summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Add-secure_modules-call.patch16
-rw-r--r--antenna_select.patch227
-rw-r--r--config-arm-generic3
-rw-r--r--config-armv71
-rw-r--r--config-generic11
-rw-r--r--gitrev2
-rw-r--r--kernel.spec12
-rw-r--r--netfilter-x_tables-deal-with-bogus-nextoffset-values.patch97
-rw-r--r--sources2
9 files changed, 60 insertions, 311 deletions
diff --git a/Add-secure_modules-call.patch b/Add-secure_modules-call.patch
index b6e039ff0..5c272a983 100644
--- a/Add-secure_modules-call.patch
+++ b/Add-secure_modules-call.patch
@@ -1,4 +1,4 @@
-From a1aaf20cffb1a949c5d6b1198690c7c30cfda4d5 Mon Sep 17 00:00:00 2001
+From 0f6eec5ca124baf1372fb4edeacd11a002378f5e Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Fri, 9 Aug 2013 17:58:15 -0400
Subject: [PATCH 01/20] Add secure_modules() call
@@ -17,19 +17,19 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
2 files changed, 16 insertions(+)
diff --git a/include/linux/module.h b/include/linux/module.h
-index 3a19c79918e0..db386349cd01 100644
+index 3daf2b3..082298a 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
-@@ -635,6 +635,8 @@ static inline bool module_requested_async_probing(struct module *module)
- return module && module->async_probe_requested;
+@@ -655,6 +655,8 @@ static inline bool is_livepatch_module(struct module *mod)
}
+ #endif /* CONFIG_LIVEPATCH */
+extern bool secure_modules(void);
+
#else /* !CONFIG_MODULES... */
/* Given an address, look for it in the exception tables. */
-@@ -751,6 +753,10 @@ static inline bool module_requested_async_probing(struct module *module)
+@@ -771,6 +773,10 @@ static inline bool module_requested_async_probing(struct module *module)
return false;
}
@@ -41,10 +41,10 @@ index 3a19c79918e0..db386349cd01 100644
#ifdef CONFIG_SYSFS
diff --git a/kernel/module.c b/kernel/module.c
-index b86b7bf1be38..7f045246e123 100644
+index 5f71aa6..3c38496 100644
--- a/kernel/module.c
+++ b/kernel/module.c
-@@ -4087,3 +4087,13 @@ void module_layout(struct module *mod,
+@@ -4199,3 +4199,13 @@ void module_layout(struct module *mod,
}
EXPORT_SYMBOL(module_layout);
#endif
@@ -59,5 +59,5 @@ index b86b7bf1be38..7f045246e123 100644
+}
+EXPORT_SYMBOL(secure_modules);
--
-2.4.3
+2.5.5
diff --git a/antenna_select.patch b/antenna_select.patch
deleted file mode 100644
index 15763e9bc..000000000
--- a/antenna_select.patch
+++ /dev/null
@@ -1,227 +0,0 @@
-From c18d8f5095715c56bb3cd9cba64242542632054b Mon Sep 17 00:00:00 2001
-From: Larry Finger <Larry.Finger@lwfinger.net>
-Date: Wed, 16 Mar 2016 13:33:34 -0500
-Subject: rtlwifi: rtl8723be: Add antenna select module parameter
-
-A number of new laptops have been delivered with only a single antenna.
-In principle, this is OK; however, a problem arises when the on-board
-EEPROM is programmed to use the other antenna connection. The option
-of opening the computer and moving the connector is not always possible
-as it will void the warranty in some cases. In addition, this solution
-breaks the Windows driver when the box dual boots Linux and Windows.
-
-A fix involving a new module parameter has been developed. This commit
-adds the new parameter and implements the changes needed for the driver.
-
-Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
-Cc: Stable <stable@vger.kernel.org> [V4.0+]
-Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
----
- drivers/net/wireless/realtek/rtlwifi/rtl8723be/hw.c | 5 +++++
- drivers/net/wireless/realtek/rtlwifi/rtl8723be/sw.c | 3 +++
- drivers/net/wireless/realtek/rtlwifi/wifi.h | 3 +++
- 3 files changed, 11 insertions(+)
-
-diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8723be/hw.c b/drivers/net/wireless/realtek/rtlwifi/rtl8723be/hw.c
-index c983d2f..5a3df91 100644
---- a/drivers/net/wireless/realtek/rtlwifi/rtl8723be/hw.c
-+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8723be/hw.c
-@@ -2684,6 +2684,7 @@ void rtl8723be_read_bt_coexist_info_from_hwpg(struct ieee80211_hw *hw,
- bool auto_load_fail, u8 *hwinfo)
- {
- struct rtl_priv *rtlpriv = rtl_priv(hw);
-+ struct rtl_mod_params *mod_params = rtlpriv->cfg->mod_params;
- u8 value;
- u32 tmpu_32;
-
-@@ -2702,6 +2703,10 @@ void rtl8723be_read_bt_coexist_info_from_hwpg(struct ieee80211_hw *hw,
- rtlpriv->btcoexist.btc_info.ant_num = ANT_X2;
- }
-
-+ /* override ant_num / ant_path */
-+ if (mod_params->ant_sel)
-+ rtlpriv->btcoexist.btc_info.ant_num =
-+ (mod_params->ant_sel == 1 ? ANT_X2 : ANT_X1);
- }
-
- void rtl8723be_bt_reg_init(struct ieee80211_hw *hw)
-diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8723be/sw.c b/drivers/net/wireless/realtek/rtlwifi/rtl8723be/sw.c
-index a78eaed..2101793 100644
---- a/drivers/net/wireless/realtek/rtlwifi/rtl8723be/sw.c
-+++ b/drivers/net/wireless/realtek/rtlwifi/rtl8723be/sw.c
-@@ -273,6 +273,7 @@ static struct rtl_mod_params rtl8723be_mod_params = {
- .msi_support = false,
- .disable_watchdog = false,
- .debug = DBG_EMERG,
-+ .ant_sel = 0,
- };
-
- static struct rtl_hal_cfg rtl8723be_hal_cfg = {
-@@ -394,6 +395,7 @@ module_param_named(fwlps, rtl8723be_mod_params.fwctrl_lps, bool, 0444);
- module_param_named(msi, rtl8723be_mod_params.msi_support, bool, 0444);
- module_param_named(disable_watchdog, rtl8723be_mod_params.disable_watchdog,
- bool, 0444);
-+module_param_named(ant_sel, rtl8723be_mod_params.ant_sel, int, 0444);
- MODULE_PARM_DESC(swenc, "Set to 1 for software crypto (default 0)\n");
- MODULE_PARM_DESC(ips, "Set to 0 to not use link power save (default 1)\n");
- MODULE_PARM_DESC(swlps, "Set to 1 to use SW control power save (default 0)\n");
-@@ -402,6 +404,7 @@ MODULE_PARM_DESC(msi, "Set to 1 to use MSI interrupts mode (default 0)\n");
- MODULE_PARM_DESC(debug, "Set debug level (0-5) (default 0)");
- MODULE_PARM_DESC(disable_watchdog,
- "Set to 1 to disable the watchdog (default 0)\n");
-+MODULE_PARM_DESC(ant_sel, "Set to 1 or 2 to force antenna number (default 0)\n");
-
- static SIMPLE_DEV_PM_OPS(rtlwifi_pm_ops, rtl_pci_suspend, rtl_pci_resume);
-
-diff --git a/drivers/net/wireless/realtek/rtlwifi/wifi.h b/drivers/net/wireless/realtek/rtlwifi/wifi.h
-index 554d814..93bd7fc 100644
---- a/drivers/net/wireless/realtek/rtlwifi/wifi.h
-+++ b/drivers/net/wireless/realtek/rtlwifi/wifi.h
-@@ -2246,6 +2246,9 @@ struct rtl_mod_params {
-
- /* default 0: 1 means do not disable interrupts */
- bool int_clear;
-+
-+ /* select antenna */
-+ int ant_sel;
- };
-
- struct rtl_hal_usbint_cfg {
---
-cgit v0.12
-
-From baa1702290953295e421f0f433e2b1ff4815827c Mon Sep 17 00:00:00 2001
-From: Larry Finger <Larry.Finger@lwfinger.net>
-Date: Wed, 16 Mar 2016 13:33:35 -0500
-Subject: rtlwifi: btcoexist: Implement antenna selection
-
-The previous patch added an option to rtl8723be to manually select the
-antenna for those cases when only a single antenna is present, and the
-on-board EEPROM is incorrectly programmed. This patch implements the
-necessary changes in the Bluetooth coexistence driver.
-
-Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
-Cc: Stable <stable@vger.kernel.org> [V4.0+]
-Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
----
- .../realtek/rtlwifi/btcoexist/halbtc8723b2ant.c | 9 ++++++--
- .../realtek/rtlwifi/btcoexist/halbtcoutsrc.c | 27 +++++++++++++++++++++-
- .../realtek/rtlwifi/btcoexist/halbtcoutsrc.h | 2 +-
- .../wireless/realtek/rtlwifi/btcoexist/rtl_btc.c | 5 +++-
- 4 files changed, 38 insertions(+), 5 deletions(-)
-
-diff --git a/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8723b2ant.c b/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8723b2ant.c
-index c43ab59..77cbd10 100644
---- a/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8723b2ant.c
-+++ b/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtc8723b2ant.c
-@@ -1203,7 +1203,6 @@ static void btc8723b2ant_set_ant_path(struct btc_coexist *btcoexist,
-
- /* Force GNT_BT to low */
- btcoexist->btc_write_1byte_bitmask(btcoexist, 0x765, 0x18, 0x0);
-- btcoexist->btc_write_2byte(btcoexist, 0x948, 0x0);
-
- if (board_info->btdm_ant_pos == BTC_ANTENNA_AT_MAIN_PORT) {
- /* tell firmware "no antenna inverse" */
-@@ -1211,19 +1210,25 @@ static void btc8723b2ant_set_ant_path(struct btc_coexist *btcoexist,
- h2c_parameter[1] = 1; /* ext switch type */
- btcoexist->btc_fill_h2c(btcoexist, 0x65, 2,
- h2c_parameter);
-+ btcoexist->btc_write_2byte(btcoexist, 0x948, 0x0);
- } else {
- /* tell firmware "antenna inverse" */
- h2c_parameter[0] = 1;
- h2c_parameter[1] = 1; /* ext switch type */
- btcoexist->btc_fill_h2c(btcoexist, 0x65, 2,
- h2c_parameter);
-+ btcoexist->btc_write_2byte(btcoexist, 0x948, 0x280);
- }
- }
-
- /* ext switch setting */
- if (use_ext_switch) {
- /* fixed internal switch S1->WiFi, S0->BT */
-- btcoexist->btc_write_2byte(btcoexist, 0x948, 0x0);
-+ if (board_info->btdm_ant_pos == BTC_ANTENNA_AT_MAIN_PORT)
-+ btcoexist->btc_write_2byte(btcoexist, 0x948, 0x0);
-+ else
-+ btcoexist->btc_write_2byte(btcoexist, 0x948, 0x280);
-+
- switch (antpos_type) {
- case BTC_ANT_WIFI_AT_MAIN:
- /* ext switch main at wifi */
-diff --git a/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.c b/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.c
-index b2791c8..babd149 100644
---- a/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.c
-+++ b/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.c
-@@ -965,13 +965,38 @@ void exhalbtc_set_chip_type(u8 chip_type)
- }
- }
-
--void exhalbtc_set_ant_num(u8 type, u8 ant_num)
-+void exhalbtc_set_ant_num(struct rtl_priv *rtlpriv, u8 type, u8 ant_num)
- {
- if (BT_COEX_ANT_TYPE_PG == type) {
- gl_bt_coexist.board_info.pg_ant_num = ant_num;
- gl_bt_coexist.board_info.btdm_ant_num = ant_num;
-+ /* The antenna position:
-+ * Main (default) or Aux for pgAntNum=2 && btdmAntNum =1.
-+ * The antenna position should be determined by
-+ * auto-detect mechanism.
-+ * The following is assumed to main,
-+ * and those must be modified
-+ * if y auto-detect mechanism is ready
-+ */
-+ if ((gl_bt_coexist.board_info.pg_ant_num == 2) &&
-+ (gl_bt_coexist.board_info.btdm_ant_num == 1))
-+ gl_bt_coexist.board_info.btdm_ant_pos =
-+ BTC_ANTENNA_AT_MAIN_PORT;
-+ else
-+ gl_bt_coexist.board_info.btdm_ant_pos =
-+ BTC_ANTENNA_AT_MAIN_PORT;
- } else if (BT_COEX_ANT_TYPE_ANTDIV == type) {
- gl_bt_coexist.board_info.btdm_ant_num = ant_num;
-+ gl_bt_coexist.board_info.btdm_ant_pos =
-+ BTC_ANTENNA_AT_MAIN_PORT;
-+ } else if (type == BT_COEX_ANT_TYPE_DETECTED) {
-+ gl_bt_coexist.board_info.btdm_ant_num = ant_num;
-+ if (rtlpriv->cfg->mod_params->ant_sel == 1)
-+ gl_bt_coexist.board_info.btdm_ant_pos =
-+ BTC_ANTENNA_AT_AUX_PORT;
-+ else
-+ gl_bt_coexist.board_info.btdm_ant_pos =
-+ BTC_ANTENNA_AT_MAIN_PORT;
- }
- }
-
-diff --git a/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.h b/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.h
-index 0a903ea..f41ca57 100644
---- a/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.h
-+++ b/drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.h
-@@ -535,7 +535,7 @@ void exhalbtc_set_bt_patch_version(u16 bt_hci_version, u16 bt_patch_version);
- void exhalbtc_update_min_bt_rssi(char bt_rssi);
- void exhalbtc_set_bt_exist(bool bt_exist);
- void exhalbtc_set_chip_type(u8 chip_type);
--void exhalbtc_set_ant_num(u8 type, u8 ant_num);
-+void exhalbtc_set_ant_num(struct rtl_priv *rtlpriv, u8 type, u8 ant_num);
- void exhalbtc_display_bt_coex_info(struct btc_coexist *btcoexist);
- void exhalbtc_signal_compensation(struct btc_coexist *btcoexist,
- u8 *rssi_wifi, u8 *rssi_bt);
-diff --git a/drivers/net/wireless/realtek/rtlwifi/btcoexist/rtl_btc.c b/drivers/net/wireless/realtek/rtlwifi/btcoexist/rtl_btc.c
-index b9b0cb7..d3fd921 100644
---- a/drivers/net/wireless/realtek/rtlwifi/btcoexist/rtl_btc.c
-+++ b/drivers/net/wireless/realtek/rtlwifi/btcoexist/rtl_btc.c
-@@ -72,7 +72,10 @@ void rtl_btc_init_hal_vars(struct rtl_priv *rtlpriv)
- __func__, bt_type);
- exhalbtc_set_chip_type(bt_type);
-
-- exhalbtc_set_ant_num(BT_COEX_ANT_TYPE_PG, ant_num);
-+ if (rtlpriv->cfg->mod_params->ant_sel == 1)
-+ exhalbtc_set_ant_num(rtlpriv, BT_COEX_ANT_TYPE_DETECTED, 1);
-+ else
-+ exhalbtc_set_ant_num(rtlpriv, BT_COEX_ANT_TYPE_PG, ant_num);
- }
-
- void rtl_btc_init_hw_config(struct rtl_priv *rtlpriv)
---
-cgit v0.12
-
diff --git a/config-arm-generic b/config-arm-generic
index 989dbf7fc..4bb634ff6 100644
--- a/config-arm-generic
+++ b/config-arm-generic
@@ -540,3 +540,6 @@ CONFIG_CHECKPOINT_RESTORE=y
# CONFIG_PINCTRL_CHERRYVIEW is not set
# CONFIG_PINCTRL_BROXTON is not set
# CONFIG_PINCTRL_SUNRISEPOINT is not set
+
+# CONFIG_HW_RANDOM_HISI is not set
+# CONFIG_QRTR is not set
diff --git a/config-armv7 b/config-armv7
index bcf054c3e..755cefa99 100644
--- a/config-armv7
+++ b/config-armv7
@@ -415,6 +415,7 @@ CONFIG_CRYPTO_DEV_FSL_CAAM_AHASH_API=m
CONFIG_CRYPTO_DEV_FSL_CAAM_RNG_API=m
# CONFIG_CRYPTO_DEV_FSL_CAAM_DEBUG is not set
# CONFIG_CRYPTO_DEV_MXS_DCP is not set
+# CONFIG_CRYPTO_DEV_MXC_SCC is not set
CONFIG_RTC_DRV_SNVS=m
CONFIG_FB_MXS=m
# CONFIG_FB_MX3 is not set
diff --git a/config-generic b/config-generic
index 272fa4a75..70731ecda 100644
--- a/config-generic
+++ b/config-generic
@@ -813,6 +813,7 @@ CONFIG_NET_IPVTI=m
CONFIG_NET_FOU=m
CONFIG_NET_FOU_IP_TUNNELS=y
CONFIG_GENEVE=m
+CONFIG_GTP=m
CONFIG_MACSEC=m
CONFIG_INET_AH=m
CONFIG_INET_ESP=m
@@ -1565,6 +1566,10 @@ CONFIG_QLGE=m
CONFIG_NETXEN_NIC=m
CONFIG_QED=m
CONFIG_QEDE=m
+CONFIG_QED_SRIOV=y
+# CONFIG_QEDE_VXLAN is not set
+# CONFIG_QEDE_GENEVE is not set
+
# CONFIG_NET_VENDOR_QUALCOMM is not set
@@ -1634,6 +1639,7 @@ CONFIG_VIA_VELOCITY=m
CONFIG_NET_VENDOR_WIZNET=y
CONFIG_WIZNET_W5100=m
CONFIG_WIZNET_W5300=m
+CONFIG_WIZNET_W5100_SPI=m
CONFIG_NET_VENDOR_XIRCOM=y
CONFIG_PCMCIA_XIRC2PS=m
@@ -1714,6 +1720,7 @@ CONFIG_MLXSW_CORE_HWMON=y
CONFIG_MLXSW_PCI=m
CONFIG_MLXSW_SWITCHX2=m
CONFIG_MLXSW_SPECTRUM=m
+CONFIG_MLXSW_SPECTRUM_DCB=y
# CONFIG_MLX4_DEBUG is not set
# CONFIG_SFC is not set
@@ -2107,6 +2114,8 @@ CONFIG_NFC_PORT100=m
CONFIG_NFC_PN544=m
CONFIG_NFC_PN544_I2C=m
CONFIG_NFC_PN533=m
+CONFIG_NFC_PN533_USB=m
+CONFIG_NFC_PN533_I2C=m
CONFIG_NFC_MICROREAD=m
CONFIG_NFC_MICROREAD_I2C=m
CONFIG_NFC_TRF7970A=m
@@ -4101,6 +4110,7 @@ CONFIG_HID_LENOVO=m
CONFIG_HID_CORSAIR=m
CONFIG_HID_GFRM=m
CONFIG_HID_CMEDIA=m
+CONFIG_HID_ASUS=m
#
# USB Imaging devices
@@ -5570,6 +5580,7 @@ CONFIG_NET_DSA_MV88E6131=m
CONFIG_NET_DSA_MV88E6123=m
CONFIG_NET_DSA_MV88E6171=m
CONFIG_NET_DSA_MV88E6352=m
+CONFIG_NET_DSA_MV88E6XXX=m
CONFIG_NET_DSA_BCM_SF2=m
# Used by Maemo, we don't care.
diff --git a/gitrev b/gitrev
index 643bfe242..8c6b6aeb3 100644
--- a/gitrev
+++ b/gitrev
@@ -1 +1 @@
-16490980e396fac079248b23b1dd81e7d48bebf3
+0b7962a6c4a37ef3cbb25d976af7b9ec4ce8ad01
diff --git a/kernel.spec b/kernel.spec
index 8941c6ae1..2e9416cae 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -42,7 +42,7 @@ Summary: The Linux kernel
# For non-released -rc kernels, this will be appended after the rcX and
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
#
-%global baserelease 2
+%global baserelease 1
%global fedora_build %{baserelease}
# base_sublevel is the kernel version we're starting with and patching
@@ -69,7 +69,7 @@ Summary: The Linux kernel
# The rc snapshot level
%define rcrev 0
# The git snapshot level
-%define gitrev 2
+%define gitrev 3
# Set rpm version accordingly
%define rpmversion 4.%{upstream_sublevel}.0
%endif
@@ -606,9 +606,6 @@ Patch641: disable-CONFIG_EXPERT-for-ZONE_DMA.patch
#CVE-2016-3134 rhbz 1317383 1317384
Patch665: netfilter-x_tables-deal-with-bogus-nextoffset-values.patch
-#rhbz 1309487
-Patch701: antenna_select.patch
-
#CVE-2016-4482 rhbz 1332931 1332932
Patch706: USB-usbfs-fix-potential-infoleak-in-devio.patch
@@ -2145,6 +2142,11 @@ fi
#
#
%changelog
+* Wed May 18 2016 Laura Abbott <labbott@redhat.com> - 4.7.0-0.rc0.git3.1
+- Linux v4.6-3623-g0b7962a
+- ata, regulator, gpio, HID, livepatching, networking, dm, block, vfs, fs,
+ timers, crypto merges
+
* Tue May 17 2016 Laura Abbott <labbott@redhat.com> - 4.7.0-0.rc0.git2.2
- Adjust solib for cpupower
diff --git a/netfilter-x_tables-deal-with-bogus-nextoffset-values.patch b/netfilter-x_tables-deal-with-bogus-nextoffset-values.patch
index ebfe1716f..e6f5fa6f5 100644
--- a/netfilter-x_tables-deal-with-bogus-nextoffset-values.patch
+++ b/netfilter-x_tables-deal-with-bogus-nextoffset-values.patch
@@ -1,6 +1,7 @@
-Subject: [PATCH nf] netfilter: x_tables: deal with bogus nextoffset values
-From: Florian Westphal <fw () strlen ! de>
-Date: 2016-03-10 0:56:02
+From 2b32a7d82223d76ace432305b18c5816cadff878 Mon Sep 17 00:00:00 2001
+From: Florian Westphal <fw () strlen ! de>
+Date: Thu, 10 Mar 2016 00:56:02 -0800
+Subject: [PATCH] netfilter: x_tables: deal with bogus nextoffset values
Ben Hawkes says:
@@ -22,16 +23,16 @@ when we move to a next entry as well.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
- net/ipv4/netfilter/arp_tables.c | 16 ++++++++--------
- net/ipv4/netfilter/ip_tables.c | 15 ++++++++-------
- net/ipv6/netfilter/ip6_tables.c | 13 ++++++-------
- 3 files changed, 22 insertions(+), 22 deletions(-)
+ net/ipv4/netfilter/arp_tables.c | 8 ++++++++
+ net/ipv4/netfilter/ip_tables.c | 8 ++++++++
+ net/ipv6/netfilter/ip6_tables.c | 6 ++++++
+ 3 files changed, 22 insertions(+)
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
-index b488cac..5a0b591 100644
+index 2033f92..a9b6c76 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
-@@ -437,6 +437,10 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
+@@ -376,6 +376,10 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
/* Move along one */
size = e->next_offset;
@@ -41,25 +42,10 @@ index b488cac..5a0b591 100644
+
e = (struct arpt_entry *)
(entry0 + pos + size);
- e->counters.pcnt = pos;
-@@ -447,14 +451,6 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
- if (strcmp(t->target.u.user.name,
- XT_STANDARD_TARGET) == 0 &&
- newpos >= 0) {
-- if (newpos > newinfo->size -
-- sizeof(struct arpt_entry)) {
-- duprintf("mark_source_chains: "
-- "bad verdict (%i)\n",
-- newpos);
-- return 0;
-- }
--
- /* This a jump; chase it. */
- duprintf("Jump rule %u -> %u\n",
- pos, newpos);
-@@ -462,6 +458,10 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
- /* ... this is a fallthru */
- newpos = pos + e->next_offset;
+ if (pos + size >= newinfo->size)
+@@ -399,6 +403,10 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
+ if (newpos >= newinfo->size)
+ return 0;
}
+
+ if (newpos > newinfo->size - sizeof(*e))
@@ -69,10 +55,10 @@ index b488cac..5a0b591 100644
(entry0 + newpos);
e->counters.pcnt = pos;
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
-index b99affa..ceb995f 100644
+index 54906e0..7530ecd 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
-@@ -519,6 +519,10 @@ mark_source_chains(const struct xt_table_info *newinfo,
+@@ -447,6 +447,10 @@ mark_source_chains(const struct xt_table_info *newinfo,
/* Move along one */
size = e->next_offset;
@@ -82,24 +68,10 @@ index b99affa..ceb995f 100644
+
e = (struct ipt_entry *)
(entry0 + pos + size);
- e->counters.pcnt = pos;
-@@ -529,13 +533,6 @@ mark_source_chains(const struct xt_table_info *newinfo,
- if (strcmp(t->target.u.user.name,
- XT_STANDARD_TARGET) == 0 &&
- newpos >= 0) {
-- if (newpos > newinfo->size -
-- sizeof(struct ipt_entry)) {
-- duprintf("mark_source_chains: "
-- "bad verdict (%i)\n",
-- newpos);
-- return 0;
-- }
- /* This a jump; chase it. */
- duprintf("Jump rule %u -> %u\n",
- pos, newpos);
-@@ -543,6 +540,10 @@ mark_source_chains(const struct xt_table_info *newinfo,
- /* ... this is a fallthru */
- newpos = pos + e->next_offset;
+ if (pos + size >= newinfo->size)
+@@ -470,6 +474,10 @@ mark_source_chains(const struct xt_table_info *newinfo,
+ if (newpos >= newinfo->size)
+ return 0;
}
+
+ if (newpos > newinfo->size - sizeof(*e))
@@ -109,10 +81,10 @@ index b99affa..ceb995f 100644
(entry0 + newpos);
e->counters.pcnt = pos;
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
-index 99425cf..d88a794 100644
+index 63e06c3..894da69 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
-@@ -531,6 +531,8 @@ mark_source_chains(const struct xt_table_info *newinfo,
+@@ -474,6 +474,8 @@ mark_source_chains(const struct xt_table_info *newinfo,
/* Move along one */
size = e->next_offset;
@@ -120,24 +92,10 @@ index 99425cf..d88a794 100644
+ return 0;
e = (struct ip6t_entry *)
(entry0 + pos + size);
- e->counters.pcnt = pos;
-@@ -541,13 +543,6 @@ mark_source_chains(const struct xt_table_info *newinfo,
- if (strcmp(t->target.u.user.name,
- XT_STANDARD_TARGET) == 0 &&
- newpos >= 0) {
-- if (newpos > newinfo->size -
-- sizeof(struct ip6t_entry)) {
-- duprintf("mark_source_chains: "
-- "bad verdict (%i)\n",
-- newpos);
-- return 0;
-- }
- /* This a jump; chase it. */
- duprintf("Jump rule %u -> %u\n",
- pos, newpos);
-@@ -555,6 +550,10 @@ mark_source_chains(const struct xt_table_info *newinfo,
- /* ... this is a fallthru */
- newpos = pos + e->next_offset;
+ if (pos + size >= newinfo->size)
+@@ -497,6 +499,10 @@ mark_source_chains(const struct xt_table_info *newinfo,
+ if (newpos >= newinfo->size)
+ return 0;
}
+
+ if (newpos > newinfo->size - sizeof(*e))
@@ -147,4 +105,5 @@ index 99425cf..d88a794 100644
(entry0 + newpos);
e->counters.pcnt = pos;
--
-2.4.10
+2.5.5
+
diff --git a/sources b/sources
index 44f0cb49c..aba95baad 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
d2927020e24a76da4ab482a8bc3e9ef3 linux-4.6.tar.xz
fd23b14b9d474c3dfacb6e8ee82d3a51 perf-man-4.6.tar.gz
-b4e91b6e98c1688667b509dc14edbbcd patch-4.6-git2.xz
+a3fb92fb10d4f6c55784379085f5fbad patch-4.6-git3.xz