Ben Hutchings
e01624c730
cpupower: Move library to multiarch directory
...
Upstream moved it from /usr/lib to /usr/lib64 in 4.15, but neither of
these is correct.
2017-12-27 01:38:00 +00:00
Ben Hutchings
7bcd3c4d13
lockdown: Update calls to kernel_is_locked_down() in "mtd: Disable slram and phram when locked down"
...
We need to pass a string to be logged the first time the check fires.
2017-12-27 01:37:24 +00:00
Ben Hutchings
7dd9b58675
Update to 4.15-rc5
...
Also update the aufs and lockdown patchsets.
2017-12-26 18:54:17 +00:00
Ben Hutchings
ab5d03cb3b
Prepare to release linux (4.14.7-1).
2017-12-22 14:12:23 +00:00
Ben Hutchings
8423f81c55
Merge remote-tracking branch 'alioth/sid' into sid
2017-12-22 14:10:04 +00:00
Salvatore Bonaccorso
196596c560
crypto: hmac - require that the underlying hash algorithm is unkeyed (CVE-2017-17806)
2017-12-22 09:13:19 +01:00
Salvatore Bonaccorso
4f056ca2c6
crypto: salsa20 - fix blkcipher_walk API usage (CVE-2017-17805)
2017-12-22 09:00:33 +01:00
Ben Hutchings
adef82ee3a
Bump ABI to 2
2017-12-22 03:54:44 +00:00
Ben Hutchings
cf1f6e2019
bpf/verifier: Fix multiple security issues ( Closes : #883558 )
2017-12-22 03:54:44 +00:00
Salvatore Bonaccorso
a983b69920
Add one more known CVE id
...
Gbp-Dch: Ignore
2017-12-21 06:07:46 +01:00
Salvatore Bonaccorso
2bc058f58c
Add opening parenthesis
...
Gbp-Dch: Ignore
2017-12-20 20:41:06 +01:00
Ben Hutchings
fc7f6fafd8
Add security fixes
2017-12-20 19:27:18 +00:00
Ben Hutchings
285e1090f2
[rt] Update to 4.14.6-rt7
2017-12-20 18:53:59 +00:00
Ben Hutchings
9e0441b20a
Update to 4.14.7
...
Drop patches applied upstream, and fix a few conflicts.
2017-12-20 18:40:37 +00:00
Riku Voipio
67968436a4
[arm64] udeb: add mvebu comphy for armada 8K
2017-12-12 11:01:35 +02:00
Riku Voipio
11548f0aea
[arm64] udeb: add multifunction devices
2017-12-12 11:00:38 +02:00
Vagrant Cascadian
a865f2fdb7
[armhf, arm64] Backport patches from 4.15.x to support dwmac-sun8i.
2017-12-11 13:15:45 -08:00
Salvatore Bonaccorso
2f634be5d8
xen/time: do not decrease steal time after live migration on xen
...
Closes : #871608
2017-12-03 10:53:37 +01:00
Salvatore Bonaccorso
7e09c9fcc8
Add ABI reference for 4.14.0-1
2017-12-03 10:18:48 +01:00
Ben Hutchings
5b750f6268
Prepare to release linux (4.14.2-1).
2017-11-30 12:33:47 +00:00
Ben Hutchings
1bf82631fb
Revert "SCSI: Enable SCSI_MQ_DEFAULT"
...
This reverts commit 16d7f29d46
. There
seem to be a lot of important fixes going into 4.15 for blk-mq, most
of which aren't tagged for stable, making it look a bit risky as a
default for 4.14. I'll probably re-enable this for 4.15-rc.
2017-11-30 12:07:11 +00:00
Ben Hutchings
3f937de450
[x86] mmap: Add an exception to the stack gap for Hotspot JVM compatibility
...
Closes : #865303
2017-11-30 12:07:11 +00:00
Ben Hutchings
a87b11684d
Prepare to upload to unstable
...
Drop the ~exp1 from the version.
Set ABI to 1.
2017-11-30 12:06:47 +00:00
Salvatore Bonaccorso
71832be11b
mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d() (CVE-2017-1000405)
2017-11-30 08:16:06 +01:00
Ben Hutchings
fb72f17cab
[rt] Update to 4.14.1-rt3
2017-11-29 23:05:39 +00:00
Ben Hutchings
b0a4fbf1cd
[rt] Add new signing subkey for Steven Rostedt
2017-11-29 22:11:04 +00:00
Ben Hutchings
16d7f29d46
SCSI: Enable SCSI_MQ_DEFAULT
...
Now that blk-mq has a similar default scheduler as the old block
layer, it should be safe to switch over.
Note how to revert this at run-time if necessary.
2017-11-29 22:11:04 +00:00
Salvatore Bonaccorso
f6077f8f4f
Add entry for CVE-2017-16994
2017-11-27 21:35:01 +01:00
Salvatore Bonaccorso
f83f2a2082
Update to 4.14.2
2017-11-25 08:30:31 +01:00
Ben Hutchings
2ed7a163b9
leds: Enable LEDS_BRIGHTNESS_HW_CHANGED ( Closes : #872862 )
2017-11-24 17:20:44 +00:00
Ben Hutchings
a633085eb6
apparmor: fix oops in audit_signal_cb hook (regression in 4.14)
2017-11-24 13:25:03 +00:00
Ben Hutchings
b979dd72a4
[armel] Change configuration to reduce image size (fixes FTBFS)
...
- Change CONNECTOR from built-in to module, and disable PROC_EVENTS
- Disable INTEGRITY and dependent options
- video: Disable USB_APPLEDISPLAY, BACKLIGHT_CLASS_DEVICE
This still only gets us down to 99.26% of maximum size, so further
changes will be needed soon.
2017-11-23 01:00:43 +00:00
Ben Hutchings
d769bf7e2b
Update to 4.14.1
2017-11-22 03:13:35 +00:00
Ben Hutchings
5436f201dd
aufs: Update support patchset to aufs4.14-20171120
2017-11-21 16:20:07 +00:00
Ben Hutchings
bf3c5027e0
i40e: Build for 32-bit targets again
...
Apply the upstream patches that removed the use of cmpxchg64().
2017-11-21 16:14:37 +00:00
Ben Hutchings
1dffc3c5d6
[rt] Update to 4.14-rt1 and reenable ( Closes : #882192 )
2017-11-20 14:17:41 +00:00
Ben Hutchings
94964d2c86
Prepare to release linux (4.14-1~exp1).
2017-11-17 00:16:15 +00:00
Ben Hutchings
0876bb2edc
Set ABI name to trunk
2017-11-17 00:16:12 +00:00
Ben Hutchings
1a1f0ef065
Release linux (4.13.13-1).
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAloODhAACgkQ57/I7JWG
EQkFAg//Zb5RqwypcEFRZs6Oyi4jF6EekQW+UVXjAE8gAw3ae8+1uvkg3TyMY7uT
C//3H1DGY/A3imqHsxku9NG5T9KhJL9cKn2EDRz8c/+lU949wXjzSFCQk+p9mwcb
RSyuqES+FwtrMJoN0iXpVIiTSjImuu4IIpTmc6IsZo1frn5oHKmeC4mvsKuflL/S
usdauRUkQewtTvi/Z8wDA5fJIDN2ff0DcSN8Km/QPlB2zUoGaQRM36ApZVeHDX3X
190bDAuBfJp9Pht3eFPUq6HwEht9hbiqSaSpMKB/jyPE8lWZ7AL8CM2qiOuZCXil
ncELxkx+8Cqp4jAWc3wqGZ5mkeVHeHxZcmFv0b4hQaaifW5GtmlMo/XHhMeFIoCc
tbcC55No2c3ZUhUH0kAQyf26zZ3f7hBAYT8EI5BNngPpZB4W7NJL8A2c09QYxAVB
/uXNnCdd7LZ9Dnhgc0K1FjIEckd1XHVQgVZ6Seo4Pv2adMfLckla3Xvqj888515a
akTL9LFAKySOqalakMl34G2FT1S0CR9+7I45KFcKjiGW5pF1RgDeLZy1W+nQq3Vd
oH2KmWGovmouMEnrh8RgKJNwLkelVkLKl0AFhJ29PGeDrGAklz0Sy5egB8iqoxRh
fiKph8IGdD8akqlI4d8mTWs01FmALkkSHUkLAxbME8HC3lpb7Ic=
=TJmK
-----END PGP SIGNATURE-----
Merge tag 'debian/4.13.13-1'
Release linux (4.13.13-1).
2017-11-16 22:18:14 +00:00
Ben Hutchings
8c84dc3d14
Prepare to release linux (4.13.13-1).
2017-11-16 21:04:10 +00:00
Ben Hutchings
617046eb45
netfilter: nat: Avoid ABI change in 4.13.13
2017-11-16 21:04:07 +00:00
Ben Hutchings
7cb3e39661
ALSA: timer: Avoid ABI change in 4.13.13
2017-11-16 20:52:13 +00:00
Ben Hutchings
4c3b3b1dec
dvb_frontend: don't use-after-free the frontend struct (CVE-2017-16648)
...
Plus another fix it seems to depend on.
2017-11-16 20:04:01 +00:00
Ben Hutchings
f03dc09259
[armhf] drm: Enable DRM_SUN4I etc. ( Closes : #881570 )
2017-11-16 19:59:53 +00:00
Riku Voipio
79e266334e
[arm64] config fixup
...
drop CRYPTO_DEV_CAVIUM_ZIP due to crashes
add SERIAL_DEV_BUS, needed for HiKey bluetooth
2017-11-16 21:54:44 +02:00
Ben Hutchings
8aabb7ea89
amdgpu: Enable DRM_AMDGPU_SI, CONFIG_DRM_AMDGPU_CIK ( Closes : #847570 )
2017-11-16 19:17:33 +00:00
Ben Hutchings
26fe100dfe
[x86] rmi4: Disable RMI4_SMB ( Closes : #880471 )
2017-11-16 19:12:16 +00:00
Ben Hutchings
3529916815
[arm64] nvmem: Enable NVMEM_SUNXI_SID as module ( Closes : #881567 )
2017-11-16 19:10:31 +00:00
Ben Hutchings
a4d1de0350
[arm64,x86] net/wireless: Enable RTL8723BS as module ( Closes : #881568 )
2017-11-16 19:07:46 +00:00
Ben Hutchings
e81177b8a9
amdgpu: Enable DRM_AMDGPU_USERPTR on all architectures
...
I missed this when enabling amdgpu on arm64.
Also move the explicit disabling of DRM_AMDGPU_CIK to the top level
config.
2017-11-16 18:44:33 +00:00
Ben Hutchings
2cc01f34ce
[powerpc*/*64*] drm: Enable DRM_AMDGPU as module ( Closes : #881593 )
2017-11-16 18:42:09 +00:00
Ben Hutchings
9f5b9b8ff8
nftables: Enable NFT_RT, NFT_SET_BITMAP, NFT_OBJREF as modules ( Closes : #881931 )
2017-11-16 18:37:11 +00:00
Ben Hutchings
58e12683e1
net: qmi_wwan: fix divide by 0 on bad descriptors (CVE-2017-16650)
2017-11-16 18:13:46 +00:00
Ben Hutchings
91a7ba9320
net: cdc_ether: fix divide by 0 on bad descriptors (CVE-2017-16649)
2017-11-16 18:12:24 +00:00
Ben Hutchings
4ee0c56703
net: usb: asix: fill null-ptr-deref in asix_suspend (CVE-2017-16647)
2017-11-16 18:11:00 +00:00
Ben Hutchings
ed4bdea861
media: dib0700: fix invalid dvb_detach argument (CVE-2017-16646)
2017-11-16 18:10:19 +00:00
Ben Hutchings
c718be9d81
media: imon: Fix null-ptr-deref in imon_probe (CVE-2017-16537)
2017-11-16 18:04:43 +00:00
Ben Hutchings
a06739ccd2
media: cx231xx-cards: fix NULL-deref on missing association descriptor (CVE-2017-16536)
2017-11-16 18:03:20 +00:00
Ben Hutchings
c08c3b8b25
usb: usbtest: fix NULL pointer dereference (CVE-2017-16532)
2017-11-16 17:40:00 +00:00
Ben Hutchings
1549b29ea0
Add follow-up fixes relatd to CVE-2017-13080
2017-11-16 17:35:46 +00:00
Ben Hutchings
f4e45ee455
Update to 4.13.13
2017-11-16 17:32:44 +00:00
Salvatore Bonaccorso
6ff07bd9a5
sctp: do not peel off an assoc from one netns to another one (CVE-2017-15115)
2017-11-16 15:22:47 +01:00
Salvatore Bonaccorso
5d9e74ced8
mac80211: accept key reinstall without changing anything (CVE-2017-13080)
2017-11-16 15:18:54 +01:00
Ben Hutchings
d8d66235a8
Update to 4.14
2017-11-14 13:02:01 +00:00
Ben Hutchings
a2708107ce
swap: Avoid ABI change in 4.13.12
2017-11-12 01:09:18 +00:00
Ben Hutchings
86b8621ec9
[powerpc*] kvm: Ignore ABI change in 4.13.6 (fixes FTBFS)
2017-11-11 20:53:08 +00:00
Ben Hutchings
fdf384b742
[powerpc*] Ignore kvm-related ABI changes (fixes FTBFS)
2017-11-11 20:50:42 +00:00
Salvatore Bonaccorso
95757c39a8
Update to 4.13.12
2017-11-11 09:29:31 +01:00
Riku Voipio
ed497f3cb7
Add server and 96boards options
...
Generic server options NUMA, ACPI_NUMA, CRASH_DUMP, VFIO, *WATCHDOG
Servers specific options:
APM X-gene: NET_XGENE_V2
Cavium ThunderX: EDAC_THUNDERX, MMC_CAVIUM_THUNDER, CRYPTO_DEV_CAVIUM*
Cavium ThunderX 2: GPIO_XLP, I2C_XLP9XX, SPI_XLP
Hisilicon: DRM_HISI_HIBMC, SCSI_HISI_SAS_PCI
Marvell Armada 7k/8k/3700: CRYPTO_DEV_MARVELL_CESA, MARVELL_PHY,
MARVELL_10G_PHY, PHY_MVEBU_CP110_COMPHY, RTC_DRV_MV,
RTC_DRV_ARMADA38X, SPI_ARMADA_3700, ARMADA_THERMAL,
NOP_USB_XCEIV, HW_RANDOM_OMAP, CRYPTO_DEV_SAFEXCE
96boards:
Hikey: PCIE_KIRIN, TEE, OPTEE, SND_I2S_HI6210_I2S, DRM_I2C_ADV7511_AUDIO
DragonBoard 410c: *QCOM*, CONFIG_CMA, USB changes
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2017-11-09 15:44:47 +02:00
Salvatore Bonaccorso
f13763371c
Add CVE id reference for CVE-2017-16643
...
Gbp-Dch: Ignore
2017-11-08 10:45:20 +01:00
Salvatore Bonaccorso
4a745d05b1
Add CVE id for CVE-2017-15306
...
Gbp-Dch: Ignore
2017-11-06 13:04:31 +01:00
Bastian Blank
7522aac927
Enable CRYPTO_SHA3
2017-11-06 11:22:29 +01:00
Ben Hutchings
bd1e10f8bd
linux-image: Recommend apparmor ( Closes : #880441 )
...
The apparmor package is needed for loading profiles. In theory,
enabling AppArmor without any profiles loaded should do nothing, so
this is not really a dependency of the kernel. However, if a systemd
unit specifies a AppArmor profile and the kernel has AppArmor enabled
then failure to load the profile is fatal.
As the linux-image packages select AppArmor as the default LSM, they
should probably also be responsible for getting the necessary userland
support installed. But since the default can be overridden, use
Recommends rather than Depends.
2017-11-05 01:54:12 +00:00
Salvatore Bonaccorso
43a5e411fd
Add bug closer for #879768
...
Gbp-Dch: Ignore
2017-11-04 16:57:42 +01:00
Salvatore Bonaccorso
e7fd57b49f
netfilter: nft_set_hash: disable fast_ops for 2-len keys
...
Closes : #880145
2017-11-04 15:43:57 +01:00
Salvatore Bonaccorso
4b0df3bed7
cifs: check MaxPathNameComponentLength != 0 before using it
...
Thanks: Andrew Chadwick
Closes : #880504
2017-11-04 09:55:14 +01:00
Salvatore Bonaccorso
384fa91229
Update to 4.13.11
2017-11-04 09:06:37 +01:00
Ben Hutchings
c8b3153d0d
debian/control: Set Rules-Requires-Root to no
...
Tell dpkg and debhelper that we can install without (fake)root and
then dpkg-deb should then override all ownership to root:root.
Draft specification for this field:
https://lists.debian.org/debian-devel/2017/10/msg00520.html
2017-10-30 21:58:12 +00:00
Ben Hutchings
85565e1ae2
Prepare to release linux (4.14~rc7-1~exp1).
2017-10-30 18:31:38 +00:00
Ben Hutchings
e59d862868
Release linux (4.13.10-1).
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAln3apoACgkQ57/I7JWG
EQllsQ//fyZFkoGOLpHjkS3sNtMxfh1J9+f+JJI33WF9vA/w7SnRfg/Rdbjx+rY8
LRCnviTyh5tuxKSPKHerpUqjNbYi7Hcr0LXxxOPL1Rr+BTFKQuaSDYNzt10bT2mJ
9B0ZYI+Q8n7rAq1/MeSKygV6zh+5MxywN8LZlqg0Au8/7/c7H0nR3MOEFz29imL0
jBMOhy7a+Gby3Qs5ZdKGf0i4RZT9Y/9Ozu9sFpVGqrTyY+FlEd0y1KUvIipbdLTH
S/oRFF1m4IeS7tF6AIprCPMIMPt8tcQrSLvB01REpbvSJvDg+laEgmHnb0PKlOpW
RAeQn2r1NCEjjZcKll8dCMp+sTiLhx+us4L3Jumwb2Yno+219zuScFg2MR0zu5U/
XCB5zG2U5XENH+fRdDnWROkXJ/o1Dtk+Ix1aPySa8I9IdlP45n+Q4LCLw3eg5h3I
CdITwTJxWlnLJVI852wh1qorBuUs5lac9HZ8u0s5MDFXNQkWOVQKRPZN0sA3hwwp
wjudMsGgq6kkoknnEcwTKV4JFWJdfJ0SieaWBv1LSQwAmVy3/QvOTvDBLzRxmtUX
tygPktH53HLp4z6qPOcKD+hGLcdlD5oTWYb2O5MqVlSI8MjONOcjpRGAP2fhIf2t
3INpM9sJPHILXqpEMH6co4VzxnQq1OElMjcA5nqD2A7HLOSDhZg=
=x3uW
-----END PGP SIGNATURE-----
Merge tag 'debian/4.13.10-1'
Release linux (4.13.10-1).
2017-10-30 18:31:31 +00:00
Ben Hutchings
375e4b8147
Update to 4.14-rc7
2017-10-30 18:28:33 +00:00
Vagrant Cascadian
38106d0ef0
Enable SQUASHFS_LZ4 in default config.
2017-10-30 16:52:53 +01:00
Ben Hutchings
ed0765f59c
Prepare to release linux (4.13.10-1).
2017-10-30 15:32:11 +00:00
Ben Hutchings
9bf0fcf06e
[armel,armhf] mbus: Ignore ABI change in 4.13.10
2017-10-30 15:32:03 +00:00
Ben Hutchings
1ea9c5efa8
snd-seq: Ignore ABI changes
...
Commit 8009d506a1dd "ALSA: seq: Enable 'use' locking in all
configurations" which was backported into 4.13.10 will result in an
ABI change for !SMP configurations. Ignore this, as I don't expect
there to be any out-of-tree sequencer drivers.
2017-10-30 12:45:19 +00:00
Ben Hutchings
15c6a89208
Update to 4.13.10
...
Limit the ABI change in keys.
2017-10-29 12:13:18 +00:00
Ben Hutchings
f1e87af382
[x86] rmi4: Enable RMI4_SMB as module ( Closes : #875621 )
2017-10-28 20:53:13 +01:00
Ben Hutchings
ec3cd54d45
Avoid/ignore more ABI changes in 4.13.y
2017-10-28 20:50:11 +01:00
Salvatore Bonaccorso
d2ca70712e
Add CVE ids for some issues fixed with the 4.13.9 import
2017-10-27 16:26:15 +02:00
Ben Hutchings
43a809fe93
security: Enable DEFAULT_SECURITY_APPARMOR
2017-10-26 22:51:36 +02:00
Ben Hutchings
50f87144fd
[armel] security: Enable SECURITY_APPARMOR and disable SECURITY_SELINUX
2017-10-26 22:50:16 +02:00
Ben Hutchings
48bb38a3f7
Update to 4.13.9
...
Drop many patches which are now upstream.
Avoid/ignore ABI changes as appropriate.
2017-10-26 22:41:11 +02:00
Uwe Kleine-König
28f20726e5
[arm64] add BRCMFMAC_SDIO for wifi on Raspberry Pi 3
2017-10-26 17:53:57 +02:00
Ben Hutchings
ab40ca5985
[armel] udeb: Remove fbcon from fb-modules package
...
It can't be built as a module any more.
2017-10-20 17:29:46 +01:00
Ben Hutchings
548cef1805
[alpha] udeb: Remove empty fb-modules package (fixes FTBFS)
...
The module list for fb-modules included several optional modules that
seem to have never been built on alpha(!) and fbcon which is now
built-in.
2017-10-20 17:27:35 +01:00
Ben Hutchings
2629671100
debian/bin/gencontrol.py: Set encoding to UTF-8 globally
...
I just made this change for firmware-nonfree, for which I wrote:
We open some, but not all, files with an explicit UTF-8 encoding. One
of the open calls that I missed has just caused gencontrol.py to fail
instead a pbuilder environment. Instead of continuing to set an
explicit encoding for each open call, use locale.setlocale to set it
globally.
I haven't hit such a problem here, but let's do it anyway.
Keep using explicit encodings in debian/lib for now, since we can't
assume all calling programs will set the locale.
2017-10-20 02:56:35 +01:00
Ben Hutchings
945bac5e39
[mips*] Increase RELOCATION_TABLE_SIZE to 0x00120000 (fixes FTBFS)
2017-10-20 00:21:19 +01:00
Ben Hutchings
0441e97048
Remove 'fixes FTBFS' for build dependency change
...
libbabeltrace-ctf-dev has been restored as a transitional package.
2017-10-19 23:31:08 +01:00
Ben Hutchings
92aff93068
linux-kbuild: Include scripts/ld-version.sh, needed for powerpc 64-bit modules
2017-10-19 23:08:34 +01:00
Ben Hutchings
fcbe5c22b1
Update build dependencies on libbabeltrace[,-ctf}-dev (fixes FTBFS)
...
libbabeltrace-ctf-dev was merged into libbabeltrace-dev, so the
build dependencies are unsatisfiable in unstable. For stretch-
backports we will still want both of them. So add a suitably
versioned dependency on libbabeltrace-dev as a preferred
alternative to libbabeltrace-ctf-dev.
2017-10-19 11:35:53 +01:00