[linux] 02/02: Merge tag 'debian/3.2.68-1+deb7u5' into wheezy
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Wed Oct 14 02:15:31 UTC 2015
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch wheezy
in repository linux.
commit 56465353a4ce3a7933a3f031d323c0fe345612e5
Merge: d6b190b a5d5edb
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Wed Oct 14 01:31:11 2015 +0100
Merge tag 'debian/3.2.68-1+deb7u5' into wheezy
All patches added were also included in 3.2.72, so only the changelog
changes.
debian/changelog | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
diff --cc debian/changelog
index 69c2f7c,fe52e08..2deb8c4
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,347 -1,15 +1,354 @@@
+linux (3.2.72-1) UNRELEASED; urgency=medium
+
+ * New upstream stable update:
+ http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.72
+ - xen/gntdevt: Fix race condition in gntdev_release()
+ - [armel/ixp4xx] crypto: Remove bogus BUG_ON on scattered dst buffer
+ - target/iscsi: Fix double free of a TUR followed by a solicited NOPOUT
+ - md/raid1: extend spinlock to protect raid1_end_read_request against
+ inconsistencies
+ - target: REPORT LUNS should return LUN 0 even for dynamic ACLs
+ - [mips*] Fix sched_getaffinity with MT FPAFF enabled
+ - xhci: fix off by one error in TRB DMA address boundary check
+ - rds: fix an integer overflow test in rds_info_getsockopt()
+ - perf: Fix fasync handling on inherited events
+ - [mips*] Make set_pte() SMP safe.
+ - ocfs2: fix BUG in ocfs2_downconvert_thread_do_work()
+ - net: Clone skb before setting peeked flag
+ - net: Fix skb_set_peeked use-after-free bug
+ - [x86] ldt: Make modify_ldt synchronous
+ - [x86] ldt: Correct LDT access in single stepping logic
+ - [x86] ldt: Correct FPU emulation access to LDT
+ - dm btree: add ref counting ops for the leaves of top level btrees
+ - libiscsi: Fix host busy blocking during connection teardown
+ - libfc: Fix fc_fcp_cleanup_each_cmd()
+ - ipc,sem: fix use after free on IPC_RMID after a task using same semaphore
+ set exits
+ - [x86] ldt: Further fix FPU emulation
+ - net: Fix RCU splat in af_key
+ - sctp: donot reset the overall_error_count in SHUTDOWN_RECEIVE state
+ - [sparc] Fix userspace FPU register corruptions. (Closes: #789180)
- - dcache: Handle escaped paths in prepend_path
- - vfs: Test for and handle paths that are unreachable from their mnt_root
+ - rc-core: fix remove uevent generation
+ - PCI: Fix TI816X class code quirk
+ - mac80211: enable assoc check for mesh interfaces
+ - PCI: Add VPD function 0 quirk for Intel Ethernet devices
+ - usb: gadget: m66592-udc: forever loop in set_feature()
+ - KVM: MMU: fix validation of mmio page fault
+ - auxdisplay: ks0108: fix refcount
+ - devres: fix devres_get()
+ - [powerpc] windfarm: decrement client count when unregistering
+ - NFSv4: don't set SETATTR for O_RDONLY|O_EXCL
+ - usb: host: ehci-sys: delete useless bus_to_hcd conversion
+ - eCryptfs: Invalidate dcache entries when lower i_nlink is zero
+ - xfs: Fix xfs_attr_leafblock definition
+ - of/address: Don't loop forever in of_find_matching_node_by_address().
+ - drivercore: Fix unregistration path of platform devices
+ - xfs: return errors from partial I/O failures to files
+ - IB/qib: Change lkey table allocation to support more MRs
+ - SUNRPC: xs_reset_transport must mark the connection as disconnected
+ - IB/mlx4: Use correct SL on AH query under RoCE
+ - IB/uverbs: Fix race between ib_uverbs_open and remove_one
+ - IB/uverbs: reject invalid or unknown opcodes
+ - Input: evdev - do not report errors form flush()
+ - [x86] crypto: ghash-clmulni: specify context size for ghash async
+ algorithm
+ - fs: create and use seq_show_option for escaping
+ - ARM: 8429/1: disable GCC SRA optimization
+ - pagemap: hide physical addresses from non-privileged users
+ - [powerpc] MSI: Fix race condition in tearing down MSI interrupts
+ - hfs,hfsplus: cache pages correctly between bnode_create and bnode_free
+ - hfs: fix B-tree corruption after insertion at position 0
+ - perf header: Fixup reading of HEADER_NRCPUS feature
+ - USB: option: add ZTE PIDs
+ - Btrfs: fix read corruption of compressed and shared extents
+ - btrfs: skip waiting on ordered range for special files
+ - [armhf] 7880/1: Clear the IT state independent of the Thumb-2 mode
+ - [i386] platform: Fix Geode LX timekeeping in the generic x86 build
+ - [s390*] compat: correct uc_sigmask of the compat signal frame
+ - [x86] KVM: trap AMD MSRs for the TSeg base and mask
+ - usb: Use the USB_SS_MULT() macro to get the burst multiplier.
+ - xhci: give command abortion one more chance before killing xhci
+ - usb: xhci: Clear XHCI_STATE_DYING on start
+ - xhci: change xhci 1.0 only restrictions to support xhci 1.1
+ - cifs: use server timestamp for ntlmv2 authentication
+ - [x86] paravirt: Replace the paravirt nop with a bona fide empty function
+ - ocfs2/dlm: fix deadlock when dispatch assert master
- - USB: whiteheat: fix potential null-deref at probe
- - ipc/sem.c: fully initialize sem_array before making it visible
- - Initialize msg/shm IPC objects before doing ipc_addid()
+ - net/tipc: initialize security state for new connection socket
+ - net: pktgen: fix race between pktgen_thread_worker() and kthread_stop()
+ - net: Fix skb csum races when peeking
+ - ipv6: lock socket in ip6_datagram_connect()
+ - bonding: correct the MAC address for "follow" fail_over_mac policy
+ - net/ipv6: Correct PIM6 mrt_lock handling
+ - fib_rules: fix fib rule dumps across multiple skbs
+ - ipv6: prevent fib6_run_gc() contention
+ - ipv6: update ip6_rt_last_gc every time GC is run
+ - jbd2: avoid infinite loop when destroying aborted journal
+
+ -- Ben Hutchings <ben at decadent.org.uk> Wed, 14 Oct 2015 01:11:17 +0100
+
+linux (3.2.71-2) wheezy; urgency=medium
+
+ * Ignore ABI changes in drivers/net/wireless/* (fixes FTBFS on i386)
+ * jbd2: protect all log tail updates with j_checkpoint_mutex
+ (regression in 3.2.71)
+
+ -- Ben Hutchings <ben at decadent.org.uk> Mon, 05 Oct 2015 23:37:40 +0100
+
+linux (3.2.71-1) wheezy; urgency=medium
+
+ * New upstream stable update:
+ http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.69
+ - usb: core: buffer: smallest buffer should start at ARCH_DMA_MINALIGN
+ - TPM: Add new TPMs to the tail of the list to prevent inadvertent change of
+ dev
+ - [x86] staging: comedi: comedi_compat32.c: fix COMEDI_CMD copy back
+ - cdc-acm: add sanity checks
+ - USB: fix use-after-free bug in usb_hcd_unlink_urb()
+ - tty: Prevent untrappable signals from malicious program
+ - rtnetlink: ifla_vf_policy: fix misuses of NLA_BINARY
+ - fsnotify: fix handling of renames in audit
+ - NFSv4.1: Fix a kfree() of uninitialised pointers in decode_cb_sequence_args
+ - mm/hugetlb: fix getting refcount 0 page in hugetlb_fault()
+ - mm/hugetlb: add migration/hwpoisoned entry check in
+ hugetlb_change_protection
+ - mm/hugetlb: add migration entry check in __unmap_hugepage_range
+ - mm/mmap.c: fix arithmetic overflow in __vm_enough_memory()
+ - iscsi-target: Drop problematic active_ts_list usage
+ - mm/memory.c: actually remap enough memory
+ - jffs2: fix handling of corrupted summary length
+ - dm mirror: do not degrade the mirror on discard error
+ - dm io: reject unsupported DISCARD requests with EOPNOTSUPP
+ - sg: fix read() error reporting
+ - netfilter: xt_socket: fix a stack corruption bug
+ - IB/qib: Do not write EEPROM
+ - dm: fix a race condition in dm_get_md
+ - dm snapshot: fix a possible invalid memory access on unload
+ - libceph: fix double __remove_osd() problem
+ - ipv4: ip_check_defrag should correctly check return value of skb_copy_bits
+ (regression in 3.2.36)
+ - debugfs: leave freeing a symlink body until inode eviction
+ - autofs4: check dev ioctl size before allocating
+ - autofs4 copy_dev_ioctl(): keep the value of ->size we'd used for allocation
+ - xfs: ensure truncate forces zeroed blocks to disk
+ - net: compat: Ignore MSG_CMSG_COMPAT in compat_sys_{send, recv}msg
+ (regression in 3.2.48)
+ - xhci: Allocate correct amount of scratchpad buffers
+ - USB: usbfs: don't leak kernel data in siginfo
+ - USB: serial: fix potential use-after-free after failed probe
+ - USB: serial: fix tty-device error handling at probe
+ - nilfs2: fix potential memory overrun on inode
+ - eCryptfs: don't pass fs-specific ioctl commands through
+ - TTY: fix tty_wait_until_sent on 64-bit machines
+ - gadgetfs: use-after-free in ->aio_read()
+ - gadgetfs: Fix leak on error in aio_read()
+ - fuse: notify: don't move pages
+ - fuse: set stolen page uptodate
+ - dm: hold suspend_lock while suspending device during device deletion
+ - dm io: deal with wandering queue limits when handling REQ_DISCARD and
+ REQ_WRITE_SAME
+ - mac80211: drop unencrypted frames in mesh fwding
+ - mac80211: disable u-APSD queues by default
+ - libsas: Fix Kernel Crash in smp_execute_task
+ - Input: synaptics - handle spurious release of trackstick buttons
+ - can: add missing initialisations in CAN related skbuffs
+ - ALSA: control: Add sanity checks for user ctl id name string
+ - nilfs2: fix deadlock of segment constructor during recovery
+ (regression in 3.2.68)
+ - pagemap: do not leak physical addresses to non-privileged userspace
+ (mitigation of the DRAM 'rowhammer' defect)
+ - iio: core: Fix double free.
+ - net: compat: Update get_compat_msghdr() to match copy_msghdr_from_user()
+ behaviour (regression in 3.2.54)
+ - cifs: fix use-after-free bug in find_writable_file
+ - mm: fix anon_vma->degree underflow in anon_vma endless growing prevention
+ (regression in 3.2.67)
+ - hfsplus: fix B-tree corruption after insertion at position 0
+ - mac80211: fix RX A-MPDU session reorder timer deletion
+ - ocfs2: _really_ sync the right range
+ - net:socket: set msg_namelen to 0 if msg_name is passed as NULL in msghdr
+ struct from userland. (fixes regression in 3.2.53-1)
+ - jfs: fix readdir regression (regression in 3.2.51)
+ - ip: zero sockaddr returned on error queue
+ - net: rps: fix cpu unplug
+ - ipv6: stop sending PTB packets for MTU < 1280
+ - ping: Fix race in free in receive path
+ - ppp: deflate: never return len larger than output buffer
+ - net: gen_stats.c: Duplicate xstats buffer for later use
+ - ipv4: ip_check_defrag should not assume that skb_network_offset is zero
+ - ematch: Fix auto-loading of ematch modules.
+ - net: reject creation of netdev names with colons
+ - macvtap: limit head length of skb allocated
+ - macvtap: make sure neighbour code can push ethernet header
+ - udp: only allow UFO for packets from SOCK_DGRAM sockets
+ - rds: avoid potential stack overflow
+ - tcp: make connect() mem charging friendly
+ - 8139cp,8139too,r8169,tg3,ixgb,benet,gianfar: Call dev_kfree_skb_any
+ instead of kfree_skb
+ - tcp: avoid looping in tcp_send_fin()
+ - net: make skb_gso_segment error handling more robust
+ - spi: spidev: fix possible arithmetic overflow for multi-transfer message
+ - IB/core: Avoid leakage from kernel to user space
+ - ipvs: uninitialized data with IP_VS_IPV6
+ - [s390*] Revert "KVM: s390: flush CPU on load control" (regression in
+ 3.2.67)
+ http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.70
+ - [x86] Drivers: hv: vmbus: Fix a bug in the error path in vmbus_open()
+ - e1000: add dummy allocator to fix race condition between mtu change and
+ netpoll
+ - [s390*] KVM: Zero out current VMDB of STSI before including level3 data.
+ - [armhf/omap] usb: musb: core: fix TX/RX endpoint order
+ - UBI: account for bitflips in both the VID header and data
+ - UBI: fix out of bounds write
+ - UBI: initialize LEB number variable
+ - UBI: fix check for "too many bytes"
+ - Btrfs: fix log tree corruption when fs mounted with -o discard
+ - btrfs: don't accept bare namespace as a valid xattr
+ - [arm*] 8320/1: fix integer overflow in ELF_ET_DYN_BASE
+ - [mips*] Hibernate: flush TLB entries earlier
+ - ext4: make fsync to sync parent dir in no-journal for real this time
+ - jhash: Update jhash_[321]words functions to use correct initval
+ - scsi: storvsc: Fix a bug in copy_from_bounce_buffer()
+ - ALSA: emu10k1: don't deadlock in proc-functions
+ - [s390*] hibernate: fix save and restore of kernel text section
+ - Btrfs: fix inode eviction infinite loop after cloning into it
+ - [powerpc] perf: Cap 64bit userspace backtraces to PERF_MAX_STACK_DEPTH
+ - fs/binfmt_elf.c: fix bug in loading of PIE binaries
+ - IB/core: disallow registering 0-sized memory region
+ - ptrace: fix race between ptrace_resume() and wait_task_stopped()
+ - memstick: mspro_block: add missing curly braces
+ - [x86] KVM: VMX: Preserve host CR4.MCE value while in guest mode.
+ - ALSA: emu10k1: Fix card shortname string buffer overflow
+ - 3w-sas,3w-xxxx,3w-9xxx: fix command completion race
+ - cdc-acm: prevent infinite loop when parsing CDC headers.
+ - ALSA: emux: Fix mutex deadlock in OSS emulation
+ - gpio: sysfs: fix memory leaks and device hotplug
+ - ext4: move check under lock scope to close a race.
+ - nfsd: fix the check for confirmed openowner in nfs4_preprocess_stateid_op
+ - nilfs2: fix sanity check of btree level in nilfs_btree_root_broken()
+ - ocfs2: dlm: fix race between purge and get lock resource
+ - ACPI / init: Fix the ordering of acpi_reserve_resources()
+ - md/raid5: don't record new size if resize_stripes fails.
+ - ipvs: fix memory leak in ip_vs_ctl.c
+ - mac80211: move WEP tailroom size check
+ - [x86] KVM: MMU: fix CR4.SMEP=1, CR0.WP=0 with shadow pages
+ - firmware: dmi_scan: Fix ordering of product_uuid (regression in 3.2.38)
+ - ext4: check for zero length extent explicitly (regression in 3.2.55)
+ - jbd2: fix r_count overflows leading to buffer overflow in journal recovery
+ - sd: Disable support for 256 byte/sector disks
+ - xen/events: don't bind non-percpu VIRQs with percpu chip
+ - [s390*] crypto: ghash - Fix incorrect ghash icv buffer handling.
+ - fs/binfmt_elf.c:load_elf_binary(): return -EINVAL on zero-length mappings
+ - vfs: d_walk() might skip too much (regression in 3.2.66)
+ - [amd64] Fix strnlen_user() to not touch memory after specified maximum
+ - ipvs: kernel oops - do_ip_vs_get_ctl
+ - [powerpc] Don't skip ePAPR spin-table CPUs (regression in 3.2.61)
+ - net: dp83640: fix broken calibration routine.
+ - unix/caif: sk_socket can disappear when state is unlocked
+ - bridge: fix br_stp_set_bridge_priority race conditions
+ - packet: read num_members once in packet_rcv_fanout()
+ - packet: avoid out of bounds read in round robin fanout
+ - neigh: do not modify unlinked entries
+ - debugfs: Fix statfs() regression in 3.2.69
+ - net: socket: Fix the wrong returns for recvmsg and sendmsg
+ - [x86] config: Enable NEED_DMA_MAP_STATE by default when SWIOTLB is
+ selected (Closes: #786551)
+ - softirq: reduce latencies
+ - softirq: Fix lockup related to stop_machine being stuck in __do_softirq.
+ - [mips*] Fix race condition in lazy cache flushing.
+ - [mips/octeon] Remove udelay() causing huge IRQ latency
+ http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.71
+ - hrtimer: Allow concurrent hrtimer_start() for self restarting timers
+ - s5h1420: fix a buffer overflow when checking userspace params
+ - cx24116: fix a buffer overflow when checking userspace params
+ - mtd: fix: avoid race condition when accessing mtd->usecount
+ - rcu: Correctly handle non-empty Tiny RCU callback list with none ready
+ - [x86] staging: rtl8712: prevent buffer overrun in recvbuf2recvframe
+ - SUNRPC: Fix a memory leak in the backchannel code
+ - regulator: core: fix constraints output buffer
+ - [armel] dmaengine: mv_xor: bug fix for racing condition in descriptors
+ cleanup
+ - ext4: fix race between truncate and __ext4_journalled_writepage()
+ - [x86] pcmcia: Disable write buffering on Toshiba ToPIC95
+ - jbd2: issue cache flush after checkpointing even with internal journal
+ - jbd2: fix ocfs2 corrupt when updating journal superblock fails
+ - mmc: card: Fixup request missing in mmc_blk_issue_rw_rq
+ - ext4: call sync_blockdev() before invalidate_bdev() in put_super()
+ - iio: DAC: ad5624r_spi: fix bit shift of output data value
+ - ext4: don't retry file block mapping on bigalloc fs with non-extent file
+ - NET: ROSE: Don't dereference NULL neighbour pointer.
+ - fs: Fix S_NOSEC handling
+ - Btrfs: use kmem_cache_free when freeing entry in inode cache
+ - Btrfs: fix race between caching kthread and returning inode to inode
+ cache
+ - fuse: initialize fc->release before calling it
+ - ext4: avoid deadlocks in the writeback path by using sb_getblk_gfp
+ - netfilter: bridge: don't leak skb in error paths
+ - [x86] KVM: make vapics_in_nmi_mode atomic
+ - 9p: forgetting to cancel request on interrupted zero-copy RPC
+ - dm btree remove: fix bug in redistribute3
+ - rtnetlink: verify IFLA_VF_INFO attributes before passing them to driver
+ - mm: avoid setting up anonymous pages into file mapping
+ - net: do not process device backlog during unregistration
+ - net: call rcu_read_lock early in process_backlog
+ - 9p: don't leave a half-initialized inode sitting around
+ - Btrfs: fix file corruption after cloning inline extents
+ - rds: rds_ib_device.refcount overflow
+ - libata: force disable trim for SuperSSpeed S238
+ - inet: frags: fix defragmented packet's IP header for af_packet
+ - netfilter: nf_conntrack: Support expectations in different zones
+ - usb-storage: ignore ZTE MF 823 card reader in mode 0x1225
+ - md/raid1: fix test for 'was read error from last working device'.
+ - iscsi-target: Fix use-after-free during TPG session shutdown
+ - [x86] xen: Probe target addresses in set_aliased_prot() before the
+ hypercall
+
+ [ Ben Hutchings ]
+ * drm, agp: Update to 3.4.109:
+ - [x86] drm/i915: Unlock panel even when LVDS is disabled
+ - drm/radeon: kernel panic in drm_calc_vbltimestamp_from_scanoutpos with
+ 3.18.0-rc6
+ - [x86] drm/vmwgfx: Don't use memory accounting for kernel-side fence objects
+ - [x86] drm/vmwgfx: Fix fence event code
+ - drm/radeon: check the right ring in radeon_evict_flags()
+ - [x86] drm/i915: Only fence tiled region of object.
+ - drm/radeon/dp: Set EDP_CONFIGURATION_SET for bridge chips if necessary
+ - drm/radeon: do a posting read in r100_set_irq
+ - drm/radeon: do a posting read in rs600_set_irq
+ - drm/radeon: do a posting read in r600_set_irq
+ - drm/radeon: do a posting read in evergreen_set_irq
+ - drm/radeon: do a posting read in si_set_irq
+ - drm/radeon: fix DRM_IOCTL_RADEON_CS oops
+ - [x86] drm/vmwgfx: Reorder device takedown somewhat
+ - radeon: Do not directly dereference pointers to BIOS area.
+ - drm/radeon: fix doublescan modes (v2)
+ - drm/radeon: Use drm_calloc_ab for CS relocs
+ - drm/radeon: fix VM_CONTEXT*_PAGE_TABLE_END_ADDR handling
+ - [x86] drm/i915: Don't skip request retirement if the active list is empty
+ * Revert "ACPICA: Utilities: split IO address types from data type models."
+ to avoid ABI change on i386
+ * Adjust for migration to git:
+ - Update .gitignore files
+ - debian/control: Update Vcs-* fields
+ - README.Debian, README.source: Update references to svn
+ * [rt] Update to 3.2.70-rt103:
+ - KVM: lapic: mark LAPIC timer handler as irqsafe
+ - mm/slub: move slab initialization into irq enabled region
+ - xfs: Disable percpu SB on PREEMPT_RT_FULL
+
+ -- Ben Hutchings <ben at decadent.org.uk> Mon, 21 Sep 2015 23:04:56 +0200
+
+ linux (3.2.68-1+deb7u5) wheezy-security; urgency=medium
+
+ * USB: whiteheat: fix potential null-deref at probe (CVE-2015-5257)
+ * ipc/sem.c: fully initialize sem_array before making it visible
+ * ipc: Initialize msg/shm IPC objects before doing ipc_addid()
+ (CVE-2015-7613)
+ * vfs: Fix possible escape from mount namespace or chroot (CVE-2015-2925):
+ - dcache: Handle escaped paths in prepend_path
+ - vfs: Test for and handle paths that are unreachable from their mnt_root
+
+ -- Ben Hutchings <ben at decadent.org.uk> Fri, 09 Oct 2015 23:24:39 +0100
+
linux (3.2.68-1+deb7u4) wheezy-security; urgency=medium
* ipv6: addrconf: validate new MTU before applying it (CVE-2015-0272)
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list