From 769b2011c09299ff751f891151d53a12000100b3 Mon Sep 17 00:00:00 2001 From: Jiping Ma Date: Sun, 15 May 2022 23:39:47 -0700 Subject: [PATCH] Debian: Update kernel to v5.10.112 This commit updates kernel to 5.10.112 to fix many issues, including the following two CVE issues which were of special concern. - CVE-2022-0847: kernel: improper initialization of the "flags" member of the new pipe_buffer - CVE-2022-0435: kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS Note we add more one commit https://git.yoctoproject.org/linux-yocto/commit/net/ipv4/inet_hashtables.c?h=v5.10/standard/preempt-rt/base&id=bd6e7290bc766ef13e42a1e37f75e6e708b4e317 a minor fix-up on top of v5.10.112 for rt kernel. Verification: - Build kernel and out of tree modules success for rt and std. - Build iso success for rt and std. - Install success onto a All-in-One lab with iso. - Boot up successfully with qemu and lab. Partial-Bug: 1969605 Signed-off-by: Jiping Ma Change-Id: I9b126d1870cc1d14cb2dde4035d3fc73d8bc923b --- ...ebian-update-5.10-Kernel-to-5.10.112.patch | 33 +++++++++++++++++++ kernel-rt/debian/deb_patches/series | 1 + kernel-rt/debian/dl_hook | 2 +- kernel-rt/debian/meta_data.yaml | 8 ++--- ...ebian-update-5.10-Kernel-to-5.10.112.patch | 33 +++++++++++++++++++ kernel-std/debian/deb_patches/series | 1 + kernel-std/debian/dl_hook | 2 +- kernel-std/debian/meta_data.yaml | 8 ++--- 8 files changed, 78 insertions(+), 10 deletions(-) create mode 100644 kernel-rt/debian/deb_patches/0013-Debian-update-5.10-Kernel-to-5.10.112.patch create mode 100644 kernel-std/debian/deb_patches/0012-Debian-update-5.10-Kernel-to-5.10.112.patch diff --git a/kernel-rt/debian/deb_patches/0013-Debian-update-5.10-Kernel-to-5.10.112.patch b/kernel-rt/debian/deb_patches/0013-Debian-update-5.10-Kernel-to-5.10.112.patch new file mode 100644 index 00000000..71c00771 --- /dev/null +++ b/kernel-rt/debian/deb_patches/0013-Debian-update-5.10-Kernel-to-5.10.112.patch @@ -0,0 +1,33 @@ +From 68de08e928d81ef57a89f1dacd6beb917581e86a Mon Sep 17 00:00:00 2001 +From: Jiping Ma +Date: Tue, 26 Apr 2022 22:09:52 -0700 +Subject: [PATCH] Debian: update 5.10 Kernel to 5.10.112 + +Update debian/changelog. + +Signed-off-by: Jiping Ma +--- + debian/changelog | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/debian/changelog b/debian/changelog +index e45a9f0..37698fb 100644 +--- a/debian/changelog ++++ b/debian/changelog +@@ -1,3 +1,13 @@ ++linux-rt (5.10.112-1) unstable; urgency=medium ++ ++ * New upstream update: ++ https://git.yoctoproject.org/cgit/cgit.cgi/linux-yocto/log/?h=v5.10%2Fstandard%2Fbase&qt=range&q=6cf7dea05bd756513cf58c5ced8c6bf1d1f23c15 ++ * To fix the follow 2 CVE issues. ++ CVE-2022-0435: kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS ++ CVE-2022-0847: kernel: improper initialization of the "flags" member of the new pipe_buffer ++ ++ -- Jiping Ma Wed Apr 27 11:13:32 CST 2022 ++ + linux-rt (5.10.99-1) unstable; urgency=medium + + * New upstream update: +-- +2.35.1 + diff --git a/kernel-rt/debian/deb_patches/series b/kernel-rt/debian/deb_patches/series index 1bcb25bb..0ac51b6b 100644 --- a/kernel-rt/debian/deb_patches/series +++ b/kernel-rt/debian/deb_patches/series @@ -10,3 +10,4 @@ 0010-Debian-Disable-CONFIG_BNXT.patch 0011-Debian-Hardcode-net.naming-scheme-in-CONFIG_CMDLINE.patch 0012-kernel-rt-add-rt-to-abiname.patch +0013-Debian-update-5.10-Kernel-to-5.10.112.patch diff --git a/kernel-rt/debian/dl_hook b/kernel-rt/debian/dl_hook index 5d7c5fab..52bfe4d4 100755 --- a/kernel-rt/debian/dl_hook +++ b/kernel-rt/debian/dl_hook @@ -24,7 +24,7 @@ # building. # Tools needed: tar/sed -KERNEL_HEAD_COMMIT=53a27dc510c8d9152ffa4d2d95b888db7d3d97b6 +KERNEL_HEAD_COMMIT=bd6e7290bc766ef13e42a1e37f75e6e708b4e317 DEBIAN_FILE=linux_5.10.28-1.debian.tar.xz tar xvf linux-yocto-${KERNEL_HEAD_COMMIT}.tar.gz diff --git a/kernel-rt/debian/meta_data.yaml b/kernel-rt/debian/meta_data.yaml index 09d2c297..2ad0c9ef 100644 --- a/kernel-rt/debian/meta_data.yaml +++ b/kernel-rt/debian/meta_data.yaml @@ -1,14 +1,14 @@ --- -debver: 5.10.99 +debver: 5.10.112 debname: linux-rt dl_hook: dl_hook dl_files: - linux-yocto-53a27dc510c8d9152ffa4d2d95b888db7d3d97b6.tar.gz: + linux-yocto-bd6e7290bc766ef13e42a1e37f75e6e708b4e317.tar.gz: topdir: null url: "https://git.yoctoproject.org/cgit/cgit.cgi/linux-yocto/snapshot/\ - linux-yocto-53a27dc510c8d9152ffa4d2d95b888db7d3d97b6.tar.gz" - sha256sum: eeec7743dfb64b6840cab0b2110818ed639829cc03cac695111701b18323b100 + linux-yocto-bd6e7290bc766ef13e42a1e37f75e6e708b4e317.tar.gz" + sha256sum: 90e37fb74840e0928dd074ce613bd56b60f291d0448e92c3cf766dcb1fe1e55f linux_5.10.28-1.debian.tar.xz: topdir: null url: diff --git a/kernel-std/debian/deb_patches/0012-Debian-update-5.10-Kernel-to-5.10.112.patch b/kernel-std/debian/deb_patches/0012-Debian-update-5.10-Kernel-to-5.10.112.patch new file mode 100644 index 00000000..f6594e72 --- /dev/null +++ b/kernel-std/debian/deb_patches/0012-Debian-update-5.10-Kernel-to-5.10.112.patch @@ -0,0 +1,33 @@ +From 1cec1b6f24812ef23b9d6f7b489c1b67e5e99a7b Mon Sep 17 00:00:00 2001 +From: Jiping Ma +Date: Tue, 26 Apr 2022 20:23:50 -0700 +Subject: [PATCH] Debian: update 5.10 Kernel to 5.10.112 + +Update debian/changelog. + +Signed-off-by: Jiping Ma +--- + debian/changelog | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/debian/changelog b/debian/changelog +index 5a2b6bb..9c7a271 100644 +--- a/debian/changelog ++++ b/debian/changelog +@@ -1,3 +1,13 @@ ++linux (5.10.112-1) unstable; urgency=medium ++ ++ * New upstream update: ++ https://git.yoctoproject.org/cgit/cgit.cgi/linux-yocto/log/?h=v5.10%2Fstandard%2Fbase&qt=range&q=6cf7dea05bd756513cf58c5ced8c6bf1d1f23c15 ++ * To fix the follow 2 CVE issues. ++ CVE-2022-0435: kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS ++ CVE-2022-0847: kernel: improper initialization of the "flags" member of the new pipe_buffer ++ ++ -- Jiping Ma Wed Apr 27 11:13:32 CST 2022 ++ + linux (5.10.99-1) unstable; urgency=medium + + * New upstream update: +-- +2.35.1 + diff --git a/kernel-std/debian/deb_patches/series b/kernel-std/debian/deb_patches/series index 61042904..fff76062 100644 --- a/kernel-std/debian/deb_patches/series +++ b/kernel-std/debian/deb_patches/series @@ -9,3 +9,4 @@ 0009-Drop-Android-patches.patch 0010-Debian-Disable-CONFIG_BNXT.patch 0011-Debian-Hardcode-net.naming-scheme-in-CONFIG_CMDLINE.patch +0012-Debian-update-5.10-Kernel-to-5.10.112.patch diff --git a/kernel-std/debian/dl_hook b/kernel-std/debian/dl_hook index b70209b0..2ff2f364 100755 --- a/kernel-std/debian/dl_hook +++ b/kernel-std/debian/dl_hook @@ -5,7 +5,7 @@ # be put at the same path where this script is located. # Tools needed: tar -KERNEL_HEAD_COMMIT=84f6a75f64961e59d61bf3d70ab17e8bb430386b +KERNEL_HEAD_COMMIT=6cf7dea05bd756513cf58c5ced8c6bf1d1f23c15 DEBIAN_FILE=linux_5.10.28-1.debian.tar.xz tar xvf linux-yocto-${KERNEL_HEAD_COMMIT}.tar.gz diff --git a/kernel-std/debian/meta_data.yaml b/kernel-std/debian/meta_data.yaml index 47cc41b5..751e7a62 100644 --- a/kernel-std/debian/meta_data.yaml +++ b/kernel-std/debian/meta_data.yaml @@ -1,14 +1,14 @@ --- -debver: 5.10.99 +debver: 5.10.112 debname: linux dl_hook: dl_hook dl_files: - linux-yocto-84f6a75f64961e59d61bf3d70ab17e8bb430386b.tar.gz: + linux-yocto-6cf7dea05bd756513cf58c5ced8c6bf1d1f23c15.tar.gz: topdir: null url: "https://git.yoctoproject.org/cgit/cgit.cgi/linux-yocto/snapshot/\ - linux-yocto-84f6a75f64961e59d61bf3d70ab17e8bb430386b.tar.gz" - sha256sum: 4492d8973b550c635623c6c02305ef15053c0aea45014ec5126d3b74e969ad20 + linux-yocto-6cf7dea05bd756513cf58c5ced8c6bf1d1f23c15.tar.gz" + sha256sum: 1ae0ce3f1218245d1c3081cf1f5438e333bf234c2540e8398981e7df8dfc1d63 linux_5.10.28-1.debian.tar.xz: topdir: null url: