debian-packaging
/
linux
8
0
Fork 0
Code Releases Activity

Update to 4.8.7

This commit is contained in:
Salvatore Bonaccorso 2016-11-11 13:31:51 +01:00
parent d99e060fe3
commit e8880932f8
5 changed files with 114 additions and 147 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

118
debian/changelog vendored
View File

@ -1,4 +1,4 @@
linux (4.8.6-1) UNRELEASED; urgency=medium
linux (4.8.7-1) UNRELEASED; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.6
@ -104,6 +104,119 @@ linux (4.8.6-1) UNRELEASED; urgency=medium
- PCI: generic: Fix pci_remap_iospace() failure path
- [armhf] PCI: tegra: Fix pci_remap_iospace() failure path
- libnvdimm: clear the internal poison_list when clearing badblocks
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7
- [armhf] i2c: rk3x: Give the tuning value 0 during
rk3x_i2c_v0_calc_timings
- i2c: core: fix NULL pointer dereference under race condition
- drm/dp/mst: Clear port->pdt when tearing down the i2c adapter
- gpio / ACPI: fix returned error from acpi_dev_gpio_irq_get()
- gpio: GPIO_GET_CHIPINFO_IOCTL: Fix line offset validation
- gpio: GPIO_GET_CHIPINFO_IOCTL: Fix information leak
- gpio: GPIO_GET_LINEHANDLE_IOCTL: Validate line offset
- gpio: GPIOHANDLE_GET_LINE_VALUES_IOCTL: Fix information leak
- gpio: GPIO_GET_LINEEVENT_IOCTL: Validate line offset
- gpio: GPIO_GET_LINEHANDLE_IOCTL: Reject invalid line flags
- gpio: GPIO_GET_LINEEVENT_IOCTL: Reject invalid line and event flags
- gpio: GPIOHANDLE_GET_LINE_VALUES_IOCTL: Fix another information leak
- gpio: GPIO_GET_LINE{HANDLE,EVENT}_IOCTL: Fix file descriptor leak
- libxfs: clean up _calc_dquots_per_chunk
- mm/list_lru.c: avoid error-path NULL pointer deref
- mm/slab: fix kmemcg cache creation delayed issue
- mm: memcontrol: do not recurse in direct reclaim
- [x86] thermal/powerclamp: correct cpu support check
- KEYS: Fix short sprintf buffer in /proc/keys show function
- ALSA: usb-audio: Add quirk for Syntek STK1160
- ALSA: seq: Fix time account regression
- ALSA: hda - allow 40 bit DMA mask for NVidia devices
- ALSA: hda - Adding a new group of pin cfg into ALC295 pin quirk table
- ALSA: hda - Fix surround output pins for ASRock B150M mobo
- ALSA: hda - Fix headset mic detection problem for two Dell laptops
- [powerpc*] cxl: Fix leaking pid refs in some error paths
- btrfs: fix races on root_log_ctx lists
- [powerpc] Convert cmp to cmpd in idle enter sequence
- [powerpc] mm/radix: Use tlbiel only if we ever ran on the current cpu
- [powerpc] Re-fix race condition between going idle and entering guest
- [powerpc] Fix race condition in setting lock bit in idle/wakeup code
- [amd64] x86/microcode/AMD: Fix more fallout from
CONFIG_RANDOMIZE_MEMORY=y
- timers: Prevent base clock rewind when forwarding clock
- timers: Prevent base clock corruption when forwarding
- timers: Plug locking race vs. timer migration
- timers: Lock base for same bucket optimization
- mei: txe: don't clean an unprocessed interrupt cause.
- USB: serial: fix potential NULL-dereference at probe
- USB: serial: cp210x: fix tiocmget error handling
- USB: serial: ftdi_sio: add support for Infineon TriBoard TC2X7
- xhci: use default USB_RESUME_TIMEOUT when resuming ports.
- [powerpc] GenWQE: Fix bad page access during abort of resource
allocation
- [x86] smpboot: Init apic mapping before usage
- vt: clear selection before resizing
- [x86] hv: do not lose pending heartbeat vmbus packets
- xhci: add restart quirk for Intel Wildcatpoint PCH
- xhci: workaround for hosts missing CAS bit
- tty: limit terminal size to 4M chars
- [arm64] dts: marvell: fix clocksource for CP110 master SPI0
- dm: free io_barrier after blk_cleanup_queue call
- [x86] KVM: fix wbinvd_dirty_mask use-after-free
- [s390] KVM: Fix STHYI buffer alignment for diag224
- [armhf] mvebu: Select corediv clk for all mvebu v7 SoC
- nfsd: Fix general protection fault in release_lock_stateid()
- [mips*] KASLR: Fix handling of NULL FDT
- ovl: fix get_acl() on tmpfs
- ovl: update S_ISGID when setting posix ACLs
- ovl: fsync after copy-up
- virtio_ring: Make interrupt suppression spec compliant
- virtio_pci: Limit DMA mask to 44 bits for legacy virtio devices
- virtio: console: Unlock vqs while freeing buffers
- dm mirror: fix read error on recovery after default leg failure
- dm table: fix missing dm_put_target_type() in dm_table_add_target()
- dm rq: clear kworker_task if kthread_run() returned an error
- dm raid: fix compat_features validation
- dm raid: fix activation of existing raid4/10 devices
- firewire: net: guard against rx buffer overflows (CVE-2016-8633)
- firewire: net: fix fragmented datagram_size off-by-one
- mac80211: discard multicast and 4-addr A-MSDUs
- ath10k: cache calibration data when the core is stopped
- scsi: scsi_debug: Fix memory leak if LBP enabled and module is unloaded
- scsi: arcmsr: Send SYNCHRONIZE_CACHE command to firmware
- [arm64, armhf] mmc: dw_mmc-pltfm: fix the potential NULL pointer
dereference
- RAID1: ignore discard error
- RAID10: ignore discard error
- md: be careful not lot leak internal curr_resync value into metadata. -- (all)
- Revert "drm/radeon: fix DP link training issue with second 4K monitor"
- [armhf] drm/imx: ipuv3-plane: Switch EBA buffer only when we don't need
modeset
- [armhf] drm/imx: ipuv3-plane: Access old u/vbo properly in
->atomic_check for YU12/YV12
- drm/radeon/si_dpm: Limit clocks on HD86xx part
- drm/radeon/si_dpm: workaround for SI kickers
- drm/radeon: drop register readback in cayman_cp_int_cntl_setup
- drm/nouveau/acpi: fix check for power resources support
- drm/fb-helper: Don't call dirty callback for untouched clips
- drm/fb-helper: Fix connector ref leak on error
- drm/fb-helper: Keep references for the current set of used connectors
- drm/i915/gen9: fix DDB partitioning for multi-screen cases
- drm/i915/gen9: fix watermarks when using the pipe scaler
- drm/dp/mst: Check peer device type before attempting EDID read
- drm: Release reference from blob lookup after replacing property
- drm/i915: Respect alternate_aux_channel for all DDI ports
- drm/i915: Clean up DDI DDC/AUX CH sanitation
- drm/i915/fbc: fix CFB size calculation for gen8+
- drm: i915: Wait for fences on new fb, not old
- i2c: mark device nodes only in case of successful instantiation
- netfilter: xt_NFLOG: fix unexpected truncated packet
- [arm64, armhf] pwm: Unexport children before chip removal
- [arm64, armhf] usb: dwc3: Fix size used in dma_free_coherent()
- [arm64, armhf] usb: chipidea: host: fix NULL ptr dereference during
shutdown
- [armhf] usb: musb: Fix hardirq-safe hardirq-unsafe lock order error
- tty: vt, fix bogus division in csi_J
- [x86] kvm: Check memopp before dereference (CVE-2016-8630)
- btrfs: qgroup: Prevent qgroup->reserved from going subzero
- [x86] cpufreq: intel_pstate: Set P-state upfront in performance mode
- HID: usbhid: add ATEN CS962 to list of quirky devices
[ Ben Hutchings ]
* debian/control: Fix build-dependency on openssl to work with new
@ -122,9 +235,6 @@ linux (4.8.6-1) UNRELEASED; urgency=medium
* cpupower: Fix checks for CPU existence (Closes: #843071)
* perf: Disable use of libcrypto (Closes: #843199)
[ Salvatore Bonaccorso ]
* [x86] kvm: Check memopp before dereference (CVE-2016-8630)
-- Ben Hutchings <ben@decadent.org.uk> Wed, 02 Nov 2016 12:01:42 -0600
linux (4.8.5-1) unstable; urgency=medium

70
debian/patches/bugfix/all/KEYS-Fix-short-sprintf-buffer-in-proc-keys-show-func.patch vendored
View File

@ -1,70 +0,0 @@
From: David Howells <dhowells@redhat.com>
Date: Thu, 13 Oct 2016 22:38:46 +0200
Subject: KEYS: Fix short sprintf buffer in /proc/keys show function
Origin: https://bugzilla.redhat.com/attachment.cgi?id=1200212
Fix a short sprintf buffer in proc_keys_show(). If the gcc stack protector
is turned on, this can cause a panic due to stack corruption.
The problem is that xbuf[] is not big enough to hold a 64-bit timeout
rendered as weeks:
(gdb) p 0xffffffffffffffffULL/(60*60*24*7)
$2 = 30500568904943
That's 14 chars plus NUL, not 11 chars plus NUL.
Expand the buffer to 16 chars.
I think the unpatched code apparently works if the stack-protector is not
enabled because on a 32-bit machine the buffer won't be overflowed and on a
64-bit machine there's a 64-bit aligned pointer at one side and an int that
isn't checked again on the other side.
The panic incurred looks something like:
Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffff81352ebe
CPU: 0 PID: 1692 Comm: reproducer Not tainted 4.7.2-201.fc24.x86_64 #1
Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
0000000000000086 00000000fbbd2679 ffff8800a044bc00 ffffffff813d941f
ffffffff81a28d58 ffff8800a044bc98 ffff8800a044bc88 ffffffff811b2cb6
ffff880000000010 ffff8800a044bc98 ffff8800a044bc30 00000000fbbd2679
Call Trace:
[<ffffffff813d941f>] dump_stack+0x63/0x84
[<ffffffff811b2cb6>] panic+0xde/0x22a
[<ffffffff81352ebe>] ? proc_keys_show+0x3ce/0x3d0
[<ffffffff8109f7f9>] __stack_chk_fail+0x19/0x30
[<ffffffff81352ebe>] proc_keys_show+0x3ce/0x3d0
[<ffffffff81350410>] ? key_validate+0x50/0x50
[<ffffffff8134db30>] ? key_default_cmp+0x20/0x20
[<ffffffff8126b31c>] seq_read+0x2cc/0x390
[<ffffffff812b6b12>] proc_reg_read+0x42/0x70
[<ffffffff81244fc7>] __vfs_read+0x37/0x150
[<ffffffff81357020>] ? security_file_permission+0xa0/0xc0
[<ffffffff81246156>] vfs_read+0x96/0x130
[<ffffffff81247635>] SyS_read+0x55/0xc0
[<ffffffff817eb872>] entry_SYSCALL_64_fastpath+0x1a/0xa4
Reported-by: Ondrej Kozina <okozina@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Ondrej Kozina <okozina@redhat.com>
---
security/keys/proc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/keys/proc.c b/security/keys/proc.c
index f0611a6..b9f531c 100644
--- a/security/keys/proc.c
+++ b/security/keys/proc.c
@@ -181,7 +181,7 @@ static int proc_keys_show(struct seq_file *m, void *v)
struct timespec now;
unsigned long timo;
key_ref_t key_ref, skey_ref;
- char xbuf[12];
+ char xbuf[16];
int rc;
struct keyring_search_context ctx = {
--
2.9.3

36
debian/patches/bugfix/all/netfilter-xt_nflog-fix-unexpected-truncated-packet.patch vendored
View File

@ -1,36 +0,0 @@
From: Liping Zhang <liping.zhang@spreadtrum.com>
Date: Tue, 11 Oct 2016 21:03:45 +0800
Subject: netfilter: xt_NFLOG: fix unexpected truncated packet
Origin: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit?id=6d19375b58763fefc2f215fb45117d3353ced888
Bug-Debian: https://bugs.debian.org/841261
Justin and Chris spotted that iptables NFLOG target was broken when they
upgraded the kernel to 4.8: "ulogd-2.0.5- IPs are no longer logged" or
"results in segfaults in ulogd-2.0.5".
Because "struct nf_loginfo li;" is a local variable, and flags will be
filled with garbage value, not inited to zero. So if it contains 0x1,
packets will not be logged to the userspace anymore.
Fixes: 7643507fe8b5 ("netfilter: xt_NFLOG: nflog-range does not truncate packets")
Reported-by: Justin Piszcz <jpiszcz@lucidpixels.com>
Reported-by: Chris Caputo <ccaputo@alt.net>
Tested-by: Chris Caputo <ccaputo@alt.net>
Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/xt_NFLOG.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c
index 018eed7e1ff1..8668a5c18dc3 100644
--- a/net/netfilter/xt_NFLOG.c
+++ b/net/netfilter/xt_NFLOG.c
@@ -32,6 +32,7 @@ nflog_tg(struct sk_buff *skb, const struct xt_action_param *par)
li.u.ulog.copy_len = info->len;
li.u.ulog.group = info->group;
li.u.ulog.qthreshold = info->threshold;
+ li.u.ulog.flags = 0;
if (info->flags & XT_NFLOG_F_COPY_LEN)
li.u.ulog.flags |= NF_LOG_F_COPY_LEN;

34
debian/patches/bugfix/x86/kvm-x86-Check-memopp-before-dereference-CVE-2016-863.patch vendored
View File

@ -1,34 +0,0 @@
From: Owen Hofmann <osh@google.com>
Date: Thu, 27 Oct 2016 11:25:52 -0700
Subject: kvm: x86: Check memopp before dereference (CVE-2016-8630)
Origin: https://git.kernel.org/linus/d9092f52d7e61dd1557f2db2400ddb430e85937e
Commit 41061cdb98 ("KVM: emulate: do not initialize memopp") removes a
check for non-NULL under incorrect assumptions. An undefined instruction
with a ModR/M byte with Mod=0 and R/M-5 (e.g. 0xc7 0x15) will attempt
to dereference a null pointer here.
Fixes: 41061cdb98a0bec464278b4db8e894a3121671f5
Message-Id: <1477592752-126650-2-git-send-email-osh@google.com>
Signed-off-by: Owen Hofmann <osh@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
arch/x86/kvm/emulate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index 4e95d3e..cbd7b92 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -5045,7 +5045,7 @@ int x86_decode_insn(struct x86_emulate_ctxt *ctxt, void *insn, int insn_len)
/* Decode and fetch the destination operand: register or memory. */
rc = decode_operand(ctxt, &ctxt->dst, (ctxt->d >> DstShift) & OpMask);
- if (ctxt->rip_relative)
+ if (ctxt->rip_relative && likely(ctxt->memopp))
ctxt->memopp->addr.mem.ea = address_mask(ctxt,
ctxt->memopp->addr.mem.ea + ctxt->_eip);
--
2.10.2

3
debian/patches/series vendored
View File

@ -63,7 +63,6 @@ bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch
bugfix/all/kbuild-do-not-use-hyphen-in-exported-variable-name.patch
bugfix/all/ext4-fix-bug-838544.patch
bugfix/all/mm-memcontrol-use-special-workqueue-for-creating-per-memcg-caches.patch
bugfix/all/netfilter-xt_nflog-fix-unexpected-truncated-packet.patch
# Miscellaneous features
@ -95,8 +94,6 @@ features/all/securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.pa
bugfix/all/ptrace-being-capable-wrt-a-process-requires-mapped-uids-gids.patch
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
bugfix/all/net-add-recursion-limit-to-gro.patch
bugfix/all/KEYS-Fix-short-sprintf-buffer-in-proc-keys-show-func.patch
bugfix/x86/kvm-x86-Check-memopp-before-dereference-CVE-2016-863.patch
# ABI maintenance