Release linux (4.17.3-1).
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAls6toYACgkQ57/I7JWG EQnUyQ/9GCNcKyhvUX+JW534f1vCai0GujvXCgEBWyDuj0AXcgthJT27cs7kXUYH tCfL9xTikeUIgNR+JTWFnZSHIUKaQ8RJPdR4l1KyqdDxqrEx9BqdXRW0dzS4OtTQ jgnVLkEfCtllgXkEh6L+ZKZ3NRFKc6OcYFrWa+Q+ovk1mY23P5y5YyPuaV4j+cKI 8M1pMYCxTGpy9+SncKEnWHD9hq1AsySe19Q/yd5WzhDMu6kLg61S+n/iiVZJA8lK qHmMEhtEbiQN+/79C3dgH8nDV5yceqPZxon2GmPrUXrLTM0cX2J3VZpNFOH4SCr8 AZa1nzzD8UXNDHVVb91QpwMGQrmjAwuLQtJPOCrOnuS71ba+q2w5ylYgjbbs7AMn SJpakcYBKBYoMI7fk+qKRVneBIhPDEBWe6yf//XL7N+Nfsf02bkb5k81NPTF65dE RESMNI/wXjhFkCWjqxZQiJqvG2mvyTGFs4iEk7NWjFfyqRz4bFNP+SbMHfGwVI1u xnlK2e31h25kWuFuQjq6eVXg+jyWjagM1/aa4lI1H4j2Rk9iXVU/52wVZGatmUj0 1zbqYL2noJpD46/Q4jtbatZu9TI+ynjr+mbmZYys8BfFMNKPjL2TavW7RNWARk/p VmgvS7qS5JmJz22LBGRU1S5aKbDhXmyt8IcJS9LCUwEU0yL+u4U= =n9qI -----END PGP SIGNATURE----- Merge tag 'debian/4.17.3-1' Release linux (4.17.3-1).
This commit is contained in:
commit
7f113f9112
|
@ -110,6 +110,7 @@ class Gencontrol(Base):
|
||||||
makeflags = makeflags.copy()
|
makeflags = makeflags.copy()
|
||||||
makeflags['ALL_FEATURESETS'] = ' '.join(fs_enabled)
|
makeflags['ALL_FEATURESETS'] = ' '.join(fs_enabled)
|
||||||
makeflags['ALL_TRIPLETS'] = ' '.join(triplet_enabled)
|
makeflags['ALL_TRIPLETS'] = ' '.join(triplet_enabled)
|
||||||
|
makeflags['SOURCE_BASENAME'] = self.vars['source_basename']
|
||||||
if not self.config.merge('packages').get('docs', True):
|
if not self.config.merge('packages').get('docs', True):
|
||||||
makeflags['DO_DOCS'] = False
|
makeflags['DO_DOCS'] = False
|
||||||
if not self.config.merge('packages').get('source', True):
|
if not self.config.merge('packages').get('source', True):
|
||||||
|
@ -207,10 +208,6 @@ class Gencontrol(Base):
|
||||||
else:
|
else:
|
||||||
makeflags['DO_LIBC'] = False
|
makeflags['DO_LIBC'] = False
|
||||||
|
|
||||||
if not self.config.merge('packages').get('tools', True):
|
|
||||||
makeflags['DO_TOOLS'] = False
|
|
||||||
|
|
||||||
|
|
||||||
merge_packages(packages, packages_headers_arch, arch)
|
merge_packages(packages, packages_headers_arch, arch)
|
||||||
|
|
||||||
cmds_build_arch = ["$(MAKE) -f debian/rules.real build-arch-arch %s" % makeflags]
|
cmds_build_arch = ["$(MAKE) -f debian/rules.real build-arch-arch %s" % makeflags]
|
||||||
|
|
|
@ -14,7 +14,7 @@ linux (4.18~rc3-1~exp1) UNRELEASED; urgency=medium
|
||||||
|
|
||||||
-- Ben Hutchings <ben@decadent.org.uk> Tue, 26 Jun 2018 01:43:53 +0100
|
-- Ben Hutchings <ben@decadent.org.uk> Tue, 26 Jun 2018 01:43:53 +0100
|
||||||
|
|
||||||
linux (4.17.3-1) UNRELEASED; urgency=medium
|
linux (4.17.3-1) unstable; urgency=medium
|
||||||
|
|
||||||
* New upstream stable update:
|
* New upstream stable update:
|
||||||
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.3
|
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.3
|
||||||
|
@ -86,6 +86,7 @@ linux (4.17.3-1) UNRELEASED; urgency=medium
|
||||||
[ Ben Hutchings ]
|
[ Ben Hutchings ]
|
||||||
* [amd64,arm64,armhf] android: Build modules to support Anbox
|
* [amd64,arm64,armhf] android: Build modules to support Anbox
|
||||||
(Closes: #901492)
|
(Closes: #901492)
|
||||||
|
- Export symbols needed by Android drivers
|
||||||
- Enable building ashmem and binder as modules
|
- Enable building ashmem and binder as modules
|
||||||
- Enable ANDROID
|
- Enable ANDROID
|
||||||
- Enable ANDROID_BINDER_IPC, ASHMEM as modules
|
- Enable ANDROID_BINDER_IPC, ASHMEM as modules
|
||||||
|
@ -98,14 +99,42 @@ linux (4.17.3-1) UNRELEASED; urgency=medium
|
||||||
(CVE-2018-12633)
|
(CVE-2018-12633)
|
||||||
* [x86] vboxguest: Enable VBOXGUEST and DRM_VBOXVIDEO as modules
|
* [x86] vboxguest: Enable VBOXGUEST and DRM_VBOXVIDEO as modules
|
||||||
* aufs: Update support patchset to aufs4.x-rcN-20180611
|
* aufs: Update support patchset to aufs4.x-rcN-20180611
|
||||||
|
* debian/rules.d/scripts/mod/gendef.py: Use Python 3
|
||||||
|
* debian/rules: Fix pkg.linux.notools build profile
|
||||||
|
* tracing: Check for no filter when processing event filters (CVE-2018-12714)
|
||||||
|
* dm: Enable DM_INTEGRITY as module (except on armel) (Closes: #896649)
|
||||||
|
* debian/lib/python/debian_linux/debian.py: Accept arbitrary revision
|
||||||
|
suffixes (Closes: #898087)
|
||||||
|
* ext4: add corruption check in ext4_xattr_set_entry() (CVE-2018-10879)
|
||||||
|
* ext4: always verify the magic number in xattr blocks (CVE-2018-10879)
|
||||||
|
* ext4: always check block group bounds in ext4_init_block_bitmap()
|
||||||
|
(CVE-2018-10878)
|
||||||
|
* ext4: make sure bitmaps and the inode table don't overlap with bg
|
||||||
|
descriptors (CVE-2018-10878)
|
||||||
|
* ext4: only look at the bg_flags field if it is valid (CVE-2018-10876)
|
||||||
|
* ext4: verify the depth of extent tree in ext4_find_extent()
|
||||||
|
(CVE-2018-10877)
|
||||||
|
* ext4: clear i_data in ext4_inode_info when removing inline data
|
||||||
|
(CVE-2018-10881)
|
||||||
|
* ext4: never move the system.data xattr out of the inode body
|
||||||
|
(CVE-2018-10880)
|
||||||
|
* jbd2: don't mark block as modified if the handle is out of credits
|
||||||
|
(CVE-2018-10883)
|
||||||
|
* ext4: avoid running out of journal credits when appending to an inline file
|
||||||
|
(CVE-2018-10883)
|
||||||
|
* ext4: add more inode number paranoia checks (CVE-2018-10882)
|
||||||
|
* jfs: Fix inconsistency between memory allocation and ea_buf->max_size
|
||||||
|
(CVE-2018-12233)
|
||||||
|
* debian/control: Move bison and flex to Build-Depends (Closes: #901712)
|
||||||
|
|
||||||
[ Romain Perier ]
|
[ Romain Perier ]
|
||||||
* [x86] amdgpu: Enable DCN 1.0 Raven family (Closes: #901349)
|
* [x86] amdgpu: Enable DCN 1.0 Raven family (Closes: #901349)
|
||||||
|
* [armhf] Enable missing SND_EDMA_SOC for davinci-mcasp on the BeagleBoneBlack
|
||||||
|
|
||||||
[ Vagrant Cascadian ]
|
[ Vagrant Cascadian ]
|
||||||
* [arm64] Add device-tree to support Pinebook.
|
* [arm64] Add device-tree to support Pinebook.
|
||||||
|
|
||||||
-- Ben Hutchings <ben@decadent.org.uk> Fri, 22 Jun 2018 17:34:37 +0100
|
-- Ben Hutchings <ben@decadent.org.uk> Mon, 02 Jul 2018 22:13:27 +0100
|
||||||
|
|
||||||
linux (4.17.2-1~exp1) experimental; urgency=medium
|
linux (4.17.2-1~exp1) experimental; urgency=medium
|
||||||
|
|
||||||
|
|
|
@ -337,6 +337,11 @@ CONFIG_LEDS_NETXBIG=m
|
||||||
CONFIG_LEDS_TRIGGER_TIMER=y
|
CONFIG_LEDS_TRIGGER_TIMER=y
|
||||||
CONFIG_LEDS_TRIGGER_DEFAULT_ON=y
|
CONFIG_LEDS_TRIGGER_DEFAULT_ON=y
|
||||||
|
|
||||||
|
##
|
||||||
|
## file: drivers/md/Kconfig
|
||||||
|
##
|
||||||
|
# CONFIG_DM_INTEGRITY is not set
|
||||||
|
|
||||||
##
|
##
|
||||||
## file: drivers/mmc/Kconfig
|
## file: drivers/mmc/Kconfig
|
||||||
##
|
##
|
||||||
|
|
|
@ -1325,6 +1325,11 @@ CONFIG_NET_SWITCHDEV=y
|
||||||
##
|
##
|
||||||
CONFIG_SND_HDA_TEGRA=m
|
CONFIG_SND_HDA_TEGRA=m
|
||||||
|
|
||||||
|
##
|
||||||
|
## file: sound/soc/davinci/Kconfig
|
||||||
|
##
|
||||||
|
CONFIG_SND_EDMA_SOC=m
|
||||||
|
|
||||||
##
|
##
|
||||||
## file: sound/soc/Kconfig
|
## file: sound/soc/Kconfig
|
||||||
##
|
##
|
||||||
|
|
|
@ -1791,6 +1791,7 @@ CONFIG_DM_FLAKEY=m
|
||||||
CONFIG_DM_VERITY=m
|
CONFIG_DM_VERITY=m
|
||||||
CONFIG_DM_SWITCH=m
|
CONFIG_DM_SWITCH=m
|
||||||
CONFIG_DM_LOG_WRITES=m
|
CONFIG_DM_LOG_WRITES=m
|
||||||
|
CONFIG_DM_INTEGRITY=m
|
||||||
|
|
||||||
##
|
##
|
||||||
## file: drivers/md/bcache/Kconfig
|
## file: drivers/md/bcache/Kconfig
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
import collections
|
import collections
|
||||||
import os.path
|
import os.path
|
||||||
import re
|
import re
|
||||||
|
import unittest
|
||||||
|
|
||||||
from . import utils
|
from . import utils
|
||||||
|
|
||||||
|
@ -92,34 +93,30 @@ class Changelog(list):
|
||||||
top_match = bottom_match = None
|
top_match = bottom_match = None
|
||||||
|
|
||||||
class Version(object):
|
class Version(object):
|
||||||
_version_rules = r"""
|
_epoch_re = re.compile(r'\d+$')
|
||||||
^
|
_upstream_re = re.compile(r'[0-9][A-Za-z0-9.+\-:~]*$')
|
||||||
(?:
|
_revision_re = re.compile(r'[A-Za-z0-9+.~]+$')
|
||||||
(?P<epoch>
|
|
||||||
\d+
|
|
||||||
)
|
|
||||||
:
|
|
||||||
)?
|
|
||||||
(?P<upstream>
|
|
||||||
.+?
|
|
||||||
)
|
|
||||||
(?:
|
|
||||||
-
|
|
||||||
(?P<revision>[^-]+)
|
|
||||||
)?
|
|
||||||
$
|
|
||||||
"""
|
|
||||||
_version_re = re.compile(_version_rules, re.X)
|
|
||||||
|
|
||||||
def __init__(self, version):
|
def __init__(self, version):
|
||||||
match = self._version_re.match(version)
|
try:
|
||||||
if match is None:
|
split = version.index(':')
|
||||||
|
except ValueError:
|
||||||
|
epoch, rest = None, version
|
||||||
|
else:
|
||||||
|
epoch, rest = version[0:split], version[split+1:]
|
||||||
|
try:
|
||||||
|
split = rest.rindex('-')
|
||||||
|
except ValueError:
|
||||||
|
upstream, revision = rest, None
|
||||||
|
else:
|
||||||
|
upstream, revision = rest[0:split], rest[split+1:]
|
||||||
|
if ((epoch is not None and not self._epoch_re.match(epoch)) or
|
||||||
|
not self._upstream_re.match(upstream) or
|
||||||
|
(revision is not None and not self._revision_re.match(revision))):
|
||||||
raise RuntimeError(u"Invalid debian version")
|
raise RuntimeError(u"Invalid debian version")
|
||||||
self.epoch = None
|
self.epoch = epoch and int(epoch)
|
||||||
if match.group("epoch") is not None:
|
self.upstream = upstream
|
||||||
self.epoch = int(match.group("epoch"))
|
self.revision = revision
|
||||||
self.upstream = match.group("upstream")
|
|
||||||
self.revision = match.group("revision")
|
|
||||||
|
|
||||||
def __str__(self):
|
def __str__(self):
|
||||||
return self.complete
|
return self.complete
|
||||||
|
@ -143,9 +140,81 @@ $
|
||||||
return self.revision
|
return self.revision
|
||||||
|
|
||||||
|
|
||||||
|
class _VersionTest(unittest.TestCase):
|
||||||
|
def test_native(self):
|
||||||
|
v = Version('1.2+c~4')
|
||||||
|
self.assertEqual(v.epoch, None)
|
||||||
|
self.assertEqual(v.upstream, '1.2+c~4')
|
||||||
|
self.assertEqual(v.revision, None)
|
||||||
|
self.assertEqual(v.complete, '1.2+c~4')
|
||||||
|
self.assertEqual(v.complete_noepoch, '1.2+c~4')
|
||||||
|
|
||||||
|
def test_nonnative(self):
|
||||||
|
v = Version('1-2+d~3')
|
||||||
|
self.assertEqual(v.epoch, None)
|
||||||
|
self.assertEqual(v.upstream, '1')
|
||||||
|
self.assertEqual(v.revision, '2+d~3')
|
||||||
|
self.assertEqual(v.complete, '1-2+d~3')
|
||||||
|
self.assertEqual(v.complete_noepoch, '1-2+d~3')
|
||||||
|
|
||||||
|
def test_native_epoch(self):
|
||||||
|
v = Version('5:1.2.3')
|
||||||
|
self.assertEqual(v.epoch, 5)
|
||||||
|
self.assertEqual(v.upstream, '1.2.3')
|
||||||
|
self.assertEqual(v.revision, None)
|
||||||
|
self.assertEqual(v.complete, '5:1.2.3')
|
||||||
|
self.assertEqual(v.complete_noepoch, '1.2.3')
|
||||||
|
|
||||||
|
def test_nonnative_epoch(self):
|
||||||
|
v = Version('5:1.2.3-4')
|
||||||
|
self.assertEqual(v.epoch, 5)
|
||||||
|
self.assertEqual(v.upstream, '1.2.3')
|
||||||
|
self.assertEqual(v.revision, '4')
|
||||||
|
self.assertEqual(v.complete, '5:1.2.3-4')
|
||||||
|
self.assertEqual(v.complete_noepoch, '1.2.3-4')
|
||||||
|
|
||||||
|
def test_multi_hyphen(self):
|
||||||
|
v = Version('1-2-3')
|
||||||
|
self.assertEqual(v.epoch, None)
|
||||||
|
self.assertEqual(v.upstream, '1-2')
|
||||||
|
self.assertEqual(v.revision, '3')
|
||||||
|
self.assertEqual(v.complete, '1-2-3')
|
||||||
|
|
||||||
|
def test_multi_colon(self):
|
||||||
|
v = Version('1:2:3')
|
||||||
|
self.assertEqual(v.epoch, 1)
|
||||||
|
self.assertEqual(v.upstream, '2:3')
|
||||||
|
self.assertEqual(v.revision, None)
|
||||||
|
|
||||||
|
def test_invalid_epoch(self):
|
||||||
|
with self.assertRaises(RuntimeError):
|
||||||
|
v = Version('a:1')
|
||||||
|
with self.assertRaises(RuntimeError):
|
||||||
|
v = Version('-1:1')
|
||||||
|
with self.assertRaises(RuntimeError):
|
||||||
|
v = Version('1a:1')
|
||||||
|
|
||||||
|
def test_invalid_upstream(self):
|
||||||
|
with self.assertRaises(RuntimeError):
|
||||||
|
v = Version('1_2')
|
||||||
|
with self.assertRaises(RuntimeError):
|
||||||
|
v = Version('1/2')
|
||||||
|
with self.assertRaises(RuntimeError):
|
||||||
|
v = Version('a1')
|
||||||
|
with self.assertRaises(RuntimeError):
|
||||||
|
v = Version('1 2')
|
||||||
|
|
||||||
|
def test_invalid_revision(self):
|
||||||
|
with self.assertRaises(RuntimeError):
|
||||||
|
v = Version('1-2_3')
|
||||||
|
with self.assertRaises(RuntimeError):
|
||||||
|
v = Version('1-2/3')
|
||||||
|
with self.assertRaises(RuntimeError):
|
||||||
|
v = Version('1-2:3')
|
||||||
|
|
||||||
|
|
||||||
class VersionLinux(Version):
|
class VersionLinux(Version):
|
||||||
_version_linux_rules = r"""
|
_upstream_re = re.compile(r"""
|
||||||
^
|
|
||||||
(?P<version>
|
(?P<version>
|
||||||
\d+\.\d+
|
\d+\.\d+
|
||||||
)
|
)
|
||||||
|
@ -165,7 +234,9 @@ class VersionLinux(Version):
|
||||||
\d+
|
\d+
|
||||||
)
|
)
|
||||||
)?
|
)?
|
||||||
-
|
$
|
||||||
|
""", re.X)
|
||||||
|
_revision_re = re.compile(r"""
|
||||||
\d+
|
\d+
|
||||||
(\.\d+)?
|
(\.\d+)?
|
||||||
(?:
|
(?:
|
||||||
|
@ -174,27 +245,27 @@ class VersionLinux(Version):
|
||||||
)
|
)
|
||||||
|
|
|
|
||||||
(?P<revision_security>
|
(?P<revision_security>
|
||||||
[~+]deb\d+u\d+
|
(?:[~+]deb\d+u\d+)+
|
||||||
)?
|
)?
|
||||||
(?P<revision_backports>
|
(?P<revision_backports>
|
||||||
~bpo\d+\+\d+
|
~bpo\d+\+\d+
|
||||||
)?
|
)?
|
||||||
|
|
|
|
||||||
(?P<revision_other>
|
(?P<revision_other>
|
||||||
[^-+]+
|
.+?
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
(?:\+b\d+)?
|
(?:\+b\d+)?
|
||||||
$
|
$
|
||||||
"""
|
""", re.X)
|
||||||
_version_linux_re = re.compile(_version_linux_rules, re.X)
|
|
||||||
|
|
||||||
def __init__(self, version):
|
def __init__(self, version):
|
||||||
super(VersionLinux, self).__init__(version)
|
super(VersionLinux, self).__init__(version)
|
||||||
match = self._version_linux_re.match(version)
|
up_match = self._upstream_re.match(self.upstream)
|
||||||
if match is None:
|
rev_match = self._revision_re.match(self.revision)
|
||||||
|
if up_match is None or rev_match is None:
|
||||||
raise RuntimeError(u"Invalid debian linux version")
|
raise RuntimeError(u"Invalid debian linux version")
|
||||||
d = match.groupdict()
|
d = up_match.groupdict()
|
||||||
self.linux_modifier = d['modifier']
|
self.linux_modifier = d['modifier']
|
||||||
self.linux_version = d['version']
|
self.linux_version = d['version']
|
||||||
if d['modifier'] is not None:
|
if d['modifier'] is not None:
|
||||||
|
@ -204,10 +275,122 @@ $
|
||||||
self.linux_upstream = d['version']
|
self.linux_upstream = d['version']
|
||||||
self.linux_upstream_full = self.linux_upstream + d['update']
|
self.linux_upstream_full = self.linux_upstream + d['update']
|
||||||
self.linux_dfsg = d['dfsg']
|
self.linux_dfsg = d['dfsg']
|
||||||
self.linux_revision_experimental = match.group('revision_experimental') and True
|
d = rev_match.groupdict()
|
||||||
self.linux_revision_security = match.group('revision_security') and True
|
self.linux_revision_experimental = d['revision_experimental'] and True
|
||||||
self.linux_revision_backports = match.group('revision_backports') and True
|
self.linux_revision_security = d['revision_security'] and True
|
||||||
self.linux_revision_other = match.group('revision_other') and True
|
self.linux_revision_backports = d['revision_backports'] and True
|
||||||
|
self.linux_revision_other = d['revision_other'] and True
|
||||||
|
|
||||||
|
|
||||||
|
class _VersionLinuxTest(unittest.TestCase):
|
||||||
|
def test_stable(self):
|
||||||
|
v = VersionLinux('1.2.3-4')
|
||||||
|
self.assertEqual(v.linux_version, '1.2')
|
||||||
|
self.assertEqual(v.linux_upstream, '1.2')
|
||||||
|
self.assertEqual(v.linux_upstream_full, '1.2.3')
|
||||||
|
self.assertEqual(v.linux_modifier, None)
|
||||||
|
self.assertEqual(v.linux_dfsg, None)
|
||||||
|
self.assertFalse(v.linux_revision_experimental)
|
||||||
|
self.assertFalse(v.linux_revision_security)
|
||||||
|
self.assertFalse(v.linux_revision_backports)
|
||||||
|
self.assertFalse(v.linux_revision_other)
|
||||||
|
|
||||||
|
def test_rc(self):
|
||||||
|
v = VersionLinux('1.2~rc3-4')
|
||||||
|
self.assertEqual(v.linux_version, '1.2')
|
||||||
|
self.assertEqual(v.linux_upstream, '1.2-rc3')
|
||||||
|
self.assertEqual(v.linux_upstream_full, '1.2-rc3')
|
||||||
|
self.assertEqual(v.linux_modifier, 'rc3')
|
||||||
|
self.assertEqual(v.linux_dfsg, None)
|
||||||
|
self.assertFalse(v.linux_revision_experimental)
|
||||||
|
self.assertFalse(v.linux_revision_security)
|
||||||
|
self.assertFalse(v.linux_revision_backports)
|
||||||
|
self.assertFalse(v.linux_revision_other)
|
||||||
|
|
||||||
|
def test_dfsg(self):
|
||||||
|
v = VersionLinux('1.2~rc3.dfsg.1-4')
|
||||||
|
self.assertEqual(v.linux_version, '1.2')
|
||||||
|
self.assertEqual(v.linux_upstream, '1.2-rc3')
|
||||||
|
self.assertEqual(v.linux_upstream_full, '1.2-rc3')
|
||||||
|
self.assertEqual(v.linux_modifier, 'rc3')
|
||||||
|
self.assertEqual(v.linux_dfsg, '1')
|
||||||
|
self.assertFalse(v.linux_revision_experimental)
|
||||||
|
self.assertFalse(v.linux_revision_security)
|
||||||
|
self.assertFalse(v.linux_revision_backports)
|
||||||
|
self.assertFalse(v.linux_revision_other)
|
||||||
|
|
||||||
|
def test_experimental(self):
|
||||||
|
v = VersionLinux('1.2~rc3-4~exp5')
|
||||||
|
self.assertEqual(v.linux_upstream_full, '1.2-rc3')
|
||||||
|
self.assertTrue(v.linux_revision_experimental)
|
||||||
|
self.assertFalse(v.linux_revision_security)
|
||||||
|
self.assertFalse(v.linux_revision_backports)
|
||||||
|
self.assertFalse(v.linux_revision_other)
|
||||||
|
|
||||||
|
def test_security(self):
|
||||||
|
v = VersionLinux('1.2.3-4+deb10u1')
|
||||||
|
self.assertEqual(v.linux_upstream_full, '1.2.3')
|
||||||
|
self.assertFalse(v.linux_revision_experimental)
|
||||||
|
self.assertTrue(v.linux_revision_security)
|
||||||
|
self.assertFalse(v.linux_revision_backports)
|
||||||
|
self.assertFalse(v.linux_revision_other)
|
||||||
|
|
||||||
|
def test_backports(self):
|
||||||
|
v = VersionLinux('1.2.3-4~bpo9+10')
|
||||||
|
self.assertEqual(v.linux_upstream_full, '1.2.3')
|
||||||
|
self.assertFalse(v.linux_revision_experimental)
|
||||||
|
self.assertFalse(v.linux_revision_security)
|
||||||
|
self.assertTrue(v.linux_revision_backports)
|
||||||
|
self.assertFalse(v.linux_revision_other)
|
||||||
|
|
||||||
|
def test_security_backports(self):
|
||||||
|
v = VersionLinux('1.2.3-4+deb10u1~bpo9+10')
|
||||||
|
self.assertEqual(v.linux_upstream_full, '1.2.3')
|
||||||
|
self.assertFalse(v.linux_revision_experimental)
|
||||||
|
self.assertTrue(v.linux_revision_security)
|
||||||
|
self.assertTrue(v.linux_revision_backports)
|
||||||
|
self.assertFalse(v.linux_revision_other)
|
||||||
|
|
||||||
|
def test_lts_backports(self):
|
||||||
|
# Backport during LTS, as an extra package in the -security
|
||||||
|
# suite. Since this is not part of a -backports suite it
|
||||||
|
# shouldn't get the linux_revision_backports flag.
|
||||||
|
v = VersionLinux('1.2.3-4~deb9u10')
|
||||||
|
self.assertEqual(v.linux_upstream_full, '1.2.3')
|
||||||
|
self.assertFalse(v.linux_revision_experimental)
|
||||||
|
self.assertTrue(v.linux_revision_security)
|
||||||
|
self.assertFalse(v.linux_revision_backports)
|
||||||
|
self.assertFalse(v.linux_revision_other)
|
||||||
|
|
||||||
|
def test_lts_backports_2(self):
|
||||||
|
# Same but with two security extensions in the revision.
|
||||||
|
v = VersionLinux('1.2.3-4+deb10u1~deb9u10')
|
||||||
|
self.assertEqual(v.linux_upstream_full, '1.2.3')
|
||||||
|
self.assertFalse(v.linux_revision_experimental)
|
||||||
|
self.assertTrue(v.linux_revision_security)
|
||||||
|
self.assertFalse(v.linux_revision_backports)
|
||||||
|
self.assertFalse(v.linux_revision_other)
|
||||||
|
|
||||||
|
def test_binnmu(self):
|
||||||
|
v = VersionLinux('1.2.3-4+b1')
|
||||||
|
self.assertFalse(v.linux_revision_experimental)
|
||||||
|
self.assertFalse(v.linux_revision_security)
|
||||||
|
self.assertFalse(v.linux_revision_backports)
|
||||||
|
self.assertFalse(v.linux_revision_other)
|
||||||
|
|
||||||
|
def test_other_revision(self):
|
||||||
|
v = VersionLinux('4.16.5-1+revert+crng+ready') # from #898087
|
||||||
|
self.assertFalse(v.linux_revision_experimental)
|
||||||
|
self.assertFalse(v.linux_revision_security)
|
||||||
|
self.assertFalse(v.linux_revision_backports)
|
||||||
|
self.assertTrue(v.linux_revision_other)
|
||||||
|
|
||||||
|
def test_other_revision_binnmu(self):
|
||||||
|
v = VersionLinux('4.16.5-1+revert+crng+ready+b1')
|
||||||
|
self.assertFalse(v.linux_revision_experimental)
|
||||||
|
self.assertFalse(v.linux_revision_security)
|
||||||
|
self.assertFalse(v.linux_revision_backports)
|
||||||
|
self.assertTrue(v.linux_revision_other)
|
||||||
|
|
||||||
|
|
||||||
class PackageArchitecture(collections.MutableSet):
|
class PackageArchitecture(collections.MutableSet):
|
||||||
|
@ -501,3 +684,7 @@ class TestsControl(_ControlFileDict):
|
||||||
('Tests-Directory', str),
|
('Tests-Directory', str),
|
||||||
('Classes', str),
|
('Classes', str),
|
||||||
))
|
))
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
unittest.main()
|
||||||
|
|
48
debian/patches/bugfix/all/ext4-add-corruption-check-in-ext4_xattr_set_entry.patch
vendored
Normal file
48
debian/patches/bugfix/all/ext4-add-corruption-check-in-ext4_xattr_set_entry.patch
vendored
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
From: Theodore Ts'o <tytso@mit.edu>
|
||||||
|
Date: Wed, 13 Jun 2018 00:23:11 -0400
|
||||||
|
Subject: ext4: add corruption check in ext4_xattr_set_entry()
|
||||||
|
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=4fda60bbdbb61de76e3d3c48ed77c9e9b96b00d1
|
||||||
|
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10879
|
||||||
|
|
||||||
|
In theory this should have been caught earlier when the xattr list was
|
||||||
|
verified, but in case it got missed, it's simple enough to add check
|
||||||
|
to make sure we don't overrun the xattr buffer.
|
||||||
|
|
||||||
|
This addresses CVE-2018-10879.
|
||||||
|
|
||||||
|
https://bugzilla.kernel.org/show_bug.cgi?id=200001
|
||||||
|
|
||||||
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
||||||
|
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
|
||||||
|
---
|
||||||
|
fs/ext4/xattr.c | 10 ++++++++--
|
||||||
|
1 file changed, 8 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
|
||||||
|
index fc4ced59c565..230ba79715f6 100644
|
||||||
|
--- a/fs/ext4/xattr.c
|
||||||
|
+++ b/fs/ext4/xattr.c
|
||||||
|
@@ -1560,7 +1560,7 @@ static int ext4_xattr_set_entry(struct ext4_xattr_info *i,
|
||||||
|
handle_t *handle, struct inode *inode,
|
||||||
|
bool is_block)
|
||||||
|
{
|
||||||
|
- struct ext4_xattr_entry *last;
|
||||||
|
+ struct ext4_xattr_entry *last, *next;
|
||||||
|
struct ext4_xattr_entry *here = s->here;
|
||||||
|
size_t min_offs = s->end - s->base, name_len = strlen(i->name);
|
||||||
|
int in_inode = i->in_inode;
|
||||||
|
@@ -1595,7 +1595,13 @@ static int ext4_xattr_set_entry(struct ext4_xattr_info *i,
|
||||||
|
|
||||||
|
/* Compute min_offs and last. */
|
||||||
|
last = s->first;
|
||||||
|
- for (; !IS_LAST_ENTRY(last); last = EXT4_XATTR_NEXT(last)) {
|
||||||
|
+ for (; !IS_LAST_ENTRY(last); last = next) {
|
||||||
|
+ next = EXT4_XATTR_NEXT(last);
|
||||||
|
+ if ((void *)next >= s->end) {
|
||||||
|
+ EXT4_ERROR_INODE(inode, "corrupted xattr entries");
|
||||||
|
+ ret = -EFSCORRUPTED;
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
if (!last->e_value_inum && last->e_value_size) {
|
||||||
|
size_t offs = le16_to_cpu(last->e_value_offs);
|
||||||
|
if (offs < min_offs)
|
|
@ -0,0 +1,63 @@
|
||||||
|
From: Theodore Ts'o <tytso@mit.edu>
|
||||||
|
Date: Sun, 17 Jun 2018 00:41:14 -0400
|
||||||
|
Subject: ext4: add more inode number paranoia checks
|
||||||
|
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=a0b4bd6c4418a8d2ba51f27968f5af005e5dbbdd
|
||||||
|
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10882
|
||||||
|
|
||||||
|
If there is a directory entry pointing to a system inode (such as a
|
||||||
|
journal inode), complain and declare the file system to be corrupted.
|
||||||
|
|
||||||
|
Also, if the superblock's first inode number field is too small,
|
||||||
|
refuse to mount the file system.
|
||||||
|
|
||||||
|
This addresses CVE-2018-10882.
|
||||||
|
|
||||||
|
https://bugzilla.kernel.org/show_bug.cgi?id=200069
|
||||||
|
|
||||||
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
||||||
|
---
|
||||||
|
fs/ext4/ext4.h | 5 -----
|
||||||
|
fs/ext4/inode.c | 3 ++-
|
||||||
|
fs/ext4/super.c | 5 +++++
|
||||||
|
3 files changed, 7 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
--- a/fs/ext4/ext4.h
|
||||||
|
+++ b/fs/ext4/ext4.h
|
||||||
|
@@ -1501,11 +1501,6 @@ static inline struct ext4_inode_info *EX
|
||||||
|
static inline int ext4_valid_inum(struct super_block *sb, unsigned long ino)
|
||||||
|
{
|
||||||
|
return ino == EXT4_ROOT_INO ||
|
||||||
|
- ino == EXT4_USR_QUOTA_INO ||
|
||||||
|
- ino == EXT4_GRP_QUOTA_INO ||
|
||||||
|
- ino == EXT4_BOOT_LOADER_INO ||
|
||||||
|
- ino == EXT4_JOURNAL_INO ||
|
||||||
|
- ino == EXT4_RESIZE_INO ||
|
||||||
|
(ino >= EXT4_FIRST_INO(sb) &&
|
||||||
|
ino <= le32_to_cpu(EXT4_SB(sb)->s_es->s_inodes_count));
|
||||||
|
}
|
||||||
|
--- a/fs/ext4/inode.c
|
||||||
|
+++ b/fs/ext4/inode.c
|
||||||
|
@@ -4506,7 +4506,8 @@ static int __ext4_get_inode_loc(struct i
|
||||||
|
int inodes_per_block, inode_offset;
|
||||||
|
|
||||||
|
iloc->bh = NULL;
|
||||||
|
- if (!ext4_valid_inum(sb, inode->i_ino))
|
||||||
|
+ if (inode->i_ino < EXT4_ROOT_INO ||
|
||||||
|
+ inode->i_ino > le32_to_cpu(EXT4_SB(sb)->s_es->s_inodes_count))
|
||||||
|
return -EFSCORRUPTED;
|
||||||
|
|
||||||
|
iloc->block_group = (inode->i_ino - 1) / EXT4_INODES_PER_GROUP(sb);
|
||||||
|
--- a/fs/ext4/super.c
|
||||||
|
+++ b/fs/ext4/super.c
|
||||||
|
@@ -3817,6 +3817,11 @@ static int ext4_fill_super(struct super_
|
||||||
|
} else {
|
||||||
|
sbi->s_inode_size = le16_to_cpu(es->s_inode_size);
|
||||||
|
sbi->s_first_ino = le32_to_cpu(es->s_first_ino);
|
||||||
|
+ if (sbi->s_first_ino < EXT4_GOOD_OLD_FIRST_INO) {
|
||||||
|
+ ext4_msg(sb, KERN_ERR, "invalid first ino: %u",
|
||||||
|
+ sbi->s_first_ino);
|
||||||
|
+ goto failed_mount;
|
||||||
|
+ }
|
||||||
|
if ((sbi->s_inode_size < EXT4_GOOD_OLD_INODE_SIZE) ||
|
||||||
|
(!is_power_of_2(sbi->s_inode_size)) ||
|
||||||
|
(sbi->s_inode_size > blocksize)) {
|
53
debian/patches/bugfix/all/ext4-always-check-block-group-bounds-in-ext4_init_bl.patch
vendored
Normal file
53
debian/patches/bugfix/all/ext4-always-check-block-group-bounds-in-ext4_init_bl.patch
vendored
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
From: Theodore Ts'o <tytso@mit.edu>
|
||||||
|
Date: Wed, 13 Jun 2018 23:00:48 -0400
|
||||||
|
Subject: ext4: always check block group bounds in ext4_init_block_bitmap()
|
||||||
|
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=dcf37fefac3f699aa1341f86bcd7808ccc651c33
|
||||||
|
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10878
|
||||||
|
|
||||||
|
Regardless of whether the flex_bg feature is set, we should always
|
||||||
|
check to make sure the bits we are setting in the block bitmap are
|
||||||
|
within the block group bounds.
|
||||||
|
|
||||||
|
https://bugzilla.kernel.org/show_bug.cgi?id=199865
|
||||||
|
|
||||||
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
||||||
|
---
|
||||||
|
fs/ext4/balloc.c | 10 +++-------
|
||||||
|
1 file changed, 3 insertions(+), 7 deletions(-)
|
||||||
|
|
||||||
|
--- a/fs/ext4/balloc.c
|
||||||
|
+++ b/fs/ext4/balloc.c
|
||||||
|
@@ -184,7 +184,6 @@ static int ext4_init_block_bitmap(struct
|
||||||
|
unsigned int bit, bit_max;
|
||||||
|
struct ext4_sb_info *sbi = EXT4_SB(sb);
|
||||||
|
ext4_fsblk_t start, tmp;
|
||||||
|
- int flex_bg = 0;
|
||||||
|
|
||||||
|
J_ASSERT_BH(bh, buffer_locked(bh));
|
||||||
|
|
||||||
|
@@ -207,22 +206,19 @@ static int ext4_init_block_bitmap(struct
|
||||||
|
|
||||||
|
start = ext4_group_first_block_no(sb, block_group);
|
||||||
|
|
||||||
|
- if (ext4_has_feature_flex_bg(sb))
|
||||||
|
- flex_bg = 1;
|
||||||
|
-
|
||||||
|
/* Set bits for block and inode bitmaps, and inode table */
|
||||||
|
tmp = ext4_block_bitmap(sb, gdp);
|
||||||
|
- if (!flex_bg || ext4_block_in_group(sb, tmp, block_group))
|
||||||
|
+ if (ext4_block_in_group(sb, tmp, block_group))
|
||||||
|
ext4_set_bit(EXT4_B2C(sbi, tmp - start), bh->b_data);
|
||||||
|
|
||||||
|
tmp = ext4_inode_bitmap(sb, gdp);
|
||||||
|
- if (!flex_bg || ext4_block_in_group(sb, tmp, block_group))
|
||||||
|
+ if (ext4_block_in_group(sb, tmp, block_group))
|
||||||
|
ext4_set_bit(EXT4_B2C(sbi, tmp - start), bh->b_data);
|
||||||
|
|
||||||
|
tmp = ext4_inode_table(sb, gdp);
|
||||||
|
for (; tmp < ext4_inode_table(sb, gdp) +
|
||||||
|
sbi->s_itb_per_group; tmp++) {
|
||||||
|
- if (!flex_bg || ext4_block_in_group(sb, tmp, block_group))
|
||||||
|
+ if (ext4_block_in_group(sb, tmp, block_group))
|
||||||
|
ext4_set_bit(EXT4_B2C(sbi, tmp - start), bh->b_data);
|
||||||
|
}
|
||||||
|
|
45
debian/patches/bugfix/all/ext4-always-verify-the-magic-number-in-xattr-blocks.patch
vendored
Normal file
45
debian/patches/bugfix/all/ext4-always-verify-the-magic-number-in-xattr-blocks.patch
vendored
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
From: Theodore Ts'o <tytso@mit.edu>
|
||||||
|
Date: Wed, 13 Jun 2018 00:51:28 -0400
|
||||||
|
Subject: ext4: always verify the magic number in xattr blocks
|
||||||
|
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=3345c50533c6a17ebc0284362ca7b69aaef37ac4
|
||||||
|
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10879
|
||||||
|
|
||||||
|
If there an inode points to a block which is also some other type of
|
||||||
|
metadata block (such as a block allocation bitmap), the
|
||||||
|
buffer_verified flag can be set when it was validated as that other
|
||||||
|
metadata block type; however, it would make a really terrible external
|
||||||
|
attribute block. The reason why we use the verified flag is to avoid
|
||||||
|
constantly reverifying the block. However, it doesn't take much
|
||||||
|
overhead to make sure the magic number of the xattr block is correct,
|
||||||
|
and this will avoid potential crashes.
|
||||||
|
|
||||||
|
This addresses CVE-2018-10879.
|
||||||
|
|
||||||
|
https://bugzilla.kernel.org/show_bug.cgi?id=200001
|
||||||
|
|
||||||
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
||||||
|
Reviewed-by: Andreas Dilger <adilger@dilger.ca>
|
||||||
|
---
|
||||||
|
fs/ext4/xattr.c | 6 +++---
|
||||||
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
|
||||||
|
index 230ba79715f6..0263692979ec 100644
|
||||||
|
--- a/fs/ext4/xattr.c
|
||||||
|
+++ b/fs/ext4/xattr.c
|
||||||
|
@@ -230,12 +230,12 @@ __ext4_xattr_check_block(struct inode *inode, struct buffer_head *bh,
|
||||||
|
{
|
||||||
|
int error = -EFSCORRUPTED;
|
||||||
|
|
||||||
|
- if (buffer_verified(bh))
|
||||||
|
- return 0;
|
||||||
|
-
|
||||||
|
if (BHDR(bh)->h_magic != cpu_to_le32(EXT4_XATTR_MAGIC) ||
|
||||||
|
BHDR(bh)->h_blocks != cpu_to_le32(1))
|
||||||
|
goto errout;
|
||||||
|
+ if (buffer_verified(bh))
|
||||||
|
+ return 0;
|
||||||
|
+
|
||||||
|
error = -EFSBADCRC;
|
||||||
|
if (!ext4_xattr_block_csum_verify(inode, bh))
|
||||||
|
goto errout;
|
120
debian/patches/bugfix/all/ext4-avoid-running-out-of-journal-credits-when-appen.patch
vendored
Normal file
120
debian/patches/bugfix/all/ext4-avoid-running-out-of-journal-credits-when-appen.patch
vendored
Normal file
|
@ -0,0 +1,120 @@
|
||||||
|
From: Theodore Ts'o <tytso@mit.edu>
|
||||||
|
Date: Sat, 16 Jun 2018 23:41:59 -0400
|
||||||
|
Subject: ext4: avoid running out of journal credits when appending to an
|
||||||
|
inline file
|
||||||
|
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=3886651521995071fab29401094e675b6ebfdc8c
|
||||||
|
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10883
|
||||||
|
|
||||||
|
Use a separate journal transaction if it turns out that we need to
|
||||||
|
convert an inline file to use an data block. Otherwise we could end
|
||||||
|
up failing due to not having journal credits.
|
||||||
|
|
||||||
|
This addresses CVE-2018-10883.
|
||||||
|
|
||||||
|
https://bugzilla.kernel.org/show_bug.cgi?id=200071
|
||||||
|
|
||||||
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
||||||
|
---
|
||||||
|
fs/ext4/ext4.h | 3 ---
|
||||||
|
fs/ext4/inline.c | 38 +-------------------------------------
|
||||||
|
fs/ext4/xattr.c | 19 ++-----------------
|
||||||
|
3 files changed, 3 insertions(+), 57 deletions(-)
|
||||||
|
|
||||||
|
--- a/fs/ext4/ext4.h
|
||||||
|
+++ b/fs/ext4/ext4.h
|
||||||
|
@@ -3005,9 +3005,6 @@ extern int ext4_inline_data_fiemap(struc
|
||||||
|
struct iomap;
|
||||||
|
extern int ext4_inline_data_iomap(struct inode *inode, struct iomap *iomap);
|
||||||
|
|
||||||
|
-extern int ext4_try_to_evict_inline_data(handle_t *handle,
|
||||||
|
- struct inode *inode,
|
||||||
|
- int needed);
|
||||||
|
extern int ext4_inline_data_truncate(struct inode *inode, int *has_inline);
|
||||||
|
|
||||||
|
extern int ext4_convert_inline_data(struct inode *inode);
|
||||||
|
--- a/fs/ext4/inline.c
|
||||||
|
+++ b/fs/ext4/inline.c
|
||||||
|
@@ -887,11 +887,11 @@ retry_journal:
|
||||||
|
flags |= AOP_FLAG_NOFS;
|
||||||
|
|
||||||
|
if (ret == -ENOSPC) {
|
||||||
|
+ ext4_journal_stop(handle);
|
||||||
|
ret = ext4_da_convert_inline_data_to_extent(mapping,
|
||||||
|
inode,
|
||||||
|
flags,
|
||||||
|
fsdata);
|
||||||
|
- ext4_journal_stop(handle);
|
||||||
|
if (ret == -ENOSPC &&
|
||||||
|
ext4_should_retry_alloc(inode->i_sb, &retries))
|
||||||
|
goto retry_journal;
|
||||||
|
@@ -1891,42 +1891,6 @@ out:
|
||||||
|
return (error < 0 ? error : 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
-/*
|
||||||
|
- * Called during xattr set, and if we can sparse space 'needed',
|
||||||
|
- * just create the extent tree evict the data to the outer block.
|
||||||
|
- *
|
||||||
|
- * We use jbd2 instead of page cache to move data to the 1st block
|
||||||
|
- * so that the whole transaction can be committed as a whole and
|
||||||
|
- * the data isn't lost because of the delayed page cache write.
|
||||||
|
- */
|
||||||
|
-int ext4_try_to_evict_inline_data(handle_t *handle,
|
||||||
|
- struct inode *inode,
|
||||||
|
- int needed)
|
||||||
|
-{
|
||||||
|
- int error;
|
||||||
|
- struct ext4_xattr_entry *entry;
|
||||||
|
- struct ext4_inode *raw_inode;
|
||||||
|
- struct ext4_iloc iloc;
|
||||||
|
-
|
||||||
|
- error = ext4_get_inode_loc(inode, &iloc);
|
||||||
|
- if (error)
|
||||||
|
- return error;
|
||||||
|
-
|
||||||
|
- raw_inode = ext4_raw_inode(&iloc);
|
||||||
|
- entry = (struct ext4_xattr_entry *)((void *)raw_inode +
|
||||||
|
- EXT4_I(inode)->i_inline_off);
|
||||||
|
- if (EXT4_XATTR_LEN(entry->e_name_len) +
|
||||||
|
- EXT4_XATTR_SIZE(le32_to_cpu(entry->e_value_size)) < needed) {
|
||||||
|
- error = -ENOSPC;
|
||||||
|
- goto out;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- error = ext4_convert_inline_data_nolock(handle, inode, &iloc);
|
||||||
|
-out:
|
||||||
|
- brelse(iloc.bh);
|
||||||
|
- return error;
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
int ext4_inline_data_truncate(struct inode *inode, int *has_inline)
|
||||||
|
{
|
||||||
|
handle_t *handle;
|
||||||
|
--- a/fs/ext4/xattr.c
|
||||||
|
+++ b/fs/ext4/xattr.c
|
||||||
|
@@ -2212,23 +2212,8 @@ int ext4_xattr_ibody_inline_set(handle_t
|
||||||
|
if (EXT4_I(inode)->i_extra_isize == 0)
|
||||||
|
return -ENOSPC;
|
||||||
|
error = ext4_xattr_set_entry(i, s, handle, inode, false /* is_block */);
|
||||||
|
- if (error) {
|
||||||
|
- if (error == -ENOSPC &&
|
||||||
|
- ext4_has_inline_data(inode)) {
|
||||||
|
- error = ext4_try_to_evict_inline_data(handle, inode,
|
||||||
|
- EXT4_XATTR_LEN(strlen(i->name) +
|
||||||
|
- EXT4_XATTR_SIZE(i->value_len)));
|
||||||
|
- if (error)
|
||||||
|
- return error;
|
||||||
|
- error = ext4_xattr_ibody_find(inode, i, is);
|
||||||
|
- if (error)
|
||||||
|
- return error;
|
||||||
|
- error = ext4_xattr_set_entry(i, s, handle, inode,
|
||||||
|
- false /* is_block */);
|
||||||
|
- }
|
||||||
|
- if (error)
|
||||||
|
- return error;
|
||||||
|
- }
|
||||||
|
+ if (error)
|
||||||
|
+ return error;
|
||||||
|
header = IHDR(inode, ext4_raw_inode(&is->iloc));
|
||||||
|
if (!IS_LAST_ENTRY(s->first)) {
|
||||||
|
header->h_magic = cpu_to_le32(EXT4_XATTR_MAGIC);
|
42
debian/patches/bugfix/all/ext4-clear-i_data-in-ext4_inode_info-when-removing-i.patch
vendored
Normal file
42
debian/patches/bugfix/all/ext4-clear-i_data-in-ext4_inode_info-when-removing-i.patch
vendored
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
From: Theodore Ts'o <tytso@mit.edu>
|
||||||
|
Date: Fri, 15 Jun 2018 12:28:16 -0400
|
||||||
|
Subject: ext4: clear i_data in ext4_inode_info when removing inline data
|
||||||
|
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=cd75e020ee28aa21985c6d8ebafc7457b4c51531
|
||||||
|
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10881
|
||||||
|
|
||||||
|
When converting from an inode from storing the data in-line to a data
|
||||||
|
block, ext4_destroy_inline_data_nolock() was only clearing the on-disk
|
||||||
|
copy of the i_blocks[] array. It was not clearing copy of the
|
||||||
|
i_blocks[] in ext4_inode_info, in i_data[], which is the copy actually
|
||||||
|
used by ext4_map_blocks().
|
||||||
|
|
||||||
|
This didn't matter much if we are using extents, since the extents
|
||||||
|
header would be invalid and thus the extents could would re-initialize
|
||||||
|
the extents tree. But if we are using indirect blocks, the previous
|
||||||
|
contents of the i_blocks array will be treated as block numbers, with
|
||||||
|
potentially catastrophic results to the file system integrity and/or
|
||||||
|
user data.
|
||||||
|
|
||||||
|
This gets worse if the file system is using a 1k block size and
|
||||||
|
s_first_data is zero, but even without this, the file system can get
|
||||||
|
quite badly corrupted.
|
||||||
|
|
||||||
|
This addresses CVE-2018-10881.
|
||||||
|
|
||||||
|
https://bugzilla.kernel.org/show_bug.cgi?id=200015
|
||||||
|
|
||||||
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
||||||
|
---
|
||||||
|
fs/ext4/inline.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
--- a/fs/ext4/inline.c
|
||||||
|
+++ b/fs/ext4/inline.c
|
||||||
|
@@ -437,6 +437,7 @@ static int ext4_destroy_inline_data_nolo
|
||||||
|
|
||||||
|
memset((void *)ext4_raw_inode(&is.iloc)->i_block,
|
||||||
|
0, EXT4_MIN_INLINE_DATA_SIZE);
|
||||||
|
+ memset(ei->i_data, 0, EXT4_MIN_INLINE_DATA_SIZE);
|
||||||
|
|
||||||
|
if (ext4_has_feature_extents(inode->i_sb)) {
|
||||||
|
if (S_ISDIR(inode->i_mode) ||
|
74
debian/patches/bugfix/all/ext4-make-sure-bitmaps-and-the-inode-table-don-t-ove.patch
vendored
Normal file
74
debian/patches/bugfix/all/ext4-make-sure-bitmaps-and-the-inode-table-don-t-ove.patch
vendored
Normal file
|
@ -0,0 +1,74 @@
|
||||||
|
From: Theodore Ts'o <tytso@mit.edu>
|
||||||
|
Date: Wed, 13 Jun 2018 23:08:26 -0400
|
||||||
|
Subject: ext4: make sure bitmaps and the inode table don't overlap with bg
|
||||||
|
descriptors
|
||||||
|
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=6b506a7d09854128b1da9571d879ee9dea3ffb02
|
||||||
|
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10878
|
||||||
|
|
||||||
|
It's really bad when the allocation bitmaps and the inode table
|
||||||
|
overlap with the block group descriptors, since it causes random
|
||||||
|
corruption of the bg descriptors. So we really want to head those off
|
||||||
|
at the pass.
|
||||||
|
|
||||||
|
https://bugzilla.kernel.org/show_bug.cgi?id=199865
|
||||||
|
|
||||||
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
||||||
|
---
|
||||||
|
fs/ext4/super.c | 25 +++++++++++++++++++++++++
|
||||||
|
1 file changed, 25 insertions(+)
|
||||||
|
|
||||||
|
--- a/fs/ext4/super.c
|
||||||
|
+++ b/fs/ext4/super.c
|
||||||
|
@@ -2307,6 +2307,7 @@ static int ext4_check_descriptors(struct
|
||||||
|
struct ext4_sb_info *sbi = EXT4_SB(sb);
|
||||||
|
ext4_fsblk_t first_block = le32_to_cpu(sbi->s_es->s_first_data_block);
|
||||||
|
ext4_fsblk_t last_block;
|
||||||
|
+ ext4_fsblk_t last_bg_block = sb_block + ext4_bg_num_gdb(sb, 0) + 1;
|
||||||
|
ext4_fsblk_t block_bitmap;
|
||||||
|
ext4_fsblk_t inode_bitmap;
|
||||||
|
ext4_fsblk_t inode_table;
|
||||||
|
@@ -2339,6 +2340,14 @@ static int ext4_check_descriptors(struct
|
||||||
|
if (!sb_rdonly(sb))
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
+ if (block_bitmap >= sb_block + 1 &&
|
||||||
|
+ block_bitmap <= last_bg_block) {
|
||||||
|
+ ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
|
||||||
|
+ "Block bitmap for group %u overlaps "
|
||||||
|
+ "block group descriptors", i);
|
||||||
|
+ if (!sb_rdonly(sb))
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
if (block_bitmap < first_block || block_bitmap > last_block) {
|
||||||
|
ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
|
||||||
|
"Block bitmap for group %u not in group "
|
||||||
|
@@ -2353,6 +2362,14 @@ static int ext4_check_descriptors(struct
|
||||||
|
if (!sb_rdonly(sb))
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
+ if (inode_bitmap >= sb_block + 1 &&
|
||||||
|
+ inode_bitmap <= last_bg_block) {
|
||||||
|
+ ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
|
||||||
|
+ "Inode bitmap for group %u overlaps "
|
||||||
|
+ "block group descriptors", i);
|
||||||
|
+ if (!sb_rdonly(sb))
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
if (inode_bitmap < first_block || inode_bitmap > last_block) {
|
||||||
|
ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
|
||||||
|
"Inode bitmap for group %u not in group "
|
||||||
|
@@ -2367,6 +2384,14 @@ static int ext4_check_descriptors(struct
|
||||||
|
if (!sb_rdonly(sb))
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
+ if (inode_table >= sb_block + 1 &&
|
||||||
|
+ inode_table <= last_bg_block) {
|
||||||
|
+ ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
|
||||||
|
+ "Inode table for group %u overlaps "
|
||||||
|
+ "block group descriptors", i);
|
||||||
|
+ if (!sb_rdonly(sb))
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
if (inode_table < first_block ||
|
||||||
|
inode_table + sbi->s_itb_per_group - 1 > last_block) {
|
||||||
|
ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: "
|
34
debian/patches/bugfix/all/ext4-never-move-the-system.data-xattr-out-of-the-ino.patch
vendored
Normal file
34
debian/patches/bugfix/all/ext4-never-move-the-system.data-xattr-out-of-the-ino.patch
vendored
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
From: Theodore Ts'o <tytso@mit.edu>
|
||||||
|
Date: Sat, 16 Jun 2018 15:40:48 -0400
|
||||||
|
Subject: ext4: never move the system.data xattr out of the inode body
|
||||||
|
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=896003d9fd652666080a06411d4238ee6eb4fb76
|
||||||
|
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10880
|
||||||
|
|
||||||
|
When expanding the extra isize space, we must never move the
|
||||||
|
system.data xattr out of the inode body. For performance reasons, it
|
||||||
|
doesn't make any sense, and the inline data implementation assumes
|
||||||
|
that system.data xattr is never in the external xattr block.
|
||||||
|
|
||||||
|
This addresses CVE-2018-10880
|
||||||
|
|
||||||
|
https://bugzilla.kernel.org/show_bug.cgi?id=200005
|
||||||
|
|
||||||
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
||||||
|
---
|
||||||
|
fs/ext4/xattr.c | 5 +++++
|
||||||
|
1 file changed, 5 insertions(+)
|
||||||
|
|
||||||
|
--- a/fs/ext4/xattr.c
|
||||||
|
+++ b/fs/ext4/xattr.c
|
||||||
|
@@ -2657,6 +2657,11 @@ static int ext4_xattr_make_inode_space(h
|
||||||
|
last = IFIRST(header);
|
||||||
|
/* Find the entry best suited to be pushed into EA block */
|
||||||
|
for (; !IS_LAST_ENTRY(last); last = EXT4_XATTR_NEXT(last)) {
|
||||||
|
+ /* never move system.data out of the inode */
|
||||||
|
+ if ((last->e_name_len == 4) &&
|
||||||
|
+ (last->e_name_index == EXT4_XATTR_INDEX_SYSTEM) &&
|
||||||
|
+ !memcmp(last->e_name, "data", 4))
|
||||||
|
+ continue;
|
||||||
|
total_size = EXT4_XATTR_LEN(last->e_name_len);
|
||||||
|
if (!last->e_value_inum)
|
||||||
|
total_size += EXT4_XATTR_SIZE(
|
125
debian/patches/bugfix/all/ext4-only-look-at-the-bg_flags-field-if-it-is-valid.patch
vendored
Normal file
125
debian/patches/bugfix/all/ext4-only-look-at-the-bg_flags-field-if-it-is-valid.patch
vendored
Normal file
|
@ -0,0 +1,125 @@
|
||||||
|
From: Theodore Ts'o <tytso@mit.edu>
|
||||||
|
Date: Thu, 14 Jun 2018 00:58:00 -0400
|
||||||
|
Subject: ext4: only look at the bg_flags field if it is valid
|
||||||
|
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=32a82d31527ae9cb568f5d7fa5ad27b2860324ed
|
||||||
|
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10876
|
||||||
|
|
||||||
|
The bg_flags field in the block group descripts is only valid if the
|
||||||
|
uninit_bg or metadata_csum feature is enabled. We were not
|
||||||
|
consistently looking at this field; fix this.
|
||||||
|
|
||||||
|
Also block group #0 must never have uninitialized allocation bitmaps,
|
||||||
|
or need to be zeroed, since that's where the root inode, and other
|
||||||
|
special inodes are set up. Check for these conditions and mark the
|
||||||
|
file system as corrupted if they are detected.
|
||||||
|
|
||||||
|
This addresses CVE-2018-10876.
|
||||||
|
|
||||||
|
https://bugzilla.kernel.org/show_bug.cgi?id=199403
|
||||||
|
|
||||||
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
||||||
|
---
|
||||||
|
fs/ext4/balloc.c | 11 ++++++++++-
|
||||||
|
fs/ext4/ialloc.c | 14 ++++++++++++--
|
||||||
|
fs/ext4/mballoc.c | 6 ++++--
|
||||||
|
fs/ext4/super.c | 11 ++++++++++-
|
||||||
|
4 files changed, 36 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
--- a/fs/ext4/balloc.c
|
||||||
|
+++ b/fs/ext4/balloc.c
|
||||||
|
@@ -451,7 +451,16 @@ ext4_read_block_bitmap_nowait(struct sup
|
||||||
|
goto verify;
|
||||||
|
}
|
||||||
|
ext4_lock_group(sb, block_group);
|
||||||
|
- if (desc->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT)) {
|
||||||
|
+ if (ext4_has_group_desc_csum(sb) &&
|
||||||
|
+ (desc->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT))) {
|
||||||
|
+ if (block_group == 0) {
|
||||||
|
+ ext4_unlock_group(sb, block_group);
|
||||||
|
+ unlock_buffer(bh);
|
||||||
|
+ ext4_error(sb, "Block bitmap for bg 0 marked "
|
||||||
|
+ "uninitialized");
|
||||||
|
+ err = -EFSCORRUPTED;
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
err = ext4_init_block_bitmap(sb, bh, block_group, desc);
|
||||||
|
set_bitmap_uptodate(bh);
|
||||||
|
set_buffer_uptodate(bh);
|
||||||
|
--- a/fs/ext4/ialloc.c
|
||||||
|
+++ b/fs/ext4/ialloc.c
|
||||||
|
@@ -155,7 +155,16 @@ ext4_read_inode_bitmap(struct super_bloc
|
||||||
|
}
|
||||||
|
|
||||||
|
ext4_lock_group(sb, block_group);
|
||||||
|
- if (desc->bg_flags & cpu_to_le16(EXT4_BG_INODE_UNINIT)) {
|
||||||
|
+ if (ext4_has_group_desc_csum(sb) &&
|
||||||
|
+ (desc->bg_flags & cpu_to_le16(EXT4_BG_INODE_UNINIT))) {
|
||||||
|
+ if (block_group == 0) {
|
||||||
|
+ ext4_unlock_group(sb, block_group);
|
||||||
|
+ unlock_buffer(bh);
|
||||||
|
+ ext4_error(sb, "Inode bitmap for bg 0 marked "
|
||||||
|
+ "uninitialized");
|
||||||
|
+ err = -EFSCORRUPTED;
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
memset(bh->b_data, 0, (EXT4_INODES_PER_GROUP(sb) + 7) / 8);
|
||||||
|
ext4_mark_bitmap_end(EXT4_INODES_PER_GROUP(sb),
|
||||||
|
sb->s_blocksize * 8, bh->b_data);
|
||||||
|
@@ -1000,7 +1009,8 @@ got:
|
||||||
|
|
||||||
|
/* recheck and clear flag under lock if we still need to */
|
||||||
|
ext4_lock_group(sb, group);
|
||||||
|
- if (gdp->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT)) {
|
||||||
|
+ if (ext4_has_group_desc_csum(sb) &&
|
||||||
|
+ (gdp->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT))) {
|
||||||
|
gdp->bg_flags &= cpu_to_le16(~EXT4_BG_BLOCK_UNINIT);
|
||||||
|
ext4_free_group_clusters_set(sb, gdp,
|
||||||
|
ext4_free_clusters_after_init(sb, group, gdp));
|
||||||
|
--- a/fs/ext4/mballoc.c
|
||||||
|
+++ b/fs/ext4/mballoc.c
|
||||||
|
@@ -2444,7 +2444,8 @@ int ext4_mb_add_groupinfo(struct super_b
|
||||||
|
* initialize bb_free to be able to skip
|
||||||
|
* empty groups without initialization
|
||||||
|
*/
|
||||||
|
- if (desc->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT)) {
|
||||||
|
+ if (ext4_has_group_desc_csum(sb) &&
|
||||||
|
+ (desc->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT))) {
|
||||||
|
meta_group_info[i]->bb_free =
|
||||||
|
ext4_free_clusters_after_init(sb, group, desc);
|
||||||
|
} else {
|
||||||
|
@@ -3011,7 +3012,8 @@ ext4_mb_mark_diskspace_used(struct ext4_
|
||||||
|
#endif
|
||||||
|
ext4_set_bits(bitmap_bh->b_data, ac->ac_b_ex.fe_start,
|
||||||
|
ac->ac_b_ex.fe_len);
|
||||||
|
- if (gdp->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT)) {
|
||||||
|
+ if (ext4_has_group_desc_csum(sb) &&
|
||||||
|
+ (gdp->bg_flags & cpu_to_le16(EXT4_BG_BLOCK_UNINIT))) {
|
||||||
|
gdp->bg_flags &= cpu_to_le16(~EXT4_BG_BLOCK_UNINIT);
|
||||||
|
ext4_free_group_clusters_set(sb, gdp,
|
||||||
|
ext4_free_clusters_after_init(sb,
|
||||||
|
--- a/fs/ext4/super.c
|
||||||
|
+++ b/fs/ext4/super.c
|
||||||
|
@@ -3098,13 +3098,22 @@ static ext4_group_t ext4_has_uninit_itab
|
||||||
|
ext4_group_t group, ngroups = EXT4_SB(sb)->s_groups_count;
|
||||||
|
struct ext4_group_desc *gdp = NULL;
|
||||||
|
|
||||||
|
+ if (!ext4_has_group_desc_csum(sb))
|
||||||
|
+ return ngroups;
|
||||||
|
+
|
||||||
|
for (group = 0; group < ngroups; group++) {
|
||||||
|
gdp = ext4_get_group_desc(sb, group, NULL);
|
||||||
|
if (!gdp)
|
||||||
|
continue;
|
||||||
|
|
||||||
|
- if (!(gdp->bg_flags & cpu_to_le16(EXT4_BG_INODE_ZEROED)))
|
||||||
|
+ if (gdp->bg_flags & cpu_to_le16(EXT4_BG_INODE_ZEROED))
|
||||||
|
+ continue;
|
||||||
|
+ if (group != 0)
|
||||||
|
break;
|
||||||
|
+ ext4_error(sb, "Inode table for bg 0 marked as "
|
||||||
|
+ "needing zeroing");
|
||||||
|
+ if (sb_rdonly(sb))
|
||||||
|
+ return ngroups;
|
||||||
|
}
|
||||||
|
|
||||||
|
return group;
|
45
debian/patches/bugfix/all/ext4-verify-the-depth-of-extent-tree-in-ext4_find_ex.patch
vendored
Normal file
45
debian/patches/bugfix/all/ext4-verify-the-depth-of-extent-tree-in-ext4_find_ex.patch
vendored
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
From: Theodore Ts'o <tytso@mit.edu>
|
||||||
|
Date: Thu, 14 Jun 2018 12:55:10 -0400
|
||||||
|
Subject: ext4: verify the depth of extent tree in ext4_find_extent()
|
||||||
|
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=0a8173832987f52ab6926dbdf1cd3991ca615000
|
||||||
|
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10877
|
||||||
|
|
||||||
|
If there is a corupted file system where the claimed depth of the
|
||||||
|
extent tree is -1, this can cause a massive buffer overrun leading to
|
||||||
|
sadness.
|
||||||
|
|
||||||
|
This addresses CVE-2018-10877.
|
||||||
|
|
||||||
|
https://bugzilla.kernel.org/show_bug.cgi?id=199417
|
||||||
|
|
||||||
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
||||||
|
---
|
||||||
|
fs/ext4/ext4_extents.h | 1 +
|
||||||
|
fs/ext4/extents.c | 6 ++++++
|
||||||
|
2 files changed, 7 insertions(+)
|
||||||
|
|
||||||
|
--- a/fs/ext4/ext4_extents.h
|
||||||
|
+++ b/fs/ext4/ext4_extents.h
|
||||||
|
@@ -91,6 +91,7 @@ struct ext4_extent_header {
|
||||||
|
};
|
||||||
|
|
||||||
|
#define EXT4_EXT_MAGIC cpu_to_le16(0xf30a)
|
||||||
|
+#define EXT4_MAX_EXTENT_DEPTH 5
|
||||||
|
|
||||||
|
#define EXT4_EXTENT_TAIL_OFFSET(hdr) \
|
||||||
|
(sizeof(struct ext4_extent_header) + \
|
||||||
|
--- a/fs/ext4/extents.c
|
||||||
|
+++ b/fs/ext4/extents.c
|
||||||
|
@@ -869,6 +869,12 @@ ext4_find_extent(struct inode *inode, ex
|
||||||
|
|
||||||
|
eh = ext_inode_hdr(inode);
|
||||||
|
depth = ext_depth(inode);
|
||||||
|
+ if (depth < 0 || depth > EXT4_MAX_EXTENT_DEPTH) {
|
||||||
|
+ EXT4_ERROR_INODE(inode, "inode has invalid extent depth: %d",
|
||||||
|
+ depth);
|
||||||
|
+ ret = -EFSCORRUPTED;
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
if (path) {
|
||||||
|
ext4_ext_drop_refs(path);
|
52
debian/patches/bugfix/all/jbd2-don-t-mark-block-as-modified-if-the-handle-is-o.patch
vendored
Normal file
52
debian/patches/bugfix/all/jbd2-don-t-mark-block-as-modified-if-the-handle-is-o.patch
vendored
Normal file
|
@ -0,0 +1,52 @@
|
||||||
|
From: Theodore Ts'o <tytso@mit.edu>
|
||||||
|
Date: Sat, 16 Jun 2018 20:21:45 -0400
|
||||||
|
Subject: jbd2: don't mark block as modified if the handle is out of credits
|
||||||
|
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit?id=aa18d2cefac6c34885659d12c3fdcffcd6c54e9a
|
||||||
|
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10883
|
||||||
|
|
||||||
|
Do not set the b_modified flag in block's journal head should not
|
||||||
|
until after we're sure that jbd2_journal_dirty_metadat() will not
|
||||||
|
abort with an error due to there not being enough space reserved in
|
||||||
|
the jbd2 handle.
|
||||||
|
|
||||||
|
Otherwise, future attempts to modify the buffer may lead a large
|
||||||
|
number of spurious errors and warnings.
|
||||||
|
|
||||||
|
This addresses CVE-2018-10883.
|
||||||
|
|
||||||
|
https://bugzilla.kernel.org/show_bug.cgi?id=200071
|
||||||
|
|
||||||
|
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
||||||
|
---
|
||||||
|
fs/jbd2/transaction.c | 9 ++++++++-
|
||||||
|
1 file changed, 8 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
--- a/fs/jbd2/transaction.c
|
||||||
|
+++ b/fs/jbd2/transaction.c
|
||||||
|
@@ -1363,6 +1363,13 @@ int jbd2_journal_dirty_metadata(handle_t
|
||||||
|
if (jh->b_transaction == transaction &&
|
||||||
|
jh->b_jlist != BJ_Metadata) {
|
||||||
|
jbd_lock_bh_state(bh);
|
||||||
|
+ if (jh->b_transaction == transaction &&
|
||||||
|
+ jh->b_jlist != BJ_Metadata)
|
||||||
|
+ pr_err("JBD2: assertion failure: h_type=%u "
|
||||||
|
+ "h_line_no=%u block_no=%llu jlist=%u\n",
|
||||||
|
+ handle->h_type, handle->h_line_no,
|
||||||
|
+ (unsigned long long) bh->b_blocknr,
|
||||||
|
+ jh->b_jlist);
|
||||||
|
J_ASSERT_JH(jh, jh->b_transaction != transaction ||
|
||||||
|
jh->b_jlist == BJ_Metadata);
|
||||||
|
jbd_unlock_bh_state(bh);
|
||||||
|
@@ -1382,11 +1389,11 @@ int jbd2_journal_dirty_metadata(handle_t
|
||||||
|
* of the transaction. This needs to be done
|
||||||
|
* once a transaction -bzzz
|
||||||
|
*/
|
||||||
|
- jh->b_modified = 1;
|
||||||
|
if (handle->h_buffer_credits <= 0) {
|
||||||
|
ret = -ENOSPC;
|
||||||
|
goto out_unlock_bh;
|
||||||
|
}
|
||||||
|
+ jh->b_modified = 1;
|
||||||
|
handle->h_buffer_credits--;
|
||||||
|
}
|
||||||
|
|
|
@ -72,3 +72,14 @@ need them.
|
||||||
device_initcall(ashmem_init);
|
device_initcall(ashmem_init);
|
||||||
+
|
+
|
||||||
+MODULE_LICENSE("GPL v2");
|
+MODULE_LICENSE("GPL v2");
|
||||||
|
--- a/drivers/android/binder_alloc.c
|
||||||
|
+++ b/drivers/android/binder_alloc.c
|
||||||
|
@@ -42,7 +42,7 @@ enum {
|
||||||
|
};
|
||||||
|
static uint32_t binder_alloc_debug_mask;
|
||||||
|
|
||||||
|
-module_param_named(debug_mask, binder_alloc_debug_mask,
|
||||||
|
+module_param_named(alloc_debug_mask, binder_alloc_debug_mask,
|
||||||
|
uint, 0644);
|
||||||
|
|
||||||
|
#define binder_alloc_debug(mask, x...) \
|
||||||
|
|
|
@ -0,0 +1,146 @@
|
||||||
|
From: Ben Hutchings <ben@decadent.org.uk>
|
||||||
|
Date: Tue, 26 Jun 2018 16:59:01 +0100
|
||||||
|
Subject: Export symbols needed by Android drivers
|
||||||
|
Bug-Debian: https://bugs.debian.org/901492
|
||||||
|
|
||||||
|
We want to enable use of the Android ashmem and binder drivers to
|
||||||
|
support Anbox, but they should not be built-in as that would waste
|
||||||
|
resources and increase security attack surface on systems that don't
|
||||||
|
need them.
|
||||||
|
|
||||||
|
Export the currently un-exported symbols they depend on.
|
||||||
|
|
||||||
|
---
|
||||||
|
--- a/fs/file.c
|
||||||
|
+++ b/fs/file.c
|
||||||
|
@@ -409,6 +409,7 @@ struct files_struct *get_files_struct(st
|
||||||
|
|
||||||
|
return files;
|
||||||
|
}
|
||||||
|
+EXPORT_SYMBOL_GPL(get_files_struct);
|
||||||
|
|
||||||
|
void put_files_struct(struct files_struct *files)
|
||||||
|
{
|
||||||
|
@@ -421,6 +422,7 @@ void put_files_struct(struct files_struc
|
||||||
|
kmem_cache_free(files_cachep, files);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+EXPORT_SYMBOL_GPL(put_files_struct);
|
||||||
|
|
||||||
|
void reset_files_struct(struct files_struct *files)
|
||||||
|
{
|
||||||
|
@@ -533,6 +535,7 @@ out:
|
||||||
|
spin_unlock(&files->file_lock);
|
||||||
|
return error;
|
||||||
|
}
|
||||||
|
+EXPORT_SYMBOL_GPL(__alloc_fd);
|
||||||
|
|
||||||
|
static int alloc_fd(unsigned start, unsigned flags)
|
||||||
|
{
|
||||||
|
@@ -606,6 +609,7 @@ void __fd_install(struct files_struct *f
|
||||||
|
rcu_assign_pointer(fdt->fd[fd], file);
|
||||||
|
rcu_read_unlock_sched();
|
||||||
|
}
|
||||||
|
+EXPORT_SYMBOL_GPL(__fd_install);
|
||||||
|
|
||||||
|
void fd_install(unsigned int fd, struct file *file)
|
||||||
|
{
|
||||||
|
--- a/kernel/fork.c
|
||||||
|
+++ b/kernel/fork.c
|
||||||
|
@@ -999,6 +999,7 @@ void mmput_async(struct mm_struct *mm)
|
||||||
|
schedule_work(&mm->async_put_work);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+EXPORT_SYMBOL_GPL(mmput_async);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/**
|
||||||
|
--- a/kernel/signal.c
|
||||||
|
+++ b/kernel/signal.c
|
||||||
|
@@ -1280,6 +1280,7 @@ struct sighand_struct *__lock_task_sigha
|
||||||
|
|
||||||
|
return sighand;
|
||||||
|
}
|
||||||
|
+EXPORT_SYMBOL_GPL(__lock_task_sighand);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* send signal info to all the members of a group
|
||||||
|
--- a/mm/memory.c
|
||||||
|
+++ b/mm/memory.c
|
||||||
|
@@ -1624,6 +1624,7 @@ void zap_page_range(struct vm_area_struc
|
||||||
|
mmu_notifier_invalidate_range_end(mm, start, end);
|
||||||
|
tlb_finish_mmu(&tlb, start, end);
|
||||||
|
}
|
||||||
|
+EXPORT_SYMBOL_GPL(zap_page_range);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* zap_page_range_single - remove user pages in a given range
|
||||||
|
--- a/mm/shmem.c
|
||||||
|
+++ b/mm/shmem.c
|
||||||
|
@@ -4326,6 +4326,7 @@ int shmem_zero_setup(struct vm_area_stru
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
+EXPORT_SYMBOL_GPL(shmem_zero_setup);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* shmem_read_mapping_page_gfp - read into page cache, using specified page allocation flags.
|
||||||
|
--- a/mm/vmalloc.c
|
||||||
|
+++ b/mm/vmalloc.c
|
||||||
|
@@ -1308,6 +1308,7 @@ int map_kernel_range_noflush(unsigned lo
|
||||||
|
{
|
||||||
|
return vmap_page_range_noflush(addr, addr + size, prot, pages);
|
||||||
|
}
|
||||||
|
+EXPORT_SYMBOL_GPL(map_kernel_range_noflush);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* unmap_kernel_range_noflush - unmap kernel VM area
|
||||||
|
@@ -1448,6 +1449,7 @@ struct vm_struct *get_vm_area(unsigned l
|
||||||
|
NUMA_NO_NODE, GFP_KERNEL,
|
||||||
|
__builtin_return_address(0));
|
||||||
|
}
|
||||||
|
+EXPORT_SYMBOL_GPL(get_vm_area);
|
||||||
|
|
||||||
|
struct vm_struct *get_vm_area_caller(unsigned long size, unsigned long flags,
|
||||||
|
const void *caller)
|
||||||
|
--- a/security/security.c
|
||||||
|
+++ b/security/security.c
|
||||||
|
@@ -231,24 +231,28 @@ int security_binder_set_context_mgr(stru
|
||||||
|
{
|
||||||
|
return call_int_hook(binder_set_context_mgr, 0, mgr);
|
||||||
|
}
|
||||||
|
+EXPORT_SYMBOL_GPL(security_binder_set_context_mgr);
|
||||||
|
|
||||||
|
int security_binder_transaction(struct task_struct *from,
|
||||||
|
struct task_struct *to)
|
||||||
|
{
|
||||||
|
return call_int_hook(binder_transaction, 0, from, to);
|
||||||
|
}
|
||||||
|
+EXPORT_SYMBOL_GPL(security_binder_transaction);
|
||||||
|
|
||||||
|
int security_binder_transfer_binder(struct task_struct *from,
|
||||||
|
struct task_struct *to)
|
||||||
|
{
|
||||||
|
return call_int_hook(binder_transfer_binder, 0, from, to);
|
||||||
|
}
|
||||||
|
+EXPORT_SYMBOL_GPL(security_binder_transfer_binder);
|
||||||
|
|
||||||
|
int security_binder_transfer_file(struct task_struct *from,
|
||||||
|
struct task_struct *to, struct file *file)
|
||||||
|
{
|
||||||
|
return call_int_hook(binder_transfer_file, 0, from, to, file);
|
||||||
|
}
|
||||||
|
+EXPORT_SYMBOL_GPL(security_binder_transfer_file);
|
||||||
|
|
||||||
|
int security_ptrace_access_check(struct task_struct *child, unsigned int mode)
|
||||||
|
{
|
||||||
|
--- a/kernel/sched/core.c
|
||||||
|
+++ b/kernel/sched/core.c
|
||||||
|
@@ -3976,6 +3976,7 @@ int can_nice(const struct task_struct *p
|
||||||
|
return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) ||
|
||||||
|
capable(CAP_SYS_NICE));
|
||||||
|
}
|
||||||
|
+EXPORT_SYMBOL_GPL(can_nice);
|
||||||
|
|
||||||
|
#ifdef __ARCH_WANT_SYS_NICE
|
||||||
|
|
|
@ -11,6 +11,7 @@ debian/powerpcspe-omit-uimage.patch
|
||||||
debian/tools-perf-version.patch
|
debian/tools-perf-version.patch
|
||||||
debian/tools-perf-install.patch
|
debian/tools-perf-install.patch
|
||||||
debian/wireless-add-debian-wireless-regdb-certificates.patch
|
debian/wireless-add-debian-wireless-regdb-certificates.patch
|
||||||
|
debian/export-symbols-needed-by-android-drivers.patch
|
||||||
debian/android-enable-building-ashmem-and-binder-as-modules.patch
|
debian/android-enable-building-ashmem-and-binder-as-modules.patch
|
||||||
|
|
||||||
# Fixes/improvements to firmware loading
|
# Fixes/improvements to firmware loading
|
||||||
|
@ -125,6 +126,17 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
|
||||||
|
|
||||||
# Security fixes
|
# Security fixes
|
||||||
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
|
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
|
||||||
|
bugfix/all/ext4-add-corruption-check-in-ext4_xattr_set_entry.patch
|
||||||
|
bugfix/all/ext4-always-verify-the-magic-number-in-xattr-blocks.patch
|
||||||
|
bugfix/all/ext4-always-check-block-group-bounds-in-ext4_init_bl.patch
|
||||||
|
bugfix/all/ext4-make-sure-bitmaps-and-the-inode-table-don-t-ove.patch
|
||||||
|
bugfix/all/ext4-only-look-at-the-bg_flags-field-if-it-is-valid.patch
|
||||||
|
bugfix/all/ext4-verify-the-depth-of-extent-tree-in-ext4_find_ex.patch
|
||||||
|
bugfix/all/ext4-clear-i_data-in-ext4_inode_info-when-removing-i.patch
|
||||||
|
bugfix/all/ext4-never-move-the-system.data-xattr-out-of-the-ino.patch
|
||||||
|
bugfix/all/jbd2-don-t-mark-block-as-modified-if-the-handle-is-o.patch
|
||||||
|
bugfix/all/ext4-avoid-running-out-of-journal-credits-when-appen.patch
|
||||||
|
bugfix/all/ext4-add-more-inode-number-paranoia-checks.patch
|
||||||
|
|
||||||
# Fix exported symbol versions
|
# Fix exported symbol versions
|
||||||
bugfix/all/module-disable-matching-missing-version-crc.patch
|
bugfix/all/module-disable-matching-missing-version-crc.patch
|
||||||
|
|
|
@ -22,7 +22,7 @@ ifneq (,$(filter nodoc,$(DEB_BUILD_PROFILES)))
|
||||||
MAKEFLAGS += DO_DOCS=False
|
MAKEFLAGS += DO_DOCS=False
|
||||||
endif
|
endif
|
||||||
ifneq (,$(filter pkg.linux.notools,$(DEB_BUILD_PROFILES)))
|
ifneq (,$(filter pkg.linux.notools,$(DEB_BUILD_PROFILES)))
|
||||||
MAKEFLAGS += DO_TOOLS=False
|
MAKEFLAGS += DO_TOOLS_VERSIONED=False DO_TOOLS_UNVERSIONED=False
|
||||||
endif
|
endif
|
||||||
|
|
||||||
.NOTPARALLEL:
|
.NOTPARALLEL:
|
||||||
|
|
|
@ -16,7 +16,7 @@ modpost.real-%:
|
||||||
$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
|
$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
|
||||||
|
|
||||||
modpost-opts.h: $(top_srcdir)/scripts/mod/modpost.c
|
modpost-opts.h: $(top_srcdir)/scripts/mod/modpost.c
|
||||||
python $(wrapperdir)/gendef.py $< > $@
|
$(wrapperdir)/gendef.py $< > $@
|
||||||
|
|
||||||
modpost.o: modpost.c modpost-opts.h
|
modpost.o: modpost.c modpost-opts.h
|
||||||
$(CC) $(CFLAGS) -I $(CURDIR) -c -o $@ $<
|
$(CC) $(CFLAGS) -I $(CURDIR) -c -o $@ $<
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
#!/usr/bin/python
|
#!/usr/bin/python3
|
||||||
import re
|
import re
|
||||||
import sys
|
import sys
|
||||||
|
|
||||||
|
@ -10,11 +10,11 @@ for line in open(sys.argv[1]):
|
||||||
else:
|
else:
|
||||||
raise RuntimeError
|
raise RuntimeError
|
||||||
|
|
||||||
print '#define GETOPT_OPTIONS "%s"' % options
|
print('#define GETOPT_OPTIONS "%s"' % options)
|
||||||
|
|
||||||
print '#define GETOPT_CASE',
|
print('#define GETOPT_CASE', end=' ')
|
||||||
for c in options:
|
for c in options:
|
||||||
if c == ':' or c == 'T':
|
if c == ':' or c == 'T':
|
||||||
continue
|
continue
|
||||||
print "case '%c':" % c,
|
print("case '%c':" % c, end=' ')
|
||||||
print
|
print()
|
||||||
|
|
|
@ -7,7 +7,6 @@
|
||||||
#
|
#
|
||||||
SHELL := bash -e
|
SHELL := bash -e
|
||||||
MAINTAINER := $(shell sed -ne 's,^Maintainer: .[^<]*<\([^>]*\)>,\1,p' debian/control)
|
MAINTAINER := $(shell sed -ne 's,^Maintainer: .[^<]*<\([^>]*\)>,\1,p' debian/control)
|
||||||
SOURCE_PACKAGE_NAME := $(shell dpkg-parsechangelog -SSource)
|
|
||||||
DISTRIBUTION := $(shell dpkg-parsechangelog -SDistribution)
|
DISTRIBUTION := $(shell dpkg-parsechangelog -SDistribution)
|
||||||
SOURCE_DATE := $(shell dpkg-parsechangelog -SDate)
|
SOURCE_DATE := $(shell dpkg-parsechangelog -SDate)
|
||||||
SOURCE_DATE_UTC_ISO := $(shell date -u -d '$(SOURCE_DATE)' +%Y-%m-%d)
|
SOURCE_DATE_UTC_ISO := $(shell date -u -d '$(SOURCE_DATE)' +%Y-%m-%d)
|
||||||
|
@ -112,19 +111,19 @@ mkdir -p '$(1)'
|
||||||
cp -al $(filter-out debian .pc .svk .svn .git, $(wildcard * .[^.]*)) '$(1)'
|
cp -al $(filter-out debian .pc .svk .svn .git, $(wildcard * .[^.]*)) '$(1)'
|
||||||
endef
|
endef
|
||||||
|
|
||||||
$(BUILD_DIR)/$(SOURCE_PACKAGE_NAME)-source-$(UPSTREAMVERSION).tar.xz: DIR = $(BUILD_DIR)/$(SOURCE_PACKAGE_NAME)-source-$(UPSTREAMVERSION)
|
$(BUILD_DIR)/$(SOURCE_BASENAME)-source-$(UPSTREAMVERSION).tar.xz: DIR = $(BUILD_DIR)/$(SOURCE_BASENAME)-source-$(UPSTREAMVERSION)
|
||||||
$(BUILD_DIR)/$(SOURCE_PACKAGE_NAME)-source-$(UPSTREAMVERSION).tar.xz: $(STAMPS_DIR)/source
|
$(BUILD_DIR)/$(SOURCE_BASENAME)-source-$(UPSTREAMVERSION).tar.xz: $(STAMPS_DIR)/source
|
||||||
rm -rf '$@' '$(DIR)'
|
rm -rf '$@' '$(DIR)'
|
||||||
$(call copy_source,$(DIR))
|
$(call copy_source,$(DIR))
|
||||||
chmod -R u+rw,go=rX '$(DIR)'
|
chmod -R u+rw,go=rX '$(DIR)'
|
||||||
find '$(DIR)' -depth -newermt '$(SOURCE_DATE)' -print0 | \
|
find '$(DIR)' -depth -newermt '$(SOURCE_DATE)' -print0 | \
|
||||||
xargs -0r touch --no-dereference --date='$(SOURCE_DATE)'
|
xargs -0r touch --no-dereference --date='$(SOURCE_DATE)'
|
||||||
cd '$(BUILD_DIR)'; \
|
cd '$(BUILD_DIR)'; \
|
||||||
find '$(SOURCE_PACKAGE_NAME)-source-$(UPSTREAMVERSION)' \
|
find '$(SOURCE_BASENAME)-source-$(UPSTREAMVERSION)' \
|
||||||
-name '*.pyc' -prune -o \
|
-name '*.pyc' -prune -o \
|
||||||
-print0 | \
|
-print0 | \
|
||||||
sort -z | \
|
sort -z | \
|
||||||
tar --no-recursion --null -T - -caf '$(SOURCE_PACKAGE_NAME)-source-$(UPSTREAMVERSION).tar.xz'
|
tar --no-recursion --null -T - -caf '$(SOURCE_BASENAME)-source-$(UPSTREAMVERSION).tar.xz'
|
||||||
rm -rf '$(DIR)'
|
rm -rf '$(DIR)'
|
||||||
|
|
||||||
$(BUILD_DIR)/linux-patch-$(UPSTREAMVERSION)-%.patch.xz: $(STAMPS_DIR)/source_none $(STAMPS_DIR)/source_%
|
$(BUILD_DIR)/linux-patch-$(UPSTREAMVERSION)-%.patch.xz: $(STAMPS_DIR)/source_none $(STAMPS_DIR)/source_%
|
||||||
|
@ -238,7 +237,7 @@ install-dummy:
|
||||||
dh_prep
|
dh_prep
|
||||||
+$(MAKE_SELF) install-base
|
+$(MAKE_SELF) install-base
|
||||||
|
|
||||||
install-doc: PACKAGE_NAME = $(SOURCE_PACKAGE_NAME)-doc-$(VERSION)
|
install-doc: PACKAGE_NAME = $(SOURCE_BASENAME)-doc-$(VERSION)
|
||||||
install-doc: DIR = $(BUILD_DIR)/build-doc
|
install-doc: DIR = $(BUILD_DIR)/build-doc
|
||||||
install-doc: PACKAGE_DIR = debian/$(PACKAGE_NAME)
|
install-doc: PACKAGE_DIR = debian/$(PACKAGE_NAME)
|
||||||
install-doc: OUT_DIR = $(PACKAGE_DIR)/usr/share/doc/$(PACKAGE_NAME)
|
install-doc: OUT_DIR = $(PACKAGE_DIR)/usr/share/doc/$(PACKAGE_NAME)
|
||||||
|
@ -273,21 +272,6 @@ ifeq (,$(filter nodoc,$(DEB_BUILD_PROFILES)))
|
||||||
endif
|
endif
|
||||||
+$(MAKE_SELF) install-base
|
+$(MAKE_SELF) install-base
|
||||||
|
|
||||||
install-manual: PACKAGE_NAME = $(SOURCE_PACKAGE_NAME)-manual-$(VERSION)
|
|
||||||
install-manual: DIR=$(BUILD_DIR)/build-doc
|
|
||||||
install-manual: DH_OPTIONS = -p$(PACKAGE_NAME)
|
|
||||||
install-manual: $(STAMPS_DIR)/build-doc
|
|
||||||
dh_prep
|
|
||||||
# Some manual pages are generated multiple times with different
|
|
||||||
# metadata, and need to be de-duplicated. This matches what the
|
|
||||||
# upstream installmandocs target does, except that we use
|
|
||||||
# dh_installman.
|
|
||||||
set -o pipefail; \
|
|
||||||
find $(DIR)/Documentation/DocBook/man/ -name '*.9.gz' -printf '%h %f\n' | \
|
|
||||||
sort -k 2 -k 1 | uniq -f 1 | sed -e 's: :/:' | \
|
|
||||||
xargs dh_installman
|
|
||||||
+$(MAKE_SELF) install-base
|
|
||||||
|
|
||||||
install-headers_$(ARCH): PACKAGE_NAMES = linux-headers-$(ABINAME)-all linux-headers-$(ABINAME)-all-$(ARCH)
|
install-headers_$(ARCH): PACKAGE_NAMES = linux-headers-$(ABINAME)-all linux-headers-$(ABINAME)-all-$(ARCH)
|
||||||
install-headers_$(ARCH): DH_OPTIONS = $(foreach p, $(PACKAGE_NAMES), -p$(p))
|
install-headers_$(ARCH): DH_OPTIONS = $(foreach p, $(PACKAGE_NAMES), -p$(p))
|
||||||
install-headers_$(ARCH):
|
install-headers_$(ARCH):
|
||||||
|
@ -400,7 +384,7 @@ install-libc-dev_$(ARCH):
|
||||||
|
|
||||||
+$(MAKE_SELF) install-base
|
+$(MAKE_SELF) install-base
|
||||||
|
|
||||||
install-support: PACKAGE_NAME = $(SOURCE_PACKAGE_NAME)-support-$(ABINAME)
|
install-support: PACKAGE_NAME = $(SOURCE_BASENAME)-support-$(ABINAME)
|
||||||
install-support: DH_OPTIONS = -p$(PACKAGE_NAME)
|
install-support: DH_OPTIONS = -p$(PACKAGE_NAME)
|
||||||
install-support: PACKAGE_DIR = debian/$(PACKAGE_NAME)
|
install-support: PACKAGE_DIR = debian/$(PACKAGE_NAME)
|
||||||
install-support: PACKAGE_ROOT = /usr/share/$(PACKAGE_NAME)
|
install-support: PACKAGE_ROOT = /usr/share/$(PACKAGE_NAME)
|
||||||
|
@ -565,9 +549,9 @@ ifeq ($(UDEB_UNSIGNED_TEST_BUILD),False)
|
||||||
dh_builddeb
|
dh_builddeb
|
||||||
endif
|
endif
|
||||||
|
|
||||||
install-source: PACKAGE_NAME = $(SOURCE_PACKAGE_NAME)-source-$(VERSION)
|
install-source: PACKAGE_NAME = $(SOURCE_BASENAME)-source-$(VERSION)
|
||||||
install-source: DH_OPTIONS = -p$(PACKAGE_NAME)
|
install-source: DH_OPTIONS = -p$(PACKAGE_NAME)
|
||||||
install-source: $(BUILD_DIR)/$(SOURCE_PACKAGE_NAME)-source-$(UPSTREAMVERSION).tar.xz $(foreach FEATURESET,$(filter-out none,$(ALL_FEATURESETS)),$(BUILD_DIR)/linux-patch-$(UPSTREAMVERSION)-$(FEATURESET).patch.xz)
|
install-source: $(BUILD_DIR)/$(SOURCE_BASENAME)-source-$(UPSTREAMVERSION).tar.xz $(foreach FEATURESET,$(filter-out none,$(ALL_FEATURESETS)),$(BUILD_DIR)/linux-patch-$(UPSTREAMVERSION)-$(FEATURESET).patch.xz)
|
||||||
dh_testdir
|
dh_testdir
|
||||||
dh_testroot
|
dh_testroot
|
||||||
dh_installdirs /usr/src/linux-config-$(UPSTREAMVERSION)
|
dh_installdirs /usr/src/linux-config-$(UPSTREAMVERSION)
|
||||||
|
|
|
@ -15,6 +15,8 @@ Build-Depends:
|
||||||
xz-utils <!stage1>,
|
xz-utils <!stage1>,
|
||||||
# used by debian/rules.real to build linux-perf and linux-support
|
# used by debian/rules.real to build linux-perf and linux-support
|
||||||
dh-python <!stage1>,
|
dh-python <!stage1>,
|
||||||
|
# used by upstream to build genksyms, kconfig, and perf
|
||||||
|
bison <!stage1>, flex (>= 2.6.1-1.1~) <!stage1>,
|
||||||
Build-Depends-Arch:
|
Build-Depends-Arch:
|
||||||
# used by debian/rules.real to build udebs
|
# used by debian/rules.real to build udebs
|
||||||
kernel-wedge (>= 2.93~) <!stage1>,
|
kernel-wedge (>= 2.93~) <!stage1>,
|
||||||
|
@ -28,10 +30,6 @@ Build-Depends-Arch:
|
||||||
# used by upstream to build perf documentation
|
# used by upstream to build perf documentation
|
||||||
asciidoc-base <!stage1 !nodoc !pkg.linux.notools>,
|
asciidoc-base <!stage1 !nodoc !pkg.linux.notools>,
|
||||||
xmlto <!stage1 !nodoc !pkg.linux.notools>,
|
xmlto <!stage1 !nodoc !pkg.linux.notools>,
|
||||||
# used by upstream to build genksyms, kconfig, and perf
|
|
||||||
bison <!stage1>,
|
|
||||||
# - flex needs to run on the host; we have the same problem as for openssl
|
|
||||||
flex (>= 2.6.1-1.1~) <!stage1>,
|
|
||||||
# used by upstream to build perf
|
# used by upstream to build perf
|
||||||
gcc-multilib [amd64 ppc64 s390x sparc64] <!stage1 !pkg.linux.notools !nopython>,
|
gcc-multilib [amd64 ppc64 s390x sparc64] <!stage1 !pkg.linux.notools !nopython>,
|
||||||
libaudit-dev <!stage1 !pkg.linux.notools !nopython>,
|
libaudit-dev <!stage1 !pkg.linux.notools !nopython>,
|
||||||
|
|
Loading…
Reference in New Issue