64f4d67d9e
ext4: Fix duplicate softdep fields in module info
...
We no longer need to add the crypto-aes or crypto-ecb dependencies
because ext4 uses the common encryption code in fscrypto (and has a
regular symbol dependency on it).
Since upstream added a softdep on "crc32c", we don't actually need to
change ext4 at all now. But let's replace it with "crypto-crc32c",
since that's the module alias the crypto subsystem will actually
request and is consistent with the softdep we add to other
filesystems.
2018-06-07 16:21:25 +01:00
c1ecc67a90
Merge branch 'corsac/linux-hardening-options' into sid
2018-06-06 20:57:40 +01:00
7e35837639
Cleanup debian/changelog file
...
Remove maintainer stanza for the now upstreamed CVE-2018-11506 (included
in 4.16.13) and remove maintainer trailer for the new upstream stable
update import.
2018-06-05 17:09:22 +02:00
657307624b
Update to 4.16.13
...
This updates the debian changelog for listing changes of this stable
update. It also removes the patches that have been merged upstream.
2018-06-05 14:31:46 +02:00
31812a0dcb
[armhf] Enable MFD_AC100 and RTC_DRV_AC100, used in allwinner A80/A83t
...
systems.
2018-06-02 22:11:02 -07:00
bc42fd66b1
sr: pass down correctly sized SCSI sense buffer (CVE-2018-11506)
2018-05-30 08:41:40 +02:00
771e5be22a
Prepare to release linux (4.16.12-1).
2018-05-27 14:05:03 +02:00
2357158140
Update to 4.16.12
...
Cleanup debian/changelog file
2018-05-25 21:28:49 +02:00
cb55017d9c
[x86] KVM: VMX: Expose SSBD properly to guests.
2018-05-23 00:45:33 +02:00
0e0b695e53
Update to 4.16.11
...
Revert "[x86] Add support for disabling Speculative Store Bypass (CVE-2018-3639)"
Cleanup debian/changelog file
2018-05-22 21:03:43 +02:00
975e4433ed
[x86] Add support for disabling Speculative Store Bypass (CVE-2018-3639)
...
Apply all the SSB-related patches pending for 4.16-stable.
2018-05-22 12:26:02 +02:00
baa5254a6f
[rt] Update to 4.16.8-rt3
2018-05-22 00:55:31 +02:00
b1a9e2470a
Update to 4.16.10
2018-05-22 00:49:31 +02:00
1bdb99105c
tune changelog to fit latest commit
2018-05-21 16:32:58 +02:00
ab436fc35b
hardening: enable REFCOUNT_FULL and FORTIFY_SOURCE, disabled HARDENED_USERCOPY_FALLBACK
2018-05-19 11:26:45 +02:00
c2dbc30362
proc: do not access cmdline nor environ from file-backed areas (CVE-2018-1120)
2018-05-17 23:15:48 +02:00
9deec69be4
Bump ABI to 2
2018-05-13 01:14:24 +01:00
9febee02d1
mm, oom: fix concurrent munlock and oom reaper unmap (CVE-2018-1000200)
2018-05-12 16:49:55 +02:00
5903405411
[rt] certs: Reference certificate for test key used in Debian signing service
2018-05-12 10:20:40 +02:00
5f1b90fa69
Update to 4.16.7-rt1 and reenable
2018-05-12 10:14:20 +02:00
1173c652e9
Update to 4.16.8
...
Cleanup debian/changelog file
2018-05-10 16:46:46 +02:00
24b281238c
Update to 4.16.7
...
Refresh bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch
Drop patches applied upstream related to CVE-2018-1093
Cleanup debian/changelog entries
2018-05-10 15:01:21 +02:00
3f624e1bcf
Update to 4.16.6
...
Cleanup debian/changelog file
Add CVE identifier for CVE-2018-10940
Add TODO item (ABI changes or ABI bump)
2018-05-10 08:59:32 +02:00
c171f70365
[armhf] MFD: Enable MFD_TPS65217 ( Closes : #897590 )
...
This enables MFD TPS65217 that is the PMIC found on the BeagleBone
Black. So the board can be powered off safely.
2018-05-04 22:14:33 +02:00
00e2f5f30e
kbuild: use -fmacro-prefix-map to make __FILE__ a relative path
2018-05-02 23:47:40 +01:00
8a269b84e6
Add changelog entry for [armhf] DRM: Enable DW_HDMI_AHB_AUDIO and
...
DW_HDMI_CEC (Closes : #897204 ) by Romain Perier.
2018-04-30 11:24:39 -07:00
f36c7f9bd9
Prepare to release linux (4.16.5-1).
2018-04-29 17:09:15 +01:00
f78b896b8b
debian/lib/python/debian_linux/gencontrol.py: Allow uploads to *-security with a simple revision
2018-04-28 21:42:12 +01:00
498cb2c129
Update to 4.16.5
2018-04-27 18:25:27 +01:00
5b54699034
ext4: fix bitmap position validation
...
Un-revert "ext4: add validity checks for bitmap block numbers" and
apply this new fix on top of it.
2018-04-27 18:08:44 +01:00
c3c6a03a9c
udeb: Add algif_skcipher to crypto-modules ( Closes : #896968 )
2018-04-27 00:05:25 +01:00
019c1fa6f3
xfs: set format back to extents if xfs_bmap_extents_to_btree (CVE-2018-10323)
2018-04-25 21:23:07 +01:00
f78c3b3434
xfs: enhance dinode verifier (CVE-2018-10322)
2018-04-25 21:22:21 +01:00
9f2182e09a
Revert "ext4: add validity checks for bitmap block numbers", which caused a regression
2018-04-25 21:15:48 +01:00
98017b2bd7
Update to 4.16.4
2018-04-25 21:14:23 +01:00
f4dbf1aa82
debian/lib/python/debian_linux/debian.py: Fix binNMU revision parsing
...
In VersionLinux, any binNMU version will currently match the
revision_other group in the regexp and therefore never be recognised
as an experimental, security, or backport version. This is probably
harmless in practice because:
- binNMUs don't happen in those suites
- Only debian/bin/gencontrol.py cares about the linux_revision_other
attribute, and it won't be run for a binNMU version
But let's fix it by matching the binNMU suffix separately.
2018-04-24 20:40:27 +01:00
90f09743ec
debian/lib/python/debian_linux/debian.py: Fix binNMU changelog parsing
...
I incorrectly added a requirement of a newline after urgency in the
changelog entry top line as part of
"debian/lib/python/debian_linux/debian.py: Parse bottom lines of
changelog entries". For a binNMU, there will be ", binary-only=yes"
after the urgency. Since we don't currently care about any fields
after urgency, allow either a comma or newline.
2018-04-24 20:20:47 +01:00
cb7c0036b0
Update to 4.16.3
2018-04-19 15:04:56 +01:00
ac5eca03c1
[x86,arm64] Disable code signing for upload to unstable
2018-04-19 14:51:22 +01:00
71f21e927e
For unstable, set ABI to 1 and remove ~exp1 suffix from version
2018-04-19 14:51:02 +01:00
fcb558d168
Merge branch 'sid'
...
- Drop patches already in 4.16
- Overwrite changes on master to debian/installer, which were also
applied on sid and then changed
- [x86] Fix up dell_smbios configuration; now it's a single driver
selected by DELL_SMBIOS, with DELL_SMBIOS_{SMM,WMI} being boolean
options
- Clean up configuration with kconfigeditor2
2018-04-19 14:43:33 +01:00
0b520de976
Prepare to release linux (4.15.17-1).
2018-04-19 11:13:03 +01:00
4220b94e90
udeb: Add zstd_decompress to compress-modules and make squashfs-modules depend on it
...
zstd_decompress is now used by both btrfs and squashfs, so it needs
to be in a common dependency of their udebs.
2018-04-19 11:12:40 +01:00
cdd19a1d2d
udeb: Rename lzo-modules to compress-modules
2018-04-19 11:12:13 +01:00
8bf0fade16
[amd64] net: Enable AQTION as module
...
I'm enabling it in the top-level config, but currently it has
'depends on X86_64' so it will only be built for amd64.
References: https://lists.debian.org/CAMVG2svxkO42pr7VgjFxv1o5hiw9-1cAgBuhyEem1foTH2M6zw@mail.gmail.com
2018-04-19 00:23:00 +01:00
5014bbfd99
[arm64] PCI: Enable PCI_TEGRA ( Closes : #888817 )
2018-04-19 00:19:47 +01:00
ae9bb017a0
[arm64] Enable ARCH_SYNQUACER and related driver modules ( Closes : #891787 )
2018-04-19 00:15:08 +01:00
a529c97bc1
block: Enable BLK_SED_OPAL (except on armel)
2018-04-19 00:11:59 +01:00
b776a2b257
squashfs: Enable SQUASHFS_ZSTD ( Closes : #883410 )
2018-04-19 00:03:22 +01:00
fc0c66ddb9
ath9k_htc: Fix regression in 4.15, thanks to Ben Caradoc-Davies ( Closes : #891060 )
...
- mac80211: add ieee80211_hw flag for QoS NDP support
- ath9k_htc: use non-QoS NDP for AP probing
2018-04-19 00:01:09 +01:00
Ben Hutchings
Salvatore Bonaccorso
Romain Perier
Vagrant Cascadian
Yves-Alexis Perez