4c666bd4da
Update to 4.9.25
2017-04-27 20:19:04 +02:00
6771be1138
macsec: dynamically allocate space for sglist
2017-04-27 07:42:13 +02:00
7b2acecada
macsec: avoid heap overflow in skb_to_sgvec (CVE-2017-7477)
2017-04-27 06:43:38 +02:00
7bf90ad750
KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings (CVE-2017-7472)
2017-04-22 02:26:48 +01:00
89402402c8
KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (CVE-2016-9604)
2017-04-22 02:25:04 +01:00
74fdfed494
Drop ABI maintenance patches
...
We're bumping ABI in the next upload so don't need these.
2017-04-22 02:22:38 +01:00
9c5f88b1f6
Update to 4.9.24
...
Drop most of our bug fix patches, which were included in it.
Adjust context in a couple of rt patches that have textual conflicts.
2017-04-22 00:59:32 +01:00
f2b1e81469
[mips*/octeon] Drop obsolete patch adding support for the UBNT E200 board.
2017-04-21 11:31:33 +02:00
0e0b29ad5a
[arm64,x86] Replace securelevel patch set with lockdown patch set
...
Matthew stopped maintaining the securelevel patch set, and David
Howells has taken it up under the new name 'lockdown'. This is
taken from:
https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git#efi-lock-down
commits ddb99e118e37f324a4be65a411bb60ae62795cf9..0240fa7c7c948b19d57c0163d57e55296277ff3c
Rebase the three patches not included there (cold boot mitigation,
arm64 SB integration, MTD RAM restrictions).
Update our kconfig for the renaming.
2017-04-20 02:38:34 +01:00
40f397ca1a
Drop another patch redundant with upstream changes
2017-04-20 00:16:12 +01:00
f26f2a520d
Update to 4.11-rc6
...
Remove merged patches and rebase remaining patches.
A portion of the secureboot patches have been upstreamed, but were
changed substantially during review, primarily to avoid code
duplication among arches. I've stripped the patches of the merged
bits and rebased the remainder.
Signed-off-by: Lukas Wunner <lukas@wunner.de>
[bwh: Undo some incorrect context changes in
bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch]
2017-04-20 00:15:17 +01:00
3f62574711
crypto: ahash - Fix EINPROGRESS notification callback (CVE-2017-7618)
2017-04-16 23:25:12 +01:00
31945f628c
Update to 4.9.22
...
Drop patches applied upstream.
2017-04-16 21:47:05 +01:00
1d5fde10d8
mm/mempolicy.c: fix error handling in set_mempolicy and mbind (CVE-2017-7616)
2017-04-16 07:59:50 +02:00
263f51b136
cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores ( Closes : #859978 )
2017-04-11 02:57:43 +01:00
5547db97a6
fscrypt: remove broken support for detecting keyring key revocation (CVE-2017-7374)
2017-04-08 09:36:53 +02:00
43f7156d3a
ping: implement proper locking (CVE-2017-2671)
2017-04-08 09:18:35 +02:00
20a0659e24
drm/nouveau/disp/mcp7x: disable dptmds workaround ( Closes : #850219 )
2017-04-07 20:42:59 +01:00
459f0a48e4
Release linux (4.9.18-1).
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAljcf5EACgkQ57/I7JWG
EQmFcQ/8DoBxenUbNW5cY+YbwBKsjuBb8Q6gnqQLOX/JtOJ8MtpQ1t2QQPvMYdXJ
PTcNZAKm8mrsWJxos9WsUHjkdrfuLAsMTisC5FvDkE6myBt++GH3gRtKCT0A2nep
ZU17YeHYfcqv6UK90Jg0p+xAKQEEqKZrryP7fvb8oX5wOORwlLMxBScErftbB/vV
hBvwybq7gfA/4KxDTnWgadpidg16/67ZgKd0EoSsbCpFAJble/hRroMwzKUSzFW+
2yFxrmUNFoIXddoDtORNNdK0nM6b2MKeWKjmndknz4QehlayZWCg1+mEjp7A7Wqp
9naONqhQWMibARGkDl5Y7SZ9/XJXjPmDFXi3EIbhrWMN2TUkzUN14A1YHw+M9p5Q
9UbnpI6eDxjvlezcPjqucIM0ywFwljBrDsQXfGsR6ogQbYvA7nJ0dK63/EXzvl1U
UGUBwHtDhLHxtv85/JsUqq9/UVGbZjcHvyEfmE1mvbMcNxkSLSewt+jd78h7xIyL
tOZP24ARPKqcQ1detou47o8cMmwTqVl6xu08w83xin2Xux+UlYFTtI/LVws3oYNb
F3uEzIgtJbu7ENxCkY5RmIJG9qRJZJ2f6dnpLLld6D52paD5OYNrk1NShtf/Dp+r
zjJoiIRTcO9fPatjl07Y2eDeFeo2SKoD+Xd/5nGDoytE6JiDEXg=
=ONVb
-----END PGP SIGNATURE-----
Merge tag 'debian/4.9.18-1'
Drop ABI reference files.
Refresh/drop patches as needed.
2017-03-30 14:16:47 +01:00
f294506bfa
netfilter: nft_ct: add notrack support ( Closes : #845500 )
2017-03-30 01:40:57 +01:00
42ea80c71c
[arm64] rtc: tegra: Implement clock handling ( Closes : #858514 )
2017-03-29 23:42:54 +01:00
8a7210aeea
net/packet: Fix integer overflow in various range checks (CVE-2017-7308)
2017-03-29 22:50:53 +01:00
8703214f24
[x86] drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl() (CVE-2017-7294)
2017-03-29 22:42:53 +01:00
de3e9af4dc
[x86] vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl() (CVE-2017-7261)
2017-03-29 22:36:16 +01:00
2dd2d226ca
scsi: sg: check length passed to SG_NEXT_CMD_LEN (CVE-2017-7187)
2017-03-29 22:31:24 +01:00
3e739d51e3
xfrm_user: Apply fixes for CVE-2017-7184
2017-03-29 22:28:20 +01:00
b303c03f3b
Update to 4.9.16
...
Drop one patch included in it
2017-03-20 00:12:10 +00:00
f271c6453d
Update to 4.9.15
...
Drop one patch included in 4.9.15
Ignore ABI changes for
module:drivers/nvdimm/libnvdimm
module:drivers/target/**
debugfs_create_automount
2017-03-19 21:41:18 +01:00
73b2f137b6
fjes: Disable auto-loading, as this driver matches a very common ACPI ID ( Closes : #853976 )
2017-03-18 20:51:22 +00:00
4c22453363
[amd64] Don't WARN about expected W+X pages on Xen (see #852324 )
2017-03-16 04:14:51 +00:00
8851d0b7ac
ucount: Remove the atomicity from ucount->count (CVE-2017-6874)
...
...and avoid an ABI change.
2017-03-14 21:39:16 +00:00
11c1294899
ACPI / EC: Use busy polling mode when GPE is not enabled
...
Thanks: Jakobus Schurz <jakobus.schurz@gmail.com>
Closes : #846792
2017-03-13 07:34:43 +01:00
f96b366d00
Update to 4.9.14
...
Drop a patch applied upstream.
Ignore ABI changes as they shouldn't affect OOT modules.
2017-03-12 18:35:37 +00:00
11d69f4069
tty: n_hdlc: get rid of racy n_hdlc.tbuf (CVE-2017-2636)
2017-03-08 03:07:36 +00:00
7513bdfe2b
Kbuild.include: addtree: Remove quotes before matching path (regression in 4.8)
...
loses: #856474
2017-03-04 02:19:07 +00:00
79e486b59b
[media] dvb-usb: don't use stack for firmware load or reset ( Closes : #853894 )
2017-03-01 15:43:37 +00:00
49569a3b8c
sctp: deny peeloff operation on asocs with threads sleeping on it (CVE-2017-6353)
2017-02-27 15:49:27 +00:00
49c2b92937
time: Disable TIMER_STATS (CVE-2017-5967)
...
The upstream "fix" for this is to remove the feature, as it is
redundant with tracing. I'd be quite happy to do that, but it
introduces several conflicts with the PREEMPT_RT patch series.
Unless and until those are resolved in 4.9-stable and 4.9-rt, disable
it in our kconfig and add a dependency on BROKEN to ensure it's
disabled in custom kernels too.
2017-02-26 21:05:05 +00:00
f32a03523e
ipc/shm: Fix shmat mmap nil-page protection (CVE-2017-5669)
2017-02-26 20:51:00 +00:00
003300166a
[x86] kvm: fix page struct leak in handle_vmon (CVE-2017-2596)
2017-02-26 20:29:29 +00:00
93819d25f0
Update to 4.9.13
2017-02-26 20:10:47 +00:00
1fcade696a
Update to 4.10
2017-02-22 20:58:16 +00:00
8c94f719fa
Release linux (4.9.10-1).
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAlinNOsACgkQ57/I7JWG
EQntWg//RuNSbOQeyML971UnFUtZjY3yAUYqhPJdpJimjY3WHjmZlJQrLlSz9IYQ
48Pkt/64P0+iAr9zJ+3uJv1fOagKePd5RaS/iChJdvq0fCGZstFlti5NwXEQtGSv
Yzp0LStZr+pEPZo+8Bo+TVSP25FNXdZBvhUXE2sbxaV8+W9Vx+qFkfrWEiW7hpFv
nCQJic7kmzllS4Aol9e/jj2MqcdWIhviufAImNnfrbpK61Ud6Gznw9gTODw9+OIT
ny6F/k7O6MFPuHp3aAxVC5TCowh16PcC+VqJF9MTnnvHQmD3jYqdeA8zKLnW/tJk
Dl9A6whZ3n4fFRlGjgxjmTP/CgAIeQVqgTgYCApuQQTVG3svIkznoXJLraj5UE90
rzeB30x3ikUWcVggN7xfSkW3e6/v+XSbRfu73sFA81mWyWoddT/NYhw+Y18ym4UJ
Vk8iuAakpjdVj73FSyYOcNGRzOEp2SAV72EsJEMw1/IlIkmRkMmJkkg4T/HYj11P
jK/TjZtSsVbje4zx9/U6g8Rj4Wi40EHZu6kuh2jUhCk91zsAr+7EC45gZC+uohxL
jxKxv2R5p9AR7uN6JzQR4OuOL1bTCrt02MrWdsiPlUi0RBKlJ7O5sGMMsHrVMinn
4zFNeYq2U3Fyaejb32x3DOKtgCjoMRQ5iHyrjgljhzxJcf3fWKk=
=rRkU
-----END PGP SIGNATURE-----
Merge tag 'debian/4.9.10-1'
Drop changes to aufs.
2017-02-22 20:57:36 +00:00
8db6ed9e89
dccp: fix freeing skb too early for IPV6_RECVPKTINFO (CVE-2017-6074)
2017-02-19 10:46:20 +01:00
4fe7cfed42
Update to 4.9.11
...
Ignore/avoid a few ABI changes in net.
2017-02-18 21:54:07 +00:00
7b50304bda
Update to 4.9.11
2017-02-18 20:53:41 +00:00
5d590456c4
[armel] dts: kirkwood: Fix SATA pinmux-ing for TS419 ( Closes : #855017 )
2017-02-18 00:38:36 +00:00
92d269eac2
media: dvb-usb-dibusb-mc-common: Add MODULE_LICENSE ( Closes : #853110 )
2017-02-17 02:56:32 +00:00
4e1df53c24
[x86] xen: Fix APIC id mismatch warning on Intel ( Closes : #853193 )
2017-02-17 02:42:17 +00:00
31532f0851
[x86] platform: acer-wmi: setup accelerometer when machine has appropriate notify event ( Closes : #853067 )
2017-02-17 02:37:50 +00:00
e035177b13
net: ipv6: check route protocol when deleting routes ( Closes : #855153 )
2017-02-17 00:58:21 +00:00
8cf3230524
dccp: Disable auto-loading as mitigation against local exploits
2017-02-16 19:11:26 +00:00
10f2dad569
Update to 4.9.10
2017-02-16 19:06:43 +00:00
58fbff3df5
sctp: avoid BUG_ON on sctp_wait_for_sndbuf (CVE-2017-5986)
2017-02-15 11:54:59 +01:00
9e381d5c13
ipv4: keep skb->dst around in presence of IP options (CVE-2017-5970)
2017-02-15 11:50:22 +01:00
4e5e705c5f
selinux: fix off-by-one in setprocattr (CVE-2017-2618)
2017-02-15 11:44:55 +01:00
4a1042f1a0
IB/rxe: Fix mem_check_range integer overflow (CVE-2016-8636)
2017-02-15 11:41:25 +01:00
9ee6dbd395
Update to 4.9.9
...
Drop revert-patch which is superseded by upstream fix in 4.9.9.
Delete log line for commit that went into 4.9.7 and has now been
reverted.
2017-02-10 00:04:25 +00:00
fb27baab98
pegasus: Use heap buffers for all register access ( Closes : #852556 )
2017-02-07 01:44:24 +00:00
abd788f1da
cpumask: use nr_cpumask_bits for parsing functions ( Closes : #848682 )
2017-02-07 01:40:13 +00:00
63ef596c74
Update to 4.10-rc7
2017-02-07 00:39:58 +00:00
72280e2b29
[armel] ARM: orion5x: fix Makefile for linkstation-lschl.dtb
2017-02-06 07:26:38 +09:00
7eec246dc0
Update to 4.9.7
...
Drop patches applied upstream.
2017-02-03 13:51:44 +00:00
701bf4b244
Revert efistub changes, Closes : #853170
...
[benh: Update changelog]
2017-02-03 03:51:48 +00:00
000457eb03
[powerpc*] Revert the initial stack protector support
...
Fixes build failure on ppc32 (or one reason for it) and boot failure on
ppc64.
2017-02-01 23:51:09 +00:00
9805479fdb
[sparc64] topology_64.h: Fix condition for including cpudata.h
...
This might fix the FTBFS, but as I can't currently do a test build
I'm not sure.
2017-02-01 23:50:15 +00:00
cebb2af7dd
[s390x] Un-revert upstream change moving exports to assembly sources
...
s390 now has <asm/asm-prototypes.h>, so exports from asm should have
versions. It also gained another EXPORT_SYMBOL() in asm that we
didn't revert, leading to FTBFS.
2017-02-01 23:49:39 +00:00
28002f99bf
[armel] ARM: dts: orion5x-linkstation-lschl
...
- Fix model name
- More consistent naming on linkstation series
2017-01-31 02:11:17 +09:00
6b038a62ac
Update to 4.10-rc6
2017-01-30 16:28:55 +00:00
6adadc8ec6
Release linux (4.9.6-2).
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAliL3k0ACgkQ57/I7JWG
EQlmog/8D/DowVsxEjNdiHAewH7HUyqdADkCRkeqsmKgCtZEmvEaYE0RijZzGDhm
Ge4PxOzhLE/DRxJF2gN8y0hIVOnigje9qYN5OBdgB/FNNKThL6ARwiu2LD6DYcwU
+Lu6g8iHqsKHZ+NllHEiiwJ4rR39qf3Tkzz5cgm4jEi+5IjnoefOhaFhyPzBkz8i
p6fWklEhev8+lQ1sW9gF94p3t0dOp/31TWACagRQronrTtT2xAzdrR5ESPTo6FFg
gtcfqoB7AYA4LTuzoKIQRgGLsgKk73iLPF874ZuK9g/+4Z2lF9NBbwve3O0qYKCy
NERddjjx9QEf4cjToqAii10AzAfuBFDG/b77ZscREwysUwMhkz47ADefu5v1P2kJ
XdL/sJ/nXyhItV/VK8ym9lg4jAA8K5UOjn+8RtWBTE8091N7y7kyNHTQ4SppySIZ
Ow+NsWkMd+WYxkdGPSYc7nHthhVRvfC9C4cxamn9en+MNmakMgJcOZTxS4/gcTvx
DMCWGmEJrD5Bu3m9GrJzwfaXteWxMYihsq9ofjXeaeYqxgXZ62GuxMeRq3kBOhSw
H9MUITkqfsjcg7eAz8elFhRvrurlVUWFsSCGr4Fd1Tv9zrFw8OXNRrApy4UQOQ4x
Uw5AcA/3ZA3QCPsOuU8ENES57vJb+D3E/LZZJdTktVLUcoxA0tA=
=C8FJ
-----END PGP SIGNATURE-----
Merge tag 'debian/4.9.6-2'
2017-01-28 01:19:31 +00:00
79253df3bb
Bump ABI to 2
2017-01-27 18:14:37 +00:00
6f6fc512f3
[arm64] ptrace: Avoid ABI change in 4.9.6
2017-01-27 06:16:18 +00:00
e345ccbabe
[armhf,arm64] Add security fixes for vc4 driver
2017-01-26 21:27:04 +00:00
810b36a1d3
fbdev: color map copying bounds checking (CVE-2016-8405)
2017-01-26 21:15:56 +00:00
a873a1d79d
Update to 4.9.6
...
Drop patches which are included in it.
2017-01-26 19:24:36 +00:00
601b9e92a1
Update to 4.10-rc5
...
Drop/refresh patches as appropriate.
[rt] Disable until it is updated for 4.10 or later
2017-01-24 19:26:38 +00:00
7a613e23af
nbd: fix 64-bit division
2017-01-24 21:35:14 +09:00
a2704d736e
[x86] ASoC: Intel: select DW_DMAC_CORE since it's mandatory
...
This also allows enabling SND_SOC_INTEL_BDW_RT5677_MACH without
DW_DMAC_CORE built-in.
2017-01-24 04:43:02 +00:00
cf9d2d33be
[arm64] dts: meson-gx: Add firmware reserved memory zones
...
An important bug fix for this newly enabled hardware, requested in #852132 .
2017-01-24 04:42:22 +00:00
3c00650618
ieee802154: atusb: do not use the stack for buffers to make them DMA able (CVE-2017-5548)
2017-01-23 20:59:51 +01:00
c74f7d65fe
HID: corsair: fix DMA buffers on stack (CVE-2017-5547)
2017-01-23 20:57:07 +01:00
ef0901f1ca
Fix/ignore ABI changes in 4.9.3-4.9.5 as appropriate
2017-01-23 15:37:01 +00:00
4686b122fc
Update to 4.9.5
2017-01-21 15:52:44 +01:00
40c7208b1e
Merge branch 'master' (only 1 commit)
2017-01-21 16:55:42 +09:00
f18792b8fa
[x86] KVM: fix emulation of "MOV SS, null selector" (CVE-2017-2583)
2017-01-19 13:13:14 +01:00
5745d97d88
[x86] KVM: Introduce segmented_write_std (CVE-2017-2584)
2017-01-19 13:09:22 +01:00
6f47d53476
[armel] Add DT support of Buffalo Linkstation Live v3 (LS-CHL)
2017-01-19 01:12:36 +09:00
c6b1f1b2b1
ath9k: fix NULL pointer dereference ( Closes : #851621 )
2017-01-17 03:51:38 +00:00
d264d7d524
tmpfs: clear S_ISGID when setting posix ACLs
2017-01-16 09:31:01 +01:00
a126d0bd27
sysctl: Drop reference added by grab_header in proc_sys_readdir (CVE-2016-9191)
2017-01-16 09:26:36 +01:00
a7f877c1f1
nbd: use loff_t for blocksize and nbd_set_size args ( Closes : #851533 )
2017-01-16 02:36:18 +00:00
2ebf1235ed
Partially revert "usb: Kconfig: using select for USB_COMMON dependency"
...
It causes USB_COMMON to be built-in for no good reason.
2017-01-11 04:40:28 +00:00
13c410d6c1
Update to 4.9.2
2017-01-09 21:06:30 +00:00
0814db65a8
Update to 4.9.1
...
Drop two obsolete patches.
"ptrace: being capable wrt a process requires mapped uids/gids"
appears to be obsoleted by upstream commit bfedb589252c "mm: Add
a user_ns owner to mm_struct and fix ptrace permission checks".
2017-01-07 03:27:13 +00:00
9e92fc9bab
Revert "arm64/mm: Limit TASK_SIZE_64 ..." and add breaks on incompatible mozjs
...
mozjs assumed VAs would never be wider than 47 bits. Add Breaks to
force upgrades of those packages. For mozjs 1.8.5 the fix requires an
ABI change so this is unversioned; for mozjs 24 there was no ABI
change so this is versioned.
(luajit has the same problem but only the experimental version
supports arm64. I assume this will be fixed before it goes into
unstable, so we don't need it in Breaks.)
2017-01-07 02:07:50 +00:00
a3e600085e
[armhf] Add support for switch hardware on Turris Omnia
2017-01-06 17:59:21 +01:00
97ab9059a9
Release linux (4.8.15-2).
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAlhtitEACgkQ57/I7JWG
EQlPqQ//V6+eUGkATmlFFyxsM91OsMgZyxtt0Pzf7XvFg4gBr+hJIaJwxasVRZGi
w/r4uYHmiX7fLrXnanT+RekT1zCGQBOLUvm2Rlwi845PAl9fMCSb+9Jiz60THeN7
cHg7JEvNhTEEDpLK1FJlU3fiMqb5LRdUTkz+RkhKRfITm4/bT3h0Ow72/Xy6JsrI
nAf/AyncvBCQvrIUXYyfyHUPhkYMk8L7bC6G4o803kFdPYTb1WR2gRbpsI6jSVs8
YFbrfMpH1foPHiTVWP+inDN9LA2TO8QGMvAuCAQzQuLzKztrU0i/1shjDfaN61qx
xQhXE08TwNnkDZQCtIFZrLkRPSFlLqFqVWyL9eyPAYNAnZeugxB6F3HOWk5cKWqj
NPpZ10zAnKliPnL7z+eFlxLq34UgVqqe1FeRB5iBEC2dQYEs3LuB1RF2zFOuZ74T
cvXKJJhuR4iMNcAOax6Uab+3iyC/PGm5VSiCL+IPbD7H9IaXLcICE8l1r0zRs5Sa
Um4YQKTy8kFK/CRsEOB8CofXMuBXLzEw2xeNn6187d/ZeA7uiUsyd2nVkXnO0FNt
B2JkV6kwO99WAnNwTZSwF7QJJe8ir7X4X1qdk00sqNYiDff/CBHjRT1gLRzNyOuJ
r9QFKRt4UGF3XGpE89czRRoHfP9WkdrmdmP1i/DnkSVO6L8/y6Y=
=AxAX
-----END PGP SIGNATURE-----
Merge tag 'debian/4.8.15-2'
2017-01-05 00:01:00 +00:00
bc0de8a222
[powerpc*] boot: Request no dynamic linker for boot wrapper
...
Closes : #848851 , FTBFS on ppc6el
2017-01-02 03:09:22 +00:00
5efdda62b4
kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF) (CVE-2016-9588)
2017-01-01 09:15:13 +01:00
e7ccf65ec6
sg_write()/bsg_write() is not fit to be called under KERNEL_DS (CVE-2016-10088)
2016-12-31 20:21:43 +01:00
Salvatore Bonaccorso
Ben Hutchings
Aurelien Jarno
Lukas Wunner
Roger Shimizu
Riku Voipio
Uwe Kleine-König