Linux v4.16.12
Also includes the fix for CVE-2018-10840 (rhbz 1582346 1582348)
This commit is contained in:
parent
27cfcafb2f
commit
77b4be52ad
@ -1,28 +0,0 @@
|
|||||||
From 7a2e67bfa5316e267e782477ec880e2464fd682a Mon Sep 17 00:00:00 2001
|
|
||||||
From: Peter Robinson <pbrobinson@gmail.com>
|
|
||||||
Date: Sun, 11 Feb 2018 21:28:41 +0000
|
|
||||||
Subject: [PATCH] crypto: sunxi-ss: Add MODULE_ALIAS to sun4i-ss
|
|
||||||
|
|
||||||
The MODULE_ALIAS is required to enable the sun4i-ss driver to load
|
|
||||||
automatically when built at a module. Tested on a Cubietruck.
|
|
||||||
|
|
||||||
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
|
|
||||||
---
|
|
||||||
drivers/crypto/sunxi-ss/sun4i-ss-core.c | 1 +
|
|
||||||
1 file changed, 1 insertion(+)
|
|
||||||
|
|
||||||
diff --git a/drivers/crypto/sunxi-ss/sun4i-ss-core.c b/drivers/crypto/sunxi-ss/sun4i-ss-core.c
|
|
||||||
index 1547cbe13dc2..a81d89b3b7d8 100644
|
|
||||||
--- a/drivers/crypto/sunxi-ss/sun4i-ss-core.c
|
|
||||||
+++ b/drivers/crypto/sunxi-ss/sun4i-ss-core.c
|
|
||||||
@@ -451,6 +451,7 @@ static struct platform_driver sun4i_ss_driver = {
|
|
||||||
|
|
||||||
module_platform_driver(sun4i_ss_driver);
|
|
||||||
|
|
||||||
+MODULE_ALIAS("platform:sun4i-ss");
|
|
||||||
MODULE_DESCRIPTION("Allwinner Security System cryptographic accelerator");
|
|
||||||
MODULE_LICENSE("GPL");
|
|
||||||
MODULE_AUTHOR("Corentin LABBE <clabbe.montjoie@gmail.com>");
|
|
||||||
--
|
|
||||||
2.14.3
|
|
||||||
|
|
70
ext4-correctly-handle-a-zero-length-xattr-with-a-non.patch
Normal file
70
ext4-correctly-handle-a-zero-length-xattr-with-a-non.patch
Normal file
@ -0,0 +1,70 @@
|
|||||||
|
From e787b36fc8d972fa762ddc91062812c26e0331c0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Theodore Ts'o <tytso@mit.edu>
|
||||||
|
Date: Wed, 23 May 2018 11:31:03 -0400
|
||||||
|
Subject: [PATCH] ext4: correctly handle a zero-length xattr with a non-zero
|
||||||
|
e_value_offs
|
||||||
|
|
||||||
|
Ext4 will always create ext4 extended attributes which do not have a
|
||||||
|
value (where e_value_size is zero) with e_value_offs set to zero. In
|
||||||
|
most places e_value_offs will not be used in a substantive way if
|
||||||
|
e_value_size is zero.
|
||||||
|
|
||||||
|
There was one exception to this, which is in ext4_xattr_set_entry(),
|
||||||
|
where if there is a maliciously crafted file system where there is an
|
||||||
|
extended attribute with e_value_offs is non-zero and e_value_size is
|
||||||
|
0, the attempt to remove this xattr will result in a negative value
|
||||||
|
getting passed to memmove, leading to the following sadness:
|
||||||
|
|
||||||
|
[ 41.225365] EXT4-fs (loop0): mounted filesystem with ordered data mode. Opts: (null)
|
||||||
|
[ 44.538641] BUG: unable to handle kernel paging request at ffff9ec9a3000000
|
||||||
|
[ 44.538733] IP: __memmove+0x81/0x1a0
|
||||||
|
[ 44.538755] PGD 1249bd067 P4D 1249bd067 PUD 1249c1067 PMD 80000001230000e1
|
||||||
|
[ 44.538793] Oops: 0003 [#1] SMP PTI
|
||||||
|
[ 44.539074] CPU: 0 PID: 1470 Comm: poc Not tainted 4.16.0-rc1+ #1
|
||||||
|
...
|
||||||
|
[ 44.539475] Call Trace:
|
||||||
|
[ 44.539832] ext4_xattr_set_entry+0x9e7/0xf80
|
||||||
|
...
|
||||||
|
[ 44.539972] ext4_xattr_block_set+0x212/0xea0
|
||||||
|
...
|
||||||
|
[ 44.540041] ext4_xattr_set_handle+0x514/0x610
|
||||||
|
[ 44.540065] ext4_xattr_set+0x7f/0x120
|
||||||
|
[ 44.540090] __vfs_removexattr+0x4d/0x60
|
||||||
|
[ 44.540112] vfs_removexattr+0x75/0xe0
|
||||||
|
[ 44.540132] removexattr+0x4d/0x80
|
||||||
|
...
|
||||||
|
[ 44.540279] path_removexattr+0x91/0xb0
|
||||||
|
[ 44.540300] SyS_removexattr+0xf/0x20
|
||||||
|
[ 44.540322] do_syscall_64+0x71/0x120
|
||||||
|
[ 44.540344] entry_SYSCALL_64_after_hwframe+0x21/0x86
|
||||||
|
|
||||||
|
https://bugzilla.kernel.org/show_bug.cgi?id=199347
|
||||||
|
|
||||||
|
This addresses CVE-2018-10840.
|
||||||
|
|
||||||
|
Reported-by: "Xu, Wen" <wen.xu@gatech.edu>
|
||||||
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
||||||
|
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
|
||||||
|
Cc: stable@kernel.org
|
||||||
|
Fixes: dec214d00e0d7 ("ext4: xattr inode deduplication")
|
||||||
|
Signed-off-by: Jeremy Cline <jcline@redhat.com>
|
||||||
|
---
|
||||||
|
fs/ext4/xattr.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
|
||||||
|
index 499cb4b1fbd2..fc4ced59c565 100644
|
||||||
|
--- a/fs/ext4/xattr.c
|
||||||
|
+++ b/fs/ext4/xattr.c
|
||||||
|
@@ -1688,7 +1688,7 @@ static int ext4_xattr_set_entry(struct ext4_xattr_info *i,
|
||||||
|
|
||||||
|
/* No failures allowed past this point. */
|
||||||
|
|
||||||
|
- if (!s->not_found && here->e_value_offs) {
|
||||||
|
+ if (!s->not_found && here->e_value_size && here->e_value_offs) {
|
||||||
|
/* Remove the old value. */
|
||||||
|
void *first_val = s->base + min_offs;
|
||||||
|
size_t offs = le16_to_cpu(here->e_value_offs);
|
||||||
|
--
|
||||||
|
2.17.0
|
||||||
|
|
12
kernel.spec
12
kernel.spec
@ -54,7 +54,7 @@ Summary: The Linux kernel
|
|||||||
%if 0%{?released_kernel}
|
%if 0%{?released_kernel}
|
||||||
|
|
||||||
# Do we have a -stable update to apply?
|
# Do we have a -stable update to apply?
|
||||||
%define stable_update 11
|
%define stable_update 12
|
||||||
# Set rpm version accordingly
|
# Set rpm version accordingly
|
||||||
%if 0%{?stable_update}
|
%if 0%{?stable_update}
|
||||||
%define stablerev %{stable_update}
|
%define stablerev %{stable_update}
|
||||||
@ -576,9 +576,6 @@ Patch306: wcn36xx-Fix-firmware-crash-due-to-corrupted-buffer-address.patch
|
|||||||
# https://patchwork.kernel.org/patch/10245303/
|
# https://patchwork.kernel.org/patch/10245303/
|
||||||
Patch307: wcn36xx-reduce-verbosity-of-drivers-messages.patch
|
Patch307: wcn36xx-reduce-verbosity-of-drivers-messages.patch
|
||||||
|
|
||||||
# https://www.spinics.net/lists/arm-kernel/msg632925.html
|
|
||||||
Patch308: arm-crypto-sunxi-ss-Add-MODULE_ALIAS-to-sun4i-ss.patch
|
|
||||||
|
|
||||||
# Fix USB on the RPi https://patchwork.kernel.org/patch/9879371/
|
# Fix USB on the RPi https://patchwork.kernel.org/patch/9879371/
|
||||||
Patch309: bcm283x-dma-mapping-skip-USB-devices-when-configuring-DMA-during-probe.patch
|
Patch309: bcm283x-dma-mapping-skip-USB-devices-when-configuring-DMA-during-probe.patch
|
||||||
|
|
||||||
@ -661,6 +658,9 @@ Patch511: 0001-xfs-set-format-back-to-extents-if-xfs_bmap_extents_t.patch
|
|||||||
# https://www.spinics.net/lists/linux-acpi/msg82405.html
|
# https://www.spinics.net/lists/linux-acpi/msg82405.html
|
||||||
Patch512: mailbox-ACPI-erroneous-error-message-when-parsing-ACPI.patch
|
Patch512: mailbox-ACPI-erroneous-error-message-when-parsing-ACPI.patch
|
||||||
|
|
||||||
|
# CVE-2018-10840 rhbz 1582346 1582348
|
||||||
|
Patch513: ext4-correctly-handle-a-zero-length-xattr-with-a-non.patch
|
||||||
|
|
||||||
# END OF PATCH DEFINITIONS
|
# END OF PATCH DEFINITIONS
|
||||||
|
|
||||||
%endif
|
%endif
|
||||||
@ -1934,7 +1934,9 @@ fi
|
|||||||
#
|
#
|
||||||
#
|
#
|
||||||
%changelog
|
%changelog
|
||||||
* Fri May 25 2018 Jeremy Cline <jeremy@jcline.org>
|
* Fri May 25 2018 Jeremy Cline <jcline@redhat.com> - 4.16.12-100
|
||||||
|
- Linux v4.16.12
|
||||||
|
- Fix CVE-2018-10840 (rhbz 1582346 1582348)
|
||||||
- Fix for incorrect error message about parsing PCCT (rhbz 1435837)
|
- Fix for incorrect error message about parsing PCCT (rhbz 1435837)
|
||||||
|
|
||||||
* Tue May 22 2018 Jeremy Cline <jcline@redhat.com> - 4.16.11-100
|
* Tue May 22 2018 Jeremy Cline <jcline@redhat.com> - 4.16.11-100
|
||||||
|
2
sources
2
sources
@ -1,2 +1,2 @@
|
|||||||
SHA512 (linux-4.16.tar.xz) = ab47849314b177d0eec9dbf261f33972b0d89fb92fb0650130ffa7abc2f36c0fab2d06317dc1683c51a472a9a631573a9b1e7258d6281a2ee189897827f14662
|
SHA512 (linux-4.16.tar.xz) = ab47849314b177d0eec9dbf261f33972b0d89fb92fb0650130ffa7abc2f36c0fab2d06317dc1683c51a472a9a631573a9b1e7258d6281a2ee189897827f14662
|
||||||
SHA512 (patch-4.16.11.xz) = 03c2dbd6f5bac48875a08f6ef3603379fd5736d7b4d1abe1d4271d484ac5b08790c8d28177cec4e45421a303eb539fc79e15a9b67383b249b7d999e47652135c
|
SHA512 (patch-4.16.12.xz) = 7bd2b4fa54b69df5558a4a151936fb1787f2faa0f4e73c03db04ef84ac088f764425faf5d6b5a023d4863e190775dcbb251eba1efc3b10eb133330bb6b210b72
|
||||||
|
Loading…
Reference in New Issue
Block a user