From 19c00cb3137d4687cb9283c3128cbfc494c01525 Mon Sep 17 00:00:00 2001 From: Laura Abbott Date: Wed, 16 Jan 2019 07:21:41 -0800 Subject: Linux v5.0-rc2-141-g47bfa6d9dc8c --- CVE-2019-3701.patch | 42 ------------------------------------------ gitrev | 2 +- kernel.spec | 8 ++++---- sources | 2 +- 4 files changed, 6 insertions(+), 48 deletions(-) delete mode 100644 CVE-2019-3701.patch diff --git a/CVE-2019-3701.patch b/CVE-2019-3701.patch deleted file mode 100644 index 06ee36a63..000000000 --- a/CVE-2019-3701.patch +++ /dev/null @@ -1,42 +0,0 @@ -From linux-netdev Thu Jan 03 12:26:34 2019 -From: Oliver Hartkopp -Date: Thu, 03 Jan 2019 12:26:34 +0000 -To: linux-netdev -Subject: [PATCH] can: gw: ensure DLC boundaries after CAN frame modification -Message-Id: <20190103122634.2530-1-socketcan () hartkopp ! net> -X-MARC-Message: https://marc.info/?l=linux-netdev&m=154651842302479 - -The CAN frame modification rules allow bitwise logical operations which can -be also applied to the can_dlc field. Ensure the manipulation result to -maintain the can_dlc boundaries so that the CAN drivers do not accidently -write arbitrary content beyond the data registers in the CAN controllers -I/O mem when processing can-gw manipulated outgoing frames. When passing these -frames to user space this issue did not have any effect to the kernel or any -leaked data as we always strictly copy sizeof(struct can_frame) bytes. - -Reported-by: Muyu Yu -Reported-by: Marcus Meissner -Tested-by: Muyu Yu -Signed-off-by: Oliver Hartkopp -Cc: linux-stable # >= v3.2 ---- - net/can/gw.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/net/can/gw.c b/net/can/gw.c -index faa3da88a127..9000d9b8a133 100644 ---- a/net/can/gw.c -+++ b/net/can/gw.c -@@ -418,6 +418,10 @@ static void can_can_gw_rcv(struct sk_buff *skb, void *data) - - /* check for checksum updates when the CAN frame has been modified */ - if (modidx) { -+ /* ensure DLC boundaries after the different mods */ -+ if (cf->can_dlc > 8) -+ cf->can_dlc = 8; -+ - if (gwj->mod.csumfunc.crc8) - (*gwj->mod.csumfunc.crc8)(cf, &gwj->mod.csum.crc8); - --- -2.19.2 diff --git a/gitrev b/gitrev index 6b5bcabc6..902936458 100644 --- a/gitrev +++ b/gitrev @@ -1 +1 @@ -fe76fc6aaf538df27708ffa3e5d549a6c8e16142 +47bfa6d9dc8c060bf56554a465c9031e286d2f80 diff --git a/kernel.spec b/kernel.spec index 23b8c1347..726229a86 100644 --- a/kernel.spec +++ b/kernel.spec @@ -71,7 +71,7 @@ Summary: The Linux kernel # The rc snapshot level %global rcrev 2 # The git snapshot level -%define gitrev 1 +%define gitrev 2 # Set rpm version accordingly %define rpmversion 5.%{upstream_sublevel}.0 %endif @@ -596,9 +596,6 @@ Patch350: Allwinner-A64-timer-workaround.patch # rhbz 1431375 Patch501: input-rmi4-remove-the-need-for-artifical-IRQ.patch -# CVE-2019-3701 rhbz 1663729 1663730 -Patch503: CVE-2019-3701.patch - # https://patchwork.kernel.org/patch/10752253/ Patch504: efi-use-32-bit-alignment-for-efi_guid_t.patch @@ -1873,6 +1870,9 @@ fi # # %changelog +* Wed Jan 16 2019 Laura Abbott - 5.0.0-0.rc2.git2.1 +- Linux v5.0-rc2-141-g47bfa6d9dc8c + * Tue Jan 15 2019 Laura Abbott - 5.0.0-0.rc2.git1.1 - Linux v5.0-rc2-36-gfe76fc6aaf53 diff --git a/sources b/sources index 52e013d3b..8177c057f 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (linux-5.0-rc2.tar.gz) = 93d1d32cadc1d55354cc7706b718f3a6c46abdf635fda8e4a0c34d9fce79a3a2d8ec5d12850f9813cdea7c7236846b95e1db48498ed8c5b425abd36e4801ed81 -SHA512 (patch-5.0-rc2-git1.xz) = 4dd171b2a3598d0b20204a76ea06af3dfcd9ff8e62ab4ba14cc68d1dc8f96eaba598ce59a61946fb3c5c50c17b7bd1e50f3920bc613ea5b6cc1034aad4d21592 +SHA512 (patch-5.0-rc2-git2.xz) = 765207f481ed1d51cbccd6c7370b44e828b6ee5f33aa976e02b15aafe5fd810c5764f311d124b408fe8e6efc54c19ebc1753ae5fb4877d3d8b4d49b6290559fb -- cgit