3.14.5-100.fc19.gnu

12 files changed, 231 insertions, 469 deletions

diff --git a/freed-ora/current/f19/0001-hid-quirks-Add-NO_INIT_REPORTS-quirk-for-Synaptics-T.patch b/freed-ora/current/f19/0001-hid-quirks-Add-NO_INIT_REPORTS-quirk-for-Synaptics-T.patch
deleted file mode 100644
index 6d5335448..000000000
--- a/freed-ora/current/f19/0001-hid-quirks-Add-NO_INIT_REPORTS-quirk-for-Synaptics-T.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 6186594c2c72d403832cf07d66cf6d6c6daad8f1 Mon Sep 17 00:00:00 2001
-From: Hans de Goede <hdegoede@redhat.com>
-Date: Fri, 2 May 2014 16:15:33 +0200
-Subject: [PATCH 1/4] hid-quirks: Add NO_INIT_REPORTS quirk for Synaptics Touch
- Pad V 103S
-
-This touchpad seriously dislikes init reports, not only timeing out, but
-also refusing to work after this.
-
-Cc: stable@vger.kernel.org
-Reported-and-tested-by: Vincent Fortier <th0ma7@gmail.com>
-Signed-off-by: Hans de Goede <hdegoede@redhat.com>
----
- drivers/hid/hid-ids.h           | 1 +
- drivers/hid/usbhid/hid-quirks.c | 1 +
- 2 files changed, 2 insertions(+)
-
-diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h
-index c8af720..43f246e 100644
---- a/drivers/hid/hid-ids.h
-+++ b/drivers/hid/hid-ids.h
-@@ -834,6 +834,7 @@
- #define USB_DEVICE_ID_SYNAPTICS_LTS2	0x1d10
- #define USB_DEVICE_ID_SYNAPTICS_HD	0x0ac3
- #define USB_DEVICE_ID_SYNAPTICS_QUAD_HD	0x1ac3
-+#define USB_DEVICE_ID_SYNAPTICS_TP_V103	0x5710
- 
- #define USB_VENDOR_ID_THINGM		0x27b8
- #define USB_DEVICE_ID_BLINK1		0x01ed
-diff --git a/drivers/hid/usbhid/hid-quirks.c b/drivers/hid/usbhid/hid-quirks.c
-index dbd8387..8e4ddb3 100644
---- a/drivers/hid/usbhid/hid-quirks.c
-+++ b/drivers/hid/usbhid/hid-quirks.c
-@@ -119,6 +119,7 @@ static const struct hid_blacklist {
- 	{ USB_VENDOR_ID_SYNAPTICS, USB_DEVICE_ID_SYNAPTICS_LTS2, HID_QUIRK_NO_INIT_REPORTS },
- 	{ USB_VENDOR_ID_SYNAPTICS, USB_DEVICE_ID_SYNAPTICS_HD, HID_QUIRK_NO_INIT_REPORTS },
- 	{ USB_VENDOR_ID_SYNAPTICS, USB_DEVICE_ID_SYNAPTICS_QUAD_HD, HID_QUIRK_NO_INIT_REPORTS },
-+	{ USB_VENDOR_ID_SYNAPTICS, USB_DEVICE_ID_SYNAPTICS_TP_V103, HID_QUIRK_NO_INIT_REPORTS },
- 
- 	{ 0, 0 }
- };
--- 
-1.9.0
-
diff --git a/freed-ora/current/f19/0001-synaptics-Add-min-max-quirk-for-the-ThinkPad-W540.patch b/freed-ora/current/f19/0001-synaptics-Add-min-max-quirk-for-the-ThinkPad-W540.patch
new file mode 100644
index 000000000..9ccc271fc
--- /dev/null
+++ b/freed-ora/current/f19/0001-synaptics-Add-min-max-quirk-for-the-ThinkPad-W540.patch
@@ -0,0 +1,35 @@
+From 8351510e7a3c1b35adf046d8c473be2f5ad617c7 Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Wed, 14 May 2014 12:40:08 +0200
+Subject: [PATCH] synaptics: Add min/max quirk for the ThinkPad W540
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1096436
+
+Tested-and-reported-by: ajayr@bigfoot.com
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+---
+ drivers/input/mouse/synaptics.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/drivers/input/mouse/synaptics.c b/drivers/input/mouse/synaptics.c
+index d68d33f..d4c05b1 100644
+--- a/drivers/input/mouse/synaptics.c
++++ b/drivers/input/mouse/synaptics.c
+@@ -1614,6 +1614,14 @@ static const struct dmi_system_id min_max_dmi_table[] __initconst = {
+ 		.driver_data = (int []){1024, 5112, 2024, 4832},
+ 	},
+ 	{
++		/* Lenovo ThinkPad W540 */
++		.matches = {
++			DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
++			DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad W540"),
++		},
++		.driver_data = (int []){1024, 5112, 2024, 4832},
++	},
++	{
+ 		/* Lenovo Yoga S1 */
+ 		.matches = {
+ 			DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
+-- 
+1.9.0
+
diff --git a/freed-ora/current/f19/Input-elantech-add-support-for-newer-elantech-touchpads.patch b/freed-ora/current/f19/Input-elantech-add-support-for-newer-elantech-touchpads.patch
new file mode 100644
index 000000000..448aeae54
--- /dev/null
+++ b/freed-ora/current/f19/Input-elantech-add-support-for-newer-elantech-touchpads.patch
@@ -0,0 +1,32 @@
+Bugzilla: 1051668
+Upstream-status: 3.15
+
+From ae4bedf0679d99f0a9b80a7ea9b8dd205de05d06 Mon Sep 17 00:00:00 2001
+From: Jordan Rife <jrife0@gmail.com>
+Date: Tue, 22 Apr 2014 17:44:51 -0700
+Subject: Input: elantech - add support for newer elantech touchpads
+
+Newer elantech touchpads are not recognized by the current driver, since it
+fails to detect their firmware version number. This prevents more advanced
+touchpad features from being usable such as two-finger scrolling. This
+patch allows newer touchpads to be detected and be fully functional. Tested
+on Sony Vaio SVF13N17PXB.
+
+Signed-off-by: Jordan Rife <jrife0@gmail.com>
+Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+
+diff --git a/drivers/input/mouse/elantech.c b/drivers/input/mouse/elantech.c
+index ef1cf52..088d354 100644
+--- a/drivers/input/mouse/elantech.c
++++ b/drivers/input/mouse/elantech.c
+@@ -1353,6 +1353,7 @@ static int elantech_set_properties(struct elantech_data *etd)
+ 		case 6:
+ 		case 7:
+ 		case 8:
++		case 9:
+ 			etd->hw_version = 4;
+ 			break;
+ 		default:
+-- 
+cgit v0.10.1
+
diff --git a/freed-ora/current/f19/USB-serial-ftdi_sio-add-id-for-Brainboxes-serial-car.patch b/freed-ora/current/f19/USB-serial-ftdi_sio-add-id-for-Brainboxes-serial-car.patch
deleted file mode 100644
index e144c6969..000000000
--- a/freed-ora/current/f19/USB-serial-ftdi_sio-add-id-for-Brainboxes-serial-car.patch
+++ /dev/null
@@ -1,112 +0,0 @@
-Bugzilla: 1071914
-Upstream-status: 3.15
-
-From efe26e16b1d93ac0085e69178cc18811629e8fc5 Mon Sep 17 00:00:00 2001
-From: Michele Baldessari <michele@acksyn.org>
-Date: Mon, 31 Mar 2014 10:51:00 +0200
-Subject: [PATCH] USB: serial: ftdi_sio: add id for Brainboxes serial cards
-
-Custom VID/PIDs for Brainboxes cards as reported in
-https://bugzilla.redhat.com/show_bug.cgi?id=1071914
-
-Signed-off-by: Michele Baldessari <michele@acksyn.org>
-Cc: stable <stable@vger.kernel.org>
-Signed-off-by: Johan Hovold <jhovold@gmail.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- drivers/usb/serial/ftdi_sio.c     | 33 +++++++++++++++++++++++++++++++++
- drivers/usb/serial/ftdi_sio_ids.h | 37 +++++++++++++++++++++++++++++++++++++
- 2 files changed, 70 insertions(+)
-
-diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c
-index 44ab12986805..7c6e1dedeb06 100644
---- a/drivers/usb/serial/ftdi_sio.c
-+++ b/drivers/usb/serial/ftdi_sio.c
-@@ -909,6 +909,39 @@ static const struct usb_device_id id_table_combined[] = {
- 	{ USB_DEVICE(FTDI_VID, FTDI_Z3X_PID) },
- 	/* Cressi Devices */
- 	{ USB_DEVICE(FTDI_VID, FTDI_CRESSI_PID) },
-+	/* Brainboxes Devices */
-+	{ USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_VX_001_PID) },
-+	{ USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_VX_012_PID) },
-+	{ USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_VX_023_PID) },
-+	{ USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_VX_034_PID) },
-+	{ USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_101_PID) },
-+	{ USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_160_1_PID) },
-+	{ USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_160_2_PID) },
-+	{ USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_160_3_PID) },
-+	{ USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_160_4_PID) },
-+	{ USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_160_5_PID) },
-+	{ USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_160_6_PID) },
-+	{ USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_160_7_PID) },
-+	{ USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_160_8_PID) },
-+	{ USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_257_PID) },
-+	{ USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_279_1_PID) },
-+	{ USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_279_2_PID) },
-+	{ USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_279_3_PID) },
-+	{ USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_279_4_PID) },
-+	{ USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_313_PID) },
-+	{ USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_324_PID) },
-+	{ USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_346_1_PID) },
-+	{ USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_346_2_PID) },
-+	{ USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_357_PID) },
-+	{ USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_606_1_PID) },
-+	{ USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_606_2_PID) },
-+	{ USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_606_3_PID) },
-+	{ USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_701_1_PID) },
-+	{ USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_701_2_PID) },
-+	{ USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_842_1_PID) },
-+	{ USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_842_2_PID) },
-+	{ USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_842_3_PID) },
-+	{ USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_842_4_PID) },
- 	{ }					/* Terminating entry */
- };
- 
-diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h
-index e599fbfcde5f..993c93df6874 100644
---- a/drivers/usb/serial/ftdi_sio_ids.h
-+++ b/drivers/usb/serial/ftdi_sio_ids.h
-@@ -1326,3 +1326,40 @@
-  * Manufacturer: Cressi
-  */
- #define FTDI_CRESSI_PID		0x87d0
-+
-+/*
-+ * Brainboxes devices
-+ */
-+#define BRAINBOXES_VID			0x05d1
-+#define BRAINBOXES_VX_001_PID		0x1001 /* VX-001 ExpressCard 1 Port RS232 */
-+#define BRAINBOXES_VX_012_PID		0x1002 /* VX-012 ExpressCard 2 Port RS232 */
-+#define BRAINBOXES_VX_023_PID		0x1003 /* VX-023 ExpressCard 1 Port RS422/485 */
-+#define BRAINBOXES_VX_034_PID		0x1004 /* VX-034 ExpressCard 2 Port RS422/485 */
-+#define BRAINBOXES_US_101_PID		0x1011 /* US-101 1xRS232 */
-+#define BRAINBOXES_US_324_PID		0x1013 /* US-324 1xRS422/485 1Mbaud */
-+#define BRAINBOXES_US_606_1_PID		0x2001 /* US-606 6 Port RS232 Serial Port 1 and 2 */
-+#define BRAINBOXES_US_606_2_PID		0x2002 /* US-606 6 Port RS232 Serial Port 3 and 4 */
-+#define BRAINBOXES_US_606_3_PID		0x2003 /* US-606 6 Port RS232 Serial Port 4 and 6 */
-+#define BRAINBOXES_US_701_1_PID		0x2011 /* US-701 4xRS232 1Mbaud Port 1 and 2 */
-+#define BRAINBOXES_US_701_2_PID		0x2012 /* US-701 4xRS422 1Mbaud Port 3 and 4 */
-+#define BRAINBOXES_US_279_1_PID		0x2021 /* US-279 8xRS422 1Mbaud Port 1 and 2 */
-+#define BRAINBOXES_US_279_2_PID		0x2022 /* US-279 8xRS422 1Mbaud Port 3 and 4 */
-+#define BRAINBOXES_US_279_3_PID		0x2023 /* US-279 8xRS422 1Mbaud Port 5 and 6 */
-+#define BRAINBOXES_US_279_4_PID		0x2024 /* US-279 8xRS422 1Mbaud Port 7 and 8 */
-+#define BRAINBOXES_US_346_1_PID		0x3011 /* US-346 4xRS422/485 1Mbaud Port 1 and 2 */
-+#define BRAINBOXES_US_346_2_PID		0x3012 /* US-346 4xRS422/485 1Mbaud Port 3 and 4 */
-+#define BRAINBOXES_US_257_PID		0x5001 /* US-257 2xRS232 1Mbaud */
-+#define BRAINBOXES_US_313_PID		0x6001 /* US-313 2xRS422/485 1Mbaud */
-+#define BRAINBOXES_US_357_PID		0x7001 /* US_357 1xRS232/422/485 */
-+#define BRAINBOXES_US_842_1_PID		0x8001 /* US-842 8xRS422/485 1Mbaud Port 1 and 2 */
-+#define BRAINBOXES_US_842_2_PID		0x8002 /* US-842 8xRS422/485 1Mbaud Port 3 and 4 */
-+#define BRAINBOXES_US_842_3_PID		0x8003 /* US-842 8xRS422/485 1Mbaud Port 5 and 6 */
-+#define BRAINBOXES_US_842_4_PID		0x8004 /* US-842 8xRS422/485 1Mbaud Port 7 and 8 */
-+#define BRAINBOXES_US_160_1_PID		0x9001 /* US-160 16xRS232 1Mbaud Port 1 and 2 */
-+#define BRAINBOXES_US_160_2_PID		0x9002 /* US-160 16xRS232 1Mbaud Port 3 and 4 */
-+#define BRAINBOXES_US_160_3_PID		0x9003 /* US-160 16xRS232 1Mbaud Port 5 and 6 */
-+#define BRAINBOXES_US_160_4_PID		0x9004 /* US-160 16xRS232 1Mbaud Port 7 and 8 */
-+#define BRAINBOXES_US_160_5_PID		0x9005 /* US-160 16xRS232 1Mbaud Port 9 and 10 */
-+#define BRAINBOXES_US_160_6_PID		0x9006 /* US-160 16xRS232 1Mbaud Port 11 and 12 */
-+#define BRAINBOXES_US_160_7_PID		0x9007 /* US-160 16xRS232 1Mbaud Port 13 and 14 */
-+#define BRAINBOXES_US_160_8_PID		0x9008 /* US-160 16xRS232 1Mbaud Port 15 and 16 */
--- 
-1.9.0
-
diff --git a/freed-ora/current/f19/auditsc-audit_krule-mask-accesses-need-bounds-checking.patch b/freed-ora/current/f19/auditsc-audit_krule-mask-accesses-need-bounds-checking.patch
new file mode 100644
index 000000000..1a7763767
--- /dev/null
+++ b/freed-ora/current/f19/auditsc-audit_krule-mask-accesses-need-bounds-checking.patch
@@ -0,0 +1,128 @@
+Bugzilla: 1102715
+Upstream-status: Submitted for 3.15 and CC'd to stable                                                                                                                                                                                                                                                               
+Delivered-To: jwboyer@gmail.com
+Received: by 10.76.6.212 with SMTP id d20csp285523oaa;
+        Wed, 28 May 2014 20:10:58 -0700 (PDT)
+X-Received: by 10.66.250.166 with SMTP id zd6mr4872927pac.7.1401333057574;
+        Wed, 28 May 2014 20:10:57 -0700 (PDT)
+Return-Path: <stable-owner@vger.kernel.org>
+Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
+        by mx.google.com with ESMTP id j1si26042371pbw.214.2014.05.28.20.10.31
+        for <multiple recipients>;
+        Wed, 28 May 2014 20:10:57 -0700 (PDT)
+Received-SPF: none (google.com: stable-owner@vger.kernel.org does not designate permitted sender hosts) client-ip=209.132.180.67;
+Authentication-Results: mx.google.com;
+       spf=neutral (google.com: stable-owner@vger.kernel.org does not designate permitted sender hosts) smtp.mail=stable-owner@vger.kernel.org
+Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
+	id S1755059AbaE2DKa (ORCPT <rfc822;takashi.bg@gmail.com>
+	+ 73 others); Wed, 28 May 2014 23:10:30 -0400
+Received: from mx1.redhat.com ([209.132.183.28]:34907 "EHLO mx1.redhat.com"
+	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
+	id S1753861AbaE2DK3 (ORCPT <rfc822;stable@vger.kernel.org>);
+	Wed, 28 May 2014 23:10:29 -0400
+Received: from int-mx13.intmail.prod.int.phx2.redhat.com (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26])
+	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s4T3AQfK017267
+	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
+	Wed, 28 May 2014 23:10:26 -0400
+Received: from paris.rdu.redhat.com (paris.rdu.redhat.com [10.13.136.28])
+	by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s4T3APd7019240;
+	Wed, 28 May 2014 23:10:26 -0400
+From:	Eric Paris <eparis@redhat.com>
+To:	torvalds@linux-foundation.org
+Cc:	linux-audit@redhat.com, linux-kernel@vger.kernel.org,
+	Andy Lutomirski <luto@amacapital.net>, stable@vger.kernel.org,
+	Eric Paris <eparis@redhat.com>
+Subject: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking
+Date:	Wed, 28 May 2014 23:09:58 -0400
+Message-Id: <1401332999-15167-1-git-send-email-eparis@redhat.com>
+X-Scanned-By: MIMEDefang 2.68 on 10.5.11.26
+Sender:	stable-owner@vger.kernel.org
+Precedence: bulk
+List-ID: <stable.vger.kernel.org>
+X-Mailing-List:	stable@vger.kernel.org
+
+From: Andy Lutomirski <luto@amacapital.net>
+
+Fixes an easy DoS and possible information disclosure.
+
+This does nothing about the broken state of x32 auditing.
+
+eparis: If the admin has enabled auditd and has specifically loaded audit
+rules.  This bug has been around since before git.  Wow...
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Andy Lutomirski <luto@amacapital.net>
+Signed-off-by: Eric Paris <eparis@redhat.com>
+---
+ kernel/auditsc.c | 27 ++++++++++++++++++---------
+ 1 file changed, 18 insertions(+), 9 deletions(-)
+
+diff --git a/kernel/auditsc.c b/kernel/auditsc.c
+index 254ce20..842f58a 100644
+--- a/kernel/auditsc.c
++++ b/kernel/auditsc.c
+@@ -728,6 +728,22 @@ static enum audit_state audit_filter_task(struct task_struct *tsk, char **key)
+ 	return AUDIT_BUILD_CONTEXT;
+ }
+ 
++static int audit_in_mask(const struct audit_krule *rule, unsigned long val)
++{
++	int word, bit;
++
++	if (val > 0xffffffff)
++		return false;
++
++	word = AUDIT_WORD(val);
++	if (word >= AUDIT_BITMASK_SIZE)
++		return false;
++
++	bit = AUDIT_BIT(val);
++
++	return rule->mask[word] & bit;
++}
++
+ /* At syscall entry and exit time, this filter is called if the
+  * audit_state is not low enough that auditing cannot take place, but is
+  * also not high enough that we already know we have to write an audit
+@@ -745,11 +761,8 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk,
+ 
+ 	rcu_read_lock();
+ 	if (!list_empty(list)) {
+-		int word = AUDIT_WORD(ctx->major);
+-		int bit  = AUDIT_BIT(ctx->major);
+-
+ 		list_for_each_entry_rcu(e, list, list) {
+-			if ((e->rule.mask[word] & bit) == bit &&
++			if (audit_in_mask(&e->rule, ctx->major) &&
+ 			    audit_filter_rules(tsk, &e->rule, ctx, NULL,
+ 					       &state, false)) {
+ 				rcu_read_unlock();
+@@ -769,20 +782,16 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk,
+ static int audit_filter_inode_name(struct task_struct *tsk,
+ 				   struct audit_names *n,
+ 				   struct audit_context *ctx) {
+-	int word, bit;
+ 	int h = audit_hash_ino((u32)n->ino);
+ 	struct list_head *list = &audit_inode_hash[h];
+ 	struct audit_entry *e;
+ 	enum audit_state state;
+ 
+-	word = AUDIT_WORD(ctx->major);
+-	bit  = AUDIT_BIT(ctx->major);
+-
+ 	if (list_empty(list))
+ 		return 0;
+ 
+ 	list_for_each_entry_rcu(e, list, list) {
+-		if ((e->rule.mask[word] & bit) == bit &&
++		if (audit_in_mask(&e->rule, ctx->major) &&
+ 		    audit_filter_rules(tsk, &e->rule, ctx, n, &state, false)) {
+ 			ctx->current_state = state;
+ 			return 1;
+-- 
+1.9.0
+
+--
+To unsubscribe from this list: send the line "unsubscribe stable" in
+the body of a message to majordomo@vger.kernel.org
+More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff --git a/freed-ora/current/f19/filter-prevent-nla-extensions-to-peek-beyond-the-end.patch b/freed-ora/current/f19/filter-prevent-nla-extensions-to-peek-beyond-the-end.patch
deleted file mode 100644
index 1aec648f9..000000000
--- a/freed-ora/current/f19/filter-prevent-nla-extensions-to-peek-beyond-the-end.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-Bugzilla: 1096784
-Upstream-status: 3.15
-
-From 0e1e9b265ec6c9b69ba5443e0d11aaa9a92ded53 Mon Sep 17 00:00:00 2001
-From: Mathias Krause <minipli@googlemail.com>
-Date: Sun, 13 Apr 2014 18:23:33 +0200
-Subject: [PATCH] filter: prevent nla extensions to peek beyond the end of the
- message
-
-Upstream commit 05ab8f2647e4221cbdb3856dd7d32bd5407316b3
-
-The BPF_S_ANC_NLATTR and BPF_S_ANC_NLATTR_NEST extensions fail to check
-for a minimal message length before testing the supplied offset to be
-within the bounds of the message. This allows the subtraction of the nla
-header to underflow and therefore -- as the data type is unsigned --
-allowing far to big offset and length values for the search of the
-netlink attribute.
-
-The remainder calculation for the BPF_S_ANC_NLATTR_NEST extension is
-also wrong. It has the minuend and subtrahend mixed up, therefore
-calculates a huge length value, allowing to overrun the end of the
-message while looking for the netlink attribute.
-
-The following three BPF snippets will trigger the bugs when attached to
-a UNIX datagram socket and parsing a message with length 1, 2 or 3.
-
- ,-[ PoC for missing size check in BPF_S_ANC_NLATTR ]--
- | ld	#0x87654321
- | ldx	#42
- | ld	#nla
- | ret	a
- `---
-
- ,-[ PoC for the same bug in BPF_S_ANC_NLATTR_NEST ]--
- | ld	#0x87654321
- | ldx	#42
- | ld	#nlan
- | ret	a
- `---
-
- ,-[ PoC for wrong remainder calculation in BPF_S_ANC_NLATTR_NEST ]--
- | ; (needs a fake netlink header at offset 0)
- | ld	#0
- | ldx	#42
- | ld	#nlan
- | ret	a
- `---
-
-Fix the first issue by ensuring the message length fulfills the minimal
-size constrains of a nla header. Fix the second bug by getting the math
-for the remainder calculation right.
-
-Fixes: 4738c1db15 ("[SKFILTER]: Add SKF_ADF_NLATTR instruction")
-Fixes: d214c7537b ("filter: add SKF_AD_NLATTR_NEST to look for nested..")
-Cc: Patrick McHardy <kaber@trash.net>
-Cc: Pablo Neira Ayuso <pablo@netfilter.org>
-Signed-off-by: Mathias Krause <minipli@googlemail.com>
-Acked-by: Daniel Borkmann <dborkman@redhat.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
----
- net/core/filter.c | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/net/core/filter.c b/net/core/filter.c
-index ad30d626a5bd..7be35b5fc22f 100644
---- a/net/core/filter.c
-+++ b/net/core/filter.c
-@@ -355,6 +355,10 @@ load_b:
- 
- 			if (skb_is_nonlinear(skb))
- 				return 0;
-+			
-+			if (skb->len < sizeof(struct nlattr))
-+				return 0;
-+
- 			if (A > skb->len - sizeof(struct nlattr))
- 				return 0;
- 
-@@ -371,11 +375,15 @@ load_b:
- 
- 			if (skb_is_nonlinear(skb))
- 				return 0;
-+
-+			if (skb->len < sizeof(struct nlattr))
-+				return 0;
-+
- 			if (A > skb->len - sizeof(struct nlattr))
- 				return 0;
- 
- 			nla = (struct nlattr *)&skb->data[A];
--			if (nla->nla_len > A - skb->len)
-+			if (nla->nla_len > skb->len - A)
- 				return 0;
- 
- 			nla = nla_find_nested(nla, X);
--- 
-1.9.0
-
diff --git a/freed-ora/current/f19/kernel.spec b/freed-ora/current/f19/kernel.spec
index 31b4b9adb..693e239ad 100644
--- a/freed-ora/current/f19/kernel.spec
+++ b/freed-ora/current/f19/kernel.spec
@@ -112,7 +112,7 @@ Summary: The Linux kernel
 %if 0%{?released_kernel}
 
 # Do we have a -stable update to apply?
-%define stable_update 4
+%define stable_update 5
 # Is it a -stable RC?
 %define stable_rc 0
 # Set rpm version accordingly
@@ -778,15 +778,9 @@ Patch25047: drm-radeon-Disable-writeback-by-default-on-ppc.patch
 #rhbz 1051748
 Patch25035: Bluetooth-allocate-static-minor-for-vhci.patch
 
-#CVE-2014-2851 rhbz 1086730 1087420
-Patch25059: net-ipv4-current-group_info-should-be-put-after-using.patch
-
 #rhbz 1074710
 Patch25061: mm-page_alloc.c-change-mm-debug-routines-back-to-EXP.patch
 
-#rhbz 1071914
-Patch25063: USB-serial-ftdi_sio-add-id-for-Brainboxes-serial-car.patch
-
 #rhbz 1048314
 Patch25062: 0001-HID-rmi-introduce-RMI-driver-for-Synaptics-touchpads.patch
 
@@ -811,14 +805,10 @@ Patch25070: 0001-acpi-video-Add-4-new-models-to-the-use_native_backli.patch
 #rhbz 1060327
 Patch25071: drm-fix-qxl-mode-flags-backport.patch
 
-#rhbz 1093931
-Patch25073: net-Start-with-correct-mac_len-in-skb_network_protoc.patch
-
 #rhbz 1089545
 Patch25074: 0001-acpi-video-Add-use_native_backlight-quirks-for-Think.patch
 
 #misc input fixes
-Patch25077: 0001-hid-quirks-Add-NO_INIT_REPORTS-quirk-for-Synaptics-T.patch
 Patch25078: 0002-elantech-Fix-elantech-on-Gigabyte-U2442.patch
 
 #rhbz 861573
@@ -828,7 +818,6 @@ Patch25079: 0003-samsung-laptop-Add-broken-acpi-video-quirk-for-NC210.patch
 Patch25080: 0004-acpi-blacklist-Add-dmi_enable_osi_linux-quirk-for-As.patch
 
 #CVE-2014-0181 rhbz 1094270 1094265
-Patch25081: net-Fix-ns_capable-check-in-sock_diag_put_filterinfo.patch
 Patch25082: 1-5-netlink-Rename-netlink_capable-netlink_allowed.patch
 Patch25083: 2-5-net-Move-the-permission-check-in-sock_diag_put_filterinfo-to-packet_diag_dump.patch
 Patch25084: 3-5-net-Add-variants-of-capable-for-use-on-on-sockets.patch
@@ -838,8 +827,14 @@ Patch25086: 5-5-net-Use-netlink_ns_capable-to-verify-the-permisions-of-netlink-m
 #rhbz 1082266
 Patch25087: jme-fix-dma-unmap-error.patch
 
-# CVE-2014-3144 CVE-2014-3145 rhbz 1096775, 1096784
-Patch25090: filter-prevent-nla-extensions-to-peek-beyond-the-end.patch
+#rhbz 1096436
+Patch25091: 0001-synaptics-Add-min-max-quirk-for-the-ThinkPad-W540.patch
+
+#rhbz 1051668
+Patch25092: Input-elantech-add-support-for-newer-elantech-touchpads.patch
+
+# CVE-2014-3917 rhbz 1102571 1102715
+Patch25093: auditsc-audit_krule-mask-accesses-need-bounds-checking.patch
 
 # END OF PATCH DEFINITIONS
 
@@ -1571,15 +1566,9 @@ ApplyPatch 0001-HID-rmi-do-not-handle-touchscreens-through-hid-rmi.patch
 #rhbz 1090161
 ApplyPatch HID-rmi-do-not-fetch-more-than-16-bytes-in-a-query.patch
 
-#CVE-2014-2851 rhbz 1086730 1087420
-ApplyPatch net-ipv4-current-group_info-should-be-put-after-using.patch
-
 #rhbz 1074710
 ApplyPatch mm-page_alloc.c-change-mm-debug-routines-back-to-EXP.patch
 
-#rhbz 1071914
-ApplyPatch USB-serial-ftdi_sio-add-id-for-Brainboxes-serial-car.patch
-
 #rhbz 1013466
 ApplyPatch selinux-put-the-mmap-DAC-controls-before-the-MAC-controls.patch
 
@@ -1595,14 +1584,10 @@ ApplyPatch 0001-acpi-video-Add-4-new-models-to-the-use_native_backli.patch
 #rhbz 1060327
 ApplyPatch drm-fix-qxl-mode-flags-backport.patch
 
-#rhbz 1093931
-ApplyPatch net-Start-with-correct-mac_len-in-skb_network_protoc.patch
-
 #rhbz 1089545
 ApplyPatch 0001-acpi-video-Add-use_native_backlight-quirks-for-Think.patch
 
 #misc input fixes
-ApplyPatch 0001-hid-quirks-Add-NO_INIT_REPORTS-quirk-for-Synaptics-T.patch
 ApplyPatch 0002-elantech-Fix-elantech-on-Gigabyte-U2442.patch
 
 #rhbz 861573
@@ -1612,7 +1597,6 @@ ApplyPatch 0003-samsung-laptop-Add-broken-acpi-video-quirk-for-NC210.patch
 ApplyPatch 0004-acpi-blacklist-Add-dmi_enable_osi_linux-quirk-for-As.patch
 
 #CVE-2014-0181 rhbz 1094270 1094265
-ApplyPatch net-Fix-ns_capable-check-in-sock_diag_put_filterinfo.patch
 ApplyPatch 1-5-netlink-Rename-netlink_capable-netlink_allowed.patch
 ApplyPatch 2-5-net-Move-the-permission-check-in-sock_diag_put_filterinfo-to-packet_diag_dump.patch
 ApplyPatch 3-5-net-Add-variants-of-capable-for-use-on-on-sockets.patch
@@ -1622,8 +1606,14 @@ ApplyPatch 5-5-net-Use-netlink_ns_capable-to-verify-the-permisions-of-netlink-me
 #rhbz 1082266
 ApplyPatch jme-fix-dma-unmap-error.patch
 
-# CVE-2014-3144 CVE-2014-3145 rhbz 1096775, 1096784
-ApplyPatch filter-prevent-nla-extensions-to-peek-beyond-the-end.patch
+#rhbz 1096436
+ApplyPatch 0001-synaptics-Add-min-max-quirk-for-the-ThinkPad-W540.patch
+
+#rhbz 1051668
+ApplyPatch Input-elantech-add-support-for-newer-elantech-touchpads.patch
+
+# CVE-2014-3917 rhbz 1102571 1102715
+ApplyPatch auditsc-audit_krule-mask-accesses-need-bounds-checking.patch
 
 # END OF PATCH APPLICATIONS
 
@@ -2448,6 +2438,21 @@ fi
 # and build.
 
 %changelog
+* Mon Jun  2 2014 Alexandre Oliva <lxoliva@fsfla.org> -libre
+- GNU Linux-libre 3.14.5-gnu.
+
+* Mon Jun 02 2014 Justin M. Forbes <jforbes@fedoraproject.org> - 3.14.5-100
+- Linux v3.14.5
+
+* Thu May 29 2014 Josh Boyer <jwboyer@fedoraproject.org>
+- CVE-2014-3917 DoS with syscall auditing (rhbz 1102571 1102715)
+
+* Tue May 20 2014 Josh Boyer <jwboyer@fedoraproject.org>
+- Backport patch to add new elantech touchpad support (rhbz 1051668)
+
+* Wed May 14 2014 Hans de Goede <hdegoede@redhat.com>
+- Add synaptics min/max quirk patch for the ThinkPad W540 (rhbz 1096436)
+
 * Tue May 13 2014 Alexandre Oliva <lxoliva@fsfla.org> -libre
 - GNU Linux-libre 3.14.4-gnu.
 
diff --git a/freed-ora/current/f19/modsign-uefi.patch b/freed-ora/current/f19/modsign-uefi.patch
index 17009c196..a3f3a56e0 100644
--- a/freed-ora/current/f19/modsign-uefi.patch
+++ b/freed-ora/current/f19/modsign-uefi.patch
@@ -283,9 +283,9 @@ index 0ff5407..ba76e57 100644
 +	  are used by the module signature checking to reject loading of modules
 +	  signed with a blacklisted key.
 +
- menuconfig MODULES
- 	bool "Enable loadable module support"
- 	option modules
+ config PROFILING
+	bool "Profiling support"
+	help
 diff --git a/kernel/module_signing.c b/kernel/module_signing.c
 index 0b6b870..0a29b40 100644
 --- a/kernel/module_signing.c
diff --git a/freed-ora/current/f19/net-Fix-ns_capable-check-in-sock_diag_put_filterinfo.patch b/freed-ora/current/f19/net-Fix-ns_capable-check-in-sock_diag_put_filterinfo.patch
deleted file mode 100644
index 9e4abdb9a..000000000
--- a/freed-ora/current/f19/net-Fix-ns_capable-check-in-sock_diag_put_filterinfo.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-Bugzilla: 1094270
-Upstream-status: 3.15 and queued for stable
-
-From 3b72ed3ca18b9f55fc90f55a52c32b22b3a2837e Mon Sep 17 00:00:00 2001
-From: Andrew Lutomirski <luto@amacapital.net>
-Date: Wed, 16 Apr 2014 21:41:34 -0700
-Subject: [PATCH 1/6] net: Fix ns_capable check in sock_diag_put_filterinfo
-
-The caller needs capabilities on the namespace being queried, not on
-their own namespace.  This is a security bug, although it likely has
-only a minor impact.
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Andy Lutomirski <luto@amacapital.net>
-Acked-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
----
- include/linux/sock_diag.h | 2 +-
- net/core/sock_diag.c      | 4 ++--
- net/packet/diag.c         | 2 +-
- 3 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/include/linux/sock_diag.h b/include/linux/sock_diag.h
-index 54f91d35e5fd..302ab805b0bb 100644
---- a/include/linux/sock_diag.h
-+++ b/include/linux/sock_diag.h
-@@ -23,7 +23,7 @@ int sock_diag_check_cookie(void *sk, __u32 *cookie);
- void sock_diag_save_cookie(void *sk, __u32 *cookie);
- 
- int sock_diag_put_meminfo(struct sock *sk, struct sk_buff *skb, int attr);
--int sock_diag_put_filterinfo(struct user_namespace *user_ns, struct sock *sk,
-+int sock_diag_put_filterinfo(struct sock *sk,
- 			     struct sk_buff *skb, int attrtype);
- 
- #endif
-diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c
-index a0e9cf6379de..6a7fae228634 100644
---- a/net/core/sock_diag.c
-+++ b/net/core/sock_diag.c
-@@ -49,7 +49,7 @@ int sock_diag_put_meminfo(struct sock *sk, struct sk_buff *skb, int attrtype)
- }
- EXPORT_SYMBOL_GPL(sock_diag_put_meminfo);
- 
--int sock_diag_put_filterinfo(struct user_namespace *user_ns, struct sock *sk,
-+int sock_diag_put_filterinfo(struct sock *sk,
- 			     struct sk_buff *skb, int attrtype)
- {
- 	struct nlattr *attr;
-@@ -57,7 +57,7 @@ int sock_diag_put_filterinfo(struct user_namespace *user_ns, struct sock *sk,
- 	unsigned int len;
- 	int err = 0;
- 
--	if (!ns_capable(user_ns, CAP_NET_ADMIN)) {
-+	if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) {
- 		nla_reserve(skb, attrtype, 0);
- 		return 0;
- 	}
-diff --git a/net/packet/diag.c b/net/packet/diag.c
-index 533ce4ff108a..435ff99ba8c7 100644
---- a/net/packet/diag.c
-+++ b/net/packet/diag.c
-@@ -172,7 +172,7 @@ static int sk_diag_fill(struct sock *sk, struct sk_buff *skb,
- 		goto out_nlmsg_trim;
- 
- 	if ((req->pdiag_show & PACKET_SHOW_FILTER) &&
--	    sock_diag_put_filterinfo(user_ns, sk, skb, PACKET_DIAG_FILTER))
-+	    sock_diag_put_filterinfo(sk, skb, PACKET_DIAG_FILTER))
- 		goto out_nlmsg_trim;
- 
- 	return nlmsg_end(skb, nlh);
--- 
-1.9.0
-
diff --git a/freed-ora/current/f19/net-Start-with-correct-mac_len-in-skb_network_protoc.patch b/freed-ora/current/f19/net-Start-with-correct-mac_len-in-skb_network_protoc.patch
deleted file mode 100644
index fc3262d8e..000000000
--- a/freed-ora/current/f19/net-Start-with-correct-mac_len-in-skb_network_protoc.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-Bugzilla: 1093931
-Upstream-status: 3.15 and queued for stable (3.14.y only)
-
-From 1e785f48d29a09b6cf96db7b49b6320dada332e1 Mon Sep 17 00:00:00 2001
-From: Vlad Yasevich <vyasevic@redhat.com>
-Date: Mon, 14 Apr 2014 17:37:26 -0400
-Subject: [PATCH] net: Start with correct mac_len in skb_network_protocol
-
-Sometimes, when the packet arrives at skb_mac_gso_segment()
-its skb->mac_len already accounts for some of the mac lenght
-headers in the packet.  This seems to happen when forwarding
-through and OpenSSL tunnel.
-
-When we start looking for any vlan headers in skb_network_protocol()
-we seem to ignore any of the already known mac headers and start
-with an ETH_HLEN.  This results in an incorrect offset, dropped
-TSO frames and general slowness of the connection.
-
-We can start counting from the known skb->mac_len
-and return at least that much if all mac level headers
-are known and accounted for.
-
-Fixes: 53d6471cef17262d3ad1c7ce8982a234244f68ec (net: Account for all vlan headers in skb_mac_gso_segment)
-CC: Eric Dumazet <eric.dumazet@gmail.com>
-CC: Daniel Borkman <dborkman@redhat.com>
-Tested-by: Martin Filip <nexus+kernel@smoula.net>
-Signed-off-by: Vlad Yasevich <vyasevic@redhat.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
----
- net/core/dev.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/net/core/dev.c b/net/core/dev.c
-index 14dac0654f28..5b3042e69f85 100644
---- a/net/core/dev.c
-+++ b/net/core/dev.c
-@@ -2284,7 +2284,7 @@ EXPORT_SYMBOL(skb_checksum_help);
- __be16 skb_network_protocol(struct sk_buff *skb, int *depth)
- {
- 	__be16 type = skb->protocol;
--	int vlan_depth = ETH_HLEN;
-+	int vlan_depth = skb->mac_len;
- 
- 	/* Tunnel gso handlers can set protocol to ethernet. */
- 	if (type == htons(ETH_P_TEB)) {
--- 
-1.9.0
-
diff --git a/freed-ora/current/f19/net-ipv4-current-group_info-should-be-put-after-using.patch b/freed-ora/current/f19/net-ipv4-current-group_info-should-be-put-after-using.patch
deleted file mode 100644
index 265b3839b..000000000
--- a/freed-ora/current/f19/net-ipv4-current-group_info-should-be-put-after-using.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-Bugzilla: 1087420
-Upstream-status: Queued for 3.15 and stable
-
-From b04c46190219a4f845e46a459e3102137b7f6cac Mon Sep 17 00:00:00 2001
-From: "Wang, Xiaoming" <xiaoming.wang@intel.com>
-Date: Mon, 14 Apr 2014 12:30:45 -0400
-Subject: net: ipv4: current group_info should be put after using.
-
-Plug a group_info refcount leak in ping_init.
-group_info is only needed during initialization and
-the code failed to release the reference on exit.
-While here move grabbing the reference to a place
-where it is actually needed.
-
-Signed-off-by: Chuansheng Liu <chuansheng.liu@intel.com>
-Signed-off-by: Zhang Dongxing <dongxing.zhang@intel.com>
-Signed-off-by: xiaoming wang <xiaoming.wang@intel.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-
-diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
-index f4b19e5..8210964 100644
---- a/net/ipv4/ping.c
-+++ b/net/ipv4/ping.c
-@@ -252,26 +252,33 @@ int ping_init_sock(struct sock *sk)
- {
- 	struct net *net = sock_net(sk);
- 	kgid_t group = current_egid();
--	struct group_info *group_info = get_current_groups();
--	int i, j, count = group_info->ngroups;
-+	struct group_info *group_info;
-+	int i, j, count;
- 	kgid_t low, high;
-+	int ret = 0;
- 
- 	inet_get_ping_group_range_net(net, &low, &high);
- 	if (gid_lte(low, group) && gid_lte(group, high))
- 		return 0;
- 
-+	group_info = get_current_groups();
-+	count = group_info->ngroups;
- 	for (i = 0; i < group_info->nblocks; i++) {
- 		int cp_count = min_t(int, NGROUPS_PER_BLOCK, count);
- 		for (j = 0; j < cp_count; j++) {
- 			kgid_t gid = group_info->blocks[i][j];
- 			if (gid_lte(low, gid) && gid_lte(gid, high))
--				return 0;
-+				goto out_release_group;
- 		}
- 
- 		count -= cp_count;
- 	}
- 
--	return -EACCES;
-+	ret = -EACCES;
-+
-+out_release_group:
-+	put_group_info(group_info);
-+	return ret;
- }
- EXPORT_SYMBOL_GPL(ping_init_sock);
- 
--- 
-cgit v0.10.1
-
diff --git a/freed-ora/current/f19/sources b/freed-ora/current/f19/sources
index 777c34a96..02a6ad858 100644
--- a/freed-ora/current/f19/sources
+++ b/freed-ora/current/f19/sources
@@ -1,2 +1,2 @@
 c108ec52eeb2a9b9ddbb8d12496ff25f  linux-libre-3.14-gnu.tar.xz
-116f27cf17c3522716b6678b17516067  patch-3.14.4.xz
+a56bf05cb9033097198f9269bbcff130  patch-3.14.5.xz