diff --git a/debian/changelog b/debian/changelog index 270ac81c5..9948ee0a2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -162,6 +162,538 @@ linux (4.16~rc5-1~exp1) experimental; urgency=medium -- Ben Hutchings Tue, 13 Mar 2018 02:06:57 +0000 +linux (4.15.17-1) unstable; urgency=medium + + * New upstream stable update: + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.12 + - [i386] vm86: Fix POPF emulation + - [i386] speculation, objtool: Annotate indirect calls/jumps for objtool on + 32-bit kernels + - [x86] speculation: Remove Skylake C2 from Speculation Control microcode + blacklist + - [x86] KVM: Fix device passthrough when SME is active + - [x86] mm: Fix vmalloc_fault to use pXd_large + - [hppa] Handle case where flush_cache_range is called with no context + - ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats() + - ALSA: hda - Revert power_save option default value + - ALSA: seq: Fix possible UAF in snd_seq_check_queue() + - ALSA: seq: Clear client entry before deleting else at closing + - drm/nouveau/bl: Fix oops on driver unbind + - drm/nouveau/mmu: ALIGN_DOWN correct variable (Closes: #895750) + - drm/amdgpu: fix prime teardown order + - drm/radeon: fix prime teardown order + - drm/amdgpu/dce: Don't turn off DP sink when disconnected + - fs: Teach path_connected to handle nfs filesystems with multiple roots. + - [armhf,arm64] KVM: Reduce verbosity of KVM init log + - [armhf,arm64] KVM: Reset mapped IRQs on VM reset + - [armhf,arm64] kvm: vgic-v3: Tighten synchronization for guests using v2 + on v3 + - [armhf.arm64] KVM: vgic: Don't populate multiple LRs with the same vintid + - lock_parent() needs to recheck if dentry got __dentry_kill'ed under it + - fs/aio: Add explicit RCU grace period when freeing kioctx + - fs/aio: Use RCU accessors for kioctx_table->table[] + - RDMAVT: Fix synchronization around percpu_ref + - [armhf.arm64] irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis + - nvme: fix subsystem multiple controllers support check + - xfs: preserve i_rdev when recycling a reclaimable inode + - btrfs: Fix NULL pointer exception in find_bio_stripe + - btrfs: add missing initialization in btrfs_check_shared + - btrfs: alloc_chunk: fix DUP stripe size handling + - btrfs: Fix use-after-free when cleaning up fs_devs with a single stale + device + - btrfs: remove spurious WARN_ON(ref->count < 0) in find_parent_nodes + - btrfs: Fix memory barriers usage with device stats counters + - scsi: qla2xxx: Fix smatch warning in qla25xx_delete_{rsp|req}_que + - scsi: qla2xxx: Fix NULL pointer access for fcport structure + - scsi: qla2xxx: Fix logo flag for qlt_free_session_done() + - scsi: qla2xxx: Fix crashes in qla2x00_probe_one on probe failure + - usb: dwc2: fix STM32F7 USB OTG HS compatible + - USB: gadget: udc: Add missing platform_device_put() on error in + bdc_pci_probe() + - usb: dwc3: Fix GDBGFIFOSPACE_TYPE values + - usb: dwc3: core: Power-off core/PHYs on system_suspend in host mode + - usb: dwc3: of-simple: fix oops by unbalanced clk disable call + - usb: gadget: udc: renesas_usb3: fix oops in renesas_usb3_remove() + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.13 + - scsi: megaraid_sas: Do not use 32-bit atomic request descriptor for + Ventura controllers + - drm/amdgpu: use polling mem to set SDMA3 wptr for VF + - Bluetooth: hci_qca: Avoid setup failure on missing rampatch + - [arm64] Bluetooth: btqcomsmd: Fix skb double free corruption + - [x86] cpufreq: longhaul: Revert transition_delay_us to 200 ms + - [arm64] drm/msm: fix leak in failed get_pages + - IB/ipoib: Warn when one port fails to initialize + - RDMA/iwpm: Fix uninitialized error code in iwpm_send_mapinfo() + - [x86] hv_netvsc: Fix the receive buffer size limit + - [x86] hv_netvsc: Fix the TX/RX buffer default sizes + - tcp: allow TLP in ECN CWR + - libbpf: prefer global symbols as bpf program name source + - rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled. + - rtlwifi: always initialize variables given to RT_TRACE() + - media: bt8xx: Fix err 'bt878_probe()' + - ath10k: handling qos at STA side based on AP WMM enable/disable + - media: dvb-frontends: Add delay to Si2168 restart + - qmi_wwan: set FLAG_SEND_ZLP to avoid network initiated disconnect + - serial: 8250_dw: Disable clock on error + - [armhf,arm64] cros_ec: fix nul-termination for firmware build info + - watchdog: Fix potential kref imbalance when opening watchdog + - watchdog: Fix kref imbalance seen if handle_boot_enabled=0 + - platform/chrome: Use proper protocol transfer function + - [armhf] drm/tilcdc: ensure nonatomic iowrite64 is not used + - mmc: avoid removing non-removable hosts during suspend + - mmc: block: fix logical error to avoid memory leak + - /dev/mem: Add bounce buffer for copy-out + - [arm64] net: phy: meson-gxl: check phy_write return value + - IB/ipoib: Avoid memory leak if the SA returns a different DGID + - RDMA/cma: Use correct size when writing netlink stats + - IB/umem: Fix use of npages/nmap fields + - iser-target: avoid reinitializing rdma contexts for isert commands + - bpf/cgroup: fix a verification error for a CGROUP_DEVICE type prog + - PCI/ASPM: Calculate LTR_L1.2_THRESHOLD from device characteristics + - vgacon: Set VGA struct resource types + - [armhf] omapdrm: panel: fix compatible vendor string for td028ttec1 + - [arm64] mmc: sdhci-xenon: wait 5ms after set 1.8V signal enable + - [armhf] drm/omap: DMM: Check for DMM readiness after successful + transaction commit + - pty: cancel pty slave port buf's work in tty_release + - clk: check ops pointer on clock register + - clk: use round rate to bail out early in set_rate + - pinctrl: Really force states during suspend/resume + - [armhf,arm64] pinctrl: rockchip: enable clock when reading pin direction + register + - [x86] iommu/vt-d: clean up pr_irq if request_threaded_irq fails + - ip6_vti: adjust vti mtu according to mtu of lower device + - ip_gre: fix error path when erspan_rcv failed + - ip_gre: fix potential memory leak in erspan_rcv + - [arm64] soc: qcom: smsm: fix child-node lookup + - scsi: lpfc: Fix SCSI LUN discovery when SCSI and NVME enabled + - scsi: lpfc: Fix issues connecting with nvme initiator + - RDMA/ocrdma: Fix permissions for OCRDMA_RESET_STATS + - nfsd4: permit layoutget of executable-only files + - clk: Don't touch hardware when reparenting during registration + - hwrng: core - Clean up RNG list when last hwrng is unregistered + - [armhf] dmaengine: ti-dma-crossbar: Fix event mapping for + TPCC_EVT_MUX_60_63 + - IB/mlx5: Fix integer overflows in mlx5_ib_create_srq + - IB/mlx5: Fix out-of-bounds read in create_raw_packet_qp_rq + - [x86] RDMA/vmw_pvrdma: Fix usage of user response structures in ABI file + - serial: 8250_pci: Don't fail on multiport card class + - RDMA/core: Do not use invalid destination in determining port reuse + - clk: migrate the count of orphaned clocks at init + - RDMA/ucma: Fix access to non-initialized CM_ID object + - RDMA/ucma: Don't allow join attempts for unsupported AF family + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.14 + - [armhf] iio: st_pressure: st_accel: pass correct platform data to init + - [arm64] iio: adc: meson-saradc: unlock on error in meson_sar_adc_lock() + - ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit + - ALSA: aloop: Sync stale timer before release + - ALSA: aloop: Fix access to not-yet-ready substream via cable + - ALSA: hda - Force polling mode on CFL for fixing codec communication + - ALSA: hda/realtek - Fix speaker no sound after system resume + - ALSA: hda/realtek - Fix Dell headset Mic can't record + - ALSA: hda/realtek - Always immediately update mute LED with pin VREF + - mmc: core: Fix tracepoint print of blk_addr and blksz + - mmc: core: Disable HPI for certain Micron (Numonyx) eMMC cards + - mmc: block: fix updating ext_csd caches on ioctl call + - [armhf] mmc: dw_mmc: Fix the DTO/CTO timeout overflow calculation for + 32-bit systems + - [armhf] mmc: dw_mmc: exynos: fix the suspend/resume issue for exynos5433 + - [armhf,arm64] mmc: dw_mmc: fix falling from idmac to PIO mode when + dw_mci_reset occurs + - PCI: Add function 1 DMA alias quirk for Highpoint RocketRAID 644L + - lockdep: fix fs_reclaim warning + - [armhf,arm64] clk: bcm2835: Fix ana->maskX definitions + - [armhf,arm64] clk: bcm2835: Protect sections updating shared registers + - [armhf,arm64] clk: sunxi-ng: a31: Fix CLK_OUT_* clock ops + - RDMA/mlx5: Fix crash while accessing garbage pointer and freed memory + - [x86] Drivers: hv: vmbus: Fix ring buffer signaling + - [armhf] pinctrl: samsung: Validate alias coming from DT + - Bluetooth: btusb: Remove Yoga 920 from the btusb_needs_reset_resume_table + - Bluetooth: btusb: Add Dell OptiPlex 3060 to btusb_needs_reset_resume_table + - Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174 + - libata: fix length validation of ATAPI-relayed SCSI commands + - libata: remove WARN() for DMA or PIO command without data + - libata: don't try to pass through NCQ commands to non-NCQ devices + - libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs + - libata: disable LPM for Crucial BX100 SSD 500GB drive + - libata: Enable queued TRIM for Samsung SSD 860 + - libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs + - libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions + - libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version + - sched, cgroup: Don't reject lower cpu.max on ancestors + - cgroup: fix rule checking for threaded mode switching + - nfsd: remove blocked locks on client teardown + - hugetlbfs: check for pgoff value overflow (CVE-2018-7740) + - [x86] mm: implement free pmd/pte page interfaces + - mm/khugepaged.c: convert VM_BUG_ON() to collapse fail + - mm/thp: do not wait for lock_page() in deferred_split_scan() + - mm/shmem: do not wait for lock_page() in shmem_unused_huge_shrink() + - Revert "mm: page_alloc: skip over regions of invalid pfns where possible" + - [x86] drm/vmwgfx: Fix black screen and device errors when running without + fbdev + - [x86] drm/vmwgfx: Fix a destoy-while-held mutex problem. + - drm/radeon: Don't turn off DP sink when disconnected + - drm/amd/display: We shouldn't set format_default on plane as atomic driver + - drm/amd/display: Add one to EDID's audio channel count when passing to DC + - drm: Reject getfb for multi-plane framebuffers + - drm: udl: Properly check framebuffer mmap offsets + - mm/vmscan: wake up flushers for legacy cgroups too + - module: propagate error in modules_open() + - acpi, numa: fix pxm to online numa node associations + - ACPI / watchdog: Fix off-by-one error at resource assignment + - libnvdimm, {btt, blk}: do integrity setup before add_disk() + - brcmfmac: fix P2P_DEVICE ethernet address generation + - rtlwifi: rtl8723be: Fix loss of signal + - tracing: probeevent: Fix to support minus offset from symbol + - mtdchar: fix usage of mtd_ooblayout_ecc() + - staging: ncpfs: memory corruption in ncp_read_kernel() (CVE-2018-8822) + - [i386] can: cc770: Fix stalls on rt-linux, remove redundant IRQ ack + - [i386] can: cc770: Fix queue stall & dropped RTR reply + - [i386] can: cc770: Fix use after free in cc770_tx_interrupt() + - tty: vt: fix up tabstops properly + - [amd64] entry: Don't use IST entry for #BP stack + - [amd64] vsyscall: Use proper accessor to update P4D entry + - [x86] efi: Free efi_pgd with free_pages() + - posix-timers: Protect posix clock array access against speculation + - [x86] kvm: fix icebp instruction handling + - [amd64] build: Force the linker to use 2MB page size + - [amd64] boot: Verify alignment of the LOAD segment + - [x86] hwmon: (k10temp) Only apply temperature offset if result is positive + - [x86] hwmon: (k10temp) Add temperature offset for Ryzen 1900X + - [x86] perf/intel/uncore: Fix Skylake UPI event format + - perf stat: Fix CVS output format for non-supported counters + - perf/core: Fix ctx_event_type in ctx_resched() + - trace/bpf: remove helper bpf_perf_prog_read_value from tracepoint type + programs + - [x86] perf/intel: Don't accidentally clear high bits in bdw_limit_period() + - [x86] perf/intel/uncore: Fix multi-domain PCI CHA enumeration bug on + Skylake servers + - iio: ABI: Fix name of timestamp sysfs file + - bpf: skip unnecessary capability check + - [amd64] bpf: increase number of passes + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.15 + - net: dsa: Fix dsa_is_user_port() test inversion + - openvswitch: meter: fix the incorrect calculation of max delta_t + - qed: Fix MPA unalign flow in case header is split across two packets. + - tcp: purge write queue upon aborting the connection + - qed: Fix non TCP packets should be dropped on iWARP ll2 connection + - net: phy: relax error checking when creating sysfs link netdev->phydev + - devlink: Remove redundant free on error path + - macvlan: filter out unsupported feature flags + - net: ipv6: keep sk status consistent after datagram connect failure + - ipv6: old_dport should be a __be16 in __ip6_datagram_connect() + - ipv6: sr: fix NULL pointer dereference when setting encap source address + - ipv6: sr: fix scheduling in RCU when creating seg6 lwtunnel state + - net: phy: Tell caller result of phy_change() + - ipv6: Reflect MTU changes on PMTU of exceptions for MTU-less routes + - net sched actions: return explicit error when tunnel_key mode is not + specified + - ppp: avoid loop in xmit recursion detection code + - rhashtable: Fix rhlist duplicates insertion + - sch_netem: fix skb leak in netem_enqueue() + - ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() + - net: use skb_to_full_sk() in skb_update_prio() + - net: Fix hlist corruptions in inet_evict_bucket() + - [s390x] qeth: free netdevice when removing a card + - [s390x] qeth: when thread completes, wake up all waiters + - [s390x] qeth: lock read device while queueing next buffer + - [s390x] qeth: on channel error, reject further cmd requests + - dccp: check sk for closed state in dccp_sendmsg() + - ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() + - l2tp: do not accept arbitrary sockets + - [armhf] net: ethernet: ti: cpsw: add check for in-band mode setting with + RGMII PHY interface + - [armhf] net: fec: Fix unbalanced PM runtime calls + - [s390x] net/iucv: Free memory obtained by kzalloc + - netlink: avoid a double skb free in genlmsg_mcast() + - net: Only honor ifindex in IP_PKTINFO if non-0 + - net: systemport: Rewrite __bcm_sysport_tx_reclaim() + - qede: Fix qedr link update + - skbuff: Fix not waking applications when errors are enqueued + - team: Fix double free in error path + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.16 + - [armhf] OMAP: Fix SRAM W+X mapping + - [armhf] 8746/1: vfp: Go back to clearing vfp_current_hw_state[] + - [armhf] dts: sun6i: a31s: bpi-m2: improve pmic properties + - [armhf] dts: sun6i: a31s: bpi-m2: add missing regulators + - mtd: jedec_probe: Fix crash in jedec_read_mfr() + - ALSA: usb-audio: Add native DSD support for TEAC UD-301 + - ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() + - ALSA: pcm: potential uninitialized return values + - perf/hwbp: Simplify the perf-hwbp code, fix documentation + - ceph: only dirty ITER_IOVEC pages for direct read + - ipc/shm.c: add split function to shm_vm_ops + - [powerpc*] mm: Add tracking of the number of coprocessors using a context + - [powerpc*] mm: Workaround Nest MMU bug with TLB invalidations + - [powerpc*] 64s: Fix lost pending interrupt due to race causing lost + update to irq_happened + - [powerpc*] 64s: Fix i-side SLB miss bad address handler saving + nonvolatile GPRs + - partitions/msdos: Unable to mount UFS 44bsd partitions + - xfrm_user: uncoditionally validate esn replay attribute struct + - RDMA/ucma: Check AF family prior resolving address + - RDMA/ucma: Fix use-after-free access in ucma_close + - RDMA/ucma: Ensure that CM_ID exists prior to access it + - RDMA/rdma_cm: Fix use after free race with process_one_req + - RDMA/ucma: Check that device is connected prior to access it + - RDMA/ucma: Check that device exists prior to accessing it + - RDMA/ucma: Introduce safer rdma_addr_size() variants + - ipv6: fix possible deadlock in rt6_age_examine_exception() + - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() + - xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems + - percpu: add __GFP_NORETRY semantics to the percpu balancing path + - netfilter: x_tables: make allocation less aggressive + - netfilter: bridge: ebt_among: add more missing match size checks + - l2tp: fix races with ipv4-mapped ipv6 addresses + - netfilter: drop template ct when conntrack is skipped. + - netfilter: x_tables: add and use xt_check_proc_name + - [arm64] phy: qcom-ufs: add MODULE_LICENSE tag + - Bluetooth: Fix missing encryption refresh on Security Request + - [x86] drm/i915/dp: Write to SET_POWER dpcd to enable MST hub. + - bitmap: fix memset optimization on big-endian systems + - [x86] mei: remove dev_err message on an unsupported ioctl + - /dev/mem: Avoid overwriting "err" in read_mem() + - media: usbtv: prevent double free in error case (CVE-2017-17975) + - crypto: lrw - Free rctx->ext with kzfree + - [arm64] crypto: inside-secure - fix clock management + - crypto: testmgr - Fix incorrect values in PKCS#1 test vector + - crypto: ahash - Fix early termination in hash walk + - [x86] crypto: ccp - return an actual key size from RSA max_size callback + - [arm*] crypto - Fix random regeneration of S_shipped + - [x86] crypto: cast5-avx - fix ECB encryption when long sg follows short + one + - Btrfs: fix unexpected cow in run_delalloc_nocow + - [x86] staging: comedi: ni_mio_common: ack ai fifo error interrupts. + - Revert "base: arch_topology: fix section mismatch build warnings" + - [x86] Input: ALPS - fix TrackStick detection on Thinkpad L570 and + Latitude 7370 + - [x86] Input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list + - [x86] Input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad + - vt: change SGR 21 to follow the standards + - [arm64] net: hns: Fix ethtool private flags (CVE-2017-18222) + - Fix slab name "biovec-(1<<(21-12))" + - [armhf] Revert "ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin" + - [armhf] Revert "ARM: dts: omap3-n900: Fix the audio CODEC's reset pin" + - Revert "cpufreq: Fix governor module removal race" + - Revert "ip6_vti: adjust vti mtu according to mtu of lower device" + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.17 + - i40iw: Fix sequence number for the first partial FPDU + - i40iw: Correct Q1/XF object count equation + - i40iw: Validate correct IRD/ORD connection parameters + - [arm64] clk: meson: mpll: use 64-bit maths in params_from_rate + - ipv6: Reinject IPv6 packets if IPsec policy matches after SNAT + - thermal: power_allocator: fix one race condition issue for + thermal_instances list + - perf probe: Find versioned symbols from map + - perf probe: Add warning message if there is unexpected event name + - perf evsel: Fix swap for samples with raw data + - perf evsel: Enable ignore_missing_thread for pid option + - l2tp: fix missing print session offset info + - rds; Reset rs->rs_bound_addr in rds_add_bound() failure path + - [x86] ACPI / video: Default lcd_only to true on Win8-ready and newer + machines + - net/mlx4_en: Change default QoS settings + - IB/mlx5: Report inner RSS capability + - VFS: close race between getcwd() and d_move() + - [armhf,arm64] watchdog: dw_wdt: add stop watchdog operation + - clk: divider: fix incorrect usage of container_of + - PM / devfreq: Fix potential NULL pointer dereference in governor_store + - gpiolib: don't dereference a desc before validation + - net_sch: red: Fix the new offload indication + - [arm64] thermal/drivers/hisi: Remove bogus const from function return type + - RDMA/cma: Mark end of CMA ID messages + - f2fs: fix lock dependency in between dio_rwsem & i_mmap_sem + - [armhf] clk: sunxi-ng: a83t: Add M divider to TCON1 clock + - media: videobuf2-core: don't go out of the buffer range + - [x86] ASoC: Intel: Skylake: Disable clock gating during firmware and + library download + - [x86] ASoC: Intel: cht_bsw_rt5645: Analog Mic support + - [arm64] drm/msm: Fix NULL deref in adreno_load_gpu + - IB/ipoib: Fix for notify send CQ failure messages + - scsi: libiscsi: Allow sd_shutdown on bad transport + - scsi: mpt3sas: Proper handling of set/clear of "ATA command pending" flag. + - [armhf,arm64] irqchip/gic-v3: Fix the driver probe() fail due to disabled + GICC entry + - ACPI: EC: Fix debugfs_create_*() usage + - mac80211: Fix setting TX power on monitor interfaces + - vfb: fix video mode and line_length being set when loaded + - gpio: label descriptors using the device name + - [arm64] asid: Do not replace active_asids if already 0 + - [powerpc*] powernv-cpufreq: Add helper to extract pstate from PMSR + - IB/rdmavt: Allocate CQ memory on the correct node + - blk-mq: avoid to map CPU into stale hw queue + - blk-mq: fix race between updating nr_hw_queues and switching io sched + - nvme-fabrics: protect against module unload during create_ctrl + - nvme-fabrics: don't check for non-NULL module in nvmf_register_transport + - [x86] pinctrl: baytrail: Enable glitch filter for GPIOs used as interrupts + - nvme_fcloop: disassocate local port structs + - nvme_fcloop: fix abort race condition + - tpm: return a TPM_RC_COMMAND_CODE response if command is not implemented + - perf report: Fix a no annotate browser displayed issue + - [x86] staging: lustre: disable preempt while sampling processor id. + - [x86] ASoC: Intel: sst: Fix the return value o + 'sst_send_byte_stream_mrfld()' + - [armhf] power: supply: axp288_charger: Properly stop work on probe-error + / remove + - rt2x00: do not pause queue unconditionally on error path + - wl1251: check return from call to wl1251_acx_arp_ip_filter + - net/mlx5: Fix race for multiple RoCE enable + - bcache: ret IOERR when read meets metadata error + - bcache: stop writeback thread after detaching + - bcache: segregate flash only volume write streams + - scsi: libsas: Use dynamic alloced work to avoid sas event lost + - net: Fix netdev_WARN_ONCE macro + - scsi: libsas: fix memory leak in sas_smp_get_phy_events() (CVE-2018-7757) + - scsi: libsas: fix error when getting phy events + - scsi: libsas: initialize sas_phy status according to response of DISCOVER + - net/mlx5e: IPoIB, Use correct timestamp in child receive flow + - blk-mq: fix kernel oops in blk_mq_tag_idle() + - tty: n_gsm: Allow ADM response in addition to UA for control dlci + - block, bfq: put async queues for root bfq groups too + - serdev: Fix serdev_uevent failure on ACPI enumerated serdev-controllers + - i40evf: don't rely on netif_running() outside rtnl_lock() + - drm/amd/powerplay: fix memory leakage when reload (v2) + - cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages + - PM / domains: Don't skip driver's ->suspend|resume_noirq() callbacks + - scsi: megaraid_sas: Error handling for invalid ldcount provided by + firmware in RAID map + - scsi: megaraid_sas: unload flag should be set after scsi_remove_host is + called + - RDMA/cma: Fix rdma_cm path querying for RoCE + - [x86] gart: Exclude GART aperture from vmcore + - sdhci: Advertise 2.0v supply on SDIO host controller + - Input: goodix - disable IRQs while suspended + - mtd: mtd_oobtest: Handle bitflips during reads + - crypto: aes-generic - build with -Os on gcc-7+ + - perf tools: Fix copyfile_offset update of output offset + - tcmu: release blocks for partially setup cmds + - [x86] thermal: int3400_thermal: fix error handling in + int3400_thermal_probe() + - [x86] drm/i915/cnp: Ignore VBT request for know invalid DDC pin. + - [x86] drm/i915/cnp: Properly handle VBT ddc pin out of bounds. + - [x86] microcode: Propagate return value from updating functions + - [x86] CPU: Add a microcode loader callback + - [x86] CPU: Check CPU feature bits after microcode upgrade + - [x86] microcode: Get rid of struct apply_microcode_ctx + - [x86] microcode/intel: Check microcode revision before updating sibling + threads + - [x86] microcode/intel: Writeback and invalidate caches before updating + microcode + - [x86] microcode: Do not upload microcode if CPUs are offline + - [x86] microcode/intel: Look into the patch cache first + - [x86] microcode: Request microcode on the BSP + - [x86] microcode: Synchronize late microcode loading + - [x86] microcode: Attempt late loading only when new microcode is present + - [x86] microcode: Fix CPU synchronization routine + - arp: fix arp_filter on l3slave devices + - ipv6: the entire IPv6 header chain must fit the first fragment + - lan78xx: Crash in lan78xx_writ_reg (Workqueue: events + lan78xx_deferred_multicast_write) + - net: dsa: Discard frames from unused ports + - net: fix possible out-of-bound read in skb_network_protocol() + - net/ipv6: Fix route leaking between VRFs + - net/ipv6: Increment OUTxxx counters after netfilter hook + - netlink: make sure nladdr has correct size in netlink_connect() + - net/mlx5e: Verify coalescing parameters in range + - net sched actions: fix dumping which requires several messages to user + space + - net/sched: fix NULL dereference in the error path of tcf_bpf_init() + - pptp: remove a buggy dst release in pptp_connect() + - r8169: fix setting driver_data after register_netdev + - sctp: do not leak kernel memory to user space + - sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 + - sky2: Increase D3 delay to sky2 stops working after suspend + - vhost: correctly remove wait queue during poll failure + - vlan: also check phy_driver ts_info for vlan's real device + - vrf: Fix use after free and double free in vrf_finish_output + - bonding: fix the err path for dev hwaddr sync in bond_enslave + - bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave + - bonding: process the err returned by dev_set_allmulti properly in + bond_enslave + - net: fool proof dev_valid_name() + - ip_tunnel: better validate user provided tunnel names + - ipv6: sit: better validate user provided tunnel names + - ip6_gre: better validate user provided tunnel names + - ip6_tunnel: better validate user provided tunnel names + - vti6: better validate user provided tunnel names + - net/mlx5e: Set EQE based as default TX interrupt moderation mode + - net_sched: fix a missing idr_remove() in u32_delete_key() + - net/sched: fix NULL dereference in the error path of tcf_vlan_init() + - net/mlx5e: Avoid using the ipv6 stub in the TC offload neigh update path + - net/mlx5e: Fix memory usage issues in offloading TC flows + - net/sched: fix NULL dereference in the error path of tcf_sample_init() + - nfp: use full 40 bits of the NSP buffer address + - ipv6: sr: fix seg6 encap performances with TSO enabled + - net/mlx5e: Don't override vport admin link state in switchdev mode + - net/mlx5e: Sync netdev vxlan ports at open + - net/sched: fix NULL dereference in the error path of tunnel_key_init() + - net/sched: fix NULL dereference on the error path of tcf_skbmod_init() + - strparser: Fix sign of err codes + - net/mlx4_en: Fix mixed PFC and Global pause user control requests + - net/mlx5e: Fix traffic being dropped on VF representor + - vhost: validate log when IOTLB is enabled + - route: check sysctl_fib_multipath_use_neigh earlier than hash + - team: move dev_mc_sync after master_upper_dev_link in team_port_add + - vhost_net: add missing lock nesting notation + - net/mlx4_core: Fix memory leak while delete slave's resources + + [ Roger Shimizu ] + * [armel] Bring back armel build by reverting two commits that disabled + armel previously: + - [2ed70eb] "Add empty featuresets for armel to help abiupdate script" + - [5f62872] "(Temporarily) disable armel kernel image build" + * [armel] Reduce armel image size by: + - Set CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y + - Change MTD, MTD_CMDLINE_PARTS, RTC_DRV_MV, and SPI_ORION from + built-in to module. + - Disable VT, ZSWAP, RD_BZIP2, and RD_LZMA. + Thanks to Leigh Brown for his idea to disable VT. + * [armel] Add dependency of udeb modules (fixes FTBFS): + - Add lzo_decompress to lzo-modules. + - Add cmdlinepart to mtd-modules. + * [armel] Add dependency of udeb packages (fixes FTBFS): + - Add package dependency of mtd-modules to jffs2-modules. + - Add package dependency of lzo-modules to squashfs-modules. + + [ Ben Hutchings ] + * wireless: Disable regulatory.db direct loading (see #892229) + * Bump ABI to 3 + * scsi: libsas: direct call probe and destruct (CVE-2017-18232) + * ext4: fail ext4_iget for root directory if unallocated (CVE-2018-1092) + * ext4: add validity checks for bitmap block numbers (CVE-2018-1093) + * ext4: always initialize the crc32c checksum driver (CVE-2018-1094) + * scsi: libsas: defer ata device eh commands to libata (CVE-2018-10021) + * [armel/marvell] linux-image: Replace supported model list with wiki link + * [armhf] udeb: Add i2c-exynos5 to i2c-modules (Closes: #895976) + * [arm*] iio: Enable DHT11 as module (Closes: #873176) + * udeb: Move arc4 and ecb from nic-wireless-modules to crypto-modules + (Closes: #895362) + * SCSI: Enable SCSI_SYM53C8XX_2 as module on all architectures + (Closes: #895532) + * [x86] Enable MFD_AXP20X_I2C, AXP288_FUEL_GAUGE as modules (Closes: #895129) + * w1: Enable all "slave" device drivers (Closes: #895340) + * [arm64] net/phy: Enable MDIO_BUS_MUX_MMIOREG as module (Closes: #894336) + * [x86] net: Enable THUNDERBOLT_NET as module (Closes: #894310) + * [x86] platform: Enable DELL_SMBIOS_SMM, DELL_SMBIOS_WMI as modules + (closes: #893976) + * ath9k_htc: Fix regression in 4.15, thanks to Ben Caradoc-Davies + (Closes: #891060) + - mac80211: add ieee80211_hw flag for QoS NDP support + - ath9k_htc: use non-QoS NDP for AP probing + * squashfs: Enable SQUASHFS_ZSTD (Closes: #883410) + * block: Enable BLK_SED_OPAL (except on armel) + * [arm64] Enable ARCH_SYNQUACER and related driver modules (Closes: #891787) + * [arm64] PCI: Enable PCI_TEGRA (Closes: #888817) + * [amd64] net: Enable AQTION as module + * udeb: Rename lzo-modules to compress-modules + * udeb: Add zstd_decompress to compress-modules and make squashfs-modules + depend on it + + [ Vagrant Cascadian ] + * [armhf] Add patch to fix loading of imx6q-cpufreq module. + + -- Ben Hutchings Thu, 19 Apr 2018 11:13:03 +0100 + linux (4.15.11-1) unstable; urgency=medium * New upstream stable update: diff --git a/debian/config/alpha/config b/debian/config/alpha/config index 69af7e431..22224c0f4 100644 --- a/debian/config/alpha/config +++ b/debian/config/alpha/config @@ -761,7 +761,6 @@ CONFIG_SCSI_INIA100=m CONFIG_SCSI_IZIP_EPP16=y CONFIG_SCSI_IZIP_SLOW_CTR=y CONFIG_SCSI_NCR53C406A=m -CONFIG_SCSI_SYM53C8XX_2=m CONFIG_SCSI_SYM53C8XX_DMA_ADDRESSING_MODE=1 CONFIG_SCSI_SYM53C8XX_DEFAULT_TAGS=16 CONFIG_SCSI_SYM53C8XX_MAX_TAGS=64 diff --git a/debian/config/arm64/config b/debian/config/arm64/config index 17b92b597..4d8629890 100644 --- a/debian/config/arm64/config +++ b/debian/config/arm64/config @@ -55,6 +55,7 @@ CONFIG_ARCH_MVEBU=y CONFIG_ARCH_QCOM=y CONFIG_ARCH_ROCKCHIP=y CONFIG_ARCH_SEATTLE=y +CONFIG_ARCH_SYNQUACER=y CONFIG_ARCH_TEGRA=y CONFIG_ARCH_THUNDER=y CONFIG_ARCH_THUNDER2=y @@ -220,6 +221,7 @@ CONFIG_RASPBERRYPI_FIRMWARE=y ## file: drivers/gpio/Kconfig ## CONFIG_GPIOLIB=y +CONFIG_GPIO_MB86S7X=m CONFIG_GPIO_PL061=y CONFIG_GPIO_XGENE=y CONFIG_GPIO_XGENE_SB=m @@ -341,6 +343,11 @@ CONFIG_AXP288_ADC=m CONFIG_QCOM_SPMI_IADC=m CONFIG_QCOM_SPMI_VADC=m +## +## file: drivers/iio/humidity/Kconfig +## +CONFIG_DHT11=m + ## ## file: drivers/input/keyboard/Kconfig ## @@ -431,6 +438,7 @@ CONFIG_MMC_SDHCI_ACPI=m CONFIG_MMC_SDHCI_PLTFM=m CONFIG_MMC_SDHCI_OF_ARASAN=m CONFIG_MMC_SDHCI_TEGRA=m +CONFIG_MMC_SDHCI_F_SDH30=m CONFIG_MMC_SDHCI_IPROC=m CONFIG_MMC_MESON_GX=m CONFIG_MMC_SDHCI_MSM=m @@ -572,6 +580,11 @@ CONFIG_SMC91X=m CONFIG_EPIC100=m CONFIG_SMSC911X=m +## +## file: drivers/net/ethernet/socionext/Kconfig +## +CONFIG_SNI_NETSEC=m + ## ## file: drivers/net/ethernet/stmicro/stmmac/Kconfig ## @@ -591,6 +604,7 @@ CONFIG_SKFP=m ## ## file: drivers/net/phy/Kconfig ## +CONFIG_MDIO_BUS_MUX_MMIOREG=m CONFIG_MDIO_HISI_FEMAC=m CONFIG_MDIO_THUNDER=m CONFIG_MDIO_XGENE=m @@ -657,6 +671,7 @@ CONFIG_PCIE_KIRIN=y ## file: drivers/pci/host/Kconfig ## CONFIG_PCI_AARDVARK=y +CONFIG_PCI_TEGRA=y CONFIG_PCI_HOST_GENERIC=y CONFIG_PCI_XGENE=y CONFIG_PCI_HOST_THUNDER_PEM=y diff --git a/debian/config/armel/config.marvell b/debian/config/armel/config.marvell index 54967e879..33b507efb 100644 --- a/debian/config/armel/config.marvell +++ b/debian/config/armel/config.marvell @@ -86,6 +86,11 @@ CONFIG_ARM_THUMB=y # CONFIG_CPU_DCACHE_DISABLE is not set # CONFIG_CPU_DCACHE_WRITETHROUGH is not set +## +## file: block/Kconfig +## +# CONFIG_BLK_SED_OPAL is not set + ## ## file: block/Kconfig.iosched ## diff --git a/debian/config/armel/defines b/debian/config/armel/defines index 23377de0a..fa617f46a 100644 --- a/debian/config/armel/defines +++ b/debian/config/armel/defines @@ -16,8 +16,7 @@ headers%gcc-7: linux-compiler-gcc-7-arm [marvell_description] hardware: Marvell Kirkwood/Orion -hardware-long: Marvell Kirkwood based systems (SheevaPlug, QNAP TS-119/TS-219, etc) - and Orion 5181, 5182 and 5281 based systems (QNAP TS-109/TS-209, etc) +hardware-long: Marvell Kirkwood and Orion based systems (https://wiki.debian.org/ArmEabiPort#Supported_hardware) [marvell_image] recommends: u-boot-tools diff --git a/debian/config/config b/debian/config/config index 30ef7f896..c410470ab 100644 --- a/debian/config/config +++ b/debian/config/config @@ -24,6 +24,7 @@ CONFIG_BLK_DEV_THROTTLING=y # CONFIG_BLK_CMDLINE_PARSER is not set CONFIG_BLK_WBT=y CONFIG_BLK_WBT_MQ=y +CONFIG_BLK_SED_OPAL=y ## ## file: block/Kconfig.iosched @@ -2963,6 +2964,12 @@ CONFIG_PCNET32=m ## # CONFIG_NET_XGENE is not set +## +## file: drivers/net/ethernet/aquantia/Kconfig +## +CONFIG_NET_VENDOR_AQUANTIA=y +CONFIG_AQTION=m + ## ## file: drivers/net/ethernet/arc/Kconfig ## @@ -4256,6 +4263,7 @@ CONFIG_SCSI_SNIC=m # CONFIG_SCSI_IZIP_EPP16 is not set # CONFIG_SCSI_IZIP_SLOW_CTR is not set CONFIG_SCSI_STEX=m +CONFIG_SCSI_SYM53C8XX_2=m CONFIG_SCSI_SYM53C8XX_MMIO=y # CONFIG_SCSI_IPR is not set CONFIG_SCSI_LPFC=m @@ -5250,17 +5258,22 @@ CONFIG_W1_MASTER_GPIO=m ## CONFIG_W1_SLAVE_THERM=m CONFIG_W1_SLAVE_SMEM=m -# CONFIG_W1_SLAVE_DS2408 is not set -# CONFIG_W1_SLAVE_DS2413 is not set -# CONFIG_W1_SLAVE_DS2406 is not set -# CONFIG_W1_SLAVE_DS2423 is not set +CONFIG_W1_SLAVE_DS2405=m +CONFIG_W1_SLAVE_DS2408=m +CONFIG_W1_SLAVE_DS2408_READBACK=y +CONFIG_W1_SLAVE_DS2413=m +CONFIG_W1_SLAVE_DS2406=m +CONFIG_W1_SLAVE_DS2423=m +CONFIG_W1_SLAVE_DS2805=m CONFIG_W1_SLAVE_DS2431=m CONFIG_W1_SLAVE_DS2433=m # CONFIG_W1_SLAVE_DS2433_CRC is not set -# CONFIG_W1_SLAVE_DS2760 is not set -# CONFIG_W1_SLAVE_DS2780 is not set -# CONFIG_W1_SLAVE_DS2781 is not set -# CONFIG_W1_SLAVE_DS28E04 is not set +CONFIG_W1_SLAVE_DS2438=m +CONFIG_W1_SLAVE_DS2760=m +CONFIG_W1_SLAVE_DS2780=m +CONFIG_W1_SLAVE_DS2781=m +CONFIG_W1_SLAVE_DS28E04=m +CONFIG_W1_SLAVE_DS28E17=m ## ## file: drivers/watchdog/Kconfig @@ -5789,6 +5802,7 @@ CONFIG_SQUASHFS_ZLIB=y CONFIG_SQUASHFS_LZ4=y CONFIG_SQUASHFS_LZO=y CONFIG_SQUASHFS_XZ=y +CONFIG_SQUASHFS_ZSTD=y # CONFIG_SQUASHFS_4K_DEVBLK_SIZE is not set # CONFIG_SQUASHFS_EMBEDDED is not set diff --git a/debian/config/hppa/config b/debian/config/hppa/config index d2a7d4e25..cb5732742 100644 --- a/debian/config/hppa/config +++ b/debian/config/hppa/config @@ -418,7 +418,6 @@ CONFIG_SCSI_INITIO=m # CONFIG_SCSI_INIA100 is not set # CONFIG_SCSI_NCR53C406A is not set CONFIG_SCSI_LASI700=m -CONFIG_SCSI_SYM53C8XX_2=m CONFIG_SCSI_SYM53C8XX_DMA_ADDRESSING_MODE=1 CONFIG_SCSI_SYM53C8XX_DEFAULT_TAGS=16 CONFIG_SCSI_SYM53C8XX_MAX_TAGS=64 diff --git a/debian/config/kernelarch-arm/config b/debian/config/kernelarch-arm/config index eafef7451..f2637b9f7 100644 --- a/debian/config/kernelarch-arm/config +++ b/debian/config/kernelarch-arm/config @@ -26,6 +26,11 @@ CONFIG_EARLY_PRINTK=y #. Support Thumb user binaries CONFIG_ARM_THUMB=y +## +## file: drivers/iio/humidity/Kconfig +## +CONFIG_DHT11=m + ## ## file: drivers/input/misc/Kconfig ## diff --git a/debian/config/kernelarch-mips/config.malta b/debian/config/kernelarch-mips/config.malta index 1c50eca30..fa17325ca 100644 --- a/debian/config/kernelarch-mips/config.malta +++ b/debian/config/kernelarch-mips/config.malta @@ -330,7 +330,6 @@ CONFIG_SCSI_FUTURE_DOMAIN=m CONFIG_SCSI_IPS=m CONFIG_SCSI_INITIO=m CONFIG_SCSI_INIA100=m -CONFIG_SCSI_SYM53C8XX_2=m CONFIG_SCSI_QLOGIC_1280=m CONFIG_SCSI_DC395x=m CONFIG_SCSI_AM53C974=m diff --git a/debian/config/kernelarch-powerpc/config b/debian/config/kernelarch-powerpc/config index f224ef379..74c90abfe 100644 --- a/debian/config/kernelarch-powerpc/config +++ b/debian/config/kernelarch-powerpc/config @@ -687,7 +687,6 @@ CONFIG_SCSI_EATA_MAX_TAGS=16 CONFIG_SCSI_IPS=m # CONFIG_SCSI_INITIO is not set CONFIG_SCSI_INIA100=m -CONFIG_SCSI_SYM53C8XX_2=m CONFIG_SCSI_SYM53C8XX_DMA_ADDRESSING_MODE=1 CONFIG_SCSI_SYM53C8XX_DEFAULT_TAGS=16 CONFIG_SCSI_SYM53C8XX_MAX_TAGS=64 diff --git a/debian/config/kernelarch-sparc/config b/debian/config/kernelarch-sparc/config index f41676c4e..358dd221d 100644 --- a/debian/config/kernelarch-sparc/config +++ b/debian/config/kernelarch-sparc/config @@ -405,7 +405,6 @@ CONFIG_SCSI_DMX3191D=m # CONFIG_SCSI_IPS is not set CONFIG_SCSI_INITIO=m # CONFIG_SCSI_INIA100 is not set -CONFIG_SCSI_SYM53C8XX_2=m CONFIG_SCSI_SYM53C8XX_DMA_ADDRESSING_MODE=1 CONFIG_SCSI_SYM53C8XX_DEFAULT_TAGS=16 CONFIG_SCSI_SYM53C8XX_MAX_TAGS=64 diff --git a/debian/config/kernelarch-x86/config b/debian/config/kernelarch-x86/config index 42aef64fa..ad64314e2 100644 --- a/debian/config/kernelarch-x86/config +++ b/debian/config/kernelarch-x86/config @@ -906,6 +906,7 @@ CONFIG_VIDEO_TM6000_DVB=m ## ## file: drivers/mfd/Kconfig ## +CONFIG_MFD_AXP20X_I2C=m # CONFIG_MFD_INTEL_QUARK_I2C_GPIO is not set CONFIG_LPC_ICH=m CONFIG_INTEL_SOC_PMIC_CHTWC=y @@ -1033,6 +1034,7 @@ CONFIG_DUMMY=m CONFIG_NET_FC=y CONFIG_NET_SB1000=m CONFIG_VMXNET3=m +CONFIG_THUNDERBOLT_NET=m ## ## file: drivers/net/arcnet/Kconfig @@ -1345,6 +1347,9 @@ CONFIG_ACER_WMI=m CONFIG_ACERHDF=m CONFIG_ALIENWARE_WMI=m CONFIG_ASUS_LAPTOP=m +CONFIG_DELL_SMBIOS=m +CONFIG_DELL_SMBIOS_WMI=y +CONFIG_DELL_SMBIOS_SMM=y CONFIG_DELL_LAPTOP=m CONFIG_DELL_WMI=m CONFIG_DELL_WMI_AIO=m @@ -1410,6 +1415,7 @@ CONFIG_PNP=y ## file: drivers/power/supply/Kconfig ## CONFIG_BATTERY_SBS=m +CONFIG_AXP288_FUEL_GAUGE=m CONFIG_BATTERY_MAX17042=m CONFIG_CHARGER_BQ24190=m @@ -1459,7 +1465,6 @@ CONFIG_SCSI_GDTH=m CONFIG_SCSI_ISCI=m CONFIG_SCSI_IPS=m CONFIG_SCSI_INITIO=m -CONFIG_SCSI_SYM53C8XX_2=m CONFIG_SCSI_SYM53C8XX_DMA_ADDRESSING_MODE=1 CONFIG_SCSI_SYM53C8XX_DEFAULT_TAGS=16 CONFIG_SCSI_SYM53C8XX_MAX_TAGS=64 diff --git a/debian/installer/alpha/modules/alpha-generic/compress-modules b/debian/installer/alpha/modules/alpha-generic/compress-modules new file mode 100644 index 000000000..804616619 --- /dev/null +++ b/debian/installer/alpha/modules/alpha-generic/compress-modules @@ -0,0 +1 @@ +#include diff --git a/debian/installer/amd64/modules/amd64/compress-modules b/debian/installer/amd64/modules/amd64/compress-modules new file mode 100644 index 000000000..804616619 --- /dev/null +++ b/debian/installer/amd64/modules/amd64/compress-modules @@ -0,0 +1 @@ +#include diff --git a/debian/installer/arm64/modules/arm64/compress-modules b/debian/installer/arm64/modules/arm64/compress-modules new file mode 100644 index 000000000..804616619 --- /dev/null +++ b/debian/installer/arm64/modules/arm64/compress-modules @@ -0,0 +1 @@ +#include diff --git a/debian/installer/armel/modules/armel-marvell/compress-modules b/debian/installer/armel/modules/armel-marvell/compress-modules new file mode 100644 index 000000000..804616619 --- /dev/null +++ b/debian/installer/armel/modules/armel-marvell/compress-modules @@ -0,0 +1 @@ +#include diff --git a/debian/installer/armel/modules/armel-marvell/lzo-modules b/debian/installer/armel/modules/armel-marvell/lzo-modules deleted file mode 100644 index 9dd85bedc..000000000 --- a/debian/installer/armel/modules/armel-marvell/lzo-modules +++ /dev/null @@ -1,2 +0,0 @@ -#include -lzo_decompress diff --git a/debian/installer/armel/package-list b/debian/installer/armel/package-list index a507168f5..9c8aabcdf 100644 --- a/debian/installer/armel/package-list +++ b/debian/installer/armel/package-list @@ -11,7 +11,4 @@ Package: fb-modules Depends: kernel-image, usb-modules Package: jffs2-modules -Depends: kernel-image, zlib-modules, lzo-modules, mtd-modules - -Package: squashfs-modules -Depends: kernel-image, lzo-modules +Depends: kernel-image, zlib-modules, compress-modules, mtd-modules diff --git a/debian/installer/armhf/modules/armhf-armmp/compress-modules b/debian/installer/armhf/modules/armhf-armmp/compress-modules new file mode 100644 index 000000000..804616619 --- /dev/null +++ b/debian/installer/armhf/modules/armhf-armmp/compress-modules @@ -0,0 +1 @@ +#include diff --git a/debian/installer/armhf/modules/armhf-armmp/i2c-modules b/debian/installer/armhf/modules/armhf-armmp/i2c-modules index 9b4450eb8..5690c2f51 100644 --- a/debian/installer/armhf/modules/armhf-armmp/i2c-modules +++ b/debian/installer/armhf/modules/armhf-armmp/i2c-modules @@ -1,4 +1,5 @@ #include +i2c-exynos5 i2c-mv64xxx i2c-rk3x diff --git a/debian/installer/hppa/modules/hppa-parisc64-smp/compress-modules b/debian/installer/hppa/modules/hppa-parisc64-smp/compress-modules new file mode 100644 index 000000000..804616619 --- /dev/null +++ b/debian/installer/hppa/modules/hppa-parisc64-smp/compress-modules @@ -0,0 +1 @@ +#include diff --git a/debian/installer/hppa/modules/hppa/compress-modules b/debian/installer/hppa/modules/hppa/compress-modules new file mode 100644 index 000000000..804616619 --- /dev/null +++ b/debian/installer/hppa/modules/hppa/compress-modules @@ -0,0 +1 @@ +#include diff --git a/debian/installer/i386/modules/i386/compress-modules b/debian/installer/i386/modules/i386/compress-modules new file mode 100644 index 000000000..804616619 --- /dev/null +++ b/debian/installer/i386/modules/i386/compress-modules @@ -0,0 +1 @@ +#include diff --git a/debian/installer/m68k/modules/m68k/compress-modules b/debian/installer/m68k/modules/m68k/compress-modules new file mode 100644 index 000000000..804616619 --- /dev/null +++ b/debian/installer/m68k/modules/m68k/compress-modules @@ -0,0 +1 @@ +#include diff --git a/debian/installer/mips/modules/mips-4kc-malta/compress-modules b/debian/installer/mips/modules/mips-4kc-malta/compress-modules new file mode 100644 index 000000000..804616619 --- /dev/null +++ b/debian/installer/mips/modules/mips-4kc-malta/compress-modules @@ -0,0 +1 @@ +#include diff --git a/debian/installer/mips/modules/mips-octeon/compress-modules b/debian/installer/mips/modules/mips-octeon/compress-modules new file mode 100644 index 000000000..804616619 --- /dev/null +++ b/debian/installer/mips/modules/mips-octeon/compress-modules @@ -0,0 +1 @@ +#include diff --git a/debian/installer/mips/modules/mips/compress-modules b/debian/installer/mips/modules/mips/compress-modules new file mode 100644 index 000000000..804616619 --- /dev/null +++ b/debian/installer/mips/modules/mips/compress-modules @@ -0,0 +1 @@ +#include diff --git a/debian/installer/mipsel/modules/mipsel-loongson-3/compress-modules b/debian/installer/mipsel/modules/mipsel-loongson-3/compress-modules new file mode 100644 index 000000000..804616619 --- /dev/null +++ b/debian/installer/mipsel/modules/mipsel-loongson-3/compress-modules @@ -0,0 +1 @@ +#include diff --git a/debian/installer/modules/compress-modules b/debian/installer/modules/compress-modules new file mode 100644 index 000000000..425a92958 --- /dev/null +++ b/debian/installer/modules/compress-modules @@ -0,0 +1,3 @@ +lzo_compress +lzo_decompress +zstd_decompress diff --git a/debian/installer/modules/crypto-modules b/debian/installer/modules/crypto-modules index 40ee863b6..ae6434ea7 100644 --- a/debian/installer/modules/crypto-modules +++ b/debian/installer/modules/crypto-modules @@ -3,7 +3,9 @@ blowfish_generic twofish_generic serpent_generic sha256_generic +arc4 ? cbc ? ccm ctr +ecb xts diff --git a/debian/installer/modules/lzo-modules b/debian/installer/modules/lzo-modules deleted file mode 100644 index d1a158350..000000000 --- a/debian/installer/modules/lzo-modules +++ /dev/null @@ -1 +0,0 @@ -lzo_compress diff --git a/debian/installer/modules/nic-wireless-modules b/debian/installer/modules/nic-wireless-modules index 104a3a113..09a908741 100644 --- a/debian/installer/modules/nic-wireless-modules +++ b/debian/installer/modules/nic-wireless-modules @@ -25,7 +25,3 @@ mac80211_hwsim - lib80211_crypt_wep ? lib80211_crypt_ccmp ? lib80211_crypt_tkip ? - -# Crypto modules needed for ieee80211 WEP support -ecb ? -arc4 ? diff --git a/debian/installer/package-list b/debian/installer/package-list index 8ab95b58d..8fb6a3158 100644 --- a/debian/installer/package-list +++ b/debian/installer/package-list @@ -92,7 +92,7 @@ Description: IPv6 driver This package contains the IPv6 driver for the kernel. Package: btrfs-modules -Depends: kernel-image, crc-modules, zlib-modules, lzo-modules, md-modules +Depends: kernel-image, crc-modules, zlib-modules, compress-modules, md-modules Priority: optional Description: BTRFS filesystem support This package contains the BTRFS filesystem module for the kernel. @@ -112,7 +112,7 @@ Description: ISOFS filesystem support This package contains the ISOFS filesystem module for the kernel. Package: jffs2-modules -Depends: kernel-image, zlib-modules, lzo-modules +Depends: kernel-image, zlib-modules, compress-modules Priority: optional Description: JFFS2 filesystem support This package contains the JFFS2 filesystem module for the kernel. @@ -313,7 +313,7 @@ Description: Network Block Device modules Device Package: squashfs-modules -Depends: kernel-image +Depends: kernel-image, compress-modules Priority: optional Description: squashfs modules This package contains squashfs modules. @@ -354,7 +354,7 @@ Priority: optional Description: zlib modules This package contains zlib modules. -Package: lzo-modules +Package: compress-modules Depends: kernel-image Priority: optional Description: lzo modules diff --git a/debian/installer/powerpc/modules/powerpc-powerpc-miboot/compress-modules b/debian/installer/powerpc/modules/powerpc-powerpc-miboot/compress-modules new file mode 100644 index 000000000..804616619 --- /dev/null +++ b/debian/installer/powerpc/modules/powerpc-powerpc-miboot/compress-modules @@ -0,0 +1 @@ +#include diff --git a/debian/installer/powerpc/modules/powerpc-powerpc64/compress-modules b/debian/installer/powerpc/modules/powerpc-powerpc64/compress-modules new file mode 100644 index 000000000..804616619 --- /dev/null +++ b/debian/installer/powerpc/modules/powerpc-powerpc64/compress-modules @@ -0,0 +1 @@ +#include diff --git a/debian/installer/powerpc/modules/powerpc/compress-modules b/debian/installer/powerpc/modules/powerpc/compress-modules new file mode 100644 index 000000000..804616619 --- /dev/null +++ b/debian/installer/powerpc/modules/powerpc/compress-modules @@ -0,0 +1 @@ +#include diff --git a/debian/installer/ppc64el/modules/ppc64el/compress-modules b/debian/installer/ppc64el/modules/ppc64el/compress-modules new file mode 100644 index 000000000..804616619 --- /dev/null +++ b/debian/installer/ppc64el/modules/ppc64el/compress-modules @@ -0,0 +1 @@ +#include diff --git a/debian/installer/s390x/modules/s390x/compress-modules b/debian/installer/s390x/modules/s390x/compress-modules new file mode 100644 index 000000000..804616619 --- /dev/null +++ b/debian/installer/s390x/modules/s390x/compress-modules @@ -0,0 +1 @@ +#include diff --git a/debian/installer/sh4/modules/sh4-sh7751r/compress-modules b/debian/installer/sh4/modules/sh4-sh7751r/compress-modules new file mode 100644 index 000000000..804616619 --- /dev/null +++ b/debian/installer/sh4/modules/sh4-sh7751r/compress-modules @@ -0,0 +1 @@ +#include diff --git a/debian/installer/sh4/modules/sh4-sh7785lcr/compress-modules b/debian/installer/sh4/modules/sh4-sh7785lcr/compress-modules new file mode 100644 index 000000000..804616619 --- /dev/null +++ b/debian/installer/sh4/modules/sh4-sh7785lcr/compress-modules @@ -0,0 +1 @@ +#include diff --git a/debian/installer/sparc64/modules/sparc64/compress-modules b/debian/installer/sparc64/modules/sparc64/compress-modules new file mode 100644 index 000000000..804616619 --- /dev/null +++ b/debian/installer/sparc64/modules/sparc64/compress-modules @@ -0,0 +1 @@ +#include diff --git a/debian/patches/bugfix/all/ext4-add-validity-checks-for-bitmap-block-numbers.patch b/debian/patches/bugfix/all/ext4-add-validity-checks-for-bitmap-block-numbers.patch new file mode 100644 index 000000000..d945461a7 --- /dev/null +++ b/debian/patches/bugfix/all/ext4-add-validity-checks-for-bitmap-block-numbers.patch @@ -0,0 +1,96 @@ +From: Theodore Ts'o +Date: Mon, 26 Mar 2018 23:54:10 -0400 +Subject: ext4: add validity checks for bitmap block numbers +Origin: https://git.kernel.org/linus/7dac4a1726a9c64a517d595c40e95e2d0d135f6f +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-1093 + +An privileged attacker can cause a crash by mounting a crafted ext4 +image which triggers a out-of-bounds read in the function +ext4_valid_block_bitmap() in fs/ext4/balloc.c. + +This issue has been assigned CVE-2018-1093. + +BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=199181 +BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1560782 +Reported-by: Wen Xu +Signed-off-by: Theodore Ts'o +Cc: stable@vger.kernel.org +--- + fs/ext4/balloc.c | 16 ++++++++++++++-- + fs/ext4/ialloc.c | 7 +++++++ + 2 files changed, 21 insertions(+), 2 deletions(-) + +--- a/fs/ext4/balloc.c ++++ b/fs/ext4/balloc.c +@@ -340,20 +340,25 @@ static ext4_fsblk_t ext4_valid_block_bit + /* check whether block bitmap block number is set */ + blk = ext4_block_bitmap(sb, desc); + offset = blk - group_first_block; +- if (!ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data)) ++ if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize || ++ !ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data)) + /* bad block bitmap */ + return blk; + + /* check whether the inode bitmap block number is set */ + blk = ext4_inode_bitmap(sb, desc); + offset = blk - group_first_block; +- if (!ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data)) ++ if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize || ++ !ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data)) + /* bad block bitmap */ + return blk; + + /* check whether the inode table block number is set */ + blk = ext4_inode_table(sb, desc); + offset = blk - group_first_block; ++ if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize || ++ EXT4_B2C(sbi, offset + sbi->s_itb_per_group) >= sb->s_blocksize) ++ return blk; + next_zero_bit = ext4_find_next_zero_bit(bh->b_data, + EXT4_B2C(sbi, offset + sbi->s_itb_per_group), + EXT4_B2C(sbi, offset)); +@@ -419,6 +424,7 @@ struct buffer_head * + ext4_read_block_bitmap_nowait(struct super_block *sb, ext4_group_t block_group) + { + struct ext4_group_desc *desc; ++ struct ext4_sb_info *sbi = EXT4_SB(sb); + struct buffer_head *bh; + ext4_fsblk_t bitmap_blk; + int err; +@@ -427,6 +433,12 @@ ext4_read_block_bitmap_nowait(struct sup + if (!desc) + return ERR_PTR(-EFSCORRUPTED); + bitmap_blk = ext4_block_bitmap(sb, desc); ++ if ((bitmap_blk <= le32_to_cpu(sbi->s_es->s_first_data_block)) || ++ (bitmap_blk >= ext4_blocks_count(sbi->s_es))) { ++ ext4_error(sb, "Invalid block bitmap block %llu in " ++ "block_group %u", bitmap_blk, block_group); ++ return ERR_PTR(-EFSCORRUPTED); ++ } + bh = sb_getblk(sb, bitmap_blk); + if (unlikely(!bh)) { + ext4_error(sb, "Cannot get buffer for block bitmap - " +--- a/fs/ext4/ialloc.c ++++ b/fs/ext4/ialloc.c +@@ -160,6 +160,7 @@ static struct buffer_head * + ext4_read_inode_bitmap(struct super_block *sb, ext4_group_t block_group) + { + struct ext4_group_desc *desc; ++ struct ext4_sb_info *sbi = EXT4_SB(sb); + struct buffer_head *bh = NULL; + ext4_fsblk_t bitmap_blk; + int err; +@@ -169,6 +170,12 @@ ext4_read_inode_bitmap(struct super_bloc + return ERR_PTR(-EFSCORRUPTED); + + bitmap_blk = ext4_inode_bitmap(sb, desc); ++ if ((bitmap_blk <= le32_to_cpu(sbi->s_es->s_first_data_block)) || ++ (bitmap_blk >= ext4_blocks_count(sbi->s_es))) { ++ ext4_error(sb, "Invalid inode bitmap blk %llu in " ++ "block_group %u", bitmap_blk, block_group); ++ return ERR_PTR(-EFSCORRUPTED); ++ } + bh = sb_getblk(sb, bitmap_blk); + if (unlikely(!bh)) { + ext4_error(sb, "Cannot read inode bitmap - " diff --git a/debian/patches/bugfix/all/ext4-always-initialize-the-crc32c-checksum-driver.patch b/debian/patches/bugfix/all/ext4-always-initialize-the-crc32c-checksum-driver.patch new file mode 100644 index 000000000..3e2f57379 --- /dev/null +++ b/debian/patches/bugfix/all/ext4-always-initialize-the-crc32c-checksum-driver.patch @@ -0,0 +1,46 @@ +From: Theodore Ts'o +Date: Thu, 29 Mar 2018 22:10:31 -0400 +Subject: ext4: always initialize the crc32c checksum driver +Origin: https://git.kernel.org/linus/a45403b51582a87872927a3e0fc0a389c26867f1 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-1094 + +The extended attribute code now uses the crc32c checksum for hashing +purposes, so we should just always always initialize it. We also want +to prevent NULL pointer dereferences if one of the metadata checksum +features is enabled after the file sytsem is originally mounted. + +This issue has been assigned CVE-2018-1094. + +https://bugzilla.kernel.org/show_bug.cgi?id=199183 +https://bugzilla.redhat.com/show_bug.cgi?id=1560788 + +Signed-off-by: Theodore Ts'o +Cc: stable@vger.kernel.org +--- + fs/ext4/super.c | 15 ++++++--------- + 1 file changed, 6 insertions(+), 9 deletions(-) + +--- a/fs/ext4/super.c ++++ b/fs/ext4/super.c +@@ -3489,15 +3489,12 @@ static int ext4_fill_super(struct super_ + } + + /* Load the checksum driver */ +- if (ext4_has_feature_metadata_csum(sb) || +- ext4_has_feature_ea_inode(sb)) { +- sbi->s_chksum_driver = crypto_alloc_shash("crc32c", 0, 0); +- if (IS_ERR(sbi->s_chksum_driver)) { +- ext4_msg(sb, KERN_ERR, "Cannot load crc32c driver."); +- ret = PTR_ERR(sbi->s_chksum_driver); +- sbi->s_chksum_driver = NULL; +- goto failed_mount; +- } ++ sbi->s_chksum_driver = crypto_alloc_shash("crc32c", 0, 0); ++ if (IS_ERR(sbi->s_chksum_driver)) { ++ ext4_msg(sb, KERN_ERR, "Cannot load crc32c driver."); ++ ret = PTR_ERR(sbi->s_chksum_driver); ++ sbi->s_chksum_driver = NULL; ++ goto failed_mount; + } + + /* Check superblock checksum */ diff --git a/debian/patches/bugfix/all/ext4-fail-ext4_iget-for-root-directory-if-unallocate.patch b/debian/patches/bugfix/all/ext4-fail-ext4_iget-for-root-directory-if-unallocate.patch new file mode 100644 index 000000000..f241c3bfb --- /dev/null +++ b/debian/patches/bugfix/all/ext4-fail-ext4_iget-for-root-directory-if-unallocate.patch @@ -0,0 +1,40 @@ +From: Theodore Ts'o +Date: Thu, 29 Mar 2018 21:56:09 -0400 +Subject: ext4: fail ext4_iget for root directory if unallocated +Origin: https://git.kernel.org/linus/8e4b5eae5decd9dfe5a4ee369c22028f90ab4c44 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-1092 + +If the root directory has an i_links_count of zero, then when the file +system is mounted, then when ext4_fill_super() notices the problem and +tries to call iput() the root directory in the error return path, +ext4_evict_inode() will try to free the inode on disk, before all of +the file system structures are set up, and this will result in an OOPS +caused by a NULL pointer dereference. + +This issue has been assigned CVE-2018-1092. + +https://bugzilla.kernel.org/show_bug.cgi?id=199179 +https://bugzilla.redhat.com/show_bug.cgi?id=1560777 + +Reported-by: Wen Xu +Signed-off-by: Theodore Ts'o +Cc: stable@vger.kernel.org +--- + fs/ext4/inode.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/fs/ext4/inode.c ++++ b/fs/ext4/inode.c +@@ -4745,6 +4745,12 @@ struct inode *ext4_iget(struct super_blo + goto bad_inode; + raw_inode = ext4_raw_inode(&iloc); + ++ if ((ino == EXT4_ROOT_INO) && (raw_inode->i_links_count == 0)) { ++ EXT4_ERROR_INODE(inode, "root inode unallocated"); ++ ret = -EFSCORRUPTED; ++ goto bad_inode; ++ } ++ + if (EXT4_INODE_SIZE(inode->i_sb) > EXT4_GOOD_OLD_INODE_SIZE) { + ei->i_extra_isize = le16_to_cpu(raw_inode->i_extra_isize); + if (EXT4_GOOD_OLD_INODE_SIZE + ei->i_extra_isize > diff --git a/debian/patches/debian/wireless-disable-regulatory.db-direct-loading.patch b/debian/patches/debian/wireless-disable-regulatory.db-direct-loading.patch new file mode 100644 index 000000000..7e05c66dc --- /dev/null +++ b/debian/patches/debian/wireless-disable-regulatory.db-direct-loading.patch @@ -0,0 +1,68 @@ +From: Ben Hutchings +Date: Thu, 05 Apr 2018 18:13:52 +0200 +Subject: wireless: Disable regulatory.db direct loading +Forwarded: not-needed +Bug-Debian: https://bugs.debian.org/892229 + +Don't complain about being unable to load regulatory.db directly. +This is expected until we generate a signing key and update +wireless-regdb to be signed with it. + +--- +--- a/net/wireless/reg.c ++++ b/net/wireless/reg.c +@@ -475,6 +475,7 @@ static void reg_regdb_apply(struct work_ + + static DECLARE_WORK(reg_regdb_work, reg_regdb_apply); + ++#if 0 + static int reg_schedule_apply(const struct ieee80211_regdomain *regdom) + { + struct reg_regdb_apply_request *request; +@@ -494,6 +495,7 @@ static int reg_schedule_apply(const stru + schedule_work(®_regdb_work); + return 0; + } ++#endif + + #ifdef CONFIG_CFG80211_CRDA_SUPPORT + /* Max number of consecutive attempts to communicate with CRDA */ +@@ -573,6 +575,29 @@ static inline int call_crda(const char * + /* code to directly load a firmware database through request_firmware */ + static const struct fwdb_header *regdb; + ++#if 1 ++ ++static int load_builtin_regdb_keys(void) ++{ ++ return 0; ++} ++ ++static void free_regdb_keyring(void) ++{ ++} ++ ++static int query_regdb_file(const char *alpha2) ++{ ++ return -ENOENT; ++} ++ ++int reg_reload_regdb(void) ++{ ++ return -ENOENT; ++} ++ ++#else /* disabled until we update wireless-regdb */ ++ + struct fwdb_country { + u8 alpha2[2]; + __be16 coll_ptr; +@@ -963,6 +988,8 @@ int reg_reload_regdb(void) + return err; + } + ++#endif ++ + static bool reg_query_database(struct regulatory_request *request) + { + if (query_regdb_file(request->alpha2) == 0) diff --git a/debian/patches/series b/debian/patches/series index 3c4cd1cf9..117fd66fd 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -139,6 +139,9 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch # Security fixes debian/i386-686-pae-pci-set-pci-nobios-by-default.patch +bugfix/all/ext4-fail-ext4_iget-for-root-directory-if-unallocate.patch +bugfix/all/ext4-add-validity-checks-for-bitmap-block-numbers.patch +bugfix/all/ext4-always-initialize-the-crc32c-checksum-driver.patch # Fix exported symbol versions bugfix/all/module-disable-matching-missing-version-crc.patch @@ -156,4 +159,7 @@ bugfix/all/cpupower-fix-checks-for-cpu-existence.patch bugfix/all/lockdep-stub-nmi-watchdog-reset.patch bugfix/arm64/ARM64-dts-meson-reduce-odroid-c2-eMMC-maximum-rate.patch +# wireless: Disable regulatory.db direct loading (until we sort out signing) +debian/wireless-disable-regulatory.db-direct-loading.patch + # ABI maintenance