From 6c7df557db97481090660b2d01dfc4405c7f6642 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Tue, 26 Jun 2018 17:01:33 +0100 Subject: [PATCH 01/22] Export symbols needed by Android drivers --- debian/changelog | 1 + ...rt-symbols-needed-by-android-drivers.patch | 146 ++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 148 insertions(+) create mode 100644 debian/patches/debian/export-symbols-needed-by-android-drivers.patch diff --git a/debian/changelog b/debian/changelog index 99331a2f1..14d9b58cd 100644 --- a/debian/changelog +++ b/debian/changelog @@ -70,6 +70,7 @@ linux (4.17.3-1) UNRELEASED; urgency=medium [ Ben Hutchings ] * [amd64,arm64,armhf] android: Build modules to support Anbox (Closes: #901492) + - Export symbols needed by Android drivers - Enable building ashmem and binder as modules - Enable ANDROID - Enable ANDROID_BINDER_IPC, ASHMEM as modules diff --git a/debian/patches/debian/export-symbols-needed-by-android-drivers.patch b/debian/patches/debian/export-symbols-needed-by-android-drivers.patch new file mode 100644 index 000000000..696df27e8 --- /dev/null +++ b/debian/patches/debian/export-symbols-needed-by-android-drivers.patch @@ -0,0 +1,146 @@ +From: Ben Hutchings +Date: Tue, 26 Jun 2018 16:59:01 +0100 +Subject: Export symbols needed by Android drivers +Bug-Debian: https://bugs.debian.org/901492 + +We want to enable use of the Android ashmem and binder drivers to +support Anbox, but they should not be built-in as that would waste +resources and increase security attack surface on systems that don't +need them. + +Export the currently un-exported symbols they depend on. + +--- +--- a/fs/file.c ++++ b/fs/file.c +@@ -409,6 +409,7 @@ struct files_struct *get_files_struct(st + + return files; + } ++EXPORT_SYMBOL_GPL(get_files_struct); + + void put_files_struct(struct files_struct *files) + { +@@ -421,6 +422,7 @@ void put_files_struct(struct files_struc + kmem_cache_free(files_cachep, files); + } + } ++EXPORT_SYMBOL_GPL(put_files_struct); + + void reset_files_struct(struct files_struct *files) + { +@@ -533,6 +535,7 @@ out: + spin_unlock(&files->file_lock); + return error; + } ++EXPORT_SYMBOL_GPL(__alloc_fd); + + static int alloc_fd(unsigned start, unsigned flags) + { +@@ -606,6 +609,7 @@ void __fd_install(struct files_struct *f + rcu_assign_pointer(fdt->fd[fd], file); + rcu_read_unlock_sched(); + } ++EXPORT_SYMBOL_GPL(__fd_install); + + void fd_install(unsigned int fd, struct file *file) + { +--- a/kernel/fork.c ++++ b/kernel/fork.c +@@ -999,6 +999,7 @@ void mmput_async(struct mm_struct *mm) + schedule_work(&mm->async_put_work); + } + } ++EXPORT_SYMBOL_GPL(mmput_async); + #endif + + /** +--- a/kernel/signal.c ++++ b/kernel/signal.c +@@ -1280,6 +1280,7 @@ struct sighand_struct *__lock_task_sigha + + return sighand; + } ++EXPORT_SYMBOL_GPL(__lock_task_sighand); + + /* + * send signal info to all the members of a group +--- a/mm/memory.c ++++ b/mm/memory.c +@@ -1624,6 +1624,7 @@ void zap_page_range(struct vm_area_struc + mmu_notifier_invalidate_range_end(mm, start, end); + tlb_finish_mmu(&tlb, start, end); + } ++EXPORT_SYMBOL_GPL(zap_page_range); + + /** + * zap_page_range_single - remove user pages in a given range +--- a/mm/shmem.c ++++ b/mm/shmem.c +@@ -4326,6 +4326,7 @@ int shmem_zero_setup(struct vm_area_stru + + return 0; + } ++EXPORT_SYMBOL_GPL(shmem_zero_setup); + + /** + * shmem_read_mapping_page_gfp - read into page cache, using specified page allocation flags. +--- a/mm/vmalloc.c ++++ b/mm/vmalloc.c +@@ -1308,6 +1308,7 @@ int map_kernel_range_noflush(unsigned lo + { + return vmap_page_range_noflush(addr, addr + size, prot, pages); + } ++EXPORT_SYMBOL_GPL(map_kernel_range_noflush); + + /** + * unmap_kernel_range_noflush - unmap kernel VM area +@@ -1448,6 +1449,7 @@ struct vm_struct *get_vm_area(unsigned l + NUMA_NO_NODE, GFP_KERNEL, + __builtin_return_address(0)); + } ++EXPORT_SYMBOL_GPL(get_vm_area); + + struct vm_struct *get_vm_area_caller(unsigned long size, unsigned long flags, + const void *caller) +--- a/security/security.c ++++ b/security/security.c +@@ -231,24 +231,28 @@ int security_binder_set_context_mgr(stru + { + return call_int_hook(binder_set_context_mgr, 0, mgr); + } ++EXPORT_SYMBOL_GPL(security_binder_set_context_mgr); + + int security_binder_transaction(struct task_struct *from, + struct task_struct *to) + { + return call_int_hook(binder_transaction, 0, from, to); + } ++EXPORT_SYMBOL_GPL(security_binder_transaction); + + int security_binder_transfer_binder(struct task_struct *from, + struct task_struct *to) + { + return call_int_hook(binder_transfer_binder, 0, from, to); + } ++EXPORT_SYMBOL_GPL(security_binder_transfer_binder); + + int security_binder_transfer_file(struct task_struct *from, + struct task_struct *to, struct file *file) + { + return call_int_hook(binder_transfer_file, 0, from, to, file); + } ++EXPORT_SYMBOL_GPL(security_binder_transfer_file); + + int security_ptrace_access_check(struct task_struct *child, unsigned int mode) + { +--- a/kernel/sched/core.c ++++ b/kernel/sched/core.c +@@ -3976,6 +3976,7 @@ int can_nice(const struct task_struct *p + return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) || + capable(CAP_SYS_NICE)); + } ++EXPORT_SYMBOL_GPL(can_nice); + + #ifdef __ARCH_WANT_SYS_NICE + diff --git a/debian/patches/series b/debian/patches/series index 6736bbfa8..d9ef5ef33 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -12,6 +12,7 @@ debian/modpost-symbol-prefix.patch debian/tools-perf-version.patch debian/tools-perf-install.patch debian/wireless-add-debian-wireless-regdb-certificates.patch +debian/export-symbols-needed-by-android-drivers.patch debian/android-enable-building-ashmem-and-binder-as-modules.patch # Fixes/improvements to firmware loading From 6f97cae8805d6813d59de21c3f4e1f251ef0e9bc Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Tue, 26 Jun 2018 20:48:57 +0100 Subject: [PATCH 02/22] binder: Fix duplicate module parameters binder.c and binder_alloc.c both define a debug_mask module parameter, which was fine when they were two separate built-in "modules". Now that they're grouped together we need to distinguish these parameters, so rename the one in binder_alloc.c to alloc_debug_mask. --- ...enable-building-ashmem-and-binder-as-modules.patch | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/debian/patches/debian/android-enable-building-ashmem-and-binder-as-modules.patch b/debian/patches/debian/android-enable-building-ashmem-and-binder-as-modules.patch index 2f44ad105..30fa01e59 100644 --- a/debian/patches/debian/android-enable-building-ashmem-and-binder-as-modules.patch +++ b/debian/patches/debian/android-enable-building-ashmem-and-binder-as-modules.patch @@ -71,3 +71,14 @@ need them. device_initcall(ashmem_init); + +MODULE_LICENSE("GPL v2"); +--- a/drivers/android/binder_alloc.c ++++ b/drivers/android/binder_alloc.c +@@ -42,7 +42,7 @@ enum { + }; + static uint32_t binder_alloc_debug_mask; + +-module_param_named(debug_mask, binder_alloc_debug_mask, ++module_param_named(alloc_debug_mask, binder_alloc_debug_mask, + uint, 0644); + + #define binder_alloc_debug(mask, x...) \ From f757f308177ae58b9b471b2b162fd46493958e3e Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Tue, 26 Jun 2018 22:22:22 +0100 Subject: [PATCH 03/22] debian/rules.d/scripts/mod/gendef.py: Use Python 3 --- debian/changelog | 1 + debian/rules.d/scripts/mod/Makefile | 2 +- debian/rules.d/scripts/mod/gendef.py | 10 +++++----- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/debian/changelog b/debian/changelog index 14d9b58cd..27444d69a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -83,6 +83,7 @@ linux (4.17.3-1) UNRELEASED; urgency=medium (CVE-2018-12633) * [x86] vboxguest: Enable VBOXGUEST and DRM_VBOXVIDEO as modules * aufs: Update support patchset to aufs4.x-rcN-20180611 + * debian/rules.d/scripts/mod/gendef.py: Use Python 3 [ Romain Perier ] * [x86] amdgpu: Enable DCN 1.0 Raven family (Closes: #901349) diff --git a/debian/rules.d/scripts/mod/Makefile b/debian/rules.d/scripts/mod/Makefile index e57e262aa..35bf77cd2 100644 --- a/debian/rules.d/scripts/mod/Makefile +++ b/debian/rules.d/scripts/mod/Makefile @@ -16,7 +16,7 @@ modpost.real-%: $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^ modpost-opts.h: $(top_srcdir)/scripts/mod/modpost.c - python $(wrapperdir)/gendef.py $< > $@ + $(wrapperdir)/gendef.py $< > $@ modpost.o: modpost.c modpost-opts.h $(CC) $(CFLAGS) -I $(CURDIR) -c -o $@ $< diff --git a/debian/rules.d/scripts/mod/gendef.py b/debian/rules.d/scripts/mod/gendef.py index 6e1bdf41b..f923d083b 100755 --- a/debian/rules.d/scripts/mod/gendef.py +++ b/debian/rules.d/scripts/mod/gendef.py @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/python3 import re import sys @@ -10,11 +10,11 @@ for line in open(sys.argv[1]): else: raise RuntimeError -print '#define GETOPT_OPTIONS "%s"' % options +print('#define GETOPT_OPTIONS "%s"' % options) -print '#define GETOPT_CASE', +print('#define GETOPT_CASE', end=' ') for c in options: if c == ':' or c == 'T': continue - print "case '%c':" % c, -print + print("case '%c':" % c, end=' ') +print() From 38dba741c6f27dced06cd47fb229f76c14d3f7d9 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Tue, 26 Jun 2018 22:26:46 +0100 Subject: [PATCH 04/22] debian/rules: Fix pkg.linux.notools build profile --- debian/changelog | 1 + debian/rules | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 27444d69a..eb73f73b8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -84,6 +84,7 @@ linux (4.17.3-1) UNRELEASED; urgency=medium * [x86] vboxguest: Enable VBOXGUEST and DRM_VBOXVIDEO as modules * aufs: Update support patchset to aufs4.x-rcN-20180611 * debian/rules.d/scripts/mod/gendef.py: Use Python 3 + * debian/rules: Fix pkg.linux.notools build profile [ Romain Perier ] * [x86] amdgpu: Enable DCN 1.0 Raven family (Closes: #901349) diff --git a/debian/rules b/debian/rules index 14cccc2cd..9059d78d2 100755 --- a/debian/rules +++ b/debian/rules @@ -22,7 +22,7 @@ ifneq (,$(filter nodoc,$(DEB_BUILD_PROFILES))) MAKEFLAGS += DO_DOCS=False endif ifneq (,$(filter pkg.linux.notools,$(DEB_BUILD_PROFILES))) - MAKEFLAGS += DO_TOOLS=False + MAKEFLAGS += DO_TOOLS_VERSIONED=False DO_TOOLS_UNVERSIONED=False endif .NOTPARALLEL: From 3ff18afde5110a2bc85c7a5a300861b68c3726c7 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Tue, 26 Jun 2018 22:27:55 +0100 Subject: [PATCH 05/22] debian/bin/gencontrol.py: Remove check for old [packages]tools config field This was split into tools-versioned and tools-unversioned. --- debian/bin/gencontrol.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/debian/bin/gencontrol.py b/debian/bin/gencontrol.py index 1ce6141b3..2f2bbe499 100755 --- a/debian/bin/gencontrol.py +++ b/debian/bin/gencontrol.py @@ -207,10 +207,6 @@ class Gencontrol(Base): else: makeflags['DO_LIBC'] = False - if not self.config.merge('packages').get('tools', True): - makeflags['DO_TOOLS'] = False - - merge_packages(packages, packages_headers_arch, arch) cmds_build_arch = ["$(MAKE) -f debian/rules.real build-arch-arch %s" % makeflags] From d7f4f21608318a4d82a627efda3833174990597d Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Sat, 30 Jun 2018 03:27:55 +0100 Subject: [PATCH 06/22] tracing: Check for no filter when processing event filters (CVE-2018-12714) --- debian/changelog | 1 + ...r-no-filter-when-processing-event-fi.patch | 61 +++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 63 insertions(+) create mode 100644 debian/patches/bugfix/all/tracing-check-for-no-filter-when-processing-event-fi.patch diff --git a/debian/changelog b/debian/changelog index eb73f73b8..4729d9ef0 100644 --- a/debian/changelog +++ b/debian/changelog @@ -85,6 +85,7 @@ linux (4.17.3-1) UNRELEASED; urgency=medium * aufs: Update support patchset to aufs4.x-rcN-20180611 * debian/rules.d/scripts/mod/gendef.py: Use Python 3 * debian/rules: Fix pkg.linux.notools build profile + * tracing: Check for no filter when processing event filters (CVE-2018-12714) [ Romain Perier ] * [x86] amdgpu: Enable DCN 1.0 Raven family (Closes: #901349) diff --git a/debian/patches/bugfix/all/tracing-check-for-no-filter-when-processing-event-fi.patch b/debian/patches/bugfix/all/tracing-check-for-no-filter-when-processing-event-fi.patch new file mode 100644 index 000000000..b7fac2ec6 --- /dev/null +++ b/debian/patches/bugfix/all/tracing-check-for-no-filter-when-processing-event-fi.patch @@ -0,0 +1,61 @@ +From: "Steven Rostedt (VMware)" +Date: Thu, 21 Jun 2018 13:20:53 -0400 +Subject: tracing: Check for no filter when processing event filters +Origin: https://git.kernel.org/linus/70303420b5721c38998cf987e6b7d30cc62d4ff1 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-12714 + +The syzkaller detected a out-of-bounds issue with the events filter code, +specifically here: + + prog[N].pred = NULL; /* #13 */ + prog[N].target = 1; /* TRUE */ + prog[N+1].pred = NULL; + prog[N+1].target = 0; /* FALSE */ +-> prog[N-1].target = N; + prog[N-1].when_to_branch = false; + +As that's the first reference to a "N-1" index, it appears that the code got +here with N = 0, which means the filter parser found no filter to parse +(which shouldn't ever happen, but apparently it did). + +Add a new error to the parsing code that will check to make sure that N is +not zero before going into this part of the code. If N = 0, then -EINVAL is +returned, and a error message is added to the filter. + +Cc: stable@vger.kernel.org +Fixes: 80765597bc587 ("tracing: Rewrite filter logic to be simpler and faster") +Reported-by: air icy +bugzilla url: https://bugzilla.kernel.org/show_bug.cgi?id=200019 +Signed-off-by: Steven Rostedt (VMware) +--- + kernel/trace/trace_events_filter.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c +index e1c818dbc0d7..0dceb77d1d42 100644 +--- a/kernel/trace/trace_events_filter.c ++++ b/kernel/trace/trace_events_filter.c +@@ -78,7 +78,8 @@ static const char * ops[] = { OPS }; + C(TOO_MANY_PREDS, "Too many terms in predicate expression"), \ + C(INVALID_FILTER, "Meaningless filter expression"), \ + C(IP_FIELD_ONLY, "Only 'ip' field is supported for function trace"), \ +- C(INVALID_VALUE, "Invalid value (did you forget quotes)?"), ++ C(INVALID_VALUE, "Invalid value (did you forget quotes)?"), \ ++ C(NO_FILTER, "No filter found"), + + #undef C + #define C(a, b) FILT_ERR_##a +@@ -550,6 +551,13 @@ predicate_parse(const char *str, int nr_parens, int nr_preds, + goto out_free; + } + ++ if (!N) { ++ /* No program? */ ++ ret = -EINVAL; ++ parse_error(pe, FILT_ERR_NO_FILTER, ptr - str); ++ goto out_free; ++ } ++ + prog[N].pred = NULL; /* #13 */ + prog[N].target = 1; /* TRUE */ + prog[N+1].pred = NULL; diff --git a/debian/patches/series b/debian/patches/series index d9ef5ef33..e277e6969 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -134,6 +134,7 @@ debian/i386-686-pae-pci-set-pci-nobios-by-default.patch bugfix/x86/virt-vbox-Only-copy_from_user-the-request-header-onc.patch # Fix exported symbol versions +bugfix/all/tracing-check-for-no-filter-when-processing-event-fi.patch bugfix/all/module-disable-matching-missing-version-crc.patch # Tools bug fixes From 6fcfc170b9b58228383cc23c8aaeca7aa84f9179 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Sun, 1 Jul 2018 01:06:56 +0100 Subject: [PATCH 07/22] dm: Enable DM_INTEGRITY as module (except on armel) (Closes: #896649) --- debian/changelog | 1 + debian/config/armel/config.marvell | 5 +++++ debian/config/config | 1 + 3 files changed, 7 insertions(+) diff --git a/debian/changelog b/debian/changelog index 4729d9ef0..6325cfe94 100644 --- a/debian/changelog +++ b/debian/changelog @@ -86,6 +86,7 @@ linux (4.17.3-1) UNRELEASED; urgency=medium * debian/rules.d/scripts/mod/gendef.py: Use Python 3 * debian/rules: Fix pkg.linux.notools build profile * tracing: Check for no filter when processing event filters (CVE-2018-12714) + * dm: Enable DM_INTEGRITY as module (except on armel) (Closes: #896649) [ Romain Perier ] * [x86] amdgpu: Enable DCN 1.0 Raven family (Closes: #901349) diff --git a/debian/config/armel/config.marvell b/debian/config/armel/config.marvell index 53ecd023e..66949a832 100644 --- a/debian/config/armel/config.marvell +++ b/debian/config/armel/config.marvell @@ -340,6 +340,11 @@ CONFIG_LEDS_NETXBIG=m CONFIG_LEDS_TRIGGER_TIMER=y CONFIG_LEDS_TRIGGER_DEFAULT_ON=y +## +## file: drivers/md/Kconfig +## +# CONFIG_DM_INTEGRITY is not set + ## ## file: drivers/mmc/Kconfig ## diff --git a/debian/config/config b/debian/config/config index fd6bbc390..4fc48262a 100644 --- a/debian/config/config +++ b/debian/config/config @@ -1780,6 +1780,7 @@ CONFIG_DM_FLAKEY=m CONFIG_DM_VERITY=m CONFIG_DM_SWITCH=m CONFIG_DM_LOG_WRITES=m +CONFIG_DM_INTEGRITY=m ## ## file: drivers/md/bcache/Kconfig From ed60e27410bfcd45e8dc6fe32a809c2714d73762 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Sun, 1 Jul 2018 00:03:49 +0100 Subject: [PATCH 08/22] debian/lib/python/debian_linux/debian.py: Add unit tests for Version class Three of these currently fail and will be fixed in the next commit. --- debian/lib/python/debian_linux/debian.py | 78 ++++++++++++++++++++++++ 1 file changed, 78 insertions(+) diff --git a/debian/lib/python/debian_linux/debian.py b/debian/lib/python/debian_linux/debian.py index 759f777d0..66c49a3aa 100644 --- a/debian/lib/python/debian_linux/debian.py +++ b/debian/lib/python/debian_linux/debian.py @@ -1,6 +1,7 @@ import collections import os.path import re +import unittest from . import utils @@ -143,6 +144,79 @@ $ return self.revision +class _VersionTest(unittest.TestCase): + def test_native(self): + v = Version('1.2+c~4') + self.assertEqual(v.epoch, None) + self.assertEqual(v.upstream, '1.2+c~4') + self.assertEqual(v.revision, None) + self.assertEqual(v.complete, '1.2+c~4') + self.assertEqual(v.complete_noepoch, '1.2+c~4') + + def test_nonnative(self): + v = Version('1-2+d~3') + self.assertEqual(v.epoch, None) + self.assertEqual(v.upstream, '1') + self.assertEqual(v.revision, '2+d~3') + self.assertEqual(v.complete, '1-2+d~3') + self.assertEqual(v.complete_noepoch, '1-2+d~3') + + def test_native_epoch(self): + v = Version('5:1.2.3') + self.assertEqual(v.epoch, 5) + self.assertEqual(v.upstream, '1.2.3') + self.assertEqual(v.revision, None) + self.assertEqual(v.complete, '5:1.2.3') + self.assertEqual(v.complete_noepoch, '1.2.3') + + def test_nonnative_epoch(self): + v = Version('5:1.2.3-4') + self.assertEqual(v.epoch, 5) + self.assertEqual(v.upstream, '1.2.3') + self.assertEqual(v.revision, '4') + self.assertEqual(v.complete, '5:1.2.3-4') + self.assertEqual(v.complete_noepoch, '1.2.3-4') + + def test_multi_hyphen(self): + v = Version('1-2-3') + self.assertEqual(v.epoch, None) + self.assertEqual(v.upstream, '1-2') + self.assertEqual(v.revision, '3') + self.assertEqual(v.complete, '1-2-3') + + def test_multi_colon(self): + v = Version('1:2:3') + self.assertEqual(v.epoch, 1) + self.assertEqual(v.upstream, '2:3') + self.assertEqual(v.revision, None) + + def test_invalid_epoch(self): + with self.assertRaises(RuntimeError): + v = Version('a:1') + with self.assertRaises(RuntimeError): + v = Version('-1:1') + with self.assertRaises(RuntimeError): + v = Version('1a:1') + + def test_invalid_upstream(self): + with self.assertRaises(RuntimeError): + v = Version('1_2') + with self.assertRaises(RuntimeError): + v = Version('1/2') + with self.assertRaises(RuntimeError): + v = Version('a1') + with self.assertRaises(RuntimeError): + v = Version('1 2') + + def test_invalid_revision(self): + with self.assertRaises(RuntimeError): + v = Version('1-2_3') + with self.assertRaises(RuntimeError): + v = Version('1-2/3') + with self.assertRaises(RuntimeError): + v = Version('1-2:3') + + class VersionLinux(Version): _version_linux_rules = r""" ^ @@ -501,3 +575,7 @@ class TestsControl(_ControlFileDict): ('Tests-Directory', str), ('Classes', str), )) + + +if __name__ == '__main__': + unittest.main() From 1102f36c4948f6fb3a4c18fe32b34457a10b4f86 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Sun, 1 Jul 2018 00:16:04 +0100 Subject: [PATCH 09/22] debian/lib/python/debian_linux/debian.py: Fix Version self-test failures We didn't check for invalid characters in the upstream or revision parts. Tighten the regexps for those parts. Also, failure to match the epoch or revision groups caused those parts to be treated as part of the upstream version. Split out the three parts and match them against separate regexps. --- debian/lib/python/debian_linux/debian.py | 46 +++++++++++------------- 1 file changed, 21 insertions(+), 25 deletions(-) diff --git a/debian/lib/python/debian_linux/debian.py b/debian/lib/python/debian_linux/debian.py index 66c49a3aa..9198ca774 100644 --- a/debian/lib/python/debian_linux/debian.py +++ b/debian/lib/python/debian_linux/debian.py @@ -93,34 +93,30 @@ class Changelog(list): top_match = bottom_match = None class Version(object): - _version_rules = r""" -^ -(?: - (?P - \d+ - ) - : -)? -(?P - .+? -) -(?: - - - (?P[^-]+) -)? -$ -""" - _version_re = re.compile(_version_rules, re.X) + _epoch_re = re.compile(r'\d+$') + _upstream_re = re.compile(r'[0-9][A-Za-z0-9.+\-:~]*$') + _revision_re = re.compile(r'[A-Za-z0-9+.~]+$') def __init__(self, version): - match = self._version_re.match(version) - if match is None: + try: + split = version.index(':') + except ValueError: + epoch, rest = None, version + else: + epoch, rest = version[0:split], version[split+1:] + try: + split = rest.rindex('-') + except ValueError: + upstream, revision = rest, None + else: + upstream, revision = rest[0:split], rest[split+1:] + if ((epoch is not None and not self._epoch_re.match(epoch)) or + not self._upstream_re.match(upstream) or + (revision is not None and not self._revision_re.match(revision))): raise RuntimeError(u"Invalid debian version") - self.epoch = None - if match.group("epoch") is not None: - self.epoch = int(match.group("epoch")) - self.upstream = match.group("upstream") - self.revision = match.group("revision") + self.epoch = epoch and int(epoch) + self.upstream = upstream + self.revision = revision def __str__(self): return self.complete From 343b328ed0c283b2eacd08530a4798a08cdc2eea Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Sun, 1 Jul 2018 03:59:07 +0100 Subject: [PATCH 10/22] debian/lib/python/debian_linux/debian.py: Add unit tests for VersionLinux class Two of these currently fail and will be fixed in the next commit. --- debian/lib/python/debian_linux/debian.py | 90 ++++++++++++++++++++++++ 1 file changed, 90 insertions(+) diff --git a/debian/lib/python/debian_linux/debian.py b/debian/lib/python/debian_linux/debian.py index 9198ca774..e45eaa1af 100644 --- a/debian/lib/python/debian_linux/debian.py +++ b/debian/lib/python/debian_linux/debian.py @@ -280,6 +280,96 @@ $ self.linux_revision_other = match.group('revision_other') and True +class _VersionLinuxTest(unittest.TestCase): + def test_stable(self): + v = VersionLinux('1.2.3-4') + self.assertEqual(v.linux_version, '1.2') + self.assertEqual(v.linux_upstream, '1.2') + self.assertEqual(v.linux_upstream_full, '1.2.3') + self.assertEqual(v.linux_modifier, None) + self.assertEqual(v.linux_dfsg, None) + self.assertFalse(v.linux_revision_experimental) + self.assertFalse(v.linux_revision_security) + self.assertFalse(v.linux_revision_backports) + self.assertFalse(v.linux_revision_other) + + def test_rc(self): + v = VersionLinux('1.2~rc3-4') + self.assertEqual(v.linux_version, '1.2') + self.assertEqual(v.linux_upstream, '1.2-rc3') + self.assertEqual(v.linux_upstream_full, '1.2-rc3') + self.assertEqual(v.linux_modifier, 'rc3') + self.assertEqual(v.linux_dfsg, None) + self.assertFalse(v.linux_revision_experimental) + self.assertFalse(v.linux_revision_security) + self.assertFalse(v.linux_revision_backports) + self.assertFalse(v.linux_revision_other) + + def test_dfsg(self): + v = VersionLinux('1.2~rc3.dfsg.1-4') + self.assertEqual(v.linux_version, '1.2') + self.assertEqual(v.linux_upstream, '1.2-rc3') + self.assertEqual(v.linux_upstream_full, '1.2-rc3') + self.assertEqual(v.linux_modifier, 'rc3') + self.assertEqual(v.linux_dfsg, '1') + self.assertFalse(v.linux_revision_experimental) + self.assertFalse(v.linux_revision_security) + self.assertFalse(v.linux_revision_backports) + self.assertFalse(v.linux_revision_other) + + def test_experimental(self): + v = VersionLinux('1.2~rc3-4~exp5') + self.assertEqual(v.linux_upstream_full, '1.2-rc3') + self.assertTrue(v.linux_revision_experimental) + self.assertFalse(v.linux_revision_security) + self.assertFalse(v.linux_revision_backports) + self.assertFalse(v.linux_revision_other) + + def test_security(self): + v = VersionLinux('1.2.3-4+deb10u1') + self.assertEqual(v.linux_upstream_full, '1.2.3') + self.assertFalse(v.linux_revision_experimental) + self.assertTrue(v.linux_revision_security) + self.assertFalse(v.linux_revision_backports) + self.assertFalse(v.linux_revision_other) + + def test_backports(self): + v = VersionLinux('1.2.3-4~bpo9+10') + self.assertEqual(v.linux_upstream_full, '1.2.3') + self.assertFalse(v.linux_revision_experimental) + self.assertFalse(v.linux_revision_security) + self.assertTrue(v.linux_revision_backports) + self.assertFalse(v.linux_revision_other) + + def test_security_backports(self): + v = VersionLinux('1.2.3-4+deb10u1~bpo9+10') + self.assertEqual(v.linux_upstream_full, '1.2.3') + self.assertFalse(v.linux_revision_experimental) + self.assertTrue(v.linux_revision_security) + self.assertTrue(v.linux_revision_backports) + self.assertFalse(v.linux_revision_other) + + def test_lts_backports(self): + # Backport during LTS, as an extra package in the -security + # suite. Since this is not part of a -backports suite it + # shouldn't get the linux_revision_backports flag. + v = VersionLinux('1.2.3-4~deb9u10') + self.assertEqual(v.linux_upstream_full, '1.2.3') + self.assertFalse(v.linux_revision_experimental) + self.assertTrue(v.linux_revision_security) + self.assertFalse(v.linux_revision_backports) + self.assertFalse(v.linux_revision_other) + + def test_lts_backports_2(self): + # Same but with two security extensions in the revision. + v = VersionLinux('1.2.3-4+deb10u1~deb9u10') + self.assertEqual(v.linux_upstream_full, '1.2.3') + self.assertFalse(v.linux_revision_experimental) + self.assertTrue(v.linux_revision_security) + self.assertFalse(v.linux_revision_backports) + self.assertFalse(v.linux_revision_other) + + class PackageArchitecture(collections.MutableSet): __slots__ = '_data' From 92a23c728d125fca9adc50de4dc1c9003b9a4de8 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Sun, 1 Jul 2018 03:59:58 +0100 Subject: [PATCH 11/22] debian/lib/python/debian_linux/debian.py: Fix VersionLinux self-test failures The revision_security group matched either +debXuY or ~debXuY but not both. --- debian/lib/python/debian_linux/debian.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/lib/python/debian_linux/debian.py b/debian/lib/python/debian_linux/debian.py index e45eaa1af..58da6eda5 100644 --- a/debian/lib/python/debian_linux/debian.py +++ b/debian/lib/python/debian_linux/debian.py @@ -244,7 +244,7 @@ class VersionLinux(Version): ) | (?P - [~+]deb\d+u\d+ + (?:[~+]deb\d+u\d+)+ )? (?P ~bpo\d+\+\d+ From 6f7e87ee67bf1d57eb055d5c4490f612a2f1ca6c Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Sun, 1 Jul 2018 04:23:20 +0100 Subject: [PATCH 12/22] debian/lib/python/debian_linux/debian.py: More test cases for VersionLinux Add test case for #898087 and for the earlier bug whose fix caused it. --- debian/lib/python/debian_linux/debian.py | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/debian/lib/python/debian_linux/debian.py b/debian/lib/python/debian_linux/debian.py index 58da6eda5..3a0f53f3b 100644 --- a/debian/lib/python/debian_linux/debian.py +++ b/debian/lib/python/debian_linux/debian.py @@ -369,6 +369,27 @@ class _VersionLinuxTest(unittest.TestCase): self.assertFalse(v.linux_revision_backports) self.assertFalse(v.linux_revision_other) + def test_binnmu(self): + v = VersionLinux('1.2.3-4+b1') + self.assertFalse(v.linux_revision_experimental) + self.assertFalse(v.linux_revision_security) + self.assertFalse(v.linux_revision_backports) + self.assertFalse(v.linux_revision_other) + + def test_other_revision(self): + v = VersionLinux('4.16.5-1+revert+crng+ready') # from #898087 + self.assertFalse(v.linux_revision_experimental) + self.assertFalse(v.linux_revision_security) + self.assertFalse(v.linux_revision_backports) + self.assertTrue(v.linux_revision_other) + + def test_other_revision_binnmu(self): + v = VersionLinux('4.16.5-1+revert+crng+ready+b1') + self.assertFalse(v.linux_revision_experimental) + self.assertFalse(v.linux_revision_security) + self.assertFalse(v.linux_revision_backports) + self.assertTrue(v.linux_revision_other) + class PackageArchitecture(collections.MutableSet): __slots__ = '_data' From f12a5bd06361f5a779f7171a06053dec5e22f037 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Sun, 1 Jul 2018 04:35:00 +0100 Subject: [PATCH 13/22] debian/lib/python/debian_linux/debian.py: Accept arbitrary revision suffixes Closes: #898087 We always used to match arbitrary revision suffixes, but in commit f4dbf1aa828f ".../debian.py: Fix binNMU revision parsing" I excluded '+' from the revision_other to ensure that it wouldn't match a binNMU suffix (which is matched separately). Stop excluding '+' from the revision_other group, and change the repetition to non-greedy so that any binNMU suffix will still match the following group. --- debian/changelog | 2 ++ debian/lib/python/debian_linux/debian.py | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 6325cfe94..116be9171 100644 --- a/debian/changelog +++ b/debian/changelog @@ -87,6 +87,8 @@ linux (4.17.3-1) UNRELEASED; urgency=medium * debian/rules: Fix pkg.linux.notools build profile * tracing: Check for no filter when processing event filters (CVE-2018-12714) * dm: Enable DM_INTEGRITY as module (except on armel) (Closes: #896649) + * debian/lib/python/debian_linux/debian.py: Accept arbitrary revision + suffixes (Closes: #898087) [ Romain Perier ] * [x86] amdgpu: Enable DCN 1.0 Raven family (Closes: #901349) diff --git a/debian/lib/python/debian_linux/debian.py b/debian/lib/python/debian_linux/debian.py index 3a0f53f3b..692e81abb 100644 --- a/debian/lib/python/debian_linux/debian.py +++ b/debian/lib/python/debian_linux/debian.py @@ -251,7 +251,7 @@ class VersionLinux(Version): )? | (?P - [^-+]+ + [^-]+? ) ) (?:\+b\d+)? From 8fdd4da200a6737663a340801302485d8c1383a1 Mon Sep 17 00:00:00 2001 From: Romain Perier Date: Wed, 27 Jun 2018 20:21:14 +0200 Subject: [PATCH 14/22] =?UTF-8?q?[armhf]=C2=A0Enable=20missing=20SND=5FEDM?= =?UTF-8?q?A=5FSOC=20for=20davinci-mcasp=20on=20BeagleBoneBlack?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit AM35x use EDMA for McASP audio SoC, resulting in a "missing SND_EDMA_SOC" message during probe. This enables the support. Signed-off-by: Romain Perier --- debian/changelog | 1 + debian/config/armhf/config | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 116be9171..9757f9d97 100644 --- a/debian/changelog +++ b/debian/changelog @@ -92,6 +92,7 @@ linux (4.17.3-1) UNRELEASED; urgency=medium [ Romain Perier ] * [x86] amdgpu: Enable DCN 1.0 Raven family (Closes: #901349) + * [armhf] Enable missing SND_EDMA_SOC for davinci-mcasp on the BeagleBoneBlack [ Vagrant Cascadian ] * [arm64] Add device-tree to support Pinebook. diff --git a/debian/config/armhf/config b/debian/config/armhf/config index c2d83403f..cedcf3d27 100644 --- a/debian/config/armhf/config +++ b/debian/config/armhf/config @@ -1324,6 +1324,11 @@ CONFIG_NET_SWITCHDEV=y ## CONFIG_SND_HDA_TEGRA=m +## +## file: sound/soc/davinci/Kconfig +## +CONFIG_SND_EDMA_SOC=m + ## ## file: sound/soc/Kconfig ## From 6afe0a945ac97551cdf8e6d1f23e5d96fe29c18d Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Sun, 1 Jul 2018 19:04:12 +0100 Subject: [PATCH 15/22] debian/lib/python/debian_linux/debian.py: Let superclass split version string The Version class already parses the version into upstream and Debian revision parts. Match the results of that against two separate regexps rather than matching the whole version string and potentially parsing it inconsistently. As a result we no longer have to explicitly exclude '-' in the revision_other group. --- debian/lib/python/debian_linux/debian.py | 28 +++++++++++++----------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/debian/lib/python/debian_linux/debian.py b/debian/lib/python/debian_linux/debian.py index 692e81abb..afc956ef0 100644 --- a/debian/lib/python/debian_linux/debian.py +++ b/debian/lib/python/debian_linux/debian.py @@ -214,8 +214,7 @@ class _VersionTest(unittest.TestCase): class VersionLinux(Version): - _version_linux_rules = r""" -^ + _upstream_re = re.compile(r""" (?P \d+\.\d+ ) @@ -235,7 +234,9 @@ class VersionLinux(Version): \d+ ) )? -- +$ + """, re.X) + _revision_re = re.compile(r""" \d+ (\.\d+)? (?: @@ -251,20 +252,20 @@ class VersionLinux(Version): )? | (?P - [^-]+? + .+? ) ) (?:\+b\d+)? $ -""" - _version_linux_re = re.compile(_version_linux_rules, re.X) + """, re.X) def __init__(self, version): super(VersionLinux, self).__init__(version) - match = self._version_linux_re.match(version) - if match is None: + up_match = self._upstream_re.match(self.upstream) + rev_match = self._revision_re.match(self.revision) + if up_match is None or rev_match is None: raise RuntimeError(u"Invalid debian linux version") - d = match.groupdict() + d = up_match.groupdict() self.linux_modifier = d['modifier'] self.linux_version = d['version'] if d['modifier'] is not None: @@ -274,10 +275,11 @@ $ self.linux_upstream = d['version'] self.linux_upstream_full = self.linux_upstream + d['update'] self.linux_dfsg = d['dfsg'] - self.linux_revision_experimental = match.group('revision_experimental') and True - self.linux_revision_security = match.group('revision_security') and True - self.linux_revision_backports = match.group('revision_backports') and True - self.linux_revision_other = match.group('revision_other') and True + d = rev_match.groupdict() + self.linux_revision_experimental = d['revision_experimental'] and True + self.linux_revision_security = d['revision_security'] and True + self.linux_revision_backports = d['revision_backports'] and True + self.linux_revision_other = d['revision_other'] and True class _VersionLinuxTest(unittest.TestCase): From ae6ef24f0dedc531ad13fac90bce3ae9819e652d Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Sun, 1 Jul 2018 17:14:44 +0100 Subject: [PATCH 16/22] Fix linux-{doc,manual,source,support} package names in rules.real I only fixed the control file before. (cherry picked from commit 146c11a13da5643966cd6d07f437b183dc34a19e) --- debian/bin/gencontrol.py | 1 + debian/rules.real | 19 +++++++++---------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/debian/bin/gencontrol.py b/debian/bin/gencontrol.py index 2f2bbe499..24354cbf8 100755 --- a/debian/bin/gencontrol.py +++ b/debian/bin/gencontrol.py @@ -110,6 +110,7 @@ class Gencontrol(Base): makeflags = makeflags.copy() makeflags['ALL_FEATURESETS'] = ' '.join(fs_enabled) makeflags['ALL_TRIPLETS'] = ' '.join(triplet_enabled) + makeflags['SOURCE_BASENAME'] = self.vars['source_basename'] if not self.config.merge('packages').get('docs', True): makeflags['DO_DOCS'] = False if not self.config.merge('packages').get('source', True): diff --git a/debian/rules.real b/debian/rules.real index 68476a5c6..8094133de 100644 --- a/debian/rules.real +++ b/debian/rules.real @@ -7,7 +7,6 @@ # SHELL := bash -e MAINTAINER := $(shell sed -ne 's,^Maintainer: .[^<]*<\([^>]*\)>,\1,p' debian/control) -SOURCE_PACKAGE_NAME := $(shell dpkg-parsechangelog -SSource) DISTRIBUTION := $(shell dpkg-parsechangelog -SDistribution) SOURCE_DATE := $(shell dpkg-parsechangelog -SDate) SOURCE_DATE_UTC_ISO := $(shell date -u -d '$(SOURCE_DATE)' +%Y-%m-%d) @@ -112,19 +111,19 @@ mkdir -p '$(1)' cp -al $(filter-out debian .pc .svk .svn .git, $(wildcard * .[^.]*)) '$(1)' endef -$(BUILD_DIR)/$(SOURCE_PACKAGE_NAME)-source-$(UPSTREAMVERSION).tar.xz: DIR = $(BUILD_DIR)/$(SOURCE_PACKAGE_NAME)-source-$(UPSTREAMVERSION) -$(BUILD_DIR)/$(SOURCE_PACKAGE_NAME)-source-$(UPSTREAMVERSION).tar.xz: $(STAMPS_DIR)/source +$(BUILD_DIR)/$(SOURCE_BASENAME)-source-$(UPSTREAMVERSION).tar.xz: DIR = $(BUILD_DIR)/$(SOURCE_BASENAME)-source-$(UPSTREAMVERSION) +$(BUILD_DIR)/$(SOURCE_BASENAME)-source-$(UPSTREAMVERSION).tar.xz: $(STAMPS_DIR)/source rm -rf '$@' '$(DIR)' $(call copy_source,$(DIR)) chmod -R u+rw,go=rX '$(DIR)' find '$(DIR)' -depth -newermt '$(SOURCE_DATE)' -print0 | \ xargs -0r touch --no-dereference --date='$(SOURCE_DATE)' cd '$(BUILD_DIR)'; \ - find '$(SOURCE_PACKAGE_NAME)-source-$(UPSTREAMVERSION)' \ + find '$(SOURCE_BASENAME)-source-$(UPSTREAMVERSION)' \ -name '*.pyc' -prune -o \ -print0 | \ sort -z | \ - tar --no-recursion --null -T - -caf '$(SOURCE_PACKAGE_NAME)-source-$(UPSTREAMVERSION).tar.xz' + tar --no-recursion --null -T - -caf '$(SOURCE_BASENAME)-source-$(UPSTREAMVERSION).tar.xz' rm -rf '$(DIR)' $(BUILD_DIR)/linux-patch-$(UPSTREAMVERSION)-%.patch.xz: $(STAMPS_DIR)/source_none $(STAMPS_DIR)/source_% @@ -238,7 +237,7 @@ install-dummy: dh_prep +$(MAKE_SELF) install-base -install-doc: PACKAGE_NAME = $(SOURCE_PACKAGE_NAME)-doc-$(VERSION) +install-doc: PACKAGE_NAME = $(SOURCE_BASENAME)-doc-$(VERSION) install-doc: DIR = $(BUILD_DIR)/build-doc install-doc: PACKAGE_DIR = debian/$(PACKAGE_NAME) install-doc: OUT_DIR = $(PACKAGE_DIR)/usr/share/doc/$(PACKAGE_NAME) @@ -273,7 +272,7 @@ ifeq (,$(filter nodoc,$(DEB_BUILD_PROFILES))) endif +$(MAKE_SELF) install-base -install-manual: PACKAGE_NAME = $(SOURCE_PACKAGE_NAME)-manual-$(VERSION) +install-manual: PACKAGE_NAME = $(SOURCE_BASENAME)-manual-$(VERSION) install-manual: DIR=$(BUILD_DIR)/build-doc install-manual: DH_OPTIONS = -p$(PACKAGE_NAME) install-manual: $(STAMPS_DIR)/build-doc @@ -400,7 +399,7 @@ install-libc-dev_$(ARCH): +$(MAKE_SELF) install-base -install-support: PACKAGE_NAME = $(SOURCE_PACKAGE_NAME)-support-$(ABINAME) +install-support: PACKAGE_NAME = $(SOURCE_BASENAME)-support-$(ABINAME) install-support: DH_OPTIONS = -p$(PACKAGE_NAME) install-support: PACKAGE_DIR = debian/$(PACKAGE_NAME) install-support: PACKAGE_ROOT = /usr/share/$(PACKAGE_NAME) @@ -565,9 +564,9 @@ ifeq ($(UDEB_UNSIGNED_TEST_BUILD),False) dh_builddeb endif -install-source: PACKAGE_NAME = $(SOURCE_PACKAGE_NAME)-source-$(VERSION) +install-source: PACKAGE_NAME = $(SOURCE_BASENAME)-source-$(VERSION) install-source: DH_OPTIONS = -p$(PACKAGE_NAME) -install-source: $(BUILD_DIR)/$(SOURCE_PACKAGE_NAME)-source-$(UPSTREAMVERSION).tar.xz $(foreach FEATURESET,$(filter-out none,$(ALL_FEATURESETS)),$(BUILD_DIR)/linux-patch-$(UPSTREAMVERSION)-$(FEATURESET).patch.xz) +install-source: $(BUILD_DIR)/$(SOURCE_BASENAME)-source-$(UPSTREAMVERSION).tar.xz $(foreach FEATURESET,$(filter-out none,$(ALL_FEATURESETS)),$(BUILD_DIR)/linux-patch-$(UPSTREAMVERSION)-$(FEATURESET).patch.xz) dh_testdir dh_testroot dh_installdirs /usr/src/linux-config-$(UPSTREAMVERSION) From 419ed037e58c4e9f1c48c4aa93da1678edcb9696 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Mon, 2 Jul 2018 00:09:48 +0100 Subject: [PATCH 17/22] debian/rules.real: Delete unused install-manual rule --- debian/rules.real | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/debian/rules.real b/debian/rules.real index 8094133de..d7524f469 100644 --- a/debian/rules.real +++ b/debian/rules.real @@ -272,21 +272,6 @@ ifeq (,$(filter nodoc,$(DEB_BUILD_PROFILES))) endif +$(MAKE_SELF) install-base -install-manual: PACKAGE_NAME = $(SOURCE_BASENAME)-manual-$(VERSION) -install-manual: DIR=$(BUILD_DIR)/build-doc -install-manual: DH_OPTIONS = -p$(PACKAGE_NAME) -install-manual: $(STAMPS_DIR)/build-doc - dh_prep -# Some manual pages are generated multiple times with different -# metadata, and need to be de-duplicated. This matches what the -# upstream installmandocs target does, except that we use -# dh_installman. - set -o pipefail; \ - find $(DIR)/Documentation/DocBook/man/ -name '*.9.gz' -printf '%h %f\n' | \ - sort -k 2 -k 1 | uniq -f 1 | sed -e 's: :/:' | \ - xargs dh_installman - +$(MAKE_SELF) install-base - install-headers_$(ARCH): PACKAGE_NAMES = linux-headers-$(ABINAME)-all linux-headers-$(ABINAME)-all-$(ARCH) install-headers_$(ARCH): DH_OPTIONS = $(foreach p, $(PACKAGE_NAMES), -p$(p)) install-headers_$(ARCH): From f0d3d32b758ac7063073131873aea1d1041babfa Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Mon, 2 Jul 2018 21:20:58 +0100 Subject: [PATCH 18/22] debian/patches/series: Fix grouping of security patches --- debian/patches/series | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/patches/series b/debian/patches/series index e277e6969..def1bb521 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -132,9 +132,9 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch # Security fixes debian/i386-686-pae-pci-set-pci-nobios-by-default.patch bugfix/x86/virt-vbox-Only-copy_from_user-the-request-header-onc.patch +bugfix/all/tracing-check-for-no-filter-when-processing-event-fi.patch # Fix exported symbol versions -bugfix/all/tracing-check-for-no-filter-when-processing-event-fi.patch bugfix/all/module-disable-matching-missing-version-crc.patch # Tools bug fixes From 2e3f7d949520c585513fa9a05ec2121a3d2fccac Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Mon, 2 Jul 2018 21:34:14 +0100 Subject: [PATCH 19/22] Add fixes for ext4 security issues relating to corrupted disk images --- debian/changelog | 18 +++ ...uption-check-in-ext4_xattr_set_entry.patch | 48 +++++++ ...dd-more-inode-number-paranoia-checks.patch | 63 +++++++++ ...k-block-group-bounds-in-ext4_init_bl.patch | 54 ++++++++ ...ify-the-magic-number-in-xattr-blocks.patch | 45 +++++++ ...ng-out-of-journal-credits-when-appen.patch | 120 +++++++++++++++++ ...a-in-ext4_inode_info-when-removing-i.patch | 42 ++++++ ...itmaps-and-the-inode-table-don-t-ove.patch | 74 +++++++++++ ...the-system.data-xattr-out-of-the-ino.patch | 34 +++++ ...at-the-bg_flags-field-if-it-is-valid.patch | 125 ++++++++++++++++++ ...depth-of-extent-tree-in-ext4_find_ex.patch | 45 +++++++ ...block-as-modified-if-the-handle-is-o.patch | 52 ++++++++ debian/patches/series | 11 ++ 13 files changed, 731 insertions(+) create mode 100644 debian/patches/bugfix/all/ext4-add-corruption-check-in-ext4_xattr_set_entry.patch create mode 100644 debian/patches/bugfix/all/ext4-add-more-inode-number-paranoia-checks.patch create mode 100644 debian/patches/bugfix/all/ext4-always-check-block-group-bounds-in-ext4_init_bl.patch create mode 100644 debian/patches/bugfix/all/ext4-always-verify-the-magic-number-in-xattr-blocks.patch create mode 100644 debian/patches/bugfix/all/ext4-avoid-running-out-of-journal-credits-when-appen.patch create mode 100644 debian/patches/bugfix/all/ext4-clear-i_data-in-ext4_inode_info-when-removing-i.patch create mode 100644 debian/patches/bugfix/all/ext4-make-sure-bitmaps-and-the-inode-table-don-t-ove.patch create mode 100644 debian/patches/bugfix/all/ext4-never-move-the-system.data-xattr-out-of-the-ino.patch create mode 100644 debian/patches/bugfix/all/ext4-only-look-at-the-bg_flags-field-if-it-is-valid.patch create mode 100644 debian/patches/bugfix/all/ext4-verify-the-depth-of-extent-tree-in-ext4_find_ex.patch create mode 100644 debian/patches/bugfix/all/jbd2-don-t-mark-block-as-modified-if-the-handle-is-o.patch diff --git a/debian/changelog b/debian/changelog index 9757f9d97..b8f1305fd 100644 --- a/debian/changelog +++ b/debian/changelog @@ -89,6 +89,24 @@ linux (4.17.3-1) UNRELEASED; urgency=medium * dm: Enable DM_INTEGRITY as module (except on armel) (Closes: #896649) * debian/lib/python/debian_linux/debian.py: Accept arbitrary revision suffixes (Closes: #898087) + * ext4: add corruption check in ext4_xattr_set_entry() (CVE-2018-10879) + * ext4: always verify the magic number in xattr blocks (CVE-2018-10879) + * ext4: always check block group bounds in ext4_init_block_bitmap() + (CVE-2018-10878) + * ext4: make sure bitmaps and the inode table don't overlap with bg + descriptors (CVE-2018-10878) + * ext4: only look at the bg_flags field if it is valid (CVE-2018-10876) + * ext4: verify the depth of extent tree in ext4_find_extent() + (CVE-2018-10877) + * ext4: clear i_data in ext4_inode_info when removing inline data + (CVE-2018-10881) + * ext4: never move the system.data xattr out of the inode body + (CVE-2018-10880) + * jbd2: don't mark block as modified if the handle is out of credits + (CVE-2018-10883) + * ext4: avoid running out of journal credits when appending to an inline file + (CVE-2018-10883) + * ext4: add more inode number paranoia checks (CVE-2018-10882) [ Romain Perier ] * [x86] amdgpu: Enable DCN 1.0 Raven family (Closes: #901349) diff --git a/debian/patches/bugfix/all/ext4-add-corruption-check-in-ext4_xattr_set_entry.patch b/debian/patches/bugfix/all/ext4-add-corruption-check-in-ext4_xattr_set_entry.patch new file mode 100644 index 000000000..8c4c722af --- /dev/null +++ b/debian/patches/bugfix/all/ext4-add-corruption-check-in-ext4_xattr_set_entry.patch @@ -0,0 +1,48 @@ +From: Theodore Ts'o +Date: Wed, 13 Jun 2018 00:23:11 -0400 +Subject: ext4: add corruption check in ext4_xattr_set_entry() +Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=4fda60bbdbb61de76e3d3c48ed77c9e9b96b00d1 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10879 + +In theory this should have been caught earlier when the xattr list was +verified, but in case it got missed, it's simple enough to add check +to make sure we don't overrun the xattr buffer. + +This addresses CVE-2018-10879. + +https://bugzilla.kernel.org/show_bug.cgi?id=200001 + +Signed-off-by: Theodore Ts'o +Reviewed-by: Andreas Dilger +--- + fs/ext4/xattr.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c +index fc4ced59c565..230ba79715f6 100644 +--- a/fs/ext4/xattr.c ++++ b/fs/ext4/xattr.c +@@ -1560,7 +1560,7 @@ static int ext4_xattr_set_entry(struct ext4_xattr_info *i, + handle_t *handle, struct inode *inode, + bool is_block) + { +- struct ext4_xattr_entry *last; ++ struct ext4_xattr_entry *last, *next; + struct ext4_xattr_entry *here = s->here; + size_t min_offs = s->end - s->base, name_len = strlen(i->name); + int in_inode = i->in_inode; +@@ -1595,7 +1595,13 @@ static int ext4_xattr_set_entry(struct ext4_xattr_info *i, + + /* Compute min_offs and last. */ + last = s->first; +- for (; !IS_LAST_ENTRY(last); last = EXT4_XATTR_NEXT(last)) { ++ for (; !IS_LAST_ENTRY(last); last = next) { ++ next = EXT4_XATTR_NEXT(last); ++ if ((void *)next >= s->end) { ++ EXT4_ERROR_INODE(inode, "corrupted xattr entries"); ++ ret = -EFSCORRUPTED; ++ goto out; ++ } + if (!last->e_value_inum && last->e_value_size) { + size_t offs = le16_to_cpu(last->e_value_offs); + if (offs < min_offs) diff --git a/debian/patches/bugfix/all/ext4-add-more-inode-number-paranoia-checks.patch b/debian/patches/bugfix/all/ext4-add-more-inode-number-paranoia-checks.patch new file mode 100644 index 000000000..5a509ea49 --- /dev/null +++ b/debian/patches/bugfix/all/ext4-add-more-inode-number-paranoia-checks.patch @@ -0,0 +1,63 @@ +From: Theodore Ts'o +Date: Sun, 17 Jun 2018 00:41:14 -0400 +Subject: ext4: add more inode number paranoia checks +Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=a0b4bd6c4418a8d2ba51f27968f5af005e5dbbdd +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10882 + +If there is a directory entry pointing to a system inode (such as a +journal inode), complain and declare the file system to be corrupted. + +Also, if the superblock's first inode number field is too small, +refuse to mount the file system. + +This addresses CVE-2018-10882. + +https://bugzilla.kernel.org/show_bug.cgi?id=200069 + +Signed-off-by: Theodore Ts'o +--- + fs/ext4/ext4.h | 5 ----- + fs/ext4/inode.c | 3 ++- + fs/ext4/super.c | 5 +++++ + 3 files changed, 7 insertions(+), 6 deletions(-) + +--- a/fs/ext4/ext4.h ++++ b/fs/ext4/ext4.h +@@ -1501,11 +1501,6 @@ static inline struct ext4_inode_info *EX + static inline int ext4_valid_inum(struct super_block *sb, unsigned long ino) + { + return ino == EXT4_ROOT_INO || +- ino == EXT4_USR_QUOTA_INO || +- ino == EXT4_GRP_QUOTA_INO || +- ino == EXT4_BOOT_LOADER_INO || +- ino == EXT4_JOURNAL_INO || +- ino == EXT4_RESIZE_INO || + (ino >= EXT4_FIRST_INO(sb) && + ino <= le32_to_cpu(EXT4_SB(sb)->s_es->s_inodes_count)); + } +--- a/fs/ext4/inode.c ++++ b/fs/ext4/inode.c +@@ -4506,7 +4506,8 @@ static int __ext4_get_inode_loc(struct i + int inodes_per_block, inode_offset; + + iloc->bh = NULL; +- if (!ext4_valid_inum(sb, inode->i_ino)) ++ if (inode->i_ino < EXT4_ROOT_INO || ++ inode->i_ino > le32_to_cpu(EXT4_SB(sb)->s_es->s_inodes_count)) + return -EFSCORRUPTED; + + iloc->block_group = (inode->i_ino - 1) / EXT4_INODES_PER_GROUP(sb); +--- a/fs/ext4/super.c ++++ b/fs/ext4/super.c +@@ -3817,6 +3817,11 @@ static int ext4_fill_super(struct super_ + } else { + sbi->s_inode_size = le16_to_cpu(es->s_inode_size); + sbi->s_first_ino = le32_to_cpu(es->s_first_ino); ++ if (sbi->s_first_ino < EXT4_GOOD_OLD_FIRST_INO) { ++ ext4_msg(sb, KERN_ERR, "invalid first ino: %u", ++ sbi->s_first_ino); ++ goto failed_mount; ++ } + if ((sbi->s_inode_size < EXT4_GOOD_OLD_INODE_SIZE) || + (!is_power_of_2(sbi->s_inode_size)) || + (sbi->s_inode_size > blocksize)) { diff --git a/debian/patches/bugfix/all/ext4-always-check-block-group-bounds-in-ext4_init_bl.patch b/debian/patches/bugfix/all/ext4-always-check-block-group-bounds-in-ext4_init_bl.patch new file mode 100644 index 000000000..8516b36ae --- /dev/null +++ b/debian/patches/bugfix/all/ext4-always-check-block-group-bounds-in-ext4_init_bl.patch @@ -0,0 +1,54 @@ +From: Theodore Ts'o +Date: Wed, 13 Jun 2018 23:00:48 -0400 +Subject: ext4: always check block group bounds in ext4_init_block_bitmap() +Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=dcf37fefac3f699aa1341f86bcd7808ccc651c33 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10878 + +Regardless of whether the flex_bg feature is set, we should always +check to make sure the bits we are setting in the block bitmap are +within the block group bounds. + +https://bugzilla.kernel.org/show_bug.cgi?id=199865 + +Signed-off-by: Theodore Ts'o +[bwh: Backported to 4.17: adjust context] +--- + fs/ext4/balloc.c | 10 +++------- + 1 file changed, 3 insertions(+), 7 deletions(-) + +--- a/fs/ext4/balloc.c ++++ b/fs/ext4/balloc.c +@@ -184,7 +184,6 @@ static int ext4_init_block_bitmap(struct + unsigned int bit, bit_max; + struct ext4_sb_info *sbi = EXT4_SB(sb); + ext4_fsblk_t start, tmp; +- int flex_bg = 0; + struct ext4_group_info *grp; + + J_ASSERT_BH(bh, buffer_locked(bh)); +@@ -217,22 +216,19 @@ static int ext4_init_block_bitmap(struct + + start = ext4_group_first_block_no(sb, block_group); + +- if (ext4_has_feature_flex_bg(sb)) +- flex_bg = 1; +- + /* Set bits for block and inode bitmaps, and inode table */ + tmp = ext4_block_bitmap(sb, gdp); +- if (!flex_bg || ext4_block_in_group(sb, tmp, block_group)) ++ if (ext4_block_in_group(sb, tmp, block_group)) + ext4_set_bit(EXT4_B2C(sbi, tmp - start), bh->b_data); + + tmp = ext4_inode_bitmap(sb, gdp); +- if (!flex_bg || ext4_block_in_group(sb, tmp, block_group)) ++ if (ext4_block_in_group(sb, tmp, block_group)) + ext4_set_bit(EXT4_B2C(sbi, tmp - start), bh->b_data); + + tmp = ext4_inode_table(sb, gdp); + for (; tmp < ext4_inode_table(sb, gdp) + + sbi->s_itb_per_group; tmp++) { +- if (!flex_bg || ext4_block_in_group(sb, tmp, block_group)) ++ if (ext4_block_in_group(sb, tmp, block_group)) + ext4_set_bit(EXT4_B2C(sbi, tmp - start), bh->b_data); + } + diff --git a/debian/patches/bugfix/all/ext4-always-verify-the-magic-number-in-xattr-blocks.patch b/debian/patches/bugfix/all/ext4-always-verify-the-magic-number-in-xattr-blocks.patch new file mode 100644 index 000000000..2522bcb4c --- /dev/null +++ b/debian/patches/bugfix/all/ext4-always-verify-the-magic-number-in-xattr-blocks.patch @@ -0,0 +1,45 @@ +From: Theodore Ts'o +Date: Wed, 13 Jun 2018 00:51:28 -0400 +Subject: ext4: always verify the magic number in xattr blocks +Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=3345c50533c6a17ebc0284362ca7b69aaef37ac4 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10879 + +If there an inode points to a block which is also some other type of +metadata block (such as a block allocation bitmap), the +buffer_verified flag can be set when it was validated as that other +metadata block type; however, it would make a really terrible external +attribute block. The reason why we use the verified flag is to avoid +constantly reverifying the block. However, it doesn't take much +overhead to make sure the magic number of the xattr block is correct, +and this will avoid potential crashes. + +This addresses CVE-2018-10879. + +https://bugzilla.kernel.org/show_bug.cgi?id=200001 + +Signed-off-by: Theodore Ts'o +Reviewed-by: Andreas Dilger +--- + fs/ext4/xattr.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c +index 230ba79715f6..0263692979ec 100644 +--- a/fs/ext4/xattr.c ++++ b/fs/ext4/xattr.c +@@ -230,12 +230,12 @@ __ext4_xattr_check_block(struct inode *inode, struct buffer_head *bh, + { + int error = -EFSCORRUPTED; + +- if (buffer_verified(bh)) +- return 0; +- + if (BHDR(bh)->h_magic != cpu_to_le32(EXT4_XATTR_MAGIC) || + BHDR(bh)->h_blocks != cpu_to_le32(1)) + goto errout; ++ if (buffer_verified(bh)) ++ return 0; ++ + error = -EFSBADCRC; + if (!ext4_xattr_block_csum_verify(inode, bh)) + goto errout; diff --git a/debian/patches/bugfix/all/ext4-avoid-running-out-of-journal-credits-when-appen.patch b/debian/patches/bugfix/all/ext4-avoid-running-out-of-journal-credits-when-appen.patch new file mode 100644 index 000000000..911fcac74 --- /dev/null +++ b/debian/patches/bugfix/all/ext4-avoid-running-out-of-journal-credits-when-appen.patch @@ -0,0 +1,120 @@ +From: Theodore Ts'o +Date: Sat, 16 Jun 2018 23:41:59 -0400 +Subject: ext4: avoid running out of journal credits when appending to an + inline file +Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=3886651521995071fab29401094e675b6ebfdc8c +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10883 + +Use a separate journal transaction if it turns out that we need to +convert an inline file to use an data block. Otherwise we could end +up failing due to not having journal credits. + +This addresses CVE-2018-10883. + +https://bugzilla.kernel.org/show_bug.cgi?id=200071 + +Signed-off-by: Theodore Ts'o +--- + fs/ext4/ext4.h | 3 --- + fs/ext4/inline.c | 38 +------------------------------------- + fs/ext4/xattr.c | 19 ++----------------- + 3 files changed, 3 insertions(+), 57 deletions(-) + +--- a/fs/ext4/ext4.h ++++ b/fs/ext4/ext4.h +@@ -3005,9 +3005,6 @@ extern int ext4_inline_data_fiemap(struc + struct iomap; + extern int ext4_inline_data_iomap(struct inode *inode, struct iomap *iomap); + +-extern int ext4_try_to_evict_inline_data(handle_t *handle, +- struct inode *inode, +- int needed); + extern int ext4_inline_data_truncate(struct inode *inode, int *has_inline); + + extern int ext4_convert_inline_data(struct inode *inode); +--- a/fs/ext4/inline.c ++++ b/fs/ext4/inline.c +@@ -887,11 +887,11 @@ retry_journal: + flags |= AOP_FLAG_NOFS; + + if (ret == -ENOSPC) { ++ ext4_journal_stop(handle); + ret = ext4_da_convert_inline_data_to_extent(mapping, + inode, + flags, + fsdata); +- ext4_journal_stop(handle); + if (ret == -ENOSPC && + ext4_should_retry_alloc(inode->i_sb, &retries)) + goto retry_journal; +@@ -1891,42 +1891,6 @@ out: + return (error < 0 ? error : 0); + } + +-/* +- * Called during xattr set, and if we can sparse space 'needed', +- * just create the extent tree evict the data to the outer block. +- * +- * We use jbd2 instead of page cache to move data to the 1st block +- * so that the whole transaction can be committed as a whole and +- * the data isn't lost because of the delayed page cache write. +- */ +-int ext4_try_to_evict_inline_data(handle_t *handle, +- struct inode *inode, +- int needed) +-{ +- int error; +- struct ext4_xattr_entry *entry; +- struct ext4_inode *raw_inode; +- struct ext4_iloc iloc; +- +- error = ext4_get_inode_loc(inode, &iloc); +- if (error) +- return error; +- +- raw_inode = ext4_raw_inode(&iloc); +- entry = (struct ext4_xattr_entry *)((void *)raw_inode + +- EXT4_I(inode)->i_inline_off); +- if (EXT4_XATTR_LEN(entry->e_name_len) + +- EXT4_XATTR_SIZE(le32_to_cpu(entry->e_value_size)) < needed) { +- error = -ENOSPC; +- goto out; +- } +- +- error = ext4_convert_inline_data_nolock(handle, inode, &iloc); +-out: +- brelse(iloc.bh); +- return error; +-} +- + int ext4_inline_data_truncate(struct inode *inode, int *has_inline) + { + handle_t *handle; +--- a/fs/ext4/xattr.c ++++ b/fs/ext4/xattr.c +@@ -2212,23 +2212,8 @@ int ext4_xattr_ibody_inline_set(handle_t + if (EXT4_I(inode)->i_extra_isize == 0) + return -ENOSPC; + error = ext4_xattr_set_entry(i, s, handle, inode, false /* is_block */); +- if (error) { +- if (error == -ENOSPC && +- ext4_has_inline_data(inode)) { +- error = ext4_try_to_evict_inline_data(handle, inode, +- EXT4_XATTR_LEN(strlen(i->name) + +- EXT4_XATTR_SIZE(i->value_len))); +- if (error) +- return error; +- error = ext4_xattr_ibody_find(inode, i, is); +- if (error) +- return error; +- error = ext4_xattr_set_entry(i, s, handle, inode, +- false /* is_block */); +- } +- if (error) +- return error; +- } ++ if (error) ++ return error; + header = IHDR(inode, ext4_raw_inode(&is->iloc)); + if (!IS_LAST_ENTRY(s->first)) { + header->h_magic = cpu_to_le32(EXT4_XATTR_MAGIC); diff --git a/debian/patches/bugfix/all/ext4-clear-i_data-in-ext4_inode_info-when-removing-i.patch b/debian/patches/bugfix/all/ext4-clear-i_data-in-ext4_inode_info-when-removing-i.patch new file mode 100644 index 000000000..f4344dd1f --- /dev/null +++ b/debian/patches/bugfix/all/ext4-clear-i_data-in-ext4_inode_info-when-removing-i.patch @@ -0,0 +1,42 @@ +From: Theodore Ts'o +Date: Fri, 15 Jun 2018 12:28:16 -0400 +Subject: ext4: clear i_data in ext4_inode_info when removing inline data +Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=cd75e020ee28aa21985c6d8ebafc7457b4c51531 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10881 + +When converting from an inode from storing the data in-line to a data +block, ext4_destroy_inline_data_nolock() was only clearing the on-disk +copy of the i_blocks[] array. It was not clearing copy of the +i_blocks[] in ext4_inode_info, in i_data[], which is the copy actually +used by ext4_map_blocks(). + +This didn't matter much if we are using extents, since the extents +header would be invalid and thus the extents could would re-initialize +the extents tree. But if we are using indirect blocks, the previous +contents of the i_blocks array will be treated as block numbers, with +potentially catastrophic results to the file system integrity and/or +user data. + +This gets worse if the file system is using a 1k block size and +s_first_data is zero, but even without this, the file system can get +quite badly corrupted. + +This addresses CVE-2018-10881. + +https://bugzilla.kernel.org/show_bug.cgi?id=200015 + +Signed-off-by: Theodore Ts'o +--- + fs/ext4/inline.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/ext4/inline.c ++++ b/fs/ext4/inline.c +@@ -437,6 +437,7 @@ static int ext4_destroy_inline_data_nolo + + memset((void *)ext4_raw_inode(&is.iloc)->i_block, + 0, EXT4_MIN_INLINE_DATA_SIZE); ++ memset(ei->i_data, 0, EXT4_MIN_INLINE_DATA_SIZE); + + if (ext4_has_feature_extents(inode->i_sb)) { + if (S_ISDIR(inode->i_mode) || diff --git a/debian/patches/bugfix/all/ext4-make-sure-bitmaps-and-the-inode-table-don-t-ove.patch b/debian/patches/bugfix/all/ext4-make-sure-bitmaps-and-the-inode-table-don-t-ove.patch new file mode 100644 index 000000000..a1b2cfefd --- /dev/null +++ b/debian/patches/bugfix/all/ext4-make-sure-bitmaps-and-the-inode-table-don-t-ove.patch @@ -0,0 +1,74 @@ +From: Theodore Ts'o +Date: Wed, 13 Jun 2018 23:08:26 -0400 +Subject: ext4: make sure bitmaps and the inode table don't overlap with bg + descriptors +Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=6b506a7d09854128b1da9571d879ee9dea3ffb02 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10878 + +It's really bad when the allocation bitmaps and the inode table +overlap with the block group descriptors, since it causes random +corruption of the bg descriptors. So we really want to head those off +at the pass. + +https://bugzilla.kernel.org/show_bug.cgi?id=199865 + +Signed-off-by: Theodore Ts'o +--- + fs/ext4/super.c | 25 +++++++++++++++++++++++++ + 1 file changed, 25 insertions(+) + +--- a/fs/ext4/super.c ++++ b/fs/ext4/super.c +@@ -2307,6 +2307,7 @@ static int ext4_check_descriptors(struct + struct ext4_sb_info *sbi = EXT4_SB(sb); + ext4_fsblk_t first_block = le32_to_cpu(sbi->s_es->s_first_data_block); + ext4_fsblk_t last_block; ++ ext4_fsblk_t last_bg_block = sb_block + ext4_bg_num_gdb(sb, 0) + 1; + ext4_fsblk_t block_bitmap; + ext4_fsblk_t inode_bitmap; + ext4_fsblk_t inode_table; +@@ -2339,6 +2340,14 @@ static int ext4_check_descriptors(struct + if (!sb_rdonly(sb)) + return 0; + } ++ if (block_bitmap >= sb_block + 1 && ++ block_bitmap <= last_bg_block) { ++ ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " ++ "Block bitmap for group %u overlaps " ++ "block group descriptors", i); ++ if (!sb_rdonly(sb)) ++ return 0; ++ } + if (block_bitmap < first_block || block_bitmap > last_block) { + ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " + "Block bitmap for group %u not in group " +@@ -2353,6 +2362,14 @@ static int ext4_check_descriptors(struct + if (!sb_rdonly(sb)) + return 0; + } ++ if (inode_bitmap >= sb_block + 1 && ++ inode_bitmap <= last_bg_block) { ++ ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " ++ "Inode bitmap for group %u overlaps " ++ "block group descriptors", i); ++ if (!sb_rdonly(sb)) ++ return 0; ++ } + if (inode_bitmap < first_block || inode_bitmap > last_block) { + ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " + "Inode bitmap for group %u not in group " +@@ -2367,6 +2384,14 @@ static int ext4_check_descriptors(struct + if (!sb_rdonly(sb)) + return 0; + } ++ if (inode_table >= sb_block + 1 && ++ inode_table <= last_bg_block) { ++ ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " ++ "Inode table for group %u overlaps " ++ "block group descriptors", i); ++ if (!sb_rdonly(sb)) ++ return 0; ++ } + if (inode_table < first_block || + inode_table + sbi->s_itb_per_group - 1 > last_block) { + ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " diff --git a/debian/patches/bugfix/all/ext4-never-move-the-system.data-xattr-out-of-the-ino.patch b/debian/patches/bugfix/all/ext4-never-move-the-system.data-xattr-out-of-the-ino.patch new file mode 100644 index 000000000..ea530a7a2 --- /dev/null +++ b/debian/patches/bugfix/all/ext4-never-move-the-system.data-xattr-out-of-the-ino.patch @@ -0,0 +1,34 @@ +From: Theodore Ts'o +Date: Sat, 16 Jun 2018 15:40:48 -0400 +Subject: ext4: never move the system.data xattr out of the inode body +Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=896003d9fd652666080a06411d4238ee6eb4fb76 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10880 + +When expanding the extra isize space, we must never move the +system.data xattr out of the inode body. For performance reasons, it +doesn't make any sense, and the inline data implementation assumes +that system.data xattr is never in the external xattr block. + +This addresses CVE-2018-10880 + +https://bugzilla.kernel.org/show_bug.cgi?id=200005 + +Signed-off-by: Theodore Ts'o +--- + fs/ext4/xattr.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/fs/ext4/xattr.c ++++ b/fs/ext4/xattr.c +@@ -2657,6 +2657,11 @@ static int ext4_xattr_make_inode_space(h + last = IFIRST(header); + /* Find the entry best suited to be pushed into EA block */ + for (; !IS_LAST_ENTRY(last); last = EXT4_XATTR_NEXT(last)) { ++ /* never move system.data out of the inode */ ++ if ((last->e_name_len == 4) && ++ (last->e_name_index == EXT4_XATTR_INDEX_SYSTEM) && ++ !memcmp(last->e_name, "data", 4)) ++ continue; + total_size = EXT4_XATTR_LEN(last->e_name_len); + if (!last->e_value_inum) + total_size += EXT4_XATTR_SIZE( diff --git a/debian/patches/bugfix/all/ext4-only-look-at-the-bg_flags-field-if-it-is-valid.patch b/debian/patches/bugfix/all/ext4-only-look-at-the-bg_flags-field-if-it-is-valid.patch new file mode 100644 index 000000000..1eba51ee7 --- /dev/null +++ b/debian/patches/bugfix/all/ext4-only-look-at-the-bg_flags-field-if-it-is-valid.patch @@ -0,0 +1,125 @@ +From: Theodore Ts'o +Date: Thu, 14 Jun 2018 00:58:00 -0400 +Subject: ext4: only look at the bg_flags field if it is valid +Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=32a82d31527ae9cb568f5d7fa5ad27b2860324ed +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10876 + +The bg_flags field in the block group descripts is only valid if the +uninit_bg or metadata_csum feature is enabled. We were not +consistently looking at this field; fix this. + +Also block group #0 must never have uninitialized allocation bitmaps, +or need to be zeroed, since that's where the root inode, and other +special inodes are set up. Check for these conditions and mark the +file system as corrupted if they are detected. + +This addresses CVE-2018-10876. + +https://bugzilla.kernel.org/show_bug.cgi?id=199403 + +Signed-off-by: Theodore Ts'o +--- + fs/ext4/balloc.c | 11 ++++++++++- + fs/ext4/ialloc.c | 14 ++++++++++++-- + fs/ext4/mballoc.c | 6 ++++-- + fs/ext4/super.c | 11 ++++++++++- + 4 files changed, 36 insertions(+), 6 deletions(-) + +--- a/fs/ext4/balloc.c ++++ b/fs/ext4/balloc.c +@@ -451,7 +451,16 @@ ext4_read_block_bitmap_nowait(struct sup + goto verify; + } + ext4_lock_group(sb, block_group); +- if (desc->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT)) { ++ if (ext4_has_group_desc_csum(sb) && ++ (desc->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT))) { ++ if (block_group == 0) { ++ ext4_unlock_group(sb, block_group); ++ unlock_buffer(bh); ++ ext4_error(sb, "Block bitmap for bg 0 marked " ++ "uninitialized"); ++ err = -EFSCORRUPTED; ++ goto out; ++ } + err = ext4_init_block_bitmap(sb, bh, block_group, desc); + set_bitmap_uptodate(bh); + set_buffer_uptodate(bh); +--- a/fs/ext4/ialloc.c ++++ b/fs/ext4/ialloc.c +@@ -155,7 +155,16 @@ ext4_read_inode_bitmap(struct super_bloc + } + + ext4_lock_group(sb, block_group); +- if (desc->bg_flags & cpu_to_le16(EXT4_BG_INODE_UNINIT)) { ++ if (ext4_has_group_desc_csum(sb) && ++ (desc->bg_flags & cpu_to_le16(EXT4_BG_INODE_UNINIT))) { ++ if (block_group == 0) { ++ ext4_unlock_group(sb, block_group); ++ unlock_buffer(bh); ++ ext4_error(sb, "Inode bitmap for bg 0 marked " ++ "uninitialized"); ++ err = -EFSCORRUPTED; ++ goto out; ++ } + memset(bh->b_data, 0, (EXT4_INODES_PER_GROUP(sb) + 7) / 8); + ext4_mark_bitmap_end(EXT4_INODES_PER_GROUP(sb), + sb->s_blocksize * 8, bh->b_data); +@@ -1000,7 +1009,8 @@ got: + + /* recheck and clear flag under lock if we still need to */ + ext4_lock_group(sb, group); +- if (gdp->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT)) { ++ if (ext4_has_group_desc_csum(sb) && ++ (gdp->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT))) { + gdp->bg_flags &= cpu_to_le16(~EXT4_BG_BLOCK_UNINIT); + ext4_free_group_clusters_set(sb, gdp, + ext4_free_clusters_after_init(sb, group, gdp)); +--- a/fs/ext4/mballoc.c ++++ b/fs/ext4/mballoc.c +@@ -2444,7 +2444,8 @@ int ext4_mb_add_groupinfo(struct super_b + * initialize bb_free to be able to skip + * empty groups without initialization + */ +- if (desc->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT)) { ++ if (ext4_has_group_desc_csum(sb) && ++ (desc->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT))) { + meta_group_info[i]->bb_free = + ext4_free_clusters_after_init(sb, group, desc); + } else { +@@ -3011,7 +3012,8 @@ ext4_mb_mark_diskspace_used(struct ext4_ + #endif + ext4_set_bits(bitmap_bh->b_data, ac->ac_b_ex.fe_start, + ac->ac_b_ex.fe_len); +- if (gdp->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT)) { ++ if (ext4_has_group_desc_csum(sb) && ++ (gdp->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT))) { + gdp->bg_flags &= cpu_to_le16(~EXT4_BG_BLOCK_UNINIT); + ext4_free_group_clusters_set(sb, gdp, + ext4_free_clusters_after_init(sb, +--- a/fs/ext4/super.c ++++ b/fs/ext4/super.c +@@ -3098,13 +3098,22 @@ static ext4_group_t ext4_has_uninit_itab + ext4_group_t group, ngroups = EXT4_SB(sb)->s_groups_count; + struct ext4_group_desc *gdp = NULL; + ++ if (!ext4_has_group_desc_csum(sb)) ++ return ngroups; ++ + for (group = 0; group < ngroups; group++) { + gdp = ext4_get_group_desc(sb, group, NULL); + if (!gdp) + continue; + +- if (!(gdp->bg_flags & cpu_to_le16(EXT4_BG_INODE_ZEROED))) ++ if (gdp->bg_flags & cpu_to_le16(EXT4_BG_INODE_ZEROED)) ++ continue; ++ if (group != 0) + break; ++ ext4_error(sb, "Inode table for bg 0 marked as " ++ "needing zeroing"); ++ if (sb_rdonly(sb)) ++ return ngroups; + } + + return group; diff --git a/debian/patches/bugfix/all/ext4-verify-the-depth-of-extent-tree-in-ext4_find_ex.patch b/debian/patches/bugfix/all/ext4-verify-the-depth-of-extent-tree-in-ext4_find_ex.patch new file mode 100644 index 000000000..06220d2f2 --- /dev/null +++ b/debian/patches/bugfix/all/ext4-verify-the-depth-of-extent-tree-in-ext4_find_ex.patch @@ -0,0 +1,45 @@ +From: Theodore Ts'o +Date: Thu, 14 Jun 2018 12:55:10 -0400 +Subject: ext4: verify the depth of extent tree in ext4_find_extent() +Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=0a8173832987f52ab6926dbdf1cd3991ca615000 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10877 + +If there is a corupted file system where the claimed depth of the +extent tree is -1, this can cause a massive buffer overrun leading to +sadness. + +This addresses CVE-2018-10877. + +https://bugzilla.kernel.org/show_bug.cgi?id=199417 + +Signed-off-by: Theodore Ts'o +--- + fs/ext4/ext4_extents.h | 1 + + fs/ext4/extents.c | 6 ++++++ + 2 files changed, 7 insertions(+) + +--- a/fs/ext4/ext4_extents.h ++++ b/fs/ext4/ext4_extents.h +@@ -91,6 +91,7 @@ struct ext4_extent_header { + }; + + #define EXT4_EXT_MAGIC cpu_to_le16(0xf30a) ++#define EXT4_MAX_EXTENT_DEPTH 5 + + #define EXT4_EXTENT_TAIL_OFFSET(hdr) \ + (sizeof(struct ext4_extent_header) + \ +--- a/fs/ext4/extents.c ++++ b/fs/ext4/extents.c +@@ -869,6 +869,12 @@ ext4_find_extent(struct inode *inode, ex + + eh = ext_inode_hdr(inode); + depth = ext_depth(inode); ++ if (depth < 0 || depth > EXT4_MAX_EXTENT_DEPTH) { ++ EXT4_ERROR_INODE(inode, "inode has invalid extent depth: %d", ++ depth); ++ ret = -EFSCORRUPTED; ++ goto err; ++ } + + if (path) { + ext4_ext_drop_refs(path); diff --git a/debian/patches/bugfix/all/jbd2-don-t-mark-block-as-modified-if-the-handle-is-o.patch b/debian/patches/bugfix/all/jbd2-don-t-mark-block-as-modified-if-the-handle-is-o.patch new file mode 100644 index 000000000..2db452039 --- /dev/null +++ b/debian/patches/bugfix/all/jbd2-don-t-mark-block-as-modified-if-the-handle-is-o.patch @@ -0,0 +1,52 @@ +From: Theodore Ts'o +Date: Sat, 16 Jun 2018 20:21:45 -0400 +Subject: jbd2: don't mark block as modified if the handle is out of credits +Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=aa18d2cefac6c34885659d12c3fdcffcd6c54e9a +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10883 + +Do not set the b_modified flag in block's journal head should not +until after we're sure that jbd2_journal_dirty_metadat() will not +abort with an error due to there not being enough space reserved in +the jbd2 handle. + +Otherwise, future attempts to modify the buffer may lead a large +number of spurious errors and warnings. + +This addresses CVE-2018-10883. + +https://bugzilla.kernel.org/show_bug.cgi?id=200071 + +Signed-off-by: Theodore Ts'o +--- + fs/jbd2/transaction.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +--- a/fs/jbd2/transaction.c ++++ b/fs/jbd2/transaction.c +@@ -1363,6 +1363,13 @@ int jbd2_journal_dirty_metadata(handle_t + if (jh->b_transaction == transaction && + jh->b_jlist != BJ_Metadata) { + jbd_lock_bh_state(bh); ++ if (jh->b_transaction == transaction && ++ jh->b_jlist != BJ_Metadata) ++ pr_err("JBD2: assertion failure: h_type=%u " ++ "h_line_no=%u block_no=%llu jlist=%u\n", ++ handle->h_type, handle->h_line_no, ++ (unsigned long long) bh->b_blocknr, ++ jh->b_jlist); + J_ASSERT_JH(jh, jh->b_transaction != transaction || + jh->b_jlist == BJ_Metadata); + jbd_unlock_bh_state(bh); +@@ -1382,11 +1389,11 @@ int jbd2_journal_dirty_metadata(handle_t + * of the transaction. This needs to be done + * once a transaction -bzzz + */ +- jh->b_modified = 1; + if (handle->h_buffer_credits <= 0) { + ret = -ENOSPC; + goto out_unlock_bh; + } ++ jh->b_modified = 1; + handle->h_buffer_credits--; + } + diff --git a/debian/patches/series b/debian/patches/series index def1bb521..c2c2db595 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -133,6 +133,17 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch debian/i386-686-pae-pci-set-pci-nobios-by-default.patch bugfix/x86/virt-vbox-Only-copy_from_user-the-request-header-onc.patch bugfix/all/tracing-check-for-no-filter-when-processing-event-fi.patch +bugfix/all/ext4-add-corruption-check-in-ext4_xattr_set_entry.patch +bugfix/all/ext4-always-verify-the-magic-number-in-xattr-blocks.patch +bugfix/all/ext4-always-check-block-group-bounds-in-ext4_init_bl.patch +bugfix/all/ext4-make-sure-bitmaps-and-the-inode-table-don-t-ove.patch +bugfix/all/ext4-only-look-at-the-bg_flags-field-if-it-is-valid.patch +bugfix/all/ext4-verify-the-depth-of-extent-tree-in-ext4_find_ex.patch +bugfix/all/ext4-clear-i_data-in-ext4_inode_info-when-removing-i.patch +bugfix/all/ext4-never-move-the-system.data-xattr-out-of-the-ino.patch +bugfix/all/jbd2-don-t-mark-block-as-modified-if-the-handle-is-o.patch +bugfix/all/ext4-avoid-running-out-of-journal-credits-when-appen.patch +bugfix/all/ext4-add-more-inode-number-paranoia-checks.patch # Fix exported symbol versions bugfix/all/module-disable-matching-missing-version-crc.patch From 1f88ab63d48f52adb362cf3b0e8fee2b56bf61aa Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Mon, 2 Jul 2018 21:43:33 +0100 Subject: [PATCH 20/22] jfs: Fix inconsistency between memory allocation and ea_buf->max_size (CVE-2018-12233) --- debian/changelog | 2 + ...tency-between-memory-allocation-and-.patch | 39 +++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 42 insertions(+) create mode 100644 debian/patches/bugfix/all/jfs-fix-inconsistency-between-memory-allocation-and-.patch diff --git a/debian/changelog b/debian/changelog index b8f1305fd..40bf13b1b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -107,6 +107,8 @@ linux (4.17.3-1) UNRELEASED; urgency=medium * ext4: avoid running out of journal credits when appending to an inline file (CVE-2018-10883) * ext4: add more inode number paranoia checks (CVE-2018-10882) + * jfs: Fix inconsistency between memory allocation and ea_buf->max_size + (CVE-2018-12233) [ Romain Perier ] * [x86] amdgpu: Enable DCN 1.0 Raven family (Closes: #901349) diff --git a/debian/patches/bugfix/all/jfs-fix-inconsistency-between-memory-allocation-and-.patch b/debian/patches/bugfix/all/jfs-fix-inconsistency-between-memory-allocation-and-.patch new file mode 100644 index 000000000..b0680e6bd --- /dev/null +++ b/debian/patches/bugfix/all/jfs-fix-inconsistency-between-memory-allocation-and-.patch @@ -0,0 +1,39 @@ +From: Shankara Pailoor +Date: Tue, 5 Jun 2018 08:33:27 -0500 +Subject: jfs: Fix inconsistency between memory allocation and ea_buf->max_size +Origin: https://git.kernel.org/linus/92d34134193e5b129dc24f8d79cb9196626e8d7a +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-12233 + +The code is assuming the buffer is max_size length, but we weren't +allocating enough space for it. + +Signed-off-by: Shankara Pailoor +Signed-off-by: Dave Kleikamp +--- + fs/jfs/xattr.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +--- a/fs/jfs/xattr.c ++++ b/fs/jfs/xattr.c +@@ -491,15 +491,17 @@ static int ea_get(struct inode *inode, s + if (size > PSIZE) { + /* + * To keep the rest of the code simple. Allocate a +- * contiguous buffer to work with ++ * contiguous buffer to work with. Make the buffer large ++ * enough to make use of the whole extent. + */ +- ea_buf->xattr = kmalloc(size, GFP_KERNEL); ++ ea_buf->max_size = (size + sb->s_blocksize - 1) & ++ ~(sb->s_blocksize - 1); ++ ++ ea_buf->xattr = kmalloc(ea_buf->max_size, GFP_KERNEL); + if (ea_buf->xattr == NULL) + return -ENOMEM; + + ea_buf->flag = EA_MALLOC; +- ea_buf->max_size = (size + sb->s_blocksize - 1) & +- ~(sb->s_blocksize - 1); + + if (ea_size == 0) + return 0; diff --git a/debian/patches/series b/debian/patches/series index c2c2db595..54a970a2a 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -144,6 +144,7 @@ bugfix/all/ext4-never-move-the-system.data-xattr-out-of-the-ino.patch bugfix/all/jbd2-don-t-mark-block-as-modified-if-the-handle-is-o.patch bugfix/all/ext4-avoid-running-out-of-journal-credits-when-appen.patch bugfix/all/ext4-add-more-inode-number-paranoia-checks.patch +bugfix/all/jfs-fix-inconsistency-between-memory-allocation-and-.patch # Fix exported symbol versions bugfix/all/module-disable-matching-missing-version-crc.patch From 0ed92538517594248a8de2dd7c4d66452488f5bb Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Mon, 2 Jul 2018 22:12:53 +0100 Subject: [PATCH 21/22] debian/control: Move bison and flex to Build-Depends (Closes: #901712) We generate all config files when building linux-source-, and this requires running kconfig. kconfig is now built using bison and flex instead of requiring their output to be already included in the source tree. --- debian/changelog | 1 + debian/templates/control.source.in | 6 ++---- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/debian/changelog b/debian/changelog index 40bf13b1b..dc28109fa 100644 --- a/debian/changelog +++ b/debian/changelog @@ -109,6 +109,7 @@ linux (4.17.3-1) UNRELEASED; urgency=medium * ext4: add more inode number paranoia checks (CVE-2018-10882) * jfs: Fix inconsistency between memory allocation and ea_buf->max_size (CVE-2018-12233) + * debian/control: Move bison and flex to Build-Depends (Closes: #901712) [ Romain Perier ] * [x86] amdgpu: Enable DCN 1.0 Raven family (Closes: #901349) diff --git a/debian/templates/control.source.in b/debian/templates/control.source.in index f648bd92c..d3069aae9 100644 --- a/debian/templates/control.source.in +++ b/debian/templates/control.source.in @@ -15,6 +15,8 @@ Build-Depends: xz-utils , # used by debian/rules.real to build linux-perf and linux-support dh-python , +# used by upstream to build genksyms, kconfig, and perf + bison , flex (>= 2.6.1-1.1~) , Build-Depends-Arch: # used by debian/rules.real to build udebs kernel-wedge (>= 2.93~) , @@ -28,10 +30,6 @@ Build-Depends-Arch: # used by upstream to build perf documentation asciidoc-base , xmlto , -# used by upstream to build genksyms, kconfig, and perf - bison , -# - flex needs to run on the host; we have the same problem as for openssl - flex (>= 2.6.1-1.1~) , # used by upstream to build perf gcc-multilib [amd64 ppc64 s390x sparc64] , libaudit-dev , From e3b70a2980f175f2e3346c645e1b7f65ac748e0a Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Mon, 2 Jul 2018 22:13:28 +0100 Subject: [PATCH 22/22] Prepare to release linux (4.17.3-1). --- debian/changelog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index dc28109fa..330d0df55 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -linux (4.17.3-1) UNRELEASED; urgency=medium +linux (4.17.3-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.3 @@ -118,7 +118,7 @@ linux (4.17.3-1) UNRELEASED; urgency=medium [ Vagrant Cascadian ] * [arm64] Add device-tree to support Pinebook. - -- Ben Hutchings Fri, 22 Jun 2018 17:34:37 +0100 + -- Ben Hutchings Mon, 02 Jul 2018 22:13:27 +0100 linux (4.17.2-1~exp1) experimental; urgency=medium