Hello community, here is the log from the commit of package kernel-source for openSUSE:Factory checked in at 2016-11-05 21:24:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kernel-source (Old) and /work/SRC/openSUSE:Factory/.kernel-source.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kernel-source" Changes: -------- --- /work/SRC/openSUSE:Factory/kernel-source/kernel-64kb.changes 2016-11-03 11:14:03.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.kernel-source.new/kernel-64kb.changes 2016-11-05 21:24:18.000000000 +0100 @@ -1,0 +2,19 @@ +Thu Nov 3 12:45:30 CET 2016 - oneu...@suse.com + +- usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615). +- commit f452d0b + +------------------------------------------------------------------- +Thu Nov 3 09:36:24 CET 2016 - j...@suse.com + +- KEYS: Fix short sprintf buffer in /proc/keys show function + (bsc#1004517, CVE-2016-7042). +- commit 9d6b45c + +------------------------------------------------------------------- +Tue Nov 1 14:16:13 CET 2016 - mkube...@suse.cz + +- Update patches.fixes/net-add-recursion-limit-to-GRO.patch mainline reference. +- commit 3d61b80 + +------------------------------------------------------------------- kernel-debug.changes: same change kernel-default.changes: same change kernel-docs.changes: same change kernel-lpae.changes: same change kernel-obs-build.changes: same change kernel-obs-qa.changes: same change kernel-pae.changes: same change kernel-source.changes: same change kernel-syms.changes: same change kernel-syzkaller.changes: same change kernel-vanilla.changes: same change ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kernel-64kb.spec ++++++ --- /var/tmp/diff_new_pack.YBqHCn/_old 2016-11-05 21:24:23.000000000 +0100 +++ /var/tmp/diff_new_pack.YBqHCn/_new 2016-11-05 21:24:23.000000000 +0100 @@ -62,7 +62,7 @@ Group: System/Kernel Version: 4.8.6 %if 0%{?is_kotd} -Release: <RELEASE>.g7d70b08 +Release: <RELEASE>.g1d89b44 %else Release: 0 %endif kernel-debug.spec: same change kernel-default.spec: same change ++++++ kernel-docs.spec ++++++ --- /var/tmp/diff_new_pack.YBqHCn/_old 2016-11-05 21:24:23.000000000 +0100 +++ /var/tmp/diff_new_pack.YBqHCn/_new 2016-11-05 21:24:23.000000000 +0100 @@ -35,7 +35,7 @@ Group: Documentation/Man Version: 4.8.6 %if 0%{?is_kotd} -Release: <RELEASE>.g7d70b08 +Release: <RELEASE>.g1d89b44 %else Release: 0 %endif ++++++ kernel-lpae.spec ++++++ --- /var/tmp/diff_new_pack.YBqHCn/_old 2016-11-05 21:24:23.000000000 +0100 +++ /var/tmp/diff_new_pack.YBqHCn/_new 2016-11-05 21:24:23.000000000 +0100 @@ -62,7 +62,7 @@ Group: System/Kernel Version: 4.8.6 %if 0%{?is_kotd} -Release: <RELEASE>.g7d70b08 +Release: <RELEASE>.g1d89b44 %else Release: 0 %endif ++++++ kernel-obs-build.spec ++++++ --- /var/tmp/diff_new_pack.YBqHCn/_old 2016-11-05 21:24:23.000000000 +0100 +++ /var/tmp/diff_new_pack.YBqHCn/_new 2016-11-05 21:24:23.000000000 +0100 @@ -53,7 +53,7 @@ Group: SLES Version: 4.8.6 %if 0%{?is_kotd} -Release: <RELEASE>.g7d70b08 +Release: <RELEASE>.g1d89b44 %else Release: 0 %endif kernel-obs-qa.spec: same change ++++++ kernel-pae.spec ++++++ --- /var/tmp/diff_new_pack.YBqHCn/_old 2016-11-05 21:24:23.000000000 +0100 +++ /var/tmp/diff_new_pack.YBqHCn/_new 2016-11-05 21:24:23.000000000 +0100 @@ -62,7 +62,7 @@ Group: System/Kernel Version: 4.8.6 %if 0%{?is_kotd} -Release: <RELEASE>.g7d70b08 +Release: <RELEASE>.g1d89b44 %else Release: 0 %endif ++++++ kernel-source.spec ++++++ --- /var/tmp/diff_new_pack.YBqHCn/_old 2016-11-05 21:24:23.000000000 +0100 +++ /var/tmp/diff_new_pack.YBqHCn/_new 2016-11-05 21:24:23.000000000 +0100 @@ -32,7 +32,7 @@ Group: Development/Sources Version: 4.8.6 %if 0%{?is_kotd} -Release: <RELEASE>.g7d70b08 +Release: <RELEASE>.g1d89b44 %else Release: 0 %endif ++++++ kernel-syms.spec ++++++ --- /var/tmp/diff_new_pack.YBqHCn/_old 2016-11-05 21:24:23.000000000 +0100 +++ /var/tmp/diff_new_pack.YBqHCn/_new 2016-11-05 21:24:23.000000000 +0100 @@ -27,7 +27,7 @@ Version: 4.8.6 %if %using_buildservice %if 0%{?is_kotd} -Release: <RELEASE>.g7d70b08 +Release: <RELEASE>.g1d89b44 %else Release: 0 %endif ++++++ kernel-syzkaller.spec ++++++ --- /var/tmp/diff_new_pack.YBqHCn/_old 2016-11-05 21:24:23.000000000 +0100 +++ /var/tmp/diff_new_pack.YBqHCn/_new 2016-11-05 21:24:23.000000000 +0100 @@ -62,7 +62,7 @@ Group: System/Kernel Version: 4.8.6 %if 0%{?is_kotd} -Release: <RELEASE>.g7d70b08 +Release: <RELEASE>.g1d89b44 %else Release: 0 %endif kernel-vanilla.spec: same change ++++++ patches.drivers.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.drivers/0001-usbhid-add-ATEN-CS962-to-list-of-quirky-devices.patch new/patches.drivers/0001-usbhid-add-ATEN-CS962-to-list-of-quirky-devices.patch --- old/patches.drivers/0001-usbhid-add-ATEN-CS962-to-list-of-quirky-devices.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.drivers/0001-usbhid-add-ATEN-CS962-to-list-of-quirky-devices.patch 2016-11-03 14:00:34.000000000 +0100 @@ -0,0 +1,44 @@ +From 0cc3b1eee3dde5162d9f05a050b0067d55e679ed Mon Sep 17 00:00:00 2001 +From: Oliver Neukum <oneu...@suse.com> +Date: Thu, 3 Nov 2016 12:16:18 +0100 +Subject: [PATCH] usbhid: add ATEN CS962 to list of quirky devices +References: bsc#1007615 +Patch-Mainline: Submitted (20161103 linux-...@vger.kernel.org) + +Like many similar devices it needs a quirk to work. +Issuing the request gets the device into an irrecoverable state. + +Signed-off-by: Oliver Neukum <oneu...@suse.com> +CC: sta...@vger.kernel.org +--- + drivers/hid/hid-ids.h | 1 + + drivers/hid/usbhid/hid-quirks.c | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h +index 4ed9a4f..f6d1f34 100644 +--- a/drivers/hid/hid-ids.h ++++ b/drivers/hid/hid-ids.h +@@ -176,6 +176,7 @@ + #define USB_DEVICE_ID_ATEN_4PORTKVM 0x2205 + #define USB_DEVICE_ID_ATEN_4PORTKVMC 0x2208 + #define USB_DEVICE_ID_ATEN_CS682 0x2213 ++#define USB_DEVICE_ID_ATEN_CS692 0x8021 + + #define USB_VENDOR_ID_ATMEL 0x03eb + #define USB_DEVICE_ID_ATMEL_MULTITOUCH 0x211c +diff --git a/drivers/hid/usbhid/hid-quirks.c b/drivers/hid/usbhid/hid-quirks.c +index b4b8c6a..85d5ff2 100644 +--- a/drivers/hid/usbhid/hid-quirks.c ++++ b/drivers/hid/usbhid/hid-quirks.c +@@ -62,6 +62,7 @@ static const struct hid_blacklist { + { USB_VENDOR_ID_ATEN, USB_DEVICE_ID_ATEN_4PORTKVM, HID_QUIRK_NOGET }, + { USB_VENDOR_ID_ATEN, USB_DEVICE_ID_ATEN_4PORTKVMC, HID_QUIRK_NOGET }, + { USB_VENDOR_ID_ATEN, USB_DEVICE_ID_ATEN_CS682, HID_QUIRK_NOGET }, ++ { USB_VENDOR_ID_ATEN, USB_DEVICE_ID_ATEN_CS692, HID_QUIRK_NOGET }, + { USB_VENDOR_ID_CH, USB_DEVICE_ID_CH_FIGHTERSTICK, HID_QUIRK_NOGET }, + { USB_VENDOR_ID_CH, USB_DEVICE_ID_CH_COMBATSTICK, HID_QUIRK_NOGET }, + { USB_VENDOR_ID_CH, USB_DEVICE_ID_CH_FLIGHT_SIM_ECLIPSE_YOKE, HID_QUIRK_NOGET }, +-- +2.6.2 + ++++++ patches.fixes.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/0001-KEYS-Fix-short-sprintf-buffer-in-proc-keys-show-func.patch new/patches.fixes/0001-KEYS-Fix-short-sprintf-buffer-in-proc-keys-show-func.patch --- old/patches.fixes/0001-KEYS-Fix-short-sprintf-buffer-in-proc-keys-show-func.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.fixes/0001-KEYS-Fix-short-sprintf-buffer-in-proc-keys-show-func.patch 2016-11-03 09:36:24.000000000 +0100 @@ -0,0 +1,74 @@ +From 03dab869b7b239c4e013ec82aea22e181e441cfc Mon Sep 17 00:00:00 2001 +From: David Howells <dhowe...@redhat.com> +Date: Wed, 26 Oct 2016 15:01:54 +0100 +Subject: [PATCH] KEYS: Fix short sprintf buffer in /proc/keys show function + +Git-commit: 03dab869b7b239c4e013ec82aea22e181e441cfc +Patch-mainline: v4.9-rc3 +References: bsc#1004517, CVE-2016-7042 + +This fixes CVE-2016-7042. + +Fix a short sprintf buffer in proc_keys_show(). If the gcc stack protector +is turned on, this can cause a panic due to stack corruption. + +The problem is that xbuf[] is not big enough to hold a 64-bit timeout +rendered as weeks: + + (gdb) p 0xffffffffffffffffULL/(60*60*24*7) + $2 = 30500568904943 + +That's 14 chars plus NUL, not 11 chars plus NUL. + +Expand the buffer to 16 chars. + +I think the unpatched code apparently works if the stack-protector is not +enabled because on a 32-bit machine the buffer won't be overflowed and on a +64-bit machine there's a 64-bit aligned pointer at one side and an int that +isn't checked again on the other side. + +The panic incurred looks something like: + +Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffff81352ebe +CPU: 0 PID: 1692 Comm: reproducer Not tainted 4.7.2-201.fc24.x86_64 #1 +Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 + 0000000000000086 00000000fbbd2679 ffff8800a044bc00 ffffffff813d941f + ffffffff81a28d58 ffff8800a044bc98 ffff8800a044bc88 ffffffff811b2cb6 + ffff880000000010 ffff8800a044bc98 ffff8800a044bc30 00000000fbbd2679 +Call Trace: + [<ffffffff813d941f>] dump_stack+0x63/0x84 + [<ffffffff811b2cb6>] panic+0xde/0x22a + [<ffffffff81352ebe>] ? proc_keys_show+0x3ce/0x3d0 + [<ffffffff8109f7f9>] __stack_chk_fail+0x19/0x30 + [<ffffffff81352ebe>] proc_keys_show+0x3ce/0x3d0 + [<ffffffff81350410>] ? key_validate+0x50/0x50 + [<ffffffff8134db30>] ? key_default_cmp+0x20/0x20 + [<ffffffff8126b31c>] seq_read+0x2cc/0x390 + [<ffffffff812b6b12>] proc_reg_read+0x42/0x70 + [<ffffffff81244fc7>] __vfs_read+0x37/0x150 + [<ffffffff81357020>] ? security_file_permission+0xa0/0xc0 + [<ffffffff81246156>] vfs_read+0x96/0x130 + [<ffffffff81247635>] SyS_read+0x55/0xc0 + [<ffffffff817eb872>] entry_SYSCALL_64_fastpath+0x1a/0xa4 + +Reported-by: Ondrej Kozina <okoz...@redhat.com> +Signed-off-by: David Howells <dhowe...@redhat.com> +Tested-by: Ondrej Kozina <okoz...@redhat.com> +cc: sta...@vger.kernel.org +Signed-off-by: James Morris <james.l.mor...@oracle.com> +Acked-by: Lee, Chun-Yi <j...@suse.com> +--- + security/keys/proc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/security/keys/proc.c ++++ b/security/keys/proc.c +@@ -181,7 +181,7 @@ static int proc_keys_show(struct seq_fil + struct timespec now; + unsigned long timo; + key_ref_t key_ref, skey_ref; +- char xbuf[12]; ++ char xbuf[16]; + int rc; + + struct keyring_search_context ctx = { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/net-add-recursion-limit-to-GRO.patch new/patches.fixes/net-add-recursion-limit-to-GRO.patch --- old/patches.fixes/net-add-recursion-limit-to-GRO.patch 2016-10-31 13:02:56.000000000 +0100 +++ new/patches.fixes/net-add-recursion-limit-to-GRO.patch 2016-11-03 09:36:24.000000000 +0100 @@ -1,7 +1,8 @@ From: Sabrina Dubroca <s...@queasysnail.net> Date: Thu, 15 Sep 2016 10:49:30 +0200 Subject: net: add recursion limit to GRO -Patch-mainline: Not yet, embargoed (likely v4.9-rc1) +Patch-mainline: v4.9-rc4 +Git-commit: fcd91dd449867c6bfe56a81cabba76b829fd05cd References: CVE-2016-7039 bsc#1001486 Currently, GRO can do unlimited recursion through the gro_receive ++++++ series.conf ++++++ --- /var/tmp/diff_new_pack.YBqHCn/_old 2016-11-05 21:24:24.000000000 +0100 +++ /var/tmp/diff_new_pack.YBqHCn/_new 2016-11-05 21:24:24.000000000 +0100 @@ -374,6 +374,7 @@ patches.drivers/Input-ALPS-handle-0-pressure-1F-events.patch patches.drivers/Input-ALPS-allow-touchsticks-to-report-pressure.patch patches.drivers/Input-ALPS-set-DualPoint-flag-for-74-03-28-devices.patch + patches.drivers/0001-usbhid-add-ATEN-CS962-to-list-of-quirky-devices.patch ########################################################## # Sound @@ -429,6 +430,9 @@ # ########################################################## + # Bug 1004517 CVE-2016-7042: kernel: Stack corruption while reading /proc/keys + patches.fixes/0001-KEYS-Fix-short-sprintf-buffer-in-proc-keys-show-func.patch + ########################################################## # Audit ########################################################## ++++++ source-timestamp ++++++ --- /var/tmp/diff_new_pack.YBqHCn/_old 2016-11-05 21:24:24.000000000 +0100 +++ /var/tmp/diff_new_pack.YBqHCn/_new 2016-11-05 21:24:24.000000000 +0100 @@ -1,3 +1,3 @@ -2016-10-31 13:02:56 +0100 -GIT Revision: 7d70b08f854edbb0c97709bf8de6538858d68bcd +2016-11-03 14:00:34 +0100 +GIT Revision: 1d89b442286067e71ee61ece724de522883ddc9a GIT Branch: stable