cc97d0c...
by
Khaled El Mously
on 2019-10-01
UBUNTU: Ubuntu-5.0.0-32.34
Signed-off-by: Khalid Elmously <email address hidden>
a136335...
by
Khaled El Mously
on 2019-10-01
UBUNTU: link-to-tracker: update tracking bug
BugLink: https:/ /bugs.launchpad .net/bugs/ 1846097
Properties: no-test-build
Signed-off-by: Khalid Elmously <email address hidden>
c5e4ef6...
by
Khaled El Mously
on 2019-10-01
UBUNTU: Start new release
Ignore: yes
Signed-off-by: Khalid Elmously <email address hidden>
4695758...
by
Wen Huang <email address hidden>
on 2019-09-27
mwifiex: Fix three heap overflow at parsing element in cfg80211_ ap_settings
mwifiex_ update_ vs_ie() ,mwifiex_ set_uap_ rates() and
mwifiex_ set_wmm_ params( ) call memcpy() without checking
the destination size.Since the source is given from
user-space, this may trigger a heap buffer overflow.
Fix them by putting the length check before performing memcpy().
This fix addresses CVE-2019- 14814,CVE- 2019-14815, CVE-2019- 14816.
Signed-off-by: Wen Huang <email address hidden>
Acked-by: Ganapathi Bhat <email address hidden>
Signed-off-by: Kalle Valo <email address hidden>
CVE-2019-14814
CVE-2019-14815
CVE-2019-14816
(cherry picked from commit 7caac62ed598a19 6d6ddf8d9c121e1 2e082cac3a)
Signed-off-by: Tyler Hicks <email address hidden>
Acked-by: Seth Forshee <email address hidden>
Acked-by: Kamal Mostafa <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>
ff74cce...
by
Sean Young
on 2019-09-27
media: technisat-usb2: break out of loop at end of buffer
Ensure we do not access the buffer beyond the end if no 0xff byte
is encountered.
Reported-by: <email address hidden>
Signed-off-by: Sean Young <email address hidden>
Reviewed-by: Kees Cook <email address hidden>
Signed-off-by: Mauro Carvalho Chehab <email address hidden>
CVE-2019-15505
(cherry picked from commit 0c4df39e504bf92 5ab666132ac3c98 d6cbbe380b)
Signed-off-by: Tyler Hicks <email address hidden>
Acked-by: Seth Forshee <email address hidden>
Acked-by: Kamal Mostafa <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>
b5c81d9...
by
Todd Kjos <email address hidden>
on 2019-09-26
binder: check for overflow when alloc for security context
CVE-2019-2181
When allocating space in the target buffer for the security context,
make sure the extra_buffers_size doesn't overflow. This can only
happen if the given size is invalid, but an overflow can turn it
into a valid size. Fail the transaction if an overflow is detected.
Signed-off-by: Todd Kjos <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
(cherry picked from commit 0b0509508beff65 c1d50541861bc0d 4973487dc5)
Signed-off-by: Connor Kuehl <email address hidden>
Acked-by: Tyler Hicks <email address hidden>
Acked-by: Kleber Souza <email address hidden>
Signed-off-by: Khalid Elmously <email address hidden>
1419b2d...
by
Arnd Bergmann
on 2019-09-19
crypto: hisilicon - avoid unused function warning
BugLink: https:/ /bugs.launchpad .net/bugs/ 1845355
The only caller of hisi_zip_ vf_q_assign( ) is hidden in an #ifdef,
so the function causes a warning when CONFIG_PCI_IOV is disabled:
drivers/ crypto/ hisilicon/ zip/zip_ main.c: 740:12: error: unused function 'hisi_zip_ vf_q_assign' [-Werror, -Wunused- function]
Replace the #ifdef with an IS_ENABLED() check that leads to the
function being dropped based on the configuration.
Fixes: 79e09f30eeba ("crypto: hisilicon - add SRIOV support for ZIP")
Signed-off-by: Arnd Bergmann <email address hidden>
Signed-off-by: Herbert Xu <email address hidden>
(cherry picked from commit bf6a7a5ad6fa69e 48b735be75eeb90 569d9584bb)
Signed-off-by: dann frazier <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>
Acked-by: Seth Forshee <email address hidden>
Signed-off-by: Kleber Sacilotto de Souza <email address hidden>
8768b65...
by
Yunfeng Ye <email address hidden>
on 2019-09-16
crypto: hisilicon - Fix return value check in hisi_zip_ acompress( )
BugLink: https:/ /bugs.launchpad .net/bugs/ 1845355
The return valude of add_comp_head() is int, but @head_size is size_t,
which is a unsigned type.
size_t head_size;
...
if (head_size < 0) // it will never work
return -ENOMEM
Modify the type of @head_size to int, then change the type to size_t
when invoke hisi_zip_ create_ req() as a parameter.
Fixes: 62c455ca853e ("crypto: hisilicon - add HiSilicon ZIP accelerator support")
Signed-off-by: Yunfeng Ye <email address hidden>
Acked-by: Zhou Wang <email address hidden>
Signed-off-by: Herbert Xu <email address hidden>
(cherry picked from commit 62a9d9fc7a21000 5cdbbf186d6e655 228497dfac)
Signed-off-by: dann frazier <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>
Acked-by: Seth Forshee <email address hidden>
Signed-off-by: Kleber Sacilotto de Souza <email address hidden>
5136e9e...
by
Herbert Xu
on 2019-08-15
crypto: hisilicon - Fix warning on printing %p with dma_addr_t
BugLink: https:/ /bugs.launchpad .net/bugs/ 1845355
This patch fixes a printk format warning by replacing %p with %#llx
for dma_addr_t.
Signed-off-by: Herbert Xu <email address hidden>
(cherry picked from commit b395ed4f948a21c 27391ed7981e7e2 10d19c9366)
Signed-off-by: dann frazier <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>
Acked-by: Seth Forshee <email address hidden>
Signed-off-by: Kleber Sacilotto de Souza <email address hidden>
c84872b...
by
Zhou Wang <email address hidden>
on 2019-08-14
crypto: hisilicon - fix error handle in hisi_zip_ create_ req_q
BugLink: https:/ /bugs.launchpad .net/bugs/ 1845355
Directly return error in the first loop in hisi_zip_ create_ req_q.
Fixes: 62c455ca853e ("crypto: hisilicon - add HiSilicon ZIP accelerator support")
Signed-off-by: Zhou Wang <email address hidden>
Signed-off-by: Herbert Xu <email address hidden>
(cherry picked from commit 1ed2002f891dc10 82eb110eaafccfd e96d327aa3)
Signed-off-by: dann frazier <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>
Acked-by: Seth Forshee <email address hidden>
Signed-off-by: Kleber Sacilotto de Souza <email address hidden>