[linux] 01/02: Merge tag 'debian/3.2.73-2+deb7u3' into wheezy
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Wed Mar 2 23:04:38 UTC 2016
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch wheezy
in repository linux.
commit d97aa46c1fe8e939b0ea418406c13033476c4b0c
Merge: 16a315a c1a109b
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Wed Mar 2 15:02:32 2016 +0000
Merge tag 'debian/3.2.73-2+deb7u3' into wheezy
debian/changelog | 37 ++++
debian/config/defines | 5 +
...rd-against-other-sk-in-unix_dgram_sendmsg.patch | 40 ++++
.../alsa-hrtimer-fix-stall-by-hrtimer_cancel.patch | 49 +++++
...missing-null-check-at-remove_events-ioctl.patch | 29 +++
...lsa-seq-fix-race-at-timer-setup-and-close.patch | 33 +++
...sa-timer-fix-double-unlink-of-active_list.patch | 32 +++
.../alsa-timer-fix-race-among-timer-ioctls.patch | 117 ++++++++++
...sa-timer-harden-slave-timer-list-handling.patch | 96 +++++++++
...sb-audio-avoid-freeing-umidi-object-twice.patch | 29 +++
...3-xino-handles-eintr-from-the-dying-proce.patch | 66 ++++++
...s-tiny-extract-a-new-func-xino_fwrite_wkq.patch | 81 +++++++
...ix-incorrectly-returning-error-on-success.patch | 36 ++++
...buffer-offset-after-partially-failed-read.patch | 51 +++++
...the-per-user-amount-of-pages-allocated-in.patch | 238 +++++++++++++++++++++
...t-soft-lockup-when-sctp_accept-is-called-.patch | 180 ++++++++++++++++
...unsafe-ldisc-reference-via-ioctl-tiocgetd.patch | 63 ++++++
...flight-fds-in-sending-process-user_struct.patch | 148 +++++++++++++
...ly-account-for-FDs-passed-over-unix-socke.patch | 129 +++++++++++
...sh-on-detecting-device-without-write_urbs.patch | 31 +++
...barriers-and-document-switch_mm-vs-flush-.patch | 138 ++++++++++++
...x86-mm-Improve-switch_mm-barrier-comments.patch | 62 ++++++
.../fix-abi-changes-for-cve-2013-4312-fix.patch | 49 +++++
debian/patches/series | 22 ++
24 files changed, 1761 insertions(+)
diff --cc debian/changelog
index f43ebf4,f5cd244..6a29982
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,155 -1,40 +1,192 @@@
+linux (3.2.76-1) UNRELEASED; urgency=medium
+
+ * New upstream stable update:
+ http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.74
+ - PCI: Fix devfn for VPD access through function 0
+ - PCI: Use function 0 VPD for identical functions, regular VPD for others
+ - mac80211: fix driver RSSI event calculations
+ - HID: core: Avoid uninitialized buffer access
+ - wm831x_power: Use IRQF_ONESHOT to request threaded IRQs
+ - mwifiex: fix mwifiex_rdeeprom_read()
+ - mtd: mtdpart: fix add_mtd_partitions error path
+ - devres: fix a for loop bounds check
+ - packet: fix match_fanout_group()
+ - Btrfs: added helper btrfs_next_item()
+ - Btrfs: fix file corruption and data loss after cloning inline extents
+ - [x86] iommu/vt-d: Fix ATSR handling for Root-Complex integrated endpoints
+ - Btrfs: don't use ram_bytes for uncompressed inline items
+ - Btrfs: fix truncation of compressed and inlined extents
+ - ext4, jbd2: ensure entering into panic after recording an error in
+ superblock
+ - ACPI: Use correct IRQ when uninstalling ACPI interrupt handler
+ - ALSA: hda - Disable 64bit address for Creative HDA controllers
+ - megaraid_sas: Do not use PAGE_SIZE for max_sectors
+ - can: Use correct type in sizeof() in nla_put()
+ - mtd: blkdevs: fix potential deadlock + lockdep warnings
+ - crypto: algif_hash - Only export and import on sockets with data
+ - megaraid_sas : do not access user memory from IOCTL code
+ - ipv6: fix tunnel error handling
+ - ALSA: hda - Apply pin fixup for HP ProBook 6550b
+ - firewire: ohci: fix JMicron JMB38x IT context discovery
+ - scsi: restart list search after unlock in scsi_remove_target
+ - [amd64] cpu: Call verify_cpu() after having entered long mode too
+ - Btrfs: fix race leading to incorrect item deletion when dropping extents
+ - Btrfs: fix race leading to BUG_ON when running delalloc for nodatacow
+ - perf: Fix inherited events vs. tracepoint filters
+ - scsi_sysfs: Fix queue_ramp_up_period return code
+ - Btrfs: fix race when listing an inode's xattrs
+ - net: fix a race in dst_release()
+ - FS-Cache: Increase reference of parent after registering, netfs success
+ - FS-Cache: Don't override netfs's primary_index if registering failed
+ - FS-Cache: Handle a write to the page immediately beyond the EOF marker
+ - binfmt_elf: Don't clobber passed executable's file header
+ - fs: make dumpable=2 require fully qualified path
+ - fs: if a coredump already exists, unlink and recreate with O_EXCL
+ - irda: precedence bug in irlmp_seq_hb_idx()
+ - RDS-TCP: Recover correctly from pskb_pull()/pksb_trim() failure in
+ rds_tcp_data_recv
+ - ipmr: fix possible race resulting from improper usage of IP_INC_STATS_BH()
+ in preemptible context.
+ - net: avoid NULL deref in inet_ctl_sock_destroy()
+ http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.75
+ - fuse: break infinite loop in fuse_fill_write_pages()
+ - sctp: translate host order to network order when setting a hmacid
+ - ALSA: usb-audio: add packet size quirk for the Medeli DD305
+ - ALSA: usb-audio: prevent CH345 multiport output SysEx corruption
+ - ALSA: usb-audio: work around CH345 input SysEx corruption
+ - usb: musb: core: fix order of arguments to ulpi write callback
+ - ASoC: wm8962: correct addresses for HPF_C_0/1
+ - net: fix __netdev_update_features return on ndo_set_features failure
+ - FS-Cache: Add missing initialization of ret in cachefiles_write_page()
+ - mac80211: mesh: fix call_rcu() usage
+ - macvlan: fix leak in macvlan_handle_frame
+ - xhci: Add XHCI_INTEL_HOST quirk
+ - xhci: Workaround to get Intel xHCI reset working more reliably
+ - usblp: do not set TASK_INTERRUPTIBLE before lock
+ - mac: validate mac_partition is within sector
+ - ip6mr: call del_timer_sync() in ip6mr_free_table()
+ - net: ip6mr: fix static mfc/dev leaks on table destruction
+ - can: sja1000: clear interrupts on start
+ - USB: cp210x: Remove CP2110 ID from compatibility list
+ - USB: cdc-acm - Add IGNORE_DEVICE quirk
+ - USB: cdc_acm: Ignore Infineon Flash Loader utility
+ - fix sysvfs symlinks
+ - vfs: Make sendfile(2) killable even better
+ - vfs: Avoid softlockups with sendfile(2)
+ - broadcom: fix PHY_ID_BCM5481 entry in the id table
+ - ring-buffer: Update read stamp with first real commit on page
+ - ext4: Fix handling of extended tv_sec
+ - jbd2: Fix unreclaimed pages after truncate in data=journal mode
+ - nfs: if we have no valid attrs, then don't declare the attribute cache
+ valid
+ - AHCI: Fix softreset failed issue of Port Multiplier
+ - sata_sil: disable trim
+ - wan/x25: Fix use-after-free in x25_asy_open_tty()
+ - USB: whci-hcd: add check for dma mapping error
+ - usb: Use the USB_SS_MULT() macro to decode burst multiplier for log message
+ - dm btree: fix leak of bufio-backed block in btree_split_sibling error path
+ - ipv4: igmp: Allow removing groups from a removed interface
+ - locking: Add WARN_ON_ONCE lock assertion
+ - sched/core: Remove false-positive warning from wake_up_process()
+ - sched/core: Clear the root_domain cpumasks in init_rootdomain()
+ - usb: xhci: fix config fail of FS hub behind a HS hub with MTT
+ - ALSA: rme96: Fix unexpected volume reset after rate changes
+ - 9p: ->evict_inode() should kick out ->i_data, not ->i_mapping
+ - ipmi: move timer init to before irq is setup
+ - dm btree: fix bufio buffer leaks in dm_btree_del() error path
+ - vgaarb: fix signal handling in vga_get()
+ - mm, vmstat: allow WQ concurrency to discover memory reclaim doesn't make
+ any progress
+ - mm: hugetlb: call huge_pte_alloc() only if ptep is null
+ - snmp: Remove duplicate OUTMCAST stat increment
+ - tcp: initialize tp->copied_seq in case of cross SYN connection
+ - net, scm: fix PaX detected msg_controllen overflow in scm_detach_fds
+ - net: ipmr: fix static mfc/dev leaks on table destruction
+ - ipv6: distinguish frag queues by device for multicast and link-local
+ packets
+ - dccp: remove unnecessary codes in ipv6.c
+ - ipv6: add complete rcu protection around np->opt
+ - ipv6: sctp: implement sctp_v6_destroy_sock()
+ - atl1c: Improve driver not to do order 4 GFP_ATOMIC allocation
+ - sctp: update the netstamp_needed counter when copying sockets
+ - ipv6: sctp: clone options to avoid use after free
+ - af_unix: Revert 'lock_interruptible' in stream receive code
+ - af_unix: fix a fatal race with bit fields
+ http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.76
+ - sctp: start t5 timer only when peer rwnd is 0 and local state is
+ SHUTDOWN_PENDING
+ - ipv6: sctp: fix lockdep splat in sctp_v6_get_dst()
+ - video: fbdev: fsl: Fix kernel crash when diu_ops is not implemented
+ - crypto: skcipher - Copy iv from desc even for 0-len walks
+ - rfkill: copy the name into the rfkill struct
+ - ses: Fix problems with simple enclosures
+ - ses: fix additional element traversal bug
+ - tty: Fix GPF in flush_to_ldisc()
+ - ALSA: tlv: compute TLV_*_ITEM lengths automatically
+ - ALSA: tlv: add DECLARE_TLV_DB_RANGE()
+ - ALSA: usb-audio: Add a more accurate volume quirk for AudioQuest DragonFly
+ - sh_eth: fix TX buffer byte-swapping
+ - mISDN: fix a loop count
+ - ser_gigaset: fix deallocation of platform device structure
+ - spi: fix parent-device reference leak
+ - [s390*] dis: Fix handling of format specifiers
+ - USB: ipaq.c: fix a timeout loop
+ - USB: fix invalid memory access in hub_activate()
+ - ipv6/addrlabel: fix ip6addrlbl_get()
+ - ocfs2: fix BUG when calculate new backup super
+ - mm/memory_hotplug.c: check for missing sections in test_pages_in_a_zone()
+ - [mips*] Fix restart of indirect syscalls
+ - net/core: revert "net: fix __netdev_update_features return.." and add
+ comment
+ - genirq: Prevent chip buslock deadlock
+ - net: possible use after free in dst_release
+ - [x86] kvm: only channel 0 of the i8254 is linked to the HPET
+ - vmstat: allocate vmstat_wq before it is used
+ - cdrom: Random writing support for BD-RE media
+
+ [ Ben Hutchings ]
+ * net: Ignore ABI changes due to "ipv6: add complete rcu protection around
+ np->opt", which don't appear to affect out-of-tree modules
+
+ -- Ben Hutchings <ben at decadent.org.uk> Sat, 23 Jan 2016 23:02:51 +0000
+
+ linux (3.2.73-2+deb7u3) wheezy-security; urgency=high
+
+ [ Ben Hutchings ]
+ * usb: serial: visor: fix crash on detecting device without write_urbs
+ (CVE-2015-7566)
+ * sctp: Prevent soft lockup when sctp_accept() is called during a timeout event
+ (CVE-2015-8767)
+ * tty: Fix unsafe ldisc reference via ioctl(TIOCGETD) (CVE-2016-0723)
+ * fuse: break infinite loop in fuse_fill_write_pages() (CVE-2015-8785)
+ * [x86] mm: Add barriers and document switch_mm()-vs-flush synchronization
+ (CVE-2016-2069)
+ * [x86] mm: Improve switch_mm() barrier comments
+ * pipe: limit the per-user amount of pages allocated in pipes (CVE-2013-4312)
+ * iw_cxgb3: Fix incorrectly returning error on success (CVE-2015-8812)
+ * aufs: Fix regression due to "mm: make sendfile(2) killable"
+ (Closes: #812207)
+ - tiny, extract a new func xino_fwrite_wkq()
+ - XINO handles EINTR from the dying process
+ * af_unix: Guard against other == sk in unix_dgram_sendmsg
+ (regression in 3.2.73-2+deb7u1)
+ * pipe: Fix buffer offset after partially failed read (CVE-2016-0774)
+ * ALSA: usb-audio: avoid freeing umidi object twice (CVE-2016-2384)
+ * unix: correctly track in-flight fds in sending process user_struct
+ (CVE-2016-2550)
+ * USB: fix invalid memory access in hub_activate() (CVE-2015-8816)
+ * ALSA: seq: Fix missing NULL check at remove_events ioctl (CVE-2016-2543)
+ * ALSA: seq: Fix race at timer setup and close (CVE-2016-2544)
+ * ALSA: timer: Fix double unlink of active_list (CVE-2016-2545)
+ * ALSA: timer: Fix race among timer ioctls (CVE-2016-2546)
+ * ALSA: timer: Harden slave timer list handling (CVE-2016-2547, CVE-2016-2548)
+ * ALSA: hrtimer: Fix stall by hrtimer_cancel() (CVE-2016-2549)
+
+ [ Salvatore Bonaccorso ]
+ * unix: properly account for FDs passed over unix sockets (CVE-2013-4312)
+
+ -- Ben Hutchings <ben at decadent.org.uk> Sun, 28 Feb 2016 23:14:54 +0000
+
linux (3.2.73-2+deb7u2) wheezy-security; urgency=medium
* net: add validation for the socket syscall protocol argument (CVE-2015-8543)
diff --cc debian/config/defines
index 790b71f,3db32ec..7e9ea91
--- a/debian/config/defines
+++ b/debian/config/defines
@@@ -77,17 -77,11 +77,22 @@@ ignore-changes
module:sound/pci/emu10k1/*
# Apparently not used from OOT
skb_copy_and_csum_datagram_iovec
+ module:net/dccp/dccp
+ fl6_*
+ inet_sk_diag_fill
+ ip6_append_data
+ ip6_datagram_send_ctl
+ ip6_xmit
+ ipv6_dup_options
+ ipv6_fixup_options
+ ipv6_push_nfrag_opts
+ tcp_cong_avoid_ai
+ tcp_slow_start
+ # Not used by OOT modules
+ __scm_destroy
+ __scm_send
+ scm_detach_fds
+ scm_fp_dup
[base]
arches:
diff --cc debian/patches/series
index 7501feb,3e8088a..27c9952
--- a/debian/patches/series
+++ b/debian/patches/series
@@@ -1163,7 -1165,51 +1163,29 @@@ bugfix/all/media-usbvision-video-fix-me
bugfix/all/media-usbvision-fix-leak-of-usb_dev-on-failure-paths.patch
bugfix/all/usbvision-fix-overflow-of-interfaces-array.patch
bugfix/all/media-usbvision-fix-crash-on-detecting-device-with-i.patch
-bugfix/all/isdn_ppp-add-checks-for-allocation-failure-in-isdn_p.patch
-bugfix/all/ppp-slip-validate-vj-compression-slot-parameters-com.patch
-bugfix/x86/kvm-svm-unconditionally-intercept-db.patch
-bugfix/all/splice-sendfile-at-once-fails-for-big-files.patch
-bugfix/all/unix-avoid-use-after-free-in-ep_remove_wait_queue.patch
debian/af_unix-avoid-abi-changes.patch
-bugfix/all/net-add-validation-for-the-socket-syscall-protocol-a.patch
-bugfix/all/xen-add-ring_copy_request.patch
-bugfix/all/xen-netback-don-t-use-last-request-to-determine-mini.patch
-bugfix/all/xen-netback-use-ring_copy_request-throughout.patch
-bugfix/all/xen-blkback-only-read-request-operation-from-shared-.patch
-bugfix/all/xen-pciback-save-xen_pci_op-commands-before-processi.patch
-bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msi-wh.patch
-bugfix/all/xen-pciback-return-error-on-xen_pci_op_enable_msix-w.patch
-bugfix/all/xen-pciback-do-not-install-an-irq-handler-for-msi-in.patch
-bugfix/all/xen-pciback-for-xen_pci_op_disable_msi-x-only-disabl.patch
-bugfix/all/xen-pciback-don-t-allow-msi-x-ops-if-pci_command_mem.patch
-bugfix/all/pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch
-bugfix/all/bluetooth-validate-socket-address-length-in-sco_sock.patch
-bugfix/all/keys-fix-race-between-read-and-revoke.patch
-bugfix/x86/KVM-x86-Reload-pit-counters-for-all-channels-when-re.patch
-bugfix/all/revert-net-add-length-argument-to-skb_copy_and_csum_datagram_iovec.patch
-bugfix/all/udp-properly-support-msg_peek-with-truncated-buffers.patch
bugfix/all/drm-radeon-fix-hotplug-race-at-startup.patch
bugfix/all/revert-xhci-don-t-finish-a-td-if-we-get-a-short-transfer.patch
+debian/enclosure-fix-abi-change-in-2.6.32.70.patch
+ bugfix/all/usb-serial-visor-fix-crash-on-detecting-device-without-write_urbs.patch
+ bugfix/all/sctp-prevent-soft-lockup-when-sctp_accept-is-called-.patch
+ bugfix/all/tty-fix-unsafe-ldisc-reference-via-ioctl-tiocgetd.patch
+ bugfix/all/unix-properly-account-for-FDs-passed-over-unix-socke.patch
+ bugfix/all/pipe-limit-the-per-user-amount-of-pages-allocated-in.patch
+ debian/fix-abi-changes-for-cve-2013-4312-fix.patch
-bugfix/all/fuse-break-infinite-loop-in-fuse_fill_write_pages.patch
+ bugfix/x86/x86-mm-Add-barriers-and-document-switch_mm-vs-flush-.patch
+ bugfix/x86/x86-mm-Improve-switch_mm-barrier-comments.patch
+ bugfix/all/iw_cxgb3-Fix-incorrectly-returning-error-on-success.patch
+ bugfix/all/aufs-tiny-extract-a-new-func-xino_fwrite_wkq.patch
+ bugfix/all/aufs-for-4.3-xino-handles-eintr-from-the-dying-proce.patch
+ bugfix/all/af_unix-guard-against-other-sk-in-unix_dgram_sendmsg.patch
+ bugfix/all/pipe-fix-buffer-offset-after-partially-failed-read.patch
+ bugfix/all/alsa-usb-audio-avoid-freeing-umidi-object-twice.patch
+ bugfix/all/unix-correctly-track-in-flight-fds-in-sending-process-user_struct.patch
-bugfix/all/usb-fix-invalid-memory-access-in-hub_activate.patch
+ bugfix/all/alsa-seq-fix-missing-null-check-at-remove_events-ioctl.patch
+ bugfix/all/alsa-seq-fix-race-at-timer-setup-and-close.patch
+ bugfix/all/alsa-timer-fix-double-unlink-of-active_list.patch
+ bugfix/all/alsa-timer-fix-race-among-timer-ioctls.patch
+ bugfix/all/alsa-timer-harden-slave-timer-list-handling.patch
+ bugfix/all/alsa-hrtimer-fix-stall-by-hrtimer_cancel.patch
++
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list