X-Git-Url: https://git.pld-linux.org/?a=blobdiff_plain;f=kernel-small_fixes.patch;h=a227229931d63172b9dc579d98a0799465ecca09;hb=406df5dfc5bc79efd62e0347cb4961cbb7d1bced;hp=0660f7e9c47418fa4f7a2c15bbce828915779c2f;hpb=1f4141ff17511fe2e5a35c0180a9321d1c775f47;p=packages%2Fkernel.git

diff --git a/kernel-small_fixes.patch b/kernel-small_fixes.patch
index 0660f7e9..a2272299 100644
--- a/kernel-small_fixes.patch
+++ b/kernel-small_fixes.patch
@@ -26,57 +26,18 @@
  				exit
  			fi
  		done
-
-diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c
-index 7a0c800..ec5ebbb 100644
---- a/drivers/net/ethernet/realtek/r8169.c
-+++ b/drivers/net/ethernet/realtek/r8169.c
-@@ -4103,6 +4103,14 @@ rtl8169_init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
- 	/* Get MAC address */
- 	for (i = 0; i < ETH_ALEN; i++)
- 		dev->dev_addr[i] = RTL_R8(MAC0 + i);
-+
-+	if (!is_valid_ether_addr(dev->dev_addr)) {
-+		/* Report it and use a random ethernet address instead */
-+		netdev_err(dev, "Invalid MAC address: %pM\n", dev->dev_addr);
-+		random_ether_addr(dev->dev_addr);
-+		netdev_info(dev, "Using random MAC address: %pM\n",
-+			    dev->dev_addr);
-+	}
- 	memcpy(dev->perm_addr, dev->dev_addr, dev->addr_len);
- 
- 	SET_ETHTOOL_OPS(dev, &rtl8169_ethtool_ops);
--- 
-1.7.7.3
-
-
-commit 6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0
-Author: Mathias Krause <minipli@googlemail.com>
-Date:   Sat Feb 23 01:13:47 2013 +0000
-
-    sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
-    
-    Userland can send a netlink message requesting SOCK_DIAG_BY_FAMILY
-    with a family greater or equal then AF_MAX -- the array size of
-    sock_diag_handlers[]. The current code does not test for this
-    condition therefore is vulnerable to an out-of-bound access opening
-    doors for a privilege escalation.
-    
-    Signed-off-by: Mathias Krause <minipli@googlemail.com>
-    Acked-by: Eric Dumazet <edumazet@google.com>
-    Signed-off-by: David S. Miller <davem@davemloft.net>
-
-diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c
-index 602cd63..750f44f 100644
---- a/net/core/sock_diag.c
-+++ b/net/core/sock_diag.c
-@@ -121,6 +121,9 @@ static int __sock_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
- 	if (nlmsg_len(nlh) < sizeof(*req))
- 		return -EINVAL;
+--- linux-4.14/security/selinux/include/classmap.h	2017-11-12 19:46:13.000000000 +0100
++++ linux-4.20/security/selinux/include/classmap.h	2018-12-24 00:55:59.000000000 +0100
+@@ -238,9 +238,11 @@
+ 	  { "access", NULL } },
+ 	{ "infiniband_endport",
+ 	  { "manage_subnet", NULL } },
++	{ "xdp_socket",
++	  { COMMON_SOCK_PERMS, NULL } },
+ 	{ NULL }
+   };
  
-+	if (req->sdiag_family >= AF_MAX)
-+		return -EINVAL;
-+
- 	hndl = sock_diag_lock_handler(req->sdiag_family);
- 	if (hndl == NULL)
- 		err = -ENOENT;
+-#if PF_MAX > 44
++#if PF_MAX > 45
+ #error New address family defined, please update secclass_map.
+ #endif