On 9 May 2017 at 20:12, Amit Pundir <amit.pundir@xxxxxxxxxx> wrote: > Hi Greg, > > Please consider following security fixes for linux-3.18.y. This > is a follow up on my previous submission of similar security fixes, > https://www.spinics.net/lists/stable/msg169868.html, picked up from > android security bulletins published in year 2017 so far. > > Following are the fixes published in 2015 and 2016 monthly Android > Security Bulletins https://source.android.com/security/bulletin/, > and/or related follow-up fixes from upstream. Cherry-picked and build > tested on v3.18.52 for ARCH=arm/arm64/x86/x86_64/mips + allmodconfig. > Also, for the record following are the upstream fixes listed in security bulletins but they didn't apply on linux-3.18.y cleanly and seem to have non-trivial conflicts. So I skipped them. In one case it is explicitly targeted for 3.19, so I skipped that one as well though it applied and built fine on 3.18.y. f2b2c582e824 ("tcp: mitigate ACK loops for connections as tcp_sock") 083ae308280d ("tcp: enable per-socket rate limiting of all 'challenge acks'") 4de930efc23b ("net: validate the range we feed to iov_iter_init() in sys_sendto/sys_recvfrom") 1c90308e7a77 ("pagemap: hide physical addresses from non-privileged users") c58d6c93680f ("netfilter: nfnetlink: correctly validate length of batch messages") 8b8addf891de ("x86/mm/32: Enable full randomization on i386 and X86_32") 38740a5b87d5 ("usb: gadget: f_fs: Fix use-after-free") Regards, Amit Pundir