cf1f6e2019
bpf/verifier: Fix multiple security issues ( Closes : #883558 )
2017-12-22 03:54:44 +00:00
fc7f6fafd8
Add security fixes
2017-12-20 19:27:18 +00:00
9e0441b20a
Update to 4.14.7
...
Drop patches applied upstream, and fix a few conflicts.
2017-12-20 18:40:37 +00:00
a865f2fdb7
[armhf, arm64] Backport patches from 4.15.x to support dwmac-sun8i.
2017-12-11 13:15:45 -08:00
2f634be5d8
xen/time: do not decrease steal time after live migration on xen
...
Closes : #871608
2017-12-03 10:53:37 +01:00
3f937de450
[x86] mmap: Add an exception to the stack gap for Hotspot JVM compatibility
...
Closes : #865303
2017-11-30 12:07:11 +00:00
71832be11b
mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d() (CVE-2017-1000405)
2017-11-30 08:16:06 +01:00
a633085eb6
apparmor: fix oops in audit_signal_cb hook (regression in 4.14)
2017-11-24 13:25:03 +00:00
d769bf7e2b
Update to 4.14.1
2017-11-22 03:13:35 +00:00
bf3c5027e0
i40e: Build for 32-bit targets again
...
Apply the upstream patches that removed the use of cmpxchg64().
2017-11-21 16:14:37 +00:00
1a1f0ef065
Release linux (4.13.13-1).
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAloODhAACgkQ57/I7JWG
EQkFAg//Zb5RqwypcEFRZs6Oyi4jF6EekQW+UVXjAE8gAw3ae8+1uvkg3TyMY7uT
C//3H1DGY/A3imqHsxku9NG5T9KhJL9cKn2EDRz8c/+lU949wXjzSFCQk+p9mwcb
RSyuqES+FwtrMJoN0iXpVIiTSjImuu4IIpTmc6IsZo1frn5oHKmeC4mvsKuflL/S
usdauRUkQewtTvi/Z8wDA5fJIDN2ff0DcSN8Km/QPlB2zUoGaQRM36ApZVeHDX3X
190bDAuBfJp9Pht3eFPUq6HwEht9hbiqSaSpMKB/jyPE8lWZ7AL8CM2qiOuZCXil
ncELxkx+8Cqp4jAWc3wqGZ5mkeVHeHxZcmFv0b4hQaaifW5GtmlMo/XHhMeFIoCc
tbcC55No2c3ZUhUH0kAQyf26zZ3f7hBAYT8EI5BNngPpZB4W7NJL8A2c09QYxAVB
/uXNnCdd7LZ9Dnhgc0K1FjIEckd1XHVQgVZ6Seo4Pv2adMfLckla3Xvqj888515a
akTL9LFAKySOqalakMl34G2FT1S0CR9+7I45KFcKjiGW5pF1RgDeLZy1W+nQq3Vd
oH2KmWGovmouMEnrh8RgKJNwLkelVkLKl0AFhJ29PGeDrGAklz0Sy5egB8iqoxRh
fiKph8IGdD8akqlI4d8mTWs01FmALkkSHUkLAxbME8HC3lpb7Ic=
=TJmK
-----END PGP SIGNATURE-----
Merge tag 'debian/4.13.13-1'
Release linux (4.13.13-1).
2017-11-16 22:18:14 +00:00
617046eb45
netfilter: nat: Avoid ABI change in 4.13.13
2017-11-16 21:04:07 +00:00
7cb3e39661
ALSA: timer: Avoid ABI change in 4.13.13
2017-11-16 20:52:13 +00:00
4c3b3b1dec
dvb_frontend: don't use-after-free the frontend struct (CVE-2017-16648)
...
Plus another fix it seems to depend on.
2017-11-16 20:04:01 +00:00
58e12683e1
net: qmi_wwan: fix divide by 0 on bad descriptors (CVE-2017-16650)
2017-11-16 18:13:46 +00:00
91a7ba9320
net: cdc_ether: fix divide by 0 on bad descriptors (CVE-2017-16649)
2017-11-16 18:12:24 +00:00
4ee0c56703
net: usb: asix: fill null-ptr-deref in asix_suspend (CVE-2017-16647)
2017-11-16 18:11:00 +00:00
ed4bdea861
media: dib0700: fix invalid dvb_detach argument (CVE-2017-16646)
2017-11-16 18:10:19 +00:00
c718be9d81
media: imon: Fix null-ptr-deref in imon_probe (CVE-2017-16537)
2017-11-16 18:04:43 +00:00
a06739ccd2
media: cx231xx-cards: fix NULL-deref on missing association descriptor (CVE-2017-16536)
2017-11-16 18:03:20 +00:00
c08c3b8b25
usb: usbtest: fix NULL pointer dereference (CVE-2017-16532)
2017-11-16 17:40:00 +00:00
1549b29ea0
Add follow-up fixes relatd to CVE-2017-13080
2017-11-16 17:35:46 +00:00
f4e45ee455
Update to 4.13.13
2017-11-16 17:32:44 +00:00
6ff07bd9a5
sctp: do not peel off an assoc from one netns to another one (CVE-2017-15115)
2017-11-16 15:22:47 +01:00
5d9e74ced8
mac80211: accept key reinstall without changing anything (CVE-2017-13080)
2017-11-16 15:18:54 +01:00
a2708107ce
swap: Avoid ABI change in 4.13.12
2017-11-12 01:09:18 +00:00
95757c39a8
Update to 4.13.12
2017-11-11 09:29:31 +01:00
e7fd57b49f
netfilter: nft_set_hash: disable fast_ops for 2-len keys
...
Closes : #880145
2017-11-04 15:43:57 +01:00
4b0df3bed7
cifs: check MaxPathNameComponentLength != 0 before using it
...
Thanks: Andrew Chadwick
Closes : #880504
2017-11-04 09:55:14 +01:00
e59d862868
Release linux (4.13.10-1).
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAln3apoACgkQ57/I7JWG
EQllsQ//fyZFkoGOLpHjkS3sNtMxfh1J9+f+JJI33WF9vA/w7SnRfg/Rdbjx+rY8
LRCnviTyh5tuxKSPKHerpUqjNbYi7Hcr0LXxxOPL1Rr+BTFKQuaSDYNzt10bT2mJ
9B0ZYI+Q8n7rAq1/MeSKygV6zh+5MxywN8LZlqg0Au8/7/c7H0nR3MOEFz29imL0
jBMOhy7a+Gby3Qs5ZdKGf0i4RZT9Y/9Ozu9sFpVGqrTyY+FlEd0y1KUvIipbdLTH
S/oRFF1m4IeS7tF6AIprCPMIMPt8tcQrSLvB01REpbvSJvDg+laEgmHnb0PKlOpW
RAeQn2r1NCEjjZcKll8dCMp+sTiLhx+us4L3Jumwb2Yno+219zuScFg2MR0zu5U/
XCB5zG2U5XENH+fRdDnWROkXJ/o1Dtk+Ix1aPySa8I9IdlP45n+Q4LCLw3eg5h3I
CdITwTJxWlnLJVI852wh1qorBuUs5lac9HZ8u0s5MDFXNQkWOVQKRPZN0sA3hwwp
wjudMsGgq6kkoknnEcwTKV4JFWJdfJ0SieaWBv1LSQwAmVy3/QvOTvDBLzRxmtUX
tygPktH53HLp4z6qPOcKD+hGLcdlD5oTWYb2O5MqVlSI8MjONOcjpRGAP2fhIf2t
3INpM9sJPHILXqpEMH6co4VzxnQq1OElMjcA5nqD2A7HLOSDhZg=
=x3uW
-----END PGP SIGNATURE-----
Merge tag 'debian/4.13.10-1'
Release linux (4.13.10-1).
2017-10-30 18:31:31 +00:00
15c6a89208
Update to 4.13.10
...
Limit the ABI change in keys.
2017-10-29 12:13:18 +00:00
ec3cd54d45
Avoid/ignore more ABI changes in 4.13.y
2017-10-28 20:50:11 +01:00
48bb38a3f7
Update to 4.13.9
...
Drop many patches which are now upstream.
Avoid/ignore ABI changes as appropriate.
2017-10-26 22:41:11 +02:00
4206eefe13
Update to 4.14-rc5
2017-10-17 23:34:01 +01:00
146583d59c
Release linux (4.13.4-2).
...
-----BEGIN PGP SIGNATURE-----
iQKmBAABCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlnjY8RfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E05EP/2gI2pOyeOjGAzSiu/SRd5mHcLfRJkqE
osob+C8dJsWQdgWLtO1SQkRYybBuBoujSVAo9X6pezI6OBmcKbJc8eAejWYVPtL8
pSI7OomkTyx6AP7EKfe89kpgf4Qe8QOYrXukW050RcE78fCm3icznACeubY9ET9T
s7+DAGWWkJpHO3rIErNxgJFMEibpKsIIcrUOIZrSsZwpQTlh7KV8tozIBiE8l135
ocZKaGGqBQcTIWX7gVjcdpBNacxcFghRHodFCwrrv9wFvAg/s+0TN1YQXSucitQH
Cp9iO4McDeQxDvcSQyBhQmlCxcL/+JxnfosJmabBvwn7L45dGm+pbsGviIG86tyM
O7fNs82xdMxCFc9CIXKrE3hAk+mjXuMiUc7mha3/1+cS/Di444N5djXmvj8D84pu
i/pp6D8zWNe/imid9sFH/txst3sgsSvlf77W3HXxZqJ5GOLzluApSX2eptpDRI1Q
E/RU2R2T/NPTChroHsZr5QZ6iV/YS2F9E0YYAQcDuWNXS9Ey7nK+gjKqa7/5B6n1
STtT0HMD0fcAfvWN1rk9mudm6ZNYgLpjYKtFsaFf/K4I5f4fIhvnCbnnFgKMA3Qx
rcLh201dG1fGwQ2EpiD5S0pqn7iYEP2d9vHzo363l20FyfQ8jgGt7dNfceEuiCSs
O+EKuTohhEJH
=juOG
-----END PGP SIGNATURE-----
Merge tag 'debian/4.13.4-2'
Release linux (4.13.4-2).
2017-10-16 00:09:19 +01:00
ccefd718c8
[x86] KVM: MMU: always terminate page walks at level 1 (CVE-2017-12188)
2017-10-13 18:09:37 +02:00
02033a7a17
[x86] KVM: nVMX: update last_nonleaf_level when initializing nested EPT (CVE-2017-12188)
2017-10-13 18:07:54 +02:00
52c8b81bca
ALSA: seq: Fix use-after-free at creating a port (CVE-2017-15265)
2017-10-13 06:52:33 +02:00
35125947a2
waitid(): Add missing access_ok() checks (CVE-2017-5123)
2017-10-12 21:16:37 +02:00
6f55d3e571
KEYS: prevent KEYCTL_READ on negative key (CVE-2017-12192)
2017-10-12 07:55:47 +02:00
7c8172804e
mac80211: fix deadlock in driver-managed RX BA session start
...
Thanks: Eric Côté
Closes : #878092
2017-10-11 21:23:02 +02:00
fba37066c7
[powerpc*] Fix illegal TM state in signal handler
2017-10-11 07:57:06 +02:00
6c3a386d04
[powerpc*] Use emergency stack for kernel TM Bad Thing program (CVE-2017-1000255)
2017-10-11 07:55:16 +02:00
c68c0840bc
brcmfmac: add length check in brcmf_cfg80211_escan_handler() (CVE-2017-0786)
2017-10-09 21:45:15 +02:00
4d6306b792
i40e: Build for 64-bit targets only (fixes FTBFS on hppa)
2017-10-04 03:50:08 +01:00
335613b4d6
Update to 4.14-rc3
2017-10-01 23:23:22 +01:00
6c9c816966
Update to 4.14-rc2
...
aufs: Update support patchset to aufs4.x-rcN-20171002
2017-10-01 20:26:01 +01:00
884aedc0b4
liblockdep: Define pr_cont()
2017-10-01 15:44:25 +01:00
e2431bcb2f
[armhf] dts: exynos: Add dwc3 SUSPHY quirk ( Closes : #843448 )
2017-10-01 15:23:55 +01:00
2678c31e68
fix infoleak in waitid(2) (CVE-2017-14954)
2017-10-01 12:02:28 +02:00
f3152ccaad
Update to 4.13.4
2017-09-29 16:29:45 +02:00
b80b24d3e0
Release linux (4.12.13-1).
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAlnBUMkACgkQ57/I7JWG
EQkU2hAAo/L20PPbaPfnnCTppx1+UD9UHNfoGhY7eoy+GYt36YjNTeqcbDUcnmGS
oqILWJq8Qwb4r2zBgnrLL+Ek3spErVtmcIi7HoCKK9pRdqDCIQUkkHQQjQob1o5f
fMAr+qTcGAm9/yEIclCrAJmrYPtS1e4ryBmwu4ZGzeeGS0PG/WFsGOLq9Tiq2cIh
pmszRX59ZqpMcTHuBs2Fi6xz7YWXqGUXxJiax5fqwF6j/9CpbReFhv2ZFH2HcPA5
4sTtGLsGTwz7lzXLljp0IN7aFkW830FGE4WuTRe2fOkFKgXlj+8wtor7D2vFB7Ou
FHhyVrMc6y32+K9LG955ECXgwN2wGioKEMyEi67ci9qxvCGf/EA9vtEj3ytzm8+j
fiJ1gRjk0Ec2D5Aewl2L0i2bYYf4RqTriRHmEQa14kk70U8oK4AmOilyU+d1t3WC
xwo6ZdThvBGJGlHzrkjWxutWz3aQiL7AC2Ora51BhrR83chmxWeRa4mvo6yH6yfs
kmSHfqIgHklwLBVpF1/9tam8E5W6KkHgW3tTX9Duz6dM+mrVxKTJz1iKbnt1213t
xco667k4txs5k+K2JkJfUUEMlH+lCicAqEHB2EZIV0R7FCf+n4dENJ/FwXUF7XE+
41h3BqWbxZDYcuBxBYmmoF7B3QgeFylSbbYb1W4E6Erd6j7AHj0=
=Thw/
-----END PGP SIGNATURE-----
Merge tag 'debian/4.12.13-1'
Release linux (4.12.13-1).
Drop ABI reference files.
2017-09-19 18:34:53 +01:00
a18f05bb5b
Add various security fixes
2017-09-19 00:49:12 +01:00
cb5ce6ce3b
Update to 4.12.13
2017-09-19 00:33:58 +01:00
acfbd0bece
Bluetooth: Properly check L2CAP config option output buffer length (CVE-2017-1000251)
2017-09-14 06:51:56 +02:00
8f075a9a83
xfs: XFS_IS_REALTIME_INODE() should be false if no rt device present (CVE-2017-14340)
2017-09-14 06:51:56 +02:00
bcc9a01d8e
scsi: qla2xxx: Fix an integer overflow in sysfs code (CVE-2017-14051)
2017-09-14 06:51:56 +02:00
2ed545523f
sctp: Avoid out-of-bounds reads from address storage (CVE-2017-7558)
2017-09-14 06:51:56 +02:00
5897597d01
Update to 4.13.1
2017-09-11 01:16:41 +01:00
41ff7a03ca
Update to 4.12.12
2017-09-10 12:07:09 +02:00
68b6e32819
Update to 4.12.11
2017-09-09 15:06:49 +02:00
b066a269e0
Update to 4.13
2017-09-04 01:19:41 +01:00
922a5d78d1
Bump ABI to 2
2017-09-03 01:47:43 +01:00
c755b1fcfd
pids: Avoid ABI change in 4.12.9
2017-09-02 21:02:35 +01:00
4a53c826d6
mtd: nandsim: remove debugfs entries in error path
2017-08-29 22:31:30 +02:00
a2dde14ec6
Update to 4.12.9
2017-08-29 22:20:12 +02:00
df8a5bf53a
Update to 4.13-rc7
2017-08-29 22:07:26 +02:00
8e44fd873c
Update to 4.12.7
2017-08-25 21:47:57 +02:00
a129c1c207
Update to 4.13-rc6
2017-08-21 03:09:19 +01:00
0697a35c1d
[sh4] Do not use hyphen in exported variable names (fixes FTBFS)
2017-08-19 22:37:50 +01:00
31202be148
Update to 4.13-rc5
2017-08-14 23:18:47 +01:00
d545b4e4d0
Update to 4.13-rc4
...
Drop and refresh patchs as appropriate.
2017-08-13 14:45:14 +01:00
0134b5c8b9
[amd64,arm64] mm: Revert x86_64 and arm64 ELF_ET_DYN_BASE base ( Closes : #869090 )
2017-08-12 23:08:23 +01:00
aa404ad63b
bfq: Enable auto-loading when built as a module
2017-08-12 22:36:27 +01:00
831ae89c56
rtlwifi: Fix firmware loading bugs ( Closes : #869084 )
2017-08-12 21:54:36 +01:00
3b32a0551f
xfrm: policy: check policy direction value (CVE-2017-11600)
2017-08-12 21:36:28 +01:00
e58e3e6be9
Update to 4.12.6
2017-08-12 16:54:34 +02:00
0442142ae4
udp: consistently apply ufo or fragmentation (CVE-2017-1000112)
2017-08-11 09:12:58 +02:00
3b6247dba4
packet: fix tp_reserve race in packet_set_ring (CVE-2017-1000111)
2017-08-11 09:09:51 +02:00
d977cbc209
[arm64] Add sdhci device for Espressobin
...
This completes the fix for #871049
2017-08-09 09:26:46 +02:00
bc29a1558a
Update to 4.12.5
2017-08-08 09:54:35 +02:00
693284da5b
media: saa7164: fix double fetch PCIe access condition (CVE-2017-8831)
2017-08-03 20:36:47 +02:00
9f89bea8ab
ipv6: avoid overflow of offset in ip6_find_1stfragopt (CVE-2017-7542)
2017-08-03 20:32:16 +02:00
b5081c50bc
dentry name snapshots (CVE-2017-7533)
2017-08-03 20:27:55 +02:00
db815c4a3b
Update to 4.12.3
2017-07-22 18:26:23 +01:00
192ee88a05
[i386] perf tools: Fix unwind build (fixes FTBFS)
2017-07-22 17:41:53 +01:00
4e4f504451
[armhf] Revert "gpu: host1x: Add IOMMU support" (fixes FTBFS)
2017-07-22 11:26:42 +01:00
e6acb1f3d5
[mips*/octeon] Fix broken EDAC driver (fixes FTBFS)
2017-07-22 00:38:10 +01:00
45a06e2c0f
Clean up symbol version fixes for symbols exported from asm
...
We can't keep reverting these changes, so instead move forward. Most
architectures now have <asm/asm-protoypes.h> and only 3 were left:
- alpha: Added <asm/asm-protoypes.h> and submitted patch upstream
- m68k: Did same, but realised it's only needed for Coldfire configs
so we don't need any patches
- sparc: Cherry-picked changes from upstream
2017-07-19 19:36:04 +01:00
50381a0ca2
Update to 4.12.2
...
Refresh aufs4 patches by hand, as there is no release for 4.12 yet.
Refresh lockdown patches with genpatch.py and then by hand, as the
branch is a little out of date and many patches went upstream.
[rt] Disable until it is updated for 4.12 or later
2017-07-18 01:06:31 +01:00
e9698def40
firmware: dmi: Add DMI_PRODUCT_FAMILY identification string
...
Dependency of "pinctrl: cherryview: Extend the Chromebook DMI quirk to
Intel_Strago systems".
2017-07-17 03:00:56 +01:00
4e322430ec
[armhf] Add ARM Mali Midgard device tree bindings and gpu node for rk3288
...
Thanks: Guillaume Tucker
Closes : #865646
2017-07-17 01:09:51 +01:00
0de513746f
[x86] pinctrl: cherryview: Extend the Chromebook DMI quirk to Intel_Strago systems
...
Closes : #862723
2017-07-17 00:38:29 +01:00
769a37d5bd
[x86] ideapad-laptop: Add various IdeaPad models to no_hw_rfkill list
...
Closes : #866706
2017-07-17 00:04:31 +01:00
09f1166971
binfmt_elf: use ELF_ET_DYN_BASE only for PIE (CVE-2017-1000370, CVE-2017-1000371)
2017-07-16 21:24:08 +01:00
292c881344
Update to 4.11.11
2017-07-16 21:22:27 +01:00
e70c79cce5
Update to 4.11.9
2017-07-09 12:54:43 +02:00
2125fc6614
Update to 4.11.8
2017-06-29 21:21:01 +02:00
3aaf7fba55
rxrpc: Fix several cases where a padded len isn't checked in ticket decode (CVE-2017-7482)
2017-06-29 08:24:46 +02:00
4bffab0d23
Update to 4.11.7
...
Drop upstream applied patch.
Refresh features/all/rt/sched-mmdrop-delayed.patch.
Ignore changes for module: drivers/iio/imu/inv_mpu6050/*.
2017-06-26 22:01:21 +02:00
Ben Hutchings
Vagrant Cascadian
Salvatore Bonaccorso
Uwe Kleine-König