diff --git a/debian/changelog b/debian/changelog index 6b3b9da78..c055cec08 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,75 @@ -linux (4.17.6-3) UNRELEASED; urgency=medium +linux (4.17.7-1) UNRELEASED; urgency=medium + + * New upstream stable update: + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.7 + - bpf: reject passing modified ctx to helper functions + - [mips*] Call dump_stack() from show_regs() + - [mips*] Use async IPIs for arch_trigger_cpumask_backtrace() + - [mips*] Fix ioremap() RAM check + - [armhf] drm/etnaviv: Check for platform_device_register_simple() failure + - [armhf] drm/etnaviv: Fix driver unregistering + - [armhf] drm/etnaviv: bring back progress check in job timeout handler + - ACPICA: Clear status of all events when entering S5 + - [armhf] mmc: sdhci-esdhc-imx: allow 1.8V modes without 100/200MHz + pinctrl states + - [armhf] mmc: dw_mmc: fix card threshold control configuration + - [x86] ibmasm: don't write out of bounds in read handler + - [arm64,x86] staging: rtl8723bs: Prevent an underflow in + rtw_check_beacon_data(). + - ata: Fix ZBC_OUT command block check + - ata: Fix ZBC_OUT all bit handling + - [x86] mei: discard messages from not connected client during power down. + - mtd: spi-nor: cadence-quadspi: Fix direct mode write timeouts + - tracing/kprobe: Release kprobe print_fmt properly + - vmw_balloon: fix inflation with batching + - ahci: Add Intel Ice Lake LP PCI ID + - ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS + - [x86] thunderbolt: Notify userspace when boot_acl is changed + - USB: serial: ch341: fix type promotion bug in ch341_control_in() + - USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick + - USB: serial: keyspan_pda: fix modem-status error handling + - USB: yurex: fix out-of-bounds uaccess in read handler + - USB: serial: mos7840: fix status-register error handling + - usb: quirks: add delay quirks for Corsair Strafe + - xhci: xhci-mem: off by one in xhci_stream_id_to_ring() + - mm: zero unavailable pages before memmap init + - ALSA: hda/realtek - two more lenovo models need fixup of + MIC_LOCATION + - ALSA: hda - Handle pm failure during hotplug + - mm: do not drop unused pages when userfaultd is running + - fs/proc/task_mmu.c: fix Locked field in /proc/pid/smaps* + - x86/purgatory: add missing FORCE to Makefile target + - fs, elf: make sure to page align bss in load_elf_library + - mm: do not bug_on on incorrect length in __mm_populate() + - tracing: Reorder display of TGID to be after PID + - kbuild: delete INSTALL_FW_PATH from kbuild documentation + - acpi, nfit: Fix scrub idle detection + - [arm64] neon: Fix function may_use_simd() return error status + - tools build: fix # escaping in .cmd files for future Make + - IB/hfi1: Fix incorrect mixing of ERR_PTR and NULL return values + - [arm64,armhf] i2c: tegra: Fix NACK error handling + - i2c: recovery: if possible send STOP with recovery pulses + - iw_cxgb4: correctly enforce the max reg_mr depth + - [x86] xen: remove global bit from __default_kernel_pte_mask for pv + guests + - [x86] xen: setup pv irq ops vector earlier + - bsg: fix bogus EINVAL on non-data commands + - [x86] uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn() + - netfilter: nf_queue: augment nfqa_cfg_policy + - crypto: don't optimize keccakf() + - netfilter: x_tables: initialise match/target check parameter + struct + - loop: add recursion validation to LOOP_CHANGE_FD + - xfs: fix inobt magic number check + - PM / hibernate: Fix oops at snapshot_write() + - RDMA/ucm: Mark UCM interface as BROKEN + - loop: remember whether sysfs_create_group() was done + - [x86] kvm: vmx: Nested VM-entry prereqs for event inj. + - f2fs: give message and set need_fsck given broken node id + - f2fs: avoid bug_on on corrupted inode + - f2fs: sanity check on sit entry + - f2fs: sanity check for total valid node blocks + - [armhf] dts: armada-38x: use the new thermal binding * ext4: fix false negatives *and* false positives in ext4_check_descriptors() (Closes: #903838) diff --git a/debian/patches/bugfix/all/fix-up-non-directory-creation-in-sgid-directories.patch b/debian/patches/bugfix/all/fix-up-non-directory-creation-in-sgid-directories.patch deleted file mode 100644 index fbf626de7..000000000 --- a/debian/patches/bugfix/all/fix-up-non-directory-creation-in-sgid-directories.patch +++ /dev/null @@ -1,42 +0,0 @@ -From: Linus Torvalds -Date: Tue, 3 Jul 2018 17:10:19 -0700 -Subject: Fix up non-directory creation in SGID directories -Origin: https://git.kernel.org/linus/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-13405 - -sgid directories have special semantics, making newly created files in -the directory belong to the group of the directory, and newly created -subdirectories will also become sgid. This is historically used for -group-shared directories. - -But group directories writable by non-group members should not imply -that such non-group members can magically join the group, so make sure -to clear the sgid bit on non-directories for non-members (but remember -that sgid without group execute means "mandatory locking", just to -confuse things even more). - -Reported-by: Jann Horn -Cc: Andy Lutomirski -Cc: Al Viro -Signed-off-by: Linus Torvalds ---- - fs/inode.c | 6 ++++++ - 1 file changed, 6 insertions(+) - ---- a/fs/inode.c -+++ b/fs/inode.c -@@ -2014,8 +2014,14 @@ void inode_init_owner(struct inode *inod - inode->i_uid = current_fsuid(); - if (dir && dir->i_mode & S_ISGID) { - inode->i_gid = dir->i_gid; -+ -+ /* Directories are special, and always inherit S_ISGID */ - if (S_ISDIR(mode)) - mode |= S_ISGID; -+ else if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP) && -+ !in_group_p(inode->i_gid) && -+ !capable_wrt_inode_uidgid(dir, CAP_FSETID)) -+ mode &= ~S_ISGID; - } else - inode->i_gid = current_fsgid(); - inode->i_mode = mode; diff --git a/debian/patches/features/all/aufs4/aufs4-base.patch b/debian/patches/features/all/aufs4/aufs4-base.patch index 3daef1a0a..2ef78ec3f 100644 --- a/debian/patches/features/all/aufs4/aufs4-base.patch +++ b/debian/patches/features/all/aufs4/aufs4-base.patch @@ -9,8 +9,6 @@ Patch headers added by debian/patches/features/all/aufs4/gen-patch SPDX-License-Identifier: GPL-2.0 aufs4.x-rcN base patch -diff --git a/MAINTAINERS b/MAINTAINERS -index 9c125f7..4616bbf 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -2519,6 +2519,19 @@ F: include/linux/audit.h @@ -33,12 +31,10 @@ index 9c125f7..4616bbf 100644 AUXILIARY DISPLAY DRIVERS M: Miguel Ojeda Sandonis W: http://miguelojeda.es/auxdisplay.htm -diff --git a/drivers/block/loop.c b/drivers/block/loop.c -index 55cf554..bc965e5 100644 --- a/drivers/block/loop.c +++ b/drivers/block/loop.c -@@ -713,6 +713,24 @@ static inline int is_loop_device(struct file *file) - return i && S_ISBLK(i->i_mode) && MAJOR(i->i_rdev) == LOOP_MAJOR; +@@ -737,6 +737,24 @@ static int loop_change_fd(struct loop_de + return error; } +/* @@ -62,8 +58,6 @@ index 55cf554..bc965e5 100644 /* loop sysfs attributes */ static ssize_t loop_attr_show(struct device *dev, char *page, -diff --git a/fs/dcache.c b/fs/dcache.c -index 2acfc69..ff338e2 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -1234,7 +1234,7 @@ enum d_walk_ret { @@ -75,8 +69,6 @@ index 2acfc69..ff338e2 100644 enum d_walk_ret (*enter)(void *, struct dentry *), void (*finish)(void *)) { -diff --git a/fs/fcntl.c b/fs/fcntl.c -index d737ff0..7550799 100644 --- a/fs/fcntl.c +++ b/fs/fcntl.c @@ -32,7 +32,7 @@ @@ -88,7 +80,7 @@ index d737ff0..7550799 100644 { struct inode * inode = file_inode(filp); int error = 0; -@@ -63,6 +63,8 @@ static int setfl(int fd, struct file * filp, unsigned long arg) +@@ -63,6 +63,8 @@ static int setfl(int fd, struct file * f if (filp->f_op->check_flags) error = filp->f_op->check_flags(arg); @@ -97,8 +89,6 @@ index d737ff0..7550799 100644 if (error) return error; -diff --git a/fs/inode.c b/fs/inode.c -index 3b55391..e0c5255 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -1663,7 +1663,7 @@ EXPORT_SYMBOL(generic_update_time); @@ -110,11 +100,9 @@ index 3b55391..e0c5255 100644 { int (*update_time)(struct inode *, struct timespec *, int); -diff --git a/fs/namespace.c b/fs/namespace.c -index 5f75969..61129ff 100644 --- a/fs/namespace.c +++ b/fs/namespace.c -@@ -846,6 +846,12 @@ static inline int check_mnt(struct mount *mnt) +@@ -846,6 +846,12 @@ static inline int check_mnt(struct mount return mnt->mnt_ns == current->nsproxy->mnt_ns; } @@ -127,11 +115,9 @@ index 5f75969..61129ff 100644 /* * vfsmount lock must be held for write */ -diff --git a/fs/read_write.c b/fs/read_write.c -index c4eabbf..ddd6e67 100644 --- a/fs/read_write.c +++ b/fs/read_write.c -@@ -489,6 +489,28 @@ ssize_t __vfs_write(struct file *file, const char __user *p, size_t count, +@@ -489,6 +489,28 @@ ssize_t __vfs_write(struct file *file, c return -EINVAL; } @@ -160,8 +146,6 @@ index c4eabbf..ddd6e67 100644 ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t *pos) { mm_segment_t old_fs; -diff --git a/fs/splice.c b/fs/splice.c -index 005d09c..f617ab0 100644 --- a/fs/splice.c +++ b/fs/splice.c @@ -837,8 +837,8 @@ EXPORT_SYMBOL(generic_splice_sendpage); @@ -175,7 +159,7 @@ index 005d09c..f617ab0 100644 { ssize_t (*splice_write)(struct pipe_inode_info *, struct file *, loff_t *, size_t, unsigned int); -@@ -854,9 +854,9 @@ static long do_splice_from(struct pipe_inode_info *pipe, struct file *out, +@@ -854,9 +854,9 @@ static long do_splice_from(struct pipe_i /* * Attempt to initiate a splice from a file to a pipe. */ @@ -188,8 +172,6 @@ index 005d09c..f617ab0 100644 { ssize_t (*splice_read)(struct file *, loff_t *, struct pipe_inode_info *, size_t, unsigned int); -diff --git a/fs/sync.c b/fs/sync.c -index b54e054..2860782 100644 --- a/fs/sync.c +++ b/fs/sync.c @@ -28,7 +28,7 @@ @@ -201,8 +183,6 @@ index b54e054..2860782 100644 { if (wait) sync_inodes_sb(sb); -diff --git a/include/linux/file.h b/include/linux/file.h -index 279720d..76e38ea 100644 --- a/include/linux/file.h +++ b/include/linux/file.h @@ -20,6 +20,7 @@ struct dentry; @@ -213,11 +193,9 @@ index 279720d..76e38ea 100644 static inline void fput_light(struct file *file, int fput_needed) { -diff --git a/include/linux/fs.h b/include/linux/fs.h -index 760d8da..09a2542 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h -@@ -1270,6 +1270,7 @@ extern void fasync_free(struct fasync_struct *); +@@ -1270,6 +1270,7 @@ extern void fasync_free(struct fasync_st /* can be called from interrupts */ extern void kill_fasync(struct fasync_struct **, int, int); @@ -233,7 +211,7 @@ index 760d8da..09a2542 100644 int (*flock) (struct file *, int, struct file_lock *); ssize_t (*splice_write)(struct pipe_inode_info *, struct file *, loff_t *, size_t, unsigned int); ssize_t (*splice_read)(struct file *, loff_t *, struct pipe_inode_info *, size_t, unsigned int); -@@ -1794,6 +1796,12 @@ ssize_t rw_copy_check_uvector(int type, const struct iovec __user * uvector, +@@ -1794,6 +1796,12 @@ ssize_t rw_copy_check_uvector(int type, struct iovec *fast_pointer, struct iovec **ret_pointer); @@ -254,7 +232,7 @@ index 760d8da..09a2542 100644 /* /sys/fs */ extern struct kobject *fs_kobj; -@@ -2485,6 +2494,7 @@ static inline bool sb_is_blkdev_sb(struct super_block *sb) +@@ -2485,6 +2494,7 @@ static inline bool sb_is_blkdev_sb(struc return false; } #endif @@ -262,11 +240,9 @@ index 760d8da..09a2542 100644 extern int sync_filesystem(struct super_block *); extern const struct file_operations def_blk_fops; extern const struct file_operations def_chr_fops; -diff --git a/include/linux/lockdep.h b/include/linux/lockdep.h -index 6fc77d4..27e76f0 100644 --- a/include/linux/lockdep.h +++ b/include/linux/lockdep.h -@@ -313,6 +313,8 @@ static inline int lockdep_match_key(struct lockdep_map *lock, +@@ -313,6 +313,8 @@ static inline int lockdep_match_key(stru return lock->key == key; } @@ -283,8 +259,6 @@ index 6fc77d4..27e76f0 100644 #define lockdep_is_held_type(l, r) (1) #define lockdep_assert_held(l) do { (void)(l); } while (0) -diff --git a/include/linux/mnt_namespace.h b/include/linux/mnt_namespace.h -index 3594208..24f5fd1 100644 --- a/include/linux/mnt_namespace.h +++ b/include/linux/mnt_namespace.h @@ -6,11 +6,14 @@ @@ -302,11 +276,9 @@ index 3594208..24f5fd1 100644 extern const struct file_operations proc_mounts_operations; extern const struct file_operations proc_mountinfo_operations; extern const struct file_operations proc_mountstats_operations; -diff --git a/include/linux/splice.h b/include/linux/splice.h -index 74b4911..19789fb 100644 --- a/include/linux/splice.h +++ b/include/linux/splice.h -@@ -87,4 +87,10 @@ extern void splice_shrink_spd(struct splice_pipe_desc *); +@@ -87,4 +87,10 @@ extern void splice_shrink_spd(struct spl extern const struct pipe_buf_operations page_cache_pipe_buf_ops; extern const struct pipe_buf_operations default_pipe_buf_ops; @@ -317,11 +289,9 @@ index 74b4911..19789fb 100644 + struct pipe_inode_info *pipe, size_t len, + unsigned int flags); #endif -diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c -index 0233863..06e0d7a 100644 --- a/kernel/locking/lockdep.c +++ b/kernel/locking/lockdep.c -@@ -140,7 +140,7 @@ static struct lock_list list_entries[MAX_LOCKDEP_ENTRIES]; +@@ -140,7 +140,7 @@ static struct lock_list list_entries[MAX unsigned long nr_lock_classes; static struct lock_class lock_classes[MAX_LOCKDEP_KEYS]; @@ -330,7 +300,7 @@ index 0233863..06e0d7a 100644 { if (!hlock->class_idx) { /* -@@ -151,6 +151,7 @@ static inline struct lock_class *hlock_class(struct held_lock *hlock) +@@ -151,6 +151,7 @@ static inline struct lock_class *hlock_c } return lock_classes + hlock->class_idx - 1; } diff --git a/debian/patches/series b/debian/patches/series index cb0426ea8..d72af9ee6 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -138,7 +138,6 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch # Security fixes debian/i386-686-pae-pci-set-pci-nobios-by-default.patch bugfix/all/jfs-fix-inconsistency-between-memory-allocation-and-.patch -bugfix/all/fix-up-non-directory-creation-in-sgid-directories.patch bugfix/all/ext4-fix-false-negatives-and-false-positives-in-ext4.patch # Fix exported symbol versions