58e12683e1
net: qmi_wwan: fix divide by 0 on bad descriptors (CVE-2017-16650)
2017-11-16 18:13:46 +00:00
91a7ba9320
net: cdc_ether: fix divide by 0 on bad descriptors (CVE-2017-16649)
2017-11-16 18:12:24 +00:00
4ee0c56703
net: usb: asix: fill null-ptr-deref in asix_suspend (CVE-2017-16647)
2017-11-16 18:11:00 +00:00
ed4bdea861
media: dib0700: fix invalid dvb_detach argument (CVE-2017-16646)
2017-11-16 18:10:19 +00:00
c718be9d81
media: imon: Fix null-ptr-deref in imon_probe (CVE-2017-16537)
2017-11-16 18:04:43 +00:00
a06739ccd2
media: cx231xx-cards: fix NULL-deref on missing association descriptor (CVE-2017-16536)
2017-11-16 18:03:20 +00:00
c08c3b8b25
usb: usbtest: fix NULL pointer dereference (CVE-2017-16532)
2017-11-16 17:40:00 +00:00
1549b29ea0
Add follow-up fixes relatd to CVE-2017-13080
2017-11-16 17:35:46 +00:00
f4e45ee455
Update to 4.13.13
2017-11-16 17:32:44 +00:00
6ff07bd9a5
sctp: do not peel off an assoc from one netns to another one (CVE-2017-15115)
2017-11-16 15:22:47 +01:00
5d9e74ced8
mac80211: accept key reinstall without changing anything (CVE-2017-13080)
2017-11-16 15:18:54 +01:00
d8d66235a8
Update to 4.14
2017-11-14 13:02:01 +00:00
a2708107ce
swap: Avoid ABI change in 4.13.12
2017-11-12 01:09:18 +00:00
86b8621ec9
[powerpc*] kvm: Ignore ABI change in 4.13.6 (fixes FTBFS)
2017-11-11 20:53:08 +00:00
fdf384b742
[powerpc*] Ignore kvm-related ABI changes (fixes FTBFS)
2017-11-11 20:50:42 +00:00
95757c39a8
Update to 4.13.12
2017-11-11 09:29:31 +01:00
ed497f3cb7
Add server and 96boards options
...
Generic server options NUMA, ACPI_NUMA, CRASH_DUMP, VFIO, *WATCHDOG
Servers specific options:
APM X-gene: NET_XGENE_V2
Cavium ThunderX: EDAC_THUNDERX, MMC_CAVIUM_THUNDER, CRYPTO_DEV_CAVIUM*
Cavium ThunderX 2: GPIO_XLP, I2C_XLP9XX, SPI_XLP
Hisilicon: DRM_HISI_HIBMC, SCSI_HISI_SAS_PCI
Marvell Armada 7k/8k/3700: CRYPTO_DEV_MARVELL_CESA, MARVELL_PHY,
MARVELL_10G_PHY, PHY_MVEBU_CP110_COMPHY, RTC_DRV_MV,
RTC_DRV_ARMADA38X, SPI_ARMADA_3700, ARMADA_THERMAL,
NOP_USB_XCEIV, HW_RANDOM_OMAP, CRYPTO_DEV_SAFEXCE
96boards:
Hikey: PCIE_KIRIN, TEE, OPTEE, SND_I2S_HI6210_I2S, DRM_I2C_ADV7511_AUDIO
DragonBoard 410c: *QCOM*, CONFIG_CMA, USB changes
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
2017-11-09 15:44:47 +02:00
f13763371c
Add CVE id reference for CVE-2017-16643
...
Gbp-Dch: Ignore
2017-11-08 10:45:20 +01:00
4a745d05b1
Add CVE id for CVE-2017-15306
...
Gbp-Dch: Ignore
2017-11-06 13:04:31 +01:00
7522aac927
Enable CRYPTO_SHA3
2017-11-06 11:22:29 +01:00
bd1e10f8bd
linux-image: Recommend apparmor ( Closes : #880441 )
...
The apparmor package is needed for loading profiles. In theory,
enabling AppArmor without any profiles loaded should do nothing, so
this is not really a dependency of the kernel. However, if a systemd
unit specifies a AppArmor profile and the kernel has AppArmor enabled
then failure to load the profile is fatal.
As the linux-image packages select AppArmor as the default LSM, they
should probably also be responsible for getting the necessary userland
support installed. But since the default can be overridden, use
Recommends rather than Depends.
2017-11-05 01:54:12 +00:00
43a5e411fd
Add bug closer for #879768
...
Gbp-Dch: Ignore
2017-11-04 16:57:42 +01:00
e7fd57b49f
netfilter: nft_set_hash: disable fast_ops for 2-len keys
...
Closes : #880145
2017-11-04 15:43:57 +01:00
4b0df3bed7
cifs: check MaxPathNameComponentLength != 0 before using it
...
Thanks: Andrew Chadwick
Closes : #880504
2017-11-04 09:55:14 +01:00
384fa91229
Update to 4.13.11
2017-11-04 09:06:37 +01:00
c8b3153d0d
debian/control: Set Rules-Requires-Root to no
...
Tell dpkg and debhelper that we can install without (fake)root and
then dpkg-deb should then override all ownership to root:root.
Draft specification for this field:
https://lists.debian.org/debian-devel/2017/10/msg00520.html
2017-10-30 21:58:12 +00:00
85565e1ae2
Prepare to release linux (4.14~rc7-1~exp1).
2017-10-30 18:31:38 +00:00
e59d862868
Release linux (4.13.10-1).
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAln3apoACgkQ57/I7JWG
EQllsQ//fyZFkoGOLpHjkS3sNtMxfh1J9+f+JJI33WF9vA/w7SnRfg/Rdbjx+rY8
LRCnviTyh5tuxKSPKHerpUqjNbYi7Hcr0LXxxOPL1Rr+BTFKQuaSDYNzt10bT2mJ
9B0ZYI+Q8n7rAq1/MeSKygV6zh+5MxywN8LZlqg0Au8/7/c7H0nR3MOEFz29imL0
jBMOhy7a+Gby3Qs5ZdKGf0i4RZT9Y/9Ozu9sFpVGqrTyY+FlEd0y1KUvIipbdLTH
S/oRFF1m4IeS7tF6AIprCPMIMPt8tcQrSLvB01REpbvSJvDg+laEgmHnb0PKlOpW
RAeQn2r1NCEjjZcKll8dCMp+sTiLhx+us4L3Jumwb2Yno+219zuScFg2MR0zu5U/
XCB5zG2U5XENH+fRdDnWROkXJ/o1Dtk+Ix1aPySa8I9IdlP45n+Q4LCLw3eg5h3I
CdITwTJxWlnLJVI852wh1qorBuUs5lac9HZ8u0s5MDFXNQkWOVQKRPZN0sA3hwwp
wjudMsGgq6kkoknnEcwTKV4JFWJdfJ0SieaWBv1LSQwAmVy3/QvOTvDBLzRxmtUX
tygPktH53HLp4z6qPOcKD+hGLcdlD5oTWYb2O5MqVlSI8MjONOcjpRGAP2fhIf2t
3INpM9sJPHILXqpEMH6co4VzxnQq1OElMjcA5nqD2A7HLOSDhZg=
=x3uW
-----END PGP SIGNATURE-----
Merge tag 'debian/4.13.10-1'
Release linux (4.13.10-1).
2017-10-30 18:31:31 +00:00
375e4b8147
Update to 4.14-rc7
2017-10-30 18:28:33 +00:00
38106d0ef0
Enable SQUASHFS_LZ4 in default config.
2017-10-30 16:52:53 +01:00
ed0765f59c
Prepare to release linux (4.13.10-1).
2017-10-30 15:32:11 +00:00
9bf0fcf06e
[armel,armhf] mbus: Ignore ABI change in 4.13.10
2017-10-30 15:32:03 +00:00
1ea9c5efa8
snd-seq: Ignore ABI changes
...
Commit 8009d506a1dd "ALSA: seq: Enable 'use' locking in all
configurations" which was backported into 4.13.10 will result in an
ABI change for !SMP configurations. Ignore this, as I don't expect
there to be any out-of-tree sequencer drivers.
2017-10-30 12:45:19 +00:00
15c6a89208
Update to 4.13.10
...
Limit the ABI change in keys.
2017-10-29 12:13:18 +00:00
f1e87af382
[x86] rmi4: Enable RMI4_SMB as module ( Closes : #875621 )
2017-10-28 20:53:13 +01:00
ec3cd54d45
Avoid/ignore more ABI changes in 4.13.y
2017-10-28 20:50:11 +01:00
d2ca70712e
Add CVE ids for some issues fixed with the 4.13.9 import
2017-10-27 16:26:15 +02:00
43a809fe93
security: Enable DEFAULT_SECURITY_APPARMOR
2017-10-26 22:51:36 +02:00
50f87144fd
[armel] security: Enable SECURITY_APPARMOR and disable SECURITY_SELINUX
2017-10-26 22:50:16 +02:00
48bb38a3f7
Update to 4.13.9
...
Drop many patches which are now upstream.
Avoid/ignore ABI changes as appropriate.
2017-10-26 22:41:11 +02:00
28f20726e5
[arm64] add BRCMFMAC_SDIO for wifi on Raspberry Pi 3
2017-10-26 17:53:57 +02:00
ab40ca5985
[armel] udeb: Remove fbcon from fb-modules package
...
It can't be built as a module any more.
2017-10-20 17:29:46 +01:00
548cef1805
[alpha] udeb: Remove empty fb-modules package (fixes FTBFS)
...
The module list for fb-modules included several optional modules that
seem to have never been built on alpha(!) and fbcon which is now
built-in.
2017-10-20 17:27:35 +01:00
2629671100
debian/bin/gencontrol.py: Set encoding to UTF-8 globally
...
I just made this change for firmware-nonfree, for which I wrote:
We open some, but not all, files with an explicit UTF-8 encoding. One
of the open calls that I missed has just caused gencontrol.py to fail
instead a pbuilder environment. Instead of continuing to set an
explicit encoding for each open call, use locale.setlocale to set it
globally.
I haven't hit such a problem here, but let's do it anyway.
Keep using explicit encodings in debian/lib for now, since we can't
assume all calling programs will set the locale.
2017-10-20 02:56:35 +01:00
945bac5e39
[mips*] Increase RELOCATION_TABLE_SIZE to 0x00120000 (fixes FTBFS)
2017-10-20 00:21:19 +01:00
0441e97048
Remove 'fixes FTBFS' for build dependency change
...
libbabeltrace-ctf-dev has been restored as a transitional package.
2017-10-19 23:31:08 +01:00
92aff93068
linux-kbuild: Include scripts/ld-version.sh, needed for powerpc 64-bit modules
2017-10-19 23:08:34 +01:00
fcbe5c22b1
Update build dependencies on libbabeltrace[,-ctf}-dev (fixes FTBFS)
...
libbabeltrace-ctf-dev was merged into libbabeltrace-dev, so the
build dependencies are unsatisfiable in unstable. For stretch-
backports we will still want both of them. So add a suitably
versioned dependency on libbabeltrace-dev as a preferred
alternative to libbabeltrace-ctf-dev.
2017-10-19 11:35:53 +01:00
242e06569c
[arm64] brcmfmac: Enable BRCMFMAC_SDIO ( Closes : #877911 )
2017-10-18 20:03:37 +01:00
d2627c623c
Prepare to release linux (4.14~rc5-1~exp1).
2017-10-17 23:37:52 +01:00
5dfe04c507
Compile with gcc-7 on all architectures
2017-10-17 23:37:49 +01:00
4206eefe13
Update to 4.14-rc5
2017-10-17 23:34:01 +01:00
4925b9faa6
Add Closes tag for previous change
2017-10-17 11:33:49 +02:00
c89d220900
media: drop explicit setting of DVB_MAX_ADAPTERS to follow upstream default
...
Upstream bumped the default value from 8 to 16 for 4.10 in commit
90866b3a8011 ("[media] Raise adapter number limit")
. Automatically follow the upstream default value by dropping the explicit
value of 8.
2017-10-17 10:12:29 +02:00
0f7c85fca3
Merge https://github.com/glaubitz/linux-debian
2017-10-16 00:10:33 +01:00
146583d59c
Release linux (4.13.4-2).
...
-----BEGIN PGP SIGNATURE-----
iQKmBAABCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlnjY8RfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E05EP/2gI2pOyeOjGAzSiu/SRd5mHcLfRJkqE
osob+C8dJsWQdgWLtO1SQkRYybBuBoujSVAo9X6pezI6OBmcKbJc8eAejWYVPtL8
pSI7OomkTyx6AP7EKfe89kpgf4Qe8QOYrXukW050RcE78fCm3icznACeubY9ET9T
s7+DAGWWkJpHO3rIErNxgJFMEibpKsIIcrUOIZrSsZwpQTlh7KV8tozIBiE8l135
ocZKaGGqBQcTIWX7gVjcdpBNacxcFghRHodFCwrrv9wFvAg/s+0TN1YQXSucitQH
Cp9iO4McDeQxDvcSQyBhQmlCxcL/+JxnfosJmabBvwn7L45dGm+pbsGviIG86tyM
O7fNs82xdMxCFc9CIXKrE3hAk+mjXuMiUc7mha3/1+cS/Di444N5djXmvj8D84pu
i/pp6D8zWNe/imid9sFH/txst3sgsSvlf77W3HXxZqJ5GOLzluApSX2eptpDRI1Q
E/RU2R2T/NPTChroHsZr5QZ6iV/YS2F9E0YYAQcDuWNXS9Ey7nK+gjKqa7/5B6n1
STtT0HMD0fcAfvWN1rk9mudm6ZNYgLpjYKtFsaFf/K4I5f4fIhvnCbnnFgKMA3Qx
rcLh201dG1fGwQ2EpiD5S0pqn7iYEP2d9vHzo363l20FyfQ8jgGt7dNfceEuiCSs
O+EKuTohhEJH
=juOG
-----END PGP SIGNATURE-----
Merge tag 'debian/4.13.4-2'
Release linux (4.13.4-2).
2017-10-16 00:09:19 +01:00
0c548c1642
Prepare to release linux (4.13.4-2).
2017-10-15 08:57:36 +02:00
ccefd718c8
[x86] KVM: MMU: always terminate page walks at level 1 (CVE-2017-12188)
2017-10-13 18:09:37 +02:00
02033a7a17
[x86] KVM: nVMX: update last_nonleaf_level when initializing nested EPT (CVE-2017-12188)
2017-10-13 18:07:54 +02:00
52c8b81bca
ALSA: seq: Fix use-after-free at creating a port (CVE-2017-15265)
2017-10-13 06:52:33 +02:00
a5570462fc
Update to 4.14-rc4
2017-10-13 01:44:29 +01:00
35125947a2
waitid(): Add missing access_ok() checks (CVE-2017-5123)
2017-10-12 21:16:37 +02:00
6f55d3e571
KEYS: prevent KEYCTL_READ on negative key (CVE-2017-12192)
2017-10-12 07:55:47 +02:00
7c8172804e
mac80211: fix deadlock in driver-managed RX BA session start
...
Thanks: Eric Côté
Closes : #878092
2017-10-11 21:23:02 +02:00
fba37066c7
[powerpc*] Fix illegal TM state in signal handler
2017-10-11 07:57:06 +02:00
6c3a386d04
[powerpc*] Use emergency stack for kernel TM Bad Thing program (CVE-2017-1000255)
2017-10-11 07:55:16 +02:00
9e3825c59d
[m68k] Build uncompressed kernel image by default
2017-10-10 07:56:37 +02:00
c68c0840bc
brcmfmac: add length check in brcmf_cfg80211_escan_handler() (CVE-2017-0786)
2017-10-09 21:45:15 +02:00
db9c353a75
[m68k] udeb: Add missing SCSI drivers to scsi-modules
...
a2091, a3000, a4000t, bvme6000_scsi, gvp11, mvme16x_scsi, zorro7xx
2017-10-08 11:51:05 +02:00
b518b0e170
[m68k] udeb: Move old IDE drivers from pata-modules to ide-modules
...
buddha, falconide, gayle, macide, q40ide
2017-10-08 11:51:01 +02:00
772a2ae4ab
[m68k] udeb: Build ide-modules package, include ide-gd_mod
2017-10-08 11:48:42 +02:00
0907482fa5
[m68k] udeb: Build ide-core-modules package, include ide-core
2017-10-08 11:47:44 +02:00
37091e1125
[m68k] udeb: Add ide-cd_mod to cdrom-core-modules
2017-10-08 11:47:06 +02:00
c8fd0bc828
[m68k] udeb: Build ata-modules package, include libata
2017-10-08 11:46:37 +02:00
18b1b67002
[armhf,arm64] thermal: Enable BCM2835_THERMAL as module ( Closes : #877699 )
2017-10-04 23:16:23 +01:00
4d6306b792
i40e: Build for 64-bit targets only (fixes FTBFS on hppa)
2017-10-04 03:50:08 +01:00
cc3ac57d1d
[mips*] Increase RELOCATION_TABLE_SIZE to 0x00110000 for all flavours (fixes FTBFS)
...
The latest build failed on mips for the 4kc-malta flavour (which is the first):
RELOCS vmlinux
Relocations overflow available space!
Please adjust CONFIG_RELOCATION_TABLE_SIZE to at least 0x0010f000
So do the same thing we did for the octeon flavour.
2017-10-04 02:35:11 +01:00
d12b3a11b2
net: Disable IRDA, which will soon be deleted upstream
2017-10-04 02:30:29 +01:00
3ca820dff7
Update kconfig for 4.14
...
- [alpha] fbdev: Re-enable FRAMEBUFFER_CONSOLE as built-in
- [armel] fbdev: Explicitly disable FRAMEBUFFER_CONSOLE, as it can no longer
be a module
- [arm64] Re-enable MMC_QCOM_DML
- Change RC_CORE back to being a module
- power/supply: Enable BATTERY_BQ27XXX and BATTERY_BQ27XXX_HDQ as modules,
replacing W1_SLAVE_BQ27000
Clean up with kconfigeditor2 and delete obsolete symbols.
2017-10-04 02:02:35 +01:00
96582850f8
Prepare to release linux (4.14~rc3-1~exp1).
2017-10-02 04:47:08 +01:00
335613b4d6
Update to 4.14-rc3
2017-10-01 23:23:22 +01:00
6c9c816966
Update to 4.14-rc2
...
aufs: Update support patchset to aufs4.x-rcN-20171002
2017-10-01 20:26:01 +01:00
80832bbbef
Prepare to release linux (4.13.4-1).
2017-10-01 15:52:19 +01:00
e92ee4b5df
Set ABI to 1
2017-10-01 15:52:01 +01:00
884aedc0b4
liblockdep: Define pr_cont()
2017-10-01 15:44:25 +01:00
60879f2bae
liblockdep: Make missing function declarations fatal errors
...
This should catch use of missing kernel APIs. Which has happened yet
again.
2017-10-01 15:43:34 +01:00
e2431bcb2f
[armhf] dts: exynos: Add dwc3 SUSPHY quirk ( Closes : #843448 )
2017-10-01 15:23:55 +01:00
e7b4b7d822
Merge remote-tracking branch 'refs/remotes/alioth/master'
2017-10-01 15:23:05 +01:00
9fe724d67d
linux-image-dbg: Override lintian errors for vDSOs
...
It currently reports errors binary-from-other-architecture and
shlib-without-PT_GNU_STACK-section, which are false positives.
2017-10-01 15:23:01 +01:00
2678c31e68
fix infoleak in waitid(2) (CVE-2017-14954)
2017-10-01 12:02:28 +02:00
a1b309111a
Rename lintian-overrides template files to be consistent
2017-10-01 01:36:27 +01:00
cc91d0cfa2
usbip: Stop building broken libusbip-dev package
...
It has a lintian error (non-empty-dependency_libs-in-la-file) and it
also seems to be missing a header (the newly added
usbip_host_common.h) since Linux 4.7. No-one seems to have noticed,
and it has nothing build-depending on it, so get rid of it.
2017-10-01 01:05:52 +01:00
112ad0c27f
debian/control: Remove obsolete workarounds and alternate build deps
...
The dpkg bugs affecting libssl-dev build deps were fixed in 1.18.8.
The various non-M-A packages for which we used :native qualification
were fixed before stretch release. So neither unstable nor
stretch-backports needs these.
2017-09-30 14:41:19 +01:00
06c36b3662
debian/control: Move many build dependencies to Build-Depends-Arch field
2017-09-30 14:09:54 +01:00
cd2b0b1742
Install copyright file when the nodoc profile is used
...
Revert to running dh_installdocs unconditionally, although that
currently installs more than we want (which is permitted by policy).
When we upgrade to debhelper compat level 11, dh_installdocs will
become sensitive to the profile and will install only the copyright
file in this case. But we shouldn't do that until development of
this level is complete and supported in stretch-backports.
2017-09-30 13:50:34 +01:00
9369849423
Change all binary packages with priority: extra to priority: optional
2017-09-30 13:50:34 +01:00
6d1b6b2dc8
[x86] hyperv-daemons: Create pid files under /run, not /var/run
2017-09-30 13:50:34 +01:00
fe5c3cbe60
linux-doc: Build an empty package when the nodoc profile is used
...
Wiki page BuildProfileSpec says the set of binary packages can change,
but policy says not (since 4.0.0).
2017-09-30 13:50:30 +01:00
51100af154
[x86] hyperv-daemons: Use pid file name in init script status operation
...
While we're here, also drop the unnecessary commands to replicate the
exit code.
2017-09-30 13:29:07 +01:00
9fec004526
[armel] rtc: Disable RTC_NVMEM
...
and explicitly enable it for every other configuration.
2017-09-29 20:34:41 +02:00
Ben Hutchings
Salvatore Bonaccorso
Riku Voipio
Bastian Blank
Vagrant Cascadian
Uwe Kleine-König
John Paul Adrian Glaubitz