Linux v4.17.7
This commit is contained in:
parent
3bef8a1760
commit
f526cdc715
|
@ -1,47 +0,0 @@
|
|||
From 0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7 Mon Sep 17 00:00:00 2001
|
||||
From: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
Date: Tue, 3 Jul 2018 17:10:19 -0700
|
||||
Subject: [PATCH] Fix up non-directory creation in SGID directories
|
||||
|
||||
sgid directories have special semantics, making newly created files in
|
||||
the directory belong to the group of the directory, and newly created
|
||||
subdirectories will also become sgid. This is historically used for
|
||||
group-shared directories.
|
||||
|
||||
But group directories writable by non-group members should not imply
|
||||
that such non-group members can magically join the group, so make sure
|
||||
to clear the sgid bit on non-directories for non-members (but remember
|
||||
that sgid without group execute means "mandatory locking", just to
|
||||
confuse things even more).
|
||||
|
||||
Reported-by: Jann Horn <jannh@google.com>
|
||||
Cc: Andy Lutomirski <luto@kernel.org>
|
||||
Cc: Al Viro <viro@zeniv.linux.org.uk>
|
||||
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
Signed-off-by: Jeremy Cline <jcline@redhat.com>
|
||||
---
|
||||
fs/inode.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/fs/inode.c b/fs/inode.c
|
||||
index 2c300e981796..8c86c809ca17 100644
|
||||
--- a/fs/inode.c
|
||||
+++ b/fs/inode.c
|
||||
@@ -1999,8 +1999,14 @@ void inode_init_owner(struct inode *inode, const struct inode *dir,
|
||||
inode->i_uid = current_fsuid();
|
||||
if (dir && dir->i_mode & S_ISGID) {
|
||||
inode->i_gid = dir->i_gid;
|
||||
+
|
||||
+ /* Directories are special, and always inherit S_ISGID */
|
||||
if (S_ISDIR(mode))
|
||||
mode |= S_ISGID;
|
||||
+ else if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP) &&
|
||||
+ !in_group_p(inode->i_gid) &&
|
||||
+ !capable_wrt_inode_uidgid(dir, CAP_FSETID))
|
||||
+ mode &= ~S_ISGID;
|
||||
} else
|
||||
inode->i_gid = current_fsgid();
|
||||
inode->i_mode = mode;
|
||||
--
|
||||
2.17.1
|
||||
|
11
kernel.spec
11
kernel.spec
|
@ -54,7 +54,7 @@ Summary: The Linux kernel
|
|||
%if 0%{?released_kernel}
|
||||
|
||||
# Do we have a -stable update to apply?
|
||||
%define stable_update 6
|
||||
%define stable_update 7
|
||||
# Set rpm version accordingly
|
||||
%if 0%{?stable_update}
|
||||
%define stablerev %{stable_update}
|
||||
|
@ -668,12 +668,6 @@ Patch522: 0001-xfs-don-t-call-xfs_da_shrink_inode-with-NULL-bp.patch
|
|||
# CVE-2018-13095 rhbz 1597775 1597777
|
||||
Patch523: 0001-xfs-More-robust-inode-extent-count-validation.patch
|
||||
|
||||
# CVE-2018-13405 rhbz 1599161 1599162
|
||||
Patch524: CVE-2018-13405.patch
|
||||
|
||||
# rhbz 1592976
|
||||
Patch525: xen-remove-global-bit-from-__default_kernel_pte_mask.patch
|
||||
|
||||
# rhbz 1597333
|
||||
Patch526: xhci-Fix-perceived-dead-host-due-to-runtime-suspend-.patch
|
||||
|
||||
|
@ -1926,6 +1920,9 @@ fi
|
|||
#
|
||||
#
|
||||
%changelog
|
||||
* Tue Jul 17 2018 Justin M. Forbes <jforbes@fedoraproject.org> - 4.17.7-200
|
||||
- Linux v4.17.7
|
||||
|
||||
* Thu Jul 12 2018 Jeremy Cline <jeremy@jcline.org>
|
||||
- Avoid an early WARN_ON in Xen (rhbz 1592976)
|
||||
- Fix perceived dead xhci host (rhbz 1597333)
|
||||
|
|
2
sources
2
sources
|
@ -1,2 +1,2 @@
|
|||
SHA512 (linux-4.17.tar.xz) = 4d9de340a26155a89ea8773131c76220cc2057f2b5d031b467b60e8b14c1842518e2d60a863d8c695f0f7640f3f18d43826201984a238dade857b6cef79837db
|
||||
SHA512 (patch-4.17.6.xz) = 4b791d94db704cbbe3dbf6b340735fe7999957741f116ca14060ced836aece1d4b51d0c3f376af1564e7379fbb9c9132a8e4d021fc74599f3ab037237d718651
|
||||
SHA512 (patch-4.17.7.xz) = 955342b78da2977dbd08ff0acb7e681c646b1dfceef71246a08bdd102e0b2ad41f3eb7c353755ed1da2e1a5d9138476adc7bf11fd732a3033b6f8aac457dac75
|
||||
|
|
|
@ -1,36 +0,0 @@
|
|||
From e69b5d308da72cbf4e7911c3979f9a46d28532af Mon Sep 17 00:00:00 2001
|
||||
From: Juergen Gross <jgross@suse.com>
|
||||
Date: Mon, 2 Jul 2018 12:00:18 +0200
|
||||
Subject: [PATCH] xen: remove global bit from __default_kernel_pte_mask for pv
|
||||
guests
|
||||
|
||||
When removing the global bit from __supported_pte_mask do the same for
|
||||
__default_kernel_pte_mask in order to avoid the WARN_ONCE() in
|
||||
check_pgprot() when setting a kernel pte before having called
|
||||
init_mem_mapping().
|
||||
|
||||
Cc: <stable@vger.kernel.org> # 4.17
|
||||
Reported-by: Michael Young <m.a.young@durham.ac.uk>
|
||||
Signed-off-by: Juergen Gross <jgross@suse.com>
|
||||
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
|
||||
Signed-off-by: Juergen Gross <jgross@suse.com>
|
||||
Signed-off-by: Jeremy Cline <jcline@redhat.com>
|
||||
---
|
||||
arch/x86/xen/enlighten_pv.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/arch/x86/xen/enlighten_pv.c b/arch/x86/xen/enlighten_pv.c
|
||||
index 8d4e2e1ae60b..4816b6f82a9a 100644
|
||||
--- a/arch/x86/xen/enlighten_pv.c
|
||||
+++ b/arch/x86/xen/enlighten_pv.c
|
||||
@@ -1229,6 +1229,7 @@ asmlinkage __visible void __init xen_start_kernel(void)
|
||||
|
||||
/* Prevent unwanted bits from being set in PTEs. */
|
||||
__supported_pte_mask &= ~_PAGE_GLOBAL;
|
||||
+ __default_kernel_pte_mask &= ~_PAGE_GLOBAL;
|
||||
|
||||
/*
|
||||
* Prevent page tables from being allocated in highmem, even
|
||||
--
|
||||
2.17.1
|
||||
|
Loading…
Reference in New Issue