Changelog
linux (5.16.3-1~exp1) experimental; urgency=medium
* New upstream release: https://kernelnewbies.org/Linux_5.16
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.1
- bpf: Fix out of bounds access from invalid *_or_null type verification
(CVE-2022-23222)
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.2
https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.3
- netfilter: nft_payload: do not update layer 4 checksum when mangling
fragments (Closes: #1002706)
[ Helmut Grohne ]
* Multiarchify python build-depends. (Closes: #983757)
[ Ben Hutchings ]
* linux-perf: Fix detection of libperl and libpython in cross-build
* debian/README.source: Tag signatures are automatically verified
* [rt] trace: Enable OSNOISE_TRACER, TIMERLAT_TRACER, HIST_TRIGGERS
* d/bin/git-tag-gpg-wrapper, debian/upstream: Use ASCII-armored keyring
* d/watch: Rewrite to find all upstream versions through Git
* d/bin/genorig.py, d/README.source: Only support Git as upstream
* d/bin/genorig.py, d/README.source: Add support for remote upstream repos
* lintian: Refresh lintian-overrides
* d/copyright: Fix license name with spaces in it
* d/copyright: Update for removed and renamed source files
* d/tests/selftests: Use $AUTOPKGTEST_TMP instead of $ADTTMP
* Fix missing user-space hardening:
- d/rules.real: Define KBUILD_HOST{C,LD}FLAGS for sub-make
- linux-kbuild: Build modpost with standard CPPFLAGS
- cpupower: Build with standard CPPFLAGS
- usbip: Build with standard CPPFLAGS
- objtool: Build with standard CFLAGS and CPPFLAGS
- tools/perf: Define DEBUG=0 for sub-make so libapi doesn't use wrong flags
- libapi: Define _FORTIFY_SOURCE as 2, not empty
- tools/perf: Fix missing LDFLAGS for some programs
* d/rules: Tell blhc to ignore missing flags for perf-read-vdso* helpers
* d/rules: Tell blhc to ignore kernel compilation
* d/rules: Filter out -s option so that Kbuild is not silent
* d/bin/gencontrol.py, d/lib/python: Use classes for build restriction
formulae
* d/bin/gencontrol.py, d/rules.real: Replace DEBUG variable with if_package
* Introduce pkg.linux.quick build profile for quicker CI builds
* d/salsa-ci.yml: Add CI config using some of the common pipeline
* d/salsa-ci.yml, d/tests/python: Only run static checks in CI
* d/salsa-ci.yml: Run kconfigeditor2 as kconfig static check
* d/rules, d/salsa-ci.yml: Enable blhc, ignoring terse output
* bpftool, objtool, usbip: Always build with V=1 so blhc can check them
* d/salsa-ci.yml: Use per-release cache of orig tarballs
* linux-perf: Build a single unversioned package of perf, as it is no
longer necessary to match the kernel version
[ Vincent Blut ]
* drivers/net/wireless/realtek/rtw89: Enable RTW89 and RTW89_8852AE as
modules (Closes: #1004095)
[ Aurelien Jarno ]
* [riscv64] Add support for SBI SRST extension
[ YunQiang Su ]
* [mips*/generic] Change zload address for QEMU compatibility.
[ Salvatore Bonaccorso ]
* [rt] Update to 5.16.2-rt18
* [rt] Update to 5.16.2-rt19
* [x86] drm/i915: Flush TLBs before releasing backing store (CVE-2022-0330)
* drm/vmwgfx: Fix stale file descriptors on failed usercopy (CVE-2022-22942)
[ Bastian Blank ]
* Build-depend on pahole after rename from dwarves.
* Remove remaining aufs patches for good.
-- Salvatore Bonaccorso <email address hidden> Thu, 27 Jan 2022 23:12:52 +0100