diff --git a/debian/bin/abiupdate.py b/debian/bin/abiupdate.py index d35e50ba8..10e3473b7 100755 --- a/debian/bin/abiupdate.py +++ b/debian/bin/abiupdate.py @@ -19,6 +19,7 @@ default_url_base = "http://deb.debian.org/debian/" default_url_base_incoming = "http://incoming.debian.org/debian-buildd/" default_url_base_ports = "http://ftp.ports.debian.org/debian-ports/" default_url_base_ports_incoming = "http://incoming.ports.debian.org/" +default_url_base_security = "http://security.debian.org/" class url_debian_flat(object): @@ -44,6 +45,11 @@ class url_debian_ports_pool(url_debian_pool): return self.base + "pool-" + arch + "/main/" + source[0] + "/" + source + "/" + filename +class url_debian_security_pool(url_debian_pool): + def __call__(self, source, filename, arch): + return self.base + "pool/updates/main/" + source[0] + "/" + source + "/" + filename + + class Main(object): dir = None @@ -182,10 +188,12 @@ if __name__ == '__main__': options.add_option("-i", "--incoming", action="store_true", dest="incoming") options.add_option("--incoming-config", action="store_true", dest="incoming_config") options.add_option("--ports", action="store_true", dest="ports") + options.add_option("--security", action="store_true", dest="security") options.add_option("-u", "--url-base", dest="url_base", default=default_url_base) options.add_option("--url-base-incoming", dest="url_base_incoming", default=default_url_base_incoming) options.add_option("--url-base-ports", dest="url_base_ports", default=default_url_base_ports) options.add_option("--url-base-ports-incoming", dest="url_base_ports_incoming", default=default_url_base_ports_incoming) + options.add_option("--url-base-security", dest="url_base_security", default=default_url_base_security) opts, args = options.parse_args() @@ -201,11 +209,14 @@ if __name__ == '__main__': url_base_incoming = url_debian_pool(opts.url_base_incoming) url_base_ports = url_debian_ports_pool(opts.url_base_ports) url_base_ports_incoming = url_debian_flat(opts.url_base_ports_incoming) + url_base_security = url_debian_security_pool(opts.url_base_security) if opts.incoming_config: url = url_config = url_base_incoming else: url_config = url_base - if opts.ports: + if opts.security: + url = url_base_security + elif opts.ports: url = url_base_ports_incoming if opts.incoming else url_base_ports else: url = url_base_incoming if opts.incoming else url_base diff --git a/debian/changelog b/debian/changelog index aaa98ceaf..977534efd 100644 --- a/debian/changelog +++ b/debian/changelog @@ -30,6 +30,66 @@ linux (4.15~rc5-1~exp1) experimental; urgency=medium -- Ben Hutchings Wed, 27 Dec 2017 02:48:14 +0000 +linux (4.14.13-1) unstable; urgency=medium + + * New upstream stable update: + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.13 + - [x86] mm: Set MODULES_END to 0xffffffffff000000 + - [x86] mm: Map cpu_entry_area at the same place on 4/5 level + - [x86] kaslr: Fix the vaddr_end mess + - [x86] events/intel/ds: Use the proper cache flush method for mapping ds + buffers + - [x86] alternatives: Add missing '\n' at end of ALTERNATIVE inline asm + - [x86] pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN + - kernel/acct.c: fix the acct->needcheck check in check_free_space() + - mm/mprotect: add a cond_resched() inside change_pmd_range() + - mm/sparse.c: wrong allocation for mem_section + - userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails + - btrfs: fix refcount_t usage when deleting btrfs_delayed_nodes + - efi/capsule-loader: Reinstate virtual capsule mapping + - [sparc*] crypto: n2 - cure use after free + - crypto: chacha20poly1305 - validate the digest size + - crypto: pcrypt - fix freeing pcrypt instances + - crypto: chelsio - select CRYPTO_GF128MUL + - [x86] drm/i915: Disable DC states around GMBUS on GLK + - [x86] drm/i915: Apply Display WA #1183 on skl, kbl, and cfl + - fscache: Fix the default for fscache_maybe_release_page() + - [x86] CPU: Avoid unnecessary IPIs in arch_freq_get_on_cpu() + - [x86] CPU: Always show current CPU frequency in /proc/cpuinfo + - kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL + - kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from + !sig_kernel_only() signals + - kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in + complete_signal() + - [arm64] iommu/arm-smmu-v3: Don't free page table ops twice + - [arm64] iommu/arm-smmu-v3: Cope with duplicated Stream IDs + - [powerpc* ]mm: Fix SEGV on mapped region to return SEGV_ACCERR + - Input: elantech - add new icbody type 15 + - [x86] microcode/AMD: Add support for fam17h microcode loading + - apparmor: fix regression in mount mediation when feature set is pinned + - [hppa/parisc] Fix alignment of pa_tlb_lock in assembly on 32-bit SMP + kernel + - [hppa/parisc] qemu idle sleep support + - mtd: nand: pxa3xx: Fix READOOB implementation + - [s390x] KVM: fix cmma migration for multiple memory slots + - [s390x] KVM: prevent buffer overrun on memory hotplug during migration + + [ Salvatore Bonaccorso ] + * libsas: Disable asynchronous aborts for SATA devices + * drm/nouveau/disp/gf119: add missing drive vfunc ptr (Closes: #880660) + + [ Riku Voipio ] + * [arm64] disable CONFIG_HW_RANDOM_OMAP until the IRQ storm bug is fixed + + [ Ben Hutchings ] + * abiupdate.py: Add support for security mirrors + * Fix dependencies related to objtool (Closes: #886474): + - linux-headers: Add versioned dependency on linux-kbuild + - Revert "objtool: Fix CONFIG_STACK_VALIDATION=y warning for out-of-tree + modules" + + -- Ben Hutchings Sun, 14 Jan 2018 19:45:05 +0000 + linux (4.14.12-2) unstable; urgency=medium [ Ben Hutchings ] diff --git a/debian/config/arm64/config b/debian/config/arm64/config index 5e2ca159a..101282b26 100644 --- a/debian/config/arm64/config +++ b/debian/config/arm64/config @@ -103,7 +103,7 @@ CONFIG_TEGRA_ACONNECT=y ## file: drivers/char/hw_random/Kconfig ## CONFIG_HW_RANDOM_BCM2835=m -CONFIG_HW_RANDOM_OMAP=m +# CONFIG_HW_RANDOM_OMAP is not set CONFIG_HW_RANDOM_HISI=m CONFIG_HW_RANDOM_MSM=m CONFIG_HW_RANDOM_XGENE=m diff --git a/debian/patches/bugfix/all/libsas-Disable-asynchronous-aborts-for-SATA-devices.patch b/debian/patches/bugfix/all/libsas-Disable-asynchronous-aborts-for-SATA-devices.patch new file mode 100644 index 000000000..797c13a4a --- /dev/null +++ b/debian/patches/bugfix/all/libsas-Disable-asynchronous-aborts-for-SATA-devices.patch @@ -0,0 +1,57 @@ +From: Hannes Reinecke +Date: Wed, 10 Jan 2018 08:34:02 +0100 +Subject: Disable asynchronous aborts for SATA devices +Origin: https://marc.info/?l=linux-scsi&m=151557324907914 + +Handling CD-ROM devices from libsas is decidedly odd, as libata +relies on SCSI EH to be started to figure out that no medium is +present. +So we cannot do asynchronous aborts for SATA devices. + +Fixes: 909657615d9 ("scsi: libsas: allow async aborts") +Cc: # 4.12+ +Signed-off-by: Hannes Reinecke +Reviewed-by: Christoph Hellwig +Tested-by: Yves-Alexis Perez +--- + drivers/scsi/libsas/sas_scsi_host.c | 17 +++++++++++++++-- + 1 file changed, 15 insertions(+), 2 deletions(-) + +diff --git a/drivers/scsi/libsas/sas_scsi_host.c b/drivers/scsi/libsas/sas_scsi_host.c +index 58476b728c57..c9406852c3e9 100644 +--- a/drivers/scsi/libsas/sas_scsi_host.c ++++ b/drivers/scsi/libsas/sas_scsi_host.c +@@ -486,15 +486,28 @@ static int sas_queue_reset(struct domain_device *dev, int reset_type, + + int sas_eh_abort_handler(struct scsi_cmnd *cmd) + { +- int res; ++ int res = TMF_RESP_FUNC_FAILED; + struct sas_task *task = TO_SAS_TASK(cmd); + struct Scsi_Host *host = cmd->device->host; ++ struct domain_device *dev = cmd_to_domain_dev(cmd); + struct sas_internal *i = to_sas_internal(host->transportt); ++ unsigned long flags; + + if (!i->dft->lldd_abort_task) + return FAILED; + +- res = i->dft->lldd_abort_task(task); ++ spin_lock_irqsave(host->host_lock, flags); ++ /* We cannot do async aborts for SATA devices */ ++ if (dev_is_sata(dev) && !host->host_eh_scheduled) { ++ spin_unlock_irqrestore(host->host_lock, flags); ++ return FAILED; ++ } ++ spin_unlock_irqrestore(host->host_lock, flags); ++ ++ if (task) ++ res = i->dft->lldd_abort_task(task); ++ else ++ SAS_DPRINTK("no task to abort\n"); + if (res == TMF_RESP_FUNC_SUCC || res == TMF_RESP_FUNC_COMPLETE) + return SUCCESS; + +-- +2.11.0 + diff --git a/debian/patches/debian/revert-objtool-fix-config_stack_validation-y-warning.patch b/debian/patches/debian/revert-objtool-fix-config_stack_validation-y-warning.patch new file mode 100644 index 000000000..3997617df --- /dev/null +++ b/debian/patches/debian/revert-objtool-fix-config_stack_validation-y-warning.patch @@ -0,0 +1,60 @@ +From: Ben Hutchings +Date: Sun, 14 Jan 2018 19:27:18 +0000 +Subject: Revert "objtool: Fix CONFIG_STACK_VALIDATION=y warning for + out-of-tree modules" + +This reverts commit 9f0c18aec620bc9d82268b3cb937568dd07b43ff. This +check doesn't make sense for OOT modules as they should always use +a pre-built objtool. +--- + Makefile | 33 ++++++++++++++++----------------- + 1 file changed, 16 insertions(+), 17 deletions(-) + +--- a/Makefile ++++ b/Makefile +@@ -923,22 +923,6 @@ mod_sign_cmd = true + endif + export mod_sign_cmd + +-ifdef CONFIG_STACK_VALIDATION +- has_libelf := $(call try-run,\ +- echo "int main() {}" | $(HOSTCC) -xc -o /dev/null -lelf -,1,0) +- ifeq ($(has_libelf),1) +- objtool_target := tools/objtool FORCE +- else +- ifdef CONFIG_UNWINDER_ORC +- $(error "Cannot generate ORC metadata for CONFIG_UNWINDER_ORC=y, please install libelf-dev, libelf-devel or elfutils-libelf-devel") +- else +- $(warning "Cannot use CONFIG_STACK_VALIDATION=y, please install libelf-dev, libelf-devel or elfutils-libelf-devel") +- endif +- SKIP_STACK_VALIDATION := 1 +- export SKIP_STACK_VALIDATION +- endif +-endif +- + + ifeq ($(KBUILD_EXTMOD),) + core-y += kernel/ certs/ mm/ fs/ ipc/ security/ crypto/ block/ +@@ -1075,6 +1059,22 @@ uapi-asm-generic: + $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.asm-generic \ + src=uapi/asm obj=arch/$(SRCARCH)/include/generated/uapi/asm + ++ifdef CONFIG_STACK_VALIDATION ++ has_libelf := $(call try-run,\ ++ echo "int main() {}" | $(HOSTCC) -xc -o /dev/null -lelf -,1,0) ++ ifeq ($(has_libelf),1) ++ objtool_target := tools/objtool FORCE ++ else ++ ifdef CONFIG_UNWINDER_ORC ++ $(error "Cannot generate ORC metadata for CONFIG_UNWINDER_ORC=y, please install libelf-dev, libelf-devel or elfutils-libelf-devel") ++ else ++ $(warning "Cannot use CONFIG_STACK_VALIDATION=y, please install libelf-dev, libelf-devel or elfutils-libelf-devel") ++ endif ++ SKIP_STACK_VALIDATION := 1 ++ export SKIP_STACK_VALIDATION ++ endif ++endif ++ + PHONY += prepare-objtool + prepare-objtool: $(objtool_target) + diff --git a/debian/patches/debian/revert-scsi-libsas-allow-async-aborts.patch b/debian/patches/debian/revert-scsi-libsas-allow-async-aborts.patch deleted file mode 100644 index 1e1468e50..000000000 --- a/debian/patches/debian/revert-scsi-libsas-allow-async-aborts.patch +++ /dev/null @@ -1,26 +0,0 @@ -From: Salvatore Bonaccorso -Date: Fri, 5 Jan 2018 13:36:38 +0100 -Subject: Revert "scsi: libsas: allow async aborts" -Bug-Debian: https://bugs.debian.org/882414 - ---- - drivers/scsi/libsas/sas_scsi_host.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/drivers/scsi/libsas/sas_scsi_host.c b/drivers/scsi/libsas/sas_scsi_host.c -index ea8ad06ff582..e81c8590d254 100644 ---- a/drivers/scsi/libsas/sas_scsi_host.c -+++ b/drivers/scsi/libsas/sas_scsi_host.c -@@ -491,6 +491,9 @@ int sas_eh_abort_handler(struct scsi_cmnd *cmd) - struct Scsi_Host *host = cmd->device->host; - struct sas_internal *i = to_sas_internal(host->transportt); - -+ if (current != host->ehandler) -+ return FAILED; -+ - if (!i->dft->lldd_abort_task) - return FAILED; - --- -2.11.0 - diff --git a/debian/patches/series b/debian/patches/series index 40fd671f8..e765e9832 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -77,7 +77,8 @@ bugfix/all/disable-some-marvell-phys.patch bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch bugfix/all/partially-revert-usb-kconfig-using-select-for-usb_co.patch bugfix/all/kbuild-include-addtree-remove-quotes-before-matching-path.patch -debian/revert-scsi-libsas-allow-async-aborts.patch +bugfix/all/libsas-Disable-asynchronous-aborts-for-SATA-devices.patch +debian/revert-objtool-fix-config_stack_validation-y-warning.patch # Miscellaneous features