Hello community,
here is the log from the commit of package kernel-source.4563 for openSUSE:13.1:Update checked in at 2016-02-08 15:39:01
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.1:Update/kernel-source.4563 (Old)
and /work/SRC/openSUSE:13.1:Update/.kernel-source.4563.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kernel-source.4563"
Changes:
--------
--- /work/SRC/openSUSE:13.1:Update/kernel-source.4563/kernel-cubox.changes 2016-02-01 12:26:11.000000000 +0100
+++ /work/SRC/openSUSE:13.1:Update/.kernel-source.4563.new/kernel-cubox.changes 2016-02-08 15:39:02.000000000 +0100
@@ -1,0 +2,542 @@
+Wed Jan 20 13:39:07 CET 2016 - jlee@suse.com
+
+- KEYS: Fix race between read and revoke (bnc#958951,
+ CVE-2015-7550).
+- commit 60aea17
+
+-------------------------------------------------------------------
+Wed Jan 20 11:48:51 CET 2016 - jlee@suse.com
+
+- patches.fixes/keys-fix-leak.patch: (bnc#962075, CVE-2016-0728).
+- commit 5824983
+
+-------------------------------------------------------------------
+Wed Jan 20 11:34:00 CET 2016 - mkubecek@suse.cz
+
+- sctp: Prevent soft lockup when sctp_accept() is called during
+ a timeout event (CVE-2015-8767 bsc#961509).
+- commit 9485403
+
+-------------------------------------------------------------------
+Mon Dec 21 22:13:57 CET 2015 - bp@suse.de
+
+- pptp: verify sockaddr_len in pptp_bind() and pptp_connect()
+ (bsc#959190, CVE-2015-8569).
+- commit 32587c2
+
+-------------------------------------------------------------------
+Sat Dec 19 11:36:08 CET 2015 - bp@suse.de
+
+- bluetooth: Validate socket address length in sco_sock_bind()
+ (bsc#959399, CVE-2015-8575).
+- commit 220d6d4
+
+-------------------------------------------------------------------
+Fri Dec 18 19:17:43 CET 2015 - jbohac@suse.cz
+
+- Refresh
+ patches.fixes/net-add-validation-for-the-socket-syscall-protocol-a.patch.
+ Fix build error caused by missing U8_MAX.
+- commit 862fda6
+
+-------------------------------------------------------------------
+Fri Dec 18 18:54:34 CET 2015 - jbohac@suse.cz
+
+- net: add validation for the socket syscall protocol argument
+ (bsc#958886, CVE-2015-8543).
+- commit 7563240
+
+-------------------------------------------------------------------
+Mon Dec 14 06:16:30 CET 2015 - neilb@suse.com
+
+- KEYS: Make /proc/keys unconditional if CONFIG_KEYS=y
+ (boo#956934).
+- commit ac9d5e1
+
+-------------------------------------------------------------------
+Thu Dec 10 11:09:39 CET 2015 - mmarek@suse.com
+
+- genksyms: Handle string literals with spaces in reference files (bsc#958510).
+- commit cc62435
+
+-------------------------------------------------------------------
+Fri Dec 4 10:42:48 CET 2015 - mkubecek@suse.cz
+
+- Update references of
+ patches.fixes/ipv6-addrconf-validate-new-MTU-before-applying-it.patch
+ (add bsc#955354 CVE-2015-8215).
+- commit 1765b3c
+
+-------------------------------------------------------------------
+Fri Dec 4 10:40:02 CET 2015 - mkubecek@suse.cz
+
+- ipv6: distinguish frag queues by device for multicast and
+ link-local packets (bsc#955422).
+- route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224).
+- ipv4: Don't increase PMTU with Datagram Too Big message
+ (bsc#955224).
+- commit 9460863
+
+-------------------------------------------------------------------
+Fri Dec 4 09:33:52 CET 2015 - mkubecek@suse.cz
+
+- Update mainline reference:
+ patches.fixes/net-sctp-inherit-auth_capable-on-INIT-collisions.patch.
+- commit e21291f
+
+-------------------------------------------------------------------
+Tue Nov 17 10:58:32 CET 2015 - jbeulich@suse.com
+
+- x86/ldt: Make modify_ldt synchronous (bsc#938706,
+ CVE-2015-5157).
+- Refresh other Xen patches.
+- commit 1dfee31
+
+-------------------------------------------------------------------
+Mon Nov 16 13:45:40 CET 2015 - mkubecek@suse.cz
+
+- ipv6: fix tunnel error handling (bsc#952579).
+- commit e2de62f
+
+-------------------------------------------------------------------
+Fri Nov 13 18:28:06 CET 2015 - jbohac@suse.cz
+
+- ppp, slip: Validate VJ compression slot parameters completely
+ (bsc#949936, CVE-2015-7799).
+- isdn_ppp: Add checks for allocation failure in isdn_ppp_open()
+ (bsc#949936, CVE-2015-7799).
+- commit a69ae3c
+
+-------------------------------------------------------------------
+Fri Nov 13 16:19:52 CET 2015 - oneukum@suse.com
+
+- usbvision fix overflow of interfaces array (bnc#950998).
+- commit da3354f
+
+-------------------------------------------------------------------
+Wed Nov 11 18:12:01 CET 2015 - jroedel@suse.de
+
+- KVM: svm: unconditionally intercept #DB (CVE-2015-8104
+ bsc#954404).
+- KVM: x86: work around infinite loop in microcode when #AC is
+ delivered (CVE-2015-5307 bsc#953527).
+- commit c2d985d
+
+-------------------------------------------------------------------
+Tue Nov 10 18:48:29 CET 2015 - bp@suse.de
+
+- x86/paravirt: Replace the paravirt nop with a bona fide empty
+ function (bsc#938706, CVE-2015-5157).
+- x86/nmi/64: Fix a paravirt stack-clobbering bug in the NMI code
+ (bsc#938706, CVE-2015-5157).
+- x86/ldt: Further fix FPU emulation (bsc#938706, CVE-2015-5157).
+- x86/ldt: Correct FPU emulation access to LDT (bsc#938706,
+ CVE-2015-5157).
+- x86/ldt: Correct LDT access in single stepping logic
+ (bsc#938706, CVE-2015-5157).
+- x86/ldt: Make modify_ldt synchronous (bsc#938706,
+ CVE-2015-5157).
+- rcu: Move lockless_dereference() out of rcupdate.h (bsc#938706,
+ CVE-2015-5157).
+- x86/nmi/64: Switch stacks on userspace NMI entry (bsc#938706,
+ CVE-2015-5157).
+- commit 77192e7
+
+-------------------------------------------------------------------
+Thu Nov 5 15:06:12 CET 2015 - jbohac@suse.cz
+
+- RDS: fix race condition when sending a message on unbound socket
+ (bsc#952384, CVE-2015-7990).
+- RDS: verify the underlying transport exists before creating
+ a connection (bsc#945825, CVE-2015-6937).
+- commit 3c511b1
+
+-------------------------------------------------------------------
+Wed Oct 28 08:43:27 CET 2015 - tiwai@suse.de
+
+- ALSA: hda - Disable 64bit address for Creative HDA controllers
+ (bnc#814440).
+- commit 3f64e4b
+
+-------------------------------------------------------------------
+Fri Oct 23 03:42:46 CEST 2015 - jeffm@suse.com
+
+- Refresh
+ patches.fixes/keys-don-t-permit-request_key-to-construct-a-new-keyring.
+ Fixed incomplete backport.
+- commit ea30661
+
+-------------------------------------------------------------------
+Fri Oct 23 03:06:51 CEST 2015 - jeffm@suse.com
+
+- KEYS: Don't permit request_key() to construct a new keyring
+ (CVE-2015-7872 bsc#951440).
+- KEYS: Fix crash when attempt to garbage collect an
+ uninstantiated keyring (CVE-2015-7872 bsc#951440).
+- KEYS: Fix race between key destruction and finding a keyring
+ by name (bsc#951440).
+- commit 9f89501
+
+-------------------------------------------------------------------
+Fri Oct 23 00:11:29 CEST 2015 - neilb@suse.com
+
+- vfs: Test for and handle paths that are unreachable from their
+ mnt_root (bsc#926238, CVE-2015-2925).
+- vfs: Test for and handle paths that are unreachable from their
+ mnt_root (bsc#926238, CVE#2015-2925).
+- commit 0a0e072
+
+-------------------------------------------------------------------
+Tue Oct 20 14:16:40 CEST 2015 - oneukum@suse.com
+
+- xhci: Add spurious wakeup quirk for LynxPoint-LP controllers
+ (bnc#951194).
+- commit 708e00d
+
+-------------------------------------------------------------------
+Mon Oct 12 12:01:32 CEST 2015 - mmarek@suse.com
++++ 345 more lines (skipped)
++++ between /work/SRC/openSUSE:13.1:Update/kernel-source.4563/kernel-cubox.changes
++++ and /work/SRC/openSUSE:13.1:Update/.kernel-source.4563.new/kernel-cubox.changes
kernel-debug.changes: same change
kernel-default.changes: same change
kernel-desktop.changes: same change
kernel-docs.changes: same change
kernel-ec2.changes: same change
kernel-exynos.changes: same change
kernel-lpae.changes: same change
kernel-obs-build.changes: same change
kernel-obs-qa.changes: same change
kernel-pae.changes: same change
kernel-source.changes: same change
kernel-syms.changes: same change
kernel-trace.changes: same change
kernel-vanilla.changes: same change
kernel-xen.changes: same change
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ kernel-cubox.spec ++++++
--- /var/tmp/diff_new_pack.iQszg5/_old 2016-02-08 15:39:07.000000000 +0100
+++ /var/tmp/diff_new_pack.iQszg5/_new 2016-02-08 15:39:07.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package kernel-cubox
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -62,9 +62,10 @@
License: GPL-2.0
Group: System/Kernel
Version: 3.11.10
-Release: 0
%if 0%{?is_kotd}
+Release: <RELEASE>.g1e76e80
%else
+Release: 0
%endif
Url: http://www.kernel.org/
BuildRequires: bc
kernel-debug.spec: same change
kernel-default.spec: same change
++++++ kernel-desktop.spec ++++++
--- /var/tmp/diff_new_pack.iQszg5/_old 2016-02-08 15:39:07.000000000 +0100
+++ /var/tmp/diff_new_pack.iQszg5/_new 2016-02-08 15:39:07.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package kernel-desktop
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -62,9 +62,10 @@
License: GPL-2.0
Group: System/Kernel
Version: 3.11.10
-Release: 0
%if 0%{?is_kotd}
+Release: <RELEASE>.g1e76e80
%else
+Release: 0
%endif
Url: http://www.kernel.org/
BuildRequires: bc
@@ -357,6 +358,7 @@
that support it, regardless of the amount of main memory.
%endif
+
%source_timestamp
%prep
if ! [ -e %{S:0} ]; then
@@ -980,6 +982,7 @@
This package contains only the base modules, required in all installs.
+
%source_timestamp
%preun base -f preun-base.sh
@@ -1030,6 +1033,7 @@
This package contains additional modules not supported by Novell.
+
%source_timestamp
%preun extra -f preun-extra.sh
++++++ kernel-docs.spec ++++++
--- /var/tmp/diff_new_pack.iQszg5/_old 2016-02-08 15:39:07.000000000 +0100
+++ /var/tmp/diff_new_pack.iQszg5/_new 2016-02-08 15:39:07.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package kernel-docs
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -26,9 +26,10 @@
License: GPL-2.0
Group: Documentation/Man
Version: 3.11.10
-Release: 0
%if 0%{?is_kotd}
+Release: <RELEASE>.g1e76e80
%else
+Release: 0
%endif
BuildRequires: kernel-source%variant
BuildRequires: xmlto
++++++ kernel-ec2.spec ++++++
--- /var/tmp/diff_new_pack.iQszg5/_old 2016-02-08 15:39:07.000000000 +0100
+++ /var/tmp/diff_new_pack.iQszg5/_new 2016-02-08 15:39:07.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package kernel-ec2
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -62,9 +62,10 @@
License: GPL-2.0
Group: System/Kernel
Version: 3.11.10
-Release: 0
%if 0%{?is_kotd}
+Release: <RELEASE>.g1e76e80
%else
+Release: 0
%endif
Url: http://www.kernel.org/
BuildRequires: bc
kernel-exynos.spec: same change
kernel-lpae.spec: same change
++++++ kernel-obs-build.spec ++++++
--- /var/tmp/diff_new_pack.iQszg5/_old 2016-02-08 15:39:07.000000000 +0100
+++ /var/tmp/diff_new_pack.iQszg5/_new 2016-02-08 15:39:07.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package kernel-obs-build
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -46,9 +46,10 @@
License: GPL-2.0
Group: SLES
Version: 3.11.10
-Release: 0
%if 0%{?is_kotd}
+Release: <RELEASE>.g1e76e80
%else
+Release: 0
%endif
%description
@@ -92,7 +93,7 @@
# a longer list to have them also available for qemu cross builds where x86_64 kernel runs in eg. arm env.
# this list of modules where available on build workers of build.opensuse.org, so we stay compatible.
-export KERNEL_MODULES="loop dm-mod dm-snapshot binfmt-misc fuse kqemu squashfs ext2 ext3 ext4 reiserfs nf_conntrack_ipv6 binfmt_misc virtio_pci virtio_mmio virtio_blk fat vfat nls_cp437 nls_iso8859-1 ibmvscsi ibmvscsic"
+export KERNEL_MODULES="loop dm-mod dm-snapshot binfmt-misc fuse kqemu squashfs ext2 ext3 ext4 reiserfs nf_conntrack_ipv6 binfmt_misc virtio_pci virtio_mmio virtio_blk virtio_rng fat vfat nls_cp437 nls_iso8859-1 ibmvscsi ibmvscsic"
ROOT=""
[ -e "/dev/vda" ] && ROOT="-d /dev/vda"
[ -e /dev/hda1 ] && ROOT="-d /dev/hda1" # for xen builds
@@ -124,6 +125,7 @@
%endif
%endif
+
#cleanup
rm -rf /usr/lib/dracut/modules.d/80obs
++++++ kernel-obs-qa.spec ++++++
--- /var/tmp/diff_new_pack.iQszg5/_old 2016-02-08 15:39:07.000000000 +0100
+++ /var/tmp/diff_new_pack.iQszg5/_new 2016-02-08 15:39:07.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package kernel-obs-qa
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -40,9 +40,10 @@
License: GPL-2.0
Group: SLES
Version: 3.11.10
-Release: 0
%if 0%{?is_kotd}
+Release: <RELEASE>.g1e76e80
%else
+Release: 0
%endif
%description
@@ -61,14 +62,12 @@
# test suites should be packaged in other packages, but build required
# and called here.
-if ! /sbin/modprobe loop; then
- echo "ERROR: Unable to load the kernel loop module."
- echo "Usually the wrong kernel is running, this is atm"
- cat /proc/version
- echo "Installed kernel modules are:"
- rpm -q kernel-@FLAVOR@
- exit 1
+krel=$(uname -r)
+if test ! -d "/lib/modules/$krel/kernel"; then
+ echo "Kernel package for $krel not installed; exiting"
+ exit 0
fi
+/sbin/modprobe loop
%install
mkdir -p %{buildroot}/usr/share/%name
++++++ kernel-pae.spec ++++++
--- /var/tmp/diff_new_pack.iQszg5/_old 2016-02-08 15:39:07.000000000 +0100
+++ /var/tmp/diff_new_pack.iQszg5/_new 2016-02-08 15:39:07.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package kernel-pae
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -62,9 +62,10 @@
License: GPL-2.0
Group: System/Kernel
Version: 3.11.10
-Release: 0
%if 0%{?is_kotd}
+Release: <RELEASE>.g1e76e80
%else
+Release: 0
%endif
Url: http://www.kernel.org/
BuildRequires: bc
++++++ kernel-source.spec ++++++
--- /var/tmp/diff_new_pack.iQszg5/_old 2016-02-08 15:39:07.000000000 +0100
+++ /var/tmp/diff_new_pack.iQszg5/_new 2016-02-08 15:39:07.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package kernel-source
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -31,9 +31,10 @@
License: GPL-2.0
Group: Development/Sources
Version: 3.11.10
-Release: 0
%if 0%{?is_kotd}
+Release: <RELEASE>.g1e76e80
%else
+Release: 0
%endif
Url: http://www.kernel.org/
AutoReqProv: off
++++++ kernel-syms.spec ++++++
--- /var/tmp/diff_new_pack.iQszg5/_old 2016-02-08 15:39:07.000000000 +0100
+++ /var/tmp/diff_new_pack.iQszg5/_new 2016-02-08 15:39:07.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package kernel-syms
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -25,13 +25,15 @@
License: GPL-2.0
Group: Development/Sources
Version: 3.11.10
-Release: 0
%if %using_buildservice
%if 0%{?is_kotd}
+Release: <RELEASE>.g1e76e80
%else
+Release: 0
%endif
%else
%define kernel_source_release %(LC_ALL=C rpm -q kernel-devel%variant-%version --qf "%{RELEASE}" | grep -v 'not installed' || echo 0)
+Release: %kernel_source_release
%endif
Url: http://www.kernel.org/
AutoReqProv: off
++++++ kernel-trace.spec ++++++
--- /var/tmp/diff_new_pack.iQszg5/_old 2016-02-08 15:39:07.000000000 +0100
+++ /var/tmp/diff_new_pack.iQszg5/_new 2016-02-08 15:39:07.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package kernel-trace
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -62,9 +62,10 @@
License: GPL-2.0
Group: System/Kernel
Version: 3.11.10
-Release: 0
%if 0%{?is_kotd}
+Release: <RELEASE>.g1e76e80
%else
+Release: 0
%endif
Url: http://www.kernel.org/
BuildRequires: bc
kernel-vanilla.spec: same change
kernel-xen.spec: same change
++++++ config.tar.bz2 ++++++
++++++ kabi.tar.bz2 ++++++
++++ 23306 lines of diff (skipped)
++++++ kernel-obs-build.spec.in ++++++
--- /var/tmp/diff_new_pack.iQszg5/_old 2016-02-08 15:39:13.000000000 +0100
+++ /var/tmp/diff_new_pack.iQszg5/_new 2016-02-08 15:39:13.000000000 +0100
@@ -93,7 +93,7 @@
# a longer list to have them also available for qemu cross builds where x86_64 kernel runs in eg. arm env.
# this list of modules where available on build workers of build.opensuse.org, so we stay compatible.
-export KERNEL_MODULES="loop dm-mod dm-snapshot binfmt-misc fuse kqemu squashfs ext2 ext3 ext4 reiserfs nf_conntrack_ipv6 binfmt_misc virtio_pci virtio_mmio virtio_blk fat vfat nls_cp437 nls_iso8859-1 ibmvscsi ibmvscsic"
+export KERNEL_MODULES="loop dm-mod dm-snapshot binfmt-misc fuse kqemu squashfs ext2 ext3 ext4 reiserfs nf_conntrack_ipv6 binfmt_misc virtio_pci virtio_mmio virtio_blk virtio_rng fat vfat nls_cp437 nls_iso8859-1 ibmvscsi ibmvscsic"
ROOT=""
[ -e "/dev/vda" ] && ROOT="-d /dev/vda"
[ -e /dev/hda1 ] && ROOT="-d /dev/hda1" # for xen builds
++++++ kernel-obs-qa.spec.in ++++++
--- /var/tmp/diff_new_pack.iQszg5/_old 2016-02-08 15:39:13.000000000 +0100
+++ /var/tmp/diff_new_pack.iQszg5/_new 2016-02-08 15:39:13.000000000 +0100
@@ -62,15 +62,12 @@
# test suites should be packaged in other packages, but build required
# and called here.
-if ! /sbin/modprobe loop; then
- echo "ERROR: Unable to load the kernel loop module."
- echo "Usually the wrong kernel is running, this is atm"
- cat /proc/version
- echo "Installed kernel modules are:"
- rpm -q kernel-@FLAVOR@
- exit 1
+krel=$(uname -r)
+if test ! -d "/lib/modules/$krel/kernel"; then
+ echo "Kernel package for $krel not installed; exiting"
+ exit 0
fi
-
+/sbin/modprobe loop
%install
mkdir -p %{buildroot}/usr/share/%name
++++++ log.sh ++++++
--- /var/tmp/diff_new_pack.iQszg5/_old 2016-02-08 15:39:13.000000000 +0100
+++ /var/tmp/diff_new_pack.iQszg5/_new 2016-02-08 15:39:13.000000000 +0100
@@ -1,4 +1,4 @@
-#! /bin/sh
+#! /bin/bash
# log.sh - Automate insertion of patches into a kernel rpm tree managed
# with series.conf
++++++ patches.arch.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.arch/arm64-mm-Remove-hack-in-mmap-randomize-layout.patch new/patches.arch/arm64-mm-Remove-hack-in-mmap-randomize-layout.patch
--- old/patches.arch/arm64-mm-Remove-hack-in-mmap-randomize-layout.patch 1970-01-01 01:00:00.000000000 +0100
+++ new/patches.arch/arm64-mm-Remove-hack-in-mmap-randomize-layout.patch 2015-07-21 18:59:20.000000000 +0200
@@ -0,0 +1,68 @@
+From: Yann Droneaud
+Date: Mon, 17 Nov 2014 23:02:19 +0000
+Subject: [PATCH] arm64/mm: Remove hack in mmap randomize layout
+Git-commit: d6c763afab142a85e4770b4bc2a5f40f256d5c5d
+Patch-Mainline: v3.19-rc1
+
+Since commit 8a0a9bd4db63 ('random: make get_random_int() more
+random'), get_random_int() returns a random value for each call,
+so comment and hack introduced in mmap_rnd() as part of commit
+1d18c47c735e ('arm64: MMU fault handling and page table management')
+are incorrects.
+
+Commit 1d18c47c735e seems to use the same hack introduced by
+commit a5adc91a4b44 ('powerpc: Ensure random space between stack
+and mmaps'), latter copied in commit 5a0efea09f42 ('sparc64: Sharpen
+address space randomization calculations.').
+
+But both architectures were cleaned up as part of commit
+fa8cbaaf5a68 ('powerpc+sparc64/mm: Remove hack in mmap randomize
+layout') as hack is no more needed since commit 8a0a9bd4db63.
+
+So the present patch removes the comment and the hack around
+get_random_int() on AArch64's mmap_rnd().
+
+Cc: David S. Miller
+Cc: Anton Blanchard
+Cc: Benjamin Herrenschmidt
+Acked-by: Will Deacon
+Acked-by: Dan McGee
+Signed-off-by: Yann Droneaud
+Signed-off-by: Will Deacon
+Acked-by: Matthias Brugger
+---
+ arch/arm64/mm/mmap.c | 12 ++----------
+ 1 file changed, 2 insertions(+), 10 deletions(-)
+
+diff --git a/arch/arm64/mm/mmap.c b/arch/arm64/mm/mmap.c
+index 1d73662..54922d1 100644
+--- a/arch/arm64/mm/mmap.c
++++ b/arch/arm64/mm/mmap.c
+@@ -47,22 +47,14 @@ static int mmap_is_legacy(void)
+ return sysctl_legacy_va_layout;
+ }
+
+-/*
+- * Since get_random_int() returns the same value within a 1 jiffy window, we
+- * will almost always get the same randomisation for the stack and mmap
+- * region. This will mean the relative distance between stack and mmap will be
+- * the same.
+- *
+- * To avoid this we can shift the randomness by 1 bit.
+- */
+ static unsigned long mmap_rnd(void)
+ {
+ unsigned long rnd = 0;
+
+ if (current->flags & PF_RANDOMIZE)
+- rnd = (long)get_random_int() & (STACK_RND_MASK >> 1);
++ rnd = (long)get_random_int() & STACK_RND_MASK;
+
+- return rnd << (PAGE_SHIFT + 1);
++ return rnd << PAGE_SHIFT;
+ }
+
+ static unsigned long mmap_base(void)
+--
+1.9.1
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.arch/kvm-x86-fix-kvm_apic_has_events-to-check-for-NULL-po new/patches.arch/kvm-x86-fix-kvm_apic_has_events-to-check-for-NULL-po
--- old/patches.arch/kvm-x86-fix-kvm_apic_has_events-to-check-for-NULL-po 1970-01-01 01:00:00.000000000 +0100
+++ new/patches.arch/kvm-x86-fix-kvm_apic_has_events-to-check-for-NULL-po 2015-07-21 18:59:20.000000000 +0200
@@ -0,0 +1,29 @@
+From ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini
+Date: Sat, 30 May 2015 14:31:24 +0200
+Subject: [PATCH] kvm: x86: fix kvm_apic_has_events to check for NULL pointer
+Git-commit: ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009
+Patch-mainline: 4.2-rc1
+References: bnc#935542,CVE-2015-4692
+
+Malicious (or egregiously buggy) userspace can trigger it, but it
+should never happen in normal operation.
+
+Signed-off-by: Paolo Bonzini
+Acked-by: Takashi Iwai
+
+---
+ arch/x86/kvm/lapic.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/lapic.h
++++ b/arch/x86/kvm/lapic.h
+@@ -165,7 +165,7 @@ static inline u16 apic_logical_id(struct
+
+ static inline bool kvm_apic_has_events(struct kvm_vcpu *vcpu)
+ {
+- return vcpu->arch.apic->pending_events;
++ return kvm_vcpu_has_lapic(vcpu) && vcpu->arch.apic->pending_events;
+ }
+
+ bool kvm_apic_pending_eoi(struct kvm_vcpu *vcpu, int vector);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.arch/x86-asm-entry-64-remove-a-bogus-ret_from_fork-optimization.patch new/patches.arch/x86-asm-entry-64-remove-a-bogus-ret_from_fork-optimization.patch
--- old/patches.arch/x86-asm-entry-64-remove-a-bogus-ret_from_fork-optimization.patch 1970-01-01 01:00:00.000000000 +0100
+++ new/patches.arch/x86-asm-entry-64-remove-a-bogus-ret_from_fork-optimization.patch 2015-07-21 18:59:20.000000000 +0200
@@ -0,0 +1,56 @@
+From: Andy Lutomirski
+Date: Thu, 5 Mar 2015 01:09:44 +0100
+Subject: x86/asm/entry/64: Remove a bogus 'ret_from_fork' optimization
+Git-commit: 956421fbb74c3a6261903f3836c0740187cf038b
+Patch-mainline: v4.0-rc3
+References: bsc#926240, CVE-2015-2830
+
+'ret_from_fork' checks TIF_IA32 to determine whether 'pt_regs' and
+the related state make sense for 'ret_from_sys_call'. This is
+entirely the wrong check. TS_COMPAT would make a little more
+sense, but there's really no point in keeping this optimization
+at all.
+
+This fixes a return to the wrong user CS if we came from int
+0x80 in a 64-bit task.
+
+Signed-off-by: Andy Lutomirski
+Cc: Borislav Petkov
+Cc: Denys Vlasenko
+Cc: H. Peter Anvin
+Cc: Linus Torvalds
+Cc: Oleg Nesterov
+Cc: Thomas Gleixner
+Cc:
+Link: http://lkml.kernel.org/r/4710be56d76ef994ddf59087aad98c000fbab9a4.1424989793...
+[ Backported from tip:x86/asm. ]
+Signed-off-by: Ingo Molnar
+Acked-by: Borislav Petkov
+---
+ arch/x86/kernel/entry_64.S | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+Index: current/arch/x86/kernel/entry_64.S
+===================================================================
+--- current.orig/arch/x86/kernel/entry_64.S 2013-09-02 22:46:10.000000000 +0200
++++ current/arch/x86/kernel/entry_64.S 2015-04-09 14:23:49.456065208 +0200
+@@ -556,11 +556,14 @@ ENTRY(ret_from_fork)
+ testl $3, CS-ARGOFFSET(%rsp) # from kernel_thread?
+ jz 1f
+
+- testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET
+- jnz int_ret_from_sys_call
+-
+- RESTORE_TOP_OF_STACK %rdi, -ARGOFFSET
+- jmp ret_from_sys_call # go to the SYSRET fastpath
++ /*
++ * By the time we get here, we have no idea whether our pt_regs,
++ * ti flags, and ti status came from the 64-bit SYSCALL fast path,
++ * the slow path, or one of the ia32entry paths.
++ * Use int_ret_from_sys_call to return, since it can safely handle
++ * all of the above.
++ */
++ jmp int_ret_from_sys_call
+
+ 1:
+ subq $REST_SKIP, %rsp # leave space for volatiles
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.arch/x86-microcode-intel-guard-against-stack-overflow-in-the-loader.patch new/patches.arch/x86-microcode-intel-guard-against-stack-overflow-in-the-loader.patch
--- old/patches.arch/x86-microcode-intel-guard-against-stack-overflow-in-the-loader.patch 1970-01-01 01:00:00.000000000 +0100
+++ new/patches.arch/x86-microcode-intel-guard-against-stack-overflow-in-the-loader.patch 2015-07-21 18:59:20.000000000 +0200
@@ -0,0 +1,35 @@
+From: Quentin Casasnovas
+Date: Tue, 3 Feb 2015 13:00:22 +0100
+Subject: x86/microcode/intel: Guard against stack overflow in the loader
+Git-commit: f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4
+Patch-mainline: v3.20-rc1
+References: bsc#922944, CVE-2015-2666
+
+mc_saved_tmp is a static array allocated on the stack, we need to make
+sure mc_saved_count stays within its bounds, otherwise we're overflowing
+the stack in _save_mc(). A specially crafted microcode header could lead
+to a kernel crash or potentially kernel execution.
+
+Signed-off-by: Quentin Casasnovas
+Cc: "H. Peter Anvin"
+Cc: Fenghua Yu
+Link: http://lkml.kernel.org/r/1422964824-22056-1-git-send-email-quentin.casasnova...
+Signed-off-by: Borislav Petkov
+---
+ arch/x86/kernel/microcode_intel_early.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/arch/x86/kernel/microcode_intel_early.c b/arch/x86/kernel/microcode_intel_early.c
+index ec9df6f9cd47..5e109a31f62b 100644
+--- a/arch/x86/kernel/microcode_intel_early.c
++++ b/arch/x86/kernel/microcode_intel_early.c
+@@ -321,7 +321,7 @@ get_matching_model_microcode(int cpu, unsigned long start,
+ unsigned int mc_saved_count = mc_saved_data->mc_saved_count;
+ int i;
+
+- while (leftover) {
++ while (leftover && mc_saved_count < ARRAY_SIZE(mc_saved_tmp)) {
+ mc_header = (struct microcode_header_intel *)ucode_ptr;
+
+ mc_size = get_totalsize(mc_header);
+
++++++ patches.drivers.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.drivers/0001-usb-core-Fix-USB-3.0-devices-lost-in-NOTATTACHED-sta.patch new/patches.drivers/0001-usb-core-Fix-USB-3.0-devices-lost-in-NOTATTACHED-sta.patch
--- old/patches.drivers/0001-usb-core-Fix-USB-3.0-devices-lost-in-NOTATTACHED-sta.patch 1970-01-01 01:00:00.000000000 +0100
+++ new/patches.drivers/0001-usb-core-Fix-USB-3.0-devices-lost-in-NOTATTACHED-sta.patch 2015-11-13 16:19:52.000000000 +0100
@@ -0,0 +1,168 @@
+From 5928246cc6c44f70d11f19fcf786a7ac0e617727 Mon Sep 17 00:00:00 2001
+From: Robert Schlabbach
+Date: Tue, 26 May 2015 00:27:30 +0200
+Subject: [PATCH] usb: core: Fix USB 3.0 devices lost in NOTATTACHED state
+ after a hub port reset
+Git-Commit:fb6d1f7df5d25299fd7b3e84b72b8851d3634764
+Patch-Mainline: v4.2
+References: bnc#851610
+
+Fix USB 3.0 devices lost in NOTATTACHED state after a hub port reset.
+
+Dissolve the function hub_port_finish_reset() completely and divide the
+actions to be taken into those which need to be done after each reset
+attempt and those which need to be done after the full procedure is
+complete, and place them in the appropriate places in hub_port_reset().
+Also, remove an unneeded forward declaration of hub_port_reset().
+
+Verbose Problem Description:
+
+USB 3.0 devices may be "lost for good" during a hub port reset.
+This makes Linux unable to boot from USB 3.0 devices in certain
+constellations of host controllers and devices, because the USB device is
+lost during initialization, preventing the rootfs from being mounted.
+
+The underlying problem is that in the affected constellations, during the
+processing inside hub_port_reset(), the hub link state goes from 0 to
+SS.inactive after the initial reset, and back to 0 again only after the
+following "warm" reset.
+
+However, hub_port_finish_reset() is called after each reset attempt and
+sets the state the connected USB device based on the "preliminary" status
+of the hot reset to USB_STATE_NOTATTACHED due to SS.inactive, yet when
+the following warm reset is complete and hub_port_finish_reset() is
+called again, its call to set the device to USB_STATE_DEFAULT is blocked
+by usb_set_device_state() which does not allow taking USB devices out of
+USB_STATE_NOTATTACHED state.
+
+Thanks to Alan Stern for guiding me to the proper solution and how to
+submit it.
+
+Link: http://lkml.kernel.org/r/trinity-25981484-72a9-4d46-bf17-9c1cf9301a31-143207...
+Signed-off-by: Robert Schlabbach
+Cc: stable
+Acked-by: Alan Stern
+Signed-off-by: Greg Kroah-Hartman
+Signed-off-by: Oliver Neukum
+---
+ drivers/usb/core/hub.c | 79 +++++++++++++++++++++-----------------------------
+ 1 file changed, 33 insertions(+), 46 deletions(-)
+
+diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
+index 735ac4c..b11215d 100644
+--- a/drivers/usb/core/hub.c
++++ b/drivers/usb/core/hub.c
+@@ -2593,44 +2593,6 @@ static int hub_port_wait_reset(struct usb_hub *hub, int port1,
+ return 0;
+ }
+
+-static void hub_port_finish_reset(struct usb_hub *hub, int port1,
+- struct usb_device *udev, int *status)
+-{
+- switch (*status) {
+- case 0:
+- /* TRSTRCY = 10 ms; plus some extra */
+- msleep(10 + 40);
+- if (udev) {
+- struct usb_hcd *hcd = bus_to_hcd(udev->bus);
+-
+- update_devnum(udev, 0);
+- /* The xHC may think the device is already reset,
+- * so ignore the status.
+- */
+- if (hcd->driver->reset_device)
+- hcd->driver->reset_device(hcd, udev);
+- }
+- /* FALL THROUGH */
+- case -ENOTCONN:
+- case -ENODEV:
+- usb_clear_port_feature(hub->hdev,
+- port1, USB_PORT_FEAT_C_RESET);
+- if (hub_is_superspeed(hub->hdev)) {
+- usb_clear_port_feature(hub->hdev, port1,
+- USB_PORT_FEAT_C_BH_PORT_RESET);
+- usb_clear_port_feature(hub->hdev, port1,
+- USB_PORT_FEAT_C_PORT_LINK_STATE);
+- usb_clear_port_feature(hub->hdev, port1,
+- USB_PORT_FEAT_C_CONNECTION);
+- }
+- if (udev)
+- usb_set_device_state(udev, *status
+- ? USB_STATE_NOTATTACHED
+- : USB_STATE_DEFAULT);
+- break;
+- }
+-}
+-
+ /* Handle port reset and port warm(BH) reset (for USB3 protocol ports) */
+ static int hub_port_reset(struct usb_hub *hub, int port1,
+ struct usb_device *udev, unsigned int delay, bool warm)
+@@ -2653,13 +2615,10 @@ static int hub_port_reset(struct usb_hub *hub, int port1,
+ * If the caller hasn't explicitly requested a warm reset,
+ * double check and see if one is needed.
+ */
+- status = hub_port_status(hub, port1,
+- &portstatus, &portchange);
+- if (status < 0)
+- goto done;
+-
+- if (hub_port_warm_reset_required(hub, portstatus))
+- warm = true;
++ if (hub_port_status(hub, port1, &portstatus, &portchange) == 0)
++ if (hub_port_warm_reset_required(hub,
++ portstatus))
++ warm = true;
+ }
+
+ /* Reset the port */
+@@ -2684,11 +2643,19 @@ static int hub_port_reset(struct usb_hub *hub, int port1,
+
+ /* Check for disconnect or reset */
+ if (status == 0 || status == -ENOTCONN || status == -ENODEV) {
+- hub_port_finish_reset(hub, port1, udev, &status);
++ usb_clear_port_feature(hub->hdev, port1,
++ USB_PORT_FEAT_C_RESET);
+
+ if (!hub_is_superspeed(hub->hdev))
+ goto done;
+
++ usb_clear_port_feature(hub->hdev, port1,
++ USB_PORT_FEAT_C_BH_PORT_RESET);
++ usb_clear_port_feature(hub->hdev, port1,
++ USB_PORT_FEAT_C_PORT_LINK_STATE);
++ usb_clear_port_feature(hub->hdev, port1,
++ USB_PORT_FEAT_C_CONNECTION);
++
+ /*
+ * If a USB 3.0 device migrates from reset to an error
+ * state, re-issue the warm reset.
+@@ -2722,6 +2689,26 @@ static int hub_port_reset(struct usb_hub *hub, int port1,
+ port1);
+
+ done:
++ if (status == 0) {
++ /* TRSTRCY = 10 ms; plus some extra */
++ msleep(10 + 40);
++ if (udev) {
++ struct usb_hcd *hcd = bus_to_hcd(udev->bus);
++
++ update_devnum(udev, 0);
++ /* The xHC may think the device is already reset,
++ * so ignore the status.
++ */
++ if (hcd->driver->reset_device)
++ hcd->driver->reset_device(hcd, udev);
++
++ usb_set_device_state(udev, USB_STATE_DEFAULT);
++ }
++ } else {
++ if (udev)
++ usb_set_device_state(udev, USB_STATE_NOTATTACHED);
++ }
++
+ if (!hub_is_superspeed(hub->hdev))
+ up_read(&ehci_cf_port_reset_rwsem);
+
+--
+2.1.4
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.drivers/0001-usbvision-fix-overflow-of-interfaces-array.patch new/patches.drivers/0001-usbvision-fix-overflow-of-interfaces-array.patch
--- old/patches.drivers/0001-usbvision-fix-overflow-of-interfaces-array.patch 1970-01-01 01:00:00.000000000 +0100
+++ new/patches.drivers/0001-usbvision-fix-overflow-of-interfaces-array.patch 2015-11-13 16:19:52.000000000 +0100
@@ -0,0 +1,39 @@
+From e607bcb095b86010019d314f738ea491f10818d4 Mon Sep 17 00:00:00 2001
+From: Oliver Neukum
+Date: Tue, 27 Oct 2015 12:42:38 +0100
+Subject: [PATCH] usbvision fix overflow of interfaces array
+Git-Commit: e607bcb095b86010019d314f738ea491f10818d4
+Patch-Mainline: Queued in subsystem maintainer repository
+Git-Repo: git://linuxtv.org/media_tree.git
+References: bnc#950998
+
+This fixes the crash reported in:
+http://seclists.org/bugtraq/2015/Oct/35
+The interface number needs a sanity check.
+
+Signed-off-by: Oliver Neukum
+---
+ drivers/media/usb/usbvision/usbvision-video.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/drivers/media/usb/usbvision/usbvision-video.c b/drivers/media/usb/usbvision/usbvision-video.c
+index b693206..ad33d99 100644
+--- a/drivers/media/usb/usbvision/usbvision-video.c
++++ b/drivers/media/usb/usbvision/usbvision-video.c
+@@ -1461,6 +1461,13 @@ static int usbvision_probe(struct usb_interface *intf,
+ printk(KERN_INFO "%s: %s found\n", __func__,
+ usbvision_device_data[model].model_string);
+
++ /*
++ * this is a security check.
++ * an exploit using an incorrect bInterfaceNumber is known
++ */
++ if (ifnum >= USB_MAXINTERFACES || !dev->actconfig->interface[ifnum])
++ return -ENODEV;
++
+ if (usbvision_device_data[model].interface >= 0)
+ interface = &dev->actconfig->interface[usbvision_device_data[model].interface]->altsetting[0];
+ else
+--
+2.1.4
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.drivers/0001-xhci-Add-spurious-wakeup-quirk-for-LynxPoint-LP-cont.patch new/patches.drivers/0001-xhci-Add-spurious-wakeup-quirk-for-LynxPoint-LP-cont.patch
--- old/patches.drivers/0001-xhci-Add-spurious-wakeup-quirk-for-LynxPoint-LP-cont.patch 1970-01-01 01:00:00.000000000 +0100
+++ new/patches.drivers/0001-xhci-Add-spurious-wakeup-quirk-for-LynxPoint-LP-cont.patch 2015-11-13 16:19:52.000000000 +0100
@@ -0,0 +1,65 @@
+From 7e556197dda8ea79db9b11d4bc9ad9fdcf4f5611 Mon Sep 17 00:00:00 2001
+From: Laura Abbott
+Date: Mon, 12 Oct 2015 11:30:13 +0300
+Subject: [PATCH] xhci: Add spurious wakeup quirk for LynxPoint-LP controllers
+Git-Commit: fd7cd061adcf5f7503515ba52b6a724642a839c8
+Patch-Mainline: v4.3.0
+References: bnc#951194
+
+We received several reports of systems rebooting and powering on
+after an attempted shutdown. Testing showed that setting
+XHCI_SPURIOUS_WAKEUP quirk in addition to the XHCI_SPURIOUS_REBOOT
+quirk allowed the system to shutdown as expected for LynxPoint-LP
+xHCI controllers. Set the quirk back.
+
+Note that the quirk was originally introduced for LynxPoint and
+LynxPoint-LP just for this same reason. See:
+
+commit 638298dc66ea ("xhci: Fix spurious wakeups after S5 on Haswell")
+
+It was later limited to only concern HP machines as it caused
+regression on some machines, see both bug and commit:
+
+Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=66171
+commit 6962d914f317 ("xhci: Limit the spurious wakeup fix only to HP machines")
+
+Later it was discovered that the powering on after shutdown
+was limited to LynxPoint-LP (Haswell-ULT) and that some non-LP HP
+machine suffered from spontaneous resume from S3 (which should
+not be related to the SPURIOUS_WAKEUP quirk at all). An attempt
+to fix this then removed the SPURIOUS_WAKEUP flag usage completely.
+
+commit b45abacde3d5 ("xhci: no switching back on non-ULT Haswell")
+
+Current understanding is that LynxPoint-LP (Haswell ULT) machines
+need the SPURIOUS_WAKEUP quirk, otherwise they will restart, and
+plain Lynxpoint (Haswell) machines may _not_ have the quirk
+set otherwise they again will restart.
+
+Signed-off-by: Laura Abbott
+Cc: Takashi Iwai
+Cc: Oliver Neukum
+[Added more history to commit message -Mathias]
+Cc: stable
+Signed-off-by: Mathias Nyman
+Signed-off-by: Greg Kroah-Hartman
+Signed-off-by: Oliver Neukum
+---
+ drivers/usb/host/xhci-pci.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c
+index 77ef8e5..ba03c8c 100644
+--- a/drivers/usb/host/xhci-pci.c
++++ b/drivers/usb/host/xhci-pci.c
+@@ -127,6 +127,7 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci)
+ if (pdev->vendor == PCI_VENDOR_ID_INTEL &&
+ pdev->device == PCI_DEVICE_ID_INTEL_LYNXPOINT_LP_XHCI) {
+ xhci->quirks |= XHCI_SPURIOUS_REBOOT;
++ xhci->quirks |= XHCI_SPURIOUS_WAKEUP;
+ }
+ if (pdev->vendor == PCI_VENDOR_ID_ETRON &&
+ pdev->device == PCI_DEVICE_ID_ASROCK_P67) {
+--
+2.1.4
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.drivers/ALSA-hda-Disable-64bit-address-for-Creative-HDA-cont new/patches.drivers/ALSA-hda-Disable-64bit-address-for-Creative-HDA-cont
--- old/patches.drivers/ALSA-hda-Disable-64bit-address-for-Creative-HDA-cont 1970-01-01 01:00:00.000000000 +0100
+++ new/patches.drivers/ALSA-hda-Disable-64bit-address-for-Creative-HDA-cont 2015-11-13 16:19:52.000000000 +0100
@@ -0,0 +1,57 @@
+From cadd16ea33a938d49aee99edd4758cc76048b399 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai
+Date: Tue, 27 Oct 2015 14:21:51 +0100
+Subject: [PATCH] ALSA: hda - Disable 64bit address for Creative HDA controllers
+Git-commit: cadd16ea33a938d49aee99edd4758cc76048b399
+Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git
+Patch-mainline: Queued in subsystem maintainer repository
+References: bnc#814440
+
+We've had many reports that some Creative sound cards with CA0132
+don't work well. Some reported that it starts working after reloading
+the module, while some reported it starts working when a 32bit kernel
+is used. All these facts seem implying that the chip fails to
+communicate when the buffer is located in 64bit address.
+
+This patch addresses these issues by just adding AZX_DCAPS_NO_64BIT
+flag to the corresponding PCI entries. I casually had a chance to
+test an SB Recon3D board, and indeed this seems helping.
+
+Although this hasn't been tested on all Creative devices, it's safer
+to assume that this restriction applies to the rest of them, too. So
+the flag is applied to all Creative entries.
+
+Cc:
+Signed-off-by: Takashi Iwai
+
+---
+ sound/pci/hda/hda_intel.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/sound/pci/hda/hda_intel.c
++++ b/sound/pci/hda/hda_intel.c
+@@ -624,7 +624,9 @@ enum {
+ AZX_DCAPS_ALIGN_BUFSIZE | AZX_DCAPS_NO_64BIT)
+
+ #define AZX_DCAPS_PRESET_CTHDA \
+- (AZX_DCAPS_NO_MSI | AZX_DCAPS_POSFIX_LPIB | AZX_DCAPS_4K_BDLE_BOUNDARY)
++ (AZX_DCAPS_NO_MSI | AZX_DCAPS_POSFIX_LPIB |\
++ AZX_DCAPS_NO_64BIT |\
++ AZX_DCAPS_4K_BDLE_BOUNDARY)
+
+ /*
+ * VGA-switcher support
+@@ -4080,11 +4082,13 @@ static DEFINE_PCI_DEVICE_TABLE(azx_ids)
+ .class = PCI_CLASS_MULTIMEDIA_HD_AUDIO << 8,
+ .class_mask = 0xffffff,
+ .driver_data = AZX_DRIVER_CTX | AZX_DCAPS_CTX_WORKAROUND |
++ AZX_DCAPS_NO_64BIT |
+ AZX_DCAPS_RIRB_PRE_DELAY | AZX_DCAPS_POSFIX_LPIB },
+ #else
+ /* this entry seems still valid -- i.e. without emu20kx chip */
+ { PCI_DEVICE(0x1102, 0x0009),
+ .driver_data = AZX_DRIVER_CTX | AZX_DCAPS_CTX_WORKAROUND |
++ AZX_DCAPS_NO_64BIT |
+ AZX_DCAPS_RIRB_PRE_DELAY | AZX_DCAPS_POSFIX_LPIB },
+ #endif
+ /* Vortex86MX */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.drivers/ALSA-hda-Fix-regression-of-HD-audio-controller-fallb new/patches.drivers/ALSA-hda-Fix-regression-of-HD-audio-controller-fallb
--- old/patches.drivers/ALSA-hda-Fix-regression-of-HD-audio-controller-fallb 1970-01-01 01:00:00.000000000 +0100
+++ new/patches.drivers/ALSA-hda-Fix-regression-of-HD-audio-controller-fallb 2015-11-13 16:19:52.000000000 +0100
@@ -0,0 +1,49 @@
+From a1f3f1ca66bd12c339b17a0c2ef93a093f90a277 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai
+Date: Sun, 8 Mar 2015 18:29:50 +0100
+Subject: [PATCH] ALSA: hda - Fix regression of HD-audio controller fallback modes
+Git-commit: a1f3f1ca66bd12c339b17a0c2ef93a093f90a277
+Patch-mainline: to be in 4.0-rc4
+References: bsc#921313
+
+The commit [63e51fd708f5: ALSA: hda - Don't take unresponsive D3
+transition too serious] introduced a conditional fallback behavior to
+the HD-audio controller depending on the flag set. However, it
+introduced a silly bug, too, that the flag was evaluated in a reverse
+way. This resulted in a regression of HD-audio controller driver
+where it can't go to the fallback mode at communication errors.
+
+Unfortunately (or fortunately?) this didn't come up until recently
+because the affected code path is an error handling that happens only
+on an unstable hardware chip. Most of recent chips work stably, thus
+they didn't hit this problem. Now, we've got a regression report with
+a VIA chip, and this seems indeed requiring the fallback to the
+polling mode, and finally the bug was revealed.
+
+The fix is a oneliner to remove the wrong logical NOT in the check.
+(Lesson learned - be careful about double negation.)
+
+The bug should be backported to stable, but the patch won't be
+applicable to 3.13 or earlier because of the code splits. The stable
+fix patches for earlier kernels will be posted later manually.
+
+Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=94021
+Fixes: 63e51fd708f5 ('ALSA: hda - Don't take unresponsive D3 transition too serious')
+Cc: # v3.14+
+Signed-off-by: Takashi Iwai
+
+---
+ sound/pci/hda/hda_intel.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/sound/pci/hda/hda_intel.c
++++ b/sound/pci/hda/hda_intel.c
+@@ -948,7 +948,7 @@ static unsigned int azx_rirb_get_respons
+ }
+ }
+
+- if (!bus->no_response_fallback)
++ if (bus->no_response_fallback)
+ return -1;
+
+ if (!chip->polling_mode && chip->poll_count < 2) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.drivers/bnx2x-Fix-kdump-when-iommu-on.patch new/patches.drivers/bnx2x-Fix-kdump-when-iommu-on.patch
--- old/patches.drivers/bnx2x-Fix-kdump-when-iommu-on.patch 1970-01-01 01:00:00.000000000 +0100
+++ new/patches.drivers/bnx2x-Fix-kdump-when-iommu-on.patch 2015-11-13 16:19:52.000000000 +0100
@@ -0,0 +1,94 @@
+From: Yuval Mintz
+Date: Wed, 1 Apr 2015 10:02:20 +0300
+Subject: bnx2x: Fix kdump when iommu=on
+Patch-mainline: v4.0-rc7
+Git-commit: da254fbc6357a66a127e4e4e234b4f9c555d5ed1
+References: bug#921769
+
+When IOMM-vtd is active, once main kernel crashes unfinished DMAE transactions
+will be blocked, putting the HW in an error state which will cause further
+transactions to timeout.
+
+Current employed logic uses wrong macros, causing the first function to be the
+only function that cleanups that error state during its probe/load.
+
+This patch allows all the functions to successfully re-load in kdump kernel.
+
+Signed-off-by: Yuval Mintz
+Signed-off-by: Ariel Elior
+Signed-off-by: David S. Miller
+Acked-by: Ya Dan Fan
+Acked-by: Benjamin Poirier
+---
+ drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 39 +++++++++--------------
+ 1 file changed, 16 insertions(+), 23 deletions(-)
+
+--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
+@@ -7523,6 +7523,20 @@ int bnx2x_init_hw_func_cnic(struct bnx2x
+ return 0;
+ }
+
++/* previous driver DMAE transaction may have occurred when pre-boot stage ended
++ * and boot began, or when kdump kernel was loaded. Either case would invalidate
++ * the addresses of the transaction, resulting in was-error bit set in the pci
++ * causing all hw-to-host pcie transactions to timeout. If this happened we want
++ * to clear the interrupt which detected this from the pglueb and the was done
++ * bit
++ */
++static void bnx2x_clean_pglue_errors(struct bnx2x *bp)
++{
++ if (!CHIP_IS_E1x(bp))
++ REG_WR(bp, PGLUE_B_REG_WAS_ERROR_PF_7_0_CLR,
++ 1 << BP_ABS_FUNC(bp));
++}
++
+ static int bnx2x_init_hw_func(struct bnx2x *bp)
+ {
+ int port = BP_PORT(bp);
+@@ -7615,8 +7629,7 @@ static int bnx2x_init_hw_func(struct bnx
+
+ bnx2x_init_block(bp, BLOCK_PGLUE_B, init_phase);
+
+- if (!CHIP_IS_E1x(bp))
+- REG_WR(bp, PGLUE_B_REG_WAS_ERROR_PF_7_0_CLR, func);
++ bnx2x_clean_pglue_errors(bp);
+
+ bnx2x_init_block(bp, BLOCK_ATC, init_phase);
+ bnx2x_init_block(bp, BLOCK_DMAE, init_phase);
+@@ -10135,26 +10148,6 @@ static int bnx2x_prev_unload_common(stru
+ return bnx2x_prev_mcp_done(bp);
+ }
+
+-/* previous driver DMAE transaction may have occurred when pre-boot stage ended
+- * and boot began, or when kdump kernel was loaded. Either case would invalidate
+- * the addresses of the transaction, resulting in was-error bit set in the pci
+- * causing all hw-to-host pcie transactions to timeout. If this happened we want
+- * to clear the interrupt which detected this from the pglueb and the was done
+- * bit
+- */
+-static void bnx2x_prev_interrupted_dmae(struct bnx2x *bp)
+-{
+- if (!CHIP_IS_E1x(bp)) {
+- u32 val = REG_RD(bp, PGLUE_B_REG_PGLUE_B_INT_STS);
+- if (val & PGLUE_B_PGLUE_B_INT_STS_REG_WAS_ERROR_ATTN) {
+- DP(BNX2X_MSG_SP,
+- "'was error' bit was found to be set in pglueb upon startup. Clearing\n");
+- REG_WR(bp, PGLUE_B_REG_WAS_ERROR_PF_7_0_CLR,
+- 1 << BP_FUNC(bp));
+- }
+- }
+-}
+-
+ static int bnx2x_prev_unload(struct bnx2x *bp)
+ {
+ int time_counter = 10;
+@@ -10164,7 +10157,7 @@ static int bnx2x_prev_unload(struct bnx2
+ /* clear hw from errors which may have resulted from an interrupted
+ * dmae transaction.
+ */
+- bnx2x_prev_interrupted_dmae(bp);
++ bnx2x_clean_pglue_errors(bp);
+
+ /* Release previously held locks */
+ hw_lock_reg = (BP_FUNC(bp) <= 5) ?
++++++ patches.fixes.tar.bz2 ++++++
++++ 6327 lines of diff (skipped)
++++++ patches.kabi.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.kabi/1268-x86-dma-required-mask.patch new/patches.kabi/1268-x86-dma-required-mask.patch
--- old/patches.kabi/1268-x86-dma-required-mask.patch 1970-01-01 01:00:00.000000000 +0100
+++ new/patches.kabi/1268-x86-dma-required-mask.patch 2015-03-17 09:46:32.000000000 +0100
@@ -0,0 +1,28 @@
+From: jbeulich@suse.com
+Subject: fix kABI after "x86: use custom dma_get_required_mask()"
+Patch-mainline: n/a
+
+--- 13.1.orig/arch/x86/kernel/pci-dma-xen.c 2013-02-06 15:28:03.000000000 +0100
++++ 13.1/arch/x86/kernel/pci-dma-xen.c 2014-12-09 08:53:42.000000000 +0100
+@@ -268,7 +268,9 @@ u64 dma_get_required_mask(struct device
+
+ return DMA_BIT_MASK(__fls(max_mfn - 1) + 1 + PAGE_SHIFT);
+ }
++#ifndef __GENKSYMS__
+ EXPORT_SYMBOL_GPL(dma_get_required_mask);
++#endif
+
+ static int check_pages_physically_contiguous(unsigned long pfn,
+ unsigned int offset,
+--- 13.1.orig/drivers/base/platform.c 2013-09-02 22:46:10.000000000 +0200
++++ 13.1/drivers/base/platform.c 2014-12-09 08:55:47.000000000 +0100
+@@ -934,6 +934,9 @@ u64 dma_get_required_mask(struct device
+ }
+ return mask;
+ }
++#endif
++#if !defined(ARCH_HAS_DMA_GET_REQUIRED_MASK) || \
++ (defined(__GENKSYMS__) && defined(CONFIG_X86) && defined(CONFIG_XEN))
+ EXPORT_SYMBOL_GPL(dma_get_required_mask);
+ #endif
+
++++++ patches.suse.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/0001-KEYS-Fix-race-between-read-and-revoke.patch new/patches.suse/0001-KEYS-Fix-race-between-read-and-revoke.patch
--- old/patches.suse/0001-KEYS-Fix-race-between-read-and-revoke.patch 1970-01-01 01:00:00.000000000 +0100
+++ new/patches.suse/0001-KEYS-Fix-race-between-read-and-revoke.patch 2016-01-20 13:39:07.000000000 +0100
@@ -0,0 +1,115 @@
+From b4a1b4f5047e4f54e194681125c74c0aa64d637d Mon Sep 17 00:00:00 2001
+From: David Howells
+Date: Fri, 18 Dec 2015 01:34:26 +0000
+Subject: [PATCH] KEYS: Fix race between read and revoke
+
+Git-commit: b4a1b4f5047e4f54e194681125c74c0aa64d637d
+Patch-mainline: v4.4-rc8
+References: bnc#958951, CVE-2015-7550
+
+This fixes CVE-2015-7550.
+
+There's a race between keyctl_read() and keyctl_revoke(). If the revoke
+happens between keyctl_read() checking the validity of a key and the key's
+semaphore being taken, then the key type read method will see a revoked key.
+
+This causes a problem for the user-defined key type because it assumes in
+its read method that there will always be a payload in a non-revoked key
+and doesn't check for a NULL pointer.
+
+Fix this by making keyctl_read() check the validity of a key after taking
+semaphore instead of before.
+
+I think the bug was introduced with the original keyrings code.
+
+This was discovered by a multithreaded test program generated by syzkaller
+(http://github.com/google/syzkaller). Here's a cleaned up version:
+
+ #include
+ #include
+ #include
+ void *thr0(void *arg)
+ {
+ key_serial_t key = (unsigned long)arg;
+ keyctl_revoke(key);
+ return 0;
+ }
+ void *thr1(void *arg)
+ {
+ key_serial_t key = (unsigned long)arg;
+ char buffer[16];
+ keyctl_read(key, buffer, 16);
+ return 0;
+ }
+ int main()
+ {
+ key_serial_t key = add_key("user", "%", "foo", 3, KEY_SPEC_USER_KEYRING);
+ pthread_t th[5];
+ pthread_create(&th[0], 0, thr0, (void *)(unsigned long)key);
+ pthread_create(&th[1], 0, thr1, (void *)(unsigned long)key);
+ pthread_create(&th[2], 0, thr0, (void *)(unsigned long)key);
+ pthread_create(&th[3], 0, thr1, (void *)(unsigned long)key);
+ pthread_join(th[0], 0);
+ pthread_join(th[1], 0);
+ pthread_join(th[2], 0);
+ pthread_join(th[3], 0);
+ return 0;
+ }
+
+Build as:
+
+ cc -o keyctl-race keyctl-race.c -lkeyutils -lpthread
+
+Run as:
+
+ while keyctl-race; do :; done
+
+as it may need several iterations to crash the kernel. The crash can be
+summarised as:
+
+ BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
+ IP: [<ffffffff81279b08>] user_read+0x56/0xa3
+ ...
+ Call Trace:
+ [<ffffffff81276aa9>] keyctl_read_key+0xb6/0xd7
+ [<ffffffff81277815>] SyS_keyctl+0x83/0xe0
+ [<ffffffff815dbb97>] entry_SYSCALL_64_fastpath+0x12/0x6f
+
+Reported-by: Dmitry Vyukov
+Signed-off-by: David Howells
+Tested-by: Dmitry Vyukov
+Cc: stable@vger.kernel.org
+Signed-off-by: James Morris
+Acked-by: Lee, Chun-Yi
+---
+ security/keys/keyctl.c | 18 +++++++++---------
+ 1 file changed, 9 insertions(+), 9 deletions(-)
+
+--- a/security/keys/keyctl.c
++++ b/security/keys/keyctl.c
+@@ -744,16 +744,16 @@ long keyctl_read_key(key_serial_t keyid,
+
+ /* the key is probably readable - now try to read it */
+ can_read_key:
+- ret = key_validate(key);
+- if (ret == 0) {
+- ret = -EOPNOTSUPP;
+- if (key->type->read) {
+- /* read the data with the semaphore held (since we
+- * might sleep) */
+- down_read(&key->sem);
++ ret = -EOPNOTSUPP;
++ if (key->type->read) {
++ /* Read the data with the semaphore held (since we might sleep)
++ * to protect against the key being updated or revoked.
++ */
++ down_read(&key->sem);
++ ret = key_validate(key);
++ if (ret == 0)
+ ret = key->type->read(key, buffer, buflen);
+- up_read(&key->sem);
+- }
++ up_read(&key->sem);
+ }
+
+ error2:
++++++ patches.xen.tar.bz2 ++++++
++++ 25897 lines of diff (skipped)
++++++ series.conf ++++++
--- /var/tmp/diff_new_pack.iQszg5/_old 2016-02-08 15:39:15.000000000 +0100
+++ /var/tmp/diff_new_pack.iQszg5/_new 2016-02-08 15:39:15.000000000 +0100
@@ -76,6 +76,7 @@
patches.suse/kconfig-automate-kernel-desktop
patches.fixes/0001-DocBook-Make-mandocs-parallel-safe.patch
patches.fixes/0001-DocBook-Do-not-exceed-argument-list-limit.patch
+ patches.fixes/0001-genksyms-Handle-string-literals-with-spaces-in-refer.patch
########################################################
# Simple export additions/removals
@@ -133,6 +134,12 @@
# bsc#911326, CVE-2014-9419
patches.arch/x86_64-switch_to-load-tls-descriptors-before-switching-ds-and-es.patch
+ # bsc#922944, CVE-2015-2666
+ patches.arch/x86-microcode-intel-guard-against-stack-overflow-in-the-loader.patch
+
+ # bsc#926240, CVE-2015-2830
+ patches.arch/x86-asm-entry-64-remove-a-bogus-ret_from_fork-optimization.patch
+
########################################################
# x86 MCE/MCA (Machine Check Error/Architecture) extensions
########################################################
@@ -199,6 +206,7 @@
+needs_update patches.arch/arm-xen-0006-xen-arm-disable-cpuidle-when-linux-is-running-as-dom.patch
+needs_update patches.arch/arm-xen-0007-arm-choose-debug-uncompress.h-include-when-uncompres.patch
+needs_update patches.arch/arm-xen-0008-xen-arm-enable-PV-control-for-ARM.patch
+ patches.arch/arm64-mm-Remove-hack-in-mmap-randomize-layout.patch
########################################################
# S/390
@@ -257,6 +265,11 @@
patches.fixes/splice-add-generic_write_checks.patch
patches.fixes/mm-Fix-NULL-pointer-dereference-in-madvise-MADV_WILL.patch
+ patches.fixes/fs-take-i_mutex-during-prepare_binprm-for-set-ug-id.patch
+ patches.fixes/vfs-read-file_handle-only-once-in-handle_to_path.patch
+
+ patches.fixes/0001-vfs-Test-for-and-handle-paths-that-are-unreachable-f.patch
+
########################################################
# IPC patches
########################################################
@@ -322,10 +335,34 @@
patches.fixes/ip6tnl-fix-double-free-of-fb_tnl_dev-on-exit
patches.fixes/ipv6-don-t-set-dst_nocount-for-remotely-added-routes.patch
patches.fixes/net-fix-for-a-race-condition-in-the-inet-frag-code.patch
+ patches.fixes/net-llc-use-correct-size-for-sysctl-timeout-entries.patch
+ patches.fixes/ipv4-missing-sk_nulls_node_init-in-ping_unhash.patch
+ patches.fixes/ipv6-don-t-reduce-hop-limit-for-an-interface.patch
+ patches.fixes/hyperv-Add-processing-of-MTU-reduced-by-the-host.patch
+ patches.fixes/udp-fix-behavior-of-wrong-checksums.patch
# bsc##853040
patches.fixes/ipv6-fix-leaking-uninitialized-port-number-of-offender-sockaddr.patch
+ patches.fixes/ipv6-replacing-a-rt6_info-needs-to-purge-possible-pr.patch
+ patches.fixes/ipv6-do-not-delete-previously-existing-ECMP-routes-i.patch
+ patches.fixes/ipv6-fix-ECMP-route-replacement.patch
+ patches.fixes/sctp-fix-ASCONF-list-handling.patch
+
+ patches.fixes/x86-bpf_jit-fix-compilation-of-large-bpf-programs
+ patches.fixes/net-Fix-ip-rule-delete-table-256.patch
+ patches.fixes/ipv6-addrconf-validate-new-MTU-before-applying-it.patch
+ patches.fixes/rds-verify-the-underlying-transport-exists-before-cr.patch
+ patches.fixes/rds-fix-race-condition-when-sending-a-message.patch
+ patches.fixes/isdn_ppp-add-checks-for-allocation-failure-in-isdn_p.patch
+ patches.fixes/ppp-slip-validate-vj-compression-slot-parameters-com.patch
+ patches.fixes/ipv6-fix-tunnel-error-handling.patch
+ patches.fixes/net-add-validation-for-the-socket-syscall-protocol-a.patch
+ patches.fixes/ipv4-Don-t-increase-PMTU-with-Datagram-Too-Big-messa.patch
+ patches.fixes/route-Use-ipv4_mtu-instead-of-raw-rt_pmtu.patch
+ patches.fixes/ipv6-distinguish-frag-queues-by-device-for-multicast.patch
+ patches.fixes/sctp-Prevent-soft-lockup-when-sctp_accept-is-called-.patch
+
########################################################
# NFS
########################################################
@@ -348,8 +385,9 @@
########################################################
# cifs patches
########################################################
-
patches.fixes/cifs-ensure-that-uncached-writes-handle-unmapped-are.patch
+ patches.fixes/cifs-fix-use-after-free-bug-in-find_writable_file.patch
+ patches.fixes/cifs-client-should-ignore-non-zero-challengelenght.patch
########################################################
# ext2/ext3
@@ -472,6 +510,11 @@
patches.fixes/udf-Verify-symlink-size-before-loading-it.patch
patches.fixes/udf-Check-path-length-when-reading-symlink.patch
patches.fixes/udf-Check-component-length-before-reading-it.patch
+ patches.fixes/udf-Remove-repeated-loads-blocksize.patch
+ patches.fixes/udf-Check-length-of-extended-attributes-and-allocati.patch
+
+ # bsc#918333, CVE-2014-9683
+ patches.fixes/ecryptfs-remove-buggy-and-unnecessary-write-in-file-name-decode-routine.patch
########################################################
# Overlayfs
@@ -537,6 +580,7 @@
patches.fixes/storvsc-ring-buffer-failures-may-result-in-I-O-freez
+ patches.fixes/sg_start_req-make-sure-that-there-s-not-too-many-elements-in-iovec.patch
########################################################
# DRM/Video
########################################################
@@ -585,12 +629,28 @@
patches.fixes/net-sctp-fix-skb_over_panic-when-receiving-malformed.patch
patches.fixes/net-sctp-fix-panic-on-duplicate-ASCONF-chunks.patch
patches.fixes/net-sctp-fix-remote-memory-pressure-from-excessive-q.patch
+ patches.fixes/net-sctp-fix-slab-corruption-from-use-after-free-on-INIT.patch
patches.fixes/netlink-Rename-netlink_capable-netlink_allowed.patch
patches.fixes/net-Move-the-permission-check-in-sock_diag_put_filte.patch
patches.fixes/net-Add-variants-of-capable-for-use-on-on-sockets.patch
patches.fixes/net-Add-variants-of-capable-for-use-on-netlink-messa.patch
patches.fixes/net-Use-netlink_ns_capable-to-verify-the-permisions-.patch
patches.fixes/netlink-Only-check-file-credentials-for-implicit-des.patch
+ patches.fixes/tuntap-limit-head-length-of-skb-allocated
+ patches.fixes/macvtap-limit-head-length-of-skb-allocated
+ patches.fixes/net-rds-use-correct-size-for-max-unacked-packets-and.patch
+ patches.fixes/ipv4-try-to-cache-dst_entries-which-would-cause-a-re.patch
+ patches.fixes/netfilter-nf_conntrack-reserve-two-bytes-for-nf_ct_ext-len.patch
+ patches.drivers/bnx2x-Fix-kdump-when-iommu-on.patch
+
+ # bsc#931988, CVE-2015-4036
+ patches.fixes/vhost-scsi-potential-memory-corruption.patch
+
+ # bsc#959399, CVE-2015-8575
+ patches.fixes/bluetooth-validate-socket-address-length-in-sco_sock_bind.patch
+
+ # bsc#959190, CVE-2015-8569
+ patches.fixes/pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_connect.patch
########################################################
# Wireless Networking
@@ -599,6 +659,7 @@
patches.drivers/ath9k_htc-properly-set-MAC-address-and-BSSID-mask
patches.fixes/ath9k-protect-tid-sched-check.patch
patches.fixes/via-velocity-fix-netif_receive_skb-use-in-irq-disabl
+ patches.fixes/rtlwifi-rtl8192cu-Fix-kernel-deadlock
########################################################
# ISDN
@@ -638,6 +699,10 @@
patches.drivers/0003-usb-pci-quirks-Prevent-Sony-VAIO-t-series-from-switc.patch
patches.drivers/0001-ttusb-dec-buffer-overflow-in-ioctl.patch
+ patches.drivers/0001-usb-core-Fix-USB-3.0-devices-lost-in-NOTATTACHED-sta.patch
+ patches.drivers/0001-xhci-Add-spurious-wakeup-quirk-for-LynxPoint-LP-cont.patch
+ patches.drivers/0001-usbvision-fix-overflow-of-interfaces-array.patch
+
########################################################
# I2C
########################################################
@@ -673,6 +738,8 @@
patches.drivers/ALSA-hda-Fix-onboard-audio-on-Intel-H97-Z97-chipsets
patches.drivers/drm-i915-HD-audio-Don-t-continue-probing-when-nomode
patches.drivers/ALSA-hda-Fix-broken-PM-due-to-incomplete-i915-initia
+ patches.drivers/ALSA-hda-Fix-regression-of-HD-audio-controller-fallb
+ patches.drivers/ALSA-hda-Disable-64bit-address-for-Creative-HDA-cont
patches.drivers/alsa-0001-control-Protect-user-controls-against-concurren
patches.drivers/alsa-0002-control-Fix-replacing-user-controls
@@ -839,6 +906,33 @@
# bsc#917839, CVE-2015-1593
patches.fixes/x86-mm-aslr-fix-stack-randomization-on-64-bit-systems.patch
+ # bsc#937032 - VUL-0: kernel: AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5%
+ patches.fixes/x86-mm-improve-amd-bulldozer-aslr-workaround
+ patches.fixes/sctp-fix-race-on-protocol-netns-initialization.patch
+ patches.fixes/core-nfqueue-openvswitch-orphan-frags-in-skb_zerocop.patch
+
+ patches.fixes/keys-fix-race-between-key-destruction-and-finding-a-keyring-by-name
+ patches.fixes/keys-fix-crash-when-attempt-to-garbage-collect-an-uninstantiated-keyring
+ patches.fixes/keys-don-t-permit-request_key-to-construct-a-new-keyring
+
+ # bsc#938706, CVE-2015-5157
+ patches.fixes/00-x86-nmi-64-switch-stacks-on-userspace-nmi-entry.patch
+ patches.fixes/01-rcu-move-lockless_dereference-out-of-rcupdate-h.patch
+ patches.fixes/02-x86-ldt-make-modify_ldt-synchronous.patch
+ patches.fixes/03-correct-ldt-single-step.patch
+ patches.fixes/04-correct-ldt-math-emu.patch
+ patches.fixes/05-x86-ldt-further-fix-fpu-emulation.patch
+ patches.fixes/06-x86-nmi-64-fix-a-paravirt-stack-clobbering-bug-in-the-nmi-code.patch
+ patches.fixes/07-x86-paravirt-replace-the-paravirt-nop-with-a-bona-fide-empty-function.patch
+
+ patches.fixes/0001-KEYS-Make-proc-keys-unconditional-if-CONFIG_KEYS-y.patch
+
+ # CVE-2016-0728: kernel: Use-after-free vulnerability in keyring facility
+ patches.fixes/keys-fix-leak.patch
+
+ # bnc#958951 CVE-2015-7550: kernel: User triggerable crash from race between key read and rey revoke
+ patches.suse/0001-KEYS-Fix-race-between-read-and-revoke.patch
+
##########################################################
# Audit
##########################################################
@@ -900,6 +994,13 @@
patches.fixes/kvm-macos.patch
# bsc#909078, CVE-2014-8134
patches.fixes/x86-kvm-clear-paravirt_enabled-on-kvm-guests-for-espfix32-s-benefit.patch
+ patches.arch/kvm-x86-fix-kvm_apic_has_events-to-check-for-NULL-po
+
+ # bsc#953527 - VUL-0: CVE-2015-5307: kernel: kvm: x86: avoid guest->host DOS by intercepting #AC
+ patches.fixes/kvm-x86-work-around-infinite-loop-in-microcode-when-ac-is-delivered
+
+ # bsc#954404 - VUL-0: CVE-2015-8104: virt: guest to host DoS by triggering an infinite loop in microcode via #DB exception
+ patches.fixes/kvm-svm-unconditionally-intercept-db
########################################################
# misc
@@ -914,6 +1015,12 @@
# new drivers that are going upstream
########################################################
+ # bsc#933934, CVE-2015-4001, CVE-2015-4002, CVE-2015-4003
+ patches.fixes/ozwpan-use-proper-check-to-prevent-heap-overflow.patch
+ patches.fixes/ozwpan-use-unsigned-ints-to-prevent-heap-overflow.patch
+ patches.fixes/ozwpan-divide-by-zero-leading-to-panic.patch
+ patches.fixes/ozwpan-unchecked-signed-subtraction-leads-to-dos.patch
+
########################################################
# You'd better have a good reason for adding a patch
# below here.
@@ -961,6 +1068,12 @@
patches.xen/1242-console-add-preferred.patch
patches.xen/1248-balloon-dont-crash-HVM-with-PoD.patch
patches.xen/1249-usbback-fix-1232.patch
+ patches.xen/1268-x86-dma-required-mask.patch
+ patches.xen/1273-scsifront-locking-when-ring-full.patch
+ patches.xen/1276-scsifront-separate-flags.patch
+ patches.xen/1278-PCI-MSI-reject-res-with-clear-flags.patch
+ patches.xen/1282-usbback-limit-copying.patch
+ patches.xen/1283-xenbus-XS_ERROR-handling.patch
# changes outside arch/{i386,x86_64}/xen
patches.xen/xen3-fixup-kconfig
@@ -1009,8 +1122,17 @@
# ports of other patches
patches.xen/xen3-x86-dumpstack-Fix-printk_address-for-direct-addresse.patch
+ patches.xen/xen3-x86_64-switch_to-load-tls-descriptors-before-switching-ds-and-es.patch
+ patches.xen/xen3-x86-asm-entry-64-remove-a-bogus-ret_from_fork-optimization.patch
patches.xen/xen3-010-acpi_initrd_override_tables.patch
patches.xen/xen3-hwmon-coretemp-fix-truncated-name-of-alarm-attributes.patch
+ patches.xen/xen3-x86-64-espfix-don-t-leak-bits-31-16-of-esp-returning-to-16-bit-stack.patch
+ patches.xen/xen3-x86-espfix-make-it-possible-to-disable-16-bit-support.patch
+ patches.xen/xen3-x86_64-entry-xen-do-not-invoke-espfix64-on-xen.patch
+ patches.xen/xen3-x86_64-traps-fix-the-espfix64-df-fixup-and-rewrite-it-in-c.patch
+ patches.xen/xen3-x86_64-traps-stop-using-ist-for-ss.patch
+ patches.xen/xen3-x86_64-traps-rework-bad_iret.patch
+ patches.xen/xen3-02-x86-ldt-make-modify_ldt-synchronous.patch
patches.xen/xen3-stack-unwind
patches.xen/xen3-x86_64-unwind-annotations
patches.xen/xen3-audit_x86_32-entry-do-syscall-exit-work-on-badsys-cve-2014-4508.patch
@@ -1048,6 +1170,7 @@
patches.xen/xen-netback-generalize
patches.xen/xen-netback-multiple-tasklets
patches.xen/xen-netback-kernel-threads
+ patches.xen/xen-pciback-decode
patches.xen/xen-cxgb3
patches.xen/xen-dcdbas
patches.xen/xen-x86-panic-no-reboot
@@ -1066,3 +1189,6 @@
patches.xen/xen-x86_64-note-init-p2m
patches.xen/xen-x86_64-unmapped-initrd
patches.xen/xen-x86_64-vread-pvclock
+
+ # Xen-only kABI adjustments
+ patches.kabi/1268-x86-dma-required-mask.patch
++++++ source-timestamp ++++++
--- /var/tmp/diff_new_pack.iQszg5/_old 2016-02-08 15:39:15.000000000 +0100
+++ /var/tmp/diff_new_pack.iQszg5/_new 2016-02-08 15:39:15.000000000 +0100
@@ -1,3 +1,3 @@
-2015-03-05 17:24:00 +0100
-GIT Revision: 338c5133d4d302d15140c0a27d51e6d1c1b9ed3a
+2016-01-20 15:13:45 +0100
+GIT Revision: 1e76e8090423c261907f6d2de70215590f184e40
GIT Branch: openSUSE-13.1