From facf80d5e336193efa10a9c466efcd928b1cfa0f Mon Sep 17 00:00:00 2001
From: Jeremy Cline <jcline@redhat.com>
Date: Mon, 25 Nov 2019 10:13:23 -0500
Subject: Drop the secureboot key sources for s390 and ppc

This caused a duplicate definition of Source15 and the secureboot key
files are not currently in the tree.
---
 kernel.spec | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

(limited to 'kernel.spec')

diff --git a/kernel.spec b/kernel.spec
index fefd0d2c1..2fe02f8f1 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -596,22 +596,12 @@ Source11: x509.genkey.fedora
 
 Source12: securebootca.cer
 Source13: secureboot.cer
-Source14: secureboot_s390.cer
-Source15: secureboot_ppc.cer
 
 %define secureboot_ca %{SOURCE12}
 %ifarch x86_64 aarch64
 %define secureboot_key %{SOURCE13}
 %define pesign_name redhatsecureboot301
 %endif
-%ifarch s390x
-%define secureboot_key %{SOURCE14}
-%define pesign_name redhatsecureboot302
-%endif
-%ifarch ppc64le
-%define secureboot_key %{SOURCE15}
-%define pesign_name redhatsecureboot303
-%endif
 
 %else # released_kernel
 
@@ -624,7 +614,7 @@ Source13: redhatsecureboot003.cer
 
 %endif # released_kernel
 
-Source22: mod-extra.list.rhel
+Source15: mod-extra.list.rhel
 Source16: mod-extra.list.fedora
 Source17: mod-extra.sh
 Source18: mod-sign.sh
-- 
cgit 


From be6041e7ff7b38fbfb8058dd00e02e34b382ca68 Mon Sep 17 00:00:00 2001
From: "Justin M. Forbes" <jforbes@fedoraproject.org>
Date: Mon, 25 Nov 2019 10:19:55 -0600
Subject: Fix a number of CVEs

---
 kernel.spec | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'kernel.spec')

diff --git a/kernel.spec b/kernel.spec
index 2fe02f8f1..1a75dcae8 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -840,6 +840,19 @@ Patch522: mwifiex-pcie-fix-memory-leak-in-mwifiex_pcie_alloc_cmdrsp_buf.patch
 # CVE-2019-19054 rhbz 1775063 1775117
 Patch524: media-rc-prevent-memory-leak-in-cx23888_ir_probe.patch
 
+# CVE-2019-14895 rhbz 1774870 1776139
+Patch525: mwifiex-fix-possible-heap-overflow-in-mwifiex_process_country_ie.patch
+
+# CVE-2019-14896 rhbz 1774875 1776143
+# CVE-2019-14897 rhbz 1774879 1776146
+Patch526: libertas-Fix-two-buffer-overflows-at-parsing-bss-descriptor.patch
+
+# CVE-2019-14901 rhbz 1773519 1776184
+Patch527: mwifiex-Fix-heap-overflow-in-mmwifiex_process_tdls_action_frame.patch
+
+# CVE-2019-19078 rhbz 1776354 1776353
+Patch528: ath10k-fix-memory-leak.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -2538,6 +2551,13 @@ fi
 #
 #
 %changelog
+* Mon Nov 25 2019 Justin M. Forbes <jforbes@fedoraproject.org>
+- Fix CVE-2019-14895 (rhbz 1774870 1776139)
+- Fix CVE-2019-14896 (rhbz 1774875 1776143)
+- Fix CVE-2019-14897 (rhbz 1774879 1776146)
+- Fix CVE-2019-14901 (rhbz 1773519 1776184)
+- Fix CVE-2019-19078 (rhbz 1776354 1776353)
+
 * Mon Nov 25 2019 Jeremy Cline <jcline@redhat.com> - 5.4.0-1
 - Linux v5.4.0
 
-- 
cgit