Changelogs which might be relevant between 20130211 and 20130415
* SECURITY UPDATE: InRelease verification bypass
- CVE-2013-1051
[ David Kalnischk ]
* apt-pkg/deb/debmetaindex.cc,
test/integration/test-bug-595691-empty-and-broken-archive-files,
test/integration/test-releasefile-verification:
- disable InRelease downloading until the verification issue is
fixed, thanks to Ansgar Burchardt for finding the flaw
-- Michael Vogt <mvo@debian.org> Thu, 14 Mar 2013 07:47:36 +0100
* Use recommended maintscript versioning scheme.
* The avahi-dnsconfd init script doesn't support reload but provides a
refresh action, so list that instead in the usage help message.
* Update ifupdown hooks for avahi-daemon and avahi-autoipd. Drop the usage
of ADDRFAM=NetworkManager, since network-manager no longer uses that. Run
avahi-daemon only for ADDRFAM inet and inet6. (Closes: #699749)
-- Michael Biebl <biebl@debian.org> Wed, 06 Mar 2013 22:58:55 +0100
* brltty-udeb.sh: Put Xorg killing in background, to avoid getting stuck if
Xorg is not actually to be started after all (textmode installer). Also
kill bterm, in case udev detects the braille device after bterm is
started. Closes: #705196.
-- Samuel Thibault <sthibault@debian.org> Thu, 11 Apr 2013 09:17:49 +0200
* Team upload.
[ intrigeri ]
* Fix several printing related problems:
- Evince crash when printing certain PDF files (Closes: #672336)
- Evince producing broken print output (Closes: #679105)
Patches cherry-picked from upstream:
- 07_cff-subsetting-Ignore-charset-for-non-cid-fonts.patch
- 08_cff_convert_._to_locale_specific_decimal_point_befor.patch
- 09_cff_use_correct_size_for_buffer.patch
- 10_cff_subsetting_widths_can_be_floating_point.patch
[ Michael Biebl ]
* Fix segmentation fault when rendering SVGs at certain sizes.
(Closes: #697482)
Patch cherry-picked from upstream:
- 11_polygon-reduce_reduce_broken_stopped-edge_continuation.patch
-- Michael Biebl <biebl@debian.org> Thu, 31 Jan 2013 16:22:34 +0100
* Non-maintainer upload.
* (Closes: #690799) evince crashes with a certain PDF file
-- Neil Williams <codehelp@debian.org> Sat, 26 Jan 2013 23:22:12 +0000
[ Updated translations ]
* Tamil (ta.po) by Dr.T.Vasudevan
-- Christian Perrier <bubulle@debian.org> Sat, 30 Mar 2013 16:00:24 +0100
[ Updated translations ]
* Catalan (ca.po) by Jordi Mallach
* Malayalam (ml.po) by Praveen Arimbrathodiyil
-- Christian Perrier <bubulle@debian.org> Sat, 06 Apr 2013 10:47:25 +0200
* Team upload
- Rebuild against a fixed libmagic1 (see #703274).
- Non-NMU version, above all past 1.5.x experimental versions.
* Uploaders:
- Remove Kenshi Muto <kmuto@debian.org> with his agreement and with
great thanks for his past work!
- Add myself.
-- Didier Raboud <odyx@debian.org> Mon, 18 Mar 2013 15:23:04 +0100
* Backport upstream documentation fix for STR#4223 "lpadmin to root
privilege escalation"
* Correct usb-backend quirk for Epson Stylus Photo 750, thanks to
Denis Prost (Closes: #697970)
-- Didier Raboud <odyx@debian.org> Mon, 11 Mar 2013 10:18:37 +0100
[ Till Kamppeter ]
* Update airprint-support.patch to make AirPrint support also work for
iOS 6. (Closes: #700961, LP: #1054495) - thanks to Jan Wagner.
[ Didier Raboud ]
* Add usb-backend quirk for Epson Stylus Photo 750 (Closes: #697970)
-- Didier Raboud <odyx@debian.org> Wed, 27 Feb 2013 12:59:30 +0100
[ Adam Conrad ]
* debian/patches/arm/cvs-ldconfig-cache-abi.diff: Backport upstream
patch to re-enable ldconfig cache tagging for armhf binaries again.
* debian/patches/arm/unsubmitted-ldconfig-cache-abi.diff: Re-enable
and adjust to account for changes in cvs-ldconfig-cache-abi.diff.
* debian/debhelper.in/libc.preinst: Remove old ld.so.cache on upgrade.
* debian/control.in/amd64: Move libc6-amd64 from standard to optional.
[ Jonathan Nieder ]
* control.in/opt: correct misspelling of "Ezra" in descriptions of
*-i686 variants. Thanks to Thorsten Glaser.
* patches/any/local-tst-eintr1-eagain.diff: new patch to work around
a race that lets pthread_create hit resource limits when the kernel
takes too long to clean up after joined threads. (closes: #673596)
[ Samuel Thibault ]
* patches/any/local-fhs-linux-paths.diff: Patch vardb path on !linux too.
* Add patches/hurd-i386/libpthread_hurd_cond_wait.diff: New patch to add
support for translators with pthread.
* Add patches/hurd-i386/submitted-fork_port_leak.diff: New patch to fix port
leak on fork.
* libc0.3.symbols.hurd-i386: Add libpthread.so.0.3 symbols.
* Add patches/hurd-i386/tg-hurdsig-boot-fix.diff to fix
sigstate_is_global_rcv at boot in libpthread-based translators.
* patches/hurd-i386/tg-hurdsig-global-dispositions.diff: Update with Thomas'
fork deadlock fix.
* patches/hurd-i386/unsubmitted-single-hurdselect-timeout.diff: Temporarily
fix double select timeout on single fd.
* patches/hurd-i386/unsubmitted-setitimer_fix.diff: Fix Hurd implementation
of setitimer.
-- Adam Conrad <adconrad@0c3.net> Sun, 30 Dec 2012 06:06:32 -0700
* Taking over maintainership (Closes: #704326).
* Updating Standards-Version (no changes).
* Do not ship python-magic-dbg as it is currently empty.
-- Luk Claes <luk@debian.org> Mon, 01 Apr 2013 10:20:18 +0200
* Non-maintainer upload.
* Re-upload 5.11-2:
- Fix ELF detection on 64-bit big endian architectures (closes: #703274).
-- Bastian Blank <waldi@debian.org> Sun, 17 Mar 2013 20:23:55 +0000
* Import patch by Steven Chamberlain to make rpc.lockd start without
`-h' arguments (Closes: #664812)
* Add me to uploaders
-- Christoph Egger <christoph@debian.org> Mon, 18 Mar 2013 11:54:48 +0100
* Removing all references to my old email address.
-- Daniel Baumann <mail@daniel-baumann.ch> Sun, 10 Mar 2013 20:29:13 +0100
* Fix the closing fi in the if statement in postrm.
-- Michael Biebl <biebl@debian.org> Wed, 09 Jan 2013 16:14:49 +0100
* Take into account multiarch when removing the cache files in postrm:
Remove /usr/lib/gio/modules/giomodule.cache only for the native
architecture for which this cache file was created.
After removing /usr/share/glib-2.0/schemas/gschemas.compiled on purge,
run dpkg-trigger explicitly, so in case libglib2.0-0 is installed for
other architectures, the cache file is re-created. (Closes: #696389)
* Drop the various Breaks from libglib2.0-0. Those are causing APT to fail
on a dist-upgrade from squeeze to wheezy. (Closes: #676485)
-- Michael Biebl <biebl@debian.org> Tue, 08 Jan 2013 23:30:04 +0100
* For wheezy build gnutls-bin and guile-gnutls from this source package
rather than from gnutls28. gnutls28 is a leaf-package in wheezy. Not
shipping would mean a lot less work for the security team if there was a
GnuTLS vulnerability. If wanted, it can be re-introduced via backports.
The versioning trick has been copied from Ubuntu.
* Since guile support would require building with --disable-largefile on
armel armhf mipsel we do not provide the package there.
-- Andreas Metzler <ametzler@debian.org> Thu, 04 Apr 2013 18:34:25 +0200
* Testbuild gnutls guile bindings, binary packages unchanged.
-- Andreas Metzler <ametzler@debian.org> Fri, 22 Mar 2013 18:58:28 +0100
* Update /etc/groff/man.local and /etc/groff/mdoc.local with new
commented-out code to force "-" back to Unicode HYPHEN, since upstream
groff has mapped this to HYPHEN-MINUS since 1.20, and remove the
Debian-local mapping of "\-" for the same reason. Remove mention of
this from README.Debian since the upstream change of default means that
this is only of minority interest (closes: #703690).
-- Colin Watson <cjwatson@debian.org> Sun, 07 Apr 2013 22:14:00 +0100
* New upstream release.
* Note in the groff package description that the chem preprocessor
requires perl.
-- Colin Watson <cjwatson@debian.org> Mon, 11 Mar 2013 08:36:01 +0000
* QA upload.
* Properly orphan the package. See #677770.
* Build using Tcl/Tk 8.5. Closes: #631601. LP: #1155269.
* Build with hardening defaults.
* Fix some lintian warnings. Closes: #615357, #615428.
* Fix typo in man page. Closes: #525266.
* Handle files larger than 2GB.
-- Matthias Klose <doko@debian.org> Thu, 14 Mar 2013 12:44:10 -0700
* Run exit hooks when "dhclient -1" fails (closes: #486520).
* Add dhcp6.name-servers and dhcp6.domain-search to the default request
options in dhclient.conf (closes: #693315).
* Handle dhclient.conf left behind during a prior lenny->squeeze upgrade,
upgrade it now to avoid an unnecessary conffile prompt (closes: #698582).
- Thanks to Gregor Herrmann for the patch.
* Also, do not copy dhclient.conf from /etc/dhcp3 anymore (closes: #700363).
-- Michael Gilbert <mgilbert@debian.org> Sat, 16 Feb 2013 20:40:46 +0000
* Added backported patch dot_kcmdline: correctly parse kcmdline parameters
containing a dot. (Closes: #689872)
* Added backported patch bad_alias_assertion: stop modprobe from aborting
from an assertion because of some invalid but common configuration
directives. (Closes: #674110)
* Removed the nfs4 alias from aliases.conf as requested by the kernel
team. (Closes: #683972)
* Removed the unnecessary build-dependency on perl. (Closes: #697750)
-- Marco d'Itri <md@linux.it> Sun, 07 Apr 2013 18:19:01 +0200
* Import workaround for getaddrinfo bug from upstream. Described in
upstream's RT 7124, Closes: #704647
* Correct CVE number for CVE-2012-1016 in changelog and patches, Closes:
#703457
* Import upstream's fix for CVE-2013-1416, Closes: #704775
-- Benjamin Kaduk <kaduk@mit.edu> Fri, 05 Apr 2013 14:36:50 -0400
* Non-maintainer upload by the Security Team.
* Fix cve-2012-1016: null pointer derefence when handling a draft9 request
(closes: #702633).
-- Michael Gilbert <mgilbert@debian.org> Fri, 15 Mar 2013 04:15:27 +0000
* KDC null pointer dereference with PKINIT, CVE-2013-1415
-- Benjamin Kaduk <kaduk@mit.edu> Fri, 15 Feb 2013 16:07:53 -0500
* Drop autotools-dev dh sequence (autoreconf already does what's needed
and one should use only one of them anyway), and autotools-dev build-dep.
* Update the HACKING file: no need for a manual “autoreconf -i -v” when
building a Debian package. That clutters source diffs, which the
autoreconf dh sequence aims at keeping clean, be it only for release
managers' ease of reviewing.
-- Cyril Brulebois <kibi@debian.org> Tue, 09 Apr 2013 04:50:44 +0200
* Drop support for PGP signed files in RFC822 parser.
-- Bastian Blank <waldi@debian.org> Sat, 06 Apr 2013 15:33:36 +0200
* While we are at it also pick
29_Fix-a-problem-with-select-and-high-fds.patch
LP: #1084279
-- Andreas Metzler <ametzler@debian.org> Sun, 24 Feb 2013 18:38:55 +0100
* Pull patches from upstream LIBGCRYPT-1-5-BRANCH:
30_Avoid-dereferencing-pointer-right-after-the-end.patch
31_Fix-segv-with-AES-NI-on-some-platforms.patch
<https://bugs.g10code.com/gnupg/issue1452>
32_libgcrypt-1.5-rinjdael-Fix-use-of-SSE2-outside-USE_A.patch
Closes: #699034
-- Andreas Metzler <ametzler@debian.org> Sun, 24 Feb 2013 17:43:09 +0100
[ Colin Watson ]
* Use dh-autoreconf.
* Support parallel builds.
[ Vibhav Pant ]
* Add simple autopkgtest.
-- Colin Watson <cjwatson@debian.org> Fri, 22 Mar 2013 09:58:59 +0000
* Non-maintainer upload by the Security Team.
* Fix cve-2013-0338 and cve-2013-0339: large memory consuption issues when
performing string substition during entity expansion (closes: #702260).
-- Michael Gilbert <mgilbert@debian.org> Wed, 06 Mar 2013 20:24:06 +0000
* Non-maintainer upload by the Security Team.
* Upload as NMU acknowledged by Aron Xu.
* Add patches to fix denial of service vulnerability (CVE-2012-6139)
(Closes: #703933)
-- Salvatore Bonaccorso <carnil@debian.org> Tue, 26 Mar 2013 20:31:18 +0100
* [ia64] udeb: Remove efi-modules package; make kernel-image provide
efi-modules (fixes FTBFS)
* linux-headers: Fix file installation on architectures without
Kbuild.platforms (Closes: #703800)
* [x86] drm/i915: bounds check execbuffer relocation count (CVE-2013-0913)
* [x86] drm: Enable DRM_GMA500 as module, replacing DRM_PSB (Closes: #703506)
- Enable DRM_GMA600, DRM_GMA3600, DRM_MEDFIELD
* [x86] KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME
(CVE-2013-1796)
* [x86] KVM: x86: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache
functions (CVE-2013-1797)
* KVM: Fix bounds checking in ioapic indirect register reads (CVE-2013-1798)
-- Ben Hutchings <ben@decadent.org.uk> Mon, 25 Mar 2013 15:17:44 +0000
* New upstream stable update:
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.40
- ext4: return ENOMEM if sb_getblk() fails
- ext4: fix possible use-after-free with AIO
- s390/kvm: Fix store status for ACRS/FPRS
- staging: comedi: disallow COMEDI_DEVCONFIG on non-board minors
- ext4: fix race in ext4_mb_add_n_trim()
- UBIFS: fix double free of ubifs_orphan objects
- hrtimer: Prevent hrtimer_enqueue_reprogram race
- nfsd: Fix memleak
- x86: Do not leak kernel page mapping locations
- USB: usb-storage: unusual_devs update for Super TOP SATA bridge
- posix-cpu-timers: Fix nanosleep task_struct leak
- NFSv4.1: Don't decode skipped layoutgets
- cgroup: fix exit() vs rmdir() race
- cpuset: fix cpuset_print_task_mems_allowed() vs rename() race
- ext4: fix xattr block allocation/release with bigalloc
- mm: fix pageblock bitmap allocation
- target: Add missing mapped_lun bounds checking during make_mappedlun
setup
- b43: Increase number of RX DMA slots
- posix-timer: Don't call idr_find() with out-of-range ID
- fs: Fix possible use-after-free with AIO
- powerpc/kexec: Disable hard IRQ before kexec
- mmu_notifier_unregister NULL Pointer deref and multiple ->release()
callouts
- tmpfs: fix use-after-free of mempolicy object (CVE-2013-1767)
- ocfs2: fix possible use-after-free with AIO
- ocfs2: fix ocfs2_init_security_and_acl() to initialize acl correctly
- ocfs2: ac->ac_allow_chain_relink=0 won't disable group relink
- idr: fix a subtle bug in idr_get_next()
- idr: make idr_get_next() good for rcu_read_lock()
- idr: fix top layer handling
- sysctl: fix null checking in bin_dn_node_address()
- nbd: fsync and kill block device on shutdown
- s390/timer: avoid overflow when programming clock comparator
(regression in 3.2.38)
- xen-pciback: rate limit error messages from xen_pcibk_enable_msi{,x}()
(CVE-2013-0231)
- xen-netback: correctly return errors from netbk_count_requests()
- xen-netback: cancel the credit timer when taking the vif down
- ipv6: use a stronger hash for tcp
- staging: comedi: ni_labpc: correct differential channel sequence for
AI commands
- staging: comedi: ni_labpc: set up command4 register after command3
- vhost: fix length for cross region descriptor (CVE-2013-0311)
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.41
- NFS: Don't allow NFS silly-renamed files to be deleted, no signal
- ARM: VFP: fix emulation of second VFP instruction
- md: fix two bugs when attempting to resize RAID0 array.
- proc connector: reject unprivileged listener bumps
- cifs: ensure that cifs_get_root() only traverses directories
- dm: fix truncated status strings
- hw_random: make buffer usable in scatterlist. (real fix for #701784)
- efi_pstore: Check remaining space with QueryVariableInfo() before
writing data
- efi: be more paranoid about available space when creating variables
(Closes: #703574)
- vfs: fix pipe counter breakage
- xen/pciback: Don't disable a PCI device that is already disabled.
- ALSA: seq: Fix missing error handling in snd_seq_timer_open()
- ext3: Fix format string issues (CVE-2013-1848)
- keys: fix race with concurrent install_user_keyrings() (CVE-2013-1792)
- USB: cdc-wdm: fix buffer overflow (CVE-2013-1860)
- signal: always clear sa_restorer on execve (CVE-2013-0914)
- crypto: user - fix info leaks in report API (CVE-2013-2546,
CVE-2013-2547, CVE-2013-2548)
- Fix: compat_rw_copy_check_uvector() misuse in aio, readv, writev, and
security keys
- batman-adv: bat_socket_read missing checks
- batman-adv: Only write requested number of byte to user buffer
- mm/hotplug: correctly add new zone to all other nodes' zone lists
(CVE-2012-5517)
- btrfs: use rcu_barrier() to wait for bdev puts at unmount
[ Aurelien Jarno]
* [mips,mipsel] Disable VGA_CONSOLE and ignore the corresponding ABI
change. It is completely broken on MIPS.
* headers: Include Kbuild.platforms and Platform files in -common to
fix out-of-tree building on mips and mipsel.
* [{mips,mipsel}/{4,5}kc-malta] Enable HW_RANDOM as module so that both
flavours have a consistent configuration.
[ Ben Hutchings ]
* [x86] ata_piix: reenable MS Virtual PC guests (fixes regression in
3.2.19-1)
* test-patches: Clean up all previous test patches, whether or not they
were applied
* test-patches: Add --fuzz option to allow testing patches that have fuzz
* [x86] efi: Fix processor-specific memcpy() build error (Closes: #698581)
* udeb: Add hid-topseed to input-modules (Closes: #702611)
* [x86] drm/i915: Unconditionally initialise the interrupt workers,
thanks to Bjørn Mork (Closes: #692607)
* efi: Ensure efivars is loaded on EFI systems (Closes: #703363)
- [x86] Use a platform device to trigger loading of efivars
- [ia64] Change EFI_VARS from module to built-in
* efivars: Work around serious firmware bugs
- Allow disabling use as a pstore backend
- Add module parameter to disable use as a pstore backend
* [x86] Set EFI_VARS_PSTORE_DEFAULT_DISABLE=y
- explicitly calculate length of VariableName
- Handle duplicate names from get_next_variable()
* efi_pstore: Introducing workqueue updating sysfs
* efivars: pstore: Do not check size when erasing variable
* efivars: Remove check for 50% full on write
* kmsg_dump: Only dump kernel log in error cases (Closes: #703386)
- kexec: remove KMSG_DUMP_KEXEC
- kmsg_dump: don't run on non-error paths by default
* [x86] i915: initialize CADL in opregion (Closes: #703271)
* drm, agp: Update to 3.4.37:
- drm/radeon/dce6: fix display powergating
- drm: don't add inferred modes for monitors that don't support them
- drm/i915: Increase the RC6p threshold.
* signal: Fix use of missing sa_restorer field (build regression
introduced by fix for CVE-2013-0914)
* rds: limit the size allocated by rds_message_alloc()
* rtnl: fix info leak on RTM_GETLINK request for VF devices
* dcbnl: fix various netlink info leaks
* [s390] mm: fix flush_tlb_kernel_range()
* [powerpc] Fix cputable entry for 970MP rev 1.0
* vhost/net: fix heads usage of ubuf_info
* udf: avoid info leak on export (CVE-2012-6548)
* isofs: avoid info leak on export (CVE-2012-6549)
* [x86,powerpc/powerpc64] random: Change HW_RANDOM back from built-in to
module, as we now have a real fix for #701784
* [rt] Update to 3.2.40-rt60
-- Ben Hutchings <ben@decadent.org.uk> Sat, 23 Mar 2013 03:54:34 +0000
* [s390,s390x] virtio: Ignore ABI changes in 3.2.39 (fixes FTBFS)
* [sparc] drm: Ignore ABI changes in 3.2.39 (fixes FTBFS)
* [sparc] drm: Change from built-in to module
* [rt] Update to 3.2.39-rt59:
- acpi/rt: Convert acpi_gbl_hardware lock back to a raw_spinlock_t
- printk: Fix rq->lock vs logbuf_lock unlock lock inversion
- wait-simple: Simple waitqueue implementation
- rcutiny: Use simple waitqueue
* [x86] efi: Fix ABI change for introduction of efi_enabled() function
in 3.2.38 (Closes: #701690)
* [armel/versatile] i2c: Re-enable I2C_PCA_PLATFORM as module, erroneously
disabled in 3.2.39-1 (fixes FTBFS)
* [x86,powerpc/powerpc64] random: Change HW_RANDOM from module to built-in,
to work around virtio-rng bug (Closes: #701784)
-- Ben Hutchings <ben@decadent.org.uk> Wed, 27 Feb 2013 03:48:30 +0000
* New upstream stable update:
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.36
- freezer: PF_FREEZER_NOSIG should be cleared along with PF_NOFREEZE
(Closes: #697077)
- tmpfs: fix shared mempolicy leak
- virtio: 9p: correctly pass physical address to userspace for high pages
- virtio: force vring descriptors to be allocated from lowmem
- USB: EHCI: bugfix: urb->hcpriv should not be NULL
- rcu: Fix batch-limit size problem
- Bluetooth: ath3k: Add support for VAIO VPCEH [0489:e027]
(Closes: #700550)
- mvsas: fix undefined bit shift
- ALSA: usb-audio: Avoid autopm calls after disconnection; Fix missing
autopm for MIDI input (Closes: #664068)
- target/file: Fix 32-bit highmem breakage for SGL -> iovec mapping
- SCSI: fix Null pointer dereference on disk error
- proc: pid/status: show all supplementary groups
- nfsd4: fix oops on unusual readlike compound
- ARM: missing ->mmap_sem around find_vma() in swp_emulate.c
- sctp: fix memory leak in sctp_datamsg_from_user() when copy from user
space fails
- ne2000: add the right platform device
- irda: sir_dev: Fix copy/paste typo
- ipv4: ip_check_defrag must not modify skb before unsharing
- telephony: ijx: buffer overflow in ixj_write_cid()
- udf: fix memory leak while allocating blocks during write
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.37
- ext4: fix extent tree corruption caused by hole punch
- jbd2: fix assertion failure in jbd2_journal_flush()
- tmpfs mempolicy: fix /proc/mounts corrupting memory
- sparc: huge_ptep_set_* functions need to call set_huge_pte_at()
- inet: Fix kmemleak in tcp_v4/6_syn_recv_sock and
dccp_v4/6_request_recv_sock
- net: sched: integer overflow fix
- tcp: implement RFC 5961 3.2
- tcp: implement RFC 5961 4.2
- tcp: refine SYN handling in tcp_validate_incoming
- tcp: tcp_replace_ts_recent() should not be called from
tcp_validate_incoming()
- tcp: RFC 5961 5.2 Blind Data Injection Attack Mitigation
- RDMA/nes: Fix for crash when registering zero length MR for CQ
- ACPI : do not use Lid and Sleep button for S5 wakeup
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.38
- staging: comedi: comedi_test: fix race when cancelling command
- mm: use aligned zone start for pfn_to_bitidx calculation
- [s390] s390/time: fix sched_clock() overflow (Closes: #698382)
- [i386] xen: Fix stack corruption in xen_failsafe_callback for 32bit
PVOPS guests. (CVE-2013-0190)
- KVM: PPC: Emulate dcbf
- evm: checking if removexattr is not a NULL
- ath9k_htc: Fix memory leak
- ath9k: do not link receive buffers during flush
- ath9k: fix double-free bug on beacon generate failure
- x86/msr: Add capabilities check
- can: c_can: fix invalid error codes
- can: ti_hecc: fix invalid error codes
- can: pch_can: fix invalid error codes
- smp: Fix SMP function call empty cpu mask race
- xfs: Fix possible use-after-free with AIO
- EDAC: Test correct variable in ->store function
- samsung-laptop: Disable on EFI hardware, to avoid damaging it
- NFS: Don't silently fail setattr() requests on mountpoints
- intel-iommu: Prevent devices with RMRRs from being placed into SI Domain
- ALSA: usb-audio: Fix regression by disconnection-race-fix patch
(Closes: #696321)
- printk: fix buffer overflow when calling log_prefix function from
call_console_drivers
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.39
- USB: XHCI: fix memory leak of URB-private data
- sched/rt: Use root_domain of rt_rq not current processor
- mwifiex: fix incomplete scan in case of IE parsing error
- x86-64: Replace left over sti/cli in ia32 audit exit code
- Bluetooth: Fix handling of unexpected SMP PDUs
- ptrace/x86: Partly fix set_task_blockstep()->update_debugctlmsr() logic
- Fix race condition with PTRACE_SETREGS and fatal signal (CVE-2013-0871)
+ ptrace: introduce signal_wake_up_state() and ptrace_signal_wake_up()
+ ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL
+ wake_up_process() should be never used to wakeup a TASK_STOPPED/TRACED
task
- net: prevent setting ttl=0 via IP_TTL
- ipv6: fix header length calculation in ip6_append_data()
- netxen: fix off by one bug in netxen_release_tx_buffer()
- r8169: remove the obsolete and incorrect AMD workaround
- net: loopback: fix a dst refcounting issue
- packet: fix leakage of tx_ring memory
- net: sctp: sctp_setsockopt_auth_key: use kzfree instead of kfree
- net: sctp: sctp_endpoint_free: zero out secret key data
- xen/netback: shutdown the ring if it contains garbage. (CVE-2013-0216)
- xen/netback: don't leak pages on failure in xen_netbk_tx_check_gop.
- xen/netback: free already allocated memory on failure in
xen_netbk_get_requests
- netback: correct netbk_tx_err to handle wrap around. (CVE-2013-0217)
- tcp: frto should not set snd_cwnd to 0
- tcp: fix for zero packets_in_flight was too broad
- tcp: fix MSG_SENDPAGE_NOTLAST logic
- bridge: Pull ip header into skb->data before looking into ip header.
(Closes: #697903)
- x86/xen: don't assume %ds is usable in xen_iret for 32-bit PVOPS.
(CVE-2013-0228)
[ Aurelien Jarno ]
* [armhf/vexpress] Add kernel udebs.
[ Julien Cristau ]
* Backport drm and agp subsystems from Linux 3.4.29 (closes: #687442)
- [x86] i915: Fixes freezes on Ivy Bridge (Closes: #689268)
- nouveau: Support for newer nvidia chipsets (Closes: #690284)
- radeon: Support for HD7000 'Southern Islands' chips
- [x86] drm/i915: add Ivy Bridge GT2 Server entries (Closes: #684767)
- [x86] drm/i915: Close race between processing unpin task and queueing
the flip
[ Ben Hutchings ]
* Input: wacom - fix touch support for Bamboo Fun CTH-461
* media/rc: Add iguanair driver from Linux 3.7 (Closes: #696925)
* rt2800: add chipset revision RT5390R support (Closes: #696592)
* [armhf/mx5] mtd: Enable MTD_BLOCK as module
* [armhf/mx5] udeb: Add missing storage drivers (Closes: #697128)
- Add ata-modules including libata, pata-modules including pata_imx,
sata-modules including ahci_platform
- Add sdhci-esdhc-imx to mmc-modules
- Add mtd-modules including mtd, mtdblock and m25p80
* [armhf] udeb: Fix network driver selection
- [armhf/mx5] Remove nic-modules
- [armhf/vexpress] Add usb-modules
- Add standard set of USB drivers to nic-usb-modules
- Add nic-wireless-modules
* be2net: Apply backported fixes requested by Emulex (Closes: #697479)
- be2net: do not modify PCI MaxReadReq size
- be2net: fix reporting number of actual rx queues
- be2net: do not use SCRATCHPAD register
- be2net: reduce gso_max_size setting to account for ethernet header.
- be2net: Increase statistics structure size for skyhawk.
- be2net: Explicitly clear the reserved field in the Tx Descriptor
- be2net: Regression bug wherein VFs creation broken for multiple cards.
- be2net: Fix to trim skb for padded vlan packets to workaround an ASIC Bug
- be2net: Fix Endian
- be2net: Enable RSS UDP hashing for Lancer and Skyhawk
- be2net: dont pull too much data in skb linear part
- be2net: Fix to parse RSS hash from Receive completions correctly.
- be2net: Avoid disabling BH in be_poll()
* udeb: Add specialised USB keyboard/mouse drivers to input-modules:
hid-a4tech, hid-cypress, hid-ezkey (Closes: #697035), hid-kensington,
hid-keytouch, hid-kye, hid-multitouch, hid-ortek, hid-primax,
hid-quanta, hid-samsung, hid-speedlink
* radeon: Firmware is required for DRM and KMS on R600 onward, but not
for KMS on earlier chips (Closes: #697229)
* [!powerpc] radeon: Reenable DRM_RADEON_KMS, as it apparently works on
most non-PowerMac systems
* fs: cachefiles: add support for large files in filesystem caching
(Closes: #698376)
* [rt] Update to 3.2.38-rt57:
- sched: Adjust sched_reset_on_fork when nothing else changes
- sched: Queue RT tasks to head when prio drops
- sched: Consider pi boosting in setscheduler
- sched: Init idle->on_rq in init_idle()
- sched: Check for idle task in might_sleep()
- mm: swap: Initialize local locks early
* [armel/versatile,armhf/vexpress] i2c: Enable I2C, I2C_VERSATILE as modules
(Closes: #696182)
* ext4: Fix corruption by hole punch in large files (Closes: #685726)
- rewrite punch hole to use ext4_ext_remove_space()
- fix hole punch failure when depth is greater than 0
- fix kernel BUG on large-scale rm -rf commands
* md: protect against crash upon fsync on ro array (Closes: #696650)
* net: Add alx driver for Atheros AR8161 and AR8162 (Closes: #699129)
- Mark as staging, since it has not been accepted upstream
* [armel/kirkwood] rtc-s35390a: add wakealarm support (Closes: #693997)
* [x86] i915: Invert backlight brightness control for various models
including Packard Bell NCL20 (Closes: #627372) and eMachines G725
(Closes: #680737)
- Also allow this behaviour to be enabled via module parameter
invert_brightness=1
* [amd64] edac: Enable EDAC_SBRIDGE as module (Closes: #699283)
* SCSI: Add virtio_scsi driver (Closes: #686636)
* [x86] sound: Enable LINE6_USB as module (Closes: #700211)
- Apply upstream changes up to Linux 3.8-rc1
* [armhf/mx5] Update description to mention i.MX53
* mm: Try harder to allocate vmemmap blocks (Closes: #699913)
* aufs: Update to aufs3.2-20130204:
- support for syncfs(2)
- possible bugfix, race in lookup
- bugfix, half refreshed iinfo
- possible bugfix, au_lkup_by_ino() returns ESTALE
* [x86] efi: Clear EFI_RUNTIME_SERVICES rather than EFI_BOOT by "noefi" boot
parameter
* [x86] efi: Make "noefi" really disable EFI runtime serivces
* drm, agp: Update to 3.4.32
- drm/radeon: add WAIT_UNTIL to the non-VM safe regs list for cayman/TN
- drm/radeon: prevent crash in the ring space allocation
* linux-image-dbg: Add symlinks to vmlinux from the locations expected by
kdump-tools (Closes: #700418), systemtap and others
* mm: fix pageblock bitmap allocation (fixes regression in 3.2.38)
* USB: usb-storage: unusual_devs update for Super TOP SATA bridge
[ Cyril Brulebois ]
* Bump python build-dep, needed since the switch from local SortedDict
to collections.OrderedDict (new in version 2.7). (Closes: #697740)
-- Ben Hutchings <ben@decadent.org.uk> Mon, 25 Feb 2013 00:36:51 +0000
[ Steve Langasek ]
* languagelist: Use 'Bangla' as the preferred name for the language of
Bangladesh, for consistency with iso-codes; thanks to Gunnar Hjalmarsson
<gunnarhj@ubuntu.com> for the patch. LP: #991002.
-- Christian Perrier <bubulle@debian.org> Sat, 23 Mar 2013 08:48:28 +0100
* Fix default locale for Northern Sami (se_NO.UTF-8 no longer exists)
-- Christian Perrier <bubulle@debian.org> Sun, 03 Mar 2013 15:48:11 +0100
* Rebuild to include latest translations of ISO-3166
(noticeably the name of "The State of Palestine")
-- Christian Perrier <bubulle@debian.org> Sun, 03 Mar 2013 14:44:52 +0100
* Added backported patch dot_kcmdline: correctly parse kcmdline parameters
containing a dot. (Closes: #689872)
* Added backported patch bad_alias_assertion: stop modprobe from aborting
from an assertion because of some invalid but common configuration
directives. (Closes: #674110)
* Removed the nfs4 alias from aliases.conf as requested by the kernel
team. (Closes: #683972)
* Removed the unnecessary build-dependency on perl. (Closes: #697750)
-- Marco d'Itri <md@linux.it> Sun, 07 Apr 2013 18:19:01 +0200
[ Samuel Thibault ]
* Do not set netcfg/use_autoconfig to true just because netcfg/disable_dhcp
is false (which is the default), otherwise netcfg/disable_autoconfig has no
effect. (Closes: #703747, #688273)
[ Philipp Kern ]
* Install iw whenever wireless-tools is installed on the target.
Patch by Charles Plessy. (Closes: #697890)
[ Updated translations ]
* Amharic (am.po) by Tegegne Tefera
* Croatian (hr.po) by Tomislav Krznar
* Tamil (ta.po) by Dr.T.Vasudevan
-- Philipp Kern <pkern@debian.org> Sun, 07 Apr 2013 22:00:45 +0200
* finish-install.d/55netcfg-copy-config: Do not rely on dpkg -l
to check if a package is installed; use dpkg-query -s instead
and check status explicitly. (Closes: #700939)
-- Philipp Kern <pkern@debian.org> Thu, 21 Feb 2013 15:02:54 +0100
[ Updated translations ]
* Croatian (hr.po) by Tomislav Krznar
* Tamil (ta.po) by Dr.T.Vasudevan
-- Christian Perrier <bubulle@debian.org> Sat, 30 Mar 2013 17:04:28 +0100
* Non-maintainer upload.
* python-newt-dbg.preinst: Handle symlink to directory conversion. (Closes:
#700781)
-- Sebastian Ramacher <sramacher@debian.org> Mon, 25 Feb 2013 19:58:40 +0100
* CVE-2010-5107: Improve DoS resistance by changing default of MaxStartups
to 10:30:100 (closes: #700102).
-- Colin Watson <cjwatson@debian.org> Fri, 08 Feb 2013 21:27:00 +0000
* Bump shlibs. It's needed for the udeb.
* Make cpuid work on cpu's that don't set ecx (Closes: #699692)
* Fix problem with AES-NI causing bad record mac (Closes: #701868, #702635, #678353)
* Fix problem with DTLS version check (Closes: #701826)
* Fix segfault in SSL_get_certificate (Closes: #703031)
-- Kurt Roeckx <kurt@roeckx.be> Mon, 18 Mar 2013 20:37:11 +0100
* New upstream version (Closes: #699889)
- Fixes CVE-2013-0169, CVE-2012-2686, CVE-2013-0166
- Drop renegiotate_tls.patch, applied upstream
- Export new CRYPTO_memcmp symbol, update symbol file
* Add ssltest_no_sslv2.patch so that "make test" works.
-- Kurt Roeckx <kurt@roeckx.be> Mon, 11 Feb 2013 19:39:44 +0100
* Re-enable assembler versions on sparc. They shouldn't have
been disabled for sparc v9. (Closes: #649841)
-- Kurt Roeckx <kurt@roeckx.be> Sun, 09 Sep 2012 08:43:40 +0200
* Fix for CVE-2013-1591 (stack-based buffer overflow), cherry-picked from
0.27.4 (closes: #700308).
-- Julien Cristau <jcristau@debian.org> Mon, 18 Feb 2013 19:58:33 +0100
[ Updated translations ]
* Malayalam fixed (preseed URLs)
-- Christian Perrier <bubulle@debian.org> Thu, 10 Jan 2013 07:38:34 +0100
* python2.7: Replace python2.7-minimal (<< 2.7.3-7). Closes: #702005.
* Build the _md5, _sha1, _sha256 and _sha512 extension modules.
-- Matthias Klose <doko@debian.org> Mon, 04 Mar 2013 17:38:54 +0800
* python2.7-dbg: Tighten dependency on python2.7. Closes: #700809.
-- Matthias Klose <doko@debian.org> Fri, 01 Mar 2013 09:28:17 +0100
* Team upload.
* Revert passing -terminate to the X server, to unbreak theme=dark.
brltty starting from 4.4-8 terminates X instead of debconf, so it's not
needed any more. Closes: #696968.
-- Samuel Thibault <sthibault@debian.org> Sun, 06 Jan 2013 01:10:10 +0100
* New upstream release.
-- Laszlo Boszormenyi (GCS) <gcs@debian.hu> Fri, 29 Mar 2013 19:40:04 +0100
* New upstream release, fixes umask handling (closes: #703465).
* Update Standards-Version to 3.9.4 .
* Make libsqlite3-dev package multi-arch: same (closes: #683588).
* Include HTML documentation for lemon (closes: #698636).
* Update patches to apply clean.
-- Laszlo Boszormenyi (GCS) <gcs@debian.hu> Tue, 19 Mar 2013 23:33:43 +0100
* update for Wheezy (Closes: #690523)
* update: remove unnecessary line in get_targz
* debian/control
- update to fonts-arphic-uming, instead of ttf-
- now we use package-type instead of xc-package-type
- Bump up Standards-Version: 3.9.3
* Update at Sun Mar 3 04:13:48 UTC 2013
-- Hideki Yamane <henrich@debian.org> Sun, 03 Mar 2013 13:10:23 +0900
* Non-maintainer upload.
* Add upstart support. Closes: #686378.
-- Steve Langasek <steve.langasek@ubuntu.com> Sun, 04 Nov 2012 23:58:14 -0800
* dmx: don't include dmx-config.h from xdmxconfig (closes: #495816)
* xfree86: bail on misformed acpi strings (closes: #696110)
* dix: don't allow overriding a grab with a different type of grab
* dix: Set focus field on XI2 crossing events (closes: #699907)
* Link against -lbsd on kfreebsd. This gives us access to getpeereid(), and
makes MIT-SHM work with non-world-accessible segments (closes: #701469).
-- Julien Cristau <jcristau@debian.org> Sat, 23 Feb 2013 15:37:44 +0100