2fddcf7c7f
usbip: Use the locally-installed <linux/usbip.h>
...
Some years back I patched the #include of <linux/usbip.h> to include
the current, uninstalled version through a relative path because the
system-installed version will normally be outdated. We're about to
start copying the source to avoid writing autotools crap into the
source directory, which breaks this relative path.
Since we now install the UAPI headers under debian/build at the start
of the tools build, drop the patch and add that directory to the
include path.
2016-08-25 01:28:48 +01:00
7a54b56ad5
Merge branch 'sid'
...
Drop rt patchset updates as they don't apply to 4.7.
Drop various other patches already in 4.7.
Fold the remaining Debian changes in the open changelog entry for 4.6.7-1
into the open changelog entry here.
2016-08-24 20:43:19 +01:00
f445dbb9d9
Update to 4.7.2
...
Note the CVE IDs and Debian bugs fixed.
Drop the patches that have gone upstream.
2016-08-24 20:40:14 +01:00
a7280813ac
Update to 4.6.7
2016-08-16 11:13:39 +02:00
d42cdc5bfe
audit: fix a double fetch in audit_log_single_execve_arg() (CVE-2016-6136)
2016-08-12 16:27:20 +01:00
8bc5e687b1
[powerpc*] KVM: Book3S HV: Save/restore TM state in H_CEDE (CVE-2016-5412)
2016-08-12 16:25:34 +01:00
d62992a05c
Drop ABI maintenance patches since we're bumping the ABI number
2016-08-12 16:22:46 +01:00
7184d7bfd9
tcp: make challenge acks less predictable (CVE-2016-5696)
2016-08-12 06:52:28 +02:00
457d8bb6bd
Update to 4.6.6
2016-08-11 16:29:28 +02:00
c0e269c0cd
libata: LITE-ON CX1-JB256-HP needs lower max_sectors
...
Closes : #830971
2016-08-05 15:40:08 +02:00
02b2135a4b
Add USB support for NVIDIA Jetson TX1 Developer Kit
...
Add patches from 4.8-rc1 required for USB support on the NVIDIA Jetson
TX1 Developer Kit.
2016-08-02 15:54:01 -07:00
c2a8f662b5
vfs: ioctl: prevent double-fetch in dedupe ioctl (CVE-2016-6516)
2016-08-02 06:47:28 +02:00
f8edc4357a
Fix perf to be able to find debug info based on build-id.
2016-07-31 22:35:09 +02:00
e8c1b8e306
Update to 4.6.5
...
Drop patches applied upstream.
There are some ABI changes still to be resolved.
2016-07-31 01:50:59 +01:00
0ddaf6aed3
cgroups: Enable memory controller by default
2016-07-29 12:23:32 +01:00
4e86887dda
Update to 4.7-rc7
2016-07-14 10:50:31 +01:00
bd2f2b2ea4
bridge: Fix ABI change in 4.6.4
2016-07-14 00:33:32 +01:00
f000506362
apparmor: fix oops, validate buffer size in apparmor_setprocattr() (CVE-2016-6187)
2016-07-13 20:30:05 +02:00
1a1a829223
Update to 4.6.4
2016-07-13 17:57:14 +02:00
38ec618a21
fanotify: Enable FANOTIFY_ACCESS_PERMISSIONS ( Closes : #690737 )
...
Various free and proprietary AV products use this feature and users
apparently want it. But punting access checks to userland seems like
an easy way to deadlock the system, and there will be nothing we can
do about that. So warn and taint the kernel if this feature is
actually used.
2016-07-13 01:53:59 +01:00
0818af71cc
Cherry pick patches for rtc-s35390a from next
...
This fixes shutting down some QNAP NAS devices after being waked up by
the rtc.
2016-07-12 21:44:39 +02:00
ade54804a1
[powerpc*] tm: Always reclaim in start_thread() for exec() class syscalls (CVE-2016-5828)
2016-07-03 16:33:29 +02:00
aab434acde
[x86] Fix incompatiblity between kaslr and hibernation
...
* [amd64] power: Fix crash whan the hibernation code passes control to the
image kernel
* [x86] KASLR, power: Remove x86 hibernation restrictions
2016-07-02 19:29:28 +02:00
3c35987b05
HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands (CVE-2016-5829)
2016-06-30 14:53:31 +02:00
419d6356df
Update to 4.6.3
2016-06-27 00:58:54 +02:00
12183bf924
nfsd: check permissions when setting ACLs (CVE-2016-XXXX)
2016-06-25 00:56:15 +02:00
9fd7bbdf1a
netfilter: x_tables: Add fixes for CVE-2016-4997, CVE-2016-4998
...
...and probably other issues never assigned an ID.
2016-06-25 00:19:29 +02:00
f5f99415a2
percpu: Fix synchronization with chunk destruction (CVE-2016-4794)
2016-06-25 00:19:08 +02:00
b782c52536
KEYS: potential uninitialized variable (CVE-2016-4470)
2016-06-25 00:18:47 +02:00
eb1373a157
Update to 4.7-rc4
2016-06-20 13:40:09 +01:00
a808d3112b
Release linux (4.6.2-1).
...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCgAGBQJXYbBEAAoJEAVMuPMTQ89EM8wP/3llI8Jr6Q+2ktVOqYQ7U0JT
+UEzEuKlVS+3/SjFZv8dAqpM018OJDIiccgzjvuny6MSYHiH//yWG4lC8O2WikBA
RhfbUsNWFImEkwhY8wD1cjuF0QIXNtR7qOKdCPX5wQUiG469WF4F4l3lgWoo01ub
hYXNsGebIjZTQE6KWGm97pvSRNFPT18DulANGpe9m804y2Xs+dQn6dVHKaSYT0BF
labA6C+hCmbMos3gEYNzjbmU9fxYpS98pXq7uc04ryBj3UjGoBlmxeip9yrIiC0I
oZr8kAxz5PCRSqPnhZqE51WO6eLaWIrEGGTnb6sOtbHYsTrNu8iHpWXVCkB8/2GL
LYhOJn3AyqJE4yb69EKSWL7cbVEqyVJHkGntGhTm+tKJP0QmnKlhQY47aViPt4Fc
IXQvUOeG94GROooRTNLp9/3N2di4p4YPNv2QgM5lUJjySWUMCNzw/MjpYfvuIHrp
bowSN5EYDpO6WqcZZVHogM9hJ2Aq+zWYkfK4f38r4T4+g0T8IQ8qMCY/o/LV7uod
KUbQ7SIHK7uAMT9BpJuslCwvwhKdf/9y/bcuOkB2alfR52uApdDkL04uD5jIbjaL
fElOyQPmJPNe0zxP6yZp4G3/JbMhWdX+qc77+GWkj27mBqnBEZKBHjCmU/6Vfv2Y
VolsoZ6sfxJ1pxlUcWPt
=li3O
-----END PGP SIGNATURE-----
Merge tag 'debian/4.6.2-1'
2016-06-18 12:59:57 +01:00
9edbacb8a5
MIPS: libgcc: Fix ABI change in 4.6.2
2016-06-17 01:50:50 +01:00
966488336f
[mips*] Fix ABI change in 4.6.2
2016-06-16 12:37:35 +01:00
ece80cbbec
liblockdep: Add all the patches submitted upstream; drop one that's obsolete
...
(cherry picked from commit 9d20ab14dd77ffa306f6eb70c447c73f69077773)
2016-06-14 23:27:41 +01:00
95cba203d5
rds: fix an infoleak in rds_inc_info_copy (CVE-2016-5244)
2016-06-11 07:26:02 +02:00
01be9139c0
tipc: fix an infoleak in tipc_nl_compat_link_dump (CVE-2016-5243)
2016-06-11 07:18:28 +02:00
91d6f22ed8
Stack overflow via ecryptfs and /proc/$pid/environ (CVE-2016-1583)
...
proc: prevent stacking filesystems on top
ecryptfs: forbid opening files without mmap handler
sched: panic on corrupted stack end
2016-06-11 07:11:08 +02:00
ff5804f208
cpupower: Bump soname version and rename library package accordingly
2016-06-10 14:47:48 +01:00
906f7b1351
Update to 4.7-rc2
...
[rt] Disable until it is updated for 4.7 or later
2016-06-10 14:47:48 +01:00
1537ff1314
Update to 4.6.2
2016-06-09 17:44:47 +01:00
4e2a281abe
Update to 4.6.1
2016-06-05 14:30:35 +01:00
7569482f9b
Merge branch 'sid'
2016-06-05 14:16:31 +01:00
a8fb2b9fbe
mtd: Disable slram and phram when securelevel is enabled
2016-06-03 01:15:37 +01:00
6976b08b12
Release linux (4.5.5-1).
...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUAV0te3Oe/yOyVhhEJAQodqBAAjpkEuBm2kSlQD1y8qeb/+1+CxJPcqIH1
DHTyMpFHQvX5VT+vCX83WhiWncMz85z7f0wcElpNaZ/3ExOQzbmrIwsucgXRXVUS
txKxHaQQv8uU1m8dgxqjOWP80+IT71H9rBcitfrRqyzLiEhC1mPOfvxjtGTOJWw+
Lohie5WPMMsfrahQGw4srPMcpVRwVKuX5N+azgk6rg8VA7rxyxQaMZRg3rr+N7Aw
btwVC5vyL8K5Be0LnveR/PdOosaUU6XzyT7kNT0fLSO9H4bWenielHaduSDI5iU4
WcPRhymrHv0dBDvbyw8vkJMDd+/1x9gWk4/DHFQNw1miaUx87N+vKyC4rZ7Lqc2d
4n/hpq3HjPBZqC07Q0mddeTy7OoN4obYSXTipIu9rWBsTJtcxxwSUVg86+xo03Zg
bb0VoEudp9JZGBMLS8PjBJ66d+/p7Q47YnKV7ZwNKyLwRq4AMo65L7PeUJflNHvj
UmJrOG/6AJ6bi+eXrWDbwAA8mrwdPPKu+QzBSQ9c6hm4CFmgkgWTH/oA2iPsp7AX
iqcPgKp6XA8YLXpiDeCqvMV5cSkGD67cpIcgTB0CrH7KILXD61cP8QEl7eaWiBMW
MW9IPDeEBEmEN3ST2tg1H7udEzzpEZXHg4NZ5gOZ7lMZphbILrapJYuUf3PDdZKL
Ccz9YH5eSuE=
=gSlx
-----END PGP SIGNATURE-----
Merge tag 'debian/4.5.5-1'
2016-05-29 22:33:26 +01:00
1edaa5dd82
Re-apply "[media] videobuf2-v4l2: Verify planes array in buffer dequeueing"
...
This was reverted upstream in 4.5.5 due to a regression but we have a fix for
the regression (probably).
2016-05-29 22:20:52 +01:00
46e3b9492a
dwc3-exynos: Fix deferred probing storm
...
Closes : #823552 ; thanks to Steinar H. Gunderson
2016-05-29 22:05:54 +01:00
08942bb065
Add upstream fixes for various information leaks
2016-05-29 21:25:44 +01:00
5bec7a0097
[x86] kvm:vmx: more complete state update on APICv on/off (CVE-2016-4440)
2016-05-23 02:35:36 +01:00
327c921aa7
Update to 4.5.5
...
Drop changes that were applied upstream.
Fix/ignore ABI changes.
2016-05-23 02:34:41 +01:00
b88823f96b
Revert "stmmac: Fix 'eth0: No PHY found' regression" ( Closes : #823493 )
2016-05-23 00:59:46 +01:00
342ba3d57d
tipc: check nl sock before parsing nested attributes (CVE-2016-4951)
2016-05-21 16:53:08 +02:00
5ba72559a1
Re-apply "[media] videobuf2-v4l2: Verify planes array in buffer dequeueing"
...
This was reverted upstream in 4.6 due to a regression but we have a fix for
the regression (probably).
2016-05-16 20:06:26 +01:00
eaafcf8a39
Release linux (4.5.4-1).
...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUAVzoWxue/yOyVhhEJAQrD5RAAnOQWbgH3JJ/48u366vvlvebkKdfgdUQw
wyj+rfxCxWbb2i8iGh+gk4aN9FlNfmzUlPgA2esXJiCpjmZ+Ffj0aF8k7W4HkGPw
/dX2tuBEj7NKQ6TLY1BK9rzs8DQKMRw7lQ7r+uLlt0o8MjKMJg0FaA1UteC09trB
AXcSZdIeAtyPaMk1mBk3qcNsDMTIb/K3zk03sGy8HKwWgJJmHbcTm4/XWEzOOZUd
HYInRPiK724qMoIG+BkI+oigvaXEvuxHKMfKWdryKHsIyvAu4l/1myeBk/xy65Cv
/ga+NQQHJt8mfiWfleljKU9DC4wN/SQ5Nr9wzFC512TQfFVmu47BlIQPQWZ1oHjP
FQom301HEFTKqZRTIqOU6IQ+TPSSHWPPvD8jmmRFXycasvDkP0t2RNuM3gbhwU3b
9hui/YUlbzQUJOgWRitnRMk1jXtHLkQm8vRf7AIVXxT5+6u4EiZUvk6gNjg3Jz6h
dHkkrgCWzZgYIdAvqa8OF2j2ejSQUcBW3yxpSnw0T9YOxo4IiF+Il/dxwSDSX5BI
tBoNyzNH62yMOjGSQXcYOdr64KE1mjXpST+x1tRdU+n74ifP2CtA57o93WB6Gn5z
wVAuVeGmEAbIl7EcHl5r6ZC58da5syTl0BZEbH9YM54eLlM+qyLOwM0vWAztuIa5
ciXotUkDZrM=
=oSkt
-----END PGP SIGNATURE-----
Merge tag 'debian/4.5.4-1'
2016-05-16 20:00:43 +01:00
0c5a10d4c1
Update to 4.6
...
Rebase patch series.
2016-05-16 19:49:24 +01:00
be1c8b16ab
KVM: MTRR: remove MSR 0x2f8 (CVE-2016-3713)
2016-05-16 13:47:07 +02:00
48902f4f1a
videobuf2-core: Fix crash after fixing CVE-2016-4568
2016-05-16 03:33:38 +01:00
3eae053b85
uapi glibc compat: fix compile errors when glibc net/if.h included before linux/if.h
...
Closes : #822393
2016-05-16 03:23:55 +01:00
efbab1e4bf
Add various upstream fixes with known or probable security impact
2016-05-16 03:23:35 +01:00
88ec3673ad
net: fix infoleak in llc (CVE-2016-4485)
2016-05-15 20:04:29 +02:00
de9a44e36f
KEYS: Fix ASN.1 indefinite length object parsing (CVE-2016-0758)
2016-05-14 05:18:04 +02:00
4a8b374466
[mips*/octeon] Add support for byte swapped initramfs to handle u-boot and kernel running with a different endianness.
2016-05-13 18:54:45 +02:00
1275559aac
[arm,x86] Fix memory corruption in KVM with THP enabled.
2016-05-12 23:52:30 +02:00
2c6d72a09e
Update to 4.5.4
2016-05-12 21:22:09 +02:00
b101f08c76
[mips*] Fix PR_SET_FPMODE issues with multi-threaded programs.
2016-05-11 00:17:22 +02:00
b92b4d15f0
Update to 4.6-rc7
2016-05-08 23:56:51 +01:00
be31f1ecd5
Release linux (4.5.3-2).
...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUAVy9ITOe/yOyVhhEJAQq2Tw/+IbJSVFZ3v7J7I6ZwZuJLmhnEpPyuE1Md
OkJieChhe0wpnIFQD3fhHsKClXUzHORahq8O4qGd5BPb9ttYSr7Hm/SvPxQK91Cr
mP857CZWNopLatVbKAzmQ3unFcpD/zbTGr2iC0IBmu4TJQBMr2tDejd2ndlq2psG
YoaHSh1wHutenaF9iFQ2/H2V6ScM7DX9DMTOrqhFxaIkc7WaJSjpVoKCrYxRFQUX
9ogMqxPRqTzsEBxS0PwO1vBTDx2OgwkmvnY0rOj1fpswgEfwvS4XO46EpiFx45Mc
grzDW6jrKMKWpeH1JC1YLvOltR/nSx4vM3E5sbjSKJQv0F1oIoQuKyfRLOw9Oe3q
4/7xqS5/aNJ9aaNPi4p7/L8JdGtkJEW26XczgXbKRlY4AfKvt7bPTztoe4KQOSDA
roqmj7f782nJOerQxKScsE7HM6DpLViSoGhCyf0DNnqwQaUKDyaLhdu0LNA73wCx
FMFQfZnDN8Yg0UP5BJouSoKprf4hL7CiQcMcfXqLj/QsNB8vCjfs6offKtZ7bckZ
Si1L2proXY3esQ95Npd2HIKDo4gGajQ8Xkpkf9+6FZdhMLm/w17y9kppgVlcKQ/T
q/emN0JEuzxMkvtZbmVMRzd0NI4tXzlBwOVcASMzI0ak5CLOPoWO0Cc/jOYg24H3
yabrIvpcq0s=
=jVBT
-----END PGP SIGNATURE-----
Merge tag 'debian/4.5.3-2'
Drop the ABI reference files and patches.
Rebase patches added on the sid branch.
2016-05-08 21:47:32 +01:00
4ebee8024b
[powerpc*] Fix sstep compile on powerpcspe
...
Closes : #823526 ; thanks to Lennart Sorensen
2016-05-08 12:08:04 +01:00
231812b47f
Re-group the patch series
2016-05-07 19:40:36 +01:00
8b31e1c0a6
Update to 4.5.3
...
Drop changes which were included or superceded upstream.
Fix ABI changes.
2016-05-07 19:40:36 +01:00
405645d788
Add bpf security fixes
2016-05-05 23:13:51 +01:00
ae6831e8b6
Update to 4.6-rc6
2016-05-05 22:17:45 +01:00
5416c1a1e3
Revert "sp5100_tco: fix the device check for SB800 and later chipsets"
...
Probably fixes #822651 , #823146
2016-05-02 21:25:40 +02:00
fc5b920758
Release linux (4.5.2-1).
...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUAVyKf7Oe/yOyVhhEJAQqAnQ//cXPxmlNgmpwl9YUWt7WWjMBr4fyShKp0
0MIcV8O7G1Jaov8valxFnSp7/LEDkA5bkQFec39ZKR4jjnkATCY7LWhC35PDe7fK
gSIu4+jhnAFMsedRcqlbugsnQAkZGfxPWvxBVqy7veBmMSEywnEs7XW/PVZBWLdX
kBmTwqoE5aKnaEYa2HwT53zKZBO4zG3AqHJAnU71DLf20cIPXm/zYthxatQs8GYs
AybmlejWWkZgpob6CSax8zoSvUuSJGIU63RaH4z8IT6I7C0imcAJ6qwqR5nKtkzb
zDmG81mmxGT1JAxptIeaJQw9qAnygFWKrRxk/uERoFhpFXYiropCuP7bTG7DZgDc
Nqec5PLt37Y6bV6eaKXpk/0IyvBdO5We+GUOTgf39v9HtDc6rKvHrTMtlr7DEKot
9d+P9ybQlEwB61pe1HU9lGUKSjMAA6RKsa3qAWcZJQYLylrFVYPbnIsVk3EG6z5v
0+F1rzTGPcB9iEUp1lKTOw+qk/13tKrLNvAX/Wz9RBpPUvNy2BBXNnEP8I5pCBV4
C2iyQZAJuGtTHdH96LjVXq9vX78ohnRcOQVrimq8/X6HWrOSU0WYWWJkxcHl4D3d
3Z6iOrrqWg95NIC/YH3iZHdKsq2KeHGsApZBBYitKCtCfkVchv7nfAb5rocc7u25
LeOq7Rc/dIM=
=BJL3
-----END PGP SIGNATURE-----
Merge tag 'debian/4.5.2-1'
2016-04-29 02:25:02 +02:00
d345dad8c9
Input: gtco - fix crash on detecting device without endpoints (CVE-2016-2187)
2016-04-28 17:21:17 +02:00
127b7cf9a4
Re-group the patch series
2016-04-28 17:17:53 +02:00
d251b99807
memcg: remove lru_add_drain_all() invocation from mem_cgroup_move_charge()
...
Closes : #822084
2016-04-28 16:24:28 +02:00
9321f394c6
[sparc] Implement and wire up hotplug and modalias_show for vio
...
Thanks to Adrian Glaubitz; closes : #815977
2016-04-28 00:09:05 +02:00
dff5585589
module: Invalidate signatures on force-loaded modules
2016-04-23 20:48:33 +02:00
2d9dcd6be6
atl2: Disable unimplemented scatter/gather feature (CVE-2016-2117)
2016-04-22 08:10:30 +01:00
b20f5e22b0
[armel/marvell] dts: kirkwood: fix SD slot default configuration for OpenRD ( Closes : #811351 )
2016-04-22 08:06:49 +01:00
fe835b64b1
Update to 4.5.2
...
As this includes changes to header_ops and dentry_operations, bump
the ABI number to 2.
2016-04-22 08:05:48 +01:00
c5cec59895
[mips*] Emulate unaligned LDXC1 and SDXC1 instructions.
2016-04-22 00:01:29 +02:00
9c63adf133
[x86] USB: usbip: fix potential out-of-bounds write (CVE-2016-3955)
2016-04-19 16:30:27 +02:00
92f972094e
[x86] xen: suppress hugetlbfs in PV guests (CVE-2016-3961)
2016-04-14 20:57:52 +02:00
f4701f7d70
Update to 4.6-rc3
...
Refresh or drop *many* patches.
aufs: Update support patches to aufs4.x-rcN-20160328
2016-04-14 15:00:19 +01:00
c37887e538
Re-group the patch series
2016-04-13 23:31:28 +01:00
a8c2d3c699
nbd: Create size change events for userspace ( Closes : #812487 )
2016-04-13 23:23:32 +01:00
1d7f287b7a
[x86] ACPI / processor: Request native thermal interrupt handling via _OSC ( Closes : #817016 , #819336 )
2016-04-13 23:06:17 +01:00
df965c4112
fs: Add MODULE_SOFTDEP declarations for hard-coded crypto drivers ( Closes : #819725 )
2016-04-13 22:17:00 +01:00
aac56d9572
[x86] mm/32: Enable full randomization on i386 and X86_32 (CVE-2016-3672)
2016-04-13 21:26:06 +01:00
e01d7b854c
ipv4: Don't do expensive useless work during inetdev destroy (CVE-2016-3156)
2016-04-13 21:24:19 +01:00
d0292c6f67
netfilter: x_tables: Fix parsing of IPT_SO_SET_REPLACE blobs (CVE-2016-3134)
2016-04-13 21:11:40 +01:00
68c5c5997c
Merge remote-tracking branch 'alioth/sid'
...
Merge open changelog entry for 4.4.6-2 into our open changelog entry.
Refresh the new patches.
2016-04-13 20:52:01 +01:00
6e05e68d7a
Update to 4.5.1
2016-04-13 20:49:29 +01:00
5c3489a433
[armel/marvell] Add DT support for "Buffalo/Revogear Kurobox Pro"
2016-04-08 08:33:27 +09:00
119c44d06d
Merge branch 'benh/secure-boot'
2016-04-05 13:59:42 +01:00
24993989ff
[mips*/octeon] Backport Octeon III CN7xxx interface detection from 4.7 queue.
2016-04-04 22:51:21 +02:00
7836b549be
[mips*/octeon] Backport OCTEON SATA controller support from 4.6-rc1. Enable AHCI_OCTEON.
2016-04-04 22:51:11 +02:00
76de9f06e0
scripts: Fix X.509 PEM support in sign-file
...
DER format works but it's easier if we can use PEM everywhere.
2016-04-04 19:28:26 +01:00
7321950826
Add Matthew Garrett's securelevel patchset in preparation for Secure Boot support
2016-04-03 04:31:52 +01:00
Ben Hutchings
Salvatore Bonaccorso
Martin Michlmayr
Uwe Kleine-König
Aurelien Jarno
Roger Shimizu