summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJustin M. Forbes <jforbes@fedoraproject.org>2021-01-06 15:32:23 -0600
committerJustin M. Forbes <jforbes@fedoraproject.org>2021-01-06 15:32:23 -0600
commitbcf7511badf20cdf8af0fa354502a8560b4d4caf (patch)
treec186a1134333a2b64d6983c5c9c4c09250c03c3b
parentd48db28d1f40c4ac6f7fcf830c2e1b6b9305e43d (diff)
downloadkernel-bcf7511badf20cdf8af0fa354502a8560b4d4caf.zip
kernel-bcf7511badf20cdf8af0fa354502a8560b4d4caf.tar.gz
kernel-bcf7511badf20cdf8af0fa354502a8560b4d4caf.tar.xz
Linux v5.10.5
Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
-rw-r--r--0001-ALSA-hda-via-Fix-runtime-PM-for-Clevo-W35xSS.patch86
-rw-r--r--0001-mwifiex-Fix-possible-buffer-overflows-in-mwifiex_cmd.patch35
-rw-r--r--kernel.spec11
-rw-r--r--sources2
4 files changed, 132 insertions, 2 deletions
diff --git a/0001-ALSA-hda-via-Fix-runtime-PM-for-Clevo-W35xSS.patch b/0001-ALSA-hda-via-Fix-runtime-PM-for-Clevo-W35xSS.patch
new file mode 100644
index 0000000..fb9b5f5
--- /dev/null
+++ b/0001-ALSA-hda-via-Fix-runtime-PM-for-Clevo-W35xSS.patch
@@ -0,0 +1,86 @@
+From 4bfd6247fa9164c8e193a55ef9c0ea3ee22f82d8 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Mon, 4 Jan 2021 16:30:46 +0100
+Subject: [PATCH] ALSA: hda/via: Fix runtime PM for Clevo W35xSS
+
+Clevo W35xSS_370SS with VIA codec has had the runtime PM problem that
+looses the power state of some nodes after the runtime resume. This
+was worked around by disabling the default runtime PM via a denylist
+entry. Since 5.10.x made the runtime PM applied (casually) even
+though it's disabled in the denylist, this problem was revisited. The
+result was that disabling power_save_node feature suffices for the
+runtime PM problem.
+
+This patch implements the disablement of power_save_node feature in
+VIA codec for the device. It also drops the former denylist entry,
+too, as the runtime PM should work in the codec side properly now.
+
+Fixes: b529ef2464ad ("ALSA: hda: Add Clevo W35xSS_370SS to the power_save blacklist")
+Reported-by: Christian Labisch <clnetbox@gmail.com>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20210104153046.19993-1-tiwai@suse.de
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+---
+ sound/pci/hda/hda_intel.c | 2 --
+ sound/pci/hda/patch_via.c | 13 +++++++++++++
+ 2 files changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c
+index 6852668f1bcb..770ad25f1907 100644
+--- a/sound/pci/hda/hda_intel.c
++++ b/sound/pci/hda/hda_intel.c
+@@ -2220,8 +2220,6 @@ static const struct snd_pci_quirk power_save_denylist[] = {
+ SND_PCI_QUIRK(0x1849, 0x7662, "Asrock H81M-HDS", 0),
+ /* https://bugzilla.redhat.com/show_bug.cgi?id=1525104 */
+ SND_PCI_QUIRK(0x1043, 0x8733, "Asus Prime X370-Pro", 0),
+- /* https://bugzilla.redhat.com/show_bug.cgi?id=1581607 */
+- SND_PCI_QUIRK(0x1558, 0x3501, "Clevo W35xSS_370SS", 0),
+ /* https://bugzilla.redhat.com/show_bug.cgi?id=1525104 */
+ SND_PCI_QUIRK(0x1558, 0x6504, "Clevo W65_67SB", 0),
+ /* https://bugzilla.redhat.com/show_bug.cgi?id=1525104 */
+diff --git a/sound/pci/hda/patch_via.c b/sound/pci/hda/patch_via.c
+index 7ef8f3105cdb..0ab40a8a68fb 100644
+--- a/sound/pci/hda/patch_via.c
++++ b/sound/pci/hda/patch_via.c
+@@ -1002,6 +1002,7 @@ static const struct hda_verb vt1802_init_verbs[] = {
+ enum {
+ VIA_FIXUP_INTMIC_BOOST,
+ VIA_FIXUP_ASUS_G75,
++ VIA_FIXUP_POWER_SAVE,
+ };
+
+ static void via_fixup_intmic_boost(struct hda_codec *codec,
+@@ -1011,6 +1012,13 @@ static void via_fixup_intmic_boost(struct hda_codec *codec,
+ override_mic_boost(codec, 0x30, 0, 2, 40);
+ }
+
++static void via_fixup_power_save(struct hda_codec *codec,
++ const struct hda_fixup *fix, int action)
++{
++ if (action == HDA_FIXUP_ACT_PRE_PROBE)
++ codec->power_save_node = 0;
++}
++
+ static const struct hda_fixup via_fixups[] = {
+ [VIA_FIXUP_INTMIC_BOOST] = {
+ .type = HDA_FIXUP_FUNC,
+@@ -1025,11 +1033,16 @@ static const struct hda_fixup via_fixups[] = {
+ { }
+ }
+ },
++ [VIA_FIXUP_POWER_SAVE] = {
++ .type = HDA_FIXUP_FUNC,
++ .v.func = via_fixup_power_save,
++ },
+ };
+
+ static const struct snd_pci_quirk vt2002p_fixups[] = {
+ SND_PCI_QUIRK(0x1043, 0x1487, "Asus G75", VIA_FIXUP_ASUS_G75),
+ SND_PCI_QUIRK(0x1043, 0x8532, "Asus X202E", VIA_FIXUP_INTMIC_BOOST),
++ SND_PCI_QUIRK(0x1558, 0x3501, "Clevo W35xSS_370SS", VIA_FIXUP_POWER_SAVE),
+ {}
+ };
+
+--
+2.29.2
+
diff --git a/0001-mwifiex-Fix-possible-buffer-overflows-in-mwifiex_cmd.patch b/0001-mwifiex-Fix-possible-buffer-overflows-in-mwifiex_cmd.patch
new file mode 100644
index 0000000..48ef591
--- /dev/null
+++ b/0001-mwifiex-Fix-possible-buffer-overflows-in-mwifiex_cmd.patch
@@ -0,0 +1,35 @@
+From 5c455c5ab332773464d02ba17015acdca198f03d Mon Sep 17 00:00:00 2001
+From: Zhang Xiaohui <ruc_zhangxiaohui@163.com>
+Date: Sun, 6 Dec 2020 16:48:01 +0800
+Subject: [PATCH] mwifiex: Fix possible buffer overflows in
+ mwifiex_cmd_802_11_ad_hoc_start
+
+mwifiex_cmd_802_11_ad_hoc_start() calls memcpy() without checking
+the destination size may trigger a buffer overflower,
+which a local user could use to cause denial of service
+or the execution of arbitrary code.
+Fix it by putting the length check before calling memcpy().
+
+Signed-off-by: Zhang Xiaohui <ruc_zhangxiaohui@163.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Link: https://lore.kernel.org/r/20201206084801.26479-1-ruc_zhangxiaohui@163.com
+---
+ drivers/net/wireless/marvell/mwifiex/join.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/net/wireless/marvell/mwifiex/join.c b/drivers/net/wireless/marvell/mwifiex/join.c
+index 5934f7147547..173ccf79cbfc 100644
+--- a/drivers/net/wireless/marvell/mwifiex/join.c
++++ b/drivers/net/wireless/marvell/mwifiex/join.c
+@@ -877,6 +877,8 @@ mwifiex_cmd_802_11_ad_hoc_start(struct mwifiex_private *priv,
+
+ memset(adhoc_start->ssid, 0, IEEE80211_MAX_SSID_LEN);
+
++ if (req_ssid->ssid_len > IEEE80211_MAX_SSID_LEN)
++ req_ssid->ssid_len = IEEE80211_MAX_SSID_LEN;
+ memcpy(adhoc_start->ssid, req_ssid->ssid, req_ssid->ssid_len);
+
+ mwifiex_dbg(adapter, INFO, "info: ADHOC_S_CMD: SSID = %s\n",
+--
+2.29.2
+
diff --git a/kernel.spec b/kernel.spec
index 703c71c..7c7ca98 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -94,7 +94,7 @@ Summary: The Linux kernel
%if 0%{?released_kernel}
# Do we have a -stable update to apply?
-%define stable_update 4
+%define stable_update 5
# Set rpm version accordingly
%if 0%{?stable_update}
%define stablerev %{stable_update}
@@ -847,6 +847,11 @@ Patch102: 0001-update-phy-on-pine64-a64-devices.patch
# OMAP Pandaboard fix
Patch103: arm-pandaboard-fix-add-bluetooth.patch
+# Fix CVE-2020-36158 rhbz 1913348 1913349
+Patch104: 0001-mwifiex-Fix-possible-buffer-overflows-in-mwifiex_cmd.patch
+
+Patch105: 0001-ALSA-hda-via-Fix-runtime-PM-for-Clevo-W35xSS.patch
+
# END OF PATCH DEFINITIONS
%endif
@@ -2960,6 +2965,10 @@ fi
#
#
%changelog
+* Wed Jan 6 12:53:15 CST 2021 Justin M. Forbes <jforbes@fedoraproject.org> - 5.10.5-200
+- Linux v5.10.5
+- Fix CVE-2020-36158 (rhbz 1913348 1913349)
+
* Wed Dec 30 11:51:28 CST 2020 Justin M. Forbes <jforbes@fedoraproject.org> - 5.10.4-200
- Linux v5.10.4
diff --git a/sources b/sources
index 325926d..74ac8eb 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (linux-5.10.tar.xz) = c28d52bc0c1e2c99017ceeca0bf2e622427f3416e0692090b01f65e3b3a5bce0e3e52ce3cee15d71e84fcb965bd48bdfcccb818c0105035d712ebd07afde9452
-SHA512 (patch-5.10.4.xz) = 893733c9b9290f7a91bfb31ca9baa762a6460665b59efad6ee194b67807ae3990cf44464a32ea4a7e9620b58d7810ff15a30a7d92f0bf1b14cff3b5730fce49c
+SHA512 (patch-5.10.5.xz) = a6f240134f82b15a368a3348880764ee0289d8bf898a20e79298faad050a5426a87627233602f6cc7629f68070bf14e34bfe2ee72a9ff5c24e36ce18f3fc8e3a