diff --git a/Patches/Linux_CVEs/CVE-2014-5206/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-5206/^3.16/0.patch similarity index 100% rename from Patches/Linux_CVEs/CVE-2014-5206/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-5206/^3.16/0.patch diff --git a/Patches/Linux_CVEs/CVE-2014-7822/3.2/0.patch b/Patches/Linux_CVEs/CVE-2014-7822/3.2-^3.16/0.patch similarity index 100% rename from Patches/Linux_CVEs/CVE-2014-7822/3.2/0.patch rename to Patches/Linux_CVEs/CVE-2014-7822/3.2-^3.16/0.patch diff --git a/Patches/Linux_CVEs/CVE-2014-8160/3.2/1.patch b/Patches/Linux_CVEs/CVE-2014-8160/3.2-^3.18/1.patch similarity index 100% rename from Patches/Linux_CVEs/CVE-2014-8160/3.2/1.patch rename to Patches/Linux_CVEs/CVE-2014-8160/3.2-^3.18/1.patch diff --git a/Patches/Linux_CVEs/CVE-2014-8160/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-8160/^3.18/0.patch similarity index 100% rename from Patches/Linux_CVEs/CVE-2014-8160/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-8160/^3.18/0.patch diff --git a/Patches/Linux_CVEs/CVE-2014-9420/3.2/1.patch b/Patches/Linux_CVEs/CVE-2014-9420/3.2-^3.18/1.patch similarity index 100% rename from Patches/Linux_CVEs/CVE-2014-9420/3.2/1.patch rename to Patches/Linux_CVEs/CVE-2014-9420/3.2-^3.18/1.patch diff --git a/Patches/Linux_CVEs/CVE-2014-9420/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9420/^3.18/0.patch similarity index 100% rename from Patches/Linux_CVEs/CVE-2014-9420/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9420/^3.18/0.patch diff --git a/Patches/Linux_CVEs/CVE-2014-9683/3.2/1.patch b/Patches/Linux_CVEs/CVE-2014-9683/3.2-^3.18/1.patch similarity index 100% rename from Patches/Linux_CVEs/CVE-2014-9683/3.2/1.patch rename to Patches/Linux_CVEs/CVE-2014-9683/3.2-^3.18/1.patch diff --git a/Patches/Linux_CVEs/CVE-2014-9683/ANY/0.patch b/Patches/Linux_CVEs/CVE-2014-9683/^3.18/0.patch similarity index 100% rename from Patches/Linux_CVEs/CVE-2014-9683/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2014-9683/^3.18/0.patch diff --git a/Patches/Linux_CVEs/CVE-2015-1805/3.4/0.patch b/Patches/Linux_CVEs/CVE-2015-1805/3.4-^3.16/0.patch similarity index 100% rename from Patches/Linux_CVEs/CVE-2015-1805/3.4/0.patch rename to Patches/Linux_CVEs/CVE-2015-1805/3.4-^3.16/0.patch diff --git a/Patches/Linux_CVEs/CVE-2015-7515/3.2/1.patch b/Patches/Linux_CVEs/CVE-2015-7515/3.2-^4.4/1.patch similarity index 100% rename from Patches/Linux_CVEs/CVE-2015-7515/3.2/1.patch rename to Patches/Linux_CVEs/CVE-2015-7515/3.2-^4.4/1.patch diff --git a/Patches/Linux_CVEs/CVE-2015-7515/ANY/0.patch b/Patches/Linux_CVEs/CVE-2015-7515/^4.4/0.patch similarity index 100% rename from Patches/Linux_CVEs/CVE-2015-7515/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2015-7515/^4.4/0.patch diff --git a/Patches/Linux_CVEs/CVE-2016-0806/3.10/0.patch b/Patches/Linux_CVEs/CVE-2016-0806/3.10/0.patch index c2124b2f..699d9844 100644 --- a/Patches/Linux_CVEs/CVE-2016-0806/3.10/0.patch +++ b/Patches/Linux_CVEs/CVE-2016-0806/3.10/0.patch @@ -628,6 +628,7 @@ + @@ -4107,6 +4108,7 @@ + @@ -4115,6 +4117,10 @@ + + + + diff --git a/Patches/Linux_CVEs/CVE-2016-0806/3.4/1.patch b/Patches/Linux_CVEs/CVE-2016-0806/3.4/1.patch index 374e10ad..ea0d9d55 100644 --- a/Patches/Linux_CVEs/CVE-2016-0806/3.4/1.patch +++ b/Patches/Linux_CVEs/CVE-2016-0806/3.4/1.patch @@ -628,6 +628,7 @@ + @@ -4107,6 +4108,7 @@ + @@ -4115,6 +4117,10 @@ + + + + diff --git a/Patches/Linux_CVEs/CVE-2016-10229/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-10229/^4.5/0.patch similarity index 100% rename from Patches/Linux_CVEs/CVE-2016-10229/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-10229/^4.5/0.patch diff --git a/Patches/Linux_CVEs/CVE-2016-3137/ANY/1.patch.disabled b/Patches/Linux_CVEs/CVE-2016-3137/ANY/1.patch.dupe similarity index 100% rename from Patches/Linux_CVEs/CVE-2016-3137/ANY/1.patch.disabled rename to Patches/Linux_CVEs/CVE-2016-3137/ANY/1.patch.dupe diff --git a/Patches/Linux_CVEs/CVE-2016-4486/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-4486/^4.5/0.patch similarity index 100% rename from Patches/Linux_CVEs/CVE-2016-4486/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-4486/^4.5/0.patch diff --git a/Patches/Linux_CVEs/CVE-2016-7097/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-7097/^4.8/0.patch similarity index 100% rename from Patches/Linux_CVEs/CVE-2016-7097/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-7097/^4.8/0.patch diff --git a/Patches/Linux_CVEs/CVE-2016-7916/ANY/0.patch b/Patches/Linux_CVEs/CVE-2016-7916/^4.5/0.patch similarity index 100% rename from Patches/Linux_CVEs/CVE-2016-7916/ANY/0.patch rename to Patches/Linux_CVEs/CVE-2016-7916/^4.5/0.patch diff --git a/Patches/Linux_CVEs/CVE-2017-13080/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-13080/ANY/0.patch deleted file mode 100644 index f110d56b..00000000 --- a/Patches/Linux_CVEs/CVE-2017-13080/ANY/0.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 6bd7e74005e90ef79402a9c94e1044f845aa49f1 Mon Sep 17 00:00:00 2001 -From: Johannes Berg -Date: Tue, 5 Sep 2017 14:54:54 +0200 -Subject: [PATCH] mac80211: accept key reinstall without changing anything - -When a key is reinstalled we can reset the replay counters -etc. which can lead to nonce reuse and/or replay detection -being impossible, breaking security properties, as described -in the "KRACK attacks". - -In particular, CVE-2017-13080 applies to GTK rekeying that -happened in firmware while the host is in D3, with the second -part of the attack being done after the host wakes up. In -this case, the wpa_supplicant mitigation isn't sufficient -since wpa_supplicant doesn't know the GTK material. - -In case this happens, simply silently accept the new key -coming from userspace but don't take any action on it since -it's the same key; this keeps the PN replay counters intact. - -Change-Id: If973789c12d2afcd9192f796e27bc9598c5dd1c0 -Signed-off-by: Johannes Berg ---- - net/mac80211/key.c | 20 +++++++++++++++++--- - 1 file changed, 17 insertions(+), 3 deletions(-) - -diff --git a/net/mac80211/key.c b/net/mac80211/key.c -index 5bb600d93d7..cebe30315d9 100644 ---- a/net/mac80211/key.c -+++ b/net/mac80211/key.c -@@ -3,6 +3,7 @@ - * Copyright 2005-2006, Devicescape Software, Inc. - * Copyright 2006-2007 Jiri Benc - * Copyright 2007-2008 Johannes Berg -+ * Copyright 2015-2017 Intel Deutschland GmbH - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as -@@ -452,9 +453,6 @@ int ieee80211_key_link(struct ieee80211_key *key, - - pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE; - idx = key->conf.keyidx; -- key->local = sdata->local; -- key->sdata = sdata; -- key->sta = sta; - - if (sta) { - /* -@@ -491,6 +489,21 @@ int ieee80211_key_link(struct ieee80211_key *key, - else - old_key = key_mtx_dereference(sdata->local, sdata->keys[idx]); - -+ /* -+ * Silently accept key re-installation without really installing the -+ * new version of the key to avoid nonce reuse or replay issues. -+ */ -+ if (old_key && key->conf.keylen == old_key->conf.keylen && -+ !memcmp(key->conf.key, old_key->conf.key, key->conf.keylen)) { -+ ieee80211_key_free_unused(key); -+ ret = 0; -+ goto out; -+ } -+ -+ key->local = sdata->local; -+ key->sdata = sdata; -+ key->sta = sta; -+ - increment_tailroom_need_count(sdata); - - __ieee80211_key_replace(sdata, sta, pairwise, old_key, key); -@@ -500,6 +513,7 @@ int ieee80211_key_link(struct ieee80211_key *key, - - ret = ieee80211_key_enable_hw_accel(key); - -+ out: - mutex_unlock(&sdata->local->key_mtx); - - return ret; diff --git a/Patches/Linux_CVEs/CVE-2017-7187/ANY/0.patch b/Patches/Linux_CVEs/CVE-2017-7187/ANY/0.patch index a68b08dd..818fca1d 100644 --- a/Patches/Linux_CVEs/CVE-2017-7187/ANY/0.patch +++ b/Patches/Linux_CVEs/CVE-2017-7187/ANY/0.patch @@ -48,7 +48,7 @@ Acked-by: Douglas Gilbert <dgilbert@interlog.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Diffstat
-rw-r--r--drivers/scsi/sg.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
index e831e01..849ff810 100644
--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c
@@ -996,6 +996,8 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg)
result = get_user(val, ip);
if (result)
return result;
+ if (val > SG_MAX_CDB_SIZE)
+ return -ENOMEM;
sfp->next_cmd_len = (val > 0) ? val : 0;
return 0;
case SG_GET_VERSION_NUM:
-
generated by cgit v1.1 at 2017-10-31 17:14:35 +0000
+
generated by cgit v1.1 at 2017-11-02 19:04:29 +0000
diff --git a/Scripts/LineageOS-14.1/Patch.sh b/Scripts/LineageOS-14.1/Patch.sh index 6f244334..5da246df 100755 --- a/Scripts/LineageOS-14.1/Patch.sh +++ b/Scripts/LineageOS-14.1/Patch.sh @@ -246,7 +246,7 @@ patch -p1 < $patches"android_kernel_motorola_msm8916/0001-Overclock.patch" #1.36 #Make changes to all devices cd $base find "device" -maxdepth 2 -mindepth 2 -type d -exec bash -c 'enhanceLocation "$0"' {} \; -find "device" -maxdepth 2 -mindepth 2 -type d -exec bash -c 'enabledForcedEncryption "$0"' {} \; +#find "device" -maxdepth 2 -mindepth 2 -type d -exec bash -c 'enabledForcedEncryption "$0"' {} \; cd $base # #END OF DEVICE CHANGES