diff --git a/debian/changelog b/debian/changelog index 26c953473..a4926b703 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,6 @@ -linux (4.13~rc7-1~exp2) UNRELEASED; urgency=medium +linux (4.13-1~exp1) UNRELEASED; urgency=medium + + * New upstream release: https://kernelnewbies.org/Linux_4.13 [ Roger Shimizu ] * debian/bin/buildcheck.py: diff --git a/debian/config/defines b/debian/config/defines index 1e7db72bd..9711d00aa 100644 --- a/debian/config/defines +++ b/debian/config/defines @@ -1,5 +1,5 @@ [abi] -abiname: 1 +abiname: trunk ignore-changes: __cpuhp_* bpf_analyzer diff --git a/debian/patches/bugfix/all/xfrm-policy-check-policy-direction-value.patch b/debian/patches/bugfix/all/xfrm-policy-check-policy-direction-value.patch deleted file mode 100644 index 42dedccea..000000000 --- a/debian/patches/bugfix/all/xfrm-policy-check-policy-direction-value.patch +++ /dev/null @@ -1,40 +0,0 @@ -From: Vladis Dronov -Date: Wed, 2 Aug 2017 19:50:14 +0200 -Subject: xfrm: policy: check policy direction value -Origin: https://git.kernel.org/linus/7bab09631c2a303f87a7eb7e3d69e888673b9b7e -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-11600 - -The 'dir' parameter in xfrm_migrate() is a user-controlled byte which is used -as an array index. This can lead to an out-of-bound access, kernel lockup and -DoS. Add a check for the 'dir' value. - -This fixes CVE-2017-11600. - -References: https://bugzilla.redhat.com/show_bug.cgi?id=1474928 -Fixes: 80c9abaabf42 ("[XFRM]: Extension for dynamic update of endpoint address(es)") -Cc: # v2.6.21-rc1 -Reported-by: "bo Zhang" -Signed-off-by: Vladis Dronov -Signed-off-by: Steffen Klassert ---- - net/xfrm/xfrm_policy.c | 6 ++++++ - 1 file changed, 6 insertions(+) - ---- a/net/xfrm/xfrm_policy.c -+++ b/net/xfrm/xfrm_policy.c -@@ -3301,9 +3301,15 @@ int xfrm_migrate(const struct xfrm_selec - struct xfrm_state *x_new[XFRM_MAX_DEPTH]; - struct xfrm_migrate *mp; - -+ /* Stage 0 - sanity checks */ - if ((err = xfrm_migrate_check(m, num_migrate)) < 0) - goto out; - -+ if (dir >= XFRM_POLICY_MAX) { -+ err = -EINVAL; -+ goto out; -+ } -+ - /* Stage 1 - find policy */ - if ((pol = xfrm_migrate_policy_find(sel, dir, type, net)) == NULL) { - err = -ENOENT; diff --git a/debian/patches/bugfix/alpha/alpha-uapi-add-support-for-__sane_userspace_types__.patch b/debian/patches/bugfix/alpha/alpha-uapi-add-support-for-__sane_userspace_types__.patch deleted file mode 100644 index 3d6a877bf..000000000 --- a/debian/patches/bugfix/alpha/alpha-uapi-add-support-for-__sane_userspace_types__.patch +++ /dev/null @@ -1,56 +0,0 @@ -From: Ben Hutchings -Date: Tue, 29 Sep 2015 02:55:06 +0100 -Subject: [PATCH] alpha: uapi: Add support for __SANE_USERSPACE_TYPES__ -Forwarded: http://mid.gmane.org/1443659755.2730.14.camel@decadent.org.uk - -This fixes compiler errors in perf such as: - -tests/attr.c: In function 'store_event': -tests/attr.c:66:27: error: format '%llu' expects argument of type 'long long unsigned int', but argument 6 has type '__u64 {aka long unsigned int}' [-Werror=format=] - snprintf(path, PATH_MAX, "%s/event-%d-%llu-%d", dir, - ^ - -Signed-off-by: Ben Hutchings -Tested-by: Michael Cree -Cc: stable@vger.kernel.org ---- - arch/alpha/include/asm/types.h | 2 +- - arch/alpha/include/uapi/asm/types.h | 12 +++++++++++- - 2 files changed, 12 insertions(+), 2 deletions(-) - -# diff --git a/arch/alpha/include/asm/types.h b/arch/alpha/include/asm/types.h -# index 4cb4b6d..0bc66e1 100644 -# --- a/arch/alpha/include/asm/types.h -# +++ b/arch/alpha/include/asm/types.h -# @@ -1,6 +1,6 @@ -# #ifndef _ALPHA_TYPES_H -# #define _ALPHA_TYPES_H -# -# -#include -# +#include -# -# #endif /* _ALPHA_TYPES_H */ -diff --git a/arch/alpha/include/uapi/asm/types.h b/arch/alpha/include/uapi/asm/types.h -index 9fd3cd4..8d1024d 100644 ---- a/arch/alpha/include/uapi/asm/types.h -+++ b/arch/alpha/include/uapi/asm/types.h -@@ -9,8 +9,18 @@ - * need to be careful to avoid a name clashes. - */ - --#ifndef __KERNEL__ -+/* -+ * This is here because we used to use l64 for alpha -+ * and we don't want to impact user mode with our change to ll64 -+ * in the kernel. -+ * -+ * However, some user programs are fine with this. They can -+ * flag __SANE_USERSPACE_TYPES__ to get int-ll64.h here. -+ */ -+#if !defined(__SANE_USERSPACE_TYPES__) && !defined(__KERNEL__) - #include -+#else -+#include - #endif - - #endif /* _UAPI_ALPHA_TYPES_H */ diff --git a/debian/patches/series b/debian/patches/series index 35a89053e..053e97413 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -114,7 +114,6 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch # Security fixes debian/i386-686-pae-pci-set-pci-nobios-by-default.patch -bugfix/all/xfrm-policy-check-policy-direction-value.patch # Fix exported symbol versions bugfix/alpha/alpha-restore-symbol-versions-for-symbols-exported-f.patch @@ -129,7 +128,6 @@ bugfix/all/tools-perf-man-date.patch bugfix/all/tools-perf-remove-shebangs.patch bugfix/all/tools-lib-traceevent-use-ldflags.patch bugfix/x86/revert-perf-build-fix-libunwind-feature-detection-on.patch -bugfix/alpha/alpha-uapi-add-support-for-__sane_userspace_types__.patch bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch bugfix/all/cpupower-bump-soname-version.patch bugfix/all/cpupower-fix-checks-for-cpu-existence.patch