1. 17 Sep, 2019 21 commits
  2. 13 Sep, 2019 3 commits
  3. 27 Aug, 2019 5 commits
  4. 13 Aug, 2019 11 commits
    • Connor Kuehl's avatar
      UBUNTU: Ubuntu-4.4.0-160.188 · 9d2699c7
      Connor Kuehl authored
      Signed-off-by: default avatarConnor Kuehl <connor.kuehl@canonical.com>
      9d2699c7
    • Connor Kuehl's avatar
      UBUNTU: link-to-tracker: update tracking bug · 4d298ab5
      Connor Kuehl authored
      BugLink: https://bugs.launchpad.net/bugs/1840021
      Properties: no-test-build
      Signed-off-by: default avatarConnor Kuehl <connor.kuehl@canonical.com>
      4d298ab5
    • Connor Kuehl's avatar
      UBUNTU: Start new release · 33405e2a
      Connor Kuehl authored
      Ignore: yes
      Signed-off-by: default avatarConnor Kuehl <connor.kuehl@canonical.com>
      33405e2a
    • Connor Kuehl's avatar
    • Hans de Goede's avatar
      platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi · ccb7110c
      Hans de Goede authored
      BugLink: https://bugs.launchpad.net/bugs/1837117
      
      Commit 78f3ac76 ("platform/x86: asus-wmi: Tell the EC the OS will
      handle the display off hotkey") causes the backlight to be permanently off
      on various EeePC laptop models using the eeepc-wmi driver (Asus EeePC
      1015BX, Asus EeePC 1025C).
      
      The asus_wmi_set_devstate(ASUS_WMI_DEVID_BACKLIGHT, 2, NULL) call added
      by that commit is made conditional in this commit and only enabled in
      the quirk_entry structs in the asus-nb-wmi driver fixing the broken
      display / backlight on various EeePC laptop models.
      
      Cc: João Paulo Rechi Vita <jprvita@endlessm.com>
      Fixes: 78f3ac76 ("platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey")
      Signed-off-by: default avatarHans de Goede <hdegoede@redhat.com>
      Signed-off-by: default avatarAndy Shevchenko <andriy.shevchenko@linux.intel.com>
      (backported from commit 1dd93f87)
      [PHLin: context adjustment, only add quirks for models existing in X]
      Signed-off-by: default avatarPo-Hsu Lin <po-hsu.lin@canonical.com>
      Acked-by: default avatarConnor Kuehl <connor.kuehl@canonical.com>
      Acked-by: default avatarKai-Heng Feng <kai.heng.feng@canonical.com>
      Signed-off-by: default avatarKhalid Elmously <khalid.elmously@canonical.com>
      ccb7110c
    • Eric Dumazet's avatar
      inet: switch IP ID generator to siphash · a79a8219
      Eric Dumazet authored
      CVE-2019-10638
      
      According to Amit Klein and Benny Pinkas, IP ID generation is too weak
      and might be used by attackers.
      
      Even with recent net_hash_mix() fix (netns: provide pure entropy for net_hash_mix())
      having 64bit key and Jenkins hash is risky.
      
      It is time to switch to siphash and its 128bit keys.
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarAmit Klein <aksecurity@gmail.com>
      Reported-by: default avatarBenny Pinkas <benny@pinkas.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      (backported from commit df453700)
      [ Connor Kuehl: Adjusted patch to communicate the id return value
        through the skbuf as the function signature for ipv6_proxy_select_ident
        is still void (whereas the patch context expects it to return a
        value). This function signature change doesn't happen until upstream
        commit: 0c19f846 "net: accept UFO datagrams from tuntap and packet" ]
      Signed-off-by: default avatarConnor Kuehl <connor.kuehl@canonical.com>
      Acked-by: default avatarKleber Souza <kleber.souza@canonical.com>
      Acked-by: default avatarTyler Hicks <tyhicks@canonical.com>
      Signed-off-by: default avatarKhalid Elmously <khalid.elmously@canonical.com>
      a79a8219
    • Jason A. Donenfeld's avatar
      siphash: add cryptographically secure PRF · babc199b
      Jason A. Donenfeld authored
      CVE-2019-10638
      
      SipHash is a 64-bit keyed hash function that is actually a
      cryptographically secure PRF, like HMAC. Except SipHash is super fast,
      and is meant to be used as a hashtable keyed lookup function, or as a
      general PRF for short input use cases, such as sequence numbers or RNG
      chaining.
      
      For the first usage:
      
      There are a variety of attacks known as "hashtable poisoning" in which an
      attacker forms some data such that the hash of that data will be the
      same, and then preceeds to fill up all entries of a hashbucket. This is
      a realistic and well-known denial-of-service vector. Currently
      hashtables use jhash, which is fast but not secure, and some kind of
      rotating key scheme (or none at all, which isn't good). SipHash is meant
      as a replacement for jhash in these cases.
      
      There are a modicum of places in the kernel that are vulnerable to
      hashtable poisoning attacks, either via userspace vectors or network
      vectors, and there's not a reliable mechanism inside the kernel at the
      moment to fix it. The first step toward fixing these issues is actually
      getting a secure primitive into the kernel for developers to use. Then
      we can, bit by bit, port things over to it as deemed appropriate.
      
      While SipHash is extremely fast for a cryptographically secure function,
      it is likely a bit slower than the insecure jhash, and so replacements
      will be evaluated on a case-by-case basis based on whether or not the
      difference in speed is negligible and whether or not the current jhash usage
      poses a real security risk.
      
      For the second usage:
      
      A few places in the kernel are using MD5 or SHA1 for creating secure
      sequence numbers, syn cookies, port numbers, or fast random numbers.
      SipHash is a faster and more fitting, and more secure replacement for MD5
      in those situations. Replacing MD5 and SHA1 with SipHash for these uses is
      obvious and straight-forward, and so is submitted along with this patch
      series. There shouldn't be much of a debate over its efficacy.
      
      Dozens of languages are already using this internally for their hash
      tables and PRFs. Some of the BSDs already use this in their kernels.
      SipHash is a widely known high-speed solution to a widely known set of
      problems, and it's time we catch-up.
      Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
      Reviewed-by: default avatarJean-Philippe Aumasson <jeanphilippe.aumasson@gmail.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Eric Biggers <ebiggers3@gmail.com>
      Cc: David Laight <David.Laight@aculab.com>
      Cc: Eric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      (backported from commit 2c956a60)
      [ Connor Kuehl: Minor offset adjustments required due to the high
        traffic nature of things like Kconfig and Makefiles. Had to make
        sure the proper siphash entries made it in to both files since
        the patch context that surrounds it is so different. ]
      Signed-off-by: default avatarConnor Kuehl <connor.kuehl@canonical.com>
      Acked-by: default avatarKleber Souza <kleber.souza@canonical.com>
      Acked-by: default avatarTyler Hicks <tyhicks@canonical.com>
      Signed-off-by: default avatarKhalid Elmously <khalid.elmously@canonical.com>
      babc199b
    • Connor Kuehl's avatar
    • John Johansen's avatar
      UBUNTU: SAUCE: apparmor: fix nnp subset check failure, when stacking · 0924738c
      John Johansen authored
      This is a backport of a fix that landed as part of a larger patch
      in 4.17 commit 9fcf78cc ("apparmor: update domain transitions that are subsets of confinement at nnp")
      
      Domain transitions that add a new profile to the confinement stack
      when under NO NEW PRIVS is allowed as it can not expand privileges.
      
      However such transitions are failing due to how/where the subset
      test is being applied. Applying the test per profile in the
      profile transition and profile_onexec call backs is incorrect as
      it disregards the other profiles in the stack so it can not
      correctly determine if the old confinement stack is a subset of
      the new confinement stack.
      
      Move the test to after the new confinement stack is constructed.
      
      BugLink: http://bugs.launchpad.net/bugs/1839037Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
      Acked-by: default avatarStefan Bader <stefan.bader@canonical.com>
      Acked-by: default avatarTyler Hicks <tyhicks@canonical.com>
      Signed-off-by: default avatarKhalid Elmously <khalid.elmously@canonical.com>
      0924738c
    • John Johansen's avatar
      UBUNTU: SAUCE: apparmor: fix audit failures when performing profile transitions · a0e9375b
      John Johansen authored
      v2. Add fix to profile_transition() also
      
      There are 2 cases where a denial in onexec profile transitions can
      occur that results in an apparmor WARN traceback. The first occurs if
      onexec is denied by policy, the second if onexec fails due to
      no-new-privs.
      
      A similar failure can occur in profile_transition() when directed to
      perform a stack, resulting in a simiar traceback with handle_onexec()
      replaced by profile_transition().
      
      [1140910.816457] ------------[ cut here ]------------
      [1140910.816466] WARNING: CPU: 4 PID: 32497 at /build/linux-UdetSb/linux-4.4.0/security/apparmor/file.c:136 aa_audit_file+0x16e/0x180()
      [1140910.816467] AppArmor WARN aa_audit_file: ((!(&sa)->apparmor_audit_data->request)):
      [1140910.816469] Modules linked in:
      [1140910.816470]  xt_mark xt_comment ip_vs_sh ip_vs_wrr ip_vs_rr ip_vs xt_REDIRECT nf_nat_redirect xt_nat veth btrfs xor raid6_pq ufs qnx4 hfsplus hfs minix ntfs msdos jfs xfs libcrc32c msr nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo xt_addrtype br_netfilter pci_stub vboxpci(OE) vboxnetadp(OE) vboxnetflt(OE) vboxdrv(OE) xt_CHECKSUM iptable_mangle rfcomm ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ipt_REJECT nf_reject_ipv4 xt_tcpudp bridge stp llc ebtable_filter ebtables ip6table_filter ip6_tables xt_multiport iptable_filter ip_tables x_tables aufs overlay bnep uvcvideo videobuf2_vmalloc btusb videobuf2_memops videobuf2_v4l2 btrtl btbcm videobuf2_core btintel v4l2_common bluetooth videodev media binfmt_misc arc4
      [1140910.816508]  iwlmvm mac80211 intel_rapl snd_hda_codec_hdmi x86_pkg_temp_thermal intel_powerclamp snd_hda_codec_realtek snd_hda_codec_generic iwlwifi joydev input_leds serio_raw cfg80211 snd_hda_intel snd_hda_codec snd_hda_core lpc_ich snd_hwdep thinkpad_acpi nvram snd_pcm snd_seq_midi mei_me snd_seq_midi_event shpchp ie31200_edac mei snd_rawmidi edac_core snd_seq wmi snd_seq_device snd_timer snd soundcore kvm_intel mac_hid kvm irqbypass coretemp parport_pc ppdev lp parport autofs4 drbg ansi_cprng algif_skcipher af_alg dm_crypt hid_generic hid_logitech_hidpp hid_logitech_dj usbhid hid uas usb_storage crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel i915 aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd i2c_algo_bit drm_kms_helper psmouse syscopyarea sysfillrect ahci sysimgblt e1000e
      [1140910.816544]  fb_sys_fops libahci sdhci_pci drm sdhci ptp pps_core fjes video
      [1140910.816549] CPU: 4 PID: 32497 Comm: runc:[2:INIT] Tainted: G        W  OE   4.4.0-151-generic #178-Ubuntu
      [1140910.816551] Hardware name: LENOVO 20EFCTO1WW/20EFCTO1WW, BIOS GNET82WW (2.30 ) 03/21/2017
      [1140910.816552]  0000000000000286 312c35d8d7e796cb ffff880637cef9d0 ffffffff8140b481
      [1140910.816554]  ffff880637cefa18 ffffffff81d02fe8 ffff880637cefa08 ffffffff81085432
      [1140910.816555]  ffff880108206400 ffff880637cefb6c ffff880825129b88 ffff880637cefd88
      [1140910.816557] Call Trace:
      [1140910.816563]  [<ffffffff8140b481>] dump_stack+0x63/0x82
      [1140910.816567]  [<ffffffff81085432>] warn_slowpath_common+0x82/0xc0
      [1140910.816569]  [<ffffffff810854cc>] warn_slowpath_fmt+0x5c/0x80
      [1140910.816571]  [<ffffffff81397ebc>] ? label_match.constprop.9+0x3dc/0x6c0
      [1140910.816573]  [<ffffffff813a696e>] aa_audit_file+0x16e/0x180
      [1140910.816575]  [<ffffffff813982dd>] profile_onexec+0x13d/0x3d0
      [1140910.816577]  [<ffffffff8139a33e>] handle_onexec+0x10e/0x10d0
      [1140910.816581]  [<ffffffff81242957>] ? vfs_getxattr_alloc+0x67/0x100
      [1140910.816584]  [<ffffffff81355395>] ? cap_inode_getsecurity+0x95/0x220
      [1140910.816588]  [<ffffffff8135965d>] ? security_inode_getsecurity+0x5d/0x70
      [1140910.816590]  [<ffffffff8139b417>] apparmor_bprm_set_creds+0x117/0xa60
      [1140910.816591]  [<ffffffff81242a8e>] ? vfs_getxattr+0x9e/0xb0
      [1140910.816595]  [<ffffffffc05be712>] ? ovl_getxattr+0x52/0xb0 [overlay]
      [1140910.816597]  [<ffffffff8135619d>] ? get_vfs_caps_from_disk+0x7d/0x180
      [1140910.816599]  [<ffffffff81356343>] ? cap_bprm_set_creds+0xa3/0x5f0
      [1140910.816601]  [<ffffffff81358909>] security_bprm_set_creds+0x39/0x50
      [1140910.816605]  [<ffffffff812229d5>] prepare_binprm+0x85/0x190
      [1140910.816607]  [<ffffffff812240f4>] do_execveat_common.isra.31+0x4b4/0x770
      [1140910.816610]  [<ffffffff8122460a>] SyS_execve+0x3a/0x50
      [1140910.816613]  [<ffffffff81863ed5>] stub_execve+0x5/0x5
      [1140910.816615]  [<ffffffff81863b5b>] ? entry_SYSCALL_64_fastpath+0x22/0xcb
      [1140910.816616] ---[ end trace cf4320c1d43eedd8 ]---
      
      This is because the error is being audited as if onexec was not denied
      this triggering the AA_BUG check.
      
      BugLink: http://bugs.launchpad.net/bugs/1838627Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
      Acked-by: default avatarKleber Souza <kleber.souza@canonical.com>
      Acked-by: default avatarTyler Hicks <tyhicks@canonical.com>
      Signed-off-by: default avatarKhalid Elmously <khalid.elmously@canonical.com>
      a0e9375b
    • John Johansen's avatar
      UBUNTU: SAUCE: apparmor: flock mediation is not being, enforced on cache check · 97ac9e61
      John Johansen authored
      When an open file with cached permissions is checked for the flock
      permission. The cache check fails and falls through to no error instead
      of auditing, and returning an error.
      
      For the fall through to do a permission check, so it will audit the
      failed flock permission check.
      
      BugLink: https://bugs.launchpad.net/bugs/1838090
      BugLink: https://bugs.launchpad.net/bugs/1658219Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
      Acked-by: default avatarStefan Bader <stefan.bader@canonical.com>
      Acked-by: default avatarTyler Hicks <tyhicks@canonical.com>
      Signed-off-by: default avatarKhalid Elmously <khalid.elmously@canonical.com>
      97ac9e61