[Monitoring] 24 Debian package update(s) for quigon.federez.net

apticron report [Fri, 23 Feb 2018 22:38:06 +0100] ======================================================================== apticron has detected that some packages need upgrading on: quigon.federez.net [ 160.228.155.65 ] The following packages are currently pending an upgrade: cpp-6 6.3.0-18+deb9u1 g++-6 6.3.0-18+deb9u1 gcc-6 6.3.0-18+deb9u1 gcc-6-base 6.3.0-18+deb9u1 libasan3 6.3.0-18+deb9u1 libatomic1 6.3.0-18+deb9u1 libcc1-0 6.3.0-18+deb9u1 libcilkrts5 6.3.0-18+deb9u1 libgcc1 1:6.3.0-18+deb9u1 libgcc-6-dev 6.3.0-18+deb9u1 libgfortran3 6.3.0-18+deb9u1 libgomp1 6.3.0-18+deb9u1 libitm1 6.3.0-18+deb9u1 liblsan0 6.3.0-18+deb9u1 libmpx2 6.3.0-18+deb9u1 libobjc4 6.3.0-18+deb9u1 libquadmath0 6.3.0-18+deb9u1 libstdc++6 6.3.0-18+deb9u1 libstdc++-6-dev 6.3.0-18+deb9u1 libtsan0 6.3.0-18+deb9u1 libubsan0 6.3.0-18+deb9u1 linux-image-4.9.0-6-amd64 4.9.82-1+deb9u2 linux-image-amd64 4.9+80+deb9u4 linux-libc-dev 4.9.82-1+deb9u2 ======================================================================== Package Details: apt-listchanges : Lecture des fichiers de modifications (« changelog »)... apt-listchanges : journaux des modifications (« changelogs ») ------------------------------------------------------------- --- Modifications pour linux (linux-libc-dev) --- linux (4.9.82-1+deb9u2) stretch-security; urgency=high * [x86] linux-headers: use correct version in linux-compiler-gcc-6-x86 dependency. -- Yves-Alexis Perez &lt;corsac(a)debian.org&gt; Wed, 21 Feb 2018 16:29:03 +0100 linux (4.9.82-1+deb9u1) stretch-security; urgency=high [ Yves-Alexis Perez ] * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.81 - [powerpc*] powerpc/64s: Add support for RFI flush of L1-D cache (CVE-2017-5754, Meltdown) - [powerpc*] powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti - [powerpc*] powerpc/64s: Allow control of RFI flush via debugfs - [x86] kaiser: fix intel_bts perf crashes - [x86] x86/pti: Make unpoison of pgd for trusted boot work for real - kaiser: allocate pgd with order 0 when pti=off - serial: core: mark port as initialized after successful IRQ change - ip6mr: fix stale iterator - net: igmp: add a missing rcu locking section - qlcnic: fix deadlock bug - tcp: release sk_frag.page in tcp_disconnect - soreuseport: fix mem leak in reuseport_add_sock() - KEYS: encrypted: fix buffer overread in valid_master_desc() - [x86] x86/retpoline: Remove the esp/rsp thunk - [x86] KVM: x86: Make indirect calls in emulator speculation safe (CVE-2017-5715, Spectre#2) - KVM: VMX: Make indirect call speculation safe - module/retpoline: Warn about missing retpoline in module - [x86] x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown - [x86] x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes - [x86] x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support - [x86] x86/entry/64: Remove the SYSCALL64 fast path - [x86] x86/asm: Move 'status' from thread_struct to thread_info - Documentation: Document array_index_nospec - [x86] x86: Implement array_index_mask_nospec - [x86] x86: Introduce barrier_nospec - [x86] x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec - [x86] x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec - [x86] x86/get_user: Use pointer masking to limit speculation - [x86] x86/syscall: Sanitize syscall table de-references under speculation - vfs, fdtable: Prevent bounds-check bypass via speculative execution (CVE-2017-5753, Spectre#1) - nl80211: Sanitize array index in parse_txq_params (CVE-2017-5753, Spectre#1) - [x86] x86/spectre: Report get_user mitigation for spectre_v1 - x86/paravirt: Remove 'noreplace-paravirt' cmdline option - x86/kvm: Update spectre-v1 mitigation (CVE-2017-5753, Spectre#1) - KVM: nVMX: mark vmcs12 pages dirty on L2 exit - KVM/x86: Add IBPB support (CVE-2017-5715, Spectre#2) - KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES - KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL - KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL - [x86] x86/microcode: Do the family check first * [x86] Rewrite "Make x32 syscall support conditional on a kernel parameter" to use a static key * [x86] linux-compiler-gcc-6-x86: Add versioned dependency on gcc-6 for retpoline support * [powerpc] powerpc/64s: Simple RFI macro conversions (fix FTBFS) * Add myself to Uploaders since I did the last few uploads to Stretch. https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.82 - CIFS: zero sensitive data when freeing - posix-timer: Properly check sigevent->sigev_notify - dccp: CVE-2017-8824: use-after-free in DCCP code - media: dvb-usb-v2: lmedm04: Improve logic checking of warm start - media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner - ubi: fastmap: Erase outdated anchor PEBs during attach - ubi: block: Fix locking for idr_alloc/idr_remove - nsfs: mark dentry with DCACHE_RCUACCESS - media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic - crypto: caam - fix endless loop when DECO acquire fails - crypto: sha512-mb - initialize pending lengths correctly - KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2 - KVM: arm/arm64: Handle CPU_PM_ENTER_FAILED - media: dvb-frontends: fix i2c access helpers for KASAN - media: ts2020: avoid integer overflows on 32 bit machines - fs/proc/kcore.c: use probe_kernel_read() instead of memcpy() - kernel/relay.c: revert "kernel/relay.c: fix potential memory leak" - pipe: actually allow root to exceed the pipe buffer limits - ACPI: sbshc: remove raw pointer from printk() message (CVE-2018-5750) - acpi, nfit: fix register dimm error handling * Remove patches included in 4.9.82 * Bump ABI to 6, remove all ignored ABI changes since ABI 5. * Remove all patches handling or reverting ABI changes. * [x86] linux-headers: Depend on updated linux-compiler-gcc-6-x86 for retpoline support. * [x86] Add versioned build-dependency on gcc-6 for retpoline support. * [rt] Update to 4.9.76-rt61 except patches refreshed locally since 4.9.76. * [rt] Add gpg key for Julia Cartwright (0x0A120DD923EEDD5F) to upstream keyring [ Ben Hutchings ] * abiupdate.py: Add support for security mirrors -- Yves-Alexis Perez &lt;corsac(a)debian.org&gt; Mon, 19 Feb 2018 16:10:58 +0100 linux (4.9.80-2) stretch; urgency=medium * scsi: ignore ABI change in hisi_sas. -- Yves-Alexis Perez &lt;corsac(a)debian.org&gt; Fri, 09 Feb 2018 13:58:52 +0100 linux (4.9.80-1) stretch; urgency=medium * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.66 - [s390x] fix transactional execution control register handling - [s390x] runtime instrumention: fix possible memory corruption - [s390x] disassembler: add missing end marker for e7 table - [s390x] disassembler: increase show_code buffer size - ACPI / EC: Fix regression related to triggering source of EC event handling - [x86] mm: fix use-after-free of vma during userfaultfd fault - ipv6: only call ip6_route_dev_notify() once for NETDEV_UNREGISTER - vsock: use new wait API for vsock_stream_sendmsg() - sched: Make resched_cpu() unconditional - lib/mpi: call cond_resched() from mpi_powm() loop - [x86] decoder: Add new TEST instruction pattern - [arm64] Implement arch-specific pte_access_permitted() - [armhf/armmp-lpae] 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE - [armhf/armmp-lpae] 8721/1: mm: dump: check hardware RO bit for LPAE - [arm64] PCI: Set Cavium ACS capability quirk flags to assert RR/CR/SV/UF - dm bufio: fix integer overflow when limiting maximum cache size - dm: allocate struct mapped_device with kvzalloc - [mips*] pci: Remove KERN_WARN instance inside the mt7620 driver - dm: fix race between dm_get_from_kobject() and __dm_destroy() - [mips*] Fix odd fp register warnings with MIPS64r2 - [mips*] Fix an n32 core file generation regset support regression - rt2x00usb: mark device removed when get ENOENT usb error - autofs: don't fail mount for transient error - nilfs2: fix race condition that causes file system corruption - eCryptfs: use after free in ecryptfs_release_messaging() - libceph: don't WARN() if user tries to add invalid key - bcache: check ca->alloc_thread initialized before wake up it - isofs: fix timestamps beyond 2027 - NFS: Fix typo in nomigration mount option - nfs: Fix ugly referral attributes - NFS: Avoid RCU usage in tracepoints - nfsd: deal with revoked delegations appropriately - rtlwifi: rtl8192ee: Fix memory leak when loading firmware - rtlwifi: fix uninitialized rtlhal->last_suspend_sec time - ata: fixes kernel crash while tracing ata_eh_link_autopsy event - ext4: fix interaction between i_size, fallocate, and delalloc after a crash - ALSA: pcm: update tstamp only if audio_tstamp changed - ALSA: usb-audio: Add sanity checks to FE parser - ALSA: usb-audio: Fix potential out-of-bound access at parsing SU - ALSA: usb-audio: Add sanity checks in v2 clock parsers - ALSA: timer: Remove kernel warning at compat ioctl error paths - ALSA: hda: Fix too short HDMI/DP chmap reporting - ALSA: hda/realtek - Fix ALC700 family no sound issue - fix a page leak in vhost_scsi_iov_to_sgl() error recovery - fs/9p: Compare qid.path in v9fs_test_inode - iscsi-target: Fix non-immediate TMR reference leak - target: Fix QUEUE_FULL + SCSI task attribute handling - [armhf] mtd: nand: omap2: Fix subpage write - mtd: nand: Fix writing mtdoops to nand flash. - mtd: nand: mtk: fix infinite ECC decode IRQ issue - p54: don't unregister leds when they are not initialized - block: Fix a race between blk_cleanup_queue() and timeout handling - [armhf,arm64] irqchip/gic-v3: Fix ppi-partitions lookup - lockd: double unregister of inetaddr notifiers - [x86] KVM: nVMX: set IDTR and GDTR limits when loading L1 host state - [x86] KVM: SVM: obey guest PAT - SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status - [armhf] clk: ti: dra7-atl-clock: fix child-node lookups - libnvdimm, pfn: make 'resource' attribute only readable by root - libnvdimm, namespace: fix label initialization to use valid seq numbers - libnvdimm, namespace: make 'resource' attribute only readable by root - IB/srpt: Do not accept invalid initiator port names - IB/srp: Avoid that a cable pull can trigger a kernel crash - NFC: fix device-allocation error return - fm10k,i40e,i40evf,igb,igbvf,ixgbe,ixgbevf: Use smp_rmb rather than read_barrier_depends - [powerpc*] signal: Properly handle return value from uprobe_deny_signal() - media: Don't do DMA on stack for firmware upload in the AS102 driver - media: rc: check for integer overflow - media: v4l2-ctrl: Fix flags field on Control events - sched/rt: Simplify the IPI based RT balancing logic - fscrypt: lock mutex before checking for bounce page pool - net/9p: Switch to wait_event_killable() - PM / OPP: Add missing of_node_put(np) - [x86] Revert "drm/i915: Do not rely on wm preservation for ILK watermarks" closes: #884001 - e1000e: Fix error path in link detection - e1000e: Fix return value test - e1000e: Separate signaling for link check/link up - e1000e: Avoid receiver overrun interrupt bursts - RDS: make message size limit compliant with spec - RDS: RDMA: return appropriate error on rdma map failures - RDS: RDMA: fix the ib_map_mr_sg_zbva() argument - PCI: Apply _HPX settings only to relevant devices - [armhf] clk: sunxi-ng: A31: Fix spdif clock register - [armhf] clk: sunxi-ng: fix PLL_CPUX adjusting on A33 - fscrypt: use ENOKEY when file cannot be created w/o key - fscrypt: use ENOTDIR when setting encryption policy on nondirectory - net: Allow IP_MULTICAST_IF to set index to L3 slave - net: 3com: typhoon: typhoon_init_one: fix incorrect return values - rt2800: set minimum MPDU and PSDU lengths to sane values - adm80211: return an error if adm8211_alloc_rings() fails - mwifiex: sdio: fix use after free issue for save_adapter - ath10k: fix incorrect txpower set by P2P_DEVICE interface - ath10k: ignore configuring the incorrect board_id - ath10k: fix potential memory leak in ath10k_wmi_tlv_op_pull_fw_stats() - bnxt_en: Set default completion ring for async events. - ath10k: set CTS protection VDEV param only if VDEV is up - ALSA: hda - Apply ALC269_FIXUP_NO_SHUTUP on HDA_FIXUP_ACT_PROBE - drm: Apply range restriction after color adjustment when allocation - [arm64] clk: qcom: ipq4019: Add all the frequencies for apss cpu - mac80211: Remove invalid flag operations in mesh TSF synchronization - mac80211: Suppress NEW_PEER_CANDIDATE event if no room - adm80211: add checks for dma mapping errors - iio: light: fix improper return value - netfilter: nft_queue: use raw_smp_processor_id() - netfilter: nf_tables: fix oob access - [armel,armhf] crypto: marvell - Copy IVDIG before launching partial DMA ahash requests - btrfs: return the actual error value from from btrfs_uuid_tree_iterate - [s390x] kbuild: enable modversions for symbols exported from asm - cec: when canceling a message, don't overwrite old status info - cec: CEC_MSG_GIVE_FEATURES should abort for CEC version < 2 - cec: update log_addr[] before finishing configuration - nvmet: fix KATO offset in Set Features - xen: xenbus driver must not accept invalid transaction ids https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.67 - [armhf] dts: LogicPD Torpedo: Fix camera pin mux - [armhf] dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio - mm/cma: fix alloc_contig_range ret code/potential leak - mm, hugetlbfs: introduce ->split() to vm_operations_struct - mm/madvise.c: fix madvise() infinite loop under special circumstances - btrfs: clear space cache inode generation always - nfsd: Fix stateid races between OPEN and CLOSE - nfsd: Fix another OPEN stateid race - nfsd: fix panic in posix_unblock_lock called from nfs4_laundromat - [armhf] mfd: twl4030-power: Fix pmic for boards that need vmmc1 on reboot - [armhf] OMAP2+: Fix WL1283 Bluetooth Baud Rate - [x86] KVM: pvclock: Handle first-time write to pvclock-page contains random junk - [x86] KVM: Exit to user-mode on #UD intercept when emulator requires - [x86] KVM: inject exceptions produced by x86_decode_insn - [x86] KVM: lapic: Split out x2apic ldr calculation - [x86] KVM: lapic: Fixup LDR on load in x2apic - mmc: core: Do not leave the block driver in a suspended state - mmc: core: prepend 0x to OCR entry in sysfs - eeprom: at24: fix reading from 24MAC402/24MAC602 - eeprom: at24: correctly set the size for at24mac402 - eeprom: at24: check at24_read/write arguments - [x86,alpha] i2c: i801: Fix Failed to allocate irq -2147483648 error - hwmon: (jc42) optionally try to disable the SMBUS timeout - nvme-pci: add quirk for delay before CHK RDY for WDC SN200 - Revert "drm/radeon: dont switch vt on suspend" - drm/amdgpu: potential uninitialized variable in amdgpu_vce_ring_parse_cs() - drm/amdgpu: Potential uninitialized variable in amdgpu_vm_update_directories() - drm/radeon: fix atombios on big endian - [armhf,arm64] drm/panel: simple: Add missing panel_simple_unprepare() calls - [arm64] drm/hisilicon: Ensure LDI regs are properly configured. - drm/ttm: once more fix ttm_buffer_object_transfer - drm/amd/pp: fix typecast error in powerplay. - NFS: revalidate "." etc correctly on "open". - [x86] drm/i915: Don't try indexed reads to alternate slave addresses - [x86] drm/i915: Prevent zero length "index" write https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.68 - bcache: only permit to recovery read error when cache device is clean - bcache: recover data from backing when data is clean - Revert "crypto: caam - get rid of tasklet" - mm, oom_reaper: gather each vma to prevent leaking TLB entry - uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices - usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub - [s390x] runtime instrumentation: simplify task exit handling - ima: fix hash algorithm initialization - [s390x] pci: do not require AIS facility - serial: 8250_fintek: Fix rs485 disablement on invalid ioctl() - staging: rtl8188eu: avoid a null dereference on pmlmepriv - [arm64] mmc: sdhci-msm: fix issue with power irq - serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X - [x86] entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt() - [x86] EDAC, sb_edac: Fix missing break in switch - [armel,armhf] sysrq : fix Show Regs call trace on ARM - usbip: tools: Install all headers needed for libusbip development - [x86] kprobes: Disable preemption in ftrace-based jprobes - iio: adc: ti-ads1015: add 10% to conversion wait time - dax: Avoid page invalidation races and unnecessary radix tree traversals - net/mlx4_en: Fix type mismatch for 32-bit systems - l2tp: take remote address into account in l2tp_ip and l2tp_ip6 socket lookups - usb: gadget: f_fs: Fix ExtCompat descriptor validation - libcxgb: fix error check for ip6_route_output() - [armhf] OMAP2+: Fix WL1283 Bluetooth Baud Rate - vti6: fix device register to report IFLA_INFO_KIND - be2net: fix accesses to unicast list - be2net: fix unicast list filling - net/appletalk: Fix kernel memory disclosure - libfs: Modify mount_pseudo_xattr to be clear it is not a userspace mount - mm: fix remote numa hits statistics - mac80211: calculate min channel width correctly - nfs: Don't take a reference on fl->fl_file for LOCK operation - [armhf,arm64] KVM: Fix occasional warning from the timer work function - mac80211: prevent skb/txq mismatch - NFSv4: Fix client recovery when server reboots multiple times - [x86] perf/intel: Account interrupts for PEBS errors - [powerpc*] mm: Fix memory hotplug BUG() on radix - qla2xxx: Fix wrong IOCB type assumption - drm/amdgpu: fix bug set incorrect value to vce register - net: sctp: fix array overrun read on sctp_timer_tbl - [x86] fpu: Set the xcomp_bv when we fake up a XSAVES area - drm/amdgpu: fix unload driver issue for virtual display - mac80211: don't try to sleep in rate_control_rate_init() - RDMA/qedr: Return success when not changing QP state - RDMA/qedr: Fix RDMA CM loopback - tipc: fix nametbl_lock soft lockup at module exit - tipc: fix cleanup at module unload - [armhf] dmaengine: pl330: fix double lock - tcp: correct memory barrier usage in tcp_check_space() - nvmet: cancel fatal error and flush async work before free controller - gtp: clear DF bit on GTP packet tx - gtp: fix cross netns recv on gtp socket - net: phy: micrel: KSZ8795 do not set SUPPORTED_[Asym_]Pause - [arm64] net: thunderx: avoid dereferencing xcv when NULL - be2net: fix initial MAC setting - [powerpc*] vfio/spapr: Fix missing mutex unlock when creating a window - mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers - xen-netfront: Improve error handling during initialization - cec: initiator should be the same as the destination for, poll - xen-netback: vif counters from int/long to u64 - net: fec: fix multicast filtering hardware setup - dma-buf/dma-fence: Extract __dma_fence_is_later() - dma-buf/sw-sync: Fix the is-signaled test to handle u32 wraparound - dma-buf/sw-sync: Prevent user overflow on timeline advance - dma-buf/sw-sync: sync_pt is private and of fixed size - dma-buf/sw-sync: Fix locking around sync_timeline lists - dma-buf/sw-sync: Use an rbtree to sort fences in the timeline - dma-buf/sw_sync: move timeline_fence_ops around - dma-buf/sw_sync: clean up list before signaling the fence - dma-fence: Clear fence->status during dma_fence_init() - dma-fence: Wrap querying the fence->status - dma-fence: Introduce drm_fence_set_error() helper - dma-buf/sw_sync: force signal all unsignaled fences on dying timeline - dma-buf/sync_file: hold reference to fence when creating sync_file - usb: hub: Cycle HUB power when initialization fails - usb: xhci: fix panic in xhci_free_virt_devices_depth_first - USB: core: Add type-specific length check of BOS descriptors - USB: Increase usbfs transfer limit - USB: devio: Prevent integer overflow in proc_do_submiturb() - USB: usbfs: Filter flags passed in from user space - usb: host: fix incorrect updating of offset - xen-netfront: avoid crashing on resume after a failure in talk_to_netback() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.69 - can: kvaser_usb: free buf in error paths - can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback() - can: kvaser_usb: ratelimit errors if incomplete messages are received - can: kvaser_usb: cancel urb on -EPIPE and -EPROTO - can: ems_usb: cancel urb on -EPIPE and -EPROTO - can: esd_usb2: cancel urb on -EPIPE and -EPROTO - can: usb_8dev: cancel urb on -EPIPE and -EPROTO - virtio: release virtio index when fail to device_register - [x86] hv: kvp: Avoid reading past allocated blocks from KVP file - isa: Prevent NULL dereference in isa_bus driver callbacks - scsi: dma-mapping: always provide dma_get_cache_alignment - scsi: use dma_get_cache_alignment() as minimum DMA alignment - scsi: libsas: align sata_device's rps_resp on a cacheline - efi: Move some sysfs files to be read-only by root - efi/esrt: Use memunmap() instead of kfree() to free the remapping - ASN.1: fix out-of-bounds read when parsing indefinite length item - ASN.1: check for error from ASN1_OP_END__ACT actions - X.509: reject invalid BIT STRING for subjectPublicKey - X.509: fix comparisons of ->pkey_algo - [x86] PCI: Make broadcom_postcore_init() check acpi_disabled - [x86] KVM: fix APIC page invalidation - btrfs: fix missing error return in btrfs_drop_snapshot - ALSA: pcm: prevent UAF in snd_pcm_info - ALSA: seq: Remove spurious WARN_ON() at timer check - ALSA: usb-audio: Fix out-of-bound error - ALSA: usb-audio: Add check return value for usb_string() - [x86] iommu/vt-d: Fix scatterlist offset handling - smp/hotplug: Move step CPUHP_AP_SMPCFD_DYING to the correct place - [s390x] fix compat system call table - [s390x] KVM: Fix skey emulation permission check - [powerpc*] 64s: Initialize ISAv3 MMU registers before setting partition table - brcmfmac: change driver unbind order of the sdio function devices - media: dvb: i2c transfers over usb cannot be done from stack - [armhf,arm64] KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one - [armhf,arm64] KVM: Fix broken GICH_ELRSR big endian conversion - [armhf,arm64] KVM: vgic-irqfd: Fix MSI entry allocation - [armhf,arm64] KVM: vgic-its: Check result of allocation before use - [arm64] fpsimd: Prevent registers leaking from dead tasks - [armhf] bus: arm-cci: Fix use of smp_processor_id() in preemptible context - usb: f_fs: Force Reserved1=1 in OS_DESC_EXT_COMPAT - [armel,armhf] BUG if jumping to usermode address in kernel mode - [armel,armhf] avoid faulting on qemu - thp: reduce indentation level in change_huge_pmd() - thp: fix MADV_DONTNEED vs. numa balancing race - mm: drop unused pmdp_huge_get_and_clear_notify() - [armel,armhf] 8657/1: uaccess: consistently check object sizes - vti6: Don't report path MTU below IPV6_MIN_MTU. - [armhf] OMAP2+: gpmc-onenand: propagate error on initialization failure - [x86] platform/uv/BAU: Fix HUB errors by remove initial write to sw-ack register - sched/fair: Make select_idle_cpu() more aggressive - [x86] hpet: Prevent might sleep splat on resume - [powerpc*] 64: Invalidate process table caching after setting process table - lirc: fix dead lock between open and wakeup_filter - module: set __jump_table alignment to 8 - [powerpc*] 64: Fix checksum folding in csum_add() - [armhf] OMAP2+: Fix device node reference counts - [armhf] OMAP2+: Release device node after it is no longer needed. - usb: gadget: configs: plug memory leak - USB: gadgetfs: Fix a potential memory leak in 'dev_config()' - [armhf,arm64] usb: dwc3: gadget: Fix system suspend/resume on TI platforms - usb: gadget: udc: net2280: Fix tmp reusage in net2280 driver - [x86] kvm: nVMX: VMCLEAR should not cause the vCPU to shut down - libata: drop WARN from protocol error in ata_sff_qc_issue() - workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq - scsi: qla2xxx: Fix ql_dump_buffer - scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters - [armhf] irqchip/crossbar: Fix incorrect type of register size - [x86] KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset - [armhf,arm64] KVM: Survive unknown traps from guests - [armhf,arm64] KVM: VGIC: Fix command handling while ITS being disabled - bnx2x: prevent crash when accessing PTP with interface down - bnx2x: fix possible overrun of VFPF multicast addresses array - bnx2x: fix detection of VLAN filtering feature for VF - bnx2x: do not rollback VF MAC/VLAN filters we did not configure - rds: tcp: Sequence teardown of listen and acceptor sockets to avoid races - [powerpc*] ibmvnic: Fix overflowing firmware/hardware TX queue - [powerpc*] ibmvnic: Allocate number of rx/tx buffers agreed on by firmware - ipv6: reorder icmpv6_init() and ip6_mr_init() - blk-mq: initialize mq kobjects in blk_mq_init_allocated_queue() - zram: set physical queue limits to avoid array out of bounds accesses - netfilter: don't track fragmented packets - [powerpc*] axonram: Fix gendisk handling - drm/amd/amdgpu: fix console deadlock if late init failed - [powerpc*] powernv/ioda2: Gracefully fail if too many TCE levels requested - [x86] EDAC, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro - [x86] EDAC, i5000, i5400: Fix definition of NRECMEMB register - kbuild: pkg: use --transform option to prefix paths in tar - coccinelle: fix parallel build with CHECK=scripts/coccicheck - mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl() - gre6: use log_ecn_error module parameter in ip6_tnl_rcv() - route: also update fnhe_genid when updating a route cache - route: update fnhe_expires for redirect when the fnhe exists - NFS: Fix a typo in nfs_rename() - sunrpc: Fix rpc_task_begin trace point - xfs: fix forgotten rcu read unlock when skipping inode reclaim - block: wake up all tasks blocked in get_request() - zsmalloc: calling zs_map_object() from irq is a bug - sctp: do not free asoc when it is already dead in sctp_sendmsg - sctp: use the right sk after waking up from wait_buf sleep - bpf: fix lockdep splat - atm: horizon: Fix irq release error - xfrm: Copy policy family in clone_policy - IB/mlx4: Increase maximal message size under UD QP - IB/mlx5: Assign send CQ and recv CQ of UMR QP - afs: Connect up the CB.ProbeUuid https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.70 - [s390x] qeth: fix early exit from error path - tipc: fix memory leak in tipc_accept_from_sock() - rds: Fix NULL pointer dereference in __rds_rdma_map - sit: update frag_off info - packet: fix crash in fanout_demux_rollover() - net/packet: fix a race in packet_bind() and packet_notifier() - usbnet: fix alignment for frames with no ethernet header - stmmac: reset last TSO segment size after device open - tcp/dccp: block bh before arming time_wait timer - [s390x] qeth: build max size GSO skbs on L2 devices - [s390x] qeth: fix GSO throughput regression - [s390x] qeth: fix thinko in IPv4 multicast address tracking - tipc: call tipc_rcv() only if bearer is up in tipc_udp_recv() - Fix handling of verdicts after NF_QUEUE - ipmi: Stop timers before cleaning up the module - [s390x] always save and restore all registers on context switch - usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping - fix kcm_clone() - [armhf,arm64] KVM: vgic-its: Preserve the revious read from the pending table - [powerpc*] 64: Fix checksum folding in csum_tcpudp_nofold and ip_fast_csum_nofold - kbuild: do not call cc-option before KBUILD_CFLAGS initialization - ipvlan: fix ipv6 outbound device - audit: ensure that 'audit=1' actually enables audit for PID 1 - md: free unused memory after bitmap resize - RDMA/cxgb4: Annotate r2 and stag as __be32 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71 - mfd: fsl-imx25: Clean up irq settings during removal - crypto: rsa - fix buffer overread when stripping leading zeroes - autofs: fix careless error in recent commit - tracing: Allocate mask_str buffer dynamically - USB: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID - usbip: fix stub_rx: get_pipe() to validate endpoint number (CVE-2017-16912) - usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input (CVE-2017-16913) - usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer (CVE-2017-16914) - ceph: drop negative child dentries before try pruning inode's alias - usb: xhci: fix TDS for MTK xHCI1.1 - xhci: Don't add a virt_dev to the devs array before it's fully allocated - nfs: don't wait on commit in nfs_commit_inode() if there were no commit requests - sched/rt: Do not pull from current CPU if only one CPU to pull - eeprom: at24: change nvmem stride to 1 - dmaengine: dmatest: move callback wait queue to thread context - ext4: fix fdatasync(2) after fallocate(2) operation - ext4: fix crash when a directory's i_size is too small - mac80211: Fix addition of mesh configuration element - [x86] KVM: nVMX: do not warn when MSR bitmap address is not backed - md-cluster: free md_cluster_info if node leave cluster - userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE - userfaultfd: selftest: vm: allow to build in vm/ directory - net: initialize msg.msg_flags in recvfrom - bnxt_en: Ignore 0 value in autoneg supported speed from firmware. - net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values - net: bcmgenet: correct MIB access of UniMAC RUNT counters - net: bcmgenet: reserved phy revisions must be checked first - net: bcmgenet: power down internal phy if open or resume fails - net: bcmgenet: synchronize irq0 status between the isr and task - net: bcmgenet: Power up the internal PHY before probing the MII - rxrpc: Wake up the transmitter if Rx window size increases on the peer - net/mlx5: Fix create autogroup prev initializer - net/mlx5: Don't save PCI state when PCI error is detected - drm/amdgpu: fix parser init error path to avoid crash in parser fini - NFSD: fix nfsd_minorversion(.., NFSD_AVAIL) - NFSD: fix nfsd_reset_versions for NFSv4. - [armhf] drm/omap: fix dmabuf mmap for dma_alloc'ed buffers - netfilter: bridge: honor frag_max_size when refragmenting - blk-mq: Fix tagset reinit in the presence of cpu hot-unplug - writeback: fix memory leak in wb_queue_work() - net: wimax/i2400m: fix NULL-deref at probe - dmaengine: Fix array index out of bounds warning in __get_unmap_pool() - irqchip/mvebu-odmi: Select GENERIC_MSI_IRQ_DOMAIN - net: Resend IGMP memberships upon peer notification. - qed: Align CIDs according to DORQ requirement - qed: Fix mapping leak on LL2 rx flow - qed: Fix interrupt flags on Rx LL2 - scsi: hpsa: update check for logical volume status - scsi: hpsa: limit outstanding rescans - scsi: hpsa: do not timeout reset operations - fjes: Fix wrong netdevice feature flags - drm/radeon/si: add dpm quirk for Oland - [x86] Drivers: hv: util: move waiting for release to hv_utils_transport itself - iwlwifi: mvm: cleanup pending frames in DQA mode - sched/deadline: Add missing update_rq_clock() in dl_task_timer() - sched/deadline: Make sure the replenishment timer fires in the next period - sched/deadline: Throttle a constrained deadline task activated after the deadline - sched/deadline: Use deadline instead of period when calculating overflow - drm/radeon: reinstate oland workaround for sclk - afs: Fix missing put_page() - afs: Populate group ID from vnode status - afs: Adjust mode bits processing - afs: Deal with an empty callback array - afs: Flush outstanding writes when an fd is closed - afs: Migrate vlocation fields to 64-bit - afs: Prevent callback expiry timer overflow - afs: Fix the maths in afs_fs_store_data() - afs: Invalid op ID should abort with RXGEN_OPCODE - afs: Better abort and net error handling - afs: Populate and use client modification time - afs: Fix page leak in afs_write_begin() - afs: Fix afs_kill_pages() - afs: Fix abort on signal while waiting for call completion - nvme-loop: fix a possible use-after-free when destroying the admin queue - nvmet: confirm sq percpu has scheduled and switched to atomic - nvmet-rdma: Fix a possible uninitialized variable dereference - net/mlx4_core: Avoid delays during VF driver device shutdown - net: mpls: Fix nexthop alive tracking on down events - rxrpc: Ignore BUSY packets on old calls - tty: don't panic on OOM in tty_set_ldisc() - tty: fix data race in tty_ldisc_ref_wait() - perf symbols: Fix symbols__fixup_end heuristic for corner cases - efi/esrt: Cleanup bad memory map log messages - NFSv4.1 respect server's max size in CREATE_SESSION - btrfs: add missing memset while reading compressed inline extents - target: Use system workqueue for ALUA transitions - target: fix ALUA transition timeout handling - target: fix race during implicit transition work flushes - [x86] Revert "x86/acpi: Set persistent cpuid <-> nodeid mapping when booting" - HID: cp2112: fix broken gpio_direction_input callback - sfc: don't warn on successful change of MAC - video: udlfb: Fix read EDID timeout - rtc: pcf8563: fix output clock rate - [x86] ASoC: Intel: Skylake: Fix uuid_module memory leak in failure case - [armhf] dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type - PCI/PME: Handle invalid data when reading Root Status - powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo - PCI: Do not allocate more buses than available in parent - netfilter: ipvs: Fix inappropriate output of procfs - [powerpc*] opal: Fix EBUSY bug in acquiring tokens - [powerpc*] ipic: Fix status get and status clear - [x86] platform: intel_punit_ipc: Fix resource ioremap warning - target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd() - iscsi-target: fix memory leak in lio_target_tiqn_addtpg() - target:fix condition return in core_pr_dump_initiator_port() - target/file: Do not return error for UNMAP if length is zero - badblocks: fix wrong return value in badblocks_set if badblocks are disabled - [x86] iommu/amd: Limit the IOVA page range to the specified addresses - xfs: truncate pagecache before writeback in xfs_setattr_size() - crypto: tcrypt - fix buffer lengths in test_aead_speed() - mm: Handle 0 flags in _calc_vm_trans() macro - [armhf] clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU - [arm64] clk: hi6220: mark clock cs_atb_syspll as critical - [armhf,arm64] clk: tegra: Fix cclk_lp divisor register - ppp: Destroy the mutex when cleanup - thermal/drivers/step_wise: Fix temperature regulation misbehavior - scsi: scsi_debug: write_same: fix error report - GFS2: Take inode off order_write list when setting jdata flag - bcache: explicitly destroy mutex while exiting - bcache: fix wrong cache_misses statistics - Ib/hfi1: Return actual operational VLs in port info query - [x86] platform: hp_accel: Add quirk for HP ProBook 440 G4 - nvme: use kref_get_unless_zero in nvme_find_get_ns - l2tp: cleanup l2tp_tunnel_delete calls - xfs: fix log block underflow during recovery cycle verification - xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real - RDMA/cxgb4: Declare stag as __be32 - PCI: Detach driver before procfs & sysfs teardown on device remove - scsi: hpsa: cleanup sas_phy structures in sysfs when unloading - scsi: hpsa: destroy sas transport properties before scsi_host - [powerpc*] perf/hv-24x7: Fix incorrect comparison in memord - tty fix oops when rmmod 8250 - raid5: Set R5_Expanded on parity devices as well as data. - scsi: scsi_devinfo: Add REPORTLUN2 to EMC SYMMETRIX blacklist entry - IB/core: Fix calculation of maximum RoCE MTU - vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend - rtl8188eu: Fix a possible sleep-in-atomic bug in rtw_createbss_cmd - rtl8188eu: Fix a possible sleep-in-atomic bug in rtw_disassoc_cmd - scsi: sd: change manage_start_stop to bool in sysfs interface - scsi: sd: change allow_restart to bool in sysfs interface - scsi: bfa: integer overflow in debugfs - udf: Avoid overflow when session starts at large offset - macvlan: Only deliver one copy of the frame to the macvlan interface - RDMA/cma: Avoid triggering undefined behavior - IB/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop - icmp: don't fail on fragment reassembly time exceeded - ath9k: fix tx99 potential info leak https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.72 - cxl: Check if vphb exists before iterating over AFU devices - [arm64] Initialise high_memory global variable earlier - kvm: fix usage of uninit spinlock in avic_vm_destroy() - [armhf] kprobes: Fix the return address of multiple kretprobes - [armhf] kprobes: Align stack to 8-bytes in test code - nvme-loop: handle cpu unplug when re-establishing the controller - cpuidle: Validate cpu_dev in cpuidle_add_sysfs() - r8152: fix the list rx_done may be used without initialization - crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex - vsock: track pkt owner vsock - vhost-vsock: add pkt cancel capability - vsock: cancel packets when failing to connect - sch_dsmark: fix invalid skb_cow() usage - bna: integer overflow bug in debugfs - sctp: out_qlen should be updated when pruning unsent queue - usb: gadget: f_uvc: Sanity check wMaxPacketSize for SuperSpeed - usb: gadget: udc: remove pointer dereference after free - netfilter: nfnl_cthelper: fix runtime expectation policy updates - netfilter: nfnl_cthelper: Fix memory leak - [armhf] iommu/exynos: Workaround FLPD cache flush issues for SYSMMU v5 - r8152: fix the rx early size of RTL8153 - tipc: fix nametbl deadlock at tipc_nametbl_unsubscribe - inet: frag: release spinlock before calling icmp_send() - scsi: lpfc: Fix PT2PT PRLI reject - [x86] kvm: vmx: Flush TLB when the APIC-access address changes - [x86] KVM: correct async page present tracepoint - [x86] KVM: VMX: Fix enable VPID conditions - [armhf] dts: ti: fix PCI bus dtc warnings - [x86] hwmon: (asus_atk0110) fix uninitialized data access - HID: xinmo: fix for out of range for THT 2P arcade controller. - ASoC: STI: Fix reader substream pointer set - r8152: prevent the driver from transmitting packets with carrier off - [s390x] qeth: size calculation outbound buffers - [s390x] qeth: no ETH header for outbound AF_IUCV - bna: avoid writing uninitialized data into hw registers - i40iw: Receive netdev events post INET_NOTIFIER state - IB/core: Protect against self-requeue of a cq work item - infiniband: Fix alignment of mmap cookies to support VIPT caching - nbd: set queue timeout properly - net: Do not allow negative values for busy_read and busy_poll sysctl interfaces - IB/rxe: double free on error - IB/rxe: increment msn only when completing a request - i40e: Do not enable NAPI on q_vectors that have no rings - RDMA/iser: Fix possible mr leak on device removal event - irda: vlsi_ir: fix check for DMA mapping errors - netfilter: nfnl_cthelper: fix a race when walk the nf_ct_helper_hash table - netfilter: nf_nat_snmp: Fix panic when snmp_trap_helper fails to register - [armhf] dts: am335x-evmsk: adjust mmc2 param to allow suspend - cpufreq: Fix creation of symbolic links to policy directories - net: ipconfig: fix ic_close_devs() use-after-free - [x86] KVM: pci-assign: do not map smm memory slot pages in vt-d page tables - virtio-balloon: use actual number of stats for stats queue buffers - virtio_balloon: prevent uninitialized variable use - isdn: kcapi: avoid uninitialized data - xhci: plat: Register shutdown for xhci_plat - netfilter: nfnetlink_queue: fix secctx memory leak - Btrfs: fix an integer overflow check - [armel,armhf] dma-mapping: disallow dma_get_sgtable() for non-kernel managed memory - [powerpc*] cpuidle: powernv: Pass correct drv->cpumask for registration - bnxt_en: Fix NULL pointer dereference in reopen failure path - [armhf,arm64] backlight: pwm_bl: Fix overflow condition - [armhf,arm64] rtc: pl031: make interrupt optional - kvm, mm: account kvm related kmem slabs to kmemcg - net: phy: at803x: Change error to EINVAL for invalid MAC - PCI: Avoid bus reset if bridge itself is broken - scsi: cxgb4i: fix Tx skb leak - scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1 volume created on two SATA drive - PCI: Create SR-IOV virtfn/physfn links before attaching driver - PM / OPP: Move error message to debug level - igb: check memory allocation failure - ixgbe: fix use of uninitialized padding - IB/rxe: check for allocation failure on elem - PCI/AER: Report non-fatal errors only to the affected endpoint - tracing: Exclude 'generic fields' from histograms - fm10k: fix mis-ordered parameters in declaration for .ndo_set_vf_bw - scsi: lpfc: Fix secure firmware updates - scsi: lpfc: PLOGI failures during NPIV testing - vfio/pci: Virtualize Maximum Payload Size - fm10k: ensure we process SM mbx when processing VF mbx - net: ipv6: send NS for DAD when link operationally up - [armhf] clk: sunxi-ng: sun6i: Rename HDMI DDC clock to avoid name collision - tcp: fix under-evaluated ssthresh in TCP Vegas - rtc: set the alarm to the next expiring timer - cpuidle: fix broadcast control when broadcast can not be entered - [arm64] thermal: hisilicon: Handle return value of clk_prepare_enable - [arm64] thermal/drivers/hisi: Fix missing interrupt enablement - [arm64] thermal/drivers/hisi: Fix kernel panic on alarm interrupt - [arm64] thermal/drivers/hisi: Simplify the temperature/step computation - [arm64] thermal/drivers/hisi: Fix multiple alarm interrupts firing - [mips*] math-emu: Fix final emulation phase for certain instructions - [x86] platform: asus-wireless: send an EV_SYN/SYN_REPORT between state changes https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.73 - ACPI: APEI / ERST: Fix missing error handling in erst_reader() - ALSA: rawmidi: Avoid racy info ioctl via ctl device - spi: xilinx: Detect stall with Unknown commands - [x86] KVM: X86: Fix load RFLAGS w/o the fixed bit - [x86] kvm: x86: fix RSM when PCID is non-zero - [armhf] clk: sunxi: sun9i-mmc: Implement reset callback for reset controls - [powerpc*] powerpc/perf: Dereference BHRB entries safely - bpf/verifier: Fix states_equal() comparison of pointer and UNKNOWN https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.74 - tracing: Remove extra zeroing out of the ring buffer page - tracing: Fix possible double free on failure of allocating trace buffer - tracing: Fix crash when it fails to alloc ring buffer - ring-buffer: Mask out the info bits when returning buffer page length - ASoC: wm_adsp: Fix validation of firmware and coeff lengths - [x86] x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly() - [x86] x86/mm: Remove flush_tlb() and flush_tlb_current_task() - [x86] x86/mm: Make flush_tlb_mm_range() more predictable - [x86] x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range() - [x86] x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code - [x86] x86/mm: Disable PCID on 32-bit kernels - [x86] x86/mm: Add the 'nopcid' boot option to turn off PCID - [x86] x86/mm: Enable CR4.PCIDE on supported systems - [amd64] x86/mm/64: Fix reboot interaction with CR4.PCIDE - kbuild: add '-fno-stack-check' to kernel build options - ipv4: igmp: guard against silly MTU values - ipv6: mcast: better catch silly mtu values - ptr_ring: add barriers - RDS: Check cmsg_len before dereferencing CMSG_DATA - tg3: Fix rx hang on MTU change with 5717/5719 - net: ipv4: fix for a race condition in raw_sendmsg - ipv4: Fix use-after-free when flushing FIB tables - net: bridge: fix early call to br_stp_change_bridge_id and plug newlink leaks - net: Fix double free and memory corruption in get_net_ns_by_id() (CVE-2017-15129) - net/mlx5e: Fix possible deadlock of VXLAN lock - net/mlx5e: Prevent possible races in VXLAN control flow - usbip: fix usbip bind writing random string after command in match_busid - usbip: prevent leaking socket pointer address in messages - usbip: stub: stop printing kernel pointer addresses in messages - usbip: vhci: stop printing kernel pointer addresses in messages - USB: Fix off by one in type-specific length check of BOS SSP capability - nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick() - [x86] x86/smpboot: Remove stale TLB flush invocations - n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.75 - [x86] x86/boot: Add early cmdline parsing for options with arguments - [amd64] KAISER: Kernel Address Isolation - [amd64] kaiser: merged update - [amd64] kaiser: do not set _PAGE_NX on pgd_none - [amd64] kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE - [amd64] kaiser: fix build and FIXME in alloc_ldt_struct() - [amd64] kaiser: KAISER depends on SMP - [amd64] kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER - [amd64] kaiser: fix perf crashes - [amd64] kaiser: ENOMEM if kaiser_pagetable_walk() NULL - [amd64] kaiser: tidied up asm/kaiser.h somewhat - [amd64] kaiser: tidied up kaiser_add/remove_mapping slightly - [amd64] kaiser: align addition to x86/mm/Makefile - [amd64] kaiser: cleanups while trying for gold link - [amd64] kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET - [amd64] kaiser: delete KAISER_REAL_SWITCH option - [amd64] kaiser: vmstat show NR_KAISERTABLE as nr_overhead - [amd64] kaiser: enhanced by kernel and user PCIDs - [amd64] kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user - [amd64] kaiser: PCID 0 for kernel and 128 for user - [amd64] kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user - [amd64] kaiser: paranoid_entry pass cr3 need to paranoid_exit - [amd64] kaiser: kaiser_remove_mapping() move along the pgd - [amd64] kaiser: fix unlikely error in alloc_ldt_struct() - [amd64] kaiser: add "nokaiser" boot option, using ALTERNATIVE - [amd64] x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling - [amd64] x86/kaiser: Check boottime cmdline params - [amd64] kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush - [amd64] kaiser: drop is_atomic arg to kaiser_pagetable_walk() - [amd64] kaiser: asm/tlbflush.h handle noPGE at lower level - [amd64] kaiser: kaiser_flush_tlb_on_return_to_user() check PCID - [amd64] x86/paravirt: Dont patch flush_tlb_single - [amd64] x86/kaiser: Reenable PARAVIRT - [amd64] kaiser: disabled on Xen PV - [amd64] x86/kaiser: Move feature detection up - [amd64] KPTI: Rename to PAGE_TABLE_ISOLATION - [amd64] KPTI: Report when enabled - [amd64] kaiser: Set _PAGE_NX only if supported https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.76 - crypto: n2 - cure use after free - crypto: chacha20poly1305 - validate the digest size - crypto: pcrypt - fix freeing pcrypt instances (CVE-2017-18075) - nbd: fix use-after-free of rq/bio in the xmit path - [arm] iommu/arm-smmu-v3: Don't free page table ops twice - [arm] iommu/arm-smmu-v3: Cope with duplicated Stream IDs - [x86] x86/microcode/AMD: Add support for fam17h microcode loading - [hppa] parisc: Fix alignment of pa_tlb_lock in assembly on 32-bit SMP kernel - [x86] Map the vsyscall page with _PAGE_USER https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.77 - mac80211: Add RX flag to indicate ICV stripped - ath10k: rebuild crypto header in rx data frames - [x86] KVM: Fix stack-out-of-bounds read in write_mmio - [mips] MIPS: Fix an FCSR access API regression with NT_PRFPREG and MSA - [x86] kvm: vmx: Scrub hardware GPRs at VM-exit (mitigates Spectre / CVE-2017-5715 and CVE-2017-5753) - ALSA: pcm: Remove incorrect snd_BUG_ON() usages - RDS: Heap OOB write in rds_message_alloc_sgs() (CVE-2018-5332) - RDS: null pointer dereference in rds_atomic_free_op (CVE-2018-5333) - ipv6: fix possible mem leaks in ipv6_make_skb() - mlxsw: spectrum_router: Fix NULL pointer deref - crypto: algapi - fix NULL dereference in crypto_remove_spawns() - [x86] x86/microcode/intel: Extend BDW late-loading with a revision check - [x86] KVM: x86: Add memory barrier on vmcs field lookup (mitigates Spectre#2 / CVE-2017-5715) - [x86] kaiser: Set _PAGE_NX only if supported - bpf: prevent out-of-bounds speculation (mitigates Spectre#1 / CVE-2017-5753) - bpf, array: fix overflow in max_entries and undefined behavior in index_mask - USB: fix usbmon BUG trigger - usbip: remove kernel addresses from usb device and urb debug msgs - usbip: fix vudc_rx: harden CMD_SUBMIT path to handle malicious input - usbip: vudc_tx: fix v_send_ret_submit() vulnerability to null xfer buffer - Bluetooth: Prevent stack info leak from the EFS element.(CVE-2017-1000410) - [x86] x86/retpoline: Add initial retpoline support (mitigates Spectre#2 / CVE-2017-5715) - [x86] x86/spectre: Add boot time option to select Spectre v2 mitigation - [x86] x86/retpoline/crypto: Convert crypto assembler indirect jumps - [x86] x86/retpoline/entry: Convert entry assembler indirect jumps - [x86] x86/retpoline/ftrace: Convert ftrace assembler indirect jumps - [x86] x86/retpoline/hyperv: Convert assembler indirect jumps - [x86] x86/retpoline/xen: Convert Xen hypercall indirect jumps - [x86] x86/retpoline/checksum32: Convert assembler indirect jumps - [x86] x86/retpoline/irq32: Convert assembler indirect jumps - [x86] x86/retpoline: Fill return stack buffer on vmexit - [x86] x86/pti/efi: broken conversion from efi to kernel page table https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.78 - futex: Prevent overflow by strengthen input validation - ALSA: seq: Make ioctls race-free - af_key: fix buffer overread in verify_address_len() - af_key: fix buffer overread in parse_exthdrs() - iser-target: Fix possible use-after-free in connection establishment error - [x86] x86/retpoline: Fill RSB on context switch for affected CPUs - [x86] x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros - module: Add retpoline tag to VERMAGIC - [x86] x86/mm/pkeys: Fix fill_sig_info_pkey - [x86] x86/tsc: Fix erroneous TSC rate on Skylake Xeon - pipe: avoid round_pipe_size() nr_pages overflow on 32-bit - [x86] x86/apic/vector: Fix off by one in error path - Input: ALPS - fix multi-touch decoding on SS4 plus touchpads - Input: 88pm860x-ts - fix child-node lookup - Input: twl6040-vibra - fix child-node lookup - Input: twl4030-vibra - fix sibling-node lookup - proc: fix coredump vs read /proc/*/stat race - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices - workqueue: avoid hard lockups in show_workqueue_state() - dm btree: fix serious bug in btree_split_beneath() - dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6 - [arm64] arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls - [x86] x86/cpu, x86/pti: Do not enable PTI on AMD processors - usbip: fix warning in vhci_hcd_probe/lockdep_init_map - [x86] x86/mce: Make machine check speculation protected - [x86] retpoline: Introduce start/end markers of indirect thunk - [x86] x86/retpoline: Optimize inline assembler for vmexit_fill_RSB https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.79 - [i386] x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels - usbip: prevent vhci_hcd driver from leaking a socket pointer address (CVE-2017-16911) - usbip: Fix potential format overflow in userspace tools - [arm*] KVM: arm/arm64: Check pagesize when allocating a hugepage at Stage 2 - [amd64] Prevent timer value 0 for MWAITX - drivers: base: cacheinfo: fix boot error message when acpi is enabled - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack - ACPICA: Namespace: fix operand cache leak - netfilter: nfnetlink_cthelper: Add missing permission checks - netfilter: xt_osf: Add missing permission checks - fs/fcntl: f_setown, avoid undefined behaviour - Revert "module: Add retpoline tag to VERMAGIC" - orangefs: fix deadlock; do not write i_size in read_iter - um: link vmlinux with -no-pie - vsyscall: Fix permissions for emulate mode with KAISER/PTI - ipv6: fix udpv6 sendmsg crash caused by too small MTU - ipv6: ip6_make_skb() needs to clear cork.base.dst - net: igmp: fix source address check for IGMPv3 reports - net: qdisc_pkt_len_init() should be more robust - net: tcp: close sock if net namespace is exiting - pppoe: take ->needed_headroom of lower device into account on xmit - r8169: fix memory corruption on retrieval of hardware statistics. - sctp: do not allow the v4 socket to bind a v4mapped v6 address - sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf - flow_dissector: properly cap thoff field - perf/x86/amd/power: Do not load AMD power module on !AMD platforms - x86/microcode/intel: Extend BDW late-loading further with LLC size check - bpf: fix bpf_tail_call() x64 JIT - bpf: avoid false sharing of map refcount with max_entries - bpf: fix divides by zero - bpf: fix 32-bit divide by zero - nfsd: auth: Fix gid sorting when rootsquash enabled https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.80 - loop: fix concurrent lo_open/lo_release (CVE-2018-5344) - gpio: Fix kernel stack leak to userspace - crypto: aesni - handle zero length dst buffer - crypto: sha3-generic - fixes for alignment and big endian operation - HID: wacom: EKR: ensure devres groups at higher indexes are released - igb: Free IRQs when device is hotplugged - drm/vc4: Account for interrupts in flight - [x86] KVM: x86: emulator: Return to user-mode on L1 CPL=0 emulation failure - [x86] KVM: x86: Don't re-execute instruction when not passing CR2 value - [x86] KVM: X86: Fix operand/address-size during instruction decoding - [x86] KVM: x86: ioapic: Fix level-triggered EOI and IOAPIC reconfigure race - [x86] KVM: x86: ioapic: Clear Remote IRR when entry is switched to edge-triggered - ACPI / bus: Leave modalias empty for devices which are not present - [x86] KVM: x86: ioapic: Preserve read-only values in the redirection table - btrfs: fix deadlock when writing out space cache - [x86] KVM: X86: Fix softlockup when get the current kvmclock - KVM: VMX: Fix rflags cache during vCPU reset - xfs: always free inline data before resetting inode fork during ifree - kmemleak: add scheduling point to kmemleak_scan() - scsi: aacraid: Prevent crash in case of free interrupt during scsi EH path - scsi: ufs: ufshcd: fix potential NULL pointer dereference in ufshcd_config_vreg - usb: gadget: don't dereference g until after it has been null checked - tty: fix data race between tty_init_dev and flush of buf - USB: serial: io_edgeport: fix possible sleep-in-atomic - usbip: prevent bind loops on devices attached to vhci_hcd [ Ben Hutchings ] * [rt] Update to 4.9.68-rt60: - Revert "memcontrol: Prevent scheduling while atomic in cgroup code" - Revert "fs: jbd2: pull your plug when waiting for space" - rtmutex: Fix lock stealing logic - cpu_pm: replace raw_notifier to atomic_notifier - PM / CPU: replace raw_notifier with atomic_notifier (fixup) - kernel/hrtimer: migrate deferred timer on CPU down - net: take the tcp_sk_lock lock with BH disabled - kernel/hrtimer: don't wakeup a process while holding the hrtimer base lock - kernel/hrtimer/hotplug: don't wake ktimersoftd while holding the hrtimer base lock - Bluetooth: avoid recursive locking in hci_send_to_channel() - iommu/amd: Use raw_cpu_ptr() instead of get_cpu_ptr() for ->flush_queue - rt/locking: allow recursive local_trylock() - locking/rtmutex: don't drop the wait_lock twice - net: use trylock in icmp_sk * e1000e: Fix e1000_check_for_copper_link_ich8lan return value. (see bug #885348) * [s390x] Un-revert upstream change moving exports to assembly sources [ Yves-Alexis Perez ] * mm, hugetlbfs: Avoid ABI change in 4.9.67. * dma-fence: Avoid ABI change in 4.9.68. * lib/genalloc: Avoid ABI change in 4.9.69. * Ignore ABI changes in inet_diag, SCTP, vsock, NVME, MD and libsas drivers, prevent FTBFS. * debian/patches: drop patches included upstream: - bugfix/all/e1000e-fix-e1000_check_for_copper_link_ich8lan-return-value.patch - bugfix/all/kvm-fix-stack-out-of-bounds-read-in-write_mmio.patch - bugfix/all/bluetooth-prevent-stack-info-leak-from-the-efs-element.patch - bugfix/all/mm-mmap.c-do-not-blow-on-prot_none-map_fixed-holes-i.patch - bugfix/all/netfilter-nfnetlink_cthelper-add-missing-permission-.patch - bugfix/all/netfilter-xt_osf-add-missing-permission-checks.patch - bugfix/all/nfsd-auth-Fix-gid-sorting-when-rootsquash-enabled.patch * bpf: avoid ABI changes in 4.9.77 and 4.9.79. * Ignore ABI change for cpu_tlbstate (symbol not exported _GPL anymore) * sched/rt: Avoid ABI change in 4.9.66. * Ignore ABI change for tcp_cong_avoid_ai and tcp_slow_start. * RT patchset: - fix context against 4.9.78 (164, 165, 229, 230) - refresh for fuzz (228) * mm: Avoid ABI change in 4.9.79. * usbip: ignore ABI change in 4.9.79. * cpupower: check for CPU existence has been fixed upstream, although a bit differently than the included patch. [ Salvatore Bonaccorso ] * nfsd: auth: Fix gid sorting when rootsquash enabled (CVE-2018-1000028) -- Yves-Alexis Perez &lt;corsac(a)debian.org&gt; Sun, 04 Feb 2018 21:11:44 +0100 --- Modifications pour linux-latest (linux-image-amd64) --- linux-latest (80+deb9u4) stretch-security; urgency=high * Update to 4.9.0-6 -- Yves-Alexis Perez &lt;corsac(a)debian.org&gt; Thu, 22 Feb 2018 08:32:44 +0100 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on quigon.federez.net -- apticron