[linux] 01/01: Merge tag 'debian/3.16.39-1' into wheezy-backports
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Fri Feb 24 16:38:33 UTC 2017
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch wheezy-backports
in repository linux.
commit 65937e0efeeffd38333093bf26d06e7c131941c9
Merge: be9025c 6b4dd34
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Thu Jan 12 23:39:06 2017 +0000
Merge tag 'debian/3.16.39-1' into wheezy-backports
debian/changelog | 535 ++++++++++++++
debian/config/config | 1 +
debian/config/defines | 6 +-
debian/config/kernelarch-x86/config | 6 +-
...ont-fix-accounting-of-reqs-when-migrating.patch | 44 ++
...ort-sprintf-buffer-in-proc-keys-show-func.patch | 70 --
...ilter-ensure-number-of-counters-is-0-in-d.patch | 53 --
...ck-size-values-after-double-fetch-from-us.patch | 65 --
...sa-compress-fix-an-integer-overflow-check.patch | 31 -
.../alsa-pcm-call-kill_fasync-in-stream-lock.patch | 43 ++
...fix-leak-in-events-via-snd_timer_user_cca.patch | 33 -
...fix-leak-in-events-via-snd_timer_user_tin.patch | 33 -
...imer-fix-leak-in-sndrv_timer_ioctl_params.patch | 33 -
...uble-fetch-in-audit_log_single_execve_arg.patch | 414 -----------
.../batman-adv-fix-double-put-of-vlan-object.patch | 29 -
...ix-potential-null-dereference-in-rfcomm-b.patch | 62 --
.../all/dccp-limit-sk_filter-trim-to-payload.patch | 94 +++
...forbid-opening-files-without-mmap-handler.patch | 54 --
...entry-to-inode_change_ok-instead-of-inode.patch | 678 ++++++++++++++++++
...-propagate-dentry-down-to-inode_change_ok.patch | 68 ++
.../hid-core-prevent-out-of-bound-readings.patch | 43 ++
...validate-num_values-for-hidiocgusages-hid.patch | 41 --
.../keys-potential-uninitialized-variable.patch | 86 ---
...up_flags-FOLL_WRITE-games-from-__get_user.patch | 77 --
...ix-null-ptr-dereference-in-mpi_powm-ver-3.patch | 96 +++
...signed-overflows-for-so_-snd-rcv-bufforce.patch | 45 ++
...-check-minimum-size-on-icmp-header-length.patch | 67 ++
...rp_tables-simplify-translate_compat_table.patch | 208 ------
...nsure-number-of-counters-is-0-in-do_repla.patch | 120 ----
...p6_tables-simplify-translate_compat_table.patch | 185 -----
...p_tables-simplify-translate_compat_table-.patch | 184 -----
...fnetlink-correctly-validate-length-of-bat.patch | 71 ++
..._tables-add-and-use-xt_check_entry_offset.patch | 151 ----
..._tables-add-compat-version-of-xt_check_en.patch | 105 ---
...ilter-x_tables-assert-minimum-target-size.patch | 25 -
...er-x_tables-check-for-bogus-target-offset.patch | 164 -----
...r-x_tables-check-standard-target-size-too.patch | 60 --
..._tables-do-compat-validation-via-translat.patch | 781 ---------------------
..._tables-don-t-move-to-non-existent-next-r.patch | 100 ---
..._tables-don-t-reject-valid-target-size-on.patch | 54 --
..._tables-introduce-and-use-xt_copy_counter.patch | 331 ---------
...etfilter-x_tables-kill-check_entry-helper.patch | 149 ----
...-x_tables-speed-up-jump-target-validation.patch | 493 -------------
..._tables-validate-all-offsets-and-sizes-in.patch | 137 ----
...filter-x_tables-validate-targets-of-jumps.patch | 131 ----
..._tables-xt_compat_match_from_user-doesn-t.patch | 234 ------
.../nfsd-check-permissions-when-setting-ACLs.patch | 146 ----
...ket-fix-race-condition-in-packet_set_ring.patch | 88 +++
.../bugfix/all/perf-fix-race-in-swevent-hash.patch | 92 +++
.../bugfix/all/posix_acl-Add-set_posix_acl.patch | 82 ---
.../rds-fix-an-infoleak-in-rds_inc_info_copy.patch | 31 -
...entry-to-inode_change_ok-instead-of-inode.patch | 779 ++++++++++++++++++++
.../all/rose-limit-sk_filter-trim-to-payload.patch | 94 +++
...-Buffer-overflow-in-arcmsr_iop_message_xf.patch | 46 --
...lidate-chunk-len-before-actually-using-it.patch | 54 ++
...uble-free-when-drives-detach-during-sg_io.patch | 66 ++
...g_write-is-not-fit-to-be-called-under-ker.patch | 42 ++
...e-after-free-in-tcp_xmit_retransmit_queue.patch | 50 --
.../tcp-make-challenge-acks-less-predictable.patch | 71 --
...ake-care-of-truncations-done-by-sk_filter.patch | 98 +++
...x-an-infoleak-in-tipc_nl_compat_link_dump.patch | 26 -
...-ldisc-drivers-from-re-using-stale-tty-fi.patch | 74 ++
.../all/usb-gadget-f_fs-fix-use-after-free.patch | 32 +
...usb-usbfs-fix-potential-infoleak-in-devio.patch | 41 --
...-propagate-dentry-down-to-inode_change_ok.patch | 210 ++++++
...ll-Always-run-the-seccomp-syscall-filters.patch | 283 ++++++++
...always-reclaim-in-start_thread-for-exec-c.patch | 106 ---
...tl-fix-potential-information-leak-with-de.patch | 52 --
...-host-initiated-access-to-guest-MSR_TSC_A.patch | 42 ++
...s-host_initiated-to-functions-that-read-M.patch | 537 ++++++++++++++
.../fix-potential-infoleak-in-older-kernels.patch | 63 ++
...p-error-recovery-in-em_jmp_far-and-em_ret.patch | 125 ++++
...x-for-double-fetch-security-bug-in-vop-dr.patch | 37 -
.../debian/fs-fix-abi-change-in-3.16.39.patch | 126 ++++
...cfs-ecryptfs-stacking-check-into-ecryptfs.patch | 94 +++
.../debian/i8042-revert-abi-break-in-3.16.39.patch | 147 ++++
debian/patches/debian/kernelvariables.patch | 6 +-
.../debian/mips-fix-abi-change-in-3.16.37.patch | 85 +++
.../net-fix-abi-change-for-sk_filter-changes.patch | 68 ++
.../net-sched-fix-abi-change-in-3.16.37.patch | 35 +
...efine-at_vector_size_arch-for-arch_dlinfo.patch | 30 +
...lock-fix-bdi-vs-gendisk-lifetime-mismatch.patch | 75 ++
...efine-at_vector_size_arch-for-arch_dlinfo.patch | 30 +
.../debian/scsi-fix-abi-change-in-3.16.37.patch | 30 +
.../uaccess-avoid-abi-change-in-3.16.39.patch | 21 +
.../debian/ubi-avoid-abi-change-in-3.16.37.patch | 24 +
...ioctl-data-read-write-error-for-adapter-t.patch | 47 +-
...019-arcmsr-simplify-ioctl-data-read-write.patch | 59 +-
.../chaoskey/USB-chaoskey-read-offset-bug.patch | 27 +
.../chaoskey/chaoskey-3.16-no-hwrng-quality.patch | 30 +
...key-Add-support-for-Araneus-Alea-I-USB-RN.patch | 58 ++
...key-Fix-URB-warning-due-to-timeout-on-Ale.patch | 101 +++
...river-for-Altus-Metrum-ChaosKey-device-v2.patch | 620 ++++++++++++++++
.../usb-Fix-warnings-in-chaoskey-driver.patch | 53 ++
...misc-chaoskey-Cleanup-probe-failure-paths.patch | 99 +++
...aoskey-introduce-an-URB-for-asynchronous-.patch | 183 +++++
...b-misc-fix-chaoskey-build-needs-HW_RANDOM.patch | 29 +
.../features/all/kdbus/shm-add-sealing-API.patch | 4 +-
.../all/net-add-__sock_queue_rcv_skb.patch | 63 ++
...ow-further-restriction-of-perf_event_open.patch | 75 ++
...d-support-for-n25q256a11-spi-flash-device.patch | 35 +
...l-accesses-to-kvm-irq_routing-into-irqchi.patch | 4 +-
.../KVM-PPC-Book3S-HV-Fix-ABIv2-on-LE.patch | 57 +-
...-Provide-and-use-accessors-for-irq-routin.patch | 45 +-
...spend-resume-quirks-for-apple-thunderbolt.patch | 8 +-
debian/patches/series | 97 +--
106 files changed, 6769 insertions(+), 5553 deletions(-)
diff --cc debian/changelog
index b0ad21c,3b18875..b680ace
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,15 -1,526 +1,550 @@@
++linux (3.16.39-1~bpo70+1) wheezy-backports; urgency=medium
++
++ * Rebuild for wheezy:
++ - Disable architectures that weren't part of wheezy
++ - Use gcc-4.6 for all architectures
++ - Change ABI number to 0.bpo.4
++ - [arm] btrfs: Work around bug in gcc-4.6 (fixes FTBFS)
++ - linux-image: Depend on initramfs-tools without any alternatives, so
++ that neither apt nor aptitude will automatically switch to dracut
++
++ -- Ben Hutchings <ben at decadent.org.uk> Thu, 12 Jan 2017 23:35:51 +0000
++
+ linux (3.16.39-1) jessie; urgency=medium
+
+ * New upstream stable update:
+ https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.37
+ - [x86] iommu/vt-d: Ratelimit fault handler
+ - xfs: disallow rw remount on fs with unknown ro-compat features
+ - Bluetooth: vhci: fix open_timeout vs. hdev race
+ - [x86] drm/i915: Prevent machine death on Ivybridge context switching
+ - scsi: Add intermediate STARGET_REMOVE state to scsi_target_state
+ (Closes: #834513)
+ - Revert "scsi: fix soft lockup in scsi_remove_target() on module removal"
+ - Bluetooth: vhci: Fix race at creating hci device
+ - EDAC: Increment correct counter in edac_inc_ue_error()
+ - ext4: fix data exposure after a crash
+ - [armhf] crypto: s5p-sss - Fix missed interrupts when working with
+ 8 kB blocks
+ - [armhf] crypto: s5p-sss - fix incorrect usage of scatterlists api
+ - btrfs: bugfix: handle FS_IOC32_{GETFLAGS,SETFLAGS,GETVERSION} in
+ btrfs_ioctl
+ - [arm*] KVM: Enforce Break-Before-Make on Stage-2 page tables
+ - aacraid: Relinquish CPU during timeout wait
+ - aacraid: Fix for aac_command_thread hang
+ - ext4: fix hang when processing corrupted orphaned inode list
+ - ext4: clean up error handling when orphan list is corrupted
+ - Revert "tty: Fix pty master poll() after slave closes v2"
+ - Fix OpenSSH pty regression on close
+ - cpufreq: Fix GOV_LIMITS handling for the userspace governor
+ - ACPI / sysfs: fix error code in get_status()
+ - ext4: fix oops on corrupted filesystem
+ - [arm64] Ensure pmd_present() returns false after pmd_mknotpresent()
+ - [armhf] dts: exynos: Add interrupt line to MAX8997 PMIC on
+ exynos4210-trats
+ - [mips*] Fix siginfo.h to use strict posix types
+ - USB: serial: keyspan,muxport,quatech2: fix use-after-free in probe
+ error path
+ - irqchip/gic: Ensure ordering between read of INTACK and shared data
+ - [powerpc*] mm/hash64: Fix subpage protection with 4K HPTE config
+ - rtlwifi: Fix logic error in enter/exit power-save mode
+ - sched/loadavg: Fix loadavg artifacts on fully idle and on fully loaded
+ systems
+ - [mips*] Fix race condition in lazy cache flushing.
+ - ring-buffer: Use long for nr_pages to avoid overflow failures
+ - ring-buffer: Prevent overflow of size in ring_buffer_resize()
+ - RDMA/iw_cxgb4: Always wake up waiter in c4iw_peer_abort_intr()
+ - IB/core: Fix a potential array overrun in CMA and SA agent
+ - i40e: fix an uninitialized variable bug
+ - mmc: mmc: Fix partition switch timeout for some eMMCs
+ - net/mlx4_core: Fix access to uninitialized index
+ - [x86] PCI: Mark Broadwell-EP Home Agent 1 as having non-compliant BARs
+ - PCI: Disable all BAR sizing for devices with non-compliant BARs
+ - netlink: Fix dump skb leak/double free (CVE-2016-9806)
+ - sched/preempt: Fix preempt_count manipulations
+ - fs/cifs: correctly do anonymous authentication
+ - fs/cifs: remove directory incorrectly tries to set delete on close on
+ non-empty directories
+ - sunrpc: Update RPCBIND_MAXNETIDLEN
+ - cpuidle: Fix cpuidle_state_is_coupled() argument in cpuidle_enter()
+ - batman-adv: fix skb deref after free
+ - batman-adv: Fix unexpected free of bcast_own on add_if error
+ - batman-adv: Fix integer overflow in batadv_iv_ogm_calc_tq
+ - xfs: xfs_iflush_cluster fails to abort on error
+ - xfs: fix inode validity check in xfs_iflush_cluster
+ - xfs: skip stale inodes in xfs_iflush_cluster
+ - crypto: public_key: select CRYPTO_AKCIPHER
+ - net: ehea: avoid null pointer dereference
+ - cifs: Create dedicated keyring for spnego operations
+ - Input: uinput - handle compat ioctl for UI_SET_PHYS
+ - PM / sleep: Handle failures in device_suspend_late() consistently
+ - tuntap: correctly wake up process during uninit
+ - scsi_lib: correctly retry failed zero length REQ_TYPE_FS commands
+ - [x86] drm/i915: Don't leave old junk in ilk active watermarks on readout
+ - mmc: longer timeout for long read time quirk
+ - sunrpc: fix stripping of padded MIC tokens
+ - wait/ptrace: assume __WALL if the child is traced
+ - xen/events: Don't move disabled irqs
+ - UBI: do propagate positive error codes up
+ - UBI: fix missing brace control flow
+ - UBI: Fix static volume checks when Fastmap is used
+ - RDMA/cxgb3: device driver frees DMA memory with different size
+ - [x86] ALSA: hda - Fix headset mic detection problem for one Dell machine
+ - [x86] crypto: ccp - Fix AES XTS error for request sizes above 4096
+ - sfc: on MC reset, clear PIO buffer linkage in TXQs
+ - Input: xpad - prevent spurious input from wired Xbox 360 controllers
+ - Input: pwm-beeper - remove useless call to pwm_config()
+ - Input: pwm-beeper - fix - scheduling while atomic
+ - [mips*] fix read_msa_* & write_msa_* functions on non-MSA toolchains
+ - hpfs: fix remount failure when there are no options changed
+ - hpfs: implement the show_options method
+ - [powerpc*] pseries/eeh: Handle RTAS delay requests in configure_bridge
+ - [powerpc*] Fix definition of SIAR and SDAR registers
+ - [powerpc*] Use privileged SPR number for MMCR2
+ - mac80211_hwsim: Add missing check for HWSIM_ATTR_SIGNAL
+ - mac80211: mesh: flush mesh paths unconditionally
+ - [arm64] Provide "model name" in /proc/cpuinfo for PER_LINUX32 tasks
+ - scsi: Add QEMU CD-ROM to VPD Inquiry Blacklist
+ - ACPI / processor: Avoid reserving IO regions too early
+ - drm/nouveau/fbcon: fix out-of-bounds memory accesses
+ - [armel,armhf] fix PTRACE_SETVFPREGS on SMP systems
+ - KVM: irqfd: fix NULL pointer dereference in kvm_irq_map_gsi
+ - [x86] KVM: fix OOPS after invalid KVM_SET_DEBUGREGS
+ - ALSA: hda - Fix headset mic detection problem for Dell machine
+ - [powerpc*] pseries: Fix PCI config address for DDW
+ - mnt: fs_fully_visible test the proper mount for MNT_LOCKED
+ - IB/IPoIB: Fix race between ipoib_remove_one to sysfs functions
+ - IB/mlx5: Return PORT_ERR in Active to Initializing tranisition
+ - IB/mlx5: Fix returned values of query QP
+ - IB/IPoIB: Don't update neigh validity for unresolved entries
+ - tcp: record TLP and ER timer stats in v6 stats
+ - of: fix autoloading due to broken modalias with no 'compatible'
+ - [x86] cpufreq: intel_pstate: Fix ->set_policy() interface for no_turbo
+ - fs: fix d_walk()/non-delayed __d_free() race
+ - net/mlx5: Fix the size of modify QP mailbox
+ - net/mlx5: Fix masking of reserved bits in XRCD number
+ - uvc: Forward compat ioctls to their handlers directly
+ - [armhf] mfd: omap-usb-tll: Fix scheduling while atomic BUG
+ - [armhf] usb: dwc3: exynos: Fix deferred probing storm.
+ - usb: f_fs: off by one bug in _ffs_func_bind()
+ - usb: gadget: fix spinlock dead lock in gadgetfs
+ - usb: gadget: avoid exposing kernel stack
+ - HID: elo: kill not flush the work
+ - usb: xhci-plat: properly handle probe deferral for devm_clk_get()
+ - USB: quirks: Fix entries on wrong list in 3.16.y
+ - [armhf] usb: musb: Ensure rx reinit occurs for shared_fifo endpoints
+ - [armhf] usb: musb: Stop bulk endpoint while queue is rotated
+ - iio: Fix error handling in iio_trigger_attach_poll_func
+ - scsi: fix race between simultaneous decrements of ->host_failed
+ - [armel,armhf] 8578/1: mm: ensure pmd_present only checks the valid bit
+ - [armel,armhf] 8579/1: mm: Fix definition of pmd_mknotpresent
+ - drm/radeon: fix asic initialization for virtualized environments
+ - [armhf] spi: sun4i: fix FIFO limit
+ - [armhf] spi: sunxi: fix transfer timeout
+ - [x86] kprobes: Clear TF bit in fault on single-stepping
+ - kernel/sysrq, watchdog, sched/core: Reset watchdog on all CPUs while
+ processing sysrq-w
+ - ipv6: fix endianness error in icmpv6_err
+ - net_sched: introduce qdisc_replace() helper
+ - net_sched: update hierarchical backlog too
+ - netem: fix a use after free
+ - net_sched: fix pfifo_head_drop behavior vs backlog
+ - [x86] drm/i915/ilk: Don't disable SSC source if it's in use
+ - base: make module_create_drivers_dir race-free
+ - kvm: Fix irq route entries exceeding KVM_MAX_IRQ_ROUTES
+ - [armhf] memory: omap-gpmc: Fix omap gpmc EXTRADELAY timing
+ - IB/mlx4: Properly initialize GRH TClass and FlowLabel in AHs
+ - isa: Call isa_bus_init before dependent ISA bus drivers register
+ - [x86] hwmon: (dell-smm) Restrict fan control and serial number to
+ CAP_SYS_ADMIN by default
+ - tracing: Handle NULL formats in hold_module_trace_bprintk_format()
+ - [arm64] mm: remove page_mapping check in __sync_icache_dcache
+ - pinctrl: single: Fix missing flush of posted write for a wakeirq
+ - net/mlx4_en: Fix the return value of a failure in VLAN VID add/kill
+ - ubi: Make recover_peb power cut aware
+ - mm: Export migrate_page_move_mapping and migrate_page_copy
+ - UBIFS: Implement ->migratepage()
+ - [ppc64el] bpf/jit: Disable classic BPF JIT on ppc64le
+ - can: fix oops caused by wrong rtnl dellink usage
+ - xen/pciback: Fix conf_space read/write overlap check.
+ - IB/mlx5: Fix post send fence logic
+ - IB/mlx4: Fix the SQ size of an RC QP
+ - IB/mlx4: Fix error flow when sending mads under SRIOV
+ - IB/mlx4: Verify port number in flow steering create flow
+ - IB/mlx4: Fix memory leak if QP creation failed
+ - Input: wacom_w8001 - w8001_MAX_LENGTH should be 13
+ - cifs: use CIFS_MAX_DOMAINNAME_LEN when converting the domain name
+ - cifs: dynamic allocation of ntlmssp blob
+ - ALSA: dummy: Fix a use-after-free at closing
+ - cifs: Fix reconnect to not defer smb3 session reconnect long after socket
+ reconnect
+ - tmpfs: don't undo fallocate past its last page
+ - fs/nilfs2: fix potential underflow in call to crc32_le
+ - staging: iio: accel: fix error check
+ - [armhf,arm64] KVM: Stop leaking vcpu pid references
+ - make nfs_atomic_open() call d_drop() on all ->open_context() errors.
+ - USB: don't free bandwidth_mutex too early
+ - ALSA: echoaudio: Fix memory allocation
+ - [s390x] fix test_fp_ctl inline assembly contraints
+ - net: bgmac: Start transmit queue in bgmac_open
+ - net: bgmac: Remove superflous netif_carrier_on()
+ - mac80211: Fix mesh estab_plinks counting in STA removal case
+ - Bridge: Fix ipv6 mc snooping if bridge has no ipv6 address
+ - NFS: Fix another OPEN_DOWNGRADE bug
+ - ipr: Clear interrupt on croc/crocodile when running with LSI
+ - [powerpc*] tm: Avoid SLB faults in treclaim/trecheckpoint when RI=0
+ - net: phy: Manage fixed PHY address space using IDA
+ - batman-adv: Fix memory leak on tt add with invalid vlan
+ - batman-adv: replace WARN with rate limited output on non-existing VLAN
+ - batman-adv: Fix use-after-free/double-free of tt_req_node
+ - batman-adv: Fix ICMP RR ethernet access after skb_linearize
+ - batman-adv: Clean up untagged vlan when destroying via rtnl-link
+ - qlcnic: use the correct ring in qlcnic_83xx_process_rcv_ring_diag()
+ - ALSA: au88x0: Fix calculation in vortex_wtdma_bufshift()
+ - [amd64] power: Fix kernel text mapping corruption during image
+ restoration
+ - [x86] amd_nb: Fix boot crash on non-AMD systems
+ - bonding: prevent out of bound accesses
+ - net/mlx5: Fix potential deadlock in command mode change
+ - net/mlx5: Add timeout handle to commands with callback
+ - block: fix use-after-free in sys_ioprio_get() (CVE-2016-7911)
+ - ALSA: timer: Fix negative queue usage by racy accesses
+ - qeth: delete napi struct when removing a qeth device
+ - xenbus: don't bail early from xenbus_dev_request_and_reply()
+ - ecryptfs: don't allow mmap when the lower fs doesn't support it
+ - tmpfs: fix regression hang in fallocate undo
+ - fs: limit filesystem stacking depth
+ - proc: prevent stacking filesystems on top
+ - [powerpc*] KVM: Book3S HV: Pull out TM state save/restore into separate
+ procedures
+ - [powerpc*] KVM: Book3S HV: Save/restore TM state in H_CEDE (CVE-2016-5412)
+ https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.38
+ https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.39
+ - HID: uhid: fix timeout when probe races with IO
+ - macvlan: Fix potential use-after free for broadcasts
+ - netlabel: add address family checks to netlbl_{sock,req}_delattr()
+ - em28xx-i2c: rt_mutex_trylock() returns zero on failure
+ - PCI: Mark Atheros AR9485 and QCA9882 to avoid bus reset
+ - [armhf] gpio: pca953x: Fix NBANK calculation for PCA9536
+ - random: print a warning for the first ten uninitialized random users
+ - [x86] random: add interrupt callback to VMBus IRQ handler
+ - sched/cputime: Fix prev steal time accouting during CPU hotplug
+ - [armel/kirkwood,armhf] mvebu: fix HW I/O coherency related deadlocks
+ - [armhf] usb: dwc3: fix for the isoc transfer EP_BUSY flag
+ - crypto: gcm - Filter out async ghash if necessary
+ - IB/mlx5: Fix MODIFY_QP command input structure
+ - drm/nouveau: Don't leak runtime pm ref on driver unload
+ - drm/radeon: Don't leak runtime pm ref on driver unload
+ - drm/radeon: Don't leak runtime pm ref on driver load
+ - tty/serial: atmel: fix RS485 half duplex with DMA
+ - [armhf] serial: samsung: Fix ERR pointer dereference on deferred probe
+ - [armhf] hwrng: omap - Fix assumption that runtime_get_sync will always
+ succeed
+ - hp-wmi: Fix wifi cannot be hard-unblocked
+ - Input: xpad - validate USB endpoint count during probe
+ - ath9k: Fix programming of minCCA power threshold
+ - ext4: check for extents that wrap around
+ - ext4: fix deadlock during page writeback
+ - ext4: don't call ext4_should_journal_data() on the journal inode
+ - batman-adv: Avoid nullptr dereference in bla after vlan_insert_tag
+ - batman-adv: Avoid nullptr dereference in dat after vlan_insert_tag
+ - batman-adv: Fix orig_node_vlan leak on orig_node_release
+ - batman-adv: lock crc access in bridge loop avoidance
+ - batman-adv: Fix non-atomic bla_claim::backbone_gw access
+ - batman-adv: Fix reference leak in batadv_find_router
+ - batman-adv: Free last_bonding_candidate on release of orig_node
+ - ext4: validate s_reserved_gdt_blocks on mount
+ - iwlwifi: pcie: fix access to scratch buffer
+ - [mips*] Fix page table corruption on THP permission changes.
+ - batman-adv: Fix speedy join in gateway client mode
+ - drm/radeon: add a delay after ATPX dGPU power off
+ - drm/radeon: Poll for both connect/disconnect on analog connectors
+ - ALSA: ctl: Stop notification after disconnection
+ - ALSA: pcm: Free chmap at PCM free callback, too
+ - [armhf] net: mvneta: set real interrupt per packet for tx_done
+ - ppp: defer netns reference release for ppp channel
+ - rtc: ds1307: Fix relying on reset value for weekday
+ - ngene: properly handle __user ptr
+ - media: dvb_ringbuffer: Add memory barriers
+ - [x86] quirks: Apply nvidia_bugs quirk only on root bus
+ - [x86] quirks: Reintroduce scanning of secondary buses
+ - [x86] quirks: Add early quirk to reset Apple AirPort card
+ - posix_cpu_timer: Exit early when process has been reaped
+ - ALSA: hda - fix use-after-free after module unload
+ - svc: Avoid garbage replies when pc_func() returns rpc_drop_reply
+ - NFS: Don't drop CB requests with invalid principals
+ - qxl: check for kmap failures
+ - cifs: Check for existing directory when opening file with O_CREAT
+ - net: ethoc: Fix early error paths
+ - [s390x] mm: fix gmap tlb flush issues
+ - [armel,armhf] 8561/3: dma-mapping: Don't use outer_flush_range when the
+ L2C is coherent
+ - [x86] KVM: nVMX: fix lifetime issues for vmcs02
+ - [x86] KVM: nVMX: Fix memory corruption when using VMCS shadowing
+ - ext4: fix reference counting bug on block allocation error
+ - ext4: short-cut orphan cleanup on error
+ - [powerpc*] tm: Fix stack pointer corruption in __tm_recheckpoint()
+ - Bluetooth: Fix l2cap_sock_setsockopt() with optname BT_RCVMTU
+ - xfrm: fix crash in XFRM_MSG_GETSA netlink handler
+ - crypto: scatterwalk - Fix test in scatterwalk_done
+ - mmc: block: fix packed command header endianness
+ - crypto: nx - off by one bug in nx_of_update_msc()
+ - tpm: read burstcount from TPM_STS in one 32-bit transaction
+ - [arm64] debug: unmask PSTATE.D earlier
+ - brcmfmac: Fix glob_skb leak in brcmf_sdiod_recv_chain
+ - brcmsmac: Free packet if dma_mapping_error() fails in dma_rxfill
+ - brcmsmac: Initialize power in brcms_c_stf_ss_algo_channel_get()
+ - mtd: nand: fix bug writing 1 byte less than page size
+ - target: Fix missing complete during ABORT_TASK + CMD_T_FABRIC_STOP
+ - target: Fix race between iscsi-target connection shutdown + ABORT_TASK
+ - target: Fix max_unmap_lba_count calc overflow
+ - cifs: fix crash due to race in hmac(md5) handling
+ - hwmon: (adt7411) set bit 3 in CFG1 register
+ - iscsi-target: Fix panic when adding second TCP connection to iSCSI session
+ - tty/vt/keyboard: fix OOB access in do_compute_shiftstate()
+ - [mips*] bpf: fix off-by-one in ctx offset allocation
+ - libceph: set 'exists' flag for newly up osd
+ - libceph: apply new_state before new_up_client on incrementals
+ - [x86] gpio: intel-mid: Remove potentially harmful code
+ - nfs: don't create zero-length requests
+ - radix-tree: fix radix_tree_iter_retry() for tagged iterators.
+ - pps: do not crash when failed to register
+ - [armhf] OMAP3: hwmod data: Add sysc information for DSI
+ - net/irda: fix NULL pointer dereference on memory allocation failure
+ - l2tp: Correctly return -EBADF from pppol2tp_getname.
+ - ceph: Correctly return NXIO errors from ceph_llseek
+ - CIFS: Fix a possible invalid memory access in smb2_query_symlink()
+ - [mips*] KEYS: 64-bit MIPS needs to use compat_sys_keyctl for 32-bit
+ userspace
+ - drm/radeon: fix firmware info version checks
+ - fuse: fsync() did not return IO errors
+ - fuse: fuse_flush must check mapping->flags for errors
+ - fuse: fix wrong assignment of ->flags in fuse_send_init()
+ - ubi: Fix race condition between ubi device creation and udev
+ - ubi: Make volume resize power cut aware
+ - ubi: Be more paranoid while seaching for the most recent Fastmap
+ - drm/nouveau/fbcon: fix font width not divisible by 8
+ - drm/nouveau/acpi: ensure matching ACPI handle and supported functions
+ - drm/nouveau/acpi: check for function 0x1B before using it
+ - tcp: consider recv buf for the initial window scale
+ - ext4: validate that metadata blocks do not overlap superblock
+ - ALSA: hda - On-board speaker fixup on ACER Veriton
+ - [amd64] syscalls: Add compat_sys_keyctl for 32-bit userspace
+ - balloon: check the number of available pages in leak balloon
+ - dm flakey: error READ bios during the down_interval
+ - mm/hugetlb: avoid soft lockup in set_max_huge_pages()
+ - sysv, ipc: fix security-layer leaking
+ - ALSA: hda: Fix krealloc() with __GFP_ZERO usage
+ - block: fix use-after-free in seq file (CVE-2016-7910)
+ - mac80211: fix purging multicast PS buffer queue
+ - SUNRPC: allow for upcalls for same uid but different gss service
+ - USB: serial: fix memleak in driver-registration error path
+ - vfio/pci: Fix NULL pointer oops in error interrupt setup handling
+ - [x86] drm/edid: Add 6 bpc quirk for display AEO model 0.
+ - [x86] drm/i915/dp: Revert "drm/i915/dp: fall back to 18 bpp when sink
+ capability is unknown"
+ - [powerpc*] powernv: Fix MCE handler to avoid trashing CR0/CR1 registers.
+ - netfilter: nf_ct_expect: remove the redundant slash when policy name is
+ empty
+ - netfilter: nfnetlink_queue: reject verdict request from different portid
+ - [powerpc*] book3s: Fix MCE console messages for unrecoverable MCE.
+ - USB: validate wMaxPacketValue entries in endpoint descriptors
+ - cpuset: make sure new tasks conform to the current config of the cpuset
+ - [s390x] dasd: fix hanging device after clear subchannel
+ - [armhf] usb: dwc3: gadget: increment request->actual once
+ - [x86] mm: Disable preemption during CR3 read+write
+ - megaraid_sas: Fix probing cards without io port
+ - PM / hibernate: Restore processor state before using per-CPU variables
+ - ipv6: suppress sparse warnings in IP6_ECN_set_ce()
+ - USB: serial: mos7720: fix non-atomic allocation in write path
+ - USB: serial: mos7840: fix non-atomic allocation in write path
+ - cdc-acm: fix wrong pipe type on rx interrupt xfers
+ - scsi: fix upper bounds check of sense key in scsi_sense_key_string()
+ - xhci: always handle "Command Ring Stopped" events
+ - usb: xhci: Fix panic if disconnect
+ - xhci: don't dereference a xhci member after removing xhci
+ - [x86] KVM: nVMX: postpone VMCS changes on MSR_IA32_APICBASE write
+ - bcache: register_bcache(): call blkdev_put() when cache_alloc() fails
+ - bcache: RESERVE_PRIO is too small by one when prio_buckets() is a power
+ of two.
+ - drm/radeon: fix radeon_move_blit on 32bit systems
+ - net/mlx5: Added missing check of msg length in verifying its signature
+ - [x86] staging: comedi: daqboard2000: bug fix board type matching code
+ - [x86] staging: comedi: ni_mio_common: fix AO inttrig backwards
+ compatibility
+ - [armhf] iio: adc: ti_am335x_adc: Protect FIFO1 from concurrent access
+ - [powerpc*] pseries: use pci_host_bridge.release_fn() to kfree(phb)
+ - [powerpc*] prom: Fix sub-processor option passed to ibm,
+ client-architecture-support
+ - drm: Reject page_flip for !DRIVER_MODESET
+ - USB: fix typo in wMaxPacketSize validation
+ - USB: avoid left shift by -1
+ - ubifs: Fix assertion in layout_in_gaps()
+ - tun: fix transmit timestamp support
+ - timekeeping: Cap array access in timekeeping_debug
+ - [x86] apic: Do not init irq remapping if ioapic is disabled
+ - usb: gadget: udc: core: don't starve DMA resources
+ - qdisc: fix a module refcount leak in qdisc_create_dflt()
+ - [armel/kirkwood] ib62x0: fix size of u-boot environment partition
+ - batman-adv: Add missing refcnt for last_candidate
+ - [armhf] clocksource/drivers/sun4i: Clear interrupts after stopping timer
+ in probe function
+ - printk: fix parsing of "brl=" option
+ - fs/seq_file: fix out-of-bounds read
+ - [powerpc*] powernv : Drop reference added by kset_find_obj()
+ - ALSA: timer: fix division by zero after SNDRV_TIMER_IOCTL_CONTINUE
+ - ALSA: timer: fix NULL pointer dereference on memory allocation failure
+ - NFSv4.x: Fix a refcount leak in nfs_callback_up_net
+ - dm crypt: fix free of bad values after tfm allocation failure
+ - kernfs: don't depend on d_find_any_alias() when generating notifications
+ - ALSA: fireworks: accessing to user space outside spinlock
+ - ipv6: add missing netconf notif when 'all' is updated
+ - tcp: fastopen: fix rcv_wup initialization for TFO server on SYN/data
+ - kernel/fork: fix CLONE_CHILD_CLEARTID regression in nscd
+ - ALSA: timer: fix NULL pointer dereference in read()/ioctl() race
+ - [x86] paravirt: Do not trace _paravirt_ident_*() functions
+ - IB/core: Fix use after free in send_leave function
+ - IB/ipoib: Fix memory corruption in ipoib cm mode connect flow
+ - [x86] AMD: Apply erratum 665 on machines without a BIOS fix
+ - l2tp: fix use-after-free during module unload
+ - iio: fix pressure data output unit in hid-sensor-attributes
+ - sched/core: Fix a race between try_to_wake_up() and a woken up task
+ - [x86] efi/libstub: Allocate headspace in efi_get_memory_map()
+ - iio:core: fix IIO_VAL_FRACTIONAL sign handling
+ - Btrfs: add missing blk_finish_plug in btrfs_sync_log()
+ - Btrfs: remove root_log_ctx from ctx list before btrfs_sync_log returns
+ - ipv6: addrconf: fix dev refcont leak when DAD failed
+ - crypto: cryptd - initialize child shash_desc on import
+ - ALSA: timer: Fix zero-division by continue of uninitialized instance
+ - ALSA: rawmidi: Fix possible deadlock with virmidi registration
+ - xfrm_user: propagate sec ctx allocation errors
+ - [armhf,arm64] kvm-arm: Unmap shadow pagetables properly
+ - [arm64] spinlocks: implement smp_mb__before_spinlock() as smp_mb()
+ - asm-generic: make copy_from_user() zero the destination properly
+ - NFSv4.1: Fix the CREATE_SESSION slot number accounting
+ - crypto: skcipher - Fix blkcipher walk OOM crash
+ - [arm64] crypto: aes-ctr - fix NULL dereference in tail processing
+ - nl80211: validate number of probe response CSA counters
+ - asm-generic: make get_user() clear the destination on errors
+ - [mips*] copy_from_user() must zero the destination on access_ok() failure
+ - [powerpc] ppc32: fix copy_from_user()
+ - [s390x] get_user() should zero on failure
+ - [x86] perf/amd: Make HW_CACHE_REFERENCES and HW_CACHE_MISSES measure L2
+ - USB: change bInterval default to 10 ms
+ - IB/ipoib: Don't allow MC joins during light MC flush
+ - IB/mlx4: Fix incorrect MC join state bit-masking on SR-IOV
+ - IB/mlx4: Fix code indentation in QP1 MAD flow
+ - IB/mlx4: Use correct subnet-prefix in QP1 mads under SR-IOV
+ - irda: Free skb on irda_accept error path.
+ - xfrm: Fix memory leak of aead algorithm name
+ - ocfs2/dlm: fix race between convert and migration
+ - fsnotify: add a way to stop queueing events on group shutdown
+ - ocfs2: fix start offset to ocfs2_zero_range_for_truncate()
+ - fix fault_in_multipages_...() on architectures with no-op access_ok()
+ - [x86] i2c-eg20t: fix race between i2c init and interrupt enable
+ - btrfs: ensure that file descriptor used with subvol ioctls is a dir
+ - can: dev: fix deadlock reported after bus-off
+ - ip6_gre: Set flowi6_proto as IPPROTO_GRE in xmit path.
+ - ip6_gre: fix flowi6_proto value in ip6gre_xmit_other()
+ - tracing: Move mutex to protect against resetting of seq data
+ - ipmr, ip6mr: fix scheduling while atomic and a deadlock with
+ ipmr_get_route
+ - drm/radeon/si/dpm: add workaround for for Jet parts
+ - mm,ksm: fix endless looping in allocating memory when ksm enable
+ - [armel,armhf] 8617/1: dma: fix dma_max_pfn()
+ - [mips*/5kc-malta] Fix IOCU disable switch read for MIPS64
+ - mm: workingset: fix crash in shadow node shrinker caused by
+ replace_page_cache_page()
+ - [armhf] 8618/1: decompressor: reset ttbcr fields to use TTBR0 on ARMv7
+ - [arm64] perf: reject groups spanning multiple HW PMUs (CVE-2015-8955)
+ - firewire: net: guard against rx buffer overflows (CVE-2016-8633)
+ - brcmfmac: avoid potential stack overflow in brcmf_cfg80211_start_ap()
+ (CVE-2016-8658)
+ - vfio/pci: Fix integer overflows, bitmask check (CVE-2016-9083,
+ CVE-2016-9084)
+ - fs: Give dentry to inode_change_ok() instead of inode
+ - fs: Avoid premature clearing of capabilities (CVE-2015-1350)
+ (Closes: #770492)
+ - posix_acl: Clear SGID bit when setting file permissions (CVE-2016-7097)
+ - staging: comedi: ni_mio_common: fix wrong insn_write handler
+ - xenbus: don't BUG() on user mode induced condition
+ - xenbus: don't look up transaction IDs for ordinary writes
+ - compiler-gcc: disable -ftracer for __noclone functions
+ - PM / devfreq: Fix incorrect type issue.
+ - mm: filemap: don't plant shadow entries without radix tree node
+
+ [ Aurelien Jarno ]
+ * [mips*] Fix ptrace handling of any syscalls returning ENOSYS.
+
+ [ Salvatore Bonaccorso ]
+ * [x86] KVM: pass host_initiated to functions that read MSRs
+ * [x86] KVM: VMX: Fix host initiated access to guest MSR_TSC_AUX
+ (Closes: #838660)
+
+ [ Ben Hutchings ]
+ * [x86] video: Disable X86_SYSFB, FB_SIMPLE (Closes: #822575)
+ * Revert "ecryptfs: forbid opening files without mmap handler", redundant
+ with upstream fixes
+ * fs: Move procfs/ecryptfs stacking check into ecryptfs, to avoid ABI change
+ * [mips*] Fix ABI change in 3.16.37
+ * net/sched: Fix ABI change in 3.16.37
+ * SCSI: Fix ABI change in 3.16.37
+ * ubi: Avoid ABI change in 3.16.37
+ * i8042: Revert ABI break in 3.16.39
+ * fs: Fix ABI change in 3.16.39
+ * can: Ignore ABI change in 3.16.39
+ * [mips*] uaccess: Avoid ABI change in 3.16.39
+ * [arm64] Revert "arm64: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO" to
+ avoid ABI change
+ * [s390x] Revert "s390: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO" to
+ avoid ABI change
+ * Revert "block: fix bdi vs gendisk lifetime mismatch" to avoid ABI change
+ * fsnotify: Ignore ABI change in 3.16.39
+ * Fix backport of "fs: Give dentry to inode_change_ok() instead of inode"
+ in fuse, xfs
+ * sg: Fix double-free when drives detach during SG_IO (CVE-2015-8962)
+ * perf: Fix race in swevent hash (CVE-2015-8963)
+ * tty: Prevent ldisc drivers from re-using stale tty fields (CVE-2015-8964)
+ * usb: gadget: f_fs: Fix use-after-free (CVE-2016-7912)
+ * HID: core: prevent out-of-bound readings (CVE-2016-7915)
+ * netfilter: nfnetlink: correctly validate length of batch messages
+ (CVE-2016-7917)
+ * net: ping: check minimum size on ICMP header length (CVE-2016-8399)
+ * net: Add __sock_queue_rcv_skb()
+ * rose,dccp: limit sk_filter trim to payload
+ * tcp: take care of truncations done by sk_filter() (CVE-2016-8645)
+ * mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (CVE-2016-8650)
+ * packet: fix race condition in packet_set_ring (CVE-2016-8655)
+ * [x86] Fix potential infoleak in older kernels (CVE-2016-9178)
+ * sctp: validate chunk len before actually using it (CVE-2016-9555)
+ * sg_write()/bsg_write() is not fit to be called under KERNEL_DS
+ (CVE-2016-9576, CVE-2016-10088)
+ * [x86] KVM: drop error recovery in em_jmp_far and em_ret_far (CVE-2016-9756)
+ * net: avoid signed overflows for SO_{SND|RCV}BUFFORCE (CVE-2016-9793)
+ * ALSA: pcm : Call kill_fasync() in stream lock (CVE-2016-9794)
+ * security,perf: Allow unprivileged use of perf_event_open to be disabled
+ (sysctl: kernel.perf_event_paranoid=3)
+ * spi-nor: Add support for n25q256a11 SPI flash device (Closes: #843650)
+ (thanks to Matt Sickler)
+ * xen-blkfront: fix accounting of reqs when migrating (Closes: #843715)
+
+ [ Julien Cristau ]
+ * hwrng: Add chaoskey driver, backported from 4.8 (Closes: #839616)
+
+ -- Ben Hutchings <ben at decadent.org.uk> Fri, 30 Dec 2016 19:42:20 +0000
+
+linux (3.16.36-1+deb8u2~bpo70+1) wheezy-backports; urgency=medium
+
+ * Rebuild for wheezy:
+ - Disable architectures that weren't part of wheezy
+ - Use gcc-4.6 for all architectures
+ - Change ABI number to 0.bpo.4
+ - [arm] btrfs: Work around bug in gcc-4.6 (fixes FTBFS)
+ - linux-image: Depend on initramfs-tools without any alternatives, so
+ that neither apt nor aptitude will automatically switch to dracut
+
+ -- Ben Hutchings <ben at decadent.org.uk> Wed, 19 Oct 2016 19:33:42 +0100
+
linux (3.16.36-1+deb8u2) jessie-security; urgency=high
* KEYS: Fix short sprintf buffer in /proc/keys show function (CVE-2016-7042)
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list