Hello community,
here is the log from the commit of package kernel-source for openSUSE:Factory
checked in at 2016-11-05 21:24:17
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/kernel-source (Old)
and /work/SRC/openSUSE:Factory/.kernel-source.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kernel-source"
Changes:
--------
--- /work/SRC/openSUSE:Factory/kernel-source/kernel-64kb.changes
2016-11-03 11:14:03.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.kernel-source.new/kernel-64kb.changes
2016-11-05 21:24:18.000000000 +0100
@@ -1,0 +2,19 @@
+Thu Nov 3 12:45:30 CET 2016 - oneu...@suse.com
+
+- usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615).
+- commit f452d0b
+
+-------------------------------------------------------------------
+Thu Nov 3 09:36:24 CET 2016 - j...@suse.com
+
+- KEYS: Fix short sprintf buffer in /proc/keys show function
+ (bsc#1004517, CVE-2016-7042).
+- commit 9d6b45c
+
+-------------------------------------------------------------------
+Tue Nov 1 14:16:13 CET 2016 - mkube...@suse.cz
+
+- Update patches.fixes/net-add-recursion-limit-to-GRO.patch mainline reference.
+- commit 3d61b80
+
+-------------------------------------------------------------------
kernel-debug.changes: same change
kernel-default.changes: same change
kernel-docs.changes: same change
kernel-lpae.changes: same change
kernel-obs-build.changes: same change
kernel-obs-qa.changes: same change
kernel-pae.changes: same change
kernel-source.changes: same change
kernel-syms.changes: same change
kernel-syzkaller.changes: same change
kernel-vanilla.changes: same change
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ kernel-64kb.spec ++++++
--- /var/tmp/diff_new_pack.YBqHCn/_old 2016-11-05 21:24:23.000000000 +0100
+++ /var/tmp/diff_new_pack.YBqHCn/_new 2016-11-05 21:24:23.000000000 +0100
@@ -62,7 +62,7 @@
Group: System/Kernel
Version: 4.8.6
%if 0%{?is_kotd}
-Release: <RELEASE>.g7d70b08
+Release: <RELEASE>.g1d89b44
%else
Release: 0
%endif
kernel-debug.spec: same change
kernel-default.spec: same change
++++++ kernel-docs.spec ++++++
--- /var/tmp/diff_new_pack.YBqHCn/_old 2016-11-05 21:24:23.000000000 +0100
+++ /var/tmp/diff_new_pack.YBqHCn/_new 2016-11-05 21:24:23.000000000 +0100
@@ -35,7 +35,7 @@
Group: Documentation/Man
Version: 4.8.6
%if 0%{?is_kotd}
-Release: <RELEASE>.g7d70b08
+Release: <RELEASE>.g1d89b44
%else
Release: 0
%endif
++++++ kernel-lpae.spec ++++++
--- /var/tmp/diff_new_pack.YBqHCn/_old 2016-11-05 21:24:23.000000000 +0100
+++ /var/tmp/diff_new_pack.YBqHCn/_new 2016-11-05 21:24:23.000000000 +0100
@@ -62,7 +62,7 @@
Group: System/Kernel
Version: 4.8.6
%if 0%{?is_kotd}
-Release: <RELEASE>.g7d70b08
+Release: <RELEASE>.g1d89b44
%else
Release: 0
%endif
++++++ kernel-obs-build.spec ++++++
--- /var/tmp/diff_new_pack.YBqHCn/_old 2016-11-05 21:24:23.000000000 +0100
+++ /var/tmp/diff_new_pack.YBqHCn/_new 2016-11-05 21:24:23.000000000 +0100
@@ -53,7 +53,7 @@
Group: SLES
Version: 4.8.6
%if 0%{?is_kotd}
-Release: <RELEASE>.g7d70b08
+Release: <RELEASE>.g1d89b44
%else
Release: 0
%endif
kernel-obs-qa.spec: same change
++++++ kernel-pae.spec ++++++
--- /var/tmp/diff_new_pack.YBqHCn/_old 2016-11-05 21:24:23.000000000 +0100
+++ /var/tmp/diff_new_pack.YBqHCn/_new 2016-11-05 21:24:23.000000000 +0100
@@ -62,7 +62,7 @@
Group: System/Kernel
Version: 4.8.6
%if 0%{?is_kotd}
-Release: <RELEASE>.g7d70b08
+Release: <RELEASE>.g1d89b44
%else
Release: 0
%endif
++++++ kernel-source.spec ++++++
--- /var/tmp/diff_new_pack.YBqHCn/_old 2016-11-05 21:24:23.000000000 +0100
+++ /var/tmp/diff_new_pack.YBqHCn/_new 2016-11-05 21:24:23.000000000 +0100
@@ -32,7 +32,7 @@
Group: Development/Sources
Version: 4.8.6
%if 0%{?is_kotd}
-Release: <RELEASE>.g7d70b08
+Release: <RELEASE>.g1d89b44
%else
Release: 0
%endif
++++++ kernel-syms.spec ++++++
--- /var/tmp/diff_new_pack.YBqHCn/_old 2016-11-05 21:24:23.000000000 +0100
+++ /var/tmp/diff_new_pack.YBqHCn/_new 2016-11-05 21:24:23.000000000 +0100
@@ -27,7 +27,7 @@
Version: 4.8.6
%if %using_buildservice
%if 0%{?is_kotd}
-Release: <RELEASE>.g7d70b08
+Release: <RELEASE>.g1d89b44
%else
Release: 0
%endif
++++++ kernel-syzkaller.spec ++++++
--- /var/tmp/diff_new_pack.YBqHCn/_old 2016-11-05 21:24:23.000000000 +0100
+++ /var/tmp/diff_new_pack.YBqHCn/_new 2016-11-05 21:24:23.000000000 +0100
@@ -62,7 +62,7 @@
Group: System/Kernel
Version: 4.8.6
%if 0%{?is_kotd}
-Release: <RELEASE>.g7d70b08
+Release: <RELEASE>.g1d89b44
%else
Release: 0
%endif
kernel-vanilla.spec: same change
++++++ patches.drivers.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/patches.drivers/0001-usbhid-add-ATEN-CS962-to-list-of-quirky-devices.patch
new/patches.drivers/0001-usbhid-add-ATEN-CS962-to-list-of-quirky-devices.patch
---
old/patches.drivers/0001-usbhid-add-ATEN-CS962-to-list-of-quirky-devices.patch
1970-01-01 01:00:00.000000000 +0100
+++
new/patches.drivers/0001-usbhid-add-ATEN-CS962-to-list-of-quirky-devices.patch
2016-11-03 14:00:34.000000000 +0100
@@ -0,0 +1,44 @@
+From 0cc3b1eee3dde5162d9f05a050b0067d55e679ed Mon Sep 17 00:00:00 2001
+From: Oliver Neukum <oneu...@suse.com>
+Date: Thu, 3 Nov 2016 12:16:18 +0100
+Subject: [PATCH] usbhid: add ATEN CS962 to list of quirky devices
+References: bsc#1007615
+Patch-Mainline: Submitted (20161103 linux-...@vger.kernel.org)
+
+Like many similar devices it needs a quirk to work.
+Issuing the request gets the device into an irrecoverable state.
+
+Signed-off-by: Oliver Neukum <oneu...@suse.com>
+CC: sta...@vger.kernel.org
+---
+ drivers/hid/hid-ids.h | 1 +
+ drivers/hid/usbhid/hid-quirks.c | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h
+index 4ed9a4f..f6d1f34 100644
+--- a/drivers/hid/hid-ids.h
++++ b/drivers/hid/hid-ids.h
+@@ -176,6 +176,7 @@
+ #define USB_DEVICE_ID_ATEN_4PORTKVM 0x2205
+ #define USB_DEVICE_ID_ATEN_4PORTKVMC 0x2208
+ #define USB_DEVICE_ID_ATEN_CS682 0x2213
++#define USB_DEVICE_ID_ATEN_CS692 0x8021
+
+ #define USB_VENDOR_ID_ATMEL 0x03eb
+ #define USB_DEVICE_ID_ATMEL_MULTITOUCH 0x211c
+diff --git a/drivers/hid/usbhid/hid-quirks.c b/drivers/hid/usbhid/hid-quirks.c
+index b4b8c6a..85d5ff2 100644
+--- a/drivers/hid/usbhid/hid-quirks.c
++++ b/drivers/hid/usbhid/hid-quirks.c
+@@ -62,6 +62,7 @@ static const struct hid_blacklist {
+ { USB_VENDOR_ID_ATEN, USB_DEVICE_ID_ATEN_4PORTKVM, HID_QUIRK_NOGET },
+ { USB_VENDOR_ID_ATEN, USB_DEVICE_ID_ATEN_4PORTKVMC, HID_QUIRK_NOGET },
+ { USB_VENDOR_ID_ATEN, USB_DEVICE_ID_ATEN_CS682, HID_QUIRK_NOGET },
++ { USB_VENDOR_ID_ATEN, USB_DEVICE_ID_ATEN_CS692, HID_QUIRK_NOGET },
+ { USB_VENDOR_ID_CH, USB_DEVICE_ID_CH_FIGHTERSTICK, HID_QUIRK_NOGET },
+ { USB_VENDOR_ID_CH, USB_DEVICE_ID_CH_COMBATSTICK, HID_QUIRK_NOGET },
+ { USB_VENDOR_ID_CH, USB_DEVICE_ID_CH_FLIGHT_SIM_ECLIPSE_YOKE,
HID_QUIRK_NOGET },
+--
+2.6.2
+
++++++ patches.fixes.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/patches.fixes/0001-KEYS-Fix-short-sprintf-buffer-in-proc-keys-show-func.patch
new/patches.fixes/0001-KEYS-Fix-short-sprintf-buffer-in-proc-keys-show-func.patch
---
old/patches.fixes/0001-KEYS-Fix-short-sprintf-buffer-in-proc-keys-show-func.patch
1970-01-01 01:00:00.000000000 +0100
+++
new/patches.fixes/0001-KEYS-Fix-short-sprintf-buffer-in-proc-keys-show-func.patch
2016-11-03 09:36:24.000000000 +0100
@@ -0,0 +1,74 @@
+From 03dab869b7b239c4e013ec82aea22e181e441cfc Mon Sep 17 00:00:00 2001
+From: David Howells <dhowe...@redhat.com>
+Date: Wed, 26 Oct 2016 15:01:54 +0100
+Subject: [PATCH] KEYS: Fix short sprintf buffer in /proc/keys show function
+
+Git-commit: 03dab869b7b239c4e013ec82aea22e181e441cfc
+Patch-mainline: v4.9-rc3
+References: bsc#1004517, CVE-2016-7042
+
+This fixes CVE-2016-7042.
+
+Fix a short sprintf buffer in proc_keys_show(). If the gcc stack protector
+is turned on, this can cause a panic due to stack corruption.
+
+The problem is that xbuf[] is not big enough to hold a 64-bit timeout
+rendered as weeks:
+
+ (gdb) p 0xffffffffffffffffULL/(60*60*24*7)
+ $2 = 30500568904943
+
+That's 14 chars plus NUL, not 11 chars plus NUL.
+
+Expand the buffer to 16 chars.
+
+I think the unpatched code apparently works if the stack-protector is not
+enabled because on a 32-bit machine the buffer won't be overflowed and on a
+64-bit machine there's a 64-bit aligned pointer at one side and an int that
+isn't checked again on the other side.
+
+The panic incurred looks something like:
+
+Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in:
ffffffff81352ebe
+CPU: 0 PID: 1692 Comm: reproducer Not tainted 4.7.2-201.fc24.x86_64 #1
+Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
+ 0000000000000086 00000000fbbd2679 ffff8800a044bc00 ffffffff813d941f
+ ffffffff81a28d58 ffff8800a044bc98 ffff8800a044bc88 ffffffff811b2cb6
+ ffff880000000010 ffff8800a044bc98 ffff8800a044bc30 00000000fbbd2679
+Call Trace:
+ [<ffffffff813d941f>] dump_stack+0x63/0x84
+ [<ffffffff811b2cb6>] panic+0xde/0x22a
+ [<ffffffff81352ebe>] ? proc_keys_show+0x3ce/0x3d0
+ [<ffffffff8109f7f9>] __stack_chk_fail+0x19/0x30
+ [<ffffffff81352ebe>] proc_keys_show+0x3ce/0x3d0
+ [<ffffffff81350410>] ? key_validate+0x50/0x50
+ [<ffffffff8134db30>] ? key_default_cmp+0x20/0x20
+ [<ffffffff8126b31c>] seq_read+0x2cc/0x390
+ [<ffffffff812b6b12>] proc_reg_read+0x42/0x70
+ [<ffffffff81244fc7>] __vfs_read+0x37/0x150
+ [<ffffffff81357020>] ? security_file_permission+0xa0/0xc0
+ [<ffffffff81246156>] vfs_read+0x96/0x130
+ [<ffffffff81247635>] SyS_read+0x55/0xc0
+ [<ffffffff817eb872>] entry_SYSCALL_64_fastpath+0x1a/0xa4
+
+Reported-by: Ondrej Kozina <okoz...@redhat.com>
+Signed-off-by: David Howells <dhowe...@redhat.com>
+Tested-by: Ondrej Kozina <okoz...@redhat.com>
+cc: sta...@vger.kernel.org
+Signed-off-by: James Morris <james.l.mor...@oracle.com>
+Acked-by: Lee, Chun-Yi <j...@suse.com>
+---
+ security/keys/proc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/security/keys/proc.c
++++ b/security/keys/proc.c
+@@ -181,7 +181,7 @@ static int proc_keys_show(struct seq_fil
+ struct timespec now;
+ unsigned long timo;
+ key_ref_t key_ref, skey_ref;
+- char xbuf[12];
++ char xbuf[16];
+ int rc;
+
+ struct keyring_search_context ctx = {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/patches.fixes/net-add-recursion-limit-to-GRO.patch
new/patches.fixes/net-add-recursion-limit-to-GRO.patch
--- old/patches.fixes/net-add-recursion-limit-to-GRO.patch 2016-10-31
13:02:56.000000000 +0100
+++ new/patches.fixes/net-add-recursion-limit-to-GRO.patch 2016-11-03
09:36:24.000000000 +0100
@@ -1,7 +1,8 @@
From: Sabrina Dubroca <s...@queasysnail.net>
Date: Thu, 15 Sep 2016 10:49:30 +0200
Subject: net: add recursion limit to GRO
-Patch-mainline: Not yet, embargoed (likely v4.9-rc1)
+Patch-mainline: v4.9-rc4
+Git-commit: fcd91dd449867c6bfe56a81cabba76b829fd05cd
References: CVE-2016-7039 bsc#1001486
Currently, GRO can do unlimited recursion through the gro_receive
++++++ series.conf ++++++
--- /var/tmp/diff_new_pack.YBqHCn/_old 2016-11-05 21:24:24.000000000 +0100
+++ /var/tmp/diff_new_pack.YBqHCn/_new 2016-11-05 21:24:24.000000000 +0100
@@ -374,6 +374,7 @@
patches.drivers/Input-ALPS-handle-0-pressure-1F-events.patch
patches.drivers/Input-ALPS-allow-touchsticks-to-report-pressure.patch
patches.drivers/Input-ALPS-set-DualPoint-flag-for-74-03-28-devices.patch
+
patches.drivers/0001-usbhid-add-ATEN-CS962-to-list-of-quirky-devices.patch
##########################################################
# Sound
@@ -429,6 +430,9 @@
#
##########################################################
+ # Bug 1004517 CVE-2016-7042: kernel: Stack corruption while reading
/proc/keys
+
patches.fixes/0001-KEYS-Fix-short-sprintf-buffer-in-proc-keys-show-func.patch
+
##########################################################
# Audit
##########################################################
++++++ source-timestamp ++++++
--- /var/tmp/diff_new_pack.YBqHCn/_old 2016-11-05 21:24:24.000000000 +0100
+++ /var/tmp/diff_new_pack.YBqHCn/_new 2016-11-05 21:24:24.000000000 +0100
@@ -1,3 +1,3 @@
-2016-10-31 13:02:56 +0100
-GIT Revision: 7d70b08f854edbb0c97709bf8de6538858d68bcd
+2016-11-03 14:00:34 +0100
+GIT Revision: 1d89b442286067e71ee61ece724de522883ddc9a
GIT Branch: stable
