29ef5032ac
bpf: fix branch offset adjustment on backjumps after patching ctx expansion
...
CVE ID to be assigned.
2016-02-14 04:54:45 +00:00
3c25ed439a
af_unix: Don't set err in unix_stream_read_generic unless there was an error
...
This fixes a regression in 4.4, also introduced in 4.3.4 and various
other stable updates.
2016-02-13 00:56:13 +00:00
2d5f78b62a
Revert "workqueue: make sure delayed work run in local cpu"
...
This caused a regression in 4.3
2016-02-13 00:30:07 +00:00
83fd76229d
af_unix: Guard against other == sk in unix_dgram_sendmsg (regression in 4.2.6-2)
2016-02-13 00:23:18 +00:00
1c28b9c3ed
fs/hugetlbfs/inode.c: fix bugs in hugetlb_vmtruncate_list() (CVE-2016-0617)
...
Fixes a regression in 4.3.
2016-02-12 23:43:07 +00:00
95ece6ebc6
iw_cxgb3: Fix incorrectly returning error on success (CVE-2015-8812)
2016-02-12 23:34:37 +00:00
7f810117b9
[armel] Replace kirkwood and orion5x flavours with a 'marvell' flavour
...
Apply upstream patches from 4.5-rc1 to enable inclusion of orion5x in a
multiplatform build.
Merge configurations as well as possible.
2016-02-07 18:14:32 +00:00
43671fd62b
Re-group fixes in the patch series
2016-02-07 18:08:27 +00:00
536da2762d
Drop ABI fix, not needed in experimental
2016-02-07 18:05:13 +00:00
6c26fa513e
Release linux (4.3.5-1).
...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUAVrbUcee/yOyVhhEJAQqY7RAAvLy0Z5eKYP7/Re1jHCuYqGFwhgIig+uo
yscoEqKlSWUwC7Tio5ar+oydqdvRyUOYB+ABXvpnQb+ImsPF5xNwYDLO5OIVGIuh
yc7RgHROYzDMYSqO8ToDAJbhPfd/UVUp25gJQqdbmozXr9lMPL1zH3/d5FUQgrcz
2AmCFDa6nvcCg6SxuT8IFl2lsDsPA7WI3AYUnFKVwxpwSGwZQmhH4G6SDBOTGd4n
Zx8ySfHle+Jz4aIYyD6jAFV4RVCsucwswwD78PYDZlfqxr29IzdwOx4MJNuLzxGp
A6/FVRg6V7b+/1E1BKS7wUAoN2F7JyXgrro7QsZEyq+ckQY/9CyfLopC0shx3+xv
2nQLGLb3rFySKkYXFBPJdQacr0zGRtEa5QdRWRVYPCUvXc2ju5pv8DTINzb7aW+6
tkec0Wks5LeDa+zVzbAJHpVgnE3PBSTJHpRWaqZv1C5avp92MmnphXxpjj5ifB2b
/eu6PzF4zAwM0Sr8aBY2riELQXMbFmtAE60+weMUjYHiL4MHc/yDNHtpjiz3zgrQ
qptf26uuHClC/FmMq+9jhTlbsXb9X30XWG94Dif0A46iAHAyRrO200DUlMYqx3KF
tDtHKHsJ2rqso6WQhuLOgd37qTKlt93rA6Se4bbDASQKdQealbY3COsYS1eulyJI
HXXB8qbopJI=
=cqNy
-----END PGP SIGNATURE-----
Merge tag 'debian/4.3.5-1'
2016-02-07 05:28:43 +00:00
af8b80ce07
Fix yet another ABI change due to CVE-2013-4312 mitigation
2016-02-06 23:25:11 +00:00
0df8f2e3e7
hwrng: n2 - Attach on T5/M5, T7/M7 SPARC CPUs ( Closes : #809815 )
2016-02-06 21:25:49 +00:00
ef736f8440
pipe: limit the per-user amount of pages allocated in pipes (CVE-2013-4312)
2016-02-04 20:34:11 +00:00
3180443250
rt2x00: fix monitor mode regression (regression in 4.2)
2016-02-01 17:16:15 +00:00
1ba618c3d3
Update to 4.4.1
2016-02-01 10:59:35 +00:00
ba1393105a
Update to 4.3.5
...
Drop several patches that are included in it.
Fix/ignore various ABI changes.
2016-02-01 10:27:12 +00:00
20ed8bdbac
x86/mm: Add barriers and document switch_mm()-vs-flush synchronization (CVE-2016-2069)
...
Plus a follow-up fix to the comments.
2016-01-29 03:42:16 +00:00
237b83662e
[mips*] Backport math emulation fix from 4.5.
2016-01-27 22:33:18 +01:00
b1fa3fac88
netfilter: nf_nat_redirect: add missing NULL pointer check (CVE-2015-8787)
2016-01-27 19:25:20 +01:00
76c256b5b8
SCSI: fix crashes in sd and sr runtime PM ( Closes : #801925 )
2016-01-27 01:32:15 +00:00
cdfc3b2f30
tcp: fix zero cwnd in tcp_cwnd_reduction (CVE-2016-2070)
2016-01-26 09:00:04 +01:00
024851fa3a
fuse: break infinite loop in fuse_fill_write_pages()
...
This doesn't have a CVE ID yet.
2016-01-23 22:57:21 +00:00
9b355e6846
Update to 4.3.4
2016-01-23 12:11:55 +00:00
68515dfcb9
linux-perf: Fix FTBFS with gcc 6 (used on hppa, sparc64)
2016-01-19 22:11:16 +00:00
72a63706a0
Re-group fixes in the patch series
2016-01-19 13:50:23 +00:00
7aef5117c3
Release linux (4.3.3-6).
...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUAVp48e+e/yOyVhhEJAQovuQ//Qqsr1OgRXNSxEZ9x6Szj+4wlhcHwnCB/
hgAU+Lhkic44oGuNy9Hu9gnsiEqgWtDAXF1ZKFa+6iNsHEunommB84qc6a9qrtJ7
TGzKaqyXQmvrQj9j9u5/09nw3Bx+LqZqRtGGN6kBwyTUhP0ndg6xfHtSZXP6JAAf
8AKb5hvef25x9E4ZA9d2VzsgMwgtg9utxlZj/5WGhC4BwbkV96RrZu+hqO1akqsp
bPKmKER0HDGvIqOfJQYTqjLAY4LjTGMLZAfcPeLn7gzT5Io+cujqy1K3JnqxRaWM
5/bauyFnMaTiaN+oeozTtjs2wkdr+4EljGu0+WJAsvK8rQ6/mVJsqEcx8ESwuYx7
lch8NBERfG0mGCEcpn+J5hsye7w9LQHugT1eKdrxx8JA1aiamnfofYE6XGYhURkx
j0p2A5wZnB0T1j52mEwwa7HtNY0mgCfvFy1z45zVeQDyGH/09a/ZDCJf7ildOOLu
cPDjyw3dGAi7HpeM2EkMCzZa342PaNYR//vfBRLb6kgQjMLgVev9jdf/mv2mqsB8
qIDC1AtI1Tl9b3CTRGZ9RIdGZ93UpiiKKSoLpRyowuZYLej0Zk8zSfsbPDhwPq0c
F+JiMqIQDZh/ggC9rzGCDbntqNv9oYk3r2WuLalGZQhP7lPig5J5Dz2i221RGCyu
MjbiTh1PG1I=
=vF8G
-----END PGP SIGNATURE-----
Merge tag 'debian/4.3.3-6'
2016-01-19 13:44:04 +00:00
e9490659aa
KEYS: Fix keyring ref leak in join_session_keyring() (CVE-2016-0728)
2016-01-19 00:41:25 +00:00
ea4dea20ad
linux-perf: Fix reading of build-id from vDSO
2016-01-19 00:18:11 +00:00
e90dec2a0e
bcache: Add upstream fixes marked for stable
...
- fix a livelock when we cause a huge number of cache misses
- Add a cond_resched() call to gc
- clear BCACHE_DEV_UNLINK_DONE flag when attaching a backing device
- fix a leak in bch_cached_dev_run()
- unregister reboot notifier if bcache fails to unregister device
- allows use of register in udev to avoid "device_busy" error.
- prevent crash on changing writeback_running
- Change refill_dirty() to always scan entire disk if necessary
As requested in
https://lists.debian.org/debian-backports/2016/01/msg00067.html
2016-01-17 21:59:33 +00:00
a9736a8ea4
Revert "block/sd: Fix device-imposed transfer length limits"
...
This introduces an ABI change and it's not obvious how to work around that.
2016-01-17 16:40:35 +00:00
18b52b0baa
unix: Fix ABI change for CVE-2013-4312
2016-01-17 16:39:58 +00:00
f335c0cfcc
unix: properly account for FDs passed over unix sockets (CVE-2013-4312)
2016-01-17 09:27:47 +01:00
10211ef4c3
[x86] drm/vmwgfx: Fix a width / pitch mismatch on framebuffer updates
2016-01-16 04:04:53 +00:00
74cadf39f7
block/sd: Fix device-imposed transfer length limits ( Closes : #805252 )
2016-01-16 03:50:08 +00:00
18e70e2c53
Add some security fixes
2016-01-14 23:39:40 +00:00
d2547e3561
xen/gntdev: Grant maps should not be subject to NUMA balancing ( Closes : #810472 )
2016-01-08 19:32:35 +00:00
0f11ea7f19
Update to 4.4-rc8
2016-01-04 01:57:00 +00:00
4689e6426d
Regroup patches in series
2016-01-02 19:20:40 +00:00
e2abaa403e
Merge tag 'debian/4.3.3-3'
...
Drop the ABI reference and ignored symbols.
Drop most of the patches, as they're already upstream.
2016-01-02 19:18:54 +00:00
e148000b24
ptrace: Fix ABI change for priv-esc fix
2016-01-02 16:27:28 +00:00
eafb4c30fd
Revert "xhci: don't finish a TD if we get a short transfer event mid TD"
...
Closes : #808602 , #808953 , regression in 4.3-rc7
2016-01-02 03:09:56 +00:00
50c5af2358
[armhf] crypto: sun4i-ss - add missing statesize ( Closes : #808625 )
2016-01-01 19:46:24 +00:00
50263628e4
[x86] drm/i915: Don't compare has_drrs strictly in pipe config ( Closes : #808720 )
2016-01-01 19:24:50 +00:00
45e2ecad07
drm/nouveau/pmu: do not assume a PMU is present ( Closes : #809481 )
2016-01-01 18:41:43 +00:00
abab5c2745
[x86] kvm: Reload pit counters for all channels when restoring state (CVE-2015-7513)
2015-12-31 15:49:59 +01:00
e57c91d886
KEYS: Fix race between read and revoke (CVE-2015-7550)
2015-12-31 02:53:31 +00:00
6642f73533
[armhf] Add support for BCM2836 and Raspberry Pi 2
...
- Patches for BCM283x drivers taken from linux-next
- A few more changes requested for 4.5:
http://thread.gmane.org/gmane.linux.kernel/2115942
- Enable all the drivers
- Add SD and USB controller drivers to udebs
2015-12-30 04:18:26 +00:00
a52be96b10
Regroup patches in series
2015-12-27 14:11:18 +00:00
3fac5cf03c
ptrace: being capable wrt a process requires mapped uids/gids
2015-12-27 06:19:08 +00:00
7b6f99cec5
[xen] pciback: Fix state validation in MSI control operations (CVE-2015-8551, CVE-2015-8852, XSA-157)
2015-12-27 05:54:06 +00:00
94b974ce0f
[xen] Fix race conditions in back-end drivers (CVE-2015-8550, XSA-155)
2015-12-27 05:49:13 +00:00
1ff79b037c
bluetooth: Validate socket address length in sco_sock_bind() (CVE-2015-8575)
2015-12-27 04:26:45 +00:00
e9708970a6
pptp: verify sockaddr_len in pptp_bind() and pptp_connect() (CVE-2015-8569)
2015-12-27 04:26:45 +00:00
5db0f0e307
block: ensure to split after potentially bouncing a bio ( Closes : #809082 )
2015-12-27 04:26:45 +00:00
d6b9e3f082
ovl: fix permission checking for setattr (CVE-2015-8660)
2015-12-24 06:42:25 +01:00
0aaf811548
Update to 4.4-rc6
2015-12-21 11:13:30 +00:00
fc3ff0606d
mm: Fix missing #include in <linux/mmdebug.h> (fixes FTBFS on arm64)
2015-12-19 20:32:14 +00:00
ee4980cb32
[armhf,sparc64] Force ZONE_DMA to be enabled, reversing ABI change in 4.3.3 (fixes FTBFS)
2015-12-17 17:59:24 +00:00
70157abb7d
Release linux (4.3.3-1).
...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUAVnCT2+e/yOyVhhEJAQr+qw/9E5dEKfpAfOywx9lA0eQKKBx2yt2IkdGc
0k9UFJlJc5xpOwEH03WOlU3XktlrwNzaT6U0Qvu6MW4Y77G60fDbAB/J+1jlYatK
02CEUmBgrD5M6Cm/9J085mglIEt+5tq0RIZwAWx7iki53H/y1KQ6uski3oZwcguu
Go5KP744Osen5cyJKgT+vV/VGHc+BJEMcNFNI1nlh71owTQKT2ZsLx8fd3ZIdGsB
8rTC3pIsE8YjTcaRhKcJ1t6a19fX/2fD7KsfZTo8YdfLReg29CZ6TlQF8clzh8yH
37RWnEEYZT3vDbLVFOr4RVj0/b5skJQmuC7Bs40dywPyjEK/OQHMUWdcw4ZAxsq1
kNL9DhShF4G+HW58VOCRZSMO+R4R2Cl7JIz4bjhhPIOka9X/vn0yk/QgR6z16g0J
DHc2zx9+OHlUgk89KpCtDYdzHth7uQAmg6WIJemVU1Mt4jdaHKoEtAI4iNkEjdby
1LNnmYjukIixpTtb/NJGtyQPWSOOHnRQa7Cq36SngZoT4Gowb5hbDI9v+IrSQZUj
ruEMqMl4Bcq3/R1HKdqcs0FK+obKceaHSoLH+ludH0U7UAjh3dqCotxHkX4DT+ws
0CJAM1PIiiXG6n+TQve/wepG/Fv2yuOJg1BEo32Qjy5RtzhZf4vgZEYKJFrCGxR3
oBYzz+yPcvg=
=AlwC
-----END PGP SIGNATURE-----
Merge tag 'debian/4.3.3-1'
Drop the ABI reference and ignored symbols.
Drop most of the patches, as they're already upstream.
2015-12-16 17:15:08 +00:00
ca0bbf698b
tipc: Fix kfree_skb() of uninitialised pointer (regression in 4.3.3)
2015-12-15 21:25:16 +00:00
8fd06d9868
vrf: Fix broken backport of "vrf: fix double free and memory corruption on register_netdevice failure" in 4.3.3
2015-12-15 17:44:38 +00:00
c4e89babe4
Update to 4.3.3
...
Drop 3 security fixes that were included in it.
2015-12-15 17:40:55 +00:00
61acdc692c
net: add validation for the socket syscall protocol argument (CVE-2015-8543)
2015-12-14 20:59:45 +00:00
c3ac7c57ca
cirrus,mgag200: Drop patches for compatibility with wheezy userland
2015-12-14 14:36:05 +00:00
e97c318264
Drop another obsolete patch for X-Gene
...
The xgene-reboot driver is now unused.
2015-12-14 14:21:51 +00:00
a4febbdc67
[arm64] Drop now-redundant patch for X-Gene device tree (fixes FTBFS)
2015-12-14 02:51:41 +00:00
c353d9e9f8
Fix reference to non-UAPI <linux/nvme.h> in include/uapi/linux/Kbuild
2015-12-14 01:16:03 +00:00
e808d0a3f7
Update to 4.4-rc4
2015-12-14 00:53:56 +00:00
2f38533595
[armhf] Add support for Odroid-XU4 ( Closes : #804850 )
2015-12-13 00:34:44 +00:00
405f12a12b
[x86] nouveau: bios: return actual size of the buffer retrieved via _ROM ( Closes : #772716 )
2015-12-13 00:34:44 +00:00
efc870db16
[x86] drm/i915: Mark uneven memory banks on gen4 desktop as unknown swizzling ( Closes : #780363 )
2015-12-12 22:53:37 +00:00
d89f74a7ba
[armel/kirkwood] dts: Fix QNAP TS219 power-off ( Closes : #807696 )
2015-12-11 18:36:54 +00:00
824b04a59d
Update to 4.4-rc4
...
Refresh and drop patches as appropriate.
- Rewrite memcg disable patch to operate on cgroup_disable_mask
- The ancient Advansys Kconfig bug was fixed (differently) upstream
- ft1000 driver is gone, so we no longer need to remove its firmware
- One hunk of aufs4-mmap.patch is obsolete
2015-12-10 18:13:16 +00:00
26e03c2621
Update to 4.3.1
2015-12-09 23:48:47 +00:00
12dc87aa9c
Release linux (4.2.6-2).
...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUAVmHQq+e/yOyVhhEJAQoKGw/+L3omCHQc+jEfre5v9KaKEFfDn/5wh2fF
C1U2n9tW3Dje//k1t5IalN2bxugjg86lvyobnNo+fP3GxbEftr0OJFKspWDlREcT
epebhVQwzIY5ilNaayIqU8+wO6N/Ocy7kDspDjT7aqKFs5ZxmKReR6mvqZzYtJX5
W6lrinX03bcBLaFGgHOFJeI/6JapVC8LxQPiek2NYuEAnMsGdN0CDpZRqsmgNtjn
PBYbfsfk/JMubr+2ddksZcQTPKoK5fcbbgHRgN76eKDEGZ9XychWlhA8VANw+dhx
I572cypGXxfV6AoLky7VcP8WKmWQVNWsXTMaFd8j0703xF/ands/Ic8mZOiftfh9
9Qg6yhDt16zBPk+6Ct2ce04TAEdaY6Zr4WZdYphgVrkoZQrMc1PUVJkg6cPC7bKZ
XANEWus39vJmHIM82ETY2BpZ8+kdFqehWpo0PM8kCfL06fAm3inIsKDa7iyrpLbJ
DSdrQiRPeGr9jjB6mOuAIw/Otlq+M8kHfBGD1lgf7luLWOuP7z67mj2kjhNUP+pI
yKZI6+xbwZ79+Sr6ZFQBPDVH400zbvinV0B3xV+ZUU/3ze6j3QVFEuA9KsqAVqN6
R9CiQJ3lP3SL64P9FMQDfQL75HD0CZnEULlqDIYAzBmtz2B/H0lhrODoO2oZHHKT
jmxxrVLxbPg=
=jlfq
-----END PGP SIGNATURE-----
Merge tag 'debian/4.2.6-2'
Exclude one new patch that's already in 4.3, and the ABI stuff.
Remove items from the open changelog entry that are now redundant.
2015-12-04 18:03:02 +00:00
b1805eb5b3
[x86] drm/i915: shut up gen8+ SDE irq dmesg noise ( Closes : #806304 )
...
(cherry picked from commit fd13855f77
2015-12-04 01:18:53 +00:00
7517e45eec
qxl: Enable by default ( Closes : #779515 )
...
(cherry picked from commit 7f648db4e2
2015-12-04 01:14:07 +00:00
4668d13b75
Btrfs: fix truncation of compressed and inlined extents (CVE-2015-8374)
2015-12-03 00:50:36 +00:00
1060c43c3d
ppp, slip: Validate VJ compression slot parameters completely (CVE-2015-7799)
...
Plus a preparatory fix to isdn_ppp.
2015-12-03 00:48:31 +00:00
045f1d7a16
unix: avoid use-after-free in ep_remove_wait_queue (CVE-2013-7446)
2015-12-03 00:45:29 +00:00
fd13855f77
[x86] drm/i915: shut up gen8+ SDE irq dmesg noise ( Closes : #806304 )
2015-11-26 20:47:26 +00:00
22ad2142d1
media: usbvision: fix crash on detecting device with invalid configuration
...
(CVE-2015-7833, partly fixed in 4.2.6-1)
Also update headers of the previous patch to match the commit in
media_tree.git.
2015-11-24 17:09:48 +00:00
00e7e4e3ed
[x86] Xen: expose a more realistic max p2m size in the shared info
...
Fixes migration (Closes : #797205 )
2015-11-21 13:48:44 +00:00
1d08805288
[x86] KVM: rename update_db_bp_intercept to update_bp_intercept
2015-11-10 22:14:32 +01:00
45bf582b02
[x86] KVM: svm: unconditionally intercept #DB (CVE-2015-8104)
2015-11-10 22:14:32 +01:00
b531af6929
Release linux (4.2.6-1).
...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUAVkIVT+e/yOyVhhEJAQo9JxAAzMhh283CLxwNC9+oJKEpfD/ve+WLEcKI
7TiyttUesYegG0/5JAPU//S8LyHOXeu+6vqEO0NzReCTGdQi4oXZTpUQA9KNzCTF
TLsdFBa6z5mRYcRHeGVYjmhKr8MTVRumXv/3WTVSwp71t1W7dce4qTboMsFr/kmk
c6rGv5GNTtpHpyjevIrLAkBq83rwdbPz6dtNnBAna38awY61a7snFPr81WUvNu3I
uVD5Dcm+efAzL/tPSxwdZRhQ7Qi5SnqUgP/c/3keDYeCLgj87FxdXK4vlJvkgmQs
VGX/D9VyCQvFbtWmEtAdOJHqu2LuYd0ZljFvx3Fo59KHDm6GV60jsHaGYjc8a6o1
F7r6vaRGMLDtZhjFeYwVgJYCcHmQ8RO0fuKe4hslaiItg1rKLV738SrVRzl/oTq+
l/HwdWxyeEbqMi1rc8bzwnFaet2Av+eArEfsla4uul1ZgNwkGbV/qZjDW/lIHcLS
7cIYdiiv719AVU9rRR1JZR+92k4MsDaqerKNUl72yHr6F8YMY0T10GY5ddlyzAjD
gbOkqcAIxlwVdxzXjzVUdA6T2R7edEbGnVtSaqKdFJUgRuGMqqGlcQ5xsK3CN4LC
YlbHa2y90BpOro6E6d4Tt4dLBvq49PQ2QJio8JJNtIrpAEjN41xIXUD1AOsLvC56
S737q+9MAIg=
=Bxdo
-----END PGP SIGNATURE-----
Merge tag 'debian/4.2.6-1'
Refresh some patches.
2015-11-10 16:12:32 +00:00
7f79eccf5e
Update to 4.2.6
2015-11-10 11:32:17 +00:00
ef1fd62260
[x86] KVM: Intercept #AC to avoid guest->host denial-of-service (CVE-2015-5307)
2015-11-08 15:13:48 +00:00
b2076bbc37
media/vivid-osd: fix info leak in ioctl (CVE-2015-7884)
2015-11-08 15:01:04 +00:00
ed853af7cb
RDS: fix race condition when sending a message on unbound socket (CVE-2015-7990)
2015-11-08 14:48:48 +00:00
222755c823
usbvision: fix overflow of interfaces array (CVE-2015-7833)
2015-11-08 14:48:04 +00:00
e317536be0
mv643xx_eth: Re-enable TSO, fixed upstream in 4.3
2015-11-07 14:23:40 +00:00
7f648db4e2
qxl: Enable by default ( Closes : #779515 )
2015-11-07 14:19:28 +00:00
c5e06b9078
Update to 4.3
2015-11-02 10:29:06 +00:00
4c1226a6c4
selftests: breakpoint: Actually build it
2015-10-31 22:04:13 +00:00
a29879587a
selftests: vm: Try harder to allocate huge pages
2015-10-31 22:04:13 +00:00
a748a69c46
selftests: Make scripts executable
2015-10-31 22:04:13 +00:00
47af940cea
selftests: kprobe: Choose an always-defined function to probe
2015-10-31 22:04:13 +00:00
ac28c69026
selftests: Ignore compiler warnings
...
We can't fix them all yet, and they shouldn't cause a test failure.
Patch memfd makefile to ensure we don't rebuild it and thus emit
warnings during a test run.
2015-10-31 22:04:13 +00:00
499a3df5b5
selftests: Add missing #include directives
2015-10-31 22:04:13 +00:00
Ben Hutchings
Aurelien Jarno
Salvatore Bonaccorso
Ian Campbell