4.11.8-100.fc24.gnu

6 files changed, 15 insertions, 222 deletions

diff --git a/freed-ora/current/f24/0001-netfilter-xtables-zero-padding-in-data_to_user.patch b/freed-ora/current/f24/0001-netfilter-xtables-zero-padding-in-data_to_user.patch
deleted file mode 100644
index b23e387a6..000000000
--- a/freed-ora/current/f24/0001-netfilter-xtables-zero-padding-in-data_to_user.patch
+++ /dev/null
@@ -1,116 +0,0 @@
-From b1a27013a72d5744be6510c05b86e1b9dd605012 Mon Sep 17 00:00:00 2001
-From: Willem de Bruijn <willemb@google.com>
-Date: Tue, 9 May 2017 16:17:37 -0400
-Subject: [PATCH 1/2] netfilter: xtables: zero padding in data_to_user
-
-When looking up an iptables rule, the iptables binary compares the
-aligned match and target data (XT_ALIGN). In some cases this can
-exceed the actual data size to include padding bytes.
-
-Before commit f77bc5b23fb1 ("iptables: use match, target and data
-copy_to_user helpers") the malloc()ed bytes were overwritten by the
-kernel with kzalloced contents, zeroing the padding and making the
-comparison succeed. After this patch, the kernel copies and clears
-only data, leaving the padding bytes undefined.
-
-Extend the clear operation from data size to aligned data size to
-include the padding bytes, if any.
-
-Padding bytes can be observed in both match and target, and the bug
-triggered, by issuing a rule with match icmp and target ACCEPT:
-
-  iptables -t mangle -A INPUT -i lo -p icmp --icmp-type 1 -j ACCEPT
-  iptables -t mangle -D INPUT -i lo -p icmp --icmp-type 1 -j ACCEPT
-
-Fixes: f77bc5b23fb1 ("iptables: use match, target and data copy_to_user helpers")
-Reported-by: Paul Moore <pmoore@redhat.com>
-Reported-by: Richard Guy Briggs <rgb@redhat.com>
-Signed-off-by: Willem de Bruijn <willemb@google.com>
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
----
- include/linux/netfilter/x_tables.h | 2 +-
- net/bridge/netfilter/ebtables.c    | 9 ++++++---
- net/netfilter/x_tables.c           | 9 ++++++---
- 3 files changed, 13 insertions(+), 7 deletions(-)
-
-diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
-index be378cf..b3044c2c 100644
---- a/include/linux/netfilter/x_tables.h
-+++ b/include/linux/netfilter/x_tables.h
-@@ -294,7 +294,7 @@ int xt_match_to_user(const struct xt_entry_match *m,
- int xt_target_to_user(const struct xt_entry_target *t,
- 		      struct xt_entry_target __user *u);
- int xt_data_to_user(void __user *dst, const void *src,
--		    int usersize, int size);
-+		    int usersize, int size, int aligned_size);
- 
- void *xt_copy_counters_from_user(const void __user *user, unsigned int len,
- 				 struct xt_counters_info *info, bool compat);
-diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
-index 79b6991..656c259 100644
---- a/net/bridge/netfilter/ebtables.c
-+++ b/net/bridge/netfilter/ebtables.c
-@@ -1358,7 +1358,8 @@ static inline int ebt_obj_to_user(char __user *um, const char *_name,
- 	strlcpy(name, _name, sizeof(name));
- 	if (copy_to_user(um, name, EBT_FUNCTION_MAXNAMELEN) ||
- 	    put_user(datasize, (int __user *)(um + EBT_FUNCTION_MAXNAMELEN)) ||
--	    xt_data_to_user(um + entrysize, data, usersize, datasize))
-+	    xt_data_to_user(um + entrysize, data, usersize, datasize,
-+			    XT_ALIGN(datasize)))
- 		return -EFAULT;
- 
- 	return 0;
-@@ -1643,7 +1644,8 @@ static int compat_match_to_user(struct ebt_entry_match *m, void __user **dstptr,
- 		if (match->compat_to_user(cm->data, m->data))
- 			return -EFAULT;
- 	} else {
--		if (xt_data_to_user(cm->data, m->data, match->usersize, msize))
-+		if (xt_data_to_user(cm->data, m->data, match->usersize, msize,
-+				    COMPAT_XT_ALIGN(msize)))
- 			return -EFAULT;
- 	}
- 
-@@ -1672,7 +1674,8 @@ static int compat_target_to_user(struct ebt_entry_target *t,
- 		if (target->compat_to_user(cm->data, t->data))
- 			return -EFAULT;
- 	} else {
--		if (xt_data_to_user(cm->data, t->data, target->usersize, tsize))
-+		if (xt_data_to_user(cm->data, t->data, target->usersize, tsize,
-+				    COMPAT_XT_ALIGN(tsize)))
- 			return -EFAULT;
- 	}
- 
-diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
-index 14857af..afb02fd 100644
---- a/net/netfilter/x_tables.c
-+++ b/net/netfilter/x_tables.c
-@@ -283,12 +283,13 @@ static int xt_obj_to_user(u16 __user *psize, u16 size,
- 		       &U->u.user.revision, K->u.kernel.TYPE->revision)
- 
- int xt_data_to_user(void __user *dst, const void *src,
--		    int usersize, int size)
-+		    int usersize, int size, int aligned_size)
- {
- 	usersize = usersize ? : size;
- 	if (copy_to_user(dst, src, usersize))
- 		return -EFAULT;
--	if (usersize != size && clear_user(dst + usersize, size - usersize))
-+	if (usersize != aligned_size &&
-+	    clear_user(dst + usersize, aligned_size - usersize))
- 		return -EFAULT;
- 
- 	return 0;
-@@ -298,7 +299,9 @@ EXPORT_SYMBOL_GPL(xt_data_to_user);
- #define XT_DATA_TO_USER(U, K, TYPE, C_SIZE)				\
- 	xt_data_to_user(U->data, K->data,				\
- 			K->u.kernel.TYPE->usersize,			\
--			C_SIZE ? : K->u.kernel.TYPE->TYPE##size)
-+			C_SIZE ? : K->u.kernel.TYPE->TYPE##size,	\
-+			C_SIZE ? COMPAT_XT_ALIGN(C_SIZE) :		\
-+				 XT_ALIGN(K->u.kernel.TYPE->TYPE##size))
- 
- int xt_match_to_user(const struct xt_entry_match *m,
- 		     struct xt_entry_match __user *u)
--- 
-2.7.5
-
diff --git a/freed-ora/current/f24/0002-netfilter-xtables-fix-build-failure-from-COMPAT_XT_A.patch b/freed-ora/current/f24/0002-netfilter-xtables-fix-build-failure-from-COMPAT_XT_A.patch
deleted file mode 100644
index 7786bf9d8..000000000
--- a/freed-ora/current/f24/0002-netfilter-xtables-fix-build-failure-from-COMPAT_XT_A.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-From d6b664f7f350dafd604fd014de20ea8e0f25b3b3 Mon Sep 17 00:00:00 2001
-From: Willem de Bruijn <willemb@google.com>
-Date: Wed, 17 May 2017 11:24:47 -0400
-Subject: [PATCH 2/2] netfilter: xtables: fix build failure from
- COMPAT_XT_ALIGN outside CONFIG_COMPAT
-
-The patch in the Fixes references COMPAT_XT_ALIGN in the definition
-of XT_DATA_TO_USER, outside an #ifdef CONFIG_COMPAT block.
-
-Split XT_DATA_TO_USER into separate compat and non compat variants and
-define the first inside an CONFIG_COMPAT block.
-
-This simplifies both variants by removing branches inside the macro.
-
-Fixes: 324318f0248c ("netfilter: xtables: zero padding in data_to_user")
-Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
-Signed-off-by: Willem de Bruijn <willemb@google.com>
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
----
- net/netfilter/x_tables.c | 21 +++++++++++++--------
- 1 file changed, 13 insertions(+), 8 deletions(-)
-
-diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
-index afb02fd..32488c0 100644
---- a/net/netfilter/x_tables.c
-+++ b/net/netfilter/x_tables.c
-@@ -296,18 +296,17 @@ int xt_data_to_user(void __user *dst, const void *src,
- }
- EXPORT_SYMBOL_GPL(xt_data_to_user);
- 
--#define XT_DATA_TO_USER(U, K, TYPE, C_SIZE)				\
-+#define XT_DATA_TO_USER(U, K, TYPE)					\
- 	xt_data_to_user(U->data, K->data,				\
- 			K->u.kernel.TYPE->usersize,			\
--			C_SIZE ? : K->u.kernel.TYPE->TYPE##size,	\
--			C_SIZE ? COMPAT_XT_ALIGN(C_SIZE) :		\
--				 XT_ALIGN(K->u.kernel.TYPE->TYPE##size))
-+			K->u.kernel.TYPE->TYPE##size,			\
-+			XT_ALIGN(K->u.kernel.TYPE->TYPE##size))
- 
- int xt_match_to_user(const struct xt_entry_match *m,
- 		     struct xt_entry_match __user *u)
- {
- 	return XT_OBJ_TO_USER(u, m, match, 0) ||
--	       XT_DATA_TO_USER(u, m, match, 0);
-+	       XT_DATA_TO_USER(u, m, match);
- }
- EXPORT_SYMBOL_GPL(xt_match_to_user);
- 
-@@ -315,7 +314,7 @@ int xt_target_to_user(const struct xt_entry_target *t,
- 		      struct xt_entry_target __user *u)
- {
- 	return XT_OBJ_TO_USER(u, t, target, 0) ||
--	       XT_DATA_TO_USER(u, t, target, 0);
-+	       XT_DATA_TO_USER(u, t, target);
- }
- EXPORT_SYMBOL_GPL(xt_target_to_user);
- 
-@@ -614,6 +613,12 @@ void xt_compat_match_from_user(struct xt_entry_match *m, void **dstptr,
- }
- EXPORT_SYMBOL_GPL(xt_compat_match_from_user);
- 
-+#define COMPAT_XT_DATA_TO_USER(U, K, TYPE, C_SIZE)			\
-+	xt_data_to_user(U->data, K->data,				\
-+			K->u.kernel.TYPE->usersize,			\
-+			C_SIZE,						\
-+			COMPAT_XT_ALIGN(C_SIZE))
-+
- int xt_compat_match_to_user(const struct xt_entry_match *m,
- 			    void __user **dstptr, unsigned int *size)
- {
-@@ -629,7 +634,7 @@ int xt_compat_match_to_user(const struct xt_entry_match *m,
- 		if (match->compat_to_user((void __user *)cm->data, m->data))
- 			return -EFAULT;
- 	} else {
--		if (XT_DATA_TO_USER(cm, m, match, msize - sizeof(*cm)))
-+		if (COMPAT_XT_DATA_TO_USER(cm, m, match, msize - sizeof(*cm)))
- 			return -EFAULT;
- 	}
- 
-@@ -984,7 +989,7 @@ int xt_compat_target_to_user(const struct xt_entry_target *t,
- 		if (target->compat_to_user((void __user *)ct->data, t->data))
- 			return -EFAULT;
- 	} else {
--		if (XT_DATA_TO_USER(ct, t, target, tsize - sizeof(*ct)))
-+		if (COMPAT_XT_DATA_TO_USER(ct, t, target, tsize - sizeof(*ct)))
- 			return -EFAULT;
- 	}
- 
--- 
-2.7.5
-
diff --git a/freed-ora/current/f24/kernel.spec b/freed-ora/current/f24/kernel.spec
index f1eb320b6..f9fb49753 100644
--- a/freed-ora/current/f24/kernel.spec
+++ b/freed-ora/current/f24/kernel.spec
@@ -92,7 +92,7 @@ Summary: The Linux kernel
 %if 0%{?released_kernel}
 
 # Do we have a -stable update to apply?
-%define stable_update 7
+%define stable_update 8
 # Set rpm version accordingly
 %if 0%{?stable_update}
 %define stablerev %{stable_update}
@@ -683,11 +683,6 @@ Patch681: 0002-platform-x86-thinkpad_acpi-add-mapping-for-new-hotke.patch
 # rhbz 1459326
 Patch683: RFC-audit-fix-a-race-condition-with-the-auditd-tracking-code.patch
 
-# rhbz 1459676
-Patch686: 0001-netfilter-xtables-zero-padding-in-data_to_user.patch
-Patch687: 0002-netfilter-xtables-fix-build-failure-from-COMPAT_XT_A.patch
-
-
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -2348,6 +2343,12 @@ fi
 #
 # 
 %changelog
+* Sat Jul  1 2017 Alexandre Oliva <lxoliva@fsfla.org> -libre
+- GNU Linux-libre 4.11.8-gnu.
+
+* Thu Jun 29 2017 Laura Abbott <labbott@fedoraproject.org> - 4.11.8-100
+- Linux v4.11.8
+
 * Wed Jun 28 2017 Alexandre Oliva <lxoliva@fsfla.org> -libre
 - GNU Linux-libre 4.11.7-gnu.
 
diff --git a/freed-ora/current/f24/patch-4.11-gnu-4.11.7-gnu.xz.sign b/freed-ora/current/f24/patch-4.11-gnu-4.11.7-gnu.xz.sign
deleted file mode 100644
index c8830f308..000000000
--- a/freed-ora/current/f24/patch-4.11-gnu-4.11.7-gnu.xz.sign
+++ /dev/null
@@ -1,7 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2
-
-iEYEABECAAYFAllOopYACgkQvLfPh359R6fmiQCfZJKdEdYNhsqESjVF1NwbUT9e
-/GMAni39vTXc69+U+Ew6Uh3GHIZJlir4
-=oTLR
------END PGP SIGNATURE-----
diff --git a/freed-ora/current/f24/patch-4.11-gnu-4.11.8-gnu.xz.sign b/freed-ora/current/f24/patch-4.11-gnu-4.11.8-gnu.xz.sign
new file mode 100644
index 000000000..ee59e204d
--- /dev/null
+++ b/freed-ora/current/f24/patch-4.11-gnu-4.11.8-gnu.xz.sign
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2
+
+iEYEABECAAYFAllVnZsACgkQvLfPh359R6fyfgCfRQ/hVwkZ7NQawqSIINi673yg
+Li0AnAvmRmjzt8BOyJV46sLoALKu1FPo
+=xqia
+-----END PGP SIGNATURE-----
diff --git a/freed-ora/current/f24/sources b/freed-ora/current/f24/sources
index a2ddf16a8..861261922 100644
--- a/freed-ora/current/f24/sources
+++ b/freed-ora/current/f24/sources
@@ -1,3 +1,3 @@
 SHA512 (linux-libre-4.11-gnu.tar.xz) = f1d9138024b127385248de5c8eb72123b717bbbaba3e80bded20f073acac816a7ea979c4677ddc72252a8ec77c6a6c1d1738b1c20106f7d53ef39c9cf64c1853
 SHA512 (perf-man-4.11.tar.gz) = 0b070d2f10a743329de2f532e2d7e19ef385a3e6ef3c700b591ae2697604dbe542b36e31121b3e37517ee8071ab800386fa8663c24a5b36520a18e096c6eefc8
-SHA512 (patch-4.11-gnu-4.11.7-gnu.xz) = df6eb2c3f90f2967abeb545bd3a90aefb5db682447fb182decf3004db4a595634316192e8e506ba259776627d90447d14b64f7e8df2af8d05051c5cb48be7452
+SHA512 (patch-4.11-gnu-4.11.8-gnu.xz) = 9a14f067b23c88f5aa8bfcb8f71ff70601da287ac32126349ada1125548b8e8004abf5ee95c806f2e2ae4b581db37c9fb8ec36373b2d98fbd0263ee19d5ec559