Linux v5.9.10
Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
This commit is contained in:
parent
b5ca9bd2a0
commit
d0b8d18b13
14
kernel.spec
14
kernel.spec
|
@ -54,6 +54,8 @@ Summary: The Linux kernel
|
|||
|
||||
%if %{zipmodules}
|
||||
%global zipsed -e 's/\.ko$/\.ko.xz/'
|
||||
# for parallel xz processes, replace with 1 to go back to single process
|
||||
+%global zcpu `nproc --all`
|
||||
%endif
|
||||
|
||||
# define buildid .local
|
||||
|
@ -92,7 +94,7 @@ Summary: The Linux kernel
|
|||
%if 0%{?released_kernel}
|
||||
|
||||
# Do we have a -stable update to apply?
|
||||
%define stable_update 9
|
||||
%define stable_update 10
|
||||
# Set rpm version accordingly
|
||||
%if 0%{?stable_update}
|
||||
%define stablerev %{stable_update}
|
||||
|
@ -868,6 +870,9 @@ Patch131: arm64-dts-allwinner-h6-Pine-H64-Fix-ethernet-node.patch
|
|||
# rhbz 1897038
|
||||
Patch132: bluetooth-fix-LL-privacy-BLE-device-fails-to-connect.patch
|
||||
|
||||
# CVE-2020-28941 rhbz 1899985 1899986
|
||||
Patch133: speakup-do-not-let-the-line-discipline-be-used-several-times.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
%endif
|
||||
|
@ -2346,7 +2351,7 @@ find Documentation -type d | xargs chmod u+w
|
|||
fi \
|
||||
fi \
|
||||
if [ "%{zipmodules}" -eq "1" ]; then \
|
||||
find $RPM_BUILD_ROOT/lib/modules/ -type f -name '*.ko' | %{SOURCE79} %{?_smp_mflags}; \
|
||||
find $RPM_BUILD_ROOT/lib/modules/ -type f -name '*.ko' | xargs -P%{zcpu} xz; \
|
||||
fi \
|
||||
%{nil}
|
||||
|
||||
|
@ -2981,6 +2986,11 @@ fi
|
|||
#
|
||||
#
|
||||
%changelog
|
||||
* Mon Nov 23 09:58:15 CST 2020 Justin M. Forbes <jforbes@fedoraproject.org> - 5.9.10-200
|
||||
- Linux v5.9.10
|
||||
- Fix CVE-2020-28941 (rhbz 1899985 1899986)
|
||||
- Fix CVE-2020-4788 (rhbz 1888433 1900437)
|
||||
|
||||
* Thu Nov 19 07:09:26 CST 2020 Justin M. Forbes <jforbes@fedoraproject.org> - 5.9.9-200
|
||||
- Linux v5.9.9
|
||||
- Enable NANDSIM (rhbz 1898638)
|
||||
|
|
2
sources
2
sources
|
@ -1,2 +1,2 @@
|
|||
SHA512 (linux-5.9.tar.xz) = cafd463ca0c9b256479b7dd774f908cedef6d265c44f99de075558ab923808ddfacda1377ae000ce02730c6611527bddffbfc4421bbc4f44fd8e59d97cbc4363
|
||||
SHA512 (patch-5.9.9.xz) = 87852bc4d08cd5e82c7de9a8c8d50c1b4c67eed7157bfe1034d279370ff21a194f082f126d49812f84ec726100c5d97b3d908994e92c2cbfd231a4ac851babe3
|
||||
SHA512 (patch-5.9.10.xz) = 03502af73fe1e171238fa767dedb09db2e22ba1a781065d2cbd4ec55d0a2dcbf1677dad5cde45f203b48a85401a9b46531d87f3de5136a562072a08bc5fc17c9
|
||||
|
|
|
@ -0,0 +1,76 @@
|
|||
From d4122754442799187d5d537a9c039a49a67e57f1 Mon Sep 17 00:00:00 2001
|
||||
From: Samuel Thibault <samuel.thibault@ens-lyon.org>
|
||||
Date: Tue, 10 Nov 2020 19:35:41 +0100
|
||||
Subject: speakup: Do not let the line discipline be used several times
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
From: Samuel Thibault <samuel.thibault@ens-lyon.org>
|
||||
|
||||
commit d4122754442799187d5d537a9c039a49a67e57f1 upstream.
|
||||
|
||||
Speakup has only one speakup_tty variable to store the tty it is managing. This
|
||||
makes sense since its codebase currently assumes that there is only one user who
|
||||
controls the screen reading.
|
||||
|
||||
That however means that we have to forbid using the line discipline several
|
||||
times, otherwise the second closure would try to free a NULL ldisc_data, leading to
|
||||
|
||||
general protection fault: 0000 [#1] SMP KASAN PTI
|
||||
RIP: 0010:spk_ttyio_ldisc_close+0x2c/0x60
|
||||
Call Trace:
|
||||
tty_ldisc_release+0xa2/0x340
|
||||
tty_release_struct+0x17/0xd0
|
||||
tty_release+0x9d9/0xcc0
|
||||
__fput+0x231/0x740
|
||||
task_work_run+0x12c/0x1a0
|
||||
do_exit+0x9b5/0x2230
|
||||
? release_task+0x1240/0x1240
|
||||
? __do_page_fault+0x562/0xa30
|
||||
do_group_exit+0xd5/0x2a0
|
||||
__x64_sys_exit_group+0x35/0x40
|
||||
do_syscall_64+0x89/0x2b0
|
||||
? page_fault+0x8/0x30
|
||||
entry_SYSCALL_64_after_hwframe+0x44/0xa9
|
||||
|
||||
Cc: stable@vger.kernel.org
|
||||
Reported-by: 秦世松 <qinshisong1205@gmail.com>
|
||||
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
|
||||
Tested-by: Shisong Qin <qinshisong1205@gmail.com>
|
||||
Link: https://lore.kernel.org/r/20201110183541.fzgnlwhjpgqzjeth@function
|
||||
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||||
|
||||
---
|
||||
drivers/accessibility/speakup/spk_ttyio.c | 12 +++++++++++-
|
||||
1 file changed, 11 insertions(+), 1 deletion(-)
|
||||
|
||||
--- a/drivers/accessibility/speakup/spk_ttyio.c
|
||||
+++ b/drivers/accessibility/speakup/spk_ttyio.c
|
||||
@@ -49,15 +49,25 @@ static int spk_ttyio_ldisc_open(struct t
|
||||
|
||||
if (!tty->ops->write)
|
||||
return -EOPNOTSUPP;
|
||||
+
|
||||
+ mutex_lock(&speakup_tty_mutex);
|
||||
+ if (speakup_tty) {
|
||||
+ mutex_unlock(&speakup_tty_mutex);
|
||||
+ return -EBUSY;
|
||||
+ }
|
||||
speakup_tty = tty;
|
||||
|
||||
ldisc_data = kmalloc(sizeof(*ldisc_data), GFP_KERNEL);
|
||||
- if (!ldisc_data)
|
||||
+ if (!ldisc_data) {
|
||||
+ speakup_tty = NULL;
|
||||
+ mutex_unlock(&speakup_tty_mutex);
|
||||
return -ENOMEM;
|
||||
+ }
|
||||
|
||||
init_completion(&ldisc_data->completion);
|
||||
ldisc_data->buf_free = true;
|
||||
speakup_tty->disc_data = ldisc_data;
|
||||
+ mutex_unlock(&speakup_tty_mutex);
|
||||
|
||||
return 0;
|
||||
}
|
Loading…
Reference in New Issue