Merge changes from sid up to 3.14.9-1
svn path=/dists/trunk/linux/; revision=21485
This commit is contained in:
commit
efebbfa5d6
|
@ -32,7 +32,6 @@ class Gencontrol(Base):
|
|||
'image': {
|
||||
'bootloaders': config.SchemaItemList(),
|
||||
'configs': config.SchemaItemList(),
|
||||
'initramfs': config.SchemaItemBoolean(),
|
||||
'initramfs-generators': config.SchemaItemList(),
|
||||
},
|
||||
'relations': {
|
||||
|
@ -245,7 +244,6 @@ class Gencontrol(Base):
|
|||
override_localversion = config_image.get('override-localversion', None)
|
||||
if override_localversion is not None:
|
||||
vars['localversion-image'] = vars['localversion_headers'] + '-' + override_localversion
|
||||
vars['initramfs'] = 'YES' if config_image.get('initramfs', True) else ''
|
||||
vars['image-stem'] = config_image.get('install-stem')
|
||||
|
||||
self._setup_makeflags(self.flavour_makeflags_base, makeflags, config_base)
|
||||
|
@ -278,19 +276,18 @@ class Gencontrol(Base):
|
|||
for field in 'Depends', 'Provides', 'Suggests', 'Recommends', 'Conflicts', 'Breaks':
|
||||
image_fields[field] = PackageRelation(config_entry_image.get(field.lower(), None), override_arches=(arch,))
|
||||
|
||||
if config_entry_image.get('initramfs', True):
|
||||
generators = config_entry_image['initramfs-generators']
|
||||
l = PackageRelationGroup()
|
||||
for i in generators:
|
||||
i = config_entry_relations.get(i, i)
|
||||
l.append(i)
|
||||
a = PackageRelationEntry(i)
|
||||
if a.operator is not None:
|
||||
a.operator = -a.operator
|
||||
image_fields['Breaks'].append(PackageRelationGroup([a]))
|
||||
for item in l:
|
||||
item.arches = [arch]
|
||||
image_fields['Depends'].append(l)
|
||||
generators = config_entry_image['initramfs-generators']
|
||||
l = PackageRelationGroup()
|
||||
for i in generators:
|
||||
i = config_entry_relations.get(i, i)
|
||||
l.append(i)
|
||||
a = PackageRelationEntry(i)
|
||||
if a.operator is not None:
|
||||
a.operator = -a.operator
|
||||
image_fields['Breaks'].append(PackageRelationGroup([a]))
|
||||
for item in l:
|
||||
item.arches = [arch]
|
||||
image_fields['Depends'].append(l)
|
||||
|
||||
bootloaders = config_entry_image.get('bootloaders')
|
||||
if bootloaders:
|
||||
|
|
|
@ -65,7 +65,7 @@ dch -v "$new_pkg_ver" --preserve --multimaint-merge -D UNRELEASED \
|
|||
echo "New upstream stable update: "
|
||||
while [ "v$cur_ver" != "v$new_ver" ]; do
|
||||
cur_ver="$(next_update "$cur_ver")"
|
||||
echo "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-$cur_ver"
|
||||
echo "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-$cur_ver"
|
||||
done)"
|
||||
|
||||
# Then insert the shortlogs with sed
|
||||
|
|
|
@ -69,6 +69,72 @@ linux (3.15~rc5-1~exp1) experimental; urgency=medium
|
|||
|
||||
-- maximilian attems <maks@debian.org> Fri, 16 May 2014 14:33:57 +0200
|
||||
|
||||
linux (3.14.9-1) unstable; urgency=medium
|
||||
|
||||
* New upstream stable update:
|
||||
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.8
|
||||
- Target/iscsi,iser: Avoid accepting transport connections during stop
|
||||
stage
|
||||
- iser-target: Fix multi network portal shutdown regression
|
||||
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.9
|
||||
- target: Fix NULL pointer dereference for XCOPY in target_put_sess_cmd
|
||||
(regression in 3.14.6)
|
||||
- iscsi-target: Reject mutual authentication with reflected CHAP_C
|
||||
- ima: audit log files opened with O_DIRECT flag
|
||||
- ima: introduce ima_kernel_read() (regression in 3.10)
|
||||
- evm: prohibit userspace writing 'security.evm' HMAC value
|
||||
- net: Use netlink_ns_capable to verify the permisions of netlink messages
|
||||
(CVE-2014-0181)
|
||||
- netlink: Only check file credentials for implicit destinations
|
||||
- qlcnic: info leak in qlcnic_dcb_peer_app_info()
|
||||
- ipv6: Fix regression caused by efe4208 in udp_v6_mcast_next()
|
||||
(regression in 3.13)
|
||||
- netlink: rate-limit leftover bytes warning and print process name
|
||||
- bridge: Prevent insertion of FDB entry with disallowed vlan
|
||||
- net: tunnels - enable module autoloading
|
||||
- [sparc] net: filter: fix typo in sparc BPF JIT
|
||||
- sfc: PIO:Restrict to 64bit arch and use 64-bit writes.
|
||||
(regression in 3.13)
|
||||
- ipv4: fix a race in ip4_datagram_release_cb()
|
||||
- sctp: Fix sk_ack_backlog wrap-around problem
|
||||
- udp: ipv4: do not waste time in __udp4_lib_mcast_demux_lookup
|
||||
(regression in 3.13)
|
||||
- USB: cdc-acm: Fix various bugs in power management
|
||||
- USB: cdc-acm: fix I/O after failed open
|
||||
- [x86] hv: use correct order when freeing monitor_pages
|
||||
- ASoC: dapm: Make sure to always update the DAPM graph in _put_volsw()
|
||||
(regression in 3.12)
|
||||
- lzo: properly check for overruns (CVE-2014-4608)
|
||||
- lz4: ensure length does not wrap (CVE-2014-4608)
|
||||
- ALSA: compress: Cancel the optimization of compiler and fix the size of
|
||||
struct for all platform.
|
||||
- ALSA: control: Protect user controls against concurrent access
|
||||
(CVE-2014-4652)
|
||||
- ALSA: control: Fix replacing user controls (CVE-2014-4654, CVE-2014-4655)
|
||||
- ALSA: control: Don't access controls outside of protected regions
|
||||
(CVE-2014-4653)
|
||||
- ALSA: control: Make sure that id->index does not overflow;
|
||||
Handle numid overflow (CVE-2014-4656)
|
||||
|
||||
[ Ben Hutchings ]
|
||||
* aufs: Update to aufs3.14-20140616:
|
||||
- tiny, no msg in spinlock regeion
|
||||
- minor bugfix, correct error value in link(2)
|
||||
- O_TMPFILE support
|
||||
- bugfix, handling an error in opening a FIFO
|
||||
- propagate aufs file references to new vmas created by remap_file_pages()
|
||||
* linux-image: Make initramfs support unconditional
|
||||
* [x86] x86_32, entry: Do syscall exit work on badsys (CVE-2014-4508)
|
||||
* [rt] Fix latency histogram after "hrtimer: Set expiry time before
|
||||
switch_hrtimer_base()" in 3.14.6
|
||||
|
||||
[ Aurelien Jarno ]
|
||||
* [arm64] Enable COMPAT to support 32-bit binaries.
|
||||
* [mips,mipsel] Enable initramfs for all flavours, but keep the disk
|
||||
related drivers built-in for now.
|
||||
|
||||
-- Ben Hutchings <ben@decadent.org.uk> Mon, 30 Jun 2014 13:57:11 +0100
|
||||
|
||||
linux (3.14.7-1) unstable; urgency=medium
|
||||
|
||||
* New upstream stable update:
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
##
|
||||
CONFIG_ARCH_VEXPRESS=y
|
||||
CONFIG_ARCH_XGENE=y
|
||||
CONFIG_COMPAT=y
|
||||
CONFIG_SMP=y
|
||||
CONFIG_XEN=y
|
||||
|
||||
|
|
|
@ -1,10 +1,7 @@
|
|||
# CONFIG_PREEMPT_VOLUNTARY is not set
|
||||
CONFIG_PREEMPT_RT_FULL=y
|
||||
CONFIG_SCHED_TRACER=y
|
||||
#. This option is broken after commit 84ea7fe37908
|
||||
#. ('hrtimer: Set expiry time before switch_hrtimer_base()') but should be
|
||||
#. enabled when this is resolved
|
||||
# CONFIG_MISSED_TIMER_OFFSETS_HIST is not set
|
||||
CONFIG_MISSED_TIMER_OFFSETS_HIST=y
|
||||
CONFIG_WAKEUP_LATENCY_HIST=y
|
||||
|
||||
## disable aufs as it's not needed on rt and conflicts with fs-dentry-use-seqlock.patch
|
||||
|
|
|
@ -12,7 +12,6 @@ kernel-arch: mips
|
|||
image-file: vmlinux
|
||||
|
||||
[image]
|
||||
initramfs: false
|
||||
install-stem: vmlinux
|
||||
|
||||
[r4k-ip22_description]
|
||||
|
|
|
@ -12,7 +12,6 @@ kernel-arch: mips
|
|||
image-file: vmlinux
|
||||
|
||||
[image]
|
||||
initramfs: false
|
||||
install-stem: vmlinux
|
||||
|
||||
[sb1-bcm91250a_description]
|
||||
|
|
56
debian/patches/bugfix/x86/x86_32-entry-Do-syscall-exit-work-on-badsys-CVE-2014.patch
vendored
Normal file
56
debian/patches/bugfix/x86/x86_32-entry-Do-syscall-exit-work-on-badsys-CVE-2014.patch
vendored
Normal file
|
@ -0,0 +1,56 @@
|
|||
From: Andy Lutomirski <luto@amacapital.net>
|
||||
Date: Mon, 23 Jun 2014 14:22:15 -0700
|
||||
Subject: x86_32, entry: Do syscall exit work on badsys (CVE-2014-4508)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
Origin: https://git.kernel.org/linus/554086d85e71f30abe46fc014fea31929a7c6a8a
|
||||
|
||||
The bad syscall nr paths are their own incomprehensible route
|
||||
through the entry control flow. Rearrange them to work just like
|
||||
syscalls that return -ENOSYS.
|
||||
|
||||
This fixes an OOPS in the audit code when fast-path auditing is
|
||||
enabled and sysenter gets a bad syscall nr (CVE-2014-4508).
|
||||
|
||||
This has probably been broken since Linux 2.6.27:
|
||||
af0575bba0 i386 syscall audit fast-path
|
||||
|
||||
Cc: stable@vger.kernel.org
|
||||
Cc: Roland McGrath <roland@redhat.com>
|
||||
Reported-by: Toralf Förster <toralf.foerster@gmx.de>
|
||||
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
|
||||
Link: http://lkml.kernel.org/r/e09c499eade6fc321266dd6b54da7beb28d6991c.1403558229.git.luto@amacapital.net
|
||||
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
|
||||
---
|
||||
arch/x86/kernel/entry_32.S | 10 ++++++++--
|
||||
1 file changed, 8 insertions(+), 2 deletions(-)
|
||||
|
||||
--- a/arch/x86/kernel/entry_32.S
|
||||
+++ b/arch/x86/kernel/entry_32.S
|
||||
@@ -431,9 +431,10 @@ sysenter_past_esp:
|
||||
jnz sysenter_audit
|
||||
sysenter_do_call:
|
||||
cmpl $(NR_syscalls), %eax
|
||||
- jae syscall_badsys
|
||||
+ jae sysenter_badsys
|
||||
call *sys_call_table(,%eax,4)
|
||||
movl %eax,PT_EAX(%esp)
|
||||
+sysenter_after_call:
|
||||
LOCKDEP_SYS_EXIT
|
||||
DISABLE_INTERRUPTS(CLBR_ANY)
|
||||
TRACE_IRQS_OFF
|
||||
@@ -688,7 +689,12 @@ END(syscall_fault)
|
||||
|
||||
syscall_badsys:
|
||||
movl $-ENOSYS,PT_EAX(%esp)
|
||||
- jmp resume_userspace
|
||||
+ jmp syscall_exit
|
||||
+END(syscall_badsys)
|
||||
+
|
||||
+sysenter_badsys:
|
||||
+ movl $-ENOSYS,PT_EAX(%esp)
|
||||
+ jmp sysenter_after_call
|
||||
END(syscall_badsys)
|
||||
CFI_ENDPROC
|
||||
/*
|
|
@ -0,0 +1,33 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Sun, 29 Jun 2014 02:05:57 +0100
|
||||
Subject: ALSA: Avoid ABI change for CVE-2014-4652 fix
|
||||
Forwarded: not-needed
|
||||
|
||||
Move the new member snd_card::user_ctl_lock to the end of the structure
|
||||
and hide it from genksyms. struct snd_card is always allocated by
|
||||
snd_card_create() in sound/core/init.c and user_ctl_lock is used in
|
||||
sound/core/control.c, and these are part of the same module so they
|
||||
are sure to be consistent.
|
||||
|
||||
--- a/include/sound/core.h
|
||||
+++ b/include/sound/core.h
|
||||
@@ -121,8 +121,6 @@ struct snd_card {
|
||||
int user_ctl_count; /* count of all user controls */
|
||||
struct list_head controls; /* all controls for this card */
|
||||
struct list_head ctl_files; /* active control files */
|
||||
- struct mutex user_ctl_lock; /* protects user controls against
|
||||
- concurrent access */
|
||||
|
||||
struct snd_info_entry *proc_root; /* root for soundcard specific files */
|
||||
struct snd_info_entry *proc_id; /* the card id */
|
||||
@@ -149,6 +147,10 @@ struct snd_card {
|
||||
struct snd_mixer_oss *mixer_oss;
|
||||
int mixer_oss_change_count;
|
||||
#endif
|
||||
+#ifndef __GENKSYMS__
|
||||
+ struct mutex user_ctl_lock; /* protects user controls against
|
||||
+ concurrent access */
|
||||
+#endif
|
||||
};
|
||||
|
||||
#ifdef CONFIG_PM
|
|
@ -1,6 +1,6 @@
|
|||
From: Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
|
||||
Subject: [sh4] Fix uImage build
|
||||
Bug-Debian: http://bugs.debian.org/569034
|
||||
Bug-Debian: https://bugs.debian.org/569034
|
||||
Forwarded: not-needed
|
||||
|
||||
[bwh: This was added without a description, but I think it is dealing
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Subject: fs: Enable link security restrictions by default
|
||||
Date: Fri, 02 Nov 2012 05:32:06 +0000
|
||||
Bug-Debian: http://bugs.debian.org/609455
|
||||
Bug-Debian: https://bugs.debian.org/609455
|
||||
Forwarded: not-needed
|
||||
|
||||
This reverts commit 561ec64ae67ef25cac8d72bb9c4bfc955edfd415
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: dann frazier <dannf@debian.org>
|
||||
Subject: Hardcode arch script output
|
||||
Date: Mon, 26 Mar 2007 16:30:51 -0600
|
||||
Bug-Debian: http://bugs.debian.org/392592
|
||||
Bug-Debian: https://bugs.debian.org/392592
|
||||
Forwarded: not-needed
|
||||
|
||||
Here's a patch that simply uses hardcoded definitions instead of
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Subject: iwlwifi: Do not request unreleased firmware for IWL6000
|
||||
Bug-Debian: http://bugs.debian.org/689416
|
||||
Bug-Debian: https://bugs.debian.org/689416
|
||||
Forwarded: not-needed
|
||||
|
||||
The iwlwifi driver currently supports firmware API versions 4-6 for
|
||||
|
|
|
@ -4,7 +4,7 @@ Description: Prevent building uImage with missing mkimage
|
|||
available in linux's build-dependencies, and the file is not strictly
|
||||
necessary, so we are omitting this step in the build process, Debian-specific.
|
||||
Author: Roland Stigge <stigge@antcom.de>
|
||||
Bug-Debian: http://bugs.debian.org/708094
|
||||
Bug-Debian: https://bugs.debian.org/708094
|
||||
Forwarded: not-needed
|
||||
|
||||
--- a/arch/powerpc/boot/Makefile
|
||||
|
|
|
@ -2,7 +2,7 @@ From: Ben Hutchings <ben@decadent.org.uk>
|
|||
Date: Wed, 05 Feb 2014 23:01:30 +0000
|
||||
Subject: snd-pcsp: Disable autoload
|
||||
Forwarded: not-needed
|
||||
Bug-Debian: http://bugs.debian.org/697709
|
||||
Bug-Debian: https://bugs.debian.org/697709
|
||||
|
||||
There are two drivers claiming the platform:pcspkr device:
|
||||
- pcspkr creates an input(!) device that can only beep
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Subject: yama: Disable by default
|
||||
Date: Wed, 19 Jun 2013 04:35:28 +0100
|
||||
Bug-Debian: http://bugs.debian.org/712740
|
||||
Bug-Debian: https://bugs.debian.org/712740
|
||||
Forwarded: not-needed
|
||||
|
||||
--- a/security/yama/yama_lsm.c
|
||||
|
|
|
@ -11,7 +11,7 @@ else
|
|||
echo >&2 "W: Cannot include a specific origin URL without an aufs git repo"
|
||||
origin_line='Origin: http://sourceforge.net/p/aufs/aufs3-standalone/ref/master/branches/'
|
||||
fi
|
||||
bug_line='Bug-Debian: http://bugs.debian.org/541828'
|
||||
bug_line='Bug-Debian: https://bugs.debian.org/541828'
|
||||
|
||||
for patch in aufs3-{base,kbuild,mmap,standalone}.patch; do
|
||||
{
|
||||
|
|
|
@ -0,0 +1,39 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Sat, 28 Jun 2014 23:34:48 +0100
|
||||
Subject: Fix latency histogram after "hrtimer: Set expiry time before switch_hrtimer_base()"
|
||||
Forwarded: http://mid.gmane.org/1403994888.23472.116.camel@deadeye.wl.decadent.org.uk
|
||||
|
||||
In an rt-kernel with CONFIG_MISSED_TIMER_OFFSETS_HIST enabled,
|
||||
__hrtimer_start_range_ns() now crashes, as new_base is not assigned
|
||||
before it is used.
|
||||
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
Tested-by: Carsten Emde <C.Emde@osadl.org>
|
||||
Cc: stable-rt@vger.kernel.org
|
||||
---
|
||||
--- a/kernel/hrtimer.c
|
||||
+++ b/kernel/hrtimer.c
|
||||
@@ -1106,6 +1106,11 @@ int __hrtimer_start_range_ns(struct hrti
|
||||
#endif
|
||||
}
|
||||
|
||||
+ hrtimer_set_expires_range_ns(timer, tim, delta_ns);
|
||||
+
|
||||
+ /* Switch the timer base, if necessary: */
|
||||
+ new_base = switch_hrtimer_base(timer, base, mode & HRTIMER_MODE_PINNED);
|
||||
+
|
||||
#ifdef CONFIG_MISSED_TIMER_OFFSETS_HIST
|
||||
{
|
||||
ktime_t now = new_base->get_time();
|
||||
@@ -1117,11 +1122,6 @@ int __hrtimer_start_range_ns(struct hrti
|
||||
}
|
||||
#endif
|
||||
|
||||
- hrtimer_set_expires_range_ns(timer, tim, delta_ns);
|
||||
-
|
||||
- /* Switch the timer base, if necessary: */
|
||||
- new_base = switch_hrtimer_base(timer, base, mode & HRTIMER_MODE_PINNED);
|
||||
-
|
||||
timer_stats_hrtimer_set_start_info(timer);
|
||||
|
||||
leftmost = enqueue_hrtimer(timer, new_base);
|
|
@ -96,3 +96,4 @@ features/arm/ARM-dts-sun7i-Add-reg_vcc3v3-to-sun7i-board-mmc-node.patch
|
|||
features/arm/ARM-dts-sun7i-cubietruck-set-mmc3-bus-width-property.patch
|
||||
features/arm/ARM-dts-imx6qdl-wandboard-Add-HDMI-support.patch
|
||||
features/arm/ARM-imx-add-HDMI-support-for-SolidRun-HummingBoard-a.patch
|
||||
bugfix/x86/x86_32-entry-Do-syscall-exit-work-on-badsys-CVE-2014.patch
|
||||
|
|
|
@ -16,7 +16,6 @@ my $link_in_boot = "";
|
|||
my $no_symlink = "";
|
||||
my $do_symlink = "Yes"; # target machine defined
|
||||
my $kimage = "@image-stem@";
|
||||
my $initrd = "@initramfs@";
|
||||
my $mkimage = ""; # command to generate the initrd image
|
||||
my $use_hard_links = ''; # hardlinks do not work across fs boundaries
|
||||
my $postinst_hook = ''; #Normally we do not
|
||||
|
@ -532,9 +531,7 @@ if (-d "$modules_base/$version") {
|
|||
# Only change the symlinks if we are not being upgraded
|
||||
if (! defined $ARGV[1] || ! $ARGV[1] || $ARGV[1] =~ m/<unknown>/o) {
|
||||
image_magic($kimage, $image_dest);
|
||||
if ($initrd) {
|
||||
image_magic("initrd.img", $image_dest);
|
||||
}
|
||||
image_magic("initrd.img", $image_dest);
|
||||
}
|
||||
else {
|
||||
lstat($kimage);
|
||||
|
@ -542,12 +539,10 @@ else {
|
|||
handle_missing_link($kimage, $image_dest, "$kimage-$version",
|
||||
$realimageloc);
|
||||
}
|
||||
if ($initrd) {
|
||||
lstat("initrd.img");
|
||||
if (! -e _) {
|
||||
handle_missing_link("initrd.img", $image_dest, "initrd.img-$version",
|
||||
$realimageloc);
|
||||
}
|
||||
lstat("initrd.img");
|
||||
if (! -e _) {
|
||||
handle_missing_link("initrd.img", $image_dest, "initrd.img-$version",
|
||||
$realimageloc);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -22,7 +22,6 @@ $|=1;
|
|||
my $version = "@abiname@@localversion@";
|
||||
my $link_in_boot = "";
|
||||
my $kimage = "@image-stem@";
|
||||
my $initrd = "@initramfs@";
|
||||
my $postrm_hook = ''; #Normally we do not
|
||||
my $package_name = "linux-image-$version";
|
||||
|
||||
|
@ -230,8 +229,8 @@ if ($ARGV[0] !~ /upgrade/) {
|
|||
# check and remove damaged and dangling symlinks
|
||||
image_magic($kimage, $image_dest);
|
||||
image_magic($kimage . ".old", $image_dest);
|
||||
image_magic("initrd.img", $image_dest) if $initrd;
|
||||
image_magic("initrd.img.old", $image_dest) if $initrd;
|
||||
image_magic("initrd.img", $image_dest);
|
||||
image_magic("initrd.img.old", $image_dest);
|
||||
}
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue