Ben Hutchings
261ee0b56f
Prepare to release linux (4.8.4-1~exp1).
2016-10-23 17:21:13 +01:00
Ben Hutchings
004996eaf0
[rt] Update to 4.8.2-rt2
2016-10-23 04:47:23 +01:00
Ben Hutchings
68bef0cc04
Release linux (4.7.8-1).
...
-----BEGIN PGP SIGNATURE-----
iQKPBAABCgB5BQJYB7RuXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ0NjQ0NDA5ODA4QzE3MUUwNTUzMURERUUw
NTRDQjhGMzEzNDNDRjQ0EhxjYXJuaWxAZGViaWFuLm9yZwAKCRAFTLjzE0PPRKbv
EACPw/ltBkYlQohcTxO+Jwg6Pj9J2UAcuQeDBsRLxOONLEcfChUtB6YbWnjpP4n7
PBjFl1oXFlRL2AIp8yJJDNyLRApNHaIJ5Rw15OU0XBZi61iFkMhvZHtFUJI0VifU
40otIo4/IAgWfYjcIl445m13bS21XzaYkT5hDmKihp1975gBP51LyVXtMPvYC2HO
2grpj37HbDEhKfXSxPDG++ID20VrHOyKVNnfyzg9lOe0oNRT36j5i1QJtqQPekh1
gWx98W/QqVpmeyRV1xvFjit2AzjwrIyp8H22wlN5IOG0HXitOrEA0AiQi1pjcMM0
3O6wRmWTiOoiMiCQEQ+O+92U+uALTG0ssq/9rubAW70CieiQLKmQBZiSoY3JVDfl
AojNP89QIx273w2aGQpZUY/RJnFWFy3fdh+c8wuLbTGkV3cCwXTd1VpNvi1EVKKK
SjFytKI3AGLAihXiThbICSiynqsRKdh7ypWzoCF5OxdURk9/HXSOYpk0Ieuqze+R
niLpETsVpfZCSHjjlG/7oaPAdGEqTm1BZ8a36HmzuByGftARwZ0XqaSUMsbOJC+n
nZrljSt1migRNKcONPuAvVucOjtI6Bj52Azdq2KutQiKZt1Kie9jLSA32/VNT6u5
xCRtMNQnatFCUqdJm5pI0pnUgdpL9nykbggY/g0uPBJfEg==
=6RXa
-----END PGP SIGNATURE-----
Merge tag 'debian/4.7.8-1'
2016-10-23 04:43:12 +01:00
Ben Hutchings
bc7a3c1c03
Update to 4.8.4
...
[rt] Drop fixes included in 4.8.4
2016-10-23 04:38:17 +01:00
Ben Hutchings
6f85def7ca
Revert "Compile with gcc-6 on all architectures" and "Properly update to gcc-6"
...
This reverts commits d7eadea702
and
5dbd80758c
. gcc-6 currently can't
compile the kernel on amd64 due to conflicts the way it enables PIE by
default.
2016-10-23 04:35:42 +01:00
Salvatore Bonaccorso
9586076613
Prepare to release linux (4.7.8-1).
2016-10-19 17:58:10 +02:00
Salvatore Bonaccorso
c5c7172244
mm: remove gup_flags FOLL_WRITE games from __get_user_pages() (CVE-2016-5195)
2016-10-19 17:56:02 +02:00
Salvatore Bonaccorso
bcfd608039
Update to 4.7.8
2016-10-17 21:26:34 +02:00
Aurelien Jarno
e7a457a218
[arm64] Enable SERIAL_8250_EXTENDED, SERIAL_8250_SHARE_IRQ and SERIAL_8250_BCM2835AUX, needed for Raspberry Pi 3.
2016-10-14 07:23:06 +02:00
Salvatore Bonaccorso
82d68fe753
KEYS: Fix short sprintf buffer in /proc/keys show function (CVE-2016-7042)
2016-10-13 22:50:12 +02:00
Ben Hutchings
ae695bc66b
scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer() (CVE-2016-7425)
2016-10-13 00:24:49 +01:00
Ben Hutchings
efccbd4eb2
posix_acl: Clear SGID bit when setting file permissions (CVE-2016-7097)
2016-10-13 00:23:11 +01:00
Ben Hutchings
c27b72f255
net: add recursion limit to GRO (CVE-2016-7039)
2016-10-13 00:17:03 +01:00
Ben Hutchings
2456c48897
Update to 4.7.7
...
Ignore ABI change in CAN.
2016-10-11 23:18:44 +01:00
Ben Hutchings
49bfd9c5b2
aufs: Update support patchest to aufs4.8-20161010 (no functional change)
2016-10-11 20:02:43 +01:00
Ben Hutchings
387dbb7803
[rt] Update to 4.8-rt1 and re-enable
2016-10-11 19:58:48 +01:00
Aurelien Jarno
b2080e6bd9
[mips*] Enable RELOCATABLE, required to enabled RANDOMIZE_BASE.
2016-10-10 20:53:23 +02:00
Ben Hutchings
d288d4c41c
Update to 4.8.1
2016-10-07 21:04:31 +01:00
Ben Hutchings
6429254d8f
Release linux (4.7.6-1).
...
-----BEGIN PGP SIGNATURE-----
iQIcBAABCgAGBQJX9/r9AAoJEOe/yOyVhhEJaFIQANHw/AYqMiP/0fnT8TRl1ISq
1jK7KhHKs4h7O+f4r/D31FLUAC+YVhpAqw4aHCiTwg9fjVULLcxaX91AAtpdliGm
NhWPT7/p8S6SiLTZtVxEb8MAzNqTnN4UdoBMdetWvHYSD/zq5U/BSWCTmm5pOu+X
E6mzwHdkgzUF/Wnt3bmmSmU415BG4nW6xIroYfH3DDSoj1pkxSW9BUhIv2L5mY25
emjFyXMqYRKJ93CBbCewNy0sLiL1V94P0r8HIdo2JDQg1QecYnYtV0AC/2kZODhm
9l3OyB6Dp20y5ib+t6/+4WqvmXl6XrvvjZMtHXsyv44gC1j7e0ChrXbsYk//4Lpo
FgQ8IYaNLskPEXyjzNHhwt61i0BIfZmKSJ17ldkgofAmt+Wa1926jFih5twFu5fj
pMkkxlJUZU7QKxEtuhC7bSOzRzoXjb+xx21Zgenhc89GamagRAKncFbRlJ6K+4pS
SMVlnXuLC0MHlUnAxZQ/N7hdhS235UxSFBp3qyOrYDWmjxyXkItyRfd7SKeSk3Vx
ZikpGlvsvExvyzrjTdyLwBmlyj2I+XZxGxOT2pe4EYb1xxLXUTBAqU1Ycsd8XjC3
lUqTn3r29PYeXRYC9eUsJryLJjejdkTIssM5Y9hhoi9KjMnLptRS7tJAeCO+C8QF
Qyhb3De7DCWrkcl8YSJI
=fl9b
-----END PGP SIGNATURE-----
Merge tag 'debian/4.7.6-1'
2016-10-07 21:04:15 +01:00
Ben Hutchings
8645d4069f
bug script: Optionally use sudo to read a restricted kernel log
...
If kernel.dmesg_restrict is enabled (which it now will be by default)
and sudo is installed, ask whether to use sudo. If this is denied or
fails then fall back to writing a placeholder in the bug report.
2016-10-07 03:11:08 +01:00
Ben Hutchings
f3b836ba7c
security,printk: Enable SECURITY_DMESG_RESTRICT
...
This prevents non-root users reading the kernel log by default (sysctl:
kernel.dmesg_restrict)
2016-10-07 03:04:47 +01:00
Ben Hutchings
d7eadea702
Compile with gcc-6 on all architectures
2016-10-07 02:33:25 +01:00
Ben Hutchings
b597bdebea
[powerpc*/*64*] Enable OPAL_PRD, MTD, MTD_POWERNV_FLASH as modules
...
Closes : #838604 , #838605
2016-10-07 02:30:49 +01:00
Ben Hutchings
4c6ac698fb
Prepare to release linux (4.7.6-1).
2016-10-07 02:11:51 +01:00
Ben Hutchings
ec2dc97fc9
mm: memcontrol: use special workqueue for creating per-memcg caches
2016-10-07 00:59:09 +01:00
Ben Hutchings
34bf1f9c3f
[amd64] Enable RANDOMIZE_MEMORY
2016-10-05 22:38:43 +01:00
Ben Hutchings
6573a2a7c7
security,perf: Replace GRKERNSEC_PERF_HARDEN patch with the version submitted upstream
...
This hasn't been *accepted* upstream, but maybe some day? It has gone
into AOSP.
2016-10-05 22:23:08 +01:00
Ben Hutchings
357c2335a5
[arm*,powerpc*,s390x,sparc64,x86] Enable HARDENED_USERCOPY
...
This enables HARDENED_USERCOPY in the top-level config rather than
per-architecture, but it depends on a feature not yet implemented for
all architectures.
2016-10-05 22:05:04 +01:00
Ben Hutchings
5ef50c5719
Enable SLAB_FREELIST_RANDOM
2016-10-05 22:01:38 +01:00
Ben Hutchings
0118390eaa
[mips*] Enable RANDOMIZE_BASE
2016-10-05 21:13:04 +01:00
Ben Hutchings
a6562544cc
Update to 4.8
2016-10-05 21:06:42 +01:00
Ben Hutchings
224b1e126d
[armhf] Enable driver for SolidRun ClearFog: USB_XHCI_MVEBU as module
2016-10-02 16:34:25 +01:00
Ben Hutchings
78f97bb258
Add of_mdio fixes to make device tree fixed-link definitions work properly
2016-10-02 16:26:16 +01:00
Ben Hutchings
5e04e30299
Add bug number for KiBi's installer fix
2016-10-02 02:50:12 +01:00
Ben Hutchings
0fadb11944
Update to 4.7.6
2016-10-02 02:46:17 +01:00
Ben Hutchings
ac65dbd50d
udeb: Move nls_utf8 from fat-modules to kernel-image
...
Many other filesystems need it but vfat no longer does. It calls
built-in UTF-8 functions directly, while nominally using nls_ascii
as its I/O charset.
2016-10-02 02:19:16 +01:00
Ben Hutchings
b324a81a22
udeb: Fold core-modules into kernel-image
...
So many module packages depend on core-modules already that almost
every installer image includes it.
The only obvious exceptions are the sh4 installer builds, as there
was no core-modules package on sh4. For consistency, include the
default set of modules in its kernel-image package now.
2016-10-02 02:16:10 +01:00
Cyril Brulebois
b4bacd23c4
Add nls_ascii to the fat-modules udeb.
...
See commit 0e156c15e3
for the details
about utf8 vs. ascii iocharset for FAT. This fixes a regression with
EFI-related mounts within the Debian Installer.
Signed-off-by: Cyril Brulebois <kibi@debian.org>
2016-10-02 01:09:25 +01:00
Ben Hutchings
f925c51d8a
linux-image: Exclude vmlinux from stripping by dh_strip (fixes FTBFS on hppa)
2016-10-02 00:46:13 +01:00
Ben Hutchings
ef7e196951
[arm*,powerpc*,s390x,x86] Enable IO_STRICT_DEVMEM
...
This break dosemu and some old graphics drivers, and can be reverted
using the kernel parameter: iomem=relaxed
Again this is enabled in the top-level config, but it is only really
enabled for these architectures.
2016-10-01 22:42:58 +01:00
Ben Hutchings
8e160e8d48
[arm*] Enable STRICT_DEVMEM
...
This enables STRICT_DEVMEM in the top-level config rather than per-
architecture, but the only additional kernel architectures that we
build and that support it are arm and arm64.
2016-10-01 22:18:20 +01:00
Ben Hutchings
2aced7818a
[amd64] Enable LEGACY_VSYSCALL_NONE instead of LEGACY_VSYSCALL_EMULATE
...
This breaks (e)glibc 2.13 and earlier, and can be reverted using the kernel
parameter: vsyscall=emulate
2016-10-01 22:02:51 +01:00
Ben Hutchings
be7e4761f8
debian/bin/gencontrol.py: Fix cross-build-dependencies if invoked under dpkg-buildpackage
...
By default dpkg-architecture lets the current environment override the
architecture specified by the -a option. We mustn't let that happen
here as we are considering all architectures. Use the -f option to
force use of our specified architecture.
2016-09-26 22:31:21 +01:00
Ben Hutchings
1c213f98f9
Prepare to release linux (4.8~rc8-1~exp1).
2016-09-26 04:27:06 +01:00
Ben Hutchings
978f935022
Update to 4.8-rc8
2016-09-26 04:27:02 +01:00
Ben Hutchings
b2480a3dfe
Release linux (4.7.5-1).
...
-----BEGIN PGP SIGNATURE-----
iQIcBAABCgAGBQJX6HXOAAoJEOe/yOyVhhEJA68QAJSLxpMHBbl9474Q/SPonncf
S7NXiYZQuo7STq0uHUVxtOTpVKRc/7y793tdtpI3Ec6nZqilS+4uKq1QNAh7kj6n
JwilTLkfbjRS4+VqEEHJtVfK/bjijEep943W+uv3foMXPzbJulgRNrf54nUOFA2n
WY1ZfL6Dp+tvys49UrK+3lsuY/ZCLzpck3m0rScGYgalfnZo00ttPto29YZjVXrp
7RZset950hvEvL7cD7GXi2pqoEcvV3AISOABgKU0U6VitS1E8wJHW1pDZvHgZDKO
55lAdyyEsAE96J1RzKwPjyHTKDmr1v6AiqNxwviLndwoLflYHUbsZBx0H9pRE0Gi
45IDQELGFToJ/4dDNijk3oyOsQaV06f0gYv+FqGnN33IWxrlz9oQ3PSWB6qA9dr5
vBGG1tzoYFdManBwZvH5smD25Ckc3TK2UzMqJA1BIjRpCoajxfmZWcgfPH8Z9gwJ
5giCQkEKCbbwAXmRwVCYDFp5t0DlnyiY0/IizunHUxFapl9B6SNRFPhJVbUCNV07
/yzsRU+TcNnV1oGQE9+uWTIelUQmc5cvMiaIlW7fifrqPAKCCnk2imYI1Tx1jsVl
VqLo1Jalt+iZGKsEt6I3ST6LX1k/QFkz7BmJ4Yz+NdwwN6/Jq5rufFxLWGdIYPdI
N4PnNBVMK0ooLqbaatRO
=PYYu
-----END PGP SIGNATURE-----
Merge tag 'debian/4.7.5-1'
Drop ABI maintenance patches.
2016-09-26 02:16:56 +01:00
Ben Hutchings
f7d84f7a69
Prepare to release linux (4.7.5-1).
2016-09-26 01:48:21 +01:00
Ben Hutchings
7a0f81fe53
ext4: Fix checksum validation for inodes with small i_extra_isize
...
Closes : #838544 , regression in 4.7.4
2016-09-25 22:00:56 +01:00
Ben Hutchings
bdec0fe8f0
Update to 4.7.5
2016-09-25 03:05:35 +01:00
Ben Hutchings
c0b958cd5f
[powerpc,powerpcspe,ppc64] linux-image: Suppress automatic dbgsym packages
...
Currently on powerpc, powerpcspe and ppc64 we get an automatic dbgsym
package with symbols for the bootwrapper tools (addnote, hack-coff,
mktree). We should either put them in linux-image-*-dbgsym or
nowhere. For now, opt for nowhere.
Move the dh_strip invocation from the install-base rule to the
install-image_... rule. None of the other packages using install-base
should contain any executables.
2016-09-23 03:21:18 +01:00