diff --git a/debian/changelog b/debian/changelog index 027e041b2..3ed28b2a1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,9 +1,12 @@ -linux (4.16.3-1) UNRELEASED; urgency=medium +linux (4.16.4-1) UNRELEASED; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.1 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.2 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.3 + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.4 + - ext4: limit xattr size to INT_MAX (CVE-2018-1095) + - random: fix crng_ready() test (CVE-2018-1108) [ Ben Hutchings ] * aufs: gen-patch: Fix Subject generation to skip SPDX-License-Identifier diff --git a/debian/patches/bugfix/all/ext4-always-initialize-the-crc32c-checksum-driver.patch b/debian/patches/bugfix/all/ext4-always-initialize-the-crc32c-checksum-driver.patch deleted file mode 100644 index 3e2f57379..000000000 --- a/debian/patches/bugfix/all/ext4-always-initialize-the-crc32c-checksum-driver.patch +++ /dev/null @@ -1,46 +0,0 @@ -From: Theodore Ts'o -Date: Thu, 29 Mar 2018 22:10:31 -0400 -Subject: ext4: always initialize the crc32c checksum driver -Origin: https://git.kernel.org/linus/a45403b51582a87872927a3e0fc0a389c26867f1 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-1094 - -The extended attribute code now uses the crc32c checksum for hashing -purposes, so we should just always always initialize it. We also want -to prevent NULL pointer dereferences if one of the metadata checksum -features is enabled after the file sytsem is originally mounted. - -This issue has been assigned CVE-2018-1094. - -https://bugzilla.kernel.org/show_bug.cgi?id=199183 -https://bugzilla.redhat.com/show_bug.cgi?id=1560788 - -Signed-off-by: Theodore Ts'o -Cc: stable@vger.kernel.org ---- - fs/ext4/super.c | 15 ++++++--------- - 1 file changed, 6 insertions(+), 9 deletions(-) - ---- a/fs/ext4/super.c -+++ b/fs/ext4/super.c -@@ -3489,15 +3489,12 @@ static int ext4_fill_super(struct super_ - } - - /* Load the checksum driver */ -- if (ext4_has_feature_metadata_csum(sb) || -- ext4_has_feature_ea_inode(sb)) { -- sbi->s_chksum_driver = crypto_alloc_shash("crc32c", 0, 0); -- if (IS_ERR(sbi->s_chksum_driver)) { -- ext4_msg(sb, KERN_ERR, "Cannot load crc32c driver."); -- ret = PTR_ERR(sbi->s_chksum_driver); -- sbi->s_chksum_driver = NULL; -- goto failed_mount; -- } -+ sbi->s_chksum_driver = crypto_alloc_shash("crc32c", 0, 0); -+ if (IS_ERR(sbi->s_chksum_driver)) { -+ ext4_msg(sb, KERN_ERR, "Cannot load crc32c driver."); -+ ret = PTR_ERR(sbi->s_chksum_driver); -+ sbi->s_chksum_driver = NULL; -+ goto failed_mount; - } - - /* Check superblock checksum */ diff --git a/debian/patches/bugfix/all/ext4-fail-ext4_iget-for-root-directory-if-unallocate.patch b/debian/patches/bugfix/all/ext4-fail-ext4_iget-for-root-directory-if-unallocate.patch deleted file mode 100644 index f241c3bfb..000000000 --- a/debian/patches/bugfix/all/ext4-fail-ext4_iget-for-root-directory-if-unallocate.patch +++ /dev/null @@ -1,40 +0,0 @@ -From: Theodore Ts'o -Date: Thu, 29 Mar 2018 21:56:09 -0400 -Subject: ext4: fail ext4_iget for root directory if unallocated -Origin: https://git.kernel.org/linus/8e4b5eae5decd9dfe5a4ee369c22028f90ab4c44 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-1092 - -If the root directory has an i_links_count of zero, then when the file -system is mounted, then when ext4_fill_super() notices the problem and -tries to call iput() the root directory in the error return path, -ext4_evict_inode() will try to free the inode on disk, before all of -the file system structures are set up, and this will result in an OOPS -caused by a NULL pointer dereference. - -This issue has been assigned CVE-2018-1092. - -https://bugzilla.kernel.org/show_bug.cgi?id=199179 -https://bugzilla.redhat.com/show_bug.cgi?id=1560777 - -Reported-by: Wen Xu -Signed-off-by: Theodore Ts'o -Cc: stable@vger.kernel.org ---- - fs/ext4/inode.c | 6 ++++++ - 1 file changed, 6 insertions(+) - ---- a/fs/ext4/inode.c -+++ b/fs/ext4/inode.c -@@ -4745,6 +4745,12 @@ struct inode *ext4_iget(struct super_blo - goto bad_inode; - raw_inode = ext4_raw_inode(&iloc); - -+ if ((ino == EXT4_ROOT_INO) && (raw_inode->i_links_count == 0)) { -+ EXT4_ERROR_INODE(inode, "root inode unallocated"); -+ ret = -EFSCORRUPTED; -+ goto bad_inode; -+ } -+ - if (EXT4_INODE_SIZE(inode->i_sb) > EXT4_GOOD_OLD_INODE_SIZE) { - ei->i_extra_isize = le16_to_cpu(raw_inode->i_extra_isize); - if (EXT4_GOOD_OLD_INODE_SIZE + ei->i_extra_isize > diff --git a/debian/patches/bugfix/arm64/ARM64-dts-meson-reduce-odroid-c2-eMMC-maximum-rate.patch b/debian/patches/bugfix/arm64/ARM64-dts-meson-reduce-odroid-c2-eMMC-maximum-rate.patch deleted file mode 100644 index 214a8e359..000000000 --- a/debian/patches/bugfix/arm64/ARM64-dts-meson-reduce-odroid-c2-eMMC-maximum-rate.patch +++ /dev/null @@ -1,43 +0,0 @@ -Origin: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/arch/arm64/boot/dts/amlogic/meson-gxbb-odroidc2.dts?h=next-20180309&id=c04ffa71ff491220cac28f55237c9aad379a8656 -From c04ffa71ff491220cac28f55237c9aad379a8656 Mon Sep 17 00:00:00 2001 -From: Jerome Brunet -Date: Fri, 2 Mar 2018 14:44:36 +0100 -Subject: [PATCH] ARM64: dts: meson: reduce odroid-c2 eMMC maximum rate - -Different modules maybe installed by the user on the eMMC connector -of the odroid-c2. While the red modules are working without an issue, -it seems some black modules (apparently Samsung based) are having -issue at 200MHz - -While the tuning algorithm introduced in v4.14 enables high speed modes -on every other tested designs, it seems a problem remains for this -particular combination of board and eMMC module. - -Lowering the maximum frequency of the eMMC on this board until we can -figure out a better solution. - -Fixes: d341ca88eead ("mmc: meson-gx: rework tuning function") -Suggested-by: Ellie Reeves -Signed-off-by: Jerome Brunet -Cc: stable@vger.kernel.org -Signed-off-by: Kevin Hilman ---- - arch/arm64/boot/dts/amlogic/meson-gxbb-odroidc2.dts | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/arch/arm64/boot/dts/amlogic/meson-gxbb-odroidc2.dts b/arch/arm64/boot/dts/amlogic/meson-gxbb-odroidc2.dts -index 0bc0f65e4f37..54954b314a45 100644 ---- a/arch/arm64/boot/dts/amlogic/meson-gxbb-odroidc2.dts -+++ b/arch/arm64/boot/dts/amlogic/meson-gxbb-odroidc2.dts -@@ -274,7 +274,7 @@ - pinctrl-names = "default", "clk-gate"; - - bus-width = <8>; -- max-frequency = <200000000>; -+ max-frequency = <100000000>; - non-removable; - disable-wp; - cap-mmc-highspeed; --- -2.11.0 - diff --git a/debian/patches/series b/debian/patches/series index 117fd66fd..47a720370 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -139,9 +139,7 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch # Security fixes debian/i386-686-pae-pci-set-pci-nobios-by-default.patch -bugfix/all/ext4-fail-ext4_iget-for-root-directory-if-unallocate.patch bugfix/all/ext4-add-validity-checks-for-bitmap-block-numbers.patch -bugfix/all/ext4-always-initialize-the-crc32c-checksum-driver.patch # Fix exported symbol versions bugfix/all/module-disable-matching-missing-version-crc.patch @@ -157,7 +155,6 @@ bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch bugfix/all/cpupower-bump-soname-version.patch bugfix/all/cpupower-fix-checks-for-cpu-existence.patch bugfix/all/lockdep-stub-nmi-watchdog-reset.patch -bugfix/arm64/ARM64-dts-meson-reduce-odroid-c2-eMMC-maximum-rate.patch # wireless: Disable regulatory.db direct loading (until we sort out signing) debian/wireless-disable-regulatory.db-direct-loading.patch