lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <alpine.LRH.2.20.1511031917490.18754@namei.org>
Date:	Tue, 3 Nov 2015 19:23:28 +1100 (AEDT)
From:	James Morris <jmorris@...ei.org>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
cc:	linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org
Subject: [GIT PULL] Security subsystem update for 4.4

Please pull.

This is mostly maintenance updates across the subsystem, with a notable 
update for TPM 2.0, and addition of Jarkko Sakkinen as a maintainer of 
that.

The following changes since commit 5062ecdb662bf3aed6dc975019c53ffcd3b01d1c:

  Merge tag 'regmap-v4.4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap (2015-11-02 16:16:24 -0800)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next

Arnd Bergmann (1):
      apparmor: clarify CRYPTO dependency

David Howells (3):
      KEYS: Provide a script to extract the sys cert list from a vmlinux file
      KEYS: Provide a script to extract a module signature
      KEYS: Merge the type-specific data with the payload data

Dmitry Kasatkin (1):
      integrity: prevent loading untrusted certificates on the IMA trusted keyring

Geert Uytterhoeven (1):
      tpm: Allow compile test of GPIO consumers if !GPIOLIB

Geliang Tang (3):
      smack: smk_ipv6_port_list should be static
      KEYS: use kvfree() in add_key
      selinux: ioctl_has_perm should be static

Hon Ching \(Vicky\) Lo (6):
      vTPM: fix memory allocation flag for rtce buffer at kernel boot
      vTPM: fix searching for the right vTPM node in device tree
      vTPM: reformat event log to be byte-aligned
      vTPM: get the buffer allocated for event log instead of the actual log
      vTPM: support little endian guests
      TPM: remove unnecessary little endian conversion

Insu Yun (1):
      keys: Be more consistent in selection of union members used

James Morris (4):
      Merge branch 'next' of git://git.kernel.org/.../zohar/linux-integrity into next
      Merge branch 'smack-for-4.4' of https://github.com/cschaufler/smack-next into next
      Merge branch 'upstream' of git://git.infradead.org/users/pcmoore/selinux into next
      Merge tag 'keys-next-20151021' of git://git.kernel.org/.../dhowells/linux-fs into next

Jarkko Sakkinen (10):
      tpm, tpm_crb: fix unaligned read of the command buffer address
      tpm, tpm_tis: fix tpm_tis ACPI detection issue with TPM 2.0
      sysfs: added __compat_only_sysfs_link_entry_to_kobj()
      tpm: move the PPI attributes to character device directory.
      tpm: update PPI documentation to address the location change.
      tpm: introduce tpm_buf
      keys, trusted: move struct trusted_key_options to trusted-type.h
      tpm: seal/unseal for TPM 2.0
      keys, trusted: seal/unseal with TPM 2.0 chips
      MAINTAINERS: add new maintainer for TPM DEVICE DRIVER

Jeff Vander Stoep (1):
      selinux: do not check open perm on ftruncate call

José Bollo (1):
      Smack: Minor initialisation improvement

Krzysztof Kozlowski (1):
      char: Drop owner assignment from i2c_driver

Lukasz Pawelczyk (1):
      Smack: fix a NULL dereference in wrong smack_import_entry() usage

Paul Gortmaker (1):
      certs: add .gitignore to stop git nagging about x509_certificate_list

Paul Moore (1):
      selinux: change CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE default

Rasmus Villemoes (5):
      selinux: introduce security_context_str_to_sid
      selinux: remove pointless cast in selinux_inode_setsecurity()
      selinux: use kmemdup in security_sid_to_context_core()
      selinux: use kstrdup() in security_get_bools()
      selinux: use sprintf return value

Roman Kubiak (1):
      Smack: pipefs fix in smack_d_instantiate

Sangwoo (1):
      selinux: Use a kmem_cache for allocation struct file_security_struct

Zbigniew Jasinski (1):
      Smack: limited capability for changing process label

 Documentation/ABI/testing/sysfs-driver-ppi       |   19 +-
 Documentation/crypto/asymmetric-keys.txt         |   27 ++--
 Documentation/security/Smack.txt                 |   10 +
 Documentation/security/keys.txt                  |   41 +++--
 MAINTAINERS                                      |    1 +
 arch/powerpc/kernel/prom_init.c                  |   40 +++-
 certs/.gitignore                                 |    4 +
 crypto/asymmetric_keys/asymmetric_keys.h         |    5 -
 crypto/asymmetric_keys/asymmetric_type.c         |   44 +++--
 crypto/asymmetric_keys/public_key.c              |    4 +-
 crypto/asymmetric_keys/signature.c               |    2 +-
 crypto/asymmetric_keys/x509_parser.h             |    1 +
 crypto/asymmetric_keys/x509_public_key.c         |    9 +-
 drivers/char/tpm/st33zp24/Kconfig                |    2 +-
 drivers/char/tpm/st33zp24/i2c.c                  |    1 -
 drivers/char/tpm/tpm-chip.c                      |   24 ++-
 drivers/char/tpm/tpm-interface.c                 |   76 +++++++
 drivers/char/tpm/tpm.h                           |  134 +++++++++++-
 drivers/char/tpm/tpm2-cmd.c                      |  250 +++++++++++++++++++++-
 drivers/char/tpm/tpm_crb.c                       |   39 ++--
 drivers/char/tpm/tpm_eventlog.c                  |   78 +++++--
 drivers/char/tpm/tpm_eventlog.h                  |    6 +
 drivers/char/tpm/tpm_i2c_atmel.c                 |    1 -
 drivers/char/tpm/tpm_i2c_infineon.c              |    1 -
 drivers/char/tpm/tpm_i2c_nuvoton.c               |    1 -
 drivers/char/tpm/tpm_ibmvtpm.c                   |    2 +-
 drivers/char/tpm/tpm_of.c                        |    6 +-
 drivers/char/tpm/tpm_ppi.c                       |   34 +--
 drivers/char/tpm/tpm_tis.c                       |  192 ++++++++++++++---
 fs/cifs/cifs_spnego.c                            |    6 +-
 fs/cifs/cifsacl.c                                |   25 +--
 fs/cifs/connect.c                                |    9 +-
 fs/cifs/sess.c                                   |    2 +-
 fs/cifs/smb2pdu.c                                |    2 +-
 fs/ecryptfs/ecryptfs_kernel.h                    |    5 +-
 fs/ext4/crypto_key.c                             |    4 +-
 fs/f2fs/crypto_key.c                             |    4 +-
 fs/fscache/object-list.c                         |    4 +-
 fs/nfs/nfs4idmap.c                               |    4 +-
 fs/sysfs/group.c                                 |   44 ++++
 include/crypto/public_key.h                      |    1 -
 include/keys/asymmetric-subtype.h                |    2 +-
 include/keys/asymmetric-type.h                   |   15 ++
 include/keys/trusted-type.h                      |   14 ++-
 include/keys/user-type.h                         |    8 +
 include/linux/key-type.h                         |    3 +-
 include/linux/key.h                              |   33 ++--
 include/linux/sysfs.h                            |   11 +
 include/linux/tpm.h                              |   26 +++
 kernel/.gitignore                                |    1 -
 kernel/module_signing.c                          |    1 +
 lib/digsig.c                                     |    7 +-
 net/ceph/ceph_common.c                           |    2 +-
 net/ceph/crypto.c                                |    6 +-
 net/dns_resolver/dns_key.c                       |   20 +-
 net/dns_resolver/dns_query.c                     |    7 +-
 net/dns_resolver/internal.h                      |    8 +
 net/rxrpc/af_rxrpc.c                             |    2 +-
 net/rxrpc/ar-key.c                               |   32 ++--
 net/rxrpc/ar-output.c                            |    2 +-
 net/rxrpc/ar-security.c                          |    4 +-
 net/rxrpc/rxkad.c                                |   16 +-
 scripts/extract-module-sig.pl                    |  136 ++++++++++++
 scripts/extract-sys-certs.pl                     |  144 +++++++++++++
 security/apparmor/Kconfig                        |    2 +-
 security/integrity/digsig.c                      |    2 +-
 security/integrity/evm/evm_crypto.c              |    2 +-
 security/keys/big_key.c                          |   47 +++--
 security/keys/encrypted-keys/encrypted.c         |   18 +-
 security/keys/encrypted-keys/encrypted.h         |    4 +-
 security/keys/encrypted-keys/masterkey_trusted.c |    4 +-
 security/keys/key.c                              |   20 +-
 security/keys/keyctl.c                           |   12 +-
 security/keys/keyring.c                          |   12 +-
 security/keys/process_keys.c                     |    4 +-
 security/keys/request_key.c                      |    4 +-
 security/keys/request_key_auth.c                 |   12 +-
 security/keys/trusted.c                          |   42 +++-
 security/keys/trusted.h                          |   11 -
 security/keys/user_defined.c                     |   14 +-
 security/selinux/Kconfig                         |    4 +-
 security/selinux/hooks.c                         |   27 ++--
 security/selinux/include/security.h              |    2 +
 security/selinux/selinuxfs.c                     |   26 +--
 security/selinux/ss/services.c                   |   22 +--
 security/smack/smack.h                           |    4 +-
 security/smack/smack_access.c                    |    6 +-
 security/smack/smack_lsm.c                       |   67 ++++++-
 security/smack/smackfs.c                         |  208 +++++++++++++++----
 89 files changed, 1748 insertions(+), 492 deletions(-)
 create mode 100644 certs/.gitignore
 create mode 100755 scripts/extract-module-sig.pl
 create mode 100755 scripts/extract-sys-certs.pl

-- 
James Morris
<jmorris@...ei.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ