diff --git a/debian/changelog b/debian/changelog index 5088b3d54..22bc307e8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,25 @@ +linux (4.17.16-1) UNRELEASED; urgency=medium + + * New upstream stable update: + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.16 + - [x86] platform/UV: Mark memblock related init code and data correctly + - [x86] mm/pti: Clear Global bit more aggressively + - [x86] xen/pv: Call get_cpu_address_sizes to set x86_virt/phys_bits + - [x86] mm: Disable ioremap free page handling on x86-PAE + - kbuild: verify that $DEPMOD is installed + - [x86] crypto: ccp - Check for NULL PSP pointer at module unload + - [x86] crypto: ccp - Fix command completion detection race + - crypto: vmac - require a block cipher with 128-bit block size + - crypto: vmac - separate tfm and request context + - crypto: blkcipher - fix crash flushing dcache in error path + - crypto: ablkcipher - fix crash flushing dcache in error path + - crypto: skcipher - fix aligning block size in skcipher_copy_iv() + - crypto: skcipher - fix crash flushing dcache in error path + - ioremap: Update pgtable free interfaces with addr + - [x86] mm: Add TLB purge to free pmd/pte page interfaces + + -- Salvatore Bonaccorso Sat, 18 Aug 2018 11:39:18 +0200 + linux (4.17.15-1) unstable; urgency=medium * New upstream stable update: diff --git a/debian/patches/bugfix/all/bluetooth-hidp-buffer-overflow-in-hidp_process_report.patch b/debian/patches/bugfix/all/bluetooth-hidp-buffer-overflow-in-hidp_process_report.patch deleted file mode 100644 index 55c16dd84..000000000 --- a/debian/patches/bugfix/all/bluetooth-hidp-buffer-overflow-in-hidp_process_report.patch +++ /dev/null @@ -1,50 +0,0 @@ -From: Mark Salyzyn -Date: Tue, 31 Jul 2018 15:02:13 -0700 -Subject: Bluetooth: hidp: buffer overflow in hidp_process_report -Origin: https://git.kernel.org/linus/7992c18810e568b95c869b227137a2215702a805 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-9363 - -CVE-2018-9363 - -The buffer length is unsigned at all layers, but gets cast to int and -checked in hidp_process_report and can lead to a buffer overflow. -Switch len parameter to unsigned int to resolve issue. - -This affects 3.18 and newer kernels. - -Signed-off-by: Mark Salyzyn -Fixes: a4b1b5877b514b276f0f31efe02388a9c2836728 ("HID: Bluetooth: hidp: make sure input buffers are big enough") -Cc: Marcel Holtmann -Cc: Johan Hedberg -Cc: "David S. Miller" -Cc: Kees Cook -Cc: Benjamin Tissoires -Cc: linux-bluetooth@vger.kernel.org -Cc: netdev@vger.kernel.org -Cc: linux-kernel@vger.kernel.org -Cc: security@kernel.org -Cc: kernel-team@android.com -Acked-by: Kees Cook -Signed-off-by: Marcel Holtmann ---- - net/bluetooth/hidp/core.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c -index 6f3eaf2fb94f..253975cce943 100644 ---- a/net/bluetooth/hidp/core.c -+++ b/net/bluetooth/hidp/core.c -@@ -431,8 +431,8 @@ static void hidp_del_timer(struct hidp_session *session) - del_timer(&session->timer); - } - --static void hidp_process_report(struct hidp_session *session, -- int type, const u8 *data, int len, int intr) -+static void hidp_process_report(struct hidp_session *session, int type, -+ const u8 *data, unsigned int len, int intr) - { - if (len > HID_MAX_BUFFER_SIZE) - len = HID_MAX_BUFFER_SIZE; --- -2.18.0 - diff --git a/debian/patches/bugfix/x86/x86-i8259-add-missing-include-file.patch b/debian/patches/bugfix/x86/x86-i8259-add-missing-include-file.patch deleted file mode 100644 index e1f15fbd2..000000000 --- a/debian/patches/bugfix/x86/x86-i8259-add-missing-include-file.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 0a957467c5fd46142bc9c52758ffc552d4c5e2f7 Mon Sep 17 00:00:00 2001 -From: Guenter Roeck -Date: Wed, 15 Aug 2018 13:22:27 -0700 -Subject: x86: i8259: Add missing include file - -From: Guenter Roeck - -commit 0a957467c5fd46142bc9c52758ffc552d4c5e2f7 upstream. - -i8259.h uses inb/outb and thus needs to include asm/io.h to avoid the -following build error, as seen with x86_64:defconfig and CONFIG_SMP=n. - - In file included from drivers/rtc/rtc-cmos.c:45:0: - arch/x86/include/asm/i8259.h: In function 'inb_pic': - arch/x86/include/asm/i8259.h:32:24: error: - implicit declaration of function 'inb' - - arch/x86/include/asm/i8259.h: In function 'outb_pic': - arch/x86/include/asm/i8259.h:45:2: error: - implicit declaration of function 'outb' - -Reported-by: Sebastian Gottschall -Suggested-by: Sebastian Gottschall -Fixes: 447ae3166702 ("x86: Don't include linux/irq.h from asm/hardirq.h") -Signed-off-by: Guenter Roeck -Signed-off-by: Linus Torvalds -Signed-off-by: Greg Kroah-Hartman - ---- - arch/x86/include/asm/i8259.h | 1 + - 1 file changed, 1 insertion(+) - ---- a/arch/x86/include/asm/i8259.h -+++ b/arch/x86/include/asm/i8259.h -@@ -3,6 +3,7 @@ - #define _ASM_X86_I8259_H - - #include -+#include - - extern unsigned int cached_irq_mask; - diff --git a/debian/patches/bugfix/x86/x86-l1tf-fix-build-error-seen-if-config_kvm_intel-is-disabled.patch b/debian/patches/bugfix/x86/x86-l1tf-fix-build-error-seen-if-config_kvm_intel-is-disabled.patch deleted file mode 100644 index 88c2ec6c9..000000000 --- a/debian/patches/bugfix/x86/x86-l1tf-fix-build-error-seen-if-config_kvm_intel-is-disabled.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 1eb46908b35dfbac0ec1848d4b1e39667e0187e9 Mon Sep 17 00:00:00 2001 -From: Guenter Roeck -Date: Wed, 15 Aug 2018 08:38:33 -0700 -Subject: x86/l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled - -From: Guenter Roeck - -commit 1eb46908b35dfbac0ec1848d4b1e39667e0187e9 upstream. - -allmodconfig+CONFIG_INTEL_KVM=n results in the following build error. - - ERROR: "l1tf_vmx_mitigation" [arch/x86/kvm/kvm.ko] undefined! - -Fixes: 5b76a3cff011 ("KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry") -Reported-by: Meelis Roos -Cc: Meelis Roos -Cc: Paolo Bonzini -Cc: Thomas Gleixner -Signed-off-by: Guenter Roeck -Signed-off-by: Linus Torvalds -Signed-off-by: Greg Kroah-Hartman - ---- - arch/x86/kernel/cpu/bugs.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -648,10 +648,9 @@ void x86_spec_ctrl_setup_ap(void) - enum l1tf_mitigations l1tf_mitigation __ro_after_init = L1TF_MITIGATION_FLUSH; - #if IS_ENABLED(CONFIG_KVM_INTEL) - EXPORT_SYMBOL_GPL(l1tf_mitigation); -- -+#endif - enum vmx_l1d_flush_state l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_AUTO; - EXPORT_SYMBOL_GPL(l1tf_vmx_mitigation); --#endif - - static void __init l1tf_select_mitigation(void) - { diff --git a/debian/patches/series b/debian/patches/series index d042e22c2..ad6f90eea 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -69,8 +69,6 @@ bugfix/x86/mmap-remember-the-map_fixed-flag-as-vm_fixed.patch bugfix/x86/mmap-add-an-exception-to-the-stack-gap-for-hotspot-jvm.patch bugfix/powerpc/powerpc-lib-sstep-fix-building-for-powerpcspe.patch bugfix/powerpc/powerpc-lib-makefile-don-t-pull-in-quad.o-for-32-bit.patch -bugfix/x86/x86-l1tf-fix-build-error-seen-if-config_kvm_intel-is-disabled.patch -bugfix/x86/x86-i8259-add-missing-include-file.patch # Arch features features/mips/MIPS-increase-MAX-PHYSMEM-BITS-on-Loongson-3-only.patch @@ -141,7 +139,6 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch # Security fixes debian/i386-686-pae-pci-set-pci-nobios-by-default.patch bugfix/all/Revert-net-increase-fragment-memory-usage-limits.patch -bugfix/all/bluetooth-hidp-buffer-overflow-in-hidp_process_report.patch # Fix exported symbol versions bugfix/all/module-disable-matching-missing-version-crc.patch