From: Linus Torvalds Date: Wed, 24 Jun 2026 19:33:40 +0000 (-0700) Subject: Merge tag 'apparmor-pr-2026-06-22' of git://git.kernel.org/pub/scm/linux/kernel/git... X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6535a84bfdc4ab56fc901cbd9bd0d1a22315aa93;p=thirdparty%2Flinux.git Merge tag 'apparmor-pr-2026-06-22' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor Pull apparmor updates from John Johansen: "Another round of bug fixing and some code cleanups, there are no new features. The biggest thing to note is Georgia is being added to help co-maintain apparmor. Cleanups: - replace get_zeroed_page() with kzalloc() - remove unnecessary goto and associated label - change fn_label_build() to return err on failure instead of NULL or err - free rawdata as soon as possible - use explicit instead of implicit flex array in rawdata_f_data - use __label_make_stale in __aa_proxy_redirect - return correct error by propagate -ENOMEM correctly in unpack_table - aa_label_alloc use aa_label_free on alloc failure - add a conditional version of get_newest_label Bug Fixes: - mediate the implicit connect of TCP fast open sendmsg - fix C23ism of label immediately before a declaration - fix kernel-doc warnings - fix spelling mistakes - fix use-after-free in rawdata dedup loop - Fix inverted comparison in cache_hold_inc() - fix uninitialized pointer passed to audit_log_untrustedstring() - don't audit files pointing to aa_null.dentry - put secmark label after secid lookup - fix aa_getprocattr free procattr leak on format failure - release exe file resources on path failure - fail policy unpack on accept2 allocation failure - Fix return in ns_mkdir_op - remove or add symlinks to rawdata according to export_binary - fix NULL pointer dereference in unpack_pdb - fix potential UAF in aa_replace_profiles - grab ns lock and refresh when looking up changehat child profiles - enable differential encoding - check label build before no_new_privs test - conditionally compile get_loaddata_common_ref() - fix unix socket mediation cache update, and leak" * tag 'apparmor-pr-2026-06-22' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor: (35 commits) apparmor: advertise the tcp fast open fix is applied apparmor: mediate the implicit connect of TCP fast open sendmsg apparmor: fix label can not be immediately before a declaration apparmor: fix kernel-doc warnings apparmor: replace get_zeroed_page() with kzalloc() security: apparmor: fix two spelling mistakes apparmor: fix use-after-free in rawdata dedup loop apparmor: Fix inverted comparison in cache_hold_inc() apparmor: fix uninitialised pointer passed to audit_log_untrustedstring() apparmor: don't audit files pointing to aa_null.dentry apparmor: put secmark label after secid lookup apparmor: aa_getprocattr free procattr leak on format failure apparmor: remove unnecessary goto and associated label apparmor: release exe file resources on path failure apparmor: fail policy unpack on accept2 allocation failure apparmor: Fix return in ns_mkdir_op apparmor: remove or add symlinks to rawdata according to export_binary apparmor: fix NULL pointer dereference in unpack_pdb apparmor: make fn_label_build() capable of handling not supported apparmor: change fn_label_build() call to not return NULL ... --- 6535a84bfdc4ab56fc901cbd9bd0d1a22315aa93