From 1039af70c68e110fbd6c1cd606e7e4ba02e05396 Mon Sep 17 00:00:00 2001 From: Laura Abbott Date: Wed, 5 Apr 2017 09:15:01 -0700 Subject: [PATCH] Linux v4.11-rc5-41-gaeb4a57 --- gitrev | 2 +- kernel.spec | 8 ++--- sources | 2 +- ...t-number-of-mip-levels-is-above-zero.patch | 33 ------------------- 4 files changed, 6 insertions(+), 39 deletions(-) delete mode 100644 vmwgfx-check-that-number-of-mip-levels-is-above-zero.patch diff --git a/gitrev b/gitrev index b07dabfdc..735ac90ed 100644 --- a/gitrev +++ b/gitrev @@ -1 +1 @@ -08e4e0d0456d0ca8427b2d1ddffa30f1c3e774d7 +aeb4a5768179f525dd7ec9393f34012c147e78cf diff --git a/kernel.spec b/kernel.spec index 19a8ad150..c702fad5c 100644 --- a/kernel.spec +++ b/kernel.spec @@ -69,7 +69,7 @@ Summary: The Linux kernel # The rc snapshot level %global rcrev 5 # The git snapshot level -%define gitrev 1 +%define gitrev 2 # Set rpm version accordingly %define rpmversion 4.%{upstream_sublevel}.0 %endif @@ -602,9 +602,6 @@ Patch509: MODSIGN-Don-t-try-secure-boot-if-EFI-runtime-is-disa.patch #CVE-2016-3134 rhbz 1317383 1317384 Patch665: netfilter-x_tables-deal-with-bogus-nextoffset-values.patch -#CVE-2017-7261 rhbz 1435719 1435740 -Patch670: vmwgfx-check-that-number-of-mip-levels-is-above-zero.patch - # END OF PATCH DEFINITIONS %endif @@ -2169,6 +2166,9 @@ fi # # %changelog +* Wed Apr 05 2017 Laura Abbott - 4.11.0-0.rc5.git2.1 +- Linux v4.11-rc5-41-gaeb4a57 + * Tue Apr 4 2017 Peter Robinson - Update AllWinner configs diff --git a/sources b/sources index 01042cf8c..2b6d70609 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ SHA512 (linux-4.10.tar.xz) = c3690125a8402df638095bd98a613fcf1a257b81de7611c84711d315cd11e2634ab4636302b3742aedf1e3ba9ce0fea53fe8c7d48e37865d8ee5db3565220d90 SHA512 (perf-man-4.10.tar.gz) = 2c830e06f47211d70a8330961487af73a8bc01073019475e6b6131d3bb8c95658b77ca0ae5f1b44371accf103658bc5a3a4366b3e017a4088a8fd408dd6867e8 SHA512 (patch-4.11-rc5.xz) = 9b8b728eb8bb679d012c90f878739f02a3c9d13eb916248550fc61fad5a7ac5a0aee9c8166ff0c8b3180b96679f69ffbb5f79992f02a1693fd2c3616df1f6dd1 -SHA512 (patch-4.11-rc5-git1.xz) = 5342b95a17ba165ffab8f70b7e27218c52a5a1b0ec8ccb474bd353bec6833006e7d4f7049140eea653eaf92535a6b8049a27b7a35a89b8beaf8681382211242d +SHA512 (patch-4.11-rc5-git2.xz) = a6473855aa5d9d684a06c7ba8c536c8e7654487184b64cadbe5945352d3bda3b3fbc63424c62f60d655fb9283bbd583d429a4e287be5651e9f8fedab34fa1f74 diff --git a/vmwgfx-check-that-number-of-mip-levels-is-above-zero.patch b/vmwgfx-check-that-number-of-mip-levels-is-above-zero.patch deleted file mode 100644 index 1ede96c60..000000000 --- a/vmwgfx-check-that-number-of-mip-levels-is-above-zero.patch +++ /dev/null @@ -1,33 +0,0 @@ -From: Vladis Dronov -Subject: [PATCH] drm/vmwgfx: Check check that number of mip levels is above zero in vmw_surface_define_ioctl() -Date: 2017-03-24 15:37:10 - -In vmw_surface_define_ioctl(), a num_sizes parameter is assigned a -user-controlled value which is not checked for zero. It is used in -a call to kmalloc() which returns ZERO_SIZE_PTR. Later ZERO_SIZE_PTR -is dereferenced which leads to a GPF and possibly to a kernel panic. -Add the check for zero to avoid this. - -Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1435719 -Signed-off-by: Vladis Dronov ---- - drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c -index b445ce9..42840cc 100644 ---- a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c -+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c -@@ -716,8 +716,8 @@ int vmw_surface_define_ioctl(struct drm_device *dev, void *data, - for (i = 0; i < DRM_VMW_MAX_SURFACE_FACES; ++i) - num_sizes += req->mip_levels[i]; - -- if (num_sizes > DRM_VMW_MAX_SURFACE_FACES * -- DRM_VMW_MAX_MIP_LEVELS) -+ if (num_sizes <= 0 || -+ num_sizes > DRM_VMW_MAX_SURFACE_FACES * DRM_VMW_MAX_MIP_LEVELS) - return -EINVAL; - - size = vmw_user_surface_size + 128 + --- -2.9.3