Linux v4.6-rc7-45-g2d0bd9534c8d

2016-05-10 10:45:12 -04:00 · 2016-05-10 10:45:12 -04:00 · e0602bcbc4
commit e0602bcbc4
parent 802cbf8509
6 changed files with 7 additions and 88 deletions
--- a/1
+++ b/1
@ -1707,6 +1707,7 @@ CONFIG_MLX4_INFINIBAND=m
 CONFIG_MLX5_CORE=m
 CONFIG_MLX5_CORE_EN=y
 CONFIG_MLX5_CORE_EN_DCB=y
 CONFIG_MLX5_CORE_EN_VXLAN=y
 CONFIG_MLX5_INFINIBAND=m
 CONFIG_MLXSW_CORE=m
 CONFIG_MLXSW_CORE_HWMON=y
--- a/2
+++ b/2
@ -1 +1 @@
-9caa7e78481f17fb6ff77dfaca774998e7440430
+2d0bd9534c8ddaebee64e1b4b7d621915f65e994
--- a/kernel.spec
+++ b/kernel.spec
@ -69,7 +69,7 @@ Summary: The Linux kernel
 # The rc snapshot level
 %define rcrev 7
 # The git snapshot level
-%define gitrev 0
+%define gitrev 1
 # Set rpm version accordingly
 %define rpmversion 4.%{upstream_sublevel}.0
 %endif
@ -614,10 +614,6 @@ Patch701: antenna_select.patch
 #CVE-2016-4482 rhbz 1332931 1332932
 Patch706: USB-usbfs-fix-potential-infoleak-in-devio.patch
 #CVE-2016-4486 CVE-2016-4485 rhbz 1333316 1333309 1333321
 Patch707: net-fix-infoleak-in-llc.patch
 Patch708: net-fix-infoleak-in-rtnetlink.patch
 #CVE-2016-4569 rhbz 1334643 1334645
 Patch714: ALSA-timer-Fix-leak-in-SNDRV_TIMER_IOCTL_PARAMS.patch
 Patch715: ALSA-timer-Fix-leak-in-events-via-snd_timer_user_cca.patch
@ -2148,6 +2144,9 @@ fi
 #
 # 
 %changelog
 * Tue May 10 2016 Josh Boyer <jwboyer@fedoraproject.org> - 4.6.0-0.rc7.git1.1
 - Linux v4.6-rc7-45-g2d0bd9534c8d
 * Tue May 10 2016 Josh Boyer <jwboyer@fedoraproject.org>
 - Enable XEN SCSI front and backend (rhbz 1334512)
 - CVE-2016-4569 info leak in sound module (rhbz 1334643 1334645)
--- a/net-fix-infoleak-in-llc.patch
+++ b/net-fix-infoleak-in-llc.patch
@ -1,32 +0,0 @@
 From ec0de35ded8c4a8588290a1b442aa3aa4bdf4de1 Mon Sep 17 00:00:00 2001
 From: Kangjie Lu <kangjielu@gmail.com>
 Date: Tue, 3 May 2016 16:35:05 -0400
 Subject: [PATCH 2/2] net: fix infoleak in llc
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 The stack object “info” has a total size of 12 bytes. Its last byte
 is padding which is not initialized and leaked via “put_cmsg”.
 Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
 Signed-off-by: David S. Miller <davem@davemloft.net>
 ---
 net/llc/af_llc.c | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c
 index b3c52e3f689a..8ae3ed97d95c 100644
 --- a/net/llc/af_llc.c
 +++ b/net/llc/af_llc.c
@@ -626,6 +626,7 @@ static void llc_cmsg_rcv(struct msghdr *msg, struct sk_buff *skb)
 	if (llc->cmsg_flags & LLC_CMSG_PKTINFO) {
 		struct llc_pktinfo info;
 +		memset(&info, 0, sizeof(info));
 		info.lpi_ifindex = llc_sk(skb->sk)->dev->ifindex;
 		llc_pdu_decode_dsap(skb, &info.lpi_sap);
 		llc_pdu_decode_da(skb, info.lpi_mac);
 -- 
 2.5.5
--- a/net-fix-infoleak-in-rtnetlink.patch
+++ b/net-fix-infoleak-in-rtnetlink.patch
@ -1,50 +0,0 @@
 From 55a8a812d867ec9953bde7d86eef255a1abbf93e Mon Sep 17 00:00:00 2001
 From: Kangjie Lu <kangjielu@gmail.com>
 Date: Tue, 3 May 2016 16:46:24 -0400
 Subject: [PATCH 1/2] net: fix infoleak in rtnetlink
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 The stack object “map” has a total size of 32 bytes. Its last 4
 bytes are padding generated by compiler. These padding bytes are
 not initialized and sent out via “nla_put”.
 Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
 Signed-off-by: David S. Miller <davem@davemloft.net>
 ---
 net/core/rtnetlink.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)
 diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
 index a75f7e94b445..65763c29f845 100644
 --- a/net/core/rtnetlink.c
 +++ b/net/core/rtnetlink.c
@@ -1180,14 +1180,16 @@ static noinline_for_stack int rtnl_fill_vfinfo(struct sk_buff *skb,
 static int rtnl_fill_link_ifmap(struct sk_buff *skb, struct net_device *dev)
 {
 -	struct rtnl_link_ifmap map = {
 -		.mem_start   = dev->mem_start,
 -		.mem_end     = dev->mem_end,
 -		.base_addr   = dev->base_addr,
 -		.irq         = dev->irq,
 -		.dma         = dev->dma,
 -		.port        = dev->if_port,
 -	};
 +	struct rtnl_link_ifmap map;
 +
 +	memset(&map, 0, sizeof(map));
 +	map.mem_start   = dev->mem_start;
 +	map.mem_end     = dev->mem_end;
 +	map.base_addr   = dev->base_addr;
 +	map.irq         = dev->irq;
 +	map.dma         = dev->dma;
 +	map.port        = dev->if_port;
 +
 	if (nla_put(skb, IFLA_MAP, sizeof(map), &map))
 		return -EMSGSIZE;
 -- 
 2.5.5
--- a/1
+++ b/1
@ -1,3 +1,4 @@
 a60d48eee08ec0536d5efb17ca819aef  linux-4.5.tar.xz
 6f557fe90b800b615c85c2ca04da6154  perf-man-4.5.tar.gz
 2089df8a0f142e2a1cdcaca0f133e47d  patch-4.6-rc7.xz
 f47a22cd311223f0eef52e845d5e6507  patch-4.6-rc7-git1.xz
`@ -1 +1 @@`
	`9caa7e78481f17fb6ff77dfaca774998e7440430`	`2d0bd9534c8ddaebee64e1b4b7d621915f65e994`