[linux] 10/29: remove patches included in the new stable releases
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Tue Jan 23 17:14:06 UTC 2018
This is an automated email from the git hooks/post-receive script.
corsac pushed a commit to branch stretch
in repository linux.
commit fefe52bc200a84b32a57da0514c1c4b4a398db47
Author: Yves-Alexis Perez <corsac at corsac.net>
Date: Fri Jan 5 17:52:55 2018 +0100
remove patches included in the new stable releases
---
...s_equal-comparison-of-pointer-and-unknown.patch | 36 -----------
...4-fix-for-a-race-condition-in-raw_sendmsg.patch | 71 ----------------------
.../all/netlink-add-netns-check-on-taps.patch | 39 ------------
debian/patches/series | 3 -
4 files changed, 149 deletions(-)
diff --git a/debian/patches/bugfix/all/bpf-verifier-fix-states_equal-comparison-of-pointer-and-unknown.patch b/debian/patches/bugfix/all/bpf-verifier-fix-states_equal-comparison-of-pointer-and-unknown.patch
deleted file mode 100644
index eec2090..0000000
--- a/debian/patches/bugfix/all/bpf-verifier-fix-states_equal-comparison-of-pointer-and-unknown.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From: Ben Hutchings <ben at decadent.org.uk>
-Date: Sat, 23 Dec 2017 00:29:56 +0000
-Subject: bpf/verifier: Fix states_equal() comparison of pointer and UNKNOWN
-
-An UNKNOWN_VALUE is not supposed to be derived from a pointer, unless
-pointer leaks are allowed. Therefore, states_equal() must not treat
-a state with a pointer in a register as "equal" to a state with an
-UNKNOWN_VALUE in that register.
-
-This was fixed differently upstream, but the code around here was
-largely rewritten in 4.14 by commit f1174f77b50c "bpf/verifier: rework
-value tracking". The bug can be detected by the bpf/verifier sub-test
-"pointer/scalar confusion in state equality check (way 1)".
-
-Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
-Cc: Edward Cree <ecree at solarflare.com>
-Cc: Jann Horn <jannh at google.com>
-Cc: Alexei Starovoitov <ast at kernel.org>
----
---- a/kernel/bpf/verifier.c
-+++ b/kernel/bpf/verifier.c
-@@ -2722,11 +2722,12 @@ static bool states_equal(struct bpf_veri
-
- /* If we didn't map access then again we don't care about the
- * mismatched range values and it's ok if our old type was
-- * UNKNOWN and we didn't go to a NOT_INIT'ed reg.
-+ * UNKNOWN and we didn't go to a NOT_INIT'ed or pointer reg.
- */
- if (rold->type == NOT_INIT ||
- (!varlen_map_access && rold->type == UNKNOWN_VALUE &&
-- rcur->type != NOT_INIT))
-+ rcur->type != NOT_INIT &&
-+ !__is_pointer_value(env->allow_ptr_leaks, rcur)))
- continue;
-
- /* Don't care about the reg->id in this case. */
diff --git a/debian/patches/bugfix/all/net-ipv4-fix-for-a-race-condition-in-raw_sendmsg.patch b/debian/patches/bugfix/all/net-ipv4-fix-for-a-race-condition-in-raw_sendmsg.patch
deleted file mode 100644
index bf12066..0000000
--- a/debian/patches/bugfix/all/net-ipv4-fix-for-a-race-condition-in-raw_sendmsg.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From: Mohamed Ghannam <simo.ghannam at gmail.com>
-Date: Sun, 10 Dec 2017 03:50:58 +0000
-Subject: net: ipv4: fix for a race condition in raw_sendmsg
-Origin: https://git.kernel.org/linus/8f659a03a0ba9289b9aeb9b4470e6fb263d6f483
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17712
-
-inet->hdrincl is racy, and could lead to uninitialized stack pointer
-usage, so its value should be read only once.
-
-Fixes: c008ba5bdc9f ("ipv4: Avoid reading user iov twice after raw_probe_proto_opt")
-Signed-off-by: Mohamed Ghannam <simo.ghannam at gmail.com>
-Reviewed-by: Eric Dumazet <edumazet at google.com>
-Signed-off-by: David S. Miller <davem at davemloft.net>
-[bwh: Backported to 4.9: adjust context]
----
- net/ipv4/raw.c | 15 ++++++++++-----
- 1 file changed, 10 insertions(+), 5 deletions(-)
-
---- a/net/ipv4/raw.c
-+++ b/net/ipv4/raw.c
-@@ -502,11 +502,16 @@ static int raw_sendmsg(struct sock *sk,
- int err;
- struct ip_options_data opt_copy;
- struct raw_frag_vec rfv;
-+ int hdrincl;
-
- err = -EMSGSIZE;
- if (len > 0xFFFF)
- goto out;
-
-+ /* hdrincl should be READ_ONCE(inet->hdrincl)
-+ * but READ_ONCE() doesn't work with bit fields
-+ */
-+ hdrincl = inet->hdrincl;
- /*
- * Check the flags.
- */
-@@ -582,7 +587,7 @@ static int raw_sendmsg(struct sock *sk,
- /* Linux does not mangle headers on raw sockets,
- * so that IP options + IP_HDRINCL is non-sense.
- */
-- if (inet->hdrincl)
-+ if (hdrincl)
- goto done;
- if (ipc.opt->opt.srr) {
- if (!daddr)
-@@ -604,12 +609,12 @@ static int raw_sendmsg(struct sock *sk,
-
- flowi4_init_output(&fl4, ipc.oif, sk->sk_mark, tos,
- RT_SCOPE_UNIVERSE,
-- inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol,
-+ hdrincl ? IPPROTO_RAW : sk->sk_protocol,
- inet_sk_flowi_flags(sk) |
-- (inet->hdrincl ? FLOWI_FLAG_KNOWN_NH : 0),
-+ (hdrincl ? FLOWI_FLAG_KNOWN_NH : 0),
- daddr, saddr, 0, 0);
-
-- if (!inet->hdrincl) {
-+ if (!hdrincl) {
- rfv.msg = msg;
- rfv.hlen = 0;
-
-@@ -634,7 +639,7 @@ static int raw_sendmsg(struct sock *sk,
- goto do_confirm;
- back_from_confirm:
-
-- if (inet->hdrincl)
-+ if (hdrincl)
- err = raw_send_hdrinc(sk, &fl4, msg, len,
- &rt, msg->msg_flags, &ipc.sockc);
-
diff --git a/debian/patches/bugfix/all/netlink-add-netns-check-on-taps.patch b/debian/patches/bugfix/all/netlink-add-netns-check-on-taps.patch
deleted file mode 100644
index 3fd0875..0000000
--- a/debian/patches/bugfix/all/netlink-add-netns-check-on-taps.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From: Kevin Cernekee <cernekee at chromium.org>
-Date: Wed, 6 Dec 2017 12:12:27 -0800
-Subject: netlink: Add netns check on taps
-Origin: https://git.kernel.org/linus/93c647643b48f0131f02e45da3bd367d80443291
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17449
-
-Currently, a nlmon link inside a child namespace can observe systemwide
-netlink activity. Filter the traffic so that nlmon can only sniff
-netlink messages from its own netns.
-
-Test case:
-
- vpnns -- bash -c "ip link add nlmon0 type nlmon; \
- ip link set nlmon0 up; \
- tcpdump -i nlmon0 -q -w /tmp/nlmon.pcap -U" &
- sudo ip xfrm state add src 10.1.1.1 dst 10.1.1.2 proto esp \
- spi 0x1 mode transport \
- auth sha1 0x6162633132330000000000000000000000000000 \
- enc aes 0x00000000000000000000000000000000
- grep --binary abc123 /tmp/nlmon.pcap
-
-Signed-off-by: Kevin Cernekee <cernekee at chromium.org>
-Signed-off-by: David S. Miller <davem at davemloft.net>
----
- net/netlink/af_netlink.c | 3 +++
- 1 file changed, 3 insertions(+)
-
---- a/net/netlink/af_netlink.c
-+++ b/net/netlink/af_netlink.c
-@@ -223,6 +223,9 @@ static int __netlink_deliver_tap_skb(str
- struct sock *sk = skb->sk;
- int ret = -ENOMEM;
-
-+ if (!net_eq(dev_net(dev), sock_net(sk)))
-+ return 0;
-+
- dev_hold(dev);
-
- if (is_vmalloc_addr(skb->head))
diff --git a/debian/patches/series b/debian/patches/series
index eb018fd..aeef684 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -140,11 +140,8 @@ bugfix/all/dccp-cve-2017-8824-use-after-free-in-dccp-code.patch
bugfix/all/media-dvb-usb-v2-lmedm04-Improve-logic-checking-of-w.patch
bugfix/all/media-dvb-usb-v2-lmedm04-move-ts2020-attach-to-dm04_.patch
bugfix/all/media-hdpvr-fix-an-error-handling-path-in-hdpvr_prob.patch
-bugfix/all/bpf-verifier-fix-states_equal-comparison-of-pointer-and-unknown.patch
bugfix/all/netfilter-nfnetlink_cthelper-add-missing-permission-.patch
-bugfix/all/netlink-add-netns-check-on-taps.patch
bugfix/all/netfilter-xt_osf-add-missing-permission-checks.patch
-bugfix/all/net-ipv4-fix-for-a-race-condition-in-raw_sendmsg.patch
bugfix/all/kvm-fix-stack-out-of-bounds-read-in-write_mmio.patch
bugfix/all/bluetooth-prevent-stack-info-leak-from-the-efs-element.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list