commit 5b3d0ced9505101bb6a7c1f0eb4978d8f7e9d005

OBS-URL: https://build.opensuse.org/package/show/Kernel:stable/kernel-source?expand=0&rev=809
This commit is contained in:
Jiri Slaby 2018-01-25 13:33:20 +00:00 committed by Git OBS Bridge
parent 76c41d6be9
commit 531dbf4264
35 changed files with 960 additions and 35 deletions

View File

@ -1,3 +1,61 @@
-------------------------------------------------------------------
Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
- Revert "futex: Prevent overflow by strengthen input validation"
(4.14.15-fix).
- commit 5b3d0ce
-------------------------------------------------------------------
Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
- asm/nospec, array_ptr: sanitize speculative array de-references
(bsc#1068032 CVE-2017-5715).
- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
CVE-2017-5715).
- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
CVE-2017-5715).
- x86, get_user: use pointer masking to limit speculation
(bsc#1068032 CVE-2017-5715).
- x86: narrow out of bounds syscalls to sys_read under speculation
(bsc#1068032 CVE-2017-5715).
- vfs, fdtable: prevent bounds-check bypass via speculative
execution (bsc#1068032 CVE-2017-5715).
- kvm, x86: update spectre-v1 mitigation (bsc#1068032
CVE-2017-5715).
- nl80211: sanitize array index in parse_txq_params (bsc#1068032
CVE-2017-5715).
- Delete
patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
- Delete
patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
- Delete
patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
- Delete
patches.suse/0007-carl9170-prevent-speculative-execution.patch.
- Delete
patches.suse/0008-p54-prevent-speculative-execution.patch.
- Delete
patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
- Delete
patches.suse/0010-cw1200-prevent-speculative-execution.patch.
- Delete
patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
- Delete
patches.suse/0012-ipv4-prevent-speculative-execution.patch.
- Delete
patches.suse/0013-ipv6-prevent-speculative-execution.patch.
- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
- Delete
patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
- Delete
patches.suse/0016-udf-prevent-speculative-execution.patch.
- Delete
patches.suse/0017-userns-prevent-speculative-execution.patch.
Replace intel's shit by the potential upstream solution for spectre_v1.
- commit 6fdb1df
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz

View File

@ -31,7 +31,7 @@
Name: dtb-aarch64 Name: dtb-aarch64
Version: 4.14.15 Version: 4.14.15
%if 0%{?is_kotd} %if 0%{?is_kotd}
Release: <RELEASE>.gfe1d712 Release: <RELEASE>.g5b3d0ce
%else %else
Release: 0 Release: 0
%endif %endif

View File

@ -1,3 +1,61 @@
-------------------------------------------------------------------
Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
- Revert "futex: Prevent overflow by strengthen input validation"
(4.14.15-fix).
- commit 5b3d0ce
-------------------------------------------------------------------
Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
- asm/nospec, array_ptr: sanitize speculative array de-references
(bsc#1068032 CVE-2017-5715).
- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
CVE-2017-5715).
- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
CVE-2017-5715).
- x86, get_user: use pointer masking to limit speculation
(bsc#1068032 CVE-2017-5715).
- x86: narrow out of bounds syscalls to sys_read under speculation
(bsc#1068032 CVE-2017-5715).
- vfs, fdtable: prevent bounds-check bypass via speculative
execution (bsc#1068032 CVE-2017-5715).
- kvm, x86: update spectre-v1 mitigation (bsc#1068032
CVE-2017-5715).
- nl80211: sanitize array index in parse_txq_params (bsc#1068032
CVE-2017-5715).
- Delete
patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
- Delete
patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
- Delete
patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
- Delete
patches.suse/0007-carl9170-prevent-speculative-execution.patch.
- Delete
patches.suse/0008-p54-prevent-speculative-execution.patch.
- Delete
patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
- Delete
patches.suse/0010-cw1200-prevent-speculative-execution.patch.
- Delete
patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
- Delete
patches.suse/0012-ipv4-prevent-speculative-execution.patch.
- Delete
patches.suse/0013-ipv6-prevent-speculative-execution.patch.
- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
- Delete
patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
- Delete
patches.suse/0016-udf-prevent-speculative-execution.patch.
- Delete
patches.suse/0017-userns-prevent-speculative-execution.patch.
Replace intel's shit by the potential upstream solution for spectre_v1.
- commit 6fdb1df
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz

View File

@ -31,7 +31,7 @@
Name: dtb-armv6l Name: dtb-armv6l
Version: 4.14.15 Version: 4.14.15
%if 0%{?is_kotd} %if 0%{?is_kotd}
Release: <RELEASE>.gfe1d712 Release: <RELEASE>.g5b3d0ce
%else %else
Release: 0 Release: 0
%endif %endif

View File

@ -1,3 +1,61 @@
-------------------------------------------------------------------
Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
- Revert "futex: Prevent overflow by strengthen input validation"
(4.14.15-fix).
- commit 5b3d0ce
-------------------------------------------------------------------
Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
- asm/nospec, array_ptr: sanitize speculative array de-references
(bsc#1068032 CVE-2017-5715).
- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
CVE-2017-5715).
- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
CVE-2017-5715).
- x86, get_user: use pointer masking to limit speculation
(bsc#1068032 CVE-2017-5715).
- x86: narrow out of bounds syscalls to sys_read under speculation
(bsc#1068032 CVE-2017-5715).
- vfs, fdtable: prevent bounds-check bypass via speculative
execution (bsc#1068032 CVE-2017-5715).
- kvm, x86: update spectre-v1 mitigation (bsc#1068032
CVE-2017-5715).
- nl80211: sanitize array index in parse_txq_params (bsc#1068032
CVE-2017-5715).
- Delete
patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
- Delete
patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
- Delete
patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
- Delete
patches.suse/0007-carl9170-prevent-speculative-execution.patch.
- Delete
patches.suse/0008-p54-prevent-speculative-execution.patch.
- Delete
patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
- Delete
patches.suse/0010-cw1200-prevent-speculative-execution.patch.
- Delete
patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
- Delete
patches.suse/0012-ipv4-prevent-speculative-execution.patch.
- Delete
patches.suse/0013-ipv6-prevent-speculative-execution.patch.
- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
- Delete
patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
- Delete
patches.suse/0016-udf-prevent-speculative-execution.patch.
- Delete
patches.suse/0017-userns-prevent-speculative-execution.patch.
Replace intel's shit by the potential upstream solution for spectre_v1.
- commit 6fdb1df
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz

View File

@ -31,7 +31,7 @@
Name: dtb-armv7l Name: dtb-armv7l
Version: 4.14.15 Version: 4.14.15
%if 0%{?is_kotd} %if 0%{?is_kotd}
Release: <RELEASE>.gfe1d712 Release: <RELEASE>.g5b3d0ce
%else %else
Release: 0 Release: 0
%endif %endif

View File

@ -1,3 +1,61 @@
-------------------------------------------------------------------
Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
- Revert "futex: Prevent overflow by strengthen input validation"
(4.14.15-fix).
- commit 5b3d0ce
-------------------------------------------------------------------
Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
- asm/nospec, array_ptr: sanitize speculative array de-references
(bsc#1068032 CVE-2017-5715).
- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
CVE-2017-5715).
- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
CVE-2017-5715).
- x86, get_user: use pointer masking to limit speculation
(bsc#1068032 CVE-2017-5715).
- x86: narrow out of bounds syscalls to sys_read under speculation
(bsc#1068032 CVE-2017-5715).
- vfs, fdtable: prevent bounds-check bypass via speculative
execution (bsc#1068032 CVE-2017-5715).
- kvm, x86: update spectre-v1 mitigation (bsc#1068032
CVE-2017-5715).
- nl80211: sanitize array index in parse_txq_params (bsc#1068032
CVE-2017-5715).
- Delete
patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
- Delete
patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
- Delete
patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
- Delete
patches.suse/0007-carl9170-prevent-speculative-execution.patch.
- Delete
patches.suse/0008-p54-prevent-speculative-execution.patch.
- Delete
patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
- Delete
patches.suse/0010-cw1200-prevent-speculative-execution.patch.
- Delete
patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
- Delete
patches.suse/0012-ipv4-prevent-speculative-execution.patch.
- Delete
patches.suse/0013-ipv6-prevent-speculative-execution.patch.
- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
- Delete
patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
- Delete
patches.suse/0016-udf-prevent-speculative-execution.patch.
- Delete
patches.suse/0017-userns-prevent-speculative-execution.patch.
Replace intel's shit by the potential upstream solution for spectre_v1.
- commit 6fdb1df
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz

View File

@ -60,7 +60,7 @@ License: GPL-2.0
Group: System/Kernel Group: System/Kernel
Version: 4.14.15 Version: 4.14.15
%if 0%{?is_kotd} %if 0%{?is_kotd}
Release: <RELEASE>.gfe1d712 Release: <RELEASE>.g5b3d0ce
%else %else
Release: 0 Release: 0
%endif %endif

View File

@ -1,3 +1,61 @@
-------------------------------------------------------------------
Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
- Revert "futex: Prevent overflow by strengthen input validation"
(4.14.15-fix).
- commit 5b3d0ce
-------------------------------------------------------------------
Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
- asm/nospec, array_ptr: sanitize speculative array de-references
(bsc#1068032 CVE-2017-5715).
- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
CVE-2017-5715).
- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
CVE-2017-5715).
- x86, get_user: use pointer masking to limit speculation
(bsc#1068032 CVE-2017-5715).
- x86: narrow out of bounds syscalls to sys_read under speculation
(bsc#1068032 CVE-2017-5715).
- vfs, fdtable: prevent bounds-check bypass via speculative
execution (bsc#1068032 CVE-2017-5715).
- kvm, x86: update spectre-v1 mitigation (bsc#1068032
CVE-2017-5715).
- nl80211: sanitize array index in parse_txq_params (bsc#1068032
CVE-2017-5715).
- Delete
patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
- Delete
patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
- Delete
patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
- Delete
patches.suse/0007-carl9170-prevent-speculative-execution.patch.
- Delete
patches.suse/0008-p54-prevent-speculative-execution.patch.
- Delete
patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
- Delete
patches.suse/0010-cw1200-prevent-speculative-execution.patch.
- Delete
patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
- Delete
patches.suse/0012-ipv4-prevent-speculative-execution.patch.
- Delete
patches.suse/0013-ipv6-prevent-speculative-execution.patch.
- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
- Delete
patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
- Delete
patches.suse/0016-udf-prevent-speculative-execution.patch.
- Delete
patches.suse/0017-userns-prevent-speculative-execution.patch.
Replace intel's shit by the potential upstream solution for spectre_v1.
- commit 6fdb1df
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz

View File

@ -60,7 +60,7 @@ License: GPL-2.0
Group: System/Kernel Group: System/Kernel
Version: 4.14.15 Version: 4.14.15
%if 0%{?is_kotd} %if 0%{?is_kotd}
Release: <RELEASE>.gfe1d712 Release: <RELEASE>.g5b3d0ce
%else %else
Release: 0 Release: 0
%endif %endif

View File

@ -1,3 +1,61 @@
-------------------------------------------------------------------
Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
- Revert "futex: Prevent overflow by strengthen input validation"
(4.14.15-fix).
- commit 5b3d0ce
-------------------------------------------------------------------
Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
- asm/nospec, array_ptr: sanitize speculative array de-references
(bsc#1068032 CVE-2017-5715).
- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
CVE-2017-5715).
- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
CVE-2017-5715).
- x86, get_user: use pointer masking to limit speculation
(bsc#1068032 CVE-2017-5715).
- x86: narrow out of bounds syscalls to sys_read under speculation
(bsc#1068032 CVE-2017-5715).
- vfs, fdtable: prevent bounds-check bypass via speculative
execution (bsc#1068032 CVE-2017-5715).
- kvm, x86: update spectre-v1 mitigation (bsc#1068032
CVE-2017-5715).
- nl80211: sanitize array index in parse_txq_params (bsc#1068032
CVE-2017-5715).
- Delete
patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
- Delete
patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
- Delete
patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
- Delete
patches.suse/0007-carl9170-prevent-speculative-execution.patch.
- Delete
patches.suse/0008-p54-prevent-speculative-execution.patch.
- Delete
patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
- Delete
patches.suse/0010-cw1200-prevent-speculative-execution.patch.
- Delete
patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
- Delete
patches.suse/0012-ipv4-prevent-speculative-execution.patch.
- Delete
patches.suse/0013-ipv6-prevent-speculative-execution.patch.
- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
- Delete
patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
- Delete
patches.suse/0016-udf-prevent-speculative-execution.patch.
- Delete
patches.suse/0017-userns-prevent-speculative-execution.patch.
Replace intel's shit by the potential upstream solution for spectre_v1.
- commit 6fdb1df
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz

View File

@ -60,7 +60,7 @@ License: GPL-2.0
Group: System/Kernel Group: System/Kernel
Version: 4.14.15 Version: 4.14.15
%if 0%{?is_kotd} %if 0%{?is_kotd}
Release: <RELEASE>.gfe1d712 Release: <RELEASE>.g5b3d0ce
%else %else
Release: 0 Release: 0
%endif %endif

View File

@ -1,3 +1,61 @@
-------------------------------------------------------------------
Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
- Revert "futex: Prevent overflow by strengthen input validation"
(4.14.15-fix).
- commit 5b3d0ce
-------------------------------------------------------------------
Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
- asm/nospec, array_ptr: sanitize speculative array de-references
(bsc#1068032 CVE-2017-5715).
- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
CVE-2017-5715).
- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
CVE-2017-5715).
- x86, get_user: use pointer masking to limit speculation
(bsc#1068032 CVE-2017-5715).
- x86: narrow out of bounds syscalls to sys_read under speculation
(bsc#1068032 CVE-2017-5715).
- vfs, fdtable: prevent bounds-check bypass via speculative
execution (bsc#1068032 CVE-2017-5715).
- kvm, x86: update spectre-v1 mitigation (bsc#1068032
CVE-2017-5715).
- nl80211: sanitize array index in parse_txq_params (bsc#1068032
CVE-2017-5715).
- Delete
patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
- Delete
patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
- Delete
patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
- Delete
patches.suse/0007-carl9170-prevent-speculative-execution.patch.
- Delete
patches.suse/0008-p54-prevent-speculative-execution.patch.
- Delete
patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
- Delete
patches.suse/0010-cw1200-prevent-speculative-execution.patch.
- Delete
patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
- Delete
patches.suse/0012-ipv4-prevent-speculative-execution.patch.
- Delete
patches.suse/0013-ipv6-prevent-speculative-execution.patch.
- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
- Delete
patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
- Delete
patches.suse/0016-udf-prevent-speculative-execution.patch.
- Delete
patches.suse/0017-userns-prevent-speculative-execution.patch.
Replace intel's shit by the potential upstream solution for spectre_v1.
- commit 6fdb1df
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz

View File

@ -33,7 +33,7 @@ License: GPL-2.0
Group: Documentation/Man Group: Documentation/Man
Version: 4.14.15 Version: 4.14.15
%if 0%{?is_kotd} %if 0%{?is_kotd}
Release: <RELEASE>.gfe1d712 Release: <RELEASE>.g5b3d0ce
%else %else
Release: 0 Release: 0
%endif %endif

View File

@ -1,3 +1,61 @@
-------------------------------------------------------------------
Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
- Revert "futex: Prevent overflow by strengthen input validation"
(4.14.15-fix).
- commit 5b3d0ce
-------------------------------------------------------------------
Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
- asm/nospec, array_ptr: sanitize speculative array de-references
(bsc#1068032 CVE-2017-5715).
- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
CVE-2017-5715).
- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
CVE-2017-5715).
- x86, get_user: use pointer masking to limit speculation
(bsc#1068032 CVE-2017-5715).
- x86: narrow out of bounds syscalls to sys_read under speculation
(bsc#1068032 CVE-2017-5715).
- vfs, fdtable: prevent bounds-check bypass via speculative
execution (bsc#1068032 CVE-2017-5715).
- kvm, x86: update spectre-v1 mitigation (bsc#1068032
CVE-2017-5715).
- nl80211: sanitize array index in parse_txq_params (bsc#1068032
CVE-2017-5715).
- Delete
patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
- Delete
patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
- Delete
patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
- Delete
patches.suse/0007-carl9170-prevent-speculative-execution.patch.
- Delete
patches.suse/0008-p54-prevent-speculative-execution.patch.
- Delete
patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
- Delete
patches.suse/0010-cw1200-prevent-speculative-execution.patch.
- Delete
patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
- Delete
patches.suse/0012-ipv4-prevent-speculative-execution.patch.
- Delete
patches.suse/0013-ipv6-prevent-speculative-execution.patch.
- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
- Delete
patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
- Delete
patches.suse/0016-udf-prevent-speculative-execution.patch.
- Delete
patches.suse/0017-userns-prevent-speculative-execution.patch.
Replace intel's shit by the potential upstream solution for spectre_v1.
- commit 6fdb1df
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz

View File

@ -60,7 +60,7 @@ License: GPL-2.0
Group: System/Kernel Group: System/Kernel
Version: 4.14.15 Version: 4.14.15
%if 0%{?is_kotd} %if 0%{?is_kotd}
Release: <RELEASE>.gfe1d712 Release: <RELEASE>.g5b3d0ce
%else %else
Release: 0 Release: 0
%endif %endif

View File

@ -1,3 +1,61 @@
-------------------------------------------------------------------
Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
- Revert "futex: Prevent overflow by strengthen input validation"
(4.14.15-fix).
- commit 5b3d0ce
-------------------------------------------------------------------
Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
- asm/nospec, array_ptr: sanitize speculative array de-references
(bsc#1068032 CVE-2017-5715).
- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
CVE-2017-5715).
- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
CVE-2017-5715).
- x86, get_user: use pointer masking to limit speculation
(bsc#1068032 CVE-2017-5715).
- x86: narrow out of bounds syscalls to sys_read under speculation
(bsc#1068032 CVE-2017-5715).
- vfs, fdtable: prevent bounds-check bypass via speculative
execution (bsc#1068032 CVE-2017-5715).
- kvm, x86: update spectre-v1 mitigation (bsc#1068032
CVE-2017-5715).
- nl80211: sanitize array index in parse_txq_params (bsc#1068032
CVE-2017-5715).
- Delete
patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
- Delete
patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
- Delete
patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
- Delete
patches.suse/0007-carl9170-prevent-speculative-execution.patch.
- Delete
patches.suse/0008-p54-prevent-speculative-execution.patch.
- Delete
patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
- Delete
patches.suse/0010-cw1200-prevent-speculative-execution.patch.
- Delete
patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
- Delete
patches.suse/0012-ipv4-prevent-speculative-execution.patch.
- Delete
patches.suse/0013-ipv6-prevent-speculative-execution.patch.
- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
- Delete
patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
- Delete
patches.suse/0016-udf-prevent-speculative-execution.patch.
- Delete
patches.suse/0017-userns-prevent-speculative-execution.patch.
Replace intel's shit by the potential upstream solution for spectre_v1.
- commit 6fdb1df
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz

View File

@ -59,7 +59,7 @@ License: GPL-2.0
Group: SLES Group: SLES
Version: 4.14.15 Version: 4.14.15
%if 0%{?is_kotd} %if 0%{?is_kotd}
Release: <RELEASE>.gfe1d712 Release: <RELEASE>.g5b3d0ce
%else %else
Release: 0 Release: 0
%endif %endif

View File

@ -1,3 +1,61 @@
-------------------------------------------------------------------
Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
- Revert "futex: Prevent overflow by strengthen input validation"
(4.14.15-fix).
- commit 5b3d0ce
-------------------------------------------------------------------
Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
- asm/nospec, array_ptr: sanitize speculative array de-references
(bsc#1068032 CVE-2017-5715).
- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
CVE-2017-5715).
- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
CVE-2017-5715).
- x86, get_user: use pointer masking to limit speculation
(bsc#1068032 CVE-2017-5715).
- x86: narrow out of bounds syscalls to sys_read under speculation
(bsc#1068032 CVE-2017-5715).
- vfs, fdtable: prevent bounds-check bypass via speculative
execution (bsc#1068032 CVE-2017-5715).
- kvm, x86: update spectre-v1 mitigation (bsc#1068032
CVE-2017-5715).
- nl80211: sanitize array index in parse_txq_params (bsc#1068032
CVE-2017-5715).
- Delete
patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
- Delete
patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
- Delete
patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
- Delete
patches.suse/0007-carl9170-prevent-speculative-execution.patch.
- Delete
patches.suse/0008-p54-prevent-speculative-execution.patch.
- Delete
patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
- Delete
patches.suse/0010-cw1200-prevent-speculative-execution.patch.
- Delete
patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
- Delete
patches.suse/0012-ipv4-prevent-speculative-execution.patch.
- Delete
patches.suse/0013-ipv6-prevent-speculative-execution.patch.
- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
- Delete
patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
- Delete
patches.suse/0016-udf-prevent-speculative-execution.patch.
- Delete
patches.suse/0017-userns-prevent-speculative-execution.patch.
Replace intel's shit by the potential upstream solution for spectre_v1.
- commit 6fdb1df
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz

View File

@ -38,7 +38,7 @@ License: GPL-2.0
Group: SLES Group: SLES
Version: 4.14.15 Version: 4.14.15
%if 0%{?is_kotd} %if 0%{?is_kotd}
Release: <RELEASE>.gfe1d712 Release: <RELEASE>.g5b3d0ce
%else %else
Release: 0 Release: 0
%endif %endif

View File

@ -1,3 +1,61 @@
-------------------------------------------------------------------
Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
- Revert "futex: Prevent overflow by strengthen input validation"
(4.14.15-fix).
- commit 5b3d0ce
-------------------------------------------------------------------
Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
- asm/nospec, array_ptr: sanitize speculative array de-references
(bsc#1068032 CVE-2017-5715).
- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
CVE-2017-5715).
- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
CVE-2017-5715).
- x86, get_user: use pointer masking to limit speculation
(bsc#1068032 CVE-2017-5715).
- x86: narrow out of bounds syscalls to sys_read under speculation
(bsc#1068032 CVE-2017-5715).
- vfs, fdtable: prevent bounds-check bypass via speculative
execution (bsc#1068032 CVE-2017-5715).
- kvm, x86: update spectre-v1 mitigation (bsc#1068032
CVE-2017-5715).
- nl80211: sanitize array index in parse_txq_params (bsc#1068032
CVE-2017-5715).
- Delete
patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
- Delete
patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
- Delete
patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
- Delete
patches.suse/0007-carl9170-prevent-speculative-execution.patch.
- Delete
patches.suse/0008-p54-prevent-speculative-execution.patch.
- Delete
patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
- Delete
patches.suse/0010-cw1200-prevent-speculative-execution.patch.
- Delete
patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
- Delete
patches.suse/0012-ipv4-prevent-speculative-execution.patch.
- Delete
patches.suse/0013-ipv6-prevent-speculative-execution.patch.
- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
- Delete
patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
- Delete
patches.suse/0016-udf-prevent-speculative-execution.patch.
- Delete
patches.suse/0017-userns-prevent-speculative-execution.patch.
Replace intel's shit by the potential upstream solution for spectre_v1.
- commit 6fdb1df
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz

View File

@ -60,7 +60,7 @@ License: GPL-2.0
Group: System/Kernel Group: System/Kernel
Version: 4.14.15 Version: 4.14.15
%if 0%{?is_kotd} %if 0%{?is_kotd}
Release: <RELEASE>.gfe1d712 Release: <RELEASE>.g5b3d0ce
%else %else
Release: 0 Release: 0
%endif %endif

View File

@ -1,3 +1,61 @@
-------------------------------------------------------------------
Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
- Revert "futex: Prevent overflow by strengthen input validation"
(4.14.15-fix).
- commit 5b3d0ce
-------------------------------------------------------------------
Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
- asm/nospec, array_ptr: sanitize speculative array de-references
(bsc#1068032 CVE-2017-5715).
- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
CVE-2017-5715).
- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
CVE-2017-5715).
- x86, get_user: use pointer masking to limit speculation
(bsc#1068032 CVE-2017-5715).
- x86: narrow out of bounds syscalls to sys_read under speculation
(bsc#1068032 CVE-2017-5715).
- vfs, fdtable: prevent bounds-check bypass via speculative
execution (bsc#1068032 CVE-2017-5715).
- kvm, x86: update spectre-v1 mitigation (bsc#1068032
CVE-2017-5715).
- nl80211: sanitize array index in parse_txq_params (bsc#1068032
CVE-2017-5715).
- Delete
patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
- Delete
patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
- Delete
patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
- Delete
patches.suse/0007-carl9170-prevent-speculative-execution.patch.
- Delete
patches.suse/0008-p54-prevent-speculative-execution.patch.
- Delete
patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
- Delete
patches.suse/0010-cw1200-prevent-speculative-execution.patch.
- Delete
patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
- Delete
patches.suse/0012-ipv4-prevent-speculative-execution.patch.
- Delete
patches.suse/0013-ipv6-prevent-speculative-execution.patch.
- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
- Delete
patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
- Delete
patches.suse/0016-udf-prevent-speculative-execution.patch.
- Delete
patches.suse/0017-userns-prevent-speculative-execution.patch.
Replace intel's shit by the potential upstream solution for spectre_v1.
- commit 6fdb1df
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz

View File

@ -32,7 +32,7 @@ License: GPL-2.0
Group: Development/Sources Group: Development/Sources
Version: 4.14.15 Version: 4.14.15
%if 0%{?is_kotd} %if 0%{?is_kotd}
Release: <RELEASE>.gfe1d712 Release: <RELEASE>.g5b3d0ce
%else %else
Release: 0 Release: 0
%endif %endif

View File

@ -1,3 +1,61 @@
-------------------------------------------------------------------
Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
- Revert "futex: Prevent overflow by strengthen input validation"
(4.14.15-fix).
- commit 5b3d0ce
-------------------------------------------------------------------
Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
- asm/nospec, array_ptr: sanitize speculative array de-references
(bsc#1068032 CVE-2017-5715).
- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
CVE-2017-5715).
- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
CVE-2017-5715).
- x86, get_user: use pointer masking to limit speculation
(bsc#1068032 CVE-2017-5715).
- x86: narrow out of bounds syscalls to sys_read under speculation
(bsc#1068032 CVE-2017-5715).
- vfs, fdtable: prevent bounds-check bypass via speculative
execution (bsc#1068032 CVE-2017-5715).
- kvm, x86: update spectre-v1 mitigation (bsc#1068032
CVE-2017-5715).
- nl80211: sanitize array index in parse_txq_params (bsc#1068032
CVE-2017-5715).
- Delete
patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
- Delete
patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
- Delete
patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
- Delete
patches.suse/0007-carl9170-prevent-speculative-execution.patch.
- Delete
patches.suse/0008-p54-prevent-speculative-execution.patch.
- Delete
patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
- Delete
patches.suse/0010-cw1200-prevent-speculative-execution.patch.
- Delete
patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
- Delete
patches.suse/0012-ipv4-prevent-speculative-execution.patch.
- Delete
patches.suse/0013-ipv6-prevent-speculative-execution.patch.
- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
- Delete
patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
- Delete
patches.suse/0016-udf-prevent-speculative-execution.patch.
- Delete
patches.suse/0017-userns-prevent-speculative-execution.patch.
Replace intel's shit by the potential upstream solution for spectre_v1.
- commit 6fdb1df
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz

View File

@ -27,7 +27,7 @@ Group: Development/Sources
Version: 4.14.15 Version: 4.14.15
%if %using_buildservice %if %using_buildservice
%if 0%{?is_kotd} %if 0%{?is_kotd}
Release: <RELEASE>.gfe1d712 Release: <RELEASE>.g5b3d0ce
%else %else
Release: 0 Release: 0
%endif %endif

View File

@ -1,3 +1,61 @@
-------------------------------------------------------------------
Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
- Revert "futex: Prevent overflow by strengthen input validation"
(4.14.15-fix).
- commit 5b3d0ce
-------------------------------------------------------------------
Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
- asm/nospec, array_ptr: sanitize speculative array de-references
(bsc#1068032 CVE-2017-5715).
- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
CVE-2017-5715).
- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
CVE-2017-5715).
- x86, get_user: use pointer masking to limit speculation
(bsc#1068032 CVE-2017-5715).
- x86: narrow out of bounds syscalls to sys_read under speculation
(bsc#1068032 CVE-2017-5715).
- vfs, fdtable: prevent bounds-check bypass via speculative
execution (bsc#1068032 CVE-2017-5715).
- kvm, x86: update spectre-v1 mitigation (bsc#1068032
CVE-2017-5715).
- nl80211: sanitize array index in parse_txq_params (bsc#1068032
CVE-2017-5715).
- Delete
patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
- Delete
patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
- Delete
patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
- Delete
patches.suse/0007-carl9170-prevent-speculative-execution.patch.
- Delete
patches.suse/0008-p54-prevent-speculative-execution.patch.
- Delete
patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
- Delete
patches.suse/0010-cw1200-prevent-speculative-execution.patch.
- Delete
patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
- Delete
patches.suse/0012-ipv4-prevent-speculative-execution.patch.
- Delete
patches.suse/0013-ipv6-prevent-speculative-execution.patch.
- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
- Delete
patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
- Delete
patches.suse/0016-udf-prevent-speculative-execution.patch.
- Delete
patches.suse/0017-userns-prevent-speculative-execution.patch.
Replace intel's shit by the potential upstream solution for spectre_v1.
- commit 6fdb1df
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz

View File

@ -60,7 +60,7 @@ License: GPL-2.0
Group: System/Kernel Group: System/Kernel
Version: 4.14.15 Version: 4.14.15
%if 0%{?is_kotd} %if 0%{?is_kotd}
Release: <RELEASE>.gfe1d712 Release: <RELEASE>.g5b3d0ce
%else %else
Release: 0 Release: 0
%endif %endif

View File

@ -1,3 +1,61 @@
-------------------------------------------------------------------
Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
- Revert "futex: Prevent overflow by strengthen input validation"
(4.14.15-fix).
- commit 5b3d0ce
-------------------------------------------------------------------
Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
- asm/nospec, array_ptr: sanitize speculative array de-references
(bsc#1068032 CVE-2017-5715).
- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
CVE-2017-5715).
- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
CVE-2017-5715).
- x86, get_user: use pointer masking to limit speculation
(bsc#1068032 CVE-2017-5715).
- x86: narrow out of bounds syscalls to sys_read under speculation
(bsc#1068032 CVE-2017-5715).
- vfs, fdtable: prevent bounds-check bypass via speculative
execution (bsc#1068032 CVE-2017-5715).
- kvm, x86: update spectre-v1 mitigation (bsc#1068032
CVE-2017-5715).
- nl80211: sanitize array index in parse_txq_params (bsc#1068032
CVE-2017-5715).
- Delete
patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
- Delete
patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
- Delete
patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
- Delete
patches.suse/0007-carl9170-prevent-speculative-execution.patch.
- Delete
patches.suse/0008-p54-prevent-speculative-execution.patch.
- Delete
patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
- Delete
patches.suse/0010-cw1200-prevent-speculative-execution.patch.
- Delete
patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
- Delete
patches.suse/0012-ipv4-prevent-speculative-execution.patch.
- Delete
patches.suse/0013-ipv6-prevent-speculative-execution.patch.
- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
- Delete
patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
- Delete
patches.suse/0016-udf-prevent-speculative-execution.patch.
- Delete
patches.suse/0017-userns-prevent-speculative-execution.patch.
Replace intel's shit by the potential upstream solution for spectre_v1.
- commit 6fdb1df
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz

View File

@ -60,7 +60,7 @@ License: GPL-2.0
Group: System/Kernel Group: System/Kernel
Version: 4.14.15 Version: 4.14.15
%if 0%{?is_kotd} %if 0%{?is_kotd}
Release: <RELEASE>.gfe1d712 Release: <RELEASE>.g5b3d0ce
%else %else
Release: 0 Release: 0
%endif %endif

View File

@ -1,3 +1,61 @@
-------------------------------------------------------------------
Thu Jan 25 14:26:16 CET 2018 - jslaby@suse.cz
- Revert "futex: Prevent overflow by strengthen input validation"
(4.14.15-fix).
- commit 5b3d0ce
-------------------------------------------------------------------
Wed Jan 24 19:31:26 CET 2018 - jslaby@suse.cz
- Documentation: document array_ptr (bsc#1068032 CVE-2017-5715).
- asm/nospec, array_ptr: sanitize speculative array de-references
(bsc#1068032 CVE-2017-5715).
- x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715).
- x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032
CVE-2017-5715).
- x86, __get_user: use __uaccess_begin_nospec (bsc#1068032
CVE-2017-5715).
- x86, get_user: use pointer masking to limit speculation
(bsc#1068032 CVE-2017-5715).
- x86: narrow out of bounds syscalls to sys_read under speculation
(bsc#1068032 CVE-2017-5715).
- vfs, fdtable: prevent bounds-check bypass via speculative
execution (bsc#1068032 CVE-2017-5715).
- kvm, x86: update spectre-v1 mitigation (bsc#1068032
CVE-2017-5715).
- nl80211: sanitize array index in parse_txq_params (bsc#1068032
CVE-2017-5715).
- Delete
patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch.
- Delete
patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch.
- Delete
patches.suse/0006-uvcvideo-prevent-speculative-execution.patch.
- Delete
patches.suse/0007-carl9170-prevent-speculative-execution.patch.
- Delete
patches.suse/0008-p54-prevent-speculative-execution.patch.
- Delete
patches.suse/0009-qla2xxx-prevent-speculative-execution.patch.
- Delete
patches.suse/0010-cw1200-prevent-speculative-execution.patch.
- Delete
patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch.
- Delete
patches.suse/0012-ipv4-prevent-speculative-execution.patch.
- Delete
patches.suse/0013-ipv6-prevent-speculative-execution.patch.
- Delete patches.suse/0014-fs-prevent-speculative-execution.patch.
- Delete
patches.suse/0015-net-mpls-prevent-speculative-execution.patch.
- Delete
patches.suse/0016-udf-prevent-speculative-execution.patch.
- Delete
patches.suse/0017-userns-prevent-speculative-execution.patch.
Replace intel's shit by the potential upstream solution for spectre_v1.
- commit 6fdb1df
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz Tue Jan 23 21:12:07 CET 2018 - jslaby@suse.cz

View File

@ -60,7 +60,7 @@ License: GPL-2.0
Group: System/Kernel Group: System/Kernel
Version: 4.14.15 Version: 4.14.15
%if 0%{?is_kotd} %if 0%{?is_kotd}
Release: <RELEASE>.gfe1d712 Release: <RELEASE>.g5b3d0ce
%else %else
Release: 0 Release: 0
%endif %endif

View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1 version https://git-lfs.github.com/spec/v1
oid sha256:65b98557c5d0d5fe0fdffb7227ac7f2eb54ebb1741b6f92fabb263643dff68e7 oid sha256:e0b5ad2fae65d89cb16c16d9608c326740a587d19cbceaa5b0ef1cede8cd49ab
size 76404 size 80168

View File

@ -1535,24 +1535,21 @@
######################################################## ########################################################
# Scheduler / Core # Scheduler / Core
######################################################## ########################################################
patches.suse/revert-futex-Prevent-overflow-by-strengthen-input-va.patch
patches.suse/setuid-dumpable-wrongdir patches.suse/setuid-dumpable-wrongdir
patches.suse/0002-futex-futex_wake_op-fix-sign_extend32-sign-bits.patch patches.suse/0002-futex-futex_wake_op-fix-sign_extend32-sign-bits.patch
patches.suse/0001-Documentation-document-array_ptr.patch
patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch patches.suse/0002-asm-nospec-array_ptr-sanitize-speculative-array-de-r.patch
patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch patches.suse/0003-x86-implement-array_ptr_mask.patch
patches.suse/0006-uvcvideo-prevent-speculative-execution.patch patches.suse/0004-x86-introduce-__uaccess_begin_nospec-and-ifence.patch
patches.suse/0007-carl9170-prevent-speculative-execution.patch patches.suse/0005-x86-__get_user-use-__uaccess_begin_nospec.patch
patches.suse/0008-p54-prevent-speculative-execution.patch patches.suse/0006-x86-get_user-use-pointer-masking-to-limit-speculatio.patch
patches.suse/0009-qla2xxx-prevent-speculative-execution.patch patches.suse/0007-x86-narrow-out-of-bounds-syscalls-to-sys_read-under-.patch
patches.suse/0010-cw1200-prevent-speculative-execution.patch patches.suse/0008-vfs-fdtable-prevent-bounds-check-bypass-via-speculat.patch
patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch patches.suse/0009-kvm-x86-update-spectre-v1-mitigation.patch
patches.suse/0012-ipv4-prevent-speculative-execution.patch patches.suse/0010-nl80211-sanitize-array-index-in-parse_txq_params.patch
patches.suse/0013-ipv6-prevent-speculative-execution.patch
patches.suse/0014-fs-prevent-speculative-execution.patch
patches.suse/0015-net-mpls-prevent-speculative-execution.patch
patches.suse/0016-udf-prevent-speculative-execution.patch
patches.suse/0017-userns-prevent-speculative-execution.patch
patches.suse/0001-x86-cpufeatures-Add-Intel-feature-bits-for-Speculati.patch patches.suse/0001-x86-cpufeatures-Add-Intel-feature-bits-for-Speculati.patch
patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch

View File

@ -1,3 +1,3 @@
2018-01-23 21:12:07 +0100 2018-01-25 14:26:16 +0100
GIT Revision: fe1d712f2b5ce144d972874454b0a7a144aaec15 GIT Revision: 5b3d0ced9505101bb6a7c1f0eb4978d8f7e9d005
GIT Branch: stable GIT Branch: stable