endif ++++++ kernel-pae.spec ++++++ --- /var/tmp/diff_new_pack.F62qNQ/_old 2016-12-01 10:21:13.000000000 +0100 +++ /var/tmp/diff_new_pack.F62qNQ/_new 2016-12-01 10:21:13.000000000 +0100 @@ -20,7 +20,7 @@ # needssslcertforbuild %define srcversion 4.8 -%define patchversion 4.8.10 +%define patchversion 4.8.11 %define variant %{nil} %define vanilla_only 0 @@ -60,9 +60,9 @@ Summary: Kernel with PAE Support License: GPL-2.0 Group: System/Kernel -Version: 4.8.10 +Version: 4.8.11 %if 0%{?is_kotd} -Release: <RELEASE>.gd1ec066 +Release: <RELEASE>.gff417d1 %else Release: 0 %endif ++++++ kernel-source.spec ++++++ --- /var/tmp/diff_new_pack.F62qNQ/_old 2016-12-01 10:21:13.000000000 +0100 +++ /var/tmp/diff_new_pack.F62qNQ/_new 2016-12-01 10:21:13.000000000 +0100 @@ -18,7 +18,7 @@ %define srcversion 4.8 -%define patchversion 4.8.10 +%define patchversion 4.8.11 %define variant %{nil} %define vanilla_only 0 @@ -30,9 +30,9 @@ Summary: The Linux Kernel Sources License: GPL-2.0 Group: Development/Sources -Version: 4.8.10 +Version: 4.8.11 %if 0%{?is_kotd} -Release: <RELEASE>.gd1ec066 +Release: <RELEASE>.gff417d1 %else Release: 0 %endif ++++++ kernel-syms.spec ++++++ --- /var/tmp/diff_new_pack.F62qNQ/_old 2016-12-01 10:21:13.000000000 +0100 +++ /var/tmp/diff_new_pack.F62qNQ/_new 2016-12-01 10:21:13.000000000 +0100 @@ -24,10 +24,10 @@ Summary: Kernel Symbol Versions (modversions) License: GPL-2.0 Group: Development/Sources -Version: 4.8.10 +Version: 4.8.11 %if %using_buildservice %if 0%{?is_kotd} -Release: <RELEASE>.gd1ec066 +Release: <RELEASE>.gff417d1 %else Release: 0 %endif ++++++ kernel-syzkaller.spec ++++++ --- /var/tmp/diff_new_pack.F62qNQ/_old 2016-12-01 10:21:13.000000000 +0100 +++ /var/tmp/diff_new_pack.F62qNQ/_new 2016-12-01 10:21:13.000000000 +0100 @@ -20,7 +20,7 @@ # needssslcertforbuild %define srcversion 4.8 -%define patchversion 4.8.10 +%define patchversion 4.8.11 %define variant %{nil} %define vanilla_only 0 @@ -60,9 +60,9 @@ Summary: Kernel used for fuzzing by syzkaller License: GPL-2.0 Group: System/Kernel -Version: 4.8.10 +Version: 4.8.11 %if 0%{?is_kotd} -Release: <RELEASE>.gd1ec066 +Release: <RELEASE>.gff417d1 %else Release: 0 %endif kernel-vanilla.spec: same change ++++++ patches.fixes.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/ASoC-intel-Fix-crash-at-suspend-resume-without-card new/patches.fixes/ASoC-intel-Fix-crash-at-suspend-resume-without-card --- old/patches.fixes/ASoC-intel-Fix-crash-at-suspend-resume-without-card 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.fixes/ASoC-intel-Fix-crash-at-suspend-resume-without-card 2016-11-25 16:52:42.000000000 +0100 @@ -0,0 +1,63 @@ +From: Takashi Iwai <ti...@suse.de> +Date: Fri, 25 Nov 2016 14:50:51 +0100 +Subject: [PATCH] ASoC: intel: Fix crash at suspend/resume without card + registration +References: bsc#1010690 +Patch-mainline: Submitted, alsa-devel ML Fri, 25 Nov 2016 + +When ASoC Intel SST Medfield driver is probed but without codec / card +assigned, it causes an Oops and freezes the kernel at suspend/resume, + + PM: Suspending system (freeze) + Suspending console(s) (use no_console_suspend to debug) + BUG: unable to handle kernel NULL pointer dereference at 0000000000000018 + IP: [<ffffffffc09d9409>] sst_soc_prepare+0x19/0xa0 [snd_soc_sst_mfld_platform] + Oops: 0000 [#1] PREEMPT SMP + CPU: 0 PID: 1552 Comm: systemd-sleep Tainted: G W 4.9.0-rc6-1.g5f5c2ad-default #1 + Call Trace: + [<ffffffffb45318f9>] dpm_prepare+0x209/0x460 + [<ffffffffb4531b61>] dpm_suspend_start+0x11/0x60 + [<ffffffffb40d3cc2>] suspend_devices_and_enter+0xb2/0x710 + [<ffffffffb40d462e>] pm_suspend+0x30e/0x390 + [<ffffffffb40d2eba>] state_store+0x8a/0x90 + [<ffffffffb43c670f>] kobj_attr_store+0xf/0x20 + [<ffffffffb42b0d97>] sysfs_kf_write+0x37/0x40 + [<ffffffffb42b02bc>] kernfs_fop_write+0x11c/0x1b0 + [<ffffffffb422be68>] __vfs_write+0x28/0x140 + [<ffffffffb43728a8>] ? apparmor_file_permission+0x18/0x20 + [<ffffffffb433b2ab>] ? security_file_permission+0x3b/0xc0 + [<ffffffffb422d095>] vfs_write+0xb5/0x1a0 + [<ffffffffb422e3d6>] SyS_write+0x46/0xa0 + [<ffffffffb4719fbb>] entry_SYSCALL_64_fastpath+0x1e/0xad + +Add proper NULL checks in the PM code of mdfld driver. + +Cc: <sta...@vger.kernel.org> +Signed-off-by: Takashi Iwai <ti...@suse.de> + +--- + sound/soc/intel/atom/sst-mfld-platform-pcm.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/sound/soc/intel/atom/sst-mfld-platform-pcm.c ++++ b/sound/soc/intel/atom/sst-mfld-platform-pcm.c +@@ -771,6 +771,9 @@ static int sst_soc_prepare(struct device + struct sst_data *drv = dev_get_drvdata(dev); + struct snd_soc_pcm_runtime *rtd; + ++ if (!drv->soc_card) ++ return 0; ++ + /* suspend all pcms first */ + snd_soc_suspend(drv->soc_card->dev); + snd_soc_poweroff(drv->soc_card->dev); +@@ -793,6 +796,9 @@ static void sst_soc_complete(struct devi + struct sst_data *drv = dev_get_drvdata(dev); + struct snd_soc_pcm_runtime *rtd; + ++ if (!drv->soc_card) ++ return; ++ + /* restart SSPs */ + list_for_each_entry(rtd, &drv->soc_card->rtd_list, list) { + struct snd_soc_dai *dai = rtd->cpu_dai; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/Revert-ACPI-Execute-_PTS-before-system-reboot new/patches.fixes/Revert-ACPI-Execute-_PTS-before-system-reboot --- old/patches.fixes/Revert-ACPI-Execute-_PTS-before-system-reboot 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.fixes/Revert-ACPI-Execute-_PTS-before-system-reboot 2016-11-25 16:52:42.000000000 +0100 @@ -0,0 +1,73 @@ +From 9713adc2a1a5488f4889c657a0c0ce0c16056d3c Mon Sep 17 00:00:00 2001 +From: "Rafael J. Wysocki" <rafael.j.wyso...@intel.com> +Date: Mon, 21 Nov 2016 14:25:49 +0100 +Subject: [PATCH] Revert "ACPI: Execute _PTS before system reboot" +Git-commit: 9713adc2a1a5488f4889c657a0c0ce0c16056d3c +Git-repo: it://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm.git +Patch-mainline: Queued in subsystem maintainer repository +References: bsc#101220 + +Revert commit 2c85025c75df (ACPI: Execute _PTS before system reboot) +as it is reported to cause poweroff and reboot to hang on Dell +Latitude E7250. + +Link: https://bugzilla.kernel.org/show_bug.cgi?id=187061 +Reported-by: Gianpaolo <gianpao...@gmail.com> +Signed-off-by: Rafael J. Wysocki <rafael.j.wyso...@intel.com> +Acked-by: Takashi Iwai <ti...@suse.de> + +--- + drivers/acpi/sleep.c | 29 ++++++----------------------- + 1 file changed, 6 insertions(+), 23 deletions(-) + +--- a/drivers/acpi/sleep.c ++++ b/drivers/acpi/sleep.c +@@ -47,32 +47,15 @@ static void acpi_sleep_tts_switch(u32 ac + } + } + +-static void acpi_sleep_pts_switch(u32 acpi_state) +-{ +- acpi_status status; +- +- status = acpi_execute_simple_method(NULL, "\\_PTS", acpi_state); +- if (ACPI_FAILURE(status) && status != AE_NOT_FOUND) { +- /* +- * OS can't evaluate the _PTS object correctly. Some warning +- * message will be printed. But it won't break anything. +- */ +- printk(KERN_NOTICE "Failure in evaluating _PTS object\n"); +- } +-} +- +-static int sleep_notify_reboot(struct notifier_block *this, ++static int tts_notify_reboot(struct notifier_block *this, + unsigned long code, void *x) + { + acpi_sleep_tts_switch(ACPI_STATE_S5); +- +- acpi_sleep_pts_switch(ACPI_STATE_S5); +- + return NOTIFY_DONE; + } + +-static struct notifier_block sleep_notifier = { +- .notifier_call = sleep_notify_reboot, ++static struct notifier_block tts_notifier = { ++ .notifier_call = tts_notify_reboot, + .next = NULL, + .priority = 0, + }; +@@ -916,9 +899,9 @@ int __init acpi_sleep_init(void) + pr_info(PREFIX "(supports%s)\n", supported); + + /* +- * Register the sleep_notifier to reboot notifier list so that the _TTS +- * and _PTS object can also be evaluated when the system enters S5. ++ * Register the tts_notifier to reboot notifier list so that the _TTS ++ * object can also be evaluated when the system enters S5. + */ +- register_reboot_notifier(&sleep_notifier); ++ register_reboot_notifier(&tts_notifier); + return 0; + } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/xc2028-Fix-use-after-free-bug-properly new/patches.fixes/xc2028-Fix-use-after-free-bug-properly --- old/patches.fixes/xc2028-Fix-use-after-free-bug-properly 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.fixes/xc2028-Fix-use-after-free-bug-properly 2016-11-25 16:52:42.000000000 +0100 @@ -0,0 +1,128 @@ +From 22a1e7783e173ab3d86018eb590107d68df46c11 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai <ti...@suse.de> +Date: Thu, 17 Nov 2016 10:49:31 +0100 +Subject: [PATCH] xc2028: Fix use-after-free bug properly +Git-commit: 22a1e7783e173ab3d86018eb590107d68df46c11 +References: CVE-2016-7913 bsc#1010478 +Patch-mainline: 4.9-rc7 + +The commit 8dfbcc4351a0 ("[media] xc2028: avoid use after free") tried +to address the reported use-after-free by clearing the reference. + +However, it's clearing the wrong pointer; it sets NULL to +priv->ctrl.fname, but it's anyway overwritten by the next line +memcpy(&priv->ctrl, p, sizeof(priv->ctrl)). + +OTOH, the actual code accessing the freed string is the strcmp() call +with priv->fname: + if (!firmware_name[0] && p->fname && + priv->fname && strcmp(p->fname, priv->fname)) + free_firmware(priv); + +where priv->fname points to the previous file name, and this was +already freed by kfree(). + +For fixing the bug properly, this patch does the following: + +- Keep the copy of firmware file name in only priv->fname, + priv->ctrl.fname isn't changed; +- The allocation is done only when the firmware gets loaded; +- The kfree() is called in free_firmware() commonly + +Fixes: commit 8dfbcc4351a0 ('[media] xc2028: avoid use after free') +Cc: <sta...@vger.kernel.org> +Signed-off-by: Takashi Iwai <ti...@suse.de> +Signed-off-by: Mauro Carvalho Chehab <mche...@s-opensource.com> + +--- + drivers/media/tuners/tuner-xc2028.c | 37 +++++++++++++++--------------------- + 1 file changed, 16 insertions(+), 21 deletions(-) + +--- a/drivers/media/tuners/tuner-xc2028.c ++++ b/drivers/media/tuners/tuner-xc2028.c +@@ -281,6 +281,14 @@ static void free_firmware(struct xc2028_ + int i; + tuner_dbg("%s called\n", __func__); + ++ /* free allocated f/w string */ ++ if (priv->fname != firmware_name) ++ kfree(priv->fname); ++ priv->fname = NULL; ++ ++ priv->state = XC2028_NO_FIRMWARE; ++ memset(&priv->cur_fw, 0, sizeof(priv->cur_fw)); ++ + if (!priv->firm) + return; + +@@ -291,9 +299,6 @@ static void free_firmware(struct xc2028_ + + priv->firm = NULL; + priv->firm_size = 0; +- priv->state = XC2028_NO_FIRMWARE; +- +- memset(&priv->cur_fw, 0, sizeof(priv->cur_fw)); + } + + static int load_all_firmwares(struct dvb_frontend *fe, +@@ -884,9 +889,8 @@ read_not_reliable: + return 0; + + fail: +- priv->state = XC2028_NO_FIRMWARE; ++ free_firmware(priv); + +- memset(&priv->cur_fw, 0, sizeof(priv->cur_fw)); + if (retry_count < 8) { + msleep(50); + retry_count++; +@@ -1332,11 +1336,8 @@ static int xc2028_dvb_release(struct dvb + mutex_lock(&xc2028_list_mutex); + + /* only perform final cleanup if this is the last instance */ +- if (hybrid_tuner_report_instance_count(priv) == 1) { ++ if (hybrid_tuner_report_instance_count(priv) == 1) + free_firmware(priv); +- kfree(priv->ctrl.fname); +- priv->ctrl.fname = NULL; +- } + + if (priv) + hybrid_tuner_release_state(priv); +@@ -1399,19 +1400,8 @@ static int xc2028_set_config(struct dvb_ + + /* + * Copy the config data. +- * For the firmware name, keep a local copy of the string, +- * in order to avoid troubles during device release. + */ +- kfree(priv->ctrl.fname); +- priv->ctrl.fname = NULL; + memcpy(&priv->ctrl, p, sizeof(priv->ctrl)); +- if (p->fname) { +- priv->ctrl.fname = kstrdup(p->fname, GFP_KERNEL); +- if (priv->ctrl.fname == NULL) { +- rc = -ENOMEM; +- goto unlock; +- } +- } + + /* + * If firmware name changed, frees firmware. As free_firmware will +@@ -1426,10 +1416,15 @@ static int xc2028_set_config(struct dvb_ + + if (priv->state == XC2028_NO_FIRMWARE) { + if (!firmware_name[0]) +- priv->fname = priv->ctrl.fname; ++ priv->fname = kstrdup(p->fname, GFP_KERNEL); + else + priv->fname = firmware_name; + ++ if (!priv->fname) { ++ rc = -ENOMEM; ++ goto unlock; ++ } ++ + rc = request_firmware_nowait(THIS_MODULE, 1, + priv->fname, + priv->i2c_props.adap->dev.parent, ++++++ patches.kernel.org.tar.bz2 ++++++ ++++ 2443 lines of diff (skipped) ++++++ series.conf ++++++ --- /var/tmp/diff_new_pack.F62qNQ/_old 2016-12-01 10:21:14.000000000 +0100 +++ /var/tmp/diff_new_pack.F62qNQ/_new 2016-12-01 10:21:14.000000000 +0100 @@ -37,6 +37,7 @@ patches.kernel.org/patch-4.8.7-8 patches.kernel.org/patch-4.8.8-9 patches.kernel.org/patch-4.8.9-10 + patches.kernel.org/patch-4.8.10-11 ######################################################## # Build fixes that apply to the vanilla kernel too. @@ -199,6 +200,8 @@ patches.arch/acpi_thermal_passive_blacklist.patch + patches.fixes/Revert-ACPI-Execute-_PTS-before-system-reboot + ######################################################## # CPUFREQ ######################################################## @@ -331,6 +334,7 @@ ######################################################## # video4linux ######################################################## + patches.fixes/xc2028-Fix-use-after-free-bug-properly ######################################################## # Network @@ -379,6 +383,7 @@ ########################################################## # Sound ########################################################## + patches.fixes/ASoC-intel-Fix-crash-at-suspend-resume-without-card ######################################################## # Char / serial ++++++ source-timestamp ++++++ --- /var/tmp/diff_new_pack.F62qNQ/_old 2016-12-01 10:21:14.000000000 +0100 +++ /var/tmp/diff_new_pack.F62qNQ/_new 2016-12-01 10:21:14.000000000 +0100 @@ -1,3 +1,3 @@ -2016-11-21 14:50:28 +0100 -GIT Revision: d1ec0664a219eb386e31c8d46179200ce9dad85c +2016-11-26 19:34:47 +0100 +GIT Revision: ff417d1a10dee9e55cc9d29c6f0bae37395b6dcf GIT Branch: stable