From 833a829782225019c6ab432124e9a8a50f901f8a Mon Sep 17 00:00:00 2001 From: Jan200101 Date: Fri, 8 Jul 2022 23:30:51 +0200 Subject: kernel 5.18.10 --- SOURCES/Patchlist.changelog | 9 +++++ SOURCES/patch-5.18-redhat.patch | 79 ++++++++++++++++------------------------- SPECS/kernel.spec | 13 ++++--- 3 files changed, 49 insertions(+), 52 deletions(-) diff --git a/SOURCES/Patchlist.changelog b/SOURCES/Patchlist.changelog index 224614e..6b3a108 100644 --- a/SOURCES/Patchlist.changelog +++ b/SOURCES/Patchlist.changelog @@ -1,3 +1,12 @@ +"https://gitlab.com/cki-project/kernel-ark/-/commit"/f147438b42147e1cf44f1471dc2a4288486dd791 + f147438b42147e1cf44f1471dc2a4288486dd791 netfilter: nf_tables: stricter validation of element data + +"https://gitlab.com/cki-project/kernel-ark/-/commit"/536f55b6208f317e86c5876014be423642690098 + 536f55b6208f317e86c5876014be423642690098 Revert "Revert "smb3: use netname when available on secondary channels"" + +"https://gitlab.com/cki-project/kernel-ark/-/commit"/f881c8e206d2f230bd7b67dd4b611b46e07ff202 + f881c8e206d2f230bd7b67dd4b611b46e07ff202 Revert "Revert "smb3: fix empty netname context on secondary channels"" + "https://gitlab.com/cki-project/kernel-ark/-/commit"/70b6a2dd3426c05d36f40c5d75e4f4a4d6196a59 70b6a2dd3426c05d36f40c5d75e4f4a4d6196a59 Revert "smb3: fix empty netname context on secondary channels" diff --git a/SOURCES/patch-5.18-redhat.patch b/SOURCES/patch-5.18-redhat.patch index 5fee738..570f2ad 100644 --- a/SOURCES/patch-5.18-redhat.patch +++ b/SOURCES/patch-5.18-redhat.patch @@ -30,7 +30,6 @@ drivers/nvme/host/nvme.h | 4 + drivers/pci/quirks.c | 24 ++++ drivers/usb/core/hub.c | 7 ++ - fs/cifs/smb2pdu.c | 21 +--- include/linux/efi.h | 24 ++-- include/linux/lsm_hook_defs.h | 2 + include/linux/lsm_hooks.h | 6 + @@ -38,15 +37,16 @@ include/linux/security.h | 5 + init/Kconfig | 2 +- kernel/module_signing.c | 9 +- + net/netfilter/nf_tables_api.c | 9 +- scripts/tags.sh | 2 + security/integrity/platform_certs/load_uefi.c | 6 +- security/lockdown/Kconfig | 13 +++ security/lockdown/lockdown.c | 1 + security/security.c | 6 + - 45 files changed, 727 insertions(+), 206 deletions(-) + 45 files changed, 729 insertions(+), 192 deletions(-) diff --git a/Makefile b/Makefile -index 751cfd786c8c..1dbeaa096d9b 100644 +index 088b84f99203..53ce8dbdd481 100644 --- a/Makefile +++ b/Makefile @@ -18,6 +18,10 @@ $(if $(filter __%, $(MAKECMDGOALS)), \ @@ -123,7 +123,7 @@ index 1cc85b8ff42e..b7ee128c67ce 100644 + return !!ipl_secure_flag; +} diff --git a/arch/s390/kernel/setup.c b/arch/s390/kernel/setup.c -index d860ac300919..6e63924932e6 100644 +index 2cef49983e9e..c50998b4b554 100644 --- a/arch/s390/kernel/setup.c +++ b/arch/s390/kernel/setup.c @@ -49,6 +49,7 @@ @@ -134,7 +134,7 @@ index d860ac300919..6e63924932e6 100644 #include #include -@@ -965,6 +966,9 @@ void __init setup_arch(char **cmdline_p) +@@ -970,6 +971,9 @@ void __init setup_arch(char **cmdline_p) log_component_list(); @@ -1517,49 +1517,6 @@ index 1460857026e0..7e1964891089 100644 /* Lock the device, then check to see if we were * disconnected while waiting for the lock to succeed. */ usb_lock_device(hdev); -diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c -index 6a8a00f28b19..179c1630bf56 100644 ---- a/fs/cifs/smb2pdu.c -+++ b/fs/cifs/smb2pdu.c -@@ -543,7 +543,6 @@ assemble_neg_contexts(struct smb2_negotiate_req *req, - struct TCP_Server_Info *server, unsigned int *total_len) - { - char *pneg_ctxt; -- char *hostname = NULL; - unsigned int ctxt_len, neg_context_count; - - if (*total_len > 200) { -@@ -571,24 +570,16 @@ assemble_neg_contexts(struct smb2_negotiate_req *req, - *total_len += ctxt_len; - pneg_ctxt += ctxt_len; - -+ ctxt_len = build_netname_ctxt((struct smb2_netname_neg_context *)pneg_ctxt, -+ server->hostname); -+ *total_len += ctxt_len; -+ pneg_ctxt += ctxt_len; -+ - build_posix_ctxt((struct smb2_posix_neg_context *)pneg_ctxt); - *total_len += sizeof(struct smb2_posix_neg_context); - pneg_ctxt += sizeof(struct smb2_posix_neg_context); - -- /* -- * secondary channels don't have the hostname field populated -- * use the hostname field in the primary channel instead -- */ -- hostname = CIFS_SERVER_IS_CHAN(server) ? -- server->primary_server->hostname : server->hostname; -- if (hostname && (hostname[0] != 0)) { -- ctxt_len = build_netname_ctxt((struct smb2_netname_neg_context *)pneg_ctxt, -- hostname); -- *total_len += ctxt_len; -- pneg_ctxt += ctxt_len; -- neg_context_count = 4; -- } else /* second channels do not have a hostname */ -- neg_context_count = 3; -+ neg_context_count = 4; - - if (server->compress_algorithm) { - build_compression_ctxt((struct smb2_compression_capabilities_context *) diff --git a/include/linux/efi.h b/include/linux/efi.h index cc6d2be2ffd5..418d814d2eb7 100644 --- a/include/linux/efi.h @@ -1743,6 +1700,32 @@ index 8723ae70ea1f..fb2d773498c2 100644 + } + return ret; } +diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c +index 81243c834abb..a136148627e7 100644 +--- a/net/netfilter/nf_tables_api.c ++++ b/net/netfilter/nf_tables_api.c +@@ -5213,13 +5213,20 @@ static int nft_setelem_parse_data(struct nft_ctx *ctx, struct nft_set *set, + struct nft_data *data, + struct nlattr *attr) + { ++ u32 dtype; + int err; + + err = nft_data_init(ctx, data, NFT_DATA_VALUE_MAXLEN, desc, attr); + if (err < 0) + return err; + +- if (desc->type != NFT_DATA_VERDICT && desc->len != set->dlen) { ++ if (set->dtype == NFT_DATA_VERDICT) ++ dtype = NFT_DATA_VERDICT; ++ else ++ dtype = NFT_DATA_VALUE; ++ ++ if (dtype != desc->type || ++ set->dlen != desc->len) { + nft_data_release(data, desc->type); + return -EINVAL; + } diff --git a/scripts/tags.sh b/scripts/tags.sh index 16d475b3e203..4e333f14b84e 100755 --- a/scripts/tags.sh diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index fd82712..27cb70b 100755 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -122,11 +122,11 @@ Summary: The Linux kernel # the --with-release option overrides this setting.) %define debugbuildsenabled 1 %define buildid .fsync -%define specversion 5.18.9 +%define specversion 5.18.10 %define patchversion 5.18 %define pkgrelease 200 %define kversion 5 -%define tarfile_release 5.18.9 +%define tarfile_release 5.18.10 # This is needed to do merge window version magic %define patchlevel 18 # allow pkg_release to have configurable %%{?dist} tag @@ -3056,8 +3056,13 @@ fi # # %changelog -* Mon Jul 04 2022 Jan Drögehoff - 5.18.9-201.fsync -- Linux v5.18.9 futex2 zen openrgb +* Fri Jul 08 2022 Jan Drögehoff - 5.18.10-201.fsync +- Linux v5.18.10 futex2 zen openrgb + +* Thu Jul 07 2022 Justin M. Forbes [5.18.10-0] +- netfilter: nf_tables: stricter validation of element data (Pablo Neira Ayuso) +- Revert "Revert "smb3: use netname when available on secondary channels"" (Justin M. Forbes) +- Revert "Revert "smb3: fix empty netname context on secondary channels"" (Justin M. Forbes) * Sat Jul 02 2022 Justin M. Forbes [5.18.9-0] - Revert "smb3: fix empty netname context on secondary channels" (Justin M. Forbes) -- cgit v1.2.3