Hello community, here is the log from the commit of package kernel-source for openSUSE:Factory checked in at 2017-11-18 00:18:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kernel-source (Old) and /work/SRC/openSUSE:Factory/.kernel-source.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kernel-source" Sat Nov 18 00:18:54 2017 rev:389 rq:541615 version:4.14.0 Changes: -------- --- /work/SRC/openSUSE:Factory/kernel-source/dtb-aarch64.changes 2017-11-12 17:51:13.193135095 +0100 +++ /work/SRC/openSUSE:Factory/.kernel-source.new/dtb-aarch64.changes 2017-11-18 00:19:00.300113780 +0100 @@ -1,0 +2,12 @@ +Mon Nov 13 15:53:06 CET 2017 - [email protected] + +- Update to 4.14-final. +- commit c152297 + +------------------------------------------------------------------- +Thu Nov 9 15:52:36 CET 2017 - [email protected] + +- rpm/kernel-binary.spec.in: rename kGraft to KLP (fate#323682) +- commit 0ed191d + +------------------------------------------------------------------- @@ -6 +18 @@ -- commit 9151c66 +- commit c6cd519 @@ -85,0 +98,6 @@ +Mon Nov 6 16:06:51 CET 2017 - [email protected] + +- Update to 4.14-rc8. +- commit 0fbdeee + +------------------------------------------------------------------- @@ -92 +110,21 @@ -- commit c9a1bf3 +- media: imon: Fix null-ptr-deref in imon_probe (CVE-2017-16537 + bsc#1066573). +- [media] cx231xx-cards: fix NULL-deref on missing association + descriptor (CVE-2017-16536 bsc#1066606). +- commit 0cd38c2 + +------------------------------------------------------------------- +Mon Nov 6 11:59:19 CET 2017 - [email protected] + +- rpm/kernel-binary.spec.in: add explicit dependency of kernel-*-devel on + libelf-devel. + Otherwise warning that got turned into error by upstream 3dd40cb3 ("objtool: + Upgrade libelf-devel warning to error...") would trigger and cause any + packages being built against kernel-*-devel (such as KMPs, crash) not to have + the libelf dependency included, and fail to build. +- rpm/kernel-binary.spec.in: add explicit dependency of kernel-*-devel on + libelf-devel. Otherwise warning that got turned into error by e683952999 + ("objtool: Upgrade libelf-devel warning to error...") would trigger and + cause any packages being built against kernel-*-devel (such as KMPs, + crash) not to have the libelf dependency included, and fail to build. +- commit f6c0f80 @@ -181 +219 @@ -- commit 9d89d99 +- commit 9382440 @@ -206,0 +245,6 @@ +Mon Oct 30 04:20:05 CET 2017 - [email protected] + +- Update to 4.14-rc7. +- commit dbf3e9b + +------------------------------------------------------------------- @@ -230 +274,7 @@ -- commit 0d29474 +- commit a6d946f + +------------------------------------------------------------------- +Thu Oct 26 03:52:04 CEST 2017 - [email protected] + +- VFS: expedite unmount (bsc#1024412). +- commit 10c4365 @@ -384,0 +435,7 @@ +Mon Oct 23 14:34:12 CEST 2017 - [email protected] + +- Update to 4.14-rc6. +- Eliminated 2 patches. +- commit 8b364ca + +------------------------------------------------------------------- @@ -416 +473 @@ -- commit 7aed50c +- commit 19d19fc @@ -524,0 +582,6 @@ +Mon Oct 16 18:06:20 CEST 2017 - [email protected] + +- Update to 4.14-rc5. +- commit 39eecab + +------------------------------------------------------------------- @@ -853,0 +917,6 @@ +Mon Oct 9 13:32:45 CEST 2017 - [email protected] + +- Update to 4.14-rc4. +- commit 879f297 + +------------------------------------------------------------------- @@ -867,0 +937,23 @@ +Fri Oct 6 11:15:55 CEST 2017 - [email protected] + +- Delete + patches.suse/ftrace-x86-xen-use-kernel-identity-mapping-only-when.patch. + The change is not longer needed with PVOPS Xen (bsc#873195). +- commit 8366b6a + +------------------------------------------------------------------- +Thu Oct 5 21:17:53 CEST 2017 - [email protected] + +- Delete patches.rpmify/cloneconfig.diff. +- commit 437d08e + +------------------------------------------------------------------- +Thu Oct 5 21:07:02 CEST 2017 - [email protected] + +- Only use patches.suse for patches. + This eliminates patches.arch, patches.drivers, and patches.fixes, and moves + the patches contained in them to patches.suse. + Also update feedback for Patch-mainline tags. +- commit 343996e + +------------------------------------------------------------------- @@ -1053 +1145,8 @@ -- commit 6f1deed +- commit a6a03ea + +------------------------------------------------------------------- +Wed Oct 4 14:14:49 CEST 2017 - [email protected] + +- Delete patches.suse/suse-hv-storvsc-sg_tablesize.patch. + Per Olaf Hering, this is no longer needed. +- commit 83b19a6 @@ -1076,0 +1176,98 @@ +Wed Oct 4 08:45:21 CEST 2017 - [email protected] + +- Delete patches.fixes/sd_liberal_28_sense_invalid.diff. +- Delete patches.suse/dm-emulate-blkrrpart-ioctl. +- Delete patches.suse/scsi-netlink-ml. +- commit b8f0083 + +------------------------------------------------------------------- +Wed Oct 4 02:38:01 CEST 2017 - [email protected] + +- Delete patches.arch/arm-OMAP-Fix-missing-usb.h-include.patch. + (no longer needed) +- Delete patches.arch/arm-arndale-usb.patch. (no longer needed) +- Delete + patches.arch/arm64-0006-arm64-Select-reboot-driver-for-X-Gene-platform.patch. + (not needed, our config already includes the driver) +- Delete patches.arch/ppc64le-build-vmlinux.patch. (no longer needed) +- commit 2b9d327 + +------------------------------------------------------------------- +Tue Oct 3 23:01:53 CEST 2017 - [email protected] + +- Disable patches.suse/binutils2_26.patch for testing. + The issue addressed by this patch should be handled via upstream + commit 6d92bc9d483 (x86/build: Build compressed x86 kernels as PIE). +- commit f27997b + +------------------------------------------------------------------- +Tue Oct 3 22:37:09 CEST 2017 - [email protected] + +- Delete + patches.fixes/0001-Revert-SUNRPC-xs_sock_mark_closed-does-not-need-to-t.patch. + Not needed, bug was fixed some other way since that patch + was created. +- commit d55ee70 + +------------------------------------------------------------------- +Tue Oct 3 17:04:49 CEST 2017 - [email protected] + +- Delete patches.suse/connector-read-mostly. +- commit 8ae100a + +------------------------------------------------------------------- +Tue Oct 3 15:21:36 CEST 2017 - [email protected] + +- series.conf: remove commented out lines for removed patches +- commit 7ea9bcc + +------------------------------------------------------------------- +Tue Oct 3 14:44:32 CEST 2017 - [email protected] + +- Delete patches.arch/arm-refresh-mach-types.diff. + It was marked for refresh in 12/2016 and hasn't been updated. +- commit 8e357d7 + +------------------------------------------------------------------- +Mon Oct 2 18:28:19 CEST 2017 - [email protected] + +- Remove s390 message catalog patches. +- Delete patches.arch/kmsg-fix-parameter-limitations. +- Delete patches.arch/s390-message-catalog.diff. +- commit 865e88d + +------------------------------------------------------------------- +Mon Oct 2 17:02:41 CEST 2017 - [email protected] + +- Refresh patches.suse/dm-mpath-accept-failed-paths. +- commit 04a0a7a + +------------------------------------------------------------------- +Mon Oct 2 16:48:12 CEST 2017 - [email protected] + +- Moved powerpc-Blacklist-GCC-5.4-6.1-and-6.2.patch to patches.rpmify. ++++ 234 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/kernel-source/dtb-aarch64.changes ++++ and /work/SRC/openSUSE:Factory/.kernel-source.new/dtb-aarch64.changes dtb-armv6l.changes: same change dtb-armv7l.changes: same change kernel-64kb.changes: same change kernel-debug.changes: same change kernel-default.changes: same change kernel-docs.changes: same change kernel-lpae.changes: same change kernel-obs-build.changes: same change kernel-obs-qa.changes: same change kernel-pae.changes: same change kernel-source.changes: same change kernel-syms.changes: same change kernel-syzkaller.changes: same change kernel-vanilla.changes: same change kernel-zfcpdump.changes: same change Old: ---- linux-4.13.tar.xz New: ---- linux-4.14.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dtb-aarch64.spec ++++++ --- /var/tmp/diff_new_pack.gnvjtb/_old 2017-11-18 00:19:19.703407330 +0100 +++ /var/tmp/diff_new_pack.gnvjtb/_new 2017-11-18 00:19:19.707407185 +0100 @@ -16,8 +16,8 @@ # -%define srcversion 4.13 -%define patchversion 4.13.12 +%define srcversion 4.14 +%define patchversion 4.14.0 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -29,9 +29,9 @@ %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb}) Name: dtb-aarch64 -Version: 4.13.12 +Version: 4.14.0 %if 0%{?is_kotd} -Release: <RELEASE>.g9151c66 +Release: <RELEASE>.gab9e909 %else Release: 0 %endif dtb-armv6l.spec: same change dtb-armv7l.spec: same change ++++++ kernel-64kb.spec ++++++ --- /var/tmp/diff_new_pack.gnvjtb/_old 2017-11-18 00:19:19.771404855 +0100 +++ /var/tmp/diff_new_pack.gnvjtb/_new 2017-11-18 00:19:19.771404855 +0100 @@ -17,8 +17,8 @@ # needssslcertforbuild -%define srcversion 4.13 -%define patchversion 4.13.12 +%define srcversion 4.14 +%define patchversion 4.14.0 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel with 64kb PAGE_SIZE License: GPL-2.0 Group: System/Kernel -Version: 4.13.12 +Version: 4.14.0 %if 0%{?is_kotd} -Release: <RELEASE>.g9151c66 +Release: <RELEASE>.gab9e909 %else Release: 0 %endif @@ -1117,6 +1117,8 @@ Recommends: make Recommends: gcc Recommends: perl +# for objtool +Requires: libelf-devel Supplements: packageand(%name:kernel-devel%variant) %else Requires: kernel-source-vanilla = %version-%source_rel @@ -1152,18 +1154,22 @@ %endif %if %CONFIG_SUSE_KERNEL_SUPPORTED == "y" -%package kgraft -Summary: Metapackage to pull in matching kgraft-patch package +%package livepatch +Summary: Metapackage to pull in matching kernel-livepatch package Group: System/Kernel -Requires: kgraft-patch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor +Requires: kernel-livepatch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor Provides: multiversion(kernel) +Provides: kernel-default-kgraft +Provides: kernel-xen-kgraft +Obsoletes: kernel-default-kgraft < 4.12 +Obsoletes: kernel-xen-kgraft < 4.12 -%description kgraft -This is a metapackage that pulls in the matching kgraft-patch package for a +%description livepatch +This is a metapackage that pulls in the matching kernel-livepatch package for a given kernel version. The advantage of the metapackage is that its name is -static, unlike the kgraft-patch-<kernel-version>-flavor package names. +static, unlike the kernel-livepatch-<kernel-version>-flavor package names. -%files kgraft +%files livepatch # rpmlint complains about empty packages, so lets own something %defattr(-, root, root) %dir /lib/modules/%kernelrelease-%build_flavor kernel-debug.spec: same change ++++++ kernel-default.spec ++++++ --- /var/tmp/diff_new_pack.gnvjtb/_old 2017-11-18 00:19:19.811403398 +0100 +++ /var/tmp/diff_new_pack.gnvjtb/_new 2017-11-18 00:19:19.815403253 +0100 @@ -17,8 +17,8 @@ # needssslcertforbuild -%define srcversion 4.13 -%define patchversion 4.13.12 +%define srcversion 4.14 +%define patchversion 4.14.0 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: The Standard Kernel License: GPL-2.0 Group: System/Kernel -Version: 4.13.12 +Version: 4.14.0 %if 0%{?is_kotd} -Release: <RELEASE>.g9151c66 +Release: <RELEASE>.gab9e909 %else Release: 0 %endif @@ -1232,6 +1232,8 @@ Recommends: make Recommends: gcc Recommends: perl +# for objtool +Requires: libelf-devel Supplements: packageand(%name:kernel-devel%variant) %else Requires: kernel-source-vanilla = %version-%source_rel @@ -1291,18 +1293,22 @@ %endif %if %CONFIG_SUSE_KERNEL_SUPPORTED == "y" -%package kgraft -Summary: Metapackage to pull in matching kgraft-patch package +%package livepatch +Summary: Metapackage to pull in matching kernel-livepatch package Group: System/Kernel -Requires: kgraft-patch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor +Requires: kernel-livepatch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor Provides: multiversion(kernel) +Provides: kernel-default-kgraft +Provides: kernel-xen-kgraft +Obsoletes: kernel-default-kgraft < 4.12 +Obsoletes: kernel-xen-kgraft < 4.12 -%description kgraft -This is a metapackage that pulls in the matching kgraft-patch package for a +%description livepatch +This is a metapackage that pulls in the matching kernel-livepatch package for a given kernel version. The advantage of the metapackage is that its name is -static, unlike the kgraft-patch-<kernel-version>-flavor package names. +static, unlike the kernel-livepatch-<kernel-version>-flavor package names. -%files kgraft +%files livepatch # rpmlint complains about empty packages, so lets own something %defattr(-, root, root) %dir /lib/modules/%kernelrelease-%build_flavor ++++++ kernel-docs.spec ++++++ --- /var/tmp/diff_new_pack.gnvjtb/_old 2017-11-18 00:19:19.835402525 +0100 +++ /var/tmp/diff_new_pack.gnvjtb/_new 2017-11-18 00:19:19.835402525 +0100 @@ -16,8 +16,8 @@ # -%define srcversion 4.13 -%define patchversion 4.13.12 +%define srcversion 4.14 +%define patchversion 4.14.0 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -31,9 +31,9 @@ Summary: Kernel Documentation License: GPL-2.0 Group: Documentation/Man -Version: 4.13.12 +Version: 4.14.0 %if 0%{?is_kotd} -Release: <RELEASE>.g9151c66 +Release: <RELEASE>.gab9e909 %else Release: 0 %endif ++++++ kernel-lpae.spec ++++++ --- /var/tmp/diff_new_pack.gnvjtb/_old 2017-11-18 00:19:19.851401942 +0100 +++ /var/tmp/diff_new_pack.gnvjtb/_new 2017-11-18 00:19:19.855401797 +0100 @@ -17,8 +17,8 @@ # needssslcertforbuild -%define srcversion 4.13 -%define patchversion 4.13.12 +%define srcversion 4.14 +%define patchversion 4.14.0 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel for LPAE enabled systems License: GPL-2.0 Group: System/Kernel -Version: 4.13.12 +Version: 4.14.0 %if 0%{?is_kotd} -Release: <RELEASE>.g9151c66 +Release: <RELEASE>.gab9e909 %else Release: 0 %endif @@ -1111,6 +1111,8 @@ Recommends: make Recommends: gcc Recommends: perl +# for objtool +Requires: libelf-devel Supplements: packageand(%name:kernel-devel%variant) %else Requires: kernel-source-vanilla = %version-%source_rel @@ -1146,18 +1148,22 @@ %endif %if %CONFIG_SUSE_KERNEL_SUPPORTED == "y" -%package kgraft -Summary: Metapackage to pull in matching kgraft-patch package +%package livepatch +Summary: Metapackage to pull in matching kernel-livepatch package Group: System/Kernel -Requires: kgraft-patch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor +Requires: kernel-livepatch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor Provides: multiversion(kernel) +Provides: kernel-default-kgraft +Provides: kernel-xen-kgraft +Obsoletes: kernel-default-kgraft < 4.12 +Obsoletes: kernel-xen-kgraft < 4.12 -%description kgraft -This is a metapackage that pulls in the matching kgraft-patch package for a +%description livepatch +This is a metapackage that pulls in the matching kernel-livepatch package for a given kernel version. The advantage of the metapackage is that its name is -static, unlike the kgraft-patch-<kernel-version>-flavor package names. +static, unlike the kernel-livepatch-<kernel-version>-flavor package names. -%files kgraft +%files livepatch # rpmlint complains about empty packages, so lets own something %defattr(-, root, root) %dir /lib/modules/%kernelrelease-%build_flavor ++++++ kernel-obs-build.spec ++++++ --- /var/tmp/diff_new_pack.gnvjtb/_old 2017-11-18 00:19:19.871401214 +0100 +++ /var/tmp/diff_new_pack.gnvjtb/_new 2017-11-18 00:19:19.875401069 +0100 @@ -19,7 +19,7 @@ #!BuildIgnore: post-build-checks -%define patchversion 4.13.12 +%define patchversion 4.14.0 %define variant %{nil} %define vanilla_only 0 @@ -57,9 +57,9 @@ Summary: package kernel and initrd for OBS VM builds License: GPL-2.0 Group: SLES -Version: 4.13.12 +Version: 4.14.0 %if 0%{?is_kotd} -Release: <RELEASE>.g9151c66 +Release: <RELEASE>.gab9e909 %else Release: 0 %endif ++++++ kernel-obs-qa.spec ++++++ --- /var/tmp/diff_new_pack.gnvjtb/_old 2017-11-18 00:19:19.895400341 +0100 +++ /var/tmp/diff_new_pack.gnvjtb/_new 2017-11-18 00:19:19.895400341 +0100 @@ -17,7 +17,7 @@ # needsrootforbuild -%define patchversion 4.13.12 +%define patchversion 4.14.0 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -36,9 +36,9 @@ Summary: Basic QA tests for the kernel License: GPL-2.0 Group: SLES -Version: 4.13.12 +Version: 4.14.0 %if 0%{?is_kotd} -Release: <RELEASE>.g9151c66 +Release: <RELEASE>.gab9e909 %else Release: 0 %endif ++++++ kernel-pae.spec ++++++ --- /var/tmp/diff_new_pack.gnvjtb/_old 2017-11-18 00:19:19.915399613 +0100 +++ /var/tmp/diff_new_pack.gnvjtb/_new 2017-11-18 00:19:19.919399466 +0100 @@ -17,8 +17,8 @@ # needssslcertforbuild -%define srcversion 4.13 -%define patchversion 4.13.12 +%define srcversion 4.14 +%define patchversion 4.14.0 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel with PAE Support License: GPL-2.0 Group: System/Kernel -Version: 4.13.12 +Version: 4.14.0 %if 0%{?is_kotd} -Release: <RELEASE>.g9151c66 +Release: <RELEASE>.gab9e909 %else Release: 0 %endif @@ -1181,6 +1181,8 @@ Recommends: make Recommends: gcc Recommends: perl +# for objtool +Requires: libelf-devel Supplements: packageand(%name:kernel-devel%variant) %else Requires: kernel-source-vanilla = %version-%source_rel @@ -1226,18 +1228,22 @@ %endif %if %CONFIG_SUSE_KERNEL_SUPPORTED == "y" -%package kgraft -Summary: Metapackage to pull in matching kgraft-patch package +%package livepatch +Summary: Metapackage to pull in matching kernel-livepatch package Group: System/Kernel -Requires: kgraft-patch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor +Requires: kernel-livepatch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor Provides: multiversion(kernel) +Provides: kernel-default-kgraft +Provides: kernel-xen-kgraft +Obsoletes: kernel-default-kgraft < 4.12 +Obsoletes: kernel-xen-kgraft < 4.12 -%description kgraft -This is a metapackage that pulls in the matching kgraft-patch package for a +%description livepatch +This is a metapackage that pulls in the matching kernel-livepatch package for a given kernel version. The advantage of the metapackage is that its name is -static, unlike the kgraft-patch-<kernel-version>-flavor package names. +static, unlike the kernel-livepatch-<kernel-version>-flavor package names. -%files kgraft +%files livepatch # rpmlint complains about empty packages, so lets own something %defattr(-, root, root) %dir /lib/modules/%kernelrelease-%build_flavor ++++++ kernel-source.spec ++++++ --- /var/tmp/diff_new_pack.gnvjtb/_old 2017-11-18 00:19:19.935398884 +0100 +++ /var/tmp/diff_new_pack.gnvjtb/_new 2017-11-18 00:19:19.939398738 +0100 @@ -17,8 +17,8 @@ # icecream 0 -%define srcversion 4.13 -%define patchversion 4.13.12 +%define srcversion 4.14 +%define patchversion 4.14.0 %define variant %{nil} %define vanilla_only 0 @@ -30,9 +30,9 @@ Summary: The Linux Kernel Sources License: GPL-2.0 Group: Development/Sources -Version: 4.13.12 +Version: 4.14.0 %if 0%{?is_kotd} -Release: <RELEASE>.g9151c66 +Release: <RELEASE>.gab9e909 %else Release: 0 %endif ++++++ kernel-syms.spec ++++++ --- /var/tmp/diff_new_pack.gnvjtb/_old 2017-11-18 00:19:19.959398010 +0100 +++ /var/tmp/diff_new_pack.gnvjtb/_new 2017-11-18 00:19:19.959398010 +0100 @@ -24,10 +24,10 @@ Summary: Kernel Symbol Versions (modversions) License: GPL-2.0 Group: Development/Sources -Version: 4.13.12 +Version: 4.14.0 %if %using_buildservice %if 0%{?is_kotd} -Release: <RELEASE>.g9151c66 +Release: <RELEASE>.gab9e909 %else Release: 0 %endif ++++++ kernel-syzkaller.spec ++++++ --- /var/tmp/diff_new_pack.gnvjtb/_old 2017-11-18 00:19:19.975397428 +0100 +++ /var/tmp/diff_new_pack.gnvjtb/_new 2017-11-18 00:19:19.979397282 +0100 @@ -17,8 +17,8 @@ # needssslcertforbuild -%define srcversion 4.13 -%define patchversion 4.13.12 +%define srcversion 4.14 +%define patchversion 4.14.0 %define variant %{nil} %define vanilla_only 0 @@ -58,9 +58,9 @@ Summary: Kernel used for fuzzing by syzkaller License: GPL-2.0 Group: System/Kernel -Version: 4.13.12 +Version: 4.14.0 %if 0%{?is_kotd} -Release: <RELEASE>.g9151c66 +Release: <RELEASE>.gab9e909 %else Release: 0 %endif @@ -1114,6 +1114,8 @@ Recommends: make Recommends: gcc Recommends: perl +# for objtool +Requires: libelf-devel Supplements: packageand(%name:kernel-devel%variant) %else Requires: kernel-source-vanilla = %version-%source_rel @@ -1149,18 +1151,22 @@ %endif %if %CONFIG_SUSE_KERNEL_SUPPORTED == "y" -%package kgraft -Summary: Metapackage to pull in matching kgraft-patch package +%package livepatch +Summary: Metapackage to pull in matching kernel-livepatch package Group: System/Kernel -Requires: kgraft-patch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor +Requires: kernel-livepatch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor Provides: multiversion(kernel) +Provides: kernel-default-kgraft +Provides: kernel-xen-kgraft +Obsoletes: kernel-default-kgraft < 4.12 +Obsoletes: kernel-xen-kgraft < 4.12 -%description kgraft -This is a metapackage that pulls in the matching kgraft-patch package for a +%description livepatch +This is a metapackage that pulls in the matching kernel-livepatch package for a given kernel version. The advantage of the metapackage is that its name is -static, unlike the kgraft-patch-<kernel-version>-flavor package names. +static, unlike the kernel-livepatch-<kernel-version>-flavor package names. -%files kgraft +%files livepatch # rpmlint complains about empty packages, so lets own something %defattr(-, root, root) %dir /lib/modules/%kernelrelease-%build_flavor kernel-vanilla.spec: same change kernel-zfcpdump.spec: same change ++++++ config.sh ++++++ --- /var/tmp/diff_new_pack.gnvjtb/_old 2017-11-18 00:19:20.331384466 +0100 +++ /var/tmp/diff_new_pack.gnvjtb/_new 2017-11-18 00:19:20.331384466 +0100 @@ -1,5 +1,5 @@ # The version of the main tarball to use -SRCVERSION=4.13 +SRCVERSION=4.14 # variant of the kernel-source package, either empty or "-rt" VARIANT= # buildservice projects to build the kernel against ++++++ config.tar.bz2 ++++++ ++++ 7147 lines of diff (skipped) ++++++ kernel-binary.spec.in ++++++ --- /var/tmp/diff_new_pack.gnvjtb/_old 2017-11-18 00:19:20.715370486 +0100 +++ /var/tmp/diff_new_pack.gnvjtb/_new 2017-11-18 00:19:20.715370486 +0100 @@ -933,6 +933,8 @@ Recommends: make Recommends: gcc Recommends: perl +# for objtool +Requires: libelf-devel Supplements: packageand(%name:kernel-devel%variant) %else Requires: kernel-source-vanilla = %version-%source_rel @@ -969,18 +971,22 @@ %endif %if %CONFIG_SUSE_KERNEL_SUPPORTED == "y" -%package kgraft -Summary: Metapackage to pull in matching kgraft-patch package +%package livepatch +Summary: Metapackage to pull in matching kernel-livepatch package Group: System/Kernel -Requires: kgraft-patch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor +Requires: kernel-livepatch-%(echo %version-%source_rel | sed 'y/\./_/')-%build_flavor Provides: multiversion(kernel) +Provides: kernel-default-kgraft +Provides: kernel-xen-kgraft +Obsoletes: kernel-default-kgraft < 4.12 +Obsoletes: kernel-xen-kgraft < 4.12 -%description kgraft -This is a metapackage that pulls in the matching kgraft-patch package for a +%description livepatch +This is a metapackage that pulls in the matching kernel-livepatch package for a given kernel version. The advantage of the metapackage is that its name is -static, unlike the kgraft-patch-<kernel-version>-flavor package names. +static, unlike the kernel-livepatch-<kernel-version>-flavor package names. -%files kgraft +%files livepatch # rpmlint complains about empty packages, so lets own something %defattr(-, root, root) %dir /lib/modules/%kernelrelease-%build_flavor ++++++ linux-4.13.tar.xz -> linux-4.14.tar.xz ++++++ /work/SRC/openSUSE:Factory/kernel-source/linux-4.13.tar.xz /work/SRC/openSUSE:Factory/.kernel-source.new/linux-4.14.tar.xz differ: char 15, line 1 ++++++ patches.apparmor.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.apparmor/apparmor-basic-networking-rules.patch new/patches.apparmor/apparmor-basic-networking-rules.patch --- old/patches.apparmor/apparmor-basic-networking-rules.patch 2017-07-17 23:52:03.000000000 +0200 +++ new/patches.apparmor/apparmor-basic-networking-rules.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,595 +0,0 @@ -From: John Johansen <[email protected]> -Date: Mon, 4 Oct 2010 15:03:36 -0700 -Subject: AppArmor: basic networking rules -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor.git -Git-commit: 09aa4788d6052c6dc423d939319334ebb5d00847 -Patch-mainline: Queued in subsystem maintainer repo -References: FATE#300516 - -Base support for network mediation. - -Signed-off-by: John Johansen <[email protected]> -Acked-by: Jeff Mahoney <[email protected]> ---- - security/apparmor/.gitignore | 1 - security/apparmor/Makefile | 42 ++++++++ - security/apparmor/apparmorfs.c | 1 - security/apparmor/include/audit.h | 4 - security/apparmor/include/net.h | 44 +++++++++ - security/apparmor/include/policy.h | 3 - security/apparmor/lsm.c | 112 +++++++++++++++++++++++ - security/apparmor/net.c | 175 +++++++++++++++++++++++++++++++++++++ - security/apparmor/policy.c | 1 - security/apparmor/policy_unpack.c | 46 +++++++++ - 10 files changed, 427 insertions(+), 2 deletions(-) - create mode 100644 security/apparmor/include/net.h - create mode 100644 security/apparmor/net.c - ---- a/security/apparmor/.gitignore -+++ b/security/apparmor/.gitignore -@@ -1,5 +1,6 @@ - # - # Generated include files - # -+net_names.h - capability_names.h - rlim_names.h ---- a/security/apparmor/Makefile -+++ b/security/apparmor/Makefile -@@ -4,10 +4,10 @@ obj-$(CONFIG_SECURITY_APPARMOR) += appar - - apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \ - path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \ -- resource.o secid.o file.o policy_ns.o label.o -+ resource.o secid.o file.o policy_ns.o net.o label.o - apparmor-$(CONFIG_SECURITY_APPARMOR_HASH) += crypto.o - --clean-files := capability_names.h rlim_names.h -+clean-files := capability_names.h rlim_names.h net_names.h - - - # Build a lower case string table of capability names -@@ -25,6 +25,38 @@ cmd_make-caps = echo "static const char - -e 's/^\#define[ \t]+CAP_([A-Z0-9_]+)[ \t]+([0-9]+)/\L\1/p' | \ - tr '\n' ' ' | sed -e 's/ $$/"\n/' >> $@ - -+# Build a lower case string table of address family names -+# Transform lines from -+# define AF_LOCAL 1 /* POSIX name for AF_UNIX */ -+# #define AF_INET 2 /* Internet IP Protocol */ -+# to -+# [1] = "local", -+# [2] = "inet", -+# -+# and build the securityfs entries for the mapping. -+# Transforms lines from -+# #define AF_INET 2 /* Internet IP Protocol */ -+# to -+# #define AA_FS_AF_MASK "local inet" -+quiet_cmd_make-af = GEN $@ -+cmd_make-af = echo "static const char *address_family_names[] = {" > $@ ;\ -+ sed $< >>$@ -r -n -e "/AF_MAX/d" -e "/AF_LOCAL/d" -e \ -+ 's/^\#define[ \t]+AF_([A-Z0-9_]+)[ \t]+([0-9]+)(.*)/[\2] = "\L\1",/p';\ -+ echo "};" >> $@ ;\ -+ echo -n '\#define AA_FS_AF_MASK "' >> $@ ;\ -+ sed -r -n 's/^\#define[ \t]+AF_([A-Z0-9_]+)[ \t]+([0-9]+)(.*)/\L\1/p'\ -+ $< | tr '\n' ' ' | sed -e 's/ $$/"\n/' >> $@ -+ -+# Build a lower case string table of sock type names -+# Transform lines from -+# SOCK_STREAM = 1, -+# to -+# [1] = "stream", -+quiet_cmd_make-sock = GEN $@ -+cmd_make-sock = echo "static const char *sock_type_names[] = {" >> $@ ;\ -+ sed $^ >>$@ -r -n \ -+ -e 's/^\tSOCK_([A-Z0-9_]+)[\t]+=[ \t]+([0-9]+)(.*)/[\2] = "\L\1",/p';\ -+ echo "};" >> $@ - - # Build a lower case string table of rlimit names. - # Transforms lines from -@@ -61,6 +93,7 @@ cmd_make-rlim = echo "static const char - tr '\n' ' ' | sed -e 's/ $$/"\n/' >> $@ - - $(obj)/capability.o : $(obj)/capability_names.h -+$(obj)/net.o : $(obj)/net_names.h - $(obj)/resource.o : $(obj)/rlim_names.h - $(obj)/capability_names.h : $(srctree)/include/uapi/linux/capability.h \ - $(src)/Makefile -@@ -68,3 +101,8 @@ $(obj)/capability_names.h : $(srctree)/i - $(obj)/rlim_names.h : $(srctree)/include/uapi/asm-generic/resource.h \ - $(src)/Makefile - $(call cmd,make-rlim) -+$(obj)/net_names.h : $(srctree)/include/linux/socket.h \ -+ $(srctree)/include/linux/net.h \ -+ $(src)/Makefile -+ $(call cmd,make-af) -+ $(call cmd,make-sock) ---- a/security/apparmor/apparmorfs.c -+++ b/security/apparmor/apparmorfs.c -@@ -2173,6 +2173,7 @@ static struct aa_sfs_entry aa_sfs_entry_ - AA_SFS_DIR("domain", aa_sfs_entry_domain), - AA_SFS_DIR("file", aa_sfs_entry_file), - AA_SFS_DIR("namespaces", aa_sfs_entry_ns), -+ AA_SFS_DIR("network", aa_sfs_entry_network), - AA_SFS_FILE_U64("capability", VFS_CAP_FLAGS_MASK), - AA_SFS_DIR("rlimit", aa_sfs_entry_rlimit), - AA_SFS_DIR("caps", aa_sfs_entry_caps), ---- a/security/apparmor/include/audit.h -+++ b/security/apparmor/include/audit.h -@@ -120,6 +120,10 @@ struct apparmor_audit_data { - const char *target; - kuid_t ouid; - } fs; -+ struct { -+ int type, protocol; -+ struct sock *sk; -+ } net; - }; - struct { - const char *name; ---- /dev/null -+++ b/security/apparmor/include/net.h -@@ -0,0 +1,44 @@ -+/* -+ * AppArmor security module -+ * -+ * This file contains AppArmor network mediation definitions. -+ * -+ * Copyright (C) 1998-2008 Novell/SUSE -+ * Copyright 2009-2012 Canonical Ltd. -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License as -+ * published by the Free Software Foundation, version 2 of the -+ * License. -+ */ -+ -+#ifndef __AA_NET_H -+#define __AA_NET_H -+ -+#include <net/sock.h> -+ -+#include "apparmorfs.h" -+ -+/* struct aa_net - network confinement data -+ * @allowed: basic network families permissions -+ * @audit_network: which network permissions to force audit -+ * @quiet_network: which network permissions to quiet rejects -+ */ -+struct aa_net { -+ u16 allow[AF_MAX]; -+ u16 audit[AF_MAX]; -+ u16 quiet[AF_MAX]; -+}; -+ -+extern struct aa_sfs_entry aa_sfs_entry_network[]; -+ -+extern int aa_net_perm(const char *op, struct aa_label *label, u16 family, -+ int type, int protocol, struct sock *sk); -+extern int aa_revalidate_sk(const char *op, struct sock *sk); -+ -+static inline void aa_free_net_rules(struct aa_net *new) -+{ -+ /* NOP */ -+} -+ -+#endif /* __AA_NET_H */ ---- a/security/apparmor/include/policy.h -+++ b/security/apparmor/include/policy.h -@@ -28,6 +28,7 @@ - #include "capability.h" - #include "domain.h" - #include "file.h" -+#include "net.h" - #include "lib.h" - #include "label.h" - #include "perms.h" -@@ -111,6 +112,7 @@ struct aa_data { - * @policy: general match rules governing policy - * @file: The set of rules governing basic file access and domain transitions - * @caps: capabilities for the profile -+ * @net: network controls for the profile - * @rlimits: rlimits for the profile - * - * @dents: dentries for the profiles file entries in apparmorfs -@@ -148,6 +150,7 @@ struct aa_profile { - struct aa_policydb policy; - struct aa_file_rules file; - struct aa_caps caps; -+ struct aa_net net; - struct aa_rlimit rlimits; - - struct aa_loaddata *rawdata; ---- a/security/apparmor/lsm.c -+++ b/security/apparmor/lsm.c -@@ -33,6 +33,7 @@ - #include "include/context.h" - #include "include/file.h" - #include "include/ipc.h" -+#include "include/net.h" - #include "include/path.h" - #include "include/label.h" - #include "include/policy.h" -@@ -656,6 +657,104 @@ static int apparmor_task_setrlimit(struc - return error; - } - -+static int apparmor_socket_create(int family, int type, int protocol, int kern) -+{ -+ struct aa_label *profile; -+ int error = 0; -+ -+ if (kern) -+ return 0; -+ -+ profile = aa_current_raw_label(); -+ if (!unconfined(profile)) -+ error = aa_net_perm(OP_CREATE, profile, family, type, protocol, -+ NULL); -+ return error; -+} -+ -+static int apparmor_socket_bind(struct socket *sock, -+ struct sockaddr *address, int addrlen) -+{ -+ struct sock *sk = sock->sk; -+ -+ return aa_revalidate_sk(OP_BIND, sk); -+} -+ -+static int apparmor_socket_connect(struct socket *sock, -+ struct sockaddr *address, int addrlen) -+{ -+ struct sock *sk = sock->sk; -+ -+ return aa_revalidate_sk(OP_CONNECT, sk); -+} -+ -+static int apparmor_socket_listen(struct socket *sock, int backlog) -+{ -+ struct sock *sk = sock->sk; -+ -+ return aa_revalidate_sk(OP_LISTEN, sk); -+} -+ -+static int apparmor_socket_accept(struct socket *sock, struct socket *newsock) -+{ -+ struct sock *sk = sock->sk; -+ -+ return aa_revalidate_sk(OP_ACCEPT, sk); -+} -+ -+static int apparmor_socket_sendmsg(struct socket *sock, -+ struct msghdr *msg, int size) -+{ -+ struct sock *sk = sock->sk; -+ -+ return aa_revalidate_sk(OP_SENDMSG, sk); -+} -+ -+static int apparmor_socket_recvmsg(struct socket *sock, -+ struct msghdr *msg, int size, int flags) -+{ -+ struct sock *sk = sock->sk; -+ -+ return aa_revalidate_sk(OP_RECVMSG, sk); -+} -+ -+static int apparmor_socket_getsockname(struct socket *sock) -+{ -+ struct sock *sk = sock->sk; -+ -+ return aa_revalidate_sk(OP_GETSOCKNAME, sk); -+} -+ -+static int apparmor_socket_getpeername(struct socket *sock) -+{ -+ struct sock *sk = sock->sk; -+ -+ return aa_revalidate_sk(OP_GETPEERNAME, sk); -+} -+ -+static int apparmor_socket_getsockopt(struct socket *sock, int level, -+ int optname) -+{ -+ struct sock *sk = sock->sk; -+ -+ return aa_revalidate_sk(OP_GETSOCKOPT, sk); -+} -+ -+static int apparmor_socket_setsockopt(struct socket *sock, int level, -+ int optname) -+{ -+ struct sock *sk = sock->sk; -+ -+ return aa_revalidate_sk(OP_SETSOCKOPT, sk); -+} -+ -+static int apparmor_socket_shutdown(struct socket *sock, int how) -+{ -+ struct sock *sk = sock->sk; -+ -+ return aa_revalidate_sk(OP_SHUTDOWN, sk); -+} -+ - static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { - LSM_HOOK_INIT(ptrace_access_check, apparmor_ptrace_access_check), - LSM_HOOK_INIT(ptrace_traceme, apparmor_ptrace_traceme), -@@ -686,6 +785,19 @@ static struct security_hook_list apparmo - LSM_HOOK_INIT(getprocattr, apparmor_getprocattr), - LSM_HOOK_INIT(setprocattr, apparmor_setprocattr), - -+ LSM_HOOK_INIT(socket_create, apparmor_socket_create), -+ LSM_HOOK_INIT(socket_bind, apparmor_socket_bind), -+ LSM_HOOK_INIT(socket_connect, apparmor_socket_connect), -+ LSM_HOOK_INIT(socket_listen, apparmor_socket_listen), -+ LSM_HOOK_INIT(socket_accept, apparmor_socket_accept), -+ LSM_HOOK_INIT(socket_sendmsg, apparmor_socket_sendmsg), -+ LSM_HOOK_INIT(socket_recvmsg, apparmor_socket_recvmsg), -+ LSM_HOOK_INIT(socket_getsockname, apparmor_socket_getsockname), -+ LSM_HOOK_INIT(socket_getpeername, apparmor_socket_getpeername), -+ LSM_HOOK_INIT(socket_getsockopt, apparmor_socket_getsockopt), -+ LSM_HOOK_INIT(socket_setsockopt, apparmor_socket_setsockopt), -+ LSM_HOOK_INIT(socket_shutdown, apparmor_socket_shutdown), -+ - LSM_HOOK_INIT(cred_alloc_blank, apparmor_cred_alloc_blank), - LSM_HOOK_INIT(cred_free, apparmor_cred_free), - LSM_HOOK_INIT(cred_prepare, apparmor_cred_prepare), ---- /dev/null -+++ b/security/apparmor/net.c -@@ -0,0 +1,175 @@ -+/* -+ * AppArmor security module -+ * -+ * This file contains AppArmor network mediation -+ * -+ * Copyright (C) 1998-2008 Novell/SUSE -+ * Copyright 2009-2012 Canonical Ltd. -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License as -+ * published by the Free Software Foundation, version 2 of the -+ * License. -+ */ -+ -+#include "include/apparmor.h" -+#include "include/audit.h" -+#include "include/context.h" -+#include "include/net.h" -+#include "include/policy.h" -+ -+#include "net_names.h" -+ -+struct aa_sfs_entry aa_sfs_entry_network[] = { -+ AA_SFS_FILE_STRING("af_mask", AA_FS_AF_MASK), -+ { } -+}; -+ -+/* audit callback for net specific fields */ -+static void audit_cb(struct audit_buffer *ab, void *va) -+{ -+ struct common_audit_data *sa = va; -+ -+ audit_log_format(ab, " family="); -+ if (address_family_names[sa->u.net->family]) { -+ audit_log_string(ab, address_family_names[sa->u.net->family]); -+ } else { -+ audit_log_format(ab, "\"unknown(%d)\"", sa->u.net->family); -+ } -+ audit_log_format(ab, " sock_type="); -+ if (sock_type_names[aad(sa)->net.type]) { -+ audit_log_string(ab, sock_type_names[aad(sa)->net.type]); -+ } else { -+ audit_log_format(ab, "\"unknown(%d)\"", aad(sa)->net.type); -+ } -+ audit_log_format(ab, " protocol=%d", aad(sa)->net.protocol); -+} -+ -+/** -+ * audit_net - audit network access -+ * @profile: profile being enforced (NOT NULL) -+ * @op: operation being checked -+ * @family: network family -+ * @type: network type -+ * @protocol: network protocol -+ * @sk: socket auditing is being applied to -+ * @error: error code for failure else 0 -+ * -+ * Returns: %0 or sa->error else other errorcode on failure -+ */ -+static int audit_net(struct aa_profile *profile, const char *op, -+ u16 family, int type, int protocol, -+ struct sock *sk, int error) -+{ -+ int audit_type = AUDIT_APPARMOR_AUTO; -+ struct common_audit_data sa; -+ struct apparmor_audit_data aad = { }; -+ struct lsm_network_audit net = { }; -+ if (sk) { -+ sa.type = LSM_AUDIT_DATA_NET; -+ } else { -+ sa.type = LSM_AUDIT_DATA_NONE; -+ } -+ /* todo fill in socket addr info */ -+ aad(&sa) = &aad; -+ sa.u.net = &net; -+ aad(&sa)->op = op, -+ sa.u.net->family = family; -+ sa.u.net->sk = sk; -+ aad(&sa)->net.type = type; -+ aad(&sa)->net.protocol = protocol; -+ aad(&sa)->error = error; -+ -+ if (likely(!aad(&sa)->error)) { -+ u16 audit_mask = profile->net.audit[sa.u.net->family]; -+ if (likely((AUDIT_MODE(profile) != AUDIT_ALL) && -+ !(1 << aad(&sa)->net.type & audit_mask))) -+ return 0; -+ audit_type = AUDIT_APPARMOR_AUDIT; -+ } else { -+ u16 quiet_mask = profile->net.quiet[sa.u.net->family]; -+ u16 kill_mask = 0; -+ u16 denied = (1 << aad(&sa)->net.type) & ~quiet_mask; -+ -+ if (denied & kill_mask) -+ audit_type = AUDIT_APPARMOR_KILL; -+ -+ if ((denied & quiet_mask) && -+ AUDIT_MODE(profile) != AUDIT_NOQUIET && -+ AUDIT_MODE(profile) != AUDIT_ALL) -+ return COMPLAIN_MODE(profile) ? 0 : aad(&sa)->error; -+ } -+ -+ return aa_audit(audit_type, profile, &sa, audit_cb); -+} -+ -+static int __aa_net_perm(const char *op, struct aa_profile *profile, u16 family, -+ int type, int protocol, struct sock *sk) -+{ -+ u16 family_mask; -+ int error; -+ -+ if (profile_unconfined(profile)) -+ return 0; -+ -+ family_mask = profile->net.allow[family]; -+ -+ error = (family_mask & (1 << type)) ? 0 : -EACCES; -+ -+ return audit_net(profile, op, family, type, protocol, sk, error); -+} -+ -+/** -+ * aa_net_perm - very course network access check -+ * @op: operation being checked -+ * @label: profile being enforced (NOT NULL) -+ * @family: network family -+ * @type: network type -+ * @protocol: network protocol -+ * -+ * Returns: %0 else error if permission denied -+ */ -+int aa_net_perm(const char *op, struct aa_label *label, u16 family, -+ int type, int protocol, struct sock *sk) -+{ -+ struct aa_profile *profile; -+ -+ if ((family < 0) || (family >= AF_MAX)) -+ return -EINVAL; -+ -+ if ((type < 0) || (type >= SOCK_MAX)) -+ return -EINVAL; -+ -+ /* unix domain and netlink sockets are handled by ipc */ -+ if (family == AF_UNIX || family == AF_NETLINK) -+ return 0; -+ -+ return fn_for_each_confined(label, profile, -+ __aa_net_perm(op, profile, family, type, protocol, sk)); -+} -+ -+/** -+ * aa_revalidate_sk - Revalidate access to a sock -+ * @op: operation being checked -+ * @sk: sock being revalidated (NOT NULL) -+ * -+ * Returns: %0 else error if permission denied -+ */ -+int aa_revalidate_sk(const char *op, struct sock *sk) -+{ -+ struct aa_label *profile; -+ int error = 0; -+ -+ /* aa_revalidate_sk should not be called from interrupt context -+ * don't mediate these calls as they are not task related -+ */ -+ if (in_interrupt()) -+ return 0; -+ -+ profile = aa_current_raw_label(); -+ if (!unconfined(profile)) -+ error = aa_net_perm(op, profile, sk->sk_family, sk->sk_type, -+ sk->sk_protocol, sk); -+ -+ return error; -+} ---- a/security/apparmor/policy.c -+++ b/security/apparmor/policy.c -@@ -225,6 +225,7 @@ void aa_free_profile(struct aa_profile * - - aa_free_file_rules(&profile->file); - aa_free_cap_rules(&profile->caps); -+ aa_free_net_rules(&profile->net); - aa_free_rlimit_rules(&profile->rlimits); - - kzfree(profile->dirname); ---- a/security/apparmor/policy_unpack.c -+++ b/security/apparmor/policy_unpack.c -@@ -275,6 +275,19 @@ fail: - return 0; - } - -+static bool unpack_u16(struct aa_ext *e, u16 *data, const char *name) -+{ -+ if (unpack_nameX(e, AA_U16, name)) { -+ if (!inbounds(e, sizeof(u16))) -+ return 0; -+ if (data) -+ *data = le16_to_cpu(get_unaligned((u16 *) e->pos)); -+ e->pos += sizeof(u16); -+ return 1; -+ } -+ return 0; -+} -+ - static bool unpack_u32(struct aa_ext *e, u32 *data, const char *name) - { - if (unpack_nameX(e, AA_U32, name)) { -@@ -590,6 +603,7 @@ static struct aa_profile *unpack_profile - int i, error = -EPROTO; - kernel_cap_t tmpcap; - u32 tmp; -+ size_t size = 0; - - *ns_name = NULL; - -@@ -703,6 +717,38 @@ static struct aa_profile *unpack_profile - if (!unpack_rlimits(e, profile)) - goto fail; - -+ size = unpack_array(e, "net_allowed_af"); -+ if (size) { -+ -+ for (i = 0; i < size; i++) { -+ /* discard extraneous rules that this kernel will -+ * never request -+ */ -+ if (i >= AF_MAX) { -+ u16 tmp; -+ if (!unpack_u16(e, &tmp, NULL) || -+ !unpack_u16(e, &tmp, NULL) || -+ !unpack_u16(e, &tmp, NULL)) -+ goto fail; -+ continue; -+ } -+ if (!unpack_u16(e, &profile->net.allow[i], NULL)) -+ goto fail; -+ if (!unpack_u16(e, &profile->net.audit[i], NULL)) -+ goto fail; -+ if (!unpack_u16(e, &profile->net.quiet[i], NULL)) -+ goto fail; -+ } -+ if (!unpack_nameX(e, AA_ARRAYEND, NULL)) -+ goto fail; -+ } -+ /* -+ * allow unix domain and netlink sockets they are handled -+ * by IPC -+ */ -+ profile->net.allow[AF_UNIX] = 0xffff; -+ profile->net.allow[AF_NETLINK] = 0xffff; -+ - if (unpack_nameX(e, AA_STRUCT, "policydb")) { - /* generic policy dfa - optional and may be NULL */ - profile->policy.dfa = unpack_dfa(e); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.apparmor/apparmor-fix-quieting-of-audit-messages-for-network-mediation.patch new/patches.apparmor/apparmor-fix-quieting-of-audit-messages-for-network-mediation.patch --- old/patches.apparmor/apparmor-fix-quieting-of-audit-messages-for-network-mediation.patch 2017-07-17 23:52:03.000000000 +0200 +++ new/patches.apparmor/apparmor-fix-quieting-of-audit-messages-for-network-mediation.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,36 +0,0 @@ -From: John Johansen <[email protected]> -Date: Fri, 29 Jun 2012 17:34:00 -0700 -Subject: apparmor: Fix quieting of audit messages for network mediation -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor.git -Git-commit: f5c5644745201b5b7d398e841e5045d0a5d14b18 -Patch-mainline: Queued in subsystem maintainer repo -References: FATE#300516 - -If a profile specified a quieting of network denials for a given rule by -either the quiet or deny rule qualifiers, the resultant quiet mask for -denied requests was applied incorrectly, resulting in two potential bugs. -1. The misapplied quiet mask would prevent denials from being correctly - tested against the kill mask/mode. Thus network access requests that - should have resulted in the application being killed did not. - -2. The actual quieting of the denied network request was not being applied. - This would result in network rejections always being logged even when - they had been specifically marked as quieted. - -Signed-off-by: John Johansen <[email protected]> -Acked-by: Jeff Mahoney <[email protected]> ---- - security/apparmor/net.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/security/apparmor/net.c -+++ b/security/apparmor/net.c -@@ -89,7 +89,7 @@ static int audit_net(struct aa_profile * - } else { - u16 quiet_mask = profile->net.quiet[sa.u.net->family]; - u16 kill_mask = 0; -- u16 denied = (1 << aad(&sa)->net.type) & ~quiet_mask; -+ u16 denied = (1 << aad(&sa)->net.type); - - if (denied & kill_mask) - audit_type = AUDIT_APPARMOR_KILL; ++++++ patches.arch.tar.bz2 ++++++ ++++ 14172 lines of diff (skipped) ++++++ patches.drivers.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.drivers/ALSA-hda-Implement-mic-mute-LED-mode-enum new/patches.drivers/ALSA-hda-Implement-mic-mute-LED-mode-enum --- old/patches.drivers/ALSA-hda-Implement-mic-mute-LED-mode-enum 2017-11-08 12:21:09.000000000 +0100 +++ new/patches.drivers/ALSA-hda-Implement-mic-mute-LED-mode-enum 1970-01-01 01:00:00.000000000 +0100 @@ -1,149 +0,0 @@ -From 62a939477173fabfe9f52114fab878a00b87f9a3 Mon Sep 17 00:00:00 2001 -From: Takashi Iwai <[email protected]> -Date: Tue, 22 Aug 2017 16:52:10 +0200 -Subject: [PATCH] ALSA: hda - Implement mic-mute LED mode enum -References: bsc#1055013 -Git-commit: 62a939477173fabfe9f52114fab878a00b87f9a3 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git -Patch-mainline: Queued in subsystem maintainer repository - -Dell laptops have another LED for mic-mute in addition to the master -mute. The former is tied with the capture switch (in a reverse way) -while the latter is tied with the master playback switch. We already -have an enum control to change the behavior for the master mute LED in -different ways, e.g. keeping always off or turning off at mute. But, -the mic-mute LED has no such management but its behavior is -hard-coded. - -This patch implements an enum control to change the mic-mute LED -behavior like what we have for the master mute LED. The ctl provides -four modes: keep-on, keep-off, follow-capture and follow-mute. The -default mode is the last one, follow-mute, which follows the capture -mute, i.e. LED turning on when the capture is off, and turning off -when the capture is active. - -Signed-off-by: Takashi Iwai <[email protected]> - ---- - sound/pci/hda/dell_wmi_helper.c | 87 +++++++++++++++++++++++++++++++++++++--- - 1 file changed, 81 insertions(+), 6 deletions(-) - ---- a/sound/pci/hda/dell_wmi_helper.c -+++ b/sound/pci/hda/dell_wmi_helper.c -@@ -5,12 +5,47 @@ - #if IS_ENABLED(CONFIG_DELL_LAPTOP) - #include <linux/dell-led.h> - -+enum { -+ MICMUTE_LED_ON, -+ MICMUTE_LED_OFF, -+ MICMUTE_LED_FOLLOW_CAPTURE, -+ MICMUTE_LED_FOLLOW_MUTE, -+}; -+ -+static int dell_led_mode = MICMUTE_LED_FOLLOW_MUTE; -+static int dell_capture; - static int dell_led_value; - static int (*dell_micmute_led_set_func)(int); - static void (*dell_old_cap_hook)(struct hda_codec *, - struct snd_kcontrol *, - struct snd_ctl_elem_value *); - -+static void call_micmute_led_update(void) -+{ -+ int val; -+ -+ switch (dell_led_mode) { -+ case MICMUTE_LED_ON: -+ val = 1; -+ break; -+ case MICMUTE_LED_OFF: -+ val = 0; -+ break; -+ case MICMUTE_LED_FOLLOW_CAPTURE: -+ val = dell_capture; -+ break; -+ case MICMUTE_LED_FOLLOW_MUTE: -+ default: -+ val = !dell_capture; -+ break; -+ } -+ -+ if (val == dell_led_value) -+ return; -+ dell_led_value = val; -+ dell_micmute_led_set_func(dell_led_value); -+} -+ - static void update_dell_wmi_micmute_led(struct hda_codec *codec, - struct snd_kcontrol *kcontrol, - struct snd_ctl_elem_value *ucontrol) -@@ -22,15 +57,54 @@ static void update_dell_wmi_micmute_led( - return; - if (strcmp("Capture Switch", ucontrol->id.name) == 0 && ucontrol->id.index == 0) { - /* TODO: How do I verify if it's a mono or stereo here? */ -- int val = (ucontrol->value.integer.value[0] || ucontrol->value.integer.value[1]) ? 0 : 1; -- if (val == dell_led_value) -- return; -- dell_led_value = val; -- if (dell_micmute_led_set_func) -- dell_micmute_led_set_func(dell_led_value); -+ dell_capture = (ucontrol->value.integer.value[0] || -+ ucontrol->value.integer.value[1]); -+ call_micmute_led_update(); - } - } - -+static int dell_mic_mute_led_mode_info(struct snd_kcontrol *kcontrol, -+ struct snd_ctl_elem_info *uinfo) -+{ -+ static const char * const texts[] = { -+ "On", "Off", "Follow Capture", "Follow Mute", -+ }; -+ -+ return snd_ctl_enum_info(uinfo, 1, ARRAY_SIZE(texts), texts); -+} -+ -+static int dell_mic_mute_led_mode_get(struct snd_kcontrol *kcontrol, -+ struct snd_ctl_elem_value *ucontrol) -+{ -+ ucontrol->value.enumerated.item[0] = dell_led_mode; -+ return 0; -+} -+ -+static int dell_mic_mute_led_mode_put(struct snd_kcontrol *kcontrol, -+ struct snd_ctl_elem_value *ucontrol) -+{ -+ unsigned int mode; -+ -+ mode = ucontrol->value.enumerated.item[0]; -+ if (mode > MICMUTE_LED_FOLLOW_MUTE) -+ mode = MICMUTE_LED_FOLLOW_MUTE; -+ if (mode == dell_led_mode) -+ return 0; -+ dell_led_mode = mode; -+ call_micmute_led_update(); -+ return 1; -+} -+ -+static const struct snd_kcontrol_new dell_mic_mute_mode_ctls[] = { -+ { -+ .iface = SNDRV_CTL_ELEM_IFACE_MIXER, -+ .name = "Mic Mute-LED Mode", -+ .info = dell_mic_mute_led_mode_info, -+ .get = dell_mic_mute_led_mode_get, -+ .put = dell_mic_mute_led_mode_put, -+ }, -+ {} -+}; - - static void alc_fixup_dell_wmi(struct hda_codec *codec, - const struct hda_fixup *fix, int action) -@@ -55,6 +129,7 @@ static void alc_fixup_dell_wmi(struct hd - dell_old_cap_hook = spec->gen.cap_sync_hook; - spec->gen.cap_sync_hook = update_dell_wmi_micmute_led; - removefunc = false; -+ add_mixer(spec, dell_mic_mute_mode_ctls); - } - } - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.drivers/ALSA-ice1712-Add-support-for-STAudio-ADCIII new/patches.drivers/ALSA-ice1712-Add-support-for-STAudio-ADCIII --- old/patches.drivers/ALSA-ice1712-Add-support-for-STAudio-ADCIII 2017-11-08 12:21:09.000000000 +0100 +++ new/patches.drivers/ALSA-ice1712-Add-support-for-STAudio-ADCIII 1970-01-01 01:00:00.000000000 +0100 @@ -1,107 +0,0 @@ -From e8a91ae18bdc0bcedd2a07e42e66ca09dc2105d2 Mon Sep 17 00:00:00 2001 -From: Takashi Iwai <[email protected]> -Date: Mon, 21 Aug 2017 16:13:27 +0200 -Subject: [PATCH] ALSA: ice1712: Add support for STAudio ADCIII -References: bsc#1048934 -Git-commit: e8a91ae18bdc0bcedd2a07e42e66ca09dc2105d2 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git -Patch-mainline: Queued in subsystem maintainer repository - -STAudio ADCIII has the same SSID as Hoontech STDSP24, but requires a -slightly different configuration. This patch allows user to choose -this model via model=staudio option to set the proper configuration -for the board. - -Bugzilla: http://bugzilla.suse.com/show_bug.cgi?id=1048934 -Signed-off-by: Takashi Iwai <[email protected]> - ---- - sound/pci/ice1712/hoontech.c | 39 ++++++++++++++++++++++++++++++++++----- - sound/pci/ice1712/hoontech.h | 1 + - 2 files changed, 35 insertions(+), 5 deletions(-) - ---- a/sound/pci/ice1712/hoontech.c -+++ b/sound/pci/ice1712/hoontech.c -@@ -166,7 +166,7 @@ static void snd_ice1712_stdsp24_midi2(st - mutex_unlock(&ice->gpio_mutex); - } - --static int snd_ice1712_hoontech_init(struct snd_ice1712 *ice) -+static int hoontech_init(struct snd_ice1712 *ice, bool staudio) - { - struct hoontech_spec *spec; - int box, chn; -@@ -203,7 +203,10 @@ static int snd_ice1712_hoontech_init(str - ICE1712_STDSP24_3_INSEL(spec->boxbits, 0); - - /* let's go - activate only functions in first box */ -- spec->config = 0; -+ if (staudio) -+ spec->config = ICE1712_STDSP24_MUTE; -+ else -+ spec->config = 0; - /* ICE1712_STDSP24_MUTE | - ICE1712_STDSP24_INSEL | - ICE1712_STDSP24_DAREAR; */ -@@ -226,9 +229,16 @@ static int snd_ice1712_hoontech_init(str - ICE1712_STDSP24_BOX_CHN4 | - ICE1712_STDSP24_BOX_MIDI1 | - ICE1712_STDSP24_BOX_MIDI2; -- spec->boxconfig[1] = -- spec->boxconfig[2] = -- spec->boxconfig[3] = 0; -+ if (staudio) { -+ spec->boxconfig[1] = -+ spec->boxconfig[2] = -+ spec->boxconfig[3] = spec->boxconfig[0]; -+ } else { -+ spec->boxconfig[1] = -+ spec->boxconfig[2] = -+ spec->boxconfig[3] = 0; -+ } -+ - snd_ice1712_stdsp24_darear(ice, - (spec->config & ICE1712_STDSP24_DAREAR) ? 1 : 0); - snd_ice1712_stdsp24_mute(ice, -@@ -248,6 +258,16 @@ static int snd_ice1712_hoontech_init(str - return 0; - } - -+static int snd_ice1712_hoontech_init(struct snd_ice1712 *ice) -+{ -+ return hoontech_init(ice, false); -+} -+ -+static int snd_ice1712_staudio_init(struct snd_ice1712 *ice) -+{ -+ return hoontech_init(ice, true); -+} -+ - /* - * AK4524 access - */ -@@ -351,5 +371,14 @@ struct snd_ice1712_card_info snd_ice1712 - .model = "ez8", - .chip_init = snd_ice1712_ez8_init, - }, -+ { -+ /* STAudio ADCIII has the same SSID as Hoontech StA DSP24, -+ * thus identified only via the explicit model option -+ */ -+ .subvendor = ICE1712_SUBDEVICE_STAUDIO_ADCIII, /* a dummy id */ -+ .name = "STAudio ADCIII", -+ .model = "staudio", -+ .chip_init = snd_ice1712_staudio_init, -+ }, - { } /* terminator */ - }; ---- a/sound/pci/ice1712/hoontech.h -+++ b/sound/pci/ice1712/hoontech.h -@@ -34,6 +34,7 @@ - #define ICE1712_SUBDEVICE_STDSP24_VALUE 0x00010010 /* A dummy id for Hoontech SoundTrack Audio DSP 24 Value */ - #define ICE1712_SUBDEVICE_STDSP24_MEDIA7_1 0x16141217 /* Hoontech ST Audio DSP24 Media 7.1 */ - #define ICE1712_SUBDEVICE_EVENT_EZ8 0x00010001 /* A dummy id for EZ8 */ -+#define ICE1712_SUBDEVICE_STAUDIO_ADCIII 0x00010002 /* A dummy id for STAudio ADCIII */ - - extern struct snd_ice1712_card_info snd_ice1712_hoontech_cards[]; - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.drivers/Input-ims-psu-check-if-CDC-union-descriptor-is-sane new/patches.drivers/Input-ims-psu-check-if-CDC-union-descriptor-is-sane --- old/patches.drivers/Input-ims-psu-check-if-CDC-union-descriptor-is-sane 2017-11-08 12:21:09.000000000 +0100 +++ new/patches.drivers/Input-ims-psu-check-if-CDC-union-descriptor-is-sane 1970-01-01 01:00:00.000000000 +0100 @@ -1,50 +0,0 @@ -From ea04efee7635c9120d015dcdeeeb6988130cb67a Mon Sep 17 00:00:00 2001 -From: Dmitry Torokhov <[email protected]> -Date: Sat, 7 Oct 2017 11:07:47 -0700 -Subject: [PATCH] Input: ims-psu - check if CDC union descriptor is sane -Git-commit: ea04efee7635c9120d015dcdeeeb6988130cb67a -Patch-mainline: 4.14-rc6 -References: CVE-2017-16645 bsc#1067132 - -Before trying to use CDC union descriptor, try to validate whether that it -is sane by checking that intf->altsetting->extra is big enough and that -descriptor bLength is not too big and not too small. - -Reported-by: Andrey Konovalov <[email protected]> -Signed-off-by: Dmitry Torokhov <[email protected]> -Acked-by: Takashi Iwai <[email protected]> - ---- - drivers/input/misc/ims-pcu.c | 16 ++++++++++++++-- - 1 file changed, 14 insertions(+), 2 deletions(-) - ---- a/drivers/input/misc/ims-pcu.c -+++ b/drivers/input/misc/ims-pcu.c -@@ -1635,13 +1635,25 @@ ims_pcu_get_cdc_union_desc(struct usb_in - return NULL; - } - -- while (buflen > 0) { -+ while (buflen >= sizeof(*union_desc)) { - union_desc = (struct usb_cdc_union_desc *)buf; - -+ if (union_desc->bLength > buflen) { -+ dev_err(&intf->dev, "Too large descriptor\n"); -+ return NULL; -+ } -+ - if (union_desc->bDescriptorType == USB_DT_CS_INTERFACE && - union_desc->bDescriptorSubType == USB_CDC_UNION_TYPE) { - dev_dbg(&intf->dev, "Found union header\n"); -- return union_desc; -+ -+ if (union_desc->bLength >= sizeof(*union_desc)) -+ return union_desc; -+ -+ dev_err(&intf->dev, -+ "Union descriptor to short (%d vs %zd\n)", -+ union_desc->bLength, sizeof(*union_desc)); -+ return NULL; - } - - buflen -= union_desc->bLength; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.drivers/megaraid-mbox-fix-SG_IO new/patches.drivers/megaraid-mbox-fix-SG_IO --- old/patches.drivers/megaraid-mbox-fix-SG_IO 2017-11-08 12:21:09.000000000 +0100 +++ new/patches.drivers/megaraid-mbox-fix-SG_IO 1970-01-01 01:00:00.000000000 +0100 @@ -1,73 +0,0 @@ -From: Martin Wilck <[email protected]> -Subject: megaraid_mbox: Oops on SG_IO -References: bnc#475619 -Patch-mainline: not yet - -This patch fixes an Oops in megaraid_mbox that happens when a -MODE_SENSE command for a logical drive is started viaioctl(SG_IO). - -The problem only occurs if the buffer specified by the user to receive -the mode data resides in highmem and if the buffer is aligned for -direct dma (no bounce buffer necessary). megaraid_mbox emulates -the MODE_SENSE command and writes the data using memset() directly -into user buffer. If the buffer is at a currently unmapped highmem -page, this leads to an Oops. - -Update jeffm 3 Aug 2012: -- commit 20273941 (mm: fix race in kunmap_atomic()) got rid of kmap slots - -Signed-off-by: Hannes Reinecke <[email protected]> - ---- - drivers/scsi/megaraid/megaraid_mbox.c | 28 +++++++++++++++++++++++----- - 1 file changed, 23 insertions(+), 5 deletions(-) - ---- a/drivers/scsi/megaraid/megaraid_mbox.c -+++ b/drivers/scsi/megaraid/megaraid_mbox.c -@@ -1586,13 +1586,20 @@ megaraid_mbox_build_cmd(adapter_t *adapt - case MODE_SENSE: - { - struct scatterlist *sgl; -- caddr_t vaddr; -+ struct page *pg; -+ unsigned char *vaddr; -+ unsigned long flags; - - sgl = scsi_sglist(scp); -- if (sg_page(sgl)) { -- vaddr = (caddr_t) sg_virt(&sgl[0]); -+ pg = sg_page(sgl); -+ if (pg) { -+ local_irq_save(flags); -+ vaddr = kmap_atomic(pg) + sgl->offset; - - memset(vaddr, 0, scp->cmnd[4]); -+ -+ kunmap_atomic(vaddr); -+ local_irq_restore(flags); - } - else { - con_log(CL_ANN, (KERN_WARNING -@@ -2330,9 +2337,20 @@ megaraid_mbox_dpc(unsigned long devp) - if (scp->cmnd[0] == INQUIRY && status == 0 && islogical == 0 - && IS_RAID_CH(raid_dev, scb->dev_channel)) { - -+ struct page *pg; -+ unsigned char *vaddr; -+ unsigned long flags; -+ - sgl = scsi_sglist(scp); -- if (sg_page(sgl)) { -- c = *(unsigned char *) sg_virt(&sgl[0]); -+ pg = sg_page(sgl); -+ if (pg) { -+ local_irq_save(flags); -+ vaddr = kmap_atomic(pg) + sgl->offset; -+ -+ c = *vaddr; -+ -+ kunmap_atomic(vaddr); -+ local_irq_restore(flags); - } else { - con_log(CL_ANN, (KERN_WARNING - "megaraid mailbox: invalid sg:%d\n", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.drivers/net-usb-asix-fill-null-ptr-deref-in-asix_suspend.patch new/patches.drivers/net-usb-asix-fill-null-ptr-deref-in-asix_suspend.patch --- old/patches.drivers/net-usb-asix-fill-null-ptr-deref-in-asix_suspend.patch 2017-11-08 12:21:09.000000000 +0100 +++ new/patches.drivers/net-usb-asix-fill-null-ptr-deref-in-asix_suspend.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,76 +0,0 @@ -From baedf68a068ca29624f241426843635920f16e1d Mon Sep 17 00:00:00 2001 -From: Andrey Konovalov <[email protected]> -Date: Thu, 2 Nov 2017 21:26:59 +0100 -Subject: [PATCH] net: usb: asix: fill null-ptr-deref in asix_suspend -Git-commit: baedf68a068ca29624f241426843635920f16e1d -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git -Patch-mainline: Queued in subsystem maintainer repo -References: CVE-2017-16647 bsc#1067102 - -When asix_suspend() is called dev->driver_priv might not have been -assigned a value, so we need to check that it's not NULL. - -Found by syzkaller. - -Kasan: CONFIG_KASAN_INLINE enabled -Kasan: GPF could be caused by NULL-ptr deref or user memory access -general protection fault: 0000 [#1] PREEMPT SMP KASAN -Modules linked in: -Cpu: 0 PID: 24 Comm: kworker/0:1 Not tainted 4.14.0-rc4-43422-geccacdd69a8c #400 -Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 -Workqueue: usb_hub_wq hub_event -Task: ffff88006bb36300 task.stack: ffff88006bba8000 -Rip: 0010:asix_suspend+0x76/0xc0 drivers/net/usb/asix_devices.c:629 -Rsp: 0018:ffff88006bbae718 EFLAGS: 00010202 -Rax: dffffc0000000000 RBX: ffff880061ba3b80 RCX: 1ffff1000c34d644 -Rdx: 0000000000000001 RSI: 0000000000000402 RDI: 0000000000000008 -Rbp: ffff88006bbae738 R08: 1ffff1000d775cad R09: 0000000000000000 -R10: 0000000000000000 R11: 0000000000000000 R12: ffff8800630a8b40 -R13: 0000000000000000 R14: 0000000000000402 R15: ffff880061ba3b80 -Fs: 0000000000000000(0000) GS:ffff88006c600000(0000) knlGS:0000000000000000 -Cs: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 -Cr2: 00007ff33cf89000 CR3: 0000000061c0a000 CR4: 00000000000006f0 -Call Trace: - usb_suspend_interface drivers/usb/core/driver.c:1209 - usb_suspend_both+0x27f/0x7e0 drivers/usb/core/driver.c:1314 - usb_runtime_suspend+0x41/0x120 drivers/usb/core/driver.c:1852 - __rpm_callback+0x339/0xb60 drivers/base/power/runtime.c:334 - rpm_callback+0x106/0x220 drivers/base/power/runtime.c:461 - rpm_suspend+0x465/0x1980 drivers/base/power/runtime.c:596 - __pm_runtime_suspend+0x11e/0x230 drivers/base/power/runtime.c:1009 - pm_runtime_put_sync_autosuspend ./include/linux/pm_runtime.h:251 - usb_new_device+0xa37/0x1020 drivers/usb/core/hub.c:2487 - hub_port_connect drivers/usb/core/hub.c:4903 - hub_port_connect_change drivers/usb/core/hub.c:5009 - port_event drivers/usb/core/hub.c:5115 - hub_event+0x194d/0x3740 drivers/usb/core/hub.c:5195 - process_one_work+0xc7f/0x1db0 kernel/workqueue.c:2119 - worker_thread+0x221/0x1850 kernel/workqueue.c:2253 - kthread+0x3a1/0x470 kernel/kthread.c:231 - ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:431 -Code: 8d 7c 24 20 48 89 fa 48 c1 ea 03 80 3c 02 00 75 5b 48 b8 00 00 -00 00 00 fc ff df 4d 8b 6c 24 20 49 8d 7d 08 48 89 fa 48 c1 ea 03 <80> -3c 02 00 75 34 4d 8b 6d 08 4d 85 ed 74 0b e8 26 2b 51 fd 4c - -Rip: asix_suspend+0x76/0xc0 RSP: ffff88006bbae718 -Acked-by: Takashi Iwai <[email protected]> - ----[ end trace dfc4f5649284342c ]--- - -Signed-off-by: Andrey Konovalov <[email protected]> -Signed-off-by: David S. Miller <[email protected]> ---- - drivers/net/usb/asix_devices.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/drivers/net/usb/asix_devices.c -+++ b/drivers/net/usb/asix_devices.c -@@ -626,7 +626,7 @@ static int asix_suspend(struct usb_inter - struct usbnet *dev = usb_get_intfdata(intf); - struct asix_common_private *priv = dev->driver_priv; - -- if (priv->suspend) -+ if (priv && priv->suspend) - priv->suspend(dev); - - return usbnet_suspend(intf, message); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.drivers/pstore_disable_efi_backend_by_default.patch new/patches.drivers/pstore_disable_efi_backend_by_default.patch --- old/patches.drivers/pstore_disable_efi_backend_by_default.patch 2017-11-08 12:21:09.000000000 +0100 +++ new/patches.drivers/pstore_disable_efi_backend_by_default.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,37 +0,0 @@ -From: Thomas Renninger <[email protected]> -Subject: Disable efi pstore by default -References: bnc#804482 -Patch-Mainline: no, probably never in this form - -On broken BIOSes the memory area which pstore (and others) use for storing -non volatile data may not be correctly passed to the OS. -Writing data to this memory area could severely harm the system. -While the memory area can be used by other efi based instances, pstore -would heavily write data to it, increasing the risk of damage a lot. - -Signed-off-by: Thomas Renninger <[email protected]> ---- - fs/pstore/platform.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/fs/pstore/platform.c b/fs/pstore/platform.c -index d468eec9b8a6..ff500e39a95d 100644 ---- a/fs/pstore/platform.c -+++ b/fs/pstore/platform.c -@@ -669,6 +669,13 @@ int pstore_register(struct pstore_info *psi) - { - struct module *owner = psi->owner; - -+ if (!backend && !strcmp(psi->name, "efi")) { -+ pr_info("Efi pstore disabled, enforce via pstore.backend=efi"); -+ pr_info("On a broken BIOS, this can severely harm your system"); -+ pr_info("Only enable efi based pstore when you know what you are doing"); -+ return -EINVAL; -+ } -+ - if (backend && strcmp(backend, psi->name)) { - pr_warn("ignoring unexpected backend '%s'\n", psi->name); - return -EPERM; --- -2.13.0 - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.drivers/qxl-fix-pinning.patch new/patches.drivers/qxl-fix-pinning.patch --- old/patches.drivers/qxl-fix-pinning.patch 2017-11-08 12:21:09.000000000 +0100 +++ new/patches.drivers/qxl-fix-pinning.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,39 +0,0 @@ -From 05026e6e19b29104ddba4e8979e6c7af17944695 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann <[email protected]> -Date: Fri, 15 Sep 2017 12:46:15 +0200 -Subject: [testing] qxl: fix pinning -Patch-mainline: 4.14-rc3 -Git-commit: 5f3d862a736398e7068fa67142133f1713fdee8c -References: bsc#1057241,bsc#1057123 - -cleanup_fb() unpins the just activated framebuffer instead of the -old one. Oops. - -Signed-off-by: Gerd Hoffmann <[email protected]> -Acked-by: Takashi Iwai <[email protected]> - ---- - drivers/gpu/drm/qxl/qxl_display.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - ---- a/drivers/gpu/drm/qxl/qxl_display.c -+++ b/drivers/gpu/drm/qxl/qxl_display.c -@@ -706,14 +706,15 @@ static void qxl_plane_cleanup_fb(struct - struct drm_gem_object *obj; - struct qxl_bo *user_bo; - -- if (!plane->state->fb) { -- /* we never executed prepare_fb, so there's nothing to -+ if (!old_state->fb) { -+ /* -+ * we never executed prepare_fb, so there's nothing to - * unpin. - */ - return; - } - -- obj = to_qxl_framebuffer(plane->state->fb)->obj; -+ obj = to_qxl_framebuffer(old_state->fb)->obj; - user_bo = gem_to_qxl_bo(obj); - qxl_bo_unpin(user_bo); - } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.drivers/qxl-fix-primary-surface-handling.patch new/patches.drivers/qxl-fix-primary-surface-handling.patch --- old/patches.drivers/qxl-fix-primary-surface-handling.patch 2017-11-08 12:21:09.000000000 +0100 +++ new/patches.drivers/qxl-fix-primary-surface-handling.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,87 +0,0 @@ -From c463b4ad6b2ac5a40c959e6c636eafc7edb1a63b Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann <[email protected]> -Date: Wed, 6 Sep 2017 11:31:51 +0200 -Subject: qxl: fix primary surface handling -Patch-mainline: 4.14-rc3 -Git-commit: b0e07da3f5c8d069d186a7983ff64eaebf2ea230 -References: bsc#1057241,bsc#1057123 - -The atomic conversion of the qxl driver didn't got the primary surface -handling completely right. It works in the common simple cases, but -fails for example when changing the display resolution using xrandr or -in multihead setups. - -The rules are simple: There is one primary surface. Before defining a -new one you have to destroy the old one. - -This patch makes qxl_primary_atomic_update() destroy the primary surface -before defining a new one. It fixes is_primary flag updates. It adds -is_primary checks so we don't try to update the primary surface in case -it already has the state we want it being in. - -Signed-off-by: Gerd Hoffmann <[email protected]> -Acked-by: Takashi Iwai <[email protected]> - ---- - drivers/gpu/drm/qxl/qxl_display.c | 34 +++++++++++++++++++--------------- - 1 file changed, 19 insertions(+), 15 deletions(-) - ---- a/drivers/gpu/drm/qxl/qxl_display.c -+++ b/drivers/gpu/drm/qxl/qxl_display.c -@@ -513,23 +513,25 @@ static void qxl_primary_atomic_update(st - .y2 = qfb->base.height - }; - -- if (!old_state->fb) { -- qxl_io_log(qdev, -- "create primary fb: %dx%d,%d,%d\n", -- bo->surf.width, bo->surf.height, -- bo->surf.stride, bo->surf.format); -+ if (old_state->fb) { -+ qfb_old = to_qxl_framebuffer(old_state->fb); -+ bo_old = gem_to_qxl_bo(qfb_old->obj); -+ } else { -+ bo_old = NULL; -+ } - -- qxl_io_create_primary(qdev, 0, bo); -- bo->is_primary = true; -+ if (bo == bo_old) - return; - -- } else { -- qfb_old = to_qxl_framebuffer(old_state->fb); -- bo_old = gem_to_qxl_bo(qfb_old->obj); -+ if (bo_old && bo_old->is_primary) { -+ qxl_io_destroy_primary(qdev); - bo_old->is_primary = false; - } - -- bo->is_primary = true; -+ if (!bo->is_primary) { -+ qxl_io_create_primary(qdev, 0, bo); -+ bo->is_primary = true; -+ } - qxl_draw_dirty_fb(qdev, qfb, bo, 0, 0, &norect, 1, 1); - } - -@@ -538,13 +540,15 @@ static void qxl_primary_atomic_disable(s - { - struct qxl_device *qdev = plane->dev->dev_private; - -- if (old_state->fb) -- { struct qxl_framebuffer *qfb = -+ if (old_state->fb) { -+ struct qxl_framebuffer *qfb = - to_qxl_framebuffer(old_state->fb); - struct qxl_bo *bo = gem_to_qxl_bo(qfb->obj); - -- qxl_io_destroy_primary(qdev); -- bo->is_primary = false; -+ if (bo->is_primary) { -+ qxl_io_destroy_primary(qdev); -+ bo->is_primary = false; -+ } - } - } - ++++++ patches.fixes.tar.bz2 ++++++ ++++ 1797 lines of diff (skipped) ++++++ patches.kernel.org.tar.bz2 ++++++ ++++ 63498 lines of diff (skipped) ++++++ patches.rpmify.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.rpmify/cloneconfig.diff new/patches.rpmify/cloneconfig.diff --- old/patches.rpmify/cloneconfig.diff 2017-07-18 08:11:39.000000000 +0200 +++ new/patches.rpmify/cloneconfig.diff 1970-01-01 01:00:00.000000000 +0100 @@ -1,41 +0,0 @@ -From: Andreas Gruenbacher <[email protected]> -Subject: Add ``cloneconfig'' target -Patch-mainline: Submitted 24 Feb 2011 - -Cloneconfig takes the first configuration it finds which appears -to belong to the running kernel, and configures the kernel sources -to match this configuration as closely as possible. - -Signed-off-by: Andreas Gruenbacher <[email protected]> -Signed-off-by: Jeff Mahoney <[email protected]> ---- - - scripts/kconfig/Makefile | 17 +++++++++++++++++ - 1 file changed, 17 insertions(+) - ---- a/scripts/kconfig/Makefile -+++ b/scripts/kconfig/Makefile -@@ -82,6 +82,23 @@ PHONY += $(simple-targets) - - $(simple-targets): $(obj)/conf - $< $(silent) --$@ $(Kconfig) -+ -+UNAME_RELEASE := $(shell uname -r) -+CLONECONFIG := $(firstword $(wildcard /proc/config.gz \ -+ /lib/modules/$(UNAME_RELEASE)/.config \ -+ /etc/kernel-config \ -+ /boot/config-$(UNAME_RELEASE))) -+cloneconfig: $(obj)/conf -+ $(Q)case "$(CLONECONFIG)" in \ -+ '') echo -e "The configuration of the running" \ -+ "kernel could not be determined\n"; \ -+ false ;; \ -+ *.gz) gzip -cd $(CLONECONFIG) > .config.running ;; \ -+ *) cat $(CLONECONFIG) > .config.running ;; \ -+ esac && \ -+ echo -e "Cloning configuration file $(CLONECONFIG)\n" -+ $(Q)$< --defconfig=.config.running arch/$(SRCARCH)/Kconfig -+ - - PHONY += oldnoconfig savedefconfig defconfig - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.rpmify/firmware-path new/patches.rpmify/firmware-path --- old/patches.rpmify/firmware-path 2017-07-18 08:11:39.000000000 +0200 +++ new/patches.rpmify/firmware-path 1970-01-01 01:00:00.000000000 +0100 @@ -1,26 +0,0 @@ -From: Jeff Mahoney <[email protected]> -Subject: [PATCH] firmware: Allow release-specific firmware dir -Patch-mainline: not yet - - Every kernel package trying to provide files under /lib/firmware runs - into problems really quickly with multiple kernels installed. - - This patch moves them to /lib/firmware/$KERNELRELEASE. udev v127's - firmware.sh looks there first before falling back to /lib/firmware. - -Signed-off-by: Jeff Mahoney <[email protected]> ---- - Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/Makefile -+++ b/Makefile -@@ -975,7 +975,7 @@ depend dep: - - # --------------------------------------------------------------------------- - # Firmware install --INSTALL_FW_PATH=$(INSTALL_MOD_PATH)/lib/firmware -+INSTALL_FW_PATH=$(INSTALL_MOD_PATH)/lib/firmware/$(KERNELRELEASE) - export INSTALL_FW_PATH - - PHONY += firmware_install diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.rpmify/powerpc-Blacklist-GCC-5.4-6.1-and-6.2.patch new/patches.rpmify/powerpc-Blacklist-GCC-5.4-6.1-and-6.2.patch --- old/patches.rpmify/powerpc-Blacklist-GCC-5.4-6.1-and-6.2.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.rpmify/powerpc-Blacklist-GCC-5.4-6.1-and-6.2.patch 2017-10-05 21:17:53.000000000 +0200 @@ -0,0 +1,64 @@ +From: Cyril Bur <[email protected]> +To: [email protected] +Subject: [PATCH v2] powerpc: Blacklist GCC 5.4 6.1 and 6.2 +Date: Mon, 13 Feb 2017 14:35:36 +1100 +Message-Id: <[email protected]> + +References: boo#1028895 +Patch-mainline: submitted http://patchwork.ozlabs.org/patch/727105/ + +A bug in the -02 optimisation of GCC 5.4 6.1 and 6.2 causes +setup_command_line() to not pass the correct first argument to strcpy +and therefore not actually copy the command_line. + +A workaround patch was proposed: http://patchwork.ozlabs.org/patch/673130/ +some discussion ensued. + +A GCC bug was raised: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71709 +The bug has been fixed in 7.0 and backported to GCC 5 and GCC 6. + +At the time of writing GCC 5.4 is the most recent and is affected. GCC +6.3 contains the backported fix, has been tested and appears safe to +use. + +Heavy-lifting-by: Akshay Adiga <[email protected]> +Signed-off-by: Cyril Bur <[email protected]> +Acked-by: Michal Suchanek <[email protected]> +--- +v2: Added check to only blacklist compilers on little-endian + + arch/powerpc/Makefile | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/arch/powerpc/Makefile b/arch/powerpc/Makefile +index 31286fa7873c..db5d8dabf1ca 100644 +--- a/arch/powerpc/Makefile ++++ b/arch/powerpc/Makefile +@@ -381,6 +381,7 @@ TOUT := .tmp_gas_check + # - gcc-3.4 and binutils-2.14 are a fatal combination + # - Require gcc 4.0 or above on 64-bit + # - gcc-4.2.0 has issues compiling modules on 64-bit ++# - gcc-5.4, 6.1, 6.2 don't copy the command_line around correctly + checkbin: + @if test "$(cc-name)" != "clang" \ + && test "$(cc-version)" = "0304" ; then \ +@@ -414,6 +415,16 @@ checkbin: + echo -n '*** Please use a different binutils version.' ; \ + false ; \ + fi ++ @if test "x${CONFIG_CPU_LITTLE_ENDIAN}" = "xy" \ ++ && { test "$(cc-version)" = "0504" \ ++ || test "$(cc-version)" = "0601" \ ++ || test "$(cc-version)" = "0602" ; } ; then \ ++ echo -n '*** GCC-5.4 6.1 6.2 have a bad -O2 optimisation ' ; \ ++ echo 'which will cause lost command_line options (at least).' ; \ ++ echo '*** Please use a different GCC version.' ; \ ++ false ; \ ++ fi ++ + + + CLEAN_FILES += $(TOUT) +-- +2.11.1 + ++++++ patches.suse.tar.bz2 ++++++ ++++ 11612 lines of diff (skipped) ++++++ series.conf ++++++ ++++ 1093 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/kernel-source/series.conf ++++ and /work/SRC/openSUSE:Factory/.kernel-source.new/series.conf ++++++ source-timestamp ++++++ --- /var/tmp/diff_new_pack.gnvjtb/_old 2017-11-18 00:19:22.079320826 +0100 +++ /var/tmp/diff_new_pack.gnvjtb/_new 2017-11-18 00:19:22.079320826 +0100 @@ -1,3 +1,3 @@ -2017-11-08 12:21:09 +0100 -GIT Revision: 9151c668cd24857042bb8960908cf90fbccc5bb2 +2017-11-13 22:02:46 +0100 +GIT Revision: ab9e909366a779cb698d37c4b1afdcd867494342 GIT Branch: stable
