diff options
author | Josh Boyer <jwboyer@fedoraproject.org> | 2015-07-29 13:04:09 -0400 |
---|---|---|
committer | Josh Boyer <jwboyer@fedoraproject.org> | 2015-07-29 13:04:35 -0400 |
commit | b6e2727857c3bb7ecd81354447e8813d0b29ba59 (patch) | |
tree | a347843acb2fac9624dadcf754fd8ef6d8cf2546 | |
parent | 7031fc6322284526674d7e513ab2f4f33ebc8c6f (diff) | |
download | kernel-b6e2727857c3bb7ecd81354447e8813d0b29ba59.tar.gz kernel-b6e2727857c3bb7ecd81354447e8813d0b29ba59.tar.xz kernel-b6e2727857c3bb7ecd81354447e8813d0b29ba59.zip |
Linux v4.2-rc4-53-g956325bd55bb
-rw-r--r-- | KEYS-ensure-we-free-the-assoc-array-edit-if-edit-is-.patch | 45 | ||||
-rw-r--r-- | kernel.spec | 7 | ||||
-rw-r--r-- | sources | 2 |
3 files changed, 5 insertions, 49 deletions
diff --git a/KEYS-ensure-we-free-the-assoc-array-edit-if-edit-is-.patch b/KEYS-ensure-we-free-the-assoc-array-edit-if-edit-is-.patch deleted file mode 100644 index dc43b8ae2..000000000 --- a/KEYS-ensure-we-free-the-assoc-array-edit-if-edit-is-.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 3881b164810a564714dfdc16520b0fe538ae4bf7 Mon Sep 17 00:00:00 2001 -From: David Howells <dhowells@redhat.com> -Date: Mon, 27 Jul 2015 15:23:43 +0100 -Subject: [PATCH] KEYS: ensure we free the assoc array edit if edit is valid - -__key_link_end is not freeing the associated array edit structure -and this leads to a 512 byte memory leak each time an identical -existing key is added with add_key(). - -The reason the add_key() system call returns okay is that -key_create_or_update() calls __key_link_begin() before checking to see -whether it can update a key directly rather than adding/replacing - which -it turns out it can. Thus __key_link() is not called through -__key_instantiate_and_link() and __key_link_end() must cancel the edit. - -CVE-2015-1333 - -Signed-off-by: Colin Ian King <colin.king@canonical.com> -Signed-off-by: David Howells <dhowells@redhat.com> ---- - security/keys/keyring.c | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/security/keys/keyring.c b/security/keys/keyring.c -index e72548b5897e..d33437007ad2 100644 ---- a/security/keys/keyring.c -+++ b/security/keys/keyring.c -@@ -1181,9 +1181,11 @@ void __key_link_end(struct key *keyring, - if (index_key->type == &key_type_keyring) - up_write(&keyring_serialise_link_sem); - -- if (edit && !edit->dead_leaf) { -- key_payload_reserve(keyring, -- keyring->datalen - KEYQUOTA_LINK_BYTES); -+ if (edit) { -+ if (!edit->dead_leaf) { -+ key_payload_reserve(keyring, -+ keyring->datalen - KEYQUOTA_LINK_BYTES); -+ } - assoc_array_cancel_edit(edit); - } - up_write(&keyring->sem); --- -2.4.3 - diff --git a/kernel.spec b/kernel.spec index 97dc4b588..d1c7d97f1 100644 --- a/kernel.spec +++ b/kernel.spec @@ -67,7 +67,7 @@ Summary: The Linux kernel # The rc snapshot level %define rcrev 4 # The git snapshot level -%define gitrev 1 +%define gitrev 2 # Set rpm version accordingly %define rpmversion 4.%{upstream_sublevel}.0 %endif @@ -582,8 +582,6 @@ Patch502: firmware-Drop-WARN-from-usermodehelper_read_trylock-.patch Patch503: drm-i915-turn-off-wc-mmaps.patch -Patch504: KEYS-ensure-we-free-the-assoc-array-edit-if-edit-is-.patch - Patch904: kdbus.patch # END OF PATCH DEFINITIONS @@ -2021,6 +2019,9 @@ fi # # %changelog +* Wed Jul 29 2015 Josh Boyer <jwboyer@fedoraproject.org> - 4.2.0-0.rc4.git2.1 +- Linux v4.2-rc4-53-g956325bd55bb + * Wed Jul 29 2015 Josh Boyer <jwboyer@fedoraproject.org> - Drop acpi_brightness_enable revert patch @@ -1,4 +1,4 @@ fe9dc0f6729f36400ea81aa41d614c37 linux-4.1.tar.xz 84e34c2f58901edcc5c840fe9893c02e perf-man-4.1.tar.gz 8c9a9889e1994c220e9794ffc54301f2 patch-4.2-rc4.xz -e73e50e7875fca09808d655dd0acb7a7 patch-4.2-rc4-git1.xz +568a8c0cb98100d3ef6f45ea1123b310 patch-4.2-rc4-git2.xz |