-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 22 May 2019 23:27:42 +0100 Binary: linux-doc-3.16 linux-manual-3.16 linux-source-3.16 linux-support-3.16.0-9 Source: linux Architecture: all source Version: 3.16.68-1 Distribution: jessie-security Urgency: high Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org> Changed-By: Ben Hutchings <ben@decadent.org.uk> Closes: 927781 Description: linux-doc-3.16 - Linux kernel specific documentation for version 3.16 linux-manual-3.16 - Linux kernel API manual pages for version 3.16 linux-source-3.16 - Linux kernel source for version 3.16 with Debian patches linux-support-3.16.0-9 - Support files for Linux 3.16 Changes: linux (3.16.68-1) jessie-security; urgency=high . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.65 - wireless: airo: potential buffer overflow in sprintf() - [x86] drm/i915/ringbuffer: Delay after EMIT_INVALIDATE for gen4/gen5 - [x86] PCI: Fix Broadcom CNB20LE unintended sign extension (redux) - pcrypt: use format specifier in kobject_add - dlm: fixed memory leaks after failed ls_remove_names allocation - dlm: possible memory leak on error path in create_lkb() - dlm: lost put_lkb on error path in receive_convert() and receive_unlock() - dlm: memory leaks on error path in dlm_user_request() - [i386] power: supply: olpc_battery: correct the temperature units - panic: avoid deadlocks in re-entrant console drivers - f2fs: read page index before freeing - [armhf] serial: imx: fix error handling in console_setup - b43: Fix error in cordic routine - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() - sunrpc: fix cache_head leak due to queued request - tty/ldsem: Wake up readers after timed out down_write() - [armhf] misc: vexpress: Off by one in vexpress_syscfg_exec() - ALSA: emux: Fix potential Spectre v1 vulnerabilities (CVE-2017-5753) - ALSA: pcm: Fix potential Spectre v1 vulnerability (CVE-2017-5753) - crypto: user - support incremental algorithm dumps - [armel/versatile] gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB - [x86] kvm: vmx: Set IA32_TSC_AUX for legacy mode guests - btrfs: dev-replace: go back to suspended state if target device is missing - Btrfs: fill ->last_trans for delayed inode in btrfs_fill_inode. - Btrfs: fix stale dir entries after unlink, inode eviction and fsync - Btrfs: fix fsync of files with multiple hard links in new directories - net/mlx5: Continue driver initialization despite debugfs failure - [armhf] KVM: Fix VMID alloc race by reverting to lock-less - IB/qib: Fix an error code in qib_sdma_verbs_send() - ALSA: rme9652: Fix potential Spectre v1 vulnerability (CVE-2017-5753) - ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities (CVE-2017-5753) - ext4: include terminating u32 in size of xattr entries when expanding inodes - ext4: avoid declaring fs inconsistent due to invalid file handles - ext4: force inode writes when nfsd calls commit_metadata() - ext4: check for shutdown and r/o file system in ext4_write_inode() - scsi: megaraid_sas: Use 63-bit DMA addressing - ath6kl: Only use match sets when firmware supports it - cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader. - fbdev: fbmem: behave better with small rotated displays and many CPUs - fbdev: fbcon: Fix unregister crash when more than one framebuffer - igb: Fix an issue that PME is not enabled during runtime suspend - kvm: Disallow wraparound in kvm_gfn_to_hva_cache_init - [x86] KVM: Use jmp to invoke kvm_spurious_fault() from .fixup - CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem - ext4: make sure enough credits are reserved for dioread_nolock writes - ext4: ext4_inline_data_fiemap should respect callers argument - ext4: fix a potential fiemap/page fault deadlock w/ inline_data - 9p/net: put a lower bound on msize - 9p/net: fix memory leak in p9_client_create - ceph: don't update importing cap's mseq when handing cap export - sunrpc: use SVC_NET() in svcauth_gss_* functions - mm: rmap use pte lock not mmap_sem to set PageMlocked - mm: migration: fix migration of huge PMD shared pages - mm, memory_hotplug: do not clear numa_node association after hot_remove - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined - ext4: avoid kernel warning when writing the superblock to a dead device - ext4: fix special inode number checks in __ext4_iget() - net/hamradio/6pack: use mod_timer() to rearm timers https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.66 - batman-adv: Avoid WARN on net_device without parent in netns - batman-adv: Force mac header to start of data on xmit - [x86] ACPI: power: Skip duplicate power resource references in _PRx - ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit() - ALSA: usb-audio: Always check descriptor sizes in parser code - ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks - USB: serial: simple: add Motorola Tetra TPG2200 device id - usb: cdc-acm: send ZLP for Telit 3G Intel based modems - USB: storage: don't insert sane sense for SPC3+ when bad sense specified - USB: storage: add quirk for SMI SM3350 - USB: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB - [x86] ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages - ALSA: cs46xx: Potential NULL dereference in probe - packet: validate address length - packet: validate address length if non-zero - packet: Do not leak dev refcounts on error exit - sd: Clear PS bit before Mode Select. - scsi: sd: Fix cache_type_store() - scsi: isci: initialize shost fully before calling scsi_add_host() - [x86] Drivers: hv: vmbus: Check for ring when getting debug info - drm/fb-helper: Partially bring back workaround for bugs of SDL 1.2 - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock - rbd: don't return 0 on unmap if RBD_DEV_FLAG_REMOVING is set - [armel/kirkwood] dts: Fix polarity of GPIO fan lines - crypto: authenc - fix parsing key with misaligned rta_len - i2c: dev: prevent adapter retries and timeout being set as minus value - CIFS: Do not hide EINTR after sending network packets - cifs: Fix potential OOB access of lock element array - [armhf] omap2fb: Fix stack memory disclosure - [i386] kaslr: Fix incorrect i8254 outb() parameters - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 - net/phy: micrel: Add workaround for bad autoneg - net/phy: micrel: configure intterupts after autoneg workaround - net: phy: micrel: ksz9031: reconfigure autoneg after phy autoneg workaround - net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ9031 - fuse: handle zero sized retrieve correctly - fuse: call pipe_buf_release() under pipe lock - fuse: decrement NR_WRITEBACK_TEMP on the right page - media: v4l: ioctl: Validate num_planes for debug messages - USB: serial: pl2303: add new PID to support PL2303TB - net: bridge: Fix ethernet header pointer before check skb forwardable - uart: Fix crash in uart_write and uart_put_char - tty/n_hdlc: fix __might_sleep warning - vt: always call notifier with the console lock held - vt: invoke notifier on screen size change - char/mwave: fix potential Spectre v1 vulnerability (CVE-2017-5753) - tty: Handle problem if line discipline does not have receive_buf - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it - can: bcm: check timer values before ktime conversion - ipmi: msghandler: Fix potential Spectre v1 vulnerabilities (CVE-2017-5753) - drm/modes: Prevent division by zero htotal - [x86] iommu/amd: Fix IOMMU page flush when detach device from a domain - net/mlx4_core: Add masking for a few queries on HCA caps - debugfs: fix debugfs_rename parameter checking - [x86] KVM: Fix single-step debugging - IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start - kallsyms: Handle too long symbols in kallsyms.c - [armhf] usb: phy: am335x: fix race condition in _probe - scsi: bnx2fc: Fix error handling in probe() - CIFS: Do not count -ENODATA as failure for query directory - CIFS: Do not consider -ENODATA as stat failure for reads - [armhf] usb: gadget: musb: fix short isoc packets with inventra dma - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() - l2tp: copy 4 more bytes to linear part if necessary - mac80211: ensure that mgmt tx skbs have tailroom for encryption - skge: potential memory corruption in skge_get_regs() - mm, oom: fix use-after-free in oom_kill_process - mm: hwpoison: use do_send_sig_info() instead of force_sig() - mm: migrate: don't rely on __PageMovable() of newpage after unlocking it - [armhf] dmaengine: imx-dma: fix wrong callback invoke - [x86] perf/intel/uncore: Add Node ID mask - perf/core: Don't WARN() for impossible ring-buffer sizes - [x86] drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user - [x86] drm/vmwgfx: Fix setting of dma masks - ALSA: compress: Fix stop handling on compressed capture streams - [armhf] mtd: rawnand: gpmi: fix MX28 bus master lockup problem - libata: Add NOLPM quirk for SAMSUNG MZ7TE512HMHP-000L1 SSD - signal: tracehook_signal_handler: Remove sig, info, ka and regs - signal: Clean up signal_delivered() - signal: Rip out get_signal_to_deliver() - signal: Always notice exiting tasks - signal: Better detection of synchronous signals - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach() - ALSA: usb-audio: Fix implicit fb endpoint setup by quirk - [x86] Input: elantech - force needed quirks on Fujitsu H760 - [x86] Input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 - [x86] vsock: cope with memory allocation failure at socket creation time - [x86] perf: Add check_period PMU callback - vxlan: test dev->flags & IFF_UP before calling netif_rx() - net: fix IPv6 prefix route residue - [x86] kvm/nVMX: read from MSR_IA32_VMX_PROCBASED_CTLS2 only when it is available - batman-adv: fix uninit-value in batadv_interface_tx() - net/packet: fix 4gb buffer limit due to overflow check - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec - team: avoid complex list operations in team_nl_cmd_options_set() - perf/core: Fix impossible ring-buffer sizes warning - [x86] a.out: Clear the dump structure initially - signal: Restore the stop PTRACE_EVENT_EXIT - netfilter: nft_compat: fix crash when related match/target module is removed - netfilter: nf_tables: nft_compat: fix refcount leak on xt module - netfilter: nft_compat: use-after-free when deleting targets - dm thin: fix bug where bio that overwrites thin block ignores FUA - netfilter: nf_tables: fix flush after rule deletion in the same batch - KEYS: allow reaching the keys quotas exactly - assoc_array: Fix shortcut creation - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached - ceph: avoid repeatedly adding inode to mdsc->snap_flush_list - [armhf] net: stmmac: Fix a race in EEE enable callback - tmpfs: fix link accounting when a tmpfile is linked in - KEYS: user: Align the payload buffer - KEYS: restrict /proc/keys by credentials at open time - KEYS: always initialize keyring_index_key::desc_len - mdio_bus: Fix use-after-free on device_register fails - mmc: spi: Fix card detection during probe - [x86] uaccess: Don't leak the AC flag into __put_user() value evaluation - tmpfs: fix uninitialized return value in shmem_link - net: phy: Micrel KSZ8061: link failure after cable connect - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails - netlabel: fix out-of-bounds memory accesses - net: netem: fix skb length BUG_ON in __skb_to_sgvec - ipc/shm: Fix pid freeing. (Closes: #927781) - media: em28xx-dvb - fix em28xx_dvb_resume() to not unregister i2c and dvb - media: em28xx: Fix use-after-free when disconnecting (CVE-2019-2024) - Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer (CVE-2019-3459) - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (CVE-2019-3460) - vfio/type1: Limit DMA mappings per container (CVE-2019-3882) - coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599) - perf/core: Fix perf_event_open() vs. execve() race (CVE-2019-3901) - brcmfmac: consolidate ifp lookup in driver core - brcmfmac: make brcmf_proto_hdrpull() return struct brcmf_if instance - brcmfmac: screening firmware event packet - brcmfmac: fix incorrect event channel deduction - brcmfmac: revise handling events in receive path - brcmfmac: add subtype check for event handling in data path (CVE-2019-9503) - binfmt_elf: Fix missing SIGKILL for empty PIE - binfmt_elf: switch to new creds when switching to new mm (CVE-2019-11190) - apparmor: provide userspace flag indicating binfmt_elf_mmap change - tty: mark Siemens R3964 line discipline as BROKEN (CVE-2019-11486) https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.67 - brcmfmac: add length checks in scheduled scan result handler - inet: update the IP ID generation algorithm to higher standards. - ipv4: fix a race in update_or_create_fnhe() - KVM: VMX: Fix x2apic check in vmx_msr_bitmap_mode() - fork: record start_time late (CVE-2019-6133) - percpu: stop printing kernel addresses (CVE-2018-5995) https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.68 - Backport static_key/jump_label changes: + module: add within_module() function + jump_label: Fix small typos in the documentation + jump_label: Allow asm/jump_label.h to be included in assembly + jump_label: Allow jump labels to be used in assembly + module, jump_label: Fix module locking + jump_label: Rename JUMP_LABEL_{EN,DIS}ABLE to JUMP_LABEL_{JMP,NOP} + jump_label, locking/static_keys: Rename JUMP_LABEL_TYPE_* and related helpers to the static_key* pattern + jump_label: Add jump_entry_key() helper + locking/static_keys: Rework update logic + locking/static_keys: Add a new static_key interface + jump label, locking/static_keys: Update docs + jump_label/x86: Work around asm build bug on older/backported GCCs + locking/static_keys: Fix a silly typo + locking/static_keys: Fix up the static keys documentation + jump_label: make static_key_enabled() work on static_key_true/false types too + x86/asm: Error out if asm/jump_label.h is included inappropriately + x86/asm: Add asm macros for static keys/jump labels + x86/headers: Don't include asm/processor.h in asm/atomic.h + x86/cpufeature: Carve out X86_FEATURE_* + locking/static_key: Fix concurrent static_key_slow_inc() + locking/static_keys: Provide DECLARE and well as DEFINE macros - [x86] Update speculation mitigations: + x86/cpufeature: Add bug flags to /proc/cpuinfo + x86/speculation: Support Enhanced IBRS on future CPUs + x86/speculation: Simplify the CPU bug detection logic + x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation + x86/cpu: Sanitize FAM6_ATOM naming + x86/speculation: Apply IBPB more strictly to avoid cross-process data leak + x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation + x86/speculation: Propagate information about RSB filling mitigation to sysfs + x86/speculation: Update the TIF_SSBD comment + x86/speculation: Clean up spectre_v2_parse_cmdline() + x86/speculation: Remove unnecessary ret variable in cpu_show_common() + x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() + x86/speculation: Disable STIBP when enhanced IBRS is in use + x86/speculation: Rename SSBD update functions + x86/speculation: Reorganize speculation control MSRs update + x86/Kconfig: Select SCHED_SMT if SMP enabled + sched: Add sched_smt_active() + x86/speculation: Rework SMT state change + x86/speculation: Reorder the spec_v2 code + x86/speculation: Mark string arrays const correctly + x86/speculataion: Mark command line parser data __initdata + x86/speculation: Unify conditional spectre v2 print functions + x86/speculation: Add command line control for indirect branch speculation + x86/speculation: Prepare for per task indirect branch speculation control + x86/process: Consolidate and simplify switch_to_xtra() code + x86/speculation: Avoid __switch_to_xtra() calls + x86/speculation: Prepare for conditional IBPB in switch_mm() + x86/speculation: Split out TIF update + x86/speculation: Prepare arch_smt_update() for PRCTL mode + x86/speculation: Prevent stale SPEC_CTRL msr content + x86/speculation: Add prctl() control for indirect branch speculation + x86/speculation: Enable prctl mode for spectre_v2_user + x86/speculation: Add seccomp Spectre v2 user space protection mode + x86/speculation: Provide IBPB always command line options + kvm: x86: Report STIBP on GET_SUPPORTED_CPUID + x86/msr-index: Cleanup bit defines + x86/speculation: Consolidate CPU whitelists + Documentation: Move L1TF to separate directory + x86/speculation/l1tf: Document l1tf in sysfs + cpu/speculation: Add 'mitigations=' cmdline option + x86/speculation: Support 'mitigations=' cmdline option + x86/speculation/mds: Add 'mitigations=' support for MDS + x86/cpu/bugs: Use __initconst for 'const' init data + x86/bugs: Change L1TF mitigation string to match upstream - [x86] Mitigate Microarchitectural Data Sampling (MDS) vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091): + x86/speculation/mds: Add basic bug infrastructure for MDS + x86/speculation/mds: Add BUG_MSBDS_ONLY + x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests + x86/speculation/mds: Add mds_clear_cpu_buffers() + x86/speculation/mds: Clear CPU buffers on exit to user + x86/speculation/mds: Conditionally clear CPU buffers on idle entry + x86/speculation/mds: Add mitigation control for MDS + x86/speculation/mds: Add sysfs reporting for MDS + x86/speculation/mds: Add mitigation mode VMWERV + Documentation: Add MDS vulnerability documentation + x86/speculation: Move arch_smt_update() call to after mitigation decisions + x86/speculation/mds: Add SMT warning message + x86/speculation/mds: Fix comment + x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off + x86/mds: Add MDSUM variant to the MDS documentation + Documentation: Correct the possible MDS sysfs values + x86/speculation/mds: Fix documentation typo . [ Ben Hutchings ] * Bump ABI to 9 Checksums-Sha1: 3eae399c017f487f3a51ed5397dc9934d4dd3983 140642 linux_3.16.68-1.dsc 38968c380eb5b28f98fe73c1a57b319b60cb476a 82049616 linux_3.16.68.orig.tar.xz 89a7f5b7cc3a4f9a0a7c292943fb19f23b9aa803 1162424 linux_3.16.68-1.debian.tar.xz 76c991716ae9a73efd947f437a565657d2bbe270 454548 linux-support-3.16.0-9_3.16.68-1_all.deb d4d4f17899d8b1ed7759d358ac870e2e8fd74585 8400604 linux-doc-3.16_3.16.68-1_all.deb 46014ad97cf1a36fda0c1de442dca61cf02cf331 3779944 linux-manual-3.16_3.16.68-1_all.deb 18ba94588678e26ac0344246a4d7ab89ef16a256 83888866 linux-source-3.16_3.16.68-1_all.deb Checksums-Sha256: 11e64570089a7023060e09a05079a410540efb882fc5380695455faa36f9e9f6 140642 linux_3.16.68-1.dsc a2e0794223f055e8a7919c63d40330a08a857a46c3d20cc05b651bc34d08e672 82049616 linux_3.16.68.orig.tar.xz ff234bde2f1331188ba02e1159d9cc888dac7309c2ace8b4463b473cf587e83c 1162424 linux_3.16.68-1.debian.tar.xz 66edf30e7053e495d721a8c8c04d18cf5bb196bf8ca7994e7276a00163f92795 454548 linux-support-3.16.0-9_3.16.68-1_all.deb 8aad51f87ade35357d6e7c7cbf8722641823f51785f0022c24a2d12dd53c675a 8400604 linux-doc-3.16_3.16.68-1_all.deb fe3da76547df4f3c13cb8daf71a7b4e159e225a20fd34705be313580025920ca 3779944 linux-manual-3.16_3.16.68-1_all.deb 8e33edd7f25faec9fbbd48376d3744806f31ee040d99f5f83acb218bac0d0a78 83888866 linux-source-3.16_3.16.68-1_all.deb Files: db8941c9a7bcf8ec4d6541d6ebb95ada 140642 kernel optional linux_3.16.68-1.dsc a9962cee63f51b6ed3665a14d1e9fcd8 82049616 kernel optional linux_3.16.68.orig.tar.xz d1a4faa60e731c6f88b4402a4ec2a6ed 1162424 kernel optional linux_3.16.68-1.debian.tar.xz a5f56273135e940a2b030e425d979279 454548 devel optional linux-support-3.16.0-9_3.16.68-1_all.deb 89e6ca15df5ffee4401e5cf2b04f0a78 8400604 doc optional linux-doc-3.16_3.16.68-1_all.deb ff0e1997dcfcfda52a8fe09c80274723 3779944 doc optional linux-manual-3.16_3.16.68-1_all.deb a46e462af31a55570498f94bdb45efac 83888866 kernel optional linux-source-3.16_3.16.68-1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAlzmdyEACgkQ57/I7JWG EQlS5RAAmQU7H/anTBQzCBjmSJw/OBUE/Ec9rkwqq198f9uHWDGK/yUJx8q8HoIa SeK0stOBZ9suZuh4pM6K5zzPZy/vIfzJOD0o+MT9hjM+vkTnFCn8usjHpizmfEDR kgfa1zC8ri/dQLWJDAm0vrclo1d9EPH0oo+bTPmHmtib4TQYyxaUFS6D/2fv7NWO 3fk3ckjAlkzfUrkqrcFqeLoxGk03Sx7+DV3PANmyUcbbuRwQDLDvPd/moxUDcVWc J8eDP5Ije8TGv/7ZpoIj9EILM9Fa3hTrNjpzLAm7GLa/HXSWYsbby7NK402Dp5Zu 9YUutMFx/vrevf2IQalRNrmjT6QfTl49U+eN92hTq6ifJ+vCX49u7I3piAFiV6tD SIb+9Db4zFCCqXZayvv7MrqY7D982OT3FlPtggwTlHcjgK09L9rXvUcXvAErAMq3 yH5BEvHpzfLZj5AhfvqUabuphvKPSm7BV7tD32JBvGh20yntO5Xh/ueD32z5LPiY 9Qz+h49ItvoekOYMj8wivEDUNW9HJldAjgjnfGliqTQVjoZ+Nff58PeFsU39cIvl 8QZmAsgIyVPiuQxirJi/32zWSdr0F1lEiB4Y2pPLnq/Or63aomE9C27X4y+ylVO9 Z8OuWwvk/mPA5Xsigw9OLhm6XI5im5HnA2Ovx6osRNWr66kRfMc= =EiyZ -----END PGP SIGNATURE-----
