diff --git a/debian/changelog b/debian/changelog
index a9ce59801..21a7c3db5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,6 @@
-linux (4.17~rc3-1~exp2) UNRELEASED; urgency=medium
+linux (4.17~rc4-1~exp1) UNRELEASED; urgency=medium
+
+  * New upstream release candidate
 
   [ Luca Boccassi ]
   * Disable building linux-doc-* and tools documentation when the "nodoc"
diff --git a/debian/patches/bugfix/all/xfs-enhance-dinode-verifier.patch b/debian/patches/bugfix/all/xfs-enhance-dinode-verifier.patch
deleted file mode 100644
index 7a860f4be..000000000
--- a/debian/patches/bugfix/all/xfs-enhance-dinode-verifier.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From: Eric Sandeen <sandeen@sandeen.net>
-Date: Mon, 16 Apr 2018 23:06:53 -0700
-Subject: xfs: enhance dinode verifier
-Origin: https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit?id=b42db0860e13067fcc7cbfba3966c9e652668bbc
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10322
-
-Add several more validations to xfs_dinode_verify:
-
-- For LOCAL data fork formats, di_nextents must be 0.
-- For LOCAL attr fork formats, di_anextents must be 0.
-- For inodes with no attr fork offset,
-  - format must be XFS_DINODE_FMT_EXTENTS if set at all
-  - di_anextents must be 0.
-
-Thanks to dchinner for pointing out a couple related checks I had
-forgotten to add.
-
-Signed-off-by: Eric Sandeen <sandeen@redhat.com>
-Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199377
-Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
-Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
----
- fs/xfs/libxfs/xfs_inode_buf.c | 21 +++++++++++++++++++++
- 1 file changed, 21 insertions(+)
-
---- a/fs/xfs/libxfs/xfs_inode_buf.c
-+++ b/fs/xfs/libxfs/xfs_inode_buf.c
-@@ -458,6 +458,8 @@ xfs_dinode_verify(
- 				return __this_address;
- 			if (di_size > XFS_DFORK_DSIZE(dip, mp))
- 				return __this_address;
-+			if (dip->di_nextents)
-+				return __this_address;
- 			/* fall through */
- 		case XFS_DINODE_FMT_EXTENTS:
- 		case XFS_DINODE_FMT_BTREE:
-@@ -476,12 +478,31 @@ xfs_dinode_verify(
- 	if (XFS_DFORK_Q(dip)) {
- 		switch (dip->di_aformat) {
- 		case XFS_DINODE_FMT_LOCAL:
-+			if (dip->di_anextents)
-+				return __this_address;
-+		/* fall through */
- 		case XFS_DINODE_FMT_EXTENTS:
- 		case XFS_DINODE_FMT_BTREE:
- 			break;
- 		default:
- 			return __this_address;
- 		}
-+	} else {
-+		/*
-+		 * If there is no fork offset, this may be a freshly-made inode
-+		 * in a new disk cluster, in which case di_aformat is zeroed.
-+		 * Otherwise, such an inode must be in EXTENTS format; this goes
-+		 * for freed inodes as well.
-+		 */
-+		switch (dip->di_aformat) {
-+		case 0:
-+		case XFS_DINODE_FMT_EXTENTS:
-+			break;
-+		default:
-+			return __this_address;
-+		}
-+		if (dip->di_anextents)
-+			return __this_address;
- 	}
- 
- 	/* only version 3 or greater inodes are extensively verified here */
diff --git a/debian/patches/bugfix/all/xfs-set-format-back-to-extents-if-xfs_bmap_extents_t.patch b/debian/patches/bugfix/all/xfs-set-format-back-to-extents-if-xfs_bmap_extents_t.patch
deleted file mode 100644
index dc206006e..000000000
--- a/debian/patches/bugfix/all/xfs-set-format-back-to-extents-if-xfs_bmap_extents_t.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From: Eric Sandeen <sandeen@redhat.com>
-Date: Mon, 16 Apr 2018 23:07:27 -0700
-Subject: xfs: set format back to extents if xfs_bmap_extents_to_btree
-Origin: https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit?id=2c4306f719b083d17df2963bc761777576b8ad1b
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-10323
-
-If xfs_bmap_extents_to_btree fails in a mode where we call
-xfs_iroot_realloc(-1) to de-allocate the root, set the
-format back to extents.
-
-Otherwise we can assume we can dereference ifp->if_broot
-based on the XFS_DINODE_FMT_BTREE format, and crash.
-
-Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=199423
-Signed-off-by: Eric Sandeen <sandeen@redhat.com>
-Reviewed-by: Christoph Hellwig <hch@lst.de>
-Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
-Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
----
- fs/xfs/libxfs/xfs_bmap.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/fs/xfs/libxfs/xfs_bmap.c b/fs/xfs/libxfs/xfs_bmap.c
-index 6a7c2f03ea11..040eeda8426f 100644
---- a/fs/xfs/libxfs/xfs_bmap.c
-+++ b/fs/xfs/libxfs/xfs_bmap.c
-@@ -725,12 +725,16 @@ xfs_bmap_extents_to_btree(
- 	*logflagsp = 0;
- 	if ((error = xfs_alloc_vextent(&args))) {
- 		xfs_iroot_realloc(ip, -1, whichfork);
-+		ASSERT(ifp->if_broot == NULL);
-+		XFS_IFORK_FMT_SET(ip, whichfork, XFS_DINODE_FMT_EXTENTS);
- 		xfs_btree_del_cursor(cur, XFS_BTREE_ERROR);
- 		return error;
- 	}
- 
- 	if (WARN_ON_ONCE(args.fsbno == NULLFSBLOCK)) {
- 		xfs_iroot_realloc(ip, -1, whichfork);
-+		ASSERT(ifp->if_broot == NULL);
-+		XFS_IFORK_FMT_SET(ip, whichfork, XFS_DINODE_FMT_EXTENTS);
- 		xfs_btree_del_cursor(cur, XFS_BTREE_ERROR);
- 		return -ENOSPC;
- 	}
diff --git a/debian/patches/debian/parisc-fix-make-target.patch b/debian/patches/debian/parisc-fix-make-target.patch
deleted file mode 100644
index 1f2f827de..000000000
--- a/debian/patches/debian/parisc-fix-make-target.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-Subject: parisc: Make bzImage default build target
-From: Helge Deller <deller@gmx.de>
-Date: Wed, 18 Apr 2018 07:49:19 +0200
-Forwarded: https://patchwork.kernel.org/patch/10347405/
-
-Debian uses "make all" to build the Linux kernel, thus to be able to use
-the self-decompressing kernel as default debian kernel we need to make
-bzImage the default build target.
-
-Signed-off-by: Helge Deller <deller@gmx.de>
-
-diff --git a/arch/parisc/Makefile b/arch/parisc/Makefile
-index e2364ff59180..34ac503e28ad 100644
---- a/arch/parisc/Makefile
-+++ b/arch/parisc/Makefile
-@@ -123,6 +123,9 @@ INSTALL_TARGETS = zinstall install
- 
- PHONY += bzImage $(BOOT_TARGETS) $(INSTALL_TARGETS)
- 
-+# Default kernel to build
-+all: bzImage
-+
- zImage: vmlinuz
- Image: vmlinux
- 
diff --git a/debian/patches/series b/debian/patches/series
index 96e11fc66..a11aa6de7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -11,7 +11,6 @@ debian/modpost-symbol-prefix.patch
 debian/tools-perf-version.patch
 debian/tools-perf-install.patch
 debian/wireless-add-debian-wireless-regdb-certificates.patch
-debian/parisc-fix-make-target.patch
 
 # Fixes/improvements to firmware loading
 features/all/drivers-media-dvb-usb-af9005-request_firmware.patch
@@ -118,8 +117,6 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
 
 # Security fixes
 debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
-bugfix/all/xfs-enhance-dinode-verifier.patch
-bugfix/all/xfs-set-format-back-to-extents-if-xfs_bmap_extents_t.patch
 
 # Fix exported symbol versions
 bugfix/all/module-disable-matching-missing-version-crc.patch