[linux] 01/02: Update to 4.13.4

debian-kernel at lists.debian.org debian-kernel at lists.debian.org
Fri Sep 29 14:34:09 UTC 2017 

This is an automated email from the git hooks/post-receive script.

benh pushed a commit to branch master
in repository linux.

commit f3152ccaadd2e15aa90ecca25397c945d6e27510
Author: Ben Hutchings <ben at decadent.org.uk>
Date:   Fri Sep 29 16:29:45 2017 +0200

    Update to 4.13.4
---
 debian/changelog                                   |  3 +-
 ...xxx-Fix-an-integer-overflow-in-sysfs-code.patch | 64 ----------------------
 debian/patches/series                              |  1 -
 3 files changed, 2 insertions(+), 66 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 31b1aa2..59ba739 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,7 +1,8 @@
-linux (4.13.3-1~exp1) UNRELEASED; urgency=medium
+linux (4.13.4-1~exp1) UNRELEASED; urgency=medium
 
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.3
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.4
 
   [ Ben Hutchings ]
   * [armhf,arm64] mmc: Enable MMC_BCM2835 (Closes: #845422)
diff --git a/debian/patches/bugfix/all/scsi-qla2xxx-Fix-an-integer-overflow-in-sysfs-code.patch b/debian/patches/bugfix/all/scsi-qla2xxx-Fix-an-integer-overflow-in-sysfs-code.patch
deleted file mode 100644
index 7359fea..0000000
--- a/debian/patches/bugfix/all/scsi-qla2xxx-Fix-an-integer-overflow-in-sysfs-code.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From: Dan Carpenter <dan.carpenter at oracle.com>
-Date: Wed, 30 Aug 2017 16:30:35 +0300
-Subject: scsi: qla2xxx: Fix an integer overflow in sysfs code
-Origin: https://git.kernel.org/linus/e6f77540c067b48dee10f1e33678415bfcc89017
-Bug: https://bugzilla.kernel.org/show_bug.cgi?id=194061
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-14051
-
-The value of "size" comes from the user.  When we add "start + size" it
-could lead to an integer overflow bug.
-
-It means we vmalloc() a lot more memory than we had intended.  I believe
-that on 64 bit systems vmalloc() can succeed even if we ask it to
-allocate huge 4GB buffers.  So we would get memory corruption and likely
-a crash when we call ha->isp_ops->write_optrom() and ->read_optrom().
-
-Only root can trigger this bug.
-
-Link: https://bugzilla.kernel.org/show_bug.cgi?id=194061
-
-Cc: <stable at vger.kernel.org>
-Fixes: b7cc176c9eb3 ("[SCSI] qla2xxx: Allow region-based flash-part accesses.")
-Reported-by: shqking <shqking at gmail.com>
-Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
-Signed-off-by: Martin K. Petersen <martin.petersen at oracle.com>
----
- drivers/scsi/qla2xxx/qla_attr.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/drivers/scsi/qla2xxx/qla_attr.c b/drivers/scsi/qla2xxx/qla_attr.c
-index 08a1feb3a195..8c6ff1682fb1 100644
---- a/drivers/scsi/qla2xxx/qla_attr.c
-+++ b/drivers/scsi/qla2xxx/qla_attr.c
-@@ -318,6 +318,8 @@ qla2x00_sysfs_write_optrom_ctl(struct file *filp, struct kobject *kobj,
- 		return -EINVAL;
- 	if (start > ha->optrom_size)
- 		return -EINVAL;
-+	if (size > ha->optrom_size - start)
-+		size = ha->optrom_size - start;
- 
- 	mutex_lock(&ha->optrom_mutex);
- 	switch (val) {
-@@ -343,8 +345,7 @@ qla2x00_sysfs_write_optrom_ctl(struct file *filp, struct kobject *kobj,
- 		}
- 
- 		ha->optrom_region_start = start;
--		ha->optrom_region_size = start + size > ha->optrom_size ?
--		    ha->optrom_size - start : size;
-+		ha->optrom_region_size = start + size;
- 
- 		ha->optrom_state = QLA_SREADING;
- 		ha->optrom_buffer = vmalloc(ha->optrom_region_size);
-@@ -417,8 +418,7 @@ qla2x00_sysfs_write_optrom_ctl(struct file *filp, struct kobject *kobj,
- 		}
- 
- 		ha->optrom_region_start = start;
--		ha->optrom_region_size = start + size > ha->optrom_size ?
--		    ha->optrom_size - start : size;
-+		ha->optrom_region_size = start + size;
- 
- 		ha->optrom_state = QLA_SWRITING;
- 		ha->optrom_buffer = vmalloc(ha->optrom_region_size);
--- 
-2.11.0
-
diff --git a/debian/patches/series b/debian/patches/series
index 8e8ade6..a9c88ff 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -112,7 +112,6 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
 
 # Security fixes
 debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
-bugfix/all/scsi-qla2xxx-Fix-an-integer-overflow-in-sysfs-code.patch
 bugfix/all/nl80211-check-for-the-required-netlink-attributes-presence.patch
 bugfix/x86/kvm-nvmx-don-t-allow-l2-to-access-the-hardware-cr8.patch
 bugfix/all/video-fbdev-aty-do-not-leak-uninitialized-padding-in.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git

More information about the Kernel-svn-changes mailing list