kernel-6.10.6-200
* Mon Aug 19 2024 Justin M. Forbes <jforbes@fedoraproject.org> [6.10.6-0] - Add to BugsFixed (Justin M. Forbes) - selinux: revert our use of vma_is_initial_heap() (Paul Moore) - Linux v6.10.6 Resolves: Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
This commit is contained in:
parent
57278db1e1
commit
66aa3fc503
@ -1,3 +1,6 @@
|
|||||||
|
https://gitlab.com/cki-project/kernel-ark/-/commit/d42657488c703c24d1fffaecced0b3b82d30b393
|
||||||
|
d42657488c703c24d1fffaecced0b3b82d30b393 selinux: revert our use of vma_is_initial_heap()
|
||||||
|
|
||||||
https://gitlab.com/cki-project/kernel-ark/-/commit/3a19264d7608d1c0cb6adff9f45883887a30ba29
|
https://gitlab.com/cki-project/kernel-ark/-/commit/3a19264d7608d1c0cb6adff9f45883887a30ba29
|
||||||
3a19264d7608d1c0cb6adff9f45883887a30ba29 Revert "ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error"
|
3a19264d7608d1c0cb6adff9f45883887a30ba29 Revert "ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error"
|
||||||
|
|
||||||
|
@ -1,3 +1,9 @@
|
|||||||
|
* Mon Aug 19 2024 Justin M. Forbes <jforbes@fedoraproject.org> [6.10.6-0]
|
||||||
|
- Add to BugsFixed (Justin M. Forbes)
|
||||||
|
- selinux: revert our use of vma_is_initial_heap() (Paul Moore)
|
||||||
|
- Linux v6.10.6
|
||||||
|
Resolves:
|
||||||
|
|
||||||
* Wed Aug 14 2024 Justin M. Forbes <jforbes@fedoraproject.org> [6.10.5-0]
|
* Wed Aug 14 2024 Justin M. Forbes <jforbes@fedoraproject.org> [6.10.5-0]
|
||||||
- Revert "ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error" (Niklas Cassel)
|
- Revert "ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error" (Niklas Cassel)
|
||||||
- Linux v6.10.5
|
- Linux v6.10.5
|
||||||
|
13
kernel.spec
13
kernel.spec
@ -160,18 +160,18 @@ Summary: The Linux kernel
|
|||||||
# the --with-release option overrides this setting.)
|
# the --with-release option overrides this setting.)
|
||||||
%define debugbuildsenabled 1
|
%define debugbuildsenabled 1
|
||||||
# define buildid .local
|
# define buildid .local
|
||||||
%define specrpmversion 6.10.5
|
%define specrpmversion 6.10.6
|
||||||
%define specversion 6.10.5
|
%define specversion 6.10.6
|
||||||
%define patchversion 6.10
|
%define patchversion 6.10
|
||||||
%define pkgrelease 200
|
%define pkgrelease 200
|
||||||
%define kversion 6
|
%define kversion 6
|
||||||
%define tarfile_release 6.10.5
|
%define tarfile_release 6.10.6
|
||||||
# This is needed to do merge window version magic
|
# This is needed to do merge window version magic
|
||||||
%define patchlevel 10
|
%define patchlevel 10
|
||||||
# This allows pkg_release to have configurable %%{?dist} tag
|
# This allows pkg_release to have configurable %%{?dist} tag
|
||||||
%define specrelease 200%{?buildid}%{?dist}
|
%define specrelease 200%{?buildid}%{?dist}
|
||||||
# This defines the kabi tarball version
|
# This defines the kabi tarball version
|
||||||
%define kabiversion 6.10.5
|
%define kabiversion 6.10.6
|
||||||
|
|
||||||
# If this variable is set to 1, a bpf selftests build failure will cause a
|
# If this variable is set to 1, a bpf selftests build failure will cause a
|
||||||
# fatal kernel package build error
|
# fatal kernel package build error
|
||||||
@ -4043,6 +4043,11 @@ fi\
|
|||||||
#
|
#
|
||||||
#
|
#
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Aug 19 2024 Justin M. Forbes <jforbes@fedoraproject.org> [6.10.6-0]
|
||||||
|
- Add to BugsFixed (Justin M. Forbes)
|
||||||
|
- selinux: revert our use of vma_is_initial_heap() (Paul Moore)
|
||||||
|
- Linux v6.10.6
|
||||||
|
|
||||||
* Wed Aug 14 2024 Justin M. Forbes <jforbes@fedoraproject.org> [6.10.5-0]
|
* Wed Aug 14 2024 Justin M. Forbes <jforbes@fedoraproject.org> [6.10.5-0]
|
||||||
- Revert "ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error" (Niklas Cassel)
|
- Revert "ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error" (Niklas Cassel)
|
||||||
- Linux v6.10.5
|
- Linux v6.10.5
|
||||||
|
@ -12,7 +12,6 @@
|
|||||||
drivers/acpi/irq.c | 17 ++-
|
drivers/acpi/irq.c | 17 ++-
|
||||||
drivers/acpi/scan.c | 9 ++
|
drivers/acpi/scan.c | 9 ++
|
||||||
drivers/ata/libahci.c | 18 +++
|
drivers/ata/libahci.c | 18 +++
|
||||||
drivers/ata/libata-scsi.c | 15 ++-
|
|
||||||
drivers/char/ipmi/ipmi_dmi.c | 15 +++
|
drivers/char/ipmi/ipmi_dmi.c | 15 +++
|
||||||
drivers/char/ipmi/ipmi_msghandler.c | 16 ++-
|
drivers/char/ipmi/ipmi_msghandler.c | 16 ++-
|
||||||
drivers/char/random.c | 122 +++++++++++++++++
|
drivers/char/random.c | 122 +++++++++++++++++
|
||||||
@ -41,10 +40,11 @@
|
|||||||
security/lockdown/Kconfig | 13 ++
|
security/lockdown/Kconfig | 13 ++
|
||||||
security/lockdown/lockdown.c | 1 +
|
security/lockdown/lockdown.c | 1 +
|
||||||
security/security.c | 12 ++
|
security/security.c | 12 ++
|
||||||
43 files changed, 802 insertions(+), 261 deletions(-)
|
security/selinux/hooks.c | 12 +-
|
||||||
|
43 files changed, 800 insertions(+), 260 deletions(-)
|
||||||
|
|
||||||
diff --git a/Makefile b/Makefile
|
diff --git a/Makefile b/Makefile
|
||||||
index f9badb79ae8f..4d0eadfc33a1 100644
|
index 361a70264e1f..eaf69484d4ce 100644
|
||||||
--- a/Makefile
|
--- a/Makefile
|
||||||
+++ b/Makefile
|
+++ b/Makefile
|
||||||
@@ -22,6 +22,18 @@ $(if $(filter __%, $(MAKECMDGOALS)), \
|
@@ -22,6 +22,18 @@ $(if $(filter __%, $(MAKECMDGOALS)), \
|
||||||
@ -617,32 +617,6 @@ index 83431aae74d8..f2a9c0d644af 100644
|
|||||||
/* wait for engine to stop. This could be as long as 500 msec */
|
/* wait for engine to stop. This could be as long as 500 msec */
|
||||||
tmp = ata_wait_register(ap, port_mmio + PORT_CMD,
|
tmp = ata_wait_register(ap, port_mmio + PORT_CMD,
|
||||||
PORT_CMD_LIST_ON, PORT_CMD_LIST_ON, 1, 500);
|
PORT_CMD_LIST_ON, PORT_CMD_LIST_ON, 1, 500);
|
||||||
diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c
|
|
||||||
index 076fbeadce01..4e0847601103 100644
|
|
||||||
--- a/drivers/ata/libata-scsi.c
|
|
||||||
+++ b/drivers/ata/libata-scsi.c
|
|
||||||
@@ -941,8 +941,19 @@ static void ata_gen_passthru_sense(struct ata_queued_cmd *qc)
|
|
||||||
&sense_key, &asc, &ascq);
|
|
||||||
ata_scsi_set_sense(qc->dev, cmd, sense_key, asc, ascq);
|
|
||||||
} else {
|
|
||||||
- /* ATA PASS-THROUGH INFORMATION AVAILABLE */
|
|
||||||
- ata_scsi_set_sense(qc->dev, cmd, RECOVERED_ERROR, 0, 0x1D);
|
|
||||||
+ /*
|
|
||||||
+ * ATA PASS-THROUGH INFORMATION AVAILABLE
|
|
||||||
+ *
|
|
||||||
+ * Note: we are supposed to call ata_scsi_set_sense(), which
|
|
||||||
+ * respects the D_SENSE bit, instead of unconditionally
|
|
||||||
+ * generating the sense data in descriptor format. However,
|
|
||||||
+ * because hdparm, hddtemp, and udisks incorrectly assume sense
|
|
||||||
+ * data in descriptor format, without even looking at the
|
|
||||||
+ * RESPONSE CODE field in the returned sense data (to see which
|
|
||||||
+ * format the returned sense data is in), we are stuck with
|
|
||||||
+ * being bug compatible with older kernels.
|
|
||||||
+ */
|
|
||||||
+ scsi_build_sense(cmd, 1, RECOVERED_ERROR, 0, 0x1D);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
diff --git a/drivers/char/ipmi/ipmi_dmi.c b/drivers/char/ipmi/ipmi_dmi.c
|
diff --git a/drivers/char/ipmi/ipmi_dmi.c b/drivers/char/ipmi/ipmi_dmi.c
|
||||||
index bbf7029e224b..cf7faa970dd6 100644
|
index bbf7029e224b..cf7faa970dd6 100644
|
||||||
--- a/drivers/char/ipmi/ipmi_dmi.c
|
--- a/drivers/char/ipmi/ipmi_dmi.c
|
||||||
@ -1983,3 +1957,26 @@ index 8cee5b6c6e6d..489e25946bf9 100644
|
|||||||
#ifdef CONFIG_PERF_EVENTS
|
#ifdef CONFIG_PERF_EVENTS
|
||||||
/**
|
/**
|
||||||
* security_perf_event_open() - Check if a perf event open is allowed
|
* security_perf_event_open() - Check if a perf event open is allowed
|
||||||
|
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
|
||||||
|
index 55c78c318ccd..bfa61e005aac 100644
|
||||||
|
--- a/security/selinux/hooks.c
|
||||||
|
+++ b/security/selinux/hooks.c
|
||||||
|
@@ -3852,7 +3852,17 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
|
||||||
|
if (default_noexec &&
|
||||||
|
(prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
|
||||||
|
int rc = 0;
|
||||||
|
- if (vma_is_initial_heap(vma)) {
|
||||||
|
+ /*
|
||||||
|
+ * We don't use the vma_is_initial_heap() helper as it has
|
||||||
|
+ * a history of problems and is currently broken on systems
|
||||||
|
+ * where there is no heap, e.g. brk == start_brk. Before
|
||||||
|
+ * replacing the conditional below with vma_is_initial_heap(),
|
||||||
|
+ * or something similar, please ensure that the logic is the
|
||||||
|
+ * same as what we have below or you have tested every possible
|
||||||
|
+ * corner case you can think to test.
|
||||||
|
+ */
|
||||||
|
+ if (vma->vm_start >= vma->vm_mm->start_brk &&
|
||||||
|
+ vma->vm_end <= vma->vm_mm->brk) {
|
||||||
|
rc = avc_has_perm(sid, sid, SECCLASS_PROCESS,
|
||||||
|
PROCESS__EXECHEAP, NULL);
|
||||||
|
} else if (!vma->vm_file && (vma_is_initial_stack(vma) ||
|
||||||
|
6
sources
6
sources
@ -1,5 +1,5 @@
|
|||||||
SHA512 (kernel-abi-stablelists-6.6.0.tar.bz2) = 4f917598056dee5e23814621ec96ff2e4a411c8c4ba9d56ecb01b23cb96431825bedbecfcbaac9338efbf5cb21694d85497fa0bf43e7c80d9cd10bc6dd144dbd
|
SHA512 (kernel-abi-stablelists-6.6.0.tar.bz2) = 4f917598056dee5e23814621ec96ff2e4a411c8c4ba9d56ecb01b23cb96431825bedbecfcbaac9338efbf5cb21694d85497fa0bf43e7c80d9cd10bc6dd144dbd
|
||||||
SHA512 (kernel-kabi-dw-6.6.0.tar.bz2) = 19308cd976031d05e18ef7f5d093218acdb89446418bab0cd956ff12cf66369915b9e64bb66fa9f20939428a60e81884fec5be3529c6c7461738d6540d3cc5c6
|
SHA512 (kernel-kabi-dw-6.6.0.tar.bz2) = 19308cd976031d05e18ef7f5d093218acdb89446418bab0cd956ff12cf66369915b9e64bb66fa9f20939428a60e81884fec5be3529c6c7461738d6540d3cc5c6
|
||||||
SHA512 (linux-6.10.5.tar.xz) = dfeefdd26d83e5302492e6664112a989b16ac5d9517cedbe9f67b2b7d95fc022142ce963a2f15eec80460620b4e01cbe1dafa03792b7e23ac5e7f4dcc8e91473
|
SHA512 (linux-6.10.6.tar.xz) = a6c956119cb28f659a56f37cd46869ccc7e0fcc17d6d90a83f1767cb052a2f52a5c69319568cadb97ffc29d9dfe875162eb59652b464084f42fb5af5983e172f
|
||||||
SHA512 (kernel-abi-stablelists-6.10.5.tar.xz) = 4613278147c9ec1265e7d17c4711cf078e7a8bd39e2287a801689479cb79b0a9d6f2ff01a681c729626df394a7e46e5ab2169305fecef9ddc389ec4c3e5d6bce
|
SHA512 (kernel-abi-stablelists-6.10.6.tar.xz) = fd14e4707c266984f4dc41d2ae0b3b5c9f94029b8c078b25cdc6355a79f201bd57c1a0389e12b25950fac4ed3171f0ffcca980a7c4fb433786d833e8e5afb2a4
|
||||||
SHA512 (kernel-kabi-dw-6.10.5.tar.xz) = d3f44cfa453b446891cf6ba9f885f21980e13924f1c4749cb2887e0ef420c7ea41243aa32a871b10b98952b28515ca80d400b7811cc24716783b96fd1ed244f2
|
SHA512 (kernel-kabi-dw-6.10.6.tar.xz) = f089ef9577a153db66f2e5712ce8ae5e53e73c90eb73f2f751650b8dc0163c9394d5950959a7c18074656756ffc3b8a96bb50442641b8ce475eb28d8d3626c64
|
||||||
|
Loading…
Reference in New Issue
Block a user