diff --git a/debian/bin/gencontrol.py b/debian/bin/gencontrol.py index 3dbb0c102..d4ab808e8 100755 --- a/debian/bin/gencontrol.py +++ b/debian/bin/gencontrol.py @@ -567,8 +567,7 @@ class Gencontrol(Base): if not version.linux_revision_experimental: raise RuntimeError("Can't upload to %s with a version of %s" % (distribution, version)) if distribution.endswith('-security') or distribution.endswith('-lts'): - if (not version.linux_revision_security or - version.linux_revision_backports): + if version.linux_revision_backports or version.linux_revision_other: raise RuntimeError("Can't upload to %s with a version of %s" % (distribution, version)) if distribution.endswith('-backports'): if not version.linux_revision_backports: diff --git a/debian/changelog b/debian/changelog index 70fe46a28..94e1ff2e5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -19,7 +19,16 @@ linux (4.17~rc2-1~exp1) UNRELEASED; urgency=medium -- Ben Hutchings Thu, 19 Apr 2018 21:37:24 +0100 -linux (4.16-1) UNRELEASED; urgency=medium +linux (4.16.5-1) unstable; urgency=medium + + * New upstream stable update: + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.1 + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.2 + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.3 + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.4 + - ext4: limit xattr size to INT_MAX (CVE-2018-1095) + - random: fix crng_ready() test (CVE-2018-1108) + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.5 [ Ben Hutchings ] * aufs: gen-patch: Fix Subject generation to skip SPDX-License-Identifier @@ -27,6 +36,17 @@ linux (4.16-1) UNRELEASED; urgency=medium * wireless: Add Debian wireless-regdb certificates (see #892229) * Add support for compilers installed outside the default PATH * linux-headers: Change linux-kbuild dependency to be versioned + * Set ABI to 1 + * [x86,arm64] Disable code signing for upload to unstable + * debian/lib/python/debian_linux/debian.py: Fix binNMU changelog parsing + * debian/lib/python/debian_linux/debian.py: Fix binNMU revision parsing + * xfs: enhance dinode verifier (CVE-2018-10322) + * xfs: set format back to extents if xfs_bmap_extents_to_btree + (CVE-2018-10323) + * udeb: Add algif_skcipher to crypto-modules (Closes: #896968) + * ext4: fix bitmap position validation (fixes regression in 4.15.17-1) + * debian/lib/python/debian_linux/gencontrol.py: Allow uploads to *-security + with a simple revision [ Vagrant Cascadian ] * [arm64] Add patches to support SATA on Tegra210/Jetson-TX1. @@ -54,7 +74,7 @@ linux (4.16-1) UNRELEASED; urgency=medium [ Uwe Kleine-König ] * [amd64] enable AMD 10GbE Ethernet driver (CONFIG_AMD_XGBE=m) - -- Ben Hutchings Sun, 08 Apr 2018 19:03:49 +0100 + -- Ben Hutchings Sun, 29 Apr 2018 17:09:14 +0100 linux (4.16-1~exp1) experimental; urgency=medium diff --git a/debian/config/alpha/config b/debian/config/alpha/config index aee7a317c..3d61b0045 100644 --- a/debian/config/alpha/config +++ b/debian/config/alpha/config @@ -443,7 +443,6 @@ CONFIG_MTD_CFI_STAA=m CONFIG_MTD_RAM=m CONFIG_MTD_ROM=m CONFIG_MTD_ABSENT=m -CONFIG_MTD_XIP=y ## ## file: drivers/mtd/devices/Kconfig diff --git a/debian/installer/modules/crypto-modules b/debian/installer/modules/crypto-modules index ae6434ea7..22460e497 100644 --- a/debian/installer/modules/crypto-modules +++ b/debian/installer/modules/crypto-modules @@ -9,3 +9,6 @@ ccm ctr ecb xts + +# For LUKS2 in cryptsetup +algif_skcipher diff --git a/debian/lib/python/debian_linux/debian.py b/debian/lib/python/debian_linux/debian.py index c15e048b1..759f777d0 100644 --- a/debian/lib/python/debian_linux/debian.py +++ b/debian/lib/python/debian_linux/debian.py @@ -25,7 +25,7 @@ class Changelog(list): (?P \w+ ) -\n +(?:,|\n) """ _top_re = re.compile(_top_rules, re.X) _bottom_rules = r""" @@ -181,9 +181,10 @@ class VersionLinux(Version): )? | (?P - [^-]+ + [^-+]+ ) ) +(?:\+b\d+)? $ """ _version_linux_re = re.compile(_version_linux_rules, re.X) diff --git a/debian/patches/bugfix/all/ext4-fix-bitmap-position-validation.patch b/debian/patches/bugfix/all/ext4-fix-bitmap-position-validation.patch new file mode 100644 index 000000000..14b3dab08 --- /dev/null +++ b/debian/patches/bugfix/all/ext4-fix-bitmap-position-validation.patch @@ -0,0 +1,76 @@ +From: Lukas Czerner +Date: Tue, 24 Apr 2018 11:31:44 -0400 +Subject: ext4: fix bitmap position validation +Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=22be37acce25d66ecf6403fc8f44df9c5ded2372 + +Currently in ext4_valid_block_bitmap() we expect the bitmap to be +positioned anywhere between 0 and s_blocksize clusters, but that's +wrong because the bitmap can be placed anywhere in the block group. This +causes false positives when validating bitmaps on perfectly valid file +system layouts. Fix it by checking whether the bitmap is within the group +boundary. + +The problem can be reproduced using the following + +mkfs -t ext3 -E stride=256 /dev/vdb1 +mount /dev/vdb1 /mnt/test +cd /mnt/test +wget https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.16.3.tar.xz +tar xf linux-4.16.3.tar.xz + +This will result in the warnings in the logs + +EXT4-fs error (device vdb1): ext4_validate_block_bitmap:399: comm tar: bg 84: block 2774529: invalid block bitmap + +[ Changed slightly for clarity and to not drop a overflow test -- TYT ] + +Signed-off-by: Lukas Czerner +Signed-off-by: Theodore Ts'o +Reported-by: Ilya Dryomov +Fixes: 7dac4a1726a9 ("ext4: add validity checks for bitmap block numbers") +Cc: stable@vger.kernel.org +--- + fs/ext4/balloc.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c +index a33d8fb1bf2a..508b905d744d 100644 +--- a/fs/ext4/balloc.c ++++ b/fs/ext4/balloc.c +@@ -321,6 +321,7 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb, + struct ext4_sb_info *sbi = EXT4_SB(sb); + ext4_grpblk_t offset; + ext4_grpblk_t next_zero_bit; ++ ext4_grpblk_t max_bit = EXT4_CLUSTERS_PER_GROUP(sb); + ext4_fsblk_t blk; + ext4_fsblk_t group_first_block; + +@@ -338,7 +339,7 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb, + /* check whether block bitmap block number is set */ + blk = ext4_block_bitmap(sb, desc); + offset = blk - group_first_block; +- if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize || ++ if (offset < 0 || EXT4_B2C(sbi, offset) >= max_bit || + !ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data)) + /* bad block bitmap */ + return blk; +@@ -346,7 +347,7 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb, + /* check whether the inode bitmap block number is set */ + blk = ext4_inode_bitmap(sb, desc); + offset = blk - group_first_block; +- if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize || ++ if (offset < 0 || EXT4_B2C(sbi, offset) >= max_bit || + !ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data)) + /* bad block bitmap */ + return blk; +@@ -354,8 +355,8 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb, + /* check whether the inode table block number is set */ + blk = ext4_inode_table(sb, desc); + offset = blk - group_first_block; +- if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize || +- EXT4_B2C(sbi, offset + sbi->s_itb_per_group) >= sb->s_blocksize) ++ if (offset < 0 || EXT4_B2C(sbi, offset) >= max_bit || ++ EXT4_B2C(sbi, offset + sbi->s_itb_per_group) >= max_bit) + return blk; + next_zero_bit = ext4_find_next_zero_bit(bh->b_data, + EXT4_B2C(sbi, offset + sbi->s_itb_per_group), diff --git a/debian/patches/bugfix/all/xfs-enhance-dinode-verifier.patch b/debian/patches/bugfix/all/xfs-enhance-dinode-verifier.patch new file mode 100644 index 000000000..7a860f4be --- /dev/null +++ b/debian/patches/bugfix/all/xfs-enhance-dinode-verifier.patch @@ -0,0 +1,68 @@ +From: Eric Sandeen +Date: Mon, 16 Apr 2018 23:06:53 -0700 +Subject: xfs: enhance dinode verifier +Origin: https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit?id=b42db0860e13067fcc7cbfba3966c9e652668bbc +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10322 + +Add several more validations to xfs_dinode_verify: + +- For LOCAL data fork formats, di_nextents must be 0. +- For LOCAL attr fork formats, di_anextents must be 0. +- For inodes with no attr fork offset, + - format must be XFS_DINODE_FMT_EXTENTS if set at all + - di_anextents must be 0. + +Thanks to dchinner for pointing out a couple related checks I had +forgotten to add. + +Signed-off-by: Eric Sandeen +Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199377 +Reviewed-by: Darrick J. Wong +Signed-off-by: Darrick J. Wong +--- + fs/xfs/libxfs/xfs_inode_buf.c | 21 +++++++++++++++++++++ + 1 file changed, 21 insertions(+) + +--- a/fs/xfs/libxfs/xfs_inode_buf.c ++++ b/fs/xfs/libxfs/xfs_inode_buf.c +@@ -458,6 +458,8 @@ xfs_dinode_verify( + return __this_address; + if (di_size > XFS_DFORK_DSIZE(dip, mp)) + return __this_address; ++ if (dip->di_nextents) ++ return __this_address; + /* fall through */ + case XFS_DINODE_FMT_EXTENTS: + case XFS_DINODE_FMT_BTREE: +@@ -476,12 +478,31 @@ xfs_dinode_verify( + if (XFS_DFORK_Q(dip)) { + switch (dip->di_aformat) { + case XFS_DINODE_FMT_LOCAL: ++ if (dip->di_anextents) ++ return __this_address; ++ /* fall through */ + case XFS_DINODE_FMT_EXTENTS: + case XFS_DINODE_FMT_BTREE: + break; + default: + return __this_address; + } ++ } else { ++ /* ++ * If there is no fork offset, this may be a freshly-made inode ++ * in a new disk cluster, in which case di_aformat is zeroed. ++ * Otherwise, such an inode must be in EXTENTS format; this goes ++ * for freed inodes as well. ++ */ ++ switch (dip->di_aformat) { ++ case 0: ++ case XFS_DINODE_FMT_EXTENTS: ++ break; ++ default: ++ return __this_address; ++ } ++ if (dip->di_anextents) ++ return __this_address; + } + + /* only version 3 or greater inodes are extensively verified here */ diff --git a/debian/patches/bugfix/all/xfs-set-format-back-to-extents-if-xfs_bmap_extents_t.patch b/debian/patches/bugfix/all/xfs-set-format-back-to-extents-if-xfs_bmap_extents_t.patch new file mode 100644 index 000000000..dc206006e --- /dev/null +++ b/debian/patches/bugfix/all/xfs-set-format-back-to-extents-if-xfs_bmap_extents_t.patch @@ -0,0 +1,43 @@ +From: Eric Sandeen +Date: Mon, 16 Apr 2018 23:07:27 -0700 +Subject: xfs: set format back to extents if xfs_bmap_extents_to_btree +Origin: https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit?id=2c4306f719b083d17df2963bc761777576b8ad1b +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10323 + +If xfs_bmap_extents_to_btree fails in a mode where we call +xfs_iroot_realloc(-1) to de-allocate the root, set the +format back to extents. + +Otherwise we can assume we can dereference ifp->if_broot +based on the XFS_DINODE_FMT_BTREE format, and crash. + +Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199423 +Signed-off-by: Eric Sandeen +Reviewed-by: Christoph Hellwig +Reviewed-by: Darrick J. Wong +Signed-off-by: Darrick J. Wong +--- + fs/xfs/libxfs/xfs_bmap.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/fs/xfs/libxfs/xfs_bmap.c b/fs/xfs/libxfs/xfs_bmap.c +index 6a7c2f03ea11..040eeda8426f 100644 +--- a/fs/xfs/libxfs/xfs_bmap.c ++++ b/fs/xfs/libxfs/xfs_bmap.c +@@ -725,12 +725,16 @@ xfs_bmap_extents_to_btree( + *logflagsp = 0; + if ((error = xfs_alloc_vextent(&args))) { + xfs_iroot_realloc(ip, -1, whichfork); ++ ASSERT(ifp->if_broot == NULL); ++ XFS_IFORK_FMT_SET(ip, whichfork, XFS_DINODE_FMT_EXTENTS); + xfs_btree_del_cursor(cur, XFS_BTREE_ERROR); + return error; + } + + if (WARN_ON_ONCE(args.fsbno == NULLFSBLOCK)) { + xfs_iroot_realloc(ip, -1, whichfork); ++ ASSERT(ifp->if_broot == NULL); ++ XFS_IFORK_FMT_SET(ip, whichfork, XFS_DINODE_FMT_EXTENTS); + xfs_btree_del_cursor(cur, XFS_BTREE_ERROR); + return -ENOSPC; + } diff --git a/debian/patches/series b/debian/patches/series index 61820d86a..ca89ca346 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -120,6 +120,9 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch # Security fixes debian/i386-686-pae-pci-set-pci-nobios-by-default.patch +bugfix/all/xfs-enhance-dinode-verifier.patch +bugfix/all/xfs-set-format-back-to-extents-if-xfs_bmap_extents_t.patch +bugfix/all/ext4-fix-bitmap-position-validation.patch # Fix exported symbol versions bugfix/all/module-disable-matching-missing-version-crc.patch