[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#862243: unblock: linux/4.9.25-1

Salvatore Bonaccorso:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Hi
> 
> Please unblock package linux
> 

Ok with me, CC'ing KiBi for a d-i ack.

> The update includes stable releases 4.9.19 up to 4.9.25 with many
> improvements, bugfixes, security issues fixed. On top of the stable
> release the following additional changes were made:
> 
>>   [ Ben Hutchings ]
>>   * w1: Really enable W1_MASTER_GPIO as module (Closes: #858975)
>>   * debian/rules.real: Undefine $LANGUAGE, which can break debug symbols for
>>     vDSOs (Closes: #859807)
>>   * Bump ABI to 3
>>   * [s390x] Set NR_CPUS=256 (Closes: #858731)
>>   * [x86] usbip: Increase USBIP_VHCI_NR_HCS to 8 and USBIP_VHCI_HC_PORTS to 31
>>     (Closes: #859641)
>>   * [powerpc/powerpc64,ppc64*] target: Enable SCSI_IBMVSCSIS as module
>>   * cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores
>>     (Closes: #859978)
>>   * udeb: Include all AHCI drivers in sata-modules (Closes: #860335)
>>   * [powerpc/powerpc64,ppc64] Set NR_CPUS=2048, matching ppc64el
>>   * [powerpc*/*64*] Enable CPUMASK_OFFSTACK to reduce stack usage
>>   * [mips*el/loongson-3] Set NR_CPUS=16 to allow for Loongson 3B2000
>>   * [mips*/octeon] Set NR_CPUS=64 to allow for Cavium CN7890
>>   * [arm64] Set NR_CPUS=256 to allow for multi-SoC systems (Closes: #861209)
>>   * [powerpc/powerpc-smp,powerpcspe] Explicitly set NR_CPUS=4
>>   * Move debug symbols back to the main archive, to avoid problems with the
>>     current handling in dak
>>   * linux-image: Disable signing until it's supported in dak
>>   * [rt] Update to 4.9.20-rt16:
>>     - rtmutex: Make lock_killable work
>>     - rtmutex: Provide rt_mutex_lock_state()
>>     - rtmutex: Provide locked slowpath
>>     - rwsem/rt: Lift single reader restriction
>>   * PCI: Enable PCIE_PTM (except on armel/marvell)
>>   * 6lowpan: Enable Generic Header Compression modules
>>   * net/sched: Enable NET_ACT_SKBMOD as module
>>   * ethernet: Enable NFP_NETVF as module
>>   * net/phy: Enable MICROSEMI_PHY as module
>>   * input/tablet: Enable TABLET_USB_PEGASUS as module
>>   * [x86] input/touchscreen: Enable TOUCHSCREEN_SURFACE3_SPI as module
>>   * serial/8250: Enable SERIAL_8250_MOXA as module
>>   * [x86] gpio: Enable GPIO_AMDPT as module
>>   * [x86] thermal: Enable INT3406_THERMAL as module
>>   * watchdog: Enable WATCHDOG_SYSFS
>>   * integrity: Enable IMA, IMA_DEFAULT_HASH_SHA256, IMA_APPRAISE,
>>     IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY, IMA_BLACKLIST_KEYRING
>>     (except on armel/marvell) (Closes: #788290)
>>   * media: Enable VIDEO_TW5864, VIDEO_TW686X as modules
>>   * [x86] amdgpu,sound/soc: Enable DRM_AMD_ACP; enable SND_SOC_AMD_ACP as module
>>   * hda: Set SND_HDA_PREALLOC_SIZE=2048 as recommended for PulseAudio
>>   * HID: Enable HID_SENSOR_CUSTOM_SENSOR as module
>>   * leds,USB: Enable USB_LEDS_TRIGGER_USBPORT as module
>>   * usbip: Enable USBIP_VUDC as module
>>   * USB/misc: Enable UCSI as module
>>   * leds: Enable LEDS_TRIGGER_DISK, LEDS_TRIGGER_MTD, LEDS_TRIGGER_PANIC
>>   * IB: Enable INFINIBAND_HFI1, INFINIBAND_I40IW, INFINIBAND_QEDR, RDMA_RXE
>>     as modules
>>   * [amd64] EDAC: Enable EDAC_SKX as module
>>   * [x86] comedi: Enable COMEDI_ADV_PCI1720, COMEDI_ADV_PCI1760 as modules
>>   * [x86] platform: Enable INTEL_HID_EVENT as module
>>   * [x86] hwtracing: Enable INTEL_TH, INTEL_TH_PCI, INTEL_TH_GTH, INTEL_TH_MSU,
>>     INTEL_TH_PTI as modules
>>   * [rt] tracing: Enable HWLAT_TRACER
>>   * [x86] crypto: Enable CRYPTO_DEV_QAT_C3XXX, CRYPTO_DEV_QAT_C62X,
>>     CRYPTO_DEV_QAT_C3XXXVF, CRYPTO_DEV_QAT_C62XVF as modules
>>   * crypto: Enable CRYPTO_DEV_CHELSIO as module
>>   * [arm64] Enable ARMV8_DEPRECATED, SWP_EMULATION, CP15_BARRIER_EMULATION,
>>     SETEND_EMULATION (Closes: #861384)
>>   * udeb: Add tifm_7xx1 to mmc-modules (Closes: #861195)
>>   * leds: Enable LEDS_GPIO as module for all configurations with GPIOs
>>     (Closes: #860569)
>>   * selinux: Set SECURITY_SELINUX_CHECKREQPROT_VALUE=0, per default.
>>     This may break some old applications if SELinux is enabled, and can be
>>     reverted using the kernel parameter: checkreqprot=1
>>   * udeb: Move mfd-core to kernel-image, as both input-modules and
>>     mmc-modules need it
>>   * crypto: Change CRYPTO_SHA256 from module to built-in, as required by IMA
>> .
>>   [ Salvatore Bonaccorso ]
>>   * ping: implement proper locking (CVE-2017-2671)
>>   * macsec: avoid heap overflow in skb_to_sgvec (CVE-2017-7477)
>>   * macsec: dynamically allocate space for sglist
>>   * nfsd: check for oversized NFSv2/v3 arguments (CVE-2017-7645)
>>   * nfsd4: minor NFSv2/v3 write decoding cleanup
>>   * nfsd: stricter decoding of write-like NFSv2/v3 ops (CVE-2017-7895)
>> .
>>   [ Aurelien Jarno ]
>>   * [mips*/octeon] Drop obsolete patch adding support for the UBNT E200
>>     board.
>>   * [mips*el/loongson-3] Disable PAGE_EXTENSION and PAGE_POISONING.
>> .
>>   [ John Paul Adrian Glaubitz ]
>>   * [m68k] udeb: Enable suffix for kernel-image (Closes: #859366)
> 
> There was need of an ABI bump for this update, which should possibly be the
> last one before stretch release, but not completely ruled out.
> 
> unblock linux/4.9.25-1
> 
> Regards,
> Salvatore
> 

Thanks,
~Niels
Reply to: