diff options
author | Alexandre Oliva <lxoliva@fsfla.org> | 2018-03-14 12:26:58 +0000 |
---|---|---|
committer | Alexandre Oliva <lxoliva@fsfla.org> | 2018-03-14 12:26:58 +0000 |
commit | a15ab95c079af8bff24bc62ebd788a5aa4618085 (patch) | |
tree | 24233edc559d648bb96d0ea4f732ffe8d4c4d73c | |
parent | 557e968b52bc89e700d5ac6187ca9351e38b58b9 (diff) | |
download | linux-libre-raptor-a15ab95c079af8bff24bc62ebd788a5aa4618085.tar.gz linux-libre-raptor-a15ab95c079af8bff24bc62ebd788a5aa4618085.zip |
4.15.9-300.fc27.gnu
13 files changed, 188 insertions, 15 deletions
diff --git a/freed-ora/current/f27/0001-net-phy-mdio-bcm-unimac-fix-potential-NULL-dereferen.patch b/freed-ora/current/f27/0001-net-phy-mdio-bcm-unimac-fix-potential-NULL-dereferen.patch new file mode 100644 index 000000000..061ef5819 --- /dev/null +++ b/freed-ora/current/f27/0001-net-phy-mdio-bcm-unimac-fix-potential-NULL-dereferen.patch @@ -0,0 +1,44 @@ +From 297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5 Mon Sep 17 00:00:00 2001 +From: Wei Yongjun <weiyongjun1@huawei.com> +Date: Thu, 11 Jan 2018 11:21:51 +0000 +Subject: [PATCH] net: phy: mdio-bcm-unimac: fix potential NULL dereference in + unimac_mdio_probe() + +platform_get_resource() may fail and return NULL, so we should +better check it's return value to avoid a NULL pointer dereference +a bit later in the code. + +This is detected by Coccinelle semantic patch. + +@@ +expression pdev, res, n, t, e, e1, e2; +@@ + +res = platform_get_resource(pdev, t, n); ++ if (!res) ++ return -EINVAL; +... when != res == NULL +e = devm_ioremap(e1, res->start, e2); + +Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +--- + drivers/net/phy/mdio-bcm-unimac.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/net/phy/mdio-bcm-unimac.c b/drivers/net/phy/mdio-bcm-unimac.c +index 08e0647b85e2..8d370667fa1b 100644 +--- a/drivers/net/phy/mdio-bcm-unimac.c ++++ b/drivers/net/phy/mdio-bcm-unimac.c +@@ -205,6 +205,8 @@ static int unimac_mdio_probe(struct platform_device *pdev) + return -ENOMEM; + + r = platform_get_resource(pdev, IORESOURCE_MEM, 0); ++ if (!r) ++ return -EINVAL; + + /* Just ioremap, as this MDIO block is usually integrated into an + * Ethernet MAC controller register range +-- +2.14.3 + diff --git a/freed-ora/current/f27/0001-x86-MCE-Serialize-sysfs-changes.patch b/freed-ora/current/f27/0001-x86-MCE-Serialize-sysfs-changes.patch new file mode 100644 index 000000000..84c7b7fd3 --- /dev/null +++ b/freed-ora/current/f27/0001-x86-MCE-Serialize-sysfs-changes.patch @@ -0,0 +1,114 @@ +From b3b7c4795ccab5be71f080774c45bbbcc75c2aaf Mon Sep 17 00:00:00 2001 +From: Seunghun Han <kkamagui@gmail.com> +Date: Tue, 6 Mar 2018 15:21:43 +0100 +Subject: [PATCH] x86/MCE: Serialize sysfs changes + +The check_interval file in + + /sys/devices/system/machinecheck/machinecheck<cpu number> + +directory is a global timer value for MCE polling. If it is changed by one +CPU, mce_restart() broadcasts the event to other CPUs to delete and restart +the MCE polling timer and __mcheck_cpu_init_timer() reinitializes the +mce_timer variable. + +If more than one CPU writes a specific value to the check_interval file +concurrently, mce_timer is not protected from such concurrent accesses and +all kinds of explosions happen. Since only root can write to those sysfs +variables, the issue is not a big deal security-wise. + +However, concurrent writes to these configuration variables is void of +reason so the proper thing to do is to serialize the access with a mutex. + +Boris: + + - Make store_int_with_restart() use device_store_ulong() to filter out + negative intervals + - Limit min interval to 1 second + - Correct locking + - Massage commit message + +Signed-off-by: Seunghun Han <kkamagui@gmail.com> +Signed-off-by: Borislav Petkov <bp@suse.de> +Signed-off-by: Thomas Gleixner <tglx@linutronix.de> +Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +Cc: Tony Luck <tony.luck@intel.com> +Cc: linux-edac <linux-edac@vger.kernel.org> +Cc: stable@vger.kernel.org +Link: http://lkml.kernel.org/r/20180302202706.9434-1-kkamagui@gmail.com +--- + arch/x86/kernel/cpu/mcheck/mce.c | 22 +++++++++++++++++++++- + 1 file changed, 21 insertions(+), 1 deletion(-) + +diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c +index b3323cab9139..466f47301334 100644 +--- a/arch/x86/kernel/cpu/mcheck/mce.c ++++ b/arch/x86/kernel/cpu/mcheck/mce.c +@@ -56,6 +56,9 @@ + + static DEFINE_MUTEX(mce_log_mutex); + ++/* sysfs synchronization */ ++static DEFINE_MUTEX(mce_sysfs_mutex); ++ + #define CREATE_TRACE_POINTS + #include <trace/events/mce.h> + +@@ -2088,6 +2091,7 @@ static ssize_t set_ignore_ce(struct device *s, + if (kstrtou64(buf, 0, &new) < 0) + return -EINVAL; + ++ mutex_lock(&mce_sysfs_mutex); + if (mca_cfg.ignore_ce ^ !!new) { + if (new) { + /* disable ce features */ +@@ -2100,6 +2104,8 @@ static ssize_t set_ignore_ce(struct device *s, + on_each_cpu(mce_enable_ce, (void *)1, 1); + } + } ++ mutex_unlock(&mce_sysfs_mutex); ++ + return size; + } + +@@ -2112,6 +2118,7 @@ static ssize_t set_cmci_disabled(struct device *s, + if (kstrtou64(buf, 0, &new) < 0) + return -EINVAL; + ++ mutex_lock(&mce_sysfs_mutex); + if (mca_cfg.cmci_disabled ^ !!new) { + if (new) { + /* disable cmci */ +@@ -2123,6 +2130,8 @@ static ssize_t set_cmci_disabled(struct device *s, + on_each_cpu(mce_enable_ce, NULL, 1); + } + } ++ mutex_unlock(&mce_sysfs_mutex); ++ + return size; + } + +@@ -2130,8 +2139,19 @@ static ssize_t store_int_with_restart(struct device *s, + struct device_attribute *attr, + const char *buf, size_t size) + { +- ssize_t ret = device_store_int(s, attr, buf, size); ++ unsigned long old_check_interval = check_interval; ++ ssize_t ret = device_store_ulong(s, attr, buf, size); ++ ++ if (check_interval == old_check_interval) ++ return ret; ++ ++ if (check_interval < 1) ++ check_interval = 1; ++ ++ mutex_lock(&mce_sysfs_mutex); + mce_restart(); ++ mutex_unlock(&mce_sysfs_mutex); ++ + return ret; + } + +-- +2.14.3 + diff --git a/freed-ora/current/f27/baseconfig/arm/CONFIG_SATA_SIL24 b/freed-ora/current/f27/baseconfig/arm/CONFIG_SATA_SIL24 deleted file mode 100644 index 7526a06a0..000000000 --- a/freed-ora/current/f27/baseconfig/arm/CONFIG_SATA_SIL24 +++ /dev/null @@ -1 +0,0 @@ -# CONFIG_SATA_SIL24 is not set diff --git a/freed-ora/current/f27/kernel-aarch64-debug.config b/freed-ora/current/f27/kernel-aarch64-debug.config index b1d2ad56d..548ab9830 100644 --- a/freed-ora/current/f27/kernel-aarch64-debug.config +++ b/freed-ora/current/f27/kernel-aarch64-debug.config @@ -4673,7 +4673,7 @@ CONFIG_SATA_MV=m CONFIG_SATA_PMP=y # CONFIG_SATA_PROMISE is not set # CONFIG_SATA_QSTOR is not set -# CONFIG_SATA_SIL24 is not set +CONFIG_SATA_SIL24=m # CONFIG_SATA_SIL is not set # CONFIG_SATA_SIS is not set # CONFIG_SATA_SVW is not set diff --git a/freed-ora/current/f27/kernel-aarch64.config b/freed-ora/current/f27/kernel-aarch64.config index abd349850..979968070 100644 --- a/freed-ora/current/f27/kernel-aarch64.config +++ b/freed-ora/current/f27/kernel-aarch64.config @@ -4651,7 +4651,7 @@ CONFIG_SATA_MV=m CONFIG_SATA_PMP=y # CONFIG_SATA_PROMISE is not set # CONFIG_SATA_QSTOR is not set -# CONFIG_SATA_SIL24 is not set +CONFIG_SATA_SIL24=m # CONFIG_SATA_SIL is not set # CONFIG_SATA_SIS is not set # CONFIG_SATA_SVW is not set diff --git a/freed-ora/current/f27/kernel-armv7hl-debug.config b/freed-ora/current/f27/kernel-armv7hl-debug.config index 8e0c97e58..4251779cd 100644 --- a/freed-ora/current/f27/kernel-armv7hl-debug.config +++ b/freed-ora/current/f27/kernel-armv7hl-debug.config @@ -5028,7 +5028,7 @@ CONFIG_SATA_MV=m CONFIG_SATA_PMP=y # CONFIG_SATA_PROMISE is not set # CONFIG_SATA_QSTOR is not set -# CONFIG_SATA_SIL24 is not set +CONFIG_SATA_SIL24=m # CONFIG_SATA_SIL is not set # CONFIG_SATA_SIS is not set # CONFIG_SATA_SVW is not set diff --git a/freed-ora/current/f27/kernel-armv7hl-lpae-debug.config b/freed-ora/current/f27/kernel-armv7hl-lpae-debug.config index 6c38c0d3d..ebc6bf87a 100644 --- a/freed-ora/current/f27/kernel-armv7hl-lpae-debug.config +++ b/freed-ora/current/f27/kernel-armv7hl-lpae-debug.config @@ -4721,7 +4721,7 @@ CONFIG_SATA_MV=m CONFIG_SATA_PMP=y # CONFIG_SATA_PROMISE is not set # CONFIG_SATA_QSTOR is not set -# CONFIG_SATA_SIL24 is not set +CONFIG_SATA_SIL24=m # CONFIG_SATA_SIL is not set # CONFIG_SATA_SIS is not set # CONFIG_SATA_SVW is not set diff --git a/freed-ora/current/f27/kernel-armv7hl-lpae.config b/freed-ora/current/f27/kernel-armv7hl-lpae.config index d3ba41dde..e2ef7a02b 100644 --- a/freed-ora/current/f27/kernel-armv7hl-lpae.config +++ b/freed-ora/current/f27/kernel-armv7hl-lpae.config @@ -4699,7 +4699,7 @@ CONFIG_SATA_MV=m CONFIG_SATA_PMP=y # CONFIG_SATA_PROMISE is not set # CONFIG_SATA_QSTOR is not set -# CONFIG_SATA_SIL24 is not set +CONFIG_SATA_SIL24=m # CONFIG_SATA_SIL is not set # CONFIG_SATA_SIS is not set # CONFIG_SATA_SVW is not set diff --git a/freed-ora/current/f27/kernel-armv7hl.config b/freed-ora/current/f27/kernel-armv7hl.config index dd031cb8e..b6756abce 100644 --- a/freed-ora/current/f27/kernel-armv7hl.config +++ b/freed-ora/current/f27/kernel-armv7hl.config @@ -5006,7 +5006,7 @@ CONFIG_SATA_MV=m CONFIG_SATA_PMP=y # CONFIG_SATA_PROMISE is not set # CONFIG_SATA_QSTOR is not set -# CONFIG_SATA_SIL24 is not set +CONFIG_SATA_SIL24=m # CONFIG_SATA_SIL is not set # CONFIG_SATA_SIS is not set # CONFIG_SATA_SVW is not set diff --git a/freed-ora/current/f27/kernel.spec b/freed-ora/current/f27/kernel.spec index aa13f3dbe..dc07fb1b6 100644 --- a/freed-ora/current/f27/kernel.spec +++ b/freed-ora/current/f27/kernel.spec @@ -92,7 +92,7 @@ Summary: The Linux kernel %if 0%{?released_kernel} # Do we have a -stable update to apply? -%define stable_update 8 +%define stable_update 9 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev %{stable_update} @@ -707,6 +707,12 @@ Patch657: ipmi-fixes.patch # CVE-2018-7757 rhbz 1553361 1553363 Patch658: 0001-scsi-libsas-fix-memory-leak-in-sas_smp_get_phy_event.patch +# CVE-2018-7995 rhbz 1553911 1553918 +Patch659: 0001-x86-MCE-Serialize-sysfs-changes.patch + +# CVE-2018-8043 rhbz 1554199 1554200 +Patch660: 0001-net-phy-mdio-bcm-unimac-fix-potential-NULL-dereferen.patch + # END OF PATCH DEFINITIONS %endif @@ -2046,6 +2052,16 @@ fi # # %changelog +* Tue Mar 13 2018 Alexandre Oliva <lxoliva@fsfla.org> -libre +- GNU Linux-libre 4.15.9-gnu. + +* Mon Mar 12 2018 Laura Abbott <labbott@redhat.com> - 4.15.9-300 +- Linux v4.15.9 + +* Mon Mar 12 2018 Justin M. Forbes <jforbes@fedoraproject.org> +- Fix CVE-2018-7995 (rhbz 1553911 1553918) +- Fix CVE-2018-8043 (rhbz 1554199 1554200) + * Fri Mar 9 2018 Alexandre Oliva <lxoliva@fsfla.org> -libre - GNU Linux-libre 4.15.8-gnu. diff --git a/freed-ora/current/f27/patch-4.15-gnu-4.15.8-gnu.xz.sign b/freed-ora/current/f27/patch-4.15-gnu-4.15.8-gnu.xz.sign deleted file mode 100644 index 55524180d..000000000 --- a/freed-ora/current/f27/patch-4.15-gnu-4.15.8-gnu.xz.sign +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iF0EABECAB0WIQRHRALIxYLa++OJxCe8t8+Hfn1HpwUCWqMl5QAKCRC8t8+Hfn1H -p5KTAJ40Gvbq9xSKuOIjCo3Sdr4x6A2PGwCgqdWec2rTLlkU6H3cMh6GPZgOMQQ= -=xlzu ------END PGP SIGNATURE----- diff --git a/freed-ora/current/f27/patch-4.15-gnu-4.15.9-gnu.xz.sign b/freed-ora/current/f27/patch-4.15-gnu-4.15.9-gnu.xz.sign new file mode 100644 index 000000000..5f9ba76fe --- /dev/null +++ b/freed-ora/current/f27/patch-4.15-gnu-4.15.9-gnu.xz.sign @@ -0,0 +1,6 @@ +-----BEGIN PGP SIGNATURE----- + +iF0EABECAB0WIQRHRALIxYLa++OJxCe8t8+Hfn1HpwUCWqWujAAKCRC8t8+Hfn1H +p12iAJ9Jm+ekfjnw8h5FUlk1Bey9ni20OACgrOZ1QWFlffYD1C7iSeRYnVpQqlQ= +=nUnX +-----END PGP SIGNATURE----- diff --git a/freed-ora/current/f27/sources b/freed-ora/current/f27/sources index a2f2515d3..b7006188b 100644 --- a/freed-ora/current/f27/sources +++ b/freed-ora/current/f27/sources @@ -1,2 +1,2 @@ SHA512 (linux-libre-4.15-gnu.tar.xz) = a55cc663c6fb1e1cfa7905282b368b5d5888bc2398f0acf37e5bb9a232ded04fd566b1980e654da26aaec005332e458581495184d6bd4cec669181085d4d78a5 -SHA512 (patch-4.15-gnu-4.15.8-gnu.xz) = f718c7c825552921b2546589e3900dc82433a764b7981ebd22ec8eb3178ad3021fbf31b9030dc45681926bf522f4c3ce7c51fe60113cd5c707b42adf3efcaae6 +SHA512 (patch-4.15-gnu-4.15.9-gnu.xz) = 5b2ad5af70d432cf79eb11729ae39ed53e0b5b2a76688c35655c78538c1d0aa3852ad2c3244c2e0a4207d678919d806fa1903efdad6690e9679c9208d973bb73 |