Hello community, here is the log from the commit of package kernel-source.4563 for openSUSE:13.1:Update checked in at 2016-02-08 15:39:01 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/kernel-source.4563 (Old) and /work/SRC/openSUSE:13.1:Update/.kernel-source.4563.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kernel-source.4563" Changes: -------- --- /work/SRC/openSUSE:13.1:Update/kernel-source.4563/kernel-cubox.changes 2016-02-01 12:26:11.000000000 +0100 +++ /work/SRC/openSUSE:13.1:Update/.kernel-source.4563.new/kernel-cubox.changes 2016-02-08 15:39:02.000000000 +0100 @@ -1,0 +2,542 @@ +Wed Jan 20 13:39:07 CET 2016 - j...@suse.com + +- KEYS: Fix race between read and revoke (bnc#958951, + CVE-2015-7550). +- commit 60aea17 + +------------------------------------------------------------------- +Wed Jan 20 11:48:51 CET 2016 - j...@suse.com + +- patches.fixes/keys-fix-leak.patch: (bnc#962075, CVE-2016-0728). +- commit 5824983 + +------------------------------------------------------------------- +Wed Jan 20 11:34:00 CET 2016 - mkube...@suse.cz + +- sctp: Prevent soft lockup when sctp_accept() is called during + a timeout event (CVE-2015-8767 bsc#961509). +- commit 9485403 + +------------------------------------------------------------------- +Mon Dec 21 22:13:57 CET 2015 - b...@suse.de + +- pptp: verify sockaddr_len in pptp_bind() and pptp_connect() + (bsc#959190, CVE-2015-8569). +- commit 32587c2 + +------------------------------------------------------------------- +Sat Dec 19 11:36:08 CET 2015 - b...@suse.de + +- bluetooth: Validate socket address length in sco_sock_bind() + (bsc#959399, CVE-2015-8575). +- commit 220d6d4 + +------------------------------------------------------------------- +Fri Dec 18 19:17:43 CET 2015 - jbo...@suse.cz + +- Refresh + patches.fixes/net-add-validation-for-the-socket-syscall-protocol-a.patch. + Fix build error caused by missing U8_MAX. +- commit 862fda6 + +------------------------------------------------------------------- +Fri Dec 18 18:54:34 CET 2015 - jbo...@suse.cz + +- net: add validation for the socket syscall protocol argument + (bsc#958886, CVE-2015-8543). +- commit 7563240 + +------------------------------------------------------------------- +Mon Dec 14 06:16:30 CET 2015 - ne...@suse.com + +- KEYS: Make /proc/keys unconditional if CONFIG_KEYS=y + (boo#956934). +- commit ac9d5e1 + +------------------------------------------------------------------- +Thu Dec 10 11:09:39 CET 2015 - mma...@suse.com + +- genksyms: Handle string literals with spaces in reference files (bsc#958510). +- commit cc62435 + +------------------------------------------------------------------- +Fri Dec 4 10:42:48 CET 2015 - mkube...@suse.cz + +- Update references of + patches.fixes/ipv6-addrconf-validate-new-MTU-before-applying-it.patch + (add bsc#955354 CVE-2015-8215). +- commit 1765b3c + +------------------------------------------------------------------- +Fri Dec 4 10:40:02 CET 2015 - mkube...@suse.cz + +- ipv6: distinguish frag queues by device for multicast and + link-local packets (bsc#955422). +- route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224). +- ipv4: Don't increase PMTU with Datagram Too Big message + (bsc#955224). +- commit 9460863 + +------------------------------------------------------------------- +Fri Dec 4 09:33:52 CET 2015 - mkube...@suse.cz + +- Update mainline reference: + patches.fixes/net-sctp-inherit-auth_capable-on-INIT-collisions.patch. +- commit e21291f + +------------------------------------------------------------------- +Tue Nov 17 10:58:32 CET 2015 - jbeul...@suse.com + +- x86/ldt: Make modify_ldt synchronous (bsc#938706, + CVE-2015-5157). +- Refresh other Xen patches. +- commit 1dfee31 + +------------------------------------------------------------------- +Mon Nov 16 13:45:40 CET 2015 - mkube...@suse.cz + +- ipv6: fix tunnel error handling (bsc#952579). +- commit e2de62f + +------------------------------------------------------------------- +Fri Nov 13 18:28:06 CET 2015 - jbo...@suse.cz + +- ppp, slip: Validate VJ compression slot parameters completely + (bsc#949936, CVE-2015-7799). +- isdn_ppp: Add checks for allocation failure in isdn_ppp_open() + (bsc#949936, CVE-2015-7799). +- commit a69ae3c + +------------------------------------------------------------------- +Fri Nov 13 16:19:52 CET 2015 - oneu...@suse.com + +- usbvision fix overflow of interfaces array (bnc#950998). +- commit da3354f + +------------------------------------------------------------------- +Wed Nov 11 18:12:01 CET 2015 - jroe...@suse.de + +- KVM: svm: unconditionally intercept #DB (CVE-2015-8104 + bsc#954404). +- KVM: x86: work around infinite loop in microcode when #AC is + delivered (CVE-2015-5307 bsc#953527). +- commit c2d985d + +------------------------------------------------------------------- +Tue Nov 10 18:48:29 CET 2015 - b...@suse.de + +- x86/paravirt: Replace the paravirt nop with a bona fide empty + function (bsc#938706, CVE-2015-5157). +- x86/nmi/64: Fix a paravirt stack-clobbering bug in the NMI code + (bsc#938706, CVE-2015-5157). +- x86/ldt: Further fix FPU emulation (bsc#938706, CVE-2015-5157). +- x86/ldt: Correct FPU emulation access to LDT (bsc#938706, + CVE-2015-5157). +- x86/ldt: Correct LDT access in single stepping logic + (bsc#938706, CVE-2015-5157). +- x86/ldt: Make modify_ldt synchronous (bsc#938706, + CVE-2015-5157). +- rcu: Move lockless_dereference() out of rcupdate.h (bsc#938706, + CVE-2015-5157). +- x86/nmi/64: Switch stacks on userspace NMI entry (bsc#938706, + CVE-2015-5157). +- commit 77192e7 + +------------------------------------------------------------------- +Thu Nov 5 15:06:12 CET 2015 - jbo...@suse.cz + +- RDS: fix race condition when sending a message on unbound socket + (bsc#952384, CVE-2015-7990). +- RDS: verify the underlying transport exists before creating + a connection (bsc#945825, CVE-2015-6937). +- commit 3c511b1 + +------------------------------------------------------------------- +Wed Oct 28 08:43:27 CET 2015 - ti...@suse.de + +- ALSA: hda - Disable 64bit address for Creative HDA controllers + (bnc#814440). +- commit 3f64e4b + +------------------------------------------------------------------- +Fri Oct 23 03:42:46 CEST 2015 - je...@suse.com + +- Refresh + patches.fixes/keys-don-t-permit-request_key-to-construct-a-new-keyring. + Fixed incomplete backport. +- commit ea30661 + +------------------------------------------------------------------- +Fri Oct 23 03:06:51 CEST 2015 - je...@suse.com + +- KEYS: Don't permit request_key() to construct a new keyring + (CVE-2015-7872 bsc#951440). +- KEYS: Fix crash when attempt to garbage collect an + uninstantiated keyring (CVE-2015-7872 bsc#951440). +- KEYS: Fix race between key destruction and finding a keyring + by name (bsc#951440). +- commit 9f89501 + +------------------------------------------------------------------- +Fri Oct 23 00:11:29 CEST 2015 - ne...@suse.com + +- vfs: Test for and handle paths that are unreachable from their + mnt_root (bsc#926238, CVE-2015-2925). +- vfs: Test for and handle paths that are unreachable from their + mnt_root (bsc#926238, CVE#2015-2925). +- commit 0a0e072 + +------------------------------------------------------------------- +Tue Oct 20 14:16:40 CEST 2015 - oneu...@suse.com + +- xhci: Add spurious wakeup quirk for LynxPoint-LP controllers + (bnc#951194). +- commit 708e00d + +------------------------------------------------------------------- +Mon Oct 12 12:01:32 CEST 2015 - mma...@suse.com ++++ 345 more lines (skipped) ++++ between /work/SRC/openSUSE:13.1:Update/kernel-source.4563/kernel-cubox.changes ++++ and /work/SRC/openSUSE:13.1:Update/.kernel-source.4563.new/kernel-cubox.changes kernel-debug.changes: same change kernel-default.changes: same change kernel-desktop.changes: same change kernel-docs.changes: same change kernel-ec2.changes: same change kernel-exynos.changes: same change kernel-lpae.changes: same change kernel-obs-build.changes: same change kernel-obs-qa.changes: same change kernel-pae.changes: same change kernel-source.changes: same change kernel-syms.changes: same change kernel-trace.changes: same change kernel-vanilla.changes: same change kernel-xen.changes: same change ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kernel-cubox.spec ++++++ --- /var/tmp/diff_new_pack.iQszg5/_old 2016-02-08 15:39:07.000000000 +0100 +++ /var/tmp/diff_new_pack.iQszg5/_new 2016-02-08 15:39:07.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package kernel-cubox # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -62,9 +62,10 @@ License: GPL-2.0 Group: System/Kernel Version: 3.11.10 -Release: 0 %if 0%{?is_kotd} +Release: <RELEASE>.g1e76e80 %else +Release: 0 %endif Url: http://www.kernel.org/ BuildRequires: bc kernel-debug.spec: same change kernel-default.spec: same change ++++++ kernel-desktop.spec ++++++ --- /var/tmp/diff_new_pack.iQszg5/_old 2016-02-08 15:39:07.000000000 +0100 +++ /var/tmp/diff_new_pack.iQszg5/_new 2016-02-08 15:39:07.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package kernel-desktop # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -62,9 +62,10 @@ License: GPL-2.0 Group: System/Kernel Version: 3.11.10 -Release: 0 %if 0%{?is_kotd} +Release: <RELEASE>.g1e76e80 %else +Release: 0 %endif Url: http://www.kernel.org/ BuildRequires: bc @@ -357,6 +358,7 @@ that support it, regardless of the amount of main memory. %endif + %source_timestamp %prep if ! [ -e %{S:0} ]; then @@ -980,6 +982,7 @@ This package contains only the base modules, required in all installs. + %source_timestamp %preun base -f preun-base.sh @@ -1030,6 +1033,7 @@ This package contains additional modules not supported by Novell. + %source_timestamp %preun extra -f preun-extra.sh ++++++ kernel-docs.spec ++++++ --- /var/tmp/diff_new_pack.iQszg5/_old 2016-02-08 15:39:07.000000000 +0100 +++ /var/tmp/diff_new_pack.iQszg5/_new 2016-02-08 15:39:07.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package kernel-docs # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,9 +26,10 @@ License: GPL-2.0 Group: Documentation/Man Version: 3.11.10 -Release: 0 %if 0%{?is_kotd} +Release: <RELEASE>.g1e76e80 %else +Release: 0 %endif BuildRequires: kernel-source%variant BuildRequires: xmlto ++++++ kernel-ec2.spec ++++++ --- /var/tmp/diff_new_pack.iQszg5/_old 2016-02-08 15:39:07.000000000 +0100 +++ /var/tmp/diff_new_pack.iQszg5/_new 2016-02-08 15:39:07.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package kernel-ec2 # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -62,9 +62,10 @@ License: GPL-2.0 Group: System/Kernel Version: 3.11.10 -Release: 0 %if 0%{?is_kotd} +Release: <RELEASE>.g1e76e80 %else +Release: 0 %endif Url: http://www.kernel.org/ BuildRequires: bc kernel-exynos.spec: same change kernel-lpae.spec: same change ++++++ kernel-obs-build.spec ++++++ --- /var/tmp/diff_new_pack.iQszg5/_old 2016-02-08 15:39:07.000000000 +0100 +++ /var/tmp/diff_new_pack.iQszg5/_new 2016-02-08 15:39:07.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package kernel-obs-build # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -46,9 +46,10 @@ License: GPL-2.0 Group: SLES Version: 3.11.10 -Release: 0 %if 0%{?is_kotd} +Release: <RELEASE>.g1e76e80 %else +Release: 0 %endif %description @@ -92,7 +93,7 @@ # a longer list to have them also available for qemu cross builds where x86_64 kernel runs in eg. arm env. # this list of modules where available on build workers of build.opensuse.org, so we stay compatible. -export KERNEL_MODULES="loop dm-mod dm-snapshot binfmt-misc fuse kqemu squashfs ext2 ext3 ext4 reiserfs nf_conntrack_ipv6 binfmt_misc virtio_pci virtio_mmio virtio_blk fat vfat nls_cp437 nls_iso8859-1 ibmvscsi ibmvscsic" +export KERNEL_MODULES="loop dm-mod dm-snapshot binfmt-misc fuse kqemu squashfs ext2 ext3 ext4 reiserfs nf_conntrack_ipv6 binfmt_misc virtio_pci virtio_mmio virtio_blk virtio_rng fat vfat nls_cp437 nls_iso8859-1 ibmvscsi ibmvscsic" ROOT="" [ -e "/dev/vda" ] && ROOT="-d /dev/vda" [ -e /dev/hda1 ] && ROOT="-d /dev/hda1" # for xen builds @@ -124,6 +125,7 @@ %endif %endif + #cleanup rm -rf /usr/lib/dracut/modules.d/80obs ++++++ kernel-obs-qa.spec ++++++ --- /var/tmp/diff_new_pack.iQszg5/_old 2016-02-08 15:39:07.000000000 +0100 +++ /var/tmp/diff_new_pack.iQszg5/_new 2016-02-08 15:39:07.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package kernel-obs-qa # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -40,9 +40,10 @@ License: GPL-2.0 Group: SLES Version: 3.11.10 -Release: 0 %if 0%{?is_kotd} +Release: <RELEASE>.g1e76e80 %else +Release: 0 %endif %description @@ -61,14 +62,12 @@ # test suites should be packaged in other packages, but build required # and called here. -if ! /sbin/modprobe loop; then - echo "ERROR: Unable to load the kernel loop module." - echo "Usually the wrong kernel is running, this is atm" - cat /proc/version - echo "Installed kernel modules are:" - rpm -q kernel-@FLAVOR@ - exit 1 +krel=$(uname -r) +if test ! -d "/lib/modules/$krel/kernel"; then + echo "Kernel package for $krel not installed; exiting" + exit 0 fi +/sbin/modprobe loop %install mkdir -p %{buildroot}/usr/share/%name ++++++ kernel-pae.spec ++++++ --- /var/tmp/diff_new_pack.iQszg5/_old 2016-02-08 15:39:07.000000000 +0100 +++ /var/tmp/diff_new_pack.iQszg5/_new 2016-02-08 15:39:07.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package kernel-pae # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -62,9 +62,10 @@ License: GPL-2.0 Group: System/Kernel Version: 3.11.10 -Release: 0 %if 0%{?is_kotd} +Release: <RELEASE>.g1e76e80 %else +Release: 0 %endif Url: http://www.kernel.org/ BuildRequires: bc ++++++ kernel-source.spec ++++++ --- /var/tmp/diff_new_pack.iQszg5/_old 2016-02-08 15:39:07.000000000 +0100 +++ /var/tmp/diff_new_pack.iQszg5/_new 2016-02-08 15:39:07.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package kernel-source # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -31,9 +31,10 @@ License: GPL-2.0 Group: Development/Sources Version: 3.11.10 -Release: 0 %if 0%{?is_kotd} +Release: <RELEASE>.g1e76e80 %else +Release: 0 %endif Url: http://www.kernel.org/ AutoReqProv: off ++++++ kernel-syms.spec ++++++ --- /var/tmp/diff_new_pack.iQszg5/_old 2016-02-08 15:39:07.000000000 +0100 +++ /var/tmp/diff_new_pack.iQszg5/_new 2016-02-08 15:39:07.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package kernel-syms # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -25,13 +25,15 @@ License: GPL-2.0 Group: Development/Sources Version: 3.11.10 -Release: 0 %if %using_buildservice %if 0%{?is_kotd} +Release: <RELEASE>.g1e76e80 %else +Release: 0 %endif %else %define kernel_source_release %(LC_ALL=C rpm -q kernel-devel%variant-%version --qf "%{RELEASE}" | grep -v 'not installed' || echo 0) +Release: %kernel_source_release %endif Url: http://www.kernel.org/ AutoReqProv: off ++++++ kernel-trace.spec ++++++ --- /var/tmp/diff_new_pack.iQszg5/_old 2016-02-08 15:39:07.000000000 +0100 +++ /var/tmp/diff_new_pack.iQszg5/_new 2016-02-08 15:39:07.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package kernel-trace # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -62,9 +62,10 @@ License: GPL-2.0 Group: System/Kernel Version: 3.11.10 -Release: 0 %if 0%{?is_kotd} +Release: <RELEASE>.g1e76e80 %else +Release: 0 %endif Url: http://www.kernel.org/ BuildRequires: bc kernel-vanilla.spec: same change kernel-xen.spec: same change ++++++ config.tar.bz2 ++++++ ++++++ kabi.tar.bz2 ++++++ ++++ 23306 lines of diff (skipped) ++++++ kernel-obs-build.spec.in ++++++ --- /var/tmp/diff_new_pack.iQszg5/_old 2016-02-08 15:39:13.000000000 +0100 +++ /var/tmp/diff_new_pack.iQszg5/_new 2016-02-08 15:39:13.000000000 +0100 @@ -93,7 +93,7 @@ # a longer list to have them also available for qemu cross builds where x86_64 kernel runs in eg. arm env. # this list of modules where available on build workers of build.opensuse.org, so we stay compatible. -export KERNEL_MODULES="loop dm-mod dm-snapshot binfmt-misc fuse kqemu squashfs ext2 ext3 ext4 reiserfs nf_conntrack_ipv6 binfmt_misc virtio_pci virtio_mmio virtio_blk fat vfat nls_cp437 nls_iso8859-1 ibmvscsi ibmvscsic" +export KERNEL_MODULES="loop dm-mod dm-snapshot binfmt-misc fuse kqemu squashfs ext2 ext3 ext4 reiserfs nf_conntrack_ipv6 binfmt_misc virtio_pci virtio_mmio virtio_blk virtio_rng fat vfat nls_cp437 nls_iso8859-1 ibmvscsi ibmvscsic" ROOT="" [ -e "/dev/vda" ] && ROOT="-d /dev/vda" [ -e /dev/hda1 ] && ROOT="-d /dev/hda1" # for xen builds ++++++ kernel-obs-qa.spec.in ++++++ --- /var/tmp/diff_new_pack.iQszg5/_old 2016-02-08 15:39:13.000000000 +0100 +++ /var/tmp/diff_new_pack.iQszg5/_new 2016-02-08 15:39:13.000000000 +0100 @@ -62,15 +62,12 @@ # test suites should be packaged in other packages, but build required # and called here. -if ! /sbin/modprobe loop; then - echo "ERROR: Unable to load the kernel loop module." - echo "Usually the wrong kernel is running, this is atm" - cat /proc/version - echo "Installed kernel modules are:" - rpm -q kernel-@FLAVOR@ - exit 1 +krel=$(uname -r) +if test ! -d "/lib/modules/$krel/kernel"; then + echo "Kernel package for $krel not installed; exiting" + exit 0 fi - +/sbin/modprobe loop %install mkdir -p %{buildroot}/usr/share/%name ++++++ log.sh ++++++ --- /var/tmp/diff_new_pack.iQszg5/_old 2016-02-08 15:39:13.000000000 +0100 +++ /var/tmp/diff_new_pack.iQszg5/_new 2016-02-08 15:39:13.000000000 +0100 @@ -1,4 +1,4 @@ -#! /bin/sh +#! /bin/bash # log.sh - Automate insertion of patches into a kernel rpm tree managed # with series.conf ++++++ patches.arch.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.arch/arm64-mm-Remove-hack-in-mmap-randomize-layout.patch new/patches.arch/arm64-mm-Remove-hack-in-mmap-randomize-layout.patch --- old/patches.arch/arm64-mm-Remove-hack-in-mmap-randomize-layout.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.arch/arm64-mm-Remove-hack-in-mmap-randomize-layout.patch 2015-07-21 18:59:20.000000000 +0200 @@ -0,0 +1,68 @@ +From: Yann Droneaud <ydrone...@opteya.com> +Date: Mon, 17 Nov 2014 23:02:19 +0000 +Subject: [PATCH] arm64/mm: Remove hack in mmap randomize layout +Git-commit: d6c763afab142a85e4770b4bc2a5f40f256d5c5d +Patch-Mainline: v3.19-rc1 + +Since commit 8a0a9bd4db63 ('random: make get_random_int() more +random'), get_random_int() returns a random value for each call, +so comment and hack introduced in mmap_rnd() as part of commit +1d18c47c735e ('arm64: MMU fault handling and page table management') +are incorrects. + +Commit 1d18c47c735e seems to use the same hack introduced by +commit a5adc91a4b44 ('powerpc: Ensure random space between stack +and mmaps'), latter copied in commit 5a0efea09f42 ('sparc64: Sharpen +address space randomization calculations.'). + +But both architectures were cleaned up as part of commit +fa8cbaaf5a68 ('powerpc+sparc64/mm: Remove hack in mmap randomize +layout') as hack is no more needed since commit 8a0a9bd4db63. + +So the present patch removes the comment and the hack around +get_random_int() on AArch64's mmap_rnd(). + +Cc: David S. Miller <da...@davemloft.net> +Cc: Anton Blanchard <an...@samba.org> +Cc: Benjamin Herrenschmidt <b...@kernel.crashing.org> +Acked-by: Will Deacon <will.dea...@arm.com> +Acked-by: Dan McGee <dpmc...@gmail.com> +Signed-off-by: Yann Droneaud <ydrone...@opteya.com> +Signed-off-by: Will Deacon <will.dea...@arm.com> +Acked-by: Matthias Brugger <mbrug...@suse.com> +--- + arch/arm64/mm/mmap.c | 12 ++---------- + 1 file changed, 2 insertions(+), 10 deletions(-) + +diff --git a/arch/arm64/mm/mmap.c b/arch/arm64/mm/mmap.c +index 1d73662..54922d1 100644 +--- a/arch/arm64/mm/mmap.c ++++ b/arch/arm64/mm/mmap.c +@@ -47,22 +47,14 @@ static int mmap_is_legacy(void) + return sysctl_legacy_va_layout; + } + +-/* +- * Since get_random_int() returns the same value within a 1 jiffy window, we +- * will almost always get the same randomisation for the stack and mmap +- * region. This will mean the relative distance between stack and mmap will be +- * the same. +- * +- * To avoid this we can shift the randomness by 1 bit. +- */ + static unsigned long mmap_rnd(void) + { + unsigned long rnd = 0; + + if (current->flags & PF_RANDOMIZE) +- rnd = (long)get_random_int() & (STACK_RND_MASK >> 1); ++ rnd = (long)get_random_int() & STACK_RND_MASK; + +- return rnd << (PAGE_SHIFT + 1); ++ return rnd << PAGE_SHIFT; + } + + static unsigned long mmap_base(void) +-- +1.9.1 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.arch/kvm-x86-fix-kvm_apic_has_events-to-check-for-NULL-po new/patches.arch/kvm-x86-fix-kvm_apic_has_events-to-check-for-NULL-po --- old/patches.arch/kvm-x86-fix-kvm_apic_has_events-to-check-for-NULL-po 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.arch/kvm-x86-fix-kvm_apic_has_events-to-check-for-NULL-po 2015-07-21 18:59:20.000000000 +0200 @@ -0,0 +1,29 @@ +From ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini <pbonz...@redhat.com> +Date: Sat, 30 May 2015 14:31:24 +0200 +Subject: [PATCH] kvm: x86: fix kvm_apic_has_events to check for NULL pointer +Git-commit: ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009 +Patch-mainline: 4.2-rc1 +References: bnc#935542,CVE-2015-4692 + +Malicious (or egregiously buggy) userspace can trigger it, but it +should never happen in normal operation. + +Signed-off-by: Paolo Bonzini <pbonz...@redhat.com> +Acked-by: Takashi Iwai <ti...@suse.de> + +--- + arch/x86/kvm/lapic.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/x86/kvm/lapic.h ++++ b/arch/x86/kvm/lapic.h +@@ -165,7 +165,7 @@ static inline u16 apic_logical_id(struct + + static inline bool kvm_apic_has_events(struct kvm_vcpu *vcpu) + { +- return vcpu->arch.apic->pending_events; ++ return kvm_vcpu_has_lapic(vcpu) && vcpu->arch.apic->pending_events; + } + + bool kvm_apic_pending_eoi(struct kvm_vcpu *vcpu, int vector); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.arch/x86-asm-entry-64-remove-a-bogus-ret_from_fork-optimization.patch new/patches.arch/x86-asm-entry-64-remove-a-bogus-ret_from_fork-optimization.patch --- old/patches.arch/x86-asm-entry-64-remove-a-bogus-ret_from_fork-optimization.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.arch/x86-asm-entry-64-remove-a-bogus-ret_from_fork-optimization.patch 2015-07-21 18:59:20.000000000 +0200 @@ -0,0 +1,56 @@ +From: Andy Lutomirski <l...@amacapital.net> +Date: Thu, 5 Mar 2015 01:09:44 +0100 +Subject: x86/asm/entry/64: Remove a bogus 'ret_from_fork' optimization +Git-commit: 956421fbb74c3a6261903f3836c0740187cf038b +Patch-mainline: v4.0-rc3 +References: bsc#926240, CVE-2015-2830 + +'ret_from_fork' checks TIF_IA32 to determine whether 'pt_regs' and +the related state make sense for 'ret_from_sys_call'. This is +entirely the wrong check. TS_COMPAT would make a little more +sense, but there's really no point in keeping this optimization +at all. + +This fixes a return to the wrong user CS if we came from int +0x80 in a 64-bit task. + +Signed-off-by: Andy Lutomirski <l...@amacapital.net> +Cc: Borislav Petkov <b...@alien8.de> +Cc: Denys Vlasenko <dvlas...@redhat.com> +Cc: H. Peter Anvin <h...@zytor.com> +Cc: Linus Torvalds <torva...@linux-foundation.org> +Cc: Oleg Nesterov <o...@redhat.com> +Cc: Thomas Gleixner <t...@linutronix.de> +Cc: <sta...@vger.kernel.org> +Link: http://lkml.kernel.org/r/4710be56d76ef994ddf59087aad98c000fbab9a4.1424989793.git.l...@amacapital.net +[ Backported from tip:x86/asm. ] +Signed-off-by: Ingo Molnar <mi...@kernel.org> +Acked-by: Borislav Petkov <b...@suse.de> +--- + arch/x86/kernel/entry_64.S | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +Index: current/arch/x86/kernel/entry_64.S +=================================================================== +--- current.orig/arch/x86/kernel/entry_64.S 2013-09-02 22:46:10.000000000 +0200 ++++ current/arch/x86/kernel/entry_64.S 2015-04-09 14:23:49.456065208 +0200 +@@ -556,11 +556,14 @@ ENTRY(ret_from_fork) + testl $3, CS-ARGOFFSET(%rsp) # from kernel_thread? + jz 1f + +- testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET +- jnz int_ret_from_sys_call +- +- RESTORE_TOP_OF_STACK %rdi, -ARGOFFSET +- jmp ret_from_sys_call # go to the SYSRET fastpath ++ /* ++ * By the time we get here, we have no idea whether our pt_regs, ++ * ti flags, and ti status came from the 64-bit SYSCALL fast path, ++ * the slow path, or one of the ia32entry paths. ++ * Use int_ret_from_sys_call to return, since it can safely handle ++ * all of the above. ++ */ ++ jmp int_ret_from_sys_call + + 1: + subq $REST_SKIP, %rsp # leave space for volatiles diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.arch/x86-microcode-intel-guard-against-stack-overflow-in-the-loader.patch new/patches.arch/x86-microcode-intel-guard-against-stack-overflow-in-the-loader.patch --- old/patches.arch/x86-microcode-intel-guard-against-stack-overflow-in-the-loader.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.arch/x86-microcode-intel-guard-against-stack-overflow-in-the-loader.patch 2015-07-21 18:59:20.000000000 +0200 @@ -0,0 +1,35 @@ +From: Quentin Casasnovas <quentin.casasno...@oracle.com> +Date: Tue, 3 Feb 2015 13:00:22 +0100 +Subject: x86/microcode/intel: Guard against stack overflow in the loader +Git-commit: f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4 +Patch-mainline: v3.20-rc1 +References: bsc#922944, CVE-2015-2666 + +mc_saved_tmp is a static array allocated on the stack, we need to make +sure mc_saved_count stays within its bounds, otherwise we're overflowing +the stack in _save_mc(). A specially crafted microcode header could lead +to a kernel crash or potentially kernel execution. + +Signed-off-by: Quentin Casasnovas <quentin.casasno...@oracle.com> +Cc: "H. Peter Anvin" <h...@zytor.com> +Cc: Fenghua Yu <fenghua...@intel.com> +Link: http://lkml.kernel.org/r/1422964824-22056-1-git-send-email-quentin.casasno...@oracle.com +Signed-off-by: Borislav Petkov <b...@suse.de> +--- + arch/x86/kernel/microcode_intel_early.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/x86/kernel/microcode_intel_early.c b/arch/x86/kernel/microcode_intel_early.c +index ec9df6f9cd47..5e109a31f62b 100644 +--- a/arch/x86/kernel/microcode_intel_early.c ++++ b/arch/x86/kernel/microcode_intel_early.c +@@ -321,7 +321,7 @@ get_matching_model_microcode(int cpu, unsigned long start, + unsigned int mc_saved_count = mc_saved_data->mc_saved_count; + int i; + +- while (leftover) { ++ while (leftover && mc_saved_count < ARRAY_SIZE(mc_saved_tmp)) { + mc_header = (struct microcode_header_intel *)ucode_ptr; + + mc_size = get_totalsize(mc_header); + ++++++ patches.drivers.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.drivers/0001-usb-core-Fix-USB-3.0-devices-lost-in-NOTATTACHED-sta.patch new/patches.drivers/0001-usb-core-Fix-USB-3.0-devices-lost-in-NOTATTACHED-sta.patch --- old/patches.drivers/0001-usb-core-Fix-USB-3.0-devices-lost-in-NOTATTACHED-sta.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.drivers/0001-usb-core-Fix-USB-3.0-devices-lost-in-NOTATTACHED-sta.patch 2015-11-13 16:19:52.000000000 +0100 @@ -0,0 +1,168 @@ +From 5928246cc6c44f70d11f19fcf786a7ac0e617727 Mon Sep 17 00:00:00 2001 +From: Robert Schlabbach <robert.schlabb...@gmx.net> +Date: Tue, 26 May 2015 00:27:30 +0200 +Subject: [PATCH] usb: core: Fix USB 3.0 devices lost in NOTATTACHED state + after a hub port reset +Git-Commit:fb6d1f7df5d25299fd7b3e84b72b8851d3634764 +Patch-Mainline: v4.2 +References: bnc#851610 + +Fix USB 3.0 devices lost in NOTATTACHED state after a hub port reset. + +Dissolve the function hub_port_finish_reset() completely and divide the +actions to be taken into those which need to be done after each reset +attempt and those which need to be done after the full procedure is +complete, and place them in the appropriate places in hub_port_reset(). +Also, remove an unneeded forward declaration of hub_port_reset(). + +Verbose Problem Description: + +USB 3.0 devices may be "lost for good" during a hub port reset. +This makes Linux unable to boot from USB 3.0 devices in certain +constellations of host controllers and devices, because the USB device is +lost during initialization, preventing the rootfs from being mounted. + +The underlying problem is that in the affected constellations, during the +processing inside hub_port_reset(), the hub link state goes from 0 to +SS.inactive after the initial reset, and back to 0 again only after the +following "warm" reset. + +However, hub_port_finish_reset() is called after each reset attempt and +sets the state the connected USB device based on the "preliminary" status +of the hot reset to USB_STATE_NOTATTACHED due to SS.inactive, yet when +the following warm reset is complete and hub_port_finish_reset() is +called again, its call to set the device to USB_STATE_DEFAULT is blocked +by usb_set_device_state() which does not allow taking USB devices out of +USB_STATE_NOTATTACHED state. + +Thanks to Alan Stern for guiding me to the proper solution and how to +submit it. + +Link: http://lkml.kernel.org/r/trinity-25981484-72a9-4d46-bf17-9c1cf9301a31-1432073240136%20()%203capp-gmx-bs27 +Signed-off-by: Robert Schlabbach <rober...@gmx.net> +Cc: stable <sta...@vger.kernel.org> +Acked-by: Alan Stern <st...@rowland.harvard.edu> +Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org> +Signed-off-by: Oliver Neukum <oneu...@suse.com> +--- + drivers/usb/core/hub.c | 79 +++++++++++++++++++++----------------------------- + 1 file changed, 33 insertions(+), 46 deletions(-) + +diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c +index 735ac4c..b11215d 100644 +--- a/drivers/usb/core/hub.c ++++ b/drivers/usb/core/hub.c +@@ -2593,44 +2593,6 @@ static int hub_port_wait_reset(struct usb_hub *hub, int port1, + return 0; + } + +-static void hub_port_finish_reset(struct usb_hub *hub, int port1, +- struct usb_device *udev, int *status) +-{ +- switch (*status) { +- case 0: +- /* TRSTRCY = 10 ms; plus some extra */ +- msleep(10 + 40); +- if (udev) { +- struct usb_hcd *hcd = bus_to_hcd(udev->bus); +- +- update_devnum(udev, 0); +- /* The xHC may think the device is already reset, +- * so ignore the status. +- */ +- if (hcd->driver->reset_device) +- hcd->driver->reset_device(hcd, udev); +- } +- /* FALL THROUGH */ +- case -ENOTCONN: +- case -ENODEV: +- usb_clear_port_feature(hub->hdev, +- port1, USB_PORT_FEAT_C_RESET); +- if (hub_is_superspeed(hub->hdev)) { +- usb_clear_port_feature(hub->hdev, port1, +- USB_PORT_FEAT_C_BH_PORT_RESET); +- usb_clear_port_feature(hub->hdev, port1, +- USB_PORT_FEAT_C_PORT_LINK_STATE); +- usb_clear_port_feature(hub->hdev, port1, +- USB_PORT_FEAT_C_CONNECTION); +- } +- if (udev) +- usb_set_device_state(udev, *status +- ? USB_STATE_NOTATTACHED +- : USB_STATE_DEFAULT); +- break; +- } +-} +- + /* Handle port reset and port warm(BH) reset (for USB3 protocol ports) */ + static int hub_port_reset(struct usb_hub *hub, int port1, + struct usb_device *udev, unsigned int delay, bool warm) +@@ -2653,13 +2615,10 @@ static int hub_port_reset(struct usb_hub *hub, int port1, + * If the caller hasn't explicitly requested a warm reset, + * double check and see if one is needed. + */ +- status = hub_port_status(hub, port1, +- &portstatus, &portchange); +- if (status < 0) +- goto done; +- +- if (hub_port_warm_reset_required(hub, portstatus)) +- warm = true; ++ if (hub_port_status(hub, port1, &portstatus, &portchange) == 0) ++ if (hub_port_warm_reset_required(hub, ++ portstatus)) ++ warm = true; + } + + /* Reset the port */ +@@ -2684,11 +2643,19 @@ static int hub_port_reset(struct usb_hub *hub, int port1, + + /* Check for disconnect or reset */ + if (status == 0 || status == -ENOTCONN || status == -ENODEV) { +- hub_port_finish_reset(hub, port1, udev, &status); ++ usb_clear_port_feature(hub->hdev, port1, ++ USB_PORT_FEAT_C_RESET); + + if (!hub_is_superspeed(hub->hdev)) + goto done; + ++ usb_clear_port_feature(hub->hdev, port1, ++ USB_PORT_FEAT_C_BH_PORT_RESET); ++ usb_clear_port_feature(hub->hdev, port1, ++ USB_PORT_FEAT_C_PORT_LINK_STATE); ++ usb_clear_port_feature(hub->hdev, port1, ++ USB_PORT_FEAT_C_CONNECTION); ++ + /* + * If a USB 3.0 device migrates from reset to an error + * state, re-issue the warm reset. +@@ -2722,6 +2689,26 @@ static int hub_port_reset(struct usb_hub *hub, int port1, + port1); + + done: ++ if (status == 0) { ++ /* TRSTRCY = 10 ms; plus some extra */ ++ msleep(10 + 40); ++ if (udev) { ++ struct usb_hcd *hcd = bus_to_hcd(udev->bus); ++ ++ update_devnum(udev, 0); ++ /* The xHC may think the device is already reset, ++ * so ignore the status. ++ */ ++ if (hcd->driver->reset_device) ++ hcd->driver->reset_device(hcd, udev); ++ ++ usb_set_device_state(udev, USB_STATE_DEFAULT); ++ } ++ } else { ++ if (udev) ++ usb_set_device_state(udev, USB_STATE_NOTATTACHED); ++ } ++ + if (!hub_is_superspeed(hub->hdev)) + up_read(&ehci_cf_port_reset_rwsem); + +-- +2.1.4 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.drivers/0001-usbvision-fix-overflow-of-interfaces-array.patch new/patches.drivers/0001-usbvision-fix-overflow-of-interfaces-array.patch --- old/patches.drivers/0001-usbvision-fix-overflow-of-interfaces-array.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.drivers/0001-usbvision-fix-overflow-of-interfaces-array.patch 2015-11-13 16:19:52.000000000 +0100 @@ -0,0 +1,39 @@ +From e607bcb095b86010019d314f738ea491f10818d4 Mon Sep 17 00:00:00 2001 +From: Oliver Neukum <oneu...@suse.com> +Date: Tue, 27 Oct 2015 12:42:38 +0100 +Subject: [PATCH] usbvision fix overflow of interfaces array +Git-Commit: e607bcb095b86010019d314f738ea491f10818d4 +Patch-Mainline: Queued in subsystem maintainer repository +Git-Repo: git://linuxtv.org/media_tree.git +References: bnc#950998 + +This fixes the crash reported in: +http://seclists.org/bugtraq/2015/Oct/35 +The interface number needs a sanity check. + +Signed-off-by: Oliver Neukum <oneu...@suse.com> +--- + drivers/media/usb/usbvision/usbvision-video.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/drivers/media/usb/usbvision/usbvision-video.c b/drivers/media/usb/usbvision/usbvision-video.c +index b693206..ad33d99 100644 +--- a/drivers/media/usb/usbvision/usbvision-video.c ++++ b/drivers/media/usb/usbvision/usbvision-video.c +@@ -1461,6 +1461,13 @@ static int usbvision_probe(struct usb_interface *intf, + printk(KERN_INFO "%s: %s found\n", __func__, + usbvision_device_data[model].model_string); + ++ /* ++ * this is a security check. ++ * an exploit using an incorrect bInterfaceNumber is known ++ */ ++ if (ifnum >= USB_MAXINTERFACES || !dev->actconfig->interface[ifnum]) ++ return -ENODEV; ++ + if (usbvision_device_data[model].interface >= 0) + interface = &dev->actconfig->interface[usbvision_device_data[model].interface]->altsetting[0]; + else +-- +2.1.4 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.drivers/0001-xhci-Add-spurious-wakeup-quirk-for-LynxPoint-LP-cont.patch new/patches.drivers/0001-xhci-Add-spurious-wakeup-quirk-for-LynxPoint-LP-cont.patch --- old/patches.drivers/0001-xhci-Add-spurious-wakeup-quirk-for-LynxPoint-LP-cont.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.drivers/0001-xhci-Add-spurious-wakeup-quirk-for-LynxPoint-LP-cont.patch 2015-11-13 16:19:52.000000000 +0100 @@ -0,0 +1,65 @@ +From 7e556197dda8ea79db9b11d4bc9ad9fdcf4f5611 Mon Sep 17 00:00:00 2001 +From: Laura Abbott <labb...@fedoraproject.org> +Date: Mon, 12 Oct 2015 11:30:13 +0300 +Subject: [PATCH] xhci: Add spurious wakeup quirk for LynxPoint-LP controllers +Git-Commit: fd7cd061adcf5f7503515ba52b6a724642a839c8 +Patch-Mainline: v4.3.0 +References: bnc#951194 + +We received several reports of systems rebooting and powering on +after an attempted shutdown. Testing showed that setting +XHCI_SPURIOUS_WAKEUP quirk in addition to the XHCI_SPURIOUS_REBOOT +quirk allowed the system to shutdown as expected for LynxPoint-LP +xHCI controllers. Set the quirk back. + +Note that the quirk was originally introduced for LynxPoint and +LynxPoint-LP just for this same reason. See: + +commit 638298dc66ea ("xhci: Fix spurious wakeups after S5 on Haswell") + +It was later limited to only concern HP machines as it caused +regression on some machines, see both bug and commit: + +Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=66171 +commit 6962d914f317 ("xhci: Limit the spurious wakeup fix only to HP machines") + +Later it was discovered that the powering on after shutdown +was limited to LynxPoint-LP (Haswell-ULT) and that some non-LP HP +machine suffered from spontaneous resume from S3 (which should +not be related to the SPURIOUS_WAKEUP quirk at all). An attempt +to fix this then removed the SPURIOUS_WAKEUP flag usage completely. + +commit b45abacde3d5 ("xhci: no switching back on non-ULT Haswell") + +Current understanding is that LynxPoint-LP (Haswell ULT) machines +need the SPURIOUS_WAKEUP quirk, otherwise they will restart, and +plain Lynxpoint (Haswell) machines may _not_ have the quirk +set otherwise they again will restart. + +Signed-off-by: Laura Abbott <labb...@fedoraproject.org> +Cc: Takashi Iwai <ti...@suse.de> +Cc: Oliver Neukum <oneu...@suse.com> +[Added more history to commit message -Mathias] +Cc: stable <sta...@vger.kernel.org> +Signed-off-by: Mathias Nyman <mathias.ny...@linux.intel.com> +Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org> +Signed-off-by: Oliver Neukum <oneu...@suse.com> +--- + drivers/usb/host/xhci-pci.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c +index 77ef8e5..ba03c8c 100644 +--- a/drivers/usb/host/xhci-pci.c ++++ b/drivers/usb/host/xhci-pci.c +@@ -127,6 +127,7 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) + if (pdev->vendor == PCI_VENDOR_ID_INTEL && + pdev->device == PCI_DEVICE_ID_INTEL_LYNXPOINT_LP_XHCI) { + xhci->quirks |= XHCI_SPURIOUS_REBOOT; ++ xhci->quirks |= XHCI_SPURIOUS_WAKEUP; + } + if (pdev->vendor == PCI_VENDOR_ID_ETRON && + pdev->device == PCI_DEVICE_ID_ASROCK_P67) { +-- +2.1.4 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.drivers/ALSA-hda-Disable-64bit-address-for-Creative-HDA-cont new/patches.drivers/ALSA-hda-Disable-64bit-address-for-Creative-HDA-cont --- old/patches.drivers/ALSA-hda-Disable-64bit-address-for-Creative-HDA-cont 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.drivers/ALSA-hda-Disable-64bit-address-for-Creative-HDA-cont 2015-11-13 16:19:52.000000000 +0100 @@ -0,0 +1,57 @@ +From cadd16ea33a938d49aee99edd4758cc76048b399 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai <ti...@suse.de> +Date: Tue, 27 Oct 2015 14:21:51 +0100 +Subject: [PATCH] ALSA: hda - Disable 64bit address for Creative HDA controllers +Git-commit: cadd16ea33a938d49aee99edd4758cc76048b399 +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git +Patch-mainline: Queued in subsystem maintainer repository +References: bnc#814440 + +We've had many reports that some Creative sound cards with CA0132 +don't work well. Some reported that it starts working after reloading +the module, while some reported it starts working when a 32bit kernel +is used. All these facts seem implying that the chip fails to +communicate when the buffer is located in 64bit address. + +This patch addresses these issues by just adding AZX_DCAPS_NO_64BIT +flag to the corresponding PCI entries. I casually had a chance to +test an SB Recon3D board, and indeed this seems helping. + +Although this hasn't been tested on all Creative devices, it's safer +to assume that this restriction applies to the rest of them, too. So +the flag is applied to all Creative entries. + +Cc: <sta...@vger.kernel.org> +Signed-off-by: Takashi Iwai <ti...@suse.de> + +--- + sound/pci/hda/hda_intel.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/sound/pci/hda/hda_intel.c ++++ b/sound/pci/hda/hda_intel.c +@@ -624,7 +624,9 @@ enum { + AZX_DCAPS_ALIGN_BUFSIZE | AZX_DCAPS_NO_64BIT) + + #define AZX_DCAPS_PRESET_CTHDA \ +- (AZX_DCAPS_NO_MSI | AZX_DCAPS_POSFIX_LPIB | AZX_DCAPS_4K_BDLE_BOUNDARY) ++ (AZX_DCAPS_NO_MSI | AZX_DCAPS_POSFIX_LPIB |\ ++ AZX_DCAPS_NO_64BIT |\ ++ AZX_DCAPS_4K_BDLE_BOUNDARY) + + /* + * VGA-switcher support +@@ -4080,11 +4082,13 @@ static DEFINE_PCI_DEVICE_TABLE(azx_ids) + .class = PCI_CLASS_MULTIMEDIA_HD_AUDIO << 8, + .class_mask = 0xffffff, + .driver_data = AZX_DRIVER_CTX | AZX_DCAPS_CTX_WORKAROUND | ++ AZX_DCAPS_NO_64BIT | + AZX_DCAPS_RIRB_PRE_DELAY | AZX_DCAPS_POSFIX_LPIB }, + #else + /* this entry seems still valid -- i.e. without emu20kx chip */ + { PCI_DEVICE(0x1102, 0x0009), + .driver_data = AZX_DRIVER_CTX | AZX_DCAPS_CTX_WORKAROUND | ++ AZX_DCAPS_NO_64BIT | + AZX_DCAPS_RIRB_PRE_DELAY | AZX_DCAPS_POSFIX_LPIB }, + #endif + /* Vortex86MX */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.drivers/ALSA-hda-Fix-regression-of-HD-audio-controller-fallb new/patches.drivers/ALSA-hda-Fix-regression-of-HD-audio-controller-fallb --- old/patches.drivers/ALSA-hda-Fix-regression-of-HD-audio-controller-fallb 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.drivers/ALSA-hda-Fix-regression-of-HD-audio-controller-fallb 2015-11-13 16:19:52.000000000 +0100 @@ -0,0 +1,49 @@ +From a1f3f1ca66bd12c339b17a0c2ef93a093f90a277 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai <ti...@suse.de> +Date: Sun, 8 Mar 2015 18:29:50 +0100 +Subject: [PATCH] ALSA: hda - Fix regression of HD-audio controller fallback modes +Git-commit: a1f3f1ca66bd12c339b17a0c2ef93a093f90a277 +Patch-mainline: to be in 4.0-rc4 +References: bsc#921313 + +The commit [63e51fd708f5: ALSA: hda - Don't take unresponsive D3 +transition too serious] introduced a conditional fallback behavior to +the HD-audio controller depending on the flag set. However, it +introduced a silly bug, too, that the flag was evaluated in a reverse +way. This resulted in a regression of HD-audio controller driver +where it can't go to the fallback mode at communication errors. + +Unfortunately (or fortunately?) this didn't come up until recently +because the affected code path is an error handling that happens only +on an unstable hardware chip. Most of recent chips work stably, thus +they didn't hit this problem. Now, we've got a regression report with +a VIA chip, and this seems indeed requiring the fallback to the +polling mode, and finally the bug was revealed. + +The fix is a oneliner to remove the wrong logical NOT in the check. +(Lesson learned - be careful about double negation.) + +The bug should be backported to stable, but the patch won't be +applicable to 3.13 or earlier because of the code splits. The stable +fix patches for earlier kernels will be posted later manually. + +Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=94021 +Fixes: 63e51fd708f5 ('ALSA: hda - Don't take unresponsive D3 transition too serious') +Cc: <sta...@vger.kernel.org> # v3.14+ +Signed-off-by: Takashi Iwai <ti...@suse.de> + +--- + sound/pci/hda/hda_intel.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/sound/pci/hda/hda_intel.c ++++ b/sound/pci/hda/hda_intel.c +@@ -948,7 +948,7 @@ static unsigned int azx_rirb_get_respons + } + } + +- if (!bus->no_response_fallback) ++ if (bus->no_response_fallback) + return -1; + + if (!chip->polling_mode && chip->poll_count < 2) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.drivers/bnx2x-Fix-kdump-when-iommu-on.patch new/patches.drivers/bnx2x-Fix-kdump-when-iommu-on.patch --- old/patches.drivers/bnx2x-Fix-kdump-when-iommu-on.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.drivers/bnx2x-Fix-kdump-when-iommu-on.patch 2015-11-13 16:19:52.000000000 +0100 @@ -0,0 +1,94 @@ +From: Yuval Mintz <yuval.mi...@qlogic.com> +Date: Wed, 1 Apr 2015 10:02:20 +0300 +Subject: bnx2x: Fix kdump when iommu=on +Patch-mainline: v4.0-rc7 +Git-commit: da254fbc6357a66a127e4e4e234b4f9c555d5ed1 +References: bug#921769 + +When IOMM-vtd is active, once main kernel crashes unfinished DMAE transactions +will be blocked, putting the HW in an error state which will cause further +transactions to timeout. + +Current employed logic uses wrong macros, causing the first function to be the +only function that cleanups that error state during its probe/load. + +This patch allows all the functions to successfully re-load in kdump kernel. + +Signed-off-by: Yuval Mintz <yuval.mi...@qlogic.com> +Signed-off-by: Ariel Elior <ariel.el...@qlogic.com> +Signed-off-by: David S. Miller <da...@davemloft.net> +Acked-by: Ya Dan Fan <yd...@suse.com> +Acked-by: Benjamin Poirier <bpoir...@suse.de> +--- + drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 39 +++++++++-------------- + 1 file changed, 16 insertions(+), 23 deletions(-) + +--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c ++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c +@@ -7523,6 +7523,20 @@ int bnx2x_init_hw_func_cnic(struct bnx2x + return 0; + } + ++/* previous driver DMAE transaction may have occurred when pre-boot stage ended ++ * and boot began, or when kdump kernel was loaded. Either case would invalidate ++ * the addresses of the transaction, resulting in was-error bit set in the pci ++ * causing all hw-to-host pcie transactions to timeout. If this happened we want ++ * to clear the interrupt which detected this from the pglueb and the was done ++ * bit ++ */ ++static void bnx2x_clean_pglue_errors(struct bnx2x *bp) ++{ ++ if (!CHIP_IS_E1x(bp)) ++ REG_WR(bp, PGLUE_B_REG_WAS_ERROR_PF_7_0_CLR, ++ 1 << BP_ABS_FUNC(bp)); ++} ++ + static int bnx2x_init_hw_func(struct bnx2x *bp) + { + int port = BP_PORT(bp); +@@ -7615,8 +7629,7 @@ static int bnx2x_init_hw_func(struct bnx + + bnx2x_init_block(bp, BLOCK_PGLUE_B, init_phase); + +- if (!CHIP_IS_E1x(bp)) +- REG_WR(bp, PGLUE_B_REG_WAS_ERROR_PF_7_0_CLR, func); ++ bnx2x_clean_pglue_errors(bp); + + bnx2x_init_block(bp, BLOCK_ATC, init_phase); + bnx2x_init_block(bp, BLOCK_DMAE, init_phase); +@@ -10135,26 +10148,6 @@ static int bnx2x_prev_unload_common(stru + return bnx2x_prev_mcp_done(bp); + } + +-/* previous driver DMAE transaction may have occurred when pre-boot stage ended +- * and boot began, or when kdump kernel was loaded. Either case would invalidate +- * the addresses of the transaction, resulting in was-error bit set in the pci +- * causing all hw-to-host pcie transactions to timeout. If this happened we want +- * to clear the interrupt which detected this from the pglueb and the was done +- * bit +- */ +-static void bnx2x_prev_interrupted_dmae(struct bnx2x *bp) +-{ +- if (!CHIP_IS_E1x(bp)) { +- u32 val = REG_RD(bp, PGLUE_B_REG_PGLUE_B_INT_STS); +- if (val & PGLUE_B_PGLUE_B_INT_STS_REG_WAS_ERROR_ATTN) { +- DP(BNX2X_MSG_SP, +- "'was error' bit was found to be set in pglueb upon startup. Clearing\n"); +- REG_WR(bp, PGLUE_B_REG_WAS_ERROR_PF_7_0_CLR, +- 1 << BP_FUNC(bp)); +- } +- } +-} +- + static int bnx2x_prev_unload(struct bnx2x *bp) + { + int time_counter = 10; +@@ -10164,7 +10157,7 @@ static int bnx2x_prev_unload(struct bnx2 + /* clear hw from errors which may have resulted from an interrupted + * dmae transaction. + */ +- bnx2x_prev_interrupted_dmae(bp); ++ bnx2x_clean_pglue_errors(bp); + + /* Release previously held locks */ + hw_lock_reg = (BP_FUNC(bp) <= 5) ? ++++++ patches.fixes.tar.bz2 ++++++ ++++ 6327 lines of diff (skipped) ++++++ patches.kabi.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kabi/1268-x86-dma-required-mask.patch new/patches.kabi/1268-x86-dma-required-mask.patch --- old/patches.kabi/1268-x86-dma-required-mask.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.kabi/1268-x86-dma-required-mask.patch 2015-03-17 09:46:32.000000000 +0100 @@ -0,0 +1,28 @@ +From: jbeul...@suse.com +Subject: fix kABI after "x86: use custom dma_get_required_mask()" +Patch-mainline: n/a + +--- 13.1.orig/arch/x86/kernel/pci-dma-xen.c 2013-02-06 15:28:03.000000000 +0100 ++++ 13.1/arch/x86/kernel/pci-dma-xen.c 2014-12-09 08:53:42.000000000 +0100 +@@ -268,7 +268,9 @@ u64 dma_get_required_mask(struct device + + return DMA_BIT_MASK(__fls(max_mfn - 1) + 1 + PAGE_SHIFT); + } ++#ifndef __GENKSYMS__ + EXPORT_SYMBOL_GPL(dma_get_required_mask); ++#endif + + static int check_pages_physically_contiguous(unsigned long pfn, + unsigned int offset, +--- 13.1.orig/drivers/base/platform.c 2013-09-02 22:46:10.000000000 +0200 ++++ 13.1/drivers/base/platform.c 2014-12-09 08:55:47.000000000 +0100 +@@ -934,6 +934,9 @@ u64 dma_get_required_mask(struct device + } + return mask; + } ++#endif ++#if !defined(ARCH_HAS_DMA_GET_REQUIRED_MASK) || \ ++ (defined(__GENKSYMS__) && defined(CONFIG_X86) && defined(CONFIG_XEN)) + EXPORT_SYMBOL_GPL(dma_get_required_mask); + #endif + ++++++ patches.suse.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0001-KEYS-Fix-race-between-read-and-revoke.patch new/patches.suse/0001-KEYS-Fix-race-between-read-and-revoke.patch --- old/patches.suse/0001-KEYS-Fix-race-between-read-and-revoke.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/0001-KEYS-Fix-race-between-read-and-revoke.patch 2016-01-20 13:39:07.000000000 +0100 @@ -0,0 +1,115 @@ +From b4a1b4f5047e4f54e194681125c74c0aa64d637d Mon Sep 17 00:00:00 2001 +From: David Howells <dhowe...@redhat.com> +Date: Fri, 18 Dec 2015 01:34:26 +0000 +Subject: [PATCH] KEYS: Fix race between read and revoke + +Git-commit: b4a1b4f5047e4f54e194681125c74c0aa64d637d +Patch-mainline: v4.4-rc8 +References: bnc#958951, CVE-2015-7550 + +This fixes CVE-2015-7550. + +There's a race between keyctl_read() and keyctl_revoke(). If the revoke +happens between keyctl_read() checking the validity of a key and the key's +semaphore being taken, then the key type read method will see a revoked key. + +This causes a problem for the user-defined key type because it assumes in +its read method that there will always be a payload in a non-revoked key +and doesn't check for a NULL pointer. + +Fix this by making keyctl_read() check the validity of a key after taking +semaphore instead of before. + +I think the bug was introduced with the original keyrings code. + +This was discovered by a multithreaded test program generated by syzkaller +(http://github.com/google/syzkaller). Here's a cleaned up version: + + #include <sys/types.h> + #include <keyutils.h> + #include <pthread.h> + void *thr0(void *arg) + { + key_serial_t key = (unsigned long)arg; + keyctl_revoke(key); + return 0; + } + void *thr1(void *arg) + { + key_serial_t key = (unsigned long)arg; + char buffer[16]; + keyctl_read(key, buffer, 16); + return 0; + } + int main() + { + key_serial_t key = add_key("user", "%", "foo", 3, KEY_SPEC_USER_KEYRING); + pthread_t th[5]; + pthread_create(&th[0], 0, thr0, (void *)(unsigned long)key); + pthread_create(&th[1], 0, thr1, (void *)(unsigned long)key); + pthread_create(&th[2], 0, thr0, (void *)(unsigned long)key); + pthread_create(&th[3], 0, thr1, (void *)(unsigned long)key); + pthread_join(th[0], 0); + pthread_join(th[1], 0); + pthread_join(th[2], 0); + pthread_join(th[3], 0); + return 0; + } + +Build as: + + cc -o keyctl-race keyctl-race.c -lkeyutils -lpthread + +Run as: + + while keyctl-race; do :; done + +as it may need several iterations to crash the kernel. The crash can be +summarised as: + + BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 + IP: [<ffffffff81279b08>] user_read+0x56/0xa3 + ... + Call Trace: + [<ffffffff81276aa9>] keyctl_read_key+0xb6/0xd7 + [<ffffffff81277815>] SyS_keyctl+0x83/0xe0 + [<ffffffff815dbb97>] entry_SYSCALL_64_fastpath+0x12/0x6f + +Reported-by: Dmitry Vyukov <dvyu...@google.com> +Signed-off-by: David Howells <dhowe...@redhat.com> +Tested-by: Dmitry Vyukov <dvyu...@google.com> +Cc: sta...@vger.kernel.org +Signed-off-by: James Morris <james.l.mor...@oracle.com> +Acked-by: Lee, Chun-Yi <j...@suse.com> +--- + security/keys/keyctl.c | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) + +--- a/security/keys/keyctl.c ++++ b/security/keys/keyctl.c +@@ -744,16 +744,16 @@ long keyctl_read_key(key_serial_t keyid, + + /* the key is probably readable - now try to read it */ + can_read_key: +- ret = key_validate(key); +- if (ret == 0) { +- ret = -EOPNOTSUPP; +- if (key->type->read) { +- /* read the data with the semaphore held (since we +- * might sleep) */ +- down_read(&key->sem); ++ ret = -EOPNOTSUPP; ++ if (key->type->read) { ++ /* Read the data with the semaphore held (since we might sleep) ++ * to protect against the key being updated or revoked. ++ */ ++ down_read(&key->sem); ++ ret = key_validate(key); ++ if (ret == 0) + ret = key->type->read(key, buffer, buflen); +- up_read(&key->sem); +- } ++ up_read(&key->sem); + } + + error2: ++++++ patches.xen.tar.bz2 ++++++ ++++ 25897 lines of diff (skipped) ++++++ series.conf ++++++ --- /var/tmp/diff_new_pack.iQszg5/_old 2016-02-08 15:39:15.000000000 +0100 +++ /var/tmp/diff_new_pack.iQszg5/_new 2016-02-08 15:39:15.000000000 +0100 @@ -76,6 +76,7 @@ patches.suse/kconfig-automate-kernel-desktop patches.fixes/0001-DocBook-Make-mandocs-parallel-safe.patch patches.fixes/0001-DocBook-Do-not-exceed-argument-list-limit.patch + patches.fixes/0001-genksyms-Handle-string-literals-with-spaces-in-refer.patch ######################################################## # Simple export additions/removals @@ -133,6 +134,12 @@ # bsc#911326, CVE-2014-9419 patches.arch/x86_64-switch_to-load-tls-descriptors-before-switching-ds-and-es.patch + # bsc#922944, CVE-2015-2666 + patches.arch/x86-microcode-intel-guard-against-stack-overflow-in-the-loader.patch + + # bsc#926240, CVE-2015-2830 + patches.arch/x86-asm-entry-64-remove-a-bogus-ret_from_fork-optimization.patch + ######################################################## # x86 MCE/MCA (Machine Check Error/Architecture) extensions ######################################################## @@ -199,6 +206,7 @@ +needs_update patches.arch/arm-xen-0006-xen-arm-disable-cpuidle-when-linux-is-running-as-dom.patch +needs_update patches.arch/arm-xen-0007-arm-choose-debug-uncompress.h-include-when-uncompres.patch +needs_update patches.arch/arm-xen-0008-xen-arm-enable-PV-control-for-ARM.patch + patches.arch/arm64-mm-Remove-hack-in-mmap-randomize-layout.patch ######################################################## # S/390 @@ -257,6 +265,11 @@ patches.fixes/splice-add-generic_write_checks.patch patches.fixes/mm-Fix-NULL-pointer-dereference-in-madvise-MADV_WILL.patch + patches.fixes/fs-take-i_mutex-during-prepare_binprm-for-set-ug-id.patch + patches.fixes/vfs-read-file_handle-only-once-in-handle_to_path.patch + + patches.fixes/0001-vfs-Test-for-and-handle-paths-that-are-unreachable-f.patch + ######################################################## # IPC patches ######################################################## @@ -322,10 +335,34 @@ patches.fixes/ip6tnl-fix-double-free-of-fb_tnl_dev-on-exit patches.fixes/ipv6-don-t-set-dst_nocount-for-remotely-added-routes.patch patches.fixes/net-fix-for-a-race-condition-in-the-inet-frag-code.patch + patches.fixes/net-llc-use-correct-size-for-sysctl-timeout-entries.patch + patches.fixes/ipv4-missing-sk_nulls_node_init-in-ping_unhash.patch + patches.fixes/ipv6-don-t-reduce-hop-limit-for-an-interface.patch + patches.fixes/hyperv-Add-processing-of-MTU-reduced-by-the-host.patch + patches.fixes/udp-fix-behavior-of-wrong-checksums.patch # bsc##853040 patches.fixes/ipv6-fix-leaking-uninitialized-port-number-of-offender-sockaddr.patch + patches.fixes/ipv6-replacing-a-rt6_info-needs-to-purge-possible-pr.patch + patches.fixes/ipv6-do-not-delete-previously-existing-ECMP-routes-i.patch + patches.fixes/ipv6-fix-ECMP-route-replacement.patch + patches.fixes/sctp-fix-ASCONF-list-handling.patch + + patches.fixes/x86-bpf_jit-fix-compilation-of-large-bpf-programs + patches.fixes/net-Fix-ip-rule-delete-table-256.patch + patches.fixes/ipv6-addrconf-validate-new-MTU-before-applying-it.patch + patches.fixes/rds-verify-the-underlying-transport-exists-before-cr.patch + patches.fixes/rds-fix-race-condition-when-sending-a-message.patch + patches.fixes/isdn_ppp-add-checks-for-allocation-failure-in-isdn_p.patch + patches.fixes/ppp-slip-validate-vj-compression-slot-parameters-com.patch + patches.fixes/ipv6-fix-tunnel-error-handling.patch + patches.fixes/net-add-validation-for-the-socket-syscall-protocol-a.patch + patches.fixes/ipv4-Don-t-increase-PMTU-with-Datagram-Too-Big-messa.patch + patches.fixes/route-Use-ipv4_mtu-instead-of-raw-rt_pmtu.patch + patches.fixes/ipv6-distinguish-frag-queues-by-device-for-multicast.patch + patches.fixes/sctp-Prevent-soft-lockup-when-sctp_accept-is-called-.patch + ######################################################## # NFS ######################################################## @@ -348,8 +385,9 @@ ######################################################## # cifs patches ######################################################## - patches.fixes/cifs-ensure-that-uncached-writes-handle-unmapped-are.patch + patches.fixes/cifs-fix-use-after-free-bug-in-find_writable_file.patch + patches.fixes/cifs-client-should-ignore-non-zero-challengelenght.patch ######################################################## # ext2/ext3 @@ -472,6 +510,11 @@ patches.fixes/udf-Verify-symlink-size-before-loading-it.patch patches.fixes/udf-Check-path-length-when-reading-symlink.patch patches.fixes/udf-Check-component-length-before-reading-it.patch + patches.fixes/udf-Remove-repeated-loads-blocksize.patch + patches.fixes/udf-Check-length-of-extended-attributes-and-allocati.patch + + # bsc#918333, CVE-2014-9683 + patches.fixes/ecryptfs-remove-buggy-and-unnecessary-write-in-file-name-decode-routine.patch ######################################################## # Overlayfs @@ -537,6 +580,7 @@ patches.fixes/storvsc-ring-buffer-failures-may-result-in-I-O-freez + patches.fixes/sg_start_req-make-sure-that-there-s-not-too-many-elements-in-iovec.patch ######################################################## # DRM/Video ######################################################## @@ -585,12 +629,28 @@ patches.fixes/net-sctp-fix-skb_over_panic-when-receiving-malformed.patch patches.fixes/net-sctp-fix-panic-on-duplicate-ASCONF-chunks.patch patches.fixes/net-sctp-fix-remote-memory-pressure-from-excessive-q.patch + patches.fixes/net-sctp-fix-slab-corruption-from-use-after-free-on-INIT.patch patches.fixes/netlink-Rename-netlink_capable-netlink_allowed.patch patches.fixes/net-Move-the-permission-check-in-sock_diag_put_filte.patch patches.fixes/net-Add-variants-of-capable-for-use-on-on-sockets.patch patches.fixes/net-Add-variants-of-capable-for-use-on-netlink-messa.patch patches.fixes/net-Use-netlink_ns_capable-to-verify-the-permisions-.patch patches.fixes/netlink-Only-check-file-credentials-for-implicit-des.patch + patches.fixes/tuntap-limit-head-length-of-skb-allocated + patches.fixes/macvtap-limit-head-length-of-skb-allocated + patches.fixes/net-rds-use-correct-size-for-max-unacked-packets-and.patch + patches.fixes/ipv4-try-to-cache-dst_entries-which-would-cause-a-re.patch + patches.fixes/netfilter-nf_conntrack-reserve-two-bytes-for-nf_ct_ext-len.patch + patches.drivers/bnx2x-Fix-kdump-when-iommu-on.patch + + # bsc#931988, CVE-2015-4036 + patches.fixes/vhost-scsi-potential-memory-corruption.patch + + # bsc#959399, CVE-2015-8575 + patches.fixes/bluetooth-validate-socket-address-length-in-sco_sock_bind.patch + + # bsc#959190, CVE-2015-8569 + patches.fixes/pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_connect.patch ######################################################## # Wireless Networking @@ -599,6 +659,7 @@ patches.drivers/ath9k_htc-properly-set-MAC-address-and-BSSID-mask patches.fixes/ath9k-protect-tid-sched-check.patch patches.fixes/via-velocity-fix-netif_receive_skb-use-in-irq-disabl + patches.fixes/rtlwifi-rtl8192cu-Fix-kernel-deadlock ######################################################## # ISDN @@ -638,6 +699,10 @@ patches.drivers/0003-usb-pci-quirks-Prevent-Sony-VAIO-t-series-from-switc.patch patches.drivers/0001-ttusb-dec-buffer-overflow-in-ioctl.patch + patches.drivers/0001-usb-core-Fix-USB-3.0-devices-lost-in-NOTATTACHED-sta.patch + patches.drivers/0001-xhci-Add-spurious-wakeup-quirk-for-LynxPoint-LP-cont.patch + patches.drivers/0001-usbvision-fix-overflow-of-interfaces-array.patch + ######################################################## # I2C ######################################################## @@ -673,6 +738,8 @@ patches.drivers/ALSA-hda-Fix-onboard-audio-on-Intel-H97-Z97-chipsets patches.drivers/drm-i915-HD-audio-Don-t-continue-probing-when-nomode patches.drivers/ALSA-hda-Fix-broken-PM-due-to-incomplete-i915-initia + patches.drivers/ALSA-hda-Fix-regression-of-HD-audio-controller-fallb + patches.drivers/ALSA-hda-Disable-64bit-address-for-Creative-HDA-cont patches.drivers/alsa-0001-control-Protect-user-controls-against-concurren patches.drivers/alsa-0002-control-Fix-replacing-user-controls @@ -839,6 +906,33 @@ # bsc#917839, CVE-2015-1593 patches.fixes/x86-mm-aslr-fix-stack-randomization-on-64-bit-systems.patch + # bsc#937032 - VUL-0: kernel: AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5% + patches.fixes/x86-mm-improve-amd-bulldozer-aslr-workaround + patches.fixes/sctp-fix-race-on-protocol-netns-initialization.patch + patches.fixes/core-nfqueue-openvswitch-orphan-frags-in-skb_zerocop.patch + + patches.fixes/keys-fix-race-between-key-destruction-and-finding-a-keyring-by-name + patches.fixes/keys-fix-crash-when-attempt-to-garbage-collect-an-uninstantiated-keyring + patches.fixes/keys-don-t-permit-request_key-to-construct-a-new-keyring + + # bsc#938706, CVE-2015-5157 + patches.fixes/00-x86-nmi-64-switch-stacks-on-userspace-nmi-entry.patch + patches.fixes/01-rcu-move-lockless_dereference-out-of-rcupdate-h.patch + patches.fixes/02-x86-ldt-make-modify_ldt-synchronous.patch + patches.fixes/03-correct-ldt-single-step.patch + patches.fixes/04-correct-ldt-math-emu.patch + patches.fixes/05-x86-ldt-further-fix-fpu-emulation.patch + patches.fixes/06-x86-nmi-64-fix-a-paravirt-stack-clobbering-bug-in-the-nmi-code.patch + patches.fixes/07-x86-paravirt-replace-the-paravirt-nop-with-a-bona-fide-empty-function.patch + + patches.fixes/0001-KEYS-Make-proc-keys-unconditional-if-CONFIG_KEYS-y.patch + + # CVE-2016-0728: kernel: Use-after-free vulnerability in keyring facility + patches.fixes/keys-fix-leak.patch + + # bnc#958951 CVE-2015-7550: kernel: User triggerable crash from race between key read and rey revoke + patches.suse/0001-KEYS-Fix-race-between-read-and-revoke.patch + ########################################################## # Audit ########################################################## @@ -900,6 +994,13 @@ patches.fixes/kvm-macos.patch # bsc#909078, CVE-2014-8134 patches.fixes/x86-kvm-clear-paravirt_enabled-on-kvm-guests-for-espfix32-s-benefit.patch + patches.arch/kvm-x86-fix-kvm_apic_has_events-to-check-for-NULL-po + + # bsc#953527 - VUL-0: CVE-2015-5307: kernel: kvm: x86: avoid guest->host DOS by intercepting #AC + patches.fixes/kvm-x86-work-around-infinite-loop-in-microcode-when-ac-is-delivered + + # bsc#954404 - VUL-0: CVE-2015-8104: virt: guest to host DoS by triggering an infinite loop in microcode via #DB exception + patches.fixes/kvm-svm-unconditionally-intercept-db ######################################################## # misc @@ -914,6 +1015,12 @@ # new drivers that are going upstream ######################################################## + # bsc#933934, CVE-2015-4001, CVE-2015-4002, CVE-2015-4003 + patches.fixes/ozwpan-use-proper-check-to-prevent-heap-overflow.patch + patches.fixes/ozwpan-use-unsigned-ints-to-prevent-heap-overflow.patch + patches.fixes/ozwpan-divide-by-zero-leading-to-panic.patch + patches.fixes/ozwpan-unchecked-signed-subtraction-leads-to-dos.patch + ######################################################## # You'd better have a good reason for adding a patch # below here. @@ -961,6 +1068,12 @@ patches.xen/1242-console-add-preferred.patch patches.xen/1248-balloon-dont-crash-HVM-with-PoD.patch patches.xen/1249-usbback-fix-1232.patch + patches.xen/1268-x86-dma-required-mask.patch + patches.xen/1273-scsifront-locking-when-ring-full.patch + patches.xen/1276-scsifront-separate-flags.patch + patches.xen/1278-PCI-MSI-reject-res-with-clear-flags.patch + patches.xen/1282-usbback-limit-copying.patch + patches.xen/1283-xenbus-XS_ERROR-handling.patch # changes outside arch/{i386,x86_64}/xen patches.xen/xen3-fixup-kconfig @@ -1009,8 +1122,17 @@ # ports of other patches patches.xen/xen3-x86-dumpstack-Fix-printk_address-for-direct-addresse.patch + patches.xen/xen3-x86_64-switch_to-load-tls-descriptors-before-switching-ds-and-es.patch + patches.xen/xen3-x86-asm-entry-64-remove-a-bogus-ret_from_fork-optimization.patch patches.xen/xen3-010-acpi_initrd_override_tables.patch patches.xen/xen3-hwmon-coretemp-fix-truncated-name-of-alarm-attributes.patch + patches.xen/xen3-x86-64-espfix-don-t-leak-bits-31-16-of-esp-returning-to-16-bit-stack.patch + patches.xen/xen3-x86-espfix-make-it-possible-to-disable-16-bit-support.patch + patches.xen/xen3-x86_64-entry-xen-do-not-invoke-espfix64-on-xen.patch + patches.xen/xen3-x86_64-traps-fix-the-espfix64-df-fixup-and-rewrite-it-in-c.patch + patches.xen/xen3-x86_64-traps-stop-using-ist-for-ss.patch + patches.xen/xen3-x86_64-traps-rework-bad_iret.patch + patches.xen/xen3-02-x86-ldt-make-modify_ldt-synchronous.patch patches.xen/xen3-stack-unwind patches.xen/xen3-x86_64-unwind-annotations patches.xen/xen3-audit_x86_32-entry-do-syscall-exit-work-on-badsys-cve-2014-4508.patch @@ -1048,6 +1170,7 @@ patches.xen/xen-netback-generalize patches.xen/xen-netback-multiple-tasklets patches.xen/xen-netback-kernel-threads + patches.xen/xen-pciback-decode patches.xen/xen-cxgb3 patches.xen/xen-dcdbas patches.xen/xen-x86-panic-no-reboot @@ -1066,3 +1189,6 @@ patches.xen/xen-x86_64-note-init-p2m patches.xen/xen-x86_64-unmapped-initrd patches.xen/xen-x86_64-vread-pvclock + + # Xen-only kABI adjustments + patches.kabi/1268-x86-dma-required-mask.patch ++++++ source-timestamp ++++++ --- /var/tmp/diff_new_pack.iQszg5/_old 2016-02-08 15:39:15.000000000 +0100 +++ /var/tmp/diff_new_pack.iQszg5/_new 2016-02-08 15:39:15.000000000 +0100 @@ -1,3 +1,3 @@ -2015-03-05 17:24:00 +0100 -GIT Revision: 338c5133d4d302d15140c0a27d51e6d1c1b9ed3a +2016-01-20 15:13:45 +0100 +GIT Revision: 1e76e8090423c261907f6d2de70215590f184e40 GIT Branch: openSUSE-13.1