• Ben Hutchings's avatar
    Import Debian changes 4.9.13-1 · 5605e273
    Ben Hutchings authored and Lorenzo "Palinuro" Faletra's avatar Lorenzo "Palinuro" Faletra committed
    linux (4.9.13-1) unstable; urgency=medium
      * New upstream stable update:
        - can: Fix kernel panic at security_sock_rcv_skb
        - net/mlx5e: Fix update of hash function/key via ethtool
        - net/sched: matchall: Fix configuration race
        - ipv6: fix ip6_tnl_parse_tlv_enc_lim()
        - ipv6: pointer math error in ip6_tnl_parse_tlv_enc_lim()
        - tcp: fix 0 divide in __tcp_select_window()
        - stmmac: Discard masked flags in interrupt status register
        - net: use a work queue to defer net_disable_timestamp() work
        - netlabel: out of bound access in cipso_v4_validate()
        - ip6_gre: fix ip6gre_err() invalid reads (CVE-2017-5897)
        - ipv6: tcp: add a missing tcp_v6_restore_cb()
        - tcp: avoid infinite loop in tcp_splice_read() (CVE-2017-6214)
        - tun: read vnet_hdr_sz once
        - macvtap: read vnet_hdr_size once
        - rtl8150: Use heap buffers for all register access
        - catc: Combine failure cleanup code in catc_probe()
        - catc: Use heap buffer for memory size test
        - mlx4: Invoke softirqs after napi_reschedule
        - lwtunnel: valid encap attr check should return 0 when lwtunnel
          is disabled
        - sit: fix a double free on error path
        - net: introduce device min_header_len
        - packet: round up linear to header len
        - ping: fix a null pointer dereference
        - net: dsa: Do not destroy invalid network devices
        - l2tp: do not use udp_ioctl()
        - mld: do not remove mld souce list info when set link down
        - igmp, mld: Fix memory leak in igmpv3/mld_del_delrec()
        - tcp: fix mark propagation with fwmark_reflect enabled
        - net/mlx5: Don't unlock fte while still using it
        - tcp: don't annotate mark on control socket from
        - [x86] fpu/xstate: Fix xcomp_bv in XSAVES header
        - vfs: fix uninitialized flags in splice_to_pipe()
        - siano: make it work again with CONFIG_VMAP_STACK
        - fuse: fix use after free issue in fuse_dev_do_read()
        - fuse: fix uninitialized flags in pipe_buffer
        - mmc: core: fix multi-bit bus width without high-speed mode
        - [powerpc*/*64*] Disable use of radix under a hypervisor
        - scsi: don't BUG_ON() empty DMA transfers
        - Fix missing sanity check in /dev/sg
        - [x86] Input: elan_i2c - add ELAN0605 to the ACPI table
        - drm/radeon: Use mode h/vdisplay fields to hide out of bounds HW cursor
        - drm/dp/mst: fix kernel oops when turning off secondary monitor
        - futex: Move futex_init() to core_initcall
        - [armel,armhf] 8658/1: uaccess: fix zeroing of 64-bit get_user()
        - Revert "i2c: designware: detect when dynamic tar update is possible"
        - PCI/PME: Restore pcie_pme_driver.remove
        - printk: use rcuidle console tracepoint
        - timekeeping: Use deferred printk() in debug code
        - bcache: Make gc wakeup sane, remove set_task_state()
        - videodev2.h: go back to limited range Y'CbCr for SRGB and, ADOBERGB
        - net/mlx5e: Disable preemption when doing TC statistics upcall
        - net/llc: avoid BUG_ON() in skb_orphan() (CVE-2017-6345)
        - net: ethernet: ti: cpsw: fix cpsw assignment in resume
          (regression in 4.9)
        - packet: fix races in fanout_add() (CVE-2017-6346)
        - packet: Do not call fanout_release from atomic contexts
          (regression in 4.9)
        - net: neigh: Fix netevent NETEVENT_DELAY_PROBE_TIME_UPDATE notification
        - dccp: fix freeing skb too early for IPV6_RECVPKTINFO (CVE-2017-6074)
        - vxlan: fix oops in dev_fill_metadata_dst (regression in 4.6)
        - irda: Fix lockdep annotations in hashbin_delete(). (CVE-2017-6348)
        - ptr_ring: fix race conditions when resizing
        - ip: fix IP_CHECKSUM handling (regression in 4.0) (CVE-2017-6347)
        - net: socket: fix recvmmsg not returning error from sock_error
          (regression in 4.6)
        - USB: serial: mos7840: fix another NULL-deref at open
        - USB: serial: ftdi_sio: fix modem-status error handling
        - USB: serial: ftdi_sio: fix extreme low-latency setting
        - USB: serial: ftdi_sio: fix line-status over-reporting
        - USB: serial: spcp8x5: fix modem-status handling
        - USB: serial: opticon: fix CTS retrieval at open
        - USB: serial: ark3116: fix register-accessor error handling
        - netfilter: nf_ct_helper: warn when not applying default helper assignment
        - block: fix double-free in the failure path of cgwb_bdi_init()
        - rtlwifi: rtl_usb: Fix for URB leaking when doing ifconfig up/down
        - xfs: clear delalloc and cache on buffered write failure
      [ Ben Hutchings ]
      * [armel] dts: kirkwood: Fix SATA pinmux-ing for TS419 (Closes: #855017)
      * [armhf] Enable DRM_OMAP_PANEL_TPO_TD028TTEC1, PWM_OMAP_DMTIMER as modules
        (Closes: #855472)
      * net: Ignore ABI changes to can_rx_register(), ip6_xmit()
      * net: Avoid ABI change for min_header_len
      * udeb: Add more USB host and dual-role drivers to usb-modules
        (Closes: #856111)
      * [x86] kvm: fix page struct leak in handle_vmon (CVE-2017-2596)
      * ipc/shm: Fix shmat mmap nil-page protection (CVE-2017-5669)
      * time: Disable TIMER_STATS (CVE-2017-5967)
      * sctp: deny peeloff operation on asocs with threads sleeping on it
      * [rt] Update to 4.9.13-rt10:
        - sched/rt: Add a missing rescheduling point
        - lockdep: Handle statically initialized PER_CPU locks proper
        - Change export of rt_mutex_destroy() back to GPL-only
    linux (4.9.10-1) unstable; urgency=medium
      * New upstream stable update:
        - drm: Schedule the output_poll_work with 1s delay if we have delayed event
        - drm: Fix broken VT switch with video=1366x768 option
        - [x86] drm/i915: Ignore bogus plane coordinates on SKL when the plane is
          not visible
        - [armhf,arm64] drm/vc4: Fix memory leak of the CRTC state.
        - [armhf,arm64] drm/vc4: fix a bounds check
        - Revert "drm/radeon: always apply pci shutdown callbacks"
        - drm/atomic: clear out fence when duplicating state
        - mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp
        - mm/mempolicy.c: do not put mempolicy before using its nodemask
        - mm, page_alloc: fix check for NULL preferred_zone
        - mm, page_alloc: fix fast-path race with cpuset update or removal
        - mm, page_alloc: move cpuset seqcount checking to slowpath
        - mm, page_alloc: fix premature OOM when racing with cpuset mems update
        - userns: Make ucounts lock irq-safe
        - sysctl: fix proc_doulongvec_ms_jiffies_minmax()
        - xfs: prevent quotacheck from overloading inode lru
        - ISDN: eicon: silence misleading array-bounds warning
        - Btrfs: remove old tree_root case in btrfs_read_locked_inode()
        - Btrfs: disable xattr operations on subvolume directories
        - Btrfs: remove ->{get, set}_acl() from btrfs_dir_ro_inode_operations
        - RDMA/cma: Fix unknown symbol when CONFIG_IPV6 is not enabled
        - [s390x] mm: Fix cmma unused transfer from pgste into pte
        - [s390x] ptrace: Preserve previous registers for short regset write
        - IB/cxgb3: fix misspelling in header guard
        - IB/iser: Fix sg_tablesize calculation
        - IB/srp: fix mr allocation when the device supports sg gaps
        - IB/srp: fix invalid indirect_sg_entries parameter value
        - can: c_can_pci: fix null-pointer-deref in c_can_start() - set device
        - can: ti_hecc: add missing prepare and unprepare of the clock
        - [hppa] Don't use BITS_PER_LONG in userspace-exported swab.h header
        - nfs: Don't increment lock sequence ID after NFS4ERR_MOVED
        - NFSv4.1: Fix a deadlock in layoutget
        - NFSv4.0: always send mode in SETATTR after EXCLUSIVE4
        - SUNRPC: cleanup ida information when removing sunrpc module
        - iw_cxgb4: free EQ queue memory on last deref
        - pctv452e: move buffer to heap, no mutex
        - v4l: tvp5150: Reset device at probe time, not in get/set format handlers
        - v4l: tvp5150: Fix comment regarding output pin muxing
        - v4l: tvp5150: Don't override output pinmuxing at stream on/off time
        - [x86] drm/i915: Clear ret before unbinding in i915_gem_evict_something()
        - [x86] drm/i915: prevent crash with .disable_display parameter
        - [x86] drm/i915: Don't leak edid in intel_crt_detect_ddc()
        - [x86] drm/i915: Don't init hpd polling for vlv and chv from
        - [x86] drm/i915: Fix calculation of rotated x and y offsets for planar
        - [x86] drm/i915: Check for NULL atomic state in
        - IB/umem: Release pid in error and ODP flow
        - [x86] pinctrl: baytrail: Rectify debounce support
        - memory_hotplug: make zone_can_shift() return a boolean value
        - virtio_mmio: Set DMA masks appropriately
        - mm, memcg: do not retry precharge charges
        - perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race
        - [x86] drm/i915: Remove WaDisableLSQCROPERFforOCL KBL workaround.
        - r8152: fix the sw rx checksum is unavailable
        - [x86] netvsc: add rcu_read locking to netvsc callback
        - net: lwtunnel: Handle lwtunnel_fill_encap failure
        - net: ipv4: fix table id in getroute response
        - tcp: fix tcp_fastopen unaligned access complaints on sparc
        - openvswitch: maintain correct checksum state in conntrack actions
        - mlx4: do not call napi_schedule() without care
        - ip6_tunnel: Account for tunnel header in tunnel MTU
        - ax25: Fix segfault after sock connection timeout
        - net sched actions: fix refcnt when GETing of action after bind
        - virtio: don't set VIRTIO_NET_HDR_F_DATA_VALID on xmit
        - virtio-net: restore VIRTIO_HDR_F_DATA_VALID on receiving
        - vxlan: fix byte order of vxlan-gpe port number
        - net: fix harmonize_features() vs NETIF_F_HIGHDMA
        - lwtunnel: fix autoload of lwt modules
        - ipv6: addrconf: Avoid addrconf_disable_change() using RCU read-side lock
        - tcp: initialize max window for a new fastopen socket
        - net/mlx5e: Do not recycle pages from emergency reserve
        - bridge: netlink: call br_changelink() during br_dev_newlink()
        - net: mpls: Fix multipath selection for LSR use case
        - r8152: don't execute runtime suspend if the tx is not empty
        - af_unix: move unix_mknod() out of bindlock
        - net: Specify the owning module for lwtunnel ops
        - lwtunnel: Fix oops on state free after encap module unload
        - [armhf] net: dsa: Bring back device detaching in dsa_slave_suspend()
        - xfs: bump up reserved blocks in xfs_alloc_set_aside
        - xfs: fix bogus minleft manipulations
        - xfs: adjust allocation length in xfs_alloc_space_available
        - xfs: don't rely on ->total in xfs_alloc_space_available
        - xfs: don't print warnings when xfs_log_force fails
        - xfs: make the ASSERT() condition likely
        - xfs: sanity check directory inode di_size
        - xfs: add missing include dependencies to xfs_dir2.h
        - xfs: replace xfs_mode_to_ftype table with switch statement
        - xfs: sanity check inode mode when creating new dentry
        - xfs: sanity check inode di_mode
        - xfs: don't wrap ID in xfs_dq_get_next_id
        - xfs: fix xfs_mode_to_ftype() prototype
        - xfs: fix COW writeback race
        - xfs: verify dirblocklog correctly
        - xfs: remove racy hasattr check from attr ops
        - xfs: extsize hints are not unlikely in xfs_bmap_btalloc
        - xfs: clear _XBF_PAGES from buffers when readahead page
        - xfs: fix bmv_count confusion w/ shared extents
        - PCI/ASPM: Handle PCI-to-PCIe bridges as roots of PCIe hierarchies
        - ext4: validate s_first_meta_bg at mount time (CVE-2016-10208)
        - [x86] efi: Always map the first physical page into the EFI pagetables
        - [arm64] efi/fdt: Avoid FDT manipulation after ExitBootServices()
          (Closes: #853170)
        - HID: cp2112: fix sleep-while-atomic
        - HID: cp2112: fix gpio-callback error handling
        - [x86] pinctrl: baytrail: Add missing spinlock usage in
        - [x86] drm/amdgpu/si: fix crash on headless asics
        - drm/nouveau/disp/gt215: Fix HDA ELD handling (thus, HDMI audio) on gt215
        - drm/nouveau/nv1a,nv1f/disp: fix memory clock rate retrieval
        - crypto: api - Clear CRYPTO_ALG_DEAD bit before registering an alg
        - crypto: arm64/aes-blk - honour iv_out requirement in CBC and CTR modes
        - perf/core: Fix use-after-free bug
        - perf/core: Fix PERF_RECORD_MMAP2 prot/flags for anonymous memory
        - ata: sata_mv:- Handle return value of devm_ioremap.
        - libata: apply MAX_SEC_1024 to all CX1-JB*-HP devices
        - libata: Fix ATA request sense
        - [powerpc*] eeh: Fix wrong flag passed to eeh_unfreeze_pe()
        - [powerpc*] Add missing error check to prom_find_boot_cpu()
        - [powerpc*] mm: Use the correct pointer when setting a 2MB pte
        - NFSD: Fix a null reference case in find_or_create_lock_stateid()
        - svcrpc: fix oops in absence of krb5 module
        - zswap: disable changing params if init fails
        - cifs: initialize file_info_lock
        - mm/memory_hotplug.c: check start_pfn in test_pages_in_a_zone()
        - base/memory, hotplug: fix a kernel oops in show_valid_zones()
        - mm, fs: check for fatal signals in do_generic_file_read()
        - tracing: Fix hwlat kthread migration
        - can: bcm: fix hrtimer/tasklet termination in bcm op removal
        - cgroup: don't online subsystems before cgroup_name/path() are operational
        - mmc: sdhci: Ignore unexpected CARD_INT interrupts
        - vhost: fix initialization for vq->is_le
        - [armhf] regulator: axp20x: AXP806: Fix dcdcb being set instead of dcdce
        - percpu-refcount: fix reference leak during percpu-atomic transition
        - [x86] pinctrl: baytrail: Debounce register is one per community
        - [x86] pinctrl: intel: merrifield: Add missed check in mrfld_config_set()
        - iwlwifi: fix double hyphen in MODULE_FIRMWARE for 8000
        - iwlwifi: mvm: avoid crash on restart w/o reserved queues
        - HID: usbhid: Quirk a AMI virtual mouse and keyboard with ALWAYS_POLL
        - HID: hid-lg: Fix immediate disconnection of Logitech Rumblepad 2
        - HID: wacom: Fix poor prox handling in 'wacom_pl_irq'
        - [x86] perf/intel/uncore: Clean up hotplug conversion fallout
        - [armhf] dmaengine: cppi41: Fix runtime PM timeouts with USB mass storage
        - [armhf] dmaengine: cppi41: Fix oops in cppi41_runtime_resume
        - [x86] KVM: do not save guest-unsupported XSAVE state
        - USB: Add quirk for WORLDE easykey.25 MIDI keyboard
        - usb: musb: Fix host mode error -71 regression
        - usb: gadget: f_fs: Assorted buffer overflow checks.
        - irqdomain: Avoid activating interrupts more than once
        - [x86] irq: Make irq activate operations symmetric
        - iw_cxgb4: set correct FetchBurstMax for QPs
        - fs: break out of iomap_file_buffered_write on fatal signals
        - [x86] drm/i915/execlists: Reset RING registers upon resume
          (Closes: #855055)
        - [x86] cpufreq: intel_pstate: Disable energy efficiency optimization
        - acpi, nfit: fix acpi_nfit_flush_probe() crash
        - [x86] libnvdimm, namespace: do not delete namespace-id 0
        - [x86] libnvdimm, pfn: fix memmap reservation size versus 4K alignment
        - dm rq: cope with DM device destruction while in dm_old_request_fn()
        - crypto: algif_aead - Fix kernel panic on list_del
        - [x86] crypto: qat - fix bar discovery for c62x
        - [x86] crypto: qat - zero esram only for DH85x devices
        - [x86] crypto: ccp - Fix DMA operations when IOMMU is enabled
        - [x86] crypto: ccp - Fix double add when creating new DMA command
        - Input: uinput - fix crash when mixing old and new init style
        - selinux: fix off-by-one in setprocattr (CVE-2017-2618)
        - [x86] Revert "x86/ioapic: Restore IO-APIC irq_chip retrigger callback"
        - rtlwifi: rtl8192ce: Fix loading of incorrect firmware (Closes: #853073)
        - cpumask: use nr_cpumask_bits for parsing functions (Closes: #848682)
        - [armel,armhf] 8643/3: arm/ptrace: Preserve previous registers for short
          regset write
        - [x86] drm/i915: fix use-after-free in page_flip_completed()
        - [x86] drm/i915/bxt: Add MST support when do DPLL calculation
        - drm/atomic: Fix double free in drm_atomic_state_default_clear
        - target: Don't BUG_ON during NodeACL dynamic -> explicit conversion
        - target: Use correct SCSI status during EXTENDED_COPY exception
        - target: Fix early transport_generic_handle_tmr abort scenario
        - target: Fix multi-session dynamic se_node_acl double free OOPs
        - target: Fix COMPARE_AND_WRITE ref leak for non GOOD status
        - [armhf] dts: imx6dl: fix GPIO4 range
        - [armhf] 8642/1: LPAE: catch pending imprecise abort on unmask
        - [x86] drm/i915: Always convert incoming exec offsets to non-canonical
        - nl80211: Fix mesh HT operation check
        - mac80211: Fix adding of mesh vendor IEs
        - net/mlx5e: Modify TIRs hash only when it's needed
        - [x86] Drivers: hv: vmbus: Base host signaling strictly on the ring state
        - [x86] Drivers: hv: vmbus: On write cleanup the logic to interrupt the host
        - [x86] Drivers: hv: vmbus: On the read path cleanup the logic to interrupt
          the host
        - [x86] Drivers: hv: vmbus: finally fix hv_need_to_signal_on_read()
        - [s390x] scsi: zfcp: fix use-after-free by not tracing WKA port open/close
          on failed send
        - scsi: aacraid: Fix INTx/MSI-x issue with older controllers
        - scsi: mpt3sas: disable ASPM for MPI2 controllers
        - scsi: qla2xxx: Avoid that issuing a LIP triggers a kernel crash
        - btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls
        - [powerpc*] mm/radix: Update ERAT flushes when invalidating TLB
        - [powerpc*] powernv: Fix CPU hotplug to handle waking on HVI
        - xen-netfront: Delete rx_refill_timer in xennet_disconnect_backend()
        - ALSA: hda - adding a new NV HDMI/DP codec ID in the driver
        - ALSA: seq: Fix race at creating a queue
        - ALSA: seq: Don't handle loop timeout at snd_seq_pool_done()
        - Revert "ALSA: line6: Only determine control port properties if needed"
        - [x86] mm/ptdump: Fix soft lockup in page table walker
        - [x86] CPU/AMD: Bring back Compute Unit ID
        - [x86] CPU/AMD: Fix Zen SMT topology
        - IB/rxe: Fix resid update
        - IB/rxe: Fix mem_check_range integer overflow (CVE-2016-8636)
        - stacktrace, lockdep: Fix address, newline ugliness
        - perf diff: Fix -o/--order option behavior (again)
        - perf diff: Fix segfault on 'perf diff -o N' option
        - perf/core: Fix crash in perf_event_read()
      [ Ben Hutchings ]
      * Bump ABI to 2
      * [or1k] Remove configuration, as the port has been abandoned
      * [arm64] Enable KEXEC (Closes: #852747)
      * [arm64,armhf,x86] usb: gadget: Enable USB_CONFIGFS, USB_ETH, USB_GADGETFS,
        USB_FUNCTIONFS, USB_G_SERIAL as modules;
        USB_FUNCTIONFS_{ETH,RNDIS,GENERIC} (thanks to Riku Voipio)
      * [ppc64el] Disable IBMEBUS; this bus does not exist on POWER8 systems
      * aufs: Update support patchset to aufs4.9-20170206
      * [rt] Update to 4.9.9-rt6:
        - Revert "btrfs: swap free() and trace point in run_ordered_work()"
        - pinctrl: qcom: Use raw spinlock variants
        - x86/mm/cpa: avoid wbinvd() for PREEMPT
        - Revert "radix-tree: Make RT aware"
        - radix-tree: use local locks
        - softirq: wake the timer softirq if needed
        - timers: Don't wake ktimersoftd on every tick
        - rt: Drop mutex_disable() on !DEBUG configs and the GPL suffix from export
        - cpuset: Convert callback_lock to raw_spinlock_t
      * pegasus: Use heap buffers for all register access (Closes: #852556)
      * test-patches: Use the pkg.linux.notools build profile
      * test-patches: Set default number of jobs to number of available processors
      * dccp: Disable auto-loading as mitigation against local exploits
      * net: ipv6: check route protocol when deleting routes (Closes: #855153)
      * [arm64] drm: Enable DRM_AST as module (Closes: #820168)
        - udeb: Add ast to fb-modules
      * [armel/marvell] hwmon: Enable SENSORS_G762 as module (Closes: #854662)
      * [m68k] Change MAC8390, MAC_SCSI from built-in to modules (Closes: #826614)
        - udeb: Add mac8390 to nic-shared-modules
      * udeb: Add bcache to md-modules (Closes: #718548)
      * [x86] platform: acer-wmi: setup accelerometer when machine has appropriate
        notify event (Closes: #853067)
      * [x86] xen: Fix APIC id mismatch warning on Intel (Closes: #853193)
      * media: dvb-usb-dibusb-mc-common: Add MODULE_LICENSE (Closes: #853110)
      [ Roger Shimizu ]
      * [armel] ARM: dts: orion5x-lschl: Fix model name
      * [armel] ARM: dts: orion5x-lschl: More consistent naming on linkstation
      * [armel] ARM: orion5x: fix Makefile for linkstation-lschl.dtb
      [ Salvatore Bonaccorso ]
      * ipv4: keep skb->dst around in presence of IP options (CVE-2017-5970)
      * sctp: avoid BUG_ON on sctp_wait_for_sndbuf (CVE-2017-5986)