Hello community, here is the log from the commit of package kernel-source for openSUSE:Factory checked in at 2017-02-20 13:10:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kernel-source (Old) and /work/SRC/openSUSE:Factory/.kernel-source.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kernel-source" Changes: -------- --- /work/SRC/openSUSE:Factory/kernel-source/dtb-aarch64.changes 2017-02-18 03:17:12.444382414 +0100 +++ /work/SRC/openSUSE:Factory/.kernel-source.new/dtb-aarch64.changes 2017-02-20 13:10:30.759141290 +0100 @@ -1,0 +2,12 @@ +Sat Feb 18 18:59:27 CET 2017 - [email protected] + +- Linux 4.9.11 (CVE-2017-5897 CVE-2017-5970 CVE-2017-5986 + bnc#1012628 bsc#1023762 bsc#1024938 bsc#1025235). +- Delete patches.fixes/ip6_gre-fix-ip6gre_err-invalid-reads.patch. +- Delete + patches.fixes/ipv4-keep-skb-dst-around-in-presence-of-IP-options.patch. +- Delete + patches.fixes/sctp-avoid-BUG_ON-on-sctp_wait_for_sndbuf.patch. +- commit cf9c670 + +------------------------------------------------------------------- dtb-armv6l.changes: same change dtb-armv7l.changes: same change kernel-64kb.changes: same change kernel-debug.changes: same change kernel-default.changes: same change kernel-docs.changes: same change kernel-lpae.changes: same change kernel-obs-build.changes: same change kernel-obs-qa.changes: same change kernel-pae.changes: same change kernel-source.changes: same change kernel-syms.changes: same change kernel-syzkaller.changes: same change kernel-vanilla.changes: same change ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dtb-aarch64.spec ++++++ --- /var/tmp/diff_new_pack.yNaBEs/_old 2017-02-20 13:10:36.134384683 +0100 +++ /var/tmp/diff_new_pack.yNaBEs/_new 2017-02-20 13:10:36.138384120 +0100 @@ -16,14 +16,14 @@ # -%define patchversion 4.9.10 +%define patchversion 4.9.11 %include %_sourcedir/kernel-spec-macros Name: dtb-aarch64 -Version: 4.9.10 +Version: 4.9.11 %if 0%{?is_kotd} -Release: <RELEASE>.gffeeef5 +Release: <RELEASE>.gcf9c670 %else Release: 0 %endif dtb-armv6l.spec: same change dtb-armv7l.spec: same change ++++++ kernel-64kb.spec ++++++ --- /var/tmp/diff_new_pack.yNaBEs/_old 2017-02-20 13:10:36.242369484 +0100 +++ /var/tmp/diff_new_pack.yNaBEs/_new 2017-02-20 13:10:36.246368920 +0100 @@ -18,7 +18,7 @@ %define srcversion 4.9 -%define patchversion 4.9.10 +%define patchversion 4.9.11 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel with 64kb PAGE_SIZE License: GPL-2.0 Group: System/Kernel -Version: 4.9.10 +Version: 4.9.11 %if 0%{?is_kotd} -Release: <RELEASE>.gffeeef5 +Release: <RELEASE>.gcf9c670 %else Release: 0 %endif kernel-debug.spec: same change kernel-default.spec: same change ++++++ kernel-docs.spec ++++++ --- /var/tmp/diff_new_pack.yNaBEs/_old 2017-02-20 13:10:36.366352032 +0100 +++ /var/tmp/diff_new_pack.yNaBEs/_new 2017-02-20 13:10:36.366352032 +0100 @@ -16,7 +16,7 @@ # -%define patchversion 4.9.10 +%define patchversion 4.9.11 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -33,9 +33,9 @@ Summary: Kernel Documentation (man pages) License: GPL-2.0 Group: Documentation/Man -Version: 4.9.10 +Version: 4.9.11 %if 0%{?is_kotd} -Release: <RELEASE>.gffeeef5 +Release: <RELEASE>.gcf9c670 %else Release: 0 %endif ++++++ kernel-lpae.spec ++++++ --- /var/tmp/diff_new_pack.yNaBEs/_old 2017-02-20 13:10:36.394348092 +0100 +++ /var/tmp/diff_new_pack.yNaBEs/_new 2017-02-20 13:10:36.394348092 +0100 @@ -18,7 +18,7 @@ %define srcversion 4.9 -%define patchversion 4.9.10 +%define patchversion 4.9.11 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel for LPAE enabled systems License: GPL-2.0 Group: System/Kernel -Version: 4.9.10 +Version: 4.9.11 %if 0%{?is_kotd} -Release: <RELEASE>.gffeeef5 +Release: <RELEASE>.gcf9c670 %else Release: 0 %endif ++++++ kernel-obs-build.spec ++++++ --- /var/tmp/diff_new_pack.yNaBEs/_old 2017-02-20 13:10:36.426343588 +0100 +++ /var/tmp/diff_new_pack.yNaBEs/_new 2017-02-20 13:10:36.426343588 +0100 @@ -19,7 +19,7 @@ #!BuildIgnore: post-build-checks -%define patchversion 4.9.10 +%define patchversion 4.9.11 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -51,9 +51,9 @@ Summary: package kernel and initrd for OBS VM builds License: GPL-2.0 Group: SLES -Version: 4.9.10 +Version: 4.9.11 %if 0%{?is_kotd} -Release: <RELEASE>.gffeeef5 +Release: <RELEASE>.gcf9c670 %else Release: 0 %endif ++++++ kernel-obs-qa.spec ++++++ --- /var/tmp/diff_new_pack.yNaBEs/_old 2017-02-20 13:10:36.450340210 +0100 +++ /var/tmp/diff_new_pack.yNaBEs/_new 2017-02-20 13:10:36.454339647 +0100 @@ -17,7 +17,7 @@ # needsrootforbuild -%define patchversion 4.9.10 +%define patchversion 4.9.11 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -36,9 +36,9 @@ Summary: Basic QA tests for the kernel License: GPL-2.0 Group: SLES -Version: 4.9.10 +Version: 4.9.11 %if 0%{?is_kotd} -Release: <RELEASE>.gffeeef5 +Release: <RELEASE>.gcf9c670 %else Release: 0 %endif ++++++ kernel-pae.spec ++++++ --- /var/tmp/diff_new_pack.yNaBEs/_old 2017-02-20 13:10:36.482335707 +0100 +++ /var/tmp/diff_new_pack.yNaBEs/_new 2017-02-20 13:10:36.490334580 +0100 @@ -18,7 +18,7 @@ %define srcversion 4.9 -%define patchversion 4.9.10 +%define patchversion 4.9.11 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel with PAE Support License: GPL-2.0 Group: System/Kernel -Version: 4.9.10 +Version: 4.9.11 %if 0%{?is_kotd} -Release: <RELEASE>.gffeeef5 +Release: <RELEASE>.gcf9c670 %else Release: 0 %endif ++++++ kernel-source.spec ++++++ --- /var/tmp/diff_new_pack.yNaBEs/_old 2017-02-20 13:10:36.518330640 +0100 +++ /var/tmp/diff_new_pack.yNaBEs/_new 2017-02-20 13:10:36.522330077 +0100 @@ -18,7 +18,7 @@ %define srcversion 4.9 -%define patchversion 4.9.10 +%define patchversion 4.9.11 %define variant %{nil} %define vanilla_only 0 @@ -30,9 +30,9 @@ Summary: The Linux Kernel Sources License: GPL-2.0 Group: Development/Sources -Version: 4.9.10 +Version: 4.9.11 %if 0%{?is_kotd} -Release: <RELEASE>.gffeeef5 +Release: <RELEASE>.gcf9c670 %else Release: 0 %endif ++++++ kernel-syms.spec ++++++ --- /var/tmp/diff_new_pack.yNaBEs/_old 2017-02-20 13:10:36.550326136 +0100 +++ /var/tmp/diff_new_pack.yNaBEs/_new 2017-02-20 13:10:36.550326136 +0100 @@ -24,10 +24,10 @@ Summary: Kernel Symbol Versions (modversions) License: GPL-2.0 Group: Development/Sources -Version: 4.9.10 +Version: 4.9.11 %if %using_buildservice %if 0%{?is_kotd} -Release: <RELEASE>.gffeeef5 +Release: <RELEASE>.gcf9c670 %else Release: 0 %endif ++++++ kernel-syzkaller.spec ++++++ --- /var/tmp/diff_new_pack.yNaBEs/_old 2017-02-20 13:10:36.586321070 +0100 +++ /var/tmp/diff_new_pack.yNaBEs/_new 2017-02-20 13:10:36.590320507 +0100 @@ -18,7 +18,7 @@ %define srcversion 4.9 -%define patchversion 4.9.10 +%define patchversion 4.9.11 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel used for fuzzing by syzkaller License: GPL-2.0 Group: System/Kernel -Version: 4.9.10 +Version: 4.9.11 %if 0%{?is_kotd} -Release: <RELEASE>.gffeeef5 +Release: <RELEASE>.gcf9c670 %else Release: 0 %endif kernel-vanilla.spec: same change ++++++ patches.fixes.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/ip6_gre-fix-ip6gre_err-invalid-reads.patch new/patches.fixes/ip6_gre-fix-ip6gre_err-invalid-reads.patch --- old/patches.fixes/ip6_gre-fix-ip6gre_err-invalid-reads.patch 2017-02-16 09:36:29.000000000 +0100 +++ new/patches.fixes/ip6_gre-fix-ip6gre_err-invalid-reads.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,95 +0,0 @@ -From: Eric Dumazet <[email protected]> -Date: Sat, 4 Feb 2017 23:18:55 -0800 -Subject: ip6_gre: fix ip6gre_err() invalid reads -Patch-mainline: v4.10 -Git-commit: 7892032cfe67f4bde6fc2ee967e45a8fbaf33756 -References: CVE-2017-5897 bsc#1023762 - -Andrey Konovalov reported out of bound accesses in ip6gre_err() - -If GRE flags contains GRE_KEY, the following expression -*(((__be32 *)p) + (grehlen / 4) - 1) - -accesses data ~40 bytes after the expected point, since -grehlen includes the size of IPv6 headers. - -Let's use a "struct gre_base_hdr *greh" pointer to make this -code more readable. - -p[1] becomes greh->protocol. -grhlen is the GRE header length. - -Fixes: c12b395a4664 ("gre: Support GRE over IPv6") -Signed-off-by: Eric Dumazet <[email protected]> -Reported-by: Andrey Konovalov <[email protected]> -Signed-off-by: David S. Miller <[email protected]> -Acked-by: Michal Kubecek <[email protected]> - ---- - net/ipv6/ip6_gre.c | 40 +++++++++++++++++++++------------------- - 1 file changed, 21 insertions(+), 19 deletions(-) - -diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c -index d7d6d3ae0b3b..0a5922055da2 100644 ---- a/net/ipv6/ip6_gre.c -+++ b/net/ipv6/ip6_gre.c -@@ -367,35 +367,37 @@ static void ip6gre_tunnel_uninit(struct net_device *dev) - - - static void ip6gre_err(struct sk_buff *skb, struct inet6_skb_parm *opt, -- u8 type, u8 code, int offset, __be32 info) -+ u8 type, u8 code, int offset, __be32 info) - { -- const struct ipv6hdr *ipv6h = (const struct ipv6hdr *)skb->data; -- __be16 *p = (__be16 *)(skb->data + offset); -- int grehlen = offset + 4; -+ const struct gre_base_hdr *greh; -+ const struct ipv6hdr *ipv6h; -+ int grehlen = sizeof(*greh); - struct ip6_tnl *t; -+ int key_off = 0; - __be16 flags; -+ __be32 key; - -- flags = p[0]; -- if (flags&(GRE_CSUM|GRE_KEY|GRE_SEQ|GRE_ROUTING|GRE_VERSION)) { -- if (flags&(GRE_VERSION|GRE_ROUTING)) -- return; -- if (flags&GRE_KEY) { -- grehlen += 4; -- if (flags&GRE_CSUM) -- grehlen += 4; -- } -+ if (!pskb_may_pull(skb, offset + grehlen)) -+ return; -+ greh = (const struct gre_base_hdr *)(skb->data + offset); -+ flags = greh->flags; -+ if (flags & (GRE_VERSION | GRE_ROUTING)) -+ return; -+ if (flags & GRE_CSUM) -+ grehlen += 4; -+ if (flags & GRE_KEY) { -+ key_off = grehlen + offset; -+ grehlen += 4; - } - -- /* If only 8 bytes returned, keyed message will be dropped here */ -- if (!pskb_may_pull(skb, grehlen)) -+ if (!pskb_may_pull(skb, offset + grehlen)) - return; - ipv6h = (const struct ipv6hdr *)skb->data; -- p = (__be16 *)(skb->data + offset); -+ greh = (const struct gre_base_hdr *)(skb->data + offset); -+ key = key_off ? *(__be32 *)(skb->data + key_off) : 0; - - t = ip6gre_tunnel_lookup(skb->dev, &ipv6h->daddr, &ipv6h->saddr, -- flags & GRE_KEY ? -- *(((__be32 *)p) + (grehlen / 4) - 1) : 0, -- p[1]); -+ key, greh->protocol); - if (!t) - return; - --- -2.11.1 - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/ipv4-keep-skb-dst-around-in-presence-of-IP-options.patch new/patches.fixes/ipv4-keep-skb-dst-around-in-presence-of-IP-options.patch --- old/patches.fixes/ipv4-keep-skb-dst-around-in-presence-of-IP-options.patch 2017-02-16 09:36:29.000000000 +0100 +++ new/patches.fixes/ipv4-keep-skb-dst-around-in-presence-of-IP-options.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,51 +0,0 @@ -From: Eric Dumazet <[email protected]> -Date: Sat, 4 Feb 2017 11:16:52 -0800 -Subject: ipv4: keep skb->dst around in presence of IP options -Patch-mainline: v4.10-rc8 -Git-commit: 34b2cef20f19c87999fff3da4071e66937db9644 -References: CVE-2017-5970 bsc#1024938 - -Andrey Konovalov got crashes in __ip_options_echo() when a NULL skb->dst -is accessed. - -ipv4_pktinfo_prepare() should not drop the dst if (evil) IP options -are present. - -We could refine the test to the presence of ts_needtime or srr, -but IP options are not often used, so let's be conservative. - -Thanks to syzkaller team for finding this bug. - -Fixes: d826eb14ecef ("ipv4: PKTINFO doesnt need dst reference") -Signed-off-by: Eric Dumazet <[email protected]> -Reported-by: Andrey Konovalov <[email protected]> -Signed-off-by: David S. Miller <[email protected]> -Acked-by: Michal Kubecek <[email protected]> - ---- - net/ipv4/ip_sockglue.c | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c -index f226f4086e05..65336f38a5d8 100644 ---- a/net/ipv4/ip_sockglue.c -+++ b/net/ipv4/ip_sockglue.c -@@ -1215,7 +1215,14 @@ void ipv4_pktinfo_prepare(const struct sock *sk, struct sk_buff *skb) - pktinfo->ipi_ifindex = 0; - pktinfo->ipi_spec_dst.s_addr = 0; - } -- skb_dst_drop(skb); -+ /* We need to keep the dst for __ip_options_echo() -+ * We could restrict the test to opt.ts_needtime || opt.srr, -+ * but the following is good enough as IP options are not often used. -+ */ -+ if (unlikely(IPCB(skb)->opt.optlen)) -+ skb_dst_force(skb); -+ else -+ skb_dst_drop(skb); - } - - int ip_setsockopt(struct sock *sk, int level, --- -2.11.1 - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.fixes/sctp-avoid-BUG_ON-on-sctp_wait_for_sndbuf.patch new/patches.fixes/sctp-avoid-BUG_ON-on-sctp_wait_for_sndbuf.patch --- old/patches.fixes/sctp-avoid-BUG_ON-on-sctp_wait_for_sndbuf.patch 2017-02-16 09:36:29.000000000 +0100 +++ new/patches.fixes/sctp-avoid-BUG_ON-on-sctp_wait_for_sndbuf.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,43 +0,0 @@ -From: Marcelo Ricardo Leitner <[email protected]> -Date: Mon, 6 Feb 2017 18:10:31 -0200 -Subject: sctp: avoid BUG_ON on sctp_wait_for_sndbuf -Patch-mainline: v4.10-rc8 -Git-commit: 2dcab598484185dea7ec22219c76dcdd59e3cb90 -References: CVE-2017-5986 bsc#1025235 - -Alexander Popov reported that an application may trigger a BUG_ON in -sctp_wait_for_sndbuf if the socket tx buffer is full, a thread is -waiting on it to queue more data and meanwhile another thread peels off -the association being used by the first thread. - -This patch replaces the BUG_ON call with a proper error handling. It -will return -EPIPE to the original sendmsg call, similarly to what would -have been done if the association wasn't found in the first place. - -Acked-by: Alexander Popov <[email protected]> -Signed-off-by: Marcelo Ricardo Leitner <[email protected]> -Reviewed-by: Xin Long <[email protected]> -Signed-off-by: David S. Miller <[email protected]> -Acked-by: Michal Kubecek <[email protected]> - ---- - net/sctp/socket.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/net/sctp/socket.c b/net/sctp/socket.c -index ca12aa346c0d..6cbe5bdf2b15 100644 ---- a/net/sctp/socket.c -+++ b/net/sctp/socket.c -@@ -7427,7 +7427,8 @@ static int sctp_wait_for_sndbuf(struct sctp_association *asoc, long *timeo_p, - */ - release_sock(sk); - current_timeo = schedule_timeout(current_timeo); -- BUG_ON(sk != asoc->base.sk); -+ if (sk != asoc->base.sk) -+ goto do_error; - lock_sock(sk); - - *timeo_p = current_timeo; --- -2.11.1 - ++++++ patches.kernel.org.tar.bz2 ++++++ ++++ 1938 lines of diff (skipped) ++++++ series.conf ++++++ --- /var/tmp/diff_new_pack.yNaBEs/_old 2017-02-20 13:10:38.206093074 +0100 +++ /var/tmp/diff_new_pack.yNaBEs/_new 2017-02-20 13:10:38.206093074 +0100 @@ -37,6 +37,7 @@ patches.kernel.org/patch-4.9.7-8 patches.kernel.org/patch-4.9.8-9 patches.kernel.org/patch-4.9.9-10 + patches.kernel.org/patch-4.9.10-11 ######################################################## # Build fixes that apply to the vanilla kernel too. @@ -218,9 +219,6 @@ ######################################################## # Networking, IPv6 ######################################################## - patches.fixes/ip6_gre-fix-ip6gre_err-invalid-reads.patch - patches.fixes/ipv4-keep-skb-dst-around-in-presence-of-IP-options.patch - patches.fixes/sctp-avoid-BUG_ON-on-sctp_wait_for_sndbuf.patch ######################################################## # Netfilter ++++++ source-timestamp ++++++ --- /var/tmp/diff_new_pack.yNaBEs/_old 2017-02-20 13:10:38.270084067 +0100 +++ /var/tmp/diff_new_pack.yNaBEs/_new 2017-02-20 13:10:38.274083503 +0100 @@ -1,3 +1,3 @@ -2017-02-16 09:36:29 +0100 -GIT Revision: ffeeef592fefd9695f1869aefc0ac470de923bc7 +2017-02-18 18:59:27 +0100 +GIT Revision: cf9c6703e2b91aab27b2bb654ea57b05ede902de GIT Branch: stable
