[linux] 01/01: Merge branch 'jessie-security' into jessie
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Sun Jun 26 09:54:06 UTC 2016
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch jessie
in repository linux.
commit 35fa209d962f500ab3c99d6c841aa4396a7a6141
Merge: 8d8d24b 9d2d42e
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Sun Jun 26 11:53:11 2016 +0200
Merge branch 'jessie-security' into jessie
Drop the many patches that are already included in 3.16.36.
debian/changelog | 131 ++--
debian/config/defines | 1 +
...fix-leak-in-events-via-snd_timer_user_cca.patch | 33 +
...fix-leak-in-events-via-snd_timer_user_tin.patch | 33 +
...imer-fix-leak-in-sndrv_timer_ioctl_params.patch | 33 +
...cryptfs-fix-handling-of-directory-opening.patch | 139 ++++
...forbid-opening-files-without-mmap-handler.patch | 54 ++
.../keys-potential-uninitialized-variable.patch | 86 +++
...rp_tables-simplify-translate_compat_table.patch | 208 ++++++
...nsure-number-of-counters-is-0-in-do_repla.patch | 120 ++++
...p6_tables-simplify-translate_compat_table.patch | 185 +++++
...p_tables-simplify-translate_compat_table-.patch | 184 +++++
..._tables-add-and-use-xt_check_entry_offset.patch | 151 ++++
..._tables-add-compat-version-of-xt_check_en.patch | 105 +++
...ilter-x_tables-assert-minimum-target-size.patch | 25 +
...er-x_tables-check-for-bogus-target-offset.patch | 164 +++++
...r-x_tables-check-standard-target-size-too.patch | 60 ++
..._tables-do-compat-validation-via-translat.patch | 781 +++++++++++++++++++++
..._tables-don-t-move-to-non-existent-next-r.patch | 100 +++
..._tables-don-t-reject-valid-target-size-on.patch | 54 ++
..._tables-introduce-and-use-xt_copy_counter.patch | 331 +++++++++
...etfilter-x_tables-kill-check_entry-helper.patch | 149 ++++
..._tables-validate-all-offsets-and-sizes-in.patch | 137 ++++
...filter-x_tables-validate-targets-of-jumps.patch | 131 ++++
..._tables-xt_compat_match_from_user-doesn-t.patch | 234 ++++++
.../nfsd-check-permissions-when-setting-ACLs.patch | 146 ++++
.../bugfix/all/posix_acl-Add-set_posix_acl.patch | 82 +++
.../rds-fix-an-infoleak-in-rds_inc_info_copy.patch | 31 +
...x-an-infoleak-in-tipc_nl_compat_link_dump.patch | 26 +
...usb-usbfs-fix-potential-infoleak-in-devio.patch | 41 ++
debian/patches/series | 30 +
31 files changed, 3942 insertions(+), 43 deletions(-)
diff --cc debian/changelog
index 72b142a,c2c66ef..1102a41
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,444 -1,91 +1,489 @@@
+linux (3.16.36-1) UNRELEASED; urgency=medium
+
+ * New upstream stable update:
+ http://kernel.ubuntu.com/stable/ChangeLog-3.16.7-ckt26
+ - [x86] Revert "firmware: dmi_scan: Fix UUID endianness for SMBIOS >= 2.6"
+ - [x86] iommu/vt-d: Fix 64-bit accesses to 32-bit DMAR_GSTS_REG
+ - [x86] drm/i915/dsi: defend gpio table against out of bounds access
+ - [x86] drm/i915/dsi: don't pass arbitrary data to sideband
+ - [x86] drm/i915: fix error path in intel_setup_gmbus()
+ - cifs: fix erroneous return value
+ - [s390x] dasd: prevent incorrect length error under z/VM after PAV changes
+ - [s390x] dasd: fix refcount for PAV reassignment
+ - scsi: fix soft lockup in scsi_remove_target() on module removal
+ - ext4: fix potential integer overflow
+ - ext4: don't read blocks from disk after extents being swapped
+ - bio: return EINTR if copying to user space got interrupted
+ - ALSA: seq: Drop superfluous error/debug messages after malloc failures
+ - ALSA: seq: Fix leak of pool buffer at concurrent writes
+ - dmaengine: dw: disable BLOCK IRQs for non-cyclic xfer
+ - tracepoints: Do not trace when cpu is offline
+ - tracing: Fix freak link error caused by branch tracer
+ - ALSA: seq: Fix double port list deletion
+ - drm/radeon: use post-decrement in error handling
+ - drm/qxl: use kmalloc_array to alloc reloc_info in
+ qxl_process_single_command
+ - ext4: fix bh->b_state corruption
+ - ext4: fix crashes in dioread_nolock mode
+ - kernel/resource.c: fix muxed resource handling in __request_region()
- - [x86] entry/compat: Add missing CLAC to entry_INT80_32
+ - nfs: fix nfs_size_to_loff_t
+ - xen/pciback: Check PF instead of VF for PCI_COMMAND_MEMORY
+ - xen/pciback: Save the number of MSI-X entries to be copied later.
+ (Closes: #810379)
+ - xen/pcifront: Fix mysterious crashes when NUMA locality information
+ was extracted.
+ - usb: dwc3: Fix assignment of EP transfer resources
+ - NFSv4: Fix a dentry leak on alias use
+ - hwmon: (ads1015) Handle negative conversion values correctly
+ - can: ems_usb: Fix possible tx overflow
+ - drm/radeon/pm: adjust display configuration after powerstate
+ - sunrpc/cache: fix off-by-one in qword_get()
+ - KVM: async_pf: do not warn on page allocation failures
+ - tracing: Fix showing function event in available_events
+ - libceph: don't bail early from try_read() when skipping a message
+ - ALSA: hda - Fixing background noise on Dell Inspiron 3162
+ - [x86] KVM: MMU: fix ubsan index-out-of-range warning
+ - [x86] ALSA: hda - Fix headset support and noise on HP EliteBook 755 G2
+ - hpfs: don't truncate the file when delete fails
+ - do_last(): don't let a bogus return value from ->open() et.al. to
+ confuse us
+ - [armel/kirkwood] dts: use unique machine name for ds112
+ - bonding: Fix ARP monitor validation
+ - af_unix: Don't set err in unix_stream_read_generic unless there was
+ an error
+ - net: phy: bcm7xxx: Fix shadow mode 2 disabling
+ - net/mlx4_en: Count HW buffer overrun only once
+ - net/mlx4_en: Choose time-stamping shift value according to HW frequency
+ - net/mlx4_en: Avoid changing dev->features directly in run-time
+ - unix_diag: fix incorrect sign extension in unix_lookup_by_ino
+ - af_iucv: Validate socket address length in iucv_sock_bind()
+ - net: dp83640: Fix tx timestamp overflow handling.
+ - tcp: fix NULL deref in tcp_v4_send_ack()
+ - ipv6/udp: use sticky pktinfo egress ifindex on connect()
+ - tg3: Fix for tg3 transmit queue 0 timed out when too many gso_segs
+ - ipv4: fix memory leaks in ip_cmsg_send() callers
+ - pppoe: fix reference counting in PPPoE proxy
+ - route: check and remove route cache when we get route
+ - rtnl: RTM_GETNETCONF: fix wrong return value
+ - sctp: Fix port hash table size computation
+ - target: Fix LUN_RESET active TMR descriptor handling
+ - target: Fix LUN_RESET active I/O handling for ACK_KREF
+ - target: Fix TAS handling for multi-session se_node_acls
+ - target: Fix remote-port TMR ABORT + se_cmd fabric stop
+ - target: Fix race with SCF_SEND_DELAYED_TAS handling
+ - libata: fix HDIO_GET_32BIT ioctl
+ - [media] adv7604: fix tx 5v detect regression
+ - [armhf] usb: chipidea: otg: change workqueue ci_otg as freezable
+ - Revert "jffs2: Fix lock acquisition order bug in jffs2_write_begin"
+ - jffs2: Fix page lock / f->sem deadlock
+ - Fix directory hardlinks from deleted directories
+ - [x86] iommu/amd: Fix boot warning when device 00:00.0 is not iommu covered
+ - vfio: fix ioctl error handling
+ - ALSA: timer: Fix broken compat timer user status ioctl
+ - cifs: fix out-of-bounds access in lease parsing
+ - CIFS: Fix SMB2+ interim response processing for read requests
+ - Fix cifs_uniqueid_to_ino_t() function for s390x
+ - [arm*] KVM: Fix ioctl error handling
+ - ALSA: hdspm: Fix wrong boolean ctl value accesses
+ - ALSA: hdspm: Fix zero-division
+ - ALSA: hdsp: Fix wrong boolean ctl value accesses
+ - ALSA: seq: oss: Don't drain at closing a client
+ - drm/ast: Fix incorrect register check for DRAM width
+ - drm/radeon/pm: update current crtc info after setting the powerstate
+ - PM / sleep / x86: Fix crash on graph trace through x86 suspend
+ - ALSA: hda - Fix mic issues on Acer Aspire E1-472
+ - [mips*] traps: Fix SIGFPE information leak from `do_ov' and
+ `do_trap_or_bp'
+ - ubi: Fix out of bounds write in volume update code
+ - IB/core: Use GRH when the path hop-limit > 0
+ - wext: fix message delay/ordering
+ - cfg80211/wext: fix message ordering
+ - mac80211: fix use of uninitialised values in RX aggregation
+ - mac80211: minstrel_ht: set default tx aggregation timeout to 0
+ - can: gs_usb: fixed disconnect bug by removing erroneous use of kfree()
+ - target: Drop incorrect ABORT_TASK put for completed commands
+ - [powerpc*] KVM: Book3S HV: Sanitize special-purpose register values
+ on guest exit
+ - [x86] KVM: VMX: disable PEBS before a guest entry
+ - Revert "drm/radeon/pm: adjust display configuration after powerstate"
+ - tcp: convert cached rtt from usec to jiffies when feeding initial rto
+ - net/mlx4_core: Allow resetting VF admin mac to zero
+ - mld, igmp: Fix reserved tailroom calculation
+ - ipv6: re-enable fragment header matching in ipv6_find_hdr
+ - net: moxa: fix an error code
- - cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind (CVE-2016-3951)
+ - ext4: iterate over buffer heads correctly in move_extent_per_page()
- - Input: aiptek - fix crash on detecting device without endpoints
- (CVE-2015-7515)
+ - bcache: add mutex lock for bch_is_open
+ - [x86] KVM: move steal time initialization to vcpu entry time
+ - efi: Use ucs2_as_utf8 in efivarfs instead of open coding a bad version
+ - efi: Do variable name validation tests in utf8
+ - efi: Make our variable validation list include the guid
+ - efi: Make efivarfs entries immutable by default
+ - efi: Add pstore variables to the deletion whitelist
+ - lib/ucs2_string: Correct ucs2 -> utf8 conversion
+ - tracing: Fix check for cpu online when event is disabled
+ http://kernel.ubuntu.com/stable/ChangeLog-3.16.7-ckt27
- - ipv4: Don't do expensive useless work during inetdev destroy.
- (CVE-2016-3156)
- - Input: powermate - fix oops with malicious USB descriptors (CVE-2016-2186)
+ - USB: iowarrior: fix oops with malicious USB descriptors (CVE-2016-2188)
- - ALSA: usb-audio: Fix NULL dereference in create_fixed_stream_quirk()
- (CVE-2016-2184)
- - ALSA: usb-audio: Add sanity checks for endpoint accesses (CVE-2016-2184)
- - include/linux/poison.h: fix LIST_POISON{1,2} offset (CVE-2016-0821)
+ - cpu: Defer smpboot kthread unparking until CPU known to scheduler
+ - ipr: Fix out-of-bounds null overwrite
+ - ipr: Fix regression when loading firmware
- - Input: ati_remote2 - fix crashes on detecting device with invalid
- descriptor (CVE-2016-2185)
- - USB: cdc-acm: more sanity checking (CVE-2016-3138)
+ - ceph: fix request time stamp encoding (Closes: #823907)
- - [amd64] iopl: Properly context-switch IOPL on Xen PV (CVE-2016-3157)
+ - staging: comedi: ni_tiocmd: change mistaken use of start_src for start_arg
+ - drm/radeon: hold reference to fences in radeon_sa_bo_new (3.17 and older)
+ - [x86] Drivers: hv: vmbus: prevent cpu offlining on newer hypervisors
+ https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.35
+ - [x86] EDAC, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr()
+ - [x86] crypto: ccp - Add hash state import and export support
+ - [armhf] PCI: imx6: Remove broken Gen2 workaround
+ - [armhf] PCI: imx6: Move link up check into imx6_pcie_wait_for_link()
+ - tty: Fix GPF in flush_to_ldisc(), part 2
+ - media: v4l2-compat-ioctl32: fix missing length copy in put_v4l2_buffer32
+ - [x86] crypto: ccp - Limit the amount of information exported
+ - xc2028: avoid use after free
+ - xc2028: unlock on error in xc2028_set_config()
+ - nbd: ratelimit error msgs after socket close
+ - [x86] crypto: ccp - Don't assume export/import areas are aligned
+ - 8250: use callbacks to access UART_DLL/UART_DLM
+ - net: irda: Fix use-after-free in irtty_open()
+ - [armhf] dts: armada-375: use armada-370-sata for SATA
+ - mtd: map: fix .set_vpp() documentation
+ - usb: retry reset if a device times out
+ - HID: logitech: fix Dual Action gamepad support
+ - HID: core: do not scan reports if the group is already set
+ - HID: fix hid_ignore_special_drivers module parameter
+ - [armhf] regulator: s5m8767: fix get_register() error handling
+ - saa7134: Fix bytesperline not being set correctly for planar formats
+ - [armhf] OMAP3: Add cpuidle parameters table for omap3430
+ - [x86] mei: fix possible integer overflow issue
+ - [x86] mei: fix format string in debug prints
+ - aacraid: Fix memory leak in aac_fib_map_free
+ - mac80211: fix unnecessary frame drops in mesh fwding
+ - mac80211: avoid excessive stack usage in sta_info
+ - mac80211: fix memory leak
+ - mtd: onenand: fix deadlock in onenand_block_markbad
+ - [armel/versatile] clk: sp810: support reentrance
+ - md/raid5: Compare apples to apples (or sectors to sectors)
+ - [x86] crypto: ccp - memset request context to zero during import
+ - mmc: sdhci: fix data timeout
+ - IB/srpt: Simplify srpt_handle_tsk_mgmt()
+ - bttv: Width must be a multiple of 16 when capturing planar formats
+ - nfsd4: fix bad bounds checking
+ - net/mlx5: Make command timeout way shorter
+ - xfs: fix two memory leaks in xfs_attr_list.c error paths
+ - drivers/misc/ad525x_dpot: AD5274 fix RDAC read back errors
+ - mtip32xx: Fix broken service thread handling
+ - mtip32xx: Remove unwanted code from taskfile error handler
+ - mtip32xx: Avoid issuing standby immediate cmd during FTL rebuild
+ - [amd64] clk: xgene: Add missing parenthesis when clearing divider value
+ - of: alloc anywhere from memblock if range not specified
+ - usb: hub: fix a typo in hub_port_init() leading to wrong logic
+ - [x86] KVM: i8254: change PIT discard tick policy
+ - sched/cputime: Fix steal time accounting vs. CPU hotplug
+ - ipvs: correct initial offset of Call-ID header search in SIP
+ persistence engine
+ - mwifiex: fix corner case association failure
+ - perf/core: Fix perf_sched_count derailment
+ - [x86] perf/intel: Use PAGE_SIZE for PEBS buffer size on Core2
+ - [x86] perf/intel: Fix PEBS warning by only restoring active PMU in pmi
+ - [x86] perf/intel: Add definition for PT PMI bit
+ - [x86] perf/pebs: Add workaround for broken OVFL status on HSW+
+ - [x86] perf/intel: Fix PEBS data source interpretation on Nehalem/Westmere
+ - sched/cputime: Fix steal_account_process_tick() to always return jiffies
+ - bcache: Fix more early shutdown bugs
+ - bcache: cleaned up error handling around register_cache()
+ - bcache: fix cache_set_flush() NULL pointer dereference on OOM
+ - [x86] PCI: Mark Broadwell-EP Home Agent & PCU as having non-compliant BARs
+ - be2iscsi: set the boot_kset pointer to NULL in case of failure
+ - [x86] drm/radeon: add a PX quirk list
+ - [x86] drm/radeon: add PX quirk for asus K53TK
+ - drm/radeon: Don't drop DP 2.7 Ghz link setup on some cards.
+ - sg: fix dxferp in from_to case
+ - jbd2: fix FS corruption possibility in jbd2_journal_destroy() on
+ umount path
+ - sctp: fix the transports round robin issue when init is retransmitted
+ - [x86] ALSA: intel8x0: Add clock quirk entry for AD1981B on IBM
+ ThinkPad X41.
+ - fuse: do not use iocb after it may have been freed
+ - [s390x] pci: extract software counters from fmb
+ - [s390x] pci: enforce fmb page boundary rule
+ - net: Fix use after free in the recvmmsg exit path
+ - mlx4: add missing braces in verify_qp_parameters
+ - ath9k: fix buffer overrun for ar9287
+ - md: multipath: don't hardcopy bio in .make_request path
+ - HID: i2c-hid: fix OOB write in i2c_hid_set_or_send_report()
+ - ALSA: hda - Fix unconditional GPIO toggle via automute
+ - gpiolib: Fix comment referring to gpio_*() in gpiod_*()
+ - nfsd: fix deadlock secinfo+readdir compound
+ - vfs: show_vfsstat: do not ignore errors from show_devname method
+ - ppp: ensure file->private_data can't be overridden
+ - [x86] iopl: Fix iopl capability check on Xen PV
+ - sunrpc/cache: drop reference when sunrpc_cache_pipe_upcall() detects
+ a race
+ - Input: ims-pcu - sanity check against missing interfaces
+ - Input: synaptics - handle spurious release of trackstick buttons, again
+ - [x86] apic: Fix suspicious RCU usage in
+ smp_trace_call_function_interrupt()
+ - USB: usb_driver_claim_interface: add sanity checking
+ - tracing: Have preempt(irqs)off trace preempt disabled functions
+ - lpfc: fix misleading indentation
+ - tracing: Fix crash from reading trace_pipe with sendfile
+ - splice: handle zero nr_pages in splice_to_pipe()
+ - ethernet: micrel: fix some error codes
+ - tunnels: Don't apply GRO to multiple layers of encapsulation.
+ - [armhf] mdio-sun4i: oops in error handling in probe
+ - target: Fix target_release_cmd_kref shutdown comp leak
+ - [x86] KVM: VMX: avoid guest hang on invalid invept instruction
+ - [x86] KVM: fix spin_lock_init order on x86
+ - tracing: Fix trace_printk() to print when not using bprintk()
+ - fs/coredump: prevent fsuid=0 dumps into user-controlled directories
+ - [x86] ALSA: hda - Asus N750JV external subwoofer fixup
+ - [x86] ALSA: hda - Fix white noise on Asus N750JV headphone
+ - [x86] ALSA: hda - Apply fix for white noise on Asus N550JV, too
+ - [x86] ideapad-laptop: Add ideapad Y700 (15) to the no_hw_rfkill DMI list
- - ppp: take reference on channels netns (CVE-2016-4805)
+ - drm/radeon: add a dpm quirk for sapphire Dual-X R7 370 2G D5
+ - ocfs2/dlm: fix race between convert and recovery
+ - ocfs2/dlm: fix BUG in dlm_move_lockres_to_recovery_list
+ - hwmon: (max1111) Return -ENODEV from max1111_read_channel if not
+ instantiated
+ - drm/radeon: add another R7 370 quirk
+ - drm/radeon: add a dpm quirk for all R7 370 parts
+ - ALSA: usb-audio: Minor code cleanup in create_fixed_stream_quirk()
+ - ALSA: usb-audio: Fix double-free in error paths after
+ snd_usb_add_audio_stream() call
- - USB: mct_u232: add sanity checking in probe (CVE-2016-3136)
- - USB: cypress_m8: add endpoint sanity check (CVE-2016-3137)
- - USB: digi_acceleport: do sanity checking for the number of ports
- (CVE-2016-3140)
+ - sd: Fix excessive capacity printing on devices with blocks bigger than
+ 512 bytes
+ - drm/dp: move hw_mutex up the call stack
+ - drm/udl: Use unlocked gem unreferencing
+ - ext4: add lockdep annotations for i_data_sem
+ - [x86] ALSA: hda - fix front mic problem for a HP desktop
+ - [x86] KVM: Inject pending interrupt even if pending nmi exist
+ - ALSA: timer: Use mod_timer() for rearming the system timer
+ - mm: fix invalid node in alloc_migrate_target()
+ - xen/events: Mask a moving irq
+ - compiler-gcc: disable -ftracer for __noclone functions
+ - ip6_tunnel: set rtnl_link_ops before calling register_netdevice
+ - Btrfs: fix file/data loss caused by fsync after rename and new inode
+ - [armhf] gpio: pca953x: Use correct u16 value for register word write
- - CVE-2016-3134
- - netfilter: x_tables: Fix parsing of IPT_SO_SET_REPLACE blobs
- (CVE-2016-3134)
- + validate e->target_offset early
- + make sure e->next_offset covers remaining blob size
- - [x86] mm/32: Enable full randomization on i386 and X86_32 (CVE-2016-3672)
- - usbnet: cleanup after bind() in probe() (CVE-2016-3951)
- - USB: usbip: fix potential out-of-bounds write (CVE-2016-3955)
- - [s390x] mm: four page table levels vs. fork (CVE-2016-2143)
+ - ext4: fix NULL pointer dereference in ext4_mark_inode_dirty()
+ - net: jme: fix suspend/resume on JMC260
+ - sctp: lack the check for ports in sctp_v6_cmp_addr
+ - cdc_ncm: toggle altsetting to force reset before setup
+ - udp6: fix UDP/IPv6 encap resubmit path
+ - macvtap: always pass ethernet header in linear
+ - farsync: fix off-by-one bug in fst_add_one
+ - qlge: Fix receive packets drop.
+ - xfrm: Fix crash observed during device unregistration and decryption
+ - tun, bpf: fix suspicious RCU usage in tun_{attach, detach}_filter
+ - ipv4: l2tp: fix a potential issue in l2tp_ip_recv
+ - ipv6: l2tp: fix a potential issue in l2tp_ip6_recv
+ - ipv6: Count in extension headers in skb->network_header
+ - jme: Do not enable NIC WoL functions on S0
+ - jme: Fix device PM wakeup API usage
+ - netfilter: x_tables: fix unconditional helper
+ - crypto: gcm - Fix rfc4543 decryption crash
+ https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.36
+ - [x86] ASoC: rt5640: Correct the digital interface data select
+ - HID: usbhid: fix inconsistent reset/resume/reset-resume behavior
+ - [armhf] OMAP2+: Only write the sysconfig on idle when necessary
+ - [armhf] OMAP2+: hwmod: Fix updating of sysconfig register
+ - [armhf] regulator: s2mps11: Fix invalid selector mask and voltages
+ for buck9
+ - drm/qxl: fix cursor position with non-zero hotspot
- - Input: gtco - fix crash on detecting device without endpoints
- (CVE-2016-2187)
+ - libahci: save port map for forced port map
+ - [s390x] scm_blk: fix deadlock for requests != REQ_TYPE_FS
+ - assoc_array: don't call compare_object() on a node
+ - [x86] kvm: do not leak guest xcr0 into host interrupt handlers
+ - [x86] ALSA: usb-audio: Skip volume controls triggers hangup on
+ Dell USB Dock
+ - nl80211: check netlink protocol in socket release notification
+ - lib: lz4: fixed zram with lz4 on big endian machines
+ - [x86] usb: xhci: applying XHCI_PME_STUCK_QUIRK to Intel BXT B0 host
+ - usb: xhci: fix wild pointers in xhci_mem_cleanup
+ - USB: uas: Add a new NO_REPORT_LUNS quirk
+ - usb: hcd: out of bounds access in for_each_companion
+ - packet: fix heap info leak in PACKET_DIAG_MCLIST sock_diag interface
+ - regmap: spmi: Fix regmap_spmi_ext_read in multi-byte case
+ - pinctrl: single: Fix pcs_parse_bits_in_pinctrl_entry to use __ffs than ffs
+ - [x86] crypto: ccp - Prevent information leakage on export
+ - [s390x] spinlock: avoid yield to non existent cpu
+ - [x86] drm/i915/userptr: Hold mmref whilst calling get-user-pages
+ - [powerpc*] scan_features() updates incorrect bits for REAL_LE
+ - drm/radeon: add a quirk for a XFX R9 270X
+ - futex: Acknowledge a new waiter in counter before plist
+ - [armhf] net: ethernet: davinci_emac: Fix Unbalanced pm_runtime_enable
+ - [armhf] net: ethernet: davinci_emac: Fix platform_data overwrite
- - atl2: Disable unimplemented scatter/gather feature (CVE-2016-2117)
- - mm: hugetlb: allow hugepages_supported to be architecture specific
+ - [s390x] hugetlb: add hugepages_supported define
- - [x86] mm/xen: Suppress hugetlbfs in PV guests (CVE-2016-3961)
+ - [armhf] i2c: exynos5: Fix possible ABBA deadlock by keeping I2C
+ clock prepared
+ - efi: Fix out-of-bounds read in variable_matches()
+ - batman-adv: Check skb size before using encapsulated ETH+VLAN header
+ - batman-adv: Reduce refcnt of removed router when updating route
+ - batman-adv: Fix broadcast/ogm queue limit on a removed interface
+ - libceph: kfree() in put_osd() shouldn't depend on authorizer
+ - libceph: make authorizer destruction independent of ceph_auth_client
+ - net/mlx4_en: fix spurious timestamping callbacks
+ - [x86] ALSA: hda - Add dock support for ThinkPad X260
+ - workqueue: fix ghost PENDING flag while doing MQ IO
+ - [x86] drm/i915: Fix system resume if PCI device remained enabled
+ - [armhf] SoCFPGA: Fix secondary CPU startup in thumb2 kernel
+ - rbd: fix rbd map vs notify races
- - IB/security: Restrict use of the write() interface (CVE-2016-4565)
+ - mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check
+ - batman-adv: Fix invalid stack access in batadv_dat_select_candidates
+ - batman-adv: fix DAT candidate selection (must use vid)
+ - batman-adv: Fix reference counting of vlan object for tt_local_entry
+ - [x86] EDAC: i7core, sb_edac: Don't return NOTIFY_BAD from mce_decoder
+ callback
+ - atomic_open(): fix the handling of create_error
+ - [x86] Drivers: hv_vmbus: Fix signal to host condition
+ - [x86] Drivers: hv: vmbus: Fix signaling logic in
+ hv_need_to_signal_on_read()
+ - [powerpc*] Fix bad inline asm constraint in create_zero_mask()
+ - Make hash_64() use a 64-bit multiply when appropriate
+ - Minimal fix-up of bad hashing behavior of hash_64()
+ - tracing: Don't display trigger file for events that can't be enabled
+ - drm/radeon: make sure vertical front porch is at least 1
+ - ACPICA: Dispatcher: Update thread ID for recursive method calls
+ - crypto: hash - Fix page length clamping in hash walk
+ - [x86] sysfb_efi: Fix valid BAR address range check
- - fs/pnode.c: treat zero mnt_group_id-s as unequal
- - propogate_mnt: Handle the first propogated copy being a slave
- (CVE-2016-4581)
+ - drm/radeon: fix PLL sharing on DCE6.1 (v2)
+ - proc: prevent accessing /proc/<PID>/environ until it's ready
+ - [x86] tsc: Read all ratio bits from MSR_PLATFORM_INFO
- - get_rock_ridge_filename(): handle malformed NM entries (CVE-2016-4913)
+ - macvtap: segmented packet is consumed
+ - [x86] ALSA: hda - Fix white noise on Asus UX501VW headset
+ - [x86] drm/i915: Bail out of pipe config compute loop on LPT
+ - [x86] ALSA: hda - Fix subwoofer pin on ASUS N751 and N551
+ - ocfs2: dereferencing freed pointers in ocfs2_reflink()
+ - ocfs2: fix posix_acl_create deadlock
+ - nf_conntrack: avoid kernel pointer value leak in slab name
+ - xfs: introduce and use mmap/truncate lock
- - mm: migrate dirty page without clear_page_dirty_for_io etc (CVE-2016-3070)
- - net: fix infoleak in llc (CVE-2016-4485)
- - net: fix infoleak in rtnetlink (CVE-2016-4486)
- - net: fix a kernel infoleak in x25 module (CVE-2016-4580)
+ - [arm64] kernel: fix architected PMU registers unconditional access
+ - mm/balloon_compaction: redesign ballooned pages management
+ - mm/balloon_compaction: fix deflation when compaction is disabled
+ - sched: Replace post_schedule with a balance callback list
+ - sched: Allow balance callbacks for check_class_changed()
+ - sched, rt: Convert switched_{from, to}_rt() / prio_changed_rt() to
+ balance callbacks
+ - sched, dl: Convert switched_{from, to}_dl() / prio_changed_dl() to
+ balance callbacks
+
+ [ Ben Hutchings ]
+ * [amd64] KVM: bit-ops emulation ignores offset on 64-bit (Closes: #818502)
+ * linux-headers: Avoid mixed implicit and normal rules in Makefile, thanks to
+ Thierry Herbelot (Closes: #822666)
+ * Revert "libata: Align ata_device's id on a cacheline" to avoid ABI change
+ * Revert "net/ipv6: add sysctl option accept_ra_min_hop_limit" to avoid
+ ABI change
+ * stable-update: Rewrite stable-update.sh in Python
+ * [s390x] PCI: Ignore zpci ABI changes; these functions are not used by
+ modules
+ * aufs: Make fcntl(F_SETFL, ...) work (Closes: #627782):
+ - for aufs: new f_op->setfl() to support fcntl(F_SETFL)
+ - aufs: implement new f_op->setfl()
+ - fs: Fix ABI change for aufs F_SETFL fix
+ * libceph: Ignore ABI changes; these functions are only used by the
+ ceph filesystem
+ * migrate, sched: Fix ABI changes
+
+ [ Aurelien Jarno ]
+ * [mips*] Emulate unaligned LDXC1 and SDXC1 instructions.
+
+ [ Salvatore Bonaccorso ]
+ * [x86] Add Skylake audio support. Thanks to Yann Soubeyrand and Florian
+ Gillot (Closes: #810219)
+ - ALSA: hda_controller: Separate stream_tag for input and output
+ - ALSA: hda_intel: apply the Seperate stream_tag for Skylake
+ - ALSA: hda_intel: apply the Seperate stream_tag for Sunrise Point
+ * arcmsr: Backport changes up to Linux 4.5 (Closes: #826004)
+
+ -- Ben Hutchings <ben at decadent.org.uk> Sat, 30 Apr 2016 22:07:22 +0200
+
+ linux (3.16.7-ckt25-2+deb8u2) jessie-security; urgency=high
+
+ * Fix backport of "netfilter: x_tables: validate targets of jumps"
+ * netfilter: ensure number of counters is >0 in do_replace()
+
+ -- Ben Hutchings <ben at decadent.org.uk> Sat, 25 Jun 2016 23:36:47 +0200
+
+ linux (3.16.7-ckt25-2+deb8u1) jessie-security; urgency=high
+
+ [ Ben Hutchings ]
+ * include/linux/poison.h: fix LIST_POISON{1,2} offset (CVE-2016-0821)
+ * [s390*] mm: four page table levels vs. fork (CVE-2016-2143)
+ * [amd64] iopl: Properly context-switch IOPL on Xen PV (CVE-2016-3157)
+ * [amd64] entry/compat: Add missing CLAC to entry_INT80_32
+ * netfilter: x_tables: Fix parsing of IPT_SO_SET_REPLACE blobs
+ (CVE-2016-3134, CVE-2016-4997, CVE-2016-4998)
+ - validate e->target_offset early
+ - make sure e->next_offset covers remaining blob size
+ - fix unconditional helper
+ - don't move to non-existent next rule
+ - validate targets of jumps
+ - add and use xt_check_entry_offsets
+ - kill check_entry helper
+ - assert minimum target size
+ - add compat version of xt_check_entry_offsets
+ - check standard target size too
+ - check for bogus target offset
+ - validate all offsets and sizes in a rule
+ - don't reject valid target size on some
+ - arp_tables: simplify translate_compat_table args
+ - ip_tables: simplify translate_compat_table args
+ - ip6_tables: simplify translate_compat_table args
+ - xt_compat_match_from_user doesn't need a retval
+ - do compat validation via translate_table
+ - introduce and use xt_copy_counters_from_user
+ * Ignore ABI change in x_tables
+ * ipv4: Don't do expensive useless work during inetdev destroy.
+ (CVE-2016-3156)
+ * [x86] standardize mmap_rnd() usage
+ * [x86] mm/32: Enable full randomization on i386 and X86_32 (CVE-2016-3672)
+ * usbnet: Fix possible memory corruption after probe failure (CVE-2016-3951)
+ - cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind
+ - usbnet: cleanup after bind() in probe()
+ * atl2: Disable unimplemented scatter/gather feature (CVE-2016-2117)
+ * mm: hugetlb: allow hugepages_supported to be architecture specific
+ * ecryptfs: fix handling of directory opening
+ * ecryptfs: forbid opening files without mmap handler (CVE-2016-1583)
+ * Input: aiptek - fix crash on detecting device without endpoints
+ (CVE-2015-7515)
+ * ALSA: usb-audio: Fix NULL dereference in create_fixed_stream_quirk()
+ (CVE-2016-2184)
+ * ALSA: usb-audio: Add sanity checks for endpoint accesses
+ * Input: ati_remote2 - fix crashes on detecting device with invalid
+ descriptor (CVE-2016-2185)
+ * Input: powermate - fix oops with malicious USB descriptors (CVE-2016-2186)
+ * Input: gtco - fix crash on detecting device without endpoints
+ (CVE-2016-2187)
+ * USB: mct_u232: add sanity checking in probe (CVE-2016-3136)
+ * USB: cypress_m8: add endpoint sanity check (CVE-2016-3137)
+ * USB: cdc-acm: more sanity checking (CVE-2016-3138)
+ * USB: digi_acceleport: do sanity checking for the number of ports
+ (CVE-2016-3140)
+ * mm: migrate dirty page without clear_page_dirty_for_io etc (CVE-2016-3070)
+ * migrate: Fix ABI change
+ * net: fix infoleak in llc (CVE-2016-4485)
+ * net: fix infoleak in rtnetlink (CVE-2016-4486)
+ * net: fix a kernel infoleak in x25 module (CVE-2016-4580)
+ * IB/security: Restrict use of the write() interface (CVE-2016-4565)
+ * ppp: take reference on channels netns (CVE-2016-4805)
+ * KEYS: potential uninitialized variable (CVE-2016-4470)
+
+ [ Salvatore Bonaccorso ]
+ * [x86] USB: usbip: fix potential out-of-bounds write (CVE-2016-3955)
+ * [x86] xen: suppress hugetlbfs in PV guests (CVE-2016-3961)
+ * get_rock_ridge_filename(): handle malformed NM entries (CVE-2016-4913)
+ * fs/pnode.c: treat zero mnt_group_id-s as unequal
+ * propogate_mnt: Handle the first propogated copy being a slave
+ (CVE-2016-4581)
+ * USB: usbfs: fix potential infoleak in devio (CVE-2016-4482)
+ * ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS (CVE-2016-4569)
+ * ALSA: timer: Fix leak in events via snd_timer_user_ccallback or
+ snd_timer_user_tinterrupt (CVE-2016-4578)
+ * tipc: fix an infoleak in tipc_node_get_links (CVE-2016-5243)
+ * rds: fix an infoleak in rds_inc_info_copy (CVE-2016-5244)
+ * nfsd: check permissions when setting ACLs (CVE-2016-1237)
+
+ -- Ben Hutchings <ben at decadent.org.uk> Sat, 25 Jun 2016 12:47:15 +0200
+
linux (3.16.7-ckt25-2) jessie; urgency=medium
* Revert "drm/radeon: hold reference to fences in radeon_sa_bo_new"
diff --cc debian/config/defines
index ac032b4,f7c7373..7f4e234
--- a/debian/config/defines
+++ b/debian/config/defines
@@@ -54,10 -52,7 +54,11 @@@ ignore-changes
scm_detach_fds
scm_fp_dup
af_alg_*
+ xt_compat_match_from_user
+ efivar_validate
+ zpci_disable_device
+ zpci_enable_device
+ zpci_stop_device
[base]
arches:
diff --cc debian/patches/series
index 9d84eb4,2be4b88..e0557b9
--- a/debian/patches/series
+++ b/debian/patches/series
@@@ -631,11 -608,6 +631,41 @@@ features/all/musb/0007-usb-musb-allow-m
features/all/musb/0008-usb-musb-use-is_enabled-for-tusb6010.patch
features/all/musb/0009-usb-musb-fix-order-of-conditions-for-assigning-end-p.patch
+# Skylake audio support
+features/x86/ALSA-hda_controller-Separate-stream_tag-for-input-an.patch
+features/x86/ALSA-hda_intel-apply-the-Seperate-stream_tag-for-Sky.patch
+features/x86/ALSA-hda_intel-apply-the-Seperate-stream_tag-for-Sun.patch
+
++# Security fixes
++bugfix/all/usb-usbfs-fix-potential-infoleak-in-devio.patch
++bugfix/all/alsa-timer-fix-leak-in-sndrv_timer_ioctl_params.patch
++bugfix/all/alsa-timer-fix-leak-in-events-via-snd_timer_user_cca.patch
++bugfix/all/alsa-timer-fix-leak-in-events-via-snd_timer_user_tin.patch
++bugfix/all/tipc-fix-an-infoleak-in-tipc_nl_compat_link_dump.patch
++bugfix/all/rds-fix-an-infoleak-in-rds_inc_info_copy.patch
++bugfix/all/ecryptfs-fix-handling-of-directory-opening.patch
++bugfix/all/ecryptfs-forbid-opening-files-without-mmap-handler.patch
++bugfix/all/keys-potential-uninitialized-variable.patch
++bugfix/all/netfilter-x_tables-don-t-move-to-non-existent-next-r.patch
++bugfix/all/netfilter-x_tables-validate-targets-of-jumps.patch
++bugfix/all/netfilter-x_tables-add-and-use-xt_check_entry_offset.patch
++bugfix/all/netfilter-x_tables-kill-check_entry-helper.patch
++bugfix/all/netfilter-x_tables-assert-minimum-target-size.patch
++bugfix/all/netfilter-x_tables-add-compat-version-of-xt_check_en.patch
++bugfix/all/netfilter-x_tables-check-standard-target-size-too.patch
++bugfix/all/netfilter-x_tables-check-for-bogus-target-offset.patch
++bugfix/all/netfilter-x_tables-validate-all-offsets-and-sizes-in.patch
++bugfix/all/netfilter-x_tables-don-t-reject-valid-target-size-on.patch
++bugfix/all/netfilter-arp_tables-simplify-translate_compat_table.patch
++bugfix/all/netfilter-ip_tables-simplify-translate_compat_table-.patch
++bugfix/all/netfilter-ip6_tables-simplify-translate_compat_table.patch
++bugfix/all/netfilter-x_tables-xt_compat_match_from_user-doesn-t.patch
++bugfix/all/netfilter-x_tables-do-compat-validation-via-translat.patch
++bugfix/all/netfilter-x_tables-introduce-and-use-xt_copy_counter.patch
++bugfix/all/posix_acl-Add-set_posix_acl.patch
++bugfix/all/nfsd-check-permissions-when-setting-ACLs.patch
++bugfix/all/netfilter-ensure-number-of-counters-is-0-in-do_repla.patch
++
# Fix ABI changes
debian/of-fix-abi-changes.patch
debian/iovec-fix-abi-change-in-3.16.7-ckt1.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list