[linux] 01/01: Merge tag 'debian/3.16.43-2+deb8u1' into wheezy-backports
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Fri Jan 19 23:08:15 UTC 2018
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch wheezy-backports
in repository linux.
commit bae5f7ac2a4cab4ca5945f11256aca6bfe153fe7
Merge: 5c86724 44412f2
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Wed Jun 21 12:54:45 2017 +0100
Merge tag 'debian/3.16.43-2+deb8u1' into wheezy-backports
debian/changelog | 699 ++++++++++++++++++
debian/config/defines | 6 +
debian/config/kernelarch-powerpc/config-arch-64 | 1 +
.../powerpc/modules/powerpc-powerpc64/scsi-modules | 1 +
...refcounting-problems-with-auth_gss-messag.patch | 85 +++
.../alsa-pcm-call-kill_fasync-in-stream-lock.patch | 43 --
...ash-fix-einprogress-notification-callback.patch | 226 ++++++
...reeing-skb-too-early-for-IPV6_RECVPKTINFO.patch | 47 --
.../all/dccp-limit-sk_filter-trim-to-payload.patch | 94 ---
...cp-tcp-do-not-inherit-mc_list-from-parent.patch | 37 +
...x-fencepost-in-s_first_meta_bg-validation.patch | 30 +
.../fbdev-color-map-copying-bounds-checking.patch | 80 ---
...d-me-mm-allow-to-configure-stack-gap-size.patch | 79 +++
...entry-to-inode_change_ok-instead-of-inode.patch | 678 ------------------
...-propagate-dentry-down-to-inode_change_ok.patch | 68 --
.../hid-core-prevent-out-of-bound-readings.patch | 43 --
.../all/ip6_gre-fix-ip6gre_err-invalid-reads.patch | 98 ---
...-skb-dst-around-in-presence-of-ip-options.patch | 43 --
...ip6_find_1stfragopt-return-value-properly.patch | 85 +++
...p-do-not-inherit-ipv6_mc_list-from-parent.patch | 60 ++
.../ipv6-fix-a-refcnt-leak-with-peer-addr.patch | 37 +
.../all/ipv6-fix-leak-in-ipv6_gso_segment.patch | 30 +
...-out-of-bound-writes-in-__ip6_append_data.patch | 62 ++
...nt-overrun-when-parsing-v6-header-options.patch | 221 ++++++
...drconf_get_prefix_route-to-remove-peer-ad.patch | 30 +
...andle-errors-reported-by-xfrm6_find_1stfr.patch | 40 ++
.../ipx-call-ipxitf_put-in-ioctl-error-path.patch | 36 +
...t-call-check_link-for-ethtool-in-ixgbe_ge.patch | 45 ++
...ow-keyrings-beginning-with-.-to-be-joined.patch | 76 ++
...yctl_set_reqkey_keyring-to-not-leak-threa.patch | 174 +++++
...ate-eperm-for-a-key-type-name-beginning-w.patch | 41 ++
...special-dot-prefixed-keyring-name-bug-fix.patch | 50 ++
.../locking-mutex-don-t-assume-task_running.patch | 49 ++
...tarting-iteration-in-mb_cache_entry_alloc.patch | 22 +
.../media-dvb-usb-v2-avoid-use-after-free.patch | 55 ++
.../all/mm-allow-to-configure-stack-gap-size.patch | 71 ++
.../mm-do-not-collapse-stack-gap-into-THP.patch | 52 ++
.../bugfix/all/mm-enlarge-stack-guard-gap.patch | 473 +++++++++++++
...ory.c-fix-up-mm-huge_memory.c-respect-fol.patch | 59 ++
...y.c-fix-error-handling-in-set_mempolicy-a.patch | 72 ++
...-the-stack-gap-for-unpopulated-growing-vm.patch | 45 ++
...ix-null-ptr-dereference-in-mpi_powm-ver-3.patch | 96 ---
...signed-overflows-for-so_-snd-rcv-bufforce.patch | 45 --
...-fix-overflow-in-check-for-priv-area-size.patch | 35 +
...ket-fix-overflow-in-check-for-tp_frame_nr.patch | 32 +
...cket-fix-overflow-in-check-for-tp_reserve.patch | 28 +
...-check-minimum-size-on-icmp-header-length.patch | 67 --
...fnetlink-correctly-validate-length-of-bat.patch | 71 --
...sd-check-for-oversized-nfsv2-v3-arguments.patch | 99 +++
...icter-decoding-of-write-like-nfsv2-v3-ops.patch | 56 ++
...sd4-minor-nfsv2-v3-write-decoding-cleanup.patch | 79 +++
...ket-fix-race-condition-in-packet_set_ring.patch | 88 ---
.../bugfix/all/perf-Fix-event-ctx-locking.patch | 501 -------------
...ix-concurrent-sys_perf_event_open-vs.-mov.patch | 152 ----
.../bugfix/all/perf-do-not-double-free.patch | 47 --
.../bugfix/all/perf-fix-race-in-swevent-hash.patch | 92 ---
.../arm-factor-out-mmap-aslr-into-mmap_rnd.patch | 95 +++
...don-t-randomise-text-when-randomise_va_sp.patch | 63 ++
.../arm64-standardize-mmap_rnd-usage.patch | 86 +++
.../pie-aslr/mips-extract-logic-for-mmap_rnd.patch | 55 ++
.../mm-expose-arch_mmap_rnd-when-available.patch | 277 ++++++++
...h_randomize_brk-into-arch_has_elf_randomi.patch | 184 +++++
.../mm-split-et_dyn-aslr-from-mmap-aslr.patch | 214 ++++++
.../powerpc-standardize-mmap_rnd-usage.patch | 83 +++
.../powerpc-use-generic-pie-randomization.patch | 101 +++
...mize_et_dyn-to-take-void-and-use-mmap_rnd.patch | 57 ++
...fine-randomize_et_dyn-for-elf_et_dyn_base.patch | 49 ++
.../pie-aslr/s390-standardize-mmap_rnd-usage.patch | 113 +++
.../bugfix/all/ping-implement-proper-locking.patch | 49 ++
...entry-to-inode_change_ok-instead-of-inode.patch | 779 ---------------------
.../all/rose-limit-sk_filter-trim-to-payload.patch | 94 ---
...-inherit-ipv6_-mc-ac-fl-_list-from-parent.patch | 29 +
...lidate-chunk-len-before-actually-using-it.patch | 54 --
.../selinux-fix-off-by-one-in-setprocattr.patch | 61 --
...uble-free-when-drives-detach-during-sg_io.patch | 66 --
...g_write-is-not-fit-to-be-called-under-ker.patch | 42 --
...-added-by-grab_header-in-proc_sys_readdir.patch | 83 ---
...ake-care-of-truncations-done-by-sk_filter.patch | 98 ---
...rict-timer_stats-to-initial-pid-namespace.patch | 37 +
...pfs-clear-s_isgid-when-setting-posix-acls.patch | 41 --
...-strlcpy-instead-of-strcpy-in-__trace_fin.patch | 34 +
...-ldisc-drivers-from-re-using-stale-tty-fi.patch | 74 --
.../all/usb-gadget-f_fs-fix-use-after-free.patch | 32 -
.../usb-iowarrior-fix-null-deref-at-probe.patch | 52 ++
...io_ti-fix-information-leak-in-completion-.patch | 31 +
...-kl5kusb105-fix-line-state-error-handling.patch | 37 -
...erial-omninet-fix-reference-leaks-at-open.patch | 33 +
...e-xfrm_msg_newae-incoming-esn-size-harder.patch | 34 +
..._newae-xfrma_replay_esn_val-replay_window.patch | 45 ++
...-propagate-dentry-down-to-inode_change_ok.patch | 210 ------
...eger-overflow-in-vmw_surface_define_ioctl.patch | 35 +
.../fix-potential-infoleak-in-older-kernels.patch | 63 --
.../kvm-fix-page-struct-leak-in-handle_vmon.patch | 40 --
...p-error-recovery-in-em_jmp_far-and-em_ret.patch | 125 ----
...x86-fix-emulation-of-mov-ss-null-selector.patch | 104 ---
.../kvm-x86-introduce-segmented_write_std.patch | 59 --
...r-dereference-in-vmw_surface_define_ioctl.patch | 34 +
.../arm64-ptrace-avoid-abi-change-in-3.16.42.patch | 23 +
...e-for-mmc-core-annotate-cmd_hdr-as-__le32.patch | 26 +
...change-for-net-fix-sk_mem_reclaim_partial.patch | 80 +++
...smp_send_stop-with-kdump-friendly-version.patch | 168 +++++
...e-for-mnt-add-a-per-mount-namespace-limit.patch | 25 +
.../all/net-add-__sock_queue_rcv_skb.patch | 63 --
...spend-resume-quirks-for-apple-thunderbolt.patch | 4 +-
debian/patches/series | 101 ++-
105 files changed, 5556 insertions(+), 4517 deletions(-)
diff --cc debian/changelog
index a408f51,3cca09b..eb637da
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,15 -1,690 +1,714 @@@
++linux (3.16.43-2+deb8u1~bpo70+1) wheezy-backports; urgency=medium
++
++ * Rebuild for wheezy:
++ - Disable architectures that weren't part of wheezy
++ - Use gcc-4.6 for all architectures
++ - Change ABI number to 0.bpo.4
++ - [arm] btrfs: Work around bug in gcc-4.6 (fixes FTBFS)
++ - linux-image: Depend on initramfs-tools without any alternatives, so
++ that neither apt nor aptitude will automatically switch to dracut
++
++ -- Ben Hutchings <ben at decadent.org.uk> Fri, 24 Feb 2017 16:38:59 +0000
++
+ linux (3.16.43-2+deb8u1) jessie-security; urgency=high
+
+ [ Ben Hutchings ]
+ * tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()
+ (CVE-2017-0605)
+ * ipx: call ipxitf_put() in ioctl error path (CVE-2017-7487)
+ * nfsd: check for oversized NFSv2/v3 arguments (CVE-2017-7645)
+ * nfsd4: minor NFSv2/v3 write decoding cleanup
+ * nfsd: stricter decoding of write-like NFSv2/v3 ops (CVE-2017-7895)
+ * media: dvb-usb-v2: avoid use-after-free (CVE-2017-8064)
+ * dccp/tcp: do not inherit mc_list from parent (CVE-2017-8890)
+ * USB: serial: io_ti: fix information leak in completion handler
+ (CVE-2017-8924)
+ * USB: serial: omninet: fix reference leaks at open (CVE-2017-8925)
+ * ipv6: Prevent overrun when parsing v6 header options (CVE-2017-9074)
+ * ipv6: Check ip6_find_1stfragopt() return value properly.
+ * ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt()
+ * ipv6: Fix leak in ipv6_gso_segment().
+ * sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (CVE-2017-9075)
+ * ipv6/dccp: do not inherit ipv6_mc_list from parent (CVE-2017-9076,
+ CVE-2017-9077)
+ * ipv6: fix out of bound writes in __ip6_append_data() (CVE-2017-9242)
+
+ [ Salvatore Bonaccorso ]
+ * mm: enlarge stack guard gap (CVE-2017-1000364)
+ * mm: allow to configure stack gap size
+ * mm, proc: cap the stack gap for unpopulated growing vmas
+ * mm: do not collapse stack gap into THP
+ * fold me "mm: allow to configure stack gap size"
+
+ -- Salvatore Bonaccorso <carnil at debian.org> Sun, 18 Jun 2017 11:55:39 +0200
+
+ linux (3.16.43-2) jessie; urgency=high
+
+ * mm/huge_memory.c: fix up "mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for
+ thp" backport (Closes: #861313)
+
+ -- Ben Hutchings <ben at decadent.org.uk> Sun, 30 Apr 2017 03:37:58 +0100
+
+ linux (3.16.43-1) jessie; urgency=medium
+
+ * New upstream stable update:
+ https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.40
+ - [x86] drm/i915/vlv: Make intel_crt_reset() per-encoder
+ - [x86] drm/i915/vlv: Reset the ADPA in vlv_display_power_well_init()
+ - fbdev/efifb: Fix 16 color palette entry calculation
+ - [s390*] zfcp: fix fc_host port_type with NPIV
+ - [s390*] zfcp: fix ELS/GS request&response length for hardware data router
+ - [s390*] zfcp: close window with unblocked rport during rport gone
+ - [s390*] zfcp: retain trace level for SCSI and HBA FSF response records
+ - [s390*] zfcp: restore: Dont use 0 to indicate invalid LUN in rec trace
+ - [s390*] zfcp: trace on request for open and close of WKA port
+ - [s390*] zfcp: restore tracing of handle for port and LUN with HBA records
+ - [s390*] zfcp: fix D_ID field with actual value on tracing SAN responses
+ - [s390*] zfcp: fix payload trace length for SAN request&response
+ - [s390*] zfcp: trace full payload of all SAN records (req,resp,iels)
+ - clk: divider: Fix clk_divider_round_rate() to use clk_readl()
+ - [x86] dumpstack: Fix x86_32 kernel_stack_pointer() previous stack access
+ - PCI: Mark Atheros AR9580 to avoid bus reset
+ - netfilter: restart search if moved to other chain
+ - uio: fix dmem_region_start computation
+ - platform: don't return 0 from platform_get_irq[_byname]() on error
+ - [arm64] debug: avoid resetting stepping state machine when TIF_SINGLESTEP
+ - ASoC: dapm: Fix value setting for _ENUM_DOUBLE MUX's second channel
+ - genirq/generic_chip: Add irq_unmap callback
+ - rtlwifi: Update regulatory database
+ - rtlwifi: Fix missing country code for Great Britain
+ - pwm: Unexport children before chip removal
+ - cx231xx: don't return error on success
+ - cx231xx: fix GPIOs for Pixelview SBTVD hybrid
+ - ext4: reinforce check of i_dtime when clearing high fields of uid and gid
+ - pstore/core: drop cmpxchg based updates
+ - pstore/ram: Use memcpy_toio instead of memcpy
+ - pstore/ram: Use memcpy_fromio() to save old buffer
+ - ipv4: accept u8 in IP_TOS ancillary data
+ - [armhf] phy: sun4i-usb: Use spinlock to guard phyctl register access
+ - dm: mark request_queue dead before destroying the DM device
+ - dm mpath: check if path's request_queue is dying in activate_path()
+ - ext4: bugfix for mmaped pages in mpage_release_unused_pages()
+ - [armhf] dts: exynos: Fix mismatched value for SD4 pull up/down
+ configuration on exynos4210
+ - reiserfs: Unlock superblock before calling reiserfs_quota_on_mount()
+ - sctp: do not return the transmit err back to sctp_sendmsg
+ - pkt_sched: fq: use proper locking in fq_dump_stats()
+ - [x86] iommu/amd: Free domain id when free a domain of struct
+ dma_ops_domain
+ - [powerpc*] nvram: Fix an incorrect partition merge
+ - ALSA: ali5451: Fix out-of-bound position reporting
+ - usb: misc: legousbtower: Fix NULL pointer deference
+ - net/mlx4_en: Fix wrong indentation
+ - net/mlx4_core: Fix deadlock when switching between polling and event fw
+ commands
+ - drm/radeon: narrow asic_init for virtualization
+ - [powerpc*] eeh: Null check uses of eeh_pe_bus_get
+ - ALSA: usb-audio: Extend DragonFly dB scale quirk to cover other variants
+ - netfilter: nft_exthdr: Add size check on u8 nft_exthdr attributes
+ - netfilter: nf_tables: validate maximum value of u32 netlink attributes
+ - svcrdma: Tail iovec leaves an orphaned DMA mapping
+ - blkcg: Annotate blkg_hint correctly
+ - ALSA: hda - Adding one more ALC255 pin definition for headset problem
+ - mmc: block: don't use CMD23 with very old MMC cards
+ - [powerpc*] KVM: Book3S: Treat VTB as a per-subcore register, not
+ per-thread
+ - [powerpc*] KVM: BookE: Fix a sanity check
+ - [powerpc*] KVM: Book3s PR: Allow access to unprivileged MMCR2 register
+ - NFSv4: Open state recovery must account for file permission changes
+ - Revert "usbtmc: convert to devm_kzalloc"
+ - drm/radeon/si/dpm: fix phase shedding setup
+ - [powerpc*/*64*] vdso64: Use double word compare on pointers
+ - ext4: release bh in make_indexed_dir
+ - [s390*] con3270: fix use of uninitialised data
+ - [s390*] con3270: fix insufficient space padding
+ - fuse: invalidate dir dentry after chmod
+ - fuse: fix killing s[ug]id in setattr
+ - fuse: listxattr: verify xattr list
+ - crypto: gcm - Fix IV buffer size in crypto_gcm_setkey
+ - staging: rtl8188eu: fix missing unlock on error in rtw_resume_process()
+ - staging: rtl8188eu: fix double unlock error in rtw_resume_process()
+ - UBI: fastmap: scrub PEB when bitflips are detected in a free PEB EC header
+ - ubi: Deal with interrupted erasures in WL
+ - ubi: Fix races around ubi_refill_pools()
+ - ubi: Fix Fastmap's update_vol()
+ - i40e: avoid NULL pointer dereference and recursive errors on early PCI
+ error
+ - [powerpc*] powernv: Use CPU-endian PEST in pnv_pci_dump_p7ioc_diag_data()
+ - mfd: rtsx_usb: Avoid setting ucr->current_sg.status
+ - async_pq_val: fix DMA memory leak
+ - mm: filemap: fix mapping->nrpages double accounting in fuse
+ - netlink: do not enter direct reclaim from netlink_dump()
+ - IB/srp: Fix infinite loop when FMR sg[0].offset != 0
+ - [x86] Input: elantech - add Fujitsu Lifebook E556 to force crc_enabled
+ - mm/hugetlb: fix memory offline with hugepage size > memory block size
+ - mm/hugetlb: check for reserved hugepages during memory offline
+ - vfs,mm: fix a dead loop in truncate_inode_pages_range()
+ - [powerpc*] pseries: Fix stack corruption in htpe code
+ - [powerpc*/*64*] Fix incorrect return value from __copy_tofrom_user
+ - [x86] panic: replace smp_send_stop() with kdump friendly version in panic
+ path
+ - [mips*] panic: replace smp_send_stop() with kdump friendly version in
+ panic path
+ - compiler: Allow 1- and 2-byte smp_load_acquire() and smp_store_release()
+ - ipc: remove use of seq_printf return value
+ - ipc/sem.c: fix complex_count vs. simple op race
+ - [mips*] ptrace: Fix regs_return_value for kernel context
+ - cifs: Display number of credits available
+ - cifs: Limit the overall credit acquired
+ - cifs: Set previous session id correctly on SMB3 reconnect
+ - cifs: SMB3: GUIDs should be constructed as random but valid uuids
+ - cifs: Clarify locking of cifs file and tcon structures and make more
+ granular
+ - cifs: Do not send SMB3 SET_INFO request if nothing is changing
+ - cifs: Cleanup missing frees on some ioctls
+ - fs/super.c: fix race between freeze_super() and thaw_super()
+ - scsi: Fix use-after-free
+ - mac80211: discard multicast and 4-addr A-MSDUs
+ - jbd2: fix incorrect unlock on j_list_lock
+ - drm/radeon: change vblank_time's calculation method to reduce
+ computational error.
+ - ipv6: correctly add local routes when lo goes up
+ - [s390*] scsi: zfcp: spin_lock_irqsave() is not nestable
+ - mmc: sdhci: cast unsigned int to unsigned long long to avoid unexpeted
+ error
+ - mmc: rtsx_usb_sdmmc: Avoid keeping the device runtime resumed when unused
+ - mmc: rtsx_usb_sdmmc: Handle runtime PM while changing the led
+ - memstick: rtsx_usb_ms: Runtime resume the device when polling for cards
+ - memstick: rtsx_usb_ms: Manage runtime PM when accessing the device
+ - [arm64] kernel: Init MDCR_EL2 even in the absence of a PMU
+ - netfilter: nf_tables: underflow in nft_parse_u32_check()
+ - ALSA: hda - allow 40 bit DMA mask for NVidia devices
+ - isofs: Do not return EACCES for unknown filesystems
+ - bridge: multicast: restore perm router ports on multicast enable
+ - hwrng: core - Don't use a stack buffer in add_early_randomness()
+ - [x86] Input: i8042 - add XMG C504 to keyboard reset table
+ - ubifs: Fix xattr_names length in exit paths
+ - ubifs: Abort readdir upon error
+ - target: Make EXTENDED_COPY 0xe4 failure return COPY TARGET DEVICE NOT
+ REACHABLE
+ - target: Don't override EXTENDED_COPY xcopy_pt_cmd SCSI status code
+ - [x86] xhci: add restart quirk for Intel Wildcatpoint PCH
+ - xhci: workaround for hosts missing CAS bit
+ - USB: serial: fix potential NULL-dereference at probe
+ - drm/radeon/si_dpm: Limit clocks on HD86xx part
+ - [arm64] KVM: Take S1 walks into account when determining S2 write faults
+ - [powerpc*] Convert cmp to cmpd in idle enter sequence
+ - ipv4: use the right lock for ping_group_range
+ - ACPI / APEI: Fix incorrect return value of ghes_proc()
+ - dm table: fix missing dm_put_target_type() in dm_table_add_target()
+ - [x86] mei: txe: don't clean an unprocessed interrupt cause.
+ - scsi: megaraid_sas: Fix data integrity failure for JBOD (passthrough)
+ devices
+ - [x86] hv: do not lose pending heartbeat vmbus packets
+ - ALSA: hda - Fix surround output pins for ASRock B150M mobo
+ - drm/radeon: drop register readback in cayman_cp_int_cntl_setup
+ - drm/radeon/si_dpm: workaround for SI kickers
+ - scsi: scsi_debug: Fix memory leak if LBP enabled and module is unloaded
+ - scsi: arcmsr: Send SYNCHRONIZE_CACHE command to firmware
+ - tty: vt, fix bogus division in csi_J
+ - tty: limit terminal size to 4M chars
+ - vt: clear selection before resizing
+ - netfilter: nf_conntrack_sip: extend request line validation
+ - netfilter: nf_tables: fix type mismatch with error return from
+ nft_parse_u32_check
+ - btrfs: fix races on root_log_ctx lists
+ - lib/genalloc.c: start search from start of chunk
+ - [s390*] hypfs: Use get_free_page() instead of kmalloc to ensure page
+ alignment
+ - [x86] KVM: fix wbinvd_dirty_mask use-after-free
+ - GenWQE: Fix bad page access during abort of resource allocation
+ - ubifs: Fix regression in ubifs_readdir()
+ - md: be careful not lot leak internal curr_resync value into metadata.
+ - net/mlx5: Avoid passing dma address 0 to firmware
+ - packet: on direct_xmit, limit tso and csum to supported devices
+ - net/mlx4_core: Fix the resource-type enum in res tracker to conform to FW
+ spec
+ - net/mlx4_en: Resolve dividing by zero in 32-bit system
+ - net/mlx4_en: Process all completions in RX rings after port goes up
+ - net/mlx4_en: Fix potential deadlock in port statistics flow
+ - [x86] iommu/vt-d: Fix IOMMU lookup for SR-IOV Virtual Functions
+ - virtio: console: Unlock vqs while freeing buffers
+ - netfilter: nf_tables: destroy the set if fail to add transaction
+ - [x86] mei: bus: fix received data size check in NFC fixup
+ - ipv6: Don't use ufo handling on later transformed packets
+ - can: bcm: fix warning in bcm_connect/proc_register
+ - bgmac: stop clearing DMA receive control register right after it is set
+ - uwb: fix device reference leaks
+ - [armel,armhf] gpio/mvebu: Use irq_domain_add_linear
+ - PM / sleep: fix device reference leak in test_suspend
+ - ip6_tunnel: Clear IP6CB in ip6tunnel_xmit()
+ - firewire: net: fix fragmented datagram_size off-by-one
+ - ipv4: allow local fragmentation in ip_finish_output_gso()
+ - i2c: core: fix NULL pointer dereference under race condition
+ - iio: hid-sensors: Fix compilation warning
+ - iio: hid-sensors: Increase the precision of scale to fix wrong reading
+ interpretation.
+ - [armhf] net: ethernet: ti: cpsw: fix device and of_node leaks
+ - scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression
+ - rtnl: reset calcit fptr in rtnl_unregister()
+ - USB: cdc-acm: fix TIOCMIWAIT
+ - PM / sleep: don't suspend parent when async child suspend_{noirq, late}
+ fails
+ - [x86] ALSA: hda - Fix mic regression by ASRock mobo fixup
+ - swapfile: fix memory corruption via malformed swapfile
+ - coredump: fix unfreezable coredumping task
+ - dib0700: fix nec repeat handling
+ - scsi: mpt3sas: Fix secure erase premature termination
+ - neigh: check error pointer instead of NULL for ipv4_neigh_lookup()
+ - ipv4: use new_gw for redirect neigh lookup
+ - fuse: fix fuse_write_end() if zero bytes were copied
+ - [armhf] usb: chipidea: move the lock initialization to core file
+ - rtnetlink: fix rtnl_vfinfo_size
+ - mfd: core: Fix device reference leak in mfd_clone_cell
+ - nvme/pci: Don't free queues on error
+ - IB/uverbs: Fix leak of XRC target QPs
+ - IB/cm: Mark stale CM id's whenever the mad agent was unregistered
+ - IB/core: Avoid unsigned int overflow in sg_alloc_table
+ - IB/mlx5: Use cache line size to select CQE stride
+ - IB/mlx5: Resolve soft lock on massive reg MRs
+ - IB/mlx5: Fix NULL pointer dereference on debug print
+ - IB/mlx4: Fix create CQ error flow
+ - mwifiex: printk() overflow with 32-byte SSIDs
+ - of_mdio: fix node leak in of_phy_register_fixed_link error path
+ - cfg80211: limit scan results cache size
+ - [armhf] net: ethernet: ti: cpsw: fix bad register access in probe error
+ path
+ - [armhf] net: ethernet: ti: cpsw: fix mdio device reference leak
+ - [armhf] net: ethernet: ti: cpsw: fix secondary-emac probe error path
+ - KVM: Disable irq while unregistering user notifier
+ - [x86] KVM: fix missed SRCU usage in kvm_lapic_set_vapic_addr
+ - ext4: sanity check the block and cluster size at mount time
+ - l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind()
+ (CVE-2016-10200)
+ - apparmor: fix change_hat not finding hat after policy replacement
+ - [x86] traps: Ignore high word of regs->cs in early_fixup_exception()
+ - xc2028: Fix use-after-free bug properly
+ - [armhf] net: ethernet: mvneta: Remove IFF_UNICAST_FLT which is not
+ implemented
+ - net/mlx4: Fix uninitialized fields in rule when adding promiscuous mode
+ to device managed flow steering
+ - pwm: Fix device reference leak
+ - netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT ACCEPT"
+ failed in 64bit kernel
+ - [powerpc*] eeh: Fix deadlock when PE frozen state can't be cleared
+ - batman-adv: Check for alloc errors when preparing TT local data
+ - locking/rtmutex: Prevent dequeue vs. unlock race
+ - ipv4: Set skb->protocol properly for local output
+ - ipv6: Set skb->protocol properly for local output
+ - tipc: check minimum bearer MTU
+ - [x86] perf: Fix full width counter, counter overflow
+ - fuse: fix clearing suid, sgid for chown()
+ - can: raw: raw_setsockopt: limit number of can_filter that can be set
+ - can: peak: fix bad memory access and free sequence
+ - ser_gigaset: return -ENOMEM on error instead of success
+ - vfs,mm: fix return value of read() at s_maxbytes
+ https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.41
+ - mnt: Add a per mount namespace limit on the number of mounts
+ (CVE-2016-6213)
+ - ext4: validate s_first_meta_bg at mount time (CVE-2016-10208)
+ https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.42
+ - net/sched: em_meta: Fix 'meta vlan' to correctly recognize zero VID frames
+ - ite-cir: initialize use_demodulator before using it
+ - usb: gadget: composite: correctly initialize ep->maxpacket
+ - usb: gadget: composite: always set ep->mult to a sensible value
+ - [armhf] usb: dwc3: gadget: set PCM1 field of isochronous-first TRBs
+ - [amd64] drm/gma500: Add compat ioctl
+ - enic: set skb->hash type properly
+ - xfs: fix up xfs_swap_extent_forks inline extent handling
+ - scsi: megaraid_sas: For SRIOV enabled firmware, ensure VF driver waits
+ for 30secs before reset
+ - PCI: Check for PME in targeted sleep state
+ - USB: UHCI: report non-PME wakeup signalling for Intel hardware
+ - [armhf] dts: imx6q-cm-fx6: fix fec pinctrl
+ - [powerpc] ibmebus: Fix device reference leaks in sysfs interface
+ - [powerpc] ibmebus: Fix further device reference leaks
+ - [powerpc*] pci/rpadlpar: Fix device reference leaks
+ - usb: xhci-mem: use passed in GFP flags instead of GFP_KERNEL
+ - dm rq: fix a race condition in rq_completed()
+ - ext4: fix mballoc breakage with 64k block size
+ - ext4: fix stack memory corruption with 64k block size
+ - IB/core: Save QP in ib_flow structure
+ - IB/mlx5: Put non zero value in max_ah
+ - IB/mlx5: Wait for all async command completions to complete
+ - IB/IPoIB: Remove can't use GFP_NOIO warning
+ - IB/mlx4: Set traffic class in AH
+ - IB/mlx4: Put non zero value in max_ah device attribute
+ - IB/mlx4: Fix port query for 56Gb Ethernet links
+ - scsi: mvsas: fix command_active typo
+ - ssb: Fix error routine when fallback SPROM fails
+ - usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices
+ - [armhf] USB: phy: am335x-control: fix device and of_node leaks
+ - ext4: fix in-superblock mount options processing
+ - ext4: use more strict checks for inodes_per_block on mount
+ - ext4: add sanity checking to count_overhead()
+ - [powerpc*] KVM: Book3S HV: Save/restore XER in checkpointed register state
+ - dm crypt: mark key as invalid until properly loaded
+ - f2fs: set ->owner for debugfs status file's file_operations
+ - xen/gntdev: Use VM_MIXEDMAP instead of VM_IO to avoid NUMA balancing
+ - ALSA: usb-audio: Fix bogus error return in snd_usb_create_stream()
+ - md/raid5: limit request size according to implementation limits
+ - thermal: hwmon: Properly report critical temperature in sysfs
+ - USB: serial: kl5kusb105: fix open error path
+ - USB: serial: kl5kusb105: abort on open exception path
+ - [powerpc] ps3: Fix system hang with GCC 5 builds
+ - Btrfs: fix tree search logic when replaying directory entry deletes
+ - [armhf,arm64] bus: vexpress-config: fix device reference leak
+ - block: protect iterate_bdevs() against concurrent close
+ - NFS: Fix a performance regression in readdir
+ - xfs: set AGI buffer type in xlog_recover_clear_agi_bucket
+ - mmc: sdhci: Fix recovery from tuning timeout
+ - CIFS: Fix missing nls unload in smb2_reconnect()
+ - CIFS: Fix a possible memory corruption in push locks
+ - CIFS: Fix a possible memory corruption during reconnect
+ - [x86] ALSA: hda - Add inverted internal mic for Asus Aspire 4830T
+ - [x86] ALSA: hda - Add the top speaker pin config for HP Spectre x360
+ - [x86] ALSA: hda - Gate the mic jack on HP Z1 Gen3 AiO
+ - drm/radeon: Hide the HW cursor while it's out of bounds
+ - drm/radeon: Use mode h/vdisplay fields to hide out of bounds HW cursor
+ - drm/radeon: add additional pci revision to dpm workaround
+ - [armhf] xen: Use alloc_percpu rather than __alloc_percpu
+ - clk: clk-wm831x: fix a logic error
+ - hotplug: Make register and unregister notifier API symmetric
+ - iw_cxgb4: Fix error return code in c4iw_rdev_open()
+ - dm space map metadata: fix 'struct sm_metadata' leak on failed create
+ - md: MD_RECOVERY_NEEDED is set for mddev->recovery
+ - cfg80211/mac80211: fix BSS leaks when abandoning assoc attempts
+ - hwmon: (ds620) Fix overflows seen when writing temperature limits
+ - [i386] ftrace: Set ftrace_stub to weak to prevent gcc from using short
+ jumps to it
+ - fgraph: Handle a case where a tracer ignores set_graph_notrace
+ - nfs_write_end(): fix handling of short copies
+ - ext4: reject inodes with negative size
+ - ext4: return -ENOMEM instead of success
+ - [s390*] vmlogrdr: fix IUCV buffer allocation
+ - [armhf] hwmon: (g762) Fix overflows and crash seen when writing limit
+ attributes
+ - ALSA: hiface: Fix M2Tech hiFace driver sampling rate change
+ - libceph: verify authorize reply on connect
+ - fs/notify/inode_mark.c: use list_next_entry in fsnotify_unmount_inodes
+ - fsnotify: Fix possible use-after-free in inode iteration on umount
+ - IB/mlx4: When no DMFS for IPoIB, don't allow NET_IF QPs
+ - IB/mlx4: Fix out-of-range array index in destroy qp flow
+ - Btrfs: delayed-inode: replace root args iff only fs_info used
+ - btrfs: limit async_work allocation and worker func duration
+ - block_dev: don't test bdev->bd_contains when it is not stable
+ - IB/mad: Fix an array index check
+ - IPoIB: Avoid reading an uninitialized member variable
+ - IB/multicast: Check ib_find_pkey() return value
+ - [s390x] scsi: zfcp: fix use-after-"free" in FC ingress path after TMF
+ - [s390x] scsi: zfcp: do not trace pure benign residual HBA responses at
+ default level
+ - [s390x] scsi: zfcp: fix rport unblock race with LUN recovery
+ - scsi: avoid a permanent stop of the scsi device's request queue
+ - target/iscsi: Fix double free in lio_target_tiqn_addtpg()
+ - [x86] drivers/gpu/drm/ast: Fix infinite loop if read fails
+ - NFSv4.1: nfs4_fl_prepare_ds must be careful about reporting success.
+ - [x86] drm/i915/dsi: Do not clear DPOUNIT_CLOCK_GATE_DISABLE from
+ vlv_init_display_clock_gating
+ - fs: exec: apply CLOEXEC before changing dumpable task flags
+ - [x86] Input: i8042 - add Pegatron touchpad to noloop table
+ - net, sched: fix soft lockup in tc_classify
+ - [armhf] net: stmmac: Fix race between stmmac_drv_probe and stmmac_open
+ - [armhf net: stmmac: Fix error path after register_netdev move
+ - net/mlx4_core: Use-after-free causes a resource leak in flow-steering
+ detach
+ - net/mlx4_en: Fix bad WQE issue
+ - net/mlx4: Remove BUG_ON from ICM allocation routine
+ - [armhf] usb: dwc3: ep0: add dwc3_ep0_prepare_one_trb()
+ - [armhf] usb: dwc3: ep0: explicitly call dwc3_ep0_prepare_one_trb()
+ - [armhf] usb: dwc3: gadget: always unmap EP0 requests
+ - [armhf] usb: gadget: composite: Test get_alt() presence instead of
+ set_alt()
+ - [armhf] usb: gadgetfs: restrict upper bound on device configuration size
+ - [armhf] USB: gadgetfs: fix unbounded memory allocation bug
+ - [armhf] USB: gadgetfs: fix use-after-free bug
+ - [armhf] USB: gadgetfs: fix checks of wTotalLength in config descriptors
+ - btrfs: fix error handling when run_delayed_extent_op fails
+ - btrfs: fix locking when we put back a delayed ref that's too new
+ - xhci: free xhci virtual devices with leaf nodes first
+ - usb: xhci: fix possible wild pointer
+ - usb: host: xhci: Fix possible wild pointer when handling abort command
+ - xhci: Handle command completion and timeout race
+ - usb: xhci: hold lock over xhci_abort_cmd_ring()
+ - USB: serial: cyberjack: fix NULL-deref at open
+ - USB: serial: garmin_gps: fix memory leak on failed URB submit
+ - USB: serial: io_edgeport: fix NULL-deref at open
+ - USB: serial: io_ti: fix NULL-deref at open
+ - USB: serial: io_ti: fix another NULL-deref at open
+ - USB: serial: iuu_phoenix: fix NULL-deref at open
+ - USB: serial: keyspan_pda: verify endpoints at probe
+ - USB: serial: kobil_sct: fix NULL-deref in write
+ - USB: serial: mos7720: fix NULL-deref at open
+ - USB: serial: mos7720: fix use-after-free on probe errors
+ - USB: serial: mos7720: fix parport use-after-free on probe errors
+ - USB: serial: mos7720: fix parallel probe
+ - USB: serial: mos7840: fix NULL-deref at open
+ - USB: serial: mos7840: fix misleading interrupt-URB comment
+ - USB: serial: omninet: fix NULL-derefs at open and disconnect
+ - USB: serial: oti6858: fix NULL-deref at open
+ - USB: serial: pl2303: fix NULL-deref at open
+ - USB: serial: quatech2: fix sleep-while-atomic in close
+ - USB: serial: spcp8x5: fix NULL-deref at open
+ - USB: serial: ti_usb_3410_5052: fix NULL-deref at open
+ - [x86] iommu/amd: Fix the left value check of cmd buffer
+ - [x86] mei: move write cb to completion on credentials failures
+ - ALSA: hda - Apply asus-mode8 fixup to ASUS X71SL
+ - [x86] cpu: Fix bootup crashes by sanitizing the argument of the
+ 'clearcpuid=' command-line option
+ - [armhf] usb: musb: Fix trying to free already-free IRQ 4
+ - usb: hub: Move hub_port_disable() to fix warning if PM is disabled
+ - USB: fix problems with duplicate endpoint addresses
+ - selftests: do not require bash to run netsocktests testcase
+ - HID: hid-cypress: validate length of report (CVE-2017-7273)
+ - ata: sata_mv:- Handle return value of devm_ioremap.
+ - drm/radeon: drop verde dpm quirks
+ - [x86] boot: Add missing declaration of string functions
+ - USB: ch341: remove redundant close from open error path
+ - USB: ch341: set tty baud speed according to tty struct
+ - USB: serial: ch341: add register and USB request definitions
+ - USB: serial: ch341: reinitialize chip on reconfiguration
+ - USB: serial: ch341: fix initial modem-control state
+ - USB: serial: ch341: fix open and resume after B0
+ - USB: serial: ch341: fix modem-control and B0 handling
+ - USB: serial: ch341: fix open error handling
+ - USB: serial: ch341: fix resume after reset
+ - USB: serial: ch341: fix baud rate and line-control handling
+ - gro: Enter slow-path if there is no tailroom
+ - gro: Disable frag0 optimization on IPv6 ext headers
+ - ocfs2: fix crash caused by stale lvb with fsdlm plugin
+ - mm/hugetlb.c: fix reservation race when freeing surplus pages
+ - sysrq: attach sysrq handler correctly for 32-bit kernel
+ - USB: serial: ch341: fix control-message error handling
+ - gro: use min_t() in skb_gro_reset_offset()
+ - [x86] PCI: Ignore _CRS on Supermicro X8DTH-i/6/iF/6F
+ - xhci: fix deadlock at host remove by running watchdog correctly
+ - [x86] KVM: flush pending lapic jump label updates on module unload
+ - i2c: fix kernel memory disclosure in dev interface
+ - svcrpc: don't leak contexts on PROC_DESTROY
+ - netfilter: rpfilter: fix incorrect loopback packet judgment
+ - be2net: fix status check in be_cmd_pmac_add()
+ - net/mlx4_core: Fix racy CQ (Completion Queue) free
+ - net/mlx4_core: Fix when to save some qp context flags for dynamic VST to
+ VGT transitions
+ - net/mlx4_core: Eliminate warning messages for SRQ_LIMIT under SRIOV
+ - clocksource/exynos_mct: Clear interrupt when cpu is shut down
+ - ubifs: Fix journal replay wrt. xattr nodes
+ - qla2xxx: Fix crash due to null pointer access
+ - can: c_can_pci: fix null-pointer-deref in c_can_start() - set device
+ pointer
+ - ceph: fix bad endianness handling in parse_reply_info_extra
+ - [arm64] ptrace: Preserve previous registers for short regset write
+ - [arm64] ptrace: Avoid uninitialised struct padding in fpr_set()
+ - [arm64] ptrace: Reject attempts to set incomplete hardware breakpoint
+ fields
+ - net: fix harmonize_features() vs NETIF_F_HIGHDMA
+ - [arm64] avoid returning from bad_mode
+ - tcp: initialize max window for a new fastopen socket
+ - nbd: fix use-after-free of rq/bio in the xmit path
+ - nbd: only set MSG_MORE when we have more to send
+ - [powerpc*] ptrace: Preserve previous fprs/vsrs on short regset write
+ - [powerpc*] Ignore reserved field in DCSR and PVR reads and writes
+ - [x86] platform: intel_mid_powerbtn: Set IRQ_ONESHOT
+ - crypto: api - Clear CRYPTO_ALG_DEAD bit before registering an alg
+ - [arm64] crypto: aes-blk - honour iv_out requirement in CBC and CTR modes
+ - [powerpc*] Add missing error check to prom_find_boot_cpu()
+ - nfs: Don't increment lock sequence ID after NFS4ERR_MOVED
+ - ip6_tunnel: must reload ipv6h in ip6ip6_tnl_xmit()
+ - SUNRPC: cleanup ida information when removing sunrpc module
+ - netfilter: nft_log: restrict the log prefix length to 127
+ - mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp
+ - [x86] drm/i915: Don't leak edid in intel_crt_detect_ddc()
+ - sysctl: fix proc_doulongvec_ms_jiffies_minmax()
+ - nfs: Fix "Don't increment lock sequence ID after NFS4ERR_MOVED"
+ - can: bcm: fix hrtimer/tasklet termination in bcm op removal
+ - perf/core: Fix PERF_RECORD_MMAP2 prot/flags for anonymous memory
+ - [armel,armhf] 8643/3: ptrace: Preserve previous registers for short
+ regset write
+ - drm/nouveau/nv1a,nv1f/disp: fix memory clock rate retrieval
+ - mmc: sdhci: Ignore unexpected CARD_INT interrupts
+ - svcrpc: fix oops in absence of krb5 module
+ - net: use a work queue to defer net_disable_timestamp() work
+ - mm, fs: check for fatal signals in do_generic_file_read()
+ - netlabel: out of bound access in cipso_v4_validate()
+ - mac80211: Fix adding of mesh vendor IEs
+ - ALSA: seq: Don't handle loop timeout at snd_seq_pool_done()
+ - [x86] drm/i915: fix use-after-free in page_flip_completed()
+ - ALSA: seq: Fix race at creating a queue
+ - target: Use correct SCSI status during EXTENDED_COPY exception
+ - target: Fix early transport_generic_handle_tmr abort scenario
+ - target: Fix COMPARE_AND_WRITE ref leak for non GOOD status
+ - btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls
+ - ping: fix a null pointer dereference
+ - [s390x] scsi: zfcp: fix use-after-free by not tracing WKA port open/close
+ on failed send
+ - xen-netfront: Delete rx_refill_timer in xennet_disconnect_backend()
+ - l2tp: do not use udp_ioctl()
+ - futex: Move futex_init() to core_initcall
+ - mmc: core: fix multi-bit bus width without high-speed mode
+ - vfs: fix uninitialized flags in splice_to_pipe()
+ - packet: call fanout_release, while UNREGISTERING a netdev
+ - packet: Do not call fanout_release from atomic contexts
+ - printk: use rcuidle console tracepoint
+ - sg: Fix missing sanity check in /dev/sg
+ - sched/cputime: Fix invalid gtime in proc
+ - decnet: Do not build routes to devices without decnet private data.
+ - route: do not cache fib route info on local routes with oif
+ - sch_htb: update backlog as well
+ - sch_dsmark: update backlog as well
+ - netem: Segment GSO packets on enqueue
+ - [x86] VSOCK: do not disconnect socket when peer has shutdown SEND only
+ - net: bridge: fix old ioctl unlocked net device walk
+ - udp: prevent skbs lingering in tunnel socket queues
+ - ipv6: Skip XFRM lookup if dst_entry in socket cache is valid
+ - sit: correct IP protocol used in ipip6_err
+ - ipmr/ip6mr: Initialize the last assert time of mfc entries.
+ - net: alx: Work around the DMA RX overflow issue
+ - cdc_ncm: workaround for EM7455 "silent" data interface
+ - bonding: set carrier off for devices created through netlink
+ - net: fix sk_mem_reclaim_partial()
+ - tcp: fix overflow in __tcp_retransmit_skb()
+ - net: avoid sk_forward_alloc overflows
+ - tcp: fix wrong checksum calculation on MTU probing
+ - net: Add netdev all_adj_list refcnt propagation to fix panic
+ - net: sctp, forbid negative length
+ - net: clear sk_err_soft in sk_clone_lock()
+ - net: mangle zero checksum in skb_checksum_help()
+ - dccp: do not send reset to already closed sockets
+ - dccp: fix out of bound access in dccp_v4_err()
+ - ipv6: dccp: fix out of bound access in dccp_v6_err()
+ - ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped
+ - sctp: assign assoc_id earlier in __sctp_connect
+ - sock: fix sendmmsg for partial sendmsg
+ - ip6_tunnel: disable caching when the traffic class is inherited
+ - net: sky2: Fix shutdown crash
+ - net/sched: pedit: make sure that offset is valid
+ - net/dccp: fix use-after-free in dccp_invalid_packet
+ - [x86] netvsc: reduce maximum GSO size
+ - ipv6: handle -EFAULT from skb_copy_bits
+ - drop_monitor: add missing call to genlmsg_end
+ - drop_monitor: consider inserted data in genlmsg_end
+ - igmp: Make igmp group member RFC 3376 compliant
+ - r8152: fix the sw rx checksum is unavailable
+ - tcp: fix tcp_fastopen unaligned access complaints on sparc
+ - ipv6: addrconf: Avoid addrconf_disable_change() using RCU read-side lock
+ - net: socket: fix recvmmsg not returning error from sock_error
+ - can: Fix kernel panic at security_sock_rcv_skb
+ - ipv6: fix ip6_tnl_parse_tlv_enc_lim()
+ - ipv6: pointer math error in ip6_tnl_parse_tlv_enc_lim()
+ - tcp: fix 0 divide in __tcp_select_window()
+ - tun: Fix TUN_PKT_STRIP setting
+ - tun: read vnet_hdr_sz once
+ - macvtap: read vnet_hdr_size once
+ - mlx4: Invoke softirqs after napi_reschedule
+ - sit: fix a double free on error path
+ - igmp: do not remove igmp souce list info when set link down
+ - mld: do not remove mld souce list info when set link down
+ - igmp, mld: Fix memory leak in igmpv3/mld_del_delrec()
+ - [x86] Revert "KVM: x86: expose MSR_TSC_AUX to userspace"
+ (regression in 3.16.7-ckt24)
+ https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.43
+ - crypto: improve gcc optimization flags for serpent and wp512
+ - mmc: sunxi: avoid invalid pointer calculation
+ - [mips*] Zero variable read by get_user / __get_user in case of an error.
+ - netlink: remove mmapped netlink support
+ - vfs: Commit to never having exectuables on proc and sysfs.
+ - aio: mark AIO pseudo-fs noexec (CVE-2016-10044)
+ - keys: Guard against null match function in keyring_search_aux()
+ (CVE-2017-2647 / CVE-2017-6951)
+
+ [ Ben Hutchings ]
+ * locking/mutex: Don't assume TASK_RUNNING (Closes: #841171)
+ * can, tcp: Ignore ABI changes
+ * [arm64] ptrace: Avoid ABI change in 3.16.42
+ * [x86] Revert "x86/panic: replace smp_send_stop() with kdump friendly
+ version in panic path" to avoid ABI change
+ * net: Avoid ABI change for "net: fix sk_mem_reclaim_partial()"
+ * vfs: Avoid ABI change for "mnt: Add a per mount namespace limit ..."
+ * mmc: Avoid ABI change for "mmc: core: Annotate cmd_hdr as __le32"
+ * ext4: fix fencepost in s_first_meta_bg validation (regression in 3.16.41)
+ * timer: Restrict timer_stats to initial PID namespace (CVE-2017-5967)
+ * mbcache: Reschedule before restarting iteration in mb_cache_entry_alloc()
+ (mitigates CVE-2015-8952)
+ * [powerpc/powerpc64,ppc64*] Enable SCSI_IBMVFC as module (Closes: #859523)
+ - udeb: Add ibmvfc to scsi-modules
+ * mm: Make PIE address randomisation independent of mmap (Closes: #797530)
+ - [armel,armhf] factor out mmap ASLR into mmap_rnd
+ - [arm64] ASLR: Don't randomise text when randomise_va_space == 0
+ - [arm64] standardize mmap_rnd() usage
+ - [mips*] extract logic for mmap_rnd()
+ - [powerpc*] Use generic PIE randomization
+ - [powerpc*] standardize mmap_rnd() usage
+ - [s390*] Change randomize_et_dyn() to take void and use mmap_rnd()
+ - [s390*] standardize mmap_rnd() usage
+ - mm: expose arch_mmap_rnd when available
+ - [s390*] redefine randomize_et_dyn for ELF_ET_DYN_BASE
+ - mm: split ET_DYN ASLR from mmap ASLR
+ - mm: fold arch_randomize_brk into ARCH_HAS_ELF_RANDOMIZE
+ * ping: implement proper locking (CVE-2017-2671)
+ * xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window
+ (CVE-2017-7184)
+ * xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (CVE-2017-7184)
+ * [x86] drm/vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl()
+ (CVE-2017-7261)
+ * [x86] drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl()
+ (CVE-2017-7294)
+ * net/packet: Fix integer overflow in various range checks (CVE-2017-7308)
+ * mm/mempolicy.c: fix error handling in set_mempolicy and mbind
+ (CVE-2017-7616)
+ * crypto: ahash - Fix EINPROGRESS notification callback (CVE-2017-7618)
+ * USB: iowarrior: fix NULL-deref at probe (CVE-2016-2188)
+ * ixgbe: do not call check_link for ethtool in ixgbe_get_settings()
+ (Closes: #851952)
+ * Fix bugs in ipv6 peer address cleanup (Closes: #854348):
+ - ipv6: fix a refcnt leak with peer addr
+ - ipv6: use addrconf_get_prefix_route() to remove peer addr
+ * KEYS: special dot prefixed keyring name bug fix
+ * KEYS: Reinstate EPERM for a key type name beginning with a '.'
+ * KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings
+ (CVE-2016-9604)
+ * KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
+ (CVE-2017-7472)
+
+ [ Salvatore Bonaccorso ]
+ * sunrpc: fix refcounting problems with auth_gss messages.
+ Thanks to Raphael Geissert <geissert at debian.org> (Closes: #852708)
+
+ -- Ben Hutchings <ben at decadent.org.uk> Sat, 22 Apr 2017 03:50:23 +0100
+
+ linux (3.16.39-1+deb8u2) jessie-security; urgency=high
+
+ [ Salvatore Bonaccorso ]
+ * ipc/shm: Fix shmat mmap nil-page protection (CVE-2017-5669)
+ * sctp: avoid BUG_ON on sctp_wait_for_sndbuf (CVE-2017-5986)
+ * sctp: deny peeloff operation on asocs with threads sleeping on it
+ (CVE-2017-6353)
+ * tcp: avoid infinite loop in tcp_splice_read() (CVE-2017-6214)
+ * net/sock: Add sock_efree() function
+ * net/llc: avoid BUG_ON() in skb_orphan() (CVE-2017-6345)
+ * packet: fix races in fanout_add() (CVE-2017-6346)
+ * TTY: n_hdlc, fix lockdep false positive
+ * tty: n_hdlc: get rid of racy n_hdlc.tbuf (CVE-2017-2636)
+
+ [ Ben Hutchings ]
+ * [x86] kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF)
+ (CVE-2016-9588)
+ * irda: Fix locking in hashbin_delete() (CVE-2017-6348)
+
+ -- Ben Hutchings <ben at decadent.org.uk> Tue, 07 Mar 2017 20:13:56 +0000
+
+linux (3.16.39-1+deb8u1~bpo70+1) wheezy-backports; urgency=medium
+
+ * Rebuild for wheezy:
+ - Disable architectures that weren't part of wheezy
+ - Use gcc-4.6 for all architectures
+ - Change ABI number to 0.bpo.4
+ - [arm] btrfs: Work around bug in gcc-4.6 (fixes FTBFS)
+ - linux-image: Depend on initramfs-tools without any alternatives, so
+ that neither apt nor aptitude will automatically switch to dracut
+
+ -- Ben Hutchings <ben at decadent.org.uk> Fri, 24 Feb 2017 16:38:59 +0000
+
linux (3.16.39-1+deb8u1) jessie-security; urgency=high
[ Salvatore Bonaccorso ]
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list