[linux] branch jessie updated (da6af8d -> e03156a)
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Sun Apr 2 01:34:12 UTC 2017
This is an automated email from the git hooks/post-receive script.
benh pushed a change to branch jessie
in repository linux.
from da6af8d sunrpc: fix refcounting problems with auth_gss messages
adds 6e439ff ipc/shm: Fix shmat mmap nil-page protection (CVE-2017-5669)
adds 4c00f8e sctp: avoid BUG_ON on sctp_wait_for_sndbuf (CVE-2017-5986)
adds 21d0ee3 sctp: deny peeloff operation on asocs with threads sleeping on it (CVE-2017-6353)
adds 61f1eb2 tcp: avoid infinite loop in tcp_splice_read() (CVE-2017-6214)
adds 7ef49ff net/llc: avoid BUG_ON() in skb_orphan() (CVE-2017-6345)
adds ff9712a packet: fix races in fanout_add() (CVE-2017-6346)
adds 9c0afc8 net/sock: Add sock_efree() function
adds b84f10d TTY: n_hdlc, fix lockdep false positive
adds 6641433 tty: n_hdlc: get rid of racy n_hdlc.tbuf (CVE-2017-2636)
adds b0db7e1 [x86] kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF) (CVE-2016-9588)
adds 93f6d43 irda: Fix locking in hashbin_delete() (CVE-2017-6348)
adds 08a4215 Prepare to release linux (3.16.39-1+deb8u2).
new f2c5e3c Merge tag 'debian/3.16.39-1+deb8u2' into jessie
new 83509f3 Update to 3.16.42
new 770f0e4 ext4: fix fencepost in s_first_meta_bg validation (regression in 3.16.41)
adds a59d773 timer: Restrict timer_stats to initial PID namespace (CVE-2017-5967)
adds 57753e8 mbcache: Reschedule before restarting iteration in mb_cache_entry_alloc()
adds 0a86879 mnt: Add a per mount namespace limit on the number of mounts (CVE-2016-6213)
adds ccfdfd2 vfs: Commit to never having executables on proc and sysfs
adds 51c19d7 aio: mark AIO pseudo-fs noexec (CVE-2016-10044)
adds 71b7929 l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (CVE-2016-10200)
adds 54fe5e5 ext4: validate s_first_meta_bg at mount time (CVE-2016-10208)
new e03156a Merge branch 'jessie-security' into jessie
The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.
Summary of changes:
debian/changelog | 593 +++++++++++++++-
debian/config/defines | 6 +
.../bugfix/all/aio-mark-aio-pseudo-fs-noexec.patch | 58 ++
.../alsa-pcm-call-kill_fasync-in-stream-lock.patch | 43 --
...reeing-skb-too-early-for-IPV6_RECVPKTINFO.patch | 47 --
.../all/dccp-limit-sk_filter-trim-to-payload.patch | 94 ---
...x-fencepost-in-s_first_meta_bg-validation.patch | 30 +
.../fbdev-color-map-copying-bounds-checking.patch | 80 ---
...entry-to-inode_change_ok-instead-of-inode.patch | 678 ------------------
...-propagate-dentry-down-to-inode_change_ok.patch | 68 --
.../hid-core-prevent-out-of-bound-readings.patch | 43 --
.../all/ip6_gre-fix-ip6gre_err-invalid-reads.patch | 98 ---
...-skb-dst-around-in-presence-of-ip-options.patch | 43 --
...tarting-iteration-in-mb_cache_entry_alloc.patch | 22 +
...ix-null-ptr-dereference-in-mpi_powm-ver-3.patch | 96 ---
...signed-overflows-for-so_-snd-rcv-bufforce.patch | 45 --
...-check-minimum-size-on-icmp-header-length.patch | 67 --
...fnetlink-correctly-validate-length-of-bat.patch | 71 --
...ket-fix-race-condition-in-packet_set_ring.patch | 88 ---
.../bugfix/all/perf-Fix-event-ctx-locking.patch | 501 -------------
...ix-concurrent-sys_perf_event_open-vs.-mov.patch | 152 ----
.../bugfix/all/perf-do-not-double-free.patch | 47 --
.../bugfix/all/perf-fix-race-in-swevent-hash.patch | 92 ---
...entry-to-inode_change_ok-instead-of-inode.patch | 779 ---------------------
.../all/rose-limit-sk_filter-trim-to-payload.patch | 94 ---
...lidate-chunk-len-before-actually-using-it.patch | 54 --
.../selinux-fix-off-by-one-in-setprocattr.patch | 61 --
...uble-free-when-drives-detach-during-sg_io.patch | 66 --
...g_write-is-not-fit-to-be-called-under-ker.patch | 42 --
...-added-by-grab_header-in-proc_sys_readdir.patch | 83 ---
...ake-care-of-truncations-done-by-sk_filter.patch | 98 ---
...rict-timer_stats-to-initial-pid-namespace.patch | 37 +
...pfs-clear-s_isgid-when-setting-posix-acls.patch | 41 --
...-ldisc-drivers-from-re-using-stale-tty-fi.patch | 74 --
.../all/usb-gadget-f_fs-fix-use-after-free.patch | 32 -
...-kl5kusb105-fix-line-state-error-handling.patch | 37 -
...to-never-having-exectuables-on-proc-and-s.patch | 183 +++++
...-propagate-dentry-down-to-inode_change_ok.patch | 210 ------
.../fix-potential-infoleak-in-older-kernels.patch | 63 --
.../kvm-fix-page-struct-leak-in-handle_vmon.patch | 40 --
...p-error-recovery-in-em_jmp_far-and-em_ret.patch | 125 ----
...x86-fix-emulation-of-mov-ss-null-selector.patch | 104 ---
.../kvm-x86-introduce-segmented_write_std.patch | 59 --
.../arm64-ptrace-avoid-abi-change-in-3.16.42.patch | 23 +
...e-for-mmc-core-annotate-cmd_hdr-as-__le32.patch | 26 +
...change-for-net-fix-sk_mem_reclaim_partial.patch | 80 +++
...smp_send_stop-with-kdump-friendly-version.patch | 168 +++++
...e-for-mnt-add-a-per-mount-namespace-limit.patch | 25 +
.../all/net-add-__sock_queue_rcv_skb.patch | 63 --
...spend-resume-quirks-for-apple-thunderbolt.patch | 4 +-
debian/patches/series | 47 +-
51 files changed, 1262 insertions(+), 4518 deletions(-)
create mode 100644 debian/patches/bugfix/all/aio-mark-aio-pseudo-fs-noexec.patch
delete mode 100644 debian/patches/bugfix/all/alsa-pcm-call-kill_fasync-in-stream-lock.patch
delete mode 100644 debian/patches/bugfix/all/dccp-fix-freeing-skb-too-early-for-IPV6_RECVPKTINFO.patch
delete mode 100644 debian/patches/bugfix/all/dccp-limit-sk_filter-trim-to-payload.patch
create mode 100644 debian/patches/bugfix/all/ext4-fix-fencepost-in-s_first_meta_bg-validation.patch
delete mode 100644 debian/patches/bugfix/all/fbdev-color-map-copying-bounds-checking.patch
delete mode 100644 debian/patches/bugfix/all/fs-give-dentry-to-inode_change_ok-instead-of-inode.patch
delete mode 100644 debian/patches/bugfix/all/fuse-propagate-dentry-down-to-inode_change_ok.patch
delete mode 100644 debian/patches/bugfix/all/hid-core-prevent-out-of-bound-readings.patch
delete mode 100644 debian/patches/bugfix/all/ip6_gre-fix-ip6gre_err-invalid-reads.patch
delete mode 100644 debian/patches/bugfix/all/ipv4-keep-skb-dst-around-in-presence-of-ip-options.patch
create mode 100644 debian/patches/bugfix/all/mbcache-reschedule-before-restarting-iteration-in-mb_cache_entry_alloc.patch
delete mode 100644 debian/patches/bugfix/all/mpi-fix-null-ptr-dereference-in-mpi_powm-ver-3.patch
delete mode 100644 debian/patches/bugfix/all/net-avoid-signed-overflows-for-so_-snd-rcv-bufforce.patch
delete mode 100644 debian/patches/bugfix/all/net-ping-check-minimum-size-on-icmp-header-length.patch
delete mode 100644 debian/patches/bugfix/all/netfilter-nfnetlink-correctly-validate-length-of-bat.patch
delete mode 100644 debian/patches/bugfix/all/packet-fix-race-condition-in-packet_set_ring.patch
delete mode 100644 debian/patches/bugfix/all/perf-Fix-event-ctx-locking.patch
delete mode 100644 debian/patches/bugfix/all/perf-core-Fix-concurrent-sys_perf_event_open-vs.-mov.patch
delete mode 100644 debian/patches/bugfix/all/perf-do-not-double-free.patch
delete mode 100644 debian/patches/bugfix/all/perf-fix-race-in-swevent-hash.patch
delete mode 100644 debian/patches/bugfix/all/revert-fs-give-dentry-to-inode_change_ok-instead-of-inode.patch
delete mode 100644 debian/patches/bugfix/all/rose-limit-sk_filter-trim-to-payload.patch
delete mode 100644 debian/patches/bugfix/all/sctp-validate-chunk-len-before-actually-using-it.patch
delete mode 100644 debian/patches/bugfix/all/selinux-fix-off-by-one-in-setprocattr.patch
delete mode 100644 debian/patches/bugfix/all/sg-fix-double-free-when-drives-detach-during-sg_io.patch
delete mode 100644 debian/patches/bugfix/all/sg_write-bsg_write-is-not-fit-to-be-called-under-ker.patch
delete mode 100644 debian/patches/bugfix/all/sysctl-drop-reference-added-by-grab_header-in-proc_sys_readdir.patch
delete mode 100644 debian/patches/bugfix/all/tcp-take-care-of-truncations-done-by-sk_filter.patch
create mode 100644 debian/patches/bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch
delete mode 100644 debian/patches/bugfix/all/tmpfs-clear-s_isgid-when-setting-posix-acls.patch
delete mode 100644 debian/patches/bugfix/all/tty-prevent-ldisc-drivers-from-re-using-stale-tty-fi.patch
delete mode 100644 debian/patches/bugfix/all/usb-gadget-f_fs-fix-use-after-free.patch
delete mode 100644 debian/patches/bugfix/all/usb-serial-kl5kusb105-fix-line-state-error-handling.patch
create mode 100644 debian/patches/bugfix/all/vfs-commit-to-never-having-exectuables-on-proc-and-s.patch
delete mode 100644 debian/patches/bugfix/all/xfs-propagate-dentry-down-to-inode_change_ok.patch
delete mode 100644 debian/patches/bugfix/x86/fix-potential-infoleak-in-older-kernels.patch
delete mode 100644 debian/patches/bugfix/x86/kvm-fix-page-struct-leak-in-handle_vmon.patch
delete mode 100644 debian/patches/bugfix/x86/kvm-x86-drop-error-recovery-in-em_jmp_far-and-em_ret.patch
delete mode 100644 debian/patches/bugfix/x86/kvm-x86-fix-emulation-of-mov-ss-null-selector.patch
delete mode 100644 debian/patches/bugfix/x86/kvm-x86-introduce-segmented_write_std.patch
create mode 100644 debian/patches/debian/arm64-ptrace-avoid-abi-change-in-3.16.42.patch
create mode 100644 debian/patches/debian/mmc-avoid-abi-change-for-mmc-core-annotate-cmd_hdr-as-__le32.patch
create mode 100644 debian/patches/debian/net-avoid-abi-change-for-net-fix-sk_mem_reclaim_partial.patch
create mode 100644 debian/patches/debian/revert-x86-panic-replace-smp_send_stop-with-kdump-friendly-version.patch
create mode 100644 debian/patches/debian/vfs-avoid-abi-change-for-mnt-add-a-per-mount-namespace-limit.patch
delete mode 100644 debian/patches/features/all/net-add-__sock_queue_rcv_skb.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list