From: Mimi Zohar <zohar@linux.ibm.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linux-integrity <linux-integrity@vger.kernel.org>,
linux-kernel <linux-kernel@vger.kernel.org>
Subject: [GIT PULL] integrity: susbsytem updates for v6.2
Date: Tue, 13 Dec 2022 15:20:04 -0500 [thread overview]
Message-ID: <7b388195aa5e10f1da934ed251809a6f21bf427e.camel@linux.ibm.com> (raw)
Hi Linus,
Aside from the one cleanup, the other changes are bug fixes:
Cleanup:
- Include missing iMac Pro 2017 in list of Macs with T2 security chip
Bugs:
- Improper instantiation of "encrypted" keys with user provided data
- Not handling delay in updating LSM label based IMA policy rules (-
ESTALE)
- IMA and integrity memory leaks on error paths
- CONFIG_IMA_DEFAULT_HASH_SM3 hash algorithm renamed
thanks,
Mimi
The following changes since commit 9abf2313adc1ca1b6180c508c25f22f9395cc780:
Linux 6.1-rc1 (2022-10-16 15:36:24 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git tags/integrity-v6.2
for you to fetch changes up to b6018af440a07bd0d74b58c4e18045f4a8dbfe6b:
ima: Fix hash dependency to correct algorithm (2022-11-28 16:44:34 -0500)
----------------------------------------------------------------
integrity-v6.2
----------------------------------------------------------------
Aditya Garg (1):
efi: Add iMac Pro 2017 to uefi skip cert quirk
GUO Zihua (3):
ima: Simplify ima_lsm_copy_rule
ima: Handle -ESTALE returned by ima_filter_rule_match()
integrity: Fix memory leakage in keyring allocation error path
Huaxin Lu (1):
ima: Fix a potential NULL pointer access in ima_restore_measurement_list
Nikolaus Voss (1):
KEYS: encrypted: fix key instantiation with user-provided data
Roberto Sassu (1):
ima: Fix memory leak in __ima_inode_hash()
Tianjia Zhang (1):
ima: Fix hash dependency to correct algorithm
Xiu Jianfeng (1):
ima: Fix misuse of dereference of pointer in template_desc_init_fields()
Documentation/security/keys/trusted-encrypted.rst | 3 +-
security/integrity/digsig.c | 6 ++-
security/integrity/ima/Kconfig | 2 +-
security/integrity/ima/ima_main.c | 7 +++-
security/integrity/ima/ima_policy.c | 51 ++++++++++++++++-------
security/integrity/ima/ima_template.c | 9 ++--
security/integrity/platform_certs/load_uefi.c | 1 +
security/keys/encrypted-keys/encrypted.c | 6 +--
8 files changed, 59 insertions(+), 26 deletions(-)
next reply other threads:[~2022-12-13 20:24 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-13 20:20 Mimi Zohar [this message]
2022-12-13 22:35 ` [GIT PULL] integrity: susbsytem updates for v6.2 pr-tracker-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7b388195aa5e10f1da934ed251809a6f21bf427e.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.