[linux] 01/01: Update to 4.8.14
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Mon Dec 12 19:52:19 UTC 2016
This is an automated email from the git hooks/post-receive script.
carnil pushed a commit to branch sid
in repository linux.
commit 14a852ee641b495ad3f6191880748ed07d141ac0
Author: Salvatore Bonaccorso <carnil at debian.org>
Date: Mon Dec 12 19:50:34 2016 +0100
Update to 4.8.14
---
debian/changelog | 53 ++++++++-
...anything-but-regular-iovec-s-to-blk_rq_ma.patch | 41 -------
...signed-overflows-for-SO_-SND-RCV-BUFFORCE.patch | 49 ---------
...-check-minimum-size-on-ICMP-header-length.patch | 71 ------------
...ket-fix-race-condition-in-packet_set_ring.patch | 92 ----------------
.../bugfix/all/tipc-check-minimum-bearer-MTU.patch | 122 ---------------------
debian/patches/series | 5 -
7 files changed, 47 insertions(+), 386 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 9ff7a03..479e4a5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-linux (4.8.13-1) UNRELEASED; urgency=medium
+linux (4.8.14-1) UNRELEASED; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.12
@@ -71,6 +71,52 @@ linux (4.8.13-1) UNRELEASED; urgency=medium
IPI
- [arm64] mm: Set PSTATE.PAN from the cpu_enable_pan() call
- [arm64] suspend: Reconfigure PSTATE after resume from idle
+ https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.14
+ - gro_cells: mark napi struct as not busy poll candidates
+ - virtio-net: add a missing synchronize_net()
+ - [armhf] net: dsa: b53: Fix VLAN usage and how we treat CPU port
+ - net: check dead netns for peernet2id_alloc()
+ - ip6_tunnel: disable caching when the traffic class is inherited
+ - net: sky2: Fix shutdown crash
+ - af_unix: conditionally use freezable blocking calls in read
+ - rtnetlink: fix FDB size computation
+ - l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind()
+ - rtnl: fix the loop index update error in rtnl_dump_ifinfo()
+ - ipv6: bump genid when the IFA_F_TENTATIVE flag is clear
+ - udplite: call proper backlog handlers
+ - [armhf] net: dsa: bcm_sf2: Ensure we re-negotiate EEE during after link
+ change
+ - net, sched: respect rcu grace period on cls destruction
+ - [armhf] net: dsa: fix unbalanced dsa_switch_tree reference counting
+ - net/sched: pedit: make sure that offset is valid
+ - netlink: Call cb->done from a worker thread
+ - netlink: Do not schedule work from sk_destruct
+ - net/dccp: fix use-after-free in dccp_invalid_packet
+ - GSO: Reload iph after pskb_may_pull
+ - packet: fix race condition in packet_set_ring (CVE-2016-8655)
+ - ip6_offload: check segs for NULL in ipv6_gso_segment.
+ - cdc_ether: Fix handling connection notification
+ - tipc: check minimum bearer MTU (CVE-2016-8632)
+ - geneve: avoid use-after-free of skb->data
+ - net: avoid signed overflows for SO_{SND|RCV}BUFFORCE (CVE-2016-9793)
+ - net: ping: check minimum size on ICMP header length (CVE-2016-8399)
+ - ipv4: Restore fib_trie_flush_external function and fix call ordering
+ - ipv4: Fix memory leak in exception case for splitting tries
+ - ipv4: Drop leaf from suffix pull/push functions
+ - ipv4: Drop suffix update from resize code
+ - [sparc64] Fix find_node warning if numa node cannot be found
+ - [sparc64] fix compile warning section mismatch in find_node()
+ - [sparc] Fix inverted invalid_frame_pointer checks on sigreturns
+ - constify iov_iter_count() and iter_is_iovec()
+ - Don't feed anything but regular iovec's to blk_rq_map_user_iov
+ (CVE-2016-9576)
+ - ipv6: Set skb->protocol properly for local output
+ - ipv4: Set skb->protocol properly for local output
+ - Revert: "ip6_tunnel: Update skb->protocol to ETH_P_IPV6 in
+ ip6_tnl_xmit()"
+ - flowcache: Increase threshold for refusing new allocations
+ - esp4: Fix integrity verification when ESN are used
+ - esp6: Fix integrity verification when ESN are used
[ Uwe Kleine-König ]
* [armhf] dts: armada-385: add support for Turris Omnia
@@ -80,13 +126,8 @@ linux (4.8.13-1) UNRELEASED; urgency=medium
(Closes: #845611)
[ Salvatore Bonaccorso ]
- * tipc: check minimum bearer MTU (CVE-2016-8632)
- * packet: fix race condition in packet_set_ring (CVE-2016-8655)
- * net: avoid signed overflows for SO_{SND|RCV}BUFFORCE (CVE-2016-9793)
* Add ABI reference for 4.8.0-2
* Ignore ABI changes in KVM
- * net: ping: check minimum size on ICMP header length (CVE-2016-8399)
- * Don't feed anything but regular iovec's to blk_rq_map_user_iov (CVE-2016-9576)
* net: handle no dst on skb in icmp6_send (CVE-2016-9919)
* [rt] Update to 4.8.11-rt7
diff --git a/debian/patches/bugfix/all/Don-t-feed-anything-but-regular-iovec-s-to-blk_rq_ma.patch b/debian/patches/bugfix/all/Don-t-feed-anything-but-regular-iovec-s-to-blk_rq_ma.patch
deleted file mode 100644
index d2525ca..0000000
--- a/debian/patches/bugfix/all/Don-t-feed-anything-but-regular-iovec-s-to-blk_rq_ma.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From: Linus Torvalds <torvalds at linux-foundation.org>
-Date: Tue, 6 Dec 2016 16:18:14 -0800
-Subject: Don't feed anything but regular iovec's to blk_rq_map_user_iov
-Origin: https://git.kernel.org/linus/a0ac402cfcdc904f9772e1762b3fda112dcc56a0
-
-In theory we could map other things, but there's a reason that function
-is called "user_iov". Using anything else (like splice can do) just
-confuses it.
-
-Reported-and-tested-by: Johannes Thumshirn <jthumshirn at suse.de>
-Cc: Al Viro <viro at ZenIV.linux.org.uk>
-Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
----
- block/blk-map.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/block/blk-map.c b/block/blk-map.c
-index b8657fa..27fd8d92 100644
---- a/block/blk-map.c
-+++ b/block/blk-map.c
-@@ -118,6 +118,9 @@ int blk_rq_map_user_iov(struct request_queue *q, struct request *rq,
- struct iov_iter i;
- int ret;
-
-+ if (!iter_is_iovec(iter))
-+ goto fail;
-+
- if (map_data)
- copy = true;
- else if (iov_iter_alignment(iter) & align)
-@@ -140,6 +143,7 @@ int blk_rq_map_user_iov(struct request_queue *q, struct request *rq,
-
- unmap_rq:
- __blk_rq_unmap_user(bio);
-+fail:
- rq->bio = NULL;
- return -EINVAL;
- }
---
-2.1.4
-
diff --git a/debian/patches/bugfix/all/net-avoid-signed-overflows-for-SO_-SND-RCV-BUFFORCE.patch b/debian/patches/bugfix/all/net-avoid-signed-overflows-for-SO_-SND-RCV-BUFFORCE.patch
deleted file mode 100644
index 15d28bd..0000000
--- a/debian/patches/bugfix/all/net-avoid-signed-overflows-for-SO_-SND-RCV-BUFFORCE.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From: Eric Dumazet <edumazet at google.com>
-Date: Fri, 2 Dec 2016 09:44:53 -0800
-Subject: net: avoid signed overflows for SO_{SND|RCV}BUFFORCE
-Origin: https://git.kernel.org/linus/b98b0bc8c431e3ceb4b26b0dfc8db509518fb290
-
-CAP_NET_ADMIN users should not be allowed to set negative
-sk_sndbuf or sk_rcvbuf values, as it can lead to various memory
-corruptions, crashes, OOM...
-
-Note that before commit 82981930125a ("net: cleanups in
-sock_setsockopt()"), the bug was even more serious, since SO_SNDBUF
-and SO_RCVBUF were vulnerable.
-
-This needs to be backported to all known linux kernels.
-
-Again, many thanks to syzkaller team for discovering this gem.
-
-Signed-off-by: Eric Dumazet <edumazet at google.com>
-Reported-by: Andrey Konovalov <andreyknvl at google.com>
-Signed-off-by: David S. Miller <davem at davemloft.net>
----
- net/core/sock.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/net/core/sock.c b/net/core/sock.c
-index 5e3ca41..00a074d 100644
---- a/net/core/sock.c
-+++ b/net/core/sock.c
-@@ -715,7 +715,7 @@ int sock_setsockopt(struct socket *sock, int level, int optname,
- val = min_t(u32, val, sysctl_wmem_max);
- set_sndbuf:
- sk->sk_userlocks |= SOCK_SNDBUF_LOCK;
-- sk->sk_sndbuf = max_t(u32, val * 2, SOCK_MIN_SNDBUF);
-+ sk->sk_sndbuf = max_t(int, val * 2, SOCK_MIN_SNDBUF);
- /* Wake up sending tasks if we upped the value. */
- sk->sk_write_space(sk);
- break;
-@@ -751,7 +751,7 @@ int sock_setsockopt(struct socket *sock, int level, int optname,
- * returning the value we actually used in getsockopt
- * is the most desirable behavior.
- */
-- sk->sk_rcvbuf = max_t(u32, val * 2, SOCK_MIN_RCVBUF);
-+ sk->sk_rcvbuf = max_t(int, val * 2, SOCK_MIN_RCVBUF);
- break;
-
- case SO_RCVBUFFORCE:
---
-2.1.4
-
diff --git a/debian/patches/bugfix/all/net-ping-check-minimum-size-on-ICMP-header-length.patch b/debian/patches/bugfix/all/net-ping-check-minimum-size-on-ICMP-header-length.patch
deleted file mode 100644
index a57cac3..0000000
--- a/debian/patches/bugfix/all/net-ping-check-minimum-size-on-ICMP-header-length.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From: Kees Cook <keescook at chromium.org>
-Date: Mon, 5 Dec 2016 10:34:38 -0800
-Subject: net: ping: check minimum size on ICMP header length
-Origin: https://git.kernel.org/linus/0eab121ef8750a5c8637d51534d5e9143fb0633f
-
-Prior to commit c0371da6047a ("put iov_iter into msghdr") in v3.19, there
-was no check that the iovec contained enough bytes for an ICMP header,
-and the read loop would walk across neighboring stack contents. Since the
-iov_iter conversion, bad arguments are noticed, but the returned error is
-EFAULT. Returning EINVAL is a clearer error and also solves the problem
-prior to v3.19.
-
-This was found using trinity with KASAN on v3.18:
-
-BUG: KASAN: stack-out-of-bounds in memcpy_fromiovec+0x60/0x114 at addr ffffffc071077da0
-Read of size 8 by task trinity-c2/9623
-page:ffffffbe034b9a08 count:0 mapcount:0 mapping: (null) index:0x0
-flags: 0x0()
-page dumped because: kasan: bad access detected
-CPU: 0 PID: 9623 Comm: trinity-c2 Tainted: G BU 3.18.0-dirty #15
-Hardware name: Google Tegra210 Smaug Rev 1,3+ (DT)
-Call trace:
-[<ffffffc000209c98>] dump_backtrace+0x0/0x1ac arch/arm64/kernel/traps.c:90
-[<ffffffc000209e54>] show_stack+0x10/0x1c arch/arm64/kernel/traps.c:171
-[< inline >] __dump_stack lib/dump_stack.c:15
-[<ffffffc000f18dc4>] dump_stack+0x7c/0xd0 lib/dump_stack.c:50
-[< inline >] print_address_description mm/kasan/report.c:147
-[< inline >] kasan_report_error mm/kasan/report.c:236
-[<ffffffc000373dcc>] kasan_report+0x380/0x4b8 mm/kasan/report.c:259
-[< inline >] check_memory_region mm/kasan/kasan.c:264
-[<ffffffc00037352c>] __asan_load8+0x20/0x70 mm/kasan/kasan.c:507
-[<ffffffc0005b9624>] memcpy_fromiovec+0x5c/0x114 lib/iovec.c:15
-[< inline >] memcpy_from_msg include/linux/skbuff.h:2667
-[<ffffffc000ddeba0>] ping_common_sendmsg+0x50/0x108 net/ipv4/ping.c:674
-[<ffffffc000dded30>] ping_v4_sendmsg+0xd8/0x698 net/ipv4/ping.c:714
-[<ffffffc000dc91dc>] inet_sendmsg+0xe0/0x12c net/ipv4/af_inet.c:749
-[< inline >] __sock_sendmsg_nosec net/socket.c:624
-[< inline >] __sock_sendmsg net/socket.c:632
-[<ffffffc000cab61c>] sock_sendmsg+0x124/0x164 net/socket.c:643
-[< inline >] SYSC_sendto net/socket.c:1797
-[<ffffffc000cad270>] SyS_sendto+0x178/0x1d8 net/socket.c:1761
-
-CVE-2016-8399
-
-Reported-by: Qidan He <i at flanker017.me>
-Fixes: c319b4d76b9e ("net: ipv4: add IPPROTO_ICMP socket kind")
-Cc: stable at vger.kernel.org
-Signed-off-by: Kees Cook <keescook at chromium.org>
-Signed-off-by: David S. Miller <davem at davemloft.net>
----
- net/ipv4/ping.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
-index 205e200..96b8e2b 100644
---- a/net/ipv4/ping.c
-+++ b/net/ipv4/ping.c
-@@ -657,6 +657,10 @@ int ping_common_sendmsg(int family, struct msghdr *msg, size_t len,
- if (len > 0xFFFF)
- return -EMSGSIZE;
-
-+ /* Must have at least a full ICMP header. */
-+ if (len < icmph_len)
-+ return -EINVAL;
-+
- /*
- * Check the flags.
- */
---
-2.1.4
-
diff --git a/debian/patches/bugfix/all/packet-fix-race-condition-in-packet_set_ring.patch b/debian/patches/bugfix/all/packet-fix-race-condition-in-packet_set_ring.patch
deleted file mode 100644
index 8368add..0000000
--- a/debian/patches/bugfix/all/packet-fix-race-condition-in-packet_set_ring.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-From: Philip Pettersson <philip.pettersson at gmail.com>
-Date: Wed, 30 Nov 2016 14:55:36 -0800
-Subject: packet: fix race condition in packet_set_ring
-Origin: https://git.kernel.org/linus/84ac7260236a49c79eede91617700174c2c19b0c
-
-When packet_set_ring creates a ring buffer it will initialize a
-struct timer_list if the packet version is TPACKET_V3. This value
-can then be raced by a different thread calling setsockopt to
-set the version to TPACKET_V1 before packet_set_ring has finished.
-
-This leads to a use-after-free on a function pointer in the
-struct timer_list when the socket is closed as the previously
-initialized timer will not be deleted.
-
-The bug is fixed by taking lock_sock(sk) in packet_setsockopt when
-changing the packet version while also taking the lock at the start
-of packet_set_ring.
-
-Fixes: f6fb8f100b80 ("af-packet: TPACKET_V3 flexible buffer implementation.")
-Signed-off-by: Philip Pettersson <philip.pettersson at gmail.com>
-Signed-off-by: Eric Dumazet <edumazet at google.com>
-Signed-off-by: David S. Miller <davem at davemloft.net>
----
- net/packet/af_packet.c | 18 ++++++++++++------
- 1 file changed, 12 insertions(+), 6 deletions(-)
-
-diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
-index d2238b2..dd23323 100644
---- a/net/packet/af_packet.c
-+++ b/net/packet/af_packet.c
-@@ -3648,19 +3648,25 @@ packet_setsockopt(struct socket *sock, int level, int optname, char __user *optv
-
- if (optlen != sizeof(val))
- return -EINVAL;
-- if (po->rx_ring.pg_vec || po->tx_ring.pg_vec)
-- return -EBUSY;
- if (copy_from_user(&val, optval, sizeof(val)))
- return -EFAULT;
- switch (val) {
- case TPACKET_V1:
- case TPACKET_V2:
- case TPACKET_V3:
-- po->tp_version = val;
-- return 0;
-+ break;
- default:
- return -EINVAL;
- }
-+ lock_sock(sk);
-+ if (po->rx_ring.pg_vec || po->tx_ring.pg_vec) {
-+ ret = -EBUSY;
-+ } else {
-+ po->tp_version = val;
-+ ret = 0;
-+ }
-+ release_sock(sk);
-+ return ret;
- }
- case PACKET_RESERVE:
- {
-@@ -4164,6 +4170,7 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u,
- /* Added to avoid minimal code churn */
- struct tpacket_req *req = &req_u->req;
-
-+ lock_sock(sk);
- /* Opening a Tx-ring is NOT supported in TPACKET_V3 */
- if (!closing && tx_ring && (po->tp_version > TPACKET_V2)) {
- net_warn_ratelimited("Tx-ring is not supported.\n");
-@@ -4245,7 +4252,6 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u,
- goto out;
- }
-
-- lock_sock(sk);
-
- /* Detach socket from network */
- spin_lock(&po->bind_lock);
-@@ -4294,11 +4300,11 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u,
- if (!tx_ring)
- prb_shutdown_retire_blk_timer(po, rb_queue);
- }
-- release_sock(sk);
-
- if (pg_vec)
- free_pg_vec(pg_vec, order, req->tp_block_nr);
- out:
-+ release_sock(sk);
- return err;
- }
-
---
-2.1.4
-
diff --git a/debian/patches/bugfix/all/tipc-check-minimum-bearer-MTU.patch b/debian/patches/bugfix/all/tipc-check-minimum-bearer-MTU.patch
deleted file mode 100644
index f946eae..0000000
--- a/debian/patches/bugfix/all/tipc-check-minimum-bearer-MTU.patch
+++ /dev/null
@@ -1,122 +0,0 @@
-From: =?UTF-8?q?Michal=20Kube=C4=8Dek?= <mkubecek at suse.cz>
-Date: Fri, 2 Dec 2016 09:33:41 +0100
-Subject: tipc: check minimum bearer MTU
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-Origin: https://git.kernel.org/linus/3de81b758853f0b29c61e246679d20b513c4cfec
-
-Qian Zhang (张谦) reported a potential socket buffer overflow in
-tipc_msg_build() which is also known as CVE-2016-8632: due to
-insufficient checks, a buffer overflow can occur if MTU is too short for
-even tipc headers. As anyone can set device MTU in a user/net namespace,
-this issue can be abused by a regular user.
-
-As agreed in the discussion on Ben Hutchings' original patch, we should
-check the MTU at the moment a bearer is attached rather than for each
-processed packet. We also need to repeat the check when bearer MTU is
-adjusted to new device MTU. UDP case also needs a check to avoid
-overflow when calculating bearer MTU.
-
-Fixes: b97bf3fd8f6a ("[TIPC] Initial merge")
-Signed-off-by: Michal Kubecek <mkubecek at suse.cz>
-Reported-by: Qian Zhang (张谦) <zhangqian-c at 360.cn>
-Acked-by: Ying Xue <ying.xue at windriver.com>
-Signed-off-by: David S. Miller <davem at davemloft.net>
----
- net/tipc/bearer.c | 11 +++++++++--
- net/tipc/bearer.h | 13 +++++++++++++
- net/tipc/udp_media.c | 5 +++++
- 3 files changed, 27 insertions(+), 2 deletions(-)
-
-diff --git a/net/tipc/bearer.c b/net/tipc/bearer.c
-index 975dbeb..52d7476 100644
---- a/net/tipc/bearer.c
-+++ b/net/tipc/bearer.c
-@@ -421,6 +421,10 @@ int tipc_enable_l2_media(struct net *net, struct tipc_bearer *b,
- dev = dev_get_by_name(net, driver_name);
- if (!dev)
- return -ENODEV;
-+ if (tipc_mtu_bad(dev, 0)) {
-+ dev_put(dev);
-+ return -EINVAL;
-+ }
-
- /* Associate TIPC bearer with L2 bearer */
- rcu_assign_pointer(b->media_ptr, dev);
-@@ -610,8 +614,6 @@ static int tipc_l2_device_event(struct notifier_block *nb, unsigned long evt,
- if (!b)
- return NOTIFY_DONE;
-
-- b->mtu = dev->mtu;
--
- switch (evt) {
- case NETDEV_CHANGE:
- if (netif_carrier_ok(dev))
-@@ -624,6 +626,11 @@ static int tipc_l2_device_event(struct notifier_block *nb, unsigned long evt,
- tipc_reset_bearer(net, b);
- break;
- case NETDEV_CHANGEMTU:
-+ if (tipc_mtu_bad(dev, 0)) {
-+ bearer_disable(net, b);
-+ break;
-+ }
-+ b->mtu = dev->mtu;
- tipc_reset_bearer(net, b);
- break;
- case NETDEV_CHANGEADDR:
-diff --git a/net/tipc/bearer.h b/net/tipc/bearer.h
-index 78892e2f..278ff7f 100644
---- a/net/tipc/bearer.h
-+++ b/net/tipc/bearer.h
-@@ -39,6 +39,7 @@
-
- #include "netlink.h"
- #include "core.h"
-+#include "msg.h"
- #include <net/genetlink.h>
-
- #define MAX_MEDIA 3
-@@ -59,6 +60,9 @@
- #define TIPC_MEDIA_TYPE_IB 2
- #define TIPC_MEDIA_TYPE_UDP 3
-
-+/* minimum bearer MTU */
-+#define TIPC_MIN_BEARER_MTU (MAX_H_SIZE + INT_H_SIZE)
-+
- /**
- * struct tipc_media_addr - destination address used by TIPC bearers
- * @value: address info (format defined by media)
-@@ -215,4 +219,13 @@ void tipc_bearer_xmit(struct net *net, u32 bearer_id,
- void tipc_bearer_bc_xmit(struct net *net, u32 bearer_id,
- struct sk_buff_head *xmitq);
-
-+/* check if device MTU is too low for tipc headers */
-+static inline bool tipc_mtu_bad(struct net_device *dev, unsigned int reserve)
-+{
-+ if (dev->mtu >= TIPC_MIN_BEARER_MTU + reserve)
-+ return false;
-+ netdev_warn(dev, "MTU too low for tipc bearer\n");
-+ return true;
-+}
-+
- #endif /* _TIPC_BEARER_H */
-diff --git a/net/tipc/udp_media.c b/net/tipc/udp_media.c
-index 78cab9c..b58dc95 100644
---- a/net/tipc/udp_media.c
-+++ b/net/tipc/udp_media.c
-@@ -697,6 +697,11 @@ static int tipc_udp_enable(struct net *net, struct tipc_bearer *b,
- udp_conf.local_ip.s_addr = htonl(INADDR_ANY);
- udp_conf.use_udp_checksums = false;
- ub->ifindex = dev->ifindex;
-+ if (tipc_mtu_bad(dev, sizeof(struct iphdr) +
-+ sizeof(struct udphdr))) {
-+ err = -EINVAL;
-+ goto err;
-+ }
- b->mtu = dev->mtu - sizeof(struct iphdr)
- - sizeof(struct udphdr);
- #if IS_ENABLED(CONFIG_IPV6)
---
-2.1.4
-
diff --git a/debian/patches/series b/debian/patches/series
index 9ea6581..7e72c86 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -102,11 +102,6 @@ bugfix/all/fs-Give-dentry-to-inode_change_ok-instead-of-inode.patch
bugfix/all/fs-Avoid-premature-clearing-of-capabilities.patch
bugfix/all/vfio-pci-Fix-integer-overflows-bitmask-check.patch
bugfix/all/mnt-Add-a-per-mount-namespace-limit-on-the-number-of.patch
-bugfix/all/tipc-check-minimum-bearer-MTU.patch
-bugfix/all/packet-fix-race-condition-in-packet_set_ring.patch
-bugfix/all/net-avoid-signed-overflows-for-SO_-SND-RCV-BUFFORCE.patch
-bugfix/all/net-ping-check-minimum-size-on-ICMP-header-length.patch
-bugfix/all/Don-t-feed-anything-but-regular-iovec-s-to-blk_rq_ma.patch
bugfix/all/net-handle-no-dst-on-skb-in-icmp6_send.patch
# ABI maintenance
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list