Merge changes from sid up to 3.14.9-1

svn path=/dists/trunk/linux/; revision=21485

debian/bin/gencontrol.py

@@ -32,7 +32,6 @@ class Gencontrol(Base):
         'image': {
             'bootloaders': config.SchemaItemList(),
             'configs': config.SchemaItemList(),
-            'initramfs': config.SchemaItemBoolean(),
             'initramfs-generators': config.SchemaItemList(),
         },
         'relations': {
@@ -245,7 +244,6 @@ class Gencontrol(Base):
         override_localversion = config_image.get('override-localversion', None)
         if override_localversion is not None:
             vars['localversion-image'] = vars['localversion_headers'] + '-' + override_localversion
-        vars['initramfs'] = 'YES' if config_image.get('initramfs', True) else ''
         vars['image-stem'] = config_image.get('install-stem')
 
         self._setup_makeflags(self.flavour_makeflags_base, makeflags, config_base)
@@ -278,19 +276,18 @@ class Gencontrol(Base):
         for field in 'Depends', 'Provides', 'Suggests', 'Recommends', 'Conflicts', 'Breaks':
             image_fields[field] = PackageRelation(config_entry_image.get(field.lower(), None), override_arches=(arch,))
 
-        if config_entry_image.get('initramfs', True):
-            generators = config_entry_image['initramfs-generators']
-            l = PackageRelationGroup()
-            for i in generators:
-                i = config_entry_relations.get(i, i)
-                l.append(i)
-                a = PackageRelationEntry(i)
-                if a.operator is not None:
-                    a.operator = -a.operator
-                    image_fields['Breaks'].append(PackageRelationGroup([a]))
-            for item in l:
-                item.arches = [arch]
-            image_fields['Depends'].append(l)
+        generators = config_entry_image['initramfs-generators']
+        l = PackageRelationGroup()
+        for i in generators:
+            i = config_entry_relations.get(i, i)
+            l.append(i)
+            a = PackageRelationEntry(i)
+            if a.operator is not None:
+                a.operator = -a.operator
+                image_fields['Breaks'].append(PackageRelationGroup([a]))
+        for item in l:
+            item.arches = [arch]
+        image_fields['Depends'].append(l)
 
         bootloaders = config_entry_image.get('bootloaders')
         if bootloaders:

debian/bin/stable-update.sh

@@ -65,7 +65,7 @@ dch -v "$new_pkg_ver" --preserve --multimaint-merge -D UNRELEASED \
     echo "New upstream stable update: "
     while [ "v$cur_ver" != "v$new_ver" ]; do
         cur_ver="$(next_update "$cur_ver")"
-        echo "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-$cur_ver"
+        echo "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-$cur_ver"
     done)"
 
 # Then insert the shortlogs with sed

debian/changelog

@@ -69,6 +69,72 @@ linux (3.15~rc5-1~exp1) experimental; urgency=medium
 
  -- maximilian attems <maks@debian.org>  Fri, 16 May 2014 14:33:57 +0200
 
+linux (3.14.9-1) unstable; urgency=medium
+
+  * New upstream stable update:
+    https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.8
+    - Target/iscsi,iser: Avoid accepting transport connections during stop
+      stage
+    - iser-target: Fix multi network portal shutdown regression
+    https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.9
+    - target: Fix NULL pointer dereference for XCOPY in target_put_sess_cmd
+      (regression in 3.14.6)
+    - iscsi-target: Reject mutual authentication with reflected CHAP_C
+    - ima: audit log files opened with O_DIRECT flag
+    - ima: introduce ima_kernel_read() (regression in 3.10)
+    - evm: prohibit userspace writing 'security.evm' HMAC value
+    - net: Use netlink_ns_capable to verify the permisions of netlink messages
+      (CVE-2014-0181)
+    - netlink: Only check file credentials for implicit destinations
+    - qlcnic: info leak in qlcnic_dcb_peer_app_info()
+    - ipv6: Fix regression caused by efe4208 in udp_v6_mcast_next()
+      (regression in 3.13)
+    - netlink: rate-limit leftover bytes warning and print process name
+    - bridge: Prevent insertion of FDB entry with disallowed vlan
+    - net: tunnels - enable module autoloading
+    - [sparc] net: filter: fix typo in sparc BPF JIT
+    - sfc: PIO:Restrict to 64bit arch and use 64-bit writes.
+      (regression in 3.13)
+    - ipv4: fix a race in ip4_datagram_release_cb()
+    - sctp: Fix sk_ack_backlog wrap-around problem
+    - udp: ipv4: do not waste time in __udp4_lib_mcast_demux_lookup
+      (regression in 3.13)
+    - USB: cdc-acm: Fix various bugs in power management
+    - USB: cdc-acm: fix I/O after failed open
+    - [x86] hv: use correct order when freeing monitor_pages
+    - ASoC: dapm: Make sure to always update the DAPM graph in _put_volsw()
+      (regression in 3.12)
+    - lzo: properly check for overruns (CVE-2014-4608)
+    - lz4: ensure length does not wrap (CVE-2014-4608)
+    - ALSA: compress: Cancel the optimization of compiler and fix the size of
+      struct for all platform.
+    - ALSA: control: Protect user controls against concurrent access
+      (CVE-2014-4652)
+    - ALSA: control: Fix replacing user controls (CVE-2014-4654, CVE-2014-4655)
+    - ALSA: control: Don't access controls outside of protected regions
+      (CVE-2014-4653)
+    - ALSA: control: Make sure that id->index does not overflow;
+      Handle numid overflow (CVE-2014-4656)
+
+  [ Ben Hutchings ]
+  * aufs: Update to aufs3.14-20140616:
+    - tiny, no msg in spinlock regeion
+    - minor bugfix, correct error value in link(2)
+    - O_TMPFILE support
+    - bugfix, handling an error in opening a FIFO
+    - propagate aufs file references to new vmas created by remap_file_pages()
+  * linux-image: Make initramfs support unconditional
+  * [x86] x86_32, entry: Do syscall exit work on badsys (CVE-2014-4508)
+  * [rt] Fix latency histogram after "hrtimer: Set expiry time before
+    switch_hrtimer_base()" in 3.14.6
+
+  [ Aurelien Jarno ]
+  * [arm64] Enable COMPAT to support 32-bit binaries.
+  * [mips,mipsel] Enable initramfs for all flavours, but keep the disk
+    related drivers built-in for now.
+
+ -- Ben Hutchings <ben@decadent.org.uk>  Mon, 30 Jun 2014 13:57:11 +0100
+
 linux (3.14.7-1) unstable; urgency=medium
 
   * New upstream stable update:

debian/config/arm64/config

@@ -3,6 +3,7 @@
 ##
 CONFIG_ARCH_VEXPRESS=y
 CONFIG_ARCH_XGENE=y
+CONFIG_COMPAT=y
 CONFIG_SMP=y
 CONFIG_XEN=y
 

debian/config/featureset-rt/config

@@ -1,10 +1,7 @@
 # CONFIG_PREEMPT_VOLUNTARY is not set
 CONFIG_PREEMPT_RT_FULL=y
 CONFIG_SCHED_TRACER=y
-#. This option is broken after commit 84ea7fe37908
-#. ('hrtimer: Set expiry time before switch_hrtimer_base()') but should be
-#. enabled when this is resolved
-# CONFIG_MISSED_TIMER_OFFSETS_HIST is not set
+CONFIG_MISSED_TIMER_OFFSETS_HIST=y
 CONFIG_WAKEUP_LATENCY_HIST=y
 
 ## disable aufs as it's not needed on rt and conflicts with fs-dentry-use-seqlock.patch

debian/config/mips/defines

@@ -12,7 +12,6 @@ kernel-arch: mips
 image-file: vmlinux
 
 [image]
-initramfs: false
 install-stem: vmlinux
 
 [r4k-ip22_description]

debian/config/mipsel/defines

@@ -12,7 +12,6 @@ kernel-arch: mips
 image-file: vmlinux
 
 [image]
-initramfs: false
 install-stem: vmlinux
 
 [sb1-bcm91250a_description]

debian/patches/bugfix/x86/x86_32-entry-Do-syscall-exit-work-on-badsys-CVE-2014.patch

@@ -0,0 +1,56 @@
+From: Andy Lutomirski <luto@amacapital.net>
+Date: Mon, 23 Jun 2014 14:22:15 -0700
+Subject: x86_32, entry: Do syscall exit work on badsys (CVE-2014-4508)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+Origin: https://git.kernel.org/linus/554086d85e71f30abe46fc014fea31929a7c6a8a
+
+The bad syscall nr paths are their own incomprehensible route
+through the entry control flow.  Rearrange them to work just like
+syscalls that return -ENOSYS.
+
+This fixes an OOPS in the audit code when fast-path auditing is
+enabled and sysenter gets a bad syscall nr (CVE-2014-4508).
+
+This has probably been broken since Linux 2.6.27:
+af0575bba0 i386 syscall audit fast-path
+
+Cc: stable@vger.kernel.org
+Cc: Roland McGrath <roland@redhat.com>
+Reported-by: Toralf Förster <toralf.foerster@gmx.de>
+Signed-off-by: Andy Lutomirski <luto@amacapital.net>
+Link: http://lkml.kernel.org/r/e09c499eade6fc321266dd6b54da7beb28d6991c.1403558229.git.luto@amacapital.net
+Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
+---
+ arch/x86/kernel/entry_32.S | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/kernel/entry_32.S
++++ b/arch/x86/kernel/entry_32.S
+@@ -431,9 +431,10 @@ sysenter_past_esp:
+ 	jnz sysenter_audit
+ sysenter_do_call:
+ 	cmpl $(NR_syscalls), %eax
+-	jae syscall_badsys
++	jae sysenter_badsys
+ 	call *sys_call_table(,%eax,4)
+ 	movl %eax,PT_EAX(%esp)
++sysenter_after_call:
+ 	LOCKDEP_SYS_EXIT
+ 	DISABLE_INTERRUPTS(CLBR_ANY)
+ 	TRACE_IRQS_OFF
+@@ -688,7 +689,12 @@ END(syscall_fault)
+ 
+ syscall_badsys:
+ 	movl $-ENOSYS,PT_EAX(%esp)
+-	jmp resume_userspace
++	jmp syscall_exit
++END(syscall_badsys)
++
++sysenter_badsys:
++	movl $-ENOSYS,PT_EAX(%esp)
++	jmp sysenter_after_call
+ END(syscall_badsys)
+ 	CFI_ENDPROC
+ /*

debian/patches/debian/alsa-avoid-abi-change-for-cve-2014-4652-fix.patch

@@ -0,0 +1,33 @@
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Sun, 29 Jun 2014 02:05:57 +0100
+Subject: ALSA: Avoid ABI change for CVE-2014-4652 fix
+Forwarded: not-needed
+
+Move the new member snd_card::user_ctl_lock to the end of the structure
+and hide it from genksyms.  struct snd_card is always allocated by
+snd_card_create() in sound/core/init.c and user_ctl_lock is used in
+sound/core/control.c, and these are part of the same module so they
+are sure to be consistent.
+
+--- a/include/sound/core.h
++++ b/include/sound/core.h
+@@ -121,8 +121,6 @@ struct snd_card {
+ 	int user_ctl_count;		/* count of all user controls */
+ 	struct list_head controls;	/* all controls for this card */
+ 	struct list_head ctl_files;	/* active control files */
+-	struct mutex user_ctl_lock;	/* protects user controls against
+-					   concurrent access */
+ 
+ 	struct snd_info_entry *proc_root;	/* root for soundcard specific files */
+ 	struct snd_info_entry *proc_id;	/* the card id */
+@@ -149,6 +147,10 @@ struct snd_card {
+ 	struct snd_mixer_oss *mixer_oss;
+ 	int mixer_oss_change_count;
+ #endif
++#ifndef __GENKSYMS__
++	struct mutex user_ctl_lock;	/* protects user controls against
++					   concurrent access */
++#endif
+ };
+ 
+ #ifdef CONFIG_PM

debian/patches/debian/arch-sh4-fix-uimage-build.patch

@@ -1,6 +1,6 @@
 From: Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
 Subject: [sh4] Fix uImage build
-Bug-Debian: http://bugs.debian.org/569034
+Bug-Debian: https://bugs.debian.org/569034
 Forwarded: not-needed
 
 [bwh: This was added without a description, but I think it is dealing

debian/patches/debian/fs-enable-link-security-restrictions-by-default.patch

@@ -1,7 +1,7 @@
 From: Ben Hutchings <ben@decadent.org.uk>
 Subject: fs: Enable link security restrictions by default
 Date: Fri, 02 Nov 2012 05:32:06 +0000
-Bug-Debian: http://bugs.debian.org/609455
+Bug-Debian: https://bugs.debian.org/609455
 Forwarded: not-needed
 
 This reverts commit 561ec64ae67ef25cac8d72bb9c4bfc955edfd415

debian/patches/debian/ia64-hardcode-arch-script-output.patch

@@ -1,7 +1,7 @@
 From: dann frazier <dannf@debian.org>
 Subject: Hardcode arch script output
 Date: Mon, 26 Mar 2007 16:30:51 -0600
-Bug-Debian: http://bugs.debian.org/392592
+Bug-Debian: https://bugs.debian.org/392592
 Forwarded: not-needed
 
 Here's a patch that simply uses hardcoded definitions instead of

debian/patches/debian/iwlwifi-do-not-request-unreleased-firmware.patch

@@ -1,6 +1,6 @@
 From: Ben Hutchings <ben@decadent.org.uk>
 Subject: iwlwifi: Do not request unreleased firmware for IWL6000
-Bug-Debian: http://bugs.debian.org/689416
+Bug-Debian: https://bugs.debian.org/689416
 Forwarded: not-needed
 
 The iwlwifi driver currently supports firmware API versions 4-6 for

debian/patches/debian/powerpcspe-omit-uimage.patch

@@ -4,7 +4,7 @@ Description: Prevent building uImage with missing mkimage
  available in linux's build-dependencies, and the file is not strictly
  necessary, so we are omitting this step in the build process, Debian-specific.
 Author: Roland Stigge <stigge@antcom.de>
-Bug-Debian: http://bugs.debian.org/708094
+Bug-Debian: https://bugs.debian.org/708094
 Forwarded: not-needed
 
 --- a/arch/powerpc/boot/Makefile

debian/patches/debian/snd-pcsp-disable-autoload.patch

@@ -2,7 +2,7 @@ From: Ben Hutchings <ben@decadent.org.uk>
 Date: Wed, 05 Feb 2014 23:01:30 +0000
 Subject: snd-pcsp: Disable autoload
 Forwarded: not-needed
-Bug-Debian: http://bugs.debian.org/697709
+Bug-Debian: https://bugs.debian.org/697709
 
 There are two drivers claiming the platform:pcspkr device:
 - pcspkr creates an input(!) device that can only beep

debian/patches/debian/yama-disable-by-default.patch

@@ -1,7 +1,7 @@
 From: Ben Hutchings <ben@decadent.org.uk>
 Subject: yama: Disable by default
 Date: Wed, 19 Jun 2013 04:35:28 +0100
-Bug-Debian: http://bugs.debian.org/712740
+Bug-Debian: https://bugs.debian.org/712740
 Forwarded: not-needed
 
 --- a/security/yama/yama_lsm.c

debian/patches/features/all/aufs3/gen-patch

@@ -11,7 +11,7 @@ else
     echo >&2 "W: Cannot include a specific origin URL without an aufs git repo"
     origin_line='Origin: http://sourceforge.net/p/aufs/aufs3-standalone/ref/master/branches/'
 fi
-bug_line='Bug-Debian: http://bugs.debian.org/541828'
+bug_line='Bug-Debian: https://bugs.debian.org/541828'
 
 for patch in aufs3-{base,kbuild,mmap,standalone}.patch; do
     {

debian/patches/features/all/rt/fix-latency-histogram-after-hrtimer-set-expiry-time-before-switch_hrtimer_base.patch

@@ -0,0 +1,39 @@
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Sat, 28 Jun 2014 23:34:48 +0100
+Subject: Fix latency histogram after "hrtimer: Set expiry time before switch_hrtimer_base()"
+Forwarded: http://mid.gmane.org/1403994888.23472.116.camel@deadeye.wl.decadent.org.uk
+
+In an rt-kernel with CONFIG_MISSED_TIMER_OFFSETS_HIST enabled,
+__hrtimer_start_range_ns() now crashes, as new_base is not assigned
+before it is used.
+
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+Tested-by: Carsten Emde <C.Emde@osadl.org>
+Cc: stable-rt@vger.kernel.org
+---
+--- a/kernel/hrtimer.c
++++ b/kernel/hrtimer.c
+@@ -1106,6 +1106,11 @@ int __hrtimer_start_range_ns(struct hrti
+ #endif
+ 	}
+ 
++	hrtimer_set_expires_range_ns(timer, tim, delta_ns);
++
++	/* Switch the timer base, if necessary: */
++	new_base = switch_hrtimer_base(timer, base, mode & HRTIMER_MODE_PINNED);
++
+ #ifdef CONFIG_MISSED_TIMER_OFFSETS_HIST
+ 	{
+ 		ktime_t now = new_base->get_time();
+@@ -1117,11 +1122,6 @@ int __hrtimer_start_range_ns(struct hrti
+ 	}
+ #endif
+ 
+-	hrtimer_set_expires_range_ns(timer, tim, delta_ns);
+-
+-	/* Switch the timer base, if necessary: */
+-	new_base = switch_hrtimer_base(timer, base, mode & HRTIMER_MODE_PINNED);
+-
+ 	timer_stats_hrtimer_set_start_info(timer);
+ 
+ 	leftmost = enqueue_hrtimer(timer, new_base);

debian/patches/series

@@ -96,3 +96,4 @@ features/arm/ARM-dts-sun7i-Add-reg_vcc3v3-to-sun7i-board-mmc-node.patch
 features/arm/ARM-dts-sun7i-cubietruck-set-mmc3-bus-width-property.patch
 features/arm/ARM-dts-imx6qdl-wandboard-Add-HDMI-support.patch
 features/arm/ARM-imx-add-HDMI-support-for-SolidRun-HummingBoard-a.patch
+bugfix/x86/x86_32-entry-Do-syscall-exit-work-on-badsys-CVE-2014.patch

debian/templates/image.plain.postinst.in

@@ -16,7 +16,6 @@ my $link_in_boot      = "";
 my $no_symlink        = "";
 my $do_symlink        = "Yes";  # target machine defined
 my $kimage            = "@image-stem@";
-my $initrd            = "@initramfs@";
 my $mkimage           = "";     # command to generate the initrd image
 my $use_hard_links    = ''; # hardlinks do not work across fs boundaries
 my $postinst_hook     = '';          #Normally we do not
@@ -532,9 +531,7 @@ if (-d "$modules_base/$version") {
 # Only change the symlinks if we are not being upgraded
 if (! defined $ARGV[1] || ! $ARGV[1] || $ARGV[1] =~ m/<unknown>/o) {
   image_magic($kimage, $image_dest);
-  if ($initrd) {
-    image_magic("initrd.img", $image_dest);
-  }
+  image_magic("initrd.img", $image_dest);
 }
 else {
   lstat($kimage);
@@ -542,12 +539,10 @@ else {
     handle_missing_link($kimage, $image_dest, "$kimage-$version", 
                         $realimageloc);
   }
-  if ($initrd) {
-    lstat("initrd.img");
-    if (! -e _) {
-      handle_missing_link("initrd.img", $image_dest, "initrd.img-$version",
-			  $realimageloc);
-    }
+  lstat("initrd.img");
+  if (! -e _) {
+    handle_missing_link("initrd.img", $image_dest, "initrd.img-$version",
+			$realimageloc);
   }
 }
 

debian/templates/image.plain.postrm.in

@@ -22,7 +22,6 @@ $|=1;
 my $version           = "@abiname@@localversion@";
 my $link_in_boot      = "";
 my $kimage            = "@image-stem@";
-my $initrd            = "@initramfs@";
 my $postrm_hook       = '';       #Normally we do not
 my $package_name    = "linux-image-$version";
 
@@ -230,8 +229,8 @@ if ($ARGV[0] !~ /upgrade/) {
   # check and remove damaged and dangling symlinks
   image_magic($kimage,          $image_dest);
   image_magic($kimage . ".old", $image_dest);
-  image_magic("initrd.img",     $image_dest) if $initrd;
-  image_magic("initrd.img.old", $image_dest) if $initrd;
+  image_magic("initrd.img",     $image_dest);
+  image_magic("initrd.img.old", $image_dest);
 }