4932bdacf1
linux-kbuild: Add objtool
2017-12-27 01:38:04 +00:00
7f35685e4b
[rt] Disable until it is updated for 4.15 or later
2017-12-27 01:38:03 +00:00
e01624c730
cpupower: Move library to multiarch directory
...
Upstream moved it from /usr/lib to /usr/lib64 in 4.15, but neither of
these is correct.
2017-12-27 01:38:00 +00:00
7bcd3c4d13
lockdown: Update calls to kernel_is_locked_down() in "mtd: Disable slram and phram when locked down"
...
We need to pass a string to be logged the first time the check fires.
2017-12-27 01:37:24 +00:00
7dd9b58675
Update to 4.15-rc5
...
Also update the aufs and lockdown patchsets.
2017-12-26 18:54:17 +00:00
ab5d03cb3b
Prepare to release linux (4.14.7-1).
2017-12-22 14:12:23 +00:00
8423f81c55
Merge remote-tracking branch 'alioth/sid' into sid
2017-12-22 14:10:04 +00:00
196596c560
crypto: hmac - require that the underlying hash algorithm is unkeyed (CVE-2017-17806)
2017-12-22 09:13:19 +01:00
4f056ca2c6
crypto: salsa20 - fix blkcipher_walk API usage (CVE-2017-17805)
2017-12-22 09:00:33 +01:00
adef82ee3a
Bump ABI to 2
2017-12-22 03:54:44 +00:00
cf1f6e2019
bpf/verifier: Fix multiple security issues ( Closes : #883558 )
2017-12-22 03:54:44 +00:00
a983b69920
Add one more known CVE id
...
Gbp-Dch: Ignore
2017-12-21 06:07:46 +01:00
2bc058f58c
Add opening parenthesis
...
Gbp-Dch: Ignore
2017-12-20 20:41:06 +01:00
fc7f6fafd8
Add security fixes
2017-12-20 19:27:18 +00:00
285e1090f2
[rt] Update to 4.14.6-rt7
2017-12-20 18:53:59 +00:00
9e0441b20a
Update to 4.14.7
...
Drop patches applied upstream, and fix a few conflicts.
2017-12-20 18:40:37 +00:00
67968436a4
[arm64] udeb: add mvebu comphy for armada 8K
2017-12-12 11:01:35 +02:00
11548f0aea
[arm64] udeb: add multifunction devices
2017-12-12 11:00:38 +02:00
a865f2fdb7
[armhf, arm64] Backport patches from 4.15.x to support dwmac-sun8i.
2017-12-11 13:15:45 -08:00
2f634be5d8
xen/time: do not decrease steal time after live migration on xen
...
Closes : #871608
2017-12-03 10:53:37 +01:00
7e09c9fcc8
Add ABI reference for 4.14.0-1
2017-12-03 10:18:48 +01:00
5b750f6268
Prepare to release linux (4.14.2-1).
2017-11-30 12:33:47 +00:00
1bf82631fb
Revert "SCSI: Enable SCSI_MQ_DEFAULT"
...
This reverts commit 16d7f29d46
2017-11-30 12:07:11 +00:00
3f937de450
[x86] mmap: Add an exception to the stack gap for Hotspot JVM compatibility
...
Closes : #865303
2017-11-30 12:07:11 +00:00
a87b11684d
Prepare to upload to unstable
...
Drop the ~exp1 from the version.
Set ABI to 1.
2017-11-30 12:06:47 +00:00
71832be11b
mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d() (CVE-2017-1000405)
2017-11-30 08:16:06 +01:00
fb72f17cab
[rt] Update to 4.14.1-rt3
2017-11-29 23:05:39 +00:00
b0a4fbf1cd
[rt] Add new signing subkey for Steven Rostedt
2017-11-29 22:11:04 +00:00
16d7f29d46
SCSI: Enable SCSI_MQ_DEFAULT
...
Now that blk-mq has a similar default scheduler as the old block
layer, it should be safe to switch over.
Note how to revert this at run-time if necessary.
2017-11-29 22:11:04 +00:00
f6077f8f4f
Add entry for CVE-2017-16994
2017-11-27 21:35:01 +01:00
f83f2a2082
Update to 4.14.2
2017-11-25 08:30:31 +01:00
2ed7a163b9
leds: Enable LEDS_BRIGHTNESS_HW_CHANGED ( Closes : #872862 )
2017-11-24 17:20:44 +00:00
a633085eb6
apparmor: fix oops in audit_signal_cb hook (regression in 4.14)
2017-11-24 13:25:03 +00:00
b979dd72a4
[armel] Change configuration to reduce image size (fixes FTBFS)
...
- Change CONNECTOR from built-in to module, and disable PROC_EVENTS
- Disable INTEGRITY and dependent options
- video: Disable USB_APPLEDISPLAY, BACKLIGHT_CLASS_DEVICE
This still only gets us down to 99.26% of maximum size, so further
changes will be needed soon.
2017-11-23 01:00:43 +00:00
d769bf7e2b
Update to 4.14.1
2017-11-22 03:13:35 +00:00
5436f201dd
aufs: Update support patchset to aufs4.14-20171120
2017-11-21 16:20:07 +00:00
bf3c5027e0
i40e: Build for 32-bit targets again
...
Apply the upstream patches that removed the use of cmpxchg64().
2017-11-21 16:14:37 +00:00
1dffc3c5d6
[rt] Update to 4.14-rt1 and reenable ( Closes : #882192 )
2017-11-20 14:17:41 +00:00
94964d2c86
Prepare to release linux (4.14-1~exp1).
2017-11-17 00:16:15 +00:00
0876bb2edc
Set ABI name to trunk
2017-11-17 00:16:12 +00:00
1a1f0ef065
Release linux (4.13.13-1).
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAloODhAACgkQ57/I7JWG
EQkFAg//Zb5RqwypcEFRZs6Oyi4jF6EekQW+UVXjAE8gAw3ae8+1uvkg3TyMY7uT
C//3H1DGY/A3imqHsxku9NG5T9KhJL9cKn2EDRz8c/+lU949wXjzSFCQk+p9mwcb
RSyuqES+FwtrMJoN0iXpVIiTSjImuu4IIpTmc6IsZo1frn5oHKmeC4mvsKuflL/S
usdauRUkQewtTvi/Z8wDA5fJIDN2ff0DcSN8Km/QPlB2zUoGaQRM36ApZVeHDX3X
190bDAuBfJp9Pht3eFPUq6HwEht9hbiqSaSpMKB/jyPE8lWZ7AL8CM2qiOuZCXil
ncELxkx+8Cqp4jAWc3wqGZ5mkeVHeHxZcmFv0b4hQaaifW5GtmlMo/XHhMeFIoCc
tbcC55No2c3ZUhUH0kAQyf26zZ3f7hBAYT8EI5BNngPpZB4W7NJL8A2c09QYxAVB
/uXNnCdd7LZ9Dnhgc0K1FjIEckd1XHVQgVZ6Seo4Pv2adMfLckla3Xvqj888515a
akTL9LFAKySOqalakMl34G2FT1S0CR9+7I45KFcKjiGW5pF1RgDeLZy1W+nQq3Vd
oH2KmWGovmouMEnrh8RgKJNwLkelVkLKl0AFhJ29PGeDrGAklz0Sy5egB8iqoxRh
fiKph8IGdD8akqlI4d8mTWs01FmALkkSHUkLAxbME8HC3lpb7Ic=
=TJmK
-----END PGP SIGNATURE-----
Merge tag 'debian/4.13.13-1'
Release linux (4.13.13-1).
2017-11-16 22:18:14 +00:00
8c84dc3d14
Prepare to release linux (4.13.13-1).
2017-11-16 21:04:10 +00:00
617046eb45
netfilter: nat: Avoid ABI change in 4.13.13
2017-11-16 21:04:07 +00:00
7cb3e39661
ALSA: timer: Avoid ABI change in 4.13.13
2017-11-16 20:52:13 +00:00
4c3b3b1dec
dvb_frontend: don't use-after-free the frontend struct (CVE-2017-16648)
...
Plus another fix it seems to depend on.
2017-11-16 20:04:01 +00:00
f03dc09259
[armhf] drm: Enable DRM_SUN4I etc. ( Closes : #881570 )
2017-11-16 19:59:53 +00:00
79e266334e
[arm64] config fixup
...
drop CRYPTO_DEV_CAVIUM_ZIP due to crashes
add SERIAL_DEV_BUS, needed for HiKey bluetooth
2017-11-16 21:54:44 +02:00
8aabb7ea89
amdgpu: Enable DRM_AMDGPU_SI, CONFIG_DRM_AMDGPU_CIK ( Closes : #847570 )
2017-11-16 19:17:33 +00:00
26fe100dfe
[x86] rmi4: Disable RMI4_SMB ( Closes : #880471 )
2017-11-16 19:12:16 +00:00
3529916815
[arm64] nvmem: Enable NVMEM_SUNXI_SID as module ( Closes : #881567 )
2017-11-16 19:10:31 +00:00
a4d1de0350
[arm64,x86] net/wireless: Enable RTL8723BS as module ( Closes : #881568 )
2017-11-16 19:07:46 +00:00
e81177b8a9
amdgpu: Enable DRM_AMDGPU_USERPTR on all architectures
...
I missed this when enabling amdgpu on arm64.
Also move the explicit disabling of DRM_AMDGPU_CIK to the top level
config.
2017-11-16 18:44:33 +00:00
2cc01f34ce
[powerpc*/*64*] drm: Enable DRM_AMDGPU as module ( Closes : #881593 )
2017-11-16 18:42:09 +00:00
9f5b9b8ff8
nftables: Enable NFT_RT, NFT_SET_BITMAP, NFT_OBJREF as modules ( Closes : #881931 )
2017-11-16 18:37:11 +00:00
58e12683e1
net: qmi_wwan: fix divide by 0 on bad descriptors (CVE-2017-16650)
2017-11-16 18:13:46 +00:00
91a7ba9320
net: cdc_ether: fix divide by 0 on bad descriptors (CVE-2017-16649)
2017-11-16 18:12:24 +00:00
4ee0c56703
net: usb: asix: fill null-ptr-deref in asix_suspend (CVE-2017-16647)
2017-11-16 18:11:00 +00:00
ed4bdea861
media: dib0700: fix invalid dvb_detach argument (CVE-2017-16646)
2017-11-16 18:10:19 +00:00
c718be9d81
media: imon: Fix null-ptr-deref in imon_probe (CVE-2017-16537)
2017-11-16 18:04:43 +00:00
a06739ccd2
media: cx231xx-cards: fix NULL-deref on missing association descriptor (CVE-2017-16536)
2017-11-16 18:03:20 +00:00
c08c3b8b25
usb: usbtest: fix NULL pointer dereference (CVE-2017-16532)
2017-11-16 17:40:00 +00:00
1549b29ea0
Add follow-up fixes relatd to CVE-2017-13080
2017-11-16 17:35:46 +00:00
f4e45ee455
Update to 4.13.13
2017-11-16 17:32:44 +00:00
6ff07bd9a5
sctp: do not peel off an assoc from one netns to another one (CVE-2017-15115)
2017-11-16 15:22:47 +01:00
5d9e74ced8
mac80211: accept key reinstall without changing anything (CVE-2017-13080)
2017-11-16 15:18:54 +01:00
d8d66235a8
Update to 4.14
2017-11-14 13:02:01 +00:00
a2708107ce
swap: Avoid ABI change in 4.13.12
2017-11-12 01:09:18 +00:00
86b8621ec9
[powerpc*] kvm: Ignore ABI change in 4.13.6 (fixes FTBFS)
2017-11-11 20:53:08 +00:00
fdf384b742
[powerpc*] Ignore kvm-related ABI changes (fixes FTBFS)
2017-11-11 20:50:42 +00:00
95757c39a8
Update to 4.13.12
2017-11-11 09:29:31 +01:00
ed497f3cb7
Add server and 96boards options
...
Generic server options NUMA, ACPI_NUMA, CRASH_DUMP, VFIO, *WATCHDOG
Servers specific options:
APM X-gene: NET_XGENE_V2
Cavium ThunderX: EDAC_THUNDERX, MMC_CAVIUM_THUNDER, CRYPTO_DEV_CAVIUM*
Cavium ThunderX 2: GPIO_XLP, I2C_XLP9XX, SPI_XLP
Hisilicon: DRM_HISI_HIBMC, SCSI_HISI_SAS_PCI
Marvell Armada 7k/8k/3700: CRYPTO_DEV_MARVELL_CESA, MARVELL_PHY,
MARVELL_10G_PHY, PHY_MVEBU_CP110_COMPHY, RTC_DRV_MV,
RTC_DRV_ARMADA38X, SPI_ARMADA_3700, ARMADA_THERMAL,
NOP_USB_XCEIV, HW_RANDOM_OMAP, CRYPTO_DEV_SAFEXCE
96boards:
Hikey: PCIE_KIRIN, TEE, OPTEE, SND_I2S_HI6210_I2S, DRM_I2C_ADV7511_AUDIO
DragonBoard 410c: *QCOM*, CONFIG_CMA, USB changes
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2017-11-09 15:44:47 +02:00
f13763371c
Add CVE id reference for CVE-2017-16643
...
Gbp-Dch: Ignore
2017-11-08 10:45:20 +01:00
4a745d05b1
Add CVE id for CVE-2017-15306
...
Gbp-Dch: Ignore
2017-11-06 13:04:31 +01:00
7522aac927
Enable CRYPTO_SHA3
2017-11-06 11:22:29 +01:00
bd1e10f8bd
linux-image: Recommend apparmor ( Closes : #880441 )
...
The apparmor package is needed for loading profiles. In theory,
enabling AppArmor without any profiles loaded should do nothing, so
this is not really a dependency of the kernel. However, if a systemd
unit specifies a AppArmor profile and the kernel has AppArmor enabled
then failure to load the profile is fatal.
As the linux-image packages select AppArmor as the default LSM, they
should probably also be responsible for getting the necessary userland
support installed. But since the default can be overridden, use
Recommends rather than Depends.
2017-11-05 01:54:12 +00:00
43a5e411fd
Add bug closer for #879768
...
Gbp-Dch: Ignore
2017-11-04 16:57:42 +01:00
e7fd57b49f
netfilter: nft_set_hash: disable fast_ops for 2-len keys
...
Closes : #880145
2017-11-04 15:43:57 +01:00
4b0df3bed7
cifs: check MaxPathNameComponentLength != 0 before using it
...
Thanks: Andrew Chadwick
Closes : #880504
2017-11-04 09:55:14 +01:00
384fa91229
Update to 4.13.11
2017-11-04 09:06:37 +01:00
c8b3153d0d
debian/control: Set Rules-Requires-Root to no
...
Tell dpkg and debhelper that we can install without (fake)root and
then dpkg-deb should then override all ownership to root:root.
Draft specification for this field:
https://lists.debian.org/debian-devel/2017/10/msg00520.html
2017-10-30 21:58:12 +00:00
85565e1ae2
Prepare to release linux (4.14~rc7-1~exp1).
2017-10-30 18:31:38 +00:00
e59d862868
Release linux (4.13.10-1).
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAln3apoACgkQ57/I7JWG
EQllsQ//fyZFkoGOLpHjkS3sNtMxfh1J9+f+JJI33WF9vA/w7SnRfg/Rdbjx+rY8
LRCnviTyh5tuxKSPKHerpUqjNbYi7Hcr0LXxxOPL1Rr+BTFKQuaSDYNzt10bT2mJ
9B0ZYI+Q8n7rAq1/MeSKygV6zh+5MxywN8LZlqg0Au8/7/c7H0nR3MOEFz29imL0
jBMOhy7a+Gby3Qs5ZdKGf0i4RZT9Y/9Ozu9sFpVGqrTyY+FlEd0y1KUvIipbdLTH
S/oRFF1m4IeS7tF6AIprCPMIMPt8tcQrSLvB01REpbvSJvDg+laEgmHnb0PKlOpW
RAeQn2r1NCEjjZcKll8dCMp+sTiLhx+us4L3Jumwb2Yno+219zuScFg2MR0zu5U/
XCB5zG2U5XENH+fRdDnWROkXJ/o1Dtk+Ix1aPySa8I9IdlP45n+Q4LCLw3eg5h3I
CdITwTJxWlnLJVI852wh1qorBuUs5lac9HZ8u0s5MDFXNQkWOVQKRPZN0sA3hwwp
wjudMsGgq6kkoknnEcwTKV4JFWJdfJ0SieaWBv1LSQwAmVy3/QvOTvDBLzRxmtUX
tygPktH53HLp4z6qPOcKD+hGLcdlD5oTWYb2O5MqVlSI8MjONOcjpRGAP2fhIf2t
3INpM9sJPHILXqpEMH6co4VzxnQq1OElMjcA5nqD2A7HLOSDhZg=
=x3uW
-----END PGP SIGNATURE-----
Merge tag 'debian/4.13.10-1'
Release linux (4.13.10-1).
2017-10-30 18:31:31 +00:00
375e4b8147
Update to 4.14-rc7
2017-10-30 18:28:33 +00:00
38106d0ef0
Enable SQUASHFS_LZ4 in default config.
2017-10-30 16:52:53 +01:00
ed0765f59c
Prepare to release linux (4.13.10-1).
2017-10-30 15:32:11 +00:00
9bf0fcf06e
[armel,armhf] mbus: Ignore ABI change in 4.13.10
2017-10-30 15:32:03 +00:00
1ea9c5efa8
snd-seq: Ignore ABI changes
...
Commit 8009d506a1dd "ALSA: seq: Enable 'use' locking in all
configurations" which was backported into 4.13.10 will result in an
ABI change for !SMP configurations. Ignore this, as I don't expect
there to be any out-of-tree sequencer drivers.
2017-10-30 12:45:19 +00:00
15c6a89208
Update to 4.13.10
...
Limit the ABI change in keys.
2017-10-29 12:13:18 +00:00
f1e87af382
[x86] rmi4: Enable RMI4_SMB as module ( Closes : #875621 )
2017-10-28 20:53:13 +01:00
ec3cd54d45
Avoid/ignore more ABI changes in 4.13.y
2017-10-28 20:50:11 +01:00
d2ca70712e
Add CVE ids for some issues fixed with the 4.13.9 import
2017-10-27 16:26:15 +02:00
43a809fe93
security: Enable DEFAULT_SECURITY_APPARMOR
2017-10-26 22:51:36 +02:00
50f87144fd
[armel] security: Enable SECURITY_APPARMOR and disable SECURITY_SELINUX
2017-10-26 22:50:16 +02:00
48bb38a3f7
Update to 4.13.9
...
Drop many patches which are now upstream.
Avoid/ignore ABI changes as appropriate.
2017-10-26 22:41:11 +02:00
28f20726e5
[arm64] add BRCMFMAC_SDIO for wifi on Raspberry Pi 3
2017-10-26 17:53:57 +02:00
ab40ca5985
[armel] udeb: Remove fbcon from fb-modules package
...
It can't be built as a module any more.
2017-10-20 17:29:46 +01:00
548cef1805
[alpha] udeb: Remove empty fb-modules package (fixes FTBFS)
...
The module list for fb-modules included several optional modules that
seem to have never been built on alpha(!) and fbcon which is now
built-in.
2017-10-20 17:27:35 +01:00
2629671100
debian/bin/gencontrol.py: Set encoding to UTF-8 globally
...
I just made this change for firmware-nonfree, for which I wrote:
We open some, but not all, files with an explicit UTF-8 encoding. One
of the open calls that I missed has just caused gencontrol.py to fail
instead a pbuilder environment. Instead of continuing to set an
explicit encoding for each open call, use locale.setlocale to set it
globally.
I haven't hit such a problem here, but let's do it anyway.
Keep using explicit encodings in debian/lib for now, since we can't
assume all calling programs will set the locale.
2017-10-20 02:56:35 +01:00
945bac5e39
[mips*] Increase RELOCATION_TABLE_SIZE to 0x00120000 (fixes FTBFS)
2017-10-20 00:21:19 +01:00
0441e97048
Remove 'fixes FTBFS' for build dependency change
...
libbabeltrace-ctf-dev has been restored as a transitional package.
2017-10-19 23:31:08 +01:00
Ben Hutchings
Salvatore Bonaccorso
Riku Voipio
Vagrant Cascadian
Bastian Blank
Uwe Kleine-König