debian-packaging
/
linux
8
0
Fork 0
Code Releases Activity

Update to 4.17.4 

This updates the debian changelog for listing changes of this stable
update. It also removes the patches that have been merged upstream.

Signed-off-by: Romain Perier <romain.perier@gmail.com>
This commit is contained in:
Romain Perier 2018-07-04 19:38:02 +02:00 committed by Romain Perier
parent 999f952b74
commit 16fe15c366
4 changed files with 235 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

237
debian/changelog vendored
View File

@ -1,6 +1,239 @@
linux (4.17.3-2) UNRELEASED; urgency=medium
linux (4.17.4-1) UNRELEASED; urgency=medium
* [armhf] DRM: Enable CONFIG_DRM_IMX_PARALLEL_DISPLAY
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.4
- [x86] spectre_v1: Disable compiler optimizations over
array_index_mask_nospec()
- [x86] xen: Add call of speculative_store_bypass_ht_init() to PV paths
- [x86] UV: Add adjustable set memory block size function
- [x86] UV: Use new set memory block size function
- [x86] UV: Add kernel parameter to set memory block size
- [x86] mce: Improve error message when kernel cannot recover
- [x86] mce: Check for alternate indication of machine check recovery on
Skylake
- [x86] mce: Fix incorrect "Machine check from unknown source" message
- [x86] mce: Do not overwrite MCi_STATUS in mce_no_way_out()
- [x86] Call fixup_exception() before notify_die() in math_error()
- [m68k] mm: Adjust VM area to be unmapped by gap size for __iounmap()
- [m68k] mac: Fix SWIM memory resource end address
- hwmon: (k10temp) Add support for Stoney Ridge and Bristol Ridge CPUs
- mtd: spi-nor: intel-spi: Fix atomic sequence handling
- serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version
- signal/xtensa: Consistenly use SIGBUS in do_unaligned_user
- PM / Domains: Fix error path during attach in genpd
- PCI / PM: Do not clear state_saved for devices that remain suspended
- ACPI / LPSS: Avoid PM quirks on suspend and resume from S3
- PM / core: Fix supplier device runtime PM usage counter imbalance
- PM / OPP: Update voltage in case freq == old_freq
- mmc: renesas_sdhi: really fix WP logic regressions
- usb: do not reset if a low-speed or full-speed device timed out
- 1wire: family module autoload fails because of upper/lower case mismatch.
- ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it
- ASoC: cs35l35: Add use_single_rw to regmap config
- ASoC: mediatek: preallocate pages use platform device
- ASoC: cirrus: i2s: Fix LRCLK configuration
- ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup
- thermal: bcm2835: Stop using printk format %pCr
- lib/vsprintf: Remove atomic-unsafe support for %pCr
- ftrace/selftest: Have the reset_trigger code be a bit more careful
- mips: ftrace: fix static function graph tracing
- branch-check: fix long->int truncation when profiling branches
- ipmi:bt: Set the timeout before doing a capabilities check
- Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw
loader
- printk: fix possible reuse of va_list variable
- fuse: fix congested state leak on aborted connections
- fuse: atomic_o_trunc should truncate pagecache
- fuse: don't keep dead fuse_conn at fuse_fill_super().
- fuse: fix control dir setup and teardown
- [powerpc*] mm/hash: Add missing isync prior to kernel stack SLB switch
- [powerpc*] pkeys: Detach execute_only key on !PROT_EXEC
- [powerpc*] ptrace: Fix setting 512B aligned breakpoints with
PTRACE_SET_DEBUGREG
- [powerpc*] perf: Fix memory allocation for core-imc based on
num_possible_cpus()
- [powerpc*] ptrace: Fix enforcement of DAWR constraints
- [powerpc*] powernv/ioda2: Remove redundant free of TCE pages
- [powerpc*] powernv: copy/paste - Mask SO bit in CR
- [powerpc*] powernv/cpuidle: Init all present cpus for deep states
- [powerpc*] cpuidle: powernv: Fix promotion from snooze if next state
disabled
- [powerpc*] fadump: Unregister fadump on kexec down path.
- libnvdimm, pmem: Do not flush power-fail protected CPU caches
- [armhf, arm64] soc: rockchip: power-domain: Fix wrong value when power
up pd with writemask
- [powerpc*] 64s/radix: Fix radix_kvm_prefetch_workaround paca access of not
possible CPU
- [powerpc] e500mc: Set assembler machine type to e500mc
- [powerpc*] 64s: Fix DT CPU features Power9 DD2.1 logic
- cxl: Configure PSL to not use APC virtual machines
- cxl: Disable prefault_mode in Radix mode
- [armhf] 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size
- [armhf] dts: Fix SPI node for Arria10
- [armhf] dts: socfpga: Fix NAND controller node compatible
- [armhf] dts: socfpga: Fix NAND controller clock supply
- [armhf] dts: socfpga: Fix NAND controller node compatible for Arria10
- hwrng: core - Always drop the RNG in hwrng_unregister()
- softirq: Reorder trace_softirqs_on to prevent lockdep splat
- [arm64] Fix syscall restarting around signal suppressed by tracer
- [arm64] crypto: arm64/aes-blk - fix and move skcipher_walk_done out of
kernel_neon_begin, _end
- [arm64] kpti: Use early_param for kpti= command-line option
- [arm64] mm: Ensure writes to swapper are ordered wrt subsequent cache
maintenance
- [arm64] dts: marvell: fix CP110 ICU node size
- [arm64] dts: meson: disable sd-uhs modes on the libretech-cc
- [arm64] dts: meson-gx: fix ATF reserved memory region
- of: overlay: validate offset from property fixups
- of: unittest: for strings, account for trailing \0 in property length
field
- of: platform: stop accessing invalid dev in of_platform_device_destroy
- tpm: fix use after free in tpm2_load_context()
- tpm: fix race condition in tpm_common_write()
- efi/libstub/tpm: Initialize efi_physical_addr_t vars to zero for mixed
mode
- IB/qib: Fix DMA api warning with debug kernel
- IB/{hfi1, qib}: Add handling of kernel restart
- IB/mlx4: Mark user MR as writable if actual virtual memory is writable
- IB/core: Make testing MR flags for writability a static inline function
- IB/mlx5: Fetch soft WQE's on fatal error state
- IB/isert: Fix for lib/dma_debug check_sync warning
- IB/isert: fix T10-pi check mask setting
- IB/hfi1: Fix fault injection init/exit issues
- IB/hfi1: Reorder incorrect send context disable
- IB/hfi1: Optimize kthread pointer locking when queuing CQ entries
- IB/hfi1: Fix user context tail allocation for DMA_RTAIL
- IB/uverbs: Fix ordering of ucontext check in ib_uverbs_write
- RDMA/mlx4: Discard unknown SQP work requests
- xprtrdma: Return -ENOBUFS when no pages are available
- RDMA/core: Save kernel caller name when creating CQ using ib_create_cq()
- mtd: rawnand: Do not check FAIL bit when executing a SET_FEATURES op
- mtd: cfi_cmdset_0002: Change write buffer to check correct value
- mtd: rawnand: denali_dt: set clk_x_rate to 200 MHz unconditionally
- mtd: rawnand: fix return value check for bad block status
- mtd: rawnand: mxc: set spare area size register explicitly
- mtd: rawnand: micron: add ONFI_FEATURE_ON_DIE_ECC to supported features
- mtd: rawnand: All AC chips have a broken GET_FEATURES(TIMINGS).
- mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock()
- mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips
- mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary
- mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking.
- clk:aspeed: Fix reset bits for PCI/VGA and PECI
- [x86] PCI: hv: Make sure the bus domain is really unique
- PCI: Add ACS quirk for Intel 7th & 8th Gen mobile
- PCI: Add ACS quirk for Intel 300 series
- PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on
resume
- PCI: Account for all bridges on bus when distributing bus numbers
- auxdisplay: fix broken menu
- pinctrl: armada-37xx: Fix spurious irq management
- pinctrl: samsung: Correct EINTG banks order
- pinctrl: devicetree: Fix pctldev pointer overwrite
- cpufreq: intel_pstate: Fix scaling max/min limits with Turbo 3.0
- [mips*] pb44: Fix i2c-gpio GPIO descriptor table
- [mips*] io: Add barrier after register read in inX()
- time: Make sure jiffies_to_msecs() preserves non-zero time periods
- irqchip/gic-v3-its: Don't bind LPI to unavailable NUMA node
- locking/rwsem: Fix up_read_non_owner() warning with DEBUG_RWSEMS
- X.509: unpack RSA signatureValue field from BIT STRING
- Btrfs: fix return value on rename exchange failure
- iio: adc: ad7791: remove sample freq sysfs attributes
- iio: sca3000: Fix an error handling path in 'sca3000_probe()'
- mm: fix __gup_device_huge vs unmap
- scsi: scsi_debug: Fix memory leak on module unload
- scsi: hpsa: disable device during shutdown
- scsi: qla2xxx: Delete session for nport id change
- scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails
- scsi: qla2xxx: Mask off Scope bits in retry delay
- scsi: qla2xxx: Spinlock recursion in qla_target
- scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler
- scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF
- scsi: zfcp: fix misleading REC trigger trace where erp_action setup
failed
- scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early
return
- scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for
ERP_FAILED
- scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED
- scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread
- linvdimm, pmem: Preserve read-only setting for pmem devices
- libnvdimm, pmem: Unconditionally deep flush on *sync
- [armhf] clk: meson: meson8b: mark fclk_div2 gate clocks as CLK_IS_CRITICAL
- [armhf] rtc: sun6i: Fix bit_idx value for clk_register_gate
- md: fix two problems with setting the "re-add" device state.
- rpmsg: smd: do not use mananged resources for endpoints and channels
- ubi: fastmap: Cancel work upon detach
- ubi: fastmap: Correctly handle interrupted erasures in EBA
- UBIFS: Fix potential integer overflow in allocation
- backlight: as3711_bl: Fix Device Tree node lookup
- backlight: max8925_bl: Fix Device Tree node lookup
- backlight: tps65217_bl: Fix Device Tree node lookup
- Revert "iommu/amd_iommu: Use CONFIG_DMA_DIRECT_OPS=y and
dma_direct_{alloc,free}()"
- f2fs: don't use GFP_ZERO for page caches
- um: Fix initialization of vector queues
- um: Fix raw interface options
- mfd: twl-core: Fix clock initialization
- mfd: intel-lpss: Program REMAP register in PIO mode
- mfd: intel-lpss: Fix Intel Cannon Lake LPSS I2C input clock
- perf tools: Fix symbol and object code resolution for vdso32 and vdsox32
- [x86] perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING
- [x86] perf intel-pt: Fix decoding to accept CBR between FUP and
corresponding TIP
- [x86] perf intel-pt: Fix MTC timing after overflow
- [x86] perf intel-pt: Fix "Unexpected indirect branch" error
- [x86] perf intel-pt: Fix packet decoding of CYC packets
- media: vsp1: Release buffers for each video node
- media: uvcvideo: Support realtek's UVC 1.5 device
- media: cx231xx: Ignore an i2c mux adapter
- media: v4l2-compat-ioctl32: prevent go past max size
- media: cx231xx: Add support for AverMedia DVD EZMaker 7
- media: rc: mce_kbd decoder: fix stuck keys
- media: dvb_frontend: fix locking issues at dvb_frontend_get_event()
- nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir
- NFSv4: Fix possible 1-byte stack overflow in
nfs_idmap_read_and_verify_message
- NFSv4: Revert commit 5f83d86cf531d ("NFSv4.x: Fix wraparound issues..")
- NFSv4: Fix a typo in nfs41_sequence_process
- video: uvesafb: Fix integer overflow in allocation
- ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices
- Input: silead - add MSSL0002 ACPI HID
- Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID
- pwm: lpss: platform: Save/restore the ctrl register over a suspend/resume
- rbd: flush rbd_dev->watch_dwork after watch is unregistered
- mm/ksm.c: ignore STABLE_FLAG of rmap_item->address in rmap_walk_ksm()
- mm: fix devmem_is_allowed() for sub-page System RAM intersections
- xen: Remove unnecessary BUG_ON from __unbind_from_irq()
- net: ethernet: fix suspend/resume in davinci_emac
- udf: Detect incorrect directory size
- Input: xpad - fix GPD Win 2 controller name
- Input: psmouse - fix button reporting for basic protocols
- Input: elan_i2c_smbus - fix more potential stack buffer overflows
- Input: elantech - enable middle button of touchpads on ThinkPad P52
- Input: elantech - fix V4 report decoding for module with middle key
- ALSA: timer: Fix UBSAN warning at SNDRV_TIMER_IOCTL_NEXT_DEVICE ioctl
- ALSA: hda - Force to link down at runtime suspend on ATI/AMD HDMI
- ALSA: hda/realtek - Fix pop noise on Lenovo P50 & co
- ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210
- ALSA: hda/realtek - Fix the problem of two front mics on more machines
- Revert "i2c: algo-bit: init the bus to a known state"
- i2c: gpio: initialize SCL to HIGH again
- slub: fix failure when we delete and create a slab cache
- kasan: depend on CONFIG_SLUB_DEBUG
- dm: use bio_split() when splitting out the already processed bio
- pmem: only set QUEUE_FLAG_DAX for fsdax mode
- block: Fix transfer when chunk sectors exceeds max
- block: Fix cloning of requests with a special payload
- [x86] e820: put !E820_TYPE_RAM regions into memblock.reserved
- selinux: move user accesses in selinuxfs out of locked regions
- [x86] entry/64/compat: Fix "x86/entry/64/compat: Preserve r8-r11 in int
$0x80"
- [x86] efi: Fix efi_call_phys_epilog() with CONFIG_X86_5LEVEL=y
- dm zoned: avoid triggering reclaim from inside dmz_map()
- dm thin: handle running out of data space vs concurrent discard
[Sjoerd Simons]
* [armhf] DRM: Enable CONFIG_DRM_IMX_PARALLEL_DISPLAY
-- Sjoerd Simons <sjoerd@debian.org> Wed, 04 Jul 2018 10:25:57 +0200

61
debian/patches/bugfix/all/tracing-check-for-no-filter-when-processing-event-fi.patch vendored
View File

@ -1,61 +0,0 @@
From: "Steven Rostedt (VMware)" <rostedt@goodmis.org>
Date: Thu, 21 Jun 2018 13:20:53 -0400
Subject: tracing: Check for no filter when processing event filters
Origin: https://git.kernel.org/linus/70303420b5721c38998cf987e6b7d30cc62d4ff1
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-12714
The syzkaller detected a out-of-bounds issue with the events filter code,
specifically here:
prog[N].pred = NULL; /* #13 */
prog[N].target = 1; /* TRUE */
prog[N+1].pred = NULL;
prog[N+1].target = 0; /* FALSE */
-> prog[N-1].target = N;
prog[N-1].when_to_branch = false;
As that's the first reference to a "N-1" index, it appears that the code got
here with N = 0, which means the filter parser found no filter to parse
(which shouldn't ever happen, but apparently it did).
Add a new error to the parsing code that will check to make sure that N is
not zero before going into this part of the code. If N = 0, then -EINVAL is
returned, and a error message is added to the filter.
Cc: stable@vger.kernel.org
Fixes: 80765597bc587 ("tracing: Rewrite filter logic to be simpler and faster")
Reported-by: air icy <icytxw@gmail.com>
bugzilla url: https://bugzilla.kernel.org/show_bug.cgi?id=200019
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
---
kernel/trace/trace_events_filter.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c
index e1c818dbc0d7..0dceb77d1d42 100644
--- a/kernel/trace/trace_events_filter.c
+++ b/kernel/trace/trace_events_filter.c
@@ -78,7 +78,8 @@ static const char * ops[] = { OPS };
C(TOO_MANY_PREDS, "Too many terms in predicate expression"), \
C(INVALID_FILTER, "Meaningless filter expression"), \
C(IP_FIELD_ONLY, "Only 'ip' field is supported for function trace"), \
- C(INVALID_VALUE, "Invalid value (did you forget quotes)?"),
+ C(INVALID_VALUE, "Invalid value (did you forget quotes)?"), \
+ C(NO_FILTER, "No filter found"),
#undef C
#define C(a, b) FILT_ERR_##a
@@ -550,6 +551,13 @@ predicate_parse(const char *str, int nr_parens, int nr_preds,
goto out_free;
}
+ if (!N) {
+ /* No program? */
+ ret = -EINVAL;
+ parse_error(pe, FILT_ERR_NO_FILTER, ptr - str);
+ goto out_free;
+ }
+
prog[N].pred = NULL; /* #13 */
prog[N].target = 1; /* TRUE */
prog[N+1].pred = NULL;

43
debian/patches/bugfix/x86/virt-vbox-Only-copy_from_user-the-request-header-onc.patch vendored
View File

@ -1,43 +0,0 @@
From: Wenwen Wang <wang6495@umn.edu>
Date: Tue, 8 May 2018 08:50:28 -0500
Subject: virt: vbox: Only copy_from_user the request-header once
Origin: https://git.kernel.org/linus/bd23a7269834dc7c1f93e83535d16ebc44b75eba
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-12633
In vbg_misc_device_ioctl(), the header of the ioctl argument is copied from
the userspace pointer 'arg' and saved to the kernel object 'hdr'. Then the
'version', 'size_in', and 'size_out' fields of 'hdr' are verified.
Before this commit, after the checks a buffer for the entire request would
be allocated and then all data including the verified header would be
copied from the userspace 'arg' pointer again.
Given that the 'arg' pointer resides in userspace, a malicious userspace
process can race to change the data pointed to by 'arg' between the two
copies. By doing so, the user can bypass the verifications on the ioctl
argument.
This commit fixes this by using the already checked copy of the header
to fill the header part of the allocated buffer and only copying the
remainder of the data from userspace.
Signed-off-by: Wenwen Wang <wang6495@umn.edu>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/virt/vboxguest/vboxguest_linux.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/virt/vboxguest/vboxguest_linux.c
+++ b/drivers/virt/vboxguest/vboxguest_linux.c
@@ -121,7 +121,9 @@ static long vbg_misc_device_ioctl(struct
if (!buf)
return -ENOMEM;
- if (copy_from_user(buf, (void *)arg, hdr.size_in)) {
+ *((struct vbg_ioctl_hdr *)buf) = hdr;
+ if (copy_from_user(buf + sizeof(hdr), (void *)arg + sizeof(hdr),
+ hdr.size_in - sizeof(hdr))) {
ret = -EFAULT;
goto out;
}

2
debian/patches/series vendored
View File

@ -131,8 +131,6 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
# Security fixes
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
bugfix/x86/virt-vbox-Only-copy_from_user-the-request-header-onc.patch
bugfix/all/tracing-check-for-no-filter-when-processing-event-fi.patch
bugfix/all/ext4-add-corruption-check-in-ext4_xattr_set_entry.patch
bugfix/all/ext4-always-verify-the-magic-number-in-xattr-blocks.patch
bugfix/all/ext4-always-check-block-group-bounds-in-ext4_init_bl.patch