Update to 4.8.7
This commit is contained in:
parent
d99e060fe3
commit
e8880932f8
|
@ -1,4 +1,4 @@
|
|||
linux (4.8.6-1) UNRELEASED; urgency=medium
|
||||
linux (4.8.7-1) UNRELEASED; urgency=medium
|
||||
|
||||
* New upstream stable update:
|
||||
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.6
|
||||
|
@ -104,6 +104,119 @@ linux (4.8.6-1) UNRELEASED; urgency=medium
|
|||
- PCI: generic: Fix pci_remap_iospace() failure path
|
||||
- [armhf] PCI: tegra: Fix pci_remap_iospace() failure path
|
||||
- libnvdimm: clear the internal poison_list when clearing badblocks
|
||||
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7
|
||||
- [armhf] i2c: rk3x: Give the tuning value 0 during
|
||||
rk3x_i2c_v0_calc_timings
|
||||
- i2c: core: fix NULL pointer dereference under race condition
|
||||
- drm/dp/mst: Clear port->pdt when tearing down the i2c adapter
|
||||
- gpio / ACPI: fix returned error from acpi_dev_gpio_irq_get()
|
||||
- gpio: GPIO_GET_CHIPINFO_IOCTL: Fix line offset validation
|
||||
- gpio: GPIO_GET_CHIPINFO_IOCTL: Fix information leak
|
||||
- gpio: GPIO_GET_LINEHANDLE_IOCTL: Validate line offset
|
||||
- gpio: GPIOHANDLE_GET_LINE_VALUES_IOCTL: Fix information leak
|
||||
- gpio: GPIO_GET_LINEEVENT_IOCTL: Validate line offset
|
||||
- gpio: GPIO_GET_LINEHANDLE_IOCTL: Reject invalid line flags
|
||||
- gpio: GPIO_GET_LINEEVENT_IOCTL: Reject invalid line and event flags
|
||||
- gpio: GPIOHANDLE_GET_LINE_VALUES_IOCTL: Fix another information leak
|
||||
- gpio: GPIO_GET_LINE{HANDLE,EVENT}_IOCTL: Fix file descriptor leak
|
||||
- libxfs: clean up _calc_dquots_per_chunk
|
||||
- mm/list_lru.c: avoid error-path NULL pointer deref
|
||||
- mm/slab: fix kmemcg cache creation delayed issue
|
||||
- mm: memcontrol: do not recurse in direct reclaim
|
||||
- [x86] thermal/powerclamp: correct cpu support check
|
||||
- KEYS: Fix short sprintf buffer in /proc/keys show function
|
||||
- ALSA: usb-audio: Add quirk for Syntek STK1160
|
||||
- ALSA: seq: Fix time account regression
|
||||
- ALSA: hda - allow 40 bit DMA mask for NVidia devices
|
||||
- ALSA: hda - Adding a new group of pin cfg into ALC295 pin quirk table
|
||||
- ALSA: hda - Fix surround output pins for ASRock B150M mobo
|
||||
- ALSA: hda - Fix headset mic detection problem for two Dell laptops
|
||||
- [powerpc*] cxl: Fix leaking pid refs in some error paths
|
||||
- btrfs: fix races on root_log_ctx lists
|
||||
- [powerpc] Convert cmp to cmpd in idle enter sequence
|
||||
- [powerpc] mm/radix: Use tlbiel only if we ever ran on the current cpu
|
||||
- [powerpc] Re-fix race condition between going idle and entering guest
|
||||
- [powerpc] Fix race condition in setting lock bit in idle/wakeup code
|
||||
- [amd64] x86/microcode/AMD: Fix more fallout from
|
||||
CONFIG_RANDOMIZE_MEMORY=y
|
||||
- timers: Prevent base clock rewind when forwarding clock
|
||||
- timers: Prevent base clock corruption when forwarding
|
||||
- timers: Plug locking race vs. timer migration
|
||||
- timers: Lock base for same bucket optimization
|
||||
- mei: txe: don't clean an unprocessed interrupt cause.
|
||||
- USB: serial: fix potential NULL-dereference at probe
|
||||
- USB: serial: cp210x: fix tiocmget error handling
|
||||
- USB: serial: ftdi_sio: add support for Infineon TriBoard TC2X7
|
||||
- xhci: use default USB_RESUME_TIMEOUT when resuming ports.
|
||||
- [powerpc] GenWQE: Fix bad page access during abort of resource
|
||||
allocation
|
||||
- [x86] smpboot: Init apic mapping before usage
|
||||
- vt: clear selection before resizing
|
||||
- [x86] hv: do not lose pending heartbeat vmbus packets
|
||||
- xhci: add restart quirk for Intel Wildcatpoint PCH
|
||||
- xhci: workaround for hosts missing CAS bit
|
||||
- tty: limit terminal size to 4M chars
|
||||
- [arm64] dts: marvell: fix clocksource for CP110 master SPI0
|
||||
- dm: free io_barrier after blk_cleanup_queue call
|
||||
- [x86] KVM: fix wbinvd_dirty_mask use-after-free
|
||||
- [s390] KVM: Fix STHYI buffer alignment for diag224
|
||||
- [armhf] mvebu: Select corediv clk for all mvebu v7 SoC
|
||||
- nfsd: Fix general protection fault in release_lock_stateid()
|
||||
- [mips*] KASLR: Fix handling of NULL FDT
|
||||
- ovl: fix get_acl() on tmpfs
|
||||
- ovl: update S_ISGID when setting posix ACLs
|
||||
- ovl: fsync after copy-up
|
||||
- virtio_ring: Make interrupt suppression spec compliant
|
||||
- virtio_pci: Limit DMA mask to 44 bits for legacy virtio devices
|
||||
- virtio: console: Unlock vqs while freeing buffers
|
||||
- dm mirror: fix read error on recovery after default leg failure
|
||||
- dm table: fix missing dm_put_target_type() in dm_table_add_target()
|
||||
- dm rq: clear kworker_task if kthread_run() returned an error
|
||||
- dm raid: fix compat_features validation
|
||||
- dm raid: fix activation of existing raid4/10 devices
|
||||
- firewire: net: guard against rx buffer overflows (CVE-2016-8633)
|
||||
- firewire: net: fix fragmented datagram_size off-by-one
|
||||
- mac80211: discard multicast and 4-addr A-MSDUs
|
||||
- ath10k: cache calibration data when the core is stopped
|
||||
- scsi: scsi_debug: Fix memory leak if LBP enabled and module is unloaded
|
||||
- scsi: arcmsr: Send SYNCHRONIZE_CACHE command to firmware
|
||||
- [arm64, armhf] mmc: dw_mmc-pltfm: fix the potential NULL pointer
|
||||
dereference
|
||||
- RAID1: ignore discard error
|
||||
- RAID10: ignore discard error
|
||||
- md: be careful not lot leak internal curr_resync value into metadata. -- (all)
|
||||
- Revert "drm/radeon: fix DP link training issue with second 4K monitor"
|
||||
- [armhf] drm/imx: ipuv3-plane: Switch EBA buffer only when we don't need
|
||||
modeset
|
||||
- [armhf] drm/imx: ipuv3-plane: Access old u/vbo properly in
|
||||
->atomic_check for YU12/YV12
|
||||
- drm/radeon/si_dpm: Limit clocks on HD86xx part
|
||||
- drm/radeon/si_dpm: workaround for SI kickers
|
||||
- drm/radeon: drop register readback in cayman_cp_int_cntl_setup
|
||||
- drm/nouveau/acpi: fix check for power resources support
|
||||
- drm/fb-helper: Don't call dirty callback for untouched clips
|
||||
- drm/fb-helper: Fix connector ref leak on error
|
||||
- drm/fb-helper: Keep references for the current set of used connectors
|
||||
- drm/i915/gen9: fix DDB partitioning for multi-screen cases
|
||||
- drm/i915/gen9: fix watermarks when using the pipe scaler
|
||||
- drm/dp/mst: Check peer device type before attempting EDID read
|
||||
- drm: Release reference from blob lookup after replacing property
|
||||
- drm/i915: Respect alternate_aux_channel for all DDI ports
|
||||
- drm/i915: Clean up DDI DDC/AUX CH sanitation
|
||||
- drm/i915/fbc: fix CFB size calculation for gen8+
|
||||
- drm: i915: Wait for fences on new fb, not old
|
||||
- i2c: mark device nodes only in case of successful instantiation
|
||||
- netfilter: xt_NFLOG: fix unexpected truncated packet
|
||||
- [arm64, armhf] pwm: Unexport children before chip removal
|
||||
- [arm64, armhf] usb: dwc3: Fix size used in dma_free_coherent()
|
||||
- [arm64, armhf] usb: chipidea: host: fix NULL ptr dereference during
|
||||
shutdown
|
||||
- [armhf] usb: musb: Fix hardirq-safe hardirq-unsafe lock order error
|
||||
- tty: vt, fix bogus division in csi_J
|
||||
- [x86] kvm: Check memopp before dereference (CVE-2016-8630)
|
||||
- btrfs: qgroup: Prevent qgroup->reserved from going subzero
|
||||
- [x86] cpufreq: intel_pstate: Set P-state upfront in performance mode
|
||||
- HID: usbhid: add ATEN CS962 to list of quirky devices
|
||||
|
||||
[ Ben Hutchings ]
|
||||
* debian/control: Fix build-dependency on openssl to work with new
|
||||
|
@ -122,9 +235,6 @@ linux (4.8.6-1) UNRELEASED; urgency=medium
|
|||
* cpupower: Fix checks for CPU existence (Closes: #843071)
|
||||
* perf: Disable use of libcrypto (Closes: #843199)
|
||||
|
||||
[ Salvatore Bonaccorso ]
|
||||
* [x86] kvm: Check memopp before dereference (CVE-2016-8630)
|
||||
|
||||
-- Ben Hutchings <ben@decadent.org.uk> Wed, 02 Nov 2016 12:01:42 -0600
|
||||
|
||||
linux (4.8.5-1) unstable; urgency=medium
|
||||
|
|
|
@ -1,70 +0,0 @@
|
|||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Thu, 13 Oct 2016 22:38:46 +0200
|
||||
Subject: KEYS: Fix short sprintf buffer in /proc/keys show function
|
||||
Origin: https://bugzilla.redhat.com/attachment.cgi?id=1200212
|
||||
|
||||
Fix a short sprintf buffer in proc_keys_show(). If the gcc stack protector
|
||||
is turned on, this can cause a panic due to stack corruption.
|
||||
|
||||
The problem is that xbuf[] is not big enough to hold a 64-bit timeout
|
||||
rendered as weeks:
|
||||
|
||||
(gdb) p 0xffffffffffffffffULL/(60*60*24*7)
|
||||
$2 = 30500568904943
|
||||
|
||||
That's 14 chars plus NUL, not 11 chars plus NUL.
|
||||
|
||||
Expand the buffer to 16 chars.
|
||||
|
||||
I think the unpatched code apparently works if the stack-protector is not
|
||||
enabled because on a 32-bit machine the buffer won't be overflowed and on a
|
||||
64-bit machine there's a 64-bit aligned pointer at one side and an int that
|
||||
isn't checked again on the other side.
|
||||
|
||||
The panic incurred looks something like:
|
||||
|
||||
Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffff81352ebe
|
||||
CPU: 0 PID: 1692 Comm: reproducer Not tainted 4.7.2-201.fc24.x86_64 #1
|
||||
Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
|
||||
0000000000000086 00000000fbbd2679 ffff8800a044bc00 ffffffff813d941f
|
||||
ffffffff81a28d58 ffff8800a044bc98 ffff8800a044bc88 ffffffff811b2cb6
|
||||
ffff880000000010 ffff8800a044bc98 ffff8800a044bc30 00000000fbbd2679
|
||||
Call Trace:
|
||||
[<ffffffff813d941f>] dump_stack+0x63/0x84
|
||||
[<ffffffff811b2cb6>] panic+0xde/0x22a
|
||||
[<ffffffff81352ebe>] ? proc_keys_show+0x3ce/0x3d0
|
||||
[<ffffffff8109f7f9>] __stack_chk_fail+0x19/0x30
|
||||
[<ffffffff81352ebe>] proc_keys_show+0x3ce/0x3d0
|
||||
[<ffffffff81350410>] ? key_validate+0x50/0x50
|
||||
[<ffffffff8134db30>] ? key_default_cmp+0x20/0x20
|
||||
[<ffffffff8126b31c>] seq_read+0x2cc/0x390
|
||||
[<ffffffff812b6b12>] proc_reg_read+0x42/0x70
|
||||
[<ffffffff81244fc7>] __vfs_read+0x37/0x150
|
||||
[<ffffffff81357020>] ? security_file_permission+0xa0/0xc0
|
||||
[<ffffffff81246156>] vfs_read+0x96/0x130
|
||||
[<ffffffff81247635>] SyS_read+0x55/0xc0
|
||||
[<ffffffff817eb872>] entry_SYSCALL_64_fastpath+0x1a/0xa4
|
||||
|
||||
Reported-by: Ondrej Kozina <okozina@redhat.com>
|
||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
Tested-by: Ondrej Kozina <okozina@redhat.com>
|
||||
---
|
||||
security/keys/proc.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/security/keys/proc.c b/security/keys/proc.c
|
||||
index f0611a6..b9f531c 100644
|
||||
--- a/security/keys/proc.c
|
||||
+++ b/security/keys/proc.c
|
||||
@@ -181,7 +181,7 @@ static int proc_keys_show(struct seq_file *m, void *v)
|
||||
struct timespec now;
|
||||
unsigned long timo;
|
||||
key_ref_t key_ref, skey_ref;
|
||||
- char xbuf[12];
|
||||
+ char xbuf[16];
|
||||
int rc;
|
||||
|
||||
struct keyring_search_context ctx = {
|
||||
--
|
||||
2.9.3
|
||||
|
|
@ -1,36 +0,0 @@
|
|||
From: Liping Zhang <liping.zhang@spreadtrum.com>
|
||||
Date: Tue, 11 Oct 2016 21:03:45 +0800
|
||||
Subject: netfilter: xt_NFLOG: fix unexpected truncated packet
|
||||
Origin: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit?id=6d19375b58763fefc2f215fb45117d3353ced888
|
||||
Bug-Debian: https://bugs.debian.org/841261
|
||||
|
||||
Justin and Chris spotted that iptables NFLOG target was broken when they
|
||||
upgraded the kernel to 4.8: "ulogd-2.0.5- IPs are no longer logged" or
|
||||
"results in segfaults in ulogd-2.0.5".
|
||||
|
||||
Because "struct nf_loginfo li;" is a local variable, and flags will be
|
||||
filled with garbage value, not inited to zero. So if it contains 0x1,
|
||||
packets will not be logged to the userspace anymore.
|
||||
|
||||
Fixes: 7643507fe8b5 ("netfilter: xt_NFLOG: nflog-range does not truncate packets")
|
||||
Reported-by: Justin Piszcz <jpiszcz@lucidpixels.com>
|
||||
Reported-by: Chris Caputo <ccaputo@alt.net>
|
||||
Tested-by: Chris Caputo <ccaputo@alt.net>
|
||||
Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
|
||||
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||
---
|
||||
net/netfilter/xt_NFLOG.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c
|
||||
index 018eed7e1ff1..8668a5c18dc3 100644
|
||||
--- a/net/netfilter/xt_NFLOG.c
|
||||
+++ b/net/netfilter/xt_NFLOG.c
|
||||
@@ -32,6 +32,7 @@ nflog_tg(struct sk_buff *skb, const struct xt_action_param *par)
|
||||
li.u.ulog.copy_len = info->len;
|
||||
li.u.ulog.group = info->group;
|
||||
li.u.ulog.qthreshold = info->threshold;
|
||||
+ li.u.ulog.flags = 0;
|
||||
|
||||
if (info->flags & XT_NFLOG_F_COPY_LEN)
|
||||
li.u.ulog.flags |= NF_LOG_F_COPY_LEN;
|
|
@ -1,34 +0,0 @@
|
|||
From: Owen Hofmann <osh@google.com>
|
||||
Date: Thu, 27 Oct 2016 11:25:52 -0700
|
||||
Subject: kvm: x86: Check memopp before dereference (CVE-2016-8630)
|
||||
Origin: https://git.kernel.org/linus/d9092f52d7e61dd1557f2db2400ddb430e85937e
|
||||
|
||||
Commit 41061cdb98 ("KVM: emulate: do not initialize memopp") removes a
|
||||
check for non-NULL under incorrect assumptions. An undefined instruction
|
||||
with a ModR/M byte with Mod=0 and R/M-5 (e.g. 0xc7 0x15) will attempt
|
||||
to dereference a null pointer here.
|
||||
|
||||
Fixes: 41061cdb98a0bec464278b4db8e894a3121671f5
|
||||
Message-Id: <1477592752-126650-2-git-send-email-osh@google.com>
|
||||
Signed-off-by: Owen Hofmann <osh@google.com>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
---
|
||||
arch/x86/kvm/emulate.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
|
||||
index 4e95d3e..cbd7b92 100644
|
||||
--- a/arch/x86/kvm/emulate.c
|
||||
+++ b/arch/x86/kvm/emulate.c
|
||||
@@ -5045,7 +5045,7 @@ int x86_decode_insn(struct x86_emulate_ctxt *ctxt, void *insn, int insn_len)
|
||||
/* Decode and fetch the destination operand: register or memory. */
|
||||
rc = decode_operand(ctxt, &ctxt->dst, (ctxt->d >> DstShift) & OpMask);
|
||||
|
||||
- if (ctxt->rip_relative)
|
||||
+ if (ctxt->rip_relative && likely(ctxt->memopp))
|
||||
ctxt->memopp->addr.mem.ea = address_mask(ctxt,
|
||||
ctxt->memopp->addr.mem.ea + ctxt->_eip);
|
||||
|
||||
--
|
||||
2.10.2
|
||||
|
|
@ -63,7 +63,6 @@ bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch
|
|||
bugfix/all/kbuild-do-not-use-hyphen-in-exported-variable-name.patch
|
||||
bugfix/all/ext4-fix-bug-838544.patch
|
||||
bugfix/all/mm-memcontrol-use-special-workqueue-for-creating-per-memcg-caches.patch
|
||||
bugfix/all/netfilter-xt_nflog-fix-unexpected-truncated-packet.patch
|
||||
|
||||
# Miscellaneous features
|
||||
|
||||
|
@ -95,8 +94,6 @@ features/all/securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.pa
|
|||
bugfix/all/ptrace-being-capable-wrt-a-process-requires-mapped-uids-gids.patch
|
||||
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
|
||||
bugfix/all/net-add-recursion-limit-to-gro.patch
|
||||
bugfix/all/KEYS-Fix-short-sprintf-buffer-in-proc-keys-show-func.patch
|
||||
bugfix/x86/kvm-x86-Check-memopp-before-dereference-CVE-2016-863.patch
|
||||
|
||||
# ABI maintenance
|
||||
|
||||
|
|
Loading…
Reference in New Issue