summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--SOURCES/Patchlist.changelog3
-rw-r--r--SOURCES/kernel.changelog10
-rw-r--r--SOURCES/patch-6.7-redhat.patch18
-rw-r--r--SOURCES/t2linux.patch102
-rw-r--r--SPECS/kernel.spec23
5 files changed, 43 insertions, 113 deletions
diff --git a/SOURCES/Patchlist.changelog b/SOURCES/Patchlist.changelog
index 00475c0..cae9726 100644
--- a/SOURCES/Patchlist.changelog
+++ b/SOURCES/Patchlist.changelog
@@ -1,3 +1,6 @@
+"https://gitlab.com/cki-project/kernel-ark/-/commit"/f65fe5e93408aed742291b98358a9873317a59ef
+ f65fe5e93408aed742291b98358a9873317a59ef Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
+
"https://gitlab.com/cki-project/kernel-ark/-/commit"/11fa2c73bc247b4d40c71e3220ead390202a2043
11fa2c73bc247b4d40c71e3220ead390202a2043 selftests: openvswitch: Add validation for the recursion test
diff --git a/SOURCES/kernel.changelog b/SOURCES/kernel.changelog
index db610ce..1377ded 100644
--- a/SOURCES/kernel.changelog
+++ b/SOURCES/kernel.changelog
@@ -1,3 +1,13 @@
+* Wed Mar 06 2024 Augusto Caringi <acaringi@redhat.com> [6.7.9-0]
+- Add some CVE fixes for 6.7.9 (Justin M. Forbes)
+- Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security (Yuxuan Hu)
+- Linux v6.7.9
+Resolves:
+
+* Sun Mar 03 2024 Justin M. Forbes <jforbes@fedoraproject.org> [6.7.8-0]
+- Linux v6.7.8
+Resolves:
+
* Fri Mar 01 2024 Augusto Caringi <acaringi@redhat.com> [6.7.7-0]
- Add rhbz 2266309 to BugsFixed (Justin M. Forbes)
- Add libperf-debuginfo subpackage (Justin M. Forbes)
diff --git a/SOURCES/patch-6.7-redhat.patch b/SOURCES/patch-6.7-redhat.patch
index 112914f..365623b 100644
--- a/SOURCES/patch-6.7-redhat.patch
+++ b/SOURCES/patch-6.7-redhat.patch
@@ -32,6 +32,7 @@
include/linux/security.h | 5 +
kernel/module/main.c | 2 +
kernel/module/signing.c | 9 +-
+ net/bluetooth/rfcomm/core.c | 2 +-
scripts/mod/modpost.c | 8 +
scripts/tags.sh | 2 +
security/integrity/platform_certs/load_uefi.c | 6 +-
@@ -41,7 +42,7 @@
tools/power/cpupower/Makefile | 2 +-
.../selftests/net/openvswitch/openvswitch.sh | 13 ++
.../testing/selftests/net/openvswitch/ovs-dpctl.py | 71 +++++++--
- 43 files changed, 770 insertions(+), 194 deletions(-)
+ 44 files changed, 771 insertions(+), 195 deletions(-)
diff --git a/Documentation/admin-guide/laptops/thinkpad-acpi.rst b/Documentation/admin-guide/laptops/thinkpad-acpi.rst
index 98d304010170..7f674a6cfa8a 100644
@@ -69,7 +70,7 @@ index 98d304010170..7f674a6cfa8a 100644
0x1020 0x1F unknown
diff --git a/Makefile b/Makefile
-index 72ee3609aae3..824a28d7c706 100644
+index f1a592b7c7bc..27fc5bc7b1bb 100644
--- a/Makefile
+++ b/Makefile
@@ -22,6 +22,18 @@ $(if $(filter __%, $(MAKECMDGOALS)), \
@@ -1505,6 +1506,19 @@ index a2ff4242e623..f0d2be1ee4f1 100644
}
int module_sig_check(struct load_info *info, int flags)
+diff --git a/net/bluetooth/rfcomm/core.c b/net/bluetooth/rfcomm/core.c
+index 053ef8f25fae..1d34d8497033 100644
+--- a/net/bluetooth/rfcomm/core.c
++++ b/net/bluetooth/rfcomm/core.c
+@@ -1941,7 +1941,7 @@ static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s)
+ /* Get data directly from socket receive queue without copying it. */
+ while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
+ skb_orphan(skb);
+- if (!skb_linearize(skb)) {
++ if (!skb_linearize(skb) && sk->sk_state != BT_CLOSED) {
+ s = rfcomm_recv_frame(s, skb);
+ if (!s)
+ break;
diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
index f7c4d3fe4381..7fd1ef7930c6 100644
--- a/scripts/mod/modpost.c
diff --git a/SOURCES/t2linux.patch b/SOURCES/t2linux.patch
index 0c6e17a..b254a1d 100644
--- a/SOURCES/t2linux.patch
+++ b/SOURCES/t2linux.patch
@@ -12048,105 +12048,3 @@ index 792adaf88..3ba90878c 100644
/**
--
2.37.2
-
-From patchwork Wed Dec 27 10:10:03 2023
-Content-Type: text/plain; charset="utf-8"
-MIME-Version: 1.0
-Content-Transfer-Encoding: 7bit
-X-Patchwork-Submitter: Johan Hovold <johan+linaro@kernel.org>
-X-Patchwork-Id: 13505281
-Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org
- [10.30.226.201])
- (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
- (No client certificate requested)
- by smtp.subspace.kernel.org (Postfix) with ESMTPS id 731F42D602;
- Wed, 27 Dec 2023 10:10:50 +0000 (UTC)
-Authentication-Results: smtp.subspace.kernel.org;
- dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org
- header.b="OE5gY3Rg"
-Received: by smtp.kernel.org (Postfix) with ESMTPSA id E1F71C433C8;
- Wed, 27 Dec 2023 10:10:49 +0000 (UTC)
-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
- s=k20201202; t=1703671849;
- bh=HNX2qe5wIUjgAOE0bih0cYXbYbw77i5qRYAGTFhWf8Q=;
- h=From:To:Cc:Subject:Date:From;
- b=OE5gY3RgSNMMNpr/DemitpLvv8B5KUxkea+huKa97KhEilNAbl/OG/gZPSswoI3kl
- ifwN2LiGgFt8jyQh8hVsCoIrrOOGgiqeJ9ivyZI86fxAmaICglCBVc65vzpPozQdYn
- YsryqO/D6A6i3egHRr7G52DifE/DihYN9uZqhAIHTY+ESsr/mJvwodvV8HNt60TaF9
- dFeWSj4rAgt/QaclFNs1wznkamzzJ3UloOq2NJbzC3F6ILEsWfuPRm8iKBlgwdNTZ+
- bn4JmN3Zh0Mr2uaTVg902uWeLcZ93sY9BmqH1AOBDEXTlUvPd7n6xVrSnOLfdlTR5k
- O5JKLTyyjvyTQ==
-Received: from johan by xi.lan with local (Exim 4.96.2)
- (envelope-from <johan+linaro@kernel.org>)
- id 1rIQs7-0002kc-0u;
- Wed, 27 Dec 2023 11:10:44 +0100
-From: Johan Hovold <johan+linaro@kernel.org>
-To: Luiz Augusto von Dentz <luiz.dentz@gmail.com>,
- Marcel Holtmann <marcel@holtmann.org>,
- Johan Hedberg <johan.hedberg@gmail.com>
-Cc: Hector Martin <marcan@marcan.st>,
- Sven Peter <sven@svenpeter.dev>,
- Alyssa Rosenzweig <alyssa@rosenzweig.io>,
- asahi@lists.linux.dev,
- linux-arm-kernel@lists.infradead.org,
- linux-bluetooth@vger.kernel.org,
- linux-kernel@vger.kernel.org,
- Johan Hovold <johan+linaro@kernel.org>,
- stable@vger.kernel.org,
- Felix Zhang <mrman@mrman314.tech>
-Subject: [PATCH] Bluetooth: hci_bcm4377: do not mark valid bd_addr as invalid
-Date: Wed, 27 Dec 2023 11:10:03 +0100
-Message-ID: <20231227101003.10534-1-johan+linaro@kernel.org>
-X-Mailer: git-send-email 2.41.0
-Precedence: bulk
-X-Mailing-List: linux-bluetooth@vger.kernel.org
-List-Id: <linux-bluetooth.vger.kernel.org>
-List-Subscribe: <mailto:linux-bluetooth+subscribe@vger.kernel.org>
-List-Unsubscribe: <mailto:linux-bluetooth+unsubscribe@vger.kernel.org>
-MIME-Version: 1.0
-
-A recent commit restored the original (and still documented) semantics
-for the HCI_QUIRK_USE_BDADDR_PROPERTY quirk so that the device address
-is considered invalid unless an address is provided by firmware.
-
-This specifically means that this flag must only be set for devices with
-invalid addresses, but the Broadcom BCM4377 driver has so far been
-setting this flag unconditionally.
-
-Fortunately the driver already checks for invalid addresses during setup
-and sets the HCI_QUIRK_INVALID_BDADDR flag, which can simply be replaced
-with HCI_QUIRK_USE_BDADDR_PROPERTY to indicate that the default address
-is invalid but can be overridden by firmware (long term, this should
-probably just always be allowed).
-
-Fixes: 6945795bc81a ("Bluetooth: fix use-bdaddr-property quirk")
-Cc: stable@vger.kernel.org # 6.5
-Reported-by: Felix Zhang <mrman@mrman314.tech>
-Link: https://lore.kernel.org/r/77419ffacc5b4875e920e038332575a2a5bff29f.camel@mrman314.tech/
-Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
-Reported-by: Felix Zhang <mrman@mrman314.tech>
----
- drivers/bluetooth/hci_bcm4377.c | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/drivers/bluetooth/hci_bcm4377.c b/drivers/bluetooth/hci_bcm4377.c
-index a61757835695..9a7243d5db71 100644
---- a/drivers/bluetooth/hci_bcm4377.c
-+++ b/drivers/bluetooth/hci_bcm4377.c
-@@ -1417,7 +1417,7 @@ static int bcm4377_check_bdaddr(struct bcm4377_data *bcm4377)
-
- bda = (struct hci_rp_read_bd_addr *)skb->data;
- if (!bcm4377_is_valid_bdaddr(bcm4377, &bda->bdaddr))
-- set_bit(HCI_QUIRK_INVALID_BDADDR, &bcm4377->hdev->quirks);
-+ set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &bcm4377->hdev->quirks);
-
- kfree_skb(skb);
- return 0;
-@@ -2368,7 +2368,6 @@ static int bcm4377_probe(struct pci_dev *pdev, const struct pci_device_id *id)
- hdev->set_bdaddr = bcm4377_hci_set_bdaddr;
- hdev->setup = bcm4377_hci_setup;
-
-- set_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks);
- if (bcm4377->hw->broken_mws_transport_config)
- set_bit(HCI_QUIRK_BROKEN_MWS_TRANSPORT_CONFIG, &hdev->quirks);
- if (bcm4377->hw->broken_ext_scan)
diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec
index c9b8eea..737df97 100644
--- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec
@@ -160,18 +160,18 @@ Summary: The Linux kernel
# the --with-release option overrides this setting.)
%define debugbuildsenabled 1
%define buildid .fsync
-%define specrpmversion 6.7.7
-%define specversion 6.7.7
+%define specrpmversion 6.7.9
+%define specversion 6.7.9
%define patchversion 6.7
%define pkgrelease 200
%define kversion 6
-%define tarfile_release 6.7.7
+%define tarfile_release 6.7.9
# This is needed to do merge window version magic
%define patchlevel 7
# This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 202%{?buildid}%{?dist}
+%define specrelease 201%{?buildid}%{?dist}
# This defines the kabi tarball version
-%define kabiversion 6.7.7
+%define kabiversion 6.7.9
# If this variable is set to 1, a bpf selftests build failure will cause a
# fatal kernel package build error
@@ -3994,11 +3994,16 @@ fi\
#
#
%changelog
-* Sat Mar 09 2024 Jan200101 <sentrycraft123@gmail.com> - 6.7.7-202.fsync
-- kernel-fsync v6.7.7 hdr revert
+* Sat Mar 09 2024 Jan200101 <sentrycraft123@gmail.com> - 6.7.9-201.fsync
+- kernel-fsync v6.7.9
-* Wed Mar 06 2024 Jan200101 <sentrycraft123@gmail.com> - 6.7.7-201.fsync
-- kernel-fsync v6.7.7
+* Wed Mar 06 2024 Augusto Caringi <acaringi@redhat.com> [6.7.9-0]
+- Add some CVE fixes for 6.7.9 (Justin M. Forbes)
+- Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security (Yuxuan Hu)
+- Linux v6.7.9
+
+* Sun Mar 03 2024 Justin M. Forbes <jforbes@fedoraproject.org> [6.7.8-0]
+- Linux v6.7.8
* Fri Mar 01 2024 Augusto Caringi <acaringi@redhat.com> [6.7.7-0]
- Add rhbz 2266309 to BugsFixed (Justin M. Forbes)