kernel-6.5.4-300
* Tue Sep 19 2023 Justin M. Forbes <jforbes@fedoraproject.org> [6.5.4-0] - Add F38 and F37 as release targets (Justin M. Forbes) - Add NFS bug fix for 6.5.4 (Justin M. Forbes) - selinux: fix handling of empty opts in selinux_fs_context_submount() (Ondrej Mosnacek) - Turn off appletalk for fedora (Justin M. Forbes) - Linux v6.5.4 Resolves: Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
This commit is contained in:
parent
07eb7fc475
commit
e73ec15a01
|
@ -1,3 +1,6 @@
|
||||||
|
"https://gitlab.com/cki-project/kernel-ark/-/commit"/60528063540aabceb7c4d79c7938d229ed5efc4f
|
||||||
|
60528063540aabceb7c4d79c7938d229ed5efc4f selinux: fix handling of empty opts in selinux_fs_context_submount()
|
||||||
|
|
||||||
"https://gitlab.com/cki-project/kernel-ark/-/commit"/80c615ec2edb4aadded21fe924e2caa172d59577
|
"https://gitlab.com/cki-project/kernel-ark/-/commit"/80c615ec2edb4aadded21fe924e2caa172d59577
|
||||||
80c615ec2edb4aadded21fe924e2caa172d59577 Revert "misc: rtsx: judge ASPM Mode to set PETXCFG Reg"
|
80c615ec2edb4aadded21fe924e2caa172d59577 Revert "misc: rtsx: judge ASPM Mode to set PETXCFG Reg"
|
||||||
|
|
||||||
|
|
|
@ -1315,7 +1315,7 @@ CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
|
||||||
CONFIG_DEFAULT_SECURITY_SELINUX=y
|
CONFIG_DEFAULT_SECURITY_SELINUX=y
|
||||||
# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set
|
# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set
|
||||||
CONFIG_DETECT_HUNG_TASK=y
|
CONFIG_DETECT_HUNG_TASK=y
|
||||||
CONFIG_DEV_APPLETALK=m
|
# CONFIG_DEV_APPLETALK is not set
|
||||||
CONFIG_DEV_DAX_CXL=m
|
CONFIG_DEV_DAX_CXL=m
|
||||||
CONFIG_DEV_DAX_HMEM=m
|
CONFIG_DEV_DAX_HMEM=m
|
||||||
CONFIG_DEV_DAX_KMEM=m
|
CONFIG_DEV_DAX_KMEM=m
|
||||||
|
|
|
@ -1305,7 +1305,7 @@ CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
|
||||||
CONFIG_DEFAULT_SECURITY_SELINUX=y
|
CONFIG_DEFAULT_SECURITY_SELINUX=y
|
||||||
# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set
|
# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set
|
||||||
# CONFIG_DETECT_HUNG_TASK is not set
|
# CONFIG_DETECT_HUNG_TASK is not set
|
||||||
CONFIG_DEV_APPLETALK=m
|
# CONFIG_DEV_APPLETALK is not set
|
||||||
CONFIG_DEV_DAX_CXL=m
|
CONFIG_DEV_DAX_CXL=m
|
||||||
CONFIG_DEV_DAX_HMEM=m
|
CONFIG_DEV_DAX_HMEM=m
|
||||||
CONFIG_DEV_DAX_KMEM=m
|
CONFIG_DEV_DAX_KMEM=m
|
||||||
|
|
|
@ -1323,7 +1323,7 @@ CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
|
||||||
CONFIG_DEFAULT_SECURITY_SELINUX=y
|
CONFIG_DEFAULT_SECURITY_SELINUX=y
|
||||||
# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set
|
# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set
|
||||||
CONFIG_DETECT_HUNG_TASK=y
|
CONFIG_DETECT_HUNG_TASK=y
|
||||||
CONFIG_DEV_APPLETALK=m
|
# CONFIG_DEV_APPLETALK is not set
|
||||||
CONFIG_DEV_DAX_CXL=m
|
CONFIG_DEV_DAX_CXL=m
|
||||||
CONFIG_DEV_DAX_HMEM=m
|
CONFIG_DEV_DAX_HMEM=m
|
||||||
CONFIG_DEV_DAX_KMEM=m
|
CONFIG_DEV_DAX_KMEM=m
|
||||||
|
|
|
@ -1313,7 +1313,7 @@ CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
|
||||||
CONFIG_DEFAULT_SECURITY_SELINUX=y
|
CONFIG_DEFAULT_SECURITY_SELINUX=y
|
||||||
# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set
|
# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set
|
||||||
# CONFIG_DETECT_HUNG_TASK is not set
|
# CONFIG_DETECT_HUNG_TASK is not set
|
||||||
CONFIG_DEV_APPLETALK=m
|
# CONFIG_DEV_APPLETALK is not set
|
||||||
CONFIG_DEV_DAX_CXL=m
|
CONFIG_DEV_DAX_CXL=m
|
||||||
CONFIG_DEV_DAX_HMEM=m
|
CONFIG_DEV_DAX_HMEM=m
|
||||||
CONFIG_DEV_DAX_KMEM=m
|
CONFIG_DEV_DAX_KMEM=m
|
||||||
|
|
|
@ -1442,7 +1442,7 @@ CONFIG_DELL_WMI=m
|
||||||
CONFIG_DELL_WMI_PRIVACY=y
|
CONFIG_DELL_WMI_PRIVACY=y
|
||||||
CONFIG_DELL_WMI_SYSMAN=m
|
CONFIG_DELL_WMI_SYSMAN=m
|
||||||
CONFIG_DETECT_HUNG_TASK=y
|
CONFIG_DETECT_HUNG_TASK=y
|
||||||
CONFIG_DEV_APPLETALK=m
|
# CONFIG_DEV_APPLETALK is not set
|
||||||
CONFIG_DEV_DAX_CXL=m
|
CONFIG_DEV_DAX_CXL=m
|
||||||
CONFIG_DEV_DAX_HMEM=m
|
CONFIG_DEV_DAX_HMEM=m
|
||||||
CONFIG_DEV_DAX_KMEM=m
|
CONFIG_DEV_DAX_KMEM=m
|
||||||
|
|
|
@ -1432,7 +1432,7 @@ CONFIG_DELL_WMI=m
|
||||||
CONFIG_DELL_WMI_PRIVACY=y
|
CONFIG_DELL_WMI_PRIVACY=y
|
||||||
CONFIG_DELL_WMI_SYSMAN=m
|
CONFIG_DELL_WMI_SYSMAN=m
|
||||||
# CONFIG_DETECT_HUNG_TASK is not set
|
# CONFIG_DETECT_HUNG_TASK is not set
|
||||||
CONFIG_DEV_APPLETALK=m
|
# CONFIG_DEV_APPLETALK is not set
|
||||||
CONFIG_DEV_DAX_CXL=m
|
CONFIG_DEV_DAX_CXL=m
|
||||||
CONFIG_DEV_DAX_HMEM=m
|
CONFIG_DEV_DAX_HMEM=m
|
||||||
CONFIG_DEV_DAX_KMEM=m
|
CONFIG_DEV_DAX_KMEM=m
|
||||||
|
|
15
kernel.spec
15
kernel.spec
|
@ -160,18 +160,18 @@ Summary: The Linux kernel
|
||||||
# the --with-release option overrides this setting.)
|
# the --with-release option overrides this setting.)
|
||||||
%define debugbuildsenabled 1
|
%define debugbuildsenabled 1
|
||||||
# define buildid .local
|
# define buildid .local
|
||||||
%define specrpmversion 6.5.3
|
%define specrpmversion 6.5.4
|
||||||
%define specversion 6.5.3
|
%define specversion 6.5.4
|
||||||
%define patchversion 6.5
|
%define patchversion 6.5
|
||||||
%define pkgrelease 300
|
%define pkgrelease 300
|
||||||
%define kversion 6
|
%define kversion 6
|
||||||
%define tarfile_release 6.5.3
|
%define tarfile_release 6.5.4
|
||||||
# This is needed to do merge window version magic
|
# This is needed to do merge window version magic
|
||||||
%define patchlevel 5
|
%define patchlevel 5
|
||||||
# This allows pkg_release to have configurable %%{?dist} tag
|
# This allows pkg_release to have configurable %%{?dist} tag
|
||||||
%define specrelease 300%{?buildid}%{?dist}
|
%define specrelease 300%{?buildid}%{?dist}
|
||||||
# This defines the kabi tarball version
|
# This defines the kabi tarball version
|
||||||
%define kabiversion 6.5.3
|
%define kabiversion 6.5.4
|
||||||
|
|
||||||
# If this variable is set to 1, a bpf selftests build failure will cause a
|
# If this variable is set to 1, a bpf selftests build failure will cause a
|
||||||
# fatal kernel package build error
|
# fatal kernel package build error
|
||||||
|
@ -3702,6 +3702,13 @@ fi\
|
||||||
#
|
#
|
||||||
#
|
#
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Sep 19 2023 Justin M. Forbes <jforbes@fedoraproject.org> [6.5.4-0]
|
||||||
|
- Add F38 and F37 as release targets (Justin M. Forbes)
|
||||||
|
- Add NFS bug fix for 6.5.4 (Justin M. Forbes)
|
||||||
|
- selinux: fix handling of empty opts in selinux_fs_context_submount() (Ondrej Mosnacek)
|
||||||
|
- Turn off appletalk for fedora (Justin M. Forbes)
|
||||||
|
- Linux v6.5.4
|
||||||
|
|
||||||
* Wed Sep 13 2023 Justin M. Forbes <jforbes@fedoraproject.org> [6.5.3-0]
|
* Wed Sep 13 2023 Justin M. Forbes <jforbes@fedoraproject.org> [6.5.3-0]
|
||||||
- Revert "misc: rtsx: judge ASPM Mode to set PETXCFG Reg" (Justin M. Forbes)
|
- Revert "misc: rtsx: judge ASPM Mode to set PETXCFG Reg" (Justin M. Forbes)
|
||||||
- Config updates for 6.5.3 (Justin M. Forbes)
|
- Config updates for 6.5.3 (Justin M. Forbes)
|
||||||
|
|
|
@ -39,10 +39,11 @@
|
||||||
security/lockdown/Kconfig | 13 +++
|
security/lockdown/Kconfig | 13 +++
|
||||||
security/lockdown/lockdown.c | 1 +
|
security/lockdown/lockdown.c | 1 +
|
||||||
security/security.c | 12 ++
|
security/security.c | 12 ++
|
||||||
41 files changed, 572 insertions(+), 190 deletions(-)
|
security/selinux/hooks.c | 10 +-
|
||||||
|
42 files changed, 580 insertions(+), 192 deletions(-)
|
||||||
|
|
||||||
diff --git a/Makefile b/Makefile
|
diff --git a/Makefile b/Makefile
|
||||||
index 901cdfa5e7d3..8ca0b56a75cc 100644
|
index beddccac3283..b7f8a65852ca 100644
|
||||||
--- a/Makefile
|
--- a/Makefile
|
||||||
+++ b/Makefile
|
+++ b/Makefile
|
||||||
@@ -22,6 +22,18 @@ $(if $(filter __%, $(MAKECMDGOALS)), \
|
@@ -22,6 +22,18 @@ $(if $(filter __%, $(MAKECMDGOALS)), \
|
||||||
|
@ -1572,3 +1573,30 @@ index 549104a447e3..73670798f075 100644
|
||||||
#ifdef CONFIG_PERF_EVENTS
|
#ifdef CONFIG_PERF_EVENTS
|
||||||
/**
|
/**
|
||||||
* security_perf_event_open() - Check if a perf event open is allowed
|
* security_perf_event_open() - Check if a perf event open is allowed
|
||||||
|
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
|
||||||
|
index afd663744041..5c16fe737a27 100644
|
||||||
|
--- a/security/selinux/hooks.c
|
||||||
|
+++ b/security/selinux/hooks.c
|
||||||
|
@@ -2748,14 +2748,20 @@ static int selinux_umount(struct vfsmount *mnt, int flags)
|
||||||
|
static int selinux_fs_context_submount(struct fs_context *fc,
|
||||||
|
struct super_block *reference)
|
||||||
|
{
|
||||||
|
- const struct superblock_security_struct *sbsec;
|
||||||
|
+ const struct superblock_security_struct *sbsec = selinux_superblock(reference);
|
||||||
|
struct selinux_mnt_opts *opts;
|
||||||
|
|
||||||
|
+ /*
|
||||||
|
+ * Ensure that fc->security remains NULL when no options are set
|
||||||
|
+ * as expected by selinux_set_mnt_opts().
|
||||||
|
+ */
|
||||||
|
+ if (!(sbsec->flags & (FSCONTEXT_MNT|CONTEXT_MNT|DEFCONTEXT_MNT)))
|
||||||
|
+ return 0;
|
||||||
|
+
|
||||||
|
opts = kzalloc(sizeof(*opts), GFP_KERNEL);
|
||||||
|
if (!opts)
|
||||||
|
return -ENOMEM;
|
||||||
|
|
||||||
|
- sbsec = selinux_superblock(reference);
|
||||||
|
if (sbsec->flags & FSCONTEXT_MNT)
|
||||||
|
opts->fscontext_sid = sbsec->sid;
|
||||||
|
if (sbsec->flags & CONTEXT_MNT)
|
||||||
|
|
6
sources
6
sources
|
@ -1,3 +1,3 @@
|
||||||
SHA512 (linux-6.5.3.tar.xz) = aa38c189954b3721c08a25e9cd077b4e1d5eb4d51baa3438f3ff7d18c76b28a99a68213a81c4fdf9a3343f0b108e42256fa8307df3fed7b943e938ed6348ac8b
|
SHA512 (linux-6.5.4.tar.xz) = 2fc0ff554d2a713ddca070a880e9143ceefaaea4261ce54b237ef8861c83c0e8b2d7e1628c54fb763809c68e4dde9c8d21638dab3619974baa7cf24f8a7d76cb
|
||||||
SHA512 (kernel-abi-stablelists-6.5.3.tar.bz2) = ec90c164dd2b0793f5e6310c7d585ccae1a0868f11f52ce33678f980af6777d8af2dbd7578966800ee505e6788b59b41bbb2fdf90c5ba073f3740ec28ddb254d
|
SHA512 (kernel-abi-stablelists-6.5.4.tar.bz2) = addf6cefd1c7330ce013570fd9687d3d33e167b4834c32b748fbbcf111792343875b19252bb40e534d01102225176fc442519312110f06b28e809170434cb7ce
|
||||||
SHA512 (kernel-kabi-dw-6.5.3.tar.bz2) = 58a0d9aea64f12a138b1d15dc7ad9345588705bb63477714d58db42cbba834d90782687b8e28275feb87e79c6c9f7a2dc10c9c13236cad99fba7f64cfe86e64f
|
SHA512 (kernel-kabi-dw-6.5.4.tar.bz2) = 9cfc3cfa779336ba19f04b0a0e51cb0abfd4dd49a8b2bf911d50810477d633b35b375903fac449ef703239ce792133de59438ac2e5a6bf5bf0a6061ceac0043b
|
||||||
|
|
Loading…
Reference in New Issue