Hello community, here is the log from the commit of package kernel-source for openSUSE:Factory checked in at 2019-06-24 21:50:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kernel-source (Old) and /work/SRC/openSUSE:Factory/.kernel-source.new.4615 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kernel-source" Mon Jun 24 21:50:19 2019 rev:492 rq:710408 version:5.1.10 Changes: -------- --- /work/SRC/openSUSE:Factory/kernel-source/dtb-aarch64.changes 2019-06-05 11:39:10.335078364 +0200 +++ /work/SRC/openSUSE:Factory/.kernel-source.new.4615/dtb-aarch64.changes 2019-06-24 21:50:20.607965498 +0200 @@ -1,0 +2,634 @@ +Mon Jun 17 16:44:35 CEST 2019 - [email protected] + +- move patches from .fixes to .suse + There is no patches.fixes in stable. +- commit ad24342 + +------------------------------------------------------------------- +Mon Jun 17 16:44:11 CEST 2019 - [email protected] + +- tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586 + CVE-2019-11479). +- tcp: add tcp_min_snd_mss sysctl (bsc#1137586 CVE-2019-11479). +- tcp: tcp_fragment() should apply sane memory limits (bsc#1137586 + CVE-2019-11478). +- tcp: limit payload size of sacked skbs (bsc#1137586 + CVE-2019-11477). +- commit a5ec6d9 + +------------------------------------------------------------------- +Mon Jun 17 08:59:40 CEST 2019 - [email protected] + +- Linux 5.1.10 (bnc#1012628). +- media: rockchip/vpu: Fix/re-order probe-error/remove path + (bnc#1012628). +- media: rockchip/vpu: Add missing dont_use_autosuspend() calls + (bnc#1012628). +- rapidio: fix a NULL pointer dereference when create_workqueue() + fails (bnc#1012628). +- fs/fat/file.c: issue flush after the writeback of FAT + (bnc#1012628). +- sysctl: return -EINVAL if val violates minmax (bnc#1012628). +- ipc: prevent lockup on alloc_msg and free_msg (bnc#1012628). +- drm/msm: correct attempted NULL pointer dereference in debugfs + (bnc#1012628). +- drm/pl111: Initialize clock spinlock early (bnc#1012628). +- mm/mprotect.c: fix compilation warning because of unused 'mm' + variable (bnc#1012628). +- ARM: prevent tracing IPI_CPU_BACKTRACE (bnc#1012628). +- mm/hmm: select mmu notifier when selecting HMM (bnc#1012628). +- hugetlbfs: on restore reserve error path retain subpool + reservation (bnc#1012628). +- mm/memory_hotplug: release memory resource after + arch_remove_memory() (bnc#1012628). +- mem-hotplug: fix node spanned pages when we have a node with + only ZONE_MOVABLE (bnc#1012628). +- mm/cma.c: fix crash on CMA allocation if bitmap allocation fails + (bnc#1012628). +- initramfs: free initrd memory if opening /initrd.image fails + (bnc#1012628). +- mm/compaction.c: fix an undefined behaviour (bnc#1012628). +- mm/memory_hotplug.c: fix the wrong usage of N_HIGH_MEMORY + (bnc#1012628). +- mm/cma.c: fix the bitmap status to show failed allocation reason + (bnc#1012628). +- mm: page_mkclean vs MADV_DONTNEED race (bnc#1012628). +- mm/cma_debug.c: fix the break condition in cma_maxchunk_get() + (bnc#1012628). +- mm/slab.c: fix an infinite loop in leaks_show() (bnc#1012628). +- kernel/sys.c: prctl: fix false positive in validate_prctl_map() + (bnc#1012628). +- thermal: rcar_gen3_thermal: disable interrupt in .remove + (bnc#1012628). +- drivers: thermal: tsens: Don't print error message on + -EPROBE_DEFER (bnc#1012628). +- mfd: tps65912-spi: Add missing of table registration + (bnc#1012628). +- mfd: intel-lpss: Set the device in reset state when init + (bnc#1012628). +- drm/nouveau/disp/dp: respect sink limits when selecting failsafe + link configuration (bnc#1012628). +- mfd: twl6040: Fix device init errors for ACCCTL register + (bnc#1012628). +- perf/x86/intel: Allow PEBS multi-entry in watermark mode + (bnc#1012628). +- drm/nouveau/kms/gf119-gp10x: push HeadSetControlOutputResource() + mthd when encoders change (bnc#1012628). +- drm/nouveau: fix duplication of nv50_head_atom struct + (bnc#1012628). +- drm/bridge: adv7511: Fix low refresh rate selection + (bnc#1012628). +- objtool: Don't use ignore flag for fake jumps (bnc#1012628). +- drm/nouveau/kms/gv100-: fix spurious window immediate interlocks + (bnc#1012628). +- bpf: fix undefined behavior in narrow load handling + (bnc#1012628). +- EDAC/mpc85xx: Prevent building as a module (bnc#1012628). +- pwm: meson: Use the spin-lock only to protect register + modifications (bnc#1012628). +- mailbox: stm32-ipcc: check invalid irq (bnc#1012628). +- ntp: Allow TAI-UTC offset to be set to zero (bnc#1012628). +- f2fs: fix to avoid panic in do_recover_data() (bnc#1012628). +- f2fs: fix to avoid panic in f2fs_inplace_write_data() + (bnc#1012628). +- f2fs: fix error path of recovery (bnc#1012628). +- f2fs: fix to avoid panic in f2fs_remove_inode_page() + (bnc#1012628). +- f2fs: fix to do sanity check on free nid (bnc#1012628). +- f2fs: fix to clear dirty inode in error path of f2fs_iget() + (bnc#1012628). +- f2fs: fix to avoid panic in dec_valid_block_count() + (bnc#1012628). +- f2fs: fix to use inline space only if inline_xattr is enable + (bnc#1012628). +- f2fs: fix to avoid panic in dec_valid_node_count() + (bnc#1012628). +- f2fs: fix to do sanity check on valid block count of segment + (bnc#1012628). +- f2fs: fix to avoid deadloop in foreground GC (bnc#1012628). +- f2fs: fix to retrieve inline xattr space (bnc#1012628). +- f2fs: fix to do checksum even if inode page is uptodate + (bnc#1012628). +- media: atmel: atmel-isc: fix asd memory allocation + (bnc#1012628). +- percpu: remove spurious lock dependency between percpu and sched + (bnc#1012628). +- configfs: fix possible use-after-free in configfs_register_group + (bnc#1012628). +- uml: fix a boot splat wrt use of cpu_all_mask (bnc#1012628). +- PCI: dwc: Free MSI in dw_pcie_host_init() error path + (bnc#1012628). +- PCI: dwc: Free MSI IRQ page in dw_pcie_free_msi() (bnc#1012628). +- fbcon: Don't reset logo_shown when logo is currently shown + (bnc#1012628). +- ovl: do not generate duplicate fsnotify events for "fake" path + (bnc#1012628). +- mmc: mmci: Prevent polling for busy detection in IRQ context + (bnc#1012628). +- netfilter: nf_flow_table: fix missing error check for + rhashtable_insert_fast (bnc#1012628). +- netfilter: nf_conntrack_h323: restore boundary check correctness + (bnc#1012628). +- mips: Make sure dt memory regions are valid (bnc#1012628). +- netfilter: nf_tables: fix base chain stat rcu_dereference usage + (bnc#1012628). +- watchdog: imx2_wdt: Fix set_timeout for big timeout values + (bnc#1012628). +- watchdog: fix compile time error of pretimeout governors + (bnc#1012628). +- blk-mq: move cancel of requeue_work into blk_mq_release + (bnc#1012628). +- iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bnc#1012628). +- vfio-pci/nvlink2: Fix potential VMA leak (bnc#1012628). +- misc: pci_endpoint_test: Fix test_reg_bar to be updated in + pci_endpoint_test (bnc#1012628). +- PCI: designware-ep: Use aligned ATU window for raising MSI + interrupts (bnc#1012628). +- nvme-pci: unquiesce admin queue on shutdown (bnc#1012628). +- nvme-pci: shutdown on timeout during deletion (bnc#1012628). +- netfilter: nf_flow_table: check ttl value in flow offload data + path (bnc#1012628). +- netfilter: nf_flow_table: fix netdev refcnt leak (bnc#1012628). +- ALSA: hda - Register irq handler after the chip initialization + (bnc#1012628). +- powerpc/pseries: Track LMB nid instead of using device tree + (bnc#1012628). +- arm64: defconfig: Update UFSHCD for Hi3660 soc (bnc#1012628). +- iommu/vt-d: Don't request page request irq under + dmar_global_lock (bnc#1012628). +- nvmem: core: fix read buffer in place (bnc#1012628). +- nvmem: sunxi_sid: Support SID on A83T and H5 (bnc#1012628). +- fuse: retrieve: cap requested size to negotiated max_write + (bnc#1012628). +- nfsd: allow fh_want_write to be called twice (bnc#1012628). +- nfsd: avoid uninitialized variable warning (bnc#1012628). +- vfio: Fix WARNING "do not call blocking ops when !TASK_RUNNING" + (bnc#1012628). +- iommu/arm-smmu-v3: Don't disable SMMU in kdump kernel + (bnc#1012628). +- switchtec: Fix unintended mask of MRPC event (bnc#1012628). +- net: thunderbolt: Unregister ThunderboltIP protocol handler + when suspending (bnc#1012628). +- x86/PCI: Fix PCI IRQ routing table memory leak (bnc#1012628). +- soc/tegra: pmc: Remove reset sysfs entries on error + (bnc#1012628). +- i40e: Queues are reserved despite "Invalid argument" error + (bnc#1012628). +- power: supply: cpcap-battery: Fix signed counter sample register + (bnc#1012628). +- platform/chrome: cros_ec_proto: check for NULL transfer function + (bnc#1012628). +- PCI: keystone: Invoke phy_reset() API before enabling PHY + (bnc#1012628). +- PCI: keystone: Prevent ARM32 specific code to be compiled for + ARM64 (bnc#1012628). +- soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher + (bnc#1012628). +- clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 + (bnc#1012628). +- usb: ohci-da8xx: disable the regulator if the overcurrent irq + fired (bnc#1012628). +- iommu/vt-d: Flush IOTLB for untrusted device in time + (bnc#1012628). +- soc: rockchip: Set the proper PWM for rk3288 (bnc#1012628). +- arm64: dts: imx8mq: Mark iomuxc_gpr as i.MX6Q compatible + (bnc#1012628). +- ARM: dts: imx51: Specify IMX5_CLK_IPG as "ahb" clock to SDMA + (bnc#1012628). ++++ 437 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/kernel-source/dtb-aarch64.changes ++++ and /work/SRC/openSUSE:Factory/.kernel-source.new.4615/dtb-aarch64.changes dtb-armv6l.changes: same change dtb-armv7l.changes: same change kernel-64kb.changes: same change kernel-debug.changes: same change kernel-default.changes: same change kernel-docs.changes: same change kernel-kvmsmall.changes: same change kernel-lpae.changes: same change kernel-obs-build.changes: same change kernel-obs-qa.changes: same change kernel-pae.changes: same change kernel-source.changes: same change kernel-syms.changes: same change kernel-vanilla.changes: same change kernel-zfcpdump.changes: same change ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dtb-aarch64.spec ++++++ --- /var/tmp/diff_new_pack.UFi3yw/_old 2019-06-24 21:50:26.783970305 +0200 +++ /var/tmp/diff_new_pack.UFi3yw/_new 2019-06-24 21:50:26.783970305 +0200 @@ -17,7 +17,7 @@ %define srcversion 5.1 -%define patchversion 5.1.7 +%define patchversion 5.1.10 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -29,9 +29,9 @@ %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,mkspec,compute-PATCHVERSION.sh,arch-symbols,log.sh,try-disable-staging-driver,compress-vmlinux.sh,mkspec-dtb,check-module-license,klp-symbols,splitflist,mergedep,moddep,modflist,kernel-subpackage-build}) Name: dtb-aarch64 -Version: 5.1.7 +Version: 5.1.10 %if 0%{?is_kotd} -Release: <RELEASE>.g55f2451 +Release: <RELEASE>.gad24342 %else Release: 0 %endif dtb-armv6l.spec: same change dtb-armv7l.spec: same change ++++++ kernel-64kb.spec ++++++ --- /var/tmp/diff_new_pack.UFi3yw/_old 2019-06-24 21:50:26.879970380 +0200 +++ /var/tmp/diff_new_pack.UFi3yw/_new 2019-06-24 21:50:26.887970386 +0200 @@ -18,7 +18,7 @@ %define srcversion 5.1 -%define patchversion 5.1.7 +%define patchversion 5.1.10 %define variant %{nil} %define vanilla_only 0 @@ -62,9 +62,9 @@ Summary: Kernel with 64kb PAGE_SIZE License: GPL-2.0 Group: System/Kernel -Version: 5.1.7 +Version: 5.1.10 %if 0%{?is_kotd} -Release: <RELEASE>.g55f2451 +Release: <RELEASE>.gad24342 %else Release: 0 %endif @@ -169,10 +169,10 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-55f2451c7a489069e9144e81bda3e375644a5983 -Provides: kernel-srchash-55f2451c7a489069e9144e81bda3e375644a5983 +Provides: kernel-%build_flavor-base-srchash-ad24342b53c2ac90b16b903f897bd01f775351e5 +Provides: kernel-srchash-ad24342b53c2ac90b16b903f897bd01f775351e5 # END COMMON DEPS -Provides: %name-srchash-55f2451c7a489069e9144e81bda3e375644a5983 +Provides: %name-srchash-ad24342b53c2ac90b16b903f897bd01f775351e5 %obsolete_rebuilds %name Source0: http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz Source2: source-post.sh ++++++ kernel-debug.spec ++++++ --- /var/tmp/diff_new_pack.UFi3yw/_old 2019-06-24 21:50:26.911970405 +0200 +++ /var/tmp/diff_new_pack.UFi3yw/_new 2019-06-24 21:50:26.915970407 +0200 @@ -18,7 +18,7 @@ %define srcversion 5.1 -%define patchversion 5.1.7 +%define patchversion 5.1.10 %define variant %{nil} %define vanilla_only 0 @@ -62,9 +62,9 @@ Summary: A Debug Version of the Kernel License: GPL-2.0 Group: System/Kernel -Version: 5.1.7 +Version: 5.1.10 %if 0%{?is_kotd} -Release: <RELEASE>.g55f2451 +Release: <RELEASE>.gad24342 %else Release: 0 %endif @@ -169,10 +169,10 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-55f2451c7a489069e9144e81bda3e375644a5983 -Provides: kernel-srchash-55f2451c7a489069e9144e81bda3e375644a5983 +Provides: kernel-%build_flavor-base-srchash-ad24342b53c2ac90b16b903f897bd01f775351e5 +Provides: kernel-srchash-ad24342b53c2ac90b16b903f897bd01f775351e5 # END COMMON DEPS -Provides: %name-srchash-55f2451c7a489069e9144e81bda3e375644a5983 +Provides: %name-srchash-ad24342b53c2ac90b16b903f897bd01f775351e5 %ifarch ppc64 Provides: kernel-kdump = 2.6.28 Obsoletes: kernel-kdump <= 2.6.28 ++++++ kernel-default.spec ++++++ --- /var/tmp/diff_new_pack.UFi3yw/_old 2019-06-24 21:50:26.967970448 +0200 +++ /var/tmp/diff_new_pack.UFi3yw/_new 2019-06-24 21:50:26.979970458 +0200 @@ -18,7 +18,7 @@ %define srcversion 5.1 -%define patchversion 5.1.7 +%define patchversion 5.1.10 %define variant %{nil} %define vanilla_only 0 @@ -62,9 +62,9 @@ Summary: The Standard Kernel License: GPL-2.0 Group: System/Kernel -Version: 5.1.7 +Version: 5.1.10 %if 0%{?is_kotd} -Release: <RELEASE>.g55f2451 +Release: <RELEASE>.gad24342 %else Release: 0 %endif @@ -169,10 +169,10 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-55f2451c7a489069e9144e81bda3e375644a5983 -Provides: kernel-srchash-55f2451c7a489069e9144e81bda3e375644a5983 +Provides: kernel-%build_flavor-base-srchash-ad24342b53c2ac90b16b903f897bd01f775351e5 +Provides: kernel-srchash-ad24342b53c2ac90b16b903f897bd01f775351e5 # END COMMON DEPS -Provides: %name-srchash-55f2451c7a489069e9144e81bda3e375644a5983 +Provides: %name-srchash-ad24342b53c2ac90b16b903f897bd01f775351e5 %ifarch %ix86 Provides: kernel-smp = 2.6.17 Obsoletes: kernel-smp <= 2.6.17 ++++++ kernel-docs.spec ++++++ --- /var/tmp/diff_new_pack.UFi3yw/_old 2019-06-24 21:50:27.019970488 +0200 +++ /var/tmp/diff_new_pack.UFi3yw/_new 2019-06-24 21:50:27.027970495 +0200 @@ -17,7 +17,7 @@ %define srcversion 5.1 -%define patchversion 5.1.7 +%define patchversion 5.1.10 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -31,9 +31,9 @@ Summary: Kernel Documentation License: GPL-2.0 Group: Documentation/Man -Version: 5.1.7 +Version: 5.1.10 %if 0%{?is_kotd} -Release: <RELEASE>.g55f2451 +Release: <RELEASE>.gad24342 %else Release: 0 %endif @@ -63,7 +63,7 @@ %endif Url: http://www.kernel.org/ Provides: %name = %version-%source_rel -Provides: %name-srchash-55f2451c7a489069e9144e81bda3e375644a5983 +Provides: %name-srchash-ad24342b53c2ac90b16b903f897bd01f775351e5 BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-build Source0: http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz ++++++ kernel-kvmsmall.spec ++++++ --- /var/tmp/diff_new_pack.UFi3yw/_old 2019-06-24 21:50:27.099970551 +0200 +++ /var/tmp/diff_new_pack.UFi3yw/_new 2019-06-24 21:50:27.107970557 +0200 @@ -18,7 +18,7 @@ %define srcversion 5.1 -%define patchversion 5.1.7 +%define patchversion 5.1.10 %define variant %{nil} %define vanilla_only 0 @@ -62,9 +62,9 @@ Summary: The Small Developer Kernel for KVM License: GPL-2.0 Group: System/Kernel -Version: 5.1.7 +Version: 5.1.10 %if 0%{?is_kotd} -Release: <RELEASE>.g55f2451 +Release: <RELEASE>.gad24342 %else Release: 0 %endif @@ -169,10 +169,10 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-55f2451c7a489069e9144e81bda3e375644a5983 -Provides: kernel-srchash-55f2451c7a489069e9144e81bda3e375644a5983 +Provides: kernel-%build_flavor-base-srchash-ad24342b53c2ac90b16b903f897bd01f775351e5 +Provides: kernel-srchash-ad24342b53c2ac90b16b903f897bd01f775351e5 # END COMMON DEPS -Provides: %name-srchash-55f2451c7a489069e9144e81bda3e375644a5983 +Provides: %name-srchash-ad24342b53c2ac90b16b903f897bd01f775351e5 %obsolete_rebuilds %name Source0: http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz Source2: source-post.sh kernel-lpae.spec: same change ++++++ kernel-obs-build.spec ++++++ --- /var/tmp/diff_new_pack.UFi3yw/_old 2019-06-24 21:50:27.179970613 +0200 +++ /var/tmp/diff_new_pack.UFi3yw/_new 2019-06-24 21:50:27.183970617 +0200 @@ -19,7 +19,7 @@ #!BuildIgnore: post-build-checks -%define patchversion 5.1.7 +%define patchversion 5.1.10 %define variant %{nil} %define vanilla_only 0 @@ -45,7 +45,7 @@ %endif %endif %endif -BuildRequires: kernel%kernel_flavor-srchash-55f2451c7a489069e9144e81bda3e375644a5983 +BuildRequires: kernel%kernel_flavor-srchash-ad24342b53c2ac90b16b903f897bd01f775351e5 %if 0%{?rhel_version} BuildRequires: kernel @@ -64,9 +64,9 @@ Summary: package kernel and initrd for OBS VM builds License: GPL-2.0 Group: SLES -Version: 5.1.7 +Version: 5.1.10 %if 0%{?is_kotd} -Release: <RELEASE>.g55f2451 +Release: <RELEASE>.gad24342 %else Release: 0 %endif ++++++ kernel-obs-qa.spec ++++++ --- /var/tmp/diff_new_pack.UFi3yw/_old 2019-06-24 21:50:27.215970641 +0200 +++ /var/tmp/diff_new_pack.UFi3yw/_new 2019-06-24 21:50:27.219970644 +0200 @@ -17,7 +17,7 @@ # needsrootforbuild -%define patchversion 5.1.7 +%define patchversion 5.1.10 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -36,9 +36,9 @@ Summary: Basic QA tests for the kernel License: GPL-2.0 Group: SLES -Version: 5.1.7 +Version: 5.1.10 %if 0%{?is_kotd} -Release: <RELEASE>.g55f2451 +Release: <RELEASE>.gad24342 %else Release: 0 %endif ++++++ kernel-pae.spec ++++++ --- /var/tmp/diff_new_pack.UFi3yw/_old 2019-06-24 21:50:27.259970676 +0200 +++ /var/tmp/diff_new_pack.UFi3yw/_new 2019-06-24 21:50:27.267970682 +0200 @@ -18,7 +18,7 @@ %define srcversion 5.1 -%define patchversion 5.1.7 +%define patchversion 5.1.10 %define variant %{nil} %define vanilla_only 0 @@ -62,9 +62,9 @@ Summary: Kernel with PAE Support License: GPL-2.0 Group: System/Kernel -Version: 5.1.7 +Version: 5.1.10 %if 0%{?is_kotd} -Release: <RELEASE>.g55f2451 +Release: <RELEASE>.gad24342 %else Release: 0 %endif @@ -169,10 +169,10 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-55f2451c7a489069e9144e81bda3e375644a5983 -Provides: kernel-srchash-55f2451c7a489069e9144e81bda3e375644a5983 +Provides: kernel-%build_flavor-base-srchash-ad24342b53c2ac90b16b903f897bd01f775351e5 +Provides: kernel-srchash-ad24342b53c2ac90b16b903f897bd01f775351e5 # END COMMON DEPS -Provides: %name-srchash-55f2451c7a489069e9144e81bda3e375644a5983 +Provides: %name-srchash-ad24342b53c2ac90b16b903f897bd01f775351e5 %ifarch %ix86 Provides: kernel-bigsmp = 2.6.17 Obsoletes: kernel-bigsmp <= 2.6.17 ++++++ kernel-source.spec ++++++ --- /var/tmp/diff_new_pack.UFi3yw/_old 2019-06-24 21:50:27.319970722 +0200 +++ /var/tmp/diff_new_pack.UFi3yw/_new 2019-06-24 21:50:27.323970725 +0200 @@ -18,7 +18,7 @@ %define srcversion 5.1 -%define patchversion 5.1.7 +%define patchversion 5.1.10 %define variant %{nil} %define vanilla_only 0 @@ -30,9 +30,9 @@ Summary: The Linux Kernel Sources License: GPL-2.0 Group: Development/Sources -Version: 5.1.7 +Version: 5.1.10 %if 0%{?is_kotd} -Release: <RELEASE>.g55f2451 +Release: <RELEASE>.gad24342 %else Release: 0 %endif @@ -43,7 +43,7 @@ BuildRequires: sed Requires(post): coreutils sed Provides: %name = %version-%source_rel -Provides: %name-srchash-55f2451c7a489069e9144e81bda3e375644a5983 +Provides: %name-srchash-ad24342b53c2ac90b16b903f897bd01f775351e5 Provides: linux Provides: multiversion(kernel) Source0: http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz ++++++ kernel-syms.spec ++++++ --- /var/tmp/diff_new_pack.UFi3yw/_old 2019-06-24 21:50:27.391970778 +0200 +++ /var/tmp/diff_new_pack.UFi3yw/_new 2019-06-24 21:50:27.395970782 +0200 @@ -24,10 +24,10 @@ Summary: Kernel Symbol Versions (modversions) License: GPL-2.0 Group: Development/Sources -Version: 5.1.7 +Version: 5.1.10 %if %using_buildservice %if 0%{?is_kotd} -Release: <RELEASE>.g55f2451 +Release: <RELEASE>.gad24342 %else Release: 0 %endif @@ -55,7 +55,7 @@ %endif Requires: pesign-obs-integration Provides: %name = %version-%source_rel -Provides: %name-srchash-55f2451c7a489069e9144e81bda3e375644a5983 +Provides: %name-srchash-ad24342b53c2ac90b16b903f897bd01f775351e5 Provides: multiversion(kernel) Source: README.KSYMS Requires: kernel-devel%variant = %version-%source_rel ++++++ kernel-vanilla.spec ++++++ --- /var/tmp/diff_new_pack.UFi3yw/_old 2019-06-24 21:50:27.431970809 +0200 +++ /var/tmp/diff_new_pack.UFi3yw/_new 2019-06-24 21:50:27.435970812 +0200 @@ -18,7 +18,7 @@ %define srcversion 5.1 -%define patchversion 5.1.7 +%define patchversion 5.1.10 %define variant %{nil} %define vanilla_only 0 @@ -62,9 +62,9 @@ Summary: The Standard Kernel - without any SUSE patches License: GPL-2.0 Group: System/Kernel -Version: 5.1.7 +Version: 5.1.10 %if 0%{?is_kotd} -Release: <RELEASE>.g55f2451 +Release: <RELEASE>.gad24342 %else Release: 0 %endif @@ -169,10 +169,10 @@ Conflicts: libc.so.6()(64bit) %endif Provides: kernel = %version-%source_rel -Provides: kernel-%build_flavor-base-srchash-55f2451c7a489069e9144e81bda3e375644a5983 -Provides: kernel-srchash-55f2451c7a489069e9144e81bda3e375644a5983 +Provides: kernel-%build_flavor-base-srchash-ad24342b53c2ac90b16b903f897bd01f775351e5 +Provides: kernel-srchash-ad24342b53c2ac90b16b903f897bd01f775351e5 # END COMMON DEPS -Provides: %name-srchash-55f2451c7a489069e9144e81bda3e375644a5983 +Provides: %name-srchash-ad24342b53c2ac90b16b903f897bd01f775351e5 %obsolete_rebuilds %name Source0: http://www.kernel.org/pub/linux/kernel/v5.x/linux-%srcversion.tar.xz Source2: source-post.sh kernel-zfcpdump.spec: same change ++++++ config.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/arm64/default new/config/arm64/default --- old/config/arm64/default 2019-05-31 22:22:47.000000000 +0200 +++ new/config/arm64/default 2019-06-12 08:08:07.000000000 +0200 @@ -6068,6 +6068,7 @@ # CONFIG_CHASH_STATS is not set # CONFIG_CHASH_SELFTEST is not set CONFIG_DRM_NOUVEAU=m +CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT=y CONFIG_NOUVEAU_PLATFORM_DRIVER=y CONFIG_NOUVEAU_DEBUG=5 CONFIG_NOUVEAU_DEBUG_DEFAULT=3 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/armv7hl/default new/config/armv7hl/default --- old/config/armv7hl/default 2019-05-31 22:22:47.000000000 +0200 +++ new/config/armv7hl/default 2019-06-12 08:08:07.000000000 +0200 @@ -6071,6 +6071,7 @@ # # CONFIG_CHASH is not set CONFIG_DRM_NOUVEAU=m +CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT=y CONFIG_NOUVEAU_PLATFORM_DRIVER=y CONFIG_NOUVEAU_DEBUG=5 CONFIG_NOUVEAU_DEBUG_DEFAULT=3 @@ -6599,8 +6600,8 @@ CONFIG_SND_SOC_IMX_PCM_DMA=m CONFIG_SND_SOC_IMX_AUDMUX=m CONFIG_SND_IMX_SOC=m -CONFIG_SND_SOC_IMX_SSI=m CONFIG_SND_SOC_IMX_PCM_FIQ=m +CONFIG_SND_SOC_IMX_SSI=m # # SoC Audio support for Freescale i.MX boards: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/armv7hl/lpae new/config/armv7hl/lpae --- old/config/armv7hl/lpae 2019-05-31 22:22:47.000000000 +0200 +++ new/config/armv7hl/lpae 2019-06-12 08:08:07.000000000 +0200 @@ -5853,6 +5853,7 @@ # # CONFIG_CHASH is not set CONFIG_DRM_NOUVEAU=m +CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT=y CONFIG_NOUVEAU_PLATFORM_DRIVER=y CONFIG_NOUVEAU_DEBUG=5 CONFIG_NOUVEAU_DEBUG_DEFAULT=3 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/i386/default new/config/i386/default --- old/config/i386/default 2019-05-31 22:22:47.000000000 +0200 +++ new/config/i386/default 2019-06-12 08:08:07.000000000 +0200 @@ -57,6 +57,7 @@ CONFIG_NE2000=m CONFIG_NET_VENDOR_CIRRUS=y CONFIG_NI65=m +CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT=y CONFIG_NR_CPUS=32 CONFIG_OF_PROMTREE=y CONFIG_OLPC=y diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/i386/pae new/config/i386/pae --- old/config/i386/pae 2019-05-31 22:22:47.000000000 +0200 +++ new/config/i386/pae 2019-06-12 08:08:07.000000000 +0200 @@ -5785,6 +5785,7 @@ # CONFIG_CHASH_STATS is not set # CONFIG_CHASH_SELFTEST is not set CONFIG_DRM_NOUVEAU=m +CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT=y CONFIG_NOUVEAU_DEBUG=5 CONFIG_NOUVEAU_DEBUG_DEFAULT=3 # CONFIG_NOUVEAU_DEBUG_MMU is not set diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/ppc64/default new/config/ppc64/default --- old/config/ppc64/default 2019-05-31 22:22:47.000000000 +0200 +++ new/config/ppc64/default 2019-06-12 08:08:07.000000000 +0200 @@ -5007,6 +5007,7 @@ # CONFIG_CHASH_STATS is not set # CONFIG_CHASH_SELFTEST is not set CONFIG_DRM_NOUVEAU=m +CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT=y CONFIG_NOUVEAU_DEBUG=5 CONFIG_NOUVEAU_DEBUG_DEFAULT=3 # CONFIG_NOUVEAU_DEBUG_MMU is not set diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/ppc64le/default new/config/ppc64le/default --- old/config/ppc64le/default 2019-05-31 22:22:47.000000000 +0200 +++ new/config/ppc64le/default 2019-06-12 08:08:07.000000000 +0200 @@ -1,13 +1,13 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/powerpc 5.1.2 Kernel Configuration +# Linux/powerpc 5.1.7 Kernel Configuration # # -# Compiler: gcc (SUSE Linux) 8.3.1 20190226 [gcc-8-branch revision 269204] +# Compiler: gcc-9 (SUSE Linux) 9.1.1 20190527 [gcc-9-branch revision 271644] # CONFIG_CC_IS_GCC=y -CONFIG_GCC_VERSION=80301 +CONFIG_GCC_VERSION=90101 # CONFIG_CC_IS_CLANG is not set CONFIG_CLANG_VERSION=0 CONFIG_CC_HAS_ASM_GOTO=y @@ -393,8 +393,9 @@ CONFIG_KEXEC=y CONFIG_KEXEC_FILE=y CONFIG_ARCH_HAS_KEXEC_PURGATORY=y -# CONFIG_RELOCATABLE is not set -# CONFIG_CRASH_DUMP is not set +CONFIG_RELOCATABLE=y +# CONFIG_RELOCATABLE_TEST is not set +CONFIG_CRASH_DUMP=y # CONFIG_FA_DUMP is not set CONFIG_IRQ_ALL_CPUS=y CONFIG_NUMA=y @@ -413,7 +414,7 @@ CONFIG_PPC_PAGE_SHIFT=16 CONFIG_THREAD_SHIFT=14 CONFIG_ETEXT_SHIFT=16 -CONFIG_DATA_SHIFT=24 +CONFIG_DATA_SHIFT=16 CONFIG_FORCE_MAX_ZONEORDER=9 CONFIG_PPC_SUBPAGE_PROT=y CONFIG_PPC_COPRO_BASE=y @@ -447,6 +448,7 @@ # CONFIG_GENERIC_ISA_DMA=y CONFIG_FSL_LBC=y +CONFIG_NONSTATIC_KERNEL=y CONFIG_PAGE_OFFSET=0xc000000000000000 CONFIG_KERNEL_START=0xc000000000000000 CONFIG_PHYSICAL_START=0x00000000 @@ -553,10 +555,9 @@ CONFIG_COMPAT_32BIT_TIME=y # CONFIG_CPU_NO_EFFICIENT_FFS is not set # CONFIG_HAVE_ARCH_VMAP_STACK is not set -CONFIG_ARCH_OPTIONAL_KERNEL_RWX=y +# CONFIG_ARCH_OPTIONAL_KERNEL_RWX is not set # CONFIG_ARCH_OPTIONAL_KERNEL_RWX_DEFAULT is not set -CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y -CONFIG_STRICT_KERNEL_RWX=y +# CONFIG_ARCH_HAS_STRICT_KERNEL_RWX is not set # CONFIG_ARCH_HAS_STRICT_MODULE_RWX is not set CONFIG_ARCH_HAS_PHYS_TO_DMA=y # CONFIG_REFCOUNT_FULL is not set @@ -575,6 +576,7 @@ CONFIG_MODULE_UNLOAD=y # CONFIG_MODULE_FORCE_UNLOAD is not set CONFIG_MODVERSIONS=y +CONFIG_MODULE_REL_CRCS=y CONFIG_MODULE_SRCVERSION_ALL=y CONFIG_MODULE_SIG=y # CONFIG_MODULE_SIG_FORCE is not set @@ -4880,6 +4882,7 @@ # CONFIG_CHASH_STATS is not set # CONFIG_CHASH_SELFTEST is not set CONFIG_DRM_NOUVEAU=m +CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT=y CONFIG_NOUVEAU_DEBUG=5 CONFIG_NOUVEAU_DEBUG_DEFAULT=3 # CONFIG_NOUVEAU_DEBUG_MMU is not set @@ -6363,6 +6366,8 @@ # CONFIG_PROC_FS=y CONFIG_PROC_KCORE=y +CONFIG_PROC_VMCORE=y +CONFIG_PROC_VMCORE_DEVICE_DUMP=y CONFIG_PROC_SYSCTL=y CONFIG_PROC_PAGE_MONITOR=y CONFIG_PROC_CHILDREN=y @@ -6990,7 +6995,6 @@ # CONFIG_PAGE_OWNER is not set # CONFIG_PAGE_POISONING is not set # CONFIG_DEBUG_PAGE_REF is not set -# CONFIG_DEBUG_RODATA_TEST is not set # CONFIG_DEBUG_OBJECTS is not set # CONFIG_DEBUG_SLAB is not set CONFIG_HAVE_DEBUG_KMEMLEAK=y diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/config/x86_64/default new/config/x86_64/default --- old/config/x86_64/default 2019-05-31 22:22:47.000000000 +0200 +++ new/config/x86_64/default 2019-06-12 08:08:07.000000000 +0200 @@ -5671,6 +5671,7 @@ # CONFIG_CHASH_STATS is not set # CONFIG_CHASH_SELFTEST is not set CONFIG_DRM_NOUVEAU=m +CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT=y CONFIG_NOUVEAU_DEBUG=5 CONFIG_NOUVEAU_DEBUG_DEFAULT=3 # CONFIG_NOUVEAU_DEBUG_MMU is not set ++++++ patches.kernel.org.tar.bz2 ++++++ ++++ 25296 lines of diff (skipped) ++++++ patches.rpmify.tar.bz2 ++++++ ++++++ patches.suse.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0001-mwifiex-Abort-at-too-short-BSS-descriptor-element.patch new/patches.suse/0001-mwifiex-Abort-at-too-short-BSS-descriptor-element.patch --- old/patches.suse/0001-mwifiex-Abort-at-too-short-BSS-descriptor-element.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/0001-mwifiex-Abort-at-too-short-BSS-descriptor-element.patch 2019-06-17 16:44:35.000000000 +0200 @@ -0,0 +1,90 @@ +From: Takashi Iwai <[email protected]> +Date: Wed, 29 May 2019 14:52:20 +0200 +Subject: mwifiex: Abort at too short BSS descriptor element +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers.git#master +Git-commit: 685c9b7750bfacd6fc1db50d86579980593b7869 +Patch-mainline: Queued in subsystem maintainer repository +References: bsc#1136424 CVE-2019-3846 + +Currently mwifiex_update_bss_desc_with_ie() implicitly assumes that +the source descriptor entries contain the enough size for each type +and performs copying without checking the source size. This may lead +to read over boundary. + +Fix this by putting the source size check in appropriate places. + +Signed-off-by: Takashi Iwai <[email protected]> +Signed-off-by: Kalle Valo <[email protected]> +Signed-off-by: Oliver Neukum <[email protected]> +--- + drivers/net/wireless/marvell/mwifiex/scan.c | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +diff --git a/drivers/net/wireless/marvell/mwifiex/scan.c b/drivers/net/wireless/marvell/mwifiex/scan.c +index 64ab6fe78c0d..c269a0de9413 100644 +--- a/drivers/net/wireless/marvell/mwifiex/scan.c ++++ b/drivers/net/wireless/marvell/mwifiex/scan.c +@@ -1269,6 +1269,8 @@ int mwifiex_update_bss_desc_with_ie(struct mwifiex_adapter *adapter, + break; + + case WLAN_EID_FH_PARAMS: ++ if (element_len + 2 < sizeof(*fh_param_set)) ++ return -EINVAL; + fh_param_set = + (struct ieee_types_fh_param_set *) current_ptr; + memcpy(&bss_entry->phy_param_set.fh_param_set, +@@ -1277,6 +1279,8 @@ int mwifiex_update_bss_desc_with_ie(struct mwifiex_adapter *adapter, + break; + + case WLAN_EID_DS_PARAMS: ++ if (element_len + 2 < sizeof(*ds_param_set)) ++ return -EINVAL; + ds_param_set = + (struct ieee_types_ds_param_set *) current_ptr; + +@@ -1288,6 +1292,8 @@ int mwifiex_update_bss_desc_with_ie(struct mwifiex_adapter *adapter, + break; + + case WLAN_EID_CF_PARAMS: ++ if (element_len + 2 < sizeof(*cf_param_set)) ++ return -EINVAL; + cf_param_set = + (struct ieee_types_cf_param_set *) current_ptr; + memcpy(&bss_entry->ss_param_set.cf_param_set, +@@ -1296,6 +1302,8 @@ int mwifiex_update_bss_desc_with_ie(struct mwifiex_adapter *adapter, + break; + + case WLAN_EID_IBSS_PARAMS: ++ if (element_len + 2 < sizeof(*ibss_param_set)) ++ return -EINVAL; + ibss_param_set = + (struct ieee_types_ibss_param_set *) + current_ptr; +@@ -1305,10 +1313,14 @@ int mwifiex_update_bss_desc_with_ie(struct mwifiex_adapter *adapter, + break; + + case WLAN_EID_ERP_INFO: ++ if (!element_len) ++ return -EINVAL; + bss_entry->erp_flags = *(current_ptr + 2); + break; + + case WLAN_EID_PWR_CONSTRAINT: ++ if (!element_len) ++ return -EINVAL; + bss_entry->local_constraint = *(current_ptr + 2); + bss_entry->sensed_11h = true; + break; +@@ -1349,6 +1361,9 @@ int mwifiex_update_bss_desc_with_ie(struct mwifiex_adapter *adapter, + break; + + case WLAN_EID_VENDOR_SPECIFIC: ++ if (element_len + 2 < sizeof(vendor_ie->vend_hdr)) ++ return -EINVAL; ++ + vendor_ie = (struct ieee_types_vendor_specific *) + current_ptr; + +-- +2.21.0 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0001-mwifiex-Fix-heap-overflow-in-mwifiex_uap_parse_tail_.patch new/patches.suse/0001-mwifiex-Fix-heap-overflow-in-mwifiex_uap_parse_tail_.patch --- old/patches.suse/0001-mwifiex-Fix-heap-overflow-in-mwifiex_uap_parse_tail_.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/0001-mwifiex-Fix-heap-overflow-in-mwifiex_uap_parse_tail_.patch 2019-06-17 16:44:35.000000000 +0200 @@ -0,0 +1,126 @@ +From: Takashi Iwai <[email protected]> +Date: Fri, 31 May 2019 15:18:41 +0200 +Subject: mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers.git#master +Git-commit: 69ae4f6aac1578575126319d3f55550e7e440449 +Patch-mainline: Queued in subsystem maintainer repository +References: bnc#1136935 + +A few places in mwifiex_uap_parse_tail_ies() perform memcpy() +unconditionally, which may lead to either buffer overflow or read over +boundary. + +This patch addresses the issues by checking the read size and the +destination size at each place more properly. Along with the fixes, +the patch cleans up the code slightly by introducing a temporary +variable for the token size, and unifies the error path with the +standard goto statement. + +Reported-by: huangwen <[email protected]> +Signed-off-by: Takashi Iwai <[email protected]> +Signed-off-by: Kalle Valo <[email protected]> +Signed-off-by: Oliver Neukum <[email protected]> +--- + drivers/net/wireless/marvell/mwifiex/ie.c | 47 +++++++++++++++-------- + 1 file changed, 31 insertions(+), 16 deletions(-) + +diff --git a/drivers/net/wireless/marvell/mwifiex/ie.c b/drivers/net/wireless/marvell/mwifiex/ie.c +index 6845eb57b39a..653d347a9a19 100644 +--- a/drivers/net/wireless/marvell/mwifiex/ie.c ++++ b/drivers/net/wireless/marvell/mwifiex/ie.c +@@ -329,6 +329,8 @@ static int mwifiex_uap_parse_tail_ies(struct mwifiex_private *priv, + struct ieee80211_vendor_ie *vendorhdr; + u16 gen_idx = MWIFIEX_AUTO_IDX_MASK, ie_len = 0; + int left_len, parsed_len = 0; ++ unsigned int token_len; ++ int err = 0; + + if (!info->tail || !info->tail_len) + return 0; +@@ -344,6 +346,12 @@ static int mwifiex_uap_parse_tail_ies(struct mwifiex_private *priv, + */ + while (left_len > sizeof(struct ieee_types_header)) { + hdr = (void *)(info->tail + parsed_len); ++ token_len = hdr->len + sizeof(struct ieee_types_header); ++ if (token_len > left_len) { ++ err = -EINVAL; ++ goto out; ++ } ++ + switch (hdr->element_id) { + case WLAN_EID_SSID: + case WLAN_EID_SUPP_RATES: +@@ -361,17 +369,20 @@ static int mwifiex_uap_parse_tail_ies(struct mwifiex_private *priv, + if (cfg80211_find_vendor_ie(WLAN_OUI_MICROSOFT, + WLAN_OUI_TYPE_MICROSOFT_WMM, + (const u8 *)hdr, +- hdr->len + sizeof(struct ieee_types_header))) ++ token_len)) + break; + /* fall through */ + default: +- memcpy(gen_ie->ie_buffer + ie_len, hdr, +- hdr->len + sizeof(struct ieee_types_header)); +- ie_len += hdr->len + sizeof(struct ieee_types_header); ++ if (ie_len + token_len > IEEE_MAX_IE_SIZE) { ++ err = -EINVAL; ++ goto out; ++ } ++ memcpy(gen_ie->ie_buffer + ie_len, hdr, token_len); ++ ie_len += token_len; + break; + } +- left_len -= hdr->len + sizeof(struct ieee_types_header); +- parsed_len += hdr->len + sizeof(struct ieee_types_header); ++ left_len -= token_len; ++ parsed_len += token_len; + } + + /* parse only WPA vendor IE from tail, WMM IE is configured by +@@ -381,15 +392,17 @@ static int mwifiex_uap_parse_tail_ies(struct mwifiex_private *priv, + WLAN_OUI_TYPE_MICROSOFT_WPA, + info->tail, info->tail_len); + if (vendorhdr) { +- memcpy(gen_ie->ie_buffer + ie_len, vendorhdr, +- vendorhdr->len + sizeof(struct ieee_types_header)); +- ie_len += vendorhdr->len + sizeof(struct ieee_types_header); ++ token_len = vendorhdr->len + sizeof(struct ieee_types_header); ++ if (ie_len + token_len > IEEE_MAX_IE_SIZE) { ++ err = -EINVAL; ++ goto out; ++ } ++ memcpy(gen_ie->ie_buffer + ie_len, vendorhdr, token_len); ++ ie_len += token_len; + } + +- if (!ie_len) { +- kfree(gen_ie); +- return 0; +- } ++ if (!ie_len) ++ goto out; + + gen_ie->ie_index = cpu_to_le16(gen_idx); + gen_ie->mgmt_subtype_mask = cpu_to_le16(MGMT_MASK_BEACON | +@@ -399,13 +412,15 @@ static int mwifiex_uap_parse_tail_ies(struct mwifiex_private *priv, + + if (mwifiex_update_uap_custom_ie(priv, gen_ie, &gen_idx, NULL, NULL, + NULL, NULL)) { +- kfree(gen_ie); +- return -1; ++ err = -EINVAL; ++ goto out; + } + + priv->gen_idx = gen_idx; ++ ++ out: + kfree(gen_ie); +- return 0; ++ return err; + } + + /* This function parses different IEs-head & tail IEs, beacon IEs, +-- +2.21.0 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0001-mwifiex-Fix-possible-buffer-overflows-at-parsing-bss.patch new/patches.suse/0001-mwifiex-Fix-possible-buffer-overflows-at-parsing-bss.patch --- old/patches.suse/0001-mwifiex-Fix-possible-buffer-overflows-at-parsing-bss.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/0001-mwifiex-Fix-possible-buffer-overflows-at-parsing-bss.patch 2019-06-17 16:44:35.000000000 +0200 @@ -0,0 +1,50 @@ +From: Takashi Iwai <[email protected]> +Date: Wed, 29 May 2019 14:52:19 +0200 +Subject: mwifiex: Fix possible buffer overflows at parsing bss descriptor +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers.git#master +Git-commit: 13ec7f10b87f5fc04c4ccbd491c94c7980236a74 +Patch-mainline: Queued in subsystem maintainer repository +References: bsc#1136424 CVE-2019-3846 + +mwifiex_update_bss_desc_with_ie() calls memcpy() unconditionally in +a couple places without checking the destination size. Since the +source is given from user-space, this may trigger a heap buffer +overflow. + +Fix it by putting the length check before performing memcpy(). + +This fix addresses CVE-2019-3846. + +Reported-by: huangwen <[email protected]> +Signed-off-by: Takashi Iwai <[email protected]> +Signed-off-by: Kalle Valo <[email protected]> +Signed-off-by: Oliver Neukum <[email protected]> +--- + drivers/net/wireless/marvell/mwifiex/scan.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/drivers/net/wireless/marvell/mwifiex/scan.c b/drivers/net/wireless/marvell/mwifiex/scan.c +index 935778ec9a1b..64ab6fe78c0d 100644 +--- a/drivers/net/wireless/marvell/mwifiex/scan.c ++++ b/drivers/net/wireless/marvell/mwifiex/scan.c +@@ -1247,6 +1247,8 @@ int mwifiex_update_bss_desc_with_ie(struct mwifiex_adapter *adapter, + } + switch (element_id) { + case WLAN_EID_SSID: ++ if (element_len > IEEE80211_MAX_SSID_LEN) ++ return -EINVAL; + bss_entry->ssid.ssid_len = element_len; + memcpy(bss_entry->ssid.ssid, (current_ptr + 2), + element_len); +@@ -1256,6 +1258,8 @@ int mwifiex_update_bss_desc_with_ie(struct mwifiex_adapter *adapter, + break; + + case WLAN_EID_SUPP_RATES: ++ if (element_len > MWIFIEX_SUPPORTED_RATES) ++ return -EINVAL; + memcpy(bss_entry->data_rates, current_ptr + 2, + element_len); + memcpy(bss_entry->supported_rates, current_ptr + 2, +-- +2.21.0 + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/RFC-Bluetooth-Check-key-sizes-only-when-Secure-Simple-Pairing-is-enabled.patch new/patches.suse/RFC-Bluetooth-Check-key-sizes-only-when-Secure-Simple-Pairing-is-enabled.patch --- old/patches.suse/RFC-Bluetooth-Check-key-sizes-only-when-Secure-Simple-Pairing-is-enabled.patch 2019-06-03 07:27:42.000000000 +0200 +++ new/patches.suse/RFC-Bluetooth-Check-key-sizes-only-when-Secure-Simple-Pairing-is-enabled.patch 2019-06-17 16:44:35.000000000 +0200 @@ -39,4 +39,4 @@ + if (!test_bit(HCI_CONN_ENCRYPT, &conn->flags)) return 0; - /* The minimum encryption key size needs to be enforced by the + return 1; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/TTY-serial_core-add-install.patch new/patches.suse/TTY-serial_core-add-install.patch --- old/patches.suse/TTY-serial_core-add-install.patch 2019-06-03 07:27:42.000000000 +0200 +++ new/patches.suse/TTY-serial_core-add-install.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,128 +0,0 @@ -From: Jiri Slaby <[email protected]> -Date: Wed, 17 Apr 2019 10:58:53 +0200 -Subject: TTY: serial_core, add ->install -Git-commit: 4cdd17ba1dff20ffc99fdbd2e6f0201fc7fe67df -Patch-mainline: v5.2-rc1 -References: bnc#1129693 - -We need to compute the uart state only on the first open. This is -usually what is done in the ->install hook. serial_core used to do this -in ->open on every open. So move it to ->install. - -As a side effect, it ensures the state is set properly in the window -after tty_init_dev is called, but before uart_open. This fixes a bunch -of races between tty_open and flush_to_ldisc we were dealing with -recently. - -One of such bugs was attempted to fix in commit fedb5760648a (serial: -fix race between flush_to_ldisc and tty_open), but it only took care of -a couple of functions (uart_start and uart_unthrottle). I was able to -reproduce the crash on a SLE system, but in uart_write_room which is -also called from flush_to_ldisc via process_echoes. I was *unable* to -reproduce the bug locally. It is due to having this patch in my queue -since 2012! - - general protection fault: 0000 [#1] SMP KASAN PTI - CPU: 1 PID: 5 Comm: kworker/u4:0 Tainted: G L 4.12.14-396-default #1 SLE15-SP1 (unreleased) - Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-0-ga698c89-prebuilt.qemu.org 04/01/2014 - Workqueue: events_unbound flush_to_ldisc - task: ffff8800427d8040 task.stack: ffff8800427f0000 - RIP: 0010:uart_write_room+0xc4/0x590 - RSP: 0018:ffff8800427f7088 EFLAGS: 00010202 - RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 - RDX: 000000000000002f RSI: 00000000000000ee RDI: ffff88003888bd90 - RBP: ffffffffb9545850 R08: 0000000000000001 R09: 0000000000000400 - R10: ffff8800427d825c R11: 000000000000006e R12: 1ffff100084fee12 - R13: ffffc900004c5000 R14: ffff88003888bb28 R15: 0000000000000178 - FS: 0000000000000000(0000) GS:ffff880043300000(0000) knlGS:0000000000000000 - CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 - CR2: 0000561da0794148 CR3: 000000000ebf4000 CR4: 00000000000006e0 - Call Trace: - tty_write_room+0x6d/0xc0 - __process_echoes+0x55/0x870 - n_tty_receive_buf_common+0x105e/0x26d0 - tty_ldisc_receive_buf+0xb7/0x1c0 - tty_port_default_receive_buf+0x107/0x180 - flush_to_ldisc+0x35d/0x5c0 -... - -0 in rbx means tty->driver_data is NULL in uart_write_room. 0x178 is -tried to be dereferenced (0x178 >> 3 is 0x2f in rdx) at -uart_write_room+0xc4. 0x178 is exactly (struct uart_state *)NULL->refcount -used in uart_port_lock from uart_write_room. - -So revert the upstream commit here as my local patch should fix the -whole family. - -Signed-off-by: Jiri Slaby <[email protected]> -Cc: Li RongQing <[email protected]> -Cc: Wang Li <[email protected]> -Cc: Zhang Yu <[email protected]> -Cc: Greg Kroah-Hartman <[email protected]> -Cc: stable <[email protected]> -Signed-off-by: Greg Kroah-Hartman <[email protected]> ---- - drivers/tty/serial/serial_core.c | 24 +++++++++++++----------- - 1 file changed, 13 insertions(+), 11 deletions(-) - ---- a/drivers/tty/serial/serial_core.c -+++ b/drivers/tty/serial/serial_core.c -@@ -130,9 +130,6 @@ static void uart_start(struct tty_struct - struct uart_port *port; - unsigned long flags; - -- if (!state) -- return; -- - port = uart_port_lock(state, flags); - __uart_start(tty); - uart_port_unlock(port, flags); -@@ -730,9 +727,6 @@ static void uart_unthrottle(struct tty_s - upstat_t mask = UPSTAT_SYNC_FIFO; - struct uart_port *port; - -- if (!state) -- return; -- - port = uart_port_ref(state); - if (!port) - return; -@@ -1747,6 +1741,16 @@ static void uart_dtr_rts(struct tty_port - uart_port_deref(uport); - } - -+static int uart_install(struct tty_driver *driver, struct tty_struct *tty) -+{ -+ struct uart_driver *drv = driver->driver_state; -+ struct uart_state *state = drv->state + tty->index; -+ -+ tty->driver_data = state; -+ -+ return tty_standard_install(driver, tty); -+} -+ - /* - * Calls to uart_open are serialised by the tty_lock in - * drivers/tty/tty_io.c:tty_open() -@@ -1759,11 +1763,8 @@ static void uart_dtr_rts(struct tty_port - */ - static int uart_open(struct tty_struct *tty, struct file *filp) - { -- struct uart_driver *drv = tty->driver->driver_state; -- int retval, line = tty->index; -- struct uart_state *state = drv->state + line; -- -- tty->driver_data = state; -+ struct uart_state *state = tty->driver_data; -+ int retval; - - retval = tty_port_open(&state->port, tty, filp); - if (retval > 0) -@@ -2448,6 +2449,7 @@ static void uart_poll_put_char(struct tt - #endif - - static const struct tty_operations uart_ops = { -+ .install = uart_install, - .open = uart_open, - .close = uart_close, - .write = uart_write, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/memcg-make-it-work-on-sparse-non-0-node-systems.patch new/patches.suse/memcg-make-it-work-on-sparse-non-0-node-systems.patch --- old/patches.suse/memcg-make-it-work-on-sparse-non-0-node-systems.patch 2019-06-03 07:27:42.000000000 +0200 +++ new/patches.suse/memcg-make-it-work-on-sparse-non-0-node-systems.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,93 +0,0 @@ -From: Jiri Slaby <[email protected]> -Date: Fri, 31 May 2019 22:30:26 -0700 -Subject: memcg: make it work on sparse non-0-node systems -Git-commit: 3e8589963773a5c23e2f1fe4bcad0e9a90b7f471 -Patch-mainline: v5.2-rc3 -References: bnc#1133616 - -We have a single node system with node 0 disabled: - Scanning NUMA topology in Northbridge 24 - Number of physical nodes 2 - Skipping disabled node 0 - Node 1 MemBase 0000000000000000 Limit 00000000fbff0000 - NODE_DATA(1) allocated [mem 0xfbfda000-0xfbfeffff] - -This causes crashes in memcg when system boots: - BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 - #PF error: [normal kernel read fault] -... - RIP: 0010:list_lru_add+0x94/0x170 -... - Call Trace: - d_lru_add+0x44/0x50 - dput.part.34+0xfc/0x110 - __fput+0x108/0x230 - task_work_run+0x9f/0xc0 - exit_to_usermode_loop+0xf5/0x100 - -It is reproducible as far as 4.12. I did not try older kernels. You have -to have a new enough systemd, e.g. 241 (the reason is unknown -- was not -investigated). Cannot be reproduced with systemd 234. - -The system crashes because the size of lru array is never updated in -memcg_update_all_list_lrus and the reads are past the zero-sized array, -causing dereferences of random memory. - -The root cause are list_lru_memcg_aware checks in the list_lru code. The -test in list_lru_memcg_aware is broken: it assumes node 0 is always -present, but it is not true on some systems as can be seen above. - -So fix this by avoiding checks on node 0. Remember the memcg-awareness by -a bool flag in struct list_lru. - -Link: http://lkml.kernel.org/r/[email protected] -Fixes: 60d3fd32a7a9 ("list_lru: introduce per-memcg lists") -Signed-off-by: Jiri Slaby <[email protected]> -Acked-by: Michal Hocko <[email protected]> -Suggested-by: Vladimir Davydov <[email protected]> -Acked-by: Vladimir Davydov <[email protected]> -Reviewed-by: Shakeel Butt <[email protected]> -Cc: Johannes Weiner <[email protected]> -Cc: Raghavendra K T <[email protected]> -Cc: <[email protected]> -Signed-off-by: Andrew Morton <[email protected]> -Signed-off-by: Linus Torvalds <[email protected]> ---- - include/linux/list_lru.h | 1 + - mm/list_lru.c | 8 +++----- - 2 files changed, 4 insertions(+), 5 deletions(-) - ---- a/include/linux/list_lru.h -+++ b/include/linux/list_lru.h -@@ -54,6 +54,7 @@ struct list_lru { - #ifdef CONFIG_MEMCG_KMEM - struct list_head list; - int shrinker_id; -+ bool memcg_aware; - #endif - }; - ---- a/mm/list_lru.c -+++ b/mm/list_lru.c -@@ -37,11 +37,7 @@ static int lru_shrinker_id(struct list_l - - static inline bool list_lru_memcg_aware(struct list_lru *lru) - { -- /* -- * This needs node 0 to be always present, even -- * in the systems supporting sparse numa ids. -- */ -- return !!lru->node[0].memcg_lrus; -+ return lru->memcg_aware; - } - - static inline struct list_lru_one * -@@ -451,6 +447,8 @@ static int memcg_init_list_lru(struct li - { - int i; - -+ lru->memcg_aware = memcg_aware; -+ - if (!memcg_aware) - return 0; - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/s390-drop-meaningless-targets-from-tools-Makefile.patch new/patches.suse/s390-drop-meaningless-targets-from-tools-Makefile.patch --- old/patches.suse/s390-drop-meaningless-targets-from-tools-Makefile.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/s390-drop-meaningless-targets-from-tools-Makefile.patch 2019-06-17 16:44:35.000000000 +0200 @@ -0,0 +1,34 @@ +From: Masahiro Yamada <[email protected]> +Date: Fri, 17 May 2019 16:54:27 +0900 +Subject: s390: drop meaningless 'targets' from tools Makefile +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/vfio-ccw#vfio-ccw +Git-commit: 10077c9f2dae1afabab2808a0326ecf3e8e5a82c +Patch-mainline: Queued in subsystem maintainer repository +References: s390 kmp build fix + +'targets' should be specified to include .*.cmd files to evaluate +if_changed or friends. + +Here, facility-defs.h and dis-defs.h are generated by filechk. + +Because filechk does not generate .*.cmd file, the 'targets' addition +is meaningless. The filechk correctly updates the target when its +content is changed. + +Signed-off-by: Masahiro Yamada <[email protected]> +Signed-off-by: Heiko Carstens <[email protected]> +Signed-off-by: Jiri Slaby <[email protected]> +--- + arch/s390/tools/Makefile | 1 - + 1 file changed, 1 deletion(-) + +--- a/arch/s390/tools/Makefile ++++ b/arch/s390/tools/Makefile +@@ -6,7 +6,6 @@ + kapi := arch/$(ARCH)/include/generated/asm + kapi-hdrs-y := $(kapi)/facility-defs.h $(kapi)/dis-defs.h + +-targets += $(addprefix ../../../,$(kapi-hdrs-y)) + PHONY += kapi + + kapi: $(kapi-hdrs-y) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/scsi-mpt3sas_ctl-fix-double-fetch-bug-in-ctl_ioctl_main new/patches.suse/scsi-mpt3sas_ctl-fix-double-fetch-bug-in-ctl_ioctl_main --- old/patches.suse/scsi-mpt3sas_ctl-fix-double-fetch-bug-in-ctl_ioctl_main 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/scsi-mpt3sas_ctl-fix-double-fetch-bug-in-ctl_ioctl_main 2019-06-17 16:44:35.000000000 +0200 @@ -0,0 +1,45 @@ +From: Gen Zhang <[email protected]> +Date: Thu, 30 May 2019 09:10:30 +0800 +Subject: scsi: mpt3sas_ctl: fix double-fetch bug in _ctl_ioctl_main() +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Git-commit: 86e5aca7fa2927060839f3e3b40c8bd65a7e8d1e +Patch-mainline: Queued in subsystem maintainer repo +References: bsc#1136922 cve-2019-12456 + +In _ctl_ioctl_main(), 'ioctl_header' is fetched the first time from +userspace. 'ioctl_header.ioc_number' is then checked. The legal result is +saved to 'ioc'. Then, in condition MPT3COMMAND, the whole struct is fetched +again from the userspace. Then _ctl_do_mpt_command() is called, 'ioc' and +'karg' as inputs. + +However, a malicious user can change the 'ioc_number' between the two +fetches, which will cause a potential security issues. Moreover, a +malicious user can provide a valid 'ioc_number' to pass the check in first +fetch, and then modify it in the second fetch. + +To fix this, we need to recheck the 'ioc_number' in the second fetch. + +Signed-off-by: Gen Zhang <[email protected]> +Acked-by: Suganath Prabu S <[email protected]> +Signed-off-by: Martin K. Petersen <[email protected]> +Acked-by: Lee Duncan <[email protected]> +--- + drivers/scsi/mpt3sas/mpt3sas_ctl.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/drivers/scsi/mpt3sas/mpt3sas_ctl.c b/drivers/scsi/mpt3sas/mpt3sas_ctl.c +index b2bb47c14d35..5181c03e82a6 100644 +--- a/drivers/scsi/mpt3sas/mpt3sas_ctl.c ++++ b/drivers/scsi/mpt3sas/mpt3sas_ctl.c +@@ -2319,6 +2319,10 @@ _ctl_ioctl_main(struct file *file, unsigned int cmd, void __user *arg, + break; + } + ++ if (karg.hdr.ioc_number != ioctl_header.ioc_number) { ++ ret = -EINVAL; ++ break; ++ } + if (_IOC_SIZE(cmd) == sizeof(struct mpt3_ioctl_command)) { + uarg = arg; + ret = _ctl_do_mpt_command(ioc, karg, &uarg->mf); + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/tcp-add-tcp_min_snd_mss-sysctl.patch new/patches.suse/tcp-add-tcp_min_snd_mss-sysctl.patch --- old/patches.suse/tcp-add-tcp_min_snd_mss-sysctl.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/tcp-add-tcp_min_snd_mss-sysctl.patch 2019-06-17 16:44:35.000000000 +0200 @@ -0,0 +1,121 @@ +From: Eric Dumazet <[email protected]> +Date: Thu, 6 Jun 2019 09:38:47 -0700 +Subject: tcp: add tcp_min_snd_mss sysctl +Patch-mainline: Not yet, embargo +References: bsc#1137586 CVE-2019-11479 + +Some TCP peers announce a very small MSS option in their SYN and/or +SYN/ACK messages. + +This forces the stack to send packets with a very high network/cpu +overhead. + +Linux has enforced a minimal value of 48. Since this value includes +the size of TCP options, and that the options can consume up to 40 +bytes, this means that each segment can include only 8 bytes of payload. + +In some cases, it can be useful to increase the minimal value +to a saner value. + +We still let the default to 48 (TCP_MIN_SND_MSS), for compatibility +reasons. + +Note that TCP_MAXSEG socket option enforces a minimal value +of (TCP_MIN_MSS). David Miller increased this minimal value +in commit c39508d6f118 ("tcp: Make TCP_MAXSEG minimum more correct.") +from 64 to 88. + +We might in the future merge TCP_MIN_SND_MSS and TCP_MIN_MSS. + +Signed-off-by: Eric Dumazet <[email protected]> +Suggested-by: Jonathan Looney <[email protected]> +Cc: Neal Cardwell <[email protected]> +Cc: Yuchung Cheng <[email protected]> +Cc: Tyler Hicks <[email protected]> +Cc: Bruce Curtis <[email protected]> +Acked-by: Michal Kubecek <[email protected]> + +--- + Documentation/networking/ip-sysctl.txt | 8 ++++++++ + include/net/netns/ipv4.h | 1 + + net/ipv4/sysctl_net_ipv4.c | 11 +++++++++++ + net/ipv4/tcp_ipv4.c | 1 + + net/ipv4/tcp_output.c | 3 +-- + 5 files changed, 22 insertions(+), 2 deletions(-) + +--- a/Documentation/networking/ip-sysctl.txt ++++ b/Documentation/networking/ip-sysctl.txt +@@ -250,6 +250,14 @@ tcp_base_mss - INTEGER + Path MTU discovery (MTU probing). If MTU probing is enabled, + this is the initial MSS used by the connection. + ++tcp_min_snd_mss - INTEGER ++ TCP SYN and SYNACK messages usually advertise an ADVMSS option, ++ as described in RFC 1122 and RFC 6691. ++ If this ADVMSS option is smaller than tcp_min_snd_mss, ++ it is silently capped to tcp_min_snd_mss. ++ ++ Default : 48 (at least 8 bytes of payload per segment) ++ + tcp_congestion_control - STRING + Set the congestion control algorithm to be used for new + connections. The algorithm "reno" is always available, but +--- a/include/net/netns/ipv4.h ++++ b/include/net/netns/ipv4.h +@@ -117,6 +117,7 @@ struct netns_ipv4 { + #endif + int sysctl_tcp_mtu_probing; + int sysctl_tcp_base_mss; ++ int sysctl_tcp_min_snd_mss; + int sysctl_tcp_probe_threshold; + u32 sysctl_tcp_probe_interval; + +--- a/net/ipv4/sysctl_net_ipv4.c ++++ b/net/ipv4/sysctl_net_ipv4.c +@@ -39,6 +39,8 @@ static int ip_local_port_range_min[] = { + static int ip_local_port_range_max[] = { 65535, 65535 }; + static int tcp_adv_win_scale_min = -31; + static int tcp_adv_win_scale_max = 31; ++static int tcp_min_snd_mss_min = TCP_MIN_SND_MSS; ++static int tcp_min_snd_mss_max = 65535; + static int ip_privileged_port_min; + static int ip_privileged_port_max = 65535; + static int ip_ttl_min = 1; +@@ -749,6 +751,15 @@ static struct ctl_table ipv4_net_table[] + .proc_handler = proc_dointvec, + }, + { ++ .procname = "tcp_min_snd_mss", ++ .data = &init_net.ipv4.sysctl_tcp_min_snd_mss, ++ .maxlen = sizeof(int), ++ .mode = 0644, ++ .proc_handler = proc_dointvec_minmax, ++ .extra1 = &tcp_min_snd_mss_min, ++ .extra2 = &tcp_min_snd_mss_max, ++ }, ++ { + .procname = "tcp_probe_threshold", + .data = &init_net.ipv4.sysctl_tcp_probe_threshold, + .maxlen = sizeof(int), +--- a/net/ipv4/tcp_ipv4.c ++++ b/net/ipv4/tcp_ipv4.c +@@ -2626,6 +2626,7 @@ static int __net_init tcp_sk_init(struct + net->ipv4.sysctl_tcp_ecn_fallback = 1; + + net->ipv4.sysctl_tcp_base_mss = TCP_BASE_MSS; ++ net->ipv4.sysctl_tcp_min_snd_mss = TCP_MIN_SND_MSS; + net->ipv4.sysctl_tcp_probe_threshold = TCP_PROBE_THRESHOLD; + net->ipv4.sysctl_tcp_probe_interval = TCP_PROBE_INTERVAL; + +--- a/net/ipv4/tcp_output.c ++++ b/net/ipv4/tcp_output.c +@@ -1462,8 +1462,7 @@ static inline int __tcp_mtu_to_mss(struc + mss_now -= icsk->icsk_ext_hdr_len; + + /* Then reserve room for full set of TCP options and 8 bytes of data */ +- if (mss_now < TCP_MIN_SND_MSS) +- mss_now = TCP_MIN_SND_MSS; ++ mss_now = max(mss_now, sock_net(sk)->ipv4.sysctl_tcp_min_snd_mss); + return mss_now; + } + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/tcp-enforce-tcp_min_snd_mss-in-tcp_mtu_probing.patch new/patches.suse/tcp-enforce-tcp_min_snd_mss-in-tcp_mtu_probing.patch --- old/patches.suse/tcp-enforce-tcp_min_snd_mss-in-tcp_mtu_probing.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/tcp-enforce-tcp_min_snd_mss-in-tcp_mtu_probing.patch 2019-06-17 16:44:35.000000000 +0200 @@ -0,0 +1,34 @@ +From: Eric Dumazet <[email protected]> +Date: Sat, 8 Jun 2019 10:38:08 -0700 +Subject: tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() +Patch-mainline: Not yet, embargo +References: bsc#1137586 CVE-2019-11479 + +If mtu probing is enabled tcp_mtu_probing() could very well end up +with a too small MSS. + +Use the new sysctl tcp_min_snd_mss to make sure MSS search +is performed in an acceptable range. + +Signed-off-by: Eric Dumazet <[email protected]> +Reported-by: Jonathan Lemon <[email protected]> +Cc: Jonathan Looney <[email protected]> +Cc: Neal Cardwell <[email protected]> +Cc: Yuchung Cheng <[email protected]> +Cc: Tyler Hicks <[email protected]> +Cc: Bruce Curtis <[email protected]> +Acked-by: Michal Kubecek <[email protected]> +--- + net/ipv4/tcp_timer.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/net/ipv4/tcp_timer.c ++++ b/net/ipv4/tcp_timer.c +@@ -154,6 +154,7 @@ static void tcp_mtu_probing(struct inet_ + mss = tcp_mtu_to_mss(sk, icsk->icsk_mtup.search_low) >> 1; + mss = min(net->ipv4.sysctl_tcp_base_mss, mss); + mss = max(mss, 68 - tcp_sk(sk)->tcp_header_len); ++ mss = max(mss, net->ipv4.sysctl_tcp_min_snd_mss); + icsk->icsk_mtup.search_low = tcp_mss_to_mtu(sk, mss); + } + tcp_sync_mss(sk, icsk->icsk_pmtu_cookie); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/tcp-limit-payload-size-of-sacked-skbs.patch new/patches.suse/tcp-limit-payload-size-of-sacked-skbs.patch --- old/patches.suse/tcp-limit-payload-size-of-sacked-skbs.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/tcp-limit-payload-size-of-sacked-skbs.patch 2019-06-17 16:44:35.000000000 +0200 @@ -0,0 +1,153 @@ +From: Eric Dumazet <[email protected]> +Date: Thu, 6 Jun 2019 09:38:45 -0700 +Subject: tcp: limit payload size of sacked skbs +Patch-mainline: Not yet, embargo +References: bsc#1137586 CVE-2019-11477 + +Jonathan Looney reported that TCP can trigger the following crash +in tcp_shifted_skb() : + + BUG_ON(tcp_skb_pcount(skb) < pcount); + +This can happen if the remote peer has advertized the smallest +MSS that linux TCP accepts : 48 + +An skb can hold 17 fragments, and each fragment can hold 32KB +on x86, or 64KB on PowerPC. + +This means that the 16bit witdh of TCP_SKB_CB(skb)->tcp_gso_segs +can overflow. + +Note that tcp_sendmsg() builds skbs with less than 64KB +of payload, so this problem needs SACK to be enabled. +SACK blocks allow TCP to coalesce multiple skbs in the retransmit +queue, thus filling the 17 fragments to maximal capacity. + +Fixes: 832d11c5cd07 ("tcp: Try to restore large SKBs while SACK processing") +Signed-off-by: Eric Dumazet <[email protected]> +Reported-by: Jonathan Looney <[email protected]> +Acked-by: Neal Cardwell <[email protected]> +Reviewed-by: Tyler Hicks <[email protected]> +Cc: Yuchung Cheng <[email protected]> +Cc: Bruce Curtis <[email protected]> +Acked-by: Michal Kubecek <[email protected]> + +--- + include/linux/tcp.h | 4 ++++ + include/net/tcp.h | 2 ++ + net/ipv4/tcp.c | 1 + + net/ipv4/tcp_input.c | 26 ++++++++++++++++++++------ + net/ipv4/tcp_output.c | 6 +++--- + 5 files changed, 30 insertions(+), 9 deletions(-) + +--- a/include/linux/tcp.h ++++ b/include/linux/tcp.h +@@ -488,4 +488,8 @@ static inline u16 tcp_mss_clamp(const st + + return (user_mss && user_mss < mss) ? user_mss : mss; + } ++ ++int tcp_skb_shift(struct sk_buff *to, struct sk_buff *from, int pcount, ++ int shiftlen); ++ + #endif /* _LINUX_TCP_H */ +--- a/include/net/tcp.h ++++ b/include/net/tcp.h +@@ -55,6 +55,8 @@ void tcp_time_wait(struct sock *sk, int + + #define MAX_TCP_HEADER (128 + MAX_HEADER) + #define MAX_TCP_OPTION_SPACE 40 ++#define TCP_MIN_SND_MSS 48 ++#define TCP_MIN_GSO_SIZE (TCP_MIN_SND_MSS - MAX_TCP_OPTION_SPACE) + + /* + * Never offer a window over 32767 without using window scaling. Some +--- a/net/ipv4/tcp.c ++++ b/net/ipv4/tcp.c +@@ -3889,6 +3889,7 @@ void __init tcp_init(void) + unsigned long limit; + unsigned int i; + ++ BUILD_BUG_ON(TCP_MIN_SND_MSS <= MAX_TCP_OPTION_SPACE); + BUILD_BUG_ON(sizeof(struct tcp_skb_cb) > + FIELD_SIZEOF(struct sk_buff, cb)); + +--- a/net/ipv4/tcp_input.c ++++ b/net/ipv4/tcp_input.c +@@ -1296,7 +1296,7 @@ static bool tcp_shifted_skb(struct sock + TCP_SKB_CB(skb)->seq += shifted; + + tcp_skb_pcount_add(prev, pcount); +- BUG_ON(tcp_skb_pcount(skb) < pcount); ++ WARN_ON_ONCE(tcp_skb_pcount(skb) < pcount); + tcp_skb_pcount_add(skb, -pcount); + + /* When we're adding to gso_segs == 1, gso_size will be zero, +@@ -1362,6 +1362,21 @@ static int skb_can_shift(const struct sk + return !skb_headlen(skb) && skb_is_nonlinear(skb); + } + ++int tcp_skb_shift(struct sk_buff *to, struct sk_buff *from, ++ int pcount, int shiftlen) ++{ ++ /* TCP min gso_size is 8 bytes (TCP_MIN_GSO_SIZE) ++ * Since TCP_SKB_CB(skb)->tcp_gso_segs is 16 bits, we need ++ * to make sure not storing more than 65535 * 8 bytes per skb, ++ * even if current MSS is bigger. ++ */ ++ if (unlikely(to->len + shiftlen >= 65535 * TCP_MIN_GSO_SIZE)) ++ return 0; ++ if (unlikely(tcp_skb_pcount(to) + pcount > 65535)) ++ return 0; ++ return skb_shift(to, from, shiftlen); ++} ++ + /* Try collapsing SACK blocks spanning across multiple skbs to a single + * skb. + */ +@@ -1467,7 +1482,7 @@ static struct sk_buff *tcp_shift_skb_dat + if (!after(TCP_SKB_CB(skb)->seq + len, tp->snd_una)) + goto fallback; + +- if (!skb_shift(prev, skb, len)) ++ if (!tcp_skb_shift(prev, skb, pcount, len)) + goto fallback; + if (!tcp_shifted_skb(sk, prev, skb, state, pcount, len, mss, dup_sack)) + goto out; +@@ -1485,11 +1500,10 @@ static struct sk_buff *tcp_shift_skb_dat + goto out; + + len = skb->len; +- if (skb_shift(prev, skb, len)) { +- pcount += tcp_skb_pcount(skb); +- tcp_shifted_skb(sk, prev, skb, state, tcp_skb_pcount(skb), ++ pcount = tcp_skb_pcount(skb); ++ if (tcp_skb_shift(prev, skb, pcount, len)) ++ tcp_shifted_skb(sk, prev, skb, state, pcount, + len, mss, 0); +- } + + out: + return prev; +--- a/net/ipv4/tcp_output.c ++++ b/net/ipv4/tcp_output.c +@@ -1457,8 +1457,8 @@ static inline int __tcp_mtu_to_mss(struc + mss_now -= icsk->icsk_ext_hdr_len; + + /* Then reserve room for full set of TCP options and 8 bytes of data */ +- if (mss_now < 48) +- mss_now = 48; ++ if (mss_now < TCP_MIN_SND_MSS) ++ mss_now = TCP_MIN_SND_MSS; + return mss_now; + } + +@@ -2750,7 +2750,7 @@ static bool tcp_collapse_retrans(struct + if (next_skb_size <= skb_availroom(skb)) + skb_copy_bits(next_skb, 0, skb_put(skb, next_skb_size), + next_skb_size); +- else if (!skb_shift(skb, next_skb, next_skb_size)) ++ else if (!tcp_skb_shift(skb, next_skb, 1, next_skb_size)) + return false; + } + tcp_highest_sack_replace(sk, next_skb, skb); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/tcp-tcp_fragment-should-apply-sane-memory-limits.patch new/patches.suse/tcp-tcp_fragment-should-apply-sane-memory-limits.patch --- old/patches.suse/tcp-tcp_fragment-should-apply-sane-memory-limits.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/tcp-tcp_fragment-should-apply-sane-memory-limits.patch 2019-06-17 16:44:35.000000000 +0200 @@ -0,0 +1,68 @@ +From: Eric Dumazet <[email protected]> +Date: Thu, 6 Jun 2019 09:38:46 -0700 +Subject: tcp: tcp_fragment() should apply sane memory limits +Patch-mainline: Not yet, embargo +References: bsc#1137586 CVE-2019-11478 + +Jonathan Looney reported that a malicious peer can force a sender +to fragment its retransmit queue into tiny skbs, inflating memory +usage and/or overflow 32bit counters. + +TCP allows an application to queue up to sk_sndbuf bytes, +so we need to give some allowance for non malicious splitting +of retransmit queue. + +A new SNMP counter is added to monitor how many times TCP +did not allow to split an skb if the allowance was exceeded. + +Note that this counter might increase in the case applications +use SO_SNDBUF socket option to lower sk_sndbuf. + +Signed-off-by: Eric Dumazet <[email protected]> +Reported-by: Jonathan Looney <[email protected]> +Acked-by: Neal Cardwell <[email protected]> +Acked-by: Yuchung Cheng <[email protected]> +Reviewed-by: Tyler Hicks <[email protected]> +Cc: Bruce Curtis <[email protected]> +Acked-by: Michal Kubecek <[email protected]> + +--- + include/uapi/linux/snmp.h | 1 + + net/ipv4/proc.c | 1 + + net/ipv4/tcp_output.c | 5 +++++ + 3 files changed, 7 insertions(+) + +--- a/include/uapi/linux/snmp.h ++++ b/include/uapi/linux/snmp.h +@@ -283,6 +283,7 @@ enum + LINUX_MIB_TCPACKCOMPRESSED, /* TCPAckCompressed */ + LINUX_MIB_TCPZEROWINDOWDROP, /* TCPZeroWindowDrop */ + LINUX_MIB_TCPRCVQDROP, /* TCPRcvQDrop */ ++ LINUX_MIB_TCPWQUEUETOOBIG, /* TCPWqueueTooBig */ + __LINUX_MIB_MAX + }; + +--- a/net/ipv4/proc.c ++++ b/net/ipv4/proc.c +@@ -291,6 +291,7 @@ static const struct snmp_mib snmp4_net_l + SNMP_MIB_ITEM("TCPAckCompressed", LINUX_MIB_TCPACKCOMPRESSED), + SNMP_MIB_ITEM("TCPZeroWindowDrop", LINUX_MIB_TCPZEROWINDOWDROP), + SNMP_MIB_ITEM("TCPRcvQDrop", LINUX_MIB_TCPRCVQDROP), ++ SNMP_MIB_ITEM("TCPWqueueTooBig", LINUX_MIB_TCPWQUEUETOOBIG), + SNMP_MIB_SENTINEL + }; + +--- a/net/ipv4/tcp_output.c ++++ b/net/ipv4/tcp_output.c +@@ -1299,6 +1299,11 @@ int tcp_fragment(struct sock *sk, enum t + if (nsize < 0) + nsize = 0; + ++ if (unlikely((sk->sk_wmem_queued >> 1) > sk->sk_sndbuf)) { ++ NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPWQUEUETOOBIG); ++ return -ENOMEM; ++ } ++ + if (skb_unclone(skb, gfp)) + return -ENOMEM; + ++++++ series.conf ++++++ --- /var/tmp/diff_new_pack.UFi3yw/_old 2019-06-24 21:50:29.423972360 +0200 +++ /var/tmp/diff_new_pack.UFi3yw/_new 2019-06-24 21:50:29.423972360 +0200 @@ -827,6 +827,321 @@ patches.kernel.org/5.1.7-039-Revert-tipc-fix-modprobe-tipc-failed-after-swit.patch patches.kernel.org/5.1.7-040-tipc-fix-modprobe-tipc-failed-after-switch-orde.patch patches.kernel.org/5.1.7-041-Linux-5.1.7.patch + patches.kernel.org/5.1.8-001-sparc64-Fix-regression-in-non-hypervisor-TLB-fl.patch + patches.kernel.org/5.1.8-002-include-linux-bitops.h-sanitize-rotate-primitiv.patch + patches.kernel.org/5.1.8-003-xhci-update-bounce-buffer-with-correct-sg-num.patch + patches.kernel.org/5.1.8-004-xhci-Use-zu-for-printing-size_t-type.patch + patches.kernel.org/5.1.8-005-xhci-Convert-xhci_handshake-to-use-readl_poll_t.patch + patches.kernel.org/5.1.8-006-usb-xhci-avoid-null-pointer-deref-when-bos-fiel.patch + patches.kernel.org/5.1.8-007-usbip-usbip_host-fix-BUG-sleeping-function-call.patch + patches.kernel.org/5.1.8-008-usbip-usbip_host-fix-stub_dev-lock-context-imba.patch + patches.kernel.org/5.1.8-009-USB-Fix-slab-out-of-bounds-write-in-usb_get_bos.patch + patches.kernel.org/5.1.8-010-USB-sisusbvga-fix-oops-in-error-path-of-sisusb_.patch + patches.kernel.org/5.1.8-011-USB-Add-LPM-quirk-for-Surface-Dock-GigE-adapter.patch + patches.kernel.org/5.1.8-012-USB-rio500-refuse-more-than-one-device-at-a-tim.patch + patches.kernel.org/5.1.8-013-USB-rio500-fix-memory-leak-in-close-after-disco.patch + patches.kernel.org/5.1.8-014-media-usb-siano-Fix-general-protection-fault-in.patch + patches.kernel.org/5.1.8-015-media-usb-siano-Fix-false-positive-uninitialize.patch + patches.kernel.org/5.1.8-016-media-smsusb-better-handle-optional-alignment.patch + patches.kernel.org/5.1.8-017-brcmfmac-fix-NULL-pointer-derefence-during-USB-.patch + patches.kernel.org/5.1.8-018-scsi-zfcp-fix-missing-zfcp_port-reference-put-o.patch + patches.kernel.org/5.1.8-019-scsi-zfcp-fix-to-prevent-port_remove-with-pure-.patch + patches.kernel.org/5.1.8-020-tracing-Avoid-memory-leak-in-predicate_parse.patch + patches.kernel.org/5.1.8-021-Btrfs-fix-wrong-ctime-and-mtime-of-a-directory-.patch + patches.kernel.org/5.1.8-022-Btrfs-fix-race-updating-log-root-item-during-fs.patch + patches.kernel.org/5.1.8-023-Btrfs-fix-fsync-not-persisting-changed-attribut.patch + patches.kernel.org/5.1.8-024-btrfs-correct-zstd-workspace-manager-lock-to-us.patch + patches.kernel.org/5.1.8-025-btrfs-qgroup-Check-bg-while-resuming-relocation.patch + patches.kernel.org/5.1.8-026-Btrfs-incremental-send-fix-file-corruption-when.patch + patches.kernel.org/5.1.8-027-btrfs-reloc-Also-queue-orphan-reloc-tree-for-cl.patch + patches.kernel.org/5.1.8-028-iio-dac-ds4422-ds4424-fix-chip-verification.patch + patches.kernel.org/5.1.8-029-iio-adc-ads124-avoid-buffer-overflow.patch + patches.kernel.org/5.1.8-030-iio-adc-modify-NPCM-ADC-read-reference-voltage.patch + patches.kernel.org/5.1.8-031-iio-adc-ti-ads8688-fix-timestamp-is-not-updated.patch + patches.kernel.org/5.1.8-032-s390-crypto-fix-gcm-aes-s390-selftest-failures.patch + patches.kernel.org/5.1.8-033-s390-crypto-fix-possible-sleep-during-spinlock-.patch + patches.kernel.org/5.1.8-034-KVM-PPC-Book3S-HV-XIVE-Do-not-clear-IRQ-data-of.patch + patches.kernel.org/5.1.8-035-KVM-PPC-Book3S-HV-Fix-lockdep-warning-when-ente.patch + patches.kernel.org/5.1.8-036-KVM-PPC-Book3S-HV-Restore-SPRG3-in-kvmhv_p9_gue.patch + patches.kernel.org/5.1.8-037-powerpc-perf-Fix-MMCRA-corruption-by-bhrb_filte.patch + patches.kernel.org/5.1.8-038-powerpc-kexec-Fix-loading-of-kernel-initramfs-w.patch + patches.kernel.org/5.1.8-039-ALSA-line6-Assure-canceling-delayed-work-at-dis.patch + patches.kernel.org/5.1.8-040-ALSA-hda-realtek-Set-default-power-save-node-to.patch + patches.kernel.org/5.1.8-041-ALSA-hda-realtek-Improve-the-headset-mic-for-Ac.patch + patches.kernel.org/5.1.8-042-KVM-s390-Do-not-report-unusabled-IDs-via-KVM_CA.patch + patches.kernel.org/5.1.8-043-drm-nouveau-i2c-Disable-i2c-bus-access-after-fi.patch + patches.kernel.org/5.1.8-044-i2c-mlxcpld-Fix-wrong-initialization-order-in-p.patch + patches.kernel.org/5.1.8-045-i2c-synquacer-fix-synquacer_i2c_doxfer-return-v.patch + patches.kernel.org/5.1.8-046-tty-serial-msm_serial-Fix-XON-XOFF.patch + patches.kernel.org/5.1.8-047-tty-max310x-Fix-external-crystal-register-setup.patch + patches.kernel.org/5.1.8-048-mm-memcg-consider-subtrees-in-memory.events.patch + patches.kernel.org/5.1.8-049-memcg-make-it-work-on-sparse-non-0-node-systems.patch + patches.kernel.org/5.1.8-050-kasan-initialize-tag-to-0xff-in-__kasan_kmalloc.patch + patches.kernel.org/5.1.8-051-kernel-signal.c-trace_signal_deliver-when-signa.patch + patches.kernel.org/5.1.8-052-signal-arm64-Use-force_sig-not-force_sig_fault-.patch + patches.kernel.org/5.1.8-053-mm-compaction-make-sure-we-isolate-a-valid-PFN.patch + patches.kernel.org/5.1.8-054-arm64-Fix-the-arm64_personality-syscall-wrapper.patch + patches.kernel.org/5.1.8-055-docs-Fix-conf.py-for-Sphinx-2.0.patch + patches.kernel.org/5.1.8-056-doc-Cope-with-the-deprecation-of-AutoReporter.patch + patches.kernel.org/5.1.8-057-doc-Cope-with-Sphinx-logging-deprecations.patch + patches.kernel.org/5.1.8-058-x86-ima-Check-EFI_RUNTIME_SERVICES-before-using.patch + patches.kernel.org/5.1.8-059-ima-fix-wrong-signed-policy-requirement-when-no.patch + patches.kernel.org/5.1.8-060-ima-show-rules-with-IMA_INMASK-correctly.patch + patches.kernel.org/5.1.8-061-evm-check-hash-algorithm-passed-to-init_desc.patch + patches.kernel.org/5.1.8-062-clk-imx-imx8mm-fix-int-pll-clk-gate.patch + patches.kernel.org/5.1.8-063-vt-fbcon-deinitialize-resources-in-visual_init-.patch + patches.kernel.org/5.1.8-064-serial-sh-sci-disable-DMA-for-uart_console.patch + patches.kernel.org/5.1.8-065-staging-vc04_services-prevent-integer-overflow-.patch + patches.kernel.org/5.1.8-066-staging-wlan-ng-fix-adapter-initialization-fail.patch + patches.kernel.org/5.1.8-067-cifs-fix-memory-leak-of-pneg_inbuf-on-EOPNOTSUP.patch + patches.kernel.org/5.1.8-068-CIFS-cifs_read_allocate_pages-don-t-iterate-thr.patch + patches.kernel.org/5.1.8-069-Revert-lockd-Show-pid-of-lockd-for-remote-locks.patch + patches.kernel.org/5.1.8-070-gcc-plugins-Fix-build-failures-under-Darwin-hos.patch + patches.kernel.org/5.1.8-071-drm-tegra-gem-Fix-CPU-cache-maintenance-for-BO-.patch + patches.kernel.org/5.1.8-072-drm-vmwgfx-Fix-user-space-handle-equal-to-zero.patch + patches.kernel.org/5.1.8-073-drm-vmwgfx-Fix-compat-mode-shader-operation.patch + patches.kernel.org/5.1.8-074-drm-vmwgfx-Don-t-send-drm-sysfs-hotplug-events-.patch + patches.kernel.org/5.1.8-075-drm-sun4i-Fix-sun8i-HDMI-PHY-clock-initializati.patch + patches.kernel.org/5.1.8-076-drm-sun4i-Fix-sun8i-HDMI-PHY-configuration-for-.patch + patches.kernel.org/5.1.8-077-drm-imx-ipuv3-plane-fix-atomic-update-status-qu.patch + patches.kernel.org/5.1.8-078-drm-fb-helper-generic-Call-drm_client_add-after.patch + patches.kernel.org/5.1.8-079-drm-atomic-Wire-file_priv-through-for-property-.patch + patches.kernel.org/5.1.8-080-drm-Expose-FB_DAMAGE_CLIPS-property-to-atomic-a.patch + patches.kernel.org/5.1.8-081-drm-rockchip-shutdown-drm-subsystem-on-shutdown.patch + patches.kernel.org/5.1.8-082-drm-lease-Make-sure-implicit-planes-are-leased.patch + patches.kernel.org/5.1.8-083-drm-cma-helper-Fix-drm_gem_cma_free_object.patch + patches.kernel.org/5.1.8-084-Revert-x86-build-Move-_etext-to-actual-end-of-..patch + patches.kernel.org/5.1.8-085-x86-kprobes-Set-instruction-page-as-executable.patch + patches.kernel.org/5.1.8-086-Linux-5.1.8.patch + patches.kernel.org/5.1.9-001-ethtool-fix-potential-userspace-buffer-overflow.patch + patches.kernel.org/5.1.9-002-Fix-memory-leak-in-sctp_process_init.patch + patches.kernel.org/5.1.9-003-ipv4-not-do-cache-for-local-delivery-if-bc_forw.patch + patches.kernel.org/5.1.9-004-ipv6-fix-the-check-before-getting-the-cookie-in.patch + patches.kernel.org/5.1.9-005-net-ethernet-ti-cpsw_ethtool-fix-ethtool-ring-p.patch + patches.kernel.org/5.1.9-006-net-mvpp2-Use-strscpy-to-handle-stat-strings.patch + patches.kernel.org/5.1.9-007-net-rds-fix-memory-leak-in-rds_ib_flush_mr_pool.patch + patches.kernel.org/5.1.9-008-net-sfp-read-eeprom-in-maximum-16-byte-incremen.patch + patches.kernel.org/5.1.9-009-packet-unconditionally-free-po-rollover.patch + patches.kernel.org/5.1.9-010-pktgen-do-not-sleep-with-the-thread-lock-held.patch + patches.kernel.org/5.1.9-011-Revert-fib_rules-return-0-directly-if-an-exactl.patch + patches.kernel.org/5.1.9-012-udp-only-choose-unbound-UDP-socket-for-multicas.patch + patches.kernel.org/5.1.9-013-ipv6-use-READ_ONCE-for-inet-hdrincl-as-in-ipv4.patch + patches.kernel.org/5.1.9-014-ipv6-fix-EFAULT-on-sendto-with-icmpv6-and-hdrin.patch + patches.kernel.org/5.1.9-015-net-aquantia-fix-wol-configuration-not-applied-.patch + patches.kernel.org/5.1.9-016-neighbor-Reset-gc_entries-counter-if-new-entry-.patch + patches.kernel.org/5.1.9-017-neighbor-Call-__ipv4_neigh_lookup_noref-in-neig.patch + patches.kernel.org/5.1.9-018-cls_matchall-avoid-panic-when-receiving-a-packe.patch + patches.kernel.org/5.1.9-019-ipmr_base-Do-not-reset-index-in-mr_table_dump.patch + patches.kernel.org/5.1.9-020-net-mlx4_en-ethtool-Remove-unsupported-SFP-EEPR.patch + patches.kernel.org/5.1.9-021-net-tls-replace-the-sleeping-lock-around-RX-res.patch + patches.kernel.org/5.1.9-022-rcu-locking-and-unlocking-need-to-always-be-at-.patch + patches.kernel.org/5.1.9-023-habanalabs-fix-debugfs-code.patch + patches.kernel.org/5.1.9-024-ARC-mm-SIGSEGV-userspace-trying-to-access-kerne.patch + patches.kernel.org/5.1.9-025-parisc-Use-implicit-space-register-selection-fo.patch + patches.kernel.org/5.1.9-026-parisc-Fix-crash-due-alternative-coding-for-NP-.patch + patches.kernel.org/5.1.9-027-SUNRPC-fix-regression-in-umount-of-a-secure-mou.patch + patches.kernel.org/5.1.9-028-SUNRPC-Fix-a-use-after-free-when-a-server-rejec.patch + patches.kernel.org/5.1.9-029-NFSv4.1-Again-fix-a-race-where-CB_NOTIFY_LOCK-f.patch + patches.kernel.org/5.1.9-030-NFSv4.1-Fix-bug-only-first-CB_NOTIFY_LOCK-is-ha.patch + patches.kernel.org/5.1.9-031-fuse-fallocate-fix-return-with-locked-inode.patch + patches.kernel.org/5.1.9-032-fuse-fix-copy_file_range-in-the-writeback-case.patch + patches.kernel.org/5.1.9-033-pstore-Set-tfm-to-NULL-on-free_buf_for_compress.patch + patches.kernel.org/5.1.9-034-pstore-ram-Run-without-kernel-crash-dump-region.patch + patches.kernel.org/5.1.9-035-kbuild-use-more-portable-command-v-for-cc-cross.patch + patches.kernel.org/5.1.9-036-memstick-mspro_block-Fix-an-error-code-in-mspro.patch + patches.kernel.org/5.1.9-037-mmc-tmio-fix-SCC-error-handling-to-avoid-false-.patch + patches.kernel.org/5.1.9-038-mmc-sdhci_am654-Fix-SLOTTYPE-write.patch + patches.kernel.org/5.1.9-039-x86-power-Fix-nosmt-vs-hibernation-triple-fault.patch + patches.kernel.org/5.1.9-040-x86-insn-eval-Fix-use-after-free-access-to-LDT-.patch + patches.kernel.org/5.1.9-041-i2c-xiic-Add-max_read_len-quirk.patch + patches.kernel.org/5.1.9-042-s390-mm-fix-address-space-detection-in-exceptio.patch + patches.kernel.org/5.1.9-043-nvme-rdma-fix-queue-mapping-when-queue-count-is.patch + patches.kernel.org/5.1.9-044-xen-blkfront-switch-kcalloc-to-kvcalloc-for-lar.patch + patches.kernel.org/5.1.9-045-MIPS-Bounds-check-virt_addr_valid.patch + patches.kernel.org/5.1.9-046-MIPS-pistachio-Build-uImage.gz-by-default.patch + patches.kernel.org/5.1.9-047-genwqe-Prevent-an-integer-overflow-in-the-ioctl.patch + patches.kernel.org/5.1.9-048-test_firmware-Use-correct-snprintf-limit.patch + patches.kernel.org/5.1.9-049-drm-rockchip-fix-fb-references-in-async-update.patch + patches.kernel.org/5.1.9-050-drm-vc4-fix-fb-references-in-async-update.patch + patches.kernel.org/5.1.9-051-drm-gma500-cdv-Check-vbt-config-bits-when-detec.patch + patches.kernel.org/5.1.9-052-drm-msm-fix-fb-references-in-async-update.patch + patches.kernel.org/5.1.9-053-drm-add-non-desktop-quirk-for-Valve-HMDs.patch + patches.kernel.org/5.1.9-054-drm-nouveau-add-kconfig-option-to-turn-off-nouv.patch + patches.kernel.org/5.1.9-055-drm-add-non-desktop-quirks-to-Sensics-and-OSVR-.patch + patches.kernel.org/5.1.9-056-drm-Fix-timestamp-docs-for-variable-refresh-pro.patch + patches.kernel.org/5.1.9-057-drm-amdgpu-psp-move-psp-version-specific-functi.patch + patches.kernel.org/5.1.9-058-drm-radeon-prefer-lower-reference-dividers.patch + patches.kernel.org/5.1.9-059-drm-amdgpu-remove-ATPX_DGPU_REQ_POWER_FOR_DISPL.patch + patches.kernel.org/5.1.9-060-drm-i915-Fix-I915_EXEC_RING_MASK.patch + patches.kernel.org/5.1.9-061-drm-amdgpu-soc15-skip-reset-on-init.patch + patches.kernel.org/5.1.9-062-drm-amd-display-Add-ASICREV_IS_PICASSO.patch + patches.kernel.org/5.1.9-063-drm-amdgpu-fix-ring-test-failure-issue-during-s.patch + patches.kernel.org/5.1.9-064-drm-i915-fbc-disable-framebuffer-compression-on.patch + patches.kernel.org/5.1.9-065-drm-i915-gvt-emit-init-breadcrumb-for-gvt-reque.patch + patches.kernel.org/5.1.9-066-drm-i915-Maintain-consistent-documentation-subs.patch + patches.kernel.org/5.1.9-067-drm-don-t-block-fb-changes-for-async-plane-upda.patch + patches.kernel.org/5.1.9-068-drm-i915-gvt-Initialize-intel_gvt_gtt_entry-in-.patch + patches.kernel.org/5.1.9-069-drm-amd-fix-fb-references-in-async-update.patch + patches.kernel.org/5.1.9-070-TTY-serial_core-add-install.patch + patches.kernel.org/5.1.9-071-ipv4-Define-__ipv4_neigh_lookup_noref-when-CONF.patch + patches.kernel.org/5.1.9-072-Linux-5.1.9.patch + patches.kernel.org/5.1.10-001-Revert-drm-allow-render-capable-master-with-DR.patch + patches.kernel.org/5.1.10-002-media-rockchip-vpu-Fix-re-order-probe-error-re.patch + patches.kernel.org/5.1.10-003-media-rockchip-vpu-Add-missing-dont_use_autosu.patch + patches.kernel.org/5.1.10-004-rapidio-fix-a-NULL-pointer-dereference-when-cr.patch + patches.kernel.org/5.1.10-005-fs-fat-file.c-issue-flush-after-the-writeback-.patch + patches.kernel.org/5.1.10-006-sysctl-return-EINVAL-if-val-violates-minmax.patch + patches.kernel.org/5.1.10-007-ipc-prevent-lockup-on-alloc_msg-and-free_msg.patch + patches.kernel.org/5.1.10-008-drm-msm-correct-attempted-NULL-pointer-derefer.patch + patches.kernel.org/5.1.10-009-drm-pl111-Initialize-clock-spinlock-early.patch + patches.kernel.org/5.1.10-010-mm-mprotect.c-fix-compilation-warning-because-.patch + patches.kernel.org/5.1.10-011-ARM-prevent-tracing-IPI_CPU_BACKTRACE.patch + patches.kernel.org/5.1.10-012-mm-hmm-select-mmu-notifier-when-selecting-HMM.patch + patches.kernel.org/5.1.10-013-hugetlbfs-on-restore-reserve-error-path-retain.patch + patches.kernel.org/5.1.10-014-mm-memory_hotplug-release-memory-resource-afte.patch + patches.kernel.org/5.1.10-015-mem-hotplug-fix-node-spanned-pages-when-we-hav.patch + patches.kernel.org/5.1.10-016-mm-cma.c-fix-crash-on-CMA-allocation-if-bitmap.patch + patches.kernel.org/5.1.10-017-initramfs-free-initrd-memory-if-opening-initrd.patch + patches.kernel.org/5.1.10-018-mm-compaction.c-fix-an-undefined-behaviour.patch + patches.kernel.org/5.1.10-019-mm-memory_hotplug.c-fix-the-wrong-usage-of-N_H.patch + patches.kernel.org/5.1.10-020-mm-cma.c-fix-the-bitmap-status-to-show-failed-.patch + patches.kernel.org/5.1.10-021-mm-page_mkclean-vs-MADV_DONTNEED-race.patch + patches.kernel.org/5.1.10-022-mm-cma_debug.c-fix-the-break-condition-in-cma_.patch + patches.kernel.org/5.1.10-023-mm-slab.c-fix-an-infinite-loop-in-leaks_show.patch + patches.kernel.org/5.1.10-024-kernel-sys.c-prctl-fix-false-positive-in-valid.patch + patches.kernel.org/5.1.10-025-thermal-rcar_gen3_thermal-disable-interrupt-in.patch + patches.kernel.org/5.1.10-026-drivers-thermal-tsens-Don-t-print-error-messag.patch + patches.kernel.org/5.1.10-027-mfd-tps65912-spi-Add-missing-of-table-registra.patch + patches.kernel.org/5.1.10-028-mfd-intel-lpss-Set-the-device-in-reset-state-w.patch + patches.kernel.org/5.1.10-029-drm-nouveau-disp-dp-respect-sink-limits-when-s.patch + patches.kernel.org/5.1.10-030-mfd-twl6040-Fix-device-init-errors-for-ACCCTL-.patch + patches.kernel.org/5.1.10-031-perf-x86-intel-Allow-PEBS-multi-entry-in-water.patch + patches.kernel.org/5.1.10-032-drm-nouveau-kms-gf119-gp10x-push-HeadSetContro.patch + patches.kernel.org/5.1.10-033-drm-nouveau-fix-duplication-of-nv50_head_atom-.patch + patches.kernel.org/5.1.10-034-drm-bridge-adv7511-Fix-low-refresh-rate-select.patch + patches.kernel.org/5.1.10-035-objtool-Don-t-use-ignore-flag-for-fake-jumps.patch + patches.kernel.org/5.1.10-036-drm-nouveau-kms-gv100-fix-spurious-window-imme.patch + patches.kernel.org/5.1.10-037-bpf-fix-undefined-behavior-in-narrow-load-hand.patch + patches.kernel.org/5.1.10-038-EDAC-mpc85xx-Prevent-building-as-a-module.patch + patches.kernel.org/5.1.10-039-pwm-meson-Use-the-spin-lock-only-to-protect-re.patch + patches.kernel.org/5.1.10-040-mailbox-stm32-ipcc-check-invalid-irq.patch + patches.kernel.org/5.1.10-041-ntp-Allow-TAI-UTC-offset-to-be-set-to-zero.patch + patches.kernel.org/5.1.10-042-f2fs-fix-to-avoid-panic-in-do_recover_data.patch + patches.kernel.org/5.1.10-043-f2fs-fix-to-avoid-panic-in-f2fs_inplace_write_.patch + patches.kernel.org/5.1.10-044-f2fs-fix-error-path-of-recovery.patch + patches.kernel.org/5.1.10-045-f2fs-fix-to-avoid-panic-in-f2fs_remove_inode_p.patch + patches.kernel.org/5.1.10-046-f2fs-fix-to-do-sanity-check-on-free-nid.patch + patches.kernel.org/5.1.10-047-f2fs-fix-to-clear-dirty-inode-in-error-path-of.patch + patches.kernel.org/5.1.10-048-f2fs-fix-to-avoid-panic-in-dec_valid_block_cou.patch + patches.kernel.org/5.1.10-049-f2fs-fix-to-use-inline-space-only-if-inline_xa.patch + patches.kernel.org/5.1.10-050-f2fs-fix-to-avoid-panic-in-dec_valid_node_coun.patch + patches.kernel.org/5.1.10-051-f2fs-fix-to-do-sanity-check-on-valid-block-cou.patch + patches.kernel.org/5.1.10-052-f2fs-fix-to-avoid-deadloop-in-foreground-GC.patch + patches.kernel.org/5.1.10-053-f2fs-fix-to-retrieve-inline-xattr-space.patch + patches.kernel.org/5.1.10-054-f2fs-fix-to-do-checksum-even-if-inode-page-is-.patch + patches.kernel.org/5.1.10-055-media-atmel-atmel-isc-fix-asd-memory-allocatio.patch + patches.kernel.org/5.1.10-056-percpu-remove-spurious-lock-dependency-between.patch + patches.kernel.org/5.1.10-057-configfs-fix-possible-use-after-free-in-config.patch + patches.kernel.org/5.1.10-058-uml-fix-a-boot-splat-wrt-use-of-cpu_all_mask.patch + patches.kernel.org/5.1.10-059-PCI-dwc-Free-MSI-in-dw_pcie_host_init-error-pa.patch + patches.kernel.org/5.1.10-060-PCI-dwc-Free-MSI-IRQ-page-in-dw_pcie_free_msi.patch + patches.kernel.org/5.1.10-061-fbcon-Don-t-reset-logo_shown-when-logo-is-curr.patch + patches.kernel.org/5.1.10-062-ovl-do-not-generate-duplicate-fsnotify-events-.patch + patches.kernel.org/5.1.10-063-mmc-mmci-Prevent-polling-for-busy-detection-in.patch + patches.kernel.org/5.1.10-064-netfilter-nf_flow_table-fix-missing-error-chec.patch + patches.kernel.org/5.1.10-065-netfilter-nf_conntrack_h323-restore-boundary-c.patch + patches.kernel.org/5.1.10-066-mips-Make-sure-dt-memory-regions-are-valid.patch + patches.kernel.org/5.1.10-067-netfilter-nf_tables-fix-base-chain-stat-rcu_de.patch + patches.kernel.org/5.1.10-068-watchdog-imx2_wdt-Fix-set_timeout-for-big-time.patch + patches.kernel.org/5.1.10-069-watchdog-fix-compile-time-error-of-pretimeout-.patch + patches.kernel.org/5.1.10-070-blk-mq-move-cancel-of-requeue_work-into-blk_mq.patch + patches.kernel.org/5.1.10-071-iommu-vt-d-Set-intel_iommu_gfx_mapped-correctl.patch + patches.kernel.org/5.1.10-072-vfio-pci-nvlink2-Fix-potential-VMA-leak.patch + patches.kernel.org/5.1.10-073-misc-pci_endpoint_test-Fix-test_reg_bar-to-be-.patch + patches.kernel.org/5.1.10-074-PCI-designware-ep-Use-aligned-ATU-window-for-r.patch + patches.kernel.org/5.1.10-075-nvme-pci-unquiesce-admin-queue-on-shutdown.patch + patches.kernel.org/5.1.10-076-nvme-pci-shutdown-on-timeout-during-deletion.patch + patches.kernel.org/5.1.10-077-netfilter-nf_flow_table-check-ttl-value-in-flo.patch + patches.kernel.org/5.1.10-078-netfilter-nf_flow_table-fix-netdev-refcnt-leak.patch + patches.kernel.org/5.1.10-079-ALSA-hda-Register-irq-handler-after-the-chip-i.patch + patches.kernel.org/5.1.10-080-powerpc-pseries-Track-LMB-nid-instead-of-using.patch + patches.kernel.org/5.1.10-081-arm64-defconfig-Update-UFSHCD-for-Hi3660-soc.patch + patches.kernel.org/5.1.10-082-iommu-vt-d-Don-t-request-page-request-irq-unde.patch + patches.kernel.org/5.1.10-083-nvmem-core-fix-read-buffer-in-place.patch + patches.kernel.org/5.1.10-084-nvmem-sunxi_sid-Support-SID-on-A83T-and-H5.patch + patches.kernel.org/5.1.10-085-fuse-retrieve-cap-requested-size-to-negotiated.patch + patches.kernel.org/5.1.10-086-nfsd-allow-fh_want_write-to-be-called-twice.patch + patches.kernel.org/5.1.10-087-nfsd-avoid-uninitialized-variable-warning.patch + patches.kernel.org/5.1.10-088-vfio-Fix-WARNING-do-not-call-blocking-ops-when.patch + patches.kernel.org/5.1.10-089-iommu-arm-smmu-v3-Don-t-disable-SMMU-in-kdump-.patch + patches.kernel.org/5.1.10-090-switchtec-Fix-unintended-mask-of-MRPC-event.patch + patches.kernel.org/5.1.10-091-net-thunderbolt-Unregister-ThunderboltIP-proto.patch + patches.kernel.org/5.1.10-092-x86-PCI-Fix-PCI-IRQ-routing-table-memory-leak.patch + patches.kernel.org/5.1.10-093-soc-tegra-pmc-Remove-reset-sysfs-entries-on-er.patch + patches.kernel.org/5.1.10-094-i40e-Queues-are-reserved-despite-Invalid-argum.patch + patches.kernel.org/5.1.10-095-power-supply-cpcap-battery-Fix-signed-counter-.patch + patches.kernel.org/5.1.10-096-platform-chrome-cros_ec_proto-check-for-NULL-t.patch + patches.kernel.org/5.1.10-097-PCI-keystone-Invoke-phy_reset-API-before-enabl.patch + patches.kernel.org/5.1.10-098-PCI-keystone-Prevent-ARM32-specific-code-to-be.patch + patches.kernel.org/5.1.10-099-soc-mediatek-pwrap-Zero-initialize-rdata-in-pw.patch + patches.kernel.org/5.1.10-100-clk-rockchip-Turn-on-aclk_dmac1-for-suspend-on.patch + patches.kernel.org/5.1.10-101-usb-ohci-da8xx-disable-the-regulator-if-the-ov.patch + patches.kernel.org/5.1.10-102-iommu-vt-d-Flush-IOTLB-for-untrusted-device-in.patch + patches.kernel.org/5.1.10-103-soc-rockchip-Set-the-proper-PWM-for-rk3288.patch + patches.kernel.org/5.1.10-104-arm64-dts-imx8mq-Mark-iomuxc_gpr-as-i.MX6Q-com.patch + patches.kernel.org/5.1.10-105-ARM-dts-imx51-Specify-IMX5_CLK_IPG-as-ahb-cloc.patch + patches.kernel.org/5.1.10-106-ARM-dts-imx50-Specify-IMX5_CLK_IPG-as-ahb-cloc.patch + patches.kernel.org/5.1.10-107-ARM-dts-imx53-Specify-IMX5_CLK_IPG-as-ahb-cloc.patch + patches.kernel.org/5.1.10-108-ARM-dts-imx6sx-Specify-IMX6SX_CLK_IPG-as-ahb-c.patch + patches.kernel.org/5.1.10-109-ARM-dts-imx6sll-Specify-IMX6SLL_CLK_IPG-as-ipg.patch + patches.kernel.org/5.1.10-110-ARM-dts-imx7d-Specify-IMX7D_CLK_IPG-as-ipg-clo.patch + patches.kernel.org/5.1.10-111-ARM-dts-imx6ul-Specify-IMX6UL_CLK_IPG-as-ipg-c.patch + patches.kernel.org/5.1.10-112-ARM-dts-imx6sx-Specify-IMX6SX_CLK_IPG-as-ipg-c.patch + patches.kernel.org/5.1.10-113-ARM-dts-imx6qdl-Specify-IMX6QDL_CLK_IPG-as-ipg.patch + patches.kernel.org/5.1.10-114-PCI-rpadlpar-Fix-leaked-device_node-references.patch + patches.kernel.org/5.1.10-115-drm-amd-display-disable-link-before-changing-l.patch + patches.kernel.org/5.1.10-116-drm-amd-display-Use-plane-color_space-for-dpp-.patch + patches.kernel.org/5.1.10-117-ARM-OMAP2-pm33xx-core-Do-not-Turn-OFF-CEFUSE-a.patch + patches.kernel.org/5.1.10-118-pinctrl-pinctrl-intel-move-gpio-suspend-resume.patch + patches.kernel.org/5.1.10-119-platform-x86-intel_pmc_ipc-adding-error-handli.patch + patches.kernel.org/5.1.10-120-power-supply-max14656-fix-potential-use-before.patch + patches.kernel.org/5.1.10-121-f2fs-fix-potential-recursive-call-when-enablin.patch + patches.kernel.org/5.1.10-122-net-hns3-return-0-and-print-warning-when-hit-d.patch + patches.kernel.org/5.1.10-123-PCI-dwc-Remove-default-MSI-initialization-for-.patch + patches.kernel.org/5.1.10-124-PCI-rcar-Fix-a-potential-NULL-pointer-derefere.patch + patches.kernel.org/5.1.10-125-PCI-rcar-Fix-64bit-MSI-message-address-handlin.patch + patches.kernel.org/5.1.10-126-scsi-qla2xxx-Reset-the-FCF_ASYNC_-SENT-ACTIVE-.patch + patches.kernel.org/5.1.10-127-Input-goodix-add-GT5663-CTP-support.patch + patches.kernel.org/5.1.10-128-video-hgafb-fix-potential-NULL-pointer-derefer.patch + patches.kernel.org/5.1.10-129-video-imsttfb-fix-potential-NULL-pointer-deref.patch + patches.kernel.org/5.1.10-130-block-bfq-increase-idling-for-weight-raised-qu.patch + patches.kernel.org/5.1.10-131-PCI-xilinx-Check-for-__get_free_pages-failure.patch + patches.kernel.org/5.1.10-132-arm64-dts-qcom-qcs404-Fix-regulator-supply-nam.patch + patches.kernel.org/5.1.10-133-gpio-gpio-omap-add-check-for-off-wake-capable-.patch + patches.kernel.org/5.1.10-134-gpio-gpio-omap-limit-errata-1.101-handling-to-.patch + patches.kernel.org/5.1.10-135-ice-Add-missing-case-in-print_link_msg-for-pri.patch + patches.kernel.org/5.1.10-136-media-v4l2-ctrl-v4l2_ctrl_request_setup-return.patch + patches.kernel.org/5.1.10-137-batman-adv-Adjust-name-for-batadv_dat_send_dat.patch + patches.kernel.org/5.1.10-138-ice-Enable-LAN_EN-for-the-right-recipes.patch + patches.kernel.org/5.1.10-139-ice-Do-not-set-LB_EN-for-prune-switch-rules.patch + patches.kernel.org/5.1.10-140-dmaengine-idma64-Use-actual-device-for-DMA-tra.patch + patches.kernel.org/5.1.10-141-pwm-tiehrpwm-Update-shadow-register-for-disabl.patch + patches.kernel.org/5.1.10-142-media-v4l2-fwnode-Defaults-may-not-override-en.patch + patches.kernel.org/5.1.10-143-ARM-dts-exynos-Always-enable-necessary-APIO_1V.patch + patches.kernel.org/5.1.10-144-pwm-Fix-deadlock-warning-when-removing-PWM-dev.patch + patches.kernel.org/5.1.10-145-ARM-exynos-Fix-undefined-instruction-during-Ex.patch + patches.kernel.org/5.1.10-146-usb-typec-fusb302-Check-vconn-is-off-when-we-s.patch + patches.kernel.org/5.1.10-147-soc-renesas-Identify-R-Car-M3-W-ES1.3.patch + patches.kernel.org/5.1.10-148-ARM-shmobile-porter-enable-R-Car-Gen2-regulato.patch + patches.kernel.org/5.1.10-149-gpio-vf610-Do-not-share-irq_chip.patch + patches.kernel.org/5.1.10-150-percpu-do-not-search-past-bitmap-when-allocati.patch + patches.kernel.org/5.1.10-151-Revert-Bluetooth-Align-minimum-encryption-key-.patch + patches.kernel.org/5.1.10-152-Revert-drm-nouveau-add-kconfig-option-to-turn-.patch + patches.kernel.org/5.1.10-153-ovl-check-the-capability-before-cred-overridde.patch + patches.kernel.org/5.1.10-154-ovl-support-stacked-SEEK_HOLE-SEEK_DATA.patch + patches.kernel.org/5.1.10-155-ALSA-seq-Cover-unsubscribe_port-in-list_mutex.patch + patches.kernel.org/5.1.10-156-io_uring-fix-failure-to-verify-SQ_AFF-cpu.patch + patches.kernel.org/5.1.10-157-Linux-5.1.10.patch ######################################################## # Build fixes that apply to the vanilla kernel too. @@ -866,6 +1181,7 @@ patches.suse/genksyms-add-override-flag.diff patches.suse/kernel-add-product-identifying-information-to-kernel-build.patch patches.suse/kernel-add-release-status-to-kernel-build.patch + patches.suse/s390-drop-meaningless-targets-from-tools-Makefile.patch ######################################################## # Simple export additions/removals @@ -879,7 +1195,6 @@ # Scheduler / Core ######################################################## patches.suse/setuid-dumpable-wrongdir - patches.suse/memcg-make-it-work-on-sparse-non-0-node-systems.patch ######################################################## # Architecture-specific patches. These used to be all @@ -991,6 +1306,10 @@ ######################################################## # Networking Core ######################################################## + patches.suse/tcp-limit-payload-size-of-sacked-skbs.patch + patches.suse/tcp-tcp_fragment-should-apply-sane-memory-limits.patch + patches.suse/tcp-add-tcp_min_snd_mss-sysctl.patch + patches.suse/tcp-enforce-tcp_min_snd_mss-in-tcp_mtu_probing.patch ######################################################## # Netfilter @@ -1078,6 +1397,8 @@ patches.suse/megaraid-mbox-fix-SG_IO + patches.suse/scsi-mpt3sas_ctl-fix-double-fetch-bug-in-ctl_ioctl_main + ######################################################## # DRM/Video ######################################################## @@ -1095,6 +1416,9 @@ ######################################################## patches.suse/b43-missing-firmware-info.patch patches.suse/RFC-Bluetooth-Check-key-sizes-only-when-Secure-Simple-Pairing-is-enabled.patch + patches.suse/0001-mwifiex-Fix-possible-buffer-overflows-at-parsing-bss.patch + patches.suse/0001-mwifiex-Abort-at-too-short-BSS-descriptor-element.patch + patches.suse/0001-mwifiex-Fix-heap-overflow-in-mwifiex_uap_parse_tail_.patch ######################################################## # ISDN @@ -1132,7 +1456,6 @@ ######################################################## # Char / serial ######################################################## - patches.suse/TTY-serial_core-add-install.patch ######################################################## # Other driver fixes ++++++ source-timestamp ++++++ --- /var/tmp/diff_new_pack.UFi3yw/_old 2019-06-24 21:50:29.447972378 +0200 +++ /var/tmp/diff_new_pack.UFi3yw/_new 2019-06-24 21:50:29.447972378 +0200 @@ -1,3 +1,3 @@ -2019-06-04 07:56:54 +0000 -GIT Revision: 55f2451c7a489069e9144e81bda3e375644a5983 +2019-06-17 14:44:35 +0000 +GIT Revision: ad24342b53c2ac90b16b903f897bd01f775351e5 GIT Branch: stable
