Bug#862243: unblock: linux/4.9.25-1
Salvatore Bonaccorso:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
>
> Hi
>
> Please unblock package linux
>
Ok with me, CC'ing KiBi for a d-i ack.
> The update includes stable releases 4.9.19 up to 4.9.25 with many
> improvements, bugfixes, security issues fixed. On top of the stable
> release the following additional changes were made:
>
>> [ Ben Hutchings ]
>> * w1: Really enable W1_MASTER_GPIO as module (Closes: #858975)
>> * debian/rules.real: Undefine $LANGUAGE, which can break debug symbols for
>> vDSOs (Closes: #859807)
>> * Bump ABI to 3
>> * [s390x] Set NR_CPUS=256 (Closes: #858731)
>> * [x86] usbip: Increase USBIP_VHCI_NR_HCS to 8 and USBIP_VHCI_HC_PORTS to 31
>> (Closes: #859641)
>> * [powerpc/powerpc64,ppc64*] target: Enable SCSI_IBMVSCSIS as module
>> * cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores
>> (Closes: #859978)
>> * udeb: Include all AHCI drivers in sata-modules (Closes: #860335)
>> * [powerpc/powerpc64,ppc64] Set NR_CPUS=2048, matching ppc64el
>> * [powerpc*/*64*] Enable CPUMASK_OFFSTACK to reduce stack usage
>> * [mips*el/loongson-3] Set NR_CPUS=16 to allow for Loongson 3B2000
>> * [mips*/octeon] Set NR_CPUS=64 to allow for Cavium CN7890
>> * [arm64] Set NR_CPUS=256 to allow for multi-SoC systems (Closes: #861209)
>> * [powerpc/powerpc-smp,powerpcspe] Explicitly set NR_CPUS=4
>> * Move debug symbols back to the main archive, to avoid problems with the
>> current handling in dak
>> * linux-image: Disable signing until it's supported in dak
>> * [rt] Update to 4.9.20-rt16:
>> - rtmutex: Make lock_killable work
>> - rtmutex: Provide rt_mutex_lock_state()
>> - rtmutex: Provide locked slowpath
>> - rwsem/rt: Lift single reader restriction
>> * PCI: Enable PCIE_PTM (except on armel/marvell)
>> * 6lowpan: Enable Generic Header Compression modules
>> * net/sched: Enable NET_ACT_SKBMOD as module
>> * ethernet: Enable NFP_NETVF as module
>> * net/phy: Enable MICROSEMI_PHY as module
>> * input/tablet: Enable TABLET_USB_PEGASUS as module
>> * [x86] input/touchscreen: Enable TOUCHSCREEN_SURFACE3_SPI as module
>> * serial/8250: Enable SERIAL_8250_MOXA as module
>> * [x86] gpio: Enable GPIO_AMDPT as module
>> * [x86] thermal: Enable INT3406_THERMAL as module
>> * watchdog: Enable WATCHDOG_SYSFS
>> * integrity: Enable IMA, IMA_DEFAULT_HASH_SHA256, IMA_APPRAISE,
>> IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY, IMA_BLACKLIST_KEYRING
>> (except on armel/marvell) (Closes: #788290)
>> * media: Enable VIDEO_TW5864, VIDEO_TW686X as modules
>> * [x86] amdgpu,sound/soc: Enable DRM_AMD_ACP; enable SND_SOC_AMD_ACP as module
>> * hda: Set SND_HDA_PREALLOC_SIZE=2048 as recommended for PulseAudio
>> * HID: Enable HID_SENSOR_CUSTOM_SENSOR as module
>> * leds,USB: Enable USB_LEDS_TRIGGER_USBPORT as module
>> * usbip: Enable USBIP_VUDC as module
>> * USB/misc: Enable UCSI as module
>> * leds: Enable LEDS_TRIGGER_DISK, LEDS_TRIGGER_MTD, LEDS_TRIGGER_PANIC
>> * IB: Enable INFINIBAND_HFI1, INFINIBAND_I40IW, INFINIBAND_QEDR, RDMA_RXE
>> as modules
>> * [amd64] EDAC: Enable EDAC_SKX as module
>> * [x86] comedi: Enable COMEDI_ADV_PCI1720, COMEDI_ADV_PCI1760 as modules
>> * [x86] platform: Enable INTEL_HID_EVENT as module
>> * [x86] hwtracing: Enable INTEL_TH, INTEL_TH_PCI, INTEL_TH_GTH, INTEL_TH_MSU,
>> INTEL_TH_PTI as modules
>> * [rt] tracing: Enable HWLAT_TRACER
>> * [x86] crypto: Enable CRYPTO_DEV_QAT_C3XXX, CRYPTO_DEV_QAT_C62X,
>> CRYPTO_DEV_QAT_C3XXXVF, CRYPTO_DEV_QAT_C62XVF as modules
>> * crypto: Enable CRYPTO_DEV_CHELSIO as module
>> * [arm64] Enable ARMV8_DEPRECATED, SWP_EMULATION, CP15_BARRIER_EMULATION,
>> SETEND_EMULATION (Closes: #861384)
>> * udeb: Add tifm_7xx1 to mmc-modules (Closes: #861195)
>> * leds: Enable LEDS_GPIO as module for all configurations with GPIOs
>> (Closes: #860569)
>> * selinux: Set SECURITY_SELINUX_CHECKREQPROT_VALUE=0, per default.
>> This may break some old applications if SELinux is enabled, and can be
>> reverted using the kernel parameter: checkreqprot=1
>> * udeb: Move mfd-core to kernel-image, as both input-modules and
>> mmc-modules need it
>> * crypto: Change CRYPTO_SHA256 from module to built-in, as required by IMA
>> .
>> [ Salvatore Bonaccorso ]
>> * ping: implement proper locking (CVE-2017-2671)
>> * macsec: avoid heap overflow in skb_to_sgvec (CVE-2017-7477)
>> * macsec: dynamically allocate space for sglist
>> * nfsd: check for oversized NFSv2/v3 arguments (CVE-2017-7645)
>> * nfsd4: minor NFSv2/v3 write decoding cleanup
>> * nfsd: stricter decoding of write-like NFSv2/v3 ops (CVE-2017-7895)
>> .
>> [ Aurelien Jarno ]
>> * [mips*/octeon] Drop obsolete patch adding support for the UBNT E200
>> board.
>> * [mips*el/loongson-3] Disable PAGE_EXTENSION and PAGE_POISONING.
>> .
>> [ John Paul Adrian Glaubitz ]
>> * [m68k] udeb: Enable suffix for kernel-image (Closes: #859366)
>
> There was need of an ABI bump for this update, which should possibly be the
> last one before stretch release, but not completely ruled out.
>
> unblock linux/4.9.25-1
>
> Regards,
> Salvatore
>
Thanks,
~Niels
Reply to: