[linux] 01/01: Update to 4.6.7
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Tue Aug 16 09:13:54 UTC 2016
This is an automated email from the git hooks/post-receive script.
carnil pushed a commit to branch sid
in repository linux.
commit a7280813ac9717a85cd73afefcef40c4d48240ff
Author: Salvatore Bonaccorso <carnil at debian.org>
Date: Tue Aug 16 11:07:51 2016 +0200
Update to 4.6.7
---
debian/changelog | 61 +++++++++++++++--
.../tcp-make-challenge-acks-less-predictable.patch | 77 ----------------------
debian/patches/series | 1 -
3 files changed, 57 insertions(+), 82 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index a4e963e..c982eed 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-linux (4.6.6-1) UNRELEASED; urgency=medium
+linux (4.6.7-1) UNRELEASED; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.5
@@ -295,6 +295,62 @@ linux (4.6.6-1) UNRELEASED; urgency=medium
- vfs: ioctl: prevent double-fetch in dedupe ioctl (CVE-2016-6516)
- vfs: fix deadlock in file_remove_privs() on overlayfs
- [mips*] CM: Fix mips_cm_max_vp_width for UP kernels
+ https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.7
+ - [x86] libnvdimm, dax: record the specified alignment of a dax-device instance
+ - [x86] libnvdimm, pfn, dax: fix initialization vs autodetect for mode + alignment
+ - ppp: defer netns reference release for ppp channel
+ - tcp: make challenge acks less predictable (CVE-2016-5696)
+ - tcp: enable per-socket rate limiting of all 'challenge acks'
+ - bonding: set carrier off for devices created through netlink
+ - net: bgmac: Fix infinite loop in bgmac_dma_tx_add()
+ - vlan: use a valid default mtu value for vlan over macsec
+ - bridge: Fix incorrect re-injection of LLDP packets
+ - net: ipv6: Always leave anycast and multicast groups on link down
+ - net/irda: fix NULL pointer dereference on memory allocation failure
+ - qed: Fix setting/clearing bit in completion bitmap
+ - macsec: ensure rx_sa is set when validation is disabled
+ - tcp: consider recv buf for the initial window scale
+ - i2c: i801: Allow ACPI SystemIO OpRegion to conflict with PCI BAR
+ - [mips] KEYS: 64-bit MIPS needs to use compat_sys_keyctl for 32-bit userspace
+ - IB/hfi1: Correct issues with sc5 computation
+ - IB/hfi1: Fix deadlock with txreq allocation slow path
+ - apparmor: fix ref count leak when profile sha1 hash is read
+ - regulator: qcom_smd: Remove list_voltage callback for rpm_smps_ldo_ops_fixed
+ - random: strengthen input validation for RNDADDTOENTCNT
+ - [x86] mm/pat: Add support of non-default PAT MSR setting
+ - [x86] mm/pat: Add pat_disable() interface
+ - [x86] mm/pat: Replace cpu_has_pat with boot_cpu_has()
+ - [x86] mtrr: Fix Xorg crashes in Qemu sessions
+ - [x86] mtrr: Fix PAT init handling when MTRR is disabled
+ - [x86] xen, pat: Remove PAT table init code from Xen
+ - [x86] pat: Document the PAT initialization sequence
+ - [x86] mm/pat: Fix BUG_ON() in mmap_mem() on QEMU/i386
+ - udf: Prevent stack overflow on corrupted filesystem mount
+ - [powerpc] eeh: Fix invalid cached PE primary bus
+ - [powerpc] bpf/jit: Disable classic BPF JIT on ppc64le
+ - mm: memcontrol: fix swap counter leak on swapout from offline cgroup
+ - mm: memcontrol: fix memcg id ref counter on swap charge move
+ - [x86] syscalls/64: Add compat_sys_keyctl for 32-bit userspace
+ - block: fix use-after-free in seq file
+ - sysv, ipc: fix security-layer leaking
+ - radix-tree: account nodes to memcg only if explicitly requested
+ - [x86] microcode: Fix suspend to RAM with builtin microcode
+ - [x86] power/64: Fix hibernation return address corruption
+ - fuse: fsync() did not return IO errors
+ - fuse: fuse_flush must check mapping->flags for errors
+ - fuse: fix wrong assignment of ->flags in fuse_send_init()
+ - Revert "mm, mempool: only set __GFP_NOMEMALLOC if there are free elements"
+ - fs/dcache.c: avoid soft-lockup in dput()
+ - Revert "cpufreq: pcc-cpufreq: update default value of cpuinfo_transition_latency"
+ - crypto: gcm - Filter out async ghash if necessary
+ - crypto: scatterwalk - Fix test in scatterwalk_done
+ - serial: mvebu-uart: free the IRQ in ->shutdown()
+ - ext4: check for extents that wrap around
+ - ext4: fix deadlock during page writeback
+ - ext4: don't call ext4_should_journal_data() on the journal inode
+ - ext4: validate s_reserved_gdt_blocks on mount
+ - ext4: short-cut orphan cleanup on error
+ - ext4: fix reference counting bug on block allocation error
[ Uwe Kleine-König ]
* Fix perf to be able to find debug info based on build-id. (Closes:
@@ -308,9 +364,6 @@ linux (4.6.6-1) UNRELEASED; urgency=medium
* [powerpc*] KVM: Book3S HV: Save/restore TM state in H_CEDE (CVE-2016-5412)
* audit: fix a double fetch in audit_log_single_execve_arg() (CVE-2016-6136)
- [ Salvatore Bonaccorso ]
- * tcp: make challenge acks less predictable (CVE-2016-5696)
-
-- Ben Hutchings <ben at decadent.org.uk> Sat, 30 Jul 2016 14:23:58 +0100
linux (4.6.4-1) unstable; urgency=medium
diff --git a/debian/patches/bugfix/all/tcp-make-challenge-acks-less-predictable.patch b/debian/patches/bugfix/all/tcp-make-challenge-acks-less-predictable.patch
deleted file mode 100644
index 5322d34..0000000
--- a/debian/patches/bugfix/all/tcp-make-challenge-acks-less-predictable.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From: Eric Dumazet <edumazet at google.com>
-Date: Sun, 10 Jul 2016 10:04:02 +0200
-Subject: tcp: make challenge acks less predictable
-Origin: https://git.kernel.org/linus/75ff39ccc1bd5d3c455b6822ab09e533c551f758
-
-Yue Cao claims that current host rate limiting of challenge ACKS
-(RFC 5961) could leak enough information to allow a patient attacker
-to hijack TCP sessions. He will soon provide details in an academic
-paper.
-
-This patch increases the default limit from 100 to 1000, and adds
-some randomization so that the attacker can no longer hijack
-sessions without spending a considerable amount of probes.
-
-Based on initial analysis and patch from Linus.
-
-Note that we also have per socket rate limiting, so it is tempting
-to remove the host limit in the future.
-
-v2: randomize the count of challenge acks per second, not the period.
-
-Fixes: 282f23c6ee34 ("tcp: implement RFC 5961 3.2")
-Reported-by: Yue Cao <ycao009 at ucr.edu>
-Signed-off-by: Eric Dumazet <edumazet at google.com>
-Suggested-by: Linus Torvalds <torvalds at linux-foundation.org>
-Cc: Yuchung Cheng <ycheng at google.com>
-Cc: Neal Cardwell <ncardwell at google.com>
-Acked-by: Neal Cardwell <ncardwell at google.com>
-Acked-by: Yuchung Cheng <ycheng at google.com>
-Signed-off-by: David S. Miller <davem at davemloft.net>
-[carnil: Backported to 4.6: adjust context]
----
- net/ipv4/tcp_input.c | 15 ++++++++++-----
- 1 file changed, 10 insertions(+), 5 deletions(-)
-
---- a/net/ipv4/tcp_input.c
-+++ b/net/ipv4/tcp_input.c
-@@ -87,7 +87,7 @@ int sysctl_tcp_adv_win_scale __read_most
- EXPORT_SYMBOL(sysctl_tcp_adv_win_scale);
-
- /* rfc5961 challenge ack rate limiting */
--int sysctl_tcp_challenge_ack_limit = 100;
-+int sysctl_tcp_challenge_ack_limit = 1000;
-
- int sysctl_tcp_stdurg __read_mostly;
- int sysctl_tcp_rfc1337 __read_mostly;
-@@ -3460,7 +3460,7 @@ static void tcp_send_challenge_ack(struc
- static u32 challenge_timestamp;
- static unsigned int challenge_count;
- struct tcp_sock *tp = tcp_sk(sk);
-- u32 now;
-+ u32 count, now;
-
- /* First check our per-socket dupack rate limit. */
- if (tcp_oow_rate_limited(sock_net(sk), skb,
-@@ -3468,13 +3468,18 @@ static void tcp_send_challenge_ack(struc
- &tp->last_oow_ack_time))
- return;
-
-- /* Then check the check host-wide RFC 5961 rate limit. */
-+ /* Then check host-wide RFC 5961 rate limit. */
- now = jiffies / HZ;
- if (now != challenge_timestamp) {
-+ u32 half = (sysctl_tcp_challenge_ack_limit + 1) >> 1;
-+
- challenge_timestamp = now;
-- challenge_count = 0;
-+ WRITE_ONCE(challenge_count, half +
-+ prandom_u32_max(sysctl_tcp_challenge_ack_limit));
- }
-- if (++challenge_count <= sysctl_tcp_challenge_ack_limit) {
-+ count = READ_ONCE(challenge_count);
-+ if (count > 0) {
-+ WRITE_ONCE(challenge_count, count - 1);
- NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPCHALLENGEACK);
- tcp_send_ack(sk);
- }
diff --git a/debian/patches/series b/debian/patches/series
index 106f447..b9a14b1 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -104,7 +104,6 @@ bugfix/x86/kvm-vmx-more-complete-state-update-on-apicv-on-off.patch
bugfix/all/usb-usbfs-fix-potential-infoleak-in-devio.patch
bugfix/all/tipc-fix-an-infoleak-in-tipc_nl_compat_link_dump.patch
bugfix/all/rds-fix-an-infoleak-in-rds_inc_info_copy.patch
-bugfix/all/tcp-make-challenge-acks-less-predictable.patch
bugfix/powerpc/kvm-ppc-book3s-hv-pull-out-tm-state-save-restore-int.patch
bugfix/powerpc/kvm-ppc-book3s-hv-save-restore-tm-state-in-h_cede.patch
bugfix/all/audit-fix-a-double-fetch-in-audit_log_single_execve_arg.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list