linux (4.9.144-3.1) stretch; urgency=high * Non-maintainer upload. * Fix boot breakage on 32-bit arm (closes: #922478). Thanks to Adrian Bunk for spotting the mistake. -- Julien Cristau Tue, 19 Feb 2019 10:05:39 +0100 linux (4.9.144-3) stretch; urgency=medium * libceph: fix CEPH_FEATURE_CEPHX_V2 check in calc_signature() (regression in 4.9.144) -- Ben Hutchings Sat, 02 Feb 2019 15:53:59 +0100 linux (4.9.144-2) stretch; urgency=medium * [mips*] inst: Avoid ABI change in 4.9.136 (fixes FTBFS) * efi/libstub: Unify command line param parsing (fixes FTBFS on arm64) -- Ben Hutchings Mon, 21 Jan 2019 21:57:31 +0000 linux (4.9.144-1) stretch; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.136 - xfrm: Validate address prefix lengths in the xfrm selector. - xfrm6: call kfree_skb when skb is toobig - mac80211: Always report TX status - cfg80211: reg: Init wiphy_idx in regulatory_hint_core() - mac80211: fix pending queue hang due to TX_DROP - cfg80211: Address some corner cases in scan result channel updating - mac80211: TDLS: fix skb queue/priority assignment - [armel,armhf] 8799/1: mm: fix pci_ioremap_io() offset check - xfrm: validate template mode - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT - mac80211_hwsim: do not omit multicast announce of first added radio - Bluetooth: SMP: fix crash in unpairing - qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor - qed: Avoid constant logical operation warning in qed_vf_pf_acquire - asix: Check for supported Wake-on-LAN modes - ax88179_178a: Check for supported Wake-on-LAN modes - lan78xx: Check for supported Wake-on-LAN modes - sr9800: Check for supported Wake-on-LAN modes - r8152: Check for supported Wake-on-LAN Modes - smsc75xx: Check for Wake-on-LAN modes - smsc95xx: Check for Wake-on-LAN modes - perf/ring_buffer: Prevent concurent ring buffer access - [x86] perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX - [armhf] net: fec: fix rare tx timeout - net: cxgb3_main: fix a missing-check bug - perf symbols: Fix memory corruption because of zero length symbols - mm/memory_hotplug.c: fix overflow in test_pages_in_a_zone() - [mips*] microMIPS: Fix decoding of swsp16 instruction - [mips*] Handle non word sized instructions when examining frame - scsi: aacraid: Fix typo in blink status - f2fs: fix multiple f2fs_add_link() having same name for inline dentry - igb: Remove superfluous reset to PHY and page 0 selection - ACPI: sysfs: Make ACPI GPE mask kernel parameter cover all GPEs - PCI: Disable MSI for HiSilicon Hip06/Hip07 only in Root Port mode - [arm64,armhf] i2c: bcm2835: Avoid possible NULL ptr dereference - efi/fb: Correct PCI_STD_RESOURCE_END usage - ipv6: set rt6i_protocol properly in the route when it is installed - [x86] platform: acer-wmi: setup accelerometer when ACPI device was found - IB/ipoib: Do not warn if IPoIB debugfs doesn't exist - IB/core: Fix the validations of a multicast LID in attach or detach operations - rxe: Fix a sleep-in-atomic bug in post_one_send - nvme-pci: fix CMB sysfs file removal in reset path - net: phy: marvell: Limit 88m1101 autoneg errata to 88E1145 as well. - net/mlx5: Fix command completion after timeout access invalid structure - tipc: Fix tipc_sk_reinit handling of -EAGAIN - tipc: fix a race condition of releasing subscriber object - bnxt_en: Don't use rtnl lock to protect link change logic in workqueue. - [armhf] dts: bcm283x: Reserve first page for firmware - btrfs: fiemap: Cache and merge fiemap extent before submit it to user - [arm64] reset: hi6220: Set module license so that it can be loaded - [x86] ASoC: Intel: Skylake: Fix to parse consecutive string tkns in manifest - mac80211: fix TX aggregation start/stop callback race - libata: fix error checking in in ata_parse_force_one() - [armhf] net: ethernet: stmmac: Fix altr_tse_pcs SGMII Initialization - [i386] x86/cpu/cyrix: Add alternative Device ID of Geode GX1 SoC - [armhf] gpu: ipu-v3: Fix CSI selection for VDIC - [arm64,armhf] net: stmmac: ensure jumbo_frm error return is correctly checked for -ve value - Btrfs: clear EXTENT_DEFRAG bits in finish_ordered_io - ufs: we need to sync inode before freeing it - net/mlx5e: Fix fixpoint divide exception in mlx5e_am_stats_compare - ip6_tunnel: Correct tos value in collect_md mode - net/mlx5: Fix driver load error flow when firmware is stuck - perf evsel: Fix probing of precise_ip level for default cycles event - perf probe: Fix probe definition for inlined functions - net/mlx5: Fix health work queue spin lock to IRQ safe - [armhf] usb: dwc3: omap: remove IRQ_NOAUTOEN used with shared irq - [armhf] clk: samsung: Fix m2m scaler clock on Exynos542x - rds: ib: Fix missing call to rds_ib_dev_put in rds_ib_setup_qp - qed: Warn PTT usage by wrong hw-function - ocfs2: fix deadlock caused by recursive locking in xattr - net: cdc_ncm: GetNtbFormat endian fix - sctp: use right member as the param of list_for_each_entry - ALSA: hda - No loopback on ALC299 codec - ath10k: convert warning about non-existent OTP board id to debug message - ipv6: fix cleanup ordering for ip6_mr failure - IB/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush - IB/rxe: put the pool on allocation failure - nbd: only set MSG_MORE when we have more to send - mm/frame_vector.c: release a semaphore in 'get_vaddr_frames()' - IB/mlx5: Avoid passing an invalid QP type to firmware - scsi: qla2xxx: Avoid double completion of abort command - drm: bochs: Don't remove uninitialized fbdev framebuffer - i40e: avoid NVM acquire deadlock during NVM update - Revert "IB/ipoib: Update broadcast object if PKey value was changed in index 0" - Btrfs: incremental send, fix invalid memory access - [arm64] drm/msm: Fix possible null dereference on failure of get_pages() - l2tp: remove configurable payload offset - macsec: fix memory leaks when skb_to_sgvec fails - perf/core: Fix locking for children siblings group read - cifs: Use ULL suffix for 64-bit constant - futex: futex_wake_op, do not fail on invalid op - ALSA: hda - Fix incorrect usage of IS_REACHABLE() - enic: do not overwrite error code - bonding: ratelimit failed speed/duplex update warning - nvmet: fix space padding in serial number - iio: buffer: fix the function signature to match implementation - [x86] paravirt: Fix some warning messages - IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()' - libertas: call into generic suspend code before turning off power - xhci: Fix USB3 NULL pointer dereference at logical disconnect. - [armhf] dts: imx53-qsb: disable 1.2GHz OPP - rxrpc: Don't check RXRPC_CALL_TX_LAST after calling rxrpc_rotate_tx_window() - rxrpc: Only take the rwind and mtu values from latest ACK - [x86] net: ena: fix NULL dereference due to untimely napi initialization - fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters() - mtd: spi-nor: Add support for is25wp series chips - Revert "netfilter: ipv6: nf_defrag: drop skb dst before queueing" - bridge: do not add port to router list when receives query with source 0.0.0.0 - net: bridge: remove ipv6 zero address check in mcast queries - ipv6: mcast: fix a use-after-free in inet6_mc_check - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called - llc: set SOCK_RCU_FREE in llc_sap_add_socket() - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs - net: sched: gred: pass the right attribute to gred_change_table_def() - net: socket: fix a missing-check bug - [arm64,armhf] net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules - net: udp: fix handling of CHECKSUM_COMPLETE packets - r8169: fix NAPI handling under high load - sctp: fix race on sctp_id2asoc - vhost: Fix Spectre V1 vulnerability - ethtool: fix a privilege escalation bug - bonding: fix length of actor system - net: drop skb on failure in ip_check_defrag() - net: fix pskb_trim_rcsum_slow() with odd trim offset - rtnetlink: Disallow FDB configuration for non-Ethernet device - ip6_tunnel: Fix encapsulation layout - crypto: shash - Fix a sleep-in-atomic bug in shash_setkey_unaligned - ahci: don't ignore result code of ahci_reset_controller() - xfs: truncate transaction does not modify the inobt - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) - ptp: fix Spectre v1 vulnerability - drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl - RDMA/ucma: Fix Spectre v1 vulnerability - IB/ucm: Fix Spectre v1 vulnerability - cdc-acm: correct counting of UART states in serial state notification - usb: gadget: storage: Fix Spectre v1 vulnerability - USB: fix the usbfs flag sanitization for control transfers - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM - sched/fair: Fix throttle_list starvation with low CFS quota - [x86] percpu: Fix this_cpu_read() - [x86] time: Correct the attribute on jiffies' definition - posix-timers: Sanitize overrun handling (CVE-2018-12896) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.137 - bcache: fix miss key refill->end in writeback - jffs2: free jffs2_sb_info through jffs2_kill_sb() - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges - [arm64] ipmi: Fix timer race with module unload - [hppa/parisc] Fix address in HPMC IVA - [hppa/parisc] Fix map_pages() to not overwrite existing pte entries - ALSA: hda - Add quirk for ASUS G751 laptop - ALSA: hda - Fix headphone pin config for ASUS G751 - ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops - [x86] speculation: Enable cross-hyperthread spectre v2 STIBP mitigation - [x86] corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided - [x86] speculation: Support Enhanced IBRS on future CPUs - Revert "perf tools: Fix PMU term format max value calculation" - xfrm: policy: use hlist rcu variants on insert - sched/fair: Fix the min_vruntime update logic in dequeue_entity() - perf cpu_map: Align cpu map synthesized events properly. - [x86] fpu: Remove second definition of fpu in __fpu__restore_sig() - net: qla3xxx: Remove overflowing shift statement - locking/lockdep: Fix debug_locks off performance problem - tun: Consistently configure generic netdev params via rtnetlink - [s390x] sthyi: Fix machine name validity indication - [armhf] hwmon: (pwm-fan) Set fan speed to 0 on suspend - perf tools: Free temporary 'sys' string in read_event_files() - perf tools: Cleanup trace-event-info 'tdata' leak - perf strbuf: Match va_{add,copy} with va_end - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 - iwlwifi: pcie: avoid empty free RB queue - [i386] x86/olpc: Indicate that legacy PC XO-1 platform should not register RTC - [arm64,armhf] cpufreq: dt: Try freeing static OPPs only if we have added them - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth - [arm64] pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux - brcmfmac: fix for proper support of 160MHz bandwidth - kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() - ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers - [arm64] pinctrl: qcom: spmi-mpp: Fix drive strength setting - [arm64] pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant - [arm64] pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant - ixgbevf: VF2VF TCP RSS - ath10k: schedule hardware restart if WMI command times out - cgroup, netclassid: add a preemption point to write_classid - scsi: esp_scsi: Track residual for PIO transfers - scsi: megaraid_sas: fix a missing-check bug - RDMA/core: Do not expose unsupported counters - IB/ipoib: Clear IPCB before icmp_send - tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated - [x86] VMCI: Resource wildcard match fixed - ext4: fix argument checking in EXT4_IOC_MOVE_EXT - MD: fix invalid stored role for a disk - PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice - [arm64,armhf] usb: chipidea: Prevent unbalanced IRQ disable - [amd64] driver/dma/ioat: Call del_timer_sync() without holding prep_lock - uio: ensure class is registered before devices - scsi: lpfc: Correct soft lockup when running mds diagnostics - signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init - ALSA: hda: Check the non-cached stream buffers more explicitly - [armhf] dts: exynos: Remove "cooling-{min|max}-level" for CPU nodes - [armhf] dts: exynos: Add missing cooling device properties for CPUs - [armhf] dts: exynos: Convert exynos5250.dtsi to opp-v2 bindings - [armhf] dts: exynos: Mark 1 GHz CPU OPP as suspend OPP on Exynos5250 - xen-swiotlb: use actually allocated size on check physical continuous - [x86] tpm: Restore functionality to xen vtpm driver. - xen/blkfront: avoid NULL blkfront_info dereference on device removal - [x86] xen: fix race in xen_qlock_wait() - [x86] xen: make xen_qlock_wait() nestable - libertas: don't set URB_ZERO_PACKET on IN USB transfer - [x86] usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten - iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() - [x86] libnvdimm: Hold reference on parent while scheduling async init - [x86] ASoC: intel: skylake: Add missing break in skl_tplg_get_token() - jbd2: fix use after free in jbd2_log_do_checkpoint() - gfs2_meta: ->mount() can get NULL dev_name - ext4: initialize retries variable in ext4_da_write_inline_data_begin() - ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR - HID: hiddev: fix potential Spectre v1 - EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting - [amd64] EDAC, skx_edac: Fix logical channel intermediate decoding - PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk - [ppc64el] signal/GenWQE: Fix sending of SIGKILL - crypto: lrw - Fix out-of bounds access on counter overflow - crypto: tcrypt - fix ghash-generic speed test - ima: fix showing large 'violations' or 'runtime_measurements_count' - hugetlbfs: dirty pages as they are added to pagecache - [armhf] w1: omap-hdq: fix missing bus unregister at removal - smb3: allow stats which track session and share reconnects to be reset - smb3: do not attempt cifs operation in smb3 query info error path - smb3: on kerberos mount if server doesn't specify auth type use krb5 - printk: Fix panic caused by passing log_buf_len to command line - genirq: Fix race on spurious interrupt detection - NFSv4.1: Fix the r/wsize checking - nfsd: Fix an Oops in free_session() - lockd: fix access beyond unterminated strings in prints - dm ioctl: harden copy_params()'s copy_from_user() from malicious users - [powerpc*] msi: Fix compile error on mpc83xx - [mips*] OCTEON: fix out of bounds array access on CN68XX - media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD - [x86] xen: fix xen_qlock_wait() - media: em28xx: use a default format if TRY_FMT fails - media: tvp5150: avoid going past array on v4l2_querymenu() - media: em28xx: fix input name for Terratec AV 350 - media: em28xx: make v4l2-compliance happier by starting sequence on zero - [arm64] lse: remove -fcall-used-x0 flag - rpmsg: smd: fix memory leak on channel create - Cramfs: fix abad comparison when wrap-arounds occur - [arm64,armhf] soc/tegra: pmc: Fix child-node lookup - btrfs: Handle owner mismatch gracefully when walking up tree - btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid deadlock - btrfs: fix error handling in free_log_tree - btrfs: iterate all devices during trim, instead of fs_devices::alloc_list - btrfs: don't attempt to trim devices that don't support it - btrfs: wait on caching when putting the bg cache - btrfs: reset max_extent_size on clear in a bitmap - btrfs: make sure we create all new block groups - Btrfs: fix wrong dentries after fsync of file that got its parent replaced - btrfs: qgroup: Dirty all qgroups before rescan - Btrfs: fix null pointer dereference on compressed write path error - btrfs: set max_extent_size properly - MD: fix invalid stored role for a disk - try2 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.138 - [powerpc*] powerpc/eeh: Fix possible null deref in eeh_dump_dev_log() - tty: check name length in tty_find_polling_driver() - [powerpc*] nohash: fix undefined behaviour when testing page size support - [armhf] drm/omap: fix memory barrier bug in DMM driver - media: pci: cx23885: handle adding to list failure - [mips*] kexec: Mark CPU offline before disabling local IRQ - [powerpc*] boot: Ensure _zimage_start is a weak symbol - [mips*] PCI: Call pcie_bus_configure_settings() to set MPS/MRRS - media: tvp5150: fix width alignment during set_selection() - 9p locks: fix glock.client_id leak in do_lock - 9p: clear dangling pointers in p9stat_free - cdrom: fix improper type cast, which can leat to information leak. (CVE-2018-18710) - scsi: qla2xxx: Fix incorrect port speed being set for FC adapters - scsi: qla2xxx: shutdown chip if reset fail - fuse: Fix use-after-free in fuse_dev_do_read() - fuse: Fix use-after-free in fuse_dev_do_write() - fuse: fix blocked_waitq wakeup - fuse: set FR_SENT while locked - mm: do not bug_on on incorrect length in __mm_populate() - e1000: avoid null pointer dereference on invalid stat type - e1000: fix race condition between e1000_down() and e1000_watchdog - bna: ethtool: Avoid reading past end of buffer - [hppa/parisc] Align os_hpmc_size on word boundary - [hppa/parisc] Fix HPMC handler by increasing size to multiple of 16 bytes - [hppa/parisc] Fix exported address of os_hpmc handler - [mips64el,mipsel] Loongson-3: Fix CPU UART irq delivery problem - [mips64le,mipsel] Loongson-3: Fix BRIDGE irq delivery problem - [armhf] clk: s2mps11: Fix matching when built as module and DT node contains compatible - [armhf] clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call - libceph: bump CEPH_MSG_MAX_DATA_LEN - Revert "ceph: fix dentry leak in splice_dentry()" - mach64: fix display corruption on big endian machines - mach64: fix image corruption due to reading accelerator registers - [arm64] reset: hisilicon: fix potential NULL pointer dereference - vhost/scsi: truncate T10 PI iov_iter to prot_bytes - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings - netfilter: conntrack: fix calculation of next bucket number in early_drop - termios, tty/tty_baudrate.c: fix buffer overrun - Btrfs: fix cur_offset in the error case for nocow - Btrfs: fix data corruption due to cloning of eof block - clockevents/drivers/i8253: Add support for PIT shutdown quirk - ext4: add missing brelse() update_backups()'s error path - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() - ext4: avoid buffer leak in ext4_orphan_add() after prior errors - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing - ext4: avoid possible double brelse() in add_new_gdb() on error path - ext4: fix possible leak of sbi->s_group_desc_leak in error path - ext4: fix possible leak of s_journal_flag_rwsem in error path - ext4: release bs.bh before re-using in ext4_xattr_block_find() - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path - ext4: fix buffer leak in __ext4_read_dirblock() on error path - mount: Retest MNT_LOCKED in do_umount - mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts - mount: Prevent MNT_DETACH from disconnecting locked mounts - sunrpc: correct the computation for page_ptr when truncating - nfsd: COPY and CLONE operations require the saved filehandle to be set - rtc: hctosys: Add missing range error reporting - fuse: fix use-after-free in fuse_direct_IO() - fuse: fix leaked notify reply - configfs: replace strncpy with memcpy - lib/ubsan.c: don't mark __ubsan_handle_builtin_unreachable as noreturn - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! - mm: migration: fix migration of huge PMD shared pages - [armhf] drm/rockchip: Allow driver to be shutdown on reboot/kexec - drm/dp_mst: Check if primary mstb is null - [x86] drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values - [x86] drm/i915/execlists: Force write serialisation into context image vs execution - [arm64] KVM: Fix caching of host MDCR_EL2 value https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.139 - flow_dissector: do not dissect l4 ports for fragments - ip_tunnel: don't force DF when MTU is locked - net-gro: reset skb->pkt_type in napi_reuse_skb() - sctp: not allow to set asoc prsctp_enable by sockopt - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths - usbnet: smsc95xx: disable carrier check while suspending - inet: frags: better deal with smp races - ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF - kbuild: Add better clang cross build support - kbuild: clang: add -no-integrated-as to KBUILD_[AC]FLAGS - kbuild: Consolidate header generation from ASM offset information - kbuild: consolidate redundant sed script ASM offset generation - kbuild: fix asm-offset generation to work with clang - kbuild: drop -Wno-unknown-warning-option from clang options - kbuild, LLVMLinux: Add -Werror to cc-option to support clang - kbuild: use -Oz instead of -Os when using clang - kbuild: Add support to generate LLVM assembly files - modules: mark __inittest/__exittest as __maybe_unused - [x86] kbuild: Use cc-option to enable -falign-{jumps/loops} - [amd64] crypto, x86: aesni - fix token pasting for clang - kbuild: Add __cc-option macro - [x86] build: Use __cc-option for boot code compiler options - [x86] build: Specify stack alignment for clang - kbuild: clang: Disable 'address-of-packed-member' warning - [arm64] crypto: arm64/sha - avoid non-standard inline asm tricks - [x86] boot: #undef memcpy() et al in string.c - [arm64] efi/libstub/arm64: Use hidden attribute for struct screen_info reference - [arm64] efi/libstub/arm64: Force 'hidden' visibility for section markers - efi/libstub: Preserve .debug sections after absolute relocation check - [arm64] efi/libstub/arm64: Set -fpie when building the EFI stub - [x86] build: Fix stack alignment for CLang - [x86] build: Use cc-option to validate stack alignment parameter - Kbuild: use -fshort-wchar globally - [arm64] uaccess: suppress spurious clang warning - [armel,armhf] add more CPU part numbers for Cortex and Brahma B15 CPUs - [armel,armhf] bugs: prepare processor bug infrastructure - [armel,armhf] bugs: hook processor bug checking into SMP and suspend paths - [armel,armhf] bugs: add support for per-processor bug checking - [armel,armhf] spectre: add Kconfig symbol for CPUs vulnerable to Spectre - [armel,armhf] spectre-v2: harden branch predictor on context switches - [armel,armhf] spectre-v2: add Cortex A8 and A15 validation of the IBE bit - [armel,armhf] spectre-v2: harden user aborts in kernel space - [armel,armhf] spectre-v2: add firmware based hardening - [armel,armhf] spectre-v2: warn about incorrect context switching functions - [armel,armhf] KVM: invalidate BTB on guest exit for Cortex-A12/A17 - [armel,armhf] KVM: invalidate icache on guest exit for Cortex-A15 - [armel,armhf] spectre-v2: KVM: invalidate icache on guest exit for Brahma B15 - [armel,armhf] KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling - [armel,armhf] KVM: report support for SMCCC_ARCH_WORKAROUND_1 - [armel,armhf] spectre-v1: add speculation barrier (csdb) macros - [armel,armhf] spectre-v1: add array_index_mask_nospec() implementation - [armel,armhf] spectre-v1: fix syscall entry - [armel,armhf] signal: copy registers using __copy_from_user() - [armel,armhf] vfp: use __copy_from_user() when restoring VFP state - [armel,armhf] oabi-compat: copy semops using __copy_from_user() - [armel,armhf] use __inttype() in get_user() - [armel,armhf] spectre-v1: use get_user() for __get_user() - [armel,armhf] spectre-v1: mitigate user accesses https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.140 - Revert "x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation" - Revert "ipv6: set rt6i_protocol properly in the route when it is installed" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.141 - cifs: don't dereference smb_file_target before null check - reiserfs: propagate errors from fill_with_dentries() properly - hfs: prevent btree data loss on root split - hfsplus: prevent btree data loss on root split - drm/edid: Add 6 bpc quirk for BOE panel. - clk: fixed-rate: fix of_node_get-put imbalance - fs/exofs: fix potential memory leak in mount option parsing - [armhf] clk: samsung: exynos5420: Enable PERIS clocks for suspend - [x86] platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 - [arm64] percpu: Initialize ret in the default case - netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net - netfilter: ipset: Correct rcu_dereference() call in ip_set_put_comment() - netfilter: xt_IDLETIMER: add sysfs filename checking routine - [s390x] qeth: fix HiperSockets sniffer - [ppc64el] hwmon: (ibmpowernv) Remove bogus __init annotations - clk: fixed-factor: fix of_node_get-put imbalance - qed: Fix memory/entry leak in qed_init_sp_request() - qed: Fix blocking/unlimited SPQ entries leak - zram: close udev startup race condition as default groups - SUNRPC: drop pointless static qualifier in xdr_get_next_encode_buffer() - gfs2: Put bitmap buffers in put_super - btrfs: Enhance btrfs_trim_fs function to handle error better - btrfs: Ensure btrfs_trim_fs can trim the whole filesystem - btrfs: fix pinned underflow after transaction aborted - Revert "media: videobuf2-core: don't call memop 'finish' when queueing" - Revert "Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV" - media: v4l: event: Add subscription to list before calling "add" operation - uio: Fix an Oops on load - usb: cdc-acm: add entry for Hiro (Conexant) modem - USB: quirks: Add no-lpm quirk for Raydium touchscreens - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB - USB: misc: appledisplay: add 20" Apple Cinema Display - [x86] ACPI / platform: Add SMB0001 HID to forbidden_id_list - HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges - libceph: fall back to sendmsg for slab pages https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.142 - usb: core: Fix hub port connection events lost - [arm64,armhf] usb: dwc3: core: Clean up ULPI device - usb: xhci: fix timeout for transition from RExit to U0 - MAINTAINERS: Add Sasha as a stable branch maintainer - gpio: don't free unallocated ida on gpiochip_add_data_with_key() error path - iwlwifi: mvm: support sta_statistics() even on older firmware - iwlwifi: mvm: fix regulatory domain update when the firmware starts - brcmfmac: fix reporting support for 160 MHz channels - tools/power/cpupower: fix compilation with STATIC=true - v9fs_dir_readdir: fix double-free on p9stat_read error - selinux: Add __GFP_NOWARN to allocation at str_read() - bfs: add sanity check at bfs_fill_super() - sctp: clear the transport of some out_chunk_list chunks in sctp_assoc_rm_peer - gfs2: Don't leave s_fs_info pointing to freed memory in init_sbd - llc: do not use sk_eat_skb() - mm: don't warn about large allocations for slab - drm/ast: change resolution may cause screen blurred - drm/ast: fixed cursor may disappear sometimes - drm/ast: Remove existing framebuffers before loading driver - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length - can: dev: __can_get_echo_skb(): Don't crash the kernel if can_priv::echo_skb is accessed out of bounds - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb - IB/core: Fix for core panic - [amd64] IB/hfi1: Eliminate races in the SDMA send error path - usb: xhci: Prevent bus suspend if a port connect change or polling state is detected - [arm64] pinctrl: meson: fix pinconf bias disable - [armhf] cpufreq: imx6q: add return value check for voltage scale - floppy: fix race condition in __floppy_read_block_0() - [powerpc*] io: Fix the IO workarounds code to work with Radix - [x86] perf/x86/intel/uncore: Add more IMC PCI IDs for KabyLake and CoffeeLake CPUs - SUNRPC: Fix a bogus get/put in generic_key_to_expire() - [powerpc*] numa: Suppress "VPHN is not supported" messages - [arm64,armhf] efi/arm: Revert deferred unmap of early memmap mapping - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset - of: add helper to lookup compatible child node - ath10k: fix kernel panic due to race in accessing arvif list - Input: xpad - add product ID for Xbox One S pad - Input: xpad - fix Xbox One rumble stopping after 2.5 secs - Input: xpad - correctly sort vendor id's - Input: xpad - move reporting xbox one home button to common function - Input: xpad - simplify error condition in init_output - Input: xpad - don't depend on endpoint order - Input: xpad - fix stuck mode button on Xbox One S pad - Input: xpad - restore LED state after device resume - Input: xpad - support some quirky Xbox One pads - Input: xpad - sort supported devices by USB ID - Input: xpad - sync supported devices with xboxdrv - Input: xpad - add USB IDs for Mad Catz Brawlstick and Razer Sabertooth - Input: xpad - sync supported devices with 360Controller - Input: xpad - sync supported devices with XBCD - Input: xpad - constify usb_device_id - Input: xpad - fix PowerA init quirk for some gamepad models - Input: xpad - validate USB endpoint type during probe - Input: xpad - add support for PDP Xbox One controllers - Input: xpad - add PDP device id 0x02a4 - Input: xpad - fix some coding style issues - Input: xpad - avoid using __set_bit() for capabilities - Input: xpad - add GPD Win 2 Controller USB IDs - Input: xpad - fix GPD Win 2 controller name - Input: xpad - add support for Xbox1 PDP Camo series gamepad - mwifiex: prevent register accesses after host is sleeping - mwifiex: report error to PCIe for suspend failure - mwifiex: Fix NULL pointer dereference in skb_dequeue() - mwifiex: fix p2p device doesn't find in scan problem - scsi: ufs: fix bugs related to null pointer access and array size - scsi: ufshcd: Fix race between clk scaling and ungate work - scsi: ufs: fix race between clock gating and devfreq scaling work - scsi: ufshcd: release resources if probe fails - tty: wipe buffer. - tty: wipe buffer if not echoing data - usb: xhci: fix uninitialized completion when USB3 port got wrong status - sched/core: Allow __sched_setscheduler() in interrupts when PI is not used - namei: allow restricted O_CREAT of FIFOs and regular files - lan78xx: Read MAC address from DT if present - [s390x] mm: Check for valid vma before zapping in gmap_discard - net: ieee802154: 6lowpan: fix frag reassembly - Revert "evm: Translate user/group ids relative to s_user_ns when computing HMAC" - ima: always measure and audit files in policy - ima: re-introduce own integrity cache lock - ima: re-initialize iint->atomic_flags https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.143 - mm/huge_memory: rename freeze_page() to unmap_page() - mm/huge_memory.c: reorder operations in __split_huge_page_tail() - mm/huge_memory: splitting set mapping+index before unfreeze - mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() - mm/khugepaged: collapse_shmem() stop if punched or truncated - shmem: shmem_charge: verify max_block is not exceeded before inode update - shmem: introduce shmem_inode_acct_block - mm/khugepaged: fix crashes due to misaccounted holes - mm/khugepaged: collapse_shmem() remember to clear holes - mm/khugepaged: minor reorderings in collapse_shmem() - mm/khugepaged: collapse_shmem() without freezing new_page - mm/khugepaged: collapse_shmem() do not crash on Compound - media: em28xx: Fix use-after-free when disconnecting - [arm64,armhf] Revert "wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()" - net: skb_scrub_packet(): Scrub offload_fwd_mark - [s390x] qeth: fix length check in SNMP processing - usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2 - [x86] kvm: mmu: Fix race in emulated page table writes - [x86] kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb - [x86] KVM: Fix scan ioapic use-before-initialization (CVE-2018-19407) - Btrfs: ensure path name is null terminated at btrfs_control_ioctl - [x86] perf/x86/intel: Move branch tracing setup to the Intel-specific source file - [x86] perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() - fs: fix lost error code in dio_complete - [i386] ALSA: wss: Fix invalid snd_free_pages() at error path - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write - ALSA: control: Fix race between adding and removing a user element - [sparc] ALSA: sparc: Fix invalid snd_free_pages() at error path - ext2: fix potential use after free - btrfs: release metadata before running delayed refs - USB: usb-storage: Add new IDs to ums-realtek - usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series - Revert "usb: dwc3: gadget: skip Set/Clear Halt when invalid" - mm: use swp_offset as key in shmem_replace_page() - [x86] Drivers: hv: vmbus: check the creation_status in vmbus_establish_gpadl() - [amd64] misc: mic/scif: fix copy-paste error in scif_create_remote_lookup - [armhf] bus: arm-cci: remove unnecessary unreachable() - [armhf] trusted_foundations: do not use naked function - [x86] efi/libstub: Make file I/O chunking x86-specific https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.144 - kernfs: Replace strncpy with memcpy - ip_tunnel: Fix name string concatenate in __ip_tunnel_create() - scsi: bfa: convert to strlcpy/strlcat - [x86] staging: rts5208: fix gcc-8 logic error warning - [amd64] x86/power/64: Use char arrays for asm function names - iser: set sector for ambiguous mr status errors - uprobes: Fix handle_swbp() vs. unregister() + register() race once more - [mips*] fix mips_get_syscall_arg o32 check - IB/mlx5: Avoid load failure due to unknown link width - drm/ast: Fix incorrect free on ioregs - drm: set is_master to 0 upon drm_new_set_master() failure - scsi: scsi_devinfo: cleanly zero-pad devinfo strings - scsi: csiostor: Avoid content leaks and casts - [x86] svm: Add mutex_lock to protect apic_access_page_done on AMD systems - Input: xpad - quirk all PDP Xbox One gamepads - Input: elan_i2c - add ELAN0620 to the ACPI table - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR - Input: elan_i2c - add support for ELAN0621 touchpad - btrfs: Always try all copies when reading extent buffers - Btrfs: fix use-after-free when dumping free space - udf: Allow mounting volumes with incorrect identification strings - [arm64,armhf] reset: make optional functions really optional - [arm64,armhf] reset: core: fix reset_control_put - reset: fix optional reset_control_get stubs to return NULL - [arm64,armhf] reset: add exported __reset_control_get, return NULL if optional - [arm64,armhf] reset: make device_reset_optional() really optional - reset: remove remaining WARN_ON() in - mm: cleancache: fix corruption on missed inode invalidation (CVE-2018-16862) - net: qed: use correct strncpy() size - tipc: use destination length for copy string - libceph: drop len argument of *verify_authorizer_reply() - libceph: no need to drop con->mutex for ->get_authorizer() - libceph: store ceph_auth_handshake pointer in ceph_connection - libceph: factor out __prepare_write_connect() - libceph: factor out __ceph_x_decrypt() - libceph: factor out encrypt_authorizer() - libceph: add authorizer challenge (CVE-2018-1128) - libceph: implement CEPHX_V2 calculation mode (CVE-2018-1129) - libceph: weaken sizeof check in ceph_x_verify_authorizer_reply() - libceph: check authorizer reply/challenge length before reading - bpf: Prevent memory disambiguation attack (CVE-2018-3639) - wil6210: missing length check in wmi_set_ie (CVE-2018-5848) - btrfs: validate type when reading a chunk (CVE-2018-14611) - btrfs: Verify that every chunk has corresponding block group at mount time (CVE-2018-14612) - btrfs: Refactor check_leaf function for later expansion - btrfs: Check if item pointer overlaps with the item itself - btrfs: Add sanity check for EXTENT_DATA when reading out leaf - btrfs: Add checker for EXTENT_CSUM - btrfs: Move leaf and node validation checker to tree-checker.c - btrfs: struct-funcs, constify readers - btrfs: tree-checker: Enhance btrfs_check_node output - btrfs: tree-checker: Fix false panic for sanity test - btrfs: tree-checker: Add checker for dir item - btrfs: tree-checker: use %zu format string for size_t - btrfs: tree-check: reduce stack consumption in check_dir_item - btrfs: tree-checker: Verify block_group_item (CVE-2018-14613) - btrfs: tree-checker: Detect invalid and empty essential trees (CVE-2018-14612) - btrfs: Check that each block group has corresponding chunk at mount time (CVE-2018-14610) - btrfs: tree-checker: Check level for leaves and nodes - btrfs: tree-checker: Fix misleading group system information - f2fs: fix race condition in between free nid allocator/initializer (CVE-2017-18249) - f2fs: detect wrong layout - f2fs: return error during fill_super - f2fs: check blkaddr more accuratly before issue a bio - f2fs: sanity check on sit entry - f2fs: enhance sanity_check_raw_super() to avoid potential overflow - f2fs: clean up with is_valid_blkaddr() - f2fs: introduce and spread verify_blkaddr - f2fs: fix to do sanity check with secs_per_zone (CVE-2018-13100) - f2fs: fix to do sanity check with user_block_count (CVE-2018-13097) - f2fs: Add sanity_check_inode() function - f2fs: fix to do sanity check with node footer and iblocks (CVE-2018-13096) - f2fs: fix to do sanity check with block address in main area - f2fs: fix missing up_read - f2fs: fix to do sanity check with block address in main area v2 (CVE-2018-14616) - f2fs: free meta pages if sanity check for ckpt is failed - f2fs: fix to do sanity check with cp_pack_start_sum (CVE-2018-14614) - xfs: don't fail when converting shortform attr to long form during ATTR_REPLACE (CVE-2018-18690) - hugetlbfs: fix bug in pgoff overflow checking [ Ben Hutchings ] * drivers/net/ethernet: Ignore ABI changes (fixes FTBFS on arm64; Closes: #914556) * libcpupower: Hide private function and drop it from .symbols file * Revert "elevator: fix truncation of icq_cache_name" to avoid ABI change * reset: Avoid ABI changes in 4.9.144 * esp_scsi: Ignore ABI changes * snd-hda: Ignore ABI changes * posix-timers: Avoid ABI change in 4.9.136 * sched: Avoid ABI change in 4.9.136 * [armel,armhf] Avoid ABI change in 4.9.139 [ Noah Meyerhans ] * [arm64] PCI: Enable HOTPLUG_PCI and HOTPLUG_PCI_ACPI (Closes: #915231) * drivers/net/ethernet/amazon: Backport ENA 2.0.2 network driver (Closes: #915229) [ Salvatore Bonaccorso ] * [rt] Refresh 0159-genirq-Allow-disabling-of-softirq-processing-in-irq-.patch for context changes in 4.9.137 * Refresh mips-loongson-3-support-irq_set_affinity-in-i8259-ch.patch for context changes in 4.9.138 * Refresh kbuild-use-nostdinc-in-compile-tests.patch for context changes in 4.9.139 * Refresh inet-frags-avoid-abi-change-in-4.9.134.patch for context changes in 4.9.139 * scripts/mod: Update modpost wrapper for 4.9.139. Upstream commit cf0c3e68aa81 "kbuild: fix asm-offset generation to work with clang" changed the macros used by devicetable-offsets.c. Copy the new sed code from upstream scripts/Makefile.lib. Originates from the same change for 4.12 done by Ben Hutchings. * Refresh media-v4l-avoid-abi-change-in-4.9.131.patch for context changes in 4.9.141 * Refresh fs-enable-link-security-restrictions-by-default.patch for context changes in 4.9.142 * Refresh inet-frags-avoid-abi-change-in-4.9.134.patch for context changes in 4.9.142 [ Michal Simek ] * [arm64] Enable Xilinx ZynqMP SoC and drivers -- Ben Hutchings Sun, 30 Dec 2018 23:27:02 +0000 linux (4.9.135-1) stretch; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.131 - crypto: skcipher - Fix -Wstringop-truncation warnings - tsl2550: fix lux1_input error in low light - [x86] vmci: type promotion bug in qp_host_get_user_memory() - [amd64] numa_emulation: Fix emulated-to-physical node mapping - [x86] staging: rts5208: fix missing error check on call to rtsx_write_register - uwb: hwa-rc: fix memory leak at probe - [arm64,armhf] power: vexpress: fix corruption in notifier registration - [amd64] iommu/amd: make sure TLB to be flushed before IOVA freed - Bluetooth: Add a new Realtek 8723DE ID 0bda:b009 - USB: serial: kobil_sct: fix modem-status error handling - 6lowpan: iphc: reset mac_header after decompress to fix panic - [s390x] mm: correct allocate_pgste proc_handler callback - power: remove possible deadlock when unregistering power_supply - IB/core: type promotion bug in rdma_rw_init_one_mr() - [powerpc*] kdump: Handle crashkernel memory reservation failure - [x86] tsc: Add missing header to tsc_msr.c - [armhf] hwmod: RTC: Don't assume lock/unlock will be called with irq enabled - [x86] entry/64: Add two more instruction suffixes - scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size - scsi: klist: Make it safe to use klists in atomic context - [powerpc/powerpc64,ppc64*] scsi: ibmvscsi: Improve strings handling - usb: wusbcore: security: cast sizeof to int for comparison - [ppc64el] powerpc/powernv/ioda2: Reduce upper limit for DMA window size - alarmtimer: Prevent overflow for relative nanosleep (CVE-2018-13053) - [s390x] extmem: fix gcc 8 stringop-overflow warning - [armhf] media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data - drivers/tty: add error handling for pcmcia_loop_config - [x86] media: tm6000: add error handling for dvb_register_adapter - ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge - ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock - rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() - [arm64,armhf] wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() - [armhf] mvebu: declare asm symbols as character arrays in pmsu.c - HID: hid-ntrig: add error handling for sysfs_create_group - [x86] perf/x86/intel/lbr: Fix incomplete LBR call stack - scsi: bnx2i: add error handling for ioremap_nocache - scsi: megaraid_sas: Update controller info during resume - [x86] EDAC, i7core: Fix memleaks and use-after-free on probe and remove - ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs - nfsd: fix corrupted reply to badly ordered compound - EDAC: Fix memleak in module init error path - [armhf] dts: dra7: fix DCAN node addresses - [arm64] spi: tegra20-slink: explicitly enable/disable clock - [arm*] regulator: fix crash caused by null driver data - USB: fix error handling in usb_driver_claim_interface() - USB: handle NULL config in usb_find_alt_setting() - slub: make ->cpu_partial unsigned int - media: uvcvideo: Support realtek's UVC 1.5 device - USB: usbdevfs: sanitize flags more - USB: usbdevfs: restore warning for nonsensical flags - Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" - USB: remove LPM management from usb_driver_claim_interface() - Input: elantech - enable middle button of touchpad on ThinkPad P72 - IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop - [amd64] IB/hfi1: Invalid user input can result in crash - [amd64] IB/hfi1: Fix context recovery when PBC has an UnsupportedVL - scsi: target: iscsi: Use bin2hex instead of a re-implementation - [armhf] serial: imx: restore handshaking irq for imx1 - [amd64] IB/hfi1: Fix SL array bounds check - qed: Wait for ready indication before rereading the shmem - qed: Wait for MCP halt and resume commands to take place - [arm*] thermal: of-thermal: disable passive polling when thermal zone is disabled - [arm64] net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES - [arm64] net: hns: fix skb->truesize underestimation - e1000: check on netif_running() before calling e1000_up() - e1000: ensure to free old tx/rx rings in set_ringparam() - hwmon: (adt7475) Make adt7475_read_word() return errors - [x86] drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode - [arm*] smccc-1.1: Make return values unsigned long - [arm*] smccc-1.1: Handle function result as parameters - [x86] i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus - media: v4l: event: Prevent freeing event subscriptions while accessed https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.132 - [arm64] serial: mvebu-uart: Fix reporting of effective CSIZE to userspace - time: Introduce jiffies64_to_nsecs() - mac80211: Run TXQ teardown code before de-registering interfaces - [ppc64el] KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function - mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X - mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X - mac80211: mesh: fix HWMP sequence numbering to follow standard - [arm64] net: hns: add netif_carrier_off before change speed and duplex - cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE - gpio: Fix crash due to registration race - RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 - fs/cifs: don't translate SFM_SLASH (U+F026) to backslash - cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() - mac80211: fix a race between restart and CSA flows - mac80211: Fix station bandwidth setting after channel switch - mac80211: don't Tx a deauth frame if the AP forbade Tx - mac80211: shorten the IBSS debug messages - mm: madvise(MADV_DODUMP): allow hugetlbfs pages - HID: add support for Apple Magic Keyboards - HID: hid-saitek: Add device ID for RAT 7 Contagion - perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() - [ppc64el] perf probe powerpc: Ignore SyS symbols irrespective of endianness - RDMA/ucma: check fd type in ucma_migrate_id() - USB: yurex: Check for truncation in yurex_read() - nvmet-rdma: fix possible bogus dereference under heavy load - net/mlx5: Consider PCI domain in search for next dev - drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS - dm raid: fix rebuild of specific devices by updating superblock - fs/cifs: suppress a string overflow warning - [x86] net: ena: fix driver when PAGE_SIZE == 64kB - [x86] perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs - dm thin metadata: try to avoid ever aborting transactions - [arm64] jump_label.h: use asm_volatile_goto macro instead of "asm goto" - r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED - [s390x] qeth: use vzalloc for QUERY OAT buffer - [s390x] qeth: don't dump past end of unknown HW header - cifs: read overflow in is_valid_oplock_break() - xen/manage: don't complain about an empty value in control/sysrq node - xen: avoid crash in disable_hotplug_cpu - xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage - sysfs: Do not return POSIX ACL xattrs via listxattr - smb2: fix missing files in root share directory listing - ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 - [x86] crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() - gpiolib: Free the last requested descriptor - proc: restrict kernel stack dumps to root (CVE-2018-17972) - ocfs2: fix locking for res->tracking and dlm->tracking_list - dm thin metadata: fix __udivdi3 undefined on 32-bit https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.133 - mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly - [amd64] x86/vdso: Fix asm constraints on vDSO syscall fallbacks - [amd64] x86/vdso: Fix vDSO syscall fallback asm constraint regression - PCI: Reprogram bridge prefetch registers on resume - mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys - PM / core: Clear the direct_complete flag on errors - dm cache metadata: ignore hints array being too small during resize - dm cache: fix resize crash if user doesn't reload cache table - xhci: Add missing CAS workaround for Intel Sunrise Point xHCI - USB: serial: simple: add Motorola Tetra MTP6550 id - tty: Drop tty->count on tty_reopen() failure - cgroup: Fix deadlock in cpu hotplug path - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait - ath10k: fix kernel panic issue during pci probe - f2fs: fix invalid memory access - ucma: fix a use-after-free in ucma_resolve_ip() - ubifs: Check for name being NULL while mounting - ath10k: fix scan crash due to incorrect length calculation - ebtables: arpreply: Add the standard target sanity check - [x86] fpu: Remove use_eager_fpu() - [x86] fpu: Remove struct fpu::counter - Revert "perf: sync up x86/.../cpufeatures.h" - [x86] fpu: Finish excising 'eagerfpu' https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.134 - [armhf] mfd: omap-usb-host: Fix dts probe of children - scsi: iscsi: target: Don't use stack buffer for scatterlist - scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() - sound: enable interrupt after dma buffer initialization - [arm64,armhf] stmmac: fix valid numbers of unicast filter entries - [x86] kvm/lapic: always disable MMIO interface in x2APIC mode - ext4: Fix error code in ext4_xattr_set_entry() - mm/vmstat.c: fix outdated vmstat_text - mach64: detect the dot clock divider correctly on sparc - [x86] i2c: i2c-scmi: fix for i2c_smbus_write_block_data - xhci: Don't print a warning when setting link state for disabled ports - bnxt_en: Fix TX timeout during netpoll. - bonding: avoid possible dead-lock - ip6_tunnel: be careful when accessing the inner header - ip_tunnel: be careful when accessing the inner header - ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() - ipv6: take rcu lock in rawv6_send_hdrinc() - [armhf] net: dsa: bcm_sf2: Call setup during switch resume - ]arm64] net: hns: fix for unmapping problem when SMMU is on - net: ipv4: update fnhe_pmtu when first hop's MTU changes - net/ipv6: Display all addresses in output of /proc/net/if_inet6 - net/usb: cancel pending work when unbinding smsc75xx - qlcnic: fix Tx descriptor corruption on 82xx devices - qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface - team: Forbid enslaving team device to itself - [armhf] net: dsa: bcm_sf2: Fix unbind ordering - [armhf] net: mvpp2: Extract the correct ethtype from the skb for tx csum offload - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 - tcp/dccp: fix lockdep issue when SYN is backlogged - inet: make sure to grab rcu_read_lock before using ireq->ireq_opt - inet: frags: change inet_frags_init_net() return value - inet: frags: add a pointer to struct netns_frags - inet: frags: refactor ipfrag_init() - inet: frags: refactor ipv6_frag_init() - inet: frags: refactor lowpan_net_frag_init() - ipv6: export ip6 fragments sysctl to unprivileged users - rhashtable: add schedule points - inet: frags: use rhashtables for reassembly units - inet: frags: remove some helpers - inet: frags: get rif of inet_frag_evicting() - inet: frags: remove inet_frag_maybe_warn_overflow() - inet: frags: do not clone skb in ip_expire() - ipv6: frags: rewrite ip6_expire_frag_queue() - inet: frags: get rid of ipfrag_skb_cb/FRAG_CB - ip: discard IPv4 datagrams with overlapping segments. - net: speed up skb_rbtree_purge() - net: modify skb_rbtree_purge to return the truesize of all purged skbs. - ipv6: defrag: drop non-last frags smaller than min mtu - net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends - net: add rb_to_skb() and other rb tree helpers - ip: use rb trees for IP frag queue. - ip: add helpers to process in-order fragments faster. - ip: process in-order fragments efficiently - ip: frags: fix crash in ip_do_fragment() - ipv4: frags: precedence bug in ip_expire() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.135 - media: af9035: prevent buffer overflow on write - batman-adv: Fix segfault when writing to throughput_override - batman-adv: Fix segfault when writing to sysfs elp_interval - batman-adv: Prevent duplicated nc_node entry - batman-adv: Prevent duplicated softif_vlan entry - batman-adv: Prevent duplicated global TT entry - batman-adv: Prevent duplicated tvlv handler - batman-adv: fix backbone_gw refcount on queue_work() failure - batman-adv: fix hardif_neigh refcount on queue_work() failure - [armhf] clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs - [powerpc*/*64*] scsi: ibmvscsis: Fix a stringop-overflow warning - [powerpc*/*64*] scsi: ibmvscsis: Ensure partition name is properly NUL terminated - [arm64] drm: mali-dp: Call drm_crtc_vblank_reset on device init - scsi: sd: don't crash the host on invalid commands - net/mlx4: Use cpumask_available for eq->affinity_mask - [powerpc*] tm: Fix userspace r13 corruption - [powerpc*] tm: Avoid possible userspace r1 corruption on reclaim - [amd64] iommu/amd: Return devid as alias for ACPI HID devices - mremap: properly flush TLB before releasing the page (CVE-2018-18281) - mm: Preserve _PAGE_DEVMAP across mprotect() calls - netfilter: check for seqadj ext existence before adding it in nf_nat_setup_info - HID: quirks: fix support for Apple Magic Keyboards - usb: gadget: serial: fix oops when data rx'd after close - sched/cputime: Convert kcpustat to nsecs - sched/cputime: Increment kcpustat directly on irqtime account - sched/cputime: Fix ksoftirqd cputime accounting regression - [x86] HV: properly delay KVP packets when negotiation is in progress [ Ben Hutchings ] * Resolve ABI changes caused by upstream fix for CVE-2018-5391: - Revert "inet: frags: fix ip6frag_low_thresh boundary" - Revert "inet: frags: reorganize struct netns_frags" - Revert "rhashtable: reorganize struct rhashtable layout" - Revert "inet: frags: break the 2GB limit for frags storage" - inet: frags: Avoid ABI change in 4.9.134 - sk_buff: Avoid ABI change in 4.9.134 - snmp: Remove the ReasmOverlaps statistic - ipv6: Ignore ABI changes in fragment reassembly functions * [x86] fpu: Avoid ABI change in 4.9.133 * power: Avoid ABI change in 4.9.131 * slub: Avoid ABI change in 4.9.131 * media: v4l: Avoid ABI change in 4.9.131 * netdev: Hide netdev_notifier_info_ext from modules * [x86] Revert "x86/mm: Expand static page table for fixmap space" * Revert "tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()", which does not fix a real security issue -- Salvatore Bonaccorso Sun, 11 Nov 2018 15:03:44 +0100 linux (4.9.130-2) stretch; urgency=medium [ Salvatore Bonaccorso ] * Ignore ABI change for return_address. Fixes "FTBFS on armel/armhf: ABI change for return_address". Modules will use their own inline copy. Thanks to Cyril Brulebois for the analysis (Closes: #911421) -- Ben Hutchings Sat, 27 Oct 2018 19:46:16 +0100 linux (4.9.130-1) stretch; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.111 - [x86] spectre_v1: Disable compiler optimizations over array_index_mask_nospec() - [x86] mce: Improve error message when kernel cannot recover - [x86] mce: Check for alternate indication of machine check recovery on Skylake - [x86] mce: Fix incorrect "Machine check from unknown source" message - [x86] mce: Do not overwrite MCi_STATUS in mce_no_way_out() - [x86] Call fixup_exception() before notify_die() in math_error() - [m68k] mm: Adjust VM area to be unmapped by gap size for __iounmap() - [sh4] serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version - usb: do not reset if a low-speed or full-speed device timed out - 1wire: family module autoload fails because of upper/lower case mismatch. - ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it - lib/vsprintf: Remove atomic-unsafe support for %pCr - [mips*] ftrace: fix static function graph tracing - branch-check: fix long->int truncation when profiling branches - ipmi:bt: Set the timeout before doing a capabilities check - Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader - fuse: atomic_o_trunc should truncate pagecache - fuse: don't keep dead fuse_conn at fuse_fill_super(). - fuse: fix control dir setup and teardown - [powerpc*] mm/hash: Add missing isync prior to kernel stack SLB switch - [powerpc*] ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG - [powerpc*] /ptrace: Fix enforcement of DAWR constraints - [powerpc*] powernv/ioda2: Remove redundant free of TCE pages - [poewrpc*] cpuidle: powernv: Fix promotion from snooze if next state disabled - [powerpc*] fadump: Unregister fadump on kexec down path. - [arm*] 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size - [arm64] kpti: Use early_param for kpti= command-line option - [arm64] mm: Ensure writes to swapper are ordered wrt subsequent cache maintenance - IB/qib: Fix DMA api warning with debug kernel - IB/{hfi1, qib}: Add handling of kernel restart - IB/mlx5: Fetch soft WQE's on fatal error state - IB/isert: Fix for lib/dma_debug check_sync warning - IB/isert: fix T10-pi check mask setting - RDMA/mlx4: Discard unknown SQP work requests - mtd: cfi_cmdset_0002: Change write buffer to check correct value - mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() - mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips - mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary - mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking. - PCI: Add ACS quirk for Intel 7th & 8th Gen mobile - PCI: Add ACS quirk for Intel 300 series - PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume - printk: fix possible reuse of va_list variable - [mips*] io: Add barrier after register read in inX() - time: Make sure jiffies_to_msecs() preserves non-zero time periods - Btrfs: fix return value on rename exchange failure - Btrfs: fix unexpected cow in run_delalloc_nocow - iio:buffer: make length types match kfifo types - scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails - [s390x] scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler - [s390x] scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF - [s390x] scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed - [s390x] scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return - [s390x] scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED - [s390x] scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED - [s390x] scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread - linvdimm, pmem: Preserve read-only setting for pmem devices - md: fix two problems with setting the "re-add" device state. - ubi: fastmap: Cancel work upon detach - ubi: fastmap: Correctly handle interrupted erasures in EBA - UBIFS: Fix potential integer overflow in allocation - [x86] mfd: intel-lpss: Program REMAP register in PIO mode - perf tools: Fix symbol and object code resolution for vdso32 and vdsox32 - perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING - perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP - perf intel-pt: Fix MTC timing after overflow - perf intel-pt: Fix "Unexpected indirect branch" error - perf intel-pt: Fix packet decoding of CYC packets - media: v4l2-compat-ioctl32: prevent go past max size - media: cx231xx: Add support for AverMedia DVD EZMaker 7 - media: dvb_frontend: fix locking issues at dvb_frontend_get_event() - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir - NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message - NFSv4: Revert commit 5f83d86cf531d ("NFSv4.x: Fix wraparound issues..") - video: uvesafb: Fix integer overflow in allocation (CVE-2018-13406) - Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID - pwm: lpss: platform: Save/restore the ctrl register over a suspend/resume - rbd: flush rbd_dev->watch_dwork after watch is unregistered - [x86] mm: fix devmem_is_allowed() for sub-page System RAM intersections - xen: Remove unnecessary BUG_ON from __unbind_from_irq() - udf: Detect incorrect directory size - Input: elan_i2c_smbus - fix more potential stack buffer overflows - Input: elantech - enable middle button of touchpads on ThinkPad P52 - Input: elantech - fix V4 report decoding for module with middle key - ALSA: hda/realtek - Fix pop noise on Lenovo P50 & co - ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210 - block: Fix transfer when chunk sectors exceeds max - dm thin: handle running out of data space vs concurrent discard https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.112 - usb: cdc_acm: Add quirk for Uniden UBC125 scanner - USB: serial: cp210x: add CESINEL device ids - USB: serial: cp210x: add Silicon Labs IDs for Windows Update - [arm64,armhf] usb: dwc2: fix the incorrect bitmaps for the ports of multi_tt hub - n_tty: Fix stall at n_tty_receive_char_special(). - n_tty: Access echo_* variables carefully. - vt: prevent leaking uninitialized data to userspace via /dev/vcs* - ipv4: Fix error return value in fib_convert_metrics() - [x86] kprobes: Do not modify singlestep buffer while resuming - netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain() - net: phy: micrel: fix crash when statistic requested for KSZ9031 phy - [armhf] dts: imx6q: Use correct SDMA script for SPI5 core - IB/hfi1: Fix user context tail allocation for DMA_RTAIL - mm: hugetlb: yield when prepping struct pages - tracing: Fix missing return symbol in function_graph output - scsi: sg: mitigate read/write abuse - [s390x] Correct register corruption in critical section cleanup - drbd: fix access after free - cifs: Fix infinite loop when using hard mount option - drm/udl: fix display corruption of the last line - ext4: include the illegal physical block in the bad map ext4_error msg - ext4: add more mount time checks of the superblock - ext4: check superblock mapped prior to committing - mlxsw: spectrum: Forbid linking of VLAN devices to devices that have uppers - [x86] HID: i2c-hid: Fix "incomplete report" noise - HID: hiddev: fix potential Spectre v1 - HID: debug: check length before copy_to_user() (CVE-2018-9516) - PM / OPP: Update voltage in case freq == old_freq - Kbuild: fix # escaping in .cmd files for future Make - media: cx25840: Use subdev host data for PLL override - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset - dm bufio: avoid sleeping while holding the dm_bufio lock - dm bufio: drop the lock when doing GFP_NOIO allocation - [armhf] mtd: rawnand: mxc: set spare area size register explicitly - dm bufio: don't take the lock in dm_bufio_shrink_count - mtd: cfi_cmdset_0002: Change definition naming to retry write operation - mtd: cfi_cmdset_0002: Change erase functions to retry for error - mtd: cfi_cmdset_0002: Change erase functions to check chip good only - netfilter: nf_log: don't hold nf_log_mutex during user access - [x86] staging: comedi: quatech_daqp_cs: fix no-op loop daqp_ao_insn_write() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.113 - nvme: validate admin queue before unquiesce - [mips*] Call dump_stack() from show_regs() - [mips*] Fix ioremap() RAM check - mmc: dw_mmc: fix card threshold control configuration - [x86] ibmasm: don't write out of bounds in read handler - ata: Fix ZBC_OUT command block check - ata: Fix ZBC_OUT all bit handling - vmw_balloon: fix inflation with batching - ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS - USB: serial: ch341: fix type promotion bug in ch341_control_in() - USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick - USB: serial: keyspan_pda: fix modem-status error handling - USB: yurex: fix out-of-bounds uaccess in read handler (CVE-2018-16276) - USB: serial: mos7840: fix status-register error handling - usb: quirks: add delay quirks for Corsair Strafe - xhci: xhci-mem: off by one in xhci_stream_id_to_ring() - HID: usbhid: add quirk for innomedia INNEX GENESIS/ATARI adapter - ALSA: hda - Handle pm failure during hotplug - fs, elf: make sure to page align bss in load_elf_library - tools build: fix # escaping in .cmd files for future Make - [arm64,armhf] i2c: tegra: Fix NACK error handling - iw_cxgb4: correctly enforce the max reg_mr depth - nvme-pci: Remap CMB SQ entries on every controller reset - [x86] uprobes: Remove incorrect WARN_ON() in uprobe_init_insn() - netfilter: nf_queue: augment nfqa_cfg_policy - netfilter: x_tables: initialise match/target check parameter struct - loop: add recursion validation to LOOP_CHANGE_FD - PM / hibernate: Fix oops at snapshot_write() - loop: remember whether sysfs_create_group() was done https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.114 - [mips*] Use async IPIs for arch_trigger_cpumask_backtrace() - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations - [x86] asm: Add _ASM_ARG* constants for argument registers to - [x86] paravirt: Make native_save_fl() extern inline - mtd: m25p80: consider max message size in m25p80_read - atm: zatm: Fix potential Spectre v1 - ipvlan: fix IFLA_MTU ignored on NEWLINK - net: dccp: avoid crash in ccid3_hc_rx_send_feedback() - net: dccp: switch rx_tstamp_last_feedback to monotonic clock - net/mlx5: Fix incorrect raw command length parsing - net/mlx5: Fix wrong size allocation for QoS ETC TC regitster - net_sched: blackhole: tell upper qdisc about dropped packets - net: sungem: fix rx checksum support - qed: Fix use of incorrect size in memcpy call. - qed: Limit msix vectors in kdump kernel to the minimum required count. - qmi_wwan: add support for the Dell Wireless 5821e module - r8152: napi hangup fix after disconnect - tcp: fix Fast Open key endianness - tcp: prevent bogus FRTO undos with non-SACK flows - vhost_net: validate sock before trying to put its fd - net/packet: fix use-after-free - net/mlx5: Fix command interface race in polling mode - net: cxgb3_main: fix potential Spectre v1 - rtlwifi: rtl8821ae: fix firmware is not ready to run - net: lan78xx: Fix race in tx pending skb size calculation - netfilter: ebtables: reject non-bridge targets - reiserfs: fix buffer overflow with long warning messages - KEYS: DNS: fix parsing multiple options - netfilter: ipv6: nf_defrag: drop skb dst before queueing - rds: avoid unenecessary cong_update in loop transport - net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL. - [arm64] assembler: introduce ldr_this_cpu - [arm64] KVM: Store vcpu on the stack during __guest_enter() - [arm*] KVM: Convert kvm_host_cpu_state to a static per-cpu allocation - [arm64] KVM: Change hyp_panic()s dependency on tpidr_el2 - [arm64] alternatives: use tpidr_el2 on VHE hosts - [arm64] KVM: Stop save/restoring host tpidr_el1 on VHE - [arm64] alternatives: Add dynamic patching feature - [arm*] KVM: Do not use kern_hyp_va() with kvm_vgic_global_state - [arm64] KVM: Avoid storing the vcpu pointer on the stack - [arm*] smccc: Add SMCCC-specific return codes - [arm64] Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1 - [arm64] Add per-cpu infrastructure to call ARCH_WORKAROUND_2 - [arm64] Add ARCH_WORKAROUND_2 probing - [arm64] Add 'ssbd' command-line option - [arm64] ssbd: Add global mitigation state accessor - [arm64] ssbd: Skip apply_ssbd if not using dynamic mitigation - [arm64] ssbd: Restore mitigation status on CPU resume - [arm64] ssbd: Introduce thread flag to control userspace mitigation - [arm64] ssbd: Add prctl interface for per-thread mitigation - [arm64] KVM: Add HYP per-cpu accessors - [arm64] KVM: Add ARCH_WORKAROUND_2 support for guests - [arm64] KVM: Handle guest's ARCH_WORKAROUND_2 requests - [arm64] KVM: Add ARCH_WORKAROUND_2 discovery through ARCH_FEATURES_FUNC_ID - string: drop __must_check from strscpy() and restore strscpy() usages in cgroup https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.115 - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel. - [x86] apm: Don't access __preempt_count with zeroed fs - [x86] MCE: Remove min interval polling limitation - fat: fix memory allocation failure handling of match_strdup() - ALSA: rawmidi: Change resized buffers atomically (CVE-2018-10902) - mm: memcg: fix use after free in mem_cgroup_iter() - mm/huge_memory.c: fix data loss when splitting a file pmd - vfio/pci: Fix potential Spectre v1 - [x86] drm/i915: Fix hotplug irq ack on i965/g4x - gen_stats: Fix netlink stats dumping in the presence of padding - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns - ipv6: fix useless rol32 call on hash - lib/rhashtable: consider param->min_size when setting initial table size - net: diag: Don't double-free TCP_NEW_SYN_RECV sockets in tcp_abort - net/ipv4: Set oif in fib_compute_spec_dst - net: phy: fix flag masking in __set_phy_supported - ptp: fix missing break in switch - qmi_wwan: add support for Quectel EG91 - tg3: Add higher cpu clock for 5762. - net: usb: asix: replace mii_nway_restart in resume path - net: Don't copy pfmemalloc flag in __copy_skb_header() - skbuff: Unconditionally copy pfmemalloc in __skb_clone() - xhci: Fix perceived dead host due to runtime suspend race with event handler - xprtrdma: Return -ENOBUFS when no pages are available - block: do not use interruptible wait anywhere https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.116 - [mips*] Fix off-by-one in pci_resource_to_user() - ip: hash fragments consistently - ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull - net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper - net: skb_segment() should not return NULL - net/mlx5: Adjust clock overflow work period - net/mlx5e: Don't allow aRFS for encapsulated packets - net/mlx5e: Fix quota counting in aRFS expire flow - multicast: do not restore deleted record source filter mode to new one - net: phy: consider PHY_IGNORE_INTERRUPT in phy_start_aneg_priv - rtnetlink: add rtnl_link_state check in rtnl_configure_link - tcp: fix dctcp delayed ACK schedule - tcp: helpers to send special DCTCP ack - tcp: do not cancel delay-AcK on DCTCP special ACK - tcp: do not delay ACK in DCTCP upon CE status change - usb: cdc_acm: Add quirk for Castles VEGA3000 - usb: core: handle hub C_PORT_OVER_CURRENT condition - usb: gadget: f_fs: Only return delayed status when len is 0 - driver core: Partially revert "driver core: correct device's shutdown order" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.117 - Input: elan_i2c - add ACPI ID for lenovo ideapad 330 - Input: i8042 - add Lenovo LaVie Z to the i8042 reset list - Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST - [x86] kvm, mm: account shadow page tables to kmemcg - tracing: Fix double free of event_trigger_data - tracing: Fix possible double free in event_enable_trigger_func() - kthread, tracing: Don't expose half-written comm when creating kthreads - tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure - tracing: Quiet gcc warning about maybe unused link variable - [arm64] fix vmemmap BUILD_BUG_ON() triggering on !vmemmap setups - [arm64,armhf] usb: dwc2: Fix DMA alignment to start at allocated boundary - kcov: ensure irq code sees a valid area - xen/netfront: raise max number of slots in xennet_get_responses() - ALSA: emu10k1: add error handling for snd_ctl_add - ALSA: fm801: add error handling for snd_ctl_add - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo - mm: vmalloc: avoid racy handling of debugobjects in vunmap - mm/slub.c: add __printf verification to slab_err() - rtc: ensure rtc_set_alarm fails when alarms are not supported - perf tools: Fix pmu events parsing rule - netfilter: ipset: List timing out entries with "timeout 1" instead of zero - infiniband: fix a possible use-after-free bug (CVE-2018-14734) - [powerpc*] powerpc/eeh: Fix use-after-release of EEH driver - hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common() - [powerpc*] powerpc/64s: Fix compiler store ordering to SLB shadow area - RDMA/mad: Convert BUG_ONs to error flows - netfilter: nf_tables: check msg_type before nft_trans_set(trans) - pnfs: Don't release the sequence slot until we've processed layoutget on open - disable loading f2fs module on PAGE_SIZE > 4KB - f2fs: fix error path of move_data_page - f2fs: fix to don't trigger writeback during recovery - f2fs: fix to wait page writeback during revoking atomic write - f2fs: Fix deadlock in shutdown ioctl - f2fs: fix race in between GC and atomic open - usbip: usbip_detach: Fix memory, udev context and udev leak - [x86] perf/x86/intel/uncore: Correct fixed counter index check in generic code - [x86] perf/x86/intel/uncore: Correct fixed counter index check for NHM - iwlwifi: pcie: fix race in Rx buffer allocator - Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning - Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011 - ASoC: dpcm: fix BE dai not hw_free and shutdown - [arm64,armhf] mfd: cros_ec: Fail early if we cannot identify the EC - mwifiex: handle race during mwifiex_usb_disconnect - wlcore: sdio: check for valid platform device data before suspend - media: tw686x: Fix incorrect vb2_mem_ops GFP flags - media: videobuf2-core: don't call memop 'finish' when queueing - btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups - btrfs: qgroup: Finish rescan when hit the last leaf of extent tree - PCI: Prevent sysfs disable of device while driver is attached - ath: Add regulatory mapping for FCC3_ETSIC - ath: Add regulatory mapping for ETSI8_WORLD - ath: Add regulatory mapping for APL13_WORLD - ath: Add regulatory mapping for APL2_FCCA - ath: Add regulatory mapping for Uganda - ath: Add regulatory mapping for Tanzania - ath: Add regulatory mapping for Serbia - ath: Add regulatory mapping for Bermuda - ath: Add regulatory mapping for Bahamas - [powerpc*] chrp/time: Make some functions static, add missing header include - [powerpc*] powermac: Add missing prototype for note_bootable_part() - [powerpc*] powermac: Mark variable x as unused - [powerpc*] 8xx: fix invalid register expression in head_8xx.S - [powerpc*] bpf: powerpc64: pad function address loads with NOPs - PCI: pciehp: Request control of native hotplug only if supported - mwifiex: correct histogram data with appropriate index - ima: based on policy verify firmware signatures (pre-allocated buffer) - fscrypt: use unbound workqueue for decryption - scsi: ufs: fix exception event handling - ALSA: emu10k1: Rate-limit error messages about page errors - [armhf] regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops - md: fix NULL dereference of mddev->pers in remove_and_add_spares() - ixgbevf: fix MAC address changes through ixgbevf_set_mac() - ALSA: usb-audio: Apply rate limit to warning messages in URB complete callback - [arm64] cmpwait: Clear event register before arming exclusive monitor - HID: hid-plantronics: Re-resend Update to map button for PTT products - drm/radeon: fix mode_valid's return type - [powerpc*] embedded6xx/hlwd-pic: Prevent interrupts from being handled by Starlet - HID: i2c-hid: check if device is there before really probing - nvmem: properly handle returned value nvmem_reg_read - tty: Fix data race in tty_insert_flip_string_fixed_flag - dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA - libata: Fix command retry decision - media: media-device: fix ioctl function types - media: saa7164: Fix driver name in debug output - brcmfmac: Add support for bcm43364 wireless chipset - [s390x] cpum_sf: Add data entry sizes to sampling trailer entry - perf: fix invalid bit in diagnostic entry - bnxt_en: Check unsupported speeds in bnxt_update_link() on PF only. - scsi: 3w-9xxx: fix a missing-check bug - scsi: 3w-xxxx: fix a missing-check bug - scsi: megaraid: silence a static checker bug - [x86] staging: lustre: o2iblnd: fix race at kiblnd_connect_peer - [armhf] thermal: exynos: fix setting rising_threshold for Exynos5433 - bpf: fix references to free_bpf_prog_info() in comments - media: siano: get rid of __le32/__le16 cast warnings - drm/atomic: Handling the case when setting old crtc for plane - ALSA: hda/ca0132: fix build failure when a local macro is defined - mmc: dw_mmc: update actual clock for mmc debugfs - mmc: pwrseq: Use kmalloc_array instead of stack VLA - dt-bindings: pinctrl: meson: add support for the Meson8m2 SoC - dt-bindings: net: meson-dwmac: new compatible name for AXG SoC - stop_machine: Use raw spinlocks - [arm64,armhf] memory: tegra: Do not handle spurious interrupts - [arm64,armhf] memory: tegra: Apply interrupts mask per SoC - [x86] drm/gma500: fix psb_intel_lvds_mode_valid()'s return type - ipconfig: Correctly initialise ic_nameservers - rsi: Fix 'invalid vdd' warning in mmc - audit: allow not equal op for audit by executable - [x86] staging: lustre: llite: correct removexattr detection - [x86] staging: lustre: ldlm: free resource when ldlm_lock_create() fails. - serial: core: Make sure compiler barfs for 16-byte earlycon names - usb: hub: Don't wait for connect state at resume for powered-off ports - crypto: authencesn - don't leak pointers to authenc keys - crypto: authenc - don't leak pointers to authenc keys - [armhf] media: omap3isp: fix unbalanced dma_iommu_mapping - scsi: scsi_dh: replace too broad "TP9" string with the exact models - scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs - media: si470x: fix __be16 annotations - drm: Add DP PSR2 sink enable bit - random: mix rdrand with entropy sent in from userspace - squashfs: be more careful about metadata corruption - ext4: fix inline data updates with checksums enabled - ext4: check for allocation block validity with block group locked - RDMA/uverbs: Protect from attempts to create flows on unsupported QP https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.118 - ipv4: remove BUG_ON() from fib_compute_spec_dst - net: ena: Fix use of uninitialized DMA address bits field - [arm64] net: fix amd-xgbe flow-control issue - net: lan78xx: fix rx handling before first packet is send - NET: stmmac: align DMA stuff to largest cache line length - tcp_bbr: fix bw probing to raise in-flight data for very small BDPs - xen-netfront: wait xenbus state change when load module manually - tcp: do not force quickack when receiving out-of-order packets - tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode - tcp: do not aggressively quick ack after ECN events - tcp: refactor tcp_ecn_check_ce to remove sk type cast - tcp: add one more quick ack after after ECN events - [x86] pinctrl: intel: Read back TX buffer state - sched/wait: Remove the lockless swait_active() check in swake_up*() - bonding: avoid lockdep confusion in bond_get_stats() - inet: frag: enforce memory limits earlier - ipv4: frags: handle possible skb truesize change - net: dsa: Do not suspend/resume closed slave_dev - netlink: Fix spectre v1 gadget in netlink_create() - net: stmmac: Fix WoL for PCI-based setups - squashfs: more metadata hardening - squashfs: more metadata hardenings - can: ems_usb: Fix memory leak on ems_usb_disconnect() - net: socket: fix potential spectre v1 gadget in socketcall - virtio_balloon: fix another race between migration and ballooning - [x86] kvm: vmx: fix vpid leak - [x86] crypto: padlock-aes - Fix Nano workaround data corruption - drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar formats - scsi: sg: fix minor memory leak in error path https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.119 - scsi: qla2xxx: Fix ISP recovery on unload - scsi: qla2xxx: Return error when TMF returns - genirq: Make force irq threading setup more robust - nohz: Fix local_timer_softirq_pending() - netlink: Do not subscribe to non-existent groups - netlink: Don't shift with UB on nlk->ngroups - netlink: Don't shift on 64 for ngroups - ACPI / PCI: Bail early in acpi_pci_add_bus() if there is no ACPI handle - ring_buffer: tracing: Inherit the tracing setting to next ring buffer - [armhf] i2c: imx: Fix reinit_completion() use - Btrfs: fix file data corruption after cloning a range and fsync - tcp: add tcp_ooo_try_coalesce() helper - kmemleak: clear stale pointers from task stacks - fork: unconditionally clear stack on fork - IB/hfi1: Fix incorrect mixing of ERR_PTR and NULL return values https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.120 - ext4: fix check to prevent initializing reserved inodes - [x86] tpm: fix race condition in tpm_common_write() - [hppa/parisc] Enable CONFIG_MLONGCALLS by default - [hppa/parisc] Define mb() and add memory barriers to assembler unlock sequences - Mark HI and TASKLET softirq synchronous - xen/netfront: don't cache skb_shinfo() - ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power management enabled - root dentries need RCU-delayed freeing - make sure that __dentry_kill() always invalidates d_seq, unhashed or not - fix mntput/mntput race - fix __legitimize_mnt()/mntput() race - IB/core: Make testing MR flags for writability a static inline function - IB/mlx4: Mark user MR as writable if actual virtual memory is writable - IB/ocrdma: fix out of bounds access to local buffer - [x86] paravirt: Fix spectre-v2 mitigations for paravirt guests (CVE-2018-15594) - [x86] speculation: Protect against userspace-userspace spectreRSB CVE-2018-15572) - [x86] kprobes Fix %p uses in error messages - [x86] irqflags: Provide a declaration for native_save_fl https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.121 - [i386] mm: Disable ioremap free page handling on x86-PAE - kbuild: verify that $DEPMOD is installed - crypto: vmac - require a block cipher with 128-bit block size - crypto: vmac - separate tfm and request context - Bluetooth: hidp: buffer overflow in hidp_process_report (CVE-2018-9363) - ioremap: Update pgtable free interfaces with addr - [x86] mm: Add TLB purge to free pmd/pte page interfaces https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.122 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.123 - dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() - l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache - llc: use refcount_inc_not_zero() for llc_sap_find() - vsock: split dwork to avoid reinitializations - ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit - net_sched: Fix missing res info when create new tc_index filter - net_sched: fix NULL pointer dereference when delete tcindex filter - ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs - ALSA: hda - Turn CX8200 into D3 as well upon reboot - ALSA: vx222: Fix invalid endian conversions - ALSA: virmidi: Fix too long output trigger loop - ALSA: cs5535audio: Fix invalid endian conversion - ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry - ALSA: memalloc: Don't exceed over the requested size - ALSA: vxpocket: Fix invalid endian conversions - cls_matchall: fix tcf_unbind_filter missing - USB: serial: sierra: fix potential deadlock at close - USB: option: add support for DW5821e - ACPI / PM: save NVS memory for ASUS 1025C laptop - tty: serial: 8250: Revert NXP SC16C2552 workaround - serial: 8250_dw: always set baud rate in dw8250_set_termios - serial: 8250_dw: Add ACPI support for uart on Broadcom SoC - [x86] mm: Simplify p[g4um]d_page() macros - Bluetooth: avoid killing an already killed socket https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.124 - [x86] entry/64: Remove %ebx handling from error_entry/exit (CVE-2018-14678) - [arm64,armhf] usb: dwc3: of-simple: fix use-after-free on remove - [arm64] dts: ns2: Fix I2C controller interrupt type - [arm64] drm: mali-dp: Enable Global SE interrupts mask for DP500 - IB/rxe: Fix missing completion for mem_reg work requests - libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() - [arm64,armhf] usb: dwc2: fix isoc split in transfer with no data - usb: gadget: composite: fix delayed_status race condition when set_interface - [arm64,armhf] usb: gadget: dwc2: fix memory leak in gadget_init() - xen: add error handling for xenbus_printf - scsi: xen-scsifront: add error handling for xenbus_printf - xen/scsiback: add error handling for xenbus_printf - [arm64] make secondary_start_kernel() notrace - qed: Add sanity check for SIMD fastpath handler. - enic: initialize enic->rfs_h.lock in enic_probe - net: hamradio: use eth_broadcast_addr - net: propagate dev_get_valid_name return code - [armhf] net: stmmac: socfpga: add additional ocp reset line for Stratix10 - nvmet: reset keep alive timer in controller enable - [armhf] net: davinci_emac: match the mdio device against its compatible if possible - [arm64,armhf] KVM: Drop resource size check for GICV window - locking/lockdep: Do not record IRQ state within lockdep code - ipv6: mcast: fix unsolicited report interval after receiving querys - Smack: Mark inode instant in smack_task_to_inode - batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump - batman-adv: Fix bat_v best gw refcnt after netlink dump - cxgb4: when disabling dcb set txq dcb priority to 0 - [x86] iio: pressure: bmp280: fix relative humidity unit - brcmfmac: stop watchdog before detach and free everything - ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl - [arm64,armhf] usb: xhci: remove the code build warning - usb: xhci: increase CRS timeout value - NFC: pn533: Fix wrong GFP flag usage - perf test session topology: Fix test on s390 - perf report powerpc: Fix crash if callchain is empty - perf bench: Fix numa report output code - netfilter: nf_log: fix uninit read in nf_log_proc_dostring - ceph: fix dentry leak in splice_dentry() - [armhf] dmaengine: pl330: report BURST residue granularity - [arm64] dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() - md/raid10: fix that replacement cannot complete recovery after reassemble - nl80211: relax ht operation checks for mesh - [s390x] bpf, s390: fix potential memleak when later bpf_jit_prog fails - bnx2x: Fix receiving tx-timeout in error or recovery state. - acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value - ipvlan: call dev_change_flags when ipvlan mode is reset - HID: wacom: Correct touch maximum XY of 2nd-gen Intuos - tracing: Use __printf markup to silence compiler - smsc75xx: Add workaround for gigabit link up hardware errata. - ieee802154: 6lowpan: set IFLA_LINK - netfilter: x_tables: set module owner for icmp(6) matches - ipv6: make ipv6_renew_options() interrupt/kernel safe - [arm*] pxa: irq: fix handling of ICMR registers in suspend/resume - net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used - ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem - ieee802154: at86rf230: use __func__ macro for debug messages - ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem - netfilter: nf_conntrack: Fix possible possible crash on module loading. - bnxt_en: Always set output parameters in bnxt_get_max_rings(). - bnxt_en: Fix for system hang if request_irq fails - nfit: fix unchecked dereference in acpi_nfit_ctl - RDMA/mlx5: Fix memory leak in mlx5_ib_create_srq() error path - [arm*] 8780/1: ftrace: Only set kernel memory back to read-only after boot - [armhf] DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores - [armhf] dts: am3517.dtsi: Disable reference to OMAP3 OTG controller - ixgbe: Be more careful when modifying MAC filters - packet: reset network header if packet shorter than ll reserved space - qlogic: check kstrtoul() for errors - tcp: remove DELAYED ACK events in DCTCP - drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() - net: usb: rtl8150: demote allmulti message to dev_dbg() - tcp: identify cryptic messages as TCP seq # bugs - KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer - ext4: fix spectre gadget in ext4_mb_regular_allocator() - [hppa/parisc] Remove ordered stores from syscall.S - xfrm_user: prevent leaking 2 bytes of kernel memory - netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state - packet: refine ring v3 block size test to hold one frame - [hppa/parisc] Remove unnecessary barriers from spinlock.h - PCI: hotplug: Don't leak pci_slot on registration failure - PCI: Skip MPS logic for Virtual Functions (VFs) - PCI: pciehp: Fix use-after-free on unplug - PCI: pciehp: Fix unprotected list iteration in IRQ handler - [armhf] i2c: imx: Fix race condition in dma read - reiserfs: fix broken xattr handling (heap corruption, bad retval) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.125 - vti6: fix PMTU caching and reporting on xmit - xfrm: fix missing dst_release() after policy blocking lbcast and multicast - xfrm: free skb if nlsk pointer is NULL - mac80211: add stations tied to AP_VLANs during hw reconfig - nl80211: Add a missing break in parse_station_flags - [arm64] drm/bridge: adv7511: Reset registers on hotplug - scsi: libiscsi: fix possible NULL pointer dereference in case of TMF - [armhf] drm/imx: imx-ldb: disable LDB on driver bind - [armhf] drm/imx: imx-ldb: check if channel is enabled before printing warning - usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3' - [ppc64el] bpf, ppc64: fix unexpected r0=0 exit path inside bpf_xadd - [x86] tools/power turbostat: fix -S on UP systems - qed: Fix possible race for the link state value. - qed: Correct Multicast API to reflect existence of 256 approximate buckets. - atl1c: reserve min skb headroom - [x86] perf/x86/amd/ibs: Don't access non-started event - bnx2x: Fix invalid memory access in rss hash config path. - qmi_wwan: fix interface number for DW5821e production firmware - [x86] boot: Fix if_changed build flip/flop bug - fscache: Allow cancelled operations to be enqueued - cachefiles: Fix refcounting bug in backing-file read monitoring - cachefiles: Wait rather than BUG'ing on "Unexpected object collision" - zswap: re-check zswap_is_full() after do zswap_shrink() - [x86] tools/power turbostat: Read extended processor family from CPUID - enic: handle mtu change for vf properly - squashfs metadata 2: electric boogaloo - Squashfs: Compute expected length from inode size rather than block length - drivers: net: lmc: fix case value for target abort error - memcg: remove memcg_cgroup::id from IDR on mem_cgroup_css_alloc() failure - scsi: fcoe: drop frames in ELS LOGO error path - scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO - [x86] scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED - mm/memory.c: check return value of ioremap_prot - sched/sysctl: Check user input value of sysctl_sched_time_avg - Cipso: cipso_v4_optptr enter infinite loop (CVE-2018-10938) - [x86] mei: don't update offset in write - cifs: add missing debug entries for kconfig options - cifs: check kmalloc before use - smb3: enumerating snapshots was leaving part of the data off end - smb3: Do not send SMB3 SET_INFO if nothing changed - smb3: don't request leases in symlink creation and query - [arm64] kprobes: Fix %p uses in error messages - [arm64] mm: check for upper PAGE_SHIFT bits in pfn_valid() - [s390x] kvm: fix deadlock when killed by oom - ext4: check for NUL characters in extended attribute's name - ext4: sysfs: print ext4_super_block fields as little-endian - ext4: reset error code in ext4_find_entry in fallback - [arm64,armhf] KVM: Skip updating PTE entry if no change - [arm64,armhf] KVM: Skip updating PMD entry if no change - [x86] speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit - [x86] speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (Closes: #907581) - [x86] speculation/l1tf: Suggest what to do on systems with too much RAM - [x86] process: Re-export start_thread() - [x86] KVM: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled - [x86] kvm/vmx: Remove duplicate l1d flush definitions - fuse: Don't access pipe->buffers without pipe_lock() - fuse: fix initial parallel dirops - fuse: fix double request_end() - fuse: fix unlocked access to processing queue - fuse: umount should wait for all requests - fuse: Fix oops at process_init_reply() - fuse: Add missed unlock_page() to fuse_readpages_fill() - udl-kms: change down_interruptible to down - udl-kms: handle allocation failure - udl-kms: fix crash due to uninitialized memory - b43legacy/leds: Ensure NUL-termination of LED name string - b43/leds: Ensure NUL-termination of LED name string - ASoC: dpcm: don't merge format from invalid codec dai - ASoC: sirf: Fix potential NULL pointer dereference - [x86] irqflags: Mark native_restore_fl extern inline - [x86] spectre: Add missing family 6 check to microcode check - [x86] speculation/l1tf: Increase l1tf memory limit for Nehalem+ (Closes: #907581) - [x86] entry/64: Wipe KASAN stack shadow before rewind_stack_do_exit() - [s390x] qdio: reset old sbal_state flags - [s390x] pci: fix out of bounds access during irq setup - kprobes: Make list and blacklist root user read only - [mips*] lib: Provide MIPS64r6 __multi3() for GCC < 7 - scsi: sysfs: Introduce sysfs_{un,}break_active_protection() - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock - iscsi target: fix session creation failure handling - [armhf] clk: rockchip: fix clk_i2sout parent selection bits on rk3399 - PM / clk: signedness bug in of_pm_clk_add_clks() - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (CVE-2018-16658) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.126 - net: 6lowpan: fix reserved space for single frames - net: mac802154: tx: expand tailroom if necessary - 9p/net: Fix zero-copy path in the 9p virtio transport - [x86] drm/i915/userptr: reject zero user_size - libertas: fix suspend and resume for SDIO connected cards - [arm64] mailbox: xgene-slimpro: Fix potential NULL pointer dereference - [ppc64el] powerpc/pseries: Fix endianness while restoring of r3 in MCE handler. - PCI: Add wrappers for dev_printk() - [ppc64el] powerpc/powernv/pci: Work around races in PCI bridge enabling - [ppc64el] cxl: Fix wrong comparison in cxl_adapter_context_get() - ib_srpt: Fix a use-after-free in srpt_close_ch() - RDMA/rxe: Set wqe->status correctly if an unexpected response is received - fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed - 9p/virtio: fix off-by-one error in sg list bounds check - net/9p/client.c: version pointer uninitialized - net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree() - dm thin: stop no_space_timeout worker when switching to write-mode - dm cache metadata: save in-core policy_hint_size to on-disk superblock - uart: fix race between uart_put_char() and uart_shutdown() - [x86] vmw_balloon: fix inflation of 64-bit GFNs - [x86] vmw_balloon: do not use 2MB without batching - [x86] vmw_balloon: VMCI_DOORBELL_SET does not check status - [x86] vmw_balloon: fix VMCI use when balloon built into kernel - [armhf] rtc: omap: fix potential crash on power off - tracing: Do not call start/stop() functions when tracing_on does not change - tracing/blktrace: Fix to allow setting same value - uprobes: Use synchronize_rcu() not synchronize_sched() - [arm64] mfd: hi655x: Fix regmap area declared size for hi655x - 9p: fix multiple NULL-pointer-dereferences - PM / sleep: wakeup: Fix build error caused by missing SRCU support - [x86] KVM: VMX: fixes for vmentry_l1d_flush module parameter - pnfs/blocklayout: off by one in bl_map_stripe() - NFSv4 client live hangs after live data migration recovery - Replace magic for trusting the secondary keyring with #define - [amd64] Fix kexec forbidding kernels signed with keys in the secondary keyring to boot - mm/tlb: Remove tlb_remove_table() non-concurrent condition - [x86] iommu/vt-d: Add definitions for PFSID - [x86] iommu/vt-d: Fix dev iotlb pfsid use - userns: move user access out of the mutex - ubifs: Fix memory leak in lprobs self-check - Revert "UBIFS: Fix potential integer overflow in allocation" - ubifs: Check data node size before truncate - ubifs: Fix synced_i_size calculation for xattr inodes - [armhf] pwm: tiehrpwm: Fix disabling of output of PWMs - fb: fix lost console when the user unplugs a USB adapter - udlfb: set optimal write delay - getxattr: use correct xattr length - [x86] libnvdimm: fix ars_status output length calculation - printk/tracing: Do not trace printk_nmi_enter() - bcache: release dc->writeback_lock properly in bch_writeback_thread() - perf auxtrace: Fix queue resize - [ppc64el] crypto: vmx - Fix sleep-in-atomic bugs - fs/quota: Fix spectre gadget in do_quotactl https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.127 - [i386] speculation/l1tf: Fix up pte->pfn conversion for PAE - act_ife: fix a potential use-after-free - ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state - net: sched: Fix memory exposure from short TCA_U32_SEL - qlge: Fix netdev features configuration. - r8169: add support for NCube 8168 network card - tcp: do not restart timewait timer on rst reception - vti6: remove !skb->ignore_df check from vti6_xmit() - sctp: hold transport before accessing its asoc in sctp_transport_get_next - vhost: correctly check the iova range when waking virtqueue - [x86] hv_netvsc: ignore devices that are not PCI - act_ife: move tcfa_lock down to where necessary - act_ife: fix a potential deadlock - net: sched: action_ife: take reference to meta module - cifs: check if SMB2 PDU size has been padded and suppress the warning - hfsplus: don't return 0 when fill_super() failed - hfs: prevent crash on exit from failed search - sunrpc: Don't use stack buffer with scatterlist - fork: don't copy inconsistent signal handler state to child - reiserfs: change j_timestamp type to time64_t - hfsplus: fix NULL dereference in hfsplus_lookup() (CVE-2018-14617) - fat: validate ->i_start before using - scripts: modpost: check memory allocation results - virtio: pci-legacy: Validate queue pfn - mm/fadvise.c: fix signed overflow UBSAN complaint - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() - [mips*] mfd: sm501: Set coherent_dma_mask when creating subdevices - [x86] platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 - net/9p/trans_fd.c: fix race by holding the lock - net/9p: fix error path of p9_virtio_probe - [ppc64el] perf probe powerpc: Fix trace event post-processing - block: bvec_nr_vecs() returns value for wrong slab - [s390x] dasd: fix hanging offline processing due to canceled worker - [s390x] dasd: fix panic for failed online processing - [x86] ACPI / scan: Initialize status to ACPI_STA_DEFAULT - scsi: aic94xx: fix an error code in aic94xx_init() - [armel,armhf] PCI: mvebu: Fix I/O space end address calculation - dm kcopyd: avoid softlockup in run_complete_job - RDS: IB: fix 'passing zero to ERR_PTR()' warning - smb3: fix reset of bytes read and written stats - SMB3: Number of requests sent should be displayed for SMB3 not just CIFS - [ppc64el] powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX. - [armhf] clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399 - btrfs: replace: Reset on-disk dev stats value after replace - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (CVE-2018-14609) - btrfs: Don't remove block group that still has pinned down bytes - [arm64] rockchip: Force CONFIG_PM on Rockchip systems - [arm*] rockchip: Force CONFIG_PM on Rockchip systems - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80 - tcp: Revert "tcp: tcp_probe: use spin_lock_bh()" - [i386] pae: use 64 bit atomic xchg function in native_ptep_get_and_clear - irda: Fix memory leak caused by repeated binds of irda socket (CVE-2018-6554) - irda: Only insert new objects into the global database via setsockopt (CVE-2018-6555) - enic: do not call enic_change_mtu in enic_probe - Fix backport of "mm: numa: avoid waiting on freed migrated pages" - sch_htb: fix crash on init failure - sch_multiq: fix double free on init failure - sch_hhf: fix null pointer dereference on init failure - sch_netem: avoid null pointer deref on init failure - sch_tbf: fix two null pointer dereferences on init failure - [x86] mei: me: allow runtime pm for platform with D0i3 - [s390x] lib: use expoline for all bcr instructions - btrfs: use correct compare function of dirty_metadata_bytes - [arm64] Fix mismatched cache line size detection - [arm64] Handle mismatched cache type https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.128 - [x86] i2c: i801: fix DNV's SMBCTRL register offset - [s390x] KVM: s390: vsie: copy wrapping keys to right place - ALSA: hda - Fix cancel_work_sync() stall from jackpoll work - cfq: Give a chance for arming slice idle timer in case of group_idle - kthread: Fix use-after-free if kthread fork fails - [mips*] kthread: fix boot hang (regression) on MIPS/OpenRISC - [x86] staging: rt5208: Fix a sleep-in-atomic bug in xd_copy_page - [x86] staging/rts5208: Fix read overflow in memcpy - IB/rxe: do not copy extra stack memory to skb - block,blkcg: use __GFP_NOWARN for best-effort allocations in blkcg - nl80211: fix null-ptr dereference on invalid mesh configuration - locking/rwsem-xadd: Fix missed wakeup due to reordering of load - selinux: use GFP_NOWAIT in the AVC kmem_caches - locking/osq_lock: Fix osq_lock queue corruption - mm, vmscan: clear PGDAT_WRITEBACK when zone is balanced - mm: remove seemingly spurious reclaimability check from laptop_mode gating - [amd64] misc: mic: SCIF Fix scif_get_new_port() error handling - Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV - [arm64,armhf] gpio: tegra: Move driver registration to subsys_init level - scsi: target: fix __transport_register_session locking - md/raid5: fix data corruption of replacements after originals dropped - timers: Clear timer_base::must_forward_clk with timer_base::lock held - [arm64,armhf] misc: ti-st: Fix memory leak in the error path of probe() - uio: potential double frees if __uio_register_device() fails - [x86] tty: rocket: Fix possible buffer overwrite on register_PCI - f2fs: do not set free of current section - perf tools: Allow overriding MAX_NR_CPUS at compile time - NFSv4.0 fix client reference leak in callback - ath9k: report tx status on EOSP - ath9k_hw: fix channel maximum power level test - ath10k: prevent active scans on potential unusable channels - [arm64,armhf] wlcore: Set rx_status boottime_ns field on rx - [mips*] Fix ISA virt/bus conversion for non-zero PHYS_OFFSET - ata: libahci: Correct setting of DEVSLP register - scsi: 3ware: fix return 0 on the error path of probe - ath10k: disable bundle mgmt tx completion event support - Bluetooth: hidp: Fix handling of strncpy for hid->name information - [x86] mm: Remove in_nmi() warning from vmalloc_fault() - [x86] gpio: ml-ioh: Fix buffer underwrite on probe error path - [armhf] net: mvneta: fix mtu change on port without link - f2fs: try grabbing node page lock aggressively in sync scenario - f2fs: fix to skip GC if type in SSA and SIT is inconsistent - [x86] tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) - f2fs: fix to do sanity check with reserved blkaddr of inline inode (CVE-2018-13099) - [mips*] Octeon: add missing of_node_put() - [mips*] generic: fix missing of_node_put() - net: dcb: For wild-card lookups, use priority -1, not 0 - Input: atmel_mxt_ts - only use first T9 instance - [ppc64el] partitions/aix: append null character to print data from disk - [ppc64el] partitions/aix: fix usage of uninitialized lv_info and lvname structures - f2fs: Fix uninitialized return in f2fs_ioc_shutdown() - [armhf] mfd: ti_am335x_tscadc: Fix struct clk memory leak - f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize - NFSv4.1: Fix a potential layoutget/layoutrecall deadlock - [mips*] WARN_ON invalid DMA cache maintenance, not BUG_ON - RDMA/cma: Do not ignore net namespace for unbound cm_id - xhci: Fix use-after-free in xhci_free_virt_device - netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user - mtd: ubi: wl: Fix error return code in ubi_wl_init() - autofs: fix autofs_sbi() does not check super block type - mm: get rid of vmacache_flush_all() entirely (CVE-2018-17182) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.129 - be2net: Fix memory leak in be_cmd_get_profile_config() - rds: fix two RCU related problems - net/mlx5: Fix use-after-free in self-healing flow - net/mlx5: Fix debugfs cleanup in the device init/remove flow - [arm64] iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register - [i386] ALSA: msnd: Fix the default sample sizes - ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro - xfrm: fix 'passing zero to ERR_PTR()' warning - gfs2: Special-case rindex for gfs2_grow - clk: clk-fixed-factor: Clear OF_POPULATED flag in case of failure - media: tw686x: Fix oops on buffer alloc failure - [armhf] dmaengine: pl330: fix irq race with terminate_all - media: videobuf2-core: check for q->error in vb2_core_qbuf() - IB/rxe: Drop QP0 silently - gfs2: Don't reject a supposedly full bitmap if we have blocks reserved - fbdev: Distinguish between interlaced and progressive modes - [ppc64el] powerpc/powernv: opal_put_chars partial write fix - mac80211: restrict delayed tailroom needed decrement - Smack: Fix handling of IPv4 traffic received by PF_INET6 sockets - [arm64,armhf] efi/arm: preserve early mapping of UEFI memory map longer for BGRT - nfp: avoid buffer leak when FW communication fails - xen-netfront: fix queue name setting - [arm64] dts: qcom: db410c: Fix Bluetooth LED trigger - [arm64] dts: qcom: msm8974-hammerhead: increase load on l20 for sdhci - [s390x] qeth: fix race in used-buffer accounting - [s390x] qeth: reset layer2 attribute on layer switch - [arm64,armhf] KVM: arm/arm64: Fix vgic init race - drivers/base: stop new probing during shutdown - [arm64] dmaengine: mv_xor_v2: kill the tasklets upon exit - xen-netfront: fix warn message as irq device name has '/' - RDMA/cma: Protect cma dev list with lock - [x86] pstore: Fix incorrect persistent ram buffer mapping - xen/netfront: fix waiting for xenbus state change - [armhf] mmc: omap_hsmmc: fix wakeirq handling on removal - misc: hmc6352: fix potential Spectre v1 - usb: Don't die twice if PCI xhci host is not responding in resume - [x86] mei: ignore not found client in the enumeration - USB: Add quirk to support DJI CineSSD - usb: uas: add support for more quirk flags - usb: Avoid use-after-free by flushing endpoints early in usb_set_interface() - usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in u132_get_frame() - USB: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB controller - USB: net2280: Fix erroneous synchronization change - USB: serial: io_ti: fix array underflow in completion handler - usb: misc: uss720: Fix two sleep-in-atomic-context bugs - USB: serial: ti_usb_3410_5052: fix array underflow in completion handler - USB: yurex: Fix buffer over-read in yurex_write() - usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt() - Revert "cdc-acm: implement put_char() and flush_chars()" - cifs: prevent integer overflow in nxt_dir_entry() - CIFS: fix wrapping bugs in num_entries() - perf/core: Force USER_DS when recording user stack data - NFSv4.1 fix infinite loop on I/O. - binfmt_elf: Respect error return from `regset->active' - audit: fix use-after-free in audit_add_watch - mtdchar: fix overflows in adjustment of `count` - configfs: fix registered group removal - efi/esrt: Only call efi_mem_reserve() for boot services memory - [armhf] gpu: ipu-v3: csi: pass back mbus_code_to_bus_cfg error codes - [arm64,armhf] mmc: tegra: prevent HS200 on Tegra 3 - mmc: sdhci: do not try to use 3.3V signaling if not supported - drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping - [amd64] drm/amdkfd: Fix error codes in kfd_get_process - ALSA: pcm: Fix snd_interval_refine first/last with open min/max - [arm64] pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant - [x86] mei: bus: type promotion bug in mei_nfc_if_version() - [mips*] VDSO: Match data page cache colouring when D$ aliases - Fix link state change interrupts identification (Closes: #896911) + e1000e: Remove Other from EIAC + Partial revert "e1000e: Avoid receiver overrun interrupt bursts" + e1000e: Fix queue interrupt re-raising in Other interrupt + e1000e: Avoid missed interrupts following ICR read + Revert "e1000e: Separate signaling for link check/link up" + e1000e: Fix link check race condition https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.130 - [x86] NFC: Fix possible memory corruption when handling SHDLC I-Frame commands - NFC: Fix the number of pipes - ALSA: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at error path - ALSA: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping - ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO - ALSA: firewire-digi00x: fix memory leak of private data - ALSA: firewire-tascam: fix memory leak of private data - ALSA: fireworks: fix memory leak of response buffer at error path - ALSA: oxfw: fix memory leak for model-dependent data at error path - ALSA: oxfw: fix memory leak of discovered stream formats at error path - ALSA: oxfw: fix memory leak of private data - [x86] platform/x86: alienware-wmi: Correct a memory leak - xen/netfront: don't bug in case of too many frags - [x86] xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code - Revert "PCI: Add ACS quirk for Intel 300 series" - ring-buffer: Allow for rescheduling when removing pages - mm: shmem.c: Correctly annotate new inodes for lockdep - gso_segment: Reset skb->mac_len after modifying network header - ipv6: fix possible use-after-free in ip6_xmit() - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT - [x86] net: hp100: fix always-true check for link up state - udp4: fix IP_CMSG_CHECKSUM for connected sockets - neighbour: confirm neigh entries when ARP packet is received - ocfs2: fix ocfs2 read block panic - drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement - drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect() - drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early - [arm64,armhf] drm/vc4: Fix the "no scaling" case on multi-planar YUV formats - tty: vt_ioctl: fix potential Spectre v1 - ext4: check to make sure the rename(2)'s destination is not freed - ext4: avoid divide by zero fault when deleting corrupted inline directories - ext4: recalucate superblock checksum after updating free blocks/inodes - ext4: fix online resize's handling of a too-small final block group - ext4: fix online resizing for bigalloc file systems with a 1k block size - ext4: don't mark mmp buffer head dirty - ext4: show test_dummy_encryption mount option in /proc/mounts - sched/fair: Fix vruntime_normalized() for remote non-migration wakeup - HID: sony: Update device ids - HID: sony: Support DS4 dongle - [arm64] PCI: aardvark: Size bridges before resources allocation - vmw_balloon: include asm/io.h - iw_cxgb4: only allow 1 flush on user qps [ Salvatore Bonaccorso ] * [rt] Update to 4.9.115-rt93 * [rt] Drop 0145-stop_machine-Use-raw-spinlocks.patch patch * [rt] Drop 0144-stop_machine-convert-stop_machine_run-to-PREEMPT_RT.patch patch * [rt] Refresh 0225-fs-dcache-use-swait_queue-instead-of-waitqueue.patch patch * [rt] Refresh 0156-softirq-Split-softirq-locks.patch patch for context changes in 4.9.120 * [rt] Refresh 0161-softirq-wake-the-timer-softirq-if-needed.patch for context changes in 4.9.120 * [rt] Refresh 0001-timer-make-the-base-lock-raw.patch for context changes in 4.9.128 * [rt] Refresh 0162-timers-Don-t-wake-ktimersoftd-on-every-tick.patch for context changes in 4.9.128 * [rt] Refresh 0163-Revert-timers-Don-t-wake-ktimersoftd-on-every-tick.patch for context changes in 4.9.128 * [rt] Refresh 0246-irqwork-push-most-work-into-softirq-context.patch for context changes in 4.9.128 * [rt] Refresh 0247-irqwork-Move-irq-safe-work-to-irq-context.patch for context changes in 4.9.128 * NFC: Ignore ABI changes [ Ben Hutchings ] * [arm64] cpucaps: Avoid ABI changes in 4.9.114 * iio: Avoid ABI change in 4.9.111 * exec: Avoid ABI change in 4.9.116 * net: Avoid ABI change in 4.9.115 * Revert "netfilter: ipv6: nf_defrag: reduce struct net memory waste" to avoid an ABI change * Revert core changes in "tcp: remove DELAYED ACK events in DCTCP" to avoid an ABI change * string: Avoid ABI change in 4.9.114 * Revert "proc/sysctl: prune stale dentries during unregistering" etc. to avoid an ABI change * tcp: Avoid ABI change in 4.9.116 * vmw_vsock: Ignore ABI changes * loop: Ignore ABI changes * KVM: Ignore ABI changes on all architectures * xen: Ignore ABI changes * [x86] cpu: Avoid ABI change in 4.9.125 * [mips*] Revert "MIPS: Correct the 64-bit DSP accumulator register size" temporarily to avoid an ABI change * debian/control: Point Vcs URLs to Salsa * README.Debian: Update URLs that were pointing to Alioth * mm: Avoid ABI change in 4.9.128 [ Moritz Muehlenhoff ] * megaraid_sas: Add support for Perc 740P/840 (Closes: #890034) -- Salvatore Bonaccorso Wed, 10 Oct 2018 07:14:31 +0200 linux (4.9.110-3+deb9u6) stretch-security; urgency=high * [arm64] KVM: Tighten guest core register access from userspace (CVE-2018-18021) * [arm64] KVM: Sanitize PSTATE.M when being set from userspace (CVE-2018-18021) * xen-netback: fix input validation in xenvif_set_hash_mapping() (CVE-2018-15471) -- Salvatore Bonaccorso Mon, 08 Oct 2018 08:05:17 +0200 linux (4.9.110-3+deb9u5) stretch-security; urgency=high [ Salvatore Bonaccorso ] * irda: Fix memory leak caused by repeated binds of irda socket (CVE-2018-6554) * irda: Only insert new objects into the global database via setsockopt (CVE-2018-6555) * mm: get rid of vmacache_flush_all() entirely (CVE-2018-17182) * floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl (CVE-2018-7755) * Bluetooth: hidp: buffer overflow in hidp_process_report (CVE-2018-9363) * ALSA: rawmidi: Change resized buffers atomically (CVE-2018-10902) * scsi: target: iscsi: Use hex2bin instead of a re-implementation (CVE-2018-14633) * [x86] entry/64: Remove %ebx handling from error_entry/exit (CVE-2018-14678) * infiniband: fix a possible use-after-free bug (CVE-2018-14734) * [x86] speculation: Protect against userspace-userspace spectreRSB (CVE-2018-15572) * [x86] paravirt: Fix spectre-v2 mitigations for paravirt guests (CVE-2018-15594) [ Ben Hutchings ] * mm: Avoid ABI change for CVE-2018-17182 fix * HID: debug: check length before copy_to_user() (CVE-2018-9516) * Cipso: cipso_v4_optptr enter infinite loop (CVE-2018-10938) * f2fs: fix to do sanity check with reserved blkaddr of inline inode (CVE-2018-13099) * btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (CVE-2018-14609) * hfsplus: fix NULL dereference in hfsplus_lookup() (CVE-2018-14617) * USB: yurex: fix out-of-bounds uaccess in read handler (CVE-2018-16276) * cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (CVE-2018-16658) -- Ben Hutchings Sun, 30 Sep 2018 17:37:51 +0100 linux (4.9.110-3+deb9u4) stretch-security; urgency=high * init: rename and re-order boot_cpu_state_init() Adresses boot failures on arm* systems. (Closes: #906769) * Sync "cpu/hotplug: Boot HT siblings at least once" from 4.9.120 * Sync "cpu/hotplug: Non-SMP machines do not make use of booted_once" from 4.9.120 * Refresh features/all/rt/0157-softirq-Split-softirq-locks.patch patch. Adjust context after applying "init: rename and re-order boot_cpu_state_init()". -- Salvatore Bonaccorso Tue, 21 Aug 2018 16:50:09 +0200 linux (4.9.110-3+deb9u3) stretch-security; urgency=high [ Salvatore Bonaccorso ] * Add L1 Terminal Fault fixes (CVE-2018-3620, CVE-2018-3646) - [x86] speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT - [x86] mm: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1 - [x86] speculation/l1tf: Change order of offset/type in swap entry - [x86] speculation/l1tf: Protect swap entries against L1TF - [x86] speculation/l1tf: Protect PROT_NONE PTEs against speculation - [x86] speculation/l1tf: Make sure the first page is always reserved - [x86] speculation/l1tf: Add sysfs reporting for l1tf - [x86] speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings - [x86] speculation/l1tf: Limit swap file size to MAX_PA/2 - [x86] bugs: Move the l1tf function and define pr_fmt properly - [x86] smp: Provide topology_is_primary_thread() - [x86] topology: Provide topology_smt_supported() - cpu/hotplug: Make bringup/teardown of smp threads symmetric - cpu/hotplug: Split do_cpu_down() - cpu/hotplug: Provide knobs to control SMT - [x86] cpu: Remove the pointless CPU printout - [x86] cpu/AMD: Remove the pointless detect_ht() call - [x86] cpu/common: Provide detect_ht_early() - [x86] cpu/topology: Provide detect_extended_topology_early() - [x86] cpu/intel: Evaluate smp_num_siblings early - [x86] CPU/AMD: Do not check CPUID max ext level before parsing SMP info - [x86] cpu/AMD: Evaluate smp_num_siblings early - [x86] apic: Ignore secondary threads if nosmt=force - [x86] speculation/l1tf: Extend 64bit swap file size limit - [x86] cpufeatures: Add detection of L1D cache flush support. - [x86] CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings - [x86] speculation/l1tf: Protect PAE swap entries against L1TF - [x86] speculation/l1tf: Fix up pte->pfn conversion for PAE - Revert "[x86] apic: Ignore secondary threads if nosmt=force" - cpu/hotplug: Boot HT siblings at least once - [x86] KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present - [x86] KVM/VMX: Add module argument for L1TF mitigation - [x86] KVM/VMX: Add L1D flush algorithm - [x86] KVM/VMX: Add L1D MSR based flush - [x86] KVM/VMX: Add L1D flush logic - kvm: nVMX: Update MSR load counts on a VMCS switch - [x86] KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers - [x86] KVM/VMX: Add find_msr() helper function - [x86] KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting - [x86] KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs - [x86] KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required - cpu/hotplug: Online siblings when SMT control is turned on - [x86] litf: Introduce vmx status variable - [x86] kvm: Drop L1TF MSR list approach - [x86] l1tf: Handle EPT disabled state proper - [x86] kvm: Move l1tf setup function - [x86] kvm: Add static key for flush always - [x86] kvm: Serialize L1D flush parameter setter - [x86] kvm: Allow runtime control of L1D flush - cpu/hotplug: Expose SMT control init function - cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early - [x86] bugs, kvm: Introduce boot-time control of L1TF mitigations - Documentation: Add section about CPU vulnerabilities - [x86] KVM/VMX: Initialize the vmx_l1d_flush_pages' content - Documentation/l1tf: Fix typos - cpu/hotplug: detect SMT disabled by BIOS - [x86] KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush() - [x86] KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' - [x86] KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() - [x86] irq: Demote irq_cpustat_t::__softirq_pending to u16 - [x86] KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d - [x86] Don't include linux/irq.h from asm/hardirq.h - [x86] irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d - [x86] KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr() - Documentation/l1tf: Remove Yonah processors from not vulnerable list - [x86] KVM: x86: Add a framework for supporting MSR-based features - KVM: SVM: Add MSR-based feature support for serializing LFENCE - [x86] KVM: X86: Introduce kvm_get_msr_feature() - [x86] KVM: X86: Allow userspace to define the microcode version - KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR - [x86] speculation: Simplify sysfs report of VMX L1TF vulnerability - [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry - KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry - cpu/hotplug: Fix SMT supported evaluation - [x86] speculation/l1tf: Invert all not present mappings - [x86] speculation/l1tf: Make pmd/pud_mknotpresent() invert - [x86] mm/pat: Make set_memory_np() L1TF safe - [x86] mm/kmmio: Make the tracer robust against L1TF - tools headers: Synchronise x86 cpufeatures.h for L1TF additions - [x86] microcode: Do not upload microcode if CPUs are offline - [x86] microcode: Allow late microcode loading with SMT disabled - [x86] smp: fix non-SMP broken build due to redefinition of apic_id_is_primary_thread - cpu/hotplug: Non-SMP machines do not make use of booted_once - [x86] init: fix build with CONFIG_SWAP=n - [x86] speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures - [x86] cpu/amd: Limit cpu_core_id fixup to families older than F17h - [x86] CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present - [x86] l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled - [x86] i8259: Add missing include file - [x86] speculation/l1tf: Exempt zeroed PTEs from inversion [ Yves-Alexis Perez ] * [rt] refresh 0284-cpu-rt-Rework-cpu-down-for-PREEMPT_RT and 0286-kernel-cpu-fix-cpu-down-problem-if-kthread-s-cpu-is- context after applying L1TF fixes. * [rt] update 0281-random-Make-it-work-on-rt to fix builds with recent compilers. [ Ben Hutchings ] * Bump ABI to 8 -- Salvatore Bonaccorso Sun, 19 Aug 2018 15:36:38 +0200 linux (4.9.110-3+deb9u2) stretch-security; urgency=high * Revert "net: increase fragment memory usage limits" -- Salvatore Bonaccorso Mon, 13 Aug 2018 21:31:37 +0200 linux (4.9.110-3+deb9u1) stretch-security; urgency=high [ Romain Perier ] * fs: Fix up non-directory creation in SGID directories (CVE-2018-13405) [ Salvatore Bonaccorso ] * tcp: free batches of packets in tcp_prune_ofo_queue() * tcp: avoid collapses in tcp_prune_queue() if possible * tcp: detect malicious patterns in tcp_collapse_ofo_queue() * tcp: call tcp_drop() from tcp_data_queue_ofo() -- Salvatore Bonaccorso Fri, 03 Aug 2018 20:30:23 +0200 linux (4.9.110-3) stretch; urgency=medium [ Salvatore Bonaccorso ] * cdc_ncm: avoid padding beyond end of skb (Closes: #893393) * Revert "sit: reload iphdr in ipip6_rcv" (Closes: #903776) -- Ben Hutchings Mon, 23 Jul 2018 17:47:13 +0100 linux (4.9.110-2) stretch; urgency=medium [ Cyril Brulebois ] * udeb: Add virtio_console to virtio-modules (Closes: #903122). [ Ben Hutchings ] * [x86] xen: Fix boot regression in PV domains (Closes: #903767): - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths - x86/cpu: Re-apply forced caps every time CPU caps are re-read * ext4: fix false negatives *and* false positives in ext4_check_descriptors() (Closes: #903838) * xen-netfront: Fix regressions in 4.9.104 (Closes: #903914): - Fix mismatched rtnl_unlock - Update features after registering netdev -- Ben Hutchings Wed, 18 Jul 2018 18:57:56 +0100 linux (4.9.110-1) stretch; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.108 - tpm: do not suspend/resume if power stays on - tpm: self test failure should not cause suspend to fail - mmap: introduce sane default mmap limits - mmap: relax file size limit for regular files - btrfs: define SUPER_FLAG_METADUMP_V2 - drm: set FMODE_UNSIGNED_OFFSET for drm files - bnx2x: use the right constant - dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect() - enic: set DMA mask to 47 bit - ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds - ipv4: remove warning in ip_recv_error - isdn: eicon: fix a missing-check bug - net/packet: refine check for priv area size - net: usb: cdc_mbim: add flag FLAG_SEND_ZLP - packet: fix reserve calculation - qed: Fix mask for physical address in ILT entry - sctp: not allow transport timeout value less than HZ/5 for hb_timer - team: use netdev_features_t instead of u32 - vhost: synchronize IOTLB message with dev cleanup - vrf: check the original netdevice for generating redirect - net/mlx4: Fix irq-unsafe spinlock usage - rtnetlink: validate attributes in do_setlink() - net: phy: broadcom: Fix bcm_write_exp() - net: metrics: add proper netlink validation - dm bufio: avoid false-positive Wmaybe-uninitialized warning - objtool: complete e390f9a port for v4.9.106 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.109 - [x86] fpu: Hard-disable lazy FPU mode - bonding: correctly update link status during mii-commit phase - bonding: fix active-backup transition - bonding: require speed/duplex only for 802.3ad, alb and tlb - nvme-pci: initialize queue memory before interrupts - af_key: Always verify length of provided sadb_key - [x86] crypto, x86/fpu: Remove X86_FEATURE_EAGER_FPU #ifdef from the crc32c code - nvmet: Move serial number from controller to subsystem - nvmet: don't report 0-bytes in serial number - nvmet: don't overwrite identify sn/fr with 0-bytes - gpio: No NULL owner - [x86] KVM: introduce linear_{read,write}_system - [x86] KVM: pass kvm_vcpu to kvm_read_guest_virt and kvm_write_guest_virt_system - usbip: vhci_sysfs: fix potential Spectre v1 (CVE-2017-5753) - [armhf] serial: samsung: fix maxburst parameter for DMA transactions - [armhf] serial: 8250: omap: Fix idling of clocks for unused uarts - [x86] vmw_balloon: fixing double free when batching mode is off - [armhf,arm64] tty: pl011: Avoid spuriously stuck-off interrupts - [x86] kvm: use correct privilege level for sgdt/sidt/fxsave/fxrstor access (CVE-2018-10853) - [powerpc*] crypto: vmx - Remove overly verbose printk from AES init routines - [armhf] crypto: omap-sham - fix memleak https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.110 - xfrm6: avoid potential infinite loop in _decode_session6() - netfilter: ebtables: handle string from userspace with care - ipvs: fix buffer overflow with sync daemon and service - iwlwifi: pcie: compare with number of IRQs requested for, not number of CPUs - atm: zatm: fix memcmp casting - [x86] platform: asus-wmi: Fix NULL pointer dereference - Revert "Btrfs: fix scrub to repair raid6 corruption" - tcp: do not overshoot window_clamp in tcp_rcv_space_adjust() - Btrfs: make raid6 rebuild retry more - [armhf] usb: musb: fix remote wakeup racing with suspend - bonding: re-evaluate force_primary when the primary slave name changes - ipv6: allow PMTU exceptions to local routes - net/sched: act_simple: fix parsing of TCA_DEF_DATA - tcp: verify the checksum of the first data segment in a new connection - ext4: fix hole length detection in ext4_ind_map_blocks() - ext4: update mtime in ext4_punch_hole even if no blocks are released - ext4: fix fencepost error in check for inode count overflow during resize - driver core: Don't ignore class_dir_create_and_add() failure. - Btrfs: fix clone vs chattr NODATASUM race - Btrfs: fix memory and mount leak in btrfs_ioctl_rm_dev_v2() - btrfs: scrub: Don't use inode pages for device replace - ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream() - smb3: on reconnect set PreviousSessionId field - cpufreq: Fix new policy initialization during limits updates via sysfs - libata: zpodd: make arrays cdb static, reduces object code size - libata: zpodd: small read overflow in eject_tray() - libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk - [x86] HID: intel_ish-hid: ipc: register more pm callbacks to support hibernation - vhost: fix info leak due to uninitialized memory (CVE-2018-1118) - fs/binfmt_misc.c: do not allow offset overflow [ Ben Hutchings ] * netfilter: xt_hashlimit: Fix integer divide round to zero. (Closes: #872907) * [arm64,powerpc*,x86] drm/ast: Add support for new chips and boards (Closes: #860900): - drm/ast: const'ify mode setting tables - drm/ast: Remove spurrious include - drm/ast: Fix calculation of MCLK - drm/ast: Base support for AST2500 - drm/ast: Fixed vram size incorrect issue on POWER - drm/ast: Factor mmc_test code in POST code - drm/ast: Rename ast_init_dram_2300 to ast_post_chip_2300 - drm/ast: POST code for the new AST2500 * ext4: add corruption check in ext4_xattr_set_entry() (CVE-2018-10879) * ext4: always verify the magic number in xattr blocks (CVE-2018-10879) * ext4: always check block group bounds in ext4_init_block_bitmap() (CVE-2018-10878) * ext4: make sure bitmaps and the inode table don't overlap with bg descriptors (CVE-2018-10878) * ext4: only look at the bg_flags field if it is valid (CVE-2018-10876) * ext4: verify the depth of extent tree in ext4_find_extent() (CVE-2018-10877) * ext4: clear i_data in ext4_inode_info when removing inline data (CVE-2018-10881) * ext4: never move the system.data xattr out of the inode body (CVE-2018-10880) * jbd2: don't mark block as modified if the handle is out of credits (CVE-2018-10883) * ext4: avoid running out of journal credits when appending to an inline file (CVE-2018-10883) * ext4: add more inode number paranoia checks (CVE-2018-10882) * sr: pass down correctly sized SCSI sense buffer (CVE-2018-11506) * nvme: Ignore ABI changes * tpm: Ignore ABI changes [ Romain Perier ] * jfs: Fix inconsistency between memory allocation and ea_buf->max_size (CVE-2018-12233) -- Ben Hutchings Thu, 05 Jul 2018 02:29:30 +0100 linux (4.9.107-1) stretch; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.89 - drm: qxl: Don't alloc fbdev if emulation is not supported - selinux: check for address length in selinux_socket_bind() - [x86] x86/mm: Make mmap(MAP_32BIT) work correctly - perf sort: Fix segfault with basic block 'cycles' sort dimension - [x86] x86/mce: Handle broadcasted MCE gracefully with kexec - ath10k: fix fetching channel during potential radar detection - usb: misc: lvs: fix race condition in disconnect handling - zd1211rw: fix NULL-deref at probe - batman-adv: handle race condition for claims between gateways - [x86] x86/boot/32: Defer resyncing initial_page_table until per-cpu is set up - media: i2c/soc_camera: fix ov6650 sensor getting wrong clock - timers, sched_clock: Update timeout for clock wrap - sched: act_csum: don't mangle TCP and UDP GSO packets - PCI: hv: Properly handle PCI bus remove - PCI: hv: Lock PCI bus on device eject - i40e/i40evf: Fix use after free in Rx cleanup path - scsi: be2iscsi: Check tag in beiscsi_mccq_compl_wait - mm: Fix false-positive VM_BUG_ON() in page_cache_{get,add}_speculative() - f2fs: relax node version check for victim data in gc - drm/ttm: never add BO that failed to validate to the LRU list - powerpc/mm/hugetlb: Filter out hugepage size not supported by page table layout - NFC: nfcmrvl: double free on error path - [powerpc*] powerpc: Avoid taking a data miss on every userspace instruction miss - printk: Correctly handle preemption in console_unlock() - drm: rcar-du: Handle event when disabling CRTCs - apparmor: Make path_max parameter readonly - iommu/iova: Fix underflow bug in __alloc_and_insert_iova_range - kvm: nVMX: Disallow userspace-injected exceptions in guest mode - [mips*] MIPS: BPF: Quit clobbering callee saved registers in JIT code. - [mips*] MIPS: BPF: Fix multiple problems in JIT skb access helpers. - [mips*] MIPS: r2-on-r6-emu: Fix BLEZL and BGTZL identification - [mips*] MIPS: r2-on-r6-emu: Clear BLTZALL and BGEZALL debugfs counters - v4l: vsp1: Prevent multiple streamon race commencing pipeline early - regulator: isl9305: fix array size - md/raid6: Fix anomily when recovering a single device in RAID6. - [powerpc*] powerpc/nohash: Fix use of mmu_has_feature() in setup_initial_memory_limit() - usb: dwc2: Make sure we disconnect the gadget state - [arm*] drivers/perf: arm_pmu: handle no platform_device - [x86] kprobes/x86: Set kprobes pages read-only - Bluetooth: Avoid bt_accept_unlink() double unlinking - Bluetooth: 6lowpan: fix delay work init in add_peer_chan() - wil6210: fix memory access violation in wil_memcpy_from/toio_32 - sched: Stop switched_to_rt() from sending IPIs to offline CPUs - sched: Stop resched_cpu() from sending IPIs to offline CPUs - mwifiex: cfg80211: do not change virtual interface during scan processing - media: cpia2: Fix a couple off by one bugs - drm/amdkfd: Fix memory leaks in kfd topology - [i386] x86/boot/32: Fix UP boot on Quark and possibly other platforms - [i386] x86/vm86/32: Fix POPF emulation - [i386] x86/speculation, objtool: Annotate indirect calls/jumps for objtool on 32-bit kernels - [x86] x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist - [x86] x86/mm: Fix vmalloc_fault to use pXd_large - ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats() - ALSA: seq: Fix possible UAF in snd_seq_check_queue() - fs: Teach path_connected to handle nfs filesystems with multiple roots. - lock_parent() needs to recheck if dentry got __dentry_kill'ed under it - btrfs: alloc_chunk: fix DUP stripe size handling - btrfs: Fix use-after-free when cleaning up fs_devs with a single stale device https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.90 - tpm: fix potential buffer overruns caused by bit glitches on the bus - SMB3: Validate negotiate request must always be signed - CIFS: Enable encryption during session setup phase (CVE-2018-1066) - ath: Fix updating radar flags for coutry code India - mwifiex: don't leak 'chan_stats' on reset - [x86] x86/reboot: Turn off KVM when halting a CPU - IB/ipoib: Fix deadlock between ipoib_stop and mcast join flow - HSI: ssi_protocol: double free in ssip_pn_xmit() - IB/mlx4: Take write semaphore when changing the vma struct - IB/mlx4: Change vma from shared to private - IB/mlx5: Take write semaphore when changing the vma struct - IB/mlx5: Change vma from shared to private - ibmvnic: Disable irq prior to close - netfilter: xt_CT: fix refcnt leak on error path - tipc: check return value of nlmsg_new - wan: pc300too: abort path on failure - qlcnic: fix unchecked return value - infiniband/uverbs: Fix integer overflows - pNFS: Fix use after free issues in pnfs_do_read() - xprtrdma: Cancel refresh worker during buffer shutdown - NFS: don't try to cross a mountpount when there isn't one there. - mt7601u: check return value of alloc_skb - libertas: check return value of alloc_workqueue - rndis_wlan: add return value validation - Btrfs: fix incorrect space accounting after failure to insert inline extent - Btrfs: send, fix file hole not being preserved due to inline extent - Btrfs: fix extent map leak during fallocate error path - mac80211: don't parse encrypted management frames in ieee80211_frame_acked - mtip32xx: use runtime tag to initialize command header - [x86] x86/KASLR: Fix kexec kernel boot crash when KASLR randomization fails - mac80211: Fix possible sband related NULL pointer de-reference - netfilter: x_tables: unlock on error in xt_find_table_lock() - IB/hfi1: Fix softlockup issue - ipmi/watchdog: fix wdog hang on panic waiting for ipmi response - drm/amdgpu: fix gpu reset crash - qed: Unlock on error in qed_vf_pf_acquire() - bnx2x: Align RX buffers - [ppc*] power: supply: isp1704: Fix unchecked return value of devm_kzalloc - [ppc*] power: supply: pda_power: move from timer to delayed_work - md/raid10: skip spare disk as 'first' disk - ACPI / power: Delay turning off unused power resources after suspend - tcm_fileio: Prevent information leak for short reads - video: fbdev: udlfb: Fix buffer on stack - sm501fb: don't return zero on failure path in sm501fb_start() - pNFS: Fix a deadlock when coalescing writes and returning the layout - net: hns: fix ethtool_get_strings overflow in hns driver - cifs: small underflow in cnvrtDosUnixTm() - ath10k: fix out of bounds access to local buffer - block/mq: Cure cpu hotplug lock inversion - Bluetooth: btqcomsmd: Fix skb double free corruption - media: c8sectpfe: fix potential NULL pointer dereference in c8sectpfe_timer_interrupt - drm/msm: fix leak in failed get_pages - RDMA/iwpm: Fix uninitialized error code in iwpm_send_mapinfo() - rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled. - media: bt8xx: Fix err 'bt878_probe()' - dmaengine: zynqmp_dma: Fix race condition in the probe - drm/tilcdc: ensure nonatomic iowrite64 is not used - mmc: avoid removing non-removable hosts during suspend - IB/ipoib: Avoid memory leak if the SA returns a different DGID - RDMA/cma: Use correct size when writing netlink stats - iommu/vt-d: clean up pr_irq if request_threaded_irq fails - RDMA/ocrdma: Fix permissions for OCRDMA_RESET_STATS - IB/mlx5: Fix out-of-bounds read in create_raw_packet_qp_rq - RDMA/ucma: Fix access to non-initialized CM_ID object https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.91 - libata: fix length validation of ATAPI-relayed SCSI commands - libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs - libata: disable LPM for Crucial BX100 SSD 500GB drive - libata: Enable queued TRIM for Samsung SSD 860 - libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs - libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions - libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version - nfsd: remove blocked locks on client teardown - mm/vmalloc: add interfaces to free unmapped page table - drm: udl: Properly check framebuffer mmap offsets (CVE-2018-8781) - mtd: nand: fsl_ifc: Fix eccstat array overflow for IFC ver >= 2.0.0 - staging: ncpfs: memory corruption in ncp_read_kernel() (CVE-2018-8822) - can: cc770: Fix use after free in cc770_tx_interrupt() - kvm/x86: fix icebp instruction handling (CVE-2018-1087) - [x86] x86/entry/64: Don't use IST entry for #BP stack (CVE-2018-8897) - bpf: skip unnecessary capability check https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.92 - scsi: sg: don't return bogus Sg_requests - net sched actions: return explicit error when tunnel_key mode is not specified - ppp: avoid loop in xmit recursion detection code - sch_netem: fix skb leak in netem_enqueue() - ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() - net: Fix hlist corruptions in inet_evict_bucket() - dccp: check sk for closed state in dccp_sendmsg() (CVE-2018-1130) - ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() - l2tp: do not accept arbitrary sockets - net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred - netlink: avoid a double skb free in genlmsg_mcast() - team: Fix double free in error path - soc/fsl/qbman: fix issue in qman_delete_cgr_safe() - net: hns: Fix a skb used after free bug https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.93 - mtd: jedec_probe: Fix crash in jedec_read_mfr() - ALSA: pcm: potential uninitialized return values - perf/hwbp: Simplify the perf-hwbp code, fix documentation (CVE-2018-1000199) - kprobes/x86: Fix to set RWX bits correctly before releasing trampoline - arm64: avoid overflow in VA_START and PAGE_OFFSET - xfrm_user: uncoditionally validate esn replay attribute struct - RDMA/ucma: Check AF family prior resolving address - RDMA/ucma: Fix use-after-free access in ucma_close - RDMA/ucma: Ensure that CM_ID exists prior to access it - RDMA/ucma: Check that device is connected prior to access it - RDMA/ucma: Check that device exists prior to accessing it - RDMA/ucma: Introduce safer rdma_addr_size() variants - net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() - xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems - netfilter: bridge: ebt_among: add more missing match size checks - Bluetooth: Fix missing encryption refresh on Security Request - scsi: virtio_scsi: always read VPD pages for multiqueue too - usb: dwc2: Improve gadget state disconnection handling - [arm64] arm64: mm: Use non-global mappings for kernel space - [arm64] arm64: mm: Move ASID from TTBR0 to TTBR1 - [arm64] arm64: mm: Allocate ASIDs in pairs - [arm64] arm64: mm: Add arm64_kernel_unmapped_at_el0 helper - [arm64] arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI - [arm64] arm64: factor out entry stack manipulation - module: extend 'rodata=off' boot cmdline parameter to module mappings - [arm64] entry: Add exception trampoline page for exceptions from EL0 - [arm64] mm: Map entry trampoline into trampoline and kernel page tables - [arm64] entry: Explicitly pass exception level to kernel_ventry macro - [arm64] entry: Hook up entry trampoline to exception vectors - [arm64] tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks - [arm64] entry: Add fake CPU feature for unmapping the kernel at EL0 - [arm64] kaslr: Put kernel vectors address in separate data page - [arm64] use RET instruction for exiting the trampoline - [arm64] Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0 - [arm64] Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry - [arm64] Take into account ID_AA64PFR0_EL1.CSV3 - [arm64] Allow checking of a CPU-local erratum - [arm64] capabilities: Handle duplicate entries for a capability - [arm64] cputype: Add MIDR values for Cavium ThunderX2 CPUs - [arm64] Turn on KPTI only on CPUs that need it - [arm64] kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0() - [arm64] kpti: Add ->enable callback to remap swapper using nG mappings - [arm64] Force KPTI to be disabled on Cavium ThunderX - [arm64] entry: Reword comment about post_ttbr_update_workaround - [arm64] idmap: Use "awx" flags for .idmap.text .pushsection directives - media: usbtv: prevent double free in error case (CVE-2017-17975) - crypto: ahash - Fix early termination in hash walk - crypto: x86/cast5-avx - fix ECB encryption when long sg follows short one - net: hns: Fix ethtool private flags (CVE-2017-18222) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.94 - [x86] x86/asm: Don't use RBP as a temporary register in csum_partial_copy_generic() - IB/srpt: Avoid that aborting a command triggers a kernel warning - af_key: Fix slab-out-of-bounds in pfkey_compile_policy. - bna: Avoid reading past end of buffer - qlge: Avoid reading past end of buffer - ubi: fastmap: Fix slab corruption - drivers/misc/vmw_vmci/vmci_queue_pair.c: fix a couple integer overflow tests - perf/callchain: Force USER_DS when invoking perf_callchain_user() - Input: elan_i2c - check if device is there before really probing - KVM: PPC: Book3S PR: Check copy_to/from_user return values - [arm64] arm64: perf: Ignore exclude_hv when kernel is running in HYP - [arm] KVM: arm: Restore banked registers and physical timer access on hyp_panic() - [arm64] KVM: arm64: Restore host physical timer access on hyp_panic() - usb: dwc3: keystone: check return value - ata: libahci: properly propagate return value of platform_get_irq() - ipmr: vrf: Find VIFs using the actual device - uio: fix incorrect memory leak cleanup - net: x25: fix one potential use-after-free issue - USB: ene_usb6250: fix SCSI residue overwriting - net/wan/fsl_ucc_hdlc: fix unitialized variable warnings - net/wan/fsl_ucc_hdlc: fix incorrect memory allocation - mlxsw: spectrum: Avoid possible NULL pointer dereference - scsi: csiostor: fix use after free in csio_hw_use_fwconfig() - [powerpc*] powerpc/mm: Fix virt_addr_valid() etc. on 64-bit hash - ath5k: fix memory leak on buf on failed eeprom read - ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors - md-cluster: fix potential lock issue in add_new_disk - ray_cs: Avoid reading past end of buffer - net/wan/fsl_ucc_hdlc: fix muram allocation error - perf/core: Fix error handling in perf_event_alloc() - selinux: do not check open permission on sockets - block: fix an error code in add_partition() - libceph: NULL deref on crush_decode() error path - perf report: Fix off-by-one for non-activation frames - netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize - scsi: bnx2fc: fix race condition in bnx2fc_get_host_stats() - fix race in drivers/char/random.c:get_reg() - ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff() - tcp: better validation of received ack sequences - net: llc: add lock_sock in llc_ui_bind to avoid a race condition - drm/msm: Take the mutex before calling msm_gem_new_impl - thermal: power_allocator: fix one race condition issue for thermal_instances list - VFS: close race between getcwd() and d_move() - PM / devfreq: Fix potential NULL pointer dereference in governor_store - media: videobuf2-core: don't go out of the buffer range - blk-mq: fix race between updating nr_hw_queues and switching io sched - wl1251: check return from call to wl1251_acx_arp_ip_filter - hdlcdrv: Fix divide by zero in hdlcdrv_ioctl - [x86] x86/efi: Disable runtime services on kexec kernel if booted with efi=old_map - ovl: filter trusted xattr for non-admin - dmaengine: imx-sdma: Handle return value of clk_prepare_enable - backlight: Report error on failure - [arm64] arm64: futex: Fix undefined behaviour with FUTEX_OP_OPARG_SHIFT usage - net: freescale: fix potential null pointer dereference - KVM: SVM: do not zero out segment attributes if segment is unusable or not present - clk: scpi: fix return type of __scpi_dvfs_round_rate - drm/amdkfd: NULL dereference involving create_process() - qlcnic: Fix a sleep-in-atomic bug in qlcnic_82xx_hw_write_wx_2M and qlcnic_82xx_hw_read_wx_2M - [arm64] arm64: kernel: restrict /dev/mem read() calls to linear region - mISDN: Fix a sleep-in-atomic bug - RDMA/iw_cxgb4: Avoid touch after free error in ARP failure handlers - RDMA/hfi1: fix array termination by appending NULL to attr array - bio-integrity: Do not allocate integrity context for bio w/o data - skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow - macsec: check return value of skb_to_sgvec always - e1000e: fix race condition around skb_tstamp_tx() - igb: fix race condition with PTP_TX_IN_PROGRESS bits - cx25840: fix unchecked return values - mceusb: sporadic RX truncation corruption fix - nvme: fix hang in remove path - KVM: nVMX: Update vmcs12->guest_linear_address on nested VM-exit - crypto: omap-sham - buffer handling fixes for hashing later - crypto: omap-sham - fix closing of hash with separate finalize call - net: ena: fix race condition between submit and completion admin command - [s390x] s390/dasd: fix hanging safe offline - drm/vc4: Fix resource leak in 'vc4_get_hang_state_ioctl()' in error handling path - scsi: libsas: fix memory leak in sas_smp_get_phy_events() (CVE-2018-7757) - blk-mq: fix kernel oops in blk_mq_tag_idle() - ipv6: the entire IPv6 header chain must fit the first fragment - net: fix possible out-of-bound read in skb_network_protocol() - net/ipv6: Fix route leaking between VRFs - net/ipv6: Increment OUTxxx counters after netfilter hook - netlink: make sure nladdr has correct size in netlink_connect() - net/sched: fix NULL dereference in the error path of tcf_bpf_init() - pptp: remove a buggy dst release in pptp_connect() - r8169: fix setting driver_data after register_netdev - sctp: do not leak kernel memory to user space - sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 - net: fool proof dev_valid_name() - ip_tunnel: better validate user provided tunnel names - ipv6: sit: better validate user provided tunnel names - ip6_gre: better validate user provided tunnel names - ip6_tunnel: better validate user provided tunnel names - vti6: better validate user provided tunnel names - net/sched: fix NULL dereference in the error path of tunnel_key_init() - net/sched: fix NULL dereference on the error path of tcf_skbmod_init() - vhost: validate log when IOTLB is enabled - vhost_net: add missing lock nesting notation - net/mlx4_core: Fix memory leak while delete slave's resources - vrf: Fix use after free and double free in vrf_finish_output https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.95 - media: v4l2-compat-ioctl32: don't oops on overlay - parisc: Fix out of array access in match_pci_device() - perf intel-pt: Fix overlap detection to identify consecutive buffers correctly - perf intel-pt: Fix timestamp following overflow - perf/core: Fix use-after-free in uprobe_perf_close() - [arm64] arm64: barrier: Add CSDB macros to control data-value prediction - [arm64] arm64: Implement array_index_mask_nospec() - [arm64] arm64: move TASK_* definitions to - [arm64] arm64: Make USER_DS an inclusive limit - [arm64] arm64: Use pointer masking to limit uaccess speculation - [arm64] arm64: entry: Ensure branch through syscall table is bounded under speculation - [arm64] arm64: uaccess: Prevent speculative use of the current addr_limit - [arm64] arm64: uaccess: Don't bother eliding access_ok checks in __{get, put}_user - [arm64] arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user - [arm64] arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early - [arm64] arm64: Run enable method for errata work arounds on late CPUs - [arm64] arm64: cpufeature: Pass capability structure to ->enable callback - [arm64] arm64: Factor out TTBR0_EL1 post-update workaround into a specific asm macro - [arm64] arm64: Move post_ttbr_update_workaround to C code - [arm64] arm64: Add skeleton to harden the branch predictor against aliasing attacks - [arm64] arm64: Move BP hardening to check_and_switch_context - [arm64] arm64: KVM: Use per-CPU vector when BP hardening is enabled - [arm64] arm64: entry: Apply BP hardening for high-priority synchronous exceptions - [arm64] arm64: entry: Apply BP hardening for suspicious interrupts from EL0 - [arm64] arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75 - [arm64] arm64: cpu_errata: Allow an erratum to be match for all revisions of a core - [arm64] arm64: Implement branch predictor hardening for affected Cortex-A CPUs - [arm64] arm64: Branch predictor hardening for Cavium ThunderX2 - [arm64] arm64: KVM: Increment PC after handling an SMC trap - [arm64] arm/arm64: KVM: Consolidate the PSCI include files - [arm64] arm/arm64: KVM: Add PSCI_VERSION helper - [arm64] arm/arm64: KVM: Add smccc accessors to PSCI code - [arm64] arm/arm64: KVM: Implement PSCI 1.0 support - [arm64] arm/arm64: KVM: Advertise SMCCC v1.1 - [arm64] arm64: KVM: Make PSCI_VERSION a fast path - [arm64] arm/arm64: KVM: Turn kvm_psci_version into a static inline - [arm64] arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support - [arm64] arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling - [arm64] firmware/psci: Expose PSCI conduit - [arm64] firmware/psci: Expose SMCCC version through psci_ops - [arm64] arm/arm64: smccc: Make function identifiers an unsigned quantity - [arm64] arm/arm64: smccc: Implement SMCCC v1.1 inline primitive - [arm64] arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support - [arm64] arm64: Kill PSCI_GET_VERSION as a variant-2 workaround - block/loop: fix deadlock after loop_set_status - rtl8187: Fix NULL pointer dereference in priv->conf_mutex - hwmon: (ina2xx) Fix access to uninitialized mutex - slip: Check if rstate is initialized before uncompressing - [arm64] arm64: futex: Mask __user pointers prior to dereference https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.96 - tty: make n_tty_read() always abort if hangup is in progress - ubifs: Check ubifs_wbuf_sync() return code - ubi: Fix error for write access - resource: fix integer overflow at reallocation - ipc/shm: fix use-after-free of shm file via remap_file_pages() - usb: musb: gadget: misplaced out of bounds check - xen-netfront: Fix hang on device removal - regmap: Fix reversed bounds check in regmap_raw_write() - USB: gadget: f_midi: fixing a possible double-free in f_midi - USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw - smb3: Fix root directory when server returns inode number of zero - HID: i2c-hid: fix size check and type usage - random: use a tighter cap in credit_entropy_bits_safe() - ext4: fail ext4_iget for root directory if unallocated (CVE-2018-1092) - RDMA/rxe: Fix an out-of-bounds read - ALSA: pcm: Fix UAF at PCM release via PCM timer access - dmaengine: at_xdmac: fix rare residue corruption - libnvdimm, namespace: use a safe lookup for dimm device name - iommu/vt-d: Fix a potential memory leak - mmc: jz4740: Fix race condition in IRQ mask update - pwm: rcar: Fix a condition to prevent mismatch value setting to duty - thermal: imx: Fix race condition in imx_thermal_probe() - ext4: don't allow r/w mounts if metadata blocks overlap the superblock - drm/amdgpu: Fix always_valid bos multiple LRU insertions. - drm/amdgpu: Fix PCIe lane width calculation - drm/rockchip: Clear all interrupts before requesting the IRQ - drm/radeon: Fix PCIe lane width calculation - ALSA: line6: Use correct endpoint type for midi output - ALSA: rawmidi: Fix missing input substream checks in compat ioctls - ALSA: hda - New VIA controller suppor no-snoop path - random: fix crng_ready() test (CVE-2018-1108) - random: crng_reseed() should lock the crng instance that it is modifying - random: add new ioctl RNDRESEEDCRNG - HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device - MIPS: uaccess: Add micromips clobbers to bzero invocation - MIPS: memset.S: EVA & fault support for small_memset - MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup - MIPS: memset.S: Fix clobber of v1 in last_fixup - [powerpc*] powerpc/eeh: Fix enabling bridge MMIO windows - [powerpc*] powerpc/lib: Fix off-by-one in alternate feature patching - udf: Fix leak of UTF-16 surrogates into encoded strings - jffs2_kill_sb(): deal with failed allocations - hypfs_kill_super(): deal with failed allocations - orangefs_kill_sb(): deal with allocation failures - rpc_pipefs: fix double-dput() - Don't leak MNT_INTERNAL away from internal mounts - autofs: mount point create should honour passed in mode - mm/filemap.c: fix NULL pointer in page_cache_tree_insert() - fanotify: fix logic of events on child - writeback: safer lock nesting - block/mq: fix potential deadlock during cpu hotplug https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.97 - cifs: do not allow creating sockets except with SMB1 posix exensions - [x86] x86/tsc: Prevent 32bit truncation in calc_hpet_ref() - drm/vc4: Fix memory leak during BO teardown - drm/i915: Fix LSPCON TMDS output buffer enabling from low-power state - power: supply: bq2415x: check for NULL acpi_id to avoid null pointer dereference - OF: Prevent unaligned access in of_alias_scan() - jbd2: fix use after free in kjournald2() - perf: Return proper values for user stack errors - RDMA/mlx5: Fix NULL dereference while accessing XRC_TGT QPs - mac80211_hwsim: fix use-after-free bug in hwsim_exit_net - [s390] s390: introduce CPU alternatives - [s390] s390: enable CPU alternatives unconditionally - [s390] KVM: s390: wire up bpb feature - [s390] s390: scrub registers on kernel entry and KVM exit - [s390] s390: add optimized array_index_mask_nospec - [s390] s390/alternative: use a copy of the facility bit mask - [s390] s390: add options to change branch prediction behaviour for the kernel - [s390] s390: run user space and KVM guests with modified branch prediction - [s390] s390: introduce execute-trampolines for branches - [s390] KVM: s390: force bp isolation for VSIE - [s390] s390: Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*) - [s390] s390: do not bypass BPENTER for interrupt system calls - [s390] s390/entry.S: fix spurious zeroing of r0 - [s390] s390: move nobp parameter functions to nospec-branch.c - [s390] s390: add automatic detection of the spectre defense - [s390] s390: report spectre mitigation via syslog - [s390] s390: add sysfs attributes for spectre - [s390] s390: correct nospec auto detection init order - [s390] s390: correct module section names for expoline code revert - KEYS: DNS: limit the length of option strings - l2tp: check sockaddr length in pppol2tp_connect() - net: validate attribute sizes in neigh_dump_table() - llc: delete timers synchronously in llc_sk_free() - tcp: don't read out-of-bounds opsize - packet: fix bitfield update race - pppoe: check sockaddr length in pppoe_connect() - vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi - sctp: do not check port in sctp_inet6_cmp_addr - llc: hold llc_sap before release_sock() - llc: fix NULL pointer deref for SOCK_ZAPPED - net: fix deadlock while clearing neighbor proxy table - net: af_packet: fix race in PACKET_{R|T}X_RING - cdrom: information leak in cdrom_ioctl_media_changed() (CVE-2018-10940) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.98 - ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS - ext4: set h_journal if there is a failure starting a reserved handle - ext4: add validity checks for bitmap block numbers (CVE-2018-1093) - ext4: fix bitmap position validation - random: set up the NUMA crng instances after the CRNG is fully initialized - random: fix possible sleeping allocation from irq context - random: rate limit unseeded randomness warnings - usbip: usbip_event: fix to not print kernel pointer address - usbip: usbip_host: fix to hold parent lock for device_attach() calls - usbip: vhci_hcd: Fix usb device and sockfd leaks - virtio_console: free buffers after reset - drm/virtio: fix vq wait_event condition - tty: Don't call panic() at tty_ldisc_init() - tty: Use __GFP_NOFAIL for tty_ldisc_get() - ALSA: dice: fix error path to destroy initialized stream data - ALSA: opl3: Hardening for potential Spectre v1 - ALSA: asihpi: Hardening for potential Spectre v1 - ALSA: hdspm: Hardening for potential Spectre v1 - ALSA: rme9652: Hardening for potential Spectre v1 - ALSA: control: Hardening for potential Spectre v1 - ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device - ALSA: seq: oss: Hardening for potential Spectre v1 - ALSA: hda: Hardening for potential Spectre v1 - ALSA: hda/realtek - Add some fixes for ALC233 - mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block. - mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug. - mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block. - kobject: don't use WARN for registration failures - PCI: aardvark: Fix PCIe Max Read Request Size setting - ARM: amba: Fix race condition with driver_override - ARM: amba: Don't read past the end of sysfs "driver_override" buffer - crypto: drbg - set freed buffers to NULL - libceph: un-backoff on tick when we have a authenticated session - libceph: reschedule a tick in finish_hunting() - libceph: validate con->state at the top of try_write() - [powerpc*] cpufreq: powernv: Fix hardlockup due to synchronous smp_call in timer interrupt - [powerpc*] powerpc/eeh: Fix race with driver un/bind https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.99 - perf/core: Fix the perf_cpu_time_max_percent check (CVE-2018-18255) - ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger() - Input: leds - fix out of bound access - xfs: prevent creating negative-sized file via INSERT_RANGE - RDMA/cxgb4: release hw resources on device removal - RDMA/mlx5: Protect from shift operand overflow - IB/mlx5: Use unlimited rate when static rate is not supported - IB/hfi1: Fix NULL pointer dereference when invalid num_vls is used - drm/vmwgfx: Fix a buffer object leak - drm/bridge: vga-dac: Fix edid memory leak - usb: musb: host: fix potential NULL pointer dereference - usb: musb: trace: fix NULL pointer dereference in musb_g_tx() - platform/x86: asus-wireless: Fix NULL pointer dereference https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.100 - ipvs: fix rtnl_lock lockups caused by start_sync_thread - crypto: af_alg - fix possible uninit-value in alg_bind() - netlink: fix uninit-value in netlink_sendmsg - net: fix rtnh_ok() - net: initialize skb->peeked when cloning - net: fix uninit-value in __hw_addr_add_ex() - dccp: initialize ireq->ir_mark - soreuseport: initialise timewait reuseport field - tcp: fix TCP_REPAIR_QUEUE bound checking - bdi: Fix oops in wb_workfn() - [powerpc*] KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry - f2fs: fix a dead loop in f2fs_fiemap() (CVE-2018-18257) - arm64: Add work around for Arm Cortex-A55 Erratum 1024718 - gpioib: do not free unrequested descriptors - rfkill: gpio: fix memory leak in probe error path - net: atm: Fix potential Spectre v1 - atm: zatm: Fix potential Spectre v1 - tracing/uprobe_event: Fix strncpy corner case - [x86] perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* - [x86] perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr - [x86] perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver - perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[] - [x86] perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.101 - ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg - llc: better deal with too small mtu - net: ethernet: sun: niu set correct packet size in skb - net: ethernet: ti: cpsw: fix packet leaking in dual_mac mode - net/mlx4_en: Verify coalescing parameters are in range - net_sched: fq: take care of throttled flows before reuse - tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent(). - futex: Remove duplicated code and fix undefined behaviour - proc: do not access cmdline nor environ from file-backed areas (CVE-2018-1120) - kernel/exit.c: avoid undefined behaviour when calling wait4() (CVE-2018-10087) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.102 - usbip: usbip_host: fix NULL-ptr deref and use-after-free errors (CVE-2018-5814) - [arm*] KVM: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock - [powerpc*] powerpc/powernv: Fix NVRAM sleep in invalid context when crashing - s390: remove indirect branch from do_softirq_own_stack - efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode - Btrfs: fix xattr loss after power failure - btrfs: fix crash when trying to resume balance without the resume flag - [x86] x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen - btrfs: fix reading stale metadata blocks after degraded raid1 mounts - [x86] x86/nospec: Simplify alternative_msr_write() - [x86] x86/bugs: Concentrate bug detection into a separate function - [x86] x86/bugs: Concentrate bug reporting into a separate function - [x86] x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits - [x86] x86/bugs, KVM: Support the combination of guest and host IBRS - [x86] x86/bugs: Expose /sys/../spec_store_bypass - [x86] x86/cpufeatures: Add X86_FEATURE_RDS - [x86] x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation - [x86] x86/bugs/intel: Set proper CPU features and setup RDS - [x86] x86/bugs: Whitelist allowed SPEC_CTRL MSR values - [x86] x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested - [x86] x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest - prctl: Add speculation control prctls - [x86] process: Optimize TIF checks in __switch_to_xtra() - [x86] process: Correct and optimize TIF_BLOCKSTEP switch - [x86] process: Optimize TIF_NOTSC switch - [x86] x86/process: Allow runtime control of Speculative Store Bypass (CVE-2018-3639) - [x86] x86/speculation: Add prctl for Speculative Store Bypass mitigation - nospec: Allow getting/setting on non-current task - proc: Provide details on speculation flaw mitigations - seccomp: Enable speculation flaw mitigations - [x86] x86/bugs: Make boot modes __ro_after_init - prctl: Add force disable speculation - seccomp: Use PR_SPEC_FORCE_DISABLE - seccomp: Add filter flag to opt-out of SSB mitigation - seccomp: Move speculation migitation control to arch code - [x86] x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass - KVM: SVM: Move spec control call after restore of GS - [x86] x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP - [x86] x86/cpu/AMD: Fix erratum 1076 (CPB bit) - [x86] x86/speculation: Add virtualized speculative store bypass disable support https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.103 - net: test tailroom before appending to linear skb - packet: in packet_snd start writing at link layer allocation - sock_diag: fix use-after-free read in __sk_free - ext2: fix a block leak - [s390x] s390/crc32-vx: use expoline for indirect branches - [s390x] s390/lib: use expoline for indirect branches - [s390x] s390/ftrace: use expoline for indirect branches - [s390x] s390/kernel: use expoline for indirect branches - [s390x] s390: extend expoline to BC instructions - [s390x] s390: use expoline thunks in the BPF JIT - scsi: libsas: defer ata device eh commands to libata (CVE-2018-10021) - scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() (CVE-2018-1000204) - scsi: zfcp: fix infinite iteration on ERP ready list - cfg80211: limit wiphy names to 128 bytes - [x86] x86/kexec: Avoid double free_page() upon do_kexec_load() failure - usb: gadget: core: Fix use-after-free of usb_request - usb: cdc_acm: prevent race at write to acm while system resumes - USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM - usb: gadget: ffs: Execute copy_to_user() with USER_DS set - usb: gadget: udc: change comparison to bitshift when dealing with a mask - media: em28xx: USB bulk packet size fix - scsi: fas216: fix sense buffer initialization - scsi: sym53c8xx_2: iterator underflow in sym_getsync() - scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo() - scsi: qla2xxx: Avoid triggering undefined behavior in qla2x00_mbx_completion() - scsi: aacraid: fix shutdown crash when init fails - scsi: aacraid: Insure command thread is not recursively stopped - scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing - media: dmxdev: fix error code for invalid ioctls - media: s3c-camif: fix out-of-bounds array access - media: cx25821: prevent out-of-bounds read on array card - serial: xuartps: Fix out-of-bounds access through DT alias - serial: samsung: Fix out-of-bounds access through serial port index - serial: mxs-auart: Fix out-of-bounds access through serial port index - serial: imx: Fix out-of-bounds access through serial port index - serial: fsl_lpuart: Fix out-of-bounds access through DT alias - serial: arc_uart: Fix out-of-bounds access through DT alias - rtc: hctosys: Ensure system time doesn't overflow time_t - rtc: tx4939: avoid unintended sign extension on a 24 bit shift https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.104 - [mips] MIPS: c-r4k: Fix data corruption related to cache coherence - affs_lookup(): close a race with affs_remove_link() - aio: fix io_destroy(2) vs. lookup_ioctx() race - do d_instantiate/unlock_new_inode combinations safely - libata: Blacklist some Sandisk SSDs for NCQ - libata: blacklist Micron 500IT SSD with MU01 firmware - IB/hfi1: Use after free race condition in send context error path - Revert "ipc/shm: Fix shmat mmap nil-page protection" - ipc/shm: fix shmat() nil address after round-down when remapping - kernel/sys.c: fix potential Spectre v1 issue - kernel/signal.c: avoid undefined behaviour in kill_something_info (CVE-2018-10124) - KVM/VMX: Expose SSBD properly to guests - firewire-ohci: work around oversized DMA reads on JMicron controllers - i40iw: Zero-out consumer key on allocate stag for FMR - iommu/vt-d: Use domain instead of cache fetching - mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl() (CVE-2018-8087) - btrfs: Fix out of bounds access in btrfs_search_slot - Btrfs: fix scrub to repair raid6 corruption - HID: roccat: prevent an out of bounds read in kovaplus_profile_activated() - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path - RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure - gianfar: prevent integer wrapping in the rx handler - tcp_nv: fix potential integer overflow in tcpnv_acked - kvm: Map PFN-type memory regions as writable (if possible) - mm/mempolicy: fix the check of nodemask from user - mm/mempolicy: add nodes_empty check in SYSC_migrate_pages - mm: pin address_space before dereferencing it while isolating an LRU page - mm/fadvise: discard partial page if endbyte is also EOF - drm/nouveau/pmu/fuc: don't use movw directly anymore - netfilter: ipv6: nf_defrag: Kill frag queue on RFC2460 failure - [x86] x86/power: Fix swsusp_arch_resume prototype - firmware: dmi_scan: Fix handling of empty DMI strings - xen-netfront: Fix race between device setup and open - xen/grant-table: Use put_page instead of free_page - RDS: IB: Fix null pointer issue - [arm64] arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics - bcache: fix for allocator and register thread race - bcache: fix for data collapse after re-attaching an attached device - bcache: return attach error when no cache set exist - [x86] vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page - ptr_ring: prevent integer overflow when calculating size - [arm] ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt - iwlwifi: mvm: fix security bug in PN checking - rxrpc: Work around usercopy check - mac80211: fix a possible leak of station stats - mac80211: fix calling sleeping function in atomic context - md raid10: fix NULL deference in handle_write_completed() - locking/xchg/alpha: Add unconditional memory barrier to cmpxchg() - md: raid5: avoid string overflow warning - kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE - PKCS#7: fix direct verification of SignerInfo signature - locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs - macvlan: fix use-after-free in macvlan_common_newlink() - md: fix a potential deadlock of raid5/raid10 reshape - md/raid1: fix NULL pointer dereference - ceph: fix dentry leak when failing to init debugfs - [arm] ARM: orion5x: Revert commit 4904dbda41c8. closes: #892057 - dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3 - bcache: fix kcrashes with fio in RAID5 backend dev - RDMA/qedr: Fix kernel panic when running fio over NFSoRDMA - RDMA/qedr: Fix iWARP write and send with immediate - IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs - fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper(). (CVE-2018-6412) - fsl/fman: avoid sleeping in atomic context while adding an address - net: qcom/emac: Use proper free methods during TX - net: smsc911x: Fix unload crash when link is up - IB/core: Fix possible crash to access NULL netdev - batman-adv: fix header size check in batadv_dbg_arp() - batman-adv: Fix skbuff rcsum on packet reroute - vti4: Don't count header length twice on tunnel setup - vti4: Don't override MTU passed on link creation via IFLA_MTU - brcmfmac: Fix check for ISO3166 code - mm/mempolicy.c: avoid use uninitialized preferred_node - mm, thp: do not cause memcg oom for thp - [x86] x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init - fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table - swap: divide-by-zero when zero length swap file on ssd - mm: fix races between address_space dereference and free in page_evicatable - Btrfs: fix NULL pointer dereference in log_dir_items - btrfs: Fix possible softlock on single core machines - xen/acpi: off by one in read_acpi_id() - ACPI: acpi_pad: Fix memory leak in power saving threads - [powerpc*] powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer - [powerpc*] powerpc/perf: Fix kernel address leak via sampling registers - net/mlx5: Protect from command bit overflow - ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk) - ipmi_ssif: Fix kernel panic at msg_done_handler - [powerpc*] powerpc: Add missing prototype for arch_irq_work_raise() - f2fs: fix to check extent cache in f2fs_drop_extent_tree - dmaengine: pl330: fix a race condition in case of threaded irqs - audit: return on memory error to avoid null pointer dereference - netlabel: If PF_INET6, check sk_buff ip header version https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.105 - Revert "vti4: Don't override MTU passed on link creation via IFLA_MTU" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.106 - x86/xen: Add unwind hint annotations to xen_setup_gdt https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.107 - [arm64] arm64: lse: Add early clobbers to some input/output asm operands - [powerpc*] powerpc/64s: Clear PCR on boot - xfs: detect agfl count corruption and reset agfl - tracing: Fix crash when freeing instances with event triggers - selinux: KASAN: slab-out-of-bounds in xattr_getsecurity - tcp: avoid integer overflows in tcp_rcv_space_adjust() - [arm64] arm64: Add hypervisor safe helper for checking constant capabilities - [powerpc*] powerpc/rfi-flush: Move out of HARDLOCKUP_DETECTOR #ifdef - [powerpc*] powerpc/pseries: Support firmware disable of RFI flush - [powerpc*] powerpc/powernv: Support firmware disable of RFI flush - [powerpc*] powerpc/rfi-flush: Always enable fallback flush on pseries - [powerpc*] powerpc/rfi-flush: Differentiate enabled and patched flush types - [powerpc*] powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration - [powerpc*] powerpc: Add security feature flags for Spectre/Meltdown - [powerpc*] powerpc/pseries: Set or clear security feature flags - [powerpc*] powerpc/powernv: Set or clear security feature flags - [powerpc*] powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() - [powerpc*] powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() - [powerpc*] powerpc/64s: Wire up cpu_show_spectre_v1() - [powerpc*] powerpc/64s: Wire up cpu_show_spectre_v2() - [powerpc*] powerpc/pseries: Fix clearing of security feature flags - [powerpc*] powerpc: Move default security feature flags - [powerpc*] powerpc/pseries: Restore default security feature flags on setup - [powerpc*] powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() - [powerpc*] powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit - net/mlx4_en: fix potential use-after-free with dma_unmap_page - iio:kfifo_buf: check for uint overflow - mm: fix the NULL mapping case in __isolate_lru_page() - serial: pl011: add console matching function [ Steve McIntyre ] * Backports for Qualcomm Centriq machines. Closes: #896775 - [arm64] Backport support for Qualcomm Centriq onboard emac NIC - [arm64] Backport workaround for erratum E1041 [ Romain Perier ] * [armhf] MFD: Enable MFD_TPS65217 (Closes: #897590) [ Salvatore Bonaccorso ] * nfsd: increase DRC cache limit (Closes: #898137) [ Yves-Alexis Perez ] * [rt] Update patchset to 4.9.98-rt76 - don't apply "drivers/net: Use disable_irq_nosync() in 8139too" since it's already included upstream - removed "rtmutex: Fix PI chain order integrity" - fs/aio: simple simple work * Bump ABI to 7 - remove all ignored ABI changes since ABI 6 - remove all patches reverting ABI changes since ABI 6 * [rt] "fs/dcache: disable preemption on i_dir_seq's write side" edited for fuzz after 4.9.106. [ Ben Hutchings ] * random: Make getranndom() ready earlier (see #897599) -- Ben Hutchings Wed, 13 Jun 2018 04:48:46 +0100 linux (4.9.88-1+deb9u1) stretch-security; urgency=high [ Salvatore Bonaccorso ] * [x86] x86/entry/64: Don't use IST entry for #BP stack (CVE-2018-8897) * [x86] kvm: fix icebp instruction handling (CVE-2018-1087) [ Ben Hutchings ] * Revert "random: fix crng_ready() test" (Closes: #897599), reopening CVE-2018-1108 -- Ben Hutchings Mon, 07 May 2018 23:38:25 +0100 linux (4.9.88-1) stretch-security; urgency=high * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.83 - ext4: fix a race in the ext4 shutdown path - ext4: save error to disk in __ext4_grp_locked_error() - console/dummy: leave .con_font_get set to NULL - rtlwifi: rtl8821ae: Fix connection lost problem correctly - target/iscsi: avoid NULL dereference in CHAP auth error path - Btrfs: fix deadlock in run_delalloc_nocow - Btrfs: fix crash due to not cleaning up tree log block's dirty bits - Btrfs: fix extent state leak from tree log - Btrfs: fix unexpected -EEXIST when creating new inode - ALSA: seq: Fix racy pool initializations (CVE-2018-7566) - ocfs2: try a blocking lock before return AOP_TRUNCATED_PAGE - [s390] s390: fix handling of -1 in set{,fs}[gu]id16 syscalls - [x86] x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface (hardening for Spectre) - [x86] x86/speculation: Update Speculation Control microcode blacklist - [x86] x86/speculation: Correct Speculation Control microcode blacklist again - [x86] KVM/x86: Reduce retpoline performance impact in slot_handle_level_range(), by always inlining iterator helper methods - [x86] X86/nVMX: Properly set spec_ctrl and pred_cmd before merging MSRs - vfs: don't do RCU lookup of empty pathnames - media: r820t: fix r820t_write_reg for KASAN https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.84 - cfg80211: check dev_set_name() return value - xfrm: skip policies marked as dead while rehashing - mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed. - xfrm: Fix stack-out-of-bounds read on socket policy lookup. - xfrm: check id proto in validate_tmpl() - sctp: set frag_point in sctp_setsockopt_maxseg correctly - drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all - selinux: ensure the context is NUL terminated in security_context_to_sid_core() - [x86] KVM: x86: fix escape of guest dr6 to the host - netfilter: x_tables: fix int overflow in xt_alloc_table_info() - netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target} - netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check() - netfilter: on sockopt() acquire sock lock only in the required scope - netfilter: xt_cgroup: initialize info->priv in cgroup_mt_check_v1() - netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert - crypto: hash - prevent using keyed hashes without setting key - [arm*] ARM: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen - sctp: only update outstanding_bytes for transmitted queue when doing prsctp_prune - net_sched: red: Avoid devision by zero - net_sched: red: Avoid illegal values - btrfs: Fix possible off-by-one in btrfs_search_path_in_tree - 509: fix printing uninitialized stack memory when OID is empty - dmaengine: at_hdmac: fix potential NULL pointer dereference in atc_prep_dma_interleaved - clk: fix a panic error caused by accessing NULL pointer - xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies. - drm/armada: fix leak of crtc structure - [x86] mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep - [x86] x86/mm/kmmio: Fix mmiotrace for page unaligned addresses - hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close - [powerpc*] powerpc/64s: Fix conversion of slb_miss_common to use RFI_TO_USER/KERNEL - [powerpc*] powerpc/64s: Simple RFI macro conversions - [powerpc*] powerpc/64s: Improve RFI L1-D cache flush fallback - crypto: talitos - fix Kernel Oops on hashing an empty file - ALSA: hda/ca0132 - fix possible NULL pointer use - [x86] KVM: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready" exceptions simultaneously - crypto: s5p-sss - Fix kernel Oops in AES-ECB mode https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.85 - netfilter: drop outermost socket lock in getsockopt() - X.509: fix BUG_ON() when hash algorithm is unsupported - PKCS#7: fix certificate chain verification - RDMA/uverbs: Protect from command mask overflow - iio: buffer: check if a buffer has been set up when poll is called - iio: adis_lib: Initialize trigger before requesting interrupt - irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq() - ohci-hcd: Fix race condition caused by ohci_urb_enqueue() and io_watchdog_func() - usb: ohci: Proper handling of ed_rm_list to handle race condition between usb_kill_urb() and finish_unlinks() - ]arm64] arm64: Disable unhandled signal log messages by default - Revert "usb: musb: host: don't start next rx urb if current one failed" - X.509: fix NULL dereference when restricting key with unsupported_sig - mm: avoid spurious 'bad pmd' warning messages - [x86] x86/entry/64: Clear extra registers beyond syscall arguments, to reduce speculation attack surface https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.86 - i2c: designware: must wait for enable - f2fs: fix a bug caused by NULL extent tree (CVE-2017-18193) - mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM - mtd: nand: brcmnand: Zero bitflip is not an error - [arm*] ARM: 8731/1: Fix csum_partial_copy_from_user() stack mismatch - sget(): handle failures of register_shrinker() - drm/nouveau/pci: do a msi rearm on init - mac80211_hwsim: Fix a possible sleep-in-atomic bug in hwsim_get_radio_nl - tipc: error path leak fixes in tipc_enable_bearer() - tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path - tg3: Add workaround to restrict 5762 MRRS to 2048 - tg3: Enable PHY reset in MTU change path for 5720 - bnx2x: Improve reliability in case of nested PCI errors - IB/mlx5: Fix mlx5_ib_alloc_mr error flow - genirq: Guard handle_bad_irq log messages - IB/mlx4: Fix mlx4_ib_alloc_mr error flow - IB/ipoib: Fix race condition in neigh creation - xfs: quota: fix missed destroy of qi_tree_lock - xfs: quota: check result of register_shrinker() - macvlan: Fix one possible double free - e1000: fix disabling already-disabled warning - drm/ttm: check the return value of kzalloc - nl80211: Check for the required netlink attribute presence - bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine. - xen-netfront: enable device after manual module load - mdio-sun4i: Fix a memory leak - xen/gntdev: Fix off-by-one error when unmapping with holes - xen/gntdev: Fix partial gntdev_mmap() cleanup - sctp: make use of pre-calculated len - net: gianfar_ptp: move set_fipers() to spinlock protecting area https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.87 - [x86] tpm: st33zp24: fix potential buffer overruns caused by bit glitches on the bus - [x86] tpm_i2c_infineon: fix potential buffer overruns caused by bit glitches on the bus - [x86] tpm_i2c_nuvoton: fix potential buffer overruns caused by bit glitches on the bus - [x86] tpm_tis: fix potential buffer overruns caused by bit glitches on the bus - [x86] tpm: constify transmit data pointers - [x86] tpm-dev-common: Reject too short writes - ALSA: usb-audio: Add a quirck for B&W PX headphones - ALSA: hda: Add a power_save blacklist - ALSA: hda - Fix pincfg at resume on Lenovo T470 dock - timers: Forward timer base before migrating timers - [hppa] parisc: Fix ordering of cache and TLB flushes - dax: fix vma_is_fsdax() helper - [x86] xen: Zero MSR_IA32_SPEC_CTRL before suspend - [x86] platform/intel-mid: Handle Intel Edison reboot correctly - media: m88ds3103: don't call a non-initalized function - nospec: Allow index argument to have const-qualified type - [armel,armhf] mvebu: Fix broken PL310_ERRATA_753970 selects - KVM: mmu: Fix overlap between public and private memslots - [x86] KVM: Remove indirect MSR op calls from SPEC_CTRL - [x86] KVM/VMX: Optimize vmx_vcpu_run() and svm_vcpu_run() by marking the RDMSR path as unlikely() - PCI/ASPM: Deal with missing root ports in link state handling - dm io: fix duplicate bio completion due to missing ref count - [armhf] dts: LogicPD SOM-LV: Fix I2C1 pinmux - [armhf] dts: LogicPD Torpedo: Fix I2C1 pinmux - [x86] mm: Give each mm TLB flush generation a unique ID - [x86] speculation: Use Indirect Branch Prediction Barrier in context switch - md: only allow remove_and_add_spares when no sync_thread running. - netlink: put module reference if dump start fails - [x86] apic/vector: Handle legacy irq data correctly - bridge: check brport attr show in brport_show - fib_semantics: Don't match route with mismatching tclassid - hdlc_ppp: carrier detect ok, don't turn off negotiation - ipv6 sit: work around bogus gcc-8 -Wrestrict warning - net: fix race on decreasing number of TX queues - net: ipv4: don't allow setting net.ipv4.route.min_pmtu below 68 - netlink: ensure to loop over all netns in genlmsg_multicast_allns() - ppp: prevent unregistered channels from connecting to PPP units - udplite: fix partial checksum initialization - sctp: fix dst refcnt leak in sctp_v4_get_dst - net: phy: fix phy_start to consider PHY_IGNORE_INTERRUPT - tcp: Honor the eor bit in tcp_mtu_probe - rxrpc: Fix send in rxrpc_send_data_packet() - tcp_bbr: better deal with suboptimal GSO - sctp: fix dst refcnt leak in sctp_v6_get_dst() - [s390x] qeth: fix underestimated count of buffer elements - [s390x] qeth: fix SETIP command handling - [s390x] qeth: fix overestimated count of buffer elements - [s390x] qeth: fix IP removal on offline cards - [s390x] qeth: fix double-free on IP add/remove race - [s390x] qeth: fix IP address lookup for L3 devices - [s390x] qeth: fix IPA command submission race - sctp: verify size of a new chunk in _sctp_make_chunk() (CVE-2018-5803) - net: mpls: Pull common label check into helper - mpls, nospec: Sanitize array index in mpls_label_ok() - bpf: fix wrong exposure of map_flags into fdinfo for lpm - bpf: fix mlock precharge on arraymaps - bpf, x64: implement retpoline for tail call - bpf, arm64: fix out of bounds access in tail call - bpf: add schedule points in percpu arrays management - bpf, ppc64: fix out of bounds access in tail call - btrfs: preserve i_mode if __btrfs_set_acl() fails https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.88 - RDMA/ucma: Limit possible option size - RDMA/ucma: Check that user doesn't overflow QP state - RDMA/mlx5: Fix integer overflow while resizing CQ - [x86] drm/i915: Try EDID bitbanging on HDMI after failed read - scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS - [x86] drm/i915: Always call to intel_display_set_init_power() in resume_early. - workqueue: Allow retrieval of current task's work struct - drm: Allow determining if current task is output poll worker - drm/nouveau: Fix deadlock on runtime suspend - drm/radeon: Fix deadlock on runtime suspend - drm/amdgpu: Fix deadlock on runtime suspend - drm/amdgpu: Notify sbios device ready before send request - drm/radeon: fix KV harvesting - drm/amdgpu: fix KV harvesting - drm/amdgpu:Correct max uvd handles - drm/amdgpu:Always save uvd vcpu_bo in VM Mode - [mips*/octeon] irq: Check for null return on kzalloc allocation - loop: Fix lost writes caused by missing flag - virtio_ring: fix num_free handling in error case - [s390x] KVM: fix memory overwrites when not using SCA entries - kbuild: Handle builtin dtb file names containing hyphens - IB/mlx5: Fix incorrect size of klms in the memory region - bcache: fix crashes in duplicate cache device register - bcache: don't attach backing with duplicate UUID - [x86] MCE: Serialize sysfs changes (CVE-2018-7995) - perf tools: Fix trigger class trigger_on() - [x86] spectre_v2: Don't check microcode versions when running under hypervisors - ALSA: hda/realtek: Limit mic boost on T480 - ALSA: hda/realtek - Fix dock line-out volume on Dell Precision 7520 - ALSA: hda/realtek - Make dock sound work on ThinkPad L570 - ALSA: seq: Don't allow resizing pool in use - ALSA: seq: More protection for concurrent write and ioctl races - ALSA: hda: add dock and led support for HP EliteBook 820 G3 - ALSA: hda: add dock and led support for HP ProBook 640 G2 - nospec: Kill array_index_nospec_mask_check() - nospec: Include dependency - Revert "x86/retpoline: Simplify vmexit_fill_RSB()" - [x86] speculation: Use IBRS if available before calling into firmware - [x86] retpoline: Support retpoline builds with Clang - [x86] speculation, objtool: Annotate indirect calls/jumps for objtool - [x86] boot, objtool: Annotate indirect jump in secondary_startup_64() - [x86] speculation: Move firmware_restrict_branch_speculation_*() from C to CPP - [x86] paravirt, objtool: Annotate indirect calls - watchdog: hpwdt: SMBIOS check - watchdog: hpwdt: Check source of NMI - watchdog: hpwdt: fix unused variable warning - watchdog: hpwdt: Remove legacy NMI sourcing. - [armhf] omap2: hide omap3_save_secure_ram on non-OMAP3 builds - Input: tca8418_keypad - remove double read of key event register - tc358743: fix register i2c_rd/wr function fix - netfilter: add back stackpointer size checks (CVE-2018-1065) - netfilter: x_tables: fix missing timer initialization in xt_LED - netfilter: nat: cope with negative port range - netfilter: IDLETIMER: be syzkaller friendly - netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets (CVE-2018-1068) - netfilter: bridge: ebt_among: add missing match size checks - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt - netfilter: x_tables: pass xt_counters struct instead of packet counter - netfilter: x_tables: pass xt_counters struct to counter allocator - netfilter: x_tables: pack percpu counter allocations - ext4: inplace xattr block update fails to deduplicate blocks - ubi: Fix race condition between ubi volume creation and udev - scsi: qla2xxx: Replace fcport alloc with qla2x00_alloc_fcport - NFS: Fix an incorrect type in struct nfs_direct_req - NFS: Fix unstable write completion - [x86] module: Detect and skip invalid relocations - [x86] Treat R_X86_64_PLT32 as R_X86_64_PC32 - serial: sh-sci: prevent lockup on full TTY buffers - tty/serial: atmel: add new version check for usart - uas: fix comparison for error code - [x86] staging: comedi: fix comedi_nsamples_left. - USB: storage: Add JMicron bridge 152d:2567 to unusual_devs.h - usbip: vudc: fix null pointer dereference on udc->lock - usb: quirks: add control message delay for 1b1c:1b20 - usb: usbmon: Read text within supplied buffer size - usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb() - serial: 8250_pci: Add Brainboxes UC-260 4 port serial device - serial: core: mark port as initialized in autoconfig - earlycon: add reg-offset to physical address before mapping - PCI: dwc: Fix enumeration end when reaching root subordinate [Yves-Alexis Perez] * [powerpc*] drop RFI patches, now included upstream [ Salvatore Bonaccorso ] * [rt] Refresh 0001-timer-make-the-base-lock-raw.patch context * [rt] Update to 4.9.84-rt62 * blkcg: fix double free of new_blkg in blkcg_init_queue (CVE-2018-7480) * CIFS: Enable encryption during session setup phase (CVE-2018-1066) * staging: ncpfs: memory corruption in ncp_read_kernel() (CVE-2018-8822) * [arm64] net: hns: Fix a skb used after free bug (CVE-2017-18218) * media: usbtv: prevent double free in error case (CVE-2017-17975) * [arm64] net: hns: fix ethtool_get_strings overflow in hns driver * [arm64] net: hns: Fix ethtool private flags (CVE-2017-18222) * scsi: libsas: fix memory leak in sas_smp_get_phy_events() (CVE-2018-7757) * ext4: add validity checks for bitmap block numbers (CVE-2018-1093) * ext4: fix bitmap position validation * ext4: fail ext4_iget for root directory if unallocated (CVE-2018-1092) * random: fix crng_ready() test (CVE-2018-1108) * random: set up the NUMA crng instances after the CRNG is fully initialized * random: crng_reseed() should lock the crng instance that it is modifying * random: fix possible sleeping allocation from irq context * perf/hwbp: Simplify the perf-hwbp code, fix documentation (CVE-2018-1000199) [ Ben Hutchings ] * [x86] Revert "x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping" to avoid an ABI change * [x86] mm: Avoid ABI change for addition of ctx_id * [x86] cpu: Avoid ABI change in 4.9.83 * crypto: hash: Avoid ABI change in 4.9.84 * fs: Avoid ABI change in 4.9.85 * [x86] nospec: Ignore ABI change for removal of __clear_rsb and __fill_rsb, previously exported for use by KVM * [x86] Ignore ABI change for cpu_tlbstate, apparently not used externally * jbd2: Ignore ABI changes * tpm_tis: Ignore ABI changes * ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (CVE-2017-18216) * ocfs2: ip_alloc_sem should be taken in ocfs2_get_block() (CVE-2017-18224) * f2fs: fix a panic caused by NULL flush_cmd_control (CVE-2017-18241) * f2fs: fix a dead loop in f2fs_fiemap() (CVE-2017-18257) * mm/hugetlb.c: don't call region_abort if region_chg fails * hugetlbfs: fix offset overflow in hugetlbfs mmap * hugetlbfs: check for pgoff value overflow (CVE-2018-7740) * mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl() (CVE-2018-8087) * drm: udl: Properly check framebuffer mmap offsets (CVE-2018-8781) * xfs: set format back to extents if xfs_bmap_extents_to_btree (CVE-2018-10323) * debian/lib/python/debian_linux/gencontrol.py: Allow uploads to *-security with a simple revision -- Salvatore Bonaccorso Sun, 29 Apr 2018 09:19:40 +0200 linux (4.9.82-1+deb9u3) stretch-security; urgency=medium * [powerpc] Backport more RFI flush related patches from 4.9.84. Closes: #891249. * [powerpc] Ignore ABI change in paca. -- Aurelien Jarno Fri, 02 Mar 2018 08:52:22 +0100 linux (4.9.82-1+deb9u2) stretch-security; urgency=high * [x86] linux-headers: use correct version in linux-compiler-gcc-6-x86 dependency. -- Yves-Alexis Perez Wed, 21 Feb 2018 16:29:03 +0100 linux (4.9.82-1+deb9u1) stretch-security; urgency=high [ Yves-Alexis Perez ] * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.81 - [powerpc*] powerpc/64s: Add support for RFI flush of L1-D cache (CVE-2017-5754, Meltdown) - [powerpc*] powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti - [powerpc*] powerpc/64s: Allow control of RFI flush via debugfs - [x86] kaiser: fix intel_bts perf crashes - [x86] x86/pti: Make unpoison of pgd for trusted boot work for real - kaiser: allocate pgd with order 0 when pti=off - serial: core: mark port as initialized after successful IRQ change - ip6mr: fix stale iterator - net: igmp: add a missing rcu locking section - qlcnic: fix deadlock bug - tcp: release sk_frag.page in tcp_disconnect - soreuseport: fix mem leak in reuseport_add_sock() - KEYS: encrypted: fix buffer overread in valid_master_desc() - [x86] x86/retpoline: Remove the esp/rsp thunk - [x86] KVM: x86: Make indirect calls in emulator speculation safe (CVE-2017-5715, Spectre#2) - KVM: VMX: Make indirect call speculation safe - module/retpoline: Warn about missing retpoline in module - [x86] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - [x86] x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes - [x86] x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support - [x86] x86/entry/64: Remove the SYSCALL64 fast path - [x86] x86/asm: Move 'status' from thread_struct to thread_info - Documentation: Document array_index_nospec - [x86] x86: Implement array_index_mask_nospec - [x86] x86: Introduce barrier_nospec - [x86] x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec - [x86] x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec - [x86] x86/get_user: Use pointer masking to limit speculation - [x86] x86/syscall: Sanitize syscall table de-references under speculation - vfs, fdtable: Prevent bounds-check bypass via speculative execution (CVE-2017-5753, Spectre#1) - nl80211: Sanitize array index in parse_txq_params (CVE-2017-5753, Spectre#1) - [x86] x86/spectre: Report get_user mitigation for spectre_v1 - x86/paravirt: Remove 'noreplace-paravirt' cmdline option - x86/kvm: Update spectre-v1 mitigation (CVE-2017-5753, Spectre#1) - KVM: nVMX: mark vmcs12 pages dirty on L2 exit - KVM/x86: Add IBPB support (CVE-2017-5715, Spectre#2) - KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES - KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL - KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL - [x86] x86/microcode: Do the family check first * [x86] Rewrite "Make x32 syscall support conditional on a kernel parameter" to use a static key * [x86] linux-compiler-gcc-6-x86: Add versioned dependency on gcc-6 for retpoline support * [powerpc] powerpc/64s: Simple RFI macro conversions (fix FTBFS) * Add myself to Uploaders since I did the last few uploads to Stretch. https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.82 - CIFS: zero sensitive data when freeing - posix-timer: Properly check sigevent->sigev_notify - dccp: CVE-2017-8824: use-after-free in DCCP code - media: dvb-usb-v2: lmedm04: Improve logic checking of warm start - media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner - ubi: fastmap: Erase outdated anchor PEBs during attach - ubi: block: Fix locking for idr_alloc/idr_remove - nsfs: mark dentry with DCACHE_RCUACCESS - media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic - crypto: caam - fix endless loop when DECO acquire fails - crypto: sha512-mb - initialize pending lengths correctly - KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2 - KVM: arm/arm64: Handle CPU_PM_ENTER_FAILED - media: dvb-frontends: fix i2c access helpers for KASAN - media: ts2020: avoid integer overflows on 32 bit machines - fs/proc/kcore.c: use probe_kernel_read() instead of memcpy() - kernel/relay.c: revert "kernel/relay.c: fix potential memory leak" - pipe: actually allow root to exceed the pipe buffer limits - ACPI: sbshc: remove raw pointer from printk() message (CVE-2018-5750) - acpi, nfit: fix register dimm error handling * Remove patches included in 4.9.82 * Bump ABI to 6, remove all ignored ABI changes since ABI 5. * Remove all patches handling or reverting ABI changes. * [x86] linux-headers: Depend on updated linux-compiler-gcc-6-x86 for retpoline support. * [x86] Add versioned build-dependency on gcc-6 for retpoline support. * [rt] Update to 4.9.76-rt61 except patches refreshed locally since 4.9.76. * [rt] Add gpg key for Julia Cartwright (0x0A120DD923EEDD5F) to upstream keyring [ Ben Hutchings ] * abiupdate.py: Add support for security mirrors -- Yves-Alexis Perez Mon, 19 Feb 2018 16:10:58 +0100 linux (4.9.80-2) stretch; urgency=medium * scsi: ignore ABI change in hisi_sas. -- Yves-Alexis Perez Fri, 09 Feb 2018 13:58:52 +0100 linux (4.9.80-1) stretch; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.66 - [s390x] fix transactional execution control register handling - [s390x] runtime instrumention: fix possible memory corruption - [s390x] disassembler: add missing end marker for e7 table - [s390x] disassembler: increase show_code buffer size - ACPI / EC: Fix regression related to triggering source of EC event handling - [x86] mm: fix use-after-free of vma during userfaultfd fault - ipv6: only call ip6_route_dev_notify() once for NETDEV_UNREGISTER - vsock: use new wait API for vsock_stream_sendmsg() - sched: Make resched_cpu() unconditional - lib/mpi: call cond_resched() from mpi_powm() loop - [x86] decoder: Add new TEST instruction pattern - [arm64] Implement arch-specific pte_access_permitted() - [armhf/armmp-lpae] 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE - [armhf/armmp-lpae] 8721/1: mm: dump: check hardware RO bit for LPAE - [arm64] PCI: Set Cavium ACS capability quirk flags to assert RR/CR/SV/UF - dm bufio: fix integer overflow when limiting maximum cache size - dm: allocate struct mapped_device with kvzalloc - [mips*] pci: Remove KERN_WARN instance inside the mt7620 driver - dm: fix race between dm_get_from_kobject() and __dm_destroy() - [mips*] Fix odd fp register warnings with MIPS64r2 - [mips*] Fix an n32 core file generation regset support regression - rt2x00usb: mark device removed when get ENOENT usb error - autofs: don't fail mount for transient error - nilfs2: fix race condition that causes file system corruption - eCryptfs: use after free in ecryptfs_release_messaging() - libceph: don't WARN() if user tries to add invalid key - bcache: check ca->alloc_thread initialized before wake up it - isofs: fix timestamps beyond 2027 - NFS: Fix typo in nomigration mount option - nfs: Fix ugly referral attributes - NFS: Avoid RCU usage in tracepoints - nfsd: deal with revoked delegations appropriately - rtlwifi: rtl8192ee: Fix memory leak when loading firmware - rtlwifi: fix uninitialized rtlhal->last_suspend_sec time - ata: fixes kernel crash while tracing ata_eh_link_autopsy event - ext4: fix interaction between i_size, fallocate, and delalloc after a crash - ALSA: pcm: update tstamp only if audio_tstamp changed - ALSA: usb-audio: Add sanity checks to FE parser - ALSA: usb-audio: Fix potential out-of-bound access at parsing SU - ALSA: usb-audio: Add sanity checks in v2 clock parsers - ALSA: timer: Remove kernel warning at compat ioctl error paths - ALSA: hda: Fix too short HDMI/DP chmap reporting - ALSA: hda/realtek - Fix ALC700 family no sound issue - fix a page leak in vhost_scsi_iov_to_sgl() error recovery - fs/9p: Compare qid.path in v9fs_test_inode - iscsi-target: Fix non-immediate TMR reference leak - target: Fix QUEUE_FULL + SCSI task attribute handling - [armhf] mtd: nand: omap2: Fix subpage write - mtd: nand: Fix writing mtdoops to nand flash. - mtd: nand: mtk: fix infinite ECC decode IRQ issue - p54: don't unregister leds when they are not initialized - block: Fix a race between blk_cleanup_queue() and timeout handling - [armhf,arm64] irqchip/gic-v3: Fix ppi-partitions lookup - lockd: double unregister of inetaddr notifiers - [x86] KVM: nVMX: set IDTR and GDTR limits when loading L1 host state - [x86] KVM: SVM: obey guest PAT - SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status - [armhf] clk: ti: dra7-atl-clock: fix child-node lookups - libnvdimm, pfn: make 'resource' attribute only readable by root - libnvdimm, namespace: fix label initialization to use valid seq numbers - libnvdimm, namespace: make 'resource' attribute only readable by root - IB/srpt: Do not accept invalid initiator port names - IB/srp: Avoid that a cable pull can trigger a kernel crash - NFC: fix device-allocation error return - fm10k,i40e,i40evf,igb,igbvf,ixgbe,ixgbevf: Use smp_rmb rather than read_barrier_depends - [powerpc*] signal: Properly handle return value from uprobe_deny_signal() - media: Don't do DMA on stack for firmware upload in the AS102 driver - media: rc: check for integer overflow - media: v4l2-ctrl: Fix flags field on Control events - sched/rt: Simplify the IPI based RT balancing logic - fscrypt: lock mutex before checking for bounce page pool - net/9p: Switch to wait_event_killable() - PM / OPP: Add missing of_node_put(np) - [x86] Revert "drm/i915: Do not rely on wm preservation for ILK watermarks" closes: #884001 - e1000e: Fix error path in link detection - e1000e: Fix return value test - e1000e: Separate signaling for link check/link up - e1000e: Avoid receiver overrun interrupt bursts - RDS: make message size limit compliant with spec - RDS: RDMA: return appropriate error on rdma map failures - RDS: RDMA: fix the ib_map_mr_sg_zbva() argument - PCI: Apply _HPX settings only to relevant devices - [armhf] clk: sunxi-ng: A31: Fix spdif clock register - [armhf] clk: sunxi-ng: fix PLL_CPUX adjusting on A33 - fscrypt: use ENOKEY when file cannot be created w/o key - fscrypt: use ENOTDIR when setting encryption policy on nondirectory - net: Allow IP_MULTICAST_IF to set index to L3 slave - net: 3com: typhoon: typhoon_init_one: fix incorrect return values - rt2800: set minimum MPDU and PSDU lengths to sane values - adm80211: return an error if adm8211_alloc_rings() fails - mwifiex: sdio: fix use after free issue for save_adapter - ath10k: fix incorrect txpower set by P2P_DEVICE interface - ath10k: ignore configuring the incorrect board_id - ath10k: fix potential memory leak in ath10k_wmi_tlv_op_pull_fw_stats() - bnxt_en: Set default completion ring for async events. - ath10k: set CTS protection VDEV param only if VDEV is up - ALSA: hda - Apply ALC269_FIXUP_NO_SHUTUP on HDA_FIXUP_ACT_PROBE - drm: Apply range restriction after color adjustment when allocation - [arm64] clk: qcom: ipq4019: Add all the frequencies for apss cpu - mac80211: Remove invalid flag operations in mesh TSF synchronization - mac80211: Suppress NEW_PEER_CANDIDATE event if no room - adm80211: add checks for dma mapping errors - iio: light: fix improper return value - netfilter: nft_queue: use raw_smp_processor_id() - netfilter: nf_tables: fix oob access - [armel,armhf] crypto: marvell - Copy IVDIG before launching partial DMA ahash requests - btrfs: return the actual error value from from btrfs_uuid_tree_iterate - [s390x] kbuild: enable modversions for symbols exported from asm - cec: when canceling a message, don't overwrite old status info - cec: CEC_MSG_GIVE_FEATURES should abort for CEC version < 2 - cec: update log_addr[] before finishing configuration - nvmet: fix KATO offset in Set Features - xen: xenbus driver must not accept invalid transaction ids https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.67 - [armhf] dts: LogicPD Torpedo: Fix camera pin mux - [armhf] dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio - mm/cma: fix alloc_contig_range ret code/potential leak - mm, hugetlbfs: introduce ->split() to vm_operations_struct - mm/madvise.c: fix madvise() infinite loop under special circumstances - btrfs: clear space cache inode generation always - nfsd: Fix stateid races between OPEN and CLOSE - nfsd: Fix another OPEN stateid race - nfsd: fix panic in posix_unblock_lock called from nfs4_laundromat - [armhf] mfd: twl4030-power: Fix pmic for boards that need vmmc1 on reboot - [armhf] OMAP2+: Fix WL1283 Bluetooth Baud Rate - [x86] KVM: pvclock: Handle first-time write to pvclock-page contains random junk - [x86] KVM: Exit to user-mode on #UD intercept when emulator requires - [x86] KVM: inject exceptions produced by x86_decode_insn - [x86] KVM: lapic: Split out x2apic ldr calculation - [x86] KVM: lapic: Fixup LDR on load in x2apic - mmc: core: Do not leave the block driver in a suspended state - mmc: core: prepend 0x to OCR entry in sysfs - eeprom: at24: fix reading from 24MAC402/24MAC602 - eeprom: at24: correctly set the size for at24mac402 - eeprom: at24: check at24_read/write arguments - [x86,alpha] i2c: i801: Fix Failed to allocate irq -2147483648 error - hwmon: (jc42) optionally try to disable the SMBUS timeout - nvme-pci: add quirk for delay before CHK RDY for WDC SN200 - Revert "drm/radeon: dont switch vt on suspend" - drm/amdgpu: potential uninitialized variable in amdgpu_vce_ring_parse_cs() - drm/amdgpu: Potential uninitialized variable in amdgpu_vm_update_directories() - drm/radeon: fix atombios on big endian - [armhf,arm64] drm/panel: simple: Add missing panel_simple_unprepare() calls - [arm64] drm/hisilicon: Ensure LDI regs are properly configured. - drm/ttm: once more fix ttm_buffer_object_transfer - drm/amd/pp: fix typecast error in powerplay. - NFS: revalidate "." etc correctly on "open". - [x86] drm/i915: Don't try indexed reads to alternate slave addresses - [x86] drm/i915: Prevent zero length "index" write https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.68 - bcache: only permit to recovery read error when cache device is clean - bcache: recover data from backing when data is clean - Revert "crypto: caam - get rid of tasklet" - mm, oom_reaper: gather each vma to prevent leaking TLB entry - uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices - usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub - [s390x] runtime instrumentation: simplify task exit handling - ima: fix hash algorithm initialization - [s390x] pci: do not require AIS facility - serial: 8250_fintek: Fix rs485 disablement on invalid ioctl() - staging: rtl8188eu: avoid a null dereference on pmlmepriv - [arm64] mmc: sdhci-msm: fix issue with power irq - serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X - [x86] entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt() - [x86] EDAC, sb_edac: Fix missing break in switch - [armel,armhf] sysrq : fix Show Regs call trace on ARM - usbip: tools: Install all headers needed for libusbip development - [x86] kprobes: Disable preemption in ftrace-based jprobes - iio: adc: ti-ads1015: add 10% to conversion wait time - dax: Avoid page invalidation races and unnecessary radix tree traversals - net/mlx4_en: Fix type mismatch for 32-bit systems - l2tp: take remote address into account in l2tp_ip and l2tp_ip6 socket lookups - usb: gadget: f_fs: Fix ExtCompat descriptor validation - libcxgb: fix error check for ip6_route_output() - [armhf] OMAP2+: Fix WL1283 Bluetooth Baud Rate - vti6: fix device register to report IFLA_INFO_KIND - be2net: fix accesses to unicast list - be2net: fix unicast list filling - net/appletalk: Fix kernel memory disclosure - libfs: Modify mount_pseudo_xattr to be clear it is not a userspace mount - mm: fix remote numa hits statistics - mac80211: calculate min channel width correctly - nfs: Don't take a reference on fl->fl_file for LOCK operation - [armhf,arm64] KVM: Fix occasional warning from the timer work function - mac80211: prevent skb/txq mismatch - NFSv4: Fix client recovery when server reboots multiple times - [x86] perf/intel: Account interrupts for PEBS errors - [powerpc*] mm: Fix memory hotplug BUG() on radix - qla2xxx: Fix wrong IOCB type assumption - drm/amdgpu: fix bug set incorrect value to vce register - net: sctp: fix array overrun read on sctp_timer_tbl - [x86] fpu: Set the xcomp_bv when we fake up a XSAVES area - drm/amdgpu: fix unload driver issue for virtual display - mac80211: don't try to sleep in rate_control_rate_init() - RDMA/qedr: Return success when not changing QP state - RDMA/qedr: Fix RDMA CM loopback - tipc: fix nametbl_lock soft lockup at module exit - tipc: fix cleanup at module unload - [armhf] dmaengine: pl330: fix double lock - tcp: correct memory barrier usage in tcp_check_space() - nvmet: cancel fatal error and flush async work before free controller - gtp: clear DF bit on GTP packet tx - gtp: fix cross netns recv on gtp socket - net: phy: micrel: KSZ8795 do not set SUPPORTED_[Asym_]Pause - [arm64] net: thunderx: avoid dereferencing xcv when NULL - be2net: fix initial MAC setting - [powerpc*] vfio/spapr: Fix missing mutex unlock when creating a window - mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers - xen-netfront: Improve error handling during initialization - cec: initiator should be the same as the destination for, poll - xen-netback: vif counters from int/long to u64 - net: fec: fix multicast filtering hardware setup - dma-buf/dma-fence: Extract __dma_fence_is_later() - dma-buf/sw-sync: Fix the is-signaled test to handle u32 wraparound - dma-buf/sw-sync: Prevent user overflow on timeline advance - dma-buf/sw-sync: sync_pt is private and of fixed size - dma-buf/sw-sync: Fix locking around sync_timeline lists - dma-buf/sw-sync: Use an rbtree to sort fences in the timeline - dma-buf/sw_sync: move timeline_fence_ops around - dma-buf/sw_sync: clean up list before signaling the fence - dma-fence: Clear fence->status during dma_fence_init() - dma-fence: Wrap querying the fence->status - dma-fence: Introduce drm_fence_set_error() helper - dma-buf/sw_sync: force signal all unsignaled fences on dying timeline - dma-buf/sync_file: hold reference to fence when creating sync_file - usb: hub: Cycle HUB power when initialization fails - usb: xhci: fix panic in xhci_free_virt_devices_depth_first - USB: core: Add type-specific length check of BOS descriptors - USB: Increase usbfs transfer limit - USB: devio: Prevent integer overflow in proc_do_submiturb() - USB: usbfs: Filter flags passed in from user space - usb: host: fix incorrect updating of offset - xen-netfront: avoid crashing on resume after a failure in talk_to_netback() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.69 - can: kvaser_usb: free buf in error paths - can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback() - can: kvaser_usb: ratelimit errors if incomplete messages are received - can: kvaser_usb: cancel urb on -EPIPE and -EPROTO - can: ems_usb: cancel urb on -EPIPE and -EPROTO - can: esd_usb2: cancel urb on -EPIPE and -EPROTO - can: usb_8dev: cancel urb on -EPIPE and -EPROTO - virtio: release virtio index when fail to device_register - [x86] hv: kvp: Avoid reading past allocated blocks from KVP file - isa: Prevent NULL dereference in isa_bus driver callbacks - scsi: dma-mapping: always provide dma_get_cache_alignment - scsi: use dma_get_cache_alignment() as minimum DMA alignment - scsi: libsas: align sata_device's rps_resp on a cacheline - efi: Move some sysfs files to be read-only by root - efi/esrt: Use memunmap() instead of kfree() to free the remapping - ASN.1: fix out-of-bounds read when parsing indefinite length item - ASN.1: check for error from ASN1_OP_END__ACT actions - X.509: reject invalid BIT STRING for subjectPublicKey - X.509: fix comparisons of ->pkey_algo - [x86] PCI: Make broadcom_postcore_init() check acpi_disabled - [x86] KVM: fix APIC page invalidation - btrfs: fix missing error return in btrfs_drop_snapshot - ALSA: pcm: prevent UAF in snd_pcm_info - ALSA: seq: Remove spurious WARN_ON() at timer check - ALSA: usb-audio: Fix out-of-bound error - ALSA: usb-audio: Add check return value for usb_string() - [x86] iommu/vt-d: Fix scatterlist offset handling - smp/hotplug: Move step CPUHP_AP_SMPCFD_DYING to the correct place - [s390x] fix compat system call table - [s390x] KVM: Fix skey emulation permission check - [powerpc*] 64s: Initialize ISAv3 MMU registers before setting partition table - brcmfmac: change driver unbind order of the sdio function devices - media: dvb: i2c transfers over usb cannot be done from stack - [armhf,arm64] KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one - [armhf,arm64] KVM: Fix broken GICH_ELRSR big endian conversion - [armhf,arm64] KVM: vgic-irqfd: Fix MSI entry allocation - [armhf,arm64] KVM: vgic-its: Check result of allocation before use - [arm64] fpsimd: Prevent registers leaking from dead tasks - [armhf] bus: arm-cci: Fix use of smp_processor_id() in preemptible context - usb: f_fs: Force Reserved1=1 in OS_DESC_EXT_COMPAT - [armel,armhf] BUG if jumping to usermode address in kernel mode - [armel,armhf] avoid faulting on qemu - thp: reduce indentation level in change_huge_pmd() - thp: fix MADV_DONTNEED vs. numa balancing race - mm: drop unused pmdp_huge_get_and_clear_notify() - [armel,armhf] 8657/1: uaccess: consistently check object sizes - vti6: Don't report path MTU below IPV6_MIN_MTU. - [armhf] OMAP2+: gpmc-onenand: propagate error on initialization failure - [x86] platform/uv/BAU: Fix HUB errors by remove initial write to sw-ack register - sched/fair: Make select_idle_cpu() more aggressive - [x86] hpet: Prevent might sleep splat on resume - [powerpc*] 64: Invalidate process table caching after setting process table - lirc: fix dead lock between open and wakeup_filter - module: set __jump_table alignment to 8 - [powerpc*] 64: Fix checksum folding in csum_add() - [armhf] OMAP2+: Fix device node reference counts - [armhf] OMAP2+: Release device node after it is no longer needed. - usb: gadget: configs: plug memory leak - USB: gadgetfs: Fix a potential memory leak in 'dev_config()' - [armhf,arm64] usb: dwc3: gadget: Fix system suspend/resume on TI platforms - usb: gadget: udc: net2280: Fix tmp reusage in net2280 driver - [x86] kvm: nVMX: VMCLEAR should not cause the vCPU to shut down - libata: drop WARN from protocol error in ata_sff_qc_issue() - workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq - scsi: qla2xxx: Fix ql_dump_buffer - scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters - [armhf] irqchip/crossbar: Fix incorrect type of register size - [x86] KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset - [armhf,arm64] KVM: Survive unknown traps from guests - [armhf,arm64] KVM: VGIC: Fix command handling while ITS being disabled - bnx2x: prevent crash when accessing PTP with interface down - bnx2x: fix possible overrun of VFPF multicast addresses array - bnx2x: fix detection of VLAN filtering feature for VF - bnx2x: do not rollback VF MAC/VLAN filters we did not configure - rds: tcp: Sequence teardown of listen and acceptor sockets to avoid races - [powerpc*] ibmvnic: Fix overflowing firmware/hardware TX queue - [powerpc*] ibmvnic: Allocate number of rx/tx buffers agreed on by firmware - ipv6: reorder icmpv6_init() and ip6_mr_init() - blk-mq: initialize mq kobjects in blk_mq_init_allocated_queue() - zram: set physical queue limits to avoid array out of bounds accesses - netfilter: don't track fragmented packets - [powerpc*] axonram: Fix gendisk handling - drm/amd/amdgpu: fix console deadlock if late init failed - [powerpc*] powernv/ioda2: Gracefully fail if too many TCE levels requested - [x86] EDAC, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro - [x86] EDAC, i5000, i5400: Fix definition of NRECMEMB register - kbuild: pkg: use --transform option to prefix paths in tar - coccinelle: fix parallel build with CHECK=scripts/coccicheck - mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl() - gre6: use log_ecn_error module parameter in ip6_tnl_rcv() - route: also update fnhe_genid when updating a route cache - route: update fnhe_expires for redirect when the fnhe exists - NFS: Fix a typo in nfs_rename() - sunrpc: Fix rpc_task_begin trace point - xfs: fix forgotten rcu read unlock when skipping inode reclaim - block: wake up all tasks blocked in get_request() - zsmalloc: calling zs_map_object() from irq is a bug - sctp: do not free asoc when it is already dead in sctp_sendmsg - sctp: use the right sk after waking up from wait_buf sleep - bpf: fix lockdep splat - atm: horizon: Fix irq release error - xfrm: Copy policy family in clone_policy - IB/mlx4: Increase maximal message size under UD QP - IB/mlx5: Assign send CQ and recv CQ of UMR QP - afs: Connect up the CB.ProbeUuid https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.70 - [s390x] qeth: fix early exit from error path - tipc: fix memory leak in tipc_accept_from_sock() - rds: Fix NULL pointer dereference in __rds_rdma_map - sit: update frag_off info - packet: fix crash in fanout_demux_rollover() - net/packet: fix a race in packet_bind() and packet_notifier() - usbnet: fix alignment for frames with no ethernet header - stmmac: reset last TSO segment size after device open - tcp/dccp: block bh before arming time_wait timer - [s390x] qeth: build max size GSO skbs on L2 devices - [s390x] qeth: fix GSO throughput regression - [s390x] qeth: fix thinko in IPv4 multicast address tracking - tipc: call tipc_rcv() only if bearer is up in tipc_udp_recv() - Fix handling of verdicts after NF_QUEUE - ipmi: Stop timers before cleaning up the module - [s390x] always save and restore all registers on context switch - usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping - fix kcm_clone() - [armhf,arm64] KVM: vgic-its: Preserve the revious read from the pending table - [powerpc*] 64: Fix checksum folding in csum_tcpudp_nofold and ip_fast_csum_nofold - kbuild: do not call cc-option before KBUILD_CFLAGS initialization - ipvlan: fix ipv6 outbound device - audit: ensure that 'audit=1' actually enables audit for PID 1 - md: free unused memory after bitmap resize - RDMA/cxgb4: Annotate r2 and stag as __be32 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71 - mfd: fsl-imx25: Clean up irq settings during removal - crypto: rsa - fix buffer overread when stripping leading zeroes - autofs: fix careless error in recent commit - tracing: Allocate mask_str buffer dynamically - USB: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID - usbip: fix stub_rx: get_pipe() to validate endpoint number (CVE-2017-16912) - usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input (CVE-2017-16913) - usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer (CVE-2017-16914) - ceph: drop negative child dentries before try pruning inode's alias - usb: xhci: fix TDS for MTK xHCI1.1 - xhci: Don't add a virt_dev to the devs array before it's fully allocated - nfs: don't wait on commit in nfs_commit_inode() if there were no commit requests - sched/rt: Do not pull from current CPU if only one CPU to pull - eeprom: at24: change nvmem stride to 1 - dmaengine: dmatest: move callback wait queue to thread context - ext4: fix fdatasync(2) after fallocate(2) operation - ext4: fix crash when a directory's i_size is too small - mac80211: Fix addition of mesh configuration element - [x86] KVM: nVMX: do not warn when MSR bitmap address is not backed - md-cluster: free md_cluster_info if node leave cluster - userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE - userfaultfd: selftest: vm: allow to build in vm/ directory - net: initialize msg.msg_flags in recvfrom - bnxt_en: Ignore 0 value in autoneg supported speed from firmware. - net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values - net: bcmgenet: correct MIB access of UniMAC RUNT counters - net: bcmgenet: reserved phy revisions must be checked first - net: bcmgenet: power down internal phy if open or resume fails - net: bcmgenet: synchronize irq0 status between the isr and task - net: bcmgenet: Power up the internal PHY before probing the MII - rxrpc: Wake up the transmitter if Rx window size increases on the peer - net/mlx5: Fix create autogroup prev initializer - net/mlx5: Don't save PCI state when PCI error is detected - drm/amdgpu: fix parser init error path to avoid crash in parser fini - NFSD: fix nfsd_minorversion(.., NFSD_AVAIL) - NFSD: fix nfsd_reset_versions for NFSv4. - [armhf] drm/omap: fix dmabuf mmap for dma_alloc'ed buffers - netfilter: bridge: honor frag_max_size when refragmenting - blk-mq: Fix tagset reinit in the presence of cpu hot-unplug - writeback: fix memory leak in wb_queue_work() - net: wimax/i2400m: fix NULL-deref at probe - dmaengine: Fix array index out of bounds warning in __get_unmap_pool() - irqchip/mvebu-odmi: Select GENERIC_MSI_IRQ_DOMAIN - net: Resend IGMP memberships upon peer notification. - qed: Align CIDs according to DORQ requirement - qed: Fix mapping leak on LL2 rx flow - qed: Fix interrupt flags on Rx LL2 - scsi: hpsa: update check for logical volume status - scsi: hpsa: limit outstanding rescans - scsi: hpsa: do not timeout reset operations - fjes: Fix wrong netdevice feature flags - drm/radeon/si: add dpm quirk for Oland - [x86] Drivers: hv: util: move waiting for release to hv_utils_transport itself - iwlwifi: mvm: cleanup pending frames in DQA mode - sched/deadline: Add missing update_rq_clock() in dl_task_timer() - sched/deadline: Make sure the replenishment timer fires in the next period - sched/deadline: Throttle a constrained deadline task activated after the deadline - sched/deadline: Use deadline instead of period when calculating overflow - drm/radeon: reinstate oland workaround for sclk - afs: Fix missing put_page() - afs: Populate group ID from vnode status - afs: Adjust mode bits processing - afs: Deal with an empty callback array - afs: Flush outstanding writes when an fd is closed - afs: Migrate vlocation fields to 64-bit - afs: Prevent callback expiry timer overflow - afs: Fix the maths in afs_fs_store_data() - afs: Invalid op ID should abort with RXGEN_OPCODE - afs: Better abort and net error handling - afs: Populate and use client modification time - afs: Fix page leak in afs_write_begin() - afs: Fix afs_kill_pages() - afs: Fix abort on signal while waiting for call completion - nvme-loop: fix a possible use-after-free when destroying the admin queue - nvmet: confirm sq percpu has scheduled and switched to atomic - nvmet-rdma: Fix a possible uninitialized variable dereference - net/mlx4_core: Avoid delays during VF driver device shutdown - net: mpls: Fix nexthop alive tracking on down events - rxrpc: Ignore BUSY packets on old calls - tty: don't panic on OOM in tty_set_ldisc() - tty: fix data race in tty_ldisc_ref_wait() - perf symbols: Fix symbols__fixup_end heuristic for corner cases - efi/esrt: Cleanup bad memory map log messages - NFSv4.1 respect server's max size in CREATE_SESSION - btrfs: add missing memset while reading compressed inline extents - target: Use system workqueue for ALUA transitions - target: fix ALUA transition timeout handling - target: fix race during implicit transition work flushes - [x86] Revert "x86/acpi: Set persistent cpuid <-> nodeid mapping when booting" - HID: cp2112: fix broken gpio_direction_input callback - sfc: don't warn on successful change of MAC - video: udlfb: Fix read EDID timeout - rtc: pcf8563: fix output clock rate - [x86] ASoC: Intel: Skylake: Fix uuid_module memory leak in failure case - [armhf] dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type - PCI/PME: Handle invalid data when reading Root Status - powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo - PCI: Do not allocate more buses than available in parent - netfilter: ipvs: Fix inappropriate output of procfs - [powerpc*] opal: Fix EBUSY bug in acquiring tokens - [powerpc*] ipic: Fix status get and status clear - [x86] platform: intel_punit_ipc: Fix resource ioremap warning - target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd() - iscsi-target: fix memory leak in lio_target_tiqn_addtpg() - target:fix condition return in core_pr_dump_initiator_port() - target/file: Do not return error for UNMAP if length is zero - badblocks: fix wrong return value in badblocks_set if badblocks are disabled - [x86] iommu/amd: Limit the IOVA page range to the specified addresses - xfs: truncate pagecache before writeback in xfs_setattr_size() - crypto: tcrypt - fix buffer lengths in test_aead_speed() - mm: Handle 0 flags in _calc_vm_trans() macro - [armhf] clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU - [arm64] clk: hi6220: mark clock cs_atb_syspll as critical - [armhf,arm64] clk: tegra: Fix cclk_lp divisor register - ppp: Destroy the mutex when cleanup - thermal/drivers/step_wise: Fix temperature regulation misbehavior - scsi: scsi_debug: write_same: fix error report - GFS2: Take inode off order_write list when setting jdata flag - bcache: explicitly destroy mutex while exiting - bcache: fix wrong cache_misses statistics - Ib/hfi1: Return actual operational VLs in port info query - [x86] platform: hp_accel: Add quirk for HP ProBook 440 G4 - nvme: use kref_get_unless_zero in nvme_find_get_ns - l2tp: cleanup l2tp_tunnel_delete calls - xfs: fix log block underflow during recovery cycle verification - xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real - RDMA/cxgb4: Declare stag as __be32 - PCI: Detach driver before procfs & sysfs teardown on device remove - scsi: hpsa: cleanup sas_phy structures in sysfs when unloading - scsi: hpsa: destroy sas transport properties before scsi_host - [powerpc*] perf/hv-24x7: Fix incorrect comparison in memord - tty fix oops when rmmod 8250 - raid5: Set R5_Expanded on parity devices as well as data. - scsi: scsi_devinfo: Add REPORTLUN2 to EMC SYMMETRIX blacklist entry - IB/core: Fix calculation of maximum RoCE MTU - vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend - rtl8188eu: Fix a possible sleep-in-atomic bug in rtw_createbss_cmd - rtl8188eu: Fix a possible sleep-in-atomic bug in rtw_disassoc_cmd - scsi: sd: change manage_start_stop to bool in sysfs interface - scsi: sd: change allow_restart to bool in sysfs interface - scsi: bfa: integer overflow in debugfs - udf: Avoid overflow when session starts at large offset - macvlan: Only deliver one copy of the frame to the macvlan interface - RDMA/cma: Avoid triggering undefined behavior - IB/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop - icmp: don't fail on fragment reassembly time exceeded - ath9k: fix tx99 potential info leak https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.72 - cxl: Check if vphb exists before iterating over AFU devices - [arm64] Initialise high_memory global variable earlier - kvm: fix usage of uninit spinlock in avic_vm_destroy() - [armhf] kprobes: Fix the return address of multiple kretprobes - [armhf] kprobes: Align stack to 8-bytes in test code - nvme-loop: handle cpu unplug when re-establishing the controller - cpuidle: Validate cpu_dev in cpuidle_add_sysfs() - r8152: fix the list rx_done may be used without initialization - crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex - vsock: track pkt owner vsock - vhost-vsock: add pkt cancel capability - vsock: cancel packets when failing to connect - sch_dsmark: fix invalid skb_cow() usage - bna: integer overflow bug in debugfs - sctp: out_qlen should be updated when pruning unsent queue - usb: gadget: f_uvc: Sanity check wMaxPacketSize for SuperSpeed - usb: gadget: udc: remove pointer dereference after free - netfilter: nfnl_cthelper: fix runtime expectation policy updates - netfilter: nfnl_cthelper: Fix memory leak - [armhf] iommu/exynos: Workaround FLPD cache flush issues for SYSMMU v5 - r8152: fix the rx early size of RTL8153 - tipc: fix nametbl deadlock at tipc_nametbl_unsubscribe - inet: frag: release spinlock before calling icmp_send() - scsi: lpfc: Fix PT2PT PRLI reject - [x86] kvm: vmx: Flush TLB when the APIC-access address changes - [x86] KVM: correct async page present tracepoint - [x86] KVM: VMX: Fix enable VPID conditions - [armhf] dts: ti: fix PCI bus dtc warnings - [x86] hwmon: (asus_atk0110) fix uninitialized data access - HID: xinmo: fix for out of range for THT 2P arcade controller. - ASoC: STI: Fix reader substream pointer set - r8152: prevent the driver from transmitting packets with carrier off - [s390x] qeth: size calculation outbound buffers - [s390x] qeth: no ETH header for outbound AF_IUCV - bna: avoid writing uninitialized data into hw registers - i40iw: Receive netdev events post INET_NOTIFIER state - IB/core: Protect against self-requeue of a cq work item - infiniband: Fix alignment of mmap cookies to support VIPT caching - nbd: set queue timeout properly - net: Do not allow negative values for busy_read and busy_poll sysctl interfaces - IB/rxe: double free on error - IB/rxe: increment msn only when completing a request - i40e: Do not enable NAPI on q_vectors that have no rings - RDMA/iser: Fix possible mr leak on device removal event - irda: vlsi_ir: fix check for DMA mapping errors - netfilter: nfnl_cthelper: fix a race when walk the nf_ct_helper_hash table - netfilter: nf_nat_snmp: Fix panic when snmp_trap_helper fails to register - [armhf] dts: am335x-evmsk: adjust mmc2 param to allow suspend - cpufreq: Fix creation of symbolic links to policy directories - net: ipconfig: fix ic_close_devs() use-after-free - [x86] KVM: pci-assign: do not map smm memory slot pages in vt-d page tables - virtio-balloon: use actual number of stats for stats queue buffers - virtio_balloon: prevent uninitialized variable use - isdn: kcapi: avoid uninitialized data - xhci: plat: Register shutdown for xhci_plat - netfilter: nfnetlink_queue: fix secctx memory leak - Btrfs: fix an integer overflow check - [armel,armhf] dma-mapping: disallow dma_get_sgtable() for non-kernel managed memory - [powerpc*] cpuidle: powernv: Pass correct drv->cpumask for registration - bnxt_en: Fix NULL pointer dereference in reopen failure path - [armhf,arm64] backlight: pwm_bl: Fix overflow condition - [armhf,arm64] rtc: pl031: make interrupt optional - kvm, mm: account kvm related kmem slabs to kmemcg - net: phy: at803x: Change error to EINVAL for invalid MAC - PCI: Avoid bus reset if bridge itself is broken - scsi: cxgb4i: fix Tx skb leak - scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1 volume created on two SATA drive - PCI: Create SR-IOV virtfn/physfn links before attaching driver - PM / OPP: Move error message to debug level - igb: check memory allocation failure - ixgbe: fix use of uninitialized padding - IB/rxe: check for allocation failure on elem - PCI/AER: Report non-fatal errors only to the affected endpoint - tracing: Exclude 'generic fields' from histograms - fm10k: fix mis-ordered parameters in declaration for .ndo_set_vf_bw - scsi: lpfc: Fix secure firmware updates - scsi: lpfc: PLOGI failures during NPIV testing - vfio/pci: Virtualize Maximum Payload Size - fm10k: ensure we process SM mbx when processing VF mbx - net: ipv6: send NS for DAD when link operationally up - [armhf] clk: sunxi-ng: sun6i: Rename HDMI DDC clock to avoid name collision - tcp: fix under-evaluated ssthresh in TCP Vegas - rtc: set the alarm to the next expiring timer - cpuidle: fix broadcast control when broadcast can not be entered - [arm64] thermal: hisilicon: Handle return value of clk_prepare_enable - [arm64] thermal/drivers/hisi: Fix missing interrupt enablement - [arm64] thermal/drivers/hisi: Fix kernel panic on alarm interrupt - [arm64] thermal/drivers/hisi: Simplify the temperature/step computation - [arm64] thermal/drivers/hisi: Fix multiple alarm interrupts firing - [mips*] math-emu: Fix final emulation phase for certain instructions - [x86] platform: asus-wireless: send an EV_SYN/SYN_REPORT between state changes https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.73 - ACPI: APEI / ERST: Fix missing error handling in erst_reader() - ALSA: rawmidi: Avoid racy info ioctl via ctl device - spi: xilinx: Detect stall with Unknown commands - [x86] KVM: X86: Fix load RFLAGS w/o the fixed bit - [x86] kvm: x86: fix RSM when PCID is non-zero - [armhf] clk: sunxi: sun9i-mmc: Implement reset callback for reset controls - [powerpc*] powerpc/perf: Dereference BHRB entries safely - bpf/verifier: Fix states_equal() comparison of pointer and UNKNOWN https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.74 - tracing: Remove extra zeroing out of the ring buffer page - tracing: Fix possible double free on failure of allocating trace buffer - tracing: Fix crash when it fails to alloc ring buffer - ring-buffer: Mask out the info bits when returning buffer page length - ASoC: wm_adsp: Fix validation of firmware and coeff lengths - [x86] x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly() - [x86] x86/mm: Remove flush_tlb() and flush_tlb_current_task() - [x86] x86/mm: Make flush_tlb_mm_range() more predictable - [x86] x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range() - [x86] x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code - [x86] x86/mm: Disable PCID on 32-bit kernels - [x86] x86/mm: Add the 'nopcid' boot option to turn off PCID - [x86] x86/mm: Enable CR4.PCIDE on supported systems - [amd64] x86/mm/64: Fix reboot interaction with CR4.PCIDE - kbuild: add '-fno-stack-check' to kernel build options - ipv4: igmp: guard against silly MTU values - ipv6: mcast: better catch silly mtu values - ptr_ring: add barriers - RDS: Check cmsg_len before dereferencing CMSG_DATA - tg3: Fix rx hang on MTU change with 5717/5719 - net: ipv4: fix for a race condition in raw_sendmsg - ipv4: Fix use-after-free when flushing FIB tables - net: bridge: fix early call to br_stp_change_bridge_id and plug newlink leaks - net: Fix double free and memory corruption in get_net_ns_by_id() (CVE-2017-15129) - net/mlx5e: Fix possible deadlock of VXLAN lock - net/mlx5e: Prevent possible races in VXLAN control flow - usbip: fix usbip bind writing random string after command in match_busid - usbip: prevent leaking socket pointer address in messages - usbip: stub: stop printing kernel pointer addresses in messages - usbip: vhci: stop printing kernel pointer addresses in messages - USB: Fix off by one in type-specific length check of BOS SSP capability - nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick() - [x86] x86/smpboot: Remove stale TLB flush invocations - n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.75 - [x86] x86/boot: Add early cmdline parsing for options with arguments - [amd64] KAISER: Kernel Address Isolation - [amd64] kaiser: merged update - [amd64] kaiser: do not set _PAGE_NX on pgd_none - [amd64] kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE - [amd64] kaiser: fix build and FIXME in alloc_ldt_struct() - [amd64] kaiser: KAISER depends on SMP - [amd64] kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER - [amd64] kaiser: fix perf crashes - [amd64] kaiser: ENOMEM if kaiser_pagetable_walk() NULL - [amd64] kaiser: tidied up asm/kaiser.h somewhat - [amd64] kaiser: tidied up kaiser_add/remove_mapping slightly - [amd64] kaiser: align addition to x86/mm/Makefile - [amd64] kaiser: cleanups while trying for gold link - [amd64] kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET - [amd64] kaiser: delete KAISER_REAL_SWITCH option - [amd64] kaiser: vmstat show NR_KAISERTABLE as nr_overhead - [amd64] kaiser: enhanced by kernel and user PCIDs - [amd64] kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user - [amd64] kaiser: PCID 0 for kernel and 128 for user - [amd64] kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user - [amd64] kaiser: paranoid_entry pass cr3 need to paranoid_exit - [amd64] kaiser: kaiser_remove_mapping() move along the pgd - [amd64] kaiser: fix unlikely error in alloc_ldt_struct() - [amd64] kaiser: add "nokaiser" boot option, using ALTERNATIVE - [amd64] x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling - [amd64] x86/kaiser: Check boottime cmdline params - [amd64] kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush - [amd64] kaiser: drop is_atomic arg to kaiser_pagetable_walk() - [amd64] kaiser: asm/tlbflush.h handle noPGE at lower level - [amd64] kaiser: kaiser_flush_tlb_on_return_to_user() check PCID - [amd64] x86/paravirt: Dont patch flush_tlb_single - [amd64] x86/kaiser: Reenable PARAVIRT - [amd64] kaiser: disabled on Xen PV - [amd64] x86/kaiser: Move feature detection up - [amd64] KPTI: Rename to PAGE_TABLE_ISOLATION - [amd64] KPTI: Report when enabled - [amd64] kaiser: Set _PAGE_NX only if supported https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.76 - crypto: n2 - cure use after free - crypto: chacha20poly1305 - validate the digest size - crypto: pcrypt - fix freeing pcrypt instances (CVE-2017-18075) - nbd: fix use-after-free of rq/bio in the xmit path - [arm] iommu/arm-smmu-v3: Don't free page table ops twice - [arm] iommu/arm-smmu-v3: Cope with duplicated Stream IDs - [x86] x86/microcode/AMD: Add support for fam17h microcode loading - [hppa] parisc: Fix alignment of pa_tlb_lock in assembly on 32-bit SMP kernel - [x86] Map the vsyscall page with _PAGE_USER https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.77 - mac80211: Add RX flag to indicate ICV stripped - ath10k: rebuild crypto header in rx data frames - [x86] KVM: Fix stack-out-of-bounds read in write_mmio - [mips] MIPS: Fix an FCSR access API regression with NT_PRFPREG and MSA - [x86] kvm: vmx: Scrub hardware GPRs at VM-exit (mitigates Spectre / CVE-2017-5715 and CVE-2017-5753) - ALSA: pcm: Remove incorrect snd_BUG_ON() usages - RDS: Heap OOB write in rds_message_alloc_sgs() (CVE-2018-5332) - RDS: null pointer dereference in rds_atomic_free_op (CVE-2018-5333) - ipv6: fix possible mem leaks in ipv6_make_skb() - mlxsw: spectrum_router: Fix NULL pointer deref - crypto: algapi - fix NULL dereference in crypto_remove_spawns() - [x86] x86/microcode/intel: Extend BDW late-loading with a revision check - [x86] KVM: x86: Add memory barrier on vmcs field lookup (mitigates Spectre#2 / CVE-2017-5715) - [x86] kaiser: Set _PAGE_NX only if supported - bpf: prevent out-of-bounds speculation (mitigates Spectre#1 / CVE-2017-5753) - bpf, array: fix overflow in max_entries and undefined behavior in index_mask - USB: fix usbmon BUG trigger - usbip: remove kernel addresses from usb device and urb debug msgs - usbip: fix vudc_rx: harden CMD_SUBMIT path to handle malicious input - usbip: vudc_tx: fix v_send_ret_submit() vulnerability to null xfer buffer - Bluetooth: Prevent stack info leak from the EFS element.(CVE-2017-1000410) - [x86] x86/retpoline: Add initial retpoline support (mitigates Spectre#2 / CVE-2017-5715) - [x86] x86/spectre: Add boot time option to select Spectre v2 mitigation - [x86] x86/retpoline/crypto: Convert crypto assembler indirect jumps - [x86] x86/retpoline/entry: Convert entry assembler indirect jumps - [x86] x86/retpoline/ftrace: Convert ftrace assembler indirect jumps - [x86] x86/retpoline/hyperv: Convert assembler indirect jumps - [x86] x86/retpoline/xen: Convert Xen hypercall indirect jumps - [x86] x86/retpoline/checksum32: Convert assembler indirect jumps - [x86] x86/retpoline/irq32: Convert assembler indirect jumps - [x86] x86/retpoline: Fill return stack buffer on vmexit - [x86] x86/pti/efi: broken conversion from efi to kernel page table https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.78 - futex: Prevent overflow by strengthen input validation - ALSA: seq: Make ioctls race-free - af_key: fix buffer overread in verify_address_len() - af_key: fix buffer overread in parse_exthdrs() - iser-target: Fix possible use-after-free in connection establishment error - [x86] x86/retpoline: Fill RSB on context switch for affected CPUs - [x86] x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros - module: Add retpoline tag to VERMAGIC - [x86] x86/mm/pkeys: Fix fill_sig_info_pkey - [x86] x86/tsc: Fix erroneous TSC rate on Skylake Xeon - pipe: avoid round_pipe_size() nr_pages overflow on 32-bit - [x86] x86/apic/vector: Fix off by one in error path - Input: ALPS - fix multi-touch decoding on SS4 plus touchpads - Input: 88pm860x-ts - fix child-node lookup - Input: twl6040-vibra - fix child-node lookup - Input: twl4030-vibra - fix sibling-node lookup - proc: fix coredump vs read /proc/*/stat race - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices - workqueue: avoid hard lockups in show_workqueue_state() - dm btree: fix serious bug in btree_split_beneath() - dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6 - [arm64] arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls - [x86] x86/cpu, x86/pti: Do not enable PTI on AMD processors - usbip: fix warning in vhci_hcd_probe/lockdep_init_map - [x86] x86/mce: Make machine check speculation protected - [x86] retpoline: Introduce start/end markers of indirect thunk - [x86] x86/retpoline: Optimize inline assembler for vmexit_fill_RSB https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.79 - [i386] x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels - usbip: prevent vhci_hcd driver from leaking a socket pointer address (CVE-2017-16911) - usbip: Fix potential format overflow in userspace tools - [arm*] KVM: arm/arm64: Check pagesize when allocating a hugepage at Stage 2 - [amd64] Prevent timer value 0 for MWAITX - drivers: base: cacheinfo: fix boot error message when acpi is enabled - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack - ACPICA: Namespace: fix operand cache leak - netfilter: nfnetlink_cthelper: Add missing permission checks - netfilter: xt_osf: Add missing permission checks - fs/fcntl: f_setown, avoid undefined behaviour - Revert "module: Add retpoline tag to VERMAGIC" - orangefs: fix deadlock; do not write i_size in read_iter - um: link vmlinux with -no-pie - vsyscall: Fix permissions for emulate mode with KAISER/PTI - ipv6: fix udpv6 sendmsg crash caused by too small MTU - ipv6: ip6_make_skb() needs to clear cork.base.dst - net: igmp: fix source address check for IGMPv3 reports - net: qdisc_pkt_len_init() should be more robust - net: tcp: close sock if net namespace is exiting - pppoe: take ->needed_headroom of lower device into account on xmit - r8169: fix memory corruption on retrieval of hardware statistics. - sctp: do not allow the v4 socket to bind a v4mapped v6 address - sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf - flow_dissector: properly cap thoff field - perf/x86/amd/power: Do not load AMD power module on !AMD platforms - x86/microcode/intel: Extend BDW late-loading further with LLC size check - bpf: fix bpf_tail_call() x64 JIT - bpf: avoid false sharing of map refcount with max_entries - bpf: fix divides by zero - bpf: fix 32-bit divide by zero - nfsd: auth: Fix gid sorting when rootsquash enabled https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.80 - loop: fix concurrent lo_open/lo_release (CVE-2018-5344) - gpio: Fix kernel stack leak to userspace - crypto: aesni - handle zero length dst buffer - crypto: sha3-generic - fixes for alignment and big endian operation - HID: wacom: EKR: ensure devres groups at higher indexes are released - igb: Free IRQs when device is hotplugged - drm/vc4: Account for interrupts in flight - [x86] KVM: x86: emulator: Return to user-mode on L1 CPL=0 emulation failure - [x86] KVM: x86: Don't re-execute instruction when not passing CR2 value - [x86] KVM: X86: Fix operand/address-size during instruction decoding - [x86] KVM: x86: ioapic: Fix level-triggered EOI and IOAPIC reconfigure race - [x86] KVM: x86: ioapic: Clear Remote IRR when entry is switched to edge-triggered - ACPI / bus: Leave modalias empty for devices which are not present - [x86] KVM: x86: ioapic: Preserve read-only values in the redirection table - btrfs: fix deadlock when writing out space cache - [x86] KVM: X86: Fix softlockup when get the current kvmclock - KVM: VMX: Fix rflags cache during vCPU reset - xfs: always free inline data before resetting inode fork during ifree - kmemleak: add scheduling point to kmemleak_scan() - scsi: aacraid: Prevent crash in case of free interrupt during scsi EH path - scsi: ufs: ufshcd: fix potential NULL pointer dereference in ufshcd_config_vreg - usb: gadget: don't dereference g until after it has been null checked - tty: fix data race between tty_init_dev and flush of buf - USB: serial: io_edgeport: fix possible sleep-in-atomic - usbip: prevent bind loops on devices attached to vhci_hcd [ Ben Hutchings ] * [rt] Update to 4.9.68-rt60: - Revert "memcontrol: Prevent scheduling while atomic in cgroup code" - Revert "fs: jbd2: pull your plug when waiting for space" - rtmutex: Fix lock stealing logic - cpu_pm: replace raw_notifier to atomic_notifier - PM / CPU: replace raw_notifier with atomic_notifier (fixup) - kernel/hrtimer: migrate deferred timer on CPU down - net: take the tcp_sk_lock lock with BH disabled - kernel/hrtimer: don't wakeup a process while holding the hrtimer base lock - kernel/hrtimer/hotplug: don't wake ktimersoftd while holding the hrtimer base lock - Bluetooth: avoid recursive locking in hci_send_to_channel() - iommu/amd: Use raw_cpu_ptr() instead of get_cpu_ptr() for ->flush_queue - rt/locking: allow recursive local_trylock() - locking/rtmutex: don't drop the wait_lock twice - net: use trylock in icmp_sk * e1000e: Fix e1000_check_for_copper_link_ich8lan return value. (see bug #885348) * [s390x] Un-revert upstream change moving exports to assembly sources [ Yves-Alexis Perez ] * mm, hugetlbfs: Avoid ABI change in 4.9.67. * dma-fence: Avoid ABI change in 4.9.68. * lib/genalloc: Avoid ABI change in 4.9.69. * Ignore ABI changes in inet_diag, SCTP, vsock, NVME, MD and libsas drivers, prevent FTBFS. * debian/patches: drop patches included upstream: - bugfix/all/e1000e-fix-e1000_check_for_copper_link_ich8lan-return-value.patch - bugfix/all/kvm-fix-stack-out-of-bounds-read-in-write_mmio.patch - bugfix/all/bluetooth-prevent-stack-info-leak-from-the-efs-element.patch - bugfix/all/mm-mmap.c-do-not-blow-on-prot_none-map_fixed-holes-i.patch - bugfix/all/netfilter-nfnetlink_cthelper-add-missing-permission-.patch - bugfix/all/netfilter-xt_osf-add-missing-permission-checks.patch - bugfix/all/nfsd-auth-Fix-gid-sorting-when-rootsquash-enabled.patch * bpf: avoid ABI changes in 4.9.77 and 4.9.79. * Ignore ABI change for cpu_tlbstate (symbol not exported _GPL anymore) * sched/rt: Avoid ABI change in 4.9.66. * Ignore ABI change for tcp_cong_avoid_ai and tcp_slow_start. * RT patchset: - fix context against 4.9.78 (164, 165, 229, 230) - refresh for fuzz (228) * mm: Avoid ABI change in 4.9.79. * usbip: ignore ABI change in 4.9.79. * cpupower: check for CPU existence has been fixed upstream, although a bit differently than the included patch. [ Salvatore Bonaccorso ] * nfsd: auth: Fix gid sorting when rootsquash enabled (CVE-2018-1000028) -- Yves-Alexis Perez Sun, 04 Feb 2018 21:11:44 +0100 linux (4.9.65-3+deb9u2) stretch-security; urgency=high * x86: setup PCID, preparation work for KPTI. - x86/mm/64: Fix reboot interaction with CR4.PCIDE - x86/mm: Add the 'nopcid' boot option to turn off PCID - x86/mm: Disable PCID on 32-bit kernels - x86/mm: Enable CR4.PCIDE on supported systems * [amd64] Implement Kernel Page Table Isolation (KPTI, aka KAISER) (CVE-2017-5754) - kaiser: add "nokaiser" boot option, using ALTERNATIVE - kaiser: align addition to x86/mm/Makefile - kaiser: asm/tlbflush.h handle noPGE at lower level - kaiser: cleanups while trying for gold link - kaiser: delete KAISER_REAL_SWITCH option - kaiser: disabled on Xen PV - kaiser: do not set _PAGE_NX on pgd_none - kaiser: drop is_atomic arg to kaiser_pagetable_walk() - kaiser: enhanced by kernel and user PCIDs - kaiser: ENOMEM if kaiser_pagetable_walk() NULL - kaiser: fix build and FIXME in alloc_ldt_struct() - kaiser: fix perf crashes - kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER - kaiser: fix unlikely error in alloc_ldt_struct() - kaiser: KAISER depends on SMP - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID - kaiser: kaiser_remove_mapping() move along the pgd - KAISER: Kernel Address Isolation - x86_64: KAISER - do not map kernel in user mode - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user - kaiser: merged update - kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET - kaiser: paranoid_entry pass cr3 need to paranoid_exit - kaiser: PCID 0 for kernel and 128 for user - kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE - kaiser: tidied up asm/kaiser.h somewhat - kaiser: tidied up kaiser_add/remove_mapping slightly - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush - kaiser: vmstat show NR_KAISERTABLE as nr_overhead - kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user - KPTI: Rename to PAGE_TABLE_ISOLATION - KPTI: Report when enabled - x86/boot: Add early cmdline parsing for options with arguments - x86/kaiser: Check boottime cmdline params - x86/kaiser: Move feature detection up - x86/kaiser: Reenable PARAVIRT - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling - x86/paravirt: Dont patch flush_tlb_single * Bump ABI to 5. -- Yves-Alexis Perez Thu, 04 Jan 2018 12:12:40 +0100 linux (4.9.65-3+deb9u1) stretch-security; urgency=high * dccp: CVE-2017-8824: use-after-free in DCCP code * media: dvb-usb-v2: lmedm04: Improve logic checking of warm start (CVE-2017-16538) * media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner (CVE-2017-16538) * media: hdpvr: Fix an error handling path in hdpvr_probe() (CVE-2017-16644) * bpf/verifier: Fix multiple security issues: - adjust insn_aux_data when patching insns - fix branch pruning logic - reject out-of-bounds stack pointer calculation - fix incorrect sign extension in check_alu_op() (CVE-2017-16995) - Fix states_equal() comparison of pointer and UNKNOWN * netfilter: nfnetlink_cthelper: Add missing permission checks (CVE-2017-17448) * netlink: Add netns check on taps (CVE-2017-17449) * netfilter: xt_osf: Add missing permission checks (CVE-2017-17450) * USB: core: prevent malicious bNumInterfaces overflow (CVE-2017-17558) * net: ipv4: fix for a race condition in raw_sendmsg (CVE-2017-17712) * [armhf,arm64,x86] KVM: Fix stack-out-of-bounds read in write_mmio (CVE-2017-17741) * crypto: salsa20 - fix blkcipher_walk API usage (CVE-2017-17805) * crypto: hmac - require that the underlying hash algorithm is unkeyed (CVE-2017-17806) * KEYS: add missing permission check for request_key() destination (CVE-2017-17807) * [x86] KVM: VMX: remove I/O port 0x80 bypass on Intel hosts (CVE-2017-1000407) * bluetooth: Prevent stack info leak from the EFS element. (CVE-2017-1000410) -- Ben Hutchings Sat, 23 Dec 2017 00:39:51 +0000 linux (4.9.65-3) stretch; urgency=medium [ Salvatore Bonaccorso ] * xen/time: do not decrease steal time after live migration on xen (Closes: #871608) -- Ben Hutchings Sun, 03 Dec 2017 19:41:55 +0000 linux (4.9.65-2) stretch; urgency=medium * [s390x] qeth: Ignore ABI changes (fixes FTBFS) -- Ben Hutchings Sun, 03 Dec 2017 17:22:42 +0000 linux (4.9.65-1) stretch; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.52 - mm: prevent double decrease of nr_reserved_highatomic - IB/{qib, hfi1}: Avoid flow control testing for RDMA write operation - IB/addr: Fix setting source address in addr6_resolve() - tty: improve tty_insert_flip_char() fast path - tty: improve tty_insert_flip_char() slow path - tty: fix __tty_insert_flip_char regression - [x86] pinctrl/amd: save pin registers over suspend/resume - [mips*] math-emu: .: Fix quiet NaN propagation - [mips*] math-emu: .: Fix cases of both inputs zero - [mips*] math-emu: .: Fix cases of both inputs negative - [mips*] math-emu: .: Fix cases of input values with opposite signs - [mips*] math-emu: .: Fix cases of both infinite inputs - [mips*] math-emu: MINA.: Fix some cases of infinity and zero inputs - [mips*] math-emu: Handle zero accumulator case in MADDF and MSUBF separately - [mips*] math-emu: .: Fix NaN propagation - [mips*] math-emu: .: Fix some cases of infinite inputs - [mips*] math-emu: .: Fix some cases of zero inputs - [mips*] math-emu: .: Clean up "maddf_flags" enumeration - [mips*] math-emu: .S: Fix accuracy (32-bit case) - [mips*] math-emu: .D: Fix accuracy (64-bit case) - [x86] crypto: ccp - Fix XTS-AES-128 support on v5 CCPs - crypto: AF_ALG - remove SGL terminator indicator when chaining - ext4: fix incorrect quotaoff if the quota feature is enabled - ext4: fix quota inconsistency during orphan cleanup for read-only mounts - [powerpc*] Fix DAR reporting when alignment handler faults - block: Relax a check in blk_start_queue() - md/bitmap: disable bitmap_resize for file-backed bitmaps. - skd: Avoid that module unloading triggers a use-after-free - skd: Submit requests to firmware before triggering the doorbell - [s390x] scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled - [s390x] scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path - [s390x] scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace records - [s390x] scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with HBA - [s390x] scsi: zfcp: fix missing trace records for early returns in TMF eh handlers - [s390x] scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records - [s390x] scsi: zfcp: trace HBA FSF response by default on dismiss or timedout late response - [s390x] scsi: zfcp: trace high part of "new" 64 bit SCSI LUN - scsi: megaraid_sas: set minimum value of resetwaittime to be 1 secs - scsi: megaraid_sas: Check valid aen class range to avoid kernel panic - scsi: megaraid_sas: Return pended IOCTLs with cmd_status MFI_STAT_WRONG_STATE in case adapter is dead - [x86] scsi: storvsc: fix memory leak on ring buffer busy - scsi: sg: remove 'save_scat_len' - scsi: sg: use standard lists for sg_requests - scsi: sg: off by one in sg_ioctl() - scsi: sg: factor out sg_fill_request_table() - scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE - scsi: qla2xxx: Correction to vha->vref_count timeout - ftrace: Fix selftest goto location on error - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled - tracing: Add barrier to trace_printk() buffer nesting modification - tracing: Apply trace_clock changes to instance max buffer - [x86] PCI: shpchp: Enable bridge bus mastering if MSI is enabled - PCI: pciehp: Report power fault only once until we clear it - net/netfilter/nf_conntrack_core: Fix net_conntrack_lock() - [s390x] mm: fix local TLB flushing vs. detach of an mm address space - [s390x] mm: fix race on mm->context.flush_mm - media: v4l2-compat-ioctl32: Fix timespec conversion - media: uvcvideo: Prevent heap overflow when accessing mapped controls - PM / devfreq: Fix memory leak when fail to register device - bcache: initialize dirty stripes in flash_dev_run() - bcache: Fix leak of bdev reference - bcache: do not subtract sectors_to_gc for bypassed IO - bcache: correct cache_dirty_target in __update_writeback_rate() - bcache: Correct return value for sysfs attach errors - bcache: fix for gc and write-back race - bcache: fix bch_hprint crash and improve output https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.53 - cifs: release cifs root_cred after exit_cifs - cifs: release auth_key.response for reconnect. - fs/proc: Report eip/esp in /prod/PID/stat for coredumping - mac80211: fix VLAN handling with TXQs - mac80211_hwsim: Use proper TX power - mac80211: flush hw_roc_start work before cancelling the ROC - genirq: Make sparse_irq_lock protect what it should protect - [powerpc*] KVM: Book3S: Fix race and leak in kvm_vm_ioctl_create_spapr_tce() - [powerpc*] KVM: Book3S HV: Protect updates to spapr_tce_tables list - tracing: Fix trace_pipe behavior for instance traces - tracing: Erase irqsoff trace with empty write - md/raid5: fix a race condition in stripe batch - md/raid5: preserve STRIPE_ON_UNPLUG_LIST in break_stripe_batch_list - drm/radeon: disable hard reset in hibernate for APUs - crypto: drbg - fix freeing of resources - security/keys: properly zero out sensitive key material in big_key - security/keys: rewrite all of big_key crypto - KEYS: fix writing past end of user-supplied buffer in keyring_read() - KEYS: prevent creating a different user's keyrings - KEYS: prevent KEYCTL_READ on negative key (CVE-2017-12192) - [powerpc*] pseries: Fix parent_dn reference leak in add_dt_node() - [powerpc*] tm: Flush TM only if CPU has TM feature - [powerpc*] ftrace: Pass the correct stack pointer for DYNAMIC_FTRACE_WITH_REGS - [s390x] mm: fix write access check in gup_huge_pmd() - PM: core: Fix device_pm_check_callbacks() - cifs: Fix SMB3.1.1 guest authentication to Samba - SMB3: Warn user if trying to sign connection that authenticated as guest - SMB: Validate negotiate (to protect against downgrade) even if signing off - SMB3: Don't ignore O_SYNC/O_DSYNC and O_DIRECT flags - vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA offsets - iw_cxgb4: remove the stid on listen create failure - iw_cxgb4: put ep reference in pass_accept_req() - seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter() - [arm64] Make sure SPsel is always set - [arm64] fault: Route pte translation faults via do_translation_fault - [x86] KVM: VMX: extract __pi_post_block - [x86] KVM: VMX: avoid double list add with VT-d posted interrupts - [x86] KVM: VMX: simplify and fix vmx_vcpu_pi_load - [x86] kvm: Handle async PF in RCU read-side critical sections - xfs: validate bdev support for DAX inode flag - [armhf] etnaviv: fix gem object list corruption - PCI: Fix race condition with driver_override - btrfs: fix NULL pointer dereference from free_reloc_roots() - btrfs: propagate error to btrfs_cmp_data_prepare caller - btrfs: prevent to set invalid default subvolid - [x86] mm: Fix fault error path using unsafe vma pointer - [x86] fpu: Don't let userspace set bogus xcomp_bv - gfs2: Fix debugfs glocks dump - timer/sysctl: Restrict timer migration sysctl values to 0 and 1 - [x86] KVM: VMX: do not change SN bit in vmx_update_pi_irte() - [x86] KVM: VMX: remove WARN_ON_ONCE in kvm_vcpu_trigger_posted_interrupt - [powerpc*] cxl: Fix driver use count - [x86] KVM: VMX: use cmpxchg64 - swiotlb-xen: implement xen_swiotlb_dma_mmap callback https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.54 - drm_fourcc: Fix DRM_FORMAT_MOD_LINEAR #define - drm: bridge: add DT bindings for TI ths8135 - GFS2: Fix reference to ERR_PTR in gfs2_glock_iter_next - [x86] drm/i915: Fix the overlay frontbuffer tracking - [armhf] dts: exynos: Add CPU OPPs for Exynos4412 Prime - [armhf] clk: sunxi-ng: fix PLL_CPUX adjusting on H3 - RDS: RDMA: Fix the composite message user notification - [mips*] Ensure bss section ends on a long-aligned address - scsi: be2iscsi: Add checks to validate CID alloc/free - [armhf] dts: am335x-chilisom: Wakeup from RTC-only state by power on event - igb: re-assign hw address pointer on reset after PCI error - hwmon: (gl520sm) Fix overflows and crash seen when writing into limit attributes - IB/rxe: Add a runtime check in alloc_index() - IB/rxe: Fix a MR reference leak in check_rkey() - [x86] drm/i915/psr: disable psr2 for resolution greater than 32X20 - serial: 8250: moxa: Store num_ports in brd - serial: 8250_port: Remove dangerous pr_debug() - IB/ipoib: Fix deadlock over vlan_mutex - IB/ipoib: rtnl_unlock can not come after free_netdev - IB/ipoib: Replace list_del of the neigh->list with list_del_init - [amd64] drm/amdkfd: fix improper return value on error - USB: serial: mos7720: fix control-message error handling - USB: serial: mos7840: fix control-message error handling - sfc: get PIO buffer size from the NIC - partitions/efi: Fix integer overflow in GPT size calculation - ASoC: dapm: handle probe deferrals - audit: log 32-bit socketcalls - ath10k: prevent sta pointer rcu violation - [armhf,arm64] iommu/arm-smmu: Set privileged attribute to 'default' instead of 'unprivileged' - [armhf,arm64] usb: chipidea: vbus event may exist before starting gadget - ASoC: dapm: fix some pointer error handling - [arm64] drm: mali-dp: Fix destination size handling when rotating - [arm64] drm: mali-dp: Fix transposed horizontal/vertical flip - HID: wacom: release the resources before leaving despite devm - net: core: Prevent from dereferencing null pointer when releasing SKB - net/packet: check length in getsockopt() called with PACKET_HDRLEN - team: fix memory leaks - udp: disable inner UDP checksum offloads in IPsec case - qed: Fix possible system hang in the dcbnl-getdcbx() path. - mmc: sdio: fix alignment issue in struct sdio_func - bridge: netlink: register netdevice before executing changelink - Btrfs: fix segmentation fault when doing dio read - Btrfs: fix potential use-after-free for cloned bio - sata_via: Enable hotplug only on VT6421 - hugetlbfs: initialize shared policy as part of inode allocation - netfilter: invoke synchronize_rcu after set the _hook_ to NULL - [mips*] IRQ Stack: Unwind IRQ stack onto task stack - nvme-rdma: handle cpu unplug when re-establishing the controller - netfilter: nfnl_cthelper: fix incorrect helper->expect_class_max - nfs: make nfs4_cb_sv_ops static - [x86] cpufreq: intel_pstate: Update pid_params.sample_rate_ns in pid_param_set() - [x86] acpi: Restore the order of CPU IDs - [armhf,arm64] iommu/io-pgtable-arm: Check for leaf entry before dereferencing it - mm/cgroup: avoid panic when init with low memory - rds: ib: add error handle - md/raid10: submit bio directly to replacement disk - netfilter: nf_tables: set pktinfo->thoff at AH header if found - [arm64] i2c: meson: fix wrong variable usage in meson_i2c_put_data - xfs: remove kmem_zalloc_greedy - libata: transport: Remove circular dependency at free time - tools/power turbostat: bugfix: GFXMHz column not changing - IB/qib: fix false-postive maybe-uninitialized warning - ttpci: address stringop overflow warning - [s390x] mm: make pmdp_invalidate() do invalidation only https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.55 - USB: gadgetfs: Fix crash caused by inadequate synchronization - USB: gadgetfs: fix copy_to_user while holding spinlock - usb-storage: unusual_devs entry to fix write-access regression for Seagate external drives - usb-storage: fix bogus hardware error messages for ATA pass-thru devices - ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor (CVE-2017-16529) - usb: pci-quirks.c: Corrected timeout values used in handshake - USB: cdc-wdm: ignore -EPIPE from GetEncapsulatedResponse - USB: dummy-hcd: fix connection failures (wrong speed) - USB: dummy-hcd: fix infinite-loop resubmission bug - USB: dummy-hcd: Fix erroneous synchronization change - usb: gadget: mass_storage: set msg_registered after msg registered - USB: g_mass_storage: Fix deadlock when driver is unbound - USB: uas: fix bug in handling of alternate settings (CVE-2017-16530) - USB: core: harden cdc_parse_cdc_header (CVE-2017-16534) - usb: Increase quirk delay for USB devices - USB: fix out-of-bounds in usb_set_configuration (CVE-2017-16531) - xhci: fix finding correct bus_state structure for USB 3.1 hosts - xhci: Fix sleeping with spin_lock_irq() held in ASmedia 1042A workaround - xhci: set missing SuperSpeedPlus Link Protocol bit in roothub descriptor - [x86] Revert "xhci: Limit USB2 port wake support for AMD Promontory hosts" - [armhf] iio: adc: twl4030: Fix an error handling path in 'twl4030_madc_probe()' - [armhf] iio: adc: twl4030: Disable the vusb3v1 rugulator in the error handling path of 'twl4030_madc_probe()' - iio: core: Return error for failed read_reg - uwb: properly check kthread_run return value (CVE-2017-16526) - uwb: ensure that endpoint is interrupt - mm, oom_reaper: skip mm structs with mmu notifiers - lib/ratelimit.c: use deferred printk() version - Revert "ALSA: echoaudio: purge contradictions between dimension matrix members and total number of members" - ALSA: usx2y: Suppress kernel warning at page allocation failures - net: sched: fix use-after-free in tcf_action_destroy and tcf_del_walker - sctp: potential read out of bounds in sctp_ulpevent_type_enabled() - tcp: update skb->skb_mstamp more carefully - bpf/verifier: reject BPF_ALU64|BPF_END - tcp: fix data delivery rate - udpv6: Fix the checksum computation when HW checksum does not apply - ip6_gre: skb_push ipv6hdr before packing the header in ip6gre_header - net: phy: Fix mask value write on gmii2rgmii converter speed register - ip6_tunnel: do not allow loading ip6_tunnel if ipv6 is disabled in cmdline - net/sched: cls_matchall: fix crash when used with classful qdisc - tcp: fastopen: fix on syn-data transmit failure - [powerpc,ppc64] net: emac: Fix napi poll list corruption - packet: hold bind lock when rebinding to fanout hook (CVE-2017-15649) - bpf: one perf event close won't free bpf program attached by another perf event - net_sched: always reset qdisc backlog in qdisc_reset() - vti: fix use after free in vti_tunnel_xmit/vti6_tnl_xmit - l2tp: Avoid schedule while atomic in exit_net - l2tp: fix race condition in l2tp_tunnel_delete - tun: bail out from tun_get_user() if the skb is empty - net: dsa: Fix network device registration order - packet: in packet_do_bind, test fanout with bind_lock held (CVE-2017-15649) - packet: only test po->has_vnet_hdr once in packet_snd - net: Set sk_prot_creator when cloning sockets to the right proto - netlink: do not proceed if dump's start() errs - ip6_gre: ip6gre_tap device should keep dst - ip6_tunnel: update mtu properly for ARPHRD_ETHER tunnel device in tx path - tipc: use only positive error codes in messages - net: rtnetlink: fix info leak in RTM_GETSTATS call - [powerpc*/*64*]: Use emergency stack for kernel TM Bad Thing program checks (CVE-2017-1000255) - [powerpc*] tm: Fix illegal TM state in signal handler (CVE-2017-1000255) - percpu: make this_cpu_generic_read() atomic w.r.t. interrupts - driver core: platform: Don't read past the end of "driver_override" buffer - [x86] Drivers: hv: fcopy: restore correct transfer length - ftrace: Fix kmemleak in unregister_ftrace_graph - HID: i2c-hid: allocate hid buffers for real worst case - HID: wacom: leds: Don't try to control the EKR's read-only LEDs - HID: wacom: Always increment hdev refcount within wacom_get_hdev_data - HID: wacom: bits shifted too much for 9th and 10th buttons - netlink: fix nla_put_{u8,u16,u32} for KASAN - iwlwifi: mvm: use IWL_HCMD_NOCOPY for MCAST_FILTER_CMD - iwlwifi: add workaround to disable wide channels in 5GHz - scsi: sd: Do not override max_sectors_kb sysfs setting - brcmfmac: add length check in brcmf_cfg80211_escan_handler() (CVE-2017-0786) - brcmfmac: setup passive scan if requested by user-space - [x86] drm/i915/bios: ignore HDMI on port A - nvme-pci: Use PCI bus address for data/queues in CMB - mmc: core: add driver strength selection when selecting hs400es - sched/cpuset/pm: Fix cpuset vs. suspend-resume bugs - vfs: deny copy_file_range() for non regular files - ext4: fix data corruption for mmap writes - ext4: don't allow encrypted operations without keys - f2fs: don't allow encrypted operations without keys https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.56 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.57 - ext4: in ext4_seek_{hole,data}, return -ENXIO for negative offsets - CIFS: Reconnect expired SMB sessions - nl80211: Define policy for packet pattern attributes - rcu: Allow for page faults in NMI handlers - USB: dummy-hcd: Fix deadlock caused by disconnect detection - [mips*] math-emu: Remove pr_err() calls from fpu_emu() - [armhf] dmaengine: edma: Align the memcpy acnt array size with the transfer - [armhf] dmaengine: ti-dma-crossbar: Fix possible race condition with dma_inuse - HID: usbhid: fix out-of-bounds bug (CVE-2017-16533) - crypto: shash - Fix zero-length shash ahash digest crash - [x86] KVM: MMU: always terminate page walks at level 1 - [x86] KVM: nVMX: fix guest CR4 loading when emulating L2 to L1 exit - [x86] iommu/amd: Finish TLB flush in amd_iommu_unmap() - device property: Track owner device of device property - fs/mpage.c: fix mpage_writepage() for pages with buffers - ALSA: usb-audio: Kill stray URB at exiting (CVE-2017-16527) - ALSA: seq: Fix use-after-free at creating a port (CVE-2017-15265) - ALSA: seq: Fix copy_from_user() call inside lock - ALSA: caiaq: Fix stray URB at probe error path - ALSA: line6: Fix missing initialization before error path - ALSA: line6: Fix leftover URB at error-path during probe - [x86] drm/i915/edp: Get the Panel Power Off timestamp after panel is off - [x86] drm/i915: Read timings from the correct transcoder in intel_crtc_mode_get() - [x86] drm/i915/bios: parse DDI ports also for CHV for HDMI DDC pin and DP AUX channel - usb: gadget: configfs: Fix memory leak of interface directory data - usb: gadget: composite: Fix use-after-free in usb_composite_overwrite_options - direct-io: Prevent NULL pointer access in submit_page_section - fix unbalanced page refcounting in bio_map_user_iov (CVE-2017-12190) - more bio_map_user_iov() leak fixes - bio_copy_user_iov(): don't ignore ->iov_offset - USB: serial: console: fix use-after-free after failed setup (CVE-2017-16525) - [x86] alternatives: Fix alt_max_short macro to really be a max() - [x86] KVM: nVMX: update last_nonleaf_level when initializing nested EPT (CVE-2017-12188) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.58 - [mips*] Fix minimum alignment requirement of IRQ stack - xen-netback: Use GFP_ATOMIC to allocate hash - irqchip/crossbar: Fix incorrect type of local variables - initramfs: finish fput() before accessing any binary from initramfs - mac80211_hwsim: check HWSIM_ATTR_RADIO_NAME length - qed: Don't use attention PTT for configuring BW - mac80211: fix power saving clients handling in iwlwifi - net/mlx4_en: fix overflow in mlx4_en_init_timestamp() - netfilter: nf_ct_expect: Change __nf_ct_expect_check() return value. - f2fs: do SSR for data when there is enough free space - sched/fair: Update rq clock before changing a task's CPU affinity - Btrfs: send, fix failure to rename top level inode due to name collision - f2fs: do not wait for writeback in write_begin - md/linear: shutup lockdep warnning - net/mlx4_core: Fix VF overwrite of module param which disables DMFS on new probed PFs - mm/memory_hotplug: set magic number to page->freelist instead of page->lru.next - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock - scsi: scsi_dh_emc: return success in clariion_std_inquiry() - drm/amdgpu: refuse to reserve io mem for split VRAM buffers - [armhf] net: mvpp2: release reference to txq_cpu[] entry after unmapping - qede: Prevent index problems in loopback test - qed: Reserve doorbell BAR space for present CPUs - qed: Read queue state before releasing buffer - ceph: don't update_dentry_lease unless we actually got one - ceph: fix bogus endianness change in ceph_ioctl_set_layout - ceph: clean up unsafe d_parent accesses in build_dentry_path - uapi: fix linux/mroute6.h userspace compilation errors - [amd64] IB/hfi1: Use static CTLE with Preset 6 for integrated HFIs - [amd64] IB/hfi1: Allocate context data on memory node - target/iscsi: Fix unsolicited data seq_end_offset calculation - hrtimer: Catch invalid clockids again - nfsd/callback: Cleanup callback cred on shutdown - [powerpc*] perf: Add restrictions to PMC5 in power9 DD1 - drm/nouveau/gr/gf100-: fix ccache error logging - regulator: core: Resolve supplies before disabling unused regulators - btmrvl: avoid double-disable_irq() race - [x86] EDAC, mce_amd: Print IPID and Syndrome on a separate line - usb: dwc3: gadget: Correct ISOC DATA PIDs for short packets https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.59 - USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor() (CVE-2017-16535) - usb: hub: Allow reset retry for USB2 devices on connect bounce - can: gs_usb: fix busy loop if no more TX context is available - iio: dummy: events: Add missing break - [armhf] usb: musb: sunxi: Explicitly release USB PHY on exit - [armhf] usb: musb: Check for host-mode using is_host_active() on reset interrupt - xhci: Identify USB 3.1 capable hosts by their port protocol capability - can: esd_usb2: Fix can_dlc value for received RTR, frames - drm/nouveau/bsp/g92: disable by default - drm/nouveau/mmu: flush tlbs before deleting page tables - ALSA: seq: Enable 'use' locking in all configurations - ALSA: hda: Remove superfluous '-' added by printk conversion - ALSA: hda: Abort capability probe at invalid register read - [x86] i2c: ismt: Separate I2C block read from SMBus block read - i2c: piix4: Fix SMBus port selection for AMD Family 17h chips - brcmfmac: Add check for short event packets - brcmsmac: make some local variables 'static const' to reduce stack size - [armel,armhf] bus: mbus: fix window size calculation for 4GB windows - [i386] clockevents/drivers/cs5535: Improve resilience to spurious interrupts - rtlwifi: rtl8821ae: Fix connection lost problem - [x86] microcode/intel: Disable late loading on model 79 - KEYS: encrypted: fix dereference of NULL user_key_payload - lib/digsig: fix dereference of NULL user_key_payload - KEYS: don't let add_key() update an uninstantiated key (CVE-2017-15299) - pkcs7: Prevent NULL pointer dereference, since sinfo is not always set. - [x86] vmbus: fix missing signaling in hv_signal_on_read() - xfs: don't unconditionally clear the reflink flag on zero-block files - xfs: evict CoW fork extents when performing finsert/fcollapse - fs/xfs: Use %pS printk format for direct addresses - xfs: report zeroed or not correctly in xfs_zero_range() - xfs: update i_size after unwritten conversion in dio completion - xfs: perag initialization should only touch m_ag_max_usable for AG 0 - xfs: Capture state of the right inode in xfs_iflush_done - xfs: always swap the cow forks when swapping extents - xfs: handle racy AIO in xfs_reflink_end_cow - xfs: Don't log uninitialised fields in inode structures - xfs: move more RT specific code under CONFIG_XFS_RT - xfs: don't change inode mode if ACL update fails - xfs: reinit btree pointer on attr tree inactivation walk - xfs: handle error if xfs_btree_get_bufs fails - xfs: cancel dirty pages on invalidation - xfs: trim writepage mapping to within eof - fscrypt: fix dereference of NULL user_key_payload - KEYS: Fix race between updating and finding a negative key (CVE-2017-15951) - FS-Cache: fix dereference of NULL user_key_payload https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.60 - workqueue: replace pool->manager_arb mutex with a flag - ceph: unlock dangling spinlock in try_flush_caps() - usb: xhci: Handle error condition in xhci_stop_device() - [powerpc*] KVM: Fix oops when checking KVM_CAP_PPC_HTM (CVE-2017-15306) - fuse: fix READDIRPLUS skipping an entry - xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap() - Input: gtco - fix potential out-of-bound access (CVE-2017-16643) - assoc_array: Fix a buggy node-splitting case - [s390x] scsi: zfcp: fix erp_action use-before-initialize in REC action trace - scsi: sg: Re-fix off by one in sg_fill_request_table() - drm/amd/powerplay: fix uninitialized variable - [armhf] can: sun4i: fix loopback mode - can: kvaser_usb: Correct return value in printout - can: kvaser_usb: Ignore CMD_FLUSH_QUEUE_REPLY messages - cfg80211: fix connect/disconnect edge cases - ipsec: Fix aborted xfrm policy dump crash (CVE-2017-16939) - [armhf] regulator: fan53555: fix I2C device ids - ecryptfs: fix dereference of NULL user_key_payload https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.61 - ALSA: timer: Add missing mutex lock for compat ioctls - ALSA: seq: Fix nested rwsem annotation for lockdep splat - cifs: check MaxPathNameComponentLength != 0 before using it (Closes: #880504) - KEYS: return full count in keyring_read() if buffer is too small - KEYS: fix out-of-bounds read during ASN.1 parsing - [arm64] ensure __dump_instr() checks addr_limit - [armhf,arm64] KVM: set right LR register value for 32 bit guest when inject abort - [armhf,arm64] kvm: Disable branch profiling in HYP code - [armel,armhf] 8715/1: add a private asm/unaligned.h - drm/amdgpu: return -ENOENT from uvd 6.0 early init for harvesting - ocfs2: fstrim: Fix start offset of first cluster group during fstrim - [x86] drm/i915/edp: read edp display control registers unconditionally - [arm64] drm/msm: Fix potential buffer overflow issue - [arm64] drm/msm: fix an integer overflow test - cpufreq: Do not clear real_cpus mask on policy init - [x86] crypto: ccp - Set the AES size field for all modes - IB/mlx5: Assign DSCP for R-RoCE QPs Address Path - PM / wakeirq: report a wakeup_event on dedicated wekup irq - scsi: megaraid_sas: Do not set fp_possible if TM capable for non-RW syspdIO, change fp_possible to bool - [armhf] mfd: axp20x: Fix axp288 PEK_DBR and PEK_DBF irqs being swapped - bnxt_en: Added PCI IDs for BCM57452 and BCM57454 ASICs - staging: rtl8712u: Fix endian settings for structs describing network packets - PCI/MSI: Return failure when msix_setup_entries() fails - ext4: fix stripe-unaligned allocations - ext4: do not use stripe_width if it is not set - [x86] net/ena: change driver's default timeouts - drm/amdgpu: when dpm disabled, also need to stop/start vce. - perf tools: Only increase index if perf_evsel__new_idx() succeeds - iwlwifi: mvm: use the PROBE_RESP_QUEUE to send deauth to unknown station - [armhf,arm64] clocksource/drivers/arm_arch_timer: Add dt binding for hisilicon-161010101 erratum - net: phy: dp83867: Recover from "port mirroring" N/A MODE4 - cx231xx: Fix I2C on Internal Master 3 Bus - ath10k: fix reading sram contents for QCA4019 - [armhf] clk: sunxi-ng: Check kzalloc() for errors and cleanup error path - [armhf] mtd: nand: sunxi: Fix the non-polling case in sunxi_nfc_wait_events() - xen/manage: correct return value check on xenbus_scanf() - scsi: aacraid: Process Error for response I/O - [x86] platform: intel_mid_thermal: Fix module autoload - [x86] staging: lustre: llite: don't invoke direct_IO for the EOF case - [x86] staging: lustre: hsm: stack overrun in hai_dump_data_field - [x86] staging: lustre: ptlrpc: skip lock if export failed - [x86] staging: lustre: lmv: Error not handled for lmv_find_target - brcmfmac: check brcmf_bus_get_memdump result for error - vfs: open() with O_CREAT should not create inodes with unknown ids - [x86] ASoC: Intel: boards: remove .pm_ops in all Atom/DPCM machine drivers - [armhf] exynos4-is: fimc-is: Unmap region obtained by of_iomap() - [x86] mei: return error on notification request to a disconnected client - [s390x] dasd: check for device error pointer within state change interrupts - [s390x] prng: Adjust generation of entropy to produce real 256 bits. - [s390x] crypto: Extend key length check for AES-XTS in fips mode. - bt8xx: fix memory leak - [armhf] drm/exynos: g2d: prevent integer overflow in - PCI: Avoid possible deadlock on pci_lock and p->pi_lock - [powerpc*/*64*]: Don't try to use radix MMU under a hypervisor - xen: don't print error message in case of missing Xenstore entry - [armel,armhf] dts: mvebu: pl310-cache disable double-linefill https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.62 - [armel,armhf] PCI: mvebu: Handle changes to the bridge windows while enabled - sched/core: Add missing update_rq_clock() call in sched_move_task() - xen/netback: set default upper limit of tx/rx queues to 8 - [x86] EDAC, amd64: Add x86cpuid sanity check during init - PM / OPP: Error out on failing to add static OPPs for v1 bindings - [armhf] clk: samsung: exynos5433: Add IDs for PHYCLK_MIPIDPHY0_* clocks - drm: drm_minor_register(): Clean up debugfs on failure - [powerpc*] KVM: Book 3S: XICS: correct the real mode ICP rejecting counter - [armhf,arm64] iommu/arm-smmu-v3: Clear prior settings when updating STEs - [x86] pinctrl: baytrail: Fix debugfs offset output - [powerpc*] corenet: explicitly disable the SDHC controller on kmcoge4 - [powerpc*] cxl: Force psl data-cache flush during device shutdown - [arm64] dma-mapping: Only swizzle DMA ops for IOMMU_DOMAIN_DMA - [powerpc*] crypto: vmx - disable preemption to enable vsx in aes_ctr.c - [arm64] drm: mali-dp: fix Lx_CONTROL register fields clobber - iio: trigger: free trigger resource correctly - [x86] iio: proximity: sx9500: claim direct mode during raw proximity reads - libertas: fix improper return value - usb: hcd: initialize hcd->flags to 0 when rm hcd - netfilter: nft_meta: deal with PACKET_LOOPBACK in netdev family - brcmfmac: setup wiphy bands after registering it first - rt2800usb: mark tx failure on timeout - apparmor: fix undefined reference to `aa_g_hash_policy' - IPsec: do not ignore crypto err in ah4 input - [x86] EDAC, amd64: Save and return err code from probe_one_instance() - [s390x] topology: make "topology=off" parameter work - [powerpc] sched/cputime: Fix stale scaled stime on context switch - IB/ipoib: Change list_del to list_del_init in the tx object - [armhf] dts: STiH410-family: fix wrong parent clock frequency - [s390x] qeth: fix retrieval of vipa and proxy-arp addresses - [s390x] qeth: issue STARTLAN as first IPA command - [arm64] wcn36xx: Don't use the destroyed hal_mutex - IB/rxe: Fix reference leaks in memory key invalidation code - [armhf] clk: mvebu: adjust AP806 CPU clock frequencies to production chip - [x86] platform: hp-wmi: Fix detection for dock and tablet mode - cdc_ncm: Set NTB format again after altsetting switch for Huawei devices - KEYS: trusted: sanitize all key material - KEYS: trusted: fix writing past end of buffer in trusted_read() - [x86] platform: hp-wmi: Fix error value for hp_wmi_tablet_state - [x86] platform: hp-wmi: Do not shadow error values - [x86] uaccess, sched/preempt: Verify access_ok() context - workqueue: Fix NULL pointer dereference - crypto: ccm - preserve the IV buffer - [x86] crypto: sha1-mb - fix panic due to unaligned access - [x86] crypto: sha256-mb - fix panic due to unaligned access - KEYS: fix NULL pointer dereference during ASN.1 parsing [ver #2] - [armel,armhf] 8720/1: ensure dump_instr() checks addr_limit - ALSA: seq: Fix OSS sysex delivery in OSS emulation - [x86] drm/i915: Do not rely on wm preservation for ILK watermarks - [mips*] Fix CM region target definitions - [mips*] SMP: Use a completion event to signal CPU up - [mips*] Fix race on setting and getting cpu_online_mask - [mips*] SMP: Fix deadlock & online race - [armhf] ASoC: sun4i-spdif: remove legacy dapm components - rbd: use GFP_NOIO for parent stat and data requests - [x86] drm/vmwgfx: Fix Ubuntu 17.10 Wayland black screen issue - [arm64] drm/bridge: adv7511: Rework adv7511_power_on/off() so they can be reused internally - [arm64] drm/bridge: adv7511: Reuse __adv7511_power_on/off() when probing EDID - [arm64] drm/bridge: adv7511: Re-write the i2c address before EDID probing - [armhf] can: sun4i: handle overrun in RX FIFO - [x86] smpboot: Make optimization of delay calibration work correctly - [x86] oprofile/ppro: Do not use __this_cpu*() in preemptible context https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.63 - gso: fix payload length when gso_size is zero - tun/tap: sanitize TUNSETSNDBUF input - ipv6: addrconf: increment ifp refcount before ipv6_del_addr() - netlink: do not set cb_running if dump's start() errs - net: call cgroup_sk_alloc() earlier in sk_clone_lock() - tcp: fix tcp_mtu_probe() vs highest_sack - l2tp: check ps->sock before running pppol2tp_session_ioctl() - tun: call dev_get_valid_name() before register_netdevice() - sctp: add the missing sock_owned_by_user check in sctp_icmp_redirect - tcp/dccp: fix ireq->opt races - packet: avoid panic in packet_getsockopt() - soreuseport: fix initialization race - ipv6: flowlabel: do not leave opt->tot_len with garbage - sctp: full support for ipv6 ip_nonlocal_bind & IP_FREEBIND - tcp/dccp: fix lockdep splat in inet_csk_route_req() - tcp/dccp: fix other lockdep splats accessing ireq_opt - net/unix: don't show information about sockets from other namespaces - tap: double-free in error path in tap_open() - ipip: only increase err_count for some certain type icmp in ipip_err - ip6_gre: only increase err_count for some certain type icmpv6 in ip6gre_err - ip6_gre: update dst pmtu if dev mtu has been updated by toobig in __gre6_xmit - tun: allow positive return values on dev_get_valid_name() call - sctp: reset owner sk for data chunks on out queues when migrating a sock - net_sched: avoid matching qdisc with zero handle - ppp: fix race in ppp device destruction - mac80211: accept key reinstall without changing anything (CVE-2017-13080) - mac80211: use constant time comparison with keys - mac80211: don't compare TKIP TX MIC key in reinstall prevention (CVE-2017-13080) - usb: usbtest: fix NULL pointer dereference (CVE-2017-16532) - Input: ims-psu - check if CDC union descriptor is sane (CVE-2017-16645) - ALSA: seq: Cancel pending autoload work at unbinding device (CVE-2017-16528) - netfilter: nat: avoid use of nf_conn_nat extension - netfilter: nat: Revert "netfilter: nat: convert nat bysrc hash to rhashtable" - brcmfmac: remove setting IBSS mode when stopping AP - [arm64,mips*] security/keys: add CONFIG_KEYS_COMPAT to Kconfig (Closes: #881830) - target/iscsi: Fix iSCSI task reassignment handling - qla2xxx: Fix incorrect tcm_qla2xxx_free_cmd use during TMR ABORT (v2) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.64 - media: imon: Fix null-ptr-deref in imon_probe (CVE-2017-16537) - media: dib0700: fix invalid dvb_detach argument (CVE-2017-16646) - [armel,armhf] crypto: reduce priority of bit-sliced AES cipher - Bluetooth: btusb: fix QCA Rome suspend/resume - [armhf,arm64] extcon: Remove potential problem when calling extcon_register_notifier() - [armhf] extcon: palmas: Check the parent instance to prevent the NULL - fm10k: request reset when mbx->state changes - [armhf] dts: Fix compatible for ti81xx uarts for 8250 - [armhf] dts: Fix am335x and dm814x scm syscon to probe children - [armhf] OMAP2+: Fix init for multiple quirks for the same SoC - [armhf] dts: Fix omap3 off mode pull defines - [armhf] dts: omap5-uevm: Allow bootloader to configure USB Ethernet MAC - igb: reset the PHY before reading the PHY ID - igb: close/suspend race in netif_device_detach - igb: Fix hw_dbg logging in igb_update_flash_i210 - scsi: ufs: add capability to keep auto bkops always enabled - tcp: provide timestamps for partial writes - staging: rtl8188eu: fix incorrect ERROR tags from logs - [x86] irq, trace: Add __irq_entry annotation to x86's platform IRQ handlers - scsi: lpfc: Add missing memory barrier - scsi: lpfc: FCoE VPort enable-disable does not bring up the VPort - scsi: lpfc: Correct host name in symbolic_name field - scsi: lpfc: Correct issue leading to oops during link reset - scsi: lpfc: Clear the VendorVersion in the PLOGI/PLOGI ACC payload - ALSA: vx: Don't try to update capture stream before running - ALSA: vx: Fix possible transfer overflow - [armhf] drm/omap: panel-sony-acx565akm.c: Add MODULE_ALIAS - [x86] gpu: drm: mgag200: mgag200_main:- Handle error from pci_iomap - [arm64] dts: NS2: reserve memory for Nitro firmware - ixgbe: Configure advertised speeds correctly for KR/KX backplane - ixgbe: fix AER error handling - ixgbe: handle close/suspend race with netif_device_detach/present - ixgbe: Fix reporting of 100Mb capability - ixgbe: Reduce I2C retry count on X550 devices - ixgbe: add mask for 64 RSS queues - ixgbe: do not disable FEC from the driver - [mips*] End asm function prologue macros with .insn - [mips*] init: Ensure bootmem does not corrupt reserved memory - [mips*] init: Ensure reserved memory regions are not added to bootmem - [mips*] traps: Ensure L1 & L2 ECC checking match for CM3 systems - crypto: dh - Don't permit 'p' to be 0 - crypto: dh - Don't permit 'key' or 'g' size longer than 'p' - USB: usbfs: compute urb->actual_length for isochronous - usb: gadget: f_fs: Fix use-after-free in ffs_free_inst - USB: serial: garmin_gps: fix I/O after failed probe and remove - USB: serial: garmin_gps: fix memory leak on probe errors - [x86] MCE/AMD: Always give panic severity for UC errors in kernel context - brcmfmac: don't preset all channels as disabled https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.65 - tcp_nv: fix division by zero in tcpnv_acked() - net: vrf: correct FRA_L3MDEV encode type - tcp: do not mangle skb->cb[] in tcp_make_synack() - netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed - bonding: discard lowest hash bit for 802.3ad layer3+4 - net: cdc_ether: fix divide by 0 on bad descriptors (CVE-2017-16649) - net: qmi_wwan: fix divide by 0 on bad descriptors (CVE-2017-16650) - qmi_wwan: Add missing skb_reset_mac_header-call - net: usb: asix: fill null-ptr-deref in asix_suspend (CVE-2017-16647) - vlan: fix a use-after-free in vlan_device_event() - af_netlink: ensure that NLMSG_DONE never fails in dumps - sctp: do not peel off an assoc from one netns to another one (CVE-2017-15115) - net/sctp: Always set scope_id in sctp_inet6_skb_msgname - crypto: dh - fix memleak in setkey - crypto: dh - Fix double free of ctx->p - ima: do not update security.ima if appraisal status is not INTEGRITY_PASS - [armhf] serial: omap: Fix EFR write on RTS deassertion - serial: 8250_fintek: Fix finding base_port with activated SuperIO - ocfs2: fix cluster hang after a node dies - ocfs2: should wait dio before inode lock in ocfs2_setattr() - ipmi: fix unsigned long underflow - mm/page_alloc.c: broken deferred calculation - coda: fix 'kernel memory exposure attempt' in fsync - mm/pagewalk.c: report holes in hugetlb ranges [ Ben Hutchings ] * [armhf] dts: exynos: Add dwc3 SUSPHY quirk (Closes: #843448) * [mips*] Remove pt_regs adjustments in indirect syscall handler (Closes: #867358) * [arm64] brcmfmac: Enable BRCMFMAC_SDIO (Closes: #877911) * l2tp: Ignore ABI change * [armel,armhf] mbus: Ignore ABI change * usb: gadget: Ignore ABI change * [s390x] mm: Avoid ABI change in 4.9.52 * mac80211: Avoid ABI change in 4.9.53 * mmc: sdio: Avoid ABI change in 4.9.54 * KEYS: Limit ABI change in 4.9.59 * netfilter: nat: Avoid ABI change in 4.9.63 * mm/page_alloc: Avoid ABI change in 4.9.65 * Revert "phy: increase size of MII_BUS_ID_SIZE and bus_id" to avoid ABI change * Revert "bpf: one perf event close won't free bpf program attached ..." to avoid ABI change * [rt] Add new signing subkey for Steven Rostedt * [rt] Update to 4.9.61-rt52: - Revert "pci: Use __wake_up_all_locked in pci_unblock_user_cfg_access()" - drivers/zram: fix zcomp_stream_get() smp_processor_id() use in preemptible code - fs/dcache: disable preemption on i_dir_seq's write side - tpm_tis: fix stall after iowrite*()s - fs: convert two more BH_Uptodate_Lock related bitspinlocks - locking/rt-mutex: fix deadlock in device mapper / block-IO - md/raid5: do not disable interrupts * mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack (Closes: #865416) * mm/mmap.c: expand_downwards: don't require the gap if !vm_prev * mmap: Remember the MAP_FIXED flag as VM_FIXED * [x86] mmap: Add an exception to the stack gap for Hotspot JVM compatibility (Closes: #865303) [ Salvatore Bonaccorso ] * media: cx231xx-cards: fix NULL-deref on missing association descriptor (CVE-2017-16536) * mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d() (CVE-2017-1000405) -- Ben Hutchings Sat, 02 Dec 2017 15:53:59 +0000 linux (4.9.51-1) stretch; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.48 - [x86] i2c: ismt: Don't duplicate the receive length for block reads - [x86] i2c: ismt: Return EMSGSIZE for block reads with bogus length - crypto: algif_skcipher - only call put_page on referenced and used pages - mm, uprobes: fix multiple free of ->uprobes_state.xol_area - mm, madvise: ensure poisoned pages are removed from per-cpu lists - ceph: fix readpage from fscache - cpumask: fix spurious cpumask_of_node() on non-NUMA multi-node configs - cpuset: Fix incorrect memory_pressure control file mapping - CIFS: Fix maximum SMB2 header size - lib/mpi: kunmap after finishing accessing buffer - drm/ttm: Fix accounting error when fail to get pages for pool - [armhf,arm64] kvm: Force reading uncached stage2 PGD - epoll: fix race between ep_poll_callback(POLLFREE) and ep_free()/ep_remove() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.49 - usb:xhci:Fix regression when ATI chipsets detected - [armhf] USB: musb: fix external abort on suspend - USB: core: Avoid race of async_completed() w/ usbdev_release() - [x86] staging/rts5208: fix incorrect shift to extract upper nybble - driver core: bus: Fix a potential double free - ath10k: fix memory leak in rx ring buffer allocation - Input: trackpoint - assume 3 buttons when buttons detection fails - rtlwifi: rtl_pci_probe: Fix fail path of _rtl_pci_find_adapter - dlm: avoid double-free on error path in dlm_device_{register,unregister} - mwifiex: correct channel stat buffer overflows - [s390x] mm: avoid empty zero pages for KVM guests to avoid postcopy hangs - drm/nouveau/pci/msi: disable MSI on big-endian platforms by default - scsi: sg: protect against races between mmap() and SG_SET_RESERVED_SIZE - scsi: sg: recheck MMAP_IO request length with lock held - [arm64] drm/bridge: adv7511: Use work_struct to defer hotplug handing to out of irq context - [arm64] drm/bridge: adv7511: Switch to using drm_kms_helper_hotplug_event() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.50 - [armhf] mtd: nand: mxc: Fix mxc_v1 ooblayout - nvme-fabrics: generate spec-compliant UUID NQNs - btrfs: resume qgroup rescan on rw remount - mm/memory.c: fix mem_cgroup_oom_disable() call missing - ALSA: msnd: Optimize / harden DSP and MIDI loops - [arm64] dts: marvell: armada-37xx: Fix GIC maintenance interrupt - [armhf] 8692/1: mm: abort uaccess retries upon fatal signal - NFS: Fix 2 use after free issues in the I/O code - NFS: Sync the correct byte range during synchronous writes https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.51 - ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt() - ipv6: add rcu grace period before freeing fib6_node - macsec: add genl family module alias - udp: on peeking bad csum, drop packets even if not at head - qlge: avoid memcpy buffer overflow - [x86] netvsc: fix deadlock betwen link status and removal - cxgb4: Fix stack out-of-bounds read due to wrong size to t4_record_mbox() - kcm: do not attach PF_KCM sockets to avoid deadlock - Revert "net: phy: Correctly process PHY_HALTED in phy_stop_machine()" - bridge: switchdev: Clear forward mark when transmitting packet - Revert "net: use lib/percpu_counter API for fragmentation mem accounting" - Revert "net: fix percpu memory leaks" - gianfar: Fix Tx flow control deactivation - vhost_net: correctly check tx avail during rx busy polling - ip6_gre: update mtu properly in ip6gre_err - ipv6: fix memory leak with multiple tables during netns destruction - ipv6: fix typo in fib6_net_exit() - sctp: fix missing wake ups in some situations - ip_tunnel: fix setting ttl and tos value in collect_md mode - f2fs: let fill_super handle roll-forward errors - f2fs: check hot_data for roll-forward recovery - [amd64] fsgsbase: Fully initialize FS and GS state in start_thread_common - [amd64] fsgsbase: Report FSBASE and GSBASE correctly in core dumps - [amd64] switch_to: Rewrite FS/GS switching yet again to fix AMD CPUs - xfs: fix spurious spin_is_locked() assert failures on non-smp kernels - xfs: push buffer of flush locked dquot to avoid quotacheck deadlock - xfs: try to avoid blowing out the transaction reservation when bunmaping a shared extent - xfs: release bli from transaction properly on fs shutdown - xfs: remove bli from AIL before release on transaction abort - xfs: don't allow bmap on rt files - xfs: free uncommitted transactions during log recovery - xfs: free cowblocks and retry on buffered write ENOSPC - xfs: don't crash on unexpected holes in dir/attr btrees - xfs: check _btree_check_block value - xfs: set firstfsb to NULLFSBLOCK before feeding it to _bmapi_write - xfs: check _alloc_read_agf buffer pointer before using - xfs: fix quotacheck dquot id overflow infinite loop - xfs: fix multi-AG deadlock in xfs_bunmapi - xfs: Fix per-inode DAX flag inheritance - xfs: fix inobt inode allocation search optimization - xfs: clear MS_ACTIVE after finishing log recovery - xfs: don't leak quotacheck dquots when cow recovery - iomap: fix integer truncation issues in the zeroing and dirtying helpers - xfs: write unmount record for ro mounts - xfs: toggle readonly state around xfs_log_mount_finish - xfs: Properly retry failed inode items in case of error during buffer writeback - xfs: fix recovery failure when log record header wraps log end - xfs: always verify the log tail during recovery - xfs: fix log recovery corruption error due to tail overwrite - xfs: handle -EFSCORRUPTED during head/tail verification - xfs: stop searching for free slots in an inode chunk when there are none - xfs: evict all inodes involved with log redo item - xfs: check for race with xfs_reclaim_inode() in xfs_ifree_cluster() - xfs: don't log dirty ranges for ordered buffers - xfs: skip bmbt block ino validation during owner change - xfs: move bmbt owner change to last step of extent swap - xfs: disallow marking previously dirty buffers as ordered - xfs: relog dirty buffers during swapext bmbt owner change - xfs: disable per-inode DAX flag - xfs: fix incorrect log_flushed on fsync - xfs: don't set v3 xflags for v2 inodes - xfs: open code end_buffer_async_write in xfs_finish_page_writeback - md/raid5: release/flush io in raid5_do_work() - ipv6: Fix may be used uninitialized warning in rt6_check [ Ben Hutchings ] * Fix regressions caused by fix for CVE-2016-7097 (Closes: #873026): - ext4: preserve i_mode if __ext4_set_acl() fails - ext4: Don't clear SGID when inheriting ACLs * [mips{,64}el/loongson-3] Add support for Loongson-3A/B 3000 CPUs, thanks to YunQiang Su (Closes: #871701): - Add Loongson-3A R3 basic support - Add NMI handler support - Support 4 packages in CPU Hwmon driver - IRQ balancing for PCI devices - support irq_set_affinity() in i8259 chip - Make enum loongson_cpu_type more clear * [ppc64el] Invalidate ERAT on powersave wakeup for POWER9, thanks to Michael Neuling (Closes: #868887) * ip6_fib: Avoid ABI change in 4.9.51 * inet_frag: Limit ABI change in 4.9.51 * nfs: Ignore ABI change in 4.9.50 -- Ben Hutchings Thu, 28 Sep 2017 19:27:56 +0200 linux (4.9.47-1) stretch; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.31 - driver: vrf: Fix one possible use-after-free issue - [s390x] qeth: handle sysfs error during initialization - [s390x] qeth: unbreak OSM and OSN support - [s390x] qeth: avoid null pointer dereference on OSN - [s390x] qeth: add missing hash table initializations - [arm64] bpf: fix faulty emission of map access in tail calls - netem: fix skb_orphan_partial() - net: fix compile error in skb_orphan_partial() - tcp: avoid fragmenting peculiar skbs in SACK - sctp: fix src address selection if using secondary addresses for ipv6 - net/packet: fix missing net_device reference release - net/mlx5e: Use the correct pause values for ethtool advertising - net/mlx5e: Fix ethtool pause support and advertise reporting - tcp: eliminate negative reordering in tcp_clean_rtx_queue - net: Improve handling of failures on link and route dumps - bridge: netlink: check vlan_default_pvid range - qmi_wwan: add another Lenovo EM74xx device ID - bridge: start hello_timer when enabling KERNEL_STP in br_stp_start - bonding: fix accounting of active ports in 3ad - net/mlx5: Avoid using pending command interface slots - net: phy: marvell: Limit errata to 88m1101 - vlan: Fix tcp checksum offloads in Q-in-Q vlans - be2net: Fix offload features for Q-in-Q packets - virtio-net: enable TSO/checksum offloads for Q-in-Q vlans - tcp: avoid fastopen API to be used on AF_UNSPEC - sctp: fix ICMP processing if skb is non-linear - ipv4: add reference counting to metrics - bpf: add bpf_clone_redirect to bpf_helper_changes_pkt_data - fs/ufs: Set UFS default maximum bytes per file - [powerpc*] spufs: Fix hash faults for kernel regions - drivers/tty: 8250: only call fintek_8250_probe when doing port I/O - i2c: i2c-tiny-usb: fix buffer not being DMA capable - [x86] MCE: Export memory_error() - acpi, nfit: Fix the memory error check in nfit_handle_mce() - Revert "ACPI / button: Change default behavior to lid_init_state=open" - mmc: sdhci-iproc: suppress spurious interrupt with Multiblock read - iscsi-target: Always wait for kthread_should_stop() before kthread exit - ibmvscsis: Clear left-over abort_cmd pointers - ibmvscsis: Fix the incorrect req_lim_delta - HID: wacom: Have wacom_tpc_irq guard against possible NULL dereference - nvme-rdma: support devices with queue size < 32 - nvme: use blk_mq_start_hw_queues() in nvme_kill_queues() - nvme: avoid to use blk_mq_abort_requeue_list() - scsi: mpt3sas: Force request partial completion alignment - drm/radeon/ci: disable mclk switching for high refresh rates (v2) - drm/radeon: Unbreak HPD handling for r600+ - drm/radeon: Fix vram_size/visible values in DRM_RADEON_GEM_INFO ioctl - pcmcia: remove left-over %Z format - ALSA: hda - apply STAC_9200_DELL_M22 quirk for Dell Latitude D430 - mm/migrate: fix refcount handling when !hugepage_migration_supported() - mlock: fix mlock count can not decrease in race condition - mm: consider memblock reservations for deferred memory initialization sizing - RDMA/qib,hfi1: Fix MR reference count leak on write with immediate - [x86] boot: Use CROSS_COMPILE prefix for readelf - ksm: prevent crash after write_protect_page fails - slub/memcg: cure the brainless abuse of sysfs attributes - mm/slub.c: trace free objects at KERN_INFO - [x86] drm/gma500/psb: Actually use VBT mode when it is found - xfs: Fix missed holes in SEEK_HOLE implementation - xfs: use ->b_state to fix buffer I/O accounting release race - xfs: fix off-by-one on max nr_pages in xfs_find_get_desired_pgoff() - xfs: verify inline directory data forks - xfs: rework the inline directory verifiers - xfs: fix kernel memory exposure problems - xfs: use dedicated log worker wq to avoid deadlock with cil wq - xfs: fix over-copying of getbmap parameters from userspace - xfs: actually report xattr extents via iomap - xfs: drop iolock from reclaim context to appease lockdep - xfs: fix integer truncation in xfs_bmap_remap_alloc - xfs: handle array index overrun in xfs_dir2_leaf_readbuf() - xfs: prevent multi-fsb dir readahead from reading random blocks - xfs: fix up quotacheck buffer list error handling - xfs: support ability to wait on new inodes - xfs: update ag iterator to support wait on new inodes - xfs: wait on new inodes during quotaoff dquot release - xfs: reserve enough blocks to handle btree splits when remapping - xfs: fix use-after-free in xfs_finish_page_writeback - xfs: fix indlen accounting error on partial delalloc conversion - xfs: BMAPX shouldn't barf on inline-format directories - xfs: bad assertion for delalloc an extent that start at i_size - xfs: xfs_trans_alloc_empty - xfs: avoid mount-time deadlock in CoW extent recovery - xfs: fix unaligned access in xfs_btree_visit_blocks - xfs: Fix off-by-in in loop termination in xfs_find_get_desired_pgoff() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.32 - bnx2x: Fix Multi-Cos - vxlan: eliminate cached dst leak - cxgb4: avoid enabling napi twice to the same queue - tcp: disallow cwnd undo when switching congestion control - vxlan: fix use-after-free on deletion - net: ping: do not abuse udp_poll() - net/ipv6: Fix CALIPSO causing GPF with datagram support - net: ethoc: enable NAPI before poll may be scheduled - net: stmmac: fix completely hung TX when using TSO - net: bridge: start hello timer only if device is up - serial: ifx6x60: fix use-after-free on module unload - ptrace: Properly initialize ptracer_cred on fork - crypto: asymmetric_keys - handle EBUSY due to backlog correctly - KEYS: fix dereferencing NULL payload with nonzero length - KEYS: fix freeing uninitialized memory in key_update() - KEYS: encrypted: avoid encrypting/decrypting stack buffers - crypto: drbg - wait for crypto op not signal safe - crypto: gcm - wait for crypto op not signal safe - drm/amdgpu/ci: disable mclk switching for high refresh rates (v2) - nfsd4: fix null dereference on replay - nfsd: Fix up the "supattr_exclcreat" attributes - efi: Don't issue error message when booted under Xen - kvm: async_pf: fix rcu_irq_enter() with irqs enabled - [x86] KVM: cpuid: Fix read/write out-of-bounds vulnerability in cpuid emulation - [arm64] KVM: Preserve RES1 bits in SCTLR_EL2 - [arm64] KVM: Allow unaligned accesses at EL2 - [armhf] KVM: Allow unaligned accesses at HYP - KVM: async_pf: avoid async pf injection when in guest mode - [armhf,arm64] KVM: vgic-v3: Do not use Active+Pending state for a HW interrupt - [armhf,arm64] KVM: vgic-v2: Do not use Active+Pending state for a HW interrupt - dmaengine: usb-dmac: Fix DMAOR AE bit definition - dmaengine: ep93xx: Always start from BASE0 - dmaengine: ep93xx: Don't drain the transfers in terminate_all() - dmaengine: mv_xor_v2: handle mv_xor_v2_prep_sw_desc() error properly - dmaengine: mv_xor_v2: properly handle wrapping in the array of HW descriptors - dmaengine: mv_xor_v2: do not use descriptors not acked by async_tx - dmaengine: mv_xor_v2: enable XOR engine after its configuration - dmaengine: mv_xor_v2: fix tx_submit() implementation - dmaengine: mv_xor_v2: remove interrupt coalescing - dmaengine: mv_xor_v2: set DMA mask to 40 bits - cfq-iosched: fix the delay of cfq_group's vdisktime under iops mode - xen/privcmd: Support correctly 64KB page granularity when mapping memory - ext4: fix SEEK_HOLE - ext4: keep existing extra fields when inode expands - ext4: fix data corruption with EXT4_GET_BLOCKS_ZERO - ext4: fix fdatasync(2) after extent manipulation operations - drm: Fix oops + Xserver hang when unplugging USB drm devices - usb: gadget: f_mass_storage: Serialize wake and sleep execution - usb: chipidea: udc: fix NULL pointer dereference if udc_start failed - usb: chipidea: debug: check before accessing ci_role - staging/lustre/lov: remove set_fs() call from lov_getstripe() - iio: adc: bcm_iproc_adc: swap primary and secondary isr handler's - iio: light: ltr501 Fix interchanged als/ps register field - iio: proximity: as3935: fix AS3935_INT mask - iio: proximity: as3935: fix iio_trigger_poll issue - mei: make sysfs modalias format similar as uevent modalias - cpufreq: cpufreq_register_driver() should return -ENODEV if init fails - target: Re-add check to reject control WRITEs with overflow data - [arm64] drm/msm: Expose our reservation object when exporting a dmabuf. - ahci: Acer SA5-271 SSD Not Detected Fix - cgroup: Prevent kill_css() from being called more than once - Input: elantech - add Fujitsu Lifebook E546/E557 to force crc_enabled - cpuset: consider dying css as offline - fs: add i_blocksize() - ufs: restore proper tail allocation - fix ufs_isblockset() - ufs: restore maintaining ->i_blocks - ufs: set correct ->s_maxsize - ufs_extend_tail(): fix the braino in calling conventions of ufs_new_fragments() - ufs_getfrag_block(): we only grab ->truncate_mutex on block creation path - cxl: Fix error path on bad ioctl - cxl: Avoid double free_irq() for psl,slice interrupts - btrfs: use correct types for page indices in btrfs_page_exists_in_range - btrfs: fix memory leak in update_space_info failure path - [armhf,arm64] KVM: Handle possible NULL stage2 pud when ageing pages - scsi: qla2xxx: don't disable a not previously enabled PCI device - scsi: qla2xxx: Modify T262 FW dump template to specify same start/end to debug customer issues - scsi: qla2xxx: Set bit 15 for DIAG_ECHO_TEST MBC - scsi: qla2xxx: Fix mailbox pointer error in fwdump capture - [powerpc*] sysdev/simple_gpio: Fix oops in gpio save_regs function - [powerpc*] numa: Fix percpu allocations to be NUMA aware - [powerpc*] hotplug-mem: Fix missing endian conversion of aa_index - [powerpc*] kernel: Fix FP and vector register restoration (Closes: #868902) - [powerpc*] kernel: Initialize load_tm on task creation - [x86] drm/vmwgfx: Handle vmalloc() failure in vmw_local_fifo_reserve() - drm/nouveau/tmr: fully separate alarm execution/pending lists - ALSA: timer: Fix race between read and ioctl (CVE-2017-1000380) - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (CVE-2017-1000380) - ASoC: Fix use-after-free at card unregistration - cpu/hotplug: Drop the device lock on error - drivers: char: mem: Fix wraparound check to allow mappings up to the end - serial: sh-sci: Fix panic when serial console and DMA are enabled - [arm64] traps: fix userspace cache maintenance emulation on a tagged pointer - [arm64] hw_breakpoint: fix watchpoint matching for tagged pointers - [arm64] entry: improve data abort handling of tagged pointers - [armel,armhf] 8637/1: Adjust memory boundaries after reservations - usercopy: Adjust tests to deal with SMAP/PAN - [x86] drm/i915/vbt: don't propagate errors from intel_bios_init() - [x86] drm/i915/vbt: split out defaults that are set when there is no VBT - cpufreq: schedutil: move cached_raw_freq to struct sugov_policy - cpufreq: schedutil: Fix per-CPU structure initialization in sugov_start() - netfilter: nft_set_rbtree: handle element re-addition after deletion https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.33 - PCI/PM: Add needs_resume flag to avoid suspend complete optimization - [x86] drm/i915: Prevent the system suspend complete optimization - partitions/msdos: FreeBSD UFS2 file systems are not recognized - netfilter: nf_conntrack_sip: fix wrong memory initialisation - ibmvnic: Fix endian errors in error reporting output - ibmvnic: Fix endian error when requesting device capabilities - net: xilinx_emaclite: fix freezes due to unordered I/O - net: xilinx_emaclite: fix receive buffer overflow - tcp: tcp_probe: use spin_lock_bh() - ipv6: Handle IPv4-mapped src to in6addr_any dst. - ipv6: Inhibit IPv4-mapped src address on the wire. - tipc: Fix tipc_sk_reinit race conditions - gfs2: Use rhashtable walk interface in glock_hash_walk - NET: Fix /proc/net/arp for AX.25 - ibmvnic: Call napi_disable instead of napi_enable in failure path - ibmvnic: Initialize completion variables before starting work - NET: mkiss: Fix panic - net: hns: Fix the device being used for dma mapping during TX - sierra_net: Skip validating irrelevant fields for IDLE LSIs - sierra_net: Add support for IPv6 and Dual-Stack Link Sense Indications - i2c: piix4: Request the SMBUS semaphore inside the mutex - i2c: piix4: Fix request_region size - [powerpc*] powernv: Properly set "host-ipi" on IPIs - kernel/ucount.c: mark user_header with kmemleak_ignore() - net: thunderx: Fix PHY autoneg for SGMII QLM mode - ipv6: addrconf: fix generation of new temporary addresses - vfio/spapr_tce: Set window when adding additional groups to container - ipv6: Fix IPv6 packet loss in scenarios involving roaming + snooping switches - PM / runtime: Avoid false-positive warnings from might_sleep_if() - jump label: pass kbuild_cflags when checking for asm goto support - shmem: fix sleeping from atomic context - kasan: respect /proc/sys/kernel/traceoff_on_warning - log2: make order_base_2() behave correctly on const input value zero - ethtool: do not vzalloc(0) on registers dump - net: phy: Fix lack of reference count on PHY driver - net: phy: Fix PHY module checks and NULL deref in phy_attach_direct() - net: fix ndo_features_check/ndo_fix_features comment ordering - fscache: Fix dead object requeue - fscache: Clear outstanding writes when disabling a cookie - FS-Cache: Initialise stores_lock in netfs cookie - ipv6: fix flow labels when the traffic class is non-0 - drm/nouveau: prevent userspace from deleting client object - drm/nouveau/fence/g84-: protect against concurrent access to semaphore buffers - net/mlx4_core: Avoid command timeouts during VF driver device shutdown - gianfar: synchronize DMA API usage by free_skb_rx_queue w/ gfar_new_page - [x86] pinctrl: baytrail: Rectify debounce support (part 2) - cec: fix wrong last_la determination - drm: prevent double-(un)registration for connectors - drm: Don't race connector registration - net: adaptec: starfire: add checks for dma mapping errors - [x86] drm/i915: Check for NULL i915_vma in intel_unpin_fb_obj() - net/mlx5: E-Switch, Err when retrieving steering name-space fails - net/mlx5: Return EOPNOTSUPP when failing to get steering name-space - net: phy: micrel: add support for KSZ8795 - gtp: add genl family modules alias - drm/nouveau: Intercept ACPI_VIDEO_NOTIFY_PROBE - drm/nouveau: Rename acpi_work to hpd_work - drm/nouveau: Handle fbcon suspend/resume in seperate worker - drm/nouveau: Don't enabling polling twice on runtime resume - drm/nouveau: Fix drm poll_helper handling - drm/ast: Fixed system hanged if disable P2A - ravb: unmap descriptors when freeing rings - nfs: Fix "Don't increment lock sequence ID after NFS4ERR_MOVED" - nvmet-rdma: Fix missing dma sync to nvme data structures - r8152: avoid start_xmit to call napi_schedule during autosuspend - r8152: check rx after napi is enabled - r8152: re-schedule napi for tx - r8152: fix rtl8152_post_reset function - r8152: avoid start_xmit to schedule napi when napi is disabled - bnxt_en: Fix bnxt_reset() in the slow path task. - bnxt_en: Enhance autoneg support. - bnxt_en: Fix RTNL lock usage on bnxt_update_link(). - bnxt_en: Fix RTNL lock usage on bnxt_get_port_module_status(). - sctp: sctp gso should set feature with NETIF_F_SG when calling skb_segment - sctp: sctp_addr_id2transport should verify the addr before looking up assoc - usb: musb: Fix external abort on non-linefetch for musb_irq_work() - romfs: use different way to generate fsid for BLOCK or MTD - frv: add atomic64_add_unless() - frv: add missing atomic64 operations - proc: add a schedule point in proc_pid_readdir() - userfaultfd: fix SIGBUS resulting from false rwsem wakeups - kernel/watchdog.c: move hardlockup detector to separate file - kernel/watchdog.c: move shared definitions to nmi.h - kernel/watchdog: prevent false hardlockup on overloaded system - [x86] vhost/vsock: handle vhost_vq_init_access() error - tipc: ignore requests when the connection state is not CONNECTED - tipc: fix connection refcount error - tipc: add subscription refcount to avoid invalid delete - tipc: fix nametbl_lock soft lockup at node/link events - netfilter: nf_tables: fix set->nelems counting with no NLM_F_EXCL - netfilter: nft_log: restrict the log prefix length to 127 - RDMA/qedr: Dispatch port active event from qedr_add - RDMA/qedr: Fix and simplify memory leak in PD alloc - RDMA/qedr: Don't reset QP when queues aren't flushed - RDMA/qedr: Don't spam dmesg if QP is in error state - RDMA/qedr: Return max inline data in QP query result - [s390x] kvm: do not rely on the ILC on kvm host protection fauls - [x86] drm/i915: Workaround VLV/CHV DSI scanline counter hardware fail - [x86] drm/i915: Always recompute watermarks when distrust_bios_wm is set, v2. https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.34 - fs: pass on flags in compat_writev - configfs: Fix race between create_link and configfs_rmdir - can: gs_usb: fix memory leak in gs_cmd_reset() - ila_xlat: add missing hash secret initialization - cpufreq: conservative: Allow down_threshold to take values from 1 to 10 - vb2: Fix an off by one error in 'vb2_plane_vaddr' - mac80211: don't look at the PM bit of BAR frames - mac80211/wpa: use constant time memory comparison for MACs - drm/amdgpu: Fix overflow of watermark calcs at > 4k resolutions. - [x86] drm/i915: Fix GVT-g PVINFO version compatibility check - usb: musb: dsps: keep VBUS on for host-only mode - mac80211: fix CSA in IBSS mode - mac80211: fix packet statistics for fast-RX - mac80211: fix IBSS presp allocation size - mac80211: strictly check mesh address extension mode - mac80211: fix dropped counter in multiqueue RX - mac80211: don't send SMPS action frame in AP mode when not needed - [armhf,arm64] drm/vc4: Fix OOPSes from trying to cache a partially constructed BO. - serial: efm32: Fix parity management in 'efm32_uart_console_get_options()' - serial: sh-sci: Fix late enablement of AUTORTS - [i386] mm: Set the '__vmalloc_start_set' flag in initmem_init() - mfd: omap-usb-tll: Fix inverted bit use for USB TLL mode - staging: rtl8188eu: prevent an underflow in rtw_check_beacon_data() - staging: iio: tsl2x7x_core: Fix standard deviation calculation - iio: st_pressure: Fix data sign - iio: proximity: as3935: recalibrate RCO after resume - iio: adc: ti_am335x_adc: allocating too much in probe - IB/mlx5: Fix kernel to user leak prevention logic - usb: gadget: udc: renesas_usb3: fix pm_runtime functions calling - usb: gadget: udc: renesas_usb3: fix deadlock by spinlock - usb: gadget: udc: renesas_usb3: lock for PN_ registers access - USB: hub: fix SS max number of ports - usb: core: fix potential memory leak in error path during hcd creation - USB: usbip: fix nonconforming hub descriptor - pvrusb2: reduce stack usage pvr2_eeprom_analyze() - USB: gadget: dummy_hcd: fix hub-descriptor removable fields - usb: r8a66597-hcd: select a different endpoint on timeout - usb: r8a66597-hcd: decrease timeout - ath10k: fix napi crash during rmmod when probe firmware fails - misc: mic: double free on ioctl error path - drivers/misc/c2port/c2port-duramar2150.c: checking for NULL instead of IS_ERR() - usb: xhci: Fix USB 3.1 supported protocol parsing - usb: xhci: ASMedia ASM1042A chipset need shorts TX quirk - USB: gadget: fix GPF in gadgetfs - USB: gadgetfs, dummy-hcd, net2280: fix locking for callbacks - mm/memory-failure.c: use compound_head() flags for huge pages - swap: cond_resched in swap_cgroup_prepare() - iio: imu: inv_mpu6050: add accel lpf setting for chip >= MPU6500 - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off() - genirq: Release resources in __setup_irq() error path - alarmtimer: Prevent overflow of relative timers - usb: gadget: composite: Fix function used to free memory - usb: dwc3: exynos fix axius clock error path to do cleanup - [mips*] Fix bnezc/jialc return address calculation - [mips*] .its targets depend on vmlinux - vTPM: Fix missing NULL check - alarmtimer: Rate limit periodic intervals - Allow stack to grow up to address space limit https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.35 - clk: sunxi-ng: a31: Correct lcd1-ch1 clock register offset - xen/blkback: fix disconnect while I/Os in flight - ALSA: firewire-lib: Fix stall of process context at packet error - ALSA: pcm: Don't treat NULL chmap as a fatal error - [powerpc*] perf: Fix oops when kthread execs user process - autofs: sanity check status reported with AUTOFS_DEV_IOCTL_FAIL - lib/cmdline.c: fix get_options() overflow while parsing ranges - [x86] perf/intel: Add 1G DTLB load/store miss support for SKL - [s390x] KVM: gaccess: fix real-space designation asce handling for gmap shadows - [powerpc*] KVM: Book3S HV: Preserve userspace HTM state properly - [powerpc*] KVM: Book3S HV: Context-switch EBB registers properly - CIFS: Improve readdir verbosity - cxgb4: notify uP to route ctrlq compl to rdma rspq - HID: Add quirk for Dell PIXART OEM mouse - signal: Only reschedule timers on signals timers have sent - [powerpc*] kprobes: Pause function_graph tracing during jprobes handling - powerpc/64s: Handle data breakpoints in Radix mode - Input: i8042 - add Fujitsu Lifebook AH544 to notimeout list - brcmfmac: add parameter to pass error code in firmware callback - brcmfmac: use firmware callback upon failure to load - brcmfmac: unbind all devices upon failure in firmware callback - time: Fix clock->read(clock) race around clocksource changes - time: Fix CLOCK_MONOTONIC_RAW sub-nanosecond accounting - [arm64] vdso: Fix nsec handling for CLOCK_MONOTONIC_RAW - target: Fix kref->refcount underflow in transport_cmd_finish_abort - iscsi-target: Fix delayed logout processing greater than SECONDS_FOR_LOGOUT_COMP - iscsi-target: Reject immediate data underflow larger than SCSI transfer length - drm/radeon: add a PX quirk for another K53TK variant - drm/radeon: add a quirk for Toshiba Satellite L20-183 - drm/amdgpu/atom: fix ps allocation size for EnableDispPowerGating - drm/amdgpu: adjust default display clock - of: Add check to of_scan_flat_dt() before accessing initial_boot_params - mtd: spi-nor: fix spansion quad enable - usb: gadget: f_fs: avoid out of bounds access on comp_desc - rt2x00: avoid introducing a USB dependency in the rt2x00lib module - net: phy: Initialize mdio clock at probe function - dmaengine: bcm2835: Fix cyclic DMA period splitting - spi: double time out tolerance - net: phy: fix marvell phy status reading - jump label: fix passing kbuild_cflags when checking for asm goto support - brcmfmac: fix uninitialized warning in brcmf_usb_probe_phase2() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36 - ipv6: release dst on error in ip6_dst_lookup_tail - net: don't call strlen on non-terminated string in dev_set_alias() - decnet: dn_rtmsg: Improve input length sanitization in dnrmg_receive_user_skb - net: Zero ifla_vf_info in rtnl_fill_vfinfo() - net: vrf: Make add_fib_rules per network namespace flag - af_unix: Add sockaddr length checks before accessing sa_family in bind and connect handlers - Fix an intermittent pr_emerg warning about lo becoming free. - sctp: disable BH in sctp_for_each_endpoint - net: caif: Fix a sleep-in-atomic bug in cfpkt_create_pfx - net: tipc: Fix a sleep-in-atomic bug in tipc_msg_reverse - net/mlx5e: Added BW check for DIM decision mechanism - net/mlx5e: Fix wrong indications in DIM due to counter wraparound - proc: snmp6: Use correct type in memset - igmp: acquire pmc lock for ip_mc_clear_src() - igmp: add a missing spin_lock_init() - ipv6: fix calling in6_ifa_hold incorrectly for dad work - sctp: return next obj by passing pos + 1 into sctp_transport_get_idx - net/mlx5e: Avoid doing a cleanup call if the profile doesn't have it - net/mlx5: Wait for FW readiness before initializing command interface - net/mlx5e: Fix timestamping capabilities reporting - decnet: always not take dst->__refcnt when inserting dst into hash table - net: 8021q: Fix one possible panic caused by BUG_ON in free_netdev - sfc: provide dummy definitions of vswitch functions - ipv6: Do not leak throw route references - rtnetlink: add IFLA_GROUP to ifla_policy - netfilter: xt_TCPMSS: add more sanity tests on tcph->doff - netfilter: synproxy: fix conntrackd interaction - NFSv4: fix a reference leak caused WARNING messages - xen/blkback: don't use xen_blkif_get() in xen-blkback kthread - drm/ast: Handle configuration without P2A bridge - mm, swap_cgroup: reschedule when neeed in swap_cgroup_swapoff() - [mips*] head: Reorder instructions missing a delay slot - [mips*] Avoid accidental raw backtrace - [mips*] pm-cps: Drop manual cache-line alignment of ready_count - [mips*] Fix IRQ tracing & lockdep when rescheduling - ALSA: hda - Fix endless loop of codec configure - ALSA: hda - set input_path bitmap to zero after moving it to new place - NFSv4.1: Fix a race in nfs4_proc_layoutget - gpiolib: fix filtering out unwanted events - [x86] drm/vmwgfx: Free hash table allocated by cmdbuf managed res mgr - dm thin: do not queue freed thin mapping for next stage processing - [x86] mm: Fix boot crash caused by incorrect loop count calculation in sync_global_pgds() - usb: gadget: f_fs: Fix possibe deadlock - l2tp: fix race in l2tp_recv_common() - l2tp: ensure session can't get removed during pppol2tp_session_ioctl() - l2tp: fix duplicate session creation - l2tp: hold session while sending creation notifications - l2tp: take a reference on sessions used in genetlink handlers - mm: numa: avoid waiting on freed migrated pages - net: ethtool: add support for 2500BaseT and 5000BaseT link modes - net: phy: add an option to disable EEE advertisement - dt-bindings: net: add EEE capability constants - net: phy: fix sign type error in genphy_config_eee_advert - net: phy: use boolean dt properties for eee broken modes - dt: bindings: net: use boolean dt properties for eee broken modes - [arm64] dts: meson-gxbb-odroidc2: fix GbE tx link breakage - xen/blkback: don't free be structure too early - [x86] KVM: fix fixing of hypercalls - scsi: sd: Fix wrong DPOFUA disable in sd_read_cache_type - stmmac: add missing of_node_put - scsi: lpfc: Set elsiocb contexts to NULL after freeing it - qla2xxx: Terminate exchange if corrupted - qla2xxx: Fix erroneous invalid handle message - drm/amdgpu: fix program vce instance logic error. - drm/amdgpu: add support for new hainan variants - net: phy: dp83848: add DP83620 PHY support - [x86] perf/intel: Handle exclusive threadid correctly on CPU hotplug - net: korina: Fix NAPI versus resources freeing - [powerpc*] eeh: Enable IO path on permanent error - net: ethtool: Initialize buffer when querying device channel settings - xen-netback: fix memory leaks on XenBus disconnect - xen-netback: protect resource cleaning on XenBus disconnect - bnxt_en: Fix "uninitialized variable" bug in TPA code path. - bpf: don't trigger OOM killer under pressure with map alloc - objtool: Fix IRET's opcode - gianfar: Do not reuse pages from emergency reserve - Btrfs: Fix deadlock between direct IO and fast fsync - Btrfs: fix truncate down when no_holes feature is enabled - virtio_console: fix a crash in config_work_handler - swiotlb-xen: update dev_addr after swapping pages - xen-netfront: Fix Rx stall during network stress and OOM - scsi: virtio_scsi: Reject commands when virtqueue is broken - iwlwifi: fix kernel crash when unregistering thermal zone - [x86] platform: ideapad-laptop: handle ACPI event 1 - amd-xgbe: Check xgbe_init() return code - net: dsa: Check return value of phy_connect_direct() - drm/amdgpu: check ring being ready before using - vfio/spapr: fail tce_iommu_attach_group() when iommu_data is null - mlxsw: spectrum_router: Correctly reallocate adjacency entries - virtio_net: fix PAGE_SIZE > 64k - ip6_tunnel: must reload ipv6h in ip6ip6_tnl_xmit() - vxlan: do not age static remote mac entries - ibmveth: Add a proper check for the availability of the checksum features - kernel/panic.c: add missing \n - [x86] perf/intel/uncore: Fix hardcoded socket 0 assumption in the Haswell init code - [x86] pinctrl: intel: Set pin direction properly - net: phy: marvell: fix Marvell 88E1512 used in SGMII mode - mac80211: recalculate min channel width on VHT opmode changes - [x86] perf/intel: Use ULL constant to prevent undefined shift behaviour - HID: i2c-hid: Add sleep between POWER ON and RESET - scsi: lpfc: avoid double free of resource identifiers - spi: davinci: use dma_mapping_error() - [arm64] assembler: make adr_l work in modules under KASLR - net: thunderx: acpi: fix LMAC initialization - drm/radeon/si: load special ucode for certain MC configs - drm/amd/powerplay: fix vce cg logic error on CZ/St. - drm/amd/powerplay: refine vce dpm update code on Cz. - pmem: return EIO on read_pmem() failure - mac80211: initialize SMPS field in HT capabilities - [x86] tsc: Add the Intel Denverton Processor to native_calibrate_tsc() - [x86] mpx: Use compatible types in comparison to fix sparse error - perf/core: Fix sys_perf_event_open() vs. hotplug - [x86] perf: Reject non sampling events with precise_ip - aio: fix lock dep warning - coredump: Ensure proper size of sparse core files - swiotlb: ensure that page-sized mappings are page-aligned - [s390x] ctl_reg: make __ctl_load a full memory barrier - usb: dwc2: gadget: Fix GUSBCFG.USBTRDTIM value - be2net: fix status check in be_cmd_pmac_add() - be2net: don't delete MAC on close on unprivileged BE3 VFs - be2net: fix MAC addr setting on privileged BE3 VFs - perf probe: Fix to show correct locations for events on modules - net: phy: dp83867: allow RGMII_TXID/RGMII_RXID interface types - tipc: allocate user memory with GFP_KERNEL flag - perf probe: Fix to probe on gcc generated functions in modules - net/mlx4_core: Eliminate warning messages for SRQ_LIMIT under SRIOV - sctp: check af before verify address in sctp_addr_id2transport - ip6_tunnel, ip6_gre: fix setting of DSCP on encapsulated packets - ravb: Fix use-after-free on `ifconfig eth0 down` - mm/vmalloc.c: huge-vmap: fail gracefully on unexpected huge vmap mappings - xfrm: fix stack access out of bounds with CONFIG_XFRM_SUB_POLICY - xfrm: NULL dereference on allocation failure - xfrm: Oops on error in pfkey_msg2xfrm_state() - netfilter: use skb_to_full_sk in ip_route_me_harder - watchdog: bcm281xx: Fix use of uninitialized spinlock. - sched/loadavg: Avoid loadavg spikes caused by delayed NO_HZ accounting - spi: When no dma_chan map buffers with spi_master's parent - spi: fix device-node leaks - regulator: tps65086: Fix expected switch DT node names - regulator: tps65086: Fix DT node referencing in of_parse_cb - [armhf] OMAP2+: omap_device: Sync omap_device and pm_runtime after probe defer - [armhf] dts: OMAP3: Fix MFG ID EEPROM - [arm64] ACPI: Fix BAD_MADT_GICC_ENTRY() macro implementation - [armel,armhf] 8685/1: ensure memblock-limit is pmd-aligned - [x86] tools arch: Sync arch/x86/lib/memcpy_64.S with the kernel - [x86] boot/KASLR: Fix kexec crash due to 'virt_addr' calculation bug - [x86] mpx: Correctly report do_mpx_bt_fault() failures to user-space - [x86] mm: Fix flush_tlb_page() on Xen - ocfs2: o2hb: revert hb threshold to keep compatible - iommu/vt-d: Don't over-free page table directories - iommu: Handle default domain attach failure - iommu/dma: Don't reserve PCI I/O windows - iommu/amd: Fix incorrect error handling in amd_iommu_bind_pasid() - iommu/amd: Fix interrupt remapping when disable guest_mode - cpufreq: s3c2416: double free on driver init error path - clk: scpi: don't add cpufreq device if the scpi dvfs node is disabled - brcmfmac: avoid writing channel out of allocated array - i2c: brcmstb: Fix START and STOP conditions - mtd: nand: brcmnand: Check flash #WP pin status before nand erase/program - [arm64] fix NULL dereference in have_cpu_die() - [x86] KVM: fix emulation of RSM and IRET instructions - [x86] KVM: vPMU: fix undefined shift in intel_pmu_refresh() - [x86] KVM: zero base3 of unusable segments - [x86] KVM: nVMX: Fix exception injection https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.37 - fs: add a VALID_OPEN_FLAGS - fs: completely ignore unknown open flags - driver core: platform: fix race condition with driver_override (CVE-2017-12146) - ceph: choose readdir frag based on previous readdir reply - tracing/kprobes: Allow to create probe with a module name starting with a digit - media: entity: Fix stream count check - usb: dwc3: replace %p with %pK - USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick - Add USB quirk for HVR-950q to avoid intermittent device resets - usb: usbip: set buffer pointers to NULL after free - usb: Fix typo in the definition of Endpoint[out]Request - USB: core: fix device node leak - mac80211_hwsim: Replace bogus hrtimer clockid - sysctl: don't print negative flag for proc_douintvec - sysctl: report EINVAL if value is larger than UINT_MAX for proc_douintvec - [arm64] pinctrl: qcom: ipq4019: add missing pingroups for pins > 70 - [arm64] pinctrl: meson: meson8b: fix the NAND DQS pins - [x86] pinctrl: cherryview: Add terminate entry for dmi_system_id tables - [armhf] pinctrl: sunxi: Fix SPDIF function name for A83T - xhci: Limit USB2 port wake support for AMD Promontory hosts - gfs2: Fix glock rhashtable rcu bug - tpm: fix a kernel memory leak in tpm-sysfs.c - [x86] uaccess: Optimize copy_user_enhanced_fast_string() for short strings - ath10k: override CE5 config for QCA9377 - KEYS: Fix an error code in request_master_key() - crypto: drbg - Fixes panic in wait_for_completion call - RDMA/uverbs: Check port number supplied by user verbs cmds - rt286: add Thinkpad Helix 2 to force_combo_jack_table https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.38 - Add "shutdown" to "struct class". - tpm: Issue a TPM2_Shutdown for TPM2 devices. - perf thread_map: Correctly size buffer used with dirent->dt_name - perf tests: Avoid possible truncation with dirent->d_name + snprintf - perf bench numa: Avoid possible truncation when using snprintf() - perf header: Fix handling of PERF_EVENT_UPDATE__SCALE - perf scripting perl: Fix compile error with some perl5 versions - perf probe: Fix to probe on gcc generated symbols for offline kernel - perf probe: Add error checks to offline probe post-processing - md: fix incorrect use of lexx_to_cpu in does_sb_need_changing - md: fix super_offset endianness in super_1_rdev_size_change - locking/rwsem-spinlock: Fix EINTR branch in __down_write_common() - staging: vt6556: vnt_start Fix missing call to vnt_key_init_table. - staging: comedi: fix clean-up of comedi_class in comedi_init() - crypto: caam - fix gfp allocation flags (part I) - crypto: rsa-pkcs1pad - use constant time memory comparison for MACs - ext4: check return value of kstrtoull correctly in reserved_clusters_store - [x86] mm/pat: Don't report PAT on CPUs that don't support it - saa7134: fix warm Medion 7134 EEPROM read https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.39 - xen-netfront: Rework the fix for Rx stall during OOM and network stress - net_sched: fix error recovery at qdisc creation - net: sched: Fix one possible panic when no destroy callback - net/phy: micrel: configure intterupts after autoneg workaround - ipv6: avoid unregistering inet6_dev for loopback - net: dp83640: Avoid NULL pointer dereference. - tcp: reset sk_rx_dst in tcp_disconnect() - net: prevent sign extension in dev_get_stats() - bridge: mdb: fix leak on complete_info ptr on fail path - rocker: move dereference before free - bpf: prevent leaking pointer via xadd on unpriviledged - net: handle NAPI_GRO_FREE_STOLEN_HEAD case also in napi_frags_finish() - net/mlx5: Cancel delayed recovery work when unloading the driver - liquidio: fix bug in soft reset failure detection - net/mlx5e: Fix TX carrier errors report in get stats ndo - ipv6: dad: don't remove dynamic addresses if link is down - vxlan: fix hlist corruption - net: core: Fix slab-out-of-bounds in netdev_stats_to_stats64 - net: ipv6: Compare lwstate in detecting duplicate nexthops - vrf: fix bug_on triggered by rx when destroying a vrf - rds: tcp: use sock_create_lite() to create the accept socket - brcmfmac: Fix a memory leak in error handling path in 'brcmf_cfg80211_attach' - brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain - sfc: don't read beyond unicast address list - cfg80211: Define nla_policy for NL80211_ATTR_LOCAL_MESH_POWER_MODE - cfg80211: Validate frequencies nested in NL80211_ATTR_SCAN_FREQUENCIES - cfg80211: Check if PMKID attribute is of expected size - cfg80211: Check if NAN service ID is of expected size - irqchip/gic-v3: Fix out-of-bound access in gic_set_affinity - thp, mm: fix crash due race in MADV_FREE handling - kernel/extable.c: mark core_kernel_text notrace - mm/list_lru.c: fix list_lru_count_node() to be race free - fs/dcache.c: fix spin lockup issue on nlru->lock - binfmt_elf: use ELF_ET_DYN_BASE only for PIE (CVE-2017-1000370, CVE-2017-1000371) - [armel,armhf] move ELF_ET_DYN_BASE to 4MB - [arm64] move ELF_ET_DYN_BASE to 4GB / 4MB - [powerpc*] move ELF_ET_DYN_BASE to 4GB / 4MB - [s390x] reduce ELF_ET_DYN_BASE - exec: Limit arg stack to at most 75% of _STK_LIM - [arm64] dts: marvell: armada37xx: Fix timer interrupt specifiers - vt: fix unchecked __put_user() in tioclinux ioctls - rcu: Add memory barriers for NOCB leader wakeup - nvmem: core: fix leaks on registration errors - mnt: In umount propagation reparent in a separate pass - mnt: In propgate_umount handle visiting mounts in any order - mnt: Make propagate_umount less slow for overlapping mount propagation trees - selftests/capabilities: Fix the test_execve test - mm: fix overflow check in expand_upwards() - crypto: talitos - Extend max key length for SHA384/512-HMAC and AEAD - [x86] crypto: sha1-ssse3 - Disable avx2 - crypto: caam - properly set IV after {en,de}crypt - crypto: caam - fix signals handling - Revert "sched/core: Optimize SCHED_SMT" - sched/fair, cpumask: Export for_each_cpu_wrap() - sched/topology: Fix building of overlapping sched-groups - sched/topology: Optimize build_group_mask() - sched/topology: Fix overlapping sched_group_mask - PM / wakeirq: Convert to SRCU - PM / QoS: return -EINVAL for bogus strings - tracing: Use SOFTIRQ_OFFSET for softirq dectection for more accurate results - [x86] kvm: vmx: Do not disable intercepts for BNDCFGS - [x86] kvm: Guest BNDCFGS requires guest MPX support - [x86] kvm: vmx: Check value written to IA32_BNDCFGS - [x86] kvm: vmx: allow host to access guest MSR_IA32_BNDCFGS https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.40 - dm mpath: cleanup -Wbool-operation warning in choose_pgpath() - s5p-jpeg: don't return a random width/height - thermal: max77620: fix device-node reference imbalance - thermal: cpu_cooling: Avoid accessing potentially freed structures - ath9k: fix tx99 use after free - ath9k: fix tx99 bus error - ath9k: fix an invalid pointer dereference in ath9k_rng_stop() - NFC: fix broken device allocation - NFC: nfcmrvl_uart: add missing tty-device sanity check - NFC: nfcmrvl: do not use device-managed resources - NFC: nfcmrvl: use nfc-device for firmware download - NFC: nfcmrvl: fix firmware-management initialisation - nfc: Ensure presence of required attributes in the activate_target handler - nfc: Fix the sockaddr length sanitization in llcp_sock_connect - NFC: Add sockaddr length checks before accessing sa_family in bind handlers - [x86] perf intel-pt: Move decoder error setting into one condition - [x86] perf intel-pt: Improve sample timestamp - [x86] perf intel-pt: Fix missing stack clear - [x86] perf intel-pt: Ensure IP is zero when state is INTEL_PT_STATE_NO_IP - [x86] perf intel-pt: Fix last_ip usage - [x86] perf intel-pt: Ensure never to set 'last_ip' when packet 'count' is zero - [x86] perf intel-pt: Use FUP always when scanning for an IP - [x86] perf intel-pt: Clear FUP flag on error - Bluetooth: use constant time memory comparison for secret values - wlcore: fix 64K page support - btrfs: Don't clear SGID when inheriting ACLs - igb: Explicitly select page 0 at initialization - ASoC: compress: Derive substream from stream based on direction - PM / Domains: Fix unsafe iteration over modified list of device links - PM / Domains: Fix unsafe iteration over modified list of domain providers - PM / Domains: Fix unsafe iteration over modified list of domains - scsi: ses: do not add a device to an enclosure if enclosure_add_links() fails. - scsi: Add STARGET_CREATED_REMOVE state to scsi_target_state - iscsi-target: Add login_keys_workaround attribute for non RFC initiators - xen/scsiback: Fix a TMR related use-after-free - [powerpc*] pseries: Fix passing of pp0 in updatepp() and updateboltedpp() - [powerpc*/*64*] Fix atomic64_inc_not_zero() to return an int - [powerpc*] Fix emulation of mcrf in emulate_step() - [powerpc*] Fix emulation of mfocrf in emulate_step() - [powerpc*] asm: Mark cr0 as clobbered in mftb() - [powerpc*] mm/radix: Properly clear process table entry - af_key: Fix sadb_x_ipsecrequest parsing - PCI: Work around poweroff & suspend-to-RAM issue on Macbook Pro 11 - PCI: rockchip: Use normal register bank for config accessors - PCI/PM: Restore the status of PCI devices across hibernation - ipvs: SNAT packet replies only for NATed connections - xhci: fix 20000ms port resume timeout - xhci: Fix NULL pointer dereference when cleaning up streams for removed host - xhci: Bad Ethernet performance plugged in ASM1042A host - mxl111sf: Fix driver to use heap allocate buffers for USB messages - usb: storage: return on error to avoid a null pointer dereference - USB: cdc-acm: add device-id for quirky printer - usb: renesas_usbhs: fix usbhsc_resume() for !USBHSF_RUNTIME_PWCTRL - usb: renesas_usbhs: gadget: disable all eps when the driver stops - md: don't use flush_signals in userspace processes - [x86] xen: allow userspace access during hypercalls - cx88: Fix regression in initial video standard setting - libnvdimm, btt: fix btt_rw_page not returning errors - libnvdimm: fix badblock range handling of ARS range - Raid5 should update rdev->sectors after reshape - [s390x] syscalls: Fix out of bounds arguments access - drm/amd/amdgpu: Return error if initiating read out of range on vram - drm/radeon/ci: disable mclk switching for high refresh rates (v2) - drm/radeon: Fix eDP for single-display iMac10,1 (v2) - ipmi: use rcu lock around call to intf->handlers->sender() - ipmi:ssif: Add missing unlock in error branch - xfs: Don't clear SGID when inheriting ACLs - f2fs: sanity check size of nat and sit cache - f2fs: Don't clear SGID when inheriting ACLs - drm/ttm: Fix use-after-free in ttm_bo_clean_mm - ovl: drop CAP_SYS_RESOURCE from saved mounter's credentials - vfio: Fix group release deadlock - vfio: New external user group/file match - nvme-rdma: remove race conditions from IB signalling - ftrace: Fix uninitialized variable in match_records() - [mips*] Fix mips_atomic_set() retry condition - [mips*] Fix mips_atomic_set() with EVA - [mips*] Negate error syscall return in trace - ubifs: Don't leak kernel memory to the MTD - ACPI / EC: Drop EC noirq hooks to fix a regression - Revert "ACPI / EC: Enable event freeze mode..." to fix a regression - [x86] acpi: Prevent out of bound access caused by broken ACPI tables - [x86] ioapic: Pass the correct data to unmask_ioapic_irq() - [mips*] Fix MIPS I ISA /proc/cpuinfo reporting - [mips*] Save static registers before sysmips - [mips*] Actually decode JALX in `__compute_return_epc_for_insn' - [mips*] Fix unaligned PC interpretation in `compute_return_epc' - [mips*] math-emu: Prevent wrong ISA mode instruction emulation - [mips*] Send SIGILL for BPOSGE32 in `__compute_return_epc_for_insn' - [mips*] Send SIGILL for linked branches in `__compute_return_epc_for_insn' - [mips*] Send SIGILL for R6 branches in `__compute_return_epc_for_insn' - [mips*] Fix a typo: s/preset/present/ in r2-to-r6 emulation error message - Input: i8042 - fix crash at boot time - IB/iser: Fix connection teardown race condition - IB/core: Namespace is mandatory input for address resolution - sunrpc: use constant time memory comparison for mac - NFS: only invalidate dentrys that are clearly invalid. - udf: Fix deadlock between writeback and udf_setsize() - target: Fix COMPARE_AND_WRITE caw_sem leak during se_cmd quiesce - iser-target: Avoid isert_conn->cm_id dereference in isert_login_recv_done - perf annotate: Fix broken arrow at row 0 connecting jmp instruction to its target - staging: rtl8188eu: add TL-WN722N v2 support - staging: comedi: ni_mio_common: fix AO timer off-by-one regression - staging: sm750fb: avoid conflicting vesafb - staging: lustre: ko2iblnd: check copy_from_iter/copy_to_iter return code - ceph: fix race in concurrent readdir - RDMA/core: Initialize port_num in qp_attr - drm/mst: Fix error handling during MST sideband message reception - drm/mst: Avoid dereferencing a NULL mstb in drm_dp_mst_handle_up_req() - drm/mst: Avoid processing partially received up/down message transactions - mlx5: Avoid that mlx5_ib_sg_to_klms() overflows the klms[] array - hfsplus: Don't clear SGID when inheriting ACLs - ovl: fix random return value on mount - acpi/nfit: Fix memory corruption/Unregister mce decoder on failure - of: device: Export of_device_{get_modalias, uvent_modalias} to modules - spmi: Include OF based modalias in device uevent - reiserfs: Don't clear SGID when inheriting ACLs - PM / Domains: defer dev_pm_domain_set() until genpd->attach_dev succeeds if present - tracing: Fix kmemleak in instance_rmdir - alarmtimer: don't rate limit one-shot timers https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.41 - af_key: Add lock to key dump - pstore: Make spinlock per zone instead of global - net: reduce skb_warn_bad_offload() noise - jfs: Don't clear SGID when inheriting ACLs - ALSA: fm801: Initialize chip after IRQ handler is registered - ALSA: hda - Add missing NVIDIA GPU codec IDs to patch table - [powerpc*] pseries: Fix of_node_put() underflow during reconfig remove - NFS: invalidate file size when taking a lock. - NFSv4.1: Fix a race where CB_NOTIFY_LOCK fails to wake a waiter - crypto: authencesn - Fix digest_null crash - [powerpc*] KVM: Book3S HV: Enable TM before accessing TM registers - md/raid5: add thread_group worker async_tx_issue_pending_all - drm/nouveau/disp/nv50-: bump max chans to 21 - drm/nouveau/bar/gf100: fix access to upper half of BAR2 - [powerpc*] KVM: Book3S HV: Restore critical SPRs to host values on guest exit - [powerpc*] KVM: Book3S HV: Save/restore host values of debug registers - [powerpc*] Revert "powerpc/numa: Fix percpu allocations to be NUMA aware" - Staging: comedi: comedi_fops: Avoid orphaned proc entry - smp/hotplug: Move unparking of percpu threads to the control CPU - smp/hotplug: Replace BUG_ON and react useful - nfc: Fix hangup of RC-S380* in port100_send_ack() - nfc: fdp: fix NULL pointer dereference - net: phy: Do not perform software reset for Generic PHY - isdn: Fix a sleep-in-atomic bug - ath10k: fix null deref on wmi-tlv when trying spectral scan - wil6210: fix deadlock when using fw_no_recovery option - mailbox: always wait in mbox_send_message for blocking Tx mode - mailbox: skip complete wait event if timer expired - mailbox: handle empty message in tx_tick - sched/cgroup: Move sched_online_group() back into css_online() to fix crash - RDMA/uverbs: Fix the check for port number - ipmi/watchdog: fix watchdog timeout set on reboot - v4l: s5c73m3: fix negation operator - pstore: Allow prz to control need for locking - pstore: Correctly initialize spinlock and flags - pstore: Use dynamic spinlock initializer - net: skb_needs_check() accepts CHECKSUM_NONE for tx - device-dax: fix sysfs duplicate warnings - [x86] mce/AMD: Make the init code more robust - r8169: add support for RTL8168 series add-on card. - [armhf] omap2+: fixing wrong strcat for Non-NULL terminated string - dt-bindings: power/supply: Update TPS65217 properties - dt-bindings: input: Specify the interrupt number of TPS65217 power button - [armhf] dts: n900: Mark eMMC slot with no-sdio and no-sd flags - net/mlx5: Disable RoCE on the e-switch management port under switchdev mode - ipv6: Should use consistent conditional judgement for ip6 fragment between __ip6_append_data and ip6_finish_output - net/mlx4_core: Use-after-free causes a resource leak in flow-steering detach - net/mlx4: Remove BUG_ON from ICM allocation routine - net/mlx4_core: Fix raw qp flow steering rules under SRIOV - [arm64] drm/msm: Ensure that the hardware write pointer is valid - [arm64] drm/msm: Put back the vaddr in submit_reloc() - [arm64] drm/msm: Verify that MSM_SUBMIT_BO_FLAGS are set - irqchip/keystone: Fix "scheduling while atomic" on rt - ASoC: tlv320aic3x: Mark the RESET register as volatile - spi: dw: Make debugfs name unique between instances - ASoC: nau8825: fix invalid configuration in Pre-Scalar of FLL - irqchip/mxs: Enable SKIP_SET_WAKE and MASK_ON_SUSPEND - openrisc: Add _text symbol to fix ksym build error - dmaengine: ioatdma: Add Skylake PCI Dev ID - dmaengine: ioatdma: workaround SKX ioatdma version - l2tp: consider '::' as wildcard address in l2tp_ip6 socket lookup - dmaengine: ti-dma-crossbar: Add some 'of_node_put()' in error path. - usb: dwc3: omap: fix race of pm runtime with irq handler in probe - [arm64] zynqmp: Fix W=1 dtc 1.4 warnings - [arm64] zynqmp: Fix i2c node's compatible string - perf probe: Fix to get correct modname from elf header - ACPI / scan: Prefer devices without _HID/_CID for _ADR matching - usb: gadget: Fix copy/pasted error message - Btrfs: use down_read_nested to make lockdep silent - Btrfs: fix lockdep warning about log_mutex - benet: stricter vxlan offloading check in be_features_check - Btrfs: adjust outstanding_extents counter properly when dio write is split - [armhf] Xen: Zero reserved fields of xatp before making hypervisor call - tools lib traceevent: Fix prev/next_prio for deadline tasks - xfrm: Don't use sk_family for socket policy lookups - perf tools: Install tools/lib/traceevent plugins with install-bin - perf symbols: Robustify reading of build-id from sysfs - video: fbdev: cobalt_lcdfb: Handle return NULL error from devm_ioremap - vfio-pci: Handle error from pci_iomap - [arm64] mm: fix show_pte KERN_CONT fallout - nvmem: imx-ocotp: Fix wrong register size - net: usb: asix_devices: add .reset_resume for USB PM - ASoC: fsl_ssi: set fifo watermark to more reliable value - sh_eth: enable RX descriptor word 0 shift on SH7734 - ALSA: usb-audio: test EP_FLAG_RUNNING at urb completion - [x86] platform/intel-mid: Rename 'spidev' to 'mrfld_spidev' - [x86] perf: Set pmu->module in Intel PMU modules - [x86] ASoC: Intel: bytcr-rt5640: fix settings in internal clock mode - HID: ignore Petzl USB headlamp - scsi: fnic: Avoid sending reset to firmware when another reset is in progress - scsi: snic: Return error code on memory allocation failure - scsi: bfa: Increase requested firmware version to 3.2.5.1 - [x86] ASoC: Intel: Skylake: Release FW ctx in cleanup - ASoC: dpcm: Avoid putting stream state to STOP when FE stream is paused https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.42 - cgroup: create dfl_root files on subsys registration - cgroup: fix error return value from cgroup_subtree_control() - libata: array underflow in ata_find_dev() - workqueue: restore WQ_UNBOUND/max_active==1 to be ordered - iwlwifi: dvm: prevent an out of bounds access - brcmfmac: fix memleak due to calling brcmf_sdiod_sgtable_alloc() twice - NFSv4: Fix EXCHANGE_ID corrupt verifier issue - device property: Make dev_fwnode() public - mmc: core: Fix access to HS400-ES devices - mm, mprotect: flush TLB if potentially racing with a parallel reclaim leaving stale TLB entries - cpuset: fix a deadlock due to incomplete patching of cpusets_enabled() - ALSA: hda - Fix speaker output from VAIO VPCL14M1R - drm/amdgpu: Fix undue fallthroughs in golden registers initialization - ASoC: do not close shared backend dailink - KVM: async_pf: make rcu irq exit if not triggered from idle task - mm/page_alloc: Remove kernel address exposure in free_reserved_area() - timers: Fix overflow in get_next_timer_interrupt - [powerpc*] tm: Fix saving of TM SPRs in core dump - [powerpc*/*64*] Fix __check_irq_replay missing decrementer interrupt - iommu/amd: Enable ga_log_intr when enabling guest_mode - gpiolib: skip unwanted events, don't convert them to opposite edge - ext4: fix SEEK_HOLE/SEEK_DATA for blocksize < pagesize - ext4: fix overflow caused by missing cast in ext4_resize_fs() - [armhf] dts: armada-38x: Fix irq type for pca955 - media: platform: davinci: return -EINVAL for VPFE_CMD_S_CCDC_RAW_PARAMS ioctl - iscsi-target: Fix initial login PDU asynchronous socket close OOPs - mmc: dw_mmc: Use device_property_read instead of of_property_read - mmc: core: Use device_property_read instead of of_property_read - media: lirc: LIRC_GET_REC_RESOLUTION should return microseconds - f2fs: sanity check checkpoint segno and blkoff (CVE-2017-10663) - Btrfs: fix early ENOSPC due to delalloc - saa7164: fix double fetch PCIe access condition (CVE-2017-8831) - tcp_bbr: cut pacing rate only if filled pipe - tcp_bbr: introduce bbr_bw_to_pacing_rate() helper - tcp_bbr: introduce bbr_init_pacing_rate_from_rtt() helper - tcp_bbr: remove sk_pacing_rate=0 transient during init - tcp_bbr: init pacing rate on first RTT sample - ipv4: ipv6: initialize treq->txhash in cookie_v[46]_check() - net: Zero terminate ifr_name in dev_ifname(). - net: dsa: b53: Add missing ARL entries for BCM53125 - ipv4: initialize fib_trie prior to register_netdev_notifier call. - rtnetlink: allocate more memory for dev_set_mac_address() - mcs7780: Fix initialization when CONFIG_VMAP_STACK is enabled - openvswitch: fix potential out of bound access in parse_ct - packet: fix use-after-free in prb_retire_rx_blk_timer_expired() - ipv6: Don't increase IPSTATS_MIB_FRAGFAILS twice in ip6_fragment() - net: ethernet: nb8800: Handle all 4 RGMII modes identically - dccp: fix a memleak that dccp_ipv6 doesn't put reqsk properly - dccp: fix a memleak that dccp_ipv4 doesn't put reqsk properly - dccp: fix a memleak for dccp_feat_init err process - sctp: don't dereference ptr before leaving _sctp_walk_{params, errors}() - sctp: fix the check for _sctp_walk_params and _sctp_walk_errors - net/mlx5: Consider tx_enabled in all modes on remap - net/mlx5: Fix command bad flow on command entry allocation failure - net/mlx5e: Fix outer_header_zero() check size - net/mlx5e: Fix wrong delay calculation for overflow check scheduling - net/mlx5e: Schedule overflow check work to mlx5e workqueue - net: phy: Correctly process PHY_HALTED in phy_stop_machine() - xen-netback: correctly schedule rate-limited queues - wext: handle NULL extra data in iwe_stream_add_point better - sh_eth: fix EESIPR values for SH77{34|63} - sh_eth: R8A7740 supports packet shecksumming - net: phy: dp83867: fix irq generation - tg3: Fix race condition in tg3_get_stats64(). - [x86] boot: Add missing declaration of string functions - spi: spi-axi: Free resources on error path - ASoC: rt5645: set sel_i2s_pre_div1 to 2 - netfilter: use fwmark_reflect in nf_send_reset - phy state machine: failsafe leave invalid RUNNING state - ipv4: make tcp_notsent_lowat sysctl knob behave as true unsigned int - clk/samsung: exynos542x: mark some clocks as critical - scsi: qla2xxx: Get mutex lock before checking optrom_state - drm/virtio: fix framebuffer sparse warning - [armhf] dts: sunxi: Change node name for pwrseq pin on Olinuxino-lime2-emmc - iw_cxgb4: do not send RX_DATA_ACK CPLs after close/abort - nbd: blk_mq_init_queue returns an error code on failure, not NULL - virtio_blk: fix panic in initialization error path - [armel,armhf] 8632/1: ftrace: fix syscall name matching - mm, slab: make sure that KMALLOC_MAX_SIZE will fit into MAX_ORDER - lib/Kconfig.debug: fix frv build failure - signal: protect SIGNAL_UNKILLABLE from unintentional clearing. - mm: don't dereference struct page fields of invalid pages - net/mlx5: E-Switch, Re-enable RoCE on mode change only after FDB destroy - net: phy: Fix PHY unbind crash - workqueue: implicit ordered attribute should be overridable https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.43 - ppp: Fix false xmit recursion detect with two ppp devices - ppp: fix xmit recursion detection on ppp channels - tcp: avoid setting cwnd to invalid ssthresh after cwnd reduction states - net: fix keepalive code vs TCP_FASTOPEN_CONNECT - [s390x] bpf: fix jit branch offset related to ldimm64 - net/mlx4_en: don't set CHECKSUM_COMPLETE on SCTP packets - net: sched: set xt_tgchk_param par.nft_compat as 0 in ipt_init_target - tcp: fastopen: tcp_connect() must refresh the route - net: avoid skb_warn_bad_offload false positives on UFO - igmp: Fix regression caused by igmp sysctl namespace code. - packet: fix tp_reserve race in packet_set_ring (CVE-2017-1000111) - udp: consistently apply ufo or fragmentation (CVE-2017-1000112) - [armhf,arm64] KVM: Handle hva aging while destroying the vm https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.44 - mm: ratelimit PFNs busy info message - mm: fix list corruptions on shmem shrinklist - futex: Remove unnecessary warning from get_futex_key - mtd: nand: Fix timing setup for NANDs that do not support SET FEATURES - iscsi-target: fix memory leak in iscsit_setup_text_cmd() - iscsi-target: Fix iscsi_np reset hung task during parallel delete - target: Fix node_acl demo-mode + uncached dynamic shutdown regression - fuse: initialize the flock flag in fuse_file on allocation - nand: fix wrong default oob layout for small pages using soft ecc - mmc: mmc: correct the logic for setting HS400ES signal voltage - nfs/flexfiles: fix leak of nfs4_ff_ds_version arrays - drm/etnaviv: Fix off-by-one error in reloc checking - [x86] drm/i915: Fix out-of-bounds array access in bdw_load_gamma_lut - USB: serial: option: add D-Link DWM-222 device ID - USB: serial: cp210x: add support for Qivicon USB ZigBee dongle - USB: serial: pl2303: add new ATEN device id - usb: musb: fix tx fifo flush handling again - USB: hcd: Mark secondary HCD as dead if the primary one died - staging:iio:resolver:ad2s1210 fix negative IIO_ANGL_VEL read - iio: accel: bmc150: Always restore device to normal mode after suspend-resume - iio: light: tsl2563: use correct event code - staging: comedi: comedi_fops: do not call blocking ops when !TASK_RUNNING - uas: Add US_FL_IGNORE_RESIDUE for Initio Corporation INIC-3069 - usb: gadget: udc: renesas_usb3: Fix usb_gadget_giveback_request() calling - usb: renesas_usbhs: Fix UGCTRL2 value for R-Car Gen3 - USB: Check for dropped connection before switching to full speed - usb: core: unlink urbs from the tail of the endpoint's urb_list - usb: quirks: Add no-lpm quirk for Moshi USB to Ethernet Adapter - usb:xhci:Add quirk for Certain failing HP keyboard on reset after resume - iio: adc: vf610_adc: Fix VALT selection value for REFSEL bits - pnfs/blocklayout: require 64-bit sector_t - [armhf] pinctrl: sunxi: add a missing function of A10/A20 pinctrl driver - [x86] pinctrl: intel: merrifield: Correct UART pin lists - [armhf] pinctrl: samsung: Remove bogus irq_[un]mask from resource management - [arm64] pinctrl: meson-gxbb: Add missing GPIODV_18 pin entry https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.45 - netfilter: nf_ct_ext: fix possible panic after nf_ct_extend_unregister - audit: Fix use after free in audit_remove_watch_rule() - [x86] crypto: sha1 - Fix reads beyond the number of blocks passed - Input: elan_i2c - add ELAN0608 to the ACPI table - Input: elan_i2c - Add antoher Lenovo ACPI ID for upcoming Lenovo NB - ALSA: seq: 2nd attempt at fixing race creating a queue - ALSA: usb-audio: Apply sample rate quirk to Sennheiser headset - ALSA: usb-audio: Add mute TLV for playback volumes on C-Media devices - mm: discard memblock data later - mm: fix double mmap_sem unlock on MMF_UNSTABLE enforced SIGBUS - mm/mempolicy: fix use after free when calling get_mempolicy - [amd64,arm64] mm: revert x86_64 and arm64 ELF_ET_DYN_BASE base changes - xen: fix bio vec merging (CVE-2017-12134) (Closes: #866511) - blk-mq-pci: add a fallback when pci_irq_get_affinity returns NULL - [powerpc*] Fix VSX enabling/flushing to also test MSR_FP and MSR_VEC - xen-blkfront: use a right index when checking requests - [amd64] asm: Clear AC on NMI entries - genirq: Restore trigger settings in irq_modify_status() - genirq/ipi: Fixup checks against nr_cpu_ids - Sanitize 'move_pages()' permission checks - pids: make task_tgid_nr_ns() safe - usb: optimize acpi companion search for usb port devices - usb: qmi_wwan: add D-Link DWM-222 device ID https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.46 - af_key: do not use GFP_KERNEL in atomic contexts - dccp: purge write queue in dccp_destroy_sock() - dccp: defer ccid_hc_tx_delete() at dismantle time - ipv4: fix NULL dereference in free_fib_info_rcu() - net_sched/sfq: update hierarchical backlog when drop packet - net_sched: remove warning from qdisc_hash_add - bpf: fix bpf_trace_printk on 32 bit archs - openvswitch: fix skb_panic due to the incorrect actions attrlen - ptr_ring: use kmalloc_array() - ipv4: better IP_MAX_MTU enforcement - nfp: fix infinite loop on umapping cleanup - sctp: fully initialize the IPv6 address in sctp_v6_to_addr() - tipc: fix use-after-free - ipv6: reset fn->rr_ptr when replacing route - ipv6: repair fib6 tree in failure case - tcp: when rearming RTO, if RTO time is in past then fire RTO ASAP - net/mlx4_core: Enable 4K UAR if SRIOV module parameter is not enabled - irda: do not leak initialized list.dev to userspace - net: sched: fix NULL pointer dereference when action calls some targets - net_sched: fix order of queue length updates in qdisc_replace() - bpf, verifier: add additional patterns to evaluate_reg_imm_alu - bpf: adjust verifier heuristics - bpf, verifier: fix alu ops against map_value{, _adj} register types - bpf: fix mixed signed/unsigned derived min/max value bounds - bpf/verifier: fix min/max handling in BPF_SUB - Input: trackpoint - add new trackpoint firmware ID - Input: elan_i2c - add ELAN0602 ACPI ID to support Lenovo Yoga310 - Input: ALPS - fix two-finger scroll breakage in right side on ALPS touchpad - [s390x] KVM: sthyi: fix sthyi inline assembly - [s390x] KVM: sthyi: fix specification exception detection - [x86] KVM: block guest protection keys unless the host has them enabled - ALSA: usb-audio: Add delay quirk for H650e/Jabra 550a USB headsets - ALSA: core: Fix unexpected error at replacing user TLV - ALSA: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978) - ALSA: firewire: fix NULL pointer dereference when releasing uninitialized data of iso-resource - mm, shmem: fix handling /sys/kernel/mm/transparent_hugepage/shmem_enabled - i2c: designware: Fix system suspend - mm/madvise.c: fix freeing of locked page with MADV_FREE - fork: fix incorrect fput of ->exe_file causing use-after-free - mm/memblock.c: reversed logic in memblock_discard() - drm: Release driver tracking before making the object available again - drm/atomic: If the atomic check fails, return its value first - tracing: Call clear_boot_tracer() at lateinit_sync - tracing: Fix kmemleak in tracing_map_array_free() - tracing: Fix freeing of filter in create_filter() when set_str is false - kbuild: linker script do not match C names unless LD_DEAD_CODE_DATA_ELIMINATION is configured - cifs: Fix df output for users with quota limits - cifs: return ENAMETOOLONG for overlong names in cifs_open()/cifs_lookup() - nfsd: Limit end of page list when decoding NFSv4 WRITE - ftrace: Check for null ret_stack on profile function graph entry function - perf/core: Fix group {cpu,task} validation - perf probe: Fix --funcs to show correct symbols for offline module - [x86] perf/intel/rapl: Make package handling more robust - timers: Fix excessive granularity of new timers after a nohz idle - [x86] mm: Fix use-after-free of ldt_struct - net: sunrpc: svcsock: fix NULL-pointer exception - Revert "leds: handle suspend/resume in heartbeat trigger" - netfilter: nat: fix src map lookup - Bluetooth: hidp: fix possible might sleep error in hidp_session_thread - Bluetooth: cmtp: fix possible might sleep error in cmtp_session - Bluetooth: bnep: fix possible might sleep error in bnep_session - iio: imu: adis16480: Fix acceleration scale factor for adis16480 - iio: hid-sensor-trigger: Fix the race with user space powering up sensors - staging: rtl8188eu: add RNX-N150NUB support - Clarify (and fix) MAX_LFS_FILESIZE macros - ntb_transport: fix qp count bug - ntb_transport: fix bug calculating num_qps_mw - NTB: ntb_test: fix bug printing ntb_perf results - ntb: no sleep in ntb_async_tx_submit - ntb: ntb_test: ensure the link is up before trying to configure the mws - ntb: transport shouldn't disable link due to bogus values in SPADs - ACPI: ioapic: Clear on-stack resource before using it - ACPI / APEI: Add missing synchronize_rcu() on NOTIFY_SCI removal - ACPI: EC: Fix regression related to wrong ECDT initialization order - [powerpc*] mm: Ensure cpumask update is ordered https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.47 - p54: memset(0) whole array - [armhf,arm64] kvm: Fix race in resetting stage2 PGD - [arm64] mm: abort uaccess retries upon fatal signal - [arm64] fpsimd: Prevent registers leaking across exec - scsi: sg: protect accesses to 'reserved' page array - scsi: sg: reset 'res_in_use' after unlinking reserved array [ Ben Hutchings ] * [x86] KVM: fix singlestepping over syscall (CVE-2017-7518) * xfrm: policy: check policy direction value (CVE-2017-11600) * [armhf] udeb: Add sunxi_wdt to kernel-image (Closes: #866130) * udeb: Add dm-raid to md-modules (Closes: #868251) * [arm64] sound: Enable SND_HDA_INTEL as module (Closes: #867611) * [x86] ideapad-laptop: Add various IdeaPad models to no_hw_rfkill list (Closes: #866706) * firmware: dmi: Add DMI_PRODUCT_FAMILY identification string * firmware: dmi: Avoid ABI break for DMI_PRODUCT_FAMILY * [x86] pinctrl: cherryview: Extend the Chromebook DMI quirk to Intel_Strago systems (Closes: #862723) * [armhf] Add ARM Mali Midgard device tree bindings and gpu node for rk3288 (thanks to Guillaume Tucker) (Closes: #865646) * workqueue: Fix flag collision * Bump ABI to 4 * [mips*el/loongson-3] Select MIPS_L1_CACHE_SHIFT_6 (deferred from 4.9.30) * [rt] Update to 4.9.47-rt37: - sched: Prevent task state corruption by spurious lock wakeup - sched: Remove TASK_ALL - kernel/locking: use an exclusive wait_q for sleepers - sched/migrate disable: handle updated task-mask mg-dis section [ Cyril Brulebois ] * [arm64,armhf] udeb: Ship usb3503 module in usb-modules, needed for e.g. Arndale development boards, thanks to Wei Liu (Closes: #865645). -- Ben Hutchings Sun, 10 Sep 2017 04:30:59 +0100 linux (4.9.30-2+deb9u5) stretch-security; urgency=medium * [amd64] mm: revert ELF_ET_DYN_BASE base changes (fixes regression of ASan) -- Ben Hutchings Tue, 19 Sep 2017 02:34:05 +0100 linux (4.9.30-2+deb9u4) stretch-security; urgency=high * [x86] KVM: fix singlestepping over syscall (CVE-2017-7518) * binfmt_elf: use ELF_ET_DYN_BASE only for PIE (CVE-2017-1000370, CVE-2017-1000371) * ALSA: timer: Fix race between read and ioctl (CVE-2017-1000380) * ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (CVE-2017-1000380) * xfrm: policy: check policy direction value (CVE-2017-11600) * packet: fix tp_reserve race in packet_set_ring (CVE-2017-1000111) * ipv6: Should use consistent conditional judgement for ip6 fragment between __ip6_append_data and ip6_finish_output * udp: consistently apply ufo or fragmentation (CVE-2017-1000112) * sctp: Avoid out-of-bounds reads from address storage (CVE-2017-7558) * xen: fix bio vec merging (CVE-2017-12134) (Closes: #866511) * driver core: platform: fix race condition with driver_override (CVE-2017-12146) * nl80211: check for the required netlink attributes presence (CVE-2017-12153) * [x86] kvm: nVMX: Don't allow L2 to access the hardware CR8 (CVE-2017-12154) * scsi: qla2xxx: Fix an integer overflow in sysfs code (CVE-2017-14051) * tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (CVE-2017-14106) * Sanitize 'move_pages()' permission checks (CVE-2017-14140) * video: fbdev: aty: do not leak uninitialized padding in clk to userspace (CVE-2017-14156) * xfs: XFS_IS_REALTIME_INODE() should be false if no rt device present (CVE-2017-14340) * scsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly (CVE-2017-14489) * packet: Don't write vnet header beyond end of buffer (CVE-2017-14497) * Bluetooth: Properly check L2CAP config option output buffer length (CVE-2017-1000251) (Closes: #875881) * [x86] KVM: VMX: Do not BUG() on out-of-bounds guest IRQ (CVE-2017-1000252) -- Ben Hutchings Mon, 18 Sep 2017 16:40:43 +0100 linux (4.9.30-2+deb9u3) stretch-security; urgency=high * [x86] drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl() (CVE-2017-7346) * rxrpc: Fix several cases where a padded len isn't checked in ticket decode (CVE-2017-7482) * brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() (CVE-2017-7541) * ipv6: avoid overflow of offset in ip6_find_1stfragopt (CVE-2017-7542) * [x86] drm/vmwgfx: Make sure backup_handle is always valid (CVE-2017-9605) * drm/virtio: don't leak bo on drm_gem_object_init failure (CVE-2017-10810) * xen-blkback: don't leak stack data via response ring (CVE-2017-10911) * mqueue: fix a use-after-free in sys_mq_notify() (CVE-2017-11176) * fs/exec.c: account for argv/envp pointers (CVE-2017-1000365) * dentry name snapshots (CVE-2017-7533) -- Salvatore Bonaccorso Sun, 06 Aug 2017 06:24:47 +0200 linux (4.9.30-2+deb9u2) stretch-security; urgency=high * Revert changes in version 4.9.30-2+deb9u1 (Closes: #865303) * mm: larger stack guard gap, between vmas (CVE-2017-1000364) * mm: fix new crash in unmapped_area_topdown() -- Ben Hutchings Mon, 26 Jun 2017 16:27:47 +0100 linux (4.9.30-2+deb9u1) stretch-security; urgency=high * mm: enlarge stack guard gap (CVE-2017-1000364) * mm: allow to configure stack gap size * mm, proc: cap the stack gap for unpopulated growing vmas * mm, proc: drop priv parameter from is_stack * mm: do not collapse stack gap into THP * fold me "mm: allow to configure stack gap size" -- Salvatore Bonaccorso Sun, 18 Jun 2017 10:14:32 +0200 linux (4.9.30-2) unstable; urgency=high * [x86] Enable SERIAL_8250_MID as built-in (Closes: #864368) * Fix bugs introduced by original fix for CVE-2017-9074: - ipv6: Check ip6_find_1stfragopt() return value properly. - ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() - ipv6: Fix leak in ipv6_gso_segment(). * Revert "uapi: fix linux/if.h userspace compilation errors" (see #864269) * [armhf] udeb: Add axp20x_usb_power to kernel-image; add i2c-modules package including i2c-mv64xxx and i2c-rk3x (thanks to Karsten Merker) (Closes: #856111) * NFSv4.x/callback: Create the callback service through svc_create_pooled (Closes: #862357) -- Ben Hutchings Mon, 12 Jun 2017 16:24:30 +0100 linux (4.9.30-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.26 - [arm64] Revert "mmc: sdhci-msm: Enable few quirks" - ping: implement proper locking - [sparc64] kern_addr_valid regression - [sparc64] Fix kernel panic due to erroneous #ifdef surrounding pmd_write() - net: neigh: guard against NULL solicit() method - net: phy: handle state correctly in phy_stop_machine - bpf: improve verifier packet range checks - net/mlx5: Avoid dereferencing uninitialized pointer - l2tp: hold tunnel socket when handling control frames in l2tp_ip and l2tp_ip6 - l2tp: purge socket queues in the .destruct() callback - net/packet: fix overflow in check for tp_frame_nr - net/packet: fix overflow in check for tp_reserve - l2tp: take reference on sessions being dumped - l2tp: fix PPP pseudo-wire auto-loading - net: ipv4: fix multipath RTM_GETROUTE behavior when iif is given - sctp: listen on the sock only when it's state is listening or closed - tcp: clear saved_syn in tcp_disconnect() - ipv6: Fix idev->addr_list corruption - net-timestamp: avoid use-after-free in ip_recv_error - net: vrf: Fix setting NLM_F_EXCL flag when adding l3mdev rule - dp83640: don't recieve time stamps twice - gso: Validate assumption of frag_list segementation - net: ipv6: RTF_PCPU should not be settable from userspace - netpoll: Check for skb->queue_mapping - ip6mr: fix notification device destruction - net/mlx5: Fix driver load bad flow when having fw initializing timeout - net/mlx5e: Fix small packet threshold - net/mlx5e: Fix ETHTOOL_GRXCLSRLALL handling - macvlan: Fix device ref leak when purging bc_queue - net: ipv6: regenerate host route if moved to gc list - net: phy: fix auto-negotiation stall due to unavailable interrupt - ipv6: check skb->protocol before lookup for nexthop - tcp: memset ca_priv data to 0 properly - ipv6: check raw payload size correctly in ioctl - ALSA: oxfw: fix regression to handle Stanton SCS.1m/1d - ALSA: firewire-lib: fix inappropriate assignment between signed/unsigned type - ALSA: seq: Don't break snd_use_lock_sync() loop by timeout - [mips*] KGDB: Use kernel context for sleeping threads - [mips*] Avoid BUG warning in arch_check_elf - p9_client_readdir() fix - [x86] ASoC: intel: Fix PM and non-atomic crash in bytcr drivers - Input: i8042 - add Clevo P650RS to the i8042 reset list - nfsd: check for oversized NFSv2/v3 arguments - nfsd4: minor NFSv2/v3 write decoding cleanup - nfsd: stricter decoding of write-like NFSv2/v3 ops - ceph: fix recursion between ceph_set_acl() and __ceph_setattr() - macsec: avoid heap overflow in skb_to_sgvec - net: can: usb: gs_usb: Fix buffer on stack - [x86] ftrace: Fix triple fault with graph tracing and suspend-to-ram https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.27 - timerfd: Protect the might cancel mechanism proper - Handle mismatched open calls - [x86] tpm_tis: use default timeout value if chip reports it as zero - scsi: storvsc: Workaround for virtual DVD SCSI version - [powerpc, x86] hwmon: (it87) Avoid registering the same chip on both SIO addresses - 8250_pci: Fix potential use-after-free in error path - ceph: try getting buffer capability for readahead/fadvise - cpu/hotplug: Serialize callback invocations proper - dm ioctl: prevent stack leak in dm ioctl call https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.28 - 9p: fix a potential acl leak - hwmon: (it87) Fix pwm4 detection for IT8620 and IT8628 - [x86] tpm: fix RC value check in tpm2_seal_trusted - [x86] tmp: use pdev for parent device in tpm_chip_alloc - cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores - [powerpc*] mm: Fixup wrong LPCR_VRMASD value - [powerpc*] powernv: Fix opal_exit tracepoint opcode - [powerpc*] Correctly disable latent entropy GCC plugin on prom_init.o - [x86] perf/x86/intel/pt: Add format strings for PTWRITE and power event tracing - [arm64] dts: r8a7795: Mark EthernetAVB device node disabled - [arm64] dts: qcom: Fix ipq board clock rates - [arm64] Improve detection of user/non-user mappings in set_pte(_at) - [armhf] OMAP5 / DRA7: Fix HYP mode boot for thumb2 build - [armhf] dts: sun7i: lamobo-r1: Fix CPU port RGMII settings - mwifiex: debugfs: Fix (sometimes) off-by-1 SSID print - mwifiex: remove redundant dma padding in AMSDU - mwifiex: Avoid skipping WEP key deletion for AP - iwlwifi: fix MODULE_FIRMWARE for 6030 - iwlwifi: mvm: don't restart HW if suspend fails with unified image - iwlwifi: mvm: overwrite skb info later - iwlwifi: pcie: don't increment / decrement a bool - iwlwifi: pcie: trans: Remove unused 'shift_param' - iwlwifi: pcie: fix the set of DMA memory mask - iwlwifi: mvm: fix reorder timer re-arming - iwlwifi: mvm: Use aux queue for offchannel frames in dqa - iwlwifi: mvm/pcie: adjust A-MSDU tx_cmd length in PCIe - iwlwifi: mvm: fix pending frame counter calculation - iwlwifi: mvm: fix references to first_agg_queue in DQA mode - iwlwifi: mvm: synchronize firmware DMA paging memory - iwlwifi: mvm: writing zero bytes to debugfs causes a crash - [x86] ioapic: Restore IO-APIC irq_chip retrigger callback - [amd64] x86/pci-calgary: Fix iommu_free() comparison of unsigned expression >= 0 - [x86] kprobes/x86: Fix kernel panic when certain exception- handling addresses are probed - [x86] platform/intel-mid: Correct MSI IRQ line for watchdog device - [x86] KVM: nVMX: initialize PML fields in vmcs02 - [x86] KVM: nVMX: do not leak PML full vmexit to L1 - [arm64, armhf] usb: dwc2: host: use msleep() for long delay - [armhf] usb: host: ehci-exynos: Decrese node refcount on exynos_ehci_get_phy() error paths - [armhf] usb: host: ohci-exynos: Decrese node refcount on exynos_ehci_get_phy() error paths - [arm64, armhf] usb: chipidea: Only read/write OTGSC from one place - [arm64, armhf] usb: chipidea: Handle extcon events properly - USB: serial: keyspan_pda: fix receive sanity checks - USB: serial: digi_acceleport: fix incomplete rx sanity check - USB: serial: ssu100: fix control-message error handling - USB: serial: io_edgeport: fix epic-descriptor handling - USB: serial: ti_usb_3410_5052: fix control-message error handling - USB: serial: ark3116: fix open error handling - USB: serial: ftdi_sio: fix latency-timer error handling - USB: serial: quatech2: fix control-message error handling - USB: serial: mct_u232: fix modem-status error handling - USB: serial: io_edgeport: fix descriptor error handling - [armhf] clk: rockchip: add "," to mux_pll_src_apll_dpll_gpll_usb480m_p on rk3036 - phy: qcom-usb-hs: Add depends on EXTCON - scsi: qla2xxx: Fix crash in qla2xxx_eh_abort on bad ptr - scsi: mac_scsi: Fix MAC_SCSI=m option when SCSI=m - scsi: smartpqi: fix time handling - [mips*] R2-on-R6 MULTU/MADDU/MSUBU emulation bugfix - brcmfmac: Ensure pointer correctly set if skb data location changes - brcmfmac: Make skb header writable before use - [x86] staging/lustre/llite: move root_squash from sysfs to debugfs - [x86] staging: wlan-ng: add missing byte order conversion - ALSA: hda - Fix deadlock of controller device lock at unbinding - [sparc64] fix fault handling in NGbzero.S and GENbzero.S - macsec: dynamically allocate space for sglist - tcp: do not underestimate skb->truesize in tcp_trim_head() - bpf: enhance verifier to understand stack pointer arithmetic - [arm64] bpf: fix jit branch offset related to ldimm64 - tcp: fix wraparound issue in tcp_lp - net: ipv6: Do not duplicate DAD on link up - net: usb: qmi_wwan: add Telit ME910 support - tcp: do not inherit fastopen_req from parent - ipv4, ipv6: ensure raw socket message is big enough to hold an IP header - rtnetlink: NUL-terminate IFLA_PHYS_PORT_NAME string - ipv6: initialize route null entry in addrconf_init() - ipv6: reorder ip6_route_dev_notifier after ipv6_dev_notf - bnxt_en: allocate enough space for ->ntp_fltr_bmap - bpf: don't let ldimm64 leak map addresses on unprivileged (CVE-2017-9150) - f2fs: sanity check segment count - xen: Revert commits da72ff5bfcb0 and 72a9b186292d - [arm64, armhf] wlcore: Pass win_size taken from ieee80211_sta to FW - [arm64, armhf] wlcore: Add RX_BA_WIN_SIZE_CHANGE_EVENT event - drm/ttm: fix use-after-free races in vm fault handling - block: get rid of blk_integrity_revalidate() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.29 - [x86] xen: adjust early dom0 p2m handling to xen hypervisor behavior - target: Fix compare_and_write_callback handling for non GOOD status - target/fileio: Fix zero-length READ and WRITE handling - iscsi-target: Set session_fall_back_to_erl0 when forcing reinstatement - usb: xhci: bInterval quirk for TI TUSB73x0 - usb: host: xhci: print correct command ring address - USB: Proper handling of Race Condition when two USB class drivers try to call init_usb_class simultaneously - USB: Revert "cdc-wdm: fix "out-of-sync" due to missing notifications" - [x86] staging: vt6656: use off stack for in buffer USB transfers. - [x86] staging: vt6656: use off stack for out buffer USB transfers. - [x86] staging: comedi: jr3_pci: fix possible null pointer dereference - [x86] staging: comedi: jr3_pci: cope with jiffies wraparound - usb: misc: add missing continue in switch - usb: gadget: legacy gadgets are optional - usb: Make sure usb/phy/of gets built-in - usb: hub: Fix error loop seen after hub communication errors - usb: hub: Do not attempt to autosuspend disconnected devices - [x86] boot: Fix BSS corruption/overwrite bug in early x86 kernel startup - [amd64] pmem: Fix cache flushing for iovec write < 8 bytes - [x86] perf: Fix Broadwell-EP DRAM RAPL events - [x86] KVM: fix user triggerable warning in kvm_apic_accept_events() - [armhf,arm64] KVM: fix races in kvm_psci_vcpu_on - [arm64] KVM: Fix decoding of Rt/Rt2 when trapping AArch32 CP accesses - block: fix blk_integrity_register to use template's interval_exp if not 0 - crypto: algif_aead - Require setkey before accept(2) - [x86] crypto: ccp - Use only the relevant interrupt bits - [x86] crypto: ccp - Disable interrupts early on unload - [x86] crypto: ccp - Change ISR handler method for a v3 CCP - [x86] crypto: ccp - Change ISR handler method for a v5 CCP - dm era: save spacemap metadata root after the pre-commit - dm rq: check blk_mq_register_dev() return value in dm_mq_init_request_queue() - dm thin: fix a memory leak when passing discard bio down - vfio/type1: Remove locked page accounting workqueue - iov_iter: don't revert iov buffer if csum error - IB/core: Fix sysfs registration error flow - IB/core: For multicast functions, verify that LIDs are multicast LIDs - IB/IPoIB: ibX: failed to create mcg debug file - IB/mlx4: Fix ib device initialization error flow - IB/mlx4: Reduce SRIOV multicast cleanup warning message to debug level - IB/hfi1: Prevent kernel QP post send hard lockups - perf auxtrace: Fix no_size logic in addr_filter__resolve_kernel_syms() - ext4: evict inline data when writing to memory map - fs/xattr.c: zero out memory copied to userspace in getxattr - ceph: fix memory leak in __ceph_setxattr() - fs/block_dev: always invalidate cleancache in invalidate_bdev() - mm: prevent potential recursive reclaim due to clearing PF_MEMALLOC - Fix match_prepath() - Set unicode flag on cifs echo request to avoid Mac error - SMB3: Work around mount failure when using SMB3 dialect to Macs - CIFS: fix mapping of SFM_SPACE and SFM_PERIOD - cifs: fix leak in FSCTL_ENUM_SNAPS response handling - cifs: fix CIFS_ENUMERATE_SNAPSHOTS oops - CIFS: fix oplock break deadlocks - cifs: fix CIFS_IOC_GET_MNT_INFO oops - CIFS: add misssing SFM mapping for doublequote - padata: free correct variable - device-dax: fix cdev leak - fscrypt: fix context consistency check when key(s) unavailable - [armhf] serial: samsung: Use right device for DMA-mapping calls - [armhf] serial: omap: fix runtime-pm handling on unbind - [armhf] serial: omap: suspend device on probe errors - tty: pty: Fix ldisc flush after userspace become aware of the data already - Bluetooth: Fix user channel for 32bit userspace on 64bit kernel - Bluetooth: hci_bcm: add missing tty-device sanity check - Bluetooth: hci_intel: add missing tty-device sanity check - ipmi: Fix kernel panic at ipmi_ssif_thread() - libnvdimm, region: fix flush hint detection crash - libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify - libnvdimm, pfn: fix 'npfns' vs section alignment - [powerpc*/*64*] pstore: Fix flags to enable dumps on powerpc - pstore: Shut down worker when unregistering https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.30 - usb: misc: legousbtower: Fix buffers on stack - usb: misc: legousbtower: Fix memory leak - USB: ene_usb6250: fix DMA to the stack - watchdog: pcwd_usb: fix NULL-deref at probe - char: lp: fix possible integer overflow in lp_setup() (CVE-2017-1000363) - USB: core: replace %p with %pK - tpm_tis_core: Choose appropriate timeout for reading burstcount - ALSA: hda: Fix cpu lockup when stopping the cmd dmas - [armhf] tegra: paz00: Mark panel regulator as enabled on boot - fanotify: don't expose EOPENSTALE to userspace - tpm_tis_spi: Use single function to transfer data - tpm_tis_spi: Abort transfer when too many wait states are signaled - tpm_tis_spi: Check correct byte for wait state indicator - tpm_tis_spi: Remove limitation of transfers to MAX_SPI_FRAMESIZE bytes - tpm_tis_spi: Add small delay after last transfer - tpm: msleep() delays - replace with usleep_range() in i2c nuvoton driver - tpm: add sleep only for retry in i2c_nuvoton_write_status() - tpm_crb: check for bad response size - mlx5: Fix mlx5_ib_map_mr_sg mr length - infiniband: call ipv6 route lookup via the stub interface - dm btree: fix for dm_btree_find_lowest_key() - dm raid: select the Kconfig option CONFIG_MD_RAID0 - dm bufio: avoid a possible ABBA deadlock - dm bufio: check new buffer allocation watermark every 30 seconds - dm mpath: split and rename activate_path() to prepare for its expanded use - dm cache metadata: fail operations if fail_io mode has been established - dm bufio: make the parameter "retain_bytes" unsigned long - dm thin metadata: call precommit before saving the roots - dm space map disk: fix some book keeping in the disk space map - md: update slab_cache before releasing new stripes when stripes resizing - md: MD_CLOSING needs to be cleared after called md_set_readonly or do_md_stop - rtlwifi: rtl8821ae: setup 8812ae RFE according to device type - mwifiex: MAC randomization should not be persistent - mwifiex: pcie: fix cmd_buf use-after-free in remove/reset - ima: accept previously set IMA_NEW_FILE - [x86] KVM: Fix load damaged SSEx MXCSR register - [x86] KVM: Fix potential preemption when get the current kvmclock timestamp - [x86] KVM: Fix read out-of-bounds vulnerability in kvm pio emulation - [i386] fix 32-bit case of __get_user_asm_u64() - [armhf] regulator: rk808: Fix RK818 LDO2 - [s390x] kdump: Add final note - [s390x] cputime: fix incorrect system time - ath9k_htc: Add support of AirTies 1eda:2315 AR9271 device - ath9k_htc: fix NULL-deref at probe - [x86] drm/amdgpu: Make display watermark calculations more accurate - [x86] drm/amdgpu: Avoid overflows/divide-by-zero in latency_watermark calculations. - [x86] drm/amdgpu: Add missing lb_vblank_lead_lines setup to DCE-6 path. - drm/nouveau/therm: remove ineffective workarounds for alarm bugs - drm/nouveau/tmr: ack interrupt before processing alarms - drm/nouveau/tmr: fix corruption of the pending list when rescheduling an alarm - drm/nouveau/tmr: avoid processing completed alarms when adding a new one - drm/nouveau/tmr: handle races with hw when updating the next alarm time - [armhf] gpio: omap: return error if requested debounce time is not possible - cdc-acm: fix possible invalid access when processing notification - ohci-pci: add qemu quirk - [powerpc*] cxl: Force context lock during EEH flow - [powerpc*] cxl: Route eeh events to all drivers in cxl_pci_error_detected() - proc: Fix unbalanced hard link numbers - of: fix sparse warning in of_pci_range_parser_one - of: fix "/cpus" reference leak in of_numa_parse_cpu_nodes() - of: fdt: add missing allocation-failure check - [powerpc*/*64*] ibmvscsis: Do not send aborted task response - [x86] IIO: bmp280-core.c: fix error in humidity calculation - IB/hfi1: Return an error on memory allocation failure - IB/hfi1: Fix a subcontext memory leak - pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes - pid_ns: Fix race between setns'ed fork() and zap_pid_ns_processes() - USB: serial: ftdi_sio: fix setting latency for unprivileged users - USB: serial: ftdi_sio: add Olimex ARM-USB-TINY(H) PIDs - USB: chaoskey: fix Alea quirk on big-endian hosts - f2fs: check entire encrypted bigname when finding a dentry - fscrypt: avoid collisions when presenting long encrypted filenames - libnvdimm: fix clear length of nvdimm_forget_poison() - xhci: remove GFP_DMA flag from allocation - usb: host: xhci-plat: propagate return value of platform_get_irq() - xhci: apply PME_STUCK_QUIRK and MISSING_CAS quirk for Denverton - usb: host: xhci-mem: allocate zeroed Scratchpad Buffer - net: irda: irda-usb: fix firmware name on big-endian hosts - usbvision: fix NULL-deref at probe - mceusb: fix NULL-deref at probe - ttusb2: limit messages to buffer size - [armhf,arm64] usb: dwc3: gadget: Prevent losing events in event cache - [armhf] usb: musb: tusb6010_omap: Do not reset the other direction's packet size - [armhf] usb: musb: Fix trying to suspend while active for OTG configurations - USB: iowarrior: fix info ioctl on big-endian hosts - usb: serial: option: add Telit ME910 support - USB: serial: qcserial: add more Lenovo EM74xx device IDs - USB: serial: mct_u232: fix big-endian baud-rate handling - USB: serial: io_ti: fix div-by-zero in set_termios - USB: hub: fix SS hub-descriptor handling - USB: hub: fix non-SS hub-descriptor handling - ipx: call ipxitf_put() in ioctl error path (CVE-2017-7487) - iio: hid-sensor: Store restore poll and hysteresis on S3 - gspca: konica: add missing endpoint sanity check - dib0700: fix NULL-deref at probe - zr364xx: enforce minimum size when reading header - dvb-frontends/cxd2841er: define symbol_rate_min/max in T/C fe-ops - digitv: limit messages to buffer size - dw2102: limit messages to buffer size - cx231xx-audio: fix init error path - cx231xx-audio: fix NULL-deref at probe - cx231xx-cards: fix NULL-deref at probe - [powerpc*] mm: Ensure IRQs are off in switch_mm() - [powerpc*] eeh: Avoid use after free in eeh_handle_special_event() - [powerpc*] book3s/mce: Move add_taint() later in virtual mode - [powerpc*] pseries: Fix of_node_put() underflow during DLPAR remove - [powerpc*] iommu: Do not call PageTransHuge() on tail pages - [powerpc*] tm: Fix FP and VMX register corruption - [arm64] KVM: Do not use stack-protector to compile EL2 code - [armhf] KVM: Do not use stack-protector to compile HYP code - [armhf] KVM: plug potential guest hardware debug leakage - [armel,armhf] 8662/1: module: split core and init PLT sections - [armhf] dts: imx6sx-sdb: Remove OPP override - [arm64] dts: hi6220: Reset the mmc hosts - [arm64] xchg: hazard against entire exchange variable - [arm64] ensure extension of smp_store_release value - [arm64] armv8_deprecated: ensure extension of addr - [arm64] uaccess: ensure extension of access_ok() addr - [arm64] documentation: document tagged pointer stack constraints - [x86] staging: rtl8192e: rtl92e_fill_tx_desc fix write to mapped out memory. - [x86] staging: rtl8192e: fix 2 byte alignment of register BSSIDR. - [x86] staging: rtl8192e: rtl92e_get_eeprom_size Fix read size of EPROM_CMD. - [x86] staging: rtl8192e: GetTs Fix invalid TID 7 warning. - [x86] iommu/vt-d: Flush the IOTLB to get rid of the initial kdump mappings - stackprotector: Increase the per-task stack canary's random range from 32 bits to 64 bits on 64-bit platforms - uwb: fix device quirk on big-endian hosts - genirq: Fix chained interrupt data ordering - nvme: unmap CMB and remove sysfs file in reset path - [alpha] osf_wait4(): fix infoleak - tracing/kprobes: Enforce kprobes teardown after testing - [x86] PCI: hv: Allocate interrupt descriptors with GFP_ATOMIC - [x86] PCI: hv: Specify CPU_AFFINITY_ALL for MSI affinity when >= 32 CPUs - PCI: Fix pci_mmap_fits() for HAVE_PCI_RESOURCE_TO_USER platforms - PCI: Fix another sanity check bug in /proc/pci mmap - PCI: Only allow WC mmap on prefetchable resources - PCI: Freeze PME scan before suspending devices - [armel,armhf] mtd: nand: orion: fix clk handling - [armhf] mtd: nand: omap2: Fix partition creation via cmdline mtdparts - mtd: nand: add ooblayout for old hamming layout - [x86] drm/edid: Add 10 bpc quirk for LGD 764 panel in HP zBook 17 G2 - NFSv4: Fix a hang in OPEN related to server reboot - NFS: Fix use after free in write error path - NFS: Use GFP_NOIO for two allocations in writeback - nfsd: fix undefined behavior in nfsd4_layout_verify - nfsd: encoders mustn't use unitialized values in error cases - drivers: char: mem: Check for address space wraparound with mmap() - [x86] drm/i915/gvt: Disable access to stolen memory as a guest [ Aurelien Jarno ] * [mips*/*-malta] Enable POWER_RESET and POWER_RESET_SYSCON. [ Uwe Kleine-König ] * [arm64] Enable DRM modules (Closes: #863344) * Ignore ABI changes in chipidea driver [ Ben Hutchings ] * Ignore ABI changes in ccp and hid-sensors * [mips*el/loongson-3] Revert "MIPS: Loongson-3: Select MIPS_L1_CACHE_SHIFT_6" to avoid ABI change * SUNRPC: Refactor svc_set_num_threads() * NFSv4: Fix callback server shutdown (CVE-2017-9059) (Closes: #862357) * uapi: fix linux/if.h userspace compilation errors (see #822393, #824442) * debian/control: Fix compiler build-dependencies for cross-building (Closes: #863907) * Add Debian package version to "hung task" log messages * btrfs: warn about RAID5/6 being experimental at mount time (Closes: #863290) * [x86] pinctrl: cherryview: Add a quirk to make Acer Chromebook keyboard work again (Closes: #862723) * [arm64] serial: pl011: add console matching function (Closes: #861898) * [rt] Add new GPG subkeys for Sebastian Andrzej Siewior * [rt] Update to 4.9.30-rt20: - rtmutex: Deboost before waking up the top waiter - sched/rtmutex/deadline: Fix a PI crash for deadline tasks - sched/deadline/rtmutex: Dont miss the dl_runtime/dl_period update - rtmutex: Clean up - sched/rtmutex: Refactor rt_mutex_setprio() - sched,tracing: Update trace_sched_pi_setprio() - rtmutex: Fix PI chain order integrity - rtmutex: Fix more prio comparisons - rtmutex: Plug preempt count leak in rt_mutex_futex_unlock() - futex: Avoid freeing an active timer - futex: Fix small (and harmless looking) inconsistencies - futex,rt_mutex: Fix rt_mutex_cleanup_proxy_lock() - Revert "timers: Don't wake ktimersoftd on every tick" - futex/rtmutex: Cure RT double blocking issue - random: avoid preempt_disable()ed section [ Salvatore Bonaccorso ] * tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline() (CVE-2017-0605) * dccp/tcp: do not inherit mc_list from parent (CVE-2017-8890) * ipv6: Prevent overrun when parsing v6 header options (CVE-2017-9074) * sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (CVE-2017-9075) * ipv6/dccp: do not inherit ipv6_mc_list from parent (CVE-2017-9076, CVE-2017-9077) * crypto: skcipher - Add missing API setkey checks (CVE-2017-9211) * ipv6: fix out of bound writes in __ip6_append_data() (CVE-2017-9242) [ Cyril Brulebois ] * udeb: Add efivarfs to efi-modules, which can be needed to retrieve firmware or configuration bits from d-i. (Closes: #862555) [ John Paul Adrian Glaubitz ] * [m68k] udeb: Build loop-modules package (Closes: #862813) -- Ben Hutchings Sun, 04 Jun 2017 03:03:01 +0100 linux (4.9.25-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.19 - net/openvswitch: Set the ipv6 source tunnel key address attribute correctly - net: properly release sk_frag.page - [arm64] amd-xgbe: Fix jumbo MTU processing on newer hardware - openvswitch: Add missing case OVS_TUNNEL_KEY_ATTR_PAD - net: unix: properly re-increment inflight counter of GC discarded candidates - net: vrf: Reset rt6i_idev in local dst after put - net/mlx5: Add missing entries for set/query rate limit commands - net/mlx5e: Use the proper UAPI values when offloading TC vlan actions - net/mlx5: Increase number of max QPs in default profile - net/mlx5e: Count GSO/LRO packets correctly - ipv6: make sure to initialize sockc.tsflags before first use - ipv4: provide stronger user input validation in nl_fib_input() - socket, bpf: fix sk_filter use after free in sk_clone_lock - tcp: initialize icsk_ack.lrcvtime at session start time - Input: iforce,ims-pcu,hanwang,yealink,cm109,kbtab,sur40 - validate number of endpoints before using them - ALSA: seq: Fix racy cell insertions during snd_seq_pool_done() - ALSA: ctxfi: Fix the incorrect check of dma_set_mask() call - ALSA: hda - Adding a group of pin definition to fix headset problem - ACM gadget: fix endianness in notifications - usb: gadget: f_uvc: Fix SuperSpeed companion descriptor's wBytesPerInterval - USB: uss720,idmouse,wusbcore: fix NULL-deref at probe - usb: musb: cppi41: don't check early-TX-interrupt for Isoch transfer - usb: hub: Fix crash after failure to read BOS descriptor - USB: usbtmc: add missing endpoint sanity check - USB: usbtmc: fix probe error path - uwb: i1480-dfu: fix NULL-deref at probe - mmc: ushc: fix NULL-deref at probe - [armhf[ iio: adc: ti_am335x_adc: fix fifo overrun recovery - iio: sw-device: Fix config group initialization - iio: hid-sensor-trigger: Change get poll value function order to avoid sensor properties losing after resume from S3 - parport: fix attempt to write duplicate procfiles - ext4: mark inode dirty after converting inline directory - ext4: lock the xattr block before checksuming it - [powerpc*/*64*] Fix idle wakeup potential to clobber registers - mmc: sdhci: Do not disable interrupts while waiting for clock - mmc: sdhci-pci: Do not disable interrupts in sdhci_intel_set_power - [x86] hwrng: amd - Revert managed API changes - [x86] hwrng: geode - Revert managed API changes - [armhf] clk: sunxi-ng: sun6i: Fix enable bit offset for hdmi-ddc module clock - [armhf] clk: sunxi-ng: mp: Adjust parent rate for pre-dividers - mwifiex: pcie: don't leak DMA buffers when removing - [x86] crypto: ccp - Assign DMA commands to the channel's CCP - xen/acpi: upload PM state from init-domain to Xen - [x86] iommu/vt-d: Fix NULL pointer dereference in device_to_iommu - [arm64] kaslr: Fix up the kernel image alignment - cpufreq: Restore policy min/max limits on CPU online - cgroup, net_cls: iterate the fds of only the tasks which are being migrated - blk-mq: don't complete un-started request in timeout handler - [x86] drm/amdgpu: reinstate oland workaround for sclk - jbd2: don't leak memory if setting up journal fails - [x86] intel_th: Don't leak module refcount on failure to activate - [x86] Drivers: hv: vmbus: Don't leak channel ids - [x86] Drivers: hv: vmbus: Don't leak memory when a channel is rescinded - libceph: don't set weight to IN when OSD is destroyed - [x86] device-dax: fix pmd/pte fault fallback handling - [armhf] drm/bridge: analogix dp: Fix runtime PM state on driver bind - nl80211: fix dumpit error path RTNL deadlocks - drm: reference count event->completion - fbcon: Fix vc attr at deinit https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.20 - xfrm: policy: init locks early - [x86] KVM: cleanup the page tracking SRCU instance - virtio_balloon: init 1st buffer in stats vq - [mips*] ptrace: Preserve previous registers for short regset write - [sparc64] ptrace: Preserve previous registers for short regset write - fscrypt: remove broken support for detecting keyring key revocation (CVE-2017-7374) - sched/rt: Add a missing rescheduling point - [armhf] usb: musb: fix possible spinlock deadlock https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.21 - libceph: force GFP_NOIO for socket allocations - xen/setup: Don't relocate p2m over existing one - xfs: only update mount/resv fields on success in __xfs_ag_resv_init - xfs: use per-AG reservations for the finobt - xfs: pull up iolock from xfs_free_eofblocks() - xfs: sync eofblocks scans under iolock are livelock prone - xfs: fix eofblocks race with file extending async dio writes - xfs: fix toctou race when locking an inode to access the data map - xfs: fail _dir_open when readahead fails - xfs: filter out obviously bad btree pointers - xfs: check for obviously bad level values in the bmbt root - xfs: verify free block header fields - xfs: allow unwritten extents in the CoW fork - xfs: mark speculative prealloc CoW fork extents unwritten - xfs: reset b_first_retry_time when clear the retry status of xfs_buf_t - xfs: update ctime and mtime on clone destinatation inodes - xfs: reject all unaligned direct writes to reflinked files - xfs: don't fail xfs_extent_busy allocation - xfs: handle indlen shortage on delalloc extent merge - xfs: split indlen reservations fairly when under reserved - xfs: fix uninitialized variable in _reflink_convert_cow - xfs: don't reserve blocks for right shift transactions - xfs: Use xfs_icluster_size_fsb() to calculate inode chunk alignment - xfs: tune down agno asserts in the bmap code - xfs: only reclaim unwritten COW extents periodically - xfs: fix and streamline error handling in xfs_end_io - xfs: Use xfs_icluster_size_fsb() to calculate inode alignment mask - xfs: use iomap new flag for newly allocated delalloc blocks - xfs: try any AG when allocating the first btree block when reflinking - scsi: libsas: fix ata xfer length - scsi: scsi_dh_alua: Check scsi_device_get() return value - scsi: scsi_dh_alua: Ensure that alua_activate() calls the completion function - ALSA: seq: Fix race during FIFO resize - ALSA: hda - fix a problem for lineout on a Dell AIO machine - [x86] ASoC: Intel: Skylake: fix invalid memory access due to wrong reference of pointer - HID: wacom: Don't add ghost interface as shared data - mmc: sdhci: Disable runtime pm when the sdio_irq is enabled - NFSv4.1 fix infinite loop on IO BAD_STATEID error - nfsd: map the ENOKEY to nfserr_perm for avoiding warning - [hppa] Clean up fixup routines for get_user()/put_user() - [hppa] Avoid stalled CPU warnings after system shutdown - [hppa] Fix access fault handling in pa_memcpy() - ACPI: Fix incompatibility with mcount-based function graph tracing - ACPI: Do not create a platform_device for IOAPIC/IOxAPIC - USB: fix linked-list corruption in rh_call_control() - [x86] KVM: clear bus pointer when destroyed - KVM: kvm_io_bus_unregister_dev() should never fail - drm/radeon: Override fpfn for all VRAM placements in radeon_evict_flags - [armhf,arm64] drm/vc4: Allocate the right amount of space for boot-time CRTC state. - [armhf] drm/etnaviv: (re-)protect fence allocation with GPU mutex - [x86] mm/KASLR: Exclude EFI region from KASLR VA space randomization - [x86] mce: Fix copy/paste error in exception table entries - lib/syscall: Clear return values when no stack - mm: rmap: fix huge file mmap accounting in the memcg stats - mm, hugetlb: use pte_present() instead of pmd_present() in follow_huge_pmd() - qla2xxx: Allow vref count to timeout on vport delete. - mm: workingset: fix premature shadow node shrinking with cgroups - blk: improve order of bio handling in generic_make_request() - blk: Ensure users for current->bio_list can see the full list. - padata: avoid race in reordering - nvme/core: Fix race kicking freed request_queue - nvme/pci: Disable on removal when disconnected https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.22 - ppdev: check before attaching port - ppdev: fix registering same device name - [x86] drm/vmwgfx: Type-check lookups of fence objects - [x86] drm/vmwgfx: avoid calling vzalloc with a 0 size in vmw_get_cap_3d_ioctl() - drm/ttm, drm/vmwgfx: Relax permission checking when opening surfaces - [x86] drm/vmwgfx: Remove getparam error message - sysfs: be careful of error returns from ops->show() - [armhf,arm64] KVM: Take mmap_sem in stage2_unmap_vm - [armhf,arm64] KVM: Take mmap_sem in kvm_arch_prepare_memory_region - [armhf,arm64] kvm: Fix locking for kvm_free_stage2_pgd - [x86] iio: bmg160: reset chip when probing - [arm64] mm: unaligned access by user-land should be received as SIGBUS - cfg80211: check rdev resume callback only for registered wiphy - CIFS: Reset TreeId to zero on SMB2 TREE_CONNECT - mm/page_alloc.c: fix print order in show_free_areas() - ptrace: fix PTRACE_LISTEN race corrupting task->state - dm verity fec: limit error correction recursion - dm verity fec: fix bufio leaks - ACPI / gpio: do not fall back to parsing _CRS when we get a deferral - xfs: Honor FALLOC_FL_KEEP_SIZE when punching ends of files - ring-buffer: Fix return value check in test_ringbuffer() - mac80211: unconditionally start new netdev queues with iTXQ support - brcmfmac: use local iftype avoiding use-after-free of virtual interface - [powerpc*] Disable HFSCR[TM] if TM is not supported - [powerpc*] mm: Add missing global TLB invalidate if cxl is active - [powerpc*/*64*]: Fix flush_(d|i)cache_range() called from modules - [powerpc*] Don't try to fix up misaligned load-with-reservation instructions - [powerpc*] crypto/crc32c-vpmsum: Fix missing preempt_disable() - dm raid: fix NULL pointer dereference for raid1 without bitmap - [s390x] decompressor: fix initrd corruption caused by bss clear - [s390x] uaccess: get_user() should zero on failure (again) - [mips*el/loongson-3] Check TLB before handle_ri_rdhwr() for Loongson-3 - [mips*el/loongson-3] Add MIPS_CPU_FTLB for Loongson-3A R2 - [mips*el/loongson-3] Flush wrong invalid FTLB entry for huge page - [mips*el/loongson-3] c-r4k: Fix Loongson-3's vcache/scache waysize calculation - mm/mempolicy.c: fix error handling in set_mempolicy and mbind (CVE-2017-7616) - random: use chacha20 for get_random_int/long - [armhf] drm/sun4i: tcon: Move SoC specific quirks to a DT matched data structure - [armhf] drm/sun4i: Add compatible strings for A31/A31s display pipelines - [armhf] drm/sun4i: Add compatible string for A31/A31s TCON (timing controller) - HID: i2c-hid: add a simple quirk to fix device defects - usb: dwc3: gadget: delay unmap of bounced requests - [x86] ASoC: Intel: bytct_rt5640: change default capture settings - [armhf,arm64] clocksource/drivers/arm_arch_timer: Don't assume clock runs in suspend - scsi: ufs: introduce UFSHCD_QUIRK_PRDT_BYTE_GRAN quirk - HID: multitouch: do not retrieve all reports for all devices - [arm64] mmc: sdhci-msm: Enable few quirks - scsi: ufs: ensure that host pa_tactivate is higher than device - svcauth_gss: Close connection when dropping an incoming message - scsi: ufs: add quirk to increase host PA_SaveConfigTime - [x86] platform: acer-wmi: Only supports AMW0_GUID1 on acer family - nvme: simplify stripe quirk - ACPI / sysfs: Provide quirk mechanism to prevent GPE flooding - HID: usbhid: Add quirk for the Futaba TOSD-5711BB VFD - [x86] drm/i915: actually drive the BDW reserved IDs - scsi: ufs: issue link starup 2 times if device isn't active - [armhf] serial: 8250_omap: Add OMAP_DMA_TX_KICK quirk for AM437x - ACPI / button: Change default behavior to lid_init_state=open - [x86] ACPI: save NVS memory for Lenovo G50-45 - HID: wacom: don't apply generic settings to old devices - [arm64] firmware: qcom: scm: Fix interrupted SCM calls - [armhf] watchdog: s3c2410: Fix infinite interrupt in soft mode - [x86] platform: asus-wmi: Set specified XUSB2PR value for X550LB - [x86] platform: asus-wmi: Detect quirk_no_rfkill from the DSDT - [x86] reboot/quirks: Add ASUS EeeBook X205TA reboot quirk - [x86] reboot/quirks: Add ASUS EeeBook X205TA/W reboot quirk - usb-storage: Add ignore-residue quirk for Initio INIC-3619 - [x86] reboot/quirks: Fix typo in ASUS EeeBook X205TA reboot quirk https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.23 - [x86] drm/i915/gen9: Increase PCODE request timeout to 50ms - [x86] drm/i915: Nuke debug messages from the pipe update critical section - [x86] drm/i915: Avoid tweaking evaluation thresholds on Baytrail v3 - [x86] drm/i915: Only enable hotplug interrupts if the display interrupts are enabled - [x86] drm/i915: Drop support for I915_EXEC_CONSTANTS_* execbuf parameters. - [x86] drm/i915: Stop using RP_DOWN_EI on Baytrail - [x86] drm/i915: Avoid rcu_barrier() from reclaim paths (shrinker) - [armhf,arm64] i2c: bcm2835: Fix hang for writing messages larger than 16 bytes - rt2x00usb: fix anchor initialization - rt2x00usb: do not anchor rx and tx urb's - [mips*] Introduce irq_stack - [mips*] Stack unwinding while on IRQ stack - [mips*] Only change $28 to thread_info if coming from user mode - [mips*] Switch to the irq_stack in interrupts - [mips*] Select HAVE_IRQ_EXIT_ON_IRQ_STACK - [mips*] IRQ Stack: Fix erroneous jal to plat_irq_dispatch - [x86] Revert "drm/i915/execlists: Reset RING registers upon resume" - blk-mq: Avoid memory reclaim when remapping queues - usb: hub: Wait for connection to be reestablished after port reset - net/mlx4_en: Fix bad WQE issue - net/mlx4_core: Fix racy CQ (Completion Queue) free - net/mlx4_core: Fix when to save some qp context flags for dynamic VST to VGT transitions - dma-buf: add support for compat ioctl https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.24 - cgroup, kthread: close race window where new kthreads can be migrated to non-root cgroups - thp: fix MADV_DONTNEED vs. MADV_FREE race - thp: fix MADV_DONTNEED vs clear soft dirty race - zsmalloc: expand class bit - drm/nouveau/mpeg: mthd returns true on success now - drm/nouveau/mmu/nv4a: use nv04 mmu rather than the nv44 one - [armhf] drm/etnaviv: fix missing unlock on error in etnaviv_gpu_submit() - CIFS: reconnect thread reschedule itself - CIFS: store results of cifs_reopen_file to avoid infinite wait - Input: xpad - add support for Razer Wildcat gamepad - [x86] perf: Avoid exposing wrong/stale data in intel_pmu_lbr_read_32() - [x86] efi: Don't try to reserve runtime regions - [x86] signals: Fix lower/upper bound reporting in compat siginfo - [x86] pmem: fix broken __copy_user_nocache cache-bypass assumptions - [x86] vdso: Ensure vdso32_enabled gets set to valid values only - [x86] vdso: Plug race between mapping and ELF header setup - [x86] acpi, nfit, libnvdimm: fix interleave set cookie calculation (64-bit comparison) - ACPI / scan: Set the visited flag for all enumerated devices - [hppa] fix bugs in pa_memcpy - efi/libstub: Skip GOP with PIXEL_BLT_ONLY format - efi/fb: Avoid reconfiguration of BAR that covers the framebuffer - iscsi-target: Fix TMR reference leak during session shutdown - iscsi-target: Drop work-around for legacy GlobalSAN initiator - scsi: sr: Sanity check returned mode data - scsi: sd: Consider max_xfer_blocks if opt_xfer_blocks is unusable - scsi: qla2xxx: Add fix to read correct register value for ISP82xx. - scsi: sd: Fix capacity calculation with 32-bit sector_t - target: Avoid mappedlun symlink creation during lun shutdown - xen, fbfront: fix connecting to backend - new privimitive: iov_iter_revert() - make skb_copy_datagram_msg() et.al. preserve ->msg_iter on error - [x86] libnvdimm: fix blk free space accounting - [x86] libnvdimm: fix reconfig_mutex, mmap_sem, and jbd2_handle lockdep splat - [armhf] pwm: rockchip: State of PWM clock should synchronize with PWM enabled state - cpufreq: Bring CPUs up even if cpufreq_online() failed - [armhf] irqchip/irq-imx-gpcv2: Fix spinlock initialization - ftrace: Fix removing of second function probe - zram: do not use copy_page with non-page aligned address - ftrace: Fix function pid filter on instances - crypto: algif_aead - Fix bogus request dereference in completion function - crypto: ahash - Fix EINPROGRESS notification callback (CVE-2017-7618) - [hppa] Fix get_user() for 64-bit value on 32-bit kernel - dvb-usb-v2: avoid use-after-free (CVE-2017-8064) - drm/nouveau/disp/mcp7x: disable dptmds workaround (Closes: #850219) - [x86] mm: Tighten x86 /dev/mem with zeroing reads (CVE-2017-7889) - dvb-usb-firmware: don't do DMA on stack (CVE-2017-8061) - cxusb: Use a dma capable buffer also for reading (CVE-2017-8063) - virtio-console: avoid DMA from stack (CVE-2017-8067) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.25 - KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (CVE-2016-9604) - KEYS: Change the name of the dead type to ".dead" to prevent user access (CVE-2017-6951) - KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings (CVE-2017-7472) - tracing: Allocate the snapshot buffer before enabling probe - ring-buffer: Have ring_buffer_iter_empty() return true when empty - mm: prevent NR_ISOLATE_* stats from going negative - cifs: Do not send echoes before Negotiate is complete (Closes: #856843) - CIFS: remove bad_network_name flag - [s390x] mm: fix CMMA vs KSM vs others - Input: elantech - add Fujitsu Lifebook E547 to force crc_enabled - ACPI / power: Avoid maybe-uninitialized warning - [armhf] mmc: sdhci-esdhc-imx: increase the pad I/O drive strength for DDR50 card - ubifs: Fix RENAME_WHITEOUT support - ubifs: Fix O_TMPFILE corner case in ubifs_link() - mac80211: reject ToDS broadcast data frames - mac80211: fix MU-MIMO follow-MAC mode - ubi/upd: Always flush after prepared for an update - [powerpc*] kprobe: Fix oops when kprobed on 'stdu' instruction - [x86] mce/AMD: Give a name to MCA bank 3 when accessed with legacy MSRs - [x86] mce: Make the MCE notifier a blocking one - device-dax: switch to srcu, fix rcu_read_lock() vs pte allocation [ Ben Hutchings ] * w1: Really enable W1_MASTER_GPIO as module (Closes: #858975) * debian/rules.real: Undefine $LANGUAGE, which can break debug symbols for vDSOs (Closes: #859807) * Bump ABI to 3 * [s390x] Set NR_CPUS=256 (Closes: #858731) * [x86] usbip: Increase USBIP_VHCI_NR_HCS to 8 and USBIP_VHCI_HC_PORTS to 31 (Closes: #859641) * [powerpc/powerpc64,ppc64*] target: Enable SCSI_IBMVSCSIS as module * cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores (Closes: #859978) * udeb: Include all AHCI drivers in sata-modules (Closes: #860335) * [powerpc/powerpc64,ppc64] Set NR_CPUS=2048, matching ppc64el * [powerpc*/*64*] Enable CPUMASK_OFFSTACK to reduce stack usage * [mips*el/loongson-3] Set NR_CPUS=16 to allow for Loongson 3B2000 * [mips*/octeon] Set NR_CPUS=64 to allow for Cavium CN7890 * [arm64] Set NR_CPUS=256 to allow for multi-SoC systems (Closes: #861209) * [powerpc/powerpc-smp,powerpcspe] Explicitly set NR_CPUS=4 * Move debug symbols back to the main archive, to avoid problems with the current handling in dak * linux-image: Disable signing until it's supported in dak * [rt] Update to 4.9.20-rt16: - rtmutex: Make lock_killable work - rtmutex: Provide rt_mutex_lock_state() - rtmutex: Provide locked slowpath - rwsem/rt: Lift single reader restriction * PCI: Enable PCIE_PTM (except on armel/marvell) * 6lowpan: Enable Generic Header Compression modules * net/sched: Enable NET_ACT_SKBMOD as module * ethernet: Enable NFP_NETVF as module * net/phy: Enable MICROSEMI_PHY as module * input/tablet: Enable TABLET_USB_PEGASUS as module * [x86] input/touchscreen: Enable TOUCHSCREEN_SURFACE3_SPI as module * serial/8250: Enable SERIAL_8250_MOXA as module * [x86] gpio: Enable GPIO_AMDPT as module * [x86] thermal: Enable INT3406_THERMAL as module * watchdog: Enable WATCHDOG_SYSFS * integrity: Enable IMA, IMA_DEFAULT_HASH_SHA256, IMA_APPRAISE, IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY, IMA_BLACKLIST_KEYRING (except on armel/marvell) (Closes: #788290) * media: Enable VIDEO_TW5864, VIDEO_TW686X as modules * [x86] amdgpu,sound/soc: Enable DRM_AMD_ACP; enable SND_SOC_AMD_ACP as module * hda: Set SND_HDA_PREALLOC_SIZE=2048 as recommended for PulseAudio * HID: Enable HID_SENSOR_CUSTOM_SENSOR as module * leds,USB: Enable USB_LEDS_TRIGGER_USBPORT as module * usbip: Enable USBIP_VUDC as module * USB/misc: Enable UCSI as module * leds: Enable LEDS_TRIGGER_DISK, LEDS_TRIGGER_MTD, LEDS_TRIGGER_PANIC * IB: Enable INFINIBAND_HFI1, INFINIBAND_I40IW, INFINIBAND_QEDR, RDMA_RXE as modules * [amd64] EDAC: Enable EDAC_SKX as module * [x86] comedi: Enable COMEDI_ADV_PCI1720, COMEDI_ADV_PCI1760 as modules * [x86] platform: Enable INTEL_HID_EVENT as module * [x86] hwtracing: Enable INTEL_TH, INTEL_TH_PCI, INTEL_TH_GTH, INTEL_TH_MSU, INTEL_TH_PTI as modules * [rt] tracing: Enable HWLAT_TRACER * [x86] crypto: Enable CRYPTO_DEV_QAT_C3XXX, CRYPTO_DEV_QAT_C62X, CRYPTO_DEV_QAT_C3XXXVF, CRYPTO_DEV_QAT_C62XVF as modules * crypto: Enable CRYPTO_DEV_CHELSIO as module * [arm64] Enable ARMV8_DEPRECATED, SWP_EMULATION, CP15_BARRIER_EMULATION, SETEND_EMULATION (Closes: #861384) * udeb: Add tifm_7xx1 to mmc-modules (Closes: #861195) * leds: Enable LEDS_GPIO as module for all configurations with GPIOs (Closes: #860569) * selinux: Set SECURITY_SELINUX_CHECKREQPROT_VALUE=0, per default. This may break some old applications if SELinux is enabled, and can be reverted using the kernel parameter: checkreqprot=1 * udeb: Move mfd-core to kernel-image, as both input-modules and mmc-modules need it * crypto: Change CRYPTO_SHA256 from module to built-in, as required by IMA [ Salvatore Bonaccorso ] * ping: implement proper locking (CVE-2017-2671) * macsec: avoid heap overflow in skb_to_sgvec (CVE-2017-7477) * macsec: dynamically allocate space for sglist * nfsd: check for oversized NFSv2/v3 arguments (CVE-2017-7645) * nfsd4: minor NFSv2/v3 write decoding cleanup * nfsd: stricter decoding of write-like NFSv2/v3 ops (CVE-2017-7895) [ Aurelien Jarno ] * [mips*/octeon] Drop obsolete patch adding support for the UBNT E200 board. * [mips*el/loongson-3] Disable PAGE_EXTENSION and PAGE_POISONING. [ John Paul Adrian Glaubitz ] * [m68k] udeb: Enable suffix for kernel-image (Closes: #859366) -- Ben Hutchings Tue, 02 May 2017 16:21:44 +0100 linux (4.9.18-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.17 - net/mlx5e: Register/unregister vport representors on interface attach/detach - net/mlx5e: Do not reduce LRO WQE size when not using build_skb - net/mlx5e: Fix wrong CQE decompression - vxlan: correctly validate VXLAN ID against VXLAN_N_VID - vti6: return GRE_KEY for vti6 - vxlan: don't allow overwrite of config src addr - ipv4: mask tos for input route - net sched actions: decrement module reference count after table flush. - l2tp: avoid use-after-free caused by l2tp_ip_backlog_recv - net: phy: Avoid deadlock during phy_error() - vxlan: lock RCU on TX path - geneve: lock RCU on TX path - tcp/dccp: block BH for SYN processing - net: bridge: allow IPv6 when multicast flood is disabled - net: don't call strlen() on the user buffer in packet_bind_spkt() - net: net_enable_timestamp() can be called from irq contexts - ipv6: orphan skbs in reassembly unit - dccp: Unlock sock before calling sk_free() - strparser: destroy workqueue on module exit - tcp: fix various issues for sockets morphing to listen state - net: fix socket refcounting in skb_complete_wifi_ack() - net: fix socket refcounting in skb_complete_tx_timestamp() - net/sched: act_skbmod: remove unneeded rcu_read_unlock in tcf_skbmod_dump - dccp: fix use-after-free in dccp_feat_activate_values - vrf: Fix use-after-free in vrf_xmit - net/tunnel: set inner protocol in network gro hooks - act_connmark: avoid crashing on malformed nlattrs with null parms - mpls: Send route delete notifications when router module is unloaded - mpls: Do not decrement alive counter for unregister events - ipv6: make ECMP route replacement less greedy - ipv6: avoid write to a possibly cloned skb - bridge: drop netfilter fake rtable unconditionally - dccp/tcp: fix routing redirect race - tun: fix premature POLLOUT notification on tun devices - dccp: fix memory leak during tear-down of unsuccessful connection request - bpf: Detect identical PTR_TO_MAP_VALUE_OR_NULL registers - bpf: fix state equivalence - bpf: fix regression on verifier pruning wrt map lookups - bpf: fix mark_reg_unknown_value for spilled regs on map value marking - dmaengine: iota: ioat_alloc_chan_resources should not perform sleeping allocations. - xen: do not re-use pirq number cached in pci device msi msg data - igb: Workaround for igb i210 firmware issue - igb: add i211 to i210 PHY workaround - [x86] hyperv: Handle unknown NMIs on one CPU when unknown_nmi_panic - PCI: Separate VF BAR updates from standard BAR updates - PCI: Remove pci_resource_bar() and pci_iov_resource_bar() - PCI: Decouple IORESOURCE_ROM_ENABLE and PCI_ROM_ADDRESS_ENABLE - PCI: Don't update VF BARs while VF memory space is enabled - PCI: Update BARs using property bits appropriate for type - PCI: Ignore BAR updates on virtual functions - PCI: Do any VF BAR updates before enabling the BARs - [powerpc*] ibmveth: calculate gso_segs for large packets - [x86] Drivers: hv: ring_buffer: count on wrap around mappings in get_next_pkt_raw() (v2) - vfio/spapr: Postpone allocation of userspace version of TCE table - [powerpc*] iommu: Stop using @current in mm_iommu_xxx - [powerpc*] vfio/spapr: Reference mm in tce_container - [powerpc*] mm/iommu, vfio/spapr: Put pages on VFIO container shutdown - [powerpc*] vfio/spapr: Add a helper to create default DMA window - [powerpc*] vfio/spapr: Postpone default window creation - drm/nouveau/disp/gp102: fix cursor/overlay immediate channel indices - drm/nouveau/disp/nv50-: split chid into chid.ctrl and chid.user - drm/nouveau/disp/nv50-: specify ctrl/user separately when constructing classes - block: allow WRITE_SAME commands with the SG_IO ioctl - [s390x] zcrypt: Introduce CEX6 toleration - uvcvideo: uvc_scan_fallback() for webcams with broken chain - [x86] ACPI / blacklist: add _REV quirks for Dell Precision 5520 and 3520 - [x86] ACPI / blacklist: Make Dell Latitude 3350 ethernet work - serial: 8250_pci: Detach low-level driver during PCI error recovery - [armhf] clk: bcm2835: Fix ->fixed_divider of pllh_aux - [armhf] drm/vc4: Fix race between page flip completion event and clean-up - [armhf] drm/vc4: Fix ->clock_select setting for the VEC encoder - [arm64] KVM: VHE: Clear HCR_TGE when invalidating guest TLBs - [armhf,arm64] irqchip/gicv3-its: Add workaround for QDF2400 ITS erratum 0065 - [x86] tsc: Fix ART for TSC_KNOWN_FREQ - [x86] perf: Fix CR4.PCE propagation to use active_mm instead of mm - futex: Fix potential use-after-free in FUTEX_REQUEUE_PI - futex: Add missing error handling to FUTEX_REQUEUE_PI - locking/rwsem: Fix down_write_killable() for CONFIG_RWSEM_GENERIC_SPINLOCK=y - [powerpc*] crypto: Fix initialisation of crc32c context https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.18 - [armhf] drm/vc4: Fix termination of the initial scan for branch targets. - [armhf] drm/vc4: Use runtime autosuspend to avoid thrashing V3D power state. - qla2xxx: Fix memory leak for abts processing - qla2xxx: Fix request queue corruption. - [hppa] Optimize flush_kernel_vmap_range and invalidate_kernel_vmap_range - [hppa] Fix system shutdown halt - perf/core: Fix use-after-free in perf_release() - perf/core: Fix event inheritance on fork() - NFS prevent double free in async nfs4_exchange_id - cpufreq: Fix and clean up show_cpuinfo_cur_freq() - [powerpc*] boot: Fix zImage TOC alignment - md/raid1/10: fix potential deadlock - target/pscsi: Fix TYPE_TAPE + TYPE_MEDIMUM_CHANGER export - scsi: lpfc: Add shutdown method for kexec - scsi: libiscsi: add lock around task lists to fix list corruption regression - target: Fix VERIFY_16 handling in sbc_parse_cdb - isdn/gigaset: fix NULL-deref at probe - gfs2: Avoid alignment hole in struct lm_lockname - percpu: acquire pcpu_lock when updating pcpu_nr_empty_pop_pages - cgroup/pids: remove spurious suspicious RCU usage warning - [x86] drm/amdgpu/si: add dpm quirk for Oland - ext4: fix fencepost in s_first_meta_bg validation (Closes: #856808) [ Ben Hutchings ] * [powerpc*] Ignore ABI changes in cxl (fixes FTBFS) (Closes: #858530) and IOMMU setup * Ignore ABI changes in bpf, dccp, libiscsi * [x86] Ignore ABI changes in kvm * [rt] Update to 4.9.18-rt14: - lockdep: Fix per-cpu static objects - futex: Cleanup variable names for futex_top_waiter() - futex: Use smp_store_release() in mark_wake_futex() - futex: Remove rt_mutex_deadlock_account_*() - futex,rt_mutex: Provide futex specific rt_mutex API - futex: Change locking rules - futex: Cleanup refcounting - futex: Rework inconsistent rt_mutex/futex_q state - futex: Pull rt_mutex_futex_unlock() out from under hb->lock - futex,rt_mutex: Introduce rt_mutex_init_waiter() - futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock() - futex: Rework futex_lock_pi() to use rt_mutex_*_proxy_lock() - futex: Futex_unlock_pi() determinism - futex: Drop hb->lock before enqueueing on the rtmutex - futex: workaround migrate_disable/enable in different context - Revert "kernel/futex: don't deboost too early" * xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (CVE-2017-7184) * xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (CVE-2017-7184) * scsi: sg: check length passed to SG_NEXT_CMD_LEN (CVE-2017-7187) * [x86] vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl() (CVE-2017-7261) * [x86] drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl() (CVE-2017-7294) * net/packet: Fix integer overflow in various range checks (CVE-2017-7308) * [arm64] rtc: tegra: Implement clock handling (Closes: #858514) * [armhf] sound/soc: Enable SND_SUN4I_SPDIF as module (Closes: #857410) * [arm64,x86] Enable CROS_KBD_LED_BACKLIGHT as module (Closes: #856906) * netfilter: nft_ct: add notrack support (Closes: #845500) * w1: Enable W1_MASTER_GPIO as module (Closes: #858975) [ James Clarke ] * [sparc64] udeb: Re-add ufs-modules (Closes: #858049) -- Ben Hutchings Thu, 30 Mar 2017 02:16:33 +0100 linux (4.9.16-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.14 - [mips*] Fix special case in 64 bit IP checksumming. - [mips*/octeon] Fix copy_from_user fault handling for large buffers - mmc: sdhci-acpi: support deferred probe - uvcvideo: Fix a wrong macro - media: fix dm1105.c build error - lirc_dev: LIRC_{G,S}ET_REC_MODE do not work - media: Properly pass through media entity types in entity enumeration - ext4: fix deadlock between inline_data and ext4_expand_extra_isize_ea() - [x86] ALSA: hda/realtek - Cannot adjust speaker's volume on a Dell AIO - [x86] ALSA: hda - fix Lewisburg audio issue - ALSA: timer: Reject user params with too small ticks - ALSA: ctxfi: Fallback DMA mask to 32bit - ALSA: seq: Fix link corruption by event error handling - [x86] ALSA: hda - Add subwoofer support for Dell Inspiron 17 7000 Gaming - [x86] ALSA: hda - Fix micmute hotkey problem for a lenovo AIO machine - hwmon: (it87) Do not overwrite bit 2..6 of pwm control registers - hwmon: (it87) Ensure that pwm control cache is current before updating values - [x86] staging/lustre/lnet: Fix allocation size for sv_cpt_data - staging: rtl: fix possible NULL pointer dereference - regulator: Fix regulator_summary for deviceless consumers - tpm_tis: fix the error handling of init_tis() - [x86] iommu/vt-d: Fix some macros that are incorrectly specified in intel-iommu - [x86] iommu/vt-d: Tylersburg isoch identity map check is done too late. - CIFS: Fix splice read for non-cached files - [x86] mm, devm_memremap_pages: hold device_hotplug lock over mem_hotplug_{begin, done} - mm/page_alloc: fix nodes for reclaim in fast path - mm: vmpressure: fix sending wrong events on underflow - mm: do not access page->mapping directly on page_endio - mm balloon: umount balloon_mnt when removing vb device - mm, vmscan: cleanup lru size claculations - mm, vmscan: consider eligible zones in get_scan_count - sigaltstack: support SS_AUTODISARM for CONFIG_COMPAT - PM / devfreq: Fix available_governor sysfs - PM / devfreq: Fix wrong trans_stat of passive devfreq device - dm cache: fix corruption seen when using cache > 2TB - dm stats: fix a leaked s->histogram_boundaries array - dm round robin: revert "use percpu 'repeat_count' and 'current_path'" - dm raid: fix data corruption on reshape request - [x86] scsi: storvsc: use tagged SRB requests if supported by the device - [x86] scsi: storvsc: properly handle SRB_ERROR when sense message is present - [x86] scsi: storvsc: properly set residual data length on errors - scsi: aacraid: Reorder Adapter status check - scsi: use 'scsi_device_from_queue()' for scsi_dh - Fix: Disable sys_membarrier when nohz_full is enabled - jbd2: don't leak modified metadata buffers on an aborted journal - block/loop: fix race between I/O and set_status - loop: fix LO_FLAGS_PARTSCAN hang - ext4: Include forgotten start block on fallocate insert range - ext4: do not polute the extents cache while shifting extents - ext4: trim allocation requests to group size - ext4: fix data corruption in data=journal mode - ext4: fix use-after-iput when fscrypt contexts are inconsistent - ext4: fix inline data error paths - ext4: preserve the needs_recovery flag when the journal is aborted - ext4: return EROFS if device is r/o and journal replay is needed - mei: remove support for broken parallel read - ath10k: fix boot failure in UTF mode/testmode - ath5k: drop bogus warning on drv_set_key with unsupported cipher - ath9k: fix race condition in enabling/disabling IRQs - ath9k: use correct OTP register offsets for the AR9340 and AR9550 - [x86] PCI: hv: Fix wslot_to_devfn() to fix warnings on device removal - [x86] Drivers: hv: vmbus: Raise retry/wait limits in vmbus_post_msg() - perf callchain: Reference count maps - crypto: testmgr - Pad aes_ccm_enc_tv_template vector - fuse: add missing FR_FORCE - [x86] pkeys: Check against max pkey to avoid overflows - [armhf,arm64] KVM: Enforce unconditional flush to PoC when mapping to stage-2 - [arm64] dma-mapping: Fix dma_mapping_error() when bypassing SWIOTLB - [arm64] fix erroneous __raw_read_system_reg() cases - [armhf,arm64] KVM: vgic: Stop injecting the MSI occurrence twice - can: gs_usb: Don't use stack memory for USB transfers - can: usb_8dev: Fix memory leak of priv->cmd_msg_buffer - w1: don't leak refcount on slave attach failure in w1_attach_slave_device() - w1: ds2490: USB transfer buffers need to be DMAable - usb: dwc3: gadget: skip Set/Clear Halt when invalid - usb: host: xhci: plat: check hcc_params after add hcd - usb: gadget: udc-core: Rescan pending list on driver unbind - usb: gadget: f_hid: fix: Free out requests - usb: gadget: f_hid: fix: Prevent accessing released memory - usb: gadget: f_hid: Use spinlock instead of mutex - [x86] hv: allocate synic pages for all present CPUs - [x86] hv: init percpu_list in hv_synic_alloc() - [x86] hv: don't reset hv_context.tsc_page on crash - [x86] Drivers: hv: vmbus: Prevent sending data on a rescinded channel - [x86] Drivers: hv: vmbus: Fix a rescind handling bug - [x86] Drivers: hv: util: kvp: Fix a rescind processing issue - [x86] Drivers: hv: util: Fcopy: Fix a rescind processing issue - [x86] Drivers: hv: util: Backup: Fix a rescind processing issue - RDMA/core: Fix incorrect structure packing for booleans - rdma_cm: fail iwarp accepts w/o connection params - gfs2: Add missing rcu locking for glock lookup - [arm64] remoteproc: qcom: mdt_loader: Don't overwrite firmware object - rtlwifi: Fix alignment issues - rtlwifi: rtl8192c-common: Fix "BUG: KASAN: - [m68k] VME: restore bus_remove function causing incomplete module unload - nfsd: minor nfsd_setattr cleanup - nfsd: special case truncates some more - NFSv4: Fix memory and state leak in _nfs4_open_and_get_state - NFSv4: Fix reboot recovery in copy offload - pNFS/flexfiles: If the layout is invalid, it must be updated before retrying - NFSv4: fix getacl head length estimation - NFSv4: fix getacl ERANGE for some ACL buffer sizes - f2fs: fix a problem of using memory after free - f2fs: fix multiple f2fs_add_link() calls having same name - f2fs: add ovp valid_blocks check for bg gc victim to fg_gc - f2fs: avoid to issue redundant discard commands - [armhf] rtc: sun6i: Disable the build as a module - [armhf] rtc: sun6i: Add some locking - [armhf] rtc: sun6i: Switch to the external oscillator - md linear: fix a race between linear_add() and linear_congested() - bcma: use (get|put)_device when probing/removing device driver - [armhf] dmaengine: ipu: Make sure the interrupt routine checks all interrupts. - xprtrdma: Fix Read chunk padding - xprtrdma: Per-connection pad optimization - xprtrdma: Disable pad optimization by default - xprtrdma: Reduce required number of send SGEs - [powerpc*] xmon: Fix data-breakpoint - [powerpc*] mm: Add MMU_FTR_KERNEL_RO to possible feature mask - [powerpc*] mm/hash: Always clear UPRT and Host Radix bits when setting up CPU - scsi: lpfc: Correct WQ creation for pagesize - ceph: update readpages osd request according to size of pages - netfilter: conntrack: remove GC_MAX_EVICTS break - netfilter: conntrack: refine gc worker heuristics, redux https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.15 - tty: n_hdlc: get rid of racy n_hdlc.tbuf (CVE-2017-2636) (Closes: #858122) - serial: 8250_pci: Add MKS Tenta SCOM-0800 and SCOM-0801 cards - [s390x] KVM: Disable dirty log retrieval for UCONTROL guests - [x86] KVM: VMX: use correct vmcs_read/write for guest segment selector/base - Bluetooth: Add another AR3012 04ca:3018 device - [s390x] qdio: clear DSCI prior to scanning multiple input queues - [s390x] dcssblk: fix device size calculation in dcssblk_direct_access() - [s390x] kdump: Use "LINUX" ELF note name instead of "CORE" - [s390x] chsc: Add exception handler for CHSC instruction - [s390x] TASK_SIZE for kernel threads - [s390x] make setup_randomness work - [s390x] use correct input data address for setup_randomness - [armhf] net: mvpp2: fix DMA address calculation in mvpp2_txq_inc_put() - [powerpc*] cxl: Prevent read/write to AFU config space while AFU not configured - [powerpc*] cxl: fix nested locking hang during EEH hotplug - brcmfmac: fix incorrect event channel deduction - mnt: Tuck mounts under others instead of creating shadow/side mounts. - IB/ipoib: Fix deadlock between rmmod and set_mode - IB/IPoIB: Add destination address when re-queue packet - IB/mlx5: Fix out-of-bound access - IB/SRP: Avoid using IB_MR_TYPE_SG_GAPS - IB/srp: Avoid that duplicate responses trigger a kernel bug - IB/srp: Fix race conditions related to task management - fs: Better permission checking for submounts - ceph: remove req from unsafe list when unregistering it - [powerpc*] pci/hotplug/pnv-php: Remove WARN_ON() in pnv_php_put_slot() - [powerpc*] pci/hotplug/pnv-php: Disable surprise hotplug capability on conflicts - target: Fix NULL dereference during LUN lookup + active I/O shutdown - [powerpc*] drivers/pci/hotplug: Handle presence detection change properly - [powerpc*] drivers/pci/hotplug: Fix initial state for empty slot - nlm: Ensure callback code also checks that the files match - nfit, libnvdimm: fix interleave set cookie calculation - mac80211: flush delayed work when entering suspend - mac80211: don't reorder frames with SN smaller than SSN - mac80211: don't handle filtered frames within a BA session - mac80211: use driver-indicated transmitter STA only for data frames - [x86] drm/amdgpu: add more cases to DCE11 possible crtc mask setup - [arm64,powerpc*,x86] drm/ast: Fix test for VGA enabled - [arm64,powerpc*,x86] drm/ast: Call open_key before enable_mmio in POST code - [arm64,powerpc*,x86] drm/ast: Fix AST2400 POST failure without BMC FW or VBIOS - drm/edid: Add EDID_QUIRK_FORCE_8BPC quirk for Rotel RSX-1058 - [x86] drm/vmwgfx: Work around drm removal of control nodes - [armhf] dmaengine: imx-sdma - correct the dma transfer residue calculation - drm/atomic: fix an error code in mode_fixup() - [x86] drm/i915/gvt: Disable access to stolen memory as a guest - drm: Cancel drm_fb_helper_dirty_work on unload - drm: Cancel drm_fb_helper_resume_work on unload - [x86] drm/i915: Avoid spurious WARNs about the wrong pipe in the PPS code - [x86] drm/i915: Fix not finding the VBT when it overlaps with OPREGION_ASLE_EXT - libceph: use BUG() instead of BUG_ON(1) - [x86] mm: fix gup_pte_range() vs DAX mappings - [x86] tlb: Fix tlb flushing when lguest clears PGE - thp: fix another corner case of munlock() vs. THPs - mm: do not call mem_cgroup_free() from within mem_cgroup_alloc() - fat: fix using uninitialized fields of fat_inode/fsinfo_inode - [x86] drivers: hv: Turn off write permission on the hypercall page https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.16 - USB: serial: digi_acceleport: fix OOB data sanity check - USB: serial: digi_acceleport: fix OOB-event processing - crypto: improve gcc optimization flags for serpent and wp512 - ucount: Remove the atomicity from ucount->count (CVE-2017-6874) - dw2102: don't do DMA on stack - i2c: add missing of_node_put in i2c_mux_del_adapters - [ppc64el] Emulation support for load/store instructions on LE - [powerpc*] xics: Work around limitations of OPAL XICS priority handling - PCI: Prevent VPD access for QLogic ISP2722 - usb: gadget: dummy_hcd: clear usb_gadget region before registration - usb: dwc3: gadget: make Set Endpoint Configuration macros safe - [armhf] usb: dwc3-omap: Fix missing break in dwc3_omap_set_mailbox() - usb: gadget: function: f_fs: pass companion descriptor along - Revert "usb: gadget: uvc: Add missing call for additional setup data" - usb: host: xhci-plat: Fix timeout on removal of hot pluggable xhci controllers - USB: serial: safe_serial: fix information leak in completion handler - USB: serial: omninet: fix reference leaks at open - USB: iowarrior: fix NULL-deref at probe (CVE-2016-2188) - USB: iowarrior: fix NULL-deref in write - USB: serial: io_ti: fix NULL-deref in interrupt callback - USB: serial: io_ti: fix information leak in completion handler - [armhf] serial: samsung: Continue to work if DMA request fails - [s390x] KVM: Fix guest migration for huge guests resulting in panic - [armhf.arm64] KVM: Let vcpu thread modify its own active state - dm: flush queued bios when process blocks to avoid deadlock - rc: raw decoder for keymap protocol is not loaded on register - ext4: don't BUG when truncating encrypted inodes on the orphan list - IB/mlx5: Verify that Q counters are supported [ Ben Hutchings ] * [media] dvb-usb: don't use stack for firmware load or reset (Closes: #853894) * Kbuild.include: addtree: Remove quotes before matching path (regression in 4.8) (Closes: #856474) * [rt] Update to 4.9.13-rt12: - timer/hrtimer: check properly for a running timer * [rt] Refresh one patch that had a textual conflict with 4.9.14 * Ignore various ABI changes that shouldn't affect OOT modules * userns: Avoid ABI change for CVE-2017-6874 fix * [amd64] Don't WARN about expected W+X pages on Xen (see #852324) * fjes: Disable auto-loading, as this driver matches a very common ACPI ID (Closes: #853976) [ Salvatore Bonaccorso ] * ACPI / EC: Use busy polling mode when GPE is not enabled. Thanks to Jakobus Schurz (Closes: #846792) * Ignore ABI changes for acpi_ec_{add,remove}_query_handler * Ignore ABI change for first_ec (not declared in public header) [ Helge Deller ] * [hppa] Switch to debian default config option for bonding, irda and atalk -- Salvatore Bonaccorso Wed, 22 Mar 2017 17:01:40 +0100 linux (4.9.13-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11 - can: Fix kernel panic at security_sock_rcv_skb - net/mlx5e: Fix update of hash function/key via ethtool - net/sched: matchall: Fix configuration race - ipv6: fix ip6_tnl_parse_tlv_enc_lim() - ipv6: pointer math error in ip6_tnl_parse_tlv_enc_lim() - tcp: fix 0 divide in __tcp_select_window() - stmmac: Discard masked flags in interrupt status register - net: use a work queue to defer net_disable_timestamp() work - netlabel: out of bound access in cipso_v4_validate() - ip6_gre: fix ip6gre_err() invalid reads (CVE-2017-5897) - ipv6: tcp: add a missing tcp_v6_restore_cb() - tcp: avoid infinite loop in tcp_splice_read() (CVE-2017-6214) - tun: read vnet_hdr_sz once - macvtap: read vnet_hdr_size once - rtl8150: Use heap buffers for all register access - catc: Combine failure cleanup code in catc_probe() - catc: Use heap buffer for memory size test - mlx4: Invoke softirqs after napi_reschedule - lwtunnel: valid encap attr check should return 0 when lwtunnel is disabled - sit: fix a double free on error path - net: introduce device min_header_len - packet: round up linear to header len - ping: fix a null pointer dereference - net: dsa: Do not destroy invalid network devices - l2tp: do not use udp_ioctl() - mld: do not remove mld souce list info when set link down - igmp, mld: Fix memory leak in igmpv3/mld_del_delrec() - tcp: fix mark propagation with fwmark_reflect enabled - net/mlx5: Don't unlock fte while still using it - tcp: don't annotate mark on control socket from tcp_v6_send_response() - [x86] fpu/xstate: Fix xcomp_bv in XSAVES header https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.12 - vfs: fix uninitialized flags in splice_to_pipe() - siano: make it work again with CONFIG_VMAP_STACK - fuse: fix use after free issue in fuse_dev_do_read() - fuse: fix uninitialized flags in pipe_buffer - mmc: core: fix multi-bit bus width without high-speed mode - [powerpc*/*64*] Disable use of radix under a hypervisor - scsi: don't BUG_ON() empty DMA transfers - Fix missing sanity check in /dev/sg - [x86] Input: elan_i2c - add ELAN0605 to the ACPI table - drm/radeon: Use mode h/vdisplay fields to hide out of bounds HW cursor - drm/dp/mst: fix kernel oops when turning off secondary monitor - futex: Move futex_init() to core_initcall - [armel,armhf] 8658/1: uaccess: fix zeroing of 64-bit get_user() - Revert "i2c: designware: detect when dynamic tar update is possible" - PCI/PME: Restore pcie_pme_driver.remove - printk: use rcuidle console tracepoint - timekeeping: Use deferred printk() in debug code - bcache: Make gc wakeup sane, remove set_task_state() - videodev2.h: go back to limited range Y'CbCr for SRGB and, ADOBERGB https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13 - net/mlx5e: Disable preemption when doing TC statistics upcall - net/llc: avoid BUG_ON() in skb_orphan() (CVE-2017-6345) - net: ethernet: ti: cpsw: fix cpsw assignment in resume (regression in 4.9) - packet: fix races in fanout_add() (CVE-2017-6346) - packet: Do not call fanout_release from atomic contexts (regression in 4.9) - net: neigh: Fix netevent NETEVENT_DELAY_PROBE_TIME_UPDATE notification - dccp: fix freeing skb too early for IPV6_RECVPKTINFO (CVE-2017-6074) - vxlan: fix oops in dev_fill_metadata_dst (regression in 4.6) - irda: Fix lockdep annotations in hashbin_delete(). (CVE-2017-6348) - ptr_ring: fix race conditions when resizing - ip: fix IP_CHECKSUM handling (regression in 4.0) (CVE-2017-6347) - net: socket: fix recvmmsg not returning error from sock_error (regression in 4.6) - USB: serial: mos7840: fix another NULL-deref at open - USB: serial: ftdi_sio: fix modem-status error handling - USB: serial: ftdi_sio: fix extreme low-latency setting - USB: serial: ftdi_sio: fix line-status over-reporting - USB: serial: spcp8x5: fix modem-status handling - USB: serial: opticon: fix CTS retrieval at open - USB: serial: ark3116: fix register-accessor error handling - netfilter: nf_ct_helper: warn when not applying default helper assignment - block: fix double-free in the failure path of cgwb_bdi_init() - rtlwifi: rtl_usb: Fix for URB leaking when doing ifconfig up/down - xfs: clear delalloc and cache on buffered write failure [ Ben Hutchings ] * [armel] dts: kirkwood: Fix SATA pinmux-ing for TS419 (Closes: #855017) * [armhf] Enable DRM_OMAP_PANEL_TPO_TD028TTEC1, PWM_OMAP_DMTIMER as modules (Closes: #855472) * net: Ignore ABI changes to can_rx_register(), ip6_xmit() * net: Avoid ABI change for min_header_len * udeb: Add more USB host and dual-role drivers to usb-modules (Closes: #856111) * [x86] kvm: fix page struct leak in handle_vmon (CVE-2017-2596) * ipc/shm: Fix shmat mmap nil-page protection (CVE-2017-5669) * time: Disable TIMER_STATS (CVE-2017-5967) * sctp: deny peeloff operation on asocs with threads sleeping on it (CVE-2017-6353) * [rt] Update to 4.9.13-rt10: - sched/rt: Add a missing rescheduling point - lockdep: Handle statically initialized PER_CPU locks proper - Change export of rt_mutex_destroy() back to GPL-only -- Ben Hutchings Mon, 27 Feb 2017 15:58:07 +0000 linux (4.9.10-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.7 - drm: Schedule the output_poll_work with 1s delay if we have delayed event - drm: Fix broken VT switch with video=1366x768 option - [x86] drm/i915: Ignore bogus plane coordinates on SKL when the plane is not visible - [armhf,arm64] drm/vc4: Fix memory leak of the CRTC state. - [armhf,arm64] drm/vc4: fix a bounds check - Revert "drm/radeon: always apply pci shutdown callbacks" - drm/atomic: clear out fence when duplicating state - mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp - mm/mempolicy.c: do not put mempolicy before using its nodemask - mm, page_alloc: fix check for NULL preferred_zone - mm, page_alloc: fix fast-path race with cpuset update or removal - mm, page_alloc: move cpuset seqcount checking to slowpath - mm, page_alloc: fix premature OOM when racing with cpuset mems update - userns: Make ucounts lock irq-safe - sysctl: fix proc_doulongvec_ms_jiffies_minmax() - xfs: prevent quotacheck from overloading inode lru - ISDN: eicon: silence misleading array-bounds warning - Btrfs: remove old tree_root case in btrfs_read_locked_inode() - Btrfs: disable xattr operations on subvolume directories - Btrfs: remove ->{get, set}_acl() from btrfs_dir_ro_inode_operations - RDMA/cma: Fix unknown symbol when CONFIG_IPV6 is not enabled - [s390x] mm: Fix cmma unused transfer from pgste into pte - [s390x] ptrace: Preserve previous registers for short regset write - IB/cxgb3: fix misspelling in header guard - IB/iser: Fix sg_tablesize calculation - IB/srp: fix mr allocation when the device supports sg gaps - IB/srp: fix invalid indirect_sg_entries parameter value - can: c_can_pci: fix null-pointer-deref in c_can_start() - set device pointer - can: ti_hecc: add missing prepare and unprepare of the clock - [hppa] Don't use BITS_PER_LONG in userspace-exported swab.h header - nfs: Don't increment lock sequence ID after NFS4ERR_MOVED - NFSv4.1: Fix a deadlock in layoutget - NFSv4.0: always send mode in SETATTR after EXCLUSIVE4 - SUNRPC: cleanup ida information when removing sunrpc module - iw_cxgb4: free EQ queue memory on last deref - pctv452e: move buffer to heap, no mutex - v4l: tvp5150: Reset device at probe time, not in get/set format handlers - v4l: tvp5150: Fix comment regarding output pin muxing - v4l: tvp5150: Don't override output pinmuxing at stream on/off time - [x86] drm/i915: Clear ret before unbinding in i915_gem_evict_something() - [x86] drm/i915: prevent crash with .disable_display parameter - [x86] drm/i915: Don't leak edid in intel_crt_detect_ddc() - [x86] drm/i915: Don't init hpd polling for vlv and chv from runtime_suspend() - [x86] drm/i915: Fix calculation of rotated x and y offsets for planar formats - [x86] drm/i915: Check for NULL atomic state in intel_crtc_disable_noatomic() - IB/umem: Release pid in error and ODP flow - [x86] pinctrl: baytrail: Rectify debounce support - memory_hotplug: make zone_can_shift() return a boolean value - virtio_mmio: Set DMA masks appropriately - mm, memcg: do not retry precharge charges - perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race (CVE-2017-6001) - [x86] drm/i915: Remove WaDisableLSQCROPERFforOCL KBL workaround. https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.8 - r8152: fix the sw rx checksum is unavailable - [x86] netvsc: add rcu_read locking to netvsc callback - net: lwtunnel: Handle lwtunnel_fill_encap failure - net: ipv4: fix table id in getroute response - tcp: fix tcp_fastopen unaligned access complaints on sparc - openvswitch: maintain correct checksum state in conntrack actions - mlx4: do not call napi_schedule() without care - ip6_tunnel: Account for tunnel header in tunnel MTU - ax25: Fix segfault after sock connection timeout - net sched actions: fix refcnt when GETing of action after bind - virtio: don't set VIRTIO_NET_HDR_F_DATA_VALID on xmit - virtio-net: restore VIRTIO_HDR_F_DATA_VALID on receiving - vxlan: fix byte order of vxlan-gpe port number - net: fix harmonize_features() vs NETIF_F_HIGHDMA - lwtunnel: fix autoload of lwt modules - ipv6: addrconf: Avoid addrconf_disable_change() using RCU read-side lock - tcp: initialize max window for a new fastopen socket - net/mlx5e: Do not recycle pages from emergency reserve - bridge: netlink: call br_changelink() during br_dev_newlink() - net: mpls: Fix multipath selection for LSR use case - r8152: don't execute runtime suspend if the tx is not empty - af_unix: move unix_mknod() out of bindlock - net: Specify the owning module for lwtunnel ops - lwtunnel: Fix oops on state free after encap module unload - [armhf] net: dsa: Bring back device detaching in dsa_slave_suspend() - xfs: bump up reserved blocks in xfs_alloc_set_aside - xfs: fix bogus minleft manipulations - xfs: adjust allocation length in xfs_alloc_space_available - xfs: don't rely on ->total in xfs_alloc_space_available - xfs: don't print warnings when xfs_log_force fails - xfs: make the ASSERT() condition likely - xfs: sanity check directory inode di_size - xfs: add missing include dependencies to xfs_dir2.h - xfs: replace xfs_mode_to_ftype table with switch statement - xfs: sanity check inode mode when creating new dentry - xfs: sanity check inode di_mode - xfs: don't wrap ID in xfs_dq_get_next_id - xfs: fix xfs_mode_to_ftype() prototype - xfs: fix COW writeback race - xfs: verify dirblocklog correctly - xfs: remove racy hasattr check from attr ops - xfs: extsize hints are not unlikely in xfs_bmap_btalloc - xfs: clear _XBF_PAGES from buffers when readahead page - xfs: fix bmv_count confusion w/ shared extents https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.9 - PCI/ASPM: Handle PCI-to-PCIe bridges as roots of PCIe hierarchies - ext4: validate s_first_meta_bg at mount time (CVE-2016-10208) - [x86] efi: Always map the first physical page into the EFI pagetables - [arm64] efi/fdt: Avoid FDT manipulation after ExitBootServices() (Closes: #853170) - HID: cp2112: fix sleep-while-atomic - HID: cp2112: fix gpio-callback error handling - [x86] pinctrl: baytrail: Add missing spinlock usage in byt_gpio_irq_handler - [x86] drm/amdgpu/si: fix crash on headless asics - drm/nouveau/disp/gt215: Fix HDA ELD handling (thus, HDMI audio) on gt215 - drm/nouveau/nv1a,nv1f/disp: fix memory clock rate retrieval - crypto: api - Clear CRYPTO_ALG_DEAD bit before registering an alg - crypto: arm64/aes-blk - honour iv_out requirement in CBC and CTR modes - perf/core: Fix use-after-free bug - perf/core: Fix PERF_RECORD_MMAP2 prot/flags for anonymous memory - ata: sata_mv:- Handle return value of devm_ioremap. - libata: apply MAX_SEC_1024 to all CX1-JB*-HP devices - libata: Fix ATA request sense - [powerpc*] eeh: Fix wrong flag passed to eeh_unfreeze_pe() - [powerpc*] Add missing error check to prom_find_boot_cpu() - [powerpc*] mm: Use the correct pointer when setting a 2MB pte - NFSD: Fix a null reference case in find_or_create_lock_stateid() - svcrpc: fix oops in absence of krb5 module - zswap: disable changing params if init fails - cifs: initialize file_info_lock - mm/memory_hotplug.c: check start_pfn in test_pages_in_a_zone() - base/memory, hotplug: fix a kernel oops in show_valid_zones() - mm, fs: check for fatal signals in do_generic_file_read() - tracing: Fix hwlat kthread migration - can: bcm: fix hrtimer/tasklet termination in bcm op removal - cgroup: don't online subsystems before cgroup_name/path() are operational - mmc: sdhci: Ignore unexpected CARD_INT interrupts - vhost: fix initialization for vq->is_le - [armhf] regulator: axp20x: AXP806: Fix dcdcb being set instead of dcdce - percpu-refcount: fix reference leak during percpu-atomic transition - [x86] pinctrl: baytrail: Debounce register is one per community - [x86] pinctrl: intel: merrifield: Add missed check in mrfld_config_set() - iwlwifi: fix double hyphen in MODULE_FIRMWARE for 8000 - iwlwifi: mvm: avoid crash on restart w/o reserved queues - HID: usbhid: Quirk a AMI virtual mouse and keyboard with ALWAYS_POLL - HID: hid-lg: Fix immediate disconnection of Logitech Rumblepad 2 - HID: wacom: Fix poor prox handling in 'wacom_pl_irq' - [x86] perf/intel/uncore: Clean up hotplug conversion fallout - [armhf] dmaengine: cppi41: Fix runtime PM timeouts with USB mass storage - [armhf] dmaengine: cppi41: Fix oops in cppi41_runtime_resume - [x86] KVM: do not save guest-unsupported XSAVE state - USB: Add quirk for WORLDE easykey.25 MIDI keyboard - usb: musb: Fix host mode error -71 regression - usb: gadget: f_fs: Assorted buffer overflow checks. - irqdomain: Avoid activating interrupts more than once - [x86] irq: Make irq activate operations symmetric - iw_cxgb4: set correct FetchBurstMax for QPs - fs: break out of iomap_file_buffered_write on fatal signals - [x86] drm/i915/execlists: Reset RING registers upon resume (Closes: #855055) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10 - [x86] cpufreq: intel_pstate: Disable energy efficiency optimization - acpi, nfit: fix acpi_nfit_flush_probe() crash - [x86] libnvdimm, namespace: do not delete namespace-id 0 - [x86] libnvdimm, pfn: fix memmap reservation size versus 4K alignment - dm rq: cope with DM device destruction while in dm_old_request_fn() - crypto: algif_aead - Fix kernel panic on list_del - [x86] crypto: qat - fix bar discovery for c62x - [x86] crypto: qat - zero esram only for DH85x devices - [x86] crypto: ccp - Fix DMA operations when IOMMU is enabled - [x86] crypto: ccp - Fix double add when creating new DMA command - Input: uinput - fix crash when mixing old and new init style - selinux: fix off-by-one in setprocattr (CVE-2017-2618) - [x86] Revert "x86/ioapic: Restore IO-APIC irq_chip retrigger callback" - rtlwifi: rtl8192ce: Fix loading of incorrect firmware (Closes: #853073) - cpumask: use nr_cpumask_bits for parsing functions (Closes: #848682) - [armel,armhf] 8643/3: arm/ptrace: Preserve previous registers for short regset write - [x86] drm/i915: fix use-after-free in page_flip_completed() - [x86] drm/i915/bxt: Add MST support when do DPLL calculation - drm/atomic: Fix double free in drm_atomic_state_default_clear - target: Don't BUG_ON during NodeACL dynamic -> explicit conversion - target: Use correct SCSI status during EXTENDED_COPY exception - target: Fix early transport_generic_handle_tmr abort scenario - target: Fix multi-session dynamic se_node_acl double free OOPs - target: Fix COMPARE_AND_WRITE ref leak for non GOOD status - [armhf] dts: imx6dl: fix GPIO4 range - [armhf] 8642/1: LPAE: catch pending imprecise abort on unmask - [x86] drm/i915: Always convert incoming exec offsets to non-canonical - nl80211: Fix mesh HT operation check - mac80211: Fix adding of mesh vendor IEs - net/mlx5e: Modify TIRs hash only when it's needed - [x86] Drivers: hv: vmbus: Base host signaling strictly on the ring state - [x86] Drivers: hv: vmbus: On write cleanup the logic to interrupt the host - [x86] Drivers: hv: vmbus: On the read path cleanup the logic to interrupt the host - [x86] Drivers: hv: vmbus: finally fix hv_need_to_signal_on_read() - [s390x] scsi: zfcp: fix use-after-free by not tracing WKA port open/close on failed send - scsi: aacraid: Fix INTx/MSI-x issue with older controllers - scsi: mpt3sas: disable ASPM for MPI2 controllers - scsi: qla2xxx: Avoid that issuing a LIP triggers a kernel crash - btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls - [powerpc*] mm/radix: Update ERAT flushes when invalidating TLB - [powerpc*] powernv: Fix CPU hotplug to handle waking on HVI - xen-netfront: Delete rx_refill_timer in xennet_disconnect_backend() - ALSA: hda - adding a new NV HDMI/DP codec ID in the driver - ALSA: seq: Fix race at creating a queue - ALSA: seq: Don't handle loop timeout at snd_seq_pool_done() - Revert "ALSA: line6: Only determine control port properties if needed" - [x86] mm/ptdump: Fix soft lockup in page table walker - [x86] CPU/AMD: Bring back Compute Unit ID - [x86] CPU/AMD: Fix Zen SMT topology - IB/rxe: Fix resid update - IB/rxe: Fix mem_check_range integer overflow (CVE-2016-8636) - stacktrace, lockdep: Fix address, newline ugliness - perf diff: Fix -o/--order option behavior (again) - perf diff: Fix segfault on 'perf diff -o N' option - perf/core: Fix crash in perf_event_read() [ Ben Hutchings ] * Bump ABI to 2 * [or1k] Remove configuration, as the port has been abandoned * [arm64] Enable KEXEC (Closes: #852747) * [arm64,armhf,x86] usb: gadget: Enable USB_CONFIGFS, USB_ETH, USB_GADGETFS, USB_FUNCTIONFS, USB_G_SERIAL as modules; USB_CONFIGFS_{SERIAL,ACM,OBEX,NCM,ECM,ECM_SUBSET,RNDIS,EEM,PHONET,MASS_STORAGE}, USB_CONFIGFS_F_{LB_SS,LS,UAC1,UAC2,MIDI,HID,UVC,PRINTER}, USB_ETH_RNDIS, USB_FUNCTIONFS_{ETH,RNDIS,GENERIC} (thanks to Riku Voipio) * [ppc64el] Disable IBMEBUS; this bus does not exist on POWER8 systems * aufs: Update support patchset to aufs4.9-20170206 * [rt] Update to 4.9.9-rt6: - Revert "btrfs: swap free() and trace point in run_ordered_work()" - pinctrl: qcom: Use raw spinlock variants - x86/mm/cpa: avoid wbinvd() for PREEMPT - Revert "radix-tree: Make RT aware" - radix-tree: use local locks - softirq: wake the timer softirq if needed - timers: Don't wake ktimersoftd on every tick - rt: Drop mutex_disable() on !DEBUG configs and the GPL suffix from export symbol - cpuset: Convert callback_lock to raw_spinlock_t * pegasus: Use heap buffers for all register access (Closes: #852556) * test-patches: Use the pkg.linux.notools build profile * test-patches: Set default number of jobs to number of available processors * dccp: Disable auto-loading as mitigation against local exploits * net: ipv6: check route protocol when deleting routes (Closes: #855153) * [arm64] drm: Enable DRM_AST as module (Closes: #820168) - udeb: Add ast to fb-modules * [armel/marvell] hwmon: Enable SENSORS_G762 as module (Closes: #854662) * [m68k] Change MAC8390, MAC_SCSI from built-in to modules (Closes: #826614) - udeb: Add mac8390 to nic-shared-modules * udeb: Add bcache to md-modules (Closes: #718548) * [x86] platform: acer-wmi: setup accelerometer when machine has appropriate notify event (Closes: #853067) * [x86] xen: Fix APIC id mismatch warning on Intel (Closes: #853193) * media: dvb-usb-dibusb-mc-common: Add MODULE_LICENSE (Closes: #853110) [ Roger Shimizu ] * [armel] ARM: dts: orion5x-lschl: Fix model name * [armel] ARM: dts: orion5x-lschl: More consistent naming on linkstation series * [armel] ARM: orion5x: fix Makefile for linkstation-lschl.dtb [ Salvatore Bonaccorso ] * ipv4: keep skb->dst around in presence of IP options (CVE-2017-5970) * sctp: avoid BUG_ON on sctp_wait_for_sndbuf (CVE-2017-5986) -- Ben Hutchings Fri, 17 Feb 2017 13:18:17 +0000 linux (4.9.6-3) unstable; urgency=medium * btree,musb,st_sensors: Ignore ABI changes (fixes FTBFS on armel,armhf) -- Ben Hutchings Sat, 28 Jan 2017 16:11:16 +0000 linux (4.9.6-2) unstable; urgency=medium * linux-cpupower: Use dh-exec architecture filtering for x86-specific files (fixes FTBFS on !x86) -- Ben Hutchings Fri, 27 Jan 2017 22:09:50 +0000 linux (4.9.6-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.3 - iio: common: st_sensors: fix channel data parsing - [mips] staging: octeon: Call SET_NETDEV_DEV() - ALSA: hda - Fix up GPIO for ASUS ROG Ranger - ALSA: hda - Apply asus-mode8 fixup to ASUS X71SL - ALSA: usb-audio: Fix irq/process data synchronization - fscrypt: fix renaming and linking special files - [hppa/parisc] Add line-break when printing segfault info - [hppa/parisc] Mark cr16 clocksource unstable on SMP systems - HID: sensor-hub: Move the memset to sensor_hub_get_feature() - mac80211: initialize fast-xmit 'info' later - asm-prototypes: Clear any CPP defines before declaring the functions - [x86] drm/i915: Fix oopses in the overlay code due to i915_gem_active stuff - [x86] drm/i915: Fix oops in overlay due to frontbuffer tracking - [x86] drm/i915: Force VDD off on the new power seqeuencer before starting to use it - [x86] drm/i915: Initialize overlay->last_flip properly - [x86] KVM: reset MMU on KVM_SET_VCPU_EVENTS - [armhf] usb: musb: core: add clear_ep_rxintr() to musb_platform_ops - [armhf] usb: musb: dsps: implement clear_ep_rxintr() callback - usb: storage: unusual_uas: Add JMicron JMS56x to unusual device - usb: gadgetfs: restrict upper bound on device configuration size - USB: gadgetfs: fix unbounded memory allocation bug - USB: gadgetfs: fix use-after-free bug - USB: gadgetfs: fix checks of wTotalLength in config descriptors - USB: fix problems with duplicate endpoint addresses - usb: gadget: composite: Test get_alt() presence instead of set_alt() - [arm64, armhf] usb: dwc3: core: avoid Overflow events - usb: xhci: fix possible wild pointer - [x86] usb: xhci: apply XHCI_PME_STUCK_QUIRK to Intel Apollo Lake - xhci: free xhci virtual devices with leaf nodes first - usb: xhci: fix return value of xhci_setup_device() - usb: host: xhci: Fix possible wild pointer when handling abort command - xhci: Handle command completion and timeout race - usb: xhci: hold lock over xhci_abort_cmd_ring() - USB: serial: omninet: fix NULL-derefs at open and disconnect - USB: serial: quatech2: fix sleep-while-atomic in close - USB: serial: pl2303: fix NULL-deref at open - USB: serial: keyspan_pda: verify endpoints at probe - USB: serial: spcp8x5: fix NULL-deref at open - USB: serial: io_ti: fix NULL-deref at open - USB: serial: io_ti: fix another NULL-deref at open - USB: serial: io_ti: fix I/O after disconnect - USB: serial: iuu_phoenix: fix NULL-deref at open - USB: serial: garmin_gps: fix memory leak on failed URB submit - USB: serial: ti_usb_3410_5052: fix NULL-deref at open - USB: serial: io_edgeport: fix NULL-deref at open - USB: serial: oti6858: fix NULL-deref at open - USB: serial: cyberjack: fix NULL-deref at open - USB: serial: kobil_sct: fix NULL-deref in write - USB: serial: mos7840: fix NULL-deref at open - USB: serial: mos7720: fix NULL-deref at open - USB: serial: mos7720: fix use-after-free on probe errors - USB: serial: mos7720: fix parport use-after-free on probe errors - USB: serial: mos7720: fix parallel probe - usb: xhci-mem: use passed in GFP flags instead of GFP_KERNEL - xhci: Use delayed_work instead of timer for command timeout - xhci: Fix race related to abort operation - [armhf] usb: musb: Fix trying to free already-free IRQ 4 - usb: hub: Move hub_port_disable() to fix warning if PM is disabled - usb: gadget: udc: core: fix return code of usb_gadget_probe_driver() - ALSA: usb-audio: Fix bogus error return in snd_usb_create_stream() - USB: serial: kl5kusb105: abort on open exception path - usb: gadget: Fix second argument of percpu_ida_alloc() - usb: gadget: fix request length error for isoc transfer - [armhf] dts: sun7i: bananapi-m1-plus: Enable USB PHY for USB host support - dibusb: fix possible memory leak in dibusb_rc_query() - USB: serial: io_ti: bind to interface after fw download - [x86] mei: move write cb to completion on credentials failures - iio: accel: st_accel: fix LIS3LV02 reading and scaling - [arm64, armhf] usb: dwc3: ep0: add dwc3_ep0_prepare_one_trb() - [arm64, armhf] usb: dwc3: ep0: explicitly call dwc3_ep0_prepare_one_trb() - [arm64, armhf] usb: dwc3: gadget: always unmap EP0 requests - [x86] drm/i915/dp: add lane_count check in intel_dp_check_link_status - [x86] drm/i915: tune down the fast link training vs boot fail - mac80211: fix tid_agg_rx NULL dereference - nl80211: Use different attrs for BSSID and random MAC addr in scan req - ath10k: fix failure to send NULL func frame for 10.4 - ath10k: use the right length of "background" - efi/efivar_ssdt_load: Don't return success on allocation failure - debugfs: improve DEFINE_DEBUGFS_ATTRIBUTE for !CONFIG_DEBUG_FS - [x86] prctl/uapi: Remove #ifdef for CHECKPOINT_RESTORE - [x86] cpu: Probe CPUID leaf 6 even when cpuid_level == 6 - [x86] platform/x86: fujitsu-laptop: use brightness_set_blocking for LED-setting callbacks - hwmon: (amc6821) sign extension temperature - hwmon: (ds620) Fix overflows seen when writing temperature limits - [armhf] hwmon: (g762) Fix overflows and crash seen when writing limit attributes - hwmon: (lm90) fix temp1_max_alarm attribute - Input: synaptics-rmi4 - unlock on error - [armhf] clk: ti: dra7: fix "failed to lookup clock node gmac_gmii_ref_clk_div" boot message - [amd64] iommu/amd: Missing error code in amd_iommu_init_device() - [amd64] iommu/amd: Fix the left value check of cmd buffer - [x86] iommu/vt-d: Fix pasid table size encoding - [x86] iommu/vt-d: Flush old iommu caches for kdump when the device gets context mapped - [x86] ASoC: cht_bsw_rt5645: Fix leftover kmalloc - [x86] ASoC: Intel: Skylake: Fix a shift wrapping bug - scsi: mvsas: fix command_active typo - target/iscsi: Fix double free in lio_target_tiqn_addtpg() - sbp-target: Fix second argument of percpu_ida_alloc() - relay: check array offset before using it - PCI/MSI: Check for NULL affinity mask in pci_irq_get_affinity() - PM / wakeirq: Fix dedicated wakeirq for drivers not using autosuspend - genirq/affinity: Fix node generation from cpumask - mm/hugetlb.c: use the right pte val for compare in hugetlb_cow - docs-rst: fix LaTeX \DURole renewcommand with Sphinx 1.3+ - mm: khugepaged: close use-after-free race during shmem collapsing - mm: khugepaged: fix radix tree node leak in shmem collapse error path - mm, compaction: fix NR_ISOLATED_* stats for pfn based migration - [s390x] crypto: unlock on error in prng_tdes_read() - [arm64] crypto: sha2-ce - fix for big endian - [arm64] crypto: ghash-ce - fix for big endian - [arm64] crypto: aes-ccm-ce: fix for big endian - [arm64] crypto: sha1-ce - fix for big endian - [arm64] crypto: aes-xts-ce: fix for big endian - [arm64] crypto: aes-ce - fix for big endian - md: MD_RECOVERY_NEEDED is set for mddev->recovery - md: fix refcount problem on mddev when stopping array. - f2fs: remove percpu_count due to performance regression - f2fs: hide a maybe-uninitialized warning - PCI: Add Mellanox device IDs - PCI: Convert broken INTx masking quirks from HEADER to FINAL - PCI: Convert Mellanox broken INTx quirks to be for listed devices only - PCI: Support INTx masking on ConnectX-4 with firmware x.14.1100+ - PCI: Enable access to non-standard VPD for Chelsio devices (cxgb3) - [powerpc/powerpc64,ppc64*] pci/rpadlpar: Fix device reference leaks - [s390x] topology: always use s390 specific sched_domain_topology_level - [s390x] pci: fix dma address calculation in map_sg - drm/radeon: Always store CRTC relative radeon_crtc->cursor_x/y values - [x86] drm/i915: disable PSR by default on HSW/BDW - [x86] drm/i915/gen9: unconditionally apply the memory bandwidth WA - [x86] drm/i915/gen9: fix the WM memory bandwidth WA for Y tiling cases - xfs: don't call xfs_sb_quota_from_disk twice - xfs: check return value of _trans_reserve_quota_nblks - xfs: don't skip cow forks w/ delalloc blocks in cowblocks scan - xfs: don't BUG() on mixed direct and mapped I/O - xfs: provide helper for counting extents from if_bytes - xfs: check minimum block size for CRC filesystems - xfs: fix unbalanced inode reclaim flush locking - xfs: new inode extent list lookup helpers - xfs: factor rmap btree size into the indlen calculations - xfs: always succeed when deduping zero bytes - xfs: remove prev argument to xfs_bmapi_reserve_delalloc - xfs: track preallocation separately in xfs_bmapi_reserve_delalloc() - xfs: use new extent lookup helpers in __xfs_reflink_reserve_cow - xfs: clean up cow fork reservation and tag inodes correctly - xfs: use new extent lookup helpers xfs_file_iomap_begin_delay - xfs: pass post-eof speculative prealloc blocks to bmapi - xfs: Move AGI buffer type setting to xfs_read_agi - xfs: pass state not whichfork to trace_xfs_extlist - xfs: handle cow fork in xfs_bmap_trace_exlist - xfs: forbid AG btrees with level == 0 - xfs: check for bogus values in btree block headers - xfs: complain if we don't get nextents bmap records - xfs: don't crash if reading a directory results in an unexpected hole - xfs: error out if trying to add attrs and anextents > 0 - xfs: don't allow di_size with high bit set - xfs: don't cap maximum dedupe request length - xfs: ignore leaf attr ichdr.count in verifier during log replay - xfs: use GPF_NOFS when allocating btree cursors - xfs: fix double-cleanup when CUI recovery fails - xfs: use the actual AG length when reserving blocks - xfs: fix crash and data corruption due to removal of busy COW extents - xfs: fix max_retries _show and _store functions - clocksource/dummy_timer: Move hotplug callback after the real timers - tick/broadcast: Prevent NULL pointer dereference - Revert "rtlwifi: Fix enter/exit power_save" - Revert "usb: gadget: composite: always set ep->mult to a sensible value" - usb: gadget: composite: always set ep->mult to a sensible value https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.4 - net: vrf: Fix NAT within a VRF - net: vrf: Drop conntrack data after pass through VRF device on Tx - sctp: sctp_transport_lookup_process should rcu_read_unlock when transport is null - inet: fix IP(V6)_RECVORIGDSTADDR for udp sockets - ipv6: handle -EFAULT from skb_copy_bits - net, sched: fix soft lockup in tc_classify - [arm64, armhf] net: stmmac: Fix race between stmmac_drv_probe and stmmac_open - net/sched: cls_flower: Fix missing addr_type in classify - net/mlx5: Check FW limitations on log_max_qp before setting it - net/mlx5: Cancel recovery work in remove flow - net/mlx5: Avoid shadowing numa_node - net/mlx5: Mask destination mac value in ethtool steering rules - net/mlx5: Prevent setting multicast macs for VFs - net/mlx5e: Don't sync netdev state when not registered - net/mlx5e: Disable netdev after close - rtnl: stats - add missing netlink message size checks - net: fix incorrect original ingress device index in PKTINFO - net: ipv4: dst for local input routes should use l3mdev if relevant - drop_monitor: add missing call to genlmsg_end - drop_monitor: consider inserted data in genlmsg_end - flow_dissector: Update pptp handling to avoid null pointer deref. - igmp: Make igmp group member RFC 3376 compliant - ipv4: Do not allow MAIN to be alias for new LOCAL w/ custom rules - net: vrf: Add missing Rx counters - [x86] bpf: change back to orig prog on too many passes - [armhf] net: dsa: bcm_sf2: Do not clobber b53_switch_ops - [armhf] net: dsa: bcm_sf2: Utilize nested MDIO read/write - r8152: split rtl8152_suspend function - r8152: fix rx issue for runtime suspend - [armhf] net: dsa: Ensure validity of dst->ds[0] - net: add the AF_QIPCRTR entries to family name tables - gro: Enter slow-path if there is no tailroom - gro: use min_t() in skb_gro_reset_offset() - gro: Disable frag0 optimization on IPv6 ext headers - net/mlx5e: Remove WARN_ONCE from adaptive moderation code - net: ipv4: Fix multipath selection with vrf - net: vrf: do not allow table id 0 - HID: hid-cypress: validate length of report - ALSA: firewire-tascam: Fix to handle error from initialization of stream data - [powerpc] Fix build warning on 32-bit PPC - [arm64] dts: mt8173: Fix auxadc node - [arm64] dts: bcm2837-rpi-3-b: remove incorrect pwr LED - [arm64] dts: bcm2835: Fix bcm2837 compatible string - svcrdma: Clear xpt_bc_xps in xprt_setup_rdma_bc() error exit arm - [armhf] OMAP5: Fix mpuss_early_init - [armhf] OMAP5: Fix build for PM code - [armhf] OMAP4+: Fix bad fallthrough for cpuidle - [armhf] omap2+: am437x: rollback to use omap3_gptimer_timer_init() - [armel/marvell, armhf] spi: mvebu: fix baudrate calculation for armada variant - ALSA: usb-audio: Add a quirk for Plantronics BT600 - [x86] drm/i915/gen9: Fix PCODE polling during CDCLK change notification - rtlwifi: Fix enter/exit power_save - rtlwifi: rtl_usb: Fix missing entry in USB driver's private data https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5 - Input: xpad - use correct product id for x360w controllers - Input: i8042 - add Pegatron touchpad to noloop table - [armhf] regulator: axp20x: Fix axp809 ldo_io registration error on cold boot - [arm64, armhf] drm/tegra: dpaux: Fix error handling - [arm64, armhf] drm/vc4: Fix a couple error codes in vc4_cl_lookup_bos() - drm/savage: dereferencing an error pointer - zram: revalidate disk under init_lock - zram: support BDI_CAP_STABLE_WRITES - dax: fix deadlock with DAX 4k holes - mm: pmd dirty emulation in page fault handler - mm: fix devm_memremap_pages crash, use mem_hotplug_{begin, done} - ocfs2: fix crash caused by stale lvb with fsdlm plugin - mm, memcg: fix the active list aging for lowmem requests when memcg is enabled - mm: support anonymous stable page - mm/slab.c: fix SLAB freelist randomization duplicate entries (CVE-2017-5546) - mm/hugetlb.c: fix reservation race when freeing surplus pages - [x86] KVM: fix emulation of "MOV SS, null selector" (CVE-2017-2583) - KVM: eventfd: fix NULL deref irqbypass consumer - jump_labels: API for flushing deferred jump label updates - [x86] KVM: flush pending lapic jump label updates on module unload - [x86] KVM: fix NULL deref in vcpu_scan_ioapic - [x86] KVM: add Align16 instruction flag - [x86] KVM: add asm_safe wrapper - [x86] KVM: emulate FXSAVE and FXRSTOR - [x86] KVM: Introduce segmented_write_std (CVE-2017-2584) - efi/libstub/arm*: Pass latest memory map to the kernel - [x86] efi: Prune invalid memory map entries and fix boot regression - [x86] efi: Don't allocate memmap through memblock after mm_init() (Closes: #851928) - nl80211: fix sched scan netlink socket owner destruction - gpio: Move freeing of GPIO hogs before numbing of the device - xfs: Timely free truncated dirty pages - bridge: netfilter: Fix dropping packets that moving through bridge interface - [x86] cpu/AMD: Clean up cpu_llc_id assignment per topology feature - [x86] bugs: Separate AMD E400 erratum and C1E bug - [x86] CPU/AMD: Fix Bulldozer topology - wusbcore: Fix one more crypto-on-the-stack bug - [armhf] usb: musb: fix runtime PM in debugfs - USB: serial: kl5kusb105: fix line-state error handling (CVE-2017-5549) - USB: serial: ch341: fix initial modem-control state - USB: serial: ch341: fix resume after reset - USB: serial: ch341: fix open error handling - USB: serial: ch341: fix control-message error handling - USB: serial: ch341: fix open and resume after B0 - i2c: print correct device invalid address - i2c: fix kernel memory disclosure in dev interface - fix a fencepost error in pipe_advance() (CVE-2017-5550) - xhci: fix deadlock at host remove by running watchdog correctly - btrfs: fix crash when tracepoint arguments are freed by wq callbacks - ASoC: hdmi-codec: use unsigned type to structure members with bit-field - Revert "tty: serial: 8250: add CON_CONSDEV to flags" - pid: fix lockdep deadlock warning due to ucount_lock - mnt: Protect the mountpoint hashtable with mount_lock - drivers: char: mem: Fix thinkos in kmem address checks - [armhf] dmaengine: omap-dma: Fix dynamic lch_map allocation - virtio_blk: avoid DMA to stack for the sense buffer - orinoco: Use shash instead of ahash for MIC calculations - sysrq: attach sysrq handler correctly for 32-bit kernel - [arm64, armhf] extcon: return error code on failure - Clearing FIFOs in RS485 emulation mode causes subsequent transmits to break - sysctl: Drop reference added by grab_header in proc_sys_readdir (CVE-2016-9191) - [s390x] net/af_iucv: don't use paged skbs for TX on HiperSockets - [x86] drm/i915/gen9: Fix PCODE polling timeout in stable backport - drm: Clean up planes in atomic commit helper failure path - drm/radeon: update smc firmware selection for SI - drm/radeon: drop verde dpm quirks - [x86] drm/amdgpu: update si kicker smc firmware - [x86] drm/amdgpu: drop verde dpm quirks - USB: serial: ch341: fix modem-control and B0 handling - net/mlx5: Only cancel recovery work when cleaning up device - i2c: piix4: Avoid race conditions with IMC - [x86] cpu: Fix bootup crashes by sanitizing the argument of the 'clearcpuid=' command-line option - nvme: apply DELAY_BEFORE_CHK_RDY quirk at probe time too - btrfs: fix locking when we put back a delayed ref that's too new - btrfs: fix error handling when run_delayed_extent_op fails - NFS: fix typo in parameter description - pNFS: Fix race in pnfs_wait_on_layoutreturn - NFS: Fix a performance regression in readdir - NFSv4.1: nfs4_fl_prepare_ds must be careful about reporting success. - [armhf] i2c: mux: pca954x: fix i2c mux selection caching - [x86] drm/i915/gen9: Fix PCODE polling during SAGV disabling - drm: avoid uninitialized timestamp use in wait_vblank - [arm64, armhf] drm/panel: simple: Check against num_timings when setting preferred for timing - [x86] drm/i915: Move the min_pixclk[] handling to the end of readout - drm: Initialise drm_mm.head_node.allocated - block: Change extern inline to static inline - block: cfq_cpd_alloc() should use @gfp - [x86] ACPI / APEI: Fix NMI notification handling - [x86] powercap/intel_rapl: fix and tidy up error handling - iw_cxgb4: Fix error return code in c4iw_rdev_open() - [arm64, armhf] power: supply: bq27xxx_battery: Fix register map for BQ27510 and BQ27520 - blk-mq: Always schedule hctx->next_cpu - [powerpc] mm: Correct process and partition table max size - [powerpc*] ibmebus: Fix further device reference leaks - [powerpc*] ibmebus: Fix device reference leaks in sysfs interface - [powerpc*] powernv: Don't warn on PE init if unfreeze is unsupported - [arm64] hugetlb: fix the wrong address for several functions - [arm64] hugetlb: remove the wrong pmd check in find_num_contig() - [arm64] hugetlb: fix the wrong return value for huge_ptep_set_access_flags https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.6 - IB/core: Release allocated memory in cache setup failure - IB/rxe: Increase max number of completions to 32k - IB/rxe: avoid putting a large struct rxe_qp on stack - IB/mlx5: Avoid system crash when enabling many VFs - IB/mlx5: Fix reported max SGE calculation - IB/mlx5: Assign SRQ type earlier - IB/mlx5: Wait for all async command completions to complete - IB/mlx4: Set traffic class in AH - IB/mlx4: Fix out-of-range array index in destroy qp flow - IB/mlx4: Handle well-known-gid in mad_demux processing - IB/mlx4: Fix port query for 56Gb Ethernet links - IB/mlx4: When no DMFS for IPoIB, don't allow NET_IF QPs - IB/mlx4: Check if GRH is available before using it - IB/IPoIB: Remove can't use GFP_NOIO warning - perf trace: Use the syscall raw_syscalls:sys_enter timestamp - perf mem: Fix --all-user/--all-kernel options - perf trace: Check if MAP_32BIT is defined (again) - perf diff: Do not overwrite valid build id - perf callchain: Fixup help/config for no-unwinding - perf scripting: Avoid leaking the scripting_context variable - perf jit: Enable jitdump support without dwarf - [armhf] dts: bcm283x: fix typo in mailbox address - [armhf] dts: imx6q-cm-fx6: fix fec pinctrl - [armhf] dts: omap3: Add DTS for Logic PD SOM-LV 37xx Dev Kit - tmpfs: clear S_ISGID when setting posix ACLs (CVE-2017-5551) - [x86] PCI: Ignore _CRS on Supermicro X8DTH-i/6/iF/6F - rcu: Narrow early boot window of illegal synchronous grace periods - sunrpc: don't call sleeping functions from the notifier block callbacks - svcrpc: don't leak contexts on PROC_DESTROY - libnvdimm, namespace: fix pmem namespace leak, delete when size set to zero - fuse: clear FR_PENDING flag when moving requests out of pending queue - fuse: fix time_to_jiffies nsec sanity check - PCI: Enumerate switches below PCI-to-PCIe bridges - HID: corsair: fix DMA buffers on stack (CVE-2017-5547) - HID: corsair: fix control-transfer error handling - mmc: sdhci-acpi: Only powered up enabled acpi child devices - ieee802154: atusb: do not use the stack for buffers to make them DMA able (CVE-2017-5548) - [s390x] KVM: do not expose random data via facility bitmap - [armhf,arm64] KVM: vgic: Fix deadlock on error handling - [powerpc*] icp-opal: Fix missing KVM case and harden replay - [powerpc*] perf: Fix PM_BRU_CMPL event code for power9 - [powerpc*] ptrace: Preserve previous fprs/vsrs on short regset write - [powerpc*] ptrace: Preserve previous TM fprs/vsrs on short regset write - [powerpc*] Ignore reserved field in DCSR and PVR reads and writes - [x86] ioapic: Restore IO-APIC irq_chip retrigger callback - qla2xxx: Fix crash due to null pointer access - mac80211: implement multicast forwarding on fast-RX path - ubifs: Fix journal replay wrt. xattr nodes - [armhf] clocksource/exynos_mct: Clear interrupt when cpu is shut down - svcrdma: avoid duplicate dma unmapping during error recovery - ceph: fix bad endianness handling in parse_reply_info_extra - [armhf] dts: OMAP5 / DRA7: indicate that SATA port 0 is available. - [arm64] avoid returning from bad_mode - [arm64] ptrace: Preserve previous registers for short regset write - [arm64] ptrace: Avoid uninitialised struct padding in fpr_set() - [arm64] ptrace: Reject attempts to set incomplete hardware breakpoint fields - Input: ALPS - fix TrackStick support for SS5 hardware - libceph: ceph_x_encrypt_buflen() takes in_len - libceph: old_key in process_one_ticket() is redundant - libceph: introduce ceph_x_encrypt_offset() - libceph: introduce ceph_crypt() for in-place en/decryption (CVE-2016-10153) - libceph: rename and align ceph_x_authorizer::reply_buf - libceph: tweak calcu_signature() a little - libceph: switch ceph_x_encrypt() to ceph_crypt() - libceph: switch ceph_x_decrypt() to ceph_crypt() - libceph: remove now unused ceph_*{en,de}crypt*() functions - [armhf] dts: Add an empty chosen node to top level DTSI - [armel,armhf] 8613/1: Fix the uaccess crash on PB11MPCore - ceph: fix scheduler warning due to nested blocking - ceph: fix ceph_get_caps() interruption - ceph: fix endianness of getattr mask in ceph_d_revalidate - ceph: fix endianness bug in frag_tree_split_cmp - libceph: make sure ceph_aes_crypt() IV is aligned - xprtrdma: Make FRWR send queue entry accounting more accurate - xprtrdma: Squelch "max send, max recv" messages at connect time - [arm64] mm: avoid name clash in __page_to_voff() - [arm64] Fix swiotlb fallback allocation - swiotlb: Convert swiotlb_force from int to enum - swiotlb: Add swiotlb=noforce debug option - scsi: ses: Fix SAS device detection in enclosure - scsi: mpt3sas: fix hang on ata passthrough commands - [armhf] PM / devfreq: exynos-bus: Fix the wrong return value - PM / devfreq: Fix the bug of devfreq_add_device when governor is NULL - mtd: spi-nor: Off by one in cqspi_setup_flash() - mtd: spi-nor: Fix some error codes in cqspi_setup_flash() - [x86] ite-cir: initialize use_demodulator before using it - [armhf] dmaengine: pl330: Fix runtime PM support for terminated transfers - [armhf] soc: ti: wkup_m3_ipc: Fix error return code in wkup_m3_ipc_probe() - libceph: uninline ceph_crypto_key_destroy() - libceph: stop allocating a new cipher on every crypto request [ Ben Hutchings ] * [armel,armhf,s390x,x86] linux-headers: Fix regression of multilib compiler support (Closes: #851481) * nbd: use loff_t for blocksize and nbd_set_size args (Closes: #851533) * ath9k: fix NULL pointer dereference (Closes: #851621) * cfg80211,memcg,power: Avoid ABI changes * bq27xxx_battery,cpuhp,libceph,orinoco,xhci: Ignore ABI changes * linux-image: Increase minimum version of initramfs-tools (Closes: #808038) * [x86] linux-cpupower: Add turbostat and x86_energy_perf_policy commands (Closes: #778249) * [arm64] Enable ARCH_MESON and related drivers (Closes: #852132) * [arm64] dts: meson-gx: Add firmware reserved memory zones * [x86] ASoC: Intel: select DW_DMAC_CORE since it's mandatory * [x86] sound/soc/intel: Enable SND_SOC_INTEL_BDW_RT5677_MACH as module (Closes: #851916) * [arm64] video/fbdev: Change FB from module to built-in * [arm64,armhf] video/fbdev: Enable FB_EFI (Closes: #851778) * fs: Disable LOGFS, as it is unmaintained and will be removed in 4.10 * [rt] genpatch.py: Verify tag and tarball signatures * fbdev: color map copying bounds checking (CVE-2016-8405) * [armhf,arm64] drm/vc4: Fix an integer overflow in temporary allocation layout. (CVE-2017-5576) * [armhf,arm64] drm/vc4: Return -EINVAL on the overflow checks failing. (CVE-2017-5577) * [arm64] ptrace: Avoid ABI change in 4.9.6 * [arm64] Enable ARM64_ACPI_PARKING_PROTOCOL, ARCH_THUNDER, GPIO_PL061, GPIO_XGENE, ARM_SMMU, ARM_SMMU_V3, PCI_HOST_THUNDER_PEM, and PCI_HOST_THUNDER_ECAM; PINCTRL_AMD as built-in; SATA_AHCI_SEATTLE, HW_RANDOM_XGENE, HW_RANDOM_CAVIUM, CPUFREQ_DT, K3_DMA, GPIO_XGENE_SB, SENSORS_XGENE, I2C_THUNDERX, KEYBOARD_GPIO, TI_ST, THUNDER_NIC_PF, THUNDER_NIC_VF (Closes: #852493), THUNDER_NIC_BGX, THUNDER_NIC_RGX, MDIO_THUNDER, MDIO_XGENE, SPI_THUNDERX, and SND_SOC_APQ8016_SBC as modules (thanks to Riku Voipio) [ Roger Shimizu ] * [armel] Add DT support of Buffalo Linkstation Live v3 (LS-CHL) * drivers/input: Enable TOUCHSCREEN_GOODIX as module (Closes: #851821). * [mips/octeon] hwmon: Enable SENSORS_ADM1031 as module (Closes: #851963). Thanks to James Cowgill. * nbd: fix 64-bit division. -- Ben Hutchings Fri, 27 Jan 2017 07:44:54 +0000 linux (4.9.2-2) unstable; urgency=medium * [sparc64] Export memcpy and memset to modules again (fixes FTBFS) * Revert "Remove debug symbol packages from debian/control to work around dak bug", which caused most binary uploads to be rejected -- Ben Hutchings Thu, 12 Jan 2017 15:52:37 +0000 linux (4.9.2-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.2 [ Ben Hutchings ] * abiupdate.py: Use current config instead of downloading previous config * abiupdate.py: Update base URLs * abiupdate.py: Add support for incoming.ports.debian.org * Make the pickled config (config.defines.dump) reproducible * Remove debug symbol packages from debian/control to work around dak bug * udeb: Add switch (DSA) drivers to nic-modules (Closes: #845075) * netfilter: Enable NFT_NUMGEN, NFT_QUOTA as modules * net/sched: Enable NET_ACT_TUNNEL_KEY, NET_IFE_SKBTCINDEX as modules * vsock: Enable VSOCKETS, VHOST_VSOCK, VIRTIO_VSOCKETS as modules * hci_uart: Enable BT_HCIUART_MRVL * rxrpc: Enable AF_RXRPC_IPV6 * net: Enable NET_DEVLINK, MACSEC as modules * SCSI: Enable SCSI_SMARTPQI as module * target: Enable ISCSI_TARGET_CXGB4 as module * cxgb4: Enable CHELSIO_T4_FCOE * drm: Enable DRM_LEGACY; re-enable DRM_TDFX, DRM_R128, DRM_MGA, DRM_SIS, DRM_VIA, DRM_SAVAGE as modules for some architectures * 8250: Disable SERIAL_8250_LPSS, since it causes DW_DMAC_CORE to be built-in * Partially revert "usb: Kconfig: using select for USB_COMMON dependency", since it causes USB_COMMON to be built-in * Set ABI to 1 [ John Paul Adrian Glaubitz ] * [sh3] Build a linux-libc-dev package (Closes: #850732) [ Martin Michlmayr ] * [arm64] Enable MV_XOR and MV_XOR_V2. -- Ben Hutchings Wed, 11 Jan 2017 04:41:33 +0000 linux (4.9.1-1~exp1) experimental; urgency=medium * New upstream release: https://kernelnewbies.org/Linux_4.9 - Revert "default exported asm symbols to zero" * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.1 [ Ben Hutchings ] * Set ABI to trunk * Enable USERFAULTFD (except on armel/marvell) * [x86] PCI: Enable VMD as module * mm: Enable PAGE_POISONING (Closes: #849450), PAGE_POISONING_NO_SANITY (except on armel/marvell) * ieee802154: Enable IEEE802154_FAKELB as module * [armhf] leds,gpio: Enable LEDS_TCA6507 as module (Closes: #847770) * [x86] iio,HID: Enable INTEL_ISH_HID as module * hwmon,watchdog: Enable SENSORS_FTSTEUTATES as module (together with the previous, Closes: #847017) * net: Enable GTP as module (Closes: #846913) * [armhf] gpio: Enable GPIO_MCP23S08 as module (Closes: #845064) * aufs: Update support patchset to aufs4.9-20161219 * Use debhelper compatibility level 9 * [arm64] Revert "arm64/mm: Limit TASK_SIZE_64 ..." and add breaks on incompatible mozjs * genorig.py: Verify tag signatures (based on work by Yves-Alexis Perez) [ Uwe Kleine-König ] * enable `perf data' support; patch by Sebastian Andrzej Siewior (Closes: #846597) * [rt] Update to 4.9-rt1 and reenable * [armhf] Add support for switch hardware on Turris Omnia [ Aurelien Jarno ] * [arm64] Enable RTC_DRV_DS1307. -- Ben Hutchings Sat, 07 Jan 2017 03:44:26 +0000 linux (4.9~rc8-1~exp1) experimental; urgency=medium * New upstream release candidate [ Ben Hutchings ] * radeon: Update package name in error message for missing firmware * [amd64] Remove xen-linux-system- package * debian/control: Fix build-dependency on flex to work with new versions that have M-A: allowed * Revert "default exported asm symbols to zero" * [arm64] remoteproc: Disable QCOM_WCNSS_PIL (fixes FTBFS) * [sparc64] Don't re-add exports of string functions that are now only defined as macros (fixes FTBFS, after other fixes) -- Ben Hutchings Mon, 05 Dec 2016 05:02:30 +0000 linux (4.9~rc7-1~exp1) experimental; urgency=medium * New upstream release candidate: - [armhf,armel] Revert "arm: move exports to definitions" (Closes: #844530) [ Martin Michlmayr ] * [arm64] Enable more QCOM options: BT_QCOMSMD, QCOM_EBI2, QCOM_TSENS, QCOM_WCNSS_PIL and EXTCON_QCOM_SPMI_MISC. * [arm64] Enable ARCH_MVEBU and related options. [ Ben Hutchings ] * linux-headers-common: Make these packages architecture-independent by including headers for all architectures that we build a kernel for * Fix exported symbol versions: - Revert upstream changes moving exports to assembly sources - [x86] kbuild: enable modversions for symbols exported from assembly - [powerpc] Remove Mac-on-Linux hooks - [powerpc*] Fix missing CRCs, add yet more asm-prototypes.h declarations - Re-enable CONFIG_MODVERSIONS in a slightly weaker form - module: Disable matching missing version CRC * debian/bin/buildcheck.py: Add check for symbols with version CRC of 0 -- Ben Hutchings Sat, 03 Dec 2016 01:46:12 +0000 linux (4.9~rc5-1~exp1) experimental; urgency=medium * New upstream release candidate [ Aurelien Jarno ] * Enable MAC802154, IEEE802154_ADF7242, IEEE802154_AT86RF230, IEEE802154_ATUSB, IEEE802154_CC2520 and IEEE802154_MRF24J40. * [arm64] Enable VIRTUALIZATION and KVM. [ Ben Hutchings ] * [hppa] Update build-dependencies for 64-bit kernel (fixes FTBFS) * linux-perf: Exclude perf-read-vdso* from shared library dependency check (fixes FTBFS on sparc64) * [x86] kexec: add -fno-PIE * wireless: Enable RTL8XXXU as module, replacement for R8723AU * netfilter: Enable NFT_SET_RBTREE and NFT_SET_HASH as modules, renamed from NFT_RBTREE and NFT_HASH * tcp: Enable TCP_CONG_BBR as module * [armel] Drop versatile flavour, which has been broken since version 4.5~rc4-1~exp1 * [x86] ethernet: Enable ENA_ETHERNET as module * [x86] efi: Prevent mixed mode boot corruption with CONFIG_VMAP_STACK=y * w1: Disable W1_MASTER_MATROX -- Ben Hutchings Mon, 14 Nov 2016 05:19:31 +0000 linux (4.9~rc3-1~exp1) experimental; urgency=medium * New upstream release candidate [ Ben Hutchings ] * [rt] Disable until it is updated for 4.9 or later * kbuild: add -fno-PIE (Closes: #841368) * Compile with gcc-6 on all architectures * debian/control: Fix build-dependency on openssl to work with new versions that have M-A: allowed (Closes: #839145) -- Ben Hutchings Thu, 03 Nov 2016 16:51:55 -0600 linux (4.8.15-2) unstable; urgency=medium [ Ben Hutchings ] * [x86] Enable INTEL_VBTN as module (Closes: #848967) * debian/control: Change build-dependency on asciidoc to prefer the new asciidoc-base, so we don't pull in LaTeX unnecessarily * [x86] Enable LEDS_DELL_NETBOOKS and DELL_SMBIOS as modules; re-enable DELL_LAPTOP and DELL_WMI as modules (Closes: #849674) * [powerpc*] boot: Request no dynamic linker for boot wrapper (Closes: #848851, FTBFS on ppc6el) * cpufreq: Enable CPU_FREQ_GOV_SCHEDUTIL as module * [x86] ACPI: Enable DPTF_POWER as module * [x86] perf: Enable PERF_EVENTS_AMD_POWER as module * [x86] perf: Change PERF_EVENTS_INTEL_{CSTATE,RAPL,UNCORE} from built-in to modules * PCI: Enable PCIE_DPC (except for armel/versatile) * [amd64] PCI: Enable PCI_HYPERV as module * inet: Enable INET_DIAG_DESTROY * tcp: Enable TCP_CONG_NV as module * ipv6: Enable IPV6_ILA as module * net/sched: Enable NET_CLS_MATCHALL, NET_ACT_IFE, NET_IFE_SKBMARK, NET_IFE_SKBPRIO as modules * hci_uart: Enable BT_HCIUART_AG6XX * nvme: Enable NVME_RDMA, NVME_TARGET, NVME_TARGET_RDMA as modules * [amd64] mic: Enable VOP_BUS and VOP as modules; re-enable INTEL_MIC_HOST as module * debian/control: Add Salvatore Bonaccorso to Uploaders * [rt] Update to 4.8.15-rt10 (no functional change) [ Salvatore Bonaccorso ] * sg_write()/bsg_write() is not fit to be called under KERNEL_DS (CVE-2016-10088) * kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF) (CVE-2016-9588) -- Ben Hutchings Wed, 04 Jan 2017 19:39:36 +0000 linux (4.8.15-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.12 - [x86] iommu/vt-d: Fix PASID table allocation - [x86] iommu/vt-d: Fix IOMMU lookup for SR-IOV Virtual Functions - [x86] KVM: fix out-of-bounds access in lapic - [x86] KVM: x86: drop error recovery in em_jmp_far and em_ret_far (CVE-2016-9756) - [x86] KVM: fix out-of-bounds accesses of rtc_eoi map (CVE-2016-9777) - [x86] KVM: check for pic and ioapic presence before use - [arm64, armhf] usb: chipidea: move the lock initialization to core file - USB: serial: cp210x: add ID for the Zone DPMX - USB: serial: ftdi_sio: add support for TI CC3200 LaunchPad - scsi: mpt3sas: Fix secure erase premature termination - cfg80211: limit scan results cache size - apparmor: fix change_hat not finding hat after policy replacement - NFSv4.x: hide array-bounds warning - [x86] fpu: Fix invalid FPU ptrace state after execve() - [x86] traps: Ignore high word of regs->cs in early_fixup_exception() - perf/core: Fix address filter parser - perf/x86/intel: Cure bogus unwind from PEBS entries - [x86] thermal/powerclamp: add back module device table - [hppa/parisc] Fix races in parisc_setup_cache_timing() - [hppa/parisc] Switch to generic sched_clock implementation - [hppa/parisc] Fix race in pci-dma.c - [hppa/parisc] Also flush data TLB in flush_icache_page_asm - mpi: Fix NULL ptr dereference in mpi_powm() - X.509: Fix double free in x509_cert_parse() - xc2028: Fix use-after-free bug properly - [powerpc] Set missing wakeup bit in LPCR on POWER9 - [powerpc] mm: Fixup kernel read only mapping - [powerpc] boot: Fix the early OPAL console wrappers - can: bcm: fix support for CAN FD frames - mm, oom: stop pre-mature high-order OOM killer invocations - flow_dissect: call init_default_flow_dissectors() earlier - scsi: mpt3sas: Unblock device after controller reset https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.13 - libata-scsi: Fixup ata_gen_passthru_sense() - scsi: hpsa: use bus '3' for legacy HBA devices - scsi: libfc: fix seconds_since_last_reset miscalculation - mm, thp: propagation of conditional compilation in khugepaged.c - thp: fix corner case of munlock() of PTE-mapped THPs - zram: fix unbalanced idr management at hot removal - mm: fix false-positive WARN_ON() in truncate/invalidate for hugetlb - ovl: fix d_real() for stacked fs - Input: change KEY_DATA from 0x275 to 0x277 - Input: psmouse - disable automatic probing of BYD touchpads - rcu: Fix soft lockup for rcu_nocb_kthread - mm: workingset: fix NULL ptr in count_shadow_nodes - PCI: Export pcie_find_root_port - PCI: Set Read Completion Boundary to 128 iff Root Port supports it (_HPX) - mwifiex: printk() overflow with 32-byte SSIDs - [arm64] KVM: vgic: Don't notify EOI for non-SPIs - [x86] drm/i915: Don't touch NULL sg on i915_gem_object_get_pages_gtt() error - [x86] drm/i915: drop the struct_mutex when wedged or trying to reset - [x86] drm/amdgpu: fix power state when port pm is unavailable - drm/radeon: fix power state when port pm is unavailable - [x86] drm/amdgpu: fix check for port PM availability - drm/radeon: fix check for port PM availability - [arm64] dts: juno: fix cluster sleep state entry latency on all SoC versions - KVM: use after free in kvm_ioctl_create_device() - pwm: Fix device reference leak - [x86] perf: Restore TASK_SIZE check on frame pointer - [armhf] clk: sunxi: Fix M factor computation for APB1 - batman-adv: Detect missing primaryif during tp_send as error - [arm64] cpufeature: Schedule enable() calls instead of calling them via IPI - [arm64] mm: Set PSTATE.PAN from the cpu_enable_pan() call - [arm64] suspend: Reconfigure PSTATE after resume from idle https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.14 - gro_cells: mark napi struct as not busy poll candidates - virtio-net: add a missing synchronize_net() - [armhf] net: dsa: b53: Fix VLAN usage and how we treat CPU port - net: check dead netns for peernet2id_alloc() - ip6_tunnel: disable caching when the traffic class is inherited - net: sky2: Fix shutdown crash - af_unix: conditionally use freezable blocking calls in read - rtnetlink: fix FDB size computation - l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() - rtnl: fix the loop index update error in rtnl_dump_ifinfo() - ipv6: bump genid when the IFA_F_TENTATIVE flag is clear - udplite: call proper backlog handlers - [armhf] net: dsa: bcm_sf2: Ensure we re-negotiate EEE during after link change - net, sched: respect rcu grace period on cls destruction - [armhf] net: dsa: fix unbalanced dsa_switch_tree reference counting - net/sched: pedit: make sure that offset is valid - netlink: Call cb->done from a worker thread - netlink: Do not schedule work from sk_destruct - net/dccp: fix use-after-free in dccp_invalid_packet - GSO: Reload iph after pskb_may_pull - packet: fix race condition in packet_set_ring (CVE-2016-8655) - ip6_offload: check segs for NULL in ipv6_gso_segment. - cdc_ether: Fix handling connection notification - tipc: check minimum bearer MTU (CVE-2016-8632) - geneve: avoid use-after-free of skb->data - net: avoid signed overflows for SO_{SND|RCV}BUFFORCE (CVE-2016-9793) - net: ping: check minimum size on ICMP header length (CVE-2016-8399) - ipv4: Restore fib_trie_flush_external function and fix call ordering - ipv4: Fix memory leak in exception case for splitting tries - ipv4: Drop leaf from suffix pull/push functions - ipv4: Drop suffix update from resize code - [sparc64] Fix find_node warning if numa node cannot be found - [sparc64] fix compile warning section mismatch in find_node() - [sparc] Fix inverted invalid_frame_pointer checks on sigreturns - constify iov_iter_count() and iter_is_iovec() - Don't feed anything but regular iovec's to blk_rq_map_user_iov (CVE-2016-9576) - ipv6: Set skb->protocol properly for local output - ipv4: Set skb->protocol properly for local output - Revert: "ip6_tunnel: Update skb->protocol to ETH_P_IPV6 in ip6_tnl_xmit()" - flowcache: Increase threshold for refusing new allocations - esp4: Fix integrity verification when ESN are used - esp6: Fix integrity verification when ESN are used https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.15 - [powerpc] eeh: Fix deadlock when PE frozen state can't be cleared - [powerpc] mm: Fix lazy icache flush on pre-POWER5 - [powerpc] boot: Fix build failure in 32-bit boot wrapper - fuse: fix clearing suid, sgid for chown() - [hppa/parisc] Purge TLB before setting PTE - [hppa/parisc] Remove unnecessary TLB purges from flush_dcache_page_asm and flush_icache_page_asm - [hppa/parisc] Fix TLB related boot crash on SMP machines - zram: restrict add/remove attributes to root only - locking/rtmutex: Prevent dequeue vs. unlock race - locking/rtmutex: Use READ_ONCE() in rt_mutex_owner() - device-dax: fix private mapping restriction, permit read-only - scsi: lpfc: fix oops/BUG in lpfc_sli_ringtxcmpl_put() - sched/autogroup: Fix 64-bit kernel nice level adjustment - [x86] perf: Fix full width counter, counter overflow - acpi, nfit: fix extended status translations for ACPI DSMs - acpi, nfit, libnvdimm: fix / harden ars_status output length handling - acpi, nfit: validate ars_status output buffer size - acpi, nfit: fix bus vs dimm confusion in xlat_status - [armel, armhf] crypto: marvell - Don't copy hash operation twice into the SRAM - crypto: caam - fix pointer size for AArch64 boot loader, AArch32 kernel - [armel, armhf] crypto: marvell - Don't corrupt state of an STD req for re-stepped ahash - can: raw: raw_setsockopt: limit number of can_filter that can be set - can: peak: fix bad memory access and free sequence - [armel] dts: orion5x: fix number of sata port for linkstation ls-gl (Closes: #845611) - ceph: don't set req->r_locked_dir in ceph_d_revalidate - [m68k] Fix ndelay() macro - batman-adv: Check for alloc errors when preparing TT local data - hotplug: Make register and unregister notifier API symmetric [ Uwe Kleine-König ] * [armhf] dts: armada-385: add support for Turris Omnia [ Salvatore Bonaccorso ] * Add ABI reference for 4.8.0-2 * Ignore ABI changes in KVM * net: handle no dst on skb in icmp6_send (CVE-2016-9919) * [rt] Update to 4.8.11-rt7 * [rt] Update to 4.8.14-rt9 * netfilter: ipv6: nf_defrag: drop mangled skb on ream error (CVE-2016-9755) * Ignore ABI changes in libnvdimm * docs: sphinx-extensions: make rstFlatTable work with docutils 0.13. Thanks to Dmitry Shachnev (Closes: #848349) [ Ben Hutchings ] * [amd64] Re-enable LEGACY_VSYSCALL_EMULATE instead of LEGACY_VSYSCALL_NONE. There are still binaries in stable that use vsyscall (via dietlibc). (Closes: #847154) * debian/rules.real: Exclude *.pyc from featureset diffs * debian/control: Fix build-dependency on flex to work with new versions that have M-A: foreign * debian/rules: Use dpkg-parsechangelog -S option to select fields * debian/rules: Tighten binNMU version matching, consistent with linux-latest -- Salvatore Bonaccorso Mon, 19 Dec 2016 12:35:29 +0100 linux (4.8.11-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.8 - net: fec: set mac address unconditionally - net: pktgen: fix pkt_size - net/sched: act_vlan: Push skb->data to mac_header prior calling skb_vlan_*() functions - net: Add netdev all_adj_list refcnt propagation to fix panic - packet: call fanout_release, while UNREGISTERING a netdev - netlink: do not enter direct reclaim from netlink_dump() - drivers/ptp: Fix kernel memory disclosure - net_sched: reorder pernet ops and act ops registrations - ipv6: tcp: restore IP6CB for pktoptions skbs - net: phy: Trigger state machine on state change and not polling. - ip6_tunnel: fix ip6_tnl_lookup - ipv6: correctly add local routes when lo goes up - IB/ipoib: move back IB LL address into the hard header - net/mlx4_en: fixup xdp tx irq to match rx - net: pktgen: remove rcu locking in pktgen_change_name() - bridge: multicast: restore perm router ports on multicast enable - switchdev: Execute bridge ndos only for bridge ports - rtnetlink: Add rtnexthop offload flag to compare mask - net: core: Correctly iterate over lower adjacency list - net: add recursion limit to GRO - ipv4: disable BH in set_ping_group_range() - ipv4: use the right lock for ping_group_range - net: fec: Call swap_buffer() prior to IP header alignment - net: sctp, forbid negative length - sctp: fix the panic caused by route update - udp: fix IP_CHECKSUM handling - [x86] netvsc: fix incorrect receive checksum offloading - net: ipv6: Do not consider link state for nexthop validation - net sched filters: fix notification of filter delete with proper handle - sctp: validate chunk len before actually using it (CVE-2016-9555) - ip6_tunnel: Update skb->protocol to ETH_P_IPV6 in ip6_tnl_xmit() - packet: on direct_xmit, limit tso and csum to supported devices - [powerpc] Update parameters for csum_tcpudp_magic & csum_tcpudp_nofold - [arm64, armhf] usb: dwc3: gadget: properly account queued requests - scsi: megaraid_sas: Fix data integrity failure for JBOD (passthrough) devices - scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.9 - ALSA: info: Return error for invalid read/write - ALSA: info: Limit the proc text input size - dib0700: fix nec repeat handling - mm, frontswap: make sure allocated frontswap map is assigned - shmem: fix pageflags after swapping DMA32 object - swapfile: fix memory corruption via malformed swapfile - mm: hwpoison: fix thp split handling in memory_failure() - mm/hugetlb: fix huge page reservation leak in private mapping error paths - coredump: fix unfreezable coredumping task - [s390x] hypfs: Use get_free_page() instead of kmalloc to ensure page alignment - PCI: Don't attempt to claim shadow copies of ROM - [x86] pinctrl: cherryview: Serialize register access in suspend/resume - [x86] pinctrl: cherryview: Prevent possible interrupt storm on resume - cpupower: Correct return type of cpu_power_is_cpu_online() in cpufreq-set - mmc: sdhci: Fix CMD line reset interfering with ongoing data transfer - mmc: sdhci: Fix unexpected data interrupt handling - mmc: mmc: Use 500ms as the default generic CMD6 timeout - [arm64, armhf] usb: dwc3: Fix error handling for core init - USB: cdc-acm: fix TIOCMIWAIT - usb: gadget: u_ether: remove interrupt throttling - drbd: Fix kernel_sendmsg() usage - potential NULL deref - cdc-acm: fix uninitialized variable - scsi: qla2xxx: Fix scsi scan hang triggered if adapter fails during init - scsi: mpt3sas: Fix for block device of raid exists even after deleting raid disk - scsi: scsi_dh_alua: fix missing kref_put() in alua_rtpg_work() - scsi: scsi_dh_alua: Fix a reference counting bug - [arm64] KVM: vgic: Prevent access to invalid SPIs - drm/radeon: disable runtime pm in certain cases - [x86] drm/i915: Respect alternate_ddc_pin for all DDI ports - [x86] drm/i915/dp: BDW cdclk fix for DP audio - [x86] drm/i915/dp: Extend BDW DP audio workaround to GEN9 platforms - [x86] drm/amdgpu: disable runtime pm in certain cases - xprtrdma: use complete() instead complete_all() - xprtrdma: Fix DMAR failure in frwr_op_map() after reconnect - [amd64] iommu/amd: Free domain id when free a domain of struct dma_ops_domain - [x86] iommu/vt-d: Fix dead-locks in disable_dmar_iommu() path - [x86] agp/intel: Flush chipset writes after updating a single PTE - watchdog: core: Fix devres_alloc() allocation size - perf top: Fix refreshing hierarchy entries on TUI - [x86] mei: bus: fix received data size check in NFC fixup - svcrdma: Skip put_page() when send_reply() fails - svcrdma: Tail iovec leaves an orphaned DMA mapping - nvme: Delete created IO queues on reset - [s390x] dumpstack: restore reliable indicator for call traces - hwrng: core - Don't use a stack buffer in add_early_randomness() - i40e: fix call of ndo_dflt_bridge_getlink() - [arm64] mmc: sdhci-msm: Fix error return code in sdhci_msm_probe() - [x86] ACPI / APEI: Fix incorrect return value of ghes_proc() - ACPI/PCI/IRQ: assign ISA IRQ directly during early boot stages - ACPI/PCI: pci_link: penalize SCI correctly - ACPI/PCI: pci_link: Include PIRQ_PENALTY_PCI_USING for ISA IRQs - batman-adv: Modify neigh_list only with rcu-list functions - [armel, armhf] gpio/mvebu: Use irq_domain_add_linear - ASoC: Intel: Skylake: Always acquire runtime pm ref on unload - [armhf] ASoC: sun4i-codec: return error code instead of NULL when create_card fails - memcg: prevent memcg caches to be both OFF_SLAB & OBJFREELIST_SLAB - libceph: fix legacy layout decode with pool 0 - [x86] drm/amdgpu: fix fence slab teardown - [x86] drm/amdgpu: fix a vm_flush fence leak - [x86] drm/i915: Fix mismatched INIT power domain disabling during suspend - netfilter: fix namespace handling in nf_log_proc_dostring https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.10 - dctcp: avoid bogus doubling of cwnd after loss - net: clear sk_err_soft in sk_clone_lock() - net: mangle zero checksum in skb_checksum_help() - ip6_tunnel: Clear IP6CB in ip6tunnel_xmit() - tcp: fix potential memory corruption - ipv4: allow local fragmentation in ip_finish_output_gso() - tcp: fix return value for partial writes - dccp: do not release listeners too soon - dccp: do not send reset to already closed sockets - dccp: fix out of bound access in dccp_v4_err() - ipv6: dccp: fix out of bound access in dccp_v6_err() - ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped - sctp: assign assoc_id earlier in __sctp_connect - bpf: fix htab map destruction when extra reserve is in use - net: icmp6_send should use dst dev to determine L3 domain - fib_trie: Correct /proc/net/route off by one error - sock: fix sendmmsg for partial sendmsg - net: icmp_route_lookup should use rt dev to determine L3 domain - net: __skb_flow_dissect() must cap its return value - ipv4: use new_gw for redirect neigh lookup - tcp: take care of truncations done by sk_filter() (CVE-2016-8645) - Revert "include/uapi/linux/atm_zatm.h: include linux/time.h" (Closes: #844491) - Revert "bnx2: Reset device during driver initialization" - bnx2: Wait for in-flight DMA to complete at probe stage - sctp: change sk state only when it has assocs in sctp_shutdown - [arm64, armhf] net: stmmac: Fix lack of link transition for fixed PHYs - [sparc] Handle negative offsets in arch_jump_label_transform - [sparc64] Handle extremely large kernel TSB range flushes sanely. - [sparc64] Fix illegal relative branches in hypervisor patched TLB code. - [sparc64] Fix instruction count in comment for __hypervisor_flush_tlb_pending. - [sparc64] Fix illegal relative branches in hypervisor patched TLB cross-call code. - [sparc64] Handle extremely large kernel TLB range flushes more gracefully. - [sparc64] Delete __ret_efault. - [sparc64] Prepare to move to more saner user copy exception handling. - [sparc64] Convert copy_in_user to accurate exception reporting. - [sparc64] Convert GENcopy_{from,to}_user to accurate exception reporting. - [sparc64] Convert U1copy_{from,to}_user to accurate exception reporting. - [sparc64] Convert NG4copy_{from,to}_user to accurate exception reporting. - [sparc64] Convert NGcopy_{from,to}_user to accurate exception reporting. - [sparc64] Convert NG2copy_{from,to}_user to accurate exception reporting. - [sparc64] Convert U3copy_{from,to}_user to accurate exception reporting. - [sparc64] Delete now unused user copy assembler helpers. - [sparc64] Delete now unused user copy fixup functions. - usb: gadget: f_fs: edit epfile->ep under lock - usb: gadget: f_fs: stop sleeping in ffs_func_eps_disable https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.11 - [x86] cpu/AMD: Fix cpu_llc_id for AMD Fam17h systems - [x86] KVM: fix missed SRCU usage in kvm_lapic_set_vapic_addr - [x86] KVM: Disable irq while unregistering user notifier - ftrace: Ignore FTRACE_FL_DISABLED while walking dyn_ftrace records - ftrace: Add more checks for FTRACE_FL_DISABLED in processing ip records - genirq: Use irq type from irqdata instead of irqdesc - fuse: fix fuse_write_end() if zero bytes were copied - IB/rdmavt: rdmavt can handle non aligned page maps - IB/hfi1: Fix rnr_timer addition - [x86] mfd: intel-lpss: Do not put device in reset state on suspend - [armhf] mfd: stmpe: Fix RESET regression on STMPE2401 - can: bcm: fix warning in bcm_connect/proc_register - gpio: do not double-check direction on sleeping chips - [x86] ALSA: usb-audio: Fix use-after-free of usb_device at disconnect - [x86] ALSA: hda - add a new condition to check if it is thinkpad - ALSA: hda - Fix mic regression by ASRock mobo fixup - [armhf] i2c: mux: fix up dependencies - [armhf] i2c: i2c-mux-pca954x: fix deselect enabling for device-tree - kbuild: add -fno-PIE - scripts/has-stack-protector: add -fno-PIE - x86/kexec: add -fno-PIE - kbuild: Steal gcc's pie from the very beginning - ext4: sanity check the block and cluster size at mount time - [armhf] dts: imx53-qsb: Fix regulator constraints - crypto: caam - do not register AES-XTS mode on LP units - [powerpc*] Fix setting of AIL in hypervisor mode - [x86] drm/amdgpu: Attach exclusive fence to prime exported bo's. - [x86] drm/i915: Refresh that status of MST capable connectors in ->detect() - [x86] drm/i915: Assume non-DP++ port if dvo_port is HDMI and there's no AUX ch specified in the VBT - virtio-net: drop legacy features in virtio 1 mode - [armhf] clk: imx: fix integer overflow in AV PLL round rate - [armhf] rtc: omap: Fix selecting external osc - iwlwifi: pcie: fix SPLC structure parsing - iwlwifi: pcie: mark command queue lock with separate lockdep class - iwlwifi: mvm: fix netdetect starting/stopping for unified images - iwlwifi: mvm: fix d3_test with unified D0/D3 images - iwlwifi: mvm: wake the wait queue when the RX sync counter is zero - mfd: core: Fix device reference leak in mfd_clone_cell - sunrpc: svc_age_temp_xprts_now should not call setsockopt non-tcp transports - uwb: fix device reference leaks - PM / sleep: fix device reference leak in test_suspend - PM / sleep: don't suspend parent when async child suspend_{noirq, late} fails - perf hists: Fix column length on --hierarchy - IB/mlx4: Check gid_index return value - IB/mlx4: Fix create CQ error flow - IB/mlx5: Validate requested RQT size - IB/mlx5: Use cache line size to select CQE stride - IB/mlx5: Fix memory leak in query device - IB/mlx5: Fix fatal error dispatching - IB/mlx5: Fix NULL pointer dereference on debug print - IB/core: Avoid unsigned int overflow in sg_alloc_table - IB/hfi1: Remove incorrect IS_ERR check - IB/uverbs: Fix leak of XRC target QPs - IB/cm: Mark stale CM id's whenever the mad agent was unregistered - netfilter: nft_dynset: fix element timeout for HZ != 1000 - [arm64, armhf] gpio: pca953x: Move memcpy into mutex lock for set multiple - [arm64, armhf] gpio: pca953x: Fix corruption of other gpios in set_multiple. [ Salvatore Bonaccorso ] * Bump ABI to 2 and remove ABI reference for 4.8.0-1 * xfs: Propagate dentry down to inode_change_ok() * ceph: Propagate dentry down to inode_change_ok() * fuse: Propagate dentry down to inode_change_ok() * fs: Give dentry to inode_change_ok() instead of inode * fs: Avoid premature clearing of capabilities (CVE-2015-1350) (Closes: #770492) * mpi: Fix NULL ptr dereference in mpi_powm() (CVE-2016-8650) * vfio/pci: Fix integer overflows, bitmask check (CVE-2016-9083 CVE-2016-9084) * mnt: Add a per mount namespace limit on the number of mounts (CVE-2016-6213) [ Ben Hutchings ] * [arm64] Enable more drivers for X-Gene (Really closes: #840061): - DMA: Enable XGENE_DMA as module - EDAC: Enable EDAC and EDAC_MM_EDAC, EDAC_XGENE as modules * [x86] video: Disable X86_SYSFB, FB_SIMPLE (Closes: #822575) -- Salvatore Bonaccorso Fri, 02 Dec 2016 06:35:22 +0100 linux (4.8.7-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.6 - [armhf,arm64] drm/vc4: Fix races when the CS reads from render targets. - [x86] drm/i915/backlight: setup and cache pwm alternate increment value - [x86] drm/i915/backlight: setup backlight pwm alternate increment on backlight enable - [x86] drm/amdgpu: fix IB alignment for UVD - [x86] drm/amdgpu/dce10: disable hpd on local panels - [x86] drm/amdgpu/dce8: disable hpd on local panels - [x86] drm/amdgpu/dce11: disable hpd on local panels - [x86] drm/amdgpu/dce11: add missing drm_mode_config_cleanup call - [x86] drm/amdgpu: initialize the context reset_counter in amdgpu_ctx_init - [x86] drm/amdgpu: change vblank_time's calculation method to reduce computational error. - drm/radeon: narrow asic_init for virtualization - drm/radeon/si/dpm: fix phase shedding setup - drm/radeon: change vblank_time's calculation method to reduce computational error. - [x86] drm/vmwgfx: Limit the user-space command buffer size - [x86] drm/amd/powerplay: fix mclk not switching back after multi-head was disabled - [x86] drm/i915/skl: Fix FIFO underrun (Closes: #844113) + Update plane watermarks atomically during plane updates + Move CRTC updating in atomic_commit into it's own hook + Update DDB values atomically with wms/plane attrs + Don't try to update plane watermarks if they haven't changed - [x86] drm/i915/gen9: only add the planes actually affected by ddb changes - [x86] drm/i915/gen9: fix the WaWmMemoryReadLatency implementation - [x86] drm/i915/gen9: minimum scanlines for Y tile is not always 4 - [x86] drm/i915/gen9: fix plane_blocks_per_line on watermarks calculations - [x86] drm/i915/gen9: fix the watermark res_blocks value - [x86] drm/i915: SAGV is not SKL-only, so rename a few things - [x86] drm/i915: introduce intel_has_sagv() - [x86] drm/i915/kbl: KBL also needs to run the SAGV code - [x86] Revert "drm/i915: Check live status before reading edid" - [x86] drm/i915: Account for TSEG size when determining 865G stolen base - [x86] drm/i915/skl: Ensure pipes with changed wms get added to the state - [x86] drm/i915: Allow PCH DPLL sharing regardless of DPLL_SDVO_HIGH_SPEED - [x86] drm/i915: Move long hpd handling into the hotplug work - [x86] drm/i915: Allow DP to work w/o EDID - [x86] drm/i915: Just clear the mmiodebug before a register access - [x86] drm/i915: Unalias obj->phys_handle and obj->userptr - rt2x00usb: Fix error return code - uio: fix dmem_region_start computation - i40e: remove a stray unlock - i40e: fix broken i40e_config_rss_aq function - mwifiex: correct aid value during tdls setup - mwifiex: fix failed to reconnect after interface disabled/enabled - ath10k: Add WMI_SERVICE_PERIODIC_CHAN_STAT_SUPPORT wmi service - ath10k: fix sending frame in management path in push txq logic - ath10k: fix reporting channel survey data - ath10k: fix throughput regression in multi client mode - [armel/marvell,armhf] crypto: marvell - Don't overwrite default creq->state during initialization - crypto: gcm - Fix IV buffer size in crypto_gcm_setkey - [armel/marvell,armhf] crypto: marvell - Update transformation context for each dequeued req - [x86] crypto: ccp - Fix return value check in ccp_dmaengine_register() - [armhf] hwrng: omap - Only fail if pm_runtime_get_sync returns < 0 - ASoC: topology: Fix error return code in soc_tplg_dapm_widget_create() - ASoC: dapm: Fix possible uninitialized variable in snd_soc_dapm_get_volsw() - ASoC: dapm: Fix value setting for _ENUM_DOUBLE MUX's second channel - ASoC: dapm: Fix kcontrol creation for output driver widget - staging: r8188eu: Fix scheduling while atomic splat - IB/qib: Remove qpt_mask global - IB/mlx5: Fix steering resource leak - mm/hugetlb: check for reserved hugepages during memory offline - mm/hugetlb: improve locking in dissolve_free_huge_pages() - [x86] drm/vmwgfx: Avoid validating views on view destruction - [s390x] cio: fix accidental interrupt enabling during resume - [s390x] con3270: fix use of uninitialised data - [s390x] con3270: fix insufficient space padding - [armhf,arm64] clk: bcm2835: Skip PLLC clocks when deciding on a new clock parent - [arm64] clk: gcc-msm8996: Fix pcie 2 pipe register offset - [arm64] clk: qcom: select GDSC for msm8996 gcc and mmcc - clk: Return errors from clk providers in __of_clk_get_from_provider() - clk: core: Force setting the phase delay when no change - clk: divider: Fix clk_divider_round_rate() to use clk_readl() - perf hists browser: Fix event group display - perf ui/tui: Reset output width for hierarchy - perf ui/stdio: Always reset output width for hierarchy - perf symbols: Check symbol_conf.allow_aliases for kallsyms loading too - perf symbols: Fixup symbol sizes before picking best ones - iwlwifi: check for valid ethernet address provided by OEM - iwlwifi: mvm: fix pending frames tracking on tx resp - iwlwifi: mvm: call a different txq_enable function - iwlwifi: mvm: free reserved queue on STA removal - iwlwifi: mvm: support BAR in reorder buffer - iwlwifi: mvm: disable P2P queue on mac context release - iwlwifi: mvm: bail out if CTDP start operation fails - [armhf,arm64] pinctrl: qcom: fix masking of pinmux functions - mpt3sas: Don't spam logs if logging level is 0 - [powerpc*] Always restore FPU/VEC/VSX if hardware transactional memory in use - [powerpc*] Add check_if_tm_restore_required() to giveup_all() - [powerpc*] nvram: Fix an incorrect partition merge - [powerpc*] Fix usage of _PAGE_RO in hugepage - [armhf] dts: omap3: overo: add missing unit name for lcd35 display - PCI: generic: Fix pci_remap_iospace() failure path - [armhf] PCI: tegra: Fix pci_remap_iospace() failure path - libnvdimm: clear the internal poison_list when clearing badblocks https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7 - [armhf] i2c: rk3x: Give the tuning value 0 during rk3x_i2c_v0_calc_timings - i2c: core: fix NULL pointer dereference under race condition - drm/dp/mst: Clear port->pdt when tearing down the i2c adapter - gpio / ACPI: fix returned error from acpi_dev_gpio_irq_get() - gpio: GPIO_GET_CHIPINFO_IOCTL: Fix line offset validation - gpio: GPIO_GET_CHIPINFO_IOCTL: Fix information leak - gpio: GPIO_GET_LINEHANDLE_IOCTL: Validate line offset - gpio: GPIOHANDLE_GET_LINE_VALUES_IOCTL: Fix information leak - gpio: GPIO_GET_LINEEVENT_IOCTL: Validate line offset - gpio: GPIO_GET_LINEHANDLE_IOCTL: Reject invalid line flags - gpio: GPIO_GET_LINEEVENT_IOCTL: Reject invalid line and event flags - gpio: GPIOHANDLE_GET_LINE_VALUES_IOCTL: Fix another information leak - gpio: GPIO_GET_LINE{HANDLE,EVENT}_IOCTL: Fix file descriptor leak - libxfs: clean up _calc_dquots_per_chunk - mm/list_lru.c: avoid error-path NULL pointer deref - mm/slab: fix kmemcg cache creation delayed issue - mm: memcontrol: do not recurse in direct reclaim - [x86] thermal/powerclamp: correct cpu support check - KEYS: Fix short sprintf buffer in /proc/keys show function - ALSA: usb-audio: Add quirk for Syntek STK1160 - ALSA: seq: Fix time account regression - ALSA: hda - allow 40 bit DMA mask for NVidia devices - ALSA: hda - Adding a new group of pin cfg into ALC295 pin quirk table - ALSA: hda - Fix surround output pins for ASRock B150M mobo - ALSA: hda - Fix headset mic detection problem for two Dell laptops - [powerpc*] cxl: Fix leaking pid refs in some error paths - btrfs: fix races on root_log_ctx lists - [powerpc] Convert cmp to cmpd in idle enter sequence - [powerpc] mm/radix: Use tlbiel only if we ever ran on the current cpu - [powerpc] Re-fix race condition between going idle and entering guest - [powerpc] Fix race condition in setting lock bit in idle/wakeup code - [amd64] x86/microcode/AMD: Fix more fallout from CONFIG_RANDOMIZE_MEMORY=y - timers: Prevent base clock rewind when forwarding clock - timers: Prevent base clock corruption when forwarding - timers: Plug locking race vs. timer migration - timers: Lock base for same bucket optimization - mei: txe: don't clean an unprocessed interrupt cause. - USB: serial: fix potential NULL-dereference at probe - USB: serial: cp210x: fix tiocmget error handling - USB: serial: ftdi_sio: add support for Infineon TriBoard TC2X7 - xhci: use default USB_RESUME_TIMEOUT when resuming ports. - usb: increase ohci watchdog delay to 275 msec (Closes: #842863) - [powerpc] GenWQE: Fix bad page access during abort of resource allocation - [x86] smpboot: Init apic mapping before usage - vt: clear selection before resizing - [x86] hv: do not lose pending heartbeat vmbus packets - xhci: add restart quirk for Intel Wildcatpoint PCH - xhci: workaround for hosts missing CAS bit - tty: limit terminal size to 4M chars - [arm64] dts: marvell: fix clocksource for CP110 master SPI0 - dm: free io_barrier after blk_cleanup_queue call - [x86] KVM: fix wbinvd_dirty_mask use-after-free - [s390] KVM: Fix STHYI buffer alignment for diag224 - [armhf] mvebu: Select corediv clk for all mvebu v7 SoC - nfsd: Fix general protection fault in release_lock_stateid() - [mips*] KASLR: Fix handling of NULL FDT - ovl: fix get_acl() on tmpfs - ovl: update S_ISGID when setting posix ACLs - ovl: fsync after copy-up - virtio_ring: Make interrupt suppression spec compliant - virtio_pci: Limit DMA mask to 44 bits for legacy virtio devices - virtio: console: Unlock vqs while freeing buffers - dm mirror: fix read error on recovery after default leg failure - dm table: fix missing dm_put_target_type() in dm_table_add_target() - dm rq: clear kworker_task if kthread_run() returned an error - dm raid: fix compat_features validation (Closes: #843572) - dm raid: fix activation of existing raid4/10 devices - firewire: net: guard against rx buffer overflows (CVE-2016-8633) - firewire: net: fix fragmented datagram_size off-by-one - mac80211: discard multicast and 4-addr A-MSDUs - ath10k: cache calibration data when the core is stopped - scsi: scsi_debug: Fix memory leak if LBP enabled and module is unloaded - scsi: arcmsr: Send SYNCHRONIZE_CACHE command to firmware - [arm64, armhf] mmc: dw_mmc-pltfm: fix the potential NULL pointer dereference - RAID1: ignore discard error - RAID10: ignore discard error - md: be careful not lot leak internal curr_resync value into metadata. - Revert "drm/radeon: fix DP link training issue with second 4K monitor" - [armhf] drm/imx: ipuv3-plane: Switch EBA buffer only when we don't need modeset - [armhf] drm/imx: ipuv3-plane: Access old u/vbo properly in ->atomic_check for YU12/YV12 - drm/radeon/si_dpm: Limit clocks on HD86xx part - drm/radeon/si_dpm: workaround for SI kickers - drm/radeon: drop register readback in cayman_cp_int_cntl_setup - drm/nouveau/acpi: fix check for power resources support - drm/fb-helper: Don't call dirty callback for untouched clips - drm/fb-helper: Fix connector ref leak on error - drm/fb-helper: Keep references for the current set of used connectors - drm/i915/gen9: fix DDB partitioning for multi-screen cases - drm/i915/gen9: fix watermarks when using the pipe scaler - drm/dp/mst: Check peer device type before attempting EDID read - drm: Release reference from blob lookup after replacing property - drm/i915: Respect alternate_aux_channel for all DDI ports - drm/i915: Clean up DDI DDC/AUX CH sanitation - drm/i915/fbc: fix CFB size calculation for gen8+ - drm: i915: Wait for fences on new fb, not old - i2c: mark device nodes only in case of successful instantiation - netfilter: xt_NFLOG: fix unexpected truncated packet - [arm64, armhf] pwm: Unexport children before chip removal - [arm64, armhf] usb: dwc3: Fix size used in dma_free_coherent() - [arm64, armhf] usb: chipidea: host: fix NULL ptr dereference during shutdown - [armhf] usb: musb: Fix hardirq-safe hardirq-unsafe lock order error - tty: vt, fix bogus division in csi_J - [x86] kvm: Check memopp before dereference (CVE-2016-8630) - btrfs: qgroup: Prevent qgroup->reserved from going subzero - [x86] cpufreq: intel_pstate: Set P-state upfront in performance mode - HID: usbhid: add ATEN CS962 to list of quirky devices [ Ben Hutchings ] * debian/control: Fix build-dependency on openssl to work with new versions that have M-A: allowed (Closes: #839145) * [rt] Update to 4.8.6-rt5: - [i386] entry: Fix preempt_lazy_count check in resume_kernel() - sched: Use mmdrop_delayed() in sched_cpu_dying() - Revert "mm/zsmalloc: Use get/put_cpu_light in zs_map_object()/zs_unmap_object()" - mm/zsmalloc: copy with get_cpu_var() and locking - NFSv4: replace seqcount_t with a seqlock_t - ftrace: Fix trace header alignment - connector/cn_proc: Protect send_msg() with a local lock on RT - drivers/zram: Don't disable preemption in zcomp_stream_get/put() * HID: Enable HID_ALPS, HID_ASUS (Closes: #843085), HID_CMEDIA as modules * cpupower: Fix checks for CPU existence (Closes: #843071) * perf: Disable use of libcrypto (Closes: #843199) * IB: Enable INFINIBAND_RDMAVT as module, re-enabling INFINIBAND_HFI1 and INFINIBAND_QIB (Closes: #843792) * libcpupower-dev: Depend on libcpupower1 (Closes: #840852) * [arm64] Enable more drivers for X-Gene (Closes: #840061): - ipmi: Enable IPMI_HANDLER, IPMI_DEVICE_INTERFACE, IPMI_SSIF as modules - i2c: Enable I2C_XGENE_SLIMPRO as module - mailbox: Enable XGENE_SLIMPRO_MBOX as module * debian/control: Build-Depend on a recent debhelper instead of dh-systemd -- Ben Hutchings Sun, 13 Nov 2016 04:38:09 +0000 linux (4.8.5-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.5 - [x86] boot/smp: Don't try to poke disabled/non-existent APIC (Closes: #841850) - [x86] Input: i8042 - skip selftest on ASUS laptops - [x86] Input: elantech - add Fujitsu Lifebook E556 to force crc_enabled (Closes: #835160) [ Ben Hutchings ] * cpufreq: Re-enable CPU_FREQ_STAT, which can no longer be modular * [armhf] dts: imx53: add support for USB armory board (Closes: #840137) * kconfig: Renumber SYMBOL_NEW, fixing regression of allnoconfig (Closes: #841357) * netfilter: xt_NFLOG: fix unexpected truncated packet (Closes: #841261) * Set ABI to 1 -- Ben Hutchings Fri, 28 Oct 2016 20:34:09 +0100 linux (4.8.4-1~exp1) experimental; urgency=medium * New upstream release: https://kernelnewbies.org/Linux_4.8 * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.1 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.2 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.3 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.4 [ Ben Hutchings ] * [amd64] Enable LEGACY_VSYSCALL_NONE instead of LEGACY_VSYSCALL_EMULATE. This breaks (e)glibc 2.13 and earlier, and can be reverted using the kernel parameter: vsyscall=emulate * [arm*] Enable STRICT_DEVMEM * [arm*,powerpc*,s390x,x86] Enable IO_STRICT_DEVMEM. This breaks dosemu and some old graphics drivers, and can be reverted using the kernel parameter: iomem=relaxed * [mips*] Enable RANDOMIZE_BASE and RELOCATABLE. * Enable SLAB_FREELIST_RANDOM * [arm*,powerpc*,s390x,sparc64,x86] Enable HARDENED_USERCOPY * security,perf: Replace GRKERNSEC_PERF_HARDEN patch with the version submitted upstream * [amd64] Enable RANDOMIZE_MEMORY * [powerpc*/*64*] Enable OPAL_PRD, MTD, MTD_POWERNV_FLASH as modules (Closes: #838604, #838605) * security,printk: Enable SECURITY_DMESG_RESTRICT, preventing non-root users reading the kernel log by default (sysctl: kernel.dmesg_restrict) * bug script: Optionally use sudo to read a restricted kernel log, and fall back to writing a placeholder * [rt] Update to 4.8.2-rt2 and re-enable * aufs: Update support patchest to aufs4.8-20161010 (no functional change) [ Aurelien Jarno ] * [arm64] Enable SERIAL_8250_EXTENDED, SERIAL_8250_SHARE_IRQ and SERIAL_8250_BCM2835AUX, needed for Raspberry Pi 3. -- Ben Hutchings Sun, 23 Oct 2016 17:21:13 +0100 linux (4.8~rc8-1~exp1) experimental; urgency=medium * New upstream release candidate [ Héctor Orón ] * [arm64] Enable ACPI, ARM64_VA_BITS_48 (Closes: #834505) [ Ben Hutchings ] * Fix some new reproducibility issues: - linux-source: Exclude Python bytecode generated when running Sphinx - Set -fdebug-prefix-map=... in compiler options for kernel and userland - linux-headers: Stop including unused arch/*/kernel/asm-offsets.s files * linux-doc: Exclude Sphinx support code and Makefiles * [arm64] mm: Limit TASK_SIZE_64 for compatibility * [armhf] udeb: Replace dwmac-socfpga with dwmac-altr-socfpga in nic-modules (Closes: #837110, thanks to Vagrant Cascadian) * [armhf] Enable drivers for ASUS Chromebook C201 (veyron-speedy): MFD_RK808, POWER_AVS, POWER_RESET_GPIO_RESTART, RTC_DRV_RK808, ROCKCHIP_PM_DOMAINS as built-in; DRM_PANEL_SIMPLE, ROCKCHIP_ANALOGIX_DP, ROCKCHIP_DW_MIPI_DSI, I2C_CROS_EC_TUNNEL, KEYBOARD_CROS_EC, OUSE_ELAN_I2C, MFD_CROS_EC, MFD_CROS_EC_SPI, MFD_RK808, PHY_ROCKCHIP_EMMC, PHY_ROCKCHIP_DP, BATTERY_SBS, CHARGER_GPIO, REGULATOR_RK808, BACKLIGHT_PWM as modules (Closes: #836251, thanks to Vagrant Cascadian) * [armhf] dsa: Enable drivers for Lamobo R1 (aka BPi-R1): B53, B53_MDIO_DRIVER as modules (Closes: #836231, thanks to Vagrant Cascadian) * [armhf] media: Enable VIDEO_V4L2_SUBDEV_API and VIDEO_OMAP3 as module -- Ben Hutchings Mon, 26 Sep 2016 04:27:06 +0100 linux (4.8~rc5-1~exp1) experimental; urgency=medium * New upstream release candidate [ Martin Michlmayr ] * [arm64] Enable more Tegra options: TEGRA_ACONNECT. * [arm64] Enable more QCOM options: MSM_GCC_8996, MSM_MMCC_8996, QCOM_HIDMA, QCOM_HIDMA_MGMT, PCIE_QCOM, PINCTRL_MSM8996, QCOM_Q6V5_PIL. * [arm64] Enable support for BCM2837 (Raspberry Pi 3): - Enable ARCH_BCM2835, DMA_BCM2835, BCM2835_MBOX, RASPBERRYPI_FIRMWARE, RASPBERRYPI_POWER - Enable DRM_VC4, I2C_BCM2835, PWM_BCM2835, SPI_BCM2835, SPI_BCM2835AUX, BCM2835_WDT, SND_BCM2835_SOC_I2S, MMC_SDHCI_IPROC, HW_RANDOM_BCM2835 as modules * [arm64] Enable USB_DWC2 and USB_DWC3. * [arm64] Enable more HISI options: MFD_HI655X_PMIC, REGULATOR_HI655X, STUB_CLK_HI6220, HI6220_MBOX, COMMON_RESET_HI6220, PHY_HI6220_USB, HW_RANDOM_HISI, DRM_HISI_KIRIN, INPUT_HISI_POWERKEY, PCI_HISI, SPI_HISI_SFC, SCSI_HISI_SAS (Closes: #821027). * [arm64] Enable TI WLAN (WLAN_VENDOR_TI): WL1251, WL12XX, WL18XX * [arm64] Enable Hisilicon Ethernet devices: HIX5HD2_GMAC, HISI_FEMAC, HIP04_ETH, HNS_MDIO, HNS, HNS_DSAF, HNS_ENET, MDIO_HISI_FEMAC [ Ben Hutchings ] * Update config for 4.8: - Enable HID_LED as module instead of USB_LED - Enable BH1780 as module instead of SENSORS_BH1780 - [alpha] Enable RTC_CLASS and RTC_DRV_ALPHA instead of GEN_RTC - [armhf] Rename omapdrm display config symbols - [armhf] Enable IIO_ST_ACCEL_3AXIS as module instead of LIS3L02DQ - [hppa] Enable RTC_CLASS and RTC_DRV_GENERIC instead of GEN_RTC * liblockdep: Stop trying to build packages, as it failed to build again * linux-doc: Build and install HTML pages from reStructuredText sources - Add python-sphinx and python-sphinx-rtd-theme to Build-Depends-Indep - Install files from both HTML output directories into the package - Exclude RST sources from the package -- Ben Hutchings Wed, 07 Sep 2016 21:52:47 +0100 linux (4.7.8-1) unstable; urgency=high * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.7 - cpuset: handle race between CPU hotplug and cpuset_hotplug_work - cgroup: fix invalid controller enable rejections with cgroup namespace - scripts/recordmcount.c: account for .softirqentry.text - mm,ksm: fix endless looping in allocating memory when ksm enable - can: dev: fix deadlock reported after bus-off - [x86] init: Fix cr4_init_shadow() on CR4-less machines - drm/udl: fix line iterator in damage handling - drm/nouveau/fifo/nv04: avoid ramht race against cookie insertion - drm/radeon/si/dpm: add workaround for for Jet parts - [armel,armhf] 8616/1: dt: Respect property size when parsing CPUs - [armel,armhf] 8617/1: dma: fix dma_max_pfn() - mwifiex: illegal assignment - i40e: avoid null pointer dereference - pinctrl: Flag strict is a field in struct pinmux_ops - i2c: mux: demux-pinctrl: run properly with multiple instances - rcuperf: Don't treat gp_exp mis-setting as a WARN - [armhf,arm64] drivers/perf: arm_pmu: Fix leak in error path - perf/core: Use this_cpu_ptr() when stopping AUX events - [armhf,arm64] mmc: tegra: Only advertise UHS modes if IO regulator is present - nvmem: Declare nvmem_cell_read() consistently - hwmon: (adt7411) set bit 3 in CFG1 register - sched/cputime: Fix prev steal time accouting during CPU hotplug - iwlwifi: mvm: checksum IPv6 fragmented packet - iwlwifi: mvm: fix txq aggregation bug - iwlwifi: mvm: write the correct internal TXF index - iwlwifi: mvm: unmap the paging memory before freeing it - iwlwifi: pcie: fix access to scratch buffer - iwlwifi: mvm: free RX reorder buffer on restart - iwlwifi: mvm: avoid harmless -Wmaybe-uninialized warning - iwlwifi: mvm: don't use ret when not initialised - [armhf] usb: gadget: fsl_qe_udc: signedness bug in qe_get_frame() - mac80211: check skb_linearize() return value - i40iw: Protect req_resource_num update - i40iw: Add missing check for interface already open - i40iw: Change mem_resources pointer to a u8 - i40iw: Fix double free of allocated_buffer - i40iw: Do not set self-referencing pointer to NULL after kfree - i40iw: Avoid writing to freed memory - i40iw: Add missing NULL check for MPA private data - i40iw: Send last streaming mode message for loopback connections - i40iw: Update hw_iwarp_state - i40iw: Receive notification events correctly - batman-adv: Add missing refcnt for last_candidate - batman-adv: fix elp packet data reservation - [armhf,arm64] irqchip/gicv3: Silence noisy DEBUG_PER_CPU_MAPS warning - [armhf] 8618/1: decompressor: reset ttbcr fields to use TTBR0 on ARMv7 - [arm64] debug: avoid resetting stepping state machine when TIF_SINGLESTEP - [mips*] uprobes: remove incorrect set_orig_insn - [mips*] fix uretprobe implementation - [mips*/*-malta] Fix IOCU disable switch read for MIPS64 - [mips*] uprobes: fix use of uninitialised variable - printk: fix parsing of "brl=" option - Bluetooth: split sk_filter in l2cap_sock_recv_cb - tpm: fix byte-order for the value read by tpm2_get_tpm_pt - regulator: pwm: Fix regulator ramp delay for continuous mode - [arm64] regulator: qcom_spmi: Add support for S4 supply on pm8941 - [arm64] regulator: qcom_spmi: Add support for get_mode/set_mode on switches - [arm64] regulator: qcom_spmi: Update mvs1/mvs2 switches on pm8941 - [arm64] regulator: qcom_smd: Fix voltage ranges for pm8x41 - [arm64] regulator: qcom_smd: Fix voltage ranges for pma8084 ftsmps and pldo - [armhf] dts: imx6sx-sabreauto: Fix misspelled property - [armhf] sun5i: Fix typo in trip point temperature - pcmcia: ds: fix suspend/resume - [armhf] hwrng: omap - Fix assumption that runtime_get_sync will always succeed - blk-mq: actually hook up defer list when running requests - pstore: drop file opened reference count - fm10k: fix incorrect index calculation in fm10k_write_reta - iwlmvm: mvm: set correct state in smart-fifo configuration - [armhf,arm64] em28xx-i2c: rt_mutex_trylock() returns zero on failure - gspca: avoid unused variable warnings - ath9k: Fix programming of minCCA power threshold - qla2xxx: Fix BBCR offset - fnic: pci_dma_mapping_error() doesn't return an error code - tracing: Have HIST_TRIGGERS select TRACING - NFS/pnfs: Do not clobber existing pgio_done_cb in nfs4_proc_read_setup - svc: Avoid garbage replies when pc_func() returns rpc_drop_reply - NFS: Don't drop CB requests with invalid principals - pNFS/files: Fix layoutcommit after a commit to DS - pNFS/flexfiles: Fix layoutcommit after a commit to DS - watchdog: core: Clear WDOG_HW_RUNNING before calling the stop function - xprtrdma: Remove FMRs from the unmap list after unmapping - [x86] ASoC: Intel: Skylake: Fix error return code in skl_probe() - brcmfmac: Fix glob_skb leak in brcmf_sdiod_recv_chain - brcmsmac: Free packet if dma_mapping_error() fails in dma_rxfill - brcmsmac: Initialize power in brcms_c_stf_ss_algo_channel_get() - [powerpc*] prom: Fix sub-processor option passed to ibm, client-architecture-support - sysctl: handle error writing UINT_MAX to u32 fields - IB/core: Fix possible memory leak in cma_resolve_iboe_route() - kernel/fork: fix CLONE_CHILD_CLEARTID regression in nscd - SUNRPC: Silence WARN_ON when NFSv4.1 over RDMA is in use - pNFS/flexfiles: Fix layoutstat periodic reporting - lib/test_hash.c: fix warning in preprocessor symbol evaluation - [x86] KVM: nVMX: postpone VMCS changes on MSR_IA32_APICBASE write - ceph: do not modify fi->frag in need_reset_readdir() - IB/ipoib: Fix memory corruption in ipoib cm mode connect flow - ath10k: fix get rx_status from htt context - IB/core: Fix use after free in send_leave function - regmap: rbtree: Avoid overlapping nodes - scsi: ses: use scsi_is_sas_rphy instead of is_sas_attached - IB/ipoib: Don't allow MC joins during light MC flush - IB/mlx4: Fix incorrect MC join state bit-masking on SR-IOV - IB/mlx4: Fix code indentation in QP1 MAD flow - IB/mlx4: Use correct subnet-prefix in QP1 mads under SR-IOV - IB/mlx5: Enable MAD_IFC commands for IB ports only - IB/mlx5: Set source mac address in FTE - batman-adv: remove unused callback from batadv_algo_ops struct - aio: mark AIO pseudo-fs noexec - dm log writes: fix bug with too large bios - usb: misc: legousbtower: Fix NULL pointer deference - [x86] usb: usbip: vudc: fix left shift overflow - Revert "usbtmc: convert to devm_kzalloc" - [x86] ALSA: hda - Adding one more ALC255 pin definition for headset problem - [x86] ALSA: hda - Fix headset mic detection problem for several Dell laptops - [x86] ALSA: hda - Add the top speaker pin config for HP Spectre x360 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.8 - [powerpc*] pseries: use pci_host_bridge.release_fn() to kfree(phb) - [powerpc*] cxl: use pcibios_free_controller_deferred() when removing vPHBs - timekeeping: Fix __ktime_get_fast_ns() regression - ALSA: ali5451: Fix out-of-bound position reporting - ALSA: usb-audio: Extend DragonFly dB scale quirk to cover other variants - mfd: rtsx_usb: Avoid setting ucr->current_sg.status - [x86] xen: Update topology map for PV VCPUs - [powerpc*] KVM: PPC: Book3s PR: Allow access to unprivileged MMCR2 register - [arm64] KVM: arm64: Require in-kernel irqchip for PMU support - [arm64] KVM: arm/arm64: vgic: Don't flush/sync without a working vgic - [powerpc*] KVM: PPC: BookE: Fix a sanity check - [arm64] fix dump_backtrace/unwind_frame with NULL tsk - [x86] boot: Fix kdump, cleanup aborted E820_PRAM max_pfn manipulation - [x86] irq: Prevent force migration of irqs which are not in the vector domain - [x86] apic: Get rid of apic_version[] array - [x86] arch/x86: Handle non enumerated CPU after physical hotplug - [x86] dumpstack: Fix x86_32 kernel_stack_pointer() previous stack access - [armhf] dts: mvebu: armada-390: add missing compatibility string and bracket - [arm64] dts: MSM8064 remove flags from SPMI/MPP IRQs - [arm64] cpuidle: Fix error return code - [x86] tpm: fix a race condition in tpm2_unseal_trusted() - [x86] tpm_crb: fix crb_req_canceled behavior [ Ben Hutchings ] * net: add recursion limit to GRO (CVE-2016-7039) * posix_acl: Clear SGID bit when setting file permissions (CVE-2016-7097) * scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer() (CVE-2016-7425) [ Salvatore Bonaccorso ] * KEYS: Fix short sprintf buffer in /proc/keys show function (CVE-2016-7042) * mm: remove gup_flags FOLL_WRITE games from __get_user_pages() (CVE-2016-5195) -- Salvatore Bonaccorso Wed, 19 Oct 2016 17:56:57 +0200 linux (4.7.6-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.6 - [arm64] crypto: arm64/aes-ctr - fix NULL dereference in tail processing - [armhf] crypto: arm/aes-ctr - fix NULL dereference in tail processing - crypto: skcipher - Fix blkcipher walk OOM crash - crypto: echainiv - Replace chaining with multiplication - ocfs2/dlm: fix race between convert and migration - ocfs2: fix start offset to ocfs2_zero_range_for_truncate() - Revert "ocfs2: bump up o2cb network protocol version" - autofs: use dentry flags to block walks during expire - xfs: prevent dropping ioend completions during buftarg wait - mm: fix the page_swap_info() BUG_ON check - fsnotify: add a way to stop queueing events on group shutdown - fanotify: fix list corruption in fanotify_get_response() - mm: memcontrol: make per-cpu charge cache IRQ-safe for socket accounting - cgroup: duplicate cgroup reference when cloning sockets - fix fault_in_multipages_...() on architectures with no-op access_ok() - KEYS: Fix skcipher IV clobbering - [arm64] Call numa_store_cpu_info() earlier. - configfs: Return -EFBIG from configfs_write_bin_file. - [armhf] mtd: nand: mxc: fix obiwan error in mxc_nand_v[12]_ooblayout_free() functions - mtd: spi-nor: fix wrong "fully unlocked" test - reset: Return -ENOTSUPP when not configured - rtc: ds1307: Fix relying on reset value for weekday - [arm64] power: reset: hisi-reboot: Unmap region obtained by of_iomap - mac80211: reject TSPEC TIDs (TSIDs) for aggregation - fix memory leaks in tracing_buffers_splice_read() - tracing: Move mutex to protect against resetting of seq data - mm: delete unnecessary and unsafe init_tlb_ubc() - iwlwifi: mvm: update TX queue before making a copy of the skb - nl80211: validate number of probe response CSA counters - btrfs: ensure that file descriptor used with subvol ioctls is a dir - [x86] efi: Only map RAM into EFI page tables if in mixed-mode - [x86] i2c-eg20t: fix race between i2c init and interrupt enable - [armhf] i2c: mux: pca954x: retry updating the mux selection on failure - [arm64] i2c: qup: skip qup_i2c_suspend if the device is already runtime suspended - [mips*] SMP: Fix possibility of deadlock when bringing CPUs online - [mips*] Avoid a BUG warning during prctl(PR_SET_FP_MODE, ...) - [mips*] Add a missing ".set pop" in an early commit - [x86] mm/pat: Prevent hang during boot when mapping pages - libceph: add an ONSTACK initializer for oids - ceph: fix symbol versioning for ceph_monc_do_statfs - ceph: Correctly return NXIO errors from ceph_llseek - libceph: fix return value check in alloc_msg_with_page_vector() - PM / hibernate: Restore processor state before using per-CPU variables - PM / hibernate: Fix rtree_next_node() to avoid walking off list ends - ixgbe: Force VLNCTRL.VFE to be set in all VMDq paths - ixgbe: Re-enable ability to toggle VLAN filtering - igb: fix adjusting PTP timestamps for Tx/Rx latency - [armhf,arm64] soc/tegra: pmc: Don't probe PMC if early initialisation fails - qxl: check for kmap failures - hostfs: Freeing an ERR_PTR in hostfs_fill_sb_common() - iw_cxgb4: stop MPA_REPLY timer when disconnecting [ Ben Hutchings ] * debian/bin/gencontrol.py: Fix cross-build-dependencies if invoked under dpkg-buildpackage * linux-image: Exclude vmlinux from stripping by dh_strip (fixes FTBFS on hppa) * udeb: Fold core-modules into kernel-image * udeb: Move nls_utf8 from fat-modules to kernel-image, as many other filesystems need it but vfat no longer does * of_mdio: Enable fixed PHY support if driver is a module * of_mdio: select fixed phy support unconditionally * [armhf] Enable driver for SolidRun ClearFog: USB_XHCI_MVEBU as module * mm: memcontrol: use special workqueue for creating per-memcg caches [ Cyril Brulebois ] * Add nls_ascii to the fat-modules udeb, following the change of iocharset default in 4.7.2-1. This fixes a regression with EFI-related mounts within the Debian Installer. (Closes: #839552) -- Ben Hutchings Fri, 07 Oct 2016 02:11:50 +0100 linux (4.7.5-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5 - [armhf] clocksource/drivers/sun4i: Clear interrupts after stopping timer in probe function - fscrypto: require write access to mount to set encryption policy - [arm64] drm/msm: protect against faults from copy_from_user() in submit ioctl - bpf: fix method of PTR_TO_PACKET reg id generation - ipv4: panic in leaf_walk_rcu due to stale node pointer - vti: flush x-netns xfrm cache when vti interface is removed - bpf: fix write helpers with regards to non-linear parts - net/irda: handle iriap_register_lsap() allocation failure - net/sctp: always initialise sctp_ht_iter::start_fail - net: ipv6: Do not keep IPv6 addresses when IPv6 is disabled - tipc: fix NULL pointer dereference in shutdown() - net/mlx5: Fix pci error recovery flow - net/mlx5: Added missing check of msg length in verifying its signature - net/mlx5e: Use correct flow dissector key on flower offloading - net sched: fix encoding to use real length - udp: fix poll() issue with zero sized packets - tcp: properly scale window in tcp_v[46]_reqsk_send_ack() - sctp: fix overrun in sctp_diag_dump_one() - tun: fix transmit timestamp support - [armhf] net: dsa: bcm_sf2: Fix race condition while unmasking interrupts - Revert "phy: IRQ cannot be shared" - net: smc91x: fix SMC accesses - bridge: re-introduce 'fix parsing of MLDv2 reports' - bonding: Fix bonding crash - Revert "af_unix: Fix splice-bind deadlock" - af_unix: split 'u->readlock' into two: 'iolock' and 'bindlock' - ipv6: release dst in ping_v6_sendmsg - [arm64] bnxt_en: Fix TX push operation on ARM64. - ipv6: addrconf: fix dev refcont leak when DAD failed - tcp: fastopen: avoid negative sk_forward_alloc - net/mlx5e: Fix parsing of vlan packets when updating lro header - tcp: cwnd does not increase in TCP YeAH - [powerpc*] tm: do not use r13 for tabort_syscall - [powerpc*] powernv : Drop reference added by kset_find_obj() - [powerpc*] sysdev: cpm: fix gpio save_regs functions - [powerpc*] mm: Don't alias user region to other regions below PAGE_OFFSET - [powerpc*] powernv: Fix corrupted PE allocation bitmap on releasing PE - kernfs: don't depend on d_find_any_alias() when generating notifications - pNFS/flexfiles: Fix an Oopsable condition when connection to the DS fails - pNFS: The client must not do I/O to the DS if it's lease has expired - NFSv4.1: Fix Oopsable condition in server callback races - NFSv4.x: Fix a refcount leak in nfs_callback_up_net - nfsd: Close race between nfsd4_release_lockowner and nfsd4_lock - pNFS: Ensure LAYOUTGET and LAYOUTRETURN are properly serialised - NFSv4.1: Fix the CREATE_SESSION slot number accounting - kexec: fix double-free when failing to relocate the purgatory - mm, mempolicy: task->mempolicy must be NULL before dropping final reference - ahci: disable correct irq for dummy ports - audit: fix exe_file access in audit_exe_compare - dm flakey: fix reads to be issued if drop_writes configured - IB/hfi1,IB/qib: Fix qp_stats sleep with rcu read lock held - IB/uverbs: Fix race between uverbs_close and remove_one - IB/hfi1: Reset QSFP on every run through channel tuning - [amd64] mm: fix cache mode of dax pmd mappings - [x86] paravirt: Do not trace _paravirt_ident_*() functions - [x86] AMD: Apply erratum 665 on machines without a BIOS fix - [s390x] KVM: don't use current->thread.fpu.* when accessing registers - [armhf,arm64] kvm-arm: Unmap shadow pagetables properly - [x86] kvm: correctly reset dest_map->vector when restoring LAPIC state - iio: sw-trigger: Fix config group initialization - [armhf] iio: adc: rockchip_saradc: reset saradc controller before programming it - [armhf] iio: adc: ti_am335x_adc: Protect FIFO1 from concurrent access - [armhf] iio: adc: ti_am335x_adc: Increase timeout value waiting for ADC sample - iio:ti-ads1015: fix a wrong pointer definition. - [x86] iio: accel: bmc150: reset chip at init time - iio: fix pressure data output unit in hid-sensor-attributes - iio:core: fix IIO_VAL_FRACTIONAL sign handling - iio: ensure ret is initialized to zero before entering do loop - serial: 8250_mid: fix divide error bug if baud rate is 0 - serial: 8250: added acces i/o products quad and octal serial cards - [armhf,arm64] usb: chipidea: udc: fix NULL ptr dereference in isr_setup_status_phase - USB: change bInterval default to 10 ms - devpts: return NULL pts 'priv' entry for non-devpts nodes - cpuset: make sure new tasks conform to the current config of the cpuset - [armhf] dts: rockchip: add reset node for the exist saradc SoCs - [armhf] imx6: add missing BM_CLPCR_BYP_MMDC_CH0_LPM_HS setting for imx6ul - [armhf] imx6: add missing BM_CLPCR_BYPASS_PMIC_READY setting for imx6sx - [armel] kirkwood: ib62x0: fix size of u-boot environment partition - [armhf] OMAP3: hwmod data: Add sysc information for DSI - [armel] dts: kirkwood: Fix PCIe label on OpenRD - [armhf] dts: imx6qdl: Fix SPDIF regression - [armhf] dts: armada-388-clearfog: number LAN ports properly - dm log writes: fix check of kthread_run() return value - dm crypt: fix free of bad values after tfm allocation failure - dm log writes: move IO accounting earlier to fix error path - dm crypt: fix error with too large bios - [armhf] pinctrl: sunxi: fix uart1 CTS/RTS pins at PG on A23/A33 - [armhf] memory: omap-gpmc: allow probe of child nodes to fail - [arm64] spinlocks: implement smp_mb__before_spinlock() as smp_mb() - crypto: cryptd - initialize child shash_desc on import - Btrfs: remove root_log_ctx from ctx list before btrfs_sync_log returns - fuse: direct-io: don't dirty ITER_BVEC pages - xhci: fix null pointer dereference in stop command timeout function - brcmfmac: avoid potential stack overflow in brcmf_cfg80211_start_ap() - md-cluster: make md-cluster also can work when compiled into kernel - ath9k: fix using sta->drv_priv before initializing it - ath9k: bring back direction setting in ath9k_{start_stop} - [x86] perf/intel: Fix PEBSv3 record drain - [x86] perf/intel/cqm: Check cqm/mbm enabled state in event init - [x86] perf/amd: Make HW_CACHE_REFERENCES and HW_CACHE_MISSES measure L2 - [x86] perf/intel/pt: Fix an off-by-one in address filter configuration - [x86] perf/intel/pt: Fix kernel address filter's offset validation - [x86] perf/intel/pt: Do validate the size of a kernel address filter - Revert "wext: Fix 32 bit iwpriv compatibility issue with 64 bit Kernel" - sched/core: Fix a race between try_to_wake_up() and a woken up task - ipv6: Don't unset flowi6_proto in ipxip6_tnl_xmit() - efi: Make for_each_efi_memory_desc_in_map() cope with running on Xen - efi/libstub: Allocate headspace in efi_get_memory_map() - efi/libstub: Introduce ExitBootServices helper - efi/libstub: Use efi_exit_boot_services() in FDT - [x86] efi: Use efi_exit_boot_services() - [powerpc,powerpcspe] Fix csum_partial_copy_generic() - [powerpc,powerpcspe] Fix again csum_partial_copy_generic() - [x86] drm/i915: Ignore OpRegion panel type except on select machines - [x86] drm: Only use compat ioctl for addfb2 on X86/IA64 - svcauth_gss: Revert 64c59a3726f2 ("Remove unnecessary allocation") - genirq: Provide irq_gc_{lock_irqsave,unlock_irqrestore}() helpers - fix iov_iter_fault_in_readable() - [x86] fix minor infoleak in get_user_ex() - [s390x] get_user() should zero on failure - asm-generic: make get_user() clear the destination on errors - asm-generic: make copy_from_user() zero the destination properly - [alpha,hppa,mips*,powerpc,powerpcspe,sh4] make copy_from_user() zero the destination properly [ Ben Hutchings ] * [hppa,mips*,powerpc*] linux-image: Strip debug symbols from vmlinux (really closes: #837588) * [hppa] tracing: Re-enable FTRACE * [powerpc,powerpcspe,ppc64] linux-image: Suppress automatic dbgsym packages * uaccess,uio: Fix ABI changes in 4.7.5 * ext4: Fix checksum validation for inodes with small i_extra_isize (Closes: #838544, regression in 4.7.4) -- Ben Hutchings Mon, 26 Sep 2016 01:48:21 +0100 linux (4.7.4-2) unstable; urgency=medium * [arm64] Revert "arm64: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO" (fixes FTBFS) * [armhf] media: Disable VIDEO_V4L2_SUBDEV_API and VIDEO_OMAP3 to avoid ABI change (fixes FTBFS) * [hppa] Ignore ABI changes caused by disabling CONFIG_FTRACE (fixes FTBFS) -- Ben Hutchings Mon, 19 Sep 2016 22:09:42 +0100 linux (4.7.4-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.3 - [x86] mm: Disable preemption during CR3 read+write - [x86] uprobes: Fix RIP-relative handling of EVEX-encoded instructions - [x86] platform/uv: Skip UV runtime services mapping in the efi_runtime_disabled case - SUNRPC: Handle EADDRNOTAVAIL on connection failures - SUNRPC: allow for upcalls for same uid but different gss service - [x86] ALSA: hda - Manage power well properly for resume - efi/capsule: Allocate whole capsule into virtual memory - virtio: fix memory leak in virtqueue_add() - vfio/pci: Fix NULL pointer oops in error interrupt setup handling - tracing: Fix tick_stop tracepoint symbols for user export - [x86] perf intel-pt: Fix occasional decoding errors when tracing system-wide - [amd64] libnvdimm, nd_blk: mask off reserved status bits - ACPI: CPPC: Return error if _CPC is invalid on a CPU - ACPI / CPPC: Prevent cpc_desc_ptr points to the invalid data - genirq/msi: Remove unused MSI_FLAG_IDENTITY_MAP - genirq/msi: Make sure PCI MSIs are activated early - usb: ehci: change order of register cleanup during shutdown - usb: devio, do not warn when allocation fails - usb: misc: usbtest: add fix for driver hang - usb: misc: usbtest: usbtest_do_ioctl may return positive integer - usb: dwc3: gadget: increment request->actual once - usb: dwc3: gadget: fix for short pkts during chained xfers - usb: dwc3: gadget: always cleanup all TRBs - usb: hub: Fix unbalanced reference count/memory leak/deadlocks - USB: hub: fix up early-exit pathway in hub_activate - USB: hub: change the locking in hub_activate - USB: validate wMaxPacketValue entries in endpoint descriptors - usb/gadget: fix gadgetfs aio support. - xhci: always handle "Command Ring Stopped" events - usb: xhci: Fix panic if disconnect - xhci: don't dereference a xhci member after removing xhci - USB: serial: fix memleak in driver-registration error path - uprobes: Fix the memcg accounting - perf symbols: Fix annotation of objects with debuginfo files - perf/core: Fix event_function_local() - perf tools mem: Fix -t store option for record command - iommu/dma: Don't put uninitialised IOVA domains - [armhf] iommu/io-pgtable-arm-v7s: Fix attributes when splitting blocks - [armhf,arm64] iommu/arm-smmu: Fix CMDQ error handling - [armhf,arm64] iommu/arm-smmu: Disable stalling faults for all endpoints - [armhf,arm64] iommu/arm-smmu: Don't BUG() if we find aborting STEs with disable_bypass - [x86] pinctrl/amd: Remove the default de-bounce time - i2c: mux: demux-pinctrl: properly roll back when adding adapter fails - [s390x] dasd: fix hanging device after clear subchannel - mac80211: fix purging multicast PS buffer queue - [arm64] kernel: avoid literal load of virtual address with MMU off - [arm64] avoid TLB conflict with CONFIG_RANDOMIZE_BASE - [arm64] dts: rockchip: add reset saradc node for rk3368 SoCs - [arm64] kernel: Fix unmasked debug exceptions when restoring mdscr_el1 - of: fix reference counting in of_graph_get_endpoint_by_regs - iio: fix sched WARNING "do not call blocking ops when !TASK_RUNNING" - [x86] drm/amdgpu: Change GART offset to 64-bit - [x86] drm/amdgpu: fix amdgpu_move_blit on 32bit systems - [x86] drm/amdgpu: fix lru size grouping v2 - [x86] drm/amdgpu: avoid a possible array overflow - [x86] drm/amdgpu: skip TV/CV in display parsing - [x86] drm/amd/amdgpu: sdma resume fail during S4 on CI - [x86] drm/amd/amdgpu: compute ring test fail during S4 on CI - [x86] drm/amdgpu: record error code when ring test failed - [x86] drm/i915: Fix iboost setting for DDI with 4 lanes on SKL - [x86] drm/i915: Program iboost settings for HDMI/DVI on SKL - [x86] drm/i915: Fix iboost setting for SKL Y/U DP DDI buffer translation entry 2 - [x86] drm/i915: Acquire audio powerwell for HD-Audio registers - [x86] drm/i915: fix aliasing_ppgtt leak - [x86] drm/i915/vlv: Make intel_crt_reset() per-encoder - [x86] drm/i915/vlv: Reset the ADPA in vlv_display_power_well_init() - [x86] drm/i915/vlv: Disable HPD in valleyview_crt_detect_hotplug() - [x86] drm/i915: Enable polling when we don't have hpd - [arm64] mfd: cros_ec: Add cros_ec_cmd_xfer_status() helper - [arm64] i2c: cros-ec-tunnel: Fix usage of cros_ec_cmd_xfer() - cdc-acm: fix wrong pipe type on rx interrupt xfers - mpt3sas: Fix resume on WarpDrive flash cards - megaraid_sas: Fix probing cards without io port - dm round robin: do not use this_cpu_ptr() without having preemption disabled - gpio: Fix OF build problem on UM - fs/seq_file: fix out-of-bounds read - soft_dirty: fix soft_dirty during THP split - [amd64] dax: fix device-dax region base - [amd64] mm: silently skip readahead for DAX inodes - btrfs: waiting on qgroup rescan should not always be interruptible - btrfs: properly track when rescan worker is running - btrfs: don't create or leak aliased root while cleaning up orphans - Revert "floppy: fix open(O_ACCMODE) for ioctl-only open" - Input: synaptics-rmi4 - fix register descriptor subpacket map construction - [x86] crypto: qat - fix aes-xts key sizes - USB: avoid left shift by -1 - usb: chipidea: udc: don't touch DP when controller is in host mode - USB: fix typo in wMaxPacketSize validation - usb: gadget: udc: core: don't starve DMA resources - USB: serial: mos7720: fix non-atomic allocation in write path - USB: serial: mos7840: fix non-atomic allocation in write path - [x86] staging/lustre/llite: Close atomic_open race with several openers - [x86] staging: comedi: daqboard2000: bug fix board type matching code - [x86] staging: comedi: comedi_test: fix timer race conditions - [x86] staging: comedi: ni_mio_common: fix AO inttrig backwards compatibility - [x86] staging: comedi: ni_mio_common: fix wrong insn_write handler - ACPI / drivers: fix typo in ACPI_DECLARE_PROBE_ENTRY macro - ACPI / drivers: replace acpi_probe_lock spinlock with mutex - ALSA: line6: Remove double line6_pcm_release() after failed acquire. - ALSA: line6: Give up on the lock while URBs are released. - ALSA: line6: Fix POD sysfs attributes segfault - hwmon: (it87) Add missing sysfs attribute group terminator - hwmon: (iio_hwmon) fix memory leak in name attribute - sysfs: correctly handle read offset on PREALLOC attrs - SUNRPC: Fix infinite looping in rpc_clnt_iterate_for_each_xprt https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.4 - Revert "floppy: refactor open() flags handling" - apparmor: fix refcount race when finding a child profile - fs: Check for invalid i_uid in may_follow_link() - cred: Reject inodes with invalid ids in set_create_file_as() - ext4: validate that metadata blocks do not overlap superblock - ext4: fix xattr shifting when expanding inodes - ext4: fix xattr shifting when expanding inodes part 2 - ext4: properly align shifted xattrs when expanding inodes - ext4: avoid deadlock when expanding inode size - ext4: avoid modifying checksum fields directly during checksum verification - block: Fix race triggered by blk_set_queue_dying() - block: make sure a big bio is split into at most 256 bvecs - cgroup: reduce read locked section of cgroup_threadgroup_rwsem during fork - cdc-acm: added sanity checking for probe() - drm/radeon: fix radeon_move_blit on 32bit systems - drm/radeon: only apply the SS fractional workaround to RS[78]80 - drm/atomic: Don't potentially reset color_mgmt_changed on successive property updates. - drm: Reject page_flip for !DRIVER_MODESET - [arm64] drm/msm: fix use of copy_from_user() while holding spinlock - [armhf] drm/vc4: Use drm_free_large() on handles to match its allocation. - [armhf] drm/vc4: Fix overflow mem unreferencing when the binner runs dry. - [armhf] drm/vc4: Fix oops when userspace hands in a bad BO. - xfs: fix superblock inprogress check - timekeeping: Cap array access in timekeeping_debug - xenbus: don't look up transaction IDs for ordinary writes - ovl: proper cleanup of workdir - ovl: don't copy up opaqueness - ovl: remove posix_acl_default from workdir - ovl: listxattr: use strnlen() - ovl: fix workdir creation - mei: me: disable driver on SPT SPS firmware - ubifs: Fix xattr generic handler usage - ubifs: Fix assertion in layout_in_gaps() - bdev: fix NULL pointer dereference - bcache: RESERVE_PRIO is too small by one when prio_buckets() is a power of two. - [mips*/*-malta] irqchip/mips-gic: Implement activate op for device domain - vhost/scsi: fix reuse of &vq->iov[out] in response - [x86] apic: Do not init irq remapping if ioapic is disabled - xprtrdma: Create common scatterlist fields in rpcrdma_mw - crypto: caam - fix IV loading for authenc (giv)decryption - fscrypto: add authorization check for setting encryption policy - fscrypto: only allow setting encryption policy on directories - ALSA: firewire-tascam: accessing to user space outside spinlock - ALSA: fireworks: accessing to user space outside spinlock - ALSA: rawmidi: Fix possible deadlock with virmidi registration - ALSA: timer: fix NULL pointer dereference in read()/ioctl() race - ALSA: timer: fix division by zero after SNDRV_TIMER_IOCTL_CONTINUE - ALSA: timer: fix NULL pointer dereference on memory allocation failure - ALSA: timer: Fix zero-division by continue of uninitialized instance - scsi: fix upper bounds check of sense key in scsi_sense_key_string() - cpufreq: dt: Add terminate entry for of_device_id tables [ Ben Hutchings ] * [arm64] Add cpu_to_fdt32() when setting Secure Boot flag in FDT * [amd64] Enable SIGNED_PE_FILE_VERIFICATION, KEXEC_FILE, KEXEC_VERIFY_SIG, KEXEC_BZIMAGE_VERIFY_SIG * i8042: Revert ABI break in 4.7.3 * mm, oom: prevent premature OOM killer invocation for high order request (regression in 4.7) * [arm64] pinctrl: Enable PINCTRL_SINGLE as built-in, needed for HiKey SoCs * [hppa] Disable FTRACE due to huge size cost (Closes: #837588) * [powerpcspe] xmon: Don't use ld on 32-bit (Closes: #836741) * liblockdep-dev: Add dependency on liblockdep (Closes: #837710) * xen-linux-system: Relax dependency on linux-image to allow for version suffix added by linux-signed * [armhf] Enable drivers for Novena: MFD_STMPE as built-in; DRM_PANEL_SIMPLE, MMA8452, TOUCHSCREEN_STMPE, BATTERY_SBS, BACKLIGHT_PWM, SND_SOC_IMX_ES8328 as modules (Closes: #837627, thanks to Vagrant Cascadian) * linux-image: postrm: Make failure of rmdir on purge non-fatal (Closes: #836282) * [armhf] Enable drivers and options for OpenPandora console: POWER_AVS_OMAP as built-in; DISPLAY_CONNECTOR_ANALOG_TV, DISPLAY_PANEL_TPO_TD043MTEA1, SENSORS_TWL4030_MADC, VIDEO_OMAP3, BATTERY_TWL4030_MADC, BACKLIGHT_PANDORA, HDQ_MASTER_OMAP as modules; OMAP2_DSS_DSI (Closes: #835893, thanks to Vagrant Cascadian) * bug script: Stop describing TAINT_UNSIGNED_MODULE as expected -- Ben Hutchings Sun, 18 Sep 2016 14:56:01 +0100 linux (4.7.2-1) unstable; urgency=medium * New upstream release: https://kernelnewbies.org/Linux_4.7 - media: fix airspy usb probe error path (CVE-2016-5400) - libata: LITE-ON CX1-JB256-HP needs lower max_sectors (Closes: #830971) - tcp: make challenge acks less predictable (CVE-2016-5696) * New stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.1 - vfs: ioctl: prevent double-fetch in dedupe ioctl (CVE-2016-6516) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.2 - [powerpc*] KVM: Book3S HV: Save/restore TM state in H_CEDE (CVE-2016-5412) - audit: fix a double fetch in audit_log_single_execve_arg() (CVE-2016-6136) [ Ben Hutchings ] * sched: Enable SCHEDSTATS (Closes: #796674) * Re-enable various config options disabled by name and type changes in 4.7: - nfc: NFC_PN533_USB replaced NFC_PN533 - [armhf] dsa: NET_DSA_MV88E6XXX replaced NET_DSA_MV88E6{123,131,171} - [x86] ACPI: ACPI_TABLE_UPGRADE replaced ACPI_INITRD_TABLE_OVERRIDE - rxrpc: Enable RXKAD as part of af_rxrpc module - [x86] 8250: Enable SERIAL_8250_FINTEK as built-in * cgroups: Enable memory controller by default * [armfh] udeb: Add efi-modules * linux-kbuild: Include headers_install.sh and unifdef (Closes: #832359) * udeb: Include cdc_ncm in nic-usb-modules (Closes: #833918) * usbip: Use the locally-installed * Exclude redundant and unreproducible files from binary packages (Closes: #830268) - usbip: Put all autotools-generated files in the build directory - linux-headers: Exclude all .cmd files * [arm*] Enable SECCOMP (Closes: #833183) * [hppa] Fix automatic selection of cr16 clocksource * [hppa] Fix order of EREFUSED define in errno.h * aufs: Update support patches to aufs4.7-20160822 (Closes: #834764) * [powerpc*] ipmi: Enable IPMI_POWERNV as module (Closes: #833861) * kbuild: Do not use hyphen in exported variable name (Closes: #833561) * fat: Mitigate the lack of UTF-8 case folding by enabling FAT_DEFAULT_UTF8 and setting FAT_DEFAULT_IOCHARSET to "ascii" (Closes: #833238) * [arm64] Add support for securelevel and Secure Boot (Closes: #831827, thanks to Linn Crosetto): - efi: Disable secure boot if shim is in insecure mode - Add kernel config option to set securelevel when in Secure Boot mode - Enable EFI_SECURE_BOOT_SECURELEVEL * tcp: fix use after free in tcp_xmit_retransmit_queue() (CVE-2016-6828) * aacraid: Check size values after double-fetch from user (CVE-2016-6480) * liblockdep: Move dummy definition of prandom_u32() to fix missing declaration * debian/rules.real: Avoid error message when usbip's config.h doesn't exist [ Martin Michlmayr ] * [armhf] Enable MMC_SDHCI_IPROC and HW_RANDOM_BCM2835 for BCM2835. * [arm64] Add USB support for NVIDIA Jetson TX1 Developer Kit: - pinctrl: max77620: add pincontrol driver for MAX77620/MAX20024 - gpio: max77620: add gpio driver for MAX77620/MAX20024 - gpio: max77620: Configure interrupt trigger level - gpio: max77620: use the new open drain callback - gpio: max77620: get gpio value based on direction - arm64: tegra: Add PMIC support on Jetson TX1 - arm64: tegra: p2597: Add SDMMC power supplies - arm64: tegra: Add DSI panel on Jetson TX1 - arm64: tegra: Add Tegra210 XUSB pad controller - arm64: tegra: Add Tegra210 XUSB controller - arm64: tegra: Enable debug serial on Jetson TX1 - arm64: tegra: Enable XUSB controller on Jetson TX1 - arm64: tegra: Correct Tegra210 XUSB mailbox interrupt * [arm64] Enable REGULATOR_FIXED_VOLTAGE. * [arm64] Enable ARM64_ERRATUM_834220. * [arm64] Build in SERIAL_TEGRA. * [arm64] Enable REGULATOR_PWM, DRM_PANEL_SIMPLE, BACKLIGHT_GENERIC and BACKLIGHT_LP855X for Jetson TX1. * [arm64] Enable BATTERY_BQ27XXX, MFD_CROS_EC_I2C, I2C_CROS_EC_TUNNEL for Google Pixel C. * [arm64] Enable more Qualcomm options: PINCTRL_QCOM_SPMI_PMIC, SPMI_MSM_PMIC_ARB, QCOM_SPMI_IADC, QCOM_SPMI_VADC, MFD_SPMI_PMIC, REGULATOR_QCOM_SPMI, QCOM_SPMI_TEMP_ALARM, CHARGER_QCOM_SMBB, USB_CHIPIDEA, USB_HSIC_USB3503, RTC_DRV_PM8XXX, EXTCON_USB_GPIO, QCOM_COINCELL, and INPUT_PM8941_PWRKEY. [ Uwe Kleine-König ] * Fix perf to be able to find debug info based on build-id. (Closes: #833096) [ Nicolas LE CAM ] * [amd64] Suggest grub-efi-amd64 instead of grub-efi dummy transitionnal package (Closes: #835459) -- Ben Hutchings Sun, 28 Aug 2016 15:56:10 +0100 linux (4.7~rc7-1~exp1) experimental; urgency=medium * New upstream release candidate [ Aurelien Jarno ] * [mipsel] Remove loongson-2e and loongson-2f flavours (Closes: #827790). * [mipsel/4kc-malta, mipsel/5kc-malta] Build for R2 ISA. [ Martin Michlmayr ] * [armhf, arm64] Enable DRM_TEGRA_STAGING. [ Ben Hutchings ] * [x86] KASLR, power: Remove x86 hibernation restrictions * fanotify: Enable FANOTIFY_ACCESS_PERMISSIONS (Closes: #690737) - Warn and taint kernel if this feature is actually used * Define Auto-Built-Package field when running dpkg-gencontrol, as dpkg-source doesn't like to see it in debian/control * debian/lib/python/debian_linux/debian.py: Handle packages with only short descriptions * Change names and descriptions of linux-image debug symbol packages to match debhelper [ Bastian Blank ] * Mark debug symbols packages to move them into the debug archive. * Build debug symbols for all images. -- Ben Hutchings Thu, 14 Jul 2016 13:35:22 +0100 linux (4.7~rc4-1~exp1) experimental; urgency=medium * New upstream release candidate [ Ben Hutchings ] * [armel] Disable module signing for all flavours (fixes FTBFS) -- Ben Hutchings Tue, 21 Jun 2016 00:41:23 +0100 linux (4.7~rc3-1~exp1) experimental; urgency=medium * New upstream release candidate [ Ben Hutchings ] * bug script: Put binary package name and version in the info file so linux-signed can easily replace them * Move merge_packages function from debian/bin/gencontrol.py to gencontrol module * udeb: Drop packages for modules that will later be signed * linux-image: Add '-unsigned' suffix to packages with modules that will later be signed - Add Conflicts and Replaces relations to signed packages (Closes: #827618) * [rt] Disable until it is updated for 4.7 or later * cpupower: Bump soname version and rename library package accordingly * debian/rules.d/Makefile: Override architecture detection when building userland headers * linux-cpupower: Define PACKAGE_BUGREPORT to refer to reportbug, not upstream * debian/README.source: Document the supported build profiles * debian/control: Fix build-dependencies for cross-building - Add workaround for libdpkg-perl bugs #827628, #827633 * Add support for the nopython build profile, disabling the linux-perf package * Fix build rules for userland tools to support cross-building [ Martin Michlmayr ] * [armhf, arm64] Enable PHY_TEGRA_XUSB and USB_XHCI_TEGRA. * [arm64] Enable MAX77620 and PCA9539 which are required by Jetson TX1. * [arm64] Enable TEGRA210_ADMA. * [arm64] Enable THERMAL. * [armhf] Enable TEGRA_SOCTHERM. * [armhf] Enable SPI_TEGRA114. * [arm64] Enable more QCOM options (QCOM_SMP2P, QCOM_SMSM, QCOM_WCNSS_CTRL, PHY_QCOM_UFS, QCOM_QFPROM). [ Aurelien Jarno ] * [ppc64*] Enable SPAPR_TCE_IOMMU, VFIO and VFIO_PCI (Closes: #826367). -- Ben Hutchings Sat, 18 Jun 2016 23:50:39 +0100 linux (4.6.4-1) unstable; urgency=medium * Team upload. * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.4 - net_sched: fix pfifo_head_drop behavior vs backlog - act_ipt: fix a bind refcnt leak - net: Don't forget pr_fmt on net_dbg_ratelimited for CONFIG_DYNAMIC_DEBUG - sit: correct IP protocol used in ipip6_err - esp: Fix ESN generation under UDP encapsulation - netem: fix a use after free - ipmr/ip6mr: Initialize the last assert time of mfc entries. - Bridge: Fix ipv6 mc snooping if bridge has no ipv6 address - sock_diag: do not broadcast raw socket destruction - bpf, perf: delay release of BPF prog after grace period - neigh: Explicitly declare RCU-bh read side critical section in neigh_xmit() - AX.25: Close socket connection on session completion - [powerpc] crypto: vmx - Increase priority of aes-cbc cipher - crypto: user - re-add size check for CRYPTO_MSG_GETALG - USB: uas: Fix slave queue_depth not being set - usb: quirks: Fix sorting - usb: quirks: Add no-lpm quirk for Acer C120 LED Projector - [armhf] usb: musb: only restore devctl when session was set in backup - [armhf] usb: musb: Stop bulk endpoint while queue is rotated - [armhf] usb: musb: Ensure rx reinit occurs for shared_fifo endpoints - [armhf] usb: musb: host: correct cppi dma channel for isoch transfer - xhci: Cleanup only when releasing primary hcd - usb: xhci-plat: properly handle probe deferral for devm_clk_get() - USB: xhci: Add broken streams quirk for Frescologic device id 1009 - xhci: Fix handling timeouted commands on hosts in weird states. - USB: mos7720: delete parport - usb: gadget: fix spinlock dead lock in gadgetfs - [arm64, armhf] usb: host: ehci-tegra: Grab the correct UTMI pads reset - usb: dwc3: exynos: Fix deferred probing storm. [ Uwe Kleine-König ] * Cherry pick patches for rtc-s35390a from next. (Closes: #794266) [ Salvatore Bonaccorso ] * apparmor: fix oops, validate buffer size in apparmor_setprocattr() (CVE-2016-6187) [ Ben Hutchings ] * bridge: Fix ABI change in 4.6.4 * [rt] Update to 4.6.4-rt6 (no functional change) -- Salvatore Bonaccorso Mon, 18 Jul 2016 21:57:31 +0200 linux (4.6.3-1) unstable; urgency=medium [ Ben Hutchings ] * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3 - scsi_lib: correctly retry failed zero length REQ_TYPE_FS commands - scsi: Add QEMU CD-ROM to VPD Inquiry Blacklist - netlink: Fix dump skb leak/double free - tipc: fix nametable publication field in nl compat - switchdev: pass pointer to fib_info instead of copy - tuntap: correctly wake up process during uninit - bpf: Use mount_nodev not mount_ns to mount the bpf filesystem - udp: prevent skbs lingering in tunnel socket queues - uapi glibc compat: fix compilation when !__USE_MISC in glibc - bpf, inode: disallow userns mounts - [armhf] net: mvneta: Fix lacking spinlock initialization - net: hwbm: Fix unbalanced spinlock in error case - sfc: on MC reset, clear PIO buffer linkage in TXQs - team: don't call netdev_change_features under team->lock - net: alx: use custom skb allocator - net: stmmac: Fix incorrect memcpy source memory - vxlan: Accept user specified MTU value when create new vxlan link - net: nps_enet: Disable interrupts before napi reschedule - bpf, trace: use READ_ONCE for retrieving file ptr - tcp: record TLP and ER timer stats in v6 stats - bridge: Don't insert unnecessary local fdb entry on changing mac address - l2tp: fix configuration passed to setup_udp_tunnel_sock() - ipv6: Skip XFRM lookup if dst_entry in socket cache is valid - [armhf,arm64] KVM: vgic-v2: Clear all dirty LRs - [armhf,arm64] KVM: vgic-v3: Clear all dirty LRs - [x86] KVM: fix OOPS after invalid KVM_SET_DEBUGREGS - KVM: irqfd: fix NULL pointer dereference in kvm_irq_map_gsi - [arm*] drivers/perf: arm_pmu: Defer the setting of __oprofile_cpu_pmu - [x86] ALSA: hda - Add PCI ID for Kabylake - [x86] ALSA: hda - Fix headset mic detection problem for Dell machine - ALSA: hda/realtek - ALC256 speaker noise issue - ALSA: hda/realtek - Add support for new codecs ALC700/ALC701/ALC703 - [x86] ALSA: hda/realtek: Add T560 docking unit fixup - [armhf] fix PTRACE_SETVFPREGS on SMP systems - gpio: bail out silently on NULL descriptors - gpiolib: Fix NULL pointer deference - gpiolib: Fix unaligned used of reference counters - [s390x] bpf: fix recache skb->data/hlen for skb_vlan_push/pop - [s390x] bpf: reduce maximum program size to 64 KB - [armhf,arm64] irqchip/gic-v3: Fix ICC_SGI1R_EL1.INTID decoding mask - [x86] crypto: ccp - Fix AES XTS error for request sizes above 4096 - [arm64] Provide "model name" in /proc/cpuinfo for PER_LINUX32 tasks - [arm64] mm: always take dirty state from new pte in ptep_set_access_flags - [powerpc*] pseries/eeh: Handle RTAS delay requests in configure_bridge - [powerpc*] Fix definition of SIAR and SDAR registers - [powerpc*] Use privileged SPR number for MMCR2 - [powerpc*] pseries: Add POWER8NVL support to ibm,client-architecture-support call - [powerpc*] mm/hash: Fix the reference bit update when handling hash fault - [hppa] Fix pagefault crash in unaligned __get_user() call - memcg: add RCU locking around css_for_each_descendant_pre() in memcg_offline_kmem() - wext: Fix 32 bit iwpriv compatibility issue with 64 bit Kernel - mm: thp: broken page count after commit aa88b68c3b1d - [x86] entry/traps: Don't force in_interrupt() to return true in IST handlers - fix d_walk()/non-delayed __d_free() race - [sparc64] Reduce TLB flushes during hugepte changes - [sparc64] Take ctx_alloc_lock properly in hugetlb_setup(). - [sparc64] Harden signal return frame checks. - [sparc64] Fix return from trap window fill crashes. - drm/core: Do not preserve framebuffer on rmfb, v4. - [x86] Revert "drm/i915: Exit cherryview_irq_handler() after one pass" - gpio: make sure gpiod_to_irq() returns negative on NULL desc * [powerpc*] tm: Always reclaim in start_thread() for exec() class syscalls (CVE-2016-5828) [ Salvatore Bonaccorso ] * HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands (CVE-2016-5829) -- Ben Hutchings Mon, 04 Jul 2016 20:10:24 +0200 linux (4.6.2-2) unstable; urgency=medium * [mips*] Fix ABI changes in 4.6.2 * [rt] Update to 4.6.2-rt5: - mm/memcontrol: mem_cgroup_migrate() - replace another local_irq_disable() w. local_lock_irq() * KEYS: potential uninitialized variable (CVE-2016-4470) * percpu: fix synchronization between chunk->map_extend_work and chunk destruction (CVE-2016-4794) * percpu: fix synchronization between synchronous map extension and chunk destruction (CVE-2016-4794) * netfilter: x_tables: Fix parsing of IPT_SO_SET_REPLACE blobs (CVE-2016-4997, CVE-2016-4998) - don't move to non-existent next rule - validate targets of jumps - add and use xt_check_entry_offsets - kill check_entry helper - assert minimum target size - add compat version of xt_check_entry_offsets - check standard target size too - check for bogus target offset - validate all offsets and sizes in a rule - don't reject valid target size on some - arp_tables: simplify translate_compat_table args - ip_tables: simplify translate_compat_table args - ip6_tables: simplify translate_compat_table args - xt_compat_match_from_user doesn't need a retval - do compat validation via translate_table - introduce and use xt_copy_counters_from_user * Ignore ABI change in x_tables * nfsd: check permissions when setting ACLs (CVE-2016-1237) -- Ben Hutchings Sat, 25 Jun 2016 11:22:27 +0200 linux (4.6.2-1) unstable; urgency=medium * Team upload. * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.2 - f2fs: fix deadlock when flush inline data - [mips*] math-emu: Fix jalr emulation when rd == $0 - [mips*] Avoid using unwind_stack() with usermode - [mips*] Fix siginfo.h to use strict posix types - [mips*] Fix uapi include in exported asm/siginfo.h - [mips*] Fix watchpoint restoration - [mips*] Flush highmem pages in __flush_dcache_page - [mips*] Handle highmem pages in __update_cache - [mips*] Sync icache & dcache in set_pte_at - [mips*] Reserve nosave data for hibernation - [mips*el/loongson-3] Reserve 32MB for RS780E integrated GPU - [mips*] Use copy_s.fmt rather than copy_u.fmt - [mips*] Prevent "restoration" of MSA context in non-MSA kernels - [mips*] ptrace: Fix FP context restoration FCSR regression - [mips*] ptrace: Prevent writes to read-only FCSR bits - [mips*] lib: Mark intrinsics notrace - [mips*] VDSO: Build with `-fno-strict-aliasing' - affs: fix remount failure when there are no options changed - ASoC: ak4642: Enable cache usage to fix crashes on resume - Input: uinput - handle compat ioctl for UI_SET_PHYS - Input: xpad - move pending clear to the correct location - Input: xpad - prevent spurious input from wired Xbox 360 controllers - [armhf] sun4i: dt: Enable dram gate 5 (tve0 clock) for simplefb TV output - [armhf] sun7i: dt: Enable dram gate 5 (tve0 clock) for simplefb TV output - [armhf] mvebu: fix GPIO config on the Linksys boards - [armhf] dts: exynos: Add interrupt line to MAX8997 PMIC on exynos4210-trats - ath9k: Fix LED polarity for some Mini PCI AR9220 MB92 cards. - ath10k: fix firmware assert in monitor mode - ath10k: fix rx_channel during hw reconfigure - ath10k: fix kernel panic, move arvifs list head init before htt init - ath5k: Change led pin configuration for compaq c700 laptop - [armhf] hwrng: exynos - Fix unbalanced PM runtime put on timeout error path - rtlwifi: Fix logic error in enter/exit power-save mode - rtlwifi: pci: use dev_kfree_skb_irq instead of kfree_skb in rtl_pci_reset_trx_ring - Revert "lpfc: Delete unnecessary checks before the function call mempool_destroy" - aacraid: Start adapter after updating number of MSIX vectors - aacraid: Relinquish CPU during timeout wait - aacraid: Fix for aac_command_thread hang - aacraid: Fix for KDUMP driver hang - regulator: Try to resolve regulators supplies on registration - hwmon: (ads7828) Enable internal reference - [x86] mfd: intel_quark_i2c_gpio: Remove clock tree on error path - [x86] mfd: intel-lpss: Save register context on suspend - [x86] mfd: intel_soc_pmic_core: Terminate panel control GPIO lookup table correctly - PM / Runtime: Fix error path in pm_runtime_force_resume() - cpuidle: Indicate when a device has been unregistered - cpuidle: Fix cpuidle_state_is_coupled() argument in cpuidle_enter() - [armhf] clk: bcm2835: Fix PLL poweron - [armhf] clk: bcm2835: pll_off should only update CM_PLL_ANARST - [armhf] clk: bcm2835: divider value has to be 1 or more - [armhf] clk: bcm2835: correctly enable fractional clock support - [armhf] pinctrl: exynos5440: Use off-stack memory for pinctrl_gpio_range - PCI: Disable all BAR sizing for devices with non-compliant BARs - media: v4l2-compat-ioctl32: fix missing reserved field copy in put_v4l2_create32 - PKCS#7: fix missing break on OID_sha224 case - mm: use phys_addr_t for reserve_bootmem_region() arguments - mm/compaction.c: fix zoneindex in kcompactd() - wait/ptrace: assume __WALL if the child is traced - batman-adv: Fix double neigh_node_put in batadv_v_ogm_route_update - [powerpc*] book3s64: Fix branching to OOL handlers in relocatable kernel - [powerpc*] eeh: Don't report error in eeh_pe_reset_and_recover() - [powerpc*] Revert "powerpc/eeh: Fix crash in eeh_add_device_early() on Cell" - [powerpc*] eeh: Restore initial state in eeh_pe_reset_and_recover() - xen/events: Don't move disabled irqs - xen: use same main loop for counting and remapping pages - sunrpc: fix stripping of padded MIC tokens - [x86] drm/gma500: Fix possible out of bounds read - [x86] drm/vmwgfx: Kill some lockdep warnings - [x86] drm/amdgpu: use drm_mode_vrefresh() rather than mode->vrefresh - [x86] drm/amdgpu: Fix hdmi deep color support. - [x86] drm/i915/fbdev: Fix num_connector references in intel_fb_initial_config() - drm/fb_helper: Fix references to dev->mode_config.num_connector - [x86] drm/i915: Discard previous atomic state on resume if connectors change - drm/atomic: Verify connector->funcs != NULL when clearing states - Bluetooth: 6lowpan: Fix memory corruption of ipv6 destination address - [x86] drm/i915/psr: Try to program link training times correctly - [x86] drm/i915: Respect DP++ adaptor TMDS clock limit - [x86] drm/i915: Enable/disable TMDS output buffers in DP++ adaptor as needed - [x86] drm/i915: Don't leave old junk in ilk active watermarks on readout - [x86] drm/i915: Fix watermarks for VLV/CHV - [armhf] drm/imx: Match imx-ipuv3-crtc components using device node in platform data - [x86] drm/i915: Pass the correct crtc state to .update_plane() - ext4: fix data exposure after a crash - ext4: fix hang when processing corrupted orphaned inode list - ext4: clean up error handling when orphan list is corrupted - ext4: fix check of dqget() return value in ext4_ioctl_setproject() - ext4: fix oops on corrupted filesystem - ext4: address UBSAN warning in mb_find_order_for_block() - nfs: avoid race that crashes nfs_init_commit - PM / sleep: Handle failures in device_suspend_late() consistently - mm: thp: avoid false positive VM_BUG_ON_PAGE in page_move_anon_rmap() - xfs: disallow rw remount on fs with unknown ro-compat features - xfs: Don't wrap growfs AGFL indexes - xfs: remove xfs_fs_evict_inode() - xfs: xfs_iflush_cluster fails to abort on error - xfs: fix inode validity check in xfs_iflush_cluster - xfs: skip stale inodes in xfs_iflush_cluster - [armhf] drm: msm: remove unused variable - IB/hfi1: Fix hard lockup due to not using save/restore spin lock - regulator: Fix deadlock during regulator registration [ Ben Hutchings ] * [armel,armhf,sh4] linux-image: Do not suggest fdutils * liblockdep: Reduce MAX_LOCK_DEPTH to avoid overflowing lock_chain::depth * liblockdep: Fix 'unused value' warnings * liblockdep: Fix 'set but not used' warnings * liblockdep: Fix 'defined but not used' warning for init_utsname() [ Salvatore Bonaccorso ] * Stack overflow via ecryptfs and /proc/$pid/environ (CVE-2016-1583) - proc: prevent stacking filesystems on top - ecryptfs: forbid opening files without mmap handler - sched: panic on corrupted stack end * tipc: fix an infoleak in tipc_nl_compat_link_dump (CVE-2016-5243) * rds: fix an infoleak in rds_inc_info_copy (CVE-2016-5244) -- Salvatore Bonaccorso Wed, 15 Jun 2016 21:32:54 +0200 linux (4.6.1-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.1 [ Ben Hutchings ] * [mips*r6*] Disable these architectures until dak recognises them as valid in the control file * linux-image: Rewrite maintainer scripts in shell, using the new linux-update-symlinks and linux-check-removal commands (Closes: #692333, #815850). Drop support for minimal_swap, no_symlinks, use_hard_links and *_hook parameters in /etc/kernel-img.conf (Closes: #730073). Remove now-redundant debconf templates. * linux-image: postrm: Update default symlinks before running hook scripts * linux-image: Make a newly installed kernel the default if the package was previously removed * mtd: Disable slram and phram when securelevel is enabled * debian/patches/features/all/rt/genpatch.py: Use Python 3 * debian/patches/features/all/rt/genpatch.py: Fix mapping of -rt version to upstream version * debian/patches/features/all/rt/genpatch.py: Use upstream tarball directly * debian/patches/features/all/rt/genpatch.py: Use stable URLs in patch Origin headers * [rt] Update to 4.6.1-rt3: - trace: correct off by one while recording the trace-event - sched,preempt: Fix preempt_count manipulations - kernel/rtmutex: only warn once on a try lock from bad - locallock: add local_lock_on() - kernel/printk: Don't try to print from IRQ/NMI region - mm: perform lru_add_drain_all() remotely * debian/control: Drop obsolete versioned Depends and Breaks * linux-libc-dev: Drop obsolete Replaces/Conflicts with linux-kernel-headers * debian/control: Update policy version to 3.9.8; no changes required * Disable MODULE_SIG for architectures not supported by linux-signed * Set ABI to 1 -- Ben Hutchings Mon, 06 Jun 2016 18:13:57 +0100 linux (4.6-1~exp2) experimental; urgency=medium [ Ben Hutchings ] * [tilegx] Build a linux-libc-dev package (Closes: #824524; thanks to Helmut Grohne) * [tilegx] linux-libc-dev: Install headers in arch-specific directory (Closes: #823632; thanks to Helmut Grohne) * [rt] Update to 4.6-rc7-rt1 and re-enable - Override SYSTEM_TRUSTED_KEYS to work from the source_rt directory * Fold debian/config/README into debian/README.source * debian/README.source: Rewrite and expand explanation of kernel config file construction * aufs: Update support patches to aufs4.6-20160523 - mmap: Fix use-after-free in remap_file_pages(2) * [mips*] Change NFS and various storage and network drivers from built-in to modules * 8139too: Use same configuration on all architectures: enable 8139TOO_TUNE_TWISTER, 8139TOO_8129 and disable 8139TOO_PIO * [mipsn32{,r6}{,el}] Build linux-libc-dev and tools packages * [mips{,64}r6{,el}] Add kernel flavours for the Malta platform; build linux-libc-dev and tools packages (Closes: #825024; thanks to YunQiang Su) * [mips*/*-malta] udeb: Add ata-modules package * linux-image: Stop setting $STEM in environment for maintainer script hooks * linux-image: Add workaround for bug #817083 in debconf * linux-image: prerm: Allow removal of running kernel if we can't ask debconf questions (Closes: #825423) * linux-image: prerm: Ignore version of running kernel inside a container or chroot * [s390] udeb: Drop all packages, since s390 no longer has its own kernel * udeb: Drop packages for modules that will later be signed; these packages will be taken over by src:linux-signed [ Aurelien Jarno ] * [mips64{,el}] Set CPU to MIPS64 R2. * [mips] Set CPU to MIPS32/64 R2. [ Martin Michlmayr ] * [armhf] Enable more NVIDIA Tegra options (TEGRA_IOMMU_SMMU, ARM_TEGRA_DEVFREQ, SND_SOC_TEGRA_*). -- Ben Hutchings Mon, 30 May 2016 04:44:45 +0100 linux (4.6-1~exp1) experimental; urgency=medium * New upstream release: http://kernelnewbies.org/Linux_4.6 [ Ben Hutchings ] * Re-apply "[media] videobuf2-v4l2: Verify planes array in buffer dequeueing", reverted upstream in 4.6 * [arm64] Enable RANDOMIZE_BASE (kASLR) * [armhf] dsa: Enable NET_DSA_MV88E6123 as module, replacing NET_DSA_MV88E6123_61_65 -- Ben Hutchings Tue, 17 May 2016 02:39:47 +0100 linux (4.6~rc7-1~exp1) experimental; urgency=medium * New upstream release candidate [ Ben Hutchings ] * [hppa] Enable MLONGCALLS (fixes FTBFS) * [alpha] fs: Disable BINFMT_EM86 (obsoleted by binfmt_misc; fixes FTBFS) [ Aurelien Jarno ] * [mips*/octeon] Enable EDAC, EDAC_MM_EDAC, EDAC_OCTEON_L2C, EDAC_OCTEON_LMC, EDAC_OCTEON_PC, EDAC_OCTEON_PCI. -- Ben Hutchings Mon, 09 May 2016 03:39:32 +0100 linux (4.6~rc5-1~exp1) experimental; urgency=medium * New upstream release candidate [ Ben Hutchings ] * [armhf] Enable EFI, RTC_DRV_EFI * Update config for renaming/removal/replacement/merging/splitting of various symbols * *lockdep*,linux-perf: Remove '-rcN' from installation paths [ Martin Michlmayr ] * [armel, armhf] Use new Marvell CESA driver. * [arm64] Enable support for NVIDIA Tegra. * [arm64] udeb: Create fb-modules. -- Ben Hutchings Fri, 29 Apr 2016 10:40:36 +0200 linux (4.6~rc3-1~exp1) experimental; urgency=medium * New upstream release candidate [ Ben Hutchings ] * aufs: Update support patches to aufs4.x-rcN-20160328 -- Ben Hutchings Thu, 14 Apr 2016 23:55:15 +0100 linux (4.5.5-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5 - decnet: Do not build routes to devices without decnet private data. - route: do not cache fib route info on local routes with oif - packet: fix heap info leak in PACKET_DIAG_MCLIST sock_diag interface - net: sched: do not requeue a NULL skb - bpf/verifier: reject invalid LD_ABS | BPF_DW instruction - cdc_mbim: apply "NDP to end" quirk to all Huawei devices - soreuseport: fix ordering for mixed v4/v6 sockets - net: use skb_postpush_rcsum instead of own implementations - vlan: pull on __vlan_insert_tag error path and fix csum correction - openvswitch: Orphan skbs before IPv6 defrag - openvswitch: use flow protocol when recalculating ipv6 checksums - net/mlx5_core: Fix soft lockup in steering error flow - net/mlx5e: Device's mtu field is u16 and not int - net/mlx5e: Fix minimum MTU - net/mlx5e: Use vport MTU rather than physical port MTU - ipv4/fib: don't warn when primary address is missing if in_dev is dead - net/mlx4_en: fix spurious timestamping callbacks - net: Implement net_dbg_ratelimited() for CONFIG_DYNAMIC_DEBUG case - gre: do not pull header in ICMP error processing - net_sched: introduce qdisc_replace() helper - net_sched: update hierarchical backlog too - sch_htb: update backlog as well - sch_dsmark: update backlog as well - netem: Segment GSO packets on enqueue - ipv6/ila: fix nlsize calculation for lwtunnel - net/mlx4_en: Fix endianness bug in IPV6 csum calculation - [x86] VSOCK: do not disconnect socket when peer has shutdown SEND only - net: bridge: fix old ioctl unlocked net device walk - bridge: fix igmp / mld query parsing - net: fix a kernel infoleak in x25 module (CVE-2016-4580) - net: thunderx: avoid exposing kernel stack - tcp: refresh skb timestamp at retransmit time - net/route: enforce hoplimit max value - ocfs2: revert using ocfs2_acl_chmod to avoid inode cluster lock hang - ocfs2: fix posix_acl_create deadlock - zsmalloc: fix zs_can_compact() integer overflow - mm: thp: calculate the mapcount correctly for THP pages during WP faults - [x86] crypto: qat - fix invalid pf2vf_resp_wq logic - crypto: testmgr - Use kmalloc memory for RSA input - ALSA: usb-audio: Quirk for yet another Phoenix Audio devices (v2) - ALSA: usb-audio: Yet another Phoneix Audio device quirk - ALSA: hda - Fix subwoofer pin on ASUS N751 and N551 - ALSA: hda - Fix white noise on Asus UX501VW headset - ALSA: hda - Fix broken reconfig - [armhf] spi: spi-ti-qspi: Fix FLEN and WLEN settings if bits_per_word is overridden - [armhf] spi: spi-ti-qspi: Handle truncated frames properly - perf diff: Fix duplicated output column - perf/core: Disable the event on a truncated AUX record - vfs: rename: check backing inode being equal - workqueue: fix rebind bound workers warning - [armhf] regulator: s2mps11: Fix invalid selector mask and voltages for buck9 - [armhf] regulator: axp20x: Fix axp22x ldo_io voltage ranges - atomic_open(): fix the handling of create_error - qla1280: Don't allocate 512kb of host tags - tools lib traceevent: Do not reassign parg after collapse_tree() - [x86] drm/i915: Update CDCLK_FREQ register on BDW after changing cdclk frequency - drm/radeon: fix PLL sharing on DCE6.1 (v2) - [x86] drm/i915: Bail out of pipe config compute loop on LPT - [x86] Revert "drm/i915: start adding dp mst audio" - [x86] drm/i915/bdw: Add missing delay during L3 SQC credit programming - drm/radeon: fix DP link training issue with second 4K monitor - drm/radeon: fix DP mode validation - [x86] drm/amdgpu: fix DP mode validation - btrfs: reada: Fix in-segment calculation for reada - Btrfs: fix truncate_space_check - btrfs: remove error message from search ioctl for nonexistent tree - btrfs: change max_inline default to 2048 - Btrfs: fix unreplayable log after snapshot delete + parent dir fsync - Btrfs: fix file loss on log replay after renaming a file and fsync - Btrfs: fix extent_same allowing destination offset beyond i_size - Btrfs: fix deadlock between direct IO reads and buffered writes - Btrfs: fix race when checking if we can skip fsync'ing an inode - Btrfs: do not collect ordered extents when logging that inode exists - btrfs: csum_tree_block: return proper errno value - btrfs: do not write corrupted metadata blocks to disk - Btrfs: fix invalid reference in replace_path - btrfs: handle non-fatal errors in btrfs_qgroup_inherit() - btrfs: fallback to vmalloc in btrfs_compare_tree - Btrfs: don't use src fd for printk - btrfs: Reset IO error counters before start of device replacing [ Salvatore Bonaccorso ] * tipc: check nl sock before parsing nested attributes (CVE-2016-4951) [ Ben Hutchings ] * aufs: Update support patches to aufs4.5-20160523 - mmap: Fix use-after-free in remap_file_pages(2) * Revert "stmmac: Fix 'eth0: No PHY found' regression" (Closes: #823493) * [x86] kvm:vmx: more complete state update on APICv on/off (CVE-2016-4440) * USB: usbfs: fix potential infoleak in devio (CVE-2016-4482) * ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS (CVE-2016-4569) * ALSA: timer: Fix leak in events via snd_timer_user_ccallback or snd_timer_user_tinterrupt (CVE-2016-4578) * dwc3-exynos: Fix deferred probing storm (Closes: #823552; thanks to Steinar H. Gunderson) * Re-apply "[media] videobuf2-v4l2: Verify planes array in buffer dequeueing", reverted upstream in 4.5.5 [ Roger Shimizu ] * [armhf] Enable SENSORS_PWM_FAN / PWM_SAMSUNG as module, as recommended by Steinar H. Gunderson. (Closes: #824941) * [armhf] For Odroid-U3 (Exynos4) support, enable ARCH_EXYNOS4 / MFD_MAX77686 / RTC_DRV_MAX77686 as built-in, and COMMON_CLK_MAX77686 / REGULATOR_MAX77686 / MMC_SDHCI_S3C as module. Thanks to Vagrant Cascadian. (Closes: #825139) -- Ben Hutchings Sun, 29 May 2016 22:21:11 +0100 linux (4.5.4-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4 - RDMA/iw_cxgb4: Fix bar2 virt addr calculation for T4 chips - net/mlx5_core: Fix caching ATOMIC endian mode capability - ipvs: handle ip_vs_fill_iph_skb_off failure - ipvs: correct initial offset of Call-ID header search in SIP persistence engine - ipvs: drop first packet to redirect conntrack - rtlwifi: Fix size of wireless mode variable - [x86] mfd: intel-lpss: Remove clock tree on error path - nbd: ratelimit error msgs after socket close - null_blk: add lightnvm null_blk device to the nullb_list - [arm64] ata: ahci_xgene: dereferencing uninitialized pointer in probe - [armhf] wlcore: fix error handling in wlcore_event_fw_logger - ath10k: fix pktlog in QCA99X0 - mwifiex: fix corner case association failure - clk-divider: make sure read-only dividers do not write to their register - [armhf] clk: rockchip: fix wrong mmc phase shift for rk3228 - [armhf] clk: rockchip: free memory in error cases when registering clock branches - [armel/versatile] clk: versatile: sp810: support reentrance - [armhf] clk: sunxi: Fix sun8i-a23-apb0-clk divider flags - [arm64] clk: xgene: Add missing parenthesis when clearing divider value - [armhf] clk: bcm2835: fix check of error code returned by devm_ioremap_resource() - [armhf] pwm: omap-dmtimer: Fix inaccurate period and duty cycle calculations - [armhf] pwm: omap-dmtimer: Add sanity checking for load and match values - [armhf] pwm: omap-dmtimer: Round load and match values rather than truncate - lpfc: fix misleading indentation - gpiolib-acpi: Duplicate con_id string when adding it to the crs lookup list - ath9k: ar5008_hw_cmn_spur_mitigate: add missing mask_m & mask_p initialisation - mac80211: fix statistics leak if dev_alloc_name() fails - tracing: Don't display trigger file for events that can't be enabled - MD: make bio mergeable - Minimal fix-up of bad hashing behavior of hash_64() - mm: memcontrol: let v2 cgroups follow changes in system swappiness - [armhf] mm, cma: prevent nr_isolated_* counters from going negative - mm/zswap: provide unique zpool name - propogate_mnt: Handle the first propogated copy being a slave (CVE-2016-4581) - modpost: fix module autoloading for OF devices with generic compatible property - [armhf] EXYNOS: Properly skip unitialized parent clock in power domain on - [armhf] SoCFPGA: Fix secondary CPU startup in thumb2 kernel - xen: Fix page <-> pfn conversion on 32 bit systems - xen/balloon: Fix crash when ballooning on x86 32 bit PAE - xen/evtchn: fix ring resize when binding new events - HID: wacom: Add support for DTK-1651 - proc: prevent accessing /proc//environ until it's ready - mm: update min_free_kbytes from khugepaged after core initialization - batman-adv: fix DAT candidate selection (must use vid) - batman-adv: Check skb size before using encapsulated ETH+VLAN header - batman-adv: Fix broadcast/ogm queue limit on a removed interface - batman-adv: Reduce refcnt of removed router when updating route - [x86] libnvdimm, pfn: fix memmap reservation sizing - writeback: Fix performance regression in wb_over_bg_thresh() - [x86] tsc: Read all ratio bits from MSR_PLATFORM_INFO - [arm64] cpuidle: Pass on arm_cpuidle_suspend()'s return value - [x86] sysfb_efi: Fix valid BAR address range check - [arm64] dts: apq8064: add ahci ports-implemented mask - ACPICA: Dispatcher: Update thread ID for recursive method calls - [powerpc*] Fix bad inline asm constraint in create_zero_mask() - libahci: save port map for forced port map - ata: ahci-platform: Add ports-implemented DT bindings. - USB: serial: cp210x: add ID for Link ECU - USB: serial: cp210x: add Straizona Focusers device ids - Revert "USB / PM: Allow USB devices to remain runtime-suspended when sleeping" - nvmem: mxs-ocotp: fix buffer overflow in read - [x86] Drivers: hv: vmbus: Fix signaling logic in hv_need_to_signal_on_read() - [armhf] gpu: ipu-v3: Fix imx-ipuv3-crtc module autoloading - [x86] drm/amdgpu: make sure vertical front porch is at least 1 - [x86] drm/amdgpu: set metadata pointer to NULL after freeing. - [x86] iio: ak8975: Fix NULL pointer exception on early interrupt - [x86] iio: ak8975: fix maybe-uninitialized warning - drm/radeon: make sure vertical front porch is at least 1 - [x86] drm/i915: Avoid stalling on pending flips for legacy cursor updates - [x86] drm/i915/ddi: Fix eDP VDD handling during booting and suspend/resume - [x86] drm/i915: Fix system resume if PCI device remained enabled - [x86] drm/i915: Fix eDP low vswing for Broadwell - [x86] drm/i915: Make RPS EI/thresholds multiple of 25 on SNB-BDW - [x86] drm/i915: Fake HDMI live status - [x86] ACPI / processor: Request native thermal interrupt handling via _OSC [ Aurelien Jarno ] * [mips*] Fix PR_SET_FPMODE issues with multi-threaded programs. * [i386] Stop recommending libc6-i686. * [arm,x86] Fix memory corruption in KVM with THP enabled. (Closes: #821225) * [mips*/octeon] Add support for byte swapped initramfs to handle u-boot and kernel running with a different endianness. * [mipsel/octeon] Activate flavour on mipsel. [ Roger Shimizu ] * netfilter: Enable NF_DUP_NETDEV / NFT_DUP_NETDEV / NFT_FWD_NETDEV as module, as recommended by Arturo Borrero Gonzalez. (Closes: #824162) [ Salvatore Bonaccorso ] * KEYS: Fix ASN.1 indefinite length object parsing (CVE-2016-0758) * net: fix infoleak in llc (CVE-2016-4485) * KVM: MTRR: remove MSR 0x2f8 (CVE-2016-3713) [ Ben Hutchings ] * gencontrol.py: Fix implementation of [packages]tools config option, thanks to Yves-Alexis Perez * debian/control: Exclude tools from 'stage1' build profile * debian/control,debian/rules: Support a 'pkg.linux.notools' build profile which does not build tools packages * debian/control,debian/rules,debian/rules.d: Support the 'nodoc' build profile * debian/control: Remove alternate build-dependency on binutils-dev that was used for backports to wheezy * net: fix infoleak in rtnetlink (CVE-2016-4486) * nf_conntrack: avoid kernel pointer value leak in slab name * vfs: do_splice_to(): cap the size before passing to ->splice_read() * crypto: hash - Fix page length clamping in hash walk * isofs: get_rock_ridge_filename(): handle malformed NM entries * uapi glibc compat: fix compile errors when glibc net/if.h included before linux/if.h (Closes: #822393) * videobuf2-core: Fix crash after fixing CVE-2016-4568 * [armhf] Enable more Exynos drivers (Closes: #824435): - drm: Enable DRM_EXYNOS as module, DRM_EXYNOS_MIXER, DRM_EXYNOS_FIMD, DRM_EXYNOS_DSI, DRM_EXYNOS_DP, DRM_EXYNOS_HDMI - phy: Enable PHY_EXYNOS_MIPI_VIDEO, PHY_EXYNOS_DP_VIDEO as modules - cpuidle: Enable ARM_EXYNOS_CPUIDLE - iio: Enable EXYNOS_ADC as module -- Ben Hutchings Mon, 16 May 2016 19:17:22 +0100 linux (4.5.3-2) unstable; urgency=medium * [s390x] PCI: Ignore zpci ABI changes; these functions are not used by modules * [powerpc*] Fix sstep compile on powerpcspe (Closes: #823526; thanks to Lennart Sorensen) -- Ben Hutchings Sun, 08 May 2016 15:03:45 +0100 linux (4.5.3-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3 - mmc: block: Use the mmc host device index as the mmcblk device index - block: partition: initialize percpuref before sending out KOBJ_ADD - block: loop: fix filesystem corruption in case of aio/dio - [arm64] efi: Don't apply MEMBLOCK_NOMAP to UEFI memory map mapping - [x86] mce: Avoid using object after free in genpool - [x86] kvm: do not leak guest xcr0 into host interrupt handlers - [arm*] KVM: Handle forward time correction gracefully - [armhf] mvebu: Correct unit address for linksys - [armhf] OMAP2: Fix up interconnect barrier initialization for DRA7 - [armhf] OMAP2+: hwmod: Fix updating of sysconfig register - assoc_array: don't call compare_object() on a node - [x86] usb: xhci: applying XHCI_PME_STUCK_QUIRK to Intel BXT B0 host - xhci: resume USB 3 roothub first - usb: host: xhci: add a new quirk XHCI_NO_64BIT_SUPPORT - usb: xhci: fix wild pointers in xhci_mem_cleanup - xhci: fix 10 second timeout on removal of PCI hotpluggable xhci controllers - usb: host: xhci-plat: Make enum xhci_plat_type start at a non zero value - usb: hcd: out of bounds access in for_each_companion - usb: gadget: f_fs: Fix use-after-free - dm cache metadata: fix READ_LOCK macros and cleanup WRITE_LOCK macros - dm cache metadata: fix cmd_read_lock() acquiring write lock - lib: lz4: fixed zram with lz4 on big endian machines - debugfs: Make automount point inodes permanently empty - dmaengine: dw: fix master selection - [armhf] dmaengine: omap-dma: Fix polled channel completion detection and handling - dmaengine: edma: Remove dynamic TPTC power management feature - mtd: nand: pxa3xx_nand: fix dmaengine initialization - sched/cgroup: Fix/cleanup cgroup teardown/init - [x86] EDAC, sb_edac.c: Repair damage introduced when "fixing" channel address - [x86] EDAC, sb_edac.c: Take account of channel hashing when needed - ALSA: hda - Don't trust the reported actual power state - [x86] ALSA: hda/realtek - Add ALC3234 headset mode for Optiplex 9020m - ALSA: hda - Keep powering up ADCs on Cirrus codecs - [x86] ALSA: hda - add PCI ID for Intel Broxton-T - ALSA: pcxhr: Fix missing mutex unlock - [x86] ALSA: hda - Add dock support for ThinkPad X260 - [x86] ALSA: hda - Update BCLK also at hotplug for i915 HSW/BDW - asm-generic/futex: Re-enable preemption in futex_atomic_cmpxchg_inatomic() - futex: Handle unlock_pi race gracefully - futex: Acknowledge a new waiter in counter before plist - drm/nouveau/core: use vzalloc for allocating ramht - drm/qxl: fix cursor position with non-zero hotspot - [x86] drm/i915: Fix race condition in intel_dp_destroy_mst_connector() - Revert "drm/radeon: disable runtime pm on PX laptops without dGPU power control" - [armhf] Revert "PCI: imx6: Add support for active-low reset GPIO" - usbvision: revert commit 588afcc1 - [x86] Revert "drm/amdgpu: disable runtime pm on PX laptops without dGPU power control" - cpufreq: intel_pstate: Fix processing for turbo activation ratio - [s390x] pci: add extra padding to function measurement block - iwlwifi: pcie: lower the debug level for RSA semaphore access - iwlwifi: mvm: fix memory leak in paging - crypto: rsa-pkcs1pad - fix dst len - [x86] crypto: ccp - Prevent information leakage on export - crypto: sha1-mb - use corrcet pointer while completing jobs - [powerpc*] scan_features() updates incorrect bits for REAL_LE - [powerpc*] Update cpu_user_features2 in scan_features() - [powerpc*] Update TM user feature bits in scan_features() - nl80211: check netlink protocol in socket release notification - netlink: don't send NETLINK_URELEASE for unbound sockets - pinctrl: single: Fix pcs_parse_bits_in_pinctrl_entry to use __ffs than ffs - [x86] iommu/amd: Fix checking of pci dma aliases - iommu/dma: Restore scatterlist offsets correctly - [x86] drm/amdgpu: when suspending, if uvd/vce was running. need to cancel delay work. - [x86] drm/amdgpu: use defines for CRTCs and AMFT blocks - [x86] drm/amdgpu: bump the afmt limit for CZ, ST, Polaris - [x86] amdgpu/uvd: add uvd fw version for amdgpu - [x86] drm/amdgpu: fix regression on CIK (v2) - drm/radeon: add a quirk for a XFX R9 270X - drm/radeon: fix initial connector audio value - drm/radeon: forbid mapping of userptr bo through radeon device file - drm/radeon: fix vertical bars appear on monitor (v2) - [mips*el/loongson-3] drm: Loongson-3 doesn't fully support wc memory - drm/nouveau/gr/gf100: select a stream master to fixup tfb offset queries - drm/dp/mst: Validate port in drm_dp_payload_send_msg() - drm/dp/mst: Restore primary hub guid on resume - drm/dp/mst: Get validated port ref in drm_dp_update_payload_part1() - [x86] drm/i915: Pass the correct encoder to intel_ddi_clk_select() with MST - [x86] drm/i915: Cleanup phys status page too - [x86] drm/i915: Use the active wm config for merging on ILK-BDW - [x86] drm/i915: Start WM computation from scratch on ILK-BDW - [x86] drm/i915: skl_update_scaler() wants a rotation bitmask instead of bit number - [x86] drm/amdkfd: uninitialized variable in dbgdev_wave_control_set_registers() - [x86] drm/i915/skl: Fix DMC load on Skylake J0 and K0 - [x86] drm/i915/skl: Fix spurious gpu hang with gt3/gt4 revs - [x86] drm/i915: Fixup the free space logic in ring_prepare - [x86] drm/i915: Force ringbuffers to not be at offset 0 - [x86] drm/i915: Use fw_domains_put_with_fifo() on HSW - drm/ttm: fix kref count mess in ttm_bo_move_to_lru_tail - [x86] perf intel-pt: Fix segfault tracing transactions - [armhf] i2c: exynos5: Fix possible ABBA deadlock by keeping I2C clock prepared - ACPICA / Interpreter: Fix a regression triggered because of wrong Linux ECDT support - [x86] mmc: sdhci-acpi: Reduce Baytrail eMMC/SD/SDIO hangs - [x86] toshiba_acpi: Fix regression caused by hotkey enabling value - [x86] EDAC: i7core, sb_edac: Don't return NOTIFY_BAD from mce_decoder callback - [x86] ASoC: ssm4567: Reset device before regcache_sync() - [x86] ASoC: rt5640: Correct the digital interface data select - vb2-memops: Fix over allocation of frame vectors - media: vb2: Fix regression on poll() for RW mode - videobuf2-core: Check user space planes array in dqbuf - videobuf2-v4l2: Verify planes array in buffer dequeueing (CVE-2016-4568) - v4l2-dv-timings.h: fix polarity for 4k formats - IB/core: Fix oops in ib_cache_gid_set_default_gid - mwifiex: fix IBSS data path issue. - IB/mlx5: Expose correct max_sge_rd limit - IB/security: Restrict use of the write() interface (CVE-2016-4565) - efi: Fix out-of-bounds read in variable_matches() - efi: Expose non-blocking set_variable() wrapper to efivars - [x86] apic: Handle zero vector gracefully in clear_vector_irq() - workqueue: fix ghost PENDING flag while doing MQ IO - slub: clean up code for kmem cgroup support to kmem_cache_free_bulk - cgroup, cpuset: replace cpuset_post_attach_flush() with cgroup_subsys->post_attach callback - memcg: relocate charge moving from ->attach to ->post_attach - mm: exclude HugeTLB pages from THP page_mapped() logic - mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check - numa: fix /proc//numa_maps for THP - mm: vmscan: reclaim highmem zone if buffer_heads is over limit - mm/hwpoison: fix wrong num_poisoned_pages accounting - locking/mcs: Fix mcs_spin_lock() ordering - [armhf] spi/rockchip: Make sure spi clk is on in rockchip_spi_set_cs - [armhf] irqchip/sunxi-nmi: Fix error check of of_io_request_and_map() - [armhf] regulator: s5m8767: fix get_register() error handling - scsi_dh: force modular build if SCSI is a module - lib/mpi: Endianness fix - [x86] misc: mic/scif: fix wrap around tests - PM / OPP: Initialize u_volt_min/max to a valid value - PM / Domains: Fix removal of a subdomain - drivers/misc/ad525x_dpot: AD5274 fix RDAC read back errors - perf evlist: Reference count the cpu and thread maps at set_maps() - perf tools: Fix perf script python database export crash - [x86] mm/kmmio: Fix mmiotrace for hugepages - ext4: fix NULL pointer dereference in ext4_mark_inode_dirty() - f2fs crypto: fix corrupted symlink in encrypted case - f2fs: slightly reorganize read_raw_super_block - f2fs: cover large section in sanity check of super - ext4/fscrypto: avoid RCU lookup in d_revalidate - f2fs: do f2fs_balance_fs when block is allocated - f2fs: don't need to call set_page_dirty for io error - f2fs crypto: handle unexpected lack of encryption keys - f2fs crypto: make sure the encryption info is initialized on opendir(2) - bus: uniphier-system-bus: fix condition of overlap check - mtd: spi-nor: remove micron_quad_enable() - mtd: brcmnand: Fix v7.1 register offsets - mtd: nand: Drop mtd.owner requirement in nand_scan - perf hists browser: Only offer symbol scripting when a symbol is under the cursor - perf hists browser: Fix dump to show correct callchain style - perf tools: handle spaces in file names obtained from /proc/pid/maps - NTB: Remove _addr functions from ntb_hw_amd - perf/core: Don't leak event in the syscall error path - perf/core: Fix time tracking bug with multiplexing - perf hists: Fix determination of a callchain node's childlessness - [armhf] OMAP3: Add cpuidle parameters table for omap3430 - [armhf] dts: armada-375: use armada-370-sata for SATA - [armhf] dts: am33xx: Fix GPMC dma properties - btrfs: fix memory leak of fs_info in block group cache - btrfs: cleaner_kthread() doesn't need explicit freeze - [armhf] thermal: rockchip: fix a impossible condition caused by the warning - sunrpc/cache: drop reference when sunrpc_cache_pipe_upcall() detects a race - megaraid_sas: add missing curly braces in ioctl handler - tpm: fix checks for policy digest existence in tpm2_seal_trusted() - tpm: fix: set continueSession attribute for the unseal operation [ Uwe Kleine-König ] * [armhf] enable I2C_MUX_PCA954x, MMC_SDHCI_PXAV3, AHCI_MVEBU [ Ben Hutchings ] * bug control: Update list of related firmware packages * Revert "sp5100_tco: fix the device check for SB800 and later chipsets" (Closes: #823146; probably fixes #822651) * bpf: fix double-fdput in replace_map_fd_with_map_ptr() (CVE-2016-4557) (Closes: #823603) * bpf: fix refcnt overflow (CVE-2016-4558) * bpf: fix check_map_func_compatibility logic * stable-update: Rewrite stable-update.sh in Python -- Ben Hutchings Sat, 07 May 2016 21:59:15 +0100 linux (4.5.2-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2 - hwmon: (max1111) Return -ENODEV from max1111_read_channel if not instantiated - PKCS#7: pkcs7_validate_trust(): initialize the _trusted output argument - [hppa] Fix SIGSYS signals in compat case - [hppa] Fix and enable seccomp filter support - [hppa] Avoid function pointers for kernel exception routines - [hppa] Fix kernel crash with reversed copy_from_user() - [hppa] Unbreak handling exceptions from kernel modules - ALSA: timer: Use mod_timer() for rearming the system timer - mm: fix invalid node in alloc_migrate_target() - [powerpc*] mm: Fixup preempt underflow with huge pages - [s390x] /mm: handle PTE-mapped tail pages in fast gup - [x86] libnvdimm: fix smart data retrieval - [x86] libnvdimm, pfn: fix uuid validation - [powerpc*] process: Fix altivec SPR not being saved - compiler-gcc: disable -ftracer for __noclone functions - drm/dp: move hw_mutex up the call stack - drm/udl: Use unlocked gem unreferencing - [x86] drm/amd/powerplay: fix segment fault issue in multi-display case. - [x86] drm/amdgpu/gmc: move vram type fetching into sw_init - [x86] drm/amdgpu/gmc: use proper register for vram type on Fiji - xen/events: Mask a moving irq - net: validate variable length ll headers - ax25: add link layer header validation function - packet: validate variable length ll headers - bpf: avoid copying junk bytes in bpf_get_current_comm() - qlcnic: Remove unnecessary usage of atomic_t - qlcnic: Fix mailbox completion handling during spurious interrupt - macvtap: always pass ethernet header in linear - bridge: allow zero ageing time - ipv4: Don't do expensive useless work during inetdev destroy. - net: Fix use after free in the recvmmsg exit path - mlx4: add missing braces in verify_qp_parameters - farsync: fix off-by-one bug in fst_add_one - ath9k: fix buffer overrun for ar9287 - [armhf] net: mvneta: Fix spinlock usage - ppp: ensure file->private_data can't be overridden - tcp/dccp: remove obsolete WARN_ON() in icmp handlers - qlge: Fix receive packets drop. - bonding: fix bond_get_stats() - ipv4: fix broadcast packets reception - ipv4: initialize flowi4_flags before calling fib_lookup() - ppp: take reference on channels netns - xfrm: Fix crash observed during device unregistration and decryption - ipv6: udp: fix UDP_MIB_IGNOREDMULTI updates - bridge: Allow set bridge ageing time when switchdev disabled - rtnl: fix msg size calculation in if_nlmsg_size() - tun, bpf: fix suspicious RCU usage in tun_{attach, detach}_filter - tuntap: restore default qdisc - ipv4: l2tp: fix a potential issue in l2tp_ip_recv - ipv6: l2tp: fix a potential issue in l2tp_ip6_recv - ip6_tunnel: set rtnl_link_ops before calling register_netdevice - ipv6: Count in extension headers in skb->network_header - mpls: find_outdev: check for err ptr in addition to NULL check - USB: uas: Limit qdepth at the scsi-host level - USB: uas: Add a new NO_REPORT_LUNS quirk - [x86] KVM: Inject pending interrupt even if pending nmi exist - [x86] KVM: reduce default value of halt_poll_ns parameter - pinctrl: pistachio: fix mfio84-89 function description and pinmux. - pinctrl: sunxi: Fix A33 external interrupts not working - pinctrl: freescale: imx: fix bogus check of of_iomap() return value - au0828: fix au0828_v4l2_close() dev_state race condition - au0828: Fix dev_state handling - coda: fix error path in case of missing pdata on non-DT platform - v4l: vsp1: Set the SRU CTRL0 register when starting the stream - pcmcia: db1xxx_ss: fix last irq_to_gpio user - rbd: use GFP_NOIO consistently for request allocations - mac80211: properly deal with station hashtable insert errors - mac80211: avoid excessive stack usage in sta_info - mac80211: fix ibss scan parameters - mac80211: fix unnecessary frame drops in mesh fwding - mac80211: fix txq queue related crashes - [armhf] gpio: pca953x: Use correct u16 value for register word write - scsi: Do not attach VPD to devices that don't support it - [armel,armhf]: 8550/1: protect idiv patching against undefined gcc behavior - iio: fix config watermark initial value - iio: st_magn: always define ST_MAGN_TRIGGER_SET_STATE - iio: accel: bmc150: fix endianness when reading axes - iio: gyro: bmg160: fix buffer read values - iio: gyro: bmg160: fix endianness when reading axes - sd: Fix excessive capacity printing on devices with blocks bigger than 512 bytes - fs: add file_dentry() (Closes: #821442) + nfs: use file_dentry() + ext4 crypto: use dget_parent() in ext4_d_revalidate() + ext4: use dget_parent() in ext4_file_open() + ext4: use file_dentry() - btrfs: fix crash/invalid memory access on fsync when using overlayfs - ext4: ignore quota mount options if the quota feature is enabled - iommu: Don't overwrite domain pointer when there is no default_domain - Btrfs: fix file/data loss caused by fsync after rename and new inode - [arm64] replace read_lock to rcu lock in call_step_hook - mmc: sdhci: Fix regression setting power on Trats2 board - ALSA: hda - Fix regression of monitor_present flag in eld proc file - [x86] ALSA: usb-audio: Skip volume controls triggers hangup on Dell USB Dock - HID: wacom: fix Bamboo ONE oops - HID: usbhid: fix inconsistent reset/resume/reset-resume behavior [ Salvatore Bonaccorso ] * [x86] xen: suppress hugetlbfs in PV guests (CVE-2016-3961) * [x86] USB: usbip: fix potential out-of-bounds write (CVE-2016-3955) [ Ben Hutchings ] * fs: Consolidate softdep declarations in each module * Bump ABI to 2 * [armel/marvell] dts: kirkwood: fix SD slot default configuration for OpenRD (Closes: #811351) * atl2: Disable unimplemented scatter/gather feature (CVE-2016-2117) * [x86] sound/soc/intel: Enable SND_SOC_INTEL_BYTCR_RT5640_MACH (replacing SND_SOC_INTEL_BYT_RT5640_MACH; closes: #822267), SND_SOC_INTEL_BYTCR_RT5651_MACH, SND_SOC_INTEL_CHT_BSW_RT5672_MACH, SND_SOC_INTEL_CHT_BSW_RT5645_MACH, SND_SOC_INTEL_CHT_BSW_MAX98090_TI_MACH, SND_SOC_INTEL_SKL_RT286_MACH, SND_SOC_INTEL_SKL_NAU88L25_SSM4567_MACH, SND_SOC_INTEL_SKL_NAU88L25_MAX98357A_MACH as modules * module: Invalidate signatures on force-loaded modules * linux-source: Fix up module signing configuration in included kernel config files * README.Debian: Change more URLs to use https: scheme * [sparc] Implement and wire up hotplug and modalias_show for vio, thanks to Adrian Glaubitz (Closes: #815977) * linux-headers: Avoid mixed implicit and normal rules in Makefile, thanks to Thierry Herbelot (Closes: #822666) * memcg: remove lru_add_drain_all() invocation from mem_cgroup_move_charge() (Closes: #822084) * linux-perf: Add build-time check for unversioned files that are likely to result in file conflicts * linux-perf: Move tips.txt to /usr/share/doc/linux-perf- (Closes: #821741) * tools/build: Fix bpf(2) feature test (fixes FTBFS on alpha, sh4; closes: #822364) * [armhf] Disable FB_OMAP2; it is redundant and conflicting with DRM_OMAP * [armhf] mm: Enable CMA, DMA_CMA * Input: gtco - fix crash on detecting device without endpoints (CVE-2016-2187) [ Aurelien Jarno ] * [mips*] Emulate unaligned LDXC1 and SDXC1 instructions. [ Uwe Kleine-König ] * [armhf] enable NET_DSA and available switch drivers as modules. -- Ben Hutchings Thu, 28 Apr 2016 18:03:18 +0200 linux (4.5.1-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1 - [x86] entry/compat: Keep TS_COMPAT set during signal delivery - [x86] perf/intel: Add definition for PT PMI bit - [x86] KVM: fix missed hardware breakpoints - [x86] KVM: i8254: change PIT discard tick policy - [x86] KVM: fix spin_lock_init order on x86 - [x86] KVM: VMX: avoid guest hang on invalid invept instruction - [x86] KVM: VMX: avoid guest hang on invalid invvpid instruction - [x86] KVM: VMX: fix nested vpid for old KVM guests - perf/core: Fix perf_sched_count derailment - perf tools: Fix checking asprintf return value - Thermal: Ignore invalid trip points - sched/cputime: Fix steal_account_process_tick() to always return jiffies - sched/fair: Avoid using decay_load_missed() with a negative value - [x86] EDAC/sb_edac: Fix computation of channel address - [x86] EDAC, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr() - [s390x] fix floating pointer register corruption (again) - [s390x] cpumf: add missing lpp magic initialization - [s390x] pci: enforce fmb page boundary rule - [armhf] pinctrl-bcm2835: Fix cut-and-paste error in "pull" parsing - [x86] irq: Cure live lock in fixup_irqs() (Closes: #817816) - [x86] apic: Fix suspicious RCU usage in smp_trace_call_function_interrupt() - [amd64] iopl: Properly context-switch IOPL on Xen PV (CVE-2016-3157) - [x86] mm: TLB_REMOTE_SEND_IPI should count pages - sg: fix dxferp in from_to case - aacraid: Fix RRQ overload - aacraid: Fix memory leak in aac_fib_map_free - aacraid: Set correct msix count for EEH recovery - sd: Fix discard granularity when LBPRZ=1 - ncr5380: Correctly clear command pointers and lists after bus reset - ncr5380: Dont release lock for PIO transfer - ncr5380: Dont re-enter NCR5380_select() - ncr5380: Forget aborted commands - ncr5380: Fix NCR5380_select() EH checks and result handling - ncr5380: Call scsi_eh_prep_cmnd() and scsi_eh_restore_cmnd() as and when appropriate - scsi: storvsc: fix SRB_STATUS_ABORTED handling - be2iscsi: set the boot_kset pointer to NULL in case of failure - aic7xxx: Fix queue depth handling - libnvdimm: Fix security issue with DSM IOCTL. - libnvdimm, pmem: fix kmap_atomic() leak in error path - dm snapshot: disallow the COW and origin devices from being identical - dm: fix excessive dm-mq context switching - dm thin metadata: don't issue prefetches if a transaction abort has failed - dm cache: make sure every metadata function checks fail_io - dm: fix rq_end_stats() NULL pointer in dm_requeue_original_request() - usb: retry reset if a device times out - usb: hub: fix a typo in hub_port_init() leading to wrong logic - USB: cdc-acm: more sanity checking (CVE-2016-3138) - USB: iowarrior: fix oops with malicious USB descriptors (incomplete fix for CVE-2016-2188) - USB: usb_driver_claim_interface: add sanity checking - USB: mct_u232: add sanity checking in probe (CVE-2016-3136) - USB: digi_acceleport: do sanity checking for the number of ports (CVE-2016-3140) - USB: cypress_m8: add endpoint sanity check (CVE-2016-3137) - Input: powermate - fix oops with malicious USB descriptors (CVE-2016-2186) - ALSA: usb-audio: Fix NULL dereference in create_fixed_stream_quirk() (CVE-2016-2184) - ALSA: usb-audio: Add sanity checks for endpoint accesses (CVE-2016-2184) - ALSA: usb-audio: Minor code cleanup in create_fixed_stream_quirk() - ALSA: usb-audio: Fix double-free in error paths after snd_usb_add_audio_stream() call - crypto: ccp - Add hash state import and export support - crypto: ccp - Limit the amount of information exported - crypto: ccp - Don't assume export/import areas are aligned - crypto: ccp - memset request context to zero during import - crypto: keywrap - memzero the correct memory - [armel/marvell,armhf] crypto: marvell/cesa - forward devm_ioremap_resource() error code - [x86] mei: bus: check if the device is enabled before data transfer - tpm: fix the rollback in tpm_chip_register() - tpm_crb: tpm2_shutdown() must be called before tpm_chip_unregister() - tpm_eventlog.c: fix binary_bios_measurements - tpm: fix the cleanup of struct tpm_chip - HID: logitech: fix Dual Action gamepad support - HID: i2c-hid: fix OOB write in i2c_hid_set_or_send_report() - HID: multitouch: force retrieving of Win8 signature blob - HID: fix hid_ignore_special_drivers module parameter - staging: comedi: ni_tiocmd: change mistaken use of start_src for start_arg - staging: comedi: ni_mio_common: fix the ni_write[blw]() functions - tty: Fix GPF in flush_to_ldisc(), part 2 - net: irda: Fix use-after-free in irtty_open() - 8250: use callbacks to access UART_DLL/UART_DLM - saa7134: Fix bytesperline not being set correctly for planar formats - adv7511: TX_EDID_PRESENT is still 1 after a disconnect - bttv: Width must be a multiple of 16 when capturing planar formats - coda: fix first encoded frame payload - media: v4l2-compat-ioctl32: fix missing length copy in put_v4l2_buffer32 - mtip32xx: Avoid issuing standby immediate cmd during FTL rebuild - mtip32xx: Fix broken service thread handling - mtip32xx: Remove unwanted code from taskfile error handler - mtip32xx: Fix for rmmod crash when drive is in FTL rebuild - mtip32xx: Handle safe removal during IO - mtip32xx: Handle FTL rebuild failure state during device initialization - mtip32xx: Implement timeout handler - mtip32xx: Cleanup queued requests after surprise removal - ALSA: hda - Fix unexpected resume through regmap code path - ALSA: hda - Apply reboot D3 fix for CX20724 codec, too - [x86] ALSA: intel8x0: Add clock quirk entry for AD1981B on IBM ThinkPad X41. - ALSA: hda - Don't handle ELD notify from invalid port - [x86] ALSA: hda - fix the mic mute button and led problem for a Lenovo AIO - ALSA: hda - Fix unconditional GPIO toggle via automute - [x86] ALSA: hda - Limit i915 HDMI binding only for HSW and later - [x86] ALSA: hda - Fix spurious kernel WARNING on Baytrail HDMI - [x86] ALSA: hda - Really restrict i915 notifier to HSW+ - ALSA: hda - Fix forgotten HDMI monitor_present update - [x86] ALSA: hda - Workaround for unbalanced i915 power refcount by concurrent probe - ALSA: hda - Fix missing ELD update at unplugging - jbd2: fix FS corruption possibility in jbd2_journal_destroy() on umount path - [arm64] Update PTE_RDONLY in set_pte_at() for PROT_NONE permission - brd: Fix discard request processing - IB/srpt: Simplify srpt_handle_tsk_mgmt() - bcache: cleaned up error handling around register_cache() - bcache: fix race of writeback thread starting before complete initialization - bcache: fix cache_set_flush() NULL pointer dereference on OOM - mm: memcontrol: reclaim when shrinking memory.high below usage - mm: memcontrol: reclaim and OOM kill when shrinking memory.max below usage - watchdog: don't run proc_watchdog_update if new value is same as old - Bluetooth: Fix potential buffer overflow with Add Advertising - cgroup: ignore css_sets associated with dead cgroups during migration - [amrhf] net: mvneta: enable change MAC address when interface is up - brcmfmac: Increase nr of supported flowrings. - of: alloc anywhere from memblock if range not specified - vfs: show_vfsstat: do not ignore errors from show_devname method - splice: handle zero nr_pages in splice_to_pipe() - quota: Fix possible GPF due to uninitialised pointers - xfs: fix two memory leaks in xfs_attr_list.c error paths - raid1: include bio_end_io_list in nr_queued to prevent freeze_array hang - md/raid5: Compare apples to apples (or sectors to sectors) - RAID5: check_reshape() shouldn't call mddev_suspend - RAID5: revert e9e4c377e2f563 to fix a livelock - raid10: include bio_end_io_list in nr_queued to prevent freeze_array hang - md/raid5: preserve STRIPE_PREREAD_ACTIVE in break_stripe_batch_list - md: multipath: don't hardcopy bio in .make_request path - fuse: do not use iocb after it may have been freed - fuse: Add reference counting for fuse_io_priv - fs/coredump: prevent fsuid=0 dumps into user-controlled directories - [armhf] drm/vc4: Return -EFAULT on copy_from_user() failure - [x86] drm/radeon: disable runtime pm on PX laptops without dGPU power control - drm/radeon: Don't drop DP 2.7 Ghz link setup on some cards. - drm/radeon: rework fbdev handling on chips with no connectors - drm/radeon/mst: fix regression in lane/link handling. - [x86] drm/amdgpu: disable runtime pm on PX laptops without dGPU power control - drm/amdgpu: include the right version of gmc header files for iceland - drm/amd/powerplay: add uvd/vce dpm enabling flag to fix the performance issue for CZ - tracing: Have preempt(irqs)off trace preempt disabled functions - tracing: Fix crash from reading trace_pipe with sendfile - tracing: Fix trace_printk() to print when not using bprintk() - bitops: Do not default to __clear_bit() for __clear_bit_unlock() - [x86] ideapad-laptop: Add ideapad Y700 (15) to the no_hw_rfkill DMI list - mmc: block: fix ABI regression of mmc_blk_ioctl - mmc: mmc_spi: Add Card Detect comments and fix CD GPIO case - mmc: sdhci: move initialisation of command error member - mmc: sdhci: clean up command error handling - mmc: sdhci: fix command response CRC error handling - mmc: sdhci: further fix for DMA unmapping in sdhci_post_req() - mmc: sdhci: avoid unnecessary mapping/unmapping of align buffer - mmc: sdhci: plug DMA mapping leak on error - mmc: sdhci: fix data timeout - [armhf] mmc: tegra: Disable UHS-I modes for tegra114 - [armhf] mmc: tegra: properly disable card clock - mmc: sdhci: Fix override of timeout clk wrt max_busy_timeout - [armhf] clk: rockchip: rk3368: fix cpuclk mux bit of big cpu-cluster - [armhf] clk: rockchip: rk3368: fix cpuclk core dividers - [armhf] clk: rockchip: rk3368: fix parents of video encoder/decoder - [armhf] clk: rockchip: rk3368: fix hdmi_cec gate-register - [armhf] clk: rockchip: add hclk_cpubus to the list of rk3188 critical clocks - [armhf] clk: bcm2835: Fix setting of PLL divider clock rates - target: Fix target_release_cmd_kref shutdown comp leak - iser-target: Fix identification of login rx descriptor type - iser-target: Separate flows for np listeners and connections cma events - iser-target: Rework connection termination - nfsd4: fix bad bounds checking - nfsd: fix deadlock secinfo+readdir compound - ACPI / PM: Runtime resume devices when waking from hibernate - writeback, cgroup: fix premature wb_put() in locked_inode_to_wb_and_lock_list() - writeback, cgroup: fix use of the wrong bdi_writeback which mismatches the inode - Input: synaptics - handle spurious release of trackstick buttons, again - Input: ati_remote2 - fix crashes on detecting device with invalid descriptor (CVE-2016-2185) - ocfs2: o2hb: fix double free bug - ocfs2/dlm: fix race between convert and recovery - ocfs2/dlm: fix BUG in dlm_move_lockres_to_recovery_list - mm/page_alloc: prevent merging between isolated and other pageblocks - mtd: onenand: fix deadlock in onenand_block_markbad - [x86] intel_idle: prevent SKL-H boot failure when C8+C9+C10 enabled - PM / sleep: Clear pm_suspend_global_flags upon hibernate - scsi_common: do not clobber fixed sense information - sched/cputime: Fix steal time accounting vs. CPU hotplug - [x86] perf/pebs: Add workaround for broken OVFL status on HSW+ - [x86] perf/intel/uncore: Remove SBOX support for BDX-DE - [x86] perf/intel: Fix PEBS warning by only restoring active PMU in pmi - [x86] perf/intel: Use PAGE_SIZE for PEBS buffer size on Core2 - [x86] perf/intel: Fix PEBS data source interpretation on Nehalem/Westmere [ Ben Hutchings ] * mm: exclude ZONE_DEVICE from GFP_ZONE_TABLE * mm: ZONE_DEVICE depends on SPARSEMEM_VMEMMAP * [amd64] Re-enable ZONE_DMA and sound drivers that depend on it (Closes: #814855, #819385, #820890) * ntfs: Disable NTFS_RW (Closes: #566356); ntfs-3g has much more complete write support * Merge linux-tools source package into linux (Closes: #550379, #573483, #816500) * Add support for securelevel and prepare for Secure Boot (Closes: #820008): - Add Matthew Garrett's securelevel patchset (see Documentation/security/securelevel.txt) - modules: Enable MODULE_SIG and MODULE_SIG_SHA256, but not MODULE_SIG_ALL as signatures will be packaged separately - debian/control: Add build-dependencies on libssl-dev, openssl - debian/copyright: Note that extract-cert and sign-file are under LGPL 2.1 - linux-kbuild: Add extract-cert and sign-file programs - scripts: Fix X.509 PEM support in sign-file - certs: Set SYSTEM_TRUSTED_KEYS to my own personal certificate to support initial testing of signed modules * Disable UNUSED_SYMBOLS; it is now itself unused * linux-support: Include udeb configuration from debian/installer for use by the linux-signed package * Set ABI to 1 * netfilter: x_tables: Fix parsing of IPT_SO_SET_REPLACE blobs (CVE-2016-3134) - validate e->target_offset early - make sure e->next_offset covers remaining blob size * ipv4: Don't do expensive useless work during inetdev destroy (CVE-2016-3156) * [x86] mm/32: Enable full randomization on i386 and X86_32 (CVE-2016-3672) * fs: Add MODULE_SOFTDEP declarations for hard-coded crypto drivers (Closes: #819725) * aufs: Update support patches to aufs4.5-20160328 (Closes: #819748) * [x86] ACPI / processor: Request native thermal interrupt handling via _OSC (Closes: #817016, #819336) * [armhf] Add support for octa-core big.LITTLE systems including Exynos (Closes: #819379) * [armhf] watchdog: Enable S3C2410_WATCHDOG as module (Closes: #819377) * nbd: Create size change events for userspace (Closes: #812487) * [armhf] usb-modules: Add modules required for BeagleBoard-X15, thanks to Vagrant Cascadian (Closes: #815848) [ Aurelien Jarno ] * [mipsel/mips/config.loongson-2f] Disable VIDEO_CX23885, VIDEO_IVTV, VIDEO_CX231XX, VIDEO_PVRUSB2 (fixes FTBFS). * [mips*/octeon] Backport OCTEON SATA controller support from 4.6-rc1. Enable AHCI_OCTEON and SATA_AHCI_PLATFORM. * [mips*/octeon] Backport Octeon III CN7xxx interface detection from 4.7 queue. * [mips*/octeon] Enable SPI_OCTEON. * [mips*/octeon] udeb: Add ahci_octeon and ahci_platform modules to sata-modules. * [mips*/octeon] Bump CONFIG_NR_CPUS to 32 to accomodate recent Octeon III SoCs. * [mips*/octeon] Enable CRYPTO_MD5_OCTEON, CRYPTO_SHA1_OCTEON, CRYPTO_SHA256 and CRYPTO_SHA512_OCTEON. [ Roger Shimizu ] * [armel/marvell] Change MTD_CFI_AMDSTD from module to built-in because orion5x-based Buffalo Linkstation devices still need it (Closes: #818598) * [armel/marvell] Add DT support for "Synology DS112" and "Zyxel NSA320". Thanks to Heinrich Schuchardt. (Closes: #819393) * [armel/marvell] Add DT support for "Buffalo/Revogear Kurobox Pro" * [armhf/armmp] Enable DW_WATCHDOG as module, used on Firefly-RK3288. Patch by Vagrant Cascadian. (Closes: #820834) -- Ben Hutchings Thu, 14 Apr 2016 09:49:24 +0100 linux-tools (4.5-1~exp1) experimental; urgency=medium * New upstream release [ Ben Hutchings ] * linux-perf: Fix use of uninitialized variables -- Ben Hutchings Sun, 20 Mar 2016 21:20:22 +0000 linux (4.5-1~exp1) experimental; urgency=medium * New upstream release: http://kernelnewbies.org/Linux_4.5 [ Martin Michlmayr ] * [arm64] Enable LEDS_GPIO. * [arm64] Enable more QCOM options. (Closes: #815627) * [arm64] udeb: Add leds-modules package containing leds-gpio driver. * [arm64] udeb: Add regulators and SoC modules to core-modules. [ Uwe Kleine-König ] * [armhf] Enable DRM_ETNAVIV. [ Ben Hutchings ] * [armel/versatile] Enable GPIOLIB, new dependency of SMC91X (fixes FTBFS) * [x86] input: Enable ASUS_WIRELESS as module (Closes: #818487) * [x86] amdgpu: Enable DRM_AMD_POWERPLAY (Closes: #818174) * [x86] Enable RANDOMIZE_BASE (kASLR). This is incompatible with hibernation, so you must use the kernel parameter "kaslr" to enable kASLR and disable hibernation at boot time. (Closes: #816067) * [x86] vmxnet3: fix lock imbalance in vmxnet3_tq_xmit() (regression in 4.5) -- Ben Hutchings Sun, 20 Mar 2016 12:06:57 +0000 linux (4.5~rc7-1~exp1) experimental; urgency=medium * New upstream release candidate -- Ben Hutchings Mon, 07 Mar 2016 22:20:48 +0000 linux-tools (4.5~rc7-1~exp1) experimental; urgency=medium * New upstream release candidate [ Ben Hutchings ] * Makefile.inc: Add support for wildcards in $(SCRIPTS) and $(DATA) * linux-kbuild: Include scripts/Makefile.* (Closes: #815593) * Makefile.inc, rules.real: Fix conflation of $(DESTDIR) and $(prefix) * hyperv-daemons: Fix rule redefinition that 'make' warns about * debian/control: Build-Depend on dh-python, as dh_python2 warns we should * lockdep: Add '+' prefix to make invocation, so it can be parallelised * tools/build: Fix 'unused variable' warning in the bpf() feature check * lockdep: Add more missing macros -- Ben Hutchings Mon, 07 Mar 2016 03:07:00 +0000 linux-tools (4.5~rc5-1~exp3) experimental; urgency=medium * Adjust build fix from unstable -- Ben Hutchings Sun, 21 Feb 2016 23:45:04 +0000 linux-tools (4.5~rc5-1~exp2) experimental; urgency=medium * Merge build fix from unstable -- Ben Hutchings Sun, 21 Feb 2016 17:40:52 +0000 linux-tools (4.5~rc5-1~exp1) experimental; urgency=medium * New upstream release candidate [ Ben Hutchings ] * lockdep: Add missing macros * Adjust VPATH to work for check-hyperv (and simplify the modpost wrapper) * tools/build: Remove bpf() run-time check at build time -- Ben Hutchings Sun, 21 Feb 2016 16:45:52 +0000 linux (4.5~rc5-1~exp1) experimental; urgency=medium * New upstream release candidate [ Ben Hutchings ] * [armel/versatile] Enable GPIOLIB, needed to build smc91x driver with OF enabled (fixes FTBFS) * [powerpc] mm: Fix HAVE_ARCH_SOFT_DIRTY dependencies (fixes FTBFS) -- Ben Hutchings Sun, 21 Feb 2016 13:17:27 +0000 linux (4.5~rc4-1~exp1) experimental; urgency=medium * New upstream release candidate [ Roger Shimizu ] * Enable TTY_PRINTK as module (Closes: #814540). [ Ben Hutchings ] * [rt] Disable until it is updated for 4.5 or later * aufs: Update support patches to aufs4.x-rcN-20160215 * Compile with gcc-5 on all architectures * [hppa] Update build-dependencies for renaming of binutils-hppa64 * [x86] udeb: Move scsi_transport_fc to scsi-core-modules, since hv_storvsc now depends on it -- Ben Hutchings Thu, 18 Feb 2016 01:57:20 +0000 linux-tools (4.4.6-1) unstable; urgency=medium * New upstream stable update: - tools lib traceevent: Fix output of %llu for 64 bit values read on 32 bit machines - perf tools: tracepoint_error() can receive e=NULL, robustify it - perf kvm record/report: 'unprocessable sample' error while recording/reporting guest data - tools: hv: vss: fix the write()'s argument: error -> vss_msg - uapi: update install list after nvme.h rename - perf stat: Do not clean event's private stats [ Mattia Dongili ] * Build linux-cpupower. [ Ben Hutchings ] * debian/control: Update policy version to 3.9.7; no changes required * linux-perf: Override lintian errors for perf-read-vdso{,x}32 in 64-bit packages * debian/copyright: Move GPL-2 boilerplate to its own paragraph -- Ben Hutchings Sun, 20 Mar 2016 16:23:48 +0000 linux (4.4.6-1) unstable; urgency=medium [ Salvatore Bonaccorso ] * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.5 - Btrfs: fix deadlock running delayed iputs at transaction commit time (regression in 4.1) - btrfs: Fix no_space in write and rm loop (regression in 4.4) - btrfs: async-thread: Fix a use-after-free error for trace - [x86] drm/amdgpu: mask out WC from BO on unsupported arches - block: Initialize max_dev_sectors to 0 - [hppa] Fix ptrace syscall number and return value modification - [x86] kvm: Update tsc multiplier on change. (regression in 4.4) - fbcon: set a default value to blink interval - cifs: fix out-of-bounds access in lease parsing - CIFS: Fix SMB2+ interim response processing for read requests - [x86] vfio: fix ioctl error handling - [x86] KVM: fix root cause for missed hardware breakpoints - [arm*] KVM: Fix ioctl error handling - [amd64] iommu: Apply workaround for ATS write permission check - [amd64] iommu: Fix boot warning when device 00:00.0 is not iommu covered - [x86] iommu/vt-d: Use BUS_NOTIFY_REMOVED_DEVICE in hotplug path - target: Fix WRITE_SAME/DISCARD conversion to linux 512b sectors - [x86,powerpc*] drm/ast: Fix incorrect register check for DRAM width - drm/radeon/pm: update current crtc info after setting the powerstate - [x86] drm/amdgpu/pm: update current crtc info after setting the powerstate - [x86] drm/amdgpu: apply gfx_v8 fixes to gfx_v7 as well - [x86] drm/amdgpu/gfx8: specify which engine to wait before vm flush - [x86] drm/amdgpu: return from atombios_dp_get_dpcd only when error - libata: fix HDIO_GET_32BIT ioctl - writeback: flush inode cgroup wb switches instead of pinning super_block - Adding Intel Lewisburg device IDs for SATA - [arm64] vmemmap: use virtual projection of linear region (regression in 4.1) - ata: ahci: don't mark HotPlugCapable Ports as external/removable - tracing: Do not have 'comm' filter override event 'comm' field (regression in 4.3) - Btrfs: fix loading of orphan roots leading to BUG_ON - Revert "jffs2: Fix lock acquisition order bug in jffs2_write_begin" - jffs2: Fix page lock / f->sem deadlock - jffs2: Fix directory hardlinks from deleted directories - ALSA: usb-audio: Add a quirk for Plantronics DA45 - [amd64] ALSA: ctl: Fix ioctls for X32 ABI - [x86] ALSA: hda - Fix mic issues on Acer Aspire E1-472 - [amd64] ALSA: rawmidi: Fix ioctls X32 ABI - [amd64] ALSA: timer: Fix ioctls for X32 ABI - [amd64] ALSA: pcm: Fix ioctls for X32 ABI - ALSA: seq: oss: Don't drain at closing a client - ALSA: hdspm: Fix wrong boolean ctl value accesses - ALSA: hdsp: Fix wrong boolean ctl value accesses - ALSA: hdspm: Fix zero-division - ALSA: timer: Fix broken compat timer user status ioctl - [armhf] usb: chipidea: otg: change workqueue ci_otg as freezable - USB: cp210x: Add ID for Parrot NMEA GPS Flight Recorder - USB: qcserial: add Dell Wireless 5809e Gobi 4G HSPA+ (rev3) - USB: qcserial: add Sierra Wireless EM74xx device ID - USB: serial: option: add support for Telit LE922 PID 0x1045 - USB: serial: option: add support for Quectel UC20 - [mips*] scache: Fix scache init with invalid line size. - [mips*] traps: Fix SIGFPE information leak from `do_ov' and `do_trap_or_bp' - ubi: Fix out of bounds write in volume update code - thermal: cpu_cooling: fix out of bounds access in time_in_idle - [x86] drm/amdgpu: Use drm_calloc_large for VM page_tables array - block: check virt boundary in bio_will_gap() - [x86] drm/i915: more virtual south bridge detection - [x86] drm/i915: refine qemu south bridge detection - modules: fix longstanding /proc/kallsyms vs module insertion race. - [x86] drm/amdgpu: fix topaz/tonga gmc assignment in 4.4 stable [ Ben Hutchings ] * [x86] drm/i915: Fix oops caused by fbdev initialization failure * module: Fix ABI change in 4.4.5 * Revert "libata: Align ata_device's id on a cacheline" to avoid ABI change * [amd64] Fix more regressions due to "efi: Build our own page table structure": - efi: Fix boot crash by always mapping boot service regions into new EFI page tables (Closes: #815125) - mm/pat: Fix boot crash when 1GB pages are not supported by cpu * [armhf] gpio: Enable GPIO_PCF857X as module, needed by TI DRA7xx EVMs (Closes: #818386) * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.6 - [arm64] account for sparsemem section alignment when choosing vmemmap offset - [armel,armhf] mvebu: fix overlap of Crypto SRAM with PCIe memory window - [armhf] dts: dra7: do not gate cpsw clock due to errata i877 - [armhf] OMAP2+: hwmod: Introduce ti,no-idle dt property - PCI: Allow a NULL "parent" pointer in pci_bus_assign_domain_nr() - kvm: cap halt polling at exactly halt_poll_ns - [x86] KVM: VMX: disable PEBS before a guest entry - [s390x] KVM: correct fprs on SIGP (STOP AND) STORE STATUS - [powerpc*] KVM: Book3S HV: Sanitize special-purpose register values on guest exit - [x86] KVM: MMU: fix ept=0/pte.u=1/pte.w=0/CR0.WP=0/CR4.SMEP=1/EFER.NX=0 combo - [x86] KVM: MMU: fix reserved bit check for ept=0/CR0.WP=0/CR4.SMEP=1/EFER.NX=0 - [s390x] mm: four page table levels vs. fork (CVE-2016-2143) - [s390x] dasd: fix diag 0x250 inline assembly - tracing: Fix check for cpu online when event is disabled - jffs2: reduce the breakage on recovery from halfway failed rename() - ncpfs: fix a braino in OOM handling in ncp_fill_cache() - ASoC: dapm: Fix ctl value accesses in a wrong type - ovl: ignore lower entries when checking purity of non-directory entries - ovl: fix working on distributed fs as lower layer - wext: fix message delay/ordering - cfg80211/wext: fix message ordering - can: gs_usb: fixed disconnect bug by removing erroneous use of kfree() - iwlwifi: mvm: inc pending frames counter also when txing non-sta - mac80211: minstrel: Change expected throughput unit back to Kbps - mac80211: fix use of uninitialised values in RX aggregation - mac80211: minstrel_ht: set default tx aggregation timeout to 0 - mac80211: minstrel_ht: fix a logic error in RTS/CTS handling - mac80211: check PN correctly for GCMP-encrypted fragmented MPDUs - mac80211: Fix Public Action frame RX in AP mode - [armhf] gpu: ipu-v3: Do not bail out on missing optional port nodes - [i386/686-pae] mm: Fix slow_virt_to_phys() for X86_PAE again - Revert "drm/radeon: call hpd_irq_event on resume" - [x86] drm/amdgpu: Fix error handling in amdgpu_flip_work_func. - drm/radeon: Fix error handling in radeon_flip_work_func. - Revert "drm/radeon/pm: adjust display configuration after powerstate" - [powerpc*] powernv: Add a kmsg_dumper that flushes console output on panic - [powerpc*] powernv: Fix OPAL_CONSOLE_FLUSH prototype and usages - userfaultfd: don't block on the last VM updates at exit time - ovl: copy new uid/gid into overlayfs runtime inode - ovl: fix getcwd() failure after unsuccessful rmdir - [mips*] smp.c: Fix uninitialised temp_foreign_map - block: don't optimize for non-cloned bio in bio_get_last_bvec() - target: Drop incorrect ABORT_TASK put for completed commands * netfilter: x_tables: check for size overflow (CVE-2016-3135) [ Ian Campbell ] * [arm64] Enable ARCH_HISI (Hisilicon) and the set of currently available drivers (Power, Thermal, MMC) (Closes: #812540) -- Ben Hutchings Thu, 17 Mar 2016 01:25:23 +0000 linux (4.4.4-2) unstable; urgency=medium * Ignore ABI changes in sdhci* modules (fixes FTBFS on armhf) * udeb: Add dependency from mmc-modules to crc-modules (fixes FTBFS on arm64) * [hppa] Ignore ABI changes in built-in drm_kms_helper code (fixes FTBFS) * [powerpc*] Revert "powerpc: Simplify module TOC handling"; it is not needed to fix #808043 and causes a regression on ppc64el -- Ben Hutchings Wed, 09 Mar 2016 02:15:48 +0000 linux (4.4.4-1) unstable; urgency=medium [ Salvatore Bonaccorso ] * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.3 - [x86] mm: Fix types used in pgprot cacheability flags translations - [x86] mm/pat: Avoid truncation when converting cpa->numpages to address - [x86] uaccess/64: Make the __copy_user_nocache() assembly code more readable - [x86] uaccess/64: Handle the caching of 4-byte nocache copies properly in __copy_user_nocache() - [x86] mm: Fix vmalloc_fault() to handle large pages properly - ALSA: hda - Cancel probe work instead of flush at remove - ALSA: pcm: Fix rwsem deadlock for non-atomic PCM stream - ALSA: seq: Fix leak of pool buffer at concurrent writes - ALSA: seq: Fix double port list deletion - [armhf] phy: twl4030-usb: Relase usb phy on unload - [armhf] phy: twl4030-usb: Fix unbalanced pm_runtime_enable on module reload - staging/speakup: Use tty_ldisc_ref() for paste kworker - pty: fix possible use after free of tty->driver_data - pty: make sure super_block is still valid in final /dev/tty close - tty: Add support for PCIe WCH382 2S multi-IO card - [x86] serial: 8250_pci: Add Intel Broadwell ports - [armhf] serial: omap: Prevent DoS using unprivileged ioctl(TIOCSRS485) - ext4: fix scheduling in atomic on group checksum failure - ext4: fix potential integer overflow - ext4: don't read blocks from disk after extents being swapped - btrfs: handle invalid num_stripes in sys_array - Btrfs: fix fitrim discarding device area reserved for boot loader's use - Revert "btrfs: clear PF_NOFREEZE in cleaner_kthread()" - btrfs: properly set the termination value of ctx->pos in readdir - Btrfs: fix invalid page accesses in extent_same (dedup) ioctl - Btrfs: fix page reading in extent_same ioctl leading to csum errors - Btrfs: fix hang on extent buffer lock caused by the inode_paths ioctl - Btrfs: fix direct IO requests not reporting IO error to user space - ptrace: use fsuid, fsgid, effective creds for fs access checks - tracing: Fix freak link error caused by branch tracer - tracepoints: Do not trace when cpu is offline - klist: fix starting point removed bug in klist iterators - scsi: add Synology to 1024 sector blacklist - iscsi-target: Fix potential dead-lock during node acl delete - SCSI: fix crashes in sd and sr runtime PM - drivers/scsi/sg.c: mark VMA as VM_IO to prevent migration - scsi_dh_rdac: always retry MODE SELECT on command lock violation - SCSI: Add Marvell Console to VPD blacklist - scsi: fix soft lockup in scsi_remove_target() on module removal - iio: adis_buffer: Fix out-of-bounds memory access - iio:adc:ti_am335x_adc Fix buffered mode by identifying as software buffer. - iio-light: Use a signed return type for ltr501_match_samp_freq() - iio: add HAS_IOMEM dependency to VF610_ADC - iio: add IIO_TRIGGER dependency to STK8BA50 - iio: dac: mcp4725: set iio name property in sysfs - iio: light: acpi-als: Report data as processed - iio: pressure: mpl115: fix temperature offset sign - iio: inkern: fix a NULL dereference on error - cifs: Ratelimit kernel log messages - cifs: fix race between call_async() and reconnect() - cifs_dbg() outputs an uninitialized buffer in cifs_readdir() - cifs: fix erroneous return value - NFS: Fix attribute cache revalidation - pNFS/flexfiles: Fix an Oopsable typo in ff_mirror_match_fh() - nfs: Fix race in __update_open_stateid() - pNFS/flexfiles: Fix an XDR encoding bug in layoutreturn - udf: limit the maximum number of indirect extents in a row - udf: Prevent buffer overrun with multi-byte characters - udf: Check output buffer length when converting name to CS0 - SUNRPC: Fixup socket wait for memory - [powerpc] eeh: Fix PE location code - [powerpc] eeh: Fix stale cached primary bus - [powerpc] powernv: Fix stale PE primary bus - [powerpc] ioda: Set "read" permission when "write" is set - [armhf] mvebu: remove duplicated regulator definition in Armada 388 GP - [arm64] mm: avoid calling apply_to_page_range on empty range - [armel,armhf] 8519/1: ICST: try other dividends than 1 - [armel,armhf] 8517/1: ICST: avoid arithmetic overflow in icst_hz() - [armhf] dts: Fix wl12xx missing clocks that cause hangs - [armhf] dts: Fix omap5 PMIC control lines for RTC writes - [armhf] dts: omap5-board-common: enable rtc and charging of backup battery - [armhf] OMAP2+: Fix wait_dll_lock_timed for rodata - [armhf] OMAP2+: Fix l2_inv_api_params for rodata - [armhf] OMAP2+: Fix l2dis_3630 for rodata - [armhf] OMAP2+: Fix save_secure_ram_context for rodata - [armhf] OMAP2+: Fix ppa_zero_params and ppa_por_params for rodata - [arm64] dma-mapping: fix handling of devices registered before arch_initcall - [arm,arm64] KVM: Fix reference to uninitialised VGIC - [powerpc*] KVM: PPC: Fix emulation of H_SET_DABR/X on POWER8 - [powerpc*] KVM: PPC: Fix ONE_REG AltiVec support - mm: soft-offline: check return value in second __get_any_page() call - libnvdimm: fix namespace object confusion in is_uuid_busy() - mm: fix mlock accouting - mm: replace vma_lock_anon_vma with anon_vma_lock_read/write - mm: fix regression in remap_file_pages() emulation - Input: elantech - mark protocols v2 and v3 as semi-mt - [x86] Input: i8042 - add Fujitsu Lifebook U745 to the nomux list - string_helpers: fix precision loss for some inputs - Input: vmmouse - fix absolute device registration - [x86] iommu/vt-d: Don't skip PCI devices when disabling IOTLB - [x86] iommu/amd: Correct the wrong setting of alias DTE in do_attach - [x86] iommu/vt-d: Fix mm refcounting to hold mm_count not mm_users - [x86] iommu/vt-d: Fix 64-bit accesses to 32-bit DMAR_GSTS_REG - [x86] iommu/vt-d: Clear PPR bit to ensure we get more page request interrupts - Revert "xhci: don't finish a TD if we get a short-transfer event mid TD" - xhci: Fix list corruption in urb dequeue at host removal - fs/hugetlbfs/inode.c: fix bugs in hugetlb_vmtruncate_list() - [s390x] numa: fix /proc//numa_maps for hugetlbfs on s390 - memcg: only free spare array when readers are done - radix-tree: fix race in gang lookup - drivers/hwspinlock: fix race between radix tree insertion and lookup - radix-tree: fix oops after radix_tree_iter_retry - dump_stack: avoid potential deadlocks - mm,thp: khugepaged: call pte flush at the time of collapse - [x86] intel_scu_ipcutil: underflow in scu_reg_access() - ipc/shm: handle removed segments gracefully in shm_mmap() - devm_memremap_release(): fix memremap'd addr handling - futex: Drop refcount if requeue_pi() acquired the rtmutex - ovl: allow zero size xattr - ovl: use a minimal buffer in ovl_copy_xattr - ovl: check dentry positiveness in ovl_cleanup_whiteouts() - ovl: root: copy attr - ovl: setattr: check permissions before copy-up - libxfs: pack the agfl header structure so XFS_AGFL_SIZE is correct - xfs: inode recovery readahead can race with inode buffer creation - Revert "xfs: clear PF_NOFREEZE for xfsaild kthread" - xfs: log mount failures don't wait for buffers to be released - prctl: take mmap sem for writing to protect against others - timerfd: Handle relative timers with CONFIG_TIME_LOW_RES proper - posix-timers: Handle relative timers with CONFIG_TIME_LOW_RES proper - itimers: Handle relative timers with CONFIG_TIME_LOW_RES proper - modules: fix modparam async_probe request https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.4 - af_iucv: Validate socket address length in iucv_sock_bind() - gro: Make GRO aware of lightweight tunnels. - tunnels: Allow IPv6 UDP checksums to be correctly controlled. - lwt: fix rx checksum setting for lwt devices tunneling over ipv6 - tcp: fix NULL deref in tcp_v4_send_ack() - af_unix: fix struct pid memory leak - pptp: fix illegal memory access caused by multiple bind()s - sctp: allow setting SCTP_SACK_IMMEDIATELY by the application - tipc: fix connection abort during subscription cancel - inet: frag: Always orphan skbs inside ip_defrag() - tcp: beware of alignments in tcp_get_info() - ipv6: enforce flowi6_oif usage in ip6_dst_lookup_tail() - ipv6/udp: use sticky pktinfo egress ifindex on connect() - ipv6: addrconf: Fix recursive spin lock call - ipv6: fix a lockdep splat - unix: correctly track in-flight fds in sending process user_struct (regression in 4.3.3-6; CVE-2016-2550) - tcp: do not drop syn_recv on all icmp reports - net:Add sysctl_max_skb_frags - tg3: Fix for tg3 transmit queue 0 timed out when too many gso_segs - enic: increment devcmd2 result ring in case of timeout - sctp: translate network order to host order when users get a hmacid - net: Copy inner L3 and L4 headers as unaligned on GRE TEB - flow_dissector: Fix unaligned access in __skb_flow_dissector when used by eth_get_headlen - bpf: fix branch offset adjustment on backjumps after patching ctx expansion - bonding: Fix ARP monitor validation - ipv4: fix memory leaks in ip_cmsg_send() callers - af_unix: Don't set err in unix_stream_read_generic unless there was an error - af_unix: Guard against other == sk in unix_dgram_sendmsg - tipc: fix premature addition of node to lookup table - tcp: md5: release request socket instead of listener - qmi_wwan: add "4G LTE usb-modem U901" - net/mlx4_en: Count HW buffer overrun only once - net/mlx4_en: Choose time-stamping shift value according to HW frequency - net/mlx4_en: Avoid changing dev->features directly in run-time - l2tp: Fix error creating L2TP tunnels - pppoe: fix reference counting in PPPoE proxy - net_sched fix: reclassification needs to consider ether protocol changes - route: check and remove route cache when we get route - tcp/dccp: fix another race at listener dismantle - IFF_NO_QUEUE: Fix for drivers not calling ether_setup() - rtnl: RTM_GETNETCONF: fix wrong return value - tipc: unlock in error path - unix_diag: fix incorrect sign extension in unix_lookup_by_ino - sctp: Fix port hash table size computation - ext4: fix bh->b_state corruption - [s390x] KVM: fix guest fprs memory leak - devm_memremap: Fix error value when memremap failed - efi: Make efivarfs entries immutable by default - efi: Add pstore variables to the deletion whitelist - bcache: fix a livelock when we cause a huge number of cache misses - bcache: Add a cond_resched() call to gc - bcache: clear BCACHE_DEV_UNLINK_DONE flag when attaching a backing device - bcache: fix a leak in bch_cached_dev_run() - bcache: unregister reboot notifier if bcache fails to unregister device - bcache: allows use of register in udev to avoid "device_busy" error. - bcache: prevent crash on changing writeback_running - bcache: Change refill_dirty() to always scan entire disk if necessary - dm thin: fix race condition when destroying thin pool workqueue - can: ems_usb: Fix possible tx overflow - usb: dwc3: Fix assignment of EP transfer resources - USB: cp210x: add IDs for GE B650V3 and B850V3 boards - USB: option: add support for SIM7100E - USB: option: add "4G LTE usb-modem U901" - [armhf] spi: omap2-mcspi: Prevent duplicate gpio_request - iw_cxgb3: Fix incorrectly returning error on success - [x86] drm/i915: shut up gen8+ SDE irq dmesg noise - ocfs2: unlock inode if deleting inode from orphan fails - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED - mm: numa: quickly fail allocations for NUMA balancing on full nodes - genirq: Validate action before dereferencing it in handle_irq_event_percpu() - [s390x] KVM: fix memory overwrites when vx is disabled - Btrfs: add missing brelse when superblock checksum fails - Btrfs: igrab inode in writepage - btrfs: statfs: report zero available if metadata are exhausted - Btrfs: send, don't BUG_ON() when an empty symlink is found - Btrfs: fix number of transaction units required to create symlink - Btrfs: fix transaction handle leak on failure to create hard link - Btrfs: Initialize btrfs_root->highest_objectid when loading tree root and subvolume roots - btrfs: initialize the seq counter in struct btrfs_device - [s390x] fix normalization bug in exception table sorting - [s390x] dasd: prevent incorrect length error under z/VM after PAV changes - [s390x] dasd: fix refcount for PAV reassignment - [s390x] dasd: fix performance drop - [s390x] compat: correct restore of high gprs on signal return - [s390x] fpu: signals vs. floating point control register - locks: fix unlock when fcntl_setlk races with a close - rtlwifi: rtl8192cu: Add missing parameter setup - rtlwifi: rtl8192ce: Fix handling of module parameters - rtlwifi: rtl8192de: Fix incorrect module parameter descriptions - rtlwifi: rtl8723ae: Fix initialization of module parameters - rtlwifi: rtl8192se: Fix module parameter initialization - rtlwifi: rtl8188ee: Fix module parameter initialization - rtlwifi: rtl8723be: Fix module parameter initialization - [x86] mei: fix fasync return value on error - [x86] mei: validate request value in client notify request ioctl - namei: ->d_inode of a pinned dentry is stable only for positives - [armhf] rc: sunxi-cir: Initialize the spinlock properly - gspca: ov534/topro: prevent a division by 0 - vb2: fix a regression in poll() behavior for output,streams - tda1004x: only update the frontend properties if locked - dm snapshot: fix hung bios when copy error occurs - dm: fix dm_rq_target_io leak on faults with .request_fn DM w/ blk-mq paths - posix-clock: Fix return code on the poll method's error path - mmc: sdhci-pci: Do not default to 33 Ohm driver strength for Intel SPT - mmc: sdhci: Fix DMA descriptor with zero data length - mmc: sdio: Fix invalid vdd in voltage switch power cycle - mmc: mmc: Fix incorrect use of driver strength switching HS200 and HS400 - mmc: sdhci: Fix sdhci_runtime_pm_bus_on/off() - mmc: core: Enable tuning according to the actual timing - [armhf, arm64] mmc: mmci: fix an ages old detection error - [x86] mmc: sdhci-acpi: Fix card detect race for Intel BXT/APL - [x86] mmc: sdhci-pci: Fix card detect race for Intel BXT/APL - mmc: sdhci: Allow override of mmc host operations - mmc: sdhci: Allow override of get_cd() called from sdhci_request() - [x86] Drivers: hv: vmbus: Fix a Host signaling bug - Bluetooth: Use continuous scanning when creating LE connections - Bluetooth: Add support of Toshiba Broadcom based devices - Bluetooth: Fix incorrect removing of IRKs - Bluetooth: 6lowpan: Fix kernel NULL pointer dereferences - Bluetooth: 6lowpan: Fix handling of uncompressed IPv6 packets - time: Avoid signed overflow in timekeeping_get_ns() - cputime: Prevent 32bit overflow in time[val|spec]_to_cputime() - [mips*] Revert "MIPS: Fix PAGE_MASK definition" - [mips*el/loongson-3] Loongson-3: Fix SMP_ASK_C0COUNT IPI handler - [mips*] hpet: Choose a safe value for the ETIME check - [mips*] Fix buffer overflow in syscall_get_arguments() - EDAC: Robustify workqueues destruction - EDAC, mc_sysfs: Fix freeing bus' name - [sparc64] fix incorrect sign extension in sys_sparc64_personality - [armhf] clk: exynos: use irqsave version of spin_lock to avoid deadlock with irqs - [armhf] regulator: axp20x: Fix GPIO LDO enable value for AXP22x - virtio_balloon: fix race by fill and leak - virtio_balloon: fix race between migration and ballooning - virtio_pci: fix use after free on release - [x86] drm/vmwgfx: Fix an incorrect lock check - [x86] drm/vmwgfx: Fix a width / pitch mismatch on framebuffer updates - [x86] drm/vmwgfx: respect 'nomodeset' - [x86] drm/amdgpu: Fix off-by-one errors in amdgpu_vm_bo_map - [x86] drm/amdgpu: call hpd_irq_event on resume - [x86] drm/amdgpu: fix lost sync_to if scheduler is enabled. - [x86] drm/amdgpu: fix tonga smu resume - [x86] drm/amdgpu: fix amdgpu_bo_pin_restricted VRAM placing v2 - [x86] drm/amdgpu: no need to load MC firmware on fiji - [x86] drm/amdgpu: move gmc7 support out of CIK dependency - [x86] drm/amdgpu: iceland use CI based MC IP - [x86] drm/amdgpu: The VI specific EXE bit should only apply to GMC v8.0 above - [x86] drm/amdgpu: pull topaz gmc bits into gmc_v7 - [x86] drm/amdgpu: drop topaz support from gmc8 module - [x86] drm/amdgpu: don't load MEC2 on topaz - [x86] drm/amdgpu: remove exp hardware support from iceland - [x86] drm/amdgpu: fix s4 resume - [x86] drm/amdgpu: remove unnecessary forward declaration - [x86] drm/amdgpu: hold reference to fences in amdgpu_sa_bo_new (v2) - [x86] drm/amdgpu: fix issue with overlapping userptrs - [x86] drm/amdgpu: use post-decrement in error handling - [x86] drm/amdgpu: Don't hang in amdgpu_flip_work_func on disabled crtc. - [x86] drm/amdgpu/pm: adjust display configuration after powerstate - drm/nouveau/kms: take mode_config mutex in connector hotplug path - drm/nouveau/display: Enable vblank irqs after display engine is on again. (regression in 4.4) - drm/nouveau/disp/dp: ensure sink is powered up before attempting link training - drm/nouveau: platform: Fix deferred probe - drm/radeon: Fix off-by-one errors in radeon_vm_bo_set_addr - drm/radeon: Fix "slow" audio over DP on DCE8+ - drm/radeon: clean up fujitsu quirks - drm/radeon: properly byte swap vce firmware setup - drm/radeon: cleaned up VCO output settings for DP audio - drm/radeon: Add a common function for DFS handling - drm/radeon: fix DP audio support for APU with DCE4.1 display engine - drm/radeon: mask out WC from BO on unsupported arches - drm/radeon: hold reference to fences in radeon_sa_bo_new - drm: fix missing reference counting decrease - [x86] drm/i915: Restore inhibiting the load of the default context - [x86] drm/i915: intel_hpd_init(): Fix suspend/resume reprobing - [x86] drm/i915: Init power domains early in driver load - [x86] drm/i915: Make sure DC writes are coherent on flush. - [x86] drm/i915/dp: fall back to 18 bpp when sink capability is unknown - [x86] drm/i915: Don't reject primary plane windowing with color keying enabled on SKL+ - [x86] drm/i915/skl: Don't skip mst encoders in skl_ddi_pll_select() - [x86] drm/i915/dsi: defend gpio table against out of bounds access - [x86] drm/i915/dsi: don't pass arbitrary data to sideband - [x86] drm/i915: fix error path in intel_setup_gmbus() - drm/qxl: use kmalloc_array to alloc reloc_info in qxl_process_single_command - drm/radeon: use post-decrement in error handling - drm: No-Op redundant calls to drm_vblank_off() (v2) - drm: Prevent vblank counter bumps > 1 with active vblank clients. (v2) (regression in 4.4) - drm: Fix drm_vblank_pre/post_modeset regression from Linux 4.4 - drm: Fix treatment of drm_vblank_offdelay in drm_vblank_on() (v2) - drm/radeon: Don't hang in radeon_flip_work_func on disabled crtc. (v2) - drm/radeon/pm: adjust display configuration after powerstate - make sure that freeing shmem fast symlinks is RCU-delayed - [x86] toshiba_acpi: Fix blank screen at boot if transflective backlight is supported - [x86] ideapad-laptop: Add Lenovo ideapad Y700-17ISK to no_hw_rfkill dmi list - [x86] ideapad-laptop: Add Lenovo Yoga 700 to no_hw_rfkill dmi list - [x86] ACPI / video: Add disable_backlight_sysfs_if quirk for the Toshiba Portege R700 - [x86] ACPI / video: Add disable_backlight_sysfs_if quirk for the Toshiba Satellite R830 - [x86] ACPI: Revert "ACPI / video: Add Dell Inspiron 5737 to the blacklist" - [x86] ACPI / PCI / hotplug: unlock in error path in acpiphp_enable_slot() - nfit: fix multi-interface dimm handling, acpi6.1 compatibility - dmaengine: dw: fix cyclic transfer setup - dmaengine: dw: fix cyclic transfer callbacks - dmaengine: dw: disable BLOCK IRQs for non-cyclic xfer - IB/cm: Fix a recently introduced deadlock - IB/qib: fix mcast detach when qp not attached - IB/qib: Support creating qps with GFP_NOIO flag - IB/mlx5: Expose correct maximum number of CQE capacity - Thermal: initialize thermal zone device correctly - Thermal: handle thermal zone device properly during system sleep - Thermal: do thermal zone update after a cooling device registered - hwmon: (dell-smm) Blacklist Dell Studio XPS 8000 - hwmon: (gpio-fan) Remove un-necessary speed_index lookup for thermal hook - hwmon: (ads1015) Handle negative conversion values correctly - cpufreq: pxa2xx: fix pxa_cpufreq_change_voltage prototype - cpufreq: Fix NULL reference crash while accessing policy->governor_data - seccomp: always propagate NO_NEW_PRIVS on tsync - libceph: fix ceph_msg_revoke() - libceph: don't bail early from try_read() when skipping a message - libceph: use the right footer size when skipping a message - libceph: don't spam dmesg with stray reply warnings - sd: Optimal I/O size is in bytes, not sectors - Staging: speakup: Fix getting port information - cdc-acm:exclude Samsung phone 04e8:685d - tick/nohz: Set the correct expiry when switching to nohz/lowres mode - rfkill: fix rfkill_fop_read wait_event usage - mac80211: Requeue work after scan complete for all VIF types. - workqueue: handle NUMA_NO_NODE for unbound pool_workqueue lookup - Revert "workqueue: make sure delayed work run in local cpu" - ALSA: hda - Apply clock gate workaround to Skylake, too - ALSA: hda - Fixing background noise on Dell Inspiron 3162 - target: Fix LUN_RESET active I/O handling for ACK_KREF - target: Fix LUN_RESET active TMR descriptor handling - target: Fix TAS handling for multi-session se_node_acls - target: Fix remote-port TMR ABORT + se_cmd fabric stop - target: Fix race with SCF_SEND_DELAYED_TAS handling - qla2xxx: Fix stale pointer access. - libata: fix sff host state machine locking while polling - PCI/AER: Flush workqueue on device remove to avoid use-after-free - cpuset: make mm migration asynchronous - cgroup: make sure a parent css isn't offlined before its children - writeback: keep superblock pinned during cgroup writeback association switches - phy: core: fix wrong err handle for phy_power_on - [x86] i2c: i801: Adding Intel Lewisburg support for iTCO - bio: return EINTR if copying to user space got interrupted - block: fix use-after-free in dio_bio_complete - nfs: fix nfs_size_to_loff_t - NFSv4: Fix a dentry leak on alias use - KVM: async_pf: do not warn on page allocation failures - [armhf,arm64] KVM: vgic: Ensure bitmaps are long enough - [x86] KVM: fix missed hardware breakpoints - [x86] KVM: fix conversion of addresses to linear in 32-bit protected mode - [x86] KVM: MMU: fix ubsan index-out-of-range warning - [powerpc] eeh: Fix partial hotplug criterion - tracing: Fix showing function event in available_events - sunrpc/cache: fix off-by-one in qword_get() - kernel/resource.c: fix muxed resource handling in __request_region() - do_last(): don't let a bogus return value from ->open() et.al. to confuse us - [armhf] OMAP2+: Fix onenand initialization to avoid filesystem corruption - [armhf] xen: correctly handle DMA mapping of compound pages - xen/scsiback: correct frontend counting - xen/pciback: Check PF instead of VF for PCI_COMMAND_MEMORY - xen/pciback: Save the number of MSI-X entries to be copied later. - xen/pcifront: Fix mysterious crashes when NUMA locality information was extracted. - should_follow_link(): validate ->d_seq after having decided to follow - do_last(): ELOOP failure exit should be done after leaving RCU mode - [x86] mpx: Fix off-by-one comparison with nr_registers - [x86] entry/compat: Add missing CLAC to entry_INT80_32 - [x86] irq: Call chip->irq_set_affinity in proper context - [x86] irq: Fix a race in x86_vector_free_irqs() - [x86] irq: Validate that irq descriptor is still active - [x86] irq: Do not use apic_chip_data.old_domain as temporary buffer - [x86] irq: Reorganize the return path in assign_irq_vector - [x86] irq: Reorganize the search in assign_irq_vector - [x86] irq: Check vector allocation early - [x86] irq: Copy vectormask instead of an AND operation - [x86] irq: Remove offline cpus from vector cleanup - [x86] irq: Clear move_in_progress before sending cleanup IPI - [x86] irq: Remove the cpumask allocation from send_cleanup_vector() - [x86] irq: Remove outgoing CPU from vector cleanup mask - [x86] irq: Call irq_force_move_complete with irq descriptor - [x86] irq: Plug vector cleanup race - IB/cma: Fix RDMA port validation for iWarp - security: let security modules use PTRACE_MODE_* with bitmasks - iwlwifi: dvm: fix WoWLAN - iwlwifi: pcie: properly configure the debug buffer size for 8000 - iwlwifi: update and fix 7265 series PCI IDs - iwlwifi: mvm: don't allow sched scans without matches to be started [ Roger Shimizu ] * [armhf] dts: imx6dlq-wandboard-revb1: use unique model id (Closes: #813881). * [armel] dts: Add various device-tree fixes and improvements for Buffalo Linkstation devices. [ Ben Hutchings ] * udeb: Include more modules, including those needed on Firefly-RK3288, thanks to Vagrant Cascadian (Closes: #815476) - [armhf] core-modules: Include regulator drivers by default - mmc-modules: Include MMC controller drivers by default - mmc-modules: Depends on usb-modules - usb-modules: Include USB PHY drivers by default * uas: Fix high-order alloc * Fix/ignore module ABI changes in 4.4.4 as appropriate * Revert "drm/radeon: call hpd_irq_event on resume", reported to cause regressions (crash/hang) on some systems * [powerpc*] Fix module linking to work with binutils 2.26 (Closes: #808043): - Simplify module TOC handling - Fix dedotify for binutils >= 2.26 [ Ian Campbell ] * [armhf] dts: Add DTB for Novena, patches from Vagrant Cascadian (Closes: #815324) [ Uwe Kleine-König ] * [armhf] enable AXP20X_POWER (Closes: #815971) * [rt] Update to 4.4.3-rt9 -- Ben Hutchings Mon, 07 Mar 2016 19:27:18 +0000 linux-tools (4.4-4) unstable; urgency=medium * hyperv-daemons: Only build the progarams on x86 (fixes FTBFS) -- Ben Hutchings Sun, 21 Feb 2016 16:57:55 +0000 linux-tools (4.4-3) unstable; urgency=medium * hyperv-daemons: Add init scripts -- Ben Hutchings Sun, 21 Feb 2016 15:07:55 +0000 linux (4.4.2-3) unstable; urgency=medium * [x86] efi-bgrt: Fix kernel panic when mapping BGRT data (Closes: #815125) * [x86] efi-bgrt: Replace early_memremap() with memremap() -- Ben Hutchings Sun, 21 Feb 2016 13:11:18 +0000 linux-tools (4.4-2) unstable; urgency=medium * linux-perf: Include version number in strace groups installation directory (Closes: #813080) * [alpha,sh4] Attempt to fix build failures * Build fixdep under debian/build and clean it up properly -- Ben Hutchings Fri, 19 Feb 2016 17:11:29 +0000 linux (4.4.2-2) unstable; urgency=medium [ Ben Hutchings ] * udeb: Make DAC960 and cciss optional in scsi-modules again (fixes FTBFS on armhf, arm64) * [armel,armhf] net: mv643xx_eth: fix packet corruption with TSO and tiny unaligned packets. (Closes: #814681) * [mipsel/loongson-2f] udeb: Add i2c-modules to avoid duplicate modules [ Martin Michlmayr ] * [arm64] Create i2c-modules udeb to avoid duplicate modules. -- Ben Hutchings Fri, 19 Feb 2016 14:48:52 +0000 linux-tools (4.4-1) unstable; urgency=medium * Upload to unstable -- Ben Hutchings Thu, 18 Feb 2016 01:30:50 +0000 linux (4.4.2-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.2 - ALSA: usb-audio: avoid freeing umidi object twice (CVE-2016-2384) [ Ben Hutchings ] * Set ABI to 1 * iw_cxgb3: Fix incorrectly returning error on success (CVE-2015-8812) * fs/hugetlbfs/inode.c: fix bugs in hugetlb_vmtruncate_list() (CVE-2016-0617) (regression in 4.3) * af_unix: Guard against other == sk in unix_dgram_sendmsg (regression in 4.2.6-2) * Revert "workqueue: make sure delayed work run in local cpu" (regression in 4.3) * af_unix: Don't set err in unix_stream_read_generic unless there was an error (regression in 4.4, 4.3.4) * bpf: fix branch offset adjustment on backjumps after patching ctx expansion (CVE-2016-2383) * udeb: Combine scsi-{common,extra}-modules with scsi-modules * udeb: Use wildcards to include entire classes of drivers: - input-modules: Include HID drivers by default - nic{,-pcmcia,-usb,-wireless}-modules: Include Ethernet, USB and wireless drivers by default - {pata,sata}-modules: Include ATA drivers by default - sound-modules: Include sound drivers by default - scsi-modules: Include SCSI drivers by default - usb-modules: Include USB host drivers by default - usb-serial-modules: Include USB serial drivers by default - usb-storage-modules: Include USB storage drivers by default * udeb: Remove some obsolete drivers: - nic-modules: Remove FDDI and HIPPI drivers, and inet_lro module - nic-pcmcia-modules: Remove Arcnet drivers * udeb: Move most USB wireless drivers from nic-usb-modules to nic-wireless-modules * udeb: Really add virtio_input to virtio-modules (not input-modules) * [x86] Fix issues resulting in W+X pages: - [amd64] efi: Build our own page table structure - [i386/686-pae] mm: Fix types used in pgprot cacheability flags translations - [i386/686-pae] PCI: Set pci=nobios by default * IFF_NO_QUEUE: Fix for drivers not calling ether_setup() (regression in 4.3) * udeb: Fix issues with wildcards that caused FTBFS on armhf, thanks to Karsten Merker [ Roger Shimizu ] * Enable TTY_PRINTK as module (Closes: #814540). [ Uwe Kleine-König ] * [rt] Update to 4.4.1-rt6 -- Ben Hutchings Wed, 17 Feb 2016 21:20:12 +0000 linux (4.4.1-1~exp1) experimental; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1 [ Ricardo Salveti ] * Extending ARM64 support: - config: enabling support for the AMD Seattle platform - nic-modules: adding amd-xgbe - sata-modules: adding ahci_platform, required by AMD Overdrive - config: enabling the cpuidle ARM driver - config: enable multi-core scheduler support by default - config: enable PCI generic host bridge by default - config: enable CRYPTO_CRC32_ARM64 by default [ Ian Campbell ] * [arm64] Enabled support for QCOM platforms, options recommended by Martin Michlmayr. (Closes: #812386) * [armel/marvell] Declare breaks against flash-kernel << 3.57~ in order to force a version which understands about the merge of kirkwood and orion5x flavours into marvell. [ Ben Hutchings ] * linux-image: Make failure of depmod fatal, rather than asking what to do * [mips*] linux-image: Remove debconf question for requirement of initramfs * linux-image: Remove unnecessary debconf initialisations * linux-{headers,image}: Remove support for version-specific hooks * linux-headers: Make postinst script less verbose (see: #734266) * [armel] Replace kirkwood and orion5x flavours with a 'marvell' flavour * [armel/marvell] Adjust configuration to reduce image size: - Disable support for DNS-323 as the kernel image was already too large for this machine + Disable MACH_DNS323 + Change MTD_CFI_AMDSTD from built-in to module - input: Disable KEYBOARD_ATKBD - mtd: Change JFFS2_FS, MTD_SPI_NOR, and M25P80 from built-in to modules * [rt] Update to 4.4.1-rt5: - genirq: Add default affinity mask command line option - latencyhist: disable jump-labels - kernel/perf: mark perf_cpu_context's timer as irqsafe * bnx2x: Enable BNX2X_VXLAN * cgroups: Enable CGROUP_PIDS * crypto: Enable CRYPTO_CHACHA20, CRYPTO_POLY1305, CRYPTO_CHACHA20POLY1305, CRYPTO_USER_API_AEAD as modules * [x86] crypto: Enable CRYPTO_DEV_QAT_DH895xCC, CRYPTO_DEV_QAT_DH895xCCVF as modules * [amd64] crypto: Enable CRYPTO_CHACHA20_X86_64, CRYPTO_DES3_EDE_X86_64, CRYPTO_POLY1305_X86_64 as modules * [x86] dmaengine: Enable INTEL_IDMA64 as module * debug: Enable SCHED_STACK_END_CHECK * dm-cache: Enable DM_CACHE_SMQ as module * ethernet: Enable BNXT, QED, QEDE as modules * hci_uart: Enable BT_HCIUART_QCA * HID: Enable HID_CORSAIR, HID_GEMBIRD as modules * [x86] hwmon: Enable SENSORS_I5500 as module * [x86] IB: Enable INFINIBAND_USNIC as module * iio/light: Enable ACPI_ALS as module * [x86] input: Enable SURFACE_PRO3_BUTTON as module * [x86] iommu: Enable INTEL_IOMMU_SVM * ipvs: Enable IP_VS_OVF as module * media: Enable DVB_NETUP_UNIDVB, USB_GSPCA_TOUPTEK,_VIDEO_DT3155 as modules * [x86] mfd: Enable MFD_INTEL_LPSS_ACPI, MFD_INTEL_LPSS_PCI as modules * [amd64] mic: Enable INTEL_MIC_X100_DMA, MIC_COSM, SCIF, SCIF_BUS as modules * [powerpc*/*64*] misc: Enable GENWQE as module * net: Enable LWTUNNEL, NET_L3_MASTER_DEV; and MPLS_IPTUNNEL, NET_VRF as modules * [amd64] net: Enable FUJITSU_ES as module * netfilter: Really enable NF_TABLES_NETDEV, NFT_REDIR_IPV4, NFT_REDIR_IPV6 as modules * net/phy: Enable AQUANTIA_PHY, DP83848_PHY, MICROCHIP_PHY, TERANETICS_PHY as modules * net/sched: Really enable NET_CLS_FLOWER as module * net/usb: Enable USB_LAN78XX, USB_NET_CH9200 as modules * nfsd: Enable NFSD_PNFS * [x86] pinctrl: Enable PINCTRL_BROXTON, PINCTRL_SUNRISEPOINT * [x86] rfkill: Enable DELL_RBTN as module * serial: Enable SERIAL_OF_PLATFORM as module * sound/firewire: Enable SND_FIREWIRE_DIGI00X, SND_FIREWIRE_TASCAM as modules * [x86] thermal: Enable INTEL_PCH_THERMAL, INTEL_SOC_DTS_THERMAL as modules; disable THERMAL_OF * [x86] Enable INTEL_PMC_IPC as module * vfs,nvdimm: Really enable FS_DAX * [amd64] mm,nvdimm: Disable ZONE_DMA; enable ZONE_DEVICE, NVDIMM_PFN - This disables drivers for some AC'97 sound cards -- Ben Hutchings Wed, 10 Feb 2016 02:02:14 +0000 linux (4.4-1~exp1) experimental; urgency=medium * New upstream release: http://kernelnewbies.org/Linux_4.4 [ Ben Hutchings ] * [armhf] Enable EXTCON_USB_GPIO, ENSORS_GPIO_FAN as modules, and USB_DWC3_DUAL_ROLE instead of USB_DWC3_HOST (Closes: #810048) * [rt] Update to 4.4-rt2 -- Ben Hutchings Tue, 19 Jan 2016 22:25:06 +0000 linux-tools (4.4-1~exp2) experimental; urgency=medium * linux-perf: Fix FTBFS with gcc 6 (used on hppa, sparc64) -- Ben Hutchings Tue, 19 Jan 2016 22:11:13 +0000 linux-tools (4.4-1~exp1) experimental; urgency=medium * New upstream release [ Ben Hutchings ] * linux-perf: Fix reading of build-id from vDSO * linux-perf: Leave -rc suffix out of version in package description * debian.py: Implement stable order of fields not in the predefined order * genorig.py: Make orig tarballs really reproducible: - Override umask while extracting/exporting files - Override user and group names in tarball -- Ben Hutchings Tue, 19 Jan 2016 00:31:02 +0000 linux (4.4~rc8-1~exp1) experimental; urgency=medium * New upstream release candidate [ Ben Hutchings ] * [rt] Update to 4.4-rc6-rt1 and re-enable * [rt] Fix build error in kernel/time/hrtimer.c * [rt] latency_hist: Update sched_switch probe * [armhf] Add support for BCM2836 and Raspberry Pi 2: - pwm: bcm2835: Calculate scaler in ->config() - pwm: bcm2835: Prevent division by zero - drm: Create a driver hook for allocating GEM object structs - drm/vc4: Add a BO cache - drm/vc4: Add create and map BO ioctls - drm/vc4: Add an API for creating GPU shaders in GEM BOs - drm/vc4: Fix a typo in a V3D debug register - drm/vc4: Bind and initialize the V3D engine - drm/vc4: Add support for drawing 3D frames - drm/vc4: Add support for async pageflips - drm/vc4: Add an interface for capturing the GPU state after a hang - drm/vc4: copy_to_user() returns the number of bytes remaining - drm/vc4: allocate enough memory in vc4_save_hang_state() - drm/vc4: fix an error code - bcm2835: Add a compat string for bcm2836 machine probe - bcm2835: Add Kconfig support for bcm2836 - bcm2835: Define two new packets from the latest firmware - bcm2835: add rpi power domain driver - bcm2835: Split the DT for peripherals from the DT for the CPU - bcm2835: Move the CPU/peripheral include out of common RPi DT - bcm2835: Add devicetree for bcm2836 and Raspberry Pi 2 B - bcm2835: Add the auxiliary clocks to the device tree - Enable ARCH_BCM, ARCH_BCM2835, DMA_BCM2835, BCM2835_MBOX, RASPBERRYPI_FIRMWARE, RASPBERRYPI_POWER - Enable DRM_VC4, I2C_BCM2835, MMC_SDHCI_BCM2835, PWM_BCM2835, SPI_BCM2835, SPI_BCM2835AUX, USB_DWC2, BCM2835_WDT, SND_BCM2835_SOC_I2S as modules - udeb: Add sdhci-bcm2835 to mmc-modules, dwc2 to usb-modules * [armhf] Enable INPUT_AXP20X_PEK, CAN_SUN4I, SND_SUN4I_CODEC as modules (Closes: #808623) * [x86] nvdimm: Change X86_PMEM_LEGACY from built-in to module * [x86] Enable DEBUG_WX, X86_INTEL_MPX [ Ian Campbell ] * [armel/kirkwood] Updates/clarifications to kernel size limitations from Martin Michlmayr. (Closes: #809528) * [armhf] Enable support for Rockchip devices. (Closes: #809083) * [armhf] Enable basic support for DRA7XX systems, such as Beagle-x15. (Closes: #807624) -- Ben Hutchings Mon, 04 Jan 2016 17:23:28 +0000 linux (4.4~rc6-1~exp1) experimental; urgency=medium * New upstream release candidate - include/linux/mmdebug.h: should include linux/bug.h (fixes FTBFS on arm64) [ Ben Hutchings ] * [sparc64] udeb: Replace mpt2sas with mpt3sas in scsi-common-modules (fixes FTBFS) -- Ben Hutchings Mon, 21 Dec 2015 17:30:10 +0000 linux (4.4~rc5-1~exp1) experimental; urgency=medium * New upstream release candidate [ Ben Hutchings ] * [arm64] Drop now-redundant patches for X-Gene (fixes FTBFS) * [s390x] udeb: Add crc-modules package (fixes FTBFS) * cirrus,mgag200: Drop patches for compatibility with wheezy userland -- Ben Hutchings Wed, 16 Dec 2015 17:16:09 +0000 linux-tools (4.4~rc4-1~exp1) experimental; urgency=medium * New upstream release candidate -- Ben Hutchings Mon, 14 Dec 2015 01:28:50 +0000 linux (4.4~rc4-1~exp1) experimental; urgency=medium * New upstream release candidate [ Ben Hutchings ] * aufs: Update support patches to aufs4.x-rcN-20151123 * udeb: Make md-modules depend on crc-modules (Closes: #807661) * [armel/kirkwood,armhf] crypto: Enable CRYPTO_DEV_MARVELL_CESA as module (Closes: #807634) -- Ben Hutchings Sun, 13 Dec 2015 16:25:45 +0000 linux (4.3.5-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.4 - toshiba_acpi: Initialize hotkey_event_type variable (regression in 4.3) - USB: add quirk for devices with broken LPM - usb: core : hub: Fix BOS 'NULL pointer' kernel panic - pppoe: fix memory corruption in padt work structure (regression in 4.1) - ipv6: keep existing flags when setting IFA_F_OPTIMISTIC (regression in 4.1) - vxlan: fix incorrect RCO bit in VXLAN header (regression in 4.0) - sctp: update the netstamp_needed counter when copying sockets - sctp: also copy sk_tsflags when copying the socket (regression in 3.17) - r8152: fix lockup when runtime PM is enabled (regression in 4.2) - ipv6: sctp: clone options to avoid use after free - phy: micrel: Fix finding PHY properties in MAC node. (regression in 4.2) - openvswitch: Fix helper reference leak - openvswitch: Respect conntrack zone even if invalid - net: fix IP early demux races - vlan: Fix untag operations of stacked vlans with REORDER_HEADER off - skbuff: Fix offset error in skb_reorder_vlan_header - net: check both type and procotol for tcp sockets - net_sched: make qdisc_tree_decrease_qlen() work for non mq (regression in 4.3.3) - net: fix uninitialized variable issue - ipv6: automatically enable stable privacy mode if stable_secret set - inet: tcp: fix inetpeer_set_addr_v4() (regression in 4.3) - rhashtable: Enforce minimum size on initial hash table (regression in 4.1) - fou: clean up socket with kfree_rcu - af_unix: Revert 'lock_interruptible' in stream receive code - tcp: restore fastopen with no data in SYN packet (regression in 4.0) - rhashtable: Fix walker list corruption (regression in 4.1) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5 - [x86] mpx: Fix instruction decoder condition - [x86] signal: Fix restart_syscall number for x32 tasks - [x86] paravirt: Prevent rtc_cmos platform device init on PV guests (regression in 4.2) - [powerpc*] KVM: Book3S HV: Don't dynamically split core when already split (regression in 4.3) - [powerpc*] KVM: Book3S HV: Prohibit setting illegal transaction state in MSR - [x86] boot: Double BOOT_HEAP_SIZE to 64KB - [x86] mm: Add barriers and document switch_mm()-vs-flush synchronization (CVE-2016-2069) - timers: Use proper base migration in add_timer_on() - ipmi: move timer init to before irq is setup - ALSA: hda - Disable 64bit address for Creative HDA controllers - ALSA: hda - Fix lost 4k BDL boundary workaround (regression in 4.2) - [x86] ALSA: hda - Fix noise on Dell Latitude E6440 (regression in 4.1) - ALSA: hda - Skip ELD notification during system suspend (regression in 4.3) - ALSA: seq: Fix missing NULL check at remove_events ioctl - ALSA: usb-audio: Avoid calling usb_autopm_put_interface() at disconnect - ALSA: seq: Fix race at timer setup and close - [x86] ALSA: hda - Fix white noise on Dell Latitude E5550 (regression in 4.1) - ALSA: usb-audio: Fix mixer ctl regression of Native Instrument devices (regression in 3.19) - ALSA: timer: Harden slave timer list handling - ALSA: timer: Fix race among timer ioctls - ALSA: timer: Fix double unlink of active_list - [x86] ALSA: hda - Add fixup for Dell Latitidue E6540 (regression in 4.1) - ALSA: seq: Fix snd_seq_call_port_info_ioctl in compat mode - ALSA: pcm: Fix snd_pcm_hw_params struct copy in compat mode - ALSA: control: Avoid kernel warnings from tlv ioctl with numid 0 - ALSA: timer: Handle disconnection more safely - ASoC: rt286: Fix run time error while modifying const data (regression in 4.3) - airspy: increase USB control message buffer size (regression in 3.17) - USB: fix invalid memory access in hub_activate() - openvswitch: correct encoding of set tunnel action attributes (regression in 4.3) - veth: don’t modify ip_summed; doing so treats packets with bad checksums as good. - ipv6/addrlabel: fix ip6addrlbl_get() - addrconf: always initialize sysctl table data - connector: bump skb->users before callback invocation - af_unix: Fix splice-bind deadlock - bridge: Only call /sbin/bridge-stp for the initial network namespace - net: filter: make JITs zero A for SKF_AD_ALU_XOR_X (regression in 3.16) - net: sched: fix missing free per cpu on qstats (regression in 3.18) - net: possible use after free in dst_release - tcp: fix zero cwnd in tcp_cwnd_reduction (CVE-2016-2070) (regression in 4.3) - net: sctp: prevent writes to cookie_hmac_alg from accessing invalid memory - ipv6: tcp: add rcu locking in tcp_v6_send_synack() - tcp_yeah: don't set ssthresh below 2 - udp: disallow UFO for sockets with SO_NO_CHECK option (regression in 4.0) - net: preserve IP control block during GSO segmentation - phonet: properly unshare skbs in phonet_rcv() (regression in 4.0) - net: bpf: reject invalid shifts - ipv6: update skb->csum when CE mark is propagated - batman-adv: Avoid recursive call_rcu for batadv_bla_claim - batman-adv: Avoid recursive call_rcu for batadv_nc_node - batman-adv: Drop immediate batadv_orig_ifinfo free function - batman-adv: Drop immediate batadv_neigh_node free function - batman-adv: Drop immediate neigh_ifinfo free function - batman-adv: Drop immediate batadv_hard_iface free function - batman-adv: Drop immediate orig_node free function - team: Replace rcu_read_lock with a mutex in team_vlan_rx_kill_vid - xfrm: dst_entries_init() per-net dst_ops - [powerpc*] tm: Block signal return setting invalid MSR state - [powerpc*] tm: Check for already reclaimed tasks - [ppc64el] opal-irqchip: Fix double endian conversion (regression in 4.2) - [powerpc*] opal-irqchip: Fix deadlock introduced by "Fix double endian conversion" - [powerpc*] powernv: pr_warn_once on unsupported OPAL_MSG type - [powerpc*] Make value-returning atomics fully ordered - [powerpc*] Make {cmp}xchg* and their atomic_ versions fully ordered - [arm64] bpf: fix div-by-zero case - [arm64] bpf: fix mod-by-zero case - [arm64] cmpxchg_dbl: fix return value type (regression in 4.3) - [arm*] KVM: test properly for a PTE's uncachedness - [arm64] KVM: Fix AArch32 to AArch64 register mapping - [arm*] KVM: correct PTE uncachedness check - [arm64] kernel: enforce pmuserenr_el0 initialization and restore - [arm*] iommu/arm-smmu: Fix error checking for ASID and VMID allocation - HID: wacom: Tie cached HID_DG_CONTACTCOUNT indices to report ID (regression in 4.3) - HID: wacom: Expect 'touch_max' touches if HID_DG_CONTACTCOUNT not present (regression in 4.3) - HID: core: Avoid uninitialized buffer access - staging: lustre: echo_copy.._lsm() dereferences userland pointers directly - direct-io: Fix negative return from dio read beyond eof - fix the regression from "direct-io: Fix negative return from dio read beyond eof" - [arm64] KVM: Add workaround for Cortex-A57 erratum 834220 - [arm64] kernel: fix architected PMU registers unconditional access [ Ben Hutchings ] * fuse: break infinite loop in fuse_fill_write_pages() (CVE-2015-8785) * SCSI: fix crashes in sd and sr runtime PM (Closes: #801925) * rt2x00: fix monitor mode regression (regression in 4.2) * pipe: limit the per-user amount of pages allocated in pipes (CVE-2013-4312) [Original reference is incorrect; should be CVE-2016-2847.] * [powerpc*] Enable CRYPTO_DEV_VMX and enable CRYPTO_DEV_VMX_ENCRYPT as module (Closes: #813640) * debian/copyright: Add licence information for drivers/crypto/vmx/*.pl * udeb: Add hid-logitech-hidpp to input-modules (Closes: #796096) * hwrng: n2 - Attach on T5/M5, T7/M7 SPARC CPUs (Closes: #809815) [ Salvatore Bonaccorso ] * netfilter: nf_nat_redirect: add missing NULL pointer check (CVE-2015-8787) [ Aurelien Jarno ] * [mips*] Backport math emulation fix from 4.5. * [arm64] Enable RTC_DRV_EFI. [ Hendrik Brueckner ] * [s390x] udeb: include modules to mount ISOs (loop device) (Closes: #812336) * [s390x] udeb: include btrfs-modules (Closes: #812340) [ Martin Michlmayr ] * Include Device Tree model in reportbug script -- Ben Hutchings Sat, 06 Feb 2016 23:25:14 +0000 linux (4.3.3-7) unstable; urgency=medium * linux-image-dbg: Don't rely on upstream makefile to make .build-id links to vDSO debuginfo (fixes FTBFS on arm64, s390) -- Ben Hutchings Tue, 19 Jan 2016 17:29:21 +0000 linux (4.3.3-6) unstable; urgency=medium [ Ben Hutchings ] * debian.py: Implement stable order of fields in debian/tests/control * debian.py: Implement stable order of fields not in the predefined order * genorig.py: Make orig tarballs really reproducible: - Override umask while extracting/exporting files - Override user and group names in tarball * xen/gntdev: Grant maps should not be subject to NUMA balancing (Closes: #810472) * gpio: Enable GPIO_SYSFS wherever GPIOLIB is enabled (Closes: #810085) * [armhf] udeb: Include usbhid in input-modules (Closes: #809521) * linux-image-dbg: Include debugging symbols for VDSOs * [armel/kirkwood] power/reset: Re-enable POWER_RESET, POWER_RESET_GPIO (regression in 3.17~rc5-1~exp1) * usb: serial: visor: fix crash on detecting device without write_urbs (CVE-2015-7566) * tty: Fix unsafe ldisc reference via ioctl(TIOCGETD) (CVE-2016-0723) * [x86] drm/vmwgfx: Fix a width / pitch mismatch on framebuffer updates * bcache: Add upstream fixes marked for stable: - fix a livelock when we cause a huge number of cache misses - Add a cond_resched() call to gc - clear BCACHE_DEV_UNLINK_DONE flag when attaching a backing device - fix a leak in bch_cached_dev_run() - unregister reboot notifier if bcache fails to unregister device - allows use of register in udev to avoid "device_busy" error. - prevent crash on changing writeback_running - Change refill_dirty() to always scan entire disk if necessary * KEYS: Fix keyring ref leak in join_session_keyring() (CVE-2016-0728) [ Salvatore Bonaccorso ] * unix: properly account for FDs passed over unix sockets (CVE-2013-4312) -- Ben Hutchings Tue, 19 Jan 2016 00:41:31 +0000 linux (4.3.3-5) unstable; urgency=medium * [armhf] udeb: Fix duplication and circular dependency between core-modules and usb-modules (really fixes FTBFS) - Add core-modules as a dependency of usb-modules - Remove gpio-viperboard from core-modules as it is unlikely to be needed -- Ben Hutchings Mon, 04 Jan 2016 00:45:27 +0000 linux (4.3.3-4) unstable; urgency=medium * [armhf] udeb: Remove pbias-regulator module from mmc-modules as it's now in core-modules (fixes FTBFS) -- Ben Hutchings Sun, 03 Jan 2016 01:50:52 +0000 linux (4.3.3-3) unstable; urgency=medium [ Ben Hutchings ] * [ppc64*] drm: Enable DRM_AST as module (Closes: #808338) * block: ensure to split after potentially bouncing a bio (Closes: #809082) * pptp: verify sockaddr_len in pptp_bind() and pptp_connect() (CVE-2015-8569) * bluetooth: Validate socket address length in sco_sock_bind() (CVE-2015-8575) * [xen] Fix race conditions in back-end drivers (CVE-2015-8550, XSA-155) * [xen] pciback: Fix state validation in MSI control operations (CVE-2015-8551, CVE-2015-8852, XSA-157) * ptrace: being capable wrt a process requires mapped uids/gids (CVE-2015-8709) * KEYS: Fix race between read and revoke (CVE-2015-7550) * [armhf] udeb: Add modular clock, GPIO, PCIe PHY and regulator drivers to core-modules (Closes: #809521) * [armhf] udeb: Add more USB PHY drivers to usb-modules * drm/nouveau/pmu: do not assume a PMU is present (Closes: #809481) * [x86] drm/i915: Don't compare has_drrs strictly in pipe config (Closes: #808720) * [armhf] crypto: sun4i-ss - add missing statesize (Closes: #808625) * Revert "xhci: don't finish a TD if we get a short transfer event mid TD" (Closes: #808602, #808953, regression in 4.3-rc7) * [x86] pinctrl: Enable PINCTRL_CHERRYVIEW (Closes: #808044) * [s390x] udeb: Add crc-modules package (Closes: #808051) [ Salvatore Bonaccorso ] * ovl: fix permission checking for setattr (CVE-2015-8660) * [x86] kvm: Reload pit counters for all channels when restoring state (CVE-2015-7513) -- Ben Hutchings Sat, 02 Jan 2016 16:45:46 +0000 linux-tools (4.3.1-2) unstable; urgency=medium * Upload for Perl 5.22 transition (Closes: #808329) * debian/rules: Fix check for binNMU, broken since 4.1.4-1 -- Ben Hutchings Sat, 19 Dec 2015 03:47:10 +0000 linux (4.3.3-2) unstable; urgency=medium * [armhf,sparc64] Force ZONE_DMA to be enabled, reversing ABI change in 4.3.3 (fixes FTBFS) * [sh4] Disable CC_STACKPROTECTOR_STRONG temporarily (fixes FTBFS) -- Ben Hutchings Thu, 17 Dec 2015 18:21:52 +0000 linux (4.3.3-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.2 - X.509: Fix the time validation [ver #2] https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3 - r8169: fix kasan reported skb use-after-free. (regression in 4.3) - af-unix: fix use-after-free with concurrent readers while splicing (regression in 4.2) - af_unix: don't append consumed skbs to sk_receive_queue (regression in 4.2) - af_unix: take receive queue lock while appending new skb (regression in 4.2) - af-unix: passcred support for sendpage (regression in 4.2) - ipv6: Avoid creating RTF_CACHE from a rt that is not managed by fib6 tree (regression in 4.2) - ipv6: Check expire on DST_NOCACHE route - ipv6: Check rt->dst.from for the DST_NOCACHE route (regression in 4.3) - Revert "ipv6: ndisc: inherit metadata dst when creating ndisc requests" (regression in 4.3) - packet: only allow extra vlan len on ethernet devices - packet: infer protocol from ethernet header if unset - packet: fix tpacket_snd max frame len - sctp: translate host order to network order when setting a hmacid - net/mlx5e: Added self loopback prevention (regression in 4.3) - net/mlx4_core: Fix sleeping while holding spinlock at rem_slave_counters (regression in 4.2) - ip_tunnel: disable preemption when updating per-cpu tstats - net/ip6_tunnel: fix dst leak (regression in 4.3) - tcp: disable Fast Open on timeouts after handshake - tcp: fix potential huge kmalloc() calls in TCP_REPAIR - tcp: initialize tp->copied_seq in case of cross SYN connection - net, scm: fix PaX detected msg_controllen overflow in scm_detach_fds - net: ipmr: fix static mfc/dev leaks on table destruction - net: ip6mr: fix static mfc/dev leaks on table destruction - vrf: fix double free and memory corruption on register_netdevice failure - tipc: fix error handling of expanding buffer headroom (regression in 4.3) - ipv6: distinguish frag queues by device for multicast and link-local packets - bpf, array: fix heap out-of-bounds access when updating elements - ipv6: add complete rcu protection around np->opt - net/neighbour: fix crash at dumping device-agnostic proxy entries - ipv6: sctp: implement sctp_v6_destroy_sock() - openvswitch: fix hangup on vxlan/gre/geneve device deletion - net_sched: fix qdisc_tree_decrease_qlen() races - btrfs: fix resending received snapshot with parent (regression in 4.2) - Btrfs: fix file corruption and data loss after cloning inline extents - Btrfs: fix regression when running delayed references (regression in 4.2) - Btrfs: fix race leading to incorrect item deletion when dropping extents - Btrfs: fix race leading to BUG_ON when running delalloc for nodatacow - Btrfs: fix race when listing an inode's xattrs - rbd: don't put snap_context twice in rbd_queue_workfn() - ext4 crypto: fix memory leak in ext4_bio_write_page() - ext4 crypto: fix bugs in ext4_encrypted_zeroout() - ext4: fix potential use after free in __ext4_journal_stop (regression in 4.2) - ext4, jbd2: ensure entering into panic after recording an error in superblock - nfsd: serialize state seqid morphing operations - nfsd: eliminate sending duplicate and repeated delegations - nfs4: start callback_ident at idr 1 - nfs4: resend LAYOUTGET when there is a race that changes the seqid - nfs: if we have no valid attrs, then don't declare the attribute cache valid - ocfs2: fix umask ignored issue - block: fix segment split (regression in 4.3) - ceph: fix message length computation - Btrfs: fix regression running delayed references when using qgroups (regression in 4.2) [ Ben Hutchings ] * net: add validation for the socket syscall protocol argument (CVE-2015-8543) * [armel/kirkwood] udeb: Override inclusion of gpio_keys in input-modules (fixes FTBFS) * vrf: Fix broken backport of "vrf: fix double free and memory corruption on register_netdevice failure" in 4.3.3 * net: Ignore ABI changes due to "ipv6: add complete rcu protection around np->opt", which don't appear to affect out-of-tree modules * tipc: Fix kfree_skb() of uninitialised pointer (regression in 4.3.3) -- Ben Hutchings Tue, 15 Dec 2015 21:25:26 +0000 linux-tools (4.3.1-1) unstable; urgency=medium * New upstream stable update - [x86] Add #AC to SVM_EXIT_REASONS [ Ben Hutchings ] * debian/bin/genorig.py: Add more files under arch/*/include/asm to file list (fixes FTBFS on several architectures) -- Ben Hutchings Mon, 14 Dec 2015 00:43:39 +0000 linux-tools (4.3-1) unstable; urgency=medium * New upstream release -- Ben Hutchings Sun, 13 Dec 2015 03:47:05 +0000 linux (4.3.1-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.1 [ Ben Hutchings ] * Set ABI to 1 * [armhf] rtc: Enable RTC_DRV_DS1307, RTC_DRV_PCF8563, RTC_DRV_ARMADA38X (Closes: #807632) * [armhf] Enable MACH_ARMADA_375, MACH_ARMADA_38X, MACH_ARMADA_39X (Closes: #807633) * [armhf] net: Enable MVPP2 as module * [armel/kirkwood] dts: Fix QNAP TS219 power-off (Closes: #807696) * [armhf] udeb: Add leds-modules package containing leds-gpio driver (Closes: #807721) * [x86] drm/i915: Mark uneven memory banks on gen4 desktop as unknown swizzling (Closes: #780363) * Enable CC_STACKPROTECTOR_STRONG (Closes: #805652) * [x86] input: Enable KEYBOARD_GPIO, INPUT_SOC_BUTTON_ARRAY (Closes: #804864) * [x86] nouveau: bios: return actual size of the buffer retrieved via _ROM (Closes: #772716) * [armhf] Add support for Odroid-XU4 (Closes: #804850) - mfd: s2mps11: Add manual shutdown method for Odroid XU3 - dts: Fix power off method for exynos5422-odroidxu3-common - dts: Split audio configuration to separate exynos5422-odroidxu3-audio - dts: Add support Odroid XU4 board for exynos5422-odroidxu4 * udeb: Add hid-chicony to input-modules (Closes: #766570) * sched: Enable CFS_BANDWIDTH (Closes: #802746) -- Ben Hutchings Sun, 13 Dec 2015 00:38:54 +0000 linux (4.3-1~exp2) experimental; urgency=medium [ Ben Hutchings ] * mv643xx_eth: Re-enable TSO, fixed upstream in 4.3 * debian/control: Move patchutils from Build-Depends to Build-Depends-Indep, as we only use filterdiff when building linux-source- * debian/control,debian/rules: Support a 'stage1' build profile which builds only linux-libc-dev (Closes: #695243) * debian/control: Add ':any' to Build-Depends on python3, to support cross- bootstrap * [armhf] Enable new drivers for Allwinner chips (Closes: #804856) - crypto: Enable CRYPTO_DEV_SUN4I_SS as module - musb: Enable USB_MUSB_SUNXI as module * aufs: Update support patches to aufs4.3-20151116 * [armhf] USB: Change USB, USB_GADGET, and various drivers from built-in to modules - musb: Enable USB_MUSB_DUAL_ROLE * [armhf] musb: Disable MUSB_PIO_ONLY and enable USB_INVENTRA_DMA, USB_TI_CPPI41_DMA, USB_TUSB_OMAP_DMA [ Ian Campbell ] * [armel/orion5x] Enable Device Tree for orion5x. Patch from Roger Shimizu (Closes: #803159) * [armel/orion5x] Enable CONFIG_DEBUG_LL_UART_8250. -- Ben Hutchings Fri, 04 Dec 2015 19:36:10 +0000 linux (4.3-1~exp1) experimental; urgency=medium * New upstream release [ Ben Hutchings ] * netfilter: Enable NFT_DUP_IPV4, NFT_DUP_IPV6 as modules (Closes: #803370) * tests: Add autopkgtest support * [x86] Compile with gcc-5 * [x86] Enable PINCTRL_BAYTRAIL (Closes: #797949) [ Salvatore Bonaccorso ] * Fix typo in image.plain.postinst template. Add missing space in warn message causing typo "dangling linkto". Thanks to Jakub Wilk (Closes: #803323) -- Ben Hutchings Wed, 04 Nov 2015 07:45:13 +0000 linux (4.3~rc7-1~exp1) experimental; urgency=medium * New upstream release candidate - [x86] smpboot: Fix CPU #1 boot timeout (Closes: #802464) -- Ben Hutchings Wed, 28 Oct 2015 11:04:27 +0900 linux-tools (4.3~rc5-1~exp2) experimental; urgency=medium * Fix the build-indep and binary-indep targets (fixes FTBFS for arch:all) -- Ben Hutchings Wed, 14 Oct 2015 02:08:09 +0100 linux-tools (4.3~rc5-1~exp1) experimental; urgency=medium * New upstream release candidate - perf: Fix build on architectures without CONFIG_PERF_REGS -- Ben Hutchings Wed, 14 Oct 2015 00:49:38 +0100 linux (4.3~rc5-1~exp1) experimental; urgency=medium * New upstream release candidate -- Ben Hutchings Wed, 14 Oct 2015 00:48:41 +0100 linux-tools (4.3~rc4-1~exp1) experimental; urgency=medium * New upstream release candidate -- Ben Hutchings Wed, 07 Oct 2015 01:15:46 +0100 linux (4.3~rc4-1~exp1) experimental; urgency=medium * New upstream release candidate [ Ben Hutchings ] * [armhf] dts: Fix Makefile target for sun4i-a10-itead-iteaduino-plus (fixes FTBFS) * [mips*] io: Define ioremap_uc (fixes FTBFS) -- Ben Hutchings Tue, 06 Oct 2015 23:27:45 +0100 linux (4.3~rc3-1~exp1) experimental; urgency=medium * New upstream release candidate [ Ben Hutchings ] * Disable CRAMFS; it was obsoleted by squashfs and initramfs * [i386] Replace 586 flavour with 686 - Enable support for OLPC and other Geode-based systems in the 686 flavour - udeb: Update kernel-versions -- Ben Hutchings Sun, 27 Sep 2015 21:02:54 +0100 linux (4.2.6-3) unstable; urgency=medium * Ignore some gpiochip ABI changes (fixes FTBFS on i386) -- Ben Hutchings Sun, 06 Dec 2015 02:12:41 +0000 linux (4.2.6-2) unstable; urgency=medium [ Salvatore Bonaccorso ] * [x86] KVM: svm: unconditionally intercept #DB (CVE-2015-8104) * [x86] KVM: rename update_db_bp_intercept to update_bp_intercept [ Ian Campbell ] * [x86] Xen: expose a more realistic max p2m size in the shared info, fixes migration (Closes: #797205) [ Ben Hutchings ] * media: usbvision: fix crash on detecting device with invalid configuration (CVE-2015-7833, partly fixed in 4.2.6-1) * udeb: Add dm-service-time to multipath-modules (Closes: #806131) * unix: avoid use-after-free in ep_remove_wait_queue (CVE-2013-7446) * isdn_ppp: Add checks for allocation failure in isdn_ppp_open() * ppp, slip: Validate VJ compression slot parameters completely (CVE-2015-7799) * Btrfs: fix truncation of compressed and inlined extents (CVE-2015-8374) * netfilter: Enable NFT_DUP_IPV4, NFT_DUP_IPV6 as modules (Closes: #803370) * [x86] Enable PINCTRL_BAYTRAIL (Closes: #797949) * qxl: Enable by default (Closes: #779515) * [s390*] Update linux-compiler metapackage to gcc-4.9 * firmware_class: Fix condition in directory search loop (Closes: #804862) * [x86] input: Enable MOUSE_ELAN_I2C as module, MOUSE_ELAN_I2C_I2C and MOUSE_ELAN_I2C_SMBUS (Closes: #791631) * [armhf] hsi: Enable CMT_SPEECH as module (Closes: #791819) * [armhf] power: Enable BATTERY_RX51 as module (Closes: #791820) * [x86] psmouse: Enable MOUSE_PS2_VMMOUSE (Closes: #802929) - linux-image: Add versioned Breaks on xserver-xorg-input-vmmouse to avoid driver conflicts * [armhf] udeb: Add stmmac platform modules dwmac-generic, dwmac-socfpga and dwmac-sunxi to nic-modules (Closes: #805098) * wireless: Enable WL_MEDIATEK, MT7601U as module * [x86] drm/i915: shut up gen8+ SDE irq dmesg noise (Closes: #806304) * [armhf] regulator: Enable REGULATOR_PFUZE100 as module (Closes: #806284) -- Ben Hutchings Fri, 04 Dec 2015 02:26:51 +0000 linux (4.2.6-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.6 - mmc: core: Fix init_card in 52Mhz (regression in 4.2) - rtlwifi: rtl8821ae: Fix system lockups on boot (regression in 4.2) - iwlwifi: mvm: init card correctly on ctkill exit check (regression in 3.18) - iwlwifi: mvm: flush fw_dump_wk when mvm fails to start (regression in 3.18) - [x86] iommu/vt-d: fix range computation when making room for large pages - [x86] iommu/amd: Fix BUG when faulting a PROT_NONE VMA - [x86] iommu/amd: Don't clear DTE flags when modifying it - drm: fix mutex leak in drm_dp_get_mst_branch_device - drm: Correct arguments to list_tail_add in create blob ioctl - drm: crtc: integer overflow in drm_property_create_blob() - rtl28xxu: fix control message flaws (regression in 4.0) - ALSA: hda - Fix deadlock at error in building PCM - [x86] ioapic: Prevent NULL pointer dereference in setup_ioapic_dest() (regression in 4.2.4) - mm: make sendfile(2) killable - drm/radeon/dpm: don't add pwm attributes if DPM is disabled (regression in 4.0) - [x86] drm/i915: Restore lost DPLL register write on gen2-4 (regression in 3.18) - [x86] drm/i915: Deny wrapping an userptr into a framebuffer - drm/radeon: don't try to recreate sysfs entries on resume (regression in 4.2.5) - drm/radeon: fix dpms when driver backlight control is disabled (regression in 4.2.4) - drm/radeon: move bl encoder assignment into bl init - rbd: require stable pages if message data CRCs are enabled - rbd: don't leak parent_spec in rbd_dev_probe_parent() - rbd: prevent kernel stack blow up on rbd map - [armhf] EXYNOS: Fix double of_node_put() when parsing child power domains (regression in 4.2) - [armhf] dts: Fix audio card detection on Peach boards (regression in 4.1) - [arm64] Revert "ARM64: unwind: Fix PC calculation" - block: don't release bdi while request_queue has live references (regression in 4.2) - dm btree remove: fix a bug when rebalancing nodes after removal - dm cache: the CLEAN_SHUTDOWN flag was not being set - dm btree: fix leak of bufio-backed block in btree_split_beneath error path - Revert "serial: 8250_dma: don't bother DMA with small transfers" (regression in 4.0) - [armel] i2c: mv64xxx: really allow I2C offloading (regression in 3.19) - clkdev: fix clk_add_alias() with a NULL alias device name (regression in 4.2) - fbcon: initialize blink interval before calling fb_set_par (regression in 4.2) - PCI: Prevent out of bounds access in numa_node override - ovl: free stack of paths in ovl_fill_super (regression in 4.0) - ovl: free lower_mnt array in ovl_put_super (regression in 4.0) - ovl: fix dentry reference leak - ovl: fix open in stacked overlay (regression in 4.2) - [x86] Input: alps - only the Dell Latitude D420/430/620/630 have separate stick button bits (regression in 4.1) - crypto: api - Only abort operations on fatal signal - md/raid1: submit_bio_wait() returns 0 on success (regression in 3.10) - md/raid10: submit_bio_wait() returns 0 on success (regression in 3.10) - md/raid5: fix locking in handle_stripe_clean_event() (regression in 3.13) - Revert "md: allow a partially recovered device to be hot-added to an array." (regression in 3.14) - [amd64] EDAC, sb_edac: Fix TAD presence check for sbridge_mci_bind_devs() (regression in 4.2) - mvsas: Fix NULL pointer dereference in mvs_slot_task_free - netfilter: ipset: Fix sleeping memory allocation in atomic context (regression in 4.2) - btrfs: fix possible leak in btrfs_ioctl_balance() (regression in 4.2.5) - kvm: irqchip: fix memory leak (regression in 4.2) - [armhf] thermal: exynos: Fix register read in TMU (regression in 4.2) - blk-mq: fix use-after-free in blk_mq_free_tag_set() (regression in 4.2) - IB/cm: Fix rb-tree duplicate free and use-after-free - sched/deadline: Fix migration of SCHED_DEADLINE tasks (regression in 4.2) - [arm64] compat: fix stxr failure case in SWP emulation - NVMe: Fix memory leak on retried commands - [x86] drm/vmwgfx: Fix up user_dmabuf refcounting - thp: use is_zero_pfn() only after pte_present() check (regression in 4.1) - xen: fix backport of previous kexec patch [ Ben Hutchings ] * usbvision: fix overflow of interfaces array (CVE-2015-7833) * RDS: fix race condition when sending a message on unbound socket (CVE-2015-7990) * media/vivid-osd: fix info leak in ioctl (CVE-2015-7884) * [x86] KVM: Intercept #AC to avoid guest->host denial-of-service (CVE-2015-5307) -- Ben Hutchings Tue, 10 Nov 2015 14:35:05 +0000 linux (4.2.5-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.4 - [armhf] KVM: Fix incorrect device to IPA mapping - [x86] KVM: vmx: fix VPID is 0000H in non-root operation - kvm: don't try to register to KVM_FAST_MMIO_BUS for non mmio eventfd - kvm: fix zero length mmio searching - kvm: factor out core eventfd assign/deassign logic - kvm: fix double free for fast mmio eventfd - [armhf] KVM: Disable virtual timer even if the guest is not using it - kvm: svm: reset mmu on VCPU reset - [x86] KVM: trap AMD MSRs for the TSeg base and mask - [powerpc*] KVM: Book3S: Take the kvm->srcu lock in kvmppc_h_logical_ci_load/store() - [powerpc*] KVM: Book3S HV: Pass the correct trap argument to kvmhv_commence_exit - [x86] Revert "KVM: x86: apply guest MTRR virtualization on host reserved pages" - [x86] Revert "KVM: SVM: use NPT page attributes" - [x86] Revert "KVM: SVM: Sync g_pat with guest-written PAT value" - time: Fix timekeeping_freqadjust()'s incorrect use of abs() instead of abs64() - target/iscsi: Fix np_ip bracket issue by removing np_ip - scsi: fix scsi_error_handler vs. scsi_host_dev_release race - target: Attach EXTENDED_COPY local I/O descriptors to xcopy_pt_sess - target: Fix PR registration + APTPL RCU conversion regression - iser-target: remove command with state ISTATE_REMOVE - iser-target: Put the reference on commands waiting for unsol data - toshiba_acpi: Fix hotkeys registration on some toshiba models - [x86] perf/intel: Fix constraint access - [x86] locking/qspinlock: Fix performance regression under unaccelerated VMs - [x86] locking/qspinlock: Only emit the test-and-set fallback when building guest support - [armhf] 8401/1: perf: Set affinity for PPI based PMUs - perf hists: Update the column width for the "srcline" sort key - perf stat: Get correct cpu id for print_aggr - perf tools: Add missing forward declaration of struct map to probe-event.h - perf tools: Add empty Build files for architectures lacking them - perf tools: Fix parse_events_add_pmu caller - perf header: Fixup reading of HEADER_NRCPUS feature - perf probe: Use existing routine to look for a kernel module by dso->short_name - watchdog: sunxi: fix activation of system reset - watchdog: imgpdc: Unregister restart handler on remove - sched: access local runqueue directly in single_task_running - hwmon: (nct6775) Swap STEP_UP_TIME and STEP_DOWN_TIME registers for most chips - [armhf] fix Thumb2 signal handling when ARMv6 is enabled - [armel,armhf] 8429/1: disable GCC SRA optimization - [powerpc*] windfarm: decrement client count when unregistering - [armhf] dts: omap5-uevm.dts: fix i2c5 pinctrl offsets - [armhf] dts: omap3-beagle: make i2c3, ddc and tfp410 gpio work again - [armhf] EXYNOS: reset Little cores when cpu is up - [armhf] dts: sunxi: Raise minimum CPU voltage for sun7i-a20 to meet SoC specifications - [armhf] dts: Fix wrong clock binding for sysmmu_fimd1_1 on exynos5420 - [armhf] dts: fix usb pin control for imx-rex dts - dax: fix O_DIRECT I/O to the last block of a blockdev - blockdev: don't set S_DAX for misaligned partitions - block: blkg_destroy_all() should clear q->root_blkg and ->root_rl.blkg - dmaengine: at_xdmac: change block increment addressing mode - dmaengine: at_xdmac: clean used descriptor - dmaengine: dw: properly read DWC_PARAMS register - dmaengine: at_xdmac: fix bug in prep_dma_cyclic - pmem: add proper fencing to pmem_rw_page() - [x86] apic: Serialize LVTT and TSC_DEADLINE writes - [x86] alternatives: Make optimize_nops() interrupt safe and synced - [i386] platform: Fix Geode LX timekeeping in the generic x86 build - [x86] ioapic: Force affinity setting in setup_ioapic_dest() - [x86] pci/intel_mid_pci: Work around for IRQ0 assignment - [x86] paravirt: Replace the paravirt nop with a bona fide empty function - [amd64] nmi: Fix a paravirt stack-clobbering bug in the NMI code - [x86] Use WARN_ON_ONCE for missing X86_FEATURE_NRIPS - [x86] efi: Fix boot crash by mapping EFI memmap entries bottom-up at runtime, instead of top-down - [x86] kexec: Fix kexec crash in syscall kexec_file_load() - [x86] process: Add proper bound checks in 64bit get_wchan() - [x86] mm: Set NX on gap between __ex_table and rodata - [x86] xen: Support kexec/kdump in HVM guests by doing a soft reset - leds:lp55xx: Correct Kconfig dependency for f/w user helper - leds/led-class: Add missing put_device() - sched/core: Fix TASK_DEAD race in finish_task_switch() - [s390x] compat: correct uc_sigmask of the compat signal frame - [s390x] boot/decompression: disable floating point in decompressor - Revert "cgroup: simplify threadgroup locking" - Revert "sched, cgroup: replace signal_struct->group_rwsem with a global percpu_rwsem" - memcg: make mem_cgroup_read_stat() unsigned - spi: Fix documentation of spi_alloc_master() - spi: bcm2835: BUG: fix wrong use of PAGE_MASK - spi: spidev: fix possible NULL dereference - mm: migrate: hugetlb: putback destination hugepage to active list - lib/iommu-common.c: do not try to deref a null iommu->lazy_flush() pointer when n < pool->hint - ocfs2/dlm: fix deadlock when dispatch assert master - mm: hugetlbfs: skip shared VMAs when unmapping private pages to satisfy a fault - memcg: fix dirty page migration - [armhf] ALSA: hda/tegra - async probe for avoiding module loading deadlock - ALSA: synth: Fix conflicting OSS device registration on AWE32 - ALSA: hda: Add dock support for ThinkPad T550 - ALSA: hda - Apply SPDIF pin ctl to MacBookPro 12,1 - ALSA: hda - Disable power_save_node for IDT 92HD73xx chips - ASoC: pxa: pxa2xx-ac97: fix dma requestor lines - ASoC: dwc: correct irq clear method - ASoC: db1200: Fix DAI link format for db1300 and db1550 - ASoC: sgtl5000: fix wrong register MIC_BIAS_VOLTAGE setup on probe - ASoC: tas2552: fix dBscale-min declaration - btrfs: skip waiting on ordered range for special files - Btrfs: fix read corruption of compressed and shared extents - Btrfs: update fix for read corruption of compressed and shared extents - PCI: Fix devfn for VPD access through function 0 - PCI: Use function 0 VPD for identical functions, regular VPD for others - PCI: Clear IORESOURCE_UNSET when clipping a bridge window - dm thin: disable discard support for thin devices if pool's is disabled - dm crypt: constrain crypt device's max_segment_size to PAGE_SIZE - ath10k: fix dma_mapping_error() handling - svcrdma: Fix send_reply() scatter/gather set-up - md/raid0: update queue parameter in a safer location. - md/raid0: apply base queue limits *before* disk_stack_limits - dm raid: fix round up of default region size - netfilter: nfnetlink: work around wrong endianess in res_id field - netfilter: nf_tables: Use 32 bit addressing register from nft_type_to_reg() - netfilter: ipset: Out of bound access in hash:net* types fixed - netfilter: ipset: Fixing unnamed union init - netfilter: nf_log: wait for rcu grace after logger unregistration - netfilter: nft_compat: skip family comparison in case of NFPROTO_UNSPEC - netfilter: nf_log: don't zap all loggers on unregister - regulator: core: Correct return value check in regulator_resolve_supply - regulator: axp20x: Fix enable bit indexes for DCDC4 and DCDC5 - regulator: core: Handle probe deferral from DT when resolving supplies - Bluetooth: Delay check for conn->smp in smp_conn_security() - nfs: fix v4.2 SEEK on files over 2 gigs - NFS: Do cleanup before resetting pageio read/write to mds - NFSv4: Recovery of recalled read delegations is broken - nfs: fix pg_test page count calculation - NFS: Fix a write performance regression - cifs: Fix sec=krb5 on smb3 mounts - cifs: disabling oplocks/leases via module parm enable_oplocks broken for SMB3 - cifs: Do not fall back to SMBWriteX in set_file_size error cases - drm/qxl: only report first monitor as connected if we have no state - drm/qxl: recreate the primary surface when the bo is not primary - drm/amdgpu: fix overflow on 32bit systems - drm/amdgpu: Disable UVD PG - drm/amdgpu: fix the UVD suspend sequence order - drm/amdgpu: make UVD handle checking more strict - drm/amdgpu: Fix max_vblank_count value for current display engines - drm/amdgpu: Restore LCD backlight level on resume - [x86] drm/i915/bios: handle MIPI Sequence Block v3+ gracefully - drm: Reject DRI1 hw lock ioctl functions for kms drivers - drm/radeon: Restore LCD backlight level on resume (>= R5xx) - drm/dp/mst: fixup handling hotplug on port removal. - drm/dp/mst: drop cancel work sync in the mstb destroy path (v2) - xhci: give command abortion one more chance before killing xhci - xhci: Move xhci_pme_quirk() behind #ifdef CONFIG_PM - usb: xhci: lock mutex on xhci_stop - usb: xhci: Clear XHCI_STATE_DYING on start - usb: xhci: stop everything on the first call to xhci_stop - usb: xhci: exit early in xhci_setup_device() if we're halted or dying - xhci: change xhci 1.0 only restrictions to support xhci 1.1 - xhci: init command timeout timer earlier to avoid deleting it uninitialized - usb: xhci: Add support for URB_ZERO_PACKET to bulk/sg transfers - batman-adv: Make DAT capability changes atomic - thermal: cpu_cooling: don't call kcalloc() under rcu_read_lock - thermal: cpu_cooling: free power table on error or when unregistering - [x86] hv: util: checking the wrong variable - mmc: dw_mmc: handle data blocks > than 4kB if IDMAC is used - usb: chipidea: imx: fix a typo for imx6sx - cifs: use server timestamp for ntlmv2 authentication - [armhf] irqchip/gic-v3-its: Add missing cache flushes - docs: update HOWTO for 3.x -> 4.x versioning - extcon: Fix signedness bugs about break error handling - extcon: Fix attached value returned by is_extcon_changed - [armhf] mtd: pxa3xx_nand: add a default chunk size - mtd: nand: sunxi: fix sunxi_nand_chips_cleanup() - mtd: nand: sunxi: fix OOB handling in ->write_xxx() functions - hpsa: fix an sprintf() overflow in the reset handler - PM / AVS: rockchip-io: depend on CONFIG_POWER_AVS - device property: fix potential NULL pointer dereference - ath10k: fix per-vif queue locking - ath10k: reject 11b tx fragmentation configuration - ath10k: fix peer limit enforcement - ath10k: wake up offchannel queue properly - ath10k: wake up queue upon vif creation - pcmcia: sa11x0: fix missing clk_put() in sa11x0 socket drivers - ipr: Enable SIS pipe commands for SIS-32 devices. - regmap: debugfs: Ensure we don't underflow when printing access masks - regmap: debugfs: Don't bother actually printing when calculating max length - security: fix typo in security_task_prctl - usb: musb: dsps: fix polling in device-only mode - usb: chipidea: udc: using the correct stall implementation - usb: Use the USB_SS_MULT() macro to get the burst multiplier. - usb: phy: phy-generic: Fix reset behaviour on legacy boot - usb: musb: cppi41: allow it to work again - USB: chaoskey read offset bug - usb: Add device quirk for Logitech PTZ cameras - USB: Add reset-resume quirk for two Plantronics usb headphones. - [armel,armhf] crypto: marvell - properly handle CRYPTO_TFM_REQ_MAY_BACKLOG-flagged requests - cpu/cacheinfo: Fix teardown path - cpufreq: dt: Tolerance applies on both sides of target voltage - [mips*] Fix console output for Fulong2e system - [mips*] bootmem: Fix mapstart calculation for contiguous maps - [mips*] dma-default: Fix 32-bit fall back to GFP_DMA - [mips*] CPS: Stop dangling delay slot from has_mt. - [mips*] CPS: Don't include MT code in non-MT kernels. - [mips*] CPS: #ifdef on CONFIG_MIPS_MT_SMP rather than CONFIG_MIPS_MT - batman-adv: Make NC capability changes atomic - batman-adv: Make TT capability changes atomic - batman-adv: Make MCAST capability changes atomic - batman-adv: Fix potential synchronization issues in mcast tvlv handler - batman-adv: Fix potentially broken skb network header access - [powerpc*] MSI: Fix race condition in tearing down MSI interrupts - rsi: Fix possible leak when loading firmware - UBIFS: Kill unneeded locking in ubifs_init_security - UBI: Validate data_size - UBI: return ENOSPC if no enough space available - net: via/Kconfig: GENERIC_PCI_IOMAP required if PCI not selected - iscsi-target: Avoid OFMarker + IFMarker negotiation - mmc: core: Don't return an error for CD/WP GPIOs when GPIOLIB is unset - mmc: core: fix dead loop of mmc_retune - [arm64] efi: Fix boot crash by not padding between EFI_MEMORY_RUNTIME regions - [arm64] ftrace: fix function_graph tracer panic - [arm64] readahead: fault retry breaks mmap file read random detection - [m68k] Define asmlinkage_protect - xen/blkback: free requests on disconnection - net/xen-netfront: only napi_synchronize() if running - igb: do not re-init SR-IOV during probe - genirq: Fix race in register_irq_proc() - clocksource: Fix abs() usage w/ 64bit values - md/bitmap: don't pass -1 to bitmap_storage_alloc. - nfs/filelayout: Fix NULL reference caused by double freeing of fh_array - cpufreq: acpi_cpufreq: prevent crash on reading freqdomain_cpus - [armhf] clk: ti: fix dual-registration of uart4_ick - [armhf] clk: ti: clk-7xx: Remove hardwired ABE clock configuration - [armhf] clk: samsung: fix cpu clock's flags checking - namei: results of d_is_negative() should be checked after dentry revalidation - dm: fix AB-BA deadlock in __dm_destroy() - dm cache: fix NULL pointer when switching from cleaner policy - staging: speakup: fix speakup-r regression - tty: fix stall caused by missing memory barrier in drivers/tty/n_tty.c - drivers/tty: require read access for controlling terminal - serial: 8250: add uart_config entry for PORT_RT2880 - serial: atmel: fix error path of probe function - mm/slab: fix unexpected index mapping result of kmalloc_size(INDEX_NODE+1) - blk-mq: avoid setting hctx->tags->cpumask before allocation - sched/preempt: Fix cond_resched_lock() and cond_resched_softirq() - 3w-9xxx: don't unmap bounce buffered commands - sched/preempt, xen: Use need_resched() instead of should_resched() - sched/preempt, powerpc, kvm: Use need_resched() instead of should_resched() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.5 - [powerpc*] net/ibm/emac: bump version numbers for correct work with ethtool - l2tp: protect tunnel->del_work by ref_count - af_unix: Convert the unix_sk macro to an inline function for type safety - af_unix: return data from multiple SKBs on recv() with MSG_PEEK flag - net/unix: fix logic about sk_peek_offset - skbuff: Fix skb checksum flag on skb pull - skbuff: Fix skb checksum partial check. - inet: fix races in reqsk_queue_hash_req() - net: add pfmemalloc check in sk_add_backlog() - ppp: don't override sk->sk_state in pppoe_flush_dev() - inet: fix race in reqsk_queue_unlink() - bpf: fix panic in SO_GET_FILTER with native ebpf programs - ovs: do not allocate memory from offline numa node - act_mirred: clear sender cpu before sending to tx - bpf: clear sender_cpu before xmit - ipv6: Don't call with rt6_uncached_list_flush_dev - ethtool: Use kcalloc instead of kmalloc for ethtool_get_strings - tipc: move fragment importance field to new header position - netlink: Trim skb to alloc size to avoid MSG_TRUNC - drm: Fix locking for sysfs dpms file - [sparc*] crypto: initialize blkcipher.ivsize - crypto: ahash - ensure statesize is non-zero - memcg: convert threshold to bytes - btrfs: check unsupported filters in balance arguments - btrfs: fix use after free iterating extrefs - [arm64] errata: use KBUILD_CFLAGS_MODULE for erratum #843419 - nfsd/blocklayout: accept any minlength - [armhf] i2c: s3c2410: enable RuntimePM before registering to the core - i2c: designware: Do not use parameters from ACPI on Dell Inspiron 7348 - i2c: designware-platdrv: enable RuntimePM before registering to the core - workqueue: make sure delayed work run in local cpu - [x86] KVM: fix SMI to halted VCPU - [x86] KVM: fix RSM into 64-bit protected mode - drm/qxl: fix framebuffer dirty rectangle tracking. - drm/nouveau/fbcon: take runpm reference when userspace has an open fd - drm/dp/mst: make mst i2c transfer code more robust. - drm/radeon: attach tile property to mst connector - drm/radeon: add pm sysfs files late - dm thin: fix missing pool reference count decrement in pool_ctr error path - rbd: fix double free on rbd_dev->header_name - timekeeping: Increment clock_was_set_seq in timekeeping_init() - [arm64] Fix THP protection change logic - svcrdma: handle rdma read with a non-zero initial page offset [ Salvatore Bonaccorso ] * KEYS: Fix race between key destruction and finding a keyring by name * KEYS: Fix crash when attempt to garbage collect an uninstantiated keyring (CVE-2015-7872) * KEYS: Don't permit request_key() to construct a new keyring [ Ben Hutchings ] * [x86] drm: Enable DRM_AMDGPU and HSA_AMD as modules (Closes: #797752) * media: Enable DVB_AS102, VIDEO_GO7007, VIDEO_GO7007_USB, VIDEO_GO7007_LOADER, VIDEO_GO7007_USB_S2250_BOARD as modules * net: Enable LIQUIDIO and MLX5_CORE as modules; enable MLX5_CORE_EN * [x86] Enable X86_AMD_PLATFORM_DEVICE * linux-manual: Fix regression in reproducibility in 4.2~rc8-1~exp1 * net: Enable GENEVE_CORE as module - Re-enable GENEVE and OPENVSWITCH_GENEVE * bpf: Enable BPF_SYSCALL * ACPI: Enable ACPI_NFIT as module * tcp: Enable TCP_CONG_CDG as module * nftables: Enable NF_TABLES_NETDEV, NFT_REDIR_IPV4, NFT_REDIR_IPV6 as modules [This change was accidentally omitted] * net/sched: Enable NET_CLS_FLOWER as module [This change was accidentally omitted] * SCSI: Enable SCSI_SNIC as module * target: Enable TCM_USER2 as module * net/phy: Enable DP83867_PHY as module * drm: Enable DRM_VIRTIO_GPU as module * HID: Enable HID_BETOP_FF, HID_PLANTRONICS as modules * hwrng: Enable USB_CHAOSKEY as module * ext4: Enable EXT4_ENCRYPTION * f2fs: Enable F2FS_FS_ENCRYPTION * vfs,nvdimm: Enable FS_DAX [This change was accidentally omitted] -- Ben Hutchings Wed, 28 Oct 2015 05:46:49 +0900 linux (4.2.3-2) unstable; urgency=medium * nbd: Restore request timeout detection (Closes: #770479) * Ignore ABI changes in all mmc host drivers (fixes FTBFS on armhf) -- Ben Hutchings Wed, 14 Oct 2015 19:09:49 +0100 linux (4.2.3-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.2 - nfc: netlink: Add check on NFC_ATTR_VENDOR_DATA - nfc: nci: hci: Add check on skb nci_hci_send_cmd parameter - blk-mq: fix buffer overflow when reading sysfs file of 'pending' - blk-mq: fix race between timeout and freeing request - mac80211: enable assoc check for mesh interfaces - [powerpc*] cxl: Allow release of contexts which have been OPENED but not STARTED (regression in 4.2) - ext4: don't manipulate recovery flag when freezing no-journal fs (regression in 3.18) - Revert "ext4: remove block_device_ejected" (regression in 4.1) - [arm64] kconfig: Move LIST_POISON to a safe value - [arm64] entry: always restore x0 from the stack on syscall return - [arm64] flush FP/SIMD state correctly after execve() - [arm64] head.S: initialise mdcr_el2 in el2_setup - [armhf,arm64] KVM: vgic: Check for !irqchip_in_kernel() when mapping resources (regression in 4.0) - [arm64] KVM: add workaround for Cortex-A57 erratum #852523 - [powerpc*] pseries: Fix corrupted pdn list (regression in 4.1) - [powerpc*] eeh: Probe after unbalanced kref check (regression in 4.1) - [powerpc*] eeh: Fix fenced PHB caused by eeh_slot_error_detail() (regression in 3.18) - [powerpc*] powernv/pci-ioda: fix 32-bit TCE table init in kdump kernel (regression in 4.2) - [powerpc*] powernv/pci-ioda: fix kdump with non-power-of-2 crashkernel= (regression in 4.2) - [powerpc*] pseries: Release DRC when configure_connector fails (regression in 4.1) - [powerpc*] mm: Recompute hash value after a failed update - CIFS: fix type confusion in copy offload ioctl - mm: check if section present during memory block registering (regression in 3.19) - [i386] mm: Initialize pmd_idx in page_table_range_init_count() - [x86] i915: Set ddi_pll_sel in DP MST path (regression in 4.2) - Btrfs: check if previous transaction aborted to avoid fs corruption - nfsd: Fix an FS_LAYOUT_TYPES/LAYOUT_TYPES encode bug - nfsd: ensure that the ol stateid hash reference is only put once - nfsd: ensure that delegation stateid hash references are only put once - NFSv4.1/pnfs: Fix atomicity of commit list updates (regression in 4.0) - NFSv4: don't set SETATTR for O_RDONLY|O_EXCL - NFSv4.1/pNFS: Fix borken function _same_data_server_addrs_locked() - NFS: Fix a NULL pointer dereference of migration recovery ops for v4.2 client - NFS: nfs_set_pgio_error sometimes misses errors - NFS41/flexfiles: update inode after write finishes - NFSv4: Force a post-op attribute update when holding a delegation - NFS41/flexfiles: zero out DS write wcc - NFSv4.1/flexfiles: Fix a protocol error in layoutreturn - NFSv4.1: Fix a protocol issue with CLOSE stateids - nfs: Fix truncated client owner id without proto type (regression in 4.2) - Revert "NFSv4: Remove incorrect check in can_open_delegated()" (regression in 3.19) - svcrdma: Change maximum server payload back to RPCSVC_MAXPAYLOAD (regression in 4.2) - SUNRPC: Ensure that we wait for connections to complete before retrying (regression in 4.0) - SUNRPC: Lock the transport layer on shutdown - [hppa] PCI: Enable 64-bit bus addresses on PA-RISC (regression in 4.2) - [hppa] Use double word condition in 64bit CAS operation - fs: if a coredump already exists, unlink and recreate with O_EXCL - fs: Don't dump core if the corefile would become world-readable. - mmc: sdhci-of-esdhc: add workaround for pre divider initial value (regression in 4.2) - mmc: sdhci: also get preset value and driver type for MMC_DDR52 (regression in 3.16) - mmc: sdhci: fix dma memory leak in sdhci_pre_req() (regression in 4.0) - mmc: core: fix race condition in mmc_wait_data_done - [armhf] iommu/fsl: Really fix init section(s) content (regression in 4.0) - [armhf] iommu/io-pgtable-arm: Unmap and free table when overwriting with block - [x86] iommu/vt-d: Really use upper context table when necessary (regression in 4.1) - eCryptfs: Invalidate dcache entries when lower i_nlink is zero - hfs: fix B-tree corruption after insertion at position 0 - IB/srp: Handle partial connection success correctly - IB/srp: Stop the scsi_eh_ and scsi_tmf_ threads if login fails (regression in 4.2) - IB/uverbs: reject invalid or unknown opcodes - IB/uverbs: Fix race between ib_uverbs_open and remove_one - IB/iser: Fix missing return status check in iser_send_data_out (regression in 3.19) - IB/iser: Fix possible bogus DMA unmapping (regression in 3.19) - IB/mlx5: avoid destroying a NULL mr in reg_user_mr error flow (regression in 3.19) - IB/mlx4: Fix incorrect cq flushing in error state (regression in 4.0) - hfs,hfsplus: cache pages correctly between bnode_create and bnode_free - jbd2: avoid infinite loop when destroying aborted journal (regression in 4.2) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.3 - phylib: fix device deletion order in mdiobus_unregister() (regression in 4.2) - sock, diag: fix panic in sock_diag_put_filterinfo (regression in 3.19) - net/ipv6: Correct PIM6 mrt_lock handling - ipv6: fix multipath route replace error recovery (regression in 4.1) - netlink, mmap: transform mmap skb into full skb on taps - bridge: fix igmpv3 / mldv2 report parsing (regression in 4.2) - [armhf] net: mvneta: fix DMA buffer unmapping in mvneta_rx() (regression in 4.2) - rtnetlink: catch -EOPNOTSUPP errors from ndo_bridge_getlink (regression in 4.2) - macvtap: fix TUNSETSNDBUF values > 64k (regression in 3.19) - netlink: Fix autobind race condition that leads to zero port ID (regression in 4.1) - netlink: Replace rhash_portid with bound - openvswitch: Zero flows on allocation. - tcp: add proper TS val into RST packets (regression in 3.18) - packet: Fix AF_PACKET ABI breakage in 4.2 - net: revert "net_sched: move tp->root allocation into fw_init()" (regression in 4.1) - fib_rules: fix fib rule dumps across multiple skbs - ppp: fix lockdep splat in ppp_dev_uninit() (regression in 4.2) - [armhf] mvneta: use inband status only when explicitly enabled (regression in 4.1) - net/mlx4_core: Capping number of requested MSIXs to MAX_MSIX - zram: fix possible use after free in zcomp_create() - [x86] hp-wmi: limit hotkey enable [ Ben Hutchings ] * ovl: conditionally use O_LARGEFILE in ovl_copy_up() (Closes: #800724) * [x86] ALSA: hda - Disable power_save_node for Thinkpads (Closes: #800694) * i2c: Enable I2C_CHARDEV as a module in all configurations with I2C support (Closes: #800597) * [mips*/octeon] Enable CAVIUM_CN63XXP1 (Closes: #800595) * [mips*/octeon] Enable MMC, MMC_BLOCK, OCTEON_MMC and other drivers as modules (Closes: #800594) * ath10k: add qca6164 support (Closes: #800703) * [!x86] net: Disable VMXNET3, only useful in VMware x86 virtual machines * netfilter: conntrack: use nf_ct_tmpl_free in CT/synproxy error paths (Closes: #800445) * [arm64] Defer workaround for erratum #843419 * [x86] crypto camellia_aesni_avx: Fix CPU feature checks (Closes: #800934) [ Salvatore Bonaccorso ] * ipc: Initialize msg/shm IPC objects before doing ipc_addid() (CVE-2015-7613) [ Ian Campbell ] * [armel] Update breaks on flash-kernel to anything earlier than 3.37 since that version adds the knowledge that various additional kirkwood systems need a DTB appending as of v3.17-rc1. (Closes: #797878) -- Ben Hutchings Tue, 06 Oct 2015 17:44:55 +0100 linux-tools (4.2-2) unstable; urgency=medium * [x32] Don't attempt to build linux-perf (fixes FTBFS) * [x32] Build hyperv-daemons package * [alpha] uapi: Add support for __SANE_USERSPACE_TYPES__(fixes FTBFS) -- Ben Hutchings Fri, 02 Oct 2015 18:41:22 +0100 linux (4.2.1-2) unstable; urgency=medium * media: uvcvideo: Disable hardware timestamps by default (Closes: #794327) * [mips*] udeb: Remove 'Provides: ata-modules' from kernel-image * [hppa/parisc64-smp,mips*el/loongson-3] udeb: Remove i2c-modules again, as the drivers that belong in it are actually built-in (fixes FTBFS) * sctp: fix race on protocol/netns initialization (CVE-2015-5283) * [mips*] pgtable-bits.h: Correct _PAGE_GLOBAL_SHIFT build failure (regression in 4.0, but not a build failure for us) -- Ben Hutchings Sun, 27 Sep 2015 14:17:34 +0100 linux-tools (4.2-1) unstable; urgency=medium * New upstream release [ Ben Hutchings ] * debian/bin,debian/control,debian/lib/python,debian/rules: Use Python 3 - debian/lib/python: Sync with linux package * debian/bin/genorig.py: Make orig tarballs reproducible * linux-perf: Fix installation directory for bash completions * linux-perf: Remove shebang lines from perf scripts * Set compiler flags according to dpkg-buildflags * hyperv-daemons: Fix fortify format warning * debian/rules: Add support for DEB_BUILD_OPTIONS=parallel=N * debian/control: Update policy version to 3.9.6; no changes required * linux-perf: Revert "perf build: Fix libunwind feature detection on 32-bit x86", which was a regression for us -- Ben Hutchings Fri, 25 Sep 2015 22:55:41 +0100 linux (4.2.1-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.1 [ Ben Hutchings ] * [mips*el/loongson-3] udeb: Add fb-modules containing radeon driver (Closes: #776274) * [hppa/parisc64-smp,[mips*el/loongson-3] udeb: Add i2c-modules and make fb-modules depend on it rather than including I2C modules directly * workqueue: Make flush_workqueue() available again to non GPL modules (Closes: #798311) * vfs: Fix possible escape from mount namespace (CVE-2015-2925): - dcache: Handle escaped paths in prepend_path - dcache: Reduce the scope of i_lock in d_splice_alias - vfs: Test for and handle paths that are unreachable from their mnt_root * aufs: Update support patches to aufs4.x-rcN-20150921 - mmap: Fix races in madvise_remove() and sys_msync() (Closes: #796036) * RDS: verify the underlying transport exists before creating a connection (CVE-2015-6937) * Set ABI to 1 * e1000e: Fix tight loop implementation of systime read algorithm * mmc: Drop "eMMC: Don't initialize partitions on RPMB flagged areas", as upstream commit 4e93b9a6abc0 ("mmc: card: Don't access RPMB partitions for normal read/write") looks like a cleaner solution * mm: Change ZBUD back to built-in, as it's not really useful as a module * USB: whiteheat: fix potential null-deref at probe (CVE-2015-5257) [ Aurelien Jarno ] * [mips*el] Fix BPF assembly code for pre-R2 CPUs. (fixes FTBFS) -- Ben Hutchings Fri, 25 Sep 2015 18:18:01 +0100 linux (4.2-1~exp1) experimental; urgency=medium * New upstream release: http://kernelnewbies.org/Linux_4.2 [ Ben Hutchings ] * Remove all support for ia64 (Closes: #679545, #691576, #728706) * [s390x] Compile with gcc-4.9 (Closes: #796845) * linux-source: Depend on xz-utils, not bzip2 (Closes: #796940) * gfs2: Make statistics unsigned, suitable for use with do_div() (fixes FTBFS on mipsel,m68k) * [amd64] Enable KALLSYMS_ALL (Closes: #660288), LIVEPATCH * Re-enable various config options disabled by name changes in 4.2: - SUNRPC_XPRT_RDMA replaced SUNRPC_XPRT_RDMA_{CLIENT,SERVER} - [mips*el/loongson*] LOONGSON64 replaced LOONGSON - [x86] COMEDI_8255_SA replaced COMEDI_8255 * [sparc] Remove linux-image, linux-header and udeb packages, as they are redundant with sparc64 and neither is an official port * Fix last issue that prevents a reproducible build (Closes: #769844): - DocBook: Use a fixed encoding for output * debian/bin,debian/control,debian/lib/python,debian/rules.real, linux-support: Use Python 3 * debian/bin/genorig.py: Make orig tarballs reproducible -- Ben Hutchings Mon, 31 Aug 2015 02:08:19 +0100 linux (4.2~rc8-1~exp1) experimental; urgency=medium * New upstream release candidate [ Aurelien Jarno ] * [mips*] Build ext4 as module. Add core-modules and ext4-modules udeb. Fixes FTBFS. * [mips,mips64] Remove r4k-ip22, r5k-ip32 and sb1-bcm91250a flavours. * [mipsel,mips64el] Remove sb1-bcm91250a flavour. [ Ben Hutchings ] * debian/control: Correct build-dependency on xz-utils, needed on all arches * Fix more issues that prevent a reproducible build: - Set LC_ALL=C.UTF-8 - Avoid creating man pages in source tree -- Ben Hutchings Mon, 24 Aug 2015 12:00:54 +0100 linux-tools (4.2~rc7-1~exp1) experimental; urgency=medium * New upstream release candidate [ Ben Hutchings ] * genorig: Include more mips makefiles (fixes FTBFS) -- Ben Hutchings Mon, 17 Aug 2015 10:42:08 +0200 linux-tools (4.2~rc6-1~exp1) experimental; urgency=medium * New upstream release candidate [ Ben Hutchings ] * Adjust for migration to git: - Update .gitignore files - debian/control: Update Vcs-* fields - debian/rules: Exclude .git from maintainerclean rule * Add packages of liblockdep (lockdep, liblockdep, liblockdep-dev) -- Ben Hutchings Fri, 14 Aug 2015 14:58:57 +0200 linux (4.2~rc6-1~exp1) experimental; urgency=medium * New upstream release candidate [ Ben Hutchings ] * Adjust for migration to git: - Update .gitignore files - debian/control: Update Vcs-* fields - README.Debian, README.source: Update references to svn * [rt] Disable until it is updated for 4.2 or later * debian/control: Drop Frederik Schüler from Uploaders -- Ben Hutchings Wed, 12 Aug 2015 20:48:00 +0200 linux (4.1.6-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6 - [mips*/*-malta] Don't reinitialise RTC (regression in 3.14) - [mips*] Make set_pte() SMP safe. - fsnotify: fix oops in fsnotify_clear_marks_by_group_flags() - [x86] drm/i915: Declare the swizzling unknown for L-shaped configurations - [x86] drm/i915: Replace WARN inside I915_READ64_2x32 with retry loop - drm/radeon: rework audio detect (v4) (regression in 4.0) - drm/radeon/combios: add some validation of lvds values (regression in 4.0) - ipr: Fix incorrect trace indexing - ipr: Fix invalid array indexing for HRRQ - Bluetooth: Fix NULL pointer dereference in smp_conn_security - [armhf] dmaengine: pl330: Fix overflow when reporting residue in memcpy (regression in 4.0) - [armhf] dmaengine: pl330: Really fix choppy sound because of wrong residue calculation (regression in 4.0) - xhci: fix off by one error in TRB DMA address boundary check - ath10k: fix qca61x4 hw2.1 support - [sparc*] Fix userspace FPU register corruptions. (Closes: #789180) - ASoC: dapm: Lock during userspace access - ASoC: dapm: Don't add prefix to widget stream name (regression in 4.1) - [x86] xen: Probe target addresses in set_aliased_prot() before the hypercall - xen/gntdevt: Fix race condition in gntdev_release() - hwrng: core - correct error check of kthread_run call - [x86] crypto: qat - Fix invalid synchronization between register/unregister sym algs - rbd: fix copyup completion race - [armhf] OMAP2+: hwmod: Fix _wait_target_ready() for hwmods without sysc - [x86] hwmon: (dell-smm) Blacklist Dell Studio XPS 8100 - ocfs2: fix BUG in ocfs2_downconvert_thread_do_work() - ocfs2: fix shift left overflow - nfsd: Drop BUG_ON and ignore SECLABEL on absent filesystem - md/raid1: extend spinlock to protect raid1_end_read_request against inconsistencies - dm: fix dm_merge_bvec regression on 32 bit systems (regression in 3.19 - [x86] Input: alps - only Dell laptops have separate button bits for v2 dualpoint sticks (regression in 4.1) - mm, vmscan: Do not wait for page writeback for GFP_NOFS allocations - signalfd: fix information leak in signalfd_copyinfo - signal: fix information leak in copy_siginfo_to_user - signal: fix information leak in copy_siginfo_from_user32 - nfsd: do nfs4_check_fh in nfs4_check_file instead of nfs4_check_olstateid [ Aurelien Jarno ] * [mips*] Build ext4 as module. Add core-modules and ext4-modules udeb. Fixes FTBFS. [ Ben Hutchings ] * [i386] udeb: Make gpio_keys_polled and leds-gpio optional in input-modules as they are not built for the 686-pae flavour (fixes FTBFS) * perf: Fix AUX buffer refcounting * ovl: Revert changes in 4.1.5-1 due to regression (Reopens: #786925) -- Ben Hutchings Sun, 23 Aug 2015 12:19:22 +0200 linux (4.1.5-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.4 - Bluetooth: btbcm: allow btbcm_read_verbose_config to fail on Apple (regression in 4.1) - ath9k_htc: memory corruption calling set_bit() - ieee802154: Fix sockaddr_ieee802154 implicit padding information leak. - staging: vt6656: check ieee80211_bss_conf bssid not NULL - staging: vt6655: check ieee80211_bss_conf bssid not NULL - staging: vt6655: device_rx_srv check sk_buff is NULL - staging: rtl8712: prevent buffer overrun in recvbuf2recvframe - hid-sensor: Fix suspend/resume delay (regression in 4.0) - ext4: fix race between truncate and __ext4_journalled_writepage() - ext4: call sync_blockdev() before invalidate_bdev() in put_super() - ext4: don't retry file block mapping on bigalloc fs with non-extent file - ext4: fix fencepost error in lazytime optimization - ext4: avoid deadlocks in the writeback path by using sb_getblk_gfp - ext4: fix reservation release on invalidatepage for delalloc fs - ext4: be more strict when migrating to non-extent based file - ext4: correctly migrate a file with a hole at the beginning - jbd2: use GFP_NOFS in jbd2_cleanup_journal_tail() - jbd2: fix ocfs2 corrupt when updating journal superblock fails - [armhf] rtc: snvs: fix wakealarm by call enable_irq_wake earlier (regression in 3.19) - i2c: mux: Use __i2c_transfer() instead of calling parent's master_xfer() (regression in 4.1) - i2c: use parent adapter quirks in mux (regression in 4.1) - vb2: Don't WARN when v4l2_buffer.bytesused is 0 for multiplanar buffers (regression in 4.1) - media: Fix regression in some more dib0700 based devices (regression in 3.17) - rc-core: fix dib0700 scancode generation for RC5 (regression in 3.17) - cx24117: fix a buffer overflow when checking userspace params - af9013: Don't accept invalid bandwidth - s5h1420: fix a buffer overflow when checking userspace params - cx24116: fix a buffer overflow when checking userspace params - libata: Fall back to unqueued READ LOG EXT if the DMA variant fails (regression in 4.1) - libata: Expose TRIM capability in sysfs - libata: add ATA_HORKAGE_NOTRIM - libata: add ATA_HORKAGE_MAX_SEC_1024 to revert back to previous max_sectors limit (regression in 3.19) - libata: force disable trim for SuperSSpeed S238 - [armhf] usb: dwc3: gadget: don't clear EP_BUSY too early (regression in 3.15) - USB: devio: fix a condition in async_completed() - [armhf] phy: twl4030-usb: remove incorrect pm_runtime_get_sync() in probe function. (regression in 3.17) - usb: gadget: composite: Fix NULL pointer dereference (regression in 4.1) - usb: gadget: f_fs: do not set cancel function on synchronous {read,write} (regression in 4.0) - USB: OHCI: Fix race between ED unlink and URB submission (regression in 3.17) - usb: core: lpm: set lpm_capable for root hub device (regression in 3.15) - usb: xhci: Bugfix for NULL pointer deference in xhci_endpoint_init() function - dm cache: fix race when issuing a POLICY_REPLACE operation - dm btree remove: fix bug in redistribute3 - block: loop: convert to per-device workqueue (regression in 4.0) - block: loop: avoiding too many pending per work I/O (regression in 4.0) - block: Do a full clone when splitting discard bios (Closes: #793326) (regression in 3.14) - [armhf] drm/tegra: dpaux: Fix transfers larger than 4 bytes (regression in 3.15) - drm/qxl: Do not cause spice-server to clean our objects - drm/atomic: fix out of bounds read in for_each_*_in_state helpers (regression in 4.1) - drm/radeon: take the mode_config mutex when dealing with hpds (v2) - [x86] drm/i915/ppgtt: Break loop in gen8_ppgtt_clear_range failure path (regression in 4.1) - [x86] drm/i915: fix backlight after resume on 855gm (regression in 3.19) - [x86] drm/i915: Snapshot seqno of most recently submitted request. (regression in 4.0) - Revert "drm/radeon: dont switch vt on suspend" (regression in 4.1) - drm/radeon: unpin cursor BOs on suspend and pin them again on resume (v2) (regression in 4.1) - drm/radeon: fix user ptr race condition - drm/radeon/ci: silence a harmless PCC warning - drm: add a check for x/y in drm_mode_setcrtc - drm: Stop resetting connector state to unknown (regression in 4.1) - libata: Fix regression when the NCQ Send and Receive log page is absent - xfs: fix remote symlinks on V5/CRC filesystems - xfs: don't truncate attribute extents if no extents exist (regression in 4.1) - tpm: Fix initialization of the cdev (regression in 4.0) - tpm, tpm_crb: fail when TPM2 ACPI table contents look corrupted (regression in 4.1) - [armel,armhf] dmaengine: mv_xor: bug fix for racing condition in descriptors cleanup - md: clear mddev->private when it has been freed. (regression in 4.0) - md: unlock mddev_lock on an error path. (regression in 4.0) - md: Skip cluster setup for dm-raid (regression in 4.1) - Btrfs: don't invalidate root dentry when subvolume deletion fails (regression in 3.18) - Btrfs: use kmem_cache_free when freeing entry in inode cache - Btrfs: fix race between caching kthread and returning inode to inode cache (regression in 3.15) - Btrfs: fix fsync data loss after append write - Btrfs: fix list transaction->pending_ordered corruption (regression in 3.19) - Btrfs: fix file corruption after cloning inline extents - selinux: fix mprotect PROT_EXEC regression caused by mm change (regression in 4.1) - ceph/crush: fix a bug in tree bucket decode - ACPI / PNP: Reserve ACPI resources at the fs_initcall_sync stage (regression in 4.1) - ACPI / LPSS: Fix up acpi_lpss_create_device() (regression in 4.0) - ACPICA: Tables: Enable both 32-bit and 64-bit FACS (regression in 3.14) - ACPICA: Tables: Enable default 64-bit FADT addresses favor - ACPI / PCI: Fix regressions caused by resource_size_t overflow with 32-bit kernel (regression in 4.0) - mmc: sdhci: Restore behavior while creating OCR mask (regression in 3.17) - PM / clk: Fix clock error check in __pm_clk_add() (regression in 3.19) - RDMA/ocrdma: fix double free on pd (regression in 4.0) - mm/hugetlb: introduce minimum hugepage order (regression in 3.12) - PM / sleep: Increase default DPM watchdog timeout to 60 (regression in 3.13) - firmware: dmi_scan: Only honor end-of-table for 64-bit tables (regression in 3.19) - mac80211: fix the beacon csa counter for mesh and ibss (regression in 3.17) - iwlwifi: mvm: fix ROC reference accounting (regression in 3.17) - cfg80211: ignore netif running state when changing iftype - e1000e: Cleanup handling of VLAN_HLEN as a part of max frame size (regression in 3.15) - ovl: lookup whiteouts outside iterate_dir() (regression in 4.0) - pNFS: Fix a memory leak when attempted pnfs fails - pNFS/flexfiles: Fix the reset of struct pgio_header when resending - nfs: fixing infinite OPEN loop in 4.0 stateid recovery - NFS: Ensure we set NFS_CONTEXT_RESEND_WRITES when requeuing writes - nfs: fix potential credential leak in ff_layout_update_mirror_cred - nfs: always update creds in mirror, even when we have an already connected ds - 9p: forgetting to cancel request on interrupted zero-copy RPC - 9p: don't leave a half-initialized inode sitting around - p9_client_write(): avoid double p9_free_req() - [arm64] bpf: fix out-of-bounds read in bpf2a64_offset() - [arm64] bpf: fix endianness conversion bugs - [arm64] Don't report clear pmds and puds as huge - mm: avoid setting up anonymous pages into file mapping https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.5 - [powerpc*] powernv: Fix race in updating core_idle_state (regression in 3.19) - Revert "Input: synaptics - allocate 3 slots to keep stability in image sensors" (regression in 4.1) - [hppa] Fix some PTE/TLB race conditions and optimize __flush_tlb_range based on timing results - [hppa] mm: Fix a memory leak related to pmd not attached to the pgd (regression in 4.0) - [armel,armhf] 8404/1: dma-mapping: fix off-by-one error in bitmap size check (regression in 3.15) - [mips*] c-r4k: Fix cache flushing for MT cores - can: replace timestamp as unique skb attribute (regression in 4.1) - vfs: freeing unlinked file indefinitely delayed - [armhf] crypto: omap-des - Fix unmapping of dma channels - [s390x] nmi: fix vector register corruption - [s390x] bpf: clear correct BPF accumulator register - genirq: Prevent resend to interrupts marked IRQ_NESTED_THREAD - [x86] perf: Fix static_key bug in load_mm_cr4() (regression in 4.0) - Revert "dm: only run the queue on completion if congested or no requests pending" (regression in 4.1) - scsi: fix host max depth checking for the 'queue_depth' sysfs interface (regression in 3.19) - scsi: fix memory leak with scsi-mq (regression in 3.17) - mnt: Clarify and correct the disconnect logic in umount_tree (regressions in 4.0.2, 4.1) - mnt: In detach_mounts detach the appropriate unmounted mount (regression in 4.1) - ftrace: Fix breakage of set_ftrace_pid (regression in 3.16) - [x86] iommu/vt-d: Fix VM domain ID leak (regression in 3.17) - mmc: sdhci check parameters before call dma_free_coherent (regression in 3.16) - iwlwifi: mvm: fix antenna selection when BT is active (regression in 3.17) - md/raid1: fix test for 'was read error from last working device'. - [armhf] spi: imx: Fix small DMA transfers (regression in 3.18) - [armhf] regulator: s2mps11: Fix GPIO suspend enable shift wrapping bug - usb-storage: ignore ZTE MF 823 card reader in mode 0x1225 - [armhf] Revert "serial: imx: initialized DMA w/o HW flow enabled" (regression in 4.0) - serial: core: Fix crashes while echoing when closing (regression in 3.19) - efi: Handle memory error structures produced based on old versions of standard (regression in 3.13) - [x86] efi: Use all 64 bit of efi_memmap in setup_e820() - rds: rds_ib_device.refcount overflow - n_tty: signal and flush atomically (regression in 4.0) - [x86] perf/intel/cqm: Return cached counter value from IRQ context (regression in 4.1)f - NFS: Don't revalidate the mapping if both size and change attr are up to date (regression in 3.16) - NFSv4: We must set NFS_OPEN_STATE flag in nfs_resync_open_stateid_locked (regression in 4.0) - NFS: Fix a memory leak in nfs_do_recoalesce (regression in 4.0) - iscsi-target: Fix use-after-free during TPG session shutdown - iscsi-target: Fix iscsit_start_kthreads failure OOPs (regression in 4.0) - iscsi-target: Fix iser explicit logout TX kthread leak (regression in 4.0) - qla2xxx: Fix hardware lock/unlock issue causing kernel panic. (regression in 3.18) - qla2xxx: release request queue reservation. (regression in 3.18) - qla2xxx: Remove msleep in qlt_send_term_exchange (regression in 3.18) - qla2xxx: fix command initialization in target mode. (regression in 3.18) - qla2xxx: kill sessions/log out initiator on RSCN and port down efvents (regression in 3.18) - drm/nouveau/fbcon/nv11-: correctly account for ring space usage - drm/nouveau/kms/nv50-: guard against enabling cursor on disabled heads - drm/nouveau: hold mutex when calling nouveau_abi16_fini() - drm/nouveau/drm/nv04-nv40/instmem: protect access to priv->heap by mutex - xfs: remote attribute headers contain an invalid LSN - xfs: remote attributes need to be considered data [ Ian Campbell ] * [armhf] Enable cpufreq on some sunxi platforms (Closes: #793185) - Enable autoloading of the cpufreq-dt driver. - Enable autoloading of AXP20x regulator driver. [ Ben Hutchings ] * [x86] iio: Enable drivers for ACPI-discoverable devices as modules: AK8975, BMC150_ACCEL, BMG160, BMP280, INV_MPU6050_IIO, JSA1212, KMX61, KXCJK1013, MMA9551, MMA9553, SX9500 * Adjust for migration to git: - Update .gitignore files - debian/control: Update Vcs-* fields - README.Debian, README.source: Update references to svn * Bump ABI to 2 * virtio-net: drop NETIF_F_FRAGLIST (CVE-2015-5156) * ovl: Add support for NFS as lower filesystem (Closes: #786925) * perf: Fix double-free of the AUX buffer * linux-source: Fix compression of the source tarball (Closes: #795199) * udeb: Add newly enabled drivers: - [i386] Add gpio_keys_polled, leds-gpio to input-modules - Add virtio-input to input-modules - Add toshsd to mmc-modules - Add wd719x to scsi-extra-modules - Move eeprom_93cx6 to core-modules; make scsi-extra-modules depend on it -- Ben Hutchings Sat, 15 Aug 2015 23:37:20 +0200 linux-tools (4.1.4-2) unstable; urgency=medium * [mips*,alpha,hppa] linux-perf: Add empty Build files for these architectures (fixes FTBFS) -- Ben Hutchings Tue, 04 Aug 2015 17:11:46 +0100 linux-tools (4.1.4-1) unstable; urgency=medium * New upstream stable update: http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.4 - perf bench numa: Fix to show proper convergence stats [ Ben Hutchings ] * linux-tools: Set $KBUILD_BUILD_TIMESTAMP from changelog and use it as man page date * hyperv-daemons: Only attempt to build package on i386, amd64 (fixes FTBFS on other architectures) * linux-tools: Rename to linux-perf-, since other tools are in other binary packages -- Ben Hutchings Tue, 04 Aug 2015 00:47:58 +0100 linux (4.1.3-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.3 [ Ben Hutchings ] * [armel/kirkwood] ubi: Change UBIFS_FS and MTD_UBI from built-in to modules, to reduce kernel image size (fixes FTBFS) * debian/rules.real: Use dpkg-parsechangelog -S * [rt] Update to 4.1.3-rt3 and re-enable * KEYS: ensure we free the assoc array edit if edit is valid (CVE-2015-1333) * [armel,sh4] linux-image: Recommend u-boot-tools rather than the obsolete uboot-mkimage package (Closes: #793608) * [i386/586] Enable KEYBOARD_GPIO_POLLED and LEDS_GPIO as modules, and ALIX, NET5501, GEOS (Closes: #734204) * [s390x] cachinfo: add missing facility check to init_cache_level() (Closes: #793929) * md: use kzalloc() when bitmap is disabled (CVE-2015-5697) * inet: Enable IPVLAN, NET_FOU as modules; enable NET_FOU_IP_TUNNELS * netfilter: Enable NFT_REDIR as module * net/sched: Enable NET_ACT_VLAN, NET_ACT_BPF, NET_ACT_CONNMARK as modules * mpls: Enable MPLS_ROUTING as module * hci_uart: Enable BT_HCIUART_INTEL, BT_HCIUART_BCM * SCSI: Enable SCSI_WD719X as module * dm: Enable DM_LOG_WRITES as module * cxgb4: Enable CHELSIO_T4_DCB * ixgbe: Enable IXGBE_VXLAN * i40e: Enable I40E_FCOE * drm: Enable DRM_VGEM as module * virtio: Enable VIRTIO_INPUT as module * mmc: Enable MMC_TOSHIBA_PCI as module * [x86] block: Enable BLK_DEV_PMEM as module; enable X86_PMEM_LEGACY * [x86] tpm: Enable TCG_CRB as module * debug: Enable DEBUG_LIST * security: Apply and enable GRKERNSEC_PERF_HARDEN feature from Grsecurity, disabling use of perf_event_open() by unprivileged users by default (sysctl: kernel.perf_event_paranoid) * Set ABI to 1 [ Ian Campbell ] * [armhf] Set CONFIG_ARM_TEGRA_CPUFREQ as builtin. * [armhf] Enable new drivers for sunxi platforms (Closes: #792388) -- Ben Hutchings Mon, 03 Aug 2015 22:17:15 +0100 linux-tools (4.1.2-1~exp1) experimental; urgency=medium * New upstream release [ Bastian Blank ] * Add hyperv-daemons package, thanks to Hideki Yamane (closes: #782761) [ Ben Hutchings ] * hyperv-daemons: Rewrite description -- Ben Hutchings Mon, 13 Jul 2015 01:33:27 +0100 linux (4.1.2-1~exp1) experimental; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.2 [ Ben Hutchings ] * Fix more issues that prevent a reproducible build: - linux-doc: DocBook: generate consistent IDs - linux-manual: DocBook: Fix duplicate man pages - linux-manual: kernel-doc: Use $KBUILD_BUILD_TIMESTAMP as man page date * [i386] Disable VM86 (Closes: #792003) -- Ben Hutchings Sat, 11 Jul 2015 18:01:42 +0100 linux (4.1.1-1~exp1) experimental; urgency=medium * New upstream release: http://kernelnewbies.org/Linux_4.1 - i40e: start up in VEPA mode by default (Closes: #790953) * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.1 [ Ben Hutchings ] * Fix some issues that prevent a reproducible build (thanks to Jérémy Bobbio): - linux-image: Fix timestamps in the built-in initramfs - linux-source: Fix timestamps and sort files in the tarball - linux-doc,linux-manual: Drop original timestamp (and name) when compressing - linux-doc: Parse kernel-doc deterministically * aufs: Apply patches to enable building aufs out-of-tree * [x86] Enable MMIOTRACE (Closes: #790808) [ maximilian attems ] * [x86] Enable SND_SOC_INTEL_BROADWELL_MACH. (closes: #785422) [ Ian Campbell ] * [arm64+armhf] Enable SYSCON poweroff driver. -- Ben Hutchings Tue, 07 Jul 2015 09:15:45 +0100 linux (4.0.8-2) unstable; urgency=high [ Uwe Kleine-König ] * [rt] Update to 4.0.8-rt6 [ Ben Hutchings ] * [amd64] Fix nested NMI handling (CVE-2015-3290, CVE-2015-3291, CVE-2015-5157) - Enable nested do_nmi handling for 64-bit kernels - Remove asm code that saves cr2 - Switch stacks on userspace NMI entry - Reorder nested NMI checks - Use DF to avoid userspace RSP confusing nested NMI detection -- Ben Hutchings Wed, 22 Jul 2015 21:45:07 +0100 linux (4.0.8-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.8 - netfilter: nft_rbtree: fix locking - [armhf] clk-imx6q: refine sata's parent - KVM: nSVM: Check for NRIPS support before updating control field - [sparc*] Use GFP_ATOMIC in ldc_alloc_exp_dring() as it can be called in softirq context - bridge: fix multicast router rlist endless loop - net: igb: fix the start time for periodic output signals - net: don't wait for order-3 page allocation - sctp: fix ASCONF list handling (CVE-2015-3212) - bridge: fix br_stp_set_bridge_priority race conditions - packet: read num_members once in packet_rcv_fanout() - packet: avoid out of bounds read in round robin fanout - neigh: do not modify unlinked entries - tcp: Do not call tcp_fastopen_reset_cipher from interrupt context - ip: report the original address of ICMP messages - net/mlx4_en: Release TX QP when destroying TX ring - net/mlx4_en: Wake TX queues only when there's enough room - net/mlx4_en: Fix wrong csum complete report when rxvlan offload is disabled - mlx4: Disable HA for SRIOV PF RoCE devices - net: phy: fix phy link up when limiting speed via device tree - bnx2x: fix lockdep splat - sctp: Fix race between OOTB responce and route removal - [armhf] net: mvneta: introduce compatible string "marvell, armada-xp-neta" - [armhf] mvebu: update Ethernet compatible string for Armada XP - [armhf] net: mvneta: disable IP checksum with jumbo frames for Armada 370 - usb: gadget: f_fs: fix check in read operation - usb: gadget: f_fs: add extra check before unregister_gadget_item - crypto: talitos - avoid memleak in talitos_alg_alloc() - Revert "crypto: talitos - convert to use be16_add_cpu()" - [armhf/armmp-lpae] iommu/arm-smmu: Fix broken ATOS check - [x86] iommu/amd: Handle large pages correctly in free_pagetable - mmc: sdhci: fix low memory corruption - [x86] intel_pstate: set BYT MSR with wrmsrl_on_cpu() - selinux: fix setting of security labels on NFS - [armhf] KVM: force execution of HCPTR access on VM exit - [armhf] kvm: psci: fix handling of unimplemented functions - [armhf] tegra20: Store CPU "resettable" status in IRAM - [powerpc*] tick/idle: Do not register idle states with CPUIDLE_FLAG_TIMER_STOP set in periodic mode - [powerpc*] perf: Fix book3s kernel to userspace backtraces - [x86] PCI: Use host bridge _CRS info on systems with >32 bit addressing - [x86] PCI: Use host bridge _CRS info on Foxconn K8M890-8237A - [s390x] KVM: fix external call injection without sigp interpretation - [s390x] kdump: fix REGSET_VX_LOW vector register ELF notes - [s390x] KVM: virtio-ccw: don't overwrite config space values - [x86] KVM: properly restore LVT0 - [x86] KVM: make vapics_in_nmi_mode atomic - fs: Fix S_NOSEC handling - fs/ufs: revert "ufs: fix deadlocks introduced by sb mutex merge" - fs/ufs: restore s_lock mutex - vfs: Remove incorrect debugging WARN in prepend_path - vfs: Ignore unlocked mounts in fs_fully_visible - ufs: Fix warning from unlock_new_inode() - ufs: Fix possible deadlock when looking up directories - fs/ufs: restore s_lock mutex_init() [ Ben Hutchings ] * [ppc64el] Ignore ABI changes due to disabling HIBERNATION (fixes FTBFS) * [x86] kvm: fix kvm_apic_has_events to check for NULL pointer (CVE-2015-4692) -- Ben Hutchings Sat, 11 Jul 2015 04:58:05 +0100 linux (4.0.7-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.6 - crush: ensuring at most num-rep osds are selected - aio: fix serial draining in exit_aio() - net: core: Correct an over-stringent device loop detection. - [x86] bpf_jit: fix FROM_BE16 and FROM_LE16/32 instructions - [x86] bpf_jit: fix compilation of large bpf programs - net: phy: Allow EEE for all RGMII variants - netlink: Reset portid after netlink_insert failure - rtnl/bond: don't send rtnl msg for unregistered iface - tcp/ipv6: fix flow label setting in TIME_WAIT state - net/ipv6/udp: Fix ipv6 multicast socket filter regression - net: sched: fix call_rcu() race on classifier module unloads - ipv4: Avoid crashing in ip_error - cdc_ncm: Fix tx_bytes statistics - bridge: fix parsing of MLDv2 reports - net: dp83640: fix broken calibration routine. - net: dp83640: reinforce locking rules. - net: dp83640: fix improper double spin locking. - unix/caif: sk_socket can disappear when state is unlocked - xen/netback: Properly initialize credit_bytes - net_sched: invoke ->attach() after setting dev->qdisc - sctp: Fix mangled IPv4 addresses on a IPv6 listening socket - bridge: fix br_multicast_query_expired() bug - udp: fix behavior of wrong checksums (CVE-2015-5364) - tcp: fix child sockets to use system default congestion control if not set - xen: netback: read hotplug script once at start of day. - ipv4/udp: Verify multicast group is ours in upd_v4_early_demux() - be2net: Replace dma/pci_alloc_coherent() calls with dma_zalloc_coherent() - bridge: disable softirqs around br_fdb_update to avoid lockup - netlink: Disable insertions/removals during rehash - drivers/base: cacheinfo: handle absence of caches - n_tty: Fix auditing support for cannonical mode - [x86] iommu/vt-d: Allow RMRR on graphics devices too - [x86] iommu/vt-d: Fix passthrough mode with translation-disabled devices - ALSA: hda/realtek - Add a fixup for another Acer Aspire 9420 - ALSA: usb-audio: Add mic volume fix quirk for Logitech Quickcam Fusion - ALSA: usb-audio: don't try to get Outlaw RR2150 sample rate - ALSA: usb-audio: add MAYA44 USB+ mixer control names - ALSA: usb-audio: fix missing input volume controls in MAYA44 USB(+) - ALSA: usb-audio: add native DSD support for JLsounds I2SoverUSB - [armhf] dmaengine: pl330: Fix hang on dmaengine_terminate_all on certain boards - dmaengine: Fix choppy sound because of unimplemented resume - Input: alps - do not reduce trackpoint speed by half - Input: synaptics - add min/max quirk for Lenovo S540 - Input: elantech - fix detection of touchpads where the revision matches a known rate - Input: elantech - add new icbody type - block: fix ext_dev_lock lockdep report - block: discard bdi_unregister() in favour of bdi_destroy() - USB: cp210x: add ID for HubZ dual ZigBee and Z-Wave dongle - USB: serial: ftdi_sio: Add support for a Motion Tracker Development Board - usb: host: xhci: add mutex for non-thread-safe data - usb: make module xhci_hcd removable - [x86] asm/irq: Stop relying on magic JMP behavior for early_idt_handlers - [armhf] dts: am335x-boneblack: disable RTC-only sleep to avoid hardware damage - [x86] drm/amdkfd: fix topology bug with capability attr. - drm/radeon: use proper ACR regisiter for DCE3.2 - [x86] drm/i915/hsw: Fix workaround for server AUX channel clock divisor - [x86] drm/i915: Don't skip request retirement if the active list is empty - [x86] drm/i915: Fix DDC probe for passive adapters - drm/radeon: fix freeze for laptop with Turks/Thames GPU. - Revert "drm/radeon: don't share plls if monitors differ in audio support" - Revert "drm/radeon: adjust pll when audio is not enabled" - drm/radeon: Make sure radeon_vm_bo_set_addr always unreserves the BO - serial: imx: Fix DMA handling for IDLE condition aborts - [powerpc*] of/dynamic: Fix test for PPC_PSERIES - virtio_pci: Clear stale cpumask when setting irq affinity - [armel,armhf] bus: mvebu-mbus: do not set WIN_CTRL_SYNCBARRIER on non io-coherent platforms. - [armel,armhf] Revert "bus: mvebu-mbus: make sure SDRAM CS for DMA don't overlap the MBus bridge window" - [arm64] dts: mt8173-evb: fix model name - mm/memory_hotplug.c: set zone->wait_table to null after freeing it - md: Close race when setting 'action' to 'idle'. - md: don't return 0 from array_state_store - sched, numa: do not hint for NUMA balancing on VM_MIXEDMAP mappings - blk-mq: free hctx->ctxs in queue's release handler - cfg80211: wext: clear sinfo struct before calling driver - [armhf] irqchip: sunxi-nmi: Fix off-by-one error in irq iterator - Btrfs: send, add missing check for dead clone root - Btrfs: send, don't leave without decrementing clone root's send_progress - btrfs: incorrect handling for fiemap_fill_next_extent return - btrfs: cleanup orphans while looking up default subvolume - Btrfs: fix range cloning when same inode used as source and destination - Btrfs: fix uninit variable in clone ioctl - Btrfs: fix regression in raid level conversion https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.7 - crypto: caam - improve initalization for context state saves - crypto: caam - fix RNG buffer cache alignment - [x86] KVM: fix lapic.timer_mode on restore - ALSA: hda - adding a DAC/pin preference map for a HP Envy TS machine - tracing: Have filter check for balanced ops - iser-target: Fix variable-length response error completion - iser-target: Fix possible use-after-free - drm/mgag200: Reject non-character-cell-aligned mode widths - [x86] drm/i915: Always reset vma->ggtt_view.pages cache on unbinding - [x86] Revert "drm/i915: Don't skip request retirement if the active list is empty" - drm/radeon: Add RADEON_INFO_VA_UNMAP_WORKING query - ath3k: Add support of 0489:e076 AR3012 device - ath3k: add support of 13d3:3474 AR3012 device - b43: fix support for 14e4:4321 PCI dev with BCM4321 chipset - cdc-acm: Add support of ATOL FPrint fiscal printers - [armhf] EXYNOS: Fix failed second suspend on Exynos4 - [x86] kprobes: Return correct length in __copy_instruction() - dm: fix NULL pointer when clone_and_map_rq returns !DM_MAPIO_REMAPPED - [x86] drm/i915: Avoid GPU hang when coming out of s3 or s4 - [powerpc*] powernv: Restore non-volatile CRs after nap [ Ben Hutchings ] * mm: Re-enable ZBUD as module (Closes: #789094) * mm: Change ZSMALLOC from built-in to module * Revert "tcp: fix child sockets to use system default congestion control if not set" to avoid ABI change * [ppc64el] Disable HIBERNATION (Closes: #789070) * [mips*] Correct FP ISA requirements (Closes: #781892) * udeb: Add more drivers to sound-modules, thanks to Samuel Thibault (Closes: #782495) -- Ben Hutchings Mon, 06 Jul 2015 02:57:42 +0100 linux (4.0.5-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.5 - [x86] iommu/amd: Fix bug in put_pasid_state_wait (regression in 4.0) - [x86] fpu: Disable XSAVES* support for now (regression in 3.17) - [x86] KVM: MMU: fix smap permission check - [x86] kvm: fix crash in kvm_vcpu_reload_apic_access_page - [x86] KVM: MMU: fix SMAP virtualization - ktime: Fix ktime_divns to do signed division (regression in 3.17) - omfs: fix sign confusion for bitmap loop counter (regression in 3.18) - xfs: xfs_attr_inactive leaves inconsistent attr fork state behind - xfs: xfs_iozero can return positive errno (regression in 3.17) - ovl: don't remove non-empty opaque directory (regression in 4.0) - [armhf] mfd: da9052: Fix broken regulator probe (regression in 3.19) - libceph: request a new osdmap if lingering request maps to no osd - Revert "libceph: clear r_req_lru_item in __unregister_linger_request()" (regression in 3.18) - Btrfs: fix racy system chunk allocation when setting block group ro (regression in 4.0) - xen/events: don't bind non-percpu VIRQs with percpu chip - hwmon: (tmp401) Do not auto-detect chip on I2C address 0x37 - clk: add missing lock when call clk_core_enable in clk_set_parent (regression in 4.0) - brcmfmac: avoid null pointer access when brcmf_msgbuf_get_pktid() fails - lib: Fix strnlen_user() to not touch memory after specified maximum - vfs: d_walk() might skip too much - module: Call module notifier on failure after complete_formation() (regression in 3.16) - Revert "ALSA: hda - Add mute-LED mode control to Thinkpad" (regression in 4.0.3) - xhci: Solve full event ring by increasing TRBS_PER_SEGMENT to 256 - [powerpc*] mce: fix off by one errors in mce event handling (regression in 3.19) - pty: Fix input race when closing (regression in 3.19) - ext4: fix lazytime optimization - ext4: fix NULL pointer dereference when journal restart fails - ext4: check for zero length extent explicitly - jbd2: fix r_count overflows leading to buffer overflow in journal recovery - libata: Ignore spurious PHY event on LPM policy change - libata: Blacklist queued TRIM on all Samsung 800-series - [arm64] bpf: fix signedness bug in loading 64-bit immediate (regression in 3.18) - [x86] gpio: gpio-kempld: Fix get_direction return value - [s390x] crypto: ghash - Fix incorrect ghash icv buffer handling. - mac80211: move WEP tailroom size check - mac80211: don't use napi_gro_receive() outside NAPI context - [s390x] mm: correct return value of pmd_pfn (regression in 3.17) - [armhf] EXYNOS: Fix dereference of ERR_PTR returned by of_genpd_get_from_provider (regression in 4.0) - [arm*] fix missing syscall trace exit - [hppa] Fix crashes due to stack randomization on stack-grows-upwards architectures - kernfs: do not account ino_ida allocations to memcg - nfsd: fix the check for confirmed openowner in nfs4_preprocess_stateid_op - md/raid5: don't record new size if resize_stripes fails. - Revert "HID: logitech-hidpp: support combo keyboard touchpad TK820" (regression in 3.19) - [mips*] fix FP mode selection in lieu of .MIPS.abiflags data (regression in 4.0) - ACPI / init: Fix the ordering of acpi_reserve_resources() - iwlwifi: mvm: Free fw_status after use to avoid memory leak (regression in 3.19) - iwlwifi: pcie: prevent using unmapped memory in fw monitor - drm/plane-helper: Adapt cursor hack to transitional helpers (regression in 4.0) - drm/radeon/audio: make sure connector is valid in hotplug case - Revert "drm/radeon: only mark audio as connected if the monitor supports it (v3)" (regression in 4.0.3) - dm: fix casting bug in dm_merge_bvec() (regression in 3.19) - dm: fix reload failure of 0 path multipath mapping on blk-mq devices (regression in 4.0) - UBI: block: Add missing cache flushes - md: fix race when unfreezing sync_action (regression in 4.0) - fs/binfmt_elf.c:load_elf_binary(): return -EINVAL on zero-length mappings (regression in 4.0.2) [ Ben Hutchings ] * udeb: Remove i2o modules (fixes FTBFS on amd64) (Closes: #787004) * Revert "libata: Ignore spurious PHY event on LPM policy change" to avoid ABI change [ Ian Campbell ] * [armhf] Enable PCIe support for IMX6 boards. Patch from Vagrant Cascadian (Closes: #787029) * [armhf] Add stmmac-platform module to nic-modules udeb. (Closes: #786716) * [arm] Fix mvebu-mbus for non-io-coherent platforms. In particular armel/{orion5x,kirkwood}. * [armel/kirkwood]: Enable CONFIG_ARM_KIRKWOOD_CPUIDLE. (Closes: #787716) [ Uwe Kleine-König ] * [rt] Update to 4.0.5-rt3 -- Ben Hutchings Tue, 16 Jun 2015 15:40:49 +0100 linux (4.0.4-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3 - bpf: fix 64-bit divide - route: Use ipv4_mtu instead of raw rt_pmtu (regression in 3.19) - cxgb4: Fix MC1 memory offset calculation (regression in 3.19) - [mips*] Revert "MIPS: Remove race window in page fault handling" (regression in 3.17) - [mips*] Fix race condition in lazy cache flushing. - [mips*/octeon] Remove udelay() causing huge IRQ latency - [mips*] Fix cpu_has_mips_r2_exec_hazard. - [mips*] asm: elf: Set O32 default FPU flags (regression in 4.0) - ALSA: emux: Fix mutex deadlock in OSS emulation - cdc-acm: prevent infinite loop when parsing CDC headers. (regression in 4.0) - [arm64] dma-mapping: always clear allocated buffers - [arm64] add missing PAGE_ALIGN() to __dma_free() - [armhf] usb: chipidea: otg: remove mutex unlock and lock while stop and start role (regression in 3.16) - btrfs: unlock i_mutex after attempting to delete subvolume during send (regression in 3.16) - [x86] ACPI / SBS: Enable battery manager when present (regression in 3.18) - rbd: end I/O the entire obj_request on error - ext4: fix data corruption caused by unwritten and delayed extents (Closes: #785672) - ext4: move check under lock scope to close a race. - SCSI: add 1024 max sectors black list flag (regression in 3.19) - 3w-xxxx: fix command completion race - 3w-9xxx: fix command completion race - 3w-sas: fix command completion race - drm/radeon: fix lockup when BOs aren't part of the VM on release - drm/radeon: reset BOs address after clearing it. - drm/radeon: check new address before removing old one - hfsplus: don't store special "osx" xattr prefix on-disk https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.4 - [x86] spinlocks: Fix regression in spinlock contention detection (regression in 4.0) - [x86] ACPI / SBS: Add 5 us delay to fix SBS hangs on MacBook (regression in 3.18) - [x86] PCI/ACPI: Make all resources except [io 0xcf8-0xcff] available on PCI bus (regression in 4.0) - ACPI / PNP: add two IDs to list for PNPACPI device enumeration (regression in 3.16) - ocfs2: dlm: fix race between purge and get lock resource - nilfs2: fix sanity check of btree level in nilfs_btree_root_broken() - mnt: Fix fs_fully_visible to verify the root directory is visible - mm/memory-failure: call shake_page() when error hits thp tail page - vfio: Fix runaway interruptible timeout (regression in 4.0) - Revert "dm crypt: fix deadlock when async crypto algorithm returns -EBUSY" (regression in 4.0.2) - block: destroy bdi before blockdev is unregistered. (regression in 4.0) - blk-mq: fix race between timeout and CPU hotplug - blk-mq: fix CPU hotplug handling - [armhf] dts: imx6: phyFLEX: USB VBUS control is active-high (regression in 3.16) - [armhf] mvebu: armada-xp-openblocks-ax3-4: Disable internal RTC - [armhf] OMAP2+: Fix omap off idle power consumption creeping up (regression in 3.16) - [armel,armhf] net fix emit_udiv() for BPF_ALU | BPF_DIV | BPF_K intruction. - drm: Zero out invalid vblank timestamp in drm_update_vblank_count. (regression in 3.17) - [x86] drm/i915/dp: there is no audio on port A - [x86] drm/amdkfd: allow unregister process with queues - drm/radeon: disable semaphores for UVD V1 (v2) - drm/radeon: don't setup audio on asics that don't support it - drm/radeon: fix userptr BO unpin bug v3 - drm/radeon: make VCE handle check more strict - drm/radeon: make UVD handle checking more strict - drm/radeon: more strictly validate the UVD codec - pinctrl: Don't just pretend to protect pinctrl_maps, do it for real - mmc: card: Don't access RPMB partitions for normal read/write [ Ben Hutchings ] * Fix error messages at boot on systems without an RTC (Closes: #784146): - rtc: hctosys: do not treat lack of RTC device as error - rtc: hctosys: use function name in the error log * [rt] Update to 4.0.4-rt1 and re-enable * linux-image: Depend on kmod without an alternative of module-init-tools * linux-image: Add versioned Breaks on udev (<< 208-8~) due to #752742 and #756312 * [i386] pnp: Disable PNPBIOS_PROC_FS * [arm64] USB: Add support for XHCI on APM Mustang (Closes: #785707) - Change USB_XHCI_HCD to built-in and enable USB_XHCI_PLATFORM as built-in - Make xhci platform driver use 64 bit or 32 bit DMA - Add support for ACPI identification to xhci-platform * md/raid0: fix restore to sector variable in raid0_make_request (Closes: #786372) (regression in 4.0.2) * [x86] e1000e: Add support for Sunrise Point (i219) (Closes: #784546) * [x86] config: Enable NEED_DMA_MAP_STATE by default when SWIOTLB is selected (Closes: #786551) * cdc_ncm: Fix tx_bytes statistics (regression in 4.0) * [armhf] USB: musb: Fix order of conditions for assigning end point operations (regression in 3.19) * [armel/{kirkwood,orion5x}] Disable PM again to reduce kernel image size * [armel/kirkwood] Enable DEBUG_MVEBU_UART0_ALTERNATE, replacing DEBUG_MVEBU_UART_ALTERNATE * i2o: Disable I2O * [x86] vmwgfx: Enable DRM_VMWGFX_FBCON (Closes: #714929) * media: Enable DVB_SMIPCIE as module (Closes: #785153) * Bump ABI to 2 * [x86] i2c: Change I2C to built-in and enable ACPI_I2C_OPREGION (Closes: #778896) * usb-storage: Enable USB_UAS for the third time, hoping that it's finally robust enough (Closes: #749014) * zram: Enable ZRAM_LZ4_COMPRESS (Closes: #770958) * HID: Enable HID_BATTERY_STRENGTH (Closes: #783214) * [x86] ALSA: Enable SND_SOC_INTEL_BROADWELL_MACH as module (Closes: #785422) [ Ian Campbell ] * [armhf+arm64] Enabled generic SYSCON regmap reset driver * [arm64] Enable PCI support and related modules, adjusting udeb module lists for new modules. * [arm64] Build XHCI platform drivers as a module. -- Ben Hutchings Tue, 26 May 2015 02:30:06 +0100 linux (4.0.2-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.1 - udptunnels: Call handle_offloads after inserting vlan tag. - tcp: tcp_make_synack() should clear skb->tstamp - bnx2x: Fix busy_poll vs netpoll - bpf: fix verifier memory corruption - Revert "net: Reset secmark when scrubbing packet" - skbuff: Do not scrub skb mark within the same name space - fs: take i_mutex during prepare_binprm for set[ug]id executables (CVE-2015-3339) * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.2 - tcp: fix possible deadlock in tcp_send_fin() - tcp: avoid looping in tcp_send_fin() (regression in 4.0) - net: do not deplete pfmemalloc reserve - net: fix crash in build_skb() - net: rfs: fix crash in get_rps_cpus() (regression in 4.0) - md: fix md io stats accounting broken (regression in 3.19) - [x86] perf/intel: Fix Core2,Atom,NHM,WSM cycles:pp events (regression in 3.19) - [x86] fix special __probe_kernel_write() tail zeroing case (regression in 4.0) - Btrfs: fix log tree corruption when fs mounted with -o discard - btrfs: don't accept bare namespace as a valid xattr - Btrfs: fix inode eviction infinite loop after cloning into it - Btrfs: fix inode eviction infinite loop after extent_same ioctl - mm/hugetlb: use pmd_page() in follow_huge_pmd() (regression in 4.0) - [powerpc] hugetlb: Call mm_dec_nr_pmds() in hugetlb_free_pmd_range() (regression in 4.0) - [s390x] KVM: fix handling of write errors in the tpi handler - [s390x] KVM: reinjection of irqs can fail in the tpi handler - [s390x] KVM: fix get_all_floating_irqs (regression in 3.15) - [s390x] hibernate: fix save and restore of kernel text section - KVM: use slowpath for cross page cached accesses - [arm*] KVM: check IRQ number on userland injection - [x86] KVM: VMX: Preserve host CR4.MCE value while in guest mode. - [mips*el] Loongson-3: Add IRQF_NO_SUSPEND to Cascade irqaction (regression in 3.19) - [mips*] Hibernate: flush TLB entries earlier - md/raid0: fix bug with chunksize not a power of 2. - [armhf] spi: imx: read back the RX/TX watermark levels earlier (regression in 3.18) - ring-buffer: Replace this_cpu_*() with __this_cpu_*() - NFS: fix BUG() crash in notify_change() with patch to chown_common() - [armhf] fix broken hibernation (regression in 3.16) - [armel,armhf] 8320/1: fix integer overflow in ELF_ET_DYN_BASE - ALSA: emu10k1: don't deadlock in proc-functions - Input: alps - fix touchpad buttons getting stuck when used with trackpoint (regression in 4.0) - mfd: core: Fix platform-device name collisions (regression in 3.19) - fs/binfmt_elf.c: fix bug in loading of PIE binaries - ptrace: fix race between ptrace_resume() and wait_task_stopped() - ext4: make fsync to sync parent dir in no-journal for real this time - mnt: Prevent circumvention of locked mounts using umount(MNT_DETACH) (CVE-2014-9717) - tpm: fix: sanitized code paths in tpm_chip_register() (regression in 4.0) - [powerpc/powerpc64,ppc64*] perf: Cap 64bit userspace backtraces to PERF_MAX_STACK_DEPTH (Closes: #784278) - UBI: account for bitflips in both the VID header and data - UBI: fix out of bounds write - UBI: fix check for "too many bytes" - target: Fix COMPARE_AND_WRITE with SG_TO_MEM_NOALLOC handling - target/file: Fix SG table for prot_buf initialization - [arm64] head.S: ensure visibility of page tables (regression in 3.15) - [arm64] errata: add workaround for cortex-a53 erratum #845719 - [powerpc/powerpc64,ppc64*] powernv: Don't map M64 segments using M32DT (regression in 3.17) - [powerpc/powerpc64,ppc64] cell: Fix crash in iic_setup_cpu() after per_cpu changes (regression in 3.19) - [powerpc/powerpc64,ppc64] cell: Fix cell iommu after it_page_shift changes - [i386/686-pae] ACPICA: Utilities: split IO address types from data type models. - ACPICA: Store GPE register enable masks upfront (regression in 3.19) - [armhf] clk: samsung: exynos4: Disable ARMCLK down feature on Exynos4210 SoC (regression in 3.17) - [armhf] clk: tegra: Use the proper parent for plld_dsi (regression in 4.0) - [armhf] serial: imx: Fix clearing of receiver overrun flag - serial: 8250: Check UART_SCR is writable (regression in 4.0) - sd: Unregister integrity profile (regression in 3.18) - sd: Fix missing ATO tag check (regression in 3.18) - [x86] Drivers: hv: vmbus: Fix a bug in the error path in vmbus_open() - IB/core: disallow registering 0-sized memory region - IB/iser: Fix wrong calculation of protection buffer length (regression in 3.16) - i2c: Mark adapter devices with pm_runtime_no_callbacks (regression in 4.0) - [armhf] drm/exynos: Enable DP clock to fix display on Exynos5250 and other (regression in 4.0) - [x86] drm/i915: vlv: fix save/restore of GFX_MAX_REQ_COUNT reg (regression in 3.16) - [x86] drm/i915: cope with large i2c transfers - vfs: RCU pathwalk breakage when running into a symlink overmounting something - Revert "nfs: replace nfs_add_stats with nfs_inc_stats when add one" (regression in 3.19) - nfsd4: disallow ALLOCATE with special stateids (regression in 3.19) - nfsd4: fix READ permission checking (regression in 3.16) - nfsd4: disallow SEEK with special stateids (regression in 3.18) - nfsd: eliminate NFSD_DEBUG (regression of linux-libc-dev in 3.19) - nfs: fix high load average due to callback thread sleeping (regression in 4.0) - nfs: fix DIO good bytes calculation (regression in 4.0) - nfs: remove WARN_ON_ONCE from nfs_direct_good_bytes - NFS: Add a stub for GETDEVICELIST (regression in 3.18) - sched/deadline: Always enqueue on previous rq when dl_task_timer() fires (regression in 4.0) - mac80211: send AP probe as unicast again (regression in 3.19) - lib: memzero_explicit: use barrier instead of OPTIMIZER_HIDE_VAR - [armhf] crypto: omap-aes - Fix support for unequal lengths - memstick: mspro_block: add missing curly braces - drivers: platform: parse IRQ flags from resources (regression in 3.18) [ Ben Hutchings ] * debian.py,gencontrol.py: Fix the version sanity checks for backports and security/LTS uploads * ipv4: Missing sk_nulls_node_init() in ping_unhash() (CVE-2015-3636) * [armel/orion5x] Increase maximum kernel image size to ~2 MB, removing support for DNS-323 (fixes FTBFS) - Re-enable BLK_DEV_INTEGRITY, SCSI_UFSHCD, TCM_IBLOCK, AUDIT, USER_NS, PCI_QUIRKS, FTRACE, DEBUG_BUGVERBOSE, SECURITY - Enable DYNAMIC_DEBUG, FRONTSWAP * [arm64,armhf,powerpcspe,x86] gpio: Explicitly enable GPIOLIB, as some drivers now depend on rather than selecting it (fixes FTBFS on i386) * [x86] thermal: Enable INT340X_THERMAL as module, replacing ACPI_INT3403_THERMAL * [x86] Re-enable IOSF_MBI and INTEL_RAPL as modules * sound: Enable SND_USB_POD, SND_USB_PODHD, SND_USB_TONEPORT, SND_USB_VARIAX as modules, replacing LINE6_USB * media/rc: Enable IR_IGORPLUGUSB as module, replacing LIRC_IGORPLUGUSB * [amd64] misc: Enable INTEL_MIC_BUS and re-enable INTEL_MIC_HOST as modules * sound/firewire: Enable SND_OXFW as module, replacing SND_FIREWIRE_SPEAKERS * [x86] Enable DW_DMAC and re-enable SND_SOC_INTEL_HASWELL_MACH, SND_SOC_INTEL_BYT_RT5640_MACH, SND_SOC_INTEL_BYT_MAX98090_MACH as modules * [x86] tpm: Enable TCG_TIS_I2C_ST33 as module, replacing TCG_ST33_I2C * [armel/kirkwood] regulator: Re-enable REGULATOR, REGULATOR_FIXED_VOLTAGE * [armel/kirkwood] sound: Enable SND_SIMPLE_CARD as module, replacing SND_KIRKWOOD_SOC_OPENRD, SND_KIRKWOOD_SOC_T5325; re-enable SND_SOC_ALC5623, SND_SOC_CS42L51_I2C as modules * [alpha,armel/kirkwood,hppa,ia64,mips*/{octeon,sb1-bcm91250a}] Re-enable PM * [armel/orion5x] Enable PM * [armhf] sound: Enable SND_SIMPLE_CARD as module * path_openat(): fix double fput() * [x86] serial: Enable SERIAL_8250_DW as built-in * [armhf] Enable ARM_ERRATA_430973 (Closes: #768890), ARM_ERRATA_643719, ARM_ERRATA_754327, ARM_ERRATA_773022 * [x86] nfc: Enable NFC_HCI, NFC_MEI_PHY, NFC_PN544, NFC_PN544_MEI as modules (Closes: #770323) * Set ABI to 1 * mnt: Add missing pieces of fix for CVE-2014-9717: - mnt: Fail collect_mounts when applied to unmounted mounts - fs_pin: Allow for the possibility that m_list or s_list go unused. [ Ian Campbell ] * [armhf] Enable support for Freescale SNVS RTC. (Closes: #782364) * [armhf] Add ehci-orion module to usb-modules udeb. (Closes: #783324) * [armhf] imx-hdmi module is now called dw_hdmi-imx, so update fb-modules udeb. Patches from both Vagrant Cascadian and Wookey. (Closes: #783275) * [arm*] Install DTBS using dtbs_install target. (Closes: #784761) -- Ben Hutchings Mon, 11 May 2015 04:29:06 +0100 linux-tools (4.0.2-1) unstable; urgency=medium * New upstream release * Thanks to Luca Boccassi and Lukas Wunner for some hints on upgrading to 4.0 (Closes: #778588) * debian/control: Add gcc-multilib to Build-Depends in order to build perf-read-vdso{,x}32 * linux-tools: Install perf-read-vdso{,x}32 in versioned directory under /usr/lib * linux-tools: Set ARCH=x86 when building perf for amd64, i386 or x32 * linux-kbuild: Include Makefile.kasan (Closes: #783681) * linux-kbuild: Enable Large File Support (Closes: #778942) -- Ben Hutchings Mon, 11 May 2015 03:53:12 +0100 linux (4.0-1~exp1) experimental; urgency=medium * New upstream release: http://kernelnewbies.org/Linux_4.0 [ Ben Hutchings ] * [i386,s390] Remove 64-bit kernel flavours, which are also available through multiarch * [x86] Enable PARAVIRT_SPINLOCKS -- maximilian attems Tue, 21 Apr 2015 21:46:47 +0200 linux (3.19.3-1~exp1) experimental; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.2 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.3 -- maximilian attems Sun, 29 Mar 2015 20:14:33 +0200 linux (3.19.1-1~exp1) experimental; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.1 - Bluetooth: ath3k: workaround the compatibility issue with xHCI controller (Closes: #778463) - random: Fix fast_mix() function (regression in 3.17) - xfs: inode unlink does not set AGI buffer type - xfs: set buf types when converting extent formats - xfs: set superblock buffer type correctly - iwlwifi: mvm: validate tid and sta_id in ba_notif - iwlwifi: mvm: fix failure path when power_update fails in add_interface (regression in 3.15) - HID: i2c-hid: Limit reads to wMaxInputLength bytes for input events (regression in 3.19) - cpufreq: Set cpufreq_cpu_data to NULL before putting kobject - [xen] manage: Fix USB interaction issues when resuming (regression in 3.17) - [xen] xen-scsiback: mark pvscsi frontend request consumed only after last read - megaraid_sas: endianness related bug fixes and code optimization - rc-main: Re-apply filter for no-op protocol change (regression in 3.17) - proc/pagemap: walk page tables under pte lock - NFS: struct nfs_commit_info.lock must always point to inode->i_lock (regression in 3.17) - [mips*] asm: asmmacro: Replace "add" instructions with "addu" - mm/hugetlb: pmd_huge() returns true for non-present hugepage - blk-mq: fix double-free in error path - nfs41: .init_read and .init_write can be called with valid pg_lseg (regression in 3.15) - SUNRPC: NULL utsname dereference on NFS umount during namespace cleanup - NFSv4: Ensure we reference the inode for return-on-close in delegreturn - NFSv4.1: Fix a kfree() of uninitialised pointers in decode_cb_sequence_args - sg: fix unkillable I/O wait deadlock with scsi-mq - sg: fix EWOULDBLOCK errors with scsi-mq - iscsi-target: Drop problematic active_ts_list usage - cipso: don't use IPCB() to locate the CIPSO IP option (regression in 3.18) - ring-buffer: Do not wake up a splice waiter when page is not full (regression in 3.18) - tty: Remove warning in tty_lock_slave() (regression in 3.19) - tty: Prevent untrappable signals from malicious program - USB: fix use-after-free bug in usb_hcd_unlink_urb() - [armhf] usb: dwc3: gadget: add missing spin_lock() (regression in 3.19) - usb: core: buffer: smallest buffer should start at ARCH_DMA_MINALIGN - cdc-acm: add sanity checks - ntp: Fixup adjtimex freq validation on 32-bit systems (regression in 3.19) - udf: Check length of extended attributes and allocation descriptors - [s390*] KVM: forward hrtimer if guest ckc not pending yet (regression in 3.17) - [s390*] KVM: base hrtimer on a monotonic clock - [s390*] KVM: floating irqs: fix user triggerable endless loop - [s390*] KVM: avoid memory leaks if __inject_vm() fails - gpiolib: of: allow of_gpiochip_find_and_xlate to find more than one chip per node (regression in 3.19) - sb_edac: Fix detection on SNB machines (regression in 3.18) - jffs2: fix handling of corrupted summary length - samsung-laptop: Add use_native_backlight quirk, and enable it on some models (regression in 3.16) - libceph: fix double __remove_osd() problem - btrfs: fix leak of path in btrfs_find_item - Btrfs: fix fsync data loss after adding hard link to inode - blk-throttle: check stats_cpu before reading it from sysfs - [x86] efi: Avoid triple faults during EFI mixed mode calls - [x86][xen] irq: Fix regression in 3.19 - Replace ACCESS_ONCE of non-scalar types with READ_ONCE - kernel: tighten rules for ACCESS_ONCE - [x86] spinlocks/paravirt: Fix memory corruption on unlock - quota: Store maximum space limit in bytes [ Ben Hutchings ] * [armhf] Drop sun7i device tree patches which are included in 3.19 (fixes FTBFS) (Closes: #779799) * nfsd: Enable NFSD_V4_SECURITY_LABEL [ Helge Deller ] * [hppa] Add virtio udeb modules * [alpha] Add debian-installer udeb packages * [alpha] Drop alpha-legacy kernel image -- Ben Hutchings Sun, 08 Mar 2015 15:29:45 +0000 linux (3.19-1~exp1) experimental; urgency=medium * New upstream release: http://kernelnewbies.org/Linux_3.19 * Enable SCSI_AM53C974 where tmscim was enabled. -- maximilian attems Thu, 12 Feb 2015 23:41:05 +0100 linux (3.18.6-1~exp1) experimental; urgency=medium [ Ben Hutchings ] * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.6 -- maximilian attems Sat, 07 Feb 2015 22:38:37 +0100 linux-tools (3.18.5-1~exp1) experimental; urgency=medium * New upstream release * linux-tools: Fix build configuration to avoid linking perf with libbfd (Closes: #763002) * linux-tools: Add a check that perf is not linked with libbfd * [arm64] Enable building linux-tools, thanks to Steve Capper (Closes: #771340) * [armel,armhf] linux-tools: Enable use of libunwind * [hppa,sparc] linux-tools: Enable use of libnuma * [mips*,powerpcspe,x32] Enable building linux-tools -- Ben Hutchings Sun, 01 Feb 2015 02:53:07 +0100 linux (3.18.5-1~exp1) experimental; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.4 - [hppa] fix out-of-register compiler error in ldcw inline assembler function https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.5 [ Helge Deller ] * [hppa] Enable CONFIG_PPDEV to avoid CUPS complaining with systemd -- maximilian attems Sat, 31 Jan 2015 22:20:40 +0100 linux (3.18.3-1~exp1) experimental; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.1 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.3 [ Ian Campbell ] * [armel/kirkwood]: Enable DEBUG_MVEBU_UART_ALTERNATE to match the behaviour of previous boardfile based kirkwood kernels. Otherwise the kernel silently crashes during boot. * [armel/kirkwood]: Add versioned breaks on flash-kernel << 3.30~, versions before this do not append a DTB on all platforms. This is required now that board file support is removed. * Add xhci-pci and xhci-plat-hcd to usb-modules udeb. (Inspired by #770912). * [armhf/armmp]: Enable support for Tegra124 based platforms. [ Helge Deller ] * [hppa] udeb: Fix duplicate modules in ata-modules, pata-modules (Closes: #770102) * [hppa] Create build-dependencies on binutils-hppa64 and gcc-4.9-hppa64 [ Ben Hutchings ] * [sh4] ftrace: Remove -m32 option from recordmcount.pl (Closes: #775611) -- Ben Hutchings Sun, 18 Jan 2015 20:48:06 +0000 linux (3.18-1~exp1) experimental; urgency=medium * New upstream release: http://kernelnewbies.org/Linux_3.18 [ Ben Hutchings ] * Remove aufs * vfs: Enable OVERLAY_FS as module * drivers/base: Disable UEVENT_HELPER, only needed for compatibility with wheezy's udev package * net: Enable 6LOWPAN as module; re-enable BT_6LOWPAN and IEEE802154_6LOWPAN as modules * net: Enable GENEVE as module; enable OPENVSWITCH_GENEVE * ipv4: Enable TCP_CONG_DCTCP as module * netfilter: Enable IP6_NF_NAT, IP_SET_HASH_MAC, IP_VS_FO, NF_LOG_ARP, NF_LOG_BRIDGE, NFT_BRIDGE_REJECT, NFT_MASQ, NFT_MASQ_IPV4, NFT_MASQ_IPV6 as modules * SCSI,xen: Enable XEN_SCSI_FRONTEND, XEN_SCSI_BACKEND as modules * SCSI: Re-enable LIBFCOE, FCOE, FCOE_FNIC, SCSI_BNX2X_FCOE as modules * drivers/net: Enable ET131X as module for all architectures * wireless: Enable BRCMFMAC as module for all architectures; enable BRCMFMAC_USB and BRCMFMAC_PCIE * wireless: Enable RTL8192EE, RTL8821AE as modules for all architectures (replacing R8192EE, R8821AE for x86 only) * media: Enable VIDEO_VIVID as module (replacing VIDEO_VIVI) * [armel/kirkwood] Enable ARCH_MULTI_V5, ARCH_MVEBU, MACH_KIRKWOOD and MACH_NETXBIG, replacing ARCH_KIRKWOOD etc. * [powerpc/powerpc64,ppc64*] Enable SCSI_IBMVFC as module, replacing SCSI_IBMVSCSIS * input/tablet: Enable TABLET_SERIAL_WACOM4 as module * media: Enable MEDIA_SDR_SUPPORT; enable DVB_PT3, DVB_USB_DVBSKY, USB_AIRSPY, USB_HACKRF, VIDEO_TW68 as modules; enable VIDEO_SOLO6X10 as module on all architectures (replacing SOLO6X10 on x86); enable USB_MSI2500 on all architectures (replacing USB_MSI3101 on x86) * au0828: Enable VIDEO_AU0828_RC * HID,gpio,i2c: Enable HID_CP2112 as module * HID: Enable HID_PENMOUNT as module * USB,leds: Enable USB_LED_TRIG * leds: Disable LEDS_PCA9532, apparently only needed on armel/iop32x * [x86] platform: Enable TOSHIBA_HAPS as module * [x86] serial: Enable SERIAL_8250_FINTEK as module * [x86] Enable MFD_MENF21BMC, LEDS_MENF21BMC, SENSORS_MENF21BMC_HWMON, MENF21BMC_WATCHDOG as modules * [x86] edac: Enable EDAC_IE31200 as module * [x86] drivers/crypto: Enable CRYPTO_DEV_QAT_DH895xCC as module * [x86] comedi: Enable COMEDI_NI_USB6501 as module * [armel] Change configuration to reduce kernel image size (fixes FTBFS) - [/kirkwood] netlink: Disable NETLINK_MMAP - [/kirkwood] cgroups: Disable MEMCG - [/kirkwood] Disable CHECKPOINT_RESTORE - [/kirkwood] mm: Disable COMPACTION, KSM - [/kirkwood] crypto: Disable CRYPTO_FIPS - [/kirkwood] power: Disable HIBERNATION, PM_RUNTIME - [/orion5x] mm: Disable COMPACTION, MIGRATION - [/orion5x] block: Disable BLK_DEV_INTEGRITY - [/orion5x] SCSI: Disable SCSI_UFSHCD - [/orion5x] target: Disable TCM_IBLOCK - [/orion5x] Disable AUDIT, DEBUG_BUGVERBOSE, PROFILING, OPROFILE, RD_LZO * [armel] Include size of appended DTBs in image size check -- Ben Hutchings Thu, 11 Dec 2014 00:43:21 +0000 linux (3.17.4-1~exp1) experimental; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.1 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.2 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.3 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4 [ Ben Hutchings ] * Set ABI to trunk * aufs: Update to aufs3.17-20141020: - support for AT_EMPTY_PATH/LOOKUP_EMPTY - Show union filesystem paths in /proc/*/map_files/* - bugfix, fix the returning size of the branch attr * Compile with gcc-4.9 (except for ia64,m68k,s390*,sh4) -- maximilian attems Mon, 24 Nov 2014 00:00:27 +0100 linux-tools (3.17-1~exp1) experimental; urgency=medium * New upstream release - usbip userspace moved to tools/usb/usbip -- Ben Hutchings Fri, 17 Oct 2014 14:58:51 +0200 linux (3.17-1~exp1) experimental; urgency=medium * New upstream release: http://kernelnewbies.org/Linux_3.17 * armel: Drop ixp4xx image. * topconfig: Reenable renamed IP_NF_NAT. (closes #762458) * udeb: refix renamed i2c-core. -- maximilian attems Tue, 14 Oct 2014 23:01:39 +0200 linux (3.17~rc5-1~exp1) experimental; urgency=medium * New upstream release candidate [ Ben Hutchings ] * aufs: Update to aufs3.x-rcN-20140908 [ maximilian attems ] * udeb: fix renamed i2ccore. -- maximilian attems Thu, 18 Sep 2014 23:50:00 +0200 linux (3.16.7-ckt9-3) unstable; urgency=high [ Ben Hutchings ] * [x86] crypto: aesni - fix memory usage in GCM decryption (Closes: #782561) (CVE-2015-3331) * tcp: Fix crash in TCP Fast Open (Closes: #782515) (CVE-2015-3332) * kernel: Provide READ_ONCE and ASSIGN_ONCE * Replace use of ACCESS_ONCE on non-scalar types with READ_ONCE or barriers as appropriate * kernel: tighten rules for ACCESS ONCE * kernel: Change ASSIGN_ONCE(val, x) to WRITE_ONCE(x, val) * fs: take i_mutex during prepare_binprm for set[ug]id executables (CVE-2015-3339) [ Ian Campbell ] * [xen] release per-queue Tx and Rx resource when disconnecting, fixing network after save/restore or migration. (Closes: #782698) -- Ben Hutchings Thu, 23 Apr 2015 16:41:27 +0100 linux (3.16.7-ckt9-2) unstable; urgency=medium * btrfs: simplify insert_orphan_item (Closes: #782362) -- Ben Hutchings Mon, 13 Apr 2015 02:01:54 +0100 linux (3.16.7-ckt9-1) unstable; urgency=medium * New upstream stable update: http://kernel.ubuntu.com/stable/ChangeLog-3.16.7-ckt8 - usb: core: buffer: smallest buffer should start at ARCH_DMA_MINALIGN - btrfs: fix leak of path in btrfs_find_item - tpm_tis: verify interrupt during init - xfs: ensure buffer types are set correctly - xfs: inode unlink does not set AGI buffer type - xfs: set buf types when converting extent formats - xfs: set superblock buffer type correctly - [s390*] KVM: avoid memory leaks if __inject_vm() fails - samsung-laptop: Add use_native_backlight quirk, and enable it on some models (regression in 3.14) - staging: comedi: comedi_compat32.c: fix COMEDI_CMD copy back - nfs: don't call blocking operations while !TASK_RUNNING - cdc-acm: add sanity checks - USB: fix use-after-free bug in usb_hcd_unlink_urb() - iwlwifi: mvm: fix failure path when power_update fails in add_interface - tty: Prevent untrappable signals from malicious program - cpufreq: Set cpufreq_cpu_data to NULL before putting kobject - nfs41: .init_read and .init_write can be called with valid pg_lseg (regression in 3.15) - mei: mask interrupt set bit on clean reset bit (regression in 3.16.7-ckt5) - [s390*] KVM: floating irqs: fix user triggerable endless loop - cfq-iosched: handle failure of cfq group allocation - tracing: Fix unmapping loop in tracing_mark_write - fsnotify: fix handling of renames in audit - blk-mq: fix double-free in error path - NFSv4.1: Fix a kfree() of uninitialised pointers in decode_cb_sequence_args - mm/hugetlb: pmd_huge() returns true for non-present hugepage - mm/hugetlb: take page table lock in follow_huge_pmd() - mm/hugetlb: fix getting refcount 0 page in hugetlb_fault() - mm/hugetlb: add migration/hwpoisoned entry check in hugetlb_change_protection - mm/hugetlb: add migration entry check in __unmap_hugepage_range - iscsi-target: Drop problematic active_ts_list usage - mm/memory.c: actually remap enough memory - mm: hwpoison: drop lru_add_drain_all() in __soft_offline_page() (regression in 3.11) - jffs2: fix handling of corrupted summary length - dm mirror: do not degrade the mirror on discard error - dm io: reject unsupported DISCARD requests with EOPNOTSUPP - NFS: struct nfs_commit_info.lock must always point to inode->i_lock (regression in 3.16.4) - target: Add missing WRITE_SAME end-of-device sanity check - target: Check for LBA + sectors wrap-around in sbc_parse_cdb - Btrfs: fix fsync data loss after adding hard link to inode - sg: fix read() error reporting - IB/qib: Do not write EEPROM - [amd64] EDAC, amd64_edac: Prevent OOPS with >16 memory controllers (regression in 3.11) - md/raid5: Fix livelock when array is both resyncing and degraded. - locking/rtmutex: Avoid a NULL pointer dereference on deadlock (regression in 3.16) - time: adjtimex: Validate the ADJ_FREQUENCY values - ntp: Fixup adjtimex freq validation on 32-bit systems - dm: fix a race condition in dm_get_md - dm snapshot: fix a possible invalid memory access on unload - libceph: fix double __remove_osd() problem - blk-throttle: check stats_cpu before reading it from sysfs - debugfs: leave freeing a symlink body until inode eviction - procfs: fix race between symlink removals and traversals - autofs4 copy_dev_ioctl(): keep the value of ->size we'd used for allocation - clk-gate: fix bit # check in clk_register_gate() (regression in 3.11) - [powerpc*] kernel: Avoid memory corruption at early stage (regression in 3.14) - GFS2: Fix crash during ACL deletion in acl max entry check in gfs2_set_acl() (regression in 3.14) - net: llc: use correct size for sysctl timeout entries (CVE-2015-2041) - net: rds: use correct size for max unacked packets and bytes (CVE-2015-2042) - HID: i2c-hid: Limit reads to wMaxInputLength bytes for input events (regression in 3.16.7-ckt4) - net: sctp: fix race for one-to-many sockets in sendmsg's auto associate - ipv6: mld: fix add_grhead skb_over_panic for devs with large MTUs - IB/core: When marshaling ucma path from user-space, clear unused fields (regression in 3.14) - IB/core: Fix deadlock on uverbs modify_qp error flow (regression in 3.14) - IB/mlx4: Fix wrong usage of IPv4 protocol for multicast attach/detach (regression in 3.14) - IB/iser: Use correct dma direction when unmapping SGs (regression in 3.15) - staging: comedi: cb_pcidas64: fix incorrect AI range code handling - target: Fix R_HOLDER bit usage for AllRegistrants - target: Avoid dropping AllRegistrants reservation during unregister - target: Allow AllRegistrants to re-RESERVE existing reservation - target: Allow Write Exclusive non-reservation holders to READ - vhost/scsi: potential memory corruption - mm: softdirty: unmapped addresses between VMAs are clean - proc/pagemap: walk page tables under pte lock http://kernel.ubuntu.com/stable/ChangeLog-3.16.7-ckt9 - netfilter: nft_compat: fix module refcount underflow - netfilter: xt_socket: fix a stack corruption bug - ipvs: add missing ip_vs_pe_put in sync code - flowcache: Fix kernel panic in flow_cache_flush_task (regression in 3.15) - tcp: make sure skb is not shared before using skb_get() (regression in 3.16) - gen_stats.c: Duplicate xstats buffer for later use - ematch: Fix auto-loading of ematch modules. - openvswitch: Fix net exit. - net: reject creation of netdev names with colons - macvtap: make sure neighbour code can push ethernet header - udp: only allow UFO for packets from SOCK_DGRAM sockets - gpiolib: of: allow of_gpiochip_find_and_xlate to find more than one chip per node (regression in 3.16.7-ckt6) - [x86] drm/i915: Check obj->vma_list under the struct_mutex (regression in 3.15) - ALSA: hda - Disable runtime PM for Panther Point again (regression in 3.14) - nilfs2: fix potential memory overrun on inode - [armhf] usb: dwc3: dwc3-omap: Fix disable IRQ - [i386] KVM: emulate: fix CMPXCHG8B on 32-bit hosts - xhci: Allocate correct amount of scratchpad buffers - USB: usbfs: don't leak kernel data in siginfo - efi/libstub: Fix boundary checking in efi_high_alloc() - USB: serial: fix potential use-after-free after failed probe - USB: serial: fix tty-device error handling at probe - staging: comedi: adv_pci1710: fix AI INSN_READ for non-zero channel - mei: make device disabled on stop unconditionally - NFSv4: Don't call put_rpccred() under the rcu_read_lock() - btrfs: fix lost return value due to variable shadowing - eCryptfs: don't pass fs-specific ioctl commands through - drm/radeon: fix DRM_IOCTL_RADEON_CS oops - [armhf] ASoC: omap-pcm: Correct dma mask - [amd64] x86/asm/entry/64: Remove a bogus 'ret_from_fork' optimization (CVE-2015-2830) - Btrfs: fix data loss in the fast fsync path - Btrfs:__add_inode_ref: out of bounds memory read when looking for extended ref. - svcrpc: fix memory leak in gssp_accept_sec_context_upcall (regression in 3.12) - SUNRPC: Always manipulate rpc_rqst::rq_bc_pa_list under xprt->bc_pa_lock (regression in 3.15) - net: cls_bpf: fix size mismatch on filter preparation - net: cls_bpf: fix auto generation of per list handles - qlge: Fix qlge_update_hw_vlan_features to handle if interface is down (regression in 3.13) - libsas: Fix Kernel Crash in smp_execute_task - ALSA: hda - Fix regression of HD-audio controller fallback modes (regression in 3.11) - can: add missing initialisations in CAN related skbuffs - ftrace: Fix en(dis)able graph caller when en(dis)abling record via sysctl - ftrace: Fix ftrace enable ordering of sysctl ftrace_enabled - [armhf] imx6qdl-sabresd: set swbst_reg as vbus's parent reg - [armhf] imx6sl-evk: set swbst_reg as vbus's parent reg - xen-pciback: limit guest control of command register (CVE-2015-2150) - drm/vmwgfx: Reorder device takedown somewhat - ALSA: control: Add sanity checks for user ctl id name string - Revert "i2c: core: Dispose OF IRQ mapping at client removal time" (regression in 3.16.7-ckt2) - nilfs2: fix deadlock of segment constructor during recovery (regression in 3.16.7-ckt7) - clk: divider: fix calculation of maximal parent rate for a given divider (regression in 3.15) - [sparc*] Fix several bugs in memmove(). - net: sysctl_net_core: check SNDBUF and RCVBUF for min length - inet_diag: fix possible overflow in inet_diag_dump_one_icsk() - caif: fix MSG_OOB test in caif_seqpkt_recvmsg() - rxrpc: bogus MSG_PEEK test in rxrpc_recvmsg() - tcp: fix tcp fin memory accounting - net: compat: Update get_compat_msghdr() to match copy_msghdr_from_user() behaviour (regression in 3.13) - tcp: make connect() mem charging friendly [ Ian Campbell ] * Initialise framebuffer console earlier. (Closes: #779935) * [xen] Enable Xen MCE log support. (Closes: #779698) * [armhf] mvebu: do not register custom DMA operations when coherency is disabled (Closes: #780858) * [armhf] Enable power control on various sunxi platforms, enable MFD_AXP20X and REGULATOR_AXP20X and adding the necessary DTB nodes. (Closes: #781576) [ Ben Hutchings ] * [armel/kirkwood] linux-image: Add versioned Breaks against flash-kernel, to ensure that an FDT is appended to the image if needed (Closes: #781193) * Revert "quota: Store maximum space limit in bytes" to avoid ABI change * IB/core: Prevent integer overflow in ib_umem_get address arithmetic (CVE-2014-8159) * Btrfs: make xattr replace operations atomic (CVE-2014-9710) * ext4: fix ZERO_RANGE bug hidden by flag aliasing * ext4: fix accidental flag aliasing in ext4_map_blocks flags * ext4: allocate entire range in zero range (CVE-2015-0275) * [x86] microcode/intel: Guard against stack overflow in the loader (CVE-2015-2666) * ipv6: Don't reduce hop limit for an interface (CVE-2015-2922) * [powerpc/powerpc64,ppc64] Disable THERM_PM72 and enable its replacements WINDFARM_PM72 and WINDFARM_RM31 as modules. Update the udeb config accordingly. Thanks to Milan Kupcevic. (Closes: #781934) * psmouse: Add support for FocalTech touchpads, thanks to Rafal Ramocki (Closes: #780971) * [x86] drm/i915: Add limited color range readout for HDMI/DP ports on g4x/vlv/chv (Closes: #775217) * HID: thingm: fix workqueue race on remove (Closes: #780055) * [x86] Disable X86_VERBOSE_BOOTUP (Closes: #781953) * eMMC: Don't initialize partitions on RPMB flagged areas (Closes: #782038) * [x86] powercap / RAPL: change domain detection message (Closes: #781418) * procfs: Avoid ABI change in 3.16.7-ckt8 * [powerpc/powerpc] udeb: Add fb-modules package containing radeonfb driver (Closes: #782058) -- Ben Hutchings Wed, 08 Apr 2015 01:03:08 +0100 linux (3.16.7-ckt7-1) unstable; urgency=medium * New upstream stable update: http://kernel.ubuntu.com/stable/ChangeLog-3.16.7-ckt5 - [x86] vdso: Use asm volatile in __getcpu - SCSI: fix regression in scsi_send_eh_cmnd() (regression in 3.16) - Btrfs: don't delay inode ref updates during log replay (regression in 3.16.7) - mm: propagate error from stack expansion even for guard page - vfio-pci: Fix the check on pci device type in vfio_pci_probe() - rpc: fix xdr_truncate_encode to handle buffer ending on page boundary (regression in 3.16) - [arm64] efi: add missing call to early_ioremap_reset() (regression in 3.16) - exit: fix race between wait_consider_task() and wait_task_zombie() (regression in 3.15) - mm: prevent endless growth of anon_vma hierarchy - mm: protect set_page_dirty() from ongoing truncation - mm, vmscan: prevent kswapd livelock due to pfmemalloc-throttled process being killed - sched/deadline: Fix migration of SCHED_DEADLINE tasks - HID: roccat: potential out of bounds in pyra_sysfs_write_settings() - mm: Don't count the stack guard page towards RLIMIT_STACK - mm: fix corner case in anon_vma endless growing prevention - [arm*][xen] introduce xen_arch_need_swiotlb - fsnotify: next_i is freed during fsnotify_unmount_inodes. - [armhf] ASoC: eukrea-tlv320: Fix of_node_put() call with uninitialized object (regression in 3.15) - HID: i2c-hid: Do not free buffers in i2c_hid_stop() (regression in 3.15) - ALSA: fireworks: fix an endianness bug for transaction length (regression in 3.16) - [armhf] mtd: nand: omap: Fix NAND enumeration on 3430 LDP (regression in 3.13) - ocfs2: fix the wrong directory passed to ocfs2_lookup_ino_from_name() when link file (regression in 3.14) - [powerpc*] Fix bad NULL pointer check in udbg_uart_getc_poll() (regression in 3.12) - nilfs2: fix the nilfs_iget() vs. nilfs_new_inode() races - [armhf] OMAP4: PM: Only do static dependency configuration in omap4_init_static_deps (regression in 3.11) - [armel,armhf] Revert "ARM: 7830/1: delay: don't bother reporting bogomips in /proc/cpuinfo" (regression in 3.12) - gre: fix the inner mac header in nbma tunnel xmit path (regression in 3.16.7-ckt3) - netlink: Always copy on mmap TX. - netlink: Don't reorder loads/stores before marking mmap netlink frame as available - batman-adv: Unify fragment size calculation (regression in 3.13) - batman-adv: avoid NULL dereferences and fix if check (regression in 3.13) - net: Fix stacked vlan offload features computation - net: Reset secmark when scrubbing packet - xen-netback: fixing the propagation of the transmit shaper timeout (regression in 3.16) - team: avoid possible underflow of count_pending value for notify_peers and mcast_rejoin (regression in 3.12) - usb: gadget: gadgetfs: Free memory allocated by memdup_user() (regression in 3.15) - iwlwifi: mvm: fix Rx with both chains (regression in 3.16) - LOCKD: Fix a race when initialising nlmsvc_timeout (regression in 3.11) - NFSv4.1: Fix client id trunking on Linux - vhost-scsi: Add missing virtio-scsi -> TCM attribute conversion - xhci: Check if slot is already in default state before moving it there (regression in 3.14) - USB: console: fix uninitialised ldisc semaphore (regression in 3.12) - USB: console: fix potential use after free - [armhf] usb: dwc3: gadget: Fix TRB preparation during SG - [x86] ftrace/jprobes: Fix conflict between jprobes and function graph tracing - clk: Don't try to use a struct clk* after it could have been freed - [x86] drm/i915: Evict CS TLBs between batches - [xen] Revert "swiotlb-xen: pass dev_addr to swiotlb_tbl_unmap_single" (regression in 3.16.7-ckt4) http://kernel.ubuntu.com/stable/ChangeLog-3.16.7-ckt6 - ipvs: uninitialized data with IP_VS_IPV6 - netfilter: nfnetlink: validate nfnetlink header from batch - time: settimeofday: Validate the values of tv from user - drm/radeon: fix VM flush on cayman/aruba (v3) - drm/radeon: fix VM flush on SI (v3) - drm/radeon: fix VM flush on CIK (v3) - drm/radeon: add a dpm quirk list (regression around 3.14) - can: dev: fix crtlmode_supported check - can: kvaser_usb: Don't free packets when tight on URBs - drm/radeon: use rv515_ring_start on r5xx (regression in 3.12) - PCI: Mark Atheros AR93xx to avoid bus reset (regression in 3.14) - [x86] PCI: Clip bridge windows to fit in upstream windows (regression in 3.16) - [armhf] mvebu: completely disable hardware I/O coherency - cifs: fix deadlock in cifs_ioctl_clone() - ipr: wait for aborted command responses - libata: allow sata_sil24 to opt-out of tag ordered submission (regression in 3.14.4, 3.15) - [media] vb2: fix vb2_thread_stop race conditions - [i386/586] apic: Re-enable PCI_MSI support for non-SMP X86_32 (regression in 3.12) - dm cache: share cache-metadata object across inactive and active DM tables - dm cache: fix problematic dual use of a single migration count variable - Input: evdev - fix EVIOCG{type} ioctl - tty: Fix pty master poll() after slave closes v2 (regression in 3.12) - [armhf] bus: omap_l3_noc: Add resume hook to restore context (regression in 3.16) - decompress_bunzip2: off by one in get_next_block() - kbuild: Fix removal of the debian/ directory (regression in 3.16) - mm: get rid of radix tree gfp mask for pagecache_get_page (regression in 3.16) - regulator: core: fix race condition in regulator_put() - ASoC: simple-card: Fix crash in asoc_simple_card_unref() (regression in 3.15) - [ppc64el] xmon: Fix another endiannes issue in RTAS call from xmon - nfs: fix dio deadlock when O_DIRECT flag is flipped - mac80211: properly set CCK flag in radiotap (regression in 3.12) - [x86] drm/i915: Only fence tiled region of object. - can: kvaser_usb: Do not sleep in atomic context - can: kvaser_usb: Send correct context to URB completion - rbd: fix rbd_dev_parent_get() when parent_overlap == 0 - rbd: drop parent_ref in rbd_dev_unprobe() unconditionally - dm cache: fix missing ERR_PTR returns and handling - dm thin: don't allow messages to be sent to a pool target in READ_ONLY or FAIL mode - [armhf] mvebu: don't set the PL310 in I/O coherency mode when I/O coherency is disabled - vm: add VM_FAULT_SIGSEGV handling support - vm: make stack guard page errors return VM_FAULT_SIGSEGV rather than SIGBUS - perf: Tighten (and fix) the grouping condition - iwlwifi: mvm: drop non VO frames when flushing (regression in 3.16) - memcg: remove extra newlines from memcg oom kill log (regression in 3.15) - ipv4: try to cache dst_entries which would cause a redirect (regression in 3.16) (CVE-2015-1465) http://kernel.ubuntu.com/stable/ChangeLog-3.16.7-ckt7 - [ppc64el] powerpc: add little endian flag to syscall_get_arch() - [arm64] Fix up /proc/cpuinfo - cifs: Complete oplock break jobs before closing file handle (regression in 3.15) - [arm64,or1k] lib/checksum.c: fix carry in csum_tcpudp_nofold - [mips*] Fix kernel lockup or crash after CPU offline/online - md/raid5: fix another livelock caused by non-aligned writes. (regression in 3.16) - drm/radeon: fix PLLs on RS880 and older v2 (regression in 3.15) (Closes: #770790) - [armhf/armmp-lpae] 8299/1: mm: ensure local active ASID is marked as allocated on rollover - PCI: Handle read-only BARs on AMD CS553x devices (regression in 3.16.7-ckt4) - mm: pagewalk: call pte_hole() for VM_PFNMAP during walk_page_range - nilfs2: fix deadlock of segment constructor over I_SYNC flag - ip: zero sockaddr returned on error queue - net: rps: fix cpu unplug - ipv6: stop sending PTB packets for MTU < 1280 - udp_diag: Fix socket skipping within chain - ping: Fix race in free in receive path - net: don't OOPS on socket aio - ipv4: tcp: get rid of ugly unicast_sock - ppp: deflate: never return len larger than output buffer - [x86] hyperv: Fix the error processing in netvsc_send() - Bluetooth: ath3k: workaround the compatibility issue with xHCI controller - ceph: introduce global empty snap context - drm/vmwgfx: Don't use memory accounting for kernel-side fence objects - net:socket: set msg_namelen to 0 if msg_name is passed as NULL in msghdr struct from userland. - virtio_pci: defer kfree until release callback [ Ian Campbell ] * [armhf] Add DTB for Olimex A20-OLinuXino-LIME2. (Closes: #777455) * [armhf] Enable CONFIG_BACKLIGHT_GPIO as a module. (Closes: #778783) * [armhf] Enable FB_SIMPLE on sunxi platform, backporting fixes and DTS entries. [ Ben Hutchings ] * shm: add memfd.h to UAPI export list, so kdbus will build * [x86] HPET force enable for e6xx based systems (Closes: #772951) * vfs: read file_handle only once in handle_to_path (CVE-2015-1420) * ASLR: fix stack randomization on 64-bit systems (CVE-2015-1593) * Revert "quota: Switch ->get_dqblk() and ->set_dqblk() to use bytes as space units" to avoid ABI change * rmap: Fix ABI change in 3.16.7-ckt5 * perf: Fix ABI change in 3.16.7-ckt6 * mm: Fix pagecache_get_page() ABI change in 3.16.7-ckt6 * tcp: Fix ABI change in 3.16.7-ckt7 * [x86] ACPI / video: Add disable_native_backlight quirk for various Samsung models and Dell XPS15 L521X (Closes: #772440) * [x86] ALSA: Enable SND_SOC, SND_SOC_INTEL_SST, SND_SOC_INTEL_HASWELL_MACH, SND_SOC_INTEL_BYT_RT5640_MACH, SND_SOC_INTEL_BYT_MAX98090_MACH as modules (Closes: #773835) * arcmsr: Backport changes up to Linux 3.18 (Closes: #698821) * [x86] drm/i915: Quietly reject attempts to create non-pagealigned stolen objects (Closes: #763155) * KEYS: request_key() should reget expired keys rather than give EKEYEXPIRED (Closes: #758870) * drm: Enable DRM_BOCHS, DRM_QXL as modules - qxl: Disable by default, as it is incompatible with wheezy's xserver-xorg-video-qxl. It can be forced to load with module parameter modeset=1. * of.h: Keep extern declaration of of_* variables when !CONFIG_OF (for simplefb) [ Helge Deller ] * [alpha] build debian-installer udeb packages * [hppa] build virtio udeb packages [ Uwe Kleine-König ] * Add support for Bananapro board, thanks Karsten Merker for the patch. (Closes: 779311) -- Ben Hutchings Sun, 01 Mar 2015 15:13:40 +0000 linux (3.16.7-ckt4-3) unstable; urgency=medium [ Ben Hutchings ] * [sh4] ftrace: Remove -m32 option from recordmcount.pl (Closes: #775611) * [x86] Revert "KVM: Fix of previously incomplete fix for CVE-2014-8480" as that issue does not affect 3.16 * [amd64] tls, ldt: Stop checking lm in LDT_empty (regression in 3.16.7-ckt4) * [x86] tls: Interpret an all-zero struct user_desc as "no segment" (regression in 3.16.7-ckt4) * net: sctp: fix slab corruption from use after free on INIT collisions (CVE-2015-1421) [ Ian Campbell ] * [xen] cancel ballooning if adding new memory failed (Closes: #776448) * [arm64] Only use the virtual counter (CNTVCT) on arm64. (Closes: #776957) -- Ben Hutchings Tue, 03 Feb 2015 20:07:06 +0000 linux-tools (3.16-3) unstable; urgency=medium * linux-tools: Fix build configuration to avoid linking perf with libbfd (Closes: #763002) * linux-tools: Add a check that perf is not linked with libbfd * [arm64] Enable building linux-tools, thanks to Steve Capper (Closes: #771340) -- Ben Hutchings Mon, 02 Feb 2015 22:05:59 +0000 linux (3.16.7-ckt4-2) unstable; urgency=medium [ Ian Campbell ] * [arm64] udeb: Remove zlib-modules, as ZLIB_DEFLATE is now built-in (fixes FTBFS) * [xen] Revert "swiotlb-xen: pass dev_addr to swiotlb_tbl_unmap_single" (Closes: #776237) [ Helge Deller ] * [hppa] udeb: Fix duplicate modules in ata-modules, pata-modules (Closes: #770102) * [hppa] Enable CONFIG_PPDEV to avoid CUPS complaining with systemd [ Ben Hutchings ] * crypto: Fix unprivileged arbitrary module loading (CVE-2013-7421, CVE-2014-9644) - prefix module autoloading with "crypto-" - include crypto- module prefix in template - add missing crypto module aliases * [x86] KVM: Fix of previously incomplete fix for CVE-2014-8480 * [x86] KVM: SYSENTER emulation is broken (CVE-2015-0239) -- Ben Hutchings Tue, 27 Jan 2015 03:57:26 +0000 linux (3.16.7-ckt4-1) unstable; urgency=medium * New upstream stable update: http://kernel.ubuntu.com/stable/ChangeLog-3.16.7-ckt3 - [x86] kvm: use alternatives for VMCALL vs. VMMCALL if kernel text is read-only - [sparc*] Fix constraints on swab helpers. - inetdevice: fixed signed integer overflow - ieee802154: fix error handling in ieee802154fake_probe() - bonding: fix curr_active_slave/carrier with loadbalance arp monitoring (regression in 3.14) - pptp: fix stack info leak in pptp_getname() - ipx: fix locking regression in ipx_sendmsg and ipx_recvmsg - net/mlx4_en: Add VXLAN ndo calls to the PF net device ops too (regression in 3.15) - net/mlx4_en: Advertize encapsulation offloads features only when VXLAN tunnel is set (regression in 3.15) - target: Don't call TFO->write_pending if data_length == 0 - vhost-scsi: Take configfs group dependency during VHOST_SCSI_SET_ENDPOINT - iser-target: Handle DEVICE_REMOVAL event on network portal listener correctly - ASoC: dpcm: Fix race between FE/BE updates and trigger - mac80211: Fix regression that triggers a kernel BUG with CCMP (regression in 3.13) - rt2x00: do not align payload on modern H/W - bitops: Fix shift overflow in GENMASK macros - [x86] Require exact match for 'noxsave' command line option - [x86] drm/i915: Kick fbdev before vgacon (regression in 3.16) - can: dev: avoid calling kfree_skb() from interrupt context - [x86] mm: Set NX across entire PMD at boot - of: Fix crash if an earlycon driver is not found - btrfs: fix lockups from btrfs_clear_path_blocking - [i386/686-pae,armhf/armmp-lpae] PCI: Support 64-bit bridge windows if we have 64-bit dma_addr_t (regression in 3.14) - ACPI / PM: Ignore wakeup setting if the ACPI companion can't wake up (regression in 3.13) - drm/radeon: fix endian swapping in vbios fetch for tdp table - Bluetooth: Fix endian and alignment issue with ath3k version handling - nfs: Don't busy-wait on SIGKILL in __nfs_iocounter_wait - [armhf] 8109/1: mm: Modify pte_write and pmd_write logic for LPAE - aio: fix incorrect dirty pages accouting when truncating AIO ring buffer (regression in 3.12) - [armel,armhf] mvebu: add missing of_node_put() call in coherency.c (regression in 3.16) - iio: Fix IIO_EVENT_CODE_EXTRACT_DIR bit mask - spi: Fix mapping from vmalloc-ed buffer to scatter list - SUNRPC: Fix locking around callback channel reply receive - nfsd: Fix slot wake up race in the nfsv4.1 callback code - bnx2fc: do not add shared skbs to the fcoe_rx_list - Revert "xhci: clear root port wake on bits if controller isn't wake-up capable" (regression in 3.16) - usb: xhci: rework root port wake bits if controller isn't allowed to wakeup - ixgbe: Correctly disable VLAN filter in promiscuous mode (regression in 3.16) - ixgbe: fix use after free adapter->state test in ixgbe_remove/ixgbe_probe (regression in 3.15) - ALSA: hda - Limit 40bit DMA for AMD HDMI controllers - PCI/MSI: Add device flag indicating that 64-bit MSIs don't work - gpu/radeon: Set flag to indicate broken 64-bit MSI - sound/radeon: Move 64-bit MSI quirk from arch to driver - [powerpc*] pseries: Honor the generic "no_64bit_msi" flag - [mips*] fix EVA & non-SMP non-FPU FP context signal handling (regression in 3.15) - [x86] drm/i915: Ignore SURFLIVE and flip counter when the GPU gets reset (regression in 3.16) - [powerpc*] 32 bit getcpu VDSO function uses 64 bit instructions - [armhf] 8222/1: mvebu: enable strex backoff delay - [armel,armhf] 8226/1: cacheflush: get rid of restarting block - btrfs: zero out left over bytes after processing compression streams - [armhf] net: sun4i-emac: fix memory leak on bad packet - [armhf] i2c: omap: fix NACK and Arbitration Lost irq handling - [media] s2255drv: fix payload size for JPG, MJPEG (regression in 3.15) - nouveau: move the hotplug ignore to correct place. (regression in 3.16.4) - mm: frontswap: invalidate expired data on a dup-store failure - mm/vmpressure.c: fix race in vmpressure_work_fn() - xen-netfront: Remove BUGs on paged skb data which crosses a page boundary - drivers/input/evdev.c: don't kfree() a vmalloc address (regression in 3.13) - mm: fix anon_vma_clone() error treatment (regression in 3.12) - ip_tunnel: the lack of vti_link_ops' dellink() cause kernel panic - vxlan: Fix race condition between vxlan_sock_add and vxlan_sock_release - bond: Check length of IFLA_BOND_ARP_IP_TARGET attributes - gre: Set inner mac header in gro complete (regression in 3.16.7-ckt1) - [mips*] bpf: Fix broken BPF_MOD http://kernel.ubuntu.com/stable/ChangeLog-3.16.7-ckt4 - [x86] drm/i915: don't warn if backlight unexpectedly enabled (Closes: #757805) - [x86] drm/i915/dp: only use training pattern 3 on platforms that support it (regression in 3.15) - btrfs: don't go readonly on existing qgroup items - writeback: fix a subtle race condition in I_DIRTY clearing - [s390*] KVM: flush CPU on load control - UBI: Fix double free after do_sync_erase() - [x86] Drivers: hv: util: make struct hv_do_fcopy match Hyper-V host messages (regression for amd64 in 3.16.7) - Drivers: hv: vmbus: Fix a race condition when unregistering a device - misc: genwqe: check for error from get_user_pages_fast() - drbd: merge_bvec_fn: properly remap bvm->bi_bdev - PCI: Restore detection of read-only BARs - scsi: correct return values for .eh_abort_handler implementations - genhd: check for int overflow in disk_expand_part_tbl() - Btrfs: make sure we wait on logged extents when fsycning two subvols - Btrfs: make sure logged extents complete in the current transaction V3 - Btrfs: do not move em to modified list when unpinning - [armhf] mvebu: disable I/O coherency on non-SMP situations on Armada 370/375/38x/XP - nfs41: fix nfs4_proc_layoutget error handling - USB: cdc-acm: check for valid interfaces - HID: i2c-hid: fix race condition reading reports - [armhf] mfd: twl4030-power: Fix regression with missing compatible flag (regression in 3.16) - [armhf] serial: samsung: wait for transfer completion before clock disable - n_tty: Fix read_buf race condition, increment read_head after pushing data (regression in 3.12) - dm cache: only use overwrite optimisation for promotion when in writeback mode - dm cache: dirty flag was mistakenly being cleared when promoting via overwrite - dm bufio: fix memleak when using a dm_buffer's inline bio - iwlwifi: dvm: fix flush support for old firmware (regression in 3.16.7-ckt1) - iwlwifi: mvm: update values for Smart Fifo (regression in 3.14) - iommu/vt-d: Fix an off-by-one bug in __domain_mapping() - dm crypt: use memzero_explicit for on-stack buffer - mnt: Implicitly add MNT_NODEV on remount when it was implicitly added by mount (regression in 3.16.3) - umount: Disallow unprivileged mount force - md/raid5: fetch_block must fetch all the blocks handle_stripe_dirtying wants. - [x86] drm/i915: Only warn the first time we attempt to mmio whilst suspended (regression in 3.15) - drm/vmwgfx: Fix error printout on signals pending - drm/radeon: check the right ring in radeon_evict_flags() - swiotlb-xen: pass dev_addr to xen_dma_unmap_page and xen_dma_sync_single_for_cpu - [armhf/armmp] swiotlb-xen: remove BUG_ON in xen_bus_to_phys - swiotlb-xen: call xen_dma_sync_single_for_device when appropriate - swiotlb-xen: pass dev_addr to swiotlb_tbl_unmap_single - [powerpc] book3s: Fix partial invalidation of TLBs in MCE code. - [armhf] clocksource: arch_timer: Fix code to use physical timers when requested (regression in 3.11) - userns: Prevent evasion of group negative permissions through a userns (CVE-2014-8989): + Don't allow setgroups until a gid mapping has been setablished + Don't allow unprivileged creation of gid mappings + Add a knob to disable setgroups on a per user namespace basis + Allow setting gid_maps without privilege when setgroups is disabled - KEYS: Fix stale key registration at error path - blk-mq: Fix a use-after-free - blk-mq: Fix a race between bt_clear_tag() and bt_get() - nfsd4: fix xdr4 count of server in fs_location4 (regression in 3.16) - [x86] drm/i915: Don't complain about stolen conflicts on gen3 (regression in 3.12) - [x86] kvm: Clear paravirt_enabled on KVM guests for espfix32's benefit (CVE-2014-8134) - blk-mq: Fix uninitialized kobject at CPU hotplugging - ncpfs: return proper error from NCP_IOC_SETROOT ioctl - [armhf] rtc: omap: fix clock-source configuration (regression in 3.16) - exit: pidns: alloc_pid() leaks pid_namespace if child_reaper is exiting - [amd64] switch_to(): Load TLS descriptors before switching DS and ES (CVE-2014-9419) - [x86] KVM: nVMX: Disable unrestricted mode if ept=0 (regression in 3.13) - [x86] KVM: em_ret_far overrides cpl (follow-up to CVE-2014-3647 fix) - pstore-ram: Fix hangs by using write-combine mappings - HID: i2c-hid: prevent buffer overflow in early IRQ - mac80211: fix multicast LED blinking and counter (regression in 3.16.7-ckt2) - cfg80211: avoid mem leak on driver hint set - nl80211: check matches array length before acessing it - cfg80211: don't WARN about two consecutive Country IE hint (regression in 3.14) - tracing/sched: Check preempt_count() for current when reading task->state (regression in 3.13) - [x86] tls: Validate TLS entries to protect espfix (CVE-2014-8133) - [x86] tls: Disallow unusual TLS segments - isofs: Fix infinite looping over CE entries (CVE-2014-9420) - mac80211: free management frame keys when removing station - ceph: do_sync is never initialized (regression in 3.12) - mnt: Fix a memory stomp in umount (regression in 3.14) - ocfs2: fix journal commit deadlock - md/bitmap: always wait for writes on unplug. - [armhf] mmc: omap_hsmmc: Fix UHS card with DDR50 support (regression in 3.16) - [x86] mmc: sdhci-pci-o2micro: Fix Dell E5440 issue (regression in 3.14) - dm space map metadata: fix sm_bootstrap_get_nr_blocks() - dm thin: fix a race in thin_dtr - eCryptfs: Force RO mount when encrypted view is enabled - eCryptfs: Remove buggy and unnecessary write in file name decode routine - tcm_loop: Fix wrong I_T nexus association - Btrfs: fix fs corruption on transaction abort if device supports discard - [x86] perf/intel/uncore: Make sure only uncore events are collected - perf: Fix events installation during moving group - iscsi,iser-target: Initiate termination only once (regression in 3.16.4) - iser-target: Fix flush + disconnect completion handling - iser-target: Parallelize CM connection establishment - iser-target: Fix connected_handler + teardown flow race - iser-target: Handle ADDR_CHANGE event for listener cm_id - iser-target: Fix implicit termination of connections - iser-target: Allocate PI contexts dynamically - iser-target: Fix NULL dereference in SW mode DIF - iscsi,iser-target: Expose supported protection ops according to t10_pi - genirq: Prevent proc race against freeing of irq descriptors - [powerpc] powernv: Switch off MMU before entering nap/sleep/rvwinkle mode - [x86] storvsc: ring buffer failures may result in I/O freeze - iscsi-target: Fail connection on short sendmsg writes - [x86] drm/i915: Invalidate media caches on gen7 - [x86] drm/i915: Force the CS stall for invalidate flushes - dm thin: fix inability to discard blocks when in out-of-data-space mode - dm thin: fix missing out-of-data-space to write mode transition if blocks are released - dm: fix missed error code if .end_io isn't implemented by target_type - [armhf] i2c: mv64xxx: rework offload support to fix several problems (regression in 3.12) - [x86] tls: Don't validate lm in set_thread_area() after all - ALSA: usb-audio: extend KEF X300A FU 10 tweak to Arcam rPAC - tick/powerclamp: Remove tick_nohz_idle abuse - audit: don't attempt to lookup PIDs when changing PID filtering audit rules (regression in 3.15) - audit: use supplied gfp_mask from audit_buffer in kauditd_send_multicast_skb (regression in 3.16) - [arm64] kernel: fix __cpu_suspend mm switch on warm-boot - audit: restore AUDIT_LOGINUID unset ABI (regression in 3.10) - Btrfs: fix loop writing of async reclaim - isofs: Fix unchecked printing of ER records (CVE-2014-9584) - crypto: af_alg - fix backlog handling - udf: Check path length when reading symlink - udf: Verify i_size when loading inode - udf: Verify symlink size before loading it - udf: Check component length before reading it - [x86] platform/chrome: chromeos_laptop - Add support for Acer C720 (Closes: #774209) - batman-adv: Calculate extra tail size based on queued fragments (Closes: #774155) (CVE-2014-9428) - vfs: move d_rcu from overlapping d_child to overlapping d_alias - vfs: deal with deadlock in d_walk() (CVE-2014-8559) - KEYS: close race between key lookup and freeing (CVE-2014-9529) [ Ben Hutchings ] * [sh4] Build with gcc-4.8 (Closes: #772602) * Fix inconsistent ABI name generation in debian/bin/{abiupdate,buildcheck,gencontrol}.py (Closes: #773233) * iov: Revert unwanted ABI 'fix' in 3.16.7-ckt2-1 * [armel,armhf] thread_info: Fix ABI change in 3.16.7-ckt3 * PCI: Fix ABI change in 3.16.7-ckt3 * Ignore some ABI changes that don't appear to affect OOT modules: - Removal of __add_pages(), __remove_pages(), of_device_is_stdout_path(), clk_divider_ro_ops, tick_nohz_idle_enter, tick_nohz_idle_exit - Changes to ASoC functions * [arm64] Enable PSTORE as built-in and EFI_VARS_PSTORE as module; ensure efivars and efi-pstore are loaded on EFI systems (Closes: #773309) * hwmon: Enable SENSORS_NCT6683 as module (Closes: #774372) * udeb: Add i2c-designware-{core,platform} to i2c-modules and i2c-hid to input-modules (Closes: #772578) * [x86] ACPI / video: Run _BCL before deciding registering backlight (regression in 3.16) (Closes: #762285) * [amd64] Enable EFI_MIXED to support Bay Trail systems * efi: Expose underlying UEFI firmware platform size to userland, to support installation on Bay Trail systems (Closes: #775191) * vfs: Changes for compatibility with CVE-2014-8559 fix: - aufs: move d_rcu from overlapping d_child to overlapping d_alias - vfs: Avoid ABI change for dentry union changes * [powerpc/powerpc{,-smp}] video/fb: Change FB_RADEON back to module (Closes: #748398) (thanks to John Paul Adrian Glaubitz for thoroughly testing this change) * userns: Fix ABI change in 3.16.7-ckt4 * netfilter: conntrack: disable generic tracking for known protocols (CVE-2014-8160) * [amd64] vdso: Fix the vdso address randomization algorithm (CVE-2014-9585) [ Ian Campbell ] * [armhf] Enable support for support OMAP5432 uEVM by enabling: TI_SOC_THERMAL, MFD_PALMAS, REGULATOR_PALMAS, REGULATOR_PBIAS, REGULATOR_TI_ABB, PINCTRL_PALMAS, GPIO_PALMAS, RTC_DRV_PALMAS, OMAP5_DSS_HDMI, DISPLAY_ENCODER_TPD12S015, DISPLAY_CONNECTOR_HDMI, USB_DWC3_OMAP, EXTCON_PALMAS, TI_EMIF and DDR. Based on a patch from Chen Baozi (Closes: #772953) * [armel] Change configuration to reduce kernel image size - Warn if image size leaves less than 1% spare capacity in the flash. This allows some slack for growth over the lifetime of a stable release. - [/kirkwood] Disable RD_LZO and RD_LZ4 - [/kirkwood] mm: Disable KSM - [/kirkwood] Disable CHECKPOINT_RESTORE - [/kirkwood] Disable ZSMALLOC - [/kirkwood] Disable CRYPTO_FIPS - [/kirkwood] Disable NET_MPLS_GSO - [/kirkwood] Disable NETLINK_MMAP - [/kirkwood] Disable PROFILING - [/kirkwood] Disable BPF_JIT - [/kirkwood] Disable KPROBES - [/ixp4xx,orion5x]: Disable RD_LZO - [/ixp4xx,orion5x]: Disable PROFILING - [/orion5x]: Make SERIO and dependants modular * [arhmf] Add device-tree for LinkSprite pcDuino V3. Patch from Karsten Merker (Closes: #774067) * [xen] More netback fixes (including reintroducing support for feature-rx-notify, which was regressed by the fix to #767261). * Disable TSO in mv643xx_eth driver by default again, since previous fix appears to not work on all platforms (Closes: #764162). -- Ben Hutchings Fri, 16 Jan 2015 00:15:12 +0000 linux (3.16.7-ckt2-1) unstable; urgency=high * New upstream stable update: http://kernel.ubuntu.com/stable/ChangeLog-3.16.7-ckt1 - drm/tilcdc: Fix the error path in tilcdc_load() - usb: phy: return -ENODEV on failure of try_module_get - PM / clk: Fix crash in clocks management code if !CONFIG_PM_RUNTIME - rt2x00: support Ralink 5362. - wireless: rt2x00: add new rt2800usb devices - NFS: Fix /proc/fs/nfsfs/servers and /proc/fs/nfsfs/volumes - nfs: fix duplicate proc entries - mm: page_alloc: fix zone allocation fairness on UP - ext4: check EA value offset when loading - jbd2: free bh when descriptor block checksum fails - ext4: don't check quota format when there are no quota files - target: Fix queue full status NULL pointer for SCF_TRANSPORT_TASK_SENSE - vfs: fix data corruption when blocksize < pagesize for mmaped data - ext4: fix mmap data corruption when blocksize < pagesize - ext4: grab missed write_count for EXT4_IOC_SWAP_BOOT - qla_target: don't delete changed nacls - target: Fix APTPL metadata handling for dynamic MappedLUNs - iser-target: Disable TX completion interrupt coalescing - ext4: don't orphan or truncate the boot loader inode - ext4: add ext4_iget_normal() which is to be used for dir tree lookups - ext4: fix reservation overflow in ext4_da_write_begin - ext4: Replace open coded mdata csum feature to helper function - ext4: move error report out of atomic context in ext4_init_block_bitmap() - ext4: check s_chksum_driver when looking for bg csum presence - drm/radeon: fix speaker allocation setup - drm/radeon: use gart memory for DMA ring tests - random: add and use memzero_explicit() for clearing data - freezer: Do not freeze tasks killed by OOM killer - OOM, PM: OOM killed task shouldn't escape PM suspend - [mips*/loongson-2f] loongson2_cpufreq: Fix CPU clock rate setting mismerge - drm/cirrus: bind also to qemu-xen-traditional - cpufreq: intel_pstate: Fix setting max_perf_pct in performance policy - cpufreq: expose scaling_cur_freq sysfs file for set_policy() drivers - cpufreq: intel_pstate: Reflect current no_turbo state correctly - [x86] intel_pstate: Don't lose sysfs settings during cpu offline - [x86] intel_pstate: Fix BYT frequency reporting - [x86] intel_pstate: Correct BYT VID values. - [x86] kvm: don't kill guest on unknown exit reason - kvm: fix excessive pages un-pinning in kvm_iommu_map error path. (CVE-2014-8369) - vfs: be careful with nd->inode in path_init() and follow_dotdot_rcu() - pstore: Fix duplicate {console,ftrace}-efi entries - [x86] bpf_jit: fix two bugs in eBPF JIT compiler (regression in 3.16) - vxlan: fix a use after free in vxlan_encap_bypass - vxlan: using pskb_may_pull as early as possible - vxlan: fix a free after use - ipv4: dst_entry leak in ip_send_unicast_reply() - ipv4: fix a potential use after free in ip_tunnel_core.c (regression in 3.11) - net: tso: fix unaligned access to crafted TCP header in helper API - [x86] hyperv: Fix the total_data_buflen in send path - tcp: md5: do not use alloc_percpu() - macvlan: fix a race on port dismantle and possible skb leaks (regression in 3.16) - net/mlx4_en: Don't attempt to TX offload the outer UDP checksum for VXLAN (regression in 3.14) - gre: Use inner mac length when computing tunnel length (regression in 3.14) - [armhf] spi: pl022: Fix incorrect dma_unmap_sg - mac80211: fix typo in starting baserate for rts_cts_rate_idx - staging: comedi: (regression) channel list must be set for COMEDI_CMD ioctl (regression in 3.15) - nfsd4: fix response size estimation for OP_SEQUENCE (regression in 3.16) - quota: Properly return errors from dquot_writeback_dquots() - i3200_edac: Report CE events properly - i82860_edac: Report CE events properly - cpc925_edac: Report UE events properly - e7xxx_edac: Report CE events properly - scsi: Fix error handling in SCSI_IOCTL_SEND_COMMAND - usb: serial: ftdi_sio: add "bricked" FTDI device PID - [armhf] Revert "usb: dwc3: dwc3-omap: Disable/Enable only wrapper interrupts in prepare/complete" (regression in 3.16) - usb: gadget: f_fs: remove redundant ffs_data_get() (regression in 3.14) - [armhf] usb: ffs: fix regression when quirk_ep_out_aligned_size flag is set (regression in 3.15) - [armhf] usb: musb: dsps: start OTG timer on resume again (regression in 3.16.6) - usb: gadget: udc: core: fix kernel oops with soft-connect - nfsd4: fix crash on unknown operation number - Revert "iwlwifi: mvm: treat EAPOLs like mgmt frames wrt rate" (regression in 3.16.4) - [armhf] usb: dwc3: gadget: Properly initialize LINK TRB - posix-timers: Fix stack info leak in timer_create() - futex: Fix a race condition between REQUEUE_PI and task death - ALSA: bebob: Uninitialized id returned by saffirepro_both_clk_src_get - PM / Sleep: fix async suspend_late/freeze_late error handling (regression in 3.15) - Revert "block: all blk-mq requests are tagged" (regression in 3.16) - ALSA: pcm: Zero-clear reserved fields of PCM status ioctl in compat mode - zap_pte_range: update addr when forcing flush after TLB batching faiure - staging: comedi: fix memory leak / bad pointer freeing for chanlist (regression in 3.15) - [x86] drm/i915: Ignore VBT backlight check on Macbook 2, 1 (regression in 3.15) - [i386/686-pae] pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE - [x86] ACPI / EC: Fix regression due to conflicting firmware behavior between Samsung and Acer. (regression in 3.16.3) - mm: free compound page with correct order - lib/bitmap.c: fix undefined shift in __bitmap_shift_{left|right}() - ext4: fix overflow when updating superblock backups after resize - ext4: fix oops when loading block bitmap failed - ext4: enable journal checksum when metadata checksum feature enabled - ext4: prevent bugon on race between write/fcntl - ext4: bail out from make_indexed_dir() on first error - PCI: Rename sysfs 'enabled' file back to 'enable' (regression in 3.13) - fs: allow open(dir, O_TMPFILE|..., 0) with mode 0 - [arm*] tracing/syscalls: Ignore numbers outside NR_syscalls' range - nfs: fix kernel warning when removing proc entry http://kernel.ubuntu.com/stable/ChangeLog-3.16.7-ckt2 - rbd: Fix error recovery in rbd_obj_read_sync() - regulator: max77693: Fix use of uninitialized regulator config - xhci: no switching back on non-ULT Haswell (regression in 3.12) - Btrfs: fix kfree on list_head in btrfs_lookup_csums_range error cleanup - ocfs2: fix breakage in o2net_send_tcp_msg() (regression in 3.15) - [armhf] phy: omap-usb2: Enable runtime PM of omap-usb2 phy properly (regression in 3.16) - USB: cdc-acm: add quirk for control-line state requests (regression in 3.16) - sysfs: driver core: Fix glue dir race condition by gdp_mutex - drm/nouveau: make sure display hardware is reinitialised on runtime resume (regression in 3.15) - drm/nv50/disp: fix dpms regression on certain boards - drm/nouveau/bios: memset dcb struct to zero before parsing - GFS2: Make rename not save dirent location (regression in 3.14) - netfilter: ipset: off by one in ip_set_nfnl_get_byindex() - netfilter: nf_tables: check for NULL in nf_tables_newchain pcpu stats allocation (regression in 3.16) - netfilter: nfnetlink_log: fix maximum packet length logged to userspace - netfilter: nft_compat: fix wrong target lookup in nft_target_select_ops() - mmc: core: sdio: Fix unconditional wake_up_process() on sdio thread (regression in 3.16) - mmc: don't request CD IRQ until mmc_start_host() - fs: make cont_expand_zero interruptible - UBIFS: fix a race condition - [x86] fpu: __restore_xstate_sig()->math_state_restore() needs preempt_disable() - [x86] fpu: shift drop_init_fpu() from save_xstate_sig() to handle_signal() - perf: Fix unclone_ctx() vs. locking - evm: properly handle INTEGRITY_NOXATTRS EVM status - [alpha] vfs: missing data dependency barrier in prepend_name() - jffs2: kill wbuf_queued/wbuf_dwork_lock - fix misuses of f_count() in ppp and netlink - sched: Use dl_bw_of() under RCU read lock - [s390*] topology: call set_sched_topology early - [armhf] mfd: ti_am335x_tscadc: Fix TSC operation after ADC continouous mode (regression in 3.14) - [armhf] mfd: ti_am335x_tscadc: Fix TSC resume (regression in 3.14) - selinux: fix inode security list corruption - blk-mq: fix potential hang if rolling wakeup depth is too high (regression in 3.16) - block: fix alignment_offset math that assumes io_min is a power-of-2 - drm/nouveau/gpio: rename g92 class to g94 (regression in 3.16) - [x86] drm/i915: Do not leak pages when freeing userptr objects - media: v4l2-common: fix overflow in v4l_bound_align_image() - sched: Use rq->rd in sched_setaffinity() under RCU read lock - [powerpc*] use device_online/offline() instead of cpu_up/down() (regression in 3.11) - xen-blkback: fix leak on grant map error path - net: skb_fclone_busy() needs to detect orphaned skb (regression in 3.16) - rbd: avoid format-security warning inside alloc_workqueue() - rbd: fix error return code in rbd_dev_device_setup() - media: ttusb-dec: buffer overflow in ioctl (CVE-2014-8884) - dm raid: ensure superblock's size matches device's logical block size - ahci: disable MSI instead of NCQ on Samsung pci-e SSDs on macbooks (Closes: #772435) - mac80211: properly flush delayed scan work on interface removal - [i386] microcode, AMD: Fix early ucode loading on 32-bit (regression in 3.14) - [armhf] mvebu: armada xp: Generalize use of i2c quirk (regression in 3.12) - mac80211: fix use-after-free in defragmentation - iwlwifi: fix RFkill while calibrating (regression in 3.16) - tun: Fix csum_start with VLAN acceleration (regression in 3.12) - macvtap: Fix csum_start when VLAN tags are present - dm thin: grab a virtual cell before looking up the mapping - [x86] KVM: Fix uninitialized op->type for some immediate values - [powerpc*] hwrng: pseries - port to new read API and fix stack corruption - drm/radeon: set correct CE ram size for CIK - drm/radeon: make sure mode init is complete in bandwidth_update - cpufreq: Avoid crash in resume on SMP without OPP (regresion in 3.12) - [i386] microcode, AMD: Fix ucode patch stashing on 32-bit (regression in 3.14) - [armhf] mfd: twl4030-power: Fix poweroff with PM configuration enabled (regression in 3.16) - [hppa] Use compat layer for msgctl, shmat, shmctl and semtimedop syscalls - tracing: Do not busy wait in buffer splice (regresion in 3.16) - param: fix crash on bad kernel arguments (regression in 3.16) - audit: keep inode pinned - drm/radeon: add locking around atombios scratch space usage - nfs: fix pnfs direct write memory leak - nfs: Fix use of uninitialized variable in nfs_getattr() - NFSv4: Ensure that we remove NFSv4.0 delegations when state has expired - NFSv4.1: nfs41_clear_delegation_stateid shouldn't trust NFS_DELEGATED_STATE - NFSv4: Fix races between nfs_remove_bad_delegation() and delegation return - NFSv4: Ensure that we call FREE_STATEID when NFSv4.x stateids are revoked - NFS: Don't try to reclaim delegation open state if recovery failed - [arm64] efi: Fix stub cache maintenance - [arm64] __clear_user: handle exceptions on strb (CVE-2014-7843) - [arm64] Correct the race condition in aarch64_insn_patch_text_sync() - Fix thinko in iov_iter_single_seg_count - libceph: do not crash on large auth tickets - [armel,armhf] 8191/1: decompressor: ensure I-side picks up relocated code - zram: avoid kunmap_atomic() of a NULL pointer - firewire: cdev: prevent kernel stack leaking into ioctl arguments - md: Always set RECOVERY_NEEDED when clearing RECOVERY_FROZEN (regression in 3.13) - vxlan: Do not reuse sockets for a different address family - net: sctp: fix NULL pointer dereference in af->from_addr_param on malformed packet (CVE-2014-7841) - net: sctp: fix memory leak in auth key management - [armel,m68k] ipv6: fix IPV6_PKTINFO with v4 mapped (regression in 3.15) - netlink: Properly unbind in error conditions. (regression in 3.16) - smsc911x: power-up phydev before doing a software reset. (regression in 3.14) - [sparc*] sunvdc: limit each sg segment to a page - [sparc*] vio: fix reuse of vio_dring slot - drm/radeon: initialize sadb to NULL in the audio code - [x86] KVM: Don't report guest userspace emulation error to userspace - crypto: caam - remove duplicated sg copy functions - audit: correct AUDIT_GET_FEATURE return message type - memory-hotplug: Remove "weak" from memory_block_size_bytes() declaration (regression in 3.14) - [s390*] vmcore: Remove "weak" from function declarations - [s390*] clocksource: Remove "weak" from clocksource_default_clock() declaration - IB/core: Clear AH attr variable to prevent garbage data - [amd64] x32, audit: Fix x32's AUDIT_ARCH wrt audit - [armhf] dts: am335x-evm: Fix 5th NAND partition's name (regression in 3.15) - dell-wmi: Fix access out of memory [ Ben Hutchings ] * [x86] Complete Thunderbolt support on Apple computers (Closes: #768653) - PCI: Add pci_fixup_suspend_late quirk pass - PCI: Suspend/resume quirks for Apple thunderbolt - Enable THUNDERBOLT as module * [amd64] traps: Stop using IST for #SS (CVE-2014-9090) * [amd64] traps: Fix the espfix64 #DF fixup and rewrite it in C * [amd64] traps: Rework bad_iret * [amd64] asm/traps: Disable tracing and kprobes in fixup_bad_iret and sync_regs * Fix ABI changes in iovec, of, perf and truncate * Ignore ABI changes in iwlwifi, KVM and spi-nor * Revert "drivers/net: Disable UFO through virtio" in macvtap and tun. This removes the need to shut down VMs if migrating to a patched host. [ Ian Campbell ] * [xen] Backport various netback fixes (Closes: #767261). * Backport fix for TSO with mv643xx_eth driver, replacing previous workaround (#764162) * [armhf] Increase Ethernet phy startup delay on Banana-Pi. Patch from Karsten Merker (Closes: #767042) * [armhf] Enable FB_SIMPLE, used on some Exynos platforms and elsewhere. * [arm64] Backport various upstream fixes and improvements to the APM X-gene Ethernet driver. * Honour stdout-path from Device Tree, along with supporting any supplied options. (Closes: #770212) * [armhf] Add udeb modules to support video and keyboard for imx6. Patch from Vagrant Cascadian (Closes: #770635) * [device-tree] Reserve memreserve regions even if they partially overlap with an existing reservation. Fixes boot on Midway. * [arm64] Enable reboot on the Xgene platform. -- Ben Hutchings Mon, 08 Dec 2014 20:03:18 +0000 linux (3.16.7-2) unstable; urgency=medium [ Ian Campbell ] * Disable TSO in mv643xx_eth driver by default (Closes: #764162). [ Aurelien Jarno ] * [i386] Rename 486 flavour to 586 for udebs. (Closes: #768288) [ Ben Hutchings ] * [hppa] udeb: Fix modules in multiple packages (Closes: 768297) -- Ben Hutchings Thu, 06 Nov 2014 17:42:26 +0000 linux (3.16.7-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.6 - rtnetlink: fix VF info size (regression in 3.11) - myri10ge: check for DMA mapping errors - Revert "macvlan: simplify the structure port" (regression in 3.16) - tcp: don't use timestamp from repaired skb-s to calculate RTT (v2) (regression in 3.15) - tcp: fix tcp_release_cb() to dispatch via address family for mtu_reduced() - tipc: fix message importance range check (regression in 3.15) - packet: handle too big packets for PACKET_V3 - bnx2x: Revert UNDI flushing mechanism (regression in 3.14) - net: ipv6: fib: don't sleep inside atomic lock (regression in 3.15) - openvswitch: fix panic with multiple vlan headers - ipv6: fix rtnl locking in setsockopt for anycast and multicast - l2tp: fix race while getting PMTU on PPP pseudo-wire (regression in 3.15) - ipv6: restore the behavior of ipv6_sock_ac_drop() - bonding: fix div by zero while enslaving and transmitting (regression in 3.12) - net: filter: fix possible use after free (regression in 3.15) - net: allow macvlans to move to net namespace (regression in 3.13) - macvlan: allow to enqueue broadcast pkt on virtual device (regression in 3.16) - xfrm: Generate blackhole routes only from route lookup functions - xfrm: Generate queueing routes only from route lookup functions - macvtap: Fix race between device delete and open. - net/mlx4_core: Allow not to specify probe_vf in SRIOV IB mode (regression in 3.15) - net/mlx4: Correctly configure single ported VFs from the host (regression in 3.15) - gro: fix aggregation for skb using frag_list (regression in 3.13) - hyperv: Fix bug in netvsc_start_xmit() (potential use-after-free) - team: avoid race condition in scheduling delayed work - hyperv: Fix bug in netvsc_send() (potential use-after-free) - sctp: handle association restarts when the socket is closed. - net_sched: copy exts->type in tcf_exts_change() (regression in 3.14) - crypto: caam - fix addressing of struct member - driver/base/node: remove unnecessary kfree of node struct from unregister_one_node (regression in 3.15) https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.7 - btrfs: wake up transaction thread from SYNC_FS ioctl - Btrfs: fix up bounds checking in lseek - Btrfs: don't do async reclaim during log replay - Btrfs: cleanup error handling in build_backref_tree - Btrfs: fix build_backref_tree issue with multiple shared blocks - Btrfs: fix race in WAIT_SYNC ioctl - fs: Add a missing permission check to do_umount (CVE-2014-7975) - kvm: fix potentially corrupt mmio cache - [x86] kvm,vmx: Preserve CR4 across VM entry (CVE-2014-3690) - be2iscsi: check ip buffer before copying (stack buffer overflow) - mptfusion: enable no_write_same for vmware scsi disks - qla2xxx: fix kernel NULL pointer access (regression in 3.16) (Closes: #764804) - qla2xxx: Fix shost use-after-free on device removal (regression in 3.14) - dmaengine: fix xor sources continuation - [arm64] debug: don't re-enable debug exceptions on return from el1_dbg - mei: bus: fix possible boundaries violation - nfsv4: Fixing lease renewal (regression in 3.13) - lzo: check for length overrun in variable length encoding. - [armhf] tty: omap-serial: fix division by zero - NFSv4: Fix lock recovery when CREATE_SESSION/SETCLIENTID_CONFIRM fails - NFSv4: fix open/lock state recovery error handling - NFSv4.1: Fix an NFSv4.1 state renewal regression - nfsd4: reserve adequate space for LOCK op (regression in 3.16) - NFS: Fix an uninitialised pointer Oops in the writeback error path - NFS: Fix a bogus warning in nfs_generic_pgio (regression in 3.16.4) - iwlwifi: mvm: disable BT Co-running by default - [armel,armhf] PCI: mvebu: Fix uninitialized variable in mvebu_get_tgt_attr() - Revert "ath9k_hw: reduce ANI firstep range for older chips" (regression in 3.15) - fanotify: enable close-on-exec on events' fd when requested in fanotify_init() - futex: Ensure get_futex_key_refs() always implies a barrier (regression in 3.14) - [ppc64el] iommu/ddw: Fix endianness - [arm64] compat: fix compat types affecting struct compat_elf_prpsinfo - ALSA: emu10k1: Fix deadlock in synth voice lookup - ALSA: hda - Add missing terminating entry to SND_HDA_PIN_QUIRK macro - [armhf] mvebu: Netgear RN104: Use Hardware BCH ECC - [armhf] mvebu: Netgear RN2120: Use Hardware BCH ECC - [armhf] mvebu: Netgear RN102: Use Hardware BCH ECC - ecryptfs: avoid to access NULL pointer when write metadata in xattr - xfs: ensure WB_SYNC_ALL writeback handles partial pages correctly - [sparc*] Do not disable interrupts in nmi_cpu_busy() - [sparc*] Fix pcr_ops initialization and usage bugs. - [sparc*] sun4v TLB error power off events - [sparc*] Fix corrupted thread fault code. - [sparc*] find_node adjustment - [sparc*] Let memset return the address argument - [sparc*] bpf_jit: fix support for ldx/stx mem and SKF_AD_VLAN_TAG - [sparc*] bpf_jit: fix loads from negative offsets - [sparc*] Fix FPU register corruption with AES crypto offload. - [sparc*] Do not define thread fpregs save area as zero-length array. - [sparc*] Fix hibernation code refrence to PAGE_OFFSET. - [sparc*] correctly recognise M6 and M7 cpu type - [sparc*] T5 PMU - [sparc*] Switch to 4-level page tables. - [sparc*] Adjust KTSB assembler to support larger physical addresses. - [sparc*] Fix physical memory management regressions with large max_phys_bits. - [sparc*] Use kernel page tables for vmemmap. - [sparc*] Increase MAX_PHYS_ADDRESS_BITS to 53. - [sparc*] sparse irq - [sparc*] Fix register corruption in top-most kernel stack frame during boot. - [sparc*] Implement __get_user_pages_fast(). [ Ben Hutchings ] * [i386] Rename 486 flavour to 586, as it has not worked on 486 processors since we enabled CC_STACKPROTECTOR (Closes: #766105) - Select M586TSC instead of M486 * [x86] r8723au: Backport changes up to Linux 3.17 (Closes: #765685) * mmc_block: Increase max_devices and set MMC_BLOCK_MINORS to 256 (Closes: #765621) * [x86] drm/i915: Initialise userptr mmu_notifier serial to 1 (Closes: #765590) * rtsx_usb_ms: Use msleep_interruptible() in polling loop (Closes: #765717) * Bump ABI to 4 * Add '.0' to the kernel version string (Closes: #742226, #745984) * vfs,fuse: Change iov_iter_get_pages() to take both maxsize and maxpages parameters (Closes: #764285) * lockd: Try to reconnect if statd has moved (Closes: #767219) * m25p80: Fix module device ID table * HID: i2c-hid: call the hid driver's suspend and resume callbacks (Closes: #767204) * [x86] drm/i915: Add some L3 registers to the parser whitelist (Closes: #767148) * wireless: rt2x00: add new rt2800usb device (thanks to Cyril Brulebois) (Closes: #766802) * drivers/net,ipv6: Fix virtio/IPv6 regression in 3.16: - drivers/net: Disable UFO through virtio - drivers/net,ipv6: Select IPv6 fragment idents for virtio UFO packets * [x86] KVM: Check non-canonical addresses upon WRMSR (CVE-2014-3610) * [x86] KVM: Prevent host from panicking on shared MSR writes. (CVE-2014-3610) * [x86] KVM: Improve thread safety in pit (CVE-2014-3611) * [x86] kvm: vmx: handle invvpid vm exit gracefully (CVE-2014-3646) * [x86] KVM: Fix wrong masking on relative jump/call * [x86] KVM: Emulator fixes for eip canonical checks on near branches (CVE-2014-3647) * [x86] KVM: Handle errors when RIP is set during far jumps (CVE-2014-3647) * [x86] KVM: Fix far-jump to non-canonical check * net: sctp: fix skb_over_panic when receiving malformed ASCONF chunks (CVE-2014-3673) * net: sctp: fix panic on duplicate ASCONF chunks (CVE-2014-3687) * net: sctp: fix remote memory pressure from excessive queueing (CVE-2014-3688) * mnt: Prevent pivot_root from creating a loop in the mount tree (CVE-2014-7970) * linux-image: Recommend irqbalance if CONFIG_SMP is enabled (Closes: #577788) * [armhf] leds: Enable LEDS_PWM as module (for Cubox-i) * [x86] Backport Thunderbolt support on Apple computers from 3.17 * [x86] linux-image: Remove lilo from suggested boot loaders * [amd64] linux-image: Add grub-efi to suggested boot loaders * [hppa] Reduce SIGRTMIN from 37 to 32 to behave like other Linux architectures (Closes: #766635) * [hppa] udeb: Add many more module packages (Closes: #766793) * iwlwifi: Backport firmware monitor from 3.17 (Closes: #767088) * bug script: Warn if the running kernel matches the ABI name of the package but is not the installed version [ Mauricio Faria de Oliveira ] * [ppc64el] Disable CONFIG_CMDLINE{,_BOOL} usage for setting consoles (Closes: #764745) [ Uwe Kleine-König ] * [armhf] enable rtc driver for i.MX6 * [armhf] add chipidea usb host driver to usb-modules-$version-armmmp-di for i.MX6 * [armhf] enable PCI and NAND driver for Armada 370 * [armhf] enable RTC, GPIO_PCA953X, SENSORS_G762 and watchdog driver for Netgear ReadyNAS 102/104 [ Ian Campbell ] * [armhf] Build i2c-s3c2410 statically, it is used by the arndale power controller. * [armhf] Backport device tree file for Olimex A20-OLinuXino-LIME. (Closes: #764967) * [armhf] Enable various drivers for the Nokia N900. Patch from Sebastian Reichel. (Closes: #766070) * [arm64] Enable EHCI and OHCI platform USB HCD drivers. * Enable MTD and MTDBLOCK in top-level config. * [armhf] Add mtd-modules udeb. Patch from Uwe Kleine-Koenig. [ Aurelien Jarno ] * [mips*] Backport a hugetlb fix for Octeon from 3.18. * [mips*] Backport math emulation fix for MIPS32r2 from 3.18. * [mips*] Only define MAX_PHYSMEM_BITS on Loongson-3, until a better fix is committed upstream. Fixes Loongson-2 kernel and maybe more. Closes: #764223. * [mips*/octeon] Add support for the UBNT E200 board (EdgeRouter/EdgeRouter Pro 8 port). * [mips*/octeon] Enable SERIAL_8250_DW. Disable KEYBOARD_ATKBD, MOUSE_PS2, SERIO_I8042. * [mips*/octeon] Really enable USB_OCTEON_EHCI and USB_OCTEON_OHCI. Closes: Closes: #762066. -- Ben Hutchings Tue, 04 Nov 2014 09:47:27 +0000 linux (3.16.5-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.4 - module: Clean up ro/nx after early module load failures (regression in 3.16) - [armhf] cpufreq: OPP: Avoid sleeping while atomic - [armhf] drm/tilcdc: Fix various bugs in removal path - drm/ttm: Fix possible stack overflow by recursive shrinker calls. - [x86] drm/i915: Fix crash when failing to parse MIPI VBT (regression in 3.16) - [x86] drm/i915: read HEAD register back in init_ring_common() to enforce ordering (Closes: #763583) - libata: widen Crucial M550 blacklist matching - pata_scc: propagate return value of scc_wait_after_reset - pwm: Fix period and polarity in pwm_get() for non-perfect matches - aio: add missing smp_rmb() in read_events_ring - [arm64] flush TLS registers during exec - [arm64] use irq_set_affinity with force=false when migrating irqs (regression in 3.15) - [arm*] KVM: Nuke Hyp-mode tlbs before enabling MMU - [x86] i2c: ismt: use correct length when copy buffer - ftrace: Use current addr when converting to nop in __ftrace_replace_code() (regression in 3.16) - ALSA: core: fix buffer overflow in snd_info_get_line() - ALSA: firewire-lib/dice: add arrangements of PCM pointer and interrupts for Dice quirk (regression in 3.16) - HID: picolcd: sanity check report size in raw_event() callback (CVE-2014-3186) - HID: magicmouse: sanity check report size in raw_event() callback (CVE-2014-3181) - HID: logitech-dj: prevent false errors to be shown (regression in 3.16.2) - [x86] drm/i915: Skip load detect when intel_crtc->new_enable==true (regression in 3.16) - [x86] drm/i915: fix plane/cursor handling when runtime suspended (regression in 3.14) - [x86] drm/i915: Ignore VBT backlight presence check on Acer C720 (4005U) (regression in 3.15) - [x86] drm/i915: Wait for vblank before enabling the TV encoder (regression in 3.16) - [x86] drm/i915/hdmi: fix hdmi audio state readout (regression in 3.16) - drm/radeon: Add ability to get and change dpm state when radeon PX card is turned off (regression in 3.15) - locks: pass correct "before" pointer to locks_unlink_lock in generic_add_lease - ufs: fix deadlocks introduced by sb mutex merge (regression in 3.16) - USB: serial: fix potential stack buffer overflow - USB: serial: fix potential heap buffer overflow - USB: option: reduce interrupt-urb logging verbosity (regression in 3.16) - [armhf] usb: phy: twl4030-usb: Fix lost interrupts after ID pin goes down (regression in 3.13) - [armhf] usb: phy: twl4030-usb: Fix regressions to runtime PM on omaps (regressions in 3.14, 3.15) - uwb: init beacon cache entry before registering uwb device - usb: hub: take hub->hdev reference when processing from eventlist - USB: EHCI: unlink QHs even after the controller has stopped - Revert "ACPI / battery: fix wrong value of capacity_now reported when fully charged" (regression in 3.16) - [x86] iommu/vt-d: Check return value of acpi_bus_get_device() (regression in 3.15) - [armhf/armmp-lpae] iommu/arm-smmu: fix programming of SMMU_CBn_TCR for stage 1 - cgroup: check cgroup liveliness before unbreaking kernfs (regression in 3.15) - NFSv4: Fix another bug in the close/open_downgrade code (regression in 3.16.2) - nfsd4: fix corruption of NFSv4 read data (regression in 3.16) - nfs: check wait_on_bit_lock err in page_group_lock - nfs: clear_request_commit while holding i_lock - nfs: fix nonblocking calls to nfs_page_group_lock - nfs: use blocking page_group_lock in add_request - nfs: fix error handling in lock_and_join_requests - nfs: don't sleep with inode lock in lock_and_join_requests - nfs: disallow duplicate pages in pgio page vectors - nfs: can_coalesce_requests must enforce contiguity - [armhf] 8129/1: errata: work around Cortex-A15 erratum 830321 using dummy strex - [armhf] 8133/1: use irq_set_affinity with force=false when migrating irqs (regression in 3.15) - [armel,armhf] 8148/1: flush TLS and thumbee register state during exec - [armel,armhf] 8149/1: perf: Don't sleep while atomic when enabling per-cpu interrupts (regression in 3.15) - [armhf] imx: fix .is_enabled() of shared gate clock (regression in 3.16) - [armhf] 8165/1: alignment: don't break misaligned NEON load/store - [mips*] Fix MFC1 & MFHC1 emulation for 64-bit MIPS systems (regression in 3.15) - ACPICA: Update to GPIO region handler interface. - gpio / ACPI: Use pin index and bit length - ACPI / platform / LPSS: disable async suspend/resume of LPSS devices (regression in 3.16) - ACPI / hotplug: Generate online uevents for ACPI containers (regression in 3.14) - ACPI / video: disable native backlight for ThinkPad X201s (regression in 3.16) - regmap: Fix regcache debugfs initialization (regression in 3.15) - regmap: Fix handling of volatile registers for format_write() chips - regmap: Don't attempt block writes when syncing cache on single_rw devices - cgroup: reject cgroup names with '\n' - cgroup: delay the clearing of cgrp->kn->priv - cgroup: fix unbalanced locking (regression in 3.14) - [s390*] KVM: Fix user triggerable bug in dead code - [s390*] KVM: mm: try a cow on read only pages for key ops - [s390*] KVM: mm: Fix storage key corruption during swapping - [s390*] KVM: mm: Fix guest storage key corruption in ptep_set_access_flags - [x86] xen: don't copy bogus duplicate entries into kernel page tables - [x86] early_ioremap: Increase FIX_BTMAPS_SLOTS to 8 (regression in 3.16) - shmem: fix nlink for rename overwrite directory - SMB3: Fix oops when creating symlinks on smb3 - iio: Fix indio_dev->trig assignment in several drivers - Target/iser: Don't put isert_conn inside disconnected handler - target: Fix inverted logic in SE_DEV_ALUA_SUPPORT_STATE_STORE (regression in 3.13) - iscsi-target: Fix memory corruption in iscsit_logout_post_handler_diffcid - SCSI: libiscsi: fix potential buffer overrun in __iscsi_conn_send_pdu - Revert "iwlwifi: dvm: don't enable CTS to self" (regression in 3.16) - iwlwifi: mvm: fix endianity issues with Smart Fifo commands (regression in 3.14) - iwlwifi: mvm: set MAC_FILTER_IN_BEACON correctly for STA/P2P client (regression in 3.16) - workqueue: apply __WQ_ORDERED to create_singlethread_workqueue() (regression in 3.10) - futex: Unlock hb->lock in futex_wait_requeue_pi() error path - block: Fix dev_t minor allocation lifetime - dm cache: fix race causing dirty blocks to be marked as clean - percpu: fix pcpu_alloc_pages() failure path - percpu: perform tlb flush after pcpu_map_pages() failure - regulatory: add NUL to alpha2 - lockd: fix rpcbind crash on lockd startup failure (regression in 3.15) - genhd: fix leftover might_sleep() in blk_free_devt() - eventpoll: fix uninitialized variable in epoll_ctl - kcmp: fix standard comparison bug - fs/notify: don't show f_handle if exportfs_encode_inode_fh failed - nilfs2: fix data loss with mmap() - mm, slab: initialize object alignment on cache creation - fs/cachefiles: add missing \n to kerror conversions (regression in 3.16) - mm: softdirty: keep bit when zapping file pte - sched: Fix unreleased llc_shared_mask bit during CPU hotplug - brcmfmac: handle IF event for P2P_DEVICE interface (regression in 3.12) - ath9k_htc: fix random decryption failure (regression in 3.15) - [powerpc,ppc*] Add smp_mb() to arch_spin_is_locked() - [powerpc,ppc*] Add smp_mb()s to arch_spin_unlock_wait() - [hppa] Implement new LWS CAS supporting 64 bit operations. - alarmtimer: Return relative times in timer_gettime - alarmtimer: Do not signal SIGEV_NONE timers - alarmtimer: Lock k_itimer during timer callback - GFS2: fix d_splice_alias() misuses - IB/qib: Correct reference counting in debugfs qp_stats - IB/mlx4: Avoid null pointer dereference in mlx4_ib_scan_netdevs() (regression in 3.14) - IB/mlx4: Don't duplicate the default RoCE GID (regression in 3.14) - IB/core: When marshaling uverbs path, clear unused fields (regression in 3.14) - mm: Fix unbalanced mutex in dma_pool_create(). (regression in 3.16) - PCI: Add pci_ignore_hotplug() to ignore hotplug events for a device (regression in 3.15) - Revert "PCI: Don't scan random busses in pci_scan_bridge()" (regression in 3.15) - drm/nouveau/runpm: fix module unload - drm/radeon/px: fix module unload - fs: Fix nasty 32-bit overflow bug in buffer i/o code. - blk-mq: Avoid race condition with uninitialized requests - [x86] crypto: ccp - Check for CCP before registering crypto algs - nl80211: clear skb cb before passing to netlink - Revert "PCI: Make sure bus number resources stay within their parents bounds" (regression in 3.15) - cpufreq: release policy->rwsem on error (regression in 3.14) - cpufreq: fix cpufreq suspend/resume for intel_pstate (regression in 3.15) - media: it913x: init tuner on attach (regression in 3.15) - media: videobuf2-dma-sg: fix for wrong GFP mask to sg_alloc_table_from_pages (regression in 3.13) - media: vb2: fix vb2 state check when start_streaming fails (regression in 3.16.3) - media: vb2: fix plane index sanity check in vb2_plane_cookie() - md/raid1: clean up request counts properly in close_sync() (regression in 3.13) - md/raid1: be more cautious where we read-balance during resync. (regression in 3.13) - md/raid1: make sure resync waits for conflicting writes to complete. (regression in 3.13) - md/raid1: Don't use next_resync to determine how far resync has progressed (regression in 3.13) - md/raid1: update next_resync under resync_lock. (regression in 3.13) - md/raid1: count resync requests in nr_pending. (regression in 3.13) - md/raid1: fix_read_error should act on all non-faulty devices. - md/raid1: intialise start_next_window for READ case to avoid hang (regression in 3.13) - netfilter: xt_hashlimit: perform garbage collection from process context - mmc: mmci: Reverse IRQ handling for the arm_variant (regression in 3.15) - partitions: aix.c: off by one bug (regression in 3.11) - cpufreq: update 'cpufreq_suspended' after stopping governors - aio: block exit_aio() until all context requests are completed - ext4: propagate errors up to ext4_find_entry()'s callers - ext4: avoid trying to kfree an ERR_PTR pointer https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.5 - udf: Avoid infinite loop when processing indirect ICBs (CVE-2014-6410) - ASoC: core: fix possible ZERO_SIZE_PTR pointer dereferencing error. - perf: fix perf bug in fork() - mm: memcontrol: do not iterate uninitialized memcgs (regression in 3.14) - mm: migrate: Close race between migration completion and mprotect - [x86] ACPI / i915: Update the condition to ignore firmware backlight change request (regression in 3.16) - [x86] cpufreq: pcc-cpufreq: Fix wait_event() under spinlock (regression in 3.15) - md/raid5: disable 'DISCARD' by default due to safety concerns. - [x86] drm/i915: Flush the PTEs after updating them before suspend (regression in 3.12) - cifs: Fix problem recognizing symlinks (regression in 3.13) - ring-buffer: Fix infinite spin in reading buffer (regression in 3.16.3) - mm: numa: Do not mark PTEs pte_numa when splitting huge pages - media: vb2: fix VBI/poll regression [ Ian Campbell ] * [armhf] Add Exynos5 disk/usb/nic modules to udebs. * [armhf] Backport BananaPi device tree files. Patch from Karsten Merker (Closes: #763897). [ Ben Hutchings ] * [hppa/parisc64-smp] Work around gcc 4.8 miscompilation (Closes: #762390) * [powerpc/powerpc64,ppc64*] video/fb: Change FB_MATROX, FB_RADEON, FB_ATY, FB_SIS, FB_3DFX, FB_VOODOO1 back to modules (Closes: #748398) * udeb: Add pata_rdc to pata-modules (Closes: #633128) * [s390*] 3215: fix tty output containing tabs (Closes: #758264) * radeon: Don't check for installed firmware if driver is built-in (Closes: #763305) * Bump ABI to 3 * vfs: fold swapping ->d_name.hash into switch_names() * vfs: Don't exchange "short" filenames unconditionally. (Closes: #763700) * [hppa,m68k,mips/r4k-ip22,sparc*] bluetooth: Enable BT as module (Closes: #764524) [ Aurelien Jarno ] * [arm64] Change RTC_DRV_PL031 and RTC_DRV_XGENE from modules to built-ins as the kernel isn't able to initialize the system clock from a hardware clock whose driver is a module, and as there is no initramfs mechanism to do that. * [armhf] Change RTC_DRV_DA9052, RTC_DRV_IMXDI, RTC_DRV_MC13XXX, RTC_DRV_MV, RTC_DRV_MXC, RTC_DRV_OMAP, RTC_DRV_PL030, RTC_DRV_PL031, RTC_DRV_S5M, RTC_DRV_SUNXI, RTC_DRV_VT8500 from modules to built-ins for the same reason as above. -- Ben Hutchings Fri, 10 Oct 2014 09:15:17 +0100 linux (3.16.3-2) unstable; urgency=medium [ Ben Hutchings ] * [s390*] syscall: Fix unimplented-syscall entries added before memfd_create() (fixes FTBFS) (Closes: #762221) * [armel/kirkwood] Change configuration to reduce kernel image size (fixes FTBFS) (Closes: #762219) - block: Change IOSCHED_DEADLINE to module - gpu: Disable VGA_ARB [ Aurelien Jarno ] * [mips*/octeon] Enable OCTEON_USB, USB_EHCI_HCD, USB_OHCI_HCD, and USB_OCTEON_EHCI, USB_OCTEON_OHCI (Closes: #762066). -- Bastian Blank Sat, 20 Sep 2014 11:43:05 +0200 linux (3.16.3-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.3 - reiserfs: fix corruption introduced by balance_leaf refactor (regression in 3.16) (Closes: #761457) - reiserfs: Fix use after free in journal teardown - media: v4l: vb2: Fix stream start and buffer completion race - [x86] iommu/vt-d: Exclude devices using RMRRs from IOMMU API domains - [powerpc*] powerpc/powernv: Fix IOMMU group lost (regression in 3.15) - [x86] iommu/vt-d: Defer domain removal if device is assigned to a driver - [x86] iommu/amd: Fix cleanup_domain for mass device removal - [s390*] locking: Reenable optimistic spinning - firmware: Do not use WARN_ON(!spin_is_locked()) - CAPABILITIES: remove undefined caps from all processes - fanotify: fix double free of pending permission events - ocfs2: do not write error flag to user structure we cannot copy from/to - [powerpc*] mm: fix potential infinite loop in dissolve_free_huge_pages() - drivers/mfd/rtsx_usb.c: export device table (Closes: #761428) - [powerpc*] mm: Use read barrier when creating real_pte - [powerpc*] thp: Add write barrier after updating the valid bit - [powerpc*] thp: Invalidate old 64K based hash page mapping before insert of 4k pte - [powerpc*] thp: Handle combo pages in invalidate - [powerpc*] thp: Invalidate with vpn in loop - [powerpc*] thp: Use ACCESS_ONCE when loading pmdp - SCSI: save command pool address of Scsi_Host (regression in 3.15) - fix regression in SCSI_IOCTL_SEND_COMMAND (regression in 3.16) - [mips*] GIC: Prevent array overrun - [mips*] ptrace: Test correct task's flags in task_user_regset_view() - [mips*] ptrace: Change GP regset to use correct core dump register layout - [mips*] ptrace: Avoid smp_processor_id() when retrieving FPU IR - [mips*] syscall: Fix AUDIT value for O32 processes on MIPS64 - [mips*] scall64-o32: Fix indirect syscall detection - [mips,powerpc] bfa: Fix undefined bit shift on big-endian architectures with 32-bit DMA address - ACPI / hotplug: Check scan handlers in acpi_scan_hot_remove() (regression in 3.14) - ACPI: Run fixed event device notifications in process context (regression in 3.15) - ACPI / scan: Allow ACPI drivers to bind to PNP device objects (regression in 3.16) - ACPI / EC: Add support to disallow QR_EC to be issued when SCI_EVT isn't set (regression in 3.14.13, 3.16) - ACPI / EC: Add support to disallow QR_EC to be issued before completing previous QR_EC (regression in 3.14.13, 3.16) - ACPI / scan: not cache _SUN value in struct acpi_device_pnp (regression in 3.14) - ACPI / video: Add a disable_native_backlight quirk - ACPI / video: Disable native_backlight on HP ENVY 15 Notebook PC - ring-buffer: Always reset iterator to reader page - ring-buffer: Up rb_iter_peek() loop count to 3 - vfs: get rid of propagate_umount() mistakenly treating slaves as busy. (regression in 3.15) - Bluetooth: Fix tracking local SSP authentication requirement - Bluetooth: Avoid use of session socket after the session gets freed - vfs: __generic_file_write_iter(): fix handling of sync error after DIO (regression in 3.16) - rbd: rework rbd_request_fn() (regression in 3.15) - vfs: fix copy_tree() regression (regression in 3.14) - md/raid1,raid10: always abort recover on write error. - md/raid5: avoid livelock caused by non-aligned writes. (regression in 3.16) - md/raid6: avoid data corruption during recovery of double-degraded RAID6 - md/raid10: fix memory leak when reshaping a RAID10. - xfs: ensure verifiers are attached to recovered buffers - xfs: quotacheck leaves dquot buffers without verifiers - xfs: don't dirty buffers beyond EOF - xfs: don't zero partial page cache pages during O_DIRECT writes - xfs: don't zero partial page cache pages during O_DIRECT reads - libceph: set last_piece in ceph_msg_data_pages_cursor_init() correctly - libceph: gracefully handle large reply messages from the mon - libceph: do not hard code max auth ticket len (CVE-2014-6416, CVE-2014-6417, CVE-2014-6418) - CIFS: Fix async reading on reconnects - CIFS: Possible null ptr deref in SMB2_tcon - CIFS: Fix wrong directory attributes after rename - mtd/ftl: fix the double free of the buffers allocated in build_maps() - mtd: nand: omap: Fix 1-bit Hamming code scheme, omap_calculate_ecc() - dm table: propagate QUEUE_FLAG_NO_SG_MERGE (regression in 3.16) - KEYS: Fix use-after-free in assoc_array_gc() - KEYS: Fix termination condition in assoc array garbage collection (CVE-2014-3631) [ Ben Hutchings ] * sfc: Adding PCI ID for Solarflare 7000 series 40G network adapter. * sfc: Add 40G link capability decoding * Bump ABI to 2 (Closes: #761874) * ata: Enable SATA_ZPODD * tracing: Enable TRACER_SNAPSHOT * Add memfd_create() and shared memory sealing (Closes: #760702): - mm: allow drivers to prevent new writable mappings - shm: add sealing API - shm: add memfd_create() syscall - shm: wait for pins to be released when sealing - mm: Add memfd_create() system call - [arm*,m68k,mips*,powerpc*,s390*,sparc*] Wire up memfd_create() * udeb: Add ccm, ctr to crypto-modules (Closes: #761902) * [armhf] udeb: Add ehci-platform, ohci-platform and phy-sun4i-usb to usb-modules (Closes: #761591) [ Ian Campbell ] * [armhf] Enable support for Exynos5 systems. (Closes: #759291) * [arm64] Enable crypto accelerator modules * [arm64] Add cdrom-core-modules udeb [ Aurelien Jarno ] * [powerpc/powerpc64,ppc64el] Backport more KVM patches from 3.17. Enable KVM_BOOK3S_64, KVM_BOOK3S_64_HV, KVM_BOOK3S_64_PR and KVM_XICS. (Closes: #761656). -- Ben Hutchings Thu, 18 Sep 2014 03:32:47 +0100 linux (3.16.2-3) unstable; urgency=medium [ Ben Hutchings ] * [armhf] udeb: Remove efi-modules, as EFI is not yet supported on ARM! * [arm64] ata: Enable PHY_XYGENE, AHCI_XGENE as modules - udeb: Add ahci_xgene to sata-modules (fixes FTBFS) * [arm64] rtc: Enable RTC_DRV_XGENE as module * mfd,mmc,memstick: Enable MFD_RTSX_USB, MMC_REALTEK_USB, MEMSTICK_REALTEK_USB as modules (Closes: #761099) * [mips64,mips64el] Properly add the 5kc-malta flavour (should fix FTBFS) * batman-adv: Enable BATMAN_ADV_MCAST * can: Enable CAN_GS_USB as module * bluetooth: Enable BT_6LOWPAN * ubi: Enable MTD_UBI_BLOCK * md: Enable DM_ERA as module * qlcnic: Enable QLCNIC_VXLAN * net/wireless: Enable RSI_91X, RSI_USB as modules - udeb: Add rsi_usb to nic-wireless-modules * i2c: Enable I2C_ROBOTFUZZ_OSIF as module * mfd,gpio,i2c,iio: Enable MFD_VIPERBOARD, GPIO_VIPERBOARD, I2C_VIPERBOARD, VIPERBOARD_ADC as modules * media/usb/gspca: Enable USB_GSPCA_DTCS033 as module * media/pci/cx23885: Enable MEDIA_ALTERA_CI as module * sound/usb: Enable SND_USB_HIFACE, SND_BCD2000 as modules * usb/misc: Enable USB_EHSET_TEST_FIXTURE as module * usb/gadget: Enable USB_NET2280 as module * leds: Enable LEDS_TRIGGER_CPU as built-in and LEDS_TRIGGER_ONESHOT, LEDS_TRIGGER_GPIO, LEDS_TRIGGER_TRANSIENT, LEDS_TRIGGER_CAMERA as modules * uio: Enable UIO_MF624 as module * iio: Enable HID_SENSOR_PROX, HID_SENSOR_DEVICE_ROTATION, HID_SENSOR_PRESS as modules * ecryptfs: Enable ECRYPT_FS_MESSAGING * ceph: Enable CEPH_FSCACHE * crypto: Enable CRYPTO_LZ4, CRYPTO_LZ4HC as modules * [x86] mfd,gpio,i2c,watchdog: Enable KEMPLD_MFD, GPIO_KEMPLD, I2C_KEMPLD, KEMPLD_WDT as modules * [x86] staging: Enable R8723AU as module * [x86] staging: Enable WIMAX_GDM72XX as modules - gdmwm: Enable WIMAX_GDM72XX_USB, WIMAX_GDM72XX_USB_PM * [x86] staging/media: Enable DVB_AS102, USB_MSI3101, MEDIA_TUNER_MSI001, SOLO6X10 as modules * [x86] dvb-usb-rtl28xxu: Enable DVB_RTL2832_SDR * [x86] platform: Enable ALIENWARE_WMI, DELL_SMO8800, IBM_RTL, SAMSUNG_Q10, INTEL_RST, INTEL_SMARTCONNECT (Closes: #749273), PVPANIC as modules * [x86] sony-laptop: Enable SONYPI_COMPAT * [x86,ia64] firmware: Enable DMI_SYSFS * [x86] Disable USB_SN9C102; this driver is deprecated in favour of the gspca drivers * [i386] usb/gadget: Enable USB_AMD5536UDC as module * [i386] comedi: Enable COMEDI_AMPLC_DIO200_ISA, COMEDI_AMPLC_PC236_ISA, COMEDI_AMPLC_PC263_ISA, COMEDI_DAS08_ISA, COMEDI_NI_LABPC_ISA as modules * [i386] speakup: Enable SPEAKUP_SYNTH_DECPC as module * [!x86] staging: Enable R8712U, R8188EU as modules (Closes: #742055, #760859) * i2o: Disable I2O_EXT_ADAPTEC on 64-bit, as it assumes 32-bit virtual addresses * SCSI: aic94xx: Remove broken fallback for missing 'Ctrl-A' user settings * udeb: Add ath6kl_sdio, libertas_cs, libertas_sdio, mwifiex_sdio, r8192u_usb, r8723au, rtl8188eu, rtl818x_pci, rtl8723be, rtl8821ae, spectrum_cs to nic-wireless-modules * builddeb: put the dbg files into the correct directory * [ppc64el] deb-pkg: Add support for powerpc little endian * [armhf] deb-pkg: Add automatic support for armhf architecture * debian/rules.real: Never make kernel-wedge errors non-fatal, as in practice this meant we didn't see them until they appeared in unstable * udeb: Fix typo in dependencies of speakup-modules (fixes FTBFS on mips64el due to interaction with another bug in kernel-wedge) * libceph: Apply critical fixes: - set last_piece in ceph_msg_data_pages_cursor_init() correctly - gracefully handle large reply messages from the mon - add process_one_ticket() helper - do not hard code max auth ticket len [ Ian Campbell ] * [armel/orion5x] udeb: Include mvmdio in nic-modules udeb. * [arm64] Backport X-GENE Ethernet driver from v3.17-rcs * [arm64] Including phy-xgene in sata-modules udeb since it is needed by ahci_xgene. [ Aurelien Jarno ] * [mips64el] Drop loongson-2e and loongson-2f flavour as the minimum supported ISA will be at least MIPS64. -- Ben Hutchings Sat, 13 Sep 2014 03:49:53 +0100 linux-tools (3.16-2) unstable; urgency=medium * linux-kbuild: Change the type headers used for devicetable-offsets.c to avoid depending on UAPI headers or . This really closes: #754213. It also fixes modpost handling of input device IDs when host and target have differing word size. -- Ben Hutchings Tue, 09 Sep 2014 13:21:05 +0100 linux-tools (3.16-1) unstable; urgency=medium * New upstream release [ Mauricio Faria de Oliveira ] * [ppc64el] Build linux-tools binary package (Closes: #754213) [ Ben Hutchings ] * linux-kbuild: Build and install recordmcount and recordmcount.pl, needed for kernels with DYNAMIC_FTRACE enabled * linux-kbuild: Fix recordmcount dependency for OOT modules -- Ben Hutchings Mon, 08 Sep 2014 18:45:06 +0100 linux (3.16.2-2) unstable; urgency=medium [ Ben Hutchings ] * [armel,mips*] udeb: Remove lzo-modules, as LZO_COMPRESS is now built-in (fixes FTBFS) -- Ben Hutchings Mon, 08 Sep 2014 18:39:25 +0100 linux (3.16.2-1) unstable; urgency=medium * New upstream stable update (closes: #748615): https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.1 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2 - isofs: Fix unbounded recursion when processing relocated directories (CVE-2014-5471, CVE-2014-5472) - kvm: iommu: fix the third parameter of kvm_iommu_put_pages (CVE-2014-3601) [ Ben Hutchings ] * HID: Enable HID_RMI as module (Closes: #754519) * Set ABI to 1 * [armhf,arm64] udeb: Add efi-modules * ftrace: Enable more tracers (Closes: #563847, #758469): - Enable FUNCTION_TRACER and DYNAMIC_FTRACE - Enable FUNCTION_GRAPH_TRACER, FTRACE_SYSCALLS and STACK_TRACER (except on armel/kirkwood) * [powerpc] drm: Disable DRM_RADEON_UMS, as radeon X driver now requires KMS * aio: fix reqs_available handling (regression in 3.14.10) * mm: Enable FRONTSWAP, ZSWAP (except armel/{ixp4xx,orion5x}) (Closes: #725703) * [x86] mgag200: Enable auto-loading, but require mode-setting to be explicitly enabled (as xserver-xorg-video-modesetting does) * [armel] Remove obsolete mv78xx0 flavour * virtio-scsi: Implement change_queue_depth for virtscsi targets (Closes: #760324) * sound/firewire: Enable SND_DICE, SND_FIREWORKS, SND_BEBOB as modules (Closes: #756842) * hid-sony: Enable SONY_FF (Closes: #760684) * mtd: Enable MTD_SPI_NOR as module, since M25P80 now depends on it * [m68k] Enable CGROUPS, required by systemd * [armhf] Re-enable SPI_IMX as module * [i386] comedi: Enable COMEDI_DAC02 as module, replacing COMEDI_POC * sound: Disable SND_CS5535AUDIO on all but i386 and mips*/loongson-2f * [mips*/loongson-2f] video: Re-add and enable sm7xxfb driver, removed upstream in 3.15 * mnt: Fix flag handling on remount (CVE-2014-5206, CVE-2014-5207) - mnt: Only change user settable mount flags in remount - mnt: Move the test for MNT_LOCK_READONLY from change_mount_flags into do_remount - mnt: Correct permission checks in do_remount - mnt: Change the default remount atime from relatime to the existing value - mnt: Add tests for unprivileged remount cases that have found to be faulty * [armel/kirkwood] mm: Enable HIGHMEM (Closes: #760786) * aufs: Update to aufs3.16-20140908: - bugfix, missing mnt_want_write in moo - new ioctl BRINFO - bugfix, restore the lost unlock in an error path - allow deleting a branch who has an opened dir - bugfix, stop passing an error code to dput() - possible bugfix, ptr in an array - implement fhsm (not enabled) - si_files has all opened files - bugfix, use id instead of index to identify a branch - new move-down flag AUFS_MVDOWN_FHSM_LOWER - branch attr 'fhsm' is independent from rw/ro attrib - support for a branch ro+fhsm - fhsm notify after fixing inode attrib - bugfix, hfile test in br_del_file() - bugfix, pinning in mvdown - bugfix, instantiate-revalidate race - possible bugfix, temporary d_inode - fhsm and br_del, allow the root dir only - bugfix, get a removed dentry from an inode * MAINTAINERS: Change aufs entry to say it's not upstream [ Vagrant Cascadian ] * [armmp] Enable IMX_IPUV3_CORE (closes: #756810). [ Aurelien Jarno ] * [mips*] Fix FP emulation for unaligned accesses. * Update Spanish debconf template translations (Matias A. Bellone) (Closes: #758591). * [mips*/loongson3] Backport Loongson 3B support from 3.17. * [powerpc,ppc64el] Backport KVM little endian support from 3.17. [ maximilian attems ] * Redisable UAS due to trouble with Seagate expansion drives (closes: #755995, #759662), (reopen: #749014). [ Ian Campbell ] * [armhf] Remove incomplete list of hardware from image description. See https://wiki.debian.org/DebianKernel/ARMMP for details. * [armel/kirkwood] Enable CONFIG_MTD_SPI_NOR for flash access. * [ppc64el] debian/patches/debian/ppc64el-disable-zImage.patch: remove patch. The 'powerpc/boot: 64bit little endian wrapper' patch-set is in linux 3.16, thus the default make/image-y target is OK now. -- Ben Hutchings Mon, 08 Sep 2014 03:17:11 +0100 linux (3.16-1~exp1) experimental; urgency=medium * New upstream release: http://kernelnewbies.org/Linux_3.16 [ Aurelien Jarno ] * [x86] vfio: Enable VFIO_PCI_VGA. * udeb: rename crc32c.ko into crc32c_generic.ko in crc-modules. * [mips*] Fix FP emulation. * [mips*/loongson3] Enable TRANSPARENT_HUGEPAGE. [ Bastian Blank ] * [x86] Enable Xen PVH support. * Enable more Nftables modules. * [x86] Enable EARLY_PRINTK_EFI. * Enable stack protector on all supported architectures. (closes: #756898) * [powerpc64, s390x] Enable PCI hotplug. * Enable RTL8723BE. * Enable OPROFILE. * [ppc64] Enable 64KiB pages. [ Ben Hutchings ] * udeb: Add new sound drivers to sound-modules (thanks to Samuel Thibault) (Closes: #756998) * [armhf] touchscreen: Enable TOUCHSCREEN_SUN4I as module (Closes: #757086) * [!alpha,m68k,x86] Disable USELIB, only needed by libc5 * [arm*,ia64,ppc64el,s390*,sh4] Disable SYSFS_SYSCALL, only needed for SVR4 compatibility * [armel] Disable BINFMT_AOUT * [armel] Re-enable ixp4xx flavour * [armel] Change configuration to reduce kernel image size - [/kirkwood] Change IPV6 to module - [/ixp4xx,orion5x] Change IOSCHED_DEADLINE to module - [/ixp4xx,orion5x] Disable SECURITY (i.e. Linux Security Modules, including SELinux) -- Ben Hutchings Sat, 09 Aug 2014 21:58:12 +0100 linux-tools (3.16~rc7-1~exp1) experimental; urgency=medium * New upstream release candidate [ Ben Hutchings ] * genorig: Include new directory for usbip UAPI header * debian/control: Update Build-Depends for usbip switching from libsysfs to libudev * perf: Build with V=1 as V=2 no longer works * perf: Change build command to avoid a rebuild during 'make install' * linux-tools: Install traceevent plugins in /usr/lib/traceevent_/plugins (Closes: #756429) * linux-kbuild: Install scripts/Makefile.extrawarn -- Ben Hutchings Tue, 29 Jul 2014 21:11:10 +0100 linux (3.16~rc6-1~exp1) experimental; urgency=medium * New upstream rc [ Aurelien Jarno ] * [mipsel/loongson3] Enable SND_HDA_INTEL. * [mips/4kc-malta, mips/5kc-malta] Cleanup configuration file. * [mips/sb1-bcm91250a] Cleanup configuration file. * [mips/r4k-ip22] Cleanup configuration file. * [mips/r5k-ip32] Cleanup configuration file. * [mips64,mips64el] Add a 5kc-malta flavour. [ Ben Hutchings ] * [x86] wireless: Enable R8192EE as module (Closes: #755310) * net: Re-enable CGROUP_NET_PRIO as builtin -- maximilian attems Mon, 21 Jul 2014 21:51:45 +0200 linux (3.16~rc5-1~exp1) experimental; urgency=medium [ maximilian attems ] * New upstream rc [ Ben Hutchings ] * aufs: Update to aufs3.x-rcN-20140714: - tiny, no msg in spinlock regeion - minor bugfix, correct error value in link(2) - O_TMPFILE support - bugfix, handling an error in opening a FIFO - propagate aufs file references to new vmas created by remap_file_pages() - begin supporting fallocate(2) - linux-3.16, convert iovec into iov_iter - allow an unprivileged mount under user_ns (enabled by module parameter) - simply handing attribute string - add mount option for copy-up on open - add mount option for move-up on open - add dirperm1 mount option - mvdown, return a subset of statfs(2) optionally - mvdown, tell about the branch is at the bottom -- maximilian attems Tue, 15 Jul 2014 22:57:31 +0200 linux (3.15.5-1~exp1) experimental; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.4 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.5 -- maximilian attems Thu, 10 Jul 2014 16:02:29 +0200 linux (3.15.3-1~exp1) experimental; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.3 [ Yunqiang Su ] * [mips,mipsel] Move common MIPS kernel config files to kernelarch-mips. * [mips,mipsel] Clean mipsel installer by using symlinks to the mips versions. * [mips,mipsel] Add mips64 and mips64el support (Closes: #749688). -- maximilian attems Wed, 02 Jul 2014 20:30:41 +0200 linux (3.15.1-1~exp1) experimental; urgency=medium * New upstream release: http://kernelnewbies.org/Linux_3.15 * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.1 [ maximilian attems ] * Update policy version to 3.9.5 without changes [ Ian Campbell ] * [armhf] Enable HDMI on imx6qdl-wandboard, SolidRun HummingBoard and Cubox -i. (Closes: #750406) [ Ben Hutchings ] * [powerpc] Build-depend on gcc-4.8 (>= 4.8.2-1) to ensure that JUMP_LABEL works -- maximilian attems Fri, 20 Jun 2014 23:13:13 +0200 linux (3.15~rc8-1~exp1) experimental; urgency=medium * New upstream release candidate [ Ian Campbell ] * [armhf] Enable Broadcom IEEE802.11n embedded FullMAC WLAN driver (Closes: #734430) * [armhf] Backport and enable sunxi MMC driver (Closes: #749484) -- maximilian attems Tue, 03 Jun 2014 11:43:26 +0200 linux (3.15~rc7-1~exp1) experimental; urgency=medium * New upstream release candidate [ maximilian attems ] * Enable USB_UAS in topconfig (closes: #749014) [ Ian Campbell ] * [armhf] Enable SERIAL_OF_PLATFORM. * [armhf] Enable DRM drivers DRM_IMX_* for IMX platform (Closes: #748406) * [armhf] Enable SND_SOC_IMX_SPDIF (Closes: #748890) -- maximilian attems Tue, 27 May 2014 10:55:32 +0200 linux (3.15~rc5-1~exp1) experimental; urgency=medium * New upstream release candidate [ Ben Hutchings ] * aufs: Update to aufs3.x-rcN-20140421 * [rt] Disable until it is updated for 3.15 or later [ Aurelien Jarno ] * [mipsel] Add a loongson-3 flavour to support Loongson 3A/3B machines. * [mips/mipsel] Remove the sb1a-bcm91480b flavour. [ Ian Campbell ] * [armel/orion5x] Disable BPF_JIT, MEMCG, USER_NS to reduce kernel size. * [armel/kirkwood] Enable PCI_MVEBU for PCI support when booted via Device Tree. -- maximilian attems Fri, 16 May 2014 14:33:57 +0200 linux (3.14.15-2) unstable; urgency=medium [ Aurelien Jarno ] * [mips*/4kc-malta] Remove ABI reference as previous kernels were not really usable, and the fix changes the ABI. -- Ben Hutchings Sat, 09 Aug 2014 01:09:38 +0100 linux (3.14.15-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.14 - Bluetooth: Ignore H5 non-link packets in non-active state - fuse: timeout comparison fix - tracing: instance_rmdir() leaks ftrace_event_file->filter (regression in 3.11) - xen/balloon: set ballooned out pages as invalid in p2m (regression in 3.12) - quota: missing lock in dqcache_shrink_scan() (regression in 3.12) - shmem: fix faulting into a hole, not taking i_mutex (CVE-2014-4171) - shmem: fix splicing from a hole while it's punched (CVE-2014-4171) - e1000e: Fix SHRA register access for 82579 (regression in 3.12) - ip_tunnel: fix ip_tunnel_lookup - net: sctp: check proc_dointvec result in proc_sctp_do_auth - 8021q: fix a potential memory leak - net: fix UDP tunnel GSO of frag_list GRO packets - ipv4: fix dst race in sk_dst_get() - ipv4: irq safe sk_dst_[re]set() and ipv4_sk_update_pmtu() fix - bnx2x: fix possible panic under memory stress - tcp: Fix divide by zero when pushing during tcp-repair - ipv4: icmp: Fix pMTU handling for rare case - net: Fix NETDEV_CHANGE notifier usage causing spurious arp flush (regression in 3.11) - igmp: fix the problem when mc leave group - appletalk: Fix socket referencing in skb - netlink: Fix handling of error from netlink_dump(). - tipc: clear 'next'-pointer of message fragments before reassembly (regression in 3.13) - net: sctp: fix information leaks in ulpevent layer - bonding: fix ad_select module param check (regression in 3.14) - net-gre-gro: Fix a bug that breaks the forwarding path (regression in 3.14) - perf/x86/intel: ignore CondChgd bit to avoid false NMI handling - mwifiex: fix Tx timeout issue - [x86] tsc: Fix cpufreq lockup (regression in 3.14) - dm thin metadata: do not allow the data block size to change - dm cache metadata: do not allow the data block size to change - locking/mutex: Disable optimistic spinning on some architectures - sched: Fix possible divide by zero in avg_atom() calculation - aio: protect reqs_available updates from changes in interrupt handlers (regression in 3.14.10) - Don't trigger congestion wait on dirty-but-not-writeout pages (regression in 3.11) https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.15 - nfs: only show Posix ACLs in listxattr if actually present (regression in 3.14) - block: don't assume last put of shared tags is for the host - libata: support the ata host which implements a queue depth less than 32 (regression in 3.14.4) - libata: introduce ata_host->n_tags to avoid oops on SAS controllers - blkcg: don't call into policy draining if root_blkg is already gone - coredump: fix the setting of PF_DUMPCORE - [hppa] Remove SA_RESTORER define - hwmon: (smsc47m192) Fix temperature limit and vrm write operations - fs: umount on symlink leaks mnt count (CVE-2014-5045) - [x86] x86_32, entry: Store badsys error code in %eax (regression in 3.14.10) - drm/radeon: fix irq ring buffer overflow handling (regression in 3.14) - mm: hugetlb: fix copy_hugetlb_page_range() (regression in 3.14.12) - [x86] efi: Include a .bss section within the PE/COFF headers - nl80211: move set_qos_map command into split state (regression in 3.14) - platform_get_irq: Revert to platform_get_resource if of_irq_get fails (regression in 3.14.6) [ Aurelien Jarno ] * Update German debconf template translations (Holger Wansing) (Closes: #756049). * Update French debconf template translations (David Prévot) (Closes: #756134). * Rewrite postinst to not require File::stat perl module (Closes: #756207). * [mips*] Avoid smp_processor_id() in preemptible code. * [mips*/octeon] Fix /proc/cpuinfo issues. * [mips,mipsel/4kc-malta] Fix bug which can cause incorrect system call restarts (fix hang on boot). * [mips*] Fix hugepage support on machines with R4K like TLB. * [mips*] Prevent user from setting FCSR cause bits and cause possible kernel oops. * Update Japanese debconf template translations (Victory). [ Ben Hutchings ] * [amd64] Reject x32 executables if x32 ABI not supported * [amd64] Make x32 syscall support conditional on a kernel parameter * [amd64] Enable X86_X32 (Closes: #708070) and X86_X32_DISABLED. Use the kernel parameter "syscall.x32=y" to enable support for x32. * [s390,s390x] 3215: fix hanging console issue (Closes: #747922) * [armhf] Enable BRCMFMAC, BRCMFMAC_SDIO as modules (Closes: #734430) * net: sctp: inherit auth_capable on INIT collisions (CVE-2014-5077) -- Ben Hutchings Thu, 07 Aug 2014 16:47:21 +0100 linux (3.14.13-2) unstable; urgency=medium [ Aurelien Jarno ] * [mips64,mips64el] Really enable mips64 and mips64el architectures. * [mips64,mips64el] Build udebs for 5kc-malta flavour. * [mipsel,mips64el/loongson-3] Disable not built modules in nic-modules, scsi-common-modules, scsi-extra-modules, scsi-modules (fixes FTBFS). * Add scsi_transport_sas and scsi_transport_spi to scsi-core-modules udeb as optional so that these modules do not end up in two different udebs as dependencies. Remove them from the i386, ia64, powerpc and sparc definition. * [mipsel,mips64el/loongson-2e,2f] Enable CONFIG_RTC_DRV_CMOS as built-in. * [mips*] Add few new udebs and use standard udebs configuration when possible. * [s390,s390x] ptrace: fix PSW mask check (CVE-2014-3534). * [mipsel,mips64el/loongson-3] Enable PREEMPT instead of PREEMPT_VOLUNTARY as it workarounds SMP issues. -- Aurelien Jarno Thu, 24 Jul 2014 21:05:08 +0200 linux (3.14.13-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.13 - iio: ti_am335x_adc: Fix: Use same step id at FIFOs both ends (regression in 3.11) - [hppa] Do not hardcode maximum userspace stack size (regression in 3.14) - workqueue: fix dev_set_uevent_suppress() imbalance (regression in 3.10) - workqueue: zero cpumask of wq_numa_possible_cpumask on init (regression in 3.10) - i8k: Fix non-SMP operation (regression in 3.14) - Revert "ACPI / AC: Remove AC's proc directory." (regression in 3.13) - ACPI / resources: only reject zero length resources based at address zero (regression in 3.14) - ACPI / EC: Avoid race condition related to advance_transaction() - ACPI / EC: Fix race condition in ec_transaction_completed() - [x86] crypto: sha512_ssse3 - fix byte count to bit count conversion - [arm64] implement TASK_SIZE_OF - phy: core: Fix error path in phy_create() - dm io: fix a race condition in the wake up code for sync_io - [x86] intel_pstate: Fix setting VID (regression in 3.14.6) - PCI: Fix unaligned access in AF transaction pending test (regression in 3.14) - ext4: fix unjournalled bg descriptor while initializing inode bitmap - ext4: fix a potential deadlock in __ext4_es_shrink() - drm/radeon: stop poisoning the GART TLB - [x86] drm/i915: Don't clobber the GTT when it's within stolen memory [ Ian Campbell ] * [armel] Remove drivers/net/phy configs which are redundant with toplevel. * [armhf] Add MMC and NIC modules for BeagleBone Black to udebs. (Closes: #754491) * [arm64] Add xfs-modules udeb and add xen-netfront to nic-modules udeb. * aufs: Fix build on arm64. [ Aurelien Jarno ] * [mips,mipsel] Add a debconf note to warn users that they have to configure the system bootloader to load initramfs. * Update Polish debconf template translations (Łukasz Dulny). * Update Czech debconf template translations (Michal Simunek) (Closes: #755060). * Update Russian debconf template translations (Yuri Kozlov) (Closes: #755085). * Update Portuguese debconf template translations (Américo Monteiro) (Closes: #755100). * Update Swedish debconf template translations (Martin Bagge) (Closes: #755145). * Update Slovak debconf template translation (Slavko) (Closes: #755152). * Update Turkish debconf template translation (Mert Dirik) (Closes: #755223). * Update Danish debconf template translation (Joe Dalton) (Closes: #755400). * [mips,mipsel] Cleanup configuration files. * [mips,mipsel] Move common MIPS kernel config files to kernelarch-mips. * [mips,mipsel] Clean mipsel installer by using symlinks to the mips versions. * [mipsel] Backport Loongson 3A/3B support from 3.15 and add the corresponding flavour. * [mips,mipsel] Remove the sb1a-bcm91480b flavour. * [mips,mipsel] Add mips64 and mips64el support (Closes: #749688). * [mips/octeon] Backport from upstream PCIe2 support and interface mode detection for Octeon. * [mips/sb1-91250a] Backport from upstream additional build flags to fix excessive kernel warnings. * [mips/malta] Backport from upstream power management support for Malta. * [mipsel/loongson3] Add support for Loongson 3 LS3A RS780E 1-way boards. [ Ben Hutchings ] * net/l2tp: don't fall back on UDP [get|set]sockopt (CVE-2014-4943) * Bump ABI to 2 (Closes: #754902) * [powerpc/powerpc64] Re-enable JUMP_LABEL * [powerpc/powerpc64,ppc64] Enable PPC_TRANSACTIONAL_MEM * Enable DYNAMIC_DEBUG (except for armel/orion5x) (Closes: #694884) * [rt] Update to 3.14.12-rt9 (no functional changes) * udeb: Add sdhci-acpi to mmc-modules (Closes: #747284) -- Ben Hutchings Mon, 21 Jul 2014 14:02:14 +0100 linux (3.14.12-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.11 - iscsi-target: Avoid rejecting incorrect ITT for Data-Out - iscsi-target: Explicily clear login response PDU in exception path (regression in 3.10) - iscsi-target: fix iscsit_del_np deadlock on unload (regression in 3.13) - Input: synaptics - fix resolution for manually provided min/max (regression in 3.14) - [mips] MSC: Prevent out-of-bounds writes to MIPS SC ioremap'd region - UBIFS: fix an mmap and fsync race condition - UBIFS: Remove incorrect assertion in shrink_tnc() - IB/ipath: Translate legacy diagpkt into newer extended diagpkt - IB/srp: Fix a sporadic crash triggered by cable pulling - IB/umad: Fix error handling - IB/umad: Fix use-after-free on close - nfsd4: fix FREE_STATEID lockowner leak (regression in 3.14.6) - nfsd: getattr for FATTR4_WORD0_FILES_AVAIL needs the statfs buffer - NFS: Don't declare inode uptodate unless all attributes were checked - nfs: Fix cache_validity check in nfs_write_pageuptodate() - [powerpc] mm: Check paca psize is up to date for huge mappings - [powerpc] perf: Ensure all EBB register state is cleared on fork() - xfs: xfs_readsb needs to check for magic numbers (regression in 3.14) - reiserfs: call truncate_setsize under tailpack mutex - ipvs: Fix panic due to non-linear skb - tracing: Fix syscall_*regfunc() vs copy_process() race - ALSA: usb-audio: Fix races at disconnection and PCM closing https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.12 - [powerpc] ibmvscsi: Abort init sequence during error recovery - [powerpc] ibmvscsi: Add memory barriers for send / receive - virtio-scsi: avoid cancelling uninitialized work items - scsi_error: fix invalid setting of host byte - virtio-scsi: fix various bad behavior on aborted requests - xhci: Use correct SLOT ID when handling a reset device command (regression in 3.13) - usb: chipidea: udc: delete td from req's td list at ep_dequeue - mtd: eLBC NAND: fix subpage write support (regression in 3.10) - mtd: nand: omap: fix BCHx ecc.correct to return detected bit-flips in erased-page - [x86] drm/i915: Avoid div-by-zero when pixel_multiplier is zero (regression in 3.13) - [x86] drm/i915: set backlight duty cycle after backlight enable for gen4 (regression in 3.14) - Bluetooth: Fix SSP acceptor just-works confirmation without MITM - Bluetooth: Fix check for connection encryption - rbd: use reference counts for image requests - rbd: handle parent_overlap on writes correctly - mac80211: fix a memory leak on sta rate selection table (regression in 3.10) - hugetlb: fix copy_hugetlb_page_range() to handle migration/hwpoisoned entry - [arm64] mm: Make icache synchronisation logic huge page aware - [arm64] Bug fix in stack alignment exception - fs/cifs: fix regression in cifs_create_mf_symlink() (regression in 3.14) - blkcg: fix use-after-free in __blkg_release_rcu() by making blkcg_gq refcnt an atomic_t - ext4: Fix buffer double free in ext4_alloc_branch() - ext4: Fix hole punching for files with indirect blocks - [x86] KVM: preserve the high 32-bits of the PAT register - [x86] kvm: fix wrong address when writing Hyper-V tsc page - nfsd: fix rare symlink decoding bug - tracing: Remove ftrace_stop/start() from reading the trace file - md: flush writes before starting a recovery. - mlx4_core: Fix incorrect FLAGS1 bitmap test in mlx4_QUERY_FUNC_CAP (regression in 3.14) - netfilter: nf_nat: fix oops on netns removal - brcmfmac: Fix brcmf_chip_ai_coredisable not applying reset bits to BCMA_IOCTL (regression in 3.14) - mmc: rtsx: add R1-no-CRC mmc command type handle (regression in 3.13) - aio: block io_destroy() until all context requests are completed (regression in 3.11) - audit: remove superfluous new- prefix in AUDIT_LOGIN messages (regression in 3.14) - mm/numa: Remove BUG_ON() in __handle_mm_fault() (regression in 3.13) - slab: fix oops when reading /proc/slab_allocators - sym53c8xx_2: Set DID_REQUEUE return code when aborting squeue - mm: fix crashes from mbind() merging vmas [ Ben Hutchings ] * [rt] Update to 3.14.10-rt7: - rtmutex: Resolve conflicts with changes in 3.14.10 - sched: Do not clear PF_NO_SETAFFINITY flag in select_fallback_rq() - workqueue: Prevent deadlock/stall on RT * [rt] random: Restore interrupt randomness dropped in 3.14.10-rt6 * [s390,s390x] Ignore ABI change in lowcore structure (fixes FTBFS) * [m68k] block: Change IOSCHED_CFQ to built-in and make it the default I/O scheduler, consistent with other architectures -- Ben Hutchings Fri, 11 Jul 2014 17:56:20 +0100 linux (3.14.10-1) unstable; urgency=high * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.10 - [s390] af_iucv: wrong mapping of sent and confirmed skbs - Staging: rtl8188eu: overflow in update_sta_support_rate() - USB: option: fix runtime PM handling - hugetlb: restrict hugepage_migration_support() to x86_64 - kthread: fix return value of kthread_create() upon SIGKILL. - mm/memory-failure.c-failure: send right signal code to correct thread - mm/memory-failure.c: don't let collect_procs() skip over processes for MF_ACTION_REQUIRED - ptrace: fix fork event messages across pid namespaces - idr: fix overflow bug during maximum ID calculation at maximum height - [s390] time: cast tv_nsec to u64 prior to shift in update_vsyscall (regression in 3.13) - [s390] lowcore: reserve 96 bytes for IRB in lowcore - ext4: fix data integrity sync in ordered mode - ext4: fix zeroing of page during writeback - ext4: fix wrong assert in ext4_mb_normalize_request() - USB: usb_wwan: fix race between write and resume - USB: usb_wwan: fix write and suspend race - USB: usb_wwan: fix urb leak at shutdown - USB: sierra: fix use after free at suspend/resume - USB: sierra: fix remote wakeup - USB: serial: fix potential runtime pm imbalance at device remove - media: stk1160: Avoid stack-allocated buffer for control URBs - rtmutex: Detect changes in the pi lock chain - rtmutex: Handle deadlock detection smarter - rtmutex: Plug slow unlock race - media: uvcvideo: Fix clock param realtime setting - media: saa7134: fix regression with tvtime (regression in 3.14) - Bluetooth: Fix L2CAP deadlock - Target/iser: Wait for proper cleanup before unloading - target: Set CMD_T_ACTIVE bit for Task Management Requests - target: Use complete_all for se_cmd->t_transport_stop_comp - iscsi-target: Fix ABORT_TASK + connection reset iscsi_queue_req memory leak - target: Explicitly clear ramdisk_mcp backend pages - [x86] x86-32, espfix: Remove filter for espfix32 due to race - aio: fix aio request leak when events are reaped by userspace - aio: fix kernel memory disclosure in io_getevents() introduced in v3.10 (CVE-2014-0206) - CIFS: Fix memory leaks in SMB2_open - Btrfs: fix double free in find_lock_delalloc_range - Btrfs: make sure there are not any read requests before stopping workers - Btrfs: mark mapping with error flag to report errors to userspace - Btrfs: set right total device count for seeding support - fs: btrfs: volumes.c: Fix for possible null pointer dereference - Btrfs: don't check nodes for extent items - Btrfs: fix scrub_print_warning to handle skinny metadata extents - btrfs: fix use of uninit "ret" in end_extent_writepage() - btrfs: allocate raid type kobjects dynamically - lz4: fix another possible overrun - epoll: fix use-after-free in eventpoll_release_file - builddeb: use $OBJCOPY variable instead of objcopy (regression in 3.12) - [i386] efi-pstore: Fix an overflow on 32-bit builds [ Ben Hutchings ] * [amd64] ptrace,x86: force IRET path after a ptrace_stop() (CVE-2014-4699) * shmem: fix faulting into a hole while it's punched (CVE-2014-4171) -- Ben Hutchings Mon, 07 Jul 2014 09:54:10 +0100 linux (3.14.9-1) unstable; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.8 - Target/iscsi,iser: Avoid accepting transport connections during stop stage - iser-target: Fix multi network portal shutdown regression https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.9 - target: Fix NULL pointer dereference for XCOPY in target_put_sess_cmd (regression in 3.14.6) - iscsi-target: Reject mutual authentication with reflected CHAP_C - ima: audit log files opened with O_DIRECT flag - ima: introduce ima_kernel_read() (regression in 3.10) - evm: prohibit userspace writing 'security.evm' HMAC value - net: Use netlink_ns_capable to verify the permisions of netlink messages (CVE-2014-0181) - netlink: Only check file credentials for implicit destinations - qlcnic: info leak in qlcnic_dcb_peer_app_info() - ipv6: Fix regression caused by efe4208 in udp_v6_mcast_next() (regression in 3.13) - netlink: rate-limit leftover bytes warning and print process name - bridge: Prevent insertion of FDB entry with disallowed vlan - net: tunnels - enable module autoloading - [sparc] net: filter: fix typo in sparc BPF JIT - sfc: PIO:Restrict to 64bit arch and use 64-bit writes. (regression in 3.13) - ipv4: fix a race in ip4_datagram_release_cb() - sctp: Fix sk_ack_backlog wrap-around problem - udp: ipv4: do not waste time in __udp4_lib_mcast_demux_lookup (regression in 3.13) - USB: cdc-acm: Fix various bugs in power management - USB: cdc-acm: fix I/O after failed open - [x86] hv: use correct order when freeing monitor_pages - ASoC: dapm: Make sure to always update the DAPM graph in _put_volsw() (regression in 3.12) - lzo: properly check for overruns (CVE-2014-4608) - lz4: ensure length does not wrap (CVE-2014-4608) - ALSA: compress: Cancel the optimization of compiler and fix the size of struct for all platform. - ALSA: control: Protect user controls against concurrent access (CVE-2014-4652) - ALSA: control: Fix replacing user controls (CVE-2014-4654, CVE-2014-4655) - ALSA: control: Don't access controls outside of protected regions (CVE-2014-4653) - ALSA: control: Make sure that id->index does not overflow; Handle numid overflow (CVE-2014-4656) [ Ben Hutchings ] * aufs: Update to aufs3.14-20140616: - tiny, no msg in spinlock regeion - minor bugfix, correct error value in link(2) - O_TMPFILE support - bugfix, handling an error in opening a FIFO - propagate aufs file references to new vmas created by remap_file_pages() * linux-image: Make initramfs support unconditional * [x86] x86_32, entry: Do syscall exit work on badsys (CVE-2014-4508) * [rt] Fix latency histogram after "hrtimer: Set expiry time before switch_hrtimer_base()" in 3.14.6 [ Aurelien Jarno ] * [arm64] Enable COMPAT to support 32-bit binaries. * [mips,mipsel] Enable initramfs for all flavours, but keep the disk related drivers built-in for now. -- Ben Hutchings Mon, 30 Jun 2014 13:57:11 +0100 linux (3.14.7-1) unstable; urgency=medium * New upstream stable update: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.6 - [mipsel] loongson2_cpufreq: Fix CPU clock rate setting (regression in 3.14) - rtmutex: Fix deadlock detector for real - kernfs: add back missing error check in kernfs_fop_mmap() (regression in 3.14) - coredump: fix va_list corruption (regression in 3.11) - mm: make fixup_user_fault() check the vma access rights too - serial: 8250: Fix thread unsafe __dma_tx_complete function - 8250_core: Fix unwanted TX chars write - iwlwifi: 7000: bump API to 9 - timer: Prevent overflow in apply_slack - cfg80211: free sme on connection failures (regression in 3.11) - cfg80211: add cfg80211_sched_scan_stopped_rtnl (regression in 3.14) - mac80211: fix nested rtnl locking on ieee80211_reconfig (regression in 3.14) - mm, thp: close race between mremap() and split_huge_page() - [x86] mm, hugetlb: Add missing TLB page invalidation for hugetlb_cow() - hwpoison, hugetlb: lock_page/unlock_page does not match for handling a free hugepage - iwlwifi: mvm: delay enabling smart FIFO until after beacon RX (regression in 3.14) - aio: fix potential leak in aio_run_iocb(). - Revert "hwmon: (coretemp) Refine TjMax detection" - hrtimer: Prevent remote enqueue of leftmost timers - hrtimer: Set expiry time before switch_hrtimer_base() - dm verity: fix biovecs hash calculation regression (regression in 3.14) - dm cache: fix writethrough mode quiescing in cache_map (regression in 3.13) - md/raid10: call wait_barrier() for each request submitted. (regression in 3.14) - PNP / ACPI: Do not return errors if _DIS or _SRS are not present (regression in 3.14) - ACPI / EC: Process rather than discard events in acpi_ec_clear (regression in 3.13.7, 3.14) - irqchip: armada-370-xp: fix invalid cast of signed value into unsigned variable (regression in 3.13) - irqchip: armada-370-xp: implement the ->check_device() msi_chip operation (regression in 3.13) - irqchip: armada-370-xp: Fix releasing of MSIs (regression in 3.13) - [x86] drm/i915: Allow user modes to exceed DVI 165MHz limit (regression in 3.14) - [x86] drm/i915: Don't check gmch state on inherited configs (regression in 3.13?) - [x86] drm/i915: Don't WARN nor handle unexpected hpd interrupts on gmch platforms (regression in 3.13) - [x86] drm/radeon: fix runpm handling on APUs (v4) (regression in 3.13) - drm/radeon: disable mclk dpm on R7 260X (regression in 3.14) - drm/radeon: add support for newer mc ucode on SI (v2) - drm/radeon: add support for newer mc ucode on CI (v2) - drm/radeon: re-enable mclk dpm on R7 260X asics - drm/radeon/uvd: use lower clocks on old UVD to boot v2 (regression in 3.13) - drm/radeon: check buffer relocation offset - USB: Nokia 305 should be treated as unusual dev - USB: Nokia 5300 should be treated as unusual dev - Revert "Bluetooth: Enable autosuspend for Intel Bluetooth device" (regression in 3.14) - posix_acl: handle NULL ACL in posix_acl_equiv_mode - fs/affs/super.c: bugfix / double free (regression in 3.14) - [armel/orion5x] fix target ID for crypto SRAM window (regression in 3.12) - [armel/kirkwood]: dts: fix mislocated pcie-controller nodes (regression in 3.12) - [armhf/armmp-lpae] 8012/1: kdump: Avoid overflow when converting pfn to physaddr - drm/nouveau: fix another lock unbalance in nouveau_crtc_page_flip (regression in 3.11) - drm/i915/vlv: reset VLV media force wake request register (regression in 3.14?) - i40e: potential array underflow in i40e_vc_process_vf_msg() - igb: Fix Null-pointer dereference in igb_reset_q_vector (regression in 3.14) - igb: Unset IGB_FLAG_HAS_MSIX-flag when falling back to msi-only (regression in 3.14) - leds: leds-pwm: properly clean up after probe failure - device_cgroup: rework device access check and exception checking - device_cgroup: check if exception removal is allowed - media: media-device: fix infoleak in ioctl media_enum_entities() (CVE-2014-1739) - Input: Add INPUT_PROP_TOPBUTTONPAD device property - Input: synaptics - report INPUT_PROP_TOPBUTTONPAD property - e1000e: Fix no connectivity when driver loaded with cable out (regression in 3.12) - autofs: fix lockref lookup - vfs: fix races between __d_instantiate() and checks of dentry flags - ALSA: hda - hdmi: Set converter channel count even without sink (regression in 3.13) - NFSd: Move default initialisers from create_client() to alloc_client() - NFSd: call rpc_destroy_wait_queue() from free_client() - NFSD: Call ->set_acl with a NULL ACL structure if no entries - nfsd4: remove lockowner when removing lock stateid - workqueue: fix bugs in wq_update_unbound_numa() failure path - workqueue: fix a possible race condition between rescuer and pwq-release - [arm] mvebu: mvebu-soc-id: add missing clk_put() call (regression in 3.14) - [arm] mvebu: mvebu-soc-id: keep clock enabled if PCIe unit is enabled (regression in 3.14) - ASoC: dapm: Skip CODEC<->CODEC links in connect_dai_link_widgets() (regression in 3.14) - [hppa] ratelimit userspace segfault printing - [amd64] modify_ldt: Make support for 16-bit segments a runtime option - sysfs: make sure read buffer is zeroed (possible regression in 3.13) - Target/iser: Fix wrong connection requests list addition - Target/iser: Fix iscsit_accept_np and rdma_cm racy flow - iscsi-target: Change BUG_ON to REJECT in iscsit_process_nop_out (regression in 3.11) - target: fix memory leak on XCOPY - [x86] drm/i915: Disable self-refresh for untiled fbs on i915gm (regression in 3.14) - [x86] drm/i915: move power domain init earlier during system resume (regression in 3.14?) - [x86] drm/i915: Fix unsafe loop iteration over vma whilst unbinding them (regression in 3.12) - iwlwifi: mvm: BT Coex - fix Look Up Table (regression in 3.13) - PCI: Wrong register used to check pending traffic (regression in 3.14) - dm crypt: fix cpu hotplug crash by removing per-cpu structure - dm thin: allow metadata commit if pool is in PM_OUT_OF_DATA_SPACE mode (regression in 3.14) - dm thin: add timeout to stop out-of-data-space mode holding IO forever - dmaengine: fix dmaengine_unmap failure - dma: mv_xor: Flush descriptors before activating a channel - tcm_fc: Fix free-after-use regression in ft_free_cmd (regression in 3.13) - ACPICA: Tables: Restore old behavor to favor 32-bit FADT addresses. (regression in 3.14) - ACPI: Revert "ACPI: Remove CONFIG_ACPI_PROCFS_POWER and cm_sbsc.c" (regression in 3.13) - ACPI: Revert "ACPI / Battery: Remove battery's proc directory" (regression in 3.13) - [x86] ACPI / video: Add use_native_backlight quirks for more systems - ACPI: Revert "ACPI / AC: convert ACPI ac driver to platform bus" (regression in 3.13) - [x86] ACPI / TPM: Fix resume regression on Chromebooks (regression in 3.14) - i2c: s3c2410: resume race fix - [x86] intel_pstate: Set turbo VID for BayTrail - [s390] crypto: fix aes,des ctr mode concurrency finding. - clk: Fix double free due to devm_clk_register() - clk: Fix slab corruption in clk_unregister() - [powerpc] powernv: Reset root port in firmware (regression in 3.14) - [powerpc] irq work racing with timer interrupt can result in timer interrupt hang (regression in 3.14) - [powerpc] kexec: Fix "Processor X is stuck" issue during kexec from ST mode (regression in 3.13) - spi: core: Ignore unsupported Dual/Quad Transfer Mode bits (regression in 3.12) - libceph: fix corruption when using page_count 0 page in rbd - media: V4L2: ov7670: fix a wrong index, potentially Oopsing the kernel from user-space http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.7 - perf: Limit perf_event_attr::sample_period to 63 bits - perf: Fix race in removing an event - SCSI: scsi_transport_sas: move bsg destructor into sas_rphy_remove (regression in 3.13) - [arm] 8051/1: put_user: fix possible data corruption in put_user - [arm] 8064/1: fix v7-M signal return (regression in 3.11) - cpufreq: remove race while accessing cur_policy - firewire: revert to 4 GB RDMA, fix protocols using Memory Space (regression in 3.14) - [mips] Fix typo when reporting cache and ftlb errors for ImgTec cores (regression in 3.14) - dm cache: always split discards on cache block boundaries - virtio_blk: fix race between start and stop queue - sched/deadline: Restrict user params max value to 2^63 ns - sched/dl: Fix race in dl_task_timer() - drm/radeon: avoid crash if VM command submission isn't available - [x86] drm/i915: Only copy back the modified fields to userspace from execbuffer - drm/radeon/dpm: resume fixes for some systems (regression in 3.14) - libata: Blacklist queued trim for Crucial M500 (regression in 3.14.4) - md: always set MD_RECOVERY_INTR when aborting a reshape or other "resync". - md: always set MD_RECOVERY_INTR when interrupting a reshape thread. (regression in 3.12.9, 3.13) - xhci: delete endpoints from bandwidth list before freeing whole device - staging: comedi: ni_daq_700: add mux settling delay - staging: r8192e_pci: fix htons error (regression in 3.14) - ALSA: hda/analog - Fix silent output on ASUS A8JN (regression in 3.12) - USB: io_ti: fix firmware download on big-endian machines (part 2) - usb: pci-quirks: Prevent Sony VAIO t-series from switching usb ports (regression in 3.12) - percpu-refcount: fix usage of this_cpu_ops - [x86] intel_pstate: Remove C0 tracking (regression in 3.14) - [x86] intel_pstate: Correct rounding in busy calculation (regression in 3.14) - [x86] intel_pstate: add sample time scaling - [x86] intel_pstate: Improve initial busy calculation - mm: add !pte_present() check on existing hugetlb_entry callbacks (CVE-2014-3940) - mm: rmap: fix use-after-free in __put_anon_vma - iser-target: Add missing target_put_sess_cmd for ImmedateData failure - iscsi-target: Fix wrong buffer / buffer overrun in iscsi_change_param_value() - target: Fix alua_access_state attribute OOPs for un-configured devices - netfilter: Fix potential use after free in ip6_route_me_harder() - netfilter: nfnetlink: Fix use after free when it fails to process batch - [x86] iommu/vt-d: Fix missing IOTLB flush in intel_iommu_unmap() [ Ian Campbell ] * [armhf] Enable VIRTIO_BALLOON and VIRTIO_PCI (Closes: #750742) * [arm64] Update modules included in installer udebs. * Include virtio_mmio in virtio-modules udeb when available. [ Aurelien Jarno ] * topconfig: Enable modular HW_RANDOM. * [kernelarch-powerpc] Remove HW_RANDOM. * [kernelarch-x86] Remove HW_RANDOM. * [mips/4kc-malta] Remove HW_RANDOM. * [mips/5kc-malta] Remove HW_RANDOM. * [mips/octeon] Remove HW_RANDOM. * [arm64] Enable modular RTC_DRV_PL031. [ Ben Hutchings ] * [ppc64el] Add kernel image, thanks to Mauricio Faria de Oliveira: - Split common/big-endian powerpc64 options - Add little-endian powerpc64 options - Temporarily disable zImage - powerpc/powernv: Add calls to support little endian host - Add 'ppc64le' (uname output) to bug/include-model script - udeb: Add packages based on ppc64 configuration * netfilter: ipv4: defrag: set local_df flag on defragmented skb (regression in 3.14.5) * [mips] seccomp: Check system calls whenever seccomp is enabled, even if audit and trace are disabled (Closes: #751417) * auditsc: audit_krule mask accesses need bounds checking (CVE-2014-3917) * fs,userns: Change inode_capable to capable_wrt_inode_uidgid (CVE-2014-4014) * SCSI: Fix spurious request sense in error handling (regression in 3.14) * PCI/MSI: Fix memory leak in free_msi_irqs() (regression in 3.14) * [rt] hrtimer: Disable MISSED_TIMER_OFFSETS_HIST as it will currently result in a panic -- Ben Hutchings Mon, 16 Jun 2014 09:51:49 +0100 linux (3.14.5-1) unstable; urgency=high * New upstream stable update: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5 - SCSI: dual scan thread bug fix - SCSI: megaraid: missing bounds check in mimd_to_kioc() - [x86] KVM: remove WARN_ON from get_kernel_ns() - audit: convert PPIDs to the inital PID namespace. - netfilter: nf_tables: fix nft_cmp_fast failure on big endian for size < 4 - netfilter: nf_conntrack: reserve two bytes for nf_ct_ext->len (Closes: #741667) - netfilter: Can't fail and free after table replacement - [i386] x86,preempt: Fix preemption for i386 - rbd: fix error paths in rbd_img_request_fill() - [x86] drm/i915: restore QUIRK_NO_PCH_PWM_ENABLE (regression in 3.14) - tick-sched: Don't call update_wall_time() when delta is lesser than tick_period (regression in 3.14) - tick-sched: Check tick_nohz_enabled in tick_nohz_switch_to_nohz() (regression in 3.13) - [hppa] change value of SHMLBA from 0x00400000 to PAGE_SIZE - [hppa] fix epoll_pwait syscall on compat kernel - [hppa] remove _STK_LIM_MAX override - vfs: don't bother with {get,put}_write_access() on non-regular files - cifs: Wait for writebacks to complete before attempting write. - xen/spinlock: Don't enable them unconditionally. (regression in 3.12) - thp: close race between split and zap huge pages (regression in 3.13) - mm/hugetlb.c: add cond_resched_lock() in return_unused_surplus_pages() - mm: use paravirt friendly ops for NUMA hinting ptes - USB: io_ti: fix firmware download on big-endian machines - fs: Don't return 0 from get_anon_bdev (regression in 3.14) - [x86] drm/vmwgfx: Make sure user-space can't DMA across buffer object boundaries v2 - [x86] drm/i915: Do not dereference pointers from ring buffer in evict event (regression in 3.13) - net: core: don't account for udp header size when computing seglen (regression in 3.14) - bridge: Fix double free and memory leak around br_allowed_ingress - filter: prevent nla extensions to peek beyond the end of the message (CVE-2014-3144, CVE-2014-3145) - Revert "net: sctp: Fix a_rwnd/rwnd management to reflect real state of the receiver's buffer" (regression in 3.14) - ip6_gre: don't allow to remove the fb_tunnel_dev - net: sctp: cache auth_enable per endpoint - net: Fix ns_capable check in sock_diag_put_filterinfo - rtnetlink: Warn when interface's information won't fit in our packet - rtnetlink: Only supply IFLA_VF_PORTS information when RTEXT_FILTER_VF is set - tcp_cubic: fix the range of delayed_ack - net: cdc_ncm: fix buffer overflow (regression in 3.13) - ip_tunnel: Set network header properly for IP_ECN_decapsulate() (regression in 3.11) - ipv4: ip_tunnels: disable cache for nbma gre tunnels (regression in 3.14) - net: cdc_mbim: __vlan_find_dev_deep need rcu_read_lock (regression in 3.13) - net: ipv4: ip_forward: fix inverted local_df test (regression in 3.14) - net: ipv6: send pkttoobig immediately if orig frag size > mtu (regression in 3.14) - ip6_tunnel: fix potential NULL pointer dereference - neigh: set nud_state to NUD_INCOMPLETE when probing router reachability (regression in 3.14) - batman-adv: fix neigh_ifinfo imbalance (regression in 3.14) - batman-adv: fix neigh reference imbalance (regression in 3.14) - batman-adv: always run purge_orig_neighbors (regression in 3.14) - batman-adv: fix removing neigh_ifinfo (regression in 3.14) - [s390,x86] net: filter: fix JIT address randomization - net: avoid dependency of net_get_random_once on nop patching (regression in 3.13) - ipv6: fix calculation of option len in ip6_append_data (regression in 3.13) - rtnetlink: wait for unregistering devices in rtnl_link_unregister() - bonding: fix out of range parameters for bond_intmax_tbl (regression in 3.14) - net: gro: make sure skb->cb[] initial content has not to be zero (regression in 3.13) - batman-adv: fix indirect hard_iface NULL dereference (regression in 3.14) - batman-adv: fix reference counting imbalance while sending fragment (regression in 3.14) - batman-adv: increase orig refcount when storing ref in gw_node - batman-adv: fix local TT check for outgoing arp requests in DAT (regression in 3.13) - net_sched: fix an oops in tcindex filter (regression in 3.14) - ipv6: gro: fix CHECKSUM_COMPLETE support (regression in 3.14) - ipv4: initialise the itag variable in __mkroute_input - net-gro: reset skb->truesize in napi_reuse_skb() [ Ben Hutchings ] * [x86] ACPICA: Tables: Fix invalid pointer accesses in acpi_tb_parse_root_table(). (Closes: #748574) * net: Revert lockdep changes in 3.14.5 to avoid an ABI change * futex: Add another early deadlock detection check * futex: Prevent attaching to kernel threads * futex: Forbid uaddr == uaddr2 in futex_requeue(..., requeue_pi=1) (CVE-2014-3153) * futex: Validate atomic acquisition in futex_lock_pi_atomic() * futex: Always cleanup owner tid in unlock_pi * futex: Make lookup_pi_state more robust [ Ian Campbell ] * [arm64] Initial kernel configuration and packaging (Closes: #745349). * [armhf] Add virtio-modules udeb. [ Aurelien Jarno ] * [mips,mipsel] Fix branch emulation of branch likely instructions. -- Ben Hutchings Thu, 05 Jun 2014 13:49:15 +0100 linux (3.14.4-1) unstable; urgency=high * New upstream stable update: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.3 - ASoC: pcm: Drop incorrect double/extra frees - [s390] KVM: Optimize ucontrol path (regression in 3.11) - [s390] bitops,atomic: add missing memory barriers - [s390] fix control register update (regression in 3.14) - mei: me: do not load the driver if the FW doesn't support MEI interface - staging: comedi: usbdux: bug fix for accessing 'ao_chanlist' in private data - [x86] AVX-512: AVX-512 Feature Detection - [x86] AVX-512: Enable AVX-512 States Context Switch - [x86] ftrace: One more missing sync after fixup of function modification failure - [amd64] modify_ldt: Ban 16-bit segments on 64-bit kernels - [armhf] PCI: imx6: Wait for retraining (regression in 3.14) - [arm] PCI: mvebu: Fix potential issue in range parsing (regression in 3.12) - NFSv4: Fix a use-after-free problem in open() - nfsd: revert v2 half of "nfsd: don't return high mode bits" (regression in 3.14) - nfsd4: buffer-length check for SUPPATTR_EXCLCREAT - nfsd4: fix test_stateid error reply encoding - nfsd: notify_change needs elevated write count - nfsd: check passed socket's net matches NFSd superblock's one - nfsd4: fix memory leak in nfsd4_encode_fattr() - nfsd4: fix setclientid encode size - NFSD: Traverse unconfirmed client through hash-table - IB/ipath: Fix potential buffer overrun in sending diag packet routine - IB/nes: Return an error on ib_copy_from_udata() failure instead of NULL - IB/mthca: Return an error on ib_copy_to_udata() failure - IB/ehca: Returns an error on ib_copy_to_udata() failure - IB/core: Don't resolve passive side RoCE L2 address in CMA REQ handler (regression in 3.14) - ib_srpt: Use correct ib_sg_dma primitives - SCSI: arcmsr: upper 32 of dma address lost - iscsi-target: Fix ERL=2 ASYNC_EVENT connection pointer bug - target/iblock: Fix double bioset_integrity_free bug - target/tcm_fc: Fix use-after-free of ft_tpg - [x86] efi: Correct EFI boot stub use of code32_start - efi: Pass correct file handle to efi_file_{read,close} - reiserfs: fix race in readdir - media: v4l2-dv-timings: add module name, description, license - media: em28xx-audio: fix user counting in snd_em28xx_capture_open() - [armhf] usb: musb: fix PHY power on/off (regression in 3.14) - mtip32xx: Unmap the DMA segments before completing the IO request - mtip32xx: mtip_async_complete() bug fixes - iser-target: Match FRMR descriptors to available session tags - iser-target: Add missing se_cmd put for WRITE_PENDING in tx_comp_err - [sh] fix format string bug in stack tracer - mm: page_alloc: spill to remote nodes before waking kswapd (regression in 3.12/3.13) - mm: try_to_unmap_cluster() should lock_page() before mlocking (CVE-2014-3122) (Closes: #747326) - xattr: guard against simultaneous glibc header inclusion - ocfs2: do not put bh when buffer_uptodate failed - ocfs2: fix panic on kfree(xattr->name) - vfs: smarter propagate_mnt() - block: Fix for_each_bvec() - ext4: FIBMAP ioctl causes BUG_ON due to handle EXT_MAX_BLOCKS - ext4: note the error in ext4_end_bio() - ext4: move ext4_update_i_disksize() into mpage_map_and_submit_extent() - ext4: use i_size_read in ext4_unaligned_aio() http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.4 - tty: Fix lockless tty buffer race - n_tty: Fix n_tty_write crash when echoing in raw mode (CVE-2014-0196) (Closes: #747166) - floppy: ignore kernel-only members in FDRAWCMD ioctl input (CVE-2014-1737) - floppy: don't write kernel-only members to FDRAWCMD ioctl output (CVE-2014-1738) - KVM: async_pf: mm->mm_users can not pin apf->mm - KVM: ioapic: fix assignment of ioapic->rtc_status.pending_eoi (CVE-2014-0155) - [powerpc] KVM: Book3S HV: Fix KVM hang with CONFIG_KVM_XICS=n (regression in 3.14) - [mips] Hibernate: Flush TLB entries in swsusp_arch_resume() - [powerpc] Fix Oops in rtas_stop_self() (regression in 3.14) - [s390] bpf,jit: initialize A register if 1st insn is BPF_S_LDX_B_MSH - SUNRPC: Ensure that call_connect times out correctly (regression in 3.13) - SUNRPC: Ensure call_connect_status() deals correctly with SOFTCONN tasks (regression in 3.13) - Revert "net: mvneta: fix usage as a module on RGMII configurations" (regression in 3.14) - iwlwifi: dvm: take mutex when sending SYNC BT config command - mac80211: fix potential use-after-free - mac80211: fix WPA with VLAN on AP side with ps-sta again - locks: allow __break_lease to sleep even when break_time is 0 - rtlwifi: rtl8192se: Fix regression due to commit 1bf4bbb (regression in 3.13) - dm cache: prevent corruption caused by discard_block_size > cache_block_size - dm transaction manager: fix corruption due to non-atomic transaction commit - dm: take care to copy the space map roots before locking the superblock - dm thin: fix dangling bio in process_deferred_bios error path - aio: v4 ensure access to ctx->ring_pages is correctly serialised for migration - cpufreq: loongson2_cpufreq: don't declare local variable as static (regression in 3.14) [ Ben Hutchings ] * [or1k] Build a linux-libc-dev package (Closes: #746309) * net: Start with correct mac_len in skb_network_protocol (Closes: #746453) * [x86] ACPI/Processor: Fix failure of loading acpi-cpufreq driver (Closes: #746448) * [armhf] ARM: sun4i: dt: Add bindings for USB clocks (fixes FTBFS, Closes: #746420) * [x86] udeb: Add hyperv-keyboard to hyperv-modules * drm: Enable auto-loading of ast, udl * [ppc64el] Build a linux-libc-dev package (Closes: #747367) * net: ipv4: current group_info should be put after using. (CVE-2014-2851) * filter: prevent nla extensions to peek beyond the end of the message (CVE-2014-3144, CVE-2014-3145) * [powerpc,ppc64] Add versioned build-dependency on gcc-4.8, as compiler changes have resulted in a different kernel module ABI - [powerpc] Bump ABI to 1a as 3.14.2-1 was built with an older compiler * [armhf] Enable IR_GPIO_CIR as module (Closes: #747762) * [hppa/parisc64-smp] ipmi: Enable IPMI_HANDLER, IPMI_DEVICE_INTERFACE, IPMI_SI, IPMI_WATCHDOG, IPMI_POWEROFF as modules (Closes: #747482) * [armhf] Enable various drivers to support BeagleBone Black (Closes: #747364) * [hppa] udeb: Add xfs-modules (Closes: #746506) * udeb: Add mtip32xx, nvme to sata-modules * [rt] Update to 3.14.3-rt5: - tracing: use migrate_disable() to prevent beeing pushed off the cpu - rwsem-rt: Do not allow readers to nest - Revert "migrate_disable pushd down in atomic_dec_and_spin_lock" - rwlock: disable migration before taking a lock - timer: do not spin_trylock() on UP - stomp-machine: Fix wait for completion - stomp-machine: create lg_global_trylock_relax() primitive - stomp-machine: use lg_global_trylock_relax() to dead with stop_cpus_lock lglock - blk-mq: revert raw locks, post pone notifier to POST_DEAD - use EXPORT_SYMBOL() on __rt_mutex_init() and rt_down_write_nested_lock() - netconsole: Allow use with PREEMPT_RT_FULL * aufs: Update to aufs3.14-20140512: - bugfix, stop calling security_mmap_file() again -- Ben Hutchings Wed, 14 May 2014 00:46:05 +0100 linux-tools (3.14-1) unstable; urgency=medium * New upstream release -- Ben Hutchings Mon, 28 Apr 2014 17:46:24 +0100 linux (3.14.2-1) unstable; urgency=medium * New upstream stable update: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.2 [ Ian Campbell ] * [armhf] Drop suffix from kernel udeb. * [armhf] Backport sunxi AHCI and GMAC drivers from v3.15-rc1 [ Ben Hutchings ] * [x86] Enable X86_INTEL_LPSS (Closes: #745331) * [x86] thinkpad_acpi: Add support for X1 Carbon 2nd generation's adaptive keyboard (Closes: #745252) * [armhf] Enable more Allwinner/sunxi drivers (Closes: #745972): - spi: sunxi: Add Allwinner A31 SPI controller driver - ARM: dt: sun4i: Add A10 SPI controller nodes - PHY: sunxi: Add driver for sunxi usb phy - ARM: sun4i: dt: Add USB host bindings - Enable PHY_SUN4I_USB, RTC_DRV_SUNXI, SPI_SUN6I, USB_EHCI_HCD_PLATFORM, USB_OHCI_HCD_PLATFORM and CONFIG_SUNXI_WATCHDOG as modules * Set ABI to 1 * Staging: speakup: Move pasting into a work item and update it to match vt (Closes: #735202, #744015) -- Ben Hutchings Mon, 28 Apr 2014 17:12:03 +0100 linux (3.14.1-1~exp1) experimental; urgency=medium * New upstream stable update: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.1 [ Ben Hutchings ] * [armel] Disable ixp4xx flavour (fixes FTBFS) * [armhf] Enable SECURITY_APPARMOR, SECURITY_TOMOYO * [rt] Update to 3.14.0-rt1 and reenable -- Ben Hutchings Thu, 17 Apr 2014 13:17:18 +0100 linux (3.14-1~exp1) experimental; urgency=medium * New upstream release: http://kernelnewbies.org/Linux_3.14 [ Ben Hutchings ] * nftables: Enable NF_TABLES_BRIDGE, NF_TABLES_IPV4, NFT_CHAIN_ROUTE_IPV4, NFT_CHAIN_NAT_IPV4, NF_TABLES_ARP, NF_TABLES_IPV6, NFT_CHAIN_ROUTE_IPV6, NFT_CHAIN_NAT_IPV6 as modules (Closes: #742763) * udeb: Update sound-modules, thanks to Samuel Thibault (Closes: #743319) * aufs: Update to aufs3.14-20140407 (no functional changes) * mtd: Enable MTD_NAND_ECC_BCH (Closes: #743933) * drm: Enable DRM_LOAD_EDID_FIRMWARE (Closes: #728275) -- Ben Hutchings Wed, 09 Apr 2014 09:53:05 +0100 linux-tools (3.14~rc7-1~exp1) experimental; urgency=medium * New upstream release candidate -- Ben Hutchings Mon, 17 Mar 2014 19:31:14 +0000 linux (3.14~rc7-1~exp1) experimental; urgency=medium * New upstream release candidate [ Ben Hutchings ] * bfa,bna: Replace large udelay() with mdelay() (fixes FTBFS on arm) (Closes: #741142) * aufs: Update to aufs3.x-rcN-20140310 - bugfix, Fix unmount to properly free anonymous block devices -- Ben Hutchings Mon, 17 Mar 2014 13:30:03 +0000 linux (3.14~rc5-1~exp1) experimental; urgency=medium * New upstream release candidate [ Ben Hutchings ] * mm: Enable ZSMALLOC as built-in, ZRAM as module (except for armel/{ixp4xx,orion5x}) (Closes: #676779) * iio,HID: Enable HID_SENSOR_INCLINOMETER_3D as module * media/radio: Enable USB_RAREMONO as module * i40e: Enable I40E_VXLAN, I40E_DCB * net: Enable I40EVF, USB_NET_SR9800 as modules * serial: Enable USB_SERIAL_MXUPORT as module * ceph: Enable CEPH_FS_POSIX_ACL * netfilter: Enable NF_TABLES_INET, NFT_QUEUE, NFT_REJECT, NETFILTER_XT_MATCH_CGROUP, NETFILTER_XT_MATCH_IPCOMP as modules * net/sched: Enable NET_SCH_HHF, NET_SCH_PIE as modules * [x86] crypto: Enable CRYPTO_DEV_CCP, CRYPTO_DEV_CCP_DD, CRYPTO_DEV_CCP_CRYPTO as modules * [x86] platform: Enable CHROMEOS_PSTORE, HP_WIRELESS as modules * [x86] comedi: Enable COMEDI_MF6X4 as modules * [x86] staging: Enable R8821AE, RTS5208 as modules * [x86] thermal: Enable ACPI_INT3403_THERMAL as module -- Ben Hutchings Fri, 07 Mar 2014 03:36:35 +0000 linux (3.13.10-1) unstable; urgency=medium * New upstream stable update: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.8 - ALSA: compress: Pass through return value of open ops callback - [hppa] partly revert commit 8a10bc9: parisc/sti_console: prefer Linux fonts over built-in ROM fonts (regression in 3.13.2) - [armhf] net: davinci_emac: Replace devm_request_irq with request_irq (regression in 3.11) - NFSv4: Use the correct net namespace in nfs4_update_server - media: cxusb: unlock on error in cxusb_i2c_xfer() (regression in 3.13) - media: dw2102: some missing unlocks on error (regression in 3.13) - libceph: block I/O when PAUSE or FULL osd map flags are set - libceph: resend all writes after the osdmap loses the full flag - stop_machine: Fix^2 race between stop_two_cpus() and stop_cpus() - [arm] 7941/2: Fix incorrect FDT initrd parameter override (regression in 3.13) - [x86] bpf_jit: support negative offsets - printk: fix syslog() overflowing user buffer - Fix uses of dma_max_pfn() when converting to a limiting address - deb-pkg: Fix building for MIPS big-endian or ARM OABI - deb-pkg: Fix cross-building linux-headers package - fs/proc/proc_devtree.c: remove empty /proc/device-tree when no openfirmware exists. - KVM: MMU: handle invalid root_hpa at __direct_map - [x86] KVM: x86: handle invalid root_hpa everywhere - KVM: VMX: fix use after free of vmx->loaded_vmcs http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.9 - ext4: atomically set inode->i_flags in ext4_set_inode_flags() - rcuwalk: recheck mount_lock after mountpoint crossing attempts - Input: mousedev - fix race when creating mixed device - xen/balloon: flush persistent kmaps in correct position - Revert "xen: properly account for _PAGE_NUMA during xen pte translations" (regression in 3.13.5) - drm/i915: Undo gtt scratch pte unmapping again (regression in 3.12) - [i386/486] fix boot on uniprocessor systems - random32: avoid attempt to late reseed if in the middle of seeding - rcuwalk: switch mnt_hash to hlist - mm: close PageTail race - cgroup: protect modifications to cgroup_idr with cgroup_mutex - netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages (CVE-2014-2523) http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.10 - selinux: correctly label /proc inodes in use before the policy is loaded - net: sctp: fix skb leakage in COOKIE ECHO path of chunk->auth_chunk - bridge: multicast: add sanity check for query source addresses - tipc: allow connection shutdown callback to be invoked in advance - tipc: fix connection refcount leak - tipc: drop subscriber connection id invalidation - inet: frag: make sure forced eviction removes all frags - vlan: Set correct source MAC address with TX VLAN offload enabled (regression in 3.13) - tcp: tcp_release_cb() should release socket ownership - bridge: multicast: add sanity check for general query destination - bridge: multicast: enable snooping on general queries only - net: socket: error on a negative msg_namelen (regression in 3.11.10) - bonding: set correct vlan id for alb xmit path (regression in 3.12) - ipv6: Avoid unnecessary temporary addresses being generated - net: cdc_ncm: fix control message ordering (regression in 3.13) - tcp: syncookies: do not use getnstimeofday() (regression in 3.13) - tipc: fix spinlock recursion bug for failed subscriptions - ip_tunnel: Fix dst ref-count. (regression in 3.13.7) - tg3: Do not include vlan acceleration features in vlan_features - virtio-net: correct error handling of virtqueue_kick() (regression in 3.13) - usbnet: include wait queue head in device structure - vhost: fix total length when packets are too short (CVE-2014-0077) - vhost: validate vhost_get_vq_desc return value (CVE-2014-0055) - tcp: fix get_timewait4_sock() delay computation on 64bit (regression in 3.13) - xen-netback: remove pointless clause from if statement - netlink: don't compare the nul-termination in nla_strcmp - xen-netback: disable rogue vif in kthread context - net: vxlan: fix crash when interface is created with no group - rds: prevent dereference of a NULL device in rds_iw_laddr_check (CVE-2014-2678) - powernow-k6: disable cache when changing frequency - [m68k] Skip futex_atomic_cmpxchg_inatomic() test - crypto: ghash-clmulni-intel - use C implementation for setkey() -- Ben Hutchings Tue, 15 Apr 2014 22:12:38 +0100 linux (3.13.7-1) unstable; urgency=medium * New upstream stable update: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7 - mm: page_alloc: exempt GFP_THISNODE allocations from zone fairness (regression in 3.12) - mm: include VM_MIXEDMAP flag in the VM_SPECIAL list to avoid m(un)locking (regression in 3.12) - ocfs2: fix quota file corruption - ocfs2 syncs the wrong range... - memcg: fix endless loop in __mem_cgroup_iter_next() (regression in 3.13.3) - net-tcp: fastopen: fix high order allocations - ipv6: reuse ip6_frag_id from ip6_ufo_append_data - ipv4: ipv6: better estimate tunnel header cut for correct ufo handling - ip_tunnel:multicast process cause panic due to skb->_skb_refdst NULL pointer - mac80211: clear sequence/fragment number in QoS-null frames - ath9k: Fix ETSI compliance for AR9462 2.0 - ath9k: protect tid->sched check - cpuset: fix a locking issue in cpuset_migrate_mm() - cpuset: fix a race condition in __cpuset_node_allowed_softwall() - firewire: net: fix use after free - firewire: don't use PREPARE_DELAYED_WORK - libata: disable queued TRIM for Crucial M500 mSATA SSDs - libata: use wider match for blacklisting Crucial M500 - NFSv4: Fix another nfs4_sequence corruptor (Closes: #734268) - cpufreq: use cpufreq_cpu_get() to avoid cpufreq_get() race conditions - cpufreq: Skip current frequency initialization for ->setpolicy drivers (regression in 3.13) - iscsi/iser-target: Use list_del_init for ->i_conn_node - iser-target: Ignore completions for FRWRs in isert_cq_tx_work - iser-target: Fix post_send_buf_count for RDMA READ/WRITE - mm/readahead.c: fix do_readahead() for no readpage(s) (regression in 3.13) - fs/proc/base.c: fix GPF in /proc/$PID/map_files - drm/i915: fix pch pci device enumeration (regression in 3.11) - drm/i915: Reject >165MHz modes w/ DVI monitors (regression in 3.11) - drm/radeon: fix runpm disabling on non-PX harder (may fix #741619, #742507) - PCI: Enable INTx in pci_reenable_device() only when MSI/MSI-X not enabled (fixes regression in 3.13.6) - [x86] vmxnet3: fix netpoll race condition - mm/compaction: break out of loop on !PageBuddy in isolate_freepages_block - dm space map metadata: fix refcount decrement below 0 which caused corruption - dm cache: fix truncation bug when copying a block to/from >2TB fast device - net: unix socket code abuses csum_partial - SCSI: qla2xxx: Fix multiqueue MSI-X registration. - [x86] fpu: Check tsk_used_math() in kernel_fpu_end() for eager FPU - Btrfs: fix tree mod logging - Btrfs: fix data corruption when reading/updating compressed extents - intel_pstate: Add setting voltage value for baytrail P states. - Fix mountpoint reference leakage in linkat - bio-integrity: Fix bio_integrity_verify segment start bug - memcg: reparent charges of children before processing parent [ Ben Hutchings ] * [arm] mm: Avoid ABI change in 3.13.6 (fixes FTBFS) * nfqueue: Orphan frags in nfqnl_zcopy() and handle errors (CVE-2014-2568) -- Ben Hutchings Tue, 25 Mar 2014 17:23:31 +0000 linux-tools (3.13.6-1) unstable; urgency=medium * New upstream stable update: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.5 - Modpost: fixed USB alias generation for ranges including 0x9 and 0xA http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.6 - perf trace: Fix ioctl 'request' beautifier build problems on !(i386 || x86_64) arches [ Ben Hutchings ] * linux-tools: Remove the 'trace_3.13' link to perf * Clean another autoconf-generated file so double-builds work -- Ben Hutchings Wed, 19 Mar 2014 22:33:21 +0000 linux (3.13.6-1) unstable; urgency=high * New upstream stable update: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.6 - drm/nouveau/fb: use correct ram oclass for nv1a hardware (regression in 3.13) - ext4: fix xfstest generic/299 block validity failures - ext4: fix error paths in swap_inode_boot_loader() - ext4: don't try to modify s_flags if the the file system is read-only - ext4: fix online resize with a non-standard blocks per group setting - [arm] 7950/1: mm: Fix stage-2 device memory attributes - [arm] 7953/1: mm: ensure TLB invalidation is complete before enabling MMU - [arm] 7957/1: add DSB after icache flush in __flush_icache_all() - powerpc: Set the correct ksp_limit on ppc32 when switching to irq stack (regression in 3.12) - jbd2: fix use after free in jbd2_journal_start_reserved() - cifs: ensure that uncached writes handle unmapped areas correctly (CVE-2014-0069) - NFS: Do not set NFS_INO_INVALID_LABEL unless server supports labeled NFS (regression in 3.11) - NFS fix error return in nfs4_select_rw_stateid (regression in 3.12) - bridge: fix netconsole setup over bridge (regression in 3.12) - net: fix 'ip rule' iif/oif device rename - net: asix: add missing flag to struct driver_info - gre: add link local route when local addr is any (regression in 3.13) - ipv4: fix counter in_slow_tot - net: use __GFP_NORETRY for high order allocations - batman-adv: fix soft-interface MTU computation (regression in 3.13) - batman-adv: fix TT-TVLV parsing on OGM reception - batman-adv: release vlan object after checking the CRC - batman-adv: properly check pskb_may_pull return value - batman-adv: avoid potential race condition when adding a new neighbour - batman-adv: fix TT CRC computation by ensuring byte order (regression in 3.13) - batman-adv: free skb on TVLV parsing success - batman-adv: avoid double free when orig_node initialization fails - batman-adv: fix potential kernel paging error for unicast transmissions - cgroup: fix error return value in cgroup_mount() - cgroup: fix error return from cgroup_create() - cgroup: fix locking in cgroup_cfts_commit() - cgroup: update cgroup_enable_task_cg_lists() to grab siglock - fs: fix iversion handling - kvm: x86: fix emulator buffer overflow (CVE-2014-0049) - kvm, vmx: Really fix lazy FPU on nested guest - SUNRPC: Ensure that gss_auth isn't freed before its upcall messages - powerpc/powernv: Fix opal_xscom_{read,write} prototype - powerpc/powernv: Fix indirect XSCOM unmangling - perf/x86: Fix event scheduling - sata_sil: apply MOD15WRITE quirk to TOSHIBA MK2561GSYN - cpufreq: powernow-k8: Initialize per-cpu data-structures properly (regression in 3.12) - Revert "writeback: do not sync data dirtied after sync start" (regression in 3.13) - [arm] PCI: mvebu: Use Device ID and revision from underlying endpoint - PCI: Enable INTx if BIOS left them disabled - i7core_edac: Fix PCI device reference count - can: kvaser_usb: check number of channels returned by HW - usb: chipidea: need to mask when writting endptflush and endptprime - mei: set client's read_cb to NULL when flow control fails - workqueue: ensure @task is valid across kthread_stop() - regulator: da9063: Bug fix when setting max voltage on LDOs 5-11 - [armhf] mtd: nand: omap: fix ecclayout to be in sync with u-boot NAND driver (regression in 3.13) - [armhf] mtd: nand: omap: fix ecclayout->oobfree->offset - [armhf] mtd: nand: omap: fix ecclayout->oobfree->length - [armhf/armmp-lpae] iommu/arm-smmu: fix pud/pmd entry fill sequence - [armhf/armmp-lpae] iommu/arm-smmu: really fix page table locking - [armhf/armmp-lpae] iommu/arm-smmu: fix table flushing during initial allocations - [armhf/armmp-lpae] iommu/arm-smmu: set CBARn.BPSHCFG to NSH for s1-s2-bypass contexts - perf: Fix hotplug splat - quota: Fix race between dqput() and dquot_scan_active() - ipc,mqueue: remove limits for the amount of system-wide queues - mm, thp: fix infinite loop on memcg OOM - qla2xxx: Fix kernel panic on selective retransmission request - i7300_edac: Fix device reference count - dm cache: move hook_info into common portion of per_bio_data structure (regression in 3.13) - drm/radeon: fix missing bo reservation - drm/radeon: free uvd ring on unload [ Ben Hutchings ] * xhci: Revert more sg changes (Closes: #741989; also see #738113): - Revert "xhci 1.0: Limit arbitrarily-aligned scatter gather." - Revert "USBNET: ax88179_178a: enable tso if usb host supports sg dma" * aufs: Update to aufs3.13-20140303 - bugfix, Fix unmount to properly free anonymous block devices * net: fix for a race condition in the inet frag code (CVE-2014-0100) * net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable (CVE-2014-0101) * KEYS: Make the keyring cycle detector ignore other keyrings of the same name (CVE-2014-0102) * skbuff: skb_segment: orphan frags before copying (CVE-2014-0131) * ipv6: don't set DST_NOCOUNT for remotely added routes (CVE-2014-2309) -- Ben Hutchings Wed, 19 Mar 2014 16:18:42 +0000 linux (3.13.5-1) unstable; urgency=medium * New upstream stable update: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.5 - xen: properly account for _PAGE_NUMA during xen pte translations - mm: fix page leak at nfs_symlink() - mm/memory-failure.c: move refcount only in !MF_COUNT_INCREASED - CIFS: Fix SMB2 mounts so they don't try to set or get xattrs via cifs - CIFS: Add protocol specific operation for CIFS xattrs - CIFS: retrieving CIFS ACLs when mounted with SMB2 fails dropping session - mac80211: release the channel in error path in start_ap - mac80211: Fix IBSS disconnect - mac80211: fix fragmentation code, particularly for encryption - ath9k_htc: Do not support PowerSave by default - ath9k: Do not support PowerSave by default - [s390x] fix kernel crash due to linkage stack instructions - raw: test against runtime value of max_raw_minors - hwmon: (ntc_thermistor) Avoid math overflow - lockd: send correct lock when granting a delayed lock. - drm/i915: Pair va_copy with va_end in i915_error_vprintf - vt: Fix secure clear screen - staging: lustre: fix quotactl permission denied (LU-4530) - staging: comedi: adv_pci1710: fix analog output readback value - iio: adis16400: Set timestamp as the last element in chan_spec - iio: ak8975: Fix calculation formula for convert micro tesla to gauss unit - usb-storage: add unusual-devs entry for BlackBerry 9000 - usb-storage: restrict bcdDevice range for Super Top in Cypress ATACB - xhci 1.0: Limit arbitrarily-aligned scatter gather. - Revert "usbcore: set lpm_capable field for LPM capable root hubs" (regression in 3.12.1) - block: __elv_next_request() shouldn't call into the elevator if bypassing - block: Fix nr_vecs for inline integrity vectors - block: add cond_resched() to potentially long running ioctl discard loop - compiler/gcc4: Make quirk for asm_volatile_goto() unconditional - misc: mic: fix possible signed underflow (undefined behavior) in userspace API - KVM: return an error code in kvm_vm_ioctl_register_coalesced_mmio() - md/raid1: restore ability for check and repair to fix read errors. (regression in 3.10.5) - i2c: mv64xxx: refactor message start to ensure proper initialization - target: Fix free-after-use regression in PR unregister - drivers/edac/edac_mc_sysfs.c: poll timeout cannot be zero - EDAC: Poll timeout cannot be zero, p2 - EDAC: Correct workqueue setup path [ Ben Hutchings ] * [armhf] net/wireless: Really enable WL_TI and dependent modules * aufs: Update to aufs3.13-20140127 (no functional changes) * [powerpc] Change I2C_POWERMAC from module to built-in (Closes: #713943) * [mips] rtl8187: fix regression on MIPS without coherent DMA (Closes: #739978) * [x86] Enable CHROME_PLATFORMS and re-enable CHROMEOS_LAPTOP as module (Closes: #740042) * [armel/!kirkwood] udeb: Re-add lzo-modules udeb as lzo_compress is a module again (Closes: #740219) * debian/control: Simplify build-dependencies: - Remove versions for debhelper, python, kernel-wedge that are satisfied by stable - Remove module-init-tools as alternative to kmod, which is in stable -- Ben Hutchings Tue, 04 Mar 2014 19:49:27 +0000 linux-tools (3.13.4-1) unstable; urgency=medium * New upstream stable update: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.2 - perf kvm: Fix kvm report without guestmount. -- Ben Hutchings Sat, 22 Feb 2014 15:39:27 +0000 linux (3.13.4-1) unstable; urgency=low * New upstream stable update: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.1 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.2 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.3 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.4 [ Ben Hutchings ] * [x86] Enable POWERCAP, INTEL_RAPL as module (Closes: #736399) * [arm] Disable OABI_COMPAT and enable AUDITSYSCALL (except for armel/{ixp4xx,orion5x}) (Closes: #728975, #736843) * [x86] Enable R8188EU as module, 88EU_AP_MODE and 88EU_P2P (Closes: #736905) * [x86] Enable I2C_DESIGNWARE_PLATFORM as module (Closes: #737163) * [x86] snd-pcsp: Disable autoload (Closes: #697709) * DFSG: Remove the af9005 initialisation script and vs6624 driver again (they were renamed in 3.7) * linux-image.postinst: Use lstat() to check symlink existence (Closes: #738707) * [hppa] Update configuration, thanks to Helge Deller (Closes: #738487) - megaraid: Enable MEGARAID_NEWGEN as module; disable MEGARAID_LEGACY - drm: Change DRM from module to built-in - [/parisc64-smp] udeb: Add fb-modules package containing radeon driver * udeb: Add various recently enabled drivers - Add i40e to nic-modules - Add r815x to nic-usb-modules - Add ath10k_core, ath10k_pci, brcmfmac to nic-wireless-modules - Add esas2r to scsi-modules * Bluetooth: allocate static minor for vhci (fixes depmod error) * Set ABI to 1 -- Ben Hutchings Sat, 22 Feb 2014 11:54:57 +0000 linux-tools (3.13-1~exp3) experimental; urgency=medium * linux-tools: Fix/revert unportable code in perf trace (fixes FTBFS on powerpc, sparc) -- Ben Hutchings Fri, 07 Feb 2014 20:36:29 +0000 linux-tools (3.13-1~exp2) experimental; urgency=medium * Merge changes from sid up to 3.12.6-3 -- Ben Hutchings Sun, 02 Feb 2014 16:57:49 +0100 linux-tools (3.13-1~exp1) experimental; urgency=low * New upstream release -- Ben Hutchings Sun, 02 Feb 2014 12:02:29 +0100 linux (3.13-1~exp1) experimental; urgency=low * New upstream release: http://kernelnewbies.org/Linux_3.13 [ Ben Hutchings ] * [armhf] xen/pci: Fix build on non-x86 * [hppa/parisc64-smp] Disable MLONGCALLS (Closes: #733897) * [armel] Remove iop32x flavour (fixes FTBFS) * aufs: Update to aufs3.x-rcN-20140120 - bugfix, removed /proc/PID/fd/N [ Bastian Blank ] * Initial Python 3 support: - Build-depend on python-six. [ Aurelien Jarno ] * [mipsel] Remove cobalt d-i files. * [mipsel] Enable KEXEC like on mips. * [mipsel] Explicitly unset RAPIDIO like on mips. -- Ben Hutchings Mon, 20 Jan 2014 05:43:51 +0000 linux (3.13~rc6-1~exp1) experimental; urgency=low * New upstream release candidate [ Ben Hutchings ] * [rt] Disable until it is updated for 3.13 or later * aufs: Update to aufs3.x-rcN-20131223 * [x86] staging: lustre: Make LUSTRE_LLITE_LLOOP tristate * mm: Enable MEM_SOFT_DIRTY, NUMA_BALANCING but not NUMA_BALANCING_DEFAULT_ENABLED * ipv6: Enable IPV6_VTI as module * netfilter: Enable NF_TABLES, NFT_EXTHDR, NFT_META, NFT_CT, NFT_RBTREE, NFT_HASH, NFT_COUNTER, NFT_LOG, NFT_LIMIT, NFT_NAT, NFT_COMPAT, IP_SET_HASH_NETPORTNET, IP_SET_HASH_NETNET, IP_NF_TARGET_SYNPROXY, IP6_NF_TARGET_SYNPROXY as modules * net/sched: Enable NET_CLS_BPF as module * nfc: Enable NFC_DIGITAL, NFC_PORT100 as modules * block: Enable BLK_DEV_NULL_BLK, BLK_DEV_SKD as modules * SCSI: Enable SCSI_ESAS2R as module * net/usb: Enable USB_NET_HUAWEI_CDC_NCM as module * touchscreen: Enable TOUCHSCREEN_SUR40 as module * [x86] video: Enable X86_SYSFB, FB_SIMPLE * [x86] ACPI: Enable ACPI_EXTLOG * [x86] touchscreen: Enable TOUCHSCREEN_TSC_SERIO as module * [x86] tpm: Enable TCG_TIS_I2C_ATMEL, TCG_TIS_I2C_INFINEON, TCG_TIS_I2C_NUVOTON, TCG_ST33_I2C, TCG_XEN as modules * [amd64] misc: Enable INTEL_MIC_HOST as module * [powerpc/powerpc64] block: Enable AIX_PARTITION * net/sched: Change NET_CLS_CGROUP from built-in to module * nfc: Disable NFC_NCI as no enabled drivers need it * misc: Disable BMP085_I2C as unlikely to be useful [ Aurelien Jarno ] * [mipsel] Remove r5k-cobalt flavour. -- Ben Hutchings Mon, 30 Dec 2013 02:36:11 +0100 linux-tools (3.12.6-3) unstable; urgency=medium * linux-tools: Explicitly enable/disable libunwind usage for all architectures (fixes FTBFS on s390x and sparc) * linux-tools: Only use libunwind on x86, as perf needs additional porting work for other architectures (fixes FTBFS on arm and powerpc) -- Ben Hutchings Sun, 02 Feb 2014 16:46:44 +0100 linux-tools (3.12.6-2) unstable; urgency=medium * linux-tools: Replace build-dependency on libunwind7-dev with libunwind8-dev -- Ben Hutchings Sun, 02 Feb 2014 11:51:18 +0100 linux (3.12.9-1) unstable; urgency=high * New upstream stable update: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.9 - Revert "ACPI: Add BayTrail SoC GPIO and LPSS ACPI IDs" (regression in 3.12.7) - GFS2: Increase i_writecount during gfs2_setattr_chown - vfs: Fix a regression in mounting proc (regression in 3.12) - fork: Allow CLONE_PARENT after setns(CLONE_NEWPID) (regression in 3.12) - i2c: Re-instate body of i2c_parent_is_i2c_adapter() (regression in 3.12) - writeback: Fix data corruption on NFS - thp: fix copy_page_rep GPF by testing is_huge_zero_pmd once only - [x86] ftrace: Load ftrace_ops in parameter not the variable holding it - nilfs2: fix segctor bug that causes file system corruption - md: fix problem when adding device to read-only array with bitmap. - md/raid10: fix bug when raid10 recovery fails to recover a block. - md/raid10: fix two bugs in handling of known-bad-blocks. - md/raid5: Fix possible confusion when multiple write errors occur. - mm: Make {,set}page_address() static inline if WANT_PAGE_VIRTUAL (fixes FTBFS on sparc and m68k) - [x86] drm/i915: Don't grab crtc mutexes in intel_modeset_gem_init() (regression in 3.12.7) - [arm] 7938/1: OMAP4/highbank: Flush L2 cache before disabling [ Ben Hutchings ] * HID: Enable HID_ELO, HID_XINMO as modules (Closes: #736369) * xhci: Revert generalised sg support (Closes: #733826, #736274) -- Ben Hutchings Sat, 01 Feb 2014 18:50:01 +0100 linux (3.12.8-1) unstable; urgency=medium * New upstream stable update: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.7 - [powerpc] kvm: fix rare but potential deadlock scene - [m68k] TTY: pmac_zilog, check existence of ports in pmz_console_init() - xhci: Limit the spurious wakeup fix only to HP machines (fixes regression in 3.12) - usb: chipidea: host: Only disable the vbus regulator if it is not NULL (fixes regression in 3.12) - aio: fix kioctx leak introduced by "aio: Fix a trinity splat" - iser-target: Move INIT_WORK setup into isert_create_device_ib_res - [x86] idle: Repair large-server 50-watt idle-power regression (fixes regression in 3.10) - ext4: call ext4_error_inode() if jbd2_journal_dirty_metadata() fails - ext4: fix use-after-free in ext4_mb_new_blocks - ext4: fix del_timer() misuse for ->s_err_report - ext4: add explicit casts when masking cluster sizes - ext4: fix bigalloc regression - sched/rt: Fix rq's cpupri leak while enqueue/dequeue child RT entities - net_dma: mark broken (fixes potential data loss) - drm/i915: Take modeset locks around intel_modeset_setup_hw_state() - drm/i915: Hold mutex across i915_gem_release - drm/i915: Fix use-after-free in do_switch - drm/i915: don't update the dri1 breadcrumb with modesetting - drm/i915: Fix erroneous dereference of batch_obj inside reset_status - ceph: Avoid data inconsistency due to d-cache aliasing in readpage() - tg3: Expand 4g_overflow_test workaround to skb fragments of any size. - cgroup: fix cgroup_create() error handling path - [powerpc] auxvec.h: account for AT_HWCAP2 in AT_VECTOR_SIZE_BASE - ath9k_htc: properly set MAC address and BSSID mask (CVE-2013-4579) (Closes: #729573) - KVM: nVMX: Unconditionally uninit the MMU on nested vmexit - [x86] KVM: Fix APIC map calculation after re-enabling - [powerpc] Fix bad stack check in exception entry - libata: implement ATA_HORKAGE_NO_NCQ_TRIM and apply it to Micro M500 SSDs (fixes potential data loss) - radiotap: fix bitmap-end-finding buffer overrun - mm: numa: serialise parallel get_user_page against THP migration - mm: numa: call MMU notifiers on THP migration - mm: clear pmd_numa before invalidating - mm: numa: do not clear PTE for pte_numa update - mm: numa: ensure anon_vma is locked to prevent parallel THP splits - sched: numa: skip inaccessible VMAs - mm: numa: clear numa hinting information on mprotect - mm: fix TLB flush race between migration, and change_protection_range - mm: numa: guarantee that tlb_flush_pending updates are visible before page table updates - mm/mempolicy: correct putback method for isolate pages if failed - mm/compaction: respect ignore_skip_hint in update_pageblock_skip - mm/hugetlb: check for pte NULL pointer in __page_check_address() - mm: munlock: fix a bug where THP tail page is encountered - mm: munlock: fix deadlock