From ece962adcd88d23cc7b3108135f6608af6b05ce0 Mon Sep 17 00:00:00 2001 From: "Justin M. Forbes" Date: Mon, 2 Jun 2014 08:15:17 -0500 Subject: [PATCH] Linux v3.14.5 --- ...O_INIT_REPORTS-quirk-for-Synaptics-T.patch | 44 ------- ...sio-add-id-for-Brainboxes-serial-car.patch | 112 ------------------ ...la-extensions-to-peek-beyond-the-end.patch | 98 --------------- kernel.spec | 33 +----- modsign-uefi.patch | 6 +- ...le-check-in-sock_diag_put_filterinfo.patch | 72 ----------- ...orrect-mac_len-in-skb_network_protoc.patch | 48 -------- ...group_info-should-be-put-after-using.patch | 64 ---------- sources | 2 +- 9 files changed, 8 insertions(+), 471 deletions(-) delete mode 100644 0001-hid-quirks-Add-NO_INIT_REPORTS-quirk-for-Synaptics-T.patch delete mode 100644 USB-serial-ftdi_sio-add-id-for-Brainboxes-serial-car.patch delete mode 100644 filter-prevent-nla-extensions-to-peek-beyond-the-end.patch delete mode 100644 net-Fix-ns_capable-check-in-sock_diag_put_filterinfo.patch delete mode 100644 net-Start-with-correct-mac_len-in-skb_network_protoc.patch delete mode 100644 net-ipv4-current-group_info-should-be-put-after-using.patch diff --git a/0001-hid-quirks-Add-NO_INIT_REPORTS-quirk-for-Synaptics-T.patch b/0001-hid-quirks-Add-NO_INIT_REPORTS-quirk-for-Synaptics-T.patch deleted file mode 100644 index 6d5335448..000000000 --- a/0001-hid-quirks-Add-NO_INIT_REPORTS-quirk-for-Synaptics-T.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 6186594c2c72d403832cf07d66cf6d6c6daad8f1 Mon Sep 17 00:00:00 2001 -From: Hans de Goede -Date: Fri, 2 May 2014 16:15:33 +0200 -Subject: [PATCH 1/4] hid-quirks: Add NO_INIT_REPORTS quirk for Synaptics Touch - Pad V 103S - -This touchpad seriously dislikes init reports, not only timeing out, but -also refusing to work after this. - -Cc: stable@vger.kernel.org -Reported-and-tested-by: Vincent Fortier -Signed-off-by: Hans de Goede ---- - drivers/hid/hid-ids.h | 1 + - drivers/hid/usbhid/hid-quirks.c | 1 + - 2 files changed, 2 insertions(+) - -diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h -index c8af720..43f246e 100644 ---- a/drivers/hid/hid-ids.h -+++ b/drivers/hid/hid-ids.h -@@ -834,6 +834,7 @@ - #define USB_DEVICE_ID_SYNAPTICS_LTS2 0x1d10 - #define USB_DEVICE_ID_SYNAPTICS_HD 0x0ac3 - #define USB_DEVICE_ID_SYNAPTICS_QUAD_HD 0x1ac3 -+#define USB_DEVICE_ID_SYNAPTICS_TP_V103 0x5710 - - #define USB_VENDOR_ID_THINGM 0x27b8 - #define USB_DEVICE_ID_BLINK1 0x01ed -diff --git a/drivers/hid/usbhid/hid-quirks.c b/drivers/hid/usbhid/hid-quirks.c -index dbd8387..8e4ddb3 100644 ---- a/drivers/hid/usbhid/hid-quirks.c -+++ b/drivers/hid/usbhid/hid-quirks.c -@@ -119,6 +119,7 @@ static const struct hid_blacklist { - { USB_VENDOR_ID_SYNAPTICS, USB_DEVICE_ID_SYNAPTICS_LTS2, HID_QUIRK_NO_INIT_REPORTS }, - { USB_VENDOR_ID_SYNAPTICS, USB_DEVICE_ID_SYNAPTICS_HD, HID_QUIRK_NO_INIT_REPORTS }, - { USB_VENDOR_ID_SYNAPTICS, USB_DEVICE_ID_SYNAPTICS_QUAD_HD, HID_QUIRK_NO_INIT_REPORTS }, -+ { USB_VENDOR_ID_SYNAPTICS, USB_DEVICE_ID_SYNAPTICS_TP_V103, HID_QUIRK_NO_INIT_REPORTS }, - - { 0, 0 } - }; --- -1.9.0 - diff --git a/USB-serial-ftdi_sio-add-id-for-Brainboxes-serial-car.patch b/USB-serial-ftdi_sio-add-id-for-Brainboxes-serial-car.patch deleted file mode 100644 index e144c6969..000000000 --- a/USB-serial-ftdi_sio-add-id-for-Brainboxes-serial-car.patch +++ /dev/null @@ -1,112 +0,0 @@ -Bugzilla: 1071914 -Upstream-status: 3.15 - -From efe26e16b1d93ac0085e69178cc18811629e8fc5 Mon Sep 17 00:00:00 2001 -From: Michele Baldessari -Date: Mon, 31 Mar 2014 10:51:00 +0200 -Subject: [PATCH] USB: serial: ftdi_sio: add id for Brainboxes serial cards - -Custom VID/PIDs for Brainboxes cards as reported in -https://bugzilla.redhat.com/show_bug.cgi?id=1071914 - -Signed-off-by: Michele Baldessari -Cc: stable -Signed-off-by: Johan Hovold -Signed-off-by: Greg Kroah-Hartman ---- - drivers/usb/serial/ftdi_sio.c | 33 +++++++++++++++++++++++++++++++++ - drivers/usb/serial/ftdi_sio_ids.h | 37 +++++++++++++++++++++++++++++++++++++ - 2 files changed, 70 insertions(+) - -diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c -index 44ab12986805..7c6e1dedeb06 100644 ---- a/drivers/usb/serial/ftdi_sio.c -+++ b/drivers/usb/serial/ftdi_sio.c -@@ -909,6 +909,39 @@ static const struct usb_device_id id_table_combined[] = { - { USB_DEVICE(FTDI_VID, FTDI_Z3X_PID) }, - /* Cressi Devices */ - { USB_DEVICE(FTDI_VID, FTDI_CRESSI_PID) }, -+ /* Brainboxes Devices */ -+ { USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_VX_001_PID) }, -+ { USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_VX_012_PID) }, -+ { USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_VX_023_PID) }, -+ { USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_VX_034_PID) }, -+ { USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_101_PID) }, -+ { USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_160_1_PID) }, -+ { USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_160_2_PID) }, -+ { USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_160_3_PID) }, -+ { USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_160_4_PID) }, -+ { USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_160_5_PID) }, -+ { USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_160_6_PID) }, -+ { USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_160_7_PID) }, -+ { USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_160_8_PID) }, -+ { USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_257_PID) }, -+ { USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_279_1_PID) }, -+ { USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_279_2_PID) }, -+ { USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_279_3_PID) }, -+ { USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_279_4_PID) }, -+ { USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_313_PID) }, -+ { USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_324_PID) }, -+ { USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_346_1_PID) }, -+ { USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_346_2_PID) }, -+ { USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_357_PID) }, -+ { USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_606_1_PID) }, -+ { USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_606_2_PID) }, -+ { USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_606_3_PID) }, -+ { USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_701_1_PID) }, -+ { USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_701_2_PID) }, -+ { USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_842_1_PID) }, -+ { USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_842_2_PID) }, -+ { USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_842_3_PID) }, -+ { USB_DEVICE(BRAINBOXES_VID, BRAINBOXES_US_842_4_PID) }, - { } /* Terminating entry */ - }; - -diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h -index e599fbfcde5f..993c93df6874 100644 ---- a/drivers/usb/serial/ftdi_sio_ids.h -+++ b/drivers/usb/serial/ftdi_sio_ids.h -@@ -1326,3 +1326,40 @@ - * Manufacturer: Cressi - */ - #define FTDI_CRESSI_PID 0x87d0 -+ -+/* -+ * Brainboxes devices -+ */ -+#define BRAINBOXES_VID 0x05d1 -+#define BRAINBOXES_VX_001_PID 0x1001 /* VX-001 ExpressCard 1 Port RS232 */ -+#define BRAINBOXES_VX_012_PID 0x1002 /* VX-012 ExpressCard 2 Port RS232 */ -+#define BRAINBOXES_VX_023_PID 0x1003 /* VX-023 ExpressCard 1 Port RS422/485 */ -+#define BRAINBOXES_VX_034_PID 0x1004 /* VX-034 ExpressCard 2 Port RS422/485 */ -+#define BRAINBOXES_US_101_PID 0x1011 /* US-101 1xRS232 */ -+#define BRAINBOXES_US_324_PID 0x1013 /* US-324 1xRS422/485 1Mbaud */ -+#define BRAINBOXES_US_606_1_PID 0x2001 /* US-606 6 Port RS232 Serial Port 1 and 2 */ -+#define BRAINBOXES_US_606_2_PID 0x2002 /* US-606 6 Port RS232 Serial Port 3 and 4 */ -+#define BRAINBOXES_US_606_3_PID 0x2003 /* US-606 6 Port RS232 Serial Port 4 and 6 */ -+#define BRAINBOXES_US_701_1_PID 0x2011 /* US-701 4xRS232 1Mbaud Port 1 and 2 */ -+#define BRAINBOXES_US_701_2_PID 0x2012 /* US-701 4xRS422 1Mbaud Port 3 and 4 */ -+#define BRAINBOXES_US_279_1_PID 0x2021 /* US-279 8xRS422 1Mbaud Port 1 and 2 */ -+#define BRAINBOXES_US_279_2_PID 0x2022 /* US-279 8xRS422 1Mbaud Port 3 and 4 */ -+#define BRAINBOXES_US_279_3_PID 0x2023 /* US-279 8xRS422 1Mbaud Port 5 and 6 */ -+#define BRAINBOXES_US_279_4_PID 0x2024 /* US-279 8xRS422 1Mbaud Port 7 and 8 */ -+#define BRAINBOXES_US_346_1_PID 0x3011 /* US-346 4xRS422/485 1Mbaud Port 1 and 2 */ -+#define BRAINBOXES_US_346_2_PID 0x3012 /* US-346 4xRS422/485 1Mbaud Port 3 and 4 */ -+#define BRAINBOXES_US_257_PID 0x5001 /* US-257 2xRS232 1Mbaud */ -+#define BRAINBOXES_US_313_PID 0x6001 /* US-313 2xRS422/485 1Mbaud */ -+#define BRAINBOXES_US_357_PID 0x7001 /* US_357 1xRS232/422/485 */ -+#define BRAINBOXES_US_842_1_PID 0x8001 /* US-842 8xRS422/485 1Mbaud Port 1 and 2 */ -+#define BRAINBOXES_US_842_2_PID 0x8002 /* US-842 8xRS422/485 1Mbaud Port 3 and 4 */ -+#define BRAINBOXES_US_842_3_PID 0x8003 /* US-842 8xRS422/485 1Mbaud Port 5 and 6 */ -+#define BRAINBOXES_US_842_4_PID 0x8004 /* US-842 8xRS422/485 1Mbaud Port 7 and 8 */ -+#define BRAINBOXES_US_160_1_PID 0x9001 /* US-160 16xRS232 1Mbaud Port 1 and 2 */ -+#define BRAINBOXES_US_160_2_PID 0x9002 /* US-160 16xRS232 1Mbaud Port 3 and 4 */ -+#define BRAINBOXES_US_160_3_PID 0x9003 /* US-160 16xRS232 1Mbaud Port 5 and 6 */ -+#define BRAINBOXES_US_160_4_PID 0x9004 /* US-160 16xRS232 1Mbaud Port 7 and 8 */ -+#define BRAINBOXES_US_160_5_PID 0x9005 /* US-160 16xRS232 1Mbaud Port 9 and 10 */ -+#define BRAINBOXES_US_160_6_PID 0x9006 /* US-160 16xRS232 1Mbaud Port 11 and 12 */ -+#define BRAINBOXES_US_160_7_PID 0x9007 /* US-160 16xRS232 1Mbaud Port 13 and 14 */ -+#define BRAINBOXES_US_160_8_PID 0x9008 /* US-160 16xRS232 1Mbaud Port 15 and 16 */ --- -1.9.0 - diff --git a/filter-prevent-nla-extensions-to-peek-beyond-the-end.patch b/filter-prevent-nla-extensions-to-peek-beyond-the-end.patch deleted file mode 100644 index 1aec648f9..000000000 --- a/filter-prevent-nla-extensions-to-peek-beyond-the-end.patch +++ /dev/null @@ -1,98 +0,0 @@ -Bugzilla: 1096784 -Upstream-status: 3.15 - -From 0e1e9b265ec6c9b69ba5443e0d11aaa9a92ded53 Mon Sep 17 00:00:00 2001 -From: Mathias Krause -Date: Sun, 13 Apr 2014 18:23:33 +0200 -Subject: [PATCH] filter: prevent nla extensions to peek beyond the end of the - message - -Upstream commit 05ab8f2647e4221cbdb3856dd7d32bd5407316b3 - -The BPF_S_ANC_NLATTR and BPF_S_ANC_NLATTR_NEST extensions fail to check -for a minimal message length before testing the supplied offset to be -within the bounds of the message. This allows the subtraction of the nla -header to underflow and therefore -- as the data type is unsigned -- -allowing far to big offset and length values for the search of the -netlink attribute. - -The remainder calculation for the BPF_S_ANC_NLATTR_NEST extension is -also wrong. It has the minuend and subtrahend mixed up, therefore -calculates a huge length value, allowing to overrun the end of the -message while looking for the netlink attribute. - -The following three BPF snippets will trigger the bugs when attached to -a UNIX datagram socket and parsing a message with length 1, 2 or 3. - - ,-[ PoC for missing size check in BPF_S_ANC_NLATTR ]-- - | ld #0x87654321 - | ldx #42 - | ld #nla - | ret a - `--- - - ,-[ PoC for the same bug in BPF_S_ANC_NLATTR_NEST ]-- - | ld #0x87654321 - | ldx #42 - | ld #nlan - | ret a - `--- - - ,-[ PoC for wrong remainder calculation in BPF_S_ANC_NLATTR_NEST ]-- - | ; (needs a fake netlink header at offset 0) - | ld #0 - | ldx #42 - | ld #nlan - | ret a - `--- - -Fix the first issue by ensuring the message length fulfills the minimal -size constrains of a nla header. Fix the second bug by getting the math -for the remainder calculation right. - -Fixes: 4738c1db15 ("[SKFILTER]: Add SKF_ADF_NLATTR instruction") -Fixes: d214c7537b ("filter: add SKF_AD_NLATTR_NEST to look for nested..") -Cc: Patrick McHardy -Cc: Pablo Neira Ayuso -Signed-off-by: Mathias Krause -Acked-by: Daniel Borkmann -Signed-off-by: David S. Miller ---- - net/core/filter.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/net/core/filter.c b/net/core/filter.c -index ad30d626a5bd..7be35b5fc22f 100644 ---- a/net/core/filter.c -+++ b/net/core/filter.c -@@ -355,6 +355,10 @@ load_b: - - if (skb_is_nonlinear(skb)) - return 0; -+ -+ if (skb->len < sizeof(struct nlattr)) -+ return 0; -+ - if (A > skb->len - sizeof(struct nlattr)) - return 0; - -@@ -371,11 +375,15 @@ load_b: - - if (skb_is_nonlinear(skb)) - return 0; -+ -+ if (skb->len < sizeof(struct nlattr)) -+ return 0; -+ - if (A > skb->len - sizeof(struct nlattr)) - return 0; - - nla = (struct nlattr *)&skb->data[A]; -- if (nla->nla_len > A - skb->len) -+ if (nla->nla_len > skb->len - A) - return 0; - - nla = nla_find_nested(nla, X); --- -1.9.0 - diff --git a/kernel.spec b/kernel.spec index 89052f176..200eb621d 100644 --- a/kernel.spec +++ b/kernel.spec @@ -74,7 +74,7 @@ Summary: The Linux kernel %if 0%{?released_kernel} # Do we have a -stable update to apply? -%define stable_update 4 +%define stable_update 5 # Is it a -stable RC? %define stable_rc 0 # Set rpm version accordingly @@ -715,15 +715,9 @@ Patch25047: drm-radeon-Disable-writeback-by-default-on-ppc.patch #rhbz 1051748 Patch25035: Bluetooth-allocate-static-minor-for-vhci.patch -#CVE-2014-2851 rhbz 1086730 1087420 -Patch25059: net-ipv4-current-group_info-should-be-put-after-using.patch - #rhbz 1074710 Patch25061: mm-page_alloc.c-change-mm-debug-routines-back-to-EXP.patch -#rhbz 1071914 -Patch25063: USB-serial-ftdi_sio-add-id-for-Brainboxes-serial-car.patch - #rhbz 1048314 Patch25062: 0001-HID-rmi-introduce-RMI-driver-for-Synaptics-touchpads.patch @@ -748,14 +742,10 @@ Patch25070: 0001-acpi-video-Add-4-new-models-to-the-use_native_backli.patch #rhbz 1060327 Patch25071: drm-fix-qxl-mode-flags-backport.patch -#rhbz 1093931 -Patch25073: net-Start-with-correct-mac_len-in-skb_network_protoc.patch - #rhbz 1089545 Patch25074: 0001-acpi-video-Add-use_native_backlight-quirks-for-Think.patch #misc input fixes -Patch25077: 0001-hid-quirks-Add-NO_INIT_REPORTS-quirk-for-Synaptics-T.patch Patch25078: 0002-elantech-Fix-elantech-on-Gigabyte-U2442.patch #rhbz 861573 @@ -765,7 +755,6 @@ Patch25079: 0003-samsung-laptop-Add-broken-acpi-video-quirk-for-NC210.patch Patch25080: 0004-acpi-blacklist-Add-dmi_enable_osi_linux-quirk-for-As.patch #CVE-2014-0181 rhbz 1094270 1094265 -Patch25081: net-Fix-ns_capable-check-in-sock_diag_put_filterinfo.patch Patch25082: 1-5-netlink-Rename-netlink_capable-netlink_allowed.patch Patch25083: 2-5-net-Move-the-permission-check-in-sock_diag_put_filterinfo-to-packet_diag_dump.patch Patch25084: 3-5-net-Add-variants-of-capable-for-use-on-on-sockets.patch @@ -775,9 +764,6 @@ Patch25086: 5-5-net-Use-netlink_ns_capable-to-verify-the-permisions-of-netlink-m #rhbz 1082266 Patch25087: jme-fix-dma-unmap-error.patch -# CVE-2014-3144 CVE-2014-3145 rhbz 1096775, 1096784 -Patch25090: filter-prevent-nla-extensions-to-peek-beyond-the-end.patch - #rhbz 1096436 Patch25091: 0001-synaptics-Add-min-max-quirk-for-the-ThinkPad-W540.patch @@ -1454,15 +1440,9 @@ ApplyPatch 0001-HID-rmi-do-not-handle-touchscreens-through-hid-rmi.patch #rhbz 1090161 ApplyPatch HID-rmi-do-not-fetch-more-than-16-bytes-in-a-query.patch -#CVE-2014-2851 rhbz 1086730 1087420 -ApplyPatch net-ipv4-current-group_info-should-be-put-after-using.patch - #rhbz 1074710 ApplyPatch mm-page_alloc.c-change-mm-debug-routines-back-to-EXP.patch -#rhbz 1071914 -ApplyPatch USB-serial-ftdi_sio-add-id-for-Brainboxes-serial-car.patch - #rhbz 1013466 ApplyPatch selinux-put-the-mmap-DAC-controls-before-the-MAC-controls.patch @@ -1478,14 +1458,10 @@ ApplyPatch 0001-acpi-video-Add-4-new-models-to-the-use_native_backli.patch #rhbz 1060327 ApplyPatch drm-fix-qxl-mode-flags-backport.patch -#rhbz 1093931 -ApplyPatch net-Start-with-correct-mac_len-in-skb_network_protoc.patch - #rhbz 1089545 ApplyPatch 0001-acpi-video-Add-use_native_backlight-quirks-for-Think.patch #misc input fixes -ApplyPatch 0001-hid-quirks-Add-NO_INIT_REPORTS-quirk-for-Synaptics-T.patch ApplyPatch 0002-elantech-Fix-elantech-on-Gigabyte-U2442.patch #rhbz 861573 @@ -1495,7 +1471,6 @@ ApplyPatch 0003-samsung-laptop-Add-broken-acpi-video-quirk-for-NC210.patch ApplyPatch 0004-acpi-blacklist-Add-dmi_enable_osi_linux-quirk-for-As.patch #CVE-2014-0181 rhbz 1094270 1094265 -ApplyPatch net-Fix-ns_capable-check-in-sock_diag_put_filterinfo.patch ApplyPatch 1-5-netlink-Rename-netlink_capable-netlink_allowed.patch ApplyPatch 2-5-net-Move-the-permission-check-in-sock_diag_put_filterinfo-to-packet_diag_dump.patch ApplyPatch 3-5-net-Add-variants-of-capable-for-use-on-on-sockets.patch @@ -1505,9 +1480,6 @@ ApplyPatch 5-5-net-Use-netlink_ns_capable-to-verify-the-permisions-of-netlink-me #rhbz 1082266 ApplyPatch jme-fix-dma-unmap-error.patch -# CVE-2014-3144 CVE-2014-3145 rhbz 1096775, 1096784 -ApplyPatch filter-prevent-nla-extensions-to-peek-beyond-the-end.patch - #rhbz 1096436 ApplyPatch 0001-synaptics-Add-min-max-quirk-for-the-ThinkPad-W540.patch @@ -2329,6 +2301,9 @@ fi # and build. %changelog +* Mon Jun 02 2014 Justin M. Forbes - 3.14.5-100 +- Linux v3.14.5 + * Thu May 29 2014 Josh Boyer - CVE-2014-3917 DoS with syscall auditing (rhbz 1102571 1102715) diff --git a/modsign-uefi.patch b/modsign-uefi.patch index 17009c196..a3f3a56e0 100644 --- a/modsign-uefi.patch +++ b/modsign-uefi.patch @@ -283,9 +283,9 @@ index 0ff5407..ba76e57 100644 + are used by the module signature checking to reject loading of modules + signed with a blacklisted key. + - menuconfig MODULES - bool "Enable loadable module support" - option modules + config PROFILING + bool "Profiling support" + help diff --git a/kernel/module_signing.c b/kernel/module_signing.c index 0b6b870..0a29b40 100644 --- a/kernel/module_signing.c diff --git a/net-Fix-ns_capable-check-in-sock_diag_put_filterinfo.patch b/net-Fix-ns_capable-check-in-sock_diag_put_filterinfo.patch deleted file mode 100644 index 9e4abdb9a..000000000 --- a/net-Fix-ns_capable-check-in-sock_diag_put_filterinfo.patch +++ /dev/null @@ -1,72 +0,0 @@ -Bugzilla: 1094270 -Upstream-status: 3.15 and queued for stable - -From 3b72ed3ca18b9f55fc90f55a52c32b22b3a2837e Mon Sep 17 00:00:00 2001 -From: Andrew Lutomirski -Date: Wed, 16 Apr 2014 21:41:34 -0700 -Subject: [PATCH 1/6] net: Fix ns_capable check in sock_diag_put_filterinfo - -The caller needs capabilities on the namespace being queried, not on -their own namespace. This is a security bug, although it likely has -only a minor impact. - -Cc: stable@vger.kernel.org -Signed-off-by: Andy Lutomirski -Acked-by: Nicolas Dichtel ---- - include/linux/sock_diag.h | 2 +- - net/core/sock_diag.c | 4 ++-- - net/packet/diag.c | 2 +- - 3 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/include/linux/sock_diag.h b/include/linux/sock_diag.h -index 54f91d35e5fd..302ab805b0bb 100644 ---- a/include/linux/sock_diag.h -+++ b/include/linux/sock_diag.h -@@ -23,7 +23,7 @@ int sock_diag_check_cookie(void *sk, __u32 *cookie); - void sock_diag_save_cookie(void *sk, __u32 *cookie); - - int sock_diag_put_meminfo(struct sock *sk, struct sk_buff *skb, int attr); --int sock_diag_put_filterinfo(struct user_namespace *user_ns, struct sock *sk, -+int sock_diag_put_filterinfo(struct sock *sk, - struct sk_buff *skb, int attrtype); - - #endif -diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c -index a0e9cf6379de..6a7fae228634 100644 ---- a/net/core/sock_diag.c -+++ b/net/core/sock_diag.c -@@ -49,7 +49,7 @@ int sock_diag_put_meminfo(struct sock *sk, struct sk_buff *skb, int attrtype) - } - EXPORT_SYMBOL_GPL(sock_diag_put_meminfo); - --int sock_diag_put_filterinfo(struct user_namespace *user_ns, struct sock *sk, -+int sock_diag_put_filterinfo(struct sock *sk, - struct sk_buff *skb, int attrtype) - { - struct nlattr *attr; -@@ -57,7 +57,7 @@ int sock_diag_put_filterinfo(struct user_namespace *user_ns, struct sock *sk, - unsigned int len; - int err = 0; - -- if (!ns_capable(user_ns, CAP_NET_ADMIN)) { -+ if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) { - nla_reserve(skb, attrtype, 0); - return 0; - } -diff --git a/net/packet/diag.c b/net/packet/diag.c -index 533ce4ff108a..435ff99ba8c7 100644 ---- a/net/packet/diag.c -+++ b/net/packet/diag.c -@@ -172,7 +172,7 @@ static int sk_diag_fill(struct sock *sk, struct sk_buff *skb, - goto out_nlmsg_trim; - - if ((req->pdiag_show & PACKET_SHOW_FILTER) && -- sock_diag_put_filterinfo(user_ns, sk, skb, PACKET_DIAG_FILTER)) -+ sock_diag_put_filterinfo(sk, skb, PACKET_DIAG_FILTER)) - goto out_nlmsg_trim; - - return nlmsg_end(skb, nlh); --- -1.9.0 - diff --git a/net-Start-with-correct-mac_len-in-skb_network_protoc.patch b/net-Start-with-correct-mac_len-in-skb_network_protoc.patch deleted file mode 100644 index fc3262d8e..000000000 --- a/net-Start-with-correct-mac_len-in-skb_network_protoc.patch +++ /dev/null @@ -1,48 +0,0 @@ -Bugzilla: 1093931 -Upstream-status: 3.15 and queued for stable (3.14.y only) - -From 1e785f48d29a09b6cf96db7b49b6320dada332e1 Mon Sep 17 00:00:00 2001 -From: Vlad Yasevich -Date: Mon, 14 Apr 2014 17:37:26 -0400 -Subject: [PATCH] net: Start with correct mac_len in skb_network_protocol - -Sometimes, when the packet arrives at skb_mac_gso_segment() -its skb->mac_len already accounts for some of the mac lenght -headers in the packet. This seems to happen when forwarding -through and OpenSSL tunnel. - -When we start looking for any vlan headers in skb_network_protocol() -we seem to ignore any of the already known mac headers and start -with an ETH_HLEN. This results in an incorrect offset, dropped -TSO frames and general slowness of the connection. - -We can start counting from the known skb->mac_len -and return at least that much if all mac level headers -are known and accounted for. - -Fixes: 53d6471cef17262d3ad1c7ce8982a234244f68ec (net: Account for all vlan headers in skb_mac_gso_segment) -CC: Eric Dumazet -CC: Daniel Borkman -Tested-by: Martin Filip -Signed-off-by: Vlad Yasevich -Signed-off-by: David S. Miller ---- - net/core/dev.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/net/core/dev.c b/net/core/dev.c -index 14dac0654f28..5b3042e69f85 100644 ---- a/net/core/dev.c -+++ b/net/core/dev.c -@@ -2284,7 +2284,7 @@ EXPORT_SYMBOL(skb_checksum_help); - __be16 skb_network_protocol(struct sk_buff *skb, int *depth) - { - __be16 type = skb->protocol; -- int vlan_depth = ETH_HLEN; -+ int vlan_depth = skb->mac_len; - - /* Tunnel gso handlers can set protocol to ethernet. */ - if (type == htons(ETH_P_TEB)) { --- -1.9.0 - diff --git a/net-ipv4-current-group_info-should-be-put-after-using.patch b/net-ipv4-current-group_info-should-be-put-after-using.patch deleted file mode 100644 index 265b3839b..000000000 --- a/net-ipv4-current-group_info-should-be-put-after-using.patch +++ /dev/null @@ -1,64 +0,0 @@ -Bugzilla: 1087420 -Upstream-status: Queued for 3.15 and stable - -From b04c46190219a4f845e46a459e3102137b7f6cac Mon Sep 17 00:00:00 2001 -From: "Wang, Xiaoming" -Date: Mon, 14 Apr 2014 12:30:45 -0400 -Subject: net: ipv4: current group_info should be put after using. - -Plug a group_info refcount leak in ping_init. -group_info is only needed during initialization and -the code failed to release the reference on exit. -While here move grabbing the reference to a place -where it is actually needed. - -Signed-off-by: Chuansheng Liu -Signed-off-by: Zhang Dongxing -Signed-off-by: xiaoming wang -Signed-off-by: David S. Miller - -diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c -index f4b19e5..8210964 100644 ---- a/net/ipv4/ping.c -+++ b/net/ipv4/ping.c -@@ -252,26 +252,33 @@ int ping_init_sock(struct sock *sk) - { - struct net *net = sock_net(sk); - kgid_t group = current_egid(); -- struct group_info *group_info = get_current_groups(); -- int i, j, count = group_info->ngroups; -+ struct group_info *group_info; -+ int i, j, count; - kgid_t low, high; -+ int ret = 0; - - inet_get_ping_group_range_net(net, &low, &high); - if (gid_lte(low, group) && gid_lte(group, high)) - return 0; - -+ group_info = get_current_groups(); -+ count = group_info->ngroups; - for (i = 0; i < group_info->nblocks; i++) { - int cp_count = min_t(int, NGROUPS_PER_BLOCK, count); - for (j = 0; j < cp_count; j++) { - kgid_t gid = group_info->blocks[i][j]; - if (gid_lte(low, gid) && gid_lte(gid, high)) -- return 0; -+ goto out_release_group; - } - - count -= cp_count; - } - -- return -EACCES; -+ ret = -EACCES; -+ -+out_release_group: -+ put_group_info(group_info); -+ return ret; - } - EXPORT_SYMBOL_GPL(ping_init_sock); - --- -cgit v0.10.1 - diff --git a/sources b/sources index acf61ae23..22e51661f 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz -116f27cf17c3522716b6678b17516067 patch-3.14.4.xz +a56bf05cb9033097198f9269bbcff130 patch-3.14.5.xz