Univention Bugzilla – Bug 48172
linux: Multiple issues (4.3)
Last modified: 2018-11-21 15:21:22 CET
New Debian linux 4.9.130-2 fixes: This update addresses the following issue: * Integer overflow in drivers/video/fbdev/uvesafb.c:uvesafb_setcmap() allows for potential denial of service (CVE-2018-13406)
[4.3-2] 22c1abb3ab Bug #48172: Update to linux-4.9.130-2 .../debian/changelog | 6 ++++++ .../univention-kernel-image-signed/debian/control | 4 ++-- .../vmlinuz-4.9.0-8-amd64.efi.signed | Bin 4241008 -> 4236912 bytes 3 files changed, 8 insertions(+), 2 deletions(-) Package: univention-kernel-image-signed Version: 4.0.0-9A~4.3.0.201811191325 Branch: ucs_4.3-0 Scope: errata4.3-2 * scsi: target: iscsi: Use hex2bin instead of a re-implementation (CVE-2018-14633) * irda: Only insert new objects into the global database via setsockopt (CVE-2018-6555) * irda: Fix memory leak caused by repeated binds of irda socket (CVE-2018-6554) * Bluetooth: hidp: buffer overflow in hidp_process_report (CVE-2018-9363) * x86/KVM/VMX: Add module argument for L1TF mitigation (CVE-2018-3620) * ext4: add more inode number paranoia checks (CVE-2018-10882) * ext4: clear i_data in ext4_inode_info when removing inline data (CVE-2018-10881) * ext4: verify the depth of extent tree in ext4_find_extent() (CVE-2018-10877) * ext4: only look at the bg_flags field if it is valid (CVE-2018-10876) * jbd2: don't mark block as modified if the handle is out of credits (CVE-2018-10883) * Fix up non-directory creation in SGID directories (CVE-2018-13405) * Integer overflow in drivers/video/fbdev/uvesafb.c:uvesafb_setcmap() allows for potential denial of service (CVE-2018-13406) * ALSA: rawmidi: Change resized buffers atomically (CVE-2018-10902) * ocfs2: ip_alloc_sem should be taken in ocfs2_get_block() (CVE-2017-18224) * Cipso: cipso_v4_optptr enter infinite loop (CVE-2018-10938) * x86/paravirt: Fix spectre-v2 mitigations for paravirt guests (CVE-2018-15594) * HID: debug: check length before copy_to_user() (CVE-2018-9516) * mm: get rid of vmacache_flush_all() entirely (CVE-2018-17182) * ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (CVE-2017-18216) * cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (CVE-2018-16658) * x86/entry/64: Remove %ebx handling from error_entry/exit (CVE-2018-14678) * USB: yurex: fix out-of-bounds uaccess in read handler (CVE-2018-16276) * x86/speculation: Protect against userspace-userspace spectreRSB (CVE-2018-15572) [4.3-2] fd58c35b5b Bug #48172: univention-kernel-image-signed 4.0.0-9A~4.3.0.201811191325 doc/errata/staging/linux.yaml | 57 +++++++++++++++++- .../staging/univention-kernel-image-signed.yaml | 68 ++++++++++++++++++++++ 2 files changed, 124 insertions(+), 1 deletion(-)
--- mirror/ftp/4.3/unmaintained/component/4.3-2-errata/source/linux_4.9.110-3+deb9u6.dsc +++ apt/ucs_4.3-0-errata4.3-2/source/linux_4.9.130-2.dsc @@ -1,3 +1,1121 @@ +4.9.130-2 [Sat, 27 Oct 2018 19:46:16 +0100] Ben Hutchings <ben@decadent.org.uk>: + + [ Salvatore Bonaccorso ] + * Ignore ABI change for return_address. + Fixes "FTBFS on armel/armhf: ABI change for return_address". + Modules will use their own inline copy. + Thanks to Cyril Brulebois for the analysis (Closes: #911421) + +4.9.130-1 [Wed, 10 Oct 2018 07:14:31 +0200] Salvatore Bonaccorso <carnil@debian.org>: + + * New upstream stable update: + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.111 + - [x86] spectre_v1: Disable compiler optimizations over + array_index_mask_nospec() + - [x86] mce: Improve error message when kernel cannot recover + - [x86] mce: Check for alternate indication of machine check recovery on + Skylake + - [x86] mce: Fix incorrect "Machine check from unknown source" message + - [x86] mce: Do not overwrite MCi_STATUS in mce_no_way_out() + - [x86] Call fixup_exception() before notify_die() in math_error() + - [m68k] mm: Adjust VM area to be unmapped by gap size for __iounmap() + - [sh4] serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding + version + - usb: do not reset if a low-speed or full-speed device timed out + - 1wire: family module autoload fails because of upper/lower case + mismatch. + - ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it + - lib/vsprintf: Remove atomic-unsafe support for %pCr + - [mips*] ftrace: fix static function graph tracing + - branch-check: fix long->int truncation when profiling branches + - ipmi:bt: Set the timeout before doing a capabilities check + - Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw + loader + - fuse: atomic_o_trunc should truncate pagecache + - fuse: don't keep dead fuse_conn at fuse_fill_super(). + - fuse: fix control dir setup and teardown + - [powerpc*] mm/hash: Add missing isync prior to kernel stack SLB switch + - [powerpc*] ptrace: Fix setting 512B aligned breakpoints with + PTRACE_SET_DEBUGREG + - [powerpc*] /ptrace: Fix enforcement of DAWR constraints + - [powerpc*] powernv/ioda2: Remove redundant free of TCE pages + - [poewrpc*] cpuidle: powernv: Fix promotion from snooze if next state + disabled + - [powerpc*] fadump: Unregister fadump on kexec down path. + - [arm*] 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct + size + - [arm64] kpti: Use early_param for kpti= command-line option + - [arm64] mm: Ensure writes to swapper are ordered wrt subsequent cache + maintenance + - IB/qib: Fix DMA api warning with debug kernel + - IB/{hfi1, qib}: Add handling of kernel restart + - IB/mlx5: Fetch soft WQE's on fatal error state + - IB/isert: Fix for lib/dma_debug check_sync warning + - IB/isert: fix T10-pi check mask setting + - RDMA/mlx4: Discard unknown SQP work requests + - mtd: cfi_cmdset_0002: Change write buffer to check correct value + - mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() + - mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips + - mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary + - mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking. + - PCI: Add ACS quirk for Intel 7th & 8th Gen mobile + - PCI: Add ACS quirk for Intel 300 series + - PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on + resume + - printk: fix possible reuse of va_list variable + - [mips*] io: Add barrier after register read in inX() + - time: Make sure jiffies_to_msecs() preserves non-zero time periods + - Btrfs: fix return value on rename exchange failure + - Btrfs: fix unexpected cow in run_delalloc_nocow + - iio:buffer: make length types match kfifo types + - scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails + - [s390x] scsi: zfcp: fix missing SCSI trace for result of + eh_host_reset_handler + - [s390x] scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh + TMF + - [s390x] scsi: zfcp: fix misleading REC trigger trace where erp_action + setup failed + - [s390x] scsi: zfcp: fix missing REC trigger trace on terminate_rport_io + early return + - [s390x] scsi: zfcp: fix missing REC trigger trace on terminate_rport_io + for ERP_FAILED + - [s390x] scsi: zfcp: fix missing REC trigger trace for all objects in + ERP_FAILED + - [s390x] scsi: zfcp: fix missing REC trigger trace on enqueue without ERP + thread + - linvdimm, pmem: Preserve read-only setting for pmem devices + - md: fix two problems with setting the "re-add" device state. + - ubi: fastmap: Cancel work upon detach + - ubi: fastmap: Correctly handle interrupted erasures in EBA + - UBIFS: Fix potential integer overflow in allocation + - [x86] mfd: intel-lpss: Program REMAP register in PIO mode + - perf tools: Fix symbol and object code resolution for vdso32 and vdsox32 + - perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING + - perf intel-pt: Fix decoding to accept CBR between FUP and corresponding + TIP + - perf intel-pt: Fix MTC timing after overflow + - perf intel-pt: Fix "Unexpected indirect branch" error + - perf intel-pt: Fix packet decoding of CYC packets + - media: v4l2-compat-ioctl32: prevent go past max size + - media: cx231xx: Add support for AverMedia DVD EZMaker 7 + - media: dvb_frontend: fix locking issues at dvb_frontend_get_event() + - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir + - NFSv4: Fix possible 1-byte stack overflow in + nfs_idmap_read_and_verify_message + - NFSv4: Revert commit 5f83d86cf531d ("NFSv4.x: Fix wraparound issues..") + - video: uvesafb: Fix integer overflow in allocation (CVE-2018-13406) + - Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID + - pwm: lpss: platform: Save/restore the ctrl register over a + suspend/resume + - rbd: flush rbd_dev->watch_dwork after watch is unregistered + - [x86] mm: fix devmem_is_allowed() for sub-page System RAM intersections + - xen: Remove unnecessary BUG_ON from __unbind_from_irq() + - udf: Detect incorrect directory size + - Input: elan_i2c_smbus - fix more potential stack buffer overflows + - Input: elantech - enable middle button of touchpads on ThinkPad P52 + - Input: elantech - fix V4 report decoding for module with middle key + - ALSA: hda/realtek - Fix pop noise on Lenovo P50 & co + - ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210 + - block: Fix transfer when chunk sectors exceeds max + - dm thin: handle running out of data space vs concurrent discard + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.112 + - usb: cdc_acm: Add quirk for Uniden UBC125 scanner + - USB: serial: cp210x: add CESINEL device ids + - USB: serial: cp210x: add Silicon Labs IDs for Windows Update + - [arm64,armhf] usb: dwc2: fix the incorrect bitmaps for the ports of + multi_tt hub + - n_tty: Fix stall at n_tty_receive_char_special(). + - n_tty: Access echo_* variables carefully. + - vt: prevent leaking uninitialized data to userspace via /dev/vcs* + - ipv4: Fix error return value in fib_convert_metrics() + - [x86] kprobes: Do not modify singlestep buffer while resuming + - netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in + nft_do_chain() + - net: phy: micrel: fix crash when statistic requested for KSZ9031 phy + - [armhf] dts: imx6q: Use correct SDMA script for SPI5 core + - IB/hfi1: Fix user context tail allocation for DMA_RTAIL + - mm: hugetlb: yield when prepping struct pages + - tracing: Fix missing return symbol in function_graph output + - scsi: sg: mitigate read/write abuse + - [s390x] Correct register corruption in critical section cleanup + - drbd: fix access after free + - cifs: Fix infinite loop when using hard mount option + - drm/udl: fix display corruption of the last line + - ext4: include the illegal physical block in the bad map ext4_error msg + - ext4: add more mount time checks of the superblock + - ext4: check superblock mapped prior to committing + - mlxsw: spectrum: Forbid linking of VLAN devices to devices that have + uppers + - [x86] HID: i2c-hid: Fix "incomplete report" noise + - HID: hiddev: fix potential Spectre v1 + - HID: debug: check length before copy_to_user() (CVE-2018-9516) + - PM / OPP: Update voltage in case freq == old_freq + - Kbuild: fix # escaping in .cmd files for future Make + - media: cx25840: Use subdev host data for PLL override + - mm, page_alloc: do not break __GFP_THISNODE by zonelist reset + - dm bufio: avoid sleeping while holding the dm_bufio lock + - dm bufio: drop the lock when doing GFP_NOIO allocation + - [armhf] mtd: rawnand: mxc: set spare area size register explicitly + - dm bufio: don't take the lock in dm_bufio_shrink_count + - mtd: cfi_cmdset_0002: Change definition naming to retry write operation + - mtd: cfi_cmdset_0002: Change erase functions to retry for error + - mtd: cfi_cmdset_0002: Change erase functions to check chip good only + - netfilter: nf_log: don't hold nf_log_mutex during user access + - [x86] staging: comedi: quatech_daqp_cs: fix no-op loop + daqp_ao_insn_write() + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.113 + - nvme: validate admin queue before unquiesce + - [mips*] Call dump_stack() from show_regs() + - [mips*] Fix ioremap() RAM check + - mmc: dw_mmc: fix card threshold control configuration + - [x86] ibmasm: don't write out of bounds in read handler + - ata: Fix ZBC_OUT command block check + - ata: Fix ZBC_OUT all bit handling + - vmw_balloon: fix inflation with batching + - ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS + - USB: serial: ch341: fix type promotion bug in ch341_control_in() + - USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick + - USB: serial: keyspan_pda: fix modem-status error handling + - USB: yurex: fix out-of-bounds uaccess in read handler (CVE-2018-16276) + - USB: serial: mos7840: fix status-register error handling + - usb: quirks: add delay quirks for Corsair Strafe + - xhci: xhci-mem: off by one in xhci_stream_id_to_ring() + - HID: usbhid: add quirk for innomedia INNEX GENESIS/ATARI adapter + - ALSA: hda - Handle pm failure during hotplug + - fs, elf: make sure to page align bss in load_elf_library + - tools build: fix # escaping in .cmd files for future Make + - [arm64,armhf] i2c: tegra: Fix NACK error handling + - iw_cxgb4: correctly enforce the max reg_mr depth + - nvme-pci: Remap CMB SQ entries on every controller reset + - [x86] uprobes: Remove incorrect WARN_ON() in uprobe_init_insn() + - netfilter: nf_queue: augment nfqa_cfg_policy + - netfilter: x_tables: initialise match/target check parameter struct + - loop: add recursion validation to LOOP_CHANGE_FD + - PM / hibernate: Fix oops at snapshot_write() + - loop: remember whether sysfs_create_group() was done + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.114 + - [mips*] Use async IPIs for arch_trigger_cpumask_backtrace() + - compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline + declarations + - [x86] asm: Add _ASM_ARG* constants for argument registers to <asm/asm.h> + - [x86] paravirt: Make native_save_fl() extern inline + - mtd: m25p80: consider max message size in m25p80_read + - atm: zatm: Fix potential Spectre v1 + - ipvlan: fix IFLA_MTU ignored on NEWLINK + - net: dccp: avoid crash in ccid3_hc_rx_send_feedback() + - net: dccp: switch rx_tstamp_last_feedback to monotonic clock + - net/mlx5: Fix incorrect raw command length parsing + - net/mlx5: Fix wrong size allocation for QoS ETC TC regitster + - net_sched: blackhole: tell upper qdisc about dropped packets + - net: sungem: fix rx checksum support + - qed: Fix use of incorrect size in memcpy call. + - qed: Limit msix vectors in kdump kernel to the minimum required count. + - qmi_wwan: add support for the Dell Wireless 5821e module + - r8152: napi hangup fix after disconnect + - tcp: fix Fast Open key endianness + - tcp: prevent bogus FRTO undos with non-SACK flows + - vhost_net: validate sock before trying to put its fd + - net/packet: fix use-after-free + - net/mlx5: Fix command interface race in polling mode + - net: cxgb3_main: fix potential Spectre v1 + - rtlwifi: rtl8821ae: fix firmware is not ready to run + - net: lan78xx: Fix race in tx pending skb size calculation + - netfilter: ebtables: reject non-bridge targets + - reiserfs: fix buffer overflow with long warning messages + - KEYS: DNS: fix parsing multiple options + - netfilter: ipv6: nf_defrag: drop skb dst before queueing + - rds: avoid unenecessary cong_update in loop transport + - net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL. + - [arm64] assembler: introduce ldr_this_cpu + - [arm64] KVM: Store vcpu on the stack during __guest_enter() + - [arm*] KVM: Convert kvm_host_cpu_state to a static per-cpu allocation + - [arm64] KVM: Change hyp_panic()s dependency on tpidr_el2 + - [arm64] alternatives: use tpidr_el2 on VHE hosts + - [arm64] KVM: Stop save/restoring host tpidr_el1 on VHE + - [arm64] alternatives: Add dynamic patching feature + - [arm*] KVM: Do not use kern_hyp_va() with kvm_vgic_global_state + - [arm64] KVM: Avoid storing the vcpu pointer on the stack + - [arm*] smccc: Add SMCCC-specific return codes + - [arm64] Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1 + - [arm64] Add per-cpu infrastructure to call ARCH_WORKAROUND_2 + - [arm64] Add ARCH_WORKAROUND_2 probing + - [arm64] Add 'ssbd' command-line option + - [arm64] ssbd: Add global mitigation state accessor + - [arm64] ssbd: Skip apply_ssbd if not using dynamic mitigation + - [arm64] ssbd: Restore mitigation status on CPU resume + - [arm64] ssbd: Introduce thread flag to control userspace mitigation + - [arm64] ssbd: Add prctl interface for per-thread mitigation + - [arm64] KVM: Add HYP per-cpu accessors + - [arm64] KVM: Add ARCH_WORKAROUND_2 support for guests + - [arm64] KVM: Handle guest's ARCH_WORKAROUND_2 requests + - [arm64] KVM: Add ARCH_WORKAROUND_2 discovery through + ARCH_FEATURES_FUNC_ID + - string: drop __must_check from strscpy() and restore strscpy() usages in + cgroup + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.115 + - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in + parallel. + - [x86] apm: Don't access __preempt_count with zeroed fs + - [x86] MCE: Remove min interval polling limitation + - fat: fix memory allocation failure handling of match_strdup() + - ALSA: rawmidi: Change resized buffers atomically (CVE-2018-10902) + - mm: memcg: fix use after free in mem_cgroup_iter() + - mm/huge_memory.c: fix data loss when splitting a file pmd + - vfio/pci: Fix potential Spectre v1 + - [x86] drm/i915: Fix hotplug irq ack on i965/g4x + - gen_stats: Fix netlink stats dumping in the presence of padding + - ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns + - ipv6: fix useless rol32 call on hash + - lib/rhashtable: consider param->min_size when setting initial table size + - net: diag: Don't double-free TCP_NEW_SYN_RECV sockets in tcp_abort + - net/ipv4: Set oif in fib_compute_spec_dst + - net: phy: fix flag masking in __set_phy_supported + - ptp: fix missing break in switch + - qmi_wwan: add support for Quectel EG91 + - tg3: Add higher cpu clock for 5762. + - net: usb: asix: replace mii_nway_restart in resume path + - net: Don't copy pfmemalloc flag in __copy_skb_header() + - skbuff: Unconditionally copy pfmemalloc in __skb_clone() + - xhci: Fix perceived dead host due to runtime suspend race with event + handler + - xprtrdma: Return -ENOBUFS when no pages are available + - block: do not use interruptible wait anywhere + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.116 + - [mips*] Fix off-by-one in pci_resource_to_user() + - ip: hash fragments consistently + - ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull + - net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper + - net: skb_segment() should not return NULL + - net/mlx5: Adjust clock overflow work period + - net/mlx5e: Don't allow aRFS for encapsulated packets + - net/mlx5e: Fix quota counting in aRFS expire flow + - multicast: do not restore deleted record source filter mode to new one + - net: phy: consider PHY_IGNORE_INTERRUPT in phy_start_aneg_priv + - rtnetlink: add rtnl_link_state check in rtnl_configure_link + - tcp: fix dctcp delayed ACK schedule + - tcp: helpers to send special DCTCP ack + - tcp: do not cancel delay-AcK on DCTCP special ACK + - tcp: do not delay ACK in DCTCP upon CE status change + - usb: cdc_acm: Add quirk for Castles VEGA3000 + - usb: core: handle hub C_PORT_OVER_CURRENT condition + - usb: gadget: f_fs: Only return delayed status when len is 0 + - driver core: Partially revert "driver core: correct device's shutdown + order" + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.117 + - Input: elan_i2c - add ACPI ID for lenovo ideapad 330 + - Input: i8042 - add Lenovo LaVie Z to the i8042 reset list + - Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST + - [x86] kvm, mm: account shadow page tables to kmemcg + - tracing: Fix double free of event_trigger_data + - tracing: Fix possible double free in event_enable_trigger_func() + - kthread, tracing: Don't expose half-written comm when creating kthreads + - tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure + - tracing: Quiet gcc warning about maybe unused link variable + - [arm64] fix vmemmap BUILD_BUG_ON() triggering on !vmemmap setups + - [arm64,armhf] usb: dwc2: Fix DMA alignment to start at allocated + boundary + - kcov: ensure irq code sees a valid area + - xen/netfront: raise max number of slots in xennet_get_responses() + - ALSA: emu10k1: add error handling for snd_ctl_add + - ALSA: fm801: add error handling for snd_ctl_add + - nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo + - mm: vmalloc: avoid racy handling of debugobjects in vunmap + - mm/slub.c: add __printf verification to slab_err() + - rtc: ensure rtc_set_alarm fails when alarms are not supported + - perf tools: Fix pmu events parsing rule + - netfilter: ipset: List timing out entries with "timeout 1" instead of + zero + - infiniband: fix a possible use-after-free bug (CVE-2018-14734) + - [powerpc*] powerpc/eeh: Fix use-after-release of EEH driver + - hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common() + - [powerpc*] powerpc/64s: Fix compiler store ordering to SLB shadow area + - RDMA/mad: Convert BUG_ONs to error flows + - netfilter: nf_tables: check msg_type before nft_trans_set(trans) + - pnfs: Don't release the sequence slot until we've processed layoutget on + open + - disable loading f2fs module on PAGE_SIZE > 4KB + - f2fs: fix error path of move_data_page + - f2fs: fix to don't trigger writeback during recovery + - f2fs: fix to wait page writeback during revoking atomic write + - f2fs: Fix deadlock in shutdown ioctl + - f2fs: fix race in between GC and atomic open + - usbip: usbip_detach: Fix memory, udev context and udev leak + - [x86] perf/x86/intel/uncore: Correct fixed counter index check in + generic code + - [x86] perf/x86/intel/uncore: Correct fixed counter index check for NHM + - iwlwifi: pcie: fix race in Rx buffer allocator + - Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning + - Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011 + - ASoC: dpcm: fix BE dai not hw_free and shutdown + - [arm64,armhf] mfd: cros_ec: Fail early if we cannot identify the EC + - mwifiex: handle race during mwifiex_usb_disconnect + - wlcore: sdio: check for valid platform device data before suspend + - media: tw686x: Fix incorrect vb2_mem_ops GFP flags + - media: videobuf2-core: don't call memop 'finish' when queueing + - btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups + - btrfs: qgroup: Finish rescan when hit the last leaf of extent tree + - PCI: Prevent sysfs disable of device while driver is attached + - ath: Add regulatory mapping for FCC3_ETSIC + - ath: Add regulatory mapping for ETSI8_WORLD + - ath: Add regulatory mapping for APL13_WORLD + - ath: Add regulatory mapping for APL2_FCCA + - ath: Add regulatory mapping for Uganda + - ath: Add regulatory mapping for Tanzania + - ath: Add regulatory mapping for Serbia + - ath: Add regulatory mapping for Bermuda + - ath: Add regulatory mapping for Bahamas + - [powerpc*] chrp/time: Make some functions static, add missing header + include + - [powerpc*] powermac: Add missing prototype for note_bootable_part() + - [powerpc*] powermac: Mark variable x as unused + - [powerpc*] 8xx: fix invalid register expression in head_8xx.S + - [powerpc*] bpf: powerpc64: pad function address loads with NOPs + - PCI: pciehp: Request control of native hotplug only if supported + - mwifiex: correct histogram data with appropriate index + - ima: based on policy verify firmware signatures (pre-allocated buffer) + - fscrypt: use unbound workqueue for decryption + - scsi: ufs: fix exception event handling + - ALSA: emu10k1: Rate-limit error messages about page errors + - [armhf] regulator: pfuze100: add .is_enable() for + pfuze100_swb_regulator_ops + - md: fix NULL dereference of mddev->pers in remove_and_add_spares() + - ixgbevf: fix MAC address changes through ixgbevf_set_mac() + - ALSA: usb-audio: Apply rate limit to warning messages in URB complete + callback + - [arm64] cmpwait: Clear event register before arming exclusive monitor + - HID: hid-plantronics: Re-resend Update to map button for PTT products + - drm/radeon: fix mode_valid's return type + - [powerpc*] embedded6xx/hlwd-pic: Prevent interrupts from being handled + by Starlet + - HID: i2c-hid: check if device is there before really probing + - nvmem: properly handle returned value nvmem_reg_read + - tty: Fix data race in tty_insert_flip_string_fixed_flag + - dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA + - libata: Fix command retry decision + - media: media-device: fix ioctl function types + - media: saa7164: Fix driver name in debug output + - brcmfmac: Add support for bcm43364 wireless chipset + - [s390x] cpum_sf: Add data entry sizes to sampling trailer entry + - perf: fix invalid bit in diagnostic entry + - bnxt_en: Check unsupported speeds in bnxt_update_link() on PF only. + - scsi: 3w-9xxx: fix a missing-check bug + - scsi: 3w-xxxx: fix a missing-check bug + - scsi: megaraid: silence a static checker bug + - [x86] staging: lustre: o2iblnd: fix race at kiblnd_connect_peer + - [armhf] thermal: exynos: fix setting rising_threshold for Exynos5433 + - bpf: fix references to free_bpf_prog_info() in comments + - media: siano: get rid of __le32/__le16 cast warnings + - drm/atomic: Handling the case when setting old crtc for plane + - ALSA: hda/ca0132: fix build failure when a local macro is defined + - mmc: dw_mmc: update actual clock for mmc debugfs + - mmc: pwrseq: Use kmalloc_array instead of stack VLA + - dt-bindings: pinctrl: meson: add support for the Meson8m2 SoC + - dt-bindings: net: meson-dwmac: new compatible name for AXG SoC + - stop_machine: Use raw spinlocks + - [arm64,armhf] memory: tegra: Do not handle spurious interrupts + - [arm64,armhf] memory: tegra: Apply interrupts mask per SoC + - [x86] drm/gma500: fix psb_intel_lvds_mode_valid()'s return type + - ipconfig: Correctly initialise ic_nameservers + - rsi: Fix 'invalid vdd' warning in mmc + - audit: allow not equal op for audit by executable + - [x86] staging: lustre: llite: correct removexattr detection + - [x86] staging: lustre: ldlm: free resource when ldlm_lock_create() + fails. + - serial: core: Make sure compiler barfs for 16-byte earlycon names + - usb: hub: Don't wait for connect state at resume for powered-off ports + - crypto: authencesn - don't leak pointers to authenc keys + - crypto: authenc - don't leak pointers to authenc keys + - [armhf] media: omap3isp: fix unbalanced dma_iommu_mapping + - scsi: scsi_dh: replace too broad "TP9" string with the exact models + - scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs + - media: si470x: fix __be16 annotations + - drm: Add DP PSR2 sink enable bit + - random: mix rdrand with entropy sent in from userspace + - squashfs: be more careful about metadata corruption + - ext4: fix inline data updates with checksums enabled + - ext4: check for allocation block validity with block group locked + - RDMA/uverbs: Protect from attempts to create flows on unsupported QP + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.118 + - ipv4: remove BUG_ON() from fib_compute_spec_dst + - net: ena: Fix use of uninitialized DMA address bits field + - [arm64] net: fix amd-xgbe flow-control issue + - net: lan78xx: fix rx handling before first packet is send + - NET: stmmac: align DMA stuff to largest cache line length + - tcp_bbr: fix bw probing to raise in-flight data for very small BDPs + - xen-netfront: wait xenbus state change when load module manually + - tcp: do not force quickack when receiving out-of-order packets + - tcp: add max_quickacks param to tcp_incr_quickack and + tcp_enter_quickack_mode + - tcp: do not aggressively quick ack after ECN events + - tcp: refactor tcp_ecn_check_ce to remove sk type cast + - tcp: add one more quick ack after after ECN events + - [x86] pinctrl: intel: Read back TX buffer state + - sched/wait: Remove the lockless swait_active() check in swake_up*() + - bonding: avoid lockdep confusion in bond_get_stats() + - inet: frag: enforce memory limits earlier + - ipv4: frags: handle possible skb truesize change + - net: dsa: Do not suspend/resume closed slave_dev + - netlink: Fix spectre v1 gadget in netlink_create() + - net: stmmac: Fix WoL for PCI-based setups + - squashfs: more metadata hardening + - squashfs: more metadata hardenings + - can: ems_usb: Fix memory leak on ems_usb_disconnect() + - net: socket: fix potential spectre v1 gadget in socketcall + - virtio_balloon: fix another race between migration and ballooning + - [x86] kvm: vmx: fix vpid leak + - [x86] crypto: padlock-aes - Fix Nano workaround data corruption + - drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar formats + - scsi: sg: fix minor memory leak in error path + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.119 + - scsi: qla2xxx: Fix ISP recovery on unload + - scsi: qla2xxx: Return error when TMF returns + - genirq: Make force irq threading setup more robust + - nohz: Fix local_timer_softirq_pending() + - netlink: Do not subscribe to non-existent groups + - netlink: Don't shift with UB on nlk->ngroups + - netlink: Don't shift on 64 for ngroups + - ACPI / PCI: Bail early in acpi_pci_add_bus() if there is no ACPI handle + - ring_buffer: tracing: Inherit the tracing setting to next ring buffer + - [armhf] i2c: imx: Fix reinit_completion() use + - Btrfs: fix file data corruption after cloning a range and fsync + - tcp: add tcp_ooo_try_coalesce() helper + - kmemleak: clear stale pointers from task stacks + - fork: unconditionally clear stack on fork + - IB/hfi1: Fix incorrect mixing of ERR_PTR and NULL return values + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.120 + - ext4: fix check to prevent initializing reserved inodes + - [x86] tpm: fix race condition in tpm_common_write() + - [hppa/parisc] Enable CONFIG_MLONGCALLS by default + - [hppa/parisc] Define mb() and add memory barriers to assembler unlock + sequences + - Mark HI and TASKLET softirq synchronous + - xen/netfront: don't cache skb_shinfo() + - ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices + - scsi: sr: Avoid that opening a CD-ROM hangs with runtime power + management enabled + - root dentries need RCU-delayed freeing + - make sure that __dentry_kill() always invalidates d_seq, unhashed or not + - fix mntput/mntput race + - fix __legitimize_mnt()/mntput() race + - IB/core: Make testing MR flags for writability a static inline function + - IB/mlx4: Mark user MR as writable if actual virtual memory is writable + - IB/ocrdma: fix out of bounds access to local buffer + - [x86] paravirt: Fix spectre-v2 mitigations for paravirt guests + (CVE-2018-15594) + - [x86] speculation: Protect against userspace-userspace spectreRSB + CVE-2018-15572) + - [x86] kprobes Fix %p uses in error messages + - [x86] irqflags: Provide a declaration for native_save_fl + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.121 + - [i386] mm: Disable ioremap free page handling on x86-PAE + - kbuild: verify that $DEPMOD is installed + - crypto: vmac - require a block cipher with 128-bit block size + - crypto: vmac - separate tfm and request context + - Bluetooth: hidp: buffer overflow in hidp_process_report (CVE-2018-9363) + - ioremap: Update pgtable free interfaces with addr + - [x86] mm: Add TLB purge to free pmd/pte page interfaces + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.122 + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.123 + - dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() + - l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache + - llc: use refcount_inc_not_zero() for llc_sap_find() + - vsock: split dwork to avoid reinitializations + - ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit + - net_sched: Fix missing res info when create new tc_index filter + - net_sched: fix NULL pointer dereference when delete tcindex filter + - ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs + - ALSA: hda - Turn CX8200 into D3 as well upon reboot + - ALSA: vx222: Fix invalid endian conversions + - ALSA: virmidi: Fix too long output trigger loop + - ALSA: cs5535audio: Fix invalid endian conversion + - ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry + - ALSA: memalloc: Don't exceed over the requested size + - ALSA: vxpocket: Fix invalid endian conversions + - cls_matchall: fix tcf_unbind_filter missing + - USB: serial: sierra: fix potential deadlock at close + - USB: option: add support for DW5821e + - ACPI / PM: save NVS memory for ASUS 1025C laptop + - tty: serial: 8250: Revert NXP SC16C2552 workaround + - serial: 8250_dw: always set baud rate in dw8250_set_termios + - serial: 8250_dw: Add ACPI support for uart on Broadcom SoC + - [x86] mm: Simplify p[g4um]d_page() macros + - Bluetooth: avoid killing an already killed socket + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.124 + - [x86] entry/64: Remove %ebx handling from error_entry/exit + (CVE-2018-14678) + - [arm64,armhf] usb: dwc3: of-simple: fix use-after-free on remove + - [arm64] dts: ns2: Fix I2C controller interrupt type + - [arm64] drm: mali-dp: Enable Global SE interrupts mask for DP500 + - IB/rxe: Fix missing completion for mem_reg work requests + - libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() + - [arm64,armhf] usb: dwc2: fix isoc split in transfer with no data + - usb: gadget: composite: fix delayed_status race condition when + set_interface + - [arm64,armhf] usb: gadget: dwc2: fix memory leak in gadget_init() + - xen: add error handling for xenbus_printf + - scsi: xen-scsifront: add error handling for xenbus_printf + - xen/scsiback: add error handling for xenbus_printf + - [arm64] make secondary_start_kernel() notrace + - qed: Add sanity check for SIMD fastpath handler. + - enic: initialize enic->rfs_h.lock in enic_probe + - net: hamradio: use eth_broadcast_addr + - net: propagate dev_get_valid_name return code + - [armhf] net: stmmac: socfpga: add additional ocp reset line for + Stratix10 + - nvmet: reset keep alive timer in controller enable + - [armhf] net: davinci_emac: match the mdio device against its compatible + if possible + - [arm64,armhf] KVM: Drop resource size check for GICV window + - locking/lockdep: Do not record IRQ state within lockdep code + - ipv6: mcast: fix unsolicited report interval after receiving querys + - Smack: Mark inode instant in smack_task_to_inode + - batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump + - batman-adv: Fix bat_v best gw refcnt after netlink dump + - cxgb4: when disabling dcb set txq dcb priority to 0 + - [x86] iio: pressure: bmp280: fix relative humidity unit + - brcmfmac: stop watchdog before detach and free everything + - ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl + - [arm64,armhf] usb: xhci: remove the code build warning + - usb: xhci: increase CRS timeout value + - NFC: pn533: Fix wrong GFP flag usage + - perf test session topology: Fix test on s390 + - perf report powerpc: Fix crash if callchain is empty + - perf bench: Fix numa report output code + - netfilter: nf_log: fix uninit read in nf_log_proc_dostring + - ceph: fix dentry leak in splice_dentry() + - [armhf] dmaengine: pl330: report BURST residue granularity + - [arm64] dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() + - md/raid10: fix that replacement cannot complete recovery after + reassemble + - nl80211: relax ht operation checks for mesh + - [s390x] bpf, s390: fix potential memleak when later bpf_jit_prog fails + - bnx2x: Fix receiving tx-timeout in error or recovery state. + - acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value + - ipvlan: call dev_change_flags when ipvlan mode is reset + - HID: wacom: Correct touch maximum XY of 2nd-gen Intuos + - tracing: Use __printf markup to silence compiler + - smsc75xx: Add workaround for gigabit link up hardware errata. + - ieee802154: 6lowpan: set IFLA_LINK + - netfilter: x_tables: set module owner for icmp(6) matches + - ipv6: make ipv6_renew_options() interrupt/kernel safe + - [arm*] pxa: irq: fix handling of ICMR registers in suspend/resume + - net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is + used + - ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem + - ieee802154: at86rf230: use __func__ macro for debug messages + - ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem + - netfilter: nf_conntrack: Fix possible possible crash on module loading. + - bnxt_en: Always set output parameters in bnxt_get_max_rings(). + - bnxt_en: Fix for system hang if request_irq fails + - nfit: fix unchecked dereference in acpi_nfit_ctl + - RDMA/mlx5: Fix memory leak in mlx5_ib_create_srq() error path + - [arm*] 8780/1: ftrace: Only set kernel memory back to read-only after + boot + - [armhf] DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for + secondary cores + - [armhf] dts: am3517.dtsi: Disable reference to OMAP3 OTG controller + - ixgbe: Be more careful when modifying MAC filters + - packet: reset network header if packet shorter than ll reserved space + - qlogic: check kstrtoul() for errors + - tcp: remove DELAYED ACK events in DCTCP + - drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() + - net: usb: rtl8150: demote allmulti message to dev_dbg() + - tcp: identify cryptic messages as TCP seq # bugs + - KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer + - ext4: fix spectre gadget in ext4_mb_regular_allocator() + - [hppa/parisc] Remove ordered stores from syscall.S + - xfrm_user: prevent leaking 2 bytes of kernel memory + - netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior + state + - packet: refine ring v3 block size test to hold one frame + - [hppa/parisc] Remove unnecessary barriers from spinlock.h + - PCI: hotplug: Don't leak pci_slot on registration failure + - PCI: Skip MPS logic for Virtual Functions (VFs) + - PCI: pciehp: Fix use-after-free on unplug + - PCI: pciehp: Fix unprotected list iteration in IRQ handler + - [armhf] i2c: imx: Fix race condition in dma read + - reiserfs: fix broken xattr handling (heap corruption, bad retval) + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.125 + - vti6: fix PMTU caching and reporting on xmit + - xfrm: fix missing dst_release() after policy blocking lbcast and + multicast + - xfrm: free skb if nlsk pointer is NULL + - mac80211: add stations tied to AP_VLANs during hw reconfig + - nl80211: Add a missing break in parse_station_flags + - [arm64] drm/bridge: adv7511: Reset registers on hotplug + - scsi: libiscsi: fix possible NULL pointer dereference in case of TMF + - [armhf] drm/imx: imx-ldb: disable LDB on driver bind + - [armhf] drm/imx: imx-ldb: check if channel is enabled before printing + warning + - usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3' + - [ppc64el] bpf, ppc64: fix unexpected r0=0 exit path inside bpf_xadd + - [x86] tools/power turbostat: fix -S on UP systems + - qed: Fix possible race for the link state value. + - qed: Correct Multicast API to reflect existence of 256 approximate + buckets. + - atl1c: reserve min skb headroom + - [x86] perf/x86/amd/ibs: Don't access non-started event + - bnx2x: Fix invalid memory access in rss hash config path. + - qmi_wwan: fix interface number for DW5821e production firmware + - [x86] boot: Fix if_changed build flip/flop bug + - fscache: Allow cancelled operations to be enqueued + - cachefiles: Fix refcounting bug in backing-file read monitoring + - cachefiles: Wait rather than BUG'ing on "Unexpected object collision" + - zswap: re-check zswap_is_full() after do zswap_shrink() + - [x86] tools/power turbostat: Read extended processor family from CPUID + - enic: handle mtu change for vf properly + - squashfs metadata 2: electric boogaloo + - Squashfs: Compute expected length from inode size rather than block + length + - drivers: net: lmc: fix case value for target abort error + - memcg: remove memcg_cgroup::id from IDR on mem_cgroup_css_alloc() + failure + - scsi: fcoe: drop frames in ELS LOGO error path + - scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO + - [x86] scsi: vmw_pvscsi: Return DID_RESET for status + SAM_STAT_COMMAND_TERMINATED + - mm/memory.c: check return value of ioremap_prot + - sched/sysctl: Check user input value of sysctl_sched_time_avg + - Cipso: cipso_v4_optptr enter infinite loop (CVE-2018-10938) + - [x86] mei: don't update offset in write + - cifs: add missing debug entries for kconfig options + - cifs: check kmalloc before use + - smb3: enumerating snapshots was leaving part of the data off end + - smb3: Do not send SMB3 SET_INFO if nothing changed + - smb3: don't request leases in symlink creation and query + - [arm64] kprobes: Fix %p uses in error messages + - [arm64] mm: check for upper PAGE_SHIFT bits in pfn_valid() + - [s390x] kvm: fix deadlock when killed by oom + - ext4: check for NUL characters in extended attribute's name + - ext4: sysfs: print ext4_super_block fields as little-endian + - ext4: reset error code in ext4_find_entry in fallback + - [arm64,armhf] KVM: Skip updating PTE entry if no change + - [arm64,armhf] KVM: Skip updating PMD entry if no change + - [x86] speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit + - [x86] speculation/l1tf: Fix off-by-one error when warning that system + has too much RAM (Closes: #907581) + - [x86] speculation/l1tf: Suggest what to do on systems with too much RAM + - [x86] process: Re-export start_thread() + - [x86] KVM: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts + disabled + - [x86] kvm/vmx: Remove duplicate l1d flush definitions + - fuse: Don't access pipe->buffers without pipe_lock() + - fuse: fix initial parallel dirops + - fuse: fix double request_end() + - fuse: fix unlocked access to processing queue + - fuse: umount should wait for all requests + - fuse: Fix oops at process_init_reply() + - fuse: Add missed unlock_page() to fuse_readpages_fill() + - udl-kms: change down_interruptible to down + - udl-kms: handle allocation failure + - udl-kms: fix crash due to uninitialized memory + - b43legacy/leds: Ensure NUL-termination of LED name string + - b43/leds: Ensure NUL-termination of LED name string + - ASoC: dpcm: don't merge format from invalid codec dai + - ASoC: sirf: Fix potential NULL pointer dereference + - [x86] irqflags: Mark native_restore_fl extern inline + - [x86] spectre: Add missing family 6 check to microcode check + - [x86] speculation/l1tf: Increase l1tf memory limit for Nehalem+ + (Closes: #907581) + - [x86] entry/64: Wipe KASAN stack shadow before rewind_stack_do_exit() + - [s390x] qdio: reset old sbal_state flags + - [s390x] pci: fix out of bounds access during irq setup + - kprobes: Make list and blacklist root user read only + - [mips*] lib: Provide MIPS64r6 __multi3() for GCC < 7 + - scsi: sysfs: Introduce sysfs_{un,}break_active_protection() + - scsi: core: Avoid that SCSI device removal through sysfs triggers a + deadlock + - iscsi target: fix session creation failure handling + - [armhf] clk: rockchip: fix clk_i2sout parent selection bits on rk3399 + - PM / clk: signedness bug in of_pm_clk_add_clks() + - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status + (CVE-2018-16658) + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.126 + - net: 6lowpan: fix reserved space for single frames + - net: mac802154: tx: expand tailroom if necessary + - 9p/net: Fix zero-copy path in the 9p virtio transport + - [x86] drm/i915/userptr: reject zero user_size + - libertas: fix suspend and resume for SDIO connected cards + - [arm64] mailbox: xgene-slimpro: Fix potential NULL pointer dereference + - [ppc64el] powerpc/pseries: Fix endianness while restoring of r3 in MCE + handler. + - PCI: Add wrappers for dev_printk() + - [ppc64el] powerpc/powernv/pci: Work around races in PCI bridge enabling + - [ppc64el] cxl: Fix wrong comparison in cxl_adapter_context_get() + - ib_srpt: Fix a use-after-free in srpt_close_ch() + - RDMA/rxe: Set wqe->status correctly if an unexpected response is + received + - fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr + failed + - 9p/virtio: fix off-by-one error in sg list bounds check + - net/9p/client.c: version pointer uninitialized + - net/9p/trans_fd.c: fix race-condition by flushing workqueue before the + kfree() + - dm thin: stop no_space_timeout worker when switching to write-mode + - dm cache metadata: save in-core policy_hint_size to on-disk superblock + - uart: fix race between uart_put_char() and uart_shutdown() + - [x86] vmw_balloon: fix inflation of 64-bit GFNs + - [x86] vmw_balloon: do not use 2MB without batching + - [x86] vmw_balloon: VMCI_DOORBELL_SET does not check status + - [x86] vmw_balloon: fix VMCI use when balloon built into kernel + - [armhf] rtc: omap: fix potential crash on power off + - tracing: Do not call start/stop() functions when tracing_on does not + change + - tracing/blktrace: Fix to allow setting same value + - uprobes: Use synchronize_rcu() not synchronize_sched() + - [arm64] mfd: hi655x: Fix regmap area declared size for hi655x + - 9p: fix multiple NULL-pointer-dereferences + - PM / sleep: wakeup: Fix build error caused by missing SRCU support + - [x86] KVM: VMX: fixes for vmentry_l1d_flush module parameter + - pnfs/blocklayout: off by one in bl_map_stripe() + - NFSv4 client live hangs after live data migration recovery + - Replace magic for trusting the secondary keyring with #define + - [amd64] Fix kexec forbidding kernels signed with keys in the secondary + keyring to boot + - mm/tlb: Remove tlb_remove_table() non-concurrent condition + - [x86] iommu/vt-d: Add definitions for PFSID + - [x86] iommu/vt-d: Fix dev iotlb pfsid use + - userns: move user access out of the mutex + - ubifs: Fix memory leak in lprobs self-check + - Revert "UBIFS: Fix potential integer overflow in allocation" + - ubifs: Check data node size before truncate + - ubifs: Fix synced_i_size calculation for xattr inodes + - [armhf] pwm: tiehrpwm: Fix disabling of output of PWMs + - fb: fix lost console when the user unplugs a USB adapter + - udlfb: set optimal write delay + - getxattr: use correct xattr length + - [x86] libnvdimm: fix ars_status output length calculation + - printk/tracing: Do not trace printk_nmi_enter() + - bcache: release dc->writeback_lock properly in bch_writeback_thread() + - perf auxtrace: Fix queue resize + - [ppc64el] crypto: vmx - Fix sleep-in-atomic bugs + - fs/quota: Fix spectre gadget in do_quotactl + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.127 + - [i386] speculation/l1tf: Fix up pte->pfn conversion for PAE + - act_ife: fix a potential use-after-free + - ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT + state + - net: sched: Fix memory exposure from short TCA_U32_SEL + - qlge: Fix netdev features configuration. + - r8169: add support for NCube 8168 network card + - tcp: do not restart timewait timer on rst reception + - vti6: remove !skb->ignore_df check from vti6_xmit() + - sctp: hold transport before accessing its asoc in + sctp_transport_get_next + - vhost: correctly check the iova range when waking virtqueue + - [x86] hv_netvsc: ignore devices that are not PCI + - act_ife: move tcfa_lock down to where necessary + - act_ife: fix a potential deadlock + - net: sched: action_ife: take reference to meta module + - cifs: check if SMB2 PDU size has been padded and suppress the warning + - hfsplus: don't return 0 when fill_super() failed + - hfs: prevent crash on exit from failed search + - sunrpc: Don't use stack buffer with scatterlist + - fork: don't copy inconsistent signal handler state to child + - reiserfs: change j_timestamp type to time64_t + - hfsplus: fix NULL dereference in hfsplus_lookup() (CVE-2018-14617) + - fat: validate ->i_start before using + - scripts: modpost: check memory allocation results + - virtio: pci-legacy: Validate queue pfn + - mm/fadvise.c: fix signed overflow UBSAN complaint + - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() + - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() + - [mips*] mfd: sm501: Set coherent_dma_mask when creating subdevices + - [x86] platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on + UX360 + - net/9p/trans_fd.c: fix race by holding the lock + - net/9p: fix error path of p9_virtio_probe + - [ppc64el] perf probe powerpc: Fix trace event post-processing + - block: bvec_nr_vecs() returns value for wrong slab + - [s390x] dasd: fix hanging offline processing due to canceled worker + - [s390x] dasd: fix panic for failed online processing + - [x86] ACPI / scan: Initialize status to ACPI_STA_DEFAULT + - scsi: aic94xx: fix an error code in aic94xx_init() + - [armel,armhf] PCI: mvebu: Fix I/O space end address calculation + - dm kcopyd: avoid softlockup in run_complete_job + - RDS: IB: fix 'passing zero to ERR_PTR()' warning + - smb3: fix reset of bytes read and written stats + - SMB3: Number of requests sent should be displayed for SMB3 not just CIFS + - [ppc64el] powerpc/pseries: Avoid using the size greater than + RTAS_ERROR_LOG_MAX. + - [armhf] clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in + rk3399 + - btrfs: replace: Reset on-disk dev stats value after replace + - btrfs: relocation: Only remove reloc rb_trees if reloc control has been + initialized (CVE-2018-14609) + - btrfs: Don't remove block group that still has pinned down bytes + - [arm64] rockchip: Force CONFIG_PM on Rockchip systems + - [arm*] rockchip: Force CONFIG_PM on Rockchip systems + - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80 + - tcp: Revert "tcp: tcp_probe: use spin_lock_bh()" + - [i386] pae: use 64 bit atomic xchg function in native_ptep_get_and_clear + - irda: Fix memory leak caused by repeated binds of irda socket + (CVE-2018-6554) + - irda: Only insert new objects into the global database via setsockopt + (CVE-2018-6555) + - enic: do not call enic_change_mtu in enic_probe + - Fix backport of "mm: numa: avoid waiting on freed migrated pages" + - sch_htb: fix crash on init failure + - sch_multiq: fix double free on init failure + - sch_hhf: fix null pointer dereference on init failure + - sch_netem: avoid null pointer deref on init failure + - sch_tbf: fix two null pointer dereferences on init failure + - [x86] mei: me: allow runtime pm for platform with D0i3 + - [s390x] lib: use expoline for all bcr instructions + - btrfs: use correct compare function of dirty_metadata_bytes + - [arm64] Fix mismatched cache line size detection + - [arm64] Handle mismatched cache type + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.128 + - [x86] i2c: i801: fix DNV's SMBCTRL register offset + - [s390x] KVM: s390: vsie: copy wrapping keys to right place + - ALSA: hda - Fix cancel_work_sync() stall from jackpoll work + - cfq: Give a chance for arming slice idle timer in case of group_idle + - kthread: Fix use-after-free if kthread fork fails + - [mips*] kthread: fix boot hang (regression) on MIPS/OpenRISC + - [x86] staging: rt5208: Fix a sleep-in-atomic bug in xd_copy_page + - [x86] staging/rts5208: Fix read overflow in memcpy + - IB/rxe: do not copy extra stack memory to skb + - block,blkcg: use __GFP_NOWARN for best-effort allocations in blkcg + - nl80211: fix null-ptr dereference on invalid mesh configuration + - locking/rwsem-xadd: Fix missed wakeup due to reordering of load + - selinux: use GFP_NOWAIT in the AVC kmem_caches + - locking/osq_lock: Fix osq_lock queue corruption + - mm, vmscan: clear PGDAT_WRITEBACK when zone is balanced + - mm: remove seemingly spurious reclaimability check from laptop_mode + gating + - [amd64] misc: mic: SCIF Fix scif_get_new_port() error handling + - Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV + - [arm64,armhf] gpio: tegra: Move driver registration to subsys_init level + - scsi: target: fix __transport_register_session locking + - md/raid5: fix data corruption of replacements after originals dropped + - timers: Clear timer_base::must_forward_clk with timer_base::lock held + - [arm64,armhf] misc: ti-st: Fix memory leak in the error path of probe() + - uio: potential double frees if __uio_register_device() fails + - [x86] tty: rocket: Fix possible buffer overwrite on register_PCI + - f2fs: do not set free of current section + - perf tools: Allow overriding MAX_NR_CPUS at compile time + - NFSv4.0 fix client reference leak in callback + - ath9k: report tx status on EOSP + - ath9k_hw: fix channel maximum power level test + - ath10k: prevent active scans on potential unusable channels + - [arm64,armhf] wlcore: Set rx_status boottime_ns field on rx + - [mips*] Fix ISA virt/bus conversion for non-zero PHYS_OFFSET + - ata: libahci: Correct setting of DEVSLP register + - scsi: 3ware: fix return 0 on the error path of probe + - ath10k: disable bundle mgmt tx completion event support + - Bluetooth: hidp: Fix handling of strncpy for hid->name information + - [x86] mm: Remove in_nmi() warning from vmalloc_fault() + - [x86] gpio: ml-ioh: Fix buffer underwrite on probe error path + - [armhf] net: mvneta: fix mtu change on port without link + - f2fs: try grabbing node page lock aggressively in sync scenario + - f2fs: fix to skip GC if type in SSA and SIT is inconsistent + - [x86] tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., + I2C_LOCK_SEGMENT) + - f2fs: fix to do sanity check with reserved blkaddr of inline inode + (CVE-2018-13099) + - [mips*] Octeon: add missing of_node_put() + - [mips*] generic: fix missing of_node_put() + - net: dcb: For wild-card lookups, use priority -1, not 0 + - Input: atmel_mxt_ts - only use first T9 instance + - [ppc64el] partitions/aix: append null character to print data from disk + - [ppc64el] partitions/aix: fix usage of uninitialized lv_info and lvname + structures + - f2fs: Fix uninitialized return in f2fs_ioc_shutdown() + - [armhf] mfd: ti_am335x_tscadc: Fix struct clk memory leak + - f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize + - NFSv4.1: Fix a potential layoutget/layoutrecall deadlock + - [mips*] WARN_ON invalid DMA cache maintenance, not BUG_ON + - RDMA/cma: Do not ignore net namespace for unbound cm_id + - xhci: Fix use-after-free in xhci_free_virt_device + - netfilter: x_tables: avoid stack-out-of-bounds read in + xt_copy_counters_from_user + - mtd: ubi: wl: Fix error return code in ubi_wl_init() + - autofs: fix autofs_sbi() does not check super block type + - mm: get rid of vmacache_flush_all() entirely (CVE-2018-17182) + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.129 + - be2net: Fix memory leak in be_cmd_get_profile_config() + - rds: fix two RCU related problems + - net/mlx5: Fix use-after-free in self-healing flow + - net/mlx5: Fix debugfs cleanup in the device init/remove flow + - [arm64] iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register + - [i386] ALSA: msnd: Fix the default sample sizes + - ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro + - xfrm: fix 'passing zero to ERR_PTR()' warning + - gfs2: Special-case rindex for gfs2_grow + - clk: clk-fixed-factor: Clear OF_POPULATED flag in case of failure + - media: tw686x: Fix oops on buffer alloc failure + - [armhf] dmaengine: pl330: fix irq race with terminate_all + - media: videobuf2-core: check for q->error in vb2_core_qbuf() + - IB/rxe: Drop QP0 silently + - gfs2: Don't reject a supposedly full bitmap if we have blocks reserved + - fbdev: Distinguish between interlaced and progressive modes + - [ppc64el] powerpc/powernv: opal_put_chars partial write fix + - mac80211: restrict delayed tailroom needed decrement + - Smack: Fix handling of IPv4 traffic received by PF_INET6 sockets + - [arm64,armhf] efi/arm: preserve early mapping of UEFI memory map longer + for BGRT + - nfp: avoid buffer leak when FW communication fails + - xen-netfront: fix queue name setting + - [arm64] dts: qcom: db410c: Fix Bluetooth LED trigger + - [arm64] dts: qcom: msm8974-hammerhead: increase load on l20 for sdhci + - [s390x] qeth: fix race in used-buffer accounting + - [s390x] qeth: reset layer2 attribute on layer switch + - [arm64,armhf] KVM: arm/arm64: Fix vgic init race + - drivers/base: stop new probing during shutdown + - [arm64] dmaengine: mv_xor_v2: kill the tasklets upon exit + - xen-netfront: fix warn message as irq device name has '/' + - RDMA/cma: Protect cma dev list with lock + - [x86] pstore: Fix incorrect persistent ram buffer mapping + - xen/netfront: fix waiting for xenbus state change + - [armhf] mmc: omap_hsmmc: fix wakeirq handling on removal + - misc: hmc6352: fix potential Spectre v1 + - usb: Don't die twice if PCI xhci host is not responding in resume + - [x86] mei: ignore not found client in the enumeration + - USB: Add quirk to support DJI CineSSD + - usb: uas: add support for more quirk flags + - usb: Avoid use-after-free by flushing endpoints early in + usb_set_interface() + - usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in + u132_get_frame() + - USB: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB + controller + - USB: net2280: Fix erroneous synchronization change + - USB: serial: io_ti: fix array underflow in completion handler + - usb: misc: uss720: Fix two sleep-in-atomic-context bugs + - USB: serial: ti_usb_3410_5052: fix array underflow in completion handler + - USB: yurex: Fix buffer over-read in yurex_write() + - usb: cdc-wdm: Fix a sleep-in-atomic-context bug in + service_outstanding_interrupt() + - Revert "cdc-acm: implement put_char() and flush_chars()" + - cifs: prevent integer overflow in nxt_dir_entry() + - CIFS: fix wrapping bugs in num_entries() + - perf/core: Force USER_DS when recording user stack data + - NFSv4.1 fix infinite loop on I/O. + - binfmt_elf: Respect error return from `regset->active' + - audit: fix use-after-free in audit_add_watch + - mtdchar: fix overflows in adjustment of `count` + - configfs: fix registered group removal + - efi/esrt: Only call efi_mem_reserve() for boot services memory + - [armhf] gpu: ipu-v3: csi: pass back mbus_code_to_bus_cfg error codes + - [arm64,armhf] mmc: tegra: prevent HS200 on Tegra 3 + - mmc: sdhci: do not try to use 3.3V signaling if not supported + - drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping + - [amd64] drm/amdkfd: Fix error codes in kfd_get_process + - ALSA: pcm: Fix snd_interval_refine first/last with open min/max + - [arm64] pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be + compliant + - [x86] mei: bus: type promotion bug in mei_nfc_if_version() + - [mips*] VDSO: Match data page cache colouring when D$ aliases + - Fix link state change interrupts identification (Closes: #896911) + + e1000e: Remove Other from EIAC + + Partial revert "e1000e: Avoid receiver overrun interrupt bursts" + + e1000e: Fix queue interrupt re-raising in Other interrupt + + e1000e: Avoid missed interrupts following ICR read + + Revert "e1000e: Separate signaling for link check/link up" + + e1000e: Fix link check race condition + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.130 + - [x86] NFC: Fix possible memory corruption when handling SHDLC I-Frame + commands + - NFC: Fix the number of pipes + - ALSA: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at + error path + - ALSA: bebob: use address returned by kmalloc() instead of kernel stack + for streaming DMA mapping + - ALSA: emu10k1: fix possible info leak to userspace on + SNDRV_EMU10K1_IOCTL_INFO + - ALSA: firewire-digi00x: fix memory leak of private data + - ALSA: firewire-tascam: fix memory leak of private data + - ALSA: fireworks: fix memory leak of response buffer at error path + - ALSA: oxfw: fix memory leak for model-dependent data at error path + - ALSA: oxfw: fix memory leak of discovered stream formats at error path + - ALSA: oxfw: fix memory leak of private data + - [x86] platform/x86: alienware-wmi: Correct a memory leak + - xen/netfront: don't bug in case of too many frags + - [x86] xen/x86/vpmu: Zero struct pt_regs before calling into sample + handling code + - Revert "PCI: Add ACS quirk for Intel 300 series" + - ring-buffer: Allow for rescheduling when removing pages + - mm: shmem.c: Correctly annotate new inodes for lockdep + - gso_segment: Reset skb->mac_len after modifying network header + - ipv6: fix possible use-after-free in ip6_xmit() + - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT + - [x86] net: hp100: fix always-true check for link up state + - udp4: fix IP_CMSG_CHECKSUM for connected sockets + - neighbour: confirm neigh entries when ARP packet is received + - ocfs2: fix ocfs2 read block panic + - drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable() + placement + - drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in + connector_detect() + - drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early + - [arm64,armhf] drm/vc4: Fix the "no scaling" case on multi-planar YUV + formats + - tty: vt_ioctl: fix potential Spectre v1 + - ext4: check to make sure the rename(2)'s destination is not freed + - ext4: avoid divide by zero fault when deleting corrupted inline + directories + - ext4: recalucate superblock checksum after updating free blocks/inodes + - ext4: fix online resize's handling of a too-small final block group + - ext4: fix online resizing for bigalloc file systems with a 1k block size + - ext4: don't mark mmp buffer head dirty + - ext4: show test_dummy_encryption mount option in /proc/mounts + - sched/fair: Fix vruntime_normalized() for remote non-migration wakeup + - HID: sony: Update device ids + - HID: sony: Support DS4 dongle + - [arm64] PCI: aardvark: Size bridges before resources allocation + - vmw_balloon: include asm/io.h + - iw_cxgb4: only allow 1 flush on user qps + + [ Salvatore Bonaccorso ] + * [rt] Update to 4.9.115-rt93 + * [rt] Drop 0145-stop_machine-Use-raw-spinlocks.patch patch + * [rt] Drop 0144-stop_machine-convert-stop_machine_run-to-PREEMPT_RT.patch + patch + * [rt] Refresh 0225-fs-dcache-use-swait_queue-instead-of-waitqueue.patch + patch + * [rt] Refresh 0156-softirq-Split-softirq-locks.patch patch for context + changes in 4.9.120 + * [rt] Refresh 0161-softirq-wake-the-timer-softirq-if-needed.patch for + context changes in 4.9.120 + * [rt] Refresh 0001-timer-make-the-base-lock-raw.patch for context changes + in 4.9.128 + * [rt] Refresh 0162-timers-Don-t-wake-ktimersoftd-on-every-tick.patch for + context changes in 4.9.128 + * [rt] Refresh 0163-Revert-timers-Don-t-wake-ktimersoftd-on-every-tick.patch + for context changes in 4.9.128 + * [rt] Refresh 0246-irqwork-push-most-work-into-softirq-context.patch for + context changes in 4.9.128 + * [rt] Refresh 0247-irqwork-Move-irq-safe-work-to-irq-context.patch for + context changes in 4.9.128 + * NFC: Ignore ABI changes + + [ Ben Hutchings ] + * [arm64] cpucaps: Avoid ABI changes in 4.9.114 + * iio: Avoid ABI change in 4.9.111 + * exec: Avoid ABI change in 4.9.116 + * net: Avoid ABI change in 4.9.115 + * Revert "netfilter: ipv6: nf_defrag: reduce struct net memory waste" to + avoid an ABI change + * Revert core changes in "tcp: remove DELAYED ACK events in DCTCP" to + avoid an ABI change + * string: Avoid ABI change in 4.9.114 + * Revert "proc/sysctl: prune stale dentries during unregistering" etc. + to avoid an ABI change + * tcp: Avoid ABI change in 4.9.116 + * vmw_vsock: Ignore ABI changes + * loop: Ignore ABI changes + * KVM: Ignore ABI changes on all architectures + * xen: Ignore ABI changes + * [x86] cpu: Avoid ABI change in 4.9.125 + * [mips*] Revert "MIPS: Correct the 64-bit DSP accumulator register size" + temporarily to avoid an ABI change + * debian/control: Point Vcs URLs to Salsa + * README.Debian: Update URLs that were pointing to Alioth + * mm: Avoid ABI change in 4.9.128 + + [ Moritz Muehlenhoff ] + * megaraid_sas: Add support for Perc 740P/840 (Closes: #890034) + 4.9.110-3+deb9u6 [Mon, 08 Oct 2018 08:05:17 +0200] Salvatore Bonaccorso <carnil@debian.org>: * [arm64] KVM: Tighten guest core register access from userspace <http://10.200.17.11/4.3-2/#9067110921252688327>
OK: yaml OK: announce_errata OK: patch OK: piuparts OK: amd64 @ kvm+SeaBIOS OK: amd64 @ kvm+OVMF+SB OK: amd64 @ xen16 OK: uname -a # Linux xen16 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64 GNU/Linux OK: Qemu Live migration [4.3-2] 7268f6954a Bug #48172: univention-kernel-image-signed 4.0.0-9A~4.3.0.201811191325 doc/errata/staging/linux.yaml | 57 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 56 insertions(+), 1 deletion(-) [4.3-2] 6ab17f3b47 Bug #48172: linux 4.9.130-2 doc/errata/staging/linux.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<http://errata.software-univention.de/ucs/4.3/330.html> <http://errata.software-univention.de/ucs/4.3/331.html>