Salvatore Bonaccorso
1ad0a79c0a
Add changelog entry for CVE-2017-8067
...
Gbp-Dch: Ignore
2017-04-23 11:46:28 +02:00
Ben Hutchings
7bf90ad750
KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings (CVE-2017-7472)
2017-04-22 02:26:48 +01:00
Ben Hutchings
89402402c8
KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (CVE-2016-9604)
2017-04-22 02:25:04 +01:00
Ben Hutchings
74fdfed494
Drop ABI maintenance patches
...
We're bumping ABI in the next upload so don't need these.
2017-04-22 02:22:38 +01:00
Ben Hutchings
9c5f88b1f6
Update to 4.9.24
...
Drop most of our bug fix patches, which were included in it.
Adjust context in a couple of rt patches that have textual conflicts.
2017-04-22 00:59:32 +01:00
Aurelien Jarno
d518bcf5f3
[mips*el/loongson-3] Disable PAGE_EXTENSION and PAGE_POISONING.
...
This workaround a kernel crash, until the real issue is found. It is
currently being investigated.
2017-04-22 01:16:49 +02:00
Aurelien Jarno
f2b1e81469
[mips*/octeon] Drop obsolete patch adding support for the UBNT E200 board.
2017-04-21 11:31:33 +02:00
Ben Hutchings
22e8e7af28
Explicitly mark some patches as Forwarded: no or not-needed
2017-04-18 04:19:54 +01:00
Ben Hutchings
cf75a4d22c
Add Origin for a probably-obsolete MIPS patch
2017-04-18 04:19:20 +01:00
Ben Hutchings
aa2adea45f
Update Origin and description for various patches now applied/merged upstream
2017-04-18 04:18:56 +01:00
Ben Hutchings
790885d6d8
Add Forwarded header and update description for several patches
2017-04-18 04:15:47 +01:00
Ben Hutchings
8701ef58ba
Replace "[media] dvb-usb: Don't use stack for reset either" with upstream fix
2017-04-18 01:16:50 +01:00
Ben Hutchings
3f62574711
crypto: ahash - Fix EINPROGRESS notification callback (CVE-2017-7618)
2017-04-16 23:25:12 +01:00
Ben Hutchings
4d042ae0ff
[rt] Update to 4.9.20-rt16
2017-04-16 21:52:57 +01:00
Ben Hutchings
31945f628c
Update to 4.9.22
...
Drop patches applied upstream.
2017-04-16 21:47:05 +01:00
Ben Hutchings
326a2052e2
linux-image: Disable signing until it's supported in dak
...
Only code signing through dak is going to be acceptable for a stable
release, so disable the current arrangement.
2017-04-16 18:53:52 +01:00
Ben Hutchings
b4b1be4c52
Move debug symbols back to the main archive
...
dak currently allows a binary upload to include debug symbol packages
that don't appear in the overrides file or the Binary field of the
changes file, so long as they have the appropriate
'Auto-Built-Package' field and their name matches another binary
package in the upload plus the '-dbgsym' suffix.
For architectures with code signing enabled, our binary uploads never
match this condition as the corresponding binary package has the
'-unsigned' suffix and the debug symbols package does not. Since we
do list the debug symbol packages in the Binary field, they do get
added to the overrides file when accepted through the NEW queue, but
they are automatically pruned from there some time later. Later
uploads then have to go through NEW even though they are not
introducing new binary packages. This would be a big problem for
stable security updates.
For now, move debug symbols back to the main archive with the old
'-dbg' suffix. Keep them enabled for all architectures.
2017-04-16 18:53:35 +01:00
Ben Hutchings
6ef03e0be7
Merge remote-tracking branch 'alioth/sid' into sid
2017-04-16 17:22:54 +01:00
Ben Hutchings
b80acec65e
[arm64] Set NR_CPUS=256 to allow for multi-SoC systems
...
ThunderX1 has 48 cores and supports 2-way systems for 96 CPUs.
ThunderX2 has 54 cores and also supports 2-way systems for 108 CPUs.
X-Gene 3 "Skylark" is supposed to support 8-way systems with 32
cores each for 256 CPUs (I'm not sure if they're cache-coherent
beyond 2-way though.
2017-04-16 17:19:45 +01:00
Ben Hutchings
01f0df794d
[mips*/octeon] Set NR_CPUS=64 to allow for Cavium CN7890
...
The CN7890 has 48 Octeon III cores.
I don't know whether current configuration will run on a CN7890, but this
should avoid an ABI break if we add support later.
2017-04-16 17:19:00 +01:00
Ben Hutchings
c22c7deb17
[mips*el/loongson-3] Set NR_CPUS=16 to allow for Loongson 3B2000
...
The Loongson 3B2000 has 4 cores and can apparently be used in a 4-way
configuration, for 16 CPUs.
I don't think the current configuration will run on a 3B2000, but this
should avoid an ABI break if we address that.
2017-04-16 17:18:59 +01:00
Ben Hutchings
ba74e6e6c8
[powerpc*/*64*] Enable CPUMASK_OFFSTACK to reduce stack usage
2017-04-16 17:18:44 +01:00
Salvatore Bonaccorso
23fadf4f82
Update debian/changelog file
...
Gbp-Dch: Ignore
2017-04-16 08:00:01 +02:00
Salvatore Bonaccorso
1d5fde10d8
mm/mempolicy.c: fix error handling in set_mempolicy and mbind (CVE-2017-7616)
2017-04-16 07:59:50 +02:00
Ben Hutchings
ddd31e5a9a
[powerpc/powerpc-smp,powerpcspe] Explicitly set NR_CPUS=4
2017-04-15 02:50:21 +01:00
Ben Hutchings
9ba802954e
[arm64] Explicitly set NR_CPUS=64
2017-04-15 02:45:29 +01:00
Ben Hutchings
b1b8586924
[powerpc/powerpc64,ppc64] Set NR_CPUS=2048, matching ppc64el
2017-04-15 02:41:22 +01:00
Ben Hutchings
9cb1bd16f9
udeb: Include all AHCI drivers in sata-modules ( Closes : #860335 )
2017-04-14 20:35:35 +01:00
Ben Hutchings
263f51b136
cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores ( Closes : #859978 )
2017-04-11 02:57:43 +01:00
Salvatore Bonaccorso
5547db97a6
fscrypt: remove broken support for detecting keyring key revocation (CVE-2017-7374)
2017-04-08 09:36:53 +02:00
Salvatore Bonaccorso
43f7156d3a
ping: implement proper locking (CVE-2017-2671)
2017-04-08 09:18:35 +02:00
Ben Hutchings
ca91ae2eb7
[powerpc/powerpc64,ppc64*] target: Enable SCSI_IBMVSCSIS as module
...
This driver was removed in 3.18, but has been updated to use the new
target framework and was added again in 4.8.
As it lives under drivers/scsi and not drivers/target, exclude it from
the scsi-modules udeb.
2017-04-08 01:43:00 +01:00
Ben Hutchings
20a0659e24
drm/nouveau/disp/mcp7x: disable dptmds workaround ( Closes : #850219 )
2017-04-07 20:42:59 +01:00
Ben Hutchings
505d589daf
[x86] usbip: Increase USBIP_VHCI_NR_HCS to 8 and USBIP_VHCI_HC_PORTS to 31
...
Closes : #859641
2017-04-07 20:32:56 +01:00
Ben Hutchings
abd4d7ab60
[s390x] Set NR_CPUS=256 ( Closes : #858731 )
2017-04-07 20:29:12 +01:00
Ben Hutchings
1d2e81c18d
Bump ABI to 3
2017-04-07 20:28:09 +01:00
Ben Hutchings
699099dfce
debian/rules.real: Undefine $LANGUAGE, which can break debug symbols for vDSOs
...
Closes : #859807
2017-04-07 20:25:37 +01:00
Ben Hutchings
473a9f83a2
w1: Really enable W1_MASTER_GPIO as module ( Closes : #858975 )
2017-03-30 18:27:54 +01:00
Ben Hutchings
9df323e7dd
Prepare to release linux (4.9.18-1).
2017-03-30 02:16:33 +01:00
Ben Hutchings
4adb26a0c1
w1: Enable W1_MASTER_GPIO as module ( Closes : #858975 )
2017-03-30 01:53:01 +01:00
Ben Hutchings
f294506bfa
netfilter: nft_ct: add notrack support ( Closes : #845500 )
2017-03-30 01:40:57 +01:00
Ben Hutchings
4f10661dbb
[arm64,x86] Enable CROS_KBD_LED_BACKLIGHT as module ( Closes : #856906 )
2017-03-30 01:01:37 +01:00
Ben Hutchings
576f686158
[armhf] sound/soc: Enable SND_SUN4I_SPDIF as module ( Closes : #857410 )
2017-03-30 00:22:17 +01:00
James Clarke
a1503865a9
[sparc64] udeb: Re-add ufs-modules ( Closes : #858049 )
2017-03-30 00:19:48 +01:00
Ben Hutchings
42ea80c71c
[arm64] rtc: tegra: Implement clock handling ( Closes : #858514 )
2017-03-29 23:42:54 +01:00
Ben Hutchings
8a7210aeea
net/packet: Fix integer overflow in various range checks (CVE-2017-7308)
2017-03-29 22:50:53 +01:00
Ben Hutchings
8703214f24
[x86] drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl() (CVE-2017-7294)
2017-03-29 22:42:53 +01:00
Ben Hutchings
de3e9af4dc
[x86] vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl() (CVE-2017-7261)
2017-03-29 22:36:16 +01:00
Ben Hutchings
2dd2d226ca
scsi: sg: check length passed to SG_NEXT_CMD_LEN (CVE-2017-7187)
2017-03-29 22:31:24 +01:00
Ben Hutchings
3e739d51e3
xfrm_user: Apply fixes for CVE-2017-7184
2017-03-29 22:28:20 +01:00