Monitoring Avril 2019

monitoring@federez.net

4 participants
32 discussions

17 Debian package update(s) for nonagon.federez.net

par club-federez＠crans.org

apticron report [Tue, 30 Apr 2019 18:49:14 +0200] ======================================================================== apticron has detected that some packages need upgrading on: nonagon.federez.net [ 185.230.78.42 2a0c:700:0:23:67:e5ff:fee9:3 ] The following packages are currently pending an upgrade: base-files 9.9+deb9u9 libjs-jquery 3.1.1-2+deb9u1 libmariadbclient18 10.1.38-0+deb9u1 libpng16-16 1.6.28-1+deb9u1 linux-libc-dev 4.9.168-1 mariadb-client-10.1 10.1.38-0+deb9u1 mariadb-client-core-10.1 10.1.38-0+deb9u1 mariadb-common 10.1.38-0+deb9u1 postfix 3.1.12-0+deb9u1 postfix-sqlite 3.1.12-0+deb9u1 publicsuffix 20190415.1030-0+deb9u1 python3-cryptography 1.7.1-3+deb9u1 python-cryptography 1.7.1-3+deb9u1 python-pip 9.0.1-2+deb9u1 python-pip-whl 9.0.1-2+deb9u1 rsync 3.1.2-1+deb9u2 unzip 6.0-21+deb9u1 ======================================================================== Package Details: apt-listchanges : Lecture des fichiers de modifications (« changelog »)... apt-listchanges : journaux des modifications (« changelogs ») ------------------------------------------------------------- --- Modifications pour libpng1.6 (libpng16-16) --- libpng1.6 (1.6.28-1+deb9u1) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * Call png_image_free_function without guarding it with png_safe_execute (CVE-2019-7317) (Closes: #921355) -- Salvatore Bonaccorso <carnil(a)debian.org> Thu, 18 Apr 2019 22:12:35 +0200 --- Modifications pour base-files --- base-files (9.9+deb9u9) stretch; urgency=medium * Change /etc/debian_version to 9.9, for Debian 9.9 point release. -- Santiago Vila <sanvila(a)debian.org> Thu, 28 Mar 2019 10:12:44 +0100 --- Modifications pour jquery (libjs-jquery) --- jquery (3.1.1-2+deb9u1) stretch; urgency=medium * Team upload * Add patch to prevent Object.prototype pollution (Closes: #927385, CVE-2019-11358) * Disable check-against-upstream-build test (autopkgtest) since file is now patched -- Xavier Guimard <yadd(a)debian.org> Thu, 18 Apr 2019 22:57:29 +0200 --- Modifications pour linux (linux-libc-dev) --- linux (4.9.168-1) stretch; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.162 - Revert "loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()" - Revert "loop: Get rid of loop_index_mutex" - Revert "loop: Fold __loop_release into loop_release" - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached - [arm64] drm/msm: Unblock writer if reader closes file - [x86] ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field - [x86] ALSA: compress: prevent potential divide by zero bugs - [x86] thermal: int340x_thermal: Fix a NULL vs IS_ERR() check - [arm64,armhf] usb: dwc3: gadget: synchronize_irq dwc irq in suspend - [arm64,armhf] usb: dwc3: gadget: Fix the uninitialized link_state when udc starts - usb: gadget: Potential NULL dereference on allocation error - ASoC: dapm: change snprintf to scnprintf for possible overflow - [armhf] ASoC: imx-audmux: change snprintf to scnprintf for possible overflow - [x86] drivers: thermal: int340x_thermal: Fix sysfs race condition - mac80211: fix miscounting of ttl-dropped frames - locking/rwsem: Fix (possible) missed wakeup - direct-io: allow direct writes to empty inodes - scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state() - net: usb: asix: ax88772_bind return error when hw_reset fail - [ppc64el] ibmveth: Do not process frames after calling napi_reschedule - mac80211: don't initiate TDLS connection if station is not associated to AP - mac80211: Add attribute aligned(2) to struct 'action' - cfg80211: extend range deviation for DMG - [x86] svm: Fix AVIC incomplete IPI emulation - [x86] KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1 - [powerpc*] Always initialize input array when calling epapr_hypercall() - [arm64] mmc: spi: Fix card detection during probe - mm: enforce min addr even if capable() in expand_downwards() (CVE-2019-9213) - [x86] uaccess: Don't leak the AC flag into __put_user() value evaluation https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.163 - USB: serial: option: add Telit ME910 ECM composition - USB: serial: cp210x: add ID for Ingenico 3070 - USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 - cpufreq: Use struct kobj_attribute instead of struct global_attr - ncpfs: fix build warning of strncpy - [x86] staging: comedi: ni_660x: fix missing break in switch statement - ip6mr: Do not call __IP6_INC_STATS() from preemptible context - net-sysfs: Fix mem leak in netdev_register_kobject - sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79 - team: Free BPF filter when unregistering netdev - bnxt_en: Drop oversize TX packets to prevent errors. - [x86] hv_netvsc: Fix IP header checksum for coalesced packets - [armhf] net: dsa: mv88e6xxx: Fix u64 statistics - net: netem: fix skb length BUG_ON in __skb_to_sgvec - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails - net: sit: fix memory leak in sit_init_net() - xen-netback: don't populate the hash cache on XenBus disconnect - xen-netback: fix occasional leak of grant ref mappings under memory pressure - net: Add __icmp_send helper. - tun: fix blocking read - tun: remove unnecessary memory barrier - net: phy: Micrel KSZ8061: link failure after cable connect - [x86] CPU/AMD: Set the CPB bit unconditionally on F17h - applicom: Fix potential Spectre v1 vulnerabilities - [mips*] irq: Allocate accurate order pages for irq stack - hugetlbfs: fix races and page leaks during migration - exec: Fix mem leak in kernel_read_file (CVE-2019-8980) - media: uvcvideo: Fix 'type' check leading to overflow - vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel - perf core: Fix perf_proc_update_handler() bug - perf tools: Handle TOPOLOGY headers with no CPU - IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM - [amd64] iommu/amd: Call free_iova_fast with pfn in map_sg - [amd64] iommu/amd: Unmap all mapped pages in error path of map_sg - ipvs: Fix signed integer overflow when setsockopt timeout - [amd64] iommu/amd: Fix IOMMU page flush when detach device from a domain - [arm64] net: hns: Fix for missing of_node_put() after of_parse_phandle() - [arm64] net: hns: Fix wrong read accesses via Clause 45 MDIO protocol - [armhf] net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup() - nfs: Fix NULL pointer dereference of dev_name - qed: Fix VF probe failure while FLR - scsi: libfc: free skb when receiving invalid flogi resp - [x86] platform: Fix unmet dependency warning for SAMSUNG_Q10 - cifs: fix computation for MAX_SMB2_HDR_SIZE - [arm64] kprobe: Always blacklist the KVM world-switch code - [x86] kexec: Don't setup EFI info if EFI runtime is not enabled - mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone - mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone - fs/drop_caches.c: avoid softlockups in drop_pagecache_sb() - autofs: drop dentry reference only when it is never used - autofs: fix error return in autofs_fill_super() - vsock/virtio: fix kernel panic after device hot-unplug - vsock/virtio: reset connected sockets on device removal - netfilter: nf_nat: skip nat clash resolution for same-origin entries - [s390x] qeth: fix use-after-free in error path - perf symbols: Filter out hidden symbols from labels - [mips*] Remove function size check in get_frame_info() - fs: ratelimit __find_get_block_slow() failure message. - Input: wacom_serial4 - add support for Wacom ArtPad II tablet - Input: elan_i2c - add id for touchpad found in Lenovo s21e-20 - [x86] iscsi_ibft: Fix missing break in switch statement - scsi: aacraid: Fix missing break in switch statement - futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock() - [armhf] dts: exynos: Fix pinctrl definition for eMMC RTSN line on Odroid X2/U3 - drm: disable uncached DMA optimization for ARM and arm64 - [armhf] dts: exynos: Do not ignore real-world fuse values for thermal zone 0 on Exynos5420 - [x86] perf/x86/intel: Make cpuc allocations consistent - [x86] perf/x86/intel: Generalize dynamic constraint creation - [x86] Add TSX Force Abort CPUID/MSR https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.164 - ACPICA: Reference Counts: increase max to 0x4000 for large servers - KEYS: restrict /proc/keys by credentials at open time - l2tp: fix infoleak in l2tp_ip6_recvmsg() - net: sit: fix UBSAN Undefined behaviour in check_6rd - pptp: dst_release sk_dst_cache in pptp_sock_destruct - route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race - tcp: handle inet_csk_reqsk_queue_add() failures - vxlan: test dev->flags & IFF_UP before calling gro_cells_receive() - net/mlx4_core: Fix reset flow when in command polling mode - net/mlx4_core: Fix locking in SRIOV mode when switching between events and polling - net/mlx4_core: Fix qp mtt size calculation - mdio_bus: Fix use-after-free on device_register fails - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 - af_unix: missing barriers in some of unix_sock ->addr and ->path accesses - ipvlan: disallow userns cap_net_admin to change global mode/flags - vxlan: Fix GRO cells race condition between receive and link delete - rxrpc: Fix client call queueing, waiting for channel - gro_cells: make sure device is up in gro_cells_receive() - tcp/dccp: remove reqsk_put() from inet_child_forget() - [x86] perf: Fixup typo in stub functions - ALSA: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56 - md: It's wrong to add len to sector_nr in raid10 reshape twice - of: Support const and non-const use for to_of_node() - vhost/vsock: fix vhost vsock cid hashing inconsistent https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.165 - media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused() - 9p: use inode->i_lock to protect i_size_write() under 32-bit - 9p/net: fix memory leak in p9_client_create - [armhf] iio: adc: exynos-adc: Fix NULL pointer exception on unbind - crypto: ahash - fix another early termination in hash walk - [armhf] gpu: ipu-v3: Fix i.MX51 CSI control registers offset - [armhf] gpu: ipu-v3: Fix CSI offsets for imx53 - [s390x] dasd: fix using offset into zero size array error - [armhf] OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized - floppy: check_events callback should not return a negative number - mm/gup: fix gup_pmd_range() for dax - mm: page_alloc: fix ref bias in page_frag_alloc() for 1-byte allocs - [arm64] net: hns: Fix object reference leaks in hns_dsaf_roce_reset() - [armhf] clk: sunxi: A31: Fix wrong AHB gate number - assoc_array: Fix shortcut creation - scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task - [arm64] pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins - qmi_wwan: apply SET_DTR quirk to Sierra WP7607 - [armel] net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe() - [x86] ASoC: topology: free created components in tplg load error - [arm64] Relax GIC version check during early boot - [armhf] net: marvell: mvneta: fix DMA debug warning - tmpfs: fix link accounting when a tmpfile is linked in - mac80211_hwsim: propagate genlmsg_reply return code - [arm64] net: thunderx: make CFG_DONE message to run through generic send-ack sequence - nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K - nfp: bpf: fix ALU32 high bits clearance bug - net: set static variable an initial value in atl2_probe() - tmpfs: fix uninitialized return value in shmem_link - [x86] libnvdimm/label: Clear 'updating' flag after label-set update - [x86] libnvdimm/pmem: Honor force_raw for legacy pmem regions - [amd64] libnvdimm: Fix altmap reservation size calculation - crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails - [arm64] crypto: aes-ccm - fix logical bug in AAD MAC handling - CIFS: Do not reset lease state to NONE on lease break - CIFS: Fix read after write for files with read caching - tracing: Do not free iter->trace in fail path of tracing_open_pipe() - [amd64,arm64,i386] ACPI / device_sysfs: Avoid OF modalias creation for removed device - [armhf] spi: ti-qspi: Fix mmap read when more than one CS in use - [armhf] regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 - [armhf] regulator: s2mpa01: Fix step values for some LDOs - [armhf] clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR - [armhf] clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown - [s390x] virtio: handle find on invalid queue gracefully - scsi: virtio_scsi: don't send sc payload with tmfs - scsi: sd: Optimal I/O size should be a multiple of physical block size - scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock - fs/devpts: always delete dcache dentry-s in dput() - splice: don't merge into linked buffers - btrfs: ensure that a DUP or RAID1 block group has exactly two stripes - crypto: pcbc - remove bogus memcpy()s with src == dest - libertas_tf: don't set URB_ZERO_PACKET on IN USB transfer - [arm64,armhf] cpufreq: tegra124: add missing of_node_put() - ext4: fix crash during online resizing - [armhf] clk: clk-twl6040: Fix imprecise external abort for pdmclk - [x86] nfit: acpi_nfit_ctl(): Check out_obj->type in the right place - mm: hwpoison: fix thp split handing in soft_offline_in_use_page() (CVE-2019-10124) - mm/vmalloc: fix size check for remap_vmalloc_range_partial() - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv - device property: Fix the length used in PROPERTY_ENTRY_STRING() - [x86] intel_th: Don't reference unassigned outputs - parport_pc: fix find_superio io compare code, should use equal test. - [arm64,armhf] i2c: tegra: fix maximum transfer size - [x86] drm/i915: Relax mmap VMA check - [arm64] serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO - serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart - 8250: FIX Fourth port offset of Pericom PI7C9X7954 boards - serial: 8250_pci: Fix number of ports for ACCES serial cards - serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() - jbd2: clear dirty flag when revoking a buffer from an older transaction - jbd2: fix compile warning when using JBUFFER_TRACE - [powerpc] Clear on-stack exception marker upon exception return - [ppc64el] powernv: Make opal log only readable by root - [ppc64el] Fix 32-bit KVM-PR lockup and host crash with MacOS guest - [ppc64el] ptrace: Simplify vr_get/set() to avoid GCC warning - dm: fix to_sector() for 32bit - NFS: Fix I/O request leakages - NFS: Fix an I/O request leakage in nfs_do_recoalesce - NFS: Don't recoalesce on error in nfs_pageio_complete_mirror() - nfsd: fix memory corruption caused by readdir - nfsd: fix wrong check in write_v4_end_grace() - PM / wakeup: Rework wakeup source timer cancellation - bcache: never writeback a discard operation - [x86] perf intel-pt: Fix CYC timestamp calculation after OVF - perf auxtrace: Define auxtrace record alignment - [x86] perf intel-pt: Fix overlap calculation for padding - [x86] perf intel-pt: Fix divide by zero when TSC is not available - md: Fix failed allocation of md_register_thread - rcu: Do RCU GP kthread self-wakeup from softirq and interrupt - media: uvcvideo: Avoid NULL pointer dereference at the end of streaming - drm/radeon/evergreen_cs: fix missing break in switch statement - [x86] KVM: nVMX: Sign extend displacements of VMX instr's mem operands - [x86] KVM: nVMX: Ignore limit checks on VMX instructions using flat segments - [x86] KVM: Fix residual mmio emulation request to userspace https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.166 - [x86] drm/vmwgfx: Don't double-free the mode stored in par->set_mode - [amd64] iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE - libceph: wait for latest osdmap in ceph_monc_blacklist_add() - udf: Fix crash on IO error during truncate - [mips*] Ensure ELF appended dtb is relocated - [mips*] Fix kernel crash for R6 in jump label branch function - futex: Ensure that futex address is aligned in handle_futex_death() - objtool: Move objtool_file struct off the stack - ext4: fix NULL pointer dereference while journal is aborted - ext4: fix data corruption caused by unaligned direct AIO - ext4: brelse all indirect buffer in ext4_ind_remove_space() - media: v4l2-ctrls.c/uvc: zero v4l2_event - Bluetooth: Fix decrementing reference count twice in releasing socket - ALSA: hda - Record the current power state before suspend/resume calls - ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec - tcp/dccp: drop SYN packets if accept queue is full - vfs: Hang/soft lockup in d_invalidate with simultaneous calls - [arm64] traps: disable irq in die() - lib/int_sqrt: optimize small argument - scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 - rtc: Fix overflow when converting time64_t to rtc_time - [armhf] pwm-backlight: Enable/disable the PWM before/after LCD enable toggle. - ath10k: avoid possible string overflow https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.167 - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (CVE-2019-3460) - Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer (CVE-2019-3459) - cfg80211: size various nl80211 messages correctly - [arm64,armhf] stmmac: copy unicast mac address to MAC registers - dccp: do not use ipv6 header for ipv4 flow - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec - net: rose: fix a possible stack overflow - packets: Always register packet sk in the same order - tcp: do not use ipv6 header for ipv4 flow - vxlan: Don't call gro_cells_destroy() before device is unregistered - sctp: get sctphdr by offset in sctp_compute_cksum - tun: properly test for IFF_UP - tun: add a missing rcu_read_unlock() in error path - btrfs: remove WARN_ON in log_dir_items - btrfs: raid56: properly unmap parity page in finish_parity_scrub() - [powerpc*] bpf: Fix generation of load/store DW instructions - NFSv4.1 don't free interrupted slot on open - ALSA: rawmidi: Fix potential Spectre v1 vulnerability - ALSA: pcm: Fix possible OOB access in PCM oss plugins - ALSA: pcm: Don't suspend stream in unrecoverable PCM state - fs/open.c: allow opening only regular files during execve() - scsi: sd: Fix a race between closing an sd device and sd I/O - scsi: sd: Quiesce warning if device does not report optimal I/O size - [s390x] scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host - [s390x] scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices - [x86] staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest - USB: serial: cp210x: add new device id - USB: serial: ftdi_sio: add additional NovaTech products - USB: serial: mos7720: fix mos_parport refcount imbalance on error path - USB: serial: option: set driver_info for SIM5218 and compatibles - USB: serial: option: add Olicard 600 - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links - usb: common: Consider only available nodes for dr_mode - [x86] perf intel-pt: Fix TSC slip - cpu/hotplug: Prevent crash when CPU bringup fails on CONFIG_HOTPLUG_CPU=n - KVM: Reject device ioctls from processes other than the VM's creator - [x86] KVM: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts - USB: gadget: f_hid: fix deadlock in f_hidg_write() - xhci: Fix port resume done detection for SS ports with LPM enabled - [arm64] support keyctl() system call in 32-bit mode https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.168 - [arm64] debug: Don't propagate UNKNOWN FAR into si_code for debug signals - ext4: cleanup bh release code in ext4_ind_remove_space() - lib/int_sqrt: optimize initial value compute - mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified - i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA - CIFS: fix POSIX lock leak and invalid ptr deref - tracing: kdb: Fix ftdump to not sleep - [armhf] gpio: gpio-omap: fix level interrupt idling - include/linux/relay.h: fix percpu annotation in struct rchan - sysctl: handle overflow for file-max - [arm64] scsi: hisi_sas: Set PHY linkrate when disconnected - [armhf,ppc64el] mm/cma.c: cma_declare_contiguous: correct err handling - mm/page_ext.c: fix an imbalance with kmemleak - mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512! - mm/slab.c: kmemleak no scan alien caches - ocfs2: fix a panic problem caused by o2cb_ctl - fs/file.c: initialize init_files.resize_wait - cifs: use correct format characters - dm thin: add sanity checks to thin-pool and external snapshot creation - cifs: Fix NULL pointer dereference of devname - jbd2: fix invalid descriptor block checksum - fs: fix guard_bio_eod to check for real EOD errors - wil6210: check null pointer in _wil_cfg80211_merge_extra_ies - [arm64,armhf] usb: chipidea: Grab the (legacy) USB PHY by phandle first - scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c - [armel,armhf] 8840/1: use a raw_spinlock_t in unwind - [armhf] mmc: omap: fix the maximum timeout setting - e1000e: Fix -Wformat-truncation warnings - IB/mlx4: Increase the timeout for CM cache - scsi: megaraid_sas: return error when create DMA pool failed - [armhf] SoC: imx-sgtl5000: add missing put_device() - vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset == -1 - [amd64] HID: intel-ish-hid: avoid binding wrong ishtp_cl_device - [armhf] leds: lp55xx: fix null deref on firmware load failure - iwlwifi: pcie: fix emergency path - [x86] ACPI / video: Refactor and fix dmi_is_desktop() - kprobes: Prohibit probing on bsearch() - ALSA: PCM: check if ops are defined before suspending PCM - usb: f_fs: Avoid crash due to out-of-scope stack ptr access - bcache: fix input overflow to cache set sysfs file io_error_halflife - bcache: fix input overflow to sequential_cutoff - bcache: improve sysfs_strtoul_clamp() - genirq: Avoid summation loops for /proc/stat - iw_cxgb4: fix srqidx leak during connection abort - fbdev: fbmem: fix memory access if logo is bigger than the screen - cdrom: Fix race condition in cdrom_sysctl_register - e1000e: fix cyclic resets at link up with active tx - efi/memattr: Don't bail on zero VA if it equals the region's PA - [arm64] soc: qcom: gsbi: Fix error handling in gsbi_probe() - [armhf] avoid Cortex-A9 livelock on tight dmb loops - tty: increase the default flip buffer limit to 2*640K - [ppc64el] powerpc/pseries: Perform full re-add of CPU for topology update post-migration - hwrng: virtio - Avoid repeated init of completion - [arm64,armhf] soc/tegra: fuse: Fix illegal free of IO base address - [amd64] HID: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit - [x86] hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable - [armhf] dmaengine: imx-dma: fix warning comparison of distinct pointer types - [arm64] dmaengine: qcom_hidma: assign channel cookie correctly - netfilter: physdev: relax br_netfilter dependency - [armhf] regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting - drm/nouveau: Stop using drm_crtc_force_disable - selinux: do not override context on context mounts - [arm64,armhf] wlcore: Fix memory leak in case wl12xx_fetch_firmware failure - [arm64,armhf] dmaengine: tegra: avoid overflow of byte tracking - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers - [x86] ACPI / video: Extend chassis-type detection with a "Lunch Box" check [ Ben Hutchings ] * debian/bin/abiupdate.py: Change default URLs to use https: scheme. * Resolve kernel ABI changes: - Revert "genirq: Avoid summation loops for /proc/stat" - tracing: ring_buffer: Avoid ABI change in 4.9.168 - net: icmp: Avoid ABI change in 4.9.163 - Revert "phonet: fix building with clang" - netfilter: Ignore removal of br_netfilter_enable() [ Salvatore Bonaccorso ] * Refresh mm-mmap.c-expand_downwards-don-t-require-the-gap-if-.patch for context changes in 4.9.162 * [rt] Refresh 0008-futex-rt_mutex-Provide-futex-specific-rt_mutex-API.patch for context changes in 4.9.163 * [rt] Drop 0014-futex-rt_mutex-Restructure-rt_mutex_finish_proxy_loc.patch applied upstream in 4.9.163 * [rt] Refresh 0171-arm-include-definition-for-cpumask_t.patch for context changes in 4.9.165 * [rt] Drop 0256-arm-unwind-use-a-raw_spin_lock.patch -- Salvatore Bonaccorso <carnil(a)debian.org> Fri, 12 Apr 2019 15:52:49 +0200 linux (4.9.161-1) stretch; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.145 - [armhf] media: omap3isp: Unregister media device as first - [amd64] iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() - brcmutil: really fix decoding channel info for 160 MHz bandwidth - HID: input: Ignore battery reported by Symbol DS4308 - batman-adv: Expand merged fragment buffer for full packet - bnx2x: Assign unique DMAE channel number for FW DMAE transactions. - qed: Fix PTT leak in qed_drain() - qed: Fix reading wrong value in loop condition - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command - net/mlx4_core: Fix uninitialized variable compilation warning - net/mlx4: Fix UBSAN warning of signed integer overflow - [amd64] iommu/vt-d: Use memunmap to free memremap - team: no need to do team_notify_peers or team_mcast_rejoin when disabling port - mm: don't warn about allocations which stall for too long - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device - usb: appledisplay: Add 27" Apple Cinema Display - USB: check usb_get_extra_descriptor for proper size (CVE-2018-20169) - ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c (CVE-2018-19824) - [x86] ALSA: hda: Add support for AMD Stoney Ridge - ALSA: pcm: Fix starvation on down_write_nonblock() - ALSA: pcm: Call snd_pcm_unlink() conditionally at closing - ALSA: pcm: Fix interval evaluation with openmin/max - [x86] ALSA: hda/realtek - Fix speaker output regression on Thinkpad T570 - [s390x] virtio: avoid race on vcdev->config - [s390x] virtio: fix race in ccw_io_helper() - SUNRPC: Fix leak of krb5p encode pages - [armhf] dmaengine: cppi41: delete channel from pending list when stop channel - xhci: Prevent U1/U2 link pm states if exit latency is too long - swiotlb: clean up reporting - vsock: lookup and setup guest_cid inside vhost_vsock_lock - vhost/vsock: fix use-after-free in network stack callers (CVE-2018-14625) - cifs: Fix separator when building path from dentry - staging: rtl8712: Fix possible buffer overrun - tty: do not set TTY_IO_ERROR flag if console port - mac80211_hwsim: Timer should be initialized before device registered - mac80211: Clear beacon_int in ieee80211_do_stop - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext - mac80211: fix reordering of buffered broadcast packets - mac80211: ignore NullFunc frames in the duplicate detection https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.146 - ipv6: Check available headroom in ip6_xmit() even without options - net: 8139cp: fix a BUG triggered by changing mtu with network traffic - net/mlx4_core: Correctly set PFC param if global pause is turned off. - net: phy: don't allow __set_phy_supported to add unsupported modes - net: Prevent invalid access to skb->prev in __qdisc_drop_all - rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices - tcp: fix NULL ref in tail loss probe - tun: forbid iface creation with rtnl ops - neighbour: Avoid writing before skb->head in neigh_hh_output() - [armhf] OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup - sysv: return 'err' instead of 0 in __sysv_write_inode - [s390x] cpum_cf: Reject request for sampling in event initialization - [armhf] ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing - ASoC: dapm: Recalculate audio map forcely when card instantiated - hwmon: (w83795) temp4_type has writable permission - objtool: Fix double-free in .cold detection error path - objtool: Fix segfault in .cold detection with -ffunction-sections - Btrfs: send, fix infinite loop due to directory rename dependencies - RDMA/mlx5: Fix fence type for IB_WR_LOCAL_INV WR - [armhf] ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE - [armhf] ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE - exportfs: do not read dentry after free - bpf: fix check of allowed specifiers in bpf_trace_printk - ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf - [arm64] net: thunderx: fix NULL pointer dereference in nic_remove - cachefiles: Fix page leak in cachefiles_read_backing_file while vmscan is active - igb: fix uninitialized variables - ixgbe: recognize 1000BaseLX SFP modules as 1Gbps - [arm64] net: hisilicon: remove unexpected free_netdev - drm/ast: fixed reading monitor EDID not stable issue - fscache: fix race between enablement and dropping of object - ocfs2: fix deadlock caused by ocfs2_defrag_extent() - hfs: do not free node before using - hfsplus: do not free node before using - ocfs2: fix potential use after free - pstore: Convert console write to use ->write_buf - staging: speakup: Replace strncpy with memcpy https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.147 - signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack (Closes: #904385) - timer/debug: Change /proc/timer_list from 0444 to 0400 - [armhf] pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11 - aio: fix spectre gadget in lookup_ioctx - [armhf] MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 - [arm*] ARM: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt - tracing: Fix memory leak in set_trigger_filter() - tracing: Fix memory leak of instance function hash filters - [powerpc*] msi: Fix NULL pointer access in teardown code - Revert "drm/rockchip: Allow driver to be shutdown on reboot/kexec" - [x86] drm/i915/execlists: Apply a full mb before execution for Braswell - mac80211: don't WARN on bad WMM parameters from buggy APs - mac80211: Fix condition validating WMM IE - [amd64] IB/hfi1: Remove race conditions in user_sdma send path - [x86] locking: Remove smp_read_barrier_depends() from queued_spin_lock_slowpath() - [x86] locking/qspinlock: Ensure node is initialised before updating prev->next - [x86] locking/qspinlock: Bound spinning on pending->locked transition in slowpath - [x86] locking/qspinlock: Merge 'struct __qspinlock' into 'struct qspinlock' - [x86] locking/qspinlock: Remove unbounded cmpxchg() loop from locking slowpath - [x86] locking/qspinlock: Remove duplicate clear_pending() function from PV code - [x86] locking/qspinlock: Kill cmpxchg() loop when claiming lock from head of queue - [x86] locking/qspinlock: Re-order code - [x86] locking/qspinlock/x86: Increase _Q_PENDING_LOOPS upper bound - [x86] locking/qspinlock, x86: Provide liveness guarantee - [x86] locking/qspinlock: Fix build for anonymous union in older GCC compilers - mac80211_hwsim: fix module init error paths for netlink - scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset - [x86] scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq during unload - [x86] earlyprintk/efi: Fix infinite loop on some screen widths - [arm64] drm/msm: Grab a vblank reference when waiting for commit_done - bonding: fix 802.3ad state sent to partner when unbinding slave - nfs: don't dirty kernel pages read by direct-io - SUNRPC: Fix a potential race in xprt_connect() - [arm64] clk: mvebu: Off by one bugs in cp110_of_clk_get() - [armhf] Input: omap-keypad - fix keyboard debounce configuration - libata: whitelist all SAMSUNG MZ7KM* solid-state disks - [armhf] mv88e6060: disable hardware level MAC learning - net/mlx4_en: Fix build break when CONFIG_INET is off - bpf: check pending signals while verifying programs - [arm*] 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling - [arm*] 8815/1: V7M: align v7m_dma_inv_range() with v7 counterpart - drm/ast: Fix connector leak during driver unload - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) - vhost/vsock: fix reset orphans race with close timeout - [x86] i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node - nvmet-rdma: fix response use after free - [armhf] rtc: snvs: add a missing write sync - [armhf] rtc: snvs: Add timeouts to avoid kernel lockups https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.148 - block: break discard submissions into the user defined size - block: fix infinite loop if the device loses discard capability - ib_srpt: Fix a use-after-free in __srpt_close_all_ch() - USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data (CVE-2018-19985) - xhci: Don't prevent USB2 bus suspend in state check intended for USB3 only - USB: serial: option: add GosunCn ZTE WeLink ME3630 - USB: serial: option: add HP lt4132 - USB: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) - USB: serial: option: add Fibocom NL668 series - USB: serial: option: add Telit LN940 series - mmc: core: Reset HPI enabled state during re-init and in case of errors - mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support - mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl - [armhf] mmc: omap_hsmmc: fix DMA API warning - [x86] Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels - [x86] mtrr: Don't copy uninitialized gentry fields back to userspace - [x86] fpu: Disable bottom halves while loading FPU registers - ubifs: Handle re-linking of inodes correctly while recovery - panic: avoid deadlocks in re-entrant console drivers - proc/sysctl: don't return ENOMEM on lookup when a table is unregistering - drm/ioctl: Fix Spectre v1 vulnerabilities https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.149 - ip6mr: Fix potential Spectre v1 vulnerability - ipv4: Fix potential Spectre v1 vulnerability - ax25: fix a use-after-free in ax25_fillin_cb() - [ppc64el] ibmveth: fix DMA unmap error in ibmveth_xmit_start error path - ieee802154: lowpan_header_create check must check daddr - ipv6: explicitly initialize udp6_addr in udp_sock_create6() - ipv6: tunnels: fix two use-after-free - isdn: fix kernel-infoleak in capi_unlocked_ioctl - net: ipv4: do not handle duplicate fragments as overlapping - net: phy: Fix the issue that netif always links up after resuming - netrom: fix locking in nr_find_socket() - packet: validate address length - packet: validate address length if non-zero - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event - tipc: fix a double kfree_skb() - vhost: make sure used idx is seen before log in vhost_add_used_n() - [x86] VSOCK: Send reset control packet when socket is partially bound - xen/netfront: tolerate frags with no data - tipc: use lock_sock() in tipc_sk_reinit() - tipc: compare remote and local protocols in tipc_udp_enable() - gro_cell: add napi_disable in gro_cells_destroy - net/mlx5e: Remove the false indication of software timestamping support - net/mlx5: Typo fix in del_sw_hw_rule - sock: Make sock->sk_stamp thread-safe - ptr_ring: wrap back ->producer in __ptr_ring_swap_queue() - ALSA: rme9652: Fix potential Spectre v1 vulnerability - ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities - ALSA: pcm: Fix potential Spectre v1 vulnerability - ALSA: emux: Fix potential Spectre v1 vulnerabilities - ALSA: hda: add mute LED support for HP EliteBook 840 G4 - [arm64,armhf] ALSA: hda/tegra: clear pending irq handlers - USB: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays - USB: serial: option: add Fibocom NL678 series - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID - Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G - [x86] KVM: Use jmp to invoke kvm_spurious_fault() from .fixup - platform-msi: Free descriptors in platform_msi_domain_free() - perf pmu: Suppress potential format-truncation warning - ext4: fix possible use after free in ext4_quota_enable - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() - ext4: fix EXT4_IOC_GROUP_ADD ioctl - ext4: include terminating u32 in size of xattr entries when expanding inodes - ext4: force inode writes when nfsd calls commit_metadata() - [arm64,armhf] spi: bcm2835: Fix race on DMA termination - [arm64,armhf] spi: bcm2835: Fix book-keeping of DMA termination - [arm64,armhf] spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode - [armhf] clk: rockchip: fix typo in rk3188 spdif_frac parent - cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader. - f2fs: fix validation of the block count in sanity_check_raw_super - media: vivid: free bitmap_cap when updating std/timings/etc. - media: v4l2-tpg: array index could become negative - [mips*] Ensure pmd_present() returns false after pmd_mknotpresent() - [mips*] OCTEON: mark RGMII interface disabled on OCTEON III - CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem - [x86] kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested - [arm64] KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1 - [armhf] rtc: m41t80: Correct alarm month range with RTC reads - [x86] tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x - [arm64,armhf] spi: bcm2835: Unbreak the build of esoteric configs https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.150 - [arm64] pinctrl: meson: fix pull enable register calculation - Input: restore EV_ABS ABS_RESERVED - xfrm: Fix bucket count reported to userspace - netfilter: seqadj: re-load tcp header pointer after possible head reallocation - scsi: bnx2fc: Fix NULL dereference in error handling - [armhf] Input: omap-keypad - fix idle configuration to not block SoC idle states - netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel - bnx2x: Clear fip MAC when fcoe offload support is disabled - bnx2x: Remove configured vlans as part of unload sequence. - bnx2x: Send update-svid ramrod with retry/poll flags enabled - scsi: target: iscsi: cxgbit: fix csk leak - scsi: target: iscsi: cxgbit: add missing spin_lock_init() - [arm64] net: hns: Incorrect offset address used for some registers. - [arm64] net: hns: All ports can not work when insmod hns ko after rmmod. - [arm64] net: hns: Some registers use wrong address according to the datasheet. - [arm64] net: hns: Fixed bug that netdev was opened twice - [arm64] net: hns: Clean rx fbd when ae stopped. - [arm64] net: hns: Free irq when exit from abnormal branch - [arm64] net: hns: Avoid net reset caused by pause frames storm - [arm64] net: hns: Fix ntuple-filters status error. - net: hns: Add mac pcs config when enable|disable mac - SUNRPC: Fix a race with XPRT_CONNECTING - lan78xx: Resolve issue with changing MAC address - vxge: ensure data0 is initialized in when fetching firmware version information - net: netxen: fix a missing check and an uninitialized use - [s390x] scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown - libceph: fix CEPH_FEATURE_CEPHX_V2 check in calc_signature() - fork: record start_time late - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined - mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL - mm, devm_memremap_pages: kill mapping "System RAM" support - sunrpc: fix cache_head leak due to queued request - sunrpc: use SVC_NET() in svcauth_gss_* functions - [mips*] math-emu: Write-protect delay slot emulation pages - [amd64] crypto: x86/chacha20 - avoid sleeping with preemption disabled - vhost/vsock: fix uninitialized vhost_vsock->guest_cid - [amd64] IB/hfi1: Incorrect sizing of sge for PIO will OOPs - ALSA: cs46xx: Potential NULL dereference in probe - ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit() - ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks - dlm: fixed memory leaks after failed ls_remove_names allocation - dlm: possible memory leak on error path in create_lkb() - dlm: lost put_lkb on error path in receive_convert() and receive_unlock() - dlm: memory leaks on error path in dlm_user_request() - gfs2: Get rid of potential double-freeing in gfs2_create_inode - gfs2: Fix loop in gfs2_rbm_find - b43: Fix error in cordic routine - [powerpc*] tm: Set MSR[TS] just prior to recheckpoint - 9p/net: put a lower bound on msize - rxe: fix error completion wr_id and qp_num - [amd64] iommu/vt-d: Handle domain agaw being less than iommu agaw - ceph: don't update importing cap's mseq when handing cap export - [ppc64el] genwqe: Fix size check - [x86] intel_th: msu: Fix an off-by-one in attribute store - [i386] power: supply: olpc_battery: correct the temperature units - [arm64,armhf] drm/vc4: Set ->is_yuv to false when num_planes == 1 - bnx2x: Fix NULL pointer dereference in bnx2x_del_all_vlans() on some hw https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.151 - ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 - CIFS: Do not hide EINTR after sending network packets - cifs: Fix potential OOB access of lock element array - usb: cdc-acm: send ZLP for Telit 3G Intel based modems - USB: storage: don't insert sane sense for SPC3+ when bad sense specified - USB: storage: add quirk for SMI SM3350 - USB: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB - slab: alien caches must not be initialized if the allocation of the alien cache failed - mm: page_mapped: don't assume compound page is huge or THP - ACPI: power: Skip duplicate power resource references in _PRx - i2c: dev: prevent adapter retries and timeout being set as minus value - rbd: don't return 0 on unmap if RBD_DEV_FLAG_REMOVING is set - ext4: make sure enough credits are reserved for dioread_nolock writes - ext4: fix a potential fiemap/page fault deadlock w/ inline_data - ext4: avoid kernel warning when writing the superblock to a dead device - sunrpc: use-after-free in svc_process_common() (CVE-2018-16884) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.152 - tty/ldsem: Wake up readers after timed out down_write() - tty: Hold tty_ldisc_lock() during tty_reopen() - tty: Simplify tty->count math in tty_reopen() - tty: Don't hold ldisc lock in tty_reopen() if ldisc present - can: gw: ensure DLC boundaries after CAN frame modification (CVE-2019-3701) - Revert "f2fs: do not recover from previous remained wrong dnodes" - media: em28xx: Fix misplaced reset of dev->v4l::field_count - proc: Remove empty line in /proc/self/status - [arm64] kvm: consistently handle host HCR_EL2 flags - [arm64] Don't trap host pointer auth use to EL2 - ipv6: fix kernel-infoleak in ipv6_local_error() - net: bridge: fix a bug on using a neighbour cache entry without checking its state - packet: Do not leak dev refcounts on error exit - bonding: update nest level on unlink - ip: on queued skb use skb_header_pointer instead of pskb_may_pull - crypto: authencesn - Avoid twice completion call in decrypt path - crypto: authenc - fix parsing key with misaligned rta_len - btrfs: wait on ordered extents on abort cleanup - Yama: Check for pid death before checking ancestry - scsi: core: Synchronize request queue PM status only on successful resume - scsi: sd: Fix cache_type_store() - [arm64] kaslr: ensure randomized quantities are clean to the PoC - [mips*] Disable MSI also when pcie-octeon.pcie_disable on - media: vivid: fix error handling of kthread_run - media: vivid: set min width/height to a value > 0 - LSM: Check for NULL cred-security on free - media: vb2: vb2_mmap: move lock up - sunrpc: handle ENOMEM in rpcb_getport_async - netfilter: ebtables: account ebt_table_info to kmemcg - selinux: fix GPF on invalid policy - blockdev: Fix livelocks on loop device - sctp: allocate sctp_sockaddr_entry with kzalloc - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats - tipc: fix uninit-value in tipc_nl_compat_bearer_enable - tipc: fix uninit-value in tipc_nl_compat_link_set - tipc: fix uninit-value in tipc_nl_compat_name_table_dump - tipc: fix uninit-value in tipc_nl_compat_doit - block/loop: Use global lock for ioctl() operation. - loop: Fold __loop_release into loop_release - loop: Get rid of loop_index_mutex - loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl() - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock - mm, memcg: fix reclaim deadlock with writeback - media: vb2: be sure to unlock mutex on errors - nbd: set the logical and physical blocksize properly - nbd: Use set_blocksize() to set device blocksize https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.153 - r8169: Add support for new Realtek Ethernet - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses - [x86] platform: asus-wmi: Tell the EC the OS will handle the display off hotkey - e1000e: allow non-monotonic SYSTIM readings - writeback: don't decrement wb->refcnt if !wb->bdi - [arm64,armhf] serial: set suppress_bind_attrs flag only if builtin - ALSA: oxfw: add support for APOGEE duet FireWire - [arm64] perf: set suppress_bind_attrs flag to true - selinux: always allow mounting submounts - rxe: IB_WR_REG_MR does not capture MR's iova field - jffs2: Fix use of uninitialized delayed_work, lockdep breakage - pstore/ram: Do not treat empty buffers as valid - [ppc64el] powerpc/xmon: Fix invocation inside lock region - [powerpc*] powerpc/pseries/cpuidle: Fix preempt warning - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info - net: call sk_dst_reset when set SO_DONTROUTE - scsi: target: use consistent left-aligned ASCII INQUIRY data - [armhf] clk: imx6q: reset exclusive gates on init - tty/serial: do not free trasnmit buffer page under port lock - [x86] perf intel-pt: Fix error with config term "pt=0" - perf svghelper: Fix unchecked usage of strncpy() - perf parse-events: Fix unchecked usage of strncpy() - dm kcopyd: Fix bug causing workqueue stalls - dm snapshot: Fix excessive memory usage and workqueue stalls - ALSA: bebob: fix model-id of unit for Apogee Ensemble - sysfs: Disable lockdep for driver bind/unbind files - scsi: smartpqi: correct lun reset issues - scsi: megaraid: fix out-of-bound array accesses - ocfs2: fix panic due to unrecovered local alloc - mm/page-writeback.c: don't break integrity writeback on ->writepage() error - mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps - [arm64] ipmi:ssif: Fix handling of multi-part return messages - locking/qspinlock: Pull in asm/byteorder.h to ensure correct endianness https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.154 - net: bridge: Fix ethernet header pointer before check skb forwardable - net: Fix usage of pskb_trim_rcsum - openvswitch: Avoid OOB read when parsing flow nlattrs - vhost: log dirty page correctly - net: ipv4: Fix memory leak in network namespace dismantle - net_sched: refetch skb protocol for each filter - ipfrag: really prevent allocation on netns exit - USB: serial: simple: add Motorola Tetra TPG2200 device id - USB: serial: pl2303: add new PID to support PL2303TB - [x86] ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages - [s390x] early: improve machine detection - [s390x] smp: fix CPU hotplug deadlock with CPU rescan - [x86] char/mwave: fix potential Spectre v1 vulnerability - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 - tty: Handle problem if line discipline does not have receive_buf - uart: Fix crash in uart_write and uart_put_char - [x86] tty/n_hdlc: fix __might_sleep warning - CIFS: Fix possible hang during async MTU reads and writes - Input: xpad - add support for SteelSeries Stratus Duo - compiler.h: enable builtin overflow checkers and add fallback code - Input: uinput - fix undefined behavior in uinput_validate_absinfo() - [x86] acpi/nfit: Block function zero DSMs - [x86] acpi/nfit: Fix command-supported detection - dm thin: fix passdown_double_checking_shared_status() - [x86] KVM: Fix single-step debugging - [x86] kaslr: Fix incorrect i8254 outb() parameters - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it - can: bcm: check timer values before ktime conversion - vt: invoke notifier on screen size change - perf unwind: Unwind with libdw doesn't take symfs into account - perf unwind: Take pgoff into account when reporting elf to libdwfl - [arm64] irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size - [s390x] smp: Fix calling smp_call_ipl_cpu() from ipl CPU - nvmet-rdma: Add unlikely for response allocated check - nvmet-rdma: fix null dereference under heavy load - f2fs: read page index before freeing - btrfs: fix error handling in btrfs_dev_replace_start - btrfs: dev-replace: go back to suspended state if target device is missing https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.155 - Fix "net: ipv4: do not handle duplicate fragments as overlapping" - fs: add the fsnotify call to vfs_iter_write - ipv6: Consider sk_bound_dev_if when binding a socket to an address (Closes: #918103) - l2tp: copy 4 more bytes to linear part if necessary - net/mlx4_core: Add masking for a few queries on HCA caps - netrom: switch to sock timer API - net/rose: fix NULL ax25_cb kernel panic - net/mlx5e: Allow MAC invalidation while spoofchk is ON - l2tp: remove l2specific_len dependency in l2tp_core - l2tp: fix reading optional fields of L2TPv3 - ipvlan, l3mdev: fix broken l3s mode wrt local routes - CIFS: Do not count -ENODATA as failure for query directory - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() - [arm64] kaslr: ensure randomized quantities are clean also when kaslr is off - [arm64] hyp-stub: Forbid kprobing of the hyp-stub - [arm64] hibernate: Clean the __hyp_text to PoC after resume - gfs2: Revert "Fix loop in gfs2_rbm_find" - [x86] platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK - [x86] platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes - [arm64,armhf] mmc: sdhci-iproc: handle mmc_of_parse() errors during probe - kernel/exit.c: release ptraced tasks before zap_pid_ns_processes - mm, oom: fix use-after-free in oom_kill_process - mm: hwpoison: use do_send_sig_info() instead of force_sig() - mm: migrate: don't rely on __PageMovable() of newpage after unlocking it - cifs: Always resolve hostname before reconnecting - drivers: core: Remove glue dirs from sysfs earlier - fs: don't scan the inode cache before SB_BORN is set - fanotify: fix handling of events on child sub-directory https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156 - drm/bufs: Fix Spectre v1 vulnerability - [x86] ASoC: Intel: mrfld: fix uninitialized variable access - [armhf] gpu: ipu-v3: image-convert: Prevent race between run and unprepare - scsi: lpfc: Correct LCB RJT handling - [armhf] 8808/1: kexec:offline panic_smp_self_stop CPU - dlm: Don't swamp the CPU with callbacks queued during recovery - [x86] PCI: Fix Broadcom CNB20LE unintended sign extension (redux) - [ppc64el] powerpc/pseries: add of_node_put() in dlpar_detach_node() - [arm64,armhf] drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl - [arm64,armhf] soc/tegra: Don't leak device tree node reference - [x86] iio: accel: kxcjk1013: Add KIOX010A ACPI Hardware-ID - media: adv*/tc358743/ths8200: fill in min width/height/pixelclock - f2fs: move dir data flush to write checkpoint process - f2fs: fix wrong return value of f2fs_acl_create - nfsd4: fix crash on writing v4_end_grace before nfsd startup - Thermal: do not clear passive state during system sleep - firmware/efi: Add NULL pointer checks in efivars API functions - [arm64] ftrace: don't adjust the LR value - [x86] fpu: Add might_fault() to user_insn() - smack: fix access permissions for keyring - usb: hub: delay hub autosuspend if USB3 port is still link training - timekeeping: Use proper seqcount initializer - [armhf] clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module clocks - [amd64] iommu/amd: Fix amd_iommu=force_isolation - [armhf] dts: Fix OMAP4430 SDP Ethernet startup - [mips*] bpf: fix encoding bug for mm_srlv32_op - [arm64,armhf] iommu/arm-smmu: Add support for qcom,smmu-v2 variant - [arm64] iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer - udf: Fix BUG on corrupted inode - memstick: Prevent memstick host from getting runtime suspended during card detection - [armhf] tty: serial: samsung: Properly set flags in autoCTS mode - perf header: Fix unchecked usage of strncpy() - perf probe: Fix unchecked usage of strncpy() - [arm64] KVM: Skip MMIO insn after emulation - mac80211: fix radiotap vendor presence bitmap handling - xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi - Bluetooth: Fix unnecessary error message for HCI request completion - scsi: smartpqi: correct host serial num for ssa - scsi: smartpqi: correct volume status - drbd: narrow rcu_read_lock in drbd_sync_handshake - drbd: disconnect, if the wrong UUIDs are attached on a connected peer - drbd: skip spurious timeout (ping-timeo) when failing promote - fbdev: fbmem: behave better with small rotated displays and many CPUs - i40e: define proper net_device::neigh_priv_len - igb: Fix an issue that PME is not enabled during runtime suspend - fbdev: fbcon: Fix unregister crash when more than one framebuffer - [arm64] pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins - [arm64] pinctrl: meson: meson8b: fix the GPIO function for the GPIOAO pins - [x86] KVM: svm: report MSR_IA32_MCG_EXT_CTL as unsupported - NFS: nfs_compare_mount_options always compare auth flavors. - hwmon: (lm80) fix a missing check of the status of SMBus read - hwmon: (lm80) fix a missing check of bus read in lm80 probe - seq_buf: Make seq_buf_puts() null-terminate the buffer - cifs: check ntwrk_buf_start for NULL before dereferencing it - um: Avoid marking pages with "changed protection" - niu: fix missing checks of niu_pci_eeprom_read - f2fs: fix sbi->extent_list corruption issue - ocfs2: don't clear bh uptodate for block read - HID: lenovo: Add checks to fix of_led_classdev_register - kernel/hung_task.c: break RCU locks based on jiffies - proc/sysctl: fix return error for proc_doulongvec_minmax() - fs/epoll: drop ovflist branch prediction - exec: load_script: don't blindly truncate shebang string - dccp: fool proof ccid_hc_[rt]x_parse_options() - rxrpc: bad unlock balance in rxrpc_recvmsg - skge: potential memory corruption in skge_get_regs() - rds: fix refcount bug in rds_sock_addref - net/mlx5e: Force CHECKSUM_UNNECESSARY for short ethernet frames - [armhf] net: dsa: slave: Don't propagate flag changes on down slave interfaces - enic: fix checksum validation for IPv6 - ALSA: compress: Fix stop handling on compressed capture streams - ALSA: hda - Serialize codec registrations - fuse: call pipe_buf_release() under pipe lock - fuse: decrement NR_WRITEBACK_TEMP on the right page - fuse: handle zero sized retrieve correctly - [arm64,armhf] dmaengine: bcm2835: Fix interrupt race on RT - [arm64,armhf] dmaengine: bcm2835: Fix abort of transactions - [armhf] dmaengine: imx-dma: fix wrong callback invoke - [armhf] usb: phy: am335x: fix race condition in _probe - [armhf] usb: gadget: musb: fix short isoc packets with inventra dma - scsi: aic94xx: fix module loading - [x86] KVM: work around leak of uninitialized stack contents (CVE-2019-7222) - kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974) - [x86] KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221) - [x86] perf/x86/intel/uncore: Add Node ID mask - [x86] MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() - perf/core: Don't WARN() for impossible ring-buffer sizes - perf tests evsel-tp-sched: Fix bitwise operator - serial: fix race between flush_to_ldisc and tty_open - oom, oom_reaper: do not enqueue same task twice - [amd64] PCI: vmd: Free up IRQs on suspend path - [amd64] IB/hfi1: Add limit test for RC/UC send via loopback - [x86] perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.157 - [armhf] mtd: rawnand: gpmi: fix MX28 bus master lockup problem - signal: Always notice exiting tasks - signal: Better detection of synchronous signals - [arm64,armhf] misc: vexpress: Off by one in vexpress_syscfg_exec() - debugfs: fix debugfs_rename parameter checking - [mips*] cm: reprime error cause - [mips*] OCTEON: don't set octeon_dma_bar_type if PCI is disabled - mac80211: ensure that mgmt tx skbs have tailroom for encryption - drm/modes: Prevent division by zero htotal - [x86] drm/vmwgfx: Fix setting of dma masks - [x86] drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user - nfsd4: fix cached replies to solo SEQUENCE compounds - nfsd4: catch some false session retries - HID: debug: fix the ring buffer implementation (CVE-2019-3819) - Revert "cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs)" - libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() - xfrm: refine validation of template and selector families - batman-adv: Avoid WARN on net_device without parent in netns - batman-adv: Force mac header to start of data on xmit https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.158 - Revert "exec: load_script: don't blindly truncate shebang string" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.159 - dt-bindings: eeprom: at24: add "atmel,24c2048" compatible string - eeprom: at24: add support for 24c2048 - uapi/if_ether.h: prevent redefinition of struct ethhdr - [armel,armhf] 8789/1: signal: copy registers using __copy_to_user() - [armel,armhf] 8791/1: vfp: use __copy_to_user() when saving VFP state - [armel,armhf] 8793/1: signal: replace __put_user_error with __put_user - [armel,armhf] 8794/1: uaccess: Prevent speculative use of the current addr_limit - [armel,armhf] 8795/1: spectre-v1.1: use put_user() for __put_user() - [armel,armhf] 8796/1: spectre-v1,v1.1: provide helpers for address sanitization - [armel,armhf] 8797/1: spectre-v1.1: harden __copy_to_user - [armel,armhf] 8810/1: vfp: Fix wrong assignement to ufp_exc - [armel,armhf] make lookup_processor_type() non-__init - [armel,armhf] split out processor lookup - [armel,armhf] clean up per-processor check_bugs method call - [armel,armhf] add PROC_VTABLE and PROC_TABLE macros - [armel,armhf] spectre-v2: per-CPU vtables to work around big.Little systems - [armel,armhf] ensure that processor vtables is not lost after boot - [armel,armhf] fix the cockup in the previous patch - net: create skb_gso_validate_mac_len() (CVE-2018-1000026) - bnx2x: disable GSO where gso_size is too big for hardware (CVE-2018-1000026) - [i386] ACPI: NUMA: Use correct type for printing addresses on i386-PAE - cpufreq: check if policy is inactive early in __cpufreq_get() - [armel] dts: kirkwood: Fix polarity of GPIO fan lines - cifs: Limit memory used by lock request calls to a page - perf report: Include partial stacks unwound with libdw - Revert "Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G" - Input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK - perf/core: Fix impossible ring-buffer sizes warning - [x86] perf: Add check_period PMU callback - ALSA: hda - Add quirk for HP EliteBook 840 G5 - ALSA: usb-audio: Fix implicit fb endpoint setup by quirk - [x86] kvm: vmx: Fix entry number check for add_atomic_switch_msr() - Input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 - [alpha] fix page fault handling for r16-r18 targets - [alpha] Fix Eiger NR_IRQS to 128 - tracing/uprobes: Fix output for multiple string arguments - signal: Restore the stop PTRACE_EVENT_EXIT - [amd64] x86/a.out: Clear the dump structure initially - dm thin: fix bug where bio that overwrites thin block ignores FUA - [x86] drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set - smsc95xx: Use skb_cow_head to deal with cloned skbs - ch9200: use skb_cow_head() to deal with cloned skbs - kaweth: use skb_cow_head() to deal with cloned skbs - [arm64,armhf] usb: dwc2: Remove unnecessary kfree - netfilter: nf_tables: fix mismatch in big-endian system - [arm64] pinctrl: msm: fix gpio-hog related boot issues - mm: stop leaking PageTables - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define - Revert "scsi: aic94xx: fix module loading" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.160 - net: fix IPv6 prefix route residue - [x86] vsock: cope with memory allocation failure at socket creation time - hwmon: (lm80) Fix missing unlock on error in set_fan_div() - net: Fix for_each_netdev_feature on Big endian - [arm64,armhf] net: stmmac: handle endianness in dwmac4_get_timestamp - sky2: Increase D3 delay again - vhost: correctly check the return value of translate_desc() in log_used() - net: Add header for usage of fls64() - tcp: tcp_v4_err() should be more careful - net: Do not allocate page fragments that are not skb aligned - tcp: clear icsk_backoff in tcp_write_queue_purge() - vxlan: test dev->flags & IFF_UP before calling netif_rx() - [arm64,armhf] net: stmmac: Fix a race in EEE enable callback - net: ipv4: use a dedicated counter for icmp_v4 redirect packets - btrfs: Remove false alert when fiemap range is smaller than on-disk extent - mISDN: fix a race in dev_expire_timer() - ax25: fix possible use-after-free https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.161 - mac80211: Free mpath object when rhashtable insertion fails - libceph: handle an empty authorize reply - ceph: avoid repeatedly adding inode to mdsc->snap_flush_list - numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES - proc, oom: do not report alien mms when setting oom_score_adj - KEYS: allow reaching the keys quotas exactly - [armhf] mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells - [armhf] mfd: twl-core: Fix section annotations on {,un}protect_pm_master - [arm64] mfd: qcom_rpm: write fw_version to CTRL_REG - [armhf] mfd: mc13xxx: Fix a missing check of a register-read failure - qed: Fix qed_ll2_post_rx_buffer_notify_fw() by adding a write memory barrier - [arm64] net: hns: Fix use after free identified by SLUB debug - scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param - [x86] scsi: isci: initialize shost fully before calling scsi_add_host() - atm: he: fix sign-extension overflow on large shift - [armhf] leds: lp5523: fix a missing check of return value of lp55xx_read - net/mlx5e: Fix wrong (zero) TX drop counter indication for representor - RDMA/srp: Rework SCSI device reset handling - KEYS: user: Align the payload buffer - KEYS: always initialize keyring_index_key::desc_len - batman-adv: fix uninit-value in batadv_interface_tx() - net/packet: fix 4gb buffer limit due to overflow check - team: avoid complex list operations in team_nl_cmd_options_set() - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach() - sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment - net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames - [hppa/parisc] Fix ptrace syscall number modification - [x86] hpet: Make cmd parameter of hpet_ioctl_common() unsigned - clocksource: Use GENMASK_ULL in definition of CLOCKSOURCE_MASK - netpoll: Fix device name check in netpoll_setup() - tracing: Use cpumask_available() to check if cpumask variable may be used - [x86] boot: Disable the address-of-packed-member compiler warning - [x86] drm/i915: Consistently use enum pipe for PCH transcoders - [x86] drm/i915: Fix enum pipe vs. enum transcoder for the PCH transcoder - [arm64] irqchip/gic-v3: Convert arm64 GIC accessors to {read,write}_sysreg_s - mm/zsmalloc.c: change stat type parameter to int - mm/zsmalloc.c: fix -Wunneeded-internal-declaration warning - Revert "bridge: do not add port to router list when receives query with source 0.0.0.0" - netfilter: nf_tables: fix flush after rule deletion in the same batch - [arm64] pinctrl: max77620: Use define directive for max77620_pinconf_param values - [arm64,armhf] phy: tegra: remove redundant self assignment of 'map' - sched/sysctl: Fix attributes of some extern declarations [ Salvatore Bonaccorso ] * Refresh kbuild-use-nostdinc-in-compile-tests.patch for context changes in 4.9.145 * [rt] Update to 4.9.146-rt125 - seqlock: provide the same ordering semantics as mainline - squashfs: make use of local lock in multi_cpu decompressor - locallock: provide {get,put}_locked_ptr() variants - posix-timers: move the rcu head out of the union - alarmtimer: Prevent live lock in alarm_cancel() - block: blk-mq: move blk_queue_usage_counter_release() into process context - Revert "block: blk-mq: Use swait" - Revert "rt,ntp: Move call to schedule_delayed_work() to helper thread" - net: use task_struct instead of CPU number as the queue owner on -RT - locking: add types.h - mm/slub: close possible memory-leak in kmem_cache_alloc_bulk() - crypto: limit more FPU-enabled sections - sched, tracing: Fix trace_sched_pi_setprio() for deboosting - rcu: Suppress lockdep false-positive ->boost_mtx complaints - rcu: Do not include rtmutex_common.h unconditionally - rtmutex: Make rt_mutex_futex_unlock() safe for irq-off callsites - futex: Fix OWNER_DEAD fixup - futex: Avoid violating the 10th rule of futex - futex: Fix more put_pi_state() vs. exit_pi_state_list() races - futex: Fix pi_state->owner serialization * [rt] Refresh 0366-posix-timers-move-the-rcu-head-out-of-the-union.patch. Refresh for context changes caused by a Debian specific patch to avoid ABI change in 4.9.136: "posix-timers: Avoid ABI change in 4.9.136" * [rt] Refresh 0280-random-Make-it-work-on-rt.patch * [rt] Refresh 0198-fs-aio-simple-simple-work.patch for context changes in 4.9.147 * Btrfs: fix corruption reading shared and compressed extents after hole punching (Closes: #922306) [ Ben Hutchings ] * Bump ABI to 9 and apply deferred changes: - netfilter: ipv6: nf_defrag: reduce struct net memory waste - proc/sysctl: prune stale dentries during unregistering - proc/sysctl: Don't grab i_lock under sysctl_lock. - proc: Fix proc_sys_prune_dcache to hold a sb reference - [mips*] Correct the 64-bit DSP accumulator register size - inet: frags: fix ip6frag_low_thresh boundary - inet: frags: reorganize struct netns_frags - rhashtable: reorganize struct rhashtable layout - inet: frags: break the 2GB limit for frags storage - elevator: fix truncation of icq_cache_name -- Salvatore Bonaccorso <carnil(a)debian.org> Wed, 27 Feb 2019 22:21:01 +0100 --- Modifications pour mariadb-10.1 (libmariadbclient18 mariadb-client-10.1 mariadb-client-core-10.1 mariadb-common) --- mariadb-10.1 (10.1.38-0+deb9u1) stretch; urgency=medium * SECURITY UPDATE: New upstream release 10.1.38. Includes fixes for the following security vulnerabilities (Closes: #920933): - CVE-2019-2537 - CVE-2019-2529 * Update correct branch name in gbp.conf * Disable test unit.pcre_test on s390x that was failing in stretch-security (Closes: #920854) * Limit build test suite to 'main' like in mariadb-10.3 to make unnecessary build failures less likely in lifetime of Stretch. * Fix mips compilation failure (__bss_start symbol missing) (Closes: #920855) * Extend the server README to clarify common misunderstandings (Closes: #878215) * Enable ccache in CMake path so it can be used automatically where available * Heavily refactor and unify gitlab-ci.yml MariaDB install/upgrade steps. This ensures uploads to Stretch are much more safer to do now than in the past. -- Otto Kekäläinen <otto(a)debian.org> Tue, 16 Apr 2019 14:56:50 +0300 --- Modifications pour postfix (postfix postfix-sqlite) --- postfix (3.1.12-0+deb9u1) stretch; urgency=medium [Scott Kitterman] * Add detailed smarthost instructions to README.Debian. Thanks to Celejar for the input. Closes: #919444 * Refresh patches [Wietse Venema] * 3.1.10 - Bugfix (introduced: Postfix 2.11): minor memory leak when minting issuer certs. This affects a tiny minority of use cases. Viktor Dukhovni, based on a fix by Juan Altmayer Pizzorno for the ssl_dane library. File: tls/tls_dane.c. - Bugfix (introduced: Postfix 3.0): with smtputf8_enable=yes, table lookups could casefold the search string when searching a lookup table that does not use fixed-string keys (regexp, pcre, tcp, etc.). Historically, Postfix would not case-fold the search string with such tables. File: util/dict_utf8.c. Closes: #917512 - Multiple 'bit rot' fixes for OpenSSL API changes, including support to disable TLSv1.3, to avoid issuing multiple session tickets. Viktor Dukhovni. Files: proto/postconf.proto, proto/TLS_README.html, tls/tls.h, tls/tls_server.c, tls/tls_misc.c. - Bugfix (introduced: 3.0): smtpd_discard_ehlo_keywords could not disable "SMTPUTF8". because the lookup table was using "EHLO_MASK_SMTPUTF8" instead. File: global/ehlo_mask.c. - Documentation: update documentation for Postfix versions that support disabling TLS 1.3. File: proto/postconf.proto. - Improved logging of TLS 1.3 summary information, and improved reporting of the same info in Received: message headers. Viktor Dukhovni. Files: proto/FORWARD_SECRECY_README.html, posttls-finger/posttls-finger.c, smtpd/smtpd.c, tls/tls.h, tls/tls_client.c, tls/tls_misc.c, tls/tls_proxy.h, tls/tls_proxy_context_print.c, tls/tls_proxy_context_scan.c, tls/tls_server.c. * 3.1.11 - Bugfix (introduced: postfix-2.11): with posttls-finger, connections to unix-domain servers always resulted in "Failed to establish session" even after a connection was established. Jaroslav Skarva. File: posttls-finger/posttls-finger.c. * 3.1.12 - Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce has been producing false rejects starting with the Postfix 2.2 smtpd_end_of_data_restrictons, and for the same reasons, did the same with the Postfix 3.4 BDAT command. The latter was reported by Andreas Schulze. File: smtpd/smtpd_check.c. - Bugfix (introduced: Postfix 3.0): LMTP connections over UNIX-domain sockets were cached but not reused, due to a cache lookup key mismatch. Therefore, idle cached connections could exhaust LMTP server resources, resulting in two-second pauses between email deliveries. This problem was investigated by Juliana Rodrigueiro. File: smtp/smtp_connect.c. -- Scott Kitterman <scott(a)kitterman.com> Mon, 25 Mar 2019 01:01:51 -0400 --- Modifications pour publicsuffix --- publicsuffix (20190415.1030-0+deb9u1) stretch; urgency=medium * new upstream publicsuffix data -- Daniel Kahn Gillmor <dkg(a)fifthhorseman.net> Mon, 15 Apr 2019 14:11:53 -0400 publicsuffix (20190221.0923-0+deb9u1) stretch; urgency=medium * new upstream publicsuffix data -- Daniel Kahn Gillmor <dkg(a)fifthhorseman.net> Wed, 13 Mar 2019 10:20:24 -0400 publicsuffix (20181030.1007-0+deb9u1) stretch; urgency=medium * new upstream publicsuffix data -- Daniel Kahn Gillmor <dkg(a)fifthhorseman.net> Thu, 01 Nov 2018 20:58:10 -0400 --- Modifications pour python-cryptography (python3-cryptography python-cryptography) --- python-cryptography (1.7.1-3+deb9u1) stretch; urgency=medium * Remove BIO_callback_ctrl: The prototype differs with the OpenSSL's definition of it after it was changed (fixed) within OpenSSL. It has no users. -- Sebastian Andrzej Siewior <sebastian(a)breakpoint.cc> Sun, 02 Sep 2018 15:17:35 +0200 --- Modifications pour python-pip (python-pip python-pip-whl) --- python-pip (9.0.1-2+deb9u1) stretch; urgency=medium * Team upload. * Add Properly_catch_requests_HTTPError_in_index.py.patch, which fixes --extra-index-url results in "HTTPError: 404 Client Error: NOT FOUND". The patch makes works even with the unbundled requests. (Closes: #837764). -- Thomas Goirand <zigo(a)debian.org> Sun, 31 Mar 2019 00:02:11 +0100 --- Modifications pour rsync --- rsync (3.1.2-1+deb9u2) stretch; urgency=medium * Apply CVEs from 2016 to the zlib code. closes:#924509 -- Paul Slootman <paul(a)debian.org> Fri, 15 Mar 2019 11:39:50 +0100 --- Modifications pour unzip --- unzip (6.0-21+deb9u1) stretch; urgency=medium * Fix buffer overflow in password protected ZIP archives. Closes: #889838. Patch borrowed from SUSE. For reference, this is CVE-2018-1000035. -- Santiago Vila <sanvila(a)debian.org> Wed, 17 Apr 2019 21:23:40 +0200 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on nonagon.federez.net -- apticron

5 années, 11 mois

17 Debian package update(s) for nonagon.federez.net

par club-federez＠crans.org

apticron report [Mon, 29 Apr 2019 18:49:15 +0200] ======================================================================== apticron has detected that some packages need upgrading on: nonagon.federez.net [ 185.230.78.42 2a0c:700:0:23:67:e5ff:fee9:3 ] The following packages are currently pending an upgrade: base-files 9.9+deb9u9 libjs-jquery 3.1.1-2+deb9u1 libmariadbclient18 10.1.38-0+deb9u1 libpng16-16 1.6.28-1+deb9u1 linux-libc-dev 4.9.168-1 mariadb-client-10.1 10.1.38-0+deb9u1 mariadb-client-core-10.1 10.1.38-0+deb9u1 mariadb-common 10.1.38-0+deb9u1 postfix 3.1.12-0+deb9u1 postfix-sqlite 3.1.12-0+deb9u1 publicsuffix 20190415.1030-0+deb9u1 python3-cryptography 1.7.1-3+deb9u1 python-cryptography 1.7.1-3+deb9u1 python-pip 9.0.1-2+deb9u1 python-pip-whl 9.0.1-2+deb9u1 rsync 3.1.2-1+deb9u2 unzip 6.0-21+deb9u1 ======================================================================== Package Details: apt-listchanges : Lecture des fichiers de modifications (« changelog »)... apt-listchanges : journaux des modifications (« changelogs ») ------------------------------------------------------------- --- Modifications pour libpng1.6 (libpng16-16) --- libpng1.6 (1.6.28-1+deb9u1) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * Call png_image_free_function without guarding it with png_safe_execute (CVE-2019-7317) (Closes: #921355) -- Salvatore Bonaccorso <carnil(a)debian.org> Thu, 18 Apr 2019 22:12:35 +0200 --- Modifications pour base-files --- base-files (9.9+deb9u9) stretch; urgency=medium * Change /etc/debian_version to 9.9, for Debian 9.9 point release. -- Santiago Vila <sanvila(a)debian.org> Thu, 28 Mar 2019 10:12:44 +0100 --- Modifications pour jquery (libjs-jquery) --- jquery (3.1.1-2+deb9u1) stretch; urgency=medium * Team upload * Add patch to prevent Object.prototype pollution (Closes: #927385, CVE-2019-11358) * Disable check-against-upstream-build test (autopkgtest) since file is now patched -- Xavier Guimard <yadd(a)debian.org> Thu, 18 Apr 2019 22:57:29 +0200 --- Modifications pour linux (linux-libc-dev) --- linux (4.9.168-1) stretch; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.162 - Revert "loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()" - Revert "loop: Get rid of loop_index_mutex" - Revert "loop: Fold __loop_release into loop_release" - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached - [arm64] drm/msm: Unblock writer if reader closes file - [x86] ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field - [x86] ALSA: compress: prevent potential divide by zero bugs - [x86] thermal: int340x_thermal: Fix a NULL vs IS_ERR() check - [arm64,armhf] usb: dwc3: gadget: synchronize_irq dwc irq in suspend - [arm64,armhf] usb: dwc3: gadget: Fix the uninitialized link_state when udc starts - usb: gadget: Potential NULL dereference on allocation error - ASoC: dapm: change snprintf to scnprintf for possible overflow - [armhf] ASoC: imx-audmux: change snprintf to scnprintf for possible overflow - [x86] drivers: thermal: int340x_thermal: Fix sysfs race condition - mac80211: fix miscounting of ttl-dropped frames - locking/rwsem: Fix (possible) missed wakeup - direct-io: allow direct writes to empty inodes - scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state() - net: usb: asix: ax88772_bind return error when hw_reset fail - [ppc64el] ibmveth: Do not process frames after calling napi_reschedule - mac80211: don't initiate TDLS connection if station is not associated to AP - mac80211: Add attribute aligned(2) to struct 'action' - cfg80211: extend range deviation for DMG - [x86] svm: Fix AVIC incomplete IPI emulation - [x86] KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1 - [powerpc*] Always initialize input array when calling epapr_hypercall() - [arm64] mmc: spi: Fix card detection during probe - mm: enforce min addr even if capable() in expand_downwards() (CVE-2019-9213) - [x86] uaccess: Don't leak the AC flag into __put_user() value evaluation https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.163 - USB: serial: option: add Telit ME910 ECM composition - USB: serial: cp210x: add ID for Ingenico 3070 - USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 - cpufreq: Use struct kobj_attribute instead of struct global_attr - ncpfs: fix build warning of strncpy - [x86] staging: comedi: ni_660x: fix missing break in switch statement - ip6mr: Do not call __IP6_INC_STATS() from preemptible context - net-sysfs: Fix mem leak in netdev_register_kobject - sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79 - team: Free BPF filter when unregistering netdev - bnxt_en: Drop oversize TX packets to prevent errors. - [x86] hv_netvsc: Fix IP header checksum for coalesced packets - [armhf] net: dsa: mv88e6xxx: Fix u64 statistics - net: netem: fix skb length BUG_ON in __skb_to_sgvec - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails - net: sit: fix memory leak in sit_init_net() - xen-netback: don't populate the hash cache on XenBus disconnect - xen-netback: fix occasional leak of grant ref mappings under memory pressure - net: Add __icmp_send helper. - tun: fix blocking read - tun: remove unnecessary memory barrier - net: phy: Micrel KSZ8061: link failure after cable connect - [x86] CPU/AMD: Set the CPB bit unconditionally on F17h - applicom: Fix potential Spectre v1 vulnerabilities - [mips*] irq: Allocate accurate order pages for irq stack - hugetlbfs: fix races and page leaks during migration - exec: Fix mem leak in kernel_read_file (CVE-2019-8980) - media: uvcvideo: Fix 'type' check leading to overflow - vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel - perf core: Fix perf_proc_update_handler() bug - perf tools: Handle TOPOLOGY headers with no CPU - IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM - [amd64] iommu/amd: Call free_iova_fast with pfn in map_sg - [amd64] iommu/amd: Unmap all mapped pages in error path of map_sg - ipvs: Fix signed integer overflow when setsockopt timeout - [amd64] iommu/amd: Fix IOMMU page flush when detach device from a domain - [arm64] net: hns: Fix for missing of_node_put() after of_parse_phandle() - [arm64] net: hns: Fix wrong read accesses via Clause 45 MDIO protocol - [armhf] net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup() - nfs: Fix NULL pointer dereference of dev_name - qed: Fix VF probe failure while FLR - scsi: libfc: free skb when receiving invalid flogi resp - [x86] platform: Fix unmet dependency warning for SAMSUNG_Q10 - cifs: fix computation for MAX_SMB2_HDR_SIZE - [arm64] kprobe: Always blacklist the KVM world-switch code - [x86] kexec: Don't setup EFI info if EFI runtime is not enabled - mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone - mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone - fs/drop_caches.c: avoid softlockups in drop_pagecache_sb() - autofs: drop dentry reference only when it is never used - autofs: fix error return in autofs_fill_super() - vsock/virtio: fix kernel panic after device hot-unplug - vsock/virtio: reset connected sockets on device removal - netfilter: nf_nat: skip nat clash resolution for same-origin entries - [s390x] qeth: fix use-after-free in error path - perf symbols: Filter out hidden symbols from labels - [mips*] Remove function size check in get_frame_info() - fs: ratelimit __find_get_block_slow() failure message. - Input: wacom_serial4 - add support for Wacom ArtPad II tablet - Input: elan_i2c - add id for touchpad found in Lenovo s21e-20 - [x86] iscsi_ibft: Fix missing break in switch statement - scsi: aacraid: Fix missing break in switch statement - futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock() - [armhf] dts: exynos: Fix pinctrl definition for eMMC RTSN line on Odroid X2/U3 - drm: disable uncached DMA optimization for ARM and arm64 - [armhf] dts: exynos: Do not ignore real-world fuse values for thermal zone 0 on Exynos5420 - [x86] perf/x86/intel: Make cpuc allocations consistent - [x86] perf/x86/intel: Generalize dynamic constraint creation - [x86] Add TSX Force Abort CPUID/MSR https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.164 - ACPICA: Reference Counts: increase max to 0x4000 for large servers - KEYS: restrict /proc/keys by credentials at open time - l2tp: fix infoleak in l2tp_ip6_recvmsg() - net: sit: fix UBSAN Undefined behaviour in check_6rd - pptp: dst_release sk_dst_cache in pptp_sock_destruct - route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race - tcp: handle inet_csk_reqsk_queue_add() failures - vxlan: test dev->flags & IFF_UP before calling gro_cells_receive() - net/mlx4_core: Fix reset flow when in command polling mode - net/mlx4_core: Fix locking in SRIOV mode when switching between events and polling - net/mlx4_core: Fix qp mtt size calculation - mdio_bus: Fix use-after-free on device_register fails - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 - af_unix: missing barriers in some of unix_sock ->addr and ->path accesses - ipvlan: disallow userns cap_net_admin to change global mode/flags - vxlan: Fix GRO cells race condition between receive and link delete - rxrpc: Fix client call queueing, waiting for channel - gro_cells: make sure device is up in gro_cells_receive() - tcp/dccp: remove reqsk_put() from inet_child_forget() - [x86] perf: Fixup typo in stub functions - ALSA: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56 - md: It's wrong to add len to sector_nr in raid10 reshape twice - of: Support const and non-const use for to_of_node() - vhost/vsock: fix vhost vsock cid hashing inconsistent https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.165 - media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused() - 9p: use inode->i_lock to protect i_size_write() under 32-bit - 9p/net: fix memory leak in p9_client_create - [armhf] iio: adc: exynos-adc: Fix NULL pointer exception on unbind - crypto: ahash - fix another early termination in hash walk - [armhf] gpu: ipu-v3: Fix i.MX51 CSI control registers offset - [armhf] gpu: ipu-v3: Fix CSI offsets for imx53 - [s390x] dasd: fix using offset into zero size array error - [armhf] OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized - floppy: check_events callback should not return a negative number - mm/gup: fix gup_pmd_range() for dax - mm: page_alloc: fix ref bias in page_frag_alloc() for 1-byte allocs - [arm64] net: hns: Fix object reference leaks in hns_dsaf_roce_reset() - [armhf] clk: sunxi: A31: Fix wrong AHB gate number - assoc_array: Fix shortcut creation - scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task - [arm64] pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins - qmi_wwan: apply SET_DTR quirk to Sierra WP7607 - [armel] net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe() - [x86] ASoC: topology: free created components in tplg load error - [arm64] Relax GIC version check during early boot - [armhf] net: marvell: mvneta: fix DMA debug warning - tmpfs: fix link accounting when a tmpfile is linked in - mac80211_hwsim: propagate genlmsg_reply return code - [arm64] net: thunderx: make CFG_DONE message to run through generic send-ack sequence - nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K - nfp: bpf: fix ALU32 high bits clearance bug - net: set static variable an initial value in atl2_probe() - tmpfs: fix uninitialized return value in shmem_link - [x86] libnvdimm/label: Clear 'updating' flag after label-set update - [x86] libnvdimm/pmem: Honor force_raw for legacy pmem regions - [amd64] libnvdimm: Fix altmap reservation size calculation - crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails - [arm64] crypto: aes-ccm - fix logical bug in AAD MAC handling - CIFS: Do not reset lease state to NONE on lease break - CIFS: Fix read after write for files with read caching - tracing: Do not free iter->trace in fail path of tracing_open_pipe() - [amd64,arm64,i386] ACPI / device_sysfs: Avoid OF modalias creation for removed device - [armhf] spi: ti-qspi: Fix mmap read when more than one CS in use - [armhf] regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 - [armhf] regulator: s2mpa01: Fix step values for some LDOs - [armhf] clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR - [armhf] clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown - [s390x] virtio: handle find on invalid queue gracefully - scsi: virtio_scsi: don't send sc payload with tmfs - scsi: sd: Optimal I/O size should be a multiple of physical block size - scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock - fs/devpts: always delete dcache dentry-s in dput() - splice: don't merge into linked buffers - btrfs: ensure that a DUP or RAID1 block group has exactly two stripes - crypto: pcbc - remove bogus memcpy()s with src == dest - libertas_tf: don't set URB_ZERO_PACKET on IN USB transfer - [arm64,armhf] cpufreq: tegra124: add missing of_node_put() - ext4: fix crash during online resizing - [armhf] clk: clk-twl6040: Fix imprecise external abort for pdmclk - [x86] nfit: acpi_nfit_ctl(): Check out_obj->type in the right place - mm: hwpoison: fix thp split handing in soft_offline_in_use_page() (CVE-2019-10124) - mm/vmalloc: fix size check for remap_vmalloc_range_partial() - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv - device property: Fix the length used in PROPERTY_ENTRY_STRING() - [x86] intel_th: Don't reference unassigned outputs - parport_pc: fix find_superio io compare code, should use equal test. - [arm64,armhf] i2c: tegra: fix maximum transfer size - [x86] drm/i915: Relax mmap VMA check - [arm64] serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO - serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart - 8250: FIX Fourth port offset of Pericom PI7C9X7954 boards - serial: 8250_pci: Fix number of ports for ACCES serial cards - serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() - jbd2: clear dirty flag when revoking a buffer from an older transaction - jbd2: fix compile warning when using JBUFFER_TRACE - [powerpc] Clear on-stack exception marker upon exception return - [ppc64el] powernv: Make opal log only readable by root - [ppc64el] Fix 32-bit KVM-PR lockup and host crash with MacOS guest - [ppc64el] ptrace: Simplify vr_get/set() to avoid GCC warning - dm: fix to_sector() for 32bit - NFS: Fix I/O request leakages - NFS: Fix an I/O request leakage in nfs_do_recoalesce - NFS: Don't recoalesce on error in nfs_pageio_complete_mirror() - nfsd: fix memory corruption caused by readdir - nfsd: fix wrong check in write_v4_end_grace() - PM / wakeup: Rework wakeup source timer cancellation - bcache: never writeback a discard operation - [x86] perf intel-pt: Fix CYC timestamp calculation after OVF - perf auxtrace: Define auxtrace record alignment - [x86] perf intel-pt: Fix overlap calculation for padding - [x86] perf intel-pt: Fix divide by zero when TSC is not available - md: Fix failed allocation of md_register_thread - rcu: Do RCU GP kthread self-wakeup from softirq and interrupt - media: uvcvideo: Avoid NULL pointer dereference at the end of streaming - drm/radeon/evergreen_cs: fix missing break in switch statement - [x86] KVM: nVMX: Sign extend displacements of VMX instr's mem operands - [x86] KVM: nVMX: Ignore limit checks on VMX instructions using flat segments - [x86] KVM: Fix residual mmio emulation request to userspace https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.166 - [x86] drm/vmwgfx: Don't double-free the mode stored in par->set_mode - [amd64] iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE - libceph: wait for latest osdmap in ceph_monc_blacklist_add() - udf: Fix crash on IO error during truncate - [mips*] Ensure ELF appended dtb is relocated - [mips*] Fix kernel crash for R6 in jump label branch function - futex: Ensure that futex address is aligned in handle_futex_death() - objtool: Move objtool_file struct off the stack - ext4: fix NULL pointer dereference while journal is aborted - ext4: fix data corruption caused by unaligned direct AIO - ext4: brelse all indirect buffer in ext4_ind_remove_space() - media: v4l2-ctrls.c/uvc: zero v4l2_event - Bluetooth: Fix decrementing reference count twice in releasing socket - ALSA: hda - Record the current power state before suspend/resume calls - ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec - tcp/dccp: drop SYN packets if accept queue is full - vfs: Hang/soft lockup in d_invalidate with simultaneous calls - [arm64] traps: disable irq in die() - lib/int_sqrt: optimize small argument - scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 - rtc: Fix overflow when converting time64_t to rtc_time - [armhf] pwm-backlight: Enable/disable the PWM before/after LCD enable toggle. - ath10k: avoid possible string overflow https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.167 - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (CVE-2019-3460) - Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer (CVE-2019-3459) - cfg80211: size various nl80211 messages correctly - [arm64,armhf] stmmac: copy unicast mac address to MAC registers - dccp: do not use ipv6 header for ipv4 flow - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec - net: rose: fix a possible stack overflow - packets: Always register packet sk in the same order - tcp: do not use ipv6 header for ipv4 flow - vxlan: Don't call gro_cells_destroy() before device is unregistered - sctp: get sctphdr by offset in sctp_compute_cksum - tun: properly test for IFF_UP - tun: add a missing rcu_read_unlock() in error path - btrfs: remove WARN_ON in log_dir_items - btrfs: raid56: properly unmap parity page in finish_parity_scrub() - [powerpc*] bpf: Fix generation of load/store DW instructions - NFSv4.1 don't free interrupted slot on open - ALSA: rawmidi: Fix potential Spectre v1 vulnerability - ALSA: pcm: Fix possible OOB access in PCM oss plugins - ALSA: pcm: Don't suspend stream in unrecoverable PCM state - fs/open.c: allow opening only regular files during execve() - scsi: sd: Fix a race between closing an sd device and sd I/O - scsi: sd: Quiesce warning if device does not report optimal I/O size - [s390x] scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host - [s390x] scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices - [x86] staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest - USB: serial: cp210x: add new device id - USB: serial: ftdi_sio: add additional NovaTech products - USB: serial: mos7720: fix mos_parport refcount imbalance on error path - USB: serial: option: set driver_info for SIM5218 and compatibles - USB: serial: option: add Olicard 600 - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links - usb: common: Consider only available nodes for dr_mode - [x86] perf intel-pt: Fix TSC slip - cpu/hotplug: Prevent crash when CPU bringup fails on CONFIG_HOTPLUG_CPU=n - KVM: Reject device ioctls from processes other than the VM's creator - [x86] KVM: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts - USB: gadget: f_hid: fix deadlock in f_hidg_write() - xhci: Fix port resume done detection for SS ports with LPM enabled - [arm64] support keyctl() system call in 32-bit mode https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.168 - [arm64] debug: Don't propagate UNKNOWN FAR into si_code for debug signals - ext4: cleanup bh release code in ext4_ind_remove_space() - lib/int_sqrt: optimize initial value compute - mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified - i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA - CIFS: fix POSIX lock leak and invalid ptr deref - tracing: kdb: Fix ftdump to not sleep - [armhf] gpio: gpio-omap: fix level interrupt idling - include/linux/relay.h: fix percpu annotation in struct rchan - sysctl: handle overflow for file-max - [arm64] scsi: hisi_sas: Set PHY linkrate when disconnected - [armhf,ppc64el] mm/cma.c: cma_declare_contiguous: correct err handling - mm/page_ext.c: fix an imbalance with kmemleak - mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512! - mm/slab.c: kmemleak no scan alien caches - ocfs2: fix a panic problem caused by o2cb_ctl - fs/file.c: initialize init_files.resize_wait - cifs: use correct format characters - dm thin: add sanity checks to thin-pool and external snapshot creation - cifs: Fix NULL pointer dereference of devname - jbd2: fix invalid descriptor block checksum - fs: fix guard_bio_eod to check for real EOD errors - wil6210: check null pointer in _wil_cfg80211_merge_extra_ies - [arm64,armhf] usb: chipidea: Grab the (legacy) USB PHY by phandle first - scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c - [armel,armhf] 8840/1: use a raw_spinlock_t in unwind - [armhf] mmc: omap: fix the maximum timeout setting - e1000e: Fix -Wformat-truncation warnings - IB/mlx4: Increase the timeout for CM cache - scsi: megaraid_sas: return error when create DMA pool failed - [armhf] SoC: imx-sgtl5000: add missing put_device() - vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset == -1 - [amd64] HID: intel-ish-hid: avoid binding wrong ishtp_cl_device - [armhf] leds: lp55xx: fix null deref on firmware load failure - iwlwifi: pcie: fix emergency path - [x86] ACPI / video: Refactor and fix dmi_is_desktop() - kprobes: Prohibit probing on bsearch() - ALSA: PCM: check if ops are defined before suspending PCM - usb: f_fs: Avoid crash due to out-of-scope stack ptr access - bcache: fix input overflow to cache set sysfs file io_error_halflife - bcache: fix input overflow to sequential_cutoff - bcache: improve sysfs_strtoul_clamp() - genirq: Avoid summation loops for /proc/stat - iw_cxgb4: fix srqidx leak during connection abort - fbdev: fbmem: fix memory access if logo is bigger than the screen - cdrom: Fix race condition in cdrom_sysctl_register - e1000e: fix cyclic resets at link up with active tx - efi/memattr: Don't bail on zero VA if it equals the region's PA - [arm64] soc: qcom: gsbi: Fix error handling in gsbi_probe() - [armhf] avoid Cortex-A9 livelock on tight dmb loops - tty: increase the default flip buffer limit to 2*640K - [ppc64el] powerpc/pseries: Perform full re-add of CPU for topology update post-migration - hwrng: virtio - Avoid repeated init of completion - [arm64,armhf] soc/tegra: fuse: Fix illegal free of IO base address - [amd64] HID: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit - [x86] hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable - [armhf] dmaengine: imx-dma: fix warning comparison of distinct pointer types - [arm64] dmaengine: qcom_hidma: assign channel cookie correctly - netfilter: physdev: relax br_netfilter dependency - [armhf] regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting - drm/nouveau: Stop using drm_crtc_force_disable - selinux: do not override context on context mounts - [arm64,armhf] wlcore: Fix memory leak in case wl12xx_fetch_firmware failure - [arm64,armhf] dmaengine: tegra: avoid overflow of byte tracking - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers - [x86] ACPI / video: Extend chassis-type detection with a "Lunch Box" check [ Ben Hutchings ] * debian/bin/abiupdate.py: Change default URLs to use https: scheme. * Resolve kernel ABI changes: - Revert "genirq: Avoid summation loops for /proc/stat" - tracing: ring_buffer: Avoid ABI change in 4.9.168 - net: icmp: Avoid ABI change in 4.9.163 - Revert "phonet: fix building with clang" - netfilter: Ignore removal of br_netfilter_enable() [ Salvatore Bonaccorso ] * Refresh mm-mmap.c-expand_downwards-don-t-require-the-gap-if-.patch for context changes in 4.9.162 * [rt] Refresh 0008-futex-rt_mutex-Provide-futex-specific-rt_mutex-API.patch for context changes in 4.9.163 * [rt] Drop 0014-futex-rt_mutex-Restructure-rt_mutex_finish_proxy_loc.patch applied upstream in 4.9.163 * [rt] Refresh 0171-arm-include-definition-for-cpumask_t.patch for context changes in 4.9.165 * [rt] Drop 0256-arm-unwind-use-a-raw_spin_lock.patch -- Salvatore Bonaccorso <carnil(a)debian.org> Fri, 12 Apr 2019 15:52:49 +0200 linux (4.9.161-1) stretch; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.145 - [armhf] media: omap3isp: Unregister media device as first - [amd64] iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() - brcmutil: really fix decoding channel info for 160 MHz bandwidth - HID: input: Ignore battery reported by Symbol DS4308 - batman-adv: Expand merged fragment buffer for full packet - bnx2x: Assign unique DMAE channel number for FW DMAE transactions. - qed: Fix PTT leak in qed_drain() - qed: Fix reading wrong value in loop condition - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command - net/mlx4_core: Fix uninitialized variable compilation warning - net/mlx4: Fix UBSAN warning of signed integer overflow - [amd64] iommu/vt-d: Use memunmap to free memremap - team: no need to do team_notify_peers or team_mcast_rejoin when disabling port - mm: don't warn about allocations which stall for too long - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device - usb: appledisplay: Add 27" Apple Cinema Display - USB: check usb_get_extra_descriptor for proper size (CVE-2018-20169) - ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c (CVE-2018-19824) - [x86] ALSA: hda: Add support for AMD Stoney Ridge - ALSA: pcm: Fix starvation on down_write_nonblock() - ALSA: pcm: Call snd_pcm_unlink() conditionally at closing - ALSA: pcm: Fix interval evaluation with openmin/max - [x86] ALSA: hda/realtek - Fix speaker output regression on Thinkpad T570 - [s390x] virtio: avoid race on vcdev->config - [s390x] virtio: fix race in ccw_io_helper() - SUNRPC: Fix leak of krb5p encode pages - [armhf] dmaengine: cppi41: delete channel from pending list when stop channel - xhci: Prevent U1/U2 link pm states if exit latency is too long - swiotlb: clean up reporting - vsock: lookup and setup guest_cid inside vhost_vsock_lock - vhost/vsock: fix use-after-free in network stack callers (CVE-2018-14625) - cifs: Fix separator when building path from dentry - staging: rtl8712: Fix possible buffer overrun - tty: do not set TTY_IO_ERROR flag if console port - mac80211_hwsim: Timer should be initialized before device registered - mac80211: Clear beacon_int in ieee80211_do_stop - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext - mac80211: fix reordering of buffered broadcast packets - mac80211: ignore NullFunc frames in the duplicate detection https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.146 - ipv6: Check available headroom in ip6_xmit() even without options - net: 8139cp: fix a BUG triggered by changing mtu with network traffic - net/mlx4_core: Correctly set PFC param if global pause is turned off. - net: phy: don't allow __set_phy_supported to add unsupported modes - net: Prevent invalid access to skb->prev in __qdisc_drop_all - rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices - tcp: fix NULL ref in tail loss probe - tun: forbid iface creation with rtnl ops - neighbour: Avoid writing before skb->head in neigh_hh_output() - [armhf] OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup - sysv: return 'err' instead of 0 in __sysv_write_inode - [s390x] cpum_cf: Reject request for sampling in event initialization - [armhf] ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing - ASoC: dapm: Recalculate audio map forcely when card instantiated - hwmon: (w83795) temp4_type has writable permission - objtool: Fix double-free in .cold detection error path - objtool: Fix segfault in .cold detection with -ffunction-sections - Btrfs: send, fix infinite loop due to directory rename dependencies - RDMA/mlx5: Fix fence type for IB_WR_LOCAL_INV WR - [armhf] ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE - [armhf] ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE - exportfs: do not read dentry after free - bpf: fix check of allowed specifiers in bpf_trace_printk - ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf - [arm64] net: thunderx: fix NULL pointer dereference in nic_remove - cachefiles: Fix page leak in cachefiles_read_backing_file while vmscan is active - igb: fix uninitialized variables - ixgbe: recognize 1000BaseLX SFP modules as 1Gbps - [arm64] net: hisilicon: remove unexpected free_netdev - drm/ast: fixed reading monitor EDID not stable issue - fscache: fix race between enablement and dropping of object - ocfs2: fix deadlock caused by ocfs2_defrag_extent() - hfs: do not free node before using - hfsplus: do not free node before using - ocfs2: fix potential use after free - pstore: Convert console write to use ->write_buf - staging: speakup: Replace strncpy with memcpy https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.147 - signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack (Closes: #904385) - timer/debug: Change /proc/timer_list from 0444 to 0400 - [armhf] pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11 - aio: fix spectre gadget in lookup_ioctx - [armhf] MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 - [arm*] ARM: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt - tracing: Fix memory leak in set_trigger_filter() - tracing: Fix memory leak of instance function hash filters - [powerpc*] msi: Fix NULL pointer access in teardown code - Revert "drm/rockchip: Allow driver to be shutdown on reboot/kexec" - [x86] drm/i915/execlists: Apply a full mb before execution for Braswell - mac80211: don't WARN on bad WMM parameters from buggy APs - mac80211: Fix condition validating WMM IE - [amd64] IB/hfi1: Remove race conditions in user_sdma send path - [x86] locking: Remove smp_read_barrier_depends() from queued_spin_lock_slowpath() - [x86] locking/qspinlock: Ensure node is initialised before updating prev->next - [x86] locking/qspinlock: Bound spinning on pending->locked transition in slowpath - [x86] locking/qspinlock: Merge 'struct __qspinlock' into 'struct qspinlock' - [x86] locking/qspinlock: Remove unbounded cmpxchg() loop from locking slowpath - [x86] locking/qspinlock: Remove duplicate clear_pending() function from PV code - [x86] locking/qspinlock: Kill cmpxchg() loop when claiming lock from head of queue - [x86] locking/qspinlock: Re-order code - [x86] locking/qspinlock/x86: Increase _Q_PENDING_LOOPS upper bound - [x86] locking/qspinlock, x86: Provide liveness guarantee - [x86] locking/qspinlock: Fix build for anonymous union in older GCC compilers - mac80211_hwsim: fix module init error paths for netlink - scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset - [x86] scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq during unload - [x86] earlyprintk/efi: Fix infinite loop on some screen widths - [arm64] drm/msm: Grab a vblank reference when waiting for commit_done - bonding: fix 802.3ad state sent to partner when unbinding slave - nfs: don't dirty kernel pages read by direct-io - SUNRPC: Fix a potential race in xprt_connect() - [arm64] clk: mvebu: Off by one bugs in cp110_of_clk_get() - [armhf] Input: omap-keypad - fix keyboard debounce configuration - libata: whitelist all SAMSUNG MZ7KM* solid-state disks - [armhf] mv88e6060: disable hardware level MAC learning - net/mlx4_en: Fix build break when CONFIG_INET is off - bpf: check pending signals while verifying programs - [arm*] 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling - [arm*] 8815/1: V7M: align v7m_dma_inv_range() with v7 counterpart - drm/ast: Fix connector leak during driver unload - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) - vhost/vsock: fix reset orphans race with close timeout - [x86] i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node - nvmet-rdma: fix response use after free - [armhf] rtc: snvs: add a missing write sync - [armhf] rtc: snvs: Add timeouts to avoid kernel lockups https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.148 - block: break discard submissions into the user defined size - block: fix infinite loop if the device loses discard capability - ib_srpt: Fix a use-after-free in __srpt_close_all_ch() - USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data (CVE-2018-19985) - xhci: Don't prevent USB2 bus suspend in state check intended for USB3 only - USB: serial: option: add GosunCn ZTE WeLink ME3630 - USB: serial: option: add HP lt4132 - USB: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) - USB: serial: option: add Fibocom NL668 series - USB: serial: option: add Telit LN940 series - mmc: core: Reset HPI enabled state during re-init and in case of errors - mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support - mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl - [armhf] mmc: omap_hsmmc: fix DMA API warning - [x86] Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels - [x86] mtrr: Don't copy uninitialized gentry fields back to userspace - [x86] fpu: Disable bottom halves while loading FPU registers - ubifs: Handle re-linking of inodes correctly while recovery - panic: avoid deadlocks in re-entrant console drivers - proc/sysctl: don't return ENOMEM on lookup when a table is unregistering - drm/ioctl: Fix Spectre v1 vulnerabilities https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.149 - ip6mr: Fix potential Spectre v1 vulnerability - ipv4: Fix potential Spectre v1 vulnerability - ax25: fix a use-after-free in ax25_fillin_cb() - [ppc64el] ibmveth: fix DMA unmap error in ibmveth_xmit_start error path - ieee802154: lowpan_header_create check must check daddr - ipv6: explicitly initialize udp6_addr in udp_sock_create6() - ipv6: tunnels: fix two use-after-free - isdn: fix kernel-infoleak in capi_unlocked_ioctl - net: ipv4: do not handle duplicate fragments as overlapping - net: phy: Fix the issue that netif always links up after resuming - netrom: fix locking in nr_find_socket() - packet: validate address length - packet: validate address length if non-zero - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event - tipc: fix a double kfree_skb() - vhost: make sure used idx is seen before log in vhost_add_used_n() - [x86] VSOCK: Send reset control packet when socket is partially bound - xen/netfront: tolerate frags with no data - tipc: use lock_sock() in tipc_sk_reinit() - tipc: compare remote and local protocols in tipc_udp_enable() - gro_cell: add napi_disable in gro_cells_destroy - net/mlx5e: Remove the false indication of software timestamping support - net/mlx5: Typo fix in del_sw_hw_rule - sock: Make sock->sk_stamp thread-safe - ptr_ring: wrap back ->producer in __ptr_ring_swap_queue() - ALSA: rme9652: Fix potential Spectre v1 vulnerability - ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities - ALSA: pcm: Fix potential Spectre v1 vulnerability - ALSA: emux: Fix potential Spectre v1 vulnerabilities - ALSA: hda: add mute LED support for HP EliteBook 840 G4 - [arm64,armhf] ALSA: hda/tegra: clear pending irq handlers - USB: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays - USB: serial: option: add Fibocom NL678 series - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID - Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G - [x86] KVM: Use jmp to invoke kvm_spurious_fault() from .fixup - platform-msi: Free descriptors in platform_msi_domain_free() - perf pmu: Suppress potential format-truncation warning - ext4: fix possible use after free in ext4_quota_enable - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() - ext4: fix EXT4_IOC_GROUP_ADD ioctl - ext4: include terminating u32 in size of xattr entries when expanding inodes - ext4: force inode writes when nfsd calls commit_metadata() - [arm64,armhf] spi: bcm2835: Fix race on DMA termination - [arm64,armhf] spi: bcm2835: Fix book-keeping of DMA termination - [arm64,armhf] spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode - [armhf] clk: rockchip: fix typo in rk3188 spdif_frac parent - cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader. - f2fs: fix validation of the block count in sanity_check_raw_super - media: vivid: free bitmap_cap when updating std/timings/etc. - media: v4l2-tpg: array index could become negative - [mips*] Ensure pmd_present() returns false after pmd_mknotpresent() - [mips*] OCTEON: mark RGMII interface disabled on OCTEON III - CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem - [x86] kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested - [arm64] KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1 - [armhf] rtc: m41t80: Correct alarm month range with RTC reads - [x86] tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x - [arm64,armhf] spi: bcm2835: Unbreak the build of esoteric configs https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.150 - [arm64] pinctrl: meson: fix pull enable register calculation - Input: restore EV_ABS ABS_RESERVED - xfrm: Fix bucket count reported to userspace - netfilter: seqadj: re-load tcp header pointer after possible head reallocation - scsi: bnx2fc: Fix NULL dereference in error handling - [armhf] Input: omap-keypad - fix idle configuration to not block SoC idle states - netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel - bnx2x: Clear fip MAC when fcoe offload support is disabled - bnx2x: Remove configured vlans as part of unload sequence. - bnx2x: Send update-svid ramrod with retry/poll flags enabled - scsi: target: iscsi: cxgbit: fix csk leak - scsi: target: iscsi: cxgbit: add missing spin_lock_init() - [arm64] net: hns: Incorrect offset address used for some registers. - [arm64] net: hns: All ports can not work when insmod hns ko after rmmod. - [arm64] net: hns: Some registers use wrong address according to the datasheet. - [arm64] net: hns: Fixed bug that netdev was opened twice - [arm64] net: hns: Clean rx fbd when ae stopped. - [arm64] net: hns: Free irq when exit from abnormal branch - [arm64] net: hns: Avoid net reset caused by pause frames storm - [arm64] net: hns: Fix ntuple-filters status error. - net: hns: Add mac pcs config when enable|disable mac - SUNRPC: Fix a race with XPRT_CONNECTING - lan78xx: Resolve issue with changing MAC address - vxge: ensure data0 is initialized in when fetching firmware version information - net: netxen: fix a missing check and an uninitialized use - [s390x] scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown - libceph: fix CEPH_FEATURE_CEPHX_V2 check in calc_signature() - fork: record start_time late - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined - mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL - mm, devm_memremap_pages: kill mapping "System RAM" support - sunrpc: fix cache_head leak due to queued request - sunrpc: use SVC_NET() in svcauth_gss_* functions - [mips*] math-emu: Write-protect delay slot emulation pages - [amd64] crypto: x86/chacha20 - avoid sleeping with preemption disabled - vhost/vsock: fix uninitialized vhost_vsock->guest_cid - [amd64] IB/hfi1: Incorrect sizing of sge for PIO will OOPs - ALSA: cs46xx: Potential NULL dereference in probe - ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit() - ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks - dlm: fixed memory leaks after failed ls_remove_names allocation - dlm: possible memory leak on error path in create_lkb() - dlm: lost put_lkb on error path in receive_convert() and receive_unlock() - dlm: memory leaks on error path in dlm_user_request() - gfs2: Get rid of potential double-freeing in gfs2_create_inode - gfs2: Fix loop in gfs2_rbm_find - b43: Fix error in cordic routine - [powerpc*] tm: Set MSR[TS] just prior to recheckpoint - 9p/net: put a lower bound on msize - rxe: fix error completion wr_id and qp_num - [amd64] iommu/vt-d: Handle domain agaw being less than iommu agaw - ceph: don't update importing cap's mseq when handing cap export - [ppc64el] genwqe: Fix size check - [x86] intel_th: msu: Fix an off-by-one in attribute store - [i386] power: supply: olpc_battery: correct the temperature units - [arm64,armhf] drm/vc4: Set ->is_yuv to false when num_planes == 1 - bnx2x: Fix NULL pointer dereference in bnx2x_del_all_vlans() on some hw https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.151 - ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 - CIFS: Do not hide EINTR after sending network packets - cifs: Fix potential OOB access of lock element array - usb: cdc-acm: send ZLP for Telit 3G Intel based modems - USB: storage: don't insert sane sense for SPC3+ when bad sense specified - USB: storage: add quirk for SMI SM3350 - USB: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB - slab: alien caches must not be initialized if the allocation of the alien cache failed - mm: page_mapped: don't assume compound page is huge or THP - ACPI: power: Skip duplicate power resource references in _PRx - i2c: dev: prevent adapter retries and timeout being set as minus value - rbd: don't return 0 on unmap if RBD_DEV_FLAG_REMOVING is set - ext4: make sure enough credits are reserved for dioread_nolock writes - ext4: fix a potential fiemap/page fault deadlock w/ inline_data - ext4: avoid kernel warning when writing the superblock to a dead device - sunrpc: use-after-free in svc_process_common() (CVE-2018-16884) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.152 - tty/ldsem: Wake up readers after timed out down_write() - tty: Hold tty_ldisc_lock() during tty_reopen() - tty: Simplify tty->count math in tty_reopen() - tty: Don't hold ldisc lock in tty_reopen() if ldisc present - can: gw: ensure DLC boundaries after CAN frame modification (CVE-2019-3701) - Revert "f2fs: do not recover from previous remained wrong dnodes" - media: em28xx: Fix misplaced reset of dev->v4l::field_count - proc: Remove empty line in /proc/self/status - [arm64] kvm: consistently handle host HCR_EL2 flags - [arm64] Don't trap host pointer auth use to EL2 - ipv6: fix kernel-infoleak in ipv6_local_error() - net: bridge: fix a bug on using a neighbour cache entry without checking its state - packet: Do not leak dev refcounts on error exit - bonding: update nest level on unlink - ip: on queued skb use skb_header_pointer instead of pskb_may_pull - crypto: authencesn - Avoid twice completion call in decrypt path - crypto: authenc - fix parsing key with misaligned rta_len - btrfs: wait on ordered extents on abort cleanup - Yama: Check for pid death before checking ancestry - scsi: core: Synchronize request queue PM status only on successful resume - scsi: sd: Fix cache_type_store() - [arm64] kaslr: ensure randomized quantities are clean to the PoC - [mips*] Disable MSI also when pcie-octeon.pcie_disable on - media: vivid: fix error handling of kthread_run - media: vivid: set min width/height to a value > 0 - LSM: Check for NULL cred-security on free - media: vb2: vb2_mmap: move lock up - sunrpc: handle ENOMEM in rpcb_getport_async - netfilter: ebtables: account ebt_table_info to kmemcg - selinux: fix GPF on invalid policy - blockdev: Fix livelocks on loop device - sctp: allocate sctp_sockaddr_entry with kzalloc - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats - tipc: fix uninit-value in tipc_nl_compat_bearer_enable - tipc: fix uninit-value in tipc_nl_compat_link_set - tipc: fix uninit-value in tipc_nl_compat_name_table_dump - tipc: fix uninit-value in tipc_nl_compat_doit - block/loop: Use global lock for ioctl() operation. - loop: Fold __loop_release into loop_release - loop: Get rid of loop_index_mutex - loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl() - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock - mm, memcg: fix reclaim deadlock with writeback - media: vb2: be sure to unlock mutex on errors - nbd: set the logical and physical blocksize properly - nbd: Use set_blocksize() to set device blocksize https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.153 - r8169: Add support for new Realtek Ethernet - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses - [x86] platform: asus-wmi: Tell the EC the OS will handle the display off hotkey - e1000e: allow non-monotonic SYSTIM readings - writeback: don't decrement wb->refcnt if !wb->bdi - [arm64,armhf] serial: set suppress_bind_attrs flag only if builtin - ALSA: oxfw: add support for APOGEE duet FireWire - [arm64] perf: set suppress_bind_attrs flag to true - selinux: always allow mounting submounts - rxe: IB_WR_REG_MR does not capture MR's iova field - jffs2: Fix use of uninitialized delayed_work, lockdep breakage - pstore/ram: Do not treat empty buffers as valid - [ppc64el] powerpc/xmon: Fix invocation inside lock region - [powerpc*] powerpc/pseries/cpuidle: Fix preempt warning - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info - net: call sk_dst_reset when set SO_DONTROUTE - scsi: target: use consistent left-aligned ASCII INQUIRY data - [armhf] clk: imx6q: reset exclusive gates on init - tty/serial: do not free trasnmit buffer page under port lock - [x86] perf intel-pt: Fix error with config term "pt=0" - perf svghelper: Fix unchecked usage of strncpy() - perf parse-events: Fix unchecked usage of strncpy() - dm kcopyd: Fix bug causing workqueue stalls - dm snapshot: Fix excessive memory usage and workqueue stalls - ALSA: bebob: fix model-id of unit for Apogee Ensemble - sysfs: Disable lockdep for driver bind/unbind files - scsi: smartpqi: correct lun reset issues - scsi: megaraid: fix out-of-bound array accesses - ocfs2: fix panic due to unrecovered local alloc - mm/page-writeback.c: don't break integrity writeback on ->writepage() error - mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps - [arm64] ipmi:ssif: Fix handling of multi-part return messages - locking/qspinlock: Pull in asm/byteorder.h to ensure correct endianness https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.154 - net: bridge: Fix ethernet header pointer before check skb forwardable - net: Fix usage of pskb_trim_rcsum - openvswitch: Avoid OOB read when parsing flow nlattrs - vhost: log dirty page correctly - net: ipv4: Fix memory leak in network namespace dismantle - net_sched: refetch skb protocol for each filter - ipfrag: really prevent allocation on netns exit - USB: serial: simple: add Motorola Tetra TPG2200 device id - USB: serial: pl2303: add new PID to support PL2303TB - [x86] ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages - [s390x] early: improve machine detection - [s390x] smp: fix CPU hotplug deadlock with CPU rescan - [x86] char/mwave: fix potential Spectre v1 vulnerability - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 - tty: Handle problem if line discipline does not have receive_buf - uart: Fix crash in uart_write and uart_put_char - [x86] tty/n_hdlc: fix __might_sleep warning - CIFS: Fix possible hang during async MTU reads and writes - Input: xpad - add support for SteelSeries Stratus Duo - compiler.h: enable builtin overflow checkers and add fallback code - Input: uinput - fix undefined behavior in uinput_validate_absinfo() - [x86] acpi/nfit: Block function zero DSMs - [x86] acpi/nfit: Fix command-supported detection - dm thin: fix passdown_double_checking_shared_status() - [x86] KVM: Fix single-step debugging - [x86] kaslr: Fix incorrect i8254 outb() parameters - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it - can: bcm: check timer values before ktime conversion - vt: invoke notifier on screen size change - perf unwind: Unwind with libdw doesn't take symfs into account - perf unwind: Take pgoff into account when reporting elf to libdwfl - [arm64] irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size - [s390x] smp: Fix calling smp_call_ipl_cpu() from ipl CPU - nvmet-rdma: Add unlikely for response allocated check - nvmet-rdma: fix null dereference under heavy load - f2fs: read page index before freeing - btrfs: fix error handling in btrfs_dev_replace_start - btrfs: dev-replace: go back to suspended state if target device is missing https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.155 - Fix "net: ipv4: do not handle duplicate fragments as overlapping" - fs: add the fsnotify call to vfs_iter_write - ipv6: Consider sk_bound_dev_if when binding a socket to an address (Closes: #918103) - l2tp: copy 4 more bytes to linear part if necessary - net/mlx4_core: Add masking for a few queries on HCA caps - netrom: switch to sock timer API - net/rose: fix NULL ax25_cb kernel panic - net/mlx5e: Allow MAC invalidation while spoofchk is ON - l2tp: remove l2specific_len dependency in l2tp_core - l2tp: fix reading optional fields of L2TPv3 - ipvlan, l3mdev: fix broken l3s mode wrt local routes - CIFS: Do not count -ENODATA as failure for query directory - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() - [arm64] kaslr: ensure randomized quantities are clean also when kaslr is off - [arm64] hyp-stub: Forbid kprobing of the hyp-stub - [arm64] hibernate: Clean the __hyp_text to PoC after resume - gfs2: Revert "Fix loop in gfs2_rbm_find" - [x86] platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK - [x86] platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes - [arm64,armhf] mmc: sdhci-iproc: handle mmc_of_parse() errors during probe - kernel/exit.c: release ptraced tasks before zap_pid_ns_processes - mm, oom: fix use-after-free in oom_kill_process - mm: hwpoison: use do_send_sig_info() instead of force_sig() - mm: migrate: don't rely on __PageMovable() of newpage after unlocking it - cifs: Always resolve hostname before reconnecting - drivers: core: Remove glue dirs from sysfs earlier - fs: don't scan the inode cache before SB_BORN is set - fanotify: fix handling of events on child sub-directory https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156 - drm/bufs: Fix Spectre v1 vulnerability - [x86] ASoC: Intel: mrfld: fix uninitialized variable access - [armhf] gpu: ipu-v3: image-convert: Prevent race between run and unprepare - scsi: lpfc: Correct LCB RJT handling - [armhf] 8808/1: kexec:offline panic_smp_self_stop CPU - dlm: Don't swamp the CPU with callbacks queued during recovery - [x86] PCI: Fix Broadcom CNB20LE unintended sign extension (redux) - [ppc64el] powerpc/pseries: add of_node_put() in dlpar_detach_node() - [arm64,armhf] drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl - [arm64,armhf] soc/tegra: Don't leak device tree node reference - [x86] iio: accel: kxcjk1013: Add KIOX010A ACPI Hardware-ID - media: adv*/tc358743/ths8200: fill in min width/height/pixelclock - f2fs: move dir data flush to write checkpoint process - f2fs: fix wrong return value of f2fs_acl_create - nfsd4: fix crash on writing v4_end_grace before nfsd startup - Thermal: do not clear passive state during system sleep - firmware/efi: Add NULL pointer checks in efivars API functions - [arm64] ftrace: don't adjust the LR value - [x86] fpu: Add might_fault() to user_insn() - smack: fix access permissions for keyring - usb: hub: delay hub autosuspend if USB3 port is still link training - timekeeping: Use proper seqcount initializer - [armhf] clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module clocks - [amd64] iommu/amd: Fix amd_iommu=force_isolation - [armhf] dts: Fix OMAP4430 SDP Ethernet startup - [mips*] bpf: fix encoding bug for mm_srlv32_op - [arm64,armhf] iommu/arm-smmu: Add support for qcom,smmu-v2 variant - [arm64] iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer - udf: Fix BUG on corrupted inode - memstick: Prevent memstick host from getting runtime suspended during card detection - [armhf] tty: serial: samsung: Properly set flags in autoCTS mode - perf header: Fix unchecked usage of strncpy() - perf probe: Fix unchecked usage of strncpy() - [arm64] KVM: Skip MMIO insn after emulation - mac80211: fix radiotap vendor presence bitmap handling - xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi - Bluetooth: Fix unnecessary error message for HCI request completion - scsi: smartpqi: correct host serial num for ssa - scsi: smartpqi: correct volume status - drbd: narrow rcu_read_lock in drbd_sync_handshake - drbd: disconnect, if the wrong UUIDs are attached on a connected peer - drbd: skip spurious timeout (ping-timeo) when failing promote - fbdev: fbmem: behave better with small rotated displays and many CPUs - i40e: define proper net_device::neigh_priv_len - igb: Fix an issue that PME is not enabled during runtime suspend - fbdev: fbcon: Fix unregister crash when more than one framebuffer - [arm64] pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins - [arm64] pinctrl: meson: meson8b: fix the GPIO function for the GPIOAO pins - [x86] KVM: svm: report MSR_IA32_MCG_EXT_CTL as unsupported - NFS: nfs_compare_mount_options always compare auth flavors. - hwmon: (lm80) fix a missing check of the status of SMBus read - hwmon: (lm80) fix a missing check of bus read in lm80 probe - seq_buf: Make seq_buf_puts() null-terminate the buffer - cifs: check ntwrk_buf_start for NULL before dereferencing it - um: Avoid marking pages with "changed protection" - niu: fix missing checks of niu_pci_eeprom_read - f2fs: fix sbi->extent_list corruption issue - ocfs2: don't clear bh uptodate for block read - HID: lenovo: Add checks to fix of_led_classdev_register - kernel/hung_task.c: break RCU locks based on jiffies - proc/sysctl: fix return error for proc_doulongvec_minmax() - fs/epoll: drop ovflist branch prediction - exec: load_script: don't blindly truncate shebang string - dccp: fool proof ccid_hc_[rt]x_parse_options() - rxrpc: bad unlock balance in rxrpc_recvmsg - skge: potential memory corruption in skge_get_regs() - rds: fix refcount bug in rds_sock_addref - net/mlx5e: Force CHECKSUM_UNNECESSARY for short ethernet frames - [armhf] net: dsa: slave: Don't propagate flag changes on down slave interfaces - enic: fix checksum validation for IPv6 - ALSA: compress: Fix stop handling on compressed capture streams - ALSA: hda - Serialize codec registrations - fuse: call pipe_buf_release() under pipe lock - fuse: decrement NR_WRITEBACK_TEMP on the right page - fuse: handle zero sized retrieve correctly - [arm64,armhf] dmaengine: bcm2835: Fix interrupt race on RT - [arm64,armhf] dmaengine: bcm2835: Fix abort of transactions - [armhf] dmaengine: imx-dma: fix wrong callback invoke - [armhf] usb: phy: am335x: fix race condition in _probe - [armhf] usb: gadget: musb: fix short isoc packets with inventra dma - scsi: aic94xx: fix module loading - [x86] KVM: work around leak of uninitialized stack contents (CVE-2019-7222) - kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974) - [x86] KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221) - [x86] perf/x86/intel/uncore: Add Node ID mask - [x86] MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() - perf/core: Don't WARN() for impossible ring-buffer sizes - perf tests evsel-tp-sched: Fix bitwise operator - serial: fix race between flush_to_ldisc and tty_open - oom, oom_reaper: do not enqueue same task twice - [amd64] PCI: vmd: Free up IRQs on suspend path - [amd64] IB/hfi1: Add limit test for RC/UC send via loopback - [x86] perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.157 - [armhf] mtd: rawnand: gpmi: fix MX28 bus master lockup problem - signal: Always notice exiting tasks - signal: Better detection of synchronous signals - [arm64,armhf] misc: vexpress: Off by one in vexpress_syscfg_exec() - debugfs: fix debugfs_rename parameter checking - [mips*] cm: reprime error cause - [mips*] OCTEON: don't set octeon_dma_bar_type if PCI is disabled - mac80211: ensure that mgmt tx skbs have tailroom for encryption - drm/modes: Prevent division by zero htotal - [x86] drm/vmwgfx: Fix setting of dma masks - [x86] drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user - nfsd4: fix cached replies to solo SEQUENCE compounds - nfsd4: catch some false session retries - HID: debug: fix the ring buffer implementation (CVE-2019-3819) - Revert "cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs)" - libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() - xfrm: refine validation of template and selector families - batman-adv: Avoid WARN on net_device without parent in netns - batman-adv: Force mac header to start of data on xmit https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.158 - Revert "exec: load_script: don't blindly truncate shebang string" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.159 - dt-bindings: eeprom: at24: add "atmel,24c2048" compatible string - eeprom: at24: add support for 24c2048 - uapi/if_ether.h: prevent redefinition of struct ethhdr - [armel,armhf] 8789/1: signal: copy registers using __copy_to_user() - [armel,armhf] 8791/1: vfp: use __copy_to_user() when saving VFP state - [armel,armhf] 8793/1: signal: replace __put_user_error with __put_user - [armel,armhf] 8794/1: uaccess: Prevent speculative use of the current addr_limit - [armel,armhf] 8795/1: spectre-v1.1: use put_user() for __put_user() - [armel,armhf] 8796/1: spectre-v1,v1.1: provide helpers for address sanitization - [armel,armhf] 8797/1: spectre-v1.1: harden __copy_to_user - [armel,armhf] 8810/1: vfp: Fix wrong assignement to ufp_exc - [armel,armhf] make lookup_processor_type() non-__init - [armel,armhf] split out processor lookup - [armel,armhf] clean up per-processor check_bugs method call - [armel,armhf] add PROC_VTABLE and PROC_TABLE macros - [armel,armhf] spectre-v2: per-CPU vtables to work around big.Little systems - [armel,armhf] ensure that processor vtables is not lost after boot - [armel,armhf] fix the cockup in the previous patch - net: create skb_gso_validate_mac_len() (CVE-2018-1000026) - bnx2x: disable GSO where gso_size is too big for hardware (CVE-2018-1000026) - [i386] ACPI: NUMA: Use correct type for printing addresses on i386-PAE - cpufreq: check if policy is inactive early in __cpufreq_get() - [armel] dts: kirkwood: Fix polarity of GPIO fan lines - cifs: Limit memory used by lock request calls to a page - perf report: Include partial stacks unwound with libdw - Revert "Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G" - Input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK - perf/core: Fix impossible ring-buffer sizes warning - [x86] perf: Add check_period PMU callback - ALSA: hda - Add quirk for HP EliteBook 840 G5 - ALSA: usb-audio: Fix implicit fb endpoint setup by quirk - [x86] kvm: vmx: Fix entry number check for add_atomic_switch_msr() - Input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 - [alpha] fix page fault handling for r16-r18 targets - [alpha] Fix Eiger NR_IRQS to 128 - tracing/uprobes: Fix output for multiple string arguments - signal: Restore the stop PTRACE_EVENT_EXIT - [amd64] x86/a.out: Clear the dump structure initially - dm thin: fix bug where bio that overwrites thin block ignores FUA - [x86] drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set - smsc95xx: Use skb_cow_head to deal with cloned skbs - ch9200: use skb_cow_head() to deal with cloned skbs - kaweth: use skb_cow_head() to deal with cloned skbs - [arm64,armhf] usb: dwc2: Remove unnecessary kfree - netfilter: nf_tables: fix mismatch in big-endian system - [arm64] pinctrl: msm: fix gpio-hog related boot issues - mm: stop leaking PageTables - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define - Revert "scsi: aic94xx: fix module loading" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.160 - net: fix IPv6 prefix route residue - [x86] vsock: cope with memory allocation failure at socket creation time - hwmon: (lm80) Fix missing unlock on error in set_fan_div() - net: Fix for_each_netdev_feature on Big endian - [arm64,armhf] net: stmmac: handle endianness in dwmac4_get_timestamp - sky2: Increase D3 delay again - vhost: correctly check the return value of translate_desc() in log_used() - net: Add header for usage of fls64() - tcp: tcp_v4_err() should be more careful - net: Do not allocate page fragments that are not skb aligned - tcp: clear icsk_backoff in tcp_write_queue_purge() - vxlan: test dev->flags & IFF_UP before calling netif_rx() - [arm64,armhf] net: stmmac: Fix a race in EEE enable callback - net: ipv4: use a dedicated counter for icmp_v4 redirect packets - btrfs: Remove false alert when fiemap range is smaller than on-disk extent - mISDN: fix a race in dev_expire_timer() - ax25: fix possible use-after-free https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.161 - mac80211: Free mpath object when rhashtable insertion fails - libceph: handle an empty authorize reply - ceph: avoid repeatedly adding inode to mdsc->snap_flush_list - numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES - proc, oom: do not report alien mms when setting oom_score_adj - KEYS: allow reaching the keys quotas exactly - [armhf] mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells - [armhf] mfd: twl-core: Fix section annotations on {,un}protect_pm_master - [arm64] mfd: qcom_rpm: write fw_version to CTRL_REG - [armhf] mfd: mc13xxx: Fix a missing check of a register-read failure - qed: Fix qed_ll2_post_rx_buffer_notify_fw() by adding a write memory barrier - [arm64] net: hns: Fix use after free identified by SLUB debug - scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param - [x86] scsi: isci: initialize shost fully before calling scsi_add_host() - atm: he: fix sign-extension overflow on large shift - [armhf] leds: lp5523: fix a missing check of return value of lp55xx_read - net/mlx5e: Fix wrong (zero) TX drop counter indication for representor - RDMA/srp: Rework SCSI device reset handling - KEYS: user: Align the payload buffer - KEYS: always initialize keyring_index_key::desc_len - batman-adv: fix uninit-value in batadv_interface_tx() - net/packet: fix 4gb buffer limit due to overflow check - team: avoid complex list operations in team_nl_cmd_options_set() - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach() - sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment - net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames - [hppa/parisc] Fix ptrace syscall number modification - [x86] hpet: Make cmd parameter of hpet_ioctl_common() unsigned - clocksource: Use GENMASK_ULL in definition of CLOCKSOURCE_MASK - netpoll: Fix device name check in netpoll_setup() - tracing: Use cpumask_available() to check if cpumask variable may be used - [x86] boot: Disable the address-of-packed-member compiler warning - [x86] drm/i915: Consistently use enum pipe for PCH transcoders - [x86] drm/i915: Fix enum pipe vs. enum transcoder for the PCH transcoder - [arm64] irqchip/gic-v3: Convert arm64 GIC accessors to {read,write}_sysreg_s - mm/zsmalloc.c: change stat type parameter to int - mm/zsmalloc.c: fix -Wunneeded-internal-declaration warning - Revert "bridge: do not add port to router list when receives query with source 0.0.0.0" - netfilter: nf_tables: fix flush after rule deletion in the same batch - [arm64] pinctrl: max77620: Use define directive for max77620_pinconf_param values - [arm64,armhf] phy: tegra: remove redundant self assignment of 'map' - sched/sysctl: Fix attributes of some extern declarations [ Salvatore Bonaccorso ] * Refresh kbuild-use-nostdinc-in-compile-tests.patch for context changes in 4.9.145 * [rt] Update to 4.9.146-rt125 - seqlock: provide the same ordering semantics as mainline - squashfs: make use of local lock in multi_cpu decompressor - locallock: provide {get,put}_locked_ptr() variants - posix-timers: move the rcu head out of the union - alarmtimer: Prevent live lock in alarm_cancel() - block: blk-mq: move blk_queue_usage_counter_release() into process context - Revert "block: blk-mq: Use swait" - Revert "rt,ntp: Move call to schedule_delayed_work() to helper thread" - net: use task_struct instead of CPU number as the queue owner on -RT - locking: add types.h - mm/slub: close possible memory-leak in kmem_cache_alloc_bulk() - crypto: limit more FPU-enabled sections - sched, tracing: Fix trace_sched_pi_setprio() for deboosting - rcu: Suppress lockdep false-positive ->boost_mtx complaints - rcu: Do not include rtmutex_common.h unconditionally - rtmutex: Make rt_mutex_futex_unlock() safe for irq-off callsites - futex: Fix OWNER_DEAD fixup - futex: Avoid violating the 10th rule of futex - futex: Fix more put_pi_state() vs. exit_pi_state_list() races - futex: Fix pi_state->owner serialization * [rt] Refresh 0366-posix-timers-move-the-rcu-head-out-of-the-union.patch. Refresh for context changes caused by a Debian specific patch to avoid ABI change in 4.9.136: "posix-timers: Avoid ABI change in 4.9.136" * [rt] Refresh 0280-random-Make-it-work-on-rt.patch * [rt] Refresh 0198-fs-aio-simple-simple-work.patch for context changes in 4.9.147 * Btrfs: fix corruption reading shared and compressed extents after hole punching (Closes: #922306) [ Ben Hutchings ] * Bump ABI to 9 and apply deferred changes: - netfilter: ipv6: nf_defrag: reduce struct net memory waste - proc/sysctl: prune stale dentries during unregistering - proc/sysctl: Don't grab i_lock under sysctl_lock. - proc: Fix proc_sys_prune_dcache to hold a sb reference - [mips*] Correct the 64-bit DSP accumulator register size - inet: frags: fix ip6frag_low_thresh boundary - inet: frags: reorganize struct netns_frags - rhashtable: reorganize struct rhashtable layout - inet: frags: break the 2GB limit for frags storage - elevator: fix truncation of icq_cache_name -- Salvatore Bonaccorso <carnil(a)debian.org> Wed, 27 Feb 2019 22:21:01 +0100 --- Modifications pour mariadb-10.1 (libmariadbclient18 mariadb-client-10.1 mariadb-client-core-10.1 mariadb-common) --- mariadb-10.1 (10.1.38-0+deb9u1) stretch; urgency=medium * SECURITY UPDATE: New upstream release 10.1.38. Includes fixes for the following security vulnerabilities (Closes: #920933): - CVE-2019-2537 - CVE-2019-2529 * Update correct branch name in gbp.conf * Disable test unit.pcre_test on s390x that was failing in stretch-security (Closes: #920854) * Limit build test suite to 'main' like in mariadb-10.3 to make unnecessary build failures less likely in lifetime of Stretch. * Fix mips compilation failure (__bss_start symbol missing) (Closes: #920855) * Extend the server README to clarify common misunderstandings (Closes: #878215) * Enable ccache in CMake path so it can be used automatically where available * Heavily refactor and unify gitlab-ci.yml MariaDB install/upgrade steps. This ensures uploads to Stretch are much more safer to do now than in the past. -- Otto Kekäläinen <otto(a)debian.org> Tue, 16 Apr 2019 14:56:50 +0300 --- Modifications pour postfix (postfix postfix-sqlite) --- postfix (3.1.12-0+deb9u1) stretch; urgency=medium [Scott Kitterman] * Add detailed smarthost instructions to README.Debian. Thanks to Celejar for the input. Closes: #919444 * Refresh patches [Wietse Venema] * 3.1.10 - Bugfix (introduced: Postfix 2.11): minor memory leak when minting issuer certs. This affects a tiny minority of use cases. Viktor Dukhovni, based on a fix by Juan Altmayer Pizzorno for the ssl_dane library. File: tls/tls_dane.c. - Bugfix (introduced: Postfix 3.0): with smtputf8_enable=yes, table lookups could casefold the search string when searching a lookup table that does not use fixed-string keys (regexp, pcre, tcp, etc.). Historically, Postfix would not case-fold the search string with such tables. File: util/dict_utf8.c. Closes: #917512 - Multiple 'bit rot' fixes for OpenSSL API changes, including support to disable TLSv1.3, to avoid issuing multiple session tickets. Viktor Dukhovni. Files: proto/postconf.proto, proto/TLS_README.html, tls/tls.h, tls/tls_server.c, tls/tls_misc.c. - Bugfix (introduced: 3.0): smtpd_discard_ehlo_keywords could not disable "SMTPUTF8". because the lookup table was using "EHLO_MASK_SMTPUTF8" instead. File: global/ehlo_mask.c. - Documentation: update documentation for Postfix versions that support disabling TLS 1.3. File: proto/postconf.proto. - Improved logging of TLS 1.3 summary information, and improved reporting of the same info in Received: message headers. Viktor Dukhovni. Files: proto/FORWARD_SECRECY_README.html, posttls-finger/posttls-finger.c, smtpd/smtpd.c, tls/tls.h, tls/tls_client.c, tls/tls_misc.c, tls/tls_proxy.h, tls/tls_proxy_context_print.c, tls/tls_proxy_context_scan.c, tls/tls_server.c. * 3.1.11 - Bugfix (introduced: postfix-2.11): with posttls-finger, connections to unix-domain servers always resulted in "Failed to establish session" even after a connection was established. Jaroslav Skarva. File: posttls-finger/posttls-finger.c. * 3.1.12 - Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce has been producing false rejects starting with the Postfix 2.2 smtpd_end_of_data_restrictons, and for the same reasons, did the same with the Postfix 3.4 BDAT command. The latter was reported by Andreas Schulze. File: smtpd/smtpd_check.c. - Bugfix (introduced: Postfix 3.0): LMTP connections over UNIX-domain sockets were cached but not reused, due to a cache lookup key mismatch. Therefore, idle cached connections could exhaust LMTP server resources, resulting in two-second pauses between email deliveries. This problem was investigated by Juliana Rodrigueiro. File: smtp/smtp_connect.c. -- Scott Kitterman <scott(a)kitterman.com> Mon, 25 Mar 2019 01:01:51 -0400 --- Modifications pour publicsuffix --- publicsuffix (20190415.1030-0+deb9u1) stretch; urgency=medium * new upstream publicsuffix data -- Daniel Kahn Gillmor <dkg(a)fifthhorseman.net> Mon, 15 Apr 2019 14:11:53 -0400 publicsuffix (20190221.0923-0+deb9u1) stretch; urgency=medium * new upstream publicsuffix data -- Daniel Kahn Gillmor <dkg(a)fifthhorseman.net> Wed, 13 Mar 2019 10:20:24 -0400 publicsuffix (20181030.1007-0+deb9u1) stretch; urgency=medium * new upstream publicsuffix data -- Daniel Kahn Gillmor <dkg(a)fifthhorseman.net> Thu, 01 Nov 2018 20:58:10 -0400 --- Modifications pour python-cryptography (python3-cryptography python-cryptography) --- python-cryptography (1.7.1-3+deb9u1) stretch; urgency=medium * Remove BIO_callback_ctrl: The prototype differs with the OpenSSL's definition of it after it was changed (fixed) within OpenSSL. It has no users. -- Sebastian Andrzej Siewior <sebastian(a)breakpoint.cc> Sun, 02 Sep 2018 15:17:35 +0200 --- Modifications pour python-pip (python-pip python-pip-whl) --- python-pip (9.0.1-2+deb9u1) stretch; urgency=medium * Team upload. * Add Properly_catch_requests_HTTPError_in_index.py.patch, which fixes --extra-index-url results in "HTTPError: 404 Client Error: NOT FOUND". The patch makes works even with the unbundled requests. (Closes: #837764). -- Thomas Goirand <zigo(a)debian.org> Sun, 31 Mar 2019 00:02:11 +0100 --- Modifications pour rsync --- rsync (3.1.2-1+deb9u2) stretch; urgency=medium * Apply CVEs from 2016 to the zlib code. closes:#924509 -- Paul Slootman <paul(a)debian.org> Fri, 15 Mar 2019 11:39:50 +0100 --- Modifications pour unzip --- unzip (6.0-21+deb9u1) stretch; urgency=medium * Fix buffer overflow in password protected ZIP archives. Closes: #889838. Patch borrowed from SUSE. For reference, this is CVE-2018-1000035. -- Santiago Vila <sanvila(a)debian.org> Wed, 17 Apr 2019 21:23:40 +0200 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on nonagon.federez.net -- apticron

5 années, 11 mois

17 Debian package update(s) for nonagon.federez.net

par club-federez＠crans.org

apticron report [Sun, 28 Apr 2019 18:49:11 +0200] ======================================================================== apticron has detected that some packages need upgrading on: nonagon.federez.net [ 185.230.78.42 2a0c:700:0:23:67:e5ff:fee9:3 ] The following packages are currently pending an upgrade: base-files 9.9+deb9u9 libjs-jquery 3.1.1-2+deb9u1 libmariadbclient18 10.1.38-0+deb9u1 libpng16-16 1.6.28-1+deb9u1 linux-libc-dev 4.9.168-1 mariadb-client-10.1 10.1.38-0+deb9u1 mariadb-client-core-10.1 10.1.38-0+deb9u1 mariadb-common 10.1.38-0+deb9u1 postfix 3.1.12-0+deb9u1 postfix-sqlite 3.1.12-0+deb9u1 publicsuffix 20190415.1030-0+deb9u1 python3-cryptography 1.7.1-3+deb9u1 python-cryptography 1.7.1-3+deb9u1 python-pip 9.0.1-2+deb9u1 python-pip-whl 9.0.1-2+deb9u1 rsync 3.1.2-1+deb9u2 unzip 6.0-21+deb9u1 ======================================================================== Package Details: apt-listchanges : Lecture des fichiers de modifications (« changelog »)... apt-listchanges : journaux des modifications (« changelogs ») ------------------------------------------------------------- --- Modifications pour libpng1.6 (libpng16-16) --- libpng1.6 (1.6.28-1+deb9u1) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * Call png_image_free_function without guarding it with png_safe_execute (CVE-2019-7317) (Closes: #921355) -- Salvatore Bonaccorso <carnil(a)debian.org> Thu, 18 Apr 2019 22:12:35 +0200 --- Modifications pour base-files --- base-files (9.9+deb9u9) stretch; urgency=medium * Change /etc/debian_version to 9.9, for Debian 9.9 point release. -- Santiago Vila <sanvila(a)debian.org> Thu, 28 Mar 2019 10:12:44 +0100 --- Modifications pour jquery (libjs-jquery) --- jquery (3.1.1-2+deb9u1) stretch; urgency=medium * Team upload * Add patch to prevent Object.prototype pollution (Closes: #927385, CVE-2019-11358) * Disable check-against-upstream-build test (autopkgtest) since file is now patched -- Xavier Guimard <yadd(a)debian.org> Thu, 18 Apr 2019 22:57:29 +0200 --- Modifications pour linux (linux-libc-dev) --- linux (4.9.168-1) stretch; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.162 - Revert "loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()" - Revert "loop: Get rid of loop_index_mutex" - Revert "loop: Fold __loop_release into loop_release" - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached - [arm64] drm/msm: Unblock writer if reader closes file - [x86] ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field - [x86] ALSA: compress: prevent potential divide by zero bugs - [x86] thermal: int340x_thermal: Fix a NULL vs IS_ERR() check - [arm64,armhf] usb: dwc3: gadget: synchronize_irq dwc irq in suspend - [arm64,armhf] usb: dwc3: gadget: Fix the uninitialized link_state when udc starts - usb: gadget: Potential NULL dereference on allocation error - ASoC: dapm: change snprintf to scnprintf for possible overflow - [armhf] ASoC: imx-audmux: change snprintf to scnprintf for possible overflow - [x86] drivers: thermal: int340x_thermal: Fix sysfs race condition - mac80211: fix miscounting of ttl-dropped frames - locking/rwsem: Fix (possible) missed wakeup - direct-io: allow direct writes to empty inodes - scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state() - net: usb: asix: ax88772_bind return error when hw_reset fail - [ppc64el] ibmveth: Do not process frames after calling napi_reschedule - mac80211: don't initiate TDLS connection if station is not associated to AP - mac80211: Add attribute aligned(2) to struct 'action' - cfg80211: extend range deviation for DMG - [x86] svm: Fix AVIC incomplete IPI emulation - [x86] KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1 - [powerpc*] Always initialize input array when calling epapr_hypercall() - [arm64] mmc: spi: Fix card detection during probe - mm: enforce min addr even if capable() in expand_downwards() (CVE-2019-9213) - [x86] uaccess: Don't leak the AC flag into __put_user() value evaluation https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.163 - USB: serial: option: add Telit ME910 ECM composition - USB: serial: cp210x: add ID for Ingenico 3070 - USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 - cpufreq: Use struct kobj_attribute instead of struct global_attr - ncpfs: fix build warning of strncpy - [x86] staging: comedi: ni_660x: fix missing break in switch statement - ip6mr: Do not call __IP6_INC_STATS() from preemptible context - net-sysfs: Fix mem leak in netdev_register_kobject - sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79 - team: Free BPF filter when unregistering netdev - bnxt_en: Drop oversize TX packets to prevent errors. - [x86] hv_netvsc: Fix IP header checksum for coalesced packets - [armhf] net: dsa: mv88e6xxx: Fix u64 statistics - net: netem: fix skb length BUG_ON in __skb_to_sgvec - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails - net: sit: fix memory leak in sit_init_net() - xen-netback: don't populate the hash cache on XenBus disconnect - xen-netback: fix occasional leak of grant ref mappings under memory pressure - net: Add __icmp_send helper. - tun: fix blocking read - tun: remove unnecessary memory barrier - net: phy: Micrel KSZ8061: link failure after cable connect - [x86] CPU/AMD: Set the CPB bit unconditionally on F17h - applicom: Fix potential Spectre v1 vulnerabilities - [mips*] irq: Allocate accurate order pages for irq stack - hugetlbfs: fix races and page leaks during migration - exec: Fix mem leak in kernel_read_file (CVE-2019-8980) - media: uvcvideo: Fix 'type' check leading to overflow - vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel - perf core: Fix perf_proc_update_handler() bug - perf tools: Handle TOPOLOGY headers with no CPU - IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM - [amd64] iommu/amd: Call free_iova_fast with pfn in map_sg - [amd64] iommu/amd: Unmap all mapped pages in error path of map_sg - ipvs: Fix signed integer overflow when setsockopt timeout - [amd64] iommu/amd: Fix IOMMU page flush when detach device from a domain - [arm64] net: hns: Fix for missing of_node_put() after of_parse_phandle() - [arm64] net: hns: Fix wrong read accesses via Clause 45 MDIO protocol - [armhf] net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup() - nfs: Fix NULL pointer dereference of dev_name - qed: Fix VF probe failure while FLR - scsi: libfc: free skb when receiving invalid flogi resp - [x86] platform: Fix unmet dependency warning for SAMSUNG_Q10 - cifs: fix computation for MAX_SMB2_HDR_SIZE - [arm64] kprobe: Always blacklist the KVM world-switch code - [x86] kexec: Don't setup EFI info if EFI runtime is not enabled - mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone - mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone - fs/drop_caches.c: avoid softlockups in drop_pagecache_sb() - autofs: drop dentry reference only when it is never used - autofs: fix error return in autofs_fill_super() - vsock/virtio: fix kernel panic after device hot-unplug - vsock/virtio: reset connected sockets on device removal - netfilter: nf_nat: skip nat clash resolution for same-origin entries - [s390x] qeth: fix use-after-free in error path - perf symbols: Filter out hidden symbols from labels - [mips*] Remove function size check in get_frame_info() - fs: ratelimit __find_get_block_slow() failure message. - Input: wacom_serial4 - add support for Wacom ArtPad II tablet - Input: elan_i2c - add id for touchpad found in Lenovo s21e-20 - [x86] iscsi_ibft: Fix missing break in switch statement - scsi: aacraid: Fix missing break in switch statement - futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock() - [armhf] dts: exynos: Fix pinctrl definition for eMMC RTSN line on Odroid X2/U3 - drm: disable uncached DMA optimization for ARM and arm64 - [armhf] dts: exynos: Do not ignore real-world fuse values for thermal zone 0 on Exynos5420 - [x86] perf/x86/intel: Make cpuc allocations consistent - [x86] perf/x86/intel: Generalize dynamic constraint creation - [x86] Add TSX Force Abort CPUID/MSR https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.164 - ACPICA: Reference Counts: increase max to 0x4000 for large servers - KEYS: restrict /proc/keys by credentials at open time - l2tp: fix infoleak in l2tp_ip6_recvmsg() - net: sit: fix UBSAN Undefined behaviour in check_6rd - pptp: dst_release sk_dst_cache in pptp_sock_destruct - route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race - tcp: handle inet_csk_reqsk_queue_add() failures - vxlan: test dev->flags & IFF_UP before calling gro_cells_receive() - net/mlx4_core: Fix reset flow when in command polling mode - net/mlx4_core: Fix locking in SRIOV mode when switching between events and polling - net/mlx4_core: Fix qp mtt size calculation - mdio_bus: Fix use-after-free on device_register fails - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 - af_unix: missing barriers in some of unix_sock ->addr and ->path accesses - ipvlan: disallow userns cap_net_admin to change global mode/flags - vxlan: Fix GRO cells race condition between receive and link delete - rxrpc: Fix client call queueing, waiting for channel - gro_cells: make sure device is up in gro_cells_receive() - tcp/dccp: remove reqsk_put() from inet_child_forget() - [x86] perf: Fixup typo in stub functions - ALSA: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56 - md: It's wrong to add len to sector_nr in raid10 reshape twice - of: Support const and non-const use for to_of_node() - vhost/vsock: fix vhost vsock cid hashing inconsistent https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.165 - media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused() - 9p: use inode->i_lock to protect i_size_write() under 32-bit - 9p/net: fix memory leak in p9_client_create - [armhf] iio: adc: exynos-adc: Fix NULL pointer exception on unbind - crypto: ahash - fix another early termination in hash walk - [armhf] gpu: ipu-v3: Fix i.MX51 CSI control registers offset - [armhf] gpu: ipu-v3: Fix CSI offsets for imx53 - [s390x] dasd: fix using offset into zero size array error - [armhf] OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized - floppy: check_events callback should not return a negative number - mm/gup: fix gup_pmd_range() for dax - mm: page_alloc: fix ref bias in page_frag_alloc() for 1-byte allocs - [arm64] net: hns: Fix object reference leaks in hns_dsaf_roce_reset() - [armhf] clk: sunxi: A31: Fix wrong AHB gate number - assoc_array: Fix shortcut creation - scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task - [arm64] pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins - qmi_wwan: apply SET_DTR quirk to Sierra WP7607 - [armel] net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe() - [x86] ASoC: topology: free created components in tplg load error - [arm64] Relax GIC version check during early boot - [armhf] net: marvell: mvneta: fix DMA debug warning - tmpfs: fix link accounting when a tmpfile is linked in - mac80211_hwsim: propagate genlmsg_reply return code - [arm64] net: thunderx: make CFG_DONE message to run through generic send-ack sequence - nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K - nfp: bpf: fix ALU32 high bits clearance bug - net: set static variable an initial value in atl2_probe() - tmpfs: fix uninitialized return value in shmem_link - [x86] libnvdimm/label: Clear 'updating' flag after label-set update - [x86] libnvdimm/pmem: Honor force_raw for legacy pmem regions - [amd64] libnvdimm: Fix altmap reservation size calculation - crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails - [arm64] crypto: aes-ccm - fix logical bug in AAD MAC handling - CIFS: Do not reset lease state to NONE on lease break - CIFS: Fix read after write for files with read caching - tracing: Do not free iter->trace in fail path of tracing_open_pipe() - [amd64,arm64,i386] ACPI / device_sysfs: Avoid OF modalias creation for removed device - [armhf] spi: ti-qspi: Fix mmap read when more than one CS in use - [armhf] regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 - [armhf] regulator: s2mpa01: Fix step values for some LDOs - [armhf] clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR - [armhf] clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown - [s390x] virtio: handle find on invalid queue gracefully - scsi: virtio_scsi: don't send sc payload with tmfs - scsi: sd: Optimal I/O size should be a multiple of physical block size - scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock - fs/devpts: always delete dcache dentry-s in dput() - splice: don't merge into linked buffers - btrfs: ensure that a DUP or RAID1 block group has exactly two stripes - crypto: pcbc - remove bogus memcpy()s with src == dest - libertas_tf: don't set URB_ZERO_PACKET on IN USB transfer - [arm64,armhf] cpufreq: tegra124: add missing of_node_put() - ext4: fix crash during online resizing - [armhf] clk: clk-twl6040: Fix imprecise external abort for pdmclk - [x86] nfit: acpi_nfit_ctl(): Check out_obj->type in the right place - mm: hwpoison: fix thp split handing in soft_offline_in_use_page() (CVE-2019-10124) - mm/vmalloc: fix size check for remap_vmalloc_range_partial() - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv - device property: Fix the length used in PROPERTY_ENTRY_STRING() - [x86] intel_th: Don't reference unassigned outputs - parport_pc: fix find_superio io compare code, should use equal test. - [arm64,armhf] i2c: tegra: fix maximum transfer size - [x86] drm/i915: Relax mmap VMA check - [arm64] serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO - serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart - 8250: FIX Fourth port offset of Pericom PI7C9X7954 boards - serial: 8250_pci: Fix number of ports for ACCES serial cards - serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() - jbd2: clear dirty flag when revoking a buffer from an older transaction - jbd2: fix compile warning when using JBUFFER_TRACE - [powerpc] Clear on-stack exception marker upon exception return - [ppc64el] powernv: Make opal log only readable by root - [ppc64el] Fix 32-bit KVM-PR lockup and host crash with MacOS guest - [ppc64el] ptrace: Simplify vr_get/set() to avoid GCC warning - dm: fix to_sector() for 32bit - NFS: Fix I/O request leakages - NFS: Fix an I/O request leakage in nfs_do_recoalesce - NFS: Don't recoalesce on error in nfs_pageio_complete_mirror() - nfsd: fix memory corruption caused by readdir - nfsd: fix wrong check in write_v4_end_grace() - PM / wakeup: Rework wakeup source timer cancellation - bcache: never writeback a discard operation - [x86] perf intel-pt: Fix CYC timestamp calculation after OVF - perf auxtrace: Define auxtrace record alignment - [x86] perf intel-pt: Fix overlap calculation for padding - [x86] perf intel-pt: Fix divide by zero when TSC is not available - md: Fix failed allocation of md_register_thread - rcu: Do RCU GP kthread self-wakeup from softirq and interrupt - media: uvcvideo: Avoid NULL pointer dereference at the end of streaming - drm/radeon/evergreen_cs: fix missing break in switch statement - [x86] KVM: nVMX: Sign extend displacements of VMX instr's mem operands - [x86] KVM: nVMX: Ignore limit checks on VMX instructions using flat segments - [x86] KVM: Fix residual mmio emulation request to userspace https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.166 - [x86] drm/vmwgfx: Don't double-free the mode stored in par->set_mode - [amd64] iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE - libceph: wait for latest osdmap in ceph_monc_blacklist_add() - udf: Fix crash on IO error during truncate - [mips*] Ensure ELF appended dtb is relocated - [mips*] Fix kernel crash for R6 in jump label branch function - futex: Ensure that futex address is aligned in handle_futex_death() - objtool: Move objtool_file struct off the stack - ext4: fix NULL pointer dereference while journal is aborted - ext4: fix data corruption caused by unaligned direct AIO - ext4: brelse all indirect buffer in ext4_ind_remove_space() - media: v4l2-ctrls.c/uvc: zero v4l2_event - Bluetooth: Fix decrementing reference count twice in releasing socket - ALSA: hda - Record the current power state before suspend/resume calls - ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec - tcp/dccp: drop SYN packets if accept queue is full - vfs: Hang/soft lockup in d_invalidate with simultaneous calls - [arm64] traps: disable irq in die() - lib/int_sqrt: optimize small argument - scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 - rtc: Fix overflow when converting time64_t to rtc_time - [armhf] pwm-backlight: Enable/disable the PWM before/after LCD enable toggle. - ath10k: avoid possible string overflow https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.167 - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (CVE-2019-3460) - Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer (CVE-2019-3459) - cfg80211: size various nl80211 messages correctly - [arm64,armhf] stmmac: copy unicast mac address to MAC registers - dccp: do not use ipv6 header for ipv4 flow - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec - net: rose: fix a possible stack overflow - packets: Always register packet sk in the same order - tcp: do not use ipv6 header for ipv4 flow - vxlan: Don't call gro_cells_destroy() before device is unregistered - sctp: get sctphdr by offset in sctp_compute_cksum - tun: properly test for IFF_UP - tun: add a missing rcu_read_unlock() in error path - btrfs: remove WARN_ON in log_dir_items - btrfs: raid56: properly unmap parity page in finish_parity_scrub() - [powerpc*] bpf: Fix generation of load/store DW instructions - NFSv4.1 don't free interrupted slot on open - ALSA: rawmidi: Fix potential Spectre v1 vulnerability - ALSA: pcm: Fix possible OOB access in PCM oss plugins - ALSA: pcm: Don't suspend stream in unrecoverable PCM state - fs/open.c: allow opening only regular files during execve() - scsi: sd: Fix a race between closing an sd device and sd I/O - scsi: sd: Quiesce warning if device does not report optimal I/O size - [s390x] scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host - [s390x] scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices - [x86] staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest - USB: serial: cp210x: add new device id - USB: serial: ftdi_sio: add additional NovaTech products - USB: serial: mos7720: fix mos_parport refcount imbalance on error path - USB: serial: option: set driver_info for SIM5218 and compatibles - USB: serial: option: add Olicard 600 - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links - usb: common: Consider only available nodes for dr_mode - [x86] perf intel-pt: Fix TSC slip - cpu/hotplug: Prevent crash when CPU bringup fails on CONFIG_HOTPLUG_CPU=n - KVM: Reject device ioctls from processes other than the VM's creator - [x86] KVM: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts - USB: gadget: f_hid: fix deadlock in f_hidg_write() - xhci: Fix port resume done detection for SS ports with LPM enabled - [arm64] support keyctl() system call in 32-bit mode https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.168 - [arm64] debug: Don't propagate UNKNOWN FAR into si_code for debug signals - ext4: cleanup bh release code in ext4_ind_remove_space() - lib/int_sqrt: optimize initial value compute - mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified - i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA - CIFS: fix POSIX lock leak and invalid ptr deref - tracing: kdb: Fix ftdump to not sleep - [armhf] gpio: gpio-omap: fix level interrupt idling - include/linux/relay.h: fix percpu annotation in struct rchan - sysctl: handle overflow for file-max - [arm64] scsi: hisi_sas: Set PHY linkrate when disconnected - [armhf,ppc64el] mm/cma.c: cma_declare_contiguous: correct err handling - mm/page_ext.c: fix an imbalance with kmemleak - mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512! - mm/slab.c: kmemleak no scan alien caches - ocfs2: fix a panic problem caused by o2cb_ctl - fs/file.c: initialize init_files.resize_wait - cifs: use correct format characters - dm thin: add sanity checks to thin-pool and external snapshot creation - cifs: Fix NULL pointer dereference of devname - jbd2: fix invalid descriptor block checksum - fs: fix guard_bio_eod to check for real EOD errors - wil6210: check null pointer in _wil_cfg80211_merge_extra_ies - [arm64,armhf] usb: chipidea: Grab the (legacy) USB PHY by phandle first - scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c - [armel,armhf] 8840/1: use a raw_spinlock_t in unwind - [armhf] mmc: omap: fix the maximum timeout setting - e1000e: Fix -Wformat-truncation warnings - IB/mlx4: Increase the timeout for CM cache - scsi: megaraid_sas: return error when create DMA pool failed - [armhf] SoC: imx-sgtl5000: add missing put_device() - vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset == -1 - [amd64] HID: intel-ish-hid: avoid binding wrong ishtp_cl_device - [armhf] leds: lp55xx: fix null deref on firmware load failure - iwlwifi: pcie: fix emergency path - [x86] ACPI / video: Refactor and fix dmi_is_desktop() - kprobes: Prohibit probing on bsearch() - ALSA: PCM: check if ops are defined before suspending PCM - usb: f_fs: Avoid crash due to out-of-scope stack ptr access - bcache: fix input overflow to cache set sysfs file io_error_halflife - bcache: fix input overflow to sequential_cutoff - bcache: improve sysfs_strtoul_clamp() - genirq: Avoid summation loops for /proc/stat - iw_cxgb4: fix srqidx leak during connection abort - fbdev: fbmem: fix memory access if logo is bigger than the screen - cdrom: Fix race condition in cdrom_sysctl_register - e1000e: fix cyclic resets at link up with active tx - efi/memattr: Don't bail on zero VA if it equals the region's PA - [arm64] soc: qcom: gsbi: Fix error handling in gsbi_probe() - [armhf] avoid Cortex-A9 livelock on tight dmb loops - tty: increase the default flip buffer limit to 2*640K - [ppc64el] powerpc/pseries: Perform full re-add of CPU for topology update post-migration - hwrng: virtio - Avoid repeated init of completion - [arm64,armhf] soc/tegra: fuse: Fix illegal free of IO base address - [amd64] HID: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit - [x86] hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable - [armhf] dmaengine: imx-dma: fix warning comparison of distinct pointer types - [arm64] dmaengine: qcom_hidma: assign channel cookie correctly - netfilter: physdev: relax br_netfilter dependency - [armhf] regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting - drm/nouveau: Stop using drm_crtc_force_disable - selinux: do not override context on context mounts - [arm64,armhf] wlcore: Fix memory leak in case wl12xx_fetch_firmware failure - [arm64,armhf] dmaengine: tegra: avoid overflow of byte tracking - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers - [x86] ACPI / video: Extend chassis-type detection with a "Lunch Box" check [ Ben Hutchings ] * debian/bin/abiupdate.py: Change default URLs to use https: scheme. * Resolve kernel ABI changes: - Revert "genirq: Avoid summation loops for /proc/stat" - tracing: ring_buffer: Avoid ABI change in 4.9.168 - net: icmp: Avoid ABI change in 4.9.163 - Revert "phonet: fix building with clang" - netfilter: Ignore removal of br_netfilter_enable() [ Salvatore Bonaccorso ] * Refresh mm-mmap.c-expand_downwards-don-t-require-the-gap-if-.patch for context changes in 4.9.162 * [rt] Refresh 0008-futex-rt_mutex-Provide-futex-specific-rt_mutex-API.patch for context changes in 4.9.163 * [rt] Drop 0014-futex-rt_mutex-Restructure-rt_mutex_finish_proxy_loc.patch applied upstream in 4.9.163 * [rt] Refresh 0171-arm-include-definition-for-cpumask_t.patch for context changes in 4.9.165 * [rt] Drop 0256-arm-unwind-use-a-raw_spin_lock.patch -- Salvatore Bonaccorso <carnil(a)debian.org> Fri, 12 Apr 2019 15:52:49 +0200 linux (4.9.161-1) stretch; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.145 - [armhf] media: omap3isp: Unregister media device as first - [amd64] iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() - brcmutil: really fix decoding channel info for 160 MHz bandwidth - HID: input: Ignore battery reported by Symbol DS4308 - batman-adv: Expand merged fragment buffer for full packet - bnx2x: Assign unique DMAE channel number for FW DMAE transactions. - qed: Fix PTT leak in qed_drain() - qed: Fix reading wrong value in loop condition - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command - net/mlx4_core: Fix uninitialized variable compilation warning - net/mlx4: Fix UBSAN warning of signed integer overflow - [amd64] iommu/vt-d: Use memunmap to free memremap - team: no need to do team_notify_peers or team_mcast_rejoin when disabling port - mm: don't warn about allocations which stall for too long - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device - usb: appledisplay: Add 27" Apple Cinema Display - USB: check usb_get_extra_descriptor for proper size (CVE-2018-20169) - ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c (CVE-2018-19824) - [x86] ALSA: hda: Add support for AMD Stoney Ridge - ALSA: pcm: Fix starvation on down_write_nonblock() - ALSA: pcm: Call snd_pcm_unlink() conditionally at closing - ALSA: pcm: Fix interval evaluation with openmin/max - [x86] ALSA: hda/realtek - Fix speaker output regression on Thinkpad T570 - [s390x] virtio: avoid race on vcdev->config - [s390x] virtio: fix race in ccw_io_helper() - SUNRPC: Fix leak of krb5p encode pages - [armhf] dmaengine: cppi41: delete channel from pending list when stop channel - xhci: Prevent U1/U2 link pm states if exit latency is too long - swiotlb: clean up reporting - vsock: lookup and setup guest_cid inside vhost_vsock_lock - vhost/vsock: fix use-after-free in network stack callers (CVE-2018-14625) - cifs: Fix separator when building path from dentry - staging: rtl8712: Fix possible buffer overrun - tty: do not set TTY_IO_ERROR flag if console port - mac80211_hwsim: Timer should be initialized before device registered - mac80211: Clear beacon_int in ieee80211_do_stop - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext - mac80211: fix reordering of buffered broadcast packets - mac80211: ignore NullFunc frames in the duplicate detection https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.146 - ipv6: Check available headroom in ip6_xmit() even without options - net: 8139cp: fix a BUG triggered by changing mtu with network traffic - net/mlx4_core: Correctly set PFC param if global pause is turned off. - net: phy: don't allow __set_phy_supported to add unsupported modes - net: Prevent invalid access to skb->prev in __qdisc_drop_all - rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices - tcp: fix NULL ref in tail loss probe - tun: forbid iface creation with rtnl ops - neighbour: Avoid writing before skb->head in neigh_hh_output() - [armhf] OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup - sysv: return 'err' instead of 0 in __sysv_write_inode - [s390x] cpum_cf: Reject request for sampling in event initialization - [armhf] ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing - ASoC: dapm: Recalculate audio map forcely when card instantiated - hwmon: (w83795) temp4_type has writable permission - objtool: Fix double-free in .cold detection error path - objtool: Fix segfault in .cold detection with -ffunction-sections - Btrfs: send, fix infinite loop due to directory rename dependencies - RDMA/mlx5: Fix fence type for IB_WR_LOCAL_INV WR - [armhf] ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE - [armhf] ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE - exportfs: do not read dentry after free - bpf: fix check of allowed specifiers in bpf_trace_printk - ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf - [arm64] net: thunderx: fix NULL pointer dereference in nic_remove - cachefiles: Fix page leak in cachefiles_read_backing_file while vmscan is active - igb: fix uninitialized variables - ixgbe: recognize 1000BaseLX SFP modules as 1Gbps - [arm64] net: hisilicon: remove unexpected free_netdev - drm/ast: fixed reading monitor EDID not stable issue - fscache: fix race between enablement and dropping of object - ocfs2: fix deadlock caused by ocfs2_defrag_extent() - hfs: do not free node before using - hfsplus: do not free node before using - ocfs2: fix potential use after free - pstore: Convert console write to use ->write_buf - staging: speakup: Replace strncpy with memcpy https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.147 - signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack (Closes: #904385) - timer/debug: Change /proc/timer_list from 0444 to 0400 - [armhf] pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11 - aio: fix spectre gadget in lookup_ioctx - [armhf] MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 - [arm*] ARM: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt - tracing: Fix memory leak in set_trigger_filter() - tracing: Fix memory leak of instance function hash filters - [powerpc*] msi: Fix NULL pointer access in teardown code - Revert "drm/rockchip: Allow driver to be shutdown on reboot/kexec" - [x86] drm/i915/execlists: Apply a full mb before execution for Braswell - mac80211: don't WARN on bad WMM parameters from buggy APs - mac80211: Fix condition validating WMM IE - [amd64] IB/hfi1: Remove race conditions in user_sdma send path - [x86] locking: Remove smp_read_barrier_depends() from queued_spin_lock_slowpath() - [x86] locking/qspinlock: Ensure node is initialised before updating prev->next - [x86] locking/qspinlock: Bound spinning on pending->locked transition in slowpath - [x86] locking/qspinlock: Merge 'struct __qspinlock' into 'struct qspinlock' - [x86] locking/qspinlock: Remove unbounded cmpxchg() loop from locking slowpath - [x86] locking/qspinlock: Remove duplicate clear_pending() function from PV code - [x86] locking/qspinlock: Kill cmpxchg() loop when claiming lock from head of queue - [x86] locking/qspinlock: Re-order code - [x86] locking/qspinlock/x86: Increase _Q_PENDING_LOOPS upper bound - [x86] locking/qspinlock, x86: Provide liveness guarantee - [x86] locking/qspinlock: Fix build for anonymous union in older GCC compilers - mac80211_hwsim: fix module init error paths for netlink - scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset - [x86] scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq during unload - [x86] earlyprintk/efi: Fix infinite loop on some screen widths - [arm64] drm/msm: Grab a vblank reference when waiting for commit_done - bonding: fix 802.3ad state sent to partner when unbinding slave - nfs: don't dirty kernel pages read by direct-io - SUNRPC: Fix a potential race in xprt_connect() - [arm64] clk: mvebu: Off by one bugs in cp110_of_clk_get() - [armhf] Input: omap-keypad - fix keyboard debounce configuration - libata: whitelist all SAMSUNG MZ7KM* solid-state disks - [armhf] mv88e6060: disable hardware level MAC learning - net/mlx4_en: Fix build break when CONFIG_INET is off - bpf: check pending signals while verifying programs - [arm*] 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling - [arm*] 8815/1: V7M: align v7m_dma_inv_range() with v7 counterpart - drm/ast: Fix connector leak during driver unload - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) - vhost/vsock: fix reset orphans race with close timeout - [x86] i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node - nvmet-rdma: fix response use after free - [armhf] rtc: snvs: add a missing write sync - [armhf] rtc: snvs: Add timeouts to avoid kernel lockups https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.148 - block: break discard submissions into the user defined size - block: fix infinite loop if the device loses discard capability - ib_srpt: Fix a use-after-free in __srpt_close_all_ch() - USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data (CVE-2018-19985) - xhci: Don't prevent USB2 bus suspend in state check intended for USB3 only - USB: serial: option: add GosunCn ZTE WeLink ME3630 - USB: serial: option: add HP lt4132 - USB: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) - USB: serial: option: add Fibocom NL668 series - USB: serial: option: add Telit LN940 series - mmc: core: Reset HPI enabled state during re-init and in case of errors - mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support - mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl - [armhf] mmc: omap_hsmmc: fix DMA API warning - [x86] Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels - [x86] mtrr: Don't copy uninitialized gentry fields back to userspace - [x86] fpu: Disable bottom halves while loading FPU registers - ubifs: Handle re-linking of inodes correctly while recovery - panic: avoid deadlocks in re-entrant console drivers - proc/sysctl: don't return ENOMEM on lookup when a table is unregistering - drm/ioctl: Fix Spectre v1 vulnerabilities https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.149 - ip6mr: Fix potential Spectre v1 vulnerability - ipv4: Fix potential Spectre v1 vulnerability - ax25: fix a use-after-free in ax25_fillin_cb() - [ppc64el] ibmveth: fix DMA unmap error in ibmveth_xmit_start error path - ieee802154: lowpan_header_create check must check daddr - ipv6: explicitly initialize udp6_addr in udp_sock_create6() - ipv6: tunnels: fix two use-after-free - isdn: fix kernel-infoleak in capi_unlocked_ioctl - net: ipv4: do not handle duplicate fragments as overlapping - net: phy: Fix the issue that netif always links up after resuming - netrom: fix locking in nr_find_socket() - packet: validate address length - packet: validate address length if non-zero - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event - tipc: fix a double kfree_skb() - vhost: make sure used idx is seen before log in vhost_add_used_n() - [x86] VSOCK: Send reset control packet when socket is partially bound - xen/netfront: tolerate frags with no data - tipc: use lock_sock() in tipc_sk_reinit() - tipc: compare remote and local protocols in tipc_udp_enable() - gro_cell: add napi_disable in gro_cells_destroy - net/mlx5e: Remove the false indication of software timestamping support - net/mlx5: Typo fix in del_sw_hw_rule - sock: Make sock->sk_stamp thread-safe - ptr_ring: wrap back ->producer in __ptr_ring_swap_queue() - ALSA: rme9652: Fix potential Spectre v1 vulnerability - ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities - ALSA: pcm: Fix potential Spectre v1 vulnerability - ALSA: emux: Fix potential Spectre v1 vulnerabilities - ALSA: hda: add mute LED support for HP EliteBook 840 G4 - [arm64,armhf] ALSA: hda/tegra: clear pending irq handlers - USB: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays - USB: serial: option: add Fibocom NL678 series - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID - Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G - [x86] KVM: Use jmp to invoke kvm_spurious_fault() from .fixup - platform-msi: Free descriptors in platform_msi_domain_free() - perf pmu: Suppress potential format-truncation warning - ext4: fix possible use after free in ext4_quota_enable - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() - ext4: fix EXT4_IOC_GROUP_ADD ioctl - ext4: include terminating u32 in size of xattr entries when expanding inodes - ext4: force inode writes when nfsd calls commit_metadata() - [arm64,armhf] spi: bcm2835: Fix race on DMA termination - [arm64,armhf] spi: bcm2835: Fix book-keeping of DMA termination - [arm64,armhf] spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode - [armhf] clk: rockchip: fix typo in rk3188 spdif_frac parent - cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader. - f2fs: fix validation of the block count in sanity_check_raw_super - media: vivid: free bitmap_cap when updating std/timings/etc. - media: v4l2-tpg: array index could become negative - [mips*] Ensure pmd_present() returns false after pmd_mknotpresent() - [mips*] OCTEON: mark RGMII interface disabled on OCTEON III - CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem - [x86] kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested - [arm64] KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1 - [armhf] rtc: m41t80: Correct alarm month range with RTC reads - [x86] tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x - [arm64,armhf] spi: bcm2835: Unbreak the build of esoteric configs https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.150 - [arm64] pinctrl: meson: fix pull enable register calculation - Input: restore EV_ABS ABS_RESERVED - xfrm: Fix bucket count reported to userspace - netfilter: seqadj: re-load tcp header pointer after possible head reallocation - scsi: bnx2fc: Fix NULL dereference in error handling - [armhf] Input: omap-keypad - fix idle configuration to not block SoC idle states - netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel - bnx2x: Clear fip MAC when fcoe offload support is disabled - bnx2x: Remove configured vlans as part of unload sequence. - bnx2x: Send update-svid ramrod with retry/poll flags enabled - scsi: target: iscsi: cxgbit: fix csk leak - scsi: target: iscsi: cxgbit: add missing spin_lock_init() - [arm64] net: hns: Incorrect offset address used for some registers. - [arm64] net: hns: All ports can not work when insmod hns ko after rmmod. - [arm64] net: hns: Some registers use wrong address according to the datasheet. - [arm64] net: hns: Fixed bug that netdev was opened twice - [arm64] net: hns: Clean rx fbd when ae stopped. - [arm64] net: hns: Free irq when exit from abnormal branch - [arm64] net: hns: Avoid net reset caused by pause frames storm - [arm64] net: hns: Fix ntuple-filters status error. - net: hns: Add mac pcs config when enable|disable mac - SUNRPC: Fix a race with XPRT_CONNECTING - lan78xx: Resolve issue with changing MAC address - vxge: ensure data0 is initialized in when fetching firmware version information - net: netxen: fix a missing check and an uninitialized use - [s390x] scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown - libceph: fix CEPH_FEATURE_CEPHX_V2 check in calc_signature() - fork: record start_time late - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined - mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL - mm, devm_memremap_pages: kill mapping "System RAM" support - sunrpc: fix cache_head leak due to queued request - sunrpc: use SVC_NET() in svcauth_gss_* functions - [mips*] math-emu: Write-protect delay slot emulation pages - [amd64] crypto: x86/chacha20 - avoid sleeping with preemption disabled - vhost/vsock: fix uninitialized vhost_vsock->guest_cid - [amd64] IB/hfi1: Incorrect sizing of sge for PIO will OOPs - ALSA: cs46xx: Potential NULL dereference in probe - ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit() - ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks - dlm: fixed memory leaks after failed ls_remove_names allocation - dlm: possible memory leak on error path in create_lkb() - dlm: lost put_lkb on error path in receive_convert() and receive_unlock() - dlm: memory leaks on error path in dlm_user_request() - gfs2: Get rid of potential double-freeing in gfs2_create_inode - gfs2: Fix loop in gfs2_rbm_find - b43: Fix error in cordic routine - [powerpc*] tm: Set MSR[TS] just prior to recheckpoint - 9p/net: put a lower bound on msize - rxe: fix error completion wr_id and qp_num - [amd64] iommu/vt-d: Handle domain agaw being less than iommu agaw - ceph: don't update importing cap's mseq when handing cap export - [ppc64el] genwqe: Fix size check - [x86] intel_th: msu: Fix an off-by-one in attribute store - [i386] power: supply: olpc_battery: correct the temperature units - [arm64,armhf] drm/vc4: Set ->is_yuv to false when num_planes == 1 - bnx2x: Fix NULL pointer dereference in bnx2x_del_all_vlans() on some hw https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.151 - ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 - CIFS: Do not hide EINTR after sending network packets - cifs: Fix potential OOB access of lock element array - usb: cdc-acm: send ZLP for Telit 3G Intel based modems - USB: storage: don't insert sane sense for SPC3+ when bad sense specified - USB: storage: add quirk for SMI SM3350 - USB: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB - slab: alien caches must not be initialized if the allocation of the alien cache failed - mm: page_mapped: don't assume compound page is huge or THP - ACPI: power: Skip duplicate power resource references in _PRx - i2c: dev: prevent adapter retries and timeout being set as minus value - rbd: don't return 0 on unmap if RBD_DEV_FLAG_REMOVING is set - ext4: make sure enough credits are reserved for dioread_nolock writes - ext4: fix a potential fiemap/page fault deadlock w/ inline_data - ext4: avoid kernel warning when writing the superblock to a dead device - sunrpc: use-after-free in svc_process_common() (CVE-2018-16884) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.152 - tty/ldsem: Wake up readers after timed out down_write() - tty: Hold tty_ldisc_lock() during tty_reopen() - tty: Simplify tty->count math in tty_reopen() - tty: Don't hold ldisc lock in tty_reopen() if ldisc present - can: gw: ensure DLC boundaries after CAN frame modification (CVE-2019-3701) - Revert "f2fs: do not recover from previous remained wrong dnodes" - media: em28xx: Fix misplaced reset of dev->v4l::field_count - proc: Remove empty line in /proc/self/status - [arm64] kvm: consistently handle host HCR_EL2 flags - [arm64] Don't trap host pointer auth use to EL2 - ipv6: fix kernel-infoleak in ipv6_local_error() - net: bridge: fix a bug on using a neighbour cache entry without checking its state - packet: Do not leak dev refcounts on error exit - bonding: update nest level on unlink - ip: on queued skb use skb_header_pointer instead of pskb_may_pull - crypto: authencesn - Avoid twice completion call in decrypt path - crypto: authenc - fix parsing key with misaligned rta_len - btrfs: wait on ordered extents on abort cleanup - Yama: Check for pid death before checking ancestry - scsi: core: Synchronize request queue PM status only on successful resume - scsi: sd: Fix cache_type_store() - [arm64] kaslr: ensure randomized quantities are clean to the PoC - [mips*] Disable MSI also when pcie-octeon.pcie_disable on - media: vivid: fix error handling of kthread_run - media: vivid: set min width/height to a value > 0 - LSM: Check for NULL cred-security on free - media: vb2: vb2_mmap: move lock up - sunrpc: handle ENOMEM in rpcb_getport_async - netfilter: ebtables: account ebt_table_info to kmemcg - selinux: fix GPF on invalid policy - blockdev: Fix livelocks on loop device - sctp: allocate sctp_sockaddr_entry with kzalloc - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats - tipc: fix uninit-value in tipc_nl_compat_bearer_enable - tipc: fix uninit-value in tipc_nl_compat_link_set - tipc: fix uninit-value in tipc_nl_compat_name_table_dump - tipc: fix uninit-value in tipc_nl_compat_doit - block/loop: Use global lock for ioctl() operation. - loop: Fold __loop_release into loop_release - loop: Get rid of loop_index_mutex - loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl() - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock - mm, memcg: fix reclaim deadlock with writeback - media: vb2: be sure to unlock mutex on errors - nbd: set the logical and physical blocksize properly - nbd: Use set_blocksize() to set device blocksize https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.153 - r8169: Add support for new Realtek Ethernet - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses - [x86] platform: asus-wmi: Tell the EC the OS will handle the display off hotkey - e1000e: allow non-monotonic SYSTIM readings - writeback: don't decrement wb->refcnt if !wb->bdi - [arm64,armhf] serial: set suppress_bind_attrs flag only if builtin - ALSA: oxfw: add support for APOGEE duet FireWire - [arm64] perf: set suppress_bind_attrs flag to true - selinux: always allow mounting submounts - rxe: IB_WR_REG_MR does not capture MR's iova field - jffs2: Fix use of uninitialized delayed_work, lockdep breakage - pstore/ram: Do not treat empty buffers as valid - [ppc64el] powerpc/xmon: Fix invocation inside lock region - [powerpc*] powerpc/pseries/cpuidle: Fix preempt warning - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info - net: call sk_dst_reset when set SO_DONTROUTE - scsi: target: use consistent left-aligned ASCII INQUIRY data - [armhf] clk: imx6q: reset exclusive gates on init - tty/serial: do not free trasnmit buffer page under port lock - [x86] perf intel-pt: Fix error with config term "pt=0" - perf svghelper: Fix unchecked usage of strncpy() - perf parse-events: Fix unchecked usage of strncpy() - dm kcopyd: Fix bug causing workqueue stalls - dm snapshot: Fix excessive memory usage and workqueue stalls - ALSA: bebob: fix model-id of unit for Apogee Ensemble - sysfs: Disable lockdep for driver bind/unbind files - scsi: smartpqi: correct lun reset issues - scsi: megaraid: fix out-of-bound array accesses - ocfs2: fix panic due to unrecovered local alloc - mm/page-writeback.c: don't break integrity writeback on ->writepage() error - mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps - [arm64] ipmi:ssif: Fix handling of multi-part return messages - locking/qspinlock: Pull in asm/byteorder.h to ensure correct endianness https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.154 - net: bridge: Fix ethernet header pointer before check skb forwardable - net: Fix usage of pskb_trim_rcsum - openvswitch: Avoid OOB read when parsing flow nlattrs - vhost: log dirty page correctly - net: ipv4: Fix memory leak in network namespace dismantle - net_sched: refetch skb protocol for each filter - ipfrag: really prevent allocation on netns exit - USB: serial: simple: add Motorola Tetra TPG2200 device id - USB: serial: pl2303: add new PID to support PL2303TB - [x86] ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages - [s390x] early: improve machine detection - [s390x] smp: fix CPU hotplug deadlock with CPU rescan - [x86] char/mwave: fix potential Spectre v1 vulnerability - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 - tty: Handle problem if line discipline does not have receive_buf - uart: Fix crash in uart_write and uart_put_char - [x86] tty/n_hdlc: fix __might_sleep warning - CIFS: Fix possible hang during async MTU reads and writes - Input: xpad - add support for SteelSeries Stratus Duo - compiler.h: enable builtin overflow checkers and add fallback code - Input: uinput - fix undefined behavior in uinput_validate_absinfo() - [x86] acpi/nfit: Block function zero DSMs - [x86] acpi/nfit: Fix command-supported detection - dm thin: fix passdown_double_checking_shared_status() - [x86] KVM: Fix single-step debugging - [x86] kaslr: Fix incorrect i8254 outb() parameters - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it - can: bcm: check timer values before ktime conversion - vt: invoke notifier on screen size change - perf unwind: Unwind with libdw doesn't take symfs into account - perf unwind: Take pgoff into account when reporting elf to libdwfl - [arm64] irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size - [s390x] smp: Fix calling smp_call_ipl_cpu() from ipl CPU - nvmet-rdma: Add unlikely for response allocated check - nvmet-rdma: fix null dereference under heavy load - f2fs: read page index before freeing - btrfs: fix error handling in btrfs_dev_replace_start - btrfs: dev-replace: go back to suspended state if target device is missing https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.155 - Fix "net: ipv4: do not handle duplicate fragments as overlapping" - fs: add the fsnotify call to vfs_iter_write - ipv6: Consider sk_bound_dev_if when binding a socket to an address (Closes: #918103) - l2tp: copy 4 more bytes to linear part if necessary - net/mlx4_core: Add masking for a few queries on HCA caps - netrom: switch to sock timer API - net/rose: fix NULL ax25_cb kernel panic - net/mlx5e: Allow MAC invalidation while spoofchk is ON - l2tp: remove l2specific_len dependency in l2tp_core - l2tp: fix reading optional fields of L2TPv3 - ipvlan, l3mdev: fix broken l3s mode wrt local routes - CIFS: Do not count -ENODATA as failure for query directory - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() - [arm64] kaslr: ensure randomized quantities are clean also when kaslr is off - [arm64] hyp-stub: Forbid kprobing of the hyp-stub - [arm64] hibernate: Clean the __hyp_text to PoC after resume - gfs2: Revert "Fix loop in gfs2_rbm_find" - [x86] platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK - [x86] platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes - [arm64,armhf] mmc: sdhci-iproc: handle mmc_of_parse() errors during probe - kernel/exit.c: release ptraced tasks before zap_pid_ns_processes - mm, oom: fix use-after-free in oom_kill_process - mm: hwpoison: use do_send_sig_info() instead of force_sig() - mm: migrate: don't rely on __PageMovable() of newpage after unlocking it - cifs: Always resolve hostname before reconnecting - drivers: core: Remove glue dirs from sysfs earlier - fs: don't scan the inode cache before SB_BORN is set - fanotify: fix handling of events on child sub-directory https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156 - drm/bufs: Fix Spectre v1 vulnerability - [x86] ASoC: Intel: mrfld: fix uninitialized variable access - [armhf] gpu: ipu-v3: image-convert: Prevent race between run and unprepare - scsi: lpfc: Correct LCB RJT handling - [armhf] 8808/1: kexec:offline panic_smp_self_stop CPU - dlm: Don't swamp the CPU with callbacks queued during recovery - [x86] PCI: Fix Broadcom CNB20LE unintended sign extension (redux) - [ppc64el] powerpc/pseries: add of_node_put() in dlpar_detach_node() - [arm64,armhf] drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl - [arm64,armhf] soc/tegra: Don't leak device tree node reference - [x86] iio: accel: kxcjk1013: Add KIOX010A ACPI Hardware-ID - media: adv*/tc358743/ths8200: fill in min width/height/pixelclock - f2fs: move dir data flush to write checkpoint process - f2fs: fix wrong return value of f2fs_acl_create - nfsd4: fix crash on writing v4_end_grace before nfsd startup - Thermal: do not clear passive state during system sleep - firmware/efi: Add NULL pointer checks in efivars API functions - [arm64] ftrace: don't adjust the LR value - [x86] fpu: Add might_fault() to user_insn() - smack: fix access permissions for keyring - usb: hub: delay hub autosuspend if USB3 port is still link training - timekeeping: Use proper seqcount initializer - [armhf] clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module clocks - [amd64] iommu/amd: Fix amd_iommu=force_isolation - [armhf] dts: Fix OMAP4430 SDP Ethernet startup - [mips*] bpf: fix encoding bug for mm_srlv32_op - [arm64,armhf] iommu/arm-smmu: Add support for qcom,smmu-v2 variant - [arm64] iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer - udf: Fix BUG on corrupted inode - memstick: Prevent memstick host from getting runtime suspended during card detection - [armhf] tty: serial: samsung: Properly set flags in autoCTS mode - perf header: Fix unchecked usage of strncpy() - perf probe: Fix unchecked usage of strncpy() - [arm64] KVM: Skip MMIO insn after emulation - mac80211: fix radiotap vendor presence bitmap handling - xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi - Bluetooth: Fix unnecessary error message for HCI request completion - scsi: smartpqi: correct host serial num for ssa - scsi: smartpqi: correct volume status - drbd: narrow rcu_read_lock in drbd_sync_handshake - drbd: disconnect, if the wrong UUIDs are attached on a connected peer - drbd: skip spurious timeout (ping-timeo) when failing promote - fbdev: fbmem: behave better with small rotated displays and many CPUs - i40e: define proper net_device::neigh_priv_len - igb: Fix an issue that PME is not enabled during runtime suspend - fbdev: fbcon: Fix unregister crash when more than one framebuffer - [arm64] pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins - [arm64] pinctrl: meson: meson8b: fix the GPIO function for the GPIOAO pins - [x86] KVM: svm: report MSR_IA32_MCG_EXT_CTL as unsupported - NFS: nfs_compare_mount_options always compare auth flavors. - hwmon: (lm80) fix a missing check of the status of SMBus read - hwmon: (lm80) fix a missing check of bus read in lm80 probe - seq_buf: Make seq_buf_puts() null-terminate the buffer - cifs: check ntwrk_buf_start for NULL before dereferencing it - um: Avoid marking pages with "changed protection" - niu: fix missing checks of niu_pci_eeprom_read - f2fs: fix sbi->extent_list corruption issue - ocfs2: don't clear bh uptodate for block read - HID: lenovo: Add checks to fix of_led_classdev_register - kernel/hung_task.c: break RCU locks based on jiffies - proc/sysctl: fix return error for proc_doulongvec_minmax() - fs/epoll: drop ovflist branch prediction - exec: load_script: don't blindly truncate shebang string - dccp: fool proof ccid_hc_[rt]x_parse_options() - rxrpc: bad unlock balance in rxrpc_recvmsg - skge: potential memory corruption in skge_get_regs() - rds: fix refcount bug in rds_sock_addref - net/mlx5e: Force CHECKSUM_UNNECESSARY for short ethernet frames - [armhf] net: dsa: slave: Don't propagate flag changes on down slave interfaces - enic: fix checksum validation for IPv6 - ALSA: compress: Fix stop handling on compressed capture streams - ALSA: hda - Serialize codec registrations - fuse: call pipe_buf_release() under pipe lock - fuse: decrement NR_WRITEBACK_TEMP on the right page - fuse: handle zero sized retrieve correctly - [arm64,armhf] dmaengine: bcm2835: Fix interrupt race on RT - [arm64,armhf] dmaengine: bcm2835: Fix abort of transactions - [armhf] dmaengine: imx-dma: fix wrong callback invoke - [armhf] usb: phy: am335x: fix race condition in _probe - [armhf] usb: gadget: musb: fix short isoc packets with inventra dma - scsi: aic94xx: fix module loading - [x86] KVM: work around leak of uninitialized stack contents (CVE-2019-7222) - kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974) - [x86] KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221) - [x86] perf/x86/intel/uncore: Add Node ID mask - [x86] MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() - perf/core: Don't WARN() for impossible ring-buffer sizes - perf tests evsel-tp-sched: Fix bitwise operator - serial: fix race between flush_to_ldisc and tty_open - oom, oom_reaper: do not enqueue same task twice - [amd64] PCI: vmd: Free up IRQs on suspend path - [amd64] IB/hfi1: Add limit test for RC/UC send via loopback - [x86] perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.157 - [armhf] mtd: rawnand: gpmi: fix MX28 bus master lockup problem - signal: Always notice exiting tasks - signal: Better detection of synchronous signals - [arm64,armhf] misc: vexpress: Off by one in vexpress_syscfg_exec() - debugfs: fix debugfs_rename parameter checking - [mips*] cm: reprime error cause - [mips*] OCTEON: don't set octeon_dma_bar_type if PCI is disabled - mac80211: ensure that mgmt tx skbs have tailroom for encryption - drm/modes: Prevent division by zero htotal - [x86] drm/vmwgfx: Fix setting of dma masks - [x86] drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user - nfsd4: fix cached replies to solo SEQUENCE compounds - nfsd4: catch some false session retries - HID: debug: fix the ring buffer implementation (CVE-2019-3819) - Revert "cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs)" - libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() - xfrm: refine validation of template and selector families - batman-adv: Avoid WARN on net_device without parent in netns - batman-adv: Force mac header to start of data on xmit https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.158 - Revert "exec: load_script: don't blindly truncate shebang string" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.159 - dt-bindings: eeprom: at24: add "atmel,24c2048" compatible string - eeprom: at24: add support for 24c2048 - uapi/if_ether.h: prevent redefinition of struct ethhdr - [armel,armhf] 8789/1: signal: copy registers using __copy_to_user() - [armel,armhf] 8791/1: vfp: use __copy_to_user() when saving VFP state - [armel,armhf] 8793/1: signal: replace __put_user_error with __put_user - [armel,armhf] 8794/1: uaccess: Prevent speculative use of the current addr_limit - [armel,armhf] 8795/1: spectre-v1.1: use put_user() for __put_user() - [armel,armhf] 8796/1: spectre-v1,v1.1: provide helpers for address sanitization - [armel,armhf] 8797/1: spectre-v1.1: harden __copy_to_user - [armel,armhf] 8810/1: vfp: Fix wrong assignement to ufp_exc - [armel,armhf] make lookup_processor_type() non-__init - [armel,armhf] split out processor lookup - [armel,armhf] clean up per-processor check_bugs method call - [armel,armhf] add PROC_VTABLE and PROC_TABLE macros - [armel,armhf] spectre-v2: per-CPU vtables to work around big.Little systems - [armel,armhf] ensure that processor vtables is not lost after boot - [armel,armhf] fix the cockup in the previous patch - net: create skb_gso_validate_mac_len() (CVE-2018-1000026) - bnx2x: disable GSO where gso_size is too big for hardware (CVE-2018-1000026) - [i386] ACPI: NUMA: Use correct type for printing addresses on i386-PAE - cpufreq: check if policy is inactive early in __cpufreq_get() - [armel] dts: kirkwood: Fix polarity of GPIO fan lines - cifs: Limit memory used by lock request calls to a page - perf report: Include partial stacks unwound with libdw - Revert "Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G" - Input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK - perf/core: Fix impossible ring-buffer sizes warning - [x86] perf: Add check_period PMU callback - ALSA: hda - Add quirk for HP EliteBook 840 G5 - ALSA: usb-audio: Fix implicit fb endpoint setup by quirk - [x86] kvm: vmx: Fix entry number check for add_atomic_switch_msr() - Input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 - [alpha] fix page fault handling for r16-r18 targets - [alpha] Fix Eiger NR_IRQS to 128 - tracing/uprobes: Fix output for multiple string arguments - signal: Restore the stop PTRACE_EVENT_EXIT - [amd64] x86/a.out: Clear the dump structure initially - dm thin: fix bug where bio that overwrites thin block ignores FUA - [x86] drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set - smsc95xx: Use skb_cow_head to deal with cloned skbs - ch9200: use skb_cow_head() to deal with cloned skbs - kaweth: use skb_cow_head() to deal with cloned skbs - [arm64,armhf] usb: dwc2: Remove unnecessary kfree - netfilter: nf_tables: fix mismatch in big-endian system - [arm64] pinctrl: msm: fix gpio-hog related boot issues - mm: stop leaking PageTables - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define - Revert "scsi: aic94xx: fix module loading" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.160 - net: fix IPv6 prefix route residue - [x86] vsock: cope with memory allocation failure at socket creation time - hwmon: (lm80) Fix missing unlock on error in set_fan_div() - net: Fix for_each_netdev_feature on Big endian - [arm64,armhf] net: stmmac: handle endianness in dwmac4_get_timestamp - sky2: Increase D3 delay again - vhost: correctly check the return value of translate_desc() in log_used() - net: Add header for usage of fls64() - tcp: tcp_v4_err() should be more careful - net: Do not allocate page fragments that are not skb aligned - tcp: clear icsk_backoff in tcp_write_queue_purge() - vxlan: test dev->flags & IFF_UP before calling netif_rx() - [arm64,armhf] net: stmmac: Fix a race in EEE enable callback - net: ipv4: use a dedicated counter for icmp_v4 redirect packets - btrfs: Remove false alert when fiemap range is smaller than on-disk extent - mISDN: fix a race in dev_expire_timer() - ax25: fix possible use-after-free https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.161 - mac80211: Free mpath object when rhashtable insertion fails - libceph: handle an empty authorize reply - ceph: avoid repeatedly adding inode to mdsc->snap_flush_list - numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES - proc, oom: do not report alien mms when setting oom_score_adj - KEYS: allow reaching the keys quotas exactly - [armhf] mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells - [armhf] mfd: twl-core: Fix section annotations on {,un}protect_pm_master - [arm64] mfd: qcom_rpm: write fw_version to CTRL_REG - [armhf] mfd: mc13xxx: Fix a missing check of a register-read failure - qed: Fix qed_ll2_post_rx_buffer_notify_fw() by adding a write memory barrier - [arm64] net: hns: Fix use after free identified by SLUB debug - scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param - [x86] scsi: isci: initialize shost fully before calling scsi_add_host() - atm: he: fix sign-extension overflow on large shift - [armhf] leds: lp5523: fix a missing check of return value of lp55xx_read - net/mlx5e: Fix wrong (zero) TX drop counter indication for representor - RDMA/srp: Rework SCSI device reset handling - KEYS: user: Align the payload buffer - KEYS: always initialize keyring_index_key::desc_len - batman-adv: fix uninit-value in batadv_interface_tx() - net/packet: fix 4gb buffer limit due to overflow check - team: avoid complex list operations in team_nl_cmd_options_set() - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach() - sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment - net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames - [hppa/parisc] Fix ptrace syscall number modification - [x86] hpet: Make cmd parameter of hpet_ioctl_common() unsigned - clocksource: Use GENMASK_ULL in definition of CLOCKSOURCE_MASK - netpoll: Fix device name check in netpoll_setup() - tracing: Use cpumask_available() to check if cpumask variable may be used - [x86] boot: Disable the address-of-packed-member compiler warning - [x86] drm/i915: Consistently use enum pipe for PCH transcoders - [x86] drm/i915: Fix enum pipe vs. enum transcoder for the PCH transcoder - [arm64] irqchip/gic-v3: Convert arm64 GIC accessors to {read,write}_sysreg_s - mm/zsmalloc.c: change stat type parameter to int - mm/zsmalloc.c: fix -Wunneeded-internal-declaration warning - Revert "bridge: do not add port to router list when receives query with source 0.0.0.0" - netfilter: nf_tables: fix flush after rule deletion in the same batch - [arm64] pinctrl: max77620: Use define directive for max77620_pinconf_param values - [arm64,armhf] phy: tegra: remove redundant self assignment of 'map' - sched/sysctl: Fix attributes of some extern declarations [ Salvatore Bonaccorso ] * Refresh kbuild-use-nostdinc-in-compile-tests.patch for context changes in 4.9.145 * [rt] Update to 4.9.146-rt125 - seqlock: provide the same ordering semantics as mainline - squashfs: make use of local lock in multi_cpu decompressor - locallock: provide {get,put}_locked_ptr() variants - posix-timers: move the rcu head out of the union - alarmtimer: Prevent live lock in alarm_cancel() - block: blk-mq: move blk_queue_usage_counter_release() into process context - Revert "block: blk-mq: Use swait" - Revert "rt,ntp: Move call to schedule_delayed_work() to helper thread" - net: use task_struct instead of CPU number as the queue owner on -RT - locking: add types.h - mm/slub: close possible memory-leak in kmem_cache_alloc_bulk() - crypto: limit more FPU-enabled sections - sched, tracing: Fix trace_sched_pi_setprio() for deboosting - rcu: Suppress lockdep false-positive ->boost_mtx complaints - rcu: Do not include rtmutex_common.h unconditionally - rtmutex: Make rt_mutex_futex_unlock() safe for irq-off callsites - futex: Fix OWNER_DEAD fixup - futex: Avoid violating the 10th rule of futex - futex: Fix more put_pi_state() vs. exit_pi_state_list() races - futex: Fix pi_state->owner serialization * [rt] Refresh 0366-posix-timers-move-the-rcu-head-out-of-the-union.patch. Refresh for context changes caused by a Debian specific patch to avoid ABI change in 4.9.136: "posix-timers: Avoid ABI change in 4.9.136" * [rt] Refresh 0280-random-Make-it-work-on-rt.patch * [rt] Refresh 0198-fs-aio-simple-simple-work.patch for context changes in 4.9.147 * Btrfs: fix corruption reading shared and compressed extents after hole punching (Closes: #922306) [ Ben Hutchings ] * Bump ABI to 9 and apply deferred changes: - netfilter: ipv6: nf_defrag: reduce struct net memory waste - proc/sysctl: prune stale dentries during unregistering - proc/sysctl: Don't grab i_lock under sysctl_lock. - proc: Fix proc_sys_prune_dcache to hold a sb reference - [mips*] Correct the 64-bit DSP accumulator register size - inet: frags: fix ip6frag_low_thresh boundary - inet: frags: reorganize struct netns_frags - rhashtable: reorganize struct rhashtable layout - inet: frags: break the 2GB limit for frags storage - elevator: fix truncation of icq_cache_name -- Salvatore Bonaccorso <carnil(a)debian.org> Wed, 27 Feb 2019 22:21:01 +0100 --- Modifications pour mariadb-10.1 (libmariadbclient18 mariadb-client-10.1 mariadb-client-core-10.1 mariadb-common) --- mariadb-10.1 (10.1.38-0+deb9u1) stretch; urgency=medium * SECURITY UPDATE: New upstream release 10.1.38. Includes fixes for the following security vulnerabilities (Closes: #920933): - CVE-2019-2537 - CVE-2019-2529 * Update correct branch name in gbp.conf * Disable test unit.pcre_test on s390x that was failing in stretch-security (Closes: #920854) * Limit build test suite to 'main' like in mariadb-10.3 to make unnecessary build failures less likely in lifetime of Stretch. * Fix mips compilation failure (__bss_start symbol missing) (Closes: #920855) * Extend the server README to clarify common misunderstandings (Closes: #878215) * Enable ccache in CMake path so it can be used automatically where available * Heavily refactor and unify gitlab-ci.yml MariaDB install/upgrade steps. This ensures uploads to Stretch are much more safer to do now than in the past. -- Otto Kekäläinen <otto(a)debian.org> Tue, 16 Apr 2019 14:56:50 +0300 --- Modifications pour postfix (postfix postfix-sqlite) --- postfix (3.1.12-0+deb9u1) stretch; urgency=medium [Scott Kitterman] * Add detailed smarthost instructions to README.Debian. Thanks to Celejar for the input. Closes: #919444 * Refresh patches [Wietse Venema] * 3.1.10 - Bugfix (introduced: Postfix 2.11): minor memory leak when minting issuer certs. This affects a tiny minority of use cases. Viktor Dukhovni, based on a fix by Juan Altmayer Pizzorno for the ssl_dane library. File: tls/tls_dane.c. - Bugfix (introduced: Postfix 3.0): with smtputf8_enable=yes, table lookups could casefold the search string when searching a lookup table that does not use fixed-string keys (regexp, pcre, tcp, etc.). Historically, Postfix would not case-fold the search string with such tables. File: util/dict_utf8.c. Closes: #917512 - Multiple 'bit rot' fixes for OpenSSL API changes, including support to disable TLSv1.3, to avoid issuing multiple session tickets. Viktor Dukhovni. Files: proto/postconf.proto, proto/TLS_README.html, tls/tls.h, tls/tls_server.c, tls/tls_misc.c. - Bugfix (introduced: 3.0): smtpd_discard_ehlo_keywords could not disable "SMTPUTF8". because the lookup table was using "EHLO_MASK_SMTPUTF8" instead. File: global/ehlo_mask.c. - Documentation: update documentation for Postfix versions that support disabling TLS 1.3. File: proto/postconf.proto. - Improved logging of TLS 1.3 summary information, and improved reporting of the same info in Received: message headers. Viktor Dukhovni. Files: proto/FORWARD_SECRECY_README.html, posttls-finger/posttls-finger.c, smtpd/smtpd.c, tls/tls.h, tls/tls_client.c, tls/tls_misc.c, tls/tls_proxy.h, tls/tls_proxy_context_print.c, tls/tls_proxy_context_scan.c, tls/tls_server.c. * 3.1.11 - Bugfix (introduced: postfix-2.11): with posttls-finger, connections to unix-domain servers always resulted in "Failed to establish session" even after a connection was established. Jaroslav Skarva. File: posttls-finger/posttls-finger.c. * 3.1.12 - Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce has been producing false rejects starting with the Postfix 2.2 smtpd_end_of_data_restrictons, and for the same reasons, did the same with the Postfix 3.4 BDAT command. The latter was reported by Andreas Schulze. File: smtpd/smtpd_check.c. - Bugfix (introduced: Postfix 3.0): LMTP connections over UNIX-domain sockets were cached but not reused, due to a cache lookup key mismatch. Therefore, idle cached connections could exhaust LMTP server resources, resulting in two-second pauses between email deliveries. This problem was investigated by Juliana Rodrigueiro. File: smtp/smtp_connect.c. -- Scott Kitterman <scott(a)kitterman.com> Mon, 25 Mar 2019 01:01:51 -0400 --- Modifications pour publicsuffix --- publicsuffix (20190415.1030-0+deb9u1) stretch; urgency=medium * new upstream publicsuffix data -- Daniel Kahn Gillmor <dkg(a)fifthhorseman.net> Mon, 15 Apr 2019 14:11:53 -0400 publicsuffix (20190221.0923-0+deb9u1) stretch; urgency=medium * new upstream publicsuffix data -- Daniel Kahn Gillmor <dkg(a)fifthhorseman.net> Wed, 13 Mar 2019 10:20:24 -0400 publicsuffix (20181030.1007-0+deb9u1) stretch; urgency=medium * new upstream publicsuffix data -- Daniel Kahn Gillmor <dkg(a)fifthhorseman.net> Thu, 01 Nov 2018 20:58:10 -0400 --- Modifications pour python-cryptography (python3-cryptography python-cryptography) --- python-cryptography (1.7.1-3+deb9u1) stretch; urgency=medium * Remove BIO_callback_ctrl: The prototype differs with the OpenSSL's definition of it after it was changed (fixed) within OpenSSL. It has no users. -- Sebastian Andrzej Siewior <sebastian(a)breakpoint.cc> Sun, 02 Sep 2018 15:17:35 +0200 --- Modifications pour python-pip (python-pip python-pip-whl) --- python-pip (9.0.1-2+deb9u1) stretch; urgency=medium * Team upload. * Add Properly_catch_requests_HTTPError_in_index.py.patch, which fixes --extra-index-url results in "HTTPError: 404 Client Error: NOT FOUND". The patch makes works even with the unbundled requests. (Closes: #837764). -- Thomas Goirand <zigo(a)debian.org> Sun, 31 Mar 2019 00:02:11 +0100 --- Modifications pour rsync --- rsync (3.1.2-1+deb9u2) stretch; urgency=medium * Apply CVEs from 2016 to the zlib code. closes:#924509 -- Paul Slootman <paul(a)debian.org> Fri, 15 Mar 2019 11:39:50 +0100 --- Modifications pour unzip --- unzip (6.0-21+deb9u1) stretch; urgency=medium * Fix buffer overflow in password protected ZIP archives. Closes: #889838. Patch borrowed from SUSE. For reference, this is CVE-2018-1000035. -- Santiago Vila <sanvila(a)debian.org> Wed, 17 Apr 2019 21:23:40 +0200 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on nonagon.federez.net -- apticron

5 années, 12 mois

17 Debian package update(s) for nonagon.federez.net

par club-federez＠crans.org

apticron report [Sat, 27 Apr 2019 18:49:14 +0200] ======================================================================== apticron has detected that some packages need upgrading on: nonagon.federez.net [ 185.230.78.42 2a0c:700:0:23:67:e5ff:fee9:3 ] The following packages are currently pending an upgrade: base-files 9.9+deb9u9 libjs-jquery 3.1.1-2+deb9u1 libmariadbclient18 10.1.38-0+deb9u1 libpng16-16 1.6.28-1+deb9u1 linux-libc-dev 4.9.168-1 mariadb-client-10.1 10.1.38-0+deb9u1 mariadb-client-core-10.1 10.1.38-0+deb9u1 mariadb-common 10.1.38-0+deb9u1 postfix 3.1.12-0+deb9u1 postfix-sqlite 3.1.12-0+deb9u1 publicsuffix 20190415.1030-0+deb9u1 python3-cryptography 1.7.1-3+deb9u1 python-cryptography 1.7.1-3+deb9u1 python-pip 9.0.1-2+deb9u1 python-pip-whl 9.0.1-2+deb9u1 rsync 3.1.2-1+deb9u2 unzip 6.0-21+deb9u1 ======================================================================== Package Details: apt-listchanges : Lecture des fichiers de modifications (« changelog »)... apt-listchanges : journaux des modifications (« changelogs ») ------------------------------------------------------------- --- Modifications pour libpng1.6 (libpng16-16) --- libpng1.6 (1.6.28-1+deb9u1) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * Call png_image_free_function without guarding it with png_safe_execute (CVE-2019-7317) (Closes: #921355) -- Salvatore Bonaccorso <carnil(a)debian.org> Thu, 18 Apr 2019 22:12:35 +0200 --- Modifications pour base-files --- base-files (9.9+deb9u9) stretch; urgency=medium * Change /etc/debian_version to 9.9, for Debian 9.9 point release. -- Santiago Vila <sanvila(a)debian.org> Thu, 28 Mar 2019 10:12:44 +0100 --- Modifications pour jquery (libjs-jquery) --- jquery (3.1.1-2+deb9u1) stretch; urgency=medium * Team upload * Add patch to prevent Object.prototype pollution (Closes: #927385, CVE-2019-11358) * Disable check-against-upstream-build test (autopkgtest) since file is now patched -- Xavier Guimard <yadd(a)debian.org> Thu, 18 Apr 2019 22:57:29 +0200 --- Modifications pour linux (linux-libc-dev) --- linux (4.9.168-1) stretch; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.162 - Revert "loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()" - Revert "loop: Get rid of loop_index_mutex" - Revert "loop: Fold __loop_release into loop_release" - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached - [arm64] drm/msm: Unblock writer if reader closes file - [x86] ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field - [x86] ALSA: compress: prevent potential divide by zero bugs - [x86] thermal: int340x_thermal: Fix a NULL vs IS_ERR() check - [arm64,armhf] usb: dwc3: gadget: synchronize_irq dwc irq in suspend - [arm64,armhf] usb: dwc3: gadget: Fix the uninitialized link_state when udc starts - usb: gadget: Potential NULL dereference on allocation error - ASoC: dapm: change snprintf to scnprintf for possible overflow - [armhf] ASoC: imx-audmux: change snprintf to scnprintf for possible overflow - [x86] drivers: thermal: int340x_thermal: Fix sysfs race condition - mac80211: fix miscounting of ttl-dropped frames - locking/rwsem: Fix (possible) missed wakeup - direct-io: allow direct writes to empty inodes - scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state() - net: usb: asix: ax88772_bind return error when hw_reset fail - [ppc64el] ibmveth: Do not process frames after calling napi_reschedule - mac80211: don't initiate TDLS connection if station is not associated to AP - mac80211: Add attribute aligned(2) to struct 'action' - cfg80211: extend range deviation for DMG - [x86] svm: Fix AVIC incomplete IPI emulation - [x86] KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1 - [powerpc*] Always initialize input array when calling epapr_hypercall() - [arm64] mmc: spi: Fix card detection during probe - mm: enforce min addr even if capable() in expand_downwards() (CVE-2019-9213) - [x86] uaccess: Don't leak the AC flag into __put_user() value evaluation https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.163 - USB: serial: option: add Telit ME910 ECM composition - USB: serial: cp210x: add ID for Ingenico 3070 - USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 - cpufreq: Use struct kobj_attribute instead of struct global_attr - ncpfs: fix build warning of strncpy - [x86] staging: comedi: ni_660x: fix missing break in switch statement - ip6mr: Do not call __IP6_INC_STATS() from preemptible context - net-sysfs: Fix mem leak in netdev_register_kobject - sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79 - team: Free BPF filter when unregistering netdev - bnxt_en: Drop oversize TX packets to prevent errors. - [x86] hv_netvsc: Fix IP header checksum for coalesced packets - [armhf] net: dsa: mv88e6xxx: Fix u64 statistics - net: netem: fix skb length BUG_ON in __skb_to_sgvec - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails - net: sit: fix memory leak in sit_init_net() - xen-netback: don't populate the hash cache on XenBus disconnect - xen-netback: fix occasional leak of grant ref mappings under memory pressure - net: Add __icmp_send helper. - tun: fix blocking read - tun: remove unnecessary memory barrier - net: phy: Micrel KSZ8061: link failure after cable connect - [x86] CPU/AMD: Set the CPB bit unconditionally on F17h - applicom: Fix potential Spectre v1 vulnerabilities - [mips*] irq: Allocate accurate order pages for irq stack - hugetlbfs: fix races and page leaks during migration - exec: Fix mem leak in kernel_read_file (CVE-2019-8980) - media: uvcvideo: Fix 'type' check leading to overflow - vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel - perf core: Fix perf_proc_update_handler() bug - perf tools: Handle TOPOLOGY headers with no CPU - IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM - [amd64] iommu/amd: Call free_iova_fast with pfn in map_sg - [amd64] iommu/amd: Unmap all mapped pages in error path of map_sg - ipvs: Fix signed integer overflow when setsockopt timeout - [amd64] iommu/amd: Fix IOMMU page flush when detach device from a domain - [arm64] net: hns: Fix for missing of_node_put() after of_parse_phandle() - [arm64] net: hns: Fix wrong read accesses via Clause 45 MDIO protocol - [armhf] net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup() - nfs: Fix NULL pointer dereference of dev_name - qed: Fix VF probe failure while FLR - scsi: libfc: free skb when receiving invalid flogi resp - [x86] platform: Fix unmet dependency warning for SAMSUNG_Q10 - cifs: fix computation for MAX_SMB2_HDR_SIZE - [arm64] kprobe: Always blacklist the KVM world-switch code - [x86] kexec: Don't setup EFI info if EFI runtime is not enabled - mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone - mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone - fs/drop_caches.c: avoid softlockups in drop_pagecache_sb() - autofs: drop dentry reference only when it is never used - autofs: fix error return in autofs_fill_super() - vsock/virtio: fix kernel panic after device hot-unplug - vsock/virtio: reset connected sockets on device removal - netfilter: nf_nat: skip nat clash resolution for same-origin entries - [s390x] qeth: fix use-after-free in error path - perf symbols: Filter out hidden symbols from labels - [mips*] Remove function size check in get_frame_info() - fs: ratelimit __find_get_block_slow() failure message. - Input: wacom_serial4 - add support for Wacom ArtPad II tablet - Input: elan_i2c - add id for touchpad found in Lenovo s21e-20 - [x86] iscsi_ibft: Fix missing break in switch statement - scsi: aacraid: Fix missing break in switch statement - futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock() - [armhf] dts: exynos: Fix pinctrl definition for eMMC RTSN line on Odroid X2/U3 - drm: disable uncached DMA optimization for ARM and arm64 - [armhf] dts: exynos: Do not ignore real-world fuse values for thermal zone 0 on Exynos5420 - [x86] perf/x86/intel: Make cpuc allocations consistent - [x86] perf/x86/intel: Generalize dynamic constraint creation - [x86] Add TSX Force Abort CPUID/MSR https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.164 - ACPICA: Reference Counts: increase max to 0x4000 for large servers - KEYS: restrict /proc/keys by credentials at open time - l2tp: fix infoleak in l2tp_ip6_recvmsg() - net: sit: fix UBSAN Undefined behaviour in check_6rd - pptp: dst_release sk_dst_cache in pptp_sock_destruct - route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race - tcp: handle inet_csk_reqsk_queue_add() failures - vxlan: test dev->flags & IFF_UP before calling gro_cells_receive() - net/mlx4_core: Fix reset flow when in command polling mode - net/mlx4_core: Fix locking in SRIOV mode when switching between events and polling - net/mlx4_core: Fix qp mtt size calculation - mdio_bus: Fix use-after-free on device_register fails - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 - af_unix: missing barriers in some of unix_sock ->addr and ->path accesses - ipvlan: disallow userns cap_net_admin to change global mode/flags - vxlan: Fix GRO cells race condition between receive and link delete - rxrpc: Fix client call queueing, waiting for channel - gro_cells: make sure device is up in gro_cells_receive() - tcp/dccp: remove reqsk_put() from inet_child_forget() - [x86] perf: Fixup typo in stub functions - ALSA: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56 - md: It's wrong to add len to sector_nr in raid10 reshape twice - of: Support const and non-const use for to_of_node() - vhost/vsock: fix vhost vsock cid hashing inconsistent https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.165 - media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused() - 9p: use inode->i_lock to protect i_size_write() under 32-bit - 9p/net: fix memory leak in p9_client_create - [armhf] iio: adc: exynos-adc: Fix NULL pointer exception on unbind - crypto: ahash - fix another early termination in hash walk - [armhf] gpu: ipu-v3: Fix i.MX51 CSI control registers offset - [armhf] gpu: ipu-v3: Fix CSI offsets for imx53 - [s390x] dasd: fix using offset into zero size array error - [armhf] OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized - floppy: check_events callback should not return a negative number - mm/gup: fix gup_pmd_range() for dax - mm: page_alloc: fix ref bias in page_frag_alloc() for 1-byte allocs - [arm64] net: hns: Fix object reference leaks in hns_dsaf_roce_reset() - [armhf] clk: sunxi: A31: Fix wrong AHB gate number - assoc_array: Fix shortcut creation - scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task - [arm64] pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins - qmi_wwan: apply SET_DTR quirk to Sierra WP7607 - [armel] net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe() - [x86] ASoC: topology: free created components in tplg load error - [arm64] Relax GIC version check during early boot - [armhf] net: marvell: mvneta: fix DMA debug warning - tmpfs: fix link accounting when a tmpfile is linked in - mac80211_hwsim: propagate genlmsg_reply return code - [arm64] net: thunderx: make CFG_DONE message to run through generic send-ack sequence - nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K - nfp: bpf: fix ALU32 high bits clearance bug - net: set static variable an initial value in atl2_probe() - tmpfs: fix uninitialized return value in shmem_link - [x86] libnvdimm/label: Clear 'updating' flag after label-set update - [x86] libnvdimm/pmem: Honor force_raw for legacy pmem regions - [amd64] libnvdimm: Fix altmap reservation size calculation - crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails - [arm64] crypto: aes-ccm - fix logical bug in AAD MAC handling - CIFS: Do not reset lease state to NONE on lease break - CIFS: Fix read after write for files with read caching - tracing: Do not free iter->trace in fail path of tracing_open_pipe() - [amd64,arm64,i386] ACPI / device_sysfs: Avoid OF modalias creation for removed device - [armhf] spi: ti-qspi: Fix mmap read when more than one CS in use - [armhf] regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 - [armhf] regulator: s2mpa01: Fix step values for some LDOs - [armhf] clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR - [armhf] clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown - [s390x] virtio: handle find on invalid queue gracefully - scsi: virtio_scsi: don't send sc payload with tmfs - scsi: sd: Optimal I/O size should be a multiple of physical block size - scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock - fs/devpts: always delete dcache dentry-s in dput() - splice: don't merge into linked buffers - btrfs: ensure that a DUP or RAID1 block group has exactly two stripes - crypto: pcbc - remove bogus memcpy()s with src == dest - libertas_tf: don't set URB_ZERO_PACKET on IN USB transfer - [arm64,armhf] cpufreq: tegra124: add missing of_node_put() - ext4: fix crash during online resizing - [armhf] clk: clk-twl6040: Fix imprecise external abort for pdmclk - [x86] nfit: acpi_nfit_ctl(): Check out_obj->type in the right place - mm: hwpoison: fix thp split handing in soft_offline_in_use_page() (CVE-2019-10124) - mm/vmalloc: fix size check for remap_vmalloc_range_partial() - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv - device property: Fix the length used in PROPERTY_ENTRY_STRING() - [x86] intel_th: Don't reference unassigned outputs - parport_pc: fix find_superio io compare code, should use equal test. - [arm64,armhf] i2c: tegra: fix maximum transfer size - [x86] drm/i915: Relax mmap VMA check - [arm64] serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO - serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart - 8250: FIX Fourth port offset of Pericom PI7C9X7954 boards - serial: 8250_pci: Fix number of ports for ACCES serial cards - serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() - jbd2: clear dirty flag when revoking a buffer from an older transaction - jbd2: fix compile warning when using JBUFFER_TRACE - [powerpc] Clear on-stack exception marker upon exception return - [ppc64el] powernv: Make opal log only readable by root - [ppc64el] Fix 32-bit KVM-PR lockup and host crash with MacOS guest - [ppc64el] ptrace: Simplify vr_get/set() to avoid GCC warning - dm: fix to_sector() for 32bit - NFS: Fix I/O request leakages - NFS: Fix an I/O request leakage in nfs_do_recoalesce - NFS: Don't recoalesce on error in nfs_pageio_complete_mirror() - nfsd: fix memory corruption caused by readdir - nfsd: fix wrong check in write_v4_end_grace() - PM / wakeup: Rework wakeup source timer cancellation - bcache: never writeback a discard operation - [x86] perf intel-pt: Fix CYC timestamp calculation after OVF - perf auxtrace: Define auxtrace record alignment - [x86] perf intel-pt: Fix overlap calculation for padding - [x86] perf intel-pt: Fix divide by zero when TSC is not available - md: Fix failed allocation of md_register_thread - rcu: Do RCU GP kthread self-wakeup from softirq and interrupt - media: uvcvideo: Avoid NULL pointer dereference at the end of streaming - drm/radeon/evergreen_cs: fix missing break in switch statement - [x86] KVM: nVMX: Sign extend displacements of VMX instr's mem operands - [x86] KVM: nVMX: Ignore limit checks on VMX instructions using flat segments - [x86] KVM: Fix residual mmio emulation request to userspace https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.166 - [x86] drm/vmwgfx: Don't double-free the mode stored in par->set_mode - [amd64] iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE - libceph: wait for latest osdmap in ceph_monc_blacklist_add() - udf: Fix crash on IO error during truncate - [mips*] Ensure ELF appended dtb is relocated - [mips*] Fix kernel crash for R6 in jump label branch function - futex: Ensure that futex address is aligned in handle_futex_death() - objtool: Move objtool_file struct off the stack - ext4: fix NULL pointer dereference while journal is aborted - ext4: fix data corruption caused by unaligned direct AIO - ext4: brelse all indirect buffer in ext4_ind_remove_space() - media: v4l2-ctrls.c/uvc: zero v4l2_event - Bluetooth: Fix decrementing reference count twice in releasing socket - ALSA: hda - Record the current power state before suspend/resume calls - ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec - tcp/dccp: drop SYN packets if accept queue is full - vfs: Hang/soft lockup in d_invalidate with simultaneous calls - [arm64] traps: disable irq in die() - lib/int_sqrt: optimize small argument - scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 - rtc: Fix overflow when converting time64_t to rtc_time - [armhf] pwm-backlight: Enable/disable the PWM before/after LCD enable toggle. - ath10k: avoid possible string overflow https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.167 - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (CVE-2019-3460) - Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer (CVE-2019-3459) - cfg80211: size various nl80211 messages correctly - [arm64,armhf] stmmac: copy unicast mac address to MAC registers - dccp: do not use ipv6 header for ipv4 flow - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec - net: rose: fix a possible stack overflow - packets: Always register packet sk in the same order - tcp: do not use ipv6 header for ipv4 flow - vxlan: Don't call gro_cells_destroy() before device is unregistered - sctp: get sctphdr by offset in sctp_compute_cksum - tun: properly test for IFF_UP - tun: add a missing rcu_read_unlock() in error path - btrfs: remove WARN_ON in log_dir_items - btrfs: raid56: properly unmap parity page in finish_parity_scrub() - [powerpc*] bpf: Fix generation of load/store DW instructions - NFSv4.1 don't free interrupted slot on open - ALSA: rawmidi: Fix potential Spectre v1 vulnerability - ALSA: pcm: Fix possible OOB access in PCM oss plugins - ALSA: pcm: Don't suspend stream in unrecoverable PCM state - fs/open.c: allow opening only regular files during execve() - scsi: sd: Fix a race between closing an sd device and sd I/O - scsi: sd: Quiesce warning if device does not report optimal I/O size - [s390x] scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host - [s390x] scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices - [x86] staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest - USB: serial: cp210x: add new device id - USB: serial: ftdi_sio: add additional NovaTech products - USB: serial: mos7720: fix mos_parport refcount imbalance on error path - USB: serial: option: set driver_info for SIM5218 and compatibles - USB: serial: option: add Olicard 600 - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links - usb: common: Consider only available nodes for dr_mode - [x86] perf intel-pt: Fix TSC slip - cpu/hotplug: Prevent crash when CPU bringup fails on CONFIG_HOTPLUG_CPU=n - KVM: Reject device ioctls from processes other than the VM's creator - [x86] KVM: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts - USB: gadget: f_hid: fix deadlock in f_hidg_write() - xhci: Fix port resume done detection for SS ports with LPM enabled - [arm64] support keyctl() system call in 32-bit mode https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.168 - [arm64] debug: Don't propagate UNKNOWN FAR into si_code for debug signals - ext4: cleanup bh release code in ext4_ind_remove_space() - lib/int_sqrt: optimize initial value compute - mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified - i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA - CIFS: fix POSIX lock leak and invalid ptr deref - tracing: kdb: Fix ftdump to not sleep - [armhf] gpio: gpio-omap: fix level interrupt idling - include/linux/relay.h: fix percpu annotation in struct rchan - sysctl: handle overflow for file-max - [arm64] scsi: hisi_sas: Set PHY linkrate when disconnected - [armhf,ppc64el] mm/cma.c: cma_declare_contiguous: correct err handling - mm/page_ext.c: fix an imbalance with kmemleak - mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512! - mm/slab.c: kmemleak no scan alien caches - ocfs2: fix a panic problem caused by o2cb_ctl - fs/file.c: initialize init_files.resize_wait - cifs: use correct format characters - dm thin: add sanity checks to thin-pool and external snapshot creation - cifs: Fix NULL pointer dereference of devname - jbd2: fix invalid descriptor block checksum - fs: fix guard_bio_eod to check for real EOD errors - wil6210: check null pointer in _wil_cfg80211_merge_extra_ies - [arm64,armhf] usb: chipidea: Grab the (legacy) USB PHY by phandle first - scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c - [armel,armhf] 8840/1: use a raw_spinlock_t in unwind - [armhf] mmc: omap: fix the maximum timeout setting - e1000e: Fix -Wformat-truncation warnings - IB/mlx4: Increase the timeout for CM cache - scsi: megaraid_sas: return error when create DMA pool failed - [armhf] SoC: imx-sgtl5000: add missing put_device() - vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset == -1 - [amd64] HID: intel-ish-hid: avoid binding wrong ishtp_cl_device - [armhf] leds: lp55xx: fix null deref on firmware load failure - iwlwifi: pcie: fix emergency path - [x86] ACPI / video: Refactor and fix dmi_is_desktop() - kprobes: Prohibit probing on bsearch() - ALSA: PCM: check if ops are defined before suspending PCM - usb: f_fs: Avoid crash due to out-of-scope stack ptr access - bcache: fix input overflow to cache set sysfs file io_error_halflife - bcache: fix input overflow to sequential_cutoff - bcache: improve sysfs_strtoul_clamp() - genirq: Avoid summation loops for /proc/stat - iw_cxgb4: fix srqidx leak during connection abort - fbdev: fbmem: fix memory access if logo is bigger than the screen - cdrom: Fix race condition in cdrom_sysctl_register - e1000e: fix cyclic resets at link up with active tx - efi/memattr: Don't bail on zero VA if it equals the region's PA - [arm64] soc: qcom: gsbi: Fix error handling in gsbi_probe() - [armhf] avoid Cortex-A9 livelock on tight dmb loops - tty: increase the default flip buffer limit to 2*640K - [ppc64el] powerpc/pseries: Perform full re-add of CPU for topology update post-migration - hwrng: virtio - Avoid repeated init of completion - [arm64,armhf] soc/tegra: fuse: Fix illegal free of IO base address - [amd64] HID: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit - [x86] hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable - [armhf] dmaengine: imx-dma: fix warning comparison of distinct pointer types - [arm64] dmaengine: qcom_hidma: assign channel cookie correctly - netfilter: physdev: relax br_netfilter dependency - [armhf] regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting - drm/nouveau: Stop using drm_crtc_force_disable - selinux: do not override context on context mounts - [arm64,armhf] wlcore: Fix memory leak in case wl12xx_fetch_firmware failure - [arm64,armhf] dmaengine: tegra: avoid overflow of byte tracking - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers - [x86] ACPI / video: Extend chassis-type detection with a "Lunch Box" check [ Ben Hutchings ] * debian/bin/abiupdate.py: Change default URLs to use https: scheme. * Resolve kernel ABI changes: - Revert "genirq: Avoid summation loops for /proc/stat" - tracing: ring_buffer: Avoid ABI change in 4.9.168 - net: icmp: Avoid ABI change in 4.9.163 - Revert "phonet: fix building with clang" - netfilter: Ignore removal of br_netfilter_enable() [ Salvatore Bonaccorso ] * Refresh mm-mmap.c-expand_downwards-don-t-require-the-gap-if-.patch for context changes in 4.9.162 * [rt] Refresh 0008-futex-rt_mutex-Provide-futex-specific-rt_mutex-API.patch for context changes in 4.9.163 * [rt] Drop 0014-futex-rt_mutex-Restructure-rt_mutex_finish_proxy_loc.patch applied upstream in 4.9.163 * [rt] Refresh 0171-arm-include-definition-for-cpumask_t.patch for context changes in 4.9.165 * [rt] Drop 0256-arm-unwind-use-a-raw_spin_lock.patch -- Salvatore Bonaccorso <carnil(a)debian.org> Fri, 12 Apr 2019 15:52:49 +0200 linux (4.9.161-1) stretch; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.145 - [armhf] media: omap3isp: Unregister media device as first - [amd64] iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() - brcmutil: really fix decoding channel info for 160 MHz bandwidth - HID: input: Ignore battery reported by Symbol DS4308 - batman-adv: Expand merged fragment buffer for full packet - bnx2x: Assign unique DMAE channel number for FW DMAE transactions. - qed: Fix PTT leak in qed_drain() - qed: Fix reading wrong value in loop condition - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command - net/mlx4_core: Fix uninitialized variable compilation warning - net/mlx4: Fix UBSAN warning of signed integer overflow - [amd64] iommu/vt-d: Use memunmap to free memremap - team: no need to do team_notify_peers or team_mcast_rejoin when disabling port - mm: don't warn about allocations which stall for too long - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device - usb: appledisplay: Add 27" Apple Cinema Display - USB: check usb_get_extra_descriptor for proper size (CVE-2018-20169) - ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c (CVE-2018-19824) - [x86] ALSA: hda: Add support for AMD Stoney Ridge - ALSA: pcm: Fix starvation on down_write_nonblock() - ALSA: pcm: Call snd_pcm_unlink() conditionally at closing - ALSA: pcm: Fix interval evaluation with openmin/max - [x86] ALSA: hda/realtek - Fix speaker output regression on Thinkpad T570 - [s390x] virtio: avoid race on vcdev->config - [s390x] virtio: fix race in ccw_io_helper() - SUNRPC: Fix leak of krb5p encode pages - [armhf] dmaengine: cppi41: delete channel from pending list when stop channel - xhci: Prevent U1/U2 link pm states if exit latency is too long - swiotlb: clean up reporting - vsock: lookup and setup guest_cid inside vhost_vsock_lock - vhost/vsock: fix use-after-free in network stack callers (CVE-2018-14625) - cifs: Fix separator when building path from dentry - staging: rtl8712: Fix possible buffer overrun - tty: do not set TTY_IO_ERROR flag if console port - mac80211_hwsim: Timer should be initialized before device registered - mac80211: Clear beacon_int in ieee80211_do_stop - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext - mac80211: fix reordering of buffered broadcast packets - mac80211: ignore NullFunc frames in the duplicate detection https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.146 - ipv6: Check available headroom in ip6_xmit() even without options - net: 8139cp: fix a BUG triggered by changing mtu with network traffic - net/mlx4_core: Correctly set PFC param if global pause is turned off. - net: phy: don't allow __set_phy_supported to add unsupported modes - net: Prevent invalid access to skb->prev in __qdisc_drop_all - rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices - tcp: fix NULL ref in tail loss probe - tun: forbid iface creation with rtnl ops - neighbour: Avoid writing before skb->head in neigh_hh_output() - [armhf] OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup - sysv: return 'err' instead of 0 in __sysv_write_inode - [s390x] cpum_cf: Reject request for sampling in event initialization - [armhf] ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing - ASoC: dapm: Recalculate audio map forcely when card instantiated - hwmon: (w83795) temp4_type has writable permission - objtool: Fix double-free in .cold detection error path - objtool: Fix segfault in .cold detection with -ffunction-sections - Btrfs: send, fix infinite loop due to directory rename dependencies - RDMA/mlx5: Fix fence type for IB_WR_LOCAL_INV WR - [armhf] ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE - [armhf] ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE - exportfs: do not read dentry after free - bpf: fix check of allowed specifiers in bpf_trace_printk - ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf - [arm64] net: thunderx: fix NULL pointer dereference in nic_remove - cachefiles: Fix page leak in cachefiles_read_backing_file while vmscan is active - igb: fix uninitialized variables - ixgbe: recognize 1000BaseLX SFP modules as 1Gbps - [arm64] net: hisilicon: remove unexpected free_netdev - drm/ast: fixed reading monitor EDID not stable issue - fscache: fix race between enablement and dropping of object - ocfs2: fix deadlock caused by ocfs2_defrag_extent() - hfs: do not free node before using - hfsplus: do not free node before using - ocfs2: fix potential use after free - pstore: Convert console write to use ->write_buf - staging: speakup: Replace strncpy with memcpy https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.147 - signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack (Closes: #904385) - timer/debug: Change /proc/timer_list from 0444 to 0400 - [armhf] pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11 - aio: fix spectre gadget in lookup_ioctx - [armhf] MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 - [arm*] ARM: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt - tracing: Fix memory leak in set_trigger_filter() - tracing: Fix memory leak of instance function hash filters - [powerpc*] msi: Fix NULL pointer access in teardown code - Revert "drm/rockchip: Allow driver to be shutdown on reboot/kexec" - [x86] drm/i915/execlists: Apply a full mb before execution for Braswell - mac80211: don't WARN on bad WMM parameters from buggy APs - mac80211: Fix condition validating WMM IE - [amd64] IB/hfi1: Remove race conditions in user_sdma send path - [x86] locking: Remove smp_read_barrier_depends() from queued_spin_lock_slowpath() - [x86] locking/qspinlock: Ensure node is initialised before updating prev->next - [x86] locking/qspinlock: Bound spinning on pending->locked transition in slowpath - [x86] locking/qspinlock: Merge 'struct __qspinlock' into 'struct qspinlock' - [x86] locking/qspinlock: Remove unbounded cmpxchg() loop from locking slowpath - [x86] locking/qspinlock: Remove duplicate clear_pending() function from PV code - [x86] locking/qspinlock: Kill cmpxchg() loop when claiming lock from head of queue - [x86] locking/qspinlock: Re-order code - [x86] locking/qspinlock/x86: Increase _Q_PENDING_LOOPS upper bound - [x86] locking/qspinlock, x86: Provide liveness guarantee - [x86] locking/qspinlock: Fix build for anonymous union in older GCC compilers - mac80211_hwsim: fix module init error paths for netlink - scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset - [x86] scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq during unload - [x86] earlyprintk/efi: Fix infinite loop on some screen widths - [arm64] drm/msm: Grab a vblank reference when waiting for commit_done - bonding: fix 802.3ad state sent to partner when unbinding slave - nfs: don't dirty kernel pages read by direct-io - SUNRPC: Fix a potential race in xprt_connect() - [arm64] clk: mvebu: Off by one bugs in cp110_of_clk_get() - [armhf] Input: omap-keypad - fix keyboard debounce configuration - libata: whitelist all SAMSUNG MZ7KM* solid-state disks - [armhf] mv88e6060: disable hardware level MAC learning - net/mlx4_en: Fix build break when CONFIG_INET is off - bpf: check pending signals while verifying programs - [arm*] 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling - [arm*] 8815/1: V7M: align v7m_dma_inv_range() with v7 counterpart - drm/ast: Fix connector leak during driver unload - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) - vhost/vsock: fix reset orphans race with close timeout - [x86] i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node - nvmet-rdma: fix response use after free - [armhf] rtc: snvs: add a missing write sync - [armhf] rtc: snvs: Add timeouts to avoid kernel lockups https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.148 - block: break discard submissions into the user defined size - block: fix infinite loop if the device loses discard capability - ib_srpt: Fix a use-after-free in __srpt_close_all_ch() - USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data (CVE-2018-19985) - xhci: Don't prevent USB2 bus suspend in state check intended for USB3 only - USB: serial: option: add GosunCn ZTE WeLink ME3630 - USB: serial: option: add HP lt4132 - USB: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) - USB: serial: option: add Fibocom NL668 series - USB: serial: option: add Telit LN940 series - mmc: core: Reset HPI enabled state during re-init and in case of errors - mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support - mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl - [armhf] mmc: omap_hsmmc: fix DMA API warning - [x86] Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels - [x86] mtrr: Don't copy uninitialized gentry fields back to userspace - [x86] fpu: Disable bottom halves while loading FPU registers - ubifs: Handle re-linking of inodes correctly while recovery - panic: avoid deadlocks in re-entrant console drivers - proc/sysctl: don't return ENOMEM on lookup when a table is unregistering - drm/ioctl: Fix Spectre v1 vulnerabilities https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.149 - ip6mr: Fix potential Spectre v1 vulnerability - ipv4: Fix potential Spectre v1 vulnerability - ax25: fix a use-after-free in ax25_fillin_cb() - [ppc64el] ibmveth: fix DMA unmap error in ibmveth_xmit_start error path - ieee802154: lowpan_header_create check must check daddr - ipv6: explicitly initialize udp6_addr in udp_sock_create6() - ipv6: tunnels: fix two use-after-free - isdn: fix kernel-infoleak in capi_unlocked_ioctl - net: ipv4: do not handle duplicate fragments as overlapping - net: phy: Fix the issue that netif always links up after resuming - netrom: fix locking in nr_find_socket() - packet: validate address length - packet: validate address length if non-zero - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event - tipc: fix a double kfree_skb() - vhost: make sure used idx is seen before log in vhost_add_used_n() - [x86] VSOCK: Send reset control packet when socket is partially bound - xen/netfront: tolerate frags with no data - tipc: use lock_sock() in tipc_sk_reinit() - tipc: compare remote and local protocols in tipc_udp_enable() - gro_cell: add napi_disable in gro_cells_destroy - net/mlx5e: Remove the false indication of software timestamping support - net/mlx5: Typo fix in del_sw_hw_rule - sock: Make sock->sk_stamp thread-safe - ptr_ring: wrap back ->producer in __ptr_ring_swap_queue() - ALSA: rme9652: Fix potential Spectre v1 vulnerability - ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities - ALSA: pcm: Fix potential Spectre v1 vulnerability - ALSA: emux: Fix potential Spectre v1 vulnerabilities - ALSA: hda: add mute LED support for HP EliteBook 840 G4 - [arm64,armhf] ALSA: hda/tegra: clear pending irq handlers - USB: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays - USB: serial: option: add Fibocom NL678 series - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID - Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G - [x86] KVM: Use jmp to invoke kvm_spurious_fault() from .fixup - platform-msi: Free descriptors in platform_msi_domain_free() - perf pmu: Suppress potential format-truncation warning - ext4: fix possible use after free in ext4_quota_enable - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() - ext4: fix EXT4_IOC_GROUP_ADD ioctl - ext4: include terminating u32 in size of xattr entries when expanding inodes - ext4: force inode writes when nfsd calls commit_metadata() - [arm64,armhf] spi: bcm2835: Fix race on DMA termination - [arm64,armhf] spi: bcm2835: Fix book-keeping of DMA termination - [arm64,armhf] spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode - [armhf] clk: rockchip: fix typo in rk3188 spdif_frac parent - cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader. - f2fs: fix validation of the block count in sanity_check_raw_super - media: vivid: free bitmap_cap when updating std/timings/etc. - media: v4l2-tpg: array index could become negative - [mips*] Ensure pmd_present() returns false after pmd_mknotpresent() - [mips*] OCTEON: mark RGMII interface disabled on OCTEON III - CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem - [x86] kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested - [arm64] KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1 - [armhf] rtc: m41t80: Correct alarm month range with RTC reads - [x86] tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x - [arm64,armhf] spi: bcm2835: Unbreak the build of esoteric configs https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.150 - [arm64] pinctrl: meson: fix pull enable register calculation - Input: restore EV_ABS ABS_RESERVED - xfrm: Fix bucket count reported to userspace - netfilter: seqadj: re-load tcp header pointer after possible head reallocation - scsi: bnx2fc: Fix NULL dereference in error handling - [armhf] Input: omap-keypad - fix idle configuration to not block SoC idle states - netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel - bnx2x: Clear fip MAC when fcoe offload support is disabled - bnx2x: Remove configured vlans as part of unload sequence. - bnx2x: Send update-svid ramrod with retry/poll flags enabled - scsi: target: iscsi: cxgbit: fix csk leak - scsi: target: iscsi: cxgbit: add missing spin_lock_init() - [arm64] net: hns: Incorrect offset address used for some registers. - [arm64] net: hns: All ports can not work when insmod hns ko after rmmod. - [arm64] net: hns: Some registers use wrong address according to the datasheet. - [arm64] net: hns: Fixed bug that netdev was opened twice - [arm64] net: hns: Clean rx fbd when ae stopped. - [arm64] net: hns: Free irq when exit from abnormal branch - [arm64] net: hns: Avoid net reset caused by pause frames storm - [arm64] net: hns: Fix ntuple-filters status error. - net: hns: Add mac pcs config when enable|disable mac - SUNRPC: Fix a race with XPRT_CONNECTING - lan78xx: Resolve issue with changing MAC address - vxge: ensure data0 is initialized in when fetching firmware version information - net: netxen: fix a missing check and an uninitialized use - [s390x] scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown - libceph: fix CEPH_FEATURE_CEPHX_V2 check in calc_signature() - fork: record start_time late - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined - mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL - mm, devm_memremap_pages: kill mapping "System RAM" support - sunrpc: fix cache_head leak due to queued request - sunrpc: use SVC_NET() in svcauth_gss_* functions - [mips*] math-emu: Write-protect delay slot emulation pages - [amd64] crypto: x86/chacha20 - avoid sleeping with preemption disabled - vhost/vsock: fix uninitialized vhost_vsock->guest_cid - [amd64] IB/hfi1: Incorrect sizing of sge for PIO will OOPs - ALSA: cs46xx: Potential NULL dereference in probe - ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit() - ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks - dlm: fixed memory leaks after failed ls_remove_names allocation - dlm: possible memory leak on error path in create_lkb() - dlm: lost put_lkb on error path in receive_convert() and receive_unlock() - dlm: memory leaks on error path in dlm_user_request() - gfs2: Get rid of potential double-freeing in gfs2_create_inode - gfs2: Fix loop in gfs2_rbm_find - b43: Fix error in cordic routine - [powerpc*] tm: Set MSR[TS] just prior to recheckpoint - 9p/net: put a lower bound on msize - rxe: fix error completion wr_id and qp_num - [amd64] iommu/vt-d: Handle domain agaw being less than iommu agaw - ceph: don't update importing cap's mseq when handing cap export - [ppc64el] genwqe: Fix size check - [x86] intel_th: msu: Fix an off-by-one in attribute store - [i386] power: supply: olpc_battery: correct the temperature units - [arm64,armhf] drm/vc4: Set ->is_yuv to false when num_planes == 1 - bnx2x: Fix NULL pointer dereference in bnx2x_del_all_vlans() on some hw https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.151 - ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 - CIFS: Do not hide EINTR after sending network packets - cifs: Fix potential OOB access of lock element array - usb: cdc-acm: send ZLP for Telit 3G Intel based modems - USB: storage: don't insert sane sense for SPC3+ when bad sense specified - USB: storage: add quirk for SMI SM3350 - USB: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB - slab: alien caches must not be initialized if the allocation of the alien cache failed - mm: page_mapped: don't assume compound page is huge or THP - ACPI: power: Skip duplicate power resource references in _PRx - i2c: dev: prevent adapter retries and timeout being set as minus value - rbd: don't return 0 on unmap if RBD_DEV_FLAG_REMOVING is set - ext4: make sure enough credits are reserved for dioread_nolock writes - ext4: fix a potential fiemap/page fault deadlock w/ inline_data - ext4: avoid kernel warning when writing the superblock to a dead device - sunrpc: use-after-free in svc_process_common() (CVE-2018-16884) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.152 - tty/ldsem: Wake up readers after timed out down_write() - tty: Hold tty_ldisc_lock() during tty_reopen() - tty: Simplify tty->count math in tty_reopen() - tty: Don't hold ldisc lock in tty_reopen() if ldisc present - can: gw: ensure DLC boundaries after CAN frame modification (CVE-2019-3701) - Revert "f2fs: do not recover from previous remained wrong dnodes" - media: em28xx: Fix misplaced reset of dev->v4l::field_count - proc: Remove empty line in /proc/self/status - [arm64] kvm: consistently handle host HCR_EL2 flags - [arm64] Don't trap host pointer auth use to EL2 - ipv6: fix kernel-infoleak in ipv6_local_error() - net: bridge: fix a bug on using a neighbour cache entry without checking its state - packet: Do not leak dev refcounts on error exit - bonding: update nest level on unlink - ip: on queued skb use skb_header_pointer instead of pskb_may_pull - crypto: authencesn - Avoid twice completion call in decrypt path - crypto: authenc - fix parsing key with misaligned rta_len - btrfs: wait on ordered extents on abort cleanup - Yama: Check for pid death before checking ancestry - scsi: core: Synchronize request queue PM status only on successful resume - scsi: sd: Fix cache_type_store() - [arm64] kaslr: ensure randomized quantities are clean to the PoC - [mips*] Disable MSI also when pcie-octeon.pcie_disable on - media: vivid: fix error handling of kthread_run - media: vivid: set min width/height to a value > 0 - LSM: Check for NULL cred-security on free - media: vb2: vb2_mmap: move lock up - sunrpc: handle ENOMEM in rpcb_getport_async - netfilter: ebtables: account ebt_table_info to kmemcg - selinux: fix GPF on invalid policy - blockdev: Fix livelocks on loop device - sctp: allocate sctp_sockaddr_entry with kzalloc - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats - tipc: fix uninit-value in tipc_nl_compat_bearer_enable - tipc: fix uninit-value in tipc_nl_compat_link_set - tipc: fix uninit-value in tipc_nl_compat_name_table_dump - tipc: fix uninit-value in tipc_nl_compat_doit - block/loop: Use global lock for ioctl() operation. - loop: Fold __loop_release into loop_release - loop: Get rid of loop_index_mutex - loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl() - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock - mm, memcg: fix reclaim deadlock with writeback - media: vb2: be sure to unlock mutex on errors - nbd: set the logical and physical blocksize properly - nbd: Use set_blocksize() to set device blocksize https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.153 - r8169: Add support for new Realtek Ethernet - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses - [x86] platform: asus-wmi: Tell the EC the OS will handle the display off hotkey - e1000e: allow non-monotonic SYSTIM readings - writeback: don't decrement wb->refcnt if !wb->bdi - [arm64,armhf] serial: set suppress_bind_attrs flag only if builtin - ALSA: oxfw: add support for APOGEE duet FireWire - [arm64] perf: set suppress_bind_attrs flag to true - selinux: always allow mounting submounts - rxe: IB_WR_REG_MR does not capture MR's iova field - jffs2: Fix use of uninitialized delayed_work, lockdep breakage - pstore/ram: Do not treat empty buffers as valid - [ppc64el] powerpc/xmon: Fix invocation inside lock region - [powerpc*] powerpc/pseries/cpuidle: Fix preempt warning - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info - net: call sk_dst_reset when set SO_DONTROUTE - scsi: target: use consistent left-aligned ASCII INQUIRY data - [armhf] clk: imx6q: reset exclusive gates on init - tty/serial: do not free trasnmit buffer page under port lock - [x86] perf intel-pt: Fix error with config term "pt=0" - perf svghelper: Fix unchecked usage of strncpy() - perf parse-events: Fix unchecked usage of strncpy() - dm kcopyd: Fix bug causing workqueue stalls - dm snapshot: Fix excessive memory usage and workqueue stalls - ALSA: bebob: fix model-id of unit for Apogee Ensemble - sysfs: Disable lockdep for driver bind/unbind files - scsi: smartpqi: correct lun reset issues - scsi: megaraid: fix out-of-bound array accesses - ocfs2: fix panic due to unrecovered local alloc - mm/page-writeback.c: don't break integrity writeback on ->writepage() error - mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps - [arm64] ipmi:ssif: Fix handling of multi-part return messages - locking/qspinlock: Pull in asm/byteorder.h to ensure correct endianness https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.154 - net: bridge: Fix ethernet header pointer before check skb forwardable - net: Fix usage of pskb_trim_rcsum - openvswitch: Avoid OOB read when parsing flow nlattrs - vhost: log dirty page correctly - net: ipv4: Fix memory leak in network namespace dismantle - net_sched: refetch skb protocol for each filter - ipfrag: really prevent allocation on netns exit - USB: serial: simple: add Motorola Tetra TPG2200 device id - USB: serial: pl2303: add new PID to support PL2303TB - [x86] ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages - [s390x] early: improve machine detection - [s390x] smp: fix CPU hotplug deadlock with CPU rescan - [x86] char/mwave: fix potential Spectre v1 vulnerability - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 - tty: Handle problem if line discipline does not have receive_buf - uart: Fix crash in uart_write and uart_put_char - [x86] tty/n_hdlc: fix __might_sleep warning - CIFS: Fix possible hang during async MTU reads and writes - Input: xpad - add support for SteelSeries Stratus Duo - compiler.h: enable builtin overflow checkers and add fallback code - Input: uinput - fix undefined behavior in uinput_validate_absinfo() - [x86] acpi/nfit: Block function zero DSMs - [x86] acpi/nfit: Fix command-supported detection - dm thin: fix passdown_double_checking_shared_status() - [x86] KVM: Fix single-step debugging - [x86] kaslr: Fix incorrect i8254 outb() parameters - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it - can: bcm: check timer values before ktime conversion - vt: invoke notifier on screen size change - perf unwind: Unwind with libdw doesn't take symfs into account - perf unwind: Take pgoff into account when reporting elf to libdwfl - [arm64] irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size - [s390x] smp: Fix calling smp_call_ipl_cpu() from ipl CPU - nvmet-rdma: Add unlikely for response allocated check - nvmet-rdma: fix null dereference under heavy load - f2fs: read page index before freeing - btrfs: fix error handling in btrfs_dev_replace_start - btrfs: dev-replace: go back to suspended state if target device is missing https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.155 - Fix "net: ipv4: do not handle duplicate fragments as overlapping" - fs: add the fsnotify call to vfs_iter_write - ipv6: Consider sk_bound_dev_if when binding a socket to an address (Closes: #918103) - l2tp: copy 4 more bytes to linear part if necessary - net/mlx4_core: Add masking for a few queries on HCA caps - netrom: switch to sock timer API - net/rose: fix NULL ax25_cb kernel panic - net/mlx5e: Allow MAC invalidation while spoofchk is ON - l2tp: remove l2specific_len dependency in l2tp_core - l2tp: fix reading optional fields of L2TPv3 - ipvlan, l3mdev: fix broken l3s mode wrt local routes - CIFS: Do not count -ENODATA as failure for query directory - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() - [arm64] kaslr: ensure randomized quantities are clean also when kaslr is off - [arm64] hyp-stub: Forbid kprobing of the hyp-stub - [arm64] hibernate: Clean the __hyp_text to PoC after resume - gfs2: Revert "Fix loop in gfs2_rbm_find" - [x86] platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK - [x86] platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes - [arm64,armhf] mmc: sdhci-iproc: handle mmc_of_parse() errors during probe - kernel/exit.c: release ptraced tasks before zap_pid_ns_processes - mm, oom: fix use-after-free in oom_kill_process - mm: hwpoison: use do_send_sig_info() instead of force_sig() - mm: migrate: don't rely on __PageMovable() of newpage after unlocking it - cifs: Always resolve hostname before reconnecting - drivers: core: Remove glue dirs from sysfs earlier - fs: don't scan the inode cache before SB_BORN is set - fanotify: fix handling of events on child sub-directory https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156 - drm/bufs: Fix Spectre v1 vulnerability - [x86] ASoC: Intel: mrfld: fix uninitialized variable access - [armhf] gpu: ipu-v3: image-convert: Prevent race between run and unprepare - scsi: lpfc: Correct LCB RJT handling - [armhf] 8808/1: kexec:offline panic_smp_self_stop CPU - dlm: Don't swamp the CPU with callbacks queued during recovery - [x86] PCI: Fix Broadcom CNB20LE unintended sign extension (redux) - [ppc64el] powerpc/pseries: add of_node_put() in dlpar_detach_node() - [arm64,armhf] drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl - [arm64,armhf] soc/tegra: Don't leak device tree node reference - [x86] iio: accel: kxcjk1013: Add KIOX010A ACPI Hardware-ID - media: adv*/tc358743/ths8200: fill in min width/height/pixelclock - f2fs: move dir data flush to write checkpoint process - f2fs: fix wrong return value of f2fs_acl_create - nfsd4: fix crash on writing v4_end_grace before nfsd startup - Thermal: do not clear passive state during system sleep - firmware/efi: Add NULL pointer checks in efivars API functions - [arm64] ftrace: don't adjust the LR value - [x86] fpu: Add might_fault() to user_insn() - smack: fix access permissions for keyring - usb: hub: delay hub autosuspend if USB3 port is still link training - timekeeping: Use proper seqcount initializer - [armhf] clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module clocks - [amd64] iommu/amd: Fix amd_iommu=force_isolation - [armhf] dts: Fix OMAP4430 SDP Ethernet startup - [mips*] bpf: fix encoding bug for mm_srlv32_op - [arm64,armhf] iommu/arm-smmu: Add support for qcom,smmu-v2 variant - [arm64] iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer - udf: Fix BUG on corrupted inode - memstick: Prevent memstick host from getting runtime suspended during card detection - [armhf] tty: serial: samsung: Properly set flags in autoCTS mode - perf header: Fix unchecked usage of strncpy() - perf probe: Fix unchecked usage of strncpy() - [arm64] KVM: Skip MMIO insn after emulation - mac80211: fix radiotap vendor presence bitmap handling - xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi - Bluetooth: Fix unnecessary error message for HCI request completion - scsi: smartpqi: correct host serial num for ssa - scsi: smartpqi: correct volume status - drbd: narrow rcu_read_lock in drbd_sync_handshake - drbd: disconnect, if the wrong UUIDs are attached on a connected peer - drbd: skip spurious timeout (ping-timeo) when failing promote - fbdev: fbmem: behave better with small rotated displays and many CPUs - i40e: define proper net_device::neigh_priv_len - igb: Fix an issue that PME is not enabled during runtime suspend - fbdev: fbcon: Fix unregister crash when more than one framebuffer - [arm64] pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins - [arm64] pinctrl: meson: meson8b: fix the GPIO function for the GPIOAO pins - [x86] KVM: svm: report MSR_IA32_MCG_EXT_CTL as unsupported - NFS: nfs_compare_mount_options always compare auth flavors. - hwmon: (lm80) fix a missing check of the status of SMBus read - hwmon: (lm80) fix a missing check of bus read in lm80 probe - seq_buf: Make seq_buf_puts() null-terminate the buffer - cifs: check ntwrk_buf_start for NULL before dereferencing it - um: Avoid marking pages with "changed protection" - niu: fix missing checks of niu_pci_eeprom_read - f2fs: fix sbi->extent_list corruption issue - ocfs2: don't clear bh uptodate for block read - HID: lenovo: Add checks to fix of_led_classdev_register - kernel/hung_task.c: break RCU locks based on jiffies - proc/sysctl: fix return error for proc_doulongvec_minmax() - fs/epoll: drop ovflist branch prediction - exec: load_script: don't blindly truncate shebang string - dccp: fool proof ccid_hc_[rt]x_parse_options() - rxrpc: bad unlock balance in rxrpc_recvmsg - skge: potential memory corruption in skge_get_regs() - rds: fix refcount bug in rds_sock_addref - net/mlx5e: Force CHECKSUM_UNNECESSARY for short ethernet frames - [armhf] net: dsa: slave: Don't propagate flag changes on down slave interfaces - enic: fix checksum validation for IPv6 - ALSA: compress: Fix stop handling on compressed capture streams - ALSA: hda - Serialize codec registrations - fuse: call pipe_buf_release() under pipe lock - fuse: decrement NR_WRITEBACK_TEMP on the right page - fuse: handle zero sized retrieve correctly - [arm64,armhf] dmaengine: bcm2835: Fix interrupt race on RT - [arm64,armhf] dmaengine: bcm2835: Fix abort of transactions - [armhf] dmaengine: imx-dma: fix wrong callback invoke - [armhf] usb: phy: am335x: fix race condition in _probe - [armhf] usb: gadget: musb: fix short isoc packets with inventra dma - scsi: aic94xx: fix module loading - [x86] KVM: work around leak of uninitialized stack contents (CVE-2019-7222) - kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974) - [x86] KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221) - [x86] perf/x86/intel/uncore: Add Node ID mask - [x86] MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() - perf/core: Don't WARN() for impossible ring-buffer sizes - perf tests evsel-tp-sched: Fix bitwise operator - serial: fix race between flush_to_ldisc and tty_open - oom, oom_reaper: do not enqueue same task twice - [amd64] PCI: vmd: Free up IRQs on suspend path - [amd64] IB/hfi1: Add limit test for RC/UC send via loopback - [x86] perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.157 - [armhf] mtd: rawnand: gpmi: fix MX28 bus master lockup problem - signal: Always notice exiting tasks - signal: Better detection of synchronous signals - [arm64,armhf] misc: vexpress: Off by one in vexpress_syscfg_exec() - debugfs: fix debugfs_rename parameter checking - [mips*] cm: reprime error cause - [mips*] OCTEON: don't set octeon_dma_bar_type if PCI is disabled - mac80211: ensure that mgmt tx skbs have tailroom for encryption - drm/modes: Prevent division by zero htotal - [x86] drm/vmwgfx: Fix setting of dma masks - [x86] drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user - nfsd4: fix cached replies to solo SEQUENCE compounds - nfsd4: catch some false session retries - HID: debug: fix the ring buffer implementation (CVE-2019-3819) - Revert "cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs)" - libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() - xfrm: refine validation of template and selector families - batman-adv: Avoid WARN on net_device without parent in netns - batman-adv: Force mac header to start of data on xmit https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.158 - Revert "exec: load_script: don't blindly truncate shebang string" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.159 - dt-bindings: eeprom: at24: add "atmel,24c2048" compatible string - eeprom: at24: add support for 24c2048 - uapi/if_ether.h: prevent redefinition of struct ethhdr - [armel,armhf] 8789/1: signal: copy registers using __copy_to_user() - [armel,armhf] 8791/1: vfp: use __copy_to_user() when saving VFP state - [armel,armhf] 8793/1: signal: replace __put_user_error with __put_user - [armel,armhf] 8794/1: uaccess: Prevent speculative use of the current addr_limit - [armel,armhf] 8795/1: spectre-v1.1: use put_user() for __put_user() - [armel,armhf] 8796/1: spectre-v1,v1.1: provide helpers for address sanitization - [armel,armhf] 8797/1: spectre-v1.1: harden __copy_to_user - [armel,armhf] 8810/1: vfp: Fix wrong assignement to ufp_exc - [armel,armhf] make lookup_processor_type() non-__init - [armel,armhf] split out processor lookup - [armel,armhf] clean up per-processor check_bugs method call - [armel,armhf] add PROC_VTABLE and PROC_TABLE macros - [armel,armhf] spectre-v2: per-CPU vtables to work around big.Little systems - [armel,armhf] ensure that processor vtables is not lost after boot - [armel,armhf] fix the cockup in the previous patch - net: create skb_gso_validate_mac_len() (CVE-2018-1000026) - bnx2x: disable GSO where gso_size is too big for hardware (CVE-2018-1000026) - [i386] ACPI: NUMA: Use correct type for printing addresses on i386-PAE - cpufreq: check if policy is inactive early in __cpufreq_get() - [armel] dts: kirkwood: Fix polarity of GPIO fan lines - cifs: Limit memory used by lock request calls to a page - perf report: Include partial stacks unwound with libdw - Revert "Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G" - Input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK - perf/core: Fix impossible ring-buffer sizes warning - [x86] perf: Add check_period PMU callback - ALSA: hda - Add quirk for HP EliteBook 840 G5 - ALSA: usb-audio: Fix implicit fb endpoint setup by quirk - [x86] kvm: vmx: Fix entry number check for add_atomic_switch_msr() - Input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 - [alpha] fix page fault handling for r16-r18 targets - [alpha] Fix Eiger NR_IRQS to 128 - tracing/uprobes: Fix output for multiple string arguments - signal: Restore the stop PTRACE_EVENT_EXIT - [amd64] x86/a.out: Clear the dump structure initially - dm thin: fix bug where bio that overwrites thin block ignores FUA - [x86] drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set - smsc95xx: Use skb_cow_head to deal with cloned skbs - ch9200: use skb_cow_head() to deal with cloned skbs - kaweth: use skb_cow_head() to deal with cloned skbs - [arm64,armhf] usb: dwc2: Remove unnecessary kfree - netfilter: nf_tables: fix mismatch in big-endian system - [arm64] pinctrl: msm: fix gpio-hog related boot issues - mm: stop leaking PageTables - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define - Revert "scsi: aic94xx: fix module loading" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.160 - net: fix IPv6 prefix route residue - [x86] vsock: cope with memory allocation failure at socket creation time - hwmon: (lm80) Fix missing unlock on error in set_fan_div() - net: Fix for_each_netdev_feature on Big endian - [arm64,armhf] net: stmmac: handle endianness in dwmac4_get_timestamp - sky2: Increase D3 delay again - vhost: correctly check the return value of translate_desc() in log_used() - net: Add header for usage of fls64() - tcp: tcp_v4_err() should be more careful - net: Do not allocate page fragments that are not skb aligned - tcp: clear icsk_backoff in tcp_write_queue_purge() - vxlan: test dev->flags & IFF_UP before calling netif_rx() - [arm64,armhf] net: stmmac: Fix a race in EEE enable callback - net: ipv4: use a dedicated counter for icmp_v4 redirect packets - btrfs: Remove false alert when fiemap range is smaller than on-disk extent - mISDN: fix a race in dev_expire_timer() - ax25: fix possible use-after-free https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.161 - mac80211: Free mpath object when rhashtable insertion fails - libceph: handle an empty authorize reply - ceph: avoid repeatedly adding inode to mdsc->snap_flush_list - numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES - proc, oom: do not report alien mms when setting oom_score_adj - KEYS: allow reaching the keys quotas exactly - [armhf] mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells - [armhf] mfd: twl-core: Fix section annotations on {,un}protect_pm_master - [arm64] mfd: qcom_rpm: write fw_version to CTRL_REG - [armhf] mfd: mc13xxx: Fix a missing check of a register-read failure - qed: Fix qed_ll2_post_rx_buffer_notify_fw() by adding a write memory barrier - [arm64] net: hns: Fix use after free identified by SLUB debug - scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param - [x86] scsi: isci: initialize shost fully before calling scsi_add_host() - atm: he: fix sign-extension overflow on large shift - [armhf] leds: lp5523: fix a missing check of return value of lp55xx_read - net/mlx5e: Fix wrong (zero) TX drop counter indication for representor - RDMA/srp: Rework SCSI device reset handling - KEYS: user: Align the payload buffer - KEYS: always initialize keyring_index_key::desc_len - batman-adv: fix uninit-value in batadv_interface_tx() - net/packet: fix 4gb buffer limit due to overflow check - team: avoid complex list operations in team_nl_cmd_options_set() - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach() - sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment - net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames - [hppa/parisc] Fix ptrace syscall number modification - [x86] hpet: Make cmd parameter of hpet_ioctl_common() unsigned - clocksource: Use GENMASK_ULL in definition of CLOCKSOURCE_MASK - netpoll: Fix device name check in netpoll_setup() - tracing: Use cpumask_available() to check if cpumask variable may be used - [x86] boot: Disable the address-of-packed-member compiler warning - [x86] drm/i915: Consistently use enum pipe for PCH transcoders - [x86] drm/i915: Fix enum pipe vs. enum transcoder for the PCH transcoder - [arm64] irqchip/gic-v3: Convert arm64 GIC accessors to {read,write}_sysreg_s - mm/zsmalloc.c: change stat type parameter to int - mm/zsmalloc.c: fix -Wunneeded-internal-declaration warning - Revert "bridge: do not add port to router list when receives query with source 0.0.0.0" - netfilter: nf_tables: fix flush after rule deletion in the same batch - [arm64] pinctrl: max77620: Use define directive for max77620_pinconf_param values - [arm64,armhf] phy: tegra: remove redundant self assignment of 'map' - sched/sysctl: Fix attributes of some extern declarations [ Salvatore Bonaccorso ] * Refresh kbuild-use-nostdinc-in-compile-tests.patch for context changes in 4.9.145 * [rt] Update to 4.9.146-rt125 - seqlock: provide the same ordering semantics as mainline - squashfs: make use of local lock in multi_cpu decompressor - locallock: provide {get,put}_locked_ptr() variants - posix-timers: move the rcu head out of the union - alarmtimer: Prevent live lock in alarm_cancel() - block: blk-mq: move blk_queue_usage_counter_release() into process context - Revert "block: blk-mq: Use swait" - Revert "rt,ntp: Move call to schedule_delayed_work() to helper thread" - net: use task_struct instead of CPU number as the queue owner on -RT - locking: add types.h - mm/slub: close possible memory-leak in kmem_cache_alloc_bulk() - crypto: limit more FPU-enabled sections - sched, tracing: Fix trace_sched_pi_setprio() for deboosting - rcu: Suppress lockdep false-positive ->boost_mtx complaints - rcu: Do not include rtmutex_common.h unconditionally - rtmutex: Make rt_mutex_futex_unlock() safe for irq-off callsites - futex: Fix OWNER_DEAD fixup - futex: Avoid violating the 10th rule of futex - futex: Fix more put_pi_state() vs. exit_pi_state_list() races - futex: Fix pi_state->owner serialization * [rt] Refresh 0366-posix-timers-move-the-rcu-head-out-of-the-union.patch. Refresh for context changes caused by a Debian specific patch to avoid ABI change in 4.9.136: "posix-timers: Avoid ABI change in 4.9.136" * [rt] Refresh 0280-random-Make-it-work-on-rt.patch * [rt] Refresh 0198-fs-aio-simple-simple-work.patch for context changes in 4.9.147 * Btrfs: fix corruption reading shared and compressed extents after hole punching (Closes: #922306) [ Ben Hutchings ] * Bump ABI to 9 and apply deferred changes: - netfilter: ipv6: nf_defrag: reduce struct net memory waste - proc/sysctl: prune stale dentries during unregistering - proc/sysctl: Don't grab i_lock under sysctl_lock. - proc: Fix proc_sys_prune_dcache to hold a sb reference - [mips*] Correct the 64-bit DSP accumulator register size - inet: frags: fix ip6frag_low_thresh boundary - inet: frags: reorganize struct netns_frags - rhashtable: reorganize struct rhashtable layout - inet: frags: break the 2GB limit for frags storage - elevator: fix truncation of icq_cache_name -- Salvatore Bonaccorso <carnil(a)debian.org> Wed, 27 Feb 2019 22:21:01 +0100 --- Modifications pour mariadb-10.1 (libmariadbclient18 mariadb-client-10.1 mariadb-client-core-10.1 mariadb-common) --- mariadb-10.1 (10.1.38-0+deb9u1) stretch; urgency=medium * SECURITY UPDATE: New upstream release 10.1.38. Includes fixes for the following security vulnerabilities (Closes: #920933): - CVE-2019-2537 - CVE-2019-2529 * Update correct branch name in gbp.conf * Disable test unit.pcre_test on s390x that was failing in stretch-security (Closes: #920854) * Limit build test suite to 'main' like in mariadb-10.3 to make unnecessary build failures less likely in lifetime of Stretch. * Fix mips compilation failure (__bss_start symbol missing) (Closes: #920855) * Extend the server README to clarify common misunderstandings (Closes: #878215) * Enable ccache in CMake path so it can be used automatically where available * Heavily refactor and unify gitlab-ci.yml MariaDB install/upgrade steps. This ensures uploads to Stretch are much more safer to do now than in the past. -- Otto Kekäläinen <otto(a)debian.org> Tue, 16 Apr 2019 14:56:50 +0300 --- Modifications pour postfix (postfix postfix-sqlite) --- postfix (3.1.12-0+deb9u1) stretch; urgency=medium [Scott Kitterman] * Add detailed smarthost instructions to README.Debian. Thanks to Celejar for the input. Closes: #919444 * Refresh patches [Wietse Venema] * 3.1.10 - Bugfix (introduced: Postfix 2.11): minor memory leak when minting issuer certs. This affects a tiny minority of use cases. Viktor Dukhovni, based on a fix by Juan Altmayer Pizzorno for the ssl_dane library. File: tls/tls_dane.c. - Bugfix (introduced: Postfix 3.0): with smtputf8_enable=yes, table lookups could casefold the search string when searching a lookup table that does not use fixed-string keys (regexp, pcre, tcp, etc.). Historically, Postfix would not case-fold the search string with such tables. File: util/dict_utf8.c. Closes: #917512 - Multiple 'bit rot' fixes for OpenSSL API changes, including support to disable TLSv1.3, to avoid issuing multiple session tickets. Viktor Dukhovni. Files: proto/postconf.proto, proto/TLS_README.html, tls/tls.h, tls/tls_server.c, tls/tls_misc.c. - Bugfix (introduced: 3.0): smtpd_discard_ehlo_keywords could not disable "SMTPUTF8". because the lookup table was using "EHLO_MASK_SMTPUTF8" instead. File: global/ehlo_mask.c. - Documentation: update documentation for Postfix versions that support disabling TLS 1.3. File: proto/postconf.proto. - Improved logging of TLS 1.3 summary information, and improved reporting of the same info in Received: message headers. Viktor Dukhovni. Files: proto/FORWARD_SECRECY_README.html, posttls-finger/posttls-finger.c, smtpd/smtpd.c, tls/tls.h, tls/tls_client.c, tls/tls_misc.c, tls/tls_proxy.h, tls/tls_proxy_context_print.c, tls/tls_proxy_context_scan.c, tls/tls_server.c. * 3.1.11 - Bugfix (introduced: postfix-2.11): with posttls-finger, connections to unix-domain servers always resulted in "Failed to establish session" even after a connection was established. Jaroslav Skarva. File: posttls-finger/posttls-finger.c. * 3.1.12 - Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce has been producing false rejects starting with the Postfix 2.2 smtpd_end_of_data_restrictons, and for the same reasons, did the same with the Postfix 3.4 BDAT command. The latter was reported by Andreas Schulze. File: smtpd/smtpd_check.c. - Bugfix (introduced: Postfix 3.0): LMTP connections over UNIX-domain sockets were cached but not reused, due to a cache lookup key mismatch. Therefore, idle cached connections could exhaust LMTP server resources, resulting in two-second pauses between email deliveries. This problem was investigated by Juliana Rodrigueiro. File: smtp/smtp_connect.c. -- Scott Kitterman <scott(a)kitterman.com> Mon, 25 Mar 2019 01:01:51 -0400 --- Modifications pour publicsuffix --- publicsuffix (20190415.1030-0+deb9u1) stretch; urgency=medium * new upstream publicsuffix data -- Daniel Kahn Gillmor <dkg(a)fifthhorseman.net> Mon, 15 Apr 2019 14:11:53 -0400 publicsuffix (20190221.0923-0+deb9u1) stretch; urgency=medium * new upstream publicsuffix data -- Daniel Kahn Gillmor <dkg(a)fifthhorseman.net> Wed, 13 Mar 2019 10:20:24 -0400 publicsuffix (20181030.1007-0+deb9u1) stretch; urgency=medium * new upstream publicsuffix data -- Daniel Kahn Gillmor <dkg(a)fifthhorseman.net> Thu, 01 Nov 2018 20:58:10 -0400 --- Modifications pour python-cryptography (python3-cryptography python-cryptography) --- python-cryptography (1.7.1-3+deb9u1) stretch; urgency=medium * Remove BIO_callback_ctrl: The prototype differs with the OpenSSL's definition of it after it was changed (fixed) within OpenSSL. It has no users. -- Sebastian Andrzej Siewior <sebastian(a)breakpoint.cc> Sun, 02 Sep 2018 15:17:35 +0200 --- Modifications pour python-pip (python-pip python-pip-whl) --- python-pip (9.0.1-2+deb9u1) stretch; urgency=medium * Team upload. * Add Properly_catch_requests_HTTPError_in_index.py.patch, which fixes --extra-index-url results in "HTTPError: 404 Client Error: NOT FOUND". The patch makes works even with the unbundled requests. (Closes: #837764). -- Thomas Goirand <zigo(a)debian.org> Sun, 31 Mar 2019 00:02:11 +0100 --- Modifications pour rsync --- rsync (3.1.2-1+deb9u2) stretch; urgency=medium * Apply CVEs from 2016 to the zlib code. closes:#924509 -- Paul Slootman <paul(a)debian.org> Fri, 15 Mar 2019 11:39:50 +0100 --- Modifications pour unzip --- unzip (6.0-21+deb9u1) stretch; urgency=medium * Fix buffer overflow in password protected ZIP archives. Closes: #889838. Patch borrowed from SUSE. For reference, this is CVE-2018-1000035. -- Santiago Vila <sanvila(a)debian.org> Wed, 17 Apr 2019 21:23:40 +0200 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on nonagon.federez.net -- apticron

5 années, 12 mois

2 Debian package update(s) for nonagon.federez.net

par club-federez＠crans.org

apticron report [Sat, 20 Apr 2019 18:49:12 +0200] ======================================================================== apticron has detected that some packages need upgrading on: nonagon.federez.net [ 185.230.78.42 2a0c:700:0:23:67:e5ff:fee9:3 ] The following packages are currently pending an upgrade: libruby2.3 2.3.3-1+deb9u6 ruby2.3 2.3.3-1+deb9u6 ======================================================================== Package Details: apt-listchanges : Lecture des fichiers de modifications (« changelog »)... apt-listchanges : journaux des modifications (« changelogs ») ------------------------------------------------------------- --- Modifications pour ruby2.3 (libruby2.3 ruby2.3) --- ruby2.3 (2.3.3-1+deb9u6) stretch-security; urgency=medium * CVE-2019-8320, CVE-2019-8321, CVE-2019-8322, CVE-2019-8323, CVE-2019-8324 * CVE-2019-8325 -- Moritz Mühlenhoff <jmm(a)debian.org> Fri, 12 Apr 2019 20:28:46 +0200 ruby2.3 (2.3.3-1+deb9u5) stretch; urgency=medium * Backport upstream patches to fix FTBFS due to expired SSL certificate and timezone changes (Closes: #919999) - imap: update test certificate - timezone changes for Japan and Kiritimati * test/ruby/test_gc.rb: skip entirely; some tests in there can fail unpredictably on buildds (Closes: #912740) -- Antonio Terceiro <terceiro(a)debian.org> Sat, 23 Feb 2019 18:31:45 -0300 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on nonagon.federez.net -- apticron

6 années

2 Debian package update(s) for nonagon.federez.net

par club-federez＠crans.org

apticron report [Fri, 19 Apr 2019 18:49:13 +0200] ======================================================================== apticron has detected that some packages need upgrading on: nonagon.federez.net [ 185.230.78.42 2a0c:700:0:23:67:e5ff:fee9:3 ] The following packages are currently pending an upgrade: libruby2.3 2.3.3-1+deb9u6 ruby2.3 2.3.3-1+deb9u6 ======================================================================== Package Details: apt-listchanges : Lecture des fichiers de modifications (« changelog »)... apt-listchanges : journaux des modifications (« changelogs ») ------------------------------------------------------------- --- Modifications pour ruby2.3 (libruby2.3 ruby2.3) --- ruby2.3 (2.3.3-1+deb9u6) stretch-security; urgency=medium * CVE-2019-8320, CVE-2019-8321, CVE-2019-8322, CVE-2019-8323, CVE-2019-8324 * CVE-2019-8325 -- Moritz Mühlenhoff <jmm(a)debian.org> Fri, 12 Apr 2019 20:28:46 +0200 ruby2.3 (2.3.3-1+deb9u5) stretch; urgency=medium * Backport upstream patches to fix FTBFS due to expired SSL certificate and timezone changes (Closes: #919999) - imap: update test certificate - timezone changes for Japan and Kiritimati * test/ruby/test_gc.rb: skip entirely; some tests in there can fail unpredictably on buildds (Closes: #912740) -- Antonio Terceiro <terceiro(a)debian.org> Sat, 23 Feb 2019 18:31:45 -0300 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on nonagon.federez.net -- apticron

6 années

Cron <root@nonagon> if test -x /usr/sbin/apticron; then /usr/sbin/apticron --cron; else true; fi

par club-federez＠crans.org

W: Impossible de récupérer http://http.debian.net/debian/dists/stretch-backports/InRelease Connexion à http.debian.net: 80 (130.89.148.14) impossible, délai de connexion dépassé [IP : 130.89.148.14 80] W: Le téléchargement de quelques fichiers d'index a échoué, ils ont été ignorés, ou les anciens ont été utilisés à la place.

6 années

2 Debian package update(s) for nonagon.federez.net

par club-federez＠crans.org

apticron report [Thu, 18 Apr 2019 19:03:08 +0200] ======================================================================== apticron has detected that some packages need upgrading on: nonagon.federez.net [ 185.230.78.42 2a0c:700:0:23:67:e5ff:fee9:3 ] The following packages are currently pending an upgrade: libruby2.3 2.3.3-1+deb9u6 ruby2.3 2.3.3-1+deb9u6 ======================================================================== Package Details: apt-listchanges : Lecture des fichiers de modifications (« changelog »)... apt-listchanges : journaux des modifications (« changelogs ») ------------------------------------------------------------- --- Modifications pour ruby2.3 (libruby2.3 ruby2.3) --- ruby2.3 (2.3.3-1+deb9u6) stretch-security; urgency=medium * CVE-2019-8320, CVE-2019-8321, CVE-2019-8322, CVE-2019-8323, CVE-2019-8324 * CVE-2019-8325 -- Moritz Mühlenhoff <jmm(a)debian.org> Fri, 12 Apr 2019 20:28:46 +0200 ruby2.3 (2.3.3-1+deb9u5) stretch; urgency=medium * Backport upstream patches to fix FTBFS due to expired SSL certificate and timezone changes (Closes: #919999) - imap: update test certificate - timezone changes for Japan and Kiritimati * test/ruby/test_gc.rb: skip entirely; some tests in there can fail unpredictably on buildds (Closes: #912740) -- Antonio Terceiro <terceiro(a)debian.org> Sat, 23 Feb 2019 18:31:45 -0300 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on nonagon.federez.net -- apticron

6 années

2 Debian package update(s) for nonagon.federez.net

par club-federez＠crans.org

apticron report [Wed, 17 Apr 2019 18:49:13 +0200] ======================================================================== apticron has detected that some packages need upgrading on: nonagon.federez.net [ 185.230.78.42 2a0c:700:0:23:67:e5ff:fee9:3 ] The following packages are currently pending an upgrade: libruby2.3 2.3.3-1+deb9u6 ruby2.3 2.3.3-1+deb9u6 ======================================================================== Package Details: apt-listchanges : Lecture des fichiers de modifications (« changelog »)... apt-listchanges : journaux des modifications (« changelogs ») ------------------------------------------------------------- --- Modifications pour ruby2.3 (libruby2.3 ruby2.3) --- ruby2.3 (2.3.3-1+deb9u6) stretch-security; urgency=medium * CVE-2019-8320, CVE-2019-8321, CVE-2019-8322, CVE-2019-8323, CVE-2019-8324 * CVE-2019-8325 -- Moritz Mühlenhoff <jmm(a)debian.org> Fri, 12 Apr 2019 20:28:46 +0200 ruby2.3 (2.3.3-1+deb9u5) stretch; urgency=medium * Backport upstream patches to fix FTBFS due to expired SSL certificate and timezone changes (Closes: #919999) - imap: update test certificate - timezone changes for Japan and Kiritimati * test/ruby/test_gc.rb: skip entirely; some tests in there can fail unpredictably on buildds (Closes: #912740) -- Antonio Terceiro <terceiro(a)debian.org> Sat, 23 Feb 2019 18:31:45 -0300 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on nonagon.federez.net -- apticron

6 années

apt-listchanges : nouveautés pour nonagon

par club-federez＠crans.org

openssl (1.1.1-2) unstable; urgency=medium Following various security recommendations, the default minimum TLS version has been changed from TLSv1 to TLSv1.2. Mozilla, Microsoft, Google and Apple plan to do same around March 2020. The default security level for TLS connections has also be increased from level 1 to level 2. This moves from the 80 bit security level to the 112 bit security level and will require 2048 bit or larger RSA and DHE keys, 224 bit or larger ECC keys, and SHA-2. The system wide settings can be changed in /etc/ssl/openssl.cnf. Applications might also have a way to override the defaults. In the default /etc/ssl/openssl.cnf there is a MinProtocol and CipherString line. The CipherString can also sets the security level. Information about the security levels can be found in the SSL_CTX_set_security_level(3ssl) manpage. The list of valid strings for the minimum protocol version can be found in SSL_CONF_cmd(3ssl). Other information can be found in ciphers(1ssl) and config(5ssl). Changing back the defaults in /etc/ssl/openssl.cnf to previous system wide defaults can be done using: MinProtocol = None CipherString = DEFAULT It's recommended that you contact the remote site in case the defaults cause problems. -- Kurt Roeckx <kurt(a)roeckx.be> Sun, 28 Oct 2018 20:58:35 +0100

6 années

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

Monitoring Avril 2019