lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <9fd4ffcb-3f88-4c4c-b580-86895396e933@canonical.com>
Date: Thu, 18 Jan 2024 15:52:03 -0800
From: John Johansen <john.johansen@...onical.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: LKLM <linux-kernel@...r.kernel.org>,
 "open list:SECURITY SUBSYSTEM" <linux-security-module@...r.kernel.org>
Subject: [GIT PULL] AppArmor updates for 6.8

Hi Linus,

Please pull the following apparmor for patches for the 6.8 merge
window.

This PR adds a single feature, switch the hash used to check policy
from sha1 to sha256

There are fixes for two memory leaks, and refcount bug and a potential
crash when a profile name is empty. Along with a couple minor code
cleanups.

These patches have been in linux-next and been tested while in there,
and have also had a merge and regression test against your current
tree as of this morning.

thanks
- john


The following changes since commit b85ea95d086471afb4ad062012a4d73cd328fa86:

   Linux 6.7-rc1 (2023-11-12 16:19:07 -0800)

are available in the Git repository at:

   git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor tags/apparmor-pr-2024-01-18

for you to fetch changes up to 8ead196be219adade3bd0d4115cc9b8506643121:

   apparmor: Fix memory leak in unpack_profile() (2024-01-09 01:45:25 -0800)

----------------------------------------------------------------
+ Features
   - switch policy hash fro sha1 to sha256

+ Bug Fixes
   - Fix refcount leak in task_kill
   - Fix leak of pdb objects and trans_table
   - avoid crash when parse profile name is empty

+ Cleanups
   - add static to stack_msg and nulldfa
   - more kernel-doc cleanups

----------------------------------------------------------------
Dimitri John Ledkov (1):
       apparmor: switch SECURITY_APPARMOR_HASH from sha1 to sha256

Fedor Pchelkin (3):
       apparmor: free the allocated pdb objects
       apparmor: fix possible memory leak in unpack_trans_table
       apparmor: avoid crash when parsed profile name is empty

Gaosheng Cui (1):
       apparmor: Fix memory leak in unpack_profile()

John Johansen (5):
       apparmor: declare stack_msg as static
       apparmor: declare nulldfa as static
       apparmor: add missing params to aa_may_ptrace kernel-doc comments
       apparmor: cleanup network hook comments
       apparmor: Fix ref count leak in task_kill

  security/apparmor/Kconfig         | 12 ++++----
  security/apparmor/apparmorfs.c    | 16 +++++-----
  security/apparmor/crypto.c        |  6 ++--
  security/apparmor/domain.c        |  2 +-
  security/apparmor/lib.c           |  1 +
  security/apparmor/lsm.c           | 63 +++++++++++----------------------------
  security/apparmor/policy.c        | 13 ++++----
  security/apparmor/policy_unpack.c | 13 +++++---
  security/apparmor/task.c          |  2 ++
  9 files changed, 54 insertions(+), 74 deletions(-)


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ