kernel-5.18.10-100
* Thu Jul 07 2022 Justin M. Forbes <jforbes@fedoraproject.org> [5.18.10-0] - netfilter: nf_tables: stricter validation of element data (Pablo Neira Ayuso) - Revert "Revert "smb3: use netname when available on secondary channels"" (Justin M. Forbes) - Revert "Revert "smb3: fix empty netname context on secondary channels"" (Justin M. Forbes) Resolves: Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
This commit is contained in:
parent
e65b3217d2
commit
668f7abcb7
|
@ -1,3 +1,12 @@
|
|||
"https://gitlab.com/cki-project/kernel-ark/-/commit"/f147438b42147e1cf44f1471dc2a4288486dd791
|
||||
f147438b42147e1cf44f1471dc2a4288486dd791 netfilter: nf_tables: stricter validation of element data
|
||||
|
||||
"https://gitlab.com/cki-project/kernel-ark/-/commit"/536f55b6208f317e86c5876014be423642690098
|
||||
536f55b6208f317e86c5876014be423642690098 Revert "Revert "smb3: use netname when available on secondary channels""
|
||||
|
||||
"https://gitlab.com/cki-project/kernel-ark/-/commit"/f881c8e206d2f230bd7b67dd4b611b46e07ff202
|
||||
f881c8e206d2f230bd7b67dd4b611b46e07ff202 Revert "Revert "smb3: fix empty netname context on secondary channels""
|
||||
|
||||
"https://gitlab.com/cki-project/kernel-ark/-/commit"/70b6a2dd3426c05d36f40c5d75e4f4a4d6196a59
|
||||
70b6a2dd3426c05d36f40c5d75e4f4a4d6196a59 Revert "smb3: fix empty netname context on secondary channels"
|
||||
|
||||
|
|
|
@ -122,11 +122,11 @@ Summary: The Linux kernel
|
|||
# the --with-release option overrides this setting.)
|
||||
%define debugbuildsenabled 1
|
||||
# define buildid .local
|
||||
%define specversion 5.18.9
|
||||
%define specversion 5.18.10
|
||||
%define patchversion 5.18
|
||||
%define pkgrelease 100
|
||||
%define kversion 5
|
||||
%define tarfile_release 5.18.9
|
||||
%define tarfile_release 5.18.10
|
||||
# This is needed to do merge window version magic
|
||||
%define patchlevel 18
|
||||
# allow pkg_release to have configurable %%{?dist} tag
|
||||
|
@ -3034,6 +3034,11 @@ fi
|
|||
#
|
||||
#
|
||||
%changelog
|
||||
* Thu Jul 07 2022 Justin M. Forbes <jforbes@fedoraproject.org> [5.18.10-0]
|
||||
- netfilter: nf_tables: stricter validation of element data (Pablo Neira Ayuso)
|
||||
- Revert "Revert "smb3: use netname when available on secondary channels"" (Justin M. Forbes)
|
||||
- Revert "Revert "smb3: fix empty netname context on secondary channels"" (Justin M. Forbes)
|
||||
|
||||
* Sat Jul 02 2022 Justin M. Forbes <jforbes@fedoraproject.org> [5.18.9-0]
|
||||
- Revert "smb3: fix empty netname context on secondary channels" (Justin M. Forbes)
|
||||
- Revert "smb3: use netname when available on secondary channels" (Justin M. Forbes)
|
||||
|
|
|
@ -30,7 +30,6 @@
|
|||
drivers/nvme/host/nvme.h | 4 +
|
||||
drivers/pci/quirks.c | 24 ++++
|
||||
drivers/usb/core/hub.c | 7 ++
|
||||
fs/cifs/smb2pdu.c | 21 +---
|
||||
include/linux/efi.h | 24 ++--
|
||||
include/linux/lsm_hook_defs.h | 2 +
|
||||
include/linux/lsm_hooks.h | 6 +
|
||||
|
@ -38,15 +37,16 @@
|
|||
include/linux/security.h | 5 +
|
||||
init/Kconfig | 2 +-
|
||||
kernel/module_signing.c | 9 +-
|
||||
net/netfilter/nf_tables_api.c | 9 +-
|
||||
scripts/tags.sh | 2 +
|
||||
security/integrity/platform_certs/load_uefi.c | 6 +-
|
||||
security/lockdown/Kconfig | 13 +++
|
||||
security/lockdown/lockdown.c | 1 +
|
||||
security/security.c | 6 +
|
||||
45 files changed, 727 insertions(+), 206 deletions(-)
|
||||
45 files changed, 729 insertions(+), 192 deletions(-)
|
||||
|
||||
diff --git a/Makefile b/Makefile
|
||||
index 751cfd786c8c..1dbeaa096d9b 100644
|
||||
index 088b84f99203..53ce8dbdd481 100644
|
||||
--- a/Makefile
|
||||
+++ b/Makefile
|
||||
@@ -18,6 +18,10 @@ $(if $(filter __%, $(MAKECMDGOALS)), \
|
||||
|
@ -123,7 +123,7 @@ index 1cc85b8ff42e..b7ee128c67ce 100644
|
|||
+ return !!ipl_secure_flag;
|
||||
+}
|
||||
diff --git a/arch/s390/kernel/setup.c b/arch/s390/kernel/setup.c
|
||||
index d860ac300919..6e63924932e6 100644
|
||||
index 2cef49983e9e..c50998b4b554 100644
|
||||
--- a/arch/s390/kernel/setup.c
|
||||
+++ b/arch/s390/kernel/setup.c
|
||||
@@ -49,6 +49,7 @@
|
||||
|
@ -134,7 +134,7 @@ index d860ac300919..6e63924932e6 100644
|
|||
#include <linux/hugetlb.h>
|
||||
#include <linux/kmemleak.h>
|
||||
|
||||
@@ -965,6 +966,9 @@ void __init setup_arch(char **cmdline_p)
|
||||
@@ -970,6 +971,9 @@ void __init setup_arch(char **cmdline_p)
|
||||
|
||||
log_component_list();
|
||||
|
||||
|
@ -1517,49 +1517,6 @@ index 1460857026e0..7e1964891089 100644
|
|||
/* Lock the device, then check to see if we were
|
||||
* disconnected while waiting for the lock to succeed. */
|
||||
usb_lock_device(hdev);
|
||||
diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
|
||||
index 6a8a00f28b19..179c1630bf56 100644
|
||||
--- a/fs/cifs/smb2pdu.c
|
||||
+++ b/fs/cifs/smb2pdu.c
|
||||
@@ -543,7 +543,6 @@ assemble_neg_contexts(struct smb2_negotiate_req *req,
|
||||
struct TCP_Server_Info *server, unsigned int *total_len)
|
||||
{
|
||||
char *pneg_ctxt;
|
||||
- char *hostname = NULL;
|
||||
unsigned int ctxt_len, neg_context_count;
|
||||
|
||||
if (*total_len > 200) {
|
||||
@@ -571,24 +570,16 @@ assemble_neg_contexts(struct smb2_negotiate_req *req,
|
||||
*total_len += ctxt_len;
|
||||
pneg_ctxt += ctxt_len;
|
||||
|
||||
+ ctxt_len = build_netname_ctxt((struct smb2_netname_neg_context *)pneg_ctxt,
|
||||
+ server->hostname);
|
||||
+ *total_len += ctxt_len;
|
||||
+ pneg_ctxt += ctxt_len;
|
||||
+
|
||||
build_posix_ctxt((struct smb2_posix_neg_context *)pneg_ctxt);
|
||||
*total_len += sizeof(struct smb2_posix_neg_context);
|
||||
pneg_ctxt += sizeof(struct smb2_posix_neg_context);
|
||||
|
||||
- /*
|
||||
- * secondary channels don't have the hostname field populated
|
||||
- * use the hostname field in the primary channel instead
|
||||
- */
|
||||
- hostname = CIFS_SERVER_IS_CHAN(server) ?
|
||||
- server->primary_server->hostname : server->hostname;
|
||||
- if (hostname && (hostname[0] != 0)) {
|
||||
- ctxt_len = build_netname_ctxt((struct smb2_netname_neg_context *)pneg_ctxt,
|
||||
- hostname);
|
||||
- *total_len += ctxt_len;
|
||||
- pneg_ctxt += ctxt_len;
|
||||
- neg_context_count = 4;
|
||||
- } else /* second channels do not have a hostname */
|
||||
- neg_context_count = 3;
|
||||
+ neg_context_count = 4;
|
||||
|
||||
if (server->compress_algorithm) {
|
||||
build_compression_ctxt((struct smb2_compression_capabilities_context *)
|
||||
diff --git a/include/linux/efi.h b/include/linux/efi.h
|
||||
index cc6d2be2ffd5..418d814d2eb7 100644
|
||||
--- a/include/linux/efi.h
|
||||
|
@ -1743,6 +1700,32 @@ index 8723ae70ea1f..fb2d773498c2 100644
|
|||
+ }
|
||||
+ return ret;
|
||||
}
|
||||
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
|
||||
index 81243c834abb..a136148627e7 100644
|
||||
--- a/net/netfilter/nf_tables_api.c
|
||||
+++ b/net/netfilter/nf_tables_api.c
|
||||
@@ -5213,13 +5213,20 @@ static int nft_setelem_parse_data(struct nft_ctx *ctx, struct nft_set *set,
|
||||
struct nft_data *data,
|
||||
struct nlattr *attr)
|
||||
{
|
||||
+ u32 dtype;
|
||||
int err;
|
||||
|
||||
err = nft_data_init(ctx, data, NFT_DATA_VALUE_MAXLEN, desc, attr);
|
||||
if (err < 0)
|
||||
return err;
|
||||
|
||||
- if (desc->type != NFT_DATA_VERDICT && desc->len != set->dlen) {
|
||||
+ if (set->dtype == NFT_DATA_VERDICT)
|
||||
+ dtype = NFT_DATA_VERDICT;
|
||||
+ else
|
||||
+ dtype = NFT_DATA_VALUE;
|
||||
+
|
||||
+ if (dtype != desc->type ||
|
||||
+ set->dlen != desc->len) {
|
||||
nft_data_release(data, desc->type);
|
||||
return -EINVAL;
|
||||
}
|
||||
diff --git a/scripts/tags.sh b/scripts/tags.sh
|
||||
index 16d475b3e203..4e333f14b84e 100755
|
||||
--- a/scripts/tags.sh
|
||||
|
|
6
sources
6
sources
|
@ -1,3 +1,3 @@
|
|||
SHA512 (linux-5.18.9.tar.xz) = df523ea0a547da055d8ee435192ad0769cc91e7d081da52558f66ae7108525a80353565bd33dd70f6bcdb393e6ba7634971e30cee7d4eb36678d9183558d1e47
|
||||
SHA512 (kernel-abi-stablelists-5.18.9-100.tar.bz2) = cf67f41e414e1d4c727cc9adeef25d9a8b37e5f0e614a11c260e0cc34b7dfe5bca1384be876017fd18ffaa98ca383c1b611fb205edb4d162d3743efd08d13f6f
|
||||
SHA512 (kernel-kabi-dw-5.18.9-100.tar.bz2) = 6ffc70c49dacc3546ceef8024538eeeac6629c9d02110b5042287e327cc43ca3756011eb13ea68f1254c8f76ad3e38f61c7252f8301033e9e18aec62ae4c4c8a
|
||||
SHA512 (linux-5.18.10.tar.xz) = 443ade4d54208697976ac6dfaa96f1a3d2ac21f1440d6414304161305aa5571aa93cee65f1adaae9163382dff3bbf4d712f04cfae5d57bbc61de4295ebbcaa88
|
||||
SHA512 (kernel-abi-stablelists-5.18.10-100.tar.bz2) = 9f0614b7ee410aa5bec200e950e53ee072f7d009cbd8c11f05ee3fd3dff5e9e8c9e7a5141b614eda1963ce4b23444f3d7b48546edf88bc9959f5529afed6cf24
|
||||
SHA512 (kernel-kabi-dw-5.18.10-100.tar.bz2) = 07a7a5f8bc318fdda6f6d8dac0df667dffadecc6db8def51cc92e246f1ad372668aa6a7d58054f9bd56010b3599de74b9406f3b83c1d23bc0de4b61bd703eda4
|
||||
|
|
Loading…
Reference in New Issue