Hello community, here is the log from the commit of package kernel-source for openSUSE:Factory checked in at 2017-02-18 03:17:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kernel-source (Old) and /work/SRC/openSUSE:Factory/.kernel-source.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kernel-source" Changes: -------- --- /work/SRC/openSUSE:Factory/kernel-source/dtb-aarch64.changes 2017-02-12 00:48:05.473160688 +0100 +++ /work/SRC/openSUSE:Factory/.kernel-source.new/dtb-aarch64.changes 2017-02-18 03:17:12.444382414 +0100 @@ -1,0 +2,22 @@ +Thu Feb 16 09:36:29 CET 2017 - mkube...@suse.cz + +- sctp: avoid BUG_ON on sctp_wait_for_sndbuf (CVE-2017-5986 + bsc#1025235). +- commit ffeeef5 + +------------------------------------------------------------------- +Wed Feb 15 17:50:50 CET 2017 - jsl...@suse.cz + +- Linux 4.9.10 (bnc#1012628 bsc#1018100). +- Delete + patches.suse/btrfs-fix-btrfs_compat_ioctl-failures-on-non-compat-ioctls. +- commit 59c7cc2 + +------------------------------------------------------------------- +Tue Feb 14 08:11:44 CET 2017 - mkube...@suse.cz + +- ipv4: keep skb->dst around in presence of IP options + (CVE-2017-5970 bsc#1024938). +- commit fff3f63 + +------------------------------------------------------------------- dtb-armv6l.changes: same change dtb-armv7l.changes: same change kernel-64kb.changes: same change kernel-debug.changes: same change kernel-default.changes: same change kernel-docs.changes: same change kernel-lpae.changes: same change kernel-obs-build.changes: same change kernel-obs-qa.changes: same change kernel-pae.changes: same change kernel-source.changes: same change kernel-syms.changes: same change kernel-syzkaller.changes: same change kernel-vanilla.changes: same change ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dtb-aarch64.spec ++++++ --- /var/tmp/diff_new_pack.sv9mcb/_old 2017-02-18 03:17:17.563659379 +0100 +++ /var/tmp/diff_new_pack.sv9mcb/_new 2017-02-18 03:17:17.567658814 +0100 @@ -16,14 +16,14 @@ # -%define patchversion 4.9.9 +%define patchversion 4.9.10 %include %_sourcedir/kernel-spec-macros Name: dtb-aarch64 -Version: 4.9.9 +Version: 4.9.10 %if 0%{?is_kotd} -Release: <RELEASE>.g6c5120c +Release: <RELEASE>.gffeeef5 %else Release: 0 %endif dtb-armv6l.spec: same change dtb-armv7l.spec: same change ++++++ kernel-64kb.spec ++++++ --- /var/tmp/diff_new_pack.sv9mcb/_old 2017-02-18 03:17:17.651646951 +0100 +++ /var/tmp/diff_new_pack.sv9mcb/_new 2017-02-18 03:17:17.655646387 +0100 @@ -18,7 +18,7 @@ %define srcversion 4.9 -%define patchversion 4.9.9 +%define patchversion 4.9.10 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel with 64kb PAGE_SIZE License: GPL-2.0 Group: System/Kernel -Version: 4.9.9 +Version: 4.9.10 %if 0%{?is_kotd} -Release: <RELEASE>.g6c5120c +Release: <RELEASE>.gffeeef5 %else Release: 0 %endif kernel-debug.spec: same change kernel-default.spec: same change ++++++ kernel-docs.spec ++++++ --- /var/tmp/diff_new_pack.sv9mcb/_old 2017-02-18 03:17:17.755632265 +0100 +++ /var/tmp/diff_new_pack.sv9mcb/_new 2017-02-18 03:17:17.755632265 +0100 @@ -16,7 +16,7 @@ # -%define patchversion 4.9.9 +%define patchversion 4.9.10 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -33,9 +33,9 @@ Summary: Kernel Documentation (man pages) License: GPL-2.0 Group: Documentation/Man -Version: 4.9.9 +Version: 4.9.10 %if 0%{?is_kotd} -Release: <RELEASE>.g6c5120c +Release: <RELEASE>.gffeeef5 %else Release: 0 %endif ++++++ kernel-lpae.spec ++++++ --- /var/tmp/diff_new_pack.sv9mcb/_old 2017-02-18 03:17:17.783628311 +0100 +++ /var/tmp/diff_new_pack.sv9mcb/_new 2017-02-18 03:17:17.787627746 +0100 @@ -18,7 +18,7 @@ %define srcversion 4.9 -%define patchversion 4.9.9 +%define patchversion 4.9.10 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel for LPAE enabled systems License: GPL-2.0 Group: System/Kernel -Version: 4.9.9 +Version: 4.9.10 %if 0%{?is_kotd} -Release: <RELEASE>.g6c5120c +Release: <RELEASE>.gffeeef5 %else Release: 0 %endif ++++++ kernel-obs-build.spec ++++++ --- /var/tmp/diff_new_pack.sv9mcb/_old 2017-02-18 03:17:17.811624357 +0100 +++ /var/tmp/diff_new_pack.sv9mcb/_new 2017-02-18 03:17:17.815623792 +0100 @@ -19,7 +19,7 @@ #!BuildIgnore: post-build-checks -%define patchversion 4.9.9 +%define patchversion 4.9.10 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -51,9 +51,9 @@ Summary: package kernel and initrd for OBS VM builds License: GPL-2.0 Group: SLES -Version: 4.9.9 +Version: 4.9.10 %if 0%{?is_kotd} -Release: <RELEASE>.g6c5120c +Release: <RELEASE>.gffeeef5 %else Release: 0 %endif ++++++ kernel-obs-qa.spec ++++++ --- /var/tmp/diff_new_pack.sv9mcb/_old 2017-02-18 03:17:17.831621532 +0100 +++ /var/tmp/diff_new_pack.sv9mcb/_new 2017-02-18 03:17:17.835620968 +0100 @@ -17,7 +17,7 @@ # needsrootforbuild -%define patchversion 4.9.9 +%define patchversion 4.9.10 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -36,9 +36,9 @@ Summary: Basic QA tests for the kernel License: GPL-2.0 Group: SLES -Version: 4.9.9 +Version: 4.9.10 %if 0%{?is_kotd} -Release: <RELEASE>.g6c5120c +Release: <RELEASE>.gffeeef5 %else Release: 0 %endif ++++++ kernel-pae.spec ++++++ --- /var/tmp/diff_new_pack.sv9mcb/_old 2017-02-18 03:17:17.855618143 +0100 +++ /var/tmp/diff_new_pack.sv9mcb/_new 2017-02-18 03:17:17.859617578 +0100 @@ -18,7 +18,7 @@ %define srcversion 4.9 -%define patchversion 4.9.9 +%define patchversion 4.9.10 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel with PAE Support License: GPL-2.0 Group: System/Kernel -Version: 4.9.9 +Version: 4.9.10 %if 0%{?is_kotd} -Release: <RELEASE>.g6c5120c +Release: <RELEASE>.gffeeef5 %else Release: 0 %endif ++++++ kernel-source.spec ++++++ --- /var/tmp/diff_new_pack.sv9mcb/_old 2017-02-18 03:17:17.883614189 +0100 +++ /var/tmp/diff_new_pack.sv9mcb/_new 2017-02-18 03:17:17.883614189 +0100 @@ -18,7 +18,7 @@ %define srcversion 4.9 -%define patchversion 4.9.9 +%define patchversion 4.9.10 %define variant %{nil} %define vanilla_only 0 @@ -30,9 +30,9 @@ Summary: The Linux Kernel Sources License: GPL-2.0 Group: Development/Sources -Version: 4.9.9 +Version: 4.9.10 %if 0%{?is_kotd} -Release: <RELEASE>.g6c5120c +Release: <RELEASE>.gffeeef5 %else Release: 0 %endif ++++++ kernel-syms.spec ++++++ --- /var/tmp/diff_new_pack.sv9mcb/_old 2017-02-18 03:17:17.907610800 +0100 +++ /var/tmp/diff_new_pack.sv9mcb/_new 2017-02-18 03:17:17.911610235 +0100 @@ -24,10 +24,10 @@ Summary: Kernel Symbol Versions (modversions) License: GPL-2.0 Group: Development/Sources -Version: 4.9.9 +Version: 4.9.10 %if %using_buildservice %if 0%{?is_kotd} -Release: <RELEASE>.g6c5120c +Release: <RELEASE>.gffeeef5 %else Release: 0 %endif ++++++ kernel-syzkaller.spec ++++++ --- /var/tmp/diff_new_pack.sv9mcb/_old 2017-02-18 03:17:17.939606281 +0100 +++ /var/tmp/diff_new_pack.sv9mcb/_new 2017-02-18 03:17:17.943605716 +0100 @@ -18,7 +18,7 @@ %define srcversion 4.9 -%define patchversion 4.9.9 +%define patchversion 4.9.10 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel used for fuzzing by syzkaller License: GPL-2.0 Group: System/Kernel -Version: 4.9.9 +Version: 4.9.10 %if 0%{?is_kotd} -Release: <RELEASE>.g6c5120c +Release: <RELEASE>.gffeeef5 %else Release: 0 %endif kernel-vanilla.spec: same change ++++++ patches.fixes.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/ipv4-keep-skb-dst-around-in-presence-of-IP-options.patch new/patches.fixes/ipv4-keep-skb-dst-around-in-presence-of-IP-options.patch --- old/patches.fixes/ipv4-keep-skb-dst-around-in-presence-of-IP-options.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.fixes/ipv4-keep-skb-dst-around-in-presence-of-IP-options.patch 2017-02-16 09:36:29.000000000 +0100 @@ -0,0 +1,51 @@ +From: Eric Dumazet <eduma...@google.com> +Date: Sat, 4 Feb 2017 11:16:52 -0800 +Subject: ipv4: keep skb->dst around in presence of IP options +Patch-mainline: v4.10-rc8 +Git-commit: 34b2cef20f19c87999fff3da4071e66937db9644 +References: CVE-2017-5970 bsc#1024938 + +Andrey Konovalov got crashes in __ip_options_echo() when a NULL skb->dst +is accessed. + +ipv4_pktinfo_prepare() should not drop the dst if (evil) IP options +are present. + +We could refine the test to the presence of ts_needtime or srr, +but IP options are not often used, so let's be conservative. + +Thanks to syzkaller team for finding this bug. + +Fixes: d826eb14ecef ("ipv4: PKTINFO doesnt need dst reference") +Signed-off-by: Eric Dumazet <eduma...@google.com> +Reported-by: Andrey Konovalov <andreyk...@google.com> +Signed-off-by: David S. Miller <da...@davemloft.net> +Acked-by: Michal Kubecek <mkube...@suse.cz> + +--- + net/ipv4/ip_sockglue.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c +index f226f4086e05..65336f38a5d8 100644 +--- a/net/ipv4/ip_sockglue.c ++++ b/net/ipv4/ip_sockglue.c +@@ -1215,7 +1215,14 @@ void ipv4_pktinfo_prepare(const struct sock *sk, struct sk_buff *skb) + pktinfo->ipi_ifindex = 0; + pktinfo->ipi_spec_dst.s_addr = 0; + } +- skb_dst_drop(skb); ++ /* We need to keep the dst for __ip_options_echo() ++ * We could restrict the test to opt.ts_needtime || opt.srr, ++ * but the following is good enough as IP options are not often used. ++ */ ++ if (unlikely(IPCB(skb)->opt.optlen)) ++ skb_dst_force(skb); ++ else ++ skb_dst_drop(skb); + } + + int ip_setsockopt(struct sock *sk, int level, +-- +2.11.1 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/sctp-avoid-BUG_ON-on-sctp_wait_for_sndbuf.patch new/patches.fixes/sctp-avoid-BUG_ON-on-sctp_wait_for_sndbuf.patch --- old/patches.fixes/sctp-avoid-BUG_ON-on-sctp_wait_for_sndbuf.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.fixes/sctp-avoid-BUG_ON-on-sctp_wait_for_sndbuf.patch 2017-02-16 09:36:29.000000000 +0100 @@ -0,0 +1,43 @@ +From: Marcelo Ricardo Leitner <marcelo.leit...@gmail.com> +Date: Mon, 6 Feb 2017 18:10:31 -0200 +Subject: sctp: avoid BUG_ON on sctp_wait_for_sndbuf +Patch-mainline: v4.10-rc8 +Git-commit: 2dcab598484185dea7ec22219c76dcdd59e3cb90 +References: CVE-2017-5986 bsc#1025235 + +Alexander Popov reported that an application may trigger a BUG_ON in +sctp_wait_for_sndbuf if the socket tx buffer is full, a thread is +waiting on it to queue more data and meanwhile another thread peels off +the association being used by the first thread. + +This patch replaces the BUG_ON call with a proper error handling. It +will return -EPIPE to the original sendmsg call, similarly to what would +have been done if the association wasn't found in the first place. + +Acked-by: Alexander Popov <alex.po...@linux.com> +Signed-off-by: Marcelo Ricardo Leitner <marcelo.leit...@gmail.com> +Reviewed-by: Xin Long <lucien....@gmail.com> +Signed-off-by: David S. Miller <da...@davemloft.net> +Acked-by: Michal Kubecek <mkube...@suse.cz> + +--- + net/sctp/socket.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/net/sctp/socket.c b/net/sctp/socket.c +index ca12aa346c0d..6cbe5bdf2b15 100644 +--- a/net/sctp/socket.c ++++ b/net/sctp/socket.c +@@ -7427,7 +7427,8 @@ static int sctp_wait_for_sndbuf(struct sctp_association *asoc, long *timeo_p, + */ + release_sock(sk); + current_timeo = schedule_timeout(current_timeo); +- BUG_ON(sk != asoc->base.sk); ++ if (sk != asoc->base.sk) ++ goto do_error; + lock_sock(sk); + + *timeo_p = current_timeo; +-- +2.11.1 + ++++++ patches.kernel.org.tar.bz2 ++++++ ++++ 2231 lines of diff (skipped) ++++++ patches.suse.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/btrfs-fix-btrfs_compat_ioctl-failures-on-non-compat-ioctls new/patches.suse/btrfs-fix-btrfs_compat_ioctl-failures-on-non-compat-ioctls --- old/patches.suse/btrfs-fix-btrfs_compat_ioctl-failures-on-non-compat-ioctls 2017-02-07 16:51:24.000000000 +0100 +++ new/patches.suse/btrfs-fix-btrfs_compat_ioctl-failures-on-non-compat-ioctls 1970-01-01 01:00:00.000000000 +0100 @@ -1,40 +0,0 @@ -From: Jeff Mahoney <je...@suse.com> -Subject: btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls -References: bsc#1018100 -Patch-mainline: Submitted, linux-btrfs, 6 Feb 2017 - -Commit 4c63c2454ef incorrectly assumed that returning -ENOIOCTLCMD would -cause the native ioctl to be called. The ->compat_ioctl callback is -expected to handle all ioctls, not just compat variants. As a result, -when using 32-bit userspace on 64-bit kernels, everything except those -three ioctls would return -ENOTTY. - -Fixes: 4c63c2454ef ("btrfs: bugfix: handle FS_IOC32_{GETFLAGS,SETFLAGS,GETVERSION} in btrfs_ioctl") -Cc: sta...@vger.kernel.org -Signed-off-by: Jeff Mahoney <je...@suse.com> ---- - fs/btrfs/ioctl.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - ---- a/fs/btrfs/ioctl.c -+++ b/fs/btrfs/ioctl.c -@@ -5653,6 +5653,10 @@ long btrfs_ioctl(struct file *file, unsi - #ifdef CONFIG_COMPAT - long btrfs_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) - { -+ /* -+ * These all access 32-bit values anyway so no further -+ * handling is necessary. -+ */ - switch (cmd) { - case FS_IOC32_GETFLAGS: - cmd = FS_IOC_GETFLAGS; -@@ -5663,8 +5667,6 @@ long btrfs_compat_ioctl(struct file *fil - case FS_IOC32_GETVERSION: - cmd = FS_IOC_GETVERSION; - break; -- default: -- return -ENOIOCTLCMD; - } - - return btrfs_ioctl(file, cmd, (unsigned long) compat_ptr(arg)); ++++++ series.conf ++++++ --- /var/tmp/diff_new_pack.sv9mcb/_old 2017-02-18 03:17:19.099442468 +0100 +++ /var/tmp/diff_new_pack.sv9mcb/_new 2017-02-18 03:17:19.099442468 +0100 @@ -36,6 +36,7 @@ patches.kernel.org/patch-4.9.6-7 patches.kernel.org/patch-4.9.7-8 patches.kernel.org/patch-4.9.8-9 + patches.kernel.org/patch-4.9.9-10 ######################################################## # Build fixes that apply to the vanilla kernel too. @@ -218,6 +219,8 @@ # Networking, IPv6 ######################################################## patches.fixes/ip6_gre-fix-ip6gre_err-invalid-reads.patch + patches.fixes/ipv4-keep-skb-dst-around-in-presence-of-IP-options.patch + patches.fixes/sctp-avoid-BUG_ON-on-sctp_wait_for_sndbuf.patch ######################################################## # Netfilter @@ -254,7 +257,6 @@ patches.suse/revert-btrfs-fix-lockdep-warning-on-deadlock-against-an-inode-s-log-mutex.patch patches.suse/revert-btrfs-improve-performance-on-fsync-against-new-inode-after-rename-unlink.patch patches.suse/btrfs-fix-extent-tree-corruption-due-to-relocation.patch - patches.suse/btrfs-fix-btrfs_compat_ioctl-failures-on-non-compat-ioctls ######################################################## # Reiserfs Patches ++++++ source-timestamp ++++++ --- /var/tmp/diff_new_pack.sv9mcb/_old 2017-02-18 03:17:19.131437949 +0100 +++ /var/tmp/diff_new_pack.sv9mcb/_new 2017-02-18 03:17:19.131437949 +0100 @@ -1,3 +1,3 @@ -2017-02-09 11:55:53 +0100 -GIT Revision: 6c5120caac312a1909e2347a00433920d10ebd9f +2017-02-16 09:36:29 +0100 +GIT Revision: ffeeef592fefd9695f1869aefc0ac470de923bc7 GIT Branch: stable