f13763371c
Add CVE id reference for CVE-2017-16643
...
Gbp-Dch: Ignore
2017-11-08 10:45:20 +01:00
4a745d05b1
Add CVE id for CVE-2017-15306
...
Gbp-Dch: Ignore
2017-11-06 13:04:31 +01:00
bd1e10f8bd
linux-image: Recommend apparmor ( Closes : #880441 )
...
The apparmor package is needed for loading profiles. In theory,
enabling AppArmor without any profiles loaded should do nothing, so
this is not really a dependency of the kernel. However, if a systemd
unit specifies a AppArmor profile and the kernel has AppArmor enabled
then failure to load the profile is fatal.
As the linux-image packages select AppArmor as the default LSM, they
should probably also be responsible for getting the necessary userland
support installed. But since the default can be overridden, use
Recommends rather than Depends.
2017-11-05 01:54:12 +00:00
43a5e411fd
Add bug closer for #879768
...
Gbp-Dch: Ignore
2017-11-04 16:57:42 +01:00
e7fd57b49f
netfilter: nft_set_hash: disable fast_ops for 2-len keys
...
Closes : #880145
2017-11-04 15:43:57 +01:00
4b0df3bed7
cifs: check MaxPathNameComponentLength != 0 before using it
...
Thanks: Andrew Chadwick
Closes : #880504
2017-11-04 09:55:14 +01:00
384fa91229
Update to 4.13.11
2017-11-04 09:06:37 +01:00
ed0765f59c
Prepare to release linux (4.13.10-1).
2017-10-30 15:32:11 +00:00
9bf0fcf06e
[armel,armhf] mbus: Ignore ABI change in 4.13.10
2017-10-30 15:32:03 +00:00
1ea9c5efa8
snd-seq: Ignore ABI changes
...
Commit 8009d506a1dd "ALSA: seq: Enable 'use' locking in all
configurations" which was backported into 4.13.10 will result in an
ABI change for !SMP configurations. Ignore this, as I don't expect
there to be any out-of-tree sequencer drivers.
2017-10-30 12:45:19 +00:00
15c6a89208
Update to 4.13.10
...
Limit the ABI change in keys.
2017-10-29 12:13:18 +00:00
f1e87af382
[x86] rmi4: Enable RMI4_SMB as module ( Closes : #875621 )
2017-10-28 20:53:13 +01:00
ec3cd54d45
Avoid/ignore more ABI changes in 4.13.y
2017-10-28 20:50:11 +01:00
d2ca70712e
Add CVE ids for some issues fixed with the 4.13.9 import
2017-10-27 16:26:15 +02:00
43a809fe93
security: Enable DEFAULT_SECURITY_APPARMOR
2017-10-26 22:51:36 +02:00
50f87144fd
[armel] security: Enable SECURITY_APPARMOR and disable SECURITY_SELINUX
2017-10-26 22:50:16 +02:00
48bb38a3f7
Update to 4.13.9
...
Drop many patches which are now upstream.
Avoid/ignore ABI changes as appropriate.
2017-10-26 22:41:11 +02:00
0441e97048
Remove 'fixes FTBFS' for build dependency change
...
libbabeltrace-ctf-dev has been restored as a transitional package.
2017-10-19 23:31:08 +01:00
92aff93068
linux-kbuild: Include scripts/ld-version.sh, needed for powerpc 64-bit modules
2017-10-19 23:08:34 +01:00
fcbe5c22b1
Update build dependencies on libbabeltrace[,-ctf}-dev (fixes FTBFS)
...
libbabeltrace-ctf-dev was merged into libbabeltrace-dev, so the
build dependencies are unsatisfiable in unstable. For stretch-
backports we will still want both of them. So add a suitably
versioned dependency on libbabeltrace-dev as a preferred
alternative to libbabeltrace-ctf-dev.
2017-10-19 11:35:53 +01:00
242e06569c
[arm64] brcmfmac: Enable BRCMFMAC_SDIO ( Closes : #877911 )
2017-10-18 20:03:37 +01:00
0c548c1642
Prepare to release linux (4.13.4-2).
2017-10-15 08:57:36 +02:00
ccefd718c8
[x86] KVM: MMU: always terminate page walks at level 1 (CVE-2017-12188)
2017-10-13 18:09:37 +02:00
02033a7a17
[x86] KVM: nVMX: update last_nonleaf_level when initializing nested EPT (CVE-2017-12188)
2017-10-13 18:07:54 +02:00
52c8b81bca
ALSA: seq: Fix use-after-free at creating a port (CVE-2017-15265)
2017-10-13 06:52:33 +02:00
35125947a2
waitid(): Add missing access_ok() checks (CVE-2017-5123)
2017-10-12 21:16:37 +02:00
6f55d3e571
KEYS: prevent KEYCTL_READ on negative key (CVE-2017-12192)
2017-10-12 07:55:47 +02:00
7c8172804e
mac80211: fix deadlock in driver-managed RX BA session start
...
Thanks: Eric Côté
Closes : #878092
2017-10-11 21:23:02 +02:00
fba37066c7
[powerpc*] Fix illegal TM state in signal handler
2017-10-11 07:57:06 +02:00
6c3a386d04
[powerpc*] Use emergency stack for kernel TM Bad Thing program (CVE-2017-1000255)
2017-10-11 07:55:16 +02:00
c68c0840bc
brcmfmac: add length check in brcmf_cfg80211_escan_handler() (CVE-2017-0786)
2017-10-09 21:45:15 +02:00
18b1b67002
[armhf,arm64] thermal: Enable BCM2835_THERMAL as module ( Closes : #877699 )
2017-10-04 23:16:23 +01:00
80832bbbef
Prepare to release linux (4.13.4-1).
2017-10-01 15:52:19 +01:00
e92ee4b5df
Set ABI to 1
2017-10-01 15:52:01 +01:00
884aedc0b4
liblockdep: Define pr_cont()
2017-10-01 15:44:25 +01:00
60879f2bae
liblockdep: Make missing function declarations fatal errors
...
This should catch use of missing kernel APIs. Which has happened yet
again.
2017-10-01 15:43:34 +01:00
e2431bcb2f
[armhf] dts: exynos: Add dwc3 SUSPHY quirk ( Closes : #843448 )
2017-10-01 15:23:55 +01:00
e7b4b7d822
Merge remote-tracking branch 'refs/remotes/alioth/master'
2017-10-01 15:23:05 +01:00
9fe724d67d
linux-image-dbg: Override lintian errors for vDSOs
...
It currently reports errors binary-from-other-architecture and
shlib-without-PT_GNU_STACK-section, which are false positives.
2017-10-01 15:23:01 +01:00
2678c31e68
fix infoleak in waitid(2) (CVE-2017-14954)
2017-10-01 12:02:28 +02:00
a1b309111a
Rename lintian-overrides template files to be consistent
2017-10-01 01:36:27 +01:00
cc91d0cfa2
usbip: Stop building broken libusbip-dev package
...
It has a lintian error (non-empty-dependency_libs-in-la-file) and it
also seems to be missing a header (the newly added
usbip_host_common.h) since Linux 4.7. No-one seems to have noticed,
and it has nothing build-depending on it, so get rid of it.
2017-10-01 01:05:52 +01:00
112ad0c27f
debian/control: Remove obsolete workarounds and alternate build deps
...
The dpkg bugs affecting libssl-dev build deps were fixed in 1.18.8.
The various non-M-A packages for which we used :native qualification
were fixed before stretch release. So neither unstable nor
stretch-backports needs these.
2017-09-30 14:41:19 +01:00
06c36b3662
debian/control: Move many build dependencies to Build-Depends-Arch field
2017-09-30 14:09:54 +01:00
cd2b0b1742
Install copyright file when the nodoc profile is used
...
Revert to running dh_installdocs unconditionally, although that
currently installs more than we want (which is permitted by policy).
When we upgrade to debhelper compat level 11, dh_installdocs will
become sensitive to the profile and will install only the copyright
file in this case. But we shouldn't do that until development of
this level is complete and supported in stretch-backports.
2017-09-30 13:50:34 +01:00
9369849423
Change all binary packages with priority: extra to priority: optional
2017-09-30 13:50:34 +01:00
6d1b6b2dc8
[x86] hyperv-daemons: Create pid files under /run, not /var/run
2017-09-30 13:50:34 +01:00
fe5c3cbe60
linux-doc: Build an empty package when the nodoc profile is used
...
Wiki page BuildProfileSpec says the set of binary packages can change,
but policy says not (since 4.0.0).
2017-09-30 13:50:30 +01:00
51100af154
[x86] hyperv-daemons: Use pid file name in init script status operation
...
While we're here, also drop the unnecessary commands to replicate the
exit code.
2017-09-30 13:29:07 +01:00
9fec004526
[armel] rtc: Disable RTC_NVMEM
...
and explicitly enable it for every other configuration.
2017-09-29 20:34:41 +02:00
Salvatore Bonaccorso
Ben Hutchings