debian-packaging
/
linux
8
0
Fork 0
Code Releases Activity

Update to 4.17.7 

Refresh features/all/aufs4/aufs4-base.patch

Drop bugfix/all/fix-up-non-directory-creation-in-sgid-directories.patch

Cleanup debian/changelog file
This commit is contained in:
Salvatore Bonaccorso 2018-07-18 07:48:16 +02:00
parent a89fe586a1
commit edbc7c3c16
4 changed files with 85 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
debian/changelog vendored
View File

@ -1,4 +1,75 @@
linux (4.17.6-3) UNRELEASED; urgency=medium
linux (4.17.7-1) UNRELEASED; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.7
- bpf: reject passing modified ctx to helper functions
- [mips*] Call dump_stack() from show_regs()
- [mips*] Use async IPIs for arch_trigger_cpumask_backtrace()
- [mips*] Fix ioremap() RAM check
- [armhf] drm/etnaviv: Check for platform_device_register_simple() failure
- [armhf] drm/etnaviv: Fix driver unregistering
- [armhf] drm/etnaviv: bring back progress check in job timeout handler
- ACPICA: Clear status of all events when entering S5
- [armhf] mmc: sdhci-esdhc-imx: allow 1.8V modes without 100/200MHz
pinctrl states
- [armhf] mmc: dw_mmc: fix card threshold control configuration
- [x86] ibmasm: don't write out of bounds in read handler
- [arm64,x86] staging: rtl8723bs: Prevent an underflow in
rtw_check_beacon_data().
- ata: Fix ZBC_OUT command block check
- ata: Fix ZBC_OUT all bit handling
- [x86] mei: discard messages from not connected client during power down.
- mtd: spi-nor: cadence-quadspi: Fix direct mode write timeouts
- tracing/kprobe: Release kprobe print_fmt properly
- vmw_balloon: fix inflation with batching
- ahci: Add Intel Ice Lake LP PCI ID
- ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS
- [x86] thunderbolt: Notify userspace when boot_acl is changed
- USB: serial: ch341: fix type promotion bug in ch341_control_in()
- USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick
- USB: serial: keyspan_pda: fix modem-status error handling
- USB: yurex: fix out-of-bounds uaccess in read handler
- USB: serial: mos7840: fix status-register error handling
- usb: quirks: add delay quirks for Corsair Strafe
- xhci: xhci-mem: off by one in xhci_stream_id_to_ring()
- mm: zero unavailable pages before memmap init
- ALSA: hda/realtek - two more lenovo models need fixup of
MIC_LOCATION
- ALSA: hda - Handle pm failure during hotplug
- mm: do not drop unused pages when userfaultd is running
- fs/proc/task_mmu.c: fix Locked field in /proc/pid/smaps*
- x86/purgatory: add missing FORCE to Makefile target
- fs, elf: make sure to page align bss in load_elf_library
- mm: do not bug_on on incorrect length in __mm_populate()
- tracing: Reorder display of TGID to be after PID
- kbuild: delete INSTALL_FW_PATH from kbuild documentation
- acpi, nfit: Fix scrub idle detection
- [arm64] neon: Fix function may_use_simd() return error status
- tools build: fix # escaping in .cmd files for future Make
- IB/hfi1: Fix incorrect mixing of ERR_PTR and NULL return values
- [arm64,armhf] i2c: tegra: Fix NACK error handling
- i2c: recovery: if possible send STOP with recovery pulses
- iw_cxgb4: correctly enforce the max reg_mr depth
- [x86] xen: remove global bit from __default_kernel_pte_mask for pv
guests
- [x86] xen: setup pv irq ops vector earlier
- bsg: fix bogus EINVAL on non-data commands
- [x86] uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn()
- netfilter: nf_queue: augment nfqa_cfg_policy
- crypto: don't optimize keccakf()
- netfilter: x_tables: initialise match/target check parameter
struct
- loop: add recursion validation to LOOP_CHANGE_FD
- xfs: fix inobt magic number check
- PM / hibernate: Fix oops at snapshot_write()
- RDMA/ucm: Mark UCM interface as BROKEN
- loop: remember whether sysfs_create_group() was done
- [x86] kvm: vmx: Nested VM-entry prereqs for event inj.
- f2fs: give message and set need_fsck given broken node id
- f2fs: avoid bug_on on corrupted inode
- f2fs: sanity check on sit entry
- f2fs: sanity check for total valid node blocks
- [armhf] dts: armada-38x: use the new thermal binding
* ext4: fix false negatives *and* false positives in ext4_check_descriptors()
(Closes: #903838)

42
debian/patches/bugfix/all/fix-up-non-directory-creation-in-sgid-directories.patch vendored
View File

@ -1,42 +0,0 @@
From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Tue, 3 Jul 2018 17:10:19 -0700
Subject: Fix up non-directory creation in SGID directories
Origin: https://git.kernel.org/linus/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-13405
sgid directories have special semantics, making newly created files in
the directory belong to the group of the directory, and newly created
subdirectories will also become sgid. This is historically used for
group-shared directories.
But group directories writable by non-group members should not imply
that such non-group members can magically join the group, so make sure
to clear the sgid bit on non-directories for non-members (but remember
that sgid without group execute means "mandatory locking", just to
confuse things even more).
Reported-by: Jann Horn <jannh@google.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
---
fs/inode.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -2014,8 +2014,14 @@ void inode_init_owner(struct inode *inod
inode->i_uid = current_fsuid();
if (dir && dir->i_mode & S_ISGID) {
inode->i_gid = dir->i_gid;
+
+ /* Directories are special, and always inherit S_ISGID */
if (S_ISDIR(mode))
mode |= S_ISGID;
+ else if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP) &&
+ !in_group_p(inode->i_gid) &&
+ !capable_wrt_inode_uidgid(dir, CAP_FSETID))
+ mode &= ~S_ISGID;
} else
inode->i_gid = current_fsgid();
inode->i_mode = mode;

56
debian/patches/features/all/aufs4/aufs4-base.patch vendored
View File

@ -9,8 +9,6 @@ Patch headers added by debian/patches/features/all/aufs4/gen-patch
SPDX-License-Identifier: GPL-2.0
aufs4.x-rcN base patch
diff --git a/MAINTAINERS b/MAINTAINERS
index 9c125f7..4616bbf 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -2519,6 +2519,19 @@ F: include/linux/audit.h
@ -33,12 +31,10 @@ index 9c125f7..4616bbf 100644
AUXILIARY DISPLAY DRIVERS
M: Miguel Ojeda Sandonis <miguel.ojeda.sandonis@gmail.com>
W: http://miguelojeda.es/auxdisplay.htm
diff --git a/drivers/block/loop.c b/drivers/block/loop.c
index 55cf554..bc965e5 100644
--- a/drivers/block/loop.c
+++ b/drivers/block/loop.c
@@ -713,6 +713,24 @@ static inline int is_loop_device(struct file *file)
return i && S_ISBLK(i->i_mode) && MAJOR(i->i_rdev) == LOOP_MAJOR;
@@ -737,6 +737,24 @@ static int loop_change_fd(struct loop_de
return error;
}
+/*
@ -62,8 +58,6 @@ index 55cf554..bc965e5 100644
/* loop sysfs attributes */
static ssize_t loop_attr_show(struct device *dev, char *page,
diff --git a/fs/dcache.c b/fs/dcache.c
index 2acfc69..ff338e2 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -1234,7 +1234,7 @@ enum d_walk_ret {
@ -75,8 +69,6 @@ index 2acfc69..ff338e2 100644
enum d_walk_ret (*enter)(void *, struct dentry *),
void (*finish)(void *))
{
diff --git a/fs/fcntl.c b/fs/fcntl.c
index d737ff0..7550799 100644
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
@@ -32,7 +32,7 @@
@ -88,7 +80,7 @@ index d737ff0..7550799 100644
{
struct inode * inode = file_inode(filp);
int error = 0;
@@ -63,6 +63,8 @@ static int setfl(int fd, struct file * filp, unsigned long arg)
@@ -63,6 +63,8 @@ static int setfl(int fd, struct file * f
if (filp->f_op->check_flags)
error = filp->f_op->check_flags(arg);
@ -97,8 +89,6 @@ index d737ff0..7550799 100644
if (error)
return error;
diff --git a/fs/inode.c b/fs/inode.c
index 3b55391..e0c5255 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -1663,7 +1663,7 @@ EXPORT_SYMBOL(generic_update_time);
@ -110,11 +100,9 @@ index 3b55391..e0c5255 100644
{
int (*update_time)(struct inode *, struct timespec *, int);
diff --git a/fs/namespace.c b/fs/namespace.c
index 5f75969..61129ff 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -846,6 +846,12 @@ static inline int check_mnt(struct mount *mnt)
@@ -846,6 +846,12 @@ static inline int check_mnt(struct mount
return mnt->mnt_ns == current->nsproxy->mnt_ns;
}
@ -127,11 +115,9 @@ index 5f75969..61129ff 100644
/*
* vfsmount lock must be held for write
*/
diff --git a/fs/read_write.c b/fs/read_write.c
index c4eabbf..ddd6e67 100644
--- a/fs/read_write.c
+++ b/fs/read_write.c
@@ -489,6 +489,28 @@ ssize_t __vfs_write(struct file *file, const char __user *p, size_t count,
@@ -489,6 +489,28 @@ ssize_t __vfs_write(struct file *file, c
return -EINVAL;
}
@ -160,8 +146,6 @@ index c4eabbf..ddd6e67 100644
ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t *pos)
{
mm_segment_t old_fs;
diff --git a/fs/splice.c b/fs/splice.c
index 005d09c..f617ab0 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -837,8 +837,8 @@ EXPORT_SYMBOL(generic_splice_sendpage);
@ -175,7 +159,7 @@ index 005d09c..f617ab0 100644
{
ssize_t (*splice_write)(struct pipe_inode_info *, struct file *,
loff_t *, size_t, unsigned int);
@@ -854,9 +854,9 @@ static long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
@@ -854,9 +854,9 @@ static long do_splice_from(struct pipe_i
/*
* Attempt to initiate a splice from a file to a pipe.
*/
@ -188,8 +172,6 @@ index 005d09c..f617ab0 100644
{
ssize_t (*splice_read)(struct file *, loff_t *,
struct pipe_inode_info *, size_t, unsigned int);
diff --git a/fs/sync.c b/fs/sync.c
index b54e054..2860782 100644
--- a/fs/sync.c
+++ b/fs/sync.c
@@ -28,7 +28,7 @@
@ -201,8 +183,6 @@ index b54e054..2860782 100644
{
if (wait)
sync_inodes_sb(sb);
diff --git a/include/linux/file.h b/include/linux/file.h
index 279720d..76e38ea 100644
--- a/include/linux/file.h
+++ b/include/linux/file.h
@@ -20,6 +20,7 @@ struct dentry;
@ -213,11 +193,9 @@ index 279720d..76e38ea 100644
static inline void fput_light(struct file *file, int fput_needed)
{
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 760d8da..09a2542 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -1270,6 +1270,7 @@ extern void fasync_free(struct fasync_struct *);
@@ -1270,6 +1270,7 @@ extern void fasync_free(struct fasync_st
/* can be called from interrupts */
extern void kill_fasync(struct fasync_struct **, int, int);
@ -233,7 +211,7 @@ index 760d8da..09a2542 100644
int (*flock) (struct file *, int, struct file_lock *);
ssize_t (*splice_write)(struct pipe_inode_info *, struct file *, loff_t *, size_t, unsigned int);
ssize_t (*splice_read)(struct file *, loff_t *, struct pipe_inode_info *, size_t, unsigned int);
@@ -1794,6 +1796,12 @@ ssize_t rw_copy_check_uvector(int type, const struct iovec __user * uvector,
@@ -1794,6 +1796,12 @@ ssize_t rw_copy_check_uvector(int type,
struct iovec *fast_pointer,
struct iovec **ret_pointer);
@ -254,7 +232,7 @@ index 760d8da..09a2542 100644
/* /sys/fs */
extern struct kobject *fs_kobj;
@@ -2485,6 +2494,7 @@ static inline bool sb_is_blkdev_sb(struct super_block *sb)
@@ -2485,6 +2494,7 @@ static inline bool sb_is_blkdev_sb(struc
return false;
}
#endif
@ -262,11 +240,9 @@ index 760d8da..09a2542 100644
extern int sync_filesystem(struct super_block *);
extern const struct file_operations def_blk_fops;
extern const struct file_operations def_chr_fops;
diff --git a/include/linux/lockdep.h b/include/linux/lockdep.h
index 6fc77d4..27e76f0 100644
--- a/include/linux/lockdep.h
+++ b/include/linux/lockdep.h
@@ -313,6 +313,8 @@ static inline int lockdep_match_key(struct lockdep_map *lock,
@@ -313,6 +313,8 @@ static inline int lockdep_match_key(stru
return lock->key == key;
}
@ -283,8 +259,6 @@ index 6fc77d4..27e76f0 100644
#define lockdep_is_held_type(l, r) (1)
#define lockdep_assert_held(l) do { (void)(l); } while (0)
diff --git a/include/linux/mnt_namespace.h b/include/linux/mnt_namespace.h
index 3594208..24f5fd1 100644
--- a/include/linux/mnt_namespace.h
+++ b/include/linux/mnt_namespace.h
@@ -6,11 +6,14 @@
@ -302,11 +276,9 @@ index 3594208..24f5fd1 100644
extern const struct file_operations proc_mounts_operations;
extern const struct file_operations proc_mountinfo_operations;
extern const struct file_operations proc_mountstats_operations;
diff --git a/include/linux/splice.h b/include/linux/splice.h
index 74b4911..19789fb 100644
--- a/include/linux/splice.h
+++ b/include/linux/splice.h
@@ -87,4 +87,10 @@ extern void splice_shrink_spd(struct splice_pipe_desc *);
@@ -87,4 +87,10 @@ extern void splice_shrink_spd(struct spl
extern const struct pipe_buf_operations page_cache_pipe_buf_ops;
extern const struct pipe_buf_operations default_pipe_buf_ops;
@ -317,11 +289,9 @@ index 74b4911..19789fb 100644
+ struct pipe_inode_info *pipe, size_t len,
+ unsigned int flags);
#endif
diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c
index 0233863..06e0d7a 100644
--- a/kernel/locking/lockdep.c
+++ b/kernel/locking/lockdep.c
@@ -140,7 +140,7 @@ static struct lock_list list_entries[MAX_LOCKDEP_ENTRIES];
@@ -140,7 +140,7 @@ static struct lock_list list_entries[MAX
unsigned long nr_lock_classes;
static struct lock_class lock_classes[MAX_LOCKDEP_KEYS];
@ -330,7 +300,7 @@ index 0233863..06e0d7a 100644
{
if (!hlock->class_idx) {
/*
@@ -151,6 +151,7 @@ static inline struct lock_class *hlock_class(struct held_lock *hlock)
@@ -151,6 +151,7 @@ static inline struct lock_class *hlock_c
}
return lock_classes + hlock->class_idx - 1;
}

1
debian/patches/series vendored
View File

@ -138,7 +138,6 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
# Security fixes
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
bugfix/all/jfs-fix-inconsistency-between-memory-allocation-and-.patch
bugfix/all/fix-up-non-directory-creation-in-sgid-directories.patch
bugfix/all/ext4-fix-false-negatives-and-false-positives-in-ext4.patch
# Fix exported symbol versions