Hello community,
here is the log from the commit of package kernel-source for openSUSE:Factory
checked in at 2016-07-07 15:09:29
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/kernel-source (Old)
and /work/SRC/openSUSE:Factory/.kernel-source.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kernel-source"
Changes:
--------
--- /work/SRC/openSUSE:Factory/kernel-source/kernel-debug.changes
2016-06-12 18:50:28.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.kernel-source.new/kernel-debug.changes
2016-07-07 15:09:31.000000000 +0200
@@ -1,0 +2,30 @@
+Sun Jun 26 09:34:33 CEST 2016 - jsl...@suse.cz
+
+- Linux 4.6.3 (CVE-2016-4951 bsc#981058 bsc#983458).
+- Delete
+ patches.arch/arm64-mm-always-take-dirty-state-from-new-pte-in-pte.patch.
+- Delete
+ patches.fixes/tipc-check-nl-sock-before-parsing-nested-attributes.patch.
+- commit d4bcf2a
+
+-------------------------------------------------------------------
+Tue Jun 21 08:12:52 CEST 2016 - j...@suse.com
+
+- KEYS: potential uninitialized variable (bsc#984755,
+ CVE-2016-4470).
+- commit 96a29db
+
+-------------------------------------------------------------------
+Mon Jun 20 14:03:35 CEST 2016 - jsl...@suse.cz
+
+- base: make module_create_drivers_dir race-free (bnc#983977).
+- commit 6cfe0b8
+
+-------------------------------------------------------------------
+Fri Jun 10 16:51:08 CEST 2016 - b...@suse.de
+
+- rds: fix an infoleak in rds_inc_info_copy (bsc#983213
+ CVE-2016-5244).
+- commit 14295d6
+
+-------------------------------------------------------------------
kernel-default.changes: same change
kernel-docs.changes: same change
kernel-lpae.changes: same change
kernel-obs-build.changes: same change
kernel-obs-qa.changes: same change
kernel-pae.changes: same change
kernel-source.changes: same change
kernel-syms.changes: same change
kernel-vanilla.changes: same change
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ kernel-debug.spec ++++++
--- /var/tmp/diff_new_pack.U8M6Dc/_old 2016-07-07 15:09:35.000000000 +0200
+++ /var/tmp/diff_new_pack.U8M6Dc/_new 2016-07-07 15:09:35.000000000 +0200
@@ -20,7 +20,7 @@
# needssslcertforbuild
%define srcversion 4.6
-%define patchversion 4.6.2
+%define patchversion 4.6.3
%define variant %{nil}
%define vanilla_only 0
@@ -61,9 +61,9 @@
Summary: A Debug Version of the Kernel
License: GPL-2.0
Group: System/Kernel
-Version: 4.6.2
+Version: 4.6.3
%if 0%{?is_kotd}
-Release: <RELEASE>.g2a68ef0
+Release: <RELEASE>.gd4bcf2a
%else
Release: 0
%endif
kernel-default.spec: same change
++++++ kernel-docs.spec ++++++
--- /var/tmp/diff_new_pack.U8M6Dc/_old 2016-07-07 15:09:36.000000000 +0200
+++ /var/tmp/diff_new_pack.U8M6Dc/_new 2016-07-07 15:09:36.000000000 +0200
@@ -16,7 +16,7 @@
#
-%define patchversion 4.6.2
+%define patchversion 4.6.3
%define variant %{nil}
%include %_sourcedir/kernel-spec-macros
@@ -27,9 +27,9 @@
Summary: Kernel Documentation (man pages)
License: GPL-2.0
Group: Documentation/Man
-Version: 4.6.2
+Version: 4.6.3
%if 0%{?is_kotd}
-Release: <RELEASE>.g2a68ef0
+Release: <RELEASE>.gd4bcf2a
%else
Release: 0
%endif
++++++ kernel-lpae.spec ++++++
--- /var/tmp/diff_new_pack.U8M6Dc/_old 2016-07-07 15:09:36.000000000 +0200
+++ /var/tmp/diff_new_pack.U8M6Dc/_new 2016-07-07 15:09:36.000000000 +0200
@@ -20,7 +20,7 @@
# needssslcertforbuild
%define srcversion 4.6
-%define patchversion 4.6.2
+%define patchversion 4.6.3
%define variant %{nil}
%define vanilla_only 0
@@ -61,9 +61,9 @@
Summary: Kernel for LPAE enabled systems
License: GPL-2.0
Group: System/Kernel
-Version: 4.6.2
+Version: 4.6.3
%if 0%{?is_kotd}
-Release: <RELEASE>.g2a68ef0
+Release: <RELEASE>.gd4bcf2a
%else
Release: 0
%endif
++++++ kernel-obs-build.spec ++++++
--- /var/tmp/diff_new_pack.U8M6Dc/_old 2016-07-07 15:09:36.000000000 +0200
+++ /var/tmp/diff_new_pack.U8M6Dc/_new 2016-07-07 15:09:36.000000000 +0200
@@ -19,7 +19,7 @@
#!BuildIgnore: post-build-checks
-%define patchversion 4.6.2
+%define patchversion 4.6.3
%define variant %{nil}
%include %_sourcedir/kernel-spec-macros
@@ -51,9 +51,9 @@
Summary: package kernel and initrd for OBS VM builds
License: GPL-2.0
Group: SLES
-Version: 4.6.2
+Version: 4.6.3
%if 0%{?is_kotd}
-Release: <RELEASE>.g2a68ef0
+Release: <RELEASE>.gd4bcf2a
%else
Release: 0
%endif
++++++ kernel-obs-qa.spec ++++++
--- /var/tmp/diff_new_pack.U8M6Dc/_old 2016-07-07 15:09:36.000000000 +0200
+++ /var/tmp/diff_new_pack.U8M6Dc/_new 2016-07-07 15:09:36.000000000 +0200
@@ -17,7 +17,7 @@
# needsrootforbuild
-%define patchversion 4.6.2
+%define patchversion 4.6.3
%define variant %{nil}
%include %_sourcedir/kernel-spec-macros
@@ -36,9 +36,9 @@
Summary: Basic QA tests for the kernel
License: GPL-2.0
Group: SLES
-Version: 4.6.2
+Version: 4.6.3
%if 0%{?is_kotd}
-Release: <RELEASE>.g2a68ef0
+Release: <RELEASE>.gd4bcf2a
%else
Release: 0
%endif
++++++ kernel-pae.spec ++++++
--- /var/tmp/diff_new_pack.U8M6Dc/_old 2016-07-07 15:09:36.000000000 +0200
+++ /var/tmp/diff_new_pack.U8M6Dc/_new 2016-07-07 15:09:36.000000000 +0200
@@ -20,7 +20,7 @@
# needssslcertforbuild
%define srcversion 4.6
-%define patchversion 4.6.2
+%define patchversion 4.6.3
%define variant %{nil}
%define vanilla_only 0
@@ -61,9 +61,9 @@
Summary: Kernel with PAE Support
License: GPL-2.0
Group: System/Kernel
-Version: 4.6.2
+Version: 4.6.3
%if 0%{?is_kotd}
-Release: <RELEASE>.g2a68ef0
+Release: <RELEASE>.gd4bcf2a
%else
Release: 0
%endif
++++++ kernel-source.spec ++++++
--- /var/tmp/diff_new_pack.U8M6Dc/_old 2016-07-07 15:09:36.000000000 +0200
+++ /var/tmp/diff_new_pack.U8M6Dc/_new 2016-07-07 15:09:36.000000000 +0200
@@ -18,7 +18,7 @@
%define srcversion 4.6
-%define patchversion 4.6.2
+%define patchversion 4.6.3
%define variant %{nil}
%define vanilla_only 0
@@ -30,9 +30,9 @@
Summary: The Linux Kernel Sources
License: GPL-2.0
Group: Development/Sources
-Version: 4.6.2
+Version: 4.6.3
%if 0%{?is_kotd}
-Release: <RELEASE>.g2a68ef0
+Release: <RELEASE>.gd4bcf2a
%else
Release: 0
%endif
++++++ kernel-syms.spec ++++++
--- /var/tmp/diff_new_pack.U8M6Dc/_old 2016-07-07 15:09:36.000000000 +0200
+++ /var/tmp/diff_new_pack.U8M6Dc/_new 2016-07-07 15:09:36.000000000 +0200
@@ -24,10 +24,10 @@
Summary: Kernel Symbol Versions (modversions)
License: GPL-2.0
Group: Development/Sources
-Version: 4.6.2
+Version: 4.6.3
%if %using_buildservice
%if 0%{?is_kotd}
-Release: <RELEASE>.g2a68ef0
+Release: <RELEASE>.gd4bcf2a
%else
Release: 0
%endif
++++++ kernel-vanilla.spec ++++++
--- /var/tmp/diff_new_pack.U8M6Dc/_old 2016-07-07 15:09:36.000000000 +0200
+++ /var/tmp/diff_new_pack.U8M6Dc/_new 2016-07-07 15:09:36.000000000 +0200
@@ -20,7 +20,7 @@
# needssslcertforbuild
%define srcversion 4.6
-%define patchversion 4.6.2
+%define patchversion 4.6.3
%define variant %{nil}
%define vanilla_only 0
@@ -61,9 +61,9 @@
Summary: The Standard Kernel - without any SUSE patches
License: GPL-2.0
Group: System/Kernel
-Version: 4.6.2
+Version: 4.6.3
%if 0%{?is_kotd}
-Release: <RELEASE>.g2a68ef0
+Release: <RELEASE>.gd4bcf2a
%else
Release: 0
%endif
++++++ patches.arch.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/patches.arch/arm64-mm-always-take-dirty-state-from-new-pte-in-pte.patch
new/patches.arch/arm64-mm-always-take-dirty-state-from-new-pte-in-pte.patch
--- old/patches.arch/arm64-mm-always-take-dirty-state-from-new-pte-in-pte.patch
2016-06-09 16:52:07.000000000 +0200
+++ new/patches.arch/arm64-mm-always-take-dirty-state-from-new-pte-in-pte.patch
1970-01-01 01:00:00.000000000 +0100
@@ -1,60 +0,0 @@
-From 69a21d254fb02fdaeb61c6352ea36f3c755f257c Mon Sep 17 00:00:00 2001
-From: Will Deacon <will.dea...@arm.com>
-Date: Wed, 8 Jun 2016 10:24:39 +0100
-Subject: [PATCH] arm64: mm: always take dirty state from new pte in
- ptep_set_access_flags
-Patch-mainline: Submitted 06/08/2016 linux-arm-ker...@lists.infradead.org
-References: bsc#983458
-
-Commit 66dbd6e61a52 ("arm64: Implement ptep_set_access_flags() for
-hardware AF/DBM") ensured that pte flags are updated atomically in the
-face of potential concurrent, hardware-assisted updates. However, Alex
-reports that:
-
- | This patch breaks swapping for me.
- | In the broken case, you'll see either systemd cpu time spike (because
- | it's stuck in a page fault loop) or the system hang (because the
- | application owning the screen is stuck in a page fault loop).
-
-It turns out that this is because the 'dirty' argument to
-ptep_set_access_flags is always 0 for read faults, and so we can't use
-it to set PTE_RDONLY. The failing sequence is:
-
- 1. We put down a PTE_WRITE | PTE_DIRTY | PTE_AF pte
- 2. Memory pressure -> pte_mkold(pte) -> clear PTE_AF
- 3. A read faults due to the missing access flag
- 4. ptep_set_access_flags is called with dirty = 0, due to the read fault
- 5. pte is then made PTE_WRITE | PTE_DIRTY | PTE_AF | PTE_RDONLY (!)
- 6. A write faults, but pte_write is true so we get stuck
-
-The solution is to check the new page table entry (as would be done by
-the generic, non-atomic definition of ptep_set_access_flags that just
-calls set_pte_at) to establish the dirty state.
-
-Cc: <sta...@vger.kernel.org> # 4.3+
-Fixes: 66dbd6e61a52 ("arm64: Implement ptep_set_access_flags() for hardware
AF/DBM")
-Reviewed-by: Catalin Marinas <catalin.mari...@arm.com>
-Reported-by: Alexander Graf <ag...@suse.de>
-Tested-by: Alexander Graf <ag...@suse.de>
-Signed-off-by: Will Deacon <will.dea...@arm.com>
-Signed-off-by: Alexander Graf <ag...@suse.de>
----
- arch/arm64/mm/fault.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c
-index 40f5522..4c1a118 100644
---- a/arch/arm64/mm/fault.c
-+++ b/arch/arm64/mm/fault.c
-@@ -109,7 +109,7 @@ int ptep_set_access_flags(struct vm_area_struct *vma,
- * PTE_RDONLY is cleared by default in the asm below, so set it in
- * back if necessary (read-only or clean PTE).
- */
-- if (!pte_write(entry) || !dirty)
-+ if (!pte_write(entry) || !pte_sw_dirty(entry))
- pte_val(entry) |= PTE_RDONLY;
-
- /*
---
-1.8.5.6
-
++++++ patches.fixes.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/patches.fixes/0001-KEYS-potential-uninitialized-variable.patch
new/patches.fixes/0001-KEYS-potential-uninitialized-variable.patch
--- old/patches.fixes/0001-KEYS-potential-uninitialized-variable.patch
1970-01-01 01:00:00.000000000 +0100
+++ new/patches.fixes/0001-KEYS-potential-uninitialized-variable.patch
2016-06-26 09:34:33.000000000 +0200
@@ -0,0 +1,91 @@
+From 38327424b40bcebe2de92d07312c89360ac9229a Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpen...@oracle.com>
+Date: Thu, 16 Jun 2016 15:48:57 +0100
+Subject: [PATCH] KEYS: potential uninitialized variable
+
+Git-commit: 38327424b40bcebe2de92d07312c89360ac9229a
+Patch-mainline: v4.7-rc4
+References: bsc#984755, CVE-2016-4470
+
+If __key_link_begin() failed then "edit" would be uninitialized. I've
+added a check to fix that.
+
+This allows a random user to crash the kernel, though it's quite
+difficult to achieve. There are three ways it can be done as the user
+would have to cause an error to occur in __key_link():
+
+ (1) Cause the kernel to run out of memory. In practice, this is difficult
+ to achieve without ENOMEM cropping up elsewhere and aborting the
+ attempt.
+
+ (2) Revoke the destination keyring between the keyring ID being looked up
+ and it being tested for revocation. In practice, this is difficult to
+ time correctly because the KEYCTL_REJECT function can only be used
+ from the request-key upcall process. Further, users can only make use
+ of what's in /sbin/request-key.conf, though this does including a
+ rejection debugging test - which means that the destination keyring
+ has to be the caller's session keyring in practice.
+
+ (3) Have just enough key quota available to create a key, a new session
+ keyring for the upcall and a link in the session keyring, but not then
+ sufficient quota to create a link in the nominated destination keyring
+ so that it fails with EDQUOT.
+
+The bug can be triggered using option (3) above using something like the
+following:
+
+ echo 80 >/proc/sys/kernel/keys/root_maxbytes
+ keyctl request2 user debug:fred negate @t
+
+The above sets the quota to something much lower (80) to make the bug
+easier to trigger, but this is dependent on the system. Note also that
+the name of the keyring created contains a random number that may be
+between 1 and 10 characters in size, so may throw the test off by
+changing the amount of quota used.
+
+Assuming the failure occurs, something like the following will be seen:
+
+ kfree_debugcheck: out of range ptr 6b6b6b6b6b6b6b68h
+ ------------[ cut here ]------------
+ kernel BUG at ../mm/slab.c:2821!
+ ...
+ RIP: 0010:[<ffffffff811600f9>] kfree_debugcheck+0x20/0x25
+ RSP: 0018:ffff8804014a7de8 EFLAGS: 00010092
+ RAX: 0000000000000034 RBX: 6b6b6b6b6b6b6b68 RCX: 0000000000000000
+ RDX: 0000000000040001 RSI: 00000000000000f6 RDI: 0000000000000300
+ RBP: ffff8804014a7df0 R08: 0000000000000001 R09: 0000000000000000
+ R10: ffff8804014a7e68 R11: 0000000000000054 R12: 0000000000000202
+ R13: ffffffff81318a66 R14: 0000000000000000 R15: 0000000000000001
+ ...
+ Call Trace:
+ kfree+0xde/0x1bc
+ assoc_array_cancel_edit+0x1f/0x36
+ __key_link_end+0x55/0x63
+ key_reject_and_link+0x124/0x155
+ keyctl_reject_key+0xb6/0xe0
+ keyctl_negate_key+0x10/0x12
+ SyS_keyctl+0x9f/0xe7
+ do_syscall_64+0x63/0x13a
+ entry_SYSCALL64_slow_path+0x25/0x25
+
+Fixes: f70e2e06196a ('KEYS: Do preallocation for __key_link()')
+Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com>
+Signed-off-by: David Howells <dhowe...@redhat.com>
+cc: sta...@vger.kernel.org
+Signed-off-by: Linus Torvalds <torva...@linux-foundation.org>
+Acked-by: Lee, Chun-Yi <j...@suse.com>
+---
+ security/keys/key.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/security/keys/key.c
++++ b/security/keys/key.c
+@@ -584,7 +584,7 @@ int key_reject_and_link(struct key *key,
+
+ mutex_unlock(&key_construction_mutex);
+
+- if (keyring)
++ if (keyring && link_ret == 0)
+ __key_link_end(keyring, &key->index_key, edit);
+
+ /* wake up anyone waiting for a key to be constructed */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/patches.fixes/base-make-module_create_drivers_dir-race-free.patch
new/patches.fixes/base-make-module_create_drivers_dir-race-free.patch
--- old/patches.fixes/base-make-module_create_drivers_dir-race-free.patch
1970-01-01 01:00:00.000000000 +0100
+++ new/patches.fixes/base-make-module_create_drivers_dir-race-free.patch
2016-06-26 09:34:33.000000000 +0200
@@ -0,0 +1,86 @@
+From: Jiri Slaby <jsl...@suse.cz>
+Date: Fri, 10 Jun 2016 10:54:32 +0200
+Subject: base: make module_create_drivers_dir race-free
+Git-commit: 7e1b1fc4dabd6ec8e28baa0708866e13fa93c9b3
+Patch-mainline: v4.7-rc4
+References: bnc#983977
+
+Modules which register drivers via standard path (driver_register) in
+parallel can cause a warning:
+WARNING: CPU: 2 PID: 3492 at ../fs/sysfs/dir.c:31 sysfs_warn_dup+0x62/0x80
+sysfs: cannot create duplicate filename '/module/saa7146/drivers'
+Modules linked in: hexium_gemini(+) mxb(+) ...
+...
+Call Trace:
+...
+ [<ffffffff812e63a2>] sysfs_warn_dup+0x62/0x80
+ [<ffffffff812e6487>] sysfs_create_dir_ns+0x77/0x90
+ [<ffffffff8140f2c4>] kobject_add_internal+0xb4/0x340
+ [<ffffffff8140f5b8>] kobject_add+0x68/0xb0
+ [<ffffffff8140f631>] kobject_create_and_add+0x31/0x70
+ [<ffffffff8157a703>] module_add_driver+0xc3/0xd0
+ [<ffffffff8155e5d4>] bus_add_driver+0x154/0x280
+ [<ffffffff815604c0>] driver_register+0x60/0xe0
+ [<ffffffff8145bed0>] __pci_register_driver+0x60/0x70
+ [<ffffffffa0273e14>] saa7146_register_extension+0x64/0x90 [saa7146]
+ [<ffffffffa0033011>] hexium_init_module+0x11/0x1000 [hexium_gemini]
+...
+
+As can be (mostly) seen, driver_register causes this call sequence:
+ -> bus_add_driver
+ -> module_add_driver
+ -> module_create_drivers_dir
+The last one creates "drivers" directory in /sys/module/<...>. When
+this is done in parallel, the directory is attempted to be created
+twice at the same time.
+
+This can be easily reproduced by loading mxb and hexium_gemini in
+parallel:
+while :; do
+ modprobe mxb &
+ modprobe hexium_gemini
+ wait
+ rmmod mxb hexium_gemini saa7146_vv saa7146
+done
+
+saa7146 calls pci_register_driver for both mxb and hexium_gemini,
+which means /sys/module/saa7146/drivers is to be created for both of
+them.
+
+Fix this by a new mutex in module_create_drivers_dir which makes the
+test-and-create "drivers" dir atomic.
+
+I inverted the condition and removed 'return' to avoid multiple
+unlocks or a goto.
+
+Signed-off-by: Jiri Slaby <jsl...@suse.cz>
+Fixes: fe480a2675ed (Modules: only add drivers/ direcory if needed)
+Cc: v2.6.21+ <sta...@vger.kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>
+---
+ drivers/base/module.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/base/module.c b/drivers/base/module.c
+index db930d3ee312..2a215780eda2 100644
+--- a/drivers/base/module.c
++++ b/drivers/base/module.c
+@@ -24,10 +24,12 @@ static char *make_driver_name(struct device_driver *drv)
+
+ static void module_create_drivers_dir(struct module_kobject *mk)
+ {
+- if (!mk || mk->drivers_dir)
+- return;
++ static DEFINE_MUTEX(drivers_dir_mutex);
+
+- mk->drivers_dir = kobject_create_and_add("drivers", &mk->kobj);
++ mutex_lock(&drivers_dir_mutex);
++ if (mk && !mk->drivers_dir)
++ mk->drivers_dir = kobject_create_and_add("drivers", &mk->kobj);
++ mutex_unlock(&drivers_dir_mutex);
+ }
+
+ void module_add_driver(struct module *mod, struct device_driver *drv)
+--
+2.9.0
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/patches.fixes/rds-fix-an-infoleak-in-rds_inc_info_copy.patch
new/patches.fixes/rds-fix-an-infoleak-in-rds_inc_info_copy.patch
--- old/patches.fixes/rds-fix-an-infoleak-in-rds_inc_info_copy.patch
1970-01-01 01:00:00.000000000 +0100
+++ new/patches.fixes/rds-fix-an-infoleak-in-rds_inc_info_copy.patch
2016-06-26 09:34:33.000000000 +0200
@@ -0,0 +1,33 @@
+From: Kangjie Lu <kangji...@gmail.com>
+Date: Thu, 2 Jun 2016 04:11:20 -0400
+Subject: rds: fix an infoleak in rds_inc_info_copy
+Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git
+Git-commit: 4116def2337991b39919f3b448326e21c40e0dbb
+Patch-mainline: Queued in davem's tree
+References: bsc#983213 CVE-2016-5244
+
+The last field "flags" of object "minfo" is not initialized.
+Copying this object out may leak kernel stack data.
+Assign 0 to it to avoid leak.
+
+Signed-off-by: Kangjie Lu <k...@gatech.edu>
+Acked-by: Santosh Shilimkar <santosh.shilim...@oracle.com>
+Signed-off-by: David S. Miller <da...@davemloft.net>
+Acked-by: Borislav Petkov <b...@suse.de>
+---
+ net/rds/recv.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/net/rds/recv.c b/net/rds/recv.c
+index c0be1ecd11c9..8413f6c99e13 100644
+--- a/net/rds/recv.c
++++ b/net/rds/recv.c
+@@ -561,5 +561,7 @@ void rds_inc_info_copy(struct rds_incoming *inc,
+ minfo.fport = inc->i_hdr.h_dport;
+ }
+
++ minfo.flags = 0;
++
+ rds_info_copy(iter, &minfo, sizeof(minfo));
+ }
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/patches.fixes/tipc-check-nl-sock-before-parsing-nested-attributes.patch
new/patches.fixes/tipc-check-nl-sock-before-parsing-nested-attributes.patch
--- old/patches.fixes/tipc-check-nl-sock-before-parsing-nested-attributes.patch
2016-06-09 17:51:38.000000000 +0200
+++ new/patches.fixes/tipc-check-nl-sock-before-parsing-nested-attributes.patch
1970-01-01 01:00:00.000000000 +0100
@@ -1,40 +0,0 @@
-From: Richard Alpe <richard.a...@ericsson.com>
-Date: Mon, 16 May 2016 11:14:54 +0200
-Subject: tipc: check nl sock before parsing nested attributes
-Patch-mainline: v4.7-rc1
-Git-commit: 45e093ae2830cd1264677d47ff9a95a71f5d9f9c
-References: CVE-2016-4951 bsc#981058
-
-Make sure the socket for which the user is listing publication exists
-before parsing the socket netlink attributes.
-
-Prior to this patch a call without any socket caused a NULL pointer
-dereference in tipc_nl_publ_dump().
-
-Tested-and-reported-by: Baozeng Ding <splovi...@gmail.com>
-Signed-off-by: Richard Alpe <richard.a...@ericsson.com>
-Acked-by: Jon Maloy <jon.ma...@ericsson.cm>
-Signed-off-by: David S. Miller <da...@davemloft.net>
-Acked-by: Michal Kubecek <mkube...@suse.cz>
-
----
- net/tipc/socket.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/net/tipc/socket.c b/net/tipc/socket.c
-index 3eeb50a27b89..5f80d3fa9c85 100644
---- a/net/tipc/socket.c
-+++ b/net/tipc/socket.c
-@@ -2807,6 +2807,9 @@ int tipc_nl_publ_dump(struct sk_buff *skb, struct
netlink_callback *cb)
- if (err)
- return err;
-
-+ if (!attrs[TIPC_NLA_SOCK])
-+ return -EINVAL;
-+
- err = nla_parse_nested(sock, TIPC_NLA_SOCK_MAX,
- attrs[TIPC_NLA_SOCK],
- tipc_nl_sock_policy);
---
-2.8.3
-
++++++ patches.kernel.org.tar.bz2 ++++++
++++ 4811 lines of diff (skipped)
++++++ series.conf ++++++
--- /var/tmp/diff_new_pack.U8M6Dc/_old 2016-07-07 15:09:37.000000000 +0200
+++ /var/tmp/diff_new_pack.U8M6Dc/_new 2016-07-07 15:09:37.000000000 +0200
@@ -29,6 +29,7 @@
########################################################
patches.kernel.org/patch-4.6.1
patches.kernel.org/patch-4.6.1-2
+ patches.kernel.org/patch-4.6.2-3
########################################################
# Build fixes that apply to the vanilla kernel too.
@@ -79,6 +80,7 @@
# Scheduler / Core
########################################################
patches.suse/setuid-dumpable-wrongdir
+ patches.fixes/base-make-module_create_drivers_dir-race-free.patch
########################################################
# Architecture-specific patches. These used to be all
@@ -172,7 +174,6 @@
patches.arch/arm64-3-6-drivers-net-phy-Add-MDIO-driver.patch
patches.arch/arm64-6-6-drivers-net-xgene-Fix-module-load-unload-crash.patch
- patches.arch/arm64-mm-always-take-dirty-state-from-new-pte-in-pte.patch
########################################################
# S/390
@@ -235,7 +236,9 @@
########################################################
# Networking, IPv6
########################################################
- patches.fixes/tipc-check-nl-sock-before-parsing-nested-attributes.patch
+
+ # bsc#983213 CVE-2016-5244
+ patches.fixes/rds-fix-an-infoleak-in-rds_inc_info_copy.patch
########################################################
# Netfilter
@@ -435,6 +438,9 @@
#
##########################################################
+ # Bug 984755 - CVE-2016-4470: kernel-source: Uninitialized variable in
request_key handling causes kernel crash in error handling path
+ patches.fixes/0001-KEYS-potential-uninitialized-variable.patch
+
##########################################################
# Audit
##########################################################
++++++ source-timestamp ++++++
--- /var/tmp/diff_new_pack.U8M6Dc/_old 2016-07-07 15:09:37.000000000 +0200
+++ /var/tmp/diff_new_pack.U8M6Dc/_new 2016-07-07 15:09:37.000000000 +0200
@@ -1,3 +1,3 @@
-2016-06-10 10:12:44 +0200
-GIT Revision: 2a68ef06204cc0147a96070ce5815eb47e35b33c
+2016-06-26 09:34:33 +0200
+GIT Revision: d4bcf2abd85a8d69da9d3f3e4e5dc57c556bca61
GIT Branch: stable
