From cb7c0036b028aa77cb596a700d253b32d6296674 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Thu, 19 Apr 2018 15:04:56 +0100 Subject: [PATCH 01/13] Update to 4.16.3 --- debian/changelog | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 2a88992e6..2ae40db86 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,9 @@ -linux (4.16-1) UNRELEASED; urgency=medium +linux (4.16.3-1) UNRELEASED; urgency=medium + + * New upstream stable update: + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.1 + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.2 + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.3 [ Ben Hutchings ] * aufs: gen-patch: Fix Subject generation to skip SPDX-License-Identifier From 90f09743ecc34e0374120e78ba8a0aee241aaa6e Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Tue, 24 Apr 2018 20:20:41 +0100 Subject: [PATCH 02/13] debian/lib/python/debian_linux/debian.py: Fix binNMU changelog parsing I incorrectly added a requirement of a newline after urgency in the changelog entry top line as part of "debian/lib/python/debian_linux/debian.py: Parse bottom lines of changelog entries". For a binNMU, there will be ", binary-only=yes" after the urgency. Since we don't currently care about any fields after urgency, allow either a comma or newline. --- debian/changelog | 1 + debian/lib/python/debian_linux/debian.py | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 2ae40db86..48b70d0b1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -13,6 +13,7 @@ linux (4.16.3-1) UNRELEASED; urgency=medium * linux-headers: Change linux-kbuild dependency to be versioned * Set ABI to 1 * [x86,arm64] Disable code signing for upload to unstable + * debian/lib/python/debian_linux/debian.py: Fix binNMU changelog parsing [ Vagrant Cascadian ] * [arm64] Add patches to support SATA on Tegra210/Jetson-TX1. diff --git a/debian/lib/python/debian_linux/debian.py b/debian/lib/python/debian_linux/debian.py index c15e048b1..92df1d7ed 100644 --- a/debian/lib/python/debian_linux/debian.py +++ b/debian/lib/python/debian_linux/debian.py @@ -25,7 +25,7 @@ class Changelog(list): (?P \w+ ) -\n +(?:,|\n) """ _top_re = re.compile(_top_rules, re.X) _bottom_rules = r""" From f4dbf1aa828f18a7e3d9fd7158166b8cedbac0ce Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Tue, 24 Apr 2018 20:40:27 +0100 Subject: [PATCH 03/13] debian/lib/python/debian_linux/debian.py: Fix binNMU revision parsing In VersionLinux, any binNMU version will currently match the revision_other group in the regexp and therefore never be recognised as an experimental, security, or backport version. This is probably harmless in practice because: - binNMUs don't happen in those suites - Only debian/bin/gencontrol.py cares about the linux_revision_other attribute, and it won't be run for a binNMU version But let's fix it by matching the binNMU suffix separately. --- debian/changelog | 1 + debian/lib/python/debian_linux/debian.py | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 48b70d0b1..027e041b2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -14,6 +14,7 @@ linux (4.16.3-1) UNRELEASED; urgency=medium * Set ABI to 1 * [x86,arm64] Disable code signing for upload to unstable * debian/lib/python/debian_linux/debian.py: Fix binNMU changelog parsing + * debian/lib/python/debian_linux/debian.py: Fix binNMU revision parsing [ Vagrant Cascadian ] * [arm64] Add patches to support SATA on Tegra210/Jetson-TX1. diff --git a/debian/lib/python/debian_linux/debian.py b/debian/lib/python/debian_linux/debian.py index 92df1d7ed..759f777d0 100644 --- a/debian/lib/python/debian_linux/debian.py +++ b/debian/lib/python/debian_linux/debian.py @@ -181,9 +181,10 @@ class VersionLinux(Version): )? | (?P - [^-]+ + [^-+]+ ) ) +(?:\+b\d+)? $ """ _version_linux_re = re.compile(_version_linux_rules, re.X) From 98017b2bd787e29a65d1854d3c3cb2d43a85b18e Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Wed, 25 Apr 2018 21:14:23 +0100 Subject: [PATCH 04/13] Update to 4.16.4 --- debian/changelog | 5 +- ...nitialize-the-crc32c-checksum-driver.patch | 46 ------------------- ...get-for-root-directory-if-unallocate.patch | 40 ---------------- ...n-reduce-odroid-c2-eMMC-maximum-rate.patch | 43 ----------------- debian/patches/series | 3 -- 5 files changed, 4 insertions(+), 133 deletions(-) delete mode 100644 debian/patches/bugfix/all/ext4-always-initialize-the-crc32c-checksum-driver.patch delete mode 100644 debian/patches/bugfix/all/ext4-fail-ext4_iget-for-root-directory-if-unallocate.patch delete mode 100644 debian/patches/bugfix/arm64/ARM64-dts-meson-reduce-odroid-c2-eMMC-maximum-rate.patch diff --git a/debian/changelog b/debian/changelog index 027e041b2..3ed28b2a1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,9 +1,12 @@ -linux (4.16.3-1) UNRELEASED; urgency=medium +linux (4.16.4-1) UNRELEASED; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.1 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.2 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.3 + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.4 + - ext4: limit xattr size to INT_MAX (CVE-2018-1095) + - random: fix crng_ready() test (CVE-2018-1108) [ Ben Hutchings ] * aufs: gen-patch: Fix Subject generation to skip SPDX-License-Identifier diff --git a/debian/patches/bugfix/all/ext4-always-initialize-the-crc32c-checksum-driver.patch b/debian/patches/bugfix/all/ext4-always-initialize-the-crc32c-checksum-driver.patch deleted file mode 100644 index 3e2f57379..000000000 --- a/debian/patches/bugfix/all/ext4-always-initialize-the-crc32c-checksum-driver.patch +++ /dev/null @@ -1,46 +0,0 @@ -From: Theodore Ts'o -Date: Thu, 29 Mar 2018 22:10:31 -0400 -Subject: ext4: always initialize the crc32c checksum driver -Origin: https://git.kernel.org/linus/a45403b51582a87872927a3e0fc0a389c26867f1 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-1094 - -The extended attribute code now uses the crc32c checksum for hashing -purposes, so we should just always always initialize it. We also want -to prevent NULL pointer dereferences if one of the metadata checksum -features is enabled after the file sytsem is originally mounted. - -This issue has been assigned CVE-2018-1094. - -https://bugzilla.kernel.org/show_bug.cgi?id=199183 -https://bugzilla.redhat.com/show_bug.cgi?id=1560788 - -Signed-off-by: Theodore Ts'o -Cc: stable@vger.kernel.org ---- - fs/ext4/super.c | 15 ++++++--------- - 1 file changed, 6 insertions(+), 9 deletions(-) - ---- a/fs/ext4/super.c -+++ b/fs/ext4/super.c -@@ -3489,15 +3489,12 @@ static int ext4_fill_super(struct super_ - } - - /* Load the checksum driver */ -- if (ext4_has_feature_metadata_csum(sb) || -- ext4_has_feature_ea_inode(sb)) { -- sbi->s_chksum_driver = crypto_alloc_shash("crc32c", 0, 0); -- if (IS_ERR(sbi->s_chksum_driver)) { -- ext4_msg(sb, KERN_ERR, "Cannot load crc32c driver."); -- ret = PTR_ERR(sbi->s_chksum_driver); -- sbi->s_chksum_driver = NULL; -- goto failed_mount; -- } -+ sbi->s_chksum_driver = crypto_alloc_shash("crc32c", 0, 0); -+ if (IS_ERR(sbi->s_chksum_driver)) { -+ ext4_msg(sb, KERN_ERR, "Cannot load crc32c driver."); -+ ret = PTR_ERR(sbi->s_chksum_driver); -+ sbi->s_chksum_driver = NULL; -+ goto failed_mount; - } - - /* Check superblock checksum */ diff --git a/debian/patches/bugfix/all/ext4-fail-ext4_iget-for-root-directory-if-unallocate.patch b/debian/patches/bugfix/all/ext4-fail-ext4_iget-for-root-directory-if-unallocate.patch deleted file mode 100644 index f241c3bfb..000000000 --- a/debian/patches/bugfix/all/ext4-fail-ext4_iget-for-root-directory-if-unallocate.patch +++ /dev/null @@ -1,40 +0,0 @@ -From: Theodore Ts'o -Date: Thu, 29 Mar 2018 21:56:09 -0400 -Subject: ext4: fail ext4_iget for root directory if unallocated -Origin: https://git.kernel.org/linus/8e4b5eae5decd9dfe5a4ee369c22028f90ab4c44 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-1092 - -If the root directory has an i_links_count of zero, then when the file -system is mounted, then when ext4_fill_super() notices the problem and -tries to call iput() the root directory in the error return path, -ext4_evict_inode() will try to free the inode on disk, before all of -the file system structures are set up, and this will result in an OOPS -caused by a NULL pointer dereference. - -This issue has been assigned CVE-2018-1092. - -https://bugzilla.kernel.org/show_bug.cgi?id=199179 -https://bugzilla.redhat.com/show_bug.cgi?id=1560777 - -Reported-by: Wen Xu -Signed-off-by: Theodore Ts'o -Cc: stable@vger.kernel.org ---- - fs/ext4/inode.c | 6 ++++++ - 1 file changed, 6 insertions(+) - ---- a/fs/ext4/inode.c -+++ b/fs/ext4/inode.c -@@ -4745,6 +4745,12 @@ struct inode *ext4_iget(struct super_blo - goto bad_inode; - raw_inode = ext4_raw_inode(&iloc); - -+ if ((ino == EXT4_ROOT_INO) && (raw_inode->i_links_count == 0)) { -+ EXT4_ERROR_INODE(inode, "root inode unallocated"); -+ ret = -EFSCORRUPTED; -+ goto bad_inode; -+ } -+ - if (EXT4_INODE_SIZE(inode->i_sb) > EXT4_GOOD_OLD_INODE_SIZE) { - ei->i_extra_isize = le16_to_cpu(raw_inode->i_extra_isize); - if (EXT4_GOOD_OLD_INODE_SIZE + ei->i_extra_isize > diff --git a/debian/patches/bugfix/arm64/ARM64-dts-meson-reduce-odroid-c2-eMMC-maximum-rate.patch b/debian/patches/bugfix/arm64/ARM64-dts-meson-reduce-odroid-c2-eMMC-maximum-rate.patch deleted file mode 100644 index 214a8e359..000000000 --- a/debian/patches/bugfix/arm64/ARM64-dts-meson-reduce-odroid-c2-eMMC-maximum-rate.patch +++ /dev/null @@ -1,43 +0,0 @@ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/arch/arm64/boot/dts/amlogic/meson-gxbb-odroidc2.dts?h=next-20180309&id=c04ffa71ff491220cac28f55237c9aad379a8656 -From c04ffa71ff491220cac28f55237c9aad379a8656 Mon Sep 17 00:00:00 2001 -From: Jerome Brunet -Date: Fri, 2 Mar 2018 14:44:36 +0100 -Subject: [PATCH] ARM64: dts: meson: reduce odroid-c2 eMMC maximum rate - -Different modules maybe installed by the user on the eMMC connector -of the odroid-c2. While the red modules are working without an issue, -it seems some black modules (apparently Samsung based) are having -issue at 200MHz - -While the tuning algorithm introduced in v4.14 enables high speed modes -on every other tested designs, it seems a problem remains for this -particular combination of board and eMMC module. - -Lowering the maximum frequency of the eMMC on this board until we can -figure out a better solution. - -Fixes: d341ca88eead ("mmc: meson-gx: rework tuning function") -Suggested-by: Ellie Reeves -Signed-off-by: Jerome Brunet -Cc: stable@vger.kernel.org -Signed-off-by: Kevin Hilman ---- - arch/arm64/boot/dts/amlogic/meson-gxbb-odroidc2.dts | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/arch/arm64/boot/dts/amlogic/meson-gxbb-odroidc2.dts b/arch/arm64/boot/dts/amlogic/meson-gxbb-odroidc2.dts -index 0bc0f65e4f37..54954b314a45 100644 ---- a/arch/arm64/boot/dts/amlogic/meson-gxbb-odroidc2.dts -+++ b/arch/arm64/boot/dts/amlogic/meson-gxbb-odroidc2.dts -@@ -274,7 +274,7 @@ - pinctrl-names = "default", "clk-gate"; - - bus-width = <8>; -- max-frequency = <200000000>; -+ max-frequency = <100000000>; - non-removable; - disable-wp; - cap-mmc-highspeed; --- -2.11.0 - diff --git a/debian/patches/series b/debian/patches/series index 117fd66fd..47a720370 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -139,9 +139,7 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch # Security fixes debian/i386-686-pae-pci-set-pci-nobios-by-default.patch -bugfix/all/ext4-fail-ext4_iget-for-root-directory-if-unallocate.patch bugfix/all/ext4-add-validity-checks-for-bitmap-block-numbers.patch -bugfix/all/ext4-always-initialize-the-crc32c-checksum-driver.patch # Fix exported symbol versions bugfix/all/module-disable-matching-missing-version-crc.patch @@ -157,7 +155,6 @@ bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch bugfix/all/cpupower-bump-soname-version.patch bugfix/all/cpupower-fix-checks-for-cpu-existence.patch bugfix/all/lockdep-stub-nmi-watchdog-reset.patch -bugfix/arm64/ARM64-dts-meson-reduce-odroid-c2-eMMC-maximum-rate.patch # wireless: Disable regulatory.db direct loading (until we sort out signing) debian/wireless-disable-regulatory.db-direct-loading.patch From 9f2182e09ada25cd754171a26dbced480da0f5f8 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Wed, 25 Apr 2018 21:15:48 +0100 Subject: [PATCH 05/13] Revert "ext4: add validity checks for bitmap block numbers", which caused a regression --- debian/changelog | 2 + ...dity-checks-for-bitmap-block-numbers.patch | 96 ------------------- debian/patches/series | 1 - 3 files changed, 2 insertions(+), 97 deletions(-) delete mode 100644 debian/patches/bugfix/all/ext4-add-validity-checks-for-bitmap-block-numbers.patch diff --git a/debian/changelog b/debian/changelog index 3ed28b2a1..b5c14ea4a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -18,6 +18,8 @@ linux (4.16.4-1) UNRELEASED; urgency=medium * [x86,arm64] Disable code signing for upload to unstable * debian/lib/python/debian_linux/debian.py: Fix binNMU changelog parsing * debian/lib/python/debian_linux/debian.py: Fix binNMU revision parsing + * Revert "ext4: add validity checks for bitmap block numbers", which + caused a regression [ Vagrant Cascadian ] * [arm64] Add patches to support SATA on Tegra210/Jetson-TX1. diff --git a/debian/patches/bugfix/all/ext4-add-validity-checks-for-bitmap-block-numbers.patch b/debian/patches/bugfix/all/ext4-add-validity-checks-for-bitmap-block-numbers.patch deleted file mode 100644 index d945461a7..000000000 --- a/debian/patches/bugfix/all/ext4-add-validity-checks-for-bitmap-block-numbers.patch +++ /dev/null @@ -1,96 +0,0 @@ -From: Theodore Ts'o -Date: Mon, 26 Mar 2018 23:54:10 -0400 -Subject: ext4: add validity checks for bitmap block numbers -Origin: https://git.kernel.org/linus/7dac4a1726a9c64a517d595c40e95e2d0d135f6f -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-1093 - -An privileged attacker can cause a crash by mounting a crafted ext4 -image which triggers a out-of-bounds read in the function -ext4_valid_block_bitmap() in fs/ext4/balloc.c. - -This issue has been assigned CVE-2018-1093. - -BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=199181 -BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1560782 -Reported-by: Wen Xu -Signed-off-by: Theodore Ts'o -Cc: stable@vger.kernel.org ---- - fs/ext4/balloc.c | 16 ++++++++++++++-- - fs/ext4/ialloc.c | 7 +++++++ - 2 files changed, 21 insertions(+), 2 deletions(-) - ---- a/fs/ext4/balloc.c -+++ b/fs/ext4/balloc.c -@@ -340,20 +340,25 @@ static ext4_fsblk_t ext4_valid_block_bit - /* check whether block bitmap block number is set */ - blk = ext4_block_bitmap(sb, desc); - offset = blk - group_first_block; -- if (!ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data)) -+ if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize || -+ !ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data)) - /* bad block bitmap */ - return blk; - - /* check whether the inode bitmap block number is set */ - blk = ext4_inode_bitmap(sb, desc); - offset = blk - group_first_block; -- if (!ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data)) -+ if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize || -+ !ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data)) - /* bad block bitmap */ - return blk; - - /* check whether the inode table block number is set */ - blk = ext4_inode_table(sb, desc); - offset = blk - group_first_block; -+ if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize || -+ EXT4_B2C(sbi, offset + sbi->s_itb_per_group) >= sb->s_blocksize) -+ return blk; - next_zero_bit = ext4_find_next_zero_bit(bh->b_data, - EXT4_B2C(sbi, offset + sbi->s_itb_per_group), - EXT4_B2C(sbi, offset)); -@@ -419,6 +424,7 @@ struct buffer_head * - ext4_read_block_bitmap_nowait(struct super_block *sb, ext4_group_t block_group) - { - struct ext4_group_desc *desc; -+ struct ext4_sb_info *sbi = EXT4_SB(sb); - struct buffer_head *bh; - ext4_fsblk_t bitmap_blk; - int err; -@@ -427,6 +433,12 @@ ext4_read_block_bitmap_nowait(struct sup - if (!desc) - return ERR_PTR(-EFSCORRUPTED); - bitmap_blk = ext4_block_bitmap(sb, desc); -+ if ((bitmap_blk <= le32_to_cpu(sbi->s_es->s_first_data_block)) || -+ (bitmap_blk >= ext4_blocks_count(sbi->s_es))) { -+ ext4_error(sb, "Invalid block bitmap block %llu in " -+ "block_group %u", bitmap_blk, block_group); -+ return ERR_PTR(-EFSCORRUPTED); -+ } - bh = sb_getblk(sb, bitmap_blk); - if (unlikely(!bh)) { - ext4_error(sb, "Cannot get buffer for block bitmap - " ---- a/fs/ext4/ialloc.c -+++ b/fs/ext4/ialloc.c -@@ -160,6 +160,7 @@ static struct buffer_head * - ext4_read_inode_bitmap(struct super_block *sb, ext4_group_t block_group) - { - struct ext4_group_desc *desc; -+ struct ext4_sb_info *sbi = EXT4_SB(sb); - struct buffer_head *bh = NULL; - ext4_fsblk_t bitmap_blk; - int err; -@@ -169,6 +170,12 @@ ext4_read_inode_bitmap(struct super_bloc - return ERR_PTR(-EFSCORRUPTED); - - bitmap_blk = ext4_inode_bitmap(sb, desc); -+ if ((bitmap_blk <= le32_to_cpu(sbi->s_es->s_first_data_block)) || -+ (bitmap_blk >= ext4_blocks_count(sbi->s_es))) { -+ ext4_error(sb, "Invalid inode bitmap blk %llu in " -+ "block_group %u", bitmap_blk, block_group); -+ return ERR_PTR(-EFSCORRUPTED); -+ } - bh = sb_getblk(sb, bitmap_blk); - if (unlikely(!bh)) { - ext4_error(sb, "Cannot read inode bitmap - " diff --git a/debian/patches/series b/debian/patches/series index 47a720370..27f88c389 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -139,7 +139,6 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch # Security fixes debian/i386-686-pae-pci-set-pci-nobios-by-default.patch -bugfix/all/ext4-add-validity-checks-for-bitmap-block-numbers.patch # Fix exported symbol versions bugfix/all/module-disable-matching-missing-version-crc.patch From f78c3b34345f0a849f5a6f410cb492917531b838 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Wed, 25 Apr 2018 21:22:21 +0100 Subject: [PATCH 06/13] xfs: enhance dinode verifier (CVE-2018-10322) --- debian/changelog | 1 + .../all/xfs-enhance-dinode-verifier.patch | 68 +++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 70 insertions(+) create mode 100644 debian/patches/bugfix/all/xfs-enhance-dinode-verifier.patch diff --git a/debian/changelog b/debian/changelog index b5c14ea4a..2197768c6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -20,6 +20,7 @@ linux (4.16.4-1) UNRELEASED; urgency=medium * debian/lib/python/debian_linux/debian.py: Fix binNMU revision parsing * Revert "ext4: add validity checks for bitmap block numbers", which caused a regression + * xfs: enhance dinode verifier (CVE-2018-10322) [ Vagrant Cascadian ] * [arm64] Add patches to support SATA on Tegra210/Jetson-TX1. diff --git a/debian/patches/bugfix/all/xfs-enhance-dinode-verifier.patch b/debian/patches/bugfix/all/xfs-enhance-dinode-verifier.patch new file mode 100644 index 000000000..7a860f4be --- /dev/null +++ b/debian/patches/bugfix/all/xfs-enhance-dinode-verifier.patch @@ -0,0 +1,68 @@ +From: Eric Sandeen +Date: Mon, 16 Apr 2018 23:06:53 -0700 +Subject: xfs: enhance dinode verifier +Origin: https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit?id=b42db0860e13067fcc7cbfba3966c9e652668bbc +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10322 + +Add several more validations to xfs_dinode_verify: + +- For LOCAL data fork formats, di_nextents must be 0. +- For LOCAL attr fork formats, di_anextents must be 0. +- For inodes with no attr fork offset, + - format must be XFS_DINODE_FMT_EXTENTS if set at all + - di_anextents must be 0. + +Thanks to dchinner for pointing out a couple related checks I had +forgotten to add. + +Signed-off-by: Eric Sandeen +Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199377 +Reviewed-by: Darrick J. Wong +Signed-off-by: Darrick J. Wong +--- + fs/xfs/libxfs/xfs_inode_buf.c | 21 +++++++++++++++++++++ + 1 file changed, 21 insertions(+) + +--- a/fs/xfs/libxfs/xfs_inode_buf.c ++++ b/fs/xfs/libxfs/xfs_inode_buf.c +@@ -458,6 +458,8 @@ xfs_dinode_verify( + return __this_address; + if (di_size > XFS_DFORK_DSIZE(dip, mp)) + return __this_address; ++ if (dip->di_nextents) ++ return __this_address; + /* fall through */ + case XFS_DINODE_FMT_EXTENTS: + case XFS_DINODE_FMT_BTREE: +@@ -476,12 +478,31 @@ xfs_dinode_verify( + if (XFS_DFORK_Q(dip)) { + switch (dip->di_aformat) { + case XFS_DINODE_FMT_LOCAL: ++ if (dip->di_anextents) ++ return __this_address; ++ /* fall through */ + case XFS_DINODE_FMT_EXTENTS: + case XFS_DINODE_FMT_BTREE: + break; + default: + return __this_address; + } ++ } else { ++ /* ++ * If there is no fork offset, this may be a freshly-made inode ++ * in a new disk cluster, in which case di_aformat is zeroed. ++ * Otherwise, such an inode must be in EXTENTS format; this goes ++ * for freed inodes as well. ++ */ ++ switch (dip->di_aformat) { ++ case 0: ++ case XFS_DINODE_FMT_EXTENTS: ++ break; ++ default: ++ return __this_address; ++ } ++ if (dip->di_anextents) ++ return __this_address; + } + + /* only version 3 or greater inodes are extensively verified here */ diff --git a/debian/patches/series b/debian/patches/series index 27f88c389..0cb520984 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -139,6 +139,7 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch # Security fixes debian/i386-686-pae-pci-set-pci-nobios-by-default.patch +bugfix/all/xfs-enhance-dinode-verifier.patch # Fix exported symbol versions bugfix/all/module-disable-matching-missing-version-crc.patch From 019c1fa6f3048339f8c4d10d00b2cd431421ef7b Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Wed, 25 Apr 2018 21:23:07 +0100 Subject: [PATCH 07/13] xfs: set format back to extents if xfs_bmap_extents_to_btree (CVE-2018-10323) --- debian/changelog | 2 + ...ack-to-extents-if-xfs_bmap_extents_t.patch | 43 +++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 46 insertions(+) create mode 100644 debian/patches/bugfix/all/xfs-set-format-back-to-extents-if-xfs_bmap_extents_t.patch diff --git a/debian/changelog b/debian/changelog index 2197768c6..1ca557ab1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -21,6 +21,8 @@ linux (4.16.4-1) UNRELEASED; urgency=medium * Revert "ext4: add validity checks for bitmap block numbers", which caused a regression * xfs: enhance dinode verifier (CVE-2018-10322) + * xfs: set format back to extents if xfs_bmap_extents_to_btree + (CVE-2018-10323) [ Vagrant Cascadian ] * [arm64] Add patches to support SATA on Tegra210/Jetson-TX1. diff --git a/debian/patches/bugfix/all/xfs-set-format-back-to-extents-if-xfs_bmap_extents_t.patch b/debian/patches/bugfix/all/xfs-set-format-back-to-extents-if-xfs_bmap_extents_t.patch new file mode 100644 index 000000000..dc206006e --- /dev/null +++ b/debian/patches/bugfix/all/xfs-set-format-back-to-extents-if-xfs_bmap_extents_t.patch @@ -0,0 +1,43 @@ +From: Eric Sandeen +Date: Mon, 16 Apr 2018 23:07:27 -0700 +Subject: xfs: set format back to extents if xfs_bmap_extents_to_btree +Origin: https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit?id=2c4306f719b083d17df2963bc761777576b8ad1b +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10323 + +If xfs_bmap_extents_to_btree fails in a mode where we call +xfs_iroot_realloc(-1) to de-allocate the root, set the +format back to extents. + +Otherwise we can assume we can dereference ifp->if_broot +based on the XFS_DINODE_FMT_BTREE format, and crash. + +Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199423 +Signed-off-by: Eric Sandeen +Reviewed-by: Christoph Hellwig +Reviewed-by: Darrick J. Wong +Signed-off-by: Darrick J. Wong +--- + fs/xfs/libxfs/xfs_bmap.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/fs/xfs/libxfs/xfs_bmap.c b/fs/xfs/libxfs/xfs_bmap.c +index 6a7c2f03ea11..040eeda8426f 100644 +--- a/fs/xfs/libxfs/xfs_bmap.c ++++ b/fs/xfs/libxfs/xfs_bmap.c +@@ -725,12 +725,16 @@ xfs_bmap_extents_to_btree( + *logflagsp = 0; + if ((error = xfs_alloc_vextent(&args))) { + xfs_iroot_realloc(ip, -1, whichfork); ++ ASSERT(ifp->if_broot == NULL); ++ XFS_IFORK_FMT_SET(ip, whichfork, XFS_DINODE_FMT_EXTENTS); + xfs_btree_del_cursor(cur, XFS_BTREE_ERROR); + return error; + } + + if (WARN_ON_ONCE(args.fsbno == NULLFSBLOCK)) { + xfs_iroot_realloc(ip, -1, whichfork); ++ ASSERT(ifp->if_broot == NULL); ++ XFS_IFORK_FMT_SET(ip, whichfork, XFS_DINODE_FMT_EXTENTS); + xfs_btree_del_cursor(cur, XFS_BTREE_ERROR); + return -ENOSPC; + } diff --git a/debian/patches/series b/debian/patches/series index 0cb520984..b4e988379 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -140,6 +140,7 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch # Security fixes debian/i386-686-pae-pci-set-pci-nobios-by-default.patch bugfix/all/xfs-enhance-dinode-verifier.patch +bugfix/all/xfs-set-format-back-to-extents-if-xfs_bmap_extents_t.patch # Fix exported symbol versions bugfix/all/module-disable-matching-missing-version-crc.patch From 5dc6988d26cd2d31612ce49b8f4986d002cd8bae Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Wed, 25 Apr 2018 22:11:44 +0100 Subject: [PATCH 08/13] [alpha] mtd: Don't try to enable MTD_XIP MTD_XIP can only actually be enabled on ARM, and even then it doesn't make sense in a Debian kernel. --- debian/config/alpha/config | 1 - 1 file changed, 1 deletion(-) diff --git a/debian/config/alpha/config b/debian/config/alpha/config index 22224c0f4..05515a2f0 100644 --- a/debian/config/alpha/config +++ b/debian/config/alpha/config @@ -443,7 +443,6 @@ CONFIG_MTD_CFI_STAA=m CONFIG_MTD_RAM=m CONFIG_MTD_ROM=m CONFIG_MTD_ABSENT=m -CONFIG_MTD_XIP=y ## ## file: drivers/mtd/devices/Kconfig From c3c6a03a9cadc4805f1db2af8735de8798f05da4 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Fri, 27 Apr 2018 00:05:25 +0100 Subject: [PATCH 09/13] udeb: Add algif_skcipher to crypto-modules (Closes: #896968) --- debian/changelog | 1 + debian/installer/modules/crypto-modules | 3 +++ 2 files changed, 4 insertions(+) diff --git a/debian/changelog b/debian/changelog index 1ca557ab1..a65561926 100644 --- a/debian/changelog +++ b/debian/changelog @@ -23,6 +23,7 @@ linux (4.16.4-1) UNRELEASED; urgency=medium * xfs: enhance dinode verifier (CVE-2018-10322) * xfs: set format back to extents if xfs_bmap_extents_to_btree (CVE-2018-10323) + * udeb: Add algif_skcipher to crypto-modules (Closes: #896968) [ Vagrant Cascadian ] * [arm64] Add patches to support SATA on Tegra210/Jetson-TX1. diff --git a/debian/installer/modules/crypto-modules b/debian/installer/modules/crypto-modules index ae6434ea7..22460e497 100644 --- a/debian/installer/modules/crypto-modules +++ b/debian/installer/modules/crypto-modules @@ -9,3 +9,6 @@ ccm ctr ecb xts + +# For LUKS2 in cryptsetup +algif_skcipher From 5b546990346df38891385053af8cd1f2bc434bca Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Fri, 27 Apr 2018 18:08:39 +0100 Subject: [PATCH 10/13] ext4: fix bitmap position validation Un-revert "ext4: add validity checks for bitmap block numbers" and apply this new fix on top of it. --- debian/changelog | 3 +- ...dity-checks-for-bitmap-block-numbers.patch | 96 +++++++++++++++++++ .../ext4-fix-bitmap-position-validation.patch | 76 +++++++++++++++ debian/patches/series | 2 + 4 files changed, 175 insertions(+), 2 deletions(-) create mode 100644 debian/patches/bugfix/all/ext4-add-validity-checks-for-bitmap-block-numbers.patch create mode 100644 debian/patches/bugfix/all/ext4-fix-bitmap-position-validation.patch diff --git a/debian/changelog b/debian/changelog index a65561926..b601c2f92 100644 --- a/debian/changelog +++ b/debian/changelog @@ -18,12 +18,11 @@ linux (4.16.4-1) UNRELEASED; urgency=medium * [x86,arm64] Disable code signing for upload to unstable * debian/lib/python/debian_linux/debian.py: Fix binNMU changelog parsing * debian/lib/python/debian_linux/debian.py: Fix binNMU revision parsing - * Revert "ext4: add validity checks for bitmap block numbers", which - caused a regression * xfs: enhance dinode verifier (CVE-2018-10322) * xfs: set format back to extents if xfs_bmap_extents_to_btree (CVE-2018-10323) * udeb: Add algif_skcipher to crypto-modules (Closes: #896968) + * ext4: fix bitmap position validation (fixes regression in 4.15.17-1) [ Vagrant Cascadian ] * [arm64] Add patches to support SATA on Tegra210/Jetson-TX1. diff --git a/debian/patches/bugfix/all/ext4-add-validity-checks-for-bitmap-block-numbers.patch b/debian/patches/bugfix/all/ext4-add-validity-checks-for-bitmap-block-numbers.patch new file mode 100644 index 000000000..b7f943954 --- /dev/null +++ b/debian/patches/bugfix/all/ext4-add-validity-checks-for-bitmap-block-numbers.patch @@ -0,0 +1,96 @@ +From: Theodore Ts'o +Date: Mon, 26 Mar 2018 23:54:10 -0400 +Subject: ext4: add validity checks for bitmap block numbers +Origin: https://git.kernel.org/linus/7dac4a1726a9c64a517d595c40e95e2d0d135f6f +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-1093 + +An privileged attacker can cause a crash by mounting a crafted ext4 +image which triggers a out-of-bounds read in the function +ext4_valid_block_bitmap() in fs/ext4/balloc.c. + +This issue has been assigned CVE-2018-1093. + +BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=199181 +BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1560782 +Reported-by: Wen Xu +Signed-off-by: Theodore Ts'o +Cc: stable@vger.kernel.org +--- + fs/ext4/balloc.c | 16 ++++++++++++++-- + fs/ext4/ialloc.c | 7 +++++++ + 2 files changed, 21 insertions(+), 2 deletions(-) + +--- a/fs/ext4/balloc.c ++++ b/fs/ext4/balloc.c +@@ -338,20 +338,25 @@ static ext4_fsblk_t ext4_valid_block_bit + /* check whether block bitmap block number is set */ + blk = ext4_block_bitmap(sb, desc); + offset = blk - group_first_block; +- if (!ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data)) ++ if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize || ++ !ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data)) + /* bad block bitmap */ + return blk; + + /* check whether the inode bitmap block number is set */ + blk = ext4_inode_bitmap(sb, desc); + offset = blk - group_first_block; +- if (!ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data)) ++ if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize || ++ !ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data)) + /* bad block bitmap */ + return blk; + + /* check whether the inode table block number is set */ + blk = ext4_inode_table(sb, desc); + offset = blk - group_first_block; ++ if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize || ++ EXT4_B2C(sbi, offset + sbi->s_itb_per_group) >= sb->s_blocksize) ++ return blk; + next_zero_bit = ext4_find_next_zero_bit(bh->b_data, + EXT4_B2C(sbi, offset + sbi->s_itb_per_group), + EXT4_B2C(sbi, offset)); +@@ -417,6 +422,7 @@ struct buffer_head * + ext4_read_block_bitmap_nowait(struct super_block *sb, ext4_group_t block_group) + { + struct ext4_group_desc *desc; ++ struct ext4_sb_info *sbi = EXT4_SB(sb); + struct buffer_head *bh; + ext4_fsblk_t bitmap_blk; + int err; +@@ -425,6 +431,12 @@ ext4_read_block_bitmap_nowait(struct sup + if (!desc) + return ERR_PTR(-EFSCORRUPTED); + bitmap_blk = ext4_block_bitmap(sb, desc); ++ if ((bitmap_blk <= le32_to_cpu(sbi->s_es->s_first_data_block)) || ++ (bitmap_blk >= ext4_blocks_count(sbi->s_es))) { ++ ext4_error(sb, "Invalid block bitmap block %llu in " ++ "block_group %u", bitmap_blk, block_group); ++ return ERR_PTR(-EFSCORRUPTED); ++ } + bh = sb_getblk(sb, bitmap_blk); + if (unlikely(!bh)) { + ext4_error(sb, "Cannot get buffer for block bitmap - " +--- a/fs/ext4/ialloc.c ++++ b/fs/ext4/ialloc.c +@@ -122,6 +122,7 @@ static struct buffer_head * + ext4_read_inode_bitmap(struct super_block *sb, ext4_group_t block_group) + { + struct ext4_group_desc *desc; ++ struct ext4_sb_info *sbi = EXT4_SB(sb); + struct buffer_head *bh = NULL; + ext4_fsblk_t bitmap_blk; + int err; +@@ -131,6 +132,12 @@ ext4_read_inode_bitmap(struct super_bloc + return ERR_PTR(-EFSCORRUPTED); + + bitmap_blk = ext4_inode_bitmap(sb, desc); ++ if ((bitmap_blk <= le32_to_cpu(sbi->s_es->s_first_data_block)) || ++ (bitmap_blk >= ext4_blocks_count(sbi->s_es))) { ++ ext4_error(sb, "Invalid inode bitmap blk %llu in " ++ "block_group %u", bitmap_blk, block_group); ++ return ERR_PTR(-EFSCORRUPTED); ++ } + bh = sb_getblk(sb, bitmap_blk); + if (unlikely(!bh)) { + ext4_error(sb, "Cannot read inode bitmap - " diff --git a/debian/patches/bugfix/all/ext4-fix-bitmap-position-validation.patch b/debian/patches/bugfix/all/ext4-fix-bitmap-position-validation.patch new file mode 100644 index 000000000..14b3dab08 --- /dev/null +++ b/debian/patches/bugfix/all/ext4-fix-bitmap-position-validation.patch @@ -0,0 +1,76 @@ +From: Lukas Czerner +Date: Tue, 24 Apr 2018 11:31:44 -0400 +Subject: ext4: fix bitmap position validation +Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=22be37acce25d66ecf6403fc8f44df9c5ded2372 + +Currently in ext4_valid_block_bitmap() we expect the bitmap to be +positioned anywhere between 0 and s_blocksize clusters, but that's +wrong because the bitmap can be placed anywhere in the block group. This +causes false positives when validating bitmaps on perfectly valid file +system layouts. Fix it by checking whether the bitmap is within the group +boundary. + +The problem can be reproduced using the following + +mkfs -t ext3 -E stride=256 /dev/vdb1 +mount /dev/vdb1 /mnt/test +cd /mnt/test +wget https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.16.3.tar.xz +tar xf linux-4.16.3.tar.xz + +This will result in the warnings in the logs + +EXT4-fs error (device vdb1): ext4_validate_block_bitmap:399: comm tar: bg 84: block 2774529: invalid block bitmap + +[ Changed slightly for clarity and to not drop a overflow test -- TYT ] + +Signed-off-by: Lukas Czerner +Signed-off-by: Theodore Ts'o +Reported-by: Ilya Dryomov +Fixes: 7dac4a1726a9 ("ext4: add validity checks for bitmap block numbers") +Cc: stable@vger.kernel.org +--- + fs/ext4/balloc.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c +index a33d8fb1bf2a..508b905d744d 100644 +--- a/fs/ext4/balloc.c ++++ b/fs/ext4/balloc.c +@@ -321,6 +321,7 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb, + struct ext4_sb_info *sbi = EXT4_SB(sb); + ext4_grpblk_t offset; + ext4_grpblk_t next_zero_bit; ++ ext4_grpblk_t max_bit = EXT4_CLUSTERS_PER_GROUP(sb); + ext4_fsblk_t blk; + ext4_fsblk_t group_first_block; + +@@ -338,7 +339,7 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb, + /* check whether block bitmap block number is set */ + blk = ext4_block_bitmap(sb, desc); + offset = blk - group_first_block; +- if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize || ++ if (offset < 0 || EXT4_B2C(sbi, offset) >= max_bit || + !ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data)) + /* bad block bitmap */ + return blk; +@@ -346,7 +347,7 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb, + /* check whether the inode bitmap block number is set */ + blk = ext4_inode_bitmap(sb, desc); + offset = blk - group_first_block; +- if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize || ++ if (offset < 0 || EXT4_B2C(sbi, offset) >= max_bit || + !ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data)) + /* bad block bitmap */ + return blk; +@@ -354,8 +355,8 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb, + /* check whether the inode table block number is set */ + blk = ext4_inode_table(sb, desc); + offset = blk - group_first_block; +- if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize || +- EXT4_B2C(sbi, offset + sbi->s_itb_per_group) >= sb->s_blocksize) ++ if (offset < 0 || EXT4_B2C(sbi, offset) >= max_bit || ++ EXT4_B2C(sbi, offset + sbi->s_itb_per_group) >= max_bit) + return blk; + next_zero_bit = ext4_find_next_zero_bit(bh->b_data, + EXT4_B2C(sbi, offset + sbi->s_itb_per_group), diff --git a/debian/patches/series b/debian/patches/series index b4e988379..5b097a58c 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -141,6 +141,8 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch debian/i386-686-pae-pci-set-pci-nobios-by-default.patch bugfix/all/xfs-enhance-dinode-verifier.patch bugfix/all/xfs-set-format-back-to-extents-if-xfs_bmap_extents_t.patch +bugfix/all/ext4-add-validity-checks-for-bitmap-block-numbers.patch +bugfix/all/ext4-fix-bitmap-position-validation.patch # Fix exported symbol versions bugfix/all/module-disable-matching-missing-version-crc.patch From 498cb2c1296baa0ff5ea17f24a2f907d819d80e5 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Fri, 27 Apr 2018 18:25:27 +0100 Subject: [PATCH 11/13] Update to 4.16.5 --- debian/changelog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index b601c2f92..283846667 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -linux (4.16.4-1) UNRELEASED; urgency=medium +linux (4.16.5-1) UNRELEASED; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.1 @@ -7,6 +7,7 @@ linux (4.16.4-1) UNRELEASED; urgency=medium https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.4 - ext4: limit xattr size to INT_MAX (CVE-2018-1095) - random: fix crng_ready() test (CVE-2018-1108) + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.5 [ Ben Hutchings ] * aufs: gen-patch: Fix Subject generation to skip SPDX-License-Identifier From f78b896b8b7d5260d7d8a542f7e00bdca71a8f43 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Sat, 28 Apr 2018 21:42:12 +0100 Subject: [PATCH 12/13] debian/lib/python/debian_linux/gencontrol.py: Allow uploads to *-security with a simple revision --- debian/bin/gencontrol.py | 3 +-- debian/changelog | 2 ++ 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/debian/bin/gencontrol.py b/debian/bin/gencontrol.py index 3dbb0c102..d4ab808e8 100755 --- a/debian/bin/gencontrol.py +++ b/debian/bin/gencontrol.py @@ -567,8 +567,7 @@ class Gencontrol(Base): if not version.linux_revision_experimental: raise RuntimeError("Can't upload to %s with a version of %s" % (distribution, version)) if distribution.endswith('-security') or distribution.endswith('-lts'): - if (not version.linux_revision_security or - version.linux_revision_backports): + if version.linux_revision_backports or version.linux_revision_other: raise RuntimeError("Can't upload to %s with a version of %s" % (distribution, version)) if distribution.endswith('-backports'): if not version.linux_revision_backports: diff --git a/debian/changelog b/debian/changelog index 283846667..f40937768 100644 --- a/debian/changelog +++ b/debian/changelog @@ -24,6 +24,8 @@ linux (4.16.5-1) UNRELEASED; urgency=medium (CVE-2018-10323) * udeb: Add algif_skcipher to crypto-modules (Closes: #896968) * ext4: fix bitmap position validation (fixes regression in 4.15.17-1) + * debian/lib/python/debian_linux/gencontrol.py: Allow uploads to *-security + with a simple revision [ Vagrant Cascadian ] * [arm64] Add patches to support SATA on Tegra210/Jetson-TX1. From f36c7f9bd94930a174ecfcda87bfec4fbbc39d72 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Sun, 29 Apr 2018 17:09:15 +0100 Subject: [PATCH 13/13] Prepare to release linux (4.16.5-1). --- debian/changelog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index f40937768..efea50de2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -linux (4.16.5-1) UNRELEASED; urgency=medium +linux (4.16.5-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.1 @@ -53,7 +53,7 @@ linux (4.16.5-1) UNRELEASED; urgency=medium [ Uwe Kleine-König ] * [amd64] enable AMD 10GbE Ethernet driver (CONFIG_AMD_XGBE=m) - -- Ben Hutchings Sun, 08 Apr 2018 19:03:49 +0100 + -- Ben Hutchings Sun, 29 Apr 2018 17:09:14 +0100 linux (4.16-1~exp1) experimental; urgency=medium