Hello community, here is the log from the commit of package kernel-source for openSUSE:Factory checked in at 2016-01-08 15:21:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kernel-source (Old) and /work/SRC/openSUSE:Factory/.kernel-source.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kernel-source" Changes: -------- --- /work/SRC/openSUSE:Factory/kernel-source/kernel-debug.changes 2016-01-04 09:21:13.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.kernel-source.new/kernel-debug.changes 2016-01-08 15:21:40.000000000 +0100 @@ -1,0 +2,14 @@ +Mon Jan 4 13:38:39 CET 2016 - [email protected] + +- Driver for IBM System i/p VNIC protocol. +- Update config files: CONFIG_IBMVNIC=m +- commit eae9134 + +------------------------------------------------------------------- +Mon Jan 4 06:34:03 CET 2016 - [email protected] + +- KEYS: Fix race between read and revoke (bnc#958951, + CVE-2015-7550). +- commit 1c9407b + +------------------------------------------------------------------- kernel-default.changes: same change kernel-docs.changes: same change kernel-lpae.changes: same change kernel-obs-build.changes: same change kernel-obs-qa.changes: same change kernel-pae.changes: same change kernel-source.changes: same change kernel-syms.changes: same change kernel-vanilla.changes: same change ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kernel-debug.spec ++++++ --- /var/tmp/diff_new_pack.K1N8KP/_old 2016-01-08 15:21:45.000000000 +0100 +++ /var/tmp/diff_new_pack.K1N8KP/_new 2016-01-08 15:21:45.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package kernel-debug # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -59,7 +59,7 @@ Group: System/Kernel Version: 4.3.3 %if 0%{?is_kotd} -Release: <RELEASE>.g008195a +Release: <RELEASE>.geae9134 %else Release: 0 %endif kernel-default.spec: same change ++++++ kernel-docs.spec ++++++ --- /var/tmp/diff_new_pack.K1N8KP/_old 2016-01-08 15:21:45.000000000 +0100 +++ /var/tmp/diff_new_pack.K1N8KP/_new 2016-01-08 15:21:45.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package kernel-docs # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -29,7 +29,7 @@ Group: Documentation/Man Version: 4.3.3 %if 0%{?is_kotd} -Release: <RELEASE>.g008195a +Release: <RELEASE>.geae9134 %else Release: 0 %endif ++++++ kernel-lpae.spec ++++++ --- /var/tmp/diff_new_pack.K1N8KP/_old 2016-01-08 15:21:45.000000000 +0100 +++ /var/tmp/diff_new_pack.K1N8KP/_new 2016-01-08 15:21:45.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package kernel-lpae # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -59,7 +59,7 @@ Group: System/Kernel Version: 4.3.3 %if 0%{?is_kotd} -Release: <RELEASE>.g008195a +Release: <RELEASE>.geae9134 %else Release: 0 %endif ++++++ kernel-obs-build.spec ++++++ --- /var/tmp/diff_new_pack.K1N8KP/_old 2016-01-08 15:21:45.000000000 +0100 +++ /var/tmp/diff_new_pack.K1N8KP/_new 2016-01-08 15:21:45.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package kernel-obs-build # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -44,7 +44,7 @@ Group: SLES Version: 4.3.3 %if 0%{?is_kotd} -Release: <RELEASE>.g008195a +Release: <RELEASE>.geae9134 %else Release: 0 %endif kernel-obs-qa.spec: same change ++++++ kernel-pae.spec ++++++ --- /var/tmp/diff_new_pack.K1N8KP/_old 2016-01-08 15:21:45.000000000 +0100 +++ /var/tmp/diff_new_pack.K1N8KP/_new 2016-01-08 15:21:45.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package kernel-pae # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -59,7 +59,7 @@ Group: System/Kernel Version: 4.3.3 %if 0%{?is_kotd} -Release: <RELEASE>.g008195a +Release: <RELEASE>.geae9134 %else Release: 0 %endif ++++++ kernel-source.spec ++++++ --- /var/tmp/diff_new_pack.K1N8KP/_old 2016-01-08 15:21:45.000000000 +0100 +++ /var/tmp/diff_new_pack.K1N8KP/_new 2016-01-08 15:21:45.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package kernel-source # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -32,7 +32,7 @@ Group: Development/Sources Version: 4.3.3 %if 0%{?is_kotd} -Release: <RELEASE>.g008195a +Release: <RELEASE>.geae9134 %else Release: 0 %endif ++++++ kernel-syms.spec ++++++ --- /var/tmp/diff_new_pack.K1N8KP/_old 2016-01-08 15:21:45.000000000 +0100 +++ /var/tmp/diff_new_pack.K1N8KP/_new 2016-01-08 15:21:45.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package kernel-syms # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -27,7 +27,7 @@ Version: 4.3.3 %if %using_buildservice %if 0%{?is_kotd} -Release: <RELEASE>.g008195a +Release: <RELEASE>.geae9134 %else Release: 0 %endif ++++++ kernel-vanilla.spec ++++++ --- /var/tmp/diff_new_pack.K1N8KP/_old 2016-01-08 15:21:45.000000000 +0100 +++ /var/tmp/diff_new_pack.K1N8KP/_new 2016-01-08 15:21:45.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package kernel-vanilla # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -59,7 +59,7 @@ Group: System/Kernel Version: 4.3.3 %if 0%{?is_kotd} -Release: <RELEASE>.g008195a +Release: <RELEASE>.geae9134 %else Release: 0 %endif ++++++ config.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/arm64/default new/config/arm64/default --- old/config/arm64/default 2015-12-22 12:19:48.000000000 +0100 +++ new/config/arm64/default 2016-01-04 13:38:39.000000000 +0100 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 4.3.0 Kernel Configuration +# Linux/arm64 4.3.3 Kernel Configuration # CONFIG_ARM64=y CONFIG_64BIT=y diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/armv6hl/default new/config/armv6hl/default --- old/config/armv6hl/default 2015-12-22 12:19:48.000000000 +0100 +++ new/config/armv6hl/default 2016-01-04 13:38:39.000000000 +0100 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm 4.3.0 Kernel Configuration +# Linux/arm 4.3.3 Kernel Configuration # CONFIG_ARM=y CONFIG_ARM_HAS_SG_CHAIN=y diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/i386/debug new/config/i386/debug --- old/config/i386/debug 2015-12-22 12:19:48.000000000 +0100 +++ new/config/i386/debug 2016-01-04 13:38:39.000000000 +0100 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/i386 4.3.0 Kernel Configuration +# Linux/i386 4.3.3 Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/i386/default new/config/i386/default --- old/config/i386/default 2015-12-22 12:19:48.000000000 +0100 +++ new/config/i386/default 2016-01-04 13:38:39.000000000 +0100 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/i386 4.3.0 Kernel Configuration +# Linux/i386 4.3.3 Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/i386/pae new/config/i386/pae --- old/config/i386/pae 2015-12-22 12:19:48.000000000 +0100 +++ new/config/i386/pae 2016-01-04 13:38:39.000000000 +0100 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/i386 4.3.0 Kernel Configuration +# Linux/i386 4.3.3 Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/ppc/default new/config/ppc/default --- old/config/ppc/default 2015-12-22 12:19:48.000000000 +0100 +++ new/config/ppc/default 2016-01-04 13:38:39.000000000 +0100 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/powerpc 4.3.0 Kernel Configuration +# Linux/powerpc 4.3.3 Kernel Configuration # # CONFIG_PPC64 is not set diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/ppc64/debug new/config/ppc64/debug --- old/config/ppc64/debug 2015-12-22 12:19:48.000000000 +0100 +++ new/config/ppc64/debug 2016-01-04 13:38:39.000000000 +0100 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/powerpc 4.3.0 Kernel Configuration +# Linux/powerpc 4.3.3 Kernel Configuration # CONFIG_PPC64=y @@ -2224,6 +2224,7 @@ # CONFIG_IBM_EMAC_MAL_CLR_ICINTSTAT is not set # CONFIG_IBM_EMAC_MAL_COMMON_ERR is not set CONFIG_EHEA=m +CONFIG_IBMVNIC=m CONFIG_NET_VENDOR_INTEL=y CONFIG_E100=m CONFIG_E1000=m diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/ppc64/default new/config/ppc64/default --- old/config/ppc64/default 2015-12-22 12:19:48.000000000 +0100 +++ new/config/ppc64/default 2016-01-04 13:38:39.000000000 +0100 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/powerpc 4.3.0 Kernel Configuration +# Linux/powerpc 4.3.3 Kernel Configuration # CONFIG_PPC64=y @@ -2213,6 +2213,7 @@ # CONFIG_IBM_EMAC_MAL_CLR_ICINTSTAT is not set # CONFIG_IBM_EMAC_MAL_COMMON_ERR is not set CONFIG_EHEA=m +CONFIG_IBMVNIC=m CONFIG_NET_VENDOR_INTEL=y CONFIG_E100=m CONFIG_E1000=m diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/ppc64le/debug new/config/ppc64le/debug --- old/config/ppc64le/debug 2015-12-22 12:19:48.000000000 +0100 +++ new/config/ppc64le/debug 2016-01-04 13:38:39.000000000 +0100 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/powerpc 4.3.0 Kernel Configuration +# Linux/powerpc 4.3.3 Kernel Configuration # CONFIG_PPC64=y @@ -2169,6 +2169,7 @@ # CONFIG_IBM_EMAC_MAL_CLR_ICINTSTAT is not set # CONFIG_IBM_EMAC_MAL_COMMON_ERR is not set CONFIG_EHEA=m +CONFIG_IBMVNIC=m CONFIG_NET_VENDOR_INTEL=y CONFIG_E100=m CONFIG_E1000=m diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/ppc64le/default new/config/ppc64le/default --- old/config/ppc64le/default 2015-12-22 12:19:48.000000000 +0100 +++ new/config/ppc64le/default 2016-01-04 13:38:39.000000000 +0100 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/powerpc 4.3.0 Kernel Configuration +# Linux/powerpc 4.3.3 Kernel Configuration # CONFIG_PPC64=y @@ -2158,6 +2158,7 @@ # CONFIG_IBM_EMAC_MAL_CLR_ICINTSTAT is not set # CONFIG_IBM_EMAC_MAL_COMMON_ERR is not set CONFIG_EHEA=m +CONFIG_IBMVNIC=m CONFIG_NET_VENDOR_INTEL=y CONFIG_E100=m CONFIG_E1000=m diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/s390x/default new/config/s390x/default --- old/config/s390x/default 2015-12-22 12:19:48.000000000 +0100 +++ new/config/s390x/default 2016-01-04 13:38:39.000000000 +0100 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/s390 4.3.0 Kernel Configuration +# Linux/s390 4.3.3 Kernel Configuration # CONFIG_MMU=y CONFIG_ZONE_DMA=y diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/x86_64/debug new/config/x86_64/debug --- old/config/x86_64/debug 2015-12-22 12:19:48.000000000 +0100 +++ new/config/x86_64/debug 2016-01-04 13:38:39.000000000 +0100 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 4.3.0 Kernel Configuration +# Linux/x86_64 4.3.3 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/x86_64/default new/config/x86_64/default --- old/config/x86_64/default 2015-12-22 12:19:48.000000000 +0100 +++ new/config/x86_64/default 2016-01-04 13:38:39.000000000 +0100 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 4.3.0 Kernel Configuration +# Linux/x86_64 4.3.3 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y ++++++ patches.drivers.tar.bz2 ++++++ ++++ 4764 lines of diff (skipped) ++++++ patches.fixes.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/0001-KEYS-Fix-race-between-read-and-revoke.patch new/patches.fixes/0001-KEYS-Fix-race-between-read-and-revoke.patch --- old/patches.fixes/0001-KEYS-Fix-race-between-read-and-revoke.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.fixes/0001-KEYS-Fix-race-between-read-and-revoke.patch 2016-01-04 06:34:03.000000000 +0100 @@ -0,0 +1,115 @@ +From b4a1b4f5047e4f54e194681125c74c0aa64d637d Mon Sep 17 00:00:00 2001 +From: David Howells <[email protected]> +Date: Fri, 18 Dec 2015 01:34:26 +0000 +Subject: [PATCH] KEYS: Fix race between read and revoke + +Git-commit: b4a1b4f5047e4f54e194681125c74c0aa64d637d +Patch-mainline: v4.4-rc8 +References: bnc#958951, CVE-2015-7550 + +This fixes CVE-2015-7550. + +There's a race between keyctl_read() and keyctl_revoke(). If the revoke +happens between keyctl_read() checking the validity of a key and the key's +semaphore being taken, then the key type read method will see a revoked key. + +This causes a problem for the user-defined key type because it assumes in +its read method that there will always be a payload in a non-revoked key +and doesn't check for a NULL pointer. + +Fix this by making keyctl_read() check the validity of a key after taking +semaphore instead of before. + +I think the bug was introduced with the original keyrings code. + +This was discovered by a multithreaded test program generated by syzkaller +(http://github.com/google/syzkaller). Here's a cleaned up version: + + #include <sys/types.h> + #include <keyutils.h> + #include <pthread.h> + void *thr0(void *arg) + { + key_serial_t key = (unsigned long)arg; + keyctl_revoke(key); + return 0; + } + void *thr1(void *arg) + { + key_serial_t key = (unsigned long)arg; + char buffer[16]; + keyctl_read(key, buffer, 16); + return 0; + } + int main() + { + key_serial_t key = add_key("user", "%", "foo", 3, KEY_SPEC_USER_KEYRING); + pthread_t th[5]; + pthread_create(&th[0], 0, thr0, (void *)(unsigned long)key); + pthread_create(&th[1], 0, thr1, (void *)(unsigned long)key); + pthread_create(&th[2], 0, thr0, (void *)(unsigned long)key); + pthread_create(&th[3], 0, thr1, (void *)(unsigned long)key); + pthread_join(th[0], 0); + pthread_join(th[1], 0); + pthread_join(th[2], 0); + pthread_join(th[3], 0); + return 0; + } + +Build as: + + cc -o keyctl-race keyctl-race.c -lkeyutils -lpthread + +Run as: + + while keyctl-race; do :; done + +as it may need several iterations to crash the kernel. The crash can be +summarised as: + + BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 + IP: [<ffffffff81279b08>] user_read+0x56/0xa3 + ... + Call Trace: + [<ffffffff81276aa9>] keyctl_read_key+0xb6/0xd7 + [<ffffffff81277815>] SyS_keyctl+0x83/0xe0 + [<ffffffff815dbb97>] entry_SYSCALL_64_fastpath+0x12/0x6f + +Reported-by: Dmitry Vyukov <[email protected]> +Signed-off-by: David Howells <[email protected]> +Tested-by: Dmitry Vyukov <[email protected]> +Cc: [email protected] +Signed-off-by: James Morris <[email protected]> +Acked-by: Lee, Chun-Yi <[email protected]> +--- + security/keys/keyctl.c | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) + +--- a/security/keys/keyctl.c ++++ b/security/keys/keyctl.c +@@ -757,16 +757,16 @@ long keyctl_read_key(key_serial_t keyid, + + /* the key is probably readable - now try to read it */ + can_read_key: +- ret = key_validate(key); +- if (ret == 0) { +- ret = -EOPNOTSUPP; +- if (key->type->read) { +- /* read the data with the semaphore held (since we +- * might sleep) */ +- down_read(&key->sem); ++ ret = -EOPNOTSUPP; ++ if (key->type->read) { ++ /* Read the data with the semaphore held (since we might sleep) ++ * to protect against the key being updated or revoked. ++ */ ++ down_read(&key->sem); ++ ret = key_validate(key); ++ if (ret == 0) + ret = key->type->read(key, buffer, buflen); +- up_read(&key->sem); +- } ++ up_read(&key->sem); + } + + error2: ++++++ series.conf ++++++ --- /var/tmp/diff_new_pack.K1N8KP/_old 2016-01-08 15:21:47.000000000 +0100 +++ /var/tmp/diff_new_pack.K1N8KP/_new 2016-01-08 15:21:47.000000000 +0100 @@ -142,6 +142,7 @@ patches.arch/ppc64le-ile-0003-powerpc-Add-hack-to-make-ppc64le-work-on-hosts-witho.patch patches.arch/ppc64le-ile-0004-powerpc-Don-t-return-to-BE-mode-when-we-are-already-.patch + patches.drivers/ibmvnic-Driver-for-IBM-System-i-p-VNIC-protocol.patch ######################################################## # PS3 ######################################################## @@ -459,6 +460,8 @@ # bsc#958463 VUL-0: CVE-2015-8539: kernel: Fix handling of stored error in a negatively instantiated user key patches.fixes/0001-KEYS-Fix-handling-of-stored-error-in-a-negatively-in.patch + # bsc#958951 CVE-2015-7550: kernel: User triggerable crash from race between key read and rey revoke + patches.fixes/0001-KEYS-Fix-race-between-read-and-revoke.patch ########################################################## # Audit ++++++ source-timestamp ++++++ --- /var/tmp/diff_new_pack.K1N8KP/_old 2016-01-08 15:21:47.000000000 +0100 +++ /var/tmp/diff_new_pack.K1N8KP/_new 2016-01-08 15:21:47.000000000 +0100 @@ -1,3 +1,3 @@ -2015-12-30 10:32:09 +0100 -GIT Revision: 008195af0bd30b4154392c382ad19eb6248fdeb1 +2016-01-04 13:38:39 +0100 +GIT Revision: eae9134ca7ff2668f53859d8b87bd24dc148f234 GIT Branch: stable
