Ben Hutchings
cb766cd661
Add follow-up fixes for CVE-2017-9074
2017-06-08 15:39:03 +01:00
Ben Hutchings
9bf3ee218c
Add follow-up fixes for CVE-2017-9074
2017-06-08 15:37:04 +01:00
Ben Hutchings
304a2920e5
Update to 4.11.4
2017-06-07 23:41:28 +01:00
Ben Hutchings
2da7c17a3d
ipv6: Check ip6_find_1stfragopt() return value properly.
...
Follow-up to the fix for CVE-2017-9074.
2017-06-07 23:34:55 +01:00
Ben Hutchings
cb232e3cbd
Set ABI to 1
2017-06-07 21:24:14 +01:00
Ben Hutchings
2e4ca2c625
Drop experimental suffix from next version
2017-06-07 21:23:33 +01:00
Ben Hutchings
7618511643
[x86] Enable SERIAL_8250_MID as built-in ( Closes : #864368 )
2017-06-07 21:21:21 +01:00
Ben Hutchings
e3721c5e6a
[x86] SERIAL_8250_MID not GPIO_INTEL_MID
...
...although we might want that too
2017-06-07 21:19:02 +01:00
Ben Hutchings
9da11541bd
[x86] Enable SERIAL_8250_MID as built-in ( Closes : #864368 )
2017-06-07 21:16:14 +01:00
Ben Hutchings
1d233f0650
Merge branch 'm68k' of https://github.com/glaubitz/linux-debian
...
Move the added changelog lines into a new entry, as 4.11.3-1~exp1 has
already been uploaded.
2017-06-06 20:43:50 +01:00
John Paul Adrian Glaubitz
18a83ebe4c
[m68k] udeb: Add atari_scsi, mac_esp, mac_scsi to scsi-modules
2017-06-06 00:27:44 +02:00
John Paul Adrian Glaubitz
dbe60feb5b
[m68k] udeb: Add buddha, falconide, gayle, macide, q40ide to pata-modules
2017-06-06 00:25:47 +02:00
John Paul Adrian Glaubitz
8af4425509
[m68k] udeb: Move non-shared modules from nic-shared-modules to nic-modules
2017-06-06 00:24:40 +02:00
John Paul Adrian Glaubitz
2ae0e6b97a
[m68k] udeb: Build scsi-core-modules package
2017-06-06 00:22:45 +02:00
John Paul Adrian Glaubitz
0f75b878c9
[m68k] udeb: Build pata-modules package
2017-06-06 00:21:33 +02:00
John Paul Adrian Glaubitz
8a4fb2b833
[m68k] udeb: Build nic-modules package
2017-06-06 00:19:15 +02:00
John Paul Adrian Glaubitz
3a28456c15
[m68k] udeb: Build hfs-modules package
2017-06-06 00:17:56 +02:00
John Paul Adrian Glaubitz
a744ec62e0
[m68k] udeb: Build affs-modules package
2017-06-06 00:16:56 +02:00
Ben Hutchings
aca58f8953
Prepare to release linux (4.11.3-1~exp1).
2017-06-05 14:13:41 +01:00
Ben Hutchings
5174845342
Release linux (4.9.30-1).
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAlkz7vwACgkQ57/I7JWG
EQmWdQ//ctWbgUQezu+yi96QR/algQVpsRH/x1oUVnPIYi96FYOabS9pKaK0aAz1
gvTzEBz+ej2lj+ju51UWGsWHXG9CuBO9i+lRqxf74YdpmDPVco+sDWULBJzEnXqC
rYJsvnwLneDdUOeLd+r9nS/a38PezOqXd0eQApzwzvj4GStrj23aSQeLH7pXqXrr
KI/dORIXEujHoNeWzSzW3XXzOYlg9yAJuLyFmS8FGg7fBaEpnlRA+z2gXtmX7Bdn
SBJxYNttrVbucpHsIwFQysaVU+G0EXnbwgsB/AQBycCrDDIYmhmWLdqlIG+q6lsm
AGLmmX47xxrDpBPhr8iHWJkcmTBBNsSADghLvTru5PSWWTd70P/f2XWGYrfJ5bvU
OrQaV4BFG+zw6RC7Jlzx+byaXyWq15aorRAJSXKaFdebHBZXFzsbKTq4HNTRKV06
3DpoH47C0Jr4YXSbcNvgZiDZnF7OmYw/vsbJk+X4IC+igpriz3dV93QTnL2vf4iO
LaS2KT1MkGInS329DRpjCy14+q1LZM2nti6/mPji2Uqwl6ACvGYgL5y0FJLfEThH
XN+a2So6+u8MvWxrUoNrHIj8aYok96oONpDDbPIueS/PT7TwHBbq2ui1zlE8Uahg
zR3+U/V5VoBEct5n/nm0c8SRhkqsfOk8l42Dj5ibkQAuDzzt39g=
=MA6Q
-----END PGP SIGNATURE-----
Merge tag 'debian/4.9.30-1'
Drop ABI reference files and ABI maintenance patch.
2017-06-05 14:12:31 +01:00
Ben Hutchings
7b53b52f6f
Update to 4.11.3
2017-06-05 14:04:06 +01:00
Ben Hutchings
65c1808993
[m68k] Update 'Revert "m68k: move exports to definitions"' for 4.11 (fixes FTBFS)
...
Closes : #862393
2017-06-05 13:51:12 +01:00
Ben Hutchings
6b3812c4f1
Prepare to release linux (4.9.30-1).
2017-06-04 03:03:01 +01:00
Ben Hutchings
894e593fa3
[rt] Update to 4.9.30-rt20
2017-06-04 03:00:42 +01:00
Ben Hutchings
9c84459829
[rt] Add new GPG subkeys for Sebastian Andrzej Siewior
2017-06-04 02:51:04 +01:00
Ben Hutchings
4078eac467
[arm64] serial: pl011: add console matching function ( Closes : #861898 )
2017-06-04 02:40:54 +01:00
Ben Hutchings
0aead2461f
[x86] pinctrl: cherryview: Add a quirk to make Acer Chromebook keyboard work again
...
Closes : #862723
2017-06-04 02:30:55 +01:00
Ben Hutchings
8b4f995faa
[rt] Clean up kconfig with kconfigeditor2
2017-06-04 02:14:44 +01:00
John Paul Adrian Glaubitz
3222b6559c
[m68k] udeb: Build loop-modules package
...
Signed-off-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
[bwh: Add changelog entry]
2017-06-04 02:08:50 +01:00
Cyril Brulebois
4ff30925bb
udeb: Add efivarfs to efi-modules.
...
This might be needed to retrieve firmware or configuration bits from
d-i.
[bwh: Add closes : #862555 ]
2017-06-04 01:40:22 +01:00
Ben Hutchings
ae4eed4ced
btrfs: warn about RAID5/6 being experimental at mount time ( Closes : #863290 )
2017-06-04 01:20:23 +01:00
Ben Hutchings
e6c8b0bdf6
Add Debian package version to "hung task" log messages
...
I noticed a couple of bug reports with these messages and unknown
packge version.
2017-06-04 00:02:06 +01:00
Ben Hutchings
9479b65c42
debian/control: Fix compiler build-dependencies for cross-building
...
gcc cross-compilers *do* now have Multi-Arch: foreign, so we have
to take the :native qualfiication off again.
(cherry picked from commit 84e53d21c3
)
Closes : #863907
2017-06-03 22:10:01 +01:00
Ben Hutchings
f66ac78498
Note that "NFSv4: Fix callback server shutdown" closes #862357
2017-06-03 20:43:08 +01:00
Ben Hutchings
b9ea5ea2a4
uapi: fix linux/if.h userspace compilation errors (see #822393 , #824442 )
2017-06-01 17:50:12 +01:00
Ben Hutchings
a843bf5bb3
Merge remote-tracking branch 'alioth/sid' into sid
2017-06-01 14:10:48 +01:00
Salvatore Bonaccorso
2502943c58
ipv6: fix out of bound writes in __ip6_append_data() (CVE-2017-9242)
2017-06-01 08:38:02 +02:00
Salvatore Bonaccorso
cd87fb7a86
crypto: skcipher - Add missing API setkey checks (CVE-2017-9211)
2017-06-01 08:34:46 +02:00
Salvatore Bonaccorso
261dbebcde
ipv6/dccp: do not inherit ipv6_mc_list from parent (CVE-2017-9076 CVE-2017-9077)
2017-06-01 08:13:06 +02:00
Salvatore Bonaccorso
3253209d02
sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (CVE-2017-9075)
2017-06-01 08:08:49 +02:00
Salvatore Bonaccorso
35c1e8ae8d
ipv6: Prevent overrun when parsing v6 header options (CVE-2017-9074)
2017-06-01 08:05:24 +02:00
Salvatore Bonaccorso
a68b36a505
dccp/tcp: do not inherit mc_list from parent (CVE-2017-8890)
2017-06-01 07:43:55 +02:00
Salvatore Bonaccorso
20b3d9876a
tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline() (CVE-2017-0605)
2017-06-01 07:36:02 +02:00
Ben Hutchings
ad62774819
Add various security fixes
2017-06-01 00:30:04 +01:00
Ben Hutchings
c2d60c744a
Merge branch 'sid' of git+ssh://git.debian.org/git/kernel/linux into sid
2017-05-31 22:10:43 +01:00
Uwe Kleine-König
85cfadf6c0
fix "[arm64] Enable DRM modules"
...
I forgot to add =m for CONFIG_DRM_MALI_DISPLAY. I fixed that for my
build test, but forgot to add to the index for committing. *sigh*
2017-05-31 22:30:20 +02:00
Uwe Kleine-König
39fa3fc3aa
Ignore ABI changes in chipidea driver
2017-05-31 22:26:40 +02:00
Uwe Kleine-König
7c8c8ef49a
[arm64] Enable DRM modules
2017-05-31 22:25:13 +02:00
Ben Hutchings
e9619f03d3
Update to 4.9.30
...
* Drop/refresh patches as necessary
* Ignore ABI changes in ccp and hid-sensors
* [mips*el/loongson-3] Revert "MIPS: Loongson-3: Select
MIPS_L1_CACHE_SHIFT_6" to avoid ABI change
2017-05-31 21:02:34 +01:00
Salvatore Bonaccorso
dd1408c66d
Update to 4.9.28
2017-05-27 17:12:34 +02:00
Roger Shimizu
cb023ecab6
[armel] Note kernel size limit for Buffalo Linkstation
...
We don't know the actual limit for Linkstation device. The size
was taken from kernel of stock firmware.
2017-05-17 01:10:00 +09:00
Salvatore Bonaccorso
75d5d0e57f
Update to 4.9.27
2017-05-13 18:52:03 +02:00
Salvatore Bonaccorso
3d18d55b64
Update to 4.9.26
...
Ignore changes to module:sound/firewire/snd-firewire-lib
Ignore changes to module:net/l2tp/l2tp_core
2017-05-13 16:07:07 +02:00
Aurelien Jarno
f5fd64d72e
[mips*/*-malta] Enable POWER_RESET and POWER_RESET_SYSCON.
2017-05-08 21:12:41 +02:00
Ben Hutchings
9e37525c5d
Add ABI reference for 4.9.0-3
2017-05-08 17:49:32 +01:00
Ben Hutchings
0a348a06ca
[armel] udeb: Add af_packet. firmware_class, nls_base to kernel-image (fixes FTBFS)
2017-05-06 03:54:06 +01:00
Ben Hutchings
3b2f2e5859
Prepare to release linux (4.11-1~exp2).
2017-05-05 04:35:12 +01:00
Ben Hutchings
8356e87ef9
[mips*/octeon] Increase RELOCATION_TABLE_SIZE to 0x00110000 (fixes FTBFS)
2017-05-05 04:05:51 +01:00
Ben Hutchings
2d982936e8
usbip: Fix potential format overflow in userspace tools
...
This fixes FTBFS on 64-bit architectures with gcc-7, which in
experimental means at least amd64, ppc64, sparc64.
2017-05-04 02:48:18 +01:00
Ben Hutchings
3c6e75c193
[armel/marvell] Make more things modular (fixes FTBFS)
...
This still gets us to:
Image size 2086338/2097080, using 99.49%. Under 1% space in experimental. Continuing.
which is uncomfortably close.
2017-05-03 22:46:38 +01:00
Ben Hutchings
85b468262e
Remove unused liblockdep packaging
2017-05-03 21:02:49 +01:00
Ben Hutchings
c6d012b61d
Prepare to release linux (4.11-1~exp1).
2017-05-02 20:57:50 +01:00
Ben Hutchings
44b570caef
block: Enable BLK_WBT, BLK_WBT_MQ ( Closes : #859570 )
2017-05-02 20:06:26 +01:00
Ben Hutchings
a4e087d3b1
Release linux (4.9.25-1).
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAlkI0/kACgkQ57/I7JWG
EQkutQ/9EsYdnQXf4HaC1YTqQW0Nu5+swZzyosOcdtMfJrj+PWXQMgmY4WWav8I/
DipRGhfXXMnqlBg1vOR5cEdqPznRm/cwcuPqZpw7H0fA7LvyCibg/7yERJYv7i1U
BIy8s29NCpVVRhDhY9Nl5t0WLGQT4Rg9JW6iKNRDq2y91etahSxzOBxB2B3k04Ys
9vFPpuKq5QAskCBGEucinYYKTy7/ciIXsaSij2m/G7/ly/Qaqt0pIgjqi4QhuJs3
yWidIm1aBvE4MHXH8WQkg1aF20vfdGXz3CZNT6BWFn/6hNesS+tEQpF/nYLBqnfS
2GghqeWO1+xzxlXWNZU/SD0JhkB6gAeZ+4MP7eYz8BAtpUz7H/zZfZNsOBWb6YJY
Pc8AjqG6mBd/1B2O8yXUda/j/xazEtg0c7uxQjyOEqh2nPeHn9FVLuJsSP74wxdx
zjGmOjJzKUmhBGxLdJZAFL5N7YbLR+qNQfV2UGz4+zVIJge9R7HwWwR9+Um8AHq0
qrnjRf6iAla1phYlgHnPx4r6A9kactDuFsNMfUN8nsUrV+KX15k+dt02CpFSWw0B
lXGPf2MNXTEp+CsuAVBAWFP55JCOwD6yYoLfEfErXvchc7qqIKHgmIrLSyexro7O
F1+HBfu6t1M4tRz0xNu8sGL4uzsjockMW8RL1HFgboUluMgTFPQ=
=k/sj
-----END PGP SIGNATURE-----
Merge tag 'debian/4.9.25-1'
Drop the added patches, which are already in 4.11.
CONFIG_NFP_NETVF is replaced by CONFIG_NFP in 4.11.
2017-05-02 19:57:00 +01:00
Ben Hutchings
fb9c5429ac
Prepare to release linux (4.9.25-1).
2017-05-02 16:21:44 +01:00
Ben Hutchings
38ea360ed4
crypto: Change CRYPTO_SHA256 from module to built-in, as required by IMA
2017-05-02 16:21:36 +01:00
Ben Hutchings
472b038c1a
udeb: Move mfd-core to kernel-image, as both input-modules and mmc-modules need it
2017-05-02 14:11:10 +01:00
Ben Hutchings
c4f7fb8fd3
selinux: Set SECURITY_SELINUX_CHECKREQPROT_VALUE=0, per default
2017-05-02 05:22:00 +01:00
Ben Hutchings
97c9515edc
leds: Enable LEDS_GPIO as module for all configurations with GPIOs ( Closes : #860569 )
2017-05-02 05:19:00 +01:00
Ben Hutchings
29ba603942
udeb: Add tifm_7xx1 to mmc-modules ( Closes : #861195 )
2017-05-02 05:12:01 +01:00
Ben Hutchings
96174d4f99
[arm64] Enable ARMV8_DEPRECATED, SWP_EMULATION, CP15_BARRIER_EMULATION, SETEND_EMULATION ( Closes : #861384 )
2017-05-02 04:57:37 +01:00
Ben Hutchings
c18a3bc8d8
Note that 4.9.25 closes #856843
2017-05-02 04:55:07 +01:00
Ben Hutchings
62f19b9260
crypto: Enable CRYPTO_DEV_CHELSIO as module
2017-05-02 04:53:13 +01:00
Ben Hutchings
1cf36ebc7c
[x86] crypto: Enable CRYPTO_DEV_QAT_C3XXX, CRYPTO_DEV_QAT_C62X, CRYPTO_DEV_QAT_C3XXXVF, CRYPTO_DEV_QAT_C62XVF as modules
2017-05-02 04:53:13 +01:00
Ben Hutchings
52e8d9f36f
[rt] tracing: Enable HWLAT_TRACER
...
This is in mainline but not that useful without PREEMPT_RT.
HWLAT_DETECTOR no longer exists but I didn't notice because
kconfigeditor2 only looks at the mainline Kconfig files.
2017-05-02 04:53:13 +01:00
Ben Hutchings
a315c25499
[x86] hwtracing: Enable INTEL_TH, INTEL_TH_PCI, INTEL_TH_GTH, INTEL_TH_MSU, INTEL_TH_PTI as modules
2017-05-02 04:53:13 +01:00
Ben Hutchings
f250ad6f7b
dma-buf: Explicitly disable SYNC_FILE
...
I think this is needed by Android userland, but then so are a lot of
other things we don't enable.
2017-05-02 04:53:13 +01:00
Ben Hutchings
675249285f
Explicitly set various symbols to their defaults
...
Mostly this disables a whole lot of drivers that should only be enabled
in specific configurations (if at all).
2017-05-02 04:53:13 +01:00
Ben Hutchings
0f9f62ce3e
[x86] platform: Enable INTEL_HID_EVENT as module
2017-05-02 04:26:32 +01:00
Ben Hutchings
cf48795305
[x86] comedi: Enable COMEDI_ADV_PCI1720, COMEDI_ADV_PCI1760 as modules
2017-05-02 04:26:32 +01:00
Ben Hutchings
f5c277c282
[amd64] EDAC: Enable EDAC_SKX as module
2017-05-02 04:26:32 +01:00
Ben Hutchings
9728988386
IB: Enable INFINIBAND_HFI1, INFINIBAND_I40IW, INFINIBAND_QEDR, RDMA_RXE as modules
2017-05-02 04:26:32 +01:00
Ben Hutchings
fd24af5949
leds: Enable LEDS_TRIGGER_DISK, LEDS_TRIGGER_MTD, LEDS_TRIGGER_PANIC
2017-05-02 04:26:32 +01:00
Ben Hutchings
f965312c8e
USB/misc: Enable UCSI as module
2017-05-02 04:26:32 +01:00
Ben Hutchings
3f68b53e2c
usbip: Enable USBIP_VUDC as module
2017-05-02 04:26:32 +01:00
Ben Hutchings
6dafde3362
leds,USB: Enable USB_LEDS_TRIGGER_USBPORT as module
2017-05-02 04:26:32 +01:00
Ben Hutchings
f98a6c1701
HID: Enable HID_SENSOR_CUSTOM_SENSOR as module
2017-05-02 04:26:32 +01:00
Ben Hutchings
bb3cdfe4f6
hda: Set SND_HDA_PREALLOC_SIZE=2048 as recommended for PulseAudio
2017-05-02 04:26:32 +01:00
Ben Hutchings
6b9daaf87e
[x86] amdgpu,sound/soc: Enable DRM_AMD_ACP; enable SND_SOC_AMD_ACP as module
2017-05-02 04:26:32 +01:00
Ben Hutchings
5ed69967a2
media: Enable VIDEO_TW5864, VIDEO_TW686X as modules
2017-05-02 04:26:32 +01:00
Ben Hutchings
2d277e1fa2
Update to 4.11
...
All patches still apply!
2017-05-01 17:56:56 +01:00
Salvatore Bonaccorso
7ba1afb386
nfsd: stricter decoding of write-like NFSv2/v3 ops (CVE-2017-7895)
2017-04-29 22:02:50 +02:00
Salvatore Bonaccorso
7961205000
nfsd4: minor NFSv2/v3 write decoding cleanup
2017-04-29 21:59:48 +02:00
Salvatore Bonaccorso
0e77dea5fc
nfsd: check for oversized NFSv2/v3 arguments (CVE-2017-7645)
2017-04-29 21:52:43 +02:00
Salvatore Bonaccorso
4c666bd4da
Update to 4.9.25
2017-04-27 20:19:04 +02:00
John Paul Adrian Glaubitz
d2be118d62
[m68k] udeb: Enable suffix for kernel-image ( Closes : #859366 )
2017-04-27 18:37:09 +01:00
Ben Hutchings
f3c3de0f60
integrity: Enable IMA and related kconfig symbols (except on armel/marvell)
...
Closes : #788290
Based on advice from Matthew Garrett.
2017-04-27 18:37:09 +01:00
Salvatore Bonaccorso
6771be1138
macsec: dynamically allocate space for sglist
2017-04-27 07:42:13 +02:00
Salvatore Bonaccorso
7b2acecada
macsec: avoid heap overflow in skb_to_sgvec (CVE-2017-7477)
2017-04-27 06:43:38 +02:00
Ben Hutchings
e7b761c5fd
[arm64] Add bug closure for raising NR_CPUS
2017-04-25 23:40:09 +01:00
Ben Hutchings
4e57833523
watchdog: Enable WATCHDOG_SYSFS
2017-04-25 23:16:40 +01:00
Ben Hutchings
2b2a89c35f
thermal: Explicitly disable GENERIC_ADC_THERMAL per default
2017-04-25 23:15:47 +01:00
Ben Hutchings
a1a96efe46
[x86] thermal: Enable INT3406_THERMAL as module
2017-04-25 23:13:32 +01:00
Ben Hutchings
cc56cd8593
gpio: Explicitly set various symbols to their defaults
2017-04-25 22:58:43 +01:00
Ben Hutchings
8ab44aa518
[x86] gpio: Enable GPIO_AMDPT as module
2017-04-25 22:57:34 +01:00
Ben Hutchings
f3a2da345c
spi: Explicitly set various symbols to their defaults
2017-04-25 22:56:53 +01:00
Ben Hutchings
9ad676b26c
char: Explicitly enable DEVPORT per default
2017-04-25 22:53:32 +01:00
Ben Hutchings
fd23df3a24
serial/8250: Enable SERIAL_8250_MOXA as module
2017-04-25 22:50:51 +01:00
Ben Hutchings
25cf1aa652
[x86] input/touchscreen: Enable TOUCHSCREEN_SURFACE3_SPI as module
2017-04-25 22:49:04 +01:00
Ben Hutchings
79226c42bf
input: Enable TABLET_USB_PEGASUS as module
2017-04-25 22:48:26 +01:00
Ben Hutchings
c9034d73b4
drivers/input: Explicitly set various symbols to their defaults
2017-04-25 22:46:57 +01:00
Ben Hutchings
e4f8eedb77
net/phy: Enable MICROSEMI_PHY as module
2017-04-25 22:42:23 +01:00
Ben Hutchings
9ee3fb1151
ethernet: Enable NFP_NETVF as module
2017-04-25 22:41:37 +01:00
Ben Hutchings
6a09142123
drivers/net: Explicitly set various symbols to their defaults
2017-04-25 22:37:52 +01:00
Ben Hutchings
94b8328125
net/sched: Enable NET_ACT_SKBMOD as module
2017-04-25 22:23:51 +01:00
Ben Hutchings
45a93062df
6lowpan: Enable Generic Header Compression modules
2017-04-25 22:22:50 +01:00
Ben Hutchings
f6ab826219
PCI: Enable PCIE_PTM (except on armel/marvell)
2017-04-25 22:20:09 +01:00
Salvatore Bonaccorso
fe7d4b95a0
Add changelog entry for CVE-2017-8061
...
Gbp-Dch: Ignore
2017-04-23 12:15:25 +02:00
Salvatore Bonaccorso
1beb630d78
Add changelog entry to record CVE-2017-8063
...
Gbp-Dch: Ignore
2017-04-23 12:09:00 +02:00
Salvatore Bonaccorso
dff836d7ec
Add CVE-2017-8064 reference
...
Gbp-Dch: Ignore
2017-04-23 12:02:37 +02:00
Salvatore Bonaccorso
1ad0a79c0a
Add changelog entry for CVE-2017-8067
...
Gbp-Dch: Ignore
2017-04-23 11:46:28 +02:00
Ben Hutchings
7bf90ad750
KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings (CVE-2017-7472)
2017-04-22 02:26:48 +01:00
Ben Hutchings
89402402c8
KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (CVE-2016-9604)
2017-04-22 02:25:04 +01:00
Ben Hutchings
74fdfed494
Drop ABI maintenance patches
...
We're bumping ABI in the next upload so don't need these.
2017-04-22 02:22:38 +01:00
Ben Hutchings
9c5f88b1f6
Update to 4.9.24
...
Drop most of our bug fix patches, which were included in it.
Adjust context in a couple of rt patches that have textual conflicts.
2017-04-22 00:59:32 +01:00
Aurelien Jarno
d518bcf5f3
[mips*el/loongson-3] Disable PAGE_EXTENSION and PAGE_POISONING.
...
This workaround a kernel crash, until the real issue is found. It is
currently being investigated.
2017-04-22 01:16:49 +02:00
Aurelien Jarno
f2b1e81469
[mips*/octeon] Drop obsolete patch adding support for the UBNT E200 board.
2017-04-21 11:31:33 +02:00
Ben Hutchings
3cd2ed795d
[arm64] Enable REGULATOR_GPIO as module ( Closes : #860222 )
2017-04-21 01:33:01 +01:00
Ben Hutchings
1e2342437a
[arm64] Enable ARC_SUNXI, RTC_DRV_SUN6I as built-in, MMC_SUNXI and PHY_SUN4I_USB as modules
...
Closes : #860855
2017-04-21 01:00:12 +01:00
Ben Hutchings
ce8bf477b0
Restore #include that I mistakenly removed from arm64 securelevel/lockdown patch
2017-04-21 00:54:11 +01:00
Ben Hutchings
0905519af4
Clean up kconfig using kconfigeditor2
...
Rename or delete options that changed in 4.11.
2017-04-20 19:45:06 +01:00
Ben Hutchings
259372e240
[x86] Make hyperv-modules depends on nic-shared-modules
...
hv_utils (not hv_netvsc!) now implements a PTP clock.
2017-04-20 19:24:09 +01:00
Ben Hutchings
0e0b29ad5a
[arm64,x86] Replace securelevel patch set with lockdown patch set
...
Matthew stopped maintaining the securelevel patch set, and David
Howells has taken it up under the new name 'lockdown'. This is
taken from:
https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git#efi-lock-down
commits ddb99e118e37f324a4be65a411bb60ae62795cf9..0240fa7c7c948b19d57c0163d57e55296277ff3c
Rebase the three patches not included there (cold boot mitigation,
arm64 SB integration, MTD RAM restrictions).
Update our kconfig for the renaming.
2017-04-20 02:38:34 +01:00
Ben Hutchings
be339ddfdd
aufs: Update support patchset to aufs4.x-rcN-20170410
2017-04-20 01:48:49 +01:00
Ben Hutchings
327c328b54
Update to 4.11-rc7 (and credit Lukas for his previous work)
2017-04-20 01:11:22 +01:00
Ben Hutchings
d85c3a332d
Complete forward-porting of "arm64: add kernel config option to set securelevel ..."
...
efi_get_secureboot() now returns one of three enumerated values, not
a boolean. We need to either redefine the DT property the same way
(risky unless we also rename it) or squash them into a boolean.
Do the latter.
2017-04-20 00:51:24 +01:00
Ben Hutchings
85c3a1be4d
Note Lukas Wunner's forward-porting work in patches
2017-04-20 00:48:59 +01:00
Ben Hutchings
40f397ca1a
Drop another patch redundant with upstream changes
2017-04-20 00:16:12 +01:00
Lukas Wunner
f26f2a520d
Update to 4.11-rc6
...
Remove merged patches and rebase remaining patches.
A portion of the secureboot patches have been upstreamed, but were
changed substantially during review, primarily to avoid code
duplication among arches. I've stripped the patches of the merged
bits and rebased the remainder.
Signed-off-by: Lukas Wunner <lukas@wunner.de>
[bwh: Undo some incorrect context changes in
bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch]
2017-04-20 00:15:17 +01:00
Ben Hutchings
22e8e7af28
Explicitly mark some patches as Forwarded: no or not-needed
2017-04-18 04:19:54 +01:00
Ben Hutchings
cf75a4d22c
Add Origin for a probably-obsolete MIPS patch
2017-04-18 04:19:20 +01:00
Ben Hutchings
aa2adea45f
Update Origin and description for various patches now applied/merged upstream
2017-04-18 04:18:56 +01:00
Ben Hutchings
790885d6d8
Add Forwarded header and update description for several patches
2017-04-18 04:15:47 +01:00
Ben Hutchings
8701ef58ba
Replace "[media] dvb-usb: Don't use stack for reset either" with upstream fix
2017-04-18 01:16:50 +01:00
Ben Hutchings
3f62574711
crypto: ahash - Fix EINPROGRESS notification callback (CVE-2017-7618)
2017-04-16 23:25:12 +01:00
Ben Hutchings
4d042ae0ff
[rt] Update to 4.9.20-rt16
2017-04-16 21:52:57 +01:00
Ben Hutchings
31945f628c
Update to 4.9.22
...
Drop patches applied upstream.
2017-04-16 21:47:05 +01:00
Ben Hutchings
326a2052e2
linux-image: Disable signing until it's supported in dak
...
Only code signing through dak is going to be acceptable for a stable
release, so disable the current arrangement.
2017-04-16 18:53:52 +01:00
Ben Hutchings
b4b1be4c52
Move debug symbols back to the main archive
...
dak currently allows a binary upload to include debug symbol packages
that don't appear in the overrides file or the Binary field of the
changes file, so long as they have the appropriate
'Auto-Built-Package' field and their name matches another binary
package in the upload plus the '-dbgsym' suffix.
For architectures with code signing enabled, our binary uploads never
match this condition as the corresponding binary package has the
'-unsigned' suffix and the debug symbols package does not. Since we
do list the debug symbol packages in the Binary field, they do get
added to the overrides file when accepted through the NEW queue, but
they are automatically pruned from there some time later. Later
uploads then have to go through NEW even though they are not
introducing new binary packages. This would be a big problem for
stable security updates.
For now, move debug symbols back to the main archive with the old
'-dbg' suffix. Keep them enabled for all architectures.
2017-04-16 18:53:35 +01:00
Ben Hutchings
6ef03e0be7
Merge remote-tracking branch 'alioth/sid' into sid
2017-04-16 17:22:54 +01:00