[linux] 01/01: Merge tag 'debian/4.9.30-2+deb9u5' into jessie-backports

debian-kernel at lists.debian.org debian-kernel at lists.debian.org
Thu Sep 28 17:18:25 UTC 2017 

This is an automated email from the git hooks/post-receive script.

benh pushed a commit to branch jessie-backports
in repository linux.

commit 943dfbb56cf8c2527ae092f41840a0e46ba0d520
Merge: 57c8c7e 35df1e4
Author: Ben Hutchings <ben at decadent.org.uk>
Date:   Thu Sep 28 13:12:47 2017 +0200

    Merge tag 'debian/4.9.30-2+deb9u5' into jessie-backports
    
    Release linux (4.9.30-2+deb9u5).

 debian/changelog                                   |  73 +++++
 ...-timer-fix-missing-queue-indices-reset-at.patch |  52 +++
 ...lsa-timer-fix-race-between-read-and-ioctl.patch |  69 ++++
 ...nfmt_elf-use-elf_et_dyn_base-only-for-pie.patch | 167 ++++++++++
 ...roperly-check-l2cap-config-option-output-.patch | 353 +++++++++++++++++++++
 ...x-possible-buffer-overflow-in-brcmf_cfg80.patch |  46 +++
 .../patches/bugfix/all/dentry-name-snapshots.patch | 228 +++++++++++++
 ...-platform-fix-race-condition-with-driver_.patch |  59 ++++
 ...don-t-leak-bo-on-drm_gem_object_init-fail.patch |  35 ++
 .../fs-exec.c-account-for-argv-envp-pointers.patch |  90 ++++++
 ...overflow-of-offset-in-ip6_find_1stfragopt.patch |  55 ++++
 ...-use-consistent-conditional-judgement-for.patch |  38 +++
 ...86_64-and-arm64-elf_et_dyn_base-base-chan.patch |  60 ++++
 ...eue-fix-a-use-after-free-in-sys_mq_notify.patch |  50 +++
 ...-the-required-netlink-attributes-presence.patch |  36 +++
 ...-t-write-vnet-header-beyond-end-of-buffer.patch |  68 ++++
 ...et-fix-tp_reserve-race-in-packet_set_ring.patch |  46 +++
 ...everal-cases-where-a-padded-len-isn-t-che.patch | 206 ++++++++++++
 .../sanitize-move_pages-permission-checks.patch    |  71 +++++
 ...-iscsi_if_rx-doesn-t-parse-nlmsg-properly.patch |  55 ++++
 ...xxx-fix-an-integer-overflow-in-sysfs-code.patch |  58 ++++
 ...-out-of-bounds-reads-from-address-storage.patch | 184 +++++++++++
 ...alize-rcv_mss-to-tcp_min_mss-instead-of-0.patch |  35 ++
 ...p-consistently-apply-ufo-or-fragmentation.patch |  85 +++++
 ...-aty-do-not-leak-uninitialized-padding-in.patch |  30 ++
 ...k-don-t-leak-stack-data-via-response-ring.patch | 130 ++++++++
 .../bugfix/all/xen-fix-bio-vec-merging.patch       |  59 ++++
 .../xfrm-policy-check-policy-direction-value.patch |  40 +++
 ...REALTIME_INODE-should-be-false-if-no-rt-d.patch |  67 ++++
 ...x-Make-sure-backup_handle-is-always-valid.patch |  60 ++++
 ...limit-the-number-of-mip-levels-in-vmw_gb_.patch |  38 +++
 ...don-t-allow-l2-to-access-the-hardware-cr8.patch |  34 ++
 ...vmx-do-not-bug-on-out-of-bounds-guest-irq.patch |  52 +++
 .../kvm-x86-fix-singlestepping-over-syscall.patch  | 125 ++++++++
 debian/patches/series                              |  33 ++
 35 files changed, 2887 insertions(+)

diff --cc debian/changelog
index 2bcdccf,ba0dc3c..f677410
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,17 -1,62 +1,90 @@@
++linux (4.9.30-2+deb9u5~bpo8+1) jessie-backports; urgency=medium
++
++  * Rebuild for jessie-backports:
++    - Revert "[x86] psmouse: Enable MOUSE_PS2_VMMOUSE", which breaks
++      xserver-xorg-input-vmmouse and several metapackages in jessie
++    - Revert changes to use gcc-6 compiler, not found in jessie
++    - Change ABI number to 0.bpo.3
++    - Revert changes to flex and asciidoc build-dependencies
++    - linux-image-dbg: Revert changes to packaging of debug symbols
++    - Revert "enable `perf data' support" as libbabeltrace is not available
++    - [mips*] Disable RELOCATABLE and RANDOMIZE_BASE.
++
++ -- Ben Hutchings <ben at decadent.org.uk>  Thu, 28 Sep 2017 12:12:03 +0100
++
+ linux (4.9.30-2+deb9u5) stretch-security; urgency=medium
+ 
+   * [amd64] mm: revert ELF_ET_DYN_BASE base changes (fixes regression of ASan)
+ 
+  -- Ben Hutchings <ben at decadent.org.uk>  Tue, 19 Sep 2017 02:34:05 +0100
+ 
+ linux (4.9.30-2+deb9u4) stretch-security; urgency=high
+ 
+   * [x86] KVM: fix singlestepping over syscall (CVE-2017-7518)
+   * binfmt_elf: use ELF_ET_DYN_BASE only for PIE (CVE-2017-1000370,
+     CVE-2017-1000371)
+   * ALSA: timer: Fix race between read and ioctl (CVE-2017-1000380)
+   * ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT
+     (CVE-2017-1000380)
+   * xfrm: policy: check policy direction value (CVE-2017-11600)
+   * packet: fix tp_reserve race in packet_set_ring (CVE-2017-1000111)
+   * ipv6: Should use consistent conditional judgement for ip6 fragment
+     between __ip6_append_data and ip6_finish_output
+   * udp: consistently apply ufo or fragmentation (CVE-2017-1000112)
+   * sctp: Avoid out-of-bounds reads from address storage (CVE-2017-7558)
+   * xen: fix bio vec merging (CVE-2017-12134) (Closes: #866511)
+   * driver core: platform: fix race condition with driver_override
+     (CVE-2017-12146)
+   * nl80211: check for the required netlink attributes presence (CVE-2017-12153)
+   * [x86] kvm: nVMX: Don't allow L2 to access the hardware CR8 (CVE-2017-12154)
+   * scsi: qla2xxx: Fix an integer overflow in sysfs code (CVE-2017-14051)
+   * tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (CVE-2017-14106)
+   * Sanitize 'move_pages()' permission checks (CVE-2017-14140)
+   * video: fbdev: aty: do not leak uninitialized padding in clk to userspace
+     (CVE-2017-14156)
+   * xfs: XFS_IS_REALTIME_INODE() should be false if no rt device present
+     (CVE-2017-14340)
+   * scsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly
+     (CVE-2017-14489)
+   * packet: Don't write vnet header beyond end of buffer (CVE-2017-14497)
+   * Bluetooth: Properly check L2CAP config option output buffer length
+     (CVE-2017-1000251) (Closes: #875881)
+   * [x86] KVM: VMX: Do not BUG() on out-of-bounds guest IRQ (CVE-2017-1000252)
+ 
+  -- Ben Hutchings <ben at decadent.org.uk>  Mon, 18 Sep 2017 16:40:43 +0100
+ 
+ linux (4.9.30-2+deb9u3) stretch-security; urgency=high
+ 
+   * [x86] drm/vmwgfx: limit the number of mip levels in
+     vmw_gb_surface_define_ioctl() (CVE-2017-7346)
+   * rxrpc: Fix several cases where a padded len isn't checked in ticket decode
+     (CVE-2017-7482)
+   * brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx()
+     (CVE-2017-7541)
+   * ipv6: avoid overflow of offset in ip6_find_1stfragopt (CVE-2017-7542)
+   * [x86] drm/vmwgfx: Make sure backup_handle is always valid (CVE-2017-9605)
+   * drm/virtio: don't leak bo on drm_gem_object_init failure (CVE-2017-10810)
+   * xen-blkback: don't leak stack data via response ring (CVE-2017-10911)
+   * mqueue: fix a use-after-free in sys_mq_notify() (CVE-2017-11176)
+   * fs/exec.c: account for argv/envp pointers (CVE-2017-1000365)
+   * dentry name snapshots (CVE-2017-7533)
+ 
+  -- Salvatore Bonaccorso <carnil at debian.org>  Sun, 06 Aug 2017 06:24:47 +0200
+ 
 +linux (4.9.30-2+deb9u2~bpo8+1) jessie-backports; urgency=medium
 +
 +  * Rebuild for jessie-backports:
 +    - Revert "[x86] psmouse: Enable MOUSE_PS2_VMMOUSE", which breaks
 +      xserver-xorg-input-vmmouse and several metapackages in jessie
 +    - Revert changes to use gcc-6 compiler, not found in jessie
 +    - Change ABI number to 0.bpo.3
 +    - Revert changes to flex and asciidoc build-dependencies
 +    - linux-image-dbg: Revert changes to packaging of debug symbols
 +    - Revert "enable `perf data' support" as libbabeltrace is not available
 +    - [mips*] Disable RELOCATABLE and RANDOMIZE_BASE.
 +
 + -- Ben Hutchings <ben at decadent.org.uk>  Tue, 27 Jun 2017 18:12:35 +0100
 +
  linux (4.9.30-2+deb9u2) stretch-security; urgency=high
  
    * Revert changes in version 4.9.30-2+deb9u1 (Closes: #865303)

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git

More information about the Kernel-svn-changes mailing list