#pragma section-numbers on #pragma keywords Linux, kernel, operating system, changes, changelog, file system, Linus Torvalds, open source, device drivers #pragma description Summary of the changes and new features merged in the Linux kernel during the 4.1 development cycle Linux 4.1 [https://lkml.org/lkml/2015/6/22/8 has been released] on Sun, 21 Jun 2015 /!\ /!\ Warning /!\ /!\ This page will be completed (it will, really) . Meanwhile, you can read about Linux 4.1 in: * LWN merge window [http://lwn.net/Articles/640297/ part 1], [http://lwn.net/Articles/641016/ part 2], [http://lwn.net/Articles/642039/ part 3] = Security = * Audit: * Fix a race that could truncate audit log reports after the comm field ([https://git.kernel.org/linus/5deeb5cece3f9b30c8129786726b9d02c412c8ca commit]). * SELinux: * The policy storage has been switched from the custom avtab hash table struct to a generic flex_array ([https://git.kernel.org/linus/ba39db6e0519aa8362dbda6523ceb69349a18dc3 commit]). The hash function used is now based on murmurhash3 which has a better distribution ([https://git.kernel.org/linus/33ebc1932a07efd8728975750409741940334489 commit]). The number of buckets in the hash table has been increased ([https://git.kernel.org/linus/cf7b6c0205f11cdb015384244c0b423b00e35c69 commit]). Those three commits should improve the performance of SELinux rules lookup in the in-kernel stored policy. * Some Netlink commands were not mentioned in the struct used by SELinux as this table was probably forgotten when they were introduced in the kernel (commits: [https://git.kernel.org/linus/5bdfbc1f19d047a182d2bab102c22bbf2a1ea244 1], [https://git.kernel.org/linus/387f989a60db00207c39b9fe9ef32c897356aaba 2], [https://git.kernel.org/linus/2b7834d3e1b828429faa5dc41a480919e52d3f31 3], [https://git.kernel.org/linus/5e6deebafb45fb271ae6939d48832e920b8fb74e 4], [https://git.kernel.org/linus/5b5800fad072133e4a9c2efbf735baaac83dec86 5], [https://git.kernel.org/linus/b0b59b0056acd6f157a04cc895f7e24692fb08aa 6], [https://git.kernel.org/linus/8d465bb777179c4bea731b828ec484088cc9fbc1 7], [https://git.kernel.org/linus/bd2cba07381a6dba60bc1c87ed8b37931d244da1 8]). A change has been included to make sure this won't happen without a compile time failure ([https://git.kernel.org/linus/cf890138087a6da2f56a642acb80476370b04332 commit]). * SMACK: * Assign smack_known_web as default smk_in label for kernel thread's socket ([https://git.kernel.org/linus/7412301b76bd53ee53b860f611fc3b5b1c2245b5 commit]). * Getting the Smack security context of keys: implements the LSM side part of the system call keyctl with the action code KEYCTL_GET_SECURITY ([https://git.kernel.org/linus/7fc5f36e980a8f4830efdae3858f6e64eee538b7 commit]). * Allow an unconfined label in bringup mode : ([https://git.kernel.org/linus/bf4b2fee99799780ea3dbb6d79d1909b3e32be13 commit]). * Non-exhaustive list of fixed CVEs: * CVE-2015-4178 ([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4178 Mitre], [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=820f9f147dcce2602eefd9b575bbbd9ea14f0953 commit]); * CVE-2015-4177 ([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4177 Mitre], [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cd4a40174b71acd021877341684d8bb1dc8ea4ae commit]); * CVE-2015-4176 ([https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4176 Mitre], [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e0c9c0afd2fc958ffa34b697972721d81df8a56f commit]); * CVE-2015-4001 ([https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4001 NVD], [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4001 Mitre]), CVE-2015-4002 ([https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4002 NVD], [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4002 Mitre]), CVE-2015-4003 ([https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4003 NVD], [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4003 Mitre]), CVE-2015-4004 ([https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4004 NVD], [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4004 Mitre]) : [https://lkml.org/lkml/2015/5/13/739 Announce on LKML by Jason A. Donenfeld], [http://seclists.org/oss-sec/2015/q2/446 Announce on oss-sec], [https://www.kernel.org/doc/readme/drivers-staging-ozwpan-README OZWPAN driver documentation], commits : [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d114b9fe78c8d6fc6e70808c2092aa307c36dc8e 1], [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b1bb5b49373b61bf9d2c73a4d30058ba6f069e4c 2], [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04bf464a5dfd9ade0dda918e44366c2c61fce80b 3], [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a59029bc218b48eff8b5d4dde5662fd79d3e1a8 4]; * CVE-2015-3339 ([https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3339 NVD], [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3339 Mitre], [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b01fc86b9f425899f8a3a8fc1c47d73c2c20543 commit]); * ? ([https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=51dfcb076d1e1ce7006aa272cb7c4514740c7e47 commit]); * Information leak ([http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=33cf7c90fe2f97afb1cadaa0cfb782cb9d1b9ee2 commit]). * New hardware supported: * Altus Metrum ChaosKey ([https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=66e3e591891da9899a8990792da080432531ffd4 commit]).