cd87fb7a86
crypto: skcipher - Add missing API setkey checks (CVE-2017-9211)
2017-06-01 08:34:46 +02:00
261dbebcde
ipv6/dccp: do not inherit ipv6_mc_list from parent (CVE-2017-9076 CVE-2017-9077)
2017-06-01 08:13:06 +02:00
3253209d02
sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (CVE-2017-9075)
2017-06-01 08:08:49 +02:00
35c1e8ae8d
ipv6: Prevent overrun when parsing v6 header options (CVE-2017-9074)
2017-06-01 08:05:24 +02:00
a68b36a505
dccp/tcp: do not inherit mc_list from parent (CVE-2017-8890)
2017-06-01 07:43:55 +02:00
20b3d9876a
tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline() (CVE-2017-0605)
2017-06-01 07:36:02 +02:00
ad62774819
Add various security fixes
2017-06-01 00:30:04 +01:00
e9619f03d3
Update to 4.9.30
...
* Drop/refresh patches as necessary
* Ignore ABI changes in ccp and hid-sensors
* [mips*el/loongson-3] Revert "MIPS: Loongson-3: Select
MIPS_L1_CACHE_SHIFT_6" to avoid ABI change
2017-05-31 21:02:34 +01:00
dd1408c66d
Update to 4.9.28
2017-05-27 17:12:34 +02:00
3d18d55b64
Update to 4.9.26
...
Ignore changes to module:sound/firewire/snd-firewire-lib
Ignore changes to module:net/l2tp/l2tp_core
2017-05-13 16:07:07 +02:00
2d982936e8
usbip: Fix potential format overflow in userspace tools
...
This fixes FTBFS on 64-bit architectures with gcc-7, which in
experimental means at least amd64, ppc64, sparc64.
2017-05-04 02:48:18 +01:00
85b468262e
Remove unused liblockdep packaging
2017-05-03 21:02:49 +01:00
a4e087d3b1
Release linux (4.9.25-1).
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAlkI0/kACgkQ57/I7JWG
EQkutQ/9EsYdnQXf4HaC1YTqQW0Nu5+swZzyosOcdtMfJrj+PWXQMgmY4WWav8I/
DipRGhfXXMnqlBg1vOR5cEdqPznRm/cwcuPqZpw7H0fA7LvyCibg/7yERJYv7i1U
BIy8s29NCpVVRhDhY9Nl5t0WLGQT4Rg9JW6iKNRDq2y91etahSxzOBxB2B3k04Ys
9vFPpuKq5QAskCBGEucinYYKTy7/ciIXsaSij2m/G7/ly/Qaqt0pIgjqi4QhuJs3
yWidIm1aBvE4MHXH8WQkg1aF20vfdGXz3CZNT6BWFn/6hNesS+tEQpF/nYLBqnfS
2GghqeWO1+xzxlXWNZU/SD0JhkB6gAeZ+4MP7eYz8BAtpUz7H/zZfZNsOBWb6YJY
Pc8AjqG6mBd/1B2O8yXUda/j/xazEtg0c7uxQjyOEqh2nPeHn9FVLuJsSP74wxdx
zjGmOjJzKUmhBGxLdJZAFL5N7YbLR+qNQfV2UGz4+zVIJge9R7HwWwR9+Um8AHq0
qrnjRf6iAla1phYlgHnPx4r6A9kactDuFsNMfUN8nsUrV+KX15k+dt02CpFSWw0B
lXGPf2MNXTEp+CsuAVBAWFP55JCOwD6yYoLfEfErXvchc7qqIKHgmIrLSyexro7O
F1+HBfu6t1M4tRz0xNu8sGL4uzsjockMW8RL1HFgboUluMgTFPQ=
=k/sj
-----END PGP SIGNATURE-----
Merge tag 'debian/4.9.25-1'
Drop the added patches, which are already in 4.11.
CONFIG_NFP_NETVF is replaced by CONFIG_NFP in 4.11.
2017-05-02 19:57:00 +01:00
7ba1afb386
nfsd: stricter decoding of write-like NFSv2/v3 ops (CVE-2017-7895)
2017-04-29 22:02:50 +02:00
7961205000
nfsd4: minor NFSv2/v3 write decoding cleanup
2017-04-29 21:59:48 +02:00
0e77dea5fc
nfsd: check for oversized NFSv2/v3 arguments (CVE-2017-7645)
2017-04-29 21:52:43 +02:00
4c666bd4da
Update to 4.9.25
2017-04-27 20:19:04 +02:00
6771be1138
macsec: dynamically allocate space for sglist
2017-04-27 07:42:13 +02:00
7b2acecada
macsec: avoid heap overflow in skb_to_sgvec (CVE-2017-7477)
2017-04-27 06:43:38 +02:00
7bf90ad750
KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings (CVE-2017-7472)
2017-04-22 02:26:48 +01:00
89402402c8
KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (CVE-2016-9604)
2017-04-22 02:25:04 +01:00
74fdfed494
Drop ABI maintenance patches
...
We're bumping ABI in the next upload so don't need these.
2017-04-22 02:22:38 +01:00
9c5f88b1f6
Update to 4.9.24
...
Drop most of our bug fix patches, which were included in it.
Adjust context in a couple of rt patches that have textual conflicts.
2017-04-22 00:59:32 +01:00
f2b1e81469
[mips*/octeon] Drop obsolete patch adding support for the UBNT E200 board.
2017-04-21 11:31:33 +02:00
0e0b29ad5a
[arm64,x86] Replace securelevel patch set with lockdown patch set
...
Matthew stopped maintaining the securelevel patch set, and David
Howells has taken it up under the new name 'lockdown'. This is
taken from:
https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git#efi-lock-down
commits ddb99e118e37f324a4be65a411bb60ae62795cf9..0240fa7c7c948b19d57c0163d57e55296277ff3c
Rebase the three patches not included there (cold boot mitigation,
arm64 SB integration, MTD RAM restrictions).
Update our kconfig for the renaming.
2017-04-20 02:38:34 +01:00
40f397ca1a
Drop another patch redundant with upstream changes
2017-04-20 00:16:12 +01:00
f26f2a520d
Update to 4.11-rc6
...
Remove merged patches and rebase remaining patches.
A portion of the secureboot patches have been upstreamed, but were
changed substantially during review, primarily to avoid code
duplication among arches. I've stripped the patches of the merged
bits and rebased the remainder.
Signed-off-by: Lukas Wunner <lukas@wunner.de>
[bwh: Undo some incorrect context changes in
bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch]
2017-04-20 00:15:17 +01:00
3f62574711
crypto: ahash - Fix EINPROGRESS notification callback (CVE-2017-7618)
2017-04-16 23:25:12 +01:00
31945f628c
Update to 4.9.22
...
Drop patches applied upstream.
2017-04-16 21:47:05 +01:00
1d5fde10d8
mm/mempolicy.c: fix error handling in set_mempolicy and mbind (CVE-2017-7616)
2017-04-16 07:59:50 +02:00
263f51b136
cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores ( Closes : #859978 )
2017-04-11 02:57:43 +01:00
5547db97a6
fscrypt: remove broken support for detecting keyring key revocation (CVE-2017-7374)
2017-04-08 09:36:53 +02:00
43f7156d3a
ping: implement proper locking (CVE-2017-2671)
2017-04-08 09:18:35 +02:00
20a0659e24
drm/nouveau/disp/mcp7x: disable dptmds workaround ( Closes : #850219 )
2017-04-07 20:42:59 +01:00
459f0a48e4
Release linux (4.9.18-1).
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAljcf5EACgkQ57/I7JWG
EQmFcQ/8DoBxenUbNW5cY+YbwBKsjuBb8Q6gnqQLOX/JtOJ8MtpQ1t2QQPvMYdXJ
PTcNZAKm8mrsWJxos9WsUHjkdrfuLAsMTisC5FvDkE6myBt++GH3gRtKCT0A2nep
ZU17YeHYfcqv6UK90Jg0p+xAKQEEqKZrryP7fvb8oX5wOORwlLMxBScErftbB/vV
hBvwybq7gfA/4KxDTnWgadpidg16/67ZgKd0EoSsbCpFAJble/hRroMwzKUSzFW+
2yFxrmUNFoIXddoDtORNNdK0nM6b2MKeWKjmndknz4QehlayZWCg1+mEjp7A7Wqp
9naONqhQWMibARGkDl5Y7SZ9/XJXjPmDFXi3EIbhrWMN2TUkzUN14A1YHw+M9p5Q
9UbnpI6eDxjvlezcPjqucIM0ywFwljBrDsQXfGsR6ogQbYvA7nJ0dK63/EXzvl1U
UGUBwHtDhLHxtv85/JsUqq9/UVGbZjcHvyEfmE1mvbMcNxkSLSewt+jd78h7xIyL
tOZP24ARPKqcQ1detou47o8cMmwTqVl6xu08w83xin2Xux+UlYFTtI/LVws3oYNb
F3uEzIgtJbu7ENxCkY5RmIJG9qRJZJ2f6dnpLLld6D52paD5OYNrk1NShtf/Dp+r
zjJoiIRTcO9fPatjl07Y2eDeFeo2SKoD+Xd/5nGDoytE6JiDEXg=
=ONVb
-----END PGP SIGNATURE-----
Merge tag 'debian/4.9.18-1'
Drop ABI reference files.
Refresh/drop patches as needed.
2017-03-30 14:16:47 +01:00
f294506bfa
netfilter: nft_ct: add notrack support ( Closes : #845500 )
2017-03-30 01:40:57 +01:00
42ea80c71c
[arm64] rtc: tegra: Implement clock handling ( Closes : #858514 )
2017-03-29 23:42:54 +01:00
8a7210aeea
net/packet: Fix integer overflow in various range checks (CVE-2017-7308)
2017-03-29 22:50:53 +01:00
8703214f24
[x86] drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl() (CVE-2017-7294)
2017-03-29 22:42:53 +01:00
de3e9af4dc
[x86] vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl() (CVE-2017-7261)
2017-03-29 22:36:16 +01:00
2dd2d226ca
scsi: sg: check length passed to SG_NEXT_CMD_LEN (CVE-2017-7187)
2017-03-29 22:31:24 +01:00
3e739d51e3
xfrm_user: Apply fixes for CVE-2017-7184
2017-03-29 22:28:20 +01:00
b303c03f3b
Update to 4.9.16
...
Drop one patch included in it
2017-03-20 00:12:10 +00:00
f271c6453d
Update to 4.9.15
...
Drop one patch included in 4.9.15
Ignore ABI changes for
module:drivers/nvdimm/libnvdimm
module:drivers/target/**
debugfs_create_automount
2017-03-19 21:41:18 +01:00
73b2f137b6
fjes: Disable auto-loading, as this driver matches a very common ACPI ID ( Closes : #853976 )
2017-03-18 20:51:22 +00:00
4c22453363
[amd64] Don't WARN about expected W+X pages on Xen (see #852324 )
2017-03-16 04:14:51 +00:00
8851d0b7ac
ucount: Remove the atomicity from ucount->count (CVE-2017-6874)
...
...and avoid an ABI change.
2017-03-14 21:39:16 +00:00
11c1294899
ACPI / EC: Use busy polling mode when GPE is not enabled
...
Thanks: Jakobus Schurz <jakobus.schurz@gmail.com>
Closes : #846792
2017-03-13 07:34:43 +01:00
f96b366d00
Update to 4.9.14
...
Drop a patch applied upstream.
Ignore ABI changes as they shouldn't affect OOT modules.
2017-03-12 18:35:37 +00:00
11d69f4069
tty: n_hdlc: get rid of racy n_hdlc.tbuf (CVE-2017-2636)
2017-03-08 03:07:36 +00:00
7513bdfe2b
Kbuild.include: addtree: Remove quotes before matching path (regression in 4.8)
...
loses: #856474
2017-03-04 02:19:07 +00:00
79e486b59b
[media] dvb-usb: don't use stack for firmware load or reset ( Closes : #853894 )
2017-03-01 15:43:37 +00:00
49569a3b8c
sctp: deny peeloff operation on asocs with threads sleeping on it (CVE-2017-6353)
2017-02-27 15:49:27 +00:00
49c2b92937
time: Disable TIMER_STATS (CVE-2017-5967)
...
The upstream "fix" for this is to remove the feature, as it is
redundant with tracing. I'd be quite happy to do that, but it
introduces several conflicts with the PREEMPT_RT patch series.
Unless and until those are resolved in 4.9-stable and 4.9-rt, disable
it in our kconfig and add a dependency on BROKEN to ensure it's
disabled in custom kernels too.
2017-02-26 21:05:05 +00:00
f32a03523e
ipc/shm: Fix shmat mmap nil-page protection (CVE-2017-5669)
2017-02-26 20:51:00 +00:00
003300166a
[x86] kvm: fix page struct leak in handle_vmon (CVE-2017-2596)
2017-02-26 20:29:29 +00:00
93819d25f0
Update to 4.9.13
2017-02-26 20:10:47 +00:00
1fcade696a
Update to 4.10
2017-02-22 20:58:16 +00:00
8c94f719fa
Release linux (4.9.10-1).
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAlinNOsACgkQ57/I7JWG
EQntWg//RuNSbOQeyML971UnFUtZjY3yAUYqhPJdpJimjY3WHjmZlJQrLlSz9IYQ
48Pkt/64P0+iAr9zJ+3uJv1fOagKePd5RaS/iChJdvq0fCGZstFlti5NwXEQtGSv
Yzp0LStZr+pEPZo+8Bo+TVSP25FNXdZBvhUXE2sbxaV8+W9Vx+qFkfrWEiW7hpFv
nCQJic7kmzllS4Aol9e/jj2MqcdWIhviufAImNnfrbpK61Ud6Gznw9gTODw9+OIT
ny6F/k7O6MFPuHp3aAxVC5TCowh16PcC+VqJF9MTnnvHQmD3jYqdeA8zKLnW/tJk
Dl9A6whZ3n4fFRlGjgxjmTP/CgAIeQVqgTgYCApuQQTVG3svIkznoXJLraj5UE90
rzeB30x3ikUWcVggN7xfSkW3e6/v+XSbRfu73sFA81mWyWoddT/NYhw+Y18ym4UJ
Vk8iuAakpjdVj73FSyYOcNGRzOEp2SAV72EsJEMw1/IlIkmRkMmJkkg4T/HYj11P
jK/TjZtSsVbje4zx9/U6g8Rj4Wi40EHZu6kuh2jUhCk91zsAr+7EC45gZC+uohxL
jxKxv2R5p9AR7uN6JzQR4OuOL1bTCrt02MrWdsiPlUi0RBKlJ7O5sGMMsHrVMinn
4zFNeYq2U3Fyaejb32x3DOKtgCjoMRQ5iHyrjgljhzxJcf3fWKk=
=rRkU
-----END PGP SIGNATURE-----
Merge tag 'debian/4.9.10-1'
Drop changes to aufs.
2017-02-22 20:57:36 +00:00
8db6ed9e89
dccp: fix freeing skb too early for IPV6_RECVPKTINFO (CVE-2017-6074)
2017-02-19 10:46:20 +01:00
4fe7cfed42
Update to 4.9.11
...
Ignore/avoid a few ABI changes in net.
2017-02-18 21:54:07 +00:00
7b50304bda
Update to 4.9.11
2017-02-18 20:53:41 +00:00
5d590456c4
[armel] dts: kirkwood: Fix SATA pinmux-ing for TS419 ( Closes : #855017 )
2017-02-18 00:38:36 +00:00
92d269eac2
media: dvb-usb-dibusb-mc-common: Add MODULE_LICENSE ( Closes : #853110 )
2017-02-17 02:56:32 +00:00
4e1df53c24
[x86] xen: Fix APIC id mismatch warning on Intel ( Closes : #853193 )
2017-02-17 02:42:17 +00:00
31532f0851
[x86] platform: acer-wmi: setup accelerometer when machine has appropriate notify event ( Closes : #853067 )
2017-02-17 02:37:50 +00:00
e035177b13
net: ipv6: check route protocol when deleting routes ( Closes : #855153 )
2017-02-17 00:58:21 +00:00
8cf3230524
dccp: Disable auto-loading as mitigation against local exploits
2017-02-16 19:11:26 +00:00
10f2dad569
Update to 4.9.10
2017-02-16 19:06:43 +00:00
58fbff3df5
sctp: avoid BUG_ON on sctp_wait_for_sndbuf (CVE-2017-5986)
2017-02-15 11:54:59 +01:00
9e381d5c13
ipv4: keep skb->dst around in presence of IP options (CVE-2017-5970)
2017-02-15 11:50:22 +01:00
4e5e705c5f
selinux: fix off-by-one in setprocattr (CVE-2017-2618)
2017-02-15 11:44:55 +01:00
4a1042f1a0
IB/rxe: Fix mem_check_range integer overflow (CVE-2016-8636)
2017-02-15 11:41:25 +01:00
9ee6dbd395
Update to 4.9.9
...
Drop revert-patch which is superseded by upstream fix in 4.9.9.
Delete log line for commit that went into 4.9.7 and has now been
reverted.
2017-02-10 00:04:25 +00:00
fb27baab98
pegasus: Use heap buffers for all register access ( Closes : #852556 )
2017-02-07 01:44:24 +00:00
abd788f1da
cpumask: use nr_cpumask_bits for parsing functions ( Closes : #848682 )
2017-02-07 01:40:13 +00:00
63ef596c74
Update to 4.10-rc7
2017-02-07 00:39:58 +00:00
72280e2b29
[armel] ARM: orion5x: fix Makefile for linkstation-lschl.dtb
2017-02-06 07:26:38 +09:00
7eec246dc0
Update to 4.9.7
...
Drop patches applied upstream.
2017-02-03 13:51:44 +00:00
701bf4b244
Revert efistub changes, Closes : #853170
...
[benh: Update changelog]
2017-02-03 03:51:48 +00:00
000457eb03
[powerpc*] Revert the initial stack protector support
...
Fixes build failure on ppc32 (or one reason for it) and boot failure on
ppc64.
2017-02-01 23:51:09 +00:00
9805479fdb
[sparc64] topology_64.h: Fix condition for including cpudata.h
...
This might fix the FTBFS, but as I can't currently do a test build
I'm not sure.
2017-02-01 23:50:15 +00:00
cebb2af7dd
[s390x] Un-revert upstream change moving exports to assembly sources
...
s390 now has <asm/asm-prototypes.h>, so exports from asm should have
versions. It also gained another EXPORT_SYMBOL() in asm that we
didn't revert, leading to FTBFS.
2017-02-01 23:49:39 +00:00
28002f99bf
[armel] ARM: dts: orion5x-linkstation-lschl
...
- Fix model name
- More consistent naming on linkstation series
2017-01-31 02:11:17 +09:00
6b038a62ac
Update to 4.10-rc6
2017-01-30 16:28:55 +00:00
6adadc8ec6
Release linux (4.9.6-2).
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAliL3k0ACgkQ57/I7JWG
EQlmog/8D/DowVsxEjNdiHAewH7HUyqdADkCRkeqsmKgCtZEmvEaYE0RijZzGDhm
Ge4PxOzhLE/DRxJF2gN8y0hIVOnigje9qYN5OBdgB/FNNKThL6ARwiu2LD6DYcwU
+Lu6g8iHqsKHZ+NllHEiiwJ4rR39qf3Tkzz5cgm4jEi+5IjnoefOhaFhyPzBkz8i
p6fWklEhev8+lQ1sW9gF94p3t0dOp/31TWACagRQronrTtT2xAzdrR5ESPTo6FFg
gtcfqoB7AYA4LTuzoKIQRgGLsgKk73iLPF874ZuK9g/+4Z2lF9NBbwve3O0qYKCy
NERddjjx9QEf4cjToqAii10AzAfuBFDG/b77ZscREwysUwMhkz47ADefu5v1P2kJ
XdL/sJ/nXyhItV/VK8ym9lg4jAA8K5UOjn+8RtWBTE8091N7y7kyNHTQ4SppySIZ
Ow+NsWkMd+WYxkdGPSYc7nHthhVRvfC9C4cxamn9en+MNmakMgJcOZTxS4/gcTvx
DMCWGmEJrD5Bu3m9GrJzwfaXteWxMYihsq9ofjXeaeYqxgXZ62GuxMeRq3kBOhSw
H9MUITkqfsjcg7eAz8elFhRvrurlVUWFsSCGr4Fd1Tv9zrFw8OXNRrApy4UQOQ4x
Uw5AcA/3ZA3QCPsOuU8ENES57vJb+D3E/LZZJdTktVLUcoxA0tA=
=C8FJ
-----END PGP SIGNATURE-----
Merge tag 'debian/4.9.6-2'
2017-01-28 01:19:31 +00:00
79253df3bb
Bump ABI to 2
2017-01-27 18:14:37 +00:00
6f6fc512f3
[arm64] ptrace: Avoid ABI change in 4.9.6
2017-01-27 06:16:18 +00:00
e345ccbabe
[armhf,arm64] Add security fixes for vc4 driver
2017-01-26 21:27:04 +00:00
810b36a1d3
fbdev: color map copying bounds checking (CVE-2016-8405)
2017-01-26 21:15:56 +00:00
a873a1d79d
Update to 4.9.6
...
Drop patches which are included in it.
2017-01-26 19:24:36 +00:00
601b9e92a1
Update to 4.10-rc5
...
Drop/refresh patches as appropriate.
[rt] Disable until it is updated for 4.10 or later
2017-01-24 19:26:38 +00:00
7a613e23af
nbd: fix 64-bit division
2017-01-24 21:35:14 +09:00
a2704d736e
[x86] ASoC: Intel: select DW_DMAC_CORE since it's mandatory
...
This also allows enabling SND_SOC_INTEL_BDW_RT5677_MACH without
DW_DMAC_CORE built-in.
2017-01-24 04:43:02 +00:00
cf9d2d33be
[arm64] dts: meson-gx: Add firmware reserved memory zones
...
An important bug fix for this newly enabled hardware, requested in #852132 .
2017-01-24 04:42:22 +00:00
3c00650618
ieee802154: atusb: do not use the stack for buffers to make them DMA able (CVE-2017-5548)
2017-01-23 20:59:51 +01:00
c74f7d65fe
HID: corsair: fix DMA buffers on stack (CVE-2017-5547)
2017-01-23 20:57:07 +01:00
ef0901f1ca
Fix/ignore ABI changes in 4.9.3-4.9.5 as appropriate
2017-01-23 15:37:01 +00:00
4686b122fc
Update to 4.9.5
2017-01-21 15:52:44 +01:00
40c7208b1e
Merge branch 'master' (only 1 commit)
2017-01-21 16:55:42 +09:00
Salvatore Bonaccorso
Ben Hutchings
Aurelien Jarno
Lukas Wunner
Roger Shimizu
Riku Voipio