Changelog
linux (4.9.25-1) unstable; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.19
- net/openvswitch: Set the ipv6 source tunnel key address attribute
correctly
- net: properly release sk_frag.page
- [arm64] amd-xgbe: Fix jumbo MTU processing on newer hardware
- openvswitch: Add missing case OVS_TUNNEL_KEY_ATTR_PAD
- net: unix: properly re-increment inflight counter of GC discarded
candidates
- net: vrf: Reset rt6i_idev in local dst after put
- net/mlx5: Add missing entries for set/query rate limit commands
- net/mlx5e: Use the proper UAPI values when offloading TC vlan actions
- net/mlx5: Increase number of max QPs in default profile
- net/mlx5e: Count GSO/LRO packets correctly
- ipv6: make sure to initialize sockc.tsflags before first use
- ipv4: provide stronger user input validation in nl_fib_input()
- socket, bpf: fix sk_filter use after free in sk_clone_lock
- tcp: initialize icsk_ack.lrcvtime at session start time
- Input: iforce,ims-pcu,hanwang,yealink,cm109,kbtab,sur40 - validate
number of endpoints before using them
- ALSA: seq: Fix racy cell insertions during snd_seq_pool_done()
- ALSA: ctxfi: Fix the incorrect check of dma_set_mask() call
- ALSA: hda - Adding a group of pin definition to fix headset problem
- ACM gadget: fix endianness in notifications
- usb: gadget: f_uvc: Fix SuperSpeed companion descriptor's
wBytesPerInterval
- USB: uss720,idmouse,wusbcore: fix NULL-deref at probe
- usb: musb: cppi41: don't check early-TX-interrupt for Isoch transfer
- usb: hub: Fix crash after failure to read BOS descriptor
- USB: usbtmc: add missing endpoint sanity check
- USB: usbtmc: fix probe error path
- uwb: i1480-dfu: fix NULL-deref at probe
- mmc: ushc: fix NULL-deref at probe
- [armhf[ iio: adc: ti_am335x_adc: fix fifo overrun recovery
- iio: sw-device: Fix config group initialization
- iio: hid-sensor-trigger: Change get poll value function order to avoid
sensor properties losing after resume from S3
- parport: fix attempt to write duplicate procfiles
- ext4: mark inode dirty after converting inline directory
- ext4: lock the xattr block before checksuming it
- [powerpc*/*64*] Fix idle wakeup potential to clobber registers
- mmc: sdhci: Do not disable interrupts while waiting for clock
- mmc: sdhci-pci: Do not disable interrupts in sdhci_intel_set_power
- [x86] hwrng: amd - Revert managed API changes
- [x86] hwrng: geode - Revert managed API changes
- [armhf] clk: sunxi-ng: sun6i: Fix enable bit offset for hdmi-ddc module
clock
- [armhf] clk: sunxi-ng: mp: Adjust parent rate for pre-dividers
- mwifiex: pcie: don't leak DMA buffers when removing
- [x86] crypto: ccp - Assign DMA commands to the channel's CCP
- xen/acpi: upload PM state from init-domain to Xen
- [x86] iommu/vt-d: Fix NULL pointer dereference in device_to_iommu
- [arm64] kaslr: Fix up the kernel image alignment
- cpufreq: Restore policy min/max limits on CPU online
- cgroup, net_cls: iterate the fds of only the tasks which are being
migrated
- blk-mq: don't complete un-started request in timeout handler
- [x86] drm/amdgpu: reinstate oland workaround for sclk
- jbd2: don't leak memory if setting up journal fails
- [x86] intel_th: Don't leak module refcount on failure to activate
- [x86] Drivers: hv: vmbus: Don't leak channel ids
- [x86] Drivers: hv: vmbus: Don't leak memory when a channel is rescinded
- libceph: don't set weight to IN when OSD is destroyed
- [x86] device-dax: fix pmd/pte fault fallback handling
- [armhf] drm/bridge: analogix dp: Fix runtime PM state on driver bind
- nl80211: fix dumpit error path RTNL deadlocks
- drm: reference count event->completion
- fbcon: Fix vc attr at deinit
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.20
- xfrm: policy: init locks early
- [x86] KVM: cleanup the page tracking SRCU instance
- virtio_balloon: init 1st buffer in stats vq
- [mips*] ptrace: Preserve previous registers for short regset write
- [sparc64] ptrace: Preserve previous registers for short regset write
- fscrypt: remove broken support for detecting keyring key revocation
(CVE-2017-7374)
- sched/rt: Add a missing rescheduling point
- [armhf] usb: musb: fix possible spinlock deadlock
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.21
- libceph: force GFP_NOIO for socket allocations
- xen/setup: Don't relocate p2m over existing one
- xfs: only update mount/resv fields on success in __xfs_ag_resv_init
- xfs: use per-AG reservations for the finobt
- xfs: pull up iolock from xfs_free_eofblocks()
- xfs: sync eofblocks scans under iolock are livelock prone
- xfs: fix eofblocks race with file extending async dio writes
- xfs: fix toctou race when locking an inode to access the data map
- xfs: fail _dir_open when readahead fails
- xfs: filter out obviously bad btree pointers
- xfs: check for obviously bad level values in the bmbt root
- xfs: verify free block header fields
- xfs: allow unwritten extents in the CoW fork
- xfs: mark speculative prealloc CoW fork extents unwritten
- xfs: reset b_first_retry_time when clear the retry status of xfs_buf_t
- xfs: update ctime and mtime on clone destinatation inodes
- xfs: reject all unaligned direct writes to reflinked files
- xfs: don't fail xfs_extent_busy allocation
- xfs: handle indlen shortage on delalloc extent merge
- xfs: split indlen reservations fairly when under reserved
- xfs: fix uninitialized variable in _reflink_convert_cow
- xfs: don't reserve blocks for right shift transactions
- xfs: Use xfs_icluster_size_fsb() to calculate inode chunk alignment
- xfs: tune down agno asserts in the bmap code
- xfs: only reclaim unwritten COW extents periodically
- xfs: fix and streamline error handling in xfs_end_io
- xfs: Use xfs_icluster_size_fsb() to calculate inode alignment mask
- xfs: use iomap new flag for newly allocated delalloc blocks
- xfs: try any AG when allocating the first btree block when reflinking
- scsi: libsas: fix ata xfer length
- scsi: scsi_dh_alua: Check scsi_device_get() return value
- scsi: scsi_dh_alua: Ensure that alua_activate() calls the completion
function
- ALSA: seq: Fix race during FIFO resize
- ALSA: hda - fix a problem for lineout on a Dell AIO machine
- [x86] ASoC: Intel: Skylake: fix invalid memory access due to wrong
reference of pointer
- HID: wacom: Don't add ghost interface as shared data
- mmc: sdhci: Disable runtime pm when the sdio_irq is enabled
- NFSv4.1 fix infinite loop on IO BAD_STATEID error
- nfsd: map the ENOKEY to nfserr_perm for avoiding warning
- [hppa] Clean up fixup routines for get_user()/put_user()
- [hppa] Avoid stalled CPU warnings after system shutdown
- [hppa] Fix access fault handling in pa_memcpy()
- ACPI: Fix incompatibility with mcount-based function graph tracing
- ACPI: Do not create a platform_device for IOAPIC/IOxAPIC
- USB: fix linked-list corruption in rh_call_control()
- [x86] KVM: clear bus pointer when destroyed
- KVM: kvm_io_bus_unregister_dev() should never fail
- drm/radeon: Override fpfn for all VRAM placements in radeon_evict_flags
- [armhf,arm64] drm/vc4: Allocate the right amount of space for boot-time
CRTC state.
- [armhf] drm/etnaviv: (re-)protect fence allocation with GPU mutex
- [x86] mm/KASLR: Exclude EFI region from KASLR VA space randomization
- [x86] mce: Fix copy/paste error in exception table entries
- lib/syscall: Clear return values when no stack
- mm: rmap: fix huge file mmap accounting in the memcg stats
- mm, hugetlb: use pte_present() instead of pmd_present() in
follow_huge_pmd()
- qla2xxx: Allow vref count to timeout on vport delete.
- mm: workingset: fix premature shadow node shrinking with cgroups
- blk: improve order of bio handling in generic_make_request()
- blk: Ensure users for current->bio_list can see the full list.
- padata: avoid race in reordering
- nvme/core: Fix race kicking freed request_queue
- nvme/pci: Disable on removal when disconnected
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.22
- ppdev: check before attaching port
- ppdev: fix registering same device name
- [x86] drm/vmwgfx: Type-check lookups of fence objects
- [x86] drm/vmwgfx: avoid calling vzalloc with a 0 size in
vmw_get_cap_3d_ioctl()
- drm/ttm, drm/vmwgfx: Relax permission checking when opening surfaces
- [x86] drm/vmwgfx: Remove getparam error message
- sysfs: be careful of error returns from ops->show()
- [armhf,arm64] KVM: Take mmap_sem in stage2_unmap_vm
- [armhf,arm64] KVM: Take mmap_sem in kvm_arch_prepare_memory_region
- [armhf,arm64] kvm: Fix locking for kvm_free_stage2_pgd
- [x86] iio: bmg160: reset chip when probing
- [arm64] mm: unaligned access by user-land should be received as SIGBUS
- cfg80211: check rdev resume callback only for registered wiphy
- CIFS: Reset TreeId to zero on SMB2 TREE_CONNECT
- mm/page_alloc.c: fix print order in show_free_areas()
- ptrace: fix PTRACE_LISTEN race corrupting task->state
- dm verity fec: limit error correction recursion
- dm verity fec: fix bufio leaks
- ACPI / gpio: do not fall back to parsing _CRS when we get a deferral
- xfs: Honor FALLOC_FL_KEEP_SIZE when punching ends of files
- ring-buffer: Fix return value check in test_ringbuffer()
- mac80211: unconditionally start new netdev queues with iTXQ support
- brcmfmac: use local iftype avoiding use-after-free of virtual interface
- [powerpc*] Disable HFSCR[TM] if TM is not supported
- [powerpc*] mm: Add missing global TLB invalidate if cxl is active
- [powerpc*/*64*]: Fix flush_(d|i)cache_range() called from modules
- [powerpc*] Don't try to fix up misaligned load-with-reservation
instructions
- [powerpc*] crypto/crc32c-vpmsum: Fix missing preempt_disable()
- dm raid: fix NULL pointer dereference for raid1 without bitmap
- [s390x] decompressor: fix initrd corruption caused by bss clear
- [s390x] uaccess: get_user() should zero on failure (again)
- [mips*el/loongson-3] Check TLB before handle_ri_rdhwr() for Loongson-3
- [mips*el/loongson-3] Add MIPS_CPU_FTLB for Loongson-3A R2
- [mips*el/loongson-3] Flush wrong invalid FTLB entry for huge page
- [mips*el/loongson-3] c-r4k: Fix Loongson-3's vcache/scache waysize
calculation
- mm/mempolicy.c: fix error handling in set_mempolicy and mbind
(CVE-2017-7616)
- random: use chacha20 for get_random_int/long
- [armhf] drm/sun4i: tcon: Move SoC specific quirks to a DT matched data
structure
- [armhf] drm/sun4i: Add compatible strings for A31/A31s display pipelines
- [armhf] drm/sun4i: Add compatible string for A31/A31s TCON (timing
controller)
- HID: i2c-hid: add a simple quirk to fix device defects
- usb: dwc3: gadget: delay unmap of bounced requests
- [x86] ASoC: Intel: bytct_rt5640: change default capture settings
- [armhf,arm64] clocksource/drivers/arm_arch_timer: Don't assume clock runs
in suspend
- scsi: ufs: introduce UFSHCD_QUIRK_PRDT_BYTE_GRAN quirk
- HID: multitouch: do not retrieve all reports for all devices
- [arm64] mmc: sdhci-msm: Enable few quirks
- scsi: ufs: ensure that host pa_tactivate is higher than device
- svcauth_gss: Close connection when dropping an incoming message
- scsi: ufs: add quirk to increase host PA_SaveConfigTime
- [x86] platform: acer-wmi: Only supports AMW0_GUID1 on acer family
- nvme: simplify stripe quirk
- ACPI / sysfs: Provide quirk mechanism to prevent GPE flooding
- HID: usbhid: Add quirk for the Futaba TOSD-5711BB VFD
- [x86] drm/i915: actually drive the BDW reserved IDs
- scsi: ufs: issue link starup 2 times if device isn't active
- [armhf] serial: 8250_omap: Add OMAP_DMA_TX_KICK quirk for AM437x
- ACPI / button: Change default behavior to lid_init_state=open
- [x86] ACPI: save NVS memory for Lenovo G50-45
- HID: wacom: don't apply generic settings to old devices
- [arm64] firmware: qcom: scm: Fix interrupted SCM calls
- [armhf] watchdog: s3c2410: Fix infinite interrupt in soft mode
- [x86] platform: asus-wmi: Set specified XUSB2PR value for X550LB
- [x86] platform: asus-wmi: Detect quirk_no_rfkill from the DSDT
- [x86] reboot/quirks: Add ASUS EeeBook X205TA reboot quirk
- [x86] reboot/quirks: Add ASUS EeeBook X205TA/W reboot quirk
- usb-storage: Add ignore-residue quirk for Initio INIC-3619
- [x86] reboot/quirks: Fix typo in ASUS EeeBook X205TA reboot quirk
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.23
- [x86] drm/i915/gen9: Increase PCODE request timeout to 50ms
- [x86] drm/i915: Nuke debug messages from the pipe update critical section
- [x86] drm/i915: Avoid tweaking evaluation thresholds on Baytrail v3
- [x86] drm/i915: Only enable hotplug interrupts if the display interrupts
are enabled
- [x86] drm/i915: Drop support for I915_EXEC_CONSTANTS_* execbuf parameters.
- [x86] drm/i915: Stop using RP_DOWN_EI on Baytrail
- [x86] drm/i915: Avoid rcu_barrier() from reclaim paths (shrinker)
- [armhf,arm64] i2c: bcm2835: Fix hang for writing messages larger than 16
bytes
- rt2x00usb: fix anchor initialization
- rt2x00usb: do not anchor rx and tx urb's
- [mips*] Introduce irq_stack
- [mips*] Stack unwinding while on IRQ stack
- [mips*] Only change $28 to thread_info if coming from user mode
- [mips*] Switch to the irq_stack in interrupts
- [mips*] Select HAVE_IRQ_EXIT_ON_IRQ_STACK
- [mips*] IRQ Stack: Fix erroneous jal to plat_irq_dispatch
- [x86] Revert "drm/i915/execlists: Reset RING registers upon resume"
- blk-mq: Avoid memory reclaim when remapping queues
- usb: hub: Wait for connection to be reestablished after port reset
- net/mlx4_en: Fix bad WQE issue
- net/mlx4_core: Fix racy CQ (Completion Queue) free
- net/mlx4_core: Fix when to save some qp context flags for dynamic VST to
VGT transitions
- dma-buf: add support for compat ioctl
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.24
- cgroup, kthread: close race window where new kthreads can be migrated to
non-root cgroups
- thp: fix MADV_DONTNEED vs. MADV_FREE race
- thp: fix MADV_DONTNEED vs clear soft dirty race
- zsmalloc: expand class bit
- drm/nouveau/mpeg: mthd returns true on success now
- drm/nouveau/mmu/nv4a: use nv04 mmu rather than the nv44 one
- [armhf] drm/etnaviv: fix missing unlock on error in etnaviv_gpu_submit()
- CIFS: reconnect thread reschedule itself
- CIFS: store results of cifs_reopen_file to avoid infinite wait
- Input: xpad - add support for Razer Wildcat gamepad
- [x86] perf: Avoid exposing wrong/stale data in intel_pmu_lbr_read_32()
- [x86] efi: Don't try to reserve runtime regions
- [x86] signals: Fix lower/upper bound reporting in compat siginfo
- [x86] pmem: fix broken __copy_user_nocache cache-bypass assumptions
- [x86] vdso: Ensure vdso32_enabled gets set to valid values only
- [x86] vdso: Plug race between mapping and ELF header setup
- [x86] acpi, nfit, libnvdimm: fix interleave set cookie calculation
(64-bit comparison)
- ACPI / scan: Set the visited flag for all enumerated devices
- [hppa] fix bugs in pa_memcpy
- efi/libstub: Skip GOP with PIXEL_BLT_ONLY format
- efi/fb: Avoid reconfiguration of BAR that covers the framebuffer
- iscsi-target: Fix TMR reference leak during session shutdown
- iscsi-target: Drop work-around for legacy GlobalSAN initiator
- scsi: sr: Sanity check returned mode data
- scsi: sd: Consider max_xfer_blocks if opt_xfer_blocks is unusable
- scsi: qla2xxx: Add fix to read correct register value for ISP82xx.
- scsi: sd: Fix capacity calculation with 32-bit sector_t
- target: Avoid mappedlun symlink creation during lun shutdown
- xen, fbfront: fix connecting to backend
- new privimitive: iov_iter_revert()
- make skb_copy_datagram_msg() et.al. preserve ->msg_iter on error
- [x86] libnvdimm: fix blk free space accounting
- [x86] libnvdimm: fix reconfig_mutex, mmap_sem, and jbd2_handle lockdep
splat
- [armhf] pwm: rockchip: State of PWM clock should synchronize with PWM
enabled state
- cpufreq: Bring CPUs up even if cpufreq_online() failed
- [armhf] irqchip/irq-imx-gpcv2: Fix spinlock initialization
- ftrace: Fix removing of second function probe
- zram: do not use copy_page with non-page aligned address
- ftrace: Fix function pid filter on instances
- crypto: algif_aead - Fix bogus request dereference in completion function
- crypto: ahash - Fix EINPROGRESS notification callback (CVE-2017-7618)
- [hppa] Fix get_user() for 64-bit value on 32-bit kernel
- dvb-usb-v2: avoid use-after-free (CVE-2017-8064)
- drm/nouveau/disp/mcp7x: disable dptmds workaround (Closes: #850219)
- [x86] mm: Tighten x86 /dev/mem with zeroing reads (CVE-2017-7889)
- dvb-usb-firmware: don't do DMA on stack (CVE-2017-8061)
- cxusb: Use a dma capable buffer also for reading (CVE-2017-8063)
- virtio-console: avoid DMA from stack (CVE-2017-8067)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.25
- KEYS: Disallow keyrings beginning with '.' to be joined as session
keyrings (CVE-2016-9604)
- KEYS: Change the name of the dead type to ".dead" to prevent user access
(CVE-2017-6951)
- KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
(CVE-2017-7472)
- tracing: Allocate the snapshot buffer before enabling probe
- ring-buffer: Have ring_buffer_iter_empty() return true when empty
- mm: prevent NR_ISOLATE_* stats from going negative
- cifs: Do not send echoes before Negotiate is complete (Closes: #856843)
- CIFS: remove bad_network_name flag
- [s390x] mm: fix CMMA vs KSM vs others
- Input: elantech - add Fujitsu Lifebook E547 to force crc_enabled
- ACPI / power: Avoid maybe-uninitialized warning
- [armhf] mmc: sdhci-esdhc-imx: increase the pad I/O drive strength for
DDR50 card
- ubifs: Fix RENAME_WHITEOUT support
- ubifs: Fix O_TMPFILE corner case in ubifs_link()
- mac80211: reject ToDS broadcast data frames
- mac80211: fix MU-MIMO follow-MAC mode
- ubi/upd: Always flush after prepared for an update
- [powerpc*] kprobe: Fix oops when kprobed on 'stdu' instruction
- [x86] mce/AMD: Give a name to MCA bank 3 when accessed with legacy MSRs
- [x86] mce: Make the MCE notifier a blocking one
- device-dax: switch to srcu, fix rcu_read_lock() vs pte allocation
[ Ben Hutchings ]
* w1: Really enable W1_MASTER_GPIO as module (Closes: #858975)
* debian/rules.real: Undefine $LANGUAGE, which can break debug symbols for
vDSOs (Closes: #859807)
* Bump ABI to 3
* [s390x] Set NR_CPUS=256 (Closes: #858731)
* [x86] usbip: Increase USBIP_VHCI_NR_HCS to 8 and USBIP_VHCI_HC_PORTS to 31
(Closes: #859641)
* [powerpc/powerpc64,ppc64*] target: Enable SCSI_IBMVSCSIS as module
* cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores
(Closes: #859978)
* udeb: Include all AHCI drivers in sata-modules (Closes: #860335)
* [powerpc/powerpc64,ppc64] Set NR_CPUS=2048, matching ppc64el
* [powerpc*/*64*] Enable CPUMASK_OFFSTACK to reduce stack usage
* [mips*el/loongson-3] Set NR_CPUS=16 to allow for Loongson 3B2000
* [mips*/octeon] Set NR_CPUS=64 to allow for Cavium CN7890
* [arm64] Set NR_CPUS=256 to allow for multi-SoC systems (Closes: #861209)
* [powerpc/powerpc-smp,powerpcspe] Explicitly set NR_CPUS=4
* Move debug symbols back to the main archive, to avoid problems with the
current handling in dak
* linux-image: Disable signing until it's supported in dak
* [rt] Update to 4.9.20-rt16:
- rtmutex: Make lock_killable work
- rtmutex: Provide rt_mutex_lock_state()
- rtmutex: Provide locked slowpath
- rwsem/rt: Lift single reader restriction
* PCI: Enable PCIE_PTM (except on armel/marvell)
* 6lowpan: Enable Generic Header Compression modules
* net/sched: Enable NET_ACT_SKBMOD as module
* ethernet: Enable NFP_NETVF as module
* net/phy: Enable MICROSEMI_PHY as module
* input/tablet: Enable TABLET_USB_PEGASUS as module
* [x86] input/touchscreen: Enable TOUCHSCREEN_SURFACE3_SPI as module
* serial/8250: Enable SERIAL_8250_MOXA as module
* [x86] gpio: Enable GPIO_AMDPT as module
* [x86] thermal: Enable INT3406_THERMAL as module
* watchdog: Enable WATCHDOG_SYSFS
* integrity: Enable IMA, IMA_DEFAULT_HASH_SHA256, IMA_APPRAISE,
IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY, IMA_BLACKLIST_KEYRING
(except on armel/marvell) (Closes: #788290)
* media: Enable VIDEO_TW5864, VIDEO_TW686X as modules
* [x86] amdgpu,sound/soc: Enable DRM_AMD_ACP; enable SND_SOC_AMD_ACP as module
* hda: Set SND_HDA_PREALLOC_SIZE=2048 as recommended for PulseAudio
* HID: Enable HID_SENSOR_CUSTOM_SENSOR as module
* leds,USB: Enable USB_LEDS_TRIGGER_USBPORT as module
* usbip: Enable USBIP_VUDC as module
* USB/misc: Enable UCSI as module
* leds: Enable LEDS_TRIGGER_DISK, LEDS_TRIGGER_MTD, LEDS_TRIGGER_PANIC
* IB: Enable INFINIBAND_HFI1, INFINIBAND_I40IW, INFINIBAND_QEDR, RDMA_RXE
as modules
* [amd64] EDAC: Enable EDAC_SKX as module
* [x86] comedi: Enable COMEDI_ADV_PCI1720, COMEDI_ADV_PCI1760 as modules
* [x86] platform: Enable INTEL_HID_EVENT as module
* [x86] hwtracing: Enable INTEL_TH, INTEL_TH_PCI, INTEL_TH_GTH, INTEL_TH_MSU,
INTEL_TH_PTI as modules
* [rt] tracing: Enable HWLAT_TRACER
* [x86] crypto: Enable CRYPTO_DEV_QAT_C3XXX, CRYPTO_DEV_QAT_C62X,
CRYPTO_DEV_QAT_C3XXXVF, CRYPTO_DEV_QAT_C62XVF as modules
* crypto: Enable CRYPTO_DEV_CHELSIO as module
* [arm64] Enable ARMV8_DEPRECATED, SWP_EMULATION, CP15_BARRIER_EMULATION,
SETEND_EMULATION (Closes: #861384)
* udeb: Add tifm_7xx1 to mmc-modules (Closes: #861195)
* leds: Enable LEDS_GPIO as module for all configurations with GPIOs
(Closes: #860569)
* selinux: Set SECURITY_SELINUX_CHECKREQPROT_VALUE=0, per default.
This may break some old applications if SELinux is enabled, and can be
reverted using the kernel parameter: checkreqprot=1
* udeb: Move mfd-core to kernel-image, as both input-modules and
mmc-modules need it
* crypto: Change CRYPTO_SHA256 from module to built-in, as required by IMA
[ Salvatore Bonaccorso ]
* ping: implement proper locking (CVE-2017-2671)
* macsec: avoid heap overflow in skb_to_sgvec (CVE-2017-7477)
* macsec: dynamically allocate space for sglist
* nfsd: check for oversized NFSv2/v3 arguments (CVE-2017-7645)
* nfsd4: minor NFSv2/v3 write decoding cleanup
* nfsd: stricter decoding of write-like NFSv2/v3 ops (CVE-2017-7895)
[ Aurelien Jarno ]
* [mips*/octeon] Drop obsolete patch adding support for the UBNT E200
board.
* [mips*el/loongson-3] Disable PAGE_EXTENSION and PAGE_POISONING.
[ John Paul Adrian Glaubitz ]
* [m68k] udeb: Enable suffix for kernel-image (Closes: #859366)
-- Ben Hutchings <email address hidden> Tue, 02 May 2017 16:21:44 +0100
