[linux] 01/02: Merge tag 'debian/3.16.7-ckt20-1+deb8u4' into jessie
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Wed Mar 2 20:00:20 UTC 2016
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch jessie
in repository linux.
commit a31b06aff27f72aed6c2911ef12bf252bfcb515f
Merge: e59c2f5 e311865
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Wed Mar 2 14:29:47 2016 +0000
Merge tag 'debian/3.16.7-ckt20-1+deb8u4' into jessie
debian/changelog | 30 +++
debian/config/defines | 5 +
...rd-against-other-sk-in-unix_dgram_sendmsg.patch | 40 ++++
.../all/aio-properly-check-iovec-sizes.patch | 41 ++++
.../alsa-hrtimer-fix-stall-by-hrtimer_cancel.patch | 51 +++++
...missing-null-check-at-remove_events-ioctl.patch | 31 +++
...lsa-seq-fix-race-at-timer-setup-and-close.patch | 35 +++
...sa-timer-fix-double-unlink-of-active_list.patch | 34 +++
.../alsa-timer-fix-race-among-timer-ioctls.patch | 119 +++++++++++
...sa-timer-harden-slave-timer-list-handling.patch | 98 +++++++++
...sb-audio-avoid-freeing-umidi-object-twice.patch | 29 +++
...3-xino-handles-eintr-from-the-dying-proce.patch | 66 ++++++
...s-tiny-extract-a-new-func-xino_fwrite_wkq.patch | 81 +++++++
...ak-infinite-loop-in-fuse_fill_write_pages.patch | 56 +++++
...ix-incorrectly-returning-error-on-success.patch | 38 ++++
...the-per-user-amount-of-pages-allocated-in.patch | 237 +++++++++++++++++++++
...e-make-sure-delayed-work-run-in-local-cpu.patch | 70 ++++++
...flight-fds-in-sending-process-user_struct.patch | 145 +++++++++++++
...fix-invalid-memory-access-in-hub_activate.patch | 88 ++++++++
...barriers-and-document-switch_mm-vs-flush-.patch | 157 ++++++++++++++
...x86-mm-Improve-switch_mm-barrier-comments.patch | 62 ++++++
...=> fix-abi-changes-for-cve-2013-4312-fix.patch} | 26 ++-
debian/patches/series | 21 +-
23 files changed, 1554 insertions(+), 6 deletions(-)
diff --cc debian/changelog
index 8bc6822,b1396c7..70ef9d8
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,248 -1,33 +1,278 @@@
+linux (3.16.7-ckt22-1) UNRELEASED; urgency=medium
+
+ * New upstream stable update:
+ http://kernel.ubuntu.com/stable/ChangeLog-3.16.7-ckt21
+ - irda: precedence bug in irlmp_seq_hb_idx()
+ - macvtap: unbreak receiving of gro skb with frag list
+ - RDS-TCP: Recover correctly from pskb_pull()/pksb_trim() failure in
+ rds_tcp_data_recv
+ - stmmac: Correctly report PTP capabilities.
+ - ipmr: fix possible race resulting from improper usage of IP_INC_STATS_BH()
+ in preemptible context.
+ - sit: fix sit0 percpu double allocations
+ - packet: race condition in packet_bind
+ - net: avoid NULL deref in inet_ctl_sock_destroy()
+ - net: fix a race in dst_release()
+ - Failing to send a CLOSE if file is opened WRONLY and server reboots on a
+ 4.x mount
+ - [x86] xen: Do not clip xen_e820_map to xen_e820_map_entries when
+ sanitizing map
+ - HID: core: Avoid uninitialized buffer access
+ - [media] v4l2-compat-ioctl32: fix alignment for ARM64
+ - [armhf] net: mvneta: Fix CPU_MAP registers initialisation
+ - mtd: mtdpart: fix add_mtd_partitions error path
+ - [armel,armhf] 8426/1: dma-mapping: add missing range check in dma_mmap()
+ - [armel,armhf] 8427/1: dma-mapping: add support for offset parameter in
+ dma_mmap()
+ - spi: ti-qspi: Fix data corruption seen on r/w stress test
+ - lockd: create NSM handles per net namespace
+ - Btrfs: fix file corruption and data loss after cloning inline extents
+ - [armel,armhf] common: edma: Fix channel parameter for irq callbacks
+ - [x86] iommu/vt-d: Fix ATSR handling for Root-Complex integrated endpoints
+ - ext4: fix potential use after free in __ext4_journal_stop
+ - ext4: fix calculation of meta_bg descriptor backups
+ - ext4, jbd2: ensure entering into panic after recording an error in
+ superblock
+ - vTPM: fix memory allocation flag for rtce buffer at kernel boot
+ - spi: dw: explicitly free IRQ handler in dw_spi_remove_host()
+ - media: vb2 dma-contig: Fully cache synchronise buffers in prepare and
+ finish
+ - Bluetooth: hidp: fix device disconnect on idle timeout
+ - Bluetooth: ath3k: Add new AR3012 0930:021c id
+ - Bluetooth: ath3k: Add support of AR3012 0cf3:817b device
+ - spi: atmel: Fix DMA-setup for transfers with more than 8 bits per word
+ - ACPI: Use correct IRQ when uninstalling ACPI interrupt handler
+ - [x86] ALSA: hda/realtek - Dell XPS one ALC3260 speaker no sound after
+ resume back
+ - megaraid_sas: Do not use PAGE_SIZE for max_sectors
+ - [s390x] KVM: SCA must not cross page boundaries
+ - [arm64] Fix compat register mappings
+ - can: Use correct type in sizeof() in nla_put()
+ - mtd: blkdevs: fix potential deadlock + lockdep warnings
+ - Revert "dm mpath: fix stalls when handling invalid ioctls"
+ - [x86] drm/i915: add quirk to enable backlight on Dell Chromebook 11 (2015)
+ - crypto: algif_hash - Only export and import on sockets with data
+ - xtensa: fixes for configs without loop option
+ - megaraid_sas : do not access user memory from IOCTL code
+ - mac80211: fix divide by zero when NOA update
+ - mac80211: allow null chandef in tracing
+ - [x86] KVM: VMX: fix SMEP and SMAP without EPT
+ - [armhf] thermal: exynos: Fix unbalanced regulator disable on probe failure
+ - [x86] ALSA: hda - Apply pin fixup for HP ProBook 6550b
+ - firewire: ohci: fix JMicron JMB38x IT context discovery
+ - scsi: restart list search after unlock in scsi_remove_target
+ - mm: slab: only move management objects off-slab for sizes larger than
+ KMALLOC_MIN_SIZE
+ - [x86] Input: elantech - add Fujitsu Lifebook U745 to force crc_enabled
+ - proc: actually make proc_fd_permission() thread-friendly
+ - [x86] setup: Extend low identity map to cover whole kernel range
+ - [x86] setup: Fix low identity map for >= 2GB kernel range
+ - [x86] cpu: Call verify_cpu() after having entered long mode too
+ - Btrfs: fix race leading to incorrect item deletion when dropping extents
+ - Btrfs: fix race leading to BUG_ON when running delalloc for nodatacow
+ - perf: Fix inherited events vs. tracepoint filters
+ - scsi_sysfs: Fix queue_ramp_up_period return code
+ - Btrfs: fix race when listing an inode's xattrs
+ - [x86] ideapad-laptop: Add Lenovo Yoga 900 to no_hw_rfkill dmi list
+ - [x86] storvsc: Don't set the SRB_FLAGS_QUEUE_ACTION_ENABLE flag
+ - [x86] KVM: Defining missing x86 vectors
+ - drivers: of: of_reserved_mem: fixup the alignment with CMA setup
+ - drm/ast: Initialized data needed to map fbdev memory
+ - FS-Cache: Increase reference of parent after registering, netfs success
+ - FS-Cache: Don't override netfs's primary_index if registering failed
+ - binfmt_elf: Don't clobber passed executable's file header
+ - fs/pipe.c: return error code rather than 0 in pipe_write()
+ - mac80211: fix driver RSSI event calculations
+ - wm831x_power: Use IRQF_ONESHOT to request threaded IRQs
+ - mwifiex: fix mwifiex_rdeeprom_read()
+ - dmaengine: dw: convert to __ffs()
+ - usb: ehci-orion: fix probe for !GENERIC_PHY
+ - devres: fix a for loop bounds check
+ - netfilter: remove dead code
+ - ipv4: Fix ip_queue_xmit to pass sk into ip_local_out_sk
+ - packet: fix match_fanout_group()
+ - hsi: fix double kfree
+ - hsi: omap_ssi_port: Prevent warning if cawake_gpio is not defined.
+ - ALSA: fireworks/bebob/oxfw/dice: enable to make as built-in
+ - drm: Fix return value of drm_framebuffer_init()
+ - ALSA: fireworks: use u32 type for be32_to_cpup() macro
+ - ALSA: bebob: use correct type for __be32 data
+ - tcp: apply Kern's check on RTTs used for congestion control
+ - clk: versatile-icst: fix memory leak
+ - mfd: twl6040: Fix deferred probe handling for clk32k
+ - of/fdt: fix error checking for earlycon address
+ - netfilter: nfnetlink: don't probe module if it exists
+ - xprtrdma: Re-arm after missed events
+ - ceph: fix message length computation
+ - ipv6: fix tunnel error handling
+ - perf trace: Fix documentation for -i
+ - bonding: fix panic on non-ARPHRD_ETHER enslave failure
+ - rtc: ds1307: Fix alarm programming for mcp794xx
+ - TPM: Avoid reference to potentially freed memory
+ - md/raid0: update queue parameter in a safer location.
+ - md/raid0: apply base queue limits *before* disk_stack_limits
+ - drm/radeon: add quirk for MSI R7 370
+ - drm/radeon: add quirk for ASUS R7 370
+ - drm/radeon: fix quirk for MSI R7 370 Armor 2X
+ - tty: fix stall caused by missing memory barrier in drivers/tty/n_tty.c
+ - fs/proc, core/debug: Don't expose absolute kernel addresses via wchan
+ - ALSA: hda - Disable 64bit address for Creative HDA controllers
+ - printk: prevent userland from spoofing kernel messages
+ - FS-Cache: Handle a write to the page immediately beyond the EOF marker
+ http://kernel.ubuntu.com/stable/ChangeLog-3.16.7-ckt22
+ - iio: lpc32xx_adc: fix warnings caused by enabling unprepared clock
+ - iio:ad5064: Make sure ad5064_i2c_write() returns 0 on success
+ - iio: ad5064: Fix ad5629/ad5669 shift
+ - iio:ad7793: Fix ad7785 product ID
+ - [x86] fpu: Fix 32-bit signal frame handling
+ - iio: adc: xilinx: Fix VREFN scale
+ - [x86] drm/i915: quirk backlight present on Macbook 4, 1
+ - USB: qcserial: Add support for Quectel EC20 Mini PCIe module
+ - USB: serial: option: add support for Novatel MiFi USB620L
+ - USB: ti_usb_3410_5052: Add Honeywell HGI80 ID
+ - [x86] drm/i915: get runtime PM reference around GEM set_caching IOCTL
+ - drm/radeon: unconditionally set sysfs_initialized
+ - USB: qcserial: Fix support for HP lt4112 LTE/HSPA+ Gobi 4G Modem
+ - [arm64] kernel: pause/unpause function graph tracer in cpu_suspend()
+ - usb: dwc3: gadget: let us set lower max_speed
+ - usb: chipidea: debug: disable usb irq while role switch
+ - xhci: Workaround to get Intel xHCI reset working more reliably
+ - xhci: Fix a race in usb2 LPM resume, blocking U3 for usb2 devices
+ - [x86] cpu: Fix SMAP check in PVOPS environments
+ - [arm64] restore bogomips information in /proc/cpuinfo
+ - USB: option: add XS Stick W100-2 from 4G Systems
+ - usblp: do not set TASK_INTERRUPTIBLE before lock
+ - fat: fix fake_offset handling on error path
+ - kernel/signal.c: unexport sigsuspend()
+ - ocfs2: fix umask ignored issue
+ - mmc: remove bondage between REQ_META and reliable write
+ - packet: do skb_probe_transport_header when we actually have data
+ - packet: only allow extra vlan len on ethernet devices
+ - packet: fix tpacket_snd max frame len
+ - sctp: translate host order to network order when setting a hmacid
+ - net/mlx4_core: Avoid returning success in case of an error flow
+ - usb: musb: core: fix order of arguments to ulpi write callback
+ - FS-Cache: Add missing initialization of ret in cachefiles_write_page()
+ - macvlan: fix leak in macvlan_handle_frame
+ - packet: always probe for transport header
+ - packet: infer protocol from ethernet header if unset
+ - ip_tunnel: disable preemption when updating per-cpu tstats
+ - snmp: Remove duplicate OUTMCAST stat increment
+ - tcp: initialize tp->copied_seq in case of cross SYN connection
+ - net, scm: fix PaX detected msg_controllen overflow in scm_detach_fds
+ - net: ipmr: fix static mfc/dev leaks on table destruction
+ - net: ip6mr: fix static mfc/dev leaks on table destruction
+ - ipv6: distinguish frag queues by device for multicast and link-local
+ packets
+ - ipv6: add complete rcu protection around np->opt
+ - net/neighbour: fix crash at dumping device-agnostic proxy entries
+ - ipv6: sctp: implement sctp_v6_destroy_sock()
+ - xfs: allow inode allocations in post-growfs disk space (Closes: #802885)
+ - ALSA: usb-audio: add packet size quirk for the Medeli DD305
+ - ALSA: usb-audio: prevent CH345 multiport output SysEx corruption
+ - ALSA: usb-audio: work around CH345 input SysEx corruption
+ - dm thin: restore requested 'error_if_no_space' setting on OODS to WRITE
+ transition
+ - dm: fix ioctl retry termination with signal
+ - ALSA: hda - Add fixup for Acer Aspire One Cloudbook 14
+ - mac: validate mac_partition is within sector
+ - ALSA: hda - Apply HP headphone fixups more generically
+ - fix sysvfs symlinks
+ - vfs: Make sendfile(2) killable even better
+ - vfs: Avoid softlockups with sendfile(2)
+ - nfs4: start callback_ident at idr 1
+ - ALSA: hda - Fix headphone noise after Dell XPS 13 resume back from S3
+ - [arm64] KVM: Fix AArch32 to AArch64 register mapping
+ - drm/radeon: make rv770_set_sw_state failures non-fatal
+ - ALSA: hda - Fix noise on Gigabyte Z170X mobo
+ - drm/radeon: make some dpm errors debug only
+ - nfs: if we have no valid attrs, then don't declare the attribute cache
+ valid
+ - xen/gntdev: Grant maps should not be subject to NUMA balancing
+ - iscsi-target: Fix rx_login_comp hang after login failure
+ - target: Fix race for SCF_COMPARE_AND_WRITE_POST checking
+ - target: fix COMPARE_AND_WRITE non zero SGL offset data corruption
+ - [armel/kirkwood] dts: Fix QNAP TS219 power-off
+ - netfilter: ipt_rpfilter: remove the nh_scope test in
+ rpfilter_lookup_reverse
+ - netfilter: nf_tables: fix bogus warning in nft_data_uninit()
+ - netfilter: ip6t_SYNPROXY: fix NULL pointer dereference
+ - gre6: allow to update all parameters via rtnl
+ - atl1c: Improve driver not to do order 4 GFP_ATOMIC allocation
+ - sctp: use the same clock as if sock source timestamps were on
+ - sctp: update the netstamp_needed counter when copying sockets
+ - ipv6: sctp: clone options to avoid use after free
+ - vlan: Fix untag operations of stacked vlans with REORDER_HEADER off
+ - skbuff: Fix offset error in skb_reorder_vlan_header
+ - af_unix: Revert 'lock_interruptible' in stream receive code
+ - ip6mr: call del_timer_sync() in ip6mr_free_table()
+ - [x86] drm/i915: Disable PSMI sleep messages on all rings around context
+ switches (Closes: #777231)
+ - crypto: nx - Fix timing leak in GCM and CCM decryption
+ - crypto: talitos - Fix timing leak in ESP ICV verification
+ - ASoC: wm8962: correct addresses for HPF_C_0/1
+ - mac80211: mesh: fix call_rcu() usage
+ - mac80211: ensure we don't update tx power on a non-running sdata
+ - can: sja1000: clear interrupts on start
+ - ring-buffer: Update read stamp with first real commit on page
+ - block: Always check queue limits for cloned requests
+ - Fix a memory leak in scsi_host_dev_release()
+ - wan/x25: Fix use-after-free in x25_asy_open_tty()
+ - mac80211: do not actively scan DFS channels
+ - locking: Add WARN_ON_ONCE lock assertion
+ - drm: Fix an unwanted master inheritance v2
+ - sched/core: Clear the root_domain cpumasks in init_rootdomain()
+ - [x86] signal: Fix restart_syscall number for x32 tasks
+ - isdn: Partially revert debug format string usage clean up
+ - remoteproc: avoid stack overflow in debugfs file
+ - [armhf] net: mvneta: add configuration for MBUS windows access protection
+ - [armhf] net: mvneta: fix bit assignment in MVNETA_RXQ_CONFIG_REG
+ - [armhf] net: mvneta: fix bit assignment for RX packet irq enable
+ - ipv4: igmp: Allow removing groups from a removed interface
+ - sched/core: Remove false-positive warning from wake_up_process()
+ - btrfs: fix signed overflows in btrfs_sync_file
+
+ [ Ben Hutchings ]
+ * udeb: Add dm-service-time to multipath-modules (Closes: #806131)
+ * net: Ignore ABI changes due to "ipv6: add complete rcu protection around
+ np->opt", which don't appear to affect out-of-tree modules
+
+ [ Aurelien Jarno ]
+ * [mips*] Add support for MIPS 5KE CPU.
+ * [mips*] Backport math emulation fix from 4.5.
+
+ -- Ben Hutchings <ben at decadent.org.uk> Sun, 22 Nov 2015 23:31:18 +0000
+
+ linux (3.16.7-ckt20-1+deb8u4) jessie-security; urgency=high
+
+ * fuse: break infinite loop in fuse_fill_write_pages() (CVE-2015-8785)
+ * aufs: Fix regression due to "mm: make sendfile(2) killable"
+ (Closes: #812207)
+ - tiny, extract a new func xino_fwrite_wkq()
+ - XINO handles EINTR from the dying process
+ * [x86] mm: Add barriers and document switch_mm()-vs-flush synchronization
+ (CVE-2016-2069)
+ * [x86] mm: Improve switch_mm() barrier comments
+ * pipe: limit the per-user amount of pages allocated in pipes (CVE-2013-4312)
+ * iw_cxgb3: Fix incorrectly returning error on success (CVE-2015-8812)
+ * af_unix: Guard against other == sk in unix_dgram_sendmsg
+ (regression in 3.16.7-ckt20-1+deb8u1)
+ * Revert "workqueue: make sure delayed work run in local cpu"
+ (regression in 3.16.7-ckt20)
+ * ALSA: usb-audio: avoid freeing umidi object twice (CVE-2016-2384)
+ * unix: correctly track in-flight fds in sending process user_struct
+ (regression in 3.16.7-ckt20-1+deb8u3) (CVE-2016-2550)
+ * USB: fix invalid memory access in hub_activate() (CVE-2015-8816)
+ * ALSA: seq: Fix missing NULL check at remove_events ioctl (CVE-2016-2543)
+ * ALSA: seq: Fix race at timer setup and close (CVE-2016-2544)
+ * ALSA: timer: Fix double unlink of active_list (CVE-2016-2545)
+ * ALSA: timer: Fix race among timer ioctls (CVE-2016-2546)
+ * ALSA: timer: Harden slave timer list handling (CVE-2016-2547, CVE-2016-2548)
+ * ALSA: hrtimer: Fix stall by hrtimer_cancel() (CVE-2016-2549)
+ * AIO: properly check iovec sizes
+
+ -- Ben Hutchings <ben at decadent.org.uk> Mon, 29 Feb 2016 00:45:11 +0000
+
linux (3.16.7-ckt20-1+deb8u3) jessie-security; urgency=high
[ Ben Hutchings ]
diff --cc debian/config/defines
index 2e5e424,da0e8a8..65f0652
--- a/debian/config/defines
+++ b/debian/config/defines
@@@ -35,17 -34,11 +35,22 @@@ ignore-changes
tick_nohz_idle_exit
# Apparently not used from OOT
skb_copy_and_csum_datagram_iovec
+ module:net/dccp/dccp
+ fl6_*
+ inet_sk_diag_fill
+ ip6_append_data
+ ip6_datagram_send_ctl
+ ip6_xmit
+ ipv6_dup_options
+ ipv6_fixup_options
+ ipv6_push_nfrag_opts
+ tcp_cong_avoid_ai
+ tcp_slow_start
+ # Not used by OOT modules
+ __scm_destroy
+ __scm_send
+ scm_detach_fds
+ scm_fp_dup
[base]
arches:
diff --cc debian/patches/series
index 7d70a67,3e8728d..3186b86
--- a/debian/patches/series
+++ b/debian/patches/series
@@@ -664,6 -674,24 +664,25 @@@ bugfix/all/usb-serial-visor-fix-crash-o
bugfix/all/sctp-prevent-soft-lockup-when-sctp_accept-is-called-.patch
bugfix/all/tty-fix-unsafe-ldisc-reference-via-ioctl-tiocgetd.patch
bugfix/all/unix-properly-account-for-FDs-passed-over-unix-socke.patch
- debian/unix-fix-abi-change-for-cve-2013-4312-fix.patch
+ bugfix/all/pipe-limit-the-per-user-amount-of-pages-allocated-in.patch
+ debian/fix-abi-changes-for-cve-2013-4312-fix.patch
bugfix/all/KEYS-Fix-keyring-ref-leak-in-join_session_keyring.patch
+debian/drm-fix-abi-change-in-3.16.7-ckt22.patch
+ bugfix/all/fuse-break-infinite-loop-in-fuse_fill_write_pages.patch
+ bugfix/all/aufs-tiny-extract-a-new-func-xino_fwrite_wkq.patch
+ bugfix/all/aufs-for-4.3-xino-handles-eintr-from-the-dying-proce.patch
+ bugfix/x86/x86-mm-Add-barriers-and-document-switch_mm-vs-flush-.patch
+ bugfix/x86/x86-mm-Improve-switch_mm-barrier-comments.patch
+ bugfix/all/iw_cxgb3-Fix-incorrectly-returning-error-on-success.patch
+ bugfix/all/af_unix-guard-against-other-sk-in-unix_dgram_sendmsg.patch
+ bugfix/all/revert-workqueue-make-sure-delayed-work-run-in-local-cpu.patch
+ bugfix/all/alsa-usb-audio-avoid-freeing-umidi-object-twice.patch
+ bugfix/all/unix-correctly-track-in-flight-fds-in-sending-process-user_struct.patch
+ bugfix/all/usb-fix-invalid-memory-access-in-hub_activate.patch
+ bugfix/all/alsa-seq-fix-missing-null-check-at-remove_events-ioctl.patch
+ bugfix/all/alsa-seq-fix-race-at-timer-setup-and-close.patch
+ bugfix/all/alsa-timer-fix-double-unlink-of-active_list.patch
+ bugfix/all/alsa-timer-fix-race-among-timer-ioctls.patch
+ bugfix/all/alsa-timer-harden-slave-timer-list-handling.patch
+ bugfix/all/alsa-hrtimer-fix-stall-by-hrtimer_cancel.patch
+ bugfix/all/aio-properly-check-iovec-sizes.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list