diff --git a/README b/README index db1a48a..96589fc 100644 --- a/README +++ b/README @@ -194,9 +194,11 @@ depending on the impact of your changes. Use scripts/tar-up.sh for creating an OBS package directory. The kernel source tree that scripts/sequence-patch.sh creates can be -test compiled as follows: +test-compiled. Before that, make sure all prerequisites are installed. +These include libopenssl-devel, libelf-devel, and dwarves (look into +rpm/kernel-binary.spec.in for a complete list). Then, the compilation +can be done as follows: - $ cp config/i386/default /var/tmp/scratch/linux-5.3-SLE15-SP3 $ cd /var/tmp/scratch/linux-5.3-SLE15-SP3 $ make oldconfig $ make diff --git a/patches.suse/HID-bigben-use-spinlock-to-protect-concurrent-access.patch b/patches.suse/HID-bigben-use-spinlock-to-protect-concurrent-access.patch new file mode 100644 index 0000000..93c0d3d --- /dev/null +++ b/patches.suse/HID-bigben-use-spinlock-to-protect-concurrent-access.patch @@ -0,0 +1,173 @@ +From 9fefb6201c4f8dd9f58c581b2a66e5cde2895ea2 Mon Sep 17 00:00:00 2001 +From: Pietro Borrello +Date: Sun, 12 Feb 2023 18:59:59 +0000 +Subject: [PATCH] HID: bigben: use spinlock to protect concurrent accesses +Git-commit: 9fefb6201c4f8dd9f58c581b2a66e5cde2895ea2 +Patch-mainline: v6.3-rc1 +References: CVE-2023-25012 bsc#1207560 + +bigben driver has a worker that may access data concurrently. +Proct the accesses using a spinlock. + +Fixes: 256a90ed9e46 ("HID: hid-bigbenff: driver for BigBen Interactive PS3OFMINIPAD gamepad") +Signed-off-by: Pietro Borrello +Link: https://lore.kernel.org/r/20230125-hid-unregister-leds-v4-1-7860c5763c38@diag.uniroma1.it +Signed-off-by: Benjamin Tissoires +Acked-by: Takashi Iwai + +--- + drivers/hid/hid-bigbenff.c | 52 ++++++++++++++++++++++++++++++++++++-- + 1 file changed, 50 insertions(+), 2 deletions(-) + +diff --git a/drivers/hid/hid-bigbenff.c b/drivers/hid/hid-bigbenff.c +index e8b16665860d..ed3d2d7bc1dd 100644 +--- a/drivers/hid/hid-bigbenff.c ++++ b/drivers/hid/hid-bigbenff.c +@@ -174,6 +174,7 @@ static __u8 pid0902_rdesc_fixed[] = { + struct bigben_device { + struct hid_device *hid; + struct hid_report *report; ++ spinlock_t lock; + bool removed; + u8 led_state; /* LED1 = 1 .. LED4 = 8 */ + u8 right_motor_on; /* right motor off/on 0/1 */ +@@ -190,12 +191,27 @@ static void bigben_worker(struct work_struct *work) + struct bigben_device *bigben = container_of(work, + struct bigben_device, worker); + struct hid_field *report_field = bigben->report->field[0]; ++ bool do_work_led = false; ++ bool do_work_ff = false; ++ u8 *buf; ++ u32 len; ++ unsigned long flags; + + if (bigben->removed || !report_field) + return; + ++ buf = hid_alloc_report_buf(bigben->report, GFP_KERNEL); ++ if (!buf) ++ return; ++ ++ len = hid_report_len(bigben->report); ++ ++ /* LED work */ ++ spin_lock_irqsave(&bigben->lock, flags); ++ + if (bigben->work_led) { + bigben->work_led = false; ++ do_work_led = true; + report_field->value[0] = 0x01; /* 1 = led message */ + report_field->value[1] = 0x08; /* reserved value, always 8 */ + report_field->value[2] = bigben->led_state; +@@ -204,11 +220,22 @@ static void bigben_worker(struct work_struct *work) + report_field->value[5] = 0x00; /* padding */ + report_field->value[6] = 0x00; /* padding */ + report_field->value[7] = 0x00; /* padding */ +- hid_hw_request(bigben->hid, bigben->report, HID_REQ_SET_REPORT); ++ hid_output_report(bigben->report, buf); ++ } ++ ++ spin_unlock_irqrestore(&bigben->lock, flags); ++ ++ if (do_work_led) { ++ hid_hw_raw_request(bigben->hid, bigben->report->id, buf, len, ++ bigben->report->type, HID_REQ_SET_REPORT); + } + ++ /* FF work */ ++ spin_lock_irqsave(&bigben->lock, flags); ++ + if (bigben->work_ff) { + bigben->work_ff = false; ++ do_work_ff = true; + report_field->value[0] = 0x02; /* 2 = rumble effect message */ + report_field->value[1] = 0x08; /* reserved value, always 8 */ + report_field->value[2] = bigben->right_motor_on; +@@ -217,8 +244,17 @@ static void bigben_worker(struct work_struct *work) + report_field->value[5] = 0x00; /* padding */ + report_field->value[6] = 0x00; /* padding */ + report_field->value[7] = 0x00; /* padding */ +- hid_hw_request(bigben->hid, bigben->report, HID_REQ_SET_REPORT); ++ hid_output_report(bigben->report, buf); ++ } ++ ++ spin_unlock_irqrestore(&bigben->lock, flags); ++ ++ if (do_work_ff) { ++ hid_hw_raw_request(bigben->hid, bigben->report->id, buf, len, ++ bigben->report->type, HID_REQ_SET_REPORT); + } ++ ++ kfree(buf); + } + + static int hid_bigben_play_effect(struct input_dev *dev, void *data, +@@ -228,6 +264,7 @@ static int hid_bigben_play_effect(struct input_dev *dev, void *data, + struct bigben_device *bigben = hid_get_drvdata(hid); + u8 right_motor_on; + u8 left_motor_force; ++ unsigned long flags; + + if (!bigben) { + hid_err(hid, "no device data\n"); +@@ -242,9 +279,12 @@ static int hid_bigben_play_effect(struct input_dev *dev, void *data, + + if (right_motor_on != bigben->right_motor_on || + left_motor_force != bigben->left_motor_force) { ++ spin_lock_irqsave(&bigben->lock, flags); + bigben->right_motor_on = right_motor_on; + bigben->left_motor_force = left_motor_force; + bigben->work_ff = true; ++ spin_unlock_irqrestore(&bigben->lock, flags); ++ + schedule_work(&bigben->worker); + } + +@@ -259,6 +299,7 @@ static void bigben_set_led(struct led_classdev *led, + struct bigben_device *bigben = hid_get_drvdata(hid); + int n; + bool work; ++ unsigned long flags; + + if (!bigben) { + hid_err(hid, "no device data\n"); +@@ -267,6 +308,7 @@ static void bigben_set_led(struct led_classdev *led, + + for (n = 0; n < NUM_LEDS; n++) { + if (led == bigben->leds[n]) { ++ spin_lock_irqsave(&bigben->lock, flags); + if (value == LED_OFF) { + work = (bigben->led_state & BIT(n)); + bigben->led_state &= ~BIT(n); +@@ -274,6 +316,7 @@ static void bigben_set_led(struct led_classdev *led, + work = !(bigben->led_state & BIT(n)); + bigben->led_state |= BIT(n); + } ++ spin_unlock_irqrestore(&bigben->lock, flags); + + if (work) { + bigben->work_led = true; +@@ -307,8 +350,12 @@ static enum led_brightness bigben_get_led(struct led_classdev *led) + static void bigben_remove(struct hid_device *hid) + { + struct bigben_device *bigben = hid_get_drvdata(hid); ++ unsigned long flags; + ++ spin_lock_irqsave(&bigben->lock, flags); + bigben->removed = true; ++ spin_unlock_irqrestore(&bigben->lock, flags); ++ + cancel_work_sync(&bigben->worker); + hid_hw_stop(hid); + } +@@ -362,6 +409,7 @@ static int bigben_probe(struct hid_device *hid, + set_bit(FF_RUMBLE, hidinput->input->ffbit); + + INIT_WORK(&bigben->worker, bigben_worker); ++ spin_lock_init(&bigben->lock); + + error = input_ff_create_memless(hidinput->input, NULL, + hid_bigben_play_effect); +-- +2.35.3 + diff --git a/patches.suse/HID-bigben-use-spinlock-to-safely-schedule-workers.patch b/patches.suse/HID-bigben-use-spinlock-to-safely-schedule-workers.patch new file mode 100644 index 0000000..efc24c0 --- /dev/null +++ b/patches.suse/HID-bigben-use-spinlock-to-safely-schedule-workers.patch @@ -0,0 +1,83 @@ +From 76ca8da989c7d97a7f76c75d475fe95a584439d7 Mon Sep 17 00:00:00 2001 +From: Pietro Borrello +Date: Sun, 12 Feb 2023 19:00:01 +0000 +Subject: [PATCH] HID: bigben: use spinlock to safely schedule workers +Git-commit: 76ca8da989c7d97a7f76c75d475fe95a584439d7 +Patch-mainline: v6.3-rc1 +References: CVE-2023-25012 bsc#1207560 + +Use spinlocks to deal with workers introducing a wrapper +bigben_schedule_work(), and several spinlock checks. +Otherwise, bigben_set_led() may schedule bigben->worker after the +structure has been freed, causing a use-after-free. + +Fixes: 4eb1b01de5b9 ("HID: hid-bigbenff: fix race condition for scheduled work during removal") +Signed-off-by: Pietro Borrello +Link: https://lore.kernel.org/r/20230125-hid-unregister-leds-v4-3-7860c5763c38@diag.uniroma1.it +Signed-off-by: Benjamin Tissoires +Acked-by: Takashi Iwai + +--- + drivers/hid/hid-bigbenff.c | 18 ++++++++++++------ + 1 file changed, 12 insertions(+), 6 deletions(-) + +diff --git a/drivers/hid/hid-bigbenff.c b/drivers/hid/hid-bigbenff.c +index b98c5f31c184..9d6560db762b 100644 +--- a/drivers/hid/hid-bigbenff.c ++++ b/drivers/hid/hid-bigbenff.c +@@ -185,6 +185,15 @@ struct bigben_device { + struct work_struct worker; + }; + ++static inline void bigben_schedule_work(struct bigben_device *bigben) ++{ ++ unsigned long flags; ++ ++ spin_lock_irqsave(&bigben->lock, flags); ++ if (!bigben->removed) ++ schedule_work(&bigben->worker); ++ spin_unlock_irqrestore(&bigben->lock, flags); ++} + + static void bigben_worker(struct work_struct *work) + { +@@ -197,9 +206,6 @@ static void bigben_worker(struct work_struct *work) + u32 len; + unsigned long flags; + +- if (bigben->removed) +- return; +- + buf = hid_alloc_report_buf(bigben->report, GFP_KERNEL); + if (!buf) + return; +@@ -285,7 +291,7 @@ static int hid_bigben_play_effect(struct input_dev *dev, void *data, + bigben->work_ff = true; + spin_unlock_irqrestore(&bigben->lock, flags); + +- schedule_work(&bigben->worker); ++ bigben_schedule_work(bigben); + } + + return 0; +@@ -320,7 +326,7 @@ static void bigben_set_led(struct led_classdev *led, + + if (work) { + bigben->work_led = true; +- schedule_work(&bigben->worker); ++ bigben_schedule_work(bigben); + } + return; + } +@@ -450,7 +456,7 @@ static int bigben_probe(struct hid_device *hid, + bigben->left_motor_force = 0; + bigben->work_led = true; + bigben->work_ff = true; +- schedule_work(&bigben->worker); ++ bigben_schedule_work(bigben); + + hid_info(hid, "LED and force feedback support for BigBen gamepad\n"); + +-- +2.35.3 + diff --git a/patches.suse/HID-bigben_worker-remove-unneeded-check-on-report_fi.patch b/patches.suse/HID-bigben_worker-remove-unneeded-check-on-report_fi.patch new file mode 100644 index 0000000..a5d189b --- /dev/null +++ b/patches.suse/HID-bigben_worker-remove-unneeded-check-on-report_fi.patch @@ -0,0 +1,44 @@ +From 27d2a2fd844ec7da70d19fabb482304fd1e0595b Mon Sep 17 00:00:00 2001 +From: Pietro Borrello +Date: Sun, 12 Feb 2023 19:00:00 +0000 +Subject: [PATCH] HID: bigben_worker() remove unneeded check on report_field +Git-commit: 27d2a2fd844ec7da70d19fabb482304fd1e0595b +Patch-mainline: v6.3-rc1 +References: CVE-2023-25012 bsc#1207560 + +bigben_worker() checks report_field to be non-NULL. +The check has been added in commit +918aa1ef104d ("HID: bigbenff: prevent null pointer dereference") +to prevent a NULL pointer crash. +However, the true root cause was a missing check for output +reports, patched in commit +c7bf714f8755 ("HID: check empty report_list in bigben_probe()"), +where the type-confused report list_entry was overlapping with +a NULL pointer, which was then causing the crash. + +Fixes: 918aa1ef104d ("HID: bigbenff: prevent null pointer dereference") +Signed-off-by: Pietro Borrello +Link: https://lore.kernel.org/r/20230125-hid-unregister-leds-v4-2-7860c5763c38@diag.uniroma1.it +Signed-off-by: Benjamin Tissoires +Acked-by: Takashi Iwai + +--- + drivers/hid/hid-bigbenff.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/hid/hid-bigbenff.c b/drivers/hid/hid-bigbenff.c +index ed3d2d7bc1dd..b98c5f31c184 100644 +--- a/drivers/hid/hid-bigbenff.c ++++ b/drivers/hid/hid-bigbenff.c +@@ -197,7 +197,7 @@ static void bigben_worker(struct work_struct *work) + u32 len; + unsigned long flags; + +- if (bigben->removed || !report_field) ++ if (bigben->removed) + return; + + buf = hid_alloc_report_buf(bigben->report, GFP_KERNEL); +-- +2.35.3 + diff --git a/patches.suse/malidp-Fix-NULL-vs-IS_ERR-checking.patch b/patches.suse/malidp-Fix-NULL-vs-IS_ERR-checking.patch new file mode 100644 index 0000000..bff7a8e --- /dev/null +++ b/patches.suse/malidp-Fix-NULL-vs-IS_ERR-checking.patch @@ -0,0 +1,30 @@ +From 15342f930ebebcfe36f2415049736a77d7d2e045 Mon Sep 17 00:00:00 2001 +From: Miaoqian Lin +Date: Mon, 13 Dec 2021 07:21:15 +0000 +Subject: malidp: Fix NULL vs IS_ERR() checking +Git-commit: 15342f930ebebcfe36f2415049736a77d7d2e045 +Patch-mainline: v5.19-rc1 +References: bsc#1208843 CVE-2023-23004 + +The get_sg_table() function does not return NULL. +It returns error pointers. + +Signed-off-by: Miaoqian Lin +Signed-off-by: Liviu Dudau +Link: https://lore.kernel.org/dri-devel/20211213072115.18098-1-linmq006@gmail.com/ +Acked-by: Patrik Jakobsson +--- + drivers/gpu/drm/arm/malidp_planes.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/gpu/drm/arm/malidp_planes.c ++++ b/drivers/gpu/drm/arm/malidp_planes.c +@@ -346,7 +346,7 @@ + else + sgt = obj->dev->driver->gem_prime_get_sg_table(obj); + +- if (!sgt) ++ if (IS_ERR(sgt)) + return false; + + sgl = sgt->sgl; diff --git a/patches.suse/net-add-sock_init_data_uid.patch b/patches.suse/net-add-sock_init_data_uid.patch new file mode 100644 index 0000000..183d996 --- /dev/null +++ b/patches.suse/net-add-sock_init_data_uid.patch @@ -0,0 +1,84 @@ +From: Pietro Borrello +Date: Sat, 4 Feb 2023 17:39:20 +0000 +Subject: net: add sock_init_data_uid() +Git-commit: 584f3742890e966d2f0a1f3c418c9ead70b2d99e +Patch-mainline: v6.3-rc1 +References: CVE-2023-1076 bsc#1208599 + +Add sock_init_data_uid() to explicitly initialize the socket uid. +To initialise the socket uid, sock_init_data() assumes a the struct +socket* sock is always embedded in a struct socket_alloc, used to +access the corresponding inode uid. This may not be true. +Examples are sockets created in tun_chr_open() and tap_open(). + +Fixes: 86741ec25462 ("net: core: Add a UID field to struct sock.") +Signed-off-by: Pietro Borrello +Reviewed-by: Eric Dumazet +Signed-off-by: David S. Miller +Acked-by: Miroslav Franc +--- + include/net/sock.h | 7 ++++++- + net/core/sock.c | 15 ++++++++++++--- + 2 files changed, 18 insertions(+), 4 deletions(-) + +diff --git a/include/net/sock.h b/include/net/sock.h +index 22d50dabdc9d..da758f2273e4 100644 +--- a/include/net/sock.h ++++ b/include/net/sock.h +@@ -1739,7 +1739,12 @@ void sk_common_release(struct sock *sk); + * Default socket callbacks and setup code + */ + +-/* Initialise core socket variables */ ++/* Initialise core socket variables using an explicit uid. */ ++void sock_init_data_uid(struct socket *sock, struct sock *sk, kuid_t uid); ++ ++/* Initialise core socket variables. ++ * Assumes struct socket *sock is embedded in a struct socket_alloc. ++ */ + void sock_init_data(struct socket *sock, struct sock *sk); + + /* +diff --git a/net/core/sock.c b/net/core/sock.c +index 652913df588d..28382b23afe2 100644 +--- a/net/core/sock.c ++++ b/net/core/sock.c +@@ -2878,7 +2878,7 @@ void sk_stop_timer(struct sock *sk, struct timer_list* timer) + } + EXPORT_SYMBOL(sk_stop_timer); + +-void sock_init_data(struct socket *sock, struct sock *sk) ++void sock_init_data_uid(struct socket *sock, struct sock *sk, kuid_t uid) + { + sk_init_common(sk); + sk->sk_send_head = NULL; +@@ -2897,11 +2897,10 @@ void sock_init_data(struct socket *sock, struct sock *sk) + sk->sk_type = sock->type; + RCU_INIT_POINTER(sk->sk_wq, &sock->wq); + sock->sk = sk; +- sk->sk_uid = SOCK_INODE(sock)->i_uid; + } else { + RCU_INIT_POINTER(sk->sk_wq, NULL); +- sk->sk_uid = make_kuid(sock_net(sk)->user_ns, 0); + } ++ sk->sk_uid = uid; + + rwlock_init(&sk->sk_callback_lock); + if (sk->sk_kern_sock) +@@ -2959,6 +2958,16 @@ void sock_init_data(struct socket *sock, struct sock *sk) + refcount_set(&sk->sk_refcnt, 1); + atomic_set(&sk->sk_drops, 0); + } ++EXPORT_SYMBOL(sock_init_data_uid); ++ ++void sock_init_data(struct socket *sock, struct sock *sk) ++{ ++ kuid_t uid = sock ? ++ SOCK_INODE(sock)->i_uid : ++ make_kuid(sock_net(sk)->user_ns, 0); ++ ++ sock_init_data_uid(sock, sk, uid); ++} + EXPORT_SYMBOL(sock_init_data); + + void lock_sock_nested(struct sock *sk, int subclass) diff --git a/patches.suse/netfilter-nf_tables-fix-null-deref-due-to-zeroed-list-head.patch b/patches.suse/netfilter-nf_tables-fix-null-deref-due-to-zeroed-list-head.patch new file mode 100644 index 0000000..d6131f5 --- /dev/null +++ b/patches.suse/netfilter-nf_tables-fix-null-deref-due-to-zeroed-list-head.patch @@ -0,0 +1,46 @@ +From: Florian Westphal +Date: Tue, 9 Aug 2022 18:34:02 +0200 +Subject: netfilter: nf_tables: fix null deref due to zeroed list head +Git-commit: 580077855a40741cf511766129702d97ff02f4d9 +Patch-mainline: v6.0-rc1 +References: CVE-2023-1095 bsc#1208777 + +In nf_tables_updtable, if nf_tables_table_enable returns an error, +nft_trans_destroy is called to free the transaction object. + +nft_trans_destroy() calls list_del(), but the transaction was never +placed on a list -- the list head is all zeroes, this results in +a null dereference: + +BUG: KASAN: null-ptr-deref in nft_trans_destroy+0x26/0x59 +Call Trace: + nft_trans_destroy+0x26/0x59 + nf_tables_newtable+0x4bc/0x9bc + [..] + +Its sane to assume that nft_trans_destroy() can be called +on the transaction object returned by nft_trans_alloc(), so +make sure the list head is initialised. + +Fixes: 55dd6f93076b ("netfilter: nf_tables: use new transaction infrastructure to handle table") +Reported-by: mingi cho +Signed-off-by: Florian Westphal +Signed-off-by: Pablo Neira Ayuso +Acked-by: Miroslav Franc +--- + net/netfilter/nf_tables_api.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c +index 460b0925ea60..3cc88998b879 100644 +--- a/net/netfilter/nf_tables_api.c ++++ b/net/netfilter/nf_tables_api.c +@@ -153,6 +153,7 @@ static struct nft_trans *nft_trans_alloc_gfp(const struct nft_ctx *ctx, + if (trans == NULL) + return NULL; + ++ INIT_LIST_HEAD(&trans->list); + trans->msg_type = msg_type; + trans->ctx = *ctx; + + diff --git a/patches.suse/tap-tap_open-correctly-initialize-socket-uid.patch b/patches.suse/tap-tap_open-correctly-initialize-socket-uid.patch new file mode 100644 index 0000000..51470f8 --- /dev/null +++ b/patches.suse/tap-tap_open-correctly-initialize-socket-uid.patch @@ -0,0 +1,43 @@ +From: Pietro Borrello +Date: Sat, 4 Feb 2023 17:39:22 +0000 +Subject: tap: tap_open(): correctly initialize socket uid +Git-commit: 66b2c338adce580dfce2199591e65e2bab889cff +Patch-mainline: v6.3-rc1 +References: CVE-2023-1076 bsc#1208599 + +sock_init_data() assumes that the `struct socket` passed in input is +contained in a `struct socket_alloc` allocated with sock_alloc(). +However, tap_open() passes a `struct socket` embedded in a `struct +tap_queue` allocated with sk_alloc(). +This causes a type confusion when issuing a container_of() with +SOCK_INODE() in sock_init_data() which results in assigning a wrong +sk_uid to the `struct sock` in input. +On default configuration, the type confused field overlaps with +padding bytes between `int vnet_hdr_sz` and `struct tap_dev __rcu +*tap` in `struct tap_queue`, which makes the uid of all tap sockets 0, +i.e., the root one. +Fix the assignment by using sock_init_data_uid(). + +Fixes: 86741ec25462 ("net: core: Add a UID field to struct sock.") +Signed-off-by: Pietro Borrello +Reviewed-by: Eric Dumazet +Signed-off-by: David S. Miller +Acked-by: Miroslav Franc +--- + drivers/net/tap.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/tap.c b/drivers/net/tap.c +index a2be1994b389..8941aa199ea3 100644 +--- a/drivers/net/tap.c ++++ b/drivers/net/tap.c +@@ -533,7 +533,7 @@ static int tap_open(struct inode *inode, struct file *file) + q->sock.state = SS_CONNECTED; + q->sock.file = file; + q->sock.ops = &tap_socket_ops; +- sock_init_data(&q->sock, &q->sk); ++ sock_init_data_uid(&q->sock, &q->sk, inode->i_uid); + q->sk.sk_write_space = tap_sock_write_space; + q->sk.sk_destruct = tap_sock_destruct; + q->flags = IFF_VNET_HDR | IFF_NO_PI | IFF_TAP; + diff --git a/patches.suse/tun-tun_chr_open-correctly-initialize-socket-uid.patch b/patches.suse/tun-tun_chr_open-correctly-initialize-socket-uid.patch new file mode 100644 index 0000000..ebeadfe --- /dev/null +++ b/patches.suse/tun-tun_chr_open-correctly-initialize-socket-uid.patch @@ -0,0 +1,43 @@ +From: Pietro Borrello +Date: Sat, 4 Feb 2023 17:39:21 +0000 +Subject: tun: tun_chr_open(): correctly initialize socket uid +Git-commit: a096ccca6e503a5c575717ff8a36ace27510ab0a +Patch-mainline: v6.3-rc1 +References: CVE-2023-1076 bsc#1208599 + +sock_init_data() assumes that the `struct socket` passed in input is +contained in a `struct socket_alloc` allocated with sock_alloc(). +However, tun_chr_open() passes a `struct socket` embedded in a `struct +tun_file` allocated with sk_alloc(). +This causes a type confusion when issuing a container_of() with +SOCK_INODE() in sock_init_data() which results in assigning a wrong +sk_uid to the `struct sock` in input. +On default configuration, the type confused field overlaps with the +high 4 bytes of `struct tun_struct __rcu *tun` of `struct tun_file`, +NULL at the time of call, which makes the uid of all tun sockets 0, +i.e., the root one. +Fix the assignment by using sock_init_data_uid(). + +Fixes: 86741ec25462 ("net: core: Add a UID field to struct sock.") +Signed-off-by: Pietro Borrello +Reviewed-by: Eric Dumazet +Signed-off-by: David S. Miller +Acked-by: Miroslav Franc +--- + drivers/net/tun.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/tun.c b/drivers/net/tun.c +index a7d17c680f4a..745131b2d6db 100644 +--- a/drivers/net/tun.c ++++ b/drivers/net/tun.c +@@ -3448,7 +3448,7 @@ static int tun_chr_open(struct inode *inode, struct file * file) + tfile->socket.file = file; + tfile->socket.ops = &tun_socket_ops; + +- sock_init_data(&tfile->socket, &tfile->sk); ++ sock_init_data_uid(&tfile->socket, &tfile->sk, inode->i_uid); + + tfile->sk.sk_write_space = tun_sock_write_space; + tfile->sk.sk_sndbuf = INT_MAX; + diff --git a/rpm/group-source-files.pl b/rpm/group-source-files.pl index 768ecff..89fa8e8 100755 --- a/rpm/group-source-files.pl +++ b/rpm/group-source-files.pl @@ -66,7 +66,7 @@ sub calc_dirs do { $path =~ s{/[^/]+$}{}; $dirs{$path} = 1; - } while ($path ne $base); + } while ($path ne $base and $path ne ""); # This loop also makes sure that $base itself is included. } diff --git a/rpm/kernel-binary.spec.in b/rpm/kernel-binary.spec.in index 3f65484..31bd232 100644 --- a/rpm/kernel-binary.spec.in +++ b/rpm/kernel-binary.spec.in @@ -723,6 +723,10 @@ export BRP_PESIGN_FILES %if "%{compress_modules}" != "none" export BRP_PESIGN_COMPRESS_MODULE=%{compress_modules} %endif +# Do not sign vanilla kernels released in official projects +%if %build_vanilla && ! %vanilla_only +BRP_PESIGN_FILES="" +%endif if test -x /usr/lib/rpm/pesign/gen-hmac; then $_ -r %buildroot /boot/%image-%kernelrelease-%build_flavor diff --git a/rpm/kernel-module-subpackage b/rpm/kernel-module-subpackage index 6645965..3a3d18c 100644 --- a/rpm/kernel-module-subpackage +++ b/rpm/kernel-module-subpackage @@ -82,23 +82,28 @@ END { exit(! good) } ' $spec ) %pre -n %{-n*}-kmp-%1 -%{-b:KMP_NEEDS_MKINITRD=1} /usr/lib/module-init-tools/kernel-scriptlets/kmp-pre --name "%{-n*}-kmp-%1" \ +%{-b:KMP_NEEDS_MKINITRD=1; export KMP_NEEDS_MKINITRD} +/usr/lib/module-init-tools/kernel-scriptlets/kmp-pre --name "%{-n*}-kmp-%1" \ --version "%_this_kmp_version" --release "%{-r*}" --kernelrelease "%2" \ --flavor "%1" --usrmerged "0%{?usrmerged}" "$@" %post -n %{-n*}-kmp-%1 -%{-b:KMP_NEEDS_MKINITRD=1} /usr/lib/module-init-tools/kernel-scriptlets/kmp-post --name "%{-n*}-kmp-%1" \ +%{-b:KMP_NEEDS_MKINITRD=1; export KMP_NEEDS_MKINITRD} +/usr/lib/module-init-tools/kernel-scriptlets/kmp-post --name "%{-n*}-kmp-%1" \ --version "%_this_kmp_version" --release "%{-r*}" --kernelrelease "%2" \ --flavor "%1" --usrmerged "0%{?usrmerged}" "$@" %preun -n %{-n*}-kmp-%1 -%{-b:KMP_NEEDS_MKINITRD=1} %run_if_exists /usr/lib/module-init-tools/kernel-scriptlets/kmp-preun --name "%{-n*}-kmp-%1" \ +%{-b:KMP_NEEDS_MKINITRD=1; export KMP_NEEDS_MKINITRD} +%run_if_exists /usr/lib/module-init-tools/kernel-scriptlets/kmp-preun --name "%{-n*}-kmp-%1" \ --version "%_this_kmp_version" --release "%{-r*}" --kernelrelease "%2" \ --flavor "%1" --usrmerged "0%{?usrmerged}" "$@" %postun -n %{-n*}-kmp-%1 -%{-b:KMP_NEEDS_MKINITRD=1} %run_if_exists /usr/lib/module-init-tools/kernel-scriptlets/kmp-postun --name "%{-n*}-kmp-%1" \ +%{-b:KMP_NEEDS_MKINITRD=1; export KMP_NEEDS_MKINITRD} +%run_if_exists /usr/lib/module-init-tools/kernel-scriptlets/kmp-postun --name "%{-n*}-kmp-%1" \ --version "%_this_kmp_version" --release "%{-r*}" --kernelrelease "%2" \ --flavor "%1" --usrmerged "0%{?usrmerged}" "$@" %posttrans -n %{-n*}-kmp-%1 -%{-b:KMP_NEEDS_MKINITRD=1} /usr/lib/module-init-tools/kernel-scriptlets/kmp-posttrans --name "%{-n*}-kmp-%1" \ +%{-b:KMP_NEEDS_MKINITRD=1; export KMP_NEEDS_MKINITRD} +/usr/lib/module-init-tools/kernel-scriptlets/kmp-posttrans --name "%{-n*}-kmp-%1" \ --version "%_this_kmp_version" --release "%{-r*}" --kernelrelease "%2" \ --flavor "%1" --usrmerged "0%{?usrmerged}" "$@" %files -n %{-n*}-kmp-%1 diff --git a/scripts/git_sort/tests/opensuse-15.3/Dockerfile b/scripts/git_sort/tests/opensuse-15.3/Dockerfile deleted file mode 100644 index 6c45bc6..0000000 --- a/scripts/git_sort/tests/opensuse-15.3/Dockerfile +++ /dev/null @@ -1,22 +0,0 @@ -# https://hub.docker.com/r/opensuse/leap/ -FROM opensuse/leap:15.3 AS base - -RUN zypper -n ref - -FROM base AS packages - -RUN zypper -n in git python3 python3-dbm rcs - -RUN git config --global user.email "you@example.com" -RUN git config --global user.name "Your Name" - -RUN zypper -n ar -G https://download.opensuse.org/repositories/Kernel:/tools/openSUSE_Leap_15.3/Kernel:tools.repo -RUN zypper -n in python3-pygit2 quilt - -FROM packages - -VOLUME /scripts - -WORKDIR /scripts/git_sort - -CMD python3 -m unittest discover -v diff --git a/scripts/git_sort/tests/opensuse-15.4/Dockerfile b/scripts/git_sort/tests/opensuse-15.4/Dockerfile new file mode 100644 index 0000000..1d5cbc7 --- /dev/null +++ b/scripts/git_sort/tests/opensuse-15.4/Dockerfile @@ -0,0 +1,24 @@ +# https://hub.docker.com/r/opensuse/leap/ +FROM opensuse/leap:15.4 AS base + +RUN zypper -n ref + +FROM base AS packages + +RUN zypper -n in git python3 python3-dbm rcs + +RUN git config --global user.email "you@example.com" +RUN git config --global user.name "Your Name" + +COPY Kernel.gpg /tmp +RUN rpmkeys --import /tmp/Kernel.gpg +RUN zypper -n ar https://download.opensuse.org/repositories/Kernel:/tools/SLE_15_SP4/Kernel:tools.repo +RUN zypper -n in python3-pygit2 quilt + +FROM packages + +VOLUME /scripts + +WORKDIR /scripts/git_sort + +CMD python3 -m unittest discover -v diff --git a/scripts/git_sort/tests/opensuse-tumbleweed/Dockerfile b/scripts/git_sort/tests/opensuse-tumbleweed/Dockerfile index 205d2c8..af6cfbc 100644 --- a/scripts/git_sort/tests/opensuse-tumbleweed/Dockerfile +++ b/scripts/git_sort/tests/opensuse-tumbleweed/Dockerfile @@ -10,7 +10,9 @@ RUN zypper -n in git python3 python3-dbm python3-pygit2 rcs util-linux RUN git config --global user.email "you@example.com" RUN git config --global user.name "Your Name" -RUN zypper -n ar -G https://download.opensuse.org/repositories/Kernel:/tools/openSUSE_Factory/Kernel:tools.repo +COPY Kernel.gpg /tmp +RUN rpmkeys --import /tmp/Kernel.gpg +RUN zypper -n ar https://download.opensuse.org/repositories/Kernel:/tools/openSUSE_Factory/Kernel:tools.repo RUN zypper -n in --from Kernel_tools quilt FROM packages diff --git a/scripts/git_sort/tests/run_all.sh b/scripts/git_sort/tests/run_all.sh index 0177c1a..f63ab5b 100755 --- a/scripts/git_sort/tests/run_all.sh +++ b/scripts/git_sort/tests/run_all.sh @@ -6,13 +6,19 @@ for release in \ sle12-sp4 \ sle12-sp5 \ sle15 \ - opensuse-15.3 \ + opensuse-15.4 \ opensuse-tumbleweed \ ; do echo "Building container image for $release..." + cp -a $libdir/../../lib/SUSE/Kernel.gpg $libdir/$release docker build -q -t gs-test-$release "$libdir/$release" + ret=$? + rm -f $libdir/$release/Kernel.gpg + [ $ret -eq 0 ] || exit $? echo "Running tests in $release:" docker run --rm --name=gs-test-$release \ --mount type=bind,source="$libdir/../../",target=/scripts,readonly \ gs-test-$release + ret=$? + [ $ret -eq 0 ] || exit $? done diff --git a/scripts/git_sort/tests/sle12-sp4/Dockerfile b/scripts/git_sort/tests/sle12-sp4/Dockerfile index e0c545b..49d8f9c 100644 --- a/scripts/git_sort/tests/sle12-sp4/Dockerfile +++ b/scripts/git_sort/tests/sle12-sp4/Dockerfile @@ -2,13 +2,13 @@ FROM registry.suse.de/suse/containers/sle-server/12-sp4/containers/suse/sles12sp4:latest AS base RUN rpm -e container-suseconnect -RUN zypper -n ar -G http://download.suse.de/ibs/SUSE:/SLE-12:/GA/standard/SUSE:SLE-12:GA.repo -RUN zypper -n ar -G http://download.suse.de/ibs/SUSE:/SLE-12:/Update/standard/SUSE:SLE-12:Update.repo -RUN zypper -n ar -G http://download.suse.de/install/SLP/SLE-12-SP4-Server-GM/$(rpm -E %_arch)/DVD1/ DVD1 -RUN zypper -n ar -G http://download.suse.de/install/SLP/SLE-12-SP4-Server-GM/$(rpm -E %_arch)/DVD2/ DVD2 -RUN zypper -n ar -G http://download.suse.de/install/SLP/SLE-12-SP4-Server-GM/$(rpm -E %_arch)/DVD3/ DVD3 +RUN zypper -n ar http://download.suse.de/ibs/SUSE:/SLE-12:/GA/standard/SUSE:SLE-12:GA.repo +RUN zypper -n ar http://download.suse.de/ibs/SUSE:/SLE-12:/Update/standard/SUSE:SLE-12:Update.repo +RUN zypper -n ar http://download.suse.de/install/SLP/SLE-12-SP4-Server-GM/$(rpm -E %_arch)/DVD1/ DVD1 +RUN zypper -n ar http://download.suse.de/install/SLP/SLE-12-SP4-Server-GM/$(rpm -E %_arch)/DVD2/ DVD2 +RUN zypper -n ar http://download.suse.de/install/SLP/SLE-12-SP4-Server-GM/$(rpm -E %_arch)/DVD3/ DVD3 # RUN zypper -n ar -G http://updates.suse.de/SUSE/Products/SLE-SDK/12-SP4/$(rpm -E %_arch)/product/ SDK -RUN zypper -n ar -G http://download.suse.de/update/build.suse.de/SUSE/Updates/SLE-SERVER/12-SP4/$(rpm -E %_arch)/update/SUSE:Updates:SLE-SERVER:12-SP4:$(rpm -E %_arch).repo +RUN zypper -n ar http://download.suse.de/update/build.suse.de/SUSE/Updates/SLE-SERVER/12-SP4/$(rpm -E %_arch)/update/SUSE:Updates:SLE-SERVER:12-SP4:$(rpm -E %_arch).repo RUN zypper -n ref @@ -19,7 +19,9 @@ RUN zypper -n in git-core python3 python3-dbm rcs RUN git config --global user.email "you@example.com" RUN git config --global user.name "Your Name" -RUN zypper -n ar -G https://download.opensuse.org/repositories/Kernel:/tools/SLE_12_SP4/Kernel:tools.repo +COPY Kernel.gpg /tmp +RUN rpmkeys --import /tmp/Kernel.gpg +RUN zypper -n ar https://download.opensuse.org/repositories/Kernel:/tools/SLE_12_SP4/Kernel:tools.repo RUN zypper -n in python3-pygit2 quilt FROM packages diff --git a/scripts/git_sort/tests/sle12-sp5/Dockerfile b/scripts/git_sort/tests/sle12-sp5/Dockerfile index c8b601d..f5e2f58 100644 --- a/scripts/git_sort/tests/sle12-sp5/Dockerfile +++ b/scripts/git_sort/tests/sle12-sp5/Dockerfile @@ -2,13 +2,13 @@ FROM registry.suse.de/suse/containers/sle-server/12-sp5/containers/suse/sles12sp5:latest AS base RUN rpm -e container-suseconnect -RUN zypper -n ar -G http://download.suse.de/ibs/SUSE:/SLE-12:/GA/standard/SUSE:SLE-12:GA.repo -RUN zypper -n ar -G http://download.suse.de/ibs/SUSE:/SLE-12:/Update/standard/SUSE:SLE-12:Update.repo -RUN zypper -n ar -G http://download.suse.de/install/SLP/SLE-12-SP5-Server-GM/$(rpm -E %_arch)/DVD1/ DVD1 -RUN zypper -n ar -G http://download.suse.de/install/SLP/SLE-12-SP5-Server-GM/$(rpm -E %_arch)/DVD2/ DVD2 -RUN zypper -n ar -G http://download.suse.de/install/SLP/SLE-12-SP5-Server-GM/$(rpm -E %_arch)/DVD3/ DVD3 +RUN zypper -n ar http://download.suse.de/ibs/SUSE:/SLE-12:/GA/standard/SUSE:SLE-12:GA.repo +RUN zypper -n ar http://download.suse.de/ibs/SUSE:/SLE-12:/Update/standard/SUSE:SLE-12:Update.repo +RUN zypper -n ar http://download.suse.de/install/SLP/SLE-12-SP5-Server-GM/$(rpm -E %_arch)/DVD1/ DVD1 +RUN zypper -n ar http://download.suse.de/install/SLP/SLE-12-SP5-Server-GM/$(rpm -E %_arch)/DVD2/ DVD2 +RUN zypper -n ar http://download.suse.de/install/SLP/SLE-12-SP5-Server-GM/$(rpm -E %_arch)/DVD3/ DVD3 # RUN zypper -n ar -G http://updates.suse.de/SUSE/Products/SLE-SDK/12-SP5/$(rpm -E %_arch)/product/ SDK -RUN zypper -n ar -G http://download.suse.de/update/build.suse.de/SUSE/Updates/SLE-SERVER/12-SP5/$(rpm -E %_arch)/update/SUSE:Updates:SLE-SERVER:12-SP5:$(rpm -E %_arch).repo +RUN zypper -n ar http://download.suse.de/update/build.suse.de/SUSE/Updates/SLE-SERVER/12-SP5/$(rpm -E %_arch)/update/SUSE:Updates:SLE-SERVER:12-SP5:$(rpm -E %_arch).repo RUN zypper -n ref @@ -19,7 +19,9 @@ RUN zypper -n in git-core python3 python3-dbm rcs RUN git config --global user.email "you@example.com" RUN git config --global user.name "Your Name" -RUN zypper -n ar -G https://download.opensuse.org/repositories/Kernel:/tools/SLE_12_SP5/Kernel:tools.repo +COPY Kernel.gpg /tmp +RUN rpmkeys --import /tmp/Kernel.gpg +RUN zypper -n ar https://download.opensuse.org/repositories/Kernel:/tools/SLE_12_SP5/Kernel:tools.repo RUN zypper -n in python3-pygit2 quilt FROM packages diff --git a/scripts/git_sort/tests/sle15/Dockerfile b/scripts/git_sort/tests/sle15/Dockerfile index 3fd5bf4..002074f 100644 --- a/scripts/git_sort/tests/sle15/Dockerfile +++ b/scripts/git_sort/tests/sle15/Dockerfile @@ -1,9 +1,9 @@ # http://registry.suse.de/ -FROM registry.suse.de/suse/containers/sle-server/15/containers/bci/python:3.9 AS base +FROM registry.suse.de/suse/containers/sle-server/15/containers/bci/python:3.6 AS base RUN rpm -e container-suseconnect -RUN zypper -n ar -G http://download.suse.de/ibs/SUSE:/SLE-15:/GA/standard/SUSE:SLE-15:GA.repo -RUN zypper -n ar -G http://download.suse.de/ibs/SUSE:/SLE-15:/Update/standard/SUSE:SLE-15:Update.repo +RUN zypper -n ar http://download.suse.de/ibs/SUSE:/SLE-15:/GA/standard/SUSE:SLE-15:GA.repo +RUN zypper -n ar http://download.suse.de/ibs/SUSE:/SLE-15:/Update/standard/SUSE:SLE-15:Update.repo RUN zypper -n ref FROM base AS packages @@ -13,7 +13,9 @@ RUN zypper -n in git-core python3 python3-dbm rcs awk RUN git config --global user.email "you@example.com" RUN git config --global user.name "Your Name" -RUN zypper -n ar -G https://download.opensuse.org/repositories/Kernel:/tools/SLE_15/Kernel:tools.repo +COPY Kernel.gpg /tmp +RUN rpmkeys --import /tmp/Kernel.gpg +RUN zypper -n ar https://download.opensuse.org/repositories/Kernel:/tools/SLE_15/Kernel:tools.repo RUN zypper -n in python3-pygit2 quilt FROM packages diff --git a/scripts/git_sort/tests/test_series_sort.py b/scripts/git_sort/tests/test_series_sort.py index f0ffe5b..25f80a9 100755 --- a/scripts/git_sort/tests/test_series_sort.py +++ b/scripts/git_sort/tests/test_series_sort.py @@ -293,8 +293,8 @@ class TestFromPatch(unittest.TestCase): self.repo.remotes.create("rdma", self.rdma_repo) self.dledford_repo = k_org_canon_prefix + "dledford/rdma.git" self.repo.remotes.create("dledford/rdma", self.dledford_repo) - self.nf_repo = k_org_canon_prefix + "pablo/nf.git" - self.repo.remotes.create("pablo/nf", self.nf_repo) + self.nf_repo = k_org_canon_prefix + "netfilter/nf.git" + self.repo.remotes.create("netfilter/nf", self.nf_repo) self.commits = {} self.commits["mainline 0"] = self.repo.create_commit( @@ -377,7 +377,7 @@ class TestFromPatch(unittest.TestCase): tree.write(), [self.commits["mainline 0"]] ) - self.repo.references.create("refs/remotes/pablo/nf/master", + self.repo.references.create("refs/remotes/netfilter/nf/master", self.commits["nf 0"]) self.commits["mainline 2"] = self.repo.create_commit( @@ -822,13 +822,13 @@ class TestFromPatch(unittest.TestCase): with open("series.conf", mode="w") as f: f.write(tests.support.format_series(( - ("pablo/nf-next", ( + ("netfilter/nf-next", ( name, )), ))) series2 = tests.support.format_series(( - ("pablo/nf", ( + ("netfilter/nf", ( name, )), )) @@ -838,9 +838,9 @@ class TestFromPatch(unittest.TestCase): def test_found_notindexed_upstream_bad2_moveupstream(self): """ - patch sorted in pablo nf-next (not fetched), commit found in pablo nf, + patch sorted in netfilter nf-next (not fetched), commit found in netfilter nf, git-repo tag is bad - moves to pablo nf + moves to netfilter nf tag is NOT updated This is a special case. See the log of commit 0ac6457e94e8 @@ -854,7 +854,7 @@ class TestFromPatch(unittest.TestCase): def test_found_notindexed_upstream_bad2_nomoveupstream(self): """ - patch sorted in pablo nf-next (not fetched), commit found in pablo nf, + patch sorted in netfilter nf-next (not fetched), commit found in netfilter nf, git-repo tag is bad error, possible causes: section is wrong or Git-repo is wrong diff --git a/scripts/lib/SUSE/Kernel.gpg b/scripts/lib/SUSE/Kernel.gpg new file mode 100644 index 0000000..4d7dbc7 --- /dev/null +++ b/scripts/lib/SUSE/Kernel.gpg @@ -0,0 +1,20 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.5 (GNU/Linux) + +mQENBFEaM/IBCADo3+2CX4/tZoGIooy7QF8+J94rwr7Tov3kXFADlXr+aG7zHMrz +r398QiSCmLsE7kJ8DcapHH+TaYrpy5yuS06RV4euhlJjo2+SHEcSzTGDIjrPTDvM +8KZE3CWZgyRTVZnTq7bRPtVhSIzkTPNyJe1AMMDZH8YYgDgo0zleZWR3w3VA75dC +fGUYjFTjymAM2QtzK3WAgywqZK0F21MKOCUWrz8ZFbCmdcZh/mAYDhmNlFcN6mZS +E/yD5E6pqGEF1Pr4dfwP0NbPBpsYq8wP3T5TIdaD5wr38u2QJNORxCKi8fuCqpf7 +HQx5v3x2EVz4VhRzzc31TPVz1LX5MPby8ypBABEBAAG0Lktlcm5lbCBPQlMgUHJv +amVjdCA8S2VybmVsQGJ1aWxkLm9wZW5zdXNlLm9yZz6JATwEEwECACYFAmFcgfcC +GwMFCRRg/gUGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRDs7vIQA1ecHYjiB/9j +HSpLuZUnN2YIg6BFTXs4thRLcH0oaYqqvn9j9B4JR9ORHkCharrsBGLRw8zk+Rxt +fCKkty0hkF8yEnnrQV1SaTIBotadf+OnK3Rll4XTO/i7ww7vNcBklYDl801j8z21 +rDoDt9WPRMO748XFHbc1lcQxw7kyfT5XrmpMA1aKcP8jGk2Zs0+1dR4ZlHMs5yq3 +txVIq5dZE+cB+5F4ab3QhFdtGJlW5oM4kzojLSvPJq2NMH4NZPM0fbotbrKSiVDO +QjYURv7Crh/3uPs2OHgh3QRaEva4rU7z2Q/z6Lo5iinQJ9WcRfL8cMOHxSMArUCw +IwudjqU4hN/AyJ+OIYK0iEYEExECAAYFAlEaM/IACgkQOzARt2udZSOyewCguDRQ +jsRPwMa3DqdijMtrGaWTtdcAn20WA8ufB0LM8evtkMiv4PmlYfEz +=ehs+ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/scripts/lib/SUSE/SUSE_Trust_Root.pem b/scripts/lib/SUSE/SUSE_Trust_Root.pem index 27cb843..85975b5 100644 --- a/scripts/lib/SUSE/SUSE_Trust_Root.pem +++ b/scripts/lib/SUSE/SUSE_Trust_Root.pem @@ -1,4 +1,4 @@ ------BEGIN TRUSTED CERTIFICATE----- +-----BEGIN CERTIFICATE----- MIIG6DCCBNCgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBqDELMAkGA1UEBhMCREUx EjAQBgNVBAgTCUZyYW5jb25pYTESMBAGA1UEBxMJTnVyZW1iZXJnMSEwHwYDVQQK ExhTVVNFIExpbnV4IFByb2R1Y3RzIEdtYkgxFTATBgNVBAsTDE9QUyBTZXJ2aWNl @@ -35,6 +35,5 @@ OL+vEVNBlzGiU2mPuk/E75V43dhnaI3ktqph5oNq6gEZWArLkze2nksWdexjH7G5 42cij0RBO/+5RjmVzG9IXzmScE2V57McJpVDf0lPV57+xCkn6msqyRiJoDS3DPfV ySq1QlcPxhQUNSbDIL663gwirdJyf98C4W/zVcwjnUc+zGgxVInqhJVpuWvte9h/ bIf8cLGxGtSyQ616qwdS92vg1atJoG51Jdxw0EhzFtxJ8QVrfkGn1IT2ngUYYaOK -W8NcaXbJ/yeblISOdtHRxuCpZs8P9MxDAQn/X873eYfcim1xfqSimgJ2dpAwEQwP -U1VTRSBUcnVzdCBSb290 ------END TRUSTED CERTIFICATE----- +W8NcaXbJ/yeblISOdtHRxuCpZs8P9MxDAQn/X873eYfcim1xfqSimgJ2dpA= +-----END CERTIFICATE----- diff --git a/scripts/osc_wrapper b/scripts/osc_wrapper index 83f98c1..1869e6c 100755 --- a/scripts/osc_wrapper +++ b/scripts/osc_wrapper @@ -251,11 +251,7 @@ do_build() shift ;; *.spec) - if test $# -eq 1; then - spec=$1 - else - osc_args=("${osc_args[@]}" "$1") - fi + spec=$1 shift ;; *) diff --git a/scripts/renamepatches b/scripts/renamepatches index f86d7da..81a4e44 100755 --- a/scripts/renamepatches +++ b/scripts/renamepatches @@ -29,14 +29,20 @@ fi branch=$1 trap 'rm -f "$temp"' EXIT temp=$(mktemp) -git grep -iE '^(Git-commit:|No-fix:|\(cherry picked from commit)' $branch | grep -vF patches.kernel.org > $temp +git grep -iE '^(Git-commit:|No-fix:|\(cherry picked from commit)' $branch -- 'patches.*' | tr ':' ' ' | \ + awk '!/patches.kernel.org/ {fn=$2; hash=$NF; map[hash]=map[hash] fn;} + END { for (hash in map) printf("map[%s]=\"%s\"\n", hash, map[hash]); }' \ + >$temp -grep -E "^[[:space:]]*patches\.[a-z]+\/" < series.conf | while read patch ; do - commit="$([ -f $patch ] && { grep -iE "^(Git-commit|No-fix):" < $patch | awk '{ print $2}' ; - grep -i "^(cherry picked from commit" < $patch | awk '{ print $5}' ; } )" - [ -n "$commit" ] && echo "$commit" | while read c ; do - grep -F $c < $temp | tr ':' ' ' | while read junk fn blah ; do - [ -n "$fn" ] && [ $fn != $patch ] && git mv $patch $fn && sed -i -e "s,$patch,$fn," series.conf - done - done +declare -A map +source $temp + +grep -E "^[[:space:]]*patches\.[a-z]+/" < series.conf | while read patch ; do + [ ! -f "$patch" ] && continue + commit="$(awk -v IGNORECASE=1 '/^(Git-commit|No-fix):/ { print $2} + /^\(cherry picked from commit/ { print $5}' $patch)" + [ -z "$commit" ] && continue + for fn in ${map[$commit]} ; do + [ $fn != $patch ] && git mv $patch $fn && sed -i -e "s,$patch,$fn," series.conf + done done diff --git a/scripts/sequence-patch.sh b/scripts/sequence-patch.sh index 15f9409..bdfac19 100755 --- a/scripts/sequence-patch.sh +++ b/scripts/sequence-patch.sh @@ -503,7 +503,7 @@ if ! [ -d $ORIG_DIR ]; then fi if $VANILLA; then - PATCHES=( $(scripts/guards $SYMBOLS < series.conf | egrep '^patches\.(kernel\.org|rpmify)/') ) + PATCHES=( $(scripts/guards $SYMBOLS < series.conf | grep -E '^patches\.(kernel\.org|rpmify)/') ) else PATCHES=( $(scripts/guards $SYMBOLS < series.conf) ) fi diff --git a/series.conf b/series.conf index 2b5eb04..5518a7f 100644 --- a/series.conf +++ b/series.conf @@ -23169,6 +23169,7 @@ patches.suse/msft-hv-2568-hv_netvsc-Print-value-of-invalid-ID-in-netvsc_send_-.patch patches.suse/msft-hv-2609-hv_netvsc-Fix-potential-dereference-of-NULL-pointer.patch patches.suse/drm-mali-dp-potential-dereference-of-null-pointer.patch + patches.suse/malidp-Fix-NULL-vs-IS_ERR-checking.patch patches.suse/msft-hv-2573-Drivers-hv-vmbus-Add-VMbus-IMC-device-to-unsupported.patch patches.suse/msft-hv-2574-PCI-hv-Fix-multi-MSI-to-allow-more-than-one-MSI-vect.patch patches.suse/msft-hv-2575-Drivers-hv-vmbus-Fix-handling-of-messages-with-trans.patch @@ -23266,6 +23267,7 @@ patches.suse/atm-idt77252-fix-use-after-free-bugs-caused-by-tst_t.patch patches.suse/netfilter-nf_tables-do-not-allow-SET_ID-to-refer-to-.patch patches.suse/netfilter-nf_tables-do-not-allow-RULE_ID-to-refer-to.patch + patches.suse/netfilter-nf_tables-fix-null-deref-due-to-zeroed-list-head.patch patches.suse/vsock-Fix-memory-leak-in-vsock_connect.patch patches.suse/devlink-Fix-use-after-free-after-a-failed-reload.patch patches.suse/net_sched-cls_route-remove-from-list-when-handle-is-.patch @@ -23357,6 +23359,12 @@ patches.suse/net-mana-Fix-accessing-freed-irq-affinity_hint.patch patches.suse/vmxnet3-move-rss-code-block-under-eop-descriptor.patch patches.suse/net-mpls-fix-stale-pointer-if-allocation-fails-durin.patch + patches.suse/net-add-sock_init_data_uid.patch + patches.suse/tun-tun_chr_open-correctly-initialize-socket-uid.patch + patches.suse/tap-tap_open-correctly-initialize-socket-uid.patch + patches.suse/HID-bigben-use-spinlock-to-protect-concurrent-access.patch + patches.suse/HID-bigben_worker-remove-unneeded-check-on-report_fi.patch + patches.suse/HID-bigben-use-spinlock-to-safely-schedule-workers.patch patches.suse/media-rc-Fix-use-after-free-bugs-caused-by-ene_tx_ir.patch ########################################################