Changelog
linux (3.14.5-1) unstable; urgency=high
* New upstream stable update:
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5
- SCSI: dual scan thread bug fix
- SCSI: megaraid: missing bounds check in mimd_to_kioc()
- [x86] KVM: remove WARN_ON from get_kernel_ns()
- audit: convert PPIDs to the inital PID namespace.
- netfilter: nf_tables: fix nft_cmp_fast failure on big endian for size < 4
- netfilter: nf_conntrack: reserve two bytes for nf_ct_ext->len
(Closes: #741667)
- netfilter: Can't fail and free after table replacement
- [i386] x86,preempt: Fix preemption for i386
- rbd: fix error paths in rbd_img_request_fill()
- [x86] drm/i915: restore QUIRK_NO_PCH_PWM_ENABLE (regression in 3.14)
- tick-sched: Don't call update_wall_time() when delta is lesser than
tick_period (regression in 3.14)
- tick-sched: Check tick_nohz_enabled in tick_nohz_switch_to_nohz()
(regression in 3.13)
- [hppa] change value of SHMLBA from 0x00400000 to PAGE_SIZE
- [hppa] fix epoll_pwait syscall on compat kernel
- [hppa] remove _STK_LIM_MAX override
- vfs: don't bother with {get,put}_write_access() on non-regular files
- cifs: Wait for writebacks to complete before attempting write.
- xen/spinlock: Don't enable them unconditionally. (regression in 3.12)
- thp: close race between split and zap huge pages (regression in 3.13)
- mm/hugetlb.c: add cond_resched_lock() in return_unused_surplus_pages()
- mm: use paravirt friendly ops for NUMA hinting ptes
- USB: io_ti: fix firmware download on big-endian machines
- fs: Don't return 0 from get_anon_bdev (regression in 3.14)
- [x86] drm/vmwgfx: Make sure user-space can't DMA across buffer object
boundaries v2
- [x86] drm/i915: Do not dereference pointers from ring buffer in evict
event (regression in 3.13)
- net: core: don't account for udp header size when computing seglen
(regression in 3.14)
- bridge: Fix double free and memory leak around br_allowed_ingress
- filter: prevent nla extensions to peek beyond the end of the message
(CVE-2014-3144, CVE-2014-3145)
- Revert "net: sctp: Fix a_rwnd/rwnd management to reflect real state of
the receiver's buffer" (regression in 3.14)
- ip6_gre: don't allow to remove the fb_tunnel_dev
- net: sctp: cache auth_enable per endpoint
- net: Fix ns_capable check in sock_diag_put_filterinfo
- rtnetlink: Warn when interface's information won't fit in our packet
- rtnetlink: Only supply IFLA_VF_PORTS information when RTEXT_FILTER_VF
is set
- tcp_cubic: fix the range of delayed_ack
- net: cdc_ncm: fix buffer overflow (regression in 3.13)
- ip_tunnel: Set network header properly for IP_ECN_decapsulate()
(regression in 3.11)
- ipv4: ip_tunnels: disable cache for nbma gre tunnels (regression in 3.14)
- net: cdc_mbim: __vlan_find_dev_deep need rcu_read_lock
(regression in 3.13)
- net: ipv4: ip_forward: fix inverted local_df test (regression in 3.14)
- net: ipv6: send pkttoobig immediately if orig frag size > mtu
(regression in 3.14)
- ip6_tunnel: fix potential NULL pointer dereference
- neigh: set nud_state to NUD_INCOMPLETE when probing router reachability
(regression in 3.14)
- batman-adv: fix neigh_ifinfo imbalance (regression in 3.14)
- batman-adv: fix neigh reference imbalance (regression in 3.14)
- batman-adv: always run purge_orig_neighbors (regression in 3.14)
- batman-adv: fix removing neigh_ifinfo (regression in 3.14)
- [s390,x86] net: filter: fix JIT address randomization
- net: avoid dependency of net_get_random_once on nop patching
(regression in 3.13)
- ipv6: fix calculation of option len in ip6_append_data
(regression in 3.13)
- rtnetlink: wait for unregistering devices in rtnl_link_unregister()
- bonding: fix out of range parameters for bond_intmax_tbl
(regression in 3.14)
- net: gro: make sure skb->cb[] initial content has not to be zero
(regression in 3.13)
- batman-adv: fix indirect hard_iface NULL dereference (regression in 3.14)
- batman-adv: fix reference counting imbalance while sending fragment
(regression in 3.14)
- batman-adv: increase orig refcount when storing ref in gw_node
- batman-adv: fix local TT check for outgoing arp requests in DAT
(regression in 3.13)
- net_sched: fix an oops in tcindex filter (regression in 3.14)
- ipv6: gro: fix CHECKSUM_COMPLETE support (regression in 3.14)
- ipv4: initialise the itag variable in __mkroute_input
- net-gro: reset skb->truesize in napi_reuse_skb()
[ Ben Hutchings ]
* [x86] ACPICA: Tables: Fix invalid pointer accesses in
acpi_tb_parse_root_table(). (Closes: #748574)
* net: Revert lockdep changes in 3.14.5 to avoid an ABI change
* futex: Add another early deadlock detection check
* futex: Prevent attaching to kernel threads
* futex: Forbid uaddr == uaddr2 in futex_requeue(..., requeue_pi=1)
(CVE-2014-3153)
* futex: Validate atomic acquisition in futex_lock_pi_atomic()
* futex: Always cleanup owner tid in unlock_pi
* futex: Make lookup_pi_state more robust
[ Ian Campbell ]
* [arm64] Initial kernel configuration and packaging (Closes: #745349).
* [armhf] Add virtio-modules udeb.
[ Aurelien Jarno ]
* [mips,mipsel] Fix branch emulation of branch likely instructions.
-- Ben Hutchings <email address hidden> Thu, 05 Jun 2014 13:49:15 +0100