From 378c99f10295e9b8007b0ae3d677e4ae3f62e745 Mon Sep 17 00:00:00 2001 From: Jeremy Cline Date: Sat, 29 Dec 2018 17:30:01 -0500 Subject: Linux v4.19.13 --- kernel.spec | 7 +++++-- sources | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/kernel.spec b/kernel.spec index 74486db69..163067094 100644 --- a/kernel.spec +++ b/kernel.spec @@ -42,7 +42,7 @@ Summary: The Linux kernel # For non-released -rc kernels, this will be appended after the rcX and # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3" # -%global baserelease 301 +%global baserelease 300 %global fedora_build %{baserelease} # base_sublevel is the kernel version we're starting with and patching @@ -54,7 +54,7 @@ Summary: The Linux kernel %if 0%{?released_kernel} # Do we have a -stable update to apply? -%define stable_update 12 +%define stable_update 13 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev %{stable_update} @@ -1896,6 +1896,9 @@ fi # # %changelog +* Sat Dec 29 2018 Jeremy Cline - 4.19.13-300 +- Linux v4.19.13 + * Thu Dec 27 2018 Hans de Goede - Set CONFIG_REALTEK_PHY=y to workaround realtek ethernet issues (rhbz 1650984) diff --git a/sources b/sources index ea801864e..940e34c5b 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (linux-4.19.tar.xz) = ab67cc746b375a8b135e8b23e35e1d6787930d19b3c26b2679787d62951cbdbc3bb66f8ededeb9b890e5008b2459397f9018f1a6772fdef67780b06a4cb9f6f4 -SHA512 (patch-4.19.12.xz) = e878f30a56d436820a08db08e68676f3ad65f7f6946af2fc8bc2379c1f64ace758f6c5292285a10003b8bdd199e422c95263690a64e19a32b3b10cf876cbcd93 +SHA512 (patch-4.19.13.xz) = 0f6dc202718eb018d2c1515094b2e26d19328c928f917f4b74c08940e2a5e4d183885a5bb762b62dae65a124c19fb0f03d888683a1ae971a4d3df86be1c22954 -- cgit From 23f974ff7cbfcc782081a532a95a1a33ff2d0dc5 Mon Sep 17 00:00:00 2001 From: Hans de Goede Date: Mon, 7 Jan 2019 17:19:49 +0100 Subject: Add patch to fix bluetooth on RPI 3B+ registering twice (rhbz#1661961) --- ...tsdio-Do-not-bind-to-non-removable-BCM434.patch | 45 ++++++++++++++++++++++ kernel.spec | 6 +++ 2 files changed, 51 insertions(+) create mode 100644 0001-Bluetooth-btsdio-Do-not-bind-to-non-removable-BCM434.patch diff --git a/0001-Bluetooth-btsdio-Do-not-bind-to-non-removable-BCM434.patch b/0001-Bluetooth-btsdio-Do-not-bind-to-non-removable-BCM434.patch new file mode 100644 index 000000000..b91e6f158 --- /dev/null +++ b/0001-Bluetooth-btsdio-Do-not-bind-to-non-removable-BCM434.patch @@ -0,0 +1,45 @@ +From 70ecdd3d8b36cd2bb960bc4e7ae047fbb94c031b Mon Sep 17 00:00:00 2001 +From: "Cho, Yu-Chen" +Date: Tue, 2 Oct 2018 17:57:04 +0800 +Subject: [PATCH] Bluetooth: btsdio: Do not bind to non-removable BCM43430 + +BCM43430 devices soldered onto the PCB (non-removable) +use an UART connection for bluetooth. +But also advertise btsdio support on their 3th sdio function. + +Signed-off-by: Cho, Yu-Chen +Signed-off-by: Marcel Holtmann +--- + drivers/bluetooth/btsdio.c | 14 +++++++++----- + 1 file changed, 9 insertions(+), 5 deletions(-) + +diff --git a/drivers/bluetooth/btsdio.c b/drivers/bluetooth/btsdio.c +index 20142bc77554..282d1af1d3ba 100644 +--- a/drivers/bluetooth/btsdio.c ++++ b/drivers/bluetooth/btsdio.c +@@ -293,13 +293,17 @@ static int btsdio_probe(struct sdio_func *func, + tuple = tuple->next; + } + +- /* BCM43341 devices soldered onto the PCB (non-removable) use an +- * uart connection for bluetooth, ignore the BT SDIO interface. ++ /* Broadcom devices soldered onto the PCB (non-removable) use an ++ * UART connection for Bluetooth, ignore the BT SDIO interface. + */ + if (func->vendor == SDIO_VENDOR_ID_BROADCOM && +- func->device == SDIO_DEVICE_ID_BROADCOM_43341 && +- !mmc_card_is_removable(func->card->host)) +- return -ENODEV; ++ !mmc_card_is_removable(func->card->host)) { ++ switch (func->device) { ++ case SDIO_DEVICE_ID_BROADCOM_43341: ++ case SDIO_DEVICE_ID_BROADCOM_43430: ++ return -ENODEV; ++ } ++ } + + data = devm_kzalloc(&func->dev, sizeof(*data), GFP_KERNEL); + if (!data) +-- +2.20.1 + diff --git a/kernel.spec b/kernel.spec index 163067094..c2518e3eb 100644 --- a/kernel.spec +++ b/kernel.spec @@ -635,6 +635,9 @@ Patch510: iio-accel-kxcjk1013-Add-more-hardware-ids.patch # rhbz 1645070 patch queued upstream for merging into 4.21 Patch516: asus-fx503-keyb.patch +# rhbz 1661961 patch merged upstream in 4.20 +Patch517: 0001-Bluetooth-btsdio-Do-not-bind-to-non-removable-BCM434.patch + # END OF PATCH DEFINITIONS %endif @@ -1896,6 +1899,9 @@ fi # # %changelog +* Mon Jan 7 2019 Hans de Goede +- Add patch to fix bluetooth on RPI 3B+ registering twice (rhbz#1661961) + * Sat Dec 29 2018 Jeremy Cline - 4.19.13-300 - Linux v4.19.13 -- cgit From 5efd1a1a5aca60d4563f184dbfb1aa9be2441fd6 Mon Sep 17 00:00:00 2001 From: "Justin M. Forbes" Date: Wed, 9 Jan 2019 08:25:07 -0600 Subject: Fix CVE-2019-3701 (rhbz 1663729 1663730) --- CVE-2019-3701.patch | 42 ++++++++++++++++++++++++++++++++++++++++++ kernel.spec | 6 ++++++ 2 files changed, 48 insertions(+) create mode 100644 CVE-2019-3701.patch diff --git a/CVE-2019-3701.patch b/CVE-2019-3701.patch new file mode 100644 index 000000000..06ee36a63 --- /dev/null +++ b/CVE-2019-3701.patch @@ -0,0 +1,42 @@ +From linux-netdev Thu Jan 03 12:26:34 2019 +From: Oliver Hartkopp +Date: Thu, 03 Jan 2019 12:26:34 +0000 +To: linux-netdev +Subject: [PATCH] can: gw: ensure DLC boundaries after CAN frame modification +Message-Id: <20190103122634.2530-1-socketcan () hartkopp ! net> +X-MARC-Message: https://marc.info/?l=linux-netdev&m=154651842302479 + +The CAN frame modification rules allow bitwise logical operations which can +be also applied to the can_dlc field. Ensure the manipulation result to +maintain the can_dlc boundaries so that the CAN drivers do not accidently +write arbitrary content beyond the data registers in the CAN controllers +I/O mem when processing can-gw manipulated outgoing frames. When passing these +frames to user space this issue did not have any effect to the kernel or any +leaked data as we always strictly copy sizeof(struct can_frame) bytes. + +Reported-by: Muyu Yu +Reported-by: Marcus Meissner +Tested-by: Muyu Yu +Signed-off-by: Oliver Hartkopp +Cc: linux-stable # >= v3.2 +--- + net/can/gw.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/net/can/gw.c b/net/can/gw.c +index faa3da88a127..9000d9b8a133 100644 +--- a/net/can/gw.c ++++ b/net/can/gw.c +@@ -418,6 +418,10 @@ static void can_can_gw_rcv(struct sk_buff *skb, void *data) + + /* check for checksum updates when the CAN frame has been modified */ + if (modidx) { ++ /* ensure DLC boundaries after the different mods */ ++ if (cf->can_dlc > 8) ++ cf->can_dlc = 8; ++ + if (gwj->mod.csumfunc.crc8) + (*gwj->mod.csumfunc.crc8)(cf, &gwj->mod.csum.crc8); + +-- +2.19.2 diff --git a/kernel.spec b/kernel.spec index c2518e3eb..e0597c6ba 100644 --- a/kernel.spec +++ b/kernel.spec @@ -638,6 +638,9 @@ Patch516: asus-fx503-keyb.patch # rhbz 1661961 patch merged upstream in 4.20 Patch517: 0001-Bluetooth-btsdio-Do-not-bind-to-non-removable-BCM434.patch +# CVE-2019-3701 rhbz 1663729 1663730 +Patch518: CVE-2019-3701.patch + # END OF PATCH DEFINITIONS %endif @@ -1899,6 +1902,9 @@ fi # # %changelog +* Tue Jan 07 2019 Justin M. Forbes +- Fix CVE-2019-3701 (rhbz 1663729 1663730) + * Mon Jan 7 2019 Hans de Goede - Add patch to fix bluetooth on RPI 3B+ registering twice (rhbz#1661961) -- cgit From f2af597e82d61de36dbd650aeec30923997e5154 Mon Sep 17 00:00:00 2001 From: "Justin M. Forbes" Date: Wed, 9 Jan 2019 09:44:47 -0600 Subject: Fix Changelog date --- kernel.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel.spec b/kernel.spec index e0597c6ba..a9e5d4460 100644 --- a/kernel.spec +++ b/kernel.spec @@ -1902,7 +1902,7 @@ fi # # %changelog -* Tue Jan 07 2019 Justin M. Forbes +* Wed Jan 09 2019 Justin M. Forbes - Fix CVE-2019-3701 (rhbz 1663729 1663730) * Mon Jan 7 2019 Hans de Goede -- cgit