From f173b49d03a7ddf316e354a0d3c8c88fe78f8745 Mon Sep 17 00:00:00 2001
From: Jeremy Cline <jcline@redhat.com>
Date: Tue, 4 Jun 2019 14:12:47 +0000
Subject: Linux v5.1.7

---
 ...missing-check-bug-in-sunxi_divs_clk_setup.patch | 30 ++++++++++++++++++++
 kernel.spec                                        | 13 ++++++++-
 sources                                            |  2 +-
 wcd9335-fix-a-incorrect-use-of-kstrndup.patch      | 32 ++++++++++++++++++++++
 4 files changed, 75 insertions(+), 2 deletions(-)
 create mode 100644 clk-sunxi-fix-a-missing-check-bug-in-sunxi_divs_clk_setup.patch
 create mode 100644 wcd9335-fix-a-incorrect-use-of-kstrndup.patch

diff --git a/clk-sunxi-fix-a-missing-check-bug-in-sunxi_divs_clk_setup.patch b/clk-sunxi-fix-a-missing-check-bug-in-sunxi_divs_clk_setup.patch
new file mode 100644
index 000000000..3f877a8cf
--- /dev/null
+++ b/clk-sunxi-fix-a-missing-check-bug-in-sunxi_divs_clk_setup.patch
@@ -0,0 +1,30 @@
+From fcdf445ff42f036d22178b49cf64e92d527c1330 Mon Sep 17 00:00:00 2001
+From: Gen Zhang <blackgod016574@gmail.com>
+Date: Tue, 28 May 2019 10:18:51 +0800
+Subject: clk-sunxi: fix a missing-check bug in sunxi_divs_clk_setup()
+
+In sunxi_divs_clk_setup(), 'derived_name' is allocated by kstrndup().
+It returns NULL when fails. 'derived_name' should be checked.
+
+Signed-off-by: Gen Zhang <blackgod016574@gmail.com>
+Signed-off-by: Maxime Ripard <maxime.ripard@bootlin.com>
+---
+ drivers/clk/sunxi/clk-sunxi.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/clk/sunxi/clk-sunxi.c b/drivers/clk/sunxi/clk-sunxi.c
+index f5b1c0067365..830bfb7f5e6b 100644
+--- a/drivers/clk/sunxi/clk-sunxi.c
++++ b/drivers/clk/sunxi/clk-sunxi.c
+@@ -989,6 +989,8 @@ static struct clk ** __init sunxi_divs_clk_setup(struct device_node *node,
+ 		if (endp) {
+ 			derived_name = kstrndup(clk_name, endp - clk_name,
+ 						GFP_KERNEL);
++			if (!derived_name)
++				return NULL;
+ 			factors.name = derived_name;
+ 		} else {
+ 			factors.name = clk_name;
+-- 
+cgit 1.2-0.3.lf.el7
+
diff --git a/kernel.spec b/kernel.spec
index 01489c47a..2fc0a772e 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -54,7 +54,7 @@ Summary: The Linux kernel
 %if 0%{?released_kernel}
 
 # Do we have a -stable update to apply?
-%define stable_update 6
+%define stable_update 7
 # Set rpm version accordingly
 %if 0%{?stable_update}
 %define stablerev %{stable_update}
@@ -607,6 +607,12 @@ Patch532: drm-edid-fix-missing-check-bug-in-drm_load_edid_firmware.patch
 # CVE-2019-12379 rhbz 1715491 1715706
 Patch533: consolemap-fix-memory-leaking-bug.patch
 
+# CVE-2019-12455 rhbz 1716990 1717003
+Patch534: clk-sunxi-fix-a-missing-check-bug-in-sunxi_divs_clk_setup.patch
+
+# CVE-2019-12454 rhbz 1716996 1717003
+Patch535: wcd9335-fix-a-incorrect-use-of-kstrndup.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -1845,6 +1851,11 @@ fi
 #
 #
 %changelog
+* Tue Jun 04 2019 Jeremy Cline <jcline@redhat.com> - 5.1.7-300
+- Linux v5.1.7
+- Fix CVE-2019-12455 (rhbz 1716990 1717003)
+- Fix CVE-2019-12454 (rhbz 1716996 1717003)
+
 * Mon Jun 03 2019 Justin M. Forbes <jforbes@fedoraproject.org>
 - Fix CVE-2019-12378 (rhbz 1715459 1715460)
 - Fix CVE-2019-3846 (rhbz 1713059 1715475)
diff --git a/sources b/sources
index 2e7a6bcf1..f8fc54ca3 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
 SHA512 (linux-5.1.tar.xz) = ae96f347badc95f1f3acf506c52b6cc23c0bd09ce8f4ce6705d4b4058b62593059bba1bc603c8d8b00a2f19131e7e56c31ac62b45883a346fa61d655e178f236
-SHA512 (patch-5.1.6.xz) = e0535296a5ff5c85154f944a84ee4d4ffe9f8c7acd74ab6ec1db83268d537fbb3605f9ae708cb71ff0945c6eb3caa40c7d85bda2c8f2d3e6dd09bbc98b41b415
+SHA512 (patch-5.1.7.xz) = 02c56c9209e91b88fab9060b2b5e185f3cdb5f163183286ce87eccdf5191a671b44eb163c220b7b9d91f012d94e41cdd40c5bb3828dfd381675f58512308f6dc
diff --git a/wcd9335-fix-a-incorrect-use-of-kstrndup.patch b/wcd9335-fix-a-incorrect-use-of-kstrndup.patch
new file mode 100644
index 000000000..2b35e913e
--- /dev/null
+++ b/wcd9335-fix-a-incorrect-use-of-kstrndup.patch
@@ -0,0 +1,32 @@
+From a54988113985ca22e414e132054f234fc8a92604 Mon Sep 17 00:00:00 2001
+From: Gen Zhang <blackgod016574@gmail.com>
+Date: Wed, 29 May 2019 09:53:05 +0800
+Subject: wcd9335: fix a incorrect use of kstrndup()
+
+In wcd9335_codec_enable_dec(), 'widget_name' is allocated by kstrndup().
+However, according to doc: "Note: Use kmemdup_nul() instead if the size
+is known exactly." So we should use kmemdup_nul() here instead of
+kstrndup().
+
+Signed-off-by: Gen Zhang <blackgod016574@gmail.com>
+Signed-off-by: Mark Brown <broonie@kernel.org>
+---
+ sound/soc/codecs/wcd9335.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sound/soc/codecs/wcd9335.c b/sound/soc/codecs/wcd9335.c
+index a04a7cedd99d..85737fe54474 100644
+--- a/sound/soc/codecs/wcd9335.c
++++ b/sound/soc/codecs/wcd9335.c
+@@ -2734,7 +2734,7 @@ static int wcd9335_codec_enable_dec(struct snd_soc_dapm_widget *w,
+ 	char *dec;
+ 	u8 hpf_coff_freq;
+ 
+-	widget_name = kstrndup(w->name, 15, GFP_KERNEL);
++	widget_name = kmemdup_nul(w->name, 15, GFP_KERNEL);
+ 	if (!widget_name)
+ 		return -ENOMEM;
+ 
+-- 
+cgit 1.2-0.3.lf.el7
+
-- 
cgit