Ben Hutchings
2e3f7d9495
Add fixes for ext4 security issues relating to corrupted disk images
2018-07-02 21:34:14 +01:00
Ben Hutchings
f0d3d32b75
debian/patches/series: Fix grouping of security patches
2018-07-02 21:20:58 +01:00
Ben Hutchings
d7f4f21608
tracing: Check for no filter when processing event filters (CVE-2018-12714)
2018-06-30 03:27:55 +01:00
Ben Hutchings
6c7df557db
Export symbols needed by Android drivers
2018-06-26 18:32:25 +01:00
Ben Hutchings
2202083eb0
Update to 4.17.3
...
Drop patches applied upstream.
2018-06-26 02:49:57 +01:00
Vagrant Cascadian
1ddc0915c9
[arm64] Add device-tree to support Pinebook.
2018-06-25 18:23:47 -07:00
Ben Hutchings
4eabac8481
[x86] virt: vbox: Only copy_from_user the request-header once (CVE-2018-12633)
2018-06-26 00:26:41 +01:00
Ben Hutchings
d6b55c2dde
socket: close race condition between sock_close() and sockfs_setattr() (CVE-2018-12232)
2018-06-26 00:26:41 +01:00
Ben Hutchings
8d25e929ea
ext4: do not allow external inodes for inline data (CVE-2018-11412)
...
Plus the related fix "ext4: bubble errors from
ext4_find_inline_data_nolock() up to ext4_iget()".
2018-06-26 00:26:41 +01:00
Ben Hutchings
5e4f042d2f
ext4: correctly handle a zero-length xattr with a non-zero e_value_offs (CVE-2018-10840)
2018-06-26 00:26:41 +01:00
Ben Hutchings
43505297af
vhost: fix info leak due to uninitialized memory (CVE-2018-1118)
2018-06-26 00:26:36 +01:00
Ben Hutchings
5316cb1c19
[amd64,arm64,armhf] android: Build modules to support Anbox ( Closes : #901492 )
2018-06-22 17:47:56 +01:00
Bastian Blank
793d0ba52e
Release linux (4.16.16-1)
...
-----BEGIN PGP SIGNATURE-----
iQFFBAABCgAvFiEER3HMN63jdS1rqjxLbZOIhYpp/lEFAlspVJURHHdhbGRpQGRl
Ymlhbi5vcmcACgkQbZOIhYpp/lFk8ggAvgwAw3CSdFCGSLvd8cBjZa2mqpxqOILN
BbuXT0qRTibN19qtjeHvk0SQUQuBBIoP9DVGu0j1UIBfpQcVsEg+tM2FTqrPI5DT
1LPdMcOEyNpD9FlmEljd7lkjetyils/0T87+hHXxhBP2d2DkuUjcaY1t09+6kKW0
A2XXeEGeJmDbLEuY7R/WxGHsT20nvvLD0on5691mF8yW7wLDavekwGk9JJlFjOID
XkwxAj2nFVDCWB6hmi1ETGYahmnFXgK1kX2X0lTAi6FM1mql4oha6LNxQSYc8hAd
03nWnzwh+BmsAJjapp1PkkGEj7SHw9AHl8EUS+cqaAzigB4LjSPffw==
=4gVf
-----END PGP SIGNATURE-----
Merge tag 'debian/4.16.16-1'
Release linux (4.16.16-1)
2018-06-19 21:50:55 +02:00
Vagrant Cascadian
261fe7baf0
[arm64,armhf] Add device-tree to support Raspberry PI 3b+.
2018-06-17 15:31:23 -07:00
Romain Perier
c2d82aa53d
[arm64] correct voltage selector for Firefly-RK3399 ( Closes : #900799 )
2018-06-15 18:49:25 +02:00
Bastian Blank
87e3b20439
hv_netvsc: Fix a network regression after ifdown/ifup
2018-06-13 13:49:24 +02:00
Romain Perier
657307624b
Update to 4.16.13
...
This updates the debian changelog for listing changes of this stable
update. It also removes the patches that have been merged upstream.
2018-06-05 14:31:46 +02:00
Salvatore Bonaccorso
bc42fd66b1
sr: pass down correctly sized SCSI sense buffer (CVE-2018-11506)
2018-05-30 08:41:40 +02:00
Ben Hutchings
cb55017d9c
[x86] KVM: VMX: Expose SSBD properly to guests.
2018-05-23 00:45:33 +02:00
Salvatore Bonaccorso
0e0b695e53
Update to 4.16.11
...
Revert "[x86] Add support for disabling Speculative Store Bypass (CVE-2018-3639)"
Cleanup debian/changelog file
2018-05-22 21:03:43 +02:00
Ben Hutchings
975e4433ed
[x86] Add support for disabling Speculative Store Bypass (CVE-2018-3639)
...
Apply all the SSB-related patches pending for 4.16-stable.
2018-05-22 12:26:02 +02:00
Ben Hutchings
b1a9e2470a
Update to 4.16.10
2018-05-22 00:49:31 +02:00
Salvatore Bonaccorso
c2dbc30362
proc: do not access cmdline nor environ from file-backed areas (CVE-2018-1120)
2018-05-17 23:15:48 +02:00
YunQiang Su
b968d18584
[mips{,64}r6{,el}] use boston as the target
...
Add a patch to disable uImage generation to avoid depend on u-boot-tools
Fix typo the EL's flavor names in installer: not same within defines
Malta is never used for r6. (Closes : #898523 )
Boston also requires relocation table size >= 0x00121000
2018-05-14 16:26:26 +08:00
Salvatore Bonaccorso
9febee02d1
mm, oom: fix concurrent munlock and oom reaper unmap (CVE-2018-1000200)
2018-05-12 16:49:55 +02:00
Salvatore Bonaccorso
24b281238c
Update to 4.16.7
...
Refresh bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch
Drop patches applied upstream related to CVE-2018-1093
Cleanup debian/changelog entries
2018-05-10 15:01:21 +02:00
Ben Hutchings
a5394cbc13
[hppa/parisc64-smp] IB: Fix RDMA_RXE and INFINIBAND_RDMAVT dependencies for DMA_VIRT_OPS
2018-05-09 22:48:55 +01:00
Ben Hutchings
f4a882f016
Update to 4.17-rc4
2018-05-09 19:10:50 +01:00
Ben Hutchings
00e2f5f30e
kbuild: use -fmacro-prefix-map to make __FILE__ a relative path
2018-05-02 23:47:40 +01:00
Ben Hutchings
bb6c7da6fe
Update to 4.17-rc3
2018-04-30 00:12:50 +01:00
Ben Hutchings
634a2fc7db
Release linux (4.16.5-1).
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAlrmIuQACgkQ57/I7JWG
EQl34hAAiQMv+LrOJsingSeIxmPM2q+FktFykdjTNsjcyEZ5pSfhj8T4fc4hZHZp
uXOMV4+lfNSCQF9agPsYcTvm6Md7VqMCMjFOmM6GdUrIc7kDnZEheA1ZTFuZzOVv
Heh88tDu6Zl2vqPbt+81Ah3N/lSyCVA5jVF0K4RYUe1Gs7YFTqaJdPZi8wP7I9Os
GwvY41auQFNdTQfIpdB1dISQVtfAZT8cg+c/fGUNPhJWqFnjMeYhBoQWRKPATp4/
NNJNAEOU7K0zpooCCAH5zK03T6bpt64GOJx/gDMyaqdlAd3LbLiCQP09tS3OVqQS
qAm7I0STnM3oD0D1uk+OPo8Cxeu3V/4kHwYH59G/EwyYa7rJxrThQSvTZCxEdKuK
REr2aPe6doW7x45yhL+R3ZKJDLsdVJkkutpCXhdqnwAUnXITUR4PprNd4l6tc5nC
IzZM5Il7nAx3LWB2Xtz4iGykQVAyXdpDKXjCJgarTI4kG49iitCq1eRJHi5jFVJw
7iuIgZmjFBWx6bzifhNBg0oUG3R7hEitzaqJ0G1jX+FRVfOOr+an+txZEVyJuqsw
3FDI8kJClXVB6kNAPgEQWPh3Cdh63s69qVLZZTGujgLHMXv833MbBHIV3KR+7YNS
uKfzJNSglCIKf3LVKRUSHJyfYJTV+iS4ioHVjn8B7fc0YCdXQpg=
=hQGL
-----END PGP SIGNATURE-----
Merge tag 'debian/4.16.5-1'
Release linux (4.16.5-1).
2018-04-29 21:09:11 +01:00
Ben Hutchings
5b54699034
ext4: fix bitmap position validation
...
Un-revert "ext4: add validity checks for bitmap block numbers" and
apply this new fix on top of it.
2018-04-27 18:08:44 +01:00
Ben Hutchings
019c1fa6f3
xfs: set format back to extents if xfs_bmap_extents_to_btree (CVE-2018-10323)
2018-04-25 21:23:07 +01:00
Ben Hutchings
f78c3b3434
xfs: enhance dinode verifier (CVE-2018-10322)
2018-04-25 21:22:21 +01:00
Ben Hutchings
9f2182e09a
Revert "ext4: add validity checks for bitmap block numbers", which caused a regression
2018-04-25 21:15:48 +01:00
Ben Hutchings
98017b2bd7
Update to 4.16.4
2018-04-25 21:14:23 +01:00
Ben Hutchings
1c1d5f2d95
Documentation: Update references to drivers/base/firmware_class.c
2018-04-20 00:57:50 +01:00
Ben Hutchings
d04e628f00
Documentation: typec.rst: Use literal-block element with ascii art
...
This fixes a fatal error in the doc build process.
2018-04-20 00:50:39 +01:00
Ben Hutchings
8457aba35f
Update to 4.17-rc1
...
- Drop patches included upstream
- Drop "Don't WARN about expected W+X pages on Xen"; the problem appears
to have been fixed by upstream commits 2cc42bac1c ("x86-64/Xen: eliminate
W+X mappings") and 672c0ae09b33 ("x86/mm: Consider effective protection
attributes in W+X check")
- Drop "Kbuild: kconfig: Verbose version of --listnewconfig"; it seems
redundant with upstream commit 17baab68d337 ("kconfig: extend output of
'listnewconfig'")
- Drop lockdown patch to drivers/scsi/eata.c; the driver was removed
upstream
- Refresh various other patches
2018-04-19 23:44:22 +01:00
Ben Hutchings
fcb558d168
Merge branch 'sid'
...
- Drop patches already in 4.16
- Overwrite changes on master to debian/installer, which were also
applied on sid and then changed
- [x86] Fix up dell_smbios configuration; now it's a single driver
selected by DELL_SMBIOS, with DELL_SMBIOS_{SMM,WMI} being boolean
options
- Clean up configuration with kconfigeditor2
2018-04-19 14:43:33 +01:00
Ben Hutchings
fc0c66ddb9
ath9k_htc: Fix regression in 4.15, thanks to Ben Caradoc-Davies ( Closes : #891060 )
...
- mac80211: add ieee80211_hw flag for QoS NDP support
- ath9k_htc: use non-QoS NDP for AP probing
2018-04-19 00:01:09 +01:00
Helge Deller
f147fe68c4
[hppa] Switch to self-decompressing kernel
2018-04-18 08:34:17 +02:00
Ben Hutchings
9f5a30bb07
Add various security fixes
2018-04-18 00:11:35 +01:00
Ben Hutchings
66b63716aa
Update to 4.15.17
2018-04-17 23:43:11 +01:00
Salvatore Bonaccorso
a325681bab
[arm64] net: hns: Fix ethtool private flags (CVE-2017-18222)
2018-04-15 20:58:48 +02:00
Salvatore Bonaccorso
f5b6a35cad
media: usbtv: prevent double free in error case (CVE-2017-17975)
2018-04-15 20:52:17 +02:00
Salvatore Bonaccorso
8e41f67460
drm/nouveau/mmu: ALIGN_DOWN correct variable
...
Closes : #895750
2018-04-15 20:33:52 +02:00
Vagrant Cascadian
f68523c82b
[arm64] Add patch enabling simplefb LCD on A64.
2018-04-13 20:34:07 -07:00
Ben Hutchings
d948b7a44d
wireless: Add Debian wireless-regdb certificates (see #892229 )
2018-04-13 20:22:12 +01:00
Vagrant Cascadian
10b9c6345e
[armhf] Add patch to fix loading of imx6q-cpufreq module.
2018-04-12 01:12:40 -07:00