Salvatore Bonaccorso
4a745d05b1
Add CVE id for CVE-2017-15306
...
Gbp-Dch: Ignore
2017-11-06 13:04:31 +01:00
Ben Hutchings
bd1e10f8bd
linux-image: Recommend apparmor ( Closes : #880441 )
...
The apparmor package is needed for loading profiles. In theory,
enabling AppArmor without any profiles loaded should do nothing, so
this is not really a dependency of the kernel. However, if a systemd
unit specifies a AppArmor profile and the kernel has AppArmor enabled
then failure to load the profile is fatal.
As the linux-image packages select AppArmor as the default LSM, they
should probably also be responsible for getting the necessary userland
support installed. But since the default can be overridden, use
Recommends rather than Depends.
2017-11-05 01:54:12 +00:00
Salvatore Bonaccorso
43a5e411fd
Add bug closer for #879768
...
Gbp-Dch: Ignore
2017-11-04 16:57:42 +01:00
Salvatore Bonaccorso
e7fd57b49f
netfilter: nft_set_hash: disable fast_ops for 2-len keys
...
Closes : #880145
2017-11-04 15:43:57 +01:00
Salvatore Bonaccorso
4b0df3bed7
cifs: check MaxPathNameComponentLength != 0 before using it
...
Thanks: Andrew Chadwick
Closes : #880504
2017-11-04 09:55:14 +01:00
Salvatore Bonaccorso
384fa91229
Update to 4.13.11
2017-11-04 09:06:37 +01:00
Ben Hutchings
ed0765f59c
Prepare to release linux (4.13.10-1).
2017-10-30 15:32:11 +00:00
Ben Hutchings
9bf0fcf06e
[armel,armhf] mbus: Ignore ABI change in 4.13.10
2017-10-30 15:32:03 +00:00
Ben Hutchings
1ea9c5efa8
snd-seq: Ignore ABI changes
...
Commit 8009d506a1dd "ALSA: seq: Enable 'use' locking in all
configurations" which was backported into 4.13.10 will result in an
ABI change for !SMP configurations. Ignore this, as I don't expect
there to be any out-of-tree sequencer drivers.
2017-10-30 12:45:19 +00:00
Ben Hutchings
15c6a89208
Update to 4.13.10
...
Limit the ABI change in keys.
2017-10-29 12:13:18 +00:00
Ben Hutchings
f1e87af382
[x86] rmi4: Enable RMI4_SMB as module ( Closes : #875621 )
2017-10-28 20:53:13 +01:00
Ben Hutchings
ec3cd54d45
Avoid/ignore more ABI changes in 4.13.y
2017-10-28 20:50:11 +01:00
Salvatore Bonaccorso
d2ca70712e
Add CVE ids for some issues fixed with the 4.13.9 import
2017-10-27 16:26:15 +02:00
Ben Hutchings
43a809fe93
security: Enable DEFAULT_SECURITY_APPARMOR
2017-10-26 22:51:36 +02:00
Ben Hutchings
50f87144fd
[armel] security: Enable SECURITY_APPARMOR and disable SECURITY_SELINUX
2017-10-26 22:50:16 +02:00
Ben Hutchings
48bb38a3f7
Update to 4.13.9
...
Drop many patches which are now upstream.
Avoid/ignore ABI changes as appropriate.
2017-10-26 22:41:11 +02:00
Ben Hutchings
0441e97048
Remove 'fixes FTBFS' for build dependency change
...
libbabeltrace-ctf-dev has been restored as a transitional package.
2017-10-19 23:31:08 +01:00
Ben Hutchings
92aff93068
linux-kbuild: Include scripts/ld-version.sh, needed for powerpc 64-bit modules
2017-10-19 23:08:34 +01:00
Ben Hutchings
fcbe5c22b1
Update build dependencies on libbabeltrace[,-ctf}-dev (fixes FTBFS)
...
libbabeltrace-ctf-dev was merged into libbabeltrace-dev, so the
build dependencies are unsatisfiable in unstable. For stretch-
backports we will still want both of them. So add a suitably
versioned dependency on libbabeltrace-dev as a preferred
alternative to libbabeltrace-ctf-dev.
2017-10-19 11:35:53 +01:00
Ben Hutchings
242e06569c
[arm64] brcmfmac: Enable BRCMFMAC_SDIO ( Closes : #877911 )
2017-10-18 20:03:37 +01:00
Salvatore Bonaccorso
0c548c1642
Prepare to release linux (4.13.4-2).
2017-10-15 08:57:36 +02:00
Salvatore Bonaccorso
ccefd718c8
[x86] KVM: MMU: always terminate page walks at level 1 (CVE-2017-12188)
2017-10-13 18:09:37 +02:00
Salvatore Bonaccorso
02033a7a17
[x86] KVM: nVMX: update last_nonleaf_level when initializing nested EPT (CVE-2017-12188)
2017-10-13 18:07:54 +02:00
Salvatore Bonaccorso
52c8b81bca
ALSA: seq: Fix use-after-free at creating a port (CVE-2017-15265)
2017-10-13 06:52:33 +02:00
Salvatore Bonaccorso
35125947a2
waitid(): Add missing access_ok() checks (CVE-2017-5123)
2017-10-12 21:16:37 +02:00
Salvatore Bonaccorso
6f55d3e571
KEYS: prevent KEYCTL_READ on negative key (CVE-2017-12192)
2017-10-12 07:55:47 +02:00
Salvatore Bonaccorso
7c8172804e
mac80211: fix deadlock in driver-managed RX BA session start
...
Thanks: Eric Côté
Closes : #878092
2017-10-11 21:23:02 +02:00
Salvatore Bonaccorso
fba37066c7
[powerpc*] Fix illegal TM state in signal handler
2017-10-11 07:57:06 +02:00
Salvatore Bonaccorso
6c3a386d04
[powerpc*] Use emergency stack for kernel TM Bad Thing program (CVE-2017-1000255)
2017-10-11 07:55:16 +02:00
Salvatore Bonaccorso
c68c0840bc
brcmfmac: add length check in brcmf_cfg80211_escan_handler() (CVE-2017-0786)
2017-10-09 21:45:15 +02:00
Ben Hutchings
18b1b67002
[armhf,arm64] thermal: Enable BCM2835_THERMAL as module ( Closes : #877699 )
2017-10-04 23:16:23 +01:00
Ben Hutchings
80832bbbef
Prepare to release linux (4.13.4-1).
2017-10-01 15:52:19 +01:00
Ben Hutchings
e92ee4b5df
Set ABI to 1
2017-10-01 15:52:01 +01:00
Ben Hutchings
884aedc0b4
liblockdep: Define pr_cont()
2017-10-01 15:44:25 +01:00
Ben Hutchings
60879f2bae
liblockdep: Make missing function declarations fatal errors
...
This should catch use of missing kernel APIs. Which has happened yet
again.
2017-10-01 15:43:34 +01:00
Ben Hutchings
e2431bcb2f
[armhf] dts: exynos: Add dwc3 SUSPHY quirk ( Closes : #843448 )
2017-10-01 15:23:55 +01:00
Ben Hutchings
e7b4b7d822
Merge remote-tracking branch 'refs/remotes/alioth/master'
2017-10-01 15:23:05 +01:00
Ben Hutchings
9fe724d67d
linux-image-dbg: Override lintian errors for vDSOs
...
It currently reports errors binary-from-other-architecture and
shlib-without-PT_GNU_STACK-section, which are false positives.
2017-10-01 15:23:01 +01:00
Salvatore Bonaccorso
2678c31e68
fix infoleak in waitid(2) (CVE-2017-14954)
2017-10-01 12:02:28 +02:00
Ben Hutchings
a1b309111a
Rename lintian-overrides template files to be consistent
2017-10-01 01:36:27 +01:00
Ben Hutchings
cc91d0cfa2
usbip: Stop building broken libusbip-dev package
...
It has a lintian error (non-empty-dependency_libs-in-la-file) and it
also seems to be missing a header (the newly added
usbip_host_common.h) since Linux 4.7. No-one seems to have noticed,
and it has nothing build-depending on it, so get rid of it.
2017-10-01 01:05:52 +01:00
Ben Hutchings
112ad0c27f
debian/control: Remove obsolete workarounds and alternate build deps
...
The dpkg bugs affecting libssl-dev build deps were fixed in 1.18.8.
The various non-M-A packages for which we used :native qualification
were fixed before stretch release. So neither unstable nor
stretch-backports needs these.
2017-09-30 14:41:19 +01:00
Ben Hutchings
06c36b3662
debian/control: Move many build dependencies to Build-Depends-Arch field
2017-09-30 14:09:54 +01:00
Ben Hutchings
cd2b0b1742
Install copyright file when the nodoc profile is used
...
Revert to running dh_installdocs unconditionally, although that
currently installs more than we want (which is permitted by policy).
When we upgrade to debhelper compat level 11, dh_installdocs will
become sensitive to the profile and will install only the copyright
file in this case. But we shouldn't do that until development of
this level is complete and supported in stretch-backports.
2017-09-30 13:50:34 +01:00
Ben Hutchings
9369849423
Change all binary packages with priority: extra to priority: optional
2017-09-30 13:50:34 +01:00
Ben Hutchings
6d1b6b2dc8
[x86] hyperv-daemons: Create pid files under /run, not /var/run
2017-09-30 13:50:34 +01:00
Ben Hutchings
fe5c3cbe60
linux-doc: Build an empty package when the nodoc profile is used
...
Wiki page BuildProfileSpec says the set of binary packages can change,
but policy says not (since 4.0.0).
2017-09-30 13:50:30 +01:00
Ben Hutchings
51100af154
[x86] hyperv-daemons: Use pid file name in init script status operation
...
While we're here, also drop the unnecessary commands to replicate the
exit code.
2017-09-30 13:29:07 +01:00
Ben Hutchings
9fec004526
[armel] rtc: Disable RTC_NVMEM
...
and explicitly enable it for every other configuration.
2017-09-29 20:34:41 +02:00
Ben Hutchings
069fdfc2ec
ALSA: Enable SND_OSSEMUL, a new dependency of SND_{MIXER,PCM}_OSS
2017-09-29 20:31:23 +02:00