Linux v3.17-7872-g5ff0b9e1a1da
This commit is contained in:
		
							parent
							
								
									91dcc1748d
								
							
						
					
					
						commit
						6b375296a7
					
				| @ -1,44 +0,0 @@ | |||||||
| From: David Howells <dhowells@redhat.com> |  | ||||||
| Date: Tue, 16 Sep 2014 17:29:03 +0100 |  | ||||||
| Subject: [PATCH] KEYS: Reinstate EPERM for a key type name beginning with a |  | ||||||
|  '.' |  | ||||||
| 
 |  | ||||||
| Reinstate the generation of EPERM for a key type name beginning with a '.' in |  | ||||||
| a userspace call.  Types whose name begins with a '.' are internal only. |  | ||||||
| 
 |  | ||||||
| The test was removed by: |  | ||||||
| 
 |  | ||||||
| 	commit a4e3b8d79a5c6d40f4a9703abf7fe3abcc6c3b8d |  | ||||||
| 	Author: Mimi Zohar <zohar@linux.vnet.ibm.com> |  | ||||||
| 	Date:   Thu May 22 14:02:23 2014 -0400 |  | ||||||
| 	Subject: KEYS: special dot prefixed keyring name bug fix |  | ||||||
| 
 |  | ||||||
| I think we want to keep the restriction on type name so that userspace can't |  | ||||||
| add keys of a special internal type. |  | ||||||
| 
 |  | ||||||
| Note that removal of the test causes several of the tests in the keyutils |  | ||||||
| testsuite to fail. |  | ||||||
| 
 |  | ||||||
| Signed-off-by: David Howells <dhowells@redhat.com> |  | ||||||
| Acked-by: Vivek Goyal <vgoyal@redhat.com> |  | ||||||
| cc: Mimi Zohar <zohar@linux.vnet.ibm.com> |  | ||||||
| ---
 |  | ||||||
|  security/keys/keyctl.c | 2 ++ |  | ||||||
|  1 file changed, 2 insertions(+) |  | ||||||
| 
 |  | ||||||
| diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
 |  | ||||||
| index e26f860e5f2e..eff88a5f5d40 100644
 |  | ||||||
| --- a/security/keys/keyctl.c
 |  | ||||||
| +++ b/security/keys/keyctl.c
 |  | ||||||
| @@ -37,6 +37,8 @@ static int key_get_type_from_user(char *type,
 |  | ||||||
|  		return ret; |  | ||||||
|  	if (ret == 0 || ret >= len) |  | ||||||
|  		return -EINVAL; |  | ||||||
| +	if (type[0] == '.')
 |  | ||||||
| +		return -EPERM;
 |  | ||||||
|  	type[len - 1] = '\0'; |  | ||||||
|  	return 0; |  | ||||||
|  } |  | ||||||
| -- 
 |  | ||||||
| 1.9.3 |  | ||||||
| 
 |  | ||||||
| @ -13,7 +13,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com> | |||||||
|  1 file changed, 6 insertions(+) |  1 file changed, 6 insertions(+) | ||||||
| 
 | 
 | ||||||
| diff --git a/drivers/char/mem.c b/drivers/char/mem.c
 | diff --git a/drivers/char/mem.c b/drivers/char/mem.c
 | ||||||
| index cdf839f9defe..c63cf93b00eb 100644
 | index c268e2581ed6..fb9ea1172ba8 100644
 | ||||||
| --- a/drivers/char/mem.c
 | --- a/drivers/char/mem.c
 | ||||||
| +++ b/drivers/char/mem.c
 | +++ b/drivers/char/mem.c
 | ||||||
| @@ -164,6 +164,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
 | @@ -164,6 +164,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
 | ||||||
|  | |||||||
| @ -15,7 +15,7 @@ Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org> | |||||||
|  2 files changed, 2 insertions(+), 2 deletions(-) |  2 files changed, 2 insertions(+), 2 deletions(-) | ||||||
| 
 | 
 | ||||||
| diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
 | diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
 | ||||||
| index 41f7ec1fcf61..c79eb60a7869 100644
 | index f8a07128a6e8..41eff584e169 100644
 | ||||||
| --- a/Documentation/kernel-parameters.txt
 | --- a/Documentation/kernel-parameters.txt
 | ||||||
| +++ b/Documentation/kernel-parameters.txt
 | +++ b/Documentation/kernel-parameters.txt
 | ||||||
| @@ -3625,7 +3625,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
 | @@ -3625,7 +3625,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
 | ||||||
|  | |||||||
| @ -5066,6 +5066,8 @@ CONFIG_ALTERA_STAPL=m | |||||||
| 
 | 
 | ||||||
| CONFIG_NOP_USB_XCEIV=m | CONFIG_NOP_USB_XCEIV=m | ||||||
| 
 | 
 | ||||||
|  | # CONFIG_INTEGRITY is not set | ||||||
|  | 
 | ||||||
| # CONFIG_IMA is not set | # CONFIG_IMA is not set | ||||||
| CONFIG_IMA_MEASURE_PCR_IDX=10 | CONFIG_IMA_MEASURE_PCR_IDX=10 | ||||||
| CONFIG_IMA_LSM_RULES=y | CONFIG_IMA_LSM_RULES=y | ||||||
|  | |||||||
							
								
								
									
										31
									
								
								fs-Add-a-missing-permission-check-to-do_umount.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										31
									
								
								fs-Add-a-missing-permission-check-to-do_umount.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,31 @@ | |||||||
|  | From: Andy Lutomirski <luto@amacapital.net> | ||||||
|  | Date: Wed, 8 Oct 2014 12:37:46 -0700 | ||||||
|  | Subject: [PATCH] fs: Add a missing permission check to do_umount | ||||||
|  | 
 | ||||||
|  | Accessing do_remount_sb should require global CAP_SYS_ADMIN, but | ||||||
|  | only one of the two call sites was appropriately protected. | ||||||
|  | 
 | ||||||
|  | Fixes CVE-2014-7975. | ||||||
|  | 
 | ||||||
|  | Cc: stable@vger.kernel.org | ||||||
|  | Signed-off-by: Andy Lutomirski <luto@amacapital.net> | ||||||
|  | ---
 | ||||||
|  |  fs/namespace.c | 2 ++ | ||||||
|  |  1 file changed, 2 insertions(+) | ||||||
|  | 
 | ||||||
|  | diff --git a/fs/namespace.c b/fs/namespace.c
 | ||||||
|  | index c8e3034ff4b2..fbba8b17330d 100644
 | ||||||
|  | --- a/fs/namespace.c
 | ||||||
|  | +++ b/fs/namespace.c
 | ||||||
|  | @@ -1439,6 +1439,8 @@ static int do_umount(struct mount *mnt, int flags)
 | ||||||
|  |  		 * Special case for "unmounting" root ... | ||||||
|  |  		 * we just try to remount it readonly. | ||||||
|  |  		 */ | ||||||
|  | +		if (!capable(CAP_SYS_ADMIN))
 | ||||||
|  | +			return -EPERM;
 | ||||||
|  |  		down_write(&sb->s_umount); | ||||||
|  |  		if (!(sb->s_flags & MS_RDONLY)) | ||||||
|  |  			retval = do_remount_sb(sb, MS_RDONLY, NULL, 0); | ||||||
|  | -- 
 | ||||||
|  | 1.9.3 | ||||||
|  | 
 | ||||||
							
								
								
									
										21
									
								
								kernel.spec
									
									
									
									
									
								
							
							
						
						
									
										21
									
								
								kernel.spec
									
									
									
									
									
								
							| @ -69,7 +69,7 @@ Summary: The Linux kernel | |||||||
| # The rc snapshot level | # The rc snapshot level | ||||||
| %define rcrev 0 | %define rcrev 0 | ||||||
| # The git snapshot level | # The git snapshot level | ||||||
| %define gitrev 5 | %define gitrev 6 | ||||||
| # Set rpm version accordingly | # Set rpm version accordingly | ||||||
| %define rpmversion 3.%{upstream_sublevel}.0 | %define rpmversion 3.%{upstream_sublevel}.0 | ||||||
| %endif | %endif | ||||||
| @ -607,14 +607,16 @@ Patch26002: samsung-laptop-Add-broken-acpi-video-quirk-for-NC210.patch | |||||||
| #rhbz 1138759 | #rhbz 1138759 | ||||||
| Patch26021: drm-vmwgfx-Fix-drm.h-include.patch | Patch26021: drm-vmwgfx-Fix-drm.h-include.patch | ||||||
| 
 | 
 | ||||||
| #rhbz 1145318 |  | ||||||
| Patch26029: KEYS-Reinstate-EPERM-for-a-key-type-name-beginning-w.patch |  | ||||||
| 
 |  | ||||||
| Patch26032: Revert-pinctrl-qcom-use-restart_notifier-mechanism-f.patch | Patch26032: Revert-pinctrl-qcom-use-restart_notifier-mechanism-f.patch | ||||||
| 
 | 
 | ||||||
| #CVE-2014-7970 rhbz 1151095 1151484 | #CVE-2014-7970 rhbz 1151095 1151484 | ||||||
| Patch26033: mnt-Prevent-pivot_root-from-creating-a-loop-in-the-m.patch | Patch26033: mnt-Prevent-pivot_root-from-creating-a-loop-in-the-m.patch | ||||||
| 
 | 
 | ||||||
|  | #CVE-2014-7975 rhbz 1151108 1152025 | ||||||
|  | Patch26034: fs-Add-a-missing-permission-check-to-do_umount.patch | ||||||
|  | 
 | ||||||
|  | Patch26035: nf_reject_ipv4-module-license-unspecified-taints-ker.patch | ||||||
|  | 
 | ||||||
| # git clone ssh://git.fedorahosted.org/git/kernel-arm64.git, git diff master...devel | # git clone ssh://git.fedorahosted.org/git/kernel-arm64.git, git diff master...devel | ||||||
| Patch30000: kernel-arm64.patch | Patch30000: kernel-arm64.patch | ||||||
| 
 | 
 | ||||||
| @ -1334,14 +1336,16 @@ ApplyPatch samsung-laptop-Add-broken-acpi-video-quirk-for-NC210.patch | |||||||
| #rhbz 1138759 | #rhbz 1138759 | ||||||
| ApplyPatch drm-vmwgfx-Fix-drm.h-include.patch | ApplyPatch drm-vmwgfx-Fix-drm.h-include.patch | ||||||
| 
 | 
 | ||||||
| #rhbz 1145318 |  | ||||||
| ApplyPatch KEYS-Reinstate-EPERM-for-a-key-type-name-beginning-w.patch |  | ||||||
| 
 |  | ||||||
| ApplyPatch Revert-pinctrl-qcom-use-restart_notifier-mechanism-f.patch | ApplyPatch Revert-pinctrl-qcom-use-restart_notifier-mechanism-f.patch | ||||||
| 
 | 
 | ||||||
| #CVE-2014-7970 rhbz 1151095 1151484 | #CVE-2014-7970 rhbz 1151095 1151484 | ||||||
| ApplyPatch mnt-Prevent-pivot_root-from-creating-a-loop-in-the-m.patch | ApplyPatch mnt-Prevent-pivot_root-from-creating-a-loop-in-the-m.patch | ||||||
| 
 | 
 | ||||||
|  | #CVE-2014-7975 rhbz 1151108 1152025 | ||||||
|  | ApplyPatch fs-Add-a-missing-permission-check-to-do_umount.patch | ||||||
|  | 
 | ||||||
|  | ApplyPatch nf_reject_ipv4-module-license-unspecified-taints-ker.patch | ||||||
|  | 
 | ||||||
| %if 0%{?aarch64patches} | %if 0%{?aarch64patches} | ||||||
| ApplyPatch kernel-arm64.patch | ApplyPatch kernel-arm64.patch | ||||||
| %ifnarch aarch64 # this is stupid, but i want to notice before secondary koji does. | %ifnarch aarch64 # this is stupid, but i want to notice before secondary koji does. | ||||||
| @ -2210,6 +2214,9 @@ fi | |||||||
| #                                    ||----w | | #                                    ||----w | | ||||||
| #                                    ||     || | #                                    ||     || | ||||||
| %changelog | %changelog | ||||||
|  | * Mon Oct 13 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.18.0-0.rc0.git6.1 | ||||||
|  | - Linux v3.17-7872-g5ff0b9e1a1da | ||||||
|  | 
 | ||||||
| * Sun Oct 12 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.18.0-0.rc0.git5.1 | * Sun Oct 12 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.18.0-0.rc0.git5.1 | ||||||
| - Linux v3.17-7639-g90eac7eee2f4 | - Linux v3.17-7639-g90eac7eee2f4 | ||||||
| 
 | 
 | ||||||
|  | |||||||
| @ -26,10 +26,10 @@ Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> | |||||||
|  1 file changed, 3 insertions(+) |  1 file changed, 3 insertions(+) | ||||||
| 
 | 
 | ||||||
| diff --git a/fs/namespace.c b/fs/namespace.c
 | diff --git a/fs/namespace.c b/fs/namespace.c
 | ||||||
| index ef42d9bee212..74647c2fe69c 100644
 | index 348562f14e93..c8e3034ff4b2 100644
 | ||||||
| --- a/fs/namespace.c
 | --- a/fs/namespace.c
 | ||||||
| +++ b/fs/namespace.c
 | +++ b/fs/namespace.c
 | ||||||
| @@ -2820,6 +2820,9 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
 | @@ -2913,6 +2913,9 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
 | ||||||
|  	/* make sure we can reach put_old from new_root */ |  	/* make sure we can reach put_old from new_root */ | ||||||
|  	if (!is_path_reachable(old_mnt, old.dentry, &new)) |  	if (!is_path_reachable(old_mnt, old.dentry, &new)) | ||||||
|  		goto out4; |  		goto out4; | ||||||
|  | |||||||
							
								
								
									
										84
									
								
								nf_reject_ipv4-module-license-unspecified-taints-ker.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										84
									
								
								nf_reject_ipv4-module-license-unspecified-taints-ker.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,84 @@ | |||||||
|  | From: Pablo Neira <pablo@netfilter.org> | ||||||
|  | Date: Fri, 10 Oct 2014 11:56:16 +0200 | ||||||
|  | Subject: [PATCH] nf_reject_ipv4: module license 'unspecified' taints kernel | ||||||
|  | 
 | ||||||
|  | On Fri, Oct 10, 2014 at 05:19:04PM +0800, Dave Young wrote: | ||||||
|  | > Hi,
 | ||||||
|  | > | ||||||
|  | > With today's linus tree, I got below kmsg:
 | ||||||
|  | > [   23.545204] nf_reject_ipv4: module license 'unspecified' taints kernel.
 | ||||||
|  | > | ||||||
|  | > It could be caused by below commit:
 | ||||||
|  | > | ||||||
|  | > commit c8d7b98bec43faaa6583c3135030be5eb4693acb
 | ||||||
|  | > Author: Pablo Neira Ayuso <pablo@netfilter.org>
 | ||||||
|  | > Date:   Fri Sep 26 14:35:15 2014 +0200
 | ||||||
|  | > | ||||||
|  | >     netfilter: move nf_send_resetX() code to nf_reject_ipvX modules
 | ||||||
|  | > | ||||||
|  | >     Move nf_send_reset() and nf_send_reset6() to nf_reject_ipv4 and
 | ||||||
|  | >     nf_reject_ipv6 respectively. This code is shared by x_tables and
 | ||||||
|  | >     nf_tables.
 | ||||||
|  | > | ||||||
|  | >     Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 | ||||||
|  | 
 | ||||||
|  | Patch attached, thanks for reporting. | ||||||
|  | 
 | ||||||
|  | P.S: Please, Cc netfilter-devel@vger.kernel.org in future reports, so | ||||||
|  | we make sure things don't get lost. | ||||||
|  | 
 | ||||||
|  | >From d4358bcf64ba7a64d4de4e1dc5533c4c8f88ea82 Mon Sep 17 00:00:00 2001 | ||||||
|  | From: Pablo Neira Ayuso <pablo@netfilter.org> | ||||||
|  | Date: Fri, 10 Oct 2014 11:25:20 +0200 | ||||||
|  | Subject: [PATCH] netfilter: missing module license in the nf_reject_ipvX | ||||||
|  |  modules | ||||||
|  | 
 | ||||||
|  | [   23.545204] nf_reject_ipv4: module license 'unspecified' taints kernel. | ||||||
|  | 
 | ||||||
|  | Reported-by: Dave Young <dyoung@redhat.com> | ||||||
|  | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||||
|  | ---
 | ||||||
|  |  net/ipv4/netfilter/nf_reject_ipv4.c | 3 +++ | ||||||
|  |  net/ipv6/netfilter/nf_reject_ipv6.c | 4 ++++ | ||||||
|  |  2 files changed, 7 insertions(+) | ||||||
|  | 
 | ||||||
|  | diff --git a/net/ipv4/netfilter/nf_reject_ipv4.c b/net/ipv4/netfilter/nf_reject_ipv4.c
 | ||||||
|  | index b023b4eb1a96..92b303dbd5fc 100644
 | ||||||
|  | --- a/net/ipv4/netfilter/nf_reject_ipv4.c
 | ||||||
|  | +++ b/net/ipv4/netfilter/nf_reject_ipv4.c
 | ||||||
|  | @@ -6,6 +6,7 @@
 | ||||||
|  |   * published by the Free Software Foundation. | ||||||
|  |   */ | ||||||
|  |   | ||||||
|  | +#include <linux/module.h>
 | ||||||
|  |  #include <net/ip.h> | ||||||
|  |  #include <net/tcp.h> | ||||||
|  |  #include <net/route.h> | ||||||
|  | @@ -125,3 +126,5 @@ void nf_send_reset(struct sk_buff *oldskb, int hook)
 | ||||||
|  |  	kfree_skb(nskb); | ||||||
|  |  } | ||||||
|  |  EXPORT_SYMBOL_GPL(nf_send_reset); | ||||||
|  | +
 | ||||||
|  | +MODULE_LICENSE("GPL");
 | ||||||
|  | diff --git a/net/ipv6/netfilter/nf_reject_ipv6.c b/net/ipv6/netfilter/nf_reject_ipv6.c
 | ||||||
|  | index 5f5f0438d74d..20d9defc6c59 100644
 | ||||||
|  | --- a/net/ipv6/netfilter/nf_reject_ipv6.c
 | ||||||
|  | +++ b/net/ipv6/netfilter/nf_reject_ipv6.c
 | ||||||
|  | @@ -5,6 +5,8 @@
 | ||||||
|  |   * it under the terms of the GNU General Public License version 2 as | ||||||
|  |   * published by the Free Software Foundation. | ||||||
|  |   */ | ||||||
|  | +
 | ||||||
|  | +#include <linux/module.h>
 | ||||||
|  |  #include <net/ipv6.h> | ||||||
|  |  #include <net/ip6_route.h> | ||||||
|  |  #include <net/ip6_fib.h> | ||||||
|  | @@ -161,3 +163,5 @@ void nf_send_reset6(struct net *net, struct sk_buff *oldskb, int hook)
 | ||||||
|  |  		ip6_local_out(nskb); | ||||||
|  |  } | ||||||
|  |  EXPORT_SYMBOL_GPL(nf_send_reset6); | ||||||
|  | +
 | ||||||
|  | +MODULE_LICENSE("GPL");
 | ||||||
|  | -- 
 | ||||||
|  | 1.9.3 | ||||||
|  | 
 | ||||||
							
								
								
									
										2
									
								
								sources
									
									
									
									
									
								
							
							
						
						
									
										2
									
								
								sources
									
									
									
									
									
								
							| @ -1,3 +1,3 @@ | |||||||
| fb30d0f29214d75cddd2faa94f73d5cf  linux-3.17.tar.xz | fb30d0f29214d75cddd2faa94f73d5cf  linux-3.17.tar.xz | ||||||
| 159e969cbc27201d8e2fa0f609dc722f  perf-man-3.17.tar.gz | 159e969cbc27201d8e2fa0f609dc722f  perf-man-3.17.tar.gz | ||||||
| e0ed84718bffdd7b33b2220c98034259  patch-3.17-git5.xz | 5740b0a6b49144f85e75da8acb275576  patch-3.17-git6.xz | ||||||
|  | |||||||
| @ -44,7 +44,7 @@ index 4ddaf66ea35f..00b440307419 100644 | |||||||
|  	} |  	} | ||||||
|  	regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12); |  	regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12); | ||||||
| diff --git a/drivers/char/mem.c b/drivers/char/mem.c
 | diff --git a/drivers/char/mem.c b/drivers/char/mem.c
 | ||||||
| index 917403fe10da..cdf839f9defe 100644
 | index 524b707894ef..c268e2581ed6 100644
 | ||||||
| --- a/drivers/char/mem.c
 | --- a/drivers/char/mem.c
 | ||||||
| +++ b/drivers/char/mem.c
 | +++ b/drivers/char/mem.c
 | ||||||
| @@ -27,6 +27,7 @@
 | @@ -27,6 +27,7 @@
 | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user