dracut-044-21

- fixed permissions of initramfs file, if microcode is prepended
  CVE-2016-8637

0017-add-support-to-F2FS-filesystem-fsck.patch

@@ -0,0 +1,77 @@
+From cd7b4f38935e70a02089e4e3d61637c6f1144637 Mon Sep 17 00:00:00 2001
+From: tpg <tpgxyz@gmail.com>
+Date: Thu, 30 Jun 2016 21:26:42 +0200
+Subject: [PATCH] add support to F2FS filesystem (fsck)
+
+(cherry picked from commit 9f521f76a007437083559dc2997570c88386d56c)
+---
+ modules.d/03rescue/module-setup.sh | 2 +-
+ modules.d/95debug/module-setup.sh  | 2 +-
+ modules.d/99fs-lib/fs-lib.sh       | 5 +++++
+ modules.d/99fs-lib/module-setup.sh | 5 ++++-
+ 4 files changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/modules.d/03rescue/module-setup.sh b/modules.d/03rescue/module-setup.sh
+index f9dfcda..9267914 100755
+--- a/modules.d/03rescue/module-setup.sh
++++ b/modules.d/03rescue/module-setup.sh
+@@ -15,6 +15,6 @@ depends() {
+ install() {
+     inst_multiple -o ps grep more cat rm strace free showmount \
+         ping netstat rpcinfo vi scp ping6 ssh \
+-        fsck fsck.ext2 fsck.ext4 fsck.ext3 fsck.ext4dev fsck.vfat e2fsck
++        fsck fsck.ext2 fsck.ext4 fsck.ext3 fsck.ext4dev fsck.f2fs fsck.vfat e2fsck
+ }
+ 
+diff --git a/modules.d/95debug/module-setup.sh b/modules.d/95debug/module-setup.sh
+index ce5e8e8..ad5d412 100755
+--- a/modules.d/95debug/module-setup.sh
++++ b/modules.d/95debug/module-setup.sh
+@@ -16,7 +16,7 @@ install() {
+     inst_multiple -o cat ls ps grep more cat rm strace free showmount \
+                   ping netstat rpcinfo vi scp ping6 ssh find vi \
+                   tcpdump cp less hostname mkdir \
+-                  fsck fsck.ext2 fsck.ext4 fsck.ext3 fsck.ext4dev fsck.vfat e2fsck
++                  fsck fsck.ext2 fsck.ext4 fsck.ext3 fsck.ext4dev fsck.f2fs fsck.vfat e2fsck
+ 
+     egrep '^tcpdump:' /etc/passwd 2>/dev/null >> "$initdir/etc/passwd"
+ }
+diff --git a/modules.d/99fs-lib/fs-lib.sh b/modules.d/99fs-lib/fs-lib.sh
+index 672d027..5c83155 100755
+--- a/modules.d/99fs-lib/fs-lib.sh
++++ b/modules.d/99fs-lib/fs-lib.sh
+@@ -47,6 +47,11 @@ fsck_able() {
+             _drv="_drv=e2fsck fsck_drv_com" &&
+             return 0
+             ;;
++        f2fs)
++	    type fsck.f2fs >/dev/null 2>&1 &&
++	    _drv="_drv=fsck.f2fs fsck_drv_com" &&
++	    return 0
++	    ;;
+         jfs)
+             type jfs_fsck >/dev/null 2>&1 &&
+             _drv="_drv=jfs_fsck fsck_drv_com" &&
+diff --git a/modules.d/99fs-lib/module-setup.sh b/modules.d/99fs-lib/module-setup.sh
+index f4dbc94..a29a350 100755
+--- a/modules.d/99fs-lib/module-setup.sh
++++ b/modules.d/99fs-lib/module-setup.sh
+@@ -20,6 +20,9 @@ echo_fs_helper() {
+         ext?)
+             echo -n " e2fsck "
+             ;;
++	f2fs)
++	    echo -n " fsck.f2fs "
++	    ;;
+         jfs)
+             echo -n " jfs_fsck "
+             ;;
+@@ -68,7 +71,7 @@ install() {
+         _helpers="\
+             umount mount /sbin/fsck*
+             xfs_db xfs_check xfs_repair xfs_metadump
+-            e2fsck jfs_fsck reiserfsck btrfsck
++            e2fsck fsck.f2fs jfs_fsck reiserfsck btrfsck
+         "
+         if [[ $hostonly ]]; then
+             _helpers="umount mount "

0018-fs-lib-add-crc32c-kernel-module-for-f2fs.patch

@@ -0,0 +1,36 @@
+From e9de73bb452e6d8bc46efe5de840abccf76f3c32 Mon Sep 17 00:00:00 2001
+From: Harald Hoyer <harald@redhat.com>
+Date: Thu, 7 Jul 2016 09:43:48 +0200
+Subject: [PATCH] fs-lib: add crc32c kernel module for f2fs
+
+(cherry picked from commit f8ff380bd5aadc00061c6537c54ca14728ded6cd)
+---
+ modules.d/99fs-lib/module-setup.sh | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/modules.d/99fs-lib/module-setup.sh b/modules.d/99fs-lib/module-setup.sh
+index a29a350..2c5f4c0 100755
+--- a/modules.d/99fs-lib/module-setup.sh
++++ b/modules.d/99fs-lib/module-setup.sh
+@@ -20,9 +20,9 @@ echo_fs_helper() {
+         ext?)
+             echo -n " e2fsck "
+             ;;
+-	f2fs)
+-	    echo -n " fsck.f2fs "
+-	    ;;
++        f2fs)
++            echo -n " fsck.f2fs "
++            ;;
+         jfs)
+             echo -n " jfs_fsck "
+             ;;
+@@ -41,7 +41,7 @@ echo_fs_helper() {
+ include_fs_helper_modules() {
+     local dev=$1 fs=$2
+     case "$fs" in
+-        xfs|btrfs)
++        xfs|btrfs|f2fs)
+             instmods crc32c
+             ;;
+     esac

0019-fs-lib-f2fs-needs-crc32-not-crc32c.patch

@@ -0,0 +1,30 @@
+From a8e197264d3a8245e61f41f792869089b3de16ae Mon Sep 17 00:00:00 2001
+From: Harald Hoyer <harald@redhat.com>
+Date: Fri, 8 Jul 2016 10:01:52 +0200
+Subject: [PATCH] fs-lib: f2fs needs crc32 not crc32c
+
+*sigh*
+
+(cherry picked from commit 34a42f9f49d4ad8897c4890af5b9a455e1335c66)
+---
+ modules.d/99fs-lib/module-setup.sh | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/modules.d/99fs-lib/module-setup.sh b/modules.d/99fs-lib/module-setup.sh
+index 2c5f4c0..bd61838 100755
+--- a/modules.d/99fs-lib/module-setup.sh
++++ b/modules.d/99fs-lib/module-setup.sh
+@@ -41,9 +41,12 @@ echo_fs_helper() {
+ include_fs_helper_modules() {
+     local dev=$1 fs=$2
+     case "$fs" in
+-        xfs|btrfs|f2fs)
++        xfs|btrfs)
+             instmods crc32c
+             ;;
++        f2fs)
++            instmods crc32
++            ;;
+     esac
+ }
+ 

0020-dracut.sh-create-the-initramfs-non-world-readable-al.patch

@@ -0,0 +1,27 @@
+From 5372714971867a6f4baf4e8a6352d02d6327c1d1 Mon Sep 17 00:00:00 2001
+From: Andreas Stieger <astieger@suse.com>
+Date: Mon, 7 Nov 2016 10:37:22 +0100
+Subject: [PATCH] dracut.sh: create the initramfs non-world readable also if
+ early cpio is used
+
+Fixes: 5f2c30d9bcd614d546d5c55c6897e33f88b9ab90
+Previously fixed CVE-2012-4453: e1b48995c26c4f06d1a718539cb1bd5b0179af91
+
+Signed-off-by: Andreas Stieger <astieger@suse.com>
+---
+ dracut.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/dracut.sh b/dracut.sh
+index 6dc9858..07ea738 100755
+--- a/dracut.sh
++++ b/dracut.sh
+@@ -1697,7 +1697,7 @@ if [[ $create_early_cpio = yes ]]; then
+ 
+     # The microcode blob is _before_ the initramfs blob, not after
+     if ! (
+-            cd "$early_cpio_dir/d"
++            umask 077; cd "$early_cpio_dir/d"
+             find . -print0 | sort -z \
+                 | cpio ${CPIO_REPRODUCIBLE:+--reproducible} --null $cpio_owner_root -H newc -o --quiet > "${DRACUT_TMPDIR}/initramfs.img"
+         ); then

dracut.spec

@@ -16,7 +16,7 @@
 
 Name: dracut
 Version: 044
-Release: 18.git20160108%{?dist}
+Release: 21%{?dist}
 
 Summary: Initramfs generator using udev
 %if 0%{?fedora} || 0%{?rhel}
@@ -51,6 +51,10 @@ Patch13: 0013-base-dracut-lib.sh-dev_unit_name-guard-against-dev-b.patch
 Patch14: 0014-nbd-add-missing-generator.patch
 Patch15: 0015-fcoe-no-need-to-copy-lldpad-state.patch
 Patch16: 0016-dracut.sh-restorecon-final-image-file.patch
+Patch17: 0017-add-support-to-F2FS-filesystem-fsck.patch
+Patch18: 0018-fs-lib-add-crc32c-kernel-module-for-f2fs.patch
+Patch19: 0019-fs-lib-f2fs-needs-crc32-not-crc32c.patch
+Patch20: 0020-dracut.sh-create-the-initramfs-non-world-readable-al.patch
 
 Source1: https://www.gnu.org/licenses/lgpl-2.1.txt
 
@@ -511,6 +515,16 @@ rm -rf -- $RPM_BUILD_ROOT
 %endif
 
 %changelog
+* Mon Nov 07 2016 Harald Hoyer <harald@redhat.com> - 044-21
+- fixed permissions of initramfs file, if microcode is prepended
+  CVE-2016-8637
+
+* Fri Jul 08 2016 Harald Hoyer <harald@redhat.com> - 044-20
+- add correct crc32 kernel module for f2fs
+
+* Thu Jul 07 2016 Harald Hoyer <harald@redhat.com> - 044-19
+- add f2fs filesystem support
+
 * Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 044-18.git20160108
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild