[linux] 01/01: Update to 4.6.6
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Thu Aug 11 14:32:12 UTC 2016
This is an automated email from the git hooks/post-receive script.
carnil pushed a commit to branch sid
in repository linux.
commit 457d8bb6bd526d3f5e237fd0f24a0db8d70a90fd
Author: Salvatore Bonaccorso <carnil at debian.org>
Date: Thu Aug 11 16:14:40 2016 +0200
Update to 4.6.6
---
debian/changelog | 104 ++++++++++++++++++++-
...fix-leak-in-events-via-snd_timer_user_cca.patch | 28 ------
...fix-leak-in-events-via-snd_timer_user_tin.patch | 28 ------
...imer-fix-leak-in-sndrv_timer_ioctl_params.patch | 28 ------
...E-ON-CX1-JB256-HP-needs-lower-max_sectors.patch | 35 -------
...octl-prevent-double-fetch-in-dedupe-ioctl.patch | 30 ------
debian/patches/series | 5 -
7 files changed, 99 insertions(+), 159 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 454e783..aff7d27 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-linux (4.6.5-1) UNRELEASED; urgency=medium
+linux (4.6.6-1) UNRELEASED; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.5
@@ -204,15 +204,109 @@ linux (4.6.5-1) UNRELEASED; urgency=medium
- [x86] drm/i915: Revert DisplayPort fast link training feature
- ovl: Do d_type check only if work dir creation was successful
- ovl: warn instead of error if d_type is not supported
+ https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.6
+ - USB: OHCI: Don't mark EDs as ED_OPER if scheduling fails
+ - x86/quirks: Apply nvidia_bugs quirk only on root bus
+ - x86/quirks: Reintroduce scanning of secondary buses
+ - x86/quirks: Add early quirk to reset Apple AirPort card
+ - dmaengine: at_xdmac: align descriptors on 64 bits
+ - dmaengine: at_xdmac: fix residue corruption
+ - dmaengine: at_xdmac: double FIFO flush needed to compute residue
+ - mm, sl[au]b: add __GFP_ATOMIC to the GFP reclaim mask
+ - memcg: mem_cgroup_migrate() may be called with irq disabled
+ - memcg: css_alloc should return an ERR_PTR value on error
+ - mm/swap.c: flush lru pvecs on compound page arrival
+ - mm, compaction: abort free scanner if split fails
+ - fs/nilfs2: fix potential underflow in call to crc32_le
+ - mm, compaction: prevent VM_BUG_ON when terminating freeing scanner
+ - uapi: export lirc.h header
+ - mm, meminit: always return a valid node from early_pfn_to_nid
+ - mm, meminit: ensure node is online before checking whether pages are uninitialised
+ - vmlinux.lds: account for destructor sections
+ - mm: thp: refix false positive BUG in page_move_anon_rmap()
+ - mm: memcontrol: fix cgroup creation failure after many small jobs
+ - radix-tree: fix radix_tree_iter_retry() for tagged iterators.
+ - pps: do not crash when failed to register
+ - kernel/sysrq, watchdog, sched/core: Reset watchdog on all CPUs while processing sysrq-w
+ - sched/debug: Fix deadlock when enabling sched events
+ - arc: unwind: warn only once if DW2_UNWIND is disabled
+ - ARC: unwind: ensure that .debug_frame is generated (vs. .eh_frame)
+ - xen/pciback: Fix conf_space read/write overlap check.
+ - xen-blkfront: save uncompleted reqs in blkfront_resume()
+ - xenbus: don't BUG() on user mode induced condition
+ - xenbus: don't bail early from xenbus_dev_request_and_reply()
+ - xen-blkfront: fix resume issues after a migration
+ - xen-blkfront: don't call talk_to_blkback when already connected to blkback
+ - ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS
+ - ALSA: timer: Fix leak in events via snd_timer_user_ccallback
+ - ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt
+ - Input: vmmouse - remove port reservation
+ - Input: elantech - add more IC body types to the list
+ - Input: xpad - fix oops when attaching an unknown Xbox One gamepad
+ - Input: wacom_w8001 - w8001_MAX_LENGTH should be 13
+ - Input: wacom_w8001 - ignore invalid pen data packets
+ - Input: xpad - validate USB endpoint count during probe
+ - Revert "Input: wacom_w8001 - drop use of ABS_MT_TOOL_TYPE"
+ - Input: synaptics-rmi4 - fix maximum size check for F12 control register 8
+ - Input: tsc200x - report proper input_dev name
+ - pvclock: Add CPU barriers to get correct version value
+ - pinctrl: single: Fix missing flush of posted write for a wakeirq
+ - pinctrl: imx: Do not treat a PIN without MUX register as an error
+ - cgroup: remove redundant cleanup in css_create
+ - cgroup: set css->id to -1 during init
+ - cgroup: Disable IRQs while holding css_set_lock
+ - power_supply: power_supply_read_temp only if use_cnt > 0
+ - locks: use file_inode()
+ - Revert "ecryptfs: forbid opening files without mmap handler"
+ - ecryptfs: don't allow mmap when the lower fs doesn't support it
+ - ext4: verify extent header depth
+ - 9p: use file_dentry()
+ - cpufreq: Avoid false-positive WARN_ON()s in cpufreq_update_policy()
+ - devpts: fix null pointer dereference on failed memory allocation
+ - namespace: update event counter when umounting a deleted dentry
+ - spi: rockchip: Signal unfinished DMA transfers
+ - spi: sunxi: fix transfer timeout
+ - spi: sun4i: fix FIFO limit
+ - clk: rockchip: initialize flags of clk_init_data in mmc-phase clock
+ - clk: at91: fix clk_programmable_set_parent()
+ - lockd: unregister notifier blocks if the service fails to come up completely
+ - platform/chrome: cros_ec_dev - double fetch bug in ioctl
+ - qeth: delete napi struct when removing a qeth device
+ - init/Kconfig: keep Expert users menu together
+ - block: fix use-after-free in sys_ioprio_get()
+ - mmc: block: fix free of uninitialized 'idata->buf'
+ - mmc: block: fix packed command header endianness
+ - sched/fair: Fix effective_load() to consistently use smoothed load
+ - can: at91_can: RX queue could get stuck at high bus load
+ - can: c_can: Update D_CAN TX and RX functions to 32 bit - fix Altera Cyclone access
+ - can: fix handling of unmodifiable configuration options fix
+ - can: fix oops caused by wrong rtnl dellink usage
+ - RDS: fix rds_tcp_init() error path
+ - irqchip/mips-gic: Map to VPs using HW VPNum
+ - irqchip/mips-gic: Match IPI IRQ domain by bus token only
+ - qla2xxx: Fix NULL pointer deref in QLA interrupt
+ - SCSI: fix new bug in scsi_dev_info_list string matching
+ - ipr: Clear interrupt on croc/crocodile when running with LSI
+ - media: fix airspy usb probe error path
+ - posix_cpu_timer: Exit early when process has been reaped
+ - cpu/hotplug: Keep enough storage space if SMP=n to avoid array out of bounds scribble
+ - adv7604: Don't ignore pad number in subdev DV timings pad operations
+ - i2c: qup: Fix wrong value of index variable
+ - i2c: mux: reg: wrong condition checked for of_address_to_resource return value
+ - libata: LITE-ON CX1-JB256-HP needs lower max_sectors (Closes: #830971)
+ - libceph: apply new_state before new_up_client on incrementals
+ - net: mvneta: set real interrupt per packet for tx_done
+ - cfg80211: handle failed skb allocation
+ - intel_th: pci: Add Kaby Lake PCH-H support
+ - intel_th: Fix a deadlock in modprobing
+ - vfs: ioctl: prevent double-fetch in dedupe ioctl (CVE-2016-6516)
+ - vfs: fix deadlock in file_remove_privs() on overlayfs
+ - MIPS: CM: Fix mips_cm_max_vp_width for UP kernels
[ Uwe Kleine-König ]
* Fix perf to be able to find debug info based on build-id. (Closes:
#833096)
- [ Salvatore Bonaccorso ]
- * vfs: ioctl: prevent double-fetch in dedupe ioctl (CVE-2016-6516)
- * libata: LITE-ON CX1-JB256-HP needs lower max_sectors (Closes: #830971)
-
[ Ben Hutchings ]
* linux-kbuild: Include headers_install.sh and unifdef (Closes: #832359)
* Bump ABI to 2
diff --git a/debian/patches/bugfix/all/alsa-timer-fix-leak-in-events-via-snd_timer_user_cca.patch b/debian/patches/bugfix/all/alsa-timer-fix-leak-in-events-via-snd_timer_user_cca.patch
deleted file mode 100644
index 7881d70..0000000
--- a/debian/patches/bugfix/all/alsa-timer-fix-leak-in-events-via-snd_timer_user_cca.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From: Kangjie Lu <kangjielu at gmail.com>
-Date: Tue, 3 May 2016 16:44:20 -0400
-Subject: [1/2] ALSA: timer: Fix leak in events via snd_timer_user_ccallback
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-Origin: https://git.kernel.org/linus/9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6
-
-The stack object “r1” has a total size of 32 bytes. Its field
-“event” and “val” both contain 4 bytes padding. These 8 bytes
-padding bytes are sent to user without being initialized.
-
-Signed-off-by: Kangjie Lu <kjlu at gatech.edu>
-Signed-off-by: Takashi Iwai <tiwai at suse.de>
----
- sound/core/timer.c | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/sound/core/timer.c
-+++ b/sound/core/timer.c
-@@ -1247,6 +1247,7 @@ static void snd_timer_user_ccallback(str
- tu->tstamp = *tstamp;
- if ((tu->filter & (1 << event)) == 0 || !tu->tread)
- return;
-+ memset(&r1, 0, sizeof(r1));
- r1.event = event;
- r1.tstamp = *tstamp;
- r1.val = resolution;
diff --git a/debian/patches/bugfix/all/alsa-timer-fix-leak-in-events-via-snd_timer_user_tin.patch b/debian/patches/bugfix/all/alsa-timer-fix-leak-in-events-via-snd_timer_user_tin.patch
deleted file mode 100644
index cf9da77..0000000
--- a/debian/patches/bugfix/all/alsa-timer-fix-leak-in-events-via-snd_timer_user_tin.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From: Kangjie Lu <kangjielu at gmail.com>
-Date: Tue, 3 May 2016 16:44:32 -0400
-Subject: [2/2] ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-Origin: https://git.kernel.org/linus/e4ec8cc8039a7063e24204299b462bd1383184a5
-
-The stack object “r1” has a total size of 32 bytes. Its field
-“event” and “val” both contain 4 bytes padding. These 8 bytes
-padding bytes are sent to user without being initialized.
-
-Signed-off-by: Kangjie Lu <kjlu at gatech.edu>
-Signed-off-by: Takashi Iwai <tiwai at suse.de>
----
- sound/core/timer.c | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/sound/core/timer.c
-+++ b/sound/core/timer.c
-@@ -1290,6 +1290,7 @@ static void snd_timer_user_tinterrupt(st
- }
- if ((tu->filter & (1 << SNDRV_TIMER_EVENT_RESOLUTION)) &&
- tu->last_resolution != resolution) {
-+ memset(&r1, 0, sizeof(r1));
- r1.event = SNDRV_TIMER_EVENT_RESOLUTION;
- r1.tstamp = tstamp;
- r1.val = resolution;
diff --git a/debian/patches/bugfix/all/alsa-timer-fix-leak-in-sndrv_timer_ioctl_params.patch b/debian/patches/bugfix/all/alsa-timer-fix-leak-in-sndrv_timer_ioctl_params.patch
deleted file mode 100644
index c67d2f7..0000000
--- a/debian/patches/bugfix/all/alsa-timer-fix-leak-in-sndrv_timer_ioctl_params.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From: Kangjie Lu <kangjielu at gmail.com>
-Date: Tue, 3 May 2016 16:44:07 -0400
-Subject: ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-Origin: https://git.kernel.org/linus/cec8f96e49d9be372fdb0c3836dcf31ec71e457e
-
-The stack object “tread” has a total size of 32 bytes. Its field
-“event” and “val” both contain 4 bytes padding. These 8 bytes
-padding bytes are sent to user without being initialized.
-
-Signed-off-by: Kangjie Lu <kjlu at gatech.edu>
-Signed-off-by: Takashi Iwai <tiwai at suse.de>
----
- sound/core/timer.c | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/sound/core/timer.c
-+++ b/sound/core/timer.c
-@@ -1755,6 +1755,7 @@ static int snd_timer_user_params(struct
- if (tu->timeri->flags & SNDRV_TIMER_IFLG_EARLY_EVENT) {
- if (tu->tread) {
- struct snd_timer_tread tread;
-+ memset(&tread, 0, sizeof(tread));
- tread.event = SNDRV_TIMER_EVENT_EARLY;
- tread.tstamp.tv_sec = 0;
- tread.tstamp.tv_nsec = 0;
diff --git a/debian/patches/bugfix/all/libata-LITE-ON-CX1-JB256-HP-needs-lower-max_sectors.patch b/debian/patches/bugfix/all/libata-LITE-ON-CX1-JB256-HP-needs-lower-max_sectors.patch
deleted file mode 100644
index 6fd9ca1..0000000
--- a/debian/patches/bugfix/all/libata-LITE-ON-CX1-JB256-HP-needs-lower-max_sectors.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From: Tejun Heo <tj at kernel.org>
-Date: Mon, 18 Jul 2016 18:40:00 -0400
-Subject: libata: LITE-ON CX1-JB256-HP needs lower max_sectors
-Origin: https://git.kernel.org/linus/1488a1e3828d60d74c9b802a05e24c0487babe4e
-
-Since 34b48db66e08 ("block: remove artifical max_hw_sectors cap"),
-max_sectors is no longer limited to BLK_DEF_MAX_SECTORS and LITE-ON
-CX1-JB256-HP keeps timing out with higher max_sectors. Revert it to
-the previous value.
-
-Signed-off-by: Tejun Heo <tj at kernel.org>
-Reported-by: dgerasimov at gmail.com
-Link: https://bugzilla.kernel.org/show_bug.cgi?id=121671
-Cc: stable at vger.kernel.org # v3.19+
-Fixes: 34b48db66e08 ("block: remove artifical max_hw_sectors cap")
-Signed-off-by: Tejun Heo <tj at kernel.org>
----
- drivers/ata/libata-core.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
---- a/drivers/ata/libata-core.c
-+++ b/drivers/ata/libata-core.c
-@@ -4141,6 +4141,12 @@ static const struct ata_blacklist_entry
- */
- { "ST380013AS", "3.20", ATA_HORKAGE_MAX_SEC_1024 },
-
-+ /*
-+ * Device times out with higher max sects.
-+ * https://bugzilla.kernel.org/show_bug.cgi?id=121671
-+ */
-+ { "LITEON CX1-JB256-HP", NULL, ATA_HORKAGE_MAX_SEC_1024 },
-+
- /* Devices we expect to fail diagnostics */
-
- /* Devices where NCQ should be avoided */
diff --git a/debian/patches/bugfix/all/vfs-ioctl-prevent-double-fetch-in-dedupe-ioctl.patch b/debian/patches/bugfix/all/vfs-ioctl-prevent-double-fetch-in-dedupe-ioctl.patch
deleted file mode 100644
index 7e90e8c..0000000
--- a/debian/patches/bugfix/all/vfs-ioctl-prevent-double-fetch-in-dedupe-ioctl.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From: Scott Bauer <sbauer at plzdonthack.me>
-Date: Wed, 27 Jul 2016 19:11:29 -0600
-Subject: vfs: ioctl: prevent double-fetch in dedupe ioctl
-Origin: https://git.kernel.org/linus/10eec60ce79187686e052092e5383c99b4420a20
-
-This prevents a double-fetch from user space that can lead to to an
-undersized allocation and heap overflow.
-
-Fixes: 54dbc1517237 ("vfs: hoist the btrfs deduplication ioctl to the vfs")
-Signed-off-by: Scott Bauer <sbauer at plzdonthack.me>
-Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
----
- fs/ioctl.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/fs/ioctl.c b/fs/ioctl.c
-index 116a333..0f56deb 100644
---- a/fs/ioctl.c
-+++ b/fs/ioctl.c
-@@ -590,6 +590,7 @@ static long ioctl_file_dedupe_range(struct file *file, void __user *arg)
- goto out;
- }
-
-+ same->dest_count = count;
- ret = vfs_dedupe_file_range(file, same);
- if (ret)
- goto out;
---
-2.1.4
-
diff --git a/debian/patches/series b/debian/patches/series
index 2cf5f05..c3332e1 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -66,7 +66,6 @@ bugfix/all/rtsx_usb_ms-use-msleep_interruptible-in-polling-loop.patch
bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch
bugfix/all/module-invalidate-signatures-on-force-loaded-modules.patch
bugfix/all/videobuf2-core-fix-crash-after-fixing-cve-2016-4568.patch
-bugfix/all/libata-LITE-ON-CX1-JB256-HP-needs-lower-max_sectors.patch
# Miscellaneous features
@@ -103,12 +102,8 @@ debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
bugfix/all/media-videobuf2-v4l2-verify-planes-array-in-buffer-d.patch
bugfix/x86/kvm-vmx-more-complete-state-update-on-apicv-on-off.patch
bugfix/all/usb-usbfs-fix-potential-infoleak-in-devio.patch
-bugfix/all/alsa-timer-fix-leak-in-sndrv_timer_ioctl_params.patch
-bugfix/all/alsa-timer-fix-leak-in-events-via-snd_timer_user_cca.patch
-bugfix/all/alsa-timer-fix-leak-in-events-via-snd_timer_user_tin.patch
bugfix/all/tipc-fix-an-infoleak-in-tipc_nl_compat_link_dump.patch
bugfix/all/rds-fix-an-infoleak-in-rds_inc_info_copy.patch
-bugfix/all/vfs-ioctl-prevent-double-fetch-in-dedupe-ioctl.patch
# ABI maintenance
debian/mips-siginfo-fix-abi-change-in-4.6.2.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list