Release linux (4.16.5-1).

-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAlrmIuQACgkQ57/I7JWG
 EQl34hAAiQMv+LrOJsingSeIxmPM2q+FktFykdjTNsjcyEZ5pSfhj8T4fc4hZHZp
 uXOMV4+lfNSCQF9agPsYcTvm6Md7VqMCMjFOmM6GdUrIc7kDnZEheA1ZTFuZzOVv
 Heh88tDu6Zl2vqPbt+81Ah3N/lSyCVA5jVF0K4RYUe1Gs7YFTqaJdPZi8wP7I9Os
 GwvY41auQFNdTQfIpdB1dISQVtfAZT8cg+c/fGUNPhJWqFnjMeYhBoQWRKPATp4/
 NNJNAEOU7K0zpooCCAH5zK03T6bpt64GOJx/gDMyaqdlAd3LbLiCQP09tS3OVqQS
 qAm7I0STnM3oD0D1uk+OPo8Cxeu3V/4kHwYH59G/EwyYa7rJxrThQSvTZCxEdKuK
 REr2aPe6doW7x45yhL+R3ZKJDLsdVJkkutpCXhdqnwAUnXITUR4PprNd4l6tc5nC
 IzZM5Il7nAx3LWB2Xtz4iGykQVAyXdpDKXjCJgarTI4kG49iitCq1eRJHi5jFVJw
 7iuIgZmjFBWx6bzifhNBg0oUG3R7hEitzaqJ0G1jX+FRVfOOr+an+txZEVyJuqsw
 3FDI8kJClXVB6kNAPgEQWPh3Cdh63s69qVLZZTGujgLHMXv833MbBHIV3KR+7YNS
 uKfzJNSglCIKf3LVKRUSHJyfYJTV+iS4ioHVjn8B7fc0YCdXQpg=
 =hQGL
 -----END PGP SIGNATURE-----

Merge tag 'debian/4.16.5-1'

Release linux (4.16.5-1).

debian/bin/gencontrol.py

@@ -567,8 +567,7 @@ class Gencontrol(Base):
             if not version.linux_revision_experimental:
                 raise RuntimeError("Can't upload to %s with a version of %s" % (distribution, version))
         if distribution.endswith('-security') or distribution.endswith('-lts'):
-            if (not version.linux_revision_security or
-                version.linux_revision_backports):
+            if version.linux_revision_backports or version.linux_revision_other:
                 raise RuntimeError("Can't upload to %s with a version of %s" % (distribution, version))
         if distribution.endswith('-backports'):
             if not version.linux_revision_backports:

debian/changelog

@@ -19,7 +19,16 @@ linux (4.17~rc2-1~exp1) UNRELEASED; urgency=medium
 
  -- Ben Hutchings <ben@decadent.org.uk>  Thu, 19 Apr 2018 21:37:24 +0100
 
-linux (4.16-1) UNRELEASED; urgency=medium
+linux (4.16.5-1) unstable; urgency=medium
+
+  * New upstream stable update:
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.1
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.2
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.3
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.4
+    - ext4: limit xattr size to INT_MAX (CVE-2018-1095)
+    - random: fix crng_ready() test (CVE-2018-1108)
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.5
 
   [ Ben Hutchings ]
   * aufs: gen-patch: Fix Subject generation to skip SPDX-License-Identifier
@@ -27,6 +36,17 @@ linux (4.16-1) UNRELEASED; urgency=medium
   * wireless: Add Debian wireless-regdb certificates (see #892229)
   * Add support for compilers installed outside the default PATH
   * linux-headers: Change linux-kbuild dependency to be versioned
+  * Set ABI to 1
+  * [x86,arm64] Disable code signing for upload to unstable
+  * debian/lib/python/debian_linux/debian.py: Fix binNMU changelog parsing
+  * debian/lib/python/debian_linux/debian.py: Fix binNMU revision parsing
+  * xfs: enhance dinode verifier (CVE-2018-10322)
+  * xfs: set format back to extents if xfs_bmap_extents_to_btree
+    (CVE-2018-10323)
+  * udeb: Add algif_skcipher to crypto-modules (Closes: #896968)
+  * ext4: fix bitmap position validation (fixes regression in 4.15.17-1)
+  * debian/lib/python/debian_linux/gencontrol.py: Allow uploads to *-security
+    with a simple revision
 
   [ Vagrant Cascadian ]
   * [arm64] Add patches to support SATA on Tegra210/Jetson-TX1.
@@ -54,7 +74,7 @@ linux (4.16-1) UNRELEASED; urgency=medium
   [ Uwe Kleine-König ]
   * [amd64] enable AMD 10GbE Ethernet driver (CONFIG_AMD_XGBE=m)
 
- -- Ben Hutchings <ben@decadent.org.uk>  Sun, 08 Apr 2018 19:03:49 +0100
+ -- Ben Hutchings <ben@decadent.org.uk>  Sun, 29 Apr 2018 17:09:14 +0100
 
 linux (4.16-1~exp1) experimental; urgency=medium
 

debian/config/alpha/config

@@ -443,7 +443,6 @@ CONFIG_MTD_CFI_STAA=m
 CONFIG_MTD_RAM=m
 CONFIG_MTD_ROM=m
 CONFIG_MTD_ABSENT=m
-CONFIG_MTD_XIP=y
 
 ##
 ## file: drivers/mtd/devices/Kconfig

debian/installer/modules/crypto-modules

@@ -9,3 +9,6 @@ ccm
 ctr
 ecb
 xts
+
+# For LUKS2 in cryptsetup
+algif_skcipher

debian/lib/python/debian_linux/debian.py

@@ -25,7 +25,7 @@ class Changelog(list):
 (?P<urgency>
     \w+
 )
-\n
+(?:,|\n)
 """
     _top_re = re.compile(_top_rules, re.X)
     _bottom_rules = r"""
@@ -181,9 +181,10 @@ class VersionLinux(Version):
     )?
     |
     (?P<revision_other>
-        [^-]+
+        [^-+]+
     )
 )
+(?:\+b\d+)?
 $
 """
     _version_linux_re = re.compile(_version_linux_rules, re.X)

debian/patches/bugfix/all/ext4-fix-bitmap-position-validation.patch

@@ -0,0 +1,76 @@
+From: Lukas Czerner <lczerner@redhat.com>
+Date: Tue, 24 Apr 2018 11:31:44 -0400
+Subject: ext4: fix bitmap position validation
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=22be37acce25d66ecf6403fc8f44df9c5ded2372
+
+Currently in ext4_valid_block_bitmap() we expect the bitmap to be
+positioned anywhere between 0 and s_blocksize clusters, but that's
+wrong because the bitmap can be placed anywhere in the block group. This
+causes false positives when validating bitmaps on perfectly valid file
+system layouts. Fix it by checking whether the bitmap is within the group
+boundary.
+
+The problem can be reproduced using the following
+
+mkfs -t ext3 -E stride=256 /dev/vdb1
+mount /dev/vdb1 /mnt/test
+cd /mnt/test
+wget https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.16.3.tar.xz
+tar xf linux-4.16.3.tar.xz
+
+This will result in the warnings in the logs
+
+EXT4-fs error (device vdb1): ext4_validate_block_bitmap:399: comm tar: bg 84: block 2774529: invalid block bitmap
+
+[ Changed slightly for clarity and to not drop a overflow test -- TYT ]
+
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Reported-by: Ilya Dryomov <idryomov@gmail.com>
+Fixes: 7dac4a1726a9 ("ext4: add validity checks for bitmap block numbers")
+Cc: stable@vger.kernel.org
+---
+ fs/ext4/balloc.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c
+index a33d8fb1bf2a..508b905d744d 100644
+--- a/fs/ext4/balloc.c
++++ b/fs/ext4/balloc.c
+@@ -321,6 +321,7 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb,
+ 	struct ext4_sb_info *sbi = EXT4_SB(sb);
+ 	ext4_grpblk_t offset;
+ 	ext4_grpblk_t next_zero_bit;
++	ext4_grpblk_t max_bit = EXT4_CLUSTERS_PER_GROUP(sb);
+ 	ext4_fsblk_t blk;
+ 	ext4_fsblk_t group_first_block;
+ 
+@@ -338,7 +339,7 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb,
+ 	/* check whether block bitmap block number is set */
+ 	blk = ext4_block_bitmap(sb, desc);
+ 	offset = blk - group_first_block;
+-	if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize ||
++	if (offset < 0 || EXT4_B2C(sbi, offset) >= max_bit ||
+ 	    !ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data))
+ 		/* bad block bitmap */
+ 		return blk;
+@@ -346,7 +347,7 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb,
+ 	/* check whether the inode bitmap block number is set */
+ 	blk = ext4_inode_bitmap(sb, desc);
+ 	offset = blk - group_first_block;
+-	if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize ||
++	if (offset < 0 || EXT4_B2C(sbi, offset) >= max_bit ||
+ 	    !ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data))
+ 		/* bad block bitmap */
+ 		return blk;
+@@ -354,8 +355,8 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb,
+ 	/* check whether the inode table block number is set */
+ 	blk = ext4_inode_table(sb, desc);
+ 	offset = blk - group_first_block;
+-	if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize ||
+-	    EXT4_B2C(sbi, offset + sbi->s_itb_per_group) >= sb->s_blocksize)
++	if (offset < 0 || EXT4_B2C(sbi, offset) >= max_bit ||
++	    EXT4_B2C(sbi, offset + sbi->s_itb_per_group) >= max_bit)
+ 		return blk;
+ 	next_zero_bit = ext4_find_next_zero_bit(bh->b_data,
+ 			EXT4_B2C(sbi, offset + sbi->s_itb_per_group),

debian/patches/bugfix/all/xfs-enhance-dinode-verifier.patch

@@ -0,0 +1,68 @@
+From: Eric Sandeen <sandeen@sandeen.net>
+Date: Mon, 16 Apr 2018 23:06:53 -0700
+Subject: xfs: enhance dinode verifier
+Origin: https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit?id=b42db0860e13067fcc7cbfba3966c9e652668bbc
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10322
+
+Add several more validations to xfs_dinode_verify:
+
+- For LOCAL data fork formats, di_nextents must be 0.
+- For LOCAL attr fork formats, di_anextents must be 0.
+- For inodes with no attr fork offset,
+  - format must be XFS_DINODE_FMT_EXTENTS if set at all
+  - di_anextents must be 0.
+
+Thanks to dchinner for pointing out a couple related checks I had
+forgotten to add.
+
+Signed-off-by: Eric Sandeen <sandeen@redhat.com>
+Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199377
+Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
+Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
+---
+ fs/xfs/libxfs/xfs_inode_buf.c | 21 +++++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+
+--- a/fs/xfs/libxfs/xfs_inode_buf.c
++++ b/fs/xfs/libxfs/xfs_inode_buf.c
+@@ -458,6 +458,8 @@ xfs_dinode_verify(
+ 				return __this_address;
+ 			if (di_size > XFS_DFORK_DSIZE(dip, mp))
+ 				return __this_address;
++			if (dip->di_nextents)
++				return __this_address;
+ 			/* fall through */
+ 		case XFS_DINODE_FMT_EXTENTS:
+ 		case XFS_DINODE_FMT_BTREE:
+@@ -476,12 +478,31 @@ xfs_dinode_verify(
+ 	if (XFS_DFORK_Q(dip)) {
+ 		switch (dip->di_aformat) {
+ 		case XFS_DINODE_FMT_LOCAL:
++			if (dip->di_anextents)
++				return __this_address;
++		/* fall through */
+ 		case XFS_DINODE_FMT_EXTENTS:
+ 		case XFS_DINODE_FMT_BTREE:
+ 			break;
+ 		default:
+ 			return __this_address;
+ 		}
++	} else {
++		/*
++		 * If there is no fork offset, this may be a freshly-made inode
++		 * in a new disk cluster, in which case di_aformat is zeroed.
++		 * Otherwise, such an inode must be in EXTENTS format; this goes
++		 * for freed inodes as well.
++		 */
++		switch (dip->di_aformat) {
++		case 0:
++		case XFS_DINODE_FMT_EXTENTS:
++			break;
++		default:
++			return __this_address;
++		}
++		if (dip->di_anextents)
++			return __this_address;
+ 	}
+ 
+ 	/* only version 3 or greater inodes are extensively verified here */

debian/patches/bugfix/all/xfs-set-format-back-to-extents-if-xfs_bmap_extents_t.patch

@@ -0,0 +1,43 @@
+From: Eric Sandeen <sandeen@redhat.com>
+Date: Mon, 16 Apr 2018 23:07:27 -0700
+Subject: xfs: set format back to extents if xfs_bmap_extents_to_btree
+Origin: https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit?id=2c4306f719b083d17df2963bc761777576b8ad1b
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10323
+
+If xfs_bmap_extents_to_btree fails in a mode where we call
+xfs_iroot_realloc(-1) to de-allocate the root, set the
+format back to extents.
+
+Otherwise we can assume we can dereference ifp->if_broot
+based on the XFS_DINODE_FMT_BTREE format, and crash.
+
+Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199423
+Signed-off-by: Eric Sandeen <sandeen@redhat.com>
+Reviewed-by: Christoph Hellwig <hch@lst.de>
+Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
+Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
+---
+ fs/xfs/libxfs/xfs_bmap.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/fs/xfs/libxfs/xfs_bmap.c b/fs/xfs/libxfs/xfs_bmap.c
+index 6a7c2f03ea11..040eeda8426f 100644
+--- a/fs/xfs/libxfs/xfs_bmap.c
++++ b/fs/xfs/libxfs/xfs_bmap.c
+@@ -725,12 +725,16 @@ xfs_bmap_extents_to_btree(
+ 	*logflagsp = 0;
+ 	if ((error = xfs_alloc_vextent(&args))) {
+ 		xfs_iroot_realloc(ip, -1, whichfork);
++		ASSERT(ifp->if_broot == NULL);
++		XFS_IFORK_FMT_SET(ip, whichfork, XFS_DINODE_FMT_EXTENTS);
+ 		xfs_btree_del_cursor(cur, XFS_BTREE_ERROR);
+ 		return error;
+ 	}
+ 
+ 	if (WARN_ON_ONCE(args.fsbno == NULLFSBLOCK)) {
+ 		xfs_iroot_realloc(ip, -1, whichfork);
++		ASSERT(ifp->if_broot == NULL);
++		XFS_IFORK_FMT_SET(ip, whichfork, XFS_DINODE_FMT_EXTENTS);
+ 		xfs_btree_del_cursor(cur, XFS_BTREE_ERROR);
+ 		return -ENOSPC;
+ 	}

debian/patches/series

@@ -120,6 +120,9 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
 
 # Security fixes
 debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
+bugfix/all/xfs-enhance-dinode-verifier.patch
+bugfix/all/xfs-set-format-back-to-extents-if-xfs_bmap_extents_t.patch
+bugfix/all/ext4-fix-bitmap-position-validation.patch
 
 # Fix exported symbol versions
 bugfix/all/module-disable-matching-missing-version-crc.patch