lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Mon, 13 Oct 2008 10:16:48 +1100 (EST)
From:	James Morris <jmorris@...ei.org>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
cc:	linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org, netdev@...r.kernel.org
Subject: [GIT] Security related updates

Hi Linus,

Some more security-related updates for 2.6.28, notably including an update 
to Paul Moore's Netlabel code (DaveM asked for it to go via my tree, and 
it is self-contained) and TPM updates.  Please pull.

The following changes since commit f1b2a5ace996de339292d4035f9f5b294aecd11e:
  Linus Torvalds (1):
        Merge git://git.kernel.org/.../sfrench/cifs-2.6

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6 for-linus

Andrew Morton (1):
      ERROR: code indent should use tabs where possible

James Morris (2):
      Merge branch 'master' of git://git.infradead.org/users/pcmoore/lblnet-2.6_next into next
      Merge branch 'next' into for-linus

Mimi Zohar (1):
      integrity: special fs magic

Paul Moore (17):
      netlabel: Fix some sparse warnings
      selinux: Cleanup the NetLabel glue code
      selinux: Correctly handle IPv4 packets on IPv6 sockets in all cases
      netlabel: Remove unneeded in-kernel API functions
      selinux: Better local/forward check in selinux_ip_postroute()
      selinux: Fix a problem in security_netlbl_sid_to_secattr()
      selinux: Fix missing calls to netlbl_skbuff_err()
      smack: Fix missing calls to netlbl_skbuff_err()
      netlabel: Replace protocol/NetLabel linking with refrerence counts
      netlabel: Add a generic way to create ordered linked lists of network addrs
      netlabel: Add network address selectors to the NetLabel/LSM domain mapping
      netlabel: Add functionality to set the security attributes of a packet
      selinux: Set socket NetLabel based on connection endpoint
      selinux: Cache NetLabel secattrs in the socket's security struct
      netlabel: Changes to the NetLabel security attributes to allow LSMs to pass full contexts
      cipso: Add support for native local labeling and fixup mapping names
      netlabel: Add configuration support for local labeling

Rajiv Andrade (5):
      Remove the BKL calls from the TPM driver, which were added in the overall
      Renames num_open to is_open, as only one process can open the file at a time.
      Protect tpm_chip_list when transversing it.
      The tpm_dev_release function is only called for platform devices, not pnp
      As pointed out by Jonathan Corbet, the timer must be deleted before

 drivers/char/tpm/tpm.c              |   96 +++---
 drivers/char/tpm/tpm.h              |    3 +-
 drivers/char/tpm/tpm_tis.c          |   14 +-
 fs/debugfs/inode.c                  |    3 +-
 include/linux/magic.h               |    4 +
 include/net/cipso_ipv4.h            |   55 +++-
 include/net/netlabel.h              |   51 ++-
 mm/shmem.c                          |    4 +-
 net/ipv4/cipso_ipv4.c               |  656 ++++++++++++++++++++++++-----------
 net/ipv4/ip_options.c               |    2 +-
 net/netlabel/Makefile               |    3 +-
 net/netlabel/netlabel_addrlist.c    |  388 +++++++++++++++++++++
 net/netlabel/netlabel_addrlist.h    |  189 ++++++++++
 net/netlabel/netlabel_cipso_v4.c    |  136 +++++---
 net/netlabel/netlabel_cipso_v4.h    |   10 +-
 net/netlabel/netlabel_domainhash.c  |  393 ++++++++++++++++-----
 net/netlabel/netlabel_domainhash.h  |   40 ++-
 net/netlabel/netlabel_kapi.c        |  272 ++++++++++-----
 net/netlabel/netlabel_mgmt.c        |  410 ++++++++++++++++------
 net/netlabel/netlabel_mgmt.h        |   59 +++-
 net/netlabel/netlabel_unlabeled.c   |  456 ++++++++----------------
 security/inode.c                    |    3 +-
 security/selinux/hooks.c            |  229 +++++++++----
 security/selinux/include/netlabel.h |   44 +++-
 security/selinux/include/objsec.h   |    9 +-
 security/selinux/netlabel.c         |  280 +++++++++++++---
 security/selinux/ss/services.c      |   13 +-
 security/smack/smack_lsm.c          |    5 +-
 security/smack/smackfs.c            |    4 +-
 29 files changed, 2800 insertions(+), 1031 deletions(-)
 create mode 100644 net/netlabel/netlabel_addrlist.c
 create mode 100644 net/netlabel/netlabel_addrlist.h


-- 
James Morris
<jmorris@...ei.org>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ