From: Greg Kroah-Hartman Date: Tue, 2 Oct 2018 10:01:00 +0000 (-0700) Subject: drop audit-fix-extended-comparison-of-gid-egid.patch X-Git-Tag: v4.18.12~24 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7ca58ca978665dd816ba3c701eab0b588247e85c;p=thirdparty%2Fkernel%2Fstable-queue.git drop audit-fix-extended-comparison-of-gid-egid.patch --- diff --git a/queue-3.18/audit-fix-extended-comparison-of-gid-egid.patch b/queue-3.18/audit-fix-extended-comparison-of-gid-egid.patch deleted file mode 100644 index dba50a59475..00000000000 --- a/queue-3.18/audit-fix-extended-comparison-of-gid-egid.patch +++ /dev/null @@ -1,60 +0,0 @@ -From foo@baz Sat Sep 29 04:32:11 PDT 2018 -From: "Ondrej Mosnáček" -Date: Tue, 5 Jun 2018 11:00:10 +0200 -Subject: audit: Fix extended comparison of GID/EGID - -From: "Ondrej Mosnáček" - -[ Upstream commit af85d1772e31fed34165a1b3decef340cf4080c0 ] - -The audit_filter_rules() function in auditsc.c used the in_[e]group_p() -functions to check GID/EGID match, but these functions use the current -task's credentials, while the comparison should use the credentials of -the task given to audit_filter_rules() as a parameter (tsk). - -Note that we can use group_search(cred->group_info, ...) as a -replacement for both in_group_p and in_egroup_p as these functions only -compare the parameter to cred->fsgid/egid and then call group_search. - -In fact, the usage of in_group_p was even more incorrect: it compares to -cred->fsgid (which is usually equal to cred->egid) and not cred->gid. - -GitHub issue: -https://github.com/linux-audit/audit-kernel/issues/82 - -Fixes: 37eebe39c973 ("audit: improve GID/EGID comparation logic") -Signed-off-by: Ondrej Mosnacek -Signed-off-by: Paul Moore -Signed-off-by: Sasha Levin -Signed-off-by: Greg Kroah-Hartman ---- - kernel/auditsc.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - ---- a/kernel/auditsc.c -+++ b/kernel/auditsc.c -@@ -484,20 +484,20 @@ static int audit_filter_rules(struct tas - result = audit_gid_comparator(cred->gid, f->op, f->gid); - if (f->op == Audit_equal) { - if (!result) -- result = in_group_p(f->gid); -+ result = groups_search(cred->group_info, f->gid); - } else if (f->op == Audit_not_equal) { - if (result) -- result = !in_group_p(f->gid); -+ result = !groups_search(cred->group_info, f->gid); - } - break; - case AUDIT_EGID: - result = audit_gid_comparator(cred->egid, f->op, f->gid); - if (f->op == Audit_equal) { - if (!result) -- result = in_egroup_p(f->gid); -+ result = groups_search(cred->group_info, f->gid); - } else if (f->op == Audit_not_equal) { - if (result) -- result = !in_egroup_p(f->gid); -+ result = !groups_search(cred->group_info, f->gid); - } - break; - case AUDIT_SGID: diff --git a/queue-3.18/series b/queue-3.18/series index 2718ab415c7..a36bd88c31b 100644 --- a/queue-3.18/series +++ b/queue-3.18/series @@ -42,7 +42,6 @@ wlcore-add-missing-pm-call-for-wlcore_cmd_wait_for_event_or_timeout.patch arm-mvebu-declare-asm-symbols-as-character-arrays-in-pmsu.c.patch hid-hid-ntrig-add-error-handling-for-sysfs_create_group.patch scsi-bnx2i-add-error-handling-for-ioremap_nocache.patch -audit-fix-extended-comparison-of-gid-egid.patch asoc-dapm-fix-potential-dai-widget-pointer-deref-when-linking-dais.patch module-exclude-shn_undef-symbols-from-kallsyms-api.patch nfsd-fix-corrupted-reply-to-badly-ordered-compound.patch diff --git a/queue-4.14/audit-fix-extended-comparison-of-gid-egid.patch b/queue-4.14/audit-fix-extended-comparison-of-gid-egid.patch deleted file mode 100644 index 78415ecbb9d..00000000000 --- a/queue-4.14/audit-fix-extended-comparison-of-gid-egid.patch +++ /dev/null @@ -1,60 +0,0 @@ -From foo@baz Sat Sep 29 04:27:59 PDT 2018 -From: "Ondrej Mosnáček" -Date: Tue, 5 Jun 2018 11:00:10 +0200 -Subject: audit: Fix extended comparison of GID/EGID - -From: "Ondrej Mosnáček" - -[ Upstream commit af85d1772e31fed34165a1b3decef340cf4080c0 ] - -The audit_filter_rules() function in auditsc.c used the in_[e]group_p() -functions to check GID/EGID match, but these functions use the current -task's credentials, while the comparison should use the credentials of -the task given to audit_filter_rules() as a parameter (tsk). - -Note that we can use group_search(cred->group_info, ...) as a -replacement for both in_group_p and in_egroup_p as these functions only -compare the parameter to cred->fsgid/egid and then call group_search. - -In fact, the usage of in_group_p was even more incorrect: it compares to -cred->fsgid (which is usually equal to cred->egid) and not cred->gid. - -GitHub issue: -https://github.com/linux-audit/audit-kernel/issues/82 - -Fixes: 37eebe39c973 ("audit: improve GID/EGID comparation logic") -Signed-off-by: Ondrej Mosnacek -Signed-off-by: Paul Moore -Signed-off-by: Sasha Levin -Signed-off-by: Greg Kroah-Hartman ---- - kernel/auditsc.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - ---- a/kernel/auditsc.c -+++ b/kernel/auditsc.c -@@ -490,20 +490,20 @@ static int audit_filter_rules(struct tas - result = audit_gid_comparator(cred->gid, f->op, f->gid); - if (f->op == Audit_equal) { - if (!result) -- result = in_group_p(f->gid); -+ result = groups_search(cred->group_info, f->gid); - } else if (f->op == Audit_not_equal) { - if (result) -- result = !in_group_p(f->gid); -+ result = !groups_search(cred->group_info, f->gid); - } - break; - case AUDIT_EGID: - result = audit_gid_comparator(cred->egid, f->op, f->gid); - if (f->op == Audit_equal) { - if (!result) -- result = in_egroup_p(f->gid); -+ result = groups_search(cred->group_info, f->gid); - } else if (f->op == Audit_not_equal) { - if (result) -- result = !in_egroup_p(f->gid); -+ result = !groups_search(cred->group_info, f->gid); - } - break; - case AUDIT_SGID: diff --git a/queue-4.14/series b/queue-4.14/series index 554e623f6df..aba6c22c3a5 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -69,7 +69,6 @@ mips-boot-fix-build-rule-of-vmlinux.its.s.patch perf-x86-intel-lbr-fix-incomplete-lbr-call-stack.patch scsi-bnx2i-add-error-handling-for-ioremap_nocache.patch iomap-complete-partial-direct-i-o-writes-synchronously.patch -audit-fix-extended-comparison-of-gid-egid.patch scsi-megaraid_sas-update-controller-info-during-resume.patch edac-i7core-fix-memleaks-and-use-after-free-on-probe-and-remove.patch asoc-dapm-fix-potential-dai-widget-pointer-deref-when-linking-dais.patch diff --git a/queue-4.18/audit-fix-extended-comparison-of-gid-egid.patch b/queue-4.18/audit-fix-extended-comparison-of-gid-egid.patch deleted file mode 100644 index f143c08573d..00000000000 --- a/queue-4.18/audit-fix-extended-comparison-of-gid-egid.patch +++ /dev/null @@ -1,60 +0,0 @@ -From foo@baz Sat Sep 29 04:24:28 PDT 2018 -From: "Ondrej Mosnáček" -Date: Tue, 5 Jun 2018 11:00:10 +0200 -Subject: audit: Fix extended comparison of GID/EGID - -From: "Ondrej Mosnáček" - -[ Upstream commit af85d1772e31fed34165a1b3decef340cf4080c0 ] - -The audit_filter_rules() function in auditsc.c used the in_[e]group_p() -functions to check GID/EGID match, but these functions use the current -task's credentials, while the comparison should use the credentials of -the task given to audit_filter_rules() as a parameter (tsk). - -Note that we can use group_search(cred->group_info, ...) as a -replacement for both in_group_p and in_egroup_p as these functions only -compare the parameter to cred->fsgid/egid and then call group_search. - -In fact, the usage of in_group_p was even more incorrect: it compares to -cred->fsgid (which is usually equal to cred->egid) and not cred->gid. - -GitHub issue: -https://github.com/linux-audit/audit-kernel/issues/82 - -Fixes: 37eebe39c973 ("audit: improve GID/EGID comparation logic") -Signed-off-by: Ondrej Mosnacek -Signed-off-by: Paul Moore -Signed-off-by: Sasha Levin -Signed-off-by: Greg Kroah-Hartman ---- - kernel/auditsc.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - ---- a/kernel/auditsc.c -+++ b/kernel/auditsc.c -@@ -494,20 +494,20 @@ static int audit_filter_rules(struct tas - result = audit_gid_comparator(cred->gid, f->op, f->gid); - if (f->op == Audit_equal) { - if (!result) -- result = in_group_p(f->gid); -+ result = groups_search(cred->group_info, f->gid); - } else if (f->op == Audit_not_equal) { - if (result) -- result = !in_group_p(f->gid); -+ result = !groups_search(cred->group_info, f->gid); - } - break; - case AUDIT_EGID: - result = audit_gid_comparator(cred->egid, f->op, f->gid); - if (f->op == Audit_equal) { - if (!result) -- result = in_egroup_p(f->gid); -+ result = groups_search(cred->group_info, f->gid); - } else if (f->op == Audit_not_equal) { - if (result) -- result = !in_egroup_p(f->gid); -+ result = !groups_search(cred->group_info, f->gid); - } - break; - case AUDIT_SGID: diff --git a/queue-4.18/series b/queue-4.18/series index 4aa0c78c722..e08792f4d26 100644 --- a/queue-4.18/series +++ b/queue-4.18/series @@ -105,7 +105,6 @@ perf-x86-intel-lbr-fix-incomplete-lbr-call-stack.patch scsi-bnx2i-add-error-handling-for-ioremap_nocache.patch iomap-complete-partial-direct-i-o-writes-synchronously.patch scsi-hisi_sas-fix-the-conflict-between-dev-gone-and-host-reset.patch -audit-fix-extended-comparison-of-gid-egid.patch spi-orion-fix-cs-gpio-handling-again.patch scsi-megaraid_sas-update-controller-info-during-resume.patch asoc-intel-bytcr_rt5640-fix-acer-iconia-8-over-current-detect-threshold.patch diff --git a/queue-4.4/audit-fix-extended-comparison-of-gid-egid.patch b/queue-4.4/audit-fix-extended-comparison-of-gid-egid.patch deleted file mode 100644 index 859b961c57d..00000000000 --- a/queue-4.4/audit-fix-extended-comparison-of-gid-egid.patch +++ /dev/null @@ -1,60 +0,0 @@ -From foo@baz Sat Sep 29 04:30:43 PDT 2018 -From: "Ondrej Mosnáček" -Date: Tue, 5 Jun 2018 11:00:10 +0200 -Subject: audit: Fix extended comparison of GID/EGID - -From: "Ondrej Mosnáček" - -[ Upstream commit af85d1772e31fed34165a1b3decef340cf4080c0 ] - -The audit_filter_rules() function in auditsc.c used the in_[e]group_p() -functions to check GID/EGID match, but these functions use the current -task's credentials, while the comparison should use the credentials of -the task given to audit_filter_rules() as a parameter (tsk). - -Note that we can use group_search(cred->group_info, ...) as a -replacement for both in_group_p and in_egroup_p as these functions only -compare the parameter to cred->fsgid/egid and then call group_search. - -In fact, the usage of in_group_p was even more incorrect: it compares to -cred->fsgid (which is usually equal to cred->egid) and not cred->gid. - -GitHub issue: -https://github.com/linux-audit/audit-kernel/issues/82 - -Fixes: 37eebe39c973 ("audit: improve GID/EGID comparation logic") -Signed-off-by: Ondrej Mosnacek -Signed-off-by: Paul Moore -Signed-off-by: Sasha Levin -Signed-off-by: Greg Kroah-Hartman ---- - kernel/auditsc.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - ---- a/kernel/auditsc.c -+++ b/kernel/auditsc.c -@@ -489,20 +489,20 @@ static int audit_filter_rules(struct tas - result = audit_gid_comparator(cred->gid, f->op, f->gid); - if (f->op == Audit_equal) { - if (!result) -- result = in_group_p(f->gid); -+ result = groups_search(cred->group_info, f->gid); - } else if (f->op == Audit_not_equal) { - if (result) -- result = !in_group_p(f->gid); -+ result = !groups_search(cred->group_info, f->gid); - } - break; - case AUDIT_EGID: - result = audit_gid_comparator(cred->egid, f->op, f->gid); - if (f->op == Audit_equal) { - if (!result) -- result = in_egroup_p(f->gid); -+ result = groups_search(cred->group_info, f->gid); - } else if (f->op == Audit_not_equal) { - if (result) -- result = !in_egroup_p(f->gid); -+ result = !groups_search(cred->group_info, f->gid); - } - break; - case AUDIT_SGID: diff --git a/queue-4.4/series b/queue-4.4/series index c8c8cbdc2d1..854abe1b2bf 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -35,7 +35,6 @@ wlcore-add-missing-pm-call-for-wlcore_cmd_wait_for_event_or_timeout.patch arm-mvebu-declare-asm-symbols-as-character-arrays-in-pmsu.c.patch hid-hid-ntrig-add-error-handling-for-sysfs_create_group.patch scsi-bnx2i-add-error-handling-for-ioremap_nocache.patch -audit-fix-extended-comparison-of-gid-egid.patch edac-i7core-fix-memleaks-and-use-after-free-on-probe-and-remove.patch asoc-dapm-fix-potential-dai-widget-pointer-deref-when-linking-dais.patch module-exclude-shn_undef-symbols-from-kallsyms-api.patch diff --git a/queue-4.9/audit-fix-extended-comparison-of-gid-egid.patch b/queue-4.9/audit-fix-extended-comparison-of-gid-egid.patch deleted file mode 100644 index 1409bd48d2f..00000000000 --- a/queue-4.9/audit-fix-extended-comparison-of-gid-egid.patch +++ /dev/null @@ -1,60 +0,0 @@ -From foo@baz Sat Sep 29 04:29:21 PDT 2018 -From: "Ondrej Mosnáček" -Date: Tue, 5 Jun 2018 11:00:10 +0200 -Subject: audit: Fix extended comparison of GID/EGID - -From: "Ondrej Mosnáček" - -[ Upstream commit af85d1772e31fed34165a1b3decef340cf4080c0 ] - -The audit_filter_rules() function in auditsc.c used the in_[e]group_p() -functions to check GID/EGID match, but these functions use the current -task's credentials, while the comparison should use the credentials of -the task given to audit_filter_rules() as a parameter (tsk). - -Note that we can use group_search(cred->group_info, ...) as a -replacement for both in_group_p and in_egroup_p as these functions only -compare the parameter to cred->fsgid/egid and then call group_search. - -In fact, the usage of in_group_p was even more incorrect: it compares to -cred->fsgid (which is usually equal to cred->egid) and not cred->gid. - -GitHub issue: -https://github.com/linux-audit/audit-kernel/issues/82 - -Fixes: 37eebe39c973 ("audit: improve GID/EGID comparation logic") -Signed-off-by: Ondrej Mosnacek -Signed-off-by: Paul Moore -Signed-off-by: Sasha Levin -Signed-off-by: Greg Kroah-Hartman ---- - kernel/auditsc.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - ---- a/kernel/auditsc.c -+++ b/kernel/auditsc.c -@@ -488,20 +488,20 @@ static int audit_filter_rules(struct tas - result = audit_gid_comparator(cred->gid, f->op, f->gid); - if (f->op == Audit_equal) { - if (!result) -- result = in_group_p(f->gid); -+ result = groups_search(cred->group_info, f->gid); - } else if (f->op == Audit_not_equal) { - if (result) -- result = !in_group_p(f->gid); -+ result = !groups_search(cred->group_info, f->gid); - } - break; - case AUDIT_EGID: - result = audit_gid_comparator(cred->egid, f->op, f->gid); - if (f->op == Audit_equal) { - if (!result) -- result = in_egroup_p(f->gid); -+ result = groups_search(cred->group_info, f->gid); - } else if (f->op == Audit_not_equal) { - if (result) -- result = !in_egroup_p(f->gid); -+ result = !groups_search(cred->group_info, f->gid); - } - break; - case AUDIT_SGID: diff --git a/queue-4.9/series b/queue-4.9/series index ddeb0b6d2c9..91bd5eea429 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -44,7 +44,6 @@ arm-mvebu-declare-asm-symbols-as-character-arrays-in-pmsu.c.patch hid-hid-ntrig-add-error-handling-for-sysfs_create_group.patch perf-x86-intel-lbr-fix-incomplete-lbr-call-stack.patch scsi-bnx2i-add-error-handling-for-ioremap_nocache.patch -audit-fix-extended-comparison-of-gid-egid.patch scsi-megaraid_sas-update-controller-info-during-resume.patch edac-i7core-fix-memleaks-and-use-after-free-on-probe-and-remove.patch asoc-dapm-fix-potential-dai-widget-pointer-deref-when-linking-dais.patch