Commit 634a2fc7 authored by Ben Hutchings's avatar Ben Hutchings

Merge tag 'debian/4.16.5-1'

Release linux (4.16.5-1).
parents 65b6c458 f36c7f9b
......@@ -567,8 +567,7 @@ class Gencontrol(Base):
if not version.linux_revision_experimental:
raise RuntimeError("Can't upload to %s with a version of %s" % (distribution, version))
if distribution.endswith('-security') or distribution.endswith('-lts'):
if (not version.linux_revision_security or
version.linux_revision_backports):
if version.linux_revision_backports or version.linux_revision_other:
raise RuntimeError("Can't upload to %s with a version of %s" % (distribution, version))
if distribution.endswith('-backports'):
if not version.linux_revision_backports:
......
......@@ -19,7 +19,16 @@ linux (4.17~rc2-1~exp1) UNRELEASED; urgency=medium
-- Ben Hutchings <ben@decadent.org.uk> Thu, 19 Apr 2018 21:37:24 +0100
linux (4.16-1) UNRELEASED; urgency=medium
linux (4.16.5-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.1
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.2
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.3
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.4
- ext4: limit xattr size to INT_MAX (CVE-2018-1095)
- random: fix crng_ready() test (CVE-2018-1108)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.5
[ Ben Hutchings ]
* aufs: gen-patch: Fix Subject generation to skip SPDX-License-Identifier
......@@ -27,6 +36,17 @@ linux (4.16-1) UNRELEASED; urgency=medium
* wireless: Add Debian wireless-regdb certificates (see #892229)
* Add support for compilers installed outside the default PATH
* linux-headers: Change linux-kbuild dependency to be versioned
* Set ABI to 1
* [x86,arm64] Disable code signing for upload to unstable
* debian/lib/python/debian_linux/debian.py: Fix binNMU changelog parsing
* debian/lib/python/debian_linux/debian.py: Fix binNMU revision parsing
* xfs: enhance dinode verifier (CVE-2018-10322)
* xfs: set format back to extents if xfs_bmap_extents_to_btree
(CVE-2018-10323)
* udeb: Add algif_skcipher to crypto-modules (Closes: #896968)
* ext4: fix bitmap position validation (fixes regression in 4.15.17-1)
* debian/lib/python/debian_linux/gencontrol.py: Allow uploads to *-security
with a simple revision
[ Vagrant Cascadian ]
* [arm64] Add patches to support SATA on Tegra210/Jetson-TX1.
......@@ -54,7 +74,7 @@ linux (4.16-1) UNRELEASED; urgency=medium
[ Uwe Kleine-König ]
* [amd64] enable AMD 10GbE Ethernet driver (CONFIG_AMD_XGBE=m)
-- Ben Hutchings <ben@decadent.org.uk> Sun, 08 Apr 2018 19:03:49 +0100
-- Ben Hutchings <ben@decadent.org.uk> Sun, 29 Apr 2018 17:09:14 +0100
linux (4.16-1~exp1) experimental; urgency=medium
......@@ -443,7 +443,6 @@ CONFIG_MTD_CFI_STAA=m
CONFIG_MTD_RAM=m
CONFIG_MTD_ROM=m
CONFIG_MTD_ABSENT=m
CONFIG_MTD_XIP=y
##
## file: drivers/mtd/devices/Kconfig
......
......@@ -9,3 +9,6 @@ ccm
ctr
ecb
xts
# For LUKS2 in cryptsetup
algif_skcipher
......@@ -25,7 +25,7 @@ class Changelog(list):
(?P<urgency>
\w+
)
\n
(?:,|\n)
"""
_top_re = re.compile(_top_rules, re.X)
_bottom_rules = r"""
......@@ -181,9 +181,10 @@ class VersionLinux(Version):
)?
|
(?P<revision_other>
[^-]+
[^-+]+
)
)
(?:\+b\d+)?
$
"""
_version_linux_re = re.compile(_version_linux_rules, re.X)
......
From: Lukas Czerner <lczerner@redhat.com>
Date: Tue, 24 Apr 2018 11:31:44 -0400
Subject: ext4: fix bitmap position validation
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=22be37acce25d66ecf6403fc8f44df9c5ded2372
Currently in ext4_valid_block_bitmap() we expect the bitmap to be
positioned anywhere between 0 and s_blocksize clusters, but that's
wrong because the bitmap can be placed anywhere in the block group. This
causes false positives when validating bitmaps on perfectly valid file
system layouts. Fix it by checking whether the bitmap is within the group
boundary.
The problem can be reproduced using the following
mkfs -t ext3 -E stride=256 /dev/vdb1
mount /dev/vdb1 /mnt/test
cd /mnt/test
wget https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.16.3.tar.xz
tar xf linux-4.16.3.tar.xz
This will result in the warnings in the logs
EXT4-fs error (device vdb1): ext4_validate_block_bitmap:399: comm tar: bg 84: block 2774529: invalid block bitmap
[ Changed slightly for clarity and to not drop a overflow test -- TYT ]
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reported-by: Ilya Dryomov <idryomov@gmail.com>
Fixes: 7dac4a1726a9 ("ext4: add validity checks for bitmap block numbers")
Cc: stable@vger.kernel.org
---
fs/ext4/balloc.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c
index a33d8fb1bf2a..508b905d744d 100644
--- a/fs/ext4/balloc.c
+++ b/fs/ext4/balloc.c
@@ -321,6 +321,7 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb,
struct ext4_sb_info *sbi = EXT4_SB(sb);
ext4_grpblk_t offset;
ext4_grpblk_t next_zero_bit;
+ ext4_grpblk_t max_bit = EXT4_CLUSTERS_PER_GROUP(sb);
ext4_fsblk_t blk;
ext4_fsblk_t group_first_block;
@@ -338,7 +339,7 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb,
/* check whether block bitmap block number is set */
blk = ext4_block_bitmap(sb, desc);
offset = blk - group_first_block;
- if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize ||
+ if (offset < 0 || EXT4_B2C(sbi, offset) >= max_bit ||
!ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data))
/* bad block bitmap */
return blk;
@@ -346,7 +347,7 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb,
/* check whether the inode bitmap block number is set */
blk = ext4_inode_bitmap(sb, desc);
offset = blk - group_first_block;
- if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize ||
+ if (offset < 0 || EXT4_B2C(sbi, offset) >= max_bit ||
!ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data))
/* bad block bitmap */
return blk;
@@ -354,8 +355,8 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb,
/* check whether the inode table block number is set */
blk = ext4_inode_table(sb, desc);
offset = blk - group_first_block;
- if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize ||
- EXT4_B2C(sbi, offset + sbi->s_itb_per_group) >= sb->s_blocksize)
+ if (offset < 0 || EXT4_B2C(sbi, offset) >= max_bit ||
+ EXT4_B2C(sbi, offset + sbi->s_itb_per_group) >= max_bit)
return blk;
next_zero_bit = ext4_find_next_zero_bit(bh->b_data,
EXT4_B2C(sbi, offset + sbi->s_itb_per_group),
From: Eric Sandeen <sandeen@sandeen.net>
Date: Mon, 16 Apr 2018 23:06:53 -0700
Subject: xfs: enhance dinode verifier
Origin: https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit?id=b42db0860e13067fcc7cbfba3966c9e652668bbc
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10322
Add several more validations to xfs_dinode_verify:
- For LOCAL data fork formats, di_nextents must be 0.
- For LOCAL attr fork formats, di_anextents must be 0.
- For inodes with no attr fork offset,
- format must be XFS_DINODE_FMT_EXTENTS if set at all
- di_anextents must be 0.
Thanks to dchinner for pointing out a couple related checks I had
forgotten to add.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199377
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
fs/xfs/libxfs/xfs_inode_buf.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
--- a/fs/xfs/libxfs/xfs_inode_buf.c
+++ b/fs/xfs/libxfs/xfs_inode_buf.c
@@ -458,6 +458,8 @@ xfs_dinode_verify(
return __this_address;
if (di_size > XFS_DFORK_DSIZE(dip, mp))
return __this_address;
+ if (dip->di_nextents)
+ return __this_address;
/* fall through */
case XFS_DINODE_FMT_EXTENTS:
case XFS_DINODE_FMT_BTREE:
@@ -476,12 +478,31 @@ xfs_dinode_verify(
if (XFS_DFORK_Q(dip)) {
switch (dip->di_aformat) {
case XFS_DINODE_FMT_LOCAL:
+ if (dip->di_anextents)
+ return __this_address;
+ /* fall through */
case XFS_DINODE_FMT_EXTENTS:
case XFS_DINODE_FMT_BTREE:
break;
default:
return __this_address;
}
+ } else {
+ /*
+ * If there is no fork offset, this may be a freshly-made inode
+ * in a new disk cluster, in which case di_aformat is zeroed.
+ * Otherwise, such an inode must be in EXTENTS format; this goes
+ * for freed inodes as well.
+ */
+ switch (dip->di_aformat) {
+ case 0:
+ case XFS_DINODE_FMT_EXTENTS:
+ break;
+ default:
+ return __this_address;
+ }
+ if (dip->di_anextents)
+ return __this_address;
}
/* only version 3 or greater inodes are extensively verified here */
From: Eric Sandeen <sandeen@redhat.com>
Date: Mon, 16 Apr 2018 23:07:27 -0700
Subject: xfs: set format back to extents if xfs_bmap_extents_to_btree
Origin: https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit?id=2c4306f719b083d17df2963bc761777576b8ad1b
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10323
If xfs_bmap_extents_to_btree fails in a mode where we call
xfs_iroot_realloc(-1) to de-allocate the root, set the
format back to extents.
Otherwise we can assume we can dereference ifp->if_broot
based on the XFS_DINODE_FMT_BTREE format, and crash.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199423
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
fs/xfs/libxfs/xfs_bmap.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/fs/xfs/libxfs/xfs_bmap.c b/fs/xfs/libxfs/xfs_bmap.c
index 6a7c2f03ea11..040eeda8426f 100644
--- a/fs/xfs/libxfs/xfs_bmap.c
+++ b/fs/xfs/libxfs/xfs_bmap.c
@@ -725,12 +725,16 @@ xfs_bmap_extents_to_btree(
*logflagsp = 0;
if ((error = xfs_alloc_vextent(&args))) {
xfs_iroot_realloc(ip, -1, whichfork);
+ ASSERT(ifp->if_broot == NULL);
+ XFS_IFORK_FMT_SET(ip, whichfork, XFS_DINODE_FMT_EXTENTS);
xfs_btree_del_cursor(cur, XFS_BTREE_ERROR);
return error;
}
if (WARN_ON_ONCE(args.fsbno == NULLFSBLOCK)) {
xfs_iroot_realloc(ip, -1, whichfork);
+ ASSERT(ifp->if_broot == NULL);
+ XFS_IFORK_FMT_SET(ip, whichfork, XFS_DINODE_FMT_EXTENTS);
xfs_btree_del_cursor(cur, XFS_BTREE_ERROR);
return -ENOSPC;
}
......@@ -120,6 +120,9 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
# Security fixes
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
bugfix/all/xfs-enhance-dinode-verifier.patch
bugfix/all/xfs-set-format-back-to-extents-if-xfs_bmap_extents_t.patch
bugfix/all/ext4-fix-bitmap-position-validation.patch
# Fix exported symbol versions
bugfix/all/module-disable-matching-missing-version-crc.patch
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment