bcc9a01d8e
scsi: qla2xxx: Fix an integer overflow in sysfs code (CVE-2017-14051)
2017-09-14 06:51:56 +02:00
2ed545523f
sctp: Avoid out-of-bounds reads from address storage (CVE-2017-7558)
2017-09-14 06:51:56 +02:00
5897597d01
Update to 4.13.1
2017-09-11 01:16:41 +01:00
41ff7a03ca
Update to 4.12.12
2017-09-10 12:07:09 +02:00
68b6e32819
Update to 4.12.11
2017-09-09 15:06:49 +02:00
b066a269e0
Update to 4.13
2017-09-04 01:19:41 +01:00
9ba3914638
Update to 4.13-rc7
2017-08-30 20:34:25 +01:00
4a53c826d6
mtd: nandsim: remove debugfs entries in error path
2017-08-29 22:31:30 +02:00
a2dde14ec6
Update to 4.12.9
2017-08-29 22:20:12 +02:00
df8a5bf53a
Update to 4.13-rc7
2017-08-29 22:07:26 +02:00
8e44fd873c
Update to 4.12.7
2017-08-25 21:47:57 +02:00
a129c1c207
Update to 4.13-rc6
2017-08-21 03:09:19 +01:00
918dc43e46
Update metadata for "kbuild: Do not use hyphen in exported variable name"
...
I updated the commit message and re-submitted it after further
investigation.
2017-08-19 22:37:17 +01:00
31202be148
Update to 4.13-rc5
2017-08-14 23:18:47 +01:00
d545b4e4d0
Update to 4.13-rc4
...
Drop and refresh patchs as appropriate.
2017-08-13 14:45:14 +01:00
0134b5c8b9
[amd64,arm64] mm: Revert x86_64 and arm64 ELF_ET_DYN_BASE base ( Closes : #869090 )
2017-08-12 23:08:23 +01:00
aa404ad63b
bfq: Enable auto-loading when built as a module
2017-08-12 22:36:27 +01:00
831ae89c56
rtlwifi: Fix firmware loading bugs ( Closes : #869084 )
2017-08-12 21:54:36 +01:00
3b32a0551f
xfrm: policy: check policy direction value (CVE-2017-11600)
2017-08-12 21:36:28 +01:00
e58e3e6be9
Update to 4.12.6
2017-08-12 16:54:34 +02:00
0442142ae4
udp: consistently apply ufo or fragmentation (CVE-2017-1000112)
2017-08-11 09:12:58 +02:00
3b6247dba4
packet: fix tp_reserve race in packet_set_ring (CVE-2017-1000111)
2017-08-11 09:09:51 +02:00
f302f4dbad
Drop upstream applied patch
...
Gbp-Dch: Ignore
2017-08-08 10:20:30 +02:00
693284da5b
media: saa7164: fix double fetch PCIe access condition (CVE-2017-8831)
2017-08-03 20:36:47 +02:00
9f89bea8ab
ipv6: avoid overflow of offset in ip6_find_1stfragopt (CVE-2017-7542)
2017-08-03 20:32:16 +02:00
b5081c50bc
dentry name snapshots (CVE-2017-7533)
2017-08-03 20:27:55 +02:00
db815c4a3b
Update to 4.12.3
2017-07-22 18:26:23 +01:00
50381a0ca2
Update to 4.12.2
...
Refresh aufs4 patches by hand, as there is no release for 4.12 yet.
Refresh lockdown patches with genpatch.py and then by hand, as the
branch is a little out of date and many patches went upstream.
[rt] Disable until it is updated for 4.12 or later
2017-07-18 01:06:31 +01:00
09f1166971
binfmt_elf: use ELF_ET_DYN_BASE only for PIE (CVE-2017-1000370, CVE-2017-1000371)
2017-07-16 21:24:08 +01:00
e70c79cce5
Update to 4.11.9
2017-07-09 12:54:43 +02:00
2125fc6614
Update to 4.11.8
2017-06-29 21:21:01 +02:00
3aaf7fba55
rxrpc: Fix several cases where a padded len isn't checked in ticket decode (CVE-2017-7482)
2017-06-29 08:24:46 +02:00
4bffab0d23
Update to 4.11.7
...
Drop upstream applied patch.
Refresh features/all/rt/sched-mmdrop-delayed.patch.
Ignore changes for module: drivers/iio/imu/inv_mpu6050/*.
2017-06-26 22:01:21 +02:00
0f89be27d3
mm: larger stack guard gap, between vmas (CVE-2017-1000364)
2017-06-20 00:19:55 +01:00
76ed7c5f09
Update to 4.11.6
2017-06-18 18:12:42 +01:00
21159c097a
Release linux (4.9.30-2).
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAlk+1/UACgkQ57/I7JWG
EQnBDBAAyXVWuRSGT/qEyF/ML8KM8R9lQJDDm5eN/NRl5Tk1QEU+8vo0DnSC0SCb
hMvML/HFsyTXdgKALU3ygKfI+5MloLYTNVkWGmWFuMBUcBWHNcHJEinlvRmS3jfh
QJCsPYgaTi7qk+fLg7lidlDQZ0vXzQlXU7QXQJgtKx2YxQhwdUNx2qtNwjWxJSgU
hT5VRpU0CiaRdTxO8KQYCipDko7ohznjCCXzemgYBKCOqSWE7EwD5d2WqtcTinR0
Mpess7GR9LjEoUwoQ5cUksOPUSWP2BFsre8QpuGeoC7VoawhmKYJj91CvcheV7rs
jStLk5DjntoMKitAUSpETjHIefk+4HEVbv5av8clmYkVCXiSAUZGiywql5Gl0T6B
V6C9dwpUbSdevKvsEhmKi2Ei12kQ3kt/sL2WrPPHmqWUfT7KwPbUOR6MkrtyQoz+
6McaJlSIu+Ln3/naZEHh73yAwBc/D/Q+9bxpSYMngyFGZNL6JqJc2I6N9x+zg3xV
MSLTASQcdsGJENuoKE2+eqW7xqtQcdxBF416Pc9CC5Czifz+V7dELmShjvjX3lJm
YBBgZtfS7IOBg8kW6EIKhn8Xv8xRvMA1fyeonV1fjv48e8fPb7it24chy0GK7t0z
QNNVf06kHLPuDWHiCgWRm0ZDYWuyQLZdq90xKKoiGEIm2zeZnGU=
=7TPb
-----END PGP SIGNATURE-----
Merge tag 'debian/4.9.30-2' into sid
2017-06-12 19:09:18 +01:00
29fbd594e5
NFSv4.x/callback: Create the callback service through svc_create_pooled ( Closes : #862357 )
2017-06-12 16:20:51 +01:00
6fdb07003d
Revert "uapi: fix linux/if.h userspace compilation errors"
...
This patch fixes a bug but it broke compilation of radvd (see
by reverting it for stretch.
2017-06-09 15:27:04 +01:00
cb766cd661
Add follow-up fixes for CVE-2017-9074
2017-06-08 15:39:03 +01:00
9bf3ee218c
Add follow-up fixes for CVE-2017-9074
2017-06-08 15:37:04 +01:00
304a2920e5
Update to 4.11.4
2017-06-07 23:41:28 +01:00
2da7c17a3d
ipv6: Check ip6_find_1stfragopt() return value properly.
...
Follow-up to the fix for CVE-2017-9074.
2017-06-07 23:34:55 +01:00
5174845342
Release linux (4.9.30-1).
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAlkz7vwACgkQ57/I7JWG
EQmWdQ//ctWbgUQezu+yi96QR/algQVpsRH/x1oUVnPIYi96FYOabS9pKaK0aAz1
gvTzEBz+ej2lj+ju51UWGsWHXG9CuBO9i+lRqxf74YdpmDPVco+sDWULBJzEnXqC
rYJsvnwLneDdUOeLd+r9nS/a38PezOqXd0eQApzwzvj4GStrj23aSQeLH7pXqXrr
KI/dORIXEujHoNeWzSzW3XXzOYlg9yAJuLyFmS8FGg7fBaEpnlRA+z2gXtmX7Bdn
SBJxYNttrVbucpHsIwFQysaVU+G0EXnbwgsB/AQBycCrDDIYmhmWLdqlIG+q6lsm
AGLmmX47xxrDpBPhr8iHWJkcmTBBNsSADghLvTru5PSWWTd70P/f2XWGYrfJ5bvU
OrQaV4BFG+zw6RC7Jlzx+byaXyWq15aorRAJSXKaFdebHBZXFzsbKTq4HNTRKV06
3DpoH47C0Jr4YXSbcNvgZiDZnF7OmYw/vsbJk+X4IC+igpriz3dV93QTnL2vf4iO
LaS2KT1MkGInS329DRpjCy14+q1LZM2nti6/mPji2Uqwl6ACvGYgL5y0FJLfEThH
XN+a2So6+u8MvWxrUoNrHIj8aYok96oONpDDbPIueS/PT7TwHBbq2ui1zlE8Uahg
zR3+U/V5VoBEct5n/nm0c8SRhkqsfOk8l42Dj5ibkQAuDzzt39g=
=MA6Q
-----END PGP SIGNATURE-----
Merge tag 'debian/4.9.30-1'
Drop ABI reference files and ABI maintenance patch.
2017-06-05 14:12:31 +01:00
7b53b52f6f
Update to 4.11.3
2017-06-05 14:04:06 +01:00
b9ea5ea2a4
uapi: fix linux/if.h userspace compilation errors (see #822393 , #824442 )
2017-06-01 17:50:12 +01:00
a843bf5bb3
Merge remote-tracking branch 'alioth/sid' into sid
2017-06-01 14:10:48 +01:00
2502943c58
ipv6: fix out of bound writes in __ip6_append_data() (CVE-2017-9242)
2017-06-01 08:38:02 +02:00
cd87fb7a86
crypto: skcipher - Add missing API setkey checks (CVE-2017-9211)
2017-06-01 08:34:46 +02:00
261dbebcde
ipv6/dccp: do not inherit ipv6_mc_list from parent (CVE-2017-9076 CVE-2017-9077)
2017-06-01 08:13:06 +02:00
3253209d02
sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (CVE-2017-9075)
2017-06-01 08:08:49 +02:00
35c1e8ae8d
ipv6: Prevent overrun when parsing v6 header options (CVE-2017-9074)
2017-06-01 08:05:24 +02:00
a68b36a505
dccp/tcp: do not inherit mc_list from parent (CVE-2017-8890)
2017-06-01 07:43:55 +02:00
20b3d9876a
tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline() (CVE-2017-0605)
2017-06-01 07:36:02 +02:00
ad62774819
Add various security fixes
2017-06-01 00:30:04 +01:00
e9619f03d3
Update to 4.9.30
...
* Drop/refresh patches as necessary
* Ignore ABI changes in ccp and hid-sensors
* [mips*el/loongson-3] Revert "MIPS: Loongson-3: Select
MIPS_L1_CACHE_SHIFT_6" to avoid ABI change
2017-05-31 21:02:34 +01:00
dd1408c66d
Update to 4.9.28
2017-05-27 17:12:34 +02:00
3d18d55b64
Update to 4.9.26
...
Ignore changes to module:sound/firewire/snd-firewire-lib
Ignore changes to module:net/l2tp/l2tp_core
2017-05-13 16:07:07 +02:00
2d982936e8
usbip: Fix potential format overflow in userspace tools
...
This fixes FTBFS on 64-bit architectures with gcc-7, which in
experimental means at least amd64, ppc64, sparc64.
2017-05-04 02:48:18 +01:00
85b468262e
Remove unused liblockdep packaging
2017-05-03 21:02:49 +01:00
a4e087d3b1
Release linux (4.9.25-1).
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAlkI0/kACgkQ57/I7JWG
EQkutQ/9EsYdnQXf4HaC1YTqQW0Nu5+swZzyosOcdtMfJrj+PWXQMgmY4WWav8I/
DipRGhfXXMnqlBg1vOR5cEdqPznRm/cwcuPqZpw7H0fA7LvyCibg/7yERJYv7i1U
BIy8s29NCpVVRhDhY9Nl5t0WLGQT4Rg9JW6iKNRDq2y91etahSxzOBxB2B3k04Ys
9vFPpuKq5QAskCBGEucinYYKTy7/ciIXsaSij2m/G7/ly/Qaqt0pIgjqi4QhuJs3
yWidIm1aBvE4MHXH8WQkg1aF20vfdGXz3CZNT6BWFn/6hNesS+tEQpF/nYLBqnfS
2GghqeWO1+xzxlXWNZU/SD0JhkB6gAeZ+4MP7eYz8BAtpUz7H/zZfZNsOBWb6YJY
Pc8AjqG6mBd/1B2O8yXUda/j/xazEtg0c7uxQjyOEqh2nPeHn9FVLuJsSP74wxdx
zjGmOjJzKUmhBGxLdJZAFL5N7YbLR+qNQfV2UGz4+zVIJge9R7HwWwR9+Um8AHq0
qrnjRf6iAla1phYlgHnPx4r6A9kactDuFsNMfUN8nsUrV+KX15k+dt02CpFSWw0B
lXGPf2MNXTEp+CsuAVBAWFP55JCOwD6yYoLfEfErXvchc7qqIKHgmIrLSyexro7O
F1+HBfu6t1M4tRz0xNu8sGL4uzsjockMW8RL1HFgboUluMgTFPQ=
=k/sj
-----END PGP SIGNATURE-----
Merge tag 'debian/4.9.25-1'
Drop the added patches, which are already in 4.11.
CONFIG_NFP_NETVF is replaced by CONFIG_NFP in 4.11.
2017-05-02 19:57:00 +01:00
7ba1afb386
nfsd: stricter decoding of write-like NFSv2/v3 ops (CVE-2017-7895)
2017-04-29 22:02:50 +02:00
7961205000
nfsd4: minor NFSv2/v3 write decoding cleanup
2017-04-29 21:59:48 +02:00
0e77dea5fc
nfsd: check for oversized NFSv2/v3 arguments (CVE-2017-7645)
2017-04-29 21:52:43 +02:00
4c666bd4da
Update to 4.9.25
2017-04-27 20:19:04 +02:00
6771be1138
macsec: dynamically allocate space for sglist
2017-04-27 07:42:13 +02:00
7b2acecada
macsec: avoid heap overflow in skb_to_sgvec (CVE-2017-7477)
2017-04-27 06:43:38 +02:00
7bf90ad750
KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings (CVE-2017-7472)
2017-04-22 02:26:48 +01:00
89402402c8
KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (CVE-2016-9604)
2017-04-22 02:25:04 +01:00
9c5f88b1f6
Update to 4.9.24
...
Drop most of our bug fix patches, which were included in it.
Adjust context in a couple of rt patches that have textual conflicts.
2017-04-22 00:59:32 +01:00
85c3a1be4d
Note Lukas Wunner's forward-porting work in patches
2017-04-20 00:48:59 +01:00
40f397ca1a
Drop another patch redundant with upstream changes
2017-04-20 00:16:12 +01:00
f26f2a520d
Update to 4.11-rc6
...
Remove merged patches and rebase remaining patches.
A portion of the secureboot patches have been upstreamed, but were
changed substantially during review, primarily to avoid code
duplication among arches. I've stripped the patches of the merged
bits and rebased the remainder.
Signed-off-by: Lukas Wunner <lukas@wunner.de>
[bwh: Undo some incorrect context changes in
bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch]
2017-04-20 00:15:17 +01:00
aa2adea45f
Update Origin and description for various patches now applied/merged upstream
2017-04-18 04:18:56 +01:00
790885d6d8
Add Forwarded header and update description for several patches
2017-04-18 04:15:47 +01:00
8701ef58ba
Replace "[media] dvb-usb: Don't use stack for reset either" with upstream fix
2017-04-18 01:16:50 +01:00
3f62574711
crypto: ahash - Fix EINPROGRESS notification callback (CVE-2017-7618)
2017-04-16 23:25:12 +01:00
31945f628c
Update to 4.9.22
...
Drop patches applied upstream.
2017-04-16 21:47:05 +01:00
1d5fde10d8
mm/mempolicy.c: fix error handling in set_mempolicy and mbind (CVE-2017-7616)
2017-04-16 07:59:50 +02:00
5547db97a6
fscrypt: remove broken support for detecting keyring key revocation (CVE-2017-7374)
2017-04-08 09:36:53 +02:00
43f7156d3a
ping: implement proper locking (CVE-2017-2671)
2017-04-08 09:18:35 +02:00
20a0659e24
drm/nouveau/disp/mcp7x: disable dptmds workaround ( Closes : #850219 )
2017-04-07 20:42:59 +01:00
459f0a48e4
Release linux (4.9.18-1).
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAljcf5EACgkQ57/I7JWG
EQmFcQ/8DoBxenUbNW5cY+YbwBKsjuBb8Q6gnqQLOX/JtOJ8MtpQ1t2QQPvMYdXJ
PTcNZAKm8mrsWJxos9WsUHjkdrfuLAsMTisC5FvDkE6myBt++GH3gRtKCT0A2nep
ZU17YeHYfcqv6UK90Jg0p+xAKQEEqKZrryP7fvb8oX5wOORwlLMxBScErftbB/vV
hBvwybq7gfA/4KxDTnWgadpidg16/67ZgKd0EoSsbCpFAJble/hRroMwzKUSzFW+
2yFxrmUNFoIXddoDtORNNdK0nM6b2MKeWKjmndknz4QehlayZWCg1+mEjp7A7Wqp
9naONqhQWMibARGkDl5Y7SZ9/XJXjPmDFXi3EIbhrWMN2TUkzUN14A1YHw+M9p5Q
9UbnpI6eDxjvlezcPjqucIM0ywFwljBrDsQXfGsR6ogQbYvA7nJ0dK63/EXzvl1U
UGUBwHtDhLHxtv85/JsUqq9/UVGbZjcHvyEfmE1mvbMcNxkSLSewt+jd78h7xIyL
tOZP24ARPKqcQ1detou47o8cMmwTqVl6xu08w83xin2Xux+UlYFTtI/LVws3oYNb
F3uEzIgtJbu7ENxCkY5RmIJG9qRJZJ2f6dnpLLld6D52paD5OYNrk1NShtf/Dp+r
zjJoiIRTcO9fPatjl07Y2eDeFeo2SKoD+Xd/5nGDoytE6JiDEXg=
=ONVb
-----END PGP SIGNATURE-----
Merge tag 'debian/4.9.18-1'
Drop ABI reference files.
Refresh/drop patches as needed.
2017-03-30 14:16:47 +01:00
8a7210aeea
net/packet: Fix integer overflow in various range checks (CVE-2017-7308)
2017-03-29 22:50:53 +01:00
2dd2d226ca
scsi: sg: check length passed to SG_NEXT_CMD_LEN (CVE-2017-7187)
2017-03-29 22:31:24 +01:00
3e739d51e3
xfrm_user: Apply fixes for CVE-2017-7184
2017-03-29 22:28:20 +01:00
b303c03f3b
Update to 4.9.16
...
Drop one patch included in it
2017-03-20 00:12:10 +00:00
f271c6453d
Update to 4.9.15
...
Drop one patch included in 4.9.15
Ignore ABI changes for
module:drivers/nvdimm/libnvdimm
module:drivers/target/**
debugfs_create_automount
2017-03-19 21:41:18 +01:00
8851d0b7ac
ucount: Remove the atomicity from ucount->count (CVE-2017-6874)
...
...and avoid an ABI change.
2017-03-14 21:39:16 +00:00
11c1294899
ACPI / EC: Use busy polling mode when GPE is not enabled
...
Thanks: Jakobus Schurz <jakobus.schurz@gmail.com>
Closes : #846792
2017-03-13 07:34:43 +01:00
f96b366d00
Update to 4.9.14
...
Drop a patch applied upstream.
Ignore ABI changes as they shouldn't affect OOT modules.
2017-03-12 18:35:37 +00:00
11d69f4069
tty: n_hdlc: get rid of racy n_hdlc.tbuf (CVE-2017-2636)
2017-03-08 03:07:36 +00:00
7513bdfe2b
Kbuild.include: addtree: Remove quotes before matching path (regression in 4.8)
...
loses: #856474
2017-03-04 02:19:07 +00:00
79e486b59b
[media] dvb-usb: don't use stack for firmware load or reset ( Closes : #853894 )
2017-03-01 15:43:37 +00:00
49569a3b8c
sctp: deny peeloff operation on asocs with threads sleeping on it (CVE-2017-6353)
2017-02-27 15:49:27 +00:00
f32a03523e
ipc/shm: Fix shmat mmap nil-page protection (CVE-2017-5669)
2017-02-26 20:51:00 +00:00
93819d25f0
Update to 4.9.13
2017-02-26 20:10:47 +00:00
1fcade696a
Update to 4.10
2017-02-22 20:58:16 +00:00
8c94f719fa
Release linux (4.9.10-1).
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAlinNOsACgkQ57/I7JWG
EQntWg//RuNSbOQeyML971UnFUtZjY3yAUYqhPJdpJimjY3WHjmZlJQrLlSz9IYQ
48Pkt/64P0+iAr9zJ+3uJv1fOagKePd5RaS/iChJdvq0fCGZstFlti5NwXEQtGSv
Yzp0LStZr+pEPZo+8Bo+TVSP25FNXdZBvhUXE2sbxaV8+W9Vx+qFkfrWEiW7hpFv
nCQJic7kmzllS4Aol9e/jj2MqcdWIhviufAImNnfrbpK61Ud6Gznw9gTODw9+OIT
ny6F/k7O6MFPuHp3aAxVC5TCowh16PcC+VqJF9MTnnvHQmD3jYqdeA8zKLnW/tJk
Dl9A6whZ3n4fFRlGjgxjmTP/CgAIeQVqgTgYCApuQQTVG3svIkznoXJLraj5UE90
rzeB30x3ikUWcVggN7xfSkW3e6/v+XSbRfu73sFA81mWyWoddT/NYhw+Y18ym4UJ
Vk8iuAakpjdVj73FSyYOcNGRzOEp2SAV72EsJEMw1/IlIkmRkMmJkkg4T/HYj11P
jK/TjZtSsVbje4zx9/U6g8Rj4Wi40EHZu6kuh2jUhCk91zsAr+7EC45gZC+uohxL
jxKxv2R5p9AR7uN6JzQR4OuOL1bTCrt02MrWdsiPlUi0RBKlJ7O5sGMMsHrVMinn
4zFNeYq2U3Fyaejb32x3DOKtgCjoMRQ5iHyrjgljhzxJcf3fWKk=
=rRkU
-----END PGP SIGNATURE-----
Merge tag 'debian/4.9.10-1'
Drop changes to aufs.
2017-02-22 20:57:36 +00:00
8db6ed9e89
dccp: fix freeing skb too early for IPV6_RECVPKTINFO (CVE-2017-6074)
2017-02-19 10:46:20 +01:00
7b50304bda
Update to 4.9.11
2017-02-18 20:53:41 +00:00
92d269eac2
media: dvb-usb-dibusb-mc-common: Add MODULE_LICENSE ( Closes : #853110 )
2017-02-17 02:56:32 +00:00
e035177b13
net: ipv6: check route protocol when deleting routes ( Closes : #855153 )
2017-02-17 00:58:21 +00:00
10f2dad569
Update to 4.9.10
2017-02-16 19:06:43 +00:00
58fbff3df5
sctp: avoid BUG_ON on sctp_wait_for_sndbuf (CVE-2017-5986)
2017-02-15 11:54:59 +01:00
9e381d5c13
ipv4: keep skb->dst around in presence of IP options (CVE-2017-5970)
2017-02-15 11:50:22 +01:00
4e5e705c5f
selinux: fix off-by-one in setprocattr (CVE-2017-2618)
2017-02-15 11:44:55 +01:00
4a1042f1a0
IB/rxe: Fix mem_check_range integer overflow (CVE-2016-8636)
2017-02-15 11:41:25 +01:00
fb27baab98
pegasus: Use heap buffers for all register access ( Closes : #852556 )
2017-02-07 01:44:24 +00:00
abd788f1da
cpumask: use nr_cpumask_bits for parsing functions ( Closes : #848682 )
2017-02-07 01:40:13 +00:00
7eec246dc0
Update to 4.9.7
...
Drop patches applied upstream.
2017-02-03 13:51:44 +00:00
6b038a62ac
Update to 4.10-rc6
2017-01-30 16:28:55 +00:00
6adadc8ec6
Release linux (4.9.6-2).
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAliL3k0ACgkQ57/I7JWG
EQlmog/8D/DowVsxEjNdiHAewH7HUyqdADkCRkeqsmKgCtZEmvEaYE0RijZzGDhm
Ge4PxOzhLE/DRxJF2gN8y0hIVOnigje9qYN5OBdgB/FNNKThL6ARwiu2LD6DYcwU
+Lu6g8iHqsKHZ+NllHEiiwJ4rR39qf3Tkzz5cgm4jEi+5IjnoefOhaFhyPzBkz8i
p6fWklEhev8+lQ1sW9gF94p3t0dOp/31TWACagRQronrTtT2xAzdrR5ESPTo6FFg
gtcfqoB7AYA4LTuzoKIQRgGLsgKk73iLPF874ZuK9g/+4Z2lF9NBbwve3O0qYKCy
NERddjjx9QEf4cjToqAii10AzAfuBFDG/b77ZscREwysUwMhkz47ADefu5v1P2kJ
XdL/sJ/nXyhItV/VK8ym9lg4jAA8K5UOjn+8RtWBTE8091N7y7kyNHTQ4SppySIZ
Ow+NsWkMd+WYxkdGPSYc7nHthhVRvfC9C4cxamn9en+MNmakMgJcOZTxS4/gcTvx
DMCWGmEJrD5Bu3m9GrJzwfaXteWxMYihsq9ofjXeaeYqxgXZ62GuxMeRq3kBOhSw
H9MUITkqfsjcg7eAz8elFhRvrurlVUWFsSCGr4Fd1Tv9zrFw8OXNRrApy4UQOQ4x
Uw5AcA/3ZA3QCPsOuU8ENES57vJb+D3E/LZZJdTktVLUcoxA0tA=
=C8FJ
-----END PGP SIGNATURE-----
Merge tag 'debian/4.9.6-2'
2017-01-28 01:19:31 +00:00
810b36a1d3
fbdev: color map copying bounds checking (CVE-2016-8405)
2017-01-26 21:15:56 +00:00
a873a1d79d
Update to 4.9.6
...
Drop patches which are included in it.
2017-01-26 19:24:36 +00:00
601b9e92a1
Update to 4.10-rc5
...
Drop/refresh patches as appropriate.
[rt] Disable until it is updated for 4.10 or later
2017-01-24 19:26:38 +00:00
7a613e23af
nbd: fix 64-bit division
2017-01-24 21:35:14 +09:00
3c00650618
ieee802154: atusb: do not use the stack for buffers to make them DMA able (CVE-2017-5548)
2017-01-23 20:59:51 +01:00
c74f7d65fe
HID: corsair: fix DMA buffers on stack (CVE-2017-5547)
2017-01-23 20:57:07 +01:00
4686b122fc
Update to 4.9.5
2017-01-21 15:52:44 +01:00
c6b1f1b2b1
ath9k: fix NULL pointer dereference ( Closes : #851621 )
2017-01-17 03:51:38 +00:00
d264d7d524
tmpfs: clear S_ISGID when setting posix ACLs
2017-01-16 09:31:01 +01:00
a126d0bd27
sysctl: Drop reference added by grab_header in proc_sys_readdir (CVE-2016-9191)
2017-01-16 09:26:36 +01:00
a7f877c1f1
nbd: use loff_t for blocksize and nbd_set_size args ( Closes : #851533 )
2017-01-16 02:36:18 +00:00
2ebf1235ed
Partially revert "usb: Kconfig: using select for USB_COMMON dependency"
...
It causes USB_COMMON to be built-in for no good reason.
2017-01-11 04:40:28 +00:00
13c410d6c1
Update to 4.9.2
2017-01-09 21:06:30 +00:00
0814db65a8
Update to 4.9.1
...
Drop two obsolete patches.
"ptrace: being capable wrt a process requires mapped uids/gids"
appears to be obsoleted by upstream commit bfedb589252c "mm: Add
a user_ns owner to mm_struct and fix ptrace permission checks".
2017-01-07 03:27:13 +00:00
97ab9059a9
Release linux (4.8.15-2).
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAlhtitEACgkQ57/I7JWG
EQlPqQ//V6+eUGkATmlFFyxsM91OsMgZyxtt0Pzf7XvFg4gBr+hJIaJwxasVRZGi
w/r4uYHmiX7fLrXnanT+RekT1zCGQBOLUvm2Rlwi845PAl9fMCSb+9Jiz60THeN7
cHg7JEvNhTEEDpLK1FJlU3fiMqb5LRdUTkz+RkhKRfITm4/bT3h0Ow72/Xy6JsrI
nAf/AyncvBCQvrIUXYyfyHUPhkYMk8L7bC6G4o803kFdPYTb1WR2gRbpsI6jSVs8
YFbrfMpH1foPHiTVWP+inDN9LA2TO8QGMvAuCAQzQuLzKztrU0i/1shjDfaN61qx
xQhXE08TwNnkDZQCtIFZrLkRPSFlLqFqVWyL9eyPAYNAnZeugxB6F3HOWk5cKWqj
NPpZ10zAnKliPnL7z+eFlxLq34UgVqqe1FeRB5iBEC2dQYEs3LuB1RF2zFOuZ74T
cvXKJJhuR4iMNcAOax6Uab+3iyC/PGm5VSiCL+IPbD7H9IaXLcICE8l1r0zRs5Sa
Um4YQKTy8kFK/CRsEOB8CofXMuBXLzEw2xeNn6187d/ZeA7uiUsyd2nVkXnO0FNt
B2JkV6kwO99WAnNwTZSwF7QJJe8ir7X4X1qdk00sqNYiDff/CBHjRT1gLRzNyOuJ
r9QFKRt4UGF3XGpE89czRRoHfP9WkdrmdmP1i/DnkSVO6L8/y6Y=
=AxAX
-----END PGP SIGNATURE-----
Merge tag 'debian/4.8.15-2'
2017-01-05 00:01:00 +00:00
5efdda62b4
kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF) (CVE-2016-9588)
2017-01-01 09:15:13 +01:00
e7ccf65ec6
sg_write()/bsg_write() is not fit to be called under KERNEL_DS (CVE-2016-10088)
2016-12-31 20:21:43 +01:00
344453b7f7
Release linux (4.8.15-1).
...
-----BEGIN PGP SIGNATURE-----
iQKmBAABCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlhYKrFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E6xQP/1MRca+ekUynYy2IFUipst1zlvO94p59
79Pe26mFBb05MuDdU1DaA/fJvlpG14rDCnXCid8AAGF9LtuCzrxo6K2RdHpCi8h8
JuJCRSMrh3p3SvkeTDm3osLuRgaARvD7ruBOpWYki3D3TORpJk9IELK+HLw4CfBb
I50sJQSfTQm1/TKEwbHIHc0L1/FH5yVqMYA8v5KvJsz94ICXe4J5FJyIReexqVIL
LGO45r23eOHJ9rmO/XP1gtp9sRtPev2ZAbL4VwOqbku/KVQGQUMsikv0TUHBZT1C
jCz2ffFaJtTWWFhoKTUqCmKyqhuIklGMS4MOPHMxjXBdgA6Nb2iGOWc53ilQ35v+
umh4BJWNgqtJfkibJTDD/gA/f/U2f7O+a2ZTOXZjJPbK8bVNiyqnImHP4XWDS4OC
5IW7swgvvBVDIk7eDzDd3lKK8O1ZcWjS5U9PbaXu9C0XDeTSOKQUhfpRkfvUaqzQ
BshFmULrdvFKQzS/FJdcW/DkjGdcyYLjYtB+jPaHTG/ZytGDBqZIu4Yb4/hFAdUd
rk1MgyI4GfeBFT7RlItBJK+12WtdyTbfaiCDS4O+av0yM0drBIpm6wpl2OHZrP0R
70nZKVTcdSu+4TN3uoy2ZHHaw/ZsrsAE3EePQtdNtDAFYj7oIWjDDCVHJH4zdFHl
ekMUyxf7Hzun
=i7IG
-----END PGP SIGNATURE-----
Merge tag 'debian/4.8.15-1'
Drop ABI reference files.
2016-12-20 03:58:23 +00:00
09027445ba
Fix another mistake in original commit, set Origin propriately
...
Gbp-Dch: Ignore
2016-12-19 09:16:12 +01:00
46f0821f70
Fix Signed-off-by line for docs-sphinx-extensions-make-rstFlatTable-work-with-d.patch
...
Gbp-Dch: Ignore
2016-12-19 09:14:36 +01:00
36b7372766
docs: sphinx-extensions: make rstFlatTable work with docutils 0.13
...
Thanks: Dmitry Shachnev <mitya57@debian.org>
Closes : #848349
2016-12-19 08:30:20 +01:00
a9f6833ed4
Update to 4.9
2016-12-18 18:00:28 +01:00
966cf13de0
netfilter: ipv6: nf_defrag: drop mangled skb on ream error (CVE-2016-9755)
2016-12-14 17:12:59 +01:00
14a852ee64
Update to 4.8.14
2016-12-12 20:28:07 +01:00
93304bd632
net: handle no dst on skb in icmp6_send (CVE-2016-9919)
2016-12-10 07:42:41 +01:00
d2f4158d99
Don't feed anything but regular iovec's to blk_rq_map_user_iov (CVE-2016-9576)
2016-12-10 07:35:50 +01:00
56659f5080
net: ping: check minimum size on ICMP header length (CVE-2016-8399)
2016-12-10 07:29:51 +01:00
be8be2cb5f
net: avoid signed overflows for SO_{SND|RCV}BUFFORCE (CVE-2016-9793)
2016-12-08 19:28:56 +01:00
3b66b4fcef
packet: fix race condition in packet_set_ring (CVE-2016-8655)
2016-12-07 10:34:33 +01:00
27fc4207c6
tipc: check minimum bearer MTU (CVE-2016-8632)
2016-12-07 10:31:56 +01:00
59ebe22f2f
Update to 4.8.12
2016-12-06 21:19:22 +01:00
b3906798a8
Revert "default exported asm symbols to zero"
2016-12-05 01:07:36 +00:00
1c1ab88dbe
Update to 4.9-rc8
2016-12-05 01:02:03 +00:00
7e80c27706
radeon: Update package name in error message for missing firmware
2016-12-03 03:30:15 +00:00
34594185e1
Drop "default exported asm symbols to zero"
...
This caused *all* symbol version CRCs to be zero in modules on amd64.
2016-12-03 01:45:17 +00:00
2431e89ed3
Update fixes for exported symbol versions
...
Linus has re-enable CONFIG_MODVERSIONS, but also weakened the version
matching. Apply his match but then revert the weakening.
Also add a proposed fix for missing version CRCs, which gives them a
default value of zero. Since buildcheck.py now checks for this, we
should detect all unversioned symbols at build time.
2016-12-02 23:13:17 +00:00
54d0756a33
Fix exported symbol versions
...
- Revert upstream changes moving exports to assembly sources
- [x86] kbuild: enable modversions for symbols exported from assembly
- Revert "Fix subtle CONFIG_MODVERSIONS problems"
This leaves powerpc and x86 as the only kernel architectures that
export symbols from assembly, and <asm/asm-prototypes.h> for those
two appear to define prototypes for all the functions that are used.
2016-12-02 00:19:09 +00:00
ceb75c4337
mnt: Add a per mount namespace limit on the number of mounts (CVE-2016-6213)
2016-11-30 16:15:29 +01:00
Salvatore Bonaccorso
Ben Hutchings
Uwe Kleine-König
Lukas Wunner
Roger Shimizu