4.13.11-200.fc26.gnu

6 files changed, 325 insertions, 8 deletions

diff --git a/freed-ora/current/f26/kernel.spec b/freed-ora/current/f26/kernel.spec
index d69a63891..687902679 100644
--- a/freed-ora/current/f26/kernel.spec
+++ b/freed-ora/current/f26/kernel.spec
@@ -92,7 +92,7 @@ Summary: The Linux kernel
 %if 0%{?released_kernel}
 
 # Do we have a -stable update to apply?
-%define stable_update 10
+%define stable_update 11
 # Set rpm version accordingly
 %if 0%{?stable_update}
 %define stablerev %{stable_update}
@@ -736,6 +736,12 @@ Patch630: Input-synaptics---Disable-kernel-tracking-on-SMBus-devices.patch
 # Headed upstream
 Patch631: drm-i915-boost-GPU-clocks-if-we-miss-the-pageflip.patch
 
+# http://patchwork.ozlabs.org/patch/831938/
+Patch633: net-mlxsw-reg-Add-high-and-low-temperature-thresholds.patch
+
+# Included in 4.14, backport requested on kernel@
+Patch634: selinux-Generalize-support-for-NNP-nosuid-SELinux-do.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -2406,6 +2412,18 @@ fi
 #
 #
 %changelog
+* Thu Nov  2 2017 Alexandre Oliva <lxoliva@fsfla.org> -libre
+- GNU Linux-libre 4.13.11-gnu.
+
+* Thu Nov 02 2017 Jeremy Cline <jeremy@jcline.org> - 4.13.11-200
+- Linux v4.13.11
+- Fix CVE-2017-12193 (rhbz 1501215 1508717)
+- SMB3: Validate negotiate request must always be signed (rhbz 1502606)
+- Backport new SELinux NNP/nosuid patch to resolve interactions with systemd
+
+* Wed Nov 01 2017 Laura Abbott <labbott@fedoraproject.org>
+- Add fix for potential mlxsw firmware incompatibility
+
 * Sat Oct 28 2017 Alexandre Oliva <lxoliva@fsfla.org> -libre
 - GNU Linux-libre 4.13.10-gnu.
 
diff --git a/freed-ora/current/f26/net-mlxsw-reg-Add-high-and-low-temperature-thresholds.patch b/freed-ora/current/f26/net-mlxsw-reg-Add-high-and-low-temperature-thresholds.patch
new file mode 100644
index 000000000..957200e17
--- /dev/null
+++ b/freed-ora/current/f26/net-mlxsw-reg-Add-high-and-low-temperature-thresholds.patch
@@ -0,0 +1,79 @@
+From patchwork Mon Oct 30 09:51:18 2017
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+Subject: [net] mlxsw: reg: Add high and low temperature thresholds
+X-Patchwork-Submitter: Jiri Pirko <jiri@resnulli.us>
+X-Patchwork-Id: 831938
+X-Patchwork-Delegate: davem@davemloft.net
+Message-Id: <20171030095118.9098-1-jiri@resnulli.us>
+To: netdev@vger.kernel.org
+Cc: davem@davemloft.net, idosch@mellanox.com, mlxsw@mellanox.com
+Date: Mon, 30 Oct 2017 10:51:18 +0100
+From: Jiri Pirko <jiri@resnulli.us>
+List-Id: <netdev.vger.kernel.org>
+
+From: Ido Schimmel <idosch@mellanox.com>
+
+The ASIC has the ability to generate events whenever a sensor indicates
+the temperature goes above or below its high or low thresholds,
+respectively.
+
+In new firmware versions the firmware enforces a minimum of 5
+degrees Celsius difference between both thresholds. Make the driver
+conform to this requirement.
+
+Note that this is required even when the events are disabled, as in
+certain systems interrupts are generated via GPIO based on these
+thresholds.
+
+Fixes: 85926f877040 ("mlxsw: reg: Add definition of temperature management registers")
+Signed-off-by: Ido Schimmel <idosch@mellanox.com>
+Signed-off-by: Jiri Pirko <jiri@mellanox.com>
+---
+ drivers/net/ethernet/mellanox/mlxsw/reg.h | 25 +++++++++++++++++++++++++
+ 1 file changed, 25 insertions(+)
+
+diff --git a/drivers/net/ethernet/mellanox/mlxsw/reg.h b/drivers/net/ethernet/mellanox/mlxsw/reg.h
+index 4afc848..5acfbe5 100644
+--- a/drivers/net/ethernet/mellanox/mlxsw/reg.h
++++ b/drivers/net/ethernet/mellanox/mlxsw/reg.h
+@@ -5827,6 +5827,29 @@ MLXSW_ITEM32(reg, mtmp, mtr, 0x08, 30, 1);
+  */
+ MLXSW_ITEM32(reg, mtmp, max_temperature, 0x08, 0, 16);
+ 
++/* reg_mtmp_tee
++ * Temperature Event Enable.
++ * 0 - Do not generate event
++ * 1 - Generate event
++ * 2 - Generate single event
++ * Access: RW
++ */
++MLXSW_ITEM32(reg, mtmp, tee, 0x0C, 30, 2);
++
++#define MLXSW_REG_MTMP_THRESH_HI 0x348	/* 105 Celsius */
++
++/* reg_mtmp_temperature_threshold_hi
++ * High threshold for Temperature Warning Event. In 0.125 Celsius.
++ * Access: RW
++ */
++MLXSW_ITEM32(reg, mtmp, temperature_threshold_hi, 0x0C, 0, 16);
++
++/* reg_mtmp_temperature_threshold_lo
++ * Low threshold for Temperature Warning Event. In 0.125 Celsius.
++ * Access: RW
++ */
++MLXSW_ITEM32(reg, mtmp, temperature_threshold_lo, 0x10, 0, 16);
++
+ #define MLXSW_REG_MTMP_SENSOR_NAME_SIZE 8
+ 
+ /* reg_mtmp_sensor_name
+@@ -5843,6 +5866,8 @@ static inline void mlxsw_reg_mtmp_pack(char *payload, u8 sensor_index,
+ 	mlxsw_reg_mtmp_sensor_index_set(payload, sensor_index);
+ 	mlxsw_reg_mtmp_mte_set(payload, max_temp_enable);
+ 	mlxsw_reg_mtmp_mtr_set(payload, max_temp_reset);
++	mlxsw_reg_mtmp_temperature_threshold_hi_set(payload,
++						    MLXSW_REG_MTMP_THRESH_HI);
+ }
+ 
+ static inline void mlxsw_reg_mtmp_unpack(char *payload, unsigned int *p_temp,
diff --git a/freed-ora/current/f26/patch-4.13-gnu-4.13.10-gnu.xz.sign b/freed-ora/current/f26/patch-4.13-gnu-4.13.10-gnu.xz.sign
deleted file mode 100644
index 5a11401e2..000000000
--- a/freed-ora/current/f26/patch-4.13-gnu-4.13.10-gnu.xz.sign
+++ /dev/null
@@ -1,6 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iF0EABECAB0WIQRHRALIxYLa++OJxCe8t8+Hfn1HpwUCWfSPLgAKCRC8t8+Hfn1H
-p9hrAJ9/Ka5AF4gVFmJQjchILQayPV2BfACeJQG2Ba/zXjFHan2Ud/wUEJX/sqw=
-=b/jf
------END PGP SIGNATURE-----
diff --git a/freed-ora/current/f26/patch-4.13-gnu-4.13.11-gnu.xz.sign b/freed-ora/current/f26/patch-4.13-gnu-4.13.11-gnu.xz.sign
new file mode 100644
index 000000000..34205af3f
--- /dev/null
+++ b/freed-ora/current/f26/patch-4.13-gnu-4.13.11-gnu.xz.sign
@@ -0,0 +1,6 @@
+-----BEGIN PGP SIGNATURE-----
+
+iF0EABECAB0WIQRHRALIxYLa++OJxCe8t8+Hfn1HpwUCWfuokwAKCRC8t8+Hfn1H
+p6xLAKCeeI+jBuO5qRkM+UPnpuomm2Vn5wCfWeAVTZOSC8qv1spFcepfdu+3xkM=
+=KHsh
+-----END PGP SIGNATURE-----
diff --git a/freed-ora/current/f26/selinux-Generalize-support-for-NNP-nosuid-SELinux-do.patch b/freed-ora/current/f26/selinux-Generalize-support-for-NNP-nosuid-SELinux-do.patch
new file mode 100644
index 000000000..797566c8d
--- /dev/null
+++ b/freed-ora/current/f26/selinux-Generalize-support-for-NNP-nosuid-SELinux-do.patch
@@ -0,0 +1,220 @@
+From af63f4193f9fbbbac50fc766417d74735afd87ef Mon Sep 17 00:00:00 2001
+From: Stephen Smalley <sds@tycho.nsa.gov>
+Date: Mon, 31 Jul 2017 10:12:46 -0400
+Subject: [PATCH] selinux: Generalize support for NNP/nosuid SELinux domain
+ transitions
+
+As systemd ramps up enabling NNP (NoNewPrivileges) for system services,
+it is increasingly breaking SELinux domain transitions for those services
+and their descendants.  systemd enables NNP not only for services whose
+unit files explicitly specify NoNewPrivileges=yes but also for services
+whose unit files specify any of the following options in combination with
+running without CAP_SYS_ADMIN (e.g. specifying User= or a
+CapabilityBoundingSet= without CAP_SYS_ADMIN): SystemCallFilter=,
+SystemCallArchitectures=, RestrictAddressFamilies=, RestrictNamespaces=,
+PrivateDevices=, ProtectKernelTunables=, ProtectKernelModules=,
+MemoryDenyWriteExecute=, or RestrictRealtime= as per the systemd.exec(5)
+man page.
+
+The end result is bad for the security of both SELinux-disabled and
+SELinux-enabled systems.  Packagers have to turn off these
+options in the unit files to preserve SELinux domain transitions.  For
+users who choose to disable SELinux, this means that they miss out on
+at least having the systemd-supported protections.  For users who keep
+SELinux enabled, they may still be missing out on some protections
+because it isn't necessarily guaranteed that the SELinux policy for
+that service provides the same protections in all cases.
+
+commit 7b0d0b40cd78 ("selinux: Permit bounded transitions under
+NO_NEW_PRIVS or NOSUID.") allowed bounded transitions under NNP in
+order to support limited usage for sandboxing programs.  However,
+defining typebounds for all of the affected service domains
+is impractical to implement in policy, since typebounds requires us
+to ensure that each domain is allowed everything all of its descendant
+domains are allowed, and this has to be repeated for the entire chain
+of domain transitions.  There is no way to clone all allow rules from
+descendants to their ancestors in policy currently, and doing so would
+be undesirable even if it were practical, as it requires leaking
+permissions to objects and operations into ancestor domains that could
+weaken their own security in order to allow them to the descendants
+(e.g. if a descendant requires execmem permission, then so do all of
+its ancestors; if a descendant requires execute permission to a file,
+then so do all of its ancestors; if a descendant requires read to a
+symbolic link or temporary file, then so do all of its ancestors...).
+SELinux domains are intentionally not hierarchical / bounded in this
+manner normally, and making them so would undermine their protections
+and least privilege.
+
+We have long had a similar tension with SELinux transitions and nosuid
+mounts, albeit not as severe.  Users often have had to choose between
+retaining nosuid on a mount and allowing SELinux domain transitions on
+files within those mounts.  This likewise leads to unfortunate tradeoffs
+in security.
+
+Decouple NNP/nosuid from SELinux transitions, so that we don't have to
+make a choice between them. Introduce a nnp_nosuid_transition policy
+capability that enables transitions under NNP/nosuid to be based on
+a permission (nnp_transition for NNP; nosuid_transition for nosuid)
+between the old and new contexts in addition to the current support
+for bounded transitions.  Domain transitions can then be allowed in
+policy without requiring the parent to be a strict superset of all of
+its children.
+
+With this change, systemd unit files can be left unmodified from upstream.
+SELinux-disabled and SELinux-enabled users will benefit from retaining any
+of the systemd-provided protections.  SELinux policy will only need to
+be adapted to enable the new policy capability and to allow the
+new permissions between domain pairs as appropriate.
+
+NB: Allowing nnp_transition between two contexts opens up the potential
+for the old context to subvert the new context by installing seccomp
+filters before the execve.  Allowing nosuid_transition between two contexts
+opens up the potential for a context transition to occur on a file from
+an untrusted filesystem (e.g. removable media or remote filesystem).  Use
+with care.
+
+Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
+Signed-off-by: Paul Moore <paul@paul-moore.com>
+---
+ security/selinux/hooks.c            | 47 +++++++++++++++++++++++++------------
+ security/selinux/include/classmap.h |  2 ++
+ security/selinux/include/security.h |  2 ++
+ security/selinux/ss/services.c      |  7 +++++-
+ 4 files changed, 42 insertions(+), 16 deletions(-)
+
+diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
+index 00ad46e166f6..04b8e1082c9a 100644
+--- a/security/selinux/hooks.c
++++ b/security/selinux/hooks.c
+@@ -2318,6 +2318,7 @@ static int check_nnp_nosuid(const struct linux_binprm *bprm,
+ 	int nnp = (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS);
+ 	int nosuid = !mnt_may_suid(bprm->file->f_path.mnt);
+ 	int rc;
++	u32 av;
+ 
+ 	if (!nnp && !nosuid)
+ 		return 0; /* neither NNP nor nosuid */
+@@ -2326,24 +2327,40 @@ static int check_nnp_nosuid(const struct linux_binprm *bprm,
+ 		return 0; /* No change in credentials */
+ 
+ 	/*
+-	 * The only transitions we permit under NNP or nosuid
+-	 * are transitions to bounded SIDs, i.e. SIDs that are
+-	 * guaranteed to only be allowed a subset of the permissions
+-	 * of the current SID.
++	 * If the policy enables the nnp_nosuid_transition policy capability,
++	 * then we permit transitions under NNP or nosuid if the
++	 * policy allows the corresponding permission between
++	 * the old and new contexts.
+ 	 */
+-	rc = security_bounded_transition(old_tsec->sid, new_tsec->sid);
+-	if (rc) {
+-		/*
+-		 * On failure, preserve the errno values for NNP vs nosuid.
+-		 * NNP:  Operation not permitted for caller.
+-		 * nosuid:  Permission denied to file.
+-		 */
++	if (selinux_policycap_nnp_nosuid_transition) {
++		av = 0;
+ 		if (nnp)
+-			return -EPERM;
+-		else
+-			return -EACCES;
++			av |= PROCESS2__NNP_TRANSITION;
++		if (nosuid)
++			av |= PROCESS2__NOSUID_TRANSITION;
++		rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
++				  SECCLASS_PROCESS2, av, NULL);
++		if (!rc)
++			return 0;
+ 	}
+-	return 0;
++
++	/*
++	 * We also permit NNP or nosuid transitions to bounded SIDs,
++	 * i.e. SIDs that are guaranteed to only be allowed a subset
++	 * of the permissions of the current SID.
++	 */
++	rc = security_bounded_transition(old_tsec->sid, new_tsec->sid);
++	if (!rc)
++		return 0;
++
++	/*
++	 * On failure, preserve the errno values for NNP vs nosuid.
++	 * NNP:  Operation not permitted for caller.
++	 * nosuid:  Permission denied to file.
++	 */
++	if (nnp)
++		return -EPERM;
++	return -EACCES;
+ }
+ 
+ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
+diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
+index b9fe3434b036..35ffb29a69cb 100644
+--- a/security/selinux/include/classmap.h
++++ b/security/selinux/include/classmap.h
+@@ -48,6 +48,8 @@ struct security_class_mapping secclass_map[] = {
+ 	    "setrlimit", "rlimitinh", "dyntransition", "setcurrent",
+ 	    "execmem", "execstack", "execheap", "setkeycreate",
+ 	    "setsockcreate", "getrlimit", NULL } },
++	{ "process2",
++	  { "nnp_transition", "nosuid_transition", NULL } },
+ 	{ "system",
+ 	  { "ipc_info", "syslog_read", "syslog_mod",
+ 	    "syslog_console", "module_request", "module_load", NULL } },
+diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
+index e91f08c16c0b..3e323179159a 100644
+--- a/security/selinux/include/security.h
++++ b/security/selinux/include/security.h
+@@ -73,6 +73,7 @@ enum {
+ 	POLICYDB_CAPABILITY_EXTSOCKCLASS,
+ 	POLICYDB_CAPABILITY_ALWAYSNETWORK,
+ 	POLICYDB_CAPABILITY_CGROUPSECLABEL,
++	POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION,
+ 	__POLICYDB_CAPABILITY_MAX
+ };
+ #define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1)
+@@ -84,6 +85,7 @@ extern int selinux_policycap_openperm;
+ extern int selinux_policycap_extsockclass;
+ extern int selinux_policycap_alwaysnetwork;
+ extern int selinux_policycap_cgroupseclabel;
++extern int selinux_policycap_nnp_nosuid_transition;
+ 
+ /*
+  * type_datum properties
+diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
+index 2f02fa67ec2e..16c55de21b9f 100644
+--- a/security/selinux/ss/services.c
++++ b/security/selinux/ss/services.c
+@@ -76,7 +76,8 @@ char *selinux_policycap_names[__POLICYDB_CAPABILITY_MAX] = {
+ 	"open_perms",
+ 	"extended_socket_class",
+ 	"always_check_network",
+-	"cgroup_seclabel"
++	"cgroup_seclabel",
++	"nnp_nosuid_transition"
+ };
+ 
+ int selinux_policycap_netpeer;
+@@ -84,6 +85,7 @@ int selinux_policycap_openperm;
+ int selinux_policycap_extsockclass;
+ int selinux_policycap_alwaysnetwork;
+ int selinux_policycap_cgroupseclabel;
++int selinux_policycap_nnp_nosuid_transition;
+ 
+ static DEFINE_RWLOCK(policy_rwlock);
+ 
+@@ -2009,6 +2011,9 @@ static void security_load_policycaps(void)
+ 	selinux_policycap_cgroupseclabel =
+ 		ebitmap_get_bit(&policydb.policycaps,
+ 				POLICYDB_CAPABILITY_CGROUPSECLABEL);
++	selinux_policycap_nnp_nosuid_transition =
++		ebitmap_get_bit(&policydb.policycaps,
++				POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION);
+ 
+ 	for (i = 0; i < ARRAY_SIZE(selinux_policycap_names); i++)
+ 		pr_info("SELinux:  policy capability %s=%d\n",
+-- 
+2.14.3
+
diff --git a/freed-ora/current/f26/sources b/freed-ora/current/f26/sources
index 6820039ea..03c80ff47 100644
--- a/freed-ora/current/f26/sources
+++ b/freed-ora/current/f26/sources
@@ -1,3 +1,3 @@
 SHA512 (linux-libre-4.13-gnu.tar.xz) = 9ad6866c68f29f7e4f8b53d0b857f9b3c7f6abd0054460675c76f3100db34a77c2777d7f4191831008b532cb2ab6f686d8c4f457a4d005226c73f90937963518
 SHA512 (perf-man-4.13.tar.gz) = 9bcc2cd8e56ec583ed2d8e0b0c88e7a94035a1915e40b3177bb02d6c0f10ddd4df9b097b1f5af59efc624226b613e240ddba8ddc2156f3682f992d5455fc5c03
-SHA512 (patch-4.13-gnu-4.13.10-gnu.xz) = 2cb1afa8755071d8cb386403bf0f8cb81b0c6e1b77da08e6af379cd289f95c70953f25390766fe66de13ba4e4af41aebe3e4ce8277ca1fc1de512242272cb4e6
+SHA512 (patch-4.13-gnu-4.13.11-gnu.xz) = fccf85e95c1c78c68876190aef5ad047971fede93d2cee47abfdfe009e76a374e15a89cee6ac4a68ab4dd90a43c7ec977ec21064a96445e177b7bce62ef2f528