Commit Graph

77 Commits

Author SHA1 Message Date
Fabian Grünbichler
07dcf16338 bump version to 4.10.17-19, bump ABI to 4.10.17-2-pve 2017-08-04 14:08:58 +02:00
Fabian Grünbichler
11ce3c4a4b drop patches applied upstream 2017-08-04 13:39:30 +02:00
Fabian Grünbichler
38de00d0d7 update kernel source to Ubuntu-4.10.0-30.34 2017-08-04 13:32:42 +02:00
Fabian Grünbichler
c1fc04f4d1 add follow-up fix for NVME driver
fixes a BUG_ON triggered by Samsung SM960 Pro NVME devices
2017-08-04 13:09:45 +02:00
Fabian Grünbichler
1e9f438872 build: drop bash from fwcheck target 2017-08-02 14:46:11 +02:00
Fabian Grünbichler
bdfc6d28fc build: add deb target 2017-08-02 14:45:53 +02:00
Fabian Grünbichler
7153d8134a build: dynamically choose number of jobs 2017-08-02 14:45:36 +02:00
Thomas Lamprecht
5aecf10b77 bump version to 4.10.17-18
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Changed-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
  * fixed changelog user name
  * adapt wording of nic driver change message to the one from
    the release originally removing them
  * removed duplicate 'Ubuntu' text
2017-07-28 14:09:06 +02:00
Thomas Lamprecht
22fa3dbdcc drop patches applied upstream
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2017-07-28 14:02:26 +02:00
Thomas Lamprecht
9f7f3b58a9 update kernel source to Ubuntu-4.10.0-28.32
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2017-07-28 14:02:26 +02:00
Thomas Lamprecht
9722965770 Revert "remove outdated intel nic drivers"
This reverts commit 7beee5f3eb.

While they repositories of those drivers state that the in kernel one
should be used, as they are newer, it seems they do not provide the
same functionallity. So revert to the out of tree drivers for now.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2017-07-28 14:02:26 +02:00
Wolfgang Bumiller
0ee4a967cb bump version to 4.10.17-17 2017-07-19 12:38:48 +02:00
Wolfgang Bumiller
58a18ce39d buildsys: fix parallel builds 2017-07-19 12:38:48 +02:00
Thomas Lamprecht
4c390211d8 add CVE fixes
CVE-2017-1000364 (rather bugfix for the original CVE fix):
 * mm/mmap.c: expand_downwards: don't require the gap if !vm_prev
 * mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack

CVE-2017-1000365: fs/exec.c: account for argv/envp pointers

CVE-2017-10810: drm/virtio: don't leak bo on drm_gem_object_init
 failure

CVE-2017-7482: rxrpc: Fix several cases where a padded len isn't
 checked in ticket decode

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2017-07-19 09:46:19 +02:00
Thomas Lamprecht
a7f181d4b0 bump version to 4.10.17-16, bump ABI to 4.10.17-1-pve
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2017-07-13 09:07:40 +02:00
Dietmar Maurer
7beee5f3eb remove outdated intel nic drivers 2017-07-13 09:06:03 +02:00
Thomas Lamprecht
d513484f62 add CVE fixes
CVE-2014-9900: net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol()
CVE-2017-7346: drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl()
CVE-2017-9605: drm/vmwgfx: Make sure backup_handle is always valid
CVE-2017-1000380:
 * ALSA: timer: Fix race between read and ioctl
 * ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2017-07-13 06:04:17 +02:00
Thomas Lamprecht
b836293238 update abi-previous after ABI bump
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2017-07-13 06:04:17 +02:00
Thomas Lamprecht
ea91ce10d6 drop patches applied upstream
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2017-07-13 06:04:17 +02:00
Thomas Lamprecht
638b9f828c update kernel source to Ubuntu-4.10.0-26.30
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2017-07-13 06:04:17 +02:00
Fabian Grünbichler
dc2b2ba06c bump version to 4.10.15-15 2017-06-23 08:58:04 +02:00
Fabian Grünbichler
b4b8080506 replace Stack-Clash fix with upstream version
sicne the Ubuntu / Suse one seems to have some segfaulting
issues.
2017-06-23 08:57:04 +02:00
Fabian Grünbichler
02ad7886ad bump version to 4.10.15-14 2017-06-22 09:24:04 +02:00
Fabian Grünbichler
7c01aa8df7 add follow-up fix for CVE-2017-100364 fix 2017-06-22 09:23:11 +02:00
Fabian Grünbichler
3905cd6842 bump version to 4.10.15-13 2017-06-20 09:58:25 +02:00
Fabian Grünbichler
6aadf9f67f update kernel source to Ubuntu-4.10.0-24.28 2017-06-20 09:56:29 +02:00
Fabian Grünbichler
97d6ca37ca build: use git to get GITVERSION 2017-06-20 09:51:41 +02:00
Fabian Grünbichler
47d1503892 bump version to 4.10.15-12 2017-06-12 13:25:16 +02:00
Fabian Grünbichler
5aa54b7501 fix #1366: pinctl fix for AMD Ryzen on Gigabyte MBs 2017-06-12 13:24:57 +02:00
Fabian Grünbichler
d8cc30e0cd bump version to 4.10.15-11 2017-06-09 11:40:10 +02:00
Fabian Grünbichler
c1f358be22 add fix for CVE-2017-9074 fix 2017-06-09 11:39:33 +02:00
Fabian Grünbichler
c7f85f2701 update abi-previous after ABI bump 2017-06-08 16:36:33 +02:00
Fabian Grünbichler
05806a84a3 bump version to 4.10.15-10, bump ABI to 4.10.15-1-pve 2017-06-08 14:22:03 +02:00
Fabian Grünbichler
0f831b3cf2 add CVE fixes
CVE-2017-8890: dccp/tcp: do not inherit mc_list from parent
CVE-2017-9074: ipv6: Prevent overrun when parsing v6 header options
CVE-2017-9075: sctp: do not inherit ipv6_{mc|ac|fl}_list from parent
CVE-2017-9076/CVE-2017-9077: ipv6/dccp: do not inherit ipv6_mc_list from parent
CVE-2017-9242: ipv6: fix out of bound writes in __ip6_append_data()
2017-06-08 14:22:03 +02:00
Fabian Grünbichler
674abe87c8 drop patches applied upstream 2017-06-07 10:35:40 +02:00
Fabian Grünbichler
f18d724f8c update sources to 4.10.0-22.24 2017-06-07 10:34:59 +02:00
Fabian Grünbichler
fd5c21692a bump version to 4.10.11-9 2017-05-22 10:00:43 +02:00
Fabian Grünbichler
88582bb094 add fix for DoS via nftables 2017-05-22 09:59:35 +02:00
Fabian Grünbichler
0f0062b520 update abi-previous after ABI bump 2017-05-18 12:26:17 +02:00
Fabian Grünbichler
c73cc23929 bump version to 4.10.11-8, bump ABI to 4.10.11-1-pve 2017-05-18 11:22:00 +02:00
Fabian Grünbichler
1e165a112f drop patches applied upstream 2017-05-18 11:22:00 +02:00
Fabian Grünbichler
2680024601 update kernel source to Ubuntu-4.10.0-21.23 2017-05-18 08:55:03 +02:00
Thomas Lamprecht
6490543bf7 add mapping from DEB_BUILD_ARCH to kernel arch subdirectory
and fix the rest of the architecture-hardcoded paths
2017-05-11 08:50:39 +02:00
Thomas Lamprecht
fe27fe0e8e allow also grub-efi-arm64 as an grub dependency 2017-05-11 08:50:39 +02:00
Thomas Lamprecht
37d1225d09 build-sys: replace fixed architecture use where possible 2017-05-11 08:50:39 +02:00
Fabian Grünbichler
aa785972db bump version to 4.10.8-7 2017-05-05 09:19:50 +02:00
Fabian Grünbichler
2b834b083d add proposed fix for LP#1674838
Patches and rationale by Seth Forshee[1]:

My testing shows that the "POWER9: Additional power9
patches" patches are responsible, two of them in particular:

 - mm: introduce page_vma_mapped_walk()
 - mm, ksm: convert write_protect_page() to use page_vma_mapped_walk()

These patches don't appear to be included for any
functionality they provide, but rather to make "mm/ksm:
handle protnone saved writes when making page write protect"
a clean cherry pick instead of a backport. But the backport
isn't that difficult, so as far as I can tell we can do away
with the other two patches.

1: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1674838/comments/108
2017-05-05 09:12:20 +02:00
Fabian Grünbichler
7f0f6370be update fix for CVE-2017-7979 to final version
cherry-picked from Ubuntu Zesty's master-next
2017-05-05 09:06:44 +02:00
Fabian Grünbichler
95cebd4144 build: export SOURCE_DATE_EPOCH
SOURCE_DATE_EPOCH is used to set various timestamps in build
products, and was introduced as part of the reproducible
builds efforts.

this is a great help for future build system restructuring,
as the "diffoscope"-diff of the produced .debs is now small
enough to catch unintended changes.
2017-05-04 15:40:21 +02:00
Fabian Grünbichler
a6c22e7b57 build: re-add kernel build symlink check
but in a way which works for regular users, not only root
2017-05-04 09:14:55 +02:00