=======================================
Sat, 18 Jul 2020 - Debian 9.13 released
=======================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:54:01 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from oldstable:
linux-headers-4.9.0-12-all | 4.9.210-1+deb9u1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:54:30 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from oldstable:
ata-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
btrfs-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
cdrom-core-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
crc-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
crypto-dm-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
crypto-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
efi-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
event-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
ext4-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
fat-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
fb-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
fuse-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
i2c-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
input-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
isofs-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
jfs-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
kernel-image-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
leds-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
linux-headers-4.9.0-12-all-arm64 | 4.9.210-1+deb9u1 | arm64
linux-headers-4.9.0-12-arm64 | 4.9.210-1+deb9u1 | arm64
linux-image-4.9.0-12-arm64 | 4.9.210-1+deb9u1 | arm64
linux-image-4.9.0-12-arm64-dbg | 4.9.210-1+deb9u1 | arm64
loop-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
md-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
mmc-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
multipath-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
nbd-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
nic-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
nic-shared-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
nic-usb-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
nic-wireless-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
ppp-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
sata-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
scsi-core-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
scsi-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
squashfs-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
udf-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
uinput-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
usb-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
usb-storage-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
virtio-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
xfs-modules-4.9.0-12-arm64-di | 4.9.210-1+deb9u1 | arm64
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:54:39 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from oldstable:
btrfs-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
cdrom-core-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
crc-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
crypto-dm-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
crypto-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
event-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
ext4-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
fat-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
fb-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
fuse-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
input-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
ipv6-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
isofs-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
jffs2-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
jfs-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
kernel-image-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
leds-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
linux-headers-4.9.0-12-all-armel | 4.9.210-1+deb9u1 | armel
linux-headers-4.9.0-12-marvell | 4.9.210-1+deb9u1 | armel
linux-image-4.9.0-12-marvell | 4.9.210-1+deb9u1 | armel
linux-image-4.9.0-12-marvell-dbg | 4.9.210-1+deb9u1 | armel
loop-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
md-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
minix-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
mmc-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
mouse-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
mtd-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
multipath-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
nbd-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
nic-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
nic-shared-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
nic-usb-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
ppp-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
sata-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
scsi-core-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
squashfs-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
udf-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
uinput-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
usb-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
usb-serial-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
usb-storage-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
zlib-modules-4.9.0-12-marvell-di | 4.9.210-1+deb9u1 | armel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:55:04 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from oldstable:
ata-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
btrfs-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
crc-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
crypto-dm-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
crypto-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
efi-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
event-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
ext4-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
fat-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
fb-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
fuse-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
i2c-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
input-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
isofs-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
jfs-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
kernel-image-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
leds-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
linux-headers-4.9.0-12-all-armhf | 4.9.210-1+deb9u1 | armhf
linux-headers-4.9.0-12-armmp | 4.9.210-1+deb9u1 | armhf
linux-headers-4.9.0-12-armmp-lpae | 4.9.210-1+deb9u1 | armhf
linux-image-4.9.0-12-armmp | 4.9.210-1+deb9u1 | armhf
linux-image-4.9.0-12-armmp-dbg | 4.9.210-1+deb9u1 | armhf
linux-image-4.9.0-12-armmp-lpae | 4.9.210-1+deb9u1 | armhf
linux-image-4.9.0-12-armmp-lpae-dbg | 4.9.210-1+deb9u1 | armhf
loop-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
md-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
mmc-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
mtd-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
multipath-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
nbd-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
nic-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
nic-shared-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
nic-usb-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
nic-wireless-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
pata-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
ppp-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
sata-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
scsi-core-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
scsi-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
squashfs-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
udf-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
uinput-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
usb-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
usb-storage-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
virtio-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
zlib-modules-4.9.0-12-armmp-di | 4.9.210-1+deb9u1 | armhf
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:55:14 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from oldstable:
acpi-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
acpi-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
ata-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
ata-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
btrfs-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
btrfs-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
cdrom-core-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
cdrom-core-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
crc-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
crc-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
crypto-dm-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
crypto-dm-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
crypto-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
crypto-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
efi-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
efi-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
event-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
event-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
ext4-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
ext4-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
fat-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
fat-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
fb-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
fb-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
firewire-core-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
firewire-core-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
fuse-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
fuse-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
hyperv-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
hyperv-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
i2c-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
i2c-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
input-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
input-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
isofs-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
isofs-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
jfs-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
jfs-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
kernel-image-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
kernel-image-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
linux-headers-4.9.0-12-686 | 4.9.210-1+deb9u1 | i386
linux-headers-4.9.0-12-686-pae | 4.9.210-1+deb9u1 | i386
linux-headers-4.9.0-12-all-i386 | 4.9.210-1+deb9u1 | i386
linux-headers-4.9.0-12-rt-686-pae | 4.9.210-1+deb9u1 | i386
linux-image-4.9.0-12-686 | 4.9.210-1+deb9u1 | i386
linux-image-4.9.0-12-686-dbg | 4.9.210-1+deb9u1 | i386
linux-image-4.9.0-12-686-pae | 4.9.210-1+deb9u1 | i386
linux-image-4.9.0-12-686-pae-dbg | 4.9.210-1+deb9u1 | i386
linux-image-4.9.0-12-rt-686-pae | 4.9.210-1+deb9u1 | i386
linux-image-4.9.0-12-rt-686-pae-dbg | 4.9.210-1+deb9u1 | i386
loop-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
loop-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
md-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
md-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
mmc-core-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
mmc-core-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
mmc-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
mmc-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
mouse-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
mouse-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
multipath-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
multipath-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
nbd-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
nbd-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
nic-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
nic-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
nic-pcmcia-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
nic-pcmcia-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
nic-shared-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
nic-shared-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
nic-usb-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
nic-usb-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
nic-wireless-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
nic-wireless-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
ntfs-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
ntfs-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
pata-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
pata-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
pcmcia-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
pcmcia-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
pcmcia-storage-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
pcmcia-storage-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
ppp-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
ppp-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
sata-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
sata-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
scsi-core-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
scsi-core-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
scsi-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
scsi-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
serial-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
serial-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
sound-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
sound-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
speakup-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
speakup-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
squashfs-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
squashfs-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
udf-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
udf-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
uinput-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
uinput-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
usb-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
usb-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
usb-serial-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
usb-serial-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
usb-storage-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
usb-storage-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
virtio-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
virtio-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
xfs-modules-4.9.0-12-686-di | 4.9.210-1+deb9u1 | i386
xfs-modules-4.9.0-12-686-pae-di | 4.9.210-1+deb9u1 | i386
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:55:33 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from oldstable:
affs-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
btrfs-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
cdrom-core-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
crc-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
crypto-dm-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
crypto-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
event-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
ext4-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
fat-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
fuse-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
hfs-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
input-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
isofs-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
jfs-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
kernel-image-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
linux-headers-4.9.0-12-5kc-malta | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
linux-headers-4.9.0-12-octeon | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
linux-image-4.9.0-12-5kc-malta | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
linux-image-4.9.0-12-5kc-malta-dbg | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
linux-image-4.9.0-12-octeon | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
linux-image-4.9.0-12-octeon-dbg | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
loop-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
md-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
minix-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
multipath-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
nbd-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
nic-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
nic-shared-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
nic-usb-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
nic-wireless-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
ntfs-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
pata-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
ppp-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
rtc-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
sata-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
scsi-core-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
scsi-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
sound-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
squashfs-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
udf-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
usb-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
usb-serial-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
usb-storage-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
virtio-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
xfs-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
zlib-modules-4.9.0-12-octeon-di | 4.9.210-1+deb9u1 | mips, mips64el, mipsel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:55:55 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from oldstable:
affs-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
ata-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
btrfs-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
cdrom-core-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
crc-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
crypto-dm-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
crypto-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
event-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
ext4-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
fat-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
fuse-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
hfs-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
i2c-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
input-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
isofs-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
jfs-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
kernel-image-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
linux-headers-4.9.0-12-4kc-malta | 4.9.210-1+deb9u1 | mips, mipsel
linux-image-4.9.0-12-4kc-malta | 4.9.210-1+deb9u1 | mips, mipsel
linux-image-4.9.0-12-4kc-malta-dbg | 4.9.210-1+deb9u1 | mips, mipsel
loop-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
md-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
minix-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
mmc-core-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
mmc-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
mouse-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
multipath-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
nbd-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
nic-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
nic-shared-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
nic-usb-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
nic-wireless-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
ntfs-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
pata-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
ppp-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
sata-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
scsi-core-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
scsi-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
sound-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
squashfs-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
udf-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
usb-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
usb-serial-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
usb-storage-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
virtio-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
xfs-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
zlib-modules-4.9.0-12-4kc-malta-di | 4.9.210-1+deb9u1 | mips, mipsel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:56:16 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from oldstable:
affs-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
ata-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
btrfs-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
cdrom-core-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
crc-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
crypto-dm-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
crypto-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
event-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
ext4-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
fat-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
fuse-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
hfs-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
i2c-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
input-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
isofs-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
jfs-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
kernel-image-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
linux-headers-4.9.0-12-all-mips64el | 4.9.210-1+deb9u1 | mips64el
loop-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
md-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
minix-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
mmc-core-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
mmc-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
mouse-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
multipath-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
nbd-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
nic-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
nic-shared-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
nic-usb-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
nic-wireless-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
ntfs-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
pata-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
ppp-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
sata-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
scsi-core-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
scsi-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
sound-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
squashfs-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
udf-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
usb-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
usb-serial-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
usb-storage-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
virtio-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
xfs-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
zlib-modules-4.9.0-12-5kc-malta-di | 4.9.210-1+deb9u1 | mips64el
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:56:34 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from oldstable:
affs-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
ata-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
btrfs-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
cdrom-core-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
crc-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
crypto-dm-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
crypto-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
event-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
ext4-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
fat-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
fb-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
firewire-core-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
fuse-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
hfs-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
input-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
isofs-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
jfs-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
kernel-image-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
linux-headers-4.9.0-12-loongson-3 | 4.9.210-1+deb9u1 | mips64el, mipsel
linux-image-4.9.0-12-loongson-3 | 4.9.210-1+deb9u1 | mips64el, mipsel
linux-image-4.9.0-12-loongson-3-dbg | 4.9.210-1+deb9u1 | mips64el, mipsel
loop-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
md-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
minix-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
multipath-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
nbd-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
nfs-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
nic-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
nic-shared-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
nic-usb-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
nic-wireless-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
ntfs-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
pata-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
ppp-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
sata-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
scsi-core-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
scsi-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
sound-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
speakup-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
squashfs-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
udf-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
usb-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
usb-serial-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
usb-storage-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
virtio-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
xfs-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
zlib-modules-4.9.0-12-loongson-3-di | 4.9.210-1+deb9u1 | mips64el, mipsel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:56:42 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from oldstable:
linux-headers-4.9.0-12-all-mipsel | 4.9.210-1+deb9u1 | mipsel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:56:57 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from oldstable:
ata-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
btrfs-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
cdrom-core-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
crc-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
crypto-dm-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
crypto-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
event-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
ext4-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
fancontrol-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
fat-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
firewire-core-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
fuse-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
hypervisor-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
input-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
isofs-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
jfs-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
kernel-image-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
linux-headers-4.9.0-12-all-ppc64el | 4.9.210-1+deb9u1 | ppc64el
linux-headers-4.9.0-12-powerpc64le | 4.9.210-1+deb9u1 | ppc64el
linux-image-4.9.0-12-powerpc64le | 4.9.210-1+deb9u1 | ppc64el
linux-image-4.9.0-12-powerpc64le-dbg | 4.9.210-1+deb9u1 | ppc64el
loop-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
md-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
mouse-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
multipath-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
nbd-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
nic-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
nic-shared-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
ppp-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
sata-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
scsi-core-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
scsi-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
serial-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
squashfs-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
udf-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
uinput-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
usb-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
usb-serial-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
usb-storage-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
virtio-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
xfs-modules-4.9.0-12-powerpc64le-di | 4.9.210-1+deb9u1 | ppc64el
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:57:30 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from oldstable:
acpi-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
ata-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
btrfs-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
cdrom-core-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
crc-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
crypto-dm-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
crypto-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
efi-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
event-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
ext4-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
fat-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
fb-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
firewire-core-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
fuse-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
hyperv-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
i2c-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
input-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
isofs-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
jfs-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
kernel-image-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
linux-headers-4.9.0-12-all-amd64 | 4.9.210-1+deb9u1 | amd64
linux-headers-4.9.0-12-amd64 | 4.9.210-1+deb9u1 | amd64
linux-headers-4.9.0-12-rt-amd64 | 4.9.210-1+deb9u1 | amd64
linux-image-4.9.0-12-amd64 | 4.9.210-1+deb9u1 | amd64
linux-image-4.9.0-12-amd64-dbg | 4.9.210-1+deb9u1 | amd64
linux-image-4.9.0-12-rt-amd64 | 4.9.210-1+deb9u1 | amd64
linux-image-4.9.0-12-rt-amd64-dbg | 4.9.210-1+deb9u1 | amd64
loop-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
md-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
mmc-core-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
mmc-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
mouse-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
multipath-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
nbd-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
nic-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
nic-pcmcia-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
nic-shared-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
nic-usb-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
nic-wireless-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
ntfs-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
pata-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
pcmcia-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
pcmcia-storage-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
ppp-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
sata-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
scsi-core-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
scsi-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
serial-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
sound-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
speakup-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
squashfs-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
udf-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
uinput-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
usb-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
usb-serial-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
usb-storage-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
virtio-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
xfs-modules-4.9.0-12-amd64-di | 4.9.210-1+deb9u1 | amd64
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:57:43 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from oldstable:
btrfs-modules-4.9.0-12-s390x-di | 4.9.210-1+deb9u1 | s390x
crc-modules-4.9.0-12-s390x-di | 4.9.210-1+deb9u1 | s390x
crypto-dm-modules-4.9.0-12-s390x-di | 4.9.210-1+deb9u1 | s390x
crypto-modules-4.9.0-12-s390x-di | 4.9.210-1+deb9u1 | s390x
dasd-extra-modules-4.9.0-12-s390x-di | 4.9.210-1+deb9u1 | s390x
dasd-modules-4.9.0-12-s390x-di | 4.9.210-1+deb9u1 | s390x
ext4-modules-4.9.0-12-s390x-di | 4.9.210-1+deb9u1 | s390x
fat-modules-4.9.0-12-s390x-di | 4.9.210-1+deb9u1 | s390x
fuse-modules-4.9.0-12-s390x-di | 4.9.210-1+deb9u1 | s390x
isofs-modules-4.9.0-12-s390x-di | 4.9.210-1+deb9u1 | s390x
kernel-image-4.9.0-12-s390x-di | 4.9.210-1+deb9u1 | s390x
linux-headers-4.9.0-12-all-s390x | 4.9.210-1+deb9u1 | s390x
linux-headers-4.9.0-12-s390x | 4.9.210-1+deb9u1 | s390x
linux-image-4.9.0-12-s390x | 4.9.210-1+deb9u1 | s390x
linux-image-4.9.0-12-s390x-dbg | 4.9.210-1+deb9u1 | s390x
loop-modules-4.9.0-12-s390x-di | 4.9.210-1+deb9u1 | s390x
md-modules-4.9.0-12-s390x-di | 4.9.210-1+deb9u1 | s390x
multipath-modules-4.9.0-12-s390x-di | 4.9.210-1+deb9u1 | s390x
nbd-modules-4.9.0-12-s390x-di | 4.9.210-1+deb9u1 | s390x
nic-modules-4.9.0-12-s390x-di | 4.9.210-1+deb9u1 | s390x
scsi-core-modules-4.9.0-12-s390x-di | 4.9.210-1+deb9u1 | s390x
scsi-modules-4.9.0-12-s390x-di | 4.9.210-1+deb9u1 | s390x
udf-modules-4.9.0-12-s390x-di | 4.9.210-1+deb9u1 | s390x
virtio-modules-4.9.0-12-s390x-di | 4.9.210-1+deb9u1 | s390x
xfs-modules-4.9.0-12-s390x-di | 4.9.210-1+deb9u1 | s390x
zlib-modules-4.9.0-12-s390x-di | 4.9.210-1+deb9u1 | s390x
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:58:20 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from oldstable:
linux-headers-4.9.0-12-all-mips | 4.9.210-1+deb9u1 | mips
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:58:37 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from oldstable:
linux-headers-4.9.0-12-common | 4.9.210-1+deb9u1 | all
linux-headers-4.9.0-12-common-rt | 4.9.210-1+deb9u1 | all
linux-support-4.9.0-12 | 4.9.210-1+deb9u1 | all
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux - based on source metadata)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:28:11 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from oldstable:
profphd | 1.0.42-1 | source, all
Closed bugs: 898826
------------------- Reason -------------------
RoM; unusable
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:28:37 -0000] [ftpmaster: Mark Hymers]
Removed the following packages from oldstable:
python-weboob | 1.2-1 | all
python-weboob-core | 1.2-1 | all
weboob | 1.2-1 | source, all
weboob-qt | 1.2-1 | all
Closed bugs: 905385
------------------- Reason -------------------
RoM; unmaintained; already removed from later releases
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:29:02 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
simpleid | 0.8.1-15 | source, all
Closed bugs: 929871
------------------- Reason -------------------
RoM; does not work with PHP7
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:29:36 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
firefox-esr | 60.9.0esr-1~deb9u1 | armel
Closed bugs: 952647
------------------- Reason -------------------
RoQA; version 68+ no longer supported on armel
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:29:58 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
firefox-esr | 52.9.0esr-1~deb9u1 | mips, mips64el, mipsel
Closed bugs: 952648
------------------- Reason -------------------
RoQA; missing B-D/FTBFS
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:30:16 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
libperlspeak-perl | 2.01-2 | source, all
Closed bugs: 954299
------------------- Reason -------------------
RoST; unmaintained; security issues
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:31:43 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
enigmail | 2:2.0.8-5~deb9u1 | source, all
Closed bugs: 956701
------------------- Reason -------------------
RoQA; incompatible with stretch's thunderbird
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:32:00 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
yahoo2mbox | 0.24-2 | source, all
Closed bugs: 958573
------------------- Reason -------------------
RoQA; unusable since 2013
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:32:26 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
kerneloops | 0.12+git20140509-6 | source, amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
kerneloops-applet | 0.12+git20140509-6 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
Closed bugs: 958576
------------------- Reason -------------------
RoQA; service http://oops.kernel.org no longer available
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:32:45 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
quotecolors | 0.3-4 | source
xul-ext-quotecolors | 0.3-4 | all
Closed bugs: 958923
------------------- Reason -------------------
RoM; incompatible with newer Thunderbird versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:33:04 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
torbirdy | 0.2.1-1 | source
xul-ext-torbirdy | 0.2.1-1 | all
Closed bugs: 959377
------------------- Reason -------------------
RoQA; incompatible with newer Thunderbird versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:33:25 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
libmicrodns | 0.0.3-3 | source
libmicrodns-dev | 0.0.3-3 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
libmicrodns0 | 0.0.3-3 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
Closed bugs: 959430
------------------- Reason -------------------
RoM; security issues
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:33:47 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
getlive | 2.4+cvs20120801-1 | source, all
Closed bugs: 959492
------------------- Reason -------------------
RoQA; Upstream Dead; Not Working Anymore
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:34:05 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
firefoxdriver | 2.53.2-3 | amd64, i386
selenium-firefoxdriver | 2.53.2-3 | source
Closed bugs: 960586
------------------- Reason -------------------
RoQA; does not support firefox beyond 52.0
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:34:25 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
pdns-recursor | 4.0.4-1+deb9u4 | source, amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
Closed bugs: 961270
------------------- Reason -------------------
RoM; unsupported
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:34:44 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
certificatepatrol | 2.0.14-5 | source
xul-ext-certificatepatrol | 2.0.14-5 | all
Closed bugs: 961515
------------------- Reason -------------------
ROM; No longer usable after xul deprecation, dead upstream
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:35:01 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
dynalogin | 1.0.0-3 | source
dynalogin-client-php | 1.0.0-3 | all
dynalogin-server | 1.0.0-3+b3 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
libdynalogin-1-0 | 1.0.0-3+b3 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
libdynaloginclient-1-0 | 1.0.0-3+b3 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
libpam-dynalogin | 1.0.0-3+b3 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
simpleid-store-dynalogin | 1.0.0-3 | all
Closed bugs: 964216
------------------- Reason -------------------
RoQA; depends on to-be-removed simpleid
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:35:19 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
simpleid-ldap | 1.0.1-2 | source, all
Closed bugs: 964217
------------------- Reason -------------------
RoQA; depends on to-be-removed simpleid
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:35:35 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
predictprotein | 1.1.07-2 | source, all
Closed bugs: 964316
------------------- Reason -------------------
RoM; depends on to-be-removed profphd
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:35:51 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
colorediffs-extension | 0.6.2012.01.27.14.07.45-1 | source
xul-ext-colorediffs | 0.6.2012.01.27.14.07.45-1 | all
Closed bugs: 964331
------------------- Reason -------------------
RoQA; incompatible with newer Thunderbird versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:36:12 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
fonts-mathematica | 20 | all
mathematica-fonts | 20 | source, all
Closed bugs: 964342
------------------- Reason -------------------
RoQA; relies on unavailable download location
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 18 Jul 2020 09:36:28 -0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
gplaycli | 0.2.1-1 | source, all
Closed bugs: 964883
------------------- Reason -------------------
RoQA; broken by Google API changes
----------------------------------------------
=========================================================================
ant (1.9.9-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* arbitrary file write vulnerability and arbitrary code execution using a
specially crafted zip file (CVE-2018-10886)
+ unzip and friends could monitor where they write more closely
+ forgot to update the manual
+ and forgot two words
+ change stripAbsolutePathSpec's default
+ add additional isLeadingPath method that resolves symlinks
+ take symlinks into account when expanding archives and
checking entries
* Add NEWS.Debian file to document possibly breaking changes
* Adjust versions to Debian version for the CVE-2018-10886 changes in
documentation.
apache-log4j1.2 (1.2.17-7+deb9u1) stretch-security; urgency=high
.
* Team upload.
* Fix CVE-2019-17571. (Closes: #947124)
Included in Log4j 1.2 is a SocketServer class that is vulnerable to
deserialization of untrusted data which can be exploited to remotely
execute arbitrary code when combined with a deserialization gadget when
listening to untrusted network traffic for log data.
apt (1.4.10) stretch-security; urgency=high
.
* SECURITY UPDATE: Out of bounds read in ar, tar implementations (LP: #1878177)
- apt-pkg/contrib/arfile.cc: Fix out-of-bounds read in member name
- apt-pkg/contrib/arfile.cc: Fix out-of-bounds read on unterminated
member names in error path
- apt-pkg/contrib/extracttar.cc: Fix out-of-bounds read on unterminated
member names in error path
- CVE-2020-3810
* Fix-up size in 1.4.9 security fix test case
* Add .gitlab-ci.yml for CI testing on Salsa
atril (1.16.1-2+deb9u2) stretch; urgency=medium
.
* Non-maintainer upload.
* dvi: Mitigate command injection attacks by quoting filename
(CVE-2017-1000159)
* Fix overflow checks in tiff backend (CVE-2019-1010006)
* tiff: Handle failure from TIFFReadRGBAImageOriented (CVE-2019-11459)
awl (0.57-1+deb9u1) stretch-security; urgency=high
.
* Fix two security vulnerablilites (closes: #956650)
+ CVE-2020-11728 "Session::__construct() allows use of the current time as
a session key"
+ CVE-2020-11729 "LSIDLogin() is insecure and can allow user
impersonation"
bacula (7.4.4+dfsg-6+deb9u1) stretch; urgency=medium
.
[Sven Hartge]
* Let PID files be owned by root. Mitigates a minor security problem
similar to CVE 2017-14610. Note that this change disables automatic
tracebacks.
.
[Carsten Leonhardt]
* Added transitional package bacula-director-common, the old leftover
package can't be safely purged otherwise (it deletes
/etc/bacula/bacula-dir.conf in postrm which now belongs to the
bacula-director package). For the case when the package
bacula-director-common is deinstalled but not purged, we neutralize
the offending postrm script when upgrading bacula-common. (Closes:
#880529)
base-files (9.9+deb9u13) stretch; urgency=medium
.
* Change /etc/debian_version to 9.13, for Debian 9.13 point release.
batik (1.8-4+deb9u2) stretch; urgency=medium
.
* Non-maintainer upload.
* CVE-2019-17566: Server-side request forgery via xlink:href attributes.
(Closes: #964510)
bind9 (1:9.10.3.dfsg.P4-12.3+deb9u6) stretch-security; urgency=medium
.
* [CVE-2020-8616]: Fix NXNSATTACK amplification attack on BIND 9
* [CVE-2020-8617]: Fix assertion failure in TSIG processing code
bluez (5.43-2+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Address INTEL-SA-00352 (CVE-2020-0556) (Closes: #953770)
- HOGP must only accept data from bonded devices
- HID accepts bonded device connections only
* input: hog: Attempt to set security level if not bonded
* input: Add LEAutoSecurity setting to input.conf
c-icap-modules (1:0.4.4-1+deb9u2) stretch; urgency=medium
.
* Non-maintainer upload.
* Backport support for ClamAV 0.102. (Closes: #952009)
ca-certificates (20200601~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
* Merge changes from 20200601
- d/control
* This release updates the Mozilla CA bundle to 2.40, blacklists
distrusted Symantec roots, and blacklists expired "AddTrust External
Root". Closes: #956411, #955038, #911289, #961907
* Fix permissions on /usr/local/share/ca-certificates when using symlinks.
Closes: #916833
* Remove email-only roots from mozilla trust store. Closes: #721976
ca-certificates (20190110) unstable; urgency=high
.
* debian/control:
Depend on openssl (>= 1.1.1).
Set Standards-Version: 4.3.0.1.
Set Build-Depends: debhelper-compat (= 12); drop d/compat
Remove trailing whitespace from d/changelog.
* debian/ca-certificates.postinst:
Fix permissions on /usr/local/share/ca-certificates when using symlinks.
Closes: #916833
* sbin/update-ca-certificates:
Remove orphan symlinks found in /etc/ssl/certs to prevent `openssl
rehash` from exiting with an error. Closes: #895482, #895473
This will also fix removal of user CA certificates from /usr/local without
needing to run --fresh. Closes: #911303
* mozilla/{certdata.txt,nssckbi.h}:
Update Mozilla certificate authority bundle to version 2.28.
The following certificate authorities were added (+):
+ "GlobalSign Root CA - R6"
+ "OISTE WISeKey Global Root GC CA"
The following certificate authorities were removed (-):
- "Certplus Root CA G1"
- "Certplus Root CA G2"
- "OpenTrust Root CA G1"
- "OpenTrust Root CA G2"
- "OpenTrust Root CA G3"
- "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5"
- "Visa eCommerce Root"
ca-certificates (20180409) unstable; urgency=medium
.
[ Michael Shuler ]
* mozilla/{certdata.txt,nssckbi.h}:
Update Mozilla certificate authority bundle to version 2.22.
The following certificate authorities were added (+):
+ "GDCA TrustAUTH R5 ROOT"
+ "SSL.com EV Root Certification Authority ECC"
+ "SSL.com EV Root Certification Authority RSA R2"
+ "SSL.com Root Certification Authority ECC"
+ "SSL.com Root Certification Authority RSA"
+ "TrustCor ECA-1"
+ "TrustCor RootCert CA-1"
+ "TrustCor RootCert CA-2"
The following certificate authorities were removed (-):
- "ACEDICOM Root"
- "AddTrust Low-Value Services Root"
- "AddTrust Public Services Root"
- "AddTrust Qualified Certificates Root"
- "CA Disig Root R1"
- "CNNIC ROOT"
- "Camerfirma Chambers of Commerce Root"
- "Camerfirma Global Chambersign Root"
- "Certinomis - Autorité Racine"
- "Certum Root CA"
- "China Internet Network Information Center EV Certificates Root"
- "Comodo Secure Services root"
- "Comodo Trusted Services root"
- "DST ACES CA X6"
- "GeoTrust Global CA 2"
- "PSCProcert"
- "Security Communication EV RootCA1"
- "Swisscom Root CA 1"
- "Swisscom Root CA 2"
- "Swisscom Root EV CA 2"
- "TURKTRUST Certificate Services Provider Root 2007"
- "TUBITAK UEKAE Kok Sertifika Hizmet Saglayicisi - Surum 3"
- "UTN USERFirst Hardware Root CA"
* mozilla/blacklist.txt
Update blacklist to remove certificates no longer in certdata.txt and
explicitly ignore distrusted certificates.
* debian/copyright:
Fix lintian insecure-copyright-format-uri with https URL.
* debian/changelog:
Fix lintian file-contains-trailing-whitespace.
* debian/{compat,control}:
Set to debhelper compat 11.
* Update openssl dependency to >= 1.1.0 to support `openssl rehash` and drop
usage of `c_rehash` script. Closes: #895075
.
[ Thijs Kinkhorst ]
* Remove Christian Perrier from uploaders at his request (closes: #894070).
* Checked for policy 4.1.4, no changes.
ca-certificates (20170717) unstable; urgency=medium
.
* Update to Standards-Version: 4.0.1
* debian/ca-certificates.postinst:
Prevent postinst failure on read-only /usr/local. Closes: #843722
* mozilla/certdata2pem.py:
Remove email-only roots from mozilla trust store. Closes: #721976
* mozilla/{certdata.txt,nssckbi.h}:
Update Mozilla certificate authority bundle to version 2.14.
Closes: #858064
The following certificate authorities were added (+):
+ "AC RAIZ FNMT-RCM"
+ "Amazon Root CA 1"
+ "Amazon Root CA 2"
+ "Amazon Root CA 3"
+ "Amazon Root CA 4"
+ "D-TRUST Root CA 3 2013"
+ "LuxTrust Global Root 2"
+ "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1"
The following certificate authorities were removed (-):
- "AC Raiz Certicamara S.A."
- "ApplicationCA - Japanese Government"
- "Buypass Class 2 CA 1"
- "ComSign CA"
- "EBG Elektronik Sertifika Hizmet Saglayicisi"
- "Equifax Secure CA"
- "Equifax Secure eBusiness CA 1"
- "Equifax Secure Global eBusiness CA"
- "IGC/A"
- "Juur-SK"
- "Microsec e-Szigno Root CA"
- "Root CA Generalitat Valenciana"
- "RSA Security 2048 v3"
- "S-TRUST Authentication and Encryption Root CA 2005 PN"
- "S-TRUST Universal Root CA"
- "SwissSign Platinum CA - G2"
- "TC TrustCenter Class 3 CA II"
- "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6"
- "UTN USERFirst Email Root CA"
- "Verisign Class 1 Public Primary Certification Authority"
- "Verisign Class 1 Public Primary Certification Authority - G3"
- "Verisign Class 2 Public Primary Certification Authority - G2"
- "Verisign Class 2 Public Primary Certification Authority - G3"
- "Verisign Class 3 Public Primary Certification Authority"
- "WellsSecure Public Root Certificate Authority"
checkstyle (6.15-1+deb9u1) stretch; urgency=medium
.
* Team upload.
* Fix CVE-2019-9658 and CVE-2019-10782:
Security researchers from Snyk discovered that the fix for CVE-2019-9658
was incomplete. Checkstyle, a development tool to help programmers write
Java code that adheres to a coding standard, was still vulnerable to XML
External Entity (XXE) injection. (Closes: #924598)
chromium (73.0.3683.75-1~deb9u1) stretch-security; urgency=medium
.
* New upstream stable release.
- CVE-2019-5787: Use after free in Canvas. Reported by Zhe Jin
- CVE-2019-5788: Use after free in FileAPI. Reported by Mark Brand
- CVE-2019-5789: Use after free in WebMIDI. Reported by Mark Brand
- CVE-2019-5790: Heap buffer overflow in V8. Reported by Dimitri Fourny
- CVE-2019-5791: Type confusion in V8. Reported by Choongwoo Han
- CVE-2019-5792: Integer overflow in PDFium. Reported by pdknsk
- CVE-2019-5793: Excessive permissions for private API in Extensions.
Reported by Jun Kokatsu
- CVE-2019-5794: Security UI spoofing. Reported by Juno Im of Theori
- CVE-2019-5795: Integer overflow in PDFium. Reported by pdknsk
- CVE-2019-5796: Race condition in Extensions. Reported by Mark Brand
- CVE-2019-5797: Race condition in DOMStorage. Reported by Mark Brand
- CVE-2019-5798: Out of bounds read in Skia. Reported by Tran Tien Hung
- CVE-2019-5799: CSP bypass with blob URL. Reported by sohalt
- CVE-2019-5800: CSP bypass with blob URL. Reported by Jun Kokatsu
- CVE-2019-5802: Security UI spoofing. Reported by Ronni Skansing
- CVE-2019-5803: CSP bypass with Javascript URLs'. Reported by Andrew
Comminos
chromium (73.0.3683.56-2) experimental; urgency=medium
.
* Fix build failure on armhf.
chromium (73.0.3683.56-1) experimental; urgency=medium
.
* New upstream beta release.
chromium (73.0.3683.39-1) experimental; urgency=medium
.
* New upstream beta release.
chromium (72.0.3626.122-1) unstable; urgency=medium
.
* New upstream stable release.
chromium (72.0.3626.121-1) unstable; urgency=medium
.
* New upstream stable release.
- CVE-2019-5786: Use-after-free in FileReader
chromium (72.0.3626.109-1) unstable; urgency=medium
.
* New upstream stable release.
- CVE-2019-5784: Inappropriate implementation in V8. Reported by Lucas
Pinheiro
* Build pdfium using system lcms.
* Renable support for kerberos (closes: #916684).
* Fix 32-bit type error in the vaapi implementation (closes: #921823).
chromium (72.0.3626.96-1~deb9u1) stretch-security; urgency=medium
.
* New upstream stable release.
- CVE-2019-5784: Inappropriate implementation in V8. Reported by Lucas
Pinheiro
chromium (72.0.3626.81-1) unstable; urgency=medium
.
* New upstream stable release.
- Stack buffer overflow in Skia. Reported by Ivan Fratric
- Use after free in Mojo, FileAPI, and Payments. Reported by Mark Brand
- CVE-2018-17481: Use after free in PDFium. Reported by Anonymous
- CVE-2019-5754: Inappropriate implementation in QUIC Networking. Reported
by Klzgrad
- CVE-2019-5755: Inappropriate implementation in V8. Reported by Jay
Bosamiya
- CVE-2019-5756: Use after free in PDFium. Reported by Anonymous
- CVE-2019-5757: Type Confusion in SVG. Reported by Alexandru Pitis
- CVE-2019-5758: Use after free in Blink. Reported by Zhe Jin
- CVE-2019-5759: Use after free in HTML select elements. Reported by Almog
Benin
- CVE-2019-5760: Use after free in WebRTC. Reported by Zhe Jin
- CVE-2019-5762: Use after free in PDFium. Reported by Anonymous
- CVE-2019-5763: Insufficient validation of untrusted input in V8.
Reported by Guang Gong
- CVE-2019-5764: Use after free in WebRTC. Reported by Eyal Itkin
- CVE-2019-5765: Insufficient policy enforcement in the browser. Reported
by Sergey Toshin
- CVE-2019-5766: Insufficient policy enforcement in Canvas. Reported by
David Erceg
- CVE-2019-5767: Incorrect security UI in WebAPKs. Reported by Haoran Lu,
Yifan Zhang, Luyi Xing, and Xiaojing Liao
- CVE-2019-5768: Insufficient policy enforcement in DevTools. Reported by
Rob Wu
- CVE-2019-5769: Insufficient validation of untrusted input in Blink.
Reported by Guy Eshel
- CVE-2019-5770: Heap buffer overflow in WebGL. Reported by hemidallt
- CVE-2019-5772: Use after free in PDFium. Reported by Zhen Zhou
- CVE-2019-5773: Insufficient data validation in IndexedDB. Reported by
Yongke Wang
- CVE-2019-5774: Insufficient validation of untrusted input in
SafeBrowsing. Reported by Junghwan Kang and Juno Im
- CVE-2019-5775: Insufficient policy enforcement in Omnibox. Reported by
evi1m0
- CVE-2019-5776: Insufficient policy enforcement in Omnibox. Reported by
Lnyas Zhang
- CVE-2019-5777: Insufficient policy enforcement in Omnibox. Reported by
Khalil Zhani
- CVE-2019-5778: Insufficient policy enforcement in Extensions. Reported
by David Erceg
- CVE-2019-5779: Insufficient policy enforcement in ServiceWorker.
Reported by David Erceg
- CVE-2019-5780: Insufficient policy enforcement. Reported by Andreas
Hegenberg
- CVE-2019-5781: Insufficient policy enforcement in Omnibox. Reported by
evi1m0
- CVE-2019-5782: Inappropriate implementation in V8 reported by Qixun Zhao
- CVE-2019-5783: Insufficient validation of untrusted input in DevTools.
Reported by Shintaro Kobori
* Opt out of all Google web service options by default (closes: #916320).
* Enable support for hardware accelerated video decoding (closes: #856255).
- Thanks to Akarshan Biswas.
chromium (72.0.3626.53-1) unstable; urgency=medium
.
* New upstream beta release.
* Organize the gcc 6 patches.
* Update standards version to 4.3.0.
* Drop libsrtp from the build dependencies (closes: #918542).
chromium (72.0.3626.7-6) unstable; urgency=medium
.
* Upload to unstable: fix FTBFS on arm64 and armhf
chromium (72.0.3626.7-5) experimental; urgency=medium
.
* Fix armhf and arm64 builds
chromium (72.0.3626.7-4) unstable; urgency=medium
.
* Reenable support for widevine (closes: #916058).
* Update maintainer to chromium@packages.debian.org (closes: #915988).
chromium (72.0.3626.7-3) unstable; urgency=medium
.
* Remove unintended extra brace in arm patch.
chromium (72.0.3626.7-2) experimental; urgency=medium
.
* Fix build failures on arm.
chromium (72.0.3626.7-1) experimental; urgency=medium
.
* New upstream developmental release.
chromium (71.0.3578.80-1) unstable; urgency=medium
.
* New upstream stable release.
- CVE-2018-17480: Out of bounds write in V8. Reported by Guang Gong
- CVE-2018-17481: Use after frees in PDFium. Reported by Anonymous
- CVE-2018-18335: Heap buffer overflow in Skia. Reported by Anonymous
- CVE-2018-18336: Use after free in PDFium. Reported by Huyna
- CVE-2018-18337: Use after free in Blink. Reported by cloudfuzzer
- CVE-2018-18338: Heap buffer overflow in Canvas. Reported by Zhe Jin
- CVE-2018-18339: Use after free in WebAudio. Reported by cloudfuzzer
- CVE-2018-18340: Use after free in MediaRecorder. Reported by Anonymous
- CVE-2018-18341: Heap buffer overflow in Blink. Reported by cloudfuzzer
- CVE-2018-18342: Out of bounds write in V8. Reported by Guang Gong
- CVE-2018-18343: Use after free in Skia. Reported by Tran Tien Hung
- CVE-2018-18344: Inappropriate implementation in Extensions. Reported by
Jann Horn
- CVE-2018-18345: Inappropriate implementation in Site Isolation. Reported
by Masato Kinugawa and Jun Kokatsu
- CVE-2018-18346: Incorrect security UI in Blink. Reported by Luan Herrera
- CVE-2018-18347: Inappropriate implementation in Navigation. Reported by
Luan Herrera
- CVE-2018-18348: Inappropriate implementation in Omnibox. Reported by
Ahmed Elsobky
- CVE-2018-18349: Insufficient policy enforcement in Blink. Reported by
David Erceg
- CVE-2018-18350: Insufficient policy enforcement in Blink. Reported by
Jun Kokatsu
- CVE-2018-18351: Insufficient policy enforcement in Navigation. Reported
by Jun Kokatsu
- CVE-2018-18352: Inappropriate implementation in Media. Reported by Jun
Kokatsu
- CVE-2018-18353: Inappropriate implementation in Network Authentication.
Reported by Wenxu Wu
- CVE-2018-18354: Insufficient data validation in Shell Integration.
Reported by Wenxu Wu
- CVE-2018-18355: Insufficient policy enforcement in URL Formatter.
Reported by evi1m0
- CVE-2018-18356: Use after free in Skia. Reported by Tran Tien Hung
- CVE-2018-18357: Insufficient policy enforcement in URL Formatter.
Reported by evi1m0
- CVE-2018-18358: Insufficient policy enforcement in Proxy. Reported by
Jann Horn
- CVE-2018-18359: Out of bounds read in V8. Reported by cyrilliu
- Inappropriate implementation in PDFium. Reported by Salem Faisal
Elmrayed
- Use after free in Extensions. Reported by Zhe Jin
- Inappropriate implementation in Navigation. Reported by Luan Herrera
- Inappropriate implementation in Navigation. Reported by Jesper van den
Ende
- Insufficient policy enforcement in Navigation. Reported by Ryan Pickren
- Insufficient policy enforcement in URL Formatter. Reported by evi1m0
chromium (71.0.3578.62-1) unstable; urgency=medium
.
* New upstream beta release.
* Rename the source package to chromium.
* Build using the system jsoncpp library.
* Remove non-free unrar source from the upstream tarball (closes: #914487).
- Requires safe browsing inspection of rar files to be disabled.
chromium (0.9.12-13) unstable; urgency=low
* New maintainer (Closes: #417805).
* Use quilt instead of dpatch.
* debian/control:
+ Set maintainer to the Debian Games Team.
+ Set policy to 3.7.2.
+ Added Vcs fields.
+ Uncapitalised short description.
* debian/compat:
+ Set level to 5.
* debian/chromium.desktop:
+ Added Ubuntu’s .desktop, thanks to Reinhard Tartler (Closes: #364276).
* 05_wall_flag.diff:
+ New patch. Add -Wall -W -g to the build flags.
* debian/patches/35_powerup_crash.diff:
+ Fix a crash in the powerhup handling, courtesy of Brandon Barne
(Closes: #411614).
* debian/patches/40_sdl_quit.diff:
+ Honour SDL_QUIT, courtesy of Thue Janus Kristensen (Closes: #390313).
chromium (0.9.12-12) unstable; urgency=low
* Rebuild for new openal
- Added build dep on libalut-dev
- Changed AL patch to more correctly use its API
- Added -lalut to the configure patch
* Changed debhelper compat level to 4
chromium (0.9.12-11) unstable; urgency=low
* Made build-dep on openal more strict to avoid FTBFS
(Closes: #332588)
* Changed xlibmesa build dep to glu version (Closes: 328042)
chromium (0.9.12-9) unstable; urgency=low
* add build-dep on dpatch :-(
chromium (0.9.12-8) unstable; urgency=low
* Rebuild for CXX transition
* dpatch-ification
- removed some unneeded casts for g++4
- Updated some code to new OpenAL API
* bumped policy version to 3.6.2.0
chromium (0.9.12-7) unstable; urgency=low
* Fixed segv when reading highscore file(Closes: 300150)
Thanks to Alan Woodland
chromium (0.9.12-6) unstable; urgency=low
* Fixed sound fx level relative to music (Closes: 215037)
Thanks to Joachim Breitner
chromium (0.9.12-5) unstable; urgency=low
* Added menu icon, thanks to Mark Purcell(Closes: 273439)
* Quoted all entries in the menu file
* Upped standards version to 3.6.1.0
chromium (0.9.12-4) unstable; urgency=low
* Removed rpath hack as sed seems to be buggy on ARM. :(
chromium (0.9.12-3) unstable; urgency=low
* Updated the description to be a bit more informative.
* Added a hack to get around sdl-config's insertion of rpaths.
chromium (0.9.12-2) unstable; urgency=low
* Fixed bug that put binary in /usr/bin instead of /usr/games
(Closes: 183776)
chromium (0.9.12-1) unstable; urgency=low
* New Upstream release. (Closes: 178254)
* New Maintainer (Closes: 182982)
* Added note about music playing to README.Debian
(Closes: 177244)
* Repackaged so that it is not a debian native package.
* Now uses system libs for openAL and libglpng instead
of local static versions.
* Changed Data directory to just [...]/chromium instead of
chromium-data/
* passed in data directory to compilation making the
wrapper script obsolete.
chromium-browser (71.0.3578.80-1~deb9u1) stretch-security; urgency=medium
.
* New upstream stable release.
- CVE-2018-17480: Out of bounds write in V8. Reported by Guang Gong
- CVE-2018-17481: Use after frees in PDFium. Reported by Anonymous
- CVE-2018-18335: Heap buffer overflow in Skia. Reported by Anonymous
- CVE-2018-18336: Use after free in PDFium. Reported by Huyna
- CVE-2018-18337: Use after free in Blink. Reported by cloudfuzzer
- CVE-2018-18338: Heap buffer overflow in Canvas. Reported by Zhe Jin
- CVE-2018-18339: Use after free in WebAudio. Reported by cloudfuzzer
- CVE-2018-18340: Use after free in MediaRecorder. Reported by Anonymous
- CVE-2018-18341: Heap buffer overflow in Blink. Reported by cloudfuzzer
- CVE-2018-18342: Out of bounds write in V8. Reported by Guang Gong
- CVE-2018-18343: Use after free in Skia. Reported by Tran Tien Hung
- CVE-2018-18344: Inappropriate implementation in Extensions. Reported by
Jann Horn
- CVE-2018-18345: Inappropriate implementation in Site Isolation. Reported
by Masato Kinugawa and Jun Kokatsu
- CVE-2018-18346: Incorrect security UI in Blink. Reported by Luan Herrera
- CVE-2018-18347: Inappropriate implementation in Navigation. Reported by
Luan Herrera
- CVE-2018-18348: Inappropriate implementation in Omnibox. Reported by
Ahmed Elsobky
- CVE-2018-18349: Insufficient policy enforcement in Blink. Reported by
David Erceg
- CVE-2018-18350: Insufficient policy enforcement in Blink. Reported by
Jun Kokatsu
- CVE-2018-18351: Insufficient policy enforcement in Navigation. Reported
by Jun Kokatsu
- CVE-2018-18352: Inappropriate implementation in Media. Reported by Jun
Kokatsu
- CVE-2018-18353: Inappropriate implementation in Network Authentication.
Reported by Wenxu Wu
- CVE-2018-18354: Insufficient data validation in Shell Integration.
Reported by Wenxu Wu
- CVE-2018-18355: Insufficient policy enforcement in URL Formatter.
Reported by evi1m0
- CVE-2018-18356: Use after free in Skia. Reported by Tran Tien Hung
- CVE-2018-18357: Insufficient policy enforcement in URL Formatter.
Reported by evi1m0
- CVE-2018-18358: Insufficient policy enforcement in Proxy. Reported by
Jann Horn
- CVE-2018-18359: Out of bounds read in V8. Reported by cyrilliu
- Inappropriate implementation in PDFium. Reported by Salem Faisal
Elmrayed
- Use after free in Extensions. Reported by Zhe Jin
- Inappropriate implementation in Navigation. Reported by Luan Herrera
- Inappropriate implementation in Navigation. Reported by Jesper van den
Ende
- Insufficient policy enforcement in Navigation. Reported by Ryan Pickren
- Insufficient policy enforcement in URL Formatter. Reported by evi1m0
chromium-browser (70.0.3538.110-1) unstable; urgency=medium
.
* New upstream security release.
- CVE-2018-17479: Use-after-free in GPU.
clamav (0.102.3+dfsg-0~deb9u1) stretch; urgency=medium
.
[ Sebastian Andrzej Siewior ]
* Import 0.102.3
- CVE-2020-3327 (A vulnerability in the ARJ archive parsing module)
- CVE-2020-3341 (A vulnerability in the PDF parsing module)
* Update symbol file.
.
[ Scott Kitterman ]
* Add Suggests for unversioned libclamunrar package on clamav-daemon and
clamav binaries
clamav (0.102.2+dfsg-2) unstable; urgency=medium
.
* Add a patch to let freshclam consider CURL_CA_BUNDLE environment variable
to set the CA bundle (like curl does) (Closes: #951057).
* Recommend ca-certificates, new freshclash uses https by default.
* Bump standards-version to 4.5.0 without further change
* Use dh-compat level 12.
clamav (0.102.2+dfsg-1) unstable; urgency=medium
.
* Import 0.102.2
- CVE-2020-3123 (DoS may occur in the optional DLP feature)
(Closes: 950944).
* Update symbol file.
* Set ReceiveTimeout to 0 which is upstream default.
clamav (0.102.2+dfsg-0+deb10u1) buster; urgency=medium
.
* Import 0.102.2
- CVE-2020-3123 (DoS may occur in the optional DLP feature)
(Closes: 950944).
* Update symbol file.
* Set ReceiveTimeout to 0 which is upstream default.
* Add a patch to let freshclam consider CURL_CA_BUNDLE environment variable
to set the CA bundle (like curl does) (Closes: #951057).
* Recommend ca-certificates, new freshclash uses https by default.
clamav (0.102.2+dfsg-0~deb9u1) stretch; urgency=medium
.
* Import 0.102.2
- CVE-2020-3123 (DoS may occur in the optional DLP feature)
(Closes: 950944).
* Update symbol file.
* Set ReceiveTimeout to 0 which is upstream default.
* Add a patch to let freshclam consider CURL_CA_BUNDLE environment variable
to set the CA bundle (like curl does) (Closes: #951057).
* Recommend ca-certificates, new freshclash uses https by default.
clamav (0.102.1+dfsg-3) unstable; urgency=medium
.
* clamav-daemon: Do not cause an error on start if /run/clamav already
exists
* clamav-daemon: Correct error from ScanOnAccess option removal so that
setting LogFile options via DebConf works again (Closes: #950296)
(LP: #1861497)
clamav (0.102.1+dfsg-2) unstable; urgency=medium
.
* Add the clamonacc binary to the clamav-daemon package.
* Drop ScanOnAccess option. The clamonacc provides this functionality.
clamav (0.102.1+dfsg-1) unstable; urgency=medium
.
* Import 0.102.1 (Closes: #945265)
- CVE-2019-15961 (A Denial-of-Service as a result of excessively long scan
times).
- Let freshclam show progress during download (Closes: #690789).
* Update symbol file.
* Add libfreshclam to the libclamav9 package.
clamav (0.102.1+dfsg-0+deb10u2) buster; urgency=medium
.
* clamav-daemon: Correct error from ScanOnAccess option removal so that
setting LogFile options via DebConf works again (Closes: #950296)
.
clamav (0.102.1+dfsg-0+deb10u1) buster; urgency=medium
.
* Import 0.102.1 (Closes: #945265)
- CVE-2019-15961 (A Denial-of-Service as a result of excessively long scan
times).
- Let freshclam show progress during download (Closes: #690789).
* Update symbol file.
* Add libfreshclam to the libclamav9 package.
* Add the clamonacc binary to the clamav-daemon package.
* Drop ScanOnAccess option. The clamonacc provides this functionality.
clamav (0.102.1+dfsg-0+deb10u1) buster; urgency=medium
.
* Import 0.102.1 (Closes: #945265)
- CVE-2019-15961 (A Denial-of-Service as a result of excessively long scan
times).
- Let freshclam show progress during download (Closes: #690789).
* Update symbol file.
* Add libfreshclam to the libclamav9 package.
* Add the clamonacc binary to the clamav-daemon package.
* Drop ScanOnAccess option. The clamonacc provides this functionality.
compactheader (3.0.0~beta5-2~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
- Lower dh compat to 10.
compactheader (3.0.0~beta5-1) unstable; urgency=medium
.
* [89f1683] d/control: adding versioned B-D on mozilla-devscripts
Using mozilla-devscripts need to be based on some recent version.
* [3503e4b] debhelper: use debhelper-compat in B-D
Moving over to debhelper-compat version 12, reducing the maintenance of
used files.
* [e3ef1f4] d/control: bump Standards-Version to 4.4.1
No further changes needed.
* [e1787a9] d/control: move Homepage info over to GitHub
The upstream project lives basically more on GitHub than on the old mozdev
website.
* [8944c9d] d/gbp.conf: exclude some more VCS files
The upstream source can include some old Mercurial VCS controlling files
which are useless fur us, exclude them while importing the source.
* [8b0d586] New upstream version 3.0.0~beta5
The AddOn is now full web-extension based.
(Closes: #944021)
* [ca0fad3] Remove patch queue
The one patch we have used within the patch queue isn't needed any more.
* [f6a6dca] d/control: remove B-D on mozilla-devscripts
For now drop the usage of any helper from mozilla-devscripts as it brings
no gain or advantage. The dh sequencers are enough to build the package.
* [c578353] d/control: add new package webext-compactheader
The source of the package is now web-extension based only, no old
transitional xul stuff is included. So make this visible by moving the
main binary package over to webext-* syntax.
* [d12d2a1] d/rules: adjust package install
Clean up all non needed xul-* helpers, makes the mostly needed target
reduced to the quite the minimum.
* [37b1cd3] d/copyright: update file content
Update to data reflecting the year 2019.
* [4ed4c79] webext-compactheader: adding install sequencer file
* [77cf260] webext-compactheader: adding linking sequencer file
* [aebb2f8] d/control: no root rights needed for package build
* [7c1da48] d/control: adding dependency on TB >= 68.0
* [b9a01cf] Remove install of outdated file upstream-changelog
The previously installed upstream changelog file isn't really helpful and
outdated. We can drop it simply.
compactheader (2.1.6-1) unstable; urgency=medium
.
[ Carsten Schoenert ]
* [73171e8] d/watch: adjust to use the GitHub tree from jmozmoz
Using the move over of the Mozilla AddOn platform to
addons.thunderbird.net to also move the d/watch entry to the upstream Git
tree on GitHub.
* [229df45] d/control: increase Standards-Version to 4.2.1
No further changes needed.
* [d44b452] d/control: move package to webext-text team
One more move to the packaging Git tree, as we decided on the Bof while
Debconf 18 in Hsinchu the future of the Mozilla AddOns will be
WebExtension it's logical to collect all extensions we package for Debian
in the Salsa group for WebExtensions:
https://salsa.debian.org/webext-team/
* [d482d8f] New upstream version 2.1.6
coturn (4.5.0.5-1+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* specially crafted HTTP POST request can lead to heap overflow which can
result in information leak (CVE-2020-6061) (Closes: #951876)
* specially crafted HTTP POST request can lead to server crash and denial of
service (CVE-2020-6062) (Closes: #951876)
* init with zero any new or reused stun buffers (CVE-2020-4067)
cram (0.7-1+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Accept any test result to work around build failures.
csync2 (2.0-8-g175a01c-4+deb9u1) stretch; urgency=medium
.
* Add patch for CVE-2019-15522 (Closes: #955445)
cups (2.2.1-8+deb9u6) stretch; urgency=medium
.
* Backport upstream security fixes:
- CVE-2020-3898: heap-buffer-overflow in libcups’s ppdFindOption()
function in ppd-mark.c
- CVE-2019-8842: The `ippReadIO` function may under-read an extension
field
curl (7.52.1-5+deb9u10) stretch-security; urgency=high
.
* Fix TFTP receive buffer overflow as per CVE-2019-5436 (Closes: #929351)
https://curl.haxx.se/docs/CVE-2019-5436.html
* Fix FTP-KRB double-free as per CVE-2019-5481 (Closes: #940009)
https://curl.haxx.se/docs/CVE-2019-5481.html
* Fix TFTP small blocksize heap buffer overflow as per CVE-2019-5482
(Closes: #940010)
https://curl.haxx.se/docs/CVE-2019-5482.html
dbus (1.10.32-0+deb9u1) stretch; urgency=medium
.
* New upstream stable release
- CVE-2020-12049: Prevent a denial of service attack in which a local
user can make the system dbus-daemon run out of file descriptors
- Prevent use-after-free if two usernames share a uid
debian-installer (20170615+deb9u9) stretch; urgency=medium
.
* Bump linux ABI to 4.9.0-13.
debian-installer-netboot-images (20170615+deb9u9) stretch; urgency=medium
.
* Update to 20170615+deb9u9 images, from stretch-proposed-updates
debian-security-support (2020.06.21~deb9u1) stretch; urgency=medium
.
* This update for stretch only contains changes to the files
security-support-limited and security-support-ended.deb(8|9|10) from
version 2020.06.21 from unstable, the changes in detail are:
- from 2020.06.21:
* Add cinder (OpenStack component) to security-support-ended.deb8.
- from 2020.06.11:
* Also add unbound to security-support-ended.deb8 - see DSA 4694-1
and https://lists.debian.org/debian-lts/2020/06/msg00024.html and
follow-ups.
- from 2020.06.09:
* Add unbound to security-support-ended.deb9 (see DSA 4694-1).
- from 2020.05.22:
* Add pdns-recursor to security-support-ended.deb9 as explained in
DSA-4691-1.
- from 2020.05.08:
* Mark OpenStack packages as being unsupported in LTS; "jessie lost support
from upstream just a few weeks after the release."
- from 2020.04.16:
* Add tor to security-support-ended.deb8 as well, see DSA 4644-1.
* Add libperlspeak-perl to security-support-ended.deb(8|9|10), because of
CVE-2020-10674 (#954238), also see #954297, #954298 and #954299.
- from 2020.03.22:
* Add tor to security-support-ended.deb9, see DSA 4644-1.
- from 2020.03.15:
* security-support-limited/zoneminder: declare limited support behind an
authenticated HTTP zone (see #922724).
- from 2020.03.05:
* Add xen to security-support-ended.deb8.
- from 2020.02.21:
* Add nodejs to security-support-ended.deb8 and .deb9.
- from 2020.01.21:
* Add nethack to security-support-ended.deb8.
* Mark xen as end-of-life for Stretch (DSA 4602-1).
debian-security-support (2020.06.11) unstable; urgency=medium
.
* Also add unbound to security-support-ended.deb8 - see DSA 4694-1
and https://lists.debian.org/debian-lts/2020/06/msg00024.html and
follow-ups.
debian-security-support (2020.06.09) unstable; urgency=medium
.
[ Salvatore Bonaccorso ]
* Add unbound to security-support-ended.deb9 (see DSA 4694-1).
debian-security-support (2020.05.22) unstable; urgency=medium
.
* Add pdns-recursor to security-support-ended.deb9 as explained in
DSA-4691-1.
debian-security-support (2020.05.08) unstable; urgency=medium
.
[ Chris Lamb ]
* Mark OpenStack packages as being unsupported in LTS; "jessie lost support
from upstream just a few weeks after the release."
debian-security-support (2020.04.16) unstable; urgency=medium
.
* Add tor to security-support-ended.deb8 as well, see DSA 4644-1.
* Add libperlspeak-perl to security-support-ended.deb(8|9|10), because of
CVE-2020-10674 (#954238), also see #954297, #954298 and #954299.
debian-security-support (2020.04.16~deb10u2) buster; urgency=medium
.
* Re-upload for buster.
.
debian-security-support (2020.04.16) unstable; urgency=medium
.
* Add tor to security-support-ended.deb8 as well, see DSA 4644-1.
* Add libperlspeak-perl to security-support-ended.deb(8|9|10), because of
CVE-2020-10674 (#954238), also see #954297, #954298 and #954299.
.
debian-security-support (2020.03.22) unstable; urgency=medium
.
[ Salvatore Bonaccorso ]
* Add tor to security-support-ended.deb9, see DSA 4644-1.
.
debian-security-support (2020.03.15) unstable; urgency=medium
.
[ Dmitry Smirnov ]
* security-support-limited/zoneminder: declare limited support behind an
authenticated HTTP zone (see #922724).
.
[ Daniel Shahaf ]
* Revert unintentional output change in #951874 4/4. Closes: #953732.
.
debian-security-support (2020.03.05) unstable; urgency=medium
.
[ Bastian Blank ]
* Add xen to security-support-ended.deb8.
.
[ Holger Levsen ]
* Correct bug closure for #951874 in 2020.02.25 changelog entry. #951772 was
already closed in 2020.02.21.
.
debian-security-support (2020.02.25) unstable; urgency=medium
.
[ Daniel Shahaf ]
* Miscellaneous sh fixes, Closes: #951874.
- avoid implementation-defined behaviour.
- fix --version output, use defined variable.
- print errors and warnings to stderr.
- clarify an error message.
.
[ Holger Levsen ]
* postinst and check-support-status.hook: drop workaround for upgrades from
releases before 2016-03-30.
* check-support-status.in:
- drop code needed for supporting dpkg-query from squeeze.
- set DEB_LOWEST_VER_ID=8 as we dropped security-support-ended.deb7 in the
last upload.
- Don't exit gracefully if the detected Debian version is not supported,
instead issue a warning and continue, to both do the checks that can be
done and to not fail the package installation. Closes: #952383.
* po/debian-security-support.pot: drop removed string.
* Update all .po files for changed strings in the English original.
* Add "package-uses-old-debhelper-compat-version 11" to
source/lintian-overrides. The package shall be trivially buildable on
stable.
.
debian-security-support (2020.02.21) unstable; urgency=medium
.
[ Holger Levsen ]
* Drop security-support-ended.deb7, we don't support wheezy anymore. (eLTS
is maintained outside Debian.)
* Add nodejs to security-support-ended.deb8 and .deb9.
* Use runuser instead of su. Closes: #890862. Thanks to Jakobus Schürz.
* Wrap long lines in changelog entries: 2015.04.04, thanks lintian-brush.
* Fix day-of-week for changelog entry 2015.04.04, thanks lintian-brush.
.
[ Daniel Shahaf ]
* Allow one to exclude specific packages from the check. Closes: #951442.
* Prefix "check-support-status: " to error messages. Closes: #951772.
.
debian-security-support (2020.01.21) unstable; urgency=medium
.
[ Abhijith PA ]
* Add nethack to security-support-ended.deb8.
.
[ Salvatore Bonaccorso ]
* Mark xen as end-of-life for Stretch (DSA 4602-1).
.
[ Holger Levsen ]
* Improve describe of binutils' status in security-support-limited. Thanks
to Daniel Shahaf for the patch. Closes: #948634.
* Bump standards version to 4.5.0, no changes needed.
debian-security-support (2020.03.22) unstable; urgency=medium
.
[ Salvatore Bonaccorso ]
* Add tor to security-support-ended.deb9, see DSA 4644-1.
debian-security-support (2020.03.15) unstable; urgency=medium
.
[ Dmitry Smirnov ]
* security-support-limited/zoneminder: declare limited support behind an
authenticated HTTP zone (see #922724).
.
[ Daniel Shahaf ]
* Revert unintentional output change in #951874 4/4. Closes: #953732.
debian-security-support (2020.03.05) unstable; urgency=medium
.
[ Bastian Blank ]
* Add xen to security-support-ended.deb8.
.
[ Holger Levsen ]
* Correct bug closure for #951874 in 2020.02.25 changelog entry. #951772 was
already closed in 2020.02.21.
debian-security-support (2020.02.25) unstable; urgency=medium
.
[ Daniel Shahaf ]
* Miscellaneous sh fixes, Closes: #951772.
- avoid implementation-defined behaviour.
- fix --version output, use defined variable.
- print errors and warnings to stderr.
- clarify an error message.
.
[ Holger Levsen ]
* postinst and check-support-status.hook: drop workaround for upgrades from
releases before 2016-03-30.
* check-support-status.in:
- drop code needed for supporting dpkg-query from squeeze.
- set DEB_LOWEST_VER_ID=8 as we dropped security-support-ended.deb7 in the
last upload.
- Don't exit gracefully if the detected Debian version is not supported,
instead issue a warning and continue, to both do the checks that can be
done and to not fail the package installation. Closes: #952383.
* po/debian-security-support.pot: drop removed string.
* Update all .po files for changed strings in the English original.
* Add "package-uses-old-debhelper-compat-version 11" to
source/lintian-overrides. The package shall be trivially buildable on
stable.
debian-security-support (2020.02.21) unstable; urgency=medium
.
[ Holger Levsen ]
* Drop security-support-ended.deb7, we don't support wheezy anymore. (eLTS
is maintained outside Debian.)
* Add nodejs to security-support-ended.deb8 and .deb9.
* Use runuser instead of su. Closes: #890862. Thanks to Jakobus Schürz.
* Wrap long lines in changelog entries: 2015.04.04, thanks lintian-brush.
* Fix day-of-week for changelog entry 2015.04.04, thanks lintian-brush.
.
[ Daniel Shahaf ]
* Allow one to exclude specific packages from the check. Closes: #951442.
* Prefix "check-support-status: " to error messages. Closes: #951772.
debian-security-support (2020.01.21) unstable; urgency=medium
.
[ Abhijith PA ]
* Add nethack to security-support-ended.deb8.
.
[ Salvatore Bonaccorso ]
* Mark xen as end-of-life for Stretch (DSA 4602-1).
.
[ Holger Levsen ]
* Improve describe of binutils' status in security-support-limited. Thanks
to Daniel Shahaf for the patch. Closes: #948634.
* Bump standards version to 4.5.0, no changes needed.
debian-security-support (2019.12.12) unstable; urgency=medium
.
* security-support-limited: point to https://www.debian.org/releases/ \
buster/amd64/release-notes/ch-information.en.html#golang-static-linking
for golang* packages.
debian-security-support (2019.12.12~deb10u1) buster; urgency=medium
.
* Re-uploaded for buster.
dpdk (16.11.11-1+deb9u2) stretch-security; urgency=high
.
* Backport patch to fix CVE-2020-10722 and its prerequisite which
affects the vhost driver
drupal7 (7.52-2+deb9u11) stretch-security; urgency=medium
.
* SA-CORE-2020-004: CSRF due to incomplete validation of file uploads
in form input
drupal7 (7.52-2+deb9u10) stretch-security; urgency=medium
.
* SA-CORE-2019-012: Imports bundled library's security improvement
needed to protect some of Drupal's configurations
* SA-CORE-2020-002 and SA-CORE-2020-003: XSS issue fix imported from
in a jQuery update; fix an open redirect caused by insufficient
validation
erlang (1:19.2.1+dfsg-2+deb9u3) stretch; urgency=medium
.
* Applied a patch which fixes CVE-2020-12872 vulnerability revealed
for the Yaws web server (TLS server offers weak ciphers for TLS 1.0).
(closes: #961422)
evince (3.22.1-3+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* dvi: Mitigate command injection attacks by quoting filename
(CVE-2017-1000159)
* Fix overflow checks in tiff backend (CVE-2019-1010006)
* Remove unused configure check for cairo_format_stride_for_width
(CVE-2019-1010006)
* tiff: Handle failure from TIFFReadRGBAImageOriented (CVE-2019-11459)
(Closes: #927820)
exim4 (4.89-2+deb9u7) stretch-security; urgency=high
.
* Fix authentication bypass in SPA authenticator due to out-of-bound buffer
read. https://bugs.exim.org/show_bug.cgi?id=2571 CVE-2020-12783
exiv2 (0.25-3.1+deb9u2) stretch; urgency=medium
.
* Non-maintainer upload by the Security Team.
* Minor adjustment to the patch for CVE-2018-10958 and CVE-2018-10999. The
initial patch was overly restrictive in counting PNG image chunks.
* CVE-2018-16336: remote denial of service (heap-based buffer over-read) via
a crafted image file.
fex (20160919-2~deb9u1) stretch; urgency=high
.
* Security fix for fexsrv.
file-roller (3.22.3-1+deb9u2) stretch; urgency=medium
.
* CVE-2020-11736 (Closes: #956638)
firefox-esr (68.10.0esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release
* Fixes for mfsa2020-25, also known as:
CVE-2020-12417, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420,
CVE-2020-12421.
firefox-esr (68.9.0esr-1) unstable; urgency=medium
.
* New upstream release
* Fixes for mfsa2020-21, also known as:
CVE-2020-12399, CVE-2020-12405, CVE-2020-12406, CVE-2020-12410.
.
* debian/rules: Force using old PKCS11 API when building against newer NSS
releases. Closes: #961762.
* debian/control*: Bump nss build dependencies.
firefox-esr (68.9.0esr-1~deb10u1) buster-security; urgency=medium
.
* New upstream release
* Fixes for mfsa2020-21, also known as:
CVE-2020-12399, CVE-2020-12405, CVE-2020-12406, CVE-2020-12410.
.
* debian/rules: Force using old PKCS11 API when building against newer NSS
releases. Closes: #961762.
* debian/control*: Bump nss build dependencies.
firefox-esr (68.9.0esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release
* Fixes for mfsa2020-21, also known as:
CVE-2020-12399, CVE-2020-12405, CVE-2020-12406, CVE-2020-12410.
.
* debian/rules: Force using old PKCS11 API when building against newer NSS
releases. Closes: #961762.
* debian/control*: Bump nss build dependencies.
firefox-esr (68.8.0esr-1) unstable; urgency=medium
.
* New upstream release
* Fixes for mfsa2020-17, also known as:
CVE-2020-12387, CVE-2020-6831, CVE-2020-12392, CVE-2020-12395.
firefox-esr (68.8.0esr-1~deb10u1) buster-security; urgency=medium
.
* New upstream release
* Fixes for mfsa2020-17, also known as:
CVE-2020-12387, CVE-2020-6831, CVE-2020-12392, CVE-2020-12395.
firefox-esr (68.8.0esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release
* Fixes for mfsa2020-17, also known as:
CVE-2020-12387, CVE-2020-6831, CVE-2020-12392, CVE-2020-12395.
firefox-esr (68.7.0esr-1) unstable; urgency=medium
.
* New upstream release
* Fixes for mfsa2020-13, also known as:
CVE-2020-6821, CVE-2020-6822, CVE-2020-6825.
firefox-esr (68.7.0esr-1~deb10u1) buster-security; urgency=medium
.
* New upstream release
* Fixes for mfsa2020-13, also known as:
CVE-2020-6821, CVE-2020-6822, CVE-2020-6825.
firefox-esr (68.7.0esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release
* Fixes for mfsa2020-13, also known as:
CVE-2020-6821, CVE-2020-6822, CVE-2020-6825.
firefox-esr (68.6.1esr-1) unstable; urgency=medium
.
* New upstream release
* Fixes for mfsa2020-11, also known as: CVE-2020-6819, CVE-2020-6820.
firefox-esr (68.6.1esr-1~deb10u1) buster-security; urgency=medium
.
* New upstream release
* Fixes for mfsa2020-11, also known as: CVE-2020-6819, CVE-2020-6820.
firefox-esr (68.6.1esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release
* Fixes for mfsa2020-11, also known as: CVE-2020-6819, CVE-2020-6820.
firefox-esr (68.6.0esr-1) unstable; urgency=medium
.
* New upstream release
* Fixes for mfsa2020-09, also known as:
CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6811,
CVE-2019-20503, CVE-2020-6812, CVE-2020-6814.
firefox-esr (68.6.0esr-1~deb10u1) buster-security; urgency=medium
.
* New upstream release
* Fixes for mfsa2020-09, also known as:
CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6811,
CVE-2019-20503, CVE-2020-6812, CVE-2020-6814.
firefox-esr (68.6.0esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release
* Fixes for mfsa2020-09, also known as:
CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6811,
CVE-2019-20503, CVE-2020-6812, CVE-2020-6814.
firefox-esr (68.5.0esr-1) unstable; urgency=medium
.
* New upstream release
* Fixes for mfsa2020-06, also known as:
CVE-2020-6796, CVE-2020-6798, CVE-2020-6800.
firefox-esr (68.5.0esr-1~deb10u1) buster-security; urgency=medium
.
* New upstream release
* Fixes for mfsa2020-06, also known as:
CVE-2020-6796, CVE-2020-6798, CVE-2020-6800.
firefox-esr (68.5.0esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release
* Fixes for mfsa2020-06, also known as:
CVE-2020-6796, CVE-2020-6798, CVE-2020-6800.
firefox-esr (68.4.2esr-1) unstable; urgency=medium
.
* New upstream release.
firefox-esr (68.4.1esr-1) unstable; urgency=medium
.
* New upstream release.
* Fix for mfsa2020-03, also known as CVE-2019-17026.
firefox-esr (68.4.1esr-1~deb10u1) buster-security; urgency=medium
.
* New upstream release.
* Fix for mfsa2020-03, also known as CVE-2019-17026.
fwupd (0.8.3-1) oldstable; urgency=medium
.
* Update to 0.8.3 point release
- Upstream no longer supports the 0.7.x series
* Drop existing patches all merged into 0.8.3 release.
* Drop no longer used libebitdo1 and libebitdo-dev packages
* Refresh symbols
* Backport series of commits to allow better longevity on 0.8.x
- Use a CNAME to redirect to the correct CDN for metadata (Closes: #961490)
- Do not abort startup if the XML metadata file is invalid
- Add the Linux Foundation public GPG keys for firmware and metadata
- Raise the metadata limit to 10Mb
- Validate that gpgme_op_verify_result() returned at least one signature
(Closes: #962517)
fwupd (0.8.2-2) unstable; urgency=medium
.
* Backport patch to fix detection of Dell systems
fwupd (0.8.2-1) unstable; urgency=medium
.
[ Richard Hughes ]
* trivial: post release version bump
* trivial: Sync example spec file with downstream
* Add DFU quirk for SIMtrace
* Add DFU quirk for OpenPICC
* Create directories in /var/cache as required
* trivial: Fix the log domains in two plugins
* trivial: No not list the API version indexes
* trivial: Don't change the documentation output every time the version changes
* trivial: Fix the last -Wpointer-sign warning
* trivial: Change the name of a generated file
* trivial: Remove non-warning flags from the CFLAGS
* Use a 60 second timeout on all client downloads
* Support proxy servers in fwupdmgr
* Set the source origin when saving metadata
* Add a config option to allow runtime disabling plugins by name
* Fix the Requires lines in the dfu pkg-config file
* Release fwupd 0.8.2
.
[ Mario Limonciello ]
* trivial: install /var/lib/fwupd in make install (#94)
* trivial: allow configuring ESP location (#94)
* trivial: make valgrind an optional build dependency
* trivial: make /boot/efi an optional ReadWritePath (#97)
* trivial: set synaptics error message in more scenarios
* Drop upstream patches.
.
[ Shea Levy ]
* Only try to mkdir the localstatedir if we have the right permissions (#96)
.
[ AsciiWolf ]
* Update Czech translation
fwupd (0.8.1-3) unstable; urgency=medium
.
* Backport upstream commit to make valgrind optional (Closes: #856344)
* Backport upstream commit to make /boot/efi optional to start
fwupd.service.
fwupd (0.8.1-2) unstable; urgency=medium
.
* Disable optional thunderbolt support until ITP is done.
fwupd (0.8.1-1) unstable; urgency=medium
.
* New upstream version (0.8.1).
- Fixes systemd confinement crashes (Closes: #856145) (LP: #1663548)
* loosen dependencies on libefivar-dev and libfwup-dev
* Optionally enable thunderbolt
fwupd (0.8.0-2) unstable; urgency=medium
.
* Only build synaptics on supported arch (fixes FTBFS)
fwupd (0.8.0-1) unstable; urgency=medium
.
* New upstream version (0.8.0)
* Refresh symbols.
* Drop all now upstream patches.
* Enable build hardening flags
* Drop valgind build dependency from m68k
* Fix fwupd process leaking into dbus cgroup
(Closes: #845406)
git (1:2.11.0-3+deb9u7) stretch-security; urgency=high
.
* Apply patches from 2.20.4 to address the security issue
CVE-2020-11008.
.
With a crafted URL that contains a newline or empty host, or
lacks a scheme, the credential helper machinery can be fooled
into providing credential information that is not appropriate
for the protocol in use and host being contacted.
.
Unlike the vulnerability fixed in 1:2.11.0-3+deb9u6, the
credentials are not for a host of the attacker's choosing.
Instead, they are for an unspecified host, based on how the
configured credential helper handles an absent "host"
parameter.
.
The attack has been made impossible by refusing to work with
underspecified credential patterns.
.
Thanks to Carlo Arenas for reporting that Git was still
vulnerable, Felix Wilhelm for providing the proof of concept
demonstrating this issue, and Jeff King for promptly providing
a corrected fix.
.
Tested using the proof of concept at
https://crbug.com/project-zero/2021.
git (1:2.11.0-3+deb9u6) stretch-security; urgency=high
.
[ Salvatore Bonaccorso ]
* Apply patches from 2.20.3 to address the security issue
CVE-2020-5260.
.
With a crafted URL that contains a newline, the credential
helper machinery can be fooled to supply credential information
for the wrong host. The attack has been made impossible by
forbidding a newline character in any value passed via the
credential protocol.
.
Thanks to Felix Wilhelm of Google Project Zero for finding
this vulnerability and Jeff King for fixing it.
.
[ Jonathan Nieder ]
* Apply security-relevant changes from 2.11.1:
* doc: mention transfer data leaks in more places (thx to Matt
McCutchen).
* remote-curl: don't hang when a server dies before any output
(thx to David Turner).
* merge: avoid crlf handling related NULL dereference (thx to
Markus Klein and Johannes Schindelin).
* http: avoid private repository theft by mixing repositories
(thx to Jann Horn of Google Project Zero).
* avoid under-allocation in shallow clone code (thx to Rasmus
Villemoes).
* git-svn: allow "0" in SVN path components (thx to Eric Wong).
* config: handle errors from fstat (thx to Josh Bleecher Snyder
and Nguyá»…n Thái Ngá»c Duy).
* git_exec_path: do not return the result of getenv (thx to Jeff
King).
* Apply security-relevant changes from 2.12.1, 2.12.2, 2.12.3:
* show-branch: avoid buffer overflow on long current branch name
(thx to Jeff King).
* ident: handle NULL email when complaining of empty name (thx to
Jeff King).
* log -L: use COPY_ARRAY to fix mis-sized memcpy on ILP32 systems
(thx to Vegard Nossum).
* dumb http: fix buffer underflow processing remote alternates
(thx to Jeff King).
* log -S: avoid out-of-bounds read with -S --pickaxe-regex (thx
to SZEDER Gábor).
* Apply security- and portability-relevant changes from 2.13.1,
2.13.3, 2.13.4:
* checkout, am: avoid NULL pointer dereference when HEAD is
invalid (thx to René Scharfe).
* pack-bitmap: don't perform unaligned memory access (thx to
James Clarke).
* apply: avoid out of bounds reads when processing malformed
patches (thx to Vegard Nossum and René Scharfe).
* log -g: avoid use-after-free when reading empty reflog in
date order (thx to Jeff King).
* Apply security-relevant changes from 2.14.3:
* avoid reading uninitialized memory when HEAD is too short
(thx to Jeff King).
* fsck: avoid NULL pointer dereference when encountering
objects of unexpected type (thx to SZEDER Gábor and René
Scharfe).
glib-networking (2.50.0-1+deb9u1) stretch; urgency=medium
.
* Team upload
* d/p/Return-bad-identity-error-if-identity-is-unset.patch:
Backport fix for CVE-2020-13645 from upstream (Closes: #961756)
gnutls28 (3.5.8-5+deb9u5) stretch; urgency=medium
.
* Pull fixes for CVE-2019-3829 / [GNUTLS-SA-2019-03-27, #694].
+ 40_casts_related_to_fix_CVE-2019-3829.patch
+ 40_rel3.6.7_01-Automatically-NULLify-after-gnutls_free.patch
+ 40_rel3.6.7_01-fuzz-added-fuzzer-for-certificate-verification.patch
+ 41_use_datefudge_to_trigger_CVE-2019-3829_testcase.diff
* More important fixes:
+ 43_rel3.6.14_10-session_pack-fix-leak-in-error-path.patch
+ 44_rel3.6.14_10-Update-session_ticket.c-to-add-support-for-zero-leng.patch
Handle zero length session tickets, fixing connection errors on TLS1.2
sessions to some big hosting providers. (See LP 1876286)
golang-1.7 (1.7.4-2+deb9u1) stretch-security; urgency=high
.
* Team upload.
* Add patch to fix CVE-2019-6486
* Add patch to fix CVE-2018-7187
golang-1.8 (1.8.1-1+deb9u1) stretch-security; urgency=high
.
* Team upload.
* Add patch to fix CVE-2019-6486
* Add patch to fix CVE-2018-6574
* Add patch to fix CVE-2018-7187
gosa (2.7.4+reloaded2-13+deb9u3) stretch; urgency=medium
.
* debian/patches/1047_CVE-2019-14466-1_replace_unserialize_with_json_
encode+json_decode.patch:
+ Replace (un)serialize with json_encode/json_decode to mitigate PHP object
injection (CVE-2019-14466).
gosa (2.7.4+reloaded2-13+deb9u2) stretch; urgency=medium
.
[ Mike Gabriel ]
* debian/patches:
+ Add 1029_better-whitespace-cleanup-in-genuid.patch.
Prevent gen_uids() from generating UIDs containing blanks.
+ Add 1030_column-header-titles-group-members.patch.
Fix column titles in member lists of POSIX groups.
+ Add 1043_smarty-add-on-function-param-types.patch.
Fix missing password field, caused by PHP error "parameter 2 expected
to be a reference, value given". (Closes: #918578).
+ Update 1026_fix-deprecated-constructor-format.patch. Drop an unwanted
find+replace artefact in class_userFilter.
+ Add 1045_dont_use_filter_caching.patch. Disable filter caching via
$_SESSION. The approach stores PHP object in $_SESSION; since php7.0
this leads to unexpected results and flawed rendering of class_management
based listings. (Closes: #907815).
+ Rebase / update 1016_allow-same-user-ids-as-adduser.patch and
1026_fix-deprecated-constructor-format.patch.
+ Add 1046_CVE-2019-11187_stricter-ldap-error-check.patch. Perform stricter
check on LDAP success/failure (CVE-2019-11187).
.
[ Benjamin Zapiec ]
* debian/patches:
+ Add 1031_no-context-loose-continues.patch.
Avoid stray continue expression. (Closes: #879105).
.
[ Christian Schwamborn ]
* debian/patches:
+ Add 1032_fix_select_acl_role.patch.
Use ACL from role definition: Select the correct role.
+ Add 1033_fix_unable_to_delete_acl_asignment.patch.
Fix removing ACLs from objects (e.g. groups).
+ Add 1034_remove_superfluous__get_post__call_from__save_object.patch.
class_sortableListing: Remove superfluous get_post() call
from_ save_object()
+ Add 1035_acl_override_to_allow_delete_of_group_members.patch.
Support member removal from groups, if someone has the right
to edit the group.
+ Add 1036_remove_double_groupList_setEditable_setting.patch.
Remove duplicate setEditable() for POSIX group lists.
+ Add 1037_fix_shadowexpire_checkbox_from_tmplate_setting.patch.
Propagate shadow expiry from user templates to created user objects.
+ Add 1038_shadowexpire_in_one_line.patch.
Show shadow expiry (esp. the calendar icon) in one line on screen (html
template adjustment).
+ Add 1039_fix_sambakickofftime_checkbox_and_sambakickofftime_date_from_
tmplate_setting.patch. Fix date calculations for sambaKickoffTime and
propagation from template to created user object.
+ Add 1040_inactive_pwd_fields_when_using_pwd_proposal.patch.
Disable password entry text fields when password proposal is to be used.
+ Add 1041_ref_param_error_in_My_Parser.patch.
Compat fix for PHP > 5.4. Hand over real variable to function.
graphicsmagick (1.3.30+hg15796-1~deb9u4) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix CVE-2019-12921: remote information disclosure (attacker can read
arbitrary files) via a crafted image; fix is to remove support for reading
from a file using '@filename' syntax
* Fix CVE-2020-10938: Fix signed overflow on range check in
HuffmanDecodeImage function which leads to heap overflow in 32-bit
applications.
graphicsmagick (1.3.30+hg15796-1~deb9u3) stretch-security; urgency=high
.
* Non-maintainer upload by the LTS Team.
* CVE-2019-19953
heap-based buffer over-read in the function EncodeImage
* CVE-2019-19951
heap-based buffer overflow in the function ImportRLEPixels
* CVE-2019-19950
use-after-free in ThrowException and ThrowLoggedException
* CVE-2019-11474: floating-point exception in coders/xwd.c when processing
crafted XWD images.
* CVE-2019-11473: out-of-bounds read in coders/xwd.c when processing crafted
XWD images.
* CVE-2019-11506: missing error handling primitives causes heap-based
buffer overflow in WriteMATLABImage (coders/mat.c) when processing crafted
Matlab matrix data.
* CVE-2019-11505: heap-based buffer overflow in WritePDBImage (coders/pdb.c)
when processing crafted PDB images.
* CVE-2019-11010:
In GraphicsMagick there is a memory leak in the function ReadMPCImage which
allows attackers to cause a denial of service via a crafted image file.
* CVE-2019-11009:
In GraphicsMagick there is a heap-based buffer over-read in the function
ReadXWDImage which allows attackers to cause a denial of service or
information disclosure via a crafted image file.
* CVE-2019-11008:
In GraphicsMagick there is a heap-based buffer overflow in the function
WriteXWDImage which allows remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact via a crafted
image file.
* CVE-2019-11007:
In GraphicsMagick there is a heap-based buffer over-read in the
ReadMNGImage function which allows attackers to cause a denial of service
or information disclosure via an image colormap.
* CVE-2019-11006:
In GraphicsMagick exists a heap-based buffer over-read in the function
ReadMIFFImage which allows attackers to cause a denial of service or
information disclosure via an RLE packet.
* CVE-2019-11005
stack buffer overflow while parsing quoted font family value
* CVE-2018-20189
assertion failure in ReadDIBImage
* CVE-2018-20185
heap-based buffer over-read in the ReadBMPImage
* CVE-2018-20184
heap-based buffer overflow in the WriteTGAImage
icu (57.1-6+deb9u4) stretch-security; urgency=high
.
* Backport upstream security fix for CVE-2020-10531: SEGV_MAPERR in
UnicodeString::doAppend() (closes: #953747).
imagemagick (8:6.9.7.4+dfsg-11+deb9u8) stretch-security; urgency=medium
.
* CVE-2019-13300 (Closes: #931454)
* CVE-2019-13304 (Closes: #931453)
* CVE_2019-13305 (Closes: #931452)
* CVE-2019-13306 (Closes: #931449)
* CVE-2019-13307 (Closes: #931448)
* CVE-2019-15140 (Closes: #941671)
* CVE-2019-19948 (Closes: #947308)
intel-microcode (3.20200616.1~deb9u1) stretch; urgency=high
.
* Rebuild for Debian oldstable (stretch), no changes
.
intel-microcode (3.20200616.1) unstable; urgency=high
.
* New upstream microcode datafile 20200616
+ Downgraded microcodes (to a previously shipped revision):
sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376
* Works around hangs on boot on Skylake-U/Y and Skylake Xeon E3,
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
* This update *removes* the SRBDS mitigations from the above processors
* Note that Debian had already downgraded 0x406e3 in release 3.20200609.2
intel-microcode (3.20200609.2) unstable; urgency=medium
.
* REGRESSION FIX: 0x406e3: rollback to rev 0xd6 and document regression
* Microcode rollbacks (closes: LP#1883002)
sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
* THIS REMOVES THE SECURITY FIXES FOR SKYLAKE-U/Y PROCESSORS
* Avoid hangs on boot on (some?) Skylake-U/Y processors,
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
* ucode-blacklist: blacklist models 0x8e and 0x9e from late-loading,
just in case. Note that Debian does not do late loading by itself.
Refer to LP#1883002 for the report, 0x806ec hangs upon late load.
intel-microcode (3.20200609.2~deb10u1) buster-security; urgency=high
.
* Rebuild for buster-security, no changes
Refer to changelog entries for 3.20200609.2 and 3.20200609.1 for details
.
intel-microcode (3.20200609.2) unstable; urgency=medium
.
* REGRESSION FIX: 0x406e3: rollback to rev 0xd6 and document regression
* Microcode rollbacks (closes: LP#1883002)
sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
* THIS REMOVES THE SECURITY FIXES FOR SKYLAKE-U/Y PROCESSORS
* Avoid hangs on boot on (some?) Skylake-U/Y processors,
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
* ucode-blacklist: blacklist models 0x8e and 0x9e from late-loading,
just in case. Note that Debian does not do late loading by itself.
Refer to LP#1883002 for the report, 0x806ec hangs upon late load.
.
intel-microcode (3.20200609.1) unstable; urgency=high
.
* SECURITY UPDATE
* For most processors: SRBDS and/or VRDS, L1DCES mitigations depending
on the processor model
* For Skylake HEDT and Skylake Xeons with signature 0x50654: VRDS and
L1DCES mitigations, plus mitigations described in the changelog entry
for package release 3.20191112.1.
* Expect some performance impact, the mitigations are enabled by
default. A Linux kernel update will be issued that allows one to
selectively disable the mitigations.
* New upstream microcode datafile 20200609
* Implements mitigation for CVE-2020-0543 Special Register Buffer Data
Sampling (SRBDS), INTEL-SA-00320, CROSSTalk
* Implements mitigation for CVE-2020-0548 Vector Register Data Sampling
(VRDS), INTEL-SA-00329
* Implements mitigation for CVE-2020-0549 L1D Cache Eviction Sampling
(L1DCES), INTEL-SA-00329
* Known to fix the regression introduced in release 2019-11-12 (sig
0x50564, rev. 0x2000065), which would cause several systems with
Skylake Xeon, Skylake HEDT processors to hang while rebooting
* Updated Microcodes:
sig 0x000306c3, pf_mask 0x32, 2019-11-12, rev 0x0028, size 23552
sig 0x000306d4, pf_mask 0xc0, 2019-11-12, rev 0x002f, size 19456
sig 0x00040651, pf_mask 0x72, 2019-11-12, rev 0x0026, size 22528
sig 0x00040661, pf_mask 0x32, 2019-11-12, rev 0x001c, size 25600
sig 0x00040671, pf_mask 0x22, 2019-11-12, rev 0x0022, size 14336
sig 0x000406e3, pf_mask 0xc0, 2020-04-27, rev 0x00dc, size 104448
sig 0x00050653, pf_mask 0x97, 2020-04-24, rev 0x1000157, size 32768
sig 0x00050654, pf_mask 0xb7, 2020-04-24, rev 0x2006906, size 34816
sig 0x00050656, pf_mask 0xbf, 2020-04-23, rev 0x4002f01, size 52224
sig 0x00050657, pf_mask 0xbf, 2020-04-23, rev 0x5002f01, size 52224
sig 0x000506e3, pf_mask 0x36, 2020-04-27, rev 0x00dc, size 104448
sig 0x000806e9, pf_mask 0x10, 2020-04-27, rev 0x00d6, size 103424
sig 0x000806e9, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424
sig 0x000806ea, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424
sig 0x000806eb, pf_mask 0xd0, 2020-04-27, rev 0x00d6, size 103424
sig 0x000806ec, pf_mask 0x94, 2020-04-23, rev 0x00d6, size 103424
sig 0x000906e9, pf_mask 0x2a, 2020-04-23, rev 0x00d6, size 103424
sig 0x000906ea, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400
sig 0x000906eb, pf_mask 0x02, 2020-04-23, rev 0x00d6, size 103424
sig 0x000906ec, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400
sig 0x000906ed, pf_mask 0x22, 2020-04-23, rev 0x00d6, size 103424
* Restores the microcode-level fixes that were reverted by release
3.20191115.2 for sig 0x50654 (Skylake Xeon, Skylake HEDT)
.
intel-microcode (3.20200520.1) unstable; urgency=medium
.
* New upstream microcode datafile 20200520
+ Updated Microcodes:
sig 0x000206d6, pf_mask 0x6d, 2020-03-04, rev 0x0621, size 18432
sig 0x000206d7, pf_mask 0x6d, 2020-03-24, rev 0x071a, size 19456
.
intel-microcode (3.20200508.1) unstable; urgency=medium
.
* New upstream microcode datafile 20200508
+ Updated Microcodes:
sig 0x000706e5, pf_mask 0x80, 2020-03-12, rev 0x0078, size 107520
* Likely fixes several critical errata on IceLake-U/Y causing system
hangs
intel-microcode (3.20200609.2~deb9u1) stretch-security; urgency=high
.
* Rebuild for stretch-security, no changes
Refer to changelog entries for 3.20200609.2 and 3.20200609.1 for details
.
intel-microcode (3.20200609.2) unstable; urgency=medium
.
* REGRESSION FIX: 0x406e3: rollback to rev 0xd6 and document regression
* Microcode rollbacks (closes: LP#1883002)
sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
* THIS REMOVES THE SECURITY FIXES FOR SKYLAKE-U/Y PROCESSORS
* Avoid hangs on boot on (some?) Skylake-U/Y processors,
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
* ucode-blacklist: blacklist models 0x8e and 0x9e from late-loading,
just in case. Note that Debian does not do late loading by itself.
Refer to LP#1883002 for the report, 0x806ec hangs upon late load.
.
intel-microcode (3.20200609.1) unstable; urgency=high
.
* SECURITY UPDATE
* For most processors: SRBDS and/or VRDS, L1DCES mitigations depending
on the processor model
* For Skylake HEDT and Skylake Xeons with signature 0x50654: VRDS and
L1DCES mitigations, plus mitigations described in the changelog entry
for package release 3.20191112.1.
* Expect some performance impact, the mitigations are enabled by
default. A Linux kernel update will be issued that allows one to
selectively disable the mitigations.
* New upstream microcode datafile 20200609
* Implements mitigation for CVE-2020-0543 Special Register Buffer Data
Sampling (SRBDS), INTEL-SA-00320, CROSSTalk
* Implements mitigation for CVE-2020-0548 Vector Register Data Sampling
(VRDS), INTEL-SA-00329
* Implements mitigation for CVE-2020-0549 L1D Cache Eviction Sampling
(L1DCES), INTEL-SA-00329
* Known to fix the regression introduced in release 2019-11-12 (sig
0x50564, rev. 0x2000065), which would cause several systems with
Skylake Xeon, Skylake HEDT processors to hang while rebooting
* Updated Microcodes:
sig 0x000306c3, pf_mask 0x32, 2019-11-12, rev 0x0028, size 23552
sig 0x000306d4, pf_mask 0xc0, 2019-11-12, rev 0x002f, size 19456
sig 0x00040651, pf_mask 0x72, 2019-11-12, rev 0x0026, size 22528
sig 0x00040661, pf_mask 0x32, 2019-11-12, rev 0x001c, size 25600
sig 0x00040671, pf_mask 0x22, 2019-11-12, rev 0x0022, size 14336
sig 0x000406e3, pf_mask 0xc0, 2020-04-27, rev 0x00dc, size 104448
sig 0x00050653, pf_mask 0x97, 2020-04-24, rev 0x1000157, size 32768
sig 0x00050654, pf_mask 0xb7, 2020-04-24, rev 0x2006906, size 34816
sig 0x00050656, pf_mask 0xbf, 2020-04-23, rev 0x4002f01, size 52224
sig 0x00050657, pf_mask 0xbf, 2020-04-23, rev 0x5002f01, size 52224
sig 0x000506e3, pf_mask 0x36, 2020-04-27, rev 0x00dc, size 104448
sig 0x000806e9, pf_mask 0x10, 2020-04-27, rev 0x00d6, size 103424
sig 0x000806e9, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424
sig 0x000806ea, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424
sig 0x000806eb, pf_mask 0xd0, 2020-04-27, rev 0x00d6, size 103424
sig 0x000806ec, pf_mask 0x94, 2020-04-23, rev 0x00d6, size 103424
sig 0x000906e9, pf_mask 0x2a, 2020-04-23, rev 0x00d6, size 103424
sig 0x000906ea, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400
sig 0x000906eb, pf_mask 0x02, 2020-04-23, rev 0x00d6, size 103424
sig 0x000906ec, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400
sig 0x000906ed, pf_mask 0x22, 2020-04-23, rev 0x00d6, size 103424
* Restores the microcode-level fixes that were reverted by release
3.20191115.2 for sig 0x50654 (Skylake Xeon, Skylake HEDT)
.
intel-microcode (3.20200520.1) unstable; urgency=medium
.
* New upstream microcode datafile 20200520
+ Updated Microcodes:
sig 0x000206d6, pf_mask 0x6d, 2020-03-04, rev 0x0621, size 18432
sig 0x000206d7, pf_mask 0x6d, 2020-03-24, rev 0x071a, size 19456
.
intel-microcode (3.20200508.1) unstable; urgency=medium
.
* New upstream microcode datafile 20200508
+ Updated Microcodes:
sig 0x000706e5, pf_mask 0x80, 2020-03-12, rev 0x0078, size 107520
* Likely fixes several critical errata on IceLake-U/Y causing system
hangs
intel-microcode (3.20200609.1) unstable; urgency=high
.
* SECURITY UPDATE
* For most processors: SRBDS and/or VRDS, L1DCES mitigations depending
on the processor model
* For Skylake HEDT and Skylake Xeons with signature 0x50654: VRDS and
L1DCES mitigations, plus mitigations described in the changelog entry
for package release 3.20191112.1.
* Expect some performance impact, the mitigations are enabled by
default. A Linux kernel update will be issued that allows one to
selectively disable the mitigations.
* New upstream microcode datafile 20200609
* Implements mitigation for CVE-2020-0543 Special Register Buffer Data
Sampling (SRBDS), INTEL-SA-00320, CROSSTalk
* Implements mitigation for CVE-2020-0548 Vector Register Data Sampling
(VRDS), INTEL-SA-00329
* Implements mitigation for CVE-2020-0549 L1D Cache Eviction Sampling
(L1DCES), INTEL-SA-00329
* Known to fix the regression introduced in release 2019-11-12 (sig
0x50564, rev. 0x2000065), which would cause several systems with
Skylake Xeon, Skylake HEDT processors to hang while rebooting
* Updated Microcodes:
sig 0x000306c3, pf_mask 0x32, 2019-11-12, rev 0x0028, size 23552
sig 0x000306d4, pf_mask 0xc0, 2019-11-12, rev 0x002f, size 19456
sig 0x00040651, pf_mask 0x72, 2019-11-12, rev 0x0026, size 22528
sig 0x00040661, pf_mask 0x32, 2019-11-12, rev 0x001c, size 25600
sig 0x00040671, pf_mask 0x22, 2019-11-12, rev 0x0022, size 14336
sig 0x000406e3, pf_mask 0xc0, 2020-04-27, rev 0x00dc, size 104448
sig 0x00050653, pf_mask 0x97, 2020-04-24, rev 0x1000157, size 32768
sig 0x00050654, pf_mask 0xb7, 2020-04-24, rev 0x2006906, size 34816
sig 0x00050656, pf_mask 0xbf, 2020-04-23, rev 0x4002f01, size 52224
sig 0x00050657, pf_mask 0xbf, 2020-04-23, rev 0x5002f01, size 52224
sig 0x000506e3, pf_mask 0x36, 2020-04-27, rev 0x00dc, size 104448
sig 0x000806e9, pf_mask 0x10, 2020-04-27, rev 0x00d6, size 103424
sig 0x000806e9, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424
sig 0x000806ea, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424
sig 0x000806eb, pf_mask 0xd0, 2020-04-27, rev 0x00d6, size 103424
sig 0x000806ec, pf_mask 0x94, 2020-04-23, rev 0x00d6, size 103424
sig 0x000906e9, pf_mask 0x2a, 2020-04-23, rev 0x00d6, size 103424
sig 0x000906ea, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400
sig 0x000906eb, pf_mask 0x02, 2020-04-23, rev 0x00d6, size 103424
sig 0x000906ec, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400
sig 0x000906ed, pf_mask 0x22, 2020-04-23, rev 0x00d6, size 103424
* Restores the microcode-level fixes that were reverted by release
3.20191115.2 for sig 0x50654 (Skylake Xeon, Skylake HEDT)
intel-microcode (3.20200609.1~deb10u1) buster-security; urgency=high
.
* Rebuild for buster-security, no changes
.
intel-microcode (3.20200609.1) unstable; urgency=high
.
* SECURITY UPDATE
* For most processors: SRBDS and/or VRDS, L1DCES mitigations depending
on the processor model
* For Skylake HEDT and Skylake Xeons with signature 0x50654: VRDS and
L1DCES mitigations, plus mitigations described in the changelog entry
for package release 3.20191112.1.
* Expect some performance impact, the mitigations are enabled by
default. A Linux kernel update will be issued that allows one to
selectively disable the mitigations.
* New upstream microcode datafile 20200609
* Implements mitigation for CVE-2020-0543 Special Register Buffer Data
Sampling (SRBDS), INTEL-SA-00320, CROSSTalk
* Implements mitigation for CVE-2020-0548 Vector Register Data Sampling
(VRDS), INTEL-SA-00329
* Implements mitigation for CVE-2020-0549 L1D Cache Eviction Sampling
(L1DCES), INTEL-SA-00329
* Known to fix the regression introduced in release 2019-11-12 (sig
0x50564, rev. 0x2000065), which would cause several systems with
Skylake Xeon, Skylake HEDT processors to hang while rebooting
* Updated Microcodes:
sig 0x000306c3, pf_mask 0x32, 2019-11-12, rev 0x0028, size 23552
sig 0x000306d4, pf_mask 0xc0, 2019-11-12, rev 0x002f, size 19456
sig 0x00040651, pf_mask 0x72, 2019-11-12, rev 0x0026, size 22528
sig 0x00040661, pf_mask 0x32, 2019-11-12, rev 0x001c, size 25600
sig 0x00040671, pf_mask 0x22, 2019-11-12, rev 0x0022, size 14336
sig 0x000406e3, pf_mask 0xc0, 2020-04-27, rev 0x00dc, size 104448
sig 0x00050653, pf_mask 0x97, 2020-04-24, rev 0x1000157, size 32768
sig 0x00050654, pf_mask 0xb7, 2020-04-24, rev 0x2006906, size 34816
sig 0x00050656, pf_mask 0xbf, 2020-04-23, rev 0x4002f01, size 52224
sig 0x00050657, pf_mask 0xbf, 2020-04-23, rev 0x5002f01, size 52224
sig 0x000506e3, pf_mask 0x36, 2020-04-27, rev 0x00dc, size 104448
sig 0x000806e9, pf_mask 0x10, 2020-04-27, rev 0x00d6, size 103424
sig 0x000806e9, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424
sig 0x000806ea, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424
sig 0x000806eb, pf_mask 0xd0, 2020-04-27, rev 0x00d6, size 103424
sig 0x000806ec, pf_mask 0x94, 2020-04-23, rev 0x00d6, size 103424
sig 0x000906e9, pf_mask 0x2a, 2020-04-23, rev 0x00d6, size 103424
sig 0x000906ea, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400
sig 0x000906eb, pf_mask 0x02, 2020-04-23, rev 0x00d6, size 103424
sig 0x000906ec, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400
sig 0x000906ed, pf_mask 0x22, 2020-04-23, rev 0x00d6, size 103424
* Restores the microcode-level fixes that were reverted by release
3.20191115.2 for sig 0x50654 (Skylake Xeon, Skylake HEDT)
.
intel-microcode (3.20200520.1) unstable; urgency=medium
.
* New upstream microcode datafile 20200520
+ Updated Microcodes:
sig 0x000206d6, pf_mask 0x6d, 2020-03-04, rev 0x0621, size 18432
sig 0x000206d7, pf_mask 0x6d, 2020-03-24, rev 0x071a, size 19456
.
intel-microcode (3.20200508.1) unstable; urgency=medium
.
* New upstream microcode datafile 20200508
+ Updated Microcodes:
sig 0x000706e5, pf_mask 0x80, 2020-03-12, rev 0x0078, size 107520
* Likely fixes several critical errata on IceLake-U/Y causing system
hangs
intel-microcode (3.20200609.1~deb9u1) stretch-security; urgency=high
.
* Rebuild for stretch-security, no changes
.
intel-microcode (3.20200609.1) unstable; urgency=high
.
* SECURITY UPDATE
* For most processors: SRBDS and/or VRDS, L1DCES mitigations depending
on the processor model
* For Skylake HEDT and Skylake Xeons with signature 0x50654: VRDS and
L1DCES mitigations, plus mitigations described in the changelog entry
for package release 3.20191112.1.
* Expect some performance impact, the mitigations are enabled by
default. A Linux kernel update will be issued that allows one to
selectively disable the mitigations.
* New upstream microcode datafile 20200609
* Implements mitigation for CVE-2020-0543 Special Register Buffer Data
Sampling (SRBDS), INTEL-SA-00320, CROSSTalk
* Implements mitigation for CVE-2020-0548 Vector Register Data Sampling
(VRDS), INTEL-SA-00329
* Implements mitigation for CVE-2020-0549 L1D Cache Eviction Sampling
(L1DCES), INTEL-SA-00329
* Known to fix the regression introduced in release 2019-11-12 (sig
0x50564, rev. 0x2000065), which would cause several systems with
Skylake Xeon, Skylake HEDT processors to hang while rebooting
* Updated Microcodes:
sig 0x000306c3, pf_mask 0x32, 2019-11-12, rev 0x0028, size 23552
sig 0x000306d4, pf_mask 0xc0, 2019-11-12, rev 0x002f, size 19456
sig 0x00040651, pf_mask 0x72, 2019-11-12, rev 0x0026, size 22528
sig 0x00040661, pf_mask 0x32, 2019-11-12, rev 0x001c, size 25600
sig 0x00040671, pf_mask 0x22, 2019-11-12, rev 0x0022, size 14336
sig 0x000406e3, pf_mask 0xc0, 2020-04-27, rev 0x00dc, size 104448
sig 0x00050653, pf_mask 0x97, 2020-04-24, rev 0x1000157, size 32768
sig 0x00050654, pf_mask 0xb7, 2020-04-24, rev 0x2006906, size 34816
sig 0x00050656, pf_mask 0xbf, 2020-04-23, rev 0x4002f01, size 52224
sig 0x00050657, pf_mask 0xbf, 2020-04-23, rev 0x5002f01, size 52224
sig 0x000506e3, pf_mask 0x36, 2020-04-27, rev 0x00dc, size 104448
sig 0x000806e9, pf_mask 0x10, 2020-04-27, rev 0x00d6, size 103424
sig 0x000806e9, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424
sig 0x000806ea, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424
sig 0x000806eb, pf_mask 0xd0, 2020-04-27, rev 0x00d6, size 103424
sig 0x000806ec, pf_mask 0x94, 2020-04-23, rev 0x00d6, size 103424
sig 0x000906e9, pf_mask 0x2a, 2020-04-23, rev 0x00d6, size 103424
sig 0x000906ea, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400
sig 0x000906eb, pf_mask 0x02, 2020-04-23, rev 0x00d6, size 103424
sig 0x000906ec, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400
sig 0x000906ed, pf_mask 0x22, 2020-04-23, rev 0x00d6, size 103424
* Restores the microcode-level fixes that were reverted by release
3.20191115.2 for sig 0x50654 (Skylake Xeon, Skylake HEDT)
.
intel-microcode (3.20200520.1) unstable; urgency=medium
.
* New upstream microcode datafile 20200520
+ Updated Microcodes:
sig 0x000206d6, pf_mask 0x6d, 2020-03-04, rev 0x0621, size 18432
sig 0x000206d7, pf_mask 0x6d, 2020-03-24, rev 0x071a, size 19456
.
intel-microcode (3.20200508.1) unstable; urgency=medium
.
* New upstream microcode datafile 20200508
+ Updated Microcodes:
sig 0x000706e5, pf_mask 0x80, 2020-03-12, rev 0x0078, size 107520
* Likely fixes several critical errata on IceLake-U/Y causing system
hangs
intel-microcode (3.20200520.1) unstable; urgency=medium
.
* New upstream microcode datafile 20200520
+ Updated Microcodes:
sig 0x000206d6, pf_mask 0x6d, 2020-03-04, rev 0x0621, size 18432
sig 0x000206d7, pf_mask 0x6d, 2020-03-24, rev 0x071a, size 19456
intel-microcode (3.20200508.1) unstable; urgency=medium
.
* New upstream microcode datafile 20200508
+ Updated Microcodes:
sig 0x000706e5, pf_mask 0x80, 2020-03-12, rev 0x0078, size 107520
* Likely fixes several critical errata on IceLake-U/Y causing system
hangs
intel-microcode (3.20191115.2) unstable; urgency=medium
.
* Microcode rollbacks (closes: #946515, LP#1854764):
sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x2000064, size 33792
* Avoids hangs on warm reboots (cold boots work fine) on HEDT and
Xeon processors with signature 0x50654.
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21
intel-microcode (3.20191115.2~deb10u1) buster-security; urgency=high
.
* Rebuild for buster-security (no changes)
* Refer to DSA-4565-2 for details.
.
intel-microcode (3.20191115.2) unstable; urgency=medium
.
* Microcode rollbacks (closes: #946515, LP#1854764):
sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x2000064, size 33792
* Avoids hangs on warm reboots (cold boots work fine) on HEDT and
Xeon processors with signature 0x50654.
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21
.
intel-microcode (3.20191115.1) unstable; urgency=high
.
* New upstream microcode datafile 20191115
+ Updated Microcodes:
sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376
sig 0x000806e9, pf_mask 0x10, 2019-10-15, rev 0x00ca, size 100352
sig 0x000806e9, pf_mask 0xc0, 2019-09-26, rev 0x00ca, size 100352
sig 0x000806ea, pf_mask 0xc0, 2019-10-03, rev 0x00ca, size 100352
sig 0x000806eb, pf_mask 0xd0, 2019-10-03, rev 0x00ca, size 100352
sig 0x000806ec, pf_mask 0x94, 2019-10-03, rev 0x00ca, size 100352
sig 0x000906e9, pf_mask 0x2a, 2019-10-03, rev 0x00ca, size 100352
sig 0x000906ea, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
sig 0x000906eb, pf_mask 0x02, 2019-10-03, rev 0x00ca, size 100352
sig 0x000906ec, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
sig 0x000906ed, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 100352
sig 0x000a0660, pf_mask 0x80, 2019-10-03, rev 0x00ca, size 91136
.
intel-microcode (3.20191113.1~deb10u1) buster-security; urgency=high
.
* Rebuild for buster-security (no changes)
* Refer to DSA-4565-2 for details.
.
intel-microcode (3.20191113.1) unstable; urgency=high
.
* New upstream microcode datafile 20191113
+ SECURITY UPDATE, refer to the 3.20191112.1 changelog entry for details
Adds microcode update for CFL-S (Coffe Lake Desktop)
INTEL-SA-00270, CVE-2019-11135, CVE-2019-0117
+ Updated Microcodes (previously removed):
sig 0x000906ec, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
iptables-persistent (1.0.4+nmu2+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload
* Catch errors in calls to modprobe, thanks Hugo, (Closes: #921186)
jackson-databind (2.8.6-1+deb9u7) stretch; urgency=medium
.
* Add multiple-CVE-BeanDeserializerFactory.patch and block more classes from
polymorphic deserialization.
This fixes 20 CVE that currently affect the package namely,
CVE-2020-9548, CVE-2020-9547, CVE-2020-9546, CVE-2020-8840, CVE-2020-14195,
CVE-2020-14062, CVE-2020-14061, CVE-2020-14060, CVE-2020-11620,
CVE-2020-11619, CVE-2020-11113, CVE-2020-11112, CVE-2020-11111,
CVE-2020-10969, CVE-2020-10968, CVE-2020-10673, CVE-2020-10672,
CVE-2019-20330, CVE-2019-17531 and CVE-2019-17267.
libbusiness-hours-perl (0.13-0+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* New upstream release.
- Only change is a fix for a build and runtime failure
with dates after 2018-12-31. (Closes: #934842)
libbusiness-hours-perl (0.12-2) unstable; urgency=medium
.
[ gregor herrmann ]
* debian/copyright: change Copyright-Format 1.0 URL to HTTPS.
.
[ Salvatore Bonaccorso ]
* Update Vcs-* headers for switch to salsa.debian.org
.
[ Nick Morrott ]
* Declare compliance with Debian Policy 4.2.1 (no changes)
* Bump debhelper compatibility level to 10
* Add patch to improve reproducibility on Debian
libclamunrar (0.102.3-0+deb9u1) stretch; urgency=medium
.
* Import 0.102.3
- Updated libclamunrar to UnRAR 5.9.2.
* Provide a libclamunrar meta package which depends on the latest binary
package. Suggested by Matus UHLAR - fantomas (Closes: #939824).
libclamunrar (0.101.2-1) unstable; urgency=high
.
* Import 0.101.2
- CVE-2019-1785 (A path-traversal write condition may occur as a result of
improper input validation when scanning RAR archives)
- CVE-2019-1798 (A use-after-free condition may occur as a result of
improper error handling when scanning nested RAR archives)
libdbi (0.9.0-4+deb9u2) stretch; urgency=medium
.
* Comment out _error_handler() call again.
libembperl-perl (2.5.0-10+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Update debian/patches/apache2.4-compat.patch to work with Apache
2.4.40+ error pages. (Closes: #941926)
libexif (0.6.21-2+deb9u4) stretch; urgency=medium
.
* Add upstream patches to fix two security issues:
- Fix a buffer read overflow in exif_entry_get_value() (CVE-2020-0182).
- Fix an unsigned integer overflow in libexif/exif-data.c (CVE-2020-0198)
(Closes: #962345).
libexif (0.6.21-2+deb9u3) stretch; urgency=medium
.
* Add upstream patches to fix multiple security issues:
- cve-2020-13112.patch: Fix MakerNote tag size overflow issues at
read time (CVE-2020-13112) (Closes: #961407).
- cve-2020-13113.patch: Ensure MakerNote data pointers are
NULL-initialized (CVE-2020-13113) (Closes: #961409).
- cve-2020-13114.patch: Add a failsafe on the maximum number of
Canon MakerNote subtags to catch extremely large values in tags
(CVE-2020-13114) (Closes: #961410).
libexif (0.6.21-2+deb9u2) stretch; urgency=medium
.
[ Mike Gabriel ]
* Sponsored upload.
* debian/patches: trivial rebasing of several patches.
.
[ Hugh McMaster ]
* Team upload.
* Add upstream patches to fix multiple security issues:
- cve-2016-6328.patch: Fix an integer overflow while parsing the MNOTE
entry data of the input file (CVE-2016-6328) (Closes: #873022).
- cve-2017-7544.patch: Fix an out-of-bounds heap read in the function
exif_data_save_data_entry() (CVE-2017-7544) (Closes: #876466).
- cve-2018-20030.patch: Improve deep recursion detection in the function
exif_data_load_data_content() (CVE-2018-20030) (Closes: #918730).
- cve-2020-12767.patch: Prevent some possible division-by-zero errors
in exif_entry_get_value() (CVE-2020-12767) (Closes: #960199).
- cve-2020-0093.patch: Prevent read buffer overflow (CVE-2020-0093).
libexif (0.6.21-2+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix out of bound write in exif-data.c (CVE-2019-9278) (Closes: #945948)
libpam-krb5 (4.7-4+deb9u1) stretch-security; urgency=high
.
* SECURITY: Fix potential one-byte buffer overflow when the underlying
Kerberos library initiates prompting (such as for PKINIT or when the
no_prompt PAM option is set). (CVE-2020-10595)
libvncserver (0.9.11+dfsg-1.3~deb9u4) stretch; urgency=medium
.
[ Antoni Villalonga ]
* debian/patches:
+ Add CVE-2019-15690 patch. libvncclient/cursor: limit
width/height input values. Avoids a possible heap overflow reported
by Pavel Cheremushkin. (Closes: #954163).
libxmlrpc3-java (3.1.3-8+deb9u1) stretch-security; urgency=high
.
* Team upload.
* Fix CVE-2019-17570:
An untrusted deserialization was found in the
org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache
XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a
XML-RPC client causing it to execute arbitrary code.
.
Clients that expect to get server-side exceptions need to set the
enabledForExceptions property to true in order to process serialized
exception messages. (Closes: #949089)
linux (4.9.228-1) stretch; urgency=medium
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.211
- hidraw: Return EPOLLOUT from hidraw_poll
- HID: hidraw: Fix returning EPOLLOUT from hidraw_poll
- HID: hidraw, uhid: Always report EPOLLOUT
- ethtool: reduce stack usage with clang
- iommu: Remove device link to group on failure
- gpio: Fix error message on out-of-range GPIO in lookup table
- hsr: reset network header when supervision frame is created
- RDMA/srpt: Report the SCSI residual to the initiator
- scsi: enclosure: Fix stale device oops with hot replug
- scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI
- [x86] platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0
- [armhf] clk: samsung: exynos5420: Preserve CPU clocks configuration
during suspend/resume
- compat_ioctl: handle SIOCOUTQNSD
- [ppc64el] powernv: Disable native PCIe port management
- [armhf] tty: serial: imx: use the sg count from dma_map_sg
- [i386] tty: serial: pch_uart: correct usage of dma_unmap_sg
- mtd: spi-nor: fix silent truncation in spi_nor_read()
- rtlwifi: Remove unnecessary NULL check in rtl_regd_init
- f2fs: fix potential overflow
- scsi: libcxgbi: fix NULL pointer dereference in cxgbi_device_destroy()
- [mips*] Prevent link failure with kcov instrumentation
- [x86] ioat: ioat_alloc_ring() failure handling.
- ocfs2: call journal flush to mark journal as empty after journal recovery
when mount
- dt-bindings: reset: meson8b: fix duplicate reset IDs
- clk: Don't try to enable critical clocks if prepare failed
- ALSA: seq: Fix racy access for queue timer in proc read
- [x86] Fix built-in early-load Intel microcode alignment
- block: fix an integer overflow in logical block size
- iio: buffer: align the size of scan bytes to size of the largest element
- USB: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx
- USB: serial: opticon: fix control-message timeouts
- USB: serial: suppress driver bind attributes
- USB: serial: ch341: handle unbound port at reset_resume
- USB: serial: io_edgeport: add missing active-port sanity check
- USB: serial: quatech2: handle unbound ports
- usb: core: hub: Improved device recognition on remote wakeup
- [x86] efistub: Disable paging at mixed mode entry
- perf hists: Fix variable name's inconsistency in hists__for_each() macro
- perf report: Fix incorrectly added dimensions as switch perf data file
- mm/page-writeback.c: avoid potential division by zero in
wb_min_max_ratio()
- [arm64] net: stmmac: 16KB buffer must be 16 byte aligned
- [arm64] net: stmmac: Enable 16KB buffer size
- USB: serial: io_edgeport: use irqsave() in USB's complete callback
- USB: serial: io_edgeport: handle unbound ports on URB completion
- USB: serial: keyspan: handle unbound ports
- scsi: fnic: use kernel's '%pM' format option to print MAC
- scsi: fnic: fix invalid stack access
- cfg80211: fix page refcount issue in A-MSDU decap
- netfilter: fix a use-after-free in mtype_destroy()
- netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct
- batman-adv: Fix DAT candidate selection on little endian systems
- macvlan: use skb_reset_mac_header() in macvlan_queue_xmit()
- r8152: add missing endpoint sanity check
- tcp: fix marked lost packets not being retransmitted
- net: usb: lan78xx: limit size of local TSO packets
- cfg80211: check for set_wiphy_params
- reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr
- scsi: esas2r: unlock on error in esas2r_nvram_read_direct()
- scsi: qla4xxx: fix double free bug
- scsi: bnx2i: fix potential use after free
- scsi: target: core: Fix a pr_debug() argument
- scsi: core: scsi_trace: Use get_unaligned_be*()
- perf probe: Fix wrong address verification
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.212
- xfs: Sanity check flags of Q_XQUOTARM call
- [ppc64el] archrandom: fix arch_get_random_seed_int()
- mt7601u: fix bbp version check in mt7601u_wait_bbp_ready
- drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset()
- ALSA: hda: fix unused variable warning
- IB/rxe: replace kvfree with vfree
- ALSA: usb-audio: update quirk for B&W PX to remove microphone
- [x86] staging: comedi: ni_mio_common: protect register write overflow
- pcrypt: use format specifier in kobject_add
- exportfs: fix 'passing zero to ERR_PTR()' warning
- [armhf] clk: highbank: fix refcount leak in hb_clk_init()
- [armhf] clk: socfpga: fix refcount leak
- [armhf] clk: samsung: exynos4: fix refcount leak in exynos4_get_xom()
- [armhf] clk: imx6q: fix refcount leak in imx6q_clocks_init()
- [armhf] clk: armada-370: fix refcount leak in a370_clk_init()
- [armel] clk: kirkwood: fix refcount leak in kirkwood_clk_init()
- [armhf] clk: armada-xp: fix refcount leak in axp_clk_init()
- [x86] IB/usnic: Fix out of bounds index check in query pkey
- RDMA/ocrdma: Fix out of bounds index check in query pkey
- RDMA/qedr: Fix out of bounds index check in query pkey
- [arm64] dts: apq8016-sbc: Increase load on l11 for SDCARD
- [armhf] drm/etnaviv: NULL vs IS_ERR() buf in etnaviv_core_dump()
- crypto: tgr192 - fix unaligned memory access
- [armhf] ASoC: imx-sgtl5000: put of nodes if finding codec fails
- IB/iser: Pass the correct number of entries for dma mapped SGL
- rtc: cmos: ignore bogus century byte
- [armhf] clk: sunxi-ng: sun8i-a23: Enable PLL-MIPI LDOs when ungating it
- iwlwifi: mvm: fix A-MPDU reference assignment
- tty: ipwireless: Fix potential NULL pointer dereference
- iwlwifi: mvm: fix RSS config command
- [mips*/*-malta] rtc: ds1672: fix unintended sign extension
- net: phy: fixed_phy: Fix fixed_phy not checking GPIO
- [arm64] rtc: pm8xxx: fix unintended sign extension
- iw_cxgb4: use tos when importing the endpoint
- iw_cxgb4: use tos when finding ipv6 routes
- [armhf] usb: phy: twl6030-usb: fix possible use-after-free on remove
- block: don't use bio->bi_vcnt to figure out segment number
- keys: Timestamp new keys
- vfio_pci: Enable memory accesses before calling pci_map_rom
- [arm*] dmaengine: mv_xor: Use correct device for DMA API
- cdc-wdm: pass return value of recover_from_urb_loss
- drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON
- drm/nouveau/pmu: don't print reply values if exec is false
- [arm64] ASoC: qcom: Fix of-node refcount unbalance in
apq8016_sbc_parse_of()
- fs/nfs: Fix nfs_parse_devname to not modify it's argument
- NFS: Fix a soft lockup in the delegation recovery code
- [armhf] clocksource/drivers/sun5i: Fail gracefully when clock rate is
unavailable
- [armhf] clocksource/drivers/exynos_mct: Fix error path in timer resources
initialization
- [armhf] 8847/1: pm: fix HYP/SVC mode mismatch when MCPM is used
- [armhf] 8848/1: virt: Align GIC version check with arm64 counterpart
- scsi: megaraid_sas: reduce module load time
- xen, cpu_hotplug: Prevent an out of bounds access
- media: ivtv: update *pos correctly in ivtv_read_pos()
- media: cx18: update *pos correctly in cx18_read_pos()
- [armhf] media: wl128x: Fix an error code in fm_download_firmware()
- media: cx23885: check allocation return
- jfs: fix bogus variable self-initialization
- tipc: tipc clang warning
- [armhf] OMAP2+: Fix potentially uninitialized return value for
_setup_reset()
- [armhf,arm64] spi: tegra114: clear packed bit for unpacked mode
- [armhf,arm64] spi: tegra114: fix for unpacked mode transfers
- [armhf,arm64] spi: bcm2835aux: fix driver to not allow 65535 (=-1)
cs-gpios
- scsi: qla2xxx: Unregister chrdev if module initialization fails
- hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses
- tipc: set sysctl_tipc_rmem and named_timeout right range
- 6lowpan: Off by one handling ->nexthdr
- ALSA: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk()
- packet: in recvmsg msg_name return at least sizeof sockaddr_ll
- ASoC: fix valid stream condition
- IB/mlx5: Add missing XRC options to QP optional params mask
- [x86] iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU
- net: ena: fix swapped parameters when calling
ena_com_indirect_table_fill_entry
- net: ena: fix: Free napi resources when ena_up() fails
- net: ena: fix incorrect test of supported hash function
- net: ena: fix ena_com_fill_hash_function() implementation
- [arm64] dmaengine: tegra210-adma: restore channel status
- l2tp: Fix possible NULL pointer dereference
- [armhf] media: omap_vout: potential buffer overflow in vidioc_dqbuf()
- [x86] platform/x86: alienware-wmi: printing the wrong error code
- netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule
- [arm64] pwm: meson: Don't disable PWM when setting duty repeatedly
- [arm*] thermal: cpu_cooling: Actually trace CPU load in
thermal_power_cpu_get_power
- [arm64] dmaengine: tegra210-adma: Fix crash during probe
- [x86] crypto: ccp - fix AES CFB error exposed by new test vectors
- iommu: Use right function to get group for device
- signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of
force_sig
- inet: frags: call inet_frags_fini() after unregister_pernet_subsys()
- media: vivid: fix incorrect assignment operation when setting video mode
- [ppc64el] cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild
- [arm64] drm/msm/mdp5: Fix mdp5_cfg_init error return
- net: netem: fix backlog accounting for corrupted GSO frames
- [s390x] net/af_iucv: always register net_device notifier
- [armhf] ASoC: ti: davinci-mcasp: Fix slot mask settings when using
multiple AXRs
- rtc: pcf8563: Clear event flags and disable interrupts before requesting
irq
- [arm64] drm/msm/a3xx: remove TPL1 regs from snapshot
- perf/ioctl: Add check for the sample_period value
- [arm64] clk: qcom: Fix -Wunused-const-variable
- [x86] iommu/amd: Make iommu_disable safer
- [x86] mfd: intel-lpss: Release IDA resources
- rxrpc: Fix uninitialized error code in rxrpc_send_data_packet()
- devres: allow const resource arguments
- scsi: libfc: fix null pointer dereference on a null lport
- libertas_tf: Use correct channel range in lbtf_geo_init
- qed: reduce maximum stack frame size
- usb: host: xhci-hub: fix extra endianness conversion
- [amd64] mic: avoid statically declaring a 'struct device'.
- [ppc64el] ALSA: aoa: onyx: always initialize register read value
- net/mlx5: Fix mlx5_ifc_query_lag_out_bits
- cifs: fix rmmod regression in cifs.ko caused by force_sig changes
- ext4: set error return correctly when ext4_htree_store_dirent fails
- [armhf] ASoC: es8328: Fix copy-paste error in es8328_right_line_controls
- signal: Allow cifs and drbd to receive their terminating signals
- [x86] dmaengine: dw: platform: Switch to acpi_dma_controller_register()
- mac80211: minstrel_ht: fix per-group max throughput rate initialization
- [mips*] avoid explicit UB in assignment of mips_io_port_base
- ahci: Do not export local variable ahci_em_messages
- Partially revert "kfifo: fix kfifo_alloc() and kfifo_init()"
- hwmon: (lm75) Fix write operations for negative temperatures
- power: supply: Init device wakeup after device_add()
- bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA
- ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init
- Btrfs: fix hang when loading existing inode cache off disk
- net/rds: Fix 'ib_evt_handler_call' element in 'rds_ib_stat_names'
- [x86] iommu/amd: Wait for completion of IOTLB flush in attach_device
- [arm64] net: hisilicon: Fix signedness bug in hix5hd2_dev_probe()
- [arm64] net: stmmac: dwmac-meson8b: Fix signedness bug in probe
- of: mdio: Fix a signedness bug in of_phy_get_and_connect()
- [arm64] net: ethernet: stmmac: Fix signedness bug in
ipq806x_gmac_of_parse()
- nvme: retain split access workaround for capability reads
- [arm64] net: stmmac: gmac4+: Not all Unicast addresses may be available
- mac80211: accept deauth frames in IBSS mode
- llc: fix another potential sk_buff leak in llc_ui_sendmsg()
- llc: fix sk_buff refcounting in llc_conn_state_process()
- [arm64] net: stmmac: fix length of PTP clock's name string
- act_mirred: Fix mirred_init_module error handling
- [arm64] drm/msm/dsi: Implement reset correctly
- [armhf] dmaengine: imx-sdma: fix size check for sdma script_number
- net: netem: fix error path for corrupted GSO frames
- net: netem: correct the parent's backlog when corrupted packet was
dropped
- afs: Fix large file support
- [mips*el/loongson-3] Fix return value of loongson_hwmon_init
- net: neigh: use long type to store jiffies delta
- packet: fix data-race in fanout_flow_is_huge()
- [armhf] dmaengine: ti: edma: fix missed failure handling
- drm/radeon: fix bad DMA from INTERRUPT_CNTL2
- [arm64] dts: juno: Fix UART frequency
- IB/iser: Fix dma_nents type definition
- net: ethtool: Add back transceiver type
- net: phy: Keep reporting transceiver type
- atm: firestream: fix memory leaks
- net: cxgb3_main: Add CAP_NET_ADMIN check to CHELSIO_GET_MEM
- net, ip6_tunnel: fix namespaces move
- net, ip_tunnel: fix namespaces move
- net_sched: fix datalen for ematch
- tcp_bbr: improve arithmetic division in bbr_update_bw()
- net: usb: lan78xx: Add .ndo_features_check
- gtp: make sure only SOCK_DGRAM UDP sockets are accepted
- hwmon: (adt7475) Make volt2reg return same reg as reg2volt input
- hwmon: (core) Simplify sysfs attribute name allocation
- hwmon: Deal with errors from the thermal subsystem
- hwmon: (core) Fix double-free in __hwmon_device_register()
- hwmon: (core) Do not use device managed functions for memory allocations
- Input: keyspan-remote - fix control-message timeouts
- [armel,armhf] 8950/1: ftrace/recordmcount: filter relocation types
- [armhf,arm64] mmc: tegra: fix SDR50 tuning override
- mmc: sdhci: fix minimum clock rate for v3 controller
- Input: sur40 - fix interface sanity checks
- Input: gtco - fix endpoint sanity check
- Input: aiptek - fix endpoint sanity check
- Input: pegasus_notetaker - fix endpoint sanity check
- [armhf] Input: sun4i-ts - add a check for
devm_thermal_zone_of_sensor_register
- tracing: xen: Ordered comparison of function pointers
- [arm64] Documentation: Document arm64 kpti control
- [arm64] kpti: Whitelist Cortex-A CPUs that don't implement the CSV3 field
- bcache: silence static checker warning
- scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func
- md: Avoid namespace collision with bitmap API
- bitmap: Add bitmap_alloc(), bitmap_zalloc() and bitmap_free()
- netfilter: ipset: use bitmap infrastructure completely
- net/x25: fix nonblocking connect
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.213
- ALSA: pcm: Add missing copy ops check before clearing buffer
- orinoco_usb: fix interface sanity check
- rsi_91x_usb: fix interface sanity check
- USB: serial: ir-usb: add missing endpoint sanity check
- USB: serial: ir-usb: fix link-speed handling
- USB: serial: ir-usb: fix IrLAP framing
- [x86] staging: wlan-ng: ensure error return is actually returned
- [x86] staging: vt6656: correct packet types for CTS protect, mode.
- [x86] staging: vt6656: use NULLFUCTION stack on mac80211
- [x86] staging: vt6656: Fix false Tx excessive retries reporting.
- [arm64] serial: 8250_bcm2835aux: Fix line mismatch on driver unbind
- ath9k: fix storage endpoint lookup
- brcmfmac: fix interface sanity check
- rtl8xxxu: fix interface sanity check
- zd1211rw: fix storage endpoint lookup
- drivers/net/b44: Change to non-atomic bit operations on pwol_mask
- [i386] net: wan: sdla: Fix cast from pointer to integer of different size
- [arm64] gpio: max77620: Add missing dependency on GPIOLIB_IRQCHIP
- atm: eni: fix uninitialized variable warning
- usb-storage: Disable UAS on JMicron SATA enclosure
- net_sched: ematch: reject invalid TCF_EM_SIMPLE
- crypto: af_alg - Use bh_lock_sock in sk_destruct
- crypto: pcrypt - Fix user-after-free on module unload
- mm/mempolicy.c: fix out of bounds write in mpol_parse_str()
- reiserfs: Fix memory leak of journal device string
- media: digitv: don't continue if remote control state can't be read
- media: af9005: uninitialized variable printked
- media: gspca: zero usb_buf
- media: dvb-usb/dvb-usb-urb.c: initialize actlen to 0
- ttyprintk: fix a potential deadlock in interrupt context issue
- Bluetooth: Fix race condition in hci_release_sock()
- [armhf,arm64] usb: dwc3: turn off VBUS when leaving host mode
- media: si470x-i2c: Move free() past last use of 'radio'
- [armhf] ARM: dts: beagle-x15-common: Model 5V0 regulator
- mac80211: mesh: restrict airtime metric to peered established plinks
- ixgbevf: Remove limit of 10 entries for unicast filter list
- ixgbe: Fix calculation of queue with VFs and flow director on interface
flap
- wireless: fix enabling channel 12 for custom regulatory domain
- mac80211: Fix TKIP replay protection immediately after key setup
- wireless: wext: avoid gcc -O3 warning
- vti[6]: fix packet tx through bpf_redirect()
- scsi: fnic: do not queue commands during fwreset
- airo: Fix possible info leak in AIROOLDIOCTL/SIOCDEVPRIVATE
- airo: Add missing CAP_NET_ADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE
- r8152: get default setting of WOL before initializing
- qlcnic: Fix CPU soft lockup while collecting firmware dump
- cxgb4: seq_tab_next() should increase position index
- cxgb4: l2t_seq_next should increase position index
- net: Fix skb->csum update in inet_proto_csum_replace16().
- btrfs: do not zero f_bavail if we have available space
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.214
- media: iguanair: fix endpoint sanity check
- [x86] cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR
- ASoC: qcom: Fix of-node refcount unbalance to link->codec_of_node
- cls_rsvp: fix rsvp_policy
- gtp: use __GFP_NOWARN to avoid memalloc warning
- net_sched: fix an OOB access in cls_tcindex
- rxrpc: Fix insufficient receive notification generation
- rxrpc: Fix NULL pointer deref due to call->conn being cleared on
disconnect
- tcp: clear tp->total_retrans in tcp_disconnect()
- tcp: clear tp->delivered in tcp_disconnect()
- tcp: clear tp->data_segs{in|out} in tcp_disconnect()
- tcp: clear tp->segs_{in|out} in tcp_disconnect()
- media: uvcvideo: Avoid cyclic entity chains due to malformed USB
descriptors
- brcmfmac: Fix memory leak in brcmf_usbdev_qinit
- usb: gadget: legacy: set max_speed to super-speed
- usb: gadget: f_ncm: Use atomic_t to track in-flight request
- usb: gadget: f_ecm: Use atomic_t to track in-flight request
- ALSA: dummy: Fix PCM format loop in proc output
- media/v4l2-core: set pages dirty upon releasing DMA buffers
- media: v4l2-rect.h: fix v4l2_rect_map_inside() top/left adjustments
- [ppc64el] pseries: Advance pfn if section is not present in
lmb_is_removable()
- mmc: spi: Toggle SPI polarity, do not hardcode it
- ubifs: Change gfp flags in page allocation for bulk read
- ubifs: Fix deadlock in concurrent bulk-read and writepage
- crypto: api - Check spawn->alg under lock in crypto_drop_spawn
- scsi: qla2xxx: Fix mtcp dump collection failure
- power: supply: ltc2941-battery-gauge: fix use-after-free
- of: Add OF_DMA_DEFAULT_COHERENT & select it on powerpc
- dm space map common: fix to ensure new block isn't already in use
- crypto: pcrypt - Do not clear MAY_SLEEP flag in original request
- crypto: api - Fix race condition in crypto_spawn_alg
- btrfs: set trans->drity in btrfs_commit_transaction
- [armhf] tegra: Enable PLLP bypass during Tegra124 LP1
- mwifiex: fix unbalanced locking in mwifiex_process_country_ie()
- sunrpc: expiry_time should be seconds not timeval
- [x86] KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF
attacks
- [x86] KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF
attacks
- [x86] KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF
attacks
- [x86] KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from
Spectre-v1/L1TF attacks
- [x86] KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF
attacks
- [x86] KVM: x86: Protect MSR-based index computations in pmu.h from
Spectre-v1/L1TF attacks
- [x86] KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF
attacks
- [x86] KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF
attacks in x86.c
- [x86] KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks
- [x86] KVM: x86: Protect MSR-based index computations in
fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks
- [ppc64el] KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails
- [ppc64el] KVM: PPC: Book3S PR: Free shared page if mmu initialization
fails
- [x86] KVM: x86: Free wbinvd_dirty_mask if vCPU creation fails
- [armhf,arm64] clk: tegra: Mark fuse clock as critical
- scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return
type
- IB/mlx5: Fix outstanding_pi index for GSI qps
- nfsd: fix delay timer on 32-bit architectures
- nfsd: fix jiffies/time_t mixup in LRU list
- ubi: fastmap: Fix inverted logic in seen selfcheck
- ubi: Fix an error pointer dereference in error handling code
- bonding/alb: properly access headers in bond_alb_xmit()
- NFS: switch back to to ->iterate()
- NFS: Fix memory leaks and corruption in readdir
- NFS: Fix bool initialization/comparison
- NFS: Directory page cache pages need to be locked when read
- ext4: fix deadlock allocating crypto bounce page from mempool
- Btrfs: fix assertion failure on fsync with NO_HOLES enabled
- btrfs: use bool argument in free_root_pointers()
- btrfs: remove trivial locking wrappers of tree mod log
- Btrfs: fix race between adding and putting tree mod seq elements and
nodes
- [x86] KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks
- btrfs: flush write bio if we loop in extent_write_cache_pages
- [x86] KVM: x86/mmu: Apply max PA check for MMIO sptes to 32-bit KVM
- [x86] KVM: nVMX: vmread should not set rflags to specify success in case
of #PF
- cifs: fail i/o on soft mounts if sessionsetup errors out
- clocksource: Prevent double add_timer_on() for watchdog_timer
- perf/core: Fix mlock accounting in perf_mmap()
- rxrpc: Fix service call disconnection
- ASoC: pcm: update FE/BE trigger order based on the command
- RDMA/netlink: Do not always generate an ACK for some netlink operations
- scsi: ufs: Fix ufshcd_probe_hba() reture value in case
ufshcd_scsi_add_wlus() fails
- PCI: Don't disable bridge BARs when assigning bus resources
- nfs: NFS_SWAP should depend on SWAP
- NFSv4: try lease recovery on NFS4ERR_EXPIRED
- rtc: cmos: Stop using shared IRQ
- [ppc64el] pseries: Allow not having ibm, hypertas-functions::
hcall-multi-tce for DDW
- scsi: megaraid_sas: Do not initiate OCR if controller is not in ready
state
- dm: fix potential for q->make_request_fn NULL pointer
- libertas: don't exit from lbs_ibss_join_existing() with RCU read lock
held
- libertas: make lbs_ibss_join_existing() return error code on rates
overflow
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.215
- [x86] vdso: Use RDPID in preference to LSL when available
- ALSA: hda: Use scnprintf() for printing texts for sysfs/procfs
- ecryptfs: fix a memory leak bug in parse_tag_1_packet()
- ecryptfs: fix a memory leak bug in ecryptfs_init_messaging()
- ALSA: usb-audio: Apply sample rate quirk for Audioengine D1
- ext4: don't assume that mmp_nodename/bdevname have NUL
- ext4: fix checksum errors with indexed dirs
- ext4: improve explanation of a mount failure caused by a misconfigured
kernel
- Btrfs: fix race between using extent maps and merging them
- btrfs: log message when rw remount is attempted with unclean tree-log
- [x86] perf/x86/amd: Add missing L2 misses event spec to AMD Family 17h's
event map
- padata: Remove broken queue flushing
- [s390x] time: Fix clk type in get_tod_clock
- [x86] perf/x86/intel: Fix inaccurate period in context switch for
auto-reload
- jbd2: move the clearing of b_modified flag to the journal_unmap_buffer()
- jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer
- btrfs: print message when tree-log replay starts
- scsi: qla2xxx: fix a potential NULL pointer dereference
- [x86] drm/gma500: Fixup fbdev stolen size usage evaluation
- cpu/hotplug, stop_machine: Fix stop_machine vs hotplug order
- brcmfmac: Fix use after free in brcmf_sdio_readframes()
- [ppc64el] powernv/iov: Ensure the pdn for VFs always contains a valid PE
number
- [x86] pinctrl: baytrail: Do not clear IRQ flags on direct-irq enabled
pins
- [x86] efi/x86: Map the entire EFI vendor string before copying it
- [mips*el/loongson-3] Fix potential NULL dereference in
loongson3_platform_init()
- uio: fix a sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol()
- usb: gadget: udc: fix possible sleep-in-atomic-context bugs in gr_probe()
- jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info
when load journal
- [x86] sysfb: Fix check for bad VRAM size
- tracing: Fix tracing_stat return values in error handling paths
- tracing: Fix very unlikely race of registering two stat tracers
- ext4, jbd2: ensure panic when aborting with zero errno
- [arm64] clk: qcom: rcg2: Don't crash if our parent can't be found; return
an error
- drm/amdgpu: remove 4 set but not used variable in
amdgpu_atombios_get_connector_info_from_object_table
- [armhf] regulator: rk808: Lower log level on optional GPIOs being not
available
- PCI/IOV: Fix memory leak in pci_iov_add_virtfn()
- NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use
le16_add_cpu().
- media: v4l2-device.h: Explicitly compare grp{id,mask} to zero in
v4l2_device macros
- reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling
- b43legacy: Fix -Wcast-function-type
- [x86] ipw2x00: Fix -Wcast-function-type
- iwlegacy: Fix -Wcast-function-type
- rtlwifi: rtl_pci: Fix -Wcast-function-type
- orinoco: avoid assertion in case of NULL pointer
- ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1
- RDMA/rxe: Fix error type of mmap_offset
- usbip: Fix unsafe unaligned pointer usage
- udf: Fix free space reporting for metadata and virtual partitions
- [armhf] soc/tegra: fuse: Correct straps' address for older Tegra124
device trees
- rcu: Use WRITE_ONCE() for assignments to ->pprev for hlist_nulls
- driver core: platform: Prevent resouce overflow from causing infinite
loops
- driver core: Print device when resources present in really_probe()
- drm/nouveau/gr/gk20a,gm200-: add terminators to method lists read from fw
- drm/nouveau: Fix copy-paste error in nouveau_fence_wait_uevent_handler
- [x86] drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add
- [armhf] usb: musb: omap2430: Get rid of musb .set_vbus for omap2430 glue
- [arm64] iommu/arm-smmu-v3: Use WRITE_ONCE() when changing validity of an
STE
- scsi: iscsi: Don't destroy session if there are outstanding connections
- [arm64] fix alternatives with LLVM's integrated assembler
- [armhf] pwm: omap-dmtimer: Remove PWM chip in .remove before making it
unfunctional
- cmd64x: potential buffer overflow in cmd64x_program_timings()
- [x86] decoder: Add TEST opcode to Group3-2
- [s390x] ftrace: generate traced function stack frame
- driver core: platform: fix u32 greater or equal to zero comparison
- [x86] ALSA: hda - Add docking station support for Lenovo Thinkpad T420s
- [ppc64el] sriov: Remove VF eeh_dev state when disabling SR-IOV
- jbd2: switch to use jbd2_journal_abort() when failed to submit the commit
record
- iwlegacy: ensure loop counter addr does not wrap and cause an infinite
loop
- cifs: fix NULL dereference in match_prepath
- [armhf,arm64] irqchip/gic-v3: Only provision redistributors that are
enabled in ACPI
- drm/nouveau/disp/nv50-: prevent oops when no channel method map provided
- ftrace: fpid_next() should increase position index
- tracing: trigger_next should increase position index
- radeon: insert 10ms sleep in dce5_crtc_load_lut
- ocfs2: fix a NULL pointer dereference when call
ocfs2_update_inode_fsync_trans()
- reiserfs: prevent NULL pointer dereference in reiserfs_insert_item()
- bcache: explicity type cast in bset_bkey_last()
- [armhf,arm64] irqchip/gic-v3-its: Reference to its_invall_cmd descriptor
when building INVALL
- iwlwifi: mvm: Fix thermal zone registration
- brd: check and limit max_part par
- selinux: ensure we cleanup the internal AVC counters on error in
avc_update()
- enic: prevent waking up stopped tx queues over watchdog reset
- net/sched: matchall: add missing validation of TCA_MATCHALL_FLAGS
- net/sched: flower: add missing validation of TCA_FLOWER_FLAGS
- staging: android: ashmem: Disallow ashmem memory from being remapped
(CVE-2020-0009)
- [x86] staging: vt6656: fix sign of rx_dbm to bb_pre_ed_rssi.
- xhci: Force Maximum Packet size for Full-speed bulk devices to valid
range.
- usb: uas: fix a plug & unplug racing
- USB: Fix novation SourceControl XL after suspend
- USB: hub: Don't record a connect-change event during reset-resume
- staging: rtl8188eu: Fix potential security hole
- staging: rtl8188eu: Fix potential overuse of kernel memory
- [x86] mce/amd: Publish the bank pointer only after setup has succeeded
- [x86] mce/amd: Fix kobject lifetime
- [armhf] tty: serial: imx: setup the correct sg entry for tx dma
- Revert "ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()"
- [x86] xhci: apply XHCI_PME_STUCK_QUIRK to Intel Comet Lake platforms
- [x86] KVM: x86: don't notify userspace IOAPIC on edge-triggered interrupt
EOI
- netfilter: xt_bpf: add overflow checks
- ext4: fix a data race in EXT4_I(inode)->i_disksize
- ext4: add cond_resched() to __ext4_find_entry()
- ext4: fix mount failure with quota configured as module
- ext4: rename s_journal_flag_rwsem to s_writepages_rwsem
- ext4: fix race between writepages and enabling EXT4_EXTENTS_FL
- [x86] KVM: apic: avoid calculating pending eoi from an uninitialized val
- Btrfs: fix btrfs_wait_ordered_range() so that it waits for all ordered
extents
- scsi: Revert "target: iscsi: Wait for all commands to finish before
freeing a session"
- usb: gadget: composite: Fix bMaxPower for SuperSpeedPlus
- ecryptfs: replace BUG_ON with error handling code
- ALSA: rawmidi: Avoid bit fields for state flags
- ALSA: seq: Avoid concurrent access to queue flags
- ALSA: seq: Fix concurrent access to queue current tick/time
- netfilter: xt_hashlimit: limit the max size of hashtable
- ata: ahci: Add shutdown to freeze hardware resources of ahci
- xen: Enable interrupts when calling _cond_resched()
- [s390x] mm: Explicitly compare PAGE_DEFAULT_KEY against zero in
storage_key_init_range
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.216
- iwlwifi: pcie: fix rb_allocator workqueue allocation
- ext4: fix potential race between online resizing and write operations
- ext4: fix potential race between s_flex_groups online resizing and access
- ext4: fix potential race between s_group_info online resizing and access
- ipmi:ssif: Handle a possible NULL pointer reference
- [arm64] drm/msm: Set dma maximum segment size for mdss
- mac80211: consider more elements in parsing CRC
- cfg80211: check wiphy driver existence for drvinfo report
- qmi_wwan: re-add DW5821e pre-production variant
- net: ena: fix potential crash when rxfh key is NULL
- net: ena: add missing ethtool TX timestamping indication
- net: ena: fix incorrect default RSS key
- net: ena: rss: fix failure to get indirection table
- net: ena: rss: store hash function as values and not bits
- net: ena: fix incorrectly saving queue numbers when setting RSS
indirection table
- net: ena: ena-com.c: prevent NULL pointer dereference
- cifs: Fix mode output in debugging statements
- cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE
- sysrq: Restore original console_loglevel when sysrq disabled
- sysrq: Remove duplicated sysrq message
- net: fib_rules: Correctly set table field when table number exceeds 8
bits
- net: phy: restore mdio regs in the iproc mdio driver
- ipv6: Fix nlmsg_flags when splitting a multipath route
- ipv6: Fix route replacement with dev-only route
- sctp: move the format error check out of __sctp_sf_do_9_1_abort
- [x86] nfc: pn544: Fix occasional HW initialization failure
- net: sched: correct flower port blocking
- ext4: potential crash on allocation error in ext4_alloc_flex_bg_array()
- audit: fix error handling in audit_data_to_entry()
- ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro
- ACPI: watchdog: Fix gas->access_width usage
- HID: core: fix off-by-one memset in hid_report_raw_event()
- HID: core: increase HID report buffer size to 8KiB
- HID: hiddev: Fix race in in hiddev_disconnect()
- [mips*] VPE: Fix a double free and a memory leak in 'release_vpe()'
- ecryptfs: Fix up bad backport of fe2e082f5da5b4a0a92ae32978f81507ef37ec66
- serial: 8250: Check UPF_IRQ_SHARED in advance
- include/linux/bitops.h: introduce BITS_PER_TYPE
- net: netlink: cap max groups which will be considered in netlink_bind()
- net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE
- namei: only return -ECHILD from follow_dotdot_rcu()
- KVM: Check for a bad hva before dropping into the ghc slow path
- tuntap: correctly set SOCKWQ_ASYNC_NOSPACE
- [arm64] drivers: net: xgene: Fix the order of the arguments of
'alloc_etherdev_mqs()'
- perf hists browser: Restore ESC as "Zoom out" of DSO/thread/etc
- mm/huge_memory.c: use head to check huge zero page
- audit: always check the netlink payload length in audit_receive_msg()
- usb: gadget: composite: Support more than 500mA MaxPower
- usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags
- usb: gadget: serial: fix Tx stall after buffer overflow
- [arm64] drm: msm: Fix return type of dsi_mgr_connector_mode_valid for
kCFI
- [arm64] drm/msm/dsi: save pll state before dsi host is powered off
- [s390x] cio: cio_ignore_proc_seq_next should increase position index
- cifs: don't leak -EAGAIN for stat() during reconnect
- usb: storage: Add quirk for Samsung Fit flash
- usb: quirks: add NO_LPM quirk for Logitech Screen Share
- usb: core: hub: do error out if usb_autopm_get_interface() fails
- usb: core: port: do error out if usb_autopm_get_interface() fails
- fat: fix uninit-memory access for partial initialized inode
- [arm64] tty:serial:mvebu-uart:fix a wrong return
- [x86] pkeys: Manually set X86_FEATURE_OSPKE to preserve existing changes
- [armhf,arm64] dmaengine: tegra-apb: Fix use-after-free
- [armhf,arm64] dmaengine: tegra-apb: Prevent race conditions of tasklet vs
free list
- ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output
- ASoC: dapm: Correct DAPM handling of active widgets during shutdown
- RDMA/iwcm: Fix iwcm work deallocation
- RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen()
- hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT()
- [ppc64el] fix hardware PMU exception bug on PowerVM compatibility mode
systems
- dm cache: fix a crash due to incorrect work item cancelling
- crypto: algif_skcipher - use ZERO_OR_NULL_PTR in skcipher_recvmsg_async
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.217
- NFS: Remove superfluous kmap in nfs_readdir_xdr_to_array
- phy: Revert toggling reset changes.
- net: phy: Avoid multiple suspends
- cgroup, netclassid: periodically release file_lock on classid updating
- gre: fix uninit-value in __iptunnel_pull_header
- ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface
- net: macsec: update SCI upon MAC address change.
- net: nfc: fix bounds checking bugs on "pipe"
- r8152: check disconnect status after long sleep
- bnxt_en: reinitialize IRQs when MTU is modified
- fib: add missing attribute validation for tun_id
- nl802154: add missing attribute validation
- nl802154: add missing attribute validation for dev_type
- macsec: add missing attribute validation for port
- net: fq: add missing attribute validation for orphan mask
- team: add missing attribute validation for port ifindex
- team: add missing attribute validation for array index
- nfc: add missing attribute validation for SE API
- nfc: add missing attribute validation for vendor subcommand
- ipvlan: add cond_resched_rcu() while processing muticast backlog
- ipvlan: do not add hardware address of master to its unicast filter list
- ipvlan: egress mcast packets are not exceptional
- ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast()
- ipvlan: don't deref eth hdr before checking it's set
- macvlan: add cond_resched() during multicast processing
- bonding/alb: make sure arp header is pulled before accessing it
- cgroup: memcg: net: do not associate sock with unrelated cgroup
- net: phy: fix MDIO bus PM PHY resuming
- virtio-blk: fix hw_queue stopped on arbitrary error
- [x86] iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with
pr_warn + add_taint
- workqueue: don't use wq_select_unbound_cpu() for bound works
- drm/amd/display: remove duplicated assignment to grph_obj_type
- cifs_atomic_open(): fix double-put on late allocation failure
- gfs2_atomic_open(): fix O_EXCL|O_CREAT handling on cold dcache
- [x86] KVM: x86: clear stale x86_emulate_ctxt->intercept value
- efi: Fix a race and a buffer overflow while reading efivars via sysfs
- [x86] iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint
- [x86] iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page
- nl80211: add missing attribute validation for critical protocol
indication
- nl80211: add missing attribute validation for beacon report scanning
- nl80211: add missing attribute validation for channel switch
- netfilter: cthelper: add missing attribute validation for cthelper
- [x86] iommu/vt-d: Fix the wrong printing in RHSA parsing
- [x86] iommu/vt-d: Ignore devices with out-of-spec domain number
- ipv6: restrict IPV6_ADDRFORM operation
- efi: Add a sanity check to efivar_store_raw()
- batman-adv: Fix double free during fragment merge error
- batman-adv: Fix transmission of final, 16th fragment
- batman-adv: Initialize gw sel_class via batadv_algo
- batman-adv: Fix rx packet/bytes stats on local ARP reply
- batman-adv: Use default throughput value on cfg80211 error
- batman-adv: Accept only filled wifi station info
- batman-adv: fix TT sync flag inconsistencies
- batman-adv: Avoid spurious warnings from bat_v neigh_cmp implementation
- batman-adv: Always initialize fragment header priority
- batman-adv: Fix check of retrieved orig_gw in batadv_v_gw_is_eligible
- batman-adv: Fix lock for ogm cnt access in batadv_iv_ogm_calc_tq
- batman-adv: Fix internal interface indices types
- batman-adv: Avoid race in TT TVLV allocator helper
- batman-adv: Fix TT sync flags for intermediate TT responses
- batman-adv: prevent TT request storms by not sending inconsistent TT
TLVLs
- batman-adv: Fix debugfs path for renamed hardif
- batman-adv: Fix debugfs path for renamed softif
- batman-adv: Avoid storing non-TT-sync flags on singular entries too
- batman-adv: Fix multicast TT issues with bogus ROAM flags
- batman-adv: Prevent duplicated gateway_node entry
- batman-adv: Fix duplicated OGMs on NETDEV_UP
- batman-adv: Avoid free/alloc race when handling OGM2 buffer
- batman-adv: Avoid free/alloc race when handling OGM buffer
- batman-adv: Don't schedule OGM for disabled interface
- batman-adv: update data pointers after skb_cow()
- batman-adv: Avoid probe ELP information leak
- batman-adv: Use explicit tvlv padding for ELP packets
- [x86] perf/amd/uncore: Replace manual sampling check with
CAP_NO_INTERRUPT flag
- ACPI: watchdog: Allow disabling WDAT at boot
- HID: apple: Add support for recent firmware on Magic Keyboards
- [x86] HID: i2c-hid: add Trekstor Surfbook E11B to descriptor override
- cfg80211: check reg_rule for NULL in handle_channel_custom()
- mac80211: rx: avoid RCU list traversal under mutex
- signal: avoid double atomic counter increments for user accounting
- jbd2: fix data races at struct journal_head
- [armhf] 8957/1: VDSO: Match ARMv8 timer in cntvct_functional()
- [armel,armhf] 8958/1: rename missed uaccess .fixup section
- mm: slub: add missing TID bump in kmem_cache_alloc_bulk()
- ipv4: ensure rcu_read_lock() in cipso_v4_error()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.218
- [arm64] spi: qup: call spi_qup_pm_resume_runtime before suspending
- [armhf] dts: dra7: Add "dma-ranges" property to PCIe RC DT nodes
- [armhf] drm/exynos: dsi: propagate error value and silence meaningless
warning
- [armhf] drm/exynos: dsi: fix workaround for the legacy clock name
- USB: Disable LPM on WD19's Realtek Hub
- usb: quirks: add NO_LPM quirk for RTL8153 based ethernet adapters
- USB: serial: option: add ME910G1 ECM composition 0x110b
- usb: host: xhci-plat: add a shutdown
- USB: serial: pl2303: add device-id for HP LD381
- ALSA: line6: Fix endless MIDI read loop
- ALSA: seq: virmidi: Fix running status after receiving sysex
- ALSA: seq: oss: Fix running status after receiving sysex
- ALSA: pcm: oss: Avoid plugin buffer overflow
- ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks
- staging: rtl8188eu: Add device id for MERCUSYS MW150US v2
- staging/speakup: fix get_word non-space look-ahead
- [x86] intel_th: Fix user-visible error codes
- memcg: fix NULL pointer dereference in
__mem_cgroup_usage_unregister_event
- mm: slub: be more careful about the double cmpxchg of freelist
- mm, slub: prevent kmalloc_node crashes and memory leaks
- [x86] mm: split vmalloc_sync_all()
- USB: cdc-acm: fix close_delay and closing_wait units in TIOCSSERIAL
- USB: cdc-acm: fix rounding error in TIOCSSERIAL
- futex: Fix inode life-time issue
- futex: Unbreak futex hashing
- [arm64] smp: fix smp_send_stop() behaviour
- hsr: fix general protection fault in hsr_addr_is_self()
- macsec: restrict to ethernet devices
- net: dsa: Fix duplicate frames flooded by learning
- net_sched: cls_route: remove the right filter from hashtable
- net_sched: keep alloc_hash updated after hash allocation
- vxlan: check return value of gro_cells_init()
- [armhf] net: mvneta: Fix the case where the last poll did not process all
rx
- hsr: use rcu_read_lock() in hsr_get_node_{list/status}()
- hsr: add restart routine into hsr_get_node_list()
- hsr: set .netnsok flag
- [x86] KVM: VMX: Do not allow reexecute_instruction() when skipping MMIO
instr
- net: ipv4: don't let PMTU updates increase route MTU
- cpupower: avoid multiple definition with gcc -fno-common
- scsi: ipr: Fix softlockup when rescanning devices in petitboot
- mac80211: Do not send mesh HWMP PREQ if HWMP is disabled
- [armhf] dts: dra7: Add bus_dma_limit for L3 bus
- [armhf] dts: omap5: Add bus_dma_limit for L3 bus
- perf probe: Do not depend on dwfl_module_addrsym()
- scripts/dtc: Remove redundant YYLOC global declaration
- scsi: sd: Fix optimal I/O size for devices that change reported values
- mac80211: mark station unauthorized before key removal
- genirq: Fix reference leaks on irq affinity notifiers
- vti[6]: fix packet tx through bpf_redirect() in XinY cases
- xfrm: fix uctx len check in verify_sec_ctx_len
- xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire
- xfrm: policy: Fix doulbe free in xfrm_policy_timer
- netfilter: nft_fwd_netdev: validate family and chain type
- vti6: Fix memory leak of skb if input policy check fails
- tools: Let O= makes handle a relative path with -C option
- USB: serial: option: add support for ASKEY WWHC050
- USB: serial: option: add BroadMobi BM806U
- USB: serial: option: add Wistron Neweb D19Q1
- USB: cdc-acm: restore capability check order
- USB: serial: io_edgeport: fix slab-out-of-bounds read in
edge_interrupt_callback
- [armhf] usb: musb: fix crash with highmen PIO and usbmon
- media: flexcop-usb: fix endpoint sanity check
- media: usbtv: fix control-message timeouts
- staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table
- [x86] staging: wlan-ng: fix ODEBUG bug in prism2sta_disconnect_usb
- [x86] staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback
- libfs: fix infoleak in simple_attr_read()
- media: dib0700: fix rc endpoint lookup
- mac80211: Check port authorization in the ieee80211_tx_dequeue() case
- mac80211: fix authentication with iwlwifi/mvm
- bpf: Explicitly memset the bpf_attr structure
- perf map: Fix off by one in strncpy() size argument
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.219
- l2tp: ensure sessions are freed after their PPPOL2TP socket
- l2tp: fix race between l2tp_session_delete() and l2tp_tunnel_closeall()
- drm/bochs: downgrade pci_request_region failure from error to warning
- ipv4: fix a RCU-list lock in fib_triestat_seq_show
- net, ip_tunnel: fix interface lookup with no key
- sctp: fix refcount bug in sctp_wfree
- sctp: fix possibly using a bad saddr with a given dst
- [armhf] drm/etnaviv: replace MMU flush marker with flush sequence
- blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter
- blk-mq: Allow blocking queue tag iter callbacks
- [armhf] net: dsa: tag_brcm: Fix skb->fwd_offload_mark location
- padata: always acquire cpu_hotplug_lock before pinst->lock
- [armhf] net: dsa: bcm_sf2: Ensure correct sub-node is parsed
- [armhf,arm64] net: stmmac: dwmac1000: fix out-of-bounds mac address reg
setting
- net: phy: micrel: kszphy_resume(): add delay after genphy_resume() before
accessing PHY registers
- IB/hfi1: Call kobject_put() when kobject_init_and_add() fails
- IB/hfi1: Fix memory leaks in sysfs registration and unregistration
- ceph: remove the extra slashes in the server path
- ceph: canonicalize server path in place
- Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
- RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow
- [arm64] clk: qcom: rcg: Return failure for RCG update
- [arm64] drm/msm: stop abusing dma_map/unmap for cache
- [arm64] Fix size of __early_cpu_boot_status
- [armhf,arm64] usb: dwc3: don't set gadget->is_otg flag
- drm_dp_mst_topology: fix broken drm_dp_sideband_parse_remote_dpcd_read()
- [arm64] drm/msm: Use the correct dma_sync calls in msm_gem
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.220
- net: vxge: fix wrong __VA_ARGS__ usage
- qlcnic: Fix bad kzalloc null test
- sched: Avoid scale real weight down to zero
- libata: Remove extra scsi_host_put() in ata_scsi_add_hosts()
- [x86] boot: Use unsigned comparison for addresses
- locking/lockdep: Avoid recursion in lockdep_count_{for,back}ward_deps()
- btrfs: remove a BUG_ON() from merge_reloc_roots()
- btrfs: track reloc roots based on their commit root bytenr
- misc: rtsx: set correct pcr_ops for rts522A
- ASoC: fix regwmask
- ASoC: dapm: connect virtual mux with default value
- ASoC: dpcm: allow start or stop during pause for backend
- ASoC: topology: use name_prefix for new kcontrol
- usb: gadget: f_fs: Fix use after free issue as part of queue failure
- usb: gadget: composite: Inform controller driver of self-powered
- ALSA: usb-audio: Add mixer workaround for TRX40 and co
- ALSA: hda: Add driver blacklist
- ALSA: hda: Fix potential access overflow in beep helper
- ALSA: ice1724: Fix invalid access for enumerated ctl items
- ALSA: pcm: oss: Fix regression by buffer overflow fix
- [armhf] media: ti-vpe: cal: fix disable_irqs to only the intended target
- [x86] acpi/x86: ignore unspecified bit positions in the ACPI global lock
field
- KEYS: reaching the keys quotas correctly
- [mips*] OCTEON: irq: Fix potential NULL pointer dereference
- ath9k: Handle txpower changes even when TPC is disabled
- signal: Extend exec_id to 64bits (CVE-2020-12826)
- [i386] x86/entry/32: Add missing ASM_CLAC to general_protection entry
- [s390x] KVM: s390: vsie: Fix region 1 ASCE sanity shadow address checks
- [s390x] KVM: s390: vsie: Fix delivery of addressing exceptions
- [x86] KVM: x86: Allocate new rmap and large page tracking when moving
memslot
- [x86] KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec
support
- [x86] KVM: VMX: fix crash cleanup when KVM wasn't used
- btrfs: drop block from cache on error in relocation
- ALSA: hda: Initialize power_state field properly
- [x86] speculation: Remove redundant arch_smt_update() invocation
- mm: Use fixed constant in page_frag_alloc instead of size + 1
- dm verity fec: fix memory leak in verity_fec_dtr
- [s390x] scsi: zfcp: fix missing erp_lock in port recovery trigger for
point-to-point
- [arm64] armv8_deprecated: Fix undef_hook mask for thumb setend
- [armhf] rtc: omap: Use define directive for PIN_CONFIG_ACTIVE_HIGH
- ext4: fix a data race at inode->i_blocks
- ocfs2: no need try to truncate file beyond i_size
- [s390x] diag: fix display of diagnose call statistics
- [x86] Input: i8042 - add Acer Aspire 5738z to nomux list
- kmod: make request_module() return an error when autoloading is disabled
- [ppc64el] cpufreq: powernv: Fix use-after-free
- hfsplus: fix crash and filesystem corruption when deleting files
- libata: Return correct status in sata_pmp_eh_recover_pm() when
ATA_DFLAG_DETACH is set
- [ppc64el] 64/tm: Don't let userspace set regs->trap via sigreturn
- Btrfs: fix crash during unmount due to race with delayed inode workers
- drm/dp_mst: Fix clearing payload state on topology disable
- drm: Remove PageReserved manipulation from drm_pci_alloc
- ipmi: fix hung processes in __get_guid()
- hsr: check protocol version in hsr_newlink()
- net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin
- net: ipv6: do not consider routes via gateways for anycast address check
- scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic
- jbd2: improve comments about freeing data buffers whose page mapping is
NULL
- ext4: fix incorrect group count in ext4_fill_super error message
- ext4: fix incorrect inodes per group in error message
- [x86] ASoC: Intel: mrfld: fix incorrect check on p->sink
- [x86] ASoC: Intel: mrfld: return error codes when an error occurs
- ALSA: usb-audio: Don't override ignore_ctl_error value from the map
- btrfs: check commit root generation in should_ignore_root
- mac80211_hwsim: Use kstrndup() in place of kasprintf()
- ext4: do not zeroout extents beyond i_disksize
- dm flakey: check for null arg_name in parse_features()
- [x86] kvm: x86: Host feature SSBD doesn't imply guest feature
SPEC_CTRL_SSBD
- scsi: target: remove boilerplate code
- scsi: target: fix hang when multiple threads try to destroy the same
iscsi session
- tracing: Fix the race between registering 'snapshot' event trigger and
triggering 'snapshot' operation
- objtool: Fix switch table detection in .text.unlikely
- ALSA: hda: Don't release card at firmware loading error
- video: fbdev: sis: Remove unnecessary parentheses and commented code
- drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem
- Revert "gpio: set up initial state from .get_direction()"
- wil6210: increase firmware ready timeout
- wil6210: fix temperature debugfs
- scsi: ufs: make sure all interrupts are processed
- scsi: ufs: ufs-qcom: remove broken hci version quirk
- wil6210: rate limit wil_rx_refill error
- [arm64] rtc: pm8xxx: Fix issue in RTC write path
- wil6210: fix length check in __wmi_send
- of: fix missing kobject init for !SYSFS && OF_DYNAMIC config
- [arm64] cpu_errata: include required headers
- of: unittest: kmemleak in of_unittest_platform_populate()
- [armhf,arm64] power: supply: bq27xxx_battery: Silence deferred-probe
error
- [armhf,arm64] clk: tegra: Fix Tegra PMC clock out parents
- NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails
- [s390x] cpuinfo: fix wrong output when CPU0 is offline
- [ppc64el] maple: Fix declaration made after definition
- ext4: do not commit super on read-only bdev
- percpu_counter: fix a data race at vm_committed_as
- [s390x] KVM: s390: vsie: Fix possible race when shadowing region 3 tables
- NFS: Fix memory leaks in nfs_pageio_stop_mirroring()
- libnvdimm: Out of bounds read in __nd_ioctl()
- [x86] iommu/amd: Fix the configuration of GCR3 table root pointer
- fbdev: potential information leak in do_fb_ioctl()
- tty: evh_bytechan: Fix out of bounds accesses
- mtd: lpddr: Fix a double free in probe()
- mtd: phram: fix a double free issue in error path
- [x86] CPU: Add native CPUID variants returning a single datum
- [x86] microcode/intel: replace sync_core() with native_cpuid_reg(eax)
- [x86] vdso: Fix lsl operand order
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.221
- ext4: fix extent_status fragmentation for plain files
- net: ipv4: emulate READ_ONCE() on ->hdrincl bit-field in raw_sendmsg()
- net: ipv4: avoid unused variable warning for sysctl
- [arm64] drm/msm: Use the correct dma_sync calls harder
- vti4: removed duplicate log message.
- watchdog: reset last_hw_keepalive time at start
- scsi: lpfc: Fix kasan slab-out-of-bounds error in lpfc_unreg_login
- ceph: return ceph_mdsc_do_request() errors from __get_parent()
- ceph: don't skip updating wanted caps when cap is stale
- scsi: iscsi: Report unbind session event when the target has been removed
- [x86] ASoC: Intel: atom: Take the drv->lock mutex before calling
sst_send_slot_map()
- kernel/gcov/fs.c: gcov_seq_next() should increase position index
- ipc/util.c: sysvipc_find_ipc() should increase position index
- [s390x] cio: avoid duplicated 'ADD' uevents
- [armhf,arm64] pwm: bcm2835: Dynamically allocate base
- PCI/ASPM: Allow re-enabling Clock PM
- ipv6: fix restrict IPV6_ADDRFORM operation
- macsec: avoid to set wrong mtu
- macvlan: fix null dereference in macvlan_device_event()
- net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node
- net/x25: Fix x25_neigh refcnt leak when receiving frame
- tcp: cache line align MAX_TCP_HEADER
- team: fix hang in team_mode_get()
- [armhf] net: dsa: b53: Fix ARL register definitions
- xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish
- [x86] ALSA: hda: Remove ASUS ROG Zenith from the blacklist
- USB: sisusbvga: Change port variable from signed to unsigned
- USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair
K70 RGB RAPIDFIRE
- USB: hub: Fix handling of connect changes during sleep
- overflow.h: Add arithmetic shift helper
- vmalloc: fix remap_vmalloc_range() bounds checks
- ALSA: usx2y: Fix potential NULL dereference
- ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif
- ALSA: usb-audio: Filter out unsupported sample rates on Focusrite devices
- [x86] tpm/tpm_tis: Free IRQ if probing fails
- KVM: Check validity of resolved slot when searching memslots
- [i386] KVM: VMX: Enable machine check support for 32bit targets
- tty: hvc: fix buffer overflow during hvc_alloc().
- [x86] tty: rocket, avoid OOB access
- usb-storage: Add unusual_devs entry for JMicron JMS566
- audit: check the length of userspace generated audit records
- ASoC: dapm: fixup dapm kcontrol widget
- [i386] staging: comedi: dt2815: fix writing hi byte of analog output
- staging: comedi: Fix comedi_device refcnt leak in comedi_open
- [x86] staging: vt6656: Fix drivers TBTT timing counter.
- [x86] staging: vt6656: Power save stop wake_up_count wrap around.
- UAS: no use logging any details in case of ENODEV
- UAS: fix deadlock in error handling and PM flushing work
- usb: f_fs: Clear OS Extended descriptor counts to zero in
ffs_data_reset()
- remoteproc: Fix wrong rvring index computation
- fuse: fix possibly missed wake-up after abort
- mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer
- nfsd: memory corruption in nfsd4_lock()
- net/cxgb4: Check the return from t4_query_params properly
- perf/core: fix parent pid/tid in task exit events
- [x86] bpf, x86: Fix encoding for lower 8-bit registers in BPF_STX BPF_B
- xfs: fix partially uninitialized structure in xfs_reflink_remap_extent
- scsi: target: fix PR IN / READ FULL STATUS for FC
- objtool: Fix CONFIG_UBSAN_TRAP unreachable warnings
- objtool: Support Clang non-section symbols in ORC dump
- xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status
- ext4: convert BUG_ON's to WARN_ON's in mballoc.c
- hwmon: (jc42) Fix name to have no illegal characters
- ext4: check for non-zero journal inum in ext4_calculate_overhead
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.222
- ext4: fix special inode number checks in __ext4_iget()
- drm/edid: Fix off-by-one in DispID DTD pixel clock
- drm/qxl: qxl_release leak in qxl_draw_dirty_fb()
- drm/qxl: qxl_release leak in qxl_hw_surface_alloc()
- btrfs: fix block group leak when removing fails
- ALSA: hda/hdmi: fix without unlocked before return
- ALSA: pcm: oss: Place the plugin buffer overflow checks correctly
- PM: ACPI: Output correct message on target power state
- PM: hibernate: Freeze kernel threads in software_resume()
- dm verity fec: fix hash block number in verity_fec_decode
- RDMA/mlx4: Initialize ib_spec on the stack
- vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn()
- [x86] iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system
- [i386] ALSA: opti9xx: shut up gcc-10 range warning
- nfs: Fix potential posix_acl refcnt leak in nfs3_set_acl
- dmaengine: dmatest: Fix iteration non-stop logic
- drm/qxl: qxl_release use after free
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.223
- vhost: vsock: kick send_pkt worker once device is started
- [ppc64el] pci/of: Parse unassigned resources
- [armhf] ASoC: sgtl5000: Fix VAG power-on handling
- wimax/i2400m: Fix potential urb refcnt leak
- [armhf,arm64] net: stmmac: Fix sub-second increment
- cifs: protect updating server->dstaddr with a spinlock
- scripts/config: allow colons in option strings for sed
- [armhf] net: dsa: b53: Rework ARL bin logic
- lib/mpi: Fix building for powerpc with clang
- xprtrdma: Fix backchannel allocation of extra rpcrdma_reps
- [mips*] perf: Remove incorrect odd/even counter handling for I6400
- sctp: Fix SHUTDOWN CTSN Ack in the peer restart case
- [x86] ALSA: hda: Match both PCI ID and SSID for driver blacklist
- mac80211: add ieee80211_is_any_nullfunc()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.224
- USB: serial: qcserial: Add DW5816e support
- dp83640: reverse arguments to list_add_tail
- fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks
- net: macsec: preserve ingress frame ordering
- net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc()
- net: usb: qmi_wwan: add support for DW5816e
- sch_choke: avoid potential panic in choke_reset()
- sch_sfq: validate silly quantum values
- bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features().
- net/mlx5: Fix forced completion access non initialized command entry
- net/mlx5: Fix command entry leak in Internal Error State
- bnxt_en: Improve AER slot reset.
- [x86] Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6"
- binfmt_elf: move brk out of mmap when doing direct loader exec
- USB: uas: add quirk for LaCie 2Big Quadra
- USB: serial: garmin_gps: add sanity checking for data length
- tracing: Add a vmalloc_sync_mappings() for safe measure
- mm/page_alloc: fix watchdog soft lockups during set_zone_contiguous()
- batman-adv: fix batadv_nc_random_weight_tq
- batman-adv: Fix refcnt leak in batadv_show_throughput_override
- batman-adv: Fix refcnt leak in batadv_store_throughput_override
- batman-adv: Fix refcnt leak in batadv_v_ogm_process
- objtool: Fix stack offset tracking for indirect CFAs
- binfmt_elf: Do not move brk for INTERP-less ET_EXEC
- net: ipv6: add net argument to ip6_dst_lookup_flow
- net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
(CVE-2020-1749)
- ptp: do not explicitly set drvdata in ptp_clock_register()
- ptp: use is_visible method to hide unused attributes
- ptp: create "pins" together with the rest of attributes
- chardev: add helper function to register char devs with a struct device
- ptp: Fix pass zero to ERR_PTR() in ptp_clock_register
- ptp: fix the race between the release of ptp_clock and cdev
(CVE-2020-10690)
- ptp: free ptp device pin descriptors properly
- shmem: fix possible deadlocks on shmlock_user_lock
- drop_monitor: work around gcc-10 stringop-overflow warning
- spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls
(CVE-2020-12769)
- cifs: Check for timeout on Negotiate stage
- cifs: Fix a race condition with cifs_echo_request
- [x86] dmaengine: pch_dma.c: Avoid data race between probe and irq handler
- ALSA: hda/hdmi: fix race in monitor detection during probe
- drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper()
- ipc/util.c: sysvipc_find_ipc() incorrectly updates position index
- [x86] pinctrl: cherryview: Add missing spinlock usage in
chv_gpio_irq_handler
- i40iw: Fix error handling in i40iw_manage_arp_cache()
- netfilter: conntrack: avoid gcc-10 zero-length-bounds warning
- IB/mlx4: Test return value of calls to ib_get_cached_pkey
- pnp: Use list_for_each_entry() instead of open coding
- gcc-10 warnings: fix low-hanging fruit
- Stop the ad-hoc games with -Wno-maybe-initialized
- net: phy: micrel: Use strlcpy() for ethtool::get_strings
- net: fix a potential recursive NETDEV_FEAT_CHANGE
- Revert "ipv6: add mtu lock check in __ip6_rt_update_pmtu"
- net: ipv4: really enforce backoff for redirects
- netprio_cgroup: Fix unlimited memory leak of v2 cgroups
- [x86] ALSA: hda/realtek - Limit int mic boost for Thinkpad T530
- ALSA: rawmidi: Initialize allocated buffers
- ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
- ALSA: usb-audio: Add control message quirk delay for Kingston HyperX
headset
- usb: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg
list
- exec: Move would_dump into flush_old_exec
- usb: gadget: net2272: Fix a memory leak in an error handling path in
'net2272_plat_probe()'
- usb: gadget: audio: Fix a missing error return value in audio_bind()
- usb: gadget: legacy: fix error return code in gncm_bind()
- usb: gadget: legacy: fix error return code in cdc_bind()
- [x86] KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
- Makefile: disallow data races on gcc-10 as well
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.225
- igb: use igb_adapter->io_addr instead of e1000_hw->hw_addr
- padata: Remove unused but set variables
- padata: get_next is never NULL
- padata: ensure the reorder timer callback runs on the correct CPU
- padata: ensure padata_do_serial() runs on the correct CPU
- ima: Fix return value of ima_write_policy()
- vfs: fix multiplication overflow in copy_fdtable()
- [x86] iommu/amd: Fix over-read of ACPI UID from IVRS table
- HID: multitouch: add eGalaxTouch P80H84 support
- configfs: fix config_item refcnt leak in configfs_rmdir()
- component: Silence bind error on -EPROBE_DEFER
- gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp()
- ceph: fix double unlock in handle_cap_export()
- USB: core: Fix misleading driver bug report
- [x86] platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA
- [armel,armhf] futex: Address build warning
- i2c: dev: Fix the race between the release of i2c_dev and cdev
- padata: set cpu_index of unused CPUs to -1
- padata: Replace delayed timer with immediate workqueue in padata_reorder
- padata: initialize pd->cpu with effective cpumask
- padata: purge get_cpu and reorder_via_wq from padata_do_serial
- [arm64] fix the flush_icache_range arguments in machine_kexec
- watchdog: Fix the race between the release of watchdog_core_data and cdev
- net: l2tp: export debug flags to UAPI
- net: l2tp: deprecate PPPOL2TP_MSG_* in favour of L2TP_MSG_*
- net: l2tp: ppp: change PPPOL2TP_MSG_* => L2TP_MSG_*
- net: New kernel function to get IP overhead on a socket.
- L2TP:Adjust intf MTU, add underlay L3, L2 hdrs.
- l2tp: remove useless duplicate session detection in l2tp_netlink
- l2tp: remove l2tp_session_find()
- l2tp: define parameters of l2tp_session_get*() as "const"
- l2tp: define parameters of l2tp_tunnel_find*() as "const"
- l2tp: initialise session's refcount before making it reachable
- l2tp: hold tunnel while looking up sessions in l2tp_netlink
- l2tp: hold tunnel while processing genl delete command
- l2tp: hold tunnel while handling genl tunnel updates
- l2tp: hold tunnel while handling genl TUNNEL_GET commands
- l2tp: hold tunnel used while creating sessions with netlink
- l2tp: prevent creation of sessions on terminated tunnels
- l2tp: pass tunnel pointer to ->session_create() (CVE-2018-9517)
- l2tp: fix l2tp_eth module loading
- l2tp: don't register sessions in l2tp_session_create()
- l2tp: initialise l2tp_eth sessions before registering them
- l2tp: protect sock pointer of struct pppol2tp_session with RCU
- l2tp: initialise PPP sessions before registering them
- ALSA: pcm: fix incorrect hw_base increase
- [arm64] dmaengine: tegra210-adma: Fix an error handling path in
'tegra_adma_probe()'
- l2tp: device MTU setup, tunnel socket needs a lock
- [x86] platform/x86: alienware-wmi: fix kfree on potentially uninitialized
pointer
- libnvdimm/btt: Remove unnecessary code in btt_freelist_init
- cxgb4: free mac_hlist properly
- cxgb4/cxgb4vf: Fix mac_hlist initialization and free
- [x86] mei: release me_cl object reference
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.226
- ax25: fix setsockopt(SO_BINDTODEVICE)
- net: ipip: fix wrong address family in init error path
- net: revert "net: get rid of an signed integer overflow in
ip_idents_reserve()"
- net sched: fix reporting the first-time use timestamp
- sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and
socket is closed
- net/mlx5e: Update netdev txq on completions during closure
- net/mlx5: Add command entry handling completion
- net: sun: fix missing release regions in cas_init_one().
- net/mlx4_core: fix a memory leak bug.
- uapi: fix linux/if_pppol2tp.h userspace compilation errors
- IB/cma: Fix reference count leak when no ipv4 addresses are set
- [armhf,arm64] gpio: tegra: mask GPIO IRQs during IRQ shutdown
- gfs2: move privileged user check to gfs2_quota_lock_check
- cachefiles: Fix race between read_waiter and read_copier
involving op->to_do
- usb: gadget: legacy: fix redundant initialization warnings
- cifs: Fix null pointer check in cifs_read
- Input: usbtouchscreen - add support for BonXeon TP
- Input: evdev - call input_flush_device() on release(), not flush()
- Input: xpad - add custom init packet for Xbox One S controllers
- [x86] Input: i8042 - add ThinkPad S230u to i8042 reset list
- Input: synaptics-rmi4 - fix error return code in rmi_driver_probe()
- IB/qib: Call kobject_put() when kobject_init_and_add() fails
- [armhf] dts: imx: Correct B850v3 clock assignment
- [armhf] dts: imx6q-bx50v3: Add internal switch
- [armhf] dts/imx6q-bx50v3: Set display interface clock parents
- ALSA: hwdep: fix a left shifting 1 by 31 UB bug
- ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC
- exec: Always set cap_ambient in cap_bprm_set_creds
- libceph: ignore pool overlay and cache logic on redirects
- mm: remove VM_BUG_ON(PageSlab()) from page_mapcount()
- iommu: Fix reference count leak in iommu_group_alloc.
- mac80211: mesh: fix discovery timer re-arming issue / crash
- [x86] dma: Fix max PFN arithmetic overflow on 32 bit systems
- xfrm: allow to accept packets with ipv6 NEXTHDR_HOP in xfrm_input
- xfrm: fix a warning in xfrm_policy_insert_list
- xfrm: fix a NULL-ptr deref in xfrm_local_error
- vti4: eliminated some duplicate code.
- ip_vti: receive ipip packet by calling ip_tunnel_rcv
- netfilter: nft_reject_bridge: enable reject with bridge vlan
- netfilter: ipset: Fix subcounter update skip
- netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code
- qlcnic: fix missing release in qlcnic_83xx_interrupt_test.
- bonding: Fix reference count leak in bond_sysfs_slave_add.
- netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build
- genirq/generic_pending: Do not lose pending affinity update
- net: rtnl_configure_link: fix dev flags changes arg to __dev_notify_flags
- mm/vmalloc.c: don't dereference possible NULL pointer in __vunmap()
- [arm64] net: hns: Fixes the missing put_device in positive leg for roce
reset
- [s390x] scsi: zfcp: fix request object use-after-free in send path
causing wrong traces
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.227
- scsi: scsi_devinfo: fixup string compare
- usb: gadget: f_uac2: fix error handling in afunc_bind (again)
- esp6: fix memleak on error path in esp6_input
- [s390x] ftrace: save traced function caller
- [x86] mmiotrace: Use cpumask_available() for cpumask_var_t variables
- [armhf,arm64] net: ethernet: stmmac: Enable interface clocks on probe for
IPQ806x
- [armhf,arm64] net: smsc911x: Fix runtime PM imbalance on error
- pppoe: only process PADT targeted at local interfaces
- HID: i2c-hid: add Schneider SCL142ALM to descriptor override
- p54usb: add AirVasT USB stick device-id
- mmc: fix compilation of user API
- scsi: ufs: Release clock if DMA map fails
- airo: Fix read overflows sending packets
- devinet: fix memleak in inetdev_init()
- l2tp: do not use inet_hash()/inet_unhash()
- net: usb: qmi_wwan: add Telit LE910C1-EUX composition
- vsock: fix timeout in vsock_accept()
- l2tp: add sk_family checks to l2tp_validate_socket
- USB: serial: qcserial: add DW5816e QDL support
- USB: serial: usb_wwan: do not resubmit rx urb on fatal errors
- USB: serial: option: add Telit LE910C1-EUX compositions
- [armhf] usb: musb: Fix runtime PM imbalance on error
- vt: keyboard: avoid signed integer overflow in k_ascii (CVE-2020-13974)
- tty: hvc_console, fix crashes on parallel open/close
- staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK
- [arm64] nvmem: qfprom: remove incorrect write support
- uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly
aligned
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.228
- ipv6: fix IPV6_ADDRFORM operation logic
- vxlan: Avoid infinite loop when suppressing NS messages with invalid
options
- scsi: return correct blkprep status code in case scsi_init_io() fails.
- crypto: talitos - fix ECB and CBC algs ivsize
- [armel,armhf] 8977/1: ptrace: Fix mask for thumb breakpoint hook
- sched/fair: Don't NUMA balance for kthreads
- ath9k_htc: Silence undersized packet warnings
- [amd64] Fix jiffies ODR violation
- [x86] PCI: Mark Intel C620 MROMs as having non-compliant BARs
- [x86] speculation: Prevent rogue cross-process SSBD shutdown
(CVE-2020-10766)
- [x86] reboot/quirks: Add MacBook6,1 reboot quirk
- efi/efivars: Add missing kobject_put() in sysfs entry creation error path
- [i386] ALSA: es1688: Add the missed snd_card_free()
- ALSA: usb-audio: Fix inconsistent card PM state after resume
- ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile()
- ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe()
- ACPI: GED: add support for _Exx / _Lxx handler methods
- ACPI: PM: Avoid using power resources if there are none for D0
- cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages
- nilfs2: fix null pointer dereference at nilfs_segctor_do_construct()
- [armhf,arm64] spi: bcm2835aux: Fix controller unregister order
- ALSA: pcm: disallow linking stream to itself
- [x86] speculation: Change misspelled STIPB to STIBP
- [x86] speculation: Add support for STIBP always-on preferred mode
- [x86] speculation: Avoid force-disabling IBPB based on STIBP and enhanced
IBRS. (CVE-2020-10767 )
- [x86] speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect
branches. (CVE-2020-10768)
- spi: No need to assign dummy value in spi_unregister_controller()
- spi: Fix controller unregister order
- [armhf,arm64] spi: bcm2835: Fix controller unregister order
- ovl: initialize error in ovl_copy_xattr
- proc: Use new_inode not new_inode_pseudo
- [x86] KVM: nSVM: leave ASID aside in copy_vmcb_control_area
- [x86] KVM: nVMX: Consult only the "basic" exit reason when routing nested
exit
- ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx
- ath9k: Fix use-after-free Write in ath9k_htc_rx_msg
- ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb
- ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
- mm/slub: fix a memory leak in sysfs_slab_add()
- fat: don't allow to mount if the FAT length == 0
- perf: Add cond_resched() to task_function_call()
- [x86] agp/intel: Reinforce the barrier after GTT updates
- media: dvb_frontend: ensure that inital front end status initialized
- ACPI: GED: use correct trigger type field in _Exx / _Lxx handling
- objtool: Ignore empty alternatives
- net: ena: fix error returning in ena_com_get_hash_function()
- Bluetooth: Add SCO fallback for invalid LMP parameters error
- [armhf] clocksource: dw_apb_timer_of: Fix missing clockevent timers
- btrfs: do not ignore error from btrfs_next_leaf() when inserting
checksums
- [armel,armhf] 8978/1: mm: make act_mm() respect THREAD_SIZE
- [x86] kvm/hyper-v: Explicitly align hcall param for kvm_hyperv_exit
- [x86] net: vmxnet3: fix possible buffer overflow caused by bad DMA value
in vmxnet3_get_rss()
- dt-bindings: display: mediatek: control dpi pins mode to avoid leakage
- media: dvb: return -EREMOTEIO on i2c transfer failure.
- [mips*] Make sparse_init() using top-down allocation
- netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported
- exit: Move preemption fixup up, move blocking operations down
- [armhf] net: allwinner: Fix use correct return type for ndo_start_xmit()
- [mips*] cm: Fix an invalid error code of INTVN_*_ERR
- md: don't flush workqueue unconditionally in md_open
- rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup()
- mwifiex: Fix memory corruption in dump_station
- [mips*] Add udelay lpj numbers adjustment
- [x86] mm: Stop printing BRK addresses
- macvlan: Skip loopback packets in RX handler
- PCI: Don't disable decoding when mmio_always_on is set
- [mips*] Fix IRQ tracing when call handle_fpe() and handle_msa_fpe()
- ixgbe: fix signed-integer-overflow warning
- [armhf] mmc: sdhci-esdhc-imx: fix the mask for tuning start point
- cpuidle: Fix three reference count leaks
- btrfs: send: emit file capabilities after chown
- mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked()
- ima: Fix ima digest hash table key calculation
- ima: Directly assign the ima_default_policy pointer to ima_rules
- ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max
- ext4: fix race between ext4_sync_parent() and rename()
- btrfs: fix error handling when submitting direct I/O bio
- blk-mq: move blk_mq_update_nr_hw_queues synchronize_rcu call
- PCI: Program MPS for RCiEP devices
- e1000e: Relax condition to trigger reset for ME workaround
- carl9170: remove P2P_GO support
- media: go7007: fix a miss of snd_card_free
- b43legacy: Fix case where channel status is corrupted
- b43: Fix connection problem with WPA3
- b43_legacy: Fix connection problem with WPA3
- igb: Report speed and duplex as unknown when device is runtime suspended
- [arm64] power: vexpress: add suppress_bind_attrs to true
- [armhf] pinctrl: samsung: Save/restore eint_mask over suspend for
EINT_TYPE GPIOs
- kernel/cpu_pm: Fix uninitted local in cpu_pm
- [armhf] tegra: Correct PL310 Auxiliary Control Register initialization
- kbuild: force to build vmlinux if CONFIG_MODVERSION=y
- sunrpc: svcauth_gss_register_pseudoflavor must reject duplicate
registrations.
- sunrpc: clean up properly in gss_mech_unregister()
- [armhf] w1: omap-hdq: cleanup to add missing newline for some dev_dbg
- perf probe: Do not show the skipped events
- perf symbols: Fix debuginfo search for Ubuntu
.
[ Ben Hutchings ]
* debian/README.source: Refer to upload checklist in kernel-team.git
* Bump ABI to 13
* [rt] Update to 4.9.228-rt147:
- Drop "x86/ioapic: Do not unmask io_apic when interrupt is in progress"
- Revert "genirq: Fix reference leaks on irq affinity notifiers"
* scsi: scsi_devinfo: handle non-terminated strings (regression in 4.9.227)
linux (4.9.210-1+deb9u1) stretch-security; urgency=high
.
[ Salvatore Bonaccorso ]
* selinux: properly handle multiple messages in selinux_netlink_send()
(CVE-2020-10751)
* fs/namespace.c: fix mountpoint reference counter race (CVE-2020-12114)
* USB: core: Fix free-while-in-use bug in the USB S-Glibrary
(CVE-2020-12464)
* scsi: sg: add sg_remove_request in sg_common_write
* scsi: sg: add sg_remove_request in sg_write (CVE-2020-12770)
* USB: gadget: fix illegal array access in binding with UDC (CVE-2020-13143)
* netlabel: cope with NULL catmap (CVE-2020-10711)
* fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
(CVE-2020-10732)
* kernel/relay.c: handle alloc_percpu returning NULL in relay_open
(CVE-2019-19462)
* mm: Fix mremap not considering huge pmd devmap (CVE-2020-10757)
.
[ Ben Hutchings ]
* [arm64] Enforce BBM for huge IO/VMAP mappings (CVE-2019-2182):
- arm64: mm: BUG on unsupported manipulations of live kernel mappings
- arm64: don't open code page table entry creation
- arm64: mm: Change page table pointer name in p[md]_set_huge()
- arm64: Enforce BBM for huge IO/VMAP mappings
- arm64: Make sure permission updates happen for pmd/pud
* cfg80211/mac80211: make ieee80211_send_layer2_update a public function
* mac80211: Do not send Layer 2 Update frame before authorization
(CVE-2019-5108)
* ext4: Fix various bugs:
- ext4: Make checks for metadata_csum feature safer
- ext4: avoid declaring fs inconsistent due to invalid file handles
- ext4: protect journal inode's blocks using block_validity
(CVE-2019-19319)
- ext4: unsigned int compared against zero
- ext4: fix block validity checks for journal inodes using indirect blocks
- ext4: don't perform block validity checks on the journal inode
- ext4: add cond_resched() to ext4_protect_reserved_inode (CVE-2020-8992)
* blktrace: Fix various locking issues:
- blktrace: Fix potential deadlock between delete & sysfs ops
- blktrace: fix unlocked access to init/start-stop/teardown
- blktrace: fix trace mutex deadlock
- blktrace: Protect q->blk_trace with RCU (CVE-2019-19768)
- blktrace: fix dereference after null check
* media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame
(CVE-2019-20806)
* [x86] KVM: nVMX: Fix incorrect instruction emulation (CVE-2020-2732):
- KVM: x86: emulate RDPID
- KVM: nVMX: Don't emulate instructions in guest mode
- KVM: nVMX: Refactor IO bitmap checks into helper function
- KVM: nVMX: Check IO instruction VM-exit conditions
* vfs: do_last(): fetch directory ->i_mode and ->i_uid before it's too late
(CVE-2020-8428)
* vfs: fix do_last() regression
* vgacon: Fix a UAF in vgacon_invert_region (CVE-2020-8647, CVE-2020-8649)
* locking/atomic, kref: Add kref_read()
* vt: Fix various bugs:
- vt: selection, handle pending signals in paste_selection
- VT_RESIZEX: get rid of field-by-field copyin
- vt: vt_ioctl: fix race in VT_RESIZEX
- vt: selection, close sel_buffer race (CVE-2020-8648)
- vt: selection, push console lock down
- vt: selection, push sel_lock up
- vt: selection, introduce vc_is_sel
- vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines
- vt: switch vt_dont_switch to bool
- vt: vt_ioctl: remove unnecessary console allocation checks
- vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual
- vt: vt_ioctl: fix use-after-free in vt_in_use()
* floppy: check FDC index for errors before assigning it (CVE-2020-9383)
* vhost: Check docket sk_family instead of call getname (CVE-2020-10942)
* slip, slcan: Fix various bugs:
- can, slip: Protect tty->disc_data in write_wakeup and close
- slcan: not call free_netdev before rtnl_unlock in slcan_open
- slcan: Fix double-free on slcan_open() error path
- slcan: Don't transmit uninitialized stack data in padding
(CVE-2020-11494)
- slip: stop double free sl->dev in slip_open
- slip: not call free_netdev before rtnl_unlock in slip_open
- slip: make slhc_compress() more robust against malicious
* mm: mempolicy: require at least one nodeid for MPOL_PREFERRED
(CVE-2020-11565)
* media: usb: Fix several descriptor checks:
- media: ov519: add missing endpoint sanity checks (CVE-2020-11608)
- media: stv06xx: add missing descriptor sanity checks (CVE-2020-11609)
- media: xirlink_cit: add missing descriptor sanity checks (CVE-2020-11668)
* scsi: mptfusion: Fix double fetch bug in ioctl (CVE-2020-12652)
* mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv()
(CVE-2020-12653)
* mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()
(CVE-2020-12654)
* macvlan: use skb_reset_mac_header() in macvlan_queue_xmit()
(Closes: #952660)
* block: Avoid ABI change for blktrace locking
* net-sysfs: Fix reference counting bugs:
- net: don't decrement kobj reference count on init failure
- net-sysfs: call dev_hold if kobject_init_and_add success
(CVE-2019-20811)
- net-sysfs: Fix reference count leak in rx|netdev_queue_add_kobject
- net-sysfs: fix netdev_queue_add_kobject() breakage
- net-sysfs: Call dev_hold always in netdev_queue_add_kobject
- net-sysfs: Call dev_hold always in rx_queue_add_kobject
* propagate_one(): mnt_set_mountpoint() needs mount_lock
* [x86] Add support for mitigation of Special Register Buffer Data Sampling
(SRBDS) (CVE-2020-0543):
- x86/cpu: Add 'table' argument to cpu_matches()
- x86/speculation: Add Special Register Buffer Data Sampling (SRBDS)
mitigation
- x86/speculation: Add SRBDS vulnerability and mitigation documentation
- x86/speculation: Add Ivy Bridge to affected list
* [x86] speculation: Do not match steppings, to avoid an ABI change
* random: always use batched entropy for get_random_u{32,64}
* [rt] Refresh "random: avoid preempt_disable()ed section"
linux-latest (80+deb9u11) stretch; urgency=medium
.
* Update to 4.9.0-13
mailman (1:2.1.23-1+deb9u5) stretch-security; urgency=high
.
* Upload to strech for security issue.
* Fix stored cross site scripting in attachment extensions.
mariadb-10.1 (10.1.45-0+deb9u1) stretch; urgency=high
.
* SECURITY UPDATE: New upstream version 10.1.45. Includes fixes for the
following security vulnerabilities:
- CVE-2020-2752
- CVE-2020-2812
- CVE-2020-2814
megatools (1.9.98-1+deb9u1) stretch; urgency=medium
.
* debian/patches/support-new-links.patch:
- Add support for the new format of mega.nz links.
mod-gnutls (0.8.2-3+deb9u2) stretch; urgency=medium
.
* Non-maintainer upload.
* Backported patches to fix test failures with the
apache CVE-2019-10092 fix. (Closes: #950300)
mod-gnutls (0.8.2-3+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Avoid deprecated ciphersuites in test suite (Closes: #907008)
mutt (1.7.2-1+deb9u3) stretch-security; urgency=high
.
* debian/patches:
+ added security/CVE-not-yet-released.patch to fix a possible MITM
response injection attack when using STARTTLS with IMAP, POP3 and SMTP.
mutt (1.7.2-1+deb9u2) stretch-security; urgency=high
.
* debian/patches:
+ added security/CVE-2020-14093.patch to fix the relevant CVE related to
IMAP MITM attack via a PREAUTH response
mysql-connector-java (5.1.49-0+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the LTS Team.
* New upstream release version 5.1.49 which fixes CVE-2020-2875,
CVE-2020-2933, CVE-2020-2934.
* Refresh patches.
* Lock debian/watch to 5.x branch.
mysql-connector-java (5.1.45-1) unstable; urgency=medium
.
* Team upload.
* New upstream release
- Refreshed the patches
* Standards-Version updated to 4.1.3
* Switch to debhelper level 11
* Use a secure URL in debian/watch
mysql-connector-java (5.1.44-1) unstable; urgency=medium
.
* Team upload.
* New upstream release
- Refreshed the patches
* Standards-Version updated to 4.1.1
neon27 (0.30.2-2+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Run OpenSSL checks but don't fail on them,
to workaround build failures due to OpenSSL changes.
netqmail (1.06-6.2~deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Rebuild for stretch-security
.
netqmail (1.06-6.2) unstable; urgency=high
.
* Address CVE-2005-1513, CVE-2005-1514, CVE-2005-1515, CVE-2020-3811 and
CVE-2020-3812 (Closes: #961060)
.
netqmail (1.06-6.1) unstable; urgency=medium
.
* Non-maintainer upload.
* [fdc8794a] Setup Gitlab continous integration
* [73e52807] Fix quotation in postinst (Closes: #866038)
* [2fc47776] Make package piupart-clean (Closes: #672155)
netqmail (1.06-6.1) unstable; urgency=medium
.
* Non-maintainer upload.
* [fdc8794a] Setup Gitlab continous integration
* [73e52807] Fix quotation in postinst (Closes: #866038)
* [2fc47776] Make package piupart-clean (Closes: #672155)
network-manager-ssh (1.2.1-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Privilege escalation because extra options are mishandled (CVE-2020-9355)
nfs-utils (1:1.3.4-2.1+deb9u1) stretch; urgency=medium
.
* statd: take user-id from /var/lib/nfs/sm (CVE-2019-3689) (Closes: #940848)
* Don't make /var/lib/nfs owned by statd.
Only sm and sm.bak need to be accessible by statd or sm-notify after
they drop privileges.
* debian/control: Point Vcs URLs to kernel-team namespace repository
nginx (1.10.3-1+deb9u4) stretch; urgency=medium
.
* Handle CVE-2019-20372, error page request smuggling
(Closes: #948579)
node-url-parse (1.0.5-2+deb9u1) stretch; urgency=medium
.
* Add patch to sanitize paths and hosts before parsing (Closes: #906058,
CVE-2018-3774)
* Enable upstream test. This embeds some little modules for test only:
ansi-codes, assume, failing-code, failing-line, fn.name, format-text,
is-node, left-pad, pathval, prettify-error and style-format
nvidia-graphics-drivers (390.138-1) stretch; urgency=medium
.
* New upstream legacy branch release 390.138 (2020-06-24).
* Fixed CVE-2020-5963, CVE-2020-5967. (Closes: #963766)
https://nvidia.custhelp.com/app/answers/detail/a_id/5031
- Fixed a driver installation failure on Linux kernel 5.6 release
candidates, where the NVIDIA kernel module failed to build with error
"implicit declaration of function 'timespec_to_ns'".
- Fixed a driver installation failure on Linux kernel 5.6 release
candidates, where the NVIDIA kernel module failed to build with error
"implicit declaration of function 'getrawmonotonic'".
- Fixed a driver installation failure on Linux kernel 5.6 release
candidates, where the NVIDIA kernel module failed to build with error
"implicit declaration of function 'getnstimeofday'".
- Fixed a driver installation failure on Linux kernel 5.6 release
candidates, where the NVIDIA kernel module failed to build with error
"dereferencing pointer to incomplete type 'struct timeval'".
- Fixed a driver installation failure on Linux kernel 5.6 release
candidates, where the NVIDIA kernel module failed to build with error
"implicit declaration of function 'jiffies_to_timespec'".
- Fixed driver installation failure on Linux kernel 5.6 release candidates,
where the NVIDIA kernel module failed to build with error "passing
argument 4 of 'proc_create_data' from incompatible pointer type".
- Fixed driver installation failure on Linux kernel 5.6 release candidates,
where the NVIDIA kernel module failed to build with error "implicit
declaration of function 'ioremap_nocache'". (Closes: #956458)
- Fixed driver installation failure on Oracle Linux 7.7 systems, where the
NVIDIA kernel module failed to build with error "unknown type name
'vm_fault_t'".
- Add PRIME Synchronization support for Linux kernel 5.4 and newer.
.
[ Andreas Beckmann ]
* Fix #includes in conftest.sh to fix kernel module build for Linux 5.7,
thanks to Jiri Palecek. (Closes: #960735)
* Refresh patches.
* Update lintian overrides.
nvidia-graphics-drivers (390.132-1) stretch; urgency=medium
.
* New upstream legacy branch release 390.132 (2019-11-08).
- Fixed kernel module build problems with Linux kernel 5.4.0 release
candidates.
- Updated nvidia-bug-report.sh to collect information about X server crashes
from coredumpctl, when available.
.
[ Andreas Beckmann ]
* Refresh patches.
* debian/gen-control.pl: Support substitutions in the Architecture field and
skip packages with empty or commented Architecture field (430.50-2).
* Create and commit tarball symlinks for legacy branches (430.64-1).
* Allow alternative libnvidia-{tesla,legacy-*}-ml1 packages to substitute
libnvidia-ml1 (430.64-2).
- Add Provides: libnvidia-ml.so.1 (= ${nvidia:Version}).
- Generate alternative versioned dependency on libnvidia-ml.so.1 through
the symbols file.
* Allow alternative libnvidia-{tesla,legacy-*}-cuda1 packages to substitute
libcuda1 in third-party packages (430.64-3).
- Add Provides: libcuda.so.1 (= ${nvidia:Version}).
- Generate alternative versioned dependency on libcuda.so.1 through the
symbols file.
* Use substitution to keep Standards-Version in sync (430.64-5).
* Insert '-' between suffix ending with digit and SOVERSION (435.21-3).
* Rename "legacy" variables to more generic "variant" (440.44-2).
* bug-control: Report information about more (virtual) packages (440.64-2).
* Bump Standards-Version to 4.5.0. No changes needed.
* Update lintian overrides.
* *.symbols: List libraries from src:libglvnd (not in stretch) as second
(instead of preferred) alternative dependencies.
* Upload to stretch.
.
[ Luca Boccassi ]
* Import drmP.patch from Fedora to fix kernel module build failure for
Linux 5.5 and newer. (Closes: #951091)
openjdk-8 (8u252-b09-1~deb9u1) stretch-security; urgency=medium
.
* Rebuild for stretch-security
openjdk-8 (8u252-b07-1) unstable; urgency=medium
.
* Update to 8u252-b07 (early access build).
* Update ARM32 and AArch64 hotspot to 8u252-b06.
* Build using GCC 9 in recent releases.
openjdk-8 (8u242-b08-1) unstable; urgency=medium
.
* Team upload.
* Merge changes from 8u242-b08-0ubuntu3 back into Debian
* Fix nocheck profile (no profile support) for wheezy
* Version !nocheck default-jre-headless build dependency
to ensure at least Java 8 there as well; avoids needing to
install two JREs when building in pre-{stretch,xenial}
* Update aarch64 to GA jdk8u242-b08, aarch32 to jdk8u242-ga
* Bump Policy
.
openjdk-8 (8u242-b08-0ubuntu3) focal; urgency=medium
.
* Sync packages with 8u242-b08:
* OpenJDK 8u242-b08 build (release).
- S8226352, CVE-2020-2590: Improve Kerberos interop capabilities
- S8228548, CVE-2020-2593: Normalize normalization for all
- S8224909, CVE-2020-2583: Unlink Set of LinkedHashSets
- S8229951, CVE-2020-2601: Better Ticket Granting Services
- S8231422, CVE-2020-2604: Better serial filter handling
- S8231795, CVE-2020-2659: Enhance datagram socket support
- S8234037, CVE-2020-2654: Improve Object Identifier Processing
- S8037550: Update RFC references in javadoc to RFC 5280
- S8039438: Some tests depend on internal API sun.misc.IOUtils
- S8044500: Add kinit options and krb5.conf flags that allow users
to obtain renewable tickets and specify ticket lifetimes
- S8058290: JAAS Krb5LoginModule has suspect ticket-renewal logic,
relies on clockskew grace
- S8080835: Add blocking bulk read to sun.misc.IOUtils
- S8138978: Examine usages of sun.misc.IOUtils
- S8139206: Add InputStream readNBytes(int len)
- S8183591: Incorrect behavior when reading DER value with
Integer.MAX_VALUE length
- S8186576: KerberosTicket does not properly handle renewable
tickets at the end of their lifetime
- S8186831: Kerberos ignores PA-DATA with a non-null s2kparams
- S8186884: Test native KDC, Java krb5 lib, and native krb5 lib in
one test
- S8193832: Performance of InputStream.readAllBytes() could be improved
- S8196956: (ch) More channels cleanup
- S8201627: Kerberos sequence number issues
- S8215032: Support Kerberos cross-realm referrals (RFC 6806)
- S8225261: Better method resolutions
- S8225279: Better XRender interpolation
- S8226719: Kerberos login to Windows 2000 failed with "Inappropriate
type of checksum in message"
- S8227061: KDC.java test behaves incorrectly when AS-REQ contains a
PAData not PA-ENC-TS-ENC
- S8227381: GSS login fails with PREAUTH_FAILED
- S8227437: S4U2proxy cannot continue because server's TGT cannot be found
- S8227758: More valid PKIX processing
- S8227816: More Colorful ICC profiles
- S8230279: Improve Pack200 file reading
- S8230318: Better trust store usage
- S8230967: Improve Registry support of clients
- S8231129: More glyph images
- S8231139: Improved keystore support
- S8232381: add result NULL-checking to freetypeScaler.c
- S8232419: Improve Registry registration
- S8233944: Make KerberosPrincipal.KRB_NT_ENTERPRISE field package private
- S8235909: File.exists throws AccessControlException for invalid
paths when a SecurityManager is installed
- S8236983: [TESTBUG] Remove pointless catch block in
test/jdk/sun/security/util/DerValue/BadValue.java
- S8236984: Add compatibility wrapper for IOUtils.readFully
* Use the hotspot arch list to select between hotspot and zero as
the default VM for autopkgtests. This fixes s390x (zero based)
autopkgtest support.
openjdk-8 (8u242-b08-1~deb9u1) stretch-security; urgency=medium
.
* Rebuild for stretch-security
openjdk-8 (8u242-b04-1) unstable; urgency=medium
.
* Update to 8u242-b04 (early access build).
openjdk-8 (8u232-b09-1) unstable; urgency=high
.
* Update to 8u222-b09 (release build).
* Security fixes:
- S8167646: Better invalid FilePermission.
- S8213429, CVE-2019-2933: Windows file handling redux.
- S8218573, CVE-2019-2945: Better socket support.
- S8218877: Help transform transformers.
- S8220186: Improve use of font temporary files.
- S8220302, CVE-2019-2949: Better Kerberos ccache handling.
- S8221497: Optional Panes in Swing.
- S8221858, CVE-2019-2958: Build Better Processes.
- S8222684, CVE-2019-2964: Better support for patterns.
- S8222690, CVE-2019-2962: Better Glyph Images.
- S8223163: Better pattern recognition.
- S8223505, CVE-2019-2973: Better pattern compilation.
- S8223518, CVE-2019-2975: Unexpected exception in jjs.
- S8223892, CVE-2019-2978: Improved handling of jar files.
- S8224025: Fix for JDK-8220302 is not complete.
- S8224532, CVE-2019-2981: Better Path supports.
- S8224915, CVE-2019-2983: Better serial attributes.
- S8225286, CVE-2019-2987: Better rendering of native glyphs.
- S8225292, CVE-2019-2988: Better Graphics2D drawing.
- S8225298, CVE-2019-2989: Improve TLS connection support.
- S8225597, CVE-2019-2992: Enhance font glyph mapping.
- S8226765, CVE-2019-2999: Commentary on Javadoc comments.
- S8227129: Better ligature for subtables.
- S8227601: Better collection of references.
- S8228825, CVE-2019-2894: Enhance ECDSA operations.
openjfx (8u141-b14-3~deb9u1) stretch-security; urgency=high
.
* Rebuild for stretch-security
openjfx (8u141-b14-2) unstable; urgency=medium
.
* Team upload.
* Reverted the patch disabling the sampling profiler to its initial state
openjfx (8u141-b14-1) unstable; urgency=medium
.
* Team upload.
* New upstream release:
- Fixes CVE-2017-10086 and CVE-2017-10114 (Closes: #870860)
* Fixed the build failure with GCC 7 (Closes: #853593)
* Use the gold linker with memory saving options to avoid build failures
caused by lack of RAM (Closes: #857464)
* Fixed a build failure on powerpc caused by a different ucontext_t definition
* Backported a fix for accented characters in textfields (Closes: #872619)
* libopenjfx-java now suggests installing openjfx (Closes: #849419)
* Added lintian overrides to remove the warnings related to the js files
* Disabled the buildSrc tests to work around a Gradle bug
* Standards-Version updated to 4.1.1
openjfx (8u131-b11-2) unstable; urgency=medium
.
* Team upload.
* Make a Release instead of a Debug build
* Disabled the sampling profiler in WebKit (fails to build on arm64)
* Disabled assembler in WebKit on mips
openjfx (8u131-b11-1) unstable; urgency=medium
.
* Team upload.
* New upstream release
- Refreshed the patches
openjfx (8u121-b13-2) unstable; urgency=medium
.
* Team upload.
* Removed the -m32 flags
* Removed the -msse2 flag on non Intel architectures
openjfx (8u121-b13-1) unstable; urgency=medium
.
* Team upload.
* New upstream release
- Refreshed the patches
- New build dependency on cmake
- Copy libicui18n.so, libicuuc.so, libicudata.so and libsqlite3.so in the
modules/web/build/linux/import/lib directory to build JavaScriptCore
- Backported a fix for an ambiguous call to the pow() function in BoxShape
- Install the javapackager script and its man page
* Switch to debhelper level 10
* Disabled parallel building to avoid build failures
openldap (2.4.44+dfsg-5+deb9u4) stretch-security; urgency=high
.
* Fix slapd to limit depth of nested expressions in search filters
(ITS#9202)
opensmtpd (6.0.2p1-2+deb9u3) stretch-security; urgency=high
.
* Fix LPE and RCE vulnerability (Closes: #952453) (CVE-2020-8794)
An out of bounds read in smtpd allows an attacker to inject arbitrary
commands into the envelope file which are then executed as root.
Separately, missing privilege revocation in smtpctl allows arbitrary
commands to be run with the _smtpq group.
OpenBSD 6.6 errata 021:
https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/021_smtpd_envelope.patch.sig
pcl (1.8.0+dfsg1-4+deb9u1) stretch; urgency=medium
.
* Add dependency to libvtk6-qt-dev (Closes: #894656)
pcl (1.8.0+dfsg1-4) experimental; urgency=medium
.
* Add patch for arm build failures.
Thanks to Gianfranco Costamagna
* Enable QT on arm again
perl (5.24.1-3+deb9u7) stretch; urgency=medium
.
* Multiple regexp security fixes (Closes: #962005)
+ [SECURITY] CVE-2020-10543: Buffer overflow caused by a crafted
regular expression
+ [SECURITY] CVE-2020-10878: Integer overflow via malformed bytecode
produced by a crafted regular expression
+ [SECURITY] CVE-2020-12723: Buffer overflow caused by a crafted
regular expression
* Fix FTBFS with IPv6-only host (Closes: #962019)
php-horde (5.2.13+debian0-1+deb9u2) stretch; urgency=medium
.
* CVE-2020-8035: Don't allow to view images inline if opened directly.
* debian/patches/0001-Fix-rewrite-base.patch: Trivial rebase.
php-horde-data (2.1.4-3+deb9u1) stretch; urgency=high
.
* Fix CVE-2020-8518:
The Horde Application Framework contained a remote code execution
vulnerability. An authenticated remote attacker could use this flaw to
cause execution of uploaded CSV data. (Closes: #951537)
php-horde-form (2.0.15-1+deb9u2) stretch; urgency=high
.
* Fix CVE-2020-8866:
The Horde Application Framework contained a remote code execution
vulnerability. An authenticated remote attacker could use this flaw to
upload arbitrary content to an arbitrary writable location on the server
and potentially execute code in the context of the web server user.
(Closes: #955020)
php-horde-gollem (3.0.10-1+deb9u1) stretch; urgency=medium
.
* debian/patches:
+ Add CVE-2020-8034.patch. Fix XSS vulnerability in breadcrumb output
(Reported by: polict of Shielder). (Closes: #961649, CVE-2020-8034).
php-horde-trean (1.1.7-1+deb9u1) stretch; urgency=high
.
* Fix CVE-2020-8865:
The Horde Application Framework contained a directory traversal
vulnerability resulting from insufficient input sanitization. An
authenticated remote attacker could use this flaw to execute code in the
context of the web server user. (Closes: #955019)
php7.0 (7.0.33-0+deb9u8) stretch-security; urgency=high
.
* Backported from 7.2.28
- DOM:
. Fixed bug #77569: (Write Access Violation in DomImplementation).
- Phar:
. Fixed bug #79082 (Files added to tar with Phar::buildFromIterator
have all-access permissions). (CVE-2020-7063)
- Session:
. Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload
Progress). (CVE-2020-7062)
* Backported from 7.2.29
- Core:
. Fixed bug #79329 (get_headers() silently truncates after a null
byte) (CVE-2020-7066)
- EXIF:
. Fixed bug #79282 (Use-of-uninitialized-value in exif)
(CVE-2020-7064)
* Backported from 7.2.30
- Standard:
. Fixed bug #79330 (shell_exec silently truncates after a null byte).
. Fixed bug #79465 (OOB Read in urldecode). (CVE-2020-7067)
* Backported from 7.2.31
- Core:
. Fixed bug #78875 (Long filenames cause OOM and temp files are not cleaned).
(CVE-2019-11048)
. Fixed bug #78876 (Long variables in multipart/form-data cause OOM and temp
files are not cleaned). (CVE-2019-11048)
* Add upstream patch to fix bug #76895
php7.0 (7.0.33-0+deb9u7) stretch-security; urgency=medium
.
* Use mysqld --initialize-insecure for MySQL 8.0 (for Ubuntu 19.10)
* Disable MySQL X Plugin in the tests
* Remove --skip-grant-tables to fix FTBFS with MySQL 8.0
* Remove --without-mysqlx from MySQL 5.7
* Backported from 7.2.27
- Mbstring:
. Fixed bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`).
(CVE-2020-7060)
- Standard:
. Fixed bug #79099 (OOB read in php_strip_tags_ex). (CVE-2020-7059).
* Backported from 7.2.26
- Bcmath:
. Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046).
- Core:
. Fixed bug #78862 (link() silently truncates after a null byte on Windows).
(CVE-2019-11044).
. Fixed bug #78863 (DirectoryIterator class silently truncates after a null
byte). (CVE-2019-11045).
- EXIF:
. Fixed bug #78793 (Use-after-free in exif parsing under memory sanitizer).
(CVE-2019-11050).
. Fixed bug #78910 (Heap-buffer-overflow READ in exif). (CVE-2019-11047).
phpmyadmin (4:4.6.6-4+deb9u1) stretch; urgency=high
.
* Team upload
* Several security fixes
- Cross-site scripting (XSS) vulnerability in db_central_columns.php
(PMASA-2018-1, CVE-2018-7260, Closes: #893539)
- Remove transformation plugin includes
(PMASA-2018-6, CVE-2018-19968)
- Fix Stored Cross-Site Scripting (XSS) in navigation tree
(PMASA-2018-8, CVE-2018-19970)
- Fix information leak (arbitrary file read) using SQL queries
(PMASA-2019-1, CVE-2019-6799, Closes: #920823)
- a specially crafted username can be used to trigger a SQL injection attack
(PMASA-2019-2, CVE-2019-6798, Closes: #920822)
- SQL injection in Designer feature
(PMASA-2019-3, CVE-2019-11768, Closes: #930048)
- CSRF vulnerability in login form
(PMASA-2019-4, CVE-2019-12616, Closes: #930017)
- SQL injection, escape username in the query
(PMASA-2020-1, CVE-2020-5504, Closes: #948718)
- Add a patch to escape some parameters when changing passwords
(PMASA-2020-2, CVE-2020-10804, Closes: #954667)
- Add a patch to escape database and table name
(PMASA-2020-3, CVE-2020-10802, Closes: #954665)
- Add a patch to secure sql_query parameter
(PMASA-2020-4, CVE-2020-10803, Closes: #954666)
pillow (4.0.0-4+deb9u1) stretch-security; urgency=medium
.
* CVE-2019-19911 CVE-2020-5312 CVE-2020-5313
postfix (3.1.15-0+deb9u1) stretch; urgency=medium
.
[Scott Kitterman]
.
* Check GPG signature when downloading new versions via uscan
.
[Wietse Venema]
.
* 3.1.15
- Bugfix (introduced: Postfix 2.8): don't gratuitously enable
all after-220 tests when only one such test is enabled.
This made selective tests impossible with 'good' clients.
File: postscreen/postscreen_smtpd.c.
- Bugfix (introduced: Postfix 3.1): support for
smtp_dns_resolver_options was broken while adding support
for negative DNS response caching in postscreen. Postfix
was inadvertently changed to call res_query() instead of
res_search(). Reported by Jaroslav Skarvada. File:
dns/dns_lookup.c.
- Bugfix (introduced: Postfix 3.0): sanitize server responses
before storing them in the verify database, to avoid Postfix
warnings about malformed UTF8. File: verify/verify.c.
- Bugfix (introduced: Postfix 2.5): the Milter connect event
macros were evaluated before the Milter connection itself
had been negotiated. Problem reported by David Bürgin.
Files: milter/milter.h, milter/milter.c, milter/milter8.c
postgresql-9.6 (9.6.17-0+deb9u1) stretch-security; urgency=medium
.
* New upstream version.
+ Add missing permissions checks for ALTER ... DEPENDS ON EXTENSION.
.
Marking an object as dependent on an extension did not have any
privilege check whatsoever. This oversight allowed any user to mark
routines, triggers, materialized views, or indexes as droppable by
anyone able to drop an extension. Require that the calling user own the
specified object (and hence have privilege to drop it). (CVE-2020-1720)
ppp (2.4.7-1+4+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* pppd: Fix bounds check in EAP code (CVE-2020-8597) (Closes: #950618)
proftpd-dfsg (1.3.5b-4+deb9u5) stretch; urgency=medium
.
* Add patch from upstream to solve bug4385. (Closes: #949622).
* Disable call to /usr/share/debconf/confmodule. Causes hangs during
postinst and it is unsure why we have it at all.
(Closes: #870624)
proftpd-dfsg (1.3.5b-4+deb9u4) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Ensure that we do not reuse already-destroyed memory pools during data
transfers (CVE-2020-9273) (Closes: #951800)
* Clear the data-transfer instigating command pool but keep a memory pool.
Fixes regression in the %{transfer-status} LogFormat functionality.
python-django (1:1.10.7-2+deb9u9) stretch-security; urgency=high
.
* CVE-2020-13254: Potential a data leakage via malformed memcached keys.
.
In cases where a memcached backend does not perform key validation, passing
malformed cache keys could result in a key collision, and potential data
leakage. In order to avoid this vulnerability, key validation is added to
the memcached cache backends.
.
* CVE-2020-13596: Possible XSS via admin ForeignKeyRawIdWidget.
.
Query parameters to the admin ForeignKeyRawIdWidget were not properly URL
encoded, posing an XSS attack vector. ForeignKeyRawIdWidget now ensures
query parameters are correctly URL encoded.
python-django (1:1.10.7-2+deb9u8) stretch-security; urgency=high
.
* CVE-2020-7471: Prevent a Potential SQL injection via StringAgg(delimiter).
(Closes: #950581)
.
Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows
SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in
Django applications that offer downloads of data as a series of rows with a
user-specified column delimiter). By passing a suitably crafted delimiter
to a contrib.postgres.aggregates.StringAgg instance, it was possible to
break escaping and inject malicious SQL.
python-icalendar (3.8-1+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Fix the python3-icalendar dependencies. (Closes: #867436)
python-pysaml2 (3.0.0-5+deb9u1) stretch-security; urgency=medium
.
* CVE-2020-5390
python-reportlab (3.3.0-2+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Address remote code execution in colors.py (CVE-2019-17626)
(Closes: #942763)
qbittorrent (3.3.7-3+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Prevent command injection via "Run external program" function
(CVE-2019-13640) (Closes: #932539)
qemu (1:2.8+dfsg-6+deb9u9) stretch-security; urgency=medium
.
* slirp possible use-after-free in ip_reass(),
slirp-ip_reass-fix-use-after-free-CVE-CVE-2019-15890.patch
Closes: #939869, CVE-2019-15890
* slirp emulation fixes, Closes: CVE-2020-7039
tcp_emu-fix-OOB-access-CVE-2020-7039.patch
slirp-use-correct-size-while-emulating-commands-CVE-2020-7039.patch
slirp-use-correct-size-while-emulating-IRC-commands-CVE-2020-7039.patch
qtbase-opensource-src (5.7.1+dfsg-3+deb9u2) stretch-security; urgency=high
.
* Backport fix for CVE-2020-0569: Do not load plugin from the CWD.
rails (2:4.2.7.1-1+deb9u2) stretch; urgency=high
.
* Team upload.
* Add patch to fix possible XSS vector in JS escape helper.
(Fixes: CVE-2020-5267) (Closes: #954304)
rake (10.5.0-2+deb9u1) stretch; urgency=high
.
* Team upload
* Add patch to use File.open explicitly. (Fixes: CVE-2020-8130)
roundcube (1.2.3+dfsg.1-4+deb9u6) stretch; urgency=high
.
* Backport security fix for CVE-2020-15562: Cross-Site Scripting (XSS)
vulnerability via HTML messages with malicious svg/namespace
(Closes: #964355)
roundcube (1.2.3+dfsg.1-4+deb9u5) stretch-security; urgency=high
.
* Backport security fixes from 1.3.12:
- CVE-2020-13964: Cross-Site Scripting (XSS) vulnerability in template
object 'username' (closes: #962124)
- CVE-2020-13965: Cross-Site Scripting (XSS) vulnerability via malicious
XML messages (closes: #962123)
roundcube (1.2.3+dfsg.1-4+deb9u4) stretch-security; urgency=high
.
* Backport security fixes from 1.2.10:
- CVE-2020-12625: Cross-Site Scripting (XSS) vulnerability via malicious
HTML messages (closes: #959140)
- CVE-2020-12626: CSRF attack can cause an authenticated user to be logged
out (closes: #959142)
ruby-json (2.0.1+dfsg-3+deb9u1) stretch; urgency=high
.
* Add patch to fix unsafe object creation vulnerability.
(Fixes: CVE-2020-10663
ruby2.3 (2.3.3-1+deb9u8) stretch; urgency=high
.
* Non-maintainer upload.
* Add patch to fix unsafe object creation vulnerability.
(Fixes: CVE-2020-10663)
salt (2016.11.2+ds-1+deb9u4) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Apply missing fixes as part of the CVE-2020-11651 and CVE-2020-11652
salt (2016.11.2+ds-1+deb9u3) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Address CVE-2020-11651 and CVE-2020-11652 (Closes: #959684)
Thanks to Daniel Wozniak <dwozniak@saltstack.com>
* Add note about log messages to hardening salt docs
* salt-api NET API with the ssh client enabled is vulnerable to command
injection (CVE-2019-17361) (Closes: #949222)
sendmail (8.15.2-8+deb9u1) stretch; urgency=medium
.
* QA upload.
* rmail: Add exim4 to the list of conflicting MTAs. (Closes: #863567)
* Skip hook execution if /usr/share/sendmail/dynamic does not exist.
(Closes: #873978)
* debian/examples/network/if-post-down.d/sendmail: Generate during build.
* connect-from-null.patch: New, fix "NOQUEUE: connect from (null)", thanks
to Michael Grant and Claus Assmann.
* Fix finding the queue runner control process in "split daemon" mode,
thanks to Marc Andre Selig. (Closes: #887064)
* Fix prerm failure on btrfs. (Closes: #893424)
* Switch Vcs-* URLs to salsa.debian.org.
* Fix typos in descriptions. (Closes: #894535)
* sendmail-bin.prerm: Stop sendmail before removing the alternatives.
sogo-connector (68.0.1-2~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
- Lower dh compat to 10.
sogo-connector (68.0.1-1) unstable; urgency=medium
.
* [0e43d2d] d/control: move Maintainer to Debian Mozilla Extension Maintainers
sogo-connector (68.0.1-1~exp1) unstable; urgency=medium
.
* [74a8e5f] New upstream version 68.0.1
* [5c78ff2] d/control: add new package webext-sogo-connector
- The source of the package is now web-extension based only, no old
transitional xul stuff is included. So make this visible by moving the
main binary package over to webext-* syntax.
* [b292c29] d/control: remove B-D on make and mozilla-devscripts
- Drop Build-Depends on make and mozilla-devscripts, they are not needed
any more.
* [1dadf9c] d/control: adding Rules-Requires-Root: no
* [1d3e119] d/rules: updating build targets
- Clean up all non needed xul-* helpers, makes the mostly needed target
reduced to the quite the minimum.
* [ec0863d] webext-sogo-connector adding install sequencer file
* [366a931] webext-sogo-connector: adding linking sequencer file
* [1c7252f] webext-sogo-connector: adding docs sequencer file
* [48e8b6a] d/xul-ext-sogo-connector.lintian-overrides: drop file
- xul-ext-sogo-connector is now a transitional package, we don't need
this lintian file any more.
sogo-connector (68.0.0-1) unstable; urgency=medium
.
* [63605f6] New upstream version 68.0.0
(Closes: #945061)
* [f021239] d/control: bump Standards-Version to 4.4.1
* [cece803] d/control: drop B-D on python-ply
(Closes: #939479)
* [86ab883] rebuild patch queue from patch-queue branch
- removed patches:
removing-the-COPYING-file.patch
sogo-connector.xpt-prepare-option-for-rebuild-the-.x.patch
* [00917e3] remove now obsolete *.idl files
- The package build isn't depending on some old files from the non
existing package thunderbird-dev any more. The build doesn't uses
*.idl files now.
* [4b96f9a] d/copyright: update date information
* [3efbfa0] d/watch: switch over to git mode
* [324d0b8] d/rules: rewrite targets due modified source for TB 68
- Rewrite the control of the package build. There is no local run of
some Make targets needed any more.
sogo-connector (60.0.2-1) unstable; urgency=medium
.
* [747546e] New upstream version 60.0.2
sogo-connector (60.0.1-1) unstable; urgency=medium
.
* [37adbb6] New upstream version 60.0.1
* [fcd4f5d] d/control: bump Standards-Version to 4.3.0
- No further changes needed.
* [0c71fd4] debhelper: use debhelper-compat in B-D
- Move over to use debhelper-compat (with version 12) instead of using
a specific debhelper version together with a possible different version
for compatibility in d/compat.
sogo-connector (60.0.0+gite2547a3-1) unstable; urgency=medium
.
* [8785a7e] New upstream version 31.0.6
* [4498ec4] add files from package thunderbird-devel
- To get the upstream source build we need some files from the now no
longer available package thunderbird-dev. Extracting these files from
latest available version on snapshot.d.o and place the files with the
debian/ folder.
* [014690f] rebuild patch queue from patch-queue branch
- modified patch:
sogo-connector.xpt-prepare-option-for-rebuild-the-.x.patch
By the now different source folders for the required files from the old
package thunderbird-dev we also need to modify the Makefile within the
folder components/ so this file is referencing the new source folder for
to get the AddOn build.
* [a787dfb] New upstream version 60.0.0+gite2547a3
- Closes: #909313, #890513, #858734
* [e3da533] d/control: remove B-D on thunderbird-dev
- Removing the no longer available package from the Build-Depends.
* [99365db] debian/control: bump Standards-Version to 4.2.1
- No further changes needed.
* [ca0be35] d/control: adjust Vcs fields to Salsa
- Packaging tree is now moved over to Salsa.
* [e4632ef] d/watch: use https instead of http
* [b31b662] d/control: adjust upstream Homepage
- Change the referencing Upstream URL to the new created GitHub site on
https://github.com/inverse-inc/sogo-connector
* [d02948f] d/watch: use new github sub site for the watch file
- And also use this URL within the watch file.
* [cb51d79] rebuild patch queue from patch-queue branch
* [f380573] d/rules: tweak the installation of some files
- Remove unneeded Makefile from the package and move the README file into
/usr/share/doc/xul-ext-sogo-connector
ssvnc (1.0.29-3+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload by the LTS team.
* Porting of libvncclient security patches (Closes: #945827):
- CVE-2018-20020: heap out-of-bound write vulnerability inside structure
in VNC client code.
- CVE-2018-20021: CWE-835: Infinite loop vulnerability in VNC client code.
- CVE-2018-20022: CWE-665: Improper Initialization vulnerability.
- CVE-2018-20024: null pointer dereference that can result DoS.
storebackup (3.2.1-2~deb9u1) stretch; urgency=medium
.
* QA upload.
* Rebuild for stretch.
.
storebackup (3.2.1-2) unstable; urgency=medium
.
* QA upload.
* Set maintainer to Debian QA Group. (see #856299)
* Add patch to change the way the lockfile is opened in the Perl code.
(Fixes: CVE-2020-7040) (Closes: #949393)
swt-gtk (3.8.2-3+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* libswt-webkit-gtk-3-jni: Add the missing dependency
on libwebkitgtk-1.0-0. (Closes: #879170)
thunderbird (1:68.10.0-1~deb9u1) stretch-security; urgency=medium
.
* Rebuild for stretch-security
thunderbird (1:68.9.0-1) unstable; urgency=medium
.
[ intrigeri ]
* [fd13825] AppArmor: update profile from upstream at commit 860d2d9
(Closes: #960465)
.
[ Carsten Schoenert ]
* [c310c40] New upstream version 68.9.0
Fixed CVE issues in upstream version 68.9.0 (MFSA 2020-22):
CVE-2020-12399: Timing attack on DSA signatures in NSS library
CVE-2020-12405: Use-after-free in SharedWorkerService
CVE-2020-12406: JavaScript Type confusion with NativeTypes
CVE-2020-12410: Memory safety bugs fixed in Thunderbird 68.9.0
CVE-2020-12398: Security downgrade with IMAP STARTTLS leads to
information leakage
thunderbird (1:68.9.0-1~deb10u1) stable-security; urgency=medium
.
* Rebuild for buster-security
(Closes: #960465)
thunderbird (1:68.9.0-1~deb9u1) stretch-security; urgency=medium
.
* Rebuild for stretch-security
(Closes: #960465)
thunderbird (1:68.8.1-1) unstable; urgency=medium
.
* [7495e7a] New upstream version 68.8.1
thunderbird (1:68.8.0-1) unstable; urgency=medium
.
* [9b5ae46] New upstream version 68.8.0
Fixed CVE issues in upstream version 68.8.0 (MFSA 2020-18):
CVE-2020-12397: Sender Email Address Spoofing using encoded Unicode
characters
CVE-2020-12387: Use-after-free during worker shutdown
CVE-2020-6831: Buffer overflow in SCTP chunk input validation
CVE-2020-12392: Arbitrary local file access with 'Copy as cURL'
CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape
website-controlled data, potentially leading to command
injection
CVE-2020-12395: Memory safety bugs fixed in Thunderbird 68.8.0
thunderbird (1:68.8.0-1~deb10u1) stable-security; urgency=medium
.
* Rebuild for buster-security
thunderbird (1:68.8.0-1~deb9u1) stretch-security; urgency=medium
.
* Rebuild for stretch-security
thunderbird (1:68.7.0-1) unstable; urgency=medium
.
* [c0052af] New upstream version 68.7.0
Fixed CVE issues in upstream version 68.7.0 (MFSA 2020-14):
CVE-2020-6819: Use-after-free while running the nsDocShell destructor
CVE-2020-6820: Use-after-free when handling a ReadableStream
CVE-2020-6821: Uninitialized memory could be read when using the WebGL
copyTexSubImage method
CVE-2020-6822: Out of bounds write in GMPDecodeData when processing large
images
CVE-2020-6825: Memory safety bugs fixed in Thunderbird 68.7
thunderbird (1:68.7.0-1~deb10u1) stable-security; urgency=medium
.
* Rebuild for buster-security
thunderbird (1:68.7.0-1~deb9u1) stretch-security; urgency=medium
.
* Rebuild for stretch-security
thunderbird (1:68.6.0-1) unstable; urgency=medium
.
* [5709774] New upstream version 68.6.0
Fixed CVE issues in upstream version 68.6.0 (MFSA 2020-10):
CVE-2019-20503: Out of bounds reads in sctp_load_addresses_from_init
CVE-2020-6805: Use-after-free when removing data about origins
CVE-2020-6806: BodyStream::OnInputStreamReady was missing protections
against state confusion
CVE-2020-6807: Use-after-free in cubeb during stream destruction
CVE-2020-6811: Devtools' 'Copy as cURL' feature did not fully escape
website-controlled data, potentially leading to
command injection
CVE-2020-6812: The names of AirPods with personally identifiable
information were exposed to websites with camera or
microphone permission
CVE-2020-6814: Memory safety bugs fixed in Thunderbird 68.6
thunderbird (1:68.6.0-1~deb10u1) stable-security; urgency=medium
.
* Rebuild for buster-security
thunderbird (1:68.6.0-1~deb9u1) stretch-security; urgency=medium
.
* Rebuild for stretch-security
thunderbird (1:68.5.0-1) unstable; urgency=medium
.
* [d79bf82] New upstream version 68.5.0
Fixed CVE issues in upstream version 68.5.0 (MFSA 2020-07):
CVE-2020-6793: Out-of-bounds read when processing certain email messages
CVE-2020-6794: Setting a master password post-Thunderbird 52 does not
delete unencrypted previously stored passwords
CVE-2020-6795: Crash processing S/MIME messages with multiple signatures
CVE-2020-6798: Incorrect parsing of template tag could result in
JavaScript injection
CVE-2020-6792: Message ID calculcation was based on uninitialized data
CVE-2020-6800: Memory safety bugs fixed in Thunderbird 68.5
(Closes: #891848)
* [0884df6] d/control: increase Standards-Version to 4.5.0
No further changes needed.
thunderbird (1:68.5.0-1~deb10u1) stable-security; urgency=medium
.
* Rebuild for buster-security
(Closes: #891848)
thunderbird (1:68.5.0-1~deb9u1) stretch-security; urgency=medium
.
* Rebuild for stretch-security
(Closes: #891848)
thunderbird (1:68.4.2-1) unstable; urgency=medium
.
* [7ab7786] d/gbp.conf: add some more files we need to filter out
* [9c02c34] New upstream version 68.4.2
thunderbird (1:68.4.1-1) unstable; urgency=medium
.
* [a00f3e9] New upstream version 68.4.1
Fixed CVE issues in upstream version 68.4.1 (MFSA 2020-04):
CVE-2019-17026: IonMonkey type confusion with StoreElementHole and
FallibleStoreElement
CVE-2019-17015: Memory corruption in parent process during new content
process initialization on Windows
CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting
CVE-2019-17017: Type Confusion in XPCVariant.cpp
CVE-2019-17022: CSS sanitization does not escape HTML tags
CVE-2019-17024: Memory safety bugs fixed in Thunderbird 68.4.1
* [6b1fd82] rebuild patch queue from patch-queue branch
removed patch (included upstream)
fixes/Update-bindgen-in-ESR68.-r-glandium-a-RyanVM.patch
thunderbird (1:68.4.1-1~deb10u1) stable-security; urgency=medium
.
* Rebuild for buster-security
tiff (4.0.8-2+deb9u5) stretch-security; urgency=high
.
* Backport security fixes:
- CVE-2018-12900, heap-based buffer overflow in cpSeparateBufToContigBuf(),
- CVE-2018-17000, NULL pointer dereference in _TIFFmemcmp(),
- CVE-2018-17100, int32 overflow in multiply_ms(),
- CVE-2018-19210, NULL pointer dereference in TIFFWriteDirectorySec(),
- CVE-2019-14973, _TIFFCheckMalloc() and _TIFFCheckRealloc() mishandle
Integer Overflow checks,
- CVE-2019-17546, integer overflow that potentially causes a heap-based
buffer overflow,
- CVE-2019-7663, Invalid Address dereference in
TIFFWriteDirectoryTagTransfer() .
* Add required _TIFFCastUInt64ToSSize@LIBTIFF_4.0 and
_TIFFMultiplySSize@LIBTIFF_4.0 symbols to the libtiff5 package.
tinyproxy (1.8.4-3~deb9u2) stretch; urgency=medium
.
* debian/patches:
+ Add CVE-2017-11747-drop-privileges-after-PID-file-creation.patch.
CVE-2017-11747: Create PID file before dropping privileges to non-root
account. (Closes: #870307).
* debian/tinyproxy.init:
+ Only set PIDDIR, if PIDFILE is a non-zero length string. (Closes:
#948283).
tomcat8 (8.5.54-0+deb9u1) stretch-security; urgency=high
.
* Team upload.
* Fix CVE-2019-17569: HTTP Request Smuggling
The refactoring in 8.5.48 introduced a regression. The result of the
regression was that invalid Transfer-Encoding headers were incorrectly
processed leading to a possibility of HTTP Request Smuggling if Tomcat was
located behind a reverse proxy that incorrectly handled the invalid
Transfer-Encoding header in a particular manner. Such a reverse proxy is
considered unlikely.
* Fix CVE-2020-1935: HTTP Request Smuggling
The HTTP header parsing code used an approach to end-of-line (EOL) parsing
that allowed some invalid HTTP headers to be parsed as valid. This led to a
possibility of HTTP Request Smuggling if Tomcat was located behind a
reverse proxy that incorrectly handled the invalid Transfer-Encoding header
in a particular manner. Such a reverse proxy is considered unlikely.
* Fix CVE-2020-1938: AJP Request Injection and potential Remote Code
Execution When using the Apache JServ Protocol (AJP), care must be taken
when trusting incoming connections to Apache Tomcat. Tomcat treats AJP
connections as having higher trust than, for example, a similar HTTP
connection. If such connections are available to an attacker, they can be
exploited in ways that may be surprising. Prior to Tomcat 8.5.51, Tomcat
shipped with an AJP Connector enabled by default that listened on all
configured IP addresses. It was expected (and recommended in the security
guide) that this Connector would be disabled if not required.
.
Note that Debian already disabled the AJP connector by default. Mitigation
is only required if the AJP port was made accessible to untrusted users.
tzdata (2020a-0+deb9u1) stretch; urgency=medium
.
* New upstream version, affecting the following future timestamps:
- Morocco springs forward on 2020-05-31, not 2020-05-24.
- Canada's Yukon advanced to -07 year-round on 2020-03-08.
tzdata (2019c-3) unstable; urgency=medium
.
* Build the timezone data from tzdata.zi.
* Install leapseconds file /usr/share/zoneinfo.
* Bump Standards-Version to 4.4.1 (no changes).
tzdata (2019c-2) unstable; urgency=medium
.
[Â Paul Eggert ]
* Install tzdata.zi file in /usr/share/zoneinfo. Closes: #940852.
.
[ Aurelien Jarno ]
* Use tzdata.zi to change hardlinks into symlinks.
* Bump debhelper compatibility to 12.
* Bump Standards-Version to 4.4.0 (no changes).
* Drop Replaces on libc6, it is not needed anymore since Lenny.
* Depends on gawk and use it instead of mawk which crashes with a memory
corruption.
tzdata (2019c-1) unstable; urgency=medium
.
* New upstream version, affecting the following future timestamps:
- Fiji's next DST transitions will be 2019-11-10 and 2020-01-12
instead of 2019-11-03 and 2020-01-19.
- Norfolk Island will observe Australian-style DST starting in
spring 2019. The first transition is on 2019-10-06.
* Update French debconf translation, by Baptiste Jammet. Closes:
#935153.
* debian/rules: drop obsolete -y zic option.
tzdata (2019c-0+deb10u1) buster; urgency=medium
.
* New upstream version, affecting the following future timestamps:
- Fiji's next DST transitions will be 2019-11-10 and 2020-01-12
instead of 2019-11-03 and 2020-01-19.
- Norfolk Island will observe Australian-style DST starting in
spring 2019. The first transition is on 2019-10-06.
vlc (3.0.11-0+deb9u1) stretch-security; urgency=high
.
* New upstream release
- Fix heap-based buffer overflow in hxxx_nal (CVE-2020-13428)
* debian/patches: Drop patches integrated upstream
vlc (3.0.10-2) unstable; urgency=medium
.
* debian/:
- Bump debhleper compat to 13
- Disable srt until the package is fixed
- Build omxil plugin only on Raspbian (Closes: #957915)
vlc (3.0.10-1) unstable; urgency=medium
.
* New upstream release
vlc (3.0.10-0+deb10u1) buster-security; urgency=medium
.
* New upstream release
* debian/: Disable microdns plugin due to microdns security issues
(CVE-2020-6071, CVE-2020-6072, CVE-2020-6073, CVE-2020-6077,
CVE-2020-6078, CVE-2020-6079, CVE-2020-6080)
vlc (3.0.10-0+deb9u1) stretch-security; urgency=medium
.
* New upstream release
* debian/: Disable microdns plugin due to microdns security issues
(CVE-2020-6071, CVE-2020-6072, CVE-2020-6073, CVE-2020-6077,
CVE-2020-6078, CVE-2020-6079, CVE-2020-6080)
* debian/patches: Fix build with stretch's libdvdread
vlc (3.0.9.2-1) unstable; urgency=medium
.
* New upstream release
* debian/patches: Remove patches integrated upstream
* debian/copyright:
- Bump copyright years
- Update files
* debian/upstream/signing-key.asc: Re-export upstream's signing key
vlc (3.0.8-4) unstable; urgency=medium
.
* debian/control: Bump Standards-Version
* debian/upstream: Apply upstream patches for chromechast support in avahi
* debian/: Disable microdns plugin
vlc (3.0.8-3) unstable; urgency=medium
.
* debian/control:
- Replace libfreetype6-dev with libfreetype-dev
- Bump Standards-Version
* debian/: Build srt access plugin
vlc (3.0.8-2) unstable; urgency=medium
.
* debian/: Revert "Switch back to libmodplug-dev since vlc now requires
0.8.9.". Patch configure.ac instead.
vlc (3.0.8-1) unstable; urgency=medium
.
* New upstream release.
- Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)
- Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437,
CVE-2019-14438)
- Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)
- Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)
- Fix a use after free in the ASF demuxer (CVE-2019-14533)
- Fix a null dereference in the ASF demuxer (CVE-2019-14534)
- Fix a division by zero in the CAF demuxer (CVE-2019-14498)
- Fix a division by zero in the ASF demuxer (CVE-2019-14535)
* debian/: Remove crystalhd plugin. libcrystalhd-dev is scheduled for
removal.
* debian/patches: Remove patches included upstream.
* debian/control: Switch back to libmodplug-dev since vlc now requires
0.8.9.
vlc (3.0.8-0+deb10u1) buster-security; urgency=high
.
* New upstream release.
- Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)
- Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)
- Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437,
CVE-2019-14438)
- Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)
- Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)
- Fix a use after free in the ASF demuxer (CVE-2019-14533)
- Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602)
(Closes: #932131)
- Fix a null dereference in the ASF demuxer (CVE-2019-14534)
- Fix a division by zero in the CAF demuxer (CVE-2019-14498)
- Fix a division by zero in the ASF demuxer (CVE-2019-14535)
- Fix a division by zero when playing DVDs. (Closes: #929491, #923017,
#932182)
* debian/control: Bump libebml-dev B-D according to configure check changes.
* debian/patches: Revert modplug version bump. We use the libopenmpt compat
layer anyway.
websockify (0.8.0+dfsg1-7+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Add runtime depends on python{3,}-pkg-resources (Closes: #879224).
wordpress (4.7.5+dfsg-2+deb9u6) stretch-security; urgency=high
.
* Importing Wordpress 4.7.17/5.4.1 updates Closes: #959391
- CVE-2020-11025
XSS vulnerability in the navigation section of Customizer allows
JavaScript code to be executed.
- CVE-2020-11026
uploaded files to Media section to lead to script execution
- CVE-2020-11027
Password reset link does not expire
- CVE-2020-11028
Private posts can be found through searching by date
- CVE-2020-11029
XSS in stats() method in class-wp-object-cache
Not vulnerable:
- CVE-2020-11030 (feature introduced 5.0)
Special payload can execute scripts in block editor
* Importing Wordpress 4.7.16/5.3.1 updates Closes: #946905
- CVE-2019-20043
an unprivileged user could make a post sticky via the REST API.
- CVE-2019-20041
hardening wp_kses_bad_protocol() to ensure that it is aware
of the named colon attribute.
Not vulnerable:
- CVE-2019-20042 (function introduced 5.1.0)
cross-site scripting (XSS) could be stored in well-crafted links
- CVE-2019-16780 and CVE-2019-16781 (feature introduced 5.0)
stored XSS vulnerability using block editor content.
* Importing Wordpress 4.7.15/5.2.4 updates Closes: #942459
- CVE-2019-17674
Stored XSS in the Customizer
- CVE-2019-17671
Viewing unauthenticated posts
- CVE-2019-17672
Stored XSS to inject javascript into style tags
- CVE-2019-17673
Poisoning JSON GET requests
- CVE-2019-17669
SSRF in URL vaidation
- CVE-2019-17675
Referer validation in admin screens
* Importing Wordpress 4.7.14/5.2.3 updates Closes: #939543
- CVE-2019-16223
XSS in post previews
- CVE-2019-16218
XSS in stored comments
- CVE-2019-16220
Open redirect due to validation and sanitization
- CVE-2019-16217
XSS in media uploads
- CVE-2019-16219
XSS in shortcode previews
- CVE-2019-16221
XSS in dashboard
- CVE-2019-16222
XSS in URL sanitization
* Security patches from 5.1.1/4.7.13
* Fixes XSS security hole in comments CVE-2019-9787 Closes: #924546
wpa (2:2.4-1+deb9u6) stretch; urgency=medium
.
* Refresh the patch for CVE-2019-16275 to include the missing inline
function.
* Add an upstream patch to fix the MAC randomisation issue with some
cards (LP: #1867908, Closes: #954457)
.
wpa (2:2.4-1+deb9u5) stretch; urgency=medium
.
* SECURITY UPDATE:
- AP mode PMF disconnection protection bypass.
More details:
+ https://w1.fi/security/2019-7/
Closes: #940080 (CVE-2019-16275)
xdg-utils (1.1.1-1+deb9u2) stretch; urgency=medium
.
* Apply patches:
- Sanitise-window-name.patch fixes crash in xdg-screensaver.
Closes: #910070, LP: #1743216, Upstream: BR108121.
- Directories-with-spaces.patch corrects handling directories with spaces
in the name. LP: #1848335, Upstream: #166.
- Create-data-apps-dir.patch fixes xdg-mime with temporary $XDG_DATA_HOME.
Closes: #652038.
xml-security-c (1.7.3-4+deb9u3) stretch; urgency=medium
.
* [02c3993] New patch: Fix a length bug in concat method.
Thanks to Scott Cantor (Closes: #922984)
xtrlock (2.8+deb9u1) stretch; urgency=high
.
* CVE-2016-10894: Attempt to grab multitouch devices which are not
intercepted via XGrabPointer.
.
xtrlock did not block multitouch events so an attacker could still input
and thus control various programs such as Chromium, etc. via so-called
"multitouch" events such as pan scrolling, "pinch and zoom", or even being
able to provide regular mouse clicks by depressing the touchpad once and
then clicking with a secondary finger.
.
This fix does not the situation where Eve plugs in a multitouch device
*after* the screen has been locked. For more information on this angle,
please see <https://bugs.debian.org/830726#115>. (Closes: #830726)
======================================
Sat, 08 Feb 2020 - Debian 9.12 released
======================================
=========================================================================
[Date: Sat, 08 Feb 2020 11:46:50 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
btrfs-modules-4.9.0-11-s390x-di | 4.9.189-3+deb9u2 | s390x
crc-modules-4.9.0-11-s390x-di | 4.9.189-3+deb9u2 | s390x
crypto-dm-modules-4.9.0-11-s390x-di | 4.9.189-3+deb9u2 | s390x
crypto-modules-4.9.0-11-s390x-di | 4.9.189-3+deb9u2 | s390x
dasd-extra-modules-4.9.0-11-s390x-di | 4.9.189-3+deb9u2 | s390x
dasd-modules-4.9.0-11-s390x-di | 4.9.189-3+deb9u2 | s390x
ext4-modules-4.9.0-11-s390x-di | 4.9.189-3+deb9u2 | s390x
fat-modules-4.9.0-11-s390x-di | 4.9.189-3+deb9u2 | s390x
fuse-modules-4.9.0-11-s390x-di | 4.9.189-3+deb9u2 | s390x
isofs-modules-4.9.0-11-s390x-di | 4.9.189-3+deb9u2 | s390x
kernel-image-4.9.0-11-s390x-di | 4.9.189-3+deb9u2 | s390x
linux-headers-4.9.0-11-all-s390x | 4.9.189-3+deb9u2 | s390x
linux-headers-4.9.0-11-s390x | 4.9.189-3+deb9u2 | s390x
linux-image-4.9.0-11-s390x | 4.9.189-3+deb9u2 | s390x
linux-image-4.9.0-11-s390x-dbg | 4.9.189-3+deb9u2 | s390x
loop-modules-4.9.0-11-s390x-di | 4.9.189-3+deb9u2 | s390x
md-modules-4.9.0-11-s390x-di | 4.9.189-3+deb9u2 | s390x
multipath-modules-4.9.0-11-s390x-di | 4.9.189-3+deb9u2 | s390x
nbd-modules-4.9.0-11-s390x-di | 4.9.189-3+deb9u2 | s390x
nic-modules-4.9.0-11-s390x-di | 4.9.189-3+deb9u2 | s390x
scsi-core-modules-4.9.0-11-s390x-di | 4.9.189-3+deb9u2 | s390x
scsi-modules-4.9.0-11-s390x-di | 4.9.189-3+deb9u2 | s390x
udf-modules-4.9.0-11-s390x-di | 4.9.189-3+deb9u2 | s390x
virtio-modules-4.9.0-11-s390x-di | 4.9.189-3+deb9u2 | s390x
xfs-modules-4.9.0-11-s390x-di | 4.9.189-3+deb9u2 | s390x
zlib-modules-4.9.0-11-s390x-di | 4.9.189-3+deb9u2 | s390x
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 08 Feb 2020 11:47:08 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
linux-headers-4.9.0-11-all | 4.9.189-3+deb9u2 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 08 Feb 2020 11:47:16 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
acpi-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
ata-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
btrfs-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
cdrom-core-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
crc-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
crypto-dm-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
crypto-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
efi-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
event-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
ext4-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
fat-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
fb-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
firewire-core-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
fuse-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
hyperv-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
i2c-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
input-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
isofs-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
jfs-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
kernel-image-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
linux-headers-4.9.0-11-all-amd64 | 4.9.189-3+deb9u2 | amd64
linux-headers-4.9.0-11-amd64 | 4.9.189-3+deb9u2 | amd64
linux-headers-4.9.0-11-rt-amd64 | 4.9.189-3+deb9u2 | amd64
linux-image-4.9.0-11-amd64 | 4.9.189-3+deb9u2 | amd64
linux-image-4.9.0-11-amd64-dbg | 4.9.189-3+deb9u2 | amd64
linux-image-4.9.0-11-rt-amd64 | 4.9.189-3+deb9u2 | amd64
linux-image-4.9.0-11-rt-amd64-dbg | 4.9.189-3+deb9u2 | amd64
loop-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
md-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
mmc-core-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
mmc-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
mouse-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
multipath-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
nbd-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
nic-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
nic-pcmcia-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
nic-shared-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
nic-usb-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
nic-wireless-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
ntfs-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
pata-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
pcmcia-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
pcmcia-storage-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
ppp-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
sata-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
scsi-core-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
scsi-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
serial-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
sound-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
speakup-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
squashfs-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
udf-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
uinput-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
usb-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
usb-serial-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
usb-storage-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
virtio-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
xfs-modules-4.9.0-11-amd64-di | 4.9.189-3+deb9u2 | amd64
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 08 Feb 2020 11:47:24 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
ata-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
btrfs-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
cdrom-core-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
crc-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
crypto-dm-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
crypto-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
efi-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
event-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
ext4-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
fat-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
fb-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
fuse-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
i2c-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
input-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
isofs-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
jfs-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
kernel-image-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
leds-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
linux-headers-4.9.0-11-all-arm64 | 4.9.189-3+deb9u2 | arm64
linux-headers-4.9.0-11-arm64 | 4.9.189-3+deb9u2 | arm64
linux-image-4.9.0-11-arm64 | 4.9.189-3+deb9u2 | arm64
linux-image-4.9.0-11-arm64-dbg | 4.9.189-3+deb9u2 | arm64
loop-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
md-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
mmc-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
multipath-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
nbd-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
nic-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
nic-shared-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
nic-usb-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
nic-wireless-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
ppp-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
sata-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
scsi-core-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
scsi-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
squashfs-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
udf-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
uinput-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
usb-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
usb-storage-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
virtio-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
xfs-modules-4.9.0-11-arm64-di | 4.9.189-3+deb9u2 | arm64
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 08 Feb 2020 11:47:32 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
btrfs-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
cdrom-core-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
crc-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
crypto-dm-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
crypto-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
event-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
ext4-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
fat-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
fb-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
fuse-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
input-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
ipv6-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
isofs-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
jffs2-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
jfs-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
kernel-image-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
leds-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
linux-headers-4.9.0-11-all-armel | 4.9.189-3+deb9u2 | armel
linux-headers-4.9.0-11-marvell | 4.9.189-3+deb9u2 | armel
linux-image-4.9.0-11-marvell | 4.9.189-3+deb9u2 | armel
linux-image-4.9.0-11-marvell-dbg | 4.9.189-3+deb9u2 | armel
loop-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
md-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
minix-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
mmc-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
mouse-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
mtd-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
multipath-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
nbd-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
nic-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
nic-shared-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
nic-usb-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
ppp-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
sata-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
scsi-core-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
squashfs-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
udf-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
uinput-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
usb-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
usb-serial-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
usb-storage-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
zlib-modules-4.9.0-11-marvell-di | 4.9.189-3+deb9u2 | armel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 08 Feb 2020 11:47:39 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
ata-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
btrfs-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
crc-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
crypto-dm-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
crypto-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
efi-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
event-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
ext4-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
fat-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
fb-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
fuse-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
i2c-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
input-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
isofs-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
jfs-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
kernel-image-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
leds-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
linux-headers-4.9.0-11-all-armhf | 4.9.189-3+deb9u2 | armhf
linux-headers-4.9.0-11-armmp | 4.9.189-3+deb9u2 | armhf
linux-headers-4.9.0-11-armmp-lpae | 4.9.189-3+deb9u2 | armhf
linux-image-4.9.0-11-armmp | 4.9.189-3+deb9u2 | armhf
linux-image-4.9.0-11-armmp-dbg | 4.9.189-3+deb9u2 | armhf
linux-image-4.9.0-11-armmp-lpae | 4.9.189-3+deb9u2 | armhf
linux-image-4.9.0-11-armmp-lpae-dbg | 4.9.189-3+deb9u2 | armhf
loop-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
md-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
mmc-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
mtd-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
multipath-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
nbd-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
nic-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
nic-shared-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
nic-usb-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
nic-wireless-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
pata-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
ppp-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
sata-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
scsi-core-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
scsi-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
squashfs-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
udf-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
uinput-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
usb-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
usb-storage-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
virtio-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
zlib-modules-4.9.0-11-armmp-di | 4.9.189-3+deb9u2 | armhf
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 08 Feb 2020 11:47:47 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
acpi-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
acpi-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
ata-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
ata-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
btrfs-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
btrfs-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
cdrom-core-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
cdrom-core-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
crc-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
crc-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
crypto-dm-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
crypto-dm-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
crypto-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
crypto-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
efi-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
efi-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
event-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
event-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
ext4-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
ext4-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
fat-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
fat-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
fb-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
fb-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
firewire-core-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
firewire-core-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
fuse-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
fuse-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
hyperv-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
hyperv-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
i2c-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
i2c-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
input-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
input-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
isofs-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
isofs-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
jfs-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
jfs-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
kernel-image-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
kernel-image-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
linux-headers-4.9.0-11-686 | 4.9.189-3+deb9u2 | i386
linux-headers-4.9.0-11-686-pae | 4.9.189-3+deb9u2 | i386
linux-headers-4.9.0-11-all-i386 | 4.9.189-3+deb9u2 | i386
linux-headers-4.9.0-11-rt-686-pae | 4.9.189-3+deb9u2 | i386
linux-image-4.9.0-11-686 | 4.9.189-3+deb9u2 | i386
linux-image-4.9.0-11-686-dbg | 4.9.189-3+deb9u2 | i386
linux-image-4.9.0-11-686-pae | 4.9.189-3+deb9u2 | i386
linux-image-4.9.0-11-686-pae-dbg | 4.9.189-3+deb9u2 | i386
linux-image-4.9.0-11-rt-686-pae | 4.9.189-3+deb9u2 | i386
linux-image-4.9.0-11-rt-686-pae-dbg | 4.9.189-3+deb9u2 | i386
loop-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
loop-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
md-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
md-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
mmc-core-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
mmc-core-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
mmc-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
mmc-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
mouse-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
mouse-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
multipath-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
multipath-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
nbd-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
nbd-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
nic-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
nic-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
nic-pcmcia-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
nic-pcmcia-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
nic-shared-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
nic-shared-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
nic-usb-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
nic-usb-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
nic-wireless-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
nic-wireless-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
ntfs-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
ntfs-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
pata-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
pata-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
pcmcia-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
pcmcia-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
pcmcia-storage-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
pcmcia-storage-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
ppp-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
ppp-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
sata-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
sata-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
scsi-core-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
scsi-core-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
scsi-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
scsi-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
serial-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
serial-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
sound-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
sound-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
speakup-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
speakup-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
squashfs-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
squashfs-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
udf-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
udf-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
uinput-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
uinput-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
usb-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
usb-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
usb-serial-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
usb-serial-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
usb-storage-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
usb-storage-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
virtio-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
virtio-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
xfs-modules-4.9.0-11-686-di | 4.9.189-3+deb9u2 | i386
xfs-modules-4.9.0-11-686-pae-di | 4.9.189-3+deb9u2 | i386
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 08 Feb 2020 11:47:54 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
linux-headers-4.9.0-11-all-mips | 4.9.189-3+deb9u2 | mips
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 08 Feb 2020 11:48:12 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
affs-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
btrfs-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
cdrom-core-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
crc-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
crypto-dm-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
crypto-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
event-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
ext4-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
fat-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
fuse-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
hfs-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
input-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
isofs-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
jfs-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
kernel-image-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
linux-headers-4.9.0-11-5kc-malta | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
linux-headers-4.9.0-11-octeon | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
linux-image-4.9.0-11-5kc-malta | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
linux-image-4.9.0-11-5kc-malta-dbg | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
linux-image-4.9.0-11-octeon | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
linux-image-4.9.0-11-octeon-dbg | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
loop-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
md-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
minix-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
multipath-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
nbd-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
nic-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
nic-shared-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
nic-usb-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
nic-wireless-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
ntfs-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
pata-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
ppp-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
rtc-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
sata-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
scsi-core-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
scsi-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
sound-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
squashfs-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
udf-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
usb-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
usb-serial-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
usb-storage-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
virtio-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
xfs-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
zlib-modules-4.9.0-11-octeon-di | 4.9.189-3+deb9u2 | mips, mips64el, mipsel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 08 Feb 2020 11:48:21 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
affs-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
ata-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
btrfs-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
cdrom-core-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
crc-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
crypto-dm-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
crypto-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
event-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
ext4-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
fat-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
fuse-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
hfs-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
i2c-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
input-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
isofs-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
jfs-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
kernel-image-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
linux-headers-4.9.0-11-4kc-malta | 4.9.189-3+deb9u2 | mips, mipsel
linux-image-4.9.0-11-4kc-malta | 4.9.189-3+deb9u2 | mips, mipsel
linux-image-4.9.0-11-4kc-malta-dbg | 4.9.189-3+deb9u2 | mips, mipsel
loop-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
md-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
minix-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
mmc-core-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
mmc-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
mouse-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
multipath-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
nbd-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
nic-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
nic-shared-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
nic-usb-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
nic-wireless-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
ntfs-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
pata-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
ppp-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
sata-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
scsi-core-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
scsi-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
sound-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
squashfs-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
udf-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
usb-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
usb-serial-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
usb-storage-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
virtio-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
xfs-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
zlib-modules-4.9.0-11-4kc-malta-di | 4.9.189-3+deb9u2 | mips, mipsel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 08 Feb 2020 11:48:29 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
affs-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
ata-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
btrfs-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
cdrom-core-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
crc-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
crypto-dm-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
crypto-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
event-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
ext4-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
fat-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
fuse-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
hfs-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
i2c-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
input-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
isofs-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
jfs-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
kernel-image-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
linux-headers-4.9.0-11-all-mips64el | 4.9.189-3+deb9u2 | mips64el
loop-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
md-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
minix-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
mmc-core-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
mmc-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
mouse-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
multipath-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
nbd-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
nic-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
nic-shared-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
nic-usb-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
nic-wireless-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
ntfs-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
pata-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
ppp-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
sata-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
scsi-core-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
scsi-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
sound-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
squashfs-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
udf-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
usb-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
usb-serial-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
usb-storage-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
virtio-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
xfs-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
zlib-modules-4.9.0-11-5kc-malta-di | 4.9.189-3+deb9u2 | mips64el
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 08 Feb 2020 11:48:38 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
affs-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
ata-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
btrfs-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
cdrom-core-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
crc-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
crypto-dm-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
crypto-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
event-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
ext4-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
fat-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
fb-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
firewire-core-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
fuse-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
hfs-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
input-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
isofs-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
jfs-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
kernel-image-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
linux-headers-4.9.0-11-loongson-3 | 4.9.189-3+deb9u2 | mips64el, mipsel
linux-image-4.9.0-11-loongson-3 | 4.9.189-3+deb9u2 | mips64el, mipsel
linux-image-4.9.0-11-loongson-3-dbg | 4.9.189-3+deb9u2 | mips64el, mipsel
loop-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
md-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
minix-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
multipath-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
nbd-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
nfs-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
nic-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
nic-shared-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
nic-usb-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
nic-wireless-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
ntfs-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
pata-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
ppp-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
sata-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
scsi-core-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
scsi-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
sound-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
speakup-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
squashfs-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
udf-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
usb-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
usb-serial-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
usb-storage-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
virtio-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
xfs-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
zlib-modules-4.9.0-11-loongson-3-di | 4.9.189-3+deb9u2 | mips64el, mipsel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 08 Feb 2020 11:48:46 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
linux-headers-4.9.0-11-all-mipsel | 4.9.189-3+deb9u2 | mipsel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 08 Feb 2020 11:48:52 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
ata-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
btrfs-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
cdrom-core-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
crc-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
crypto-dm-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
crypto-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
event-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
ext4-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
fancontrol-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
fat-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
firewire-core-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
fuse-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
hypervisor-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
input-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
isofs-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
jfs-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
kernel-image-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
linux-headers-4.9.0-11-all-ppc64el | 4.9.189-3+deb9u2 | ppc64el
linux-headers-4.9.0-11-powerpc64le | 4.9.189-3+deb9u2 | ppc64el
linux-image-4.9.0-11-powerpc64le | 4.9.189-3+deb9u2 | ppc64el
linux-image-4.9.0-11-powerpc64le-dbg | 4.9.189-3+deb9u2 | ppc64el
loop-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
md-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
mouse-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
multipath-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
nbd-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
nic-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
nic-shared-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
ppp-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
sata-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
scsi-core-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
scsi-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
serial-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
squashfs-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
udf-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
uinput-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
usb-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
usb-serial-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
usb-storage-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
virtio-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
xfs-modules-4.9.0-11-powerpc64le-di | 4.9.189-3+deb9u2 | ppc64el
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 08 Feb 2020 11:51:07 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
libstd-rust-1.24 | 1.24.1+dfsg1-1~deb9u4 | amd64, arm64, armel, armhf, i386, ppc64el, s390x
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by rustc)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 08 Feb 2020 11:51:25 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
firefox-esr-l10n-as | 52.9.0esr-1~deb9u1 | all
firefox-esr-l10n-as | 60.9.0esr-1~deb9u1 | all
firefox-esr-l10n-bn-bd | 52.9.0esr-1~deb9u1 | all
firefox-esr-l10n-bn-bd | 60.9.0esr-1~deb9u1 | all
firefox-esr-l10n-bn-in | 52.9.0esr-1~deb9u1 | all
firefox-esr-l10n-bn-in | 60.9.0esr-1~deb9u1 | all
firefox-esr-l10n-en-za | 52.9.0esr-1~deb9u1 | all
firefox-esr-l10n-en-za | 60.9.0esr-1~deb9u1 | all
firefox-esr-l10n-mai | 52.9.0esr-1~deb9u1 | all
firefox-esr-l10n-mai | 60.9.0esr-1~deb9u1 | all
firefox-esr-l10n-ml | 52.9.0esr-1~deb9u1 | all
firefox-esr-l10n-ml | 60.9.0esr-1~deb9u1 | all
firefox-esr-l10n-or | 52.9.0esr-1~deb9u1 | all
firefox-esr-l10n-or | 60.9.0esr-1~deb9u1 | all
iceweasel-dev | 52.9.0esr-1~deb9u1 | all
iceweasel-l10n-as | 1:52.9.0esr-1~deb9u1 | all
iceweasel-l10n-as | 1:60.9.0esr-1~deb9u1 | all
iceweasel-l10n-bn-bd | 1:52.9.0esr-1~deb9u1 | all
iceweasel-l10n-bn-bd | 1:60.9.0esr-1~deb9u1 | all
iceweasel-l10n-bn-in | 1:52.9.0esr-1~deb9u1 | all
iceweasel-l10n-bn-in | 1:60.9.0esr-1~deb9u1 | all
iceweasel-l10n-en-za | 1:52.9.0esr-1~deb9u1 | all
iceweasel-l10n-en-za | 1:60.9.0esr-1~deb9u1 | all
iceweasel-l10n-mai | 1:52.9.0esr-1~deb9u1 | all
iceweasel-l10n-mai | 1:60.9.0esr-1~deb9u1 | all
iceweasel-l10n-ml | 1:52.9.0esr-1~deb9u1 | all
iceweasel-l10n-ml | 1:60.9.0esr-1~deb9u1 | all
iceweasel-l10n-or | 1:52.9.0esr-1~deb9u1 | all
iceweasel-l10n-or | 1:60.9.0esr-1~deb9u1 | all
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by firefox-esr - based on source metadata)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 08 Feb 2020 11:51:33 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
firefox-esr-dev | 52.9.0esr-1~deb9u1 | mips
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by firefox-esr - based on source metadata)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 08 Feb 2020 11:51:39 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
firefox-esr-dev | 52.9.0esr-1~deb9u1 | mipsel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by firefox-esr - based on source metadata)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 08 Feb 2020 11:51:47 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
firefox-esr-dev | 52.9.0esr-1~deb9u1 | mips64el
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by firefox-esr - based on source metadata)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 08 Feb 2020 11:52:04 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
linux-headers-4.9.0-11-common | 4.9.189-3+deb9u2 | all
linux-headers-4.9.0-11-common-rt | 4.9.189-3+deb9u2 | all
linux-support-4.9.0-11 | 4.9.189-3+deb9u2 | all
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux - based on source metadata)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 08 Feb 2020 11:53:54 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
calendar-google-provider | 1:52.9.1-1~deb9u1 | all
calendar-google-provider | 1:60.9.0-1~deb9u1 | all
icedove-dev | 1:52.9.1-1~deb9u1 | all
icedove-l10n-bn-bd | 1:52.9.1-1~deb9u1 | all
icedove-l10n-pa-in | 1:52.9.1-1~deb9u1 | all
icedove-l10n-ta-lk | 1:52.9.1-1~deb9u1 | all
iceowl-l10n-bn-bd | 1:52.9.1-1~deb9u1 | all
iceowl-l10n-pa-in | 1:52.9.1-1~deb9u1 | all
iceowl-l10n-ta-lk | 1:52.9.1-1~deb9u1 | all
lightning-l10n-bn-bd | 1:52.9.1-1~deb9u1 | all
lightning-l10n-pa-in | 1:52.9.1-1~deb9u1 | all
lightning-l10n-ta-lk | 1:52.9.1-1~deb9u1 | all
thunderbird-l10n-bn-bd | 1:52.9.1-1~deb9u1 | all
thunderbird-l10n-pa-in | 1:52.9.1-1~deb9u1 | all
thunderbird-l10n-ta-lk | 1:52.9.1-1~deb9u1 | all
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by thunderbird - based on source metadata)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 08 Feb 2020 11:54:01 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
thunderbird-dev | 1:52.9.1-1~deb9u1 | mips
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by thunderbird - based on source metadata)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 08 Feb 2020 11:54:08 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
thunderbird-dev | 1:52.9.1-1~deb9u1 | mipsel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by thunderbird - based on source metadata)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 08 Feb 2020 11:54:14 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
thunderbird-dev | 1:52.9.1-1~deb9u1 | mips64el
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by thunderbird - based on source metadata)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 08 Feb 2020 11:36:47 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
ruby-simple-form | 3.2.0-1 | source, all
Closed bugs: 941613
------------------- Reason -------------------
RoM / RoST; unused; security issues
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 08 Feb 2020 11:37:05 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
trafficserver | 7.0.0-6+deb9u2 | source, amd64, arm64, armhf, i386, mips, mips64el, mipsel, ppc64el
trafficserver-dev | 7.0.0-6+deb9u2 | amd64, arm64, armhf, i386, mips, mips64el, mipsel, ppc64el
trafficserver-experimental-plugins | 7.0.0-6+deb9u2 | amd64, arm64, armhf, i386, mips, mips64el, mipsel, ppc64el
Closed bugs: 942793
------------------- Reason -------------------
RoM / RoST; unsupportable; security issues
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 08 Feb 2020 11:37:23 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
firetray | 0.6.1+dfsg-1.2~deb9u1 | source
xul-ext-firetray | 0.6.1+dfsg-1.2~deb9u1 | all
Closed bugs: 946123
------------------- Reason -------------------
ROM; Orphaned and dead upstream, not needed any more
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 08 Feb 2020 11:37:42 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
python-lamson | 1.0pre11-1.3 | source, all
Closed bugs: 948447
------------------- Reason -------------------
RoQA; broken since python-daemon 2.0.5-1
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 08 Feb 2020 11:38:02 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
koji | 1.10.0-1+deb9u1 | source
koji-client | 1.10.0-1+deb9u1 | all
koji-common | 1.10.0-1+deb9u1 | all
koji-servers | 1.10.0-1+deb9u1 | all
Closed bugs: 950083
------------------- Reason -------------------
RoM / RoST; security issues
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 08 Feb 2020 11:38:26 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from oldstable:
libradare2-1.1 | 1.1.0+dfsg-5 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
libradare2-common | 1.1.0+dfsg-5 | all
libradare2-dev | 1.1.0+dfsg-5 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
radare2 | 1.1.0+dfsg-5 | source, amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
Closed bugs: 950693
------------------- Reason -------------------
RoST; security issues; upstream do not offer stable support
----------------------------------------------
=========================================================================
apache2 (2.4.25-3+deb9u9) stretch-security; urgency=medium
.
[ Xavier Guimard ]
* Use correct patch for CVE-2019-10092. This fixes a regression in
mod_proxy_balancer (Closes: #941202)
base-files (9.9+deb9u12) stretch; urgency=medium
.
* Change /etc/debian_version to 9.12, for Debian 9.12 point release.
bird (1.6.3-2+deb9u1) stretch-security; urgency=medium
.
* [CVE-2019-16159]: Backport the two other security fixes from BIRD 1.6.8
cacti (0.8.8h+ds1-10+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2019-17358: insufficient validation of form input leading to unsafe
unserialization operations and memory corruption (Closes: #947375).
cargo (0.35.0-2~deb9u2) stretch; urgency=medium
.
* Add correct binaries for armhf.
cargo (0.35.0-2~deb9u1) stretch; urgency=medium
.
* Backport to stretch.
* Don't use the packaged libgit, it's too old.
* Bootstrap using upstream binaries.
cargo (0.35.0-1) unstable; urgency=medium
.
* New upstream release.
cargo (0.33.0-3) unstable; urgency=medium
.
* Drop patch to capture rustc error output, it is unnecessary.
* Add upstream patch to fix typenum bug.
cargo (0.33.0-2) unstable; urgency=medium
.
* Add patch to capture rustc error output if extra-verbose.
cargo (0.33.0-1) unstable; urgency=medium
.
* New upstream release.
cargo (0.32.0-2~exp1) experimental; urgency=medium
.
* Drop patch 2007, for disabling incremental build on sparc64.
Closes: bug#917048, Thanks to John Paul Adrian Glaubitz.
cargo (0.32.0-1) unstable; urgency=medium
.
* debian-cargo-wrapper: Support DEB_CARGO_INSTALL_PREFIX for installing into
somewhere other than /usr, e.g. / or /usr/lib/cargo.
* Move dev scripts from /usr/share/cargo into /usr/share/cargo/scripts.
* Increase yet another timeout duration for slower architectures.
cargo (0.32.0-1~exp3) experimental; urgency=medium
.
[ Matt Kraai ]
* Rename bash completion script so that it's used.
.
[ Ximin Luo ]
* Further increase a timeout duration for mips.
* debian-cargo-wrapper: add --link-to-system option
cargo (0.32.0-1~exp2) experimental; urgency=medium
.
* Try to deal with the various test failures as suggested by upstream.
cargo (0.32.0-1~exp1) experimental; urgency=medium
.
[ upstream ]
* Cargo will now download crates in parallel using HTTP/2.
* You can now rename packages in your Cargo.toml We have a guide on how
to use the package key in your dependencies.
.
[ Vasudev Kamath ]
* Fix the scripts related to tarball creation
* Update unsuspicious file list for 0.32.0
* Update copyright information for 0.32.0.
* Add lintian-override for source-is-missing, for javascript file from
vendored crate documentation. File is not really shipped.
.
cargo (0.31.1-1) unstable; urgency=medium
.
* Upload 0.31.1 to unstable.
cargo (0.31.1-1) unstable; urgency=medium
.
* Upload 0.31.1 to unstable.
cargo (0.31.1-1~exp1) experimental; urgency=medium
.
[ upstream ]
* [1.30.0] Backport msys progress bar fix for stable.
.
[ Ximin Luo ]
* debian-cargo-vendor: only store differences between vendor-patches and
debcargo-conf.
.
[ Vasudev Kamath ]
* Do not delete Cargo.lock in debian-cargo-vendor script as its
referenced later in make_orig_multi.sh.
cargo (0.31.0-4) unstable; urgency=medium
.
* Don't set RUSTFLAGS in d/rules. (Closes: #914110)
cargo (0.31.0-3) unstable; urgency=medium
.
* Tweak the cargo wrapper script to be more robust.
cargo (0.31.0-2) unstable; urgency=medium
.
* Fix test failure on some architectures due to hash ordering.
* Bump libgit2 dependency version constraint. (Closes: #899038)
cargo (0.31.0-1) unstable; urgency=medium
.
* Don't run tests when doing arch-indep build.
* Fix package include/exclude tests.
cargo (0.31.0-1~exp1) experimental; urgency=medium
.
* New upstream release.
* Simplify build scripts and add a Debian wrapper for cargo.
cargo (0.30.0-1) unstable; urgency=medium
.
* Upload to unstable.
.
cargo (0.30.0-1~exp1) experimental; urgency=medium
.
[ upstream ]
* Cargo can silently fix some bad lockfiles You can use --locked to
disable this behaviour.
* cargo-install will now allow you to cross compile an install using
--target.
* Added the cargo-fix subcommand to automatically move project code from
2015 edition to 2018.
.
[ Vasudev Kamath ]
* Refresh patch 2004 for new release.
* Add openssl crates fuzz,test doc and apps file to unsuspicious list.
* debian/patches:
+ Drop patch 0774e97da3894f07ed5b6f7db175027a9bc4718b.patch for adding
cross compile support. Its merged upstream.
+ Refresh patch 2001 to newer version of libgit2-sys.
+ Refresh patch 2003 to newer version of libssh2-sys.
+ Drop patch 1001 which is merged upstream.
+ Refresh patch 2005 and 2007 to remove fuzz.
+ Refresh patch 2002 with newer release.
* debian/control:
+ Mark package compliance with Debian policy 4.2.1.
* Update copyright information for new release.
* debian/rules:
+ Use DEB_BUILD_OPTIONS to disable tests on powerpc and powerpcspe
architecture.
Closes: bug#908961, Thanks to Helmut Grohne.
cargo (0.30.0-1~exp1) experimental; urgency=medium
.
[ upstream ]
* Cargo can silently fix some bad lockfiles You can use --locked to
disable this behaviour.
* cargo-install will now allow you to cross compile an install using
--target.
* Added the cargo-fix subcommand to automatically move project code from
2015 edition to 2018.
.
[ Vasudev Kamath ]
* Refresh patch 2004 for new release.
* Add openssl crates fuzz,test doc and apps file to unsuspicious list.
* debian/patches:
+ Drop patch 0774e97da3894f07ed5b6f7db175027a9bc4718b.patch for adding
cross compile support. Its merged upstream.
+ Refresh patch 2001 to newer version of libgit2-sys.
+ Refresh patch 2003 to newer version of libssh2-sys.
+ Drop patch 1001 which is merged upstream.
+ Refresh patch 2005 and 2007 to remove fuzz.
+ Refresh patch 2002 with newer release.
* debian/control:
+ Mark package compliance with Debian policy 4.2.1.
* Update copyright information for new release.
* debian/rules:
+ Use DEB_BUILD_OPTIONS to disable tests on powerpc and powerpcspe
architecture.
Closes: bug#908961, Thanks to Helmut Grohne.
cargo (0.29.0-1) unstable; urgency=medium
.
* Merge changes of 0.28.0-2, which was missed in first release of 0.29.0
* Upload to unstable.
* Refresh patch for `install --target` feature for release 0.29.0
.
cargo (0.29.0-1~exp1) experimental; urgency=medium
.
[ upstream ]
* Cargo will now no longer allow you to publish crates with build
scripts that modify the src directory. The src directory in a crate
should be considered to be immutable.
.
[ Vasudev Kamath ]
* Update unsuspicious text for new release 0.29.0
* Change pattern for embedded zlib
* debian/patches:
+ Refresh patches 2001, 2002, 2003, 2004 to work with new release and
new vendor files.
+ Add patch 1001 to fix deprecated warnings on usage of "casues" from
failure crate,
* Update copyright information for new release.
* Make package compliant with policy 4.2.0.
cargo (0.29.0-1~exp1) experimental; urgency=medium
.
[ upstream ]
* Cargo will now no longer allow you to publish crates with build
scripts that modify the src directory. The src directory in a crate
should be considered to be immutable.
.
[ Vasudev Kamath ]
* Update unsuspicious text for new release 0.29.0
* Change pattern for embedded zlib
* debian/patches:
+ Refresh patches 2001, 2002, 2003, 2004 to work with new release and
new vendor files.
+ Add patch 1001 to fix deprecated warnings on usage of "casues" from
failure crate,
* Update copyright information for new release.
* Make package compliant with policy 4.2.0.
cargo (0.28.0-2) unstable; urgency=medium
.
* Re-add `install --target` functionality, needed by dh-cargo.
cargo (0.28.0-1) unstable; urgency=medium
.
* Upload to unstable
.
cargo (0.28.0-1~exp3) experimental; urgency=medium
.
* Disable incremental compilation tests on sparc64 architecture.
Closes: bug#905623, Thanks to John Paul Adrian Glaubitz.
.
cargo (0.28.0-1~exp2) experimental; urgency=medium
.
* Add patch 2005 to disable fetch_platform_specific_dependencies unit
tests. Upstream issue #5864.
.
cargo (0.28.0-1~exp1) experimental; urgency=medium
.
[ upstream ]
* cargo-metadata now includes authors, categories, keywords, readme, and
repository fields.
* cargo-metadata now includes a package's metadata table.
* Added the --target-dir optional argument. This allows you to specify a
different directory than target for placing compilation artifacts.
* Cargo will be adding automatic target inference for binaries,
benchmarks, examples, and tests in the Rust 2018 edition. If your
project specifies specific targets e.g. using [[bin]] and have other
binaries in locations where cargo would infer a binary, Cargo will
produce a warning. You can disable this feature ahead of time by
setting any of the following autobins, autobenches, autoexamples,
autotests to false.
* Cargo will now cache compiler information. This can be disabled by
setting CARGO_CACHE_RUSTC_INFO=0 in your environment.
.
[ Sylvestre Ledru ]
* Update of the alioth ML address.
.
[ Vasudev Kamath ]
* Update README.source to mention preferred way of upload.
* Update unsuspicious files for new release.
* debian/patches:
+ Refresh patch 2007 for new release.
+ Refresh patch 2001 for new version of libgit2-sys
+ Drop patch 2008 as its merged upstream.
+ Add patch 2003 for forcing use of libssh2 from system, which was now
controlled by environment variable.
* debian/copyright:
+ Update copyright information for new release.
* Mark package compliance with Debian Policy 4.1.5.
cargo (0.28.0-1~exp3) experimental; urgency=medium
.
* Disable incremental compilation tests on sparc64 architecture.
Closes: bug#905623, Thanks to John Paul Adrian Glaubitz.
cargo (0.28.0-1~exp2) experimental; urgency=medium
.
* Add patch 2005 to disable fetch_platform_specific_dependencies unit
tests. Upstream issue #5864.
cargo (0.28.0-1~exp1) experimental; urgency=medium
.
[ upstream ]
* cargo-metadata now includes authors, categories, keywords, readme, and
repository fields.
* cargo-metadata now includes a package's metadata table.
* Added the --target-dir optional argument. This allows you to specify a
different directory than target for placing compilation artifacts.
* Cargo will be adding automatic target inference for binaries,
benchmarks, examples, and tests in the Rust 2018 edition. If your
project specifies specific targets e.g. using [[bin]] and have other
binaries in locations where cargo would infer a binary, Cargo will
produce a warning. You can disable this feature ahead of time by
setting any of the following autobins, autobenches, autoexamples,
autotests to false.
* Cargo will now cache compiler information. This can be disabled by
setting CARGO_CACHE_RUSTC_INFO=0 in your environment.
.
[ Sylvestre Ledru ]
* Update of the alioth ML address.
.
[ Vasudev Kamath ]
* Update README.source to mention preferred way of upload.
* Update unsuspicious files for new release.
* debian/patches:
+ Refresh patch 2007 for new release.
+ Refresh patch 2001 for new version of libgit2-sys
+ Drop patch 2008 as its merged upstream.
+ Add patch 2003 for forcing use of libssh2 from system, which was now
controlled by environment variable.
* debian/copyright:
+ Update copyright information for new release.
* Mark package compliance with Debian Policy 4.1.5.
cargo (0.27.0-2) unstable; urgency=medium
.
* Support cross-compile install (upstream PR #5614).
cargo (0.27.0-1) unstable; urgency=medium
.
* Upload to unstable.
.
cargo (0.27.0-1~exp1) experimental; urgency=medium
.
[ upstream ]
* Cargo will now output path to custom commands when -v is passed with
--list.
* Cargo binary version is now same as the Rust version.
* Cargo.lock files are now included in published crates.
.
[ Vasudev Kamath ]
* Update patch 2004 for the new release.
* Add files from clap and vec_map to unsuspicious list.
* debian/patches:
+ Update path to libgit2-sys in patch 2001.
+ Adjust file name and paths to test files to be patched in patch
2002.
+ Drop all unused imports and comment out functions not just drop
#[test] in patch 2002.
+ Drop patch 1001 as its now part of new cargo release.
+ Refresh patch 2007.
* debian/copyright:
+ Update copyright information for new vendored crates.
cargo (0.27.0-1~exp1) experimental; urgency=medium
.
[ upstream ]
* Cargo will now output path to custom commands when -v is passed with
--list.
* Cargo binary version is now same as the Rust version.
* Cargo.lock files are now included in published crates.
.
[ Vasudev Kamath ]
* Update patch 2004 for the new release.
* Add files from clap and vec_map to unsuspicious list.
* debian/patches:
+ Update path to libgit2-sys in patch 2001.
+ Adjust file name and paths to test files to be patched in patch
2002.
+ Drop all unused imports and comment out functions not just drop
#[test] in patch 2002.
+ Drop patch 1001 as its now part of new cargo release.
+ Refresh patch 2007.
* debian/copyright:
+ Update copyright information for new vendored crates.
cargo (0.26.0-1) unstable; urgency=medium
.
* Upload to unstable.
.
cargo (0.26.0-1~exp1) experimental; urgency=medium
.
[upstream]
* cargo new now defaults to create binary crate instead of library
crate.
* cargo new will no longer name crates with name starting with rust- or
ending with -rs.
* cargo doc is faster as it uses cargo check instead of full rebuild.
.
[Vasudev Kamath]
* Refresh the patch 2004 against newer Cargo.toml
* Mark package compliance with Debian Policy 4.1.4
* debian/patches:
+ Drop patch 2003 and 2005, the doc should be built from source using
mdbook.
+ Drop patch 2006, the wasm32 related test seems to be dropped
upstream.
+ Drop patch 1002, merged upstream.
+ Add tests/generate_lock_file.rs to patch 2002 to disable
no_index_update test, this tries to access network.
+ Refresh patch 1001 with new upstream release.
* debian/rules: disable execution of src/ci/dox.sh, this script is no
longer present in new release.
* debian/copyright:
+ Add copyright for humantime crate.
+ Add copyright for lazycell crate.
+ Add copyright for quick-error crate
+ Add copyright for proc-macro2 crate.
cargo (0.26.0-1~exp1) experimental; urgency=medium
.
[upstream]
* cargo new now defaults to create binary crate instead of library
crate.
* cargo new will no longer name crates with name starting with rust- or
ending with -rs.
* cargo doc is faster as it uses cargo check instead of full rebuild.
.
[Vasudev Kamath]
* Refresh the patch 2004 against newer Cargo.toml
* Mark package compliance with Debian Policy 4.1.4
* debian/patches:
+ Drop patch 2003 and 2005, the doc should be built from source using
mdbook.
+ Drop patch 2006, the wasm32 related test seems to be dropped
upstream.
+ Drop patch 1002, merged upstream.
+ Add tests/generate_lock_file.rs to patch 2002 to disable
no_index_update test, this tries to access network.
+ Refresh patch 1001 with new upstream release.
* debian/rules: disable execution of src/ci/dox.sh, this script is no
longer present in new release.
* debian/copyright:
+ Add copyright for humantime crate.
+ Add copyright for lazycell crate.
+ Add copyright for quick-error crate
+ Add copyright for proc-macro2 crate.
cargo (0.25.0-3) unstable; urgency=medium
.
[ Ximin Luo ]
* Update Vcs-* fields to salsa
.
[ Vasudev Kamath ]
* Add patch to prevent incremental builds on sparc64.
Closes: bug#895300, Thanks to John Paul Adrian Glaubitz.
clamav (0.102.1+dfsg-0+deb9u2) stretch; urgency=medium
.
* clamav-daemon: Correct error from ScanOnAccess option removal so that
setting LogFile options via DebConf works again (Closes: #950296)
.
clamav (0.102.1+dfsg-0+deb9u1) stretch; urgency=medium
.
* Import 0.102.1 (Closes: #945265)
- CVE-2019-15961 (A Denial-of-Service as a result of excessively long scan
times).
- Let freshclam show progress during download (Closes: #690789).
* Update symbol file.
* Add libfreshclam to the libclamav9 package.
* Add the clamonacc binary to the clamav-daemon package.
* Drop ScanOnAccess option. The clamonacc provides this functionality.
clamav (0.102.1+dfsg-0+deb9u1) stretch; urgency=medium
.
* Import 0.102.1 (Closes: #945265)
- CVE-2019-15961 (A Denial-of-Service as a result of excessively long scan
times).
- Let freshclam show progress during download (Closes: #690789).
* Update symbol file.
* Add libfreshclam to the libclamav9 package.
* Add the clamonacc binary to the clamav-daemon package.
* Drop ScanOnAccess option. The clamonacc provides this functionality.
clamav (0.101.4+dfsg-1) unstable; urgency=medium
.
* Import 0.101.4
- CVE-2019-12625 (Add scan time limit to limit the processing zip-bombs)
(Closes:934359)
- CVE-2019-12900 (An out of bounds write was possible within ClamAV's
NSIS bzip)
- update symbols file (bump to 101.4 and drop unused cli_strnstr).
clamav (0.101.4+dfsg-0+deb10u1) buster; urgency=medium
.
* Import 0.101.4
- CVE-2019-12625 (Add scan time limit to limit the processing zip-bombs)
(Closes:934359)
- CVE-2019-12900 (An out of bounds write was possible within ClamAV's
NSIS bzip)
- update symbols file (bump to 101.4 and drop unused cli_strnstr).
cups (2.2.1-8+deb9u5) stretch; urgency=medium
.
* Backport upstream security fix:
- CVE-2019-2228: The `ippSetValuetag` function did not validate the
default language value (Closes: #946782)
cyrus-imapd (2.5.10-3+deb9u2) stretch-security; urgency=medium
.
* Add patch to avoid mailbox creation as administrator
(Closes: #CVE-2019-19783)
cyrus-sasl2 (2.1.27~101-g0780600+dfsg-3+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Off-by-one in _sasl_add_string function (CVE-2019-19906) (Closes: #947043)
davical (1.1.5-1+deb9u1) stretch-security; urgency=high
.
* Fix three cross-site scripting and cross-site request forgery
vulnerabilities in the web administration front-end:
CVE-2019-18345 CVE-2019-18346 CVE-2019-18347 (closes: #946343)
debian-edu-config (1.929+deb9u4) stretch-security; urgency=high
.
* Security fix for CVE-2019-3467
.
[ Wolfgang Schweer ]
* share/debian-edu-config/tools/kerberos-kdc-init:
- Set proper rights for users in kadm5.acl file. (Closes: #946797)
* Adjust debian/debian-edu-config.postinst to fix kadm5.acl upon upgrades.
.
[ Holger Levsen ]
* Improve debian/debian-edu-config.postinst fix to only run once on
upgrades.
.
[ Dominik George ]
* Add NEWS to warn administrators with possible local changes.
debian-installer (20170615+deb9u8) stretch; urgency=medium
.
[ Samuel Thibault ]
* build/util/grub-gencfg: Set gfxpayload=keep in submenus too, to fix
unreadable fonts on hidpi displays in netboot images booted with EFI.
(See: #935546)
.
[ Cyril Brulebois ]
* Bump linux ABI to 4.9.0-12.
* Update USE_UDEBS_FROM default from unstable to stretch; debian/rules
uses heuristics to set the right value anyway, but that should help
users perform local builds without having to know about those
heuristics. Thanks to Carsten Schoenert for the report.
debian-installer-netboot-images (20170615+deb9u8) stretch; urgency=medium
.
* Update to 20170615+deb9u8 images, from stretch-proposed-updates
debian-lan-config (0.23+deb9u1) stretch-security; urgency=high
.
* Fix kadmin access rules.
* Add NEWS file.
debian-security-support (2019.12.12~deb9u2) stretch-security; urgency=medium
.
* Rebuild for stretch-security.
* Use debian/compat and depends on debhelper to support building on stretch.
debian-security-support (2019.11.16) unstable; urgency=medium
.
* Add chromium to security-support-ended.deb9.
* d/rules: update to NEXT_VERSION_ID=11.
debian-security-support (2019.11.15) unstable; urgency=medium
.
* Team upload.
* Add libqb to security-support-ended.deb8.
debian-security-support (2019.11.01) unstable; urgency=medium
.
* Remove nodejs from security-support-limited as it is supported since the
Buster release. Closes: #931376.
* Add empty security-support-ended.deb11 file.
* check-support-status.in: set DEB_NEXT_VER_ID=11.
debian-security-support (2019.10.31) unstable; urgency=medium
.
* Mark nodejs only suitable for trusted content. Closes: #931376.
* Add nasm-mozilla and nodejs-mozilla to security-support-ended.deb8
and security-support-ended.deb9 as they are only provided as build
dependency for Firefox/Thunderbird >= 68. Closes: #943365.
* Bump standards version to 4.4.1, no changes needed.
debian-security-support (2019.06.13) unstable; urgency=medium
.
[ Emilio Pozuelo Monfort ]
* Add mysql-5.5 to security-support-ended.deb8.
.
* Translation updates:
- Danish, thanks to Joe Dalton. Closes: #929941.
- Czech, thanks to Michal Simunek. Closes: #930384.
- this means all included translations are uptodate, yay!
debian-security-support (2019.06.01) unstable; urgency=medium
.
* New translations:
- Swedish, thanks to Andreas Ronnquist. Closes: #929401.
- Dutch, thanks to Frans Spiesschaert. Closes: #929809.
* Translation updates:
- Russian, thanks to Yuri Kozlov. Closes: #929384.
- Japanese, thanks to Shinichi Sakata and victory.
- Portuguese, thanks to Américo Monteiro. Closes: #929404.
- Polish, thanks to Åukasz Dulny.
- Brasilian Portuguese, thanks to Adriano Rafael Gomes. Closes: #929765.
- Italian, thanks to Beatrice Torracca. Closes: #929812.
debian-security-support (2019.05.22) unstable; urgency=medium
.
* Mark jasperreports as end-of-life in Stretch as well. Closes: #884907.
* Explain in comments to check-support-status.hook and postinst that code
needs to be present in both files as the hook could be run before
postinst. #928968 has a longer explanation why and is used for tracking
that this will be properly fixed eventually.
debian-security-support (2019.05.14) unstable; urgency=medium
.
* check-support-status.in: don't fail if security-support-ended.debX does
not exist for the release d-s-s is running on. Closes: #927450.
* postinst and check-support-status.hook: add code to create the d-s-s
user's home directory if it doesn't exist, as schroot copies /etc/passwd
from the host without creating the user home directories. Closes: #928204.
Thanks to Santiago Vila.
* d/control: set myself as maintainer to formally adopt the package and drop
Christoph Biedl on his request. Many thanks for creating this package and
maintaining it, Christoph!
debian-security-support (2019.04.25) unstable; urgency=medium
.
* Team upload.
.
[ Moritz Muehlenhoff ]
* Remove mozjs17 from security-support-limited, long gone, add
mozjs52 and mozjs60 instead.
* Remove webkitgtk from security-support-limited, covered by security
support now.
* Remove xulrunner from security-support-limited, long gone.
* Mark binutils as not covered by security support.
.
[ Holger Levsen ]
* check-support-status.in: set latest supported version to Debian 10 /
Buster. Closes: #927450.
* Add empty security-support-ended.deb10 file.
* Drop security-support-ended.deb6 as we don't support Squeeze anymore.
debian-security-support (2019.02.02) unstable; urgency=medium
.
* Team upload.
.
[ Markus Koschany ]
* Mark spice-xpi as end-of-life for Jessie.
* Add edk2 to security-support-ended.deb8
* Add robocode to security-support-ended.deb8
.
[ Salvatore Bonaccorso ]
* Mark qtwebengine-opensource-src as limited-support.
Thanks to Benjamin Barenblat <bbaren@debian.org> (Closes: #926179)
dehydrated (0.6.2-2+deb10u1~deb9u1) stretch; urgency=medium
.
* Backport 0.6.2-2 from buster into stretch.
+ In the process, retain the letsencrypt.sh compatibility binaries.
+ Also, revert debhelper compat bump and Multi-Arch field.
+ Add a NEWS item regarding the default ACME endpoint change.
.
dehydrated (0.6.2-2+deb10u1) buster; urgency=medium
.
* Add three more patches from upstream.
Fixing the following bug:
+ Fixed fetching of account information.
+ Followup fixes for account ID handling, and APIv1 compatibility.
.
dehydrated (0.6.2-2) unstable; urgency=medium
.
* Add a number of patches from upstream.
Fixing the following bugs:
+ HTTP/2 support, where header names are lowercase
+ Avoid over matching, checking for the Replay-Nonce header only at BOL
+ A bug causing deletion of domains.txt when incorrect parameters are used
+ Document the DOMAINS_D config option
+ Impoent POST-as-GET, for the upcoming change in LE's API
+ Document PRIVATE_KEY_ROLLOVER per-cert config option
* d/control: bump Standards-Version to 4.3.0, no changes needed.
.
dehydrated (0.6.2-1) unstable; urgency=medium
.
* New upstream release 0.6.2.
* Remove all patches - applied upstream.
* d/control: update Homepage field.
.
dehydrated (0.6.1-2) unstable; urgency=medium
.
* Add patch from upstream to not duplicate the intermediate cert in the
fullchain.pem. Closes: #896697
* d/control:
+ Bump Standards-Version to 4.1.4, no changes needed.
+ Update maintainer address to use the tracker.debian.org team.
.
dehydrated (0.6.1-1) unstable; urgency=low
.
* New upstream release 0.6.1.
Note: this release changes the default CA to use the ACMEv2 endpoint of
Let's Encrypt (previously it used the ACMEv1 endpoint).
Notable news of this realease is the support for wildcard certificates.
* d/patches:
- Remove patch present in the new upstream release.
- Add patch from upstream to have the example config reflect reality.
* d/copyright: Update.
* d/dehydrated.manapges: Update the path.
* Add a closes: to the previous changelog entry.
.
dehydrated (0.5.0-2) unstable; urgency=medium
.
* Add patch from upstream to follow redirects on HTTP GET.
This fixes an error when creating the fullchain.pem after the LE API
introduced a new redirect. Closes: #892723
.
dehydrated (0.5.0-1) unstable; urgency=medium
.
* New upstream release 0.5.0.
* d/control:
+ Mark dehydrated as Multi-Arch:foreign.
+ Bump Standards-Version to 4.1.3, no changes needed.
+ Set Rules-Requires-Root:no.
+ Change Vcs-* fields to point to Salsa.
+ Change homepage to https://dehydrated.de.
* d/rules:
+ Remove simple get-orig-source target just calling uscan.
+ Avoid gz-compressing the example config file.
* d/copyright: update.
* Bump debhelper compat version to 11.
* Drop lintian override for a false positive now fixed in lintian.
* Ship the new manpage from upstream instead of our auto-generated one.
.
dehydrated (0.4.0-2) unstable; urgency=medium
.
* Upload to unstable.
.
dehydrated (0.4.0-1) experimental; urgency=medium
.
* Import new upstream release 0.4.0.
* Drop all Debian patches.
They are either applied upstream, or related to some past migration
we're not dropping support for.
* Drop letsencrypt.sh and letsencrypt.sh-apache2 transitional packages.
dehydrated (0.6.2-2+deb10u1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
dehydrated (0.6.2-2+deb10u1) buster; urgency=medium
.
* Add three more patches from upstream.
Fixing the following bug:
+ Fixed fetching of account information. Closes: #934039
+ Followup fixes for account ID handling, and APIv1 compatibility.
dehydrated (0.6.2-2) unstable; urgency=medium
.
* Add a number of patches from upstream.
Fixing the following bugs:
+ HTTP/2 support, where header names are lowercase
+ Avoid over matching, checking for the Replay-Nonce header only at BOL
+ A bug causing deletion of domains.txt when incorrect parameters are used
+ Document the DOMAINS_D config option
+ Impoent POST-as-GET, for the upcoming change in LE's API
+ Document PRIVATE_KEY_ROLLOVER per-cert config option
* d/control: bump Standards-Version to 4.3.0, no changes needed.
dehydrated (0.6.2-2~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
dehydrated (0.6.2-2) unstable; urgency=medium
.
* Add a number of patches from upstream.
Fixing the following bugs:
+ HTTP/2 support, where header names are lowercase
+ Avoid over matching, checking for the Replay-Nonce header only at BOL
+ A bug causing deletion of domains.txt when incorrect parameters are used
+ Document the DOMAINS_D config option
+ Impoent POST-as-GET, for the upcoming change in LE's API
+ Document PRIVATE_KEY_ROLLOVER per-cert config option
* d/control: bump Standards-Version to 4.3.0, no changes needed.
dehydrated (0.6.2-1) unstable; urgency=medium
.
* New upstream release 0.6.2.
* Remove all patches - applied upstream.
* d/control: update Homepage field.
dehydrated (0.6.2-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
dehydrated (0.6.2-1) unstable; urgency=medium
.
* New upstream release 0.6.2.
* Remove all patches - applied upstream.
* d/control: update Homepage field.
dehydrated (0.6.1-2) unstable; urgency=medium
.
* Add patch from upstream to not duplicate the intermediate cert in the
fullchain.pem. Closes: #896697
* d/control:
+ Bump Standards-Version to 4.1.4, no changes needed.
+ Update maintainer address to use the tracker.debian.org team.
dehydrated (0.6.1-2~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
dehydrated (0.6.1-2) unstable; urgency=medium
.
* Add patch from upstream to not duplicate the intermediate cert in the
fullchain.pem. Closes: #896697
* d/control:
+ Bump Standards-Version to 4.1.4, no changes needed.
+ Update maintainer address to use the tracker.debian.org team.
dehydrated (0.6.1-1) unstable; urgency=low
.
* New upstream release 0.6.1.
Note: this release changes the default CA to use the ACMEv2 endpoint of
Let's Encrypt (previously it used the ACMEv1 endpoint).
Notable news of this realease is the support for wildcard certificates.
* d/patches:
- Remove patch present in the new upstream release.
- Add patch from upstream to have the example config reflect reality.
* d/copyright: Update.
* d/dehydrated.manapges: Update the path.
* Add a closes: to the previous changelog entry.
dehydrated (0.6.1-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
dehydrated (0.6.1-1) unstable; urgency=low
.
* New upstream release 0.6.1.
Note: this release changes the default CA to use the ACMEv2 endpoint of
Let's Encrypt (previously it used the ACMEv1 endpoint).
Notable news of this realease is the support for wildcard certificates.
* d/patches:
- Remove patch present in the new upstream release.
- Add patch from upstream to have the example config reflect reality.
* d/copyright: Update.
* d/dehydrated.manapges: Update the path.
* Add a closes: to the previous changelog entry.
dehydrated (0.5.0-2) unstable; urgency=medium
.
* Add patch from upstream to follow redirects on HTTP GET.
This fixes an error when creating the fullchain.pem after the LE API
introduced a new redirect.
dehydrated (0.5.0-2~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
dehydrated (0.5.0-2) unstable; urgency=medium
.
* Add patch from upstream to follow redirects on HTTP GET.
This fixes an error when creating the fullchain.pem after the LE API
introduced a new redirect.
dehydrated (0.5.0-1) unstable; urgency=medium
.
* New upstream release 0.5.0.
* d/control:
+ Mark dehydrated as Multi-Arch:foreign.
+ Bump Standards-Version to 4.1.3, no changes needed.
+ Set Rules-Requires-Root:no.
+ Change Vcs-* fields to point to Salsa.
+ Change homepage to https://dehydrated.de.
* d/rules:
+ Remove simple get-orig-source target just calling uscan.
+ Avoid gz-compressing the example config file.
* d/copyright: update.
* Bump debhelper compat version to 11.
* Drop lintian override for a false positive now fixed in lintian.
* Ship the new manpage from upstream instead of our auto-generated one.
dehydrated (0.5.0-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
dehydrated (0.5.0-1) unstable; urgency=medium
.
* New upstream release 0.5.0.
* d/control:
+ Mark dehydrated as Multi-Arch:foreign.
+ Bump Standards-Version to 4.1.3, no changes needed.
+ Set Rules-Requires-Root:no.
+ Change Vcs-* fields to point to Salsa.
+ Change homepage to https://dehydrated.de.
* d/rules:
+ Remove simple get-orig-source target just calling uscan.
+ Avoid gz-compressing the example config file.
* d/copyright: update.
* Bump debhelper compat version to 11.
* Drop lintian override for a false positive now fixed in lintian.
* Ship the new manpage from upstream instead of our auto-generated one.
dehydrated (0.4.0-2) unstable; urgency=medium
.
* Upload to unstable.
dehydrated (0.4.0-2~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
dehydrated (0.4.0-2) unstable; urgency=medium
.
* Upload to unstable.
.
dehydrated (0.4.0-1) experimental; urgency=medium
.
* Import new upstream release 0.4.0.
* Drop all Debian patches.
They are either applied upstream, or related to some past migration
we're not dropping support for.
* Drop letsencrypt.sh and letsencrypt.sh-apache2 transitional packages.
dehydrated (0.4.0-1) experimental; urgency=medium
.
* Import new upstream release 0.4.0.
* Drop all Debian patches.
They are either applied upstream, or related to some past migration
we're not dropping support for.
* Drop letsencrypt.sh and letsencrypt.sh-apache2 transitional packages.
dehydrated (0.3.1-3+deb9u3) stretch; urgency=medium
.
* Add patch from upstream to fix cert renewal when using HTTP/2.
Closes: #941414
dispmua (1.8.4.6-1~deb9u1) stretch; urgency=medium
.
* Team upload
* Backport to Stretch in order to make dispmua compatible with Thunderbird
68.x again. (Closes: #943584)
* Revert to compat level 10.
dispmua (1.8.2-1) unstable; urgency=medium
.
* [1834f9b] New upstream version 1.8.2
* [d3aed37] switch to debhelper 10
* [32068a7] bump up Standards-Version to 4.3.0
* [c6a2c9d] change VCS fields to new git location (salsa)
dpdk (16.11.11-1+deb9u1) stretch; urgency=medium
.
* New upstream version 16.11.11
* https://mails.dpdk.org/archives/announce/2019-November/000297.html
* Fixes CVE-2019-14818
* Fixes vhost regression introduced by 16.11.10 and CVE fix
* Drop patches merged in 16.11.10
dpdk (16.11.9-1+deb9u2) stretch-security; urgency=high
.
* Backport patches to fix CVE-2019-14818. A denial of service security
issue has been found in the Vhost PMD.
e2fsprogs (1.43.4-2+deb9u1) stretch-security; urgency=high
.
* Fix CVE-2019-5094: potential buffer overrun in e2fsck (Closes: #941139)
exim4 (4.89-2+deb9u6) stretch-security; urgency=high
.
* 85_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch Fix SNI
related buffer overflow. CVE-2019-15846
expat (2.2.0-2+deb9u3) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* xmlparse.c: Deny internal entities closing the doctype (CVE-2019-15903)
(Closes: #939394)
faad2 (2.8.0~cvs20161113-1+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2018-20357, CVE-2018-20359, CVE-2018-20197, CVE-2018-20194,
CVE-2018-19503, CVE-2018-20361: multiple memory corruption vulnerabilities
caused by insufficiently sanitized frequency band borders.
* CVE-2018-20358, CVE-2018-20362, CVE-2018-19504, CVE-2018-20195,
CVE-2018-20198: multiple memory corruption vulnerabilities caused by syntax
element inconsistencies (implicit channel mapping reconfiguration).
* CVE-2019-15296: buffer overflow in faad_resetbits.
* CVE-2018-19502: heap based buffer overfow in excluded_channels
(libfaad/syntax.c) (Closes: #914641).
fence-agents (4.0.25-1+deb9u2) stretch; urgency=medium
.
* Update patch for removing fence_amt_ws (Closes: #934519)
fig2dev (1:3.2.6a-2+deb9u3) stretch; urgency=medium
.
* 41_CVE-2019-19555: Allow Fig v2 text strings ending with multiple ^A.
This fixes CVE-2019-19555 (Closes: #946176).
file (1:5.30-1+deb9u3) stretch-security; urgency=high
.
* Cherry-pick commit to restrict the number of CDF_VECTOR elements.
Closes: #942830 [CVE-2019-18218]
file-roller (3.22.3-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Path traversal vulnerability (CVE-2019-16680)
firefox-esr (68.4.1esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fix for mfsa2020-03, also known as CVE-2019-17026.
firefox-esr (68.4.0esr-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2020-02, also known as:
CVE-2019-17015, CVE-2019-17016, CVE-2019-17017, CVE-2019-17021,
CVE-2019-17022, CVE-2019-17024.
.
* debian/rules: Don't build with --compress-debug-sections on jessie.
* debian/rules: Use sourcestamp.txt for MOZ_BUILD_DATE. Closes: #946193.
.
* sourcestamp.txt: Fill with the missing info.
* intl/icu_sources_data.py: Don't build ICU in parallel.
* gfx/skia/skia/third_party/skcms/src/Transform_inl.h: Work around older
GCC ICEs on arm.
(Thanks Emilio Pozuelo Monfort)
firefox-esr (68.4.0esr-1~deb10u1) buster-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2020-02, also known as:
CVE-2019-17015, CVE-2019-17016, CVE-2019-17017, CVE-2019-17021,
CVE-2019-17022, CVE-2019-17024.
.
* debian/rules: Don't build with --compress-debug-sections on jessie.
* debian/rules: Use sourcestamp.txt for MOZ_BUILD_DATE. Closes: #946193.
.
* sourcestamp.txt: Fill with the missing info.
* intl/icu_sources_data.py: Don't build ICU in parallel.
* gfx/skia/skia/third_party/skcms/src/Transform_inl.h: Work around older
GCC ICEs on arm.
(Thanks Emilio Pozuelo Monfort)
firefox-esr (68.4.0esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2020-02, also known as:
CVE-2019-17015, CVE-2019-17016, CVE-2019-17017, CVE-2019-17021,
CVE-2019-17022, CVE-2019-17024.
.
* debian/rules: Don't build with --compress-debug-sections on jessie.
* debian/rules: Use sourcestamp.txt for MOZ_BUILD_DATE. Closes: #946193.
.
* sourcestamp.txt: Fill with the missing info.
firefox-esr (68.3.0esr-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2019-37, also known as:
CVE-2019-17008, CVE-2019-11745, CVE-2019-17010, CVE-2019-17005,
CVE-2019-17011, CVE-2019-17012.
.
* debian/control*: Bump nss build dependencies.
* debian/rules, debian/control.in:
- Build with nodejs-mozilla on jessie and stretch.
- Build with nasm-mozilla on jessie and stretch.
- Don't build with system libvpx on stretch.
(Thanks Emilio Pozuelo Monfort)
firefox-esr (68.3.0esr-1~deb10u1) buster-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2019-37, also known as:
CVE-2019-17008, CVE-2019-11745, CVE-2019-17010, CVE-2019-17005,
CVE-2019-17011, CVE-2019-17012.
.
* debian/control*: Bump nss build dependencies.
* debian/rules, debian/control.in:
- Build with nodejs-mozilla on jessie and stretch.
- Build with nasm-mozilla on jessie and stretch.
- Don't build with system libvpx on stretch.
(Thanks Emilio Pozuelo Monfort)
firefox-esr (68.3.0esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2019-37, also known as:
CVE-2019-17008, CVE-2019-11745, CVE-2019-17010, CVE-2019-17005,
CVE-2019-17011, CVE-2019-17012.
.
* debian/control.in: Bump nss build dependencies.
* intl/icu_sources_data.py:
- Revert change from 68.2.0esr-1~deb9u2.
- Don't build ICU in parallel.
* gfx/skia/skia/third_party/skcms/src/Transform_inl.h: Work around
GCC ICEs on arm.
(Thanks Emilio Pozuelo Monfort)
firefox-esr (68.2.0esr-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2019-33, also known as:
CVE-2019-15903, CVE-2019-11757, CVE-2019-11758, CVE-2019-11759,
CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763,
CVE-2019-11764.
firefox-esr (68.2.0esr-1~deb10u1) buster-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2019-33, also known as:
CVE-2019-15903, CVE-2019-11757, CVE-2019-11758, CVE-2019-11759,
CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763,
CVE-2019-11764.
.
firefox-esr (68.1.0esr-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2019-26, also known as
CVE-2019-11746, CVE-2019-11744, CVE-2019-11742, CVE-2019-11752,
CVE-2019-9812, CVE-2019-11743, CVE-2019-11748, CVE-2019-11749,
CVE-2019-11750, CVE-2019-11738, CVE-2019-11747, CVE-2019-11735,
CVE-2019-11740.
.
* debian/upstream.mk: Read source repo and revision from json when
getting upstream info. Instead of the .txt file that doesn't exist
as of 69.
* debian/control*:
- Remove unused build dependency against python-ply.
- Remove python-minimal build dependency. All supported versions
of Debian have a new enough version.
* debian/l10n/gen, debian/latest_nightly.py, debian/rules,
debian/symbols.mk, debian/upstream.mk, debian/watch: Use explicit
python2.7 instead of python.
.
firefox-esr (68.0.2esr-1) unstable; urgency=medium
.
* New upstream ESR release.
.
firefox (68.0.2-3) unstable; urgency=medium
.
* debian/control.in: Take source package name from preprocessing.
.
* build/moz.configure/old.configure: Avoid race condition creating
old-configure. bz#1574761.
* dom/media/systemservices/CamerasChild.cpp,
dom/media/systemservices/CamerasParent.cpp,
dom/media/systemservices/VideoEngine.cpp,
dom/media/webrtc/MediaEngineRemoteVideoSource.cpp: Don't use
__PRETTY_FUNCTION__ or __FUNCTION__ as format strings. bz#1531309.
Closes: #925680.
.
firefox (68.0.2-2) unstable; urgency=medium
.
* debian/rules: Fix MOZ_APP_REMOTINGNAME. Upstream build system changes
made the config.status editing trick stop working. Export the variable for
configure to pick it instead. Closes: #932256
.
firefox (68.0.2-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2019-24, also known as CVE-2019-11733.
.
* debian/control*, debian/rules: Don't build against system vpx >= 1.8.0.
It has API changes that cause FTBFS.
.
firefox (68.0.1-2) unstable; urgency=medium
.
* debian/rules: Work around https://github.com/rust-lang/cargo/issues/7147.
.
firefox (68.0.1-1) unstable; urgency=medium
.
* New upstream release.
.
* debian/rules:
- Hook stamps/dh_install-l10n to override_dh_install-indep rather than
binary-indep.
- Pass make job server down through dh_auto_build.
* debian/rules, debian/dh: Wrap dh to ensure debian/rules is invoked with
parallelism.
.
firefox (68.0-3) unstable; urgency=medium
.
* debian/browser.README.Debian.in: Fix a reference to iceweasel in
README.Debian. Thanks Edward Betts.
* debian/rules:
- Only exclude "-g" from dpkg-buildflags output. All the other flags
that used to be excluded either already match upstream or add
reproducibility.
- Don't unexpectedly reset LDFLAGS.
- [firefox-esr] Remove iceweasel transitional packages on bullseye.
- Disable dh_strip_nondeterminism. Upstream build system already avoids
non-determinism it would strip, so there is no need for it further
modifying files.
- Avoid arch:all builds building arch:any stuff.
- Move AUTOCONF_DIRS cleanup after dh_clean.
- Add rust flags to improve reproducibility.
- Only touch or remove configure when it wasn't there to begin with.
- Call configure using its full path.
- Factor common configure arguments.
- Build langpacks with --disable-compile-environment, and pass less
configure arguments.
- Build each langpack from a separate build directory. This means time
wasted running configure more times, but all locales can now be built
in parallel.
* debian/symbols.mk, debian/symbols.apt.conf, debian/symbols.sources.list:
Miscellaneous changes to symbols download script.
* debian/make.mk: Exclude symbols.mk variables from dump output.
* debian/browser.mozconfig.in: Remove redundant --prefix=/usr.
* debian/control.in, debian/rules, debian/symbols.mk, debian/upstream.mk:
Remove packaging scripts compatibility with Wheezy.
.
* moz.configure: Only add confvars.sh as a dependency to config.status
when it exists. bz#1560340.
.
firefox (68.0-2) unstable; urgency=medium
.
* debian/rules, debian/upstream.mk: Account for next Debian release.
* debian/rules, debian/control: Build against system sqlite again.
.
* gfx/skia/skia/third_party/skcms/src/Transform_inl.h: Work around GCC ICE
on mips*, i386 and s390x. Closes: #931757
* python/mozbuild/mozbuild/action/langpack_manifest.py: Use build id as
langpack version for reproducibility. bz#1565504.
.
firefox (68.0-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2019-21, also known as:
CVE-2019-9811, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713,
CVE-2019-11714, CVE-2019-11715, CVE-2019-11716, CVE-2019-11717,
CVE-2019-11718, CVE-2019-11720, CVE-2019-11721, CVE-2019-11730,
CVE-2019-11723, CVE-2019-11724, CVE-2019-11725, CVE-2019-11727,
CVE-2019-11728, CVE-2019-11710, CVE-2019-11709.
.
* debian/control*: Bump nss, sqlite, rustc, cargo and cbindgen build
dependencies. Remove Build-Conflicts with nss 3.44-1, since we now
build-depend on a more recent version.
* debian/rules, debian/control: Don't build against system sqlite, as
Debian doesn't have the required version yet.
* [firefox-esr] debian/l10n/browser-l10n.control*, debian/l10n/gen:
Don't generate iceweasel l10n transition packages for locales that
were never offered with iceweasel.
* debian/control, debian/l10n/browser-l10n.control.in: Add transition
dependencies for Bengali l10n. There is now only one Bengali l10n
package instead of two.
* debian/rules: Disable JIT at build time on mips because it fails to build.
.
* build/gyp.mozbuild: Revert patch that disables libyuv assembly on
mips64. It apparently compiles, now.
.
firefox (67.0.4-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2019-19, also known as CVE-2019-11708.
.
firefox (67.0.3-2) unstable; urgency=medium
.
* python/mozbuild/mozbuild/action/node.py: Attempt to work around make issue
happening on arch: all buildd.
.
firefox (67.0.3-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2019-18, also known as CVE-2019-11707.
.
firefox (67.0.2-1) unstable; urgency=medium
.
* New upstream release.
.
firefox (67.0.1-1) unstable; urgency=medium
.
* New upstream release.
.
firefox (67.0-4) unstable; urgency=medium
.
* debian/rules: Work around FTBFS on mips* by disabling webrtc
Build fails because of missing configurations for mips*.
* debian/control*: Build-Conflicts with libnss3-dev 2:3.44-1.
Closes: #929846.
.
* js/src/jit/mips32/MacroAssembler-mips32-inl.h: Fix FTBFS on mips/mipsel.
bz#1556197.
.
firefox (67.0-3) unstable; urgency=medium
.
* media/webrtc/trunk/webrtc/system_wrappers/source/cpu_features.cc: Remove
WebRtc_GetCPUFeaturesARM from cpu_features.cc. It is already in
cpu_features_linux.c (and is not in cpu_features.cc in webrtc upstream).
Fixes FTBFS on armhf. bz#1523162.
.
firefox (67.0-2) unstable; urgency=medium
.
* debian/extra-stuff/addonsInfo.jsm:
- Avoid running -dumps-addons-info without a running Firefox counting as a
crash.
- Support addons in resource:// locations in -dump-addons-info
.
* js/src/wasm/WasmSignalHandlers.cpp: Include struct definitions for
user_vfp and user_vfp_exc. Fixes FTBFS on armhf. bz#1526653.
* js/src/jit/mips*/MacroAssembler-mips*-inl.h,
js/src/jit/mips*/Trampoline-mips*.cpp: Fix functions: branchTestBigInt,
negPtr, generateVMWrapper on MIPS. bz#1544631.
* toolkit/modules/sessionstore/PrivacyFilter.jsm: Update and harden form
data filtering for privacy to account for no data being passed in.
bz#1553413.
.
firefox (67.0-1) experimental; urgency=medium
.
* New upstream release.
* Fixes for mfsa2019-13, also known as:
CVE-2019-9816, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820,
CVE-2019-9821, CVE-2019-11691, CVE-2019-11692, CVE-2019-11693,
CVE-2019-7317, CVE-2019-11695, CVE-2019-11696, CVE-2019-11697,
CVE-2019-11698, CVE-2019-11699, CVE-2019-11701, CVE-2019-9814,
CVE-2019-9800.
* Upload to experimental because the required cbindgen is not available in
unstable.
.
* debian/control*: Bump nspr, sqlite, rustc, cargo and cbindgen build
dependencies.
* debian/extra-stuff/addonsInfo.*, debian/extra-stuff/moz.build,
debian/installer/package-manifest.browser, debian/rules:
Modernize addonsInfo per bz#1431533, bz#1432992, bz#1514594, bz#1524688,
etc.
.
firefox (66.0.5-1) unstable; urgency=medium
.
* New upstream release.
- Additional fixes for addon signature validation.
.
firefox (66.0.4-1) unstable; urgency=medium
.
* New upstream release.
- Fixes issues with addon signature validation. Closes: #928417.
Note: this didn't affect addons installed via Debian packages.
.
firefox (66.0.1-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2019-09, also known as:
CVE-2019-9810, CVE-2019-9813.
.
* debian/control*: Bump nss, sqlite, rustc, cargo and cbindgen build
dependencies.
.
firefox (66.0-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2019-07, also known as:
CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9793,
CVE-2019-9795, CVE-2019-9796, CVE-2019-9797, CVE-2019-9799,
CVE-2019-9802, CVE-2019-9803, CVE-2019-9805, CVE-2019-9806,
CVE-2019-9807, CVE-2019-9809, CVE-2019-9808, CVE-2019-9789,
CVE-2019-9788.
.
* debian/browser.mozconfig.in: Adjust to the upstream change wrt Google
API key configure options.
* debian/control*: Add nasm build dependency on amd64 and i386.
.
firefox (65.0.1-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2019-04, also known as:
CVE-2018-18356, CVE-2019-5795, CVE-2018-18511.
.
* debian/rules, debian/upstream.mk: Manually set the update channel.
Closes: #921381, #921121, #921654.
* debian/rules: Build with -mfp32 on mips and mipsel. This should fix the
FTBFS.
.
firefox (65.0-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2019-01, also known as:
CVE-2018-18500, CVE-2018-18503, CVE-2018-18504, CVE-2018-18505,
CVE-2018-18506, CVE-2018-18502, CVE-2018-18501.
.
* debian/control*: Bump nss, sqlite, rustc, cargo and cbindgen build
dependencies.
* debian/browser.install.in: Install libmozwayland.so.
.
firefox (64.0-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-29, also known as:
CVE-2018-12407, CVE-2018-17466, CVE-2018-18492, CVE-2018-18493,
CVE-2018-18494, CVE-2018-18495, CVE-2018-18496, CVE-2018-18497,
CVE-2018-18498, CVE-2018-12406, CVE-2018-12405.
.
* debian/rules, debian/browser.install.in: Properly copy the watermark
to /usr/share/icons/hicolor/symbolic/apps.
* debian/rules: Disable debug symbols on 32-bits architectures, that
requires too much memory.
* debian/browser.mozconfig.in:
- Remove --enable-pie option, it's the default, now.
- Remove --disable-nodejs now that it's required.
* debian/control*:
- Bump rustc, cargo, cbindgen, nss and sqlite dependencies.
- Add nodejs build dependency.
* debian/browser-symbolic.svg.in: Import the watermark used for the
symbolic icon in the debian/ directory.
.
firefox (63.0.3-1) unstable; urgency=medium
.
* New upstream release.
.
* debian/control*: Build depend on unversioned clang/llvm.
Closes: #912802.
* debian/rules: Use embedded libevent in backports. Closes: #910397.
* debian/rules: Use GNU gold linker on i386 because BFD ld fails to link
libxul.so (memory exhausted).
.
* build/unix/elfhack/test.c: Try to ensure the bss section of the
elfhack testcase stays large enough. bz#1505608.
* memory/build/mozjemalloc.cpp: Fix run sizes for size classes >= 16KB
on systems with large pages. bz#1507035. Closes: #911898.
* media/libaom/moz.build: Use NEON_FLAGS instead of VPX_ASFLAGS for
libaom neon code.
* gfx/cairo/libpixman/src/pixman-vmx.c: Protect #include <config.h> in
pixman-vmx.c like in other pixman-*.c files
.
firefox (63.0.1-1) unstable; urgency=medium
.
* New upstream release.
* debian/google.key: Use new Google API key, courtesy of Francois Marier.
.
firefox (63.0-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-26, also known as:
CVE-2018-12392, CVE-2018-12393, CVE-2018-12395, CVE-2018-12396,
CVE-2018-12397, CVE-2018-12398, CVE-2018-12399, CVE-2018-12401,
CVE-2018-12402, CVE-2018-12403, CVE-2018-12388, CVE-2018-12390.
.
* debian/control*:
- Bump nss dependency.
- Add build dependency on cbindgen.
* debian/browser.mozconfig.in: Disable nodejs until it's actually necessary.
* debian/rules: Add -Wl,--compress-debug-sections=zlib to LDFLAGS to work
around elfhack failing with unstripped binaries larger than 2GiB.
.
firefox (62.0.3-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-24, also known as:
CVE-2018-12386, CVE-2018-12387.
.
* debian/extra-stuff/addonsInfo.js: Fixes to work with recent versions
of Firefox. Closes: #909056.
* debian/control*, debian/browser.mozconfig.in: Build ALSA support.
Closes: #864987, #900062, #908349
.
firefox (62.0.2-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-22, also known as CVE-2018-12385.
* Ignore locale change events for the search service on shutdown.
bz#1489820. Closes: #908932.
.
* debian/control*:
- Remove the sqlite and nss dependencies when not building against the
system libraries.
- Enforce nss, nspr and sqlite dependencies to the same versions as
build dependencies. There are subtle non-ABI differences between
versions that Firefox might be relying on (be it features, behavior
changes/fixes, etc.) and can cause subtle problems when older
versions are used. Closes: #908225, #908520.
- Add a suggestion for pulseaudio.
* debian/rules, debian/control: Add libavcodec-extra* packages to the list
of recommends. Closes: #909130
.
* js/src/jit/BaselineJIT.h: Disable baseline JIT when SSE2 is not supported
at runtime. bz#1492064. Closes: #908396, #908449.
* gfx/2d/Swizzle.cpp: Use Swizzle fallback when SSE2 is not supported.
bz#1492065. Closes: #877445.
.
firefox (62.0-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-20, also known as:
CVE-2018-12377, CVE-2018-12378, CVE-2018-12383, CVE-2018-12375,
CVE-2018-12376.
.
* debian/control*:
- Bump nss and sqlite build dependencies.
- Build depend on llvm/clang 6.0 for buster. Closes: #906175.
* debian/browser.mozconfig.in, debian/control*, debian/rules: Remove
build dependency on libbz2-dev. It's not used anymore.
* debian/noinstall.in: Remove the dictionaries directory, not part
of the packaged Firefox anymore.
* debian/l10n/gen: Use iso-codes json data instead of XML when present.
Closes: #907611.
.
* widget/gtk/nsAppShell.cpp: Use remoting name for call to
gdk_set_program_class. Closes: #907574.
.
firefox (61.0.1-1) unstable; urgency=medium
.
* New upstream release.
.
firefox (61.0-2) unstable; urgency=medium
.
* debian/browser.mozconfig.in, debian/control*, debian/rules: Remove
build dependency on system libhunspell. Using system hunspell lacks
features required by Firefox. Next version of Firefox doesn't allow
to build against system hunspell anyways. Closes: #900469.
* debian/browser.links.in, debian/rules, debian/vendor.js: Use the
spellchecker.dictionary_path pref to set the hunspell directory.
* debian/browser.mozconfig.in: Allow unsigned addons in app and system
scopes.
* debian/rules: Work around the effect the above has on the
--{enable,with}-system-* check.
* debian/control*: Remove old conflicts. Thanks Sylvestre Ledru.
Closes: #882956.
* debian/l10n/recommends, debian/l10n/browser-l10n.control,
debian/control: Update dictionary recommendations, following these rules:
- Transitional myspell packages are not listed except when stable
doesn't have the corresponding hunspell package.
- Both hunspell and myspell packages are listed if they are different.
Closes: #813832, #825843
* debian/copyright, debian/rules: Refer to /usr/share/common-licenses/MPL*
instead of installing our own copy. Closes: #704303.
* debian/make.mk: Use the same code as dump target for the dump-% target.
* debian/control*, debian/rules: Add Recommends on all supported libavcodec
libraries for h264 playback. Closes: #901600.
.
* toolkit/modules/AppConstants.jsm, toolkit/modules/moz.build,
toolkit/moz.configure, toolkit/mozapps/extensions/internal/XPIInstall.jsm,
toolkit/mozapps/extensions/content/extensions.js,
toolkit/mozapps/extensions/internal/XPIDatabase.jsm: Change how addon
signature requirement relaxation is done. Closes: #899390.
.
firefox (61.0-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-15, also known as:
CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12358,
CVE-2018-12362, CVE-2018-5156, CVE-2018-12363, CVE-2018-12364,
CVE-2018-12365, CVE-2018-12371, CVE-2018-12366, CVE-2018-12367,
CVE-2018-12369, CVE-2018-12370, CVE-2018-5186, CVE-2018-5187,
CVE-2018-5188.
.
* debian/control*:
- Bump nss and sqlite build dependencies.
- Add a build dependency on python3.
* debian/browser.install.in: Adjust to upstream changes.
* debian/vendor.js: Relax the addon signature requirements.
.
* toolkit/mozapps/extensions/content/extensions.js,
toolkit/mozapps/extensions/internal/XPIDatabase.jsm: Allow to relax the
addon signature requirements.
firefox-esr (68.2.0esr-1~deb9u2) stretch-security; urgency=medium
.
* Don't set the NASM make variable on architectures without nasm, fixes
FTBFS on !x86.
* Output icu build log to stdout rather than to a file.
firefox-esr (68.2.0esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2019-33, also known as:
CVE-2019-15903, CVE-2019-11757, CVE-2019-11758, CVE-2019-11759,
CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763,
CVE-2019-11764.
firefox-esr (68.1.0esr-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2019-26, also known as
CVE-2019-11746, CVE-2019-11744, CVE-2019-11742, CVE-2019-11752,
CVE-2019-9812, CVE-2019-11743, CVE-2019-11748, CVE-2019-11749,
CVE-2019-11750, CVE-2019-11738, CVE-2019-11747, CVE-2019-11735,
CVE-2019-11740.
.
* debian/upstream.mk: Read source repo and revision from json when
getting upstream info. Instead of the .txt file that doesn't exist
as of 69.
* debian/control*:
- Remove unused build dependency against python-ply.
- Remove python-minimal build dependency. All supported versions
of Debian have a new enough version.
* debian/l10n/gen, debian/latest_nightly.py, debian/rules,
debian/symbols.mk, debian/upstream.mk, debian/watch: Use explicit
python2.7 instead of python.
firefox-esr (68.0.2esr-1) unstable; urgency=medium
.
* New upstream ESR release.
firefox-esr (60.9.0esr-1~deb10u1) buster-security; urgency=medium
.
* New upstream release.
Fixes for mfsa2019-27, also known as:
CVE-2019-11746, CVE-2019-11744, CVE-2019-11742, CVE-2019-11752,
CVE-2019-9812, CVE-2019-11743, CVE-2019-11740.
firefox-esr (60.9.0esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
Fixes for mfsa2019-27, also known as:
CVE-2019-11746, CVE-2019-11744, CVE-2019-11742, CVE-2019-11752,
CVE-2019-9812, CVE-2019-11743, CVE-2019-11740.
firefox-esr (60.8.0esr-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2019-22, also known as:
CVE-2019-9811, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713,
CVE-2019-11729, CVE-2019-11715, CVE-2019-11717, CVE-2019-11719,
CVE-2019-11730, CVE-2019-11709.
firefox-esr (60.8.0esr-1~deb10u1) buster-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2019-22, also known as:
CVE-2019-9811, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713,
CVE-2019-11729, CVE-2019-11715, CVE-2019-11717, CVE-2019-11719,
CVE-2019-11730, CVE-2019-11709.
firefox-esr (60.8.0esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2019-22, also known as:
CVE-2019-9811, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713,
CVE-2019-11729, CVE-2019-11715, CVE-2019-11717, CVE-2019-11719,
CVE-2019-11730, CVE-2019-11709.
firefox-esr (60.7.2esr-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa219-19, also known as CVE-2019-11708.
firefox-esr (60.7.2esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa219-19, also known as CVE-2019-11708.
firefox-esr (60.7.1esr-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2019-18, also known as CVE-2019-11707.
flightcrew (0.7.2+dfsg-9+deb9u1) stretch; urgency=medium
.
* Fix CVE-2019-13241 for stretch release.
* Fix CVE-2019-13032 for stretch release. Closes: #931246
freeimage (3.17.0+ds1-5+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2019-12213: stack exhaustion caused by unwanted recursion in
ReadThumbnail (Closes: #929597).
* CVE-2019-12211: heap buffer overflow caused by invalid memcpy in
PluginTIFF.
freetype (2.6.3-3.2+deb9u1) stretch; urgency=medium
.
* Add an upstream patch to correctly handle deltas in TrueType GX fonts
(Closes: #929982). This patch allows variable hinted fonts to render
correctly in Chromium and Firefox.
ghostscript (9.26a~dfsg-0+deb9u6) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* remove .forceput from /.charkeys (CVE-2019-14869)
ghostscript (9.26a~dfsg-0+deb9u5) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* make .forceput inaccessible (CVE-2019-14811, CVE-2019-14812,
CVE-2019-14813)
* Issue an error message if an ExtGstate is not found
* PDF interpreter - review .forceput security (CVE-2019-14817)
git (1:2.11.0-3+deb9u5) stretch-security; urgency=high
.
* Apply patches addressing the security issues CVE-2019-1348,
CVE-2019-1349, CVE-2019-1352, CVE-2019-1353, and CVE-2019-1387.
.
Credit for finding these vulnerabilities goes to Microsoft
Security Response Center, in particular to Nicolas Joly. Fixes
were provided by Jeff King and Johannes Schindelin with help
from Garima Singh.
.
* Reject setting "update = !command" in .gitmodules. This makes
the behavior better match Git 2.24.1 which made the same change
to address the arbitrary code execution issue CVE-2019-19604
(which does not affect Git versions before 2.20.0).
.
Also reject "update = !command" in fsck. This ensures that if
Git is run as a server with "transfer.fsckObjects" enabled,
it cannot be used to attack clients vulnerable to
CVE-2019-19604.
.
Credit for finding this vulnerability goes to Joern
Schneeweisz from GitLab.
glib2.0 (2.50.3-2+deb9u2) stretch; urgency=medium
.
* Team upload
* d/p/credentials-Invalid-Linux-struct-ucred-means-no-informati.patch,
d/p/GDBus-prefer-getsockopt-style-credentials-passing-APIs.patch:
Ensure libdbus clients can authenticate with a GDBusServer like the
one in ibus, backported from upstream 2.62.x branch (Closes: #941018)
* d/control.in: Update Vcs-Git, Vcs-Browser
gnustep-base (1.24.9-3.1+deb9u1) stretch; urgency=medium
.
* debian/patches/gdomap-udp-amplification.patch: New; fix UDP
amplification vulnerability. Thanks to Alan Jenkins.
* debian/patches/series: Update.
* debian/gbp.conf: New file.
ibus (1.5.14-3+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* bus: Implement GDBusAuthObserver callback (CVE-2019-14822)
intel-microcode (3.20191115.2~deb9u1) stretch-security; urgency=high
.
* Rebuild for stretch-security (no changes)
* Refer to DSA-4565-2 for details.
.
intel-microcode (3.20191115.2) unstable; urgency=medium
.
* Microcode rollbacks (closes: #946515, LP#1854764):
sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x2000064, size 33792
* Avoids hangs on warm reboots (cold boots work fine) on HEDT and
Xeon processors with signature 0x50654.
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21
.
intel-microcode (3.20191115.1) unstable; urgency=high
.
* New upstream microcode datafile 20191115
+ Updated Microcodes:
sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376
sig 0x000806e9, pf_mask 0x10, 2019-10-15, rev 0x00ca, size 100352
sig 0x000806e9, pf_mask 0xc0, 2019-09-26, rev 0x00ca, size 100352
sig 0x000806ea, pf_mask 0xc0, 2019-10-03, rev 0x00ca, size 100352
sig 0x000806eb, pf_mask 0xd0, 2019-10-03, rev 0x00ca, size 100352
sig 0x000806ec, pf_mask 0x94, 2019-10-03, rev 0x00ca, size 100352
sig 0x000906e9, pf_mask 0x2a, 2019-10-03, rev 0x00ca, size 100352
sig 0x000906ea, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
sig 0x000906eb, pf_mask 0x02, 2019-10-03, rev 0x00ca, size 100352
sig 0x000906ec, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
sig 0x000906ed, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 100352
sig 0x000a0660, pf_mask 0x80, 2019-10-03, rev 0x00ca, size 91136
.
intel-microcode (3.20191113.1~deb9u1) stretch-security; urgency=high
.
* Rebuild for stretch-security (no changes)
* Refer to DSA-4565-2 for details.
.
intel-microcode (3.20191113.1) unstable; urgency=high
.
* New upstream microcode datafile 20191113
+ SECURITY UPDATE, refer to the 3.20191112.1 changelog entry for details
Adds microcode update for CFL-S (Coffe Lake Desktop)
INTEL-SA-00270, CVE-2019-11135, CVE-2019-0117
+ Updated Microcodes (previously removed):
sig 0x000906ec, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
intel-microcode (3.20191115.1) unstable; urgency=high
.
* New upstream microcode datafile 20191115
+ Updated Microcodes:
sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376
sig 0x000806e9, pf_mask 0x10, 2019-10-15, rev 0x00ca, size 100352
sig 0x000806e9, pf_mask 0xc0, 2019-09-26, rev 0x00ca, size 100352
sig 0x000806ea, pf_mask 0xc0, 2019-10-03, rev 0x00ca, size 100352
sig 0x000806eb, pf_mask 0xd0, 2019-10-03, rev 0x00ca, size 100352
sig 0x000806ec, pf_mask 0x94, 2019-10-03, rev 0x00ca, size 100352
sig 0x000906e9, pf_mask 0x2a, 2019-10-03, rev 0x00ca, size 100352
sig 0x000906ea, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
sig 0x000906eb, pf_mask 0x02, 2019-10-03, rev 0x00ca, size 100352
sig 0x000906ec, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
sig 0x000906ed, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 100352
sig 0x000a0660, pf_mask 0x80, 2019-10-03, rev 0x00ca, size 91136
intel-microcode (3.20191115.1~deb10u1) buster-security; urgency=high
.
* Rebuild for buster-security (no changes)
* Refer to DSA-4565-2 for details.
.
intel-microcode (3.20191115.1) unstable; urgency=high
.
* New upstream microcode datafile 20191115
+ Updated Microcodes:
sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376
sig 0x000806e9, pf_mask 0x10, 2019-10-15, rev 0x00ca, size 100352
sig 0x000806e9, pf_mask 0xc0, 2019-09-26, rev 0x00ca, size 100352
sig 0x000806ea, pf_mask 0xc0, 2019-10-03, rev 0x00ca, size 100352
sig 0x000806eb, pf_mask 0xd0, 2019-10-03, rev 0x00ca, size 100352
sig 0x000806ec, pf_mask 0x94, 2019-10-03, rev 0x00ca, size 100352
sig 0x000906e9, pf_mask 0x2a, 2019-10-03, rev 0x00ca, size 100352
sig 0x000906ea, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
sig 0x000906eb, pf_mask 0x02, 2019-10-03, rev 0x00ca, size 100352
sig 0x000906ec, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
sig 0x000906ed, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 100352
sig 0x000a0660, pf_mask 0x80, 2019-10-03, rev 0x00ca, size 91136
.
intel-microcode (3.20191113.1~deb10u1) buster-security; urgency=high
.
* Rebuild for buster-security (no changes)
* Refer to DSA-4565-2 for details.
.
intel-microcode (3.20191113.1) unstable; urgency=high
.
* New upstream microcode datafile 20191113
+ SECURITY UPDATE, refer to the 3.20191112.1 changelog entry for details
Adds microcode update for CFL-S (Coffe Lake Desktop)
INTEL-SA-00270, CVE-2019-11135, CVE-2019-0117
+ Updated Microcodes (previously removed):
sig 0x000906ec, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
intel-microcode (3.20191115.1~deb9u1) stretch-security; urgency=high
.
* Rebuild for stretch-security (no changes)
* Refer to DSA-4565-2 for details.
.
intel-microcode (3.20191115.1) unstable; urgency=high
.
* New upstream microcode datafile 20191115
+ Updated Microcodes:
sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376
sig 0x000806e9, pf_mask 0x10, 2019-10-15, rev 0x00ca, size 100352
sig 0x000806e9, pf_mask 0xc0, 2019-09-26, rev 0x00ca, size 100352
sig 0x000806ea, pf_mask 0xc0, 2019-10-03, rev 0x00ca, size 100352
sig 0x000806eb, pf_mask 0xd0, 2019-10-03, rev 0x00ca, size 100352
sig 0x000806ec, pf_mask 0x94, 2019-10-03, rev 0x00ca, size 100352
sig 0x000906e9, pf_mask 0x2a, 2019-10-03, rev 0x00ca, size 100352
sig 0x000906ea, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
sig 0x000906eb, pf_mask 0x02, 2019-10-03, rev 0x00ca, size 100352
sig 0x000906ec, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
sig 0x000906ed, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 100352
sig 0x000a0660, pf_mask 0x80, 2019-10-03, rev 0x00ca, size 91136
.
intel-microcode (3.20191113.1~deb9u1) stretch-security; urgency=high
.
* Rebuild for stretch-security (no changes)
* Refer to DSA-4565-2 for details.
.
intel-microcode (3.20191113.1) unstable; urgency=high
.
* New upstream microcode datafile 20191113
+ SECURITY UPDATE, refer to the 3.20191112.1 changelog entry for details
Adds microcode update for CFL-S (Coffe Lake Desktop)
INTEL-SA-00270, CVE-2019-11135, CVE-2019-0117
+ Updated Microcodes (previously removed):
sig 0x000906ec, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
intel-microcode (3.20191113.1) unstable; urgency=high
.
* New upstream microcode datafile 20191113
+ SECURITY UPDATE, refer to the 3.20191112.1 changelog entry for details
Adds microcode update for CFL-S (Coffe Lake Desktop)
INTEL-SA-00270, CVE-2019-11135, CVE-2019-0117
+ Updated Microcodes (previously removed):
sig 0x000906ec, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
intel-microcode (3.20191112.1) unstable; urgency=medium
.
* New upstream microcode datafile 20191112
+ SECURITY UPDATE
- Implements MDS mitigation (TSX TAA), INTEL-SA-00270, CVE-2019-11135
- Implements TA Indirect Sharing mitigation, and improves the
MDS mitigation (VERW)
- Fixes FIVR (Xeon Voltage Modulation) vulnerability, INTEL-SA-00271,
CVE-2019-11139
- Fixes SGX vulnerabilities and errata (including CVE-2019-0117)
+ CRITICAL ERRATA FIXES
- Fixes Jcc conditional jump macro-fusion erratum (Skylake+, except
Ice Lake), causes a 0-3% typical perforance hit (can be as bad
as 10%). But ensures the processor will actually jump where it
should, so don't even *dream* of not applying this fix.
- Fixes AVX SHUF* instruction implementation flaw erratum
+ Removed Microcodes:
sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
+ New Microcodes:
sig 0x000406d8, pf_mask 0x01, 2019-09-16, rev 0x012d, size 84992
sig 0x00050656, pf_mask 0xbf, 2019-09-05, rev 0x400002c, size 51200
sig 0x00060663, pf_mask 0x80, 2018-04-17, rev 0x002a, size 87040
sig 0x000706a8, pf_mask 0x01, 2019-08-29, rev 0x0016, size 74752
sig 0x000706e5, pf_mask 0x80, 2019-09-05, rev 0x0046, size 102400
sig 0x000a0660, pf_mask 0x80, 2019-08-27, rev 0x00c6, size 91136
+ Updated Microcodes:
sig 0x000406e3, pf_mask 0xc0, 2019-08-14, rev 0x00d4, size 101376
sig 0x00050654, pf_mask 0xb7, 2019-09-05, rev 0x2000065, size 34816
sig 0x00050657, pf_mask 0xbf, 2019-09-05, rev 0x500002c, size 51200
sig 0x000506e3, pf_mask 0x36, 2019-08-14, rev 0x00d4, size 101376
sig 0x000706a1, pf_mask 0x01, 2019-08-28, rev 0x0032, size 73728
sig 0x000806e9, pf_mask 0x10, 2019-08-14, rev 0x00c6, size 99328
sig 0x000806e9, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 100352
sig 0x000806ea, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 99328
sig 0x000806eb, pf_mask 0xd0, 2019-08-14, rev 0x00c6, size 100352
sig 0x000806ec, pf_mask 0x94, 2019-08-14, rev 0x00c6, size 100352
sig 0x000906e9, pf_mask 0x2a, 2019-08-14, rev 0x00c6, size 100352
sig 0x000906ea, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
sig 0x000906eb, pf_mask 0x02, 2019-08-14, rev 0x00c6, size 100352
sig 0x000906ed, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
+ Updated Microcodes (previously removed):
sig 0x00050653, pf_mask 0x97, 2019-09-09, rev 0x1000151, size 32768
intel-microcode (3.20191112.1~deb10u1) buster-security; urgency=high
.
* Rebuild for buster-security (no changes)
* Refer to DSA-4565-1 for details.
.
intel-microcode (3.20191112.1) unstable; urgency=medium
.
* New upstream microcode datafile 20191112
+ SECURITY UPDATE
- Implements MDS mitigation (TSX TAA), INTEL-SA-00270, CVE-2019-11135
- Implements TA Indirect Sharing mitigation, and improves the
MDS mitigation (VERW)
- Fixes FIVR (Xeon Voltage Modulation) vulnerability, INTEL-SA-00271,
CVE-2019-11139
- Fixes SGX vulnerabilities and errata (including CVE-2019-0117)
+ CRITICAL ERRATA FIXES
- Fixes Jcc conditional jump macro-fusion erratum (Skylake+, except
Ice Lake), causes a 0-3% typical perforance hit (can be as bad
as 10%). But ensures the processor will actually jump where it
should, so don't even *dream* of not applying this fix.
- Fixes AVX SHUF* instruction implementation flaw erratum
+ Removed Microcodes:
sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
+ New Microcodes:
sig 0x000406d8, pf_mask 0x01, 2019-09-16, rev 0x012d, size 84992
sig 0x00050656, pf_mask 0xbf, 2019-09-05, rev 0x400002c, size 51200
sig 0x00060663, pf_mask 0x80, 2018-04-17, rev 0x002a, size 87040
sig 0x000706a8, pf_mask 0x01, 2019-08-29, rev 0x0016, size 74752
sig 0x000706e5, pf_mask 0x80, 2019-09-05, rev 0x0046, size 102400
sig 0x000a0660, pf_mask 0x80, 2019-08-27, rev 0x00c6, size 91136
+ Updated Microcodes:
sig 0x000406e3, pf_mask 0xc0, 2019-08-14, rev 0x00d4, size 101376
sig 0x00050654, pf_mask 0xb7, 2019-09-05, rev 0x2000065, size 34816
sig 0x00050657, pf_mask 0xbf, 2019-09-05, rev 0x500002c, size 51200
sig 0x000506e3, pf_mask 0x36, 2019-08-14, rev 0x00d4, size 101376
sig 0x000706a1, pf_mask 0x01, 2019-08-28, rev 0x0032, size 73728
sig 0x000806e9, pf_mask 0x10, 2019-08-14, rev 0x00c6, size 99328
sig 0x000806e9, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 100352
sig 0x000806ea, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 99328
sig 0x000806eb, pf_mask 0xd0, 2019-08-14, rev 0x00c6, size 100352
sig 0x000806ec, pf_mask 0x94, 2019-08-14, rev 0x00c6, size 100352
sig 0x000906e9, pf_mask 0x2a, 2019-08-14, rev 0x00c6, size 100352
sig 0x000906ea, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
sig 0x000906eb, pf_mask 0x02, 2019-08-14, rev 0x00c6, size 100352
sig 0x000906ed, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
+ Updated Microcodes (previously removed):
sig 0x00050653, pf_mask 0x97, 2019-09-09, rev 0x1000151, size 32768
.
intel-microcode (3.20190918.1) unstable; urgency=medium
.
* New upstream microcode datafile 20190918
+ SECURITY UPDATE
*Might* contain mitigations for INTEL-SA-00247 (RAMBleed), given
the set of processors being updated.
+ Updated Microcodes:
sig 0x000306d4, pf_mask 0xc0, 2019-06-13, rev 0x002e, size 19456
sig 0x000306f4, pf_mask 0x80, 2019-06-17, rev 0x0016, size 18432
sig 0x00040671, pf_mask 0x22, 2019-06-13, rev 0x0021, size 14336
sig 0x000406f1, pf_mask 0xef, 2019-06-18, rev 0xb000038, size 30720
sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x2000064, size 33792
sig 0x00050657, pf_mask 0xbf, 2019-08-12, rev 0x500002b, size 51200
sig 0x00050662, pf_mask 0x10, 2019-06-17, rev 0x001c, size 32768
sig 0x00050663, pf_mask 0x10, 2019-06-17, rev 0x7000019, size 24576
sig 0x00050664, pf_mask 0x10, 2019-06-17, rev 0xf000017, size 24576
sig 0x00050665, pf_mask 0x10, 2019-06-17, rev 0xe00000f, size 19456
intel-microcode (3.20191112.1~deb9u1) stretch-security; urgency=high
.
* Rebuild for stretch-security (no changes)
* Refer to DSA-4565-1 for details.
.
intel-microcode (3.20191112.1) unstable; urgency=medium
.
* New upstream microcode datafile 20191112
+ SECURITY UPDATE
- Implements MDS mitigation (TSX TAA), INTEL-SA-00270, CVE-2019-11135
- Implements TA Indirect Sharing mitigation, and improves the
MDS mitigation (VERW)
- Fixes FIVR (Xeon Voltage Modulation) vulnerability, INTEL-SA-00271,
CVE-2019-11139
- Fixes SGX vulnerabilities and errata (including CVE-2019-0117)
+ CRITICAL ERRATA FIXES
- Fixes Jcc conditional jump macro-fusion erratum (Skylake+, except
Ice Lake), causes a 0-3% typical perforance hit (can be as bad
as 10%). But ensures the processor will actually jump where it
should, so don't even *dream* of not applying this fix.
- Fixes AVX SHUF* instruction implementation flaw erratum
+ Removed Microcodes:
sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
+ New Microcodes:
sig 0x000406d8, pf_mask 0x01, 2019-09-16, rev 0x012d, size 84992
sig 0x00050656, pf_mask 0xbf, 2019-09-05, rev 0x400002c, size 51200
sig 0x00060663, pf_mask 0x80, 2018-04-17, rev 0x002a, size 87040
sig 0x000706a8, pf_mask 0x01, 2019-08-29, rev 0x0016, size 74752
sig 0x000706e5, pf_mask 0x80, 2019-09-05, rev 0x0046, size 102400
sig 0x000a0660, pf_mask 0x80, 2019-08-27, rev 0x00c6, size 91136
+ Updated Microcodes:
sig 0x000406e3, pf_mask 0xc0, 2019-08-14, rev 0x00d4, size 101376
sig 0x00050654, pf_mask 0xb7, 2019-09-05, rev 0x2000065, size 34816
sig 0x00050657, pf_mask 0xbf, 2019-09-05, rev 0x500002c, size 51200
sig 0x000506e3, pf_mask 0x36, 2019-08-14, rev 0x00d4, size 101376
sig 0x000706a1, pf_mask 0x01, 2019-08-28, rev 0x0032, size 73728
sig 0x000806e9, pf_mask 0x10, 2019-08-14, rev 0x00c6, size 99328
sig 0x000806e9, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 100352
sig 0x000806ea, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 99328
sig 0x000806eb, pf_mask 0xd0, 2019-08-14, rev 0x00c6, size 100352
sig 0x000806ec, pf_mask 0x94, 2019-08-14, rev 0x00c6, size 100352
sig 0x000906e9, pf_mask 0x2a, 2019-08-14, rev 0x00c6, size 100352
sig 0x000906ea, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
sig 0x000906eb, pf_mask 0x02, 2019-08-14, rev 0x00c6, size 100352
sig 0x000906ed, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
+ Updated Microcodes (previously removed):
sig 0x00050653, pf_mask 0x97, 2019-09-09, rev 0x1000151, size 32768
.
intel-microcode (3.20190918.1) unstable; urgency=medium
.
* New upstream microcode datafile 20190918
+ SECURITY UPDATE
*Might* contain mitigations for INTEL-SA-00247 (RAMBleed), given
the set of processors being updated.
+ Updated Microcodes:
sig 0x000306d4, pf_mask 0xc0, 2019-06-13, rev 0x002e, size 19456
sig 0x000306f4, pf_mask 0x80, 2019-06-17, rev 0x0016, size 18432
sig 0x00040671, pf_mask 0x22, 2019-06-13, rev 0x0021, size 14336
sig 0x000406f1, pf_mask 0xef, 2019-06-18, rev 0xb000038, size 30720
sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x2000064, size 33792
sig 0x00050657, pf_mask 0xbf, 2019-08-12, rev 0x500002b, size 51200
sig 0x00050662, pf_mask 0x10, 2019-06-17, rev 0x001c, size 32768
sig 0x00050663, pf_mask 0x10, 2019-06-17, rev 0x7000019, size 24576
sig 0x00050664, pf_mask 0x10, 2019-06-17, rev 0xf000017, size 24576
sig 0x00050665, pf_mask 0x10, 2019-06-17, rev 0xe00000f, size 19456
intel-microcode (3.20190918.1) unstable; urgency=medium
.
* New upstream microcode datafile 20190918
+ SECURITY UPDATE
*Might* contain mitigations for INTEL-SA-00247 (RAMBleed), given
the set of processors being updated.
+ Updated Microcodes:
sig 0x000306d4, pf_mask 0xc0, 2019-06-13, rev 0x002e, size 19456
sig 0x000306f4, pf_mask 0x80, 2019-06-17, rev 0x0016, size 18432
sig 0x00040671, pf_mask 0x22, 2019-06-13, rev 0x0021, size 14336
sig 0x000406f1, pf_mask 0xef, 2019-06-18, rev 0xb000038, size 30720
sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x2000064, size 33792
sig 0x00050657, pf_mask 0xbf, 2019-08-12, rev 0x500002b, size 51200
sig 0x00050662, pf_mask 0x10, 2019-06-17, rev 0x001c, size 32768
sig 0x00050663, pf_mask 0x10, 2019-06-17, rev 0x7000019, size 24576
sig 0x00050664, pf_mask 0x10, 2019-06-17, rev 0xf000017, size 24576
sig 0x00050665, pf_mask 0x10, 2019-06-17, rev 0xe00000f, size 19456
intel-microcode (3.20190618.1) unstable; urgency=medium
.
* New upstream microcode datafile 20190618
+ SECURITY UPDATE
Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
for Sandybridge server and Core-X processors
+ Updated Microcodes:
sig 0x000206d6, pf_mask 0x6d, 2019-05-21, rev 0x061f, size 18432
sig 0x000206d7, pf_mask 0x6d, 2019-05-21, rev 0x0718, size 19456
* Add some missing (minor) changelog entries to 3.20190514.1
* Reformat 3.20190514.1 changelog entry to match rest of changelog
italc (1:3.0.3+dfsg1-1+deb9u1) stretch; urgency=medium
.
* Porting of libvncserver+libvncclient security patches:
- CVE-2018-7225: Uninitialized and potentially sensitive data could be
accessed by remote attackers because the msg.cct.length in rfbserver.c was
not sanitized.
- CVE-2018-15127: heap out-of-bound write vulnerability.
- CVE-2018-20019: multiple heap out-of-bound write vulnerabilities.
- CVE-2018-20020: heap out-of-bound write vulnerability inside structure
in VNC client code.
- CVE-2018-20021: CWE-835: Infinite loop vulnerability in VNC client code.
- CVE-2018-20022: CWE-665: Improper Initialization vulnerability.
- CVE-2018-20023: Improper Initialization vulnerability in VNC Repeater
client code.
- CVE-2018-20024: null pointer dereference that can result DoS.
- CVE-2018-6307: heap use-after-free vulnerability in server code of
file transfer extension.
- CVE-2018-20748: incomplete fix for CVE-2018-20019 oob heap writes.
- CVE-2018-20749: incomplete fix for CVE-2018-15127 oob heap writes.
- CVE-2018-20750: incomplete fix for CVE-2018-15127 oob heap writes.
- CVE-2018-15126: heap use-after-free resulting in possible RCE.
- CVE-2019-15681: rfbserver: don't leak stack memory to the remote.
* debian/control:
+ Update Vcs-*: fields. Package has been migrated to salsa.debian.org.
jackson-databind (2.8.6-1+deb9u6) stretch-security; urgency=high
.
* Fix CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439,
CVE-2019-14540, CVE-2019-16335, CVE-2019-16942 and CVE-2019-16943.
Several deserialization flaws were discovered in jackson-databind which
could allow an unauthenticated user to perform code execution. The issue
was resolved by extending the blacklist and blocking more classes from
polymorphic deserialization.
ldm (2:2.2.18-2+deb9u1) stretch-security; urgency=medium
.
* Add patch fixing root access when LDM_USERNAME is unset.
libapreq2 (2.13-7~deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Rebuild for stretch-security
.
libapreq2 (2.13-7) unstable; urgency=high
.
* Source-only upload.
.
libapreq2 (2.13-6) unstable; urgency=high
.
* 05-nested-multipart-null-dereference.patch: New patch by
Max Kellermann, fixes a NULL pointer dereference bug with nested
multipart form submission. (Closes: #939937)
libapreq2 (2.13-6) unstable; urgency=high
.
* 05-nested-multipart-null-dereference.patch: New patch by
Max Kellermann, fixes a NULL pointer dereference bug with nested
multipart form submission. (Closes: #939937)
libarchive (3.2.2-2+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* CVE-2019-18408
Fix use after free in case parts of the archive are corrupt but
the archive contains several headers.
* Fix CVE-2019-1000019
Out-of-bounds Read vulnerability in 7zip decompression, that can
result in a crash (denial of service, CWE-125)
* Fix CVE-2019-1000020
vulnerability in ISO9660 parser that can result in DoS by infinite
loop (CWE-835)
libdate-holidays-de-perl (1.9-1+deb9u4) stretch; urgency=medium
.
* Mark International Childrens Day (Sep 20th) as a holiday in
Thuringia from 2019 on
libdatetime-timezone-perl (1:2.09-1+2019c) stretch; urgency=medium
.
* Update to Olson database version 2019c.
This update contains contemporary changes for Fiji and Norfolk Island.
libidn (1.33-1+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Fix CVE-2017-14062: An integer overflow vulnerability in libidn's Punycode
handling (an encoding used to convert Unicode characters to ASCII) which
would have allowed remote attackers to cause a denial of service.
* Import 0004-Update-Makefile.gdoc-to-use-GDOC_BIN-instead-of-hard.patch
from unstable to avoid a FTBFS.
- Add textinfo to Build-Deps.
libjaxen-java (1.1.6-1+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Ignore the test failures (Closes: #909216)
libofx (1:0.9.10-2+deb9u2) stretch; urgency=medium
.
* Add upstream patches to fix:
- CVE-2019-9656 (Closes: #924350).
libole-storage-lite-perl (0.19-1+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Backport upstream fix for years >= 2020 being misinterpreted.
(Closes: #948668)
libparse-win32registry-perl (1.0-2+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Add patch to fix Y2K20 problem.
(Closes: #948682)
libperl4-corelibs-perl (0.003-2+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Add t/timelocal.t fix for Y2K20 problem in t/timelocal.t.
(Closes: #948666)
libpst (0.6.59-1+deb9u1) stretch; urgency=medium
.
* Fix detection of get_current_dir_name and return truncation
libreoffice (1:5.2.7-1+deb9u11) stretch-security; urgency=medium
.
* debian/patches/expand-pyuno-path-separators.diff.
debian/patches/construct-final-url-from-parsed-output.diff,
debian/patches/an-absolute-uri-is-invalid-input.diff,
debian/patches/Improve-check-for-absolute-URI.diff,
debian/patches/Improve-check.diff: add from
libreoffice-6-3(-0,-1) branch - more fixes...
(CVE-2019-9854/CVE-2019-9855)
libsixel (1.5.2-2+deb9u1) stretch; urgency=medium
.
* d/patches/0001-Add-malloc-size-check.patch: fix CVE-2018-19756
* d/patches/0002-assign-default-error-message.patch: fix CVE-2018-19757
* d/patches/0003-add-limitation-to-width-and-height.patch: fix CVE-2018-19759
* CVE-2018-19761 is not security issue
* d/patches/0004-size-check.patch: fix CVE-2018-19762
* CVE-2018-19763 is fixed by 0001-Add-malloc-size-check.patch
* d/patches/0005-check-error-for-jpeg_read_scanlines.patch: fix CVE-2019-3573
* d/patches/0006-check-number-of-repeat_count.patch: fix CVE-2019-3574
* d/patches/0007-fix-memory-leak.patch: fix CVE-2018-14072, CVE-2018-14073
libsolv (0.6.24-1+deb9u2) stretch; urgency=medium
.
* debian/patches:
+ CVE-2019-20387: Add 0001_CVE-2019-20387.patch. Resolves heap-based
buffer over-read in repodata.c (Closes: #949611).
+ Trivial rebase of patches 1004, 1006 and 2001.
libtest-mocktime-perl (0.17-0+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* New upstream release.
- Only change is a fix for a build failure in the year 2020
and later. (Closes: #948669)
libtest-mocktime-perl (0.16-1) unstable; urgency=medium
.
* Team upload.
.
[ Salvatore Bonaccorso ]
* debian/control: Use HTTPS transport protocol for Vcs-Git URI
.
[ gregor herrmann ]
* debian/copyright: change Copyright-Format 1.0 URL to HTTPS.
* Remove Rene Mayorga from Uploaders. Thanks for your work!
.
[ Salvatore Bonaccorso ]
* Update Vcs-* headers for switch to salsa.debian.org
.
[ gregor herrmann ]
* New upstream release.
* Update years of packaging copyright.
* Declare compliance with Debian Policy 4.1.3.
* Bump debhelper compatibility level to 10.
* Add lintian override for "timestamp in the future".
libtimedate-perl (2.3000-2+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Add patch from upstream pull request to fix Y2K20 test failure.
(Closes: #948680)
libvncserver (0.9.11+dfsg-1.3~deb9u3) stretch; urgency=medium
.
* Regression update.
.
* debian/patches: Add use-after-free/{4,5,6}.patch. All cherry-picked from
upstream. Resolves crashing of x11vnc when vncviewer connects. (Closes:
#905786).
libvncserver (0.9.11+dfsg-1.3~deb9u2) stretch; urgency=medium
.
* CVE-2019-15681:
+ rfbserver: don't leak stack memory to the remote. (Closes: #943793).
* debian/patches:
+ Trivial patch rebasing.
+ Add 3 use-after-free patches. Resolve a freeze during connection
closure and a segmentation fault on multi-threaded VNC servers. (Closes:
#905786).
+ Add 0002-set-true-color-flag-to-1.patch. Fix connecting to VMware servers.
(Closes: #880531).
libvpx (1.6.1-3+deb9u2) stretch-security; urgency=medium
.
* CVE-2019-9232 CVE-2019-9325 CVE-2019-9433
libxslt (1.1.29-2.1+deb9u2) stretch; urgency=medium
.
* Non-maintainer upload.
* Fix dangling pointer in xsltCopyText (CVE-2019-18197) (Closes: #942646)
limnoria (2017.01.10-1+deb9u1) stretch; urgency=medium
.
* Add patch from upstream to fix remote information disclosure and
possibly remote code execution in the Math plugin. CVE-2019-19010
linux (4.9.210-1) stretch; urgency=medium
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.190
- usb: usbfs: fix double-free of usb memory upon submiturb error
- usb: iowarrior: fix deadlock on disconnect
- sound: fix a memory leak bug
- [x86] mm: Check for pfn instead of page in vmalloc_sync_one()
- [x86] mm: Sync also unmappings in vmalloc_sync_all()
- mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy()
- perf record: Fix wrong size in perf_record_mmap for last kernel module
- perf db-export: Fix thread__exec_comm()
- [s390x] perf record: Fix module size on s390
- usb: yurex: Fix use-after-free in yurex_delete (CVE-2019-19531)
- can: peak_usb: fix potential double kfree_skb()
- netfilter: nfnetlink: avoid deadlock due to synchronous request_module
- mac80211: don't warn about CW params when not using them
- hwmon: (nct6775) Fix register address and added missed tolerance for
nct6106
- [s390x] qdio: add sanity checks to the fast-requeue path
- ALSA: compress: Fix regression on compressed capture streams
- ALSA: compress: Prevent bypasses of set_params
- ALSA: compress: Don't allow paritial drain operations on capture streams
- ALSA: compress: Be more restrictive about when a drain is allowed
- perf probe: Avoid calling freeing routine multiple times for same pointer
- drbd: dynamically allocate shash descriptor
- ACPI/IORT: Fix off-by-one check in iort_dev_find_its_id()
- scsi: megaraid_sas: fix panic on loading firmware crashdump
- [ppc64el] scsi: ibmvfc: fix WARN_ON during event pool release
- scsi: scsi_dh_alua: always use a 2 second delay before retrying RTPG
- tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop
- perf/core: Fix creating kernel counters for PMUs that override event->cpu
- can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices
(CVE-2019-19536)
- can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices
(CVE-2019-19535)
- ALSA: firewire: fix a memory leak bug
- ALSA: hda - Don't override global PCM hw info flag
- mac80211: don't WARN on short WMM parameters from AP
- SMB3: Fix deadlock in validate negotiate hits reconnect
- smb3: send CAP_DFS capability during session setup
- mwifiex: fix 802.11n/WPA detection
- iwlwifi: don't unmap as page memory that was mapped as single
- scsi: mpt3sas: Use 63-bit DMA addressing on SAS35 HBA
- mm/usercopy: use memory range to be accessed for wraparound check
- mm/memcontrol.c: fix use after free in mem_cgroup_iter()
- bpf: get rid of pure_initcall dependency to enable jits
- bpf: restrict access to core bpf sysctls
- bpf: add bpf_jit_limit knob to restrict unpriv allocations
- ALSA: hda - Fix a memory leak bug
- ALSA: hda - Add a generic reboot_notify
- ALSA: hda - Let all conexant codec enter D3 when rebooting
- HID: holtek: test for sanity of intfdata
- HID: hiddev: avoid opening a disconnected device (CVE-2019-19527)
- HID: hiddev: do cleanup in failure of opening a device (CVE-2019-19527)
- Input: kbtab - sanity check for endpoint type
- Input: iforce - add sanity checks
- net: usb: pegasus: fix improper read if get_registers() fail
- xen/pciback: remove set but not used variable 'old_state'
- perf header: Fix divide by zero error if f_header.attr_size==0
- perf header: Fix use of unitialized value warning
- libata: zpodd: Fix small read overflow in zpodd_get_mech_type()
- scsi: hpsa: correct scsi command status issue after reset
- ata: libahci: do not complain in case of deferred probe
- [arm64] efi: fix variable 'si' set but not used
- [arm64] mm: fix variable 'pud' set but not used
- IB/core: Add mitigation for Spectre V1
- IB/mad: Fix use-after-free in ib mad completion handling
- ocfs2: remove set but not used variable 'last_hash'
- [x86] staging: comedi: dt3000: Fix signed integer overflow 'divider *
base'
- [x86] staging: comedi: dt3000: Fix rounding up of timer divisor
- USB: core: Fix races in character device registration and deregistraion
(CVE-2019-19537)
- usb: cdc-acm: make sure a refcount is taken early enough (CVE-2019-19530)
- USB: CDC: fix sanity checks in CDC union parser
- asm-generic: fix -Wtype-limits compiler warnings
- bpf: fix bpf_jit_limit knob for PAGE_SIZE >= 64K
- [arm64] compat: Allow single-byte watchpoints on all addresses
- Input: psmouse - fix build error of multiple definition
- [x86] iommu/amd: Move iommu_init_pci() to .init section
- bnx2x: Fix VF's VLAN reconfiguration in reload.
- net/packet: fix race in tpacket_snd()
- sctp: fix the transport error_count check
- xen/netback: Reset nr_frags before freeing skb
- net/mlx5e: Only support tx/rx pause setting for port owner
- net/mlx5e: Use flow keys dissector to parse packets for ARFS
- team: Add vlan tx offload to hw_enc_features
- bonding: Add vlan tx offload to hw_enc_features
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.191
- [mips*] kernel: only use i8253 clocksource with periodic clockevent
- netfilter: ebtables: fix a memory leak bug in compat
- ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks
- bonding: Force slave speed check after link state recovery for 802.3ad
- can: dev: call netif_carrier_off() in register_candev()
- [armhf] ASoC: ti: davinci-mcasp: Correct slot_width posed constraint
- isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in
start_isoc_chain()
- isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the
stack
- perf bench numa: Fix cpu0 binding
- can: sja1000: force the string buffer NULL-terminated
- can: peak_usb: force the string buffer NULL-terminated
- NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim()
- HID: input: fix a4tech horizontal wheel custom usage
- net: cxgb3_main: Fix a resource leak in a error path in 'init_one()'
- [arm64] net: hisilicon: make hip04_tx_reclaim non-reentrant
- [arm64] net: hisilicon: fix hip04-xmit never return TX_BUSY
- [arm64] net: hisilicon: Fix dma_map_single failed on arm64
- libata: add SG safety checks in SFF pio transfers
- [x86] drm/vmwgfx: fix memory leak when too many retries have occurred
- perf pmu-events: Fix missing "cpu_clk_unhalted.core" event
- HID: wacom: correct misreported EKR ring values
- HID: wacom: Correct distance scale for 2nd-gen Intuos devices
- Revert "dm bufio: fix deadlock with loop device"
- gpiolib: never report open-drain/source lines as 'input' to user-space
- userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx
- [i386] retpoline: Don't clobber RFLAGS during CALL_NOSPEC on i386
- [x86] apic: Handle missing global clockevent gracefully
- [x86] boot: Save fields explicitly, zero out everything else
- [x86] boot: Fix boot regression caused by bootparam sanitizing
- dm btree: fix order of block initialization in btree_split_beneath
- dm space map metadata: fix missing store of apply_bops() return value
- dm table: fix invalid memory accesses with too high sector number
- genirq: Properly pair kobject_del() with kobject_add()
- mm, page_owner: handle THP splits correctly
- mm/zsmalloc.c: migration can leave pages in ZS_EMPTY indefinitely
- [x86] CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h
- dmaengine: ste_dma40: fix unneeded variable warning
- iommu/dma: Handle SG length overflow better
- usb: gadget: composite: Clear "suspended" on reset/disconnect
- xen/blkback: fix memory leaks
- [x86] tools: hv: fix KVP and VSS daemons exit code
- [armhf,arm64] watchdog: bcm2835_wdt: Fix module autoload
- scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value
- tcp: make sure EPOLLOUT wont be missed
- ALSA: line6: Fix memory leak at line6_init_pcm() error path
- ALSA: seq: Fix potential concurrent access to the deleted pool
- [x86] KVM: Don't update RIP or do single-step on faulting emulation
- [x86] apic: Do not initialize LDR and DFR for bigsmp
- mm/zsmalloc.c: fix race condition in zs_destroy_pool
- usb-storage: Add new JMS567 revision to unusual_devs
- USB: cdc-wdm: fix race between write and disconnect due to flag abuse
- [armhf,arm64] usb: chipidea: udc: don't do hardware access if gadget has
stopped
- usb: host: ohci: fix a race condition between shutdown and irq
- usb: host: xhci: rcar: Fix typo in compatible string matching
- USB: storage: ums-realtek: Update module parameter description for
auto_delink_en
- USB: storage: ums-realtek: Whitelist auto-delink support
- [x86] uprobes: Fix detection of 32-bit user mode
- mmc: core: Fix init of SD cards reporting an invalid VDD range
- [x86] VMCI: Release resource if the work is already queued
- Revert "cfg80211: fix processing world regdomain when non modular"
- mac80211: fix possible sta leak
- [armhf,arm64] KVM: vgic: Fix potential deadlock when ap_list is long
- [armhf,arm64] KVM: vgic-v2: Handle SGI bits in GICD_I{S,C}PENDR0 as WI
- [x86] i2c: piix4: Fix port selection for AMD Family 16h Model 30h
- mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.192
- Bluetooth: btqca: Add a short delay before downloading the NVM
- [ppc64el] ibmveth: Convert multicast list size for little-endian system
- gpio: Fix build error of function redefinition
- cxgb4: fix a memory leak bug
- net: myri10ge: fix memory leaks
- cx82310_eth: fix a memory leak bug
- net: kalmia: fix memory leaks
- wimax/i2400m: fix a memory leak bug
- IB/mlx4: Fix memory leaks
- ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr()
- ceph: fix buffer free while holding i_ceph_lock in fill_inode()
- [armhf,arm64] KVM: Only skip MMIO insn once
- libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer
- [armhf,arm64] spi: bcm2835aux: ensure interrupts are enabled for shared
handler
- [armhf,arm64] spi: bcm2835aux: unifying code between polling and
interrupt driven code
- [armhf,arm64] spi: bcm2835aux: remove dangerous uncontrolled read of fifo
- [armhf,arm64] spi: bcm2835aux: fix corruptions for longer spi transfers
- net: fix skb use after free in netpoll
- [armhf,arm64] net: stmmac: dwmac-rk: Don't fail if phy regulator is
absent
- tcp: inherit timestamp on mtu probe
- mld: fix memory leak in mld_del_delrec()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.193
- ALSA: hda - Fix potential endless loop at applying quirks
- ALSA: hda/realtek - Fix overridden device-specific initialization
- sched/fair: Don't assign runtime for throttled cfs_rq
- [x86] drm/vmwgfx: Fix double free in vmw_recv_msg()
- [ppc64el] tm: Fix FP/VMX unavailable exceptions inside a transaction
(CVE-2019-15030)
- xfrm: clean up xfrm protocol checks
- ip6: fix skb leak in ip6frag_expire_frag_queue()
- batman-adv: fix uninit-value in batadv_netlink_get_ifindex()
- batman-adv: Only read OGM tvlv_len after buffer len check
- [armhf] clk: s2mps11: Add used attribute to s2mps11_dt_match
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.194
- bridge/mdb: remove wrong use of NLM_F_MULTI
- cdc_ether: fix rndis support for Mediatek based smartphones
- ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()'
- isdn/capi: check message length in capi_write()
- net: Fix null de-reference of device refcount
- net: gso: Fix skb_segment splat when splitting gso_size mangled skb
having linear-headed frag_list
- sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
- sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()'
- sctp: use transport pf_retrans in sctp_do_8_2_transport_strike
- tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR
- tipc: add NULL pointer check before calling kfree_rcu
- tun: fix use-after-free when register netdev failed
- gpio: fix line flag validation in linehandle_create
- gpio: fix line flag validation in lineevent_create
- Btrfs: fix assertion failure during fsync and use of stale transaction
- genirq: Prevent NULL pointer dereference in resend_irqs()
- [s390x] KVM: Do not leak kernel stack data in the KVM_S390_INTERRUPT
ioctl
- [x86] KVM: work around leak of uninitialized stack contents
- [x86] KVM: nVMX: handle page fault in vmread
- [mips*] VDSO: Prevent use of smp_processor_id()
- [mips*] VDSO: Use same -m%-float cflag as the kernel proper
- [armhf] clk: rockchip: Don't yell about bad mmc phases when getting
- driver core: Fix use-after-free and double free on glue directory
- nvmem: Use the same permissions for eeprom as for nvmem
- USB: usbcore: Fix slab-out-of-bounds bug during device reset
- media: tm6000: double free if usb disconnect while streaming
- [ppc64el] mm/radix: Use the right page size for vmemmap mapping
- [x86] boot: Add missing bootparam that breaks boot on some platforms
- xen-netfront: do not assume sk_buff_head list is empty in error handling
- tty/serial: atmel: reschedule TX after RX was started
- mwifiex: Fix three heap overflow at parsing element in
cfg80211_ap_settings (CVE-2019-14814, CVE-2019-14815, CVE-2019-14816)
- [armhf] OMAP2+: Fix missing SYSC_HAS_RESET_STATUS for dra7 epwmss
- [s390x] bpf: fix lcgr instruction encoding
- [armhf] OMAP2+: Fix omap4 errata warning on other SoCs
- [s390x] bpf: use 32-bit index for tail calls
- NFSv4: Fix return values for nfs4_file_open()
- NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup
- qed: Add cleanup in qed_slowpath_start()
- [armel,armhf] 8874/1: mm: only adjust sections of valid mm structures
- batman-adv: Only read OGM2 tvlv_len after buffer len check
- r8152: Set memory to all 0xFFs on failed reg reads
- [x86] apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines
- netfilter: nf_conntrack_ftp: Fix debug output
- NFSv2: Fix eof handling
- NFSv2: Fix write regression
- cifs: set domainName when a domain-key is used in multiuser
- cifs: Use kzfree() to zero out the password
- [armel,armhf] 8901/1: add a criteria for pfn_valid of arm
- [x86] sky2: Disable MSI on yet another ASUS boards (P6Xxxx)
- [x86] perf/intel: Restrict period on Nehalem
- [x86] perf/amd/ibs: Fix sample bias for dispatched micro-ops
- [x86] tools/power turbostat: fix buffer overrun
- [armhf] dmaengine: ti: dma-crossbar: Fix a memory leak bug
- [armhf] dmaengine: ti: omap-dma: Add cleanup in omap_dma_probe()
- [x86] uaccess: Don't leak the AC flags into __get_user() argument
evaluation
- keys: Fix missing null pointer check in request_key_auth_describe()
- [x86] iommu/amd: Fix race in increase_address_space()
- floppy: fix usercopy direction
- media: technisat-usb2: break out of loop at end of buffer
(CVE-2019-15505)
- net_sched: let qdisc_put() accept NULL pointer
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.195
- Revert "Bluetooth: validate BLE connection interval updates"
- IB/core: Add an unbound WQ type to the new CQ API
- HID: prodikeys: Fix general protection fault during probe
- HID: logitech: Fix general protection fault caused by Logitech driver
- HID: hidraw: Fix invalid read in hidraw_ioctl
- mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword()
- media: tvp5150: fix switch exit in set control handler
- [armhf] ASoC: fsl: Fix of-node refcount unbalance in
fsl_ssi_probe_from_dt()
- [x86] ALSA: hda - Add laptop imic fixup for ASUS M9V laptop
- mac80211: Print text for disassociation reason
- mac80211: handle deauthentication/disassociation from TDLS peer
(CVE-2019-0136)
- power: supply: sysfs: ratelimit property read error message
- [armhf,arm64] irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices
- f2fs: check all the data segments against all node ones
- Revert "f2fs: avoid out-of-range memory access"
- f2fs: fix to do sanity check on segment bitmap of LFS curseg
- drm: Flush output polling on shutdown
- xfs: don't crash on null attr fork xfs_bmapi_read
- arcnet: provide a buffer big enough to actually receive packets
- cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize
- macsec: drop skb sk before calling gro_cells_receive
- net/phy: fix DP83865 10 Mbps HDX loopback disable function
- openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC
- ppp: Fix memory leak in ppp_write
- sch_netem: fix a divide by zero in tabledist()
- skge: fix checksum byte order
- usbnet: ignore endpoints with invalid wMaxPacketSize
- usbnet: sanity checking of packet sizes and device mtu
- mISDN: enforce CAP_NET_RAW for raw sockets (CVE-2019-17055)
- appletalk: enforce CAP_NET_RAW for raw sockets (CVE-2019-17054)
- ax25: enforce CAP_NET_RAW for raw sockets (CVE-2019-17052)
- ieee802154: enforce CAP_NET_RAW for raw sockets (CVE-2019-17053)
- nfc: enforce CAP_NET_RAW for raw sockets (CVE-2019-17056)
- [armhf] ASoC: sgtl5000: Fix charge pump source assignment
- [armhf,arm64] dmaengine: bcm2835: Print error in case setting DMA mask
fails
- media: dib0700: fix link error for dibx000_i2c_set_speed
- media: hdpvr: Add device num check and handling
- sched/fair: Fix imbalance due to CPU affinity
- sched/core: Fix CPU controller for !RT_GROUP_SCHED
- [x86] reboot: Always use NMI fallback when shutdown via reboot vector IPI
fails
- [x86] apic: Soft disable APIC before initializing it
- ALSA: hda - Show the fatal CORB/RIRB error more clearly
- ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in
build_adc_controls()
- media: iguanair: add sanity checks
- ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid
- md: don't call spare_active in md_reap_sync_thread if all member devices
can't work
- md: don't set In_sync if array is frozen
- efi: cper: print AER info of PCIe fatal error
- media: gspca: zero usb_buf on error
- [armhf] media: omap3isp: Don't set streaming state on random subdevs
- media: radio/si470x: kill urb on error
- media: hdpvr: add terminating 0 at end of string
- media: dvb-core: fix a memory leak bug
- PM / devfreq: passive: Use non-devm notifiers
- PM / devfreq: exynos-bus: Correct clock enable sequence
- media: saa7146: add cleanup in hexium_attach()
- media: cpia2_usb: fix memory leaks
- media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate()
- ACPI / CPPC: do not require the _PSD method
- [arm64] kpti: ensure patched kernel text is fetched from PoU
- nvmet: fix data units read and written counters in SMART log
- [x86] iommu/amd: Silence warnings under memory pressure
- libtraceevent: Change users plugin directory
- [armhf] dts: exynos: Mark LDO10 as always-on on Peach Pit/Pi Chromebooks
- ACPI: custom_method: fix memory leaks
- ACPI / PCI: fix acpi_pci_irq_enable() memory leak
- hwmon: (acpi_power_meter) Change log level for 'unsafe software power
cap'
- md/raid1: fail run raid1 array when active disk less than one
- [armhf] dmaengine: ti: edma: Do not reset reserved paRAM slots
- kprobes: Prohibit probing on BUG() and WARN() address
- [s390x] crypto: xts-aes-s390 fix extra run-time crypto self tests finding
- ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not
set
- libertas: Add missing sentinel at end of if_usb.c fw_table
- e1000e: add workaround for possible stalled packet
- drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2)
- media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
(CVE-2019-19533)
- [x86] ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93
- btrfs: extent-tree: Make sure we only allocate extents from block groups
with the same type
- [armhf] media: omap3isp: Set device on omap3isp subdevs
- PM / devfreq: passive: fix compiler warning
- ALSA: firewire-tascam: handle error code when getting current source of
clock
- ALSA: firewire-tascam: check intermediate state of clock status and retry
- IB/hfi1: Define variables as unsigned long to fix KASAN warning
- printk: remove games with previous record flags
- printk: Do not lose last line in kmsg buffer dump
- fuse: fix missing unlock_page in fuse_writepage()
- [x86] KVM: always stop emulation on page fault
- [x86] KVM: set ctxt->have_exception in x86_decode_insn()
- [x86] KVM: Manually calculate reserved bits when loading PDPTRS
- [x86] media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table
- [x86] ASoC: Intel: NHLT: Fix debug print format
- [x86] ASoC: Intel: Fix use of potentially uninitialized variable
- alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP
- memcg, kmem: do not fail __GFP_NOFAIL charges
- ovl: filter of trusted xattr results in audit
- Btrfs: fix use-after-free when using the tree modification log
- btrfs: Relinquish CPUs in btrfs_compare_trees
- md/raid6: Set R5_ReadError when there is read failure on parity disk
- cfg80211: Purge frame registrations on iftype change
- /dev/mem: Bail out upon SIGKILL.
- ext4: fix warning inside ext4_convert_unwritten_extents_endio
- ext4: fix punch hole for inline_data file systems
- quota: fix wrong condition in is_quota_modification()
- hwrng: core - don't wait on add_early_randomness()
- CIFS: fix max ea value size
- CIFS: Fix oplock handling for SMB 2.1+ protocols
- btrfs: qgroup: Drop quota_root and fs_info parameters from
update_qgroup_status_item
- Btrfs: fix race setting up and completing qgroup rescan workers
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.196
- gpu: drm: radeon: Fix a possible null-pointer dereference in
radeon_connector_set_property()
- ipmi_si: Only schedule continuously in the thread in maintenance mode
- [ppc64el] rtas: use device model APIs and serialization during LPM
- [ppc64el] futex: Fix warning: 'oldval' may be used uninitialized in this
function
- [ppc64el] pseries/mobility: use cond_resched when updating device tree
- [armhf,arm64] pinctrl: tegra: Fix write barrier placement in pmx_writel
- vfio_pci: Restore original state on release
- drm/amdgpu/si: fix ASIC tests
- [ppc64el] exception: machine check use correct cfar for late handler
- [ppc64el] pseries: correctly track irq state in default idle
- [arm64] fix unreachable code issue with cmpxchg
- scsi: core: Reduce memory required for SCSI logging
- [mips*] tlbex: Explicitly cast _PAGE_NO_EXEC to a boolean
- [x86] mfd: intel-lpss: Remove D3cold delay
- [armhf] PCI: tegra: Fix OF node reference leak
- [armel,armhf] 8898/1: mm: Don't treat faults reported from cache
maintenance as writes
- HID: apple: Fix stuck function keys when using FN
- [armel,armhf] 8903/1: ensure that usable memory in bank 0 starts from a
PMD-aligned address
- fat: work around race with userspace's read via blockdev while mounting
- [s390x] hypfs: Fix error number left in struct pointer member
- ocfs2: wait for recovering done after direct unlock request
- ANDROID: binder: remove waitqueue when thread exits. (CVE-2019-2215)
- cxgb4:Fix out-of-bounds MSI-X info array access
- hso: fix NULL-deref on tty open
- ipv6: drop incoming packets having a v4mapped source address
- net: ipv4: avoid mixed n_redirects and rate_tokens usage
- net: qlogic: Fix memory leak in ql_alloc_large_buffers
- net: Unpublish sk from sk_reuseport_cb before call_rcu
- nfc: fix memory leak in llcp_sock_bind()
- sch_dsmark: fix potential NULL deref in dsmark_init()
- net/rds: Fix error handling in rds_ib_add_one()
- xen-netfront: do not use ~0U as error return value for
xennet_fill_frags()
- sch_cbq: validate TCA_CBQ_WRROPT to avoid crash
- ipv6: Handle missing host route in __ipv6_ifa_notify
- NFC: fix attrs checks in netlink interface
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.197
- [s390x] KVM: Test for bad access register and size at the start of
S390_MEM_OP
- [s390x] topology: avoid firing events before kobjs are created
- [s390x] cio: avoid calling strlen on null pointer
- [s390x] cio: exclude subchannels with no parent from pseudo check
- [x86] KVM: nVMX: handle page fault in vmread fix
- ASoC: Define a set of DAPM pre/post-up events
- [ppc64el] powernv: Restrict OPAL symbol map to only be readable by root
- [x86] crypto: qat - Silence smp_processor_id() warning
- usercopy: Avoid HIGHMEM pfn warning
- timer: Read jiffies once when forwarding base clk
- [armhf] watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout
- ieee802154: atusb: fix use-after-free at disconnect (CVE-2019-19525)
- cfg80211: initialize on-stack chandefs
- ima: always return negative code for error
- fs: nfs: Fix possible null-pointer dereferences in encode_attrs()
- 9p: avoid attaching writeback_fid on mmap with type PRIVATE
- xen/pci: reserve MCFG areas earlier
- ceph: fix directories inode i_blkbits initialization
- ceph: reconnect connection if session hang in opening state
- drm/amdgpu: Check for valid number of registers to read
- thermal: Fix use-after-free when unregistering thermal zone device
- fuse: fix memleak in cuse_channel_open
- sched/core: Fix migration to invalid CPU in __set_cpus_allowed_ptr()
- kernel/elfcore.c: include proper prototypes
- tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on
failure
- perf tools: Fix segfault in cpu_cache_level__read()
- perf stat: Fix a segmentation fault when using repeat forever
- perf stat: Reset previous counts on repeat with interval
- cfg80211: add and use strongly typed element iteration macros
- cfg80211: Use const more consistently in for_each_element macros
- nl80211: validate beacon head (CVE-2019-16746)
- [armhf] ASoC: sgtl5000: Improve VAG power and mute control
- panic: ensure preemption is disabled during panic()
- USB: rio500: Remove Rio 500 kernel driver
- USB: yurex: Don't retry on unexpected errors
- USB: yurex: fix NULL-derefs on disconnect
- xhci: Fix false warning message about wrong bounce buffer write length
- xhci: Prevent device initiated U1/U2 link pm if exit latency is too long
- xhci: Check all endpoints for LPM timeout
- usb: xhci: wait for CNR controller not ready bit in xhci resume
- xhci: Increase STS_SAVE timeout in xhci_suspend()
- USB: adutux: remove redundant variable minor
- USB: adutux: fix use-after-free on disconnect (CVE-2019-19523)
- USB: adutux: fix NULL-derefs on disconnect
- USB: adutux: fix use-after-free on release
- USB: iowarrior: fix use-after-free on disconnect (CVE-2019-19528)
- USB: iowarrior: fix use-after-free on release
- USB: iowarrior: fix use-after-free after driver unbind
- USB: usblp: fix runtime PM after driver unbind
- USB: chaoskey: fix use-after-free on release
- USB: ldusb: fix NULL-derefs on driver unbind
- USB: serial: keyspan: fix NULL-derefs on open() and write()
- USB: serial: fix runtime PM after driver unbind
- USB: usblcd: fix I/O after disconnect
- USB: microtek: fix info-leak at probe
- USB: dummy-hcd: fix power budget for SuperSpeed mode
- USB: legousbtower: fix slab info leak at probe
- USB: legousbtower: fix deadlock on disconnect
- USB: legousbtower: fix potential NULL-deref on disconnect
- USB: legousbtower: fix open after failed reset request
- USB: legousbtower: fix use-after-free on release
- efivar/ssdt: Don't iterate over EFI vars if no SSDT override was
specified
- perf llvm: Don't access out-of-scope array
- perf inject jit: Fix JIT_CODE_MOVE filename
- CIFS: Gracefully handle QueryInfo errors during open
- CIFS: Force revalidate inode when dentry is stale
- CIFS: Force reval dentry if LOOKUP_REVAL flag is set
- kernel/sysctl.c: do not override max_threads provided by userspace
- [mips*/loongson-3] Disable Loongson MMI instructions for kernel build
- vfs: Fix the locking in dcache_readdir() and friends
- media: stkwebcam: fix runtime PM after driver unbind
- [rt] tracing/hwlat: Report total time spent in all NMIs during the sample
- [rt] tracing/hwlat: Don't ignore outer-loop duration when calculating
max_latency
- tracing: Get trace_array reference for available_tracers files
- [x86] asm: Fix MWAITX C-state hint value
- xfs: clear sb->s_fs_info on mount failure (CVE-2018-20976)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.198
- scsi: ufs: skip shutdown if hba is not powered
- scsi: megaraid: disable device when probe failed after enabled device
- scsi: qla2xxx: Fix unbound sleep in fcport delete path.
- [armhf] OMAP2+: Fix missing reset done flag for am3 and am43
- nl80211: fix null pointer dereference
- mac80211: fix txq null pointer dereference
- [mips*/loongson-3] Fix the link time qualifier of 'serial_exit()'
- [arm64] net: hisilicon: Fix usage of uninitialized variable in function
mdio_sc_cfg_reg_write()
- namespace: fix namespace.pl script to support relative paths
- ocfs2: fix panic due to ocfs2_wq is null
- loop: Add LOOP_SET_DIRECT_IO to compat ioctl
- sctp: change sctp_prot .no_autobind with true
- net: avoid potential infinite loop in tc_ctl_action()
- ipv4: Return -ENETUNREACH if we can't create route but saddr is valid
(Closes: #945023)
- memfd: Fix locking when tagging pins
- USB: legousbtower: fix memleak on disconnect
- USB: serial: ti_usb_3410_5052: fix port-close races
- USB: ldusb: fix memleak on disconnect
- USB: usblp: fix use-after-free on disconnect
- USB: ldusb: fix read info leaks
- [mips*] tlbex: Fix build_restore_pagemask KScratch restore
- [x86] staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS
- scsi: core: try to get module before removing device
- cfg80211: wext: avoid copying malformed SSIDs (CVE-2019-17133)
- mac80211: Reject malformed SSID elements
- [x86] drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50
- [s390x] scsi: zfcp: fix reaction on bit error threshold notification
- mm/slub: fix a deadlock in show_slab_objects()
- CIFS: avoid using MID 0xFFFF
- btrfs: block-group: Fix a memory leak due to missing
btrfs_put_block_group()
- memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()'
- cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown
- xen/netback: fix error path of xenvif_connect_data()
- PCI: PM: Fix pci_power_up()
- Revert "net: sit: fix memory leak in sit_init_net()"
- RDMA/cxgb4: Do not dma memory off of the stack (CVE-2019-17075)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.199
- dm snapshot: use mutex instead of rw_semaphore
- dm snapshot: introduce account_start_copy() and account_end_copy()
- dm snapshot: rework COW throttling to fix deadlock
- dm: Use kzalloc for all structs with embedded biosets/mempools
- [x86] HID: i2c-hid: add Direkt-Tek DTLAPY133-1 to descriptor override
- [x86] HID: i2c-hid: Add Odys Winbook 13 to descriptor override
- usb: handle warm-reset port requests on hub resume
- [armhf] rtc: pcf8523: set xtal load capacitance from DT
- exec: load_script: Do not exec truncated interpreter path
- [x86] iio: fix center temperature of bmc150-accel-core
- perf map: Fix overlapped map handling
- perf jevents: Fix period for Intel fixed counters
- staging: rtl8188eu: fix null dereference when kzalloc fails
- RDMA/iwcm: Fix a lock inversion issue
- [arm64] gpio: max77620: Use correct unit for debounce times
- fs: cifs: mute -Wunused-const-variable message
- efi/cper: Fix endianness of PCIe class code
- [x86] efi: Do not clean dummy variable in kexec path
- ocfs2: clear zero in unaligned direct IO
- fs: ocfs2: fix a possible null-pointer dereference in
ocfs2_write_end_nolock()
- fs: ocfs2: fix a possible null-pointer dereference in
ocfs2_info_scan_inode_alloc()
- NFSv4: Fix leak of clp->cl_acceptor string
- [s390x] uaccess: avoid (false positive) compiler warnings
- tracing: Initialize iter->seq after zeroing in tracing_read_pipe()
- USB: legousbtower: fix a signedness bug in tower_probe()
- [x86] thunderbolt: Use 32-bit writes when writing ring producer/consumer
- ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
(CVE-2019-15098)
- fuse: flush dirty data/metadata before non-truncate setattr
- fuse: truncate pending writes on O_TRUNC
- ALSA: bebob: Fix prototype of helper function to return negative value
- UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather
segments")
- USB: gadget: Reject endpoints with 0 maxpacket value
- usb-storage: Revert commit 747668dbc061 ("usb-storage: Set
virt_boundary_mask to avoid SG overflows")
- USB: ldusb: fix ring-buffer locking
- USB: ldusb: fix control-message timeout
- USB: serial: whiteheat: fix potential slab corruption
- USB: serial: whiteheat: fix line-speed endianness
- [x86] HID: i2c-hid: add Trekstor Primebook C11B to descriptor override
- HID: Fix assumption that devices have inputs (CVE-2019-19532)
- HID: fix error message in hid_open_report()
- nl80211: fix validation of mesh path nexthop
- [s390x] cmm: fix information leak in cmm_timeout_handler()
- rtlwifi: Fix potential overflow on P2P code (CVE-2019-17666)
- [armhf] dmaengine: cppi41: Fix cppi41_dma_prep_slave_sg() when idle
- llc: fix sk_buff leak in llc_sap_state_process()
- llc: fix sk_buff leak in llc_conn_service()
- bonding: fix potential NULL deref in bond_update_slave_arr
- net: usb: sr9800: fix uninitialized local variable
- sch_netem: fix rcu splat in netem_enqueue()
- sctp: fix the issue that flags are ignored when using kernel_connect
- sctp: not bind the socket in sctp_connect
- xfs: Correctly invert xfs_buftarg LRU isolation logic
- ALSA: timer: Limit max instances per timer
- ALSA: timer: Simplify error path in snd_timer_open()
- ALSA: timer: Fix mutex deadlock at releasing card
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.200
- [armhf] regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/
ti_abb_clear_all_txdone
- [armhf] regulator: pfuze100-regulator: Variable "val" in
pfuze100_regulator_probe() could be uninitialized
- [armhf] ASoc: rockchip: i2s: Fix RPM imbalance
- [armhf] dts: logicpd-torpedo-som: Remove twl_keypad
- [armel,armhf] mm: fix alignment handler faults under memory pressure
- scsi: scsi_dh_alua: handle RTPG sense code correctly during state
transitions
- perf kmem: Fix memory leak in compact_gfp_flags()
- scsi: target: core: Do not overwrite CDB byte 1
- cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs
- dccp: do not leak jiffies on the wire
- net: fix sk_page_frag() recursion from memory reclaim
- [arm64] net: hisilicon: Fix ping latency when deal with high throughput
- net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol()
- net: add READ_ONCE() annotation in __skb_wait_for_more_packets()
- [armhf] net: dsa: fix switch tree list
- vxlan: check tun_info options_len properly
- net/mlx4_core: Dynamically set guaranteed amount of counters per VF
- inet: stop leaking jiffies on the wire
- Kbuild: make designated_init attribute fatal
- kbuild: use -fmacro-prefix-map to make __FILE__ a relative path
- net/flow_dissector: switch to siphash (CVE-2019-18282)
- [arm64] dmaengine: qcom: bam_dma: Fix resource leak
- alarmtimer: Change remaining ENOTSUPP to EOPNOTSUPP
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.201
- CDC-NCM: handle incomplete transfer of MTU
- ipv4: Fix table id reference in fib_sync_down_addr
- net: fix data-race in neigh_event_send()
- nfc: netlink: fix double device reference drop
- qede: fix NULL pointer deref in __qede_remove()
- ALSA: timer: Fix incorrectly assigned timer instance
- ALSA: bebob: fix to detect configured source of sampling clock for
Focusrite Saffire Pro i/o series
- ALSA: hda/ca0132 - Fix possible workqueue stall
- mm: thp: handle page cache THP correctly in PageTransCompoundMap
- mm, vmstat: hide /proc/pagetypeinfo from normal users
- dump_stack: avoid the livelock of the dump_lock
- perf tools: Fix time sorting
- drm/radeon: fix si_enable_smc_cac() failed issue
- ceph: fix use-after-free in __ceph_remove_cap()
- netfilter: nf_tables: Align nft_expr private data to 64-bit
- netfilter: ipset: Fix an error code in ip_set_sockfn_get()
- can: usb_8dev: fix use-after-free on disconnect
- can: peak_usb: fix a potential out-of-sync while decoding packets
- can: gs_usb: gs_can_open(): prevent memory leak (CVE-2019-19052)
- can: peak_usb: fix slab info leak (CVE-2019-19534)
- configfs: Fix bool initialization/comparison
- configfs: stash the data we need into configfs_buffer at open time
- configfs_register_group() shouldn't be (and isn't) called in rmdirable
parts
- configfs: new object reprsenting tree fragments
- configfs: provide exclusion between IO and removals
- configfs: fix a deadlock in configfs_symlink()
- [x86] usbip: stub_rx: fix static checker warning on unnecessary checks
- [x86] usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path
- [x86] usbip: fix possibility of dereference by NULLL pointer in
vhci_hcd.c
- [x86] drivers: usb: usbip: Add missing break statement to switch
- [armhf] PCI: tegra: Enable Relaxed Ordering only for Tegra20 & Tegra30
- [x86] HID: intel-ish-hid: fix wrong error handling in
ishtp_cl_alloc_tx_ring()
- scsi: qla2xxx: fixup incorrect usage of host_byte
- scsi: lpfc: Honor module parameter lpfc_use_adisc
- ipvs: move old_secure_tcp into struct netns_ipvs
- bonding: fix unexpected IFF_BONDING bit unset
- usb: gadget: composite: Fix possible double free memory bug
- usb: gadget: configfs: fix concurrent issue between composite APIs
- [armhf,arm64] usb: dwc3: remove the call trace of USBx_GFLADJ
- [x86] perf/amd/ibs: Fix reading of the IBS OpData register and thus
precise RIP validity
- [x86] perf/amd/ibs: Handle erratum #420 only on the affected CPU family
(10h)
- USB: Skip endpoints with 0 maxpacket length
- RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case
- scsi: qla2xxx: stop timer in shutdown path
- [amd64] fjes: Handle workqueue allocation failure
- [arm64] net: hisilicon: Fix "Trying to free already-free IRQ"
- NFSv4: Don't allow a cached open with a revoked delegation
- igb: Fix constant media auto sense switching when no cable is connected
- e1000: fix memory leaks
- [x86] apic: Move pending interrupt check code into it's own function
- [x86] apic: Drop logical_smp_processor_id() inline
- [x86] apic/32: Avoid bogus LDR warnings
- mm/filemap.c: don't initiate writeback if mapping has no dirty pages
- cgroup,writeback: don't switch wbs immediately on dead wbs if the memcg
is dead
- net: prevent load/store tearing on sk->sk_stamp
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.202
- [x86] kvm: mmu: Don't read PDPTEs when paging is not enabled
- Bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in
hci_uart_set_proto() (CVE-2019-15917)
- usb: gadget: core: unmap request from DMA only if previously mapped
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.203
- ax88172a: fix information leak on short answers
- slip: Fix memory leak in slip_open error path
- ALSA: usb-audio: Fix missing error check at mixer resolution test
- ALSA: usb-audio: not submit urb for stopped endpoint
- Input: ff-memless - kill timer in destroy() (CVE-2019-19524)
- IB/hfi1: Ensure full Gen3 speed in a Gen4 system
- ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable
- ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either
- [x86] iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros
- mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm()
- mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup()
- ath10k: fix kernel panic by moving pci flush after napi_disable
- ALSA: pcm: signedness bug in snd_pcm_plug_alloc()
- [arm64] dts: tegra210-p2180: Correct sdmmc4 vqmmc-supply
- cfg80211: Avoid regulatory restore when COUNTRY_IE_IGNORE is set
- ALSA: seq: Do error checks at creating system ports
- ath9k: fix tx99 with monitor mode interface
- gfs2: Don't set GFS2_RDF_UPTODATE when the lvb is updated
- ASoC: dpcm: Properly initialise hw->rate_max
- [armhf] dts: exynos: Fix sound in Snow-rev5 Chromebook
- [armhf] dts: exynos: Fix regulators configuration on Peach Pi/Pit
Chromebooks
- i40e: use correct length for strncpy
- i40e: hold the rtnl lock on clearing interrupt scheme
- i40e: Prevent deleting MAC address from VF when set by PF
- IB/rxe: fixes for rdma read retry
- iwlwifi: mvm: avoid sending too many BARs
- rtl8187: Fix warning generated when strncpy() destination length matches
the sixe argument
- net: lan78xx: Bail out if lan78xx_get_endpoints fails
- [armhf] ASoC: sgtl5000: avoid division by zero if lo_vag is zero
- [armhf] dts: exynos: Disable pull control for S5M8767 PMIC
- ath10k: wmi: disable softirq's while calling ieee80211_rx
- [x86] ASoC: Intel: hdac_hdmi: Limit sampling rates at dai creation
- of: make PowerMac cache node search conditional on CONFIG_PPC_PMAC
- [armhf] dts: omap3-gta04: give spi_lcd node a label so that we can
overwrite in other DTS files
- [armhf] dts: omap3-gta04: fixes for tvout / venc
- [armhf] dts: omap3-gta04: tvout: enable as display1 alias
- [armhf] dts: omap3-gta04: fix touchscreen tsc2007
- [armhf] dts: omap3-gta04: make NAND partitions compatible with recent
U-Boot
- [armhf] dts: omap3-gta04: keep vpll2 always on
- ath9k: add back support for using active monitor interfaces for tx99
- signal: Always ignore SIGKILL and SIGSTOP sent to the global init
- signal: Properly deliver SIGILL from uprobes
- signal: Properly deliver SIGSEGV from x86 uprobes
- f2fs: fix memory leak of percpu counter in fill_super()
- scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir()
- [armhf] imx6: register pm_power_off handler if "fsl,pmic-stby-poweroff"
is set
- scsi: pm80xx: Corrected dma_unmap_sg() parameter
- scsi: pm80xx: Fixed system hang issue during kexec boot
- kprobes: Don't call BUG_ON() if there is a kprobe in use on free list
- nvmem: core: return error code instead of NULL from nvmem_device_get
- media: fix: media: pci: meye: validate offset to avoid arbitrary access
- media: dvb: fix compat ioctl translation
- ALSA: intel8x0m: Register irq handler after register initializations
- llc: avoid blocking in llc_sap_close()
- [ppc64el] vdso: Correct call frame information
- [armhf] dts: socfpga: Fix I2C bus unit-address error
- cxgb4: Fix endianness issue in t4_fwcache()
- component: fix loop condition to call unbind() if bind() fails
- kernfs: Fix range checks in kernfs_get_target_path
- ip_gre: fix parsing gre header in ipgre_err
- [armhf] dts: rockchip: Fix erroneous SPI bus dtc warnings on rk3036
- ath9k: Fix a locking bug in ath9k_add_interface()
- [s390x] qeth: invoke softirqs after napi_schedule()
- PCI/ACPI: Correct error message for ASPM disabling
- [ppc64el] iommu: Avoid derefence before pointer check
- [ppc64el] 64s/hash: Fix stab_rr off by one initialization
- [ppc64el] pseries: Disable CPU hotplug across migrations
- RDMA/i40iw: Fix incorrect iterator type
- [armhf] power: supply: twl4030_charger: fix charging current
out-of-bounds
- [armhf] power: supply: twl4030_charger: disable eoc interrupt on linear
charge
- [armhf,arm64] usb: chipidea: imx: enable OTG overcurrent in case USB
subsystem is already started
- [armhf,arm64] usb: chipidea: Fix otg event handler
- [armhf] ARM: dts: am335x-evm: fix number of cpsw
- f2fs: fix to recover inode's uid/gid during POR
- [armel/marvell] dts: marvell: Fix SPI and I2C bus warnings
- bnx2x: Ignore bandwidth attention in single function mode
- [x86] CPU: Use correct macros for Cyrix calls
- [mips*] kexec: Relax memory restriction
- media: pci: ivtv: Fix a sleep-in-atomic-context bug in ivtv_yuv_init()
- media: au0828: Fix incorrect error messages
- usb: gadget: uvc: configfs: Drop leaked references to config items
- usb: gadget: uvc: configfs: Prevent format changes after linking header
- [armhf] phy: phy-twl4030-usb: fix denied runtime access
- usb: gadget: uvc: Factor out video USB request queueing
- usb: gadget: uvc: Only halt video streaming endpoint in bulk mode
- [ppc64el] misc: genwqe: should return proper error value.
- vfio/pci: Fix potential memory leak in vfio_msi_cap_len
- vfio/pci: Mask buggy SR-IOV VF INTx support
- scsi: libsas: always unregister the old device if going to discover new
- [armhf] dts: tegra30: fix xcvr-setup-use-fuses
- EDAC: Raise the maximum number of memory controllers
- Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS
- crypto: fix a memory leak in rsa-kcs1pad's encryption mode
- [arm64] dts: amd: Fix SPI bus warnings
- [arm64] dts: lg: Fix SPI controller node names
- fuse: use READ_ONCE on congestion_threshold and max_background
- IB/iser: Fix possible NULL deref at iser_inv_desc()
- memfd: Use radix_tree_deref_slot_protected to avoid the warning.
- slcan: Fix memory leak in error path
- net: cdc_ncm: Signedness bug in cdc_ncm_set_dgram_size()
- [x86] atomic: Fix smp_mb__{before,after}_atomic()
- [x86] kprobes: Prohibit probing on exception masking instructions
- [x86] uprobes: Prohibit probing on MOV SS instruction
- fbdev: Ditch fb_edid_add_monspecs
- block: introduce blk_rq_is_passthrough
- libata: have ata_scsi_rw_xlat() fail invalid passthrough requests
- [armhf] dts: omap5: enable OTG role for DWC3 controller
- f2fs: return correct errno in f2fs_gc
- SUNRPC: Fix priority queue fairness
- [armhf,arm64] kvm: Fix stage2_flush_memslot for 4 level page table
- [arm64] numa: Report correct memblock range for the dummy node
- ath10k: fix vdev-start timeout on error
- ath9k: fix reporting calculated new FFT upper max
- nl80211: Fix a GET_KEY reply attribute
- cxgb4: Use proper enum in cxgb4_dcb_handle_fw_update
- cxgb4: Use proper enum in IEEE_FAUX_SYNC
- [ppc64el] pseries: Fix DTL buffer registration
- [ppc64el] pseries: Fix how we iterate over the DTL entries
- ixgbe: Fix crash with VFs and flow director on interface flap
- IB/mthca: Fix error return code in __mthca_init_one()
- IB/mlx4: Avoid implicit enumerated type conversion
- ACPICA: Never run _REG on system_memory and system_IO
- ALSA: hda/sigmatel - Disable automute for Elo VuPoint
- [ppc64el] KVM: Book3S PR: Exiting split hack mode needs to fixup both PC
and LR
- USB: serial: cypress_m8: fix interrupt-out transfer length
- [armel/marvell] mtd: physmap_of: Release resources on error
- cpu/SMT: State SMT is disabled even with nosmt and without "=force"
- brcmfmac: reduce timeout for action frame scan
- brcmfmac: fix full timeout waiting for action frame on-channel tx
- [armhf] clk: samsung: Use clk_hw API for calling clk framework from clk
notifiers
- NFSv4.x: fix lock recovery during delegation recall
- [x86] dmaengine: ioat: fix prototype of ioat_enumerate_channels
- iwlwifi: mvm: don't send keys when entering D3
- reset: Fix potential use-after-free in __of_reset_control_get()
- bcache: recal cached_dev_sectors on detach
- [s390x] kasan: avoid vdso instrumentation
- [armhf] mfd: ti_am335x_tscadc: Keep ADC interface on if child is wakeup
capable
- GFS2: Flush the GFS2 delete workqueue before stopping the kernel threads
- media: cx231xx: fix potential sign-extension overflow on large shift
- [x86] kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error
- gpio: syscon: Fix possible NULL ptr usage
- spi: spidev: Fix OF tree warning logic
- [armel,armhf] 8802/1: Call syscall_trace_exit even when system call
skipped
- [armhf] hwmon: (pwm-fan) Silence error on probe deferral
- mac80211: minstrel: fix CCK rate group streams value
- [armhf] spi: rockchip: initialize dma_slave_config properly
- [armhf] dts: omap5: Fix dual-role mode on Super-Speed port
- [arm64] uaccess: Ensure PAN is re-enabled after unhandled uaccess fault
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.204
- net/mlx4_en: fix mlx4 ethtool -N insertion
- net: rtnetlink: prevent underflows in do_setvfinfo()
- sfc: Only cancel the PPS workqueue if it exists
- net/mlx5e: Fix set vf link state error flow
- net/sched: act_pedit: fix WARN() in the traffic path
- [arm64] gpio: max77620: Fixup debounce delays
- mm/ksm.c: don't WARN if page is still mapped in remove_stable_node()
- [x86] platform: asus-nb-wmi: Support ALS on the Zenbook UX430UQ
- [x86] platform: asus-wmi: Only Tell EC the OS will handle display hotkeys
from asus_nb_wmi
- mwifiex: Fix NL80211_TX_POWER_LIMITED
- ALSA: isight: fix leak of reference to firewire unit in error path of
.probe callback
- printk: fix integer overflow in setup_log_buf()
- gfs2: Fix marking bitmaps non-full
- synclink_gt(): fix compat_ioctl()
- [ppc64el] Fix signedness bug in update_flash_db()
- [ppc64el] eeh: Fix use of EEH_PE_KEEP on wrong field
- brcmsmac: AP mode: update beacon when TIM changes
- ath10k: allocate small size dma memory in ath10k_pci_diag_write_mem
- btrfs: handle error of get_old_root
- [amd64] misc: mic: fix a DMA pool free failure
- scsi: ips: fix missing break in switch
- [x86] KVM: Fix invvpid and invept register operand size in 64-bit mode
- [x86] scsi: isci: Use proper enumerated type in
atapi_d2h_reg_frame_handler
- [x86] scsi: isci: Change sci_controller_start_task's return type to
sci_status
- scsi: iscsi_tcp: Explicitly cast param in iscsi_sw_tcp_host_get_param
- [armhf] ASoC: tegra_sgtl5000: fix device_node refcounting
- scsi: dc395x: fix dma API usage in srb_done
- scsi: dc395x: fix DMA API usage in sg_update_list
- net: fix warning in af_unix
- xfs: fix use-after-free race in xfs_buf_rele
- [x86] kprobes, ptrace.h: Make regs_get_kernel_stack_nth() not fault on
bad stack
- ALSA: i2c/cs8427: Fix int to char conversion
- USB: misc: appledisplay: fix backlight update_status return code
- usbip: tools: fix atoi() on non-null terminated string
- SUNRPC: Fix a compile warning for cmpxchg64()
- sunrpc: safely reallow resvport min/max inversion
- atm: zatm: Fix empty body Clang warnings
- [s390x] perf: Return error when debug_register fails
- [armhf] spi: omap2-mcspi: Set FIFO DMA trigger level to word length
- ceph: fix dentry leak in ceph_readdir_prepopulate
- [armel/marvell] rtc: s35390a: Change buf's type to u8 in s35390a_init
- f2fs: fix to spread clear_cold_data()
- mISDN: Fix type of switch control variable in ctrl_teimanager
- qlcnic: fix a return in qlcnic_dcb_get_capability()
- net: ethernet: ti: cpsw: unsync mcast entries while switch promisc mode
- [armhf] mfd: mc13xxx-core: Fix PMIC shutdown when reading ADC values
- [ppc64el] process: Fix flush_all_to_thread for SPE
- fs/ocfs2/dlm/dlmdebug.c: fix a sleep-in-atomic-context bug in
dlm_print_one_mle()
- mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock
- macsec: update operstate when lower device changes
- macsec: let the administrator set UP state even if lowerdev is down
- linux/bitmap.h: handle constant zero-size bitmaps correctly
- linux/bitmap.h: fix type of nbits in bitmap_shift_right()
- hfsplus: fix BUG on bnode parent update
- hfs: fix BUG on bnode parent update
- hfsplus: prevent btree data loss on ENOSPC
- hfs: prevent btree data loss on ENOSPC
- hfsplus: fix return value of hfsplus_get_block()
- hfs: fix return value of hfs_get_block()
- hfsplus: update timestamps on truncate()
- hfs: update timestamp on truncate()
- fs/hfs/extent.c: fix array out of bounds read of array extent
- mm/memory_hotplug: make add_memory() take the device_hotplug_lock
- igb: shorten maximum PHC timecounter update interval
- [arm64] makefile fix build of .i file in external module case
- ocfs2: don't put and assigning null to bh allocated outside
- ocfs2: fix clusters leak in ocfs2_defrag_extent()
- net: do not abort bulk send on BQL status
- sched/fair: Don't increase sd->balance_interval on newidle balance
- audit: print empty EXECVE args
- [armhf,arm64] wlcore: Fix the return value in case of error in
'wlcore_vendor_cmd_smart_config_start()'
- rtl8xxxu: Fix missing break in switch
- brcmsmac: never log "tid x is not agg'able" by default
- wireless: airo: potential buffer overflow in sprintf()
- rtlwifi: rtl8192de: Fix misleading REG_MCUFWDL information
- scsi: mpt3sas: Fix Sync cache command failure during driver unload
- scsi: mpt3sas: Fix driver modifying persistent data in Manufacturing
page11
- scsi: megaraid_sas: Fix msleep granularity
- scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces
- dlm: fix invalid free
- dlm: don't leak kernel pointer to userspace
- ACPICA: Use %d for signed int print formatting instead of %u
- [arm64] pinctrl: qcom: spmi-gpio: fix gpio-hog related boot issues
- [armhf] spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch
- mm/memory_hotplug: Do not unlock when fails to take the
device_hotplug_lock
- Bluetooth: Fix invalid-free in bcsp_close()
- KVM: MMU: Do not treat ZONE_DEVICE pages as being reserved
- ath9k_hw: fix uninitialized variable data
- dm: use blk_set_queue_dying() in __dm_destroy()
- [arm64] fix for bad_mode() handler to always result in panic
- cpufreq: Skip cpufreq resume if it's not suspended
- ocfs2: remove ocfs2_is_o2cb_active()
- [armel,armhf] 8904/1: skip nomap memblocks while finding the lowmem/
highmem boundary
- [x86] insn: Fix awk regexp warnings
- [x86] speculation: Fix incorrect MDS/TAA mitigation status
- [x86] speculation: Fix redundant MDS mitigation message
- nfc: port100: handle command failure cleanly
- l2tp: don't use l2tp_tunnel_find() in l2tp_ip and l2tp_ip6
- media: vivid: Set vid_cap_streaming and vid_out_streaming to true
- media: vivid: Fix wrong locking that causes race conditions on streaming
stop (CVE-2019-18683)
- media: usbvision: Fix races among open, close, and disconnect
- cpufreq: Add NULL checks to show() and store() methods of cpufreq
- media: uvcvideo: Fix error path in control parsing failure
- media: b2c2-flexcop-usb: add sanity checking (CVE-2019-15291)
- media: cxusb: detect cxusb_ctrl_msg error in query
- media: imon: invalid dereference in imon_touch_event
- virtio_console: reset on out of memory
- virtio_console: don't tie bufs to a vq
- virtio_console: allocate inbufs in add_port() only if it is needed
- virtio_ring: fix return code on DMA mapping fails
- virtio_console: fix uninitialized variable use
- virtio_console: drop custom control queue cleanup
- virtio_console: move removal code
- usbip: tools: fix fd leakage in the function of read_attr_usbip_status
- usb-serial: cp201x: support Mark-10 digital force gauge
- USB: chaoskey: fix error case of a timeout
- appledisplay: fix error handling in the scheduled work
- USB: serial: mos7720: fix remote wakeup
- USB: serial: mos7840: fix remote wakeup
- staging: comedi: usbduxfast: usbduxfast_ai_cmdtest rounding error
- [ppc64el] 64s: support nospectre_v2 cmdline option
- [ppc64el] book3s64: Fix link stack flush on context switch
(CVE-2019-18660)
- [ppc64el] KVM: Book3S HV: Flush link stack on guest exit to host kernel
(CVE-2019-18660)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.205
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.206
- ASoC: compress: fix unsigned integer overflow check
- [armel/marvell] ASoC: kirkwood: fix external clock probe defer
- [armhf] clk: samsung: exynos5420: Preserve PLL configuration during
suspend/resume
- reset: fix reset_control_ops kerneldoc comment
- can: peak_usb: report bus recovery as well
- [arm64] watchdog: meson: Fix the wrong value of left time
- mac80211: fix station inactive_time shortly after boot
- block: drbd: remove a stray unlock in __drbd_send_protocol()
- scsi: lpfc: Fix dif and first burst use in write commands
- [armhf] dts: imx53-voipac-dmm-668: Fix memory node duplication
- [arm64] mm: Prevent mismatched 52-bit VA support
- [arm64] smp: Handle errors reported by the firmware
- [armhf] PM / AVS: SmartReflex: NULL check before some freeing functions
is not needed
- [x86] ACPI / LPSS: Ignore acpi_device_fix_up_power() return value
- crypto: user - support incremental algorithm dumps
- mwifiex: fix potential NULL dereference and use after free
- mwifiex: debugfs: correct histogram spacing, formatting
- rtl818x: fix potential use after free
- xfs: require both realtime inodes to mount
- ubi: Put MTD device after it is not used
- ubi: Do not drop UBI device reference before using
- gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB
- VSOCK: bind to random port for VMADDR_PORT_ANY
- [armhf] mtd: rawnand: sunxi: Write pageprog related opcodes to WCMD_SET
- btrfs: only track ref_heads in delayed_ref_updates
- [x86] HID: intel-ish-hid: fixes incorrect error handling
- xen/pciback: Check dev_data before using it
- pinctrl: xway: fix gpio-hog related boot issues
- net/mlx5: Continue driver initialization despite debugfs failure
- [s390x] KVM: unregister debug feature on failing arch init
- dm flakey: Properly corrupt multi-page bios.
- gfs2: take jdata unstuff into account in do_grow
- xfs: Align compat attrlist_by_handle with native implementation.
- xfs: Fix bulkstat compat ioctls on x32 userspace.
- IB/qib: Fix an error code in qib_sdma_verbs_send()
- [ppc64el] xmon: fix dump_segments()
- [armhf] drivers/regulator: fix a missing check of return value
- RDMA/srp: Propagate ib_post_send() failures to the SCSI mid-layer
- scsi: qla2xxx: deadlock by configfs_depend_item
- scsi: csiostor: fix incorrect dma device in case of vport
- ath6kl: Only use match sets when firmware supports it
- ath6kl: Fix off by one error in scan completion
- [ppc64el] prom: fix early DEBUG messages
- [ppc64el] mm: Make NULL pointer deferences explicit on bad page faults.
- vfio/spapr_tce: Get rid of possible infinite loop
- [ppc64el] powernv/eeh/npu: Fix uninitialized variables in
opal_pci_eeh_freeze_status
- drbd: ignore "all zero" peer volume sizes in handshake
- drbd: reject attach of unsuitable uuids even if connected
- drbd: do not block when adjusting "disk-options" while IO is frozen
- drbd: fix print_st_err()'s prototype to match the definition
- [armhf] regulator: tps65910: fix a missing check of return value
- [ppc64el] pseries: Fix node leak in update_lmb_associativity_index()
- net/net_namespace: Check the return value of register_pernet_subsys()
- [armhf,arm64] net: stmicro: fix a missing check of clk_prepare
- [armhf] net: dsa: bcm_sf2: Propagate error value from mdio_write
- atl1e: checking the status of atl1e_write_phy_reg
- tipc: fix a missing check of genlmsg_put
- ocfs2: clear journal dirty flag after shutdown journal
- vmscan: return NODE_RECLAIM_NOSCAN in node_reclaim() when CONFIG_NUMA
is n
- lib/genalloc.c: fix allocation of aligned buffer from non-aligned chunk
- lib/genalloc.c: use vzalloc_node() to allocate the bitmap
- mtd: Check add_mtd_device() ret code
- tipc: fix memory leak in tipc_nl_compat_publ_dump
- net/core/neighbour: tell kmemleak about hash tables
- net/core/neighbour: fix kmemleak minimal reference count for hash tables
- sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe
- ip_tunnel: Make none-tunnel-dst tunnel port work with lwtunnel
- decnet: fix DN_IFREQ_SIZE
- tipc: fix skb may be leaky in tipc_link_input
- sfc: initialise found bitmap in efx_ef10_mtd_probe
- net: fix possible overflow in __sk_mem_raise_allocated()
- sctp: don't compare hb_timer expire date before starting it
- net: dev: Use unsigned integer as an argument to left-shift
- [x86] iommu/amd: Fix NULL dereference bug in match_hid_uid
- scsi: libsas: Support SATA PHY connection rate unmatch fixing during
discovery
- ACPI / APEI: Switch estatus pool to use vmalloc memory
- scsi: libsas: Check SMP PHY control function result
- [ppc64el] pseries/dlpar: Fix a missing check in dlpar_parse_cc_property()
- mtd: Remove a debug trace in mtdpart.c
- mm, gup: add missing refcount overflow checks on x86 and s390
- [amd64] mei: bus: prefix device names on bus with the bus name
- media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE
- [arm64] net: macb: fix error format in dev_err()
- pwm: Clear chip_data in pwm_put()
- macvlan: schedule bc_work even if error
- openvswitch: fix flow command message size
- slip: Fix use-after-free Read in slip_open
- openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info()
- openvswitch: remove another BUG_ON()
- tipc: fix link name length check
- sctp: cache netns in sctp_ep_common
- net: sched: fix `tc -s class show` no bstats on class with nolock
subqueues
- HID: core: check whether Usage Page item is after Usage ID items
- [x86] platform: hp-wmi: Fix ACPI errors caused by too small buffer
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.207
- [arm64] tegra: Fix 'active-low' warning for Jetson TX1 regulator
- usb: gadget: u_serial: add missing port entry locking
- [arm64] tty: serial: msm_serial: Fix flow control
- [armhf,arm64] serial: pl011: Fix DMA ->flush_buffer()
- serial: serial_core: Perform NULL checks for break_ctl ops
- autofs: fix a leak in autofs_expire_indirect()
- exportfs_decode_fh(): negative pinned may become positive without the
parent locked
- audit_get_nd(): don't unlock parent too early
- ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed()
- rsxx: add missed destroy_workqueue calls in remove
- serial: core: Allow processing sysrq at port unlock time
- cxgb4vf: fix memleak in mac_hlist initialization
- iwlwifi: mvm: Send non offchannel traffic via AP sta
- [armhf] 8813/1: Make aligned 2-byte getuser()/putuser() atomic on ARMv6+
- net/mlx5: Release resource on error flow
- [armhf] clk: rockchip: fix rk3188 sclk_smc gate data
- [armhf] clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering
- [armhf] dts: rockchip: Fix rk3288-rock2 vcc_flash name
- dlm: fix missing idr_destroy for recover_idr
- [s390x] scsi: zfcp: drop default switch case which might paper over
missing case
- [arm64] pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues
- regulator: Fix return value of _set_load() stub
- [mips*/octeon] octeon-platform: fix typing
- math-emu/soft-fp.h: (_FP_ROUND_ZERO) cast 0 to void to fix warning
- [armhf] dts: exynos: Use Samsung SoC specific compatible for DWC2 module
- [armhf,arm64] usb: dwc3: don't log probe deferrals; but do log other
error codes
- ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion()
- dma-mapping: fix return type of dma_set_max_seg_size()
- [armhf] serial: imx: fix error handling in console_setup
- [armhf] i2c: imx: don't print error message on probe defer
- dlm: NULL check before kmem_cache_destroy is not needed
- nfsd: fix a warning in __cld_pipe_upcall()
- net/x25: fix called/calling length calculation in x25_parse_address_block
- net/x25: fix null_x25_address handling
- tcp: fix off-by-one bug on aborting window-probing socket
- tcp: fix SNMP TCP timeout under-estimation
- modpost: skip ELF local symbols during section mismatch check
- kbuild: fix single target build for external module
- mtd: fix mtd_oobavail() incoherent returned value
- [armhf] clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent
- dlm: fix invalid cluster name warning
- net/mlx4_core: Fix return codes of unsupported operations
- [ppc64el] math-emu: Update macros from GCC
- [mips*/octeon] cvmx_pko_mem_debug8: use oldest forward compatible
definition
- nfsd: Return EPERM, not EACCES, in some SETATTR cases
- tty: Don't block on IO when ldisc change is pending
- media: stkwebcam: Bugfix for wrong return values
- mlx4: Use snprintf instead of complicated strcpy
- [armhf] dts: sunxi: Fix PMU compatible strings
- sched/fair: Scale bandwidth quota and period without losing quota/period
ratio precision
- fuse: verify nlink
- fuse: verify attributes
- ALSA: pcm: oss: Avoid potential buffer overflows
- [x86] Input: goodix - add upside-down quirk for Teclast X89 tablet
- [x86] PCI: Avoid AMD FCH XHCI USB PME# from D0 defect
- CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks
- CIFS: Fix SMB2 oplock break processing
- tty: vt: keyboard: reject invalid keycodes
- can: slcan: Fix use-after-free Read in slcan_open
- jbd2: Fix possible overflow in jbd2_log_space_left()
- [i386] drm/i810: Prevent underflow in ioctl
- [x86] KVM: do not modify masked bits of shared MSRs
- [x86] KVM: fix presentation of TSX feature in ARCH_CAPABILITIES
- [x86] crypto: ccp - fix uninitialized list head
- crypto: ecdh - fix big endian bug in ECC library
- crypto: user - fix memory leak in crypto_report (CVE-2019-19062)
- RDMA/qib: Validate ->show()/store() callbacks before calling them
- thermal: Fix deadlock in thermal thermal_zone_device_check
- [x86] KVM: fix out-of-bounds write in KVM_GET_EMULATED_CPUID
(CVE-2019-19332)
- appletalk: Fix potential NULL pointer dereference in
unregister_snap_client (CVE-2019-19227)
- appletalk: Set error code if register_snap_client failed
- usb: gadget: configfs: Fix missing spin_lock_init()
- USB: uas: honor flag to avoid CAPACITY16
- USB: uas: heed CAPACITY_HEURISTICS
- usb: Allow USB device to be warm reset in suspended state
- staging: rtl8188eu: fix interface sanity check
- staging: rtl8712: fix interface sanity check
- staging: gigaset: fix general protection fault on probe
- staging: gigaset: fix illegal free on probe errors
- staging: gigaset: add endpoint-type sanity check
- xhci: Increase STS_HALT timeout in xhci_suspend()
- [armhf] dts: pandora-common: define wl1251 as child node of mmc3
- USB: atm: ueagle-atm: add missing endpoint check
- USB: idmouse: fix interface sanity checks
- USB: serial: io_edgeport: fix epic endpoint lookup
- USB: adutux: fix interface sanity check
- usb: core: urb: fix URB structure initialization function
- usb: mon: Fix a deadlock in usbmon between mmap and read
- virtio-balloon: fix managed page counts when migrating pages between zones
- btrfs: check page->mapping when loading free space cache
- btrfs: Remove btrfs_bio::flags member
- Btrfs: send, skip backreference walking for extents with many references
- btrfs: record all roots for rename exchange on a subvol
- rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address
- rtlwifi: rtl8192de: Fix missing callback that tests for hw release of
buffer
- rtlwifi: rtl8192de: Fix missing enable interrupt flag
- lib: raid6: fix awk build warnings
- ALSA: hda - Fix pending unsol events at shutdown
- workqueue: Fix spurious sanity check failures in destroy_workqueue()
- workqueue: Fix pwq ref leak in rescuer_thread()
- ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report
- blk-mq: avoid sysfs buffer overflow with too many CPU cores
- cgroup: pids: use atomic64_t for pids->limit
- ar5523: check NULL before memcpy() in ar5523_cmd()
- cpuidle: Do not unset the driver if it is there already
- PM / devfreq: Lock devfreq in trans_stat_show
- ACPI: OSL: only free map once in osl.c
- ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data()
- ACPI: PM: Avoid attaching ACPI PM domain to certain devices
- [armhf] pinctrl: samsung: Fix device node refcount leaks in init code
- [armhf] mmc: host: omap_hsmmc: add code for special init of wl1251 to get
rid of pandora_wl1251_init_card
- ppdev: fix PPGETTIME/PPSETTIME ioctls
- [ppc64el] Allow 64bit VDSO __kernel_sync_dicache to work across ranges
>4GB
- video/hdmi: Fix AVI bar unpack
- quota: Check that quota is not dirty before release
- quota: fix livelock in dquot_writeback_dquots
- [s390x] scsi: zfcp: trace channel log even for FCP command responses
- usb: xhci: only set D3hot for pci device
- xhci: Fix memory leak in xhci_add_in_port()
- xhci: make sure interrupts are restored to correct state
- Btrfs: fix negative subv_writers counter and data space leak after
buffered write
- [armhf] omap: pdata-quirks: remove openpandora quirks for mmc3 and wl1251
- scsi: lpfc: Cap NPIV vports to 256
- [x86] MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15 models
- [x86] MCE/AMD: Carve out the MC4_MISC thresholding quirk
- ath10k: fix fw crash by moving chip reset after napi disabled
- [armhf] dts: omap3-tao3530: Fix incorrect MMC card detection GPIO
polarity
- scsi: qla2xxx: Fix DMA unmap leak
- scsi: qla2xxx: Fix session lookup in qlt_abort_work()
- scsi: qla2xxx: Fix qla24xx_process_bidir_cmd()
- scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return
value
- [ppc64el] Fix vDSO clock_getres()
- reiserfs: fix extended attributes on the root directory
- [arm64] firmware: qcom: scm: Ensure 'a0' status code is treated as signed
- mm/shmem.c: cast the type of unmap_start to u64
- ext4: fix a bug in ext4_wait_for_tail_page_commit
- blk-mq: make sure that line break can be printed
- workqueue: Fix missing kfree(rescuer) in destroy_workqueue()
- sunrpc: fix crash when cache_head become valid before update
- net/mlx5e: Fix SFF 8472 eeprom length
- kernel/module.c: wakeup processes in module_wq on module unload
- nvme: host: core: fix precedence of ternary operator
- net: bridge: deny dev_set_mac_address() when unregistering
- net: ethernet: ti: cpsw: fix extra rx interrupt
- openvswitch: support asymmetric conntrack
- tcp: md5: fix potential overestimation of TCP option space
- tipc: fix ordering of tipc module init and exit routine
- inet: protect against too small mtu values.
- tcp: fix rejected syncookies due to stale timestamps
- tcp: tighten acceptance of ACKs not matching a child socket
- tcp: Protect accesses to .ts_recent_stamp with {READ,WRITE}_ONCE()
- [x86] PCI: Fix Intel ACS quirk UPDCR register address
- PCI/MSI: Fix incorrect MSI-X masking on resume
- CIFS: Respect O_SYNC and O_DIRECT flags during reconnect
- [armhf] tegra: Fix FLOW_CTLR_HALT register clobbering by tegra_resume()
- vfio/pci: call irq_bypass_unregister_producer() before freeing irq
- dma-buf: Fix memory leak in sync_file_merge()
- dm btree: increase rebalance threshold in __rebalance2()
- scsi: iscsi: Fix a potential deadlock in the timeout handler
- drm/radeon: fix r1xx/r2xx register checker for POT textures
- xhci: fix USB3 device initiated resume race with roothub autosuspend
- [armhf,arm64] net: stmmac: use correct DMA buffer size in the RX
descriptor
- [armhf,arm64] net: stmmac: don't stop NAPI processing when dropping a
packet
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.208
- btrfs: skip log replay on orphaned roots
- btrfs: do not leak reloc root if we fail to read the fs root
- btrfs: handle ENOENT in btrfs_uuid_tree_iterate
- ALSA: pcm: Avoid possible info leaks from PCM stream buffers
- ALSA: hda/ca0132 - Keep power on during processing DSP response
- ALSA: hda/ca0132 - Avoid endless loop
- drm: mst: Fix query_payload ack reply struct
- spi: Add call to spi_slave_abort() function when spidev driver is
released
- staging: rtl8192u: fix multiple memory leaks on error path
- staging: rtl8188eu: fix possible null dereference
- rtlwifi: prevent memory leak in rtl_usb_probe
- libertas: fix a potential NULL pointer dereference
- IB/iser: bound protection_sg size by data_sg size
- tools/power/cpupower: Fix initializer override in hsw_ext_cstates
- [armhf] hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if
not idled
- media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init()
- media: cec-funcs.h: add status_req checks
- mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring
(CVE-2019-19057)
- [armhf] media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid
pixel format
- [armhf] media: ti-vpe: vpe: fix a v4l2-compliance failure about frame
sequence number
- [armhf] media: ti-vpe: vpe: Make sure YUYV is set as default format
- [x86] mm: Use the correct function type for native_set_fixmap()
- perf test: Report failure for mmap events
- usb: usbfs: Suppress problematic bind and unbind uevents.
- Bluetooth: hci_core: fix init for HCI_USER_CHANNEL
- [x86] mce: Lower throttling MCE messages' priority to warning
- [x86] drm/gma500: fix memory disclosures due to uninitialized bytes
- rtl8xxxu: fix RTL8723BU connection failure issue after warm reboot
- [x86] ioapic: Prevent inconsistent state when moving an interrupt
- [arm64] psci: Reduce the waiting time for cpu_psci_cpu_kill()
- libata: Ensure ata_port probe has completed before detach
- Bluetooth: Fix advertising duplicated flags
- bnx2x: Fix PF-VF communication over multi-cos queues.
- ALSA: timer: Limit max amount of slave instances
- rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt()
- perf probe: Fix to find range-only function instance
- perf probe: Fix to list probe event with correct line number
- perf probe: Walk function lines in lexical blocks
- perf probe: Fix to probe an inline function which has no entry pc
- perf probe: Fix to show ranges of variables in functions without entry_pc
- perf probe: Fix to show inlined function callsite without entry_pc
- perf probe: Fix to probe a function which has no entry pc
- perf probe: Skip overlapped location on searching variables
- perf probe: Return a better scope DIE if there is no best scope
- perf probe: Fix to show calling lines of inlined functions
- perf probe: Skip end-of-sequence and non statement lines
- perf probe: Filter out instances except for inlined subroutine and
subprogram
- ath10k: fix get invalid tx rate for Mesh metric
- media: pvrusb2: Fix oops on tear-down when radio support is not present
- media: si470x-i2c: add missed operations in remove
- ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile
- [s390x] disassembler: don't hide instruction addresses
- parport: load lowlevel driver if ports not found
- cpufreq: Register drivers only after CPU devices have been registered
- [x86] crash: Add a forward declaration of struct kimage
- iwlwifi: mvm: fix unaligned read of rx_pkt_status
- [arm64] spi: tegra20-slink: add missed clk_unprepare
- mmc: tmio: Add MMC_CAP_ERASE to allow erase/discard/trim requests
- btrfs: don't prematurely free work in end_workqueue_fn()
- btrfs: don't prematurely free work in run_ordered_work()
- [x86] insn: Add some Intel instructions to the opcode map
- iwlwifi: check kasprintf() return value
- fbtft: Make sure string is NULL terminated
- [armhf] crypto: sun4i-ss - Fix 64-bit size_t warnings on sun4i-ss-hash.c
- [ppc64el] crypto: vmx - Avoid weird build failures
- libtraceevent: Fix memory leakage in copy_filter_type
- net: phy: initialise phydev speed and duplex sanely
- btrfs: don't prematurely free work in reada_start_machine_worker()
- usb: xhci: Fix build warning seen with CONFIG_PM=n
- btrfs: don't double lock the subvol_sem for rename exchange
- btrfs: do not call synchronize_srcu() in inode_tree_del
- btrfs: return error pointer from alloc_test_extent_buffer
- btrfs: abort transaction after failed inode updates in create_subvol
- Btrfs: fix removal logic of the tree mod log that leads to use-after-free
issues
- af_packet: set defaule value for tmo
- [amd64] fjes: fix missed check in fjes_acpi_add
- mod_devicetable: fix PHY module format
- [arm64] net: hisilicon: Fix a BUG trigered by wrong bytes_compl
- net: qlogic: Fix error paths in ql_alloc_large_buffers()
- net: usb: lan78xx: Fix suspend/resume PHY register access error
- sctp: fully initialize v4 addr in some functions
- net: dst: Force 4-byte alignment of dst_metrics
- [x86] usbip: Fix error path of vhci_recv_ret_submit()
- USB: EHCI: Do not return -EPIPE when hub is disconnected
- [x86] platform: hp-wmi: Make buffer for HPWMI_FEATURE2_QUERY 128 bytes
- [x86] staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value
- ext4: fix ext4_empty_dir() for directories with holes (CVE-2019-19037)
- ext4: check for directory entries too close to block end
- [ppc64el] irq: fix stack overflow verification
- perf probe: Fix to show function entry line as probe-able
- scsi: mpt3sas: Fix clear pending bit in ioctl status
- scsi: lpfc: Fix locking on mailbox command completion
- Input: atmel_mxt_ts - disable IRQ across suspend
- [armhf,arm64] iommu/tegra-smmu: Fix page tables in > 4 GiB memory
- scsi: target: compare full CHAP_A Algorithm strings
- scsi: lpfc: Fix SLI3 hba in loop mode not discovering devices
- scsi: csiostor: Don't enable IRQs too early
- [ppc64el] pseries: Mark accumulate_stolen_time() as notrace
- [ppc64el] pseries: Don't fail hash page table insert for bolted mapping
- [ppc64el] security/book3s64: Report L1TF status in sysfs
- [ppc64el] book3s64/hash: Add cond_resched to avoid soft lockup warning
- jbd2: Fix statistics for the number of logged blocks
- scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and
WRITE(6)
- scsi: lpfc: Fix duplicate unreg_rpi error in port offline flow
- [arm64] clk: qcom: Allow constant ratio freq tables for rcg
- fs/quota: handle overflows of sysctl fs.quota.* and report as unsigned
long
- scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences
- scsi: ufs: fix potential bug which ends in system hang
- [ppc64el] pseries/cmm: Implement release() function for sysfs device
- [ppc64el] security: Fix wrong message when RFI Flush is disable
- bcache: at least try to shrink 1 node in bch_mca_scan()
- HID: Improve Windows Precision Touchpad detection.
- ext4: work around deleting a file with i_nlink == 0 safely
(CVE-2019-19447)
- scsi: pm80xx: Fix for SATA device discovery
- scsi: scsi_debug: num_tgts must be >= 0
- scsi: target: iscsi: Wait for all commands to finish before freeing a
session
- cdrom: respect device capabilities during opening action
- perf regs: Make perf_reg_name() return "unknown" instead of NULL
- [s390x] cpum_sf: Check for SDBT and SDB consistency
- ocfs2: fix passing zero to 'PTR_ERR' warning
- kernel: sysctl: make drop_caches write-only
- [x86] mce: Fix possibly incorrect severity calculation on AMD
- net, sysctl: Fix compiler warning when only cBPF is present
- ALSA: hda - Downgrade error message for single-cmd fallback
- perf strbuf: Remove redundant va_end() in strbuf_addv()
- vfs: Make filldir[64]() verify the directory entry filename is valid
(CVE-2019-10220)
- vfs: filldir[64]: remove WARN_ON_ONCE() for bad directory entries
- netfilter: ebtables: compat: reject all padding in matches/watchers
- 6pack,mkiss: fix possible deadlock
- netfilter: bridge: make sure to pull arp header in br_nf_forward_arp()
- net: icmp: fix data-race in cmp_global_allow()
- hrtimer: Annotate lockless access to timer->state
- [x86] pinctrl: baytrail: Really serialize all register accesses
- mmc: sdhci: Update the tuning failed messages to pr_debug level
- [amd64] net: ena: fix napi handler misbehavior when the napi budget is
zero
- vhost/vsock: accept only packets with the right dst_cid
- tcp/dccp: fix possible race __inet_lookup_established()
- tcp: do not send empty skb from tcp_write_xmit()
- gtp: fix wrong condition in gtp_genl_dump_pdp()
- gtp: avoid zero size hashtable
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.209
- PM / devfreq: Don't fail devfreq_dev_release if not in list
- RDMA/cma: add missed unregister_pernet_subsys in init failure
- scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func
- scsi: qla2xxx: Don't call qlt_async_event twice
- scsi: iscsi: qla4xxx: fix double free in probe
- scsi: libsas: stop discovering if oob mode is disconnected
(CVE-2019-19965)
- usb: gadget: fix wrong endpoint desc
- md: raid1: check rdev before reference in raid1_sync_request func
- [s390x] cpum_sf: Adjust sampling interval to avoid hitting sample limits
- [s390x] cpum_sf: Avoid SBD overflow condition in irq handler
- IB/mlx4: Follow mirror sequence of device add during device removal
- xen-blkback: prevent premature module unload
- xen/balloon: fix ballooned page accounting without hotplug enabled
- PM / hibernate: memory_bm_find_bit(): Tighten node optimisation
- xfs: fix mount failure crash on invalid iclog memory access
- taskstats: fix data-race
- drm: limit to INT_MAX in create_blob ioctl
- ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code
- [mips*] Avoid VDSO ABI breakage due to global register variable
- mm/zsmalloc.c: fix the migrated zspage statistics.
- memcg: account security cred as well to kmemcg
- locks: print unsigned ino in /proc/locks
- dmaengine: Fix access to uninitialized dma_slave_caps
- compat_ioctl: block: handle Persistent Reservations
- gpiolib: fix up emulated open drain outputs
- tracing: Have the histogram compare functions convert to u64 first
- ALSA: cs4236: fix error return comparison of an unsigned integer
- ftrace: Avoid potential division by zero in function profiler
- [arm64] Revert support for execute-only user mappings
- PM / devfreq: Check NULL governor in available_governors_show
- nfsd4: fix up replay_matches_cache()
- xfs: don't check for AG deadlock for realtime files in bunmapi
- Bluetooth: btusb: fix PM leak in error case of setup
- Bluetooth: delete a stray unlock
- Bluetooth: Fix memory leak in hci_connect_le_scan
- media: flexcop-usb: ensure -EIO is returned on error condition
- media: usb: fix memory leak in af9005_identify_state (CVE-2019-18809)
- [arm64] tty: serial: msm_serial: Fix lockup for sysrq and oops
- fix compat handling of FICLONERANGE, FIDEDUPERANGE and FS_IOC_FIEMAP
- drm/mst: Fix MST sideband up-reply failure handling
- [ppc64el] pseries/hvconsole: Fix stack overread via udbg
- rxrpc: Fix possible NULL pointer access in ICMP handling
- ath9k_htc: Modify byte order for an error message
- ath9k_htc: Discard undersized packets
- net: add annotations on hh->hh_len lockless accesses
- [s390x] smp: fix physical to logical CPU map for SMT
- xen/blkback: Avoid unmapping unmapped grant pages
- [x86] locking: Remove the unused atomic_inc_short() methd
- pstore/ram: Write new dumps to start of recycled zones
- locking/spinlock/debug: Fix various data races
- netfilter: ctnetlink: netns exit must wait for callbacks
- efi/gop: Return EFI_NOT_FOUND if there are no usable GOPs
- efi/gop: Return EFI_SUCCESS if a usable GOP was found
- efi/gop: Fix memory leak in __gop_query32/64()
- [armhf] vexpress: Set-up shared OPP table instead of individual for each
CPU
- netfilter: uapi: Avoid undefined left-shift in xt_sctp.h
- [arm64] spi: spi-cavium-thunderx: Add missing pci_release_regions()
- [ppc64el] Ensure that swiotlb buffer is allocated from low memory
- bnx2x: Do not handle requests from VFs after parity
- bnx2x: Fix logic to get total no. of PFs per engine
- net: usb: lan78xx: Fix error message format specifier
- rfkill: Fix incorrect check to avoid NULL pointer dereference
- [x86] perf/intel: Fix PT PMI handling
- [armhf,arm64] net: stmmac: RX buffer size must be 16 byte aligned
- block: fix memleak when __blk_rq_map_user_iov() is failed
- llc2: Fix return statement of llc_stat_ev_rx_null_dsap_xid_c (and
_test_c)
- macvlan: do not assume mac_header is set in macvlan_broadcast()
- [armhf] net: stmmac: dwmac-sunxi: Allow all RGMII modes
- net: usb: lan78xx: fix possible skb leak
- pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM
- sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY
- tcp: fix "old stuff" D-SACK causing SACK to be treated as D-SACK
- vxlan: fix tos value before xmit
- vlan: vlan_changelink() should propagate errors
- net: sch_prio: When ungrafting, replace with FIFO
- vlan: fix memory leak in vlan_dev_set_egress_priority
- USB: core: fix check for duplicate endpoints
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.210
- chardev: Avoid potential use-after-free in 'chrdev_open()'
- [armhf,arm64] usb: chipidea: host: Disable port power only if previously
enabled
- ALSA: usb-audio: Apply the sample rate quirk for Bose Companion 5
- tcp: minimize false-positives on TCP/GRO check
- kernel/trace: Fix do not unregister tracepoints when register
sched_migrate_task fail
- HID: Fix slab-out-of-bounds read in hid_field_extract
- HID: uhid: Fix returning EPOLLOUT from uhid_char_poll
- HID: hid-input: clear unmapped usages
- Input: add safety guards to input_set_keycode()
- drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ
- can: gs_usb: gs_usb_probe(): use descriptors of current altsetting
- can: can_dropped_invalid_skb(): ensure an initialized headroom in
outgoing CAN sk_buffs
- [x86] staging: vt6656: set usb_set_intfdata on driver fail.
- USB: serial: option: add ZLP support for 0x1bc7/0x9010
- [armhf] usb: musb: fix idling for suspend after disconnect interrupt
- [armhf] usb: musb: Disable pullup at init
- [armhf] usb: musb: dma: Correct parameter passed to IRQ handler
- [x86] staging: comedi: adv_pci1710: fix AI channels 16-31 for PCI-1713
- tty: link tty and port before configuring it as console
- tty: always relink the port
- mwifiex: fix possible heap overflow in mwifiex_process_country_ie()
(CVE-2019-14895)
- mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf
(CVE-2019-19056)
- scsi: bfa: release allocated memory in case of error (CVE-2019-19066)
- rtl8xxxu: prevent leaking urb (CVE-2019-19068)
- USB: Fix: Don't skip endpoint descriptors with maxpacket=0
- netfilter: arp_tables: init netns pointer in xt_tgchk_param struct
- netfilter: ipset: avoid null deref when IPSET_ATTR_LINENO is present
- [x86] drm/i915/gen9: Clear residual context state on context switch
(CVE-2019-14615)
.
[ Ben Hutchings ]
* debian/control: Fix version in dependencies on arch-independent
linux-headers-*-common* (Closes: #869511)
* linux-headers: Change linux-kbuild dependency to be versioned (ensuring
it has retpoline support on x86)
* [rt] Update to 4.9.201-rt134:
- Update "fs/dcache: disable preemption on i_dir_seq's write side" to
apply after "Fix the locking in dcache_readdir() and friends"
* Bump ABI to 12
* xfs: catch inode allocation state mismatch corruption
* xfs: validate cached inodes are free when allocated (CVE-2018-13093)
* xfs: don't call xfs_da_shrink_inode with NULL bp (CVE-2018-13094)
* rsi: add fix for crash during assertions (CVE-2018-21008)
* libertas: Fix two buffer overflows at parsing bss descriptor
(CVE-2019-14896, CVE-2019-14897)
* mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame()
(CVE-2019-14901)
* media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap
(CVE-2019-15217)
* wimax: i2400: fix memory leak (CVE-2019-19051)
* wimax: i2400: Fix memory leak in i2400m_op_rfkill_sw_toggle
(CVE-2019-19051)
* ext4: fix use-after-free race with debug_want_extra_isize
* ext4: add more paranoia checking in ext4_expand_extra_isize handling
(CVE-2019-19767)
* can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB devices
(CVE-2019-19947)
* dccp: Fix memleak in __feat_register_sp (CVE-2019-20096)
linux (4.9.189-3+deb9u2) stretch-security; urgency=high
.
* [x86] Add mitigation for TSX Asynchronous Abort (CVE-2019-11135):
- KVM: x86: use Intel speculation bugs and features as derived in generic
x86 code
- x86/msr: Add the IA32_TSX_CTRL MSR
- x86/cpu: Add a helper function x86_read_arch_cap_msr()
- x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
- x86/speculation/taa: Add mitigation for TSX Async Abort
- x86/speculation/taa: Add sysfs reporting for TSX Async Abort
- kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
- x86/tsx: Add "auto" option to the tsx= cmdline parameter
- x86/speculation/taa: Add documentation for TSX Async Abort
- x86/tsx: Add config options to set tsx=on|off|auto
- x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs
TSX is now disabled by default; see
Documentation/hw-vuln/tsx_async_abort.rst
* [x86] KVM: Add mitigation for Machine Check Error on Page Size Change
(aka iTLB multi-hit, CVE-2018-12207):
- KVM: x86: simplify ept_misconfig
- KVM: x86: extend usage of RET_MMIO_PF_* constants
- KVM: MMU: drop vcpu param in gpte_access
- kvm: Convert kvm_lock to a mutex
- kvm: x86: Do not release the page inside mmu_set_spte()
- KVM: x86: make FNAME(fetch) and __direct_map more similar
- KVM: x86: remove now unneeded hugepage gfn adjustment
- KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
- KVM: x86: Add is_executable_pte()
- KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
- KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active
- x86/bugs: Add ITLB_MULTIHIT bug infrastructure
- cpu/speculation: Uninline and export CPU mitigations helpers
- kvm: mmu: ITLB_MULTIHIT mitigation
- kvm: Add helper function for creating VM worker threads
- kvm: x86: mmu: Recovery of shattered NX large pages
- Documentation: Add ITLB_MULTIHIT documentation
* [x86] i915: Mitigate local privilege escalation on gen9 (CVE-2019-0155):
- drm/i915: kick out cmd_parser specific structs from i915_drv.h
- drm/i915: cleanup use of INSTR_CLIENT_MASK
- drm/i915: return EACCES for check_cmd() failures
- drm/i915: don't whitelist oacontrol in cmd parser
- drm/i915: Use the precomputed value for whether to enable command parsing
- drm/i915/cmdparser: Limit clflush to active cachelines
- drm/i915/gtt: Add read only pages to gen8_pte_encode
- drm/i915/gtt: Read-only pages for insert_entries on bdw+
- drm/i915/gtt: Disable read-only support under GVT
- drm/i915: Prevent writing into a read-only object via a GGTT mmap
- drm/i915/cmdparser: Check reg_table_count before derefencing.
- drm/i915/cmdparser: Do not check past the cmd length.
- drm/i915: Silence smatch for cmdparser
- drm/i915: Move engine->needs_cmd_parser to engine->flags
- drm/i915: Rename gen7 cmdparser tables
- drm/i915: Disable Secure Batches for gen6+
- drm/i915: Remove Master tables from cmdparser
- drm/i915: Add support for mandatory cmdparsing
- drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
- drm/i915: Allow parsing of unsized batches
- drm/i915: Add gen9 BCS cmdparsing
- drm/i915/cmdparser: Use explicit goto for error paths
- drm/i915/cmdparser: Add support for backward jumps
- drm/i915/cmdparser: Ignore Length operands during command matching
- drm/i915/cmdparser: Fix jump whitelist clearing
* [x86] i915: Mitigate local denial-of-service on gen8/gen9 (CVE-2019-0154):
- drm/i915: Lower RM timeout to avoid DSI hard hangs
- drm/i915/gen8+: Add RC6 CTX corruption WA
* drm/i915: Avoid ABI change for CVE-2019-0155
linux (4.9.189-3+deb9u1) stretch-security; urgency=high
.
* vhost: make sure log_num < in_num (CVE-2019-14835)
* ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit (CVE-2019-15117)
* ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term
(CVE-2019-15118)
* [x86] ptrace: fix up botched merge of spectrev1 fix (CVE-2019-15902)
* KVM: coalesced_mmio: add bounds checking (CVE-2019-14821)
linux-latest (80+deb9u10) stretch; urgency=medium
.
* Update to 4.9.0-12
llvm-toolchain-7 (1:7.0.1-8~deb9u3) stretch; urgency=medium
.
* Disable the gold linker from s390x.
* Bootstrap with -fno-addrsig, stretch's binutils doesn't work with it on
mips64el.
mariadb-10.1 (10.1.44-0+deb9u1) stretch; urgency=high
.
* SECURITY UPDATE: New upstream version 10.1.44. Includes fixes for the
following security vulnerabilities:
- CVE-2020-2574
* Previous upstream version 10.1.43 includes a fix for a
regression introduced in the previous release:
- MDEV-20987: InnoDB fails to start when FTS table has FK relation
* Previous release 10.1.42 includes fix for the following security
vulnerability:
- CVE-2019-2974
mediawiki (1:1.27.7-1~deb9u3) stretch-security; urgency=medium
.
* Fix CVE-2019-19709, backported from upstream
* Disable personal and sitewide CSS/JS on Special:PasswordReset as a
hardening measure, backported from upstream
mediawiki (1:1.27.7-1~deb9u2) stretch-security; urgency=medium
.
* Fix CVE-2019-16738, backported from upstream
monit (1:5.20.0-6+deb9u1) stretch; urgency=medium
.
* Implement position independent CSRF cookie value (Closes: #941895).
netty (1:4.1.7-2+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Correctly handle whitespaces in HTTP header names as defined by
RFC7230#section-3.2.4 (CVE-2019-16869) (Closes: #941266)
nghttp2 (1.18.1-1+deb9u1) stretch-security; urgency=high
.
* Fix CVE-2019-9511 and CVE-2019-9513
node-fstream (1.0.10-1+deb9u1) stretch; urgency=medium
.
* Team upload
* Clobber a Link if it's in the way of a File
(Closes: #931408, CVE-2019-13173)
node-mixin-deep (1.1.3-1+deb9u1) stretch; urgency=medium
.
* Team upload
* Fix prototype polution (Closes: #898315, CVE-2018-3719)
* Fix prototype pollution (Closes: #932500, CVE-2019-10746)
nodejs-mozilla (8.11.1~dfsg-2~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Backport to stretch as nodejs-mozilla, to be used for Firefox ESR 68.
* Use internal libuv, http-parser and c-ares as the ones in stretch are
too old.
* disable-expired-cert-test.patch: disable a test case that fails due to an
expired test certificate.
* fix-openssl-error-string.patch: update a test expected output for
openssl 1.1.0j.
nvidia-graphics-drivers-legacy-340xx (340.108-3~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
.
nvidia-graphics-drivers-legacy-340xx (340.108-3~deb10u1) buster; urgency=medium
.
* Rebuild for buster.
.
nvidia-graphics-drivers-legacy-340xx (340.108-3) unstable; urgency=medium
.
* Bump Standards-Version to 4.5.0. No changes needed.
.
nvidia-graphics-drivers-legacy-340xx (340.108-2) unstable; urgency=medium
.
* Restore kmem_cache_create_usercopy.patch. (Closes: #948032, #948195)
* Add NEWS entry w.r.t. EoL state.
* Use substitution to keep Standards-Version in sync (430.64-5).
.
nvidia-graphics-drivers-legacy-340xx (340.108-1) unstable; urgency=medium
.
* The 340.xx legacy driver series has been declared as End-of-Life by
NVIDIA. No further updates fixing security issues, critical bugs, or
adding support for new Xorg or Linux releases will be issued.
https://nvidia.custhelp.com/app/answers/detail/a_id/3142
.
* New upstream legacy 340xx branch release 340.108 (2019-12-23).
- Updated the nvidia-drm kernel module for compatibility with the removal
of the DRIVER_PRIME flag in recent Linux kernel versions.
- Updated nvidia-bug-report.sh to search the systemd journal for
gdm-x-session logs.
- Fixed a build failure, "too many arguments to function 'get_user_pages'",
when building the NVIDIA kernel module for Linux kernel v4.4.168.
- Fixed a build failure, "implicit declaration of function do_gettimeofday",
when building the NVIDIA kernel module for Linux kernel 5.0 release
candidates.
* Improved compatibility with recent Linux kernels.
.
[ Andreas Beckmann ]
* Add buildfix_kernel_4.11.patch (replacing vm-fault.patch) and (parts of)
buildfix_kernel_5.2.patch from Ubuntu to fix more vm-fault issues during
kernel module build for Linux 5.2+.
* Refresh patches.
* Allow alternative libnvidia-{tesla,legacy-*}-cuda1 packages to substitute
libcuda1 in third-party packages (430.64-3).
- Add Provides: libcuda.so.1 (= ${nvidia:Version}).
- Generate alternative versioned dependency on libcuda.so.1 through the
symbols file.
.
nvidia-graphics-drivers-legacy-340xx (340.107-8) unstable; urgency=medium
.
* Create and commit tarball symlinks for legacy branches (430.64-1).
* Allow alternative libnvidia-{tesla,legacy-*}-ml1 packages to substitute
libnvidia-ml1 (430.64-2).
- Add Provides: libnvidia-ml.so.1 (= ${nvidia:Version}).
- Generate alternative versioned dependency on libnvidia-ml.so.1 through
the symbols file.
* Add buildfix_kernel_5.4.patch from Ubuntu to fix kernel module build for
Linux 5.4. (Closes: #946137)
.
nvidia-graphics-drivers-legacy-340xx (340.107-7) unstable; urgency=medium
.
* Add buildfix_kernel_5.3.patch from Ubuntu to fix kernel module build for
Linux 5.3. (Closes: #941788)
* Bump Standards-Version to 4.4.1. No changes needed.
.
nvidia-graphics-drivers-legacy-340xx (340.107-6) unstable; urgency=medium
.
* Add conftest-include-guard.patch to restore compatibility with older
kernels.
.
nvidia-graphics-drivers-legacy-340xx (340.107-5) unstable; urgency=medium
.
* Add buildfix_kernel_4.11.patch (replacing vm-fault.patch),
buildfix_kernel_5.0.patch, buildfix_kernel_5.2.patch from Ubuntu to fix
kernel module build for Linux 5.2. (Closes: #934295, #923815)
* Bump Standards-Version to 4.4.0. No changes needed.
.
nvidia-graphics-drivers-legacy-340xx (340.107-4) unstable; urgency=medium
.
* use-nv-kernel-ARCH.o_shipped.patch: Simplify for better kernel
compatibility. (Closes: #922479)
* Drop versioned constraints that are satisfied in wheezy (390.87-7).
* Bump Standards-Version to 4.3.0. No changes needed.
.
nvidia-graphics-drivers-legacy-340xx (340.107-3) unstable; urgency=medium
.
* Synchronize the module build debhelper sequence with debhelper 10
(390.87-1).
* Pass the private library directory to dh_shlibdeps using the -l option
instead of LD_LIBRARY_PATH, fixing FTBFS with dpkg 1.19.1 (390.87-3).
* Add Build-Depends-Package to symbols files where appropriate and override
symbols-file-missing-build-depends-package-field elsewhere (390.87-3).
* Clean up and unify rule style in debian/rules (390.87-3).
* Bump Standards-Version to 4.2.1. No changes needed.
* Add debian/rules targets for archiving the tarballs in a separate
repository using sparse checkouts and git-lfs as storage backend
(390.87-3).
* Refresh patches.
.
nvidia-graphics-drivers-legacy-340xx (340.107-2) unstable; urgency=high
.
* Backport kmem_cache_create_usercopy.patch from 390.67-2 for the 340.xx
series, fixing "Bad or missing usercopy whitelist? Kernel memory exposure
attempt detected from SLUB object 'nvidia_stack_cache'" on Linux kernels
that have disabled CONFIG_HARDENED_USERCOPY_FALLBACK
(i.e. linux-image-4.16.0-2-* or newer). (Closes: #899998)
.
nvidia-graphics-drivers-legacy-340xx (340.107-1) unstable; urgency=medium
.
* New upstream legacy 340xx branch release 340.107 (2018-06-06).
- Added support for X.Org xserver ABI 24 (xorg-server 1.20).
- Improved nvidia-bug-report.sh to check for kern.log which is the default
kernel log-file location for many Debian-based Linux distributions.
- Fixed a bug which could cause X servers that export a Video Driver
ABI earlier than 0.8 to crash when running X11 applications which
call XRenderAddTraps().
* Improved compatibility with recent Linux kernels.
.
[ Andreas Beckmann ]
* Convert packaging repository from SVN to GIT.
* Bump Standards-Version to 4.1.4. No changes needed.
* Add xorg-video-abi-24 (xserver 1.20) as alternative dependency.
(Closes: #900789, #900338)
* nvidia-drm-outputclass.conf: Prepend (in a backwards-compatible way)
ModulePath "/usr/lib/xorg/modules/linux"
since xserver 1.20 no longer does that (390.67-1).
nvidia-graphics-drivers-legacy-340xx (340.108-2) unstable; urgency=medium
.
* Restore kmem_cache_create_usercopy.patch. (Closes: #948032, #948195)
* Add NEWS entry w.r.t. EoL state.
* Use substitution to keep Standards-Version in sync (430.64-5).
nvidia-graphics-drivers-legacy-340xx (340.108-2~bpo10+1) buster-backports; urgency=medium
.
* Rebuild for buster-backports.
nvidia-graphics-drivers-legacy-340xx (340.108-1) unstable; urgency=medium
.
* New upstream legacy 340xx branch release 340.108 (2019-12-23).
- Updated the nvidia-drm kernel module for compatibility with the removal
of the DRIVER_PRIME flag in recent Linux kernel versions.
- Updated nvidia-bug-report.sh to search the systemd journal for
gdm-x-session logs.
- Fixed a build failure, "too many arguments to function 'get_user_pages'",
when building the NVIDIA kernel module for Linux kernel v4.4.168.
- Fixed a build failure, "implicit declaration of function do_gettimeofday",
when building the NVIDIA kernel module for Linux kernel 5.0 release
candidates.
* Improved compatibility with recent Linux kernels.
.
[ Andreas Beckmann ]
* Add buildfix_kernel_4.11.patch (replacing vm-fault.patch) and (parts of)
buildfix_kernel_5.2.patch from Ubuntu to fix more vm-fault issues during
kernel module build for Linux 5.2+.
* Refresh patches.
* Allow alternative libnvidia-{tesla,legacy-*}-cuda1 packages to substitute
libcuda1 in third-party packages (430.64-3).
- Add Provides: libcuda.so.1 (= ${nvidia:Version}).
- Generate alternative versioned dependency on libcuda.so.1 through the
symbols file.
nvidia-graphics-drivers-legacy-340xx (340.107-8) unstable; urgency=medium
.
* Create and commit tarball symlinks for legacy branches (430.64-1).
* Allow alternative libnvidia-{tesla,legacy-*}-ml1 packages to substitute
libnvidia-ml1 (430.64-2).
- Add Provides: libnvidia-ml.so.1 (= ${nvidia:Version}).
- Generate alternative versioned dependency on libnvidia-ml.so.1 through
the symbols file.
* Add buildfix_kernel_5.4.patch from Ubuntu to fix kernel module build for
Linux 5.4. (Closes: #946137)
nvidia-graphics-drivers-legacy-340xx (340.107-7) unstable; urgency=medium
.
* Add buildfix_kernel_5.3.patch from Ubuntu to fix kernel module build for
Linux 5.3. (Closes: #941788)
* Bump Standards-Version to 4.4.1. No changes needed.
nvidia-graphics-drivers-legacy-340xx (340.107-6) unstable; urgency=medium
.
* Add conftest-include-guard.patch to restore compatibility with older
kernels.
nvidia-graphics-drivers-legacy-340xx (340.107-5) unstable; urgency=medium
.
* Add buildfix_kernel_4.11.patch (replacing vm-fault.patch),
buildfix_kernel_5.0.patch, buildfix_kernel_5.2.patch from Ubuntu to fix
kernel module build for Linux 5.2. (Closes: #934295)
* Bump Standards-Version to 4.4.0. No changes needed.
nvidia-graphics-drivers-legacy-340xx (340.107-4) unstable; urgency=medium
.
* use-nv-kernel-ARCH.o_shipped.patch: Simplify for better kernel
compatibility. (Closes: #922479)
* Drop versioned constraints that are satisfied in wheezy (390.87-7).
* Bump Standards-Version to 4.3.0. No changes needed.
nvidia-graphics-drivers-legacy-340xx (340.107-3) unstable; urgency=medium
.
* Synchronize the module build debhelper sequence with debhelper 10
(390.87-1).
* Pass the private library directory to dh_shlibdeps using the -l option
instead of LD_LIBRARY_PATH, fixing FTBFS with dpkg 1.19.1 (390.87-3).
* Add Build-Depends-Package to symbols files where appropriate and override
symbols-file-missing-build-depends-package-field elsewhere (390.87-3).
* Clean up and unify rule style in debian/rules (390.87-3).
* Bump Standards-Version to 4.2.1. No changes needed.
* Add debian/rules targets for archiving the tarballs in a separate
repository using sparse checkouts and git-lfs as storage backend.
* Refresh patches.
nvidia-graphics-drivers-legacy-340xx (340.107-2) unstable; urgency=high
.
* Backport kmem_cache_create_usercopy.patch from 390.67-2 for the 340.xx
series, fixing "Bad or missing usercopy whitelist? Kernel memory exposure
attempt detected from SLUB object 'nvidia_stack_cache'" on Linux kernels
that have disabled CONFIG_HARDENED_USERCOPY_FALLBACK
(i.e. linux-image-4.16.0-2-* or newer). (Closes: #899998)
nvidia-graphics-drivers-legacy-340xx (340.107-2~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
nvidia-graphics-drivers-legacy-340xx (340.107-2) unstable; urgency=high
.
* Backport kmem_cache_create_usercopy.patch from 390.67-2 for the 340.xx
series, fixing "Bad or missing usercopy whitelist? Kernel memory exposure
attempt detected from SLUB object 'nvidia_stack_cache'" on Linux kernels
that have disabled CONFIG_HARDENED_USERCOPY_FALLBACK
(i.e. linux-image-4.16.0-2-* or newer). (Closes: #899998)
.
nvidia-graphics-drivers-legacy-340xx (340.107-1) unstable; urgency=medium
.
* New upstream legacy 340xx branch release 340.107 (2018-06-06).
- Added support for X.Org xserver ABI 24 (xorg-server 1.20).
- Improved nvidia-bug-report.sh to check for kern.log which is the default
kernel log-file location for many Debian-based Linux distributions.
- Fixed a bug which could cause X servers that export a Video Driver
ABI earlier than 0.8 to crash when running X11 applications which
call XRenderAddTraps().
.
[ Andreas Beckmann ]
* Convert packaging repository from SVN to GIT.
* Bump Standards-Version to 4.1.4. No changes needed.
* Add xorg-video-abi-24 (xserver 1.20) as alternative dependency.
(Closes: #900789, #900338)
* nvidia-drm-outputclass.conf: Prepend (in a backwards-compatible way)
ModulePath "/usr/lib/xorg/modules/linux"
since xserver 1.20 no longer does that.
nvidia-graphics-drivers-legacy-340xx (340.107-1) unstable; urgency=medium
.
* New upstream legacy 340xx branch release 340.107 (2018-06-06).
- Added support for X.Org xserver ABI 24 (xorg-server 1.20).
- Improved nvidia-bug-report.sh to check for kern.log which is the default
kernel log-file location for many Debian-based Linux distributions.
- Fixed a bug which could cause X servers that export a Video Driver
ABI earlier than 0.8 to crash when running X11 applications which
call XRenderAddTraps().
.
[ Andreas Beckmann ]
* Convert packaging repository from SVN to GIT.
* Bump Standards-Version to 4.1.4. No changes needed.
* Add xorg-video-abi-24 (xserver 1.20) as alternative dependency.
(Closes: #900789, #900338)
* nvidia-drm-outputclass.conf: Prepend (in a backwards-compatible way)
ModulePath "/usr/lib/xorg/modules/linux"
since xserver 1.20 no longer does that.
nvidia-graphics-drivers-legacy-340xx (340.106-2) unstable; urgency=medium
.
* nvidia-kernel-{dkms,source}: Mention the supported architecture(s) in the
long Description (384.111-4).
* Update lintian overrides.
nyancat (1.5.1-1+build1~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
nyancat (1.5.1-1+build1) unstable; urgency=medium
.
* Non-maintainer upload.
* No-change rebuild in a clean environment to add the systemd unit for
nyancat-server. (Closes: #947292)
openconnect (7.08-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Close HTTPS connection on failure returns from process_http_response()
* Fix buffer overflow with chunked HTTP handling (CVE-2019-16239)
(Closes: #940871)
opendmarc (1.3.2-2+deb9u2) stretch-security; urgency=high
.
* CVE-2019-16378: https://github.com/trusteddomainproject/OpenDMARC/pull/48
to address incorrect DMARC pass results with multi-from mail (Closes:
#940081)
openjdk-8 (8u232-b09-1~deb9u1) stretch-security; urgency=medium
.
* Rebuild for stretch-security
openjdk-8 (8u232-b07-2) unstable; urgency=medium
.
* Update to 8u232-b07 (early access build).
.
[ Matthias Klose ]
* Refresh patches.
* openjdk-8-jdk-headless: Add Breaks/Replaces for moved clhsdb binary.
LP: #1845873.
* debian/tests/control: Depend on g++ instead of build-essential or libc6-dev.
* Bump standards vesion.
.
[ Tiago Stürmer Daitx ]
* Improve and fix build tests and autopkgtests:
- Update debian/tests/hotspot,jdk,langtools to ignore
jtreg-autopkgtest.sh return code.
- Create debian/tests/jtdiff-autopkgtest.in as it depends
on debian/rules variables.
- debian/control.in, debian/control: add default-jre-headless
to Build-Depends with a nocheck clause as jtreg requires
a JRE in /usr/lib/jvm/default-java.
- debian/tests/control:
+ Add zip and unzip test dependencies required by jdk's
test/sun/security/tools/jarsigner/diffend.sh and
test/sun/security/tools/jarsigner/emptymanifest.sh.
+ Depend on default-jre-headless so jtreg will use the
JRE from /usr/lib/jvm/default-java.
- debian/tests/jtdiff-autopkgtest.sh:
+ Fail only if an actual regression is detected.
+ Add the super-diff comparison from jtdiff.
+ Save failed jtr files for all runs.
- debian/tests/jtreg-autopkgtest.sh:
+ Enable retry of failed tests to trim out flaky tests.
+ Fix unbound variable.
+ Keep .jtr files from failed tests only.
- debian/patches/jdk-problem-list.diff: ignore failing tests
that require more investigation.
- debian/rules:
+ Preserve all JTreport directories in the test output
directory.
+ Use JDK_DIR instead of JDK_TO_TEST for autopkgtest
generation.
+ Package all .jtr files from JTwork as jtreg-autopkgtest.sh
makes sure it contains only failed tests.
* debian/tests/jdk: add our custom debian/tests/jdk-problem-list.txt to the
exclusion list.
* debian/tests/jdk-problem-list.txt: custom exclusion rules for jdk tests
that fail to run during a build or autopkgtest run.
* debian/rules: remove debian/patches/jdk-problem-list.diff.
* debian/patches/jdk-problem-list.diff: jtreg allows for extra exclusion
files thus there's no need to patch upstream's exclusion list.
* debian/tests/control: mark all autopkgtests as flaky.
* debian/tests/hotspot-archs: generated by debian/rules, contains a list of
archs that supports a hotspot vm.
* debian/tests/jdk: run only when the host arch is a hotspot vm - allow
override through an environment variable.
* debian/rules: update gen-autopkgtests to echo supported hotspot archs.
openjdk-8 (8u232-b07-1) unstable; urgency=medium
.
* Update to 8u232-b07 (early access build).
.
[ Matthias Klose ]
* Refresh patches.
* openjdk-8-jdk-headless: Add Breaks/Replaces for moved clhsdb binary.
LP: #1845873.
* debian/tests/control: Depend on g++ instead of build-essential or libc6-dev.
* Bump standards vesion.
.
[ Tiago Stürmer Daitx ]
* Improve and fix build tests and autopkgtests:
- Update debian/tests/hotspot,jdk,langtools to ignore
jtreg-autopkgtest.sh return code.
- Create debian/tests/jtdiff-autopkgtest.in as it depends
on debian/rules variables.
- debian/control.in, debian/control: add default-jre-headless
to Build-Depends with a nocheck clause as jtreg requires
a JRE in /usr/lib/jvm/default-java.
- debian/tests/control:
+ Add zip and unzip test dependencies required by jdk's
test/sun/security/tools/jarsigner/diffend.sh and
test/sun/security/tools/jarsigner/emptymanifest.sh.
+ Depend on default-jre-headless so jtreg will use the
JRE from /usr/lib/jvm/default-java.
- debian/tests/jtdiff-autopkgtest.sh:
+ Fail only if an actual regression is detected.
+ Add the super-diff comparison from jtdiff.
+ Save failed jtr files for all runs.
- debian/tests/jtreg-autopkgtest.sh:
+ Enable retry of failed tests to trim out flaky tests.
+ Fix unbound variable.
+ Keep .jtr files from failed tests only.
- debian/patches/jdk-problem-list.diff: ignore failing tests
that require more investigation.
- debian/rules:
+ Preserve all JTreport directories in the test output
directory.
+ Use JDK_DIR instead of JDK_TO_TEST for autopkgtest
generation.
+ Package all .jtr files from JTwork as jtreg-autopkgtest.sh
makes sure it contains only failed tests.
* debian/tests/jdk: add our custom debian/tests/jdk-problem-list.txt to the
exclusion list.
* debian/tests/jdk-problem-list.txt: custom exclusion rules for jdk tests
that fail to run during a build or autopkgtest run.
* debian/rules: remove debian/patches/jdk-problem-list.diff.
* debian/patches/jdk-problem-list.diff: jtreg allows for extra exclusion
files thus there's no need to patch upstream's exclusion list.
* debian/tests/control: mark all autopkgtests as flaky.
* debian/tests/hotspot-archs: generated by debian/rules, contains a list of
archs that supports a hotspot vm.
* debian/tests/jdk: run only when the host arch is a hotspot vm - allow
override through an environment variable.
* debian/rules: update gen-autopkgtests to echo supported hotspot archs.
openjdk-8 (8u232-b04-1) experimental; urgency=medium
.
* Update to 8u232-b04 (early access build).
* Refresh patches.
openjdk-8 (8u222-b10-1) unstable; urgency=high
.
* Update to 8u222-b10 (except for AArch32, updated to b08).
- Security fixes:
- S8191073: JpegImageReader throws IndexOutOfBoundsException when
trying to read image data from tables-only image.
- S8208698, CVE-2019-2745: Improved ECC Implementation.
- S8212328, CVE-2019-2762: Exceptional throw cases.
- S8213431, CVE-2019-2766: Improve file protocol handling.
- S8213432, CVE-2019-2769: Better copies of CopiesList.
- S8216381, CVE-2019-2786: More limited privilege usage.
- S8217563: Improve realm maintenance.
- S8218863: Better endpoint checks.
- S8218873: Improve JSSE endpoint checking.
- S8218876, CVE-2019-7317: Improve PNG support options.
- S8219018: Adjust positions of glyphs.
- S8219020: Table alternate substitutions.
- S8219775: Certificate validation improvements.
- S8220192: Better outlook for SecureRandom.
- S8220517: Enhanced GIF support.
- S8221518, CVE-2019-2816: Normalize normalization.
- S8223511, CVE-2019-2842: Extended AES support.
.
[ Matthias Klose ]
* Bump standards version.
.
[ Tiago Stürmer Daitx ]
* Backport fix for S8223511 for AArch32.
openjpeg2 (2.1.2-1.1+deb9u4) stretch; urgency=medium
.
* Non-maintainer upload.
* CVE-2018-21010: heap buffer overflow in color_apply_icc_profile
(Closes: #939553).
* CVE-2018-20847: improper computation of values in the function
opj_get_encoding_parameters, leading to an integer overflow
(Closes: #931294).
* CVE-2016-9112: floating point exception or divide by zero in the
function opj_pi_next_cprl (Closes: #844551).
opensmtpd (6.0.2p1-2+deb9u2) stretch-security; urgency=high
.
* Fix following vulnerability, 018_smtpd_tls.patch.sig: smtpd can crash on
opportunistic TLS downgrade, causing a denial of service.
opensmtpd (6.0.2p1-2+deb9u1) stretch-security; urgency=high
.
* Fix privilege escalation vulnerability, 019_smtpd_exec.patch.sig. An
incorrect check allows an attacker to trick mbox delivery into executing
arbitrary commands as root and lmtp delivery into executing arbitrary
commands as an unprivileged user. (Closes: #950121) (CVE-2020-7247)
openssl (1.1.0l-1~deb9u1) stretch-security; urgency=medium
.
* Import 1.1.0l
- CVE-2019-1547 (Compute ECC cofactors if not provided during EC_GROUP
construction).
- CVE-2019-1563 (Fixed a padding oracle in PKCS7_dataDecode and
CMS_decrypt_set1_pkey).
openssl1.0 (1.0.2u-1~deb9u1) stretch-security; urgency=medium
.
* Import 1.0.2u
- CVE-2019-1551 (Overflow in the x64_64 Montgomery squaring procedure).
openssl1.0 (1.0.2t-1~deb9u1) stretch-security; urgency=medium
.
* Import 1.0.2t
- CVE-2019-1547 (Compute ECC cofactors if not provided during EC_GROUP
construction).
- CVE-2019-1563 (Fixed a padding oracle in PKCS7_dataDecode and
CMS_decrypt_set1_pkey).
pam-python (1.0.6-1.1+deb9u1) stretch-security; urgency=high
.
* Backport fix CVE-2019-16729 backport from 1.0.7.
pam-python (1.0.6-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Fix build with glibc 2.26, thanks to Adrian Bunk (Closes: #887750).
* Fix build with GCC 8
perl (5.24.1-3+deb9u6) stretch; urgency=medium
.
* Add backported Time-Local patch by Bernhard M. Wiedemann fixing test
failures from the year 2020 onwards. Thanks to Dean Hamstead.
(Closes: #915209)
php-horde (5.2.13+debian0-1+deb9u1) stretch; urgency=high
.
* Fix CVE-2019-12095: Stored XSS vuln in the Horde Cloud Block.
php-imagick (3.4.3~rc2-2+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Out-of-bounds write to memory in ImagickKernel::fromMatrix()
(CVE-2019-11037) (Closes: #928420)
php7.0 (7.0.33-0+deb9u6) stretch-security; urgency=medium
.
* Backported from 7.1.33
- FPM:
. Fixed bug #78599 (env_path_info underflow in fpm_main.c can lead to
RCE). (CVE-2019-11043)
php7.0 (7.0.33-0+deb9u5) stretch-security; urgency=medium
.
* Backported security fixes from PHP 7.1.29:
- EXIF:
. Fixed bug #77950 (Heap-buffer-overflow in _estrndup via
exif_process_IFD_TAG).
- Mail:
. Fixed bug #77821 (Potential heap corruption in TSendMail()).
* Backported from 7.1.30
- EXIF:
. Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16).
(CVE-2019-11040)
- GD:
. Fixed bug #77973 (Uninitialized read in gdImageCreateFromXbm).
(CVE-2019-11038)
- Iconv:
. Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode()
due to integer overflow). (CVE-2019-11039).
- SQLite:
. Fixed bug #77967 (Bypassing open_basedir restrictions via file uris).
* Backported from 7.1.31
- EXIF:
. Fixed bug #78256 (heap-buffer-overflow on exif_process_user_comment).
(CVE-2019-11042)
. Fixed bug #78222 (heap-buffer-overflow on exif_scan_thumbnail).
(CVE-2019-11041)
- Phar:
. Fixed bug #77919 (Potential UAF in Phar RSHUTDOWN).
- SQLite:
. Upgraded to SQLite 3.28.0.
* Backported from 7.1.32
- mbstring:
. Fixed CVE-2019-13224 (don't allow different encodings for onig_new_deluxe)
- pcre:
. Fixed bug #75457 (heap use-after-free in pcrelib)
postfix (3.1.14-0+deb9u1) stretch; urgency=medium
.
[Wietse Venema]
.
* 3.1.13
- Bugfix (introduced: Postfix 2.3): a censoring filter broke
multiline Milter responses for header/body events. Problem
report by Andreas Thienemann. Files: util/printable.c,
util/stringops.h, smtpd/smtpd.c
- Workaround for implementations that hang Postfix while
shutting down a TLS session, until Postfix times out. With
"tls_fast_shutdown_enable = yes" (the default), Postfix no
longer waits for the TLS peer to respond to a TLS 'close'
request. This is recommended with TLSv1.0 and later. Files:
global/mail_params.h, tls/tls_session.c, and documentation.
- Bugfix (introduced: Postfix 3.0): the code to reset Postfix
SMTP server command counts was not called after a HaProxy
handshake failure, causing stale numbers to be reported.
The command counts are now reset in the function that reports
the counts. File: smtpd/smtpd.c
* 3.1.14
- Bugfix: the documentation said tls_fast_shutdown_enable,
but the code said tls_fast_shutdown. Viktor Dukhovni. Changed
the code because no-one is expected to override the default.
File: global/mail_params.h.
- Workaround for poor TCP loopback performance on LINUX, where
getsockopt(..., TCP_MAXSEG, ..) reports a TCP maximal segment
size that is 1/2 to 1/3 of the MTU. For example, with kernel
5.1.16-300.fc30.x86_64 the TCP client and server announce
an mss of 65495 in the TCP handshake, but getsockopt()
returns 32741 (less than half). As a matter of principle,
Postfix won't turn on client-side TCP_NODELAY because that
hides application performance bugs, and because that still
suffers from server-side delayed ACKs. Instead, Postfix
avoids sending "small" writes back-to-back, by choosing a
VSTREAM buffer size that is a multiple of the reported MSS.
This workaround bumps the multiplier from 2x to 4x. File:
util/vstream_tweak.c.
- Bugfix (introduced: 20051222): the Dovecot client could
segfault (null pointer read) or cause an SMTP server assertion
to fail when talking to a fake Dovecot server. The client
now logs a proper error instead. Problem reported by Tim
Düsterhus. File: xsasl/xsasl_dovecot_server.c.
- Bitrot: don't invoke SSL_shutdown() when the SSL engine
thinks it is processing a TLS handshake. The commit at
https://github.com/openssl/openssl/commit/64193c8218540499984cd63cda41f3cd491f3f59
changed the error status, incompatibly, from SSL_ERROR_NONE
into SSL_ERROR_SSL. File: tlsproxy/tlsproxxy.c.
- Bugfix (introduced: Postfix-2.9.0): null pointer read, while
logging a warning after a postscreen_command_filter read
error. File: postscreen/postscreen_smtpd.c.
postgresql-9.6 (9.6.16-0+deb9u1) stretch; urgency=medium
.
* New upstream version.
postgresql-common (181+deb9u3) stretch-security; urgency=medium
.
* pg_ctlcluster: Drop privileges before creating socket and stats temp
directories outside /var/run/postgresql. The default configuration is not
affected by this change. Users with directories on volatile storage
(tmpfs) in other locations have to make sure the parent directory is
writable for the cluster owner. (CVE-2019-3466, discovered by Rich Mirch)
proftpd-dfsg (1.3.5b-4+deb9u3) stretch; urgency=medium
.
* Cherry pick patch from upstream:
- for upstream bug #861 (CVE-2019-19269) (Closes: #946345)
Patch named upstream_pull_861_CVE-2019-19269
proftpd-dfsg (1.3.5b-4+deb9u2) stretch-security; urgency=high
.
* Add patch from upstream to address CVE-2019-18217.
(Closes: #942831)
prosody-modules (0.0~hg20170123.3ed504b944e5+dfsg-1+deb9u1) stretch-security; urgency=medium
.
* fix for CVE-2020-8086
pykaraoke (0.7.5-1.2+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Fix path to fonts. (Closes: #948385)
python-acme (0.28.0-1~deb9u2) stretch; urgency=medium
.
* This stretch update is to switch to using a POST-as-GET protocol
before the November 1, 2019 deadline when Let's Encrypt will begin
refusing requests using the (old) GET protocol. (Closes: #932248)
python-apt (1.4.1) stretch-security; urgency=high
.
* SECURITY UPDATE: Check that repository is trusted before downloading
files from it (LP: #1858973)
- apt/cache.py: Add checks to fetch_archives() and commit()
- apt/package.py: Add checks to fetch_binary() and fetch_source()
- CVE-2019-15796
* SECURITY UPDATE: Do not use MD5 for verifying downloadeds
(Closes: #944696) (#LP: #1858972)
- apt/package.py: Use all hashes when fetching packages, and
check that we have trusted hashes when downloading
- CVE-2019-15795
* To work around the new checks, the parameter allow_unauthenticated=True
can be passed to the functions. It defaults to the value of the
APT::Get::AllowUnauthenticated option.
* Cherry-pick "add pkgsrcrecord.Files.{hashes,size,path,type} getters" to
enable apt_pkg.SourceRecords to return objects with such getters instead
of just tuples (providing tuple-style backward compatibility).
* Automatic changes and fixes for external regressions:
- Adjustments to test suite and CI to fix CI regressions
- testcommon: Avoid reading host apt.conf files
- Automatic mirror list update
python-cryptography (1.7.1-3+deb9u2) stretch; urgency=medium
.
* Non-maintainer upload.
* Ignore test_load_ecdsa_no_named_curve in the testsuite because it known to
break with newer openssl (Closes: #940547).
python-django (1:1.10.7-2+deb9u7) stretch-security; urgency=high
.
* CVE-2019-19844: Prevent a potential account hijack via the password reset
form. (Closes: #946937)
python-ecdsa (0.13-2+deb9u1) stretch-security; urgency=high
.
* Add patch for strict error checking in DER decoding integers.
Fix:
- CVE-2019-14853
- CVE-2019-14859
python-flask-rdf (0.2.0-1.1~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
* Add (Build-)Depends on python{3,}-rdflib. (Closes: #896358, #896385)
.
python-flask-rdf (0.2.0-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Fix the missing dependencies in python3-flask-rdf.
(Closes: #867429)
python-pgmagick (0.6.4-1+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Backport upstream FTBFS fix to handle version detection
of graphicsmagick security updates that identify themself
as version 1.4.
python-werkzeug (0.11.15+dfsg1-1+deb9u1) stretch; urgency=medium
.
* Unique debugger PIN in Docker containers
(Closes: #940935, CVE-2019-14806)
redmine (3.3.1-4+deb9u3) stretch-security; urgency=high
.
* Fix CVE-2019-17427: persistent XSS exists due to textile formatting
errors.
* Fix CVE-2019-18890: SQL injection vulnerability
ros-ros-comm (1.12.6-2+deb9u2) stretch; urgency=medium
.
* Add https://github.com/ros/ros_comm/pull/1741 (Fix CVE-2019-13445)
ros-ros-comm (1.12.6-2+deb9u1) stretch; urgency=high
.
* Add https://github.com/ros/ros_comm/pull/1771 (Fix CVE-2019-13566)
ruby-encryptor (3.0.0-1+deb9u1) stretch; urgency=medium
.
* Team upload
* Ignore test failures (Its only reverse dependency is ruby-attr-encrypted
which handles this correctly, all of its tests pass) (Closes: #880276)
ruby-loofah (2.0.3-2+deb9u3) oldstable-security; urgency=high
.
* Team upload
.
* debian/patches
- add 0005-Fix-CVE-2019-15587.patch (Closes: #942894)
(CVE-2019-15587)
ruby2.3 (2.3.3-1+deb9u7) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix for wrong fnmatch patttern (CVE-2019-15845)
* Loop with String#scan without creating substring (CVE-2019-16201)
* WEBrick: prevent response splitting and header injection (CVE-2019-16254)
* lib/shell/command-processor.rb (Shell#[]): prevent unknown command
(CVE-2019-16255)
rust-cbindgen (0.8.7-1~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Backport to stretch.
* Vendor all the dependencies as they are not available on stretch.
* Require a new version of cargo for the cargo wrapper.
rust-cbindgen (0.8.3-1) experimental; urgency=medium
.
* Package cbindgen 0.8.3 from crates.io using debcargo 2.2.10
rust-cbindgen (0.8.2-1) experimental; urgency=medium
.
* Package cbindgen 0.8.2 from crates.io using debcargo 2.2.10
rust-cbindgen (0.8.0-1) unstable; urgency=medium
.
* Package cbindgen 0.8.0 from crates.io using debcargo 2.2.10
* Remove relax-serde-dep.diff as it isn't necessary anymore
rust-cbindgen (0.7.1-1) unstable; urgency=medium
.
* Package cbindgen 0.7.1 from crates.io using debcargo 2.2.10
rust-cbindgen (0.6.8-1) unstable; urgency=medium
.
* Package cbindgen 0.6.8 from crates.io using debcargo 2.2.9
rust-cbindgen (0.6.7-2) unstable; urgency=medium
.
* Package cbindgen 0.6.7 from crates.io using debcargo 2.2.9
* Import a patch from Emilio to build with sync 0.15 (Closes: #917317)
* Run the testsuiteo
rust-cbindgen (0.6.7-1) unstable; urgency=medium
.
* Package cbindgen 0.6.7 from crates.io using debcargo 2.2.8
* relax the syn dep to accept 0.15 (Closes: #915005)
rust-cbindgen (0.6.6-1) unstable; urgency=medium
.
* Package cbindgen 0.6.6 from crates.io using debcargo 2.2.8
(Closes: #908312)
rustc (1.34.2+dfsg1-1~deb9u1) stretch; urgency=medium
.
* Backport to stretch.
* Bootstrap with upstream binaries.
* Reduce debugging symbols on i386 to avoid FTBFS due to OOM.
rustc (1.33.0+dfsg1-2) unstable; urgency=medium
.
* Add Fedora patches.
* Bump i386 allowed test failures to 12.
rustc (1.33.0+dfsg1-1) unstable; urgency=medium
.
* Upload to unstable.
* Fix build on mips, flags needed whitespace massaging.
* Drop obsolete patches.
rustc (1.33.0+dfsg1-1~exp1) experimental; urgency=medium
.
* New upstream release.
.
[ Hiroaki Nakamura ]
* Delete obsolete patch.
.
[ Sylvestre Ledru ]
* Update compiler-rt patch.
* Improve build-related docs a bit.
rustc (1.32.0+dfsg1-3) unstable; urgency=medium
.
* Conditionally-apply u-compiletest.patch based on stage0 compiler.
* Fix syntax error in d/rules compiletest check.
rustc (1.32.0+dfsg1-2) unstable; urgency=medium
.
* More verbose logging during builds.
* Fix compiletest compile error, and check log has at least 1 pass.
rustc (1.32.0+dfsg1-1) unstable; urgency=medium
.
* New upstream release.
rustc (1.32.0~beta.2+dfsg1-1~exp2) experimental; urgency=medium
.
* Note that this upstream version already Closes: #917191.
* Backport other upstream fixes. (Closes: #916818, #917000, #917192).
rustc (1.32.0~beta.2+dfsg1-1~exp1) experimental; urgency=medium
.
* New upstream release.
* Drop obsolete d-sparc64-dont-pack-spans.patch
rustc (1.31.0+dfsg1-2) unstable; urgency=medium
.
* Bump mips mipsel s390x allowed-failures to 24.
rustc (1.31.0+dfsg1-1) unstable; urgency=medium
.
* Revert debuginfo patches, they're not ready yet.
rustc (1.31.0+dfsg1-1~exp2) experimental; urgency=medium
.
* Drop redundant patches.
* Fix line numbers in some test-case patches.
* Backport an updated patch for gdb 8.2.
rustc (1.31.0+dfsg1-1~exp1) experimental; urgency=medium
.
* New upstream release.
rustc (1.31.0~beta.19+dfsg1-1~exp2) experimental; urgency=medium
.
* Filter LLVM build flags to not be stupid.
rustc (1.31.0~beta.19+dfsg1-1~exp1) experimental; urgency=medium
.
* New upstream release.
rustc (1.31.0~beta.4+dfsg1-1~exp2) experimental; urgency=medium
.
* Merge changes from Debian unstable.
rustc (1.31.0~beta.4+dfsg1-1~exp1) experimental; urgency=medium
.
* New upstream release.
* Drop old maintainers from Uploaders.
rustc (1.30.0+dfsg1-2) unstable; urgency=medium
.
* Increase FAILURES_ALLOWED for mips mipsel to 20.
* Set debuginfo-only-std = false for 32-bit powerpc architectures.
rustc (1.30.0+dfsg1-1) unstable; urgency=medium
.
* Upload to unstable. (Closes: #881845)
* Increase FAILURES_ALLOWED for mips architectures.
* Set debuginfo-only-std = false for mips architectures.
rustc (1.30.0+dfsg1-1~exp2) experimental; urgency=medium
.
* Disable debuginfo-gdb tests relating to enums. These will be fixed in an
upcoming version, see upstream #54614 for details.
rustc (1.30.0+dfsg1-1~exp1) experimental; urgency=medium
.
* Actually don't build docs in an arch-only build.
* Add mips patch, hopefully closes #881845 but let's see.
* New upstream release.
rustc (1.30.0~beta.7+dfsg1-1~exp3) experimental; urgency=medium
.
* Do the necessary bookkeeping for the LLVM update.
rustc (1.30.0~beta.7+dfsg1-1~exp2) experimental; urgency=medium
.
* Tweak test failure rules: armel <= 8, ppc64 <= 12.
* Update to LLVM 7.
rustc (1.30.0~beta.7+dfsg1-1~exp1) experimental; urgency=medium
.
* New upstream release.
rustc (1.29.0+dfsg1-1) unstable; urgency=medium
.
* Upload to unstable.
* Drop d-armel-disable-kernel-helpers.patch as a necessary part of the
fix to #906520, so it is actually fixed.
* Backport a patch to fix the rand crate on powerpc. (Closes: #909400)
* Lower the s390x allowed failures back to 25.
rustc (1.29.0+dfsg1-1~exp1) experimental; urgency=medium
.
* New upstream release.
* Include patch for armel atomics. (Closes: #906520)
* Update to latest Standards-Version; no changes required.
rustc (1.28.0+dfsg1-3) unstable; urgency=medium
.
* Team upload.
.
[ Ximin Luo ]
* More sparc64 fixes, and increase allowed-test-failures there to 180.
.
[ Julien Cristau ]
* Don't use pentium4 as i686 baseline (closes: #908561)
rustc (1.28.0+dfsg1-2) unstable; urgency=medium
.
* Switch on verbose-tests to restore the old pre-1.28 behaviour, and restore
old failure-counting logic.
* Allow 50 test failures on s390x, restored failure-counting logic avoids
more double-counts.
rustc (1.28.0+dfsg1-1) unstable; urgency=medium
.
* New upstream release.
* Add patches from Fedora to fix some test failures.
* Ignore a failure testing specific error output, under investigation.
* Allow 100 test failures on s390x, should be reducible later with LLVM 7.
* Temporary fix for mips64el bootstrap.
* Be even more verbose during the build.
* Update to latest Standards-Version.
rustc (1.28.0~beta.14+dfsg1-1~exp2) experimental; urgency=medium
.
* Update test-failure counting logic.
* Fix version constraints for Recommends: cargo.
* Add patch to fix sparc64 CABI.
rustc (1.28.0~beta.14+dfsg1-1~exp1) experimental; urgency=medium
.
* New upstream release.
* Update to latest Standards-Version; no changes required.
rustc (1.27.2+dfsg1-1) unstable; urgency=medium
.
[ Sylvestre Ledru ]
* Update of the alioth ML address.
.
[ Ximin Luo ]
* Fail the build if our version contains ~exp and we are not releasing to
experimental, this has happened by accident a few times already.
* Allow 36 and 44 test failures on armel and s390x respectively.
* New upstream release.
rustc (1.27.1+dfsg1-1~exp4) experimental; urgency=medium
.
* Unconditonally prune crate checksums to avoid having to manually prune them
whenever we patch the vendored crates.
rustc (1.27.1+dfsg1-1~exp3) experimental; urgency=medium
.
* Add patch from Fedora to fix rebuild against same version.
rustc (1.27.1+dfsg1-1~exp2) experimental; urgency=medium
.
* Fix some failing tests.
rustc (1.27.1+dfsg1-1~exp1) unstable; urgency=medium
.
* New upstream release.
rustc (1.26.2+dfsg1-1) unstable; urgency=medium
.
* New upstream release.
* Stop ignoring tests that now pass.
* Don't ignore tests that still fail, instead raise FAILURES_ALLOWED.
This allows us to see the test failures in the build logs, rather than
hiding them.
rustc (1.26.1+dfsg1-3+exp1) experimental; urgency=medium
.
* Unignore all tests that seem like they should pass, as an experiment.
rustc (1.26.1+dfsg1-3) unstable; urgency=medium
.
* Fix build-dep version range to build against myself.
rustc (1.26.1+dfsg1-2+exp1) experimental; urgency=medium
.
* Unignore all tests that seem like they should pass, as an experiment.
rustc (1.26.1+dfsg1-1) unstable; urgency=medium
.
* New upstream release.
rustc (1.26.0+dfsg1-1~exp4) experimental; urgency=medium
.
* Try alternative patch to ignore x86 stdsimd tests suggested by upstream.
* Bump up allowed-test-failures to 8 to account for the fact that we're now
double-counting some failures.
rustc (1.26.0+dfsg1-1~exp3) experimental; urgency=medium
.
* Ignore some irrelevant tests on ppc64 and non-x86 platforms.
rustc (1.26.0+dfsg1-1~exp2) experimental; urgency=medium
.
* Add Breaks+Replaces for older libstd-rust-dev with codegen-backends.
(Closes: #899180)
* Backport some test and packaging fixes from Ubuntu.
rustc (1.26.0+dfsg1-1~exp1) experimental; urgency=medium
.
* New upstream release.
* Update to latest Standards-Version; no changes required.
* Update doc-base files. (Closes: #876831)
rustc (1.25.0+dfsg1-2) unstable; urgency=medium
.
* Add patches for LLVM's compiler-rt to fix bugs on sparc64 and mips64.
(Closes: #898982)
* Install codegen-backends into rustc rather than libstd-rust-dev.
(Closes: #899087)
rustc (1.25.0+dfsg1-1) unstable; urgency=medium
.
* Upload to unstable.
* Allow up to 15 test failures on s390x.
* Set CARGO_INCREMENTAL=0 on sparc64.
rustc (1.25.0+dfsg1-1~exp2) experimental; urgency=medium
.
* Install missing codegen-backends.
rustc (1.25.0+dfsg1-1~exp1) experimental; urgency=medium
.
* New upstream release.
* Update to LLVM 6.0.
rustc (1.24.1+dfsg1-1) unstable; urgency=medium
.
* Upload to unstable.
* Raise allowed-test-failures to 160 on some non-release arches: powerpc,
powerpcspe, sparc64, x32.
rustc (1.24.1+dfsg1-1~exp2) experimental; urgency=medium
.
* Steal some patches from Fedora to fix some test failures.
* Update debian/patches/u-make-tests-work-without-rpath.patch to try to fix
some more test failures.
rustc (1.24.1+dfsg1-1~exp1) experimental; urgency=medium
.
* More sparc64 CABI fixes. (Closes: #888757)
* New upstream release.
* Note that s390x baseline was updated in the meantime. (Closes: #851150)
* Include Debian-specific patch to disable kernel helpers on armel.
(Closes: #891902)
* Include missing build-dependencies for pkg.rustc.dlstage0 build profile.
(Closes: #891022)
* Add architecture.mk mapping for armel => armv5te-unknown-linux-gnueabi.
(Closes: #891913)
* Enable debuginfo-only-std on armel as well. (Closes: #891961)
* Backport upstream patch to support powerpcspe. (Closes: #891542)
* Disable full-bootstrap again to work around upstream #48319.
safe-rm (0.12-2+deb9u1) stretch; urgency=medium
.
* Prevent installation in (and thereby breaking of) merged /usr
environments. (See: #759410)
simplesamlphp (1.14.11-1+deb9u2) stretch-security; urgency=high
.
* Update by the security team for stretch.
* Fix security issue CVE-2019-3465 (closes: #944107).
sorl-thumbnail (12.3+git20160928-2+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
.
[ W. Martin Borgert ]
* workaround a pgmagick exception (Closes: #902522)
spamassassin (3.4.2-1~deb9u3) stretch-security; urgency=medium
.
* Security update to address
- CVE-2020-1930. Arbitrary code execution via malicious rule files.
- CVE-2020-1931. Arbitrary code execution via malicious rule files.
(Closes: #950258)
spamassassin (3.4.2-1~deb9u2) stretch-security; urgency=high
.
* Security update to address CVE-2018-11805. Malicious rule or configuration
files, possibly downloaded from an updates server, could execute arbitrary
commands under multiple scenarios. (Closes: 946652)
* Security update to address CVE-2019-12420. Messages can be crafted in a
way to use excessive resources, resulting in a denial of service.
(Closes: 946653)
spip (3.1.4-4~deb9u3) stretch-security; urgency=medium
.
* Backport security fixes from 3.1.11
- Critical security fix, allowing unidentified visitor to modify any
published content and execute other modifications in database
[CVE-2019-16391]
- Other security fixes:
+ better sanitization on redirections [CVE-2019-16393]
+ don’t disclose if user exists when resetting password [CVE-2019-16394]
+ better error message sanitization on login page [CVE-2019-16392]
- Update security screen to 1.3.12
* Add CVE ID to previous changelog entry
sssd (1.15.0-3+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* sysdb: sanitize search filter input (CVE-2017-12173) (Closes: #877885)
subversion (1.9.5-1+deb9u5) stretch-security; urgency=medium
.
* Non-maintainer upload.
* Backport upstream fix for segfault with new mod_http2 from DSA-4509-1.
Closes: #936034
sudo (1.8.19p1-2.1+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix a buffer overflow when pwfeedback is enabled and input is a not a tty
(CVE-2019-18634) (Closes: #950371)
sudo (1.8.19p1-2.1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Treat an ID of -1 as invalid since that means "no change" (CVE-2019-14287)
* Fix test failure in plugins/sudoers/regress/testsudoers/test5.sh
symfony (2.8.7+dfsg-1.3+deb9u3) stretch-security; urgency=medium
.
* Backport security fixes from 2.8.52
- [HttpKernel] Use constant time comparison in UriSigner [CVE-2019-18887]
- [HttpFoundation] fix guessing mime-types of files with leading dash
[CVE-2019-18888]
tcpdump (4.9.3-1~deb9u1) stretch-security; urgency=high
.
* New upstream release, with fixes for 24 different CVEs (closes: #941698).
This is an upstream update on top of the 4.9.2-1~deb9u1 package.
* Disable tests that require a newer libpcap version.
tcpdump (4.9.3~git20190901-2) unstable; urgency=medium
.
* Disable failing IKEv2 test again to fix build on ppc64el.
tcpdump (4.9.3~git20190901-1) unstable; urgency=low
.
* New upstream snapshot from the tcpdump-4.9 branch:
+ Includes fix for CVE-2017-16808 (closes: #881862).
+ Fixes ESP decryption on ppc64el (and others), re-enable tests.
* Drop root privileges by default (closes: #935112):
+ debian/rules: Configure --with-user=tcpdump.
+ debian/tcpdump.post{inst,rm}: Create/delete a 'tcpdump' system group
and user.
+ debian/control: Add dependency on adduser.
+ debian/patches/drop-privs-after-opening-savefile.diff: New patch
(from Fedora) to drop root privileges *after* opening the savefile
when possible, to alleviate possible inconvenience if the target
directory is not writable by user tcpdump.
+ debian/patches/drop-privs-silently.diff: New patch (from Fedora) to
drop root privileges silently.
+ debian/usr.sbin.tcpdump: Add chown capability, and update rules
about device discovery.
+ debian/NEWS: Mention how to run tcpdump as root.
* Bump Standards-Version to 4.4.0.
tcpdump (4.9.2-3) unstable; urgency=medium
.
[ Jamie Strandboge ]
* debian/usr.sbin.tcpdump: drop 'capability sys_module' since we already
have 'net_admin' and network module loading (which happens with -D) is
allowed with 'net_admin' (LP: #1759029) (closes: #894161)
.
[ Romain Francoise ]
* Switch to debhelper compatibility level 11.
* Bump Standards-Version to 4.1.3.
tcpdump (4.9.2-2) unstable; urgency=medium
.
* Use new URLs on salsa.debian.org for Vcs-* fields.
* Bump Standards-Version to 4.1.2.
tcpdump (4.9.2-1) unstable; urgency=high
.
* New upstream release:
+ Fixes 86 new CVEs, see the upstream changelog for the full list.
+ Now supports OpenSSL 1.1, so move back to libssl-dev (closes: #859740).
* Urgency high due to security fixes.
thunderbird (1:68.4.1-1~deb9u1) stretch-security; urgency=medium
.
* Rebuild for stretch-security
thunderbird (1:68.3.1-1) unstable; urgency=medium
.
[ Emilio Pozuelo Monfort ]
* [6f59313] Fix MOZ_BUILD_DATE to have the expected format
.
[ Carsten Schoenert ]
* [5d0f4b1] d/rules: don't use SOURCE_DATE_EPOCH for MOZ_BUILD_DATE
(Closes: #946588)
* [1467af5] New upstream version 68.3.1
thunderbird (1:68.3.0-2) unstable; urgency=medium
.
* [0625d30] rebuild patch queue from patch-queue branch
added patches:
fixes/Bug-1531309-Don-t-use-__PRETTY_FUNCTION__-or-__FUNCTION__.patch
fixes/Update-bindgen-in-ESR68.-r-glandium-a-RyanVM.patch
* [ea8d98c] Breaks: add versioned birdtray package
thunderbird (1:68.3.0-2~deb10u1) stable-security; urgency=medium
.
* Rebuild for buster-security
[ Emilio Pozuelo Monfort ]
* [de88895] Fix MOZ_BUILD_DATE to have the expected format
(cherry-picked from debian/sid)
.
[ Carsten Schoenert ]
* [a077b71] d/rules: don't use SOURCE_DATE_EPOCH for MOZ_BUILD_DATE
(cherry-picked from debian/sid)
(Closes: #946588)
thunderbird (1:68.3.0-2~deb9u1) stretch-security; urgency=medium
.
* Rebuild for stretch-security
thunderbird (1:68.3.0-1) unstable; urgency=medium
.
* [fe289ec] /u/b/thunderbird: export variable DICPATH before start
(Closes: #944295)
* [a9a48c6] New upstream version 68.3.0
Fixed CVE issues in upstream version 68.3 (MFSA 2019-38):
CVE-2019-17008: Use-after-free in worker destruction
CVE-2019-13722: Stack corruption due to incorrect number of arguments in
WebRTC code
CVE-2019-11745: Out of bounds write in NSS when encrypting with a block
cipher
CVE-2019-17009: Updater temporary files accessible to unprivileged
processes
CVE-2019-17010: Use-after-free when performing device orientation checks
CVE-2019-17005: Buffer overflow in plain text serializer
CVE-2019-17011: Use-after-free when retrieving a document in
antitracking
CVE-2019-17012: Memory safety bugs fixed in Firefox 71, Firefox ESR
68.3, and Thunderbird 68.3
* [fb23473] d/control: increase B-D version on NSS to 3.44.3
* [6f59938] Breaks: adding more non compatible packaged AddOns
thunderbird (1:68.2.2-1) unstable; urgency=medium
.
* [198d539] xul-ext-compactheader: allow also version << 3.0.0
* [0e93753] d/control: add incompatibility with jsunit << 0.2.2
* [87c84cb] New upstream version 68.2.2
This upstream version has removed the source for calendar-google-provider,
thus we can't provide the related binary package any more.
* [a3cea2a] rebuild patch queue from patch-queue branch
rebuild patch queue from patch-queue branch
.
removed patches (included upstream):
debian/patches/fixes/Bug-1470701-Use-run-time-page-size-when-changing-map.patch
debian/patches/fixes/Bug-1505608-Try-to-ensure-the-bss-section-of-the-elf.patch
debian/patches/fixes/Bug-1526744-find-dupes.py-Calculate-md5-by-chunk.patch
debian/patches/fixes/Build-also-gdata-provider-as-xpi-file.patch
debian/patches/fixes/rust-ignore-not-available-documentation.patch
debian/patches/porting-kfreebsd-hurd/Fix-GNU-non-Linux-failure-to-build-because-of-ipc-ch.patch
debian/patches/porting-mips/Bug-1444303-MIPS-Fix-build-failures-after-Bug-1425580-par.patch
debian/patches/porting-mips/Bug-1444834-MIPS-Stubout-MacroAssembler-speculationBarrie.patch
debian/patches/porting-powerpc/powerpc-Don-t-use-static-page-sizes-on-powerpc.patch
debian/patches/porting-sparc64/Bug-1434726-Early-startup-crash-on-Linux-sparc64-in-HashI.patch
* [1730f5f] d/control: remove references to calendar-google-provider
Don't build calendar-google-provider any more and remove any references
from other binary packages.
* [1b0bbb8] d/rules: remove any calendar-google-provider stuff
* [92f681c] thunderbird.NEWS: Adding hint about removal of gdata
Give out an announcement about the removal of a possible previously
installed package calendar-google-provider.
thunderbird (1:68.2.2-1~deb10u1) stable-security; urgency=medium
.
* Rebuild for buster-security
* [2c1bd00] d/mozconfig.default: use internal version of
nspr, nss, sqlite and icu
* [94d6ae4] d/control: remove lib{nspr4,nss3,sqlite3}-dev from B-D
thunderbird (1:68.2.2-1~deb9u1) stretch-security; urgency=medium
.
[ Carsten Schoenert ]
* Rebuild for stretch-security
* [038dcd9] use nodejs-mozilla within stretch-security
The package nodejs isn't available for stretch, but nodejs-mozilla is
usable. Thanks for backporting!
* [4bdcd39] d/mozconfig.default: remove option for hunspell
Thunderbird 68 isn't using external (or internal) hunspell features any
more. This requires the usage of external dictionaries provided by AddOns.
* [e368b15] d/mozconfig.default: remove doubled sqlite option
Removed a doubled disabled option for libsqlite3, the merge from buster
was bringing already this option as a disabled option.
* [8ddc95c] use internal libvpx library within stretch-security
Also libvpx is to old on stretch and we switch to the internal version
from the Thunderbird source.
thunderbird (1:68.2.1-1) unstable; urgency=medium
.
[ intrigeri ]
* [c48e2cb] AppArmor: update profile from upstream at commit a27a1a5
(Closes: #941290)
.
[ Carsten Schoenert ]
* [98497ae] New upstream version 68.2.0
Fixed CVE issues in upstream version 68.2 (MFSA 2019-35):
CVE-2019-15903: Heap overflow in expat library in XML_GetCurrentLineNumber
CVE-2019-11757: Use-after-free when creating index updates in IndexedDB
CVE-2019-11758: Potentially exploitable crash due to 360 Total Security
CVE-2019-11759: Stack buffer overflow in HKDF output
CVE-2019-11760: Stack buffer overflow in WebRTC networking
CVE-2019-11761: Unintended access to a privileged JSONView object
CVE-2019-11762: document.domain-based origin isolation has
same-origin-property violation
CVE-2019-11763: Incorrect HTML parsing results in XSS bypass technique
CVE-2019-11764: Memory safety bugs fixed in Thunderbird 68.2
(Closes: #925841)
* [a104c51] d/control: increase Standards-Version to 4.4.1
* [6c9d012] xul-ext-dispmua: set current min usable version
* [b3bf16f] New upstream version 68.2.1
* [8f89b90] d/control: decrease build architecture list
Decreasing the current list of build architectures. Not meant to keep this
forever, removed RC architectures needing support and volunteering to get
them back.
(Closes: #921258)
thunderbird (1:68.1.2-1~exp1) experimental; urgency=medium
.
* [81f4144] xul-ext-compactheader: increase minimal usable version
* [a815589] Update the global information about TB in Debian
* [bb5f5f7] rebuild patch queue from patch-queue branch
* [6fe7d3f] xul-ext-sogo-connector: increase minimal usable version
* [2e29af5] New upstream version 68.1.2
thunderbird (1:68.1.1-1~exp1) experimental; urgency=medium
.
[ intrigeri ]
* [3f49653] AppArmor: update profile from upstream at commit ed52e4a
.
[ Carsten Schoenert ]
* [348f476] New upstream version 68.0~b5
* [2a2f101] New upstream version 68.1.1
Fixed CVE issues in upstream version 68.1 (MFSA 2019-20):
CVE-2019-11711: Script injection within domain through inner window reuse
CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins
by following 308 redirects
CVE-2019-11713: Use-after-free with HTTP/2 cached stream
CVE-2019-11714: NeckoChild can trigger crash when accessed off of main
thread
CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a
segmentation fault
CVE-2019-11715: HTML parsing error can contribute to content XSS
CVE-2019-11716: globalThis not enumerable until accessed
CVE-2019-11717: Caret character improperly escaped in origins
CVE-2019-11719: Out-of-bounds read when importing curve25519 private key
CVE-2019-11720: Character encoding XSS vulnerability
CVE-2019-11721: Domain spoofing through unicode latin 'kra' character
CVE-2019-11730: Same-origin policy treats all files in a directory as
having the same-origin
CVE-2019-11723: Cookie leakage during add-on fetching across private
browsing boundaries
CVE-2019-11724: Retired site input.mozilla.org has remote troubleshooting
permissions
CVE-2019-11725: Websocket resources bypass safebrowsing protections
CVE-2019-11727: PKCS#1 v1.5 signatures can be used for TLS 1.3
CVE-2019-11728: Port scanning through Alt-Svc header
CVE-2019-11710: Memory safety bugs fixed in Firefox 68 and Thunderbird 68
CVE-2019-11709: Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8,
and Thunderbird 68
.
Fixed CVE issues in upstream version 68.1 (MFSA 2019-20):
CVE-2019-11739: Covert Content Attack on S/MIME encryption using a crafted
multipart/alternative message
CVE-2019-11746: Use-after-free while manipulating video
CVE-2019-11744: XSS by breaking out of title and textarea elements using
innerHTML
CVE-2019-11742: Same-origin policy violation with SVG filters and canvas
to steal cross-origin images
CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB
CVE-2019-11743: Cross-origin access to unload event attributes
CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1,
Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9
.
Fixed CVE issues in upstream version 68.1.1 (MFSA 2019-32):
CVE-2019-11755: Spoofing a message author via a crafted S/MIME message
.
* [9342624] rebuild patch queue from patch-queue branch
added patches:
debian-hacks/Set-program-name-from-the-remoting-name.patch
debian-hacks/Use-remoting-name-for-call-to-gdk_set_program_class.patch
debian-hacks/Work-around-Debian-bug-844357.patch
fixes/Allow-.js-preference-files-to-set-locked-prefs-with-lockP.patch
fixes/Bug-1556197-amend-Bug-1544631-for-fixing-mips32.patch
fixes/Bug-1560340-Only-add-confvars.sh-as-a-dependency-to-confi.patch
porting-armhf/Bug-1526653-Include-struct-definitions-for-user_vfp-and-u.patch
.
removed patch (fixed upstream):
porting-mips/Fix-CPU_ARCH-test-for-libjpeg-on-mips.patch
porting/Work-around-GCC-ICE-on-mips-i386-and-s390x.patch
.
* [25cb500] d/control: increase various versions in B-D
* [ee5b713] d/control: remove B-D on librust-cbindgen-dev
Use librust-toml-dev instead, we only need some files from this package,
librust-cbindgen-dev is a metapackage which is broken while packaging.
* [442a6b1] d/rules: work around cargo needs a HOME dir
* [4894a4c] d/control: increase Standards-Version to 4.4.0
No further changes needed.
* [bb47b68] d/control: update upstream homepage for Thunderbird
Since some time Mozilla Thunderbird has a new homepage placed on URI
https://www.thunderbird.net/
* [a3b680e] d/source.filter: update the filter sequences
New Thunderbird upstream versions bringing some new unwanted files within
the source.
* [7290ff4] d/control: remove transitional lightning l10n packages
The Lightning l10n packages moved into transitional packages before Buster
was released, now after the Buster release removing these transitional
packages. All required l10n files are available in the packages
thunderbird-$(locale) even for Lightning.
* [3d1d27d] enigmail: increase minimal usable version
Thunderbird 68.x needs at least Enigmal in version 2.1, but increase the
version on Enigmail to the most recent version which is released while
packaging.
* [66069d9] calendar-exchange-provider: removed from Breaks
This package isn't alive in unstable and testing.
* [3b9f936] d/control: remove Xb-Xul-AppId field
Thunderbird don't has any Xul based AddOns since version 68.0
* [7d8cd7d] lintian-overrides: remove not needed overrides
thunderbird (1:68.0~b1-1) experimental; urgency=medium
.
* [0eabe70] New upstream version 68.0~b1
* [2febf67] rebuild patch queue from patch-queue branch
added patch:
debian-hacks/Downgrade-SQlite-version-to-3.27.2.patch
* [cfa5973] d/s/lintian-overrides: adjust overrides for needed files
* [46077e2] d/copyright: update after upstream changes
thunderbird (1:67.0~b3-1) experimental; urgency=medium
.
[ intrigeri ]
* [9ad75ad] d/rules: drop useless usage of dpkg-parsechangelog
.
[ Carsten Schoenert ]
* [d6f6747] New upstream version 67.0~b3
* [90f73be] rebuild patch queue from patch-queue branch
removed patch:
fixes/Bug-1515641-Turn-enable-av1-around.-r-nalexander.patch
* [7dd5c54] d/control: increase various B-D versions
Increasing the version for the build depending packages of cargo, cbindgen,
libnspr4-dev, libnss3-dev, libsqlite3-dev and rustc.
thunderbird (1:66.0~b1-1) experimental; urgency=medium
.
[ Carsten Schoenert ]
* [afe31d9] New upstream version 66.0~b1
* [4ec53cc] apparmor: update profile from upstream (commit 7ace41b1)
(cherry-picked from debian/sid)
* [b3657a0] d/rules: make dh_clean more robust
Remove some regenerated files in dh_clean to the build will not fail in
case the build needs to be started twice within the same build environment.
(cherry-picked from debian/sid)
* [dceb027] d/rules: move disable debug option into configure step
Adding the option '--disable-debug-symbols' to the file mozconfig.default
in case the build is running on a 32bit architecture instead of expanding
the variable 'CONFIGURE_FLAGS'. The configuration approach for this option
taken from firefox-esr was not working for the thunderbird package.
(cherry-picked from debian/sid)
* [f7f02a9] d/rules: reorder LDFLAGS for better readability
Make the used additional options for LDFLAGS better readable by reordering
the various used options. Also adding the option '-Wl, --as-needed' to the
list of used options here.
(cherry-picked from debian/sid)
* [79801fb] d/rules: use 'compress-debug-sections' only on 64bit
Do not set 'LDFLAGS += -Wl,--compress-debug-sections=zlib' globally, lets
use this option only if we are on a 64bit architecture as otherwise the
build is failing on 32bit architectures again. We don't want to build any
debug information on 32bit anyway so we don't need this option on these
platforms.
(cherry-picked from debian/sid)
* [11f9e14] d/mozconfig.default: adding option for mipsel
We don't have set up any options for the mipsel platform before, but the
build needs some additional options too on this platform to succeed.
(cherry-picked from debian/sid)
* [e46e178] d/mozconfig.default: disable ion on mips and mipsel
The build will fail on mips{,el} if we have enabled ION, the JavaScript
JIT compiler on these platforms will loose some performance by this.
(cherry-picked from debian/sid)
.
[ Alexander Nitsch ]
* [31b87e9] Make the logo SVG square
The original SVG source isn't completely square, modifying the SVG file
so all generated other files from the input are also exactly square.
* [c0f19a3] Add script for generating PNGs from logo SVG
* [c153c5f] Update icon PNGs to be properly scaled
.
[ Carsten Schoenert ]
* [c372e1f] d/source.filter: add some configure scripts
Filter out some files that are named 'configure', they are rebuild later
anyway. The filtering of these files is moved from gbp.conf to
source.filter.
(cherry-picked from debian/sid)
* [a40c5df] d/c-lightning-l10n-t.sh: drop version checking
Remove an old check for a version string within the file install.rdf.
It's not created any more by upstream since > 60.0.
* [05b325e] d/source.filter: don't ignore files in root folder
Try to not ignore files which are in the top root folder of the upstream
source tarball.
* [d2ca267] rebuild patch queue from patch-queue branch
added patch:
fixes/Bug-1515641-Turn-enable-av1-around.-r-nalexander.patch
.
modified (refreshed) patches:
porting-armel/Avoid-using-vmrs-vmsr-on-armel.patch
porting-armel/Bug-1463035-Remove-MOZ_SIGNAL_TRAMPOLINE.-r-darchons.patch
porting-kfreebsd-hurd/Allow-ipc-code-to-build-on-GNU-hurd.patch
porting-kfreebsd-hurd/Allow-ipc-code-to-build-on-GNU-kfreebsd.patch
porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch
porting-kfreebsd-hurd/Fix-GNU-non-Linux-failure-to-build-because-of-ipc-ch.patch
porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch
porting-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-Hurd.patch
porting-m68k/Add-m68k-support-to-Thunderbird.patch
.
removed patches (applied upstream):
fixes/Fix-big-endian-build-for-SKIA.patch
porting-kfreebsd-hurd/Fix-GNU-non-Linux-failure-to-build-because-of-ipc-ch.patch
porting-s390x/FTBFS-s390x-Use-jit-none-AtomicOperations-sparc.h-on-s390.patch
* [cb1dde9] d/control: increase version in B-D for libsqlite3-dev
* [54e8890] d/mozconfig.default: add new configure option
We need to disable the usage of libav1 for an successful build. The used
configure option was added by the new added patch to the patch queue.
* [ecd3ade] d/copyright: update after upstream changes
* [af58ed8] d/source.filter: add extra content to ignore
thunderbird (1:65.0~b1-1) experimental; urgency=medium
.
* [e5956ef] Merge tag 'debian/1%60.4.0-1' into debian/experimental
* [389748b] d/source.filter: adjust files to filter while repack
Rework of the file filter list due new upstream version but also to no
filter out files we obviously need later, e.g. for the omni.jar archive.
* [4b86a78] New upstream version 65.0~b1
* [3db29ed] rebuild patch queue from patch-queue branch
removed patches (fixed upstream):
debian-hacks/icu-use-locale.h-instead-of-xlocale.h.patch
debian-hacks/shellutil.py-ignore-tilde-as-special-character.patch
fixes/Build-also-gdata-provider-as-xpi-file.patch
fixes/Use-msse-2-fpmath-C-CXXFLAGS-only-on-x86_64-platforms.patch
porting-mips/Bug-1444303-MIPS-Fix-build-failures-after-Bug-1425580-par.patch
porting-mips/Bug-1444834-MIPS-Stubout-MacroAssembler-speculationBarrie.patch
porting-sparc64/Bug-1434726-Early-startup-crash-on-Linux-sparc64-in-HashI.patch
.
removed patches (dropped for Debian specific build):
debian-hacks/Don-t-build-testing-suites-and-stuff.patch
debian-hacks/Don-t-build-testing-suites-and-stuff-part-2.patch
adjusted patches:
.
debian-hacks/Add-another-preferences-directory-for-applications-p.patch
debian-hacks/stop-configure-if-with-system-bz2-was-passed-but-no-.patch
patches/fixes/Fix-big-endian-build-for-SKIA.patch (but currently disabled)
porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch
porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch
porting-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-Hurd.patch
porting-s390x/FTBFS-s390x-Use-jit-none-AtomicOperations-sparc.h-on-s390.patch
* [e918c6c] d/control: increase versions in B-D
New Thunderbirds version typically need other packages available with
higher versions like NSS, NSPR, rust ...
Also adding cbindgen and nodejs()!!).
* [b6c63bf] d/mozconfig.default: remove dead options
More old configure option are now not available anymore and we need to
drop them.
* [0f959ad] remove GCC specific options
LLVM's clang is now widely used, and clang isn't knowing the GCC options
'-fno-schedule-insns2' and '-fno-lifetime-dse', removing these options
from CFLAGS and CXXFLAGS.
* [d0b1f4b] d/rules: work around about strong quotings in .mk files
After the configuration of the source some Makefiles in the build folder
'obj-thunderbird' have a strong qouting on some entries. This will
later provoke a build failure if we don't remove the single quotes
before in the Makefiles.
* [093053e] copyright: update after upstream changes
* [95eaacf] d/s/lintian-overrides: adjust overrides for needed files
thunderbird (1:60.9.0-1) unstable; urgency=medium
.
* [5f7ba31] New upstream version 60.9.0
Fixed CVE issues in upstream version 60.8.0 (MFSA 2019-29)
CVE-2019-11746: Use-after-free while manipulating video
CVE-2019-11744: XSS by breaking out of title and textarea elements using
innerHTML
CVE-2019-11742: Same-origin policy violation with SVG filters and canvas
to steal cross-origin images
CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB
CVE-2019-11743: Cross-origin access to unload event attributes
CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1,
Firefox ESR 60.9, and Thunderbird 60.9
thunderbird (1:60.9.0-1~deb10u1) buster-security; urgency=medium
.
* Rebuild for buster-security
* [9802e1d] Revert "Use gcc-8 and g++-8 due broken build with GCC-9"
thunderbird (1:60.9.0-1~deb9u1) stretch-security; urgency=medium
.
[ Carsten Schoenert ]
* Rebuild for stretch-security
thunderbird (1:60.8.0-2) unstable; urgency=medium
.
* [41e9047] d/rules: work around carge needs a HOME dir
* [c67707c] Use gcc-8 and g++-8 due broken build with GCC-9
thunderbird (1:60.8.0-1) unstable; urgency=medium
.
* [49f4e91] New upstream version 60.8.0
Fixed CVE issues in upstream version 60.8.0 (MFSA 2019-23)
CVE-2019-9811: Sandbox escape via installation of malicious language pack
CVE-2019-11711: Script injection within domain through inner window reuse
CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins
by following 308 redirects
CVE-2019-11713: Use-after-free with HTTP/2 cached stream
CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a
segmentation fault
CVE-2019-11715: HTML parsing error can contribute to content XSS
CVE-2019-11717: Caret character improperly escaped in origins
CVE-2019-11719: Out-of-bounds read when importing curve25519 private key
CVE-2019-11730: Same-origin policy treats all files in a directory as
having the same-origin
CVE-2019-11709: Memory safety bugs fixed in Firefox 68, Firefox ESR 60.8,
and Thunderbird 60.8
thunderbird (1:60.8.0-1~deb10u1) buster-security; urgency=medium
.
[ Carsten Schoenert ]
* Rebuild for buster-security
tigervnc (1.7.0+dfsg-7+deb9u1) stretch; urgency=high
.
[ Joachim Falk ]
* Fix CVE-2019-15691, CVE-2019-15692, CVE-2019-15693, CVE-2019-15694, and
CVE-2019-15695 (Closes: #947428)
tightvnc (1:1.3.9-9+deb9u1) stretch; urgency=medium
.
* Security upload. (Closes: #945364).
* CVE-2014-6053: Check malloc() return value on client->server ClientCutText
message.
* CVE-2019-8287 (aka CVE-2018-20020): Fix heap out-of-bound write
vulnerability inside structure in VNC client code.
* CVE-2018-20021: CWE-835: Infinite loop vulnerability in VNC client code.
* CVE-2018-20022: CWE-665: Improper Initialization vulnerability.
* CVE-2018-7225: Uninitialized and potentially sensitive data could be
accessed by remote attackers because the msg.cct.length in rfbserver.c was
not sanitized.
* CVE-2019-15678: LibVNCClient: ignore server-sent cut text longer than 1MB.
* Extra patch similar to the fix for CVE-2019-15678: LibVNCClient: ignore
server-sent reason strings longer than 1MB (see CVE-2018-20748/
libvncserver).
* CVE-2019-15679: rfbproto.c/InitialiseRFBConnection: Check desktop name
length received before allocating memory for it and limit it to 1MB.
* CVE-2019-15680: Fix null-pointer-deref issue in vncviewer/zlib.c.
* CVE-2019-15681: rfbserver: don't leak stack memory to the remote.
tmpreaper (1.6.13+nmu1+deb9u2) stretch; urgency=medium
.
* Non-maintainer upload with maintainer approval.
* Add `--protect '/tmp/systemd-private*/*'` to cron job to prevent
breaking systemd services that have PrivateTmp=true (closes: #881725).
tomcat-native (1.2.21-1~deb9u1) stretch-security; urgency=high
.
* Team upload.
* Backport version 1.2.21 to Stretch.
* Revert to compat level 10.
tomcat-native (1.2.21-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
tomcat-native (1.2.19-1) unstable; urgency=medium
.
* Team upload.
* New upstream release
tomcat-native (1.2.18-1) unstable; urgency=medium
.
* Team upload.
* New upstream release
* Standards-Version updated to 4.2.1
tomcat-native (1.2.18-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
tomcat-native (1.2.17-1) unstable; urgency=medium
.
* Team upload.
* New upstream release
* Changed the priority from extra to optional
* Standards-Version updated to 4.1.4
* Switch to debhelper level 11
* Use salsa.debian.org Vcs-* URLs
tomcat-native (1.2.17-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
tomcat-native (1.2.16-1) unstable; urgency=medium
.
* Team upload.
* New upstream release
* Standards-Version updated to 4.1.3
tomcat-native (1.2.16-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
tomcat-native (1.2.14-1) unstable; urgency=medium
.
* Team upload.
* New upstream release
* Build with OpenSSL 1.1 (Closes: #859742)
* Updated debian/README.Debian
* Standards-Version updated to 4.1.0
tomcat8 (8.5.50-0+deb9u1) stretch-security; urgency=high
.
* Team upload.
* Fix CVE-2018-11784, CVE-2018-8014, CVE-2019-0199, CVE-2019-0221,
CVE-2019-12418, CVE-2019-17563.
Several security vulnerabilities were found in Tomcat 8 that may lead to
denial-of-service or local privilege escalation.
tomcat8 (8.5.39-1) experimental; urgency=medium
.
* Team upload.
* New upstream release
- Refreshed the patches
* Track and download the new releases from GitHub
tomcat8 (8.5.38-2) unstable; urgency=high
.
* Team upload.
* Apply upstream patch to unbreak the startup script (Closes: #922863)
tomcat8 (8.5.38-2~bpo9+1) stretch-backports; urgency=high
.
* Rebuild for stretch-backports.
* Team upload.
.
tomcat8 (8.5.38-2) unstable; urgency=high
.
* Team upload.
* Apply upstream patch to unbreak the startup script (Closes: #922863)
tomcat8 (8.5.38-1) unstable; urgency=medium
.
* Team upload.
* New upstream release
- Refreshed the patches
tomcat8 (8.5.38-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
tomcat8 (8.5.37-2) unstable; urgency=medium
.
* Team upload.
* No longer build the JavaEE API packages
* Standards-Version updated to 4.3.0
tomcat8 (8.5.37-1) unstable; urgency=medium
.
* Team upload.
* New upstream release
- Refreshed the patches
tomcat8 (8.5.37-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
tomcat8 (8.5.35-3) unstable; urgency=medium
.
* Team upload.
* Split libservlet3.1-java into separate JavaEE API packages
(libjsp-api-java, libel-api-java and libwebsocket-api-java)
* Updated the version required for libtcnative-1 (>= 1.2.18)
* Install the Russian translation added in Tomcat 8.5.33
tomcat8 (8.5.35-2) unstable; urgency=medium
.
* Team upload.
* Fixed the build failure with Easymock 4 (Closes: #913402)
tomcat8 (8.5.35-2~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
tomcat8 (8.5.35-1) unstable; urgency=medium
.
* Team upload.
.
[ Thomas Opfer ]
* Removed old version requirement for package ant-optional that is not
required any more.
.
[ Emmanuel Bourg ]
* New upstream release
- Refreshed the patches
tomcat8 (8.5.34-1) unstable; urgency=medium
.
* Team upload.
* New upstream release
- Refreshed the patches
tomcat8 (8.5.34-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
tomcat8 (8.5.33-1) unstable; urgency=medium
.
* Team upload.
* New upstream version 8.5.33.
- Tomcat compiles to Java 7 bytecode and passes release=7 to javac now.
This ensures backwards compatibility with older JREs. (Closes: #906447)
* Declare compliance with Debian Policy 4.2.1.
* Refresh 0025-invalid-configuration-exit-status.patch.
tomcat8 (8.5.33-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
tomcat8 (8.5.32-2) unstable; urgency=medium
.
* Team upload.
* Added a systemd service file (Closes: #832151, #817909)
* Look for the Java runtime in the paths used by java-package >= 0.61
(/usr/lib/jvm/oracle-java<n>-{jre,jdk}-*) (Closes: #894318)
* Install catalina.policy in the tomcat8-user package to be able to run
custom instances with a security manager (Closes: #736321)
* Disabled the shutdown port (8005) by default
* Updated the policy files in /etc/tomcat8/policy.d/
* Added the missing Maven rules to use the 8.x generic version for
tomcat-jaspic-api, tomcat-storeconfig and tomcat-util-scan
* Set the gecos field when creating the tomcat8 user
* No longer set JSSE_HOME in the init script (JSSE is enabled by default)
* Standards-Version updated to 4.2.0
tomcat8 (8.5.32-1) unstable; urgency=medium
.
* Team upload.
* New upstream release
- Refreshed the patches
tomcat8 (8.5.31-1) unstable; urgency=medium
.
* Team upload.
* New upstream release
* Build with ant/1.10.3-2 and the automatic 'release' attribute restoring
the backward compatibility with Java 7 (Closes: #895866)
* Search for Java 10 and 11 runtimes
* Don't follow the symlinks when setting the owner of the /var/log/tomcat8
and /var/cache/tomcat8 directories in the postinst script
* Use salsa.debian.org Vcs-* URLs
tomcat8 (8.5.30-1) unstable; urgency=medium
.
* Team upload.
* New upstream release
- Refreshed the patches
* Standards-Version updated to 4.1.4
tomcat8 (8.5.29-1) unstable; urgency=medium
.
* Team upload.
* New upstream release
- Refreshed the patches
tomcat8 (8.5.29-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
tomcat8 (8.5.28-1) unstable; urgency=medium
.
* New upstream release
- Refreshed the patches
- Disabled the tests checking the ARIA cipher since it isn't enabled
by default in OpenSSL
* Standards-Version updated to 4.1.3
* Switch to debhelper level 11
* Use a secure URL for checking and downloading the new releases
* No longer parse dpkg-parsechangelog in debian/rules
tomcat8 (8.5.28-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
tomcat8 (8.5.24-2) unstable; urgency=medium
.
* Team upload.
* Removed the setDefaultAsyncSendTimeout method mistakenly added to
javax.websocket.WebSocketContainer in the version 8.5.24 (Closes: #884046)
tomcat8 (8.5.24-2~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
tomcat8 (8.5.24-1) unstable; urgency=medium
.
* Team upload.
* New upstream release
- Refreshed the patches
* Standards-Version updated to 4.1.2
tomcat8 (8.5.23-1) unstable; urgency=medium
.
* Team upload.
* New upstream release
* Standards-Version updated to 4.1.1
tomcat8 (8.5.21-1) unstable; urgency=medium
.
* Team upload.
.
[ Emmanuel Bourg ]
* New upstream release
- Refreshed the patches
- Disabled Checkstyle
* Changed the Class-Path manifest entry of tomcat8-jasper.jar to use
the specification jars from libtomcat8-java instead of libservlet3.1-java
(Closes: #867247)
.
[ Miguel Landaeta ]
* Remove myself from uploaders. (Closes: #871892)
* Update copyright info.
tomcat8 (8.5.16-1) unstable; urgency=medium
.
* Team upload.
* New upstream release
- Refreshed the patches
* Standards-Version updated to 4.0.0
tomcat8 (8.5.15-1) unstable; urgency=medium
.
* Team upload.
* New upstream release
- Refreshed the patches
tomcat8 (8.5.14-2) unstable; urgency=high
.
* Team upload.
* Fixed CVE-2017-5664: Static error pages can be overwritten if the
DefaultServlet is configured to permit writes (Closes: #864447)
tzdata (2019c-0+deb9u1) stretch; urgency=medium
.
* New upstream version, affecting the following future timestamps:
- Fiji's next DST transitions will be 2019-11-10 and 2020-01-12
instead of 2019-11-03 and 2020-01-19.
- Norfolk Island will observe Australian-style DST starting in
spring 2019. The first transition is on 2019-10-06.
tzdata (2019b-2) unstable; urgency=medium
.
* Change provides to tzdata-bullseye from tzdata-buster.
tzdata (2019b-1) unstable; urgency=medium
.
* New upstream version, affecting the following past and future timestamps:
- Brazil has canceled DST and will stay on standard time indefinitely.
- Predictions for Morocco now go through 2087 instead of 2037.
- Palestine's 2019 spring transition was 03-29 at 00:00, not 03-30
at 01:00. Guess future transitions to be March's last Friday at 00:00.
- Many corrections to historical Hong Kong transitions from 1941 to 1947.
tzdata (2019b-0+deb10u1) buster; urgency=medium
.
* New upstream version, affecting the following past and future timestamps:
- Brazil has canceled DST and will stay on standard time indefinitely.
- Predictions for Morocco now go through 2087 instead of 2037.
- Palestine's 2019 spring transition was 03-29 at 00:00, not 03-30
at 01:00. Guess future transitions to be March's last Friday at 00:00.
- Many corrections to historical Hong Kong transitions from 1941 to 1947.
ublock-origin (1.22.2+dfsg-1~deb9u1) stretch; urgency=medium
.
* Backport of 1.22.2+dfsg-1 to Stretch. (Closes: #943470, #925337)
ublock-origin (1.19.0+dfsg-2) unstable; urgency=medium
.
* Upload to unstable.
* Declare compliance with Debian Policy 4.4.0.
ublock-origin (1.19.0+dfsg-1) experimental; urgency=medium
.
[ Michael Meskes ]
* Change package layout to allow for different file for each browser while at
the same time keeping firefox working despite its dislike for symlinks.
(Closes: #926586)
.
[ Markus Koschany ]
* New upstream version 1.19.0+dfsg.
ublock-origin (1.18.10+dfsg-1) experimental; urgency=medium
.
* New upstream version 1.18.10+dfsg.
* Fix ublock-origin being disabled with Firefox 66. (Closes: #925337)
* Switch to compat level 12.
ublock-origin (1.18.4+dfsg-2) unstable; urgency=medium
.
* Remove /etc/chromium.d/ublock-origin on upgrade because this file is
obsolete. (Closes: #923001)
ublock-origin (1.18.4+dfsg-1) unstable; urgency=medium
.
* New upstream version 1.18.4.
* Remove vapi-webrequest.patch. Fixed upstream.
* Drop 0004-patch-README-for-Debian.patch and do not install README.md.
.
[ Michael Meskes ]
* Remove debian/chromium/* since Chromium will load all extensions now.
ublock-origin (1.18.2+dfsg-2) unstable; urgency=medium
.
* Upload to unstable.
* Drop do-not-open-sidebar-on-first-start.patch. Fixed upstream.
* Reuse both flavors of webRequest wrapper in webext package.
Thanks to Raymond Hill for the patch. (Closes: #920652)
ublock-origin (1.18.2+dfsg-1) experimental; urgency=medium
.
* New upstream version 1.18.2 DFSG-cleaned.
* Declare compliance with Debian Policy 4.3.0.
* Remove debian/missing-sources again because upstream provides the sources.
* Compile all *.wat files from source now.
ublock-origin (1.17.0+dfsg-3) unstable; urgency=medium
.
* Replace symlink to fontawesome-webfont with a real file again. Firefox
silently ignored this symlink and icons were not displayed. This also fixes
the logger window which was empty before. (Closes: #916431, #906911)
ublock-origin (1.17.0+dfsg-2) unstable; urgency=medium
.
* Remove the quotation marks around boolean value in
do-not-open-sidebar-on-first-start.patch. That prevented Firefox from
loading the addon. Thanks to Eugen Dedu for the report.
(Closes: #910807)
ublock-origin (1.17.0+dfsg-1) unstable; urgency=medium
.
* New upstream version 1.17.0+dfsg.
* Update upstream changelog to the new release version.
* Drop make-webext-meta-encoding.patch and make-webext.patch. Fixed upstream.
* Add do-not-open-sidebar-on-first-start.patch and prevent that the sidebar
in Firefox opens on first startup. This feature only works in
Firefox >= 62. (Closes: #909493)
* Fix debian/watch and only track relevant upstream versions. Thanks to Sven
Joachim for the report and patch. (Closes: #908898)
ublock-origin (1.16.14+dfsg-2) unstable; urgency=medium
.
* Declare compliance with Debian Policy 4.2.1.
* Build-depend on python3 and fix that python commands were silently ignored
in make-webext.sh.
Thanks to Laurent Bigonville for the report. (Closes: #908509)
* Add make-webext.patch. Call bash with set -e and exit when a command exits
with a non-zero status. Also use the python3 executable instead of the
default python interpreter.
* Add make-webext-meta-encoding.patch and fix an encoding issue and fatal
error that would cause a FTBFS.
unhide (20130526-1+deb9u1) stretch; urgency=medium
.
* Team Upload.
* debian/patch/allocate-pid-arrays-from-heap.patch: Added to fix a stack
exhausting. Thanks to Bernhard Ãœbelacker <bernhardu@mailbox.org>.
(Closes: #945864)
x2goclient (4.0.5.2-2+deb9u1) stretch; urgency=medium
.
* debian/patches:
+ Add libssh-regression-fix-CVE-2019-14889.patch. In src/sshprocess.cpp:
strip ~/, ~user{,/}, ${HOME}{,/} and $HOME{,/} from destination paths
in scp mode. Fixes: #1428. This was already necessary for pascp (PuTTY-
based Windows solution for Kerberos support), but newer libssh versions
with the CVE-2019-14889 also interpret paths as literal strings.
(Closes: #947129).
xen (4.8.5.final+shim4.10.4-1+deb9u12) stretch-security; urgency=medium
.
* *NOTE* this will probably be the *LAST UPDATE* for Xen in Debian 9.x
(stretch), since this is the last batch of security patches from
upstream, where Xen 4.8 is out of security support.
.
* Update to new upstream final tip of 4.8 stable branch, which I have
dubbed upstream/stable-4.8.5.final. And shim 4.10.4.
* This includes fixes to:
XSA-311 CVE-2019-19577
XSA-310 CVE-2019-19580
XSA-309 CVE-2019-19578
XSA-308 CVE-2019-19583
XSA-307 CVE-2019-19581 CVE-2019-19582
XSA-306 CVE-2019-19579
XSA-305 CVE-2019-11135
XSA-304 CVE-2018-12207
XSA-303 CVE-2019-18422
XSA-302 CVE-2019-18424
XSA-301 CVE-2019-18423
XSA-299 CVE-2019-18421
XSA-298 CVE-2019-18425
XSA-297 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091
XSA-296 CVE-2019-18420
XSA-295 CVE-2019-17349 CVE-2019-17350
XSA-294 CVE-2019-17348
XSA-293 CVE-2019-17347
XSA-292 CVE-2019-17346
XSA-291 CVE-2019-17345
XSA-290 CVE-2019-17344
XSA-288 CVE-2019-17343
XSA-287 CVE-2019-17342
XSA-285 CVE-2019-17341
XSA-284 CVE-2019-17340
* For completeness, the following are not applicable:
XSA-300 CVE-2019-17351 Bug is in Linux
XSA-289 Spectre V1 + L1TF combo; no new fixes
XSA-283 Withdrawn XSA number
XSA-281 Withdrawn XSA number
* The following is *not* fixed at this time:
XSA-286 Still embargoed.
.
* README.comet: remove line about PVH support.
[Hans van Kranenburg] Closes:#908453.
xml-security-c (1.7.3-4+deb9u2) stretch; urgency=medium
.
* [12dd825] New patches: DSA verification crashes OpenSSL on invalid
combinations of key content.
Particular KeyInfo combinations result in incomplete DSA key structures
that OpenSSL can't handle without crashing. In the case of Shibboleth
SP software this manifests as a crash in the shibd daemon. Exploitation
is believed to be possible only in deployments employing the PKIX trust
engine, which is generally recommended against.
The upstream patches backported from 2.0.2 apply analogous safeguards to
the RSA and ECDSA key handling as well.
Upstream bug: https://issues.apache.org/jira/browse/SANTUARIO-496
CVE: not assigned
Thanks to Scott Cantor (Closes: #913136)
=======================================
Sun, 08 Sep 2019 - Debian 9.11 released
=======================================
base-files (9.9+deb9u11) stretch; urgency=emergency
.
* Non-maintainer upload.
* Change /etc/debian_version to 9.11, for Debian 9.11 point release.
bogl (0.1.18-11+deb9u1) stretch; urgency=high
.
* bogl-term.c: Call iswspace instead of isspace, fixes crash on U+FEFF.
debian-installer-netboot-images (20170615+deb9u7.b2) stretch; urgency=emergency
.
* Update to 20170615+deb9u2+b2, from stretch-proposed-updates
=======================================
Sat, 07 Sep 2019 - Debian 9.10 released
=======================================
==========================================================================
[Date: Sat, 07 Sep 2019 10:45:07 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
icedove-dev | 1:60.0-2~deb9u1 | all
icedove-l10n-bn-bd | 1:60.0-2~deb9u1 | all
icedove-l10n-pa-in | 1:60.0-2~deb9u1 | all
icedove-l10n-ta-lk | 1:60.0-2~deb9u1 | all
iceowl-l10n-bn-bd | 1:60.0-2~deb9u1 | all
iceowl-l10n-pa-in | 1:60.0-2~deb9u1 | all
iceowl-l10n-ta-lk | 1:60.0-2~deb9u1 | all
lightning-l10n-bn-bd | 1:60.0-2~deb9u1 | all
lightning-l10n-pa-in | 1:60.0-2~deb9u1 | all
lightning-l10n-ta-lk | 1:60.0-2~deb9u1 | all
thunderbird-l10n-bn-bd | 1:60.0-2~deb9u1 | all
thunderbird-l10n-pa-in | 1:60.0-2~deb9u1 | all
thunderbird-l10n-ta-lk | 1:60.0-2~deb9u1 | all
Maintainer: Carsten Schoenert <c.schoenert@t-online.de>
------------------- Reason -------------------
[auto-cruft] obsoleted
----------------------------------------------
linux-headers-4.9.0-9-common | 4.9.168-1+deb9u3 | all
linux-headers-4.9.0-9-common-rt | 4.9.168-1+deb9u3 | all
linux-support-4.9.0-9 | 4.9.168-1+deb9u3 | all
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
linux-headers-4.9.0-10-common | 4.9.185-1 | all
linux-headers-4.9.0-10-common-rt | 4.9.185-1 | all
linux-support-4.9.0-10 | 4.9.185-1 | all
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
libclamav7 | 0.100.3+dfsg-0+deb9u1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
Maintainer: ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by clamav)
----------------------------------------------
libclamunrar7 | 0.100.1-0+deb9u1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
Maintainer: ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by libclamunrar)
----------------------------------------------
ata-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
ata-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
btrfs-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
btrfs-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
cdrom-core-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
cdrom-core-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
crc-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
crc-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
crypto-dm-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
crypto-dm-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
crypto-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
crypto-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
efi-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
efi-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
event-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
event-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
ext4-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
ext4-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
fat-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
fat-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
fb-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
fb-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
fuse-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
fuse-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
i2c-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
i2c-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
input-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
input-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
isofs-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
isofs-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
jfs-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
jfs-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
kernel-image-4.9.0-10-arm64-di | 4.9.185-1 | arm64
kernel-image-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
leds-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
leds-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
linux-headers-4.9.0-10-all-arm64 | 4.9.185-1 | arm64
linux-headers-4.9.0-10-arm64 | 4.9.185-1 | arm64
linux-headers-4.9.0-9-all-arm64 | 4.9.168-1+deb9u3 | arm64
linux-headers-4.9.0-9-arm64 | 4.9.168-1+deb9u3 | arm64
linux-image-4.9.0-10-arm64 | 4.9.185-1 | arm64
linux-image-4.9.0-10-arm64-dbg | 4.9.185-1 | arm64
linux-image-4.9.0-9-arm64 | 4.9.168-1+deb9u3 | arm64
linux-image-4.9.0-9-arm64-dbg | 4.9.168-1+deb9u3 | arm64
loop-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
loop-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
md-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
md-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
mmc-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
mmc-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
multipath-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
multipath-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
nbd-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
nbd-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
nic-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
nic-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
nic-shared-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
nic-shared-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
nic-usb-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
nic-usb-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
nic-wireless-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
nic-wireless-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
ppp-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
ppp-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
sata-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
sata-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
scsi-core-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
scsi-core-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
scsi-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
scsi-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
squashfs-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
squashfs-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
udf-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
udf-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
uinput-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
uinput-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
usb-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
usb-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
usb-storage-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
usb-storage-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
virtio-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
virtio-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
xfs-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64
xfs-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
btrfs-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
btrfs-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
cdrom-core-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
cdrom-core-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
crc-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
crc-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
crypto-dm-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
crypto-dm-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
crypto-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
crypto-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
event-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
event-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
ext4-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
ext4-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
fat-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
fat-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
fb-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
fb-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
fuse-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
fuse-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
input-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
input-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
ipv6-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
ipv6-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
isofs-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
isofs-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
jffs2-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
jffs2-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
jfs-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
jfs-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
kernel-image-4.9.0-10-marvell-di | 4.9.185-1 | armel
kernel-image-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
leds-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
leds-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
linux-headers-4.9.0-10-all-armel | 4.9.185-1 | armel
linux-headers-4.9.0-10-marvell | 4.9.185-1 | armel
linux-headers-4.9.0-9-all-armel | 4.9.168-1+deb9u3 | armel
linux-headers-4.9.0-9-marvell | 4.9.168-1+deb9u3 | armel
linux-image-4.9.0-10-marvell | 4.9.185-1 | armel
linux-image-4.9.0-10-marvell-dbg | 4.9.185-1 | armel
linux-image-4.9.0-9-marvell | 4.9.168-1+deb9u3 | armel
linux-image-4.9.0-9-marvell-dbg | 4.9.168-1+deb9u3 | armel
loop-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
loop-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
md-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
md-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
minix-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
minix-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
mmc-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
mmc-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
mouse-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
mouse-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
mtd-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
mtd-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
multipath-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
multipath-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
nbd-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
nbd-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
nic-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
nic-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
nic-shared-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
nic-shared-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
nic-usb-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
nic-usb-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
ppp-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
ppp-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
sata-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
sata-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
scsi-core-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
scsi-core-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
squashfs-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
squashfs-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
udf-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
udf-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
uinput-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
uinput-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
usb-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
usb-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
usb-serial-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
usb-serial-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
usb-storage-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
usb-storage-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
zlib-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel
zlib-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
ata-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
ata-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
btrfs-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
btrfs-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
crc-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
crc-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
crypto-dm-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
crypto-dm-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
crypto-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
crypto-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
efi-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
efi-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
event-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
event-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
ext4-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
ext4-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
fat-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
fat-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
fb-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
fb-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
fuse-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
fuse-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
i2c-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
i2c-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
input-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
input-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
isofs-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
isofs-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
jfs-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
jfs-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
kernel-image-4.9.0-10-armmp-di | 4.9.185-1 | armhf
kernel-image-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
leds-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
leds-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
linux-headers-4.9.0-10-all-armhf | 4.9.185-1 | armhf
linux-headers-4.9.0-10-armmp | 4.9.185-1 | armhf
linux-headers-4.9.0-10-armmp-lpae | 4.9.185-1 | armhf
linux-headers-4.9.0-9-all-armhf | 4.9.168-1+deb9u3 | armhf
linux-headers-4.9.0-9-armmp | 4.9.168-1+deb9u3 | armhf
linux-headers-4.9.0-9-armmp-lpae | 4.9.168-1+deb9u3 | armhf
linux-image-4.9.0-10-armmp | 4.9.185-1 | armhf
linux-image-4.9.0-10-armmp-dbg | 4.9.185-1 | armhf
linux-image-4.9.0-10-armmp-lpae | 4.9.185-1 | armhf
linux-image-4.9.0-10-armmp-lpae-dbg | 4.9.185-1 | armhf
linux-image-4.9.0-9-armmp | 4.9.168-1+deb9u3 | armhf
linux-image-4.9.0-9-armmp-dbg | 4.9.168-1+deb9u3 | armhf
linux-image-4.9.0-9-armmp-lpae | 4.9.168-1+deb9u3 | armhf
linux-image-4.9.0-9-armmp-lpae-dbg | 4.9.168-1+deb9u3 | armhf
loop-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
loop-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
md-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
md-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
mmc-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
mmc-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
mtd-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
mtd-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
multipath-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
multipath-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
nbd-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
nbd-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
nic-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
nic-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
nic-shared-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
nic-shared-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
nic-usb-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
nic-usb-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
nic-wireless-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
nic-wireless-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
pata-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
pata-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
ppp-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
ppp-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
sata-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
sata-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
scsi-core-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
scsi-core-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
scsi-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
scsi-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
squashfs-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
squashfs-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
udf-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
udf-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
uinput-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
uinput-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
usb-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
usb-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
usb-storage-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
usb-storage-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
virtio-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
virtio-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
zlib-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf
zlib-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
acpi-modules-4.9.0-10-686-di | 4.9.185-1 | i386
acpi-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
acpi-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
acpi-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
ata-modules-4.9.0-10-686-di | 4.9.185-1 | i386
ata-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
ata-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
ata-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
btrfs-modules-4.9.0-10-686-di | 4.9.185-1 | i386
btrfs-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
btrfs-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
btrfs-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
cdrom-core-modules-4.9.0-10-686-di | 4.9.185-1 | i386
cdrom-core-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
cdrom-core-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
cdrom-core-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
crc-modules-4.9.0-10-686-di | 4.9.185-1 | i386
crc-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
crc-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
crc-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
crypto-dm-modules-4.9.0-10-686-di | 4.9.185-1 | i386
crypto-dm-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
crypto-dm-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
crypto-dm-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
crypto-modules-4.9.0-10-686-di | 4.9.185-1 | i386
crypto-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
crypto-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
crypto-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
efi-modules-4.9.0-10-686-di | 4.9.185-1 | i386
efi-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
efi-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
efi-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
event-modules-4.9.0-10-686-di | 4.9.185-1 | i386
event-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
event-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
event-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
ext4-modules-4.9.0-10-686-di | 4.9.185-1 | i386
ext4-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
ext4-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
ext4-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
fat-modules-4.9.0-10-686-di | 4.9.185-1 | i386
fat-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
fat-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
fat-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
fb-modules-4.9.0-10-686-di | 4.9.185-1 | i386
fb-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
fb-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
fb-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
firewire-core-modules-4.9.0-10-686-di | 4.9.185-1 | i386
firewire-core-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
firewire-core-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
firewire-core-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
fuse-modules-4.9.0-10-686-di | 4.9.185-1 | i386
fuse-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
fuse-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
fuse-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
hyperv-modules-4.9.0-10-686-di | 4.9.185-1 | i386
hyperv-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
hyperv-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
hyperv-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
i2c-modules-4.9.0-10-686-di | 4.9.185-1 | i386
i2c-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
i2c-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
i2c-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
input-modules-4.9.0-10-686-di | 4.9.185-1 | i386
input-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
input-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
input-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
isofs-modules-4.9.0-10-686-di | 4.9.185-1 | i386
isofs-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
isofs-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
isofs-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
jfs-modules-4.9.0-10-686-di | 4.9.185-1 | i386
jfs-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
jfs-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
jfs-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
kernel-image-4.9.0-10-686-di | 4.9.185-1 | i386
kernel-image-4.9.0-10-686-pae-di | 4.9.185-1 | i386
kernel-image-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
kernel-image-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
linux-headers-4.9.0-10-686 | 4.9.185-1 | i386
linux-headers-4.9.0-10-686-pae | 4.9.185-1 | i386
linux-headers-4.9.0-10-all-i386 | 4.9.185-1 | i386
linux-headers-4.9.0-10-rt-686-pae | 4.9.185-1 | i386
linux-headers-4.9.0-9-686 | 4.9.168-1+deb9u3 | i386
linux-headers-4.9.0-9-686-pae | 4.9.168-1+deb9u3 | i386
linux-headers-4.9.0-9-all-i386 | 4.9.168-1+deb9u3 | i386
linux-headers-4.9.0-9-rt-686-pae | 4.9.168-1+deb9u3 | i386
linux-image-4.9.0-10-686 | 4.9.185-1 | i386
linux-image-4.9.0-10-686-dbg | 4.9.185-1 | i386
linux-image-4.9.0-10-686-pae | 4.9.185-1 | i386
linux-image-4.9.0-10-686-pae-dbg | 4.9.185-1 | i386
linux-image-4.9.0-10-rt-686-pae | 4.9.185-1 | i386
linux-image-4.9.0-10-rt-686-pae-dbg | 4.9.185-1 | i386
linux-image-4.9.0-9-686 | 4.9.168-1+deb9u3 | i386
linux-image-4.9.0-9-686-dbg | 4.9.168-1+deb9u3 | i386
linux-image-4.9.0-9-686-pae | 4.9.168-1+deb9u3 | i386
linux-image-4.9.0-9-686-pae-dbg | 4.9.168-1+deb9u3 | i386
linux-image-4.9.0-9-rt-686-pae | 4.9.168-1+deb9u3 | i386
linux-image-4.9.0-9-rt-686-pae-dbg | 4.9.168-1+deb9u3 | i386
loop-modules-4.9.0-10-686-di | 4.9.185-1 | i386
loop-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
loop-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
loop-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
md-modules-4.9.0-10-686-di | 4.9.185-1 | i386
md-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
md-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
md-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
mmc-core-modules-4.9.0-10-686-di | 4.9.185-1 | i386
mmc-core-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
mmc-core-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
mmc-core-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
mmc-modules-4.9.0-10-686-di | 4.9.185-1 | i386
mmc-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
mmc-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
mmc-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
mouse-modules-4.9.0-10-686-di | 4.9.185-1 | i386
mouse-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
mouse-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
mouse-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
multipath-modules-4.9.0-10-686-di | 4.9.185-1 | i386
multipath-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
multipath-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
multipath-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
nbd-modules-4.9.0-10-686-di | 4.9.185-1 | i386
nbd-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
nbd-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
nbd-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
nic-modules-4.9.0-10-686-di | 4.9.185-1 | i386
nic-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
nic-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
nic-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
nic-pcmcia-modules-4.9.0-10-686-di | 4.9.185-1 | i386
nic-pcmcia-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
nic-pcmcia-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
nic-pcmcia-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
nic-shared-modules-4.9.0-10-686-di | 4.9.185-1 | i386
nic-shared-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
nic-shared-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
nic-shared-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
nic-usb-modules-4.9.0-10-686-di | 4.9.185-1 | i386
nic-usb-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
nic-usb-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
nic-usb-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
nic-wireless-modules-4.9.0-10-686-di | 4.9.185-1 | i386
nic-wireless-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
nic-wireless-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
nic-wireless-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
ntfs-modules-4.9.0-10-686-di | 4.9.185-1 | i386
ntfs-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
ntfs-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
ntfs-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
pata-modules-4.9.0-10-686-di | 4.9.185-1 | i386
pata-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
pata-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
pata-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
pcmcia-modules-4.9.0-10-686-di | 4.9.185-1 | i386
pcmcia-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
pcmcia-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
pcmcia-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
pcmcia-storage-modules-4.9.0-10-686-di | 4.9.185-1 | i386
pcmcia-storage-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
pcmcia-storage-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
pcmcia-storage-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
ppp-modules-4.9.0-10-686-di | 4.9.185-1 | i386
ppp-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
ppp-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
ppp-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
sata-modules-4.9.0-10-686-di | 4.9.185-1 | i386
sata-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
sata-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
sata-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
scsi-core-modules-4.9.0-10-686-di | 4.9.185-1 | i386
scsi-core-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
scsi-core-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
scsi-core-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
scsi-modules-4.9.0-10-686-di | 4.9.185-1 | i386
scsi-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
scsi-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
scsi-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
serial-modules-4.9.0-10-686-di | 4.9.185-1 | i386
serial-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
serial-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
serial-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
sound-modules-4.9.0-10-686-di | 4.9.185-1 | i386
sound-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
sound-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
sound-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
speakup-modules-4.9.0-10-686-di | 4.9.185-1 | i386
speakup-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
speakup-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
speakup-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
squashfs-modules-4.9.0-10-686-di | 4.9.185-1 | i386
squashfs-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
squashfs-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
squashfs-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
udf-modules-4.9.0-10-686-di | 4.9.185-1 | i386
udf-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
udf-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
udf-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
uinput-modules-4.9.0-10-686-di | 4.9.185-1 | i386
uinput-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
uinput-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
uinput-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
usb-modules-4.9.0-10-686-di | 4.9.185-1 | i386
usb-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
usb-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
usb-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
usb-serial-modules-4.9.0-10-686-di | 4.9.185-1 | i386
usb-serial-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
usb-serial-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
usb-serial-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
usb-storage-modules-4.9.0-10-686-di | 4.9.185-1 | i386
usb-storage-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
usb-storage-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
usb-storage-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
virtio-modules-4.9.0-10-686-di | 4.9.185-1 | i386
virtio-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
virtio-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
virtio-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
xfs-modules-4.9.0-10-686-di | 4.9.185-1 | i386
xfs-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386
xfs-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386
xfs-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
linux-headers-4.9.0-10-all-mips | 4.9.185-1 | mips
linux-headers-4.9.0-9-all-mips | 4.9.168-1+deb9u3 | mips
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
affs-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
affs-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
btrfs-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
btrfs-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
cdrom-core-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
cdrom-core-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
crc-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
crc-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
crypto-dm-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
crypto-dm-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
crypto-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
crypto-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
event-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
event-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
ext4-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
ext4-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
fat-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
fat-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
fuse-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
fuse-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
hfs-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
hfs-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
input-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
input-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
isofs-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
isofs-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
jfs-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
jfs-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
kernel-image-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
kernel-image-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
linux-headers-4.9.0-10-5kc-malta | 4.9.185-1 | mips, mips64el, mipsel
linux-headers-4.9.0-10-octeon | 4.9.185-1 | mips, mips64el, mipsel
linux-headers-4.9.0-9-5kc-malta | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
linux-headers-4.9.0-9-octeon | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
linux-image-4.9.0-10-5kc-malta | 4.9.185-1 | mips, mips64el, mipsel
linux-image-4.9.0-10-5kc-malta-dbg | 4.9.185-1 | mips, mips64el, mipsel
linux-image-4.9.0-10-octeon | 4.9.185-1 | mips, mips64el, mipsel
linux-image-4.9.0-10-octeon-dbg | 4.9.185-1 | mips, mips64el, mipsel
linux-image-4.9.0-9-5kc-malta | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
linux-image-4.9.0-9-5kc-malta-dbg | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
linux-image-4.9.0-9-octeon | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
linux-image-4.9.0-9-octeon-dbg | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
loop-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
loop-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
md-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
md-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
minix-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
minix-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
multipath-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
multipath-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
nbd-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
nbd-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
nic-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
nic-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
nic-shared-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
nic-shared-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
nic-usb-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
nic-usb-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
nic-wireless-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
nic-wireless-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
ntfs-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
ntfs-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
pata-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
pata-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
ppp-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
ppp-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
rtc-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
rtc-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
sata-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
sata-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
scsi-core-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
scsi-core-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
scsi-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
scsi-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
sound-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
sound-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
squashfs-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
squashfs-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
udf-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
udf-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
usb-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
usb-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
usb-serial-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
usb-serial-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
usb-storage-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
usb-storage-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
virtio-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
virtio-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
xfs-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
xfs-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
zlib-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel
zlib-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
affs-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
affs-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
ata-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
ata-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
btrfs-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
btrfs-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
cdrom-core-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
cdrom-core-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
crc-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
crc-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
crypto-dm-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
crypto-dm-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
crypto-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
crypto-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
event-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
event-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
ext4-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
ext4-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
fat-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
fat-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
fuse-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
fuse-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
hfs-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
hfs-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
i2c-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
i2c-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
input-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
input-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
isofs-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
isofs-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
jfs-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
jfs-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
kernel-image-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
kernel-image-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
linux-headers-4.9.0-10-4kc-malta | 4.9.185-1 | mips, mipsel
linux-headers-4.9.0-9-4kc-malta | 4.9.168-1+deb9u3 | mips, mipsel
linux-image-4.9.0-10-4kc-malta | 4.9.185-1 | mips, mipsel
linux-image-4.9.0-10-4kc-malta-dbg | 4.9.185-1 | mips, mipsel
linux-image-4.9.0-9-4kc-malta | 4.9.168-1+deb9u3 | mips, mipsel
linux-image-4.9.0-9-4kc-malta-dbg | 4.9.168-1+deb9u3 | mips, mipsel
loop-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
loop-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
md-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
md-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
minix-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
minix-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
mmc-core-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
mmc-core-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
mmc-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
mmc-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
mouse-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
mouse-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
multipath-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
multipath-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
nbd-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
nbd-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
nic-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
nic-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
nic-shared-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
nic-shared-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
nic-usb-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
nic-usb-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
nic-wireless-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
nic-wireless-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
ntfs-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
ntfs-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
pata-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
pata-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
ppp-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
ppp-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
sata-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
sata-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
scsi-core-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
scsi-core-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
scsi-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
scsi-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
sound-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
sound-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
squashfs-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
squashfs-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
udf-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
udf-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
usb-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
usb-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
usb-serial-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
usb-serial-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
usb-storage-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
usb-storage-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
virtio-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
virtio-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
xfs-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
xfs-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
zlib-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel
zlib-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
affs-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
affs-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
ata-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
ata-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
btrfs-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
btrfs-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
cdrom-core-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
cdrom-core-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
crc-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
crc-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
crypto-dm-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
crypto-dm-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
crypto-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
crypto-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
event-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
event-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
ext4-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
ext4-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
fat-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
fat-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
fuse-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
fuse-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
hfs-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
hfs-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
i2c-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
i2c-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
input-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
input-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
isofs-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
isofs-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
jfs-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
jfs-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
kernel-image-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
kernel-image-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
linux-headers-4.9.0-10-all-mips64el | 4.9.185-1 | mips64el
linux-headers-4.9.0-9-all-mips64el | 4.9.168-1+deb9u3 | mips64el
loop-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
loop-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
md-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
md-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
minix-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
minix-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
mmc-core-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
mmc-core-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
mmc-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
mmc-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
mouse-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
mouse-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
multipath-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
multipath-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
nbd-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
nbd-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
nic-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
nic-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
nic-shared-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
nic-shared-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
nic-usb-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
nic-usb-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
nic-wireless-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
nic-wireless-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
ntfs-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
ntfs-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
pata-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
pata-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
ppp-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
ppp-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
sata-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
sata-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
scsi-core-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
scsi-core-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
scsi-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
scsi-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
sound-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
sound-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
squashfs-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
squashfs-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
udf-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
udf-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
usb-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
usb-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
usb-serial-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
usb-serial-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
usb-storage-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
usb-storage-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
virtio-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
virtio-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
xfs-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
xfs-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
zlib-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el
zlib-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
affs-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
affs-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
ata-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
ata-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
btrfs-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
btrfs-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
cdrom-core-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
cdrom-core-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
crc-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
crc-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
crypto-dm-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
crypto-dm-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
crypto-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
crypto-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
event-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
event-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
ext4-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
ext4-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
fat-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
fat-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
fb-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
fb-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
firewire-core-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
firewire-core-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
fuse-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
fuse-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
hfs-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
hfs-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
input-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
input-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
isofs-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
isofs-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
jfs-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
jfs-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
kernel-image-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
kernel-image-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
linux-headers-4.9.0-10-loongson-3 | 4.9.185-1 | mips64el, mipsel
linux-headers-4.9.0-9-loongson-3 | 4.9.168-1+deb9u3 | mips64el, mipsel
linux-image-4.9.0-10-loongson-3 | 4.9.185-1 | mips64el, mipsel
linux-image-4.9.0-10-loongson-3-dbg | 4.9.185-1 | mips64el, mipsel
linux-image-4.9.0-9-loongson-3 | 4.9.168-1+deb9u3 | mips64el, mipsel
linux-image-4.9.0-9-loongson-3-dbg | 4.9.168-1+deb9u3 | mips64el, mipsel
loop-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
loop-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
md-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
md-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
minix-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
minix-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
multipath-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
multipath-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
nbd-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
nbd-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
nfs-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
nfs-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
nic-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
nic-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
nic-shared-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
nic-shared-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
nic-usb-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
nic-usb-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
nic-wireless-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
nic-wireless-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
ntfs-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
ntfs-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
pata-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
pata-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
ppp-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
ppp-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
sata-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
sata-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
scsi-core-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
scsi-core-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
scsi-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
scsi-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
sound-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
sound-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
speakup-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
speakup-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
squashfs-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
squashfs-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
udf-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
udf-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
usb-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
usb-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
usb-serial-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
usb-serial-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
usb-storage-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
usb-storage-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
virtio-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
virtio-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
xfs-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
xfs-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
zlib-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel
zlib-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
linux-headers-4.9.0-10-all-mipsel | 4.9.185-1 | mipsel
linux-headers-4.9.0-9-all-mipsel | 4.9.168-1+deb9u3 | mipsel
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
ata-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
ata-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
btrfs-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
btrfs-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
cdrom-core-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
cdrom-core-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
crc-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
crc-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
crypto-dm-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
crypto-dm-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
crypto-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
crypto-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
event-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
event-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
ext4-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
ext4-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
fancontrol-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
fancontrol-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
fat-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
fat-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
firewire-core-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
firewire-core-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
fuse-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
fuse-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
hypervisor-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
hypervisor-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
input-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
input-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
isofs-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
isofs-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
jfs-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
jfs-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
kernel-image-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
kernel-image-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
linux-headers-4.9.0-10-all-ppc64el | 4.9.185-1 | ppc64el
linux-headers-4.9.0-10-powerpc64le | 4.9.185-1 | ppc64el
linux-headers-4.9.0-9-all-ppc64el | 4.9.168-1+deb9u3 | ppc64el
linux-headers-4.9.0-9-powerpc64le | 4.9.168-1+deb9u3 | ppc64el
linux-image-4.9.0-10-powerpc64le | 4.9.185-1 | ppc64el
linux-image-4.9.0-10-powerpc64le-dbg | 4.9.185-1 | ppc64el
linux-image-4.9.0-9-powerpc64le | 4.9.168-1+deb9u3 | ppc64el
linux-image-4.9.0-9-powerpc64le-dbg | 4.9.168-1+deb9u3 | ppc64el
loop-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
loop-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
md-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
md-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
mouse-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
mouse-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
multipath-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
multipath-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
nbd-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
nbd-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
nic-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
nic-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
nic-shared-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
nic-shared-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
ppp-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
ppp-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
sata-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
sata-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
scsi-core-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
scsi-core-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
scsi-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
scsi-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
serial-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
serial-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
squashfs-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
squashfs-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
udf-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
udf-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
uinput-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
uinput-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
usb-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
usb-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
usb-serial-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
usb-serial-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
usb-storage-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
usb-storage-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
virtio-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
virtio-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
xfs-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el
xfs-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
acpi-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
acpi-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
ata-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
ata-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
btrfs-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
btrfs-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
cdrom-core-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
cdrom-core-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
crc-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
crc-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
crypto-dm-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
crypto-dm-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
crypto-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
crypto-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
efi-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
efi-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
event-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
event-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
ext4-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
ext4-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
fat-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
fat-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
fb-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
fb-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
firewire-core-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
firewire-core-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
fuse-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
fuse-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
hyperv-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
hyperv-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
i2c-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
i2c-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
input-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
input-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
isofs-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
isofs-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
jfs-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
jfs-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
kernel-image-4.9.0-10-amd64-di | 4.9.185-1 | amd64
kernel-image-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
linux-headers-4.9.0-10-all-amd64 | 4.9.185-1 | amd64
linux-headers-4.9.0-10-amd64 | 4.9.185-1 | amd64
linux-headers-4.9.0-10-rt-amd64 | 4.9.185-1 | amd64
linux-headers-4.9.0-9-all-amd64 | 4.9.168-1+deb9u3 | amd64
linux-headers-4.9.0-9-amd64 | 4.9.168-1+deb9u3 | amd64
linux-headers-4.9.0-9-rt-amd64 | 4.9.168-1+deb9u3 | amd64
linux-image-4.9.0-10-amd64 | 4.9.185-1 | amd64
linux-image-4.9.0-10-amd64-dbg | 4.9.185-1 | amd64
linux-image-4.9.0-10-rt-amd64 | 4.9.185-1 | amd64
linux-image-4.9.0-10-rt-amd64-dbg | 4.9.185-1 | amd64
linux-image-4.9.0-9-amd64 | 4.9.168-1+deb9u3 | amd64
linux-image-4.9.0-9-amd64-dbg | 4.9.168-1+deb9u3 | amd64
linux-image-4.9.0-9-rt-amd64 | 4.9.168-1+deb9u3 | amd64
linux-image-4.9.0-9-rt-amd64-dbg | 4.9.168-1+deb9u3 | amd64
loop-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
loop-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
md-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
md-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
mmc-core-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
mmc-core-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
mmc-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
mmc-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
mouse-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
mouse-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
multipath-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
multipath-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
nbd-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
nbd-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
nic-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
nic-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
nic-pcmcia-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
nic-pcmcia-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
nic-shared-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
nic-shared-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
nic-usb-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
nic-usb-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
nic-wireless-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
nic-wireless-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
ntfs-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
ntfs-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
pata-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
pata-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
pcmcia-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
pcmcia-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
pcmcia-storage-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
pcmcia-storage-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
ppp-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
ppp-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
sata-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
sata-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
scsi-core-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
scsi-core-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
scsi-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
scsi-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
serial-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
serial-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
sound-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
sound-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
speakup-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
speakup-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
squashfs-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
squashfs-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
udf-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
udf-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
uinput-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
uinput-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
usb-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
usb-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
usb-serial-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
usb-serial-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
usb-storage-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
usb-storage-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
virtio-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
virtio-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
xfs-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64
xfs-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
btrfs-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x
btrfs-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x
crc-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x
crc-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x
crypto-dm-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x
crypto-dm-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x
crypto-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x
crypto-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x
dasd-extra-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x
dasd-extra-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x
dasd-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x
dasd-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x
ext4-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x
ext4-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x
fat-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x
fat-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x
fuse-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x
fuse-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x
isofs-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x
isofs-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x
kernel-image-4.9.0-10-s390x-di | 4.9.185-1 | s390x
kernel-image-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x
linux-headers-4.9.0-10-all-s390x | 4.9.185-1 | s390x
linux-headers-4.9.0-10-s390x | 4.9.185-1 | s390x
linux-headers-4.9.0-9-all-s390x | 4.9.168-1+deb9u3 | s390x
linux-headers-4.9.0-9-s390x | 4.9.168-1+deb9u3 | s390x
linux-image-4.9.0-10-s390x | 4.9.185-1 | s390x
linux-image-4.9.0-10-s390x-dbg | 4.9.185-1 | s390x
linux-image-4.9.0-9-s390x | 4.9.168-1+deb9u3 | s390x
linux-image-4.9.0-9-s390x-dbg | 4.9.168-1+deb9u3 | s390x
loop-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x
loop-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x
md-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x
md-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x
multipath-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x
multipath-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x
nbd-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x
nbd-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x
nic-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x
nic-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x
scsi-core-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x
scsi-core-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x
scsi-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x
scsi-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x
udf-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x
udf-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x
virtio-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x
virtio-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x
xfs-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x
xfs-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x
zlib-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x
zlib-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
linux-headers-4.9.0-10-all | 4.9.185-1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
linux-headers-4.9.0-9-all | 4.9.168-1+deb9u3 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
rust-doc | 1.14.0+dfsg1-3 | all
Maintainer: Rust Maintainers <pkg-rust-maintainers@lists.alioth.debian.org>
Will also close bugs: 928423
------------------- Reason -------------------
RoQA; outdated cruft package
----------------------------------------------
teeworlds | 0.6.5+dfsg-1~deb9u1 | source, amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
teeworlds-data | 0.6.5+dfsg-1~deb9u1 | all
teeworlds-server | 0.6.5+dfsg-1~deb9u1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
Maintainer: Debian Games Team <pkg-games-devel@lists.alioth.debian.org>
Will also close bugs: 935596
------------------- Reason -------------------
RoST; security issues; incompatible with current servers
----------------------------------------------
pump | 0.8.24-7 | source
pump | 0.8.24-7+b2 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
Maintainer: Philippe Coval <rzr@gna.org>
Will also close bugs: 938932
------------------- Reason -------------------
RoST; unmaintained; security issues
----------------------------------------------
=========================================================================
apache2 (2.4.25-3+deb9u8) stretch-security; urgency=high
.
[ Xavier Guimard ]
* Add patch to limit cross-site scripting in mod_proxy (Closes: CVE-2019-10092)
* Import http2 modules from 2.4.41 (Closes: CVE-2019-9517, CVE-2019-10082, CVE-2019-10081)
* Add patch to set PCRE_DOTALL by default (Closes: CVE-2019-10098)
.
[ Stefan Fritsch ]
* Add -Werror=implicit-function-declaration to compile options to catch
problems with backports.
atftp (0.7.git20120829-3.1~deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Rebuild for stretch-security.
.
atftp (0.7.git20120829-3.1) unstable; urgency=high
.
* Non-maintainer upload.
* Fix concurrency issue denial of service (CVE-2019-11366) (Closes: #927553)
* Fix error handler stack overflow (CVE-2019-11365) (Closes: #927553)
base-files (9.9+deb9u10) stretch; urgency=medium
.
* Change /etc/debian_version to 9.10, for Debian 9.10 point release.
* Add VERSION_CODENAME to os-release. Closes: #829245. Please note
that this is only for stable releases.
basez (1.6-3+deb9u1) stretch; urgency=medium
.
* Properly decode base64url encoded strings (closes: #931041)
bind9 (1:9.10.3.dfsg.P4-12.3+deb9u5) stretch-security; urgency=high
.
[ Marc Deslauriers (Ubuntu) ]
* CVE-2018-5743: limiting simultaneous TCP clients is ineffective.
Thanks to Marc Deslauriers of Ubuntu (Closes: #927932)
.
[ Ondřej Surý ]
* Sync Maintainer and Uploaders with unstable
* [CVE-2019-6465]: Zone transfer for DLZs are executed though not
permitted by ACLs. (Closes: #922955)
* [CVE-2018-5745]: Avoid assertion and thus causing named to
deliberately exit when a trust anchor's key is replaced with a key
which uses an unsupported algorithm. (Closes: #922954)
biomaj-watcher (1.2.2-4+deb9u1) stretch; urgency=medium
.
* Bump (Build-)Depends to default-jdk (>= 2:1.8) (aka openjdk-8). Prevent
partial upgrades from jessie (openjdk-7): biomaj-watcher needs to be run
with the same jdk version that was used for building. (Closes: #866980)
c-icap-modules (1:0.4.4-1+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Add support for clamav 0.101.1 (Closes: #919814).
chaosreader (0.96-2+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Added libnet-dns-perl to Depends field. (Closes: #890589)
clamav (0.101.4+dfsg-0+deb9u1) stretch; urgency=medium
.
* Import 0.101.4 (Closes: 921190)
- CVE-2019-12625 (Add scan time limit to limit the processing zip-bombs)
(Closes:934359)
- CVE-2019-12900 (An out of bounds write was possible within ClamAV's
NSIS bzip)
- update symbols file (bump to 101.4 and drop unused cli_strnstr).
clamav (0.101.2+dfsg-3) unstable; urgency=medium
.
* Cherry-pick a fix from 0.101.3 to address a vulnerability to
non-recursive zip bombs.
clamav (0.101.2+dfsg-2) unstable; urgency=medium
.
* Remove python from build-depends:
- Only needed for llvm, which is currently (and probably permanently)
disabled
- Support python2 removal, if this comes back, it will need to be python3
clamav (0.101.2+dfsg-1+deb10u1) buster; urgency=medium
.
* Cherry-pick a fix from 0.101.3 to address a vulnerability to
non-recursive zip bombs.
clamav (0.101.2+dfsg-1) unstable; urgency=high
.
* Import 0.101.2
- CVE-2019-1787 (An out-of-bounds heap read condition may occur when
scanning PDF documents)
- CVE-2019-1789 (An out-of-bounds heap read condition may occur when
scanning PE files)
- CVE-2019-1788 (An out-of-bounds heap write condition may occur when
scanning OLE2 files)
- CVE-2019-1786 (An out-of-bounds heap read condition may occur when
scanning malformed PDF documents)
- CVE-2019-1785 (A path-traversal write condition may occur as a result of
improper input validation when scanning RAR archives)
- CVE-2019-1798 (A use-after-free condition may occur as a result of
improper error handling when scanning nested RAR archives)
- update symbols file
- Remove DetectBrokenExecutables option from clamd template, it is
deprecated.
* Drop the dbgsym migration line.
* Bump standards-version to 4.3.0 without further change
clamav (0.101.2+dfsg-0+deb9u1) stretch; urgency=medium
.
* Import 0.101.2
- CVE-2019-1787 (An out-of-bounds heap read condition may occur when
scanning PDF documents)
- CVE-2019-1789 (An out-of-bounds heap read condition may occur when
scanning PE files)
- CVE-2019-1788 (An out-of-bounds heap write condition may occur when
scanning OLE2 files)
- CVE-2019-1786 (An out-of-bounds heap read condition may occur when
scanning malformed PDF documents)
- CVE-2019-1785 (A path-traversal write condition may occur as a result of
improper input validation when scanning RAR archives)
- CVE-2019-1798 (A use-after-free condition may occur as a result of
improper error handling when scanning nested RAR archives)
- update symbols file
- Remove DetectBrokenExecutables option from clamd template, it is
deprecated.
clamav (0.101.1+dfsg-3) unstable; urgency=medium
.
* Upload to unstable.
clamav (0.101.1+dfsg-2) experimental; urgency=medium
.
[ Scott Kitterman ]
* Add information to README.Debian on configuring clamav-milter's socket to
work with postfix
.
[ Sebastian Andrzej Siewior ]
* debian/libclamav-dev.install: also install clamav-types.h
clamav (0.101.1+dfsg-1) experimental; urgency=medium
.
[ Scott Kitterman ]
* Update debian/copyright
* Add Build-Depends-Package to libclamav9.symbols
* Update clamav-docs.doc-base for re-organized documentation
* Add lintian override for source-is-missing on test file that happens
to have long line length
* Drop build-depends on electric-fence, upstream no longer ships the
relevant tests that used it
.
[ Sebastian Andrzej Siewior ]
* Import 0.101.1
- update symbol file
- add back the json/curl configure options (don't rely on autodetect).
* Add abstractions/openssl to apparmor's profile. Thanks to intrigeri for
the help (Closes: #913020).
* Load the apparmor profile before starting the daemon. Thanks to intrigeri
for the help (Closes: #903834).
* Add attach_disconnected to freshclam's apparmor profile to hopefully get
it properly working in overlayfs enviroment. Thanks to Vincas Dargis
(Closes: #917648).
clamav (0.101.0+dfsg-1) experimental; urgency=medium
.
[ Scott Kitterman ]
* Increase clamd socket command read timeout to 30 seconds (Closes: #915098)
.
[ Sebastian Andrzej Siewior ]
* Import new upstream release.
- update symbol file.
- add new options to the config file.
- package libclamav9
corekeeper (1.7~deb9u1) stretch; urgency=medium
.
* Backport security hardening fixes to stretch
.
corekeeper (1.7) unstable; urgency=medium
.
* Do not use a world-writable /var/crash with the dumper script
and fix the permissions on upgrade as dpkg doesn't do that.
(Closes: #924397) (See-also: #515211)
* Handle older versions of the Linux kernel in a safer way
(Closes: #924398)
* Harden ownership determination and core file names
* Do not truncate core names for executables with spaces
* Update VCS URLs from alioth to salsa
cups (2.2.1-8+deb9u4) stretch; urgency=low
.
* Fix multiple security/disclosure issues (Closes: #934957)
- CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows
- Fixed IPP buffer overflow
- Fixed memory disclosure issue in the scheduler
- Fixed DoS issues in the scheduler
cups-filters (1.11.6-3+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* foomatic-rip: Changed Ghostscript call to count pages in a PDF file to use
"runpdfbegin" and not the undocumented Ghostscript internal "pdfdict".
(Closes: #926576, #928936)
cyrus-imapd (2.5.10-3+deb9u1) stretch-security; urgency=high
.
* Add patch to fix arbitrary code execution via CalDAV
(Closes: CVE-2019-11356)
dansguardian (2.10.1.1-5.1+deb9u2) stretch; urgency=medium
.
* Non-maintainer upload.
* Add support for clamav 0.101 (Closes: #923981).
dbus (1.10.28-0+deb9u1) stretch-security; urgency=medium
.
* New upstream stable release
- CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
authentication for identities that differ from the user running the
DBusServer. Previously, a local attacker could manipulate symbolic
links in their own home directory to bypass authentication and
connect to a DBusServer with elevated privileges. The standard
system and session dbus-daemons in their default configuration were
immune to this attack because they did not allow DBUS_COOKIE_SHA1,
but third-party users of DBusServer such as Upstart could be
vulnerable.
- Prevent reading up to 3 bytes beyond the end of a truncated message.
This could in principle be an information leak or denial of service
on the system bus, but is not believed to be exploitable to crash
the system bus or leak interesting information in practice.
- Stop the dbus-daemon leaking memory (an error message) if delivering
the message that triggered auto-activation is forbidden. This is
technically a denial of service because the dbus-daemon will
run out of memory eventually, but it's a very slow and noisy one,
because all the rejected messages are also very likely to have
been logged to the system log, and its scope is typically limited by
the finite number of activatable services available.
- Remove __attribute__((__malloc__)) attribute on dbus_realloc(),
which does not meet the criteria for that attribute in gcc 4.7+,
potentially leading to miscompilation.
- Fix build with gcc 8 -Werror=cast-function-type
- Fix warning from gcc 8 about suspicious use of strncpy() when
populating struct sockaddr_un
- Fix installation of Ducktype documentation with newer yelp-build
versions
* d/control: Update Vcs-Git, Vcs-Browser
debian-archive-keyring (2017.5+deb9u1) stretch; urgency=medium
.
* Team upload.
.
[ Philipp Kern ]
* Remove Wheezy's keys (automatic and stable release).
(Closes: #901320)
.
[ Adam D. Barratt ]
* Add Vcs-* headers.
* Ensure fragments for Wheezy keys are removed.
.
[ Jonathan Wiltshire ]
* Add my own key to the team-members keyring
* Add Debian Stable Release key (10/buster) (ID: DCC9EFBF77E11517)
(Closes: #917536)
* Add Debian Archive Automatic Signing Key (10/buster)
(ID: BCDDDC30D7C23CBBABEE) and Debian Security Archive Automatic
Signing Key (10/buster) (ID: C5FF4DFAB270CAA96DFA)
(Closes: #917535)
debian-installer (20170615+deb9u7) stretch; urgency=medium
.
[ Samuel Thibault ]
* Keep grub resolution in EFI boot, to avoid tiny fonts (closes: #910227).
.
[ Julien Cristau ]
* Bump linux ABI to 4.9.0-11.
debian-installer-netboot-images (20170615+deb9u7) stretch; urgency=medium
.
* Update to 20170615+deb9u7 images, from stretch-proposed-updates
dosbox (0.74-4.2+deb9u2) stretch-security; urgency=medium
.
* Apply upstream fixes for two security issues:
- CVE-2019-7165: long lines in batch files would overflow the parsing
buffer;
- CVE-2019-12594: programs running inside DOSBox could access /proc.
Closes: #931222.
dovecot (1:2.2.27-3+deb9u5) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix CVE-2019-11500
- lib-imap: Don't accept strings with NULs
- lib-imap: Make sure str_unescape() won't be writing past allocated
memory
- lib-managesieve: Don't accept strings with NULs
- lib-managesieve: Make sure str_unescape() won't be writing past
allocated memory
drupal7 (7.52-2+deb9u9) stretch-security; urgency=high
.
* SA-CORE-2019-006: Fixes bundled library's insecure management of
deserialization (Closes: #928688)
evolution (3.22.6-1+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2018-15587: backport patches to mitigate possible signature/encryption
spoofing in PGP encrypted mail. (Closes: #924616)
+ [GPG] Mails that are not encrypted look encrypted
+ Show security bar above message headers
exim4 (4.89-2+deb9u5) stretch-security; urgency=high
.
* Fix remote command execution vulnerability related to
"${sort}"-expansion. CVE-2019-13917 OVE-20190718-0006
exim4 (4.89-2+deb9u4) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix remote command execution vulnerability (CVE-2019-10149)
expat (2.2.0-2+deb9u2) stretch-security; urgency=high
.
* Fix extraction of namespace prefix from XML name (CVE-2018-20843)
(closes: #931031).
fence-agents (4.0.25-1+deb9u1) stretch; urgency=medium
.
* fence_rhevm: add patch for CVE-2019-10153 (Closes: #930887)
ffmpeg (7:3.2.14-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release(s).
- avcodec/htmlsubtitles: Fixes denial of service due to use
of sscanf in inner loop for handling braces (CVE-2019-9718)
- avcodec/hevcdec: Avoid only partly skiping duplicate first slices
(CVE-2019-11338)
- avformat/asfdec_o: Check size_bmp more fully (CVE-2018-1999011)
- avformat/flvenc: Check audio packet size (CVE-2018-15822)
fig2dev (1:3.2.6a-2+deb9u2) stretch; urgency=medium
.
* 40_circle_arrowhead: Do not segfault on circle/half circle arrowheads
with a magnification larger 42. This fixes CVE-2019-14275.
(Closes: #933075).
* Adapt salsa CI pipeline to stretch release.
firefox-esr (60.7.1esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2019-18, also known as CVE-2019-11707.
firefox-esr (60.7.0esr-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2019-14, also known as:
CVE-2019-9816, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820,
CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-7317,
CVE-2019-9797, CVE-2018-18511, CVE-2019-11698, CVE-2019-5798,
CVE-2019-9800.
.
* debian/rules: Avoid rust build errors with newer versions of rustc by
capping lints to warnings.
firefox-esr (60.7.0esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2019-14, also known as:
CVE-2019-9816, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820,
CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-7317,
CVE-2019-9797, CVE-2018-18511, CVE-2019-11698, CVE-2019-5798,
CVE-2019-9800.
.
* debian/rules: Avoid rust build errors with newer versions of rustc by
capping lints to warnings.
firefox-esr (60.6.3esr-1) unstable; urgency=medium
.
* New upstream release.
- Additional fixes for addon signature validation.
firefox-esr (60.6.3esr-1~deb9u1) stretch; urgency=medium
.
* New upstream release.
- Additional fixes for addon signature validation.
firefox-esr (60.6.2esr-1) unstable; urgency=medium
.
* New upstream release.
- Fixes issues with addon signature validation. Closes: #928415, #928449.
Note: this didn't affect addons installed via Debian packages.
firefox-esr (60.6.2esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
- Fixes issues with addon signature validation. Closes: #928415, #928449.
Note: this didn't affect addons installed via Debian packages.
firefox-esr (60.6.1esr-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2019-10, also known as:
CVE-2019-9810, CVE-2019-9813.
fribidi (0.19.7-1+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* libfribidi0-udeb: Fix right-to-left output in textual version of
d-i by installing the shared library files into a multi-arch libdir
(Closes: #917909).
fusiondirectory (1.0.19-1+deb9u1) stretch; urgency=medium
.
* debian/patches:
+ Add 0001_CVE-2019-11187_stricter-ldap-error-check.patch.
Perform stricter check on LDAP success/failure (CVE-2019-11187).
* debian/control:
+ Add to D (fusiondirectory): php-xml. (Closes: #931959).
gettext (0.19.8.1-2+deb9u1) stretch; urgency=medium
.
* Stop xgettext() from crashing when run with --its=FILE option.
Patch taken from Debian 10, which in turn was extracted from
upstream git. Should help the inkscape project. Closes: #891347.
See https://gitlab.com/inkscape/inkscape/issues/271 for details.
ghostscript (9.26a~dfsg-0+deb9u4) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* protect use of .forceput with executeonly (CVE-2019-10216)
ghostscript (9.26a~dfsg-0+deb9u3) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Hide pdfdict and GS_PDF_ProcSet (internal stuff for the PDF interp)
(CVE-2019-3839)
* Fix lib/pdf2dsc.ps to use documented Ghostscript pdf procedures
glib2.0 (2.50.3-2+deb9u1) stretch; urgency=medium
.
* Team upload
* d/gbp.conf: Add GNOME team configuration
* d/p/gfile-Limit-access-to-files-when-copying.patch:
When copying files, give the temporary partial copy of the file
suitably restrictive permissions (Closes: #929753; CVE-2019-12450)
* d/p/keyfile-settings-Use-tighter-permissions.patch:
Create directory and file with restrictive permissions when using the
GKeyfileSettingsBackend. Mitigation: in this version of GLib, the
GKeyfileSettingsBackend can only be used explicitly by code, and is
never selected automatically. (Closes: #931234; CVE-2019-13012)
* d/p/gmarkup-Fix-unvalidated-UTF-8-read-in-markup-parsing-erro.patch,
d/p/gmarkup-Avoid-reading-off-the-end-of-a-buffer-when-non-nu.patch:
Avoid buffer read overrun when formatting error messages for invalid
UTF-8 in GMarkup (CVE-2018-16429)
* d/p/gmarkup-Fix-crash-in-error-handling-path-for-closing-elem.patch:
Avoid NULL dereference when parsing invalid GMarkup with a malformed
closing tag not paired with an opening tag (CVE-2018-16429)
gocode (20150303-3+deb9u2) stretch; urgency=medium
.
* Non-maintainer upload.
* gocode-auto-complete-el: Make Pre-Depends: auto-complete-el versioned to
fix upgrades from jessie to stretch.
groonga (6.1.5-1+deb9u1) stretch; urgency=medium
.
* debian/groonga-httpd.logrotate
debian/groonga-server-gqtp.logrotate
- Mitigate privilege escalation by changing the owner and group of logs
with "su" option. Reported by Wolfgang Hotwagner.
(Closes: #928304) (CVE-2019-11675)
grub2 (2.02~beta3-5+deb9u2) stretch; urgency=medium
.
* Cherry-pick upstream patches for Xen UEFI support (closes: #930028):
- i386/relocator: Add grub_relocator64_efi relocator
- multiboot2: Add tags used to pass ImageHandle to loaded image
- multiboot2: Do not pass memory maps to image if EFI boot services are
enabled
- multiboot2: Add support for relocatable images
- Use grub-file to figure out whether multiboot2 should be used for
Xen.gz
gsoap (2.8.35-4+deb9u2) stretch; urgency=medium
.
* Fix for CVE-2019-7659
Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a
denial of service (application abort) or possibly have unspecified other
impact if a server application is built with the -DWITH_COOKIES flag. This
affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++
libraries, as these are built with that flag.
* Fix issue with DIME protocol receiver and malformed DIME headers
This patch addresses a critical issue with the DIME protocol receiver that
may cause the receiver to become unresponsive when a malformed DIME
protocol message is received. -- https://www.genivia.com/advisory.html
gst-plugins-base1.0 (1.10.4-1+deb9u1) stretch-security; urgency=medium
.
* CVE-2019-9928 (Closes: #927978)
gthumb (3:3.4.4.1-5+deb9u1) stretch; urgency=medium
.
* debian/patches/
- cve-2018-18718.patch file (Closes: #912290)
CVE-2018-18718 - CWE-415: Double Free
The product calls free() twice on the same memory address, potentially
leading to modification of unexpected memory locations.
.
There is a suspected double-free bug with
static void add_themes_from_dir() dlg-contact-sheet.c. This method
involves two successive calls of g_free(buffer) (line 354 and 373),
and is likely to cause double-free of the buffer. One possible fix
could be directly assigning the buffer to NULL after the first call
of g_free(buffer). Thanks Tianjun Wu
https://gitlab.gnome.org/GNOME/gthumb/issues/18
havp (0.92a-4+deb9u1) stretch; urgency=medium
.
* Add support for clamav 0.101 (Closes: #920865).
* Bump libclamav-dev build-depends to match
heimdal (7.1.0+dfsg-13+deb9u3) stretch-security; urgency=medium
.
* CVE-2018-16860: Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum.
Closes: #928966.
* CVE-2019-12098: Always confirm PA-PKINIT-KX for anon PKINIT.
Closes: #929064.
* Update test certificates to pre 2038 expiry.
icu (57.1-6+deb9u3) stretch; urgency=medium
.
* Fix pkgdata command segfault (closes: #893009).
imagemagick (8:6.9.7.4+dfsg-11+deb9u7) stretch-security; urgency=medium
.
* CVE-2019-10650 (Closes: #926091)
* CVE-2019-9956 (Closes: #925395)
intel-microcode (3.20190618.1~deb9u1) stretch-security; urgency=medium
.
* Rebuild for stretch-security (no changes)
* Refer to DSA 4447-1 for details
.
intel-microcode (3.20190618.1) unstable; urgency=medium
.
* New upstream microcode datafile 20190618
+ SECURITY UPDATE
Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
for Sandybridge server and Core-X processors
+ Updated Microcodes:
sig 0x000206d6, pf_mask 0x6d, 2019-05-21, rev 0x061f, size 18432
sig 0x000206d7, pf_mask 0x6d, 2019-05-21, rev 0x0718, size 19456
* Add some missing (minor) changelog entries to 3.20190514.1
* Reformat 3.20190514.1 changelog entry to match rest of changelog
intel-microcode (3.20190514.1) unstable; urgency=high
.
* New upstream microcode datafile 20190514
* SECURITY UPDATE
Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
* New Microcodes:
sig 0x00030678, pf_mask 0x02, 2019-04-22, rev 0x0838, size 52224
sig 0x00030678, pf_mask 0x0c, 2019-04-22, rev 0x0838, size 52224
sig 0x00030679, pf_mask 0x0f, 2019-04-23, rev 0x090c, size 52224
sig 0x000406c3, pf_mask 0x01, 2019-04-23, rev 0x0368, size 69632
sig 0x000406c4, pf_mask 0x01, 2019-04-23, rev 0x0411, size 68608
sig 0x00050657, pf_mask 0xbf, 2019-02-27, rev 0x5000021, size 47104
* Updated Microcodes:
sig 0x000206a7, pf_mask 0x12, 2019-02-17, rev 0x002f, size 12288
sig 0x000306a9, pf_mask 0x12, 2019-02-13, rev 0x0021, size 14336
sig 0x000306c3, pf_mask 0x32, 2019-02-26, rev 0x0027, size 23552
sig 0x000306d4, pf_mask 0xc0, 2019-03-07, rev 0x002d, size 19456
sig 0x000306e4, pf_mask 0xed, 2019-03-14, rev 0x042e, size 16384
sig 0x000306e7, pf_mask 0xed, 2019-03-14, rev 0x0715, size 17408
sig 0x000306f2, pf_mask 0x6f, 2019-03-01, rev 0x0043, size 34816
sig 0x000306f4, pf_mask 0x80, 2019-03-01, rev 0x0014, size 18432
sig 0x00040651, pf_mask 0x72, 2019-02-26, rev 0x0025, size 21504
sig 0x00040661, pf_mask 0x32, 2019-02-26, rev 0x001b, size 25600
sig 0x00040671, pf_mask 0x22, 2019-03-07, rev 0x0020, size 14336
sig 0x000406e3, pf_mask 0xc0, 2019-04-01, rev 0x00cc, size 100352
sig 0x000406f1, pf_mask 0xef, 2019-03-02, rev 0xb000036, size 30720
sig 0x00050654, pf_mask 0xb7, 2019-04-02, rev 0x200005e, size 32768
sig 0x00050662, pf_mask 0x10, 2019-03-23, rev 0x001a, size 32768
sig 0x00050663, pf_mask 0x10, 2019-03-23, rev 0x7000017, size 24576
sig 0x00050664, pf_mask 0x10, 2019-03-23, rev 0xf000015, size 23552
sig 0x00050665, pf_mask 0x10, 2019-03-23, rev 0xe00000d, size 19456
sig 0x000506c9, pf_mask 0x03, 2019-01-15, rev 0x0038, size 17408
sig 0x000506ca, pf_mask 0x03, 2019-03-01, rev 0x0016, size 15360
sig 0x000506e3, pf_mask 0x36, 2019-04-01, rev 0x00cc, size 100352
sig 0x000506f1, pf_mask 0x01, 2019-03-21, rev 0x002e, size 11264
sig 0x000706a1, pf_mask 0x01, 2019-01-02, rev 0x002e, size 73728
sig 0x000806e9, pf_mask 0x10, 2019-04-01, rev 0x00b4, size 98304
sig 0x000806e9, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
sig 0x000806ea, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
sig 0x000806eb, pf_mask 0xd0, 2019-03-30, rev 0x00b8, size 98304
sig 0x000806ec, pf_mask 0x94, 2019-03-30, rev 0x00b8, size 97280
sig 0x000906e9, pf_mask 0x2a, 2019-04-01, rev 0x00b4, size 99328
sig 0x000906ea, pf_mask 0x22, 2019-04-01, rev 0x00b4, size 98304
sig 0x000906eb, pf_mask 0x02, 2019-04-01, rev 0x00b4, size 99328
sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
sig 0x000906ed, pf_mask 0x22, 2019-03-17, rev 0x00b8, size 97280
intel-microcode (3.20190514.1~deb9u1) stretch-security; urgency=high
.
* Rebuild for stretch-security (no changes)
.
intel-microcode (3.20190514.1) unstable; urgency=high
.
* New upstream microcode datafile 20190514
* SECURITY UPDATE
Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
* New Microcodes:
sig 0x00030678, pf_mask 0x02, 2019-04-22, rev 0x0838, size 52224
sig 0x00030678, pf_mask 0x0c, 2019-04-22, rev 0x0838, size 52224
sig 0x00030679, pf_mask 0x0f, 2019-04-23, rev 0x090c, size 52224
sig 0x000406c3, pf_mask 0x01, 2019-04-23, rev 0x0368, size 69632
sig 0x000406c4, pf_mask 0x01, 2019-04-23, rev 0x0411, size 68608
sig 0x00050657, pf_mask 0xbf, 2019-02-27, rev 0x5000021, size 47104
* Updated Microcodes:
sig 0x000206a7, pf_mask 0x12, 2019-02-17, rev 0x002f, size 12288
sig 0x000306a9, pf_mask 0x12, 2019-02-13, rev 0x0021, size 14336
sig 0x000306c3, pf_mask 0x32, 2019-02-26, rev 0x0027, size 23552
sig 0x000306d4, pf_mask 0xc0, 2019-03-07, rev 0x002d, size 19456
sig 0x000306e4, pf_mask 0xed, 2019-03-14, rev 0x042e, size 16384
sig 0x000306e7, pf_mask 0xed, 2019-03-14, rev 0x0715, size 17408
sig 0x000306f2, pf_mask 0x6f, 2019-03-01, rev 0x0043, size 34816
sig 0x000306f4, pf_mask 0x80, 2019-03-01, rev 0x0014, size 18432
sig 0x00040651, pf_mask 0x72, 2019-02-26, rev 0x0025, size 21504
sig 0x00040661, pf_mask 0x32, 2019-02-26, rev 0x001b, size 25600
sig 0x00040671, pf_mask 0x22, 2019-03-07, rev 0x0020, size 14336
sig 0x000406e3, pf_mask 0xc0, 2019-04-01, rev 0x00cc, size 100352
sig 0x000406f1, pf_mask 0xef, 2019-03-02, rev 0xb000036, size 30720
sig 0x00050654, pf_mask 0xb7, 2019-04-02, rev 0x200005e, size 32768
sig 0x00050662, pf_mask 0x10, 2019-03-23, rev 0x001a, size 32768
sig 0x00050663, pf_mask 0x10, 2019-03-23, rev 0x7000017, size 24576
sig 0x00050664, pf_mask 0x10, 2019-03-23, rev 0xf000015, size 23552
sig 0x00050665, pf_mask 0x10, 2019-03-23, rev 0xe00000d, size 19456
sig 0x000506c9, pf_mask 0x03, 2019-01-15, rev 0x0038, size 17408
sig 0x000506ca, pf_mask 0x03, 2019-03-01, rev 0x0016, size 15360
sig 0x000506e3, pf_mask 0x36, 2019-04-01, rev 0x00cc, size 100352
sig 0x000506f1, pf_mask 0x01, 2019-03-21, rev 0x002e, size 11264
sig 0x000706a1, pf_mask 0x01, 2019-01-02, rev 0x002e, size 73728
sig 0x000806e9, pf_mask 0x10, 2019-04-01, rev 0x00b4, size 98304
sig 0x000806e9, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
sig 0x000806ea, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
sig 0x000806eb, pf_mask 0xd0, 2019-03-30, rev 0x00b8, size 98304
sig 0x000806ec, pf_mask 0x94, 2019-03-30, rev 0x00b8, size 97280
sig 0x000906e9, pf_mask 0x2a, 2019-04-01, rev 0x00b4, size 99328
sig 0x000906ea, pf_mask 0x22, 2019-04-01, rev 0x00b4, size 98304
sig 0x000906eb, pf_mask 0x02, 2019-04-01, rev 0x00b4, size 99328
sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
sig 0x000906ed, pf_mask 0x22, 2019-03-17, rev 0x00b8, size 97280
.
intel-microcode (3.20190312.1) unstable; urgency=medium
.
* New upstream microcode datafile 20190312
+ Removed Microcodes:
sig 0x00050653, pf_mask 0x97, 2018-01-29, rev 0x1000140, size 30720
+ New Microcodes:
sig 0x000806e9, pf_mask 0x10, 2018-10-18, rev 0x009e, size 98304
sig 0x000806eb, pf_mask 0xd0, 2018-10-25, rev 0x00a4, size 99328
sig 0x000806ec, pf_mask 0x94, 2019-02-12, rev 0x00b2, size 98304
sig 0x000906ec, pf_mask 0x22, 2018-09-29, rev 0x00a2, size 98304
sig 0x000906ed, pf_mask 0x22, 2019-02-04, rev 0x00b0, size 97280
+ Updated Microcodes:
sig 0x000306f2, pf_mask 0x6f, 2018-11-20, rev 0x0041, size 34816
sig 0x000306f4, pf_mask 0x80, 2018-11-06, rev 0x0013, size 17408
sig 0x00050654, pf_mask 0xb7, 2019-01-28, rev 0x200005a, size 33792
sig 0x00050662, pf_mask 0x10, 2018-12-06, rev 0x0019, size 32768
sig 0x00050663, pf_mask 0x10, 2018-12-06, rev 0x7000016, size 23552
sig 0x00050664, pf_mask 0x10, 2018-11-17, rev 0xf000014, size 23552
sig 0x00050665, pf_mask 0x10, 2018-11-17, rev 0xe00000c, size 19456
sig 0x000506c9, pf_mask 0x03, 2018-09-14, rev 0x0036, size 17408
sig 0x000506ca, pf_mask 0x03, 2018-09-20, rev 0x0010, size 15360
sig 0x000706a1, pf_mask 0x01, 2018-09-21, rev 0x002c, size 73728
sig 0x000806e9, pf_mask 0xc0, 2018-07-16, rev 0x009a, size 98304
sig 0x000806ea, pf_mask 0xc0, 2018-10-18, rev 0x009e, size 98304
sig 0x000906e9, pf_mask 0x2a, 2018-07-16, rev 0x009a, size 98304
sig 0x000906ea, pf_mask 0x22, 2018-12-12, rev 0x00aa, size 98304
sig 0x000906eb, pf_mask 0x02, 2018-12-12, rev 0x00aa, size 99328
intel-microcode (3.20190312.1) unstable; urgency=medium
.
* New upstream microcode datafile 20190312
+ Removed Microcodes:
sig 0x00050653, pf_mask 0x97, 2018-01-29, rev 0x1000140, size 30720
+ New Microcodes:
sig 0x000806e9, pf_mask 0x10, 2018-10-18, rev 0x009e, size 98304
sig 0x000806eb, pf_mask 0xd0, 2018-10-25, rev 0x00a4, size 99328
sig 0x000806ec, pf_mask 0x94, 2019-02-12, rev 0x00b2, size 98304
sig 0x000906ec, pf_mask 0x22, 2018-09-29, rev 0x00a2, size 98304
sig 0x000906ed, pf_mask 0x22, 2019-02-04, rev 0x00b0, size 97280
+ Updated Microcodes:
sig 0x000306f2, pf_mask 0x6f, 2018-11-20, rev 0x0041, size 34816
sig 0x000306f4, pf_mask 0x80, 2018-11-06, rev 0x0013, size 17408
sig 0x00050654, pf_mask 0xb7, 2019-01-28, rev 0x200005a, size 33792
sig 0x00050662, pf_mask 0x10, 2018-12-06, rev 0x0019, size 32768
sig 0x00050663, pf_mask 0x10, 2018-12-06, rev 0x7000016, size 23552
sig 0x00050664, pf_mask 0x10, 2018-11-17, rev 0xf000014, size 23552
sig 0x00050665, pf_mask 0x10, 2018-11-17, rev 0xe00000c, size 19456
sig 0x000506c9, pf_mask 0x03, 2018-09-14, rev 0x0036, size 17408
sig 0x000506ca, pf_mask 0x03, 2018-09-20, rev 0x0010, size 15360
sig 0x000706a1, pf_mask 0x01, 2018-09-21, rev 0x002c, size 73728
sig 0x000806e9, pf_mask 0xc0, 2018-07-16, rev 0x009a, size 98304
sig 0x000806ea, pf_mask 0xc0, 2018-10-18, rev 0x009e, size 98304
sig 0x000906e9, pf_mask 0x2a, 2018-07-16, rev 0x009a, size 98304
sig 0x000906ea, pf_mask 0x22, 2018-12-12, rev 0x00aa, size 98304
sig 0x000906eb, pf_mask 0x02, 2018-12-12, rev 0x00aa, size 99328
intel-microcode (3.20190312.1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports (no changes)
.
intel-microcode (3.20190312.1) unstable; urgency=medium
.
* New upstream microcode datafile 20190312
+ Removed Microcodes:
sig 0x00050653, pf_mask 0x97, 2018-01-29, rev 0x1000140, size 30720
+ New Microcodes:
sig 0x000806e9, pf_mask 0x10, 2018-10-18, rev 0x009e, size 98304
sig 0x000806eb, pf_mask 0xd0, 2018-10-25, rev 0x00a4, size 99328
sig 0x000806ec, pf_mask 0x94, 2019-02-12, rev 0x00b2, size 98304
sig 0x000906ec, pf_mask 0x22, 2018-09-29, rev 0x00a2, size 98304
sig 0x000906ed, pf_mask 0x22, 2019-02-04, rev 0x00b0, size 97280
+ Updated Microcodes:
sig 0x000306f2, pf_mask 0x6f, 2018-11-20, rev 0x0041, size 34816
sig 0x000306f4, pf_mask 0x80, 2018-11-06, rev 0x0013, size 17408
sig 0x00050654, pf_mask 0xb7, 2019-01-28, rev 0x200005a, size 33792
sig 0x00050662, pf_mask 0x10, 2018-12-06, rev 0x0019, size 32768
sig 0x00050663, pf_mask 0x10, 2018-12-06, rev 0x7000016, size 23552
sig 0x00050664, pf_mask 0x10, 2018-11-17, rev 0xf000014, size 23552
sig 0x00050665, pf_mask 0x10, 2018-11-17, rev 0xe00000c, size 19456
sig 0x000506c9, pf_mask 0x03, 2018-09-14, rev 0x0036, size 17408
sig 0x000506ca, pf_mask 0x03, 2018-09-20, rev 0x0010, size 15360
sig 0x000706a1, pf_mask 0x01, 2018-09-21, rev 0x002c, size 73728
sig 0x000806e9, pf_mask 0xc0, 2018-07-16, rev 0x009a, size 98304
sig 0x000806ea, pf_mask 0xc0, 2018-10-18, rev 0x009e, size 98304
sig 0x000906e9, pf_mask 0x2a, 2018-07-16, rev 0x009a, size 98304
sig 0x000906ea, pf_mask 0x22, 2018-12-12, rev 0x00aa, size 98304
sig 0x000906eb, pf_mask 0x02, 2018-12-12, rev 0x00aa, size 99328
intel-microcode (3.20180807a.2) unstable; urgency=medium
.
* Makefile: unblacklist 0x206c2 (Westmere EP)
According to pragyansri.pathi@intel.com, on message to LP#1795594
on 2018-10-09, we can ship 0x206c2 updates without restrictions.
Also, there are no reports in the field about this update causing
issues (closes: #907402) (LP: #1795594)
jackson-databind (2.8.6-1+deb9u5) stretch-security; urgency=high
.
* Team upload.
* Fix CVE-2018-11307, CVE-2018-12022, CVE-2018-12023, CVE-2018-14718,
CVE-2018-14719, CVE-2018-14720, CVE-2018-14721, CVE-2018-19360,
CVE-2018-19361, CVE-2018-19362 and CVE-2019-12086.
Several deserialization flaws were discovered in jackson-databind which
could allow an unauthenticated user to perform code execution. The issue
was resolved by extending the blacklist and blocking more classes from
polymorphic deserialization.
kconfig (5.28.0-2+deb9u1) stretch-security; urgency=medium
.
* CVE-2019-14744
koji (1.10.0-1+deb9u1) stretch; urgency=medium
.
* Team upload.
* Add patch based on upstream commit bdec8c7399 to fix CVE-2018-1002161, an
SQL injection issue in multiple remote calls. Closes: #922922.
* Add patch based on upstream commit ba7b5a3cbe to fix CVE-2017-1002153, to
properly validate SCM pathes. Closes: #877921.
lemonldap-ng (1.9.7-3+deb9u2) stretch; urgency=medium
.
* Fix CDA regression introduced in 1.9.7-3+deb9u1
* Fix XXE vulnerability (Closes: #931117)
lemonldap-ng (1.9.7-3+deb9u1) stretch-security; urgency=medium
.
* Add patch to fix token security (Closes: #928944, CVE-2019-12046)
libcaca (0.99.beta19-2.1~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
libcaca (0.99.beta19-2.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Cherry-Pick fixes from upstream git repository:
- CVE-2018-20545, CVE-2018-20546, CVE-2018-20547,CVE-2018-20548 and
CVE-2018-20549 (Closes: #917807)
libclamunrar (0.101.2-0+deb9u1) stretch; urgency=high
.
* Import 0.101.2
- CVE-2019-1785 (A path-traversal write condition may occur as a result of
improper input validation when scanning RAR archives)
- CVE-2019-1798 (A use-after-free condition may occur as a result of
improper error handling when scanning nested RAR archives)
libclamunrar (0.101.1-2) unstable; urgency=medium
.
* Upload to unstable.
libclamunrar (0.101.1-1) experimental; urgency=medium
.
* Update to new upstream version.
- ABI changes from 7 to 9, some symbols changed.
* Bumped standards version to 4.3.0 without any changes.
libclamunrar (0.100.1-1) unstable; urgency=medium
.
[ Scott Kitterman ]
* Delete symlinks to files no longer shipped in libclamav7 (Closes: #903792)
.
[ Sebastian Andrzej Siewior ]
* Update to upstream version.
- Buffer over-read in unRAR code due to missing max value checks in table
initialization. Reported by Rui Reis.
libconvert-units-perl (1:0.43-11~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
libconvert-units-perl (1:0.43-11) unstable; urgency=medium
.
* Team upload.
* Re-upload with version bumped to 1:0.43-11 in order to avoid filename
clashes between 1:0.43-2 and the pre-epoch 0.43-2 version.
Thanks: Andreas Beckmann for the bug report.
Closes: #929615
libdatetime-timezone-perl (1:2.09-1+2019b) stretch; urgency=medium
.
* Update to Olson database version 2019b.
This update contains contemporary changes for Brazil and Palestine.
libebml (1.3.4-1+deb9u1) stretch; urgency=medium
.
* debian/patches: Apply upstream fixes for heap-based buffer over-reads.
(CVE-2019-13615) (Closes: #932241)
libevent-rpc-perl (1.08-2+deb9u1) stretch; urgency=medium
.
* Team upload.
* Fix FTBFS due to expired test SSL certificates (Closes: #903124)
libgd2 (2.2.4-2+deb9u5) stretch; urgency=high
.
* Fix CVE-2019-11038: Uninitialized read in gdImageCreateFromXbm
(Closes: #929821)
libgovirt (0.3.4-2+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Regenerate test certificates with expiration date far in the future to
fix test failures (closes: #915270).
libpng1.6 (1.6.28-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Call png_image_free_function without guarding it with png_safe_execute
(CVE-2019-7317) (Closes: #921355)
libpng1.6 (1.6.28-1exp4) experimental; urgency=medium
.
* Override autoreconf due to debhelper bug 844504
libpng1.6 (1.6.28-1exp3) experimental; urgency=medium
.
* No-autoreconf for cmake builds
libpng1.6 (1.6.28-1exp2) experimental; urgency=medium
.
* Readd multiarch patch, it was merged by
upstream on master but not on 1.6 branch
libpng1.6 (1.6.28-1exp1) experimental; urgency=medium
.
* Switch to cmake
librecad (2.1.2-1+deb9u1) stretch; urgency=high
.
* Non-maintainer upload.
* Fix CVE-2018-19105:
A vulnerability was found in LibreCAD, a computer-aided design system,
which could be exploited to crash the application or cause other
unspecified impact when opening a specially crafted file. (Closes: #928477)
libreoffice (1:5.2.7-1+deb9u10) stretch-security; urgency=high
.
* debian/patches/expand-LibreLogo-checks-to-global-events.diff,
debian/patches/decode-url-escape-codes-and-check-each-path-segment.diff:
debian/patches/keep-name-percent-encoded.diff
debian/patches/Properly-obtain-location.diff:
backport from libreoffice-6-3-0 branch - more fixes for CVE-2019-9848 and
CVE-2018-16858
(CVE-2019-9850/CVE-2019-9851)
libreoffice (1:5.2.7-1+deb9u9) stretch-security; urgency=high
.
* debian/patches/More-uses-of-referer-URL-with-SvxBrushItem.diff:
backport patch from libreoffice-6-2 branch to fix CVE-2019-9849
libreoffice (1:5.2.7-1+deb9u8) stretch-security; urgency=high
.
* debian/patches/sanitize-LibreLogo-calls.diff,
debian/patches/explictly-exclude-LibreLogo-from-XScript-usage.diff:
add from git; fixing CVE-2019-9848
libsdl2-image (2.0.1+dfsg-2+deb9u2) stretch; urgency=medium
.
* Non-maintainer upload.
* Multiple security issues (Closes: #932754):
- CVE-2018-3977: buffer overflow in do_layer_surface (IMG_xcf.c).
- CVE-2019-5052: integer overflow and subsequent buffer overflow in
IMG_pcx.c.
- CVE-2019-7635: heap buffer overflow in Blit1to4 (IMG_bmp.c).
- CVE-2019-12216, CVE-2019-12217,
CVE-2019-12218, CVE-2019-12219,
CVE-2019-12220, CVE-2019-12221,
CVE-2019-12222, CVE-2019-5051: OOB R/W in IMG_LoadPCX_RW (IMG_pcx.c).
libthrift-java (0.9.1-2.1~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
libthrift-java (0.9.1-2.1) unstable; urgency=high
.
* Non-maintainer upload.
* Fix CVE-2018-1320:
It was discovered that it was possible to bypass SASL negotiation
isComplete validation in the org.apache.thrift.transport.TSaslTransport
class. An assert used to determine if the SASL handshake had successfully
completed could be disabled in production settings making the validation
incomplete. (Closes: #918736)
libtk-img (1:1.4.6+dfsg-1+deb9u1) stretch; urgency=medium
.
* Switch from the internal copies of Jpeg, Zlib and PixarLog codecs to the
libtiff ones (closes: #931422).
libu2f-host (1.1.2-2+deb9u2) stretch; urgency=medium
.
* Backport fix for CVE-2019-9578 (Closes: #923874)
* Configure git-buildpackage for stretch
libvirt (3.0.0-4+deb9u4) stretch-security; urgency=medium
.
* Fix CVEs related to privilege escalations on R/O connections.
- CVE-2019-10161:
CVE-2019-10161-api-disallow-virDomainSaveImageGetXMLDesc-.patch
- CVE-2019-10167:
api-disallow-virConnectGetDomainCapabilities-on-read-only.patch
* cpu_map: Define md-clear CPUID bit.
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
* Add spec-ctrl and ibpb CPU features and ibrs CPU models.
CVE-2017-5753, CVE-2017-5715
* Add ssbd CPU feature.
CVE-2018-3639
libxslt (1.1.29-2.1+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Fix security framework bypass (CVE-2019-11068) (Closes: #926895, #933743)
* Fix uninitialized read of xsl:number token (CVE-2019-13117)
(Closes: #931321, #933743)
* Fix uninitialized read with UTF-8 grouping chars (CVE-2019-13118)
(Closes: #931320, #933743)
linux (4.9.189-3) stretch; urgency=medium
.
* tcp: fix tcp_rtx_queue_tail in case of empty retransmit queue
linux (4.9.189-2) stretch; urgency=medium
.
[ Salvatore Bonaccorso ]
* xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT
(CVE-2019-15538)
.
[ Ben Hutchings ]
* [s390x] Revert "perf test 6: Fix missing kvm module load for s390"
(fixes FTBFS)
linux (4.9.189-1) stretch; urgency=medium
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.186
- [x86] Input: elantech - enable middle button support on 2 ThinkPads
- mac80211: mesh: fix RCU warning
- mac80211: free peer keys before vif down in mesh
- netfilter: ipv6: nf_defrag: fix leakage of unqueued fragments
- netfilter: ipv6: nf_defrag: accept duplicate fragments again
- [armhf] Input: imx_keypad - make sure keyboard can always wake up system
- [arm64] KVM: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy
- mac80211: only warn once on chanctx_conf being NULL
- md: fix for divide error in status_resync
- bnx2x: Check if transceiver implements DDM before access
- ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL
- net :sunrpc :clnt :Fix xps refcount imbalance on the error path
- udf: Fix incorrect final NOT_ALLOCATED (hole) extent length
- [x86] ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()
- [x86] tls: Fix possible spectre-v1 in do_get_thread_area()
- fscrypt: don't set policy for a dead directory
- USB: serial: ftdi_sio: add ID for isodebug v1
- USB: serial: option: add support for GosunCn ME3630 RNDIS mode
- Revert "serial: 8250: Don't service RX FIFO if interrupts are disabled"
- p54usb: Fix race between disconnect and firmware loading
(CVE-2019-15220)
- usb: gadget: ether: Fix race between gether_disconnect and rx_submit
- [i386] staging: comedi: dt282x: fix a null pointer deref on interrupt
- [x86] staging: comedi: amplc_pci230: fix null pointer deref on interrupt
- carl9170: fix misuse of device driver API
- [x86] VMCI: Fix integer overflow in VMCI handle arrays
- Revert "e1000e: fix cyclic resets at link up with active tx"
- e1000e: start network tx queue only when link is up
- [arm64] crypto: remove accidentally backported files
- perf/core: Fix perf_sample_regs_user() mm check
- [armhf] omap2: remove incorrect __init annotation
- be2net: fix link failure after ethtool offline test
- ppp: mppe: Add softdep to arc4
- sis900: fix TX completion
- dm verity: use message limit for data block corruption message
- [s390x] fix stfle zero padding
- [s390x] qdio: (re-)initialize tiqdio list entries
- [s390x] qdio: don't touch the dsci in tiqdio_add_input_queues()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.187
- [arm64] efi: Mark __efistub_stext_offset as an absolute symbol explicitly
- [armhf] dmaengine: imx-sdma: fix use-after-free on probe error path
- ath10k: Do not send probe response template for mesh
- ath9k: Check for errors when reading SREV register
- ath6kl: add some bounds checking
- ath: DFS JP domain W56 fixed pulse type 3 RADAR detection
- batman-adv: fix for leaked TVLV handler.
- media: dvb: usb: fix use after free in dvb_usb_device_exit
- media: marvell-ccic: fix DMA s/g desc number calculation
- media: media_device_enum_links32: clean a reserved field
- [armhf,arm64] net: stmmac: dwmac1000: Clear unused address entries
- [armhf,arm64] net: stmmac: dwmac4/5: Clear unused address entries
- signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig
- af_key: fix leaks in key_pol_get_resp and dump_sp.
- xfrm: Fix xfrm sel prefix length validation
- media: mc-device.c: don't memset __user pointer contents
- net: phy: Check against net_device being NULL
- tua6100: Avoid build warnings.
- [armhf] media: wl128x: Fix some error handling in
fm_v4l2_init_video_device()
- cpupower : frequency-set -r option misses the last cpu in related cpu
list
- [s390x] qdio: handle PENDING state for QEBSM devices
- perf cs-etm: Properly set the value of 'old' and 'head' in snapshot mode
- [armhf] gpio: omap: fix lack of irqstatus_raw0 for OMAP4
- [armhf] gpio: omap: ensure irq is enabled before wakeup
- regmap: fix bulk writes on paged registers
- bpf: silence warning messages in core
- rcu: Force inlining of rcu_read_lock()
- blkcg, writeback: dead memcgs shouldn't contribute to writeback ownership
arbitration
- xfrm: fix sa selector validation
- perf evsel: Make perf_evsel__name() accept a NULL argument
- vhost_net: disable zerocopy by default
- ipoib: correcly show a VF hardware address
- EDAC/sysfs: Fix memory leak when creating a csrow object
- ipsec: select crypto ciphers for xfrm_algo
- media: i2c: fix warning same module names
- ntp: Limit TAI-UTC offset
- timer_list: Guard procfs specific code
- [arm64] acpi: ignore 5.1 FADTs that are reported as 5.0
- mt7601u: do not schedule rx_tasklet when the device has been disconnected
- mt7601u: fix possible memory leak when the device is disconnected
- ath10k: fix PCIE device wake up failed
- perf tools: Increase MAX_NR_CPUS and MAX_CACHES
- libata: don't request sense data on !ZAC ATA devices
- [armhf] clocksource/drivers/exynos_mct: Increase priority over ARM arch
timer
- rslib: Fix decoding of shortened codes
- rslib: Fix handling of of caller provided syndrome
- ixgbe: Check DDM existence in transceiver before access
- crypto: asymmetric_keys - select CRYPTO_HASH where needed
- EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec
- bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush()
- iwlwifi: mvm: Drop large non sta frames
- net: usb: asix: init MAC address buffers
- gpiolib: Fix references to gpiod_[gs]et_*value_cansleep() variants
- Bluetooth: hci_bcsp: Fix memory leak in rx_skb
- Bluetooth: 6lowpan: search for destination address in all peers
- Bluetooth: Check state in l2cap_disconnect_rsp
- Bluetooth: validate BLE connection interval updates
- gtp: fix Illegal context switch in RCU read-side critical section.
- gtp: fix use-after-free in gtp_newlink()
- crypto: ghash - fix unaligned memory access in ghash_setkey()
- [arm64] crypto: sha1-ce - correct digest for empty data in finup
- [arm64] crypto: sha2-ce - correct digest for empty data in finup
- crypto: chacha20poly1305 - fix atomic sleep when using async algorithm
- [armhf] regulator: s2mps11: Fix buck7 and buck8 wrong voltages
- [arm64] tegra: Update Jetson TX1 GPU regulator timings
- iwlwifi: pcie: don't service an interrupt that was masked
- tracing/snapshot: Resize spare buffer if size changed
- NFSv4: Handle the special Linux file open access mode
- lib/scatterlist: Fix mapping iterator when sg->offset is greater than
PAGE_SIZE
- ALSA: seq: Break too long mutex context in the write loop
- [x86] ALSA: hda/realtek: apply ALC891 headset fixup to one Dell machine
- media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom()
- [x86] KVM: vPMU: refine kvm_pmu err msg when event creation failed
- [arm64] tegra: Fix AGIC register range
- fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys
inodes.
- drm/nouveau/i2c: Enable i2c pads & busses during preinit
- padata: use smp_mb in padata_reorder to avoid orphaned padata jobs
- 9p/virtio: Add cleanup path in p9_virtio_init
- PCI: Do not poll for PME if the device is in D3cold
- Btrfs: add missing inode version, ctime and mtime updates when punching
hole
- libnvdimm/pfn: fix fsdax-mode namespace info-block zero-fields
- take floppy compat ioctls to floppy.c
- [x86] crypto: ccp - Validate the the error value used to index error
messages
- [x86] PCI: hv: Delete the device earlier from hbus->children for hot-
remove
- [x86] PCI: hv: Fix a use-after-free bug in hv_eject_device_work()
- [ppc64el] watchpoint: Restore NV GPRs while returning from exception
- eCryptfs: fix a couple type promotion bugs
- [x86] intel_th: msu: Fix single mode with disabled IOMMU
- Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug
- usb: Handle USB3 remote wakeup for LPM enabled devices correctly
- dm bufio: fix deadlock with loop device
- compiler.h: Add read_word_at_a_time() function.
- ext4: allow directory holes
- bnx2x: Prevent load reordering in tx completion processing
- bnx2x: Prevent ptp_task to be rescheduled indefinitely
- igmp: fix memory leak in igmpv3_del_delrec()
- ipv4: don't set IPv6 only flags to IPv4 addresses
- [armhf] net: dsa: mv88e6xxx: wait after reset deactivation
- net: neigh: fix multiple neigh timer scheduling
- net: openvswitch: fix csum updates for MPLS actions
- nfc: fix potential illegal memory access
- rxrpc: Fix send on a connected, but unbound socket
- [x86] sky2: Disable MSI on ASUS P6T
- vrf: make sure skb->data contains ip header to make routing
- macsec: fix use-after-free of skb during RX
- macsec: fix checksumming after decryption
- netrom: fix a memory leak in nr_rx_frame()
- netrom: hold sock when setting skb->destructor
- bonding: validate ip header before check IPPROTO_IGMP
- tcp: Reset bytes_acked and bytes_received when disconnecting
- net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling
- net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query
- net: bridge: stp: don't cache eth dest pointer before skb pull
- [x86] perf/amd/uncore: Rename 'L2' to 'LLC'
- [x86] perf/amd/uncore: Get correct number of cores sharing last level
cache
- [x86] perf/events/amd/uncore: Fix amd_uncore_llc ID to use pre-defined
cpu_llc_id
- NFSv4: Fix open create exclusive when the server reboots
- nfsd: give out fewer session slots as limit approaches
- nfsd: fix performance-limiting session calculation
- nfsd: Fix overflow causing non-working mounts on 1 TB machines
- [armhf,arm64] drm/panel: simple: Fix panel_simple_dsi_probe
- usb: core: hub: Disable hub-initiated U1/U2
- [armhf] pinctrl: rockchip: fix leaked of_node references
- memstick: Fix error cleanup path of memstick_init
- [arm64] tty: serial: msm_serial: avoid system lockup condition
- serial: 8250: Fix TX interrupt handling condition
- drm/virtio: Add memory barriers for capset cache.
- phy: renesas: rcar-gen2: Fix memory leak at error paths
- [armhf] drm/rockchip: Properly adjust to a true clock in adjusted_mode
- tty: serial_core: Set port active bit in uart_port_activate
- usb: gadget: Zero ffs_io_data
- [ppc64el] pci/of: Fix OF flags parsing for 64bit BARs
- PCI: sysfs: Ignore lockdep for remove attribute
- iio: iio-utils: Fix possible incorrect mask calculation
- [ppc64el] recordmcount: Fix spurious mcount entries on powerpc
- mfd: core: Set fwnode for created devices
- [arm64] mfd: hi655x-pmic: Fix missing return value check for
devm_regmap_init_mmio_clk
- RDMA/i40iw: Set queue pair state when being queried
- perf test mmap-thread-lookup: Initialize variable to suppress memory
sanitizer warning
- RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM
- [ppc64el] boot: add {get, put}_unaligned_be32 to xz_config.h
- f2fs: avoid out-of-range memory access
- mailbox: handle failed named mailbox channel request
- [ppc64el] eeh: Handle hugepages in ioremap space
- 9p: pass the correct prototype to read_cache_page
- mm/mmu_notifier: use hlist_add_head_rcu()
- usb: wusbcore: fix unbalanced get/put cluster_id
- [x86] usb: pci-quirks: Correct AMD PLL quirk detection
- [x86] sysfb_efi: Add quirks for some devices with swapped width and
height
- [x86] speculation/mds: Apply more accurate check on hypervisor platform
- [x86] hpet: Fix division by zero in hpet_time_div()
- ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1
- ALSA: hda - Add a conexant codec entry to let mute led work
- access: avoid the RCU grace period for the temporary subjective
credentials
- [arm64] dts: marvell: Fix A37xx UART0 register size
- i2c: qup: fixed releasing dma without flush operation completion
- [arm64] compat: Provide definition for COMPAT_SIGMINSTKSZ
(Closes: #904385)
- ISDN: hfcsusb: checking idx of ep configuration
- media: au0828: fix null dereference in error path
- media: cpia2_usb: first wake up, then free in disconnect
- media: radio-raremono: change devm_k*alloc to k*alloc
- sched/fair: Don't free p->numa_faults with concurrent readers
- drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl
- ceph: hold i_ceph_lock when removing caps for freeing inode
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.188
- [armhf] dts: rockchip: Make rk3288-veyron-minnie run at hs200
- [armhf] dts: rockchip: Make rk3288-veyron-mickey's emmc work again
- [armhf] dts: rockchip: Mark that the rk3288 timer might stop in suspend
- ftrace: Enable trampoline when rec count returns back to one
- kernel/module.c: Only return -EEXIST for modules that have finished
loading
- fs/adfs: super: fix use-after-free bug
- btrfs: fix minimum number of chunk errors for DUP
- ceph: fix improper use of smp_mb__before_atomic()
- ceph: return -ERANGE if virtual xattr value didn't fit in buffer
- [s390x] scsi: zfcp: fix GCC compiler warning emitted with
-Wmaybe-uninitialized
- ACPI: fix false-positive -Wuninitialized warning
- be2net: Signal that the device cannot transmit during reconfiguration
- [x86] apic: Silence -Wtype-limits compiler warnings
- mm/cma.c: fail if fixed declaration can't be honored
- coda: add error handling for fget
- coda: fix build using bare-metal toolchain
- uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side
headers
- drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings
- ipc/mqueue.c: only perform resource calculation if user valid
- [x86] kvm: Don't call kvm_spurious_fault() from .fixup
- [x86] boot: Remove multiple copy of static function
sanitize_boot_params()
- Btrfs: fix incremental send failure after deduplication
- [armhf,arm64] mmc: dw_mmc: Fix occasional hang after tuning on eMMC
- gpiolib: fix incorrect IRQ requesting of an active-low lineevent
- selinux: fix memory leak in policydb_init()
- [s390x] dasd: fix endless loop after read unit address configuration
- [arm*] drivers/perf: arm_pmu: Fix failure path in PM notifier
- xen/swiotlb: fix condition for calling xen_destroy_contiguous_region()
- IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification
- infiniband: fix race condition between infiniband mlx4, mlx5 driver and
core dumping
- coredump: fix race condition between collapse_huge_page() and core dumping
- eeprom: at24: make spd world-readable again
- Backport minimal compiler_attributes.h to support GCC 9
- include/linux/module.h: copy __init/__exit attrs to init/cleanup_module
- objtool: Support GCC 9 cold subfunction naming scheme
- [x86] mm, gup: prevent get_page() race with munmap in paravirt guest
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.189
- scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure
- [armhf] dts: Add pinmuxing for i2c2 and i2c3 for LogicPD SOM-LV
- [armhf] dts: Add pinmuxing for i2c2 and i2c3 for LogicPD torpedo
- [armhf] dts: logicpd-som-lv: Fix Audio Mute
- [arm64] cpufeature: Fix CTR_EL0 field definitions
- [arm64] cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG}
- tcp: be more careful in tcp_fragment()
- HID: wacom: fix bit shift for Cintiq Companion 2
- HID: Add quirk for HP X1200 PIXART OEM mouse
- RDMA: Directly cast the sockaddr union to sockaddr
- IB: directly cast the sockaddr union to aockaddr
- objtool: Add machine_real_restart() to the noreturn list
- objtool: Add rewind_stack_do_exit() to the noreturn list
- libceph: use kbasename() and kill ceph_file_part()
- atm: iphase: Fix Spectre v1 vulnerability
- net: bridge: delete local fdb on device init failure
- net: bridge: mcast: don't delete permanent entries when fast leave is
enabled
- net: fix ifindex collision during namespace removal
- net/mlx5: Use reversed order when unregister devices
- net: sched: Fix a possible null-pointer dereference in dequeue_func()
- tipc: compat: allow tipc commands without arguments
- compat_ioctl: pppoe: fix PPPOEIOCSFWD handling
- ip6_tunnel: fix possible use-after-free on xmit
- ife: error out when nla attributes are empty
- bnx2x: Disable multi-cos feature.
- [armhf,arm64] spi: bcm2835: Fix 3-wire mode if DMA is enabled
.
[ Ben Hutchings ]
* Bump ABI to 11
* siphash: implement HalfSipHash1-3 for hash tables (Closes: #935134)
* netfilter: conntrack: Use consistent ct id hash calculation
(fixes regression in 4.9.168-1+deb9u5)
linux (4.9.185-1) stretch; urgency=medium
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.185
- [arm64,armhf] usb: chipidea: udc: workaround for endpoint conflict issue
- [amd64] IB/hfi1: Silence txreq allocation warnings
- Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD
- apparmor: enforce nullbyte at end of tag string
- parport: Fix mem leak in parport_register_dev_model
- [amd64] IB/hfi1: Insure freeze_work work_struct is canceled on shutdown
- IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value
- [mips*] uprobes: remove set but not used variable 'epc'
- [armhf] net: dsa: mv88e6xxx: avoid error message on remove from VLAN 0
- [arm64] net: hns: Fix loopback test failed at copper ports
- [arm64] drm/arm/hdlcd: Allow a bit of clock tolerance
- scsi: ufs: Check that space was properly alloced in copy_query_response
- [s390x] qeth: fix VLAN attribute in bridge_hostnotify udev event
- nvme: Fix u32 overflow in the number of namespace list calculation
- btrfs: start readahead also in seed devices
- can: purge socket error queue on sock destruct
- [ppc64el] powerpc/bpf: use unsigned division instruction for 64-bit
operations
- Bluetooth: Align minimum encryption key size for LE and BR/EDR
connections
- Bluetooth: Fix regression with minimum encryption key size alignment
- cfg80211: fix memory leak of wiphy device name
- mac80211: drop robust management frames from unknown TA
- mac80211: Do not use stack memory with scatterlist for GMAC
- [amd64] IB/hfi1: Avoid hardlockup with flushlist_lock
- 9p/rdma: do not disconnect on down_interruptible EAGAIN
- 9p: acl: fix uninitialized iattr access
- 9p/rdma: remove useless check in cm_event_handler
- 9p: p9dirent_read: check network-provided name length
- fs/proc/array.c: allow reporting eip/esp for all coredumping threads
- [x86] scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck()
- [x86] x86/speculation: Allow guests to use SSBD even if host does not
- NFS/flexfiles: Use the correct TCP timeout for flexfiles I/O
- cpu/speculation: Warn on unsupported mitigations= parameter
- af_packet: Block execution of tasks waiting for transmit to complete in
AF_PACKET
- [arm64,armhf] net: stmmac: fixed new system time seconds value
calculation
- sctp: change to hold sk after auth shkey is created successfully
- tipc: change to use register_pernet_device
- tipc: check msg->req data len in tipc_nl_compat_bearer_disable
- tun: wake up waitqueues after IFF_UP is set
- team: Always enable vlan tx offload
- bonding: Always enable vlan tx offload
- ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while
loop
- net: check before dereferencing netdev_ops during busy poll
- bpf: udp: Avoid calling reuseport's bpf_prog from udp_gro
- bpf: udp: ipv6: Avoid running reuseport's bpf_prog from __udp6_lib_err
- tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb
- Bluetooth: Fix faulty expression for minimum encryption key size check
- ASoC: soc-pcm: BE dai needs prepare when pause release after resume
- spi: bitbang: Fix NULL pointer dereference in spi_unregister_master
- ASoC: max98090: remove 24-bit format support if RJ is 0
- scsi: hpsa: correct ioaccel2 chaining
- mm/mlock.c: change count_mm_mlocked_page_nr return type
- [mips*] math-emu: do not use bools for arithmetic
- [armhf] mfd: omap-usb-tll: Fix register offsets
- [armhf] clk: sunxi: fix uninitialized access
- [x86] KVM: degrade WARN to pr_warn_ratelimited
- [x86] drm/i915/dmc: protect against reading random memory
- ALSA: firewire-lib/fireworks: fix miss detection of received MIDI
messages
- ALSA: line6: Fix write on zero-sized buffer
- ALSA: usb-audio: fix sign unintended sign extension on left shifts
- [x86] lib/mpi: Fix karactx leak in mpi_powm
- [armhf] drm/imx: notify drm core before sending event during crtc
disable
- [armhf] drm/imx: only send event on crtc disable if kept disabled
- btrfs: Ensure replaced device doesn't have pending chunk allocation
- [x86] tty: rocket: fix incorrect forward declaration of 'rp_init()'
- [arm64] vdso: Define vdso_{start,end} as array
- [x86] KVM: LAPIC: Fix pending interrupt in IRR blocked by software
disable LAPIC
- [amd64] IB/hfi1: Close PSM sdma_progress sleep window
- [mips*] Add missing EHB in mtc0 -> mfc0 sequence.
- [armhf] dmaengine: imx-sdma: remove BD_INTR for channel0
linux (4.9.184-1) stretch; urgency=medium
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.169
- [x86] power: Fix some ordering bugs in __restore_processor_context()
- [amd64] power/64: Use struct desc_ptr for the IDT in struct saved_context
- [i386] power/32: Move SYSENTER MSR restoration to fix_processor_context()
- [x86] power: Make restore_processor_context() sane
- [ppc64el] powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM
- [ppc64el] Fix invalid use of register expressions
- [ppc64el] powerpc/64s: Add barrier_nospec
- [ppc64el] powerpc/64s: Add support for ori barrier_nospec patching
- [ppc64el] Avoid code patching freed init sections
- [ppc64el] powerpc/64s: Patch barrier_nospec in modules
- [ppc64el] powerpc/64s: Enable barrier_nospec based on firmware settings
- [ppc64el] Use barrier_nospec in copy_from_user()
- [ppc64el] powerpc/64: Use barrier_nospec in syscall entry
- [ppc64el] powerpc/64s: Enhance the information in cpu_show_spectre_v1()
- [ppc64el] powerpc64s: Show ori31 availability in spectre_v1 sysfs file
not v2
- [ppc64el] powerpc/64: Disable the speculation barrier from the command
line
- [ppc64el] powerpc/64: Make stf barrier PPC_BOOK3S_64 specific.
- [ppc64el] powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC
- [ppc64el] powerpc/64: Call setup_barrier_nospec() from setup_arch()
- [ppc64el] powerpc/64: Make meltdown reporting Book3S 64 specific
- [ppc64el] asm: Add a patch_site macro & helpers for patching
instructions
- [ppc64el] powerpc/64s: Add new security feature flags for count cache
flush
- [ppc64el] powerpc/64s: Add support for software count cache flush
- [ppc64el] powerpc/pseries: Query hypervisor for count cache flush
settings
- [ppc64el] powerpc/powernv: Query firmware for count cache flush
settings
- [ppc64el] security: Fix spectre_v2 reporting
- [arm64] kaslr: Reserve size of ARM64_MEMSTART_ALIGN in linear region
- tty: ldisc: add sysctl to prevent autoloading of ldiscs
- ipv6: Fix dangling pointer when ipv6 fragment
- ipv6: sit: reset ip header pointer in ipip6_rcv
- openvswitch: fix flow actions reallocation
- qmi_wwan: add Olicard 600
- sctp: initialize _pad of sockaddr_in before copying to user memory
- tcp: Ensure DCTCP reacts to losses
- vrf: check accept_source_route on the original netdevice
- bnxt_en: Reset device on RX buffer errors.
- bnxt_en: Improve RX consumer index validity check.
- net/mlx5e: Add a lock on tir list
- netns: provide pure entropy for net_hash_mix()
- net: ethtool: not call vzalloc for zero sized memory request
- ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type
- ALSA: seq: Fix OOB-reads from strlcpy
- Btrfs: do not allow trimming when a fs is mounted with the nologreplay
option
- block: do not leak memory in bio_copy_user_iov()
- genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent()
- virtio: Honour 'may_reduce_num' in vring_create_virtqueue
- [arm64] futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value
- [x86] xen: Prevent buffer overflow in privcmd ioctl
- sched/fair: Do not re-read ->h_load_next during hierarchical load
calculation
- PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.170
- perf/core: Restore mmap record type correctly
- ext4: add missing brelse() in add_new_gdb_meta_bg()
- ext4: report real fs size after failed resize
- [i386] ALSA: sb8: add a check for request_region
- IB/mlx4: Fix race condition between catas error reset and aliasguid
flows
- [x86] thermal/int340x_thermal: Add additional UUIDs
- [x86] thermal/int340x_thermal: fix mode setting
- perf config: Fix an error in the config template documentation
- perf config: Fix a memory leak in collect_config()
- perf build-id: Fix memory leak in print_sdt_events()
- perf top: Fix error handling in cmd_top()
- perf hist: Add missing map__put() in error case
- perf evsel: Free evsel->counts in perf_evsel__exit()
- [arm64] irqchip/mbigen: Don't clear eventid when freeing an MSI
- [x86] hpet: Prevent potential NULL pointer dereference
- [i386] x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode
processors
- [amd64] iommu/vt-d: Check capability before disabling protected memory
- [x86] hw_breakpoints: Make default case in hw_breakpoint_arch_parse()
return an error
- fix incorrect error code mapping for OBJECTID_NOT_FOUND
- ext4: prohibit fstrim in norecovery mode
- rsi: improve kernel thread handling to fix kernel panic
- 9p: do not trust pdu content for stat item size
- 9p locks: add mount option for lock retry interval
- f2fs: fix to do sanity check with current segment number
- [arm64] serial: uartps: console_setup() can't be placed to init section
- HID: i2c-hid: override HID descriptors for certain devices
- [x86] ACPI / SBS: Fix GPE storm on recent MacBookPro's
- cifs: fallback to older infolevels on findfirst queryinfo retry
- kernel: hung_task.c: disable on suspend
- [armhf] crypto: sha256/arm - fix crash bug in Thumb2 build
- [armhf] crypto: sha512/arm - fix crash bug in Thumb2 build
- [amd64] iommu/dmar: Fix buffer overflow during PCI bus notification
- [arm64,armhf] soc/tegra: pmc: Drop locking from
tegra_powergate_is_powered()
- [armel,armhf] 8839/1: kprobe: make patch_lock a raw_spinlock_t
- appletalk: Fix use-after-free in atalk_proc_exit
- lib/div64.c: off by one in shift
- include/linux/swap.h: use offsetof() instead of custom __swapoffset
macro
- [x86] tpm/tpm_crb: Avoid unaligned reads in crb_recv()
- [arm64,armhf] net: stmmac: Set dma ring length before enabling the DMA
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.171
- bonding: fix event handling for stacked bonds
- net: atm: Fix potential Spectre v1 vulnerabilities
- net: bridge: fix per-port af_packet sockets
- net: bridge: multicast: use rcu to access port list from
br_multicast_start_querier
- net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv
- tcp: tcp_grow_window() needs to respect tcp_space()
- team: set slave to promisc if team is already in promisc mode
- vhost: reject zero size iova range
- ipv4: recompile ip options in ipv4_link_failure
- ipv4: ensure rcu_read_lock() in ipv4_link_failure()
- mmc: sdhci: Fix data command CRC error handling
- [x86] tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete
- CIFS: keep FileInfo handle live during oplock break
- [x86] KVM: Don't clear EFER during SMM transitions for 32-bit vCPU
- [x86] iio/gyro/bmg160: Use millidegrees for temperature scale
- [x86] io: accel: kxcjk1013: restore the range after resume.
- [x86] staging: comedi: vmk80xx: Fix use of uninitialized semaphore
- [x86] staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf
- [x86] staging: comedi: ni_usb6501: Fix use of uninitialized mutex
- [x86] staging: comedi: ni_usb6501: Fix possible double-free of
->usb_rx_buf
- ALSA: core: Fix card races between register and disconnect
- Revert "scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO"
- [x86] Revert "svm: Fix AVIC incomplete IPI emulation"
- [x86] crypto: x86/poly1305 - fix overflow during partial reduction
- [x86] kprobes: Verify stack frame on kretprobe
- kprobes: Mark ftrace mcount handler functions nokprobe
- kprobes: Fix error check when reusing optimized probes
- rt2x00: do not increment sequence number while re-transmitting
- mac80211: do not call driver wake_tx_queue op during reconfig
- [x86] perf/x86/amd: Add event map for AMD Family 17h
- sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup
- device_cgroup: fix RCU imbalance in error case
- ALSA: info: Fix racy addition/deletion of nodes
- percpu: stop printing kernel addresses (CVE-2018-5995)
- [x86] i2c-hid: properly terminate i2c_hid_dmi_desc_override_table[] array
- kernel/sysctl.c: fix out-of-bounds access when setting file-max
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.172
- kbuild: simplify ld-option implementation
- cifs: do not attempt cifs operation on smb2+ rename error
- tracing: Fix a memory leak by early error exit in trace_pid_write()
- [mips*] scall64-o32: Fix indirect syscall number load
- trace: Fix preempt_enable_no_resched() abuse
- IB/rdmavt: Fix frwr memory registration
- sched/numa: Fix a possible divide-by-zero
- ceph: ensure d_name stability in ceph_dentry_hash()
- ceph: fix ci->i_head_snapc leak
- nfsd: Don't release the callback slot unless it was actually held
- sunrpc: don't mark uninitialised items as VALID.
- [arm64,armhf] drm/vc4: Fix memory leak during gpu reset.
- [arm64,armhf] drm/vc4: Fix compilation error reported by kbuild test bot
- USB: Add new USB LPM helpers
- USB: Consolidate LPM checks to avoid enabling LPM twice
- vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock
- tipc: handle the err returned from cmd header function
- slip: make slhc_free() silently accept an error pointer
- [x86] intel_th: gth: Fix an off-by-one in output unassigning
- fs/proc/proc_sysctl.c: Fix a NULL pointer dereference
- NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family.
- netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON
- tipc: check bearer name with right length in
tipc_nl_compat_bearer_enable
- tipc: check link name with right length in tipc_nl_compat_link_set
- ipv4: add sanity checks in ipv4_link_failure()
- net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query
- net: rds: exchange of 8K and 1M pool
- team: fix possible recursive locking when add slaves
- [arm64,armhf] net: stmmac: move stmmac_check_ether_addr() to driver
probe
- ipv4: set the tcp_min_rtt_wlen range from 0 to one day
- ipv6: frags: fix a lockdep false positive
- net: IP defrag: encapsulate rbtree defrag code into callable functions
- ipv6: remove dependency of nf_defrag_ipv6 on ipv6 module
- net: IP6 defrag: use rbtrees for IPv6 defrag
- net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c
- Documentation: Add nospectre_v1 parameter
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.173
- usbnet: ipheth: prevent TX queue timeouts when device not ready
- usbnet: ipheth: fix potential null pointer dereference in
ipheth_carrier_set
- media: vivid: check if the cec_adapter is valid
- [armhf] dts: bcm283x: Fix hdmi hpd gpio pull
- [s390x] limit brk randomization to 32MB
- qlcnic: Avoid potential NULL pointer dereference
- netfilter: nft_set_rbtree: check for inactive element after flag
mismatch
- netfilter: bridge: set skb transport_header before entering
NF_INET_PRE_ROUTING
- usb: gadget: net2280: Fix overrun of OUT messages
- usb: gadget: net2280: Fix net2280_dequeue()
- staging: rtl8712: uninitialized memory in read_bbreg_hdl()
- NFS: Fix a typo in nfs_init_timeout_values()
- scsi: qla4xxx: fix a potential NULL pointer dereference
- usb: u132-hcd: fix resource leak
- ceph: fix use-after-free on symlink traversal
- [s390x] scsi: zfcp: reduce flood of fcrscn1 trace records on
multi-element RSCN
- [x86,arm64] libata: fix using DMA buffers on stack
- gpio: of: Fix of_gpiochip_add() error path
- [amd64] vfio/type1: Limit DMA mappings per container (CVE-2019-3882)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.174
- ALSA: line6: use dynamic buffers
- ipv4: ip_do_fragment: Preserve skb_iif during fragmentation
- ipv6/flowlabel: wait rcu grace period before put_pid()
- ipv6: invert flowlabel sharing check in process and user mode
- packet: validate msg_namelen in send directly
- bnxt_en: Improve multicast address setup logic.
- net: phy: marvell: Fix buffer overrun with stats counters
- [arm64] proc: Set PTE_NG for table entries to avoid traversing them
twice
- [arm64] mm: print out correct page table entries
- [arm64] mm: don't print out page table entries on EL0 faults
- USB: yurex: Fix protection fault after device removal
- USB: w1 ds2490: Fix bug caused by improper use of altsetting array
- [x86] usb: usbip: fix isoc packet num validation in get_pipe
- USB: core: Fix unterminated string returned by usb_string()
- USB: core: Fix bug caused by duplicate interface PM usage counter
- nvme-loop: init nvmet_ctrl fatal_err_work when allocate
- HID: logitech: check the return value of create_singlethread_workqueue
- HID: debug: fix race condition with between rdesc_show() and device
removal
- batman-adv: Reduce claim hash refcnt only for removed entry
- batman-adv: Reduce tt_local hash refcnt only for removed entry
- batman-adv: Reduce tt_global hash refcnt only for removed entry
- igb: Fix WARN_ONCE on runtime suspend
- net/mlx5: E-Switch, Fix esw manager vport indication for more vport
commands
- bonding: show full hw address in sysfs for slave entries
- [arm64,armhf] net: stmmac: don't overwrite discard_frame status
- [arm64,armhf] net: stmmac: fix dropping of multi-descriptor RX frames
- [arm64,armhf] net: stmmac: don't log oversized frames
- jffs2: fix use-after-free on symlink traversal
- debugfs: fix use-after-free on symlink traversal
- [amd64,ppc64el] vfio/pci: use correct format characters
- scsi: core: add new RDAC LENOVO/DE_Series device
- [x86] scsi: storvsc: Fix calculation of sub-channel count
- [arm64] net: hns: fix KASAN: use-after-free in hns_nic_net_xmit_hw()
- [arm64] net: hns: Use NAPI_POLL_WEIGHT for hns driver
- [arm64] net: hns: Fix WARNING when remove HNS driver with SMMU enabled
- hugetlbfs: fix memory leak for resv_map
- [armel] orion: don't use using 64-bit DMA masks
- [x86] perf/x86/amd: Update generic hardware cache events for Family 17h
- scsi: RDMA/srpt: Fix a credit leak for aborted commands
- selinux: never allow relabeling on context mounts
- [x86] mce: Improve error message when kernel cannot recover, p2
- media: v4l2: i2c: ov7670: Fix PLL bypass register values
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.175
- scsi: libsas: fix a race condition when smp task timeout
(CVE-2018-20836)
- ASoC:soc-pcm:fix a codec fixup issue in TDM case
- [amd64] IB/hfi1: Eliminate opcode tests on mr deref
- [x86] perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS
- scsi: csiostor: fix missing data copy in csio_scsi_err_handler()
- virtio-blk: limit number of hw queues by nr_cpu_ids
- [amd64] iommu/amd: Set exclusion range correctly
- mm: add 'try_get_page()' helper function
- genirq: Prevent use-after-free and work list corruption
- [arm64,armhf] usb: dwc3: Fix default lpm_nyet_threshold value
- USB: serial: f81232: fix interrupt worker not stop
- usb-storage: Set virt_boundary_mask to avoid SG overflows
- scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS
routines
- UAS: fix alignment of scatter/gather segments
- [x86] ASoC: Intel: avoid Oops if DMA setup fails
- timer/debug: Change /proc/timer_stats from 0644 to 0600 (CVE-2017-5967)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.176
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.177
- netfilter: compat: initialize all fields in xt_init
- bpf: fix struct htab_elem layout
- bpf: convert htab map to hlist_nulls
- [x86] platform/x86: sony-laptop: Fix unintentional fall-through
- USB: serial: fix unthrottle races
- [x86] libnvdimm/namespace: Fix a potential NULL pointer dereference
- HID: input: add mapping for Expose/Overview key
- HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys
- HID: input: add mapping for "Toggle Display" key
- [x86] libnvdimm/btt: Fix a kmemdup failure check
- [s390x] dasd: Fix capacity calculation for large volumes
- mac80211: fix unaligned access in mesh table hash function
- [s390x] 3270: fix lockdep false positive on view->lock
- mISDN: Check address length before reading address family
- [x86] reboot, efi: Use EFI reboot for Acer TravelMate X514-51T
- [x86] KVM: avoid misreporting level-triggered irqs as edge-triggered in
tracing
- init: initialize jump labels before command line option parsing
- ipvs: do not schedule icmp errors from tunnels
- [s390x] ctcm: fix ctcm_new_device error return code
- [armhf] gpu: ipu-v3: dp: fix CSC handling
- rtlwifi: rtl8723ae: Fix missing break in switch statement
- md/raid5: Don't jump to compute_result state from check_result state
- bridge: Fix error path for kobject_init_and_add()
- fib_rules: return 0 directly if an exactly same rule exists when
NLM_F_EXCL not supplied
- packet: Fix error path in packet_init
- vlan: disable SIOCSHWTSTAMP in container
- vrf: sit mtu should not be updated when vrf netdev is the link
- ipv4: Fix raw socket lookup for local traffic
- bonding: fix arp_validate toggling in active-backup mode
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.178
- net: core: another layer of lists, around PF_MEMALLOC skb handling
- locking/rwsem: Prevent decrement of reader count before increment
- [amd64] PCI: hv: Fix a memory leak in hv_eject_device_work()
- [x86] speculation/mds: Revert CPU buffer clear on double fault exit
- [x86] speculation/mds: Improve CPU buffer clear documentation
- [armhf] exynos: Fix a leaked reference by adding missing of_node_put
- [arm64] compat: Reduce address limit
- [arm64] Clear OSDLR_EL1 on CPU boot
- [x86] sched/x86: Save [ER]FLAGS on context switch
- crypto: chacha20poly1305 - set cra_name correctly
- [ppc64el] crypto: vmx - fix copy-paste error in CTR mode
- crypto: crct10dif-generic - fix use via crypto_shash_digest()
- [amd64] crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest()
- ALSA: usb-audio: Fix a memory leak bug
- ALSA: hda/hdmi - Read the pin sense from register when repolling
- ALSA: hda/hdmi - Consider eld_valid when reporting jack event
- ALSA: hda/realtek - EAPD turn on later
- ASoC: max98090: Fix restore of DAPM Muxes
- ASoC: RT5677-SPI: Disable 16Bit SPI Transfers
- ocfs2: fix ocfs2 read inode data panic in ocfs2_iget
- [arm64] mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values
- tty/vt: fix write/write race in ioctl(KDSKBSENT) handler
- jbd2: check superblock mapped prior to committing
- ext4: actually request zeroing of inode table after grow
- ext4: fix ext4_show_options for file systems w/o journal
- Btrfs: do not start a transaction at iterate_extent_inodes()
- bcache: fix a race between cache register and cacheset unregister
- bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim()
- [arm64] ipmi:ssif: compare block number correctly for multi-part return
messages
- crypto: gcm - Fix error return code in crypto_gcm_create_common()
- crypto: gcm - fix incompatibility between "gcm" and "gcm_base"
- crypto: salsa20 - don't access already-freed walk.iv
- fib_rules: fix error in backport of e9919a24d302 ("fib_rules: return
0...")
- writeback: synchronize sync(2) against cgroup writeback membership
switches
- fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going
into workqueue when umount
- ext4: fix data corruption caused by overlapping unaligned and aligned IO
- [x86] ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal
microphone bug
- [x86] KVM: Skip EFER vs. guest CPUID checks for host-initiated writes
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.179
- net: avoid weird emergency message
- net/mlx4_core: Change the error print to info print
- ppp: deflate: Fix possible crash in deflate_init
- tipc: switch order of device registration to fix a crash
- vsock/virtio: free packets during the socket release
- tipc: fix modprobe tipc failed after switch order of device registration
- vsock/virtio: Initialize core virtio vsock before registering the driver
- md: add mddev->pers to avoid potential NULL pointer dereference
- [x86] intel_th: msu: Fix single mode with IOMMU
- p54: drop device reference count if fails to enable device
- cifs: fix strcat buffer overflow and reduce raciness in
smb21_set_oplock_level()
- NFS4: Fix v4.0 client state corruption when mount
- [arm64,armhf] clk: tegra: Fix PLLM programming on Tegra124+ when PMC
overrides divider
- fuse: fix writepages on 32bit
- fuse: honor RLIMIT_FSIZE in fuse_file_fallocate
- [arm64,armhf] iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114
- ceph: flush dirty inodes before proceeding with remount
- tracing: Fix partial reading of trace event's id file
- [arm64,armhf] memory: tegra: Fix integer overflow on tick value
calculation
- [x86] perf intel-pt: Fix instructions sampling rate
- [x86] perf intel-pt: Fix improved sample timestamp
- [x86] perf intel-pt: Fix sample timestamp wrt non-taken branches
- PCI: Mark Atheros AR9462 to avoid bus reset
- PCI: Work around Pericom PCIe-to-PCI bridge Retrain Link erratum
- dm delay: fix a crash when invalid device is specified
- xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink
- xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module
- vti4: ipip tunnel deregistration fixes.
- xfrm4: Fix uninitialized memory read in _decode_session4
- mac80211: Fix kernel panic due to use of txq after free
- [arm64,armhf] KVM: arm/arm64: Ensure vcpu target is unset on reset
failure
- power: supply: sysfs: prevent endless uevent loop with
CONFIG_POWER_SUPPLY_DEBUG
- ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour
- Revert "Don't jump to compute_result state from check_result state"
- md/raid: raid5 preserve the writeback action after the parity check
- btrfs: Honour FITRIM range constraints during free space trim
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.180
- ext4: do not delete unlinked inode from orphan list on failed truncate
- [x86] KVM: fix return value for reserved EFER
- bio: fix improper use of smp_mb__before_atomic()
- Revert "scsi: sd: Keep disk read-only when re-reading partition"
- [ppc64el] crypto: vmx - CTR: always increment IV as quadword
- [x86] kvm: svm/avic: fix off-by-one in checking host APIC ID
- [x86] libnvdimm/namespace: Fix label tracking error
- [arm64] Save and restore OSDLR_EL1 across suspend/resume
- gfs2: Fix sign extension bug in gfs2_update_stats
- Btrfs: do not abort transaction at btrfs_update_root() after failure to
COW path
- Btrfs: fix race between ranged fsync and writeback of adjacent ranges
- btrfs: sysfs: don't leak memory when failing add fsid
- fbdev: fix divide error in fb_var_to_videomode
- hugetlb: use same fault hash key for shared and private mappings
- fbdev: fix WARNING in __alloc_pages_nodemask bug
- media: cpia2: Fix use-after-free in cpia2_exit
- media: vivid: use vfree() instead of kfree() for dev->bitmap_cap
- [x86,ppc64el] ssb: Fix possible NULL pointer dereference in
ssb_host_pcmcia_exit
- at76c50x-usb: Don't register led_trigger if usb_register_driver failed
- Revert "btrfs: Honour FITRIM range constraints during free space trim"
- gfs2: Fix lru_count going negative
- cxgb4: Fix error path in cxgb4_init_module
- mmc: core: Verify SD bus width
- [arm64] dmaengine: tegra210-dma: free dma controller in remove()
- [arm64,armhf] ASoC: hdmi-codec: unlock the device on startup errors
- [ppc64el] boot: Fix missing check of lseek() return value
- brcm80211: potential NULL dereference in
brcmf_cfg80211_vndr_cmds_dcmd_handler()
- [armel,armhf] vdso: Remove dependency with the arch_timer driver internals
- sched/cpufreq: Fix kobject memleak
- scsi: qla2xxx: Fix a qla24xx_enable_msix() error path
- iwlwifi: pcie: don't crash on invalid RX interrupt
- w1: fix the resume command API
- [armhf] dmaengine: pl330: _stop: clear interrupt status
- mac80211/cfg80211: update bss channel on channel switch
- mwifiex: prevent an array overflow
- [armhf] crypto: sun4i-ss - Fix invalid calculation of hash end
- bcache: return error immediately in bch_journal_replay()
- bcache: fix failure in journal relplay
- bcache: add failure check to run_cache_set() for journal replay
- [x86] build: Move _etext to actual end of .text
- smpboot: Place the __percpu annotation correctly
- [amd64] mm: Remove in_nmi() warning from 64-bit implementation of
vmalloc_fault()
- HID: logitech-hidpp: use RAP instead of FAP to get the protocol version
- media: au0828: stop video streaming only when last user stops
- audit: fix a memory leak bug
- media: au0828: Fix NULL pointer dereference in
au0828_analog_stream_enable()
- media: pvrusb2: Prevent a buffer overflow
- [ppc64el] numa: improve control of topology updates
- sched/core: Check quota and period overflow at usec to nsec conversion
- sched/core: Handle overflow in cpu_shares_write_u64
- USB: core: Don't unbind interfaces following device reset failure
- [amd64] irq: Limit IST stack overflow check to #DB stack
- i40e: don't allow changes to HW VLAN stripping on active port VLANs
- [arm64] vdso: Fix clock_getres() for CLOCK_REALTIME
- RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure
- hwmon: (vt1211) Use request_muxed_region for Super-IO accesses
- [x86] hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses
- [x86] hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses
- hwmon: (pc87427) Use request_muxed_region for Super-IO accesses
- [x86] hwmon: (f71805f) Use request_muxed_region for Super-IO accesses
- scsi: libsas: Do discovery on empty PHY to update PHY info
- mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers
- [arm64] mmc_spi: add a status check for spi_sync_locked
- PM / core: Propagate dev->power.wakeup_path when no callbacks
- rtlwifi: fix a potential NULL pointer dereference
- mwifiex: Fix mem leak in mwifiex_tm_cmd
- brcmfmac: fix missing checks for kmemdup
- brcmfmac: convert dev_init_lock mutex to completion
- brcmfmac: fix race during disconnect when USB completion is in progress
- brcmfmac: fix Oops when bringing up interface during USB disconnect
- scsi: ufs: Fix regulator load and icc-level configuration
- scsi: ufs: Avoid configuring regulator with undefined voltage range
- [arm64] cpu_ops: fix a leaked reference by adding missing of_node_put
- [x86] uaccess, signal: Fix AC=1 bloat
- [amd64] x86/ia32: Fix ia32_restore_sigcontext() AC leak
- chardev: add additional check for minor range overlap
- HID: core: move Usage Page concatenation to Main item
- [armhf] ASoC: eukrea-tlv320: fix a leaked reference by adding missing
of_node_put
- [armhf] ASoC: fsl_utils: fix a leaked reference by adding missing
of_node_put
- cxgb3/l2t: Fix undefined behaviour
- [arm64,armhf] spi: tegra114: reset controller on probe
- [armhf] media: wl128x: prevent two potential buffer overflows
- virtio_console: initialize vtermno value for ports
- [x86,ppc64el] tty: ipwireless: fix missing checks for ioremap
- [x86] mce: Fix machine_check_poll() tests for error types
- usb: core: Add PM runtime calls to usb_hcd_platform_shutdown
- scsi: qla4xxx: avoid freeing unallocated dma memory
- [arm64] dmaengine: tegra210-adma: use devm_clk_*() helpers
- media: m88ds3103: serialize reset messages in m88ds3103_set_frontend
- scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices
- [i386] spi : spi-topcliff-pch: Fix to handle empty DMA buffers
- spi: Fix zero length xfer bug
- drm: Wake up next in drm_read() chain if we are forced to putback the
event
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.181
- ipv6: Consider sk_bound_dev_if when binding a raw socket to an address
- llc: fix skb leak in llc_build_and_send_ui_pkt()
- [armhf] net: fec: fix the clk mismatch in failed_reset path
- net-gro: fix use-after-free read in napi_gro_frags()
- [arm64,armhf] net: stmmac: fix reset gpio free missing
- usbnet: fix kernel crash after disconnect
- tipc: Avoid copying bytes beyond the supplied data
- bnxt_en: Fix aggregation buffer leak under OOM condition.
- ipv4/igmp: fix another memory leak in igmpv3_del_delrec()
- ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST
- [armhf] net: dsa: mv88e6xxx: fix handling of upper half of
STATS_TYPE_PORT
- [armhf] net: mvneta: Fix err code path of probe
- [armhf] net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value
- [ppc64el] crypto: vmx - ghash: do nosimd fallback manually
- xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
(CVE-2015-8553)
- Revert "tipc: fix modprobe tipc failed after switch order of device
registration"
- tipc: fix modprobe tipc failed after switch order of device registration
- xhci: update bounce buffer with correct sg num
- xhci: Use %zu for printing size_t type
- xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic()
- usb: xhci: avoid null pointer deref when bos field is NULL
- [x86] usbip: usbip_host: fix BUG: sleeping function called from invalid
context
- [x86] usbip: usbip_host: fix stub_dev lock context imbalance regression
- USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor
- USB: sisusbvga: fix oops in error path of sisusb_probe
- USB: Add LPM quirk for Surface Dock GigE adapter
- USB: rio500: refuse more than one device at a time
- USB: rio500: fix memory leak in close after disconnect
- media: usb: siano: Fix general protection fault in smsusb
- media: usb: siano: Fix false-positive "uninitialized variable" warning
- media: smsusb: better handle optional alignment
- [s390x] scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from
port_remove
- [s390x] scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs
(only sdevs)
- Btrfs: fix race updating log root item during fsync
- [ppc64el] powerpc/perf: Fix MMCRA corruption by bhrb_filter
- ALSA: hda/realtek - Set default power save node to 0
- drm/nouveau/i2c: Disable i2c bus access after ->fini()
- [arm64] tty: serial: msm_serial: Fix XON/XOFF
- memcg: make it work on sparse non-0-node systems
- kernel/signal.c: trace_signal_deliver when signal_group_exit
- CIFS: cifs_read_allocate_pages: don't iterate through whole page array
on ENOMEM
- [x86] drm/vmwgfx: Don't send drm sysfs hotplug events on initial master
set
- binder: Replace "%p" with "%pK" for stable (CVE-2018-20509)
- binder: replace "%p" with "%pK" (CVE-2018-20510)
- fs: prevent page refcount overflow in pipe_buf_get (CVE-2019-11487)
- mm, gup: remove broken VM_BUG_ON_PAGE compound check for hugepages
- mm, gup: ensure real head page is ref-counted when using hugepages
- mm: prevent get_user_pages() from overflowing page refcount
(CVE-2019-11487)
- mm: make page ref count overflow check tighter and more explicit
(CVE-2019-11487)
- media: uvcvideo: Fix uvc_alloc_entity() allocation alignment
- ethtool: fix potential userspace buffer overflow
- neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit
- net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query
- net: rds: fix memory leak in rds_ib_flush_mr_pool
- pktgen: do not sleep with the thread lock held.
- ipv6: fix EFAULT on sendto with icmpv6 and hdrincl
- ipv6: use READ_ONCE() for inet->hdrincl as in ipv4
- Revert "fib_rules: fix error in backport of e9919a24d302 ("fib_rules:
return 0...")"
- Revert "fib_rules: return 0 directly if an exactly same rule exists when
NLM_F_EXCL not supplied"
- rcu: locking and unlocking need to always be at least barriers
- fuse: fallocate: fix return with locked inode
- [x86] power: Fix 'nosmt' vs hibernation triple fault during resume
- [ppc64el] genwqe: Prevent an integer overflow in the ioctl
- [x86] drm/gma500/cdv: Check vbt config bits when detecting lvds panels
- drm/radeon: prefer lower reference dividers
- [x86] drm/i915: Fix I915_EXEC_RING_MASK
- TTY: serial_core, add ->install
- fs: stream_open - opener for stream-like files so that read and write
can run simultaneously without deadlock
- fuse: Add FOPEN_STREAM to use stream_open()
- ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled
- ethtool: check the return value of get_regs_len
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.182
- tcp: reduce tcp_fastretrans_alert() verbosity
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.183
- fs/fat/file.c: issue flush after the writeback of FAT
- sysctl: return -EINVAL if val violates minmax
- ipc: prevent lockup on alloc_msg and free_msg
- [armhf] prevent tracing IPI_CPU_BACKTRACE
- hugetlbfs: on restore reserve error path retain subpool reservation
- mem-hotplug: fix node spanned pages when we have a node with only
ZONE_MOVABLE
- [armhf,ppc64el] mm/cma.c: fix crash on CMA allocation if bitmap
allocation fails
- mm/slab.c: fix an infinite loop in leaks_show()
- kernel/sys.c: prctl: fix false positive in validate_prctl_map()
- [arm64] drivers: thermal: tsens: Don't print error message on
-EPROBE_DEFER
- [x86] mfd: intel-lpss: Set the device in reset state when init
- mfd: twl6040: Fix device init errors for ACCCTL register
- [x86] perf/intel: Allow PEBS multi-entry in watermark mode
- [arm64] drm/bridge: adv7511: Fix low refresh rate selection
- objtool: Don't use ignore flag for fake jumps
- [arm64] pwm: meson: Use the spin-lock only to protect register
modifications
- ntp: Allow TAI-UTC offset to be set to zero
- f2fs: fix to avoid panic in do_recover_data()
- f2fs: fix to clear dirty inode in error path of f2fs_iget()
- f2fs: fix to do sanity check on valid block count of segment
- configfs: fix possible use-after-free in configfs_register_group
- [armhf] watchdog: imx2_wdt: Fix set_timeout for big timeout values
- watchdog: fix compile time error of pretimeout governors
- [x86] iommu/vt-d: Set intel_iommu_gfx_mapped correctly
- ALSA: hda - Register irq handler after the chip initialization
- nvmem: core: fix read buffer in place
- fuse: retrieve: cap requested size to negotiated max_write
- nfsd: allow fh_want_write to be called twice
- [x86] PCI: Fix PCI IRQ routing table memory leak
- platform/chrome: cros_ec_proto: check for NULL transfer function
- [armhf] clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288
- [armhf] dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA
- [armhf] dts: imx7d: Specify IMX7D_CLK_IPG as "ipg" clock to SDMA
- [armhf] dts: imx6ul: Specify IMX6UL_CLK_IPG as "ipg" clock to SDMA
- [armhf] dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA
- [armhf] dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA
- [ppc64el] PCI: rpadlpar: Fix leaked device_node references in add/remove
paths
- [x86] platform: intel_pmc_ipc: adding error handling
- [x86] video: hgafb: fix potential NULL pointer dereference
- [arm64] PCI: xilinx: Check for __get_free_pages() failure
- [armhf] gpio: gpio-omap: add check for off wake capable gpios
- [x86] dmaengine: idma64: Use actual device for DMA transfers
- [armhf] pwm: tiehrpwm: Update shadow register for disabling PWMs
- [armhf] dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8
regulators on Arndale Octa
- pwm: Fix deadlock warning when removing PWM device
- [armhf] exynos: Fix undefined instruction during Exynos5422 resume
- ALSA: seq: Cover unsubscribe_port() in list_mutex
- ALSA: oxfw: allow PCM capture for Stanton SCS.1m
- libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk
- mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node
- fs/ocfs2: fix race in ocfs2_dentry_attach_lock()
- signal/ptrace: Don't leak unitialized kernel memory with
PTRACE_PEEK_SIGINFO
- ptrace: restore smp_rmb() in __ptrace_may_access()
- media: v4l2-ioctl: clear fields in s_parm
- bcache: fix stack corruption by PRECEDING_KEY()
- cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css()
- [x86] uaccess, kcov: Disable stack protector
- ALSA: seq: Fix race of get-subscription call vs port-delete ioctls
- Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var
- scsi: lpfc: add check for loss of ndlp when sending RRQ
- [arm64] mm: Inhibit huge-vmap with ptdump
- scsi: bnx2fc: fix incorrect cast to u64 on shift operation
- usbnet: ipheth: fix racing condition
- [x86] KVM: pmu: do not mask the value that is written to fixed PMUs
- [s390x] KVM: fix memory slot handling for KVM_SET_USER_MEMORY_REGION
- [x86] drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to
an invalid read
- [x86] drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define()
- [arm64,armhf] usb: dwc2: Fix DMA cache alignment issues
- USB: Fix chipmunk-like voice when using Logitech C270 for recording audio.
- USB: usb-storage: Add new ID to ums-realtek
- USB: serial: pl2303: add Allied Telesis VT-Kit3
- USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode
- USB: serial: option: add Telit 0x1260 and 0x1261 compositions
- [armhf] rtc: pcf8523: don't return invalid date when battery is low
- ax25: fix inconsistent lock state in ax25_destroy_timer
- be2net: Fix number of Rx queues used for flow hashing
- ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero
- lapb: fixed leak of control-blocks.
- neigh: fix use-after-free read in pneigh_get_next
- [x86] perf/intel/ds: Fix EVENT vs. UEVENT PEBS constraints
- mISDN: make sure device name is NUL terminated
- [x86] CPU/AMD: Don't force the CPB cap when running under a hypervisor
- perf/ring_buffer: Fix exposing a temporarily decreased data_head
- perf/ring_buffer: Add ordering to rb->nest increment
- i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr
- configfs: Fix use-after-free when accessing sd->s_dentry
- perf data: Fix 'strncat may truncate' build failure with recent gcc
- perf record: Fix s390 missing module symbol and warning for non-root users
- [ppc64el] KVM: Book3S: Use new mutex to synchronize access to rtas token
list
- [ppc64el] KVM: Book3S HV: Don't take kvm->lock around kvm_for_each_vcpu
- scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route()
- scsi: smartpqi: properly set both the DMA mask and the coherent DMA mask
- scsi: libsas: delete sas port if expander discover failed
- vfs: Abort file_remove_privs() for non-reg. files
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.184
- tcp: refine memory limit test in tcp_fragment() (Closes: #930904)
.
[ Salvatore Bonaccorso ]
* [x86] Disable R3964 due to lack of security support
* Refresh version.patch for context changes in 4.9.170
* [rt] Drop 0053-arm-kprobe-replace-patch_lock-to-raw-lock.patch applied in
4.9.170
* Revert "x86: stop exporting msr-index.h to userland"
* [rt] Add new signing subkey for Steven Rostedt
* [rt] Update to 4.9.178-rt131:
- futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock()
- Update "kernel/hotplug: restore original cpu mask oncpu/down" to always
call arch_smt_update()
* Refresh 0058-net-ena-complete-host-info-to-match-latest-ENA-spec.patch for
context changes in 4.9.180
* Drop efi-libstub-unify-command-line-param-parsing.patch
* Refresh arm64-add-kernel-config-option-to-set-securelevel-wh.patch for
context changes in 4.9.181
.
[ Ben Hutchings ]
* Drop "kbuild: Use -nostdinc in compile tests", which is no longer needed.
* [rt] Fix build failure after "genirq: Prevent use-after-free and work
list corruption":
- kthread: Convert worker lock to raw spinlock
- kthread: add a global worker thread.
- genirq: convert affinity_notify swork to kthread
* Bump ABI to 10 and apply deferred changes:
- genirq: Avoid summation loops for /proc/stat
* [ppc64el] Disable PPC_TRANSACTIONAL_MEM (Closes: #866122)
linux (4.9.168-1+deb9u3) stretch-security; urgency=high
.
[ Salvatore Bonaccorso ]
* tcp: limit payload size of sacked skbs (CVE-2019-11477)
* tcp: tcp_fragment() should apply sane memory limits (CVE-2019-11478)
* tcp: add tcp_min_snd_mss sysctl (CVE-2019-11479)
* tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()
* tcp: fix fack_count accounting on tcp_shift_skb_data()
.
[ Ben Hutchings ]
* tcp: Avoid ABI change for DoS fixes
* mm/mincore.c: make mincore() more conservative (CVE-2019-5489)
* brcmfmac: add length checks in scheduled scan result handler
* brcmfmac: assure SSID length from firmware is limited (CVE-2019-9500)
* brcmfmac: add subtype check for event handling in data path (CVE-2019-9503)
* tty: mark Siemens R3964 line discipline as BROKEN (CVE-2019-11486)
* coredump: fix race condition between mmget_not_zero()/get_task_mm() and
core dumping (CVE-2019-11599)
* net: rds: force to destroy connection if t_sock is NULL in
rds_tcp_kill_sock(). (CVE-2019-11815) (Closes: #928989)
* ext4: zero out the unused memory region in the extent tree block
(CVE-2019-11833)
* Bluetooth: hidp: fix buffer overflow (CVE-2019-11884)
* mwifiex: Fix possible buffer overflows at parsing bss descriptor
(CVE-2019-3846)
* mwifiex: Abort at too short BSS descriptor element
* mwifiex: Don't abort on small, spec-compliant vendor IEs
* mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies()
(CVE-2019-10126)
linux (4.9.168-1+deb9u2) stretch-security; urgency=high
.
[ Salvatore Bonaccorso ]
* Revert "block/loop: Use global lock for ioctl() operation."
(Closes: #928125)
.
linux (4.9.168-1+deb9u1) stretch-security; urgency=high
.
* [x86] Update speculation mitigations:
- x86/MCE: Save microcode revision in machine check records
- x86/cpufeatures: Hide AMD-specific speculation flags
- x86/bugs: Add AMD's variant of SSB_NO
- x86/bugs: Add AMD's SPEC_CTRL MSR usage
- x86/bugs: Switch the selection of mitigation from CPU vendor to CPU
features
- x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR
- x86/microcode/intel: Add a helper which gives the microcode revision
- x86/microcode/intel: Check microcode revision before updating sibling
threads
- x86/microcode: Make sure boot_cpu_data.microcode is up-to-date
- x86/microcode: Update the new microcode revision unconditionally
- x86/mm: Use WRITE_ONCE() when setting PTEs
- bitops: avoid integer overflow in GENMASK(_ULL)
- x86/speculation: Simplify the CPU bug detection logic
- locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a
new <linux/bits.h> file
- x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation
- x86/cpu: Sanitize FAM6_ATOM naming
- Documentation/l1tf: Fix small spelling typo
- x86/speculation: Apply IBPB more strictly to avoid cross-process data
leak
- x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
- x86/speculation: Propagate information about RSB filling mitigation to
sysfs
- x86/speculation/l1tf: Drop the swap storage limit restriction when
l1tf=off
- x86/speculation: Update the TIF_SSBD comment
- x86/speculation: Clean up spectre_v2_parse_cmdline()
- x86/speculation: Remove unnecessary ret variable in cpu_show_common()
- x86/speculation: Move STIPB/IBPB string conditionals out of
cpu_show_common()
- x86/speculation: Disable STIBP when enhanced IBRS is in use
- x86/speculation: Rename SSBD update functions
- x86/speculation: Reorganize speculation control MSRs update
- x86/Kconfig: Select SCHED_SMT if SMP enabled
- sched: Add sched_smt_active()
- x86/speculation: Rework SMT state change
- x86/l1tf: Show actual SMT state
- x86/speculation: Reorder the spec_v2 code
- x86/speculation: Mark string arrays const correctly
- x86/speculataion: Mark command line parser data __initdata
- x86/speculation: Unify conditional spectre v2 print functions
- x86/speculation: Add command line control for indirect branch speculation
- x86/speculation: Prepare for per task indirect branch speculation control
- x86/process: Consolidate and simplify switch_to_xtra() code
- x86/speculation: Avoid __switch_to_xtra() calls
- x86/speculation: Prepare for conditional IBPB in switch_mm()
- x86/speculation: Split out TIF update
- x86/speculation: Prepare arch_smt_update() for PRCTL mode
- x86/speculation: Prevent stale SPEC_CTRL msr content
- x86/speculation: Add prctl() control for indirect branch speculation
- x86/speculation: Enable prctl mode for spectre_v2_user
- x86/speculation: Add seccomp Spectre v2 user space protection mode
- x86/speculation: Provide IBPB always command line options
- kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
- x86/msr-index: Cleanup bit defines
- x86/speculation: Consolidate CPU whitelists
- Documentation: Move L1TF to separate directory
- cpu/speculation: Add 'mitigations=' cmdline option
- x86/speculation: Support 'mitigations=' cmdline option
- x86/speculation/mds: Add 'mitigations=' support for MDS
- x86/cpu/bugs: Use __initconst for 'const' init data
* [x86] Mitigate Microarchitectural Data Sampling (MDS) vulnerabilities
(CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091):
- x86/speculation/mds: Add basic bug infrastructure for MDS
- x86/speculation/mds: Add BUG_MSBDS_ONLY
- x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
- x86/speculation/mds: Add mds_clear_cpu_buffers()
- x86/speculation/mds: Clear CPU buffers on exit to user
- x86/kvm/vmx: Add MDS protection when L1D Flush is not active
- x86/speculation/mds: Conditionally clear CPU buffers on idle entry
- x86/speculation/mds: Add mitigation control for MDS
- x86/speculation/mds: Add sysfs reporting for MDS
- x86/speculation/mds: Add mitigation mode VMWERV
- Documentation: Add MDS vulnerability documentation
- x86/speculation/mds: Add mds=full,nosmt cmdline option
- x86/speculation: Move arch_smt_update() call to after mitigation decisions
- x86/speculation/mds: Add SMT warning message
- x86/speculation/mds: Fix comment
- x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
- x86/mds: Add MDSUM variant to the MDS documentation
- Documentation: Correct the possible MDS sysfs values
- x86/speculation/mds: Fix documentation typo
* [x86] msr-index: Remove dependency on <linux/bits.h>
* [rt] Update patches to apply on top of the speculation mitigation changes
* [x86] mce, tlb: Ignore ABI changes
linux-latest (80+deb9u9) stretch; urgency=medium
.
* Update to 4.9.0-11
linux-latest (80+deb9u8) stretch; urgency=medium
.
* Update to 4.9.0-10
liquidsoap (1.1.1-7.2+deb9u1) stretch; urgency=medium
.
* Fix compilation with Ocaml 4.02 (Closes: #812591)
* Add new uploader
llvm-toolchain-7 (1:7.0.1-8~deb9u2) stretch; urgency=medium
.
* Disable ocaml on ppc64el and s390x.
llvm-toolchain-7 (1:7.0.1-8~deb9u1) stretch; urgency=medium
.
* Backport to stretch.
llvm-toolchain-7 (1:7.0.1-7) unstable; urgency=medium
.
* Fix an ABI issue introduced with the kfreebsd support
(Closes: #922731)
* kfreebsd/kfreebsd-triple-clang.diff: update of the patch to fix
the kfreebsd FTBFS (Closes: #921246)
* Enable ld gold for kfreebsd-amd64 and kfreebsd-i386
Many thanks to Svante Signell for the three updates
.
[ Matthias Klose ]
* Remove the autopkg test for a genuine LLVM bug.
llvm-toolchain-7 (1:7.0.1-6) unstable; urgency=medium
.
* Add support for kfreebsd (Closes: #921246)
Many thanks to Svante Signell for all patches
llvm-toolchain-7 (1:7.0.1-4) unstable; urgency=medium
.
* Remove dbgsym packages from debci because of bug #917528
.
[ Gianfranco Costamagna ]
* Ignore a test result on i386, due to upstream bug 26580#c18
llvm-toolchain-7 (1:7.0.1-3) unstable; urgency=medium
.
* Also install clang-7-dbgsym libclang1-7-dbgsym in autopkgtest
to verify that debug symbols are present
* Cherry-pick upstream fix D52340 to address a rustc debuginfo
(Closes: #917209)
* Change the jit debug path from $HOME/.debug/jit/ to
$TMPDIR/.debug/jit/ (Closes: #916393)
* Document in README.source some Debian/Ubuntu specific changes
llvm-toolchain-7 (1:7.0.1-2) unstable; urgency=medium
.
* Enable -DENABLE_LINKER_BUILD_ID:BOOL=ON as, unlike gcc, isn't enabled
by default in clang. Thanks to Adrian Bunk for the patch.
Once more, thanks to Rebecca Palmer (Closes: #916975)
* Build with -g1 also on 64bit architectures (thanks to Adrian too)
llvm-toolchain-7 (1:7.0.1-1) unstable; urgency=medium
.
* New release
* Remove the dbg workaround. Hopefully, the new version of
binutils will fix it (Closes: #913946)
llvm-toolchain-7 (1:7.0.1~+rc3-2) unstable; urgency=medium
.
* Fix llvm-config by stripping unnecessary flags
See also https://bugs.llvm.org/show_bug.cgi?id=8220
(Closes: #697755, #914838)
* Try to workaround the debug issues by adding -fno-addrsig to the *FLAGS
One more time, thanks to Rebecca Palmer (Closes: #913946)
The goal is to provide correct debug packages.
Workaround https://sourceware.org/bugzilla/show_bug.cgi?id=23788
* Force the chmod +x on llvm-X/bin/* because it was sometimes removed
by the strip process
* Force the link to atomic also for i386 as it fails on Debian jessie too
* Improved the debian/patches/series presentation by creating categories
* Improve the separation between *FLAGS for gcc and clang.
This is done for -fno-addrsig as it doesn't exit for gcc
This can be done with the BOOTSTRAP_CMAKE_CXX_FLAGS option
llvm-toolchain-7 (1:7.0.1~+rc3-1) unstable; urgency=medium
.
* New testing release
* disable the llvm-strip as it created too big llvm lib
.
[ John Paul Adrian Glaubitz ]
* Add patch to add powerpcspe support to clang
* Add patch to fix register spilling on powerpcspe
* Add patch to optimize double parameter calling setup on powerpcspe
llvm-toolchain-7 (1:7.0.1~+rc2-8) unstable; urgency=medium
.
* Use llvm-strip instead of binutils strip.
Two reasons:
- with clang stage2, the dbg packages were not generated
- strip fails on stretch and other ubuntu on some archives
For this, I had to silent the --enable-deterministic-archives
option (https://bugs.llvm.org/show_bug.cgi?id=39789).
Thanks to Rebecca Palmer for the idea
(Closes: #913946)
* Change the i386 base line to avoid using sse2 extension
This is more important now that llvm is built with clang
instead of gcc.
Thanks to Fanael Linithien for the patch
(Closes: #914770, #894840)
llvm-toolchain-7 (1:7.0.1~+rc2-7) unstable; urgency=medium
.
* Bring back mips-rdhwr.diff as it isn't in rc2
llvm-toolchain-7 (1:7.0.1~+rc2-6) unstable; urgency=medium
.
[ Samuel Thibault ]
* D53557-hurd-self-exe-realpath.diff: Fix paths returned by
llvm-config (See Bug#911817).
.
[ Sylvestre Ledru ]
* Fix the FTBFS on armel for real! Thanks to Adrian Bunk
Force the activation of FeatureVFP3 & FeatureD16
llvm-toolchain-7 (1:7.0.1~+rc2-5) unstable; urgency=medium
.
[ Samuel Thibault ]
* D54079-hurd-openmp.diff, D54338-hurd-libcxx-threads-build.diff,
D54339-hurd-libcxx-threads-detection.diff, D54378-hurd-triple.diff,
D54379-hurd-triple-clang.diff, D54677-hurd-path_max.diff,
hurd-cxx-paths.diff: New patches to fix hurd build.
.
[ Sylvestre Ledru ]
* Remove mips-rdhwr.diff as it has been applied upstream
* Fix a baseline violation on armhf (Closes: #914268)
clang-arm-default-vfp3-on-armv7a.patch has been updated to disable
neon in another place
llvm-toolchain-7 (1:7.0.1~+rc2-4) unstable; urgency=medium
.
* Workaround the build issues on armhf
Thanks to Adrian Bunk for the idea
* Remove useless symlink /usr/include/c++ -> ../lib/llvm-7/include/c++
(Closes: #913400)
llvm-toolchain-7 (1:7.0.1~+rc2-3) unstable; urgency=medium
.
* Disable gold for sparc* (Closes: #913260)
* Hide a symbol in openmp for mips64el
* Try to integrate a pach to make pch reproducible
Thanks to Rebecca Palmer for the patch
(Closes: #877359)
* Fix the misscompilation issue causing rustc to crash (Closes: #913271)
Might cause some ABI issues but no real good solution.
See https://bugs.llvm.org/show_bug.cgi?id=39427
llvm-toolchain-7 (1:7.0.1~+rc2-2) unstable; urgency=medium
.
* Fix a non-break space in a patch (Closes: #913213)
llvm-toolchain-7 (1:7.0.1~+rc2-1) unstable; urgency=medium
.
* Upload of 7.0.1 rc2 into unstable
* New testing release
* Enable the stage2 bootstrap:
- stage1 = build clang with gcc
- stage2 = clang building itself
(Closes: #909234)
* Bring back the Disable NEON generation on armhf patch which was gone
Should fix the FTBFS on armhf
(Closes: #842142)
* Update the clang manpage to remove osx specific options
and to add -arch (Closes: #743133)
* Bring back usr/lib/@DEB_HOST_MULTIARCH@/{libiomp5.so, libomp5.so}
symlink for gcc (Closes: #912641)
llvm-toolchain-7 (1:7.0.1~+rc2-1~exp1) experimental; urgency=medium
.
* New testing release
llvm-toolchain-7 (1:7-9~exp1) experimental; urgency=medium
.
* Remove the dump of cmake error file (too confusing)
* Try to fix the bootstrap FTBFS :
- on armel by forcing the link to -latomic
- mips-rdhwr.diff: backport D51773 to fix an
assembly issue on mips.
Thanks to jrtc27 for finding the issue.
llvm-toolchain-7 (1:7-8) unstable; urgency=medium
.
* Update the watch file to display the right version
(even if the download will fail)
* clang-7 suggests libomp-7-dev instead of libomp-dev
* Make sure that we don't conflict openmp & libc++ with llvm-defaults's
(Closes: #912544)
* Handle better the non coinstability of openmp & libc++ (like we are doing
with python-clang-*)
* Backport upstream fix D51749 to address a rust aarch64 issues
(Closes: #909705)
* Add tests from old bugs to make sure they don't come back
(Closes: #889832, #827866)
* The sanitizers use the versionned llvm-symbolizer provided by the
llvm-X package (Closes: #753572)
llvm-toolchain-7 (1:7-7~exp2) experimental; urgency=medium
.
* clangd-atomic-cmake.patch: Link against atomic for clangd in i386
* When the cmake configure of the stage2 is failing, dump the cmake error log
* Declare some variables (-Wno-*) for all platforms (was failing on mips)
* Update the watch file to display the right version
(even if the download will fail)
llvm-toolchain-7 (1:7-7~exp1) experimental; urgency=medium
.
* Experiment the clang bootstrap
* Try to boostrap clang using clang
llvm-toolchain-7 (1:7-6) unstable; urgency=medium
.
* Team upload
* Upload to unstable
llvm-toolchain-7 (1:7-6~exp2) experimental; urgency=medium
.
* Disable for now the bootstrapping clang patches
llvm-toolchain-7 (1:7-6~exp1) experimental; urgency=medium
.
* Add python-pygments as dep of llvm-7-tools because
opt-viewer.py needs it
* Add back libomp5-X.Y.symbols.in (untested)
* Start the work on bootstraping clang
- bootstrap-with-openmp-version-export-missing.diff: fix a link issue
https://bugs.llvm.org/show_bug.cgi?id=39200
- bootstrap-fix-include-next.diff: Fix an include issue at bootstrap phase
https://bugs.llvm.org/show_bug.cgi?id=39162
* Fix the install of clang bash completion
.
[ Gianfranco Costamagna ]
* Take option two in bug #877567 to fix FTBFS on mips and mipsel
llvm-toolchain-7 (1:7-5) unstable; urgency=medium
.
* In debci, run qualify-clang.sh in verbose mode
* Only run the g++ test if g++ exist
.
[ Reshabh Sharma ]
* Run check-openmp to test OpenMP
llvm-toolchain-7 (1:7-4) unstable; urgency=medium
.
* Backport a fix to improve scan-build code error.
Thanks to Roman Lebedev for the fix(Closes: #909662)
* Remove bat files https://bugs.llvm.org/show_bug.cgi?id=30755
* Install bash-completion for clang
* Disable ocaml on armel
llvm-toolchain-7 (1:7-3) unstable; urgency=medium
.
* Fix a syntax issue in a scan-build patch
* Fix the autopkgtest script (no gcc in the test)
* remove dep from lld to llvm-7-dev because lld
doesn't use LLVM LTO
* remove old Replaces/Breaks
* Standards-Version: 4.2.1
llvm-toolchain-7 (1:7-2) unstable; urgency=medium
.
* Fix the ftbfs under armel on libc++ and enable openmp on armel.
Thanks to Adrian Bunk for the patch
* Make libc++, libc++abi & openmp NOT co-installable
Rational: the benefits are limited compared to the drawback.
We should have issues like:
- built with libc++-8-dev
- run with libc++1-7
(Closes: #903802)
* Remove circular dependency by removing python-lldb-7: Depends: liblldb-7-dev
(Closes: #888889)
llvm-toolchain-7 (1:7-1) unstable; urgency=medium
.
* Stable release
* Also manages clang-X as tool for scan-build
see https://reviews.llvm.org/D52151
llvm-toolchain-7 (1:7~+rc3-5) unstable; urgency=medium
.
[ John Paul Adrian Glaubitz ]
* Add patch to fix missing include and library paths on x32
.
[ Sylvestre Ledru ]
* Only rename libomp when openmp is built
llvm-toolchain-7 (1:7~+rc3-4) unstable; urgency=medium
.
[ Sylvestre Ledru ]
* libc++-7-dev doesn't provide libstdc++-dev anymore (Closes: #908738)
.
[ Gianfranco Costamagna ]
* Force polly cmake removal on arch:all because of --fail-missing
.
[ Reshabh Sharma ]
* Make OpenMP packages coinstallable from version 7
* Make libc++ packages coinstallable from version 7
.
[ John Paul Adrian Glaubitz ]
* Add patch to fix missing MultiArch include dir
on powerpcspe (Closes: #908791)
* Disable LLDB on riscv64
llvm-toolchain-7 (1:7~+rc3-3) unstable; urgency=medium
.
[ John Paul Adrian Glaubitz ]
* Disable OpenMP on unsupported architecture x32
.
[ Sylvestre Ledru ]
* Build llvm using -DLLVM_USE_PERF=yes (Closes: #908707)
.
[ Gianfranco Costamagna ]
* Install polly only on arch:all packages
llvm-toolchain-7 (1:7~+rc3-2) unstable; urgency=medium
.
[ John Paul Adrian Glaubitz ]
* Fix inverted logic in ifeq statement for POLLY_ENABLE
and OPENMP_ENABLE (Closes: #908646)
.
[ Gianfranco Costamagna ]
* Drop gnustep and gnustep-devel suggestions (Closes: #902847)
* Enable polly on s390x
* Disable omp on armel mips and mipsel for now
llvm-toolchain-7 (1:7~+rc3-1) unstable; urgency=medium
.
[ John Paul Adrian Glaubitz ]
* Disable OpenMP on unsupported architectures powerpc,
powerpcspe, riscv64 and sparc64 (Closes: #907912)
.
[ Sylvestre Ledru ]
* New snapshot release
llvm-toolchain-7 (1:7~+rc2-1~exp3) experimental; urgency=medium
.
* Remove libtool flex, bison, dejagnu, tcl, expect,
and perl from the build deps (testing)
* Disable force-gcc-header-obj.diff as it is introducing
some regressions in the search headers
(Closes: #903709)
.
[ Gianfranco Costamagna ]
* Fix build on armhf, by removing some installed package
* Fix build on s390x, by disabling OpenMP
* Add liblldb-7-dev to python-lldb runtime dependencies, needed to import it
* Enable lld on arm64, mips64el
* Enable lldb on mips64el
.
[ Reshabh Sharma ]
* Add version for libc++ and OpenMP packages breaks/replaces
* Remove libc++-helpers package
- No real value
- Just two scripts
- Command line arguments aren't that complex
* Fix autopkgtest support
llvm-toolchain-7 (1:7~+rc2-1~exp2) experimental; urgency=medium
.
* Force sphinx to be >> 1.2.3
* also ignore libc++experimental.a on dh_strip (fails on stretch)
* Make libc++-7-dev & libc++abi-7-dev coinstallable
.
[ John Paul Adrian Glaubitz ]
* Don't build with ld.gold on powerpcspe
* Disable polly on powerpcspe
* Add upstream patch to make rustc build on powerpc
.
[ Gianfranco Costamagna ]
* Enable lld on ppc64el
llvm-toolchain-7 (1:7~+rc2-1~exp1) experimental; urgency=medium
.
* New snapshot release
* dh_strip should be verbose
* On Stretch (binutils 2.28), do not run strip on libFuzzer.a, libc++.a
& libc++abi.a because it segfaults
* Fixed "weak-library-dev-dependency libc++-7-dev on libc++-7-helpers"
* Fixed "libomp5-7: shlibs-declares-dependency-on-other-package
libomp5-7) (>= 1:7~svn298832-1~)"
* Also use the local cmake binary if available (for trusty)
and take in account the PRE_PROCESS_CONF option
.
[ Reshabh Sharma ]
* Fixed "Lintian warnings for libc++abi-7-dev package"
- Warning: libc++abi-7-dev: breaks-without-version libc++-dev
- Warning: libc++abi-7-dev: breaks-without-version libc++abi-dev
- Warning: llvm-toolchain-7 source: binaries-have-file-conflict
libc++abi-7-dev libc++abi1-7 usr/lib/llvm-7/lib/libc++abi.so
llvm-toolchain-7 (1:7~+rc1-1~exp2) experimental; urgency=medium
.
* Disable force-gcc-header-obj.diff as it is introducing
some regressions in the search headers
(Closes: #903709)
* libc++-7-dev should depend on libc++-7-helpers (and not
libc++-helpers)
* Fix the links in the helper package
.
[ Reshabh Sharma ]
* Fix the path to libc++ header
* libc++.so was in two packages
llvm-toolchain-7 (1:7~+rc1-1~exp1) experimental; urgency=medium
.
* First testing release of 7
- Rename packages
- Update the VCS-* URL
* Standards-Version to 4.2.0
.
[ Dimitri John Ledkov ]
* Enable lldb on ppc64el LP: #1777136
.
[ Reshabh Sharma ]
* Integrate libcxx and libcxxabi as part of the llvm-toolchain packages
Very similar to the previous packages
except that libc++abi-7-test & libc++-7-test are no longer shipped
Outcome of the LLVM GSoC 2018
(Closes: #813673)
mariadb-10.1 (10.1.41-0+deb9u1) stretch; urgency=medium
.
* SECURITY UPDATE: New upstream version 10.1.41. Includes fixes for the
following security vulnerabilities:
- CVE-2019-2737
- CVE-2019-2739
- CVE-2019-2740
- CVE-2019-2805
* Previous release 10.1.39
includes fixes for the following security vulnerabilities:
- CVE-2019-2627
- CVE-2019-2614
* Amend previous changelog entries to include newly released CVE numbers.
* Gitlab-CI: Sync latest version from Debian Sid but with Stretch adaptions
* Uses respolveip from correct path as per upstream fix (Closes: #928758)
mediawiki (1:1.27.7-1~deb9u1) stretch-security; urgency=medium
.
* New upstream version 1.27.6 and 1.27.7 (security release), fixing
CVE-2019-12466, CVE-2019-12467, CVE-2019-12468, CVE-2019-12469,
CVE-2019-12470, CVE-2019-12471, CVE-2019-12472, CVE-2019-12473,
CVE-2019-12474. The bundled jQuery was also updated, fixing
CVE-2019-11358.
mediawiki (1:1.27.6-1~deb9u1) stretch-security; urgency=medium
.
* New upstream version 1.27.6 (security release), fixing
CVE-2019-12466, CVE-2019-12467, CVE-2019-12468, CVE-2019-12469,
CVE-2019-12470, CVE-2019-12471, CVE-2019-12472, CVE-2019-12473,
CVE-2019-12474. The bundled jQuery was also updated, fixing
CVE-2019-11358.
minissdpd (1.2.20130907-4.1+deb9u1) stretch; urgency=medium
.
* CVE-2019-12106: Prevent a use-after-free vulnerability that would allow a
remote attacker to crash the process. (Closes: #929297)
miniupnpd (1.8.20140523-4.1+deb9u2) stretch; urgency=medium
.
* Applied upstream patches for CVE-2019-12107, CVE-2019-12108,
CVE-2019-12109, CVE-2019-12110. This version looks like not affected by
CVE-2019-12111. (Closes: #930050).
mitmproxy (0.18.2-6+deb9u2) stretch; urgency=medium
.
* Prevent insertion of unwanted upper-bound versioned dependencies
mitmproxy (0.18.2-6+deb9u1) stretch; urgency=medium
.
* Blacklist tests that require internet access (Closes: #934033)
* Add d/gbp.conf
monkeysphere (0.41-1+deb9u1) stretch; urgency=medium
.
* Prevent a FTBFS by updating the tests to accommodate an updated GnuPG in
stretch now producing a different output. (Closes: #934034)
nasm-mozilla (2.14-1~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Backport to stretch as nasm-mozilla, required by Firefox ESR 68.
* Lower debhelper compat to 10.
ncbi-tools6 (6.1.20170106+dfsg1-0+deb9u1) stretch; urgency=medium
.
* Belatedly repackage without data/UniVec.*, some portions of which
turned out to be non-free (with copyright held by Invitrogen
Corporation, which requires a license for commercial use thereof).
* debian/copyright:
- Cover previously overlooked third-party code (all DFSG-free).
- Update authors and dates for debian/*.
- Set Files-Excluded to reflect repackaging.
* debian/rules: Introduce NCBI_VERSION_SHLIB, with +dfsg1 stripped off.
* debian/watch: Reflect usage of +dfsg1.
* make/makeshlb.unx: NCBI_VERSION -> NCBI_VERSION_SHLIB.
* Temporarily revert ncbi-cn3d splitout to expedite the above fixes.
ncbi-tools6 (6.1.20170106-6) unstable; urgency=medium
.
* debian/rules: Find indirectly needed libraries via -rpath-link rather
than LD_LIBRARY_PATH; the -rpath-link approach is generally saner, and
in particular has a decent shot at fully fixing cross-building.
ncbi-tools6 (6.1.20170106-5) unstable; urgency=medium
.
[ Andreas Tille ]
* Improve cross building: Don't force the build architecture compiler
(Thanks for the patch to Helmut Grohne)
Closes: #908353
* cme fix dpkg-control
.
[ Aaron M. Ucko ]
* debian/control: libvibrant6b Recommends: sensible-utils (no longer
guaranteed present, per #871260).
* Standards-Version: 4.3.0 (already compliant).
ncbi-tools6 (6.1.20170106-4) unstable; urgency=medium
.
* debian/compat: Advance to Debhelper 11.
* debian/control:
- Mark *-data reshuffling with Breaks, not just Replaces. (Closes: #902364.)
- Build-Depends: Advance to debhelper (>= 11~).
* debian/copyright: Fix years (packaging through 2018, upstream through 2017).
ncbi-tools6 (6.1.20170106-3) unstable; urgency=medium
.
[ Liubov Chuprikova ]
* Added autopkgtest for ncbi-tools-bin.
Closes: #879619
.
[ Aaron M. Ucko ]
* debian/{*.gif,ncbi2.css}: Add local copies of NCBI resources used by HTML
docs.
* debian/control:
- Repoint Vcs-* at salsa.debian.org.
- Standards-Version: 4.1.4 (already compliant).
- Rules-Requires-Root: no (confirmed safe).
* debian/{libncbi6,ncbi-tools-x11}.docs: Install resources from debian/ as
needed.
* debian/source/format: Set to 3.0 (quilt) to accommodate binary test data.
* debian/source/include-binaries: List debian/tests/test-data/nc0305.aso.gz
and (individually) debian/*.gif.
* debian/source/options: single-debian-patch (tracking changes purely
with git for now).
* debian/source/patch-header: "Combined patches from git."
* demo/{findspl,taxblast_main}.c: Call SOCK_SetupSSL (accidentally missed
earlier).
* doc/{dispatcher,firewall}.html: Patch to use (newly supplied) local
resources, addressing a generic privacy breach caught by Lintian.
* make/make{demo,net}.unx: Link findspl and taxblast against $(LIBTLS)
and $(GNUTLS_LIBS).
neovim (0.1.7-4+deb9u1) stretch-security; urgency=high
.
* Backport upstream patches to address CVE-2019-12735 (Closes: #930024)
+ vim-patch-8.0.0649 and vim-patch-8.0.0650: autocmd open help 2 times
+ vim-patch:8.1.0066: nasty autocommand causes using freed memory
+ vim-patch:8.1.0067: syntax highlighting not working when re-entering a buffer
+ vim-patch:8.1.0177: defining function in sandbox is inconsistent
+ vim-patch:8.1.0189: function defined in sandbox not tested
+ vim-patch:8.1.0205: invalid memory access with invalid modeline
+ vim-patch:8.1.0506: modeline test fails when run by root
+ vim-patch:8.1.0538: evaluating a modeline might invoke using a shell command
+ vim-patch:8.1.0539: cannot build without the sandbox
+ vim-patch:8.1.0540: may evaluate insecure value when appending to option
+ vim-patch:8.1.0544: setting 'filetype' in a modeline causes an error
+ vim-patch:8.1.0546: modeline test with keymap fails
+ vim-patch:8.1.0547: modeline test with keymap still fails
+ vim-patch:8.1.0613: when executing an insecure function the secure flag is stuck
+ vim-patch:8.1.1046: the "secure" variable is used inconsistently
+ vim-patch:8.1.1365: :source should check sandbox
+ vim-patch:8.1.1366: using expressions in a modeline is unsafe
+ vim-patch:8.1.1367: can set 'modelineexpr' in modeline
+ vim-patch:8.1.1368: modeline test fails with python but without pythonhome
+ vim-patch:8.1.1382: error when editing test file
+ vim-patch:8.1.1401: misspelled mkspellmem as makespellmem
nginx (1.10.3-1+deb9u3) stretch-security; urgency=high
.
* Backport upstream fixes for 3 CVEs (Closes: #935037)
Those fixes affect Nginx HTTP/2 implementation, which might cause
excessive memory consumption and CPU usage.
(CVE-2019-9511, CVE-2019-9513, CVE-2019-9516).
node-growl (1.7.0-1+deb9u1) stretch; urgency=medium
.
* Team upload
* Sanitize input before passing it to exec. This embeds shell-escape little
module (Closes: #900868, CVE-2017-16042)
node-ws (1.1.0+ds1.e6ddaae4-3+deb9u1) stretch; urgency=medium
.
* Team upload
* Add patch to fix upload size to a sane value
(Closes: #927671, CVE-2016-10542)
open-vm-tools (2:10.1.5-5055683-4+deb9u2) stable; urgency=medium
.
* [34db05f] /tmp/VMwareDnD permissions security fix.
Fix possible security issue with the permissions of the intermediate
staging directory and path
/tmp/VMwareDnD is a staging directory used for DnD and CnP. It should be
a regular directory, but malicious code or user may create the /tmp/VMwareDnD
as a symbolic link which points elsewhere on the system. This may provide
user access to user B's files.
Do not set the permission of the root directory if the root directory
already exists and has the wrong permission. The permission of the directory
must be 1777 if it is created by the VMToolsi. If not, then the directory
has been created or modified by malicious code or user, so just cancel the
host to guest DnD or CnP operation. (Closes: #925959)
openjdk-8 (8u222-b10-1~deb9u1) stretch-security; urgency=medium
.
* Rebuild for stretch
openjdk-8 (8u222-b07-3) unstable; urgency=medium
.
* Upload to unstable.
openjdk-8 (8u222-b07-2) experimental; urgency=medium
.
* Remove AArch32 patches, applied upstream.
* Fix build dependencies for Ubuntu precise builds.
openjdk-8 (8u222-b07-1) experimental; urgency=medium
.
* Update to 8u222-b07.
openjdk-8 (8u222-b05-1) experimental; urgency=medium
.
[ Matthias Klose ]
* Update to 8u222-b05 (except for AArch32).
* Apply suggested hotspot fixes for AArch32.
* Re-enable running the testsuite.
.
[ Tiago Stürmer Daitx ]
* Find any hs_err_pid files generated during the build and send to stdout.
openjdk-8 (8u222-b04-3) experimental; urgency=medium
.
* Update ARM32 to jdk8u222-b04-aarch32-190603.
* Regenerate the ppc64el patch.
* Remove unused patches ppc64le-8036767 and zero-opt.
openjdk-8 (8u222-b04-1) experimental; urgency=medium
.
* Update to 8u222-b04.
* Update ARM32 to jdk8u212-b04-aarch32-190430.
* Fix 32bit zero builds.
openjdk-8 (8u212-b03-2) unstable; urgency=medium
.
* Don't apply the 8221355 fix for ARM builds.
* Don't configure --with-vendor-name on stable releases.
* Fix the jpeg runtime dependency for the build in unstable.
openjdk-8 (8u212-b03-2~deb9u1) stretch-security; urgency=medium
.
* Rebuild for stretch-security
openjdk-8 (8u212-b03-1) unstable; urgency=medium
.
[ Matthias Klose ]
* Configure --with-vendor-name.
* 8221355: Fix performance regression after JDK-8155635 backport into 8u.
.
[ Tiago Stürmer Daitx ]
* Update to 8u212-b03. LP: #1826001.
* Security fixes:
- S8211936, CVE-2019-2602: Better String parsing.
- S8218453, CVE-2019-2684: More dynamic RMI interactions.
- S8219066, CVE-2019-2698: Fuzzing TrueType fonts: setCurrGlyphID().
* Revert to GTK2 as default since GTK3 still has padding and component
issues:
- debian/rules: always Build-Depends on libgtk2.0-dev and Depends on
libgtk2.0-0 instead of relying on gtk3 for some releases.
* debian/control: add missing dependency on testng (required by the
testsuites).
.
[ Andrej Shadura ]
* debian/rules: check for nodoc instead of nodocs in DEB_BUILD_OPTIONS.
Closes: 922757.
.
[ Matthias Klose ]
* debian/rules, debian/tests/jtdiff-autopkgtest.sh,
debian/tests/jtreg-autopkgtest.in, debian/tests/jtreg-autopkgtest.sh:
only set the JDK under test and allow jtreg to use its default JDK
for running the tests.
.
[ Thorsten Glaser ]
* Improve compatibility with older releases. Closes: #925407.
- debian/rules: determine source date using backwards-compatible
dpkg-parsechangelog call.
- debian/control.in: put @bd_cross@ onto same line as @bd_nss@ as
it can be empty.
openjdk-8 (8u212-b01-1) unstable; urgency=medium
.
* Update to 8u212-b01.
* Enable SA on AArch64.
openldap (2.4.44+dfsg-5+deb9u3) stretch; urgency=medium
.
* Fix slapd to restrict rootDN proxyauthz to its own databases
(CVE-2019-13057) (ITS#9038) (Closes: #932997)
* Fix slapd to enforce sasl_ssf ACL statement on every connection
(CVE-2019-13565) (ITS#9052) (Closes: #932998)
* Fix slapo-rwm to not free original filter when rewritten filter is invalid
(ITS#8964) (Closes: #934277, LP: #1838370)
openssh (1:7.4p1-10+deb9u7) stretch; urgency=medium
.
* Fix deadlock when the keys/principals command produces a lot of
output and a key is matched early (upstream commit
ddd3d34e5c7979ca6f4a3a98a7d219a4ed3d98c2). (Closes: #905226)
openssl (1.1.0k-1~deb9u1) stretch-security; urgency=medium
.
* Import 1.1.0k
- CVE-2019-1543 (Prevent over long nonces in ChaCha20-Poly1305)
openssl1.0 (1.0.2s-1~deb9u1) stretch-security; urgency=medium
.
* New upstream version
passwordsafe (1.00+dfsg-1+deb9u1) stretch; urgency=medium
.
* Don't install localization files under an extra subdirectory.
Closes: 932626
patch (2.7.5-1+deb9u2) stretch-security; urgency=high
.
* Fix CVE-2019-13636: mishandled following of symlinks (closes: #932401).
* Fix CVE-2019-13638: shell command injection.
* Fix CVE-2018-1000156 regression, temporary file leak on failed ed-style
patches (closes: #933140).
pdns (4.0.3-1+deb9u5) stretch-security; urgency=medium
.
* Fix CVE-2019-10162 and CVE-2019-10163 both in MASTER operation.
Patches supplied by upstream and backported by Debian.
php-horde-form (2.0.15-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Prevent directory traversal vulnerability (CVE-2019-9858)
(Closes: #930321)
postgresql-9.6 (9.6.15-0+deb9u1) stretch-security; urgency=medium
.
* New upstream security release.
+ Fixes regression in ALTER TABLE on multiple columns. (Closes: #932247)
.
+ Require schema qualification to cast to a temporary type when using
functional cast syntax (Noah Misch)
.
We have long required invocations of temporary functions to explicitly
specify the temporary schema, that is pg_temp.func_name(args). Require
this as well for casting to temporary types using functional notation,
for example pg_temp.type_name(arg). Otherwise it's possible to capture a
function call using a temporary object, allowing privilege escalation in
much the same ways that we blocked in CVE-2007-2138. (CVE-2019-10208)
.
* On purge, ask the user if they want to remove clusters.
(Closes: #911940, #933368)
postgresql-9.6 (9.6.13-0+deb9u1) stretch-security; urgency=medium
.
* New upstream version.
+ Prevent row-level security policies from being bypassed via selectivity
estimators (Dean Rasheed)
.
Some of the planner's selectivity estimators apply user-defined
operators to values found in pg_statistic (e.g., most-common values).
A leaky operator therefore can disclose some of the entries in a data
column, even if the calling user lacks permission to read that column.
In CVE-2017-7484 we added restrictions to forestall that, but we failed
to consider the effects of row-level security. A user who has SQL
permission to read a column, but who is forbidden to see certain rows
due to RLS policy, might still learn something about those rows'
contents via a leaky operator. This patch further tightens the rules,
allowing leaky operators to be applied to statistics data only when
there is no relevant RLS policy. (CVE-2019-10130)
.
* Move maintainer address to tracker.
pound (2.7-1.3+deb9u1) stretch; urgency=medium
.
* Fix request smuggling via crafted headers, CVE-2016-10711
(Closes: #888786).
proftpd-dfsg (1.3.5b-4+deb9u1) stretch-security; urgency=high
.
* proftpd-1.3.5e-CVE-2019-12815.patch by Paul Howarth <paul@city-fan.org>
to solve CVE-2019-12815 (Closes: #932453).
python-clamav (0.4.1-8+deb9u1) stretch; urgency=medium
.
[ Scott Kitterman ]
* Add d/p/python-clamav-add-support-for-clamav-0.101.0.patch to that
python-clamav builds/works with clamav 101.1 and newer (Closes: #920959)
* Bump libclamav-dev build-depends to match
python-django (1:1.10.7-2+deb9u6) stretch-security; urgency=high
.
* Backport four security patches from upstream. (Closes: #934026)
<https://www.djangoproject.com/weblog/2019/aug/01/security-releases/>
.
- CVE-2019-14232: Denial-of-service possibility in
django.utils.text.Truncator
.
If django.utils.text.Truncator's chars() and words() methods were passed
the html=True argument, they were extremely slow to evaluate certain
inputs due to a catastrophic backtracking vulnerability in a regular
expression. The chars() and words() methods are used to implement the
truncatechars_html and truncatewords_html template filters, which were
thus vulnerable.
.
The regular expressions used by Truncator have been simplified in order
to avoid potential backtracking issues. As a consequence, trailing
punctuation may now at times be included in the truncated output.
.
- CVE-2019-14233: Denial-of-service possibility in strip_tags()
.
Due to the behavior of the underlying HTMLParser,
django.utils.html.strip_tags() would be extremely slow to evaluate
certain inputs containing large sequences of nested incomplete HTML
entities. The strip_tags() method is used to implement the corresponding
striptags template filter, which was thus also vulnerable.
.
strip_tags() now avoids recursive calls to HTMLParser when progress
removing tags, but necessarily incomplete HTML entities, stops being
made.
.
Remember that absolutely NO guarantee is provided about the results of
strip_tags() being HTML safe. So NEVER mark safe the result of a
strip_tags() call without escaping it first, for example with
django.utils.html.escape().
.
- CVE-2019-14234: SQL injection possibility in key and index lookups for
JSONField/HStoreField
.
Key and index lookups for django.contrib.postgres.fields.JSONField and
key lookups for django.contrib.postgres.fields.HStoreField were subject
to SQL injection, using a suitably crafted dictionary, with dictionary
expansion, as the **kwargs passed to QuerySet.filter().
.
- CVE-2019-14235: Potential memory exhaustion in
django.utils.encoding.uri_to_iri()
.
If passed certain inputs, django.utils.encoding.uri_to_iri could lead to
significant memory usage due to excessive recursion when
re-percent-encoding invalid UTF-8 octet sequences.
.
uri_to_iri() now avoids recursion when re-percent-encoding invalid UTF-8
octet sequences.
python-django (1:1.10.7-2+deb9u5) stretch-security; urgency=high
.
* CVE-2019-6975: Fix memory exhaustion in utils.numberformat.format.
(Closes: #922027)
* CVE-2019-12308: Prevent a XSS vulnerability in the Django admin via the
AdminURLFieldWidget. (Closes: #929927)
* CVE-2019-12781: Prevent incorrect HTTPS detection with reverse-proxies
connecting via HTTPS. (Closes: #931316)
qemu (1:2.8+dfsg-6+deb9u8) stretch-security; urgency=medium
.
[ Michal Arbet ]
* Fix improper backport of CVE-2017-9524 fix that caused NBD
connections to hang (Closes: #873012). Thanks to Geoffrey Thomas.
- nbd-fully-initialize-client-in-case-of-failed-negotiation-CVE-2017-9524.patch:
Don't move nbd_set_handlers before nbd_negotiate.
- nbd-fix-regression-on-resiliency-to-port-scan-CVE-2017-9524.patch:
Refresh.
.
[ Michael Tokarev ]
* slirp-fix-heap-overflow-in-ip_reass-on-big-packet-input-CVE-2019-14378.patch
bugfix in user-level networking
Closes: #933741, CVE-2019-14378
* qemu-bridge-helper-restrict-interface-name-to-IFNAMSIZ-CVE-2019-13164.patch
Closes: #931351, CVE-2019-13164
* integrate fix-md-clear-backport.patch into enable-md-clear.patch
Thanks Moritz Mühlenhoff and Vincent Tondellier
* device_tree-dont-use-load_image-CVE-2018-20815.patch
fix unlikely overflow via saved image file size
Closes: CVE-2018-20815
qemu (1:2.8+dfsg-6+deb9u7) stretch-security; urgency=medium
.
* Fix the md_clear backport, thanks to Vincent Tondellier (Closes: #929067)
qemu (1:2.8+dfsg-6+deb9u6) stretch-security; urgency=medium
.
[ Moritz Mühlenhoff <jmm@debian.org> ]
* slirp-correct-size-computation-concatenating-mbuf-CVE-2018-11806.patch
(Closes: #901017, CVE-2018-11806)
* qga-check-bytes-count-read-by-guest-file-read-CVE-2018-12617.patch
(Closes: #902725, CVE-2018-12617)
* usb-mtp-use-O_NOFOLLOW-and-O_CLOEXEC-CVE-2018-16872.patch
(Closes: #916397, CVE-2018-16872)
* rtl8139-fix-possible-out-of-bound-access-CVE-2018-17958.patch
(Closes: #911499, CVE-2018-17958)
* lsi53c895a-check-message-length-value-is-valid-CVE-2018-18849.patch
(Closes: #912535, CVE-2018-18849)
* ppc-pnv-check-size-before-data-buffer-access-CVE-2018-18954.patch
(Closes: #914604, CVE-2018-18954)
* 9p-write-lock-path-in-v9fs-co_open2.patch
9p-take-write-lock-on-fid-path-updates-CVE-2018-19364.patch
(Closes: #914599, CVE-2018-19364)
* 9p-fix-QEMU-crash-when-renaming-files-CVE-2018-19489.patch
(Closes: #914727, CVE-2018-19489)
* i2c-ddc-fix-oob-read-CVE-2019-3812.patch
(Closes: #922635, CVE-2019-3812)
* slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778.patch
(Closes: #921525, CVE-2019-6778)
* slirp-check-sscanf-result-when-emulating-ident-CVE-2019-9824.patch
(Closes: CVE-2019-9824)
.
[ Michael Tokarev ]
* enable-md-clear.patch
define new CPUID for MDS
(Closes: #929067)
(Closes: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091)
* qxl-check-release-info-object-CVE-2019-12155.patch
fixes null-pointer deref in qxl cleanup code
(Closes: #929353, CVE-2019-12155)
rdesktop (1.8.6-2~deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Rebuild for stretch-security
* Relax debhelper build dependency
* Relax Standards-Version to 3.9.8
.
rdesktop (1.8.6-2) unstable; urgency=medium
.
* Backport fixed version number and typo.
* Backport sec_decrypt() the correct amount of data (closes: #930511).
.
rdesktop (1.8.6-1) unstable; urgency=high
.
* New upstream release, including many security fixes.
rdesktop (1.8.6-1) unstable; urgency=high
.
* New upstream release, including many security fixes.
rdesktop (1.8.4-1) unstable; urgency=high
.
* New upstream release, including many security fixes:
- fix possible integer overflow in s_check_rem() on 32bit arch,
- CVE-2018-8791: fix minor information leak in rdpdr_process(),
- CVE-2018-8792: fix denial of service in cssp_read_tsrequest(),
- CVE-2018-8793: fix remote code execution in cssp_read_tsrequest(),
- CVE-2018-8794: fix memory corruption in process_bitmap_data(),
- CVE-2018-8795: fix remote code execution in process_bitmap_data(),
- CVE-2018-8796: fix denial of service in process_bitmap_data(),
- CVE-2018-8797: fix remote code execution in process_plane(),
- CVE-2018-8798: fix minor information leak in rdpsnd_process_ping(),
- CVE-2018-8799: fix denial of service in process_secondary_order(),
- CVE-2018-8800: fix remote code execution in ui_clip_handle_data(),
- CVE-2018-20174: fix major information leak in ui_clip_handle_data(),
- CVE-2018-20175: fix denial of service in mcs_recv_connect_response()
and in mcs_parse_domain_params(),
- CVE-2018-20176: fix denial of service in sec_parse_crypt_info() and
in sec_recv(),
- CVE-2018-20177: fix memory corruption in rdp_in_unistr(),
- CVE-2018-20178: fix denial of service in process_demand_active(),
- CVE-2018-20179: fix remote code execution in lspci_process(),
- CVE-2018-20180: fix remote code execution in rdpsnddbg_process(),
- CVE-2018-20181: fix remote code execution in seamless_process(),
- CVE-2018-20182: fix remote code execution in seamless_process_line().
* Update debhelper level to 11 .
* Update Standards-Version to 4.3.0 .
redis (3:3.2.6-3+deb9u3) stretch-security; urgency=high
.
* CVE-2019-10192: Fix two heap buffer overflows in the Hyperloglog
functionality. (Closes: #931625)
reportbug (7.1.7+deb9u3) stretch; urgency=medium
.
* Non-maintainer upload.
* Exclude *.pyc from source package.
* reportbug/utils.py
- update release names, following Buster releases, patch by Nicolas
Braud-Santoni; Closes: #932524, #931609
resiprocate (1:1.11.0~beta1-3+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* libresiprocate-1.11-dev: Add Breaks: libssl-dev (>= 1.1) to help apt
finding a valid installation set with --install-recommends enabled.
ruby-mini-magick (4.5.1-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Don't allow remote shell execution (CVE-2019-13574) (Closes: #931932)
samba (2:4.5.16+dfsg-1+deb9u2) stretch-security; urgency=high
.
* This is a security release in order to address the following defect:
- CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum
sdl-image1.2 (1.2.12-5+deb9u2) stretch; urgency=medium
.
* Non-maintainer upload.
* CVE-2018-3977, CVE-2019-5058: buffer overflow in do_layer_surface
(IMG_xcf.c) (Closes: #932755).
* CVE-2019-5052: integer overflow and subsequent buffer overflow in IMG_pcx.c.
* CVE-2019-7635: heap buffer overflow in Blit1to4 (IMG_bmp.c).
* CVE-2019-12216, CVE-2019-12217,
CVE-2019-12218, CVE-2019-12219,
CVE-2019-12220, CVE-2019-12221,
CVE-2019-12222, CVE-2019-5051: OOB R/W in IMG_LoadPCX_RW (IMG_pcx.c).
signing-party (2.5-1+deb9u1) stretch; urgency=medium
.
* Backport security fix for CVE-2019-11627: unsafe shell call enabling shell
injection via a User ID. Use Perl's (core) module Encode.pm instead of
shelling out to `iconv`. (Closes: #928256.)
slurm-llnl (16.05.9-1+deb9u4) stretch; urgency=medium
.
* Fix build regression on 32-bits architecture (Closes: #929600)
slurm-llnl (16.05.9-1+deb9u3) stretch; urgency=medium
.
* Fix CVE-2019-6438 by adding mitigation for a potential
heap-overflow on 32-bit systems (Closes: #920997)
sox (14.4.1-5+deb9u2) stretch; urgency=medium
.
* Sync up patches with 14.4.1-5+deb8u4 (sans some uncommented patches)
CVE-2019-8354 CVE-2019-8355 CVE-2019-8356 CVE-2019-8357 (Closes: #927906)
CVE-2019-1010004 CVE-2017-18189 (Closes: #881121)
CVE-2017-15642 (Closes: #882144)
CVE-2017-15372 (Closes: #878808)
CVE-2017-15371 (Closes: #878809)
CVE-2017-15370 (Closes: #878810)
CVE-2017-11359 CVE-2017-11358 CVE-2017-11332 (Closes: #870328)
subversion (1.9.5-1+deb9u4) stretch-security; urgency=high
.
* Backport security fixes from upstream:
+ CVE-2018-11782: Remotely triggerable DoS vulnerability in svnserve
'get-deleted-rev'.
+ CVE-2018-0203: Remote unauthenticated denial-of-service in Subversion
svnserve.
symfony (2.8.7+dfsg-1.3+deb9u2) stretch-security; urgency=medium
.
* Cherry-pick upstream commits to fix security issues
- [HttpFoundation] Remove support for legacy and risky HTTP headers
[CVE-2018-14773]
- [Form] Filter file uploads out of regular form types [CVE-2018-19789]
- [Security\Http] detect bad redirect targets using backslashes
[CVE-2018-19790]
- [FrameworkBundle][Form] Fix XSS issues in the form theme of the PHP
templating engine [CVE-2019-10909]
- [DI] Check service IDs are valid [CVE-2019-10910]
- [Security] Add a separator in the remember me cookie hash [CVE-2019-10911]
- [PHPUnit Bridge] Prevent destructors with side-effects from being
unserialized [CVE-2019-10912]
- [HttpFoundation] fixed using _method parameter with invalid type
- [HttpFoundation] reject invalid method override [CVE-2019-10913]
systemd (232-25+deb9u12) stretch; urgency=medium
.
* networkd: Do not stop ndisc client in case of conf error.
When an NDisc error happens, e.g. in case of a prefix change, do not shut
down the dhcp client. Instead log about it and continue.
Otherwise networkd might fail to renew the DHCPv4 address and lose IPv4
connectivity. (Closes: #930353)
t-digest (1:3.0-1+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* No-change rebuild to avoid reuse of pre-epoch version 3.0-1
(Closes: #929618)
tenshi (0.13-2.1~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
tenshi (0.13-2.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Upload to unstable.
* Drop DMUA.
.
tenshi (0.13-2+deb7u1) wheezy-security; urgency=high
.
* Non-maintainer upload by the Debian LTS team.
* Fix CVE-2017-11746: PID file issue allows local users to kill arbitrary
processes (Closes: #871321)
thunderbird (1:60.8.0-1~deb9u1) stretch-security; urgency=medium
.
[ Carsten Schoenert ]
* Rebuild for stretch-security
thunderbird (1:60.7.2-1) unstable; urgency=medium
.
* [d6c79ed] New upstream version 60.7.2
Fixed CVE issues in upstream version 60.7.2 (MFSA 2019-20
CVE-2019-11707: Type confusion in Array.pop
CVE-2019-11708: sandbox escape using Prompt:Open
thunderbird (1:60.7.2-1~deb9u1) stretch-security; urgency=medium
.
[ Carsten Schoenert ]
* Rebuild for stretch-security
thunderbird (1:60.7.1-1) unstable; urgency=high
.
* [f791dee] New upstream version 60.7.1
Fixed CVE issues in upstream version 60.7.1 (MFSA 2019-17)
CVE-2019-11703: Heap buffer overflow in icalparser.c
CVE-2019-11704: Heap buffer overflow in icalvalue.c
CVE-2019-11705: Stack buffer overflow in icalrecur.c
CVE-2019-11706: Type confusion in icalproperty.c
thunderbird (1:60.7.1-1~deb9u1) stretch-security; urgency=medium
.
[ Carsten Schoenert ]
* Rebuild for stretch-security
thunderbird (1:60.7.0-1) unstable; urgency=medium
.
* [f6dd130] New upstream version 60.7.0
Fixed CVE issues in upstream version 60.7.0 (MFSA 2019-15)
CVE-2019-9816: Type confusion with object groups and UnboxedObjects
CVE-2019-9817: Stealing of cross-domain images using canvas
CVE-2019-9819: Compartment mismatch with fetch API
CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell
CVE-2019-11691: Use-after-free in XMLHttpRequest
CVE-2019-11692: Use-after-free removing listeners in the event listener
manager
CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux
CVE-2019-7317: Use-after-free in png_image_free of libpng library
CVE-2019-9797: Cross-origin theft of images with createImageBitmap
CVE-2018-18511: Cross-origin theft of images with
ImageBitmapRenderingContext
CVE-2019-11698: Theft of user history data through drag and drop of
hyperlinks to and from bookmarks
CVE-2019-5798: Out-of-bounds read in Skia
CVE-2019-9800: Memory safety bugs fixed in Firefox 67, Firefox ESR 60.7,
and Thunderbird 60.7
* [4106d54] rebuild patch queue from patch-queue branch
added patch:
fixes/rust-ignore-not-available-documentation.patch
thunderbird (1:60.7.0-1~deb9u1) stretch-security; urgency=medium
.
[ Carsten Schoenert ]
* Rebuild for stretch-security
thunderbird (1:60.6.1-1) unstable; urgency=medium
.
[ intrigeri ]
* [2013645] d/rules: drop useless usage of dpkg-parsechangelog
.
[ Carsten Schoenert ]
* [daf1252] New upstream version 60.6.1
Fixed CVE issues in upstream version 60.6.0 (MFSA 2019-11)
CVE-2019-9790: Use-after-free when removing in-use DOM elements
CVE-2019-9791: Type inference is incorrect for constructors entered
through on-stack replacement with IonMonkey
CVE-2019-9792: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script
CVE-2019-9793: Improper bounds checks when Spectre mitigations are disabled
CVE-2019-9794: Command line arguments not discarded during execution
CVE-2019-9795: Type-confusion in IonMonkey JIT compiler
CVE-2019-9796: Use-after-free with SMIL animation controller
CVE-2018-18506: Proxy Auto-Configuration file can define localhost access
to be proxied
CVE-2019-9788: Memory safety bugs fixed in Firefox 66, Firefox ESR 60.6,
and Thunderbird 60.6
Fixed CVE issues in upstream version 60.6.1 (MFSA 2019-12)
CVE-2019-9810: IonMonkey MArraySlice has incorrect alias information
CVE-2019-9813: Ionmonkey type confusion with __proto__ mutations
* [f88a505] rebuild patch queue from patch-queue branch
added patch:
fixes/Bug-1526744-find-dupes.py-Calculate-md5-by-chunk.patch
tzdata (2019b-0+deb9u1) stretch; urgency=medium
.
* New upstream version, affecting the following past and future timestamps:
- Brazil has canceled DST and will stay on standard time indefinitely.
- Predictions for Morocco now go through 2087 instead of 2037.
- Palestine's 2019 spring transition was 03-29 at 00:00, not 03-30
at 01:00. Guess future transitions to be March's last Friday at 00:00.
- Many corrections to historical Hong Kong transitions from 1941 to 1947.
tzdata (2019a-1) unstable; urgency=medium
.
* New upstream version, affecting the following past and future
timestamps:
- Palestine will not start DST until 2019-03-30, instead of 2019-03-23
as previously predicted.
- Metlakatla ended its observance of Pacific standard time, rejoining
Alaska Time, on 2019-01-20 at 02:00.
unzip (6.0-21+deb9u2) stretch; urgency=medium
.
* Fix incorrect parsing of 64-bit values in fileio.c. Closes: #929502.
* Apply three patches by Mark Adler to fix CVE-2019-13232.
- Fix bug in undefer_input() that misplaced the input state.
- Detect and reject a zip bomb using overlapped entries.
Bug discovered by David Fifield. Closes: #931433.
- Do not raise a zip bomb alert for a misplaced central directory.
Reported by Peter Green. Closes: #932404.
usbutils (1:007-4+deb9u1) stretch; urgency=medium
.
* Update usb.ids. Closes: #927365.
vim (2:8.0.0197-4+deb9u3) stretch-security; urgency=medium
.
* Backport patch 8.1.0067 to fix loss of syntax highlighting (Closes: #930718)
+ 8.1.0067: syntax highlighting not working when re-entering a buffer
vim (2:8.0.0197-4+deb9u2) stretch-security; urgency=high
.
* Backport patches to address CVE-2019-12735 (Closes: #930020)
+ 8.0.0649: when opening a help file the filetype is set several times
+ 8.0.0651: build failure without the auto command feature
+ 8.1.0066: nasty autocommand causes using freed memory
+ 8.1.0177: defining function in sandbox is inconsistent
+ 8.1.0189: function defined in sandbox not tested
+ 8.1.0205: invalid memory access with invalid modeline
+ 8.1.0206: duplicate test function name
+ 8.1.0208: file left behind after running individual test
+ 8.1.0506: modelinen test fails when run by root
+ 8.1.0538: evaluating a modeline might invoke using a shell command
+ 8.1.0539: cannot build without the sandbox
+ 8.1.0540: may evaluate insecure value when appending to option
+ 8.1.0544: setting 'filetype' in a modeline causes an error
+ 8.1.0546: modeline test with keymap fails
+ 8.1.0547: modeline test with keymap still fails
+ 8.1.0613: when executing an insecure function the secure flag is stuck
+ 8.1.1046: the "secure" variable is used inconsistently
+ 8.1.1365: source command doesn't check for the sandbox
+ 8.1.1366: using expressions in a modeline is unsafe
+ 8.1.1367: can set 'modelineexpr' in modeline
+ 8.1.1368: modeline test fails with python but without pythonhome
+ 8.1.1382: error when editing test files
+ 8.1.1401: misspelled mkspellmem and makespellmem
* gbp.conf: Set debian-branch to debian/stretch
* gbp.conf: Set upstream-tag to v%(version)s
vlc (3.0.8-0+deb9u1) stretch-security; urgency=high
.
* New upstream release.
- Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)
- Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)
- Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437,
CVE-2019-14438)
- Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)
- Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778)
- Fix a use after free in the ASF demuxer (CVE-2019-14533)
- Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602)
(Closes: #932131)
- Fix a null dereference in the ASF demuxer (CVE-2019-14534)
- Fix a division by zero in the CAF demuxer (CVE-2019-14498)
- Fix a division by zero in the ASF demuxer (CVE-2019-14535)
- Fix a division by zero when playing DVDs. (Closes: #929491, #923017,
#932182)
* debian/patches:
- Revert modplug version bump. We use the libopenmpt compat layer anyway.
- Revert libebml version bump. libebml has been fixed separately.
vlc (3.0.7.1-3) unstable; urgency=medium
.
* debian/patches: Apply upstream patch to fix SIGFPE when playing DVDs.
(Closes: #929491, #923017, #932182)
vlc (3.0.7.1-2) unstable; urgency=medium
.
* debian/: Remove obsolete maintscripts.
* debian/control:
- Remove obsolete transitional package.
- Remove obsolete Breaks+Replaces.
- Bump Standards-Version.
* debian/patches: Apply upstream patches to
- unbreak rendering in subsvtt.
- fix integer underflows in mp4. (CVE-2019-13602) (Closes: #932131)
vlc (3.0.7.1-1) unstable; urgency=medium
.
* New upstream release.
vlc (3.0.7-1) unstable; urgency=high
.
* New upstream release.
- Fix multiple integer overflows.
- Fix multiple buffer overflows.
- Fix use-after-free issue.
- Fix NULL pointer dereference.
- Fix other memory access bugs and infinite loops.
* debian/rules: Be explicit about --enable-debug/disable-debug.
vlc (3.0.7-0+deb9u1) stretch-security; urgency=medium
.
* New upstream bug fix release. (Closes: #930276)
- Fix multiple integer overflows.
- Fix multiple buffer overflows.
- Fix use-after-free issue.
- Fix NULL pointer dereference.
- Fix other memory access bugs and infinite loops.
* debian/patches: Removed, included upstream.
vlc (3.0.6-1) unstable; urgency=medium
.
* New upstream release.
wpa (2:2.4-1+deb9u4) stretch-security; urgency=high
.
* SECURITY UPDATE (2019-5):
- CVE-2019-11555: EAP-pwd message reassembly issue with unexpected fragment
(Closes: #927463).
xymon (4.3.28-2+deb9u1) stretch; urgency=high
.
* Apply minimal upstream security patch to fix several (server-only)
vulnerabilities reported upstream by Graham Rymer:
+ CVE-2019-13451: service overflows histlogfn in history.c.
+ CVE-2019-13452: service overflows histlogfn in reportlog.c.
+ CVE-2019-13273: srdb overflows dbfn in csvinfo.c.
+ CVE-2019-13274: reflected XSS in csvinfo.c.
+ CVE-2019-13455: htmlquoted(hostname) overflows msgline in
acknowledge.c.
+ CVE-2019-13484: htmlquoted(xymondreq) overflows errtxt appfeed.c.
+ CVE-2019-13485: hostname overflows selfurl in history.c.
+ CVE-2019-13486: htmlquoted(xymondreq) overflows errtxt in
svcstatus.c.
+ Closes: #935470
* Include hostname validation regression fixes from 4.3.30, too.
yubico-piv-tool (1.4.2-2+deb9u2) stretch; urgency=high
.
* Remove cruft that was included in the source package by mistake.
yubico-piv-tool (1.4.2-2+deb9u1) stretch-proposed-updates; urgency=high
.
* Team upload.
* Backport the fix for CVE-2018-14779 & CVE-2018-14780
Closes: #906128
z3 (4.4.1-1~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
z3 (4.4.1-1~deb10u1) buster; urgency=medium
.
* Non-maintainer upload.
* Rebuild for buster.
.
z3 (4.4.1-1) unstable; urgency=medium
.
[ Gianfranco Costamagna ]
* Team Upload
* Upload to unstable
.
[ Andreas Beckmann ]
* Do not set the SONAME of libz3java.so to libz3.so.4. (Closes: #842892)
.
z3 (4.4.1-0.5~exp1) experimental; urgency=medium
.
* Package moved to salsa (Closes: #926939)
* Standards-Version updated to 4.2.1
* Fix priority-extra-is-replaced-by-priority-optional warning
* Moved under the llvm umbrella
z3 (4.4.1-0.5~exp1) experimental; urgency=medium
.
* Package moved to salsa (Closes: #926939)
* Standards-Version updated to 4.2.1
* Fix priority-extra-is-replaced-by-priority-optional warning
* Moved under the llvm umbrella
z3 (4.4.1-0.4) unstable; urgency=medium
.
* Non-maintainer upload.
* Remove the incorrect Multi-Arch: same of python-z3,
thanks to Helmut Grohne. (Closes: #874237)
zeromq3 (4.2.1-4+deb9u2) stretch-security; urgency=high
.
[ Luca Boccassi <bluca@debian.org> ]
* Fix CVE-2019-13132: application metadata not parsed correctly when using
CURVE.
zfs-auto-snapshot (1.2.1-1+deb9u1) stretch; urgency=medium
.
* Backported from 1.2.4:
- Make cronjobs exit silently after package removal. (Closes: #850776)
znc (1.6.5-1+deb9u2) stretch-security; urgency=high
.
* Add upstream patch 03-CVE-2019-12816 to fix a remote code execution by
elevating privileges as described in CVE-2019-12816.
* Add patch 04-CVE-2019-9917 to fix CVE-2019-9917: Denial of Service (crash)
via invalid encoding. Much thanks to Santiago Ruano Rincón for this patch!
Closes: #925285
zookeeper (3.4.9-3+deb9u2) stretch-security; urgency=high
.
* CVE-2019-0201: Prevent an information disclosure vulnerability where users
who were not authorised to read data were able to view the access control
list. (Closes: #929283)
======================================
Sat, 27 Apr 2019 - Debian 9.9 released
======================================
=========================================================================
=========================================================================
[Date: Sat, 27 Apr 2019 08:24:04 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
mozilla-gnome-keyring | 0.12-1 | source
xul-ext-gnome-keyring | 0.12-1 | all
Closed bugs: 922791
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 27 Apr 2019 08:24:24 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
gcontactsync | 2.0.5-1 | source
xul-ext-gcontactsync | 2.0.5-1 | all
Closed bugs: 922792
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 27 Apr 2019 08:24:44 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
google-tasks-sync | 0.5.3-1 | source
xul-ext-google-tasks-sync | 0.5.3-1 | all
Closed bugs: 922793
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 27 Apr 2019 08:25:23 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
timeline | 0.5-4 | source
xul-ext-timeline | 0.5-4 | all
Closed bugs: 925504
------------------- Reason -------------------
RoQA; incompatible with newer thunderbird versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 27 Apr 2019 08:25:43 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
tbdialout | 1.7.2-1+deb9u1 | source
xul-ext-tbdialout | 1.7.2-1+deb9u1 | all
Closed bugs: 926048
------------------- Reason -------------------
RoQA; incompatible with newer thunderbird versions
----------------------------------------------
=========================================================================
=========================================================================
=========================================================================
[Date: Sat, 27 Apr 2019 08:32:58 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
gcu-plugin | 0.14.15-1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by gnome-chemistry-utils)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 27 Apr 2019 08:33:24 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
icedtea-8-plugin | 1.6.2-3.1 | amd64, arm64, armel, armhf, i386, ppc64el, s390x
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by icedtea-web)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 27 Apr 2019 08:33:48 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
default-java-plugin | 2:1.8-58 | amd64, arm64, armel, armhf, i386, ppc64el, s390x
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by java-common)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 27 Apr 2019 08:35:29 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
btrfs-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
cdrom-core-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
crypto-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
event-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
ext4-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
fat-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
fb-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
fuse-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
input-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
ipv6-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
isofs-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
jffs2-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
jfs-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
kernel-image-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
leds-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
linux-headers-4.9.0-8-all-armel | 4.9.144-3.1 | armel
linux-headers-4.9.0-8-marvell | 4.9.144-3.1 | armel
linux-image-4.9.0-8-marvell | 4.9.144-3.1 | armel
linux-image-4.9.0-8-marvell-dbg | 4.9.144-3.1 | armel
loop-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
md-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
minix-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
mmc-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
mouse-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
mtd-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
multipath-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
nbd-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
nic-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
nic-shared-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
nic-usb-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
ppp-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
sata-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
scsi-core-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
squashfs-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
udf-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
usb-serial-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
usb-storage-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
zlib-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 27 Apr 2019 08:36:49 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
ata-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
btrfs-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
crc-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
crypto-dm-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
crypto-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
efi-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
event-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
ext4-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
fat-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
fb-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
fuse-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
i2c-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
input-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
isofs-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
jfs-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
kernel-image-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
leds-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
linux-headers-4.9.0-8-all-armhf | 4.9.144-3.1 | armhf
linux-headers-4.9.0-8-armmp | 4.9.144-3.1 | armhf
linux-headers-4.9.0-8-armmp-lpae | 4.9.144-3.1 | armhf
linux-image-4.9.0-8-armmp | 4.9.144-3.1 | armhf
linux-image-4.9.0-8-armmp-dbg | 4.9.144-3.1 | armhf
linux-image-4.9.0-8-armmp-lpae | 4.9.144-3.1 | armhf
linux-image-4.9.0-8-armmp-lpae-dbg | 4.9.144-3.1 | armhf
loop-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
md-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
mmc-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
mtd-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
multipath-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
nbd-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
nic-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
nic-shared-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
nic-usb-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
nic-wireless-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
pata-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
ppp-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
sata-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
scsi-core-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
scsi-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
squashfs-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
udf-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
uinput-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
usb-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
usb-storage-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
virtio-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
zlib-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 27 Apr 2019 08:37:31 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
acpi-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
acpi-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
ata-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
ata-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
btrfs-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
btrfs-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
cdrom-core-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
cdrom-core-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
crc-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
crc-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
crypto-dm-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
crypto-dm-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
crypto-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
crypto-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
efi-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
efi-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
event-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
event-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
ext4-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
ext4-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
fat-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
fat-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
fb-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
fb-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
firewire-core-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
firewire-core-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
fuse-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
fuse-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
hyperv-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
hyperv-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
i2c-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
i2c-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
input-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
input-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
isofs-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
isofs-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
jfs-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
jfs-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
kernel-image-4.9.0-8-686-di | 4.9.144-3.1 | i386
kernel-image-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
linux-headers-4.9.0-8-686 | 4.9.144-3.1 | i386
linux-headers-4.9.0-8-686-pae | 4.9.144-3.1 | i386
linux-headers-4.9.0-8-all-i386 | 4.9.144-3.1 | i386
linux-headers-4.9.0-8-rt-686-pae | 4.9.144-3.1 | i386
linux-image-4.9.0-8-686 | 4.9.144-3.1 | i386
linux-image-4.9.0-8-686-dbg | 4.9.144-3.1 | i386
linux-image-4.9.0-8-686-pae | 4.9.144-3.1 | i386
linux-image-4.9.0-8-686-pae-dbg | 4.9.144-3.1 | i386
linux-image-4.9.0-8-rt-686-pae | 4.9.144-3.1 | i386
linux-image-4.9.0-8-rt-686-pae-dbg | 4.9.144-3.1 | i386
loop-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
loop-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
md-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
md-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
mmc-core-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
mmc-core-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
mmc-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
mmc-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
mouse-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
mouse-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
multipath-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
multipath-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
nbd-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
nbd-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
nic-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
nic-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
nic-pcmcia-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
nic-pcmcia-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
nic-shared-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
nic-shared-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
nic-usb-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
nic-usb-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
nic-wireless-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
nic-wireless-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
ntfs-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
ntfs-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
pata-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
pata-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
pcmcia-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
pcmcia-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
pcmcia-storage-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
pcmcia-storage-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
ppp-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
ppp-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
sata-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
sata-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
scsi-core-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
scsi-core-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
scsi-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
scsi-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
serial-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
serial-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
sound-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
sound-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
speakup-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
speakup-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
squashfs-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
squashfs-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
udf-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
udf-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
uinput-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
uinput-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
usb-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
usb-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
usb-serial-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
usb-serial-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
usb-storage-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
usb-storage-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
virtio-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
virtio-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
xfs-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386
xfs-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 27 Apr 2019 08:37:50 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
linux-headers-4.9.0-8-all-mips | 4.9.144-3.1 | mips
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 27 Apr 2019 08:38:37 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
affs-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
btrfs-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
cdrom-core-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
crc-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
crypto-dm-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
crypto-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
event-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
ext4-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
fat-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
fuse-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
hfs-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
input-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
isofs-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
jfs-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
kernel-image-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
linux-headers-4.9.0-8-5kc-malta | 4.9.144-3.1 | mips, mips64el, mipsel
linux-headers-4.9.0-8-octeon | 4.9.144-3.1 | mips, mips64el, mipsel
linux-image-4.9.0-8-5kc-malta | 4.9.144-3.1 | mips, mips64el, mipsel
linux-image-4.9.0-8-5kc-malta-dbg | 4.9.144-3.1 | mips, mips64el, mipsel
linux-image-4.9.0-8-octeon | 4.9.144-3.1 | mips, mips64el, mipsel
linux-image-4.9.0-8-octeon-dbg | 4.9.144-3.1 | mips, mips64el, mipsel
loop-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
md-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
minix-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
multipath-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
nbd-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
nic-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
nic-shared-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
nic-usb-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
nic-wireless-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
ntfs-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
pata-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
ppp-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
rtc-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
sata-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
scsi-core-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
scsi-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
sound-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
squashfs-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
udf-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
usb-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
usb-serial-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
usb-storage-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
virtio-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
xfs-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
zlib-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 27 Apr 2019 08:39:01 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
acpi-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
ata-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
btrfs-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
cdrom-core-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
crc-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
crypto-dm-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
crypto-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
efi-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
event-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
ext4-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
fat-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
fb-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
firewire-core-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
fuse-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
hyperv-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
i2c-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
input-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
isofs-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
jfs-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
kernel-image-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
linux-headers-4.9.0-8-all-amd64 | 4.9.144-3.1 | amd64
linux-headers-4.9.0-8-amd64 | 4.9.144-3.1 | amd64
linux-headers-4.9.0-8-rt-amd64 | 4.9.144-3.1 | amd64
linux-image-4.9.0-8-amd64 | 4.9.144-3.1 | amd64
linux-image-4.9.0-8-amd64-dbg | 4.9.144-3.1 | amd64
linux-image-4.9.0-8-rt-amd64 | 4.9.144-3.1 | amd64
linux-image-4.9.0-8-rt-amd64-dbg | 4.9.144-3.1 | amd64
loop-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
md-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
mmc-core-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
mmc-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
mouse-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
multipath-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
nbd-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
nic-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
nic-pcmcia-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
nic-shared-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
nic-usb-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
nic-wireless-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
ntfs-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
pata-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
pcmcia-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
pcmcia-storage-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
ppp-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
sata-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
scsi-core-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
scsi-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
serial-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
sound-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
speakup-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
squashfs-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
udf-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
uinput-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
usb-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
usb-serial-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
usb-storage-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
virtio-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
xfs-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 27 Apr 2019 08:39:17 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
btrfs-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x
crc-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x
crypto-dm-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x
crypto-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x
dasd-extra-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x
dasd-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x
ext4-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x
fat-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x
fuse-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x
isofs-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x
kernel-image-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x
linux-headers-4.9.0-8-all-s390x | 4.9.144-3.1 | s390x
linux-headers-4.9.0-8-s390x | 4.9.144-3.1 | s390x
linux-image-4.9.0-8-s390x | 4.9.144-3.1 | s390x
linux-image-4.9.0-8-s390x-dbg | 4.9.144-3.1 | s390x
loop-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x
md-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x
multipath-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x
nbd-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x
nic-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x
scsi-core-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x
scsi-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x
udf-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x
virtio-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x
xfs-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x
zlib-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 27 Apr 2019 08:39:52 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
linux-headers-4.9.0-8-all | 4.9.144-3.1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 27 Apr 2019 08:40:18 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
ata-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
btrfs-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
cdrom-core-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
crc-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
crypto-dm-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
crypto-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
efi-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
event-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
ext4-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
fat-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
fb-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
fuse-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
i2c-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
input-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
isofs-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
jfs-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
kernel-image-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
leds-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
linux-headers-4.9.0-8-all-arm64 | 4.9.144-3.1 | arm64
linux-headers-4.9.0-8-arm64 | 4.9.144-3.1 | arm64
linux-image-4.9.0-8-arm64 | 4.9.144-3.1 | arm64
linux-image-4.9.0-8-arm64-dbg | 4.9.144-3.1 | arm64
loop-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
md-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
mmc-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
multipath-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
nbd-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
nic-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
nic-shared-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
nic-usb-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
nic-wireless-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
ppp-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
sata-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
scsi-core-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
scsi-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
squashfs-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
udf-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
uinput-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
usb-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
usb-storage-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
virtio-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
xfs-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 27 Apr 2019 08:41:38 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
crc-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
crypto-dm-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 27 Apr 2019 08:42:04 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
affs-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
ata-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
btrfs-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
cdrom-core-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
crc-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
crypto-dm-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
crypto-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
event-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
ext4-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
fat-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
fuse-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
hfs-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
i2c-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
input-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
isofs-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
jfs-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
kernel-image-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
linux-headers-4.9.0-8-4kc-malta | 4.9.144-3.1 | mips, mipsel
linux-image-4.9.0-8-4kc-malta | 4.9.144-3.1 | mips, mipsel
linux-image-4.9.0-8-4kc-malta-dbg | 4.9.144-3.1 | mips, mipsel
loop-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
md-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
minix-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
mmc-core-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
mmc-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
mouse-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
multipath-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
nbd-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
nic-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
nic-shared-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
nic-usb-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
nic-wireless-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
ntfs-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
pata-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
ppp-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
sata-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
scsi-core-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
scsi-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
sound-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
squashfs-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
udf-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
usb-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
usb-serial-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
usb-storage-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
virtio-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
xfs-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
zlib-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 27 Apr 2019 08:42:36 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
affs-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
ata-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
btrfs-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
cdrom-core-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
crc-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
crypto-dm-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
crypto-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
event-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
ext4-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
fat-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
fuse-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
hfs-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
i2c-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
input-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
isofs-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
jfs-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
kernel-image-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
linux-headers-4.9.0-8-all-mips64el | 4.9.144-3.1 | mips64el
loop-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
md-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
minix-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
mmc-core-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
mmc-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
mouse-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
multipath-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
nbd-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
nic-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
nic-shared-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
nic-usb-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
nic-wireless-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
ntfs-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
pata-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
ppp-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
sata-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
scsi-core-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
scsi-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
sound-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
squashfs-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
udf-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
usb-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
usb-serial-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
usb-storage-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
virtio-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
xfs-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
zlib-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 27 Apr 2019 08:43:12 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
affs-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
ata-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
btrfs-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
cdrom-core-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
crc-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
crypto-dm-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
crypto-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
event-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
ext4-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
fat-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
fb-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
firewire-core-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
fuse-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
hfs-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
input-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
isofs-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
jfs-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
kernel-image-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
linux-headers-4.9.0-8-loongson-3 | 4.9.144-3.1 | mips64el, mipsel
linux-image-4.9.0-8-loongson-3 | 4.9.144-3.1 | mips64el, mipsel
linux-image-4.9.0-8-loongson-3-dbg | 4.9.144-3.1 | mips64el, mipsel
loop-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
md-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
nbd-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
nfs-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
nic-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
nic-shared-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
nic-usb-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
nic-wireless-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
ntfs-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
pata-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
ppp-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
sata-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
scsi-core-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
scsi-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
sound-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
speakup-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
squashfs-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
udf-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
usb-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
usb-serial-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
usb-storage-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
virtio-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
xfs-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
zlib-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 27 Apr 2019 08:43:33 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
linux-headers-4.9.0-8-all-mipsel | 4.9.144-3.1 | mipsel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 27 Apr 2019 08:43:58 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
ata-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
btrfs-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
cdrom-core-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
crc-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
crypto-dm-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
crypto-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
event-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
ext4-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
fancontrol-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
fat-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
firewire-core-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
fuse-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
hypervisor-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
input-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
isofs-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
jfs-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
kernel-image-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
linux-headers-4.9.0-8-all-ppc64el | 4.9.144-3.1 | ppc64el
linux-headers-4.9.0-8-powerpc64le | 4.9.144-3.1 | ppc64el
linux-image-4.9.0-8-powerpc64le | 4.9.144-3.1 | ppc64el
linux-image-4.9.0-8-powerpc64le-dbg | 4.9.144-3.1 | ppc64el
loop-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
md-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
mouse-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
multipath-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
nbd-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
nic-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
nic-shared-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
ppp-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
sata-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
scsi-core-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
scsi-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
serial-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
squashfs-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
udf-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
uinput-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
usb-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
usb-serial-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
usb-storage-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
virtio-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
xfs-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 27 Apr 2019 08:44:40 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
uinput-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
usb-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 27 Apr 2019 08:44:51 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
minix-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
multipath-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 27 Apr 2019 08:47:33 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
linux-headers-4.9.0-8-common | 4.9.144-3.1 | all
linux-headers-4.9.0-8-common-rt | 4.9.144-3.1 | all
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 27 Apr 2019 08:49:07 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
icedtea-plugin | 1.6.2-3.1 | all
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by icedtea-web)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 27 Apr 2019 08:49:49 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
linux-support-4.9.0-8 | 4.9.144-3.1 | all
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 27 Apr 2019 08:56:57 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
linux-doc-4.9 | 4.9.144-3.1 | all
linux-manual-4.9 | 4.9.144-3.1 | all
linux-source-4.9 | 4.9.144-3.1 | all
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 27 Apr 2019 08:58:11 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
java-common | 0.58 | all
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by java-common)
----------------------------------------------
=========================================================================
ansible (2.2.1.0-2+deb9u1) stretch-security; urgency=high
.
* Add patch to fix CVE 2018-10855.
* Add patch to fix CVE 2018-16837.
* Add patch to fix CVE 2018-10875.
* Add patch to fix CVE 2018-16876.
* Add patch to fix CVE 2019-3828.
apache2 (2.4.25-3+deb9u7) stretch-security; urgency=medium
.
[ Xavier Guimard ]
* CVE-2018-17199: mode_session: Fix missing check for session expiry time.
Closes: #920303
.
[ Stefan Fritsch ]
* mod_http2: Fix keepalive timeout behavior. This fixes a regression with
Safari web browsers, introduced in 2.4.25-3+deb9u6. Closes: #915103
* Fix typo in apache2_switch_mpm() in apache2-maintscript-helper.
Closes: #904150
* CVE-2018-17189: mod_http2: Fix DoS via slow, unneeded request bodies.
Closes: #920302
* CVE-2019-0196: mod_http2: Fix read after free
* CVE-2019-0211: All MPMs: privilege escalation from www-data user to root.
* CVE-2019-0217: mod_auth_digest: Access control bypass
* CVE-2019-0220: URL normalization inconsistincy.
Consecutive slashes in URL's are now merged before use in LocationMatch
and RewriteRule. The old behavior can be restored with the new directive
"MergeSlashes off".
audiofile (0.3.6-4+deb9u1) stretch; urgency=medium
.
* CVE-2018-13440 (Closes: #903499)
* CVE-2018-17095 (Closes: #913166)
base-files (9.9+deb9u9) stretch; urgency=medium
.
* Change /etc/debian_version to 9.9, for Debian 9.9 point release.
bwa (0.7.15-2+deb9u1) stretch; urgency=medium
.
* Team upload
* Add patch from upstream to fix CVE-2019-10269.
(Closes: #926014)
ca-certificates-java (20170929~deb9u3) stretch; urgency=medium
.
* Team upload.
* Fix printf syntax problem introduced in 20170929~deb9u2
ca-certificates-java (20170929~deb9u2) stretch; urgency=medium
.
* Team upload.
* Address bashisms in postinst and jks-keystore (Closes: #922720)
cernlib (20061220+dfsg3-4.3+deb9u2) stretch; urgency=medium
.
* Update patch 304-update-Imake-config-files.dpatch to force -no-pie
when linking Fortran executables (workaround for #863152 being in the
way of the previous fix)
cernlib (20061220+dfsg3-4.3+deb9u1) stretch; urgency=medium
.
* Backport for stretch of the fix for #922453 bringed by 20061220+dfsg3-4.4
* 126-fix-patchy-compile-flags.dpatch 304-update-Imake-config-files.dpatch:
fix these patches to apply optimization flag -O to fortran modules
instead of -O2 which generates broken code (closes: #922453; thanks to
Jacek M. Holeczek <jacek.m.holeczek@gmail.com>)
choose-mirror (2.79+deb9u1) stretch; urgency=medium
.
[ Cyril Brulebois ]
* Update MIRRORLISTURL to point to salsa.
.
[ Julien Cristau ]
* Update Mirrors.masterlist.
chrony (3.0-4+deb9u2) stretch; urgency=medium
.
* debian/patches/*:
- Add allow-_llseek-in-seccomp-filter.patch. Needed on various 32-bit
plateforms to log the {raw}measurements and statistics information when
the seccomp filter is enabled. Thanks a lot to Francesco Poli (wintermute)
<invernomuto@paranoici.org> for the report. (Closes: #923137)
- Add allow-waitpid-in-seccomp-filter.patch. Needed to correctly stop
chronyd on some plateforms when the seccomp filter is enabled.
ckermit (302-5.3+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Drop check openssl compile time version vs runtime version
(Closes: #917485).
clamav (0.100.3+dfsg-0+deb9u1) stretch; urgency=medium
.
* New upstream security release
- Fixes for the following vulnerabilities:
- [CVE-2019-1787]:
An out-of-bounds heap read condition may occur when scanning PDF
documents. The defect is a failure to correctly keep track of the number
of bytes remaining in a buffer when indexing file data.
- [CVE-2019-1789]:
An out-of-bounds heap read condition may occur when scanning PE files
(i.e. Windows EXE and DLL files) that have been packed using Aspack as a
result of inadequate bound-checking.
- [CVE-2019-1788]:
An out-of-bounds heap write condition may occur when scanning OLE2 files
such as Microsoft Office 97-2003 documents. The invalid write happens when
an invalid pointer is mistakenly used to initialize a 32bit integer to
zero. This is likely to crash the application.
* Update debian/copyright
* Update private symbols for new upstream release
clamav (0.100.2+dfsg-2) unstable; urgency=medium
.
* Increase clamd socket command read timeout to 30 seconds (Closes: #915098)
clamav (0.100.2+dfsg-1) unstable; urgency=medium
.
* Import new upstream
- Bump symbol version due to new version.
- CVE-2018-15378 (Closes: #910430).
* add NEWS.md and README.md from upstream
* Fix infinite loop in dpkg-reconfigure, Patch by Santiago Ruano Rincón
(Closes: #905044).
coturn (4.5.0.5-1+deb9u1) stretch-security; urgency=high
.
* HotFix: for 3 vulnerabilities
.
For more details see:
- CVE-2018-4056
coTURN Administrator Web Portal SQL injection vulnerability
.
Fix: Disable (hardcocded) web admin interface until 4.5.1.0,
where it will be fixed more correctly.
.
- CVE-2018-4058
coTURN TURN server unsafe loopback forwarding default configuration
vulnerability
.
Fix: Disable loopback-peer functionality by default.
.
- CVE-2018-4059
coTURN server unsafe telnet admin portal default configuration
vulnerability
.
Fix: Disable telnet cli if the cli-password is empty.
dansguardian (2.10.1.1-5.1+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Add 'missingok' to logrotate config. (Closes: #916566)
debian-installer (20170615+deb9u6) stretch; urgency=medium
.
* Bump Linux kernel version from 4.9.0-8 to 4.9.0-9.
debian-installer-netboot-images (20170615+deb9u6) stretch; urgency=medium
.
* Update to 20170615+deb9u6 images, from stretch-proposed-update
debian-security-support (2019.02.02~deb9u1) stretch; urgency=medium
.
* Team upload.
* Rebuild for stretch.
* Re-add debian/compat and depend on debhelper instead of debhelper-compat.
debian-security-support (2019.02.01) unstable; urgency=medium
.
* Team upload.
* mark enigmail as unsupported in jessie
diffoscope (78+deb9u1) stretch; urgency=medium
.
* tests:
+ Fix ps tests to pass with the new ghostscript 9.26. Closes: #925051
dns-root-data (2019031302~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
* d/control: move Vcs-* to salsa.debian.org
* d/control: use dns-root-data@packages.debian.org as Maintainer
* sort generated .ds files by key tag
* Update root.hints to 2018013001
* Update order of root.key to follow output of unbound-anchor
* use DEP-14 branches
* update root data to 2019031302
* parse-root-anchors.sh: account for validity windows
* check: deliberately skip the TTL generated by ldns-key2ds
* add myself to uploaders
dns-root-data (2018091102) unstable; urgency=medium
.
* new upstream version of root.hints, 2018091102
* use DEP-14 branches
* Standards-Version: 4.2.1 (no changes needed)
* add Rules-Requires-Root: no
* add baseline autopkgtest
dns-root-data (2018013001) unstable; urgency=medium
.
* new upstream version of root.hints, 2018013001
* use wrap-and-sort -ast
* added myself to uploaders
* d/control: use dns-root-data@packages.debian.org as Maintainer
* Standards-Version: bump to 4.1.3 (no changes needed)
* d/control: move Vcs-* to salsa.debian.org
* move to debhelper 11
* d/rules: clean up get_orig_source
* sort generated .ds files by key tag
* d/rules: trim trailing whitespace
* d/copyright: Format: use https
* d/copyright: add my own copyright to debian/*
* d/copyright: name upstream data grant "ICANN-Public"
* d/copyright: Source: use https:
* update README.source to cover the different origins of the data
* Update order of root.key to follow output of unbound-anchor
dns-root-data (2017072601) unstable; urgency=medium
.
* Update root.hints to 2017072601 version
dnsruby (1.54-2+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* add new root key (KSK-2017).
upstream commit 55edc31a2150e4617edb6664d440e6141f535e6a
(Closes: #908887)
* ruby 2.3.0 deprecates TimeoutError, use Timeout::Error
(Closes: #910754)
dovecot (1:2.2.27-3+deb9u4) stretch-security; urgency=high
.
* [d402493] Fix two buffer overflows when reading oversized FTS headers
and/or oversized POP3-UIDL headers (CVE-2019-7524).
dovecot (1:2.2.27-3+deb9u3) stretch-security; urgency=high
.
* [1fb4e06] Fix CVE-2019-3814: TLS client auth username handling
dpdk (16.11.9-1+deb9u1) stretch; urgency=medium
.
* Merge stable update to 16.11.9; For a list of changes see
https://mails.dpdk.org/archives/announce/2019-March/000252.html
drupal7 (7.52-2+deb9u8) stretch-security; urgency=high
.
* SA-CORE-2019-006: Fix XSS vulnerability (Closes: #927330)
drupal7 (7.52-2+deb9u7) stretch-security; urgency=high
.
* SA-CORE-2019-004: Fix XSS vulnerability
edk2 (0~20161202.7bbe0b3e-1+deb9u1) stretch; urgency=medium
.
* Security fixes (Closes: #924615):
- Fix buffer overflow in BlockIo service (CVE-2018-12180)
- DNS: Check received packet size before using (CVE-2018-12178)
- Fix stack overflow with corrupted BMP (CVE-2018-12181)
firefox-esr (60.6.1esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2019-10, also known as:
CVE-2019-9810, CVE-2019-9813.
firefox-esr (60.6.0esr-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2019-08, also known as:
CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9793,
CVE-2019-9795, CVE-2019-9796, CVE-2018-18506, CVE-2019-9788.
.
* debian/rules: Disable debug symbols on mips/mipsel on buster.
The rust compiler can't deal with them in the available address space.
* debian/browser.mozconfig.in: Adjust to the upstream change wrt Google
API key configure options.
firefox-esr (60.6.0esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2019-08, also known as:
CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9793,
CVE-2019-9795, CVE-2019-9796, CVE-2018-18506, CVE-2019-9788.
.
* debian/rules: Disable debug symbols on mips/mipsel on buster.
The rust compiler can't deal with them in the available address space.
* debian/browser.mozconfig.in: Adjust to the upstream change wrt Google
API key configure options.
firefox-esr (60.5.1esr-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2019-05, also known as:
CVE-2018-18356, CVE-2019-5785.
.
* debian/rules, debian/upstream.mk: Manually set the update channel.
Closes: #921381, #921121, #921654.
* debian/rules: Disable ion JIT on mips and mipsel. This should fix the
FTBFS.
firefox-esr (60.5.1esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2019-05, also known as:
CVE-2018-18356, CVE-2019-5785.
.
* debian/rules, debian/upstream.mk: Manually set the update channel.
Closes: #921381, #921121, #921654.
* debian/rules: Disable ion JIT on mips and mipsel. This should fix the
FTBFS.
firefox-esr (60.5.0esr-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2019-02, also known as:
CVE-2018-18500, CVE-2018-18505, CVE-2018-18501.
firmware-nonfree (20161130-5) stretch; urgency=medium
.
[ Emilio Pozuelo Monfort ]
* CVE-2018-5383:
- atheros: Update BT firmware files for QCA ROME chip.
- iwlwifi: Update Intel BT firmware to 20.60.0.2.
flatpak (0.8.9-0+deb9u3) stretch; urgency=medium
.
* d/p/run-Only-compare-the-lowest-32-ioctl-arg-bits-for-TIOCSTI.patch:
Reject all ioctls that the kernel will interpret as TIOCSTI,
including those where the high 32 bits in a 64-bit word are nonzero.
(Closes: #925541, CVE-2019-10063)
flatpak (0.8.9-0+deb9u2) stretch-security; urgency=medium
.
* d/p/Don-t-expose-proc-when-running-apply_extra.patch:
Backport patch from upstream v1.2.3: do not let the apply_extra
script for a system installation modify the host-side executable
via /proc/self/exe, similar to CVE-2019-5736 in runc
(Closes: #922059)
ghostscript (9.26a~dfsg-0+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Have gs_cet.ps run from gs_init.ps
* Undef /odef in gs_init.ps
* Restrict superexec and remove it from internals and gs_cet.ps
(CVE-2019-3835) (Closes: #925256)
* Obliterate "superexec". We don't need it, nor do any known apps
(CVE-2019-3835) (Closes: #925256)
* Make a transient proc executeonly (in DefineResource) (CVE-2019-3838)
(Closes: #925257)
* an extra transient proc needs executeonly'ed (CVE-2019-3838)
(Closes: #925257)
gnome-chemistry-utils (0.14.15-1+deb9u1) stretch; urgency=medium
.
[ Andreas Beckmann ]
* Non-maintainer upload.
.
[ Adrian Bunk ]
* Drop the obsolete gcu-plugin. (Closes: #906855, #890980)
gocode (20150303-3+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* gocode-auto-complete-el: Promote auto-complete-el to Pre-Depends.
(Closes: #911590)
gpac (0.5.2-426-gc5ad4e4+dfsg5-3+deb9u1) stretch; urgency=medium
.
* CVE-2018-7752 (Closes: #892526)
* CVE-2018-13005, CVE-2018-13006 (Closes: #902782)
* CVE-2018-20760, CVE-2018-20761, CVE-2018-20762, CVE-2018-20763
(Closes: #921969)
icedtea-web (1.6.2-3.1+deb9u1) stretch; urgency=medium
.
* Stop building the browser plugin, no longer works with Firefox 60
igraph (0.7.1-2.1+deb9u1) stretch; urgency=medium
.
* Team upload.
* Add patch from upstream to fix CVE-2018-20349.
(Closes: #917211)
ikiwiki (3.20170111.1) stretch-security; urgency=high
.
* aggregate: Use LWPx::ParanoidAgent if available.
Previously blogspam, openid and pinger used this module if available,
but aggregate did not. This prevents server-side request forgery or
local file disclosure, and mitigates denial of service when slow
"tarpit" URLs are accessed.
(CVE-2019-9187)
* blogspam, openid, pinger: Use a HTTP proxy if configured, even if
LWPx::ParanoidAgent is installed.
Previously, only aggregate would obey proxy configuration. If a proxy
is used, the proxy (not ikiwiki) is responsible for preventing attacks
like CVE-2019-9187.
* aggregate, blogspam, openid, pinger: Do not access non-http, non-https
URLs.
Previously, these plugins would have allowed non-HTTP-based requests if
LWPx::ParanoidAgent was not installed. Preventing file URIs avoids local
file disclosure, and preventing other rarely-used URI schemes like
gopher mitigates request forgery attacks.
* aggregate, openid, pinger: Document LWPx::ParanoidAgent as strongly
recommended.
These plugins can request attacker-controlled URLs in some site
configurations.
* blogspam: Document LWPx::ParanoidAgent as desirable.
This plugin doesn't request attacker-controlled URLs, so it's
non-critical here.
* blogspam, openid, pinger: Consistently use cookiejar if configured.
Previously, these plugins would only obey this configuration if
LWPx::ParanoidAgent was not installed, but this appears to have been
unintended.
jabref (3.8.1+ds-3+deb9u1) stretch; urgency=medium
.
[ gregor herrmann & tony mancill ]
* Add patch from upstream commit to fix CVE-2018-1000652: XML External
Entity attack.
Thanks to Moritz Muehlenhoff for the bug report. (Closes: #921772)
java-common (0.58+deb9u1) stretch; urgency=medium
.
* Remove default-java-plugin as the icedtea-web Xul plugin is going away
* Also drop the Recommends: to default-java-plugin in default-jre
jquery (3.1.1-2+deb9u1) stretch; urgency=medium
.
* Team upload
* Add patch to prevent Object.prototype pollution
(Closes: #927385, CVE-2019-11358)
* Disable check-against-upstream-build test (autopkgtest) since file is now
patched
kauth (5.28.0-2+deb9u1) stretch; urgency=medium
.
* CVE-2019-7443 (Closes: #921995)
ldb (2:1.1.27-1+deb9u1) stretch-security; urgency=high
.
* Fixes CVE-2019-3824: "Out of bound read in ldb_wildcard_compare"
- Add CVE-2019-3824-master-v4-5-02.patch from upstream's bug 13773
- Update path in CVE-2019-3824-master-v4-5-02.patch
libapache2-mod-auth-mellon (0.12.0-2+deb9u1) stretch-security; urgency=high
.
* Upload to stable-security (closes: #925197)
- Auth bypass when used with reverse proxy [CVE-2019-3878]
- Open redirect vulnerability in logout [CVE-2019-3877]
libdate-holidays-de-perl (1.9-1+deb9u3) stretch; urgency=medium
.
* Mark Mar 8th (from 2019) and May 8th (only 2020) as public
holidays (Berlin only).
libdatetime-timezone-perl (1:2.09-1+2019a) stretch; urgency=medium
.
* Update to Olson database version 2019a.
This update contains contemporary changes for Palestine and Metlakatla.
liblivemedia (2016.11.28-1+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2019-6256: denial of service when processing get and post
with identical x-session-cookie within the same tcp session.
* CVE-2019-7314: use-after-free during RTSP stream termination.
* CVE-2019-9215: malformed headers lead to invalid memory access
in the parseAuthorizationHeader function.
libreoffice (1:5.2.7-1+deb9u7) stretch; urgency=medium
.
* debian/patches/mention-java-common-package.diff: update message to
reflect current config dir...
* debian/patches/disableClassPathURLCheck.diff: revert openjdk is fixed
.
* debian/control.in:
- make -core conflict against openjdk-8-jre-headless (= 8u181-b13-2~deb9u1)
(closes: 913641#) and build-conflict against it
libreoffice (1:5.2.7-1+deb9u6) stable; urgency=medium
.
* debian/patches/jp-JP-Reiwa.diff: Introduce next Japanese gengou
era 'Reiwa', from libreoffice-6-1 branch
libssh2 (1.7.0-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Possible integer overflow in transport read allows out-of-bounds write
(CVE-2019-3855) (Closes: #924965)
* Possible integer overflow in keyboard interactive handling allows
out-of-bounds write (CVE-2019-3856) (Closes: #924965)
* Possible integer overflow leading to zero-byte allocation and
out-of-bounds write (CVE-2019-3857) (Closes: #924965)
* Possible zero-byte allocation leading to an out-of-bounds read
(CVE-2019-3858) (Closes: #924965)
* Out-of-bounds reads with specially crafted payloads due to unchecked use
of _libssh2_packet_require and _libssh2_packet_requirev (CVE-2019-3859)
(Closes: #924965)
* Out-of-bounds reads with specially crafted SFTP packets (CVE-2019-3860)
(Closes: #924965)
* Out-of-bounds reads with specially crafted SSH packets (CVE-2019-3861)
(Closes: #924965)
* Out-of-bounds memory comparison (CVE-2019-3862) (Closes: #924965)
* Integer overflow in user authenicate keyboard interactive allows
out-of-bounds writes (CVE-2019-3863) (Closes: #924965)
* Fixed misapplied patch for user auth.
* moved MAX size declarations
libu2f-host (1.1.2-2+deb9u1) stretch-security; urgency=high
.
* Backport patch for CVE-2018-20340 (Closes: #921725)
linux (4.9.168-1) stretch; urgency=medium
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.162
- Revert "loop: Fix double mutex_unlock(&loop_ctl_mutex) in
loop_control_ioctl()"
- Revert "loop: Get rid of loop_index_mutex"
- Revert "loop: Fold __loop_release into loop_release"
- scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached
- [arm64] drm/msm: Unblock writer if reader closes file
- [x86] ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field
- [x86] ALSA: compress: prevent potential divide by zero bugs
- [x86] thermal: int340x_thermal: Fix a NULL vs IS_ERR() check
- [arm64,armhf] usb: dwc3: gadget: synchronize_irq dwc irq in suspend
- [arm64,armhf] usb: dwc3: gadget: Fix the uninitialized link_state when
udc starts
- usb: gadget: Potential NULL dereference on allocation error
- ASoC: dapm: change snprintf to scnprintf for possible overflow
- [armhf] ASoC: imx-audmux: change snprintf to scnprintf for possible
overflow
- [x86] drivers: thermal: int340x_thermal: Fix sysfs race condition
- mac80211: fix miscounting of ttl-dropped frames
- locking/rwsem: Fix (possible) missed wakeup
- direct-io: allow direct writes to empty inodes
- scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state()
- net: usb: asix: ax88772_bind return error when hw_reset fail
- [ppc64el] ibmveth: Do not process frames after calling napi_reschedule
- mac80211: don't initiate TDLS connection if station is not associated to
AP
- mac80211: Add attribute aligned(2) to struct 'action'
- cfg80211: extend range deviation for DMG
- [x86] svm: Fix AVIC incomplete IPI emulation
- [x86] KVM: nSVM: clear events pending from svm_complete_interrupts()
when exiting to L1
- [powerpc*] Always initialize input array when calling epapr_hypercall()
- [arm64] mmc: spi: Fix card detection during probe
- mm: enforce min addr even if capable() in expand_downwards()
(CVE-2019-9213)
- [x86] uaccess: Don't leak the AC flag into __put_user() value evaluation
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.163
- USB: serial: option: add Telit ME910 ECM composition
- USB: serial: cp210x: add ID for Ingenico 3070
- USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485
- cpufreq: Use struct kobj_attribute instead of struct global_attr
- ncpfs: fix build warning of strncpy
- [x86] staging: comedi: ni_660x: fix missing break in switch statement
- ip6mr: Do not call __IP6_INC_STATS() from preemptible context
- net-sysfs: Fix mem leak in netdev_register_kobject
- sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79
- team: Free BPF filter when unregistering netdev
- bnxt_en: Drop oversize TX packets to prevent errors.
- [x86] hv_netvsc: Fix IP header checksum for coalesced packets
- [armhf] net: dsa: mv88e6xxx: Fix u64 statistics
- net: netem: fix skb length BUG_ON in __skb_to_sgvec
- net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails
- net: sit: fix memory leak in sit_init_net()
- xen-netback: don't populate the hash cache on XenBus disconnect
- xen-netback: fix occasional leak of grant ref mappings under memory
pressure
- net: Add __icmp_send helper.
- tun: fix blocking read
- tun: remove unnecessary memory barrier
- net: phy: Micrel KSZ8061: link failure after cable connect
- [x86] CPU/AMD: Set the CPB bit unconditionally on F17h
- applicom: Fix potential Spectre v1 vulnerabilities
- [mips*] irq: Allocate accurate order pages for irq stack
- hugetlbfs: fix races and page leaks during migration
- exec: Fix mem leak in kernel_read_file (CVE-2019-8980)
- media: uvcvideo: Fix 'type' check leading to overflow
- vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel
- perf core: Fix perf_proc_update_handler() bug
- perf tools: Handle TOPOLOGY headers with no CPU
- IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM
- [amd64] iommu/amd: Call free_iova_fast with pfn in map_sg
- [amd64] iommu/amd: Unmap all mapped pages in error path of map_sg
- ipvs: Fix signed integer overflow when setsockopt timeout
- [amd64] iommu/amd: Fix IOMMU page flush when detach device from a domain
- [arm64] net: hns: Fix for missing of_node_put() after of_parse_phandle()
- [arm64] net: hns: Fix wrong read accesses via Clause 45 MDIO protocol
- [armhf] net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup()
- nfs: Fix NULL pointer dereference of dev_name
- qed: Fix VF probe failure while FLR
- scsi: libfc: free skb when receiving invalid flogi resp
- [x86] platform: Fix unmet dependency warning for SAMSUNG_Q10
- cifs: fix computation for MAX_SMB2_HDR_SIZE
- [arm64] kprobe: Always blacklist the KVM world-switch code
- [x86] kexec: Don't setup EFI info if EFI runtime is not enabled
- mm, memory_hotplug: is_mem_section_removable do not pass the end of a
zone
- mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone
- fs/drop_caches.c: avoid softlockups in drop_pagecache_sb()
- autofs: drop dentry reference only when it is never used
- autofs: fix error return in autofs_fill_super()
- vsock/virtio: fix kernel panic after device hot-unplug
- vsock/virtio: reset connected sockets on device removal
- netfilter: nf_nat: skip nat clash resolution for same-origin entries
- [s390x] qeth: fix use-after-free in error path
- perf symbols: Filter out hidden symbols from labels
- [mips*] Remove function size check in get_frame_info()
- fs: ratelimit __find_get_block_slow() failure message.
- Input: wacom_serial4 - add support for Wacom ArtPad II tablet
- Input: elan_i2c - add id for touchpad found in Lenovo s21e-20
- [x86] iscsi_ibft: Fix missing break in switch statement
- scsi: aacraid: Fix missing break in switch statement
- futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock()
- [armhf] dts: exynos: Fix pinctrl definition for eMMC RTSN line on Odroid
X2/U3
- drm: disable uncached DMA optimization for ARM and arm64
- [armhf] dts: exynos: Do not ignore real-world fuse values for thermal
zone 0 on Exynos5420
- [x86] perf/x86/intel: Make cpuc allocations consistent
- [x86] perf/x86/intel: Generalize dynamic constraint creation
- [x86] Add TSX Force Abort CPUID/MSR
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.164
- ACPICA: Reference Counts: increase max to 0x4000 for large servers
- KEYS: restrict /proc/keys by credentials at open time
- l2tp: fix infoleak in l2tp_ip6_recvmsg()
- net: sit: fix UBSAN Undefined behaviour in check_6rd
- pptp: dst_release sk_dst_cache in pptp_sock_destruct
- route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race
- tcp: handle inet_csk_reqsk_queue_add() failures
- vxlan: test dev->flags & IFF_UP before calling gro_cells_receive()
- net/mlx4_core: Fix reset flow when in command polling mode
- net/mlx4_core: Fix locking in SRIOV mode when switching between events
and polling
- net/mlx4_core: Fix qp mtt size calculation
- mdio_bus: Fix use-after-free on device_register fails
- net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255
- af_unix: missing barriers in some of unix_sock ->addr and ->path accesses
- ipvlan: disallow userns cap_net_admin to change global mode/flags
- vxlan: Fix GRO cells race condition between receive and link delete
- rxrpc: Fix client call queueing, waiting for channel
- gro_cells: make sure device is up in gro_cells_receive()
- tcp/dccp: remove reqsk_put() from inet_child_forget()
- [x86] perf: Fixup typo in stub functions
- ALSA: bebob: use more identical mod_alias for Saffire Pro 10 I/O against
Liquid Saffire 56
- md: It's wrong to add len to sector_nr in raid10 reshape twice
- of: Support const and non-const use for to_of_node()
- vhost/vsock: fix vhost vsock cid hashing inconsistent
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.165
- media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused()
- 9p: use inode->i_lock to protect i_size_write() under 32-bit
- 9p/net: fix memory leak in p9_client_create
- [armhf] iio: adc: exynos-adc: Fix NULL pointer exception on unbind
- crypto: ahash - fix another early termination in hash walk
- [armhf] gpu: ipu-v3: Fix i.MX51 CSI control registers offset
- [armhf] gpu: ipu-v3: Fix CSI offsets for imx53
- [s390x] dasd: fix using offset into zero size array error
- [armhf] OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be
uninitialized
- floppy: check_events callback should not return a negative number
- mm/gup: fix gup_pmd_range() for dax
- mm: page_alloc: fix ref bias in page_frag_alloc() for 1-byte allocs
- [arm64] net: hns: Fix object reference leaks in hns_dsaf_roce_reset()
- [armhf] clk: sunxi: A31: Fix wrong AHB gate number
- assoc_array: Fix shortcut creation
- scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task
- [arm64] pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins
- qmi_wwan: apply SET_DTR quirk to Sierra WP7607
- [armel] net: mv643xx_eth: disable clk on error path in
mv643xx_eth_shared_probe()
- [x86] ASoC: topology: free created components in tplg load error
- [arm64] Relax GIC version check during early boot
- [armhf] net: marvell: mvneta: fix DMA debug warning
- tmpfs: fix link accounting when a tmpfile is linked in
- mac80211_hwsim: propagate genlmsg_reply return code
- [arm64] net: thunderx: make CFG_DONE message to run through generic
send-ack sequence
- nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K
- nfp: bpf: fix ALU32 high bits clearance bug
- net: set static variable an initial value in atl2_probe()
- tmpfs: fix uninitialized return value in shmem_link
- [x86] libnvdimm/label: Clear 'updating' flag after label-set update
- [x86] libnvdimm/pmem: Honor force_raw for legacy pmem regions
- [amd64] libnvdimm: Fix altmap reservation size calculation
- crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
- [arm64] crypto: aes-ccm - fix logical bug in AAD MAC handling
- CIFS: Do not reset lease state to NONE on lease break
- CIFS: Fix read after write for files with read caching
- tracing: Do not free iter->trace in fail path of tracing_open_pipe()
- [amd64,arm64,i386] ACPI / device_sysfs: Avoid OF modalias creation for
removed device
- [armhf] spi: ti-qspi: Fix mmap read when more than one CS in use
- [armhf] regulator: s2mps11: Fix steps for buck7, buck8 and LDO35
- [armhf] regulator: s2mpa01: Fix step values for some LDOs
- [armhf] clocksource/drivers/exynos_mct: Move one-shot check from tick
clear to ISR
- [armhf] clocksource/drivers/exynos_mct: Clear timer interrupt when
shutdown
- [s390x] virtio: handle find on invalid queue gracefully
- scsi: virtio_scsi: don't send sc payload with tmfs
- scsi: sd: Optimal I/O size should be a multiple of physical block size
- scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock
- fs/devpts: always delete dcache dentry-s in dput()
- splice: don't merge into linked buffers
- btrfs: ensure that a DUP or RAID1 block group has exactly two stripes
- crypto: pcbc - remove bogus memcpy()s with src == dest
- libertas_tf: don't set URB_ZERO_PACKET on IN USB transfer
- [arm64,armhf] cpufreq: tegra124: add missing of_node_put()
- ext4: fix crash during online resizing
- [armhf] clk: clk-twl6040: Fix imprecise external abort for pdmclk
- [x86] nfit: acpi_nfit_ctl(): Check out_obj->type in the right place
- mm: hwpoison: fix thp split handing in soft_offline_in_use_page()
(CVE-2019-10124)
- mm/vmalloc: fix size check for remap_vmalloc_range_partial()
- kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv
- device property: Fix the length used in PROPERTY_ENTRY_STRING()
- [x86] intel_th: Don't reference unassigned outputs
- parport_pc: fix find_superio io compare code, should use equal test.
- [arm64,armhf] i2c: tegra: fix maximum transfer size
- [x86] drm/i915: Relax mmap VMA check
- [arm64] serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO
- serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart
- 8250: FIX Fourth port offset of Pericom PI7C9X7954 boards
- serial: 8250_pci: Fix number of ports for ACCES serial cards
- serial: 8250_pci: Have ACCES cards that use the four port Pericom
PI7C9X7954 chip use the pci_pericom_setup()
- jbd2: clear dirty flag when revoking a buffer from an older transaction
- jbd2: fix compile warning when using JBUFFER_TRACE
- [powerpc] Clear on-stack exception marker upon exception return
- [ppc64el] powernv: Make opal log only readable by root
- [ppc64el] Fix 32-bit KVM-PR lockup and host crash with MacOS guest
- [ppc64el] ptrace: Simplify vr_get/set() to avoid GCC warning
- dm: fix to_sector() for 32bit
- NFS: Fix I/O request leakages
- NFS: Fix an I/O request leakage in nfs_do_recoalesce
- NFS: Don't recoalesce on error in nfs_pageio_complete_mirror()
- nfsd: fix memory corruption caused by readdir
- nfsd: fix wrong check in write_v4_end_grace()
- PM / wakeup: Rework wakeup source timer cancellation
- bcache: never writeback a discard operation
- [x86] perf intel-pt: Fix CYC timestamp calculation after OVF
- perf auxtrace: Define auxtrace record alignment
- [x86] perf intel-pt: Fix overlap calculation for padding
- [x86] perf intel-pt: Fix divide by zero when TSC is not available
- md: Fix failed allocation of md_register_thread
- rcu: Do RCU GP kthread self-wakeup from softirq and interrupt
- media: uvcvideo: Avoid NULL pointer dereference at the end of streaming
- drm/radeon/evergreen_cs: fix missing break in switch statement
- [x86] KVM: nVMX: Sign extend displacements of VMX instr's mem operands
- [x86] KVM: nVMX: Ignore limit checks on VMX instructions using flat
segments
- [x86] KVM: Fix residual mmio emulation request to userspace
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.166
- [x86] drm/vmwgfx: Don't double-free the mode stored in par->set_mode
- [amd64] iommu/amd: fix sg->dma_address for sg->offset bigger than
PAGE_SIZE
- libceph: wait for latest osdmap in ceph_monc_blacklist_add()
- udf: Fix crash on IO error during truncate
- [mips*] Ensure ELF appended dtb is relocated
- [mips*] Fix kernel crash for R6 in jump label branch function
- futex: Ensure that futex address is aligned in handle_futex_death()
- objtool: Move objtool_file struct off the stack
- ext4: fix NULL pointer dereference while journal is aborted
- ext4: fix data corruption caused by unaligned direct AIO
- ext4: brelse all indirect buffer in ext4_ind_remove_space()
- media: v4l2-ctrls.c/uvc: zero v4l2_event
- Bluetooth: Fix decrementing reference count twice in releasing socket
- ALSA: hda - Record the current power state before suspend/resume calls
- ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec
- tcp/dccp: drop SYN packets if accept queue is full
- vfs: Hang/soft lockup in d_invalidate with simultaneous calls
- [arm64] traps: disable irq in die()
- lib/int_sqrt: optimize small argument
- scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1
- rtc: Fix overflow when converting time64_t to rtc_time
- [armhf] pwm-backlight: Enable/disable the PWM before/after LCD enable
toggle.
- ath10k: avoid possible string overflow
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.167
- Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
(CVE-2019-3460)
- Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer
(CVE-2019-3459)
- cfg80211: size various nl80211 messages correctly
- [arm64,armhf] stmmac: copy unicast mac address to MAC registers
- dccp: do not use ipv6 header for ipv4 flow
- mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S
- net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec
- net: rose: fix a possible stack overflow
- packets: Always register packet sk in the same order
- tcp: do not use ipv6 header for ipv4 flow
- vxlan: Don't call gro_cells_destroy() before device is unregistered
- sctp: get sctphdr by offset in sctp_compute_cksum
- tun: properly test for IFF_UP
- tun: add a missing rcu_read_unlock() in error path
- btrfs: remove WARN_ON in log_dir_items
- btrfs: raid56: properly unmap parity page in finish_parity_scrub()
- [powerpc*] bpf: Fix generation of load/store DW instructions
- NFSv4.1 don't free interrupted slot on open
- ALSA: rawmidi: Fix potential Spectre v1 vulnerability
- ALSA: pcm: Fix possible OOB access in PCM oss plugins
- ALSA: pcm: Don't suspend stream in unrecoverable PCM state
- fs/open.c: allow opening only regular files during execve()
- scsi: sd: Fix a race between closing an sd device and sd I/O
- scsi: sd: Quiesce warning if device does not report optimal I/O size
- [s390x] scsi: zfcp: fix rport unblock if deleted SCSI devices on
Scsi_Host
- [s390x] scsi: zfcp: fix scsi_eh host reset with port_forced ERP for
non-NPIV FCP devices
- [x86] staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest
- USB: serial: cp210x: add new device id
- USB: serial: ftdi_sio: add additional NovaTech products
- USB: serial: mos7720: fix mos_parport refcount imbalance on error path
- USB: serial: option: set driver_info for SIM5218 and compatibles
- USB: serial: option: add Olicard 600
- fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links
- usb: common: Consider only available nodes for dr_mode
- [x86] perf intel-pt: Fix TSC slip
- cpu/hotplug: Prevent crash when CPU bringup fails on
CONFIG_HOTPLUG_CPU=n
- KVM: Reject device ioctls from processes other than the VM's creator
- [x86] KVM: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts
- USB: gadget: f_hid: fix deadlock in f_hidg_write()
- xhci: Fix port resume done detection for SS ports with LPM enabled
- [arm64] support keyctl() system call in 32-bit mode
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.168
- [arm64] debug: Don't propagate UNKNOWN FAR into si_code for debug
signals
- ext4: cleanup bh release code in ext4_ind_remove_space()
- lib/int_sqrt: optimize initial value compute
- mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified
- i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA
- CIFS: fix POSIX lock leak and invalid ptr deref
- tracing: kdb: Fix ftdump to not sleep
- [armhf] gpio: gpio-omap: fix level interrupt idling
- include/linux/relay.h: fix percpu annotation in struct rchan
- sysctl: handle overflow for file-max
- [arm64] scsi: hisi_sas: Set PHY linkrate when disconnected
- [armhf,ppc64el] mm/cma.c: cma_declare_contiguous: correct err handling
- mm/page_ext.c: fix an imbalance with kmemleak
- mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512!
- mm/slab.c: kmemleak no scan alien caches
- ocfs2: fix a panic problem caused by o2cb_ctl
- fs/file.c: initialize init_files.resize_wait
- cifs: use correct format characters
- dm thin: add sanity checks to thin-pool and external snapshot creation
- cifs: Fix NULL pointer dereference of devname
- jbd2: fix invalid descriptor block checksum
- fs: fix guard_bio_eod to check for real EOD errors
- wil6210: check null pointer in _wil_cfg80211_merge_extra_ies
- [arm64,armhf] usb: chipidea: Grab the (legacy) USB PHY by phandle first
- scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c
- [armel,armhf] 8840/1: use a raw_spinlock_t in unwind
- [armhf] mmc: omap: fix the maximum timeout setting
- e1000e: Fix -Wformat-truncation warnings
- IB/mlx4: Increase the timeout for CM cache
- scsi: megaraid_sas: return error when create DMA pool failed
- [armhf] SoC: imx-sgtl5000: add missing put_device()
- vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset == -1
- [amd64] HID: intel-ish-hid: avoid binding wrong ishtp_cl_device
- [armhf] leds: lp55xx: fix null deref on firmware load failure
- iwlwifi: pcie: fix emergency path
- [x86] ACPI / video: Refactor and fix dmi_is_desktop()
- kprobes: Prohibit probing on bsearch()
- ALSA: PCM: check if ops are defined before suspending PCM
- usb: f_fs: Avoid crash due to out-of-scope stack ptr access
- bcache: fix input overflow to cache set sysfs file io_error_halflife
- bcache: fix input overflow to sequential_cutoff
- bcache: improve sysfs_strtoul_clamp()
- genirq: Avoid summation loops for /proc/stat
- iw_cxgb4: fix srqidx leak during connection abort
- fbdev: fbmem: fix memory access if logo is bigger than the screen
- cdrom: Fix race condition in cdrom_sysctl_register
- e1000e: fix cyclic resets at link up with active tx
- efi/memattr: Don't bail on zero VA if it equals the region's PA
- [arm64] soc: qcom: gsbi: Fix error handling in gsbi_probe()
- [armhf] avoid Cortex-A9 livelock on tight dmb loops
- tty: increase the default flip buffer limit to 2*640K
- [ppc64el] powerpc/pseries: Perform full re-add of CPU for topology
update post-migration
- hwrng: virtio - Avoid repeated init of completion
- [arm64,armhf] soc/tegra: fuse: Fix illegal free of IO base address
- [amd64] HID: intel-ish: ipc: handle PIMR before ish_wakeup also clear
PISR busy_clear bit
- [x86] hpet: Fix missing '=' character in the __setup() code of
hpet_mmap_enable
- [armhf] dmaengine: imx-dma: fix warning comparison of distinct pointer
types
- [arm64] dmaengine: qcom_hidma: assign channel cookie correctly
- netfilter: physdev: relax br_netfilter dependency
- [armhf] regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting
- drm/nouveau: Stop using drm_crtc_force_disable
- selinux: do not override context on context mounts
- [arm64,armhf] wlcore: Fix memory leak in case wl12xx_fetch_firmware
failure
- [arm64,armhf] dmaengine: tegra: avoid overflow of byte tracking
- drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers
- [x86] ACPI / video: Extend chassis-type detection with a "Lunch Box"
check
.
[ Ben Hutchings ]
* debian/bin/abiupdate.py: Change default URLs to use https: scheme.
* Resolve kernel ABI changes:
- Revert "genirq: Avoid summation loops for /proc/stat"
- tracing: ring_buffer: Avoid ABI change in 4.9.168
- net: icmp: Avoid ABI change in 4.9.163
- Revert "phonet: fix building with clang"
- netfilter: Ignore removal of br_netfilter_enable()
.
[ Salvatore Bonaccorso ]
* Refresh mm-mmap.c-expand_downwards-don-t-require-the-gap-if-.patch for
context changes in 4.9.162
* [rt] Refresh 0008-futex-rt_mutex-Provide-futex-specific-rt_mutex-API.patch
for context changes in 4.9.163
* [rt] Drop 0014-futex-rt_mutex-Restructure-rt_mutex_finish_proxy_loc.patch
applied upstream in 4.9.163
* [rt] Refresh 0171-arm-include-definition-for-cpumask_t.patch for context
changes in 4.9.165
* [rt] Drop 0256-arm-unwind-use-a-raw_spin_lock.patch
linux (4.9.161-1) stretch; urgency=medium
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.145
- [armhf] media: omap3isp: Unregister media device as first
- [amd64] iommu/vt-d: Fix NULL pointer dereference in prq_event_thread()
- brcmutil: really fix decoding channel info for 160 MHz bandwidth
- HID: input: Ignore battery reported by Symbol DS4308
- batman-adv: Expand merged fragment buffer for full packet
- bnx2x: Assign unique DMAE channel number for FW DMAE transactions.
- qed: Fix PTT leak in qed_drain()
- qed: Fix reading wrong value in loop condition
- net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command
- net/mlx4_core: Fix uninitialized variable compilation warning
- net/mlx4: Fix UBSAN warning of signed integer overflow
- [amd64] iommu/vt-d: Use memunmap to free memremap
- team: no need to do team_notify_peers or team_mcast_rejoin when
disabling port
- mm: don't warn about allocations which stall for too long
- usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device
- usb: appledisplay: Add 27" Apple Cinema Display
- USB: check usb_get_extra_descriptor for proper size (CVE-2018-20169)
- ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in
card.c (CVE-2018-19824)
- [x86] ALSA: hda: Add support for AMD Stoney Ridge
- ALSA: pcm: Fix starvation on down_write_nonblock()
- ALSA: pcm: Call snd_pcm_unlink() conditionally at closing
- ALSA: pcm: Fix interval evaluation with openmin/max
- [x86] ALSA: hda/realtek - Fix speaker output regression on Thinkpad T570
- [s390x] virtio: avoid race on vcdev->config
- [s390x] virtio: fix race in ccw_io_helper()
- SUNRPC: Fix leak of krb5p encode pages
- [armhf] dmaengine: cppi41: delete channel from pending list when stop
channel
- xhci: Prevent U1/U2 link pm states if exit latency is too long
- swiotlb: clean up reporting
- vsock: lookup and setup guest_cid inside vhost_vsock_lock
- vhost/vsock: fix use-after-free in network stack callers
(CVE-2018-14625)
- cifs: Fix separator when building path from dentry
- staging: rtl8712: Fix possible buffer overrun
- tty: do not set TTY_IO_ERROR flag if console port
- mac80211_hwsim: Timer should be initialized before device registered
- mac80211: Clear beacon_int in ieee80211_do_stop
- mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext
- mac80211: fix reordering of buffered broadcast packets
- mac80211: ignore NullFunc frames in the duplicate detection
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.146
- ipv6: Check available headroom in ip6_xmit() even without options
- net: 8139cp: fix a BUG triggered by changing mtu with network traffic
- net/mlx4_core: Correctly set PFC param if global pause is turned off.
- net: phy: don't allow __set_phy_supported to add unsupported modes
- net: Prevent invalid access to skb->prev in __qdisc_drop_all
- rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices
- tcp: fix NULL ref in tail loss probe
- tun: forbid iface creation with rtnl ops
- neighbour: Avoid writing before skb->head in neigh_hh_output()
- [armhf] OMAP2+: prm44xx: Fix section annotation on
omap44xx_prm_enable_io_wakeup
- sysv: return 'err' instead of 0 in __sysv_write_inode
- [s390x] cpum_cf: Reject request for sampling in event initialization
- [armhf] ASoC: omap-abe-twl6040: Fix missing audio card caused by
deferred probing
- ASoC: dapm: Recalculate audio map forcely when card instantiated
- hwmon: (w83795) temp4_type has writable permission
- objtool: Fix double-free in .cold detection error path
- objtool: Fix segfault in .cold detection with -ffunction-sections
- Btrfs: send, fix infinite loop due to directory rename dependencies
- RDMA/mlx5: Fix fence type for IB_WR_LOCAL_INV WR
- [armhf] ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns
with CPU_IDLE
- [armhf] ASoC: omap-dmic: Add pm_qos handling to avoid overruns with
CPU_IDLE
- exportfs: do not read dentry after free
- bpf: fix check of allowed specifiers in bpf_trace_printk
- ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf
- [arm64] net: thunderx: fix NULL pointer dereference in nic_remove
- cachefiles: Fix page leak in cachefiles_read_backing_file while vmscan
is active
- igb: fix uninitialized variables
- ixgbe: recognize 1000BaseLX SFP modules as 1Gbps
- [arm64] net: hisilicon: remove unexpected free_netdev
- drm/ast: fixed reading monitor EDID not stable issue
- fscache: fix race between enablement and dropping of object
- ocfs2: fix deadlock caused by ocfs2_defrag_extent()
- hfs: do not free node before using
- hfsplus: do not free node before using
- ocfs2: fix potential use after free
- pstore: Convert console write to use ->write_buf
- staging: speakup: Replace strncpy with memcpy
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.147
- signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack
(Closes: #904385)
- timer/debug: Change /proc/timer_list from 0444 to 0400
- [armhf] pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11
- aio: fix spectre gadget in lookup_ioctx
- [armhf] MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310
- [arm*] ARM: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt
- tracing: Fix memory leak in set_trigger_filter()
- tracing: Fix memory leak of instance function hash filters
- [powerpc*] msi: Fix NULL pointer access in teardown code
- Revert "drm/rockchip: Allow driver to be shutdown on reboot/kexec"
- [x86] drm/i915/execlists: Apply a full mb before execution for Braswell
- mac80211: don't WARN on bad WMM parameters from buggy APs
- mac80211: Fix condition validating WMM IE
- [amd64] IB/hfi1: Remove race conditions in user_sdma send path
- [x86] locking: Remove smp_read_barrier_depends() from
queued_spin_lock_slowpath()
- [x86] locking/qspinlock: Ensure node is initialised before updating
prev->next
- [x86] locking/qspinlock: Bound spinning on pending->locked transition in
slowpath
- [x86] locking/qspinlock: Merge 'struct __qspinlock' into 'struct
qspinlock'
- [x86] locking/qspinlock: Remove unbounded cmpxchg() loop from locking
slowpath
- [x86] locking/qspinlock: Remove duplicate clear_pending() function from
PV code
- [x86] locking/qspinlock: Kill cmpxchg() loop when claiming lock from
head of queue
- [x86] locking/qspinlock: Re-order code
- [x86] locking/qspinlock/x86: Increase _Q_PENDING_LOOPS upper bound
- [x86] locking/qspinlock, x86: Provide liveness guarantee
- [x86] locking/qspinlock: Fix build for anonymous union in older GCC
compilers
- mac80211_hwsim: fix module init error paths for netlink
- scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset
- [x86] scsi: vmw_pscsi: Rearrange code to avoid multiple calls to
free_irq during unload
- [x86] earlyprintk/efi: Fix infinite loop on some screen widths
- [arm64] drm/msm: Grab a vblank reference when waiting for commit_done
- bonding: fix 802.3ad state sent to partner when unbinding slave
- nfs: don't dirty kernel pages read by direct-io
- SUNRPC: Fix a potential race in xprt_connect()
- [arm64] clk: mvebu: Off by one bugs in cp110_of_clk_get()
- [armhf] Input: omap-keypad - fix keyboard debounce configuration
- libata: whitelist all SAMSUNG MZ7KM* solid-state disks
- [armhf] mv88e6060: disable hardware level MAC learning
- net/mlx4_en: Fix build break when CONFIG_INET is off
- bpf: check pending signals while verifying programs
- [arm*] 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address
handling
- [arm*] 8815/1: V7M: align v7m_dma_inv_range() with v7 counterpart
- drm/ast: Fix connector leak during driver unload
- cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure
cifs)
- vhost/vsock: fix reset orphans race with close timeout
- [x86] i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI
device node
- nvmet-rdma: fix response use after free
- [armhf] rtc: snvs: add a missing write sync
- [armhf] rtc: snvs: Add timeouts to avoid kernel lockups
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.148
- block: break discard submissions into the user defined size
- block: fix infinite loop if the device loses discard capability
- ib_srpt: Fix a use-after-free in __srpt_close_all_ch()
- USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data
(CVE-2018-19985)
- xhci: Don't prevent USB2 bus suspend in state check intended for USB3
only
- USB: serial: option: add GosunCn ZTE WeLink ME3630
- USB: serial: option: add HP lt4132
- USB: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode)
- USB: serial: option: add Fibocom NL668 series
- USB: serial: option: add Telit LN940 series
- mmc: core: Reset HPI enabled state during re-init and in case of errors
- mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support
- mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl
- [armhf] mmc: omap_hsmmc: fix DMA API warning
- [x86] Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened
channels
- [x86] mtrr: Don't copy uninitialized gentry fields back to userspace
- [x86] fpu: Disable bottom halves while loading FPU registers
- ubifs: Handle re-linking of inodes correctly while recovery
- panic: avoid deadlocks in re-entrant console drivers
- proc/sysctl: don't return ENOMEM on lookup when a table is unregistering
- drm/ioctl: Fix Spectre v1 vulnerabilities
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.149
- ip6mr: Fix potential Spectre v1 vulnerability
- ipv4: Fix potential Spectre v1 vulnerability
- ax25: fix a use-after-free in ax25_fillin_cb()
- [ppc64el] ibmveth: fix DMA unmap error in ibmveth_xmit_start error path
- ieee802154: lowpan_header_create check must check daddr
- ipv6: explicitly initialize udp6_addr in udp_sock_create6()
- ipv6: tunnels: fix two use-after-free
- isdn: fix kernel-infoleak in capi_unlocked_ioctl
- net: ipv4: do not handle duplicate fragments as overlapping
- net: phy: Fix the issue that netif always links up after resuming
- netrom: fix locking in nr_find_socket()
- packet: validate address length
- packet: validate address length if non-zero
- sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event
- tipc: fix a double kfree_skb()
- vhost: make sure used idx is seen before log in vhost_add_used_n()
- [x86] VSOCK: Send reset control packet when socket is partially bound
- xen/netfront: tolerate frags with no data
- tipc: use lock_sock() in tipc_sk_reinit()
- tipc: compare remote and local protocols in tipc_udp_enable()
- gro_cell: add napi_disable in gro_cells_destroy
- net/mlx5e: Remove the false indication of software timestamping support
- net/mlx5: Typo fix in del_sw_hw_rule
- sock: Make sock->sk_stamp thread-safe
- ptr_ring: wrap back ->producer in __ptr_ring_swap_queue()
- ALSA: rme9652: Fix potential Spectre v1 vulnerability
- ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities
- ALSA: pcm: Fix potential Spectre v1 vulnerability
- ALSA: emux: Fix potential Spectre v1 vulnerabilities
- ALSA: hda: add mute LED support for HP EliteBook 840 G4
- [arm64,armhf] ALSA: hda/tegra: clear pending irq handlers
- USB: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays
- USB: serial: option: add Fibocom NL678 series
- qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID
- Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G
- [x86] KVM: Use jmp to invoke kvm_spurious_fault() from .fixup
- platform-msi: Free descriptors in platform_msi_domain_free()
- perf pmu: Suppress potential format-truncation warning
- ext4: fix possible use after free in ext4_quota_enable
- ext4: missing unlock/put_page() in ext4_try_to_write_inline_data()
- ext4: fix EXT4_IOC_GROUP_ADD ioctl
- ext4: include terminating u32 in size of xattr entries when expanding
inodes
- ext4: force inode writes when nfsd calls commit_metadata()
- [arm64,armhf] spi: bcm2835: Fix race on DMA termination
- [arm64,armhf] spi: bcm2835: Fix book-keeping of DMA termination
- [arm64,armhf] spi: bcm2835: Avoid finishing transfer prematurely in IRQ
mode
- [armhf] clk: rockchip: fix typo in rk3188 spdif_frac parent
- cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader.
- f2fs: fix validation of the block count in sanity_check_raw_super
- media: vivid: free bitmap_cap when updating std/timings/etc.
- media: v4l2-tpg: array index could become negative
- [mips*] Ensure pmd_present() returns false after pmd_mknotpresent()
- [mips*] OCTEON: mark RGMII interface disabled on OCTEON III
- CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem
- [x86] kvm/vmx: do not use vm-exit instruction length for fast MMIO when
running nested
- [arm64] KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1
- [armhf] rtc: m41t80: Correct alarm month range with RTC reads
- [x86] tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x
- [arm64,armhf] spi: bcm2835: Unbreak the build of esoteric configs
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.150
- [arm64] pinctrl: meson: fix pull enable register calculation
- Input: restore EV_ABS ABS_RESERVED
- xfrm: Fix bucket count reported to userspace
- netfilter: seqadj: re-load tcp header pointer after possible head
reallocation
- scsi: bnx2fc: Fix NULL dereference in error handling
- [armhf] Input: omap-keypad - fix idle configuration to not block SoC
idle states
- netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel
- bnx2x: Clear fip MAC when fcoe offload support is disabled
- bnx2x: Remove configured vlans as part of unload sequence.
- bnx2x: Send update-svid ramrod with retry/poll flags enabled
- scsi: target: iscsi: cxgbit: fix csk leak
- scsi: target: iscsi: cxgbit: add missing spin_lock_init()
- [arm64] net: hns: Incorrect offset address used for some registers.
- [arm64] net: hns: All ports can not work when insmod hns ko after rmmod.
- [arm64] net: hns: Some registers use wrong address according to the
datasheet.
- [arm64] net: hns: Fixed bug that netdev was opened twice
- [arm64] net: hns: Clean rx fbd when ae stopped.
- [arm64] net: hns: Free irq when exit from abnormal branch
- [arm64] net: hns: Avoid net reset caused by pause frames storm
- [arm64] net: hns: Fix ntuple-filters status error.
- net: hns: Add mac pcs config when enable|disable mac
- SUNRPC: Fix a race with XPRT_CONNECTING
- lan78xx: Resolve issue with changing MAC address
- vxge: ensure data0 is initialized in when fetching firmware version
information
- net: netxen: fix a missing check and an uninitialized use
- [s390x] scsi: zfcp: fix posting too many status read buffers leading to
adapter shutdown
- libceph: fix CEPH_FEATURE_CEPHX_V2 check in calc_signature()
- fork: record start_time late
- hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined
- mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL
- mm, devm_memremap_pages: kill mapping "System RAM" support
- sunrpc: fix cache_head leak due to queued request
- sunrpc: use SVC_NET() in svcauth_gss_* functions
- [mips*] math-emu: Write-protect delay slot emulation pages
- [amd64] crypto: x86/chacha20 - avoid sleeping with preemption disabled
- vhost/vsock: fix uninitialized vhost_vsock->guest_cid
- [amd64] IB/hfi1: Incorrect sizing of sge for PIO will OOPs
- ALSA: cs46xx: Potential NULL dereference in probe
- ALSA: usb-audio: Avoid access before bLength check in
build_audio_procunit()
- ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks
- dlm: fixed memory leaks after failed ls_remove_names allocation
- dlm: possible memory leak on error path in create_lkb()
- dlm: lost put_lkb on error path in receive_convert() and
receive_unlock()
- dlm: memory leaks on error path in dlm_user_request()
- gfs2: Get rid of potential double-freeing in gfs2_create_inode
- gfs2: Fix loop in gfs2_rbm_find
- b43: Fix error in cordic routine
- [powerpc*] tm: Set MSR[TS] just prior to recheckpoint
- 9p/net: put a lower bound on msize
- rxe: fix error completion wr_id and qp_num
- [amd64] iommu/vt-d: Handle domain agaw being less than iommu agaw
- ceph: don't update importing cap's mseq when handing cap export
- [ppc64el] genwqe: Fix size check
- [x86] intel_th: msu: Fix an off-by-one in attribute store
- [i386] power: supply: olpc_battery: correct the temperature units
- [arm64,armhf] drm/vc4: Set ->is_yuv to false when num_planes == 1
- bnx2x: Fix NULL pointer dereference in bnx2x_del_all_vlans() on some hw
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.151
- ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225
- CIFS: Do not hide EINTR after sending network packets
- cifs: Fix potential OOB access of lock element array
- usb: cdc-acm: send ZLP for Telit 3G Intel based modems
- USB: storage: don't insert sane sense for SPC3+ when bad sense specified
- USB: storage: add quirk for SMI SM3350
- USB: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB
- slab: alien caches must not be initialized if the allocation of the
alien cache failed
- mm: page_mapped: don't assume compound page is huge or THP
- ACPI: power: Skip duplicate power resource references in _PRx
- i2c: dev: prevent adapter retries and timeout being set as minus value
- rbd: don't return 0 on unmap if RBD_DEV_FLAG_REMOVING is set
- ext4: make sure enough credits are reserved for dioread_nolock writes
- ext4: fix a potential fiemap/page fault deadlock w/ inline_data
- ext4: avoid kernel warning when writing the superblock to a dead device
- sunrpc: use-after-free in svc_process_common() (CVE-2018-16884)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.152
- tty/ldsem: Wake up readers after timed out down_write()
- tty: Hold tty_ldisc_lock() during tty_reopen()
- tty: Simplify tty->count math in tty_reopen()
- tty: Don't hold ldisc lock in tty_reopen() if ldisc present
- can: gw: ensure DLC boundaries after CAN frame modification
(CVE-2019-3701)
- Revert "f2fs: do not recover from previous remained wrong dnodes"
- media: em28xx: Fix misplaced reset of dev->v4l::field_count
- proc: Remove empty line in /proc/self/status
- [arm64] kvm: consistently handle host HCR_EL2 flags
- [arm64] Don't trap host pointer auth use to EL2
- ipv6: fix kernel-infoleak in ipv6_local_error()
- net: bridge: fix a bug on using a neighbour cache entry without checking
its state
- packet: Do not leak dev refcounts on error exit
- bonding: update nest level on unlink
- ip: on queued skb use skb_header_pointer instead of pskb_may_pull
- crypto: authencesn - Avoid twice completion call in decrypt path
- crypto: authenc - fix parsing key with misaligned rta_len
- btrfs: wait on ordered extents on abort cleanup
- Yama: Check for pid death before checking ancestry
- scsi: core: Synchronize request queue PM status only on successful
resume
- scsi: sd: Fix cache_type_store()
- [arm64] kaslr: ensure randomized quantities are clean to the PoC
- [mips*] Disable MSI also when pcie-octeon.pcie_disable on
- media: vivid: fix error handling of kthread_run
- media: vivid: set min width/height to a value > 0
- LSM: Check for NULL cred-security on free
- media: vb2: vb2_mmap: move lock up
- sunrpc: handle ENOMEM in rpcb_getport_async
- netfilter: ebtables: account ebt_table_info to kmemcg
- selinux: fix GPF on invalid policy
- blockdev: Fix livelocks on loop device
- sctp: allocate sctp_sockaddr_entry with kzalloc
- tipc: fix uninit-value in tipc_nl_compat_link_reset_stats
- tipc: fix uninit-value in tipc_nl_compat_bearer_enable
- tipc: fix uninit-value in tipc_nl_compat_link_set
- tipc: fix uninit-value in tipc_nl_compat_name_table_dump
- tipc: fix uninit-value in tipc_nl_compat_doit
- block/loop: Use global lock for ioctl() operation.
- loop: Fold __loop_release into loop_release
- loop: Get rid of loop_index_mutex
- loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()
- drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock
- mm, memcg: fix reclaim deadlock with writeback
- media: vb2: be sure to unlock mutex on errors
- nbd: set the logical and physical blocksize properly
- nbd: Use set_blocksize() to set device blocksize
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.153
- r8169: Add support for new Realtek Ethernet
- ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped
address
- ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses
- [x86] platform: asus-wmi: Tell the EC the OS will handle the display off
hotkey
- e1000e: allow non-monotonic SYSTIM readings
- writeback: don't decrement wb->refcnt if !wb->bdi
- [arm64,armhf] serial: set suppress_bind_attrs flag only if builtin
- ALSA: oxfw: add support for APOGEE duet FireWire
- [arm64] perf: set suppress_bind_attrs flag to true
- selinux: always allow mounting submounts
- rxe: IB_WR_REG_MR does not capture MR's iova field
- jffs2: Fix use of uninitialized delayed_work, lockdep breakage
- pstore/ram: Do not treat empty buffers as valid
- [ppc64el] powerpc/xmon: Fix invocation inside lock region
- [powerpc*] powerpc/pseries/cpuidle: Fix preempt warning
- media: firewire: Fix app_info parameter type in avc_ca{,_app}_info
- net: call sk_dst_reset when set SO_DONTROUTE
- scsi: target: use consistent left-aligned ASCII INQUIRY data
- [armhf] clk: imx6q: reset exclusive gates on init
- tty/serial: do not free trasnmit buffer page under port lock
- [x86] perf intel-pt: Fix error with config term "pt=0"
- perf svghelper: Fix unchecked usage of strncpy()
- perf parse-events: Fix unchecked usage of strncpy()
- dm kcopyd: Fix bug causing workqueue stalls
- dm snapshot: Fix excessive memory usage and workqueue stalls
- ALSA: bebob: fix model-id of unit for Apogee Ensemble
- sysfs: Disable lockdep for driver bind/unbind files
- scsi: smartpqi: correct lun reset issues
- scsi: megaraid: fix out-of-bound array accesses
- ocfs2: fix panic due to unrecovered local alloc
- mm/page-writeback.c: don't break integrity writeback on ->writepage()
error
- mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps
- [arm64] ipmi:ssif: Fix handling of multi-part return messages
- locking/qspinlock: Pull in asm/byteorder.h to ensure correct endianness
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.154
- net: bridge: Fix ethernet header pointer before check skb forwardable
- net: Fix usage of pskb_trim_rcsum
- openvswitch: Avoid OOB read when parsing flow nlattrs
- vhost: log dirty page correctly
- net: ipv4: Fix memory leak in network namespace dismantle
- net_sched: refetch skb protocol for each filter
- ipfrag: really prevent allocation on netns exit
- USB: serial: simple: add Motorola Tetra TPG2200 device id
- USB: serial: pl2303: add new PID to support PL2303TB
- [x86] ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages
- [s390x] early: improve machine detection
- [s390x] smp: fix CPU hotplug deadlock with CPU rescan
- [x86] char/mwave: fix potential Spectre v1 vulnerability
- staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1
- tty: Handle problem if line discipline does not have receive_buf
- uart: Fix crash in uart_write and uart_put_char
- [x86] tty/n_hdlc: fix __might_sleep warning
- CIFS: Fix possible hang during async MTU reads and writes
- Input: xpad - add support for SteelSeries Stratus Duo
- compiler.h: enable builtin overflow checkers and add fallback code
- Input: uinput - fix undefined behavior in uinput_validate_absinfo()
- [x86] acpi/nfit: Block function zero DSMs
- [x86] acpi/nfit: Fix command-supported detection
- dm thin: fix passdown_double_checking_shared_status()
- [x86] KVM: Fix single-step debugging
- [x86] kaslr: Fix incorrect i8254 outb() parameters
- can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by
removing it
- can: bcm: check timer values before ktime conversion
- vt: invoke notifier on screen size change
- perf unwind: Unwind with libdw doesn't take symfs into account
- perf unwind: Take pgoff into account when reporting elf to libdwfl
- [arm64] irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size
- [s390x] smp: Fix calling smp_call_ipl_cpu() from ipl CPU
- nvmet-rdma: Add unlikely for response allocated check
- nvmet-rdma: fix null dereference under heavy load
- f2fs: read page index before freeing
- btrfs: fix error handling in btrfs_dev_replace_start
- btrfs: dev-replace: go back to suspended state if target device is
missing
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.155
- Fix "net: ipv4: do not handle duplicate fragments as overlapping"
- fs: add the fsnotify call to vfs_iter_write
- ipv6: Consider sk_bound_dev_if when binding a socket to an address
(Closes: #918103)
- l2tp: copy 4 more bytes to linear part if necessary
- net/mlx4_core: Add masking for a few queries on HCA caps
- netrom: switch to sock timer API
- net/rose: fix NULL ax25_cb kernel panic
- net/mlx5e: Allow MAC invalidation while spoofchk is ON
- l2tp: remove l2specific_len dependency in l2tp_core
- l2tp: fix reading optional fields of L2TPv3
- ipvlan, l3mdev: fix broken l3s mode wrt local routes
- CIFS: Do not count -ENODATA as failure for query directory
- fs/dcache: Fix incorrect nr_dentry_unused accounting in
shrink_dcache_sb()
- [arm64] kaslr: ensure randomized quantities are clean also when kaslr is
off
- [arm64] hyp-stub: Forbid kprobing of the hyp-stub
- [arm64] hibernate: Clean the __hyp_text to PoC after resume
- gfs2: Revert "Fix loop in gfs2_rbm_find"
- [x86] platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK
- [x86] platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan
codes
- [arm64,armhf] mmc: sdhci-iproc: handle mmc_of_parse() errors during
probe
- kernel/exit.c: release ptraced tasks before zap_pid_ns_processes
- mm, oom: fix use-after-free in oom_kill_process
- mm: hwpoison: use do_send_sig_info() instead of force_sig()
- mm: migrate: don't rely on __PageMovable() of newpage after unlocking it
- cifs: Always resolve hostname before reconnecting
- drivers: core: Remove glue dirs from sysfs earlier
- fs: don't scan the inode cache before SB_BORN is set
- fanotify: fix handling of events on child sub-directory
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156
- drm/bufs: Fix Spectre v1 vulnerability
- [x86] ASoC: Intel: mrfld: fix uninitialized variable access
- [armhf] gpu: ipu-v3: image-convert: Prevent race between run and
unprepare
- scsi: lpfc: Correct LCB RJT handling
- [armhf] 8808/1: kexec:offline panic_smp_self_stop CPU
- dlm: Don't swamp the CPU with callbacks queued during recovery
- [x86] PCI: Fix Broadcom CNB20LE unintended sign extension (redux)
- [ppc64el] powerpc/pseries: add of_node_put() in dlpar_detach_node()
- [arm64,armhf] drm/vc4: ->x_scaling[1] should never be set to
VC4_SCALING_NONE
- ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl
- [arm64,armhf] soc/tegra: Don't leak device tree node reference
- [x86] iio: accel: kxcjk1013: Add KIOX010A ACPI Hardware-ID
- media: adv*/tc358743/ths8200: fill in min width/height/pixelclock
- f2fs: move dir data flush to write checkpoint process
- f2fs: fix wrong return value of f2fs_acl_create
- nfsd4: fix crash on writing v4_end_grace before nfsd startup
- Thermal: do not clear passive state during system sleep
- firmware/efi: Add NULL pointer checks in efivars API functions
- [arm64] ftrace: don't adjust the LR value
- [x86] fpu: Add might_fault() to user_insn()
- smack: fix access permissions for keyring
- usb: hub: delay hub autosuspend if USB3 port is still link training
- timekeeping: Use proper seqcount initializer
- [armhf] clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module
clocks
- [amd64] iommu/amd: Fix amd_iommu=force_isolation
- [armhf] dts: Fix OMAP4430 SDP Ethernet startup
- [mips*] bpf: fix encoding bug for mm_srlv32_op
- [arm64,armhf] iommu/arm-smmu: Add support for qcom,smmu-v2 variant
- [arm64] iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer
- udf: Fix BUG on corrupted inode
- memstick: Prevent memstick host from getting runtime suspended during
card detection
- [armhf] tty: serial: samsung: Properly set flags in autoCTS mode
- perf header: Fix unchecked usage of strncpy()
- perf probe: Fix unchecked usage of strncpy()
- [arm64] KVM: Skip MMIO insn after emulation
- mac80211: fix radiotap vendor presence bitmap handling
- xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi
- Bluetooth: Fix unnecessary error message for HCI request completion
- scsi: smartpqi: correct host serial num for ssa
- scsi: smartpqi: correct volume status
- drbd: narrow rcu_read_lock in drbd_sync_handshake
- drbd: disconnect, if the wrong UUIDs are attached on a connected peer
- drbd: skip spurious timeout (ping-timeo) when failing promote
- fbdev: fbmem: behave better with small rotated displays and many CPUs
- i40e: define proper net_device::neigh_priv_len
- igb: Fix an issue that PME is not enabled during runtime suspend
- fbdev: fbcon: Fix unregister crash when more than one framebuffer
- [arm64] pinctrl: meson: meson8: fix the GPIO function for the GPIOAO
pins
- [arm64] pinctrl: meson: meson8b: fix the GPIO function for the GPIOAO
pins
- [x86] KVM: svm: report MSR_IA32_MCG_EXT_CTL as unsupported
- NFS: nfs_compare_mount_options always compare auth flavors.
- hwmon: (lm80) fix a missing check of the status of SMBus read
- hwmon: (lm80) fix a missing check of bus read in lm80 probe
- seq_buf: Make seq_buf_puts() null-terminate the buffer
- cifs: check ntwrk_buf_start for NULL before dereferencing it
- um: Avoid marking pages with "changed protection"
- niu: fix missing checks of niu_pci_eeprom_read
- f2fs: fix sbi->extent_list corruption issue
- ocfs2: don't clear bh uptodate for block read
- HID: lenovo: Add checks to fix of_led_classdev_register
- kernel/hung_task.c: break RCU locks based on jiffies
- proc/sysctl: fix return error for proc_doulongvec_minmax()
- fs/epoll: drop ovflist branch prediction
- exec: load_script: don't blindly truncate shebang string
- dccp: fool proof ccid_hc_[rt]x_parse_options()
- rxrpc: bad unlock balance in rxrpc_recvmsg
- skge: potential memory corruption in skge_get_regs()
- rds: fix refcount bug in rds_sock_addref
- net/mlx5e: Force CHECKSUM_UNNECESSARY for short ethernet frames
- [armhf] net: dsa: slave: Don't propagate flag changes on down slave
interfaces
- enic: fix checksum validation for IPv6
- ALSA: compress: Fix stop handling on compressed capture streams
- ALSA: hda - Serialize codec registrations
- fuse: call pipe_buf_release() under pipe lock
- fuse: decrement NR_WRITEBACK_TEMP on the right page
- fuse: handle zero sized retrieve correctly
- [arm64,armhf] dmaengine: bcm2835: Fix interrupt race on RT
- [arm64,armhf] dmaengine: bcm2835: Fix abort of transactions
- [armhf] dmaengine: imx-dma: fix wrong callback invoke
- [armhf] usb: phy: am335x: fix race condition in _probe
- [armhf] usb: gadget: musb: fix short isoc packets with inventra dma
- scsi: aic94xx: fix module loading
- [x86] KVM: work around leak of uninitialized stack contents
(CVE-2019-7222)
- kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)
- [x86] KVM: nVMX: unconditionally cancel preemption timer in free_nested
(CVE-2019-7221)
- [x86] perf/x86/intel/uncore: Add Node ID mask
- [x86] MCE: Initialize mce.bank in the case of a fatal error in
mce_no_way_out()
- perf/core: Don't WARN() for impossible ring-buffer sizes
- perf tests evsel-tp-sched: Fix bitwise operator
- serial: fix race between flush_to_ldisc and tty_open
- oom, oom_reaper: do not enqueue same task twice
- [amd64] PCI: vmd: Free up IRQs on suspend path
- [amd64] IB/hfi1: Add limit test for RC/UC send via loopback
- [x86] perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.157
- [armhf] mtd: rawnand: gpmi: fix MX28 bus master lockup problem
- signal: Always notice exiting tasks
- signal: Better detection of synchronous signals
- [arm64,armhf] misc: vexpress: Off by one in vexpress_syscfg_exec()
- debugfs: fix debugfs_rename parameter checking
- [mips*] cm: reprime error cause
- [mips*] OCTEON: don't set octeon_dma_bar_type if PCI is disabled
- mac80211: ensure that mgmt tx skbs have tailroom for encryption
- drm/modes: Prevent division by zero htotal
- [x86] drm/vmwgfx: Fix setting of dma masks
- [x86] drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user
- nfsd4: fix cached replies to solo SEQUENCE compounds
- nfsd4: catch some false session retries
- HID: debug: fix the ring buffer implementation (CVE-2019-3819)
- Revert "cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy
(insecure cifs)"
- libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive()
- xfrm: refine validation of template and selector families
- batman-adv: Avoid WARN on net_device without parent in netns
- batman-adv: Force mac header to start of data on xmit
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.158
- Revert "exec: load_script: don't blindly truncate shebang string"
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.159
- dt-bindings: eeprom: at24: add "atmel,24c2048" compatible string
- eeprom: at24: add support for 24c2048
- uapi/if_ether.h: prevent redefinition of struct ethhdr
- [armel,armhf] 8789/1: signal: copy registers using __copy_to_user()
- [armel,armhf] 8791/1: vfp: use __copy_to_user() when saving VFP state
- [armel,armhf] 8793/1: signal: replace __put_user_error with __put_user
- [armel,armhf] 8794/1: uaccess: Prevent speculative use of the current
addr_limit
- [armel,armhf] 8795/1: spectre-v1.1: use put_user() for __put_user()
- [armel,armhf] 8796/1: spectre-v1,v1.1: provide helpers for address
sanitization
- [armel,armhf] 8797/1: spectre-v1.1: harden __copy_to_user
- [armel,armhf] 8810/1: vfp: Fix wrong assignement to ufp_exc
- [armel,armhf] make lookup_processor_type() non-__init
- [armel,armhf] split out processor lookup
- [armel,armhf] clean up per-processor check_bugs method call
- [armel,armhf] add PROC_VTABLE and PROC_TABLE macros
- [armel,armhf] spectre-v2: per-CPU vtables to work around big.Little
systems
- [armel,armhf] ensure that processor vtables is not lost after boot
- [armel,armhf] fix the cockup in the previous patch
- net: create skb_gso_validate_mac_len() (CVE-2018-1000026)
- bnx2x: disable GSO where gso_size is too big for hardware
(CVE-2018-1000026)
- [i386] ACPI: NUMA: Use correct type for printing addresses on i386-PAE
- cpufreq: check if policy is inactive early in __cpufreq_get()
- [armel] dts: kirkwood: Fix polarity of GPIO fan lines
- cifs: Limit memory used by lock request calls to a page
- perf report: Include partial stacks unwound with libdw
- Revert "Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire
F5-573G"
- Input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK
- perf/core: Fix impossible ring-buffer sizes warning
- [x86] perf: Add check_period PMU callback
- ALSA: hda - Add quirk for HP EliteBook 840 G5
- ALSA: usb-audio: Fix implicit fb endpoint setup by quirk
- [x86] kvm: vmx: Fix entry number check for add_atomic_switch_msr()
- Input: elantech - enable 3rd button support on Fujitsu CELSIUS H780
- [alpha] fix page fault handling for r16-r18 targets
- [alpha] Fix Eiger NR_IRQS to 128
- tracing/uprobes: Fix output for multiple string arguments
- signal: Restore the stop PTRACE_EVENT_EXIT
- [amd64] x86/a.out: Clear the dump structure initially
- dm thin: fix bug where bio that overwrites thin block ignores FUA
- [x86] drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set
- smsc95xx: Use skb_cow_head to deal with cloned skbs
- ch9200: use skb_cow_head() to deal with cloned skbs
- kaweth: use skb_cow_head() to deal with cloned skbs
- [arm64,armhf] usb: dwc2: Remove unnecessary kfree
- netfilter: nf_tables: fix mismatch in big-endian system
- [arm64] pinctrl: msm: fix gpio-hog related boot issues
- mm: stop leaking PageTables
- uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define
- Revert "scsi: aic94xx: fix module loading"
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.160
- net: fix IPv6 prefix route residue
- [x86] vsock: cope with memory allocation failure at socket creation time
- hwmon: (lm80) Fix missing unlock on error in set_fan_div()
- net: Fix for_each_netdev_feature on Big endian
- [arm64,armhf] net: stmmac: handle endianness in dwmac4_get_timestamp
- sky2: Increase D3 delay again
- vhost: correctly check the return value of translate_desc() in
log_used()
- net: Add header for usage of fls64()
- tcp: tcp_v4_err() should be more careful
- net: Do not allocate page fragments that are not skb aligned
- tcp: clear icsk_backoff in tcp_write_queue_purge()
- vxlan: test dev->flags & IFF_UP before calling netif_rx()
- [arm64,armhf] net: stmmac: Fix a race in EEE enable callback
- net: ipv4: use a dedicated counter for icmp_v4 redirect packets
- btrfs: Remove false alert when fiemap range is smaller than on-disk
extent
- mISDN: fix a race in dev_expire_timer()
- ax25: fix possible use-after-free
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.161
- mac80211: Free mpath object when rhashtable insertion fails
- libceph: handle an empty authorize reply
- ceph: avoid repeatedly adding inode to mdsc->snap_flush_list
- numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES
- proc, oom: do not report alien mms when setting oom_score_adj
- KEYS: allow reaching the keys quotas exactly
- [armhf] mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering
mfd cells
- [armhf] mfd: twl-core: Fix section annotations on {,un}protect_pm_master
- [arm64] mfd: qcom_rpm: write fw_version to CTRL_REG
- [armhf] mfd: mc13xxx: Fix a missing check of a register-read failure
- qed: Fix qed_ll2_post_rx_buffer_notify_fw() by adding a write memory
barrier
- [arm64] net: hns: Fix use after free identified by SLUB debug
- scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param
- [x86] scsi: isci: initialize shost fully before calling scsi_add_host()
- atm: he: fix sign-extension overflow on large shift
- [armhf] leds: lp5523: fix a missing check of return value of lp55xx_read
- net/mlx5e: Fix wrong (zero) TX drop counter indication for representor
- RDMA/srp: Rework SCSI device reset handling
- KEYS: user: Align the payload buffer
- KEYS: always initialize keyring_index_key::desc_len
- batman-adv: fix uninit-value in batadv_interface_tx()
- net/packet: fix 4gb buffer limit due to overflow check
- team: avoid complex list operations in team_nl_cmd_options_set()
- sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach()
- sctp: call gso_reset_checksum when computing checksum in
sctp_gso_segment
- net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames
- [hppa/parisc] Fix ptrace syscall number modification
- [x86] hpet: Make cmd parameter of hpet_ioctl_common() unsigned
- clocksource: Use GENMASK_ULL in definition of CLOCKSOURCE_MASK
- netpoll: Fix device name check in netpoll_setup()
- tracing: Use cpumask_available() to check if cpumask variable may be
used
- [x86] boot: Disable the address-of-packed-member compiler warning
- [x86] drm/i915: Consistently use enum pipe for PCH transcoders
- [x86] drm/i915: Fix enum pipe vs. enum transcoder for the PCH transcoder
- [arm64] irqchip/gic-v3: Convert arm64 GIC accessors to
{read,write}_sysreg_s
- mm/zsmalloc.c: change stat type parameter to int
- mm/zsmalloc.c: fix -Wunneeded-internal-declaration warning
- Revert "bridge: do not add port to router list when receives query with
source 0.0.0.0"
- netfilter: nf_tables: fix flush after rule deletion in the same batch
- [arm64] pinctrl: max77620: Use define directive for
max77620_pinconf_param values
- [arm64,armhf] phy: tegra: remove redundant self assignment of 'map'
- sched/sysctl: Fix attributes of some extern declarations
.
[ Salvatore Bonaccorso ]
* Refresh kbuild-use-nostdinc-in-compile-tests.patch for context changes in
4.9.145
* [rt] Update to 4.9.146-rt125
- seqlock: provide the same ordering semantics as mainline
- squashfs: make use of local lock in multi_cpu decompressor
- locallock: provide {get,put}_locked_ptr() variants
- posix-timers: move the rcu head out of the union
- alarmtimer: Prevent live lock in alarm_cancel()
- block: blk-mq: move blk_queue_usage_counter_release() into process
context
- Revert "block: blk-mq: Use swait"
- Revert "rt,ntp: Move call to schedule_delayed_work() to helper thread"
- net: use task_struct instead of CPU number as the queue owner on -RT
- locking: add types.h
- mm/slub: close possible memory-leak in kmem_cache_alloc_bulk()
- crypto: limit more FPU-enabled sections
- sched, tracing: Fix trace_sched_pi_setprio() for deboosting
- rcu: Suppress lockdep false-positive ->boost_mtx complaints
- rcu: Do not include rtmutex_common.h unconditionally
- rtmutex: Make rt_mutex_futex_unlock() safe for irq-off callsites
- futex: Fix OWNER_DEAD fixup
- futex: Avoid violating the 10th rule of futex
- futex: Fix more put_pi_state() vs. exit_pi_state_list() races
- futex: Fix pi_state->owner serialization
* [rt] Refresh 0366-posix-timers-move-the-rcu-head-out-of-the-union.patch.
Refresh for context changes caused by a Debian specific patch to avoid
ABI change in 4.9.136: "posix-timers: Avoid ABI change in 4.9.136"
* [rt] Refresh 0280-random-Make-it-work-on-rt.patch
* [rt] Refresh 0198-fs-aio-simple-simple-work.patch for context changes in
4.9.147
* Btrfs: fix corruption reading shared and compressed extents after hole
punching (Closes: #922306)
.
[ Ben Hutchings ]
* Bump ABI to 9 and apply deferred changes:
- netfilter: ipv6: nf_defrag: reduce struct net memory waste
- proc/sysctl: prune stale dentries during unregistering
- proc/sysctl: Don't grab i_lock under sysctl_lock.
- proc: Fix proc_sys_prune_dcache to hold a sb reference
- [mips*] Correct the 64-bit DSP accumulator register size
- inet: frags: fix ip6frag_low_thresh boundary
- inet: frags: reorganize struct netns_frags
- rhashtable: reorganize struct rhashtable layout
- inet: frags: break the 2GB limit for frags storage
- elevator: fix truncation of icq_cache_name
linux (4.9.144-3.1) stretch; urgency=high
.
* Non-maintainer upload.
* Fix boot breakage on 32-bit arm (closes: #922478). Thanks to Adrian Bunk
for spotting the mistake.
linux-latest (80+deb9u7) stretch; urgency=medium
.
* Update to 4.9.0-9
mariadb-10.1 (10.1.38-0+deb9u1) stretch; urgency=medium
.
* SECURITY UPDATE: New upstream release 10.1.38. Includes fixes for
the following security vulnerabilities (Closes: #920933):
- CVE-2019-2537
- CVE-2019-2529
* Update correct branch name in gbp.conf
* Disable test unit.pcre_test on s390x that was failing in stretch-security
(Closes: #920854)
* Limit build test suite to 'main' like in mariadb-10.3 to make unnecessary
build failures less likely in lifetime of Stretch.
* Fix mips compilation failure (__bss_start symbol missing) (Closes: #920855)
* Extend the server README to clarify common misunderstandings
(Closes: #878215)
* Enable ccache in CMake path so it can be used automatically where available
* Heavily refactor and unify gitlab-ci.yml MariaDB install/upgrade steps.
This ensures uploads to Stretch are much more safer to do now than in the
past.
mariadb-10.1 (10.1.37-0+deb9u1) stretch-security; urgency=high
.
* SECURITY UPDATE: New upstream release 10.1.37. Includes fixes for
the following security vulnerabilities (Closes: #912848);
- CVE-2018-3282
- CVE-2018-3251
- CVE-2018-3174
- CVE-2018-3156
- CVE-2018-3143
- CVE-2016-9843
* Add (and rename) new man pages
* Add Gitlab-CI definition file that can test each commit to this repository
* Fix d/control metadata to match status for Debian Stretch
* Physically remove patches no longer in series and not applied anyway
* Fix wrong-path-for-interpreter in innotop script to make package
Lintian error free as pass CI systems fully
* Previous upstream version 10.1.35 included fixes for the following
security vulnerabilities:
- CVE-2018-3066
- CVE-2018-3064
- CVE-2018-3063
- CVE-2018-3058
* Previous upstream version 10.1.33 included fixes for the following
security vulnerabilities:
- CVE-2018-2819
- CVE-2018-2817
- CVE-2018-2813
- CVE-2018-2787
- CVE-2018-2784
- CVE-2018-2782
- CVE-2018-2781
- CVE-2018-2771
- CVE-2018-2767
- CVE-2018-2766
- CVE-2018-2761
- CVE-2018-2755
* Previous upstream version 10.1.31 included fixes for the following
security vulnerabilities:
- CVE-2018-2668
- CVE-2018-2665
- CVE-2018-2640
- CVE-2018-2622
- CVE-2018-2612
- CVE-2018-2562
* Revert "Update d/gbp.conf to track stretch branches"
* New upstream version 10.1.30. Includes fixes for the following
security vulnerabilities (Closes: #885345):
- CVE-2017-15365
* Amend previous Debian changelog entries to contain new CVE identifiers
* Refresh patches for MariaDB 10.1.30 and again for .34
* Delete unnecessary systemd files introduced by upstream
* Add new files introduced by upstream to correct packages
* Use list-missing instead of fail in d/rules so builds pass
.
[ Ondřej Surý ]
* New upstream version 10.1.29. Includes fixes for the following
security vulnerabilities:
- CVE-2017-10378
- CVE-2017-10268
- MDEV-13819
* Add libconfig-inifiles-perl to mariadb-client-10.1 depends to fix
mytop
* Add mips64el to the list of platforms that are allowed to fail test
suite
* Handle new and/or missing files
* Ignore failed tests on more non-release platforms (kfreebsd-i386,
kfreebsd-amd64 and sparc64)
* Rebase patches for MariaDB 10.1.29
.
[ Christian Ehrhardt ]
* d/t/upstream: skip func_regexp_pcre on s390x
.
[ Vicentiu Ciorbaru ]
* Fix Mroonga compilation failure on arm64
* Extend libmariadbclient-rename.patch to cover TokuDB as well
* Disable disks.disks test
mariadb-10.1 (10.1.29-1) unstable; urgency=medium
.
* New upstream version 10.1.29
* Remove the mariadb-test-* packages as they are now provided by
mariadb-10.2 (Closes: #881898)
* Rebase patches for new upstream version.
mariadb-10.1 (10.1.28-2) unstable; urgency=high
.
* Add libconfig-inifiles-perl to mariadb-client-10.1 depends to fix
mytop (Closes: #875708)
* Add mips64el to the list of platforms that are allowed to fail test
suite (Closes: #879637)
mariadb-10.1 (10.1.28-1) unstable; urgency=medium
.
* New upstream version 10.1.28
* Rebase patches on top of MariaDB 10.1.28
* Add extra symbols aliases for libmariadbclient_16
mariadb-10.1 (10.1.26-1) unstable; urgency=medium
.
* Ignore upstream debian/ directory when importing upstream tarball
* New upstream version 10.1.26
* Refresh patches for MariaDB 10.1.26
* Remove unstable tests patches for unstable build, so we see what is
really failing and what is not
mosquitto (1.4.10-3+deb9u4) stretch-security; urgency=high
.
* Fix potential crash when reloading persistence file. (closes: #922071).
mosquitto (1.4.10-3+deb9u3) stretch-security; urgency=high
.
* SECURITY UPDATE: If Mosquitto is configured to use a password file for
authentication, any malformed data in the password file will be treated as
valid. This typically means that the malformed data becomes a username and
no password. If this occurs, clients can circumvent authentication and get
access to the broker by using the malformed username. In particular, a blank
line will be treated as a valid empty username. Other security measures are
unaffected. Users who have only used the mosquitto_passwd utility to create
and modify their password files are unaffected by this vulnerability.
- debian/patches/mosquitto-1.4.x-cve-2018-12551.patch: this fix introduces
more stringent parsing tests on the password file data.
- CVE-2018-12551
* SECURITY UPDATE: If an ACL file is empty, or has only blank lines or
comments, then mosquitto treats the ACL file as not being defined, which
means that no topic access is denied. Although denying access to all
topics is not a useful configuration, this behaviour is unexpected and
could lead to access being incorrectly granted in some circumstances.
- debian/patches/mosquitto-1.4.x-cve-2018-12550.patch: this fix ensures
that if an ACL file is defined but no rules are defined, then access will
be denied.
- CVE-2018-12550
* SECURITY UPDATE: If a client publishes a retained message to a topic that
they have access to, and then their access to that topic is revoked, the
retained message will still be delivered to future subscribers. This
behaviour may be undesirable in some applications, so a configuration
option `check_retain_source` has been introduced to enforce checking of
the retained message source on publish.
- debian/patches/mosquitto-1.4.9-1.4.14-cve-2018-12546.patch: this patch stores
the originator of the retained message, so security checking can be
carried out before re-publishing. The complexity of the patch is due to
the need to save this information across broker restarts.
- CVE-2018-12546
mumble (1.2.18-1+deb9u1) stretch-security; urgency=high
.
* debian/patches:
- Add 60-fix-message-flood.diff to fix instability and crash due to
message flooding
Thanks to "the zombi community" for finding the bug, committing
a fix upstream, and contacting me to fix the issue in Debian
- Add 61-configurable-rate-limit.diff to make message rate limit
configurable
ncmpc (0.25-0.1+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Fix CVE-2018-9240 (Closes: #894724)
neutron (2:9.1.1-3+deb9u1) stretch-security; urgency=medium
.
* CVE-2019-9735: it's possible to add a security group rule for VRRP with a
dport. Apply upstream patch: When converting sg rules to iptables, do not
emit dport if not supported. (Closes: #924508).
node-superagent (0.20.0+dfsg-1+deb9u2) stretch; urgency=medium
.
* Fix incompatible instruction in CVE-2017-16129 patch
node-superagent (0.20.0+dfsg-1+deb9u1) stretch; urgency=medium
.
* Team upload
* Add patch to fix ZIP bomb attacks (Closes: CVE-2017-16129)
ntfs-3g (1:2016.2.22AR.1+dfsg-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix heap-based buffer overflow (CVE-2019-9755)
nvidia-graphics-drivers (390.116-1) stretch; urgency=medium
.
* New upstream legacy branch release 390.116 (2019-02-22).
* Fixed CVE‑2018‑6260. (Closes: #913467)
https://nvidia.custhelp.com/app/answers/detail/a_id/4772
- Fixed build failures which resulted in errors like "implicit declaration
of function drm_...", when building the NVIDIA DRM kernel module for Linux
kernel 5.0 release candidates.
- Fixed a bug which could cause VK_KHR_external_semaphore_fd operations
to fail.
- Fixed a build failure, "implicit declaration of function
'vm_insert_pfn'", when building the NVIDIA DRM kernel module for Linux
kernel 4.20 release candidates.
- Fixed a build failure, "unknown type name 'ipmi_user_t'", when building
the NVIDIA kernel module for Linux kernel 4.20 release candidates.
- Fixed a bug that caused mode switches to fail when an SDI output board was
connected.
- Fixed a bug that could cause rendering corruption in Vulkan programs.
- Fixed a bug that caused vkGetPhysicalDeviceDisplayPropertiesKHR() to
occasionally return incorrect values for physicalResolution.
* New upstream legacy branch release 340 series.
- Fixed a build failure, "too many arguments to function 'get_user_pages'",
when building the NVIDIA kernel module for Linux kernel v4.4.168.
- Fixed a build failure, "implicit declaration of function do_gettimeofday",
when building the NVIDIA kernel module for Linux kernel 5.0 release
candidates.
- Added a new kernel module parameter, NVreg_RestrictProfilingToAdminUsers,
to allow restricting the use of GPU performance counters to system
administrators only.
.
[ Luca Boccassi ]
* Drop kmem_cache_create_usercopy.patch, drm-mode.patch,
ipmi-user.patch, vm-insert-pfn.patch: fixed upstream.
* Update symbols files.
.
[ Andreas Beckmann ]
* nvidia-detect: stretch now has a 390.xx driver.
* nvidia-kernel-source: Bump debhelper dependency to match Build-Depends.
* Upload to stretch.
nvidia-graphics-drivers (390.87-8) unstable; urgency=medium
.
* Tune more package relationships to prevent that installing packages from
nvidia-graphics-drivers-legacy-390xx driver pulls in packages from
nvidia-graphics-drivers via Recommends.
nvidia-settings (390.116-1) stretch; urgency=medium
.
* New upstream release 390.116.
- Added the synchronization state for PRIME Displays to nvidia-settings.
- Fixed a bug that could prevent nvidia-xconfig from disabling the X
Composite extension on version 1.20 of the X.org X server.
* Upload to stretch.
nvidia-settings (390.87-2) unstable; urgency=medium
.
* Drop versioned constraints that are satisfied in wheezy.
* Switch to debhelper-compat (= 12).
nvidia-settings (390.87-1) unstable; urgency=medium
.
* New upstream release 390.87.
* Add Build-Depends-Package field to symbols file.
* Bump Standards-Version to 4.3.0. No changes needed.
obs-build (20160921-1+deb9u1) stretch; urgency=medium
.
* CVE-2017-14804 (Closes: #887306)
- Improve extractbuild to avoid write to files in the host system.
- debian/patches/Improve-sanity-checks-in-extractbuild.patch: add new
openjdk-8 (8u212-b01-1~deb9u1) stretch-security; urgency=medium
.
* Rebuild for stretch
openjdk-8 (8u202-b26-3) unstable; urgency=medium
.
* Fix the 8u202 merge for aarch32, not using SA.
openjdk-8 (8u202-b26-2) unstable; urgency=medium
.
* Fix builds using the aarch32 hotspot version.
openjdk-8 (8u202-b26-1) unstable; urgency=high
.
* Update to 8u202-b26.
* Security fixes:
- CVE-2019-2422, S8206290: Better FileChannel transfer performance.
- CVE-2019-2426, S8209094: Improve web server connections.
- S8199156: Better route routing.
- S8199552: Update to build scripts.
- S8200659: Improve BigDecimal support.
- S8203955: Improve robot support.
- S8204895: Better icon support.
- S8205709: Proper allocation handling.
- S8205714: Initial class initialization.
- S8210094: Better loading of classloader classes.
- S8210606: Improved data set handling.
- S8210866: Improve JPEG processing.
.
[ Tiago Stürmer Daitx ]
* Update DEP8 tests:
- debian/tests/control: updated to allow stderr output and to remove
dpkg-dev dependency.
- debian/tests/jtdiff-autopkgtest.sh: use dpkg --print-architecture
instead of dpkg-architecture; log script name on any output.
- debian/tests/jtreg-autopkgtest.in: use dpkg --print-architecture instead
of dpkg-architecture; do not retain test temporary files; log script
name on any output.
- debian/tests/jtreg-autopkgtest.sh: regenerated.
openjdk-8 (8u191-b12-2) unstable; urgency=high
.
* Upload to unstable.
* Remove the "Team upload" for the last upload to experimental.
openjdk-8 (8u191-b12-1) experimental; urgency=medium
.
* Team upload
* Update to 8u191-b12. (Closes: #911925, Closes: #912333, LP: #1800792)
* debian/excludelist.jdk.jtx: no longer needed, using ProblemsList.txt
from upstream now.
* debian/excludelist.langtools.jtx: upstream testing does not use any
exclusion list.
* debian/patches/sec-webrev-8u191-b12*: removed, applied upstream.
* debian/patches/jdk-8132985-backport-double-free.patch,
debian/patches/jdk-8139803-backport-warning.patch: fix crash in
freetypescaler due to double free, thanks to Heikki Aitakangas for
the report and patches. (Closes: #911847)
* debian/rules:
- tar and save JTreport directory.
- run the same limited set of tests as upstream does.
- call the same testsuites scripts used for autopkgtest.
- reenable jdk testsuite.
- simplified and moved xvfb logic into check-jdk rule.
- removed jtreg and xvfb build dependency logic and moved the bdeps
into debian/control.in.
- added rules to generate autopkgtest scripts from templates.
* updated dep8 tests:
- debian/test/control: run hotspot, langtools, and jdk testsuites.
- debian/tests/hotspot, debian/tests/jdk, debian/tests/langtools:
add scripts for each testsuite to be run.
- debian/tests/jtreg-autopkgtest.sh: template to generate the jtreg
script used by the autopkgtest tests.
- debian/tests/jtdiff-autopkgtest.sh: used by the scripts to report
any differences between the autopkgtest and the tests results
generated during the openjdk package build.
- debian/tests/jtreg-autopkgtest.sh: used by the scripts to run jtreg
and put the resulting artifacts in the right places.
- debian/tests/valid-tests: removed, no longer needed.
openjdk-8 (8u181-b13-2) unstable; urgency=high
.
[ Tiago Stürmer Daitx ]
* Apply patches from 8u191-b12 security update.
- CVE-2018-3136, S8194534: Manifest better support.
- CVE-2018-3139, S8196902: Better HTTP Redirection.
- CVE-2018-3149, S8199177: Enhance JNDI lookups.
- CVE-2018-3169, S8199226: Improve field accesses.
- CVE-2018-3180, S8202613: Improve TLS connections stability.
- CVE-2018-3183, S8202936: Improve script engine support.
- CVE-2018-3214, S8205361: Better RIFF reading support.
- CVE-2018-3211: Unspecified vulnerability in the Serviceability component.
- S8195868: Address Internet Addresses.
- S8195874: Improve jar specification adherence.
- S8201756: Improve cipher inputs.
- S8203654: Improve cypher state updates.
- S8204497: Better formatting of decimals.
* debian/patches/jdk-freetypeScaler-crash.diff: removed as this patch causes
a memory leak; upstream fixed it in openjdk-7, albeit in a different way.
Closes: #910672.
.
[ Matthias Klose ]
* Bump standards version.
openjpeg2 (2.1.2-1.1+deb9u3) stretch-security; urgency=medium
.
* Non-maintainer upload by the Security Team.
* CVE-2018-14423: Division-by-zero vulnerabilities in the functions
pi_next_pcrl, pi_next_cprl, and pi_next_rpcl (closes: #904873).
* CVE-2018-6616: Excessive Iteration in opj_t1_encode_cblks
(closes: #889683).
* CVE-2017-17480: Write stack buffer overflow due to missing buffer
length formatter in fscanf call (closes: #884738).
* CVE-2018-18088: Null pointer dereference caused by null image
components in imagetopnm (closes: #910763).
* CVE-2018-5785: Integer overflow in convertbmp.c (closes: #888533).
openssh (1:7.4p1-10+deb9u6) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Apply upstream patch to make scp handle shell-style brace expansions
when checking that filenames sent by the server match what the client
requested (closes: #923486).
openssl1.0 (1.0.2r-1~deb9u1) stretch-security; urgency=medium
.
[ Kurt Roeckx ]
* New upstream version
- Fixes CVE-2019-1559
.
[ Sebastian Andrzej Siewior ]
* Use openssl.cnf from the build directory for the testsuite.
openssl1.0 (1.0.2q-2) unstable; urgency=medium
.
* User openssl.cnf from the build directory for the testsuite.
openssl1.0 (1.0.2q-1) unstable; urgency=medium
.
* Correct typo in the riscv64 target (Closes: #891799).
* Update to policy 4.1.4
- drop Priority: important.
- use signing-key.asc and a https links for downloads.
- point the VCS-* to salsa.
* Import upstream version 1.0.2q
- CVE-2018-5407 (Microarchitecture timing vulnerability in ECC scalar
multiplication)
- CVE-2018-0734 (Timing vulnerability in DSA signature generation)
- CVE-2018-0732 (Client DoS due to large DH parameter)
- CVE-2018-0737 (Cache timing vulnerability in RSA Key Generation)
(Closes: #895845)
passenger (5.0.30-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* arbitrary file read via REVISION symlink (CVE-2017-16355)
(Closes: #884463)
* Fix privilege escalation in the Nginx module (CVE-2018-12029)
(Closes: #921767)
pdns (4.0.3-1+deb9u4) stretch-security; urgency=medium
.
* Insufficient validation in the HTTP remote backend (CVE-2019-3871)
Thanks to Salvatore Bonaccorso <carnil@debian.org> (Closes: #924966)
perlbrew (0.78-1+deb9u1) stretch; urgency=medium
.
* Backport upstream fix for CPAN URLs.
CPAN URLs have changed to use HTTPS, which makes perlbrew fail to detect
perl tarballs. This patch changes the regexp to allow both HTTP and HTTPS.
(Closes: #927065)
php7.0 (7.0.33-0+deb9u3) stretch-security; urgency=medium
.
* Pull security fixes from https://github.com/Microsoft/php-src, a
shared effort by Remi Collet and Anatol Belski to keep up with
security issues in PHP 5.6.40 after EOL.
* Security Issues Fixed:
+ Core:
- Fixed bug #77630 (rename() across the device may allow unwanted access during processing).
+ EXIF:
- Fixed bug #77509 (Uninitialized read in exif_process_IFD_in_TIFF).
- Fixed bug #77540 (Invalid Read on exif_process_SOFn).
- Fixed bug #77563 (Uninitialized read in exif_process_IFD_in_MAKERNOTE).
- Fixed bug #77659 (Uninitialized read in exif_process_IFD_in_MAKERNOTE).
+ PHAR:
- Fixed bug #77396 (Null Pointer Dereference in phar_create_or_parse_filename).
- Fixed bug #77586 (phar_tar_writeheaders_int() buffer overflow).
+ SPL:
- Fixed bug #77431 (openFile() silently truncates after a null byte).
php7.0 (7.0.33-0+deb9u2) stretch-security; urgency=medium
.
* CVE-2019-9020
* CVE-2019-9021
* CVE-2019-9022 (plus backport for CAA support)
* CVE-2019-9023
* CVE-2019-9024
postfix (3.1.12-0+deb9u1) stretch; urgency=medium
.
[Scott Kitterman]
.
* Add detailed smarthost instructions to README.Debian. Thanks to Celejar
for the input. Closes: #919444
* Refresh patches
.
[Wietse Venema]
.
* 3.1.10
- Bugfix (introduced: Postfix 2.11): minor memory leak when
minting issuer certs. This affects a tiny minority of use
cases. Viktor Dukhovni, based on a fix by Juan Altmayer
Pizzorno for the ssl_dane library. File: tls/tls_dane.c.
- Bugfix (introduced: Postfix 3.0): with smtputf8_enable=yes,
table lookups could casefold the search string when searching
a lookup table that does not use fixed-string keys (regexp,
pcre, tcp, etc.). Historically, Postfix would not case-fold
the search string with such tables. File: util/dict_utf8.c.
Closes: #917512
- Multiple 'bit rot' fixes for OpenSSL API changes, including
support to disable TLSv1.3, to avoid issuing multiple session
tickets. Viktor Dukhovni. Files: proto/postconf.proto,
proto/TLS_README.html, tls/tls.h, tls/tls_server.c,
tls/tls_misc.c.
- Bugfix (introduced: 3.0): smtpd_discard_ehlo_keywords could
not disable "SMTPUTF8". because the lookup table was using
"EHLO_MASK_SMTPUTF8" instead. File: global/ehlo_mask.c.
- Documentation: update documentation for Postfix versions
that support disabling TLS 1.3. File: proto/postconf.proto.
- Improved logging of TLS 1.3 summary information, and improved
reporting of the same info in Received: message headers.
Viktor Dukhovni. Files: proto/FORWARD_SECRECY_README.html,
posttls-finger/posttls-finger.c, smtpd/smtpd.c, tls/tls.h,
tls/tls_client.c, tls/tls_misc.c, tls/tls_proxy.h,
tls/tls_proxy_context_print.c, tls/tls_proxy_context_scan.c,
tls/tls_server.c.
* 3.1.11
- Bugfix (introduced: postfix-2.11): with posttls-finger,
connections to unix-domain servers always resulted in "Failed
to establish session" even after a connection was established.
Jaroslav Skarva. File: posttls-finger/posttls-finger.c.
* 3.1.12
- Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce
has been producing false rejects starting with the Postfix
2.2 smtpd_end_of_data_restrictons, and for the same reasons,
did the same with the Postfix 3.4 BDAT command. The latter
was reported by Andreas Schulze. File: smtpd/smtpd_check.c.
- Bugfix (introduced: Postfix 3.0): LMTP connections over
UNIX-domain sockets were cached but not reused, due to a
cache lookup key mismatch. Therefore, idle cached connections
could exhaust LMTP server resources, resulting in two-second
pauses between email deliveries. This problem was investigated
by Juliana Rodrigueiro. File: smtp/smtp_connect.c.
postgresql-9.6 (9.6.12-0+deb9u1) stretch; urgency=medium
.
* New upstream version.
* Revert upstream patch "Disallow setting client_min_messages higher than
ERROR", it causes to much disruption to existing (test) scripts.
psk31lx (2.1-1+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Make the version of the binary package 2.1+2.2really2.1-1+deb9u1 s.t. this
sorts after the package in lenny (2.1+2.2beta1-8, built from src:twpsk)
and before the the package in buster (2.2-1). (Closes: #911780)
publicsuffix (20190415.1030-0+deb9u1) stretch; urgency=medium
.
* new upstream publicsuffix data
publicsuffix (20190329.0756-1) unstable; urgency=medium
.
* new upstream version
publicsuffix (20190221.0923-1) unstable; urgency=medium
.
* new upstream version
publicsuffix (20190221.0923-0+deb9u1) stretch; urgency=medium
.
* new upstream publicsuffix data
publicsuffix (20190128.1516-1) unstable; urgency=medium
.
* new upstream version
publicsuffix (20181227.1630-1) unstable; urgency=medium
.
* new upstream version
publicsuffix (20181108.2228-1) unstable; urgency=medium
.
* new upstream version
publicsuffix (20181030.1007-1) unstable; urgency=medium
.
* new upstream version
publicsuffix (20181003.1334-3) unstable; urgency=medium
.
* correct name of diff package for autopkgtest
publicsuffix (20181003.1334-2) unstable; urgency=medium
.
* Standards-Version: bump to 4.2.1 (no changes needed)
* add debian/watch to look at git, despite #910762
* added simple autopkgtest (borrowed from libpsl)
publicsuffix (20181003.1334-1) unstable; urgency=medium
.
* new upstream version
putty (0.67-3+deb9u1) stretch-security; urgency=high
.
* Backport security fixes from 0.71:
- In random_add_noise, put the hashed noise into the pool, not the raw
noise.
- New facility for removing pending toplevel callbacks.
- CVE-2019-9898: Fix one-byte buffer overrun in random_add_noise().
- uxnet: clean up callbacks when closing a NetSocket.
- sk_tcp_close: fix memory leak of output bufchain.
- Fix handling of bad RSA key with n=p=q=0.
- Sanity-check the 'Public-Lines' field in ppk files.
- Introduce an enum of the uxsel / select_result flags.
- CVE-2019-9895: Switch to using poll(2) in place of select(2).
- CVE-2019-9894: RSA kex: enforce the minimum key length.
- CVE-2019-9897: Fix crash on ESC#6 + combining chars + GTK + odd-width
terminal.
- CVE-2019-9897: Limit the number of combining chars per terminal cell.
- minibidi: fix read past end of line in rule W5.
- CVE-2019-9897: Fix crash printing a width-2 char in a width-1
terminal.
pyca (20031119-0.1~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
pyca (20031119-0.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Add 'missingok' to logrotate config. (Closes: #914836)
* Add dummy binary-arch target.
python-certbot (0.28.0-1~deb9u2) stretch; urgency=high
.
* The previous stable update incorrectly disabled systemd timer due to a
change in debhelper compat version. This release drops the compat
level back to debhelper 9, thus forcing a restart of the systemd
timer. (Closes: #922031)
.
The behavior of dh_systemd_start changed between compat v9 and compat
v10; in v9, timers were stopped in postrm and started in postinst, but
in v10 timers were only started in postinst if they were running.
Switching back to v9 will unilaterally start the timer in postinst
once more.
* Fix an FTBFS due to sbuild not considering or'ed
dependencies. (Closes: #922543)
python-cryptography (1.7.1-3+deb9u1) stretch; urgency=medium
.
* Remove BIO_callback_ctrl: The prototype differs with the OpenSSL's
definition of it after it was changed (fixed) within OpenSSL. It has no
users.
python-django-casclient (1.2.0-2+deb9u1) stretch; urgency=medium
.
[ William Blough ]
* Team upload
* Apply django 1.10 middleware fix from upstream (Closes: #926350)
.
[ Adrian Bunk ]
* python-django-casclient: Add the missing dependency
on python-django. (Closes: #896317)
* python3-django-casclient: Add the missing dependency
on python3-django. (Closes: #896404)
python-mode (1:6.2.3-1.1~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload
* Rebuild for stretch.
.
python-mode (1:6.2.3-1.1) unstable; urgency=medium
.
* Non-maintainer upload
* Drop xemacs21 support (Closes: #909383, #680578, #837991)
python-pip (9.0.1-2+deb9u1) stretch; urgency=medium
.
* Team upload.
* Add Properly_catch_requests_HTTPError_in_index.py.patch, which fixes
--extra-index-url results in "HTTPError: 404 Client Error: NOT FOUND".
The patch makes works even with the unbundled requests. (Closes: #837764).
python-pykmip (0.5.0-4+deb9u1) stretch; urgency=medium
.
* CVE-2018-1000872: Resource Management Errors (similar issue to
CVE-2015-5262) vulnerability in PyKMIP server that can result in DOS: the
server can be made unavailable by one or more clients opening all of the
available sockets. Applied upstream patch: Fix a denial-of-service bug by
setting the server socket timeout (Closes: #917030).
qtbase-opensource-src (5.7.1+dfsg-3+deb9u1) stretch-security; urgency=medium
.
* Backport fixes for:
- CVE-2018-15518: “double free or corruption†in QXmlStreamReader
- CVE-2018-19873: QBmpHandler segfault on malformed BMP file
- CVE-2018-19870: Check for QImage allocation failure in qgifhandler
* Backport ensure_pixel_density_of_at_least_1.patch in order to fix VLC after
it's security update (Closes: #907139).
r-cran-igraph (1.0.1-1+deb9u1) stretch; urgency=medium
.
* Add upstream patch to fix: CVE-2018-20349 (Closes: #917212).
rails (2:4.2.7.1-1+deb9u1) stretch; urgency=medium
.
* CVE-2018-16476 (Closes: #914847)
* CVE-2019-5418 / CVE-2019-5419 (Closes: #924520)
rdesktop (1.8.4-1~deb9u1) stretch-security; urgency=medium
.
* Security backport for Stretch.
* Relax debhelper build dependency.
* Relax Standards-Version to 3.9.8 .
rssh (2.3.4-5+deb9u4) stretch-security; urgency=high
.
* The fix for the scp security vulnerability in 2.3.4-9 combined with
the regression fix in 2.3.4-10 rejected the -pf and -pt options, which
are sent by libssh2's scp support. Add support for those variants.
(LP #1815935)
rsync (3.1.2-1+deb9u2) stretch; urgency=medium
.
* Apply CVEs from 2016 to the zlib code.
closes:#924509
ruby-i18n (0.7.0-2+deb9u1) stretch; urgency=medium
.
* CVE-2014-10077: Prevent a remote denial-of-service vulnerability via an
application crash by engineering a situation where `:some_key` is present
in `keep_keys` but not present in the hash. (Closes: #913093)
ruby2.3 (2.3.3-1+deb9u6) stretch-security; urgency=medium
.
* CVE-2019-8320, CVE-2019-8321, CVE-2019-8322, CVE-2019-8323, CVE-2019-8324
* CVE-2019-8325
ruby2.3 (2.3.3-1+deb9u5) stretch; urgency=medium
.
* Backport upstream patches to fix FTBFS due to expired SSL certificate and
timezone changes (Closes: #919999)
- imap: update test certificate
- timezone changes for Japan and Kiritimati
* test/ruby/test_gc.rb: skip entirely; some tests in there can fail
unpredictably on buildds (Closes: #912740)
ruby2.3 (2.3.3-1+deb9u4) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* OpenSSL::X509::Name equality check does not work correctly
(CVE-2018-16395)
* pack.c: avoid returning uninitialized String
* Tainted flags are not propagated in Array#pack and String#unpack with some
directives (CVE-2018-16396)
ruby2.3 (2.3.3-1+deb9u3) stretch-security; urgency=medium
.
[ Santiago R.R. ]
* Fix Command injection vulnerability in Net::FTP.
[CVE-2017-17405]
* webrick: use IO.copy_stream for multipart response. Required changes in
WEBrick to fix CVE-2017-17742 and CVE-2018-8777
* Fix HTTP response splitting in WEBrick.
[CVE-2017-17742]
* Fix Command Injection in Hosts::new() by use of Kernel#open.
[CVE-2017-17790]
* Fix Unintentional directory traversal by poisoned NUL byte in Dir
[CVE-2018-8780]
* Fix multiple vulnerabilities in RubyGems.
CVE-2018-1000073: Prevent Path Traversal issue during gem installation.
CVE-2018-1000074: Fix possible Unsafe Object Deserialization
Vulnerability in gem owner.
CVE-2018-1000075: Strictly interpret octal fields in tar headers.
CVE-2018-1000076: Raise a security error when there are duplicate files
in a package.
CVE-2018-1000077: Enforce URL validation on spec homepage attribute.
CVE-2018-1000078: Mitigate XSS vulnerability in homepage attribute when
displayed via gem server.
CVE-2018-1000079: Prevent path traversal when writing to a symlinked
basedir outside of the root.
* Fix directory traversal vulnerability in the Dir.mktmpdir method in the
tmpdir library
[CVE-2018-6914]
* Fix Unintentional socket creation by poisoned NUL byte in UNIXServer and
UNIXSocket
[CVE-2018-8779]
* Fix Buffer under-read in String#unpack
[CVE-2018-8778]
* Fix tests to cope with updates in tzdata (Closes: #889117)
* Exclude Rinda TestRingFinger and TestRingServer test units requiring
network access (Closes: #898694)
.
[ Antonio Terceiro ]
* debian/tests/excludes/any/TestTimeTZ.rb: ignore tests failing due to
assumptions that don't hold on newer tzdata update. Upstream bug:
https://bugs.ruby-lang.org/issues/14655
runc (0.1.1+dfsg1-2+deb9u1) stretch; urgency=medium
.
* Team upload.
* Add patch to address CVE-2019-5736 (Closes: #922050)
samba (2:4.5.16+dfsg-1+deb9u1) stretch-security; urgency=high
.
* This is a security release in order to address the following defect:
- CVE-2019-3880 Save registry file outside share as unprivileged user
spip (3.1.4-4~deb9u2) stretch-security; urgency=medium
.
* Update security screen to 1.3.11
* Backport security fix from 3.1.10
- Arbitrary code execution for any identified visitor (Closes: #926764)
systemd (232-25+deb9u11) stretch-security; urgency=high
.
* pam-systemd: use secure_getenv() rather than getenv()
Fixes a vulnerability in the systemd PAM module which insecurely uses
the environment and lacks seat verification permitting spoofing an
active session to PolicyKit. (CVE-2019-3842)
systemd (232-25+deb9u10) stretch; urgency=medium
.
* journald: fix assertion failure on journal_file_link_data (Closes: #916880)
* tmpfiles: fix "e" to support shell style globs (Closes: #918400)
* mount-util: accept that name_to_handle_at() might fail with EPERM.
Container managers frequently block name_to_handle_at(), returning
EACCES or EPERM when this is issued. Accept that, and simply fall back
to fdinfo-based checks. (Closes: #917122)
* automount: ack automount requests even when already mounted.
Fixes a race condition in systemd which could result in automount requests
not being serviced and processes using them to hang, causing denial of
service. (CVE-2018-1049)
* core: when deserializing state always use read_line(…, LONG_LINE_MAX, …)
Fixes improper serialization on upgrade which can influence systemd
execution environment and lead to root privilege escalation.
(CVE-2018-15686, Closes: #912005)
systemd (232-25+deb9u9) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Refuse dbus message paths longer than BUS_PATH_SIZE_MAX limit
(CVE-2019-6454)
* Allocate temporary strings to hold dbus paths on the heap (CVE-2019-6454)
* sd-bus: if we receive an invalid dbus message, ignore and proceeed
(CVE-2019-6454)
thunderbird (1:60.6.1-1~deb9u1) stretch-security; urgency=medium
.
[ Carsten Schoenert ]
* Rebuild for stretch-security
thunderbird (1:60.5.1-1) unstable; urgency=medium
.
[ Alexander Nitsch ]
* [c9775d4] Make the logo SVG square
The original SVG source isn't completely square, modifying the SVG file
so all generated other files from the input are also exactly square.
* [6096812] Add script for generating PNGs from logo SVG
* [4e9e5cc] Update icon PNGs to be properly scaled
.
[ Carsten Schoenert ]
* [9e5527d] d/source.filter: add some configure scripts
Filter out some files that are named 'configure', they are rebuild later
anyway. The filtering of these files is moved from gbp.conf to
source.filter.
* [b63f2a2] Revert "d/gbp.conf: ignore configure script while importing"
Reverting this commit as we need to move the files to filter to
source.filter as the behaviour wasn't the expected outcome.
* [4965c2a] New upstream version 60.5.1
Fixed CVE issues in upstream version 60.5.0 (MFSA 2019-06)
CVE-2018-18356: Use-after-free in Skia
CVE-2019-5785: Integer overflow in Skia
CVE-2018-18335: Buffer overflow in Skia with accelerated Canvas 2D
CVE-2018-18509: S/MIME signature spoofing
thunderbird (1:60.5.1-1~deb9u1) stretch-security; urgency=medium
.
[ Carsten Schoenert ]
* Rebuild for stretch-security
thunderbird (1:60.5.0-3) unstable; urgency=medium
.
* [3e274d8] d/rules: move disable debug option into configure step
Adding the option '--disable-debug-symbols' to the file mozconfig.default
in case the build is running on a 32bit architecture instead of expanding
the variable 'CONFIGURE_FLAGS'. The configuration approach for this option
taken from firefox-esr was not working for the thunderbird package.
* [b3d82d3] d/rules: reorder LDFLAGS for better readability
Make the used additional options for LDFLAGS better readable by reordering
the various used options. Also adding the option '-Wl, --as-needed' to the
list of used options here.
* [62d11e3] d/rules: use 'compress-debug-sections' only on 64bit
Do not set 'LDFLAGS += -Wl,--compress-debug-sections=zlib' globally, lets
use this option only if we are on a 64bit architecture as otherwise the
build is failing on 32bit architectures again. We don't want to build any
debug information on 32bit anyway so we don't need this option on these
platforms.
* [6225c44] d/mozconfig.default: adding option for mipsel
We don't have set up any options for the mipsel platform before, but the
build needs some additional options too on this platform to succeed.
* [4e348d9] d/mozconfig.default: disable ion on mips and mipsel
The build will fail on mips{,el} if we have enabled ION, the JaveScript
JIT compiler on these platforms will loose some performance by this.
thunderbird (1:60.5.0-2) unstable; urgency=medium
.
* [aa2dbe3] d/changelog: update MFSA information for 60.5.0
The MFSA gut published shortly after the upload of the previous version.
Adding the CVE numbers for MFSA 2019-03 to the changelog accordingly like
happen for 1:60.4.0-1 too.
* [71807dc] rebuild patch queue from patch-queue branch
Due greater changes to the source the previous rebuild and refreshing of
the patch queue wasn't correctly nor complete. Some more rework was needed
and some patches got cherry-picked from firefox-esr.
readded patches (not included upstream):
porting-mips/Bug-1444303-MIPS-Fix-build-failures-after-Bug-1425580-par.patch
porting-mips/Bug-1444834-MIPS-Stubout-MacroAssembler-speculationBarrie.patch
cherry-picked from firefox-esr:
fixes/Bug-1470701-Use-run-time-page-size-when-changing-map.patch
fixes/Bug-1505608-Try-to-ensure-the-bss-section-of-the-elf.patch
porting-powerpc/powerpc-Don-t-use-static-page-sizes-on-powerpc.patch
removed patches (included upstream):
porting-s390x/FTBFS-s390x-Use-jit-none-AtomicOperations-sparc.h-on-s390.patch
* [eaa065b] apparmor: update profile from upstream (commit 7ace41b1)
* [c761425] d/rules: make dh_clean more robust
Remove some regenerated files in dh_clean to the build will not fail in
case the buils needs to be started twice within the same build environment.
* [aa7b033] d/gbp.conf: ignore configure script while importing
The shipped scripts '*configure' in the toplevel folder and also in js/src
aren't needed and we can them filter out while importing the tarballs.
These scripts got (re)created by dh_auto_configure nevertheless.
* [9f0acb2] d/rules: tweek LDFLAGS more to reduce RAM usage
Reduce RAM usage while linking by using compressed sections.
(picked from firefox-esr)
* [62f195d] d/rules: Don't build debug symbols on non 64bit platforms
Reduce even more RAM usage while linking by don't build debugging symbols
if we build on non 64bit architectures.
(picked from firefox-esr)
thunderbird (1:60.5.0-1) unstable; urgency=medium
.
* d/source.filter: update filter list
Updating the list of files to filter out while repacking the upstream
tarball based on recent work done in debian/experimental.
Unfortunately a lot of semi minimized *.js files from the original
upstream tarball are later needed within some integrated consoles like the
AddOn debugger or the error console. Don't filter out such files for now.
(Closes: #911198)
* [edab34d] d/changelog: update MFSA information for 60.4.0
While releasing and uploading the Debian version 1:60.4.0-1 no MFSA
information was available, adding this information now into the changelog
entry for 1:60.4.0-1.
* [f3f44a3] New upstream version 60.5.0
No dedicated MFSA announcement for this Thunderbird version provided.
* [ccac089] rebuild patch queue from patch-queue branch
removed patches (included upstream):
porting-mips/Bug-1444303-MIPS-Fix-build-failures-after-Bug-1425580-par.patch
porting-mips/Bug-1444834-MIPS-Stubout-MacroAssembler-speculationBarrie.patch
removed patches (dropped by us):
debian-hacks/Don-t-build-testing-suites-and-stuff.patch
debian-hacks/Don-t-build-testing-suites-and-stuff-part-2.patch
refreshed patches:
debian-hacks/Add-another-preferences-directory-for-applications-p.patch
porting-armel/Bug-1463035-Remove-MOZ_SIGNAL_TRAMPOLINE.-r-darchons.patch
porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch
porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch
porting-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-Hurd.patch
porting-m68k/Add-m68k-support-to-Thunderbird.patch
porting-s390x/FTBFS-s390x-Use-jit-none-AtomicOperations-sparc.h-on-s390.patch
porting-sparc64/Bug-1434726-Early-startup-crash-on-Linux-sparc64-in-HashI.patch
* [43c28c2] d/s/lintian-overrides: more files to ignore
Related to [4201f43] the override list for the source needs to be adjusted
as we have now more files included there Lintian is complaining about
missing source. These files are no 'real' minimized JS files, but the have
mostly some long lines that are triggered the Lintian check.
thunderbird (1:60.4.0-1) unstable; urgency=medium
.
* [2e5a9d0] d/control: don't hard code LLVM packages in B-D
(Closes: #912797)
* [3aaa4a6] New upstream version 60.4.0
No MFSA published yet by Mozilla Security while packaging this version.
(Closes: #913645)
* [12d3be3] debian/control: increase Standards-Version to 4.3.0
No further changes needed.
tryton-server (4.2.1-2+deb9u1) stretch-security; urgency=high
.
* Include patches for CVE-2019-10868.
* Add 03_sec_issue7766_check_read_access_in_search_domain.patch.
This patch fixes security issue http://bugs.tryton.org/issue7766:
Check read access on field in search domain.
It is possible for an authenticated user to guess the value of a field
for which he has no access right no matter if it is at the model
or the field level. The procedure is to make dichotomous search queries
on the model using a domain clause on the field equals value until
the search returns the id.
See also https://discuss.tryton.org/t/security-release-for-issue7766/
.
* Add 04_sec_issue8189_check_read_access_on_search_order.patch.
This patch fixes security issue http://bugs.tryton.org/issue8189:
Check read access on field in search_order.
An authenticated user can order records based on a field for which
he has no access right. This may allow the user to guess values.
See also https://discuss.tryton.org/t/security-release-for-issue8189/
twig (1.24.0-2+deb9u1) stretch-security; urgency=medium
.
* Team upload
* Stick to v1 for stretch
* Backport fix from 1.38: security issue in the sandbox [CVE-2019-9942]
twitter-bootstrap3 (3.3.7+dfsg-2+deb9u2) stretch; urgency=medium
.
* Add patch to fix CVE-2019-8331: XSS in tooltip or popover
tzdata (2019a-0+deb9u1) stretch; urgency=medium
.
* New upstream version, affecting the following past and future
timestamps:
- Palestine will not start DST until 2019-03-30, instead of 2019-03-23
as previously predicted.
- Metlakatla ended its observance of Pacific standard time, rejoining
Alaska Time, on 2019-01-20 at 02:00.
tzdata (2018i-2) unstable; urgency=medium
.
* Update German debconf translation, by Holger Wansing. Closes:
#918455.
* Update Dutch debconf translation, by Frans Spiesschaert. Closes:
#920427.
* Update Russian debconf translation, by Lev Lamberov. Closes:
#920598.
* Update Danish debconf translation, by Joe Hansen. Closes:
#923061.
tzdata (2018i-1) unstable; urgency=high
.
* New upstream version, affecting the following future timestamps:
- São Tomé and PrÃncipe switches from +01 to +00 on 2019-01-01.
unzip (6.0-21+deb9u1) stretch; urgency=medium
.
* Fix buffer overflow in password protected ZIP archives. Closes: #889838.
Patch borrowed from SUSE. For reference, this is CVE-2018-1000035.
vcftools (0.1.14+dfsg-4+deb9u1) stretch; urgency=medium
.
* Team upload.
* Add patch from upstream to fix CVE-2018-11099, CVE-2018-11129 and
CVE-2018-11130 (Closes: #902190).
vips (8.4.5-1+deb9u1) stretch; urgency=medium
.
* Fix CVE-2018-7998: NULL function pointer dereference vulnerability in the
vips_region_generate() function.
* Fix CVE-2019-6976: zero memory on malloc to prevent write of uninit
memory under some error conditions.
waagent (2.2.34-3~deb9u1) stretch; urgency=medium
.
* Upload to stretch.
waagent (2.2.34-2) unstable; urgency=medium
.
* Disable all tests, they need a real system. (closes: #918943)
waagent (2.2.34-1) unstable; urgency=medium
.
* New upstream version.
waagent (2.2.26-1) unstable; urgency=medium
.
* New upstream version.
* Update Vcs entries to point to salsa.debian.org.
* Disable agent auto update. (closes: #887704)
waagent (2.2.18-3) unstable; urgency=medium
.
* Move udev rules to /lib/udev. (closes: #856065)
* Set priority to optional.
waagent (2.2.18-3~deb9u2) stretch-security; urgency=high
.
* Set proper access rights on swap file.
CVE-2019-0804
wget (1.18-5+deb9u3) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix a buffer overflow vulnerability (CVE-2019-5953) (Closes: #926389)
wireshark (2.6.7-1~deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Rebuild for stretch(-security).
wireshark (2.6.6-1) unstable; urgency=medium
.
[ Jean-Philippe MENGUAL ]
* French debconf translation update (Closes: #915161)
.
[ Balint Reczey ]
* New upstream version 2.6.6
- security fixes:
- The P_MUL dissector could crash. (CVE-2019-5717)
- The RTSE dissector and other dissectors could crash. (CVE-2019-5718)
- The ISAKMP dissector could crash. (CVE-2019-5719)
- The 6LoWPAN dissector could crash. (CVE-2019-5716)
* Mention GPLv3+ code snippet in tools/pidl/idl.yp (Closes: #918089)
wireshark (2.6.5-1) unstable; urgency=medium
.
* Add debian/gitlab-ci.yml
* New upstream version 2.6.5
- release notes:
https://www.wireshark.org/docs/relnotes/wireshark-2.6.5.html
- security fixes:
- The Wireshark dissection engine could crash. (CVE-2018-19625)
- The DCOM dissector could crash. (CVE-2018-19626)
- The LBMPDM dissector could crash. (CVE-2018-19623)
- The MMSE dissector could go into an infinite loop. (CVE-2018-19622)
- The IxVeriWave file parser could crash. (CVE-2018-19627)
- The PVFS dissector could crash. (CVE-2018-19624)
- The ZigBee ZCL dissector could crash. (CVE-2018-19628)
* Update symbols
wordpress (4.7.5+dfsg-2+deb9u5) stretch-security; urgency=medium
.
* Backport security patches from wordpress 5.0.1 Closes: #916403
- CVE-2018-20147
Delete files through altered meta data
- CVE-2018-20152
Create posts of unauthorized post types
- CVE-2018-20148
PHP object injection through crafted meta data
- CVE-2018-20153
Edit other users comments, leading to XSS
- CVE-2018-20150
XSS in plugins through crafted URL inputs
- CVE-2018-20151
User activation screen visible to search engines
- CVE-2018-20149
Bypass MIME verification causing XSS
- CVE-2019-8942
Remote Code Execution (RCE) in uploaded image files
wpa (2:2.4-1+deb9u3) stretch-security; urgency=high
.
* Apply a partial security fix for CVE-2019-9495:
- OpenSSL: Use constant time operations for private bignums.
- See https://w1.fi/security/2019-2/ for more details.
* Apply security fixes:
- EAP-pwd server: Detect reflection attacks (CVE-2019-9497)
- EAP-pwd client: Verify received scalar and element
(partial fix for CVE-2019-9498)
- EAP-pwd server: Verify received scalar and element
(partial fix for CVE-2019-9499)
- See https://w1.fi/security/2019-4/ for more details.
* Add an upstream patch to add crypto_ec_point_cmp() required
by the fixes for CVE-2019-9497.
* Forcefully enable compilation of the ECC code.
.
wpa (2:2.4-1+deb9u2) stretch; urgency=high
.
* SECURITY UPDATE:
- CVE-2018-14526: Ignore unauthenticated encrypted EAPOL-Key data
(Closes: #905739)
xmltooling (1.6.0-4+deb9u2) stretch-security; urgency=high
.
* [2f0c065] New patch fixing CVE-2019-9628: uncaught exception on malformed
XML declaration.
Invalid data in the XML declaration causes an exception of a type
that was not handled properly in the parser class and propagates an
unexpected exception type.
This generally manifests as a crash in the calling code, which in the
Service Provider software's case is usually the shibd daemon process,
but can be Apache in some cases. Note that the crash occurs prior to
evaluation of a message's authenticity, so can be exploited by an
untrusted attacker.
https://shibboleth.net/community/advisories/secadv_20190311.txt
https://issues.shibboleth.net/jira/browse/CPPXT-143
Thanks to Scott Cantor (Closes: #924346)
yorick-av (0.0.4-2~deb9u1) stable; urgency=low
.
* Rebuild for stretch.
zziplib (0.13.62-3.2~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
======================================
Sat, 16 Feb 2019 - Debian 9.8 released
======================================
=========================================================================
[Date: Sat, 16 Feb 2019 09:45:34 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
debian-parl | 1.9.10 | source
parl-data | 1.9.10 | all
parl-desktop | 1.9.10 | all
parl-desktop-eu | 1.9.10 | all
parl-desktop-strict | 1.9.10 | all
parl-desktop-world | 1.9.10 | all
Closed bugs: 921749
------------------- Reason -------------------
RoQA; depends on broken / removed Firefox plugins
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 16 Feb 2019 09:45:56 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
xul-ext-y-u-no-validate | 2013052407-3 | all
y-u-no-validate | 2013052407-3 | source
Closed bugs: 908405
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 16 Feb 2019 09:46:28 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
mozvoikko | 2.2-0.1 | source
xul-ext-mozvoikko | 2.2-0.1 | all
Closed bugs: 912465
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 16 Feb 2019 09:47:19 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
personasplus | 1.7.8-1 | source
xul-ext-personasplus | 1.7.8-1 | all
Closed bugs: 913436
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 16 Feb 2019 09:48:00 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
corebird | 1.4.1-1+deb9u1 | source, amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
Closed bugs: 915292
------------------- Reason -------------------
RoM; broken by Twitter API changes
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 16 Feb 2019 09:49:19 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
firefox-branding-iceweasel | 0.4.0 | source
xul-ext-iceweasel-branding | 0.4.0 | all
Closed bugs: 918160
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 16 Feb 2019 09:49:37 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
imap-acl-extension | 0.2.7-1 | source
xul-ext-imap-acl | 0.2.7-1 | all
Closed bugs: 918254
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 16 Feb 2019 09:50:26 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
toggle-proxy | 1.9-2 | source
xul-ext-toggle-proxy | 1.9-2 | all
Closed bugs: 918257
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 16 Feb 2019 09:51:21 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
mozilla-password-editor | 2.10.3-1 | source
xul-ext-password-editor | 2.10.3-1 | all
Closed bugs: 918258
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 16 Feb 2019 09:52:30 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
firefox-kwallet5 | 1.0-2 | source
xul-ext-kwallet5 | 1.0-2 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
Closed bugs: 918346
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 16 Feb 2019 09:55:34 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
adblock-plus | 2.7.3+dfsg-1 | source
xul-ext-adblock-plus | 2.7.3+dfsg-1 | all
Closed bugs: 918347
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 16 Feb 2019 09:56:40 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
mozilla-dom-inspector | 1:2.0.16-2 | source
xul-ext-dom-inspector | 1:2.0.16-2 | all
Closed bugs: 918349
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 16 Feb 2019 09:56:54 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
browser-plugin-spice | 2.8.90-5 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
spice-xpi | 2.8.90-5 | source
Closed bugs: 918350
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 16 Feb 2019 09:57:26 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
flickrbackup | 0.2-3.1 | source, all
Closed bugs: 919797
------------------- Reason -------------------
RoM; ancient; abandoned upstream; deprecated
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 16 Feb 2019 09:57:46 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
python-formalchemy | 1.4.2-1 | source, amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
Closed bugs: 920560
------------------- Reason -------------------
RoQA; unusable, fails to import in python
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 16 Feb 2019 09:58:01 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
flashblock | 1.5.20-2 | source
xul-ext-flashblock | 1.5.20-2 | all
Closed bugs: 920717
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 16 Feb 2019 09:58:19 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
refcontrol | 0.8.17-3 | source
xul-ext-refcontrol | 0.8.17-3 | all
Closed bugs: 920718
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 16 Feb 2019 09:58:54 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
cookie-monster | 1.3.0.5-1 | source
xul-ext-cookie-monster | 1.3.0.5-1 | all
Closed bugs: 920719
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 16 Feb 2019 09:59:38 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
requestpolicy | 1.0.0~beta12.3+dfsg-1 | source
xul-ext-requestpolicy | 1.0.0~beta12.3+dfsg-1 | all
Closed bugs: 920722
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 16 Feb 2019 09:59:59 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
mozilla-noscript | 2.9.0.14-1 | source
xul-ext-noscript | 2.9.0.14-1 | all
Closed bugs: 920724
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 16 Feb 2019 10:00:15 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
debianbuttons | 1.11-3 | source
xul-ext-debianbuttons | 1.11-3 | all
Closed bugs: 921129
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 16 Feb 2019 10:00:33 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
calendar-exchange-provider | 3.9.0-4 | source, all
Closed bugs: 921932
------------------- Reason -------------------
RoM; incompatible with newer Thunderbird versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 16 Feb 2019 10:00:50 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
libwww-topica-perl | 0.6-5 | source, all
Closed bugs: 922110
------------------- Reason -------------------
RoQA; useless due to Topica site removal
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 16 Feb 2019 10:14:07 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
libnvidia-egl-wayland1 | 384.130-1 | amd64, armhf, i386
nvidia-egl-wayland-common | 384.130-1 | amd64, armhf, i386
nvidia-egl-wayland-icd | 384.130-1 | amd64, armhf, i386
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by nvidia-graphics-drivers)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 16 Feb 2019 10:25:58 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
python-certbot | 0.10.2-1 | all
------------------- Reason -------------------
[cruft] NBS (no longer built by python-certbot)
----------------------------------------------
=========================================================================
arc (5.21q-4+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Fix version 1 arc header reading
* Fix arcdie crash when called with more then 1 variable argument
* Fix directory traversal bugs (CVE-2015-9275)
Thanks to Hans de Goede <hdegoede@redhat.com> (Closes: #774527)
astroml-addons (0.2.2-4~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
astroml-addons (0.2.2-4) unstable; urgency=medium
.
* Push Standards-Version to 4.0.0. No changes needed.
.
[ Scott Kitterman ]
* Correct substitution variable for python3 binary so correct python3
interpreter depends are provided. Closes: #867243
base-files (9.9+deb9u8) stretch; urgency=medium
.
* Change /etc/debian_version to 9.8, for Debian 9.8 point release.
c3p0 (0.9.1.2-9+deb9u1) stretch; urgency=medium
.
* Team upload.
* Fix CVE-2018-20433.
A XML External Entity (XXE) vulnerability was discovered in c3p0 that may
be used to resolve information outside of the intended sphere of control.
(Closes: #917257)
ca-certificates-java (20170929~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
.
ca-certificates-java (20170929) unstable; urgency=low
.
[ Gianfranco Costamagna ]
* Team upload.
* Ack previous NMU, thanks
.
[ Rico Tzschichholz ]
* Fix temporary jvm-*.cfg generation on armhf (Closes: #874276)
- the armhf installation path is different from other architectures.
ceph (10.2.11-2) stretch-security; urgency=medium
.
[ James Page ]
* [d34d35] Fix build on i386 (Closes: #913909)
ceph (10.2.11-1) stretch-security; urgency=medium
.
* [1aebf9] New upstream version 10.2.11
Fixes the following security vulnerabilities:
- CVE-2017-7519: libradosstripper printf format string injection
vulnerability
- CVE-2018-1128: The cephx authentication protocol was vulnerable to a
replay attack.
- CVE-2018-1129: Cephx signature calculation did not cover the whole message
being sent. This allowed an attacker to alter parts of the message.
- CVE-2018-1086: A flaw was found in the way ceph mon handles user requests.
Any authenticated ceph user having read access to ceph can delete, create
ceph storage pools and corrupt snapshot images.
* [20b8e7] Replace sleep-recover.patch by reconnect-after-mds-reset.patch
* [33f8d2] Remove CVE-2016-9597 patch applied upstream
* [a9c2ee] Remove disable-openssl-linking.patch fixed upstream
The upstream solution requires a build dependency on libssl-dev to be
able to look up the sonames. The resulting code is not linked against
libssl but can dlopen it at runtime.
* [edc23d] Remove osd-limit-omap-data-in-push-op.patch applied upstream
* [9dd30c] Remove rgw_rados-creation_time.patch applied upstream
* [fff91f] Refresh patches
* [c2925f] Update symbols for librbd1 (added in 10.2.6)
ceph (10.2.7-0exp1) experimental; urgency=medium
.
[ James Page ]
* [585f53] New upstream version 10.2.6
.
[ Gaudenz Steinlin ]
* [41b6fd] New upstream version 10.2.7
* [916972] Remove patch "cve-2016-9579_short_cors_request" applied upstream
* [541204] Remove patch "disable-openssl-linking" sovled upstream
* [60cc3d] Remove patch "osd-limit-omap-data-in-push-op" applied upstream
* [ee0f76] Remove patch "rgw_rados-creation_time" applied upstream
* [f07cb0] Refresh patches for 10.2.7
* [be7663] Build depend on libssl-dev.
This is only needed to satisfy the build system checks the resulting
binary is not linked against openssl and only dlopens it at runtime. So
there is no GPL violation.
chkrootkit (0.50-4+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Backport fix for regular expression for filtering out dhcpd and dhclient as
false positives from the packet sniffer test.
.
[ Lorenzo "Palinuro" Faletra ]
* Update /etc/cron.daily/chkrootkit (Closes: #600109)
chromium-browser (70.0.3538.110-1~deb9u1) stretch-security; urgency=medium
.
* New upstream security release.
- CVE-2018-17479: Use-after-free in GPU.
chromium-browser (70.0.3538.102-1) unstable; urgency=medium
.
* New upstream security release.
- CVE-2018-17478: Out of bounds memory access in V8. Reported by
cloudfuzzer
* Fix new lintian warnings.
* Drop libjs-excanvas build dependency.
* Add support for building with harfbuzz 2.1.1.
* Document how to run chromium as root (closes: #838534).
* Output debian specific instructions when no working sandbox is available.
* Do not rely on transitive recommendation for the sandbox (closes: #913116).
chromium-browser (70.0.3538.102-1~deb9u1) stretch-security; urgency=medium
.
* New upstream security release.
- CVE-2018-17478: Out of bounds memory access in V8. Reported by
cloudfuzzer
* Eliminate unintended dependency on gconf-service (closes: #913926).
* Restore arm64 crashpad patch mistakenly dropped in the previous upload.
chromium-browser (70.0.3538.67-3) unstable; urgency=medium
.
* Fix a compiler warning.
* Move the setuid sandbox into a separate package (closes: #839277).
chromium-browser (70.0.3538.67-2) unstable; urgency=medium
.
* Restore support for building with gtk2.
chromium-browser (70.0.3538.67-1) unstable; urgency=medium
.
* New upstream stable release.
- CVE-2018-17462: Sandbox escape in AppCache. Reported by Ned Williamson
and Niklas Baumstark
- CVE-2018-17463: Remote code execution in V8. Reported by Ned Williamson
and Niklas Baumstark
- Heap buffer overflow in Little CMS in PDFium. Reported by Quang Nguyá»…n
- CVE-2018-17464: URL spoof in Omnibox. Reported by xisigr
- CVE-2018-17465: Use after free in V8. Reported by Lin Zuojian
- CVE-2018-17466: Memory corruption in Angle. Reported by Omair
- CVE-2018-17467: URL spoof in Omnibox. Reported by Khalil Zhani
- CVE-2018-17468: Cross-origin URL disclosure in Blink. Reported by James
Lee
- CVE-2018-17469: Heap buffer overflow in PDFium. Reported by Zhen Zhou
- CVE-2018-17470: Memory corruption in GPU Internals. Reported by Zhe Jin
- CVE-2018-17471: Security UI occlusion in full screen mode. Reported by
Lnyas Zhang
- CVE-2018-17473: URL spoof in Omnibox. Reported by Khalil Zhani
- CVE-2018-17474: Use after free in Blink. Reported by Zhe Jin
- CVE-2018-17475: URL spoof in Omnibox. Reported by Vladimir Metnew
- CVE-2018-17476: Security UI occlusion in full screen mode. Reported by
Khalil Zhani
- CVE-2018-5179: Lack of limits on update() in ServiceWorker. Reported by
Yannic Bonenberger
- CVE-2018-17477: UI spoof in Extensions. Reported by Aaron Muir Hamilton
* Fix build failure on i386.
* Fix installation path of the master preferences file (closes: #911056).
chromium-browser (70.0.3538.67-1~deb9u1) stretch-security; urgency=medium
.
* New upstream stable release.
- CVE-2018-17462: Sandbox escape in AppCache. Reported by Ned Williamson
and Niklas Baumstark
- CVE-2018-17463: Remote code execution in V8. Reported by Ned Williamson
and Niklas Baumstark
- Heap buffer overflow in Little CMS in PDFium. Reported by Quang Nguyá»…n
- CVE-2018-17464: URL spoof in Omnibox. Reported by xisigr
- CVE-2018-17465: Use after free in V8. Reported by Lin Zuojian
- CVE-2018-17466: Memory corruption in Angle. Reported by Omair
- CVE-2018-17467: URL spoof in Omnibox. Reported by Khalil Zhani
- CVE-2018-17468: Cross-origin URL disclosure in Blink. Reported by James
Lee
- CVE-2018-17469: Heap buffer overflow in PDFium. Reported by Zhen Zhou
- CVE-2018-17470: Memory corruption in GPU Internals. Reported by Zhe Jin
- CVE-2018-17471: Security UI occlusion in full screen mode. Reported by
Lnyas Zhang
- CVE-2018-17473: URL spoof in Omnibox. Reported by Khalil Zhani
- CVE-2018-17474: Use after free in Blink. Reported by Zhe Jin
- CVE-2018-17475: URL spoof in Omnibox. Reported by Vladimir Metnew
- CVE-2018-17476: Security UI occlusion in full screen mode. Reported by
Khalil Zhani
- CVE-2018-5179: Lack of limits on update() in ServiceWorker. Reported by
Yannic Bonenberger
- CVE-2018-17477: UI spoof in Extensions. Reported by Aaron Muir Hamilton
chromium-browser (70.0.3538.54-2) unstable; urgency=medium
.
* Build with gcc 8 (closes: #901368).
* Move the master preferences file to /etc/chromium (closes: #891232).
chromium-browser (70.0.3538.54-1) unstable; urgency=medium
.
* New upstream beta release.
chromium-browser (69.0.3497.100-1) unstable; urgency=medium
.
* New upstream stable release.
* Update standards version to 4.2.1.
* Clarify debugging section in README.debian (closes: #910842).
* Remove ConvertUTF from the upstream tarball (closes: #900596).
* Load all extensions installed to /usr/share/chromium/extensions.
- Thanks to Michael Meskes (closes: #890392).
* Remove audio_capture_enable setting from the default preferences
(closes: #884887).
chromium-browser (69.0.3497.92-1) unstable; urgency=medium
.
* New upstream security release.
- Function signature mismatch in WebAssembly. Reported by Kevin Cheung
- URL Spoofing in Omnibox. Reported by evi1m0
compactheader (2.1.6-1~deb9u1) stretch; urgency=medium
.
[ Carsten Schoenert ]
* Rebuild for Stretch
(Closes: #918167)
* [93f8afe] debhelper: decrease to version available in stretch
* [8fd6a50] d/compat: decrease accordingly to version 10
compactheader (2.1.5-1) unstable; urgency=medium
.
[ David Prévot ]
* [faa4ffb] Drop Icedove from description
* [58353f3] Update Standards-Version to 3.9.7
.
[ Carsten Schoenert ]
* [c9d19db] Adding debian/gbp.conf to make life easier
* [5e31e42] New upstream version 2.1.5
(Closes: #891433)
* [a7e96da] Add a patch queue
* [15ea418] d/rules: don't install unneeded files and folder
Don't install and ship files from the folder test and the files Readme.md
build.xml which aren't needed for the use of the package.
* [6d45fe5] d/rules: remove the get-orig-source target
The old get-orig-source Makefile target isn't needed and can be dropped in
favor of using uscan directly.
* [449a5e1] bumping debhelper and compat to version 11
Let's use a recent debhelper version.
* [27ff6a3] d/control: increase Standards-Version to 4.1.4
No further changes needed.
* [8a365a5] d/control: move package over to pkg-mozext-team on salsa
Alioth will be going offline and the successor platform is Salsa.
* [891ab67] d/control: adding myself as uploader
Thanks to William for working on compactheader in the past!
(Closes: #892410)
* [23957a9] d/control: adjust Maintainer field due changed email address
Due changes for the Alioth host the Maintainer email is also changing to a
new domain.
compactheader (2.1.1~beta1-1) experimental; urgency=medium
.
* Team upload
.
[ jmozmoz ]
* Add Portuguese translation
courier (0.76.3-5+deb9u1) stretch; urgency=medium
.
[ Andreas Beckmann ]
* Non-maintainer upload.
* Backport @piddir@ substitution from 1.0.5-1.
.
[ Markus Wanner ]
* Extend patch 0018-Fix-default-configuration-for-Debian.patch with
the piddir addition proposed by Willi Mann. Closes: #875696.
cups (2.2.1-8+deb9u3) stretch; urgency=low
.
* Backport upstream fixes for:
- CVE-2017-18248: DBUS notifications could crash the scheduler
- CVE-2018-4700: Linux session cookies used a predictable random
number seed (Closes: #915909)
curl (7.52.1-5+deb9u9) stretch-security; urgency=high
.
* Fix NTLM type-2 out-of-bounds buffer read as per CVE-2018-16890
https://curl.haxx.se/docs/CVE-2018-16890.html
* Fix NTLMv2 type-3 header stack buffer overflow as per CVE-2019-3822
https://curl.haxx.se/docs/CVE-2019-3822.html
* Fix SMTP end-of-response out-of-bounds read as per CVE-2019-3823
https://curl.haxx.se/docs/CVE-2019-3823.html
debian-edu-config (1.929+deb9u3) stretch; urgency=medium
.
[ Wolfgang Schweer ]
* debian-edu-config.chromium-ldapconf: Remove slapd start requirement.
.
debian-edu-config (1.929+deb9u2) stretch; urgency=medium
.
[ Wolfgang Schweer ]
* Fix configuration of personal web pages. (Closes: #866228).
- Set right order of linking in cf/cf.apache2.
- Add conditional code to d/d-e-c.postinst to fix the wrong configuration
generated via the cfengine run during main server installation
(introduced in version 1.926).
* Re-enable offline installation of a combi server including diskless
workstation support. (Closes: #867271, #904331).
- 015-edu-apt-source: fix apt-get options to be able to use a repo of
type 'file://'. As 'media/cdrom/' in the LTSP chroot is treated as
such a repo, add 'acquire::check-valid-until=0' to APT_GET_OPTS;
otherwise installation fails because the Release file is expired.
- 032-edu-pkgs: Move all diskless workstation installation parts to
the finalization stage of LTSP chroot installation.
* Enable Chromium homepage setting at installation time and via LDAP as
further improvements for the fix for bug #891262 in version 1.929+deb9u1:
- Add cf/cf.chromium (cfengine).
- Add debian/debian-edu-config.chromium-ldapconf (init script).
- Add share/debian-edu-config/tools/update-chromium-homepage (used by
both cfengine and the init script).
- Adjust Makefile and debian/rules.
.
[ Mike Gabriel ]
* update-chromium-homepage:
- Don't complain about non-existing config file when attempting its removal.
- Don't statically set http://www as homepage, use detected homepage
instead. (Closes: #911790)
debian-edu-config (1.929+deb9u2) stretch; urgency=medium
.
[ Wolfgang Schweer ]
* Fix configuration of personal web pages. (Closes: #866228).
- Set right order of linking in cf/cf.apache2.
- Add conditional code to d/d-e-c.postinst to fix the wrong configuration
generated via the cfengine run during main server installation
(introduced in version 1.926).
* Re-enable offline installation of a combi server including diskless
workstation support. (Closes: #867271, #904331).
- 015-edu-apt-source: fix apt-get options to be able to use a repo of
type 'file://'. As 'media/cdrom/' in the LTSP chroot is treated as
such a repo, add 'acquire::check-valid-until=0' to APT_GET_OPTS;
otherwise installation fails because the Release file is expired.
- 032-edu-pkgs: Move all diskless workstation installation parts to
the finalization stage of LTSP chroot installation.
* Enable Chromium homepage setting at installation time and via LDAP as
further improvements for the fix for bug #891262 in version 1.929+deb9u1:
- Add cf/cf.chromium (cfengine).
- Add debian/debian-edu-config.chromium-ldapconf (init script).
- Add share/debian-edu-config/tools/update-chromium-homepage (used by
both cfengine and the init script).
- Adjust Makefile and debian/rules.
.
[ Mike Gabriel ]
* update-chromium-homepage:
- Don't complain about non-existing config file when attempting its removal.
- Don't statically set http://www as homepage, use detected homepage
instead. (Closes: #911790)
debian-installer-netboot-images (20170615+deb9u5.b2) stretch; urgency=medium
.
* Update to 20170615+deb9u5+b2 images, from stretch-proposed-update
debian-security-support (2019.02.01~deb9u1) stretch; urgency=medium
.
* Team upload.
* Rebuild for stretch, without d/control changes.
debian-security-support (2019.01.19) unstable; urgency=medium
.
* Team upload.
.
[ Holger Levsen ]
* d/control:
- bump standards version to 4.3.0.
- bump debhelper compat to 11, use the new debhelper-compat(=11) notation
and drop d/compat.
- add "Rules-Requires-Root: no" to support building as non-root.
debian-security-support (2018.11.25) unstable; urgency=medium
.
* Team upload.
.
[ Markus Koschany ]
* Mark jasperreports as end-of-life in Jessie.
.
[ Salvatore Bonaccorso ]
* Mark webkit2gtk as unsupported in all releases. (Closes: #914567)
.
[ Holger Levsen ]
* Bump standards version to 4.2.1.
.
[ Ondřej Nový ]
* d/copyright: Use https protocol in Format field.
* d/changelog: Remove trailing whitespaces.
debian-security-support (2018.11.25~deb9u1) stretch; urgency=medium
.
* Team upload.
* Rebuild for stretch.
.
debian-security-support (2018.11.25) unstable; urgency=medium
.
* Team upload.
.
[ Markus Koschany ]
* Mark jasperreports as end-of-life in Jessie.
.
[ Salvatore Bonaccorso ]
* Mark webkit2gtk as unsupported in all releases. (Closes: #914567)
.
[ Holger Levsen ]
* Bump standards version to 4.2.1.
.
[ Ondřej Nový ]
* d/copyright: Use https protocol in Format field.
* d/changelog: Remove trailing whitespaces.
.
debian-security-support (2018.06.08) unstable; urgency=medium
.
* Add .gitlab-ci.yml configuration
* Mark jruby in jessie as end-of-life as per DSA-4219-1 (Closes: #901032)
.
debian-security-support (2018.05.20) unstable; urgency=medium
.
* Mark vlc in jessie as end-of-life as per DSA 4203-1
.
debian-security-support (2018.05.17) unstable; urgency=medium
.
[ Antoine Beaupré ]
* mark frontaccounting as unsupported
.
[ Markus Koschany ]
* Add xulrunner to security-support-ended.deb7
.
[ Salvatore Bonaccorso ]
* Mark redmine as end-of-life for Debian 8 (jessie) (Closes: #897609)
* Update Vcs-* headers for switch to salsa.debian.org
* Update German translations.
Thanks to Chris Leick <c.leick@vollbio.de> (Closes: #878321)
.
debian-security-support (2018.01.29) unstable; urgency=medium
.
[ Markus Koschany ]
* Add teamspeak to security-support-ended.deb7
* Add libstruts1.2-java to security-support-ended.deb7.
* Add nvidia-graphics-drivers to security-support-ended.deb7.
Non-free is not supported
* Add glassfish to security-support-ended.deb7
* Mark jbossas4 as end-of-life in Wheezy.
* Mark jasperreports as unsupported in Wheezy.
No sponsor users it. Targeted fixes not possible because detailed
information about the vulnerabilities and their solution (patches) is not
available.
.
[ Salvatore Bonaccorso ]
* Mark chromium-browser as end-of-life for Debian 8 (Jessie)
.
[ Raphaël Hertzog ]
* Mark libnet-ping-external-perl as unsupported in wheezy.
* Mark mp3gain as unsupported in wheezy.
.
[ Emilio Pozuelo Monfort ]
* Mark tor as unsupported in wheezy.
.
[ Guido Günther ]
* Add swftools to security support limited
swftools is orphaned (#885088) and the security tracker is currently
counting 25 open CVEs. It is a useful tool with trusted content though.
* Bump standards version to 4.1.3.
No changes needed
* Bump debhelper compat level to 9 which is available in oldoldstable
(wheezy).
debian-security-support (2018.06.08) unstable; urgency=medium
.
* Add .gitlab-ci.yml configuration
* Mark jruby in jessie as end-of-life as per DSA-4219-1 (Closes: #901032)
debian-security-support (2018.05.20) unstable; urgency=medium
.
* Mark vlc in jessie as end-of-life as per DSA 4203-1
debian-security-support (2018.05.17) unstable; urgency=medium
.
[ Antoine Beaupré ]
* mark frontaccounting as unsupported
.
[ Markus Koschany ]
* Add xulrunner to security-support-ended.deb7
.
[ Salvatore Bonaccorso ]
* Mark redmine as end-of-life for Debian 8 (jessie) (Closes: #897609)
* Update Vcs-* headers for switch to salsa.debian.org
* Update German translations.
Thanks to Chris Leick <c.leick@vollbio.de> (Closes: #878321)
debian-security-support (2018.01.29) unstable; urgency=medium
.
[ Markus Koschany ]
* Add teamspeak to security-support-ended.deb7
* Add libstruts1.2-java to security-support-ended.deb7.
* Add nvidia-graphics-drivers to security-support-ended.deb7.
Non-free is not supported
* Add glassfish to security-support-ended.deb7
* Mark jbossas4 as end-of-life in Wheezy.
* Mark jasperreports as unsupported in Wheezy.
No sponsor users it. Targeted fixes not possible because detailed
information about the vulnerabilities and their solution (patches) is not
available.
.
[ Salvatore Bonaccorso ]
* Mark chromium-browser as end-of-life for Debian 8 (Jessie)
.
[ Raphaël Hertzog ]
* Mark libnet-ping-external-perl as unsupported in wheezy.
* Mark mp3gain as unsupported in wheezy.
.
[ Emilio Pozuelo Monfort ]
* Mark tor as unsupported in wheezy.
.
[ Guido Günther ]
* Add swftools to security support limited
swftools is orphaned (#885088) and the security tracker is currently
counting 25 open CVEs. It is a useful tool with trusted content though.
* Bump standards version to 4.1.3.
No changes needed
* Bump debhelper compat level to 9 which is available in oldoldstable
(wheezy).
dnspython (1.15.0-1+deb9u1) stretch; urgency=medium
.
* Add debian/patches/0002-fix-error-when-parsing-nsec3-bitmap-from-
text.patch from upstream (Closes: #915866)
drupal7 (7.52-2+deb9u6) stretch-security; urgency=high
.
[ William Blough ]
* Add upstream fix for DATE_RFC7231 conflict with php7 (Closes: #911791)
.
[ Gunnar Wolf ]
* SA-CORE-2019-001: Vulnerability in a third-party library (related to
CVE-2018-1000888)
* SA-CORE-2019-002: Arbitrary PHP code execution
egg (4.2.0-1.1+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Skip emacsen-install for unsupported xemacs21. (Closes: #900812)
erlang (1:19.2.1+dfsg-2+deb9u2) stretch; urgency=medium
.
[ Andreas Beckmann ]
* Non-maintainer upload.
* Backport removal of xemacs21 support from 1:21.2+dfsg-2.
.
[ Sergei Golovan ]
* Do not install Erlang mode for XEmacs since it isn't supposed to work
with it (closes: #909387).
espeakup (1:0.80-5+deb9u3) stretch; urgency=high
.
* debian/espeakup.service: Fix compatibility with older versions of systemd
(Closes: Bug#913453). Also fix starting with empty voice language.
firefox-esr (60.5.0esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2019-02, also known as:
CVE-2018-18500, CVE-2018-18505, CVE-2018-18501.
firefox-esr (60.4.0esr-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-30, also known as:
CVE-2018-17466, CVE-2018-18492, CVE-2018-18493, CVE-2018-18494,
CVE-2018-18498, CVE-2018-12405.
firefox-esr (60.4.0esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-30, also known as:
CVE-2018-17466, CVE-2018-18492, CVE-2018-18493, CVE-2018-18494,
CVE-2018-18498, CVE-2018-12405.
.
* debian/rules: Use embedded libevent in backports. Closes: #910397.
* debian/browser.install.in, debian/rules: Properly copy the watermark to
/usr/share/icons/hicolor/symbolic/apps.
* debian/rules: Pass compiler and compiler flags environment variables
down to ICU configure. That will make it use GCC instead of defaulting
to clang now it's in PATH, avoiding the failing to build the ICU data
file on big endian platforms because clang doesn't know some of the GCC
flags it somehow got from the environment.
.
* build/unix/elfhack/test.c: Try to ensure the bss section of the
elfhack testcase stays large enough. bz#1505608.
* memory/build/mozjemalloc.cpp: Fix run sizes for size classes >= 16KB
on systems with large pages. bz#1507035. Closes: #911898.
firefox-esr (60.3.0esr-3) unstable; urgency=medium
.
* debian/browser.install.in, debian/rules: Properly copy the watermark to
/usr/share/icons/hicolor/symbolic/apps.
* debian/rules: Pass compiler and compiler flags environment variables
down to ICU configure. That will make it use GCC instead of defaulting
to clang now it's in PATH, avoiding the failing to build the ICU data
file on big endian platforms because clang doesn't know some of the GCC
flags it somehow got from the environment.
firefox-esr (60.3.0esr-2) unstable; urgency=medium
.
* debian/control*: Build depend on unversioned clang/llvm.
Closes: #912804.
* debian/rules: Use embedded libevent in backports. Closes: #910397.
.
* build/unix/elfhack/test.c: Try to ensure the bss section of the
elfhack testcase stays large enough. bz#1505608.
* memory/build/mozjemalloc.cpp: Fix run sizes for size classes >= 16KB
on systems with large pages. bz#1507035. Closes: #911898.
firefox-esr (60.3.0esr-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-27, also known as:
CVE-2018-12392, CVE-2018-12393, CVE-2018-12395, CVE-2018-12396,
CVE-2018-12397, CVE-2018-12389, CVE-2018-12390.
.
* debian/rules: Work around armel FTBFS from conflicting __sync_* symbols
between libgcc and rust's compiler_builtins.
freerdp (1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3) stretch; urgency=medium
.
* debian/patches: Add security patches.
- CVE-2018-8786.patch: The count variable in update_read_bitmap() needs to
be UINT32 (not UINT16).
- CVE-2018-8787.patch: In gdi_Bitmap_Decompress, check for invalid bpp,
width and height before decompressing.
CVE-2018-8788.patch: In NSC encode/decode functions, catch data flawed in
various ways and bail out with failure.
CVE-2018-8789.patch: In ntlm_read_message_fields_buffer, check buffer
offset vs. Stream_Length and bail out if not appropriate.
- Thanks to Alex Murray for backporting them to FreeRDP 1.1.
* debian/patches:
+ Add 0010_add-support-for-credssp-v3-and-rdpproto-v6.patch. Add CredSSP v3
and RDP proto v6 support. This allows users to connect to recently
(since March 2018) updated Microsoft RDP servers again.
Thanks to Bernhard Miklautz and Martin Fleisz for helping out with
backporting this patch. Much appreciated!
* debian/control:
+ Update Vcs-*: URLs.
* debian/lib{freerdp-core1.1,winpr-sspi0.1}.symbols: Update symbols.
ganeti-os-noop (0.2-1+deb9u1) stretch; urgency=medium
.
* debian/control:
+ Update Vcs-*: fields. VCS repo has been migrated to salsa.debian.org.
+ Priority extra -> optional.
+ Update Maintainer: field to 'Debian Ganeti Team
<ganeti-os-noop@packages.debian.org>'
* debian/patches:
+ Add 1001_fix-export-script-for-non-block-devices.patch. Fix size
detection for non-block devices. Thanks to Bastian Blank for
providing the patch. (Closes: #895602).
ghostscript (9.26a~dfsg-0+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* New upstream version 9.26a~dfsg
+ Includes fix for CVE-2019-6116
* Temporarily split ABI at ~ (not a).
* Update symbols: 1 private added
ghostscript (9.26~dfsg-2) unstable; urgency=high
.
* Add patches cherry-picked upstream
to fix segfault with certain PDFs with -dLastPage=1.
Closes: Bug#915832. Thanks to Salvatore Bonaccorso.
* Set urgency=high as this is fixes regression in 9.26~dfsg-1.
ghostscript (9.26~dfsg-1) unstable; urgency=high
.
[ upstream ]
* New security and bugfix release.
.
[ Jonas Smedegaard ]
* Drop patches cherry-picked upstream now applied.
* Unfuzz patch 2009.
* Set urgency=high due to high potential for security fixes
(beyond those already included as cherry-picked patches).
* Update symbols: 12 private added.
ghostscript (9.26~dfsg-0+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Add patches cherry-picked upstream to fix segfault with certain PDFs with
-dLastPage=1. (Closes: #915832)
ghostscript (9.26~dfsg-0+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* New upstream version 9.26~dfsg
+ Includes fixes for the following security vulnerabilities:
CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477
* Drop patches cherry-picked upstream now applied
* Unfuzz patch 2009.
* Update symbols: 12 private added.
ghostscript (9.25~dfsg-7) unstable; urgency=medium
.
* drop obsolete preinst migrations.
* Quote variables in package helper update-gsfontmap.
* Fix typos in previous changelog entries.
* Disable parallel building.
Closes: Bug#912847. Thanks to Matthias Klose.
ghostscript (9.25~dfsg-6) unstable; urgency=medium
.
* Add patch cherry-picket upstream
to fix cups get/put_params LeadingEdge logic.
Closes: Bug#912664. Thanks to Salvatore Bonaccorso.
ghostscript (9.25~dfsg-5) unstable; urgency=medium
.
* Add patch cherry-picket upstream
to fix openjpeg segfault if size too large.
ghostscript (9.25~dfsg-4) unstable; urgency=high
.
* Re-release with urgency=high, due to CVE fixes.
ghostscript (9.25~dfsg-3) unstable; urgency=medium
.
* Add patches cherry-picked upstream to fix execution issues.
+ Implement .currentoutputdevice operator
+ Change "executeonly" to throw typecheck on gstatetype and
devicetype objects
+ Undefine some additional internal operators.
+ Fix handling of .needinput if used from interpreter
+ Ensure all errors are included from initialization
+ setundercolorremoval memory corruption
+ copydevice fails after stack device copies invalidated
+ add operand checking to .setnativefontmapbuilt
+ add object type check for AES key
+ Add parameter type checking on .bigstring
+ zparse_dsc_comments can crash with invalid dsc_state
+ Catch errors in setpagesize, .setpagesize and setpagedevice and
cleanup
+ Catch errors and cleanup stack on statusdict page size definitions
+ Add parameter checking in setresolution
+ device subclass open_device call must return child code
+ fix DSC comment parsing in pdfwrite
+ Check all uses of dict_find* to ensure 0 return properly handled
+ permit Mod and CreDate pdfmarks in PDF 2.0 in pdfwrite
+ Avoid overrunning non terminated string buffer.
+ Prevent SEGV in gs_setdevice_no_erase.
+ Fix uninitialised value for render_cond.
+ Hide the .needinput operator
+ filenameforall calls bad iodev with insufficent scratch
+ Improve hiding of security critical custom operators
+ Prevent SEGV after calling gs_image_class_1_simple.
+ don't push userdict in preparation for Type 1 fonts
+ add control over hiding error handlers.
+ For hidden operators, pass a name object to error handler.
+ Explicitly exclude /unknownerror from the SAFERERRORLIST
+ don't include operator arrays in execstack output
+ Make .forceput unavailable from '.policyprocs' helper dictionary
+ .loadfontloop must be an operator
+ font parsing - prevent SEGV in .cffparse
Closes: Bug#910678, #910758, #911175
(CVE-2018-17961, CVE-2018-18073, CVE-2018-18284).
Thanks to Salvatore Bonaccorso.
* Unfuzz patches.
* Declare compliance with Debian Policy 4.2.1.
* Update symbols: 1 private added.
ghostscript (9.25~dfsg-2) unstable; urgency=high
.
* Add/correct bug-closures for previous releases 9.25~dfsg-1,
9.25~dfsg-1~exp1, 9.24~~rc2~dfsg-1, 9.21~dfsg-1.
* Set urgency=high due to recent CVE fixes.
ghostscript (9.25~dfsg-1) unstable; urgency=medium
.
* Stop needlessly install symlinks handled upstream since ~9.05.
* Tidy control file:
+ Wrap-and-sort.
+ Drop support for auto-resolving package relations or major version.
* Update package relations:
+ Stop needlessly depend on debconf.
+ Stop build-depend on dh-buildinfo: Effectively unused.
+ Stop build-depend on libtrio: Unused upstream since 9.18.
* Update copyright info:
+ Wrap-and-sort.
+ Extend coverage of Debian packaging. Drop unneeded copyrigh signs.
+ Fix files section licensed as AGPL-3+ (no longer GPL-3+).
+ Use semantic linefeeds.
* Update symbols tracking:
+ Drop 19 private symbols.
+ Add 59 private symbols.
* Add more bug-closures to previous release 9.25~dfsg-1~exp1.
ghostscript (9.25~dfsg-1~exp1) experimental; urgency=medium
.
[ upstream ]
* New bugfix release(s).
Closes: Bug#907703, #908300, #908303, #908304, #908305
(CVE-2018-16509, CVE-2018-16543, CVE-2018-16510, CVE-2018-16585).
Thanks to Salvatore Bonaccorso.
.
* Update copyright info:
+ Stop exclude image containing non-DFSG ICC profile when
repackaging upstream source: Fixed upstream.
+ Fix cover license FTL.
* Set Rules-Requires-Root: no.
* Update symbols:
+ Drop commented out obsolete symbols.
+ Flag as optional symbols not declared in public header files.
* Avoid privacy breach linking documentation to jquery:
+ Add patch 2009 to use local jquery.
+ Add symlink from relative link to system-shared jquery library.
+ Have ghostscript-doc depend on libjs-jquery.
* Avoid privacy breach linking documentation to font:
+ Avoid linking to remote fonts in documentation.
* Avoid privacy breach linking documentation with Google:
+ Strip googletagmanager code from documentation.
ghostscript (9.25~dfsg-0+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* New upstream version 9.25~dfsg
+ Fixes regression using ps2ascii after fix for CVE-2018-17183
(Closes: #909076)
+ status operator honour SAFER option (CVE-2018-11645)
* Drop patches applied upstream
* Rebase 2001_docdir_fix_for_debian.patch for 9.25
* Rebase 2010_add_build_timestamp_setting.patch for 9.25
* Add patches cherry-picked upstream to fix execution issues.
+ Implement .currentoutputdevice operator
+ Change "executeonly" to throw typecheck on gstatetype and
devicetype objects
+ Undefine some additional internal operators.
+ Fix handling of .needinput if used from interpreter
+ Ensure all errors are included from initialization
+ setundercolorremoval memory corruption
+ copydevice fails after stack device copies invalidated
+ add operand checking to .setnativefontmapbuilt
+ add object type check for AES key
+ Add parameter type checking on .bigstring
+ zparse_dsc_comments can crash with invalid dsc_state
+ Catch errors in setpagesize, .setpagesize and setpagedevice and
cleanup
+ Catch errors and cleanup stack on statusdict page size definitions
+ Add parameter checking in setresolution
+ device subclass open_device call must return child code
+ fix DSC comment parsing in pdfwrite
+ Check all uses of dict_find* to ensure 0 return properly handled
+ permit Mod and CreDate pdfmarks in PDF 2.0 in pdfwrite
+ Avoid overrunning non terminated string buffer.
+ Prevent SEGV in gs_setdevice_no_erase.
+ Fix uninitialised value for render_cond.
+ Hide the .needinput operator
+ filenameforall calls bad iodev with insufficent scratch
+ Improve hiding of security critical custom operators (CVE-2018-17961)
(Closes: #911175)
+ Prevent SEGV after calling gs_image_class_1_simple.
+ don't push userdict in preparation for Type 1 fonts
+ add control over hiding error handlers. (Closes: #909929)
+ For hidden operators, pass a name object to error handler.
(CVE-2018-17961) (Closes: #911175)
+ Explicitly exclude /unknownerror from the SAFERERRORLIST
+ don't include operator arrays in execstack output (CVE-2018-18073)
(Closes: #910758)
+ Make .forceput unavailable from '.policyprocs' helper dictionary
(CVE-2018-18284) (Closes: #911175)
+ .loadfontloop must be an operator (CVE-2018-17961) (Closes: #911175)
+ font parsing - prevent SEGV in .cffparse
* openjpeg allocator must return NULL if size too large
* debian/copyright: Refresh with version from 9.25~dfsg-5
* debian/libgs9.symbols: Update (and sync from 9.25~dfsg-5) for new version.
Adjust version for errorexec_find@Base.
* Fix cups get/put_params LeadingEdge logic (cf. #912664)
* Avoid privacy breach linking documentation to jquery:
+ Add patch 2009 to use local jquery.
+ Add symlink from relative link to system-shared jquery library.
+ Have ghostscript-doc depend on libjs-jquery.
* Avoid privacy breach linking documentation to font:
+ Avoid linking to remote fonts in documentation.
* Avoid privacy breach linking documentation with Google:
+ Strip googletagmanager code from documentation.
ghostscript (9.24~~rc2~dfsg-1) experimental; urgency=medium
.
[ upstream ]
* New prerelease.
.
* Update copyright info:
+ Exclude convenience code copy of lcms2mt (not lcms2) and image
containing non-DFSG ICC profile when repackaging upstream source.
* Update copyright-check maintainer script: Extract metadata from png files.
* Update copyright info:
+ Extend coverage for main upstream author.
+ Extend coverage for Adobe.
* Drop patches cherry-picked upstream since applied.
* Unfuzz patches.
ghostscript (9.22~dfsg-3) unstable; urgency=high
.
* Add patches cherry-picked upstream to fix execution issues:
+ Properly apply file permissions to .tempfile.
+ Don't just assume an object is a t_(a)struct.
+ Fix handling of pre-SAFER opened files.
+ Properly check return value when getting value from a dictionary.
+ Handle LockDistillerParams not being a boolean.
+ Fix shading_param incomplete type checking.
+ Ensure the correct is in place before cleanup.
+ Check the restore operand type.
+ Fix memory corruption in aesdecode.
+ Fix handle stack overflow during error handling.
+ Avoid sharing pointers between pdf14 compositors.
+ Improve restore robustness.
+ Hide the .shfill operator.
Closes: Bug#907332. Thanks to Nicolas Braud-Santoni.
* Use package section optional (not extra).
* Extend lintian overrides regarding License-Reference.
* Declare compliance with Debian Policy 4.2.0.
ghostscript (9.22~dfsg-2.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Buffer overflow in fill_threshold_buffer (CVE-2016-10317)
(Closes: #860869)
* pdfwrite - Guard against trying to output an infinite number
(CVE-2018-10194) (Closes: #896069)
ghostscript (9.22~dfsg-2) unstable; urgency=medium
.
* Update Vcs-* fields for the move to salsa.d.o
ghostscript (9.22~dfsg-1) unstable; urgency=medium
.
[ upstream ]
* New release.
Highlights:
+ Ghostscript can now consume and produce (via the pdfwrite device)
PDF 2.0 compliant files.
+ The main focus of this release has been security and code
cleanliness. Hence many AddressSanitizer, Valgrind and Coverity
issues have been addressed.
+ The usual round of bug fixes, compatibility changes, and
incremental improvements.
.
[ Jonas Smedegaard ]
* Update copyright info:
+ Update paths of files to strip from upstream source.
+ Stop strip ConvertUTF files when repackaging upstream source: No
longer included upstream.
* Update watch file: Use substitution strings.
* Update package relations:
+ Relax to build-depend unversioned on liblcms2-dev d-shlibs cdbs:
Needed versions satisfied even in oldstable
* Tighten lintian overrides regarding License-Reference.
* Use https protocol for upstream Homepage.
* Declare compliance with Debian Policy 4.1.1.
* Drop patches applied upstream.
* Unfuzz patches.
* Update symbols file.
ghostscript (9.22~~rc1~dfsg-1) experimental; urgency=medium
.
[ upstream ]
* New release.
Highlights:
+ Ghostscript can now consume and produce (via the pdfwrite device)
PDF 2.0 compliant files.
+ The main focus of this release has been security and code
cleanliness. Hence many AddressSanitizer, Valgrind and Coverity
issues have been addressed.
+ The usual round of bug fixes, compatibility changes, and
incremental improvements.
.
* Update copyright info:
+ Update paths of files to strip from upstream source.
+ Stop strip ConvertUTF files when repackaging upstream source: No
longer included upstream.
* Update watch file: Use substitution strings.
* Update package relations:
+ Relax to build-depend unversioned on liblcms2-dev d-shlibs cdbs:
Needed versions satisfied even in oldstable
* Tighten lintian overrides regarding License-Reference.
* Use https protocol for upstream Homepage.
* Declare compliance with Debian Policy 4.1.0.
* Drop patches applied upstream.
* Unfuzz patches.
ghostscript (9.21~dfsg-1) unstable; urgency=medium
.
[ upstream ]
* New release.
Highlights:
+ pdfwrite preserves annotations from input PDFs where possible.
+ GhostXPS pass required data to pdfwrite to emit a ToUnicode CMap,
resulting in fully searchable PDFs created from XPS in most cases.
+ Allow default color space for PDF transparency blends.
+ Improved support for cross-compiling in configure script.
+ tiffscaled and tiffscaled4 supports ETS (Even Tone Screening).
+ toolbin/pdf_info.ps utility emits PDF XML metadata.
+ New scan converter, more performant with large and complex paths.
.
[ Jonas Smedegaard ]
* Modernize cdbs:
+ Do copyright-check in maintainer script (not during build).
* Avoid compressing pdf documentation.
* Revive git-ignore file, lost importing NMUs.
* Update watch file: Fix track releases (not tags).
* Update copyright info:
+ Fix update main Files section to include all directory wildcards
declared in root LICENSE file.
+ Stop track files no longer shipped upstream.
+ Add copyright holder Raph Levien.
+ Extend coverage for main upstream author.
+ Use https protocol in format string.
* Update patches:
+ Drop patches applied upstream.
+ Normalize patch names.
+ Tidy DEP3 patch headers.
+ Add patch cherry-picked upstream to fix the shared openjpeg build.
+ Add patch cherry-picked upstream to fix shared lib build with
openjpeg >= 2.1.1, replacing patch 1001.
* Update package relations:
+ Relax build-dependency on cdbs.
+ Stop build-depend on licensecheck libregexp-assemble-perl
libimage-exiftool-perl libfont-ttf-perl.
* Relax symbols check when targeting experimental.
* Update symbols: 16 dropped. 37 added.
* Declare compliance with Debian Policy 4.0.0.
ghostscript (9.21~dfsg-1~exp1) experimental; urgency=medium
.
[ upstream ]
* New release.
Highlights:
+ pdfwrite preserves annotations from input PDFs where possible.
+ GhostXPS pass required data to pdfwrite to emit a ToUnicode CMap,
resulting in fully searchable PDFs created from XPS in most cases.
+ Allow default color space for PDF transparency blends.
+ Improved support for cross-compiling in configure script.
+ tiffscaled and tiffscaled4 supports ETS (Even Tone Screening).
+ toolbin/pdf_info.ps utility emits PDF XML metadata.
+ New scan converter, more performant with large and complex paths.
.
[ Jonas Smedegaard ]
* Modernize cdbs:
+ Do copyright-check in maintainer script (not during build).
* Avoid compressing pdf documentation.
* Revive git-ignore file, lost importing NMUs.
* Update watch file: Fix track releases (not tags).
* Update copyright info:
+ Stop track files no longer shipped upstream.
+ Add copyright holder Raph Levien.
+ Extend coverage for main upstream author.
* Update patches:
+ Drop patches applied upstream.
+ Normalize patch names.
+ Tidy DEP3 patch headers.
+ Add patch cherry-picked upstream to fix the shared openjpeg build.
+ Add patch cherry-picked upstream to fix shared lib build with
openjpeg >= 2.1.1, replacing patch 1001.
* Update package relations:
+ Relax build-dependency on cdbs.
+ Stop build-depend on licensecheck libregexp-assemble-perl
libimage-exiftool-perl libfont-ttf-perl.
* Relax symbols check when targeting experimental.
glibc (2.24-11+deb9u4) stretch; urgency=medium
.
[ Aurelien Jarno ]
* debian/patches/git-updates.diff: update from upstream stable branch:
- Fix buffer overflow in glob with GLOB_TILDE (CVE-2017-15670). Closes:
#879501.
- Fix memory leak in glob with GLOB_TILDE (CVE-2017-15671). Closes:
#879500.
- Fix a buffer overflow in glob with GLOB_TILDE in unescaping
(CVE-2017-15804). Closes: #879955.
- Fix a memory leak in ld.so (CVE-2017-1000408). Closes: #884132.
- Fix a buffer overflow in ld.so (CVE-2017-1000409). Closes: #884133.
- Fixes incorrect RPATH/RUNPATH handling for SUID binaries
(CVE-2017-16997). Closes: #884615.
- Fix a data corruption in SSE2-optimized memmove implementation for
i386 (CVE-2017-18269).
- Fix a stack-based buffer overflow in the realpath function
(CVE-2018-11236). Closes: #899071.
- Fix a buffer overflow in the AVX-512-optimized implementation of the
mempcpy function (CVE-2018-11237). Closes: #899070.
- Fix stack guard size accounting and reduce stack usage during
unwinding to avoid segmentation faults on CPUs with AVX512-F. Closes:
#903554.
- Fix a use after free in pthread_create(). Closes: #916925.
* debian/debhelper.in/libc.postinst, script.in/nsscheck.sh: check for
postgresql in NSS check. Closes: #710275.
.
[ Sebastian Andrzej Siewior ]
* patches/any/local-condvar-do-not-use-requeue-for-pshared-condvars.patch:
patch to fix pthread_cond_wait() in the pshared case on non-x86. Closes:
#904158.
glx-alternatives (0.8.8~deb9u2) stretch; urgency=medium
.
* Revert dpkg-trigger changes from 0.8.8 as it may cause an exception thrown
in apt. (Closes: #922210)
glx-alternatives (0.8.8~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
.
glx-alternatives (0.8.8) unstable; urgency=medium
.
* glx-diversions: Put all packages that had shared libraries diverted into
triggers-awaited state to ensure the triggers in glx-alternative-mesa
setting up the glx alternative get processed earlier. (Closes: #905908)
* Bump Standards-Version to 4.2.1. No changes needed.
.
glx-alternatives (0.8.7) unstable; urgency=medium
.
* Update validation of the diverted libGL.so symlink.
.
glx-alternatives (0.8.6) unstable; urgency=medium
.
* glx-alternative-mesa: libGLX_mesa.so.0 is not diverted and therefore not
an indicator to install the alternative. (Closes: #904486)
.
glx-alternatives (0.8.5) unstable; urgency=medium
.
* Avoid confusing diagnostic message if no nvidia alternative is available.
.
glx-alternatives (0.8.4) unstable; urgency=medium
.
* Add diversion and alternative for libGLX_indirect.so.0.
* Bump Standards-Version to 4.1.5. No changes needed.
glx-alternatives (0.8.8~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
glx-alternatives (0.8.8) unstable; urgency=medium
.
* glx-diversions: Put all packages that had shared libraries diverted into
triggers-awaited state to ensure the triggers in glx-alternative-mesa
setting up the glx alternative get processed earlier. (Closes: #905908)
* Bump Standards-Version to 4.2.1. No changes needed.
glx-alternatives (0.8.7) unstable; urgency=medium
.
* Update validation of the diverted libGL.so symlink.
glx-alternatives (0.8.7~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
glx-alternatives (0.8.7) unstable; urgency=medium
.
* Update validation of the diverted libGL.so symlink.
.
glx-alternatives (0.8.6) unstable; urgency=medium
.
* glx-alternative-mesa: libGLX_mesa.so.0 is not diverted and therefore not
an indicator to install the alternative. (Closes: #904486)
.
glx-alternatives (0.8.5) unstable; urgency=medium
.
* Avoid confusing diagnostic message if no nvidia alternative is available.
.
glx-alternatives (0.8.4) unstable; urgency=medium
.
* Add diversion and alternative for libGLX_indirect.so.0.
* Bump Standards-Version to 4.1.5. No changes needed.
glx-alternatives (0.8.6) unstable; urgency=medium
.
* glx-alternative-mesa: libGLX_mesa.so.0 is not diverted and therefore not
an indicator to install the alternative. (Closes: #904486)
glx-alternatives (0.8.5) unstable; urgency=medium
.
* Avoid confusing diagnostic message if no nvidia alternative is available.
glx-alternatives (0.8.4) unstable; urgency=medium
.
* Add diversion and alternative for libGLX_indirect.so.0.
* Bump Standards-Version to 4.1.5. No changes needed.
glx-alternatives (0.8.3) unstable; urgency=medium
.
* Divert libGL.so.1.7.0, libGLESv1_CM.so.1.2.0, libGLESv2.so.2.1.0,
libEGL.so.1.1.0 that will be used by the next libglvnd upstream release.
* Update validation of the diverted libGL.so.1 symlink. (Closes: #879041)
gnulib (20140202+stable-2+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* vasnprintf: Fix heap memory overrun bug (CVE-2018-17942) (Closes: #910757)
gnupg2 (2.1.18-8~deb9u4) stretch; urgency=medium
.
* Avoid crash when importing without a TTY (Closes: #913614)
graphite-api (1.1.3-2+deb9u1) stretch; urgency=medium
.
[ Andreas Beckmann ]
* Non-maintainer upload.
* Backport spelling fix from 1.1.3-3. (Closes: #826020)
.
[ Vincent Bernat ]
* d/service: fix RequiresMountsFor spelling.
grokmirror (1.0.0-1.1~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
grokmirror (1.0.0-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Add the missing dependency on python-pkg-resources.
(Closes: #888847)
gvrng (4.4-3~deb9u1) stretch; urgency=medium
.
* QA upload.
* Rebuild for stretch.
.
gvrng (4.4-3) unstable; urgency=high
.
* QA upload.
* Fix the permissions problem that prevented starting gvrng.
(Closes: #850516)
* Tell dh_python2 where to find the files to generate dependencies.
ibus (1.5.14-3+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Remove the dependency of the gir package against python,
it breaks multiarch installation. (Closes: #889053)
icecast2 (2.4.2-1+deb9u1) stretch-security; urgency=high
.
* d/p/CVE-2018-18820.patch:
- Cherry-pick upstream commits fixing buffer overflow in URL authentication
- Closes: #912611, CVE-2018-18820
icinga2 (2.6.0-2+deb9u1) stretch; urgency=medium
.
* [0eb3cad] Fix timestamps being stored as local time in PostgreSQL.
intel-microcode (3.20180807a.2~deb9u1) stretch; urgency=medium
.
* Release managers:
This update is being distributed by Debian in unstable, testing and
jessie- and stretch-backports since 2018-10-30 without issues, and by
most distros since 2018-08/2018-09, with no known reports of
regressions on Westmere EP processors (Spectre mitigations are very
expensive on Nehalem and Westmere, though).
* SECURITY FIX: this update adds the accumulated fixes for Westmere EP
(signature 0x206c2) from nearly a decade, including but likely not
limited to:
+ Implements L1D_FLUSH support (L1TF "Foreshadow/-NG" mitigation)
Intel SA-00161, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646
+ Implements SSBD support (Spectre v4 mitigation),
Disable speculation for (some) RDMSR/WRMSR (Spectre v3a fix)
Intel SA-00115, CVE-2018-3639, CVE-2018-3640
+ Implements IBRS/IBPB/STIPB support, Spectre v2 mitigation.
Intel SA-0088, CVE-2017-5753, CVE-2017-5754
+ Very likely implements LAPIC sinkhole fix
+ Fixes AAK167/BT248: Virtual APIC accesses with 32-bit PAE paging
may cause system crash
* This Westmere EP microcode update has been explicitly approved by
Intel for general distribution by operating systems, refer to the
changelog entry for 3.20180807a.2 below
.
intel-microcode (3.20180807a.2) unstable; urgency=medium
.
* Makefile: unblacklist 0x206c2 (Westmere EP)
According to pragyansri.pathi@intel.com, on message to LP#1795594
on 2018-10-09, we can ship 0x206c2 updates without restrictions.
Also, there are no reports in the field about this update causing
issues (closes: #907402) (LP: #1795594)
intel-microcode (3.20180807a.2~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports (no changes)
.
intel-microcode (3.20180807a.2) unstable; urgency=medium
.
* Makefile: unblacklist 0x206c2 (Westmere EP)
According to pragyansri.pathi@intel.com, on message to LP#1795594
on 2018-10-09, we can ship 0x206c2 updates without restrictions.
Also, there are no reports in the field about this update causing
issues (closes: #907402) (LP: #1795594)
intel-microcode (3.20180807a.2~bpo8+1) jessie-backports-sloppy; urgency=medium
.
* Rebuild for jessie-backports-sloppy (no changes)
.
intel-microcode (3.20180807a.2) unstable; urgency=medium
.
* Makefile: unblacklist 0x206c2 (Westmere EP)
According to pragyansri.pathi@intel.com, on message to LP#1795594
on 2018-10-09, we can ship 0x206c2 updates without restrictions.
Also, there are no reports in the field about this update causing
issues (closes: #907402) (LP: #1795594)
intel-microcode (3.20180807a.1) unstable; urgency=high
.
[ Henrique de Moraes Holschuh ]
* New upstream microcode datafile 20180807a
(closes: #906158, #906160, #903135, #903141)
+ New Microcodes:
sig 0x000206c2, pf_mask 0x03, 2018-05-08, rev 0x001f, size 11264
sig 0x000206e6, pf_mask 0x04, 2018-05-15, rev 0x000d, size 9216
sig 0x000506c2, pf_mask 0x01, 2018-05-11, rev 0x0014, size 15360
sig 0x000506ca, pf_mask 0x03, 2018-05-11, rev 0x000c, size 14336
sig 0x000506f1, pf_mask 0x01, 2018-05-11, rev 0x0024, size 10240
+ Updated Microcodes:
sig 0x000106a5, pf_mask 0x03, 2018-05-11, rev 0x001d, size 12288
sig 0x000106e5, pf_mask 0x13, 2018-05-08, rev 0x000a, size 9216
sig 0x00020652, pf_mask 0x12, 2018-05-08, rev 0x0011, size 9216
sig 0x00020655, pf_mask 0x92, 2018-04-23, rev 0x0007, size 4096
sig 0x000206a7, pf_mask 0x12, 2018-04-10, rev 0x002e, size 12288
sig 0x000206f2, pf_mask 0x05, 2018-05-16, rev 0x003b, size 14336
sig 0x000306a9, pf_mask 0x12, 2018-04-10, rev 0x0020, size 13312
sig 0x000306c3, pf_mask 0x32, 2018-04-02, rev 0x0025, size 23552
sig 0x000306d4, pf_mask 0xc0, 2018-03-22, rev 0x002b, size 18432
sig 0x00040651, pf_mask 0x72, 2018-04-02, rev 0x0024, size 22528
sig 0x00040661, pf_mask 0x32, 2018-04-02, rev 0x001a, size 25600
sig 0x00040671, pf_mask 0x22, 2018-04-03, rev 0x001e, size 13312
sig 0x000406e3, pf_mask 0xc0, 2018-04-17, rev 0x00c6, size 99328
sig 0x00050662, pf_mask 0x10, 2018-05-25, rev 0x0017, size 31744
sig 0x00050663, pf_mask 0x10, 2018-04-20, rev 0x7000013, size 22528
sig 0x00050664, pf_mask 0x10, 2018-04-20, rev 0xf000012, size 22528
sig 0x000506c9, pf_mask 0x03, 2018-05-11, rev 0x0032, size 16384
sig 0x000506e3, pf_mask 0x36, 2018-04-17, rev 0x00c6, size 99328
sig 0x000706a1, pf_mask 0x01, 2018-05-22, rev 0x0028, size 73728
sig 0x000806e9, pf_mask 0xc0, 2018-03-24, rev 0x008e, size 98304
sig 0x000806ea, pf_mask 0xc0, 2018-05-15, rev 0x0096, size 98304
sig 0x000906e9, pf_mask 0x2a, 2018-03-24, rev 0x008e, size 98304
sig 0x000906ea, pf_mask 0x22, 2018-05-02, rev 0x0096, size 97280
sig 0x000906eb, pf_mask 0x02, 2018-03-24, rev 0x008e, size 98304
+ Implements L1D_FLUSH support (L1TF "Foreshadow/-NG" mitigation)
Intel SA-00161, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646
+ Implements SSBD support (Spectre v4 mitigation),
Disable speculation for (some) RDMSR/WRMSR (Spectre v3a fix)
Intel SA-00115, CVE-2018-3639, CVE-2018-3640
+ Implements IBRS/IBPB/STIPB support, Spectre v2 mitigation for older
processors with signatures 0x106a5, 0x106e5, 0x20652, 0x20655.
Intel SA-0088, CVE-2017-5753, CVE-2017-5754
* source: update symlinks to reflect id of the latest release, 20180807a
* debian/intel-microcode.docs: ship license and releasenote upstream files.
* debian/changelog: update entry for 3.20180703.1 with L1TF information
.
[ Julian Andres Klode ]
* initramfs: include all microcode for MODULES=most.
Default to early instead of auto, and install all of the microcode,
not just the one matching the current CPU, if MODULES=most is set
in the initramfs-tools config (LP: #1778738)
isort (4.2.5+ds1-2+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Add missing dependency on python3-pkg-resources. Thanks to
Andreas Beckmann for reporting the issue. (Closes: #902327)
* Fix dependencies of the python2 package by using the correct
${python:Depends} substvar instead of ${python3:Depends}. Thanks to Paul
Wise for catching it. (Closes: #884682)
jdupes (1.7-2+deb9u1) stretch; urgency=medium
.
* debian/patches/20_fix-crash-arm.patch: add to fix a potential crash in
ARM. Thanks to Jody Bruchon <jody@jodybruchon.com>. (Closes: #914078)
kmodpy (0.1.10-2.1~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
kmodpy (0.1.10-2.1) unstable; urgency=high
.
* Non-maintainer upload.
* Remove the incorrect Multi-Arch: same. (Closes: #897223)
libapache-mod-jk (1:1.2.46-0+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* New upstream version 1.2.46
+ CVE-2018-11759: fix information disclosure and privilege escalation
libapache-mod-jk (1:1.2.44-3) unstable; urgency=medium
.
* Remove conf/httpd-jk.conf from debian/clean to fix a FTBFS when building
binary-arch target.
libapache-mod-jk (1:1.2.44-2) unstable; urgency=medium
.
* Fix broken httpd-jk symlink.
Thanks to Andreas Beckmann for the report. (Closes: #910160)
libapache-mod-jk (1:1.2.44-1) unstable; urgency=medium
.
* New upstream version 1.2.44.
* Declare compliance with Debian Policy 4.2.1.
* Remove Damien Raude-Morvan from Uploaders. Add myself to Uploaders.
(Closes: #889461)
* Suggest alternative tomcat9 package.
* Drop obsolete libapache2-mod-jk.NEWS.
* Install new httpd-jk.conf file which follows Apache 2.4 syntax.
(Closes: #786635)
libapache-mod-jk (1:1.2.43-1) unstable; urgency=medium
.
* Team upload.
* New upstream release
- Refreshed the patches
* Standards-Version updated to 4.1.3
* Switch to debhelper level 11
libapache2-mod-perl2 (2.0.10-2+deb9u1) stretch; urgency=medium
.
* [SECURITY] CVE-2011-2767: don't allow <Perl> sections in
user controlled configuration (Closes: #644169)
libarchive (3.2.2-2+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload.
* Fix the following security vulnerabilities:
CVE-2016-10209, CVE-2016-10349, CVE-2016-10350, CVE-2017-14166,
CVE-2017-14501, CVE-2017-14502, CVE-2017-14503, CVE-2018-1000877,
CVE-2018-1000878, CVE-2018-1000879 and CVE-2018-1000880.
Multiple security vulnerabilities were found in libarchive, a multi-format
archive and compression library. Heap-based buffer over-reads, NULL pointer
dereferences, use-after-frees and out-of-bounds reads allow remote
attackers to cause a denial-of-service (application crash) via specially
crafted archive files.
(Closes: #859456, #861609, #874539, #875966, #875974, #875960, #916964,
#916963, #916960)
libb2 (0.97-2+deb9u1) stretch; urgency=medium
.
* debian/patches/60ea749837362c226e8501718f505ab138e5c19d.patch:
detect if the system can use AVX before actually using it
(Closes: #884958)
libdatetime-timezone-perl (1:2.09-1+2018i) stretch; urgency=medium
.
* Update to Olson database version 2018i.
This update contains contemporary changes for São Tomé and PrÃncipe.
libdatetime-timezone-perl (1:2.09-1+2018h) stretch; urgency=medium
.
* Update to Olson database version 2018h.
This update contains contemporary changes for Kazakhstan, Alaska, Morocco,
and Iran.
libemail-address-list-perl (0.05-1+deb9u1) stretch; urgency=medium
.
* [SECURITY] Fix DoS vulnerability CVE-2018-18898
libemail-address-perl (1.908-1+deb9u1) stretch; urgency=medium
.
* Team upload.
* [SECURITY]: Fix DoS vulnerabilities CVE-2015-7686 and CVE-2018-12558
libextractor (1:1.3-4+deb9u3) stretch-security; urgency=high
.
* Fix out-of-bounds read vulnerability in common/convert.c (Closes: #917214,
CVE-2018-20430).
* Fix NULL pointer dereference in OLE2 extractor (Closes: #917213,
CVE-2018-20431).
libgd2 (2.2.4-2+deb9u4) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Heap-based buffer overflow in gdImageColorMatch (CVE-2019-6977)
(Closes: #920645)
* Potential double-free in gdImage*Ptr() (CVE-2019-6978) (Closes: #920728)
libgpod (0.8.3-8.2+deb9u1) stretch; urgency=high
.
* QA upload.
* debian/control: Replace defunct Vcs-* fields with correct ones.
* python-gpod: Add missing dependency on python-gobject-2.
(Closes: #896230)
liblivemedia (2016.11.28-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2018-4013: stack-based buffer overflow in the HTTP packet-parsing
functionality, potentially resulting in code execution.
libphp-phpmailer (5.2.14+dfsg-2.3+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* object injection vulnerability (CVE-2018-19296) (Closes: #913912)
libreoffice (1:5.2.7-1+deb9u5) stretch-security; urgency=high
.
* debian/patches/disableClassPathURLCheck.diff: add workaround to
fix build with openjdks with S8195874 included - add
-Djdk.net.URLClassPath.disableClassPathURLCheck=true to JAVAIFLAGS;
see https://gerrit.libreoffice.org/#/c/63118/2
.
* debian/patches/keep-pyuno-script-processing-below-base-uri.diff: as name
says (CVE-2018-16858)
* debian/patches/show-partial-signatures-even-if-cert-validation-fails.diff:
as name says (CERT-Bund#2018100828000257), but backport the non-UI parts only
- the "signing already existing PDFs" feature doesn't exist here yet
libssh (0.7.3-2+deb9u2) stretch; urgency=medium
.
* Non-maintainer upload.
* Fix broken server-side keyboard-interactive authentication.
Thanks to Martin Pitt (Closes: #913870)
libvncserver (0.9.11+dfsg-1.3~deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Rebuild for stretch-security.
libvncserver (0.9.11+dfsg-1.2) unstable; urgency=high
.
* Non-maintainer upload.
* Fix multiple security vulnerabilities (Closes: #916941)
- Use-after-free in file transfer extension allows for potential
code execution (CVE-2018-15126)
- Heap out-of-bounds write in
rfbserver.c:rfbProcessFileTransferReadBuffer() allows for
potential code execution (CVE-2018-15127)
- Multiple heap out-of-bound writes in VNC client code
(CVE-2018-20019)
- Heap out-of-bound write inside structure in VNC client code allows
for potential code execution (CVE-2018-20020)
- Infinite loop in VNC client code allows for denial of service
(CVE-2018-20021)
- Improper initialization in VNC client code allows for information
disclosure (CVE-2018-20022)
- Improper initialization in VNC Repeater client code allows for
information disclosure (CVE-2018-20023)
- NULL pointer dereference in VNC client code allows for denial of
service (CVE-2018-20024)
- Use-after-free in file transfer extension server code allows for
potential code execution (CVE-2018-6307)
* Update symbols file for libvncserver1.
The fix for CVE-2018-15126 removes CloseUndoneFileTransfer and
introduces new CloseUndoneFileDownload and CloseUndoneFileUpload.
libvncserver (0.9.11+dfsg-1.1) unstable; urgency=high
.
* Non-maintainer upload.
* Fix CVE-2018-7225: Uninitialized and potentially sensitive data could be
accessed by remote attackers because the msg.cct.length in rfbserver.c was
not sanitized. (Closes: #894045)
linux (4.9.144-3) stretch; urgency=medium
.
* libceph: fix CEPH_FEATURE_CEPHX_V2 check in calc_signature()
(regression in 4.9.144)
linux (4.9.144-2) stretch; urgency=medium
.
* [mips*] inst: Avoid ABI change in 4.9.136 (fixes FTBFS)
* efi/libstub: Unify command line param parsing (fixes FTBFS on arm64)
linux (4.9.144-1) stretch; urgency=medium
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.136
- xfrm: Validate address prefix lengths in the xfrm selector.
- xfrm6: call kfree_skb when skb is toobig
- mac80211: Always report TX status
- cfg80211: reg: Init wiphy_idx in regulatory_hint_core()
- mac80211: fix pending queue hang due to TX_DROP
- cfg80211: Address some corner cases in scan result channel updating
- mac80211: TDLS: fix skb queue/priority assignment
- [armel,armhf] 8799/1: mm: fix pci_ioremap_io() offset check
- xfrm: validate template mode
- nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT
- mac80211_hwsim: do not omit multicast announce of first added radio
- Bluetooth: SMP: fix crash in unpairing
- qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor
- qed: Avoid constant logical operation warning in qed_vf_pf_acquire
- asix: Check for supported Wake-on-LAN modes
- ax88179_178a: Check for supported Wake-on-LAN modes
- lan78xx: Check for supported Wake-on-LAN modes
- sr9800: Check for supported Wake-on-LAN modes
- r8152: Check for supported Wake-on-LAN Modes
- smsc75xx: Check for Wake-on-LAN modes
- smsc95xx: Check for Wake-on-LAN modes
- perf/ring_buffer: Prevent concurent ring buffer access
- [x86] perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX
- [armhf] net: fec: fix rare tx timeout
- net: cxgb3_main: fix a missing-check bug
- perf symbols: Fix memory corruption because of zero length symbols
- mm/memory_hotplug.c: fix overflow in test_pages_in_a_zone()
- [mips*] microMIPS: Fix decoding of swsp16 instruction
- [mips*] Handle non word sized instructions when examining frame
- scsi: aacraid: Fix typo in blink status
- f2fs: fix multiple f2fs_add_link() having same name for inline dentry
- igb: Remove superfluous reset to PHY and page 0 selection
- ACPI: sysfs: Make ACPI GPE mask kernel parameter cover all GPEs
- PCI: Disable MSI for HiSilicon Hip06/Hip07 only in Root Port mode
- [arm64,armhf] i2c: bcm2835: Avoid possible NULL ptr dereference
- efi/fb: Correct PCI_STD_RESOURCE_END usage
- ipv6: set rt6i_protocol properly in the route when it is installed
- [x86] platform: acer-wmi: setup accelerometer when ACPI device was found
- IB/ipoib: Do not warn if IPoIB debugfs doesn't exist
- IB/core: Fix the validations of a multicast LID in attach or detach
operations
- rxe: Fix a sleep-in-atomic bug in post_one_send
- nvme-pci: fix CMB sysfs file removal in reset path
- net: phy: marvell: Limit 88m1101 autoneg errata to 88E1145 as well.
- net/mlx5: Fix command completion after timeout access invalid structure
- tipc: Fix tipc_sk_reinit handling of -EAGAIN
- tipc: fix a race condition of releasing subscriber object
- bnxt_en: Don't use rtnl lock to protect link change logic in workqueue.
- [armhf] dts: bcm283x: Reserve first page for firmware
- btrfs: fiemap: Cache and merge fiemap extent before submit it to user
- [arm64] reset: hi6220: Set module license so that it can be loaded
- [x86] ASoC: Intel: Skylake: Fix to parse consecutive string tkns in
manifest
- mac80211: fix TX aggregation start/stop callback race
- libata: fix error checking in in ata_parse_force_one()
- [armhf] net: ethernet: stmmac: Fix altr_tse_pcs SGMII Initialization
- [i386] x86/cpu/cyrix: Add alternative Device ID of Geode GX1 SoC
- [armhf] gpu: ipu-v3: Fix CSI selection for VDIC
- [arm64,armhf] net: stmmac: ensure jumbo_frm error return is correctly
checked for -ve value
- Btrfs: clear EXTENT_DEFRAG bits in finish_ordered_io
- ufs: we need to sync inode before freeing it
- net/mlx5e: Fix fixpoint divide exception in mlx5e_am_stats_compare
- ip6_tunnel: Correct tos value in collect_md mode
- net/mlx5: Fix driver load error flow when firmware is stuck
- perf evsel: Fix probing of precise_ip level for default cycles event
- perf probe: Fix probe definition for inlined functions
- net/mlx5: Fix health work queue spin lock to IRQ safe
- [armhf] usb: dwc3: omap: remove IRQ_NOAUTOEN used with shared irq
- [armhf] clk: samsung: Fix m2m scaler clock on Exynos542x
- rds: ib: Fix missing call to rds_ib_dev_put in rds_ib_setup_qp
- qed: Warn PTT usage by wrong hw-function
- ocfs2: fix deadlock caused by recursive locking in xattr
- net: cdc_ncm: GetNtbFormat endian fix
- sctp: use right member as the param of list_for_each_entry
- ALSA: hda - No loopback on ALC299 codec
- ath10k: convert warning about non-existent OTP board id to debug message
- ipv6: fix cleanup ordering for ip6_mr failure
- IB/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush
- IB/rxe: put the pool on allocation failure
- nbd: only set MSG_MORE when we have more to send
- mm/frame_vector.c: release a semaphore in 'get_vaddr_frames()'
- IB/mlx5: Avoid passing an invalid QP type to firmware
- scsi: qla2xxx: Avoid double completion of abort command
- drm: bochs: Don't remove uninitialized fbdev framebuffer
- i40e: avoid NVM acquire deadlock during NVM update
- Revert "IB/ipoib: Update broadcast object if PKey value was changed in
index 0"
- Btrfs: incremental send, fix invalid memory access
- [arm64] drm/msm: Fix possible null dereference on failure of get_pages()
- l2tp: remove configurable payload offset
- macsec: fix memory leaks when skb_to_sgvec fails
- perf/core: Fix locking for children siblings group read
- cifs: Use ULL suffix for 64-bit constant
- futex: futex_wake_op, do not fail on invalid op
- ALSA: hda - Fix incorrect usage of IS_REACHABLE()
- enic: do not overwrite error code
- bonding: ratelimit failed speed/duplex update warning
- nvmet: fix space padding in serial number
- iio: buffer: fix the function signature to match implementation
- [x86] paravirt: Fix some warning messages
- IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()'
- libertas: call into generic suspend code before turning off power
- xhci: Fix USB3 NULL pointer dereference at logical disconnect.
- [armhf] dts: imx53-qsb: disable 1.2GHz OPP
- rxrpc: Don't check RXRPC_CALL_TX_LAST after calling
rxrpc_rotate_tx_window()
- rxrpc: Only take the rwind and mtu values from latest ACK
- [x86] net: ena: fix NULL dereference due to untimely napi initialization
- fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters()
- mtd: spi-nor: Add support for is25wp series chips
- Revert "netfilter: ipv6: nf_defrag: drop skb dst before queueing"
- bridge: do not add port to router list when receives query with source
0.0.0.0
- net: bridge: remove ipv6 zero address check in mcast queries
- ipv6: mcast: fix a use-after-free in inet6_mc_check
- ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are
called
- llc: set SOCK_RCU_FREE in llc_sap_add_socket()
- net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs
- net: sched: gred: pass the right attribute to gred_change_table_def()
- net: socket: fix a missing-check bug
- [arm64,armhf] net: stmmac: Fix stmmac_mdio_reset() when building stmmac
as modules
- net: udp: fix handling of CHECKSUM_COMPLETE packets
- r8169: fix NAPI handling under high load
- sctp: fix race on sctp_id2asoc
- vhost: Fix Spectre V1 vulnerability
- ethtool: fix a privilege escalation bug
- bonding: fix length of actor system
- net: drop skb on failure in ip_check_defrag()
- net: fix pskb_trim_rcsum_slow() with odd trim offset
- rtnetlink: Disallow FDB configuration for non-Ethernet device
- ip6_tunnel: Fix encapsulation layout
- crypto: shash - Fix a sleep-in-atomic bug in shash_setkey_unaligned
- ahci: don't ignore result code of ahci_reset_controller()
- xfs: truncate transaction does not modify the inobt
- cachefiles: fix the race between cachefiles_bury_object() and rmdir(2)
- ptp: fix Spectre v1 vulnerability
- drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl
- RDMA/ucma: Fix Spectre v1 vulnerability
- IB/ucm: Fix Spectre v1 vulnerability
- cdc-acm: correct counting of UART states in serial state notification
- usb: gadget: storage: Fix Spectre v1 vulnerability
- USB: fix the usbfs flag sanitization for control transfers
- Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM
- sched/fair: Fix throttle_list starvation with low CFS quota
- [x86] percpu: Fix this_cpu_read()
- [x86] time: Correct the attribute on jiffies' definition
- posix-timers: Sanitize overrun handling (CVE-2018-12896)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.137
- bcache: fix miss key refill->end in writeback
- jffs2: free jffs2_sb_info through jffs2_kill_sb()
- pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges
- [arm64] ipmi: Fix timer race with module unload
- [hppa/parisc] Fix address in HPMC IVA
- [hppa/parisc] Fix map_pages() to not overwrite existing pte entries
- ALSA: hda - Add quirk for ASUS G751 laptop
- ALSA: hda - Fix headphone pin config for ASUS G751
- ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905)
- ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops
- [x86] speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
- [x86] corruption-check: Fix panic in memory_corruption_check() when boot
option without value is provided
- [x86] speculation: Support Enhanced IBRS on future CPUs
- Revert "perf tools: Fix PMU term format max value calculation"
- xfrm: policy: use hlist rcu variants on insert
- sched/fair: Fix the min_vruntime update logic in dequeue_entity()
- perf cpu_map: Align cpu map synthesized events properly.
- [x86] fpu: Remove second definition of fpu in __fpu__restore_sig()
- net: qla3xxx: Remove overflowing shift statement
- locking/lockdep: Fix debug_locks off performance problem
- tun: Consistently configure generic netdev params via rtnetlink
- [s390x] sthyi: Fix machine name validity indication
- [armhf] hwmon: (pwm-fan) Set fan speed to 0 on suspend
- perf tools: Free temporary 'sys' string in read_event_files()
- perf tools: Cleanup trace-event-info 'tdata' leak
- perf strbuf: Match va_{add,copy} with va_end
- mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01
- iwlwifi: pcie: avoid empty free RB queue
- [i386] x86/olpc: Indicate that legacy PC XO-1 platform should not
register RTC
- [arm64,armhf] cpufreq: dt: Try freeing static OPPs only if we have added
them
- Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth
- [arm64] pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux
- brcmfmac: fix for proper support of 160MHz bandwidth
- kprobes: Return error if we fail to reuse kprobe instead of BUG_ON()
- ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers
- [arm64] pinctrl: qcom: spmi-mpp: Fix drive strength setting
- [arm64] pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant
- [arm64] pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant
- ixgbevf: VF2VF TCP RSS
- ath10k: schedule hardware restart if WMI command times out
- cgroup, netclassid: add a preemption point to write_classid
- scsi: esp_scsi: Track residual for PIO transfers
- scsi: megaraid_sas: fix a missing-check bug
- RDMA/core: Do not expose unsupported counters
- IB/ipoib: Clear IPCB before icmp_send
- tpm: suppress transmit cmd error logs when TPM 1.2 is
disabled/deactivated
- [x86] VMCI: Resource wildcard match fixed
- ext4: fix argument checking in EXT4_IOC_MOVE_EXT
- MD: fix invalid stored role for a disk
- PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice
- [arm64,armhf] usb: chipidea: Prevent unbalanced IRQ disable
- [amd64] driver/dma/ioat: Call del_timer_sync() without holding prep_lock
- uio: ensure class is registered before devices
- scsi: lpfc: Correct soft lockup when running mds diagnostics
- signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid
namespace init
- ALSA: hda: Check the non-cached stream buffers more explicitly
- [armhf] dts: exynos: Remove "cooling-{min|max}-level" for CPU nodes
- [armhf] dts: exynos: Add missing cooling device properties for CPUs
- [armhf] dts: exynos: Convert exynos5250.dtsi to opp-v2 bindings
- [armhf] dts: exynos: Mark 1 GHz CPU OPP as suspend OPP on Exynos5250
- xen-swiotlb: use actually allocated size on check physical continuous
- [x86] tpm: Restore functionality to xen vtpm driver.
- xen/blkfront: avoid NULL blkfront_info dereference on device removal
- [x86] xen: fix race in xen_qlock_wait()
- [x86] xen: make xen_qlock_wait() nestable
- libertas: don't set URB_ZERO_PACKET on IN USB transfer
- [x86] usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten
- iwlwifi: mvm: check return value of rs_rate_from_ucode_rate()
- [x86] libnvdimm: Hold reference on parent while scheduling async init
- [x86] ASoC: intel: skylake: Add missing break in skl_tplg_get_token()
- jbd2: fix use after free in jbd2_log_do_checkpoint()
- gfs2_meta: ->mount() can get NULL dev_name
- ext4: initialize retries variable in ext4_da_write_inline_data_begin()
- ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR
- HID: hiddev: fix potential Spectre v1
- EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting
- [amd64] EDAC, skx_edac: Fix logical channel intermediate decoding
- PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk
- [ppc64el] signal/GenWQE: Fix sending of SIGKILL
- crypto: lrw - Fix out-of bounds access on counter overflow
- crypto: tcrypt - fix ghash-generic speed test
- ima: fix showing large 'violations' or 'runtime_measurements_count'
- hugetlbfs: dirty pages as they are added to pagecache
- [armhf] w1: omap-hdq: fix missing bus unregister at removal
- smb3: allow stats which track session and share reconnects to be reset
- smb3: do not attempt cifs operation in smb3 query info error path
- smb3: on kerberos mount if server doesn't specify auth type use krb5
- printk: Fix panic caused by passing log_buf_len to command line
- genirq: Fix race on spurious interrupt detection
- NFSv4.1: Fix the r/wsize checking
- nfsd: Fix an Oops in free_session()
- lockd: fix access beyond unterminated strings in prints
- dm ioctl: harden copy_params()'s copy_from_user() from malicious users
- [powerpc*] msi: Fix compile error on mpc83xx
- [mips*] OCTEON: fix out of bounds array access on CN68XX
- media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD
- [x86] xen: fix xen_qlock_wait()
- media: em28xx: use a default format if TRY_FMT fails
- media: tvp5150: avoid going past array on v4l2_querymenu()
- media: em28xx: fix input name for Terratec AV 350
- media: em28xx: make v4l2-compliance happier by starting sequence on zero
- [arm64] lse: remove -fcall-used-x0 flag
- rpmsg: smd: fix memory leak on channel create
- Cramfs: fix abad comparison when wrap-arounds occur
- [arm64,armhf] soc/tegra: pmc: Fix child-node lookup
- btrfs: Handle owner mismatch gracefully when walking up tree
- btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid
deadlock
- btrfs: fix error handling in free_log_tree
- btrfs: iterate all devices during trim, instead of
fs_devices::alloc_list
- btrfs: don't attempt to trim devices that don't support it
- btrfs: wait on caching when putting the bg cache
- btrfs: reset max_extent_size on clear in a bitmap
- btrfs: make sure we create all new block groups
- Btrfs: fix wrong dentries after fsync of file that got its parent
replaced
- btrfs: qgroup: Dirty all qgroups before rescan
- Btrfs: fix null pointer dereference on compressed write path error
- btrfs: set max_extent_size properly
- MD: fix invalid stored role for a disk - try2
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.138
- [powerpc*] powerpc/eeh: Fix possible null deref in eeh_dump_dev_log()
- tty: check name length in tty_find_polling_driver()
- [powerpc*] nohash: fix undefined behaviour when testing page size
support
- [armhf] drm/omap: fix memory barrier bug in DMM driver
- media: pci: cx23885: handle adding to list failure
- [mips*] kexec: Mark CPU offline before disabling local IRQ
- [powerpc*] boot: Ensure _zimage_start is a weak symbol
- [mips*] PCI: Call pcie_bus_configure_settings() to set MPS/MRRS
- media: tvp5150: fix width alignment during set_selection()
- 9p locks: fix glock.client_id leak in do_lock
- 9p: clear dangling pointers in p9stat_free
- cdrom: fix improper type cast, which can leat to information leak.
(CVE-2018-18710)
- scsi: qla2xxx: Fix incorrect port speed being set for FC adapters
- scsi: qla2xxx: shutdown chip if reset fail
- fuse: Fix use-after-free in fuse_dev_do_read()
- fuse: Fix use-after-free in fuse_dev_do_write()
- fuse: fix blocked_waitq wakeup
- fuse: set FR_SENT while locked
- mm: do not bug_on on incorrect length in __mm_populate()
- e1000: avoid null pointer dereference on invalid stat type
- e1000: fix race condition between e1000_down() and e1000_watchdog
- bna: ethtool: Avoid reading past end of buffer
- [hppa/parisc] Align os_hpmc_size on word boundary
- [hppa/parisc] Fix HPMC handler by increasing size to multiple of 16
bytes
- [hppa/parisc] Fix exported address of os_hpmc handler
- [mips64el,mipsel] Loongson-3: Fix CPU UART irq delivery problem
- [mips64le,mipsel] Loongson-3: Fix BRIDGE irq delivery problem
- [armhf] clk: s2mps11: Fix matching when built as module and DT node
contains compatible
- [armhf] clk: rockchip: Fix static checker warning in
rockchip_ddrclk_get_parent call
- libceph: bump CEPH_MSG_MAX_DATA_LEN
- Revert "ceph: fix dentry leak in splice_dentry()"
- mach64: fix display corruption on big endian machines
- mach64: fix image corruption due to reading accelerator registers
- [arm64] reset: hisilicon: fix potential NULL pointer dereference
- vhost/scsi: truncate T10 PI iov_iter to prot_bytes
- ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry
- mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings
- netfilter: conntrack: fix calculation of next bucket number in
early_drop
- termios, tty/tty_baudrate.c: fix buffer overrun
- Btrfs: fix cur_offset in the error case for nocow
- Btrfs: fix data corruption due to cloning of eof block
- clockevents/drivers/i8253: Add support for PIT shutdown quirk
- ext4: add missing brelse() update_backups()'s error path
- ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path
- ext4: add missing brelse() add_new_gdb_meta_bg()'s error path
- ext4: avoid potential extra brelse in setup_new_flex_group_blocks()
- ext4: fix possible inode leak in the retry loop of ext4_resize_fs()
- ext4: avoid buffer leak in ext4_orphan_add() after prior errors
- ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while
resizing
- ext4: avoid possible double brelse() in add_new_gdb() on error path
- ext4: fix possible leak of sbi->s_group_desc_leak in error path
- ext4: fix possible leak of s_journal_flag_rwsem in error path
- ext4: release bs.bh before re-using in ext4_xattr_block_find()
- ext4: fix buffer leak in ext4_xattr_move_to_block() on error path
- ext4: fix buffer leak in __ext4_read_dirblock() on error path
- mount: Retest MNT_LOCKED in do_umount
- mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts
- mount: Prevent MNT_DETACH from disconnecting locked mounts
- sunrpc: correct the computation for page_ptr when truncating
- nfsd: COPY and CLONE operations require the saved filehandle to be set
- rtc: hctosys: Add missing range error reporting
- fuse: fix use-after-free in fuse_direct_IO()
- fuse: fix leaked notify reply
- configfs: replace strncpy with memcpy
- lib/ubsan.c: don't mark __ubsan_handle_builtin_unreachable as noreturn
- hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444!
- mm: migration: fix migration of huge PMD shared pages
- [armhf] drm/rockchip: Allow driver to be shutdown on reboot/kexec
- drm/dp_mst: Check if primary mstb is null
- [x86] drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values
- [x86] drm/i915/execlists: Force write serialisation into context image
vs execution
- [arm64] KVM: Fix caching of host MDCR_EL2 value
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.139
- flow_dissector: do not dissect l4 ports for fragments
- ip_tunnel: don't force DF when MTU is locked
- net-gro: reset skb->pkt_type in napi_reuse_skb()
- sctp: not allow to set asoc prsctp_enable by sockopt
- tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control
paths
- usbnet: smsc95xx: disable carrier check while suspending
- inet: frags: better deal with smp races
- ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF
- kbuild: Add better clang cross build support
- kbuild: clang: add -no-integrated-as to KBUILD_[AC]FLAGS
- kbuild: Consolidate header generation from ASM offset information
- kbuild: consolidate redundant sed script ASM offset generation
- kbuild: fix asm-offset generation to work with clang
- kbuild: drop -Wno-unknown-warning-option from clang options
- kbuild, LLVMLinux: Add -Werror to cc-option to support clang
- kbuild: use -Oz instead of -Os when using clang
- kbuild: Add support to generate LLVM assembly files
- modules: mark __inittest/__exittest as __maybe_unused
- [x86] kbuild: Use cc-option to enable -falign-{jumps/loops}
- [amd64] crypto, x86: aesni - fix token pasting for clang
- kbuild: Add __cc-option macro
- [x86] build: Use __cc-option for boot code compiler options
- [x86] build: Specify stack alignment for clang
- kbuild: clang: Disable 'address-of-packed-member' warning
- [arm64] crypto: arm64/sha - avoid non-standard inline asm tricks
- [x86] boot: #undef memcpy() et al in string.c
- [arm64] efi/libstub/arm64: Use hidden attribute for struct screen_info
reference
- [arm64] efi/libstub/arm64: Force 'hidden' visibility for section markers
- efi/libstub: Preserve .debug sections after absolute relocation check
- [arm64] efi/libstub/arm64: Set -fpie when building the EFI stub
- [x86] build: Fix stack alignment for CLang
- [x86] build: Use cc-option to validate stack alignment parameter
- Kbuild: use -fshort-wchar globally
- [arm64] uaccess: suppress spurious clang warning
- [armel,armhf] add more CPU part numbers for Cortex and Brahma B15 CPUs
- [armel,armhf] bugs: prepare processor bug infrastructure
- [armel,armhf] bugs: hook processor bug checking into SMP and suspend
paths
- [armel,armhf] bugs: add support for per-processor bug checking
- [armel,armhf] spectre: add Kconfig symbol for CPUs vulnerable to Spectre
- [armel,armhf] spectre-v2: harden branch predictor on context switches
- [armel,armhf] spectre-v2: add Cortex A8 and A15 validation of the IBE
bit
- [armel,armhf] spectre-v2: harden user aborts in kernel space
- [armel,armhf] spectre-v2: add firmware based hardening
- [armel,armhf] spectre-v2: warn about incorrect context switching
functions
- [armel,armhf] KVM: invalidate BTB on guest exit for Cortex-A12/A17
- [armel,armhf] KVM: invalidate icache on guest exit for Cortex-A15
- [armel,armhf] spectre-v2: KVM: invalidate icache on guest exit for
Brahma B15
- [armel,armhf] KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling
- [armel,armhf] KVM: report support for SMCCC_ARCH_WORKAROUND_1
- [armel,armhf] spectre-v1: add speculation barrier (csdb) macros
- [armel,armhf] spectre-v1: add array_index_mask_nospec() implementation
- [armel,armhf] spectre-v1: fix syscall entry
- [armel,armhf] signal: copy registers using __copy_from_user()
- [armel,armhf] vfp: use __copy_from_user() when restoring VFP state
- [armel,armhf] oabi-compat: copy semops using __copy_from_user()
- [armel,armhf] use __inttype() in get_user()
- [armel,armhf] spectre-v1: use get_user() for __get_user()
- [armel,armhf] spectre-v1: mitigate user accesses
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.140
- Revert "x86/speculation: Enable cross-hyperthread spectre v2 STIBP
mitigation"
- Revert "ipv6: set rt6i_protocol properly in the route when it is
installed"
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.141
- cifs: don't dereference smb_file_target before null check
- reiserfs: propagate errors from fill_with_dentries() properly
- hfs: prevent btree data loss on root split
- hfsplus: prevent btree data loss on root split
- drm/edid: Add 6 bpc quirk for BOE panel.
- clk: fixed-rate: fix of_node_get-put imbalance
- fs/exofs: fix potential memory leak in mount option parsing
- [armhf] clk: samsung: exynos5420: Enable PERIS clocks for suspend
- [x86] platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307
- [arm64] percpu: Initialize ret in the default case
- netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net
- netfilter: ipset: Correct rcu_dereference() call in ip_set_put_comment()
- netfilter: xt_IDLETIMER: add sysfs filename checking routine
- [s390x] qeth: fix HiperSockets sniffer
- [ppc64el] hwmon: (ibmpowernv) Remove bogus __init annotations
- clk: fixed-factor: fix of_node_get-put imbalance
- qed: Fix memory/entry leak in qed_init_sp_request()
- qed: Fix blocking/unlimited SPQ entries leak
- zram: close udev startup race condition as default groups
- SUNRPC: drop pointless static qualifier in xdr_get_next_encode_buffer()
- gfs2: Put bitmap buffers in put_super
- btrfs: Enhance btrfs_trim_fs function to handle error better
- btrfs: Ensure btrfs_trim_fs can trim the whole filesystem
- btrfs: fix pinned underflow after transaction aborted
- Revert "media: videobuf2-core: don't call memop 'finish' when queueing"
- Revert "Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV"
- media: v4l: event: Add subscription to list before calling "add"
operation
- uio: Fix an Oops on load
- usb: cdc-acm: add entry for Hiro (Conexant) modem
- USB: quirks: Add no-lpm quirk for Raydium touchscreens
- usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB
- USB: misc: appledisplay: add 20" Apple Cinema Display
- [x86] ACPI / platform: Add SMB0001 HID to forbidden_id_list
- HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges
- libceph: fall back to sendmsg for slab pages
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.142
- usb: core: Fix hub port connection events lost
- [arm64,armhf] usb: dwc3: core: Clean up ULPI device
- usb: xhci: fix timeout for transition from RExit to U0
- MAINTAINERS: Add Sasha as a stable branch maintainer
- gpio: don't free unallocated ida on gpiochip_add_data_with_key() error
path
- iwlwifi: mvm: support sta_statistics() even on older firmware
- iwlwifi: mvm: fix regulatory domain update when the firmware starts
- brcmfmac: fix reporting support for 160 MHz channels
- tools/power/cpupower: fix compilation with STATIC=true
- v9fs_dir_readdir: fix double-free on p9stat_read error
- selinux: Add __GFP_NOWARN to allocation at str_read()
- bfs: add sanity check at bfs_fill_super()
- sctp: clear the transport of some out_chunk_list chunks in
sctp_assoc_rm_peer
- gfs2: Don't leave s_fs_info pointing to freed memory in init_sbd
- llc: do not use sk_eat_skb()
- mm: don't warn about large allocations for slab
- drm/ast: change resolution may cause screen blurred
- drm/ast: fixed cursor may disappear sometimes
- drm/ast: Remove existing framebuffers before loading driver
- can: dev: can_get_echo_skb(): factor out non sending code to
__can_get_echo_skb()
- can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame
to access frame length
- can: dev: __can_get_echo_skb(): Don't crash the kernel if
can_priv::echo_skb is accessed out of bounds
- can: dev: __can_get_echo_skb(): print error message, if trying to echo
non existing skb
- IB/core: Fix for core panic
- [amd64] IB/hfi1: Eliminate races in the SDMA send error path
- usb: xhci: Prevent bus suspend if a port connect change or polling state
is detected
- [arm64] pinctrl: meson: fix pinconf bias disable
- [armhf] cpufreq: imx6q: add return value check for voltage scale
- floppy: fix race condition in __floppy_read_block_0()
- [powerpc*] io: Fix the IO workarounds code to work with Radix
- [x86] perf/x86/intel/uncore: Add more IMC PCI IDs for KabyLake and
CoffeeLake CPUs
- SUNRPC: Fix a bogus get/put in generic_key_to_expire()
- [powerpc*] numa: Suppress "VPHN is not supported" messages
- [arm64,armhf] efi/arm: Revert deferred unmap of early memmap mapping
- tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative
offset
- of: add helper to lookup compatible child node
- ath10k: fix kernel panic due to race in accessing arvif list
- Input: xpad - add product ID for Xbox One S pad
- Input: xpad - fix Xbox One rumble stopping after 2.5 secs
- Input: xpad - correctly sort vendor id's
- Input: xpad - move reporting xbox one home button to common function
- Input: xpad - simplify error condition in init_output
- Input: xpad - don't depend on endpoint order
- Input: xpad - fix stuck mode button on Xbox One S pad
- Input: xpad - restore LED state after device resume
- Input: xpad - support some quirky Xbox One pads
- Input: xpad - sort supported devices by USB ID
- Input: xpad - sync supported devices with xboxdrv
- Input: xpad - add USB IDs for Mad Catz Brawlstick and Razer Sabertooth
- Input: xpad - sync supported devices with 360Controller
- Input: xpad - sync supported devices with XBCD
- Input: xpad - constify usb_device_id
- Input: xpad - fix PowerA init quirk for some gamepad models
- Input: xpad - validate USB endpoint type during probe
- Input: xpad - add support for PDP Xbox One controllers
- Input: xpad - add PDP device id 0x02a4
- Input: xpad - fix some coding style issues
- Input: xpad - avoid using __set_bit() for capabilities
- Input: xpad - add GPD Win 2 Controller USB IDs
- Input: xpad - fix GPD Win 2 controller name
- Input: xpad - add support for Xbox1 PDP Camo series gamepad
- mwifiex: prevent register accesses after host is sleeping
- mwifiex: report error to PCIe for suspend failure
- mwifiex: Fix NULL pointer dereference in skb_dequeue()
- mwifiex: fix p2p device doesn't find in scan problem
- scsi: ufs: fix bugs related to null pointer access and array size
- scsi: ufshcd: Fix race between clk scaling and ungate work
- scsi: ufs: fix race between clock gating and devfreq scaling work
- scsi: ufshcd: release resources if probe fails
- tty: wipe buffer.
- tty: wipe buffer if not echoing data
- usb: xhci: fix uninitialized completion when USB3 port got wrong status
- sched/core: Allow __sched_setscheduler() in interrupts when PI is not
used
- namei: allow restricted O_CREAT of FIFOs and regular files
- lan78xx: Read MAC address from DT if present
- [s390x] mm: Check for valid vma before zapping in gmap_discard
- net: ieee802154: 6lowpan: fix frag reassembly
- Revert "evm: Translate user/group ids relative to s_user_ns when
computing HMAC"
- ima: always measure and audit files in policy
- ima: re-introduce own integrity cache lock
- ima: re-initialize iint->atomic_flags
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.143
- mm/huge_memory: rename freeze_page() to unmap_page()
- mm/huge_memory.c: reorder operations in __split_huge_page_tail()
- mm/huge_memory: splitting set mapping+index before unfreeze
- mm/huge_memory: fix lockdep complaint on 32-bit i_size_read()
- mm/khugepaged: collapse_shmem() stop if punched or truncated
- shmem: shmem_charge: verify max_block is not exceeded before inode
update
- shmem: introduce shmem_inode_acct_block
- mm/khugepaged: fix crashes due to misaccounted holes
- mm/khugepaged: collapse_shmem() remember to clear holes
- mm/khugepaged: minor reorderings in collapse_shmem()
- mm/khugepaged: collapse_shmem() without freezing new_page
- mm/khugepaged: collapse_shmem() do not crash on Compound
- media: em28xx: Fix use-after-free when disconnecting
- [arm64,armhf] Revert "wlcore: Add missing PM call for
wlcore_cmd_wait_for_event_or_timeout()"
- net: skb_scrub_packet(): Scrub offload_fwd_mark
- [s390x] qeth: fix length check in SNMP processing
- usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2
- [x86] kvm: mmu: Fix race in emulated page table writes
- [x86] kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb
- [x86] KVM: Fix scan ioapic use-before-initialization (CVE-2018-19407)
- Btrfs: ensure path name is null terminated at btrfs_control_ioctl
- [x86] perf/x86/intel: Move branch tracing setup to the Intel-specific
source file
- [x86] perf/x86/intel: Add generic branch tracing check to
intel_pmu_has_bts()
- fs: fix lost error code in dio_complete
- [i386] ALSA: wss: Fix invalid snd_free_pages() at error path
- ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write
- ALSA: control: Fix race between adding and removing a user element
- [sparc] ALSA: sparc: Fix invalid snd_free_pages() at error path
- ext2: fix potential use after free
- btrfs: release metadata before running delayed refs
- USB: usb-storage: Add new IDs to ums-realtek
- usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series
- Revert "usb: dwc3: gadget: skip Set/Clear Halt when invalid"
- mm: use swp_offset as key in shmem_replace_page()
- [x86] Drivers: hv: vmbus: check the creation_status in
vmbus_establish_gpadl()
- [amd64] misc: mic/scif: fix copy-paste error in
scif_create_remote_lookup
- [armhf] bus: arm-cci: remove unnecessary unreachable()
- [armhf] trusted_foundations: do not use naked function
- [x86] efi/libstub: Make file I/O chunking x86-specific
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.144
- kernfs: Replace strncpy with memcpy
- ip_tunnel: Fix name string concatenate in __ip_tunnel_create()
- scsi: bfa: convert to strlcpy/strlcat
- [x86] staging: rts5208: fix gcc-8 logic error warning
- [amd64] x86/power/64: Use char arrays for asm function names
- iser: set sector for ambiguous mr status errors
- uprobes: Fix handle_swbp() vs. unregister() + register() race once more
- [mips*] fix mips_get_syscall_arg o32 check
- IB/mlx5: Avoid load failure due to unknown link width
- drm/ast: Fix incorrect free on ioregs
- drm: set is_master to 0 upon drm_new_set_master() failure
- scsi: scsi_devinfo: cleanly zero-pad devinfo strings
- scsi: csiostor: Avoid content leaks and casts
- [x86] svm: Add mutex_lock to protect apic_access_page_done on AMD
systems
- Input: xpad - quirk all PDP Xbox One gamepads
- Input: elan_i2c - add ELAN0620 to the ACPI table
- Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR
- Input: elan_i2c - add support for ELAN0621 touchpad
- btrfs: Always try all copies when reading extent buffers
- Btrfs: fix use-after-free when dumping free space
- udf: Allow mounting volumes with incorrect identification strings
- [arm64,armhf] reset: make optional functions really optional
- [arm64,armhf] reset: core: fix reset_control_put
- reset: fix optional reset_control_get stubs to return NULL
- [arm64,armhf] reset: add exported __reset_control_get, return NULL if
optional
- [arm64,armhf] reset: make device_reset_optional() really optional
- reset: remove remaining WARN_ON() in <linux/reset.h>
- mm: cleancache: fix corruption on missed inode invalidation
(CVE-2018-16862)
- net: qed: use correct strncpy() size
- tipc: use destination length for copy string
- libceph: drop len argument of *verify_authorizer_reply()
- libceph: no need to drop con->mutex for ->get_authorizer()
- libceph: store ceph_auth_handshake pointer in ceph_connection
- libceph: factor out __prepare_write_connect()
- libceph: factor out __ceph_x_decrypt()
- libceph: factor out encrypt_authorizer()
- libceph: add authorizer challenge (CVE-2018-1128)
- libceph: implement CEPHX_V2 calculation mode (CVE-2018-1129)
- libceph: weaken sizeof check in ceph_x_verify_authorizer_reply()
- libceph: check authorizer reply/challenge length before reading
- bpf: Prevent memory disambiguation attack (CVE-2018-3639)
- wil6210: missing length check in wmi_set_ie (CVE-2018-5848)
- btrfs: validate type when reading a chunk (CVE-2018-14611)
- btrfs: Verify that every chunk has corresponding block group at mount
time (CVE-2018-14612)
- btrfs: Refactor check_leaf function for later expansion
- btrfs: Check if item pointer overlaps with the item itself
- btrfs: Add sanity check for EXTENT_DATA when reading out leaf
- btrfs: Add checker for EXTENT_CSUM
- btrfs: Move leaf and node validation checker to tree-checker.c
- btrfs: struct-funcs, constify readers
- btrfs: tree-checker: Enhance btrfs_check_node output
- btrfs: tree-checker: Fix false panic for sanity test
- btrfs: tree-checker: Add checker for dir item
- btrfs: tree-checker: use %zu format string for size_t
- btrfs: tree-check: reduce stack consumption in check_dir_item
- btrfs: tree-checker: Verify block_group_item (CVE-2018-14613)
- btrfs: tree-checker: Detect invalid and empty essential trees
(CVE-2018-14612)
- btrfs: Check that each block group has corresponding chunk at mount time
(CVE-2018-14610)
- btrfs: tree-checker: Check level for leaves and nodes
- btrfs: tree-checker: Fix misleading group system information
- f2fs: fix race condition in between free nid allocator/initializer
(CVE-2017-18249)
- f2fs: detect wrong layout
- f2fs: return error during fill_super
- f2fs: check blkaddr more accuratly before issue a bio
- f2fs: sanity check on sit entry
- f2fs: enhance sanity_check_raw_super() to avoid potential overflow
- f2fs: clean up with is_valid_blkaddr()
- f2fs: introduce and spread verify_blkaddr
- f2fs: fix to do sanity check with secs_per_zone (CVE-2018-13100)
- f2fs: fix to do sanity check with user_block_count (CVE-2018-13097)
- f2fs: Add sanity_check_inode() function
- f2fs: fix to do sanity check with node footer and iblocks
(CVE-2018-13096)
- f2fs: fix to do sanity check with block address in main area
- f2fs: fix missing up_read
- f2fs: fix to do sanity check with block address in main area v2
(CVE-2018-14616)
- f2fs: free meta pages if sanity check for ckpt is failed
- f2fs: fix to do sanity check with cp_pack_start_sum (CVE-2018-14614)
- xfs: don't fail when converting shortform attr to long form during
ATTR_REPLACE (CVE-2018-18690)
- hugetlbfs: fix bug in pgoff overflow checking
.
[ Ben Hutchings ]
* drivers/net/ethernet: Ignore ABI changes (fixes FTBFS on arm64;
Closes: #914556)
* libcpupower: Hide private function and drop it from .symbols file
* Revert "elevator: fix truncation of icq_cache_name" to avoid ABI change
* reset: Avoid ABI changes in 4.9.144
* esp_scsi: Ignore ABI changes
* snd-hda: Ignore ABI changes
* posix-timers: Avoid ABI change in 4.9.136
* sched: Avoid ABI change in 4.9.136
* [armel,armhf] Avoid ABI change in 4.9.139
.
[ Noah Meyerhans ]
* [arm64] PCI: Enable HOTPLUG_PCI and HOTPLUG_PCI_ACPI (Closes: #915231)
* drivers/net/ethernet/amazon: Backport ENA 2.0.2 network driver
(Closes: #915229)
.
[ Salvatore Bonaccorso ]
* [rt] Refresh
0159-genirq-Allow-disabling-of-softirq-processing-in-irq-.patch for
context changes in 4.9.137
* Refresh mips-loongson-3-support-irq_set_affinity-in-i8259-ch.patch for
context changes in 4.9.138
* Refresh kbuild-use-nostdinc-in-compile-tests.patch for context changes in
4.9.139
* Refresh inet-frags-avoid-abi-change-in-4.9.134.patch for context changes
in 4.9.139
* scripts/mod: Update modpost wrapper for 4.9.139.
Upstream commit cf0c3e68aa81 "kbuild: fix asm-offset generation to work
with clang" changed the macros used by devicetable-offsets.c. Copy the
new sed code from upstream scripts/Makefile.lib.
Originates from the same change for 4.12 done by Ben Hutchings.
* Refresh media-v4l-avoid-abi-change-in-4.9.131.patch for context changes in
4.9.141
* Refresh fs-enable-link-security-restrictions-by-default.patch for context
changes in 4.9.142
* Refresh inet-frags-avoid-abi-change-in-4.9.134.patch for context changes
in 4.9.142
.
[ Michal Simek ]
* [arm64] Enable Xilinx ZynqMP SoC and drivers
linux (4.9.135-1) stretch; urgency=medium
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.131
- crypto: skcipher - Fix -Wstringop-truncation warnings
- tsl2550: fix lux1_input error in low light
- [x86] vmci: type promotion bug in qp_host_get_user_memory()
- [amd64] numa_emulation: Fix emulated-to-physical node mapping
- [x86] staging: rts5208: fix missing error check on call to
rtsx_write_register
- uwb: hwa-rc: fix memory leak at probe
- [arm64,armhf] power: vexpress: fix corruption in notifier registration
- [amd64] iommu/amd: make sure TLB to be flushed before IOVA freed
- Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
- USB: serial: kobil_sct: fix modem-status error handling
- 6lowpan: iphc: reset mac_header after decompress to fix panic
- [s390x] mm: correct allocate_pgste proc_handler callback
- power: remove possible deadlock when unregistering power_supply
- IB/core: type promotion bug in rdma_rw_init_one_mr()
- [powerpc*] kdump: Handle crashkernel memory reservation failure
- [x86] tsc: Add missing header to tsc_msr.c
- [armhf] hwmod: RTC: Don't assume lock/unlock will be called with irq
enabled
- [x86] entry/64: Add two more instruction suffixes
- scsi: target/iscsi: Make iscsit_ta_authentication() respect the output
buffer size
- scsi: klist: Make it safe to use klists in atomic context
- [powerpc/powerpc64,ppc64*] scsi: ibmvscsi: Improve strings handling
- usb: wusbcore: security: cast sizeof to int for comparison
- [ppc64el] powerpc/powernv/ioda2: Reduce upper limit for DMA window size
- alarmtimer: Prevent overflow for relative nanosleep (CVE-2018-13053)
- [s390x] extmem: fix gcc 8 stringop-overflow warning
- [armhf] media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial
data
- drivers/tty: add error handling for pcmcia_loop_config
- [x86] media: tm6000: add error handling for dvb_register_adapter
- ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge
- ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock
- rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication()
- [arm64,armhf] wlcore: Add missing PM call for
wlcore_cmd_wait_for_event_or_timeout()
- [armhf] mvebu: declare asm symbols as character arrays in pmsu.c
- HID: hid-ntrig: add error handling for sysfs_create_group
- [x86] perf/x86/intel/lbr: Fix incomplete LBR call stack
- scsi: bnx2i: add error handling for ioremap_nocache
- scsi: megaraid_sas: Update controller info during resume
- [x86] EDAC, i7core: Fix memleaks and use-after-free on probe and remove
- ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs
- nfsd: fix corrupted reply to badly ordered compound
- EDAC: Fix memleak in module init error path
- [armhf] dts: dra7: fix DCAN node addresses
- [arm64] spi: tegra20-slink: explicitly enable/disable clock
- [arm*] regulator: fix crash caused by null driver data
- USB: fix error handling in usb_driver_claim_interface()
- USB: handle NULL config in usb_find_alt_setting()
- slub: make ->cpu_partial unsigned int
- media: uvcvideo: Support realtek's UVC 1.5 device
- USB: usbdevfs: sanitize flags more
- USB: usbdevfs: restore warning for nonsensical flags
- Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in
service_outstanding_interrupt()"
- USB: remove LPM management from usb_driver_claim_interface()
- Input: elantech - enable middle button of touchpad on ThinkPad P72
- IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop
- [amd64] IB/hfi1: Invalid user input can result in crash
- [amd64] IB/hfi1: Fix context recovery when PBC has an UnsupportedVL
- scsi: target: iscsi: Use bin2hex instead of a re-implementation
- [armhf] serial: imx: restore handshaking irq for imx1
- [amd64] IB/hfi1: Fix SL array bounds check
- qed: Wait for ready indication before rereading the shmem
- qed: Wait for MCP halt and resume commands to take place
- [arm*] thermal: of-thermal: disable passive polling when thermal zone is
disabled
- [arm64] net: hns: fix length and page_offset overflow when
CONFIG_ARM64_64K_PAGES
- [arm64] net: hns: fix skb->truesize underestimation
- e1000: check on netif_running() before calling e1000_up()
- e1000: ensure to free old tx/rx rings in set_ringparam()
- hwmon: (adt7475) Make adt7475_read_word() return errors
- [x86] drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode
- [arm*] smccc-1.1: Make return values unsigned long
- [arm*] smccc-1.1: Handle function result as parameters
- [x86] i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus
- media: v4l: event: Prevent freeing event subscriptions while accessed
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.132
- [arm64] serial: mvebu-uart: Fix reporting of effective CSIZE to
userspace
- time: Introduce jiffies64_to_nsecs()
- mac80211: Run TXQ teardown code before de-registering interfaces
- [ppc64el] KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate
function
- mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X
- mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X
- mac80211: mesh: fix HWMP sequence numbering to follow standard
- [arm64] net: hns: add netif_carrier_off before change speed and duplex
- cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE
- gpio: Fix crash due to registration race
- RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0
- fs/cifs: don't translate SFM_SLASH (U+F026) to backslash
- cfg80211: fix a type issue in ieee80211_chandef_to_operating_class()
- mac80211: fix a race between restart and CSA flows
- mac80211: Fix station bandwidth setting after channel switch
- mac80211: don't Tx a deauth frame if the AP forbade Tx
- mac80211: shorten the IBSS debug messages
- mm: madvise(MADV_DODUMP): allow hugetlbfs pages
- HID: add support for Apple Magic Keyboards
- HID: hid-saitek: Add device ID for RAT 7 Contagion
- perf evsel: Fix potential null pointer dereference in
perf_evsel__new_idx()
- [ppc64el] perf probe powerpc: Ignore SyS symbols irrespective of
endianness
- RDMA/ucma: check fd type in ucma_migrate_id()
- USB: yurex: Check for truncation in yurex_read()
- nvmet-rdma: fix possible bogus dereference under heavy load
- net/mlx5: Consider PCI domain in search for next dev
- drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS
- dm raid: fix rebuild of specific devices by updating superblock
- fs/cifs: suppress a string overflow warning
- [x86] net: ena: fix driver when PAGE_SIZE == 64kB
- [x86] perf/x86/intel: Add support/quirk for the MISPREDICT bit on
Knights Landing CPUs
- dm thin metadata: try to avoid ever aborting transactions
- [arm64] jump_label.h: use asm_volatile_goto macro instead of "asm goto"
- r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED
- [s390x] qeth: use vzalloc for QUERY OAT buffer
- [s390x] qeth: don't dump past end of unknown HW header
- cifs: read overflow in is_valid_oplock_break()
- xen/manage: don't complain about an empty value in control/sysrq node
- xen: avoid crash in disable_hotplug_cpu
- xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage
- sysfs: Do not return POSIX ACL xattrs via listxattr
- smb2: fix missing files in root share directory listing
- ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760
- [x86] crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe()
- gpiolib: Free the last requested descriptor
- proc: restrict kernel stack dumps to root (CVE-2018-17972)
- ocfs2: fix locking for res->tracking and dlm->tracking_list
- dm thin metadata: fix __udivdi3 undefined on 32-bit
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.133
- mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly
- [amd64] x86/vdso: Fix asm constraints on vDSO syscall fallbacks
- [amd64] x86/vdso: Fix vDSO syscall fallback asm constraint regression
- PCI: Reprogram bridge prefetch registers on resume
- mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys
- PM / core: Clear the direct_complete flag on errors
- dm cache metadata: ignore hints array being too small during resize
- dm cache: fix resize crash if user doesn't reload cache table
- xhci: Add missing CAS workaround for Intel Sunrise Point xHCI
- USB: serial: simple: add Motorola Tetra MTP6550 id
- tty: Drop tty->count on tty_reopen() failure
- cgroup: Fix deadlock in cpu hotplug path
- ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait
- ath10k: fix kernel panic issue during pci probe
- f2fs: fix invalid memory access
- ucma: fix a use-after-free in ucma_resolve_ip()
- ubifs: Check for name being NULL while mounting
- ath10k: fix scan crash due to incorrect length calculation
- ebtables: arpreply: Add the standard target sanity check
- [x86] fpu: Remove use_eager_fpu()
- [x86] fpu: Remove struct fpu::counter
- Revert "perf: sync up x86/.../cpufeatures.h"
- [x86] fpu: Finish excising 'eagerfpu'
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.134
- [armhf] mfd: omap-usb-host: Fix dts probe of children
- scsi: iscsi: target: Don't use stack buffer for scatterlist
- scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted()
- sound: enable interrupt after dma buffer initialization
- [arm64,armhf] stmmac: fix valid numbers of unicast filter entries
- [x86] kvm/lapic: always disable MMIO interface in x2APIC mode
- ext4: Fix error code in ext4_xattr_set_entry()
- mm/vmstat.c: fix outdated vmstat_text
- mach64: detect the dot clock divider correctly on sparc
- [x86] i2c: i2c-scmi: fix for i2c_smbus_write_block_data
- xhci: Don't print a warning when setting link state for disabled ports
- bnxt_en: Fix TX timeout during netpoll.
- bonding: avoid possible dead-lock
- ip6_tunnel: be careful when accessing the inner header
- ip_tunnel: be careful when accessing the inner header
- ipv4: fix use-after-free in ip_cmsg_recv_dstaddr()
- ipv6: take rcu lock in rawv6_send_hdrinc()
- [armhf] net: dsa: bcm_sf2: Call setup during switch resume
- ]arm64] net: hns: fix for unmapping problem when SMMU is on
- net: ipv4: update fnhe_pmtu when first hop's MTU changes
- net/ipv6: Display all addresses in output of /proc/net/if_inet6
- net/usb: cancel pending work when unbinding smsc75xx
- qlcnic: fix Tx descriptor corruption on 82xx devices
- qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface
- team: Forbid enslaving team device to itself
- [armhf] net: dsa: bcm_sf2: Fix unbind ordering
- [armhf] net: mvpp2: Extract the correct ethtype from the skb for tx csum
offload
- rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096
- tcp/dccp: fix lockdep issue when SYN is backlogged
- inet: make sure to grab rcu_read_lock before using ireq->ireq_opt
- inet: frags: change inet_frags_init_net() return value
- inet: frags: add a pointer to struct netns_frags
- inet: frags: refactor ipfrag_init()
- inet: frags: refactor ipv6_frag_init()
- inet: frags: refactor lowpan_net_frag_init()
- ipv6: export ip6 fragments sysctl to unprivileged users
- rhashtable: add schedule points
- inet: frags: use rhashtables for reassembly units
- inet: frags: remove some helpers
- inet: frags: get rif of inet_frag_evicting()
- inet: frags: remove inet_frag_maybe_warn_overflow()
- inet: frags: do not clone skb in ip_expire()
- ipv6: frags: rewrite ip6_expire_frag_queue()
- inet: frags: get rid of ipfrag_skb_cb/FRAG_CB
- ip: discard IPv4 datagrams with overlapping segments.
- net: speed up skb_rbtree_purge()
- net: modify skb_rbtree_purge to return the truesize of all purged skbs.
- ipv6: defrag: drop non-last frags smaller than min mtu
- net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends
- net: add rb_to_skb() and other rb tree helpers
- ip: use rb trees for IP frag queue.
- ip: add helpers to process in-order fragments faster.
- ip: process in-order fragments efficiently
- ip: frags: fix crash in ip_do_fragment()
- ipv4: frags: precedence bug in ip_expire()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.135
- media: af9035: prevent buffer overflow on write
- batman-adv: Fix segfault when writing to throughput_override
- batman-adv: Fix segfault when writing to sysfs elp_interval
- batman-adv: Prevent duplicated nc_node entry
- batman-adv: Prevent duplicated softif_vlan entry
- batman-adv: Prevent duplicated global TT entry
- batman-adv: Prevent duplicated tvlv handler
- batman-adv: fix backbone_gw refcount on queue_work() failure
- batman-adv: fix hardif_neigh refcount on queue_work() failure
- [armhf] clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP
flag for non-am43 SoCs
- [powerpc*/*64*] scsi: ibmvscsis: Fix a stringop-overflow warning
- [powerpc*/*64*] scsi: ibmvscsis: Ensure partition name is properly NUL
terminated
- [arm64] drm: mali-dp: Call drm_crtc_vblank_reset on device init
- scsi: sd: don't crash the host on invalid commands
- net/mlx4: Use cpumask_available for eq->affinity_mask
- [powerpc*] tm: Fix userspace r13 corruption
- [powerpc*] tm: Avoid possible userspace r1 corruption on reclaim
- [amd64] iommu/amd: Return devid as alias for ACPI HID devices
- mremap: properly flush TLB before releasing the page (CVE-2018-18281)
- mm: Preserve _PAGE_DEVMAP across mprotect() calls
- netfilter: check for seqadj ext existence before adding it in
nf_nat_setup_info
- HID: quirks: fix support for Apple Magic Keyboards
- usb: gadget: serial: fix oops when data rx'd after close
- sched/cputime: Convert kcpustat to nsecs
- sched/cputime: Increment kcpustat directly on irqtime account
- sched/cputime: Fix ksoftirqd cputime accounting regression
- [x86] HV: properly delay KVP packets when negotiation is in progress
.
[ Ben Hutchings ]
* Resolve ABI changes caused by upstream fix for CVE-2018-5391:
- Revert "inet: frags: fix ip6frag_low_thresh boundary"
- Revert "inet: frags: reorganize struct netns_frags"
- Revert "rhashtable: reorganize struct rhashtable layout"
- Revert "inet: frags: break the 2GB limit for frags storage"
- inet: frags: Avoid ABI change in 4.9.134
- sk_buff: Avoid ABI change in 4.9.134
- snmp: Remove the ReasmOverlaps statistic
- ipv6: Ignore ABI changes in fragment reassembly functions
* [x86] fpu: Avoid ABI change in 4.9.133
* power: Avoid ABI change in 4.9.131
* slub: Avoid ABI change in 4.9.131
* media: v4l: Avoid ABI change in 4.9.131
* netdev: Hide netdev_notifier_info_ext from modules
* [x86] Revert "x86/mm: Expand static page table for fixmap space"
linux-igd (1.0+cvs20070630-5+deb9u1) stretch; urgency=medium
.
* QA upload.
* Set maintainer to the QA group.
* Make the init script require $network; patch by Nye Liu (Closes: #885826)
lttng-modules (2.9.0-1+deb9u1) stable; urgency=medium
.
* [c3d8eab] Stretch gbp branch config
* [ee40323] Fix build on linux-rt 4.9 kernels. (Closes: #864404)
* [b20f74a] Fix build on >= 4.9.0-3 kernels (Closes: #889901)
mistral (3.0.0-4+deb9u1) stretch; urgency=medium
.
* CVE-2018-16849: std.ssh action may disclose presence of arbitrary files,
applied upstream patch: remove extra information from std.ssh action.
(Closes: #912714).
monkeysign (2.2.3+deb9u1) stretch; urgency=medium
.
* upload to Debian stable
mpqc (2.3.1-18+deb9u1) stretch; urgency=medium
.
[ Andreas Beckmann ]
* Non-maintainer upload.
* Backport the sc-libtool fix from 2.3.1-19.
.
[ Michael Banck ]
* debian/libsc-dev.install: Install sc-libtool as well, thanks to Hideki
Yamane (closes: #873719).
mupdf (1.9a+ds1-4+deb9u4) stretch-security; urgency=high
.
* Fix CVE-2017-17866, CVE-2018-1000037, CVE-2018-1000040, CVE-2018-5686,
CVE-2018-6187, and CVE-2018-6192
(Closes: #885120, #887130, #888464, #888487)
netatalk (2.2.5-2+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Unauthenticated remote code execution in Netatalk (CVE-2018-1160)
nginx (1.10.3-1+deb9u2) stretch-security; urgency=high
.
* Backport http2_max_requests directive needed for
CVE-2018-16844 mitigation
* Backport upstream fixes for 3 CVEs (Closes: #913090)
+ CVE-2018-16843 Excessive memory usage in HTTP/2
+ CVE-2018-16844 Excessive CPU usage in HTTP/2
This change limits the maximum allowed number of idle state
switches to 10 * http2_max_requests (i.e., 10000 by default).
This limits possible CPU usage in one connection, and also
imposes a limit on the maximum lifetime of a connection
+ CVE-2018-16845 Memory disclosure in the ngx_http_mp4_module
nvidia-graphics-drivers (390.87-8~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
.
nvidia-graphics-drivers (390.87-8) unstable; urgency=medium
.
* Tune more package relationships to prevent that installing packages from
nvidia-graphics-drivers-legacy-390xx driver pulls in packages from
nvidia-graphics-drivers via Recommends.
.
nvidia-graphics-drivers (390.87-7) unstable; urgency=medium
.
* Updated French (fr) debconf translations by Quentin Lejard.
(Closes: #920940)
* Use d/control.md5sum to keep track of d/control being up-to-date.
* Tune package relationships to prevent that installing packages from
nvidia-graphics-drivers-legacy-390xx driver pulls in packages from
nvidia-graphics-drivers via Recommends.
* Drop versioned constraints that are satisfied in wheezy.
.
nvidia-graphics-drivers (390.87-6) unstable; urgency=medium
.
[ Luca Boccassi ]
* Add ipmi-user.patch and vm-insert-pfn.patch to fix kernel module build for
Linux 4.20 and newer. (Closes: #917586)
* Update Swedish (sv) debconf translation. Thank you Martin Bagge!
(Closes: #918018)
.
nvidia-graphics-drivers (390.87-5) unstable; urgency=medium
.
* Prefer KBUILD_LDFLAGS (used since 4.19) over LDFLAGS. (Closes: #916883)
* Work around update-alternatives bug #916799 and re-register the
alternative to clean-up leftover slaves.
* Bump Standards-Version to 4.3.0. No changes needed.
* Update lintian overrides.
.
nvidia-graphics-drivers (390.87-4) unstable; urgency=medium
.
[ Andreas Beckmann ]
* Drop libnvidia-egl-wayland1, nvidia-egl-wayland-{common,icd} packages.
These will be provided by src:egl-wayland. (Closes: #915824)
* Add more Conflicts between GLVND/non-GLVND packages to smoothen some
install paths with --install-recommends enabled.
.
[ Philipp Kern ]
* debian/gen-control.pl: Generate debian/control from debian/control.in.
.
nvidia-graphics-drivers (390.87-3) unstable; urgency=medium
.
* Make libgles-nvidia1 a full citizen again, libglvnd now builds libgles1.
* libnvidia-fatbinaryloader: Prevent co-installation with the same upstream
version of libnvidia-legacy-390xx-fatbinaryloader.
* Pass the private library directory to dh_shlibdeps using the -l option
instead of LD_LIBRARY_PATH, fixing FTBFS with dpkg 1.19.1.
* Add Build-Depends-Package to symbols files where appropriate and override
symbols-file-missing-build-depends-package-field elsewhere.
* Clean up and unify rule style in debian/rules.
* Add debian/rules targets for archiving the tarballs in a separate
repository using sparse checkouts and git-lfs as storage backend.
.
nvidia-graphics-drivers (390.87-2) unstable; urgency=medium
.
* Reinstate cc_version_check-gcc5.patch. (Closes: #908568)
* nvidia-kernel-dkms.README.Debian: Document that using a mismatching
binutils version may result in modules failing to load with errors like
"Invalid module format", "Unknown rela relocation: 4".
.
nvidia-graphics-drivers (390.87-1) unstable; urgency=medium
.
* New upstream long lived branch release 390.87 (2018-08-27).
- Fixed a resource leak introduced in the 390 series of drivers that could
lead to reduced performance after starting and stopping several OpenGL
and/or Vulkan applications.
.
[ Luca Boccassi ]
* Update nv-readme.ids.
* Add drm-mode.patch to fix nvidia-drm build for Linux 4.19.
(Closes: #908359)
.
[ Andreas Beckmann ]
* Remove cc_version_check-gcc5.patch and re-enable strict version checks,
using mismatching compiler versions may create unloadable modules due to
unsupported relocations.
* Refresh patches.
* Synchronize the module build debhelper sequence with debhelper 10.
* Bump Standards-Version to 4.2.1. No changes needed.
.
nvidia-graphics-drivers (390.77-1) unstable; urgency=medium
.
* New upstream long lived branch release 390.77 (2018-07-16).
- Improved compatibility with recent Linux kernels.
- Fixed an intermittent hang of Vulkan applications running fullscreen
when flipping is allowed.
- Removed informational messages that were printed by nvidia-modeset.ko
whenever a GPU device was allocated or freed.
- Fixed a bug that caused kwin OpenGL compositing to crash when
launching certain OpenGL applications.
* New upstream release 367 series.
- Updated the OpenGL driver to allow the use of integer format (SINT/UINT)
color attachments with depth attachments in Frame Buffer Objects.
.
nvidia-graphics-drivers (390.67-3) unstable; urgency=medium
.
[ Luca Boccassi ]
* Add drm_control_allow.patch to fix kernel module build for Linux 4.18 and
newer.
.
[ Andreas Beckmann ]
* The libGLX_indirect.so.0 alternative is now handled by glx-alternatives.
* Bump Standards-Version to 4.1.5. No changes needed.
.
nvidia-graphics-drivers (390.67-2) unstable; urgency=high
.
* Add kmem_cache_create_usercopy.patch from Red Hat, fixing "Bad or missing
usercopy whitelist? Kernel memory exposure attempt detected from SLUB
object 'nvidia_stack_cache'" on Linux kernels that have disabled
CONFIG_HARDENED_USERCOPY_FALLBACK (i.e. linux-image-4.16.0-2-* or newer).
(Closes: #901919)
.
nvidia-graphics-drivers (390.67-1) unstable; urgency=medium
.
* New upstream long lived branch release 390.67 (2018-06-05).
- Fixed a bug that could cause kernel panics when using Quadro SDI
Capture hardware.
- Fixed an intermittent crash when launching Vulkan applications.
- Fixed an intermittent crash when launching applications through Wine.
- Fixed a bug that caused the driver, in some low bandwidth DisplayPort
configurations, to not implicitly enable display dithering. This
resulted in visible banding.
* (Closes: #884917)
.
[ Andreas Beckmann ]
* Convert packaging repository from SVN to GIT.
* Update nv-readme.ids.
* nvidia-detect: Drop support for wheezy(-lts) (EoL).
* Add NEWS entry for using the driver on Linux 4.16.16-1 or newer, which may
require the kernel boot option slab_common.usercopy_fallback=y as a
workaround. (See #901919 for details.)
* nvidia-drm-outputclass.conf: Prepend (in a backwards-compatible way)
ModulePath "/usr/lib/xorg/modules/linux"
since xserver 1.20 no longer does that.
(Closes: #900248, #900264, #900378, #900766)
.
nvidia-graphics-drivers (390.59-1) unstable; urgency=medium
.
* New upstream long lived branch release 390.59 (2018-05-16).
- Fixed intermittent hangs of fullscreen Vulkan applications when focused
away (e.g., by using the alt-tab key combination) on non-composited
desktops.
- Added support for the following GPUs:
GeForce GTX 1050 with Max-Q Design, Tesla V100-FHHL-16GB, Quadro P3200,
Quadro P4200.
.
[ Luca Boccassi ]
* Drop swiotlb.patch, fixed upstream.
* Update nv-readme.ids.
* Update symbols files.
* Add xorg-video-abi-24 as alternative dependency.
* Bump xserver-xorg-core dependency to << 2:1.20.99 for ABI 24.
(Closes: #900112, #902375)
.
nvidia-graphics-drivers (390.48-3) unstable; urgency=medium
.
* Prepare nvidia-detect for the upcoming nvidia-legacy-390xx packages.
* Prepare for the removal of i386/armhf support in 396.xx.
* Support renamed variants of libnvidia-egl-wayland1/nvidia-egl-wayland-icd
in legacy drivers.
* Restrict watch file to releases from the 390.xx legacy branch.
.
nvidia-graphics-drivers (390.48-2) unstable; urgency=medium
.
[ Luca Boccassi ]
* Fix loading nvidia kernel module on Linux 4.16 due to missing symbol.
(Closes: #895429)
.
[ Andreas Beckmann ]
* Bump Standards-Version to 4.1.4. No changes needed.
.
nvidia-graphics-drivers (390.48-1) unstable; urgency=medium
.
* New upstream long lived branch release 390.48 (2018-03-28).
* Fixed CVE-2018-6249, CVE-2018-6253. (Closes: #894338)
https://nvidia.custhelp.com/app/answers/detail/a_id/4649
- Added support for the following GPUs: Quadro GV100,
Tesla V100-SXM2-32GB, Tesla V100-PCIE-32GB, Tesla V100-DGXS-32GB.
- Updated the driver to prevent G-SYNC from being enabled when a
Quadro Sync board is installed. G-SYNC and Quadro Sync were always
mutually incompatible features, and this change makes it easier to
use G-SYNC capable monitors on Quadro Sync configurations, as it is
now no longer necessary to manually disable G-SYNC.
- Further improved the fix for occasional flicker when using the X
driver's composition pipeline. This was mostly fixed in 390.42,
but now the fix should be more complete.
.
[ Luca Boccassi ]
* Update nv-readme.ids.
* Drop linux-4.15.patch, merged upstream.
.
[ Andreas Beckmann ]
* Merge changes from 384.130-1 (UNRELEASED).
* Update lintian overrides.
.
nvidia-graphics-drivers (390.42-1) unstable; urgency=medium
.
* New upstream long lived branch release 390.42 (2018-03-12).
- Fixed a regression, introduced in 390.12, that caused occasional
flicker when using the X driver's composition pipeline, for
example when using screen transformations like rotation, or the
"ForceCompositionPipeline" or "ForceFullCompositionPipeline"
options."
.
[ Andreas Beckmann ]
* Install the renamed GLVND libraries and add SONAME symlinks.
* Update symbols files.
* Add linux-4.15 patch from Archlinux. (Closes: #892413)
* Remove obsolete bits from README.source.
.
nvidia-graphics-drivers (390.25-2) unstable; urgency=medium
.
* Merge changes from 387.34-4.
* Upload to unstable.
.
nvidia-graphics-drivers (390.25-1) experimental; urgency=medium
.
* New upstream long lived branch release 390.25 (2018-01-29).
- Fixed a regression introduced in 390.12 that prevented displays from
working normally when running multiple X screens with emulated overlays.
- Added support for the following GPUs: GeForce GTX 1060 5GB, Quadro P620.
- Fixed a regression introduced in 390.12 that caused occasional hangs and
hard lockup messages in the system log when screen transformations are in
use.
* (Closes: #872988)
.
[ Luca Boccassi ]
* Update nv-readme.ids.
* Update symbols files.
* Refresh nvidia-use-ARCH.o_binary.patch to remove fuzz.
.
[ Andreas Beckmann ]
* libcuda1: Add Provides: libcuda-9.1-1{,-i386}.
* Merge changes from 384.111-4.
* nvidia-detect: Report devices only supported on amd64.
* nvidia-detect: Add PCI ID list for 384.111 in stretch.
.
nvidia-graphics-drivers (390.12-1) experimental; urgency=medium
.
* New upstream beta 390.12 (2018-01-04).
* Fixed CVE-2017-5753, CVE-2017-5715 (spectre), CVE-2017-5754 (meltdown).
https://nvidia.custhelp.com/app/answers/detail/a_id/4611
(Closes: #886852)
- Added new application profile settings, "EGLVisibleDGPUDevices" and
"EGLVisibleTegraDevices", to control which discrete and Tegra GPU
devices, respectively, may be enumerated by EGL. See the "Application
Profiles" appendix of the driver README for more details.
- Corrected the SONAME of the copy of the libnvidia-egl-wayland library
included in the .run installer package to libnvidia-egl-wayland.so.1.
The SONAME had previously been versioned incorrectly with the full
version number of the library.
- Updated nvidia.ko to veto the ACPI_VIDEO_NOTIFY_PROBE event on
kernels that allow the handler for this event to be overridden,
to improve interaction between the NVIDIA driver and acpi_video
on display hotplug events.
- Fixed a bug that prevented Xinerama Info from being handled properly
in SLI or Base Mosaic layouts with more than 24 displays.
- Updated the X driver's composition pipeline (used for rotation,
warp and blend, transformation matrices, etc) to also support stereo.
- Fixed a bug where GetTexSubImage() would read incorrect data into
a pixel buffer object when supplied with a target of
GL_TEXTURE_1D_ARRAY and a non-zero yoffset value.
- Added support for generic active stereo with in-band DisplayPort
signaling. The X configuration option "InbandStereoSignaling" is
deprecated in favor of this stereo mode. See "Appendix B. X Config
Options" in the README for more information.
- Modified the driver to avoid restoring framebuffer console modes
on virtual reality head-mounted displays.
* New upstream release 387 series.
- Added support for the following GPUs: TITAN Xp COLLECTORS EDITION,
GeForce GTX 1070 Ti, TITAN V [amd64].
- Fixed a bug that could cause a system crash when using the new
NVreg_EnableBacklightHandler kernel module parameter on GPUs with no
displays connected.
.
[ Luca Boccassi ]
* Update nv-readme.ids.
* Update symbols files.
* Update lintian overrides.
.
[ Andreas Beckmann ]
* Split nv-readme.ids into nv-readme.ids.common and nv-readme.ids.$ARCH, the
Volta GPUs (VDPAU feature set I), e.g. Tesla V100 and Titan V, are only
supported on amd64.
* Upload to experimental.
.
nvidia-graphics-drivers (387.34-4) unstable; urgency=medium
.
* libcuda1: Add Provides: libcuda-9.1-1{,-i386}.
* nvidia-modprobe.conf: Consistently handle nvidia-modeset.
* Merge changes from 384.111-4 (unstable), 384.111-4~deb9u1 (stretch).
* Update lintian overrides.
* Upload to unstable.
.
nvidia-graphics-drivers (387.34-3) experimental; urgency=medium
.
[ Luca Boccassi ]
* Add timer.patch to fix kernel module build for Linux 4.15 and newer.
.
[ Andreas Beckmann ]
* Merge changes from 384.111-1.
* Restrict watch file to releases from the 387.xx short lived branch.
.
nvidia-graphics-drivers (387.34-2) experimental; urgency=medium
.
* Support easier and consistent switching between GLVND/non-GLVND variants.
* nvidia-driver-libs{,-i386}: Depend only on the GLVND variants.
* nvidia-driver-libs-nonglvnd{,-i386}: New metapackages depending only on
the non-GLVND variants. (Closes: #864497)
* Stop shipping the classic libnvidia-tls.so.* and ship the modern one (for
Linux 2.6 onwards) in the regular libdir instead of the tls/ subdir.
(Closes: #883615)
* Add #tls# substitution for the tls/ source directory.
* Bump Standards-Version to 4.1.2. No changes needed.
.
nvidia-graphics-drivers (387.34-1) experimental; urgency=medium
.
* New upstream short lived branch release 387.34 (2017-11-24).
(Closes: #881164)
- Fixed a bug that caused Vulkan X11 swapchains to fail on GPUs without a
display engine, such as some Tesla-branded graphics cards and some Optimus
laptops.
- Fixed a bug that caused fullscreen Vulkan applications to hang on some
Kepler GPUs, such as the GeForce GTX 680.
- Fixed a bug where the G-SYNC indicator was reporting "normal" instead
of "G-SYNC" on Vulkan applications when G-SYNC was enabled.
* New upstream short lived branch release 387.22 (2017-10-30).
- Fixed a regression that could cause driver errors when setting modes
that include DisplayPort Multi-Stream Transport devices.
- Added an nvidia.ko kernel module parameter, NVreg_EnableBacklightHandler,
which can be used to enable experimental handling of laptop backlight
brightness through /sys/class/backlight/. This handler overrides the
ACPI-based one provided by the video.ko kernel module.
NVreg_EnableBacklightHandler is disabled by default.
- Added G-SYNC to all supported Vulkan swapchains for Maxwell and up.
G-SYNC is enabled by default when using G-SYNC-ready monitors. For
direct-to-display swapchains, an application profile with "GLGSYNCAllowed"
setting set to 'false' can be used to disable this feature:
{
"rules" : [
{ "pattern" : [], "profile" : [ "GLGSYNCAllowed", false ] }
]
}
* New upstream beta 387.12 (2017-10-03).
- Fixed a regression that caused some display connectors on some GPUs to not
report a connected HDMI or DisplayPort audio device even if the connected
monitor supports audio.
- Fixed a race condition that could lead to crashes when OpenGL programs
manipulated vertex buffer objects from multiple threads simultaneously.
- Improved performance of fullscreen Vulkan applications using X11
swapchains. This optimization will cause more events that trigger
an out-of-date swapchain, such as when entering or leaving
fullscreen mode. (This is commonly encountered when using the
alt-tab key combination, for example.) Applications that do not
properly respond to the VK_ERROR_OUT_OF_DATE_KHR return code may
not function properly when these events occur. See section 30.8
of the Vulkan specification.
- Added support for YUV 4:2:0 compression for monitors connected via
DisplayPort in configurations where either the display or GPU is
incapable of driving the current mode in RGB 4:4:4. See the
description in the "Programming Modes" appendix for details.
- Added framebuffer console hot plug handling to nvidia-modeset.
Note that hot plugging is only handled when nvidia-modeset is initialized;
for example, when Xorg or nvidia-persistenced is running or when
nvidia-drm is loaded with the "modeset=1" parameter.
- Added an "AllowGSYNC" MetaMode attribute that can be used to disable
G-SYNC completely. This can be use to allow enabling features that are
incompatible with G-SYNC, such as Ultra Low Motion Blur or Frame Lock.
- Fixed several problems that prevented the "cc_version_check" sanity
test from running correctly when building the NVIDIA kernel modules.
As these problems would have masked mismatches between the compiler
versions used to build the kernel and the NVIDIA kernel modules for
an extended period of time, nvidia-installer has been updated to
ignore CC version mismatches by default when they are detected.
- Tiled monitors formerly resulted in a separate Xinerama screen being
reported for each tile. They will now, by default, be combined into a
single large Xinerama screen.
- The individual panels in a tiled monitor will now be arranged based
on the layout information provided in the monitor's EDID. This can be
overridden by either manually specifying offsets or using the
"MetaModeOrientation" option.
- Disabled interlaced modes over DisplayPort by default due to incomplete
support in the GPU. Added "AllowDpInterlaced" mode validation token to
override this default behavior and allow interlaced modes over
DisplayPort protocol anyway.
.
[ Luca Boccassi ]
* Update d/copyright with new 6.3 paragraph in NVIDIA's license, which warns
that the drivers are licensed for usage with NVIDIA hardware.
* Drop nvidia-drm-crtc.patch, fixed upstream, and refresh
nvidia-drm-master-dev.patch and use-kbuild-compiler.patch to remove fuzz.
* Adjust filenames for new minor ABI revision of libnvidia-egl-wayland1
(libnvidia-egl-wayland.so.1.0.1 -> libnvidia-egl-wayland.so.1.0.2).
* Update symbols files.
* Update nv-readme.ids.
* Refresh nvidia-use-ARCH.o_binary.patch to remove fuzz from 387.22.
.
[ Andreas Beckmann ]
* Update lintian overrides.
* Upload to experimental.
nvidia-graphics-drivers (390.87-8~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
nvidia-graphics-drivers (390.87-8) unstable; urgency=medium
.
* Tune more package relationships to prevent that installing packages from
nvidia-graphics-drivers-legacy-390xx driver pulls in packages from
nvidia-graphics-drivers via Recommends.
.
nvidia-graphics-drivers (390.87-7) unstable; urgency=medium
.
* Updated French (fr) debconf translations by Quentin Lejard.
(Closes: #920940)
* Use d/control.md5sum to keep track of d/control being up-to-date.
* Tune package relationships to prevent that installing packages from
nvidia-graphics-drivers-legacy-390xx driver pulls in packages from
nvidia-graphics-drivers via Recommends.
* Drop versioned constraints that are satisfied in wheezy.
* Drop versioned constraints that are satisfied in jessie.
nvidia-graphics-drivers (390.87-7) unstable; urgency=medium
.
* Updated French (fr) debconf translations by Quentin Lejard.
(Closes: #920940)
* Use d/control.md5sum to keep track of d/control being up-to-date.
* Tune package relationships to prevent that installing packages from
nvidia-graphics-drivers-legacy-390xx driver pulls in packages from
nvidia-graphics-drivers via Recommends.
* Drop versioned constraints that are satisfied in wheezy.
* Drop versioned constraints that are satisfied in jessie.
nvidia-graphics-drivers (390.87-6) unstable; urgency=medium
.
[ Luca Boccassi ]
* Add ipmi-user.patch and vm-insert-pfn.patch to fix kernel module build for
Linux 4.20 and newer. (Closes: #917586)
* Update Swedish (sv) debconf translation. Thank you Martin Bagge!
(Closes: #918018)
.
[ Andreas Beckmann ]
* Switch to debhelper-compat (= 12).
nvidia-graphics-drivers (390.87-6~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
nvidia-graphics-drivers (390.87-6) unstable; urgency=medium
.
[ Luca Boccassi ]
* Add ipmi-user.patch and vm-insert-pfn.patch to fix kernel module build for
Linux 4.20 and newer. (Closes: #917586)
* Update Swedish (sv) debconf translation. Thank you Martin Bagge!
(Closes: #918018)
.
[ Andreas Beckmann ]
* Switch to debhelper-compat (= 12).
.
nvidia-graphics-drivers (390.87-5) unstable; urgency=medium
.
* Prefer KBUILD_LDFLAGS (used since 4.19) over LDFLAGS. (Closes: #916883)
* Work around update-alternatives bug #916799 and re-register the
alternative to clean-up leftover slaves.
* Bump Standards-Version to 4.3.0. No changes needed.
* Update lintian overrides.
nvidia-graphics-drivers (390.87-5) unstable; urgency=medium
.
* Prefer KBUILD_LDFLAGS (used since 4.19) over LDFLAGS. (Closes: #916883)
* Work around update-alternatives bug #916799 and re-register the
alternative to clean-up leftover slaves.
* Bump Standards-Version to 4.3.0. No changes needed.
* Update lintian overrides.
nvidia-graphics-drivers (390.87-4) unstable; urgency=medium
.
[ Andreas Beckmann ]
* Drop libnvidia-egl-wayland1, nvidia-egl-wayland-{common,icd} packages.
These will be provided by src:egl-wayland. (Closes: #915824)
* Add more Conflicts between GLVND/non-GLVND packages to smoothen some
install paths with --install-recommends enabled.
.
[ Philipp Kern ]
* debian/gen-control.pl: Generate debian/control from debian/control.in.
nvidia-graphics-drivers (390.87-4~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
nvidia-graphics-drivers (390.87-4) unstable; urgency=medium
.
[ Andreas Beckmann ]
* Drop libnvidia-egl-wayland1, nvidia-egl-wayland-{common,icd} packages.
These will be provided by src:egl-wayland. (Closes: #915824)
* Add more Conflicts between GLVND/non-GLVND packages to smoothen some
install paths with --install-recommends enabled.
.
[ Philipp Kern ]
* debian/gen-control.pl: Generate debian/control from debian/control.in.
.
nvidia-graphics-drivers (390.87-3) unstable; urgency=medium
.
* Make libgles-nvidia1 a full citizen again, libglvnd now builds libgles1.
* libnvidia-fatbinaryloader: Prevent co-installation with the same upstream
version of libnvidia-legacy-390xx-fatbinaryloader.
* Pass the private library directory to dh_shlibdeps using the -l option
instead of LD_LIBRARY_PATH, fixing FTBFS with dpkg 1.19.1.
* Add Build-Depends-Package to symbols files where appropriate and override
symbols-file-missing-build-depends-package-field elsewhere.
* Clean up and unify rule style in debian/rules.
* Add debian/rules targets for archiving the tarballs in a separate
repository using sparse checkouts and git-lfs as storage backend.
* Switch to debhelper-compat (= 11).
nvidia-graphics-drivers (390.87-3) unstable; urgency=medium
.
* Make libgles-nvidia1 a full citizen again, libglvnd now builds libgles1.
* libnvidia-fatbinaryloader: Prevent co-installation with the same upstream
version of libnvidia-legacy-390xx-fatbinaryloader.
* Pass the private library directory to dh_shlibdeps using the -l option
instead of LD_LIBRARY_PATH, fixing FTBFS with dpkg 1.19.1.
* Add Build-Depends-Package to symbols files where appropriate and override
symbols-file-missing-build-depends-package-field elsewhere.
* Clean up and unify rule style in debian/rules.
* Add debian/rules targets for archiving the tarballs in a separate
repository using sparse checkouts and git-lfs as storage backend.
* Switch to debhelper-compat (= 11).
nvidia-graphics-drivers (390.87-2) unstable; urgency=medium
.
* Reinstate cc_version_check-gcc5.patch. (Closes: #908568)
* nvidia-kernel-dkms.README.Debian: Document that using a mismatching
binutils version may result in modules failing to load with errors like
"Invalid module format", "Unknown rela relocation: 4".
nvidia-graphics-drivers (390.87-2~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
nvidia-graphics-drivers (390.87-2) unstable; urgency=medium
.
* Reinstate cc_version_check-gcc5.patch. (Closes: #908568)
* nvidia-kernel-dkms.README.Debian: Document that using a mismatching
binutils version may result in modules failing to load with errors like
"Invalid module format", "Unknown rela relocation: 4".
.
nvidia-graphics-drivers (390.87-1) unstable; urgency=medium
.
* New upstream long lived branch release 390.87 (2018-08-27).
- Fixed a resource leak introduced in the 390 series of drivers that could
lead to reduced performance after starting and stopping several OpenGL
and/or Vulkan applications.
.
[ Luca Boccassi ]
* Update nv-readme.ids.
* Add drm-mode.patch to fix nvidia-drm build for Linux 4.19.
(Closes: #908359)
.
[ Andreas Beckmann ]
* Remove cc_version_check-gcc5.patch and re-enable strict version checks,
using mismatching compiler versions may create unloadable modules due to
unsupported relocations.
* Refresh patches.
* Synchronize the module build debhelper sequence with debhelper 10.
* Bump Standards-Version to 4.2.1. No changes needed.
nvidia-graphics-drivers (390.87-1) unstable; urgency=medium
.
* New upstream long lived branch release 390.87 (2018-08-27).
- Fixed a resource leak introduced in the 390 series of drivers that could
lead to reduced performance after starting and stopping several OpenGL
and/or Vulkan applications.
.
[ Luca Boccassi ]
* Update nv-readme.ids.
* Add drm-mode.patch to fix nvidia-drm build for Linux 4.19.
(Closes: #908359)
.
[ Andreas Beckmann ]
* Remove cc_version_check-gcc5.patch and re-enable strict version checks,
using mismatching compiler versions may create unloadable modules due to
mismatching symvers.
* Refresh patches.
* Synchronize the module build debhelper sequence with debhelper 10.
* Bump Standards-Version to 4.2.1. No changes needed.
nvidia-graphics-drivers (390.77-1) unstable; urgency=medium
.
* New upstream long lived branch release 390.77 (2018-07-16).
- Improved compatibility with recent Linux kernels.
- Fixed an intermittent hang of Vulkan applications running fullscreen
when flipping is allowed.
- Removed informational messages that were printed by nvidia-modeset.ko
whenever a GPU device was allocated or freed.
* New upstream release 367 series.
- Updated the OpenGL driver to allow the use of integer format (SINT/UINT)
color attachments with depth attachments in Frame Buffer Objects.
nvidia-graphics-drivers (390.77-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
* Use vulkan from stretch-backports.
.
nvidia-graphics-drivers (390.77-1) unstable; urgency=medium
.
* New upstream long lived branch release 390.77 (2018-07-16).
- Improved compatibility with recent Linux kernels.
- Fixed an intermittent hang of Vulkan applications running fullscreen
when flipping is allowed.
- Removed informational messages that were printed by nvidia-modeset.ko
whenever a GPU device was allocated or freed.
* New upstream release 367 series.
- Updated the OpenGL driver to allow the use of integer format (SINT/UINT)
color attachments with depth attachments in Frame Buffer Objects.
.
nvidia-graphics-drivers (390.67-3) unstable; urgency=medium
.
[ Luca Boccassi ]
* Add drm_control_allow.patch to fix kernel module build for Linux 4.18 and
newer.
.
[ Andreas Beckmann ]
* The libGLX_indirect.so.0 alternative is now handled by glx-alternatives.
* Bump Standards-Version to 4.1.5. No changes needed.
nvidia-graphics-drivers (390.67-3) unstable; urgency=medium
.
[ Luca Boccassi ]
* Add drm_control_allow.patch to fix kernel module build for Linux 4.18 and
newer.
.
[ Andreas Beckmann ]
* The libGLX_indirect.so.0 alternative is now handled by glx-alternatives.
* Bump Standards-Version to 4.1.5. No changes needed.
nvidia-graphics-drivers (390.67-2) unstable; urgency=high
.
* Add kmem_cache_create_usercopy.patch from Red Hat, fixing "Bad or missing
usercopy whitelist? Kernel memory exposure attempt detected from SLUB
object 'nvidia_stack_cache'" on Linux kernels that have disabled
CONFIG_HARDENED_USERCOPY_FALLBACK (i.e. linux-image-4.16.0-2-* or newer).
(Closes: #901919)
nvidia-graphics-drivers (390.67-2~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
* Use libglvnd and MESA from stretch-backports.
.
nvidia-graphics-drivers (390.67-2) unstable; urgency=high
.
* Add kmem_cache_create_usercopy.patch from Red Hat, fixing "Bad or missing
usercopy whitelist? Kernel memory exposure attempt detected from SLUB
object 'nvidia_stack_cache'" on Linux kernels that have disabled
CONFIG_HARDENED_USERCOPY_FALLBACK (i.e. linux-image-4.16.0-2-* or newer).
(Closes: #901919)
.
nvidia-graphics-drivers (390.67-1) unstable; urgency=medium
.
* New upstream long lived branch release 390.67 (2018-06-05).
- Fixed a bug that could cause kernel panics when using Quadro SDI
Capture hardware.
- Fixed an intermittent crash when launching Vulkan applications.
- Fixed an intermittent crash when launching applications through Wine.
- Fixed a bug that caused the driver, in some low bandwidth DisplayPort
configurations, to not implicitly enable display dithering. This
resulted in visible banding.
.
[ Andreas Beckmann ]
* Convert packaging repository from SVN to GIT.
* Update nv-readme.ids.
* nvidia-detect: Drop support for wheezy(-lts) (EoL).
* Add NEWS entry for using the driver on Linux 4.16.16-1 or newer, which may
require the kernel boot option slab_common.usercopy_fallback=y as a
workaround. (See #901919 for details.)
* nvidia-drm-outputclass.conf: Prepend (in a backwards-compatible way)
ModulePath "/usr/lib/xorg/modules/linux"
since xserver 1.20 no longer does that.
(Closes: #900248, #900264, #900378, #900766)
.
nvidia-graphics-drivers (390.59-1) unstable; urgency=medium
.
* New upstream long lived branch release 390.59 (2018-05-16).
- Fixed intermittent hangs of fullscreen Vulkan applications when focused
away (e.g., by using the alt-tab key combination) on non-composited
desktops.
- Added support for the following GPUs:
GeForce GTX 1050 with Max-Q Design, Tesla V100-FHHL-16GB, Quadro P3200,
Quadro P4200.
.
[ Luca Boccassi ]
* Drop swiotlb.patch, fixed upstream.
* Update nv-readme.ids.
* Update symbols files.
* Add xorg-video-abi-24 as alternative dependency.
* Bump xserver-xorg-core dependency to << 2:1.20.99 for ABI 24.
(Closes: #900112)
.
nvidia-graphics-drivers (390.48-4) UNRELEASED; urgency=medium
.
* Stop building lib*-glvnd-nvidia, now built from the 390xx legacy driver.
* Switch to debhelper compat level 11.
.
nvidia-graphics-drivers (390.48-3) unstable; urgency=medium
.
* Prepare nvidia-detect for the upcoming nvidia-legacy-390xx packages.
* Prepare for the removal of i386/armhf support in 396.xx.
* Support renamed variants of libnvidia-egl-wayland1/nvidia-egl-wayland-icd
in legacy drivers.
* Restrict watch file to releases from the 390.xx legacy branch.
nvidia-graphics-drivers (390.67-1) unstable; urgency=medium
.
* New upstream long lived branch release 390.67 (2018-06-05).
- Fixed a bug that could cause kernel panics when using Quadro SDI
Capture hardware.
- Fixed an intermittent crash when launching Vulkan applications.
- Fixed an intermittent crash when launching applications through Wine.
- Fixed a bug that caused the driver, in some low bandwidth DisplayPort
configurations, to not implicitly enable display dithering. This
resulted in visible banding.
.
[ Andreas Beckmann ]
* Convert packaging repository from SVN to GIT.
* Update nv-readme.ids.
* nvidia-detect: Drop support for wheezy(-lts) (EoL).
* Add NEWS entry for using the driver on Linux 4.16.16-1 or newer, which may
require the kernel boot option slab_common.usercopy_fallback=y as a
workaround. (See #901919 for details.)
* nvidia-drm-outputclass.conf: Prepend (in a backwards-compatible way)
ModulePath "/usr/lib/xorg/modules/linux"
since xserver 1.20 no longer does that.
(Closes: #900248, #900264, #900378, #900766)
nvidia-graphics-drivers (390.59-1) unstable; urgency=medium
.
* New upstream long lived branch release 390.59 (2018-05-16).
- Added support for the following GPUs: GeForce GTX 1050 with Max-Q Design,
Tesla V100-FHHL-16GB, Quadro P3200, Quadro P4200.
.
[ Andreas Beckmann ]
* Stop building lib*-glvnd-nvidia, now built from the 390xx legacy driver.
* Switch to debhelper compat level 11.
.
[ Luca Boccassi ]
* Drop swiotlb.patch, fixed upstream.
* Update nv-readme.ids.
* Update symbols files.
* Add xorg-video-abi-24 as alternative dependency.
* Bump xserver-xorg-core dependency to << 2:1.20.99 for ABI 24.
(Closes: #900112)
nvidia-graphics-drivers (390.48-3) unstable; urgency=medium
.
* Prepare nvidia-detect for the upcoming nvidia-legacy-390xx packages.
* Prepare for the removal of i386/armhf support in 396.xx.
* Support renamed variants of libnvidia-egl-wayland1/nvidia-egl-wayland-icd
in legacy drivers.
* Restrict watch file to releases from the 390.xx legacy branch.
nvidia-graphics-drivers (390.48-2) unstable; urgency=medium
.
[ Luca Boccassi ]
* Fix loading nvidia kernel module on Linux 4.16 due to missing symbol.
(Closes: #895429)
.
[ Andreas Beckmann ]
* Bump Standards-Version to 4.1.4. No changes needed.
nvidia-graphics-drivers (390.48-2~bpo9+3) stretch-backports; urgency=medium
.
* Add Conflicts against glvnd-aware MESA >= 17 from stretch-backports.
* Fix some upgrade issues from older versions in stretch.
nvidia-graphics-drivers (390.48-2~bpo9+2) stretch-backports; urgency=medium
.
* Disable alternative dependencies and add Conflicts against libglvnd from
stretch-backports.
nvidia-graphics-drivers (390.48-2~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
nvidia-graphics-drivers (390.48-2) unstable; urgency=medium
.
[ Luca Boccassi ]
* Fix loading nvidia kernel module on Linux 4.16 due to missing symbol.
(Closes: #895429)
.
[ Andreas Beckmann ]
* Bump Standards-Version to 4.1.4. No changes needed.
.
nvidia-graphics-drivers (390.48-1) unstable; urgency=medium
.
* New upstream long lived branch release 390.48 (2018-03-28).
* Fixed CVE-2018-6249, CVE-2018-6253.
https://nvidia.custhelp.com/app/answers/detail/a_id/4649
(Closes: #894338)
- Added support for the following GPUs: Quadro GV100, Tesla
V100-SXM2-32GB, Tesla V100-PCIE-32GB, Tesla V100-DGXS-32GB.
- Updated the driver to prevent G-SYNC from being enabled when a
Quadro Sync board is installed. G-SYNC and Quadro Sync were always
mutually incompatible features, and this change makes it easier to
use G-SYNC capable monitors on Quadro Sync configurations, as it is
now no longer necessary to manually disable G-SYNC.
- Further improved the fix for occasional flicker when using the X
driver's composition pipeline. This was mostly fixed in 390.42,
but now the fix should be more complete.
.
[ Luca Boccassi ]
* Update nv-readme.ids.
* Drop linux-4.15.patch, merged upstream.
.
[ Andreas Beckmann ]
* Merge changes from 384.130-1 (UNRELEASED).
* Update lintian overrides.
.
nvidia-graphics-drivers (390.42-1) unstable; urgency=medium
.
* New upstream long lived branch release 390.42 (2018-03-12).
- Fixed a regression, introduced in 390.12, that caused occasional
flicker when using the X driver's composition pipeline, for
example when using screen transformations like rotation, or the
"ForceCompositionPipeline" or "ForceFullCompositionPipeline"
options."
.
[ Andreas Beckmann ]
* Install the renamed GLVND libraries and add SONAME symlinks.
* Update symbols files.
* Add linux-4.15 patch from Archlinux. (Closes: #892413)
* Remove obsolete bits from README.source.
.
nvidia-graphics-drivers (390.25-2) unstable; urgency=medium
.
* Merge changes from 387.34-4.
* Upload to unstable.
.
nvidia-graphics-drivers (390.25-1) experimental; urgency=medium
.
* New upstream long lived branch release 390.25 (2018-01-29).
- Fixed a regression introduced in 390.12 that prevented displays from
working normally when running multiple X screens with emulated overlays.
- Added support for the following GPUs: GeForce GTX 1060 5GB, Quadro P620.
- Fixed a regression introduced in 390.12 that caused occasional hangs and
hard lockup messages in the system log when screen transformations are in
use.
.
[ Luca Boccassi ]
* Update nv-readme.ids.
* Update symbols files.
* Refresh nvidia-use-ARCH.o_binary.patch to remove fuzz.
.
[ Andreas Beckmann ]
* libcuda1: Add Provides: libcuda-9.1-1{,-i386}.
* Merge changes from 384.111-4.
* nvidia-detect: Report devices only supported on amd64.
* nvidia-detect: Add PCI ID list for 384.111 in stretch.
.
nvidia-graphics-drivers (390.12-1) experimental; urgency=medium
.
* New upstream beta 390.12 (2018-01-04).
* Fixed CVE-2017-5753, CVE-2017-5715 (spectre), CVE-2017-5754 (meltdown).
https://nvidia.custhelp.com/app/answers/detail/a_id/4611
(Closes: #886852)
- Added new application profile settings, "EGLVisibleDGPUDevices" and
"EGLVisibleTegraDevices", to control which discrete and Tegra GPU
devices, respectively, may be enumerated by EGL. See the "Application
Profiles" appendix of the driver README for more details.
- Corrected the SONAME of the copy of the libnvidia-egl-wayland library
included in the .run installer package to libnvidia-egl-wayland.so.1.
The SONAME had previously been versioned incorrectly with the full
version number of the library.
- Updated nvidia.ko to veto the ACPI_VIDEO_NOTIFY_PROBE event on
kernels that allow the handler for this event to be overridden,
to improve interaction between the NVIDIA driver and acpi_video
on display hotplug events.
- Fixed a bug that prevented Xinerama Info from being handled properly
in SLI or Base Mosaic layouts with more than 24 displays.
- Updated the X driver's composition pipeline (used for rotation,
warp and blend, transformation matrices, etc) to also support stereo.
- Fixed a bug where GetTexSubImage() would read incorrect data into
a pixel buffer object when supplied with a target of
GL_TEXTURE_1D_ARRAY and a non-zero yoffset value.
- Added support for generic active stereo with in-band DisplayPort
signaling. The X configuration option "InbandStereoSignaling" is
deprecated in favor of this stereo mode. See "Appendix B. X Config
Options" in the README for more information.
- Modified the driver to avoid restoring framebuffer console modes
on virtual reality head-mounted displays.
* New upstream release 387 series.
- Added support for the following GPUs: TITAN Xp COLLECTORS EDITION,
GeForce GTX 1070 Ti, TITAN V [amd64].
- Fixed a bug that could cause a system crash when using the new
NVreg_EnableBacklightHandler kernel module parameter on GPUs with no
displays connected.
.
[ Luca Boccassi ]
* Update nv-readme.ids.
* Update symbols files.
* Update lintian overrides.
.
[ Andreas Beckmann ]
* Split nv-readme.ids into nv-readme.ids.common and nv-readme.ids.$ARCH, the
Volta GPUs (VDPAU feature set I), e.g. Tesla V100 and Titan V, are only
supported on amd64.
* Upload to experimental.
.
nvidia-graphics-drivers (387.34-4) unstable; urgency=medium
.
* libcuda1: Add Provides: libcuda-9.1-1{,-i386}.
* nvidia-modprobe.conf: Consistently handle nvidia-modeset.
* Merge changes from 384.111-4 (unstable), 384.111-4~deb9u1 (stretch).
* Update lintian overrides.
* Upload to unstable.
.
nvidia-graphics-drivers (387.34-3) experimental; urgency=medium
.
[ Luca Boccassi ]
* Add timer.patch to fix kernel module build on Linux 4.15 and newer.
.
[ Andreas Beckmann ]
* Merge changes from 384.111-1.
* Restrict watch file to releases from the 387.xx short lived branch.
.
nvidia-graphics-drivers (387.34-2) experimental; urgency=medium
.
* Support easier and consistent switching between GLVND/non-GLVND variants.
* nvidia-driver-libs{,-i386}: Depend only on the GLVND variants.
* nvidia-driver-libs-nonglvnd{,-i386}: New metapackages depending only on
the non-GLVND variants. (Closes: #864497)
* Stop shipping the classic libnvidia-tls.so.* and ship the modern one (for
Linux 2.6 onwards) in the regular libdir instead of the tls/ subdir.
(Closes: #883615)
* Add #tls# substitution for the tls/ source directory.
* Bump Standards-Version to 4.1.2. No changes needed.
.
nvidia-graphics-drivers (387.34-1) experimental; urgency=medium
.
* New upstream short lived branch release 387.34 (2017-11-24).
(Closes: #881164)
- Fixed a bug that caused Vulkan X11 swapchains to fail on GPUs without a
display engine, such as some Tesla-branded graphics cards and some Optimus
laptops.
- Fixed a bug that caused fullscreen Vulkan applications to hang on some
Kepler GPUs, such as the GeForce GTX 680.
- Fixed a bug where the G-SYNC indicator was reporting "normal" instead
of "G-SYNC" on Vulkan applications when G-SYNC was enabled.
* New upstream short lived branch release 387.22 (2017-10-30).
- Fixed a regression that could cause driver errors when setting modes
that include DisplayPort Multi-Stream Transport devices.
- Added an nvidia.ko kernel module parameter, NVreg_EnableBacklightHandler,
which can be used to enable experimental handling of laptop backlight
brightness through /sys/class/backlight/. This handler overrides the
ACPI-based one provided by the video.ko kernel module.
NVreg_EnableBacklightHandler is disabled by default.
- Added G-SYNC to all supported Vulkan swapchains for Maxwell and up.
G-SYNC is enabled by default when using G-SYNC-ready monitors. For
direct-to-display swapchains, an application profile with "GLGSYNCAllowed"
setting set to 'false' can be used to disable this feature:
{
"rules" : [
{ "pattern" : [], "profile" : [ "GLGSYNCAllowed", false ] }
]
}
* New upstream beta 387.12 (2017-10-03).
- Fixed a regression that caused some display connectors on some GPUs to not
report a connected HDMI or DisplayPort audio device even if the connected
monitor supports audio.
- Fixed a race condition that could lead to crashes when OpenGL programs
manipulated vertex buffer objects from multiple threads simultaneously.
- Improved performance of fullscreen Vulkan applications using X11
swapchains. This optimization will cause more events that trigger
an out-of-date swapchain, such as when entering or leaving
fullscreen mode. (This is commonly encountered when using the
alt-tab key combination, for example.) Applications that do not
properly respond to the VK_ERROR_OUT_OF_DATE_KHR return code may
not function properly when these events occur. See section 30.8
of the Vulkan specification.
- Added support for YUV 4:2:0 compression for monitors connected via
DisplayPort in configurations where either the display or GPU is
incapable of driving the current mode in RGB 4:4:4. See the
description in the "Programming Modes" appendix for details.
- Added framebuffer console hot plug handling to nvidia-modeset.
Note that hot plugging is only handled when nvidia-modeset is initialized;
for example, when Xorg or nvidia-persistenced is running or when
nvidia-drm is loaded with the "modeset=1" parameter.
- Added an "AllowGSYNC" MetaMode attribute that can be used to disable
G-SYNC completely. This can be use to allow enabling features that are
incompatible with G-SYNC, such as Ultra Low Motion Blur or Frame Lock.
- Fixed several problems that prevented the "cc_version_check" sanity
test from running correctly when building the NVIDIA kernel modules.
As these problems would have masked mismatches between the compiler
versions used to build the kernel and the NVIDIA kernel modules for
an extended period of time, nvidia-installer has been updated to
ignore CC version mismatches by default when they are detected.
- Tiled monitors formerly resulted in a separate Xinerama screen being
reported for each tile. They will now, by default, be combined into a
single large Xinerama screen.
- The individual panels in a tiled monitor will now be arranged based
on the layout information provided in the monitor's EDID. This can be
overridden by either manually specifying offsets or using the
"MetaModeOrientation" option.
- Disabled interlaced modes over DisplayPort by default due to incomplete
support in the GPU. Added "AllowDpInterlaced" mode validation token to
override this default behavior and allow interlaced modes over
DisplayPort protocol anyway.
.
[ Luca Boccassi ]
* Update d/copyright with new 6.3 paragraph in NVIDIA's license, which warns
that the drivers are licensed for usage with NVIDIA hardware.
* Drop nvidia-drm-crtc.patch, fixed upstream, and refresh
nvidia-drm-master-dev.patch and use-kbuild-compiler.patch to remove fuzz.
* Adjust filenames for new minor ABI revision of libnvidia-egl-wayland1
(libnvidia-egl-wayland.so.1.0.1 -> libnvidia-egl-wayland.so.1.0.2).
* Update symbols files.
* Update nv-readme.ids.
* Refresh nvidia-use-ARCH.o_binary.patch to remove fuzz from 387.22.
.
[ Andreas Beckmann ]
* Update lintian overrides.
* Upload to experimental.
.
nvidia-graphics-drivers (384.130-1) stretch; urgency=medium
.
* New upstream long lived branch release 384.130 (2018-03-28).
* Fixed CVE-2018-6249, CVE-2018-6253.
https://nvidia.custhelp.com/app/answers/detail/a_id/4649
(Closes: #894338)
- Improved compatibility with recent Linux kernels.
- Fixed a string concatenation bug that caused libGL to accidentally try to
create the directory "$HOME.nv" rather than "$HOME/.nv" in some cases
where /tmp isn't accessible. (Closes: #888028)
- Increased the version numbers of the GLVND libGL, libGLESv1_CM,
libGLESv2, and libEGL libraries, to prevent concurrently installed
non-GLVND libraries from taking precedence in the dynamic linker
cache.
* New upstream release 340 series.
- Fixed a bug which could cause X servers that export a Video Driver
ABI earlier than 0.8 to crash when running X11 applications which
call XRenderAddTraps().
.
[ Luca Boccassi ]
* Install the renamed GLVND libraries and add SONAME symlinks.
.
[ Andreas Beckmann ]
* Bump the required glx-diversions/glx-alternative-nvidia version for the
renamed GLVND libraries.
* Upload to stretch
.
nvidia-graphics-drivers (384.111-4~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
* Relax the libvulkan1 (build-)dependency.
* Do not conflict with *-glvnd-nvidia, there is no libglvnd in stretch.
* Continue recommending the GLESv1 library for stretch.
.
nvidia-graphics-drivers (384.111-4) unstable; urgency=medium
.
* nvidia-kernel-{dkms,source}: Mention the supported architecture(s) in the
long Description.
* Use dh_missing --fail-missing.
* Update lintian overrides.
nvidia-graphics-drivers (390.48-1) unstable; urgency=medium
.
* New upstream long lived branch release 390.48 (2018-03-28).
* Fixed CVE-2018-6249, CVE-2018-625.
https://nvidia.custhelp.com/app/answers/detail/a_id/4649
(Closes: #894338)
- Added support for the following GPUs: Quadro GV100, Tesla
V100-SXM2-32GB, Tesla V100-PCIE-32GB, Tesla V100-DGXS-32GB.
- Updated the driver to prevent G-SYNC from being enabled when a
Quadro Sync board is installed. G-SYNC and Quadro Sync were always
mutually incompatible features, and this change makes it easier to
use G-SYNC capable monitors on Quadro Sync configurations, as it is
now no longer necessary to manually disable G-SYNC.
- Further improved the fix for occasional flicker when using the X
driver's composition pipeline. This was mostly fixed in 390.42,
but now the fix should be more complete.
.
[ Luca Boccassi ]
* Update nv-readme.ids.
* Drop linux-4.15.patch, merged upstream.
.
[ Andreas Beckmann ]
* Merge changes from 384.130-1 (UNRELEASED).
* Update lintian overrides.
nvidia-graphics-drivers (390.42-1) unstable; urgency=medium
.
* New upstream long lived branch release 390.42 (2018-03-12).
- Fixed a regression, introduced in 390.12, that caused occasional
flicker when using the X driver's composition pipeline, for
example when using screen transformations like rotation, or the
"ForceCompositionPipeline" or "ForceFullCompositionPipeline"
options."
* New upstream release 384 series.
- Fixed a string concatenation bug that caused libGL to accidentally try to
create the directory "$HOME.nv" rather than "$HOME/.nv" in some cases
where /tmp isn't accessible. (Closes: #888028)
- Increased the version numbers of the GLVND libGL, libGLESv1_CM,
libGLESv2, and libEGL libraries, to prevent concurrently installed
non-GLVND libraries from taking precedence in the dynamic linker
cache.
* Install the renamed GLVND libraries and add SONAME symlinks.
* Update symbols files.
* Add linux-4.15 patch from Archlinux. (Closes: #892413)
* Remove obsolete bits from README.source.
nvidia-graphics-drivers (390.25-2) unstable; urgency=medium
.
* Merge changes from 387.34-4.
* Upload to unstable.
nvidia-graphics-drivers (390.25-1) experimental; urgency=medium
.
* New upstream long lived branch release 390.25 (2018-01-29).
- Fixed a regression introduced in 390.12 that prevented displays from
working normally when running multiple X screens with emulated overlays.
- Added support for the following GPUs: GeForce GTX 1060 5GB, Quadro P620.
- Fixed a regression introduced in 390.12 that caused occasional hangs and
hard lockup messages in the system log when screen transformations are in
use.
* New upstream release 340 series.
- Fixed a bug which could cause X servers that export a Video Driver
ABI earlier than 0.8 to crash when running X11 applications which
call XRenderAddTraps().
.
[ Luca Boccassi ]
* Update nv-readme.ids.
* Update symbols files.
* Refresh nvidia-use-ARCH.o_binary.patch to remove fuzz.
.
[ Andreas Beckmann ]
* libcuda1: Add Provides: libcuda-9.1-1{,-i386}.
* Merge changes from 384.111-4.
* nvidia-detect: Report devices only supported on amd64.
* nvidia-detect: Add PCI ID list for 384.111 in stretch.
nvidia-graphics-drivers (390.12-1) experimental; urgency=medium
.
* New upstream beta 390.12 (2018-01-04).
* Fixed CVE-2017-5753, CVE-2017-5715 (spectre), CVE-2017-5754 (meltdown).
https://nvidia.custhelp.com/app/answers/detail/a_id/4611
(Closes: #886852)
- Added new application profile settings, "EGLVisibleDGPUDevices" and
"EGLVisibleTegraDevices", to control which discrete and Tegra GPU
devices, respectively, may be enumerated by EGL. See the "Application
Profiles" appendix of the driver README for more details.
- Corrected the SONAME of the copy of the libnvidia-egl-wayland library
included in the .run installer package to libnvidia-egl-wayland.so.1.
The SONAME had previously been versioned incorrectly with the full
version number of the library.
- Updated nvidia.ko to veto the ACPI_VIDEO_NOTIFY_PROBE event on
kernels that allow the handler for this event to be overridden,
to improve interaction between the NVIDIA driver and acpi_video
on display hotplug events.
- Fixed a bug that prevented Xinerama Info from being handled properly
in SLI or Base Mosaic layouts with more than 24 displays.
- Updated the X driver's composition pipeline (used for rotation,
warp and blend, transformation matrices, etc) to also support stereo.
- Fixed a bug where GetTexSubImage() would read incorrect data into
a pixel buffer object when supplied with a target of
GL_TEXTURE_1D_ARRAY and a non-zero yoffset value.
- Added support for generic active stereo with in-band DisplayPort
signaling. The X configuration option "InbandStereoSignaling" is
deprecated in favor of this stereo mode. See "Appendix B. X Config
Options" in the README for more information.
- Modified the driver to avoid restoring framebuffer console modes
on virtual reality head-mounted displays.
* New upstream release 387 series.
- Added support for the following GPUs: TITAN Xp COLLECTORS EDITION,
GeForce GTX 1070 Ti, TITAN V [amd64].
- Fixed a bug that could cause a system crash when using the new
NVreg_EnableBacklightHandler kernel module parameter on GPUs with no
displays connected.
.
[ Luca Boccassi ]
* Update nv-readme.ids.
* Update symbols files.
* Update lintian overrides.
.
[ Andreas Beckmann ]
* Split nv-readme.ids into nv-readme.ids.common and nv-readme.ids.$ARCH, the
GPUs with VDPAU feature set I, e.g. Tesla V100 and Titan V, are only
supported on amd64.
* Upload to experimental.
nvidia-graphics-drivers (387.34-4) unstable; urgency=medium
.
* libcuda1: Add Provides: libcuda-9.1-1{,-i386}.
* nvidia-modprobe.conf: Consistently handle nvidia-modeset.
* Merge changes from 384.111-4.
* Merge changes from 384.111-4~deb9u1 (stretch).
* Update lintian overrides.
* Upload to unstable.
nvidia-graphics-drivers (387.34-3) experimental; urgency=medium
.
[ Luca Boccassi ]
* Add timer.patch to fix kernel module build on Linux 4.15 and newer.
.
[ Andreas Beckmann ]
* Merge changes from 384.111-1.
* Restrict watch file to releases from the 387.xx long lived branch.
nvidia-graphics-drivers (387.34-2) experimental; urgency=medium
.
* Support easier and consistent switching between GLVND/non-GLVND variants.
* nvidia-driver-libs{,-i386}: Depend only on the GLVND variants.
* nvidia-driver-libs-nonglvnd{,-i386}: New metapackages depending only on
the non-GLVND variants. (Closes: #864497)
* Stop shipping the classic libnvidia-tls.so.* and ship the modern one (for
Linux 2.6 onwards) in the regular libdir instead of the tls/ subdir.
(Closes: #883615)
* Add #tls# substitution for the tls/ source directory.
* Bump Standards-Version to 4.1.2. No changes needed.
nvidia-graphics-drivers (387.34-1) experimental; urgency=medium
.
* New upstream short lived branch release 387.34 (2017-11-24).
- Fixed a bug that caused Vulkan X11 swapchains to fail on GPUs without a
display engine, such as some Tesla-branded graphics cards and some Optimus
laptops.
- Fixed a bug that caused fullscreen Vulkan applications to hang on some
Kepler GPUs, such as the GeForce GTX 680.
- Fixed a bug where the G-SYNC indicator was reporting "normal" instead
of "G-SYNC" on Vulkan applications when G-SYNC was enabled.
* New upstream short lived branch release 387.22 (2017-10-30).
- Fixed a regression that could cause driver errors when setting modes
that include DisplayPort Multi-Stream Transport devices.
- Added an nvidia.ko kernel module parameter, NVreg_EnableBacklightHandler,
which can be used to enable experimental handling of laptop backlight
brightness through /sys/class/backlight/. This handler overrides the
ACPI-based one provided by the video.ko kernel module.
NVreg_EnableBacklightHandler is disabled by default.
- Added G-SYNC to all supported Vulkan swapchains for Maxwell and up.
G-SYNC is enabled by default when using G-SYNC-ready monitors. For
direct-to-display swapchains, an application profile with "GLGSYNCAllowed"
setting set to 'false' can be used to disable this feature:
{
"rules" : [
{ "pattern" : [], "profile" : [ "GLGSYNCAllowed", false ] }
]
}
* New upstream beta 387.12 (2017-10-03).
- Fixed a regression that caused some display connectors on some GPUs to not
report a connected HDMI or DisplayPort audio device even if the connected
monitor supports audio.
- Fixed a race condition that could lead to crashes when OpenGL programs
manipulated vertex buffer objects from multiple threads simultaneously.
- Improved performance of fullscreen Vulkan applications using X11
swapchains. This optimization will cause more events that trigger
an out-of-date swapchain, such as when entering or leaving
fullscreen mode. (This is commonly encountered when using the
alt-tab key combination, for example.) Applications that do not
properly respond to the VK_ERROR_OUT_OF_DATE_KHR return code may
not function properly when these events occur. See section 30.8
of the Vulkan specification.
- Added support for YUV 4:2:0 compression for monitors connected via
DisplayPort in configurations where either the display or GPU is
incapable of driving the current mode in RGB 4:4:4. See the
description in the "Programming Modes" appendix for details.
- Added framebuffer console hot plug handling to nvidia-modeset.
Note that hot plugging is only handled when nvidia-modeset is initialized;
for example, when Xorg or nvidia-persistenced is running or when
nvidia-drm is loaded with the "modeset=1" parameter.
- Added an "AllowGSYNC" MetaMode attribute that can be used to disable
G-SYNC completely. This can be use to allow enabling features that are
incompatible with G-SYNC, such as Ultra Low Motion Blur or Frame Lock.
- Fixed several problems that prevented the "cc_version_check" sanity
test from running correctly when building the NVIDIA kernel modules.
As these problems would have masked mismatches between the compiler
versions used to build the kernel and the NVIDIA kernel modules for
an extended period of time, nvidia-installer has been updated to
ignore CC version mismatches by default when they are detected.
- Tiled monitors formerly resulted in a separate Xinerama screen being
reported for each tile. They will now, by default, be combined into a
single large Xinerama screen.
- The individual panels in a tiled monitor will now be arranged based
on the layout information provided in the monitor's EDID. This can be
overridden by either manually specifying offsets or using the
"MetaModeOrientation" option.
- Disabled interlaced modes over DisplayPort by default due to incomplete
support in the GPU. Added "AllowDpInterlaced" mode validation token to
override this default behavior and allow interlaced modes over
DisplayPort protocol anyway.
* New upstream release 384 series.
- Fixed a regression that prevented displays connected via some types of
passive adapters (e.g. DMS-59 to VGA or DVI) from working correctly.
The regression was introduced with driver version 384.98.
- Fixed a bug that caused Quadro M2200 GPUs to enter the lowest available
PowerMizer performance level when under load.
.
[ Luca Boccassi ]
* Update d/copyright with new 6.3 paragraph in Nvidia's license, which warns
that the drivers are licensed for usage with Nvidia hardware.
* Drop nvidia-drm-crtc.patch, fixed upstream, and refresh
nvidia-drm-master-dev.patch and use-kbuild-compiler.patch to remove fuzz.
* Adjust filenames for new minor ABI revision of libnvidia-egl-wayland1
(libnvidia-egl-wayland.so.1.0.1 -> libnvidia-egl-wayland.so.1.0.2).
* Update symbols files.
* Update nv-readme.ids.
* Refresh nvidia-use-ARCH.o_binary.patch to remove fuzz from 387.22.
.
[ Andreas Beckmann ]
* Update lintian overrides.
* Upload to experimental.
nvidia-modprobe (390.87-1~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
.
nvidia-modprobe (390.87-1) unstable; urgency=medium
.
* New upstream release.
* Bump Standards-Version to 4.3.0. No changes needed.
.
nvidia-modprobe (390.25-1) unstable; urgency=medium
.
* New upstream release.
nvidia-modprobe (390.87-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
nvidia-modprobe (390.87-1) unstable; urgency=medium
.
* New upstream release.
* Bump Standards-Version to 4.3.0. No changes needed.
.
nvidia-modprobe (390.25-1) unstable; urgency=medium
.
* New upstream release.
.
nvidia-modprobe (384.111-2~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
.
nvidia-modprobe (384.111-2) unstable; urgency=medium
.
* Add setuid.patch to run setuid(0) before forking modprobe to preserve
privileges through shell invocations and recursive modprobe calls.
Thanks to Hiromasa YOSHIMOTO for intensive debugging and the final patch!
(Closes: #888952)
* Add debian/upstream/metadata.
* Fix new Lintian issues.
* Switch Vcs-* URLs to salsa.debian.org.
nvidia-modprobe (390.25-1) unstable; urgency=medium
.
* New upstream release.
nvidia-modprobe (384.111-2) unstable; urgency=medium
.
* Add setuid.patch to run setuid(0) before forking modprobe to preserve
privileges through shell invocations and recursive modprobe calls.
Thanks to Hiromasa YOSHIMOTO for intensive debugging and the final patch!
(Closes: #888952)
* Add debian/upstream/metadata.
* Fix new Lintian issues.
* Switch Vcs-* URLs to salsa.debian.org.
nvidia-persistenced (390.87-1~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
.
nvidia-persistenced (390.87-1) unstable; urgency=medium
.
* New upstream release.
* Bump Standards-Version to 4.3.0. No changes needed.
.
nvidia-persistenced (390.25-1) unstable; urgency=medium
.
* New upstream release.
* Add debian/upstream/metadata.
* Fix new Lintian issues.
* Switch Vcs-* URLs to salsa.debian.org.
nvidia-persistenced (390.87-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
nvidia-persistenced (390.87-1) unstable; urgency=medium
.
* New upstream release.
* Bump Standards-Version to 4.3.0. No changes needed.
.
nvidia-persistenced (390.25-1) unstable; urgency=medium
.
* New upstream release.
* Add debian/upstream/metadata.
* Fix new Lintian issues.
* Switch Vcs-* URLs to salsa.debian.org.
.
nvidia-persistenced (384.111-1~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
nvidia-persistenced (390.25-1) unstable; urgency=medium
.
* New upstream release.
* Add debian/upstream/metadata.
* Fix new Lintian issues.
* Switch Vcs-* URLs to salsa.debian.org.
nvidia-persistenced (384.111-1) unstable; urgency=medium
.
* New upstream release.
* B-D: dpkg-dev (>= 1.18.8) for SOURCE_DATE_EPOCH in pkg-info.mk.
* Bump Standards-Version to 4.1.3. No changes needed.
nvidia-settings (390.87-1~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
* Revert to debhelper compat level 10.
.
nvidia-settings (390.87-1) unstable; urgency=medium
.
* New upstream release 390.87.
* Add Build-Depends-Package field to symbols file.
* Bump Standards-Version to 4.3.0. No changes needed.
.
nvidia-settings (390.67-1) unstable; urgency=medium
.
* New upstream release 390.67.
* Use reproducibility patches from upstream.
* Bump Standards-Version to 4.1.5. No changes needed.
.
nvidia-settings (390.48-2) unstable; urgency=medium
.
* Add Provides+Conflicts: nvidia-settings-gtk-${nvidia:Version} to prevent
file conflicts with the legacy package built from the same upstream
version.
* Use dh_missing --fail-missing.
.
nvidia-settings (390.48-1) unstable; urgency=medium
.
* New upstream release 390.48.
* Bump Standards-Version to 4.1.4. No changes needed.
* Switch to debhelper compat level 11.
.
nvidia-settings (390.25-1) unstable; urgency=medium
.
* New upstream release 390.25.
* Only build nvidia-settings on platforms where it is going to be used.
(Closes: #892184)
* Upload to unstable.
.
nvidia-settings (390.12-1) experimental; urgency=medium
.
* New upstream release 390.12.
- Updated the SLI Mosaic layout page in the nvidia-settings control
panel to support topologies with up to 32 displays.
- Added an OpenGL stereo preview feature to the screen page in
nvidia-settings.
* Merge changes from 384.111.
* Upload to experimental.
.
nvidia-settings (387.34-2) unstable; urgency=medium
.
* Generate the GTK3|GTK2 dependency dynamically. (Closes: #885709)
* Merge changes from 384.111-1 (unstable), 384.111-1~deb9u1 (stretch).
* Add debian/upstream/metadata.
* Fix new Lintian issues.
* Switch Vcs-* URLs to salsa.debian.org.
* Upload to unstable.
.
nvidia-settings (387.34-1) experimental; urgency=medium
.
* New upstream release 387.34.
* New upstream release 387.12.
- Fixed a bug that sometimes prevented the "Reset Default Configuration"
button in the nvidia-settings "ECC Settings" page from being available
when the ECC configuration is set to a non-default state.
- Fixed a bug that caused nvidia-settings to enforce overly aggressive
limits on display positions in the "X Server Display Configuration"
page under some circumstances.
- Fixed a bug that could cause the "Enable Base Mosaic (Surround)"
checkbox in nvidia-settings to disappear when an X screen, rather than
a display, is selected in the "X Server Display Configuration" page.
- Fixed a bug that caused the nvidia-settings control panel to retain
some settings that had been applied, but not confirmed. This resulted
in unwanted settings being applied to subsequent settings changes.
* Refresh patches.
* Bump Standards-Version to 4.1.2. No changes needed.
* Upload to experimental.
nvidia-settings (390.87-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
nvidia-settings (390.87-1) unstable; urgency=medium
.
* New upstream release 390.87.
* Add Build-Depends-Package field to symbols file.
* Bump Standards-Version to 4.3.0. No changes needed.
.
nvidia-settings (390.67-1) unstable; urgency=medium
.
* New upstream release 390.67.
* Use reproducibility patches from upstream.
* Bump Standards-Version to 4.1.5. No changes needed.
nvidia-settings (390.67-1) unstable; urgency=medium
.
* New upstream release 390.67.
* Use reproducibility patches from upstream.
* Bump Standards-Version to 4.1.5. No changes needed.
nvidia-settings (390.48-2) unstable; urgency=medium
.
* Add Provides+Conflicts: nvidia-settings-gtk-${nvidia:Version} to prevent
file conflicts with the legacy package built from the same upstream
version.
* Use dh_missing --fail-missing.
nvidia-settings (390.48-2~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
nvidia-settings (390.48-2) unstable; urgency=medium
.
* Add Provides+Conflicts: nvidia-settings-gtk-${nvidia:Version} to prevent
file conflicts with the legacy package built from the same upstream
version.
* Use dh_missing --fail-missing.
.
nvidia-settings (390.48-1) unstable; urgency=medium
.
* New upstream release 390.48.
* Bump Standards-Version to 4.1.4. No changes needed.
* Switch to debhelper compat level 11.
.
nvidia-settings (390.25-1) unstable; urgency=medium
.
* New upstream release 390.25.
* Only build nvidia-settings on platforms where it is going to be used.
(Closes: #892184)
* Upload to unstable.
.
nvidia-settings (390.12-1) experimental; urgency=medium
.
* New upstream release 390.12.
- Updated the SLI Mosaic layout page in the nvidia-settings control
panel to support topologies with up to 32 displays.
- Added an OpenGL stereo preview feature to the screen page in
nvidia-settings.
* Merge changes from 384.111.
* Upload to experimental.
.
nvidia-settings (387.34-2) unstable; urgency=medium
.
* Generate the GTK3|GTK2 dependency dynamically. (Closes: #885709)
* Merge changes from 384.111-1 (unstable), 384.111-1~deb9u1 (stretch).
* Add debian/upstream/metadata.
* Fix new Lintian issues.
* Switch Vcs-* URLs to salsa.debian.org.
* Upload to unstable.
.
nvidia-settings (387.34-1) experimental; urgency=medium
.
* New upstream release 387.34.
* New upstream release 387.12.
- Fixed a bug that sometimes prevented the "Reset Default Configuration"
button in the nvidia-settings "ECC Settings" page from being available
when the ECC configuration is set to a non-default state.
- Fixed a bug that caused nvidia-settings to enforce overly aggressive
limits on display positions in the "X Server Display Configuration"
page under some circumstances.
- Fixed a bug that could cause the "Enable Base Mosaic (Surround)"
checkbox in nvidia-settings to disappear when an X screen, rather than
a display, is selected in the "X Server Display Configuration" page.
- Fixed a bug that caused the nvidia-settings control panel to retain
some settings that had been applied, but not confirmed. This resulted
in unwanted settings being applied to subsequent settings changes.
* Refresh patches.
* Bump Standards-Version to 4.1.2. No changes needed.
* Upload to experimental.
.
nvidia-settings (384.111-1~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
nvidia-settings (390.48-1) unstable; urgency=medium
.
* New upstream release 390.48.
* Bump Standards-Version to 4.1.4. No changes needed.
* Switch to debhelper compat level 11.
nvidia-settings (390.25-1) unstable; urgency=medium
.
* New upstream release 390.25.
* Only build nvidia-settings on platforms where it is going to be used.
(Closes: #892184)
* Upload to unstable.
nvidia-settings (390.12-1) experimental; urgency=medium
.
* New upstream release 390.12.
- Updated the SLI Mosaic layout page in the nvidia-settings control
panel to support topologies with up to 32 displays.
- Added an OpenGL stereo preview feature to the screen page in
nvidia-settings.
* Merge changes from 384.111.
nvidia-settings (387.34-2) unstable; urgency=medium
.
* Generate the GTK3|GTK2 dependency dynamically. (Closes: #885709)
* Merge changes from 384.111-1 (unstable), 384.111-1~deb9u1 (stretch).
* Add debian/upstream/metadata.
* Fix new Lintian issues.
* Switch Vcs-* URLs to salsa.debian.org.
* Upload to unstable.
nvidia-settings (387.34-1) experimental; urgency=medium
.
* New upstream release 387.34.
* New upstream release 387.12.
- Fixed a bug that sometimes prevented the "Reset Default Configuration"
button in the nvidia-settings "ECC Settings" page from being available
when the ECC configuration is set to a non-default state.
- Fixed a bug that caused nvidia-settings to enforce overly aggressive
limits on display positions in the "X Server Display Configuration"
page under some circumstances.
- Fixed a bug that could cause the "Enable Base Mosaic (Surround)"
checkbox in nvidia-settings to disappear when an X screen, rather than
a display, is selected in the "X Server Display Configuration" page.
- Fixed a bug that caused the nvidia-settings control panel to retain
some settings that had been applied, but not confirmed. This resulted
in unwanted settings being applied to subsequent settings changes.
* Refresh patches.
* Bump Standards-Version to 4.1.2. No changes needed.
* Upload to experimental.
nvidia-settings (384.111-1) unstable; urgency=medium
.
* New upstream release 384.111.
* Bump Standards-Version to 4.1.3. No changes needed.
nvidia-xconfig (390.87-1~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
.
nvidia-xconfig (390.87-1) unstable; urgency=medium
.
* New upstream release.
* Bump Standards-Version to 4.3.0. No changes needed.
.
nvidia-xconfig (390.25-1) unstable; urgency=medium
.
* New upstream release.
.
nvidia-xconfig (387.34-1) unstable; urgency=medium
.
* New upstream release.
* Add debian/upstream/metadata.
* Fix new Lintian issues.
* Switch Vcs-* URLs to salsa.debian.org.
nvidia-xconfig (390.87-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
nvidia-xconfig (390.87-1) unstable; urgency=medium
.
* New upstream release.
* Bump Standards-Version to 4.3.0. No changes needed.
.
nvidia-xconfig (390.25-1) unstable; urgency=medium
.
* New upstream release.
.
nvidia-xconfig (387.34-1) unstable; urgency=medium
.
* New upstream release.
* Add debian/upstream/metadata.
* Fix new Lintian issues.
* Switch Vcs-* URLs to salsa.debian.org.
.
nvidia-xconfig (384.111-1~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
nvidia-xconfig (390.25-1) unstable; urgency=medium
.
* New upstream release.
nvidia-xconfig (387.34-1) unstable; urgency=medium
.
* New upstream release.
* Add debian/upstream/metadata.
* Fix new Lintian issues.
* Switch Vcs-* URLs to salsa.debian.org.
nvidia-xconfig (384.111-1) unstable; urgency=medium
.
* New upstream release.
* Bump Standards-Version to 4.1.3. No changes needed.
openni2 (2.2.0.33+dfsg-7+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Fix armhf baseline violation and armel FTBFS caused by NEON usage.
(Closes: #874220)
openssh (1:7.4p1-10+deb9u5) stretch; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2018-20685: disallow empty filenames or ones that refer to the current
directory (Closes: #919101)
* CVE-2019-6109: sanitize scp filenames via snmprintf (Closes: #793412)
* CVE-2019-6111: check in scp client that filenames sent during
remote->local directory copies satisfy the wildcards specified by the user
openssl (1.1.0j-1~deb9u1) stretch-security; urgency=medium
.
* Import 1.1.0j
- CVE-2018-0734 (Timing vulnerability in DSA signature generation)
- CVE-2018-0735 (Timing vulnerability in ECDSA signature generation)
- add new symbols
.
openssl (1.1.0i-1~deb9u1) stretch; urgency=medium
.
* Import 1.1.0i
- Fix segfault ERR_clear_error (Closes: #903566)
- Fix commandline option for CAengine (Closes: #907457)
- CVE-2018-0732 (Client DoS due to large DH parameter)
- CVE-2018-0737 (Cache timing vulnerability in RSA Key Generation)
* Abort the build if symbols are discovered which are not part of the
symbols file.
* use signing-key.asc and a https links for downloads
openssl (1.1.0h-4) unstable; urgency=medium
.
* Build the binary in indep mode again, so we can install the documentation
again.
* Drop @echo in flavour so it builds again on Alpha
* Add a 25-test_verify.t for autopkgtest which runs against intalled
openssl binary.
openssl (1.1.0h-3) unstable; urgency=medium
.
* Drop afalgeng on kfreebsd-* which go enabled because they inherit from
the linux target.
* Fix regression with session cache use by clients (See: #895035).
* openssl rehash: exit 0 on warnings, same as c_rehash (See: #895473 and
#895482).
* Fix debian-rules-sets-dpkg-architecture-variable.
* Let VCS-* point to salsa.d.o.
* Don't build the binary package in binary-indep mode.
* Update to policy 4.1.4
- only Suggest: libssl-doc instead Recommends (only documentation and
example code is shipped).
- drop Priority: important.
- use signing-key.asc and a https links for downloads
* Use compat 11.
- this moves the examples to /usr/share/doc/libssl-{doc->dev}/demos but it
seems to make sense.
* Fix CVE-2018-0737 (Closes: #895844).
openssl (1.1.0h-2) unstable; urgency=high
.
* Revert "only quote stuff that actually needs quoting" so c_rehash has the
quotes again (Closes: #894282).
openssl (1.1.0h-1) unstable; urgency=medium
.
* Abort the build if symbols are discovered which are not part of the
symbols file.
* Add config support for MIPS R6, patch by YunQiang Su (Closes: #882007).
* Enable afalgeng on Linux targets (Closes: #888305)
* Add riscv64 target (Closes: #891797).
* New upstream release 1.1.0h
- Drop applied patches:
aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-binut.patch
- Update symbols file.
- Fix CVE-2017-3738 (rsaz_1024_mul_avx2 overflow bug on x86_64)
- Fix CVE-2018-0733 (Incorrect CRYPTO_memcmp on HP-UX PA-RISC)
- Fix CVE-2018-0739 (Constructed ASN.1 types with a recursive definition
could exceed the stack)
* Correct lhash typo in header file (Closes: #892276).
openssl (1.1.0g-2) unstable; urgency=high
.
* Avoid problems with aes assembler on armhf using binutils 2.29
openssl (1.1.0g-1) unstable; urgency=medium
.
* New upstream version
- Fixes CVE-2017-3735
- Fixes CVE-2017-3736
* Remove patches applied upstream
* Temporary enable TLS 1.0 and 1.1 again (#875423)
* Attempt to fix testsuite race condition
* update no-symbolic.patch to apply
openssl (1.1.0f-5) unstable; urgency=medium
.
* Instead of completly disabling TLS 1.0 and 1.1, just set the minimum
version to TLS 1.2 by default. TLS 1.0 and 1.1 can be enabled again by
calling SSL_CTX_set_min_proto_version() or SSL_set_min_proto_version().
openssl (1.1.0f-4) unstable; urgency=medium
.
[ Sebastian Andrzej Siewior ]
* Add support for arm64ilp32, patch by Wookey (Closes: #867240)
.
[ Kurt Roeckx ]
* Disable TLS 1.0 and 1.1, leaving 1.2 as the only supported SSL/TLS
version. This will likely break things, but the hope is that by
the release of Buster everything will speak at least TLS 1.2. This will be
reconsidered before the Buster release.
* Fix a race condition in the test suite (Closes: #869856)
openssl1.0 (1.0.2q-1~deb9u1) stretch-security; urgency=medium
.
* use signing-key.asc and a https links for downloads
* Import 1.0.2q stable release.
- CVE-2018-0737 (Cache timing vulnerability in RSA Key Generation)
- CVE-2018-0732 (Client DoS due to large DH parameter)
- CVE-2018-0734 (Timing vulnerability in DSA signature generation)
- CVE-2018-5407 (Microarchitecture timing vulnerability in ECC scalar
multiplication)
openssl1.0 (1.0.2o-1) unstable; urgency=medium
.
* Add riscv64 (Closes: #891799).
* New upstream version 1.0.2o:
- Fixes CVE-2018-0739 (Constructed ASN.1 types with a recursive definition
could exceed the stack)
openssl1.0 (1.0.2n-1) unstable; urgency=medium
.
* New upstream version 1.0.2n
- drop patches which applied upstream:
- 0001-Fix-no-ssl3-build.patch
- 0001-aes-armv4-bsaes-armv7-sha256-armv4-.pl-make-it-work-.patch
- Fixes CVE-2017-3737 (Read/write after SSL object in error state)
- Fixes CVE-2017-3738 (rsaz_1024_mul_avx2 overflow bug on x86_64)
* move to gbp
* Abort the build if symbols are discovered which are not part of the
symbols file.
openssl1.0 (1.0.2m-3) unstable; urgency=medium
.
* Avoid problems with aes and sha256 assembler on armhf using binutils 2.29
openssl1.0 (1.0.2m-2) unstable; urgency=medium
.
* Fix no-ssl3-method build
openssl1.0 (1.0.2m-1) unstable; urgency=high
.
[ Kurt Roeckx ]
* New upstream version
- Fixes CVE-2017-3735
- Fixes CVE-2017-3736
.
[ Sebastian Andrzej Siewior]
* Add support for arm64ilp32, Patch by Wookey (Closes: #874709).
openvpn (2.4.0-6+deb9u3) stretch; urgency=medium
.
* Fix NCP behaviour on TLS reconnect, causing "AEAD Decrypt error: cipher
final failed" errors (Closes: #909430, #910937)
parsedatetime (2.1-3+deb9u1) stretch; urgency=medium
.
* Rebuild to add python3 version for certbot stable update.
pdns (4.0.3-1+deb9u3) stretch; urgency=medium
.
* Fix (security) bugs, partially using upstream patches:
* CVE-2018-1046 in dnsreplay (Closes: #898255)
* CVE-2018-10851 (Closes: #913163)
* MySQL queries with stored procedures (Closes: #889798)
* ldap, lua, opendbx backend not finding domains (Closes: #911659)
pdns-recursor (4.0.4-1+deb9u4) stretch; urgency=high
.
* Security upload for CVE-2018-10851 CVE-2018-14626 CVE-2018-14644.
perl (5.24.1-3+deb9u5) stretch-security; urgency=high
.
* [SECURITY] CVE-2018-18311: Integer overflow leading to buffer
overflow and segmentation fault
* [SECURITY] CVE-2018-18312: Heap-buffer-overflow write in S_regatom
(regcomp.c)
* [SECURITY] CVE-2018-18313: Heap-buffer-overflow read in regcomp.c
* [SECURITY] CVE-2018-18314: Heap-based buffer overflow in extended
character classes
photocollage (1.4.3-2.1~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
photocollage (1.4.3-2.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Add the missing dependency on gir1.2-gtk-3.0. (Closes: #914440)
php-pear (1:1.10.1+submodules+notgz-9+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Don't allow filenames to start with phar:// (CVE-2018-1000888)
(Closes: #919147)
php7.0 (7.0.33-0+deb9u1) stretch-security; urgency=high
.
* New upstream version 7.0.33
* Fixed security bugs:
+ [CVE-2018-19518]: imap_open() function command injection
+ [CVE-2018-14851]: heap-buffer-overflow (READ of size 48) while
reading exif data
+ [CVE-2018-14883]: Int Overflow lead to Heap OverFlow in
exif_thumbnail_extract of exif.c
+ [CVE-2018-17082]: XSS due to the header Transfer-Encoding: chunked
php7.0 (7.0.32-1) unstable; urgency=medium
.
* New upstream version 7.0.32
* Rebase patches for PHP 7.0.32
php7.0 (7.0.31-1) unstable; urgency=medium
.
[ Ondřej Surý ]
* New upstream version 7.0.31
* Fix the Vcs-Browser link
php7.0 (7.0.30-2) unstable; urgency=medium
.
* Update Vcs-* links to salsa.d.o
* Update maintainer address to team+pkg-php@tracker.d.o
php7.0 (7.0.30-1) unstable; urgency=medium
.
* New upstream version 7.0.30
* Rebase patches for PHP 7.0.30
policykit-1 (0.105-18+deb9u1) stretch-security; urgency=medium
.
* CVE-2018-19788 (Closes: #915332)
postfix (3.1.9-0+deb9u2) stretch; urgency=medium
.
* Update debian/watch to point to the 3.1 series used in stretch
.
postfix (3.1.9-0+deb9u1) stretch; urgency=medium
.
[Scott Kitterman]
.
* Unset inet_interfaces in postfix-instance-generator to avoid postconf
failures when the generator runs during boot (Thanks to Stefan Anders for
the patch). Closes: #896155
* Also fix use of postmulti in debian/configure-instance.sh since
postfix-instance-generator uses it before the network is up.
Closes: #882141
.
[Wietse Venema]
.
* 3.1.9
- Cleanup: added 21 missing *_maps parameters to the default
proxy_read_maps setting. Files: global/mail_params.h.
.
- Bugfix (introduced: 20120117): postconf should scan only
built-in or service-defined parameters for ldap, *sql, etc.
database names. Files: postconf/postconf_user.c.
.
- Bugfix (introduced: 19990302): when luser_relay specifies
a non-existent local address, the luser_relay feature becomes
a black hole. Reported by Jørgen Thomsen. File: local/unknown.c.
.
- Bugfix (introduced: Postfix 2.8): missing tls_server_start()
error propagation in tlsproxy(8) resulting in segfault after
TLS handshake error. Found during code maintenance. File:
tlsproxy/tlsproxy.c.
postfix (3.1.9-0+deb9u1) stretch; urgency=medium
.
[Scott Kitterman]
.
* Unset inet_interfaces in postfix-instance-generator to avoid postconf
failures when the generator runs during boot (Thanks to Stefan Anders for
the patch). Closes: #896155
* Also fix use of postmulti in debian/configure-instance.sh since
postfix-instance-generator uses it before the network is up.
Closes: #882141
.
[Wietse Venema]
.
* 3.1.9
- Cleanup: added 21 missing *_maps parameters to the default
proxy_read_maps setting. Files: global/mail_params.h.
.
- Bugfix (introduced: 20120117): postconf should scan only
built-in or service-defined parameters for ldap, *sql, etc.
database names. Files: postconf/postconf_user.c.
.
- Bugfix (introduced: 19990302): when luser_relay specifies
a non-existent local address, the luser_relay feature becomes
a black hole. Reported by Jørgen Thomsen. File: local/unknown.c.
.
- Bugfix (introduced: Postfix 2.8): missing tls_server_start()
error propagation in tlsproxy(8) resulting in segfault after
TLS handshake error. Found during code maintenance. File:
tlsproxy/tlsproxy.c.
postgresql-9.6 (9.6.11-0+deb9u1) stretch; urgency=medium
.
* New upstream version.
postgrey (1.36-3+deb9u2) stretch; urgency=medium
.
* Non-maintainer upload.
* Revert the 1.36-3+deb9u1 change due to regression. (see #880047)
.
postgrey (1.36-3+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* debian/postgrey.init: create /var/run/postgrey if it
does not exist, patch provided by Laurent Bigonville <bigon@debian.org>.
(Closes: 756813, 880047)
postgrey (1.36-3+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* debian/postgrey.init: create /var/run/postgrey if it
does not exist, patch provided by Laurent Bigonville <bigon@debian.org>.
(Closes: 756813, 880047)
pylint-django (0.7.2-1+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Fix the python3-pylint-django dependencies. (Closes: #867413)
python-acme (0.28.0-1~deb9u1) stretch; urgency=medium
.
* This stretch update is to cure the problem caused by the deprecation
and disabling of the upstream TLS-SNI-01 certificate verification
protocol due to a security vulnerability. Note, the security
vulnerability isn't in this package; rather, earlier versions of
certbot are no longer functional due to changes in the interface that
certbot uses to retrieve certificates.
* Pull in unreleased version bump of josepy to fix deprecation warnings.
* Pull in two patches to help fix josepy compatibility problems.
* Pull in a Breaks to require upgrade in a single move.
python-acme (0.28.0-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
* Pull in unreleased version bump of josepy to fix deprecation warnings.
python-acme (0.27.0-1) unstable; urgency=medium
.
* New upstream release.
* Bump S-V; no changes needed.
python-acme (0.26.0-1) unstable; urgency=medium
.
* New upstream version 0.26.0
* Bump S-V; add Rules-Require-Root: no
python-acme (0.25.1-1) unstable; urgency=medium
.
* New upstream version 0.25.1
python-acme (0.25.1-1~bpo9+1) stretch-backports; urgency=high
.
* Rebuild for stretch-backports.
.
python-acme (0.25.1-1) unstable; urgency=medium
.
* New upstream version 0.25.1
.
python-acme (0.25.0-1) unstable; urgency=medium
.
* New upstream version 0.25.0
* Add new dependency on requests-toolbelt
* Drop unnecessary X-Python-Version fields
* Add pytest as build-time dep only.
.
python-acme (0.24.0-2) unstable; urgency=medium
.
* Update team email address. (Closes: #895863)
.
python-acme (0.24.0-1) unstable; urgency=medium
.
* New upstream release.
* Bump S-V; no changes needed.
python-acme (0.25.0-1) unstable; urgency=medium
.
* New upstream version 0.25.0
* Add new dependency on requests-toolbelt
* Drop unnecessary X-Python-Version fields
* Add pytest as build-time dep only.
python-acme (0.24.0-2) unstable; urgency=medium
.
* Update team email address. (Closes: #895863)
python-acme (0.24.0-1) unstable; urgency=medium
.
* New upstream release.
* Bump S-V; no changes needed.
python-acme (0.22.2-1) unstable; urgency=medium
.
* New upstream release.
python-acme (0.22.2-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
python-acme (0.22.0-1) unstable; urgency=medium
.
* New upstream release -- now with wildcards!
python-acme (0.21.1-1) unstable; urgency=high
.
* New upstream release.
* Cleanup from josepy separation.
python-acme (0.21.1-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
python-acme (0.20.0-1) unstable; urgency=low
.
* New upstream release.
* Add new dependencies introduced upstream.
* Bump S-V, debhelper versions.
* Move doc-base ref to package instead of package-doc.
python-acme (0.19.0-1) unstable; urgency=medium
.
* New upstream release.
python-acme (0.19.0-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
python-acme (0.19.0-1) unstable; urgency=medium
.
* New upstream release.
.
python-acme (0.18.2-1) unstable; urgency=medium
.
* New upstream release.
* Bump S-V; no changes needed.
* Switch to python3-sphinx for docs.
.
python-acme (0.17.0-1) unstable; urgency=medium
.
* New upstream release.
* Reduce dependency on python-requests, following upstream.
* Increase priority to optional to comply with Policy v4.0.1.0
* Declare Testsuite using simple autopkgtest.
* Bump S-V to 4.0.1.
.
python-acme (0.14.2-1) experimental; urgency=medium
.
* Team upload.
* New upstream release.
.
python-acme (0.12.0-1) experimental; urgency=medium
.
* New upstream release.
.
python-acme (0.11.1-1) unstable; urgency=medium
.
* New upstream release.
* Drop dep on python3?-dnspython removed upstream
python-acme (0.18.2-1) unstable; urgency=medium
.
* New upstream release.
* Bump S-V; no changes needed.
* Switch to python3-sphinx for docs.
python-acme (0.17.0-1) unstable; urgency=medium
.
* New upstream release.
* Reduce dependency on python-requests, following upstream.
* Increase priority to optional to comply with Policy v4.0.1.0
* Declare Testsuite using simple autopkgtest.
* Bump S-V to 4.0.1.
python-acme (0.14.2-1) experimental; urgency=medium
.
* Team upload.
* New upstream release.
python-acme (0.12.0-1) experimental; urgency=medium
.
* New upstream release.
python-acme (0.11.1-1) unstable; urgency=medium
.
* New upstream release.
* Drop dep on python3?-dnspython removed upstream
python-arpy (1.1.1-3~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
python-arpy (1.1.1-3) unstable; urgency=low
.
* Team upload.
.
[ Christoph Egger ]
* Add VCS-* headers
.
[ Ondřej Nový ]
* Fixed homepage (https)
* Fixed VCS URL (https)
.
[ Scott Kitterman ]
* Correct substitution variable for python3 interpreter depends (Closes:
#867418)
* Remove unneeded python:Provides
* Update homepage for move to github
* Add debian/watch
python-certbot (0.28.0-1~deb9u1) stretch; urgency=medium
.
* This stretch update is to cure the problem caused by the deprecation
and disabling of the upstream TLS-SNI-01 certificate verification
protocol due to a security vulnerability. Note, the security
vulnerability isn't in this package; rather, earlier versions of
certbot are no longer functional due to changes in the interface that
certbot uses to retrieve certificates. (Closes: #887399)
python-certbot (0.28.0-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
python-certbot (0.27.0-1) unstable; urgency=medium
.
* New upstream version 0.27.0
* Refresh patch after upstream migration to codecov
* Bump python-sphinx requirement defensively; bump S-V with no changes
* Bump dep on python-acme to 0.26.0~
python-certbot (0.26.1-1) unstable; urgency=medium
.
* New upstream release.
python-certbot (0.26.0-1) unstable; urgency=medium
.
* New upstream version 0.26.0
* Bump S-V; add R-R-R: no
python-certbot (0.25.0-1) unstable; urgency=medium
.
* New upstream version 0.25.0
* Bump python-acme dep version.
python-certbot (0.25.0-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
python-certbot (0.24.0-2) unstable; urgency=medium
.
* Update team email address. (Closes: #899858)
python-certbot (0.24.0-1) unstable; urgency=medium
.
* Add OR to dep on python-distutils for stretch-bpo
* New upstream version 0.24.0
* Bump version dep on python3-acme
python-certbot (0.23.0-1) unstable; urgency=medium
.
* New upstream release.
* Add testdata back in to prevent test failure in RDeps. (Closes: #894025)
* Bump S-V; no changes needed.
python-certbot (0.23.0-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
python-certbot (0.22.2-2) unstable; urgency=medium
.
* Change the way we remove testdata for better downstream support
* Add dep on python3-distutils (Closes: #893775)
python-certbot (0.22.2-1) unstable; urgency=medium
.
* New upstream release.
python-certbot (0.22.0-1) unstable; urgency=medium
.
* New upstream release -- now with wildcards!
* Break the strict dependency relationship between certbot packages.
python-certbot (0.21.1-1) unstable; urgency=high
.
* New upstream release.
* Move d/copyright format to HTTPS
python-certbot (0.21.1-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
python-certbot (0.21.1-1) unstable; urgency=high
.
* New upstream release.
* Move d/copyright format to HTTPS
.
python-certbot (0.20.0-3) unstable; urgency=medium
.
* Setup logrotation for certbot log files. (Closes: #873581, #881176)
.
python-certbot (0.20.0-2) unstable; urgency=low
.
* Add additional Breaks on py2 variants of libs.
.
python-certbot (0.20.0-1) unstable; urgency=low
.
* New upstream release.
* Switch to python3!
* Update to debhelper 11, bump S-V.
.
python-certbot (0.19.0-1) unstable; urgency=medium
.
* New upstream release. (Closes: #838548)
python-certbot (0.20.0-3) unstable; urgency=medium
.
* Setup logrotation for certbot log files. (Closes: #873581, #881176)
python-certbot (0.20.0-2) unstable; urgency=low
.
* Add additional Breaks on py2 variants of libs.
python-certbot (0.20.0-1) unstable; urgency=low
.
* New upstream release.
* Switch to python3!
* Update to debhelper 11, bump S-V.
python-certbot (0.19.0-1) unstable; urgency=medium
.
* New upstream release. (Closes: #838548)
python-certbot (0.19.0-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
python-certbot (0.19.0-1) unstable; urgency=medium
.
* New upstream release. (Closes: #838548)
.
python-certbot (0.18.2-1) unstable; urgency=medium
.
* New upstream release.
* Bump S-V; no changes needed.
* Switch from python-sphinx to python3-sphinx
.
python-certbot (0.17.0-2) unstable; urgency=high
.
* Revert d/rules for systemd cleanup. (Closes: #872090)
.
python-certbot (0.17.0-1) unstable; urgency=medium
.
[ Mattia Rizzolo ]
* d/control: rename git repository to python-certbot too
.
[ Harlan Lieberman-Berg ]
* New upstream version 0.17.0
* Bump S-V to 4.0.1, changing Priority to optional.
* Bump B-D on python-cryptography
* Add very basic autopkgtest.
* Refresh patches.
* Fix merge failure.
* Tweak d/rules for systemd cleanup, raise compat to 10.
.
python-certbot (0.14.2-1) experimental; urgency=medium
.
* Team upload.
* New upstream release.
.
python-certbot (0.12.0-1) experimental; urgency=medium
.
* New upstream release.
* Add python-ipdb as build dependency.
* Drop unnecessary dependency on dh-systemd (Closes: #856239)
.
python-certbot (0.11.1-1) unstable; urgency=medium
.
* New upstream release.
* Add .pc to gitignore
* Drop python-psutil dep no longer needed
python-certbot (0.18.2-1) unstable; urgency=medium
.
* New upstream release.
* Bump S-V; no changes needed.
* Switch from python-sphinx to python3-sphinx
python-certbot (0.17.0-2) unstable; urgency=high
.
* Revert d/rules for systemd cleanup. (Closes: #872090)
python-certbot (0.17.0-1) unstable; urgency=medium
.
[ Mattia Rizzolo ]
* d/control: rename git repository to python-certbot too
.
[ Harlan Lieberman-Berg ]
* New upstream version 0.17.0
* Bump S-V to 4.0.1, changing Priority to optional.
* Bump B-D on python-cryptography
* Add very basic autopkgtest.
* Refresh patches.
* Fix merge failure.
* Tweak d/rules for systemd cleanup, raise compat to 10.
python-certbot (0.14.2-1) experimental; urgency=medium
.
* Team upload.
* New upstream release.
python-certbot (0.12.0-1) experimental; urgency=medium
.
* New upstream release.
* Add python-ipdb as build dependency.
python-certbot (0.11.1-1) unstable; urgency=medium
.
* New upstream release.
* Add .pc to gitignore
* Drop python-psutil dep no longer needed
python-certbot-apache (0.28.0-1~deb9u1) stretch; urgency=medium
.
* This stretch update is to cure the problem caused by the deprecation
and disabling of the upstream TLS-SNI-01 certificate verification
protocol due to a security vulnerability. Note, the security
vulnerability isn't in this package; rather, earlier versions of
certbot are no longer functional due to changes in the interface that
certbot uses to retrieve certificates.
python-certbot-apache (0.28.0-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
python-certbot-apache (0.27.1-1) unstable; urgency=medium
.
* New upstream release.
python-certbot-apache (0.27.0-1) unstable; urgency=medium
.
* New upstream version 0.27.0
* Bump S-V; no changes needed
* Add lintian-override for cross-python version dep.
python-certbot-apache (0.26.0-1) unstable; urgency=medium
.
* New upstream version 0.26.0
* Bump deps on certbot, add acme dep explicitly
* Bump S-V with R-R-R: no
python-certbot-apache (0.25.0-2) unstable; urgency=medium
.
* Fix incorrect version dependency.
python-certbot-apache (0.25.0-2~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
python-certbot-apache (0.25.0-1) unstable; urgency=medium
.
* New upstream version 0.25.0
* Bump dep on certbot
python-certbot-apache (0.24.0-2) unstable; urgency=medium
.
* Update team email address to tracker.d.o. (Closes: #899667)
python-certbot-apache (0.24.0-1) unstable; urgency=medium
.
* New upstream version 0.24.0
* Bump S-V; no changes needed.
python-certbot-apache (0.23.0-1) unstable; urgency=medium
.
* New upstream release.
python-certbot-apache (0.23.0-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
python-certbot-apache (0.22.0-1) unstable; urgency=medium
.
* New upstream release -- now with wildcards!
* Break strict dependency requirements.
* Drop patches applied upstream.
python-certbot-apache (0.21.1-1) unstable; urgency=high
.
* New upstream release.
* Update Vcs-Git URL to be HTTPS.
* Switch d/copyright URL to HTTPS.
python-certbot-apache (0.21.1-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
python-certbot-apache (0.21.1-1) unstable; urgency=high
.
* New upstream release.
* Update Vcs-Git URL to be HTTPS.
* Switch d/copyright URL to HTTPS.
.
python-certbot-apache (0.20.0-3) unstable; urgency=medium
.
* Add version restriction on the Breaks of the dummy.
.
python-certbot-apache (0.20.0-2) unstable; urgency=low
.
* Add transitional dummy package.
.
python-certbot-apache (0.20.0-1) unstable; urgency=low
.
* New upstream release.
* Convert to python3!
* Upgrade to debhelper 11.
.
python-certbot-apache (0.19.0-1) unstable; urgency=medium
.
* New upstream release.
python-certbot-apache (0.20.0-3) unstable; urgency=medium
.
* Add version restriction on the Breaks of the dummy.
python-certbot-apache (0.20.0-2) unstable; urgency=low
.
* Add transitional dummy package.
python-certbot-apache (0.20.0-1) unstable; urgency=low
.
* New upstream release.
* Convert to python3!
* Upgrade to debhelper 11.
python-certbot-apache (0.19.0-1) unstable; urgency=medium
.
* New upstream release.
python-certbot-apache (0.19.0-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
python-certbot-apache (0.19.0-1) unstable; urgency=medium
.
* New upstream release.
.
python-certbot-apache (0.18.2-1) unstable; urgency=medium
.
* New upstream release.
* Move to python3-sphinx.
* Bump S-V; no changes needed.
* Drop unnecessary Testsuite header.
.
python-certbot-apache (0.17.0-1) unstable; urgency=medium
.
* New upstream release.
* Move experimental to unstable now that the freeze is over.
* Upgrade to v4.0.1 of Debian policy
.
python-certbot-apache (0.14.2-1) experimental; urgency=medium
.
* Team upload.
* New upstream release.
* Add dep8 smoke test.
.
python-certbot-apache (0.12.0-1) experimental; urgency=medium
.
* New usptream release.
.
python-certbot-apache (0.11.1-1) unstable; urgency=medium
.
* New upstream release.
python-certbot-apache (0.18.2-1) unstable; urgency=medium
.
* New upstream release.
* Move to python3-sphinx.
* Bump S-V; no changes needed.
* Drop unnecessary Testsuite header.
python-certbot-apache (0.17.0-1) unstable; urgency=medium
.
* New upstream release.
* Move experimental to unstable now that the freeze is over.
* Upgrade to v4.0.1 of Debian policy
python-certbot-apache (0.14.2-1) experimental; urgency=medium
.
* Team upload.
* New upstream release.
* Add dep8 smoke test.
python-certbot-apache (0.12.0-1) experimental; urgency=medium
.
* New usptream release.
python-certbot-apache (0.11.1-1) unstable; urgency=medium
.
* New upstream release.
python-certbot-nginx (0.28.0-1~deb9u1) stretch; urgency=medium
.
* This stretch update is to cure the problem caused by the deprecation
and disabling of the upstream TLS-SNI-01 certificate verification
protocol due to a security vulnerability. Note, the security
vulnerability isn't in this package; rather, earlier versions of
certbot are no longer functional due to changes in the interface that
certbot uses to retrieve certificates.
python-certbot-nginx (0.28.0-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
python-certbot-nginx (0.26.0-1) unstable; urgency=medium
.
* New upstream version 0.26.0
* Bump dependencies to match setup.py
* Bump S-V; add R-R-R: no
python-certbot-nginx (0.25.0-2) unstable; urgency=medium
.
* Bump version requirement for acme and release -2
python-certbot-nginx (0.25.0-2~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
python-certbot-nginx (0.25.0-1) unstable; urgency=medium
.
* New upstream version 0.25.0
python-certbot-nginx (0.23.0-2) unstable; urgency=medium
.
* Switch maintainer email to tracker.d.o (Closes: #899674)
python-certbot-nginx (0.23.0-1) unstable; urgency=medium
.
* New upstream release.
* Bump S-V; no chnages needed.
python-certbot-nginx (0.23.0-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
python-certbot-nginx (0.22.0-1) unstable; urgency=medium
.
* New upstream release -- now with wildcards!
* Break strict dependency requirement.
python-certbot-nginx (0.21.1-1) unstable; urgency=high
.
* New upstream release.
* Change Vcs-Git to use HTTPS.
* Change d/copyright to use HTTPS
python-certbot-nginx (0.21.1-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
python-certbot-nginx (0.21.1-1) unstable; urgency=high
.
* New upstream release.
* Change Vcs-Git to use HTTPS.
* Change d/copyright to use HTTPS
.
python-certbot-nginx (0.20.0-3) unstable; urgency=medium
.
* Add version restriction to Breaks/Replaces for dummy. (Closes: #886954)
.
python-certbot-nginx (0.20.0-2) unstable; urgency=low
.
* Add transitional dummy package.
.
python-certbot-nginx (0.20.0-1) unstable; urgency=low
.
* New upstream release.
* Switch to python3!
* Update to debhelper 11, bump S-V.
.
python-certbot-nginx (0.19.0-1) unstable; urgency=medium
.
* New upstream release.
python-certbot-nginx (0.20.0-3) unstable; urgency=medium
.
* Add version restriction to Breaks/Replaces for dummy. (Closes: #886954)
python-certbot-nginx (0.20.0-2) unstable; urgency=low
.
* Add transitional dummy package.
python-certbot-nginx (0.20.0-1) unstable; urgency=low
.
* New upstream release.
* Switch to python3!
* Update to debhelper 11, bump S-V.
python-certbot-nginx (0.19.0-1) unstable; urgency=medium
.
* New upstream release.
python-certbot-nginx (0.19.0-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
python-certbot-nginx (0.19.0-1) unstable; urgency=medium
.
* New upstream release.
.
python-certbot-nginx (0.18.2-1) unstable; urgency=medium
.
* New upstream release.
* Move to python3-sphinx; bump S-V without changes.
* Drop unnecessary Testsuite.
.
python-certbot-nginx (0.17.0-1) unstable; urgency=medium
.
* New upstream release.
* Move to unstable from experimental, now that the freeze is over.
* Update to latest Debian policy.
.
python-certbot-nginx (0.14.2-1) experimental; urgency=medium
.
* Team upload.
* New upstream release.
* Add dep8 smoke test.
.
python-certbot-nginx (0.12.0-1) experimental; urgency=medium
.
* New upstream release.
.
python-certbot-nginx (0.11.1-1) unstable; urgency=medium
.
* New upstream release.
python-certbot-nginx (0.18.2-1) unstable; urgency=medium
.
* New upstream release.
* Move to python3-sphinx; bump S-V without changes.
* Drop unnecessary Testsuite.
python-certbot-nginx (0.17.0-1) unstable; urgency=medium
.
* New upstream release.
* Move to unstable from experimental, now that the freeze is over.
* Update to latest Debian policy.
python-certbot-nginx (0.14.2-1) experimental; urgency=medium
.
* Team upload.
* New upstream release.
* Add dep8 smoke test.
python-certbot-nginx (0.12.0-1) experimental; urgency=medium
.
* New upstream release.
python-certbot-nginx (0.11.1-1) unstable; urgency=medium
.
* New upstream release.
python-django (1:1.10.7-2+deb9u4) stretch-security; urgency=high
.
* CVE-2019-3498: Prevent a content-spoofing vulnerability in the default
404 page. (Closes: #918230)
python-hypothesis (3.6.1-1+deb9u1) stretch; urgency=medium
.
[ Andreas Beckmann ]
* Non-maintainer upload.
* Backport fix from 3.12.0-1 to stretch.
.
[ Tristan Seligmann ]
* Fix permuted python3-hypothesis and python-hypothesis-doc Depends
stanzas (closes: #867435).
python-josepy (1.1.0-2~deb9u1) stretch; urgency=medium
.
* Backport to stable as a dependency for python-acme.
python-josepy (1.1.0-2~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
python-josepy (1.1.0-1) unstable; urgency=medium
.
* New upstream release.
python-josepy (1.0.1-1) unstable; urgency=medium
.
* Initial release. (Closes: #888624)
* To prevent breaking downstream libs that may be using python-acme, we
also have to build the Python 2 version.
python-josepy (1.0.1-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
pyzo (4.3.1-1+deb9u1) stretch; urgency=medium
.
[ Andreas Beckmann]
* Non-maintainer upload.
* Backport dependency fix from 4.4.3-1.2.
.
[ Adrian Bunk ]
* Add the missing dependency on python3-pkg-resources,
thanks to Julien Cervelle. (Closes: #917085)
qemu (1:2.8+dfsg-6+deb9u5) stretch-security; urgency=medium
.
* Backport SSBD support (Closes: #908682)
* CVE-2018-10839 (Closes: #910431)
* CVE-2018-17962 (Closes: #911468)
* CVE-2018-17963 (Closes: #911469)
r-cran-readxl (0.1.1-1+deb9u2) stretch; urgency=high
.
* src/libxls/ole.h: Updated from readxl upstream (Closes: #920804)
* libxls/xlstool.h: Idem
* ole.c: Idem
* xls.c: Idem
* xlstool.c: Idem
.
* This addresses
CVE-2018-20450
CVE-2018-20452
with corresponding upstream patch in libxls and readxl
roundcube (1.2.3+dfsg.1-4+deb9u3) stretch-security; urgency=high
.
* Backport fix for CVE-2018-19206: XSS vulnerability via crafted use of
<svg><style>, as demonstrated by an onload attribute in a BODY element,
within an HTML attachment.
https://github.com/roundcube/roundcubemail/issues/6410
rssh (2.3.4-5+deb9u3) stretch-security; urgency=high
.
* The fix for the scp security vulneraability in 2.3.4-5+deb9u1
introduced a regression that blocked scp of multiple files from a
server using rssh. Based on further analysis of scp's command-line
parsing, relax the check to require the server command contain -f or
-t, which should deactivate scp's support for remote files.
(Closes: #921655)
rssh (2.3.4-5+deb9u2) stretch-security; urgency=high
.
* Also reject rsync --daemon and --config command-line options, which
can be used to run arbitrary commands. Thanks, Nick Cleaton.
(CVE-2019-3463)
* Unset the HOME environment variable when running rsync to prevent popt
(against which rsync is linked) from loading a ~/.popt configuration
file, which can run arbitrary commands on the server or redefine
command-line options to bypass argument checking. Thanks, Nick
Cleaton. (CVE-2019-3464)
* Do not stop checking the rsync command line at --, since this can be
an argument to some other option and later arguments may still be
interpreted as options. In the few cases where one needs to rsync to
files named things like --rsh, the client can use ./--rsh instead.
Thanks, Nick Cleaton.
rssh (2.3.4-5+deb9u1) stretch-security; urgency=high
.
* Validate the allowed scp command line and only permit the flags used
in server mode and only a single argument, to attempt to prevent use
of ssh options to run arbitrary code on the server. This will break
scp -3 to a system running rssh, which seems like an acceptable loss.
(Closes: #919623, CVE-2019-1000018)
* Tighten validation of the rsync command line to require --server be
the first argument, which should prevent initiation of an outbound
rsync command from the server, which in turn might allow execution of
arbitrary code via ssh configuration similar to scp.
* Add validation of the server command line after chroot when chroot is
enabled. Prior to this change, dangerous argument filtering was not
done when chroot was configured, allowing remote code execution inside
the chroot in some configurations via the previous two bugs and via
the mechanisms in CVE-2012-2251 and CVE-2012-2252.
* Further document that the cvs server-side dangerous option filtering
is probably insufficient and should not be considered secure.
rtkit (0.11-4+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Move dbus and polkit from Recommends to Depends
rtkit can't do much really without either of them so bump them to Depends.
(Closes: #881342)
ruby-loofah (2.0.3-2+deb9u2) stretch-security; urgency=medium
.
* Team upload
.
* debian/patches
- add 0004-fix-CVE-2018-16468.patch: taken security fix from upstream
(Closes: #912398) (CVE-2018-16468)
ruby-rack (1.6.4-4+deb9u1) stretch; urgency=medium
.
* CVE-2018-16471: Prevent a possible XSS vulnerability where a malicious
request could impact the HTTP/HTTPS scheme returned to the underlying
application. (Closes: #913005)
ruby-sanitize (2.1.0-2+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Inproper filtering by libxml2 leads to HTML injection vulnerability
(CVE-2018-3740) (Closes: #893610)
* Drop fix-tests-sanitize.patch patch
samba (2:4.5.16+dfsg-1) stretch; urgency=medium
.
* New upstream release (latest 4.5.x)
- Drop merged patches
* Fix CVE-2018-14629 regression when there're more than 20 records on a non
CNAME record.
* Fix rmdir on non-empty samba directory (Closes: #915248)
* Ignore nmbd start errors when there is no non-loopback interface
(Closes: #893762)
* Ignore nmbd start errors when there is no local IPv4 non-loopback interface
(Closes: #859526)
* s3:ntlm_auth: fix memory leak in manage_gensec_request() (Closes: #919611)
* Add debian/gitlab-ci.yml
samba (2:4.5.12+dfsg-2+deb9u4) stretch-security; urgency=high
.
* New upstream security release
- CVE-2018-14629 Unprivileged adding of CNAME record causing loop in AD
Internal DNS server
- CVE-2018-16841 Double-free in Samba AD DC KDC with PKINIT
- CVE-2018-16851 NULL pointer de-reference in Samba AD DC LDAP server
sl-modem (2.9.11~20110321-12+deb9u1) stretch; urgency=medium
.
[ Ø£Øمد المØمودي (Ahmed El-Mahmoudy) ]
* Modify support_linux3.diff patch to support linux >3.
Thanks to Ben Hutchings <ben@decadent.org.uk> (Closes: #916034)
sogo-connector (60.0.0+gite2547a3-1~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch
sogo-connector (31.0.5-2) unstable; urgency=medium
.
* [d457c90] debian/control: removing references to Icedove
- Clean out any references to old icedove* packages for Build-Depends and
also for Depends in the binary package to not collide with removal of
transitional packages from the src:icedove package.
* [1afa79a] debian/control: bump Standards-Version to 4.1.0
- Policy version is now moved on to 4.1.0.
sogo-connector (31.0.5-2~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
* [6799d59] d/gbp.conf: adjust to debian/stretch
sogo-connector (31.0.5-2~bpo8+1) jessie-backports-sloppy; urgency=medium
.
* Rebuild for jessie-backports-sloppy.
sogo-connector (31.0.5-1) unstable; urgency=medium
.
* [5ba36c6] rebuild patch queue from patch-queue branch
- Adding some modifications so the keyword 'let' isn't used for some
variables in some source files as the variables aren't have a local
scope. This decreases some unneded error messages on the cli.
* [a5cefa8] debian/gbp.conf: adjust to branch debian/sid
* [3256585] New upstream version 31.0.5
* [21244ff] debian/control: adding X-Debian-Homepage field
- Adding a extra pointer to the Debian Wiki site on the package tracker
site.
* [78b1c01] debian/copyright: small updates
* [4572780] debian/control: bump Standards-Version to 4.0.0
- No extra changes needed to archive the new requirements by 4.0.0.
sogo-connector (31.0.4-1) unstable; urgency=medium
.
* [a6d9434] New upstream version 31.0.4
* [7e6659e] debian/copyright: update file after upstream changes
sox (14.4.1-5+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Add patches for CVE-2014-8145 to series file and really apply fixes.
Thanks to Mike Salvatore for spotting the issue. (Closes: #773720)
spice (0.12.8-2.1+deb9u3) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* memslot: Fix off-by-one error in group/slot boundary check (CVE-2019-3813)
ssh-agent-filter (0.4.2-1+deb9u1) stretch; urgency=medium
.
* backport fix for two-byte out-of-bounds stack write (Closes: #914501)
supercollider (1:3.7.0~repack-4+deb9u1) stretch; urgency=medium
.
[ Andreas Beckmann ]
* Non-maintainer upload.
* Backport disabling support for XEmacs etc. from 1:3.10.0+repack-0.1.
.
[ Georges Khaznadar ]
* modified emacsen configuration files to fit the patterns found
with ELPA. This prevents the installation with xemacs and emacs <= 23.
Closes: #916858
sympa (6.2.16~dfsg-3+deb9u2) stretch; urgency=medium
.
* Non-maintainer upload.
.
[ Stefan Hornburg (Racke) ]
* Remove /etc/sympa/sympa.conf-smime.in from conffiles (Closes: #864546).
* Add call for removing sympa.conf-smime.in by maintainer scripts.
* Use full path for head command in Sympa configuration file
(Closes: #863701).
systemd (232-25+deb9u8) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Address memory leak in dispatch_message_real()
In dispatch_message_real() memory allocated by set_iovec_field_free()
is not free()d.
Follow upstream and introduce specific variables cmdline1 and cmdline2
and free() those automatically when dispatch_message_real() returns.
* Correctly allocate core_timestamp on the heap and avoid invalid free()
* Remove unused core* variables in process_kernel()
systemd (232-25+deb9u7) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* journald: do not store the iovec entry for process commandline on stack
(CVE-2018-16864) (Closes: #918841)
* journald: set a limit on the number of fields (1k) (CVE-2018-16865)
(Closes: #918848)
* journal-remote: set a limit on the number of fields in a message
(CVE-2018-16865) (Closes: #918848)
* journal: fix syslog_parse_identifier() (CVE-2018-16866)
* journal: do not remove multiple spaces after identifier in syslog message
(CVE-2018-16866)
thunderbird (1:60.4.0-1~deb9u1) stretch-security; urgency=medium
.
[ Carsten Schoenert ]
* Rebuild for stretch-security
thunderbird (1:60.3.1-1) unstable; urgency=medium
.
* [e1b489a] New upstream version 60.3.1
* [f376b38] lightning: use ${source:Version} in Breaks and Recommends
(Closes: #914175)
* [7e560b3] Revert "lintian: adding a semi automated lintian-override"
The override about a misspelled word Synopsys isn't needed any more.
* [893c0e6] rebuild patch queue from patch-queue branch
modified patches:
debian-hacks/Don-t-build-testing-suites-and-stuff.patch
debian-hacks/Don-t-build-testing-suites-and-stuff-part-2.patch
* [20d8827] d/source.filter: update the filter sequences
thunderbird (1:60.3.0-1) unstable; urgency=medium
.
[ intrigeri ]
* [7949b31] AppArmor: update profile from upstream at commit f3d9a8b
(Closes: #903898)
* [e31dc14] AppArmor: update profile from upstream at commit 81c9457
(Closes: #908206)
.
[ Carsten Schoenert ]
* [0dcbe22] d/control: add xul-ext-gnome-keyring to Breaks for thunderbird
(Closes: #907979)
* [65db00d] armel: adding extra LDFLAGS so rust compiler isn't confused
The settings that are builtin within rust are conflicting with the GCC.
* [9c65884] New upstream version 60.3.0
Fixed CVE issues in upstream version 60.3.0 (MFSA 2018-28)
CVE-2018-12392: Crash with nested event loops
CVE-2018-12393: Integer overflow during Unicode conversion while loading
JavaScript
CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3 and
Thunderbird 60.3
CVE-2018-12390: Memory safety bugs fixed in Firefox 63, Firefox ESR 60.3,
and Thunderbird 60.3
* [8726bb1] rebuild patch queue from patch-queue branch
removed patches (included upstream)
fixes/Bug-1479540-Accept-triplet-strings-with-only-two-parts-in.patch
fixes/Bug-1492064-Disable-baseline-JIT-when-SSE2-is-not-support.patch
fixes/Bug-1492065-Use-Swizzle-fallback-when-SSE2-is-not-support.patch
porting-mips/Add-struct-ucred-for-Linux-on-MIPS.patch
thunderbird (1:60.3.0-1~deb9u1) stretch-security; urgency=medium
.
[ Carsten Schoenert ]
* Rebuild for stretch-security
tiff (4.0.8-2+deb9u4) stretch-security; urgency=medium
.
* CVE-2018-5784 (Closes: #890441)
* CVE-2018-7456 (Closes: #891288)
* CVE-2018-8905 (Closes: #893806)
* CVE-2018-10963 (Closes: #898348)
* CVE-2018-17101 (Closes: #909037)
* CVE-2018-18557 (Closes: #911635)
* CVE-2017-11613 (Closes: #869823)
* CVE-2017-17095 (Closes: #883320)
(deb9u3 is unreleased, broken interim)
tiff (4.0.8-2+deb9u3) stretch-security; urgency=medium
.
* CVE-2018-5784 (Closes: #890441)
* CVE-2018-7456 (Closes: #891288)
* CVE-2018-8905 (Closes: #893806)
* CVE-2018-10963 (Closes: #898348)
* CVE-2018-17100 (Closes: #909038)
* CVE-2018-17101 (Closes: #909037)
* CVE-2018-18557 (Closes: #911635)
* CVE-2017-11613 (Closes: #869823)
* CVE-2017-17095 (Closes: #883320)
tmpreaper (1.6.13+nmu1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* There was a race condition when tmpreaper was testing for a (bind) mount,
which was done via rename() which could potentially lead to a file being
placed elsewhere on the filesystem hierarchy (e.g. /etc/cron.d/) if the
directory being cleaned up was on the same physical filesystem.
This has been fixed by using an alternative way of looking for bind mounts
using code from mountpoint (from the util-linux package).
twitter-bootstrap3 (3.3.7+dfsg-2+deb9u1) stretch; urgency=high
.
* Team upload.
* Fix multiples vulnerabilities (Closes: #907414):
- CVE-2018-14040: XSS is possible in the collapse data-parent
- CVE-2018-14041: XSS is possible in the data-target property
- CVE-2018-14042: XSS is possible in the data-container
* Update debian/copyright
tzdata (2018i-0+deb9u1) stretch; urgency=medium
.
* New upstream version, affecting the following future timestamps:
- São Tomé and PrÃncipe switches from +01 to +00 on 2019-01-01.
tzdata (2018h-1) unstable; urgency=medium
.
* New upstream version, affecting the following past and future
timestamps:
- Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21. A new
zone Asia/Qostanay has been added, because Qostanay, Kazakhstan
didn't move.
- Metlakatla, Alaska observes PST this winter only.
tzdata (2018h-0+deb9u1) stretch; urgency=medium
.
* New upstream version, affecting the following past and future
timestamps:
- Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21. A new
zone Asia/Qostanay has been added, because Qostanay, Kazakhstan
didn't move.
- Metlakatla, Alaska observes PST this winter only.
tzdata (2018g-1) unstable; urgency=high
.
* New upstream version, affecting the following future timestamp:
- Morocco switches to permanent +01 on 2018-10-27.
* Urgency set to high as the change will happen the next hours.
uglifyjs (2.7.5-2+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Add fix from Bastien Roucariès to give manpage --help output
contents, thanks to Ben Finney. (Closes: #847642)
uriparser (0.8.4-1+deb9u1) stable; urgency=medium
.
* Fix multiple CVEs (Closes: #913817):
- New debian/patches/CVE-2018-19198.patch to fix CVE-2018-19198.
- New debian/patches/CVE-2018-19199.patch to fix CVE-2018-19199.
- New debian/patches/CVE-2018-19200.patch to fix CVE-2018-19200.
* debian/control:
- Change to my new email address.
- Switch Vcs-* to new location.
vlc (3.0.6-0+deb9u1) stretch-security; urgency=high
.
* New upstream bug fix release.
- Fix CAF integer-underflow. (CVE-2018-19857)
- Fix crashes with LPCM streams.
- Fix live555 and screen capture crashes.
* debian/patches: Apply upstream patch for libbluray compatibility.
vlc (3.0.5-2) unstable; urgency=medium
.
* debian/control: Bump libbluray-dev to >= 1.0.0.
* debian/: Bump debhelper compat to 12.
* debian/copyright: Remove paragraphs for no longer existing files.
vlc (3.0.5-1) unstable; urgency=medium
.
[ Mateusz Åukasik ]
* New upstream release:
- Remove patches included upstream.
.
[ Sebastian Ramacher ]
* debian/control: Bump Standards-Version.
* debian/vlc-plugin-base.install: Install 10-bit x264 plugin.
vlc (3.0.4-4) unstable; urgency=medium
.
* debian/patches: Apply upstream patch to fix integer underflow
(CVE-2018-19857). (Closes: #915760)
vlc (3.0.4-3) unstable; urgency=medium
.
* debian/patches: Add support for libplacebo 0.6.
vlc (3.0.4-2) unstable; urgency=medium
.
* debian/: Build AOM plugin.
vlc (3.0.4-1) unstable; urgency=medium
.
* New upstream release.
- Fix OpenGL output for single plane devices. (LP: #1774119)
- Decode AV1 streams. (LP: #1789715)
* debian/patches: Drop patches merged upstream.
vlc (3.0.3-1-4) unstable; urgency=medium
.
* Bump Standards-Version
* debian/patches: Apply upstream patch for x264 155 support.
vlc (3.0.3-1-3) unstable; urgency=medium
.
* debian/: Enable libspatialaudio.
* debian/control: Bump Standards-Version.
vlc (3.0.3-1-2) unstable; urgency=medium
.
* debian/patches: Apply upstream patch to fix build with Qt 5.11.
vlc (3.0.3-1-1) unstable; urgency=high
.
* New upstream version.
- mkv: Fix NULL pointer access. (CVE-2018-11529)
* debian/bug-presubj: No longer include -f.
* debian/bug-control: Remove Submit-As.
* debian/patches: Backport upstream patch for fribidi 1.0.x.
vm (8.2.0b-2.1+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Backport removal of xemacs21 support from 8.2.0b-4. (Closes: #909385)
.
[ Ian Jackson ]
* Drop support for xemacs21, which is broken - see #914945.
vulture (0.11-1+deb9u1) stretch; urgency=medium
.
[ Andreas Beckmann ]
* Non-maintainer upload.
* Backport the dependency fix from 0.21-1.1.
.
[ Adrian Bunk ]
* Add the missing dependency on python3-pkg-resources.
(Closes: #904762)
* Fix the test dependencies.
wayland (1.12.0-1+deb9u1) stretch; urgency=medium
.
* debian/patches/CVE-2017-16612.patch: (Closes: #889681, #892031)
- libXcursor before 1.1.15 has various integer overflows that could lead
to heap buffer overflows when processing malicious cursors, e.g., with
programs like GIMP. It is also possible that an attack vector exists
against the related code in cursor/xcursor.c in Wayland through
1.14.0.
wicd (1.7.4+tb2-5~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
wicd (1.7.4+tb2-5) unstable; urgency=medium
.
* Add location of Debian derivatives patches in debian/README.source.
* Declare compliance with Debian Policy 4.1.1.
+ Switch DEP5 copyright format URL to HTTPS.
* Replace dependencies on "net-tools | ethtool" and "net-tools |
iproute2" in wicd-daemon with a hard dependency on net-tools and
suggesting ethtool and iproute2 in python-wicd. Thanks to Neels
Hofmeyr for the bug report. (Closes: #881225)
* Switch bugs.debian.org URLs in DEP3 headers to HTTPS and short form.
wireshark (2.6.5-1~deb9u1) stretch-security; urgency=high
.
* Rebuild for Stretch
.
wireshark (2.6.5-1) unstable; urgency=medium
.
* Add debian/gitlab-ci.yml
* New upstream version 2.6.5
- release notes:
https://www.wireshark.org/docs/relnotes/wireshark-2.6.5.html
- security fixes:
- The Wireshark dissection engine could crash. (CVE-2018-19625)
- The DCOM dissector could crash. (CVE-2018-19626)
- The LBMPDM dissector could crash. (CVE-2018-19623)
- The MMSE dissector could go into an infinite loop. (CVE-2018-19622)
- The IxVeriWave file parser could crash. (CVE-2018-19627)
- The PVFS dissector could crash. (CVE-2018-19624)
- The ZigBee ZCL dissector could crash. (CVE-2018-19628)
* Update symbols
.
wireshark (2.6.4-2) unstable; urgency=medium
.
[ nyov ]
* Build and install mmdbresolve to make GeoIP-lookup work.
(adds dependency on libmaxminddb) (Closes: #911567)
.
[ Gregor Jasny ]
* debian: libwireshark-dev must depend on libwiretap-dev
because wireshark/epan/packet_info.h (libwireshark-dev)
depends on wireshark/wiretap/wtap.h (libwiretap-dev)
(LP: #1801666)
.
[ Balint Reczey ]
* Ship man page for mmdbresolve
* debian/tests/gui: Redirect stderr to stdout because Lua prints to stderr
making the test fail
.
wireshark (2.6.4-1) unstable; urgency=medium
.
[ Ondřej Nový ]
* d/control: Removing redundant Priority field in binary package
* d/changelog: Remove trailing whitespaces
.
[ Balint Reczey ]
* Install at-spi2-core in gui autopkgtest to avoid error messages
* debian/test/gui: Ignore stderr from wireshark-gtk since upstream deprecated
it and also start bigger virtual screen
* New upstream version 2.6.4
- release notes:
https://www.wireshark.org/docs/relnotes/wireshark-2.6.4.html
- security fixes:
- MS-WSP dissector crash (CVE-2018-18227)
- Steam IHS Discovery dissector memory leak (CVE-2018-18226)
- CoAP dissector crash (CVE-2018-18225)
- OpcUA dissector crash (CVE-2018-12086)
.
wireshark (2.6.3-1) unstable; urgency=medium
.
* Use GLX extension in autopkgtest, Qt needs it
* New upstream version 2.6.3
- release notes:
https://www.wireshark.org/docs/relnotes/wireshark-2.6.3.html
- security fixes:
- Bluetooth AVDTP dissector crash. (CVE-2018-16058)
- Bluetooth Attribute Protocol dissector crash. (CVE-2018-16056)
- Radiotap dissector crash. (CVE-2018-16057)
* Refresh patches
* Update symbols
wireshark (2.6.4-2) unstable; urgency=medium
.
[ nyov ]
* Build and install mmdbresolve to make GeoIP-lookup work.
(adds dependency on libmaxminddb) (Closes: #911567)
.
[ Gregor Jasny ]
* debian: libwireshark-dev must depend on libwiretap-dev
because wireshark/epan/packet_info.h (libwireshark-dev)
depends on wireshark/wiretap/wtap.h (libwiretap-dev)
(LP: #1801666)
.
[ Balint Reczey ]
* Ship man page for mmdbresolve
* debian/tests/gui: Redirect stderr to stdout because Lua prints to stderr
making the test fail
wireshark (2.6.4-1) unstable; urgency=medium
.
[ Ondřej Nový ]
* d/control: Removing redundant Priority field in binary package
* d/changelog: Remove trailing whitespaces
.
[ Balint Reczey ]
* Install at-spi2-core in gui autopkgtest to avoid error messages
* debian/test/gui: Ignore stderr from wireshark-gtk since upstream deprecated
it and also start bigger virtual screen
* New upstream version 2.6.4
- release notes:
https://www.wireshark.org/docs/relnotes/wireshark-2.6.4.html
- security fixes:
- MS-WSP dissector crash (CVE-2018-18227)
- Steam IHS Discovery dissector memory leak (CVE-2018-18226)
- CoAP dissector crash (CVE-2018-18225)
- OpcUA dissector crash (CVE-2018-12086)
wireshark (2.6.3-1) unstable; urgency=medium
.
* Use GLX extension in autopkgtest, Qt needs it
* New upstream version 2.6.3
- release notes:
https://www.wireshark.org/docs/relnotes/wireshark-2.6.3.html
- security fixes:
- Bluetooth AVDTP dissector crash. (CVE-2018-16058)
- Bluetooth Attribute Protocol dissector crash. (CVE-2018-16056)
- Radiotap dissector crash. (CVE-2018-16057)
* Refresh patches
* Update symbols
wvstreams (4.6.1-12~deb9u1) stretch; urgency=medium
.
* QA upload.
* Rebuild for stretch.
.
wvstreams (4.6.1-12) unstable; urgency=low
.
* QA upload.
* Work around stack corruption, thanks to Karol Ossowski.
(Closes: #863039)
xapian-core (1.4.3-2+deb9u3) stretch; urgency=medium
.
* fix-freelist-leaks.patch: Fix leaks of freelist blocks in corner cases
which then get reported as "DatabaseCorruptError" by Database::check().
(Closes: #912883)
xen (4.8.5+shim4.10.2+xsa282-1+deb9u11) stretch-security; urgency=medium
.
* Update to new upstream versions:
* Main tree updated to Xen 4.8.5
* Shim updated to current upstream stable-4.10 branch, to
avoid errors trying to cherry-pick security patches.
* This includes fixes to:
XSA-282 CVE-2018-19967 Xen 4.8 and 4.10 shim
XSA-280 CVE-2018-19966 Xen 4.8 and 4.10 shim
XSA-279 CVE-2018-19965 Xen 4.8 and 4.10 shim
XSA-275 CVE-2018-19961 CVE-2018-19962 Xen 4.8 and 4.10 shim
XSA-278 CVE-2018-18883 Xen 4.10 shim only
* For completeness, the following fixes are not applicable:
XSA-274 CVE-2018-14678 Bug is in Linux
XSA-270 CVE-2018-15471 Bug is in Linux
XSA-271 CVE-2018-14007 Bug is in XAPI (not in Debian)
XSA-277 CVE-2018-19964 Bug not in either 4.8 or 4.10
XSA-276 CVE-2018-19963 Bug not in either 4.8 or 4.10
* Added CVEs to previous changelog entries:
4.8.4+xsa273+shim4.10.1+xsa273-1+deb9u10
4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
xkeycaps (2.47-4.1+deb9u1) stretch; urgency=medium
.
* Prevent segfault in commands.c when more than 8 keysyms per key are
present. (Closes: #914262)
yosys (0.7-2+deb9u1) stretch; urgency=medium
.
[ Andreas Beckmann ]
* Non-maintainer upload.
* Backport the patch fixing the search path from 0.7-5.
.
[ Ruben Undheim ]
* debian/patches/0010-Fix-adding-of-sys.path-in-yosys-smtbmc.patch
- Fix "ModuleNotFoundError: No module named 'smtio'" (Closes: #904752)
* debian/tests/smtbc:
- Added CI test to check that 'yosys-smtbmc' can be started with no
import errors
z3 (4.4.1-0.4~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
z3 (4.4.1-0.4) unstable; urgency=medium
.
* Non-maintainer upload.
* Remove the incorrect Multi-Arch: same of python-z3,
thanks to Helmut Grohne. (Closes: #874237)
zeromq3 (4.2.1-4+deb9u1) stretch-security; urgency=medium
.
* CVE-2019-6250 (Closes: #919098)
======================================
Wed, 23 Jan 2019 - Debian 9.7 released
======================================
=========================================================================
apt (1.4.9) stretch-security; urgency=medium
.
* SECURITY UPDATE: content injection in http method (CVE-2019-3462)
(LP: #1812353)
base-files (9.9+deb9u7) stretch; urgency=medium
.
* Change /etc/debian_version to 9.7, for Debian 9.7 point release.
======================================
Sat, 10 Nov 2018 - Debian 9.6 released
======================================
=========================================================================
[Date: Sat, 10 Nov 2018 08:39:58 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
libipt-dev | 1.5-1 | s390x
libipt1 | 1.5-1 | s390x
Closed bugs: 903848
------------------- Reason -------------------
RoM; ANAIS
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 08:40:52 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
xul-ext-monkeysphere | 0.8-2 | source, all
Closed bugs: 906823
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 08:46:58 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
mozilla-nukeimage | 0.3-12 | all
nukeimage | 0.3-12 | source
Closed bugs: 906912
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 08:47:34 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
python-tvrage | 0.4.1-1 | source, all
Closed bugs: 908402
------------------- Reason -------------------
RoQA; useless after tvrage.com shutdown
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 08:48:00 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
downthemall | 3.0.7-1 | source
xul-ext-downthemall | 3.0.7-1 | all
Closed bugs: 908404
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 08:49:49 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
self-destructing-cookies | 0.4.11-1 | source
xul-ext-self-destructing-cookies | 0.4.11-1 | all
Closed bugs: 908406
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 08:50:46 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
classic-theme-restorer | 1.5.9-1 | source
xul-ext-classic-theme-restorer | 1.5.9-1 | all
Closed bugs: 908407
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 08:51:00 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
lyz | 2.1.5-3-g895ff3a-1 | source
xul-ext-lyz | 2.1.5-3-g895ff3a-1 | all
Closed bugs: 908534
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 08:51:49 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
python-facebook | 0.svn20100209-3.1 | source, all
Closed bugs: 908639
------------------- Reason -------------------
RoQA; broken due to upstream changes
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 08:52:30 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
video-without-flash | 3.1.1-1 | source
xul-ext-video-without-flash | 3.1.1-1 | all
Closed bugs: 908727
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 08:53:01 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
dvips-fontdata-n2bk | 0.0.2001.12.12-4 | source, all
Closed bugs: 909034
------------------- Reason -------------------
RoQA; empty package
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 08:53:17 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
stylish | 2.0.3-2 | source
xul-ext-stylish | 2.0.3-2 | all
Closed bugs: 909051
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 08:53:39 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
ubiquity-extension | 0.6.4~pre20140729-1 | source
xul-ext-ubiquity | 0.6.4~pre20140729-1 | all
Closed bugs: 909055
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 08:53:55 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
browser-plugin-vlc | 2.0.6-4 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el
browser-plugin-vlc | 2.0.6-4+b1 | s390x
npapi-vlc | 2.0.6-4 | source
Closed bugs: 909132
------------------- Reason -------------------
RoM; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 08:54:15 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
gitlab | 8.13.11+dfsg1-8+deb9u3 | source, all
Closed bugs: 909315
------------------- Reason -------------------
RoM; open security issues, hard to backport fixes
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 08:54:46 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
automatic-save-folder | 1.0.5~20140831-4 | source
xul-ext-automatic-save-folder | 1.0.5~20140831-4 | all
Closed bugs: 909595
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 08:55:25 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
firebug | 2.0.17-1 | source
xul-ext-firebug | 2.0.17-1 | all
Closed bugs: 909597
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 08:55:40 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
flashgot | 1.5.6.13+dfsg-1 | source
xul-ext-flashgot | 1.5.6.13+dfsg-1 | all
Closed bugs: 909605
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 08:55:54 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
spdy-indicator | 2.2-1 | source
xul-ext-spdy-indicator | 2.2-1 | all
Closed bugs: 910383
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 08:56:23 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
firexpath | 0.9.7.1-3 | source
xul-ext-firexpath | 0.9.7.1-3 | all
Closed bugs: 910681
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 08:56:47 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
openinbrowser | 1.17-1 | source
xul-ext-openinbrowser | 1.17-1 | all
Closed bugs: 910688
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 08:57:08 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
adblock-plus-element-hiding-helper | 1.3.8-1 | source
xul-ext-adblock-plus-element-hiding-helper | 1.3.8-1 | all
Closed bugs: 910690
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 08:57:49 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
sage-extension | 1.5.4-2 | source
xul-ext-sage | 1.5.4-2 | all
Closed bugs: 912612
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 08:59:29 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
reloadevery | 45.0.0-2 | source
xul-ext-reloadevery | 45.0.0-2 | all
Closed bugs: 912613
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:00:17 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
itsalltext | 1.9.2-2 | source
xul-ext-itsalltext | 1.9.2-2 | all
Closed bugs: 912614
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:00:54 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
status-4-evar | 2016.10.11.01-1 | source
xul-ext-status4evar | 2016.10.11.01-1 | all
Closed bugs: 912615
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:01:12 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
perspectives-extension | 4.6.4-1 | source
xul-ext-perspectives | 4.6.4-1 | all
Closed bugs: 912620
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:02:04 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
all-in-one-sidebar | 0.7.28-2 | source
xul-ext-all-in-one-sidebar | 0.7.28-2 | all
Closed bugs: 912622
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:02:27 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
scrapbook | 1.5.13-3 | source
xul-ext-scrapbook | 1.5.13-3 | all
Closed bugs: 912625
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:03:10 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
livehttpheaders | 0.17.1-2 | source
xul-ext-livehttpheaders | 0.17.1-2 | all
Closed bugs: 912626
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:03:27 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
firegestures | 1.10.9-1 | source
xul-ext-firegestures | 1.10.9-1 | all
Closed bugs: 912657
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:03:59 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
custom-tab-width | 1.1-1 | source
xul-ext-custom-tab-width | 1.1-1 | all
Closed bugs: 912658
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:06:21 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
dactyl | 1.2~r20151231-1 | source
xul-ext-pentadactyl | 1.2~r20151231-1 | all
Closed bugs: 912660
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:07:16 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
webdeveloper | 1.2.5+repack-3 | source
xul-ext-webdeveloper | 1.2.5+repack-3 | all
Closed bugs: 912666
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:07:40 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
tabmixplus | 0.5.0.1-1 | source
xul-ext-tabmixplus | 0.5.0.1-1 | all
Closed bugs: 912667
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:08:24 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
pwdhash | 1.7.4-1 | source
xul-ext-pwdhash | 1.7.4-1 | all
Closed bugs: 912668
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:09:02 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
autofill-forms | 1.1.3-1 | source
xul-ext-autofill-forms | 1.1.3-1 | all
Closed bugs: 912669
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:09:20 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
foxyproxy | 4.5.6-debian-2 | source
xul-ext-foxyproxy-standard | 4.5.6-debian-2 | all
Closed bugs: 912670
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:09:42 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
uppity | 1.5.8-5 | source
xul-ext-uppity | 1.5.8-5 | all
Closed bugs: 912671
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:10:00 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
greasemonkey | 3.8-1 | source
xul-ext-greasemonkey | 3.8-1 | all
Closed bugs: 912672
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:10:33 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
colorfultabs | 31.1.0+dfsg-1 | source
xul-ext-colorfultabs | 31.1.0+dfsg-1 | all
Closed bugs: 912729
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:11:08 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
useragentswitcher | 0.7.3-3 | source
xul-ext-useragentswitcher | 0.7.3-3 | all
Closed bugs: 912730
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:11:28 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
form-history-control | 1.4.0.6-1 | source
xul-ext-form-history-control | 1.4.0.6-1 | all
Closed bugs: 912731
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:11:44 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
tree-style-tab | 0.18.2016111701-1 | source
xul-ext-treestyletab | 0.18.2016111701-1 | all
Closed bugs: 912732
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:12:32 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
lightbeam | 1.3.1+dfsg-1 | source
xul-ext-lightbeam | 1.3.1+dfsg-1 | all
Closed bugs: 912733
------------------- Reason -------------------
RoQA; incompatible with newer firefox-esr versions
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:12:45 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
knot-resolver | 1.2.0-1 | source, amd64, armel, armhf, i386, mips, mipsel
knot-resolver-doc | 1.2.0-1 | all
knot-resolver-module-http | 1.2.0-1 | all
Closed bugs: 912812
------------------- Reason -------------------
RoST; security issues
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:19:39 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
firefox-esr-dev | 52.9.0esr-1~deb9u1 | amd64, arm64, armel, armhf, i386, ppc64el, s390x
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by firefox-esr)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:20:07 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
linux-headers-4.9.0-7-all | 4.9.110-3+deb9u2 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:20:24 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
btrfs-modules-4.9.0-7-s390x-di | 4.9.110-3+deb9u2 | s390x
crc-modules-4.9.0-7-s390x-di | 4.9.110-3+deb9u2 | s390x
crypto-dm-modules-4.9.0-7-s390x-di | 4.9.110-3+deb9u2 | s390x
crypto-modules-4.9.0-7-s390x-di | 4.9.110-3+deb9u2 | s390x
dasd-extra-modules-4.9.0-7-s390x-di | 4.9.110-3+deb9u2 | s390x
dasd-modules-4.9.0-7-s390x-di | 4.9.110-3+deb9u2 | s390x
ext4-modules-4.9.0-7-s390x-di | 4.9.110-3+deb9u2 | s390x
fat-modules-4.9.0-7-s390x-di | 4.9.110-3+deb9u2 | s390x
fuse-modules-4.9.0-7-s390x-di | 4.9.110-3+deb9u2 | s390x
isofs-modules-4.9.0-7-s390x-di | 4.9.110-3+deb9u2 | s390x
kernel-image-4.9.0-7-s390x-di | 4.9.110-3+deb9u2 | s390x
linux-headers-4.9.0-7-all-s390x | 4.9.110-3+deb9u2 | s390x
linux-headers-4.9.0-7-s390x | 4.9.110-3+deb9u2 | s390x
linux-image-4.9.0-7-s390x | 4.9.110-3+deb9u2 | s390x
linux-image-4.9.0-7-s390x-dbg | 4.9.110-3+deb9u2 | s390x
loop-modules-4.9.0-7-s390x-di | 4.9.110-3+deb9u2 | s390x
md-modules-4.9.0-7-s390x-di | 4.9.110-3+deb9u2 | s390x
multipath-modules-4.9.0-7-s390x-di | 4.9.110-3+deb9u2 | s390x
nbd-modules-4.9.0-7-s390x-di | 4.9.110-3+deb9u2 | s390x
nic-modules-4.9.0-7-s390x-di | 4.9.110-3+deb9u2 | s390x
scsi-core-modules-4.9.0-7-s390x-di | 4.9.110-3+deb9u2 | s390x
scsi-modules-4.9.0-7-s390x-di | 4.9.110-3+deb9u2 | s390x
udf-modules-4.9.0-7-s390x-di | 4.9.110-3+deb9u2 | s390x
virtio-modules-4.9.0-7-s390x-di | 4.9.110-3+deb9u2 | s390x
xfs-modules-4.9.0-7-s390x-di | 4.9.110-3+deb9u2 | s390x
zlib-modules-4.9.0-7-s390x-di | 4.9.110-3+deb9u2 | s390x
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:20:32 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
ata-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
btrfs-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
cdrom-core-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
crc-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
crypto-dm-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
crypto-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
event-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
ext4-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
fancontrol-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
fat-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
firewire-core-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
fuse-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
hypervisor-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
input-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
isofs-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
jfs-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
kernel-image-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
linux-headers-4.9.0-7-all-ppc64el | 4.9.110-3+deb9u2 | ppc64el
linux-headers-4.9.0-7-powerpc64le | 4.9.110-3+deb9u2 | ppc64el
linux-image-4.9.0-7-powerpc64le | 4.9.110-3+deb9u2 | ppc64el
linux-image-4.9.0-7-powerpc64le-dbg | 4.9.110-3+deb9u2 | ppc64el
loop-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
md-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
mouse-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
multipath-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
nbd-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
nic-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
nic-shared-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
ppp-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
sata-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
scsi-core-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
scsi-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
serial-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
squashfs-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
udf-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
uinput-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
usb-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
usb-serial-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
usb-storage-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
virtio-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
xfs-modules-4.9.0-7-powerpc64le-di | 4.9.110-3+deb9u2 | ppc64el
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:20:46 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
acpi-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
ata-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
btrfs-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
cdrom-core-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
crc-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
crypto-dm-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
crypto-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
efi-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
event-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
ext4-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
fat-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
fb-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
firewire-core-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
fuse-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
hyperv-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
i2c-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
input-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
isofs-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
jfs-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
kernel-image-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
linux-headers-4.9.0-7-all-amd64 | 4.9.110-3+deb9u2 | amd64
linux-headers-4.9.0-7-amd64 | 4.9.110-3+deb9u2 | amd64
linux-headers-4.9.0-7-rt-amd64 | 4.9.110-3+deb9u2 | amd64
linux-image-4.9.0-7-amd64 | 4.9.110-3+deb9u2 | amd64
linux-image-4.9.0-7-amd64-dbg | 4.9.110-3+deb9u2 | amd64
linux-image-4.9.0-7-rt-amd64 | 4.9.110-3+deb9u2 | amd64
linux-image-4.9.0-7-rt-amd64-dbg | 4.9.110-3+deb9u2 | amd64
loop-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
md-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
mmc-core-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
mmc-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
mouse-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
multipath-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
nbd-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
nic-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
nic-pcmcia-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
nic-shared-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
nic-usb-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
nic-wireless-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
ntfs-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
pata-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
pcmcia-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
pcmcia-storage-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
ppp-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
sata-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
scsi-core-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
scsi-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
serial-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
sound-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
speakup-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
squashfs-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
udf-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
uinput-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
usb-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
usb-serial-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
usb-storage-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
virtio-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
xfs-modules-4.9.0-7-amd64-di | 4.9.110-3+deb9u2 | amd64
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:21:04 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
ata-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
btrfs-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
cdrom-core-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
crc-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
crypto-dm-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
crypto-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
efi-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
event-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
ext4-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
fat-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
fb-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
fuse-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
i2c-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
input-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
isofs-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
jfs-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
kernel-image-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
leds-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
linux-headers-4.9.0-7-all-arm64 | 4.9.110-3+deb9u2 | arm64
linux-headers-4.9.0-7-arm64 | 4.9.110-3+deb9u2 | arm64
linux-image-4.9.0-7-arm64 | 4.9.110-3+deb9u2 | arm64
linux-image-4.9.0-7-arm64-dbg | 4.9.110-3+deb9u2 | arm64
loop-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
md-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
mmc-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
multipath-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
nbd-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
nic-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
nic-shared-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
nic-usb-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
nic-wireless-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
ppp-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
sata-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
scsi-core-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
scsi-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
squashfs-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
udf-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
uinput-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
usb-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
usb-storage-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
virtio-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
xfs-modules-4.9.0-7-arm64-di | 4.9.110-3+deb9u2 | arm64
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:21:27 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
btrfs-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
cdrom-core-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
crc-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
crypto-dm-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
crypto-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
event-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
ext4-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
fat-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
fb-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
fuse-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
input-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
ipv6-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
isofs-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
jffs2-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
jfs-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
kernel-image-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
leds-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
linux-headers-4.9.0-7-all-armel | 4.9.110-3+deb9u2 | armel
linux-headers-4.9.0-7-marvell | 4.9.110-3+deb9u2 | armel
linux-image-4.9.0-7-marvell | 4.9.110-3+deb9u2 | armel
linux-image-4.9.0-7-marvell-dbg | 4.9.110-3+deb9u2 | armel
loop-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
md-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
minix-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
mmc-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
mouse-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
mtd-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
multipath-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
nbd-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
nic-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
nic-shared-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
nic-usb-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
ppp-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
sata-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
scsi-core-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
squashfs-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
udf-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
uinput-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
usb-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
usb-serial-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
usb-storage-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
zlib-modules-4.9.0-7-marvell-di | 4.9.110-3+deb9u2 | armel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:21:48 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
ata-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
btrfs-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
crc-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
crypto-dm-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
crypto-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
efi-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
event-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
ext4-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
fat-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
fb-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
fuse-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
i2c-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
input-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
isofs-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
jfs-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
kernel-image-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
leds-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
linux-headers-4.9.0-7-all-armhf | 4.9.110-3+deb9u2 | armhf
linux-headers-4.9.0-7-armmp | 4.9.110-3+deb9u2 | armhf
linux-headers-4.9.0-7-armmp-lpae | 4.9.110-3+deb9u2 | armhf
linux-image-4.9.0-7-armmp | 4.9.110-3+deb9u2 | armhf
linux-image-4.9.0-7-armmp-dbg | 4.9.110-3+deb9u2 | armhf
linux-image-4.9.0-7-armmp-lpae | 4.9.110-3+deb9u2 | armhf
linux-image-4.9.0-7-armmp-lpae-dbg | 4.9.110-3+deb9u2 | armhf
loop-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
md-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
mmc-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
mtd-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
multipath-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
nbd-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
nic-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
nic-shared-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
nic-usb-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
nic-wireless-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
pata-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
ppp-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
sata-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
scsi-core-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
scsi-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
squashfs-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
udf-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
uinput-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
usb-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
usb-storage-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
virtio-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
zlib-modules-4.9.0-7-armmp-di | 4.9.110-3+deb9u2 | armhf
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:21:59 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
acpi-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
acpi-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
ata-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
ata-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
btrfs-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
btrfs-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
cdrom-core-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
cdrom-core-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
crc-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
crc-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
crypto-dm-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
crypto-dm-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
crypto-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
crypto-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
efi-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
efi-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
event-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
event-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
ext4-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
ext4-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
fat-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
fat-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
fb-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
fb-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
firewire-core-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
firewire-core-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
fuse-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
fuse-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
hyperv-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
hyperv-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
i2c-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
i2c-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
input-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
input-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
isofs-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
isofs-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
jfs-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
jfs-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
kernel-image-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
kernel-image-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
linux-headers-4.9.0-7-686 | 4.9.110-3+deb9u2 | i386
linux-headers-4.9.0-7-686-pae | 4.9.110-3+deb9u2 | i386
linux-headers-4.9.0-7-all-i386 | 4.9.110-3+deb9u2 | i386
linux-headers-4.9.0-7-rt-686-pae | 4.9.110-3+deb9u2 | i386
linux-image-4.9.0-7-686 | 4.9.110-3+deb9u2 | i386
linux-image-4.9.0-7-686-dbg | 4.9.110-3+deb9u2 | i386
linux-image-4.9.0-7-686-pae | 4.9.110-3+deb9u2 | i386
linux-image-4.9.0-7-686-pae-dbg | 4.9.110-3+deb9u2 | i386
linux-image-4.9.0-7-rt-686-pae | 4.9.110-3+deb9u2 | i386
linux-image-4.9.0-7-rt-686-pae-dbg | 4.9.110-3+deb9u2 | i386
loop-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
loop-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
md-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
md-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
mmc-core-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
mmc-core-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
mmc-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
mmc-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
mouse-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
mouse-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
multipath-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
multipath-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
nbd-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
nbd-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
nic-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
nic-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
nic-pcmcia-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
nic-pcmcia-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
nic-shared-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
nic-shared-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
nic-usb-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
nic-usb-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
nic-wireless-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
nic-wireless-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
ntfs-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
ntfs-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
pata-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
pata-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
pcmcia-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
pcmcia-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
pcmcia-storage-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
pcmcia-storage-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
ppp-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
ppp-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
sata-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
sata-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
scsi-core-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
scsi-core-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
scsi-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
scsi-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
serial-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
serial-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
sound-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
sound-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
speakup-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
speakup-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
squashfs-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
squashfs-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
udf-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
udf-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
uinput-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
uinput-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
usb-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
usb-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
usb-serial-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
usb-serial-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
usb-storage-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
usb-storage-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
virtio-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
virtio-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
xfs-modules-4.9.0-7-686-di | 4.9.110-3+deb9u2 | i386
xfs-modules-4.9.0-7-686-pae-di | 4.9.110-3+deb9u2 | i386
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:22:08 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
linux-headers-4.9.0-7-all-mips | 4.9.110-3+deb9u2 | mips
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:22:26 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
affs-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
btrfs-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
cdrom-core-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
crc-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
crypto-dm-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
crypto-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
event-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
ext4-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
fat-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
fuse-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
hfs-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
input-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
isofs-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
jfs-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
kernel-image-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
linux-headers-4.9.0-7-5kc-malta | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
linux-headers-4.9.0-7-octeon | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
linux-image-4.9.0-7-5kc-malta | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
linux-image-4.9.0-7-5kc-malta-dbg | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
linux-image-4.9.0-7-octeon | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
linux-image-4.9.0-7-octeon-dbg | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
loop-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
md-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
minix-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
multipath-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
nbd-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
nic-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
nic-shared-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
nic-usb-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
nic-wireless-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
ntfs-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
pata-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
ppp-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
rtc-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
sata-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
scsi-core-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
scsi-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
sound-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
squashfs-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
udf-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
usb-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
usb-serial-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
usb-storage-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
virtio-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
xfs-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
zlib-modules-4.9.0-7-octeon-di | 4.9.110-3+deb9u2 | mips, mips64el, mipsel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:22:40 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
affs-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
ata-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
btrfs-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
cdrom-core-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
crc-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
crypto-dm-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
crypto-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
event-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
ext4-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
fat-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
fuse-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
hfs-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
i2c-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
input-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
isofs-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
jfs-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
kernel-image-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
linux-headers-4.9.0-7-4kc-malta | 4.9.110-3+deb9u2 | mips, mipsel
linux-image-4.9.0-7-4kc-malta | 4.9.110-3+deb9u2 | mips, mipsel
linux-image-4.9.0-7-4kc-malta-dbg | 4.9.110-3+deb9u2 | mips, mipsel
loop-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
md-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
minix-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
mmc-core-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
mmc-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
mouse-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
multipath-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
nbd-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
nic-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
nic-shared-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
nic-usb-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
nic-wireless-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
ntfs-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
pata-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
ppp-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
sata-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
scsi-core-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
scsi-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
sound-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
squashfs-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
udf-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
usb-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
usb-serial-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
usb-storage-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
virtio-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
xfs-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
zlib-modules-4.9.0-7-4kc-malta-di | 4.9.110-3+deb9u2 | mips, mipsel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:22:54 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
affs-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
ata-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
btrfs-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
cdrom-core-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
crc-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
crypto-dm-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
crypto-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
event-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
ext4-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
fat-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
fuse-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
hfs-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
i2c-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
input-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
isofs-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
jfs-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
kernel-image-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
linux-headers-4.9.0-7-all-mips64el | 4.9.110-3+deb9u2 | mips64el
loop-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
md-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
minix-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
mmc-core-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
mmc-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
mouse-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
multipath-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
nbd-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
nic-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
nic-shared-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
nic-usb-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
nic-wireless-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
ntfs-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
pata-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
ppp-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
sata-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
scsi-core-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
scsi-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
sound-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
squashfs-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
udf-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
usb-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
usb-serial-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
usb-storage-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
virtio-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
xfs-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
zlib-modules-4.9.0-7-5kc-malta-di | 4.9.110-3+deb9u2 | mips64el
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:23:03 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
affs-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
ata-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
btrfs-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
cdrom-core-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
crc-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
crypto-dm-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
crypto-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
event-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
ext4-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
fat-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
fb-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
firewire-core-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
fuse-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
hfs-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
input-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
isofs-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
jfs-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
kernel-image-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
linux-headers-4.9.0-7-loongson-3 | 4.9.110-3+deb9u2 | mips64el, mipsel
linux-image-4.9.0-7-loongson-3 | 4.9.110-3+deb9u2 | mips64el, mipsel
linux-image-4.9.0-7-loongson-3-dbg | 4.9.110-3+deb9u2 | mips64el, mipsel
loop-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
md-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
minix-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
multipath-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
nbd-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
nfs-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
nic-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
nic-shared-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
nic-usb-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
nic-wireless-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
ntfs-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
pata-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
ppp-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
sata-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
scsi-core-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
scsi-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
sound-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
speakup-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
squashfs-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
udf-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
usb-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
usb-serial-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
usb-storage-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
virtio-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
xfs-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
zlib-modules-4.9.0-7-loongson-3-di | 4.9.110-3+deb9u2 | mips64el, mipsel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:23:18 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
libstd-rust-1.14 | 1.14.0+dfsg1-3 | arm64, i386
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by rustc)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:23:31 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
thunderbird-dev | 1:52.8.0-1~deb9u1 | s390x
thunderbird-dev | 1:52.9.1-1~deb9u1 | amd64, arm64, armel, armhf, i386, ppc64el
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by thunderbird)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:23:55 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
libwireshark8 | 2.2.6+g32dac6a-2+deb9u3 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
libwiretap6 | 2.2.6+g32dac6a-2+deb9u3 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
libwscodecs1 | 2.2.6+g32dac6a-2+deb9u3 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
libwsutil7 | 2.2.6+g32dac6a-2+deb9u3 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by wireshark)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:25:08 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
linux-headers-4.9.0-7-all-mipsel | 4.9.110-3+deb9u2 | mipsel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Nov 2018 09:32:44 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
linux-headers-4.9.0-6-common | 4.9.88-1+deb9u1 | all
linux-headers-4.9.0-6-common-rt | 4.9.88-1+deb9u1 | all
linux-headers-4.9.0-7-common | 4.9.110-3+deb9u2 | all
linux-headers-4.9.0-7-common-rt | 4.9.110-3+deb9u2 | all
linux-support-4.9.0-6 | 4.9.88-1+deb9u1 | all
linux-support-4.9.0-7 | 4.9.110-3+deb9u2 | all
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
accerciser (3.22.0-2+deb9u1) stretch; urgency=medium
.
* Add patches/02_ipython5.patch to fix python console (Closes: #848119)
* Add patches/03_get_image.patch to fix accessing items without a compositor
(Closes: #875629)
* control: Add python3-xlib dependency.
* control: Add python3-xlib runtime dependency (Closes: #880735)
apache2 (2.4.25-3+deb9u6) stretch; urgency=medium
.
* CVE-2018-1333: mod_http2: Fix DoS by worker exhaustion. Closes: #904106
* CVE-2018-11763: mod_http2: Fix DoS by continuous SETTINGS.
Closes: #909591
* mod_proxy_fcgi: Fix segfault. Closes: #902906
asterisk (1:13.14.1~dfsg-2+deb9u4) stretch-security; urgency=medium
.
* AST-2018-004 / CVE-2018-7284: Crash when receiving SUBSCRIBE request
(Closes: #891227)
* AST-2018-005 / CVE-2018-7286: Crash when large numbers of TCP connections
are closed suddenly (Closes: #891228)
* AST-2018-008 / CVE-2018-12227: PJSIP endpoint presence disclosure when
using ACL (Closes: #902954)
* AST-2018-009 / CVE-2018-17281: Remote crash vulnerability in HTTP
websocket upgrade (Closes: #909554)
base-files (9.9+deb9u6) stretch; urgency=medium
.
* Change /etc/debian_version to 9.6, for Debian 9.6 point release.
blender (2.79.b+dfsg0-1~deb9u1) stretch-security; urgency=high
.
* Security upload (based on Sec Team advice) using
v2.79b release and fixing following CVEs:
CVE-2017-2899 CVE-2017-2900
CVE-2017-2901 CVE-2017-2902
CVE-2017-2903 CVE-2017-2904
CVE-2017-2905 CVE-2017-2906
CVE-2017-2907 CVE-2017-2908
CVE-2017-2918 CVE-2017-12081
CVE-2017-12082 CVE-2017-12086
CVE-2017-12099 CVE-2017-12100
CVE-2017-12101 CVE-2017-12102
CVE-2017-12103 CVE-2017-12104
CVE-2017-12105
* debian/: debhelper 11 -> 10
* Revert -dbg -> -dbgsym package migration
.
blender (2.79.b+dfsg0-1) unstable; urgency=medium
.
* New upstream bugfix release
blender (2.79.a+dfsg0-2) unstable; urgency=medium
.
* debian/rules: drop OpenCOLLADA support on mipsel
blender (2.79.a+dfsg0-1) unstable; urgency=medium
.
[ Ondřej Nový ]
* d/copyright: Use https protocol in Format field
* d/control: Set Vcs-* to salsa.debian.org
.
[ Matteo F. Vescovi ]
* New upstream release
- debian/patches/: patchset updated
- 0008-fix_FTBFS_with_OpenVDB4.patch dropped
- 0009-fix_FTBFS_due_to_pugi_ambiguous_naming.patch dropped
(both applied upstream)
* debian/: debhelper bump 10 -> 11
* debian/control: S-V bump 4.1.1 -> 4.1.3 (no changes needed)
* debian/rules: drop '--parallel' parameter
* debian/watch: http:// -> https:// for upstream repository
blender (2.79+dfsg0-3) unstable; urgency=medium
.
* debian/:
- enable repacking as uscan instance
- -dbg -> -dbgsym package migration
* debian/patches/: patchset updated
- 0008-fix_FTBFS_with_OpenVDB4.patch refreshed
- 0009-fix_FTBFS_due_to_pugi_ambiguous_naming.patch added
blender (2.79+dfsg0-2) unstable; urgency=medium
.
* debian/patches/: patchset updated
- 0008-fix_FTBFS_with_OpenVDB4.patch added
Thanks to Sergey Sharybin (upstream) for the patch.
blender (2.79+dfsg0-1) unstable; urgency=medium
.
* New upstream release
- debian/patches/: patchset updated
- #0003 refreshed
- #0008 -> #0010 dropped (applied upstream)
* debian/: dh bump 9 -> 10
* debian/control:
- drop autotools-dev from b-deps
- S-V bump 4.0.0 -> 4.1.0 (no changes needed)
blender (2.78.c+dfsg0-2) unstable; urgency=medium
.
* Upload to unstable
* debian/control: S-V bump 3.9.8 => 4.0.0 (no changes needed)
blender (2.78.c+dfsg0-1) experimental; urgency=medium
.
* New upstream release
- debian/patches/: patchset updated against v2.78c
- 0008-fix_ppc64el_FTBFS.patch updated
- 0010-fix_x32_FTBFS.patch dropped (applied upstream)
- 0011-fix_AMD_UI_glitches.patch renamed to #0010
Thanks to Sergey Sharybin (sergey) for #0008 refresh
brltty (5.4-7+deb9u1) stretch; urgency=medium
.
* patches/policykit-fix: Fix polkit authentication (Closes: #905058).
canna (3.7p3-14~deb9u1) stretch; urgency=medium
.
* QA upload.
* Rebuild for stretch.
cargo (0.25.0-3~deb9u1) stretch; urgency=medium
.
* Backport to stretch for Firefox ESR60.
* Embed libgit2 0.25.1.
cargo (0.25.0-2) unstable; urgency=medium
.
[ Ximin Luo ]
* Depend on rustc 1.24 or later.
* Backport a patch to not require dev-dependencies when not needed.
cargo (0.25.0-1) unstable; urgency=medium
.
* Upload to unstable.
.
cargo (0.25.0-1~exp2) experimental; urgency=medium
.
* Disable test running on powerpc and powerpcspe for now. Will be
enabled once issue in test suites are fixed.
Request from John Paul Adrian Glaubitz in IRC.
.
cargo (0.25.0-1~exp1) experimental; urgency=medium
.
[upstream]
* Added a workspace.default-members config that overrides implied --all
in virtual workspaces.
* Enable incremental by default on development builds.
.
[ Vasudev Kamath ]
* debian/vendor-tarball-filter.txt: Filter out git test data from
libgit2-sys crate.
* debian/vendor-tarball-unsusupiciousAudit unsuspicious files for 0.25.0
release.
* debian/make_orig_multi.sh: Make sure we take filter and unsuspiciaus
texts from debian folder.
* debian/patches:
+ Drop patch 0001 it is merged upstream.
+ Fix the typo in description of patch 2006.
* Drop source/lintian-override. README under patches directory is no
longer considered as a patch file by lintian.
* debian/copyright:
+ Drop unused vendor crates copyright information.
+ Add new crates copyright information to copyright.
cargo (0.25.0-1~exp2) experimental; urgency=medium
.
* Disable test running on powerpc and powerpcspe for now. Will be
enabled once issue in test suites are fixed.
Request from John Paul Adrian Glaubitz in IRC.
cargo (0.25.0-1~exp1) experimental; urgency=medium
.
[upstream]
* Added a workspace.default-members config that overrides implied --all
in virtual workspaces.
* Enable incremental by default on development builds.
.
[ Vasudev Kamath ]
* debian/vendor-tarball-filter.txt: Filter out git test data from
libgit2-sys crate.
* debian/vendor-tarball-unsusupiciousAudit unsuspicious files for 0.25.0
release.
* debian/make_orig_multi.sh: Make sure we take filter and unsuspiciaus
texts from debian folder.
* debian/patches:
+ Drop patch 0001 it is merged upstream.
+ Fix the typo in description of patch 2006.
* Drop source/lintian-override. README under patches directory is no
longer considered as a patch file by lintian.
* debian/copyright:
+ Drop unused vendor crates copyright information.
+ Add new crates copyright information to copyright.
cargo (0.24.0-1) unstable; urgency=medium
.
* Upload to unstable.
cargo (0.24.0-1~exp1) experimental; urgency=medium
.
[upstream]
* Supports uninstallation of multiple crates.
* `cargo check` unit testing.
* Install a specific version using `cargo install --version`
.
[ Vasudev Kamath ]
* Update vendor-tarball-unsuspicious.txt vendor-tarball-filter.txt for
new upstream release.
* debian/control:
+ Mark package compliance with Debian Policy 4.1.3.
* debian/patches:
+ Update patch 2001 to work with libgit2-sys-0.6.19.
+ Update 1002 patch to drop url crate specific hunk as its merged
upstream.
+ Add patch 0001 to fix bad_git_dependency test failure.
* debian/copyright:
+ Add new vendor crates to copyright.
+ Track rustfmt.toml in top level copyright section.
* Add lintian-override for ignoring README from
patch-file-present-but-not-mentioned-in-series tag.
cargo (0.23.0-1) unstable; urgency=medium
.
* Upload to unstable.
* Mark package as compliant with Debian Policy 4.1.2.
No change required to source.
cargo (0.23.0-1~exp1) experimental; urgency=medium
.
* [upstream]
+ Cargo will now build multi file examples in subdirectories of the
examples folder that have a main.rs file.
+ Changed [root] to [package] in Cargo.lock. Old format packages will
continue to work and can be updated using cargo update.
+ Supports vendoring git repositories.
* Refresh patch 2004 for new release.
* Audit logo.svg file from termion crate.
* debian/patches:
+ Drop patch 1001, its merged upstream.
+ Refresh patch 2002 with new upstream changes.
+ Refresh patch 2001 with newer libgit2-sys changes.
+ Add patch 2005 to prevent executing non-existing mdbook command
during build.
+ Move part of typo fix for url crate to patch 1001 to 1002. url crate
is not updated in new cargo release.
* debian/copyright:
+ Remove copyright for gcc crate.
+ Add copyright information for cc, commoncrypto, crypto-hash,
redox_syscall. redox_termios and termion crate.
+ Add CONTRIBUTING.md to top Files section.
+ Drop magnet-sys from copyright.
cargo (0.22.0-1~exp1) experimental; urgency=medium
.
* New upstream release.
+ Can now install multiple crates with cargo install.
+ cargo commands inside a virtual workspace will now implicitly pass
--all.
+ Added [patch] section to Cargo.toml to handle prepublication
dependencies RFC 1969.
+ include and exclude fields in Cargo.toml now accept gitignore like
patterns.
+ Added --all-target option.
+ Using required dependencies as a feature is now deprecated and emits
a warning.
* Put upstream PR url for patch 1001.
* Add conv crate file to unsuspicious files.
* debian/patches:
+ Refresh patches 1001, 2002 and 2004 with new upstream release.
+ Fix typo in cargo search command and related tests.
* debian/control:
+ Mark package compliance with Debian Policy 4.1.1.
+ Mark priority for package as optional from extra. Priority extra is
deprecated from Debian Policy 4.0.1.
* debian/copyright:
+ Add newly added vendor copyright information.
cargo (0.21.1-2) unstable; urgency=medium
.
* Upload to unstable.
cargo (0.21.1-1) experimental; urgency=medium
.
* debian/control:
+ Add myself as uploader for cargo package.
+ Mark package compliance with Debian Policy 4.1.0.
* Mark tables.rs from unicode-normalization as unsuspicious.
* Ignore sublime workspace file from hex crate.
* debian/copyright:
+ Drop wildcards representing the old crates under vendor folder.
+ Add copyright information for newer crates under vendor
+ Add ARCHITECTURE.* to copyright.
* debian/patches:
+ Rename patches to follow patch naming guidelines mentioned in
debian/patches/README.
+ Add patch 1001 to fix spelling errors in cargo output messages.
+ Make patch 2003 DEP-3 compliant.
+ Adjust make_orig_multi.sh to renamed clean-cargo-deps.patch
cargo (0.20.0-2) unstable; urgency=medium
.
* Work around #865549, fixes FTBFS on ppc64el.
cargo (0.20.0-1) unstable; urgency=medium
.
* New upstream release.
* Fix cross-compiling declarations, Multi-Arch: foreign => allowed
* Un-embed libgit2 0.25.1 again. (Closes: #860990)
* Update to latest Standards-Version; no changes required.
cargo (0.17.0-2) unstable; urgency=medium
.
* Re-embed libgit2 0.25.1 due to the Debian testing freeze. It will be
removed again after the freeze is over, when libgit2 0.25.1 can again
enter Debian unstable.
cargo (0.17.0-1) unstable; urgency=medium
.
* Upload to unstable so we have something to build rustc 1.17.0 with.
cargo (0.17.0-1~exp3) experimental; urgency=medium
.
* Add git to Build-Depends to fix FTBFS.
* Mention cross-compiling in the previous changelog entry.
cargo (0.17.0-1~exp2) experimental; urgency=medium
.
* Bring in some changes from Ubuntu.
- Rename deps/ to vendor/ as that's what upstream uses, and update
other files with the new paths too.
- Remove cargo-vendor-unpack since we no longer need to postprocess
cargo-vendor output in that way.
* Document that bootstrap.py probably doesn't work now.
* Include /usr/share/rustc/architecture.mk in d/rules instead of duplicating
awkward arch-dependent Makefile snippets.
* Don't embed libgit2, add a versioned B-D to libgit2-dev.
cargo (0.17.0-1~exp1) experimental; urgency=medium
.
* New upstream release. (Closes: #851089, #859312)
cargo (0.15.0~dev-1) unstable; urgency=medium
.
* New upstream snapshot (git 1877f59d6b2cb057f7ef6c6b34b926fd96a683c1)
- Compatible with OpenSSL 1.1.0 (Closes: #828259)
* rules: use new link-arg options (Closes: #834980, #837433)
- Requires rustc >= 1.13
cargo (0.11.0-2) unstable; urgency=high
.
* debian/rules: fix RUSTFLAGS quoting (Closes: #834980)
cargo (0.11.0-1) unstable; urgency=medium
.
[ Daniele Tricoli ]
* New upstream release. (Closes: #826938)
- Update deps tarball.
- Refresh patches.
- Drop clean-win-crates.patch since time crate is not a dependency
anymore.
- Drop deps-url-fix-toml.patch since merged upstream.
.
[ Luca Bruno ]
* Install subcommand manpages too
* Move to a bootstrapped (stage1) build by default
cargo (0.9.0-1) unstable; urgency=medium
.
* New upstream version
+ Fix deprecation errors (Closes: #822178, #823652)
+ Updated deps tarball
+ Refreshed patches
cargo (0.8.0-2) unstable; urgency=low
.
* Prefer libcurl4-gnutls-dev for building (Closes: #819831)
cargo (0.8.0-1) unstable; urgency=medium
.
* New upstream version 0.8.0
+ Updated deps tarball
+ Refreshed patches
* cargo: removed unused lintian overrides
cargo (0.7.0-2) unstable; urgency=medium
.
* Bump standards version
* cargo:
+ add a new stage2 profile
+ preserve original Cargo.lock for clean
+ clean environment to allow multiple builds
* cargo-doc:
+ update docbase paths after package split
+ do not reference remote jquery
+ do not build under nodoc profile
* control: update build-deps for build-profiles
cargo (0.7.0-1) unstable; urgency=medium
.
* New upstream version 0.7.0
+ Updated deps tarball and repack filter
+ Refreshed patches
* Fixes to debian packaging
+ Updated deps repack script
+ index packing: use the same TAR format as cargo
+ rules: ask cargo to build verbosely
* Update README.source to match current packaging
cargo (0.6.0-2) unstable; urgency=medium
.
* Introduce a cargo-doc package
* Fails to build when wget is installed. Force curl
(Closes: #809298)
* Add the missing VCS- fields
* Add myself among the uploaders
.
[ Angus Lee ]
* Use local jquery.js
* Correct cargo-doc.doc-base paths to HTML docs
cargo (0.6.0-1) unstable; urgency=medium
.
* New upstream version 0.6.0
+ Updated deps tarball
+ Not shipping a registry index anymore
* Refreshed bootstrap.py script
+ Skip optional dependencies in stage0
* Added some crude pack/unpack helpers
* copyright: cleaned up unused entries
* rules: major update for new 0.6.0 bootstrap
cargo (0.3.0-2) unstable; urgency=medium
.
* Fix install target, removing arch-specific path
cargo (0.3.0-1) unstable; urgency=medium
.
* Team upload.
* First upload to unstable.
* Update gbp.conf according to git repo structure.
* patches: downgrade missing_docs lints to simple warnings
to avoid build failures on newer rustc.
cargo (0.3.0-0~exp1) experimental; urgency=low
.
* Team upload.
* Initial Debian release. (Closes: #786432)
cgit (1.1+git2.10.2-3+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* clone: fix directory traversal (CVE-2018-14912) (Closes: #905382)
chromium-browser (69.0.3497.92-1~deb9u1) stretch-security; urgency=medium
.
* New upstream security release.
- Function signature mismatch in WebAssembly. Reported by Kevin Cheung
- URL Spoofing in Omnibox. Reported by evi1m0
chromium-browser (69.0.3497.81-3) unstable; urgency=medium
.
* Move another file needed for the armhf build to where it is expected.
chromium-browser (69.0.3497.81-2) unstable; urgency=medium
.
* Disable swiftshader.
* Move file needed for the armhf build to where it is expected.
* Document disabled built-in extensions in README.debian (closes: #886358).
chromium-browser (69.0.3497.81-1) unstable; urgency=medium
.
* New upstream stable release.
- CVE-2018-16065: Out of bounds write in V8. Reported by Brendon Tiszka
- CVE-2018-16066: Out of bounds read in Blink. Reported by cloudfuzzer
- CVE-2018-16067: Out of bounds read in WebAudio. Reported by Zhe Jin
- CVE-2018-16068: Out of bounds write in Mojo. Reported by Mark Brand
- CVE-2018-16069: Out of bounds read in SwiftShader. Reported by Mark Brand
- CVE-2018-16070: Integer overflow in Skia. Reported by Ivan Fratric
- CVE-2018-16071: Use after free in WebRTC. Reported by Natalie Silvanovich
- CVE-2018-16073: Site Isolation bypass after tab restore. Reported by Jun
Kokatsu
- CVE-2018-16074: Site Isolation bypass using Blob URLS. Reported by Jun
Kokatsu
- CVE-2018-16075: Local file access in Blink. Reported by Pepe Vila
- CVE-2018-16076: Out of bounds read in PDFium. Reported by Aleksandar
Nikolic
- CVE-2018-16077: Content security policy bypass in Blink. Reported by
Manuel Caballero
- CVE-2018-16078: Credit card information leak in Autofill. Reported by
Cailan Sacks
- CVE-2018-16079: URL spoof in permission dialogs. Reported by Markus
Vervier and Michele Orrù
- CVE-2018-16080: URL spoof in full screen mode. Reported by Khalil Zhani
- CVE-2018-16081: Local file access in DevTools. Reported by Jann Horn
- CVE-2018-16082: Stack buffer overflow in SwiftShader. Reported by Omair
- CVE-2018-16083: Out of bounds read in WebRTC. Reported by Natalie
Silvanovich
- CVE-2018-16084: User confirmation bypass in external protocol handling.
Reported by Jun Kokatsu
- CVE-2018-16085: Use after free in Memory Instrumentation. Reported by
Roman Kuksin
chromium-browser (69.0.3497.81-1~deb9u1) stretch-security; urgency=medium
.
* New upstream stable release.
- CVE-2018-16065: Out of bounds write in V8. Reported by Brendon Tiszka
- CVE-2018-16066: Out of bounds read in Blink. Reported by cloudfuzzer
- CVE-2018-16067: Out of bounds read in WebAudio. Reported by Zhe Jin
- CVE-2018-16068: Out of bounds write in Mojo. Reported by Mark Brand
- CVE-2018-16069: Out of bounds read in SwiftShader. Reported by Mark Brand
- CVE-2018-16070: Integer overflow in Skia. Reported by Ivan Fratric
- CVE-2018-16071: Use after free in WebRTC. Reported by Natalie Silvanovich
- CVE-2018-16073: Site Isolation bypass after tab restore. Reported by Jun
Kokatsu
- CVE-2018-16074: Site Isolation bypass using Blob URLS. Reported by Jun
Kokatsu
- CVE-2018-16075: Local file access in Blink. Reported by Pepe Vila
- CVE-2018-16076: Out of bounds read in PDFium. Reported by Aleksandar
Nikolic
- CVE-2018-16077: Content security policy bypass in Blink. Reported by
Manuel Caballero
- CVE-2018-16078: Credit card information leak in Autofill. Reported by
Cailan Sacks
- CVE-2018-16079: URL spoof in permission dialogs. Reported by Markus
Vervier and Michele Orrù
- CVE-2018-16080: URL spoof in full screen mode. Reported by Khalil Zhani
- CVE-2018-16081: Local file access in DevTools. Reported by Jann Horn
- CVE-2018-16082: Stack buffer overflow in SwiftShader. Reported by Omair
- CVE-2018-16083: Out of bounds read in WebRTC. Reported by Natalie
Silvanovich
- CVE-2018-16084: User confirmation bypass in external protocol handling.
Reported by Jun Kokatsu
- CVE-2018-16085: Use after free in Memory Instrumentation. Reported by
Roman Kuksin
* Replace files from chromium-common on upgrade (closes: #904798).
* Fix build failure on arm64 caused by binutils in stretch (closes: #904796).
chromium-browser (69.0.3497.12-1) experimental; urgency=medium
.
* New upstream development release.
- Fixes an error that can occur on pages containing xml (closes: #865592).
* Install swiftshader libraries to /usr/lib/chromium (closes: #901831).
chromium-browser (68.0.3440.75-2) unstable; urgency=medium
.
* Restore a mistakenly omitted call to InitializeFFmpeg (closes: #902909).
chromium-browser (68.0.3440.75-1) unstable; urgency=medium
.
* New upstream stable release.
- CVE-2018-4117: Cross origin information leak in Blink. Reported by
AhsanEjaz
- CVE-2018-6044: Request privilege escalation in Extensions . Reported by
Rob Wu
- CVE-2018-6150: Cross origin information disclosure in Service Workers.
Reported by Rob Wu
- CVE-2018-6151: Bad cast in DevTools. Reported by Rob Wu
- CVE-2018-6152: Local file write in DevTools. Reported by Rob Wu
- CVE-2018-6153: Stack buffer overflow in Skia. Reported by Zhen Zhou
- CVE-2018-6154: Heap buffer overflow in WebGL. Reported by Omair
- CVE-2018-6155: Use after free in WebRTC. Reported by Natalie Silvanovich
- CVE-2018-6156: Heap buffer overflow in WebRTC. Reported by Natalie
Silvanovich
- CVE-2018-6157: Type confusion in WebRTC. Reported by Natalie Silvanovich
- CVE-2018-6158: Use after free in Blink. Reported by Zhe Jin
- CVE-2018-6159: Same origin policy bypass in ServiceWorker. Reported by
Jun Kokatsu
- CVE-2018-6161: Same origin policy bypass in WebAudio. Reported by Jun
Kokatsu
- CVE-2018-6162: Heap buffer overflow in WebGL. Reported by Omair
- CVE-2018-6163: URL spoof in Omnibox. Reported by Khalil Zhani
- CVE-2018-6164: Same origin policy bypass in ServiceWorker. Reported by
Jun Kokatsu
- CVE-2018-6165: URL spoof in Omnibox. Reported by evi1m0
- CVE-2018-6166: URL spoof in Omnibox. Reported by Lnyas Zhang
- CVE-2018-6167: URL spoof in Omnibox. Reported by Lnyas Zhang
- CVE-2018-6168: CORS bypass in Blink. Reported by Gunes Acar and Danny Y.
Huang
- CVE-2018-6169: Permissions bypass in extension installation . Reported by
Sam P
- CVE-2018-6170: Type confusion in PDFium. Reported by Anonymous
- CVE-2018-6171: Use after free in WebBluetooth.
- CVE-2018-6172: URL spoof in Omnibox. Reported by Khalil Zhani
- CVE-2018-6173: URL spoof in Omnibox. Reported by Khalil Zhani
- CVE-2018-6174: Integer overflow in SwiftShader. Reported by Mark Brand
- CVE-2018-6175: URL spoof in Omnibox. Reported by Khalil Zhani
- CVE-2018-6176: Local user privilege escalation in Extensions. Reported by
Jann Horn
- CVE-2018-6177: Cross origin information leak in Blink. Reported by Ron
Masas
- CVE-2018-6178: UI spoof in Extensions. Reported by Khalil Zhani
- CVE-2018-6179: Local file information leak in Extensions.
chromium-browser (68.0.3440.75-1~deb9u1) stretch-security; urgency=medium
.
* New upstream stable release.
- CVE-2018-4117: Cross origin information leak in Blink. Reported by
AhsanEjaz
- CVE-2018-6044: Request privilege escalation in Extensions . Reported by
Rob Wu
- CVE-2018-6150: Cross origin information disclosure in Service Workers.
Reported by Rob Wu
- CVE-2018-6151: Bad cast in DevTools. Reported by Rob Wu
- CVE-2018-6152: Local file write in DevTools. Reported by Rob Wu
- CVE-2018-6153: Stack buffer overflow in Skia. Reported by Zhen Zhou
- CVE-2018-6154: Heap buffer overflow in WebGL. Reported by Omair
- CVE-2018-6155: Use after free in WebRTC. Reported by Natalie Silvanovich
- CVE-2018-6156: Heap buffer overflow in WebRTC. Reported by Natalie
Silvanovich
- CVE-2018-6157: Type confusion in WebRTC. Reported by Natalie Silvanovich
- CVE-2018-6158: Use after free in Blink. Reported by Zhe Jin
- CVE-2018-6159: Same origin policy bypass in ServiceWorker. Reported by
Jun Kokatsu
- CVE-2018-6161: Same origin policy bypass in WebAudio. Reported by Jun
Kokatsu
- CVE-2018-6162: Heap buffer overflow in WebGL. Reported by Omair
- CVE-2018-6163: URL spoof in Omnibox. Reported by Khalil Zhani
- CVE-2018-6164: Same origin policy bypass in ServiceWorker. Reported by
Jun Kokatsu
- CVE-2018-6165: URL spoof in Omnibox. Reported by evi1m0
- CVE-2018-6166: URL spoof in Omnibox. Reported by Lnyas Zhang
- CVE-2018-6167: URL spoof in Omnibox. Reported by Lnyas Zhang
- CVE-2018-6168: CORS bypass in Blink. Reported by Gunes Acar and Danny Y.
Huang
- CVE-2018-6169: Permissions bypass in extension installation . Reported by
Sam P
- CVE-2018-6170: Type confusion in PDFium. Reported by Anonymous
- CVE-2018-6171: Use after free in WebBluetooth.
- CVE-2018-6172: URL spoof in Omnibox. Reported by Khalil Zhani
- CVE-2018-6173: URL spoof in Omnibox. Reported by Khalil Zhani
- CVE-2018-6174: Integer overflow in SwiftShader. Reported by Mark Brand
- CVE-2018-6175: URL spoof in Omnibox. Reported by Khalil Zhani
- CVE-2018-6176: Local user privilege escalation in Extensions. Reported by
Jann Horn
- CVE-2018-6177: Cross origin information leak in Blink. Reported by Ron
Masas
- CVE-2018-6178: UI spoof in Extensions. Reported by Khalil Zhani
- CVE-2018-6179: Local file information leak in Extensions.
* Correct a regression in audio/video file handling caused by the ffmpeg 3.4
support patch introduced in the previous security upload (closes: #902909).
chromium-browser (68.0.3440.42-1) experimental; urgency=medium
.
* New upstream beta release.
chromium-browser (68.0.3440.33-1) experimental; urgency=medium
.
* New upstream beta release.
* Build using upstream's "lite" tarball.
* Restore decoder initialization from chromium 66 to maintain compatibility
with ffmpeg 3.4 (closes: #900533).
chromium-browser (68.0.3440.25-1) experimental; urgency=medium
.
* New upstream beta release.
chromium-browser (68.0.3440.17-1) experimental; urgency=medium
.
* New upstream beta release.
* Recommend upower and notification-daemon.
chromium-browser (68.0.3440.7-1) experimental; urgency=medium
.
* New upstream development release.
chromium-browser (67.0.3396.87-1) unstable; urgency=medium
.
* New upstream security release.
- CVE-2018-6149: Out of bounds write in V8. Reported by Yu Zhou and
Jundong Xie
chromium-browser (67.0.3396.87-1~deb9u1) stretch-security; urgency=medium
.
* New upstream stable release.
- CVE-2018-6123: Use after free in Blink. Reported by Looben Yang
- CVE-2018-6124: Type confusion in Blink. Reported by Guang Gong
- CVE-2018-6125: Overly permissive policy in WebUSB. Reported by Yubico
- CVE-2018-6126: Heap buffer overflow in Skia. Reported by Ivan Fratric
- CVE-2018-6127: Use after free in indexedDB. Reported by Looben Yang
- CVE-2018-6129: Out of bounds memory access in WebRTC. Reported by Natalie
Silvanovich
- CVE-2018-6130: Out of bounds memory access in WebRTC. Reported by Natalie
Silvanovich
- CVE-2018-6131: Incorrect mutability protection in WebAssembly. Reported
by Natalie Silvanovich
- CVE-2018-6132: Use of uninitialized memory in WebRTC. Reported by Ronald
E. Crane
- CVE-2018-6133: URL spoof in Omnibox. Reported by Khalil Zhani
- CVE-2018-6134: Referrer Policy bypass in Blink. Reported by Jun Kokatsu
- CVE-2018-6135: UI spoofing in Blink. Reported by Jasper Rebane
- CVE-2018-6136: Out of bounds memory access in V8. Reported by Peter Wong
- CVE-2018-6137: Leak of visited status of page in Blink. Reported by
Michael Smith
- CVE-2018-6138: Overly permissive policy in Extensions. Reported by
François Lajeunesse-Robert
- CVE-2018-6139: Restrictions bypass in the debugger extension API.
Reported by Rob Wu
- CVE-2018-6140: Restrictions bypass in the debugger extension API.
Reported by Rob Wu
- CVE-2018-6141: Heap buffer overflow in Skia. Reported by Yangkang
- CVE-2018-6142: Out of bounds memory access in V8. Reported by Choongwoo
Han
- CVE-2018-6143: Out of bounds memory access in V8. Reported by Guang Gong
- CVE-2018-6144: Out of bounds memory access in PDFium. Reported by pdknsk
- CVE-2018-6145: Incorrect escaping of MathML in Blink. Reported by Masato
Kinugawa
- CVE-2018-6147: Password fields not taking advantage of OS protections in
Views. Reported by Michail Pishchagin
- CVE-2018-6148: Incorrect handling of CSP header. Reported by Michał
Bentkowski
- CVE-2018-6149: Out of bounds write in V8. Reported by Yu Zhou and
Jundong Xie
* The widevine adaptor package is now empty, it is no longer required to
use the widevine content decryption module.
chromium-browser (67.0.3396.79-2) unstable; urgency=medium
.
* Use embedded ffmpeg code copy (closes: #900533).
chromium-browser (67.0.3396.79-1) unstable; urgency=medium
.
* New upstream security release.
- CVE-2018-6148: Incorrect handling of CSP header. Reported by Michał
Bentkowski
chromium-browser (67.0.3396.62-2) unstable; urgency=medium
.
* Fix build on arm64/armhf
chromium-browser (67.0.3396.62-1) unstable; urgency=medium
.
* New upstream stable release.
- CVE-2018-6123: Use after free in Blink. Reported by Looben Yang
- CVE-2018-6124: Type confusion in Blink. Reported by Guang Gong
- CVE-2018-6125: Overly permissive policy in WebUSB. Reported by Yubico
- CVE-2018-6126: Heap buffer overflow in Skia. Reported by Ivan Fratric
- CVE-2018-6127: Use after free in indexedDB. Reported by Looben Yang
- CVE-2018-6128: uXSS in Chrome on iOS. Reported by Tomasz Bojarski
- CVE-2018-6129: Out of bounds memory access in WebRTC. Reported by Natalie
Silvanovich
- CVE-2018-6130: Out of bounds memory access in WebRTC. Reported by Natalie
Silvanovich
- CVE-2018-6131: Incorrect mutability protection in WebAssembly. Reported
by Natalie Silvanovich
- CVE-2018-6132: Use of uninitialized memory in WebRTC. Reported by Ronald
E. Crane
- CVE-2018-6133: URL spoof in Omnibox. Reported by Khalil Zhani
- CVE-2018-6134: Referrer Policy bypass in Blink. Reported by Jun Kokatsu
- CVE-2018-6135: UI spoofing in Blink. Reported by Jasper Rebane
- CVE-2018-6136: Out of bounds memory access in V8. Reported by Peter Wong
- CVE-2018-6137: Leak of visited status of page in Blink. Reported by
Michael Smith
- CVE-2018-6138: Overly permissive policy in Extensions. Reported by
François Lajeunesse-Robert
- CVE-2018-6139: Restrictions bypass in the debugger extension API.
Reported by Rob Wu
- CVE-2018-6140: Restrictions bypass in the debugger extension API.
Reported by Rob Wu
- CVE-2018-6141: Heap buffer overflow in Skia. Reported by Yangkang
- CVE-2018-6142: Out of bounds memory access in V8. Reported by Choongwoo
Han
- CVE-2018-6143: Out of bounds memory access in V8. Reported by Guang Gong
- CVE-2018-6144: Out of bounds memory access in PDFium. Reported by pdknsk
- CVE-2018-6145: Incorrect escaping of MathML in Blink. Reported by Masato
Kinugawa
- CVE-2018-6147: Password fields not taking advantage of OS protections in
Views. Reported by Michail Pishchagin
chromium-browser (67.0.3396.57-1) experimental; urgency=medium
.
* New upstream beta release.
* Ignore more compiler warnings.
chromium-browser (67.0.3396.56-1) experimental; urgency=medium
.
* New upstream beta release.
chromium-browser (67.0.3396.48-1) experimental; urgency=medium
.
* New upstream beta release.
* Indicate that binary rules do not require root.
* Change maintainer address to chromium-browser@packages.debian.org.
* Drop widevine adapter package, no longer supported upstream (chromium
should automatically detect and use libwidevinecdm.so without the extra
adapter library now).
chromium-browser (66.0.3359.181-1) unstable; urgency=medium
.
* New upstream security release.
- CVE-2018-6120: Heap buffer overflow in PDFium. Reported by Zhou Aiting
- CVE-2018-6121: Privilege Escalation in extensions.
- CVE-2018-6122: Type confusion in V8.
chromium-browser (66.0.3359.139-1) unstable; urgency=medium
.
* New upstream security release.
- CVE-2018-6118: Use after free in Media Cache. Reported by Ned Williamson
* Enable jumbo build.
* Recommend libgl1-mesa-dri.
chromium-browser (66.0.3359.117-1) unstable; urgency=medium
.
* New upstream stable release.
- CVE-2018-6085: Use after free in Disk Cache. Reported by Ned Williamson
- CVE-2018-6086: Use after free in Disk Cache. Reported by Ned Williamson
- CVE-2018-6087: Use after free in WebAssembly. Reported by Anonymous
- CVE-2018-6088: Use after free in PDFium. Reported by Anonymous
- CVE-2018-6089: Same origin policy bypass in Service Worker. Reported by
Rob Wu
- CVE-2018-6090: Heap buffer overflow in Skia. Reported by ZhanJia Song
- CVE-2018-6091: Incorrect handling of plug-ins by Service Worker.
Reported by Jun Kokatsu
- CVE-2018-6092: Integer overflow in WebAssembly. Reported by Natalie
Silvanovich
- CVE-2018-6093: Same origin bypass in Service Worker. Reported by Jun
Kokatsu
- CVE-2018-6094: Exploit hardening regression in Oilpan. Reported by Chris
Rohlf
- CVE-2018-6095: Lack of meaningful user interaction requirement before
file upload. Reported by Abdulrahman Alqabandi
- CVE-2018-6096: Fullscreen UI spoof. Reported by WenXu Wu
- CVE-2018-6097: Fullscreen UI spoof. Reported by xisigr
- CVE-2018-6098: URL spoof in Omnibox. Reported by Khalil Zhani
- CVE-2018-6099: CORS bypass in ServiceWorker. Reported by Jun Kokatsu
- CVE-2018-6100: URL spoof in Omnibox. Reported by Lnyas Zhang
- CVE-2018-6101: Insufficient protection of remote debugging prototol in
DevTools . Reported by Rob Wu
- CVE-2018-6102: URL spoof in Omnibox. Reported by Khalil Zhani
- CVE-2018-6103: UI spoof in Permissions. Reported by Khalil Zhani
- CVE-2018-6104: URL spoof in Omnibox. Reported by Khalil Zhani
- CVE-2018-6105: URL spoof in Omnibox. Reported by Khalil Zhani
- CVE-2018-6106: Incorrect handling of promises in V8. Reported by
lokihardt
- CVE-2018-6107: URL spoof in Omnibox. Reported by Khalil Zhani
- CVE-2018-6108: URL spoof in Omnibox. Reported by Khalil Zhani
- CVE-2018-6109: Incorrect handling of files by FileAPI. Reported by
Dominik Weber
- CVE-2018-6110: Incorrect handling of plaintext files via file:// .
Reported by Wenxiang Qian
- CVE-2018-6111: Heap-use-after-free in DevTools. Reported by Khalil Zhani
- CVE-2018-6112: Incorrect URL handling in DevTools. Reported by Rob Wu
- CVE-2018-6113: URL spoof in Navigation. Reported by Khalil Zhani
- CVE-2018-6114: CSP bypass. Reported by Lnyas Zhang
- CVE-2018-6115: SmartScreen bypass in downloads. Reported by James Feher
- CVE-2018-6116: Incorrect low memory handling in WebAssembly. Reported by
Chengdu Security Response Center
- CVE-2018-6117: Confusing autofill settings. Reported by Spencer Dailey
- Fixes proxy time out error (closes: #892994).
- Removes not implemented messages (closes: #893799).
* Remove third_party/chromite from the upstream tarball (closes: #895076).
chromium-browser (66.0.3359.117-1~deb9u1) stretch-security; urgency=medium
.
* New upstream stable release.
- CVE-2018-6056: Incorrect derived class instantiation in V8. Reported by
lokihardt
- CVE-2018-6057: Incorrect permissions on shared memory. Reported by Gal
Beniamini
- CVE-2018-6060: Use after free in Blink. Reported by Omair
- CVE-2018-6061: Race condition in V8. Reported by Guang Gong
- CVE-2018-6062: Heap buffer overflow in Skia. Reported by Anonymous
- CVE-2018-6063: Incorrect permissions on shared memory. Reported by Gal
Beniamini
- CVE-2018-6064: Type confusion in V8. Reported by lokihardt
- CVE-2018-6065: Integer overflow in V8. Reported by Mark Brand
- CVE-2018-6066: Same Origin Bypass via canvas. Reported by Masato Kinugawa
- CVE-2018-6067: Buffer overflow in Skia. Reported by Ned Williamson
- CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab. Reported by
Luan Herrera
- CVE-2018-6069: Stack buffer overflow in Skia. Reported by Wanglu &
Yangkang
- CVE-2018-6070: CSP bypass through extensions. Reported by Rob Wu
- CVE-2018-6071: Heap bufffer overflow in Skia. Reported by Anonymous
- CVE-2018-6072: Integer overflow in PDFium. Reported by Atte Kettunen
- CVE-2018-6073: Heap bufffer overflow in WebGL. Reported by Omair
- CVE-2018-6074: Mark-of-the-Web bypass. Reported by Abdulrahman Alqabandi
- CVE-2018-6075: Overly permissive cross origin downloads. Reported by Inti
De Ceukelaire
- CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink.
Reported by Mateusz Krzeszowiec
- CVE-2018-6077: Timing attack using SVG filters. Reported by Khalil Zhani
- CVE-2018-6078: URL Spoof in OmniBox. Reported by Khalil Zhani
- CVE-2018-6079: Information disclosure via texture data in WebGL. Reported
by Ivars Atteka
- CVE-2018-6080: Information disclosure in IPC call. Reported by Gal
Beniamini
- CVE-2018-6081: XSS in interstitials. Reported by Rob Wu
- CVE-2018-6082: Circumvention of port blocking. Reported by WenXu Wu
- CVE-2018-6083: Incorrect processing of AppManifests. Reported by Jun
Kokatsu
- CVE-2018-6085: Use after free in Disk Cache. Reported by Ned Williamson
- CVE-2018-6086: Use after free in Disk Cache. Reported by Ned Williamson
- CVE-2018-6087: Use after free in WebAssembly. Reported by Anonymous
- CVE-2018-6088: Use after free in PDFium. Reported by Anonymous
- CVE-2018-6089: Same origin policy bypass in Service Worker. Reported by
Rob Wu
- CVE-2018-6090: Heap buffer overflow in Skia. Reported by ZhanJia Song
- CVE-2018-6091: Incorrect handling of plug-ins by Service Worker.
Reported by Jun Kokatsu
- CVE-2018-6092: Integer overflow in WebAssembly. Reported by Natalie
Silvanovich
- CVE-2018-6093: Same origin bypass in Service Worker. Reported by Jun
Kokatsu
- CVE-2018-6094: Exploit hardening regression in Oilpan. Reported by Chris
Rohlf
- CVE-2018-6095: Lack of meaningful user interaction requirement before
file upload. Reported by Abdulrahman Alqabandi
- CVE-2018-6096: Fullscreen UI spoof. Reported by WenXu Wu
- CVE-2018-6097: Fullscreen UI spoof. Reported by xisigr
- CVE-2018-6098: URL spoof in Omnibox. Reported by Khalil Zhani
- CVE-2018-6099: CORS bypass in ServiceWorker. Reported by Jun Kokatsu
- CVE-2018-6100: URL spoof in Omnibox. Reported by Lnyas Zhang
- CVE-2018-6101: Insufficient protection of remote debugging prototol in
DevTools . Reported by Rob Wu
- CVE-2018-6102: URL spoof in Omnibox. Reported by Khalil Zhani
- CVE-2018-6103: UI spoof in Permissions. Reported by Khalil Zhani
- CVE-2018-6104: URL spoof in Omnibox. Reported by Khalil Zhani
- CVE-2018-6105: URL spoof in Omnibox. Reported by Khalil Zhani
- CVE-2018-6106: Incorrect handling of promises in V8. Reported by
lokihardt
- CVE-2018-6107: URL spoof in Omnibox. Reported by Khalil Zhani
- CVE-2018-6108: URL spoof in Omnibox. Reported by Khalil Zhani
- CVE-2018-6109: Incorrect handling of files by FileAPI. Reported by
Dominik Weber
- CVE-2018-6110: Incorrect handling of plaintext files via file:// .
Reported by Wenxiang Qian
- CVE-2018-6111: Heap-use-after-free in DevTools. Reported by Khalil Zhani
- CVE-2018-6112: Incorrect URL handling in DevTools. Reported by Rob Wu
- CVE-2018-6113: URL spoof in Navigation. Reported by Khalil Zhani
- CVE-2018-6114: CSP bypass. Reported by Lnyas Zhang
- CVE-2018-6115: SmartScreen bypass in downloads. Reported by James Feher
- CVE-2018-6116: Incorrect low memory handling in WebAssembly. Reported by
Chengdu Security Response Center
- CVE-2018-6117: Confusing autofill settings. Reported by Spencer Dailey
chromium-browser (66.0.3359.26-2) unstable; urgency=medium
.
[ Michael Gilbert ]
* Build using gcc6.
* Move version control to salsa.debian.org.
* Change maintainer address to chromium-browser@tracker.debian.org.
.
[ Riku Voipio ]
* [arm64/armhf] Fix neon autodetection with patch from upstream
* [armhf] drop debug symbols
chromium-browser (66.0.3359.26-1) experimental; urgency=medium
.
* New upstream release.
* Use threaded compression while repacking the upstream tarball.
chromium-browser (66.0.3359.22-3) experimental; urgency=medium
.
* Build pdfium using the system openjpeg library.
chromium-browser (66.0.3359.22-2) experimental; urgency=medium
.
* Fix typo in vpx patch.
chromium-browser (66.0.3359.22-1) experimental; urgency=medium
.
* New upstream release.
- Fixes swiftshader library loading error (closes: #864606).
chromium-browser (65.0.3325.146-4) unstable; urgency=medium
.
* Fix another incomplete type build error (closes: #892891).
chromium-browser (65.0.3325.146-3) unstable; urgency=medium
.
* Fix incomplete type build error.
chromium-browser (65.0.3325.146-2) unstable; urgency=medium
.
* Fix a few gcc build warnings.
* Apply upstream's fix for a bug in gcc7's handling of non-copyable types
(closes: #890954).
chromium-browser (65.0.3325.146-1) unstable; urgency=medium
.
* New upstream stable release release.
- CVE-2018-6056: Incorrect derived class instantiation in V8. Reported by
lokihardt
- CVE-2018-6060: Use after free in Blink. Reported by Omair
- CVE-2018-6061: Race condition in V8. Reported by Guang Gong
- CVE-2018-6062: Heap buffer overflow in Skia. Reported by Anonymous
- CVE-2018-6057: Incorrect permissions on shared memory. Reported by Gal
Beniamini
- CVE-2018-6063: Incorrect permissions on shared memory. Reported by Gal
Beniamini
- CVE-2018-6064: Type confusion in V8. Reported by lokihardt
- CVE-2018-6065: Integer overflow in V8. Reported by Mark Brand
- CVE-2018-6066: Same Origin Bypass via canvas. Reported by Masato Kinugawa
- CVE-2018-6067: Buffer overflow in Skia. Reported by Ned Williamson
- CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab. Reported by
Luan Herrera
- CVE-2018-6069: Stack buffer overflow in Skia. Reported by Wanglu &
Yangkang
- CVE-2018-6070: CSP bypass through extensions. Reported by Rob Wu
- CVE-2018-6071: Heap bufffer overflow in Skia. Reported by Anonymous
- CVE-2018-6072: Integer overflow in PDFium. Reported by Atte Kettunen
- CVE-2018-6073: Heap bufffer overflow in WebGL. Reported by Omair
- CVE-2018-6074: Mark-of-the-Web bypass. Reported by Abdulrahman Alqabandi
- CVE-2018-6075: Overly permissive cross origin downloads. Reported by Inti
De Ceukelaire
- CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink.
Reported by Mateusz Krzeszowiec
- CVE-2018-6077: Timing attack using SVG filters. Reported by Khalil Zhani
- CVE-2018-6078: URL Spoof in OmniBox. Reported by Khalil Zhani
- CVE-2018-6079: Information disclosure via texture data in WebGL. Reported
by Ivars Atteka
- CVE-2018-6080: Information disclosure in IPC call. Reported by Gal
Beniamini
- CVE-2018-6081: XSS in interstitials. Reported by Rob Wu
- CVE-2018-6082: Circumvention of port blocking. Reported by WenXu Wu
- CVE-2018-6083: Incorrect processing of AppManifests. Reported by Jun
Kokatsu
* Enable support for vp9 (closes: #891831).
chromium-browser (65.0.3325.74-1) experimental; urgency=medium
.
[ Michael Gilbert ]
* New upstream release.
* Update to debhelper 11.
* Update standards version.
* Remove third_party/llvm from the upstream tarball.
* Drop -fno-delete-null-pointer from debian/rules, applied upstream now.
.
[ Riku Voipio ]
* Fix skia build on arm64, (closes: #891062)
* Set some armhf specific gn args to help linking
chromium-browser (65.0.3325.73-1) experimental; urgency=medium
.
* New upstream beta release.
* Recommend libu2f-udev (closes: #890239).
* Add support ffmpeg 3.5 (closes: #888387).
* Remove icc_profiles from the upstream tarball.
chromium-browser (64.0.3282.119-2) unstable; urgency=medium
.
* Drop chromecast patch (closes: #884173).
chromium-browser (64.0.3282.119-1) unstable; urgency=medium
.
* New upstream stable release.
- CVE-2017-15420: URL spoofing in Omnibox. Reported by Drew Springall
- CVE-2017-15429: UXSS in V8. Reported by Anonymous
- CVE-2018-6031: Use after free in PDFium. Reported by Anonymous
- CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun
Kokatsu
- CVE-2018-6033: Race when opening downloaded files. Reported by Juho
Nurminen
- CVE-2018-6034: Integer overflow in Blink. Reported by Tobias Klein
- CVE-2018-6035: Insufficient isolation of devtools from extensions.
Reported by Rob Wu
- CVE-2018-6036: Integer underflow in WebAssembly. Reported by The UK's
National Cyber Security Centre
- CVE-2018-6037: Insufficient user gesture requirements in autofill.
Reported by Paul Stone
- CVE-2018-6038: Heap buffer overflow in WebGL. Reported by cloudfuzzer
- CVE-2018-6039: XSS in DevTools. Reported by Juho Nurminen
- CVE-2018-6040: Content security policy bypass. Reported by WenXu Wu
- CVE-2018-6041: URL spoof in Navigation. Reported by Luan Herrera
- CVE-2018-6042: URL spoof in OmniBox. Reported by Khalil Zhani
- CVE-2018-6043: Insufficient escaping with external URL handlers. Reported
by 0x09AL
- CVE-2018-6045: Insufficient isolation of devtools from extensions.
Reported by Rob Wu
- CVE-2018-6046: Insufficient isolation of devtools from extensions.
Reported by Rob Wu
- CVE-2018-6047: Cross origin URL leak in WebGL. Reported by Masato
Kinugawa
- CVE-2018-6048: Referrer policy bypass in Blink. Reported by Jun Kokatsu
- CVE-2018-6049: UI spoof in Permissions. Reported by WenXu Wu
- CVE-2018-6050: URL spoof in OmniBox. Reported by Jonathan Kew
- CVE-2018-6051: Referrer leak in XSS Auditor. Reported by Antonio Sanso
- CVE-2018-6052: Incomplete no-referrer policy implementation. Reported by
Tanner Emek
- CVE-2018-6053: Leak of page thumbnails in New Tab Page. Reported by Asset
Kabdenov
- CVE-2018-6054: Use after free in WebUI. Reported by Rob Wu
chromium-browser (64.0.3282.119-1~deb9u1) stretch-security; urgency=medium
.
* New upstream stable release.
- CVE-2017-15420: URL spoofing in Omnibox. Reported by Drew Springall
- CVE-2017-15429: UXSS in V8. Reported by Anonymous
- CVE-2018-6031: Use after free in PDFium. Reported by Anonymous
- CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun
Kokatsu
- CVE-2018-6033: Race when opening downloaded files. Reported by Juho
Nurminen
- CVE-2018-6034: Integer overflow in Blink. Reported by Tobias Klein
- CVE-2018-6035: Insufficient isolation of devtools from extensions.
Reported by Rob Wu
- CVE-2018-6036: Integer underflow in WebAssembly. Reported by The UK's
National Cyber Security Centre
- CVE-2018-6037: Insufficient user gesture requirements in autofill.
Reported by Paul Stone
- CVE-2018-6038: Heap buffer overflow in WebGL. Reported by cloudfuzzer
- CVE-2018-6039: XSS in DevTools. Reported by Juho Nurminen
- CVE-2018-6040: Content security policy bypass. Reported by WenXu Wu
- CVE-2018-6041: URL spoof in Navigation. Reported by Luan Herrera
- CVE-2018-6042: URL spoof in OmniBox. Reported by Khalil Zhani
- CVE-2018-6043: Insufficient escaping with external URL handlers. Reported
by 0x09AL
- CVE-2018-6045: Insufficient isolation of devtools from extensions.
Reported by Rob Wu
- CVE-2018-6046: Insufficient isolation of devtools from extensions.
Reported by Rob Wu
- CVE-2018-6047: Cross origin URL leak in WebGL. Reported by Masato
Kinugawa
- CVE-2018-6048: Referrer policy bypass in Blink. Reported by Jun Kokatsu
- CVE-2018-6049: UI spoof in Permissions. Reported by WenXu Wu
- CVE-2018-6050: URL spoof in OmniBox. Reported by Jonathan Kew
- CVE-2018-6051: Referrer leak in XSS Auditor. Reported by Antonio Sanso
- CVE-2018-6052: Incomplete no-referrer policy implementation. Reported by
Tanner Emek
- CVE-2018-6053: Leak of page thumbnails in New Tab Page. Reported by Asset
Kabdenov
- CVE-2018-6054: Use after free in WebUI. Reported by Rob Wu
chromium-browser (63.0.3239.84-1) unstable; urgency=medium
.
* New upstream stable release.
* Update standards version to 4.1.2.
* Stricter default master preferences.
* Avoid showing the welcome page (closes: #857767).
* Switch from gtk2 to gtk3 again (closes: #883364).
clamav (0.100.2+dfsg-0+deb9u1) stretch; urgency=medium
.
* Import new upstream
- Bump symbol version due to new version.
- CVE-2018-15378 (Closes: #910430).
* add NEWS.md and README.md from upstream
* Fix infinite loop in dpkg-reconfigure, Patch by Santiago Ruano Rincón
(Closes: #905044).
clamav (0.100.1+dfsg-1) unstable; urgency=medium
.
[ Scott Kitterman ]
* Only create clamav user during clamav-base install if it does not exist
(LP: #121872)
- Thanks to Shane Williams for the patch
* Remove spurious debian/changelog entry for the above change from the
0.100.0~beta+dfsg-1 entry since the change was not actually included
.
[ Sebastian Andrzej Siewior ]
* Import new upstream.
* Bump symbol version due to new version.
* Add read permission for freshclam on /var/log in the apparmor profile.
Thanks to Robie Basak (Closes: #902601).
* Bump standards-version to 4.1.5 without further change
clamav (0.100.1+dfsg-0+deb9u1) stretch; urgency=medium
.
[ Scott Kitterman ]
* Only create clamav user during clamav-base install if it does not exist
(LP: #121872)
- Thanks to Shane Williams for the patch
.
[ Sebastian Andrzej Siewior ]
* New upstrem relase (0.100.1) (Closes: #903896).
- CVE-2018-0360 (HWP integer overflow, infinite loop vulnerabi)
- CVE-2018-0361 (ClamAV PDF object length check, unreasonably long time to
parse relatively small file)
* Bump symbol version due to new version.
* Add read permission for freshclam on /var/log in the apparmor profile.
Thanks to Robie Basak (Closes: #902601).
clamav (0.100.1+dfsg-0+deb8u1) jessie-security; urgency=medium
.
* Non-maintainer upload by the LTS Team.
* Update to upstream release 0.100.1 (Closes: #903896).
* Fixes:
- CVE-2018-0360 (HWP integer overflow, infinite loop vulnerabi)
- CVE-2018-0361 (ClamAV PDF object length check, unreasonably long
time to
parse relatively small file)
* debian/clamav-daemon.config.in: fix infinite loop after SelfCheck
state (Closes: #905044).
.
* Upload based on the stretch package, thanks to:
.
[ Scott Kitterman ]
* Only create clamav user during clamav-base install if it does not
exist. Patch by Shane Williams.
.
[ Sebastian Andrzej Siewior ]
* Bump symbol version due to new version.
* Add read permission for freshclam on /var/log in the apparmor profile.
Thanks to Robie Basak (Closes: #902601).
clamav (0.100.0+dfsg-1) unstable; urgency=medium
.
* New upstream release.
- remove various documentation files including Changelog from the file
list because they are no longer included in upstream archive.
confuse (3.0+dfsg-2+deb9u1) stretch; urgency=medium
.
* Add debian/patches/CVE-2018-14447.patch from upstream to fix
an out of bound read in trim_whitespace (CVE-2018-14447). Closes:
#904159.
cups (2.2.1-8+deb9u2) stretch-security; urgency=low
.
* CVE-2018-6553: Fix AppArmor cupsd sandbox bypass due to use of hard links
* Backport upstream fixes for:
- CVE-2018-4180 Local Privilege Escalation to Root in dnssd Backend (CUPS_SERVERBIN)
- CVE-2018-4181 Limited Local File Reads as Root via cupsd.conf Include Directive
- CVE-2018-4182 cups-exec Sandbox Bypass Due to Insecure Error Handling
- CVE-2018-4183 cups-exec Sandbox Bypass Due to Profile Misconfiguration
- CVE-2017-15400: Restrict IPP Everywhere filters to only list supported PDLs
to fix CRLF and Code Injection in Printer Zeroconfig
curl (7.52.1-5+deb9u8) stretch-security; urgency=high
.
* Fix SASL password overflow via integer overflow as per CVE-2018-16839
https://curl.haxx.se/docs/CVE-2018-16839.html
* Fix warning message out-of-buffer read as per CVE-2018-16842
https://curl.haxx.se/docs/CVE-2018-16842.html
curl (7.52.1-5+deb9u7) stretch-security; urgency=high
.
* Fix NTLM password overflow via integer overflow as per CVE-2018-14618
https://curl.haxx.se/docs/CVE-2018-14618.html
debian-installer (20170615+deb9u5) stretch; urgency=medium
.
* Bump Linux kernel version from 4.9.0-7 to 4.9.0-8.
debian-installer-netboot-images (20170615+deb9u5) stretch; urgency=medium
.
* Update to 20170615+deb9u5 images, from stretch-proposed-updates
discount (2.2.2-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload.
* Fix CVE-2018-11468, CVE-2018-11503, CVE-2018-11504 and CVE-2018-12495.
Several heap-based buffer over-reads were found in discount that allowed
remote attackers to cause a denial-of-service via specially crafted files.
dnsmasq (2.76-5+deb9u2) stretch; urgency=medium
.
* Non-maintainer upload.
* trust-anchors.conf: include latest DNS trust anchor KSK-2017.
(Closes: #907887)
dom4j (1.6.1+dfsg.3-2+deb9u1) stretch; urgency=high
.
* Team upload.
* Fix CVE-2018-1000632:
Mario Areias discovered that dom4j, a XML framework for Java, was
vulnerable to a XML injection attack. An attacker able to specify
attributes or elements in the XML document might be able to modify the
whole XML document.
* Compile with source/target 1.5 to fix a compilation issue with
String.format.
* Add testng to Build-Depends. Build and test AllowedCharsTest to verify that
CVE-2018-1000632 is correctly addressed.
dpdk (16.11.8-1+deb9u1) stretch; urgency=medium
.
* Merge stable update to 16.11.8; For a list of changes see
https://mails.dpdk.org/archives/announce/2018-August/000221.html
* Merge stable update to 16.11.7; For a list of changes see
http://mails.dpdk.org/archives/announce/2018-June/000209.html
* Update librte-pmd-bond1.symbols with new symbol.
This API was already present and public, but it was mistakenly left out
of the symbols map in the original release.
dropbear (2016.74-5+deb9u1) stretch; urgency=medium
.
* Backport security fix for CVE-2018-15599: The recv_msg_userauth_request
function in svr-auth.c in Dropbear through 2018.76 is prone to a user
enumeration vulnerability because username validity affects how fields in
SSH_MSG_USERAUTH messages are handled. (Closes: #906890.)
Adapted from https://secure.ucc.asn.au/hg/dropbear/rev/5d2d1021ca00 .
drupal7 (7.52-2+deb9u5) stretch-security; urgency=high
.
* SA-CORE-2018-006: Fix remote code execution, external URL injection
vulnerabilities
easytag (2.4.3-1+deb9u1) stretch; urgency=medium
.
* debian/patches:
- Add patch to revert upstream commit which causes OGG corruption.
(Closes: #855251)
enigmail (2:2.0.8-5~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch (Closes: #909000)
enigmail (2:2.0.8-4) unstable; urgency=medium
.
* disable telemetry during autopkgtest
* add times.json to the autopkgtest default profile.
* Drop enigmail plugin from autopkgtest jsunit/sqlite test
* create simple profile during sqlite autopkgtest
enigmail (2:2.0.8-3) unstable; urgency=medium
.
* Avoid stderr on sqlite test during autopkgtest.
enigmail (2:2.0.8-2) unstable; urgency=medium
.
* refresh patches
* fix minimal key generation (pushed upstream, not yet released)
* drop "Fix test in streams-test.js" (TB 52 → 60 changes result?)
* Test autocrypt-style key minimization (pushed upstream, not yet
released)
* drop "correct keyserverUris" change (maybe also TB 52 → 60)
* import minor bugfixes from upstream
* prepare subprocesses to handle multiple file descriptors
* complete transition from OpenPGP.js to GnuPG (Closes: #908510)
* Standards-Version: bump to 4.2.1 (no changes needed)
enigmail (2:2.0.8-1) unstable; urgency=medium
.
* New upstream version (closes: 907786)
enigmail (2:2.0.7+ds1-1) unstable; urgency=medium
.
* New repacked upstream tarball:
- strip OpenPGP.js (Closes: 901556)
- Remove windows binaries too
* fix Vcs-Git to point to debian/master
* test suite: show the state of prefs.js after tests are run
* d/copyright: no need for OpenPGP.js any more.
enigmail (2:2.0.7-11) unstable; urgency=medium
.
* avoid using and shippiing OpenPGP.js since we cannot build it from source
* update dependency on GnuPG to account for important bugfixes needed
to replace OpenPGP.js
* Standards-Version: bump to 4.1.5 (no changes needed)
enigmail (2:2.0.7-10) unstable; urgency=medium
.
* drop build-deps on thunderbird, gpg, etc since unit tests are runtime-only
enigmail (2:2.0.7-9) unstable; urgency=medium
.
* retry connections to autocrypt.sqlite if they fail busy
enigmail (2:2.0.7-8) unstable; urgency=medium
.
* simplify autocrypt error handling
* fix output in unit-tests (thanks, elbrus)
* add tbird-sqlite test to autopkgtest suite
enigmail (2:2.0.7-7) unstable; urgency=medium
.
* more debugging to try to see what is going wrong with the autocrypt test
* unit tests: dump the contents of the enigmail autocrypt database
enigmail (2:2.0.7-6+exp1) experimental; urgency=medium
.
* Try to avoid using openpgp.js
* d/gbp.conf: point to debian/experimental branch
enigmail (2:2.0.7-6) unstable; urgency=medium
.
* clarify autocrypt errors in the test suite
* make build reproducible (closes: #901611)
* autopkgtest: use python, not python2
* avoid requiring zip for the test suite
* Permit stderr during autopkgtest
enigmail (2:2.0.7-5) unstable; urgency=medium
.
* d/run-tests: avoid bashism
* ensure that the autopkgtest has a sensible configuration
enigmail (2:2.0.7-4) unstable; urgency=medium
.
* drop unit tests from buildd again, due to timeout
enigmail (2:2.0.7-3) unstable; urgency=medium
.
* make test suite more robust (including fixes from upstream)
* Improve testing (including autopkgtest)
enigmail (2:2.0.7-2) unstable; urgency=medium
.
* acknowledge accidental move to unstable (oops)
(closes: #888897, #898630)
* skip unit tests for now, since they cause build failures
enigmail (2:2.0.7-1) unstable; urgency=medium
.
* new upsteam release
fixes CVE-2018-12020
* try running tests under xvfb-run
enigmail (2:2.0.6.1-4) unstable; urgency=medium
.
* force creation of /tmp/.X11-unix when running test suite
enigmail (2:2.0.6.1-3) unstable; urgency=medium
.
* debugging /tmp to understand test suite failure on buildd
enigmail (2:2.0.6.1-2) unstable; urgency=medium
.
* set a specific XAUTHORITY file during test suite
enigmail (2:2.0.6.1-1) experimental; urgency=medium
.
* New upstream release
* actually run unit tests during build
* fix test suite
enigmail (2:2.0.6-1) experimental; urgency=medium
.
* New upstream release
* drop patch already upstream
* refresh patches
enigmail (2:2.0.5-1) experimental; urgency=medium
.
* New upstream release
* refresh patches
* fix error string about MDC
enigmail (2:2.0.4-1) experimental; urgency=medium
.
* New upstream release
enigmail (2:2.0.2-1) experimental; urgency=medium
.
* New upstream release
* drop patches already upstream
* refresh patches
* Standards-Version: bump to 4.1.4 (no changes needed)
* Rules-Requires-Root: no
enigmail (2:2.0.1-1) experimental; urgency=medium
.
* new upstream release
* drop patches already applied upstream
* refresh patches
* cherry-pick patches from upstream
enigmail (2:2.0-1) experimental; urgency=medium
.
* new upstream release
* drop patches already upstream
* refresh patches
* cherry-pick bug-fixes from upstream
enigmail (2:2.0~beta2-1) experimental; urgency=medium
.
* convert to DEP-14 branch naming schemes
* point to upstream-experimental branch
* drop patches applied upstream
* import bugfix patches from upstream
* Avoid auto-download of pEpEngine (Closes: #891882)
enigmail (2:2.0~beta1-1) experimental; urgency=medium
.
* new beta release (to experimental)
* point to experimental branches in packaging repositories
* refresh patches (drop re-certifying expired certs, already upstream)
* import patches from upstream
* d/watch: look for beta releases
* clean up package build date
* d/missing-sources: workaround: include sources for OpenPGP.js
* d/copyright: note OpenPGP.js licensing
* avoid failures on parallel builds
enigmail (2:1.9.9-2) unstable; urgency=medium
.
* move to debhelper 11
* standards-version: bump to 4.1.3 (no changes needed)
* d/control: move Vcs-* to salsa.debian.org
enigmail (2:1.9.9-1) unstable; urgency=medium
.
* new upstream release
* Standards-Version: bump to 4.1.2 (no changes needed)
* drop patch already upstreamed
* debian/changelog: drop trailing whitespace
espeakup (1:0.80-5+deb9u2) stretch; urgency=medium
.
* debian/espeakup.service: Automatically load speakup_soft on daemon
startup.
fastforward (1:0.51-3.1~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
fastforward (1:0.51-3.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Add patch from Harry Sintonen to fix segfaults on 64bit.
(Closes: #859327)
ffmpeg (7:3.2.12-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
- avformat/movenc: Write version 2 of audio atom if channels is not known.
(CVE-2018-14395)
- avcodec/imgconvert: fix possible null pointer dereference.
(Closes: #904123)
ffmpeg (7:3.2.11-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
- avfilter/vf_transpose: Fix used plane count. (CVE-2018-6392)
- avcodec/utvideodec: Fix bytes left check in decode_frame().
(CVE-2018-6621)
- avcodec/utvideodec: Check subsample factors. (CVE-2018-7557)
- avcodec/utvideodec: Set pro flag based on fourcc. (CVE-2018-10001)
- avcodec/mpeg4videoenc: Use 64 bit for times in
mpeg4_encode_gop_header(). (CVE-2018-12458)
- avformat/movenc: Do not pass AVCodecParameters in avpriv_request_sample.
(CVE-2018-13300)
- avformat/movenc: Check that frame_types other than
EAC3_FRAME_TYPE_INDEPENDENT have a supported substream id.
(CVE-2018-13302)
* debian/control:
- Add Breaks on vokoscreen << 2.2.0 to libav-tools. (Closes: #864917)
firefox-esr (60.3.0esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-27, also known as:
CVE-2018-12392, CVE-2018-12393, CVE-2018-12395, CVE-2018-12396,
CVE-2018-12397, CVE-2018-12389, CVE-2018-12390.
.
* debian/rules: Work around armel FTBFS from conflicting __sync_* symbols
between libgcc and rust's compiler_builtins.
firefox-esr (60.2.2esr-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-24, also known as:
CVE-2018-12386, CVE-2018-12387.
.
* debian/extra-stuff/addonsInfo.js: Fixes to work with recent versions
of Firefox. Closes: #909056.
* debian/control*, debian/browser.mozconfig.in: Build ALSA support.
Closes: #864987, #900062, #908349
firefox-esr (60.2.2esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-24, also known as:
CVE-2018-12386, CVE-2018-12387.
.
* debian/extra-stuff/addonsInfo.js: Fixes to work with recent versions
of Firefox. Closes: #909056.
* debian/control*, debian/browser.mozconfig.in: Build ALSA support.
Closes: #864987, #900062, #908349
firefox-esr (60.2.1esr-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-23, also known as:
CVE-2018-12385, CVE-2018-12383.
.
* debian/control*:
- Remove the sqlite and nss dependencies when not building against the
system libraries.
- Enforce nss, nspr and sqlite dependencies to the same versions as
build dependencies. There are subtle non-ABI differences between
versions that Firefox might be relying on (be it features, behavior
changes/fixes, etc.) and can cause subtle problems when older
versions are used.
- Add a suggestion for pulseaudio.
* debian/rules, debian/control: Add libavcodec-extra* packages to the list
of recommends. Closes: #909130
.
* js/src/jit/BaselineJIT.h: Disable baseline JIT when SSE2 is not supported
at runtime. bz#1492064. Closes: #908396, #908449.
* gfx/2d/Swizzle.cpp: Use Swizzle fallback when SSE2 is not supported.
bz#1492065. Closes: #877445.
firefox-esr (60.2.1esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-23, also known as:
CVE-2018-12385, CVE-2018-12383.
.
* debian/control*:
- Enforce nss, nspr and sqlite dependencies to the same versions as
build dependencies. There are subtle non-ABI differences between
versions that Firefox might be relying on (be it features, behavior
changes/fixes, etc.) and can cause subtle problems when older
versions are used.
- Add a suggestion for pulseaudio.
* debian/rules, debian/control: Add libavcodec-extra* packages to the list
of recommends. Closes: #909130
.
* js/src/jit/BaselineJIT.h: Disable baseline JIT when SSE2 is not supported
at runtime. bz#1492064. Closes: #908396, #908449.
* gfx/2d/Swizzle.cpp: Use Swizzle fallback when SSE2 is not supported.
bz#1492065. Closes: #877445.
firefox-esr (60.2.0esr-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-21, also known as:
CVE-2018-12377, CVE-2018-12378, CVE-2018-12376.
.
* debian/l10n/gen: Use iso-codes json data instead of XML when present.
Closes: #907611.
.
* widget/gtk/nsAppShell.cpp: Use remoting name for call to
gdk_set_program_class. Closes: #907574.
firefox-esr (60.2.0esr-1~deb9u2) stretch-security; urgency=medium
.
* debian/control*: Remove the sqlite and nss dependencies when not building
against the system libraries.
firefox-esr (60.2.0esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-21, also known as:
CVE-2018-12377, CVE-2018-12378, CVE-2018-12376.
.
* debian/l10n/gen: Use iso-codes json data instead of XML when present.
Closes: #907611.
.
* widget/gtk/nsAppShell.cpp: Use remoting name for call to
gdk_set_program_class. Closes: #907574.
.
firefox-esr (60.1.0esr-3) unstable; urgency=medium
.
* debian/control*:
- Build depend on llvm/clang 6.0 for buster. Closes: #906174.
- Bump NSS build dependency to 3.36.4. Closes: #902573.
.
* gfx/skia/skia/include/core/SkColorPriv.h,
gfx/skia/skia/include/core/SkImageInfo.h,
gfx/skia/skia/include/gpu/GrTypes.h,
gfx/skia/skia/src/core/SkColorData.h: fix big-endian Skia builds.
bz#1144632.
.
firefox-esr (60.1.0esr-2) unstable; urgency=medium
.
* Upload to unstable.
* debian/upstream.mk: Use the same logic for betas as for releases to find
the source.
* debian/browser.links.in, debian/rules, debian/vendor.js: Use the
spellchecker.dictionary_path pref to set the hunspell directory.
* debian/browser.mozconfig.in: Allow unsigned addons in app and system
scopes.
* debian/rules: Work around the effect the above has on the
--{enable,with}-system-* check.
* debian/vendor.js: Remove extensions.unsignedScopes. The patch that added
the pref was changed to use a configure flag instead.
* debian/control*: Remove old conflicts. Thanks Sylvestre Ledru.
Closes: #882956.
* debian/l10n/recommends, debian/l10n/browser-l10n.control,
debian/control: Update dictionary recommendations, following these rules:
- Transitional myspell packages are not listed except when stable
doesn't have the corresponding hunspell package.
- Both hunspell and myspell packages are listed if they are different.
Closes: #813832, #825843
* debian/copyright, debian/rules: Refer to /usr/share/common-licenses/MPL*
instead of installing our own copy. Closes: #704303.
* debian/make.mk: Use the same code as dump target for the dump-% target.
* debian/control*, debian/rules: Add Recommends on all supported libavcodec
libraries for h264 playback. Closes: #901600.
.
* js/src/jit/mips-shared/MacroAssembler-mips-shared.cpp: Stubout
MacroAssembler::speculationBarrier. bz#1444834
* toolkit/modules/AppConstants.jsm, toolkit/modules/moz.build,
toolkit/moz.configure, toolkit/mozapps/extensions/internal/XPIInstall.jsm,
toolkit/mozapps/extensions/content/extensions.js,
toolkit/mozapps/extensions/internal/XPIDatabase.jsm: Change how addon
signature requirement relaxation is done. Closes: #899390.
.
firefox-esr (60.1.0esr-1) experimental; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-16, also known as:
CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362,
CVE-2018-5156, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365,
CVE-2018-12371, CVE-2018-12366, CVE-2018-12367, CVE-2018-12369,
CVE-2018-5187, CVE-2018-5188.
.
* debian/vendor.js: Relax the addon signature requirements.
.
* build/unix/elfhack/elfhack.cpp, build/unix/elfhack/inject.c,
build/unix/elfhack/test.c: Use run-time page size when changing mapping
permissions in elfhack injected code. bz#1470701. Closes: #902231.
* toolkit/mozapps/extensions/content/extensions.js,
toolkit/mozapps/extensions/internal/XPIDatabase.jsm: Allow to relax the
addon signature requirements.
.
firefox-esr (60.0.2esr-1) experimental; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-14, also known as CVE-2018-6126.
.
* debian/browser.NEWS.in: Adjust to show the ESR version.
.
firefox-esr (60.0.1esr-2) experimental; urgency=medium
.
* third_party/rust/libc/.cargo-checksum.json,
third_party/rust/libc/src/unix/notbsd/linux/mod.rs,
third_party/rust/libc/src/unix/notbsd/linux/musl/mod.rs,
third_party/rust/libc/src/unix/notbsd/linux/other/mod.rs,
third_party/rust/libc/src/unix/notbsd/linux/s390x.rs: Apply upstream patch
to add struct ucred for Linux on MIPS.
* gfx/skia/skia/src/jumper/SkJumper_stages.cpp: Fix Skia build on arm64
linux with GCC. bz#1462868.
* intl/icu_sources_data.py: Add --disable-layoutex when running ICU
configure. bz#1462859.
* media/webrtc/trunk/gtest/moz.build: Link chromium_atomics to webrtc tests.
bz#1462873.
* media/webrtc/trunk/moz.build: Only build webrtc neon on aarch64.
* browser/locales/Makefile.in,
python/mozbuild/mozbuild/action/langpack_manifest.py,
python/mozbuild/mozbuild/test/action/test_langpack_manifest.py,
toolkit/locales/l10n.mk: Use MOZ_LANGPACK_EID in langpacks manifest.json.
bz#1455100. Closes: #899160.
* dom/media/webaudio/blink/DenormalDisabler.h: Avoid using vmrs/vmsr on
armel.
* mfbt/LinuxSignal.h, mfbt/moz.build,
tools/profiler/core/platform-linux-android.cpp: Remove
MOZ_SIGNAL_TRAMPOLINE. bz#1463035.
* build/autoconf/arch.m4: Add -mfloat-abi=softfp to NEON_FLAGS when it makes
sense. bz#1463036.
* xpcom/string/moz.build: Use HAVE_ARM_NEON instead of BUILD_ARM_NEON for
nsUTF8UtilsNEON.cpp. bz#1463036.
.
firefox-esr (60.0.1esr-1) experimental; urgency=medium
.
* New upstream release.
.
* debian/browser.links.in: Remove /usr/lib/*/browser/icons symlink, leftover
after the removal of /usr/share/*/browser/icons. Closes: #893323.
* debian/control*: Remove mozplugger suggestion. Closes: #888396.
* debian/browser.install.in, debian/browser.mozconfig.in, debian/control.in,
debian/rules: Remove the option to build against gtk+2, it is not
supported anymore.
* debian/control*, debian/rules: Avoid hard dependency on libgtk2.0-0.
Closes: #885144.
.
* media/webrtc/trunk/moz.build: Attempt to fix building webrtc on non-x86.
* js/src/jit/mips-shared/LIR-mips-shared.h, js/src/jit/mips32/LIR-mips32.h,
js/src/jit/mips64/LIR-mips64.h: Fix FTBFS on mips*. bz#1444303.
.
firefox-esr (60.0esr-1) experimental; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-11, also known as
CVE-2018-5154, CVE-2018-5155, CVE-2018-5157, CVE-2018-5158,
CVE-2018-5159, CVE-2018-5160, CVE-2018-5152, CVE-2018-5153,
CVE-2018-5163, CVE-2018-5164, CVE-2018-5166, CVE-2018-5167,
CVE-2018-5168, CVE-2018-5169, CVE-2018-5172, CVE-2018-5173,
CVE-2018-5175, CVE-2018-5176, CVE-2018-5177, CVE-2018-5165,
CVE-2018-5180, CVE-2018-5181, CVE-2018-5182, CVE-2018-5151,
CVE-2018-5150.
.
* debian/control*:
- Bump nspr, nss, sqlite, rustc and cargo build dependencies.
- Update Maintainer and Vcs fields, moving off alioth.
* debian/browser.js.in, debian/vendor.js: Use the new syntax for
locked and sticky prefs.
* debian/browser.NEWS.in: Add a NEWS about the deprecation of lockPref.
* debian/rules: Automatically find the ICU data file name.
* debian/browser.mozconfig.in: Revert workaround for bz#1341234.
* debian/browser.install.in, debian/rules: Don't install the ICU data
file, it's linked as a data section in libxul.
* debian/control, debian/rules: Remove iceweasel transitional packages
in non-backports.
.
* modules/libpref/parser/src/lib.rs: Adapt to upstream changes to
keep supporting lockPref() for transition purposes, now that upstream
has locked prefs out of the box.
.
firefox (59.0.2-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-10, also known as CVE-2018-5148.
.
firefox (59.0.1-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-08, also known as CVE-2018-5146, CVE-2018-5147.
.
firefox (59.0-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-06, also known as:
CVE-2018-5127, CVE-2018-5128, CVE-2018-5129, CVE-2018-5130,
CVE-2018-5131, CVE-2018-5132, CVE-2018-5133, CVE-2018-5134,
CVE-2018-5135, CVE-2018-5136, CVE-2018-5137, CVE-2018-5140,
CVE-2018-5141, CVE-2018-5142, CVE-2018-5143, CVE-2018-5126,
CVE-2018-5125.
.
* debian/upstream.mk:
- Change how we find the source tarball for releases.
- Stop using milestone.py, it went away in this version.
* debian/control*: Bump nspr, nss, sqlite, rustc and cargo build
dependencies.
* debian/rules: Update ICU_DATA_FILE version.
* debian/browser.install.in, debian/browser.links.in, debian/rules: Take all
icons from chrome/icons/default/ now they are all there.
* debian/browser.install.in, debian/rules: Install watermark icon through
dh_install.
* debian/browser.js.in: Use the new intl.locale.requested instead of
intl.locale.matchOS.
.
firefox (58.0.1-1) unstable; urgency=medium
.
* New upstream release.
* Fix for mfsa2018-05.
.
* debian/upstream.mk, debian/l10n_revs.py: Use l10n-changesets.json from the
source tree to find the l10n changesets.
* debian/usptream.mk: Stop using milestone.py, it goes away in version 59.
.
* intl/icu/source/i18n/digitlst.cpp: Apply part of
http://bugs.icu-project.org/trac/changeset/40603 to fix FTBFS with glibc
2.26 on big endian platforms. Closes: #888638.
.
firefox (58.0-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-02, also known as:
CVE-2018-5091, CVE-2018-5092, CVE-2018-5093, CVE-2018-5094,
CVE-2018-5095, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099,
CVE-2018-5100, CVE-2018-5101, CVE-2018-5102, CVE-2018-5103,
CVE-2018-5104, CVE-2018-5105, CVE-2018-5106, CVE-2018-5107,
CVE-2018-5108, CVE-2018-5109, CVE-2018-5111, CVE-2018-5112,
CVE-2018-5113, CVE-2018-5114, CVE-2018-5115, CVE-2018-5116,
CVE-2018-5117, CVE-2018-5118, CVE-2018-5119, CVE-2018-5122,
CVE-2018-5090, CVE-2018-5089.
.
* debian/rules:
- Don't disable necko-wifi on kfreebsd/hurd. This used to be necessary
because that was using libiw, which was linux-only, but libiw is not
used anymore.
- Refresh configure files manually.
- Remove --with-default-mozilla-five-home, it's gone.
- Adapt to compare-locales changes.
- Define MOZ_FFVPX on arm and aarch64.
* debian/browser.install.in, debian/rules, debian/test.mk: Use
DEB_HOST_ARCH* instead of DEB_BUILD_ARCH*.
* debian/control*:
- Bump rustc, cargo and nss build dependencies.
- Add a dependency on libnss3 3.34 for the firefox package.
* debian/noinstall.in: Remove run-mozilla.sh from there, it's not installed
anymore.
.
firefox (57.0.4-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-01, mitigating "Spectre" side-channel attack.
.
* debian/control*: Remove build dependencies on unused -dev packages.
* debian/rules: Clean l10n build directory.
* debian/installer/Makefile.in,
debian/installer/package-manifest.browser, debian/rules, moz.build:
Let upstream packaging step preprocess our package manifest, instead
of preprocessing it manually first.
.
firefox (57.0.3-1) unstable; urgency=medium
.
* New upstream release.
.
firefox (57.0.1-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2017-27, also known as:
* CVE-2017-7843, CVE-2017-7844.
.
* debian/rules: Don't pass unused variables during make install.
* debian/installer/Makefile.in: Small path correctness fixup.
.
firefox (57.0-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2017-24, also known as:
CVE-2017-7828, CVE-2017-7830, CVE-2017-7831, CVE-2017-7832,
CVE-2017-7833, CVE-2017-7834, CVE-2017-7835, CVE-2017-7836,
CVE-2017-7837, CVE-2017-7838, CVE-2017-7839, CVE-2017-7840,
CVE-2017-7842, CVE-2017-7827, CVE-2017-7826.
.
* debian/control*: Bump nss, sqlite, rustc and cargo build dependencies.
* debian/rules:
- Always remove configure/old-configure during clean.
- Use a new file as source for the symbolic icon. Closes: #867729.
- Disable tests until they're fixed. The script to run tests uses old
entry points that weren't updated to deal with the sandbox in Firefox,
causing the tests to fail in a way that takes days to go through the
entire suites. Closes: #877565.
* debian/import-tar.py: Make python 3.6 happy.
.
* old-configure*: Allow to build against nspr 4.16.
.
firefox (56.0-2) unstable; urgency=medium
.
* debian/browser.mozconfig.in: Pass NSPR directory to bindgen to workaround
bz#1341234.
.
firefox (56.0-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2017-21, also known as:
CVE-2017-7793, CVE-2017-7818, CVE-2017-7819, CVE-2017-7824,
CVE-2017-7812, CVE-2017-7814, CVE-2017-7813, CVE-2017-7815,
CVE-2017-7816, CVE-2017-7821, CVE-2017-7823, CVE-2017-7822,
CVE-2017-7820, CVE-2017-7811, CVE-2017-7810.
.
* debian/control*:
- Bump nspr, nss, rustc and cargo build dependencies.
- Build depend on llvm-4.0-dev, libclang-4.0-dev and clang-4.0.
* debian/rules: Update ICU_DATA_FILE version.
* debian/browser.mozconfig.in, debian/google.key: Add the Google API key
from the chromium package for safebrowsing. Thanks Francois Marier.
.
firefox (55.0.3-1) unstable; urgency=medium
.
* New upstream release.
.
* debian/source/lintian-overrides: Add a lintian override for dotzlib.chm.
.
firefox (55.0.2-1) unstable; urgency=medium
.
* New upstream release.
.
* js/src/jit/ExecutableAllocator.h, js/src/jit/none/MacroAssembler-none.h:
Fix Spidermonkey build with no jit backend. bz#1376268.
.
firefox (55.0-2) unstable; urgency=medium
.
* ipc/chromium/src/base/message_pump_libevent.cc,
ipc/chromium/src/third_party/libevent/linux/event2/event-config.h:
Fix FTBFS on i386. bz#1388981.
* dom/base/nsWrapperCache.h: Fix FTBFS on powerpc64el. bz#1376277.
* media/libcubeb/cubeb-pulse-rs/src/backend/context.rs: Fix cubeb-pulse-rs
FTBFS on arm64.
.
firefox (55.0-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2017-18, also known as:
CVE-2017-7798, CVE-2017-7800, CVE-2017-7801, CVE-2017-7809,
CVE-2017-7784, CVE-2017-7802, CVE-2017-7785, CVE-2017-7786,
CVE-2017-7806, CVE-2017-7753, CVE-2017-7787, CVE-2017-7807,
CVE-2017-7792, CVE-2017-7791, CVE-2017-7808, CVE-2017-7781,
CVE-2017-7794, CVE-2017-7803, CVE-2017-7799, CVE-2017-7783,
CVE-2017-7788, CVE-2017-7789, CVE-2017-7797, CVE-2017-7780,
CVE-2017-7779.
.
* debian/control*: Bump nspr, nss and sqlite build dependencies.
* debian/rules:
- Preserve Cargo.toml.orig files ; cargo doesn't like that dh_clean
removes them.
- Copy the MPL-2.0 license from nsprpub instead of b2g, the latter being
gone.
* debian/browser.js.in: Default to no suggestions in the urlbar. This still
brings a panel asking the user whether they want to opt-in on first use.
* debian/upstream.mk: Set DIST differently for experimental.
.
* media/webrtc/trunk/gtest/moz.build: Make webrtc-gtest build work with
system jpeg and libvpx. bz#1373988.
* media/mtransport/third_party/nICEr/nicer.gyp,
media/mtransport/third_party/nrappkit/nrappkit.gyp: Disable
-Wformat-security where -Wformat is disabled. bz#1388681. Closes: #871386.
('ppc64le', 'Linux'): 'powerpc64le-unknown-linux-gnu',
* build/moz.configure/rust.configure: Add ppc64el target for rust code
(second attempt). Closes: #864822.
.
firefox (54.0-2) unstable; urgency=medium
.
* debian/upstream.mk: Consider testing/unstable as buster, which implies
build depending on system nspr, nss, sqlite and hunspell again.
* debian/rules: Really make overrides with USE_SYSTEM_* set to nothing work.
.
* build/moz.configure/rust.configure: Add ppc64el target for rust code.
Closes: #864822.
.
firefox (54.0-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2017-15, also known as:
CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751,
CVE-2017-7752, CVE-2017-7754, CVE-2017-7756, CVE-2017-7757,
CVE-2017-7778, CVE-2017-7758, CVE-2017-7762, CVE-2017-7764,
CVE-2017-5471, CVE-2017-5470.
* Targetting unstable because the required rustc version is available there,
and the freeze is almost over, meaning new versions of rustc will receive
updates, allowing to build newer versions of Firefox.
.
* debian/rules, debian/control.in: Switch to GCC 4.8 on wheezy.
* debian/rules: Don't remove debian/control on clean. Thanks to
Emilio Pozuelo Monfort for those two changes for wheezy LTS support.
* debian/control.in, debian/rules, debian/symbols.mk, debian/upstream.mk:
Rename the BACKPORT variable to DIST, and set it to "stretch" for
unstable/testing targetted builds.
* debian/rules: Normalize the system libraries used depending on the Debian
version.
* debian/control*:
- Bump nspr and build dependencies.
- Bump rustc and cargo build dependencies.
* debian/rules:
- Allow to override USE_SYSTEM_* variables from the environment.
- Remove rules to create mozilla-nspr.pc. It hasn't been shipped since
45.0-1.
* debian/browser.install.in: Add the pingsender executable.
.
firefox (53.0.is.53.0-1) experimental; urgency=medium
.
* The "oops, uploaded to unstable instead of experimental" release.
.
firefox (53.0-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2017-10, also known as:
CVE-2017-5433, CVE-2017-5435, CVE-2017-5436, CVE-2017-5459,
CVE-2017-5466, CVE-2017-5434, CVE-2017-5432, CVE-2017-5460,
CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441,
CVE-2017-5442, CVE-2017-5464, CVE-2017-5443, CVE-2017-5444,
CVE-2017-5446, CVE-2017-5447, CVE-2017-5465, CVE-2017-5448,
CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5469,
CVE-2017-5445, CVE-2017-5449, CVE-2017-5451, CVE-2017-5467,
CVE-2017-5453, CVE-2017-5458, CVE-2017-5468, CVE-2017-5430,
CVE-2017-5429.
.
* debian/control*:
- Bump nss and hunspell build dependencies.
* debian/browser-dev*, debian/control*, debian/noinstall.in,
debian/rules: Remove the -dev packages, there is no SDK provided
for Firefox anymore.
* debian/browser.install.in: Install manifest.json instead of clearkey.info.
* debian/rules:
- No system hunspell for backports.
- Build against system nspr/nss, experimental has the right versions.
* debian/browser.mozconfig.in, debian/control*, debian/rules: Always enable
rust, and bump the rustc dependency. As of version 54, it is not possible
to disable rust code anymore. While this is still version 53, there is not
much to win by keeping --disable-rust builds on Debian architectures
without rustc for 6 more weeks.
firefox-esr (60.1.0esr-3) unstable; urgency=medium
.
* debian/control*:
- Build depend on llvm/clang 6.0 for buster. Closes: #906174.
- Bump NSS build dependency to 3.36.4. Closes: #902573.
.
* gfx/skia/skia/include/core/SkColorPriv.h,
gfx/skia/skia/include/core/SkImageInfo.h,
gfx/skia/skia/include/gpu/GrTypes.h,
gfx/skia/skia/src/core/SkColorData.h: fix big-endian Skia builds.
bz#1144632.
firefox-esr (60.1.0esr-2) unstable; urgency=medium
.
* Upload to unstable.
* debian/upstream.mk: Use the same logic for betas as for releases to find
the source.
* debian/browser.links.in, debian/rules, debian/vendor.js: Use the
spellchecker.dictionary_path pref to set the hunspell directory.
* debian/browser.mozconfig.in: Allow unsigned addons in app and system
scopes.
* debian/rules: Work around the effect the above has on the
--{enable,with}-system-* check.
* debian/vendor.js: Remove extensions.unsignedScopes. The patch that added
the pref was changed to use a configure flag instead.
* debian/control*: Remove old conflicts. Thanks Sylvestre Ledru.
Closes: #882956.
* debian/l10n/recommends, debian/l10n/browser-l10n.control,
debian/control: Update dictionary recommendations, following these rules:
- Transitional myspell packages are not listed except when stable
doesn't have the corresponding hunspell package.
- Both hunspell and myspell packages are listed if they are different.
Closes: #813832, #825843
* debian/copyright, debian/rules: Refer to /usr/share/common-licenses/MPL*
instead of installing our own copy. Closes: #704303.
* debian/make.mk: Use the same code as dump target for the dump-% target.
* debian/control*, debian/rules: Add Recommends on all supported libavcodec
libraries for h264 playback. Closes: #901600.
.
* js/src/jit/mips-shared/MacroAssembler-mips-shared.cpp: Stubout
MacroAssembler::speculationBarrier. bz#1444834
* toolkit/modules/AppConstants.jsm, toolkit/modules/moz.build,
toolkit/moz.configure, toolkit/mozapps/extensions/internal/XPIInstall.jsm,
toolkit/mozapps/extensions/content/extensions.js,
toolkit/mozapps/extensions/internal/XPIDatabase.jsm: Change how addon
signature requirement relaxation is done. Closes: #899390.
firefox-esr (60.1.0esr-1) experimental; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-16, also known as:
CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362,
CVE-2018-5156, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365,
CVE-2018-12371, CVE-2018-12366, CVE-2018-12367, CVE-2018-12369,
CVE-2018-5187, CVE-2018-5188.
.
* debian/vendor.js: Relax the addon signature requirements.
.
* build/unix/elfhack/elfhack.cpp, build/unix/elfhack/inject.c,
build/unix/elfhack/test.c: Use run-time page size when changing mapping
permissions in elfhack injected code. bz#1470701. Closes: #902231.
* toolkit/mozapps/extensions/content/extensions.js,
toolkit/mozapps/extensions/internal/XPIDatabase.jsm: Allow to relax the
addon signature requirements.
firefox-esr (60.0.2esr-1) experimental; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-14, also known as CVE-2018-6126.
.
* debian/browser.NEWS.in: Adjust to show the ESR version.
firefox-esr (60.0.1esr-2) experimental; urgency=medium
.
* third_party/rust/libc/.cargo-checksum.json,
third_party/rust/libc/src/unix/notbsd/linux/mod.rs,
third_party/rust/libc/src/unix/notbsd/linux/musl/mod.rs,
third_party/rust/libc/src/unix/notbsd/linux/other/mod.rs,
third_party/rust/libc/src/unix/notbsd/linux/s390x.rs: Apply upstream patch
to add struct ucred for Linux on MIPS.
* gfx/skia/skia/src/jumper/SkJumper_stages.cpp: Fix Skia build on arm64
linux with GCC. bz#1462868.
* intl/icu_sources_data.py: Add --disable-layoutex when running ICU
configure. bz#1462859.
* media/webrtc/trunk/gtest/moz.build: Link chromium_atomics to webrtc tests.
bz#1462873.
* media/webrtc/trunk/moz.build: Only build webrtc neon on aarch64.
* browser/locales/Makefile.in,
python/mozbuild/mozbuild/action/langpack_manifest.py,
python/mozbuild/mozbuild/test/action/test_langpack_manifest.py,
toolkit/locales/l10n.mk: Use MOZ_LANGPACK_EID in langpacks manifest.json.
bz#1455100. Closes: #899160.
* dom/media/webaudio/blink/DenormalDisabler.h: Avoid using vmrs/vmsr on
armel.
* mfbt/LinuxSignal.h, mfbt/moz.build,
tools/profiler/core/platform-linux-android.cpp: Remove
MOZ_SIGNAL_TRAMPOLINE. bz#1463035.
* build/autoconf/arch.m4: Add -mfloat-abi=softfp to NEON_FLAGS when it makes
sense. bz#1463036.
* xpcom/string/moz.build: Use HAVE_ARM_NEON instead of BUILD_ARM_NEON for
nsUTF8UtilsNEON.cpp. bz#1463036.
firefox-esr (60.0.1esr-1) experimental; urgency=medium
.
* New upstream release.
.
* debian/browser.links.in: Remove /usr/lib/*/browser/icons symlink, leftover
after the removal of /usr/share/*/browser/icons. Closes: #893323.
* debian/control*: Remove mozplugger suggestion. Closes: #888396.
* debian/browser.install.in, debian/browser.mozconfig.in, debian/control.in,
debian/rules: Remove the option to build against gtk+2, it is not
supported anymore.
* debian/control*, debian/rules: Avoid hard dependency on libgtk2.0-0.
Closes: #885144.
.
* media/webrtc/trunk/moz.build: Attempt to fix building webrtc on non-x86.
* js/src/jit/mips-shared/LIR-mips-shared.h, js/src/jit/mips32/LIR-mips32.h,
js/src/jit/mips64/LIR-mips64.h: Fix FTBFS on mips*. bz#1444303.
firefox-esr (60.0esr-1) experimental; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-11, also known as
CVE-2018-5154, CVE-2018-5155, CVE-2018-5157, CVE-2018-5158,
CVE-2018-5159, CVE-2018-5160, CVE-2018-5152, CVE-2018-5153,
CVE-2018-5163, CVE-2018-5164, CVE-2018-5166, CVE-2018-5167,
CVE-2018-5168, CVE-2018-5169, CVE-2018-5172, CVE-2018-5173,
CVE-2018-5175, CVE-2018-5176, CVE-2018-5177, CVE-2018-5165,
CVE-2018-5180, CVE-2018-5181, CVE-2018-5182, CVE-2018-5151,
CVE-2018-5150.
.
* debian/control*:
- Bump nspr, nss, sqlite, rustc and cargo build dependencies.
- Update Maintainer and Vcs fields, moving off alioth.
* debian/browser.js.in, debian/vendor.js: Use the new syntax for
locked and sticky prefs.
* debian/browser.NEWS.in: Add a NEWS about the deprecation of lockPref.
* debian/rules: Automatically find the ICU data file name.
* debian/browser.mozconfig.in: Revert workaround for bz#1341234.
* debian/browser.install.in, debian/rules: Don't install the ICU data
file, it's linked as a data section in libxul.
* debian/control, debian/rules: Remove iceweasel transitional packages
in non-backports.
.
* modules/libpref/parser/src/lib.rs: Adapt to upstream changes to
keep supporting lockPref() for transition purposes, now that upstream
has locked prefs out of the box.
firefox-esr (52.9.0esr-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-17, also known as:
CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-5156,
CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366,
CVE-2018-12368, CVE-2018-5188.
firetray (0.6.1+dfsg-1.2~deb9u1) stretch; urgency=medium
.
* Upload to Stretch, to handle the stable update of Thunderbird.
firetray (0.6.1+dfsg-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Fix for Thunderbird 60 (by Fritjof Toelstede, Gabriele, and me).
Closes: #906852, #895451.
* Firefox and Iceweasel are no longer supported.
firmware-nonfree (20161130-4) stretch; urgency=medium
.
* debian/bin/gencontrol.py: Set encoding to UTF-8 globally
* Add back firmware-{adi,ralink} as transitional packages (Closes: #907320)
* debian/control: Point Vcs URLs to Salsa
* Update to linux-support 4.9.0-8
* firmware-brcm80211: Update Broadcom wifi firmware to fix security issues
(Closes: #869639):
- BCM4339 (CVE-2016-0801)
- BCM4354 (CVE-2016-0801, CVE-2017-0561, CVE-2017-9417, CVE-2017-13077,
CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081)
- BCM4356-PCIe (CVE-2016-0801, CVE-2017-0561, CVE-2017-9417,
CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,
CVE-2017-13081)
- BCM43340 (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,
CVE-2017-13081) (also fixes issues when operating in 5GHz band)
- BCM43362 (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,
CVE-2017-13081)
- BCM43430 (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,
CVE-2017-13081)
fofix-dfsg (3.121-5~deb9u1) stretch; urgency=medium
.
* QA upload.
* Rebuild for stretch.
.
fofix-dfsg (3.121-5) unstable; urgency=medium
.
* QA upload.
* Call image.tobytes('raw', ...) instead of image.tostring('raw', ...),
thanks to Christian Trenkwalder. (Closes: #873156)
* Override source-contains-prebuilt-ms-help-file.
fuse (2.9.7-1+deb9u2) stretch; urgency=medium
.
* Whitelist autofs as mountpoint file system.
* Whitelist FAT as mountpoint file system (closes: #905366).
fuse (2.9.7-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Restriction bypass of the "allow_other" option when SELinux is active
(CVE-2018-10906) (Closes: #904439)
ganeti (2.15.2-7+deb9u3) stretch; urgency=medium
.
* Properly verify SSL certificates during VM export (#2) (Closes: #895599, #908112)
* Sign generated certificates using SHA256 instead of SHA1 (Closes: #907569)
+ d/NEWS: ask users to run gnt-cluster renew-crypto
+ cluster verify: warn about weak certificates
* Make bash completions autoloadable (Closes: #864755)
+ Cleanup obsolete /etc/bash_completion.d/ganeti
gdm3 (3.22.3-3+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* display-store: Pass the display object rather than the id in the removed
signal (CVE-2018-14424)
* display: tie skeleton handlers to object lifetime (CVE-2018-14424)
ghostscript (9.20~dfsg-3.2+deb9u5) stretch-security; urgency=medium
.
* Fixes for CVE-2018-16509 (fourth patch, rest were applied in deb9u4)
CVE-2018-16802 and one additional issue with a CVE ID (yet)
ghostscript (9.20~dfsg-3.2+deb9u4) stretch-security; urgency=medium
.
* Add additional patch for CVE-2018-16543
* Fix a regression introduced in a054156d425b4dbdaaa9fda4b5f1182b27598c2b,
see https://github.com/apple/cups/issues/5392
ghostscript (9.20~dfsg-3.2+deb9u3) stretch-security; urgency=medium
.
* Multiple security issues, see Security Tracker for details
git (1:2.11.0-3+deb9u4) stretch-security; urgency=high
.
* Fix CVE-2018-17456, arbitrary code execution via submodule URLs
and paths in .gitmodules file:
- submodule: ban submodule urls that start with a dash
- submodule: ban submodule paths that start with a dash
- submodule: use "--" to signal end of clone options
- fsck: detect submodule urls that start with a dash
- fsck: detect submodule paths that start with a dash
.
Thanks to joernchen of Phenoelit for discovering and reporting
this vulnerability and to Jeff King for fixing it.
.
* Correct incomplete shell command injection fix in git cvsimport in
1:2.11.0-3+deb9u2. A malicious CVS server could trigger
arbitrary code execution by a user running "git cvsimport".
- cvsimport: apply shell-quoting regex globally
.
Thanks to littlelailo for discovering this vulnerability and to
Jeff King for fixing it.
globus-gsi-credential (7.11-1+deb9u1) stretch; urgency=medium
.
* Fix issue with voms proxy and openssl 1.1
* https://github.com/globus/globus-toolkit/issues/115
* https://github.com/globus/globus-toolkit/pull/116
gnupg2 (2.1.18-8~deb9u3) stretch; urgency=medium
.
* block trivial access to scdaemon memory (Closes: #878952)
* Update crypto defaults for 2018 (new keys are RSA 3072, prefer AES256)
* d/control: move Vcs*: to salsa
* dirmngr: implement querying nameservers over IPv6 (Closes: #862682)
* use DEP-14 branch naming
* refresh patches
* backport --no-symkey-cache
* backport improved import and export filtering
* backport display of revocation certificates
* backport stripping unusable subkey material during export-minimal
* backport fix to make --dry-run work when listing secret keys
* backport fix showing secret keys when listing keys
* backport fix to clean keys before importing (Closes: #906545)
gnutls28 (3.5.8-5+deb9u4) stretch; urgency=medium
.
* Pull fixes for CVE-2018-10844 and CVE-2018-10845 from gnutls 3.5.19
+ 39_01-dummy_wait-correctly-account-the-length-field-in-SHA.patch
+ 39_02-dummy_wait-always-hash-the-same-amount-of-blocks-tha.patch
+ 39_03-cbc_mac_verify-require-minimum-padding-under-SSL3.0.patch
+ 39_04-hmac-sha384-and-sha256-ciphersuites-were-removed-fro.patch
+ 39_05-tests-pkcs12_encode-fix-test-for-SHA512.patch
gphoto2-cffi (0.3~a1-1.1~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
gphoto2-cffi (0.3~a1-1.1) unstable; urgency=high
.
* Non-maintainer upload.
* Add upstream fix to unbreak python3-gphoto2cffi. (Closes: #896238)
graphicsmagick (1.3.30+hg15796-1~deb9u2) stretch-security; urgency=medium
.
* Backport fix for case-insensitive static module loader (closes: #911386).
graphicsmagick (1.3.30+hg15796-1~deb9u1) stretch-security; urgency=high
.
* Security backport for Stretch.
* Relax g++ build dependency.
* Relax debhelper build dependency.
* Relax Standards-Version to 3.9.8 .
.
graphicsmagick (1.3.30+hg15796-1) unstable; urgency=high
.
* Mercurial snapshot, fixing the following security issues:
- WEBP: Fix compiler warnings regarding uninitialized structure members,
- ReadJPEGImage(): Allow libjpeg to use 1/5th of the total memory limit,
- ReadJPEGImage(): Make sure that JPEG pixels array is initialized in
case libjpeg fails to completely initialize it,
- WriteOnePNGImage(): Free png_pixels as soon as possible,
- ReadMIFFImage(): Detect EOF when reading using ReadBlobZC() and avoid
subsequent heap read overflow,
- ReadMVGImage(): Don't assume that in-memory MVG blob is a
null-terminated C string,
- ReadMVGImage(): Don't allow MVG files to side-load a file as the
drawing primitive using '@' syntax,
- FileToBlob(): Use confirm access APIs to verify that read access is
allowed, and verify that file is a regular file,
- ExtractTokensBetweenPushPop() needs to always return a valid pointer
into the primitive string,
- DrawPolygonPrimitive(): Fix leak of polygon set when object is
completely outside image,
- SetNexus(): For requests one pixel tall, SetNexus() was wrongly using
pixels in-core rather than using a staging area for the case where the
nexus rows extend beyond the image raster boundary,
- ReadCINEONImage(): Quit immediately on EOF and detect short files,
- ReadMVGImage(): Fix memory leak,
- Add mechanism to approve embedded subformats in WPG,
- ReadXBMImage(): Add validations for row and column dimensions,
- MAT InsertComplexFloatRow(): Avoid signed overflow,
- InsertComplexFloatRow(): Try not to lose the previous intention while
avoiding signed overflow,
- XBMInteger(): Limit the number of hex digits parsed to avoid signed
integer overflow,
- MAT: More aggresive data corruption checking,
- MAT: Correctly check GetBlobSize(image) even for zipstreams inside
blob,
- MAT: Explicitly reject non-seekable streams,
- DrawImage(): Add missing error-reporting logic to return immediately
upon memory reallocation failure. Apply memory resource limits to
PrimitiveInfo array allocation,
- MagickAtoFChk(): Add additional validation checks for floating point
values. NAN and +/- INFINITY values also map to 0.0 ,
- ReadMPCImage()/(ReadMIFFImage(): Insist that the format be identified
prior to any comment, and that there is only one comment,
- ConvertPrimitiveToPath(): Enlarge PathInfo array allocation to avoid
possible heap write overflow,
- WPG: Fix intentional 64 bit file offset overflow,
- DrawImage(): Be more precise about error detection and reporting,
- TranslateTextEx(): Fix off-by-one in loop bounds check which allowed a
one-byte stack write overflow,
- DrawImage(): Fix excessive memory consumption due to
SetImageAttribute() appending values,
- QuantumTransferMode(): CIE Log images with an alpha channel are not
supported,
- ConvertPrimitiveToPath(): Second attempt to prevent heap write
overflow of PathInfo array,
- ExtractTileJPG(): Enforce that JPEG tiles are read by the JPEG coder,
- MIFF and MPC, need to avoid leaking value allocation (day-old bug),
- ReadSFWImage(): Enforce that file is read using the JPEG reader,
- FindEXIFAttribute()/GenerateEXIFAttribute(): Change size types from
signed to unsigned and check for unsigned overflow,
- GenerateEXIFAttribute(): Eliminate undefined shift,
- TraceEllipse(): Detect arithmetic overflow when computing the number of
points to allocate for an ellipse,
- ReadMNGImage(): mng_LOOP chunk must be at least 5 bytes long,
- ReadJPEGImage(): Apply a default limit of 100 progressive scans before
the reader quits with an error.
* Update library symbols for this release.
.
graphicsmagick (1.3.30-1) unstable; urgency=high
.
* New upstream release, including many security fixes.
* Build with all hardening enabled.
.
graphicsmagick (1.3.29+hg15665-1) unstable; urgency=high
.
* Mercurial snapshot, fixing the following security issues:
- use of uninitialized value in IsMonochromeImage() ,
- divide by zero in GetPixelOpacity() ,
- write beyond array bounds in TraceStrokePolygon() ,
- use of uninitialized value in format8BIM() ,
- assertion failure in WriteBlob() ,
- out of bounds write in TraceEllipse() ,
- memory leak and use of uninitialized memory when handling eXIf chunk
in png_malloc() ,
- floating point exception in WriteTIFFImage() ,
- leak of Image when TIFFReadRGBAImage() reports failure,
- potentional leak when compressed object is corrupted,
- floating point exception in WriteTIFFImage() ,
- heap double free in Magick::BlobRef::~BlobRef() ,
- direct leak in TIFFClientOpen() ,
- indirect leak in CloneImage() ,
- direct leak in ReadOneJNGImage() ,
- heap buffer overflow in put1bitbwtile() ,
- use of uninitialized value in SyncImageCallBack() ,
- validate tile memory requests for TIFFReadRGBATile() .
* Remove profiles/sRGB Color Space Profile.ICM and
jp2/data/colorprofiles/srgb.icm for being non-free.
* Remove zlib/contrib/dotzlib/DotZLib.chm for no source available.
.
graphicsmagick (1.3.29-1) unstable; urgency=high
.
* New upstream release, including many security fixes.
* Remove previously backported security patches.
* Update library symbols for this release.
* Update debhelper level to 11 .
* Update Standards-Version to 4.1.4 .
.
graphicsmagick (1.3.28-2) unstable; urgency=high
.
* Backport security fixes:
- don't use rescale map if it was not allocated,
- validate number of colormap bits to avoid undefined shift behavior,
- defend against partial scanf() expression matching, resulting in benign
use of uninitialized data,
- don't use rescale map if it was not allocated,
- fix tile index overflow,
- reject XPM if it contains non-whitespace control characters,
- fix forged amount of frames 6755,
- validate header length and offset properties,
- fixed memory leak when tile overflows,
- fix forged amount of frames 7076,
- check for forged image that overflows file size,
- validate size request prior to allocation,
- validate that file size is sufficient for claimed image properties,
- fix signed integer overflow when computing pixels size,
- include number of FITS scenes in file size validations,
- allocate space for null termination and null terminate string,
- validate that samples per pixel is in valid range,
- check whether datablock is really read,
- verify that sufficient backing data exists before allocating memory to
read it,
- duplicate image check for data with fixed geometry,
- CVE-2018-9018: avoid divide-by-zero if delay or timeout properties
changed while ticks_per_second is zero (closes: #894396),
- add checks for EOF,
- validate that PICT rectangles do not have zero dimensions,
- check image pixel limits before allocating memory for tile.
* Backport patch to redesign ReadBlobDwordLSB() to be more effective.
* Backport patch to destroy tile_image in ThrowPICTReaderException() macro
to simplify logic.
* Backport patch to remove shadowed tile_image variable which defeats new
ThrowPICTReaderException() implementation.
.
graphicsmagick (1.3.28-1) unstable; urgency=high
.
* New upstream release, fixing the following security issues among others:
- BMP: Fix non-terminal loop due to unexpected bit-field mask value
(DOS opportunity),
- PALM: Fix heap buffer underflow in builds with QuantumDepth=8,
- SetNexus() Fix heap overwrite under certain conditions due to using a
wrong destination buffer,
- TIFF: Fix heap buffer read overflow in LocaleNCompare() when parsing
NEWS profile.
* Remove previously backported security patches.
.
graphicsmagick (1.3.27-4) unstable; urgency=high
.
* Fix CVE-2018-5685: infinite loop in ReadBMPImage() (closes: #887158).
* Fix memory leak of global colormap.
* Fix memory leak of chunk and mng_info in error path.
* Update Standards-Version to 4.1.3 .
.
graphicsmagick (1.3.27-3) unstable; urgency=high
.
* Fix heap-buffer-overflow on LocaleNCompare() .
* Add some assertions to verify that the image pointer provided by libwebp
is valid.
* Fix NULL pointer dereference in ReadMNGImage() .
* Fix CVE-2017-17913: stack-buffer-overflow in WriteWEBPImage() .
* Fix CVE-2017-17915: heap-buffer-overflow in ReadMNGImage() .
.
graphicsmagick (1.3.27-2) unstable; urgency=high
.
* Fix CVE-2017-17782: heap-based buffer over-read in ReadOneJNGImage()
(closes: #884905).
* Fix CVE-2017-17783: buffer over-read in ReadPALMImage() (closes: #884904).
.
graphicsmagick (1.3.27-1) unstable; urgency=medium
.
* New upstream release.
* Remove previously backported security patches.
* Update library symbols for this release.
* Add libwebp-dev dependency to libgraphicsmagick1-dev (closes: #863564).
* Update Standards-Version to 4.1.2 .
.
graphicsmagick (1.3.26-19) unstable; urgency=high
.
* Fix CVE-2017-16669: heap buffer overflow in AcquireCacheNexus()
(closes: #881391).
* Fix CVE-2017-13134: heap buffer overflow in SFWScan() (closes: #881524).
.
graphicsmagick (1.3.26-18) unstable; urgency=high
.
* Fix CVE-2017-16547: remote denial of service (negative strncpy and
application crash).
* Fix CVE-2017-16545: NULL pointer dereference (write) with malformed WPG
image.
.
graphicsmagick (1.3.26-17) unstable; urgency=high
.
* Fix CVE-2017-16353: heap read overflow vulnerability in DescribeImage() .
* Fix CVE-2017-16352: heap-based buffer overflow vulnerability in
DescribeImage() .
.
graphicsmagick (1.3.26-16) unstable; urgency=high
.
* Fix CVE-2017-15930: NULL pointer dereference while transferring JPEG
scanlines (closes: #879999).
.
graphicsmagick (1.3.26-15) unstable; urgency=high
.
* Fix CVE-2017-13737: invalid free in MagickFree() (closes: #878511).
.
graphicsmagick (1.3.26-14) unstable; urgency=high
.
* Fix CVE-2017-15277: assure that global colormap is fully initialized in
ReadGIFImage() .
* Fix memory leak in WriteGIFImage() .
* Fix CVE-2017-15238: use after free in ReadJNGImage() .
.
graphicsmagick (1.3.26-13) unstable; urgency=high
.
* Fix CVE-2017-14733: heap out of bounds read in ReadRLEImage() .
* Fix CVE-2017-14994: NULL pointer dereference in DICOM Decoder.
* Fix CVE-2017-14997: memory allocation error due to malformed image file.
* Update Standards-Version to 4.1.1 .
.
graphicsmagick (1.3.26-12) unstable; urgency=high
.
* Update upstream changelog for CVE-2017-14103 .
* Fix CVE-2017-14649: denial of service due to assertion failure in
AcquireImagePixels() (closes: #876460).
* Update Standards-Version to 4.1.0:
- change graphicsmagick-dbg priority to optional.
.
graphicsmagick (1.3.26-11) unstable; urgency=high
.
* Fix CVE-2017-14504: NULL pointer dereference triggered by malformed file.
.
graphicsmagick (1.3.26-10) unstable; urgency=high
.
* Fix CVE-2017-14314: heap-based buffer over-read in DrawDashPolygon() .
.
graphicsmagick (1.3.26-9) unstable; urgency=high
.
* Fix CVE-2017-14165: remote denial of service due to memory allocation
failure in magickmalloc (closes: #874724).
* Fix CVE-2017-14042: memory allocation failure in MagickRealloc()
(closes: #873538).
.
graphicsmagick (1.3.26-8) unstable; urgency=high
.
* Fix CVE-2017-13775: denial of service issue in ReadJNXImage() .
* Fix CVE-2017-13776 and CVE-2017-13777: denial of service issue in
ReadXBMImage() .
* Fix memory leak vulnerability in ReadJNGImage() which allow attackers to
cause a denial of service via a crafted file.
* Fix double-free after reading a malformed JNG.
* Fix CVE-2017-14103: the ReadJNGImage() and ReadOneJNGImage() functions do
not properly manage image pointers after certain error conditions, which
allows remote use-after-free attacks via a crafted file, related to a
ReadMNGImage() out-of-order CloseBlob() call. This vulnerability exists
because of an incomplete fix for CVE-2017-11403 .
* Fix CVE-2017-8350: crash while reading a malformed JNG file.
.
graphicsmagick (1.3.26-7) unstable; urgency=high
.
* Fix CVE-2017-13063: heap-based buffer overflow vulnerability in the
GetStyleTokens() function (closes: #873130).
* Fix CVE-2017-13064: another heap-based buffer overflow vulnerability in
the GetStyleTokens() function (closes: #873129).
* Fix CVE-2017-13065: NULL pointer dereference vulnerability in the
SVGStartElement() function (closes: #873119).
.
graphicsmagick (1.3.26-6) unstable; urgency=high
.
* Fix CVE-2017-12935: invalid memory read in the SetImageColorCallBack()
with large MNG images (closes: #872576).
* Fix CVE-2017-12936: use-after-free issue for data associated with
exception reporting in the ReadWMFImage() function (closes: #872575).
* Fix CVE-2017-12937: colormap heap-based buffer over-read in the
ReadSUNImage() function (closes: #872574).
.
graphicsmagick (1.3.26-5) unstable; urgency=medium
.
* Handle mangling change for conversion operators in GCC 7 (closes: #871306).
.
[ John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> ]
* Honor 'nocheck' in DEB_BUILD_OPTIONS (closes: #842787).
.
graphicsmagick (1.3.26-4) unstable; urgency=high
.
* Fix CVE-2017-11643: heap overflow in the WriteCMYKImage() function
(closes: #870157).
* Fix CVE-2017-11636: heap overflow in the WriteRGBImage() function
(closes: #870149).
* Fix CVE-2017-11638 and CVE-2017-11642: null pointer dereference or SEGV if
input is not colormapped (closes: #870154, #870156).
* Fix CVE-2017-11641: memory leak while writing Magick Persistent Cache
format (closes: #870155).
* Fix CVE-2017-11637: NULL pointer dereference in the WritePCLImage()
function (closes: #870153).
* Fix CVE-2017-11722: denial of service via a crafted file
(closes: #870158).
* Remove autotools-dev and dh-autoreconf build dependencies.
.
graphicsmagick (1.3.26-3) unstable; urgency=high
.
* Fix CVE-2017-11140: denial of service (resource consumption) via crafted
JPEG files.
* Fix apparent off-by-one error in MNG FRAM change_clipping processing.
* Fix out-of-order CloseBlob() and DestroyImageList() .
.
graphicsmagick (1.3.26-2) unstable; urgency=high
.
* Fix CVE-2017-11102: remote denial of service during JNG reading via a
zero-length color_image data structrure in ReadOneJNGImage (png.c)
(closes: #867746).
* Add new DestroyJNGInfo@Base and remove DestroyJNG@Base obsolete symbols.
.
graphicsmagick (1.3.26-1) unstable; urgency=high
.
* New upstream release, fixing the following security issues among others:
- META: Fix heap overflow while parsing 8BIM chunk (CVE-2016-7800).
- WPG: Fix heap overflow (CVE-2016-7996). Fix assertion crash
(CVE-2016-7997).
- PNG: Enforce spec requirement that the dimensions of the JPEG embedded
in a JDAT chunk must match the JHDR dimensions (CVE-2016-9830).
- TIFF: Fix out of bounds read when reading CMYKA TIFF which claims to
have only 2 samples per pixel (CVE-2017-6335).
- JNG: Fix memory leak when reading invalid JNG image (CVE-2017-8350).
- TIFF: Fix out of bounds read when reading RGB TIFF which claims to have
only 1 sample per pixel (CVE-2017-10794) (closes: #867085).
- DPX: Fix excessive use of memory (DOS issue) due to file header claiming
large image dimensions but insufficient backing data. (CVE-2017-10799)
(closes: #867077).
- MAT: Fix excessive use of memory (DOS issue) due to continuing
processing with insufficient data and claimed large image size. Verify
each file extent to make sure that it is within range of file size.
(CVE-2017-10800) (closes: #867060).
* Remove previously backported security patches.
* Self-tests build hack no longer needed.
* Update library symbols for this release.
* Update Standards-Version to 4.0.0 and debhelper level to 10 .
graphicsmagick (1.3.30-1) unstable; urgency=high
.
* New upstream release, including many security fixes.
* Build with all hardening enabled.
graphicsmagick (1.3.29+hg15665-1) unstable; urgency=high
.
* Mercurial snapshot, fixing the following security issues:
- use of uninitialized value in IsMonochromeImage() ,
- divide by zero in GetPixelOpacity() ,
- write beyond array bounds in TraceStrokePolygon() ,
- use of uninitialized value in format8BIM() ,
- assertion failure in WriteBlob() ,
- out of bounds write in TraceEllipse() ,
- memory leak and use of uninitialized memory when handling eXIf chunk
in png_malloc() ,
- floating point exception in WriteTIFFImage() ,
- leak of Image when TIFFReadRGBAImage() reports failure,
- potentional leak when compressed object is corrupted,
- floating point exception in WriteTIFFImage() ,
- heap double free in Magick::BlobRef::~BlobRef() ,
- direct leak in TIFFClientOpen() ,
- indirect leak in CloneImage() ,
- direct leak in ReadOneJNGImage() ,
- heap buffer overflow in put1bitbwtile() ,
- use of uninitialized value in SyncImageCallBack() ,
- validate tile memory requests for TIFFReadRGBATile() .
* Remove profiles/sRGB Color Space Profile.ICM and
jp2/data/colorprofiles/srgb.icm for being non-free.
* Remove zlib/contrib/dotzlib/DotZLib.chm for no source available.
graphicsmagick (1.3.29-1) unstable; urgency=high
.
* New upstream release, including many security fixes.
* Remove previously backported security patches.
* Update library symbols for this release.
* Update debhelper level to 11 .
* Update Standards-Version to 4.1.4 .
graphicsmagick (1.3.28-2) unstable; urgency=high
.
* Backport security fixes:
- don't use rescale map if it was not allocated,
- validate number of colormap bits to avoid undefined shift behavior,
- defend against partial scanf() expression matching, resulting in benign
use of uninitialized data,
- don't use rescale map if it was not allocated,
- fix tile index overflow,
- reject XPM if it contains non-whitespace control characters,
- fix forged amount of frames 6755,
- validate header length and offset properties,
- fixed memory leak when tile overflows,
- fix forged amount of frames 7076,
- check for forged image that overflows file size,
- validate size request prior to allocation,
- validate that file size is sufficient for claimed image properties,
- fix signed integer overflow when computing pixels size,
- include number of FITS scenes in file size validations,
- allocate space for null termination and null terminate string,
- validate that samples per pixel is in valid range,
- check whether datablock is really read,
- verify that sufficient backing data exists before allocating memory to
read it,
- duplicate image check for data with fixed geometry,
- CVE-2018-9018: avoid divide-by-zero if delay or timeout properties
changed while ticks_per_second is zero (closes: #894396),
- add checks for EOF,
- validate that PICT rectangles do not have zero dimensions,
- check image pixel limits before allocating memory for tile.
* Backport patch to redesign ReadBlobDwordLSB() to be more effective.
* Backport patch to destroy tile_image in ThrowPICTReaderException() macro
to simplify logic.
* Backport patch to remove shadowed tile_image variable which defeats new
ThrowPICTReaderException() implementation.
graphicsmagick (1.3.28-1) unstable; urgency=high
.
* New upstream release, fixing the following security issues among others:
- BMP: Fix non-terminal loop due to unexpected bit-field mask value
(DOS opportunity),
- PALM: Fix heap buffer underflow in builds with QuantumDepth=8,
- SetNexus() Fix heap overwrite under certain conditions due to using a
wrong destination buffer,
- TIFF: Fix heap buffer read overflow in LocaleNCompare() when parsing
NEWS profile.
* Remove previously backported security patches.
graphicsmagick (1.3.27-4) unstable; urgency=high
.
* Fix CVE-2018-5685: infinite loop in ReadBMPImage() (closes: #887158).
* Fix memory leak of global colormap.
* Fix memory leak of chunk and mng_info in error path.
* Update Standards-Version to 4.1.3 .
graphicsmagick (1.3.27-3) unstable; urgency=high
.
* Fix heap-buffer-overflow on LocaleNCompare() .
* Add some assertions to verify that the image pointer provided by libwebp
is valid.
* Fix NULL pointer dereference in ReadMNGImage() .
* Fix CVE-2017-17913: stack-buffer-overflow in WriteWEBPImage() .
* Fix CVE-2017-17915: heap-buffer-overflow in ReadMNGImage() .
graphicsmagick (1.3.27-2) unstable; urgency=high
.
* Fix CVE-2017-17782: heap-based buffer over-read in ReadOneJNGImage()
(closes: #884905).
* Fix CVE-2017-17783: buffer over-read in ReadPALMImage() (closes: #884904).
graphicsmagick (1.3.27-1) unstable; urgency=medium
.
* New upstream release.
* Remove previously backported security patches.
* Update library symbols for this release.
* Add libwebp-dev dependency to libgraphicsmagick1-dev (closes: #863564).
* Update Standards-Version to 4.1.2 .
graphicsmagick (1.3.26-19) unstable; urgency=high
.
* Fix CVE-2017-16669: heap buffer overflow in AcquireCacheNexus()
(closes: #881391).
* Fix CVE-2017-13134: heap buffer overflow in SFWScan() (closes: #881524).
graphicsmagick (1.3.26-18) unstable; urgency=high
.
* Fix CVE-2017-16547: remote denial of service (negative strncpy and
application crash).
* Fix CVE-2017-16545: NULL pointer dereference (write) with malformed WPG
image.
graphicsmagick (1.3.26-17) unstable; urgency=high
.
* Fix CVE-2017-16353: heap read overflow vulnerability in DescribeImage() .
* Fix CVE-2017-16352: heap-based buffer overflow vulnerability in
DescribeImage() .
graphicsmagick (1.3.26-16) unstable; urgency=high
.
* Fix CVE-2017-15930: NULL pointer dereference while transferring JPEG
scanlines (closes: #879999).
graphicsmagick (1.3.26-15) unstable; urgency=high
.
* Fix CVE-2017-13737: invalid free in MagickFree() (closes: #878511).
graphicsmagick (1.3.26-14) unstable; urgency=high
.
* Fix CVE-2017-15277: assure that global colormap is fully initialized in
ReadGIFImage() .
* Fix memory leak in WriteGIFImage() .
* Fix CVE-2017-15238: use after free in ReadJNGImage() .
graphicsmagick (1.3.26-13) unstable; urgency=high
.
* Fix CVE-2017-14733: heap out of bounds read in ReadRLEImage() .
* Fix CVE-2017-14994: NULL pointer dereference in DICOM Decoder.
* Fix CVE-2017-14997: memory allocation error due to malformed image file.
* Update Standards-Version to 4.1.1 .
graphicsmagick (1.3.26-12) unstable; urgency=high
.
* Update upstream changelog for CVE-2017-14103 .
* Fix CVE-2017-14649: denial of service due to assertion failure in
AcquireImagePixels() (closes: #876460).
* Update Standards-Version to 4.1.0:
- change graphicsmagick-dbg priority to optional.
graphicsmagick (1.3.26-11) unstable; urgency=high
.
* Fix CVE-2017-14504: NULL pointer dereference triggered by malformed file.
graphicsmagick (1.3.26-10) unstable; urgency=high
.
* Fix CVE-2017-14314: heap-based buffer over-read in DrawDashPolygon() .
graphicsmagick (1.3.26-9) unstable; urgency=high
.
* Fix CVE-2017-14165: remote denial of service due to memory allocation
failure in magickmalloc (closes: #874724).
* Fix CVE-2017-14042: memory allocation failure in MagickRealloc()
(closes: #873538).
graphicsmagick (1.3.26-8) unstable; urgency=high
.
* Fix CVE-2017-13775: denial of service issue in ReadJNXImage() .
* Fix CVE-2017-13776 and CVE-2017-13777: denial of service issue in
ReadXBMImage() .
* Fix memory leak vulnerability in ReadJNGImage() which allow attackers to
cause a denial of service via a crafted file.
* Fix double-free after reading a malformed JNG.
* Fix CVE-2017-14103: the ReadJNGImage() and ReadOneJNGImage() functions do
not properly manage image pointers after certain error conditions, which
allows remote use-after-free attacks via a crafted file, related to a
ReadMNGImage() out-of-order CloseBlob() call. This vulnerability exists
because of an incomplete fix for CVE-2017-11403 .
* Fix CVE-2017-8350: crash while reading a malformed JNG file.
graphicsmagick (1.3.26-7) unstable; urgency=high
.
* Fix CVE-2017-13063: heap-based buffer overflow vulnerability in the
GetStyleTokens() function (closes: #873130).
* Fix CVE-2017-13064: another heap-based buffer overflow vulnerability in
the GetStyleTokens() function (closes: #873129).
* Fix CVE-2017-13065: NULL pointer dereference vulnerability in the
SVGStartElement() function (closes: #873119).
graphicsmagick (1.3.26-6) unstable; urgency=high
.
* Fix CVE-2017-12935: invalid memory read in the SetImageColorCallBack()
with large MNG images (closes: #872576).
* Fix CVE-2017-12936: use-after-free issue for data associated with
exception reporting in the ReadWMFImage() function (closes: #872575).
* Fix CVE-2017-12937: colormap heap-based buffer over-read in the
ReadSUNImage() function (closes: #872574).
graphicsmagick (1.3.26-5) unstable; urgency=medium
.
* Handle mangling change for conversion operators in GCC 7 (closes: #871306).
.
[ John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> ]
* Honor 'nocheck' in DEB_BUILD_OPTIONS (closes: #842787).
graphicsmagick (1.3.26-4) unstable; urgency=high
.
* Fix CVE-2017-11643: heap overflow in the WriteCMYKImage() function
(closes: #870157).
* Fix CVE-2017-11636: heap overflow in the WriteRGBImage() function
(closes: #870149).
* Fix CVE-2017-11638 and CVE-2017-11642: null pointer dereference or SEGV if
input is not colormapped (closes: #870154, #870156).
* Fix CVE-2017-11641: memory leak while writing Magick Persistent Cache
format (closes: #870155).
* Fix CVE-2017-11637: NULL pointer dereference in the WritePCLImage()
function (closes: #870153).
* Fix CVE-2017-11722: denial of service via a crafted file
(closes: #870158).
* Remove autotools-dev and dh-autoreconf build dependencies.
graphicsmagick (1.3.26-3) unstable; urgency=high
.
* Fix CVE-2017-11140: denial of service (resource consumption) via crafted
JPEG files.
* Fix apparent off-by-one error in MNG FRAM change_clipping processing.
* Fix out-of-order CloseBlob() and DestroyImageList() .
graphicsmagick (1.3.26-2) unstable; urgency=high
.
* Fix CVE-2017-11102: remote denial of service during JNG reading via a
zero-length color_image data structrure in ReadOneJNGImage (png.c)
(closes: #867746).
* Add new DestroyJNGInfo@Base and remove DestroyJNG@Base obsolete symbols.
graphicsmagick (1.3.26-1) unstable; urgency=high
.
* New upstream release, fixing the following security issues among others:
- META: Fix heap overflow while parsing 8BIM chunk (CVE-2016-7800).
- WPG: Fix heap overflow (CVE-2016-7996). Fix assertion crash
(CVE-2016-7997).
- PNG: Enforce spec requirement that the dimensions of the JPEG embedded
in a JDAT chunk must match the JHDR dimensions (CVE-2016-9830).
- TIFF: Fix out of bounds read when reading CMYKA TIFF which claims to
have only 2 samples per pixel (CVE-2017-6335).
- JNG: Fix memory leak when reading invalid JNG image (CVE-2017-8350).
- TIFF: Fix out of bounds read when reading RGB TIFF which claims to have
only 1 sample per pixel (CVE-2017-10794) (closes: #867085).
- DPX: Fix excessive use of memory (DOS issue) due to file header claiming
large image dimensions but insufficient backing data. (CVE-2017-10799)
(closes: #867077).
- MAT: Fix excessive use of memory (DOS issue) due to continuing
processing with insufficient data and claimed large image size. Verify
each file extent to make sure that it is within range of file size.
(CVE-2017-10800) (closes: #867060).
* Remove previously backported security patches.
* Self-tests build hack no longer needed.
* Update library symbols for this release.
* Update Standards-Version to 4.0.0 and debhelper level to 10 .
grub2 (2.02~beta3-5+deb9u1) stable; urgency=medium
.
* grub-mknetdir: Add support for ARM64 EFI (closes: #871772).
* Cherry-pick upstream patch to change the default TSC calibration method
to pmtimer on EFI systems (closes: #908852).
hdparm (9.51+ds-1+deb9u1) stretch; urgency=medium
.
* Update d/hdparm-funtions: Only enable APM on disks that advertise it,
patch from dann frazier <dannf@debian.org>, Closes: #891051
https-everywhere (2018.8.22-1~deb9u1) stretch; urgency=medium
.
* Rebuild for Stretch.
* The XUL extension is no longer compatible with Firefox 60. Backport the new
WebExtension and restore functionality.
https-everywhere (2018.6.21-1) unstable; urgency=medium
.
* New upstream version 2018.6.21.
* Add myself to Uploaders.
* Declare compliance with Debian Policy 4.2.0.
* Drop gbp.conf.
* Update README.source and explain how to fetch upstream releases.
* Drop debian/docs because README.Debian is installed automatically.
https-everywhere (2018.4.11-1) unstable; urgency=medium
.
* New upstream version 2018.4.11
https-everywhere (2018.4.3-1) unstable; urgency=medium
.
* New upstream version 2018.4.3
* Bumped standards version.
https-everywhere (2018.3.13-1) unstable; urgency=medium
.
* New upstream version 2018.3.13
* Make sure obsolete config file gets deleted. (Closes: #893468)
https-everywhere (2018.2.26-1) unstable; urgency=medium
.
* New upstream version 2018.2.26
https-everywhere (2018.1.29-2) unstable; urgency=medium
.
* Added firefox-esr as alternative recommendation (Closes: #890727)
* Add file to load all extension into chromium
https-everywhere (2018.1.29-1) unstable; urgency=medium
.
* Changed gbp config to use new section naming.
* New upstream version 2018.1.29 (Closes: #881137)
* Added myself as uploader
* Bumped standards and debhelper version.
* Changed packaging to building one web extension usable by both,
chromium and firefox.
* Moved to salsa.
* Document how to enable the extension in chromium.
* Removed old build dependencies that don't seem to be needed anymore.
hylafax (3:6.0.6-7+deb9u1) stretch-security; urgency=medium
.
* CVE-2018-17141.patch
i3-wm (4.13-1+deb9u1) stretch; urgency=medium
.
* cherry-pick patch to “fix crash upon restart when using marks†(Closes: #891919)
iipimage (1.0-1+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Fix apache configuration. Closes: #875637
imagemagick (8:6.9.7.4+dfsg-11+deb9u6) stretch-security; urgency=medium
.
* CVE-2018-16412
* CVE-2018-16413
* CVE-2018-16642
* CVE-2018-16644
* CVE-2018-16645
imagemagick (8:6.9.7.4+dfsg-11+deb9u5) stretch-security; urgency=medium
.
* 0113-CVE-2018-12599 (Closes: #902727)
* 0114-CVE-2018-11251
* 0115-CVE-2018-12600 (Closes: #902728)
* 0116-CVE-2018-5248 (Closes: #886588)
imagemagick (8:6.9.7.4+dfsg-11+deb9u4) stretch-security; urgency=medium
.
* CVE-2017-12877 (Closes: #872373)
* CVE-2017-16546 (Closes: #881392)
* CVE-2017-17499
* CVE-2017-17504
* CVE-2017-17879 (Closes: #885125)
intel-microcode (3.20180807a.1~deb9u1) stretch-security; urgency=high
.
* Upload to Debian stretch (no changes)
* Security fixes:
Intel SA-00161, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646
Intel SA-00115, CVE-2018-3639, CVE-2018-3640
Intel SA-00088, CVE-2017-5753, CVE-2017-5754
.
intel-microcode (3.20180807a.1) unstable; urgency=high
.
[ Henrique de Moraes Holschuh ]
* New upstream microcode datafile 20180807a
(closes: #906158, #906160, #903135, #903141)
+ New Microcodes:
sig 0x000206c2, pf_mask 0x03, 2018-05-08, rev 0x001f, size 11264
sig 0x000206e6, pf_mask 0x04, 2018-05-15, rev 0x000d, size 9216
sig 0x000506c2, pf_mask 0x01, 2018-05-11, rev 0x0014, size 15360
sig 0x000506ca, pf_mask 0x03, 2018-05-11, rev 0x000c, size 14336
sig 0x000506f1, pf_mask 0x01, 2018-05-11, rev 0x0024, size 10240
+ Updated Microcodes:
sig 0x000106a5, pf_mask 0x03, 2018-05-11, rev 0x001d, size 12288
sig 0x000106e5, pf_mask 0x13, 2018-05-08, rev 0x000a, size 9216
sig 0x00020652, pf_mask 0x12, 2018-05-08, rev 0x0011, size 9216
sig 0x00020655, pf_mask 0x92, 2018-04-23, rev 0x0007, size 4096
sig 0x000206a7, pf_mask 0x12, 2018-04-10, rev 0x002e, size 12288
sig 0x000206f2, pf_mask 0x05, 2018-05-16, rev 0x003b, size 14336
sig 0x000306a9, pf_mask 0x12, 2018-04-10, rev 0x0020, size 13312
sig 0x000306c3, pf_mask 0x32, 2018-04-02, rev 0x0025, size 23552
sig 0x000306d4, pf_mask 0xc0, 2018-03-22, rev 0x002b, size 18432
sig 0x00040651, pf_mask 0x72, 2018-04-02, rev 0x0024, size 22528
sig 0x00040661, pf_mask 0x32, 2018-04-02, rev 0x001a, size 25600
sig 0x00040671, pf_mask 0x22, 2018-04-03, rev 0x001e, size 13312
sig 0x000406e3, pf_mask 0xc0, 2018-04-17, rev 0x00c6, size 99328
sig 0x00050662, pf_mask 0x10, 2018-05-25, rev 0x0017, size 31744
sig 0x00050663, pf_mask 0x10, 2018-04-20, rev 0x7000013, size 22528
sig 0x00050664, pf_mask 0x10, 2018-04-20, rev 0xf000012, size 22528
sig 0x000506c9, pf_mask 0x03, 2018-05-11, rev 0x0032, size 16384
sig 0x000506e3, pf_mask 0x36, 2018-04-17, rev 0x00c6, size 99328
sig 0x000706a1, pf_mask 0x01, 2018-05-22, rev 0x0028, size 73728
sig 0x000806e9, pf_mask 0xc0, 2018-03-24, rev 0x008e, size 98304
sig 0x000806ea, pf_mask 0xc0, 2018-05-15, rev 0x0096, size 98304
sig 0x000906e9, pf_mask 0x2a, 2018-03-24, rev 0x008e, size 98304
sig 0x000906ea, pf_mask 0x22, 2018-05-02, rev 0x0096, size 97280
sig 0x000906eb, pf_mask 0x02, 2018-03-24, rev 0x008e, size 98304
+ Implements L1D_FLUSH support (L1TF "Foreshadow/-NG" mitigation)
Intel SA-00161, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646
+ Implements SSBD support (Spectre v4 mitigation),
Disable speculation for (some) RDMSR/WRMSR (Spectre v3a fix)
Intel SA-00115, CVE-2018-3639, CVE-2018-3640
+ Implements IBRS/IBPB/STIPB support, Spectre v2 mitigation for older
processors with signatures 0x106a5, 0x106e5, 0x20652, 0x20655.
Intel SA-0088, CVE-2017-5753, CVE-2017-5754
* source: update symlinks to reflect id of the latest release, 20180807a
* debian/intel-microcode.docs: ship license and releasenote upstream files.
* debian/changelog: update entry for 3.20180703.1 with L1TF information
.
[ Julian Andres Klode ]
* initramfs: include all microcode for MODULES=most.
Default to early instead of auto, and install all of the microcode,
not just the one matching the current CPU, if MODULES=most is set
in the initramfs-tools config (LP: #1778738)
intel-microcode (3.20180807a.1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports (no changes)
.
intel-microcode (3.20180807a.1) unstable; urgency=high
.
[ Henrique de Moraes Holschuh ]
* New upstream microcode datafile 20180807a
(closes: #906158, #906160, #903135, #903141)
+ New Microcodes:
sig 0x000206c2, pf_mask 0x03, 2018-05-08, rev 0x001f, size 11264
sig 0x000206e6, pf_mask 0x04, 2018-05-15, rev 0x000d, size 9216
sig 0x000506c2, pf_mask 0x01, 2018-05-11, rev 0x0014, size 15360
sig 0x000506ca, pf_mask 0x03, 2018-05-11, rev 0x000c, size 14336
sig 0x000506f1, pf_mask 0x01, 2018-05-11, rev 0x0024, size 10240
+ Updated Microcodes:
sig 0x000106a5, pf_mask 0x03, 2018-05-11, rev 0x001d, size 12288
sig 0x000106e5, pf_mask 0x13, 2018-05-08, rev 0x000a, size 9216
sig 0x00020652, pf_mask 0x12, 2018-05-08, rev 0x0011, size 9216
sig 0x00020655, pf_mask 0x92, 2018-04-23, rev 0x0007, size 4096
sig 0x000206a7, pf_mask 0x12, 2018-04-10, rev 0x002e, size 12288
sig 0x000206f2, pf_mask 0x05, 2018-05-16, rev 0x003b, size 14336
sig 0x000306a9, pf_mask 0x12, 2018-04-10, rev 0x0020, size 13312
sig 0x000306c3, pf_mask 0x32, 2018-04-02, rev 0x0025, size 23552
sig 0x000306d4, pf_mask 0xc0, 2018-03-22, rev 0x002b, size 18432
sig 0x00040651, pf_mask 0x72, 2018-04-02, rev 0x0024, size 22528
sig 0x00040661, pf_mask 0x32, 2018-04-02, rev 0x001a, size 25600
sig 0x00040671, pf_mask 0x22, 2018-04-03, rev 0x001e, size 13312
sig 0x000406e3, pf_mask 0xc0, 2018-04-17, rev 0x00c6, size 99328
sig 0x00050662, pf_mask 0x10, 2018-05-25, rev 0x0017, size 31744
sig 0x00050663, pf_mask 0x10, 2018-04-20, rev 0x7000013, size 22528
sig 0x00050664, pf_mask 0x10, 2018-04-20, rev 0xf000012, size 22528
sig 0x000506c9, pf_mask 0x03, 2018-05-11, rev 0x0032, size 16384
sig 0x000506e3, pf_mask 0x36, 2018-04-17, rev 0x00c6, size 99328
sig 0x000706a1, pf_mask 0x01, 2018-05-22, rev 0x0028, size 73728
sig 0x000806e9, pf_mask 0xc0, 2018-03-24, rev 0x008e, size 98304
sig 0x000806ea, pf_mask 0xc0, 2018-05-15, rev 0x0096, size 98304
sig 0x000906e9, pf_mask 0x2a, 2018-03-24, rev 0x008e, size 98304
sig 0x000906ea, pf_mask 0x22, 2018-05-02, rev 0x0096, size 97280
sig 0x000906eb, pf_mask 0x02, 2018-03-24, rev 0x008e, size 98304
+ Implements L1D_FLUSH support (L1TF "Foreshadow/-NG" mitigation)
Intel SA-00161, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646
+ Implements SSBD support (Spectre v4 mitigation),
Disable speculation for (some) RDMSR/WRMSR (Spectre v3a fix)
Intel SA-00115, CVE-2018-3639, CVE-2018-3640
+ Implements IBRS/IBPB/STIPB support, Spectre v2 mitigation for older
processors with signatures 0x106a5, 0x106e5, 0x20652, 0x20655.
Intel SA-0088, CVE-2017-5753, CVE-2017-5754
* source: update symlinks to reflect id of the latest release, 20180807a
* debian/intel-microcode.docs: ship license and releasenote upstream files.
* debian/changelog: update entry for 3.20180703.1 with L1TF information
.
[ Julian Andres Klode ]
* initramfs: include all microcode for MODULES=most.
Default to early instead of auto, and install all of the microcode,
not just the one matching the current CPU, if MODULES=most is set
in the initramfs-tools config (LP: #1778738)
intel-microcode (3.20180807a.1~bpo8+1) jessie-backports-sloppy; urgency=medium
.
* Rebuild for jessie-backports-sloppy (no changes)
.
intel-microcode (3.20180807a.1) unstable; urgency=high
.
[ Henrique de Moraes Holschuh ]
* New upstream microcode datafile 20180807a
(closes: #906158, #906160, #903135, #903141)
+ New Microcodes:
sig 0x000206c2, pf_mask 0x03, 2018-05-08, rev 0x001f, size 11264
sig 0x000206e6, pf_mask 0x04, 2018-05-15, rev 0x000d, size 9216
sig 0x000506c2, pf_mask 0x01, 2018-05-11, rev 0x0014, size 15360
sig 0x000506ca, pf_mask 0x03, 2018-05-11, rev 0x000c, size 14336
sig 0x000506f1, pf_mask 0x01, 2018-05-11, rev 0x0024, size 10240
+ Updated Microcodes:
sig 0x000106a5, pf_mask 0x03, 2018-05-11, rev 0x001d, size 12288
sig 0x000106e5, pf_mask 0x13, 2018-05-08, rev 0x000a, size 9216
sig 0x00020652, pf_mask 0x12, 2018-05-08, rev 0x0011, size 9216
sig 0x00020655, pf_mask 0x92, 2018-04-23, rev 0x0007, size 4096
sig 0x000206a7, pf_mask 0x12, 2018-04-10, rev 0x002e, size 12288
sig 0x000206f2, pf_mask 0x05, 2018-05-16, rev 0x003b, size 14336
sig 0x000306a9, pf_mask 0x12, 2018-04-10, rev 0x0020, size 13312
sig 0x000306c3, pf_mask 0x32, 2018-04-02, rev 0x0025, size 23552
sig 0x000306d4, pf_mask 0xc0, 2018-03-22, rev 0x002b, size 18432
sig 0x00040651, pf_mask 0x72, 2018-04-02, rev 0x0024, size 22528
sig 0x00040661, pf_mask 0x32, 2018-04-02, rev 0x001a, size 25600
sig 0x00040671, pf_mask 0x22, 2018-04-03, rev 0x001e, size 13312
sig 0x000406e3, pf_mask 0xc0, 2018-04-17, rev 0x00c6, size 99328
sig 0x00050662, pf_mask 0x10, 2018-05-25, rev 0x0017, size 31744
sig 0x00050663, pf_mask 0x10, 2018-04-20, rev 0x7000013, size 22528
sig 0x00050664, pf_mask 0x10, 2018-04-20, rev 0xf000012, size 22528
sig 0x000506c9, pf_mask 0x03, 2018-05-11, rev 0x0032, size 16384
sig 0x000506e3, pf_mask 0x36, 2018-04-17, rev 0x00c6, size 99328
sig 0x000706a1, pf_mask 0x01, 2018-05-22, rev 0x0028, size 73728
sig 0x000806e9, pf_mask 0xc0, 2018-03-24, rev 0x008e, size 98304
sig 0x000806ea, pf_mask 0xc0, 2018-05-15, rev 0x0096, size 98304
sig 0x000906e9, pf_mask 0x2a, 2018-03-24, rev 0x008e, size 98304
sig 0x000906ea, pf_mask 0x22, 2018-05-02, rev 0x0096, size 97280
sig 0x000906eb, pf_mask 0x02, 2018-03-24, rev 0x008e, size 98304
+ Implements L1D_FLUSH support (L1TF "Foreshadow/-NG" mitigation)
Intel SA-00161, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646
+ Implements SSBD support (Spectre v4 mitigation),
Disable speculation for (some) RDMSR/WRMSR (Spectre v3a fix)
Intel SA-00115, CVE-2018-3639, CVE-2018-3640
+ Implements IBRS/IBPB/STIPB support, Spectre v2 mitigation for older
processors with signatures 0x106a5, 0x106e5, 0x20652, 0x20655.
Intel SA-0088, CVE-2017-5753, CVE-2017-5754
* source: update symlinks to reflect id of the latest release, 20180807a
* debian/intel-microcode.docs: ship license and releasenote upstream files.
* debian/changelog: update entry for 3.20180703.1 with L1TF information
.
[ Julian Andres Klode ]
* initramfs: include all microcode for MODULES=most.
Default to early instead of auto, and install all of the microcode,
not just the one matching the current CPU, if MODULES=most is set
in the initramfs-tools config (LP: #1778738)
intel-microcode (3.20180703.2) unstable; urgency=medium
.
* source: fix badly named symlink that resulted in most microcode
updates not being shipped in the binary package. Oops!
intel-microcode (3.20180703.2~deb9u1) stretch-security; urgency=high
.
* Upload to Debian stretch (no changes)
Security-fix: CVE-2018-3639, CVE-2018-3640
.
intel-microcode (3.20180703.2) unstable; urgency=medium
.
* source: fix badly named symlink that resulted in most microcode
updates not being shipped in the binary package. Oops!
.
intel-microcode (3.20180703.1) unstable; urgency=medium
.
* New upstream microcode data file 20180703 (closes: #903018)
+ Updated Microcodes:
sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d, size 18432
sig 0x000206d7, pf_mask 0x6d, 2018-05-08, rev 0x0714, size 19456
sig 0x000306e4, pf_mask 0xed, 2018-04-25, rev 0x042d, size 15360
sig 0x000306e7, pf_mask 0xed, 2018-04-25, rev 0x0714, size 17408
sig 0x000306f2, pf_mask 0x6f, 2018-04-20, rev 0x003d, size 33792
sig 0x000306f4, pf_mask 0x80, 2018-04-20, rev 0x0012, size 17408
sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb00002e, size 28672
sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x200004d, size 31744
sig 0x00050665, pf_mask 0x10, 2018-04-20, rev 0xe00000a, size 18432
+ First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640
+ SSBD support (Spectre-v4 mitigation) and fix Spectre-v3a for:
Sandybridge server, Ivy Bridge server, Haswell server, Skylake server,
Broadwell server, a few HEDT Core i7/i9 models that are actually gimped
server dies.
* source: update symlinks to reflect id of the latest release, 20180703
intel-microcode (3.20180703.2~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports (no changes)
.
intel-microcode (3.20180703.2) unstable; urgency=medium
.
* source: fix badly named symlink that resulted in most microcode
updates not being shipped in the binary package. Oops!
.
intel-microcode (3.20180703.1) unstable; urgency=medium
.
* New upstream microcode data file 20180703 (closes: #903018)
+ Updated Microcodes:
sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d, size 18432
sig 0x000206d7, pf_mask 0x6d, 2018-05-08, rev 0x0714, size 19456
sig 0x000306e4, pf_mask 0xed, 2018-04-25, rev 0x042d, size 15360
sig 0x000306e7, pf_mask 0xed, 2018-04-25, rev 0x0714, size 17408
sig 0x000306f2, pf_mask 0x6f, 2018-04-20, rev 0x003d, size 33792
sig 0x000306f4, pf_mask 0x80, 2018-04-20, rev 0x0012, size 17408
sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb00002e, size 28672
sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x200004d, size 31744
sig 0x00050665, pf_mask 0x10, 2018-04-20, rev 0xe00000a, size 18432
+ First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640
+ SSBD support (Spectre-v4 mitigation) and fix Spectre-v3a for:
Sandybridge server, Ivy Bridge server, Haswell server, Skylake server,
Broadwell server, a few HEDT Core i7/i9 models that are actually gimped
server dies.
* source: update symlinks to reflect id of the latest release, 20180703
intel-microcode (3.20180703.2~bpo8+1) jessie-backports-sloppy; urgency=medium
.
* Rebuild for jessie-backports-sloppy (no changes)
.
intel-microcode (3.20180703.2) unstable; urgency=medium
.
* source: fix badly named symlink that resulted in most microcode
updates not being shipped in the binary package. Oops!
.
intel-microcode (3.20180703.1) unstable; urgency=medium
.
* New upstream microcode data file 20180703 (closes: #903018)
+ Updated Microcodes:
sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d, size 18432
sig 0x000206d7, pf_mask 0x6d, 2018-05-08, rev 0x0714, size 19456
sig 0x000306e4, pf_mask 0xed, 2018-04-25, rev 0x042d, size 15360
sig 0x000306e7, pf_mask 0xed, 2018-04-25, rev 0x0714, size 17408
sig 0x000306f2, pf_mask 0x6f, 2018-04-20, rev 0x003d, size 33792
sig 0x000306f4, pf_mask 0x80, 2018-04-20, rev 0x0012, size 17408
sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb00002e, size 28672
sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x200004d, size 31744
sig 0x00050665, pf_mask 0x10, 2018-04-20, rev 0xe00000a, size 18432
+ First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640
+ SSBD support (Spectre-v4 mitigation) and fix Spectre-v3a for:
Sandybridge server, Ivy Bridge server, Haswell server, Skylake server,
Broadwell server, a few HEDT Core i7/i9 models that are actually gimped
server dies.
* source: update symlinks to reflect id of the latest release, 20180703
intel-microcode (3.20180703.1) unstable; urgency=medium
.
* New upstream microcode data file 20180703 (closes: #903018)
+ Updated Microcodes:
sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d, size 18432
sig 0x000206d7, pf_mask 0x6d, 2018-05-08, rev 0x0714, size 19456
sig 0x000306e4, pf_mask 0xed, 2018-04-25, rev 0x042d, size 15360
sig 0x000306e7, pf_mask 0xed, 2018-04-25, rev 0x0714, size 17408
sig 0x000306f2, pf_mask 0x6f, 2018-04-20, rev 0x003d, size 33792
sig 0x000306f4, pf_mask 0x80, 2018-04-20, rev 0x0012, size 17408
sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb00002e, size 28672
sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x200004d, size 31744
sig 0x00050665, pf_mask 0x10, 2018-04-20, rev 0xe00000a, size 18432
+ First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640
+ SSBD support (Spectre-v4 mitigation) and fix Spectre-v3a for:
Sandybridge server, Ivy Bridge server, Haswell server, Skylake server,
Broadwell server, a few HEDT Core i7/i9 models that are actually gimped
server dies.
* source: update symlinks to reflect id of the latest release, 20180703
intel-microcode (3.20180425.1) unstable; urgency=medium
.
* New upstream microcode data file 20180425 (closes: #897443, #895878)
+ Updated Microcodes:
sig 0x000406f1, pf_mask 0xef, 2018-03-21, rev 0xb00002c, size 27648
sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728
+ Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation
+ Note that sig 0x000604f1 has been blacklisted from late-loading
since Debian release 3.20171117.1.
* source: remove undesired list files from microcode directories
* source: switch to microcode-<id>.d/ since Intel dropped .dat
support.
jetty9 (9.2.21-1+deb9u1) stretch-security; urgency=medium
.
* CVE-2017-7658 CVE-2017-7657 CVE-2017-7656
jhead (1:3.00-4+deb9u1) stretch; urgency=high
.
* d/p/32_crash_in_gpsinfo: Fix CVE-2018-17088
* d/p/33_fix_908176: Fix CVE-2018-16554
* d/p/34_buffer_overflow: Fix heap buffer overflow
kamailio (4.4.4-2+deb9u3) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* core: improve header safe guards for Via handling (CVE-2018-16657)
kamailio (4.4.4-2+deb9u2) stretch-security; urgency=high
.
* fixes from upstream related to security issue CVE-2018-14767
https://www.kamailio.org/w/2018/07/kamailio-security-announcement-for-kamailio-core/
keystone (2:10.0.0-9+deb9u1) stretch-security; urgency=medium
.
* CVE-2018-14432: authenticated user may discover projects they have no
authority to access, leaking all projects in the deployment and their
attributes. Applie upstream patch for Ocata rebased to Newton: "Reduce
duplication in federated auth APIs (Closes: #904616).
lastpass-cli (1.0.0-1.2+deb9u1) stable; urgency=medium
.
* Backport hardcoded certificate pins from lastpass-cli 1.3.1 to reflect
changes in hosted Lastpass.com service. (Closes: #898940)
* Add missing ca-certificates to Depends.
lcms2 (2.8-4+deb9u1) stretch-security; urgency=medium
.
* CVE-2018-16435
ldap2zone (0.2-9+deb9u1) stretch; urgency=medium
.
* debian/patches:
+ Add 0013_fix-wrong-var-usage.patch. Fix endless loop when checking
serial of a zone. Thanks to Francois Masson for providing a patch.
(Closes: #877508).
libarchive-zip-perl (1.59-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Prevent from traversing symlinks and parent directories when extracting
(CVE-2018-10860) (Closes: #902882)
* Extract test files needed for t/25_traversal.t test.
Add zip files to debian/t/data directory and add them to
debian/sorce/include-binaries to include those in the debian tarball.
Add an override for dh_auto_test to copy debian/t/data/*.zip testfiles
to test directory prior to running the testsuite.
Clean test files needed for t/25_traversal.t in dh_clean
libcgroup (0.41-8+deb9u1) stretch; urgency=high
.
* Non-maintainer upload.
* Fix CVE-2018-14348:
The cgrulesengd daemon in libcgroup creates log files with world readable
and writable permissions due to a reset of the file mode creation mask
(umask(0)). (Closes: #906308)
libclamunrar (0.100.1-0+deb9u1) stretch; urgency=medium
.
[ Sebastian Andrzej Siewior ]
* New upstream version
- Buffer over-read in unRAR code due to missing max value checks in table
initialization. Reported by Rui Reis.
- drop all patches (were picked from upstream, the openssl patch is
obsolete).
.
[ Scott Kitterman ]
* Delete symlinks to files no longer shipped in libclamav7 (Closes: #903792)
libclamunrar (0.100.0-1) unstable; urgency=medium
.
* Update to new upstream version (Closes: #873027).
* Update compat level to 11.
* Drop autoreconf related build-depends.
* Point Vcs* to salsa.
* Bumped standards version to 4.1.4.
- Use priority optional.
* Use https in the watchfile.
* Use `hardening=+all'.
libclamunrar (0.99-4) unstable; urgency=medium
.
* Cherry pick fix for arbitrary memory write. CVE-2012-6706
(Closes: #867223).
libdap (3.18.2-2+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Add libdap-doc.docs to install docs. Closes: #889210
* Drop description reference to external docs. Closes: #837429
libdatetime-timezone-perl (1:2.09-1+2018g) stretch; urgency=medium
.
* Update to Olson database version 2018g.
This update contains contemporary changes for Morocco.
libdatetime-timezone-perl (1:2.09-1+2018f) stretch; urgency=medium
.
* Update to Olson database version 2018f.
This update contains contemporary changes for Russia (Volograd), Fiji, and
Chile.
libextractor (1:1.3-4+deb9u2) stretch-security; urgency=high
.
* Fix CVE-2018-14346 (Closes: #904903), a stack-based buffer overflow
in unzip.c.
* Fix CVE-2018-14347 (Closes: #904905), infinite loop vulnerability in
mpeg_extractor.c.
* Fix CVE-2018-16430 (Closes: #907987), missing 0-terminator on corrupted
ZIP files.
libgd2 (2.2.4-2+deb9u3) stretch; urgency=medium
.
* CVE-2018-1000222 (Closes: #906886)
* CVE-2018-5711 (Closes: #887485)
libmail-deliverystatus-bounceparser-perl (1.542+repacked-1~deb9u1) stretch; urgency=medium
.
* Team upload
* Repack excluding viruses found by uscan (Closes: #864800)
libmspack (0.5-1+deb9u3) stretch; urgency=high
.
* Non-maintainer upload by the LTS Team.
* CVE-2018-18584 (Closes: #911640)
Fixing the size of the CAB block input buffer, which is too small
for the maximal Quantum block, prevents an out-of-bounds write.
* CVE-2018-18585 (Closes: #911637)
Blank filenames (having length zero or their 1st or 2nd byte is
null) should be rejected.
libmspack (0.5-1+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload.
* Add security related patches:
- 0b0ef9344255 ("kwaj_read_headers(): fix handling of non-terminated
strings") CVE-2018-14681 (Closes: 904799).
- 4fd9ccaa54e1 ("Fix off-by-one error in chmd TOLOWER() fallback")
CVE-2018-14682 (Closes: 904800).
- 72e70a921f0f ("Fix off-by-one bounds check on CHM PMGI/PMGL chunk
numbers and reject empty filenames.") CVE-2018-14679,
CVE-2018-14680 (Closes: 904802, 904801).
libopenmpt (0.2.7386~beta20.3-3+deb9u3) stretch; urgency=medium
.
* Add patch to fix CVE-2018-10017 (Closes: #895406).
- up11: Out-of-bounds read loading IT / MO3 files with many pattern loops.
libseccomp (2.3.1-2.1+deb9u1) stretch; urgency=medium
.
* Add support for Linux 4.9 syscalls:
preadv2, pwritev2, pkey_mprotect, pkey_alloc and pkey_free
* Add support for the statx syscall.
libssh (0.7.3-2+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Authentication bypass vulnerability (CVE-2018-10933) (Closes: #911149)
libtirpc (0.2.5-1.2+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* rendezvous_request: check the makefd_xprt return value (CVE-2018-14622)
(Closes: #907608)
libx11 (2:1.6.4-3+deb9u1) stretch; urgency=high
.
* Non-maintainer upload.
* Fix CVE-2018-14598, CVE-2018-14599 and CVE-2018-14600:
* CVE-2018-14599:
The functions XGetFontPath, XListExtensions, and XListFonts are vulnerable
to an off-by-one override on malicious server responses.
* CVE-2018-14600:
The length value is interpreted as signed char on many systems (depending
on default signedness of char), which can lead to an out of boundary write
up to 128 bytes in front of the allocated storage, but limited to NUL
byte(s).
* CVE-2018-14598:
If the server sends a reply in which even the first string would overflow
the transmitted bytes, list[0] (or flist[0]) will be set to NULL and a
count of 0 is returned. This may trigger a segmentation fault leading to a
Denial of Service.
libxcursor (1:1.1.14-1+deb9u2) stretch; urgency=high
.
* Fix a denial of service or potentially code execution via
a one-byte heap overflow. (CVE-2015-9262) (Closes: #906012)
libxml-stream-perl (1.24-2+deb9u1) stretch; urgency=medium
.
* Provide a default CA path (closes: #908027, LP: 1774614)
libxml-structured-perl (1.01-2+deb9u1) stretch; urgency=medium
.
[ gregor herrmann ]
* Add missing build and runtime dependency on libxml-parser-perl.
(Closes: #896502)
linux (4.9.130-2) stretch; urgency=medium
.
[ Salvatore Bonaccorso ]
* Ignore ABI change for return_address.
Fixes "FTBFS on armel/armhf: ABI change for return_address".
Modules will use their own inline copy.
Thanks to Cyril Brulebois for the analysis (Closes: #911421)
linux (4.9.130-1) stretch; urgency=medium
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.111
- [x86] spectre_v1: Disable compiler optimizations over
array_index_mask_nospec()
- [x86] mce: Improve error message when kernel cannot recover
- [x86] mce: Check for alternate indication of machine check recovery on
Skylake
- [x86] mce: Fix incorrect "Machine check from unknown source" message
- [x86] mce: Do not overwrite MCi_STATUS in mce_no_way_out()
- [x86] Call fixup_exception() before notify_die() in math_error()
- [m68k] mm: Adjust VM area to be unmapped by gap size for __iounmap()
- [sh4] serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding
version
- usb: do not reset if a low-speed or full-speed device timed out
- 1wire: family module autoload fails because of upper/lower case
mismatch.
- ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it
- lib/vsprintf: Remove atomic-unsafe support for %pCr
- [mips*] ftrace: fix static function graph tracing
- branch-check: fix long->int truncation when profiling branches
- ipmi:bt: Set the timeout before doing a capabilities check
- Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw
loader
- fuse: atomic_o_trunc should truncate pagecache
- fuse: don't keep dead fuse_conn at fuse_fill_super().
- fuse: fix control dir setup and teardown
- [powerpc*] mm/hash: Add missing isync prior to kernel stack SLB switch
- [powerpc*] ptrace: Fix setting 512B aligned breakpoints with
PTRACE_SET_DEBUGREG
- [powerpc*] /ptrace: Fix enforcement of DAWR constraints
- [powerpc*] powernv/ioda2: Remove redundant free of TCE pages
- [poewrpc*] cpuidle: powernv: Fix promotion from snooze if next state
disabled
- [powerpc*] fadump: Unregister fadump on kexec down path.
- [arm*] 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct
size
- [arm64] kpti: Use early_param for kpti= command-line option
- [arm64] mm: Ensure writes to swapper are ordered wrt subsequent cache
maintenance
- IB/qib: Fix DMA api warning with debug kernel
- IB/{hfi1, qib}: Add handling of kernel restart
- IB/mlx5: Fetch soft WQE's on fatal error state
- IB/isert: Fix for lib/dma_debug check_sync warning
- IB/isert: fix T10-pi check mask setting
- RDMA/mlx4: Discard unknown SQP work requests
- mtd: cfi_cmdset_0002: Change write buffer to check correct value
- mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock()
- mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips
- mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary
- mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking.
- PCI: Add ACS quirk for Intel 7th & 8th Gen mobile
- PCI: Add ACS quirk for Intel 300 series
- PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on
resume
- printk: fix possible reuse of va_list variable
- [mips*] io: Add barrier after register read in inX()
- time: Make sure jiffies_to_msecs() preserves non-zero time periods
- Btrfs: fix return value on rename exchange failure
- Btrfs: fix unexpected cow in run_delalloc_nocow
- iio:buffer: make length types match kfifo types
- scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails
- [s390x] scsi: zfcp: fix missing SCSI trace for result of
eh_host_reset_handler
- [s390x] scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh
TMF
- [s390x] scsi: zfcp: fix misleading REC trigger trace where erp_action
setup failed
- [s390x] scsi: zfcp: fix missing REC trigger trace on terminate_rport_io
early return
- [s390x] scsi: zfcp: fix missing REC trigger trace on terminate_rport_io
for ERP_FAILED
- [s390x] scsi: zfcp: fix missing REC trigger trace for all objects in
ERP_FAILED
- [s390x] scsi: zfcp: fix missing REC trigger trace on enqueue without ERP
thread
- linvdimm, pmem: Preserve read-only setting for pmem devices
- md: fix two problems with setting the "re-add" device state.
- ubi: fastmap: Cancel work upon detach
- ubi: fastmap: Correctly handle interrupted erasures in EBA
- UBIFS: Fix potential integer overflow in allocation
- [x86] mfd: intel-lpss: Program REMAP register in PIO mode
- perf tools: Fix symbol and object code resolution for vdso32 and vdsox32
- perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING
- perf intel-pt: Fix decoding to accept CBR between FUP and corresponding
TIP
- perf intel-pt: Fix MTC timing after overflow
- perf intel-pt: Fix "Unexpected indirect branch" error
- perf intel-pt: Fix packet decoding of CYC packets
- media: v4l2-compat-ioctl32: prevent go past max size
- media: cx231xx: Add support for AverMedia DVD EZMaker 7
- media: dvb_frontend: fix locking issues at dvb_frontend_get_event()
- nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir
- NFSv4: Fix possible 1-byte stack overflow in
nfs_idmap_read_and_verify_message
- NFSv4: Revert commit 5f83d86cf531d ("NFSv4.x: Fix wraparound issues..")
- video: uvesafb: Fix integer overflow in allocation (CVE-2018-13406)
- Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID
- pwm: lpss: platform: Save/restore the ctrl register over a
suspend/resume
- rbd: flush rbd_dev->watch_dwork after watch is unregistered
- [x86] mm: fix devmem_is_allowed() for sub-page System RAM intersections
- xen: Remove unnecessary BUG_ON from __unbind_from_irq()
- udf: Detect incorrect directory size
- Input: elan_i2c_smbus - fix more potential stack buffer overflows
- Input: elantech - enable middle button of touchpads on ThinkPad P52
- Input: elantech - fix V4 report decoding for module with middle key
- ALSA: hda/realtek - Fix pop noise on Lenovo P50 & co
- ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210
- block: Fix transfer when chunk sectors exceeds max
- dm thin: handle running out of data space vs concurrent discard
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.112
- usb: cdc_acm: Add quirk for Uniden UBC125 scanner
- USB: serial: cp210x: add CESINEL device ids
- USB: serial: cp210x: add Silicon Labs IDs for Windows Update
- [arm64,armhf] usb: dwc2: fix the incorrect bitmaps for the ports of
multi_tt hub
- n_tty: Fix stall at n_tty_receive_char_special().
- n_tty: Access echo_* variables carefully.
- vt: prevent leaking uninitialized data to userspace via /dev/vcs*
- ipv4: Fix error return value in fib_convert_metrics()
- [x86] kprobes: Do not modify singlestep buffer while resuming
- netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in
nft_do_chain()
- net: phy: micrel: fix crash when statistic requested for KSZ9031 phy
- [armhf] dts: imx6q: Use correct SDMA script for SPI5 core
- IB/hfi1: Fix user context tail allocation for DMA_RTAIL
- mm: hugetlb: yield when prepping struct pages
- tracing: Fix missing return symbol in function_graph output
- scsi: sg: mitigate read/write abuse
- [s390x] Correct register corruption in critical section cleanup
- drbd: fix access after free
- cifs: Fix infinite loop when using hard mount option
- drm/udl: fix display corruption of the last line
- ext4: include the illegal physical block in the bad map ext4_error msg
- ext4: add more mount time checks of the superblock
- ext4: check superblock mapped prior to committing
- mlxsw: spectrum: Forbid linking of VLAN devices to devices that have
uppers
- [x86] HID: i2c-hid: Fix "incomplete report" noise
- HID: hiddev: fix potential Spectre v1
- HID: debug: check length before copy_to_user() (CVE-2018-9516)
- PM / OPP: Update voltage in case freq == old_freq
- Kbuild: fix # escaping in .cmd files for future Make
- media: cx25840: Use subdev host data for PLL override
- mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
- dm bufio: avoid sleeping while holding the dm_bufio lock
- dm bufio: drop the lock when doing GFP_NOIO allocation
- [armhf] mtd: rawnand: mxc: set spare area size register explicitly
- dm bufio: don't take the lock in dm_bufio_shrink_count
- mtd: cfi_cmdset_0002: Change definition naming to retry write operation
- mtd: cfi_cmdset_0002: Change erase functions to retry for error
- mtd: cfi_cmdset_0002: Change erase functions to check chip good only
- netfilter: nf_log: don't hold nf_log_mutex during user access
- [x86] staging: comedi: quatech_daqp_cs: fix no-op loop
daqp_ao_insn_write()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.113
- nvme: validate admin queue before unquiesce
- [mips*] Call dump_stack() from show_regs()
- [mips*] Fix ioremap() RAM check
- mmc: dw_mmc: fix card threshold control configuration
- [x86] ibmasm: don't write out of bounds in read handler
- ata: Fix ZBC_OUT command block check
- ata: Fix ZBC_OUT all bit handling
- vmw_balloon: fix inflation with batching
- ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS
- USB: serial: ch341: fix type promotion bug in ch341_control_in()
- USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick
- USB: serial: keyspan_pda: fix modem-status error handling
- USB: yurex: fix out-of-bounds uaccess in read handler (CVE-2018-16276)
- USB: serial: mos7840: fix status-register error handling
- usb: quirks: add delay quirks for Corsair Strafe
- xhci: xhci-mem: off by one in xhci_stream_id_to_ring()
- HID: usbhid: add quirk for innomedia INNEX GENESIS/ATARI adapter
- ALSA: hda - Handle pm failure during hotplug
- fs, elf: make sure to page align bss in load_elf_library
- tools build: fix # escaping in .cmd files for future Make
- [arm64,armhf] i2c: tegra: Fix NACK error handling
- iw_cxgb4: correctly enforce the max reg_mr depth
- nvme-pci: Remap CMB SQ entries on every controller reset
- [x86] uprobes: Remove incorrect WARN_ON() in uprobe_init_insn()
- netfilter: nf_queue: augment nfqa_cfg_policy
- netfilter: x_tables: initialise match/target check parameter struct
- loop: add recursion validation to LOOP_CHANGE_FD
- PM / hibernate: Fix oops at snapshot_write()
- loop: remember whether sysfs_create_group() was done
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.114
- [mips*] Use async IPIs for arch_trigger_cpumask_backtrace()
- compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline
declarations
- [x86] asm: Add _ASM_ARG* constants for argument registers to <asm/asm.h>
- [x86] paravirt: Make native_save_fl() extern inline
- mtd: m25p80: consider max message size in m25p80_read
- atm: zatm: Fix potential Spectre v1
- ipvlan: fix IFLA_MTU ignored on NEWLINK
- net: dccp: avoid crash in ccid3_hc_rx_send_feedback()
- net: dccp: switch rx_tstamp_last_feedback to monotonic clock
- net/mlx5: Fix incorrect raw command length parsing
- net/mlx5: Fix wrong size allocation for QoS ETC TC regitster
- net_sched: blackhole: tell upper qdisc about dropped packets
- net: sungem: fix rx checksum support
- qed: Fix use of incorrect size in memcpy call.
- qed: Limit msix vectors in kdump kernel to the minimum required count.
- qmi_wwan: add support for the Dell Wireless 5821e module
- r8152: napi hangup fix after disconnect
- tcp: fix Fast Open key endianness
- tcp: prevent bogus FRTO undos with non-SACK flows
- vhost_net: validate sock before trying to put its fd
- net/packet: fix use-after-free
- net/mlx5: Fix command interface race in polling mode
- net: cxgb3_main: fix potential Spectre v1
- rtlwifi: rtl8821ae: fix firmware is not ready to run
- net: lan78xx: Fix race in tx pending skb size calculation
- netfilter: ebtables: reject non-bridge targets
- reiserfs: fix buffer overflow with long warning messages
- KEYS: DNS: fix parsing multiple options
- netfilter: ipv6: nf_defrag: drop skb dst before queueing
- rds: avoid unenecessary cong_update in loop transport
- net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL.
- [arm64] assembler: introduce ldr_this_cpu
- [arm64] KVM: Store vcpu on the stack during __guest_enter()
- [arm*] KVM: Convert kvm_host_cpu_state to a static per-cpu allocation
- [arm64] KVM: Change hyp_panic()s dependency on tpidr_el2
- [arm64] alternatives: use tpidr_el2 on VHE hosts
- [arm64] KVM: Stop save/restoring host tpidr_el1 on VHE
- [arm64] alternatives: Add dynamic patching feature
- [arm*] KVM: Do not use kern_hyp_va() with kvm_vgic_global_state
- [arm64] KVM: Avoid storing the vcpu pointer on the stack
- [arm*] smccc: Add SMCCC-specific return codes
- [arm64] Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1
- [arm64] Add per-cpu infrastructure to call ARCH_WORKAROUND_2
- [arm64] Add ARCH_WORKAROUND_2 probing
- [arm64] Add 'ssbd' command-line option
- [arm64] ssbd: Add global mitigation state accessor
- [arm64] ssbd: Skip apply_ssbd if not using dynamic mitigation
- [arm64] ssbd: Restore mitigation status on CPU resume
- [arm64] ssbd: Introduce thread flag to control userspace mitigation
- [arm64] ssbd: Add prctl interface for per-thread mitigation
- [arm64] KVM: Add HYP per-cpu accessors
- [arm64] KVM: Add ARCH_WORKAROUND_2 support for guests
- [arm64] KVM: Handle guest's ARCH_WORKAROUND_2 requests
- [arm64] KVM: Add ARCH_WORKAROUND_2 discovery through
ARCH_FEATURES_FUNC_ID
- string: drop __must_check from strscpy() and restore strscpy() usages in
cgroup
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.115
- KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in
parallel.
- [x86] apm: Don't access __preempt_count with zeroed fs
- [x86] MCE: Remove min interval polling limitation
- fat: fix memory allocation failure handling of match_strdup()
- ALSA: rawmidi: Change resized buffers atomically (CVE-2018-10902)
- mm: memcg: fix use after free in mem_cgroup_iter()
- mm/huge_memory.c: fix data loss when splitting a file pmd
- vfio/pci: Fix potential Spectre v1
- [x86] drm/i915: Fix hotplug irq ack on i965/g4x
- gen_stats: Fix netlink stats dumping in the presence of padding
- ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns
- ipv6: fix useless rol32 call on hash
- lib/rhashtable: consider param->min_size when setting initial table size
- net: diag: Don't double-free TCP_NEW_SYN_RECV sockets in tcp_abort
- net/ipv4: Set oif in fib_compute_spec_dst
- net: phy: fix flag masking in __set_phy_supported
- ptp: fix missing break in switch
- qmi_wwan: add support for Quectel EG91
- tg3: Add higher cpu clock for 5762.
- net: usb: asix: replace mii_nway_restart in resume path
- net: Don't copy pfmemalloc flag in __copy_skb_header()
- skbuff: Unconditionally copy pfmemalloc in __skb_clone()
- xhci: Fix perceived dead host due to runtime suspend race with event
handler
- xprtrdma: Return -ENOBUFS when no pages are available
- block: do not use interruptible wait anywhere
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.116
- [mips*] Fix off-by-one in pci_resource_to_user()
- ip: hash fragments consistently
- ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull
- net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper
- net: skb_segment() should not return NULL
- net/mlx5: Adjust clock overflow work period
- net/mlx5e: Don't allow aRFS for encapsulated packets
- net/mlx5e: Fix quota counting in aRFS expire flow
- multicast: do not restore deleted record source filter mode to new one
- net: phy: consider PHY_IGNORE_INTERRUPT in phy_start_aneg_priv
- rtnetlink: add rtnl_link_state check in rtnl_configure_link
- tcp: fix dctcp delayed ACK schedule
- tcp: helpers to send special DCTCP ack
- tcp: do not cancel delay-AcK on DCTCP special ACK
- tcp: do not delay ACK in DCTCP upon CE status change
- usb: cdc_acm: Add quirk for Castles VEGA3000
- usb: core: handle hub C_PORT_OVER_CURRENT condition
- usb: gadget: f_fs: Only return delayed status when len is 0
- driver core: Partially revert "driver core: correct device's shutdown
order"
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.117
- Input: elan_i2c - add ACPI ID for lenovo ideapad 330
- Input: i8042 - add Lenovo LaVie Z to the i8042 reset list
- Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST
- [x86] kvm, mm: account shadow page tables to kmemcg
- tracing: Fix double free of event_trigger_data
- tracing: Fix possible double free in event_enable_trigger_func()
- kthread, tracing: Don't expose half-written comm when creating kthreads
- tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure
- tracing: Quiet gcc warning about maybe unused link variable
- [arm64] fix vmemmap BUILD_BUG_ON() triggering on !vmemmap setups
- [arm64,armhf] usb: dwc2: Fix DMA alignment to start at allocated
boundary
- kcov: ensure irq code sees a valid area
- xen/netfront: raise max number of slots in xennet_get_responses()
- ALSA: emu10k1: add error handling for snd_ctl_add
- ALSA: fm801: add error handling for snd_ctl_add
- nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo
- mm: vmalloc: avoid racy handling of debugobjects in vunmap
- mm/slub.c: add __printf verification to slab_err()
- rtc: ensure rtc_set_alarm fails when alarms are not supported
- perf tools: Fix pmu events parsing rule
- netfilter: ipset: List timing out entries with "timeout 1" instead of
zero
- infiniband: fix a possible use-after-free bug (CVE-2018-14734)
- [powerpc*] powerpc/eeh: Fix use-after-release of EEH driver
- hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common()
- [powerpc*] powerpc/64s: Fix compiler store ordering to SLB shadow area
- RDMA/mad: Convert BUG_ONs to error flows
- netfilter: nf_tables: check msg_type before nft_trans_set(trans)
- pnfs: Don't release the sequence slot until we've processed layoutget on
open
- disable loading f2fs module on PAGE_SIZE > 4KB
- f2fs: fix error path of move_data_page
- f2fs: fix to don't trigger writeback during recovery
- f2fs: fix to wait page writeback during revoking atomic write
- f2fs: Fix deadlock in shutdown ioctl
- f2fs: fix race in between GC and atomic open
- usbip: usbip_detach: Fix memory, udev context and udev leak
- [x86] perf/x86/intel/uncore: Correct fixed counter index check in
generic code
- [x86] perf/x86/intel/uncore: Correct fixed counter index check for NHM
- iwlwifi: pcie: fix race in Rx buffer allocator
- Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning
- Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011
- ASoC: dpcm: fix BE dai not hw_free and shutdown
- [arm64,armhf] mfd: cros_ec: Fail early if we cannot identify the EC
- mwifiex: handle race during mwifiex_usb_disconnect
- wlcore: sdio: check for valid platform device data before suspend
- media: tw686x: Fix incorrect vb2_mem_ops GFP flags
- media: videobuf2-core: don't call memop 'finish' when queueing
- btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups
- btrfs: qgroup: Finish rescan when hit the last leaf of extent tree
- PCI: Prevent sysfs disable of device while driver is attached
- ath: Add regulatory mapping for FCC3_ETSIC
- ath: Add regulatory mapping for ETSI8_WORLD
- ath: Add regulatory mapping for APL13_WORLD
- ath: Add regulatory mapping for APL2_FCCA
- ath: Add regulatory mapping for Uganda
- ath: Add regulatory mapping for Tanzania
- ath: Add regulatory mapping for Serbia
- ath: Add regulatory mapping for Bermuda
- ath: Add regulatory mapping for Bahamas
- [powerpc*] chrp/time: Make some functions static, add missing header
include
- [powerpc*] powermac: Add missing prototype for note_bootable_part()
- [powerpc*] powermac: Mark variable x as unused
- [powerpc*] 8xx: fix invalid register expression in head_8xx.S
- [powerpc*] bpf: powerpc64: pad function address loads with NOPs
- PCI: pciehp: Request control of native hotplug only if supported
- mwifiex: correct histogram data with appropriate index
- ima: based on policy verify firmware signatures (pre-allocated buffer)
- fscrypt: use unbound workqueue for decryption
- scsi: ufs: fix exception event handling
- ALSA: emu10k1: Rate-limit error messages about page errors
- [armhf] regulator: pfuze100: add .is_enable() for
pfuze100_swb_regulator_ops
- md: fix NULL dereference of mddev->pers in remove_and_add_spares()
- ixgbevf: fix MAC address changes through ixgbevf_set_mac()
- ALSA: usb-audio: Apply rate limit to warning messages in URB complete
callback
- [arm64] cmpwait: Clear event register before arming exclusive monitor
- HID: hid-plantronics: Re-resend Update to map button for PTT products
- drm/radeon: fix mode_valid's return type
- [powerpc*] embedded6xx/hlwd-pic: Prevent interrupts from being handled
by Starlet
- HID: i2c-hid: check if device is there before really probing
- nvmem: properly handle returned value nvmem_reg_read
- tty: Fix data race in tty_insert_flip_string_fixed_flag
- dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA
- libata: Fix command retry decision
- media: media-device: fix ioctl function types
- media: saa7164: Fix driver name in debug output
- brcmfmac: Add support for bcm43364 wireless chipset
- [s390x] cpum_sf: Add data entry sizes to sampling trailer entry
- perf: fix invalid bit in diagnostic entry
- bnxt_en: Check unsupported speeds in bnxt_update_link() on PF only.
- scsi: 3w-9xxx: fix a missing-check bug
- scsi: 3w-xxxx: fix a missing-check bug
- scsi: megaraid: silence a static checker bug
- [x86] staging: lustre: o2iblnd: fix race at kiblnd_connect_peer
- [armhf] thermal: exynos: fix setting rising_threshold for Exynos5433
- bpf: fix references to free_bpf_prog_info() in comments
- media: siano: get rid of __le32/__le16 cast warnings
- drm/atomic: Handling the case when setting old crtc for plane
- ALSA: hda/ca0132: fix build failure when a local macro is defined
- mmc: dw_mmc: update actual clock for mmc debugfs
- mmc: pwrseq: Use kmalloc_array instead of stack VLA
- dt-bindings: pinctrl: meson: add support for the Meson8m2 SoC
- dt-bindings: net: meson-dwmac: new compatible name for AXG SoC
- stop_machine: Use raw spinlocks
- [arm64,armhf] memory: tegra: Do not handle spurious interrupts
- [arm64,armhf] memory: tegra: Apply interrupts mask per SoC
- [x86] drm/gma500: fix psb_intel_lvds_mode_valid()'s return type
- ipconfig: Correctly initialise ic_nameservers
- rsi: Fix 'invalid vdd' warning in mmc
- audit: allow not equal op for audit by executable
- [x86] staging: lustre: llite: correct removexattr detection
- [x86] staging: lustre: ldlm: free resource when ldlm_lock_create()
fails.
- serial: core: Make sure compiler barfs for 16-byte earlycon names
- usb: hub: Don't wait for connect state at resume for powered-off ports
- crypto: authencesn - don't leak pointers to authenc keys
- crypto: authenc - don't leak pointers to authenc keys
- [armhf] media: omap3isp: fix unbalanced dma_iommu_mapping
- scsi: scsi_dh: replace too broad "TP9" string with the exact models
- scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs
- media: si470x: fix __be16 annotations
- drm: Add DP PSR2 sink enable bit
- random: mix rdrand with entropy sent in from userspace
- squashfs: be more careful about metadata corruption
- ext4: fix inline data updates with checksums enabled
- ext4: check for allocation block validity with block group locked
- RDMA/uverbs: Protect from attempts to create flows on unsupported QP
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.118
- ipv4: remove BUG_ON() from fib_compute_spec_dst
- net: ena: Fix use of uninitialized DMA address bits field
- [arm64] net: fix amd-xgbe flow-control issue
- net: lan78xx: fix rx handling before first packet is send
- NET: stmmac: align DMA stuff to largest cache line length
- tcp_bbr: fix bw probing to raise in-flight data for very small BDPs
- xen-netfront: wait xenbus state change when load module manually
- tcp: do not force quickack when receiving out-of-order packets
- tcp: add max_quickacks param to tcp_incr_quickack and
tcp_enter_quickack_mode
- tcp: do not aggressively quick ack after ECN events
- tcp: refactor tcp_ecn_check_ce to remove sk type cast
- tcp: add one more quick ack after after ECN events
- [x86] pinctrl: intel: Read back TX buffer state
- sched/wait: Remove the lockless swait_active() check in swake_up*()
- bonding: avoid lockdep confusion in bond_get_stats()
- inet: frag: enforce memory limits earlier
- ipv4: frags: handle possible skb truesize change
- net: dsa: Do not suspend/resume closed slave_dev
- netlink: Fix spectre v1 gadget in netlink_create()
- net: stmmac: Fix WoL for PCI-based setups
- squashfs: more metadata hardening
- squashfs: more metadata hardenings
- can: ems_usb: Fix memory leak on ems_usb_disconnect()
- net: socket: fix potential spectre v1 gadget in socketcall
- virtio_balloon: fix another race between migration and ballooning
- [x86] kvm: vmx: fix vpid leak
- [x86] crypto: padlock-aes - Fix Nano workaround data corruption
- drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar formats
- scsi: sg: fix minor memory leak in error path
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.119
- scsi: qla2xxx: Fix ISP recovery on unload
- scsi: qla2xxx: Return error when TMF returns
- genirq: Make force irq threading setup more robust
- nohz: Fix local_timer_softirq_pending()
- netlink: Do not subscribe to non-existent groups
- netlink: Don't shift with UB on nlk->ngroups
- netlink: Don't shift on 64 for ngroups
- ACPI / PCI: Bail early in acpi_pci_add_bus() if there is no ACPI handle
- ring_buffer: tracing: Inherit the tracing setting to next ring buffer
- [armhf] i2c: imx: Fix reinit_completion() use
- Btrfs: fix file data corruption after cloning a range and fsync
- tcp: add tcp_ooo_try_coalesce() helper
- kmemleak: clear stale pointers from task stacks
- fork: unconditionally clear stack on fork
- IB/hfi1: Fix incorrect mixing of ERR_PTR and NULL return values
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.120
- ext4: fix check to prevent initializing reserved inodes
- [x86] tpm: fix race condition in tpm_common_write()
- [hppa/parisc] Enable CONFIG_MLONGCALLS by default
- [hppa/parisc] Define mb() and add memory barriers to assembler unlock
sequences
- Mark HI and TASKLET softirq synchronous
- xen/netfront: don't cache skb_shinfo()
- ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices
- scsi: sr: Avoid that opening a CD-ROM hangs with runtime power
management enabled
- root dentries need RCU-delayed freeing
- make sure that __dentry_kill() always invalidates d_seq, unhashed or not
- fix mntput/mntput race
- fix __legitimize_mnt()/mntput() race
- IB/core: Make testing MR flags for writability a static inline function
- IB/mlx4: Mark user MR as writable if actual virtual memory is writable
- IB/ocrdma: fix out of bounds access to local buffer
- [x86] paravirt: Fix spectre-v2 mitigations for paravirt guests
(CVE-2018-15594)
- [x86] speculation: Protect against userspace-userspace spectreRSB
CVE-2018-15572)
- [x86] kprobes Fix %p uses in error messages
- [x86] irqflags: Provide a declaration for native_save_fl
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.121
- [i386] mm: Disable ioremap free page handling on x86-PAE
- kbuild: verify that $DEPMOD is installed
- crypto: vmac - require a block cipher with 128-bit block size
- crypto: vmac - separate tfm and request context
- Bluetooth: hidp: buffer overflow in hidp_process_report (CVE-2018-9363)
- ioremap: Update pgtable free interfaces with addr
- [x86] mm: Add TLB purge to free pmd/pte page interfaces
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.122
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.123
- dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart()
- l2tp: use sk_dst_check() to avoid race on sk->sk_dst_cache
- llc: use refcount_inc_not_zero() for llc_sap_find()
- vsock: split dwork to avoid reinitializations
- ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit
- net_sched: Fix missing res info when create new tc_index filter
- net_sched: fix NULL pointer dereference when delete tcindex filter
- ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs
- ALSA: hda - Turn CX8200 into D3 as well upon reboot
- ALSA: vx222: Fix invalid endian conversions
- ALSA: virmidi: Fix too long output trigger loop
- ALSA: cs5535audio: Fix invalid endian conversion
- ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry
- ALSA: memalloc: Don't exceed over the requested size
- ALSA: vxpocket: Fix invalid endian conversions
- cls_matchall: fix tcf_unbind_filter missing
- USB: serial: sierra: fix potential deadlock at close
- USB: option: add support for DW5821e
- ACPI / PM: save NVS memory for ASUS 1025C laptop
- tty: serial: 8250: Revert NXP SC16C2552 workaround
- serial: 8250_dw: always set baud rate in dw8250_set_termios
- serial: 8250_dw: Add ACPI support for uart on Broadcom SoC
- [x86] mm: Simplify p[g4um]d_page() macros
- Bluetooth: avoid killing an already killed socket
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.124
- [x86] entry/64: Remove %ebx handling from error_entry/exit
(CVE-2018-14678)
- [arm64,armhf] usb: dwc3: of-simple: fix use-after-free on remove
- [arm64] dts: ns2: Fix I2C controller interrupt type
- [arm64] drm: mali-dp: Enable Global SE interrupts mask for DP500
- IB/rxe: Fix missing completion for mem_reg work requests
- libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store()
- [arm64,armhf] usb: dwc2: fix isoc split in transfer with no data
- usb: gadget: composite: fix delayed_status race condition when
set_interface
- [arm64,armhf] usb: gadget: dwc2: fix memory leak in gadget_init()
- xen: add error handling for xenbus_printf
- scsi: xen-scsifront: add error handling for xenbus_printf
- xen/scsiback: add error handling for xenbus_printf
- [arm64] make secondary_start_kernel() notrace
- qed: Add sanity check for SIMD fastpath handler.
- enic: initialize enic->rfs_h.lock in enic_probe
- net: hamradio: use eth_broadcast_addr
- net: propagate dev_get_valid_name return code
- [armhf] net: stmmac: socfpga: add additional ocp reset line for
Stratix10
- nvmet: reset keep alive timer in controller enable
- [armhf] net: davinci_emac: match the mdio device against its compatible
if possible
- [arm64,armhf] KVM: Drop resource size check for GICV window
- locking/lockdep: Do not record IRQ state within lockdep code
- ipv6: mcast: fix unsolicited report interval after receiving querys
- Smack: Mark inode instant in smack_task_to_inode
- batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump
- batman-adv: Fix bat_v best gw refcnt after netlink dump
- cxgb4: when disabling dcb set txq dcb priority to 0
- [x86] iio: pressure: bmp280: fix relative humidity unit
- brcmfmac: stop watchdog before detach and free everything
- ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl
- [arm64,armhf] usb: xhci: remove the code build warning
- usb: xhci: increase CRS timeout value
- NFC: pn533: Fix wrong GFP flag usage
- perf test session topology: Fix test on s390
- perf report powerpc: Fix crash if callchain is empty
- perf bench: Fix numa report output code
- netfilter: nf_log: fix uninit read in nf_log_proc_dostring
- ceph: fix dentry leak in splice_dentry()
- [armhf] dmaengine: pl330: report BURST residue granularity
- [arm64] dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate()
- md/raid10: fix that replacement cannot complete recovery after
reassemble
- nl80211: relax ht operation checks for mesh
- [s390x] bpf, s390: fix potential memleak when later bpf_jit_prog fails
- bnx2x: Fix receiving tx-timeout in error or recovery state.
- acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value
- ipvlan: call dev_change_flags when ipvlan mode is reset
- HID: wacom: Correct touch maximum XY of 2nd-gen Intuos
- tracing: Use __printf markup to silence compiler
- smsc75xx: Add workaround for gigabit link up hardware errata.
- ieee802154: 6lowpan: set IFLA_LINK
- netfilter: x_tables: set module owner for icmp(6) matches
- ipv6: make ipv6_renew_options() interrupt/kernel safe
- [arm*] pxa: irq: fix handling of ICMR registers in suspend/resume
- net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is
used
- ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem
- ieee802154: at86rf230: use __func__ macro for debug messages
- ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem
- netfilter: nf_conntrack: Fix possible possible crash on module loading.
- bnxt_en: Always set output parameters in bnxt_get_max_rings().
- bnxt_en: Fix for system hang if request_irq fails
- nfit: fix unchecked dereference in acpi_nfit_ctl
- RDMA/mlx5: Fix memory leak in mlx5_ib_create_srq() error path
- [arm*] 8780/1: ftrace: Only set kernel memory back to read-only after
boot
- [armhf] DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for
secondary cores
- [armhf] dts: am3517.dtsi: Disable reference to OMAP3 OTG controller
- ixgbe: Be more careful when modifying MAC filters
- packet: reset network header if packet shorter than ll reserved space
- qlogic: check kstrtoul() for errors
- tcp: remove DELAYED ACK events in DCTCP
- drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply()
- net: usb: rtl8150: demote allmulti message to dev_dbg()
- tcp: identify cryptic messages as TCP seq # bugs
- KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer
- ext4: fix spectre gadget in ext4_mb_regular_allocator()
- [hppa/parisc] Remove ordered stores from syscall.S
- xfrm_user: prevent leaking 2 bytes of kernel memory
- netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior
state
- packet: refine ring v3 block size test to hold one frame
- [hppa/parisc] Remove unnecessary barriers from spinlock.h
- PCI: hotplug: Don't leak pci_slot on registration failure
- PCI: Skip MPS logic for Virtual Functions (VFs)
- PCI: pciehp: Fix use-after-free on unplug
- PCI: pciehp: Fix unprotected list iteration in IRQ handler
- [armhf] i2c: imx: Fix race condition in dma read
- reiserfs: fix broken xattr handling (heap corruption, bad retval)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.125
- vti6: fix PMTU caching and reporting on xmit
- xfrm: fix missing dst_release() after policy blocking lbcast and
multicast
- xfrm: free skb if nlsk pointer is NULL
- mac80211: add stations tied to AP_VLANs during hw reconfig
- nl80211: Add a missing break in parse_station_flags
- [arm64] drm/bridge: adv7511: Reset registers on hotplug
- scsi: libiscsi: fix possible NULL pointer dereference in case of TMF
- [armhf] drm/imx: imx-ldb: disable LDB on driver bind
- [armhf] drm/imx: imx-ldb: check if channel is enabled before printing
warning
- usb: gadget: f_uac2: fix endianness of 'struct cntrl_*_lay3'
- [ppc64el] bpf, ppc64: fix unexpected r0=0 exit path inside bpf_xadd
- [x86] tools/power turbostat: fix -S on UP systems
- qed: Fix possible race for the link state value.
- qed: Correct Multicast API to reflect existence of 256 approximate
buckets.
- atl1c: reserve min skb headroom
- [x86] perf/x86/amd/ibs: Don't access non-started event
- bnx2x: Fix invalid memory access in rss hash config path.
- qmi_wwan: fix interface number for DW5821e production firmware
- [x86] boot: Fix if_changed build flip/flop bug
- fscache: Allow cancelled operations to be enqueued
- cachefiles: Fix refcounting bug in backing-file read monitoring
- cachefiles: Wait rather than BUG'ing on "Unexpected object collision"
- zswap: re-check zswap_is_full() after do zswap_shrink()
- [x86] tools/power turbostat: Read extended processor family from CPUID
- enic: handle mtu change for vf properly
- squashfs metadata 2: electric boogaloo
- Squashfs: Compute expected length from inode size rather than block
length
- drivers: net: lmc: fix case value for target abort error
- memcg: remove memcg_cgroup::id from IDR on mem_cgroup_css_alloc()
failure
- scsi: fcoe: drop frames in ELS LOGO error path
- scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO
- [x86] scsi: vmw_pvscsi: Return DID_RESET for status
SAM_STAT_COMMAND_TERMINATED
- mm/memory.c: check return value of ioremap_prot
- sched/sysctl: Check user input value of sysctl_sched_time_avg
- Cipso: cipso_v4_optptr enter infinite loop (CVE-2018-10938)
- [x86] mei: don't update offset in write
- cifs: add missing debug entries for kconfig options
- cifs: check kmalloc before use
- smb3: enumerating snapshots was leaving part of the data off end
- smb3: Do not send SMB3 SET_INFO if nothing changed
- smb3: don't request leases in symlink creation and query
- [arm64] kprobes: Fix %p uses in error messages
- [arm64] mm: check for upper PAGE_SHIFT bits in pfn_valid()
- [s390x] kvm: fix deadlock when killed by oom
- ext4: check for NUL characters in extended attribute's name
- ext4: sysfs: print ext4_super_block fields as little-endian
- ext4: reset error code in ext4_find_entry in fallback
- [arm64,armhf] KVM: Skip updating PTE entry if no change
- [arm64,armhf] KVM: Skip updating PMD entry if no change
- [x86] speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
- [x86] speculation/l1tf: Fix off-by-one error when warning that system
has too much RAM (Closes: #907581)
- [x86] speculation/l1tf: Suggest what to do on systems with too much RAM
- [x86] process: Re-export start_thread()
- [x86] KVM: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts
disabled
- [x86] kvm/vmx: Remove duplicate l1d flush definitions
- fuse: Don't access pipe->buffers without pipe_lock()
- fuse: fix initial parallel dirops
- fuse: fix double request_end()
- fuse: fix unlocked access to processing queue
- fuse: umount should wait for all requests
- fuse: Fix oops at process_init_reply()
- fuse: Add missed unlock_page() to fuse_readpages_fill()
- udl-kms: change down_interruptible to down
- udl-kms: handle allocation failure
- udl-kms: fix crash due to uninitialized memory
- b43legacy/leds: Ensure NUL-termination of LED name string
- b43/leds: Ensure NUL-termination of LED name string
- ASoC: dpcm: don't merge format from invalid codec dai
- ASoC: sirf: Fix potential NULL pointer dereference
- [x86] irqflags: Mark native_restore_fl extern inline
- [x86] spectre: Add missing family 6 check to microcode check
- [x86] speculation/l1tf: Increase l1tf memory limit for Nehalem+
(Closes: #907581)
- [x86] entry/64: Wipe KASAN stack shadow before rewind_stack_do_exit()
- [s390x] qdio: reset old sbal_state flags
- [s390x] pci: fix out of bounds access during irq setup
- kprobes: Make list and blacklist root user read only
- [mips*] lib: Provide MIPS64r6 __multi3() for GCC < 7
- scsi: sysfs: Introduce sysfs_{un,}break_active_protection()
- scsi: core: Avoid that SCSI device removal through sysfs triggers a
deadlock
- iscsi target: fix session creation failure handling
- [armhf] clk: rockchip: fix clk_i2sout parent selection bits on rk3399
- PM / clk: signedness bug in of_pm_clk_add_clks()
- cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status
(CVE-2018-16658)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.126
- net: 6lowpan: fix reserved space for single frames
- net: mac802154: tx: expand tailroom if necessary
- 9p/net: Fix zero-copy path in the 9p virtio transport
- [x86] drm/i915/userptr: reject zero user_size
- libertas: fix suspend and resume for SDIO connected cards
- [arm64] mailbox: xgene-slimpro: Fix potential NULL pointer dereference
- [ppc64el] powerpc/pseries: Fix endianness while restoring of r3 in MCE
handler.
- PCI: Add wrappers for dev_printk()
- [ppc64el] powerpc/powernv/pci: Work around races in PCI bridge enabling
- [ppc64el] cxl: Fix wrong comparison in cxl_adapter_context_get()
- ib_srpt: Fix a use-after-free in srpt_close_ch()
- RDMA/rxe: Set wqe->status correctly if an unexpected response is
received
- fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr
failed
- 9p/virtio: fix off-by-one error in sg list bounds check
- net/9p/client.c: version pointer uninitialized
- net/9p/trans_fd.c: fix race-condition by flushing workqueue before the
kfree()
- dm thin: stop no_space_timeout worker when switching to write-mode
- dm cache metadata: save in-core policy_hint_size to on-disk superblock
- uart: fix race between uart_put_char() and uart_shutdown()
- [x86] vmw_balloon: fix inflation of 64-bit GFNs
- [x86] vmw_balloon: do not use 2MB without batching
- [x86] vmw_balloon: VMCI_DOORBELL_SET does not check status
- [x86] vmw_balloon: fix VMCI use when balloon built into kernel
- [armhf] rtc: omap: fix potential crash on power off
- tracing: Do not call start/stop() functions when tracing_on does not
change
- tracing/blktrace: Fix to allow setting same value
- uprobes: Use synchronize_rcu() not synchronize_sched()
- [arm64] mfd: hi655x: Fix regmap area declared size for hi655x
- 9p: fix multiple NULL-pointer-dereferences
- PM / sleep: wakeup: Fix build error caused by missing SRCU support
- [x86] KVM: VMX: fixes for vmentry_l1d_flush module parameter
- pnfs/blocklayout: off by one in bl_map_stripe()
- NFSv4 client live hangs after live data migration recovery
- Replace magic for trusting the secondary keyring with #define
- [amd64] Fix kexec forbidding kernels signed with keys in the secondary
keyring to boot
- mm/tlb: Remove tlb_remove_table() non-concurrent condition
- [x86] iommu/vt-d: Add definitions for PFSID
- [x86] iommu/vt-d: Fix dev iotlb pfsid use
- userns: move user access out of the mutex
- ubifs: Fix memory leak in lprobs self-check
- Revert "UBIFS: Fix potential integer overflow in allocation"
- ubifs: Check data node size before truncate
- ubifs: Fix synced_i_size calculation for xattr inodes
- [armhf] pwm: tiehrpwm: Fix disabling of output of PWMs
- fb: fix lost console when the user unplugs a USB adapter
- udlfb: set optimal write delay
- getxattr: use correct xattr length
- [x86] libnvdimm: fix ars_status output length calculation
- printk/tracing: Do not trace printk_nmi_enter()
- bcache: release dc->writeback_lock properly in bch_writeback_thread()
- perf auxtrace: Fix queue resize
- [ppc64el] crypto: vmx - Fix sleep-in-atomic bugs
- fs/quota: Fix spectre gadget in do_quotactl
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.127
- [i386] speculation/l1tf: Fix up pte->pfn conversion for PAE
- act_ife: fix a potential use-after-free
- ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT
state
- net: sched: Fix memory exposure from short TCA_U32_SEL
- qlge: Fix netdev features configuration.
- r8169: add support for NCube 8168 network card
- tcp: do not restart timewait timer on rst reception
- vti6: remove !skb->ignore_df check from vti6_xmit()
- sctp: hold transport before accessing its asoc in
sctp_transport_get_next
- vhost: correctly check the iova range when waking virtqueue
- [x86] hv_netvsc: ignore devices that are not PCI
- act_ife: move tcfa_lock down to where necessary
- act_ife: fix a potential deadlock
- net: sched: action_ife: take reference to meta module
- cifs: check if SMB2 PDU size has been padded and suppress the warning
- hfsplus: don't return 0 when fill_super() failed
- hfs: prevent crash on exit from failed search
- sunrpc: Don't use stack buffer with scatterlist
- fork: don't copy inconsistent signal handler state to child
- reiserfs: change j_timestamp type to time64_t
- hfsplus: fix NULL dereference in hfsplus_lookup() (CVE-2018-14617)
- fat: validate ->i_start before using
- scripts: modpost: check memory allocation results
- virtio: pci-legacy: Validate queue pfn
- mm/fadvise.c: fix signed overflow UBSAN complaint
- fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot()
- ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest()
- [mips*] mfd: sm501: Set coherent_dma_mask when creating subdevices
- [x86] platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on
UX360
- net/9p/trans_fd.c: fix race by holding the lock
- net/9p: fix error path of p9_virtio_probe
- [ppc64el] perf probe powerpc: Fix trace event post-processing
- block: bvec_nr_vecs() returns value for wrong slab
- [s390x] dasd: fix hanging offline processing due to canceled worker
- [s390x] dasd: fix panic for failed online processing
- [x86] ACPI / scan: Initialize status to ACPI_STA_DEFAULT
- scsi: aic94xx: fix an error code in aic94xx_init()
- [armel,armhf] PCI: mvebu: Fix I/O space end address calculation
- dm kcopyd: avoid softlockup in run_complete_job
- RDS: IB: fix 'passing zero to ERR_PTR()' warning
- smb3: fix reset of bytes read and written stats
- SMB3: Number of requests sent should be displayed for SMB3 not just CIFS
- [ppc64el] powerpc/pseries: Avoid using the size greater than
RTAS_ERROR_LOG_MAX.
- [armhf] clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in
rk3399
- btrfs: replace: Reset on-disk dev stats value after replace
- btrfs: relocation: Only remove reloc rb_trees if reloc control has been
initialized (CVE-2018-14609)
- btrfs: Don't remove block group that still has pinned down bytes
- [arm64] rockchip: Force CONFIG_PM on Rockchip systems
- [arm*] rockchip: Force CONFIG_PM on Rockchip systems
- drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80
- tcp: Revert "tcp: tcp_probe: use spin_lock_bh()"
- [i386] pae: use 64 bit atomic xchg function in native_ptep_get_and_clear
- irda: Fix memory leak caused by repeated binds of irda socket
(CVE-2018-6554)
- irda: Only insert new objects into the global database via setsockopt
(CVE-2018-6555)
- enic: do not call enic_change_mtu in enic_probe
- Fix backport of "mm: numa: avoid waiting on freed migrated pages"
- sch_htb: fix crash on init failure
- sch_multiq: fix double free on init failure
- sch_hhf: fix null pointer dereference on init failure
- sch_netem: avoid null pointer deref on init failure
- sch_tbf: fix two null pointer dereferences on init failure
- [x86] mei: me: allow runtime pm for platform with D0i3
- [s390x] lib: use expoline for all bcr instructions
- btrfs: use correct compare function of dirty_metadata_bytes
- [arm64] Fix mismatched cache line size detection
- [arm64] Handle mismatched cache type
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.128
- [x86] i2c: i801: fix DNV's SMBCTRL register offset
- [s390x] KVM: s390: vsie: copy wrapping keys to right place
- ALSA: hda - Fix cancel_work_sync() stall from jackpoll work
- cfq: Give a chance for arming slice idle timer in case of group_idle
- kthread: Fix use-after-free if kthread fork fails
- [mips*] kthread: fix boot hang (regression) on MIPS/OpenRISC
- [x86] staging: rt5208: Fix a sleep-in-atomic bug in xd_copy_page
- [x86] staging/rts5208: Fix read overflow in memcpy
- IB/rxe: do not copy extra stack memory to skb
- block,blkcg: use __GFP_NOWARN for best-effort allocations in blkcg
- nl80211: fix null-ptr dereference on invalid mesh configuration
- locking/rwsem-xadd: Fix missed wakeup due to reordering of load
- selinux: use GFP_NOWAIT in the AVC kmem_caches
- locking/osq_lock: Fix osq_lock queue corruption
- mm, vmscan: clear PGDAT_WRITEBACK when zone is balanced
- mm: remove seemingly spurious reclaimability check from laptop_mode
gating
- [amd64] misc: mic: SCIF Fix scif_get_new_port() error handling
- Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV
- [arm64,armhf] gpio: tegra: Move driver registration to subsys_init level
- scsi: target: fix __transport_register_session locking
- md/raid5: fix data corruption of replacements after originals dropped
- timers: Clear timer_base::must_forward_clk with timer_base::lock held
- [arm64,armhf] misc: ti-st: Fix memory leak in the error path of probe()
- uio: potential double frees if __uio_register_device() fails
- [x86] tty: rocket: Fix possible buffer overwrite on register_PCI
- f2fs: do not set free of current section
- perf tools: Allow overriding MAX_NR_CPUS at compile time
- NFSv4.0 fix client reference leak in callback
- ath9k: report tx status on EOSP
- ath9k_hw: fix channel maximum power level test
- ath10k: prevent active scans on potential unusable channels
- [arm64,armhf] wlcore: Set rx_status boottime_ns field on rx
- [mips*] Fix ISA virt/bus conversion for non-zero PHYS_OFFSET
- ata: libahci: Correct setting of DEVSLP register
- scsi: 3ware: fix return 0 on the error path of probe
- ath10k: disable bundle mgmt tx completion event support
- Bluetooth: hidp: Fix handling of strncpy for hid->name information
- [x86] mm: Remove in_nmi() warning from vmalloc_fault()
- [x86] gpio: ml-ioh: Fix buffer underwrite on probe error path
- [armhf] net: mvneta: fix mtu change on port without link
- f2fs: try grabbing node page lock aggressively in sync scenario
- f2fs: fix to skip GC if type in SSA and SIT is inconsistent
- [x86] tpm/tpm_i2c_infineon: switch to i2c_lock_bus(...,
I2C_LOCK_SEGMENT)
- f2fs: fix to do sanity check with reserved blkaddr of inline inode
(CVE-2018-13099)
- [mips*] Octeon: add missing of_node_put()
- [mips*] generic: fix missing of_node_put()
- net: dcb: For wild-card lookups, use priority -1, not 0
- Input: atmel_mxt_ts - only use first T9 instance
- [ppc64el] partitions/aix: append null character to print data from disk
- [ppc64el] partitions/aix: fix usage of uninitialized lv_info and lvname
structures
- f2fs: Fix uninitialized return in f2fs_ioc_shutdown()
- [armhf] mfd: ti_am335x_tscadc: Fix struct clk memory leak
- f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize
- NFSv4.1: Fix a potential layoutget/layoutrecall deadlock
- [mips*] WARN_ON invalid DMA cache maintenance, not BUG_ON
- RDMA/cma: Do not ignore net namespace for unbound cm_id
- xhci: Fix use-after-free in xhci_free_virt_device
- netfilter: x_tables: avoid stack-out-of-bounds read in
xt_copy_counters_from_user
- mtd: ubi: wl: Fix error return code in ubi_wl_init()
- autofs: fix autofs_sbi() does not check super block type
- mm: get rid of vmacache_flush_all() entirely (CVE-2018-17182)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.129
- be2net: Fix memory leak in be_cmd_get_profile_config()
- rds: fix two RCU related problems
- net/mlx5: Fix use-after-free in self-healing flow
- net/mlx5: Fix debugfs cleanup in the device init/remove flow
- [arm64] iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register
- [i386] ALSA: msnd: Fix the default sample sizes
- ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro
- xfrm: fix 'passing zero to ERR_PTR()' warning
- gfs2: Special-case rindex for gfs2_grow
- clk: clk-fixed-factor: Clear OF_POPULATED flag in case of failure
- media: tw686x: Fix oops on buffer alloc failure
- [armhf] dmaengine: pl330: fix irq race with terminate_all
- media: videobuf2-core: check for q->error in vb2_core_qbuf()
- IB/rxe: Drop QP0 silently
- gfs2: Don't reject a supposedly full bitmap if we have blocks reserved
- fbdev: Distinguish between interlaced and progressive modes
- [ppc64el] powerpc/powernv: opal_put_chars partial write fix
- mac80211: restrict delayed tailroom needed decrement
- Smack: Fix handling of IPv4 traffic received by PF_INET6 sockets
- [arm64,armhf] efi/arm: preserve early mapping of UEFI memory map longer
for BGRT
- nfp: avoid buffer leak when FW communication fails
- xen-netfront: fix queue name setting
- [arm64] dts: qcom: db410c: Fix Bluetooth LED trigger
- [arm64] dts: qcom: msm8974-hammerhead: increase load on l20 for sdhci
- [s390x] qeth: fix race in used-buffer accounting
- [s390x] qeth: reset layer2 attribute on layer switch
- [arm64,armhf] KVM: arm/arm64: Fix vgic init race
- drivers/base: stop new probing during shutdown
- [arm64] dmaengine: mv_xor_v2: kill the tasklets upon exit
- xen-netfront: fix warn message as irq device name has '/'
- RDMA/cma: Protect cma dev list with lock
- [x86] pstore: Fix incorrect persistent ram buffer mapping
- xen/netfront: fix waiting for xenbus state change
- [armhf] mmc: omap_hsmmc: fix wakeirq handling on removal
- misc: hmc6352: fix potential Spectre v1
- usb: Don't die twice if PCI xhci host is not responding in resume
- [x86] mei: ignore not found client in the enumeration
- USB: Add quirk to support DJI CineSSD
- usb: uas: add support for more quirk flags
- usb: Avoid use-after-free by flushing endpoints early in
usb_set_interface()
- usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in
u132_get_frame()
- USB: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB
controller
- USB: net2280: Fix erroneous synchronization change
- USB: serial: io_ti: fix array underflow in completion handler
- usb: misc: uss720: Fix two sleep-in-atomic-context bugs
- USB: serial: ti_usb_3410_5052: fix array underflow in completion handler
- USB: yurex: Fix buffer over-read in yurex_write()
- usb: cdc-wdm: Fix a sleep-in-atomic-context bug in
service_outstanding_interrupt()
- Revert "cdc-acm: implement put_char() and flush_chars()"
- cifs: prevent integer overflow in nxt_dir_entry()
- CIFS: fix wrapping bugs in num_entries()
- perf/core: Force USER_DS when recording user stack data
- NFSv4.1 fix infinite loop on I/O.
- binfmt_elf: Respect error return from `regset->active'
- audit: fix use-after-free in audit_add_watch
- mtdchar: fix overflows in adjustment of `count`
- configfs: fix registered group removal
- efi/esrt: Only call efi_mem_reserve() for boot services memory
- [armhf] gpu: ipu-v3: csi: pass back mbus_code_to_bus_cfg error codes
- [arm64,armhf] mmc: tegra: prevent HS200 on Tegra 3
- mmc: sdhci: do not try to use 3.3V signaling if not supported
- drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping
- [amd64] drm/amdkfd: Fix error codes in kfd_get_process
- ALSA: pcm: Fix snd_interval_refine first/last with open min/max
- [arm64] pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be
compliant
- [x86] mei: bus: type promotion bug in mei_nfc_if_version()
- [mips*] VDSO: Match data page cache colouring when D$ aliases
- Fix link state change interrupts identification (Closes: #896911)
+ e1000e: Remove Other from EIAC
+ Partial revert "e1000e: Avoid receiver overrun interrupt bursts"
+ e1000e: Fix queue interrupt re-raising in Other interrupt
+ e1000e: Avoid missed interrupts following ICR read
+ Revert "e1000e: Separate signaling for link check/link up"
+ e1000e: Fix link check race condition
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.130
- [x86] NFC: Fix possible memory corruption when handling SHDLC I-Frame
commands
- NFC: Fix the number of pipes
- ALSA: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at
error path
- ALSA: bebob: use address returned by kmalloc() instead of kernel stack
for streaming DMA mapping
- ALSA: emu10k1: fix possible info leak to userspace on
SNDRV_EMU10K1_IOCTL_INFO
- ALSA: firewire-digi00x: fix memory leak of private data
- ALSA: firewire-tascam: fix memory leak of private data
- ALSA: fireworks: fix memory leak of response buffer at error path
- ALSA: oxfw: fix memory leak for model-dependent data at error path
- ALSA: oxfw: fix memory leak of discovered stream formats at error path
- ALSA: oxfw: fix memory leak of private data
- [x86] platform/x86: alienware-wmi: Correct a memory leak
- xen/netfront: don't bug in case of too many frags
- [x86] xen/x86/vpmu: Zero struct pt_regs before calling into sample
handling code
- Revert "PCI: Add ACS quirk for Intel 300 series"
- ring-buffer: Allow for rescheduling when removing pages
- mm: shmem.c: Correctly annotate new inodes for lockdep
- gso_segment: Reset skb->mac_len after modifying network header
- ipv6: fix possible use-after-free in ip6_xmit()
- net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT
- [x86] net: hp100: fix always-true check for link up state
- udp4: fix IP_CMSG_CHECKSUM for connected sockets
- neighbour: confirm neigh entries when ARP packet is received
- ocfs2: fix ocfs2 read block panic
- drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable()
placement
- drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in
connector_detect()
- drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early
- [arm64,armhf] drm/vc4: Fix the "no scaling" case on multi-planar YUV
formats
- tty: vt_ioctl: fix potential Spectre v1
- ext4: check to make sure the rename(2)'s destination is not freed
- ext4: avoid divide by zero fault when deleting corrupted inline
directories
- ext4: recalucate superblock checksum after updating free blocks/inodes
- ext4: fix online resize's handling of a too-small final block group
- ext4: fix online resizing for bigalloc file systems with a 1k block size
- ext4: don't mark mmp buffer head dirty
- ext4: show test_dummy_encryption mount option in /proc/mounts
- sched/fair: Fix vruntime_normalized() for remote non-migration wakeup
- HID: sony: Update device ids
- HID: sony: Support DS4 dongle
- [arm64] PCI: aardvark: Size bridges before resources allocation
- vmw_balloon: include asm/io.h
- iw_cxgb4: only allow 1 flush on user qps
.
[ Salvatore Bonaccorso ]
* [rt] Update to 4.9.115-rt93
* [rt] Drop 0145-stop_machine-Use-raw-spinlocks.patch patch
* [rt] Drop 0144-stop_machine-convert-stop_machine_run-to-PREEMPT_RT.patch
patch
* [rt] Refresh 0225-fs-dcache-use-swait_queue-instead-of-waitqueue.patch
patch
* [rt] Refresh 0156-softirq-Split-softirq-locks.patch patch for context
changes in 4.9.120
* [rt] Refresh 0161-softirq-wake-the-timer-softirq-if-needed.patch for
context changes in 4.9.120
* [rt] Refresh 0001-timer-make-the-base-lock-raw.patch for context changes
in 4.9.128
* [rt] Refresh 0162-timers-Don-t-wake-ktimersoftd-on-every-tick.patch for
context changes in 4.9.128
* [rt] Refresh 0163-Revert-timers-Don-t-wake-ktimersoftd-on-every-tick.patch
for context changes in 4.9.128
* [rt] Refresh 0246-irqwork-push-most-work-into-softirq-context.patch for
context changes in 4.9.128
* [rt] Refresh 0247-irqwork-Move-irq-safe-work-to-irq-context.patch for
context changes in 4.9.128
* NFC: Ignore ABI changes
.
[ Ben Hutchings ]
* [arm64] cpucaps: Avoid ABI changes in 4.9.114
* iio: Avoid ABI change in 4.9.111
* exec: Avoid ABI change in 4.9.116
* net: Avoid ABI change in 4.9.115
* Revert "netfilter: ipv6: nf_defrag: reduce struct net memory waste" to
avoid an ABI change
* Revert core changes in "tcp: remove DELAYED ACK events in DCTCP" to
avoid an ABI change
* string: Avoid ABI change in 4.9.114
* Revert "proc/sysctl: prune stale dentries during unregistering" etc.
to avoid an ABI change
* tcp: Avoid ABI change in 4.9.116
* vmw_vsock: Ignore ABI changes
* loop: Ignore ABI changes
* KVM: Ignore ABI changes on all architectures
* xen: Ignore ABI changes
* [x86] cpu: Avoid ABI change in 4.9.125
* [mips*] Revert "MIPS: Correct the 64-bit DSP accumulator register size"
temporarily to avoid an ABI change
* debian/control: Point Vcs URLs to Salsa
* README.Debian: Update URLs that were pointing to Alioth
* mm: Avoid ABI change in 4.9.128
.
[ Moritz Muehlenhoff ]
* megaraid_sas: Add support for Perc 740P/840 (Closes: #890034)
linux (4.9.110-3+deb9u6) stretch-security; urgency=high
.
* [arm64] KVM: Tighten guest core register access from userspace
(CVE-2018-18021)
* [arm64] KVM: Sanitize PSTATE.M when being set from userspace
(CVE-2018-18021)
* xen-netback: fix input validation in xenvif_set_hash_mapping()
(CVE-2018-15471)
linux (4.9.110-3+deb9u5) stretch-security; urgency=high
.
[ Salvatore Bonaccorso ]
* irda: Fix memory leak caused by repeated binds of irda socket
(CVE-2018-6554)
* irda: Only insert new objects into the global database via setsockopt
(CVE-2018-6555)
* mm: get rid of vmacache_flush_all() entirely (CVE-2018-17182)
* floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl
(CVE-2018-7755)
* Bluetooth: hidp: buffer overflow in hidp_process_report (CVE-2018-9363)
* ALSA: rawmidi: Change resized buffers atomically (CVE-2018-10902)
* scsi: target: iscsi: Use hex2bin instead of a re-implementation
(CVE-2018-14633)
* [x86] entry/64: Remove %ebx handling from error_entry/exit
(CVE-2018-14678)
* infiniband: fix a possible use-after-free bug (CVE-2018-14734)
* [x86] speculation: Protect against userspace-userspace spectreRSB
(CVE-2018-15572)
* [x86] paravirt: Fix spectre-v2 mitigations for paravirt guests
(CVE-2018-15594)
.
[ Ben Hutchings ]
* mm: Avoid ABI change for CVE-2018-17182 fix
* HID: debug: check length before copy_to_user() (CVE-2018-9516)
* Cipso: cipso_v4_optptr enter infinite loop (CVE-2018-10938)
* f2fs: fix to do sanity check with reserved blkaddr of inline inode
(CVE-2018-13099)
* btrfs: relocation: Only remove reloc rb_trees if reloc control has been
initialized (CVE-2018-14609)
* hfsplus: fix NULL dereference in hfsplus_lookup() (CVE-2018-14617)
* USB: yurex: fix out-of-bounds uaccess in read handler (CVE-2018-16276)
* cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (CVE-2018-16658)
linux (4.9.110-3+deb9u4) stretch-security; urgency=high
.
* init: rename and re-order boot_cpu_state_init()
Adresses boot failures on arm* systems. (Closes: #906769)
* Sync "cpu/hotplug: Boot HT siblings at least once" from 4.9.120
* Sync "cpu/hotplug: Non-SMP machines do not make use of booted_once" from
4.9.120
* Refresh features/all/rt/0157-softirq-Split-softirq-locks.patch patch.
Adjust context after applying "init: rename and re-order
boot_cpu_state_init()".
linux (4.9.110-3+deb9u3) stretch-security; urgency=high
.
[ Salvatore Bonaccorso ]
* Add L1 Terminal Fault fixes (CVE-2018-3620, CVE-2018-3646)
- [x86] speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT
- [x86] mm: move _PAGE_SWP_SOFT_DIRTY from bit 7 to bit 1
- [x86] speculation/l1tf: Change order of offset/type in swap entry
- [x86] speculation/l1tf: Protect swap entries against L1TF
- [x86] speculation/l1tf: Protect PROT_NONE PTEs against speculation
- [x86] speculation/l1tf: Make sure the first page is always reserved
- [x86] speculation/l1tf: Add sysfs reporting for l1tf
- [x86] speculation/l1tf: Disallow non privileged high MMIO PROT_NONE
mappings
- [x86] speculation/l1tf: Limit swap file size to MAX_PA/2
- [x86] bugs: Move the l1tf function and define pr_fmt properly
- [x86] smp: Provide topology_is_primary_thread()
- [x86] topology: Provide topology_smt_supported()
- cpu/hotplug: Make bringup/teardown of smp threads symmetric
- cpu/hotplug: Split do_cpu_down()
- cpu/hotplug: Provide knobs to control SMT
- [x86] cpu: Remove the pointless CPU printout
- [x86] cpu/AMD: Remove the pointless detect_ht() call
- [x86] cpu/common: Provide detect_ht_early()
- [x86] cpu/topology: Provide detect_extended_topology_early()
- [x86] cpu/intel: Evaluate smp_num_siblings early
- [x86] CPU/AMD: Do not check CPUID max ext level before parsing SMP
info
- [x86] cpu/AMD: Evaluate smp_num_siblings early
- [x86] apic: Ignore secondary threads if nosmt=force
- [x86] speculation/l1tf: Extend 64bit swap file size limit
- [x86] cpufeatures: Add detection of L1D cache flush support.
- [x86] CPU/AMD: Move TOPOEXT reenablement before reading
smp_num_siblings
- [x86] speculation/l1tf: Protect PAE swap entries against L1TF
- [x86] speculation/l1tf: Fix up pte->pfn conversion for PAE
- Revert "[x86] apic: Ignore secondary threads if nosmt=force"
- cpu/hotplug: Boot HT siblings at least once
- [x86] KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being
present
- [x86] KVM/VMX: Add module argument for L1TF mitigation
- [x86] KVM/VMX: Add L1D flush algorithm
- [x86] KVM/VMX: Add L1D MSR based flush
- [x86] KVM/VMX: Add L1D flush logic
- kvm: nVMX: Update MSR load counts on a VMCS switch
- [x86] KVM/VMX: Split the VMX MSR LOAD structures to have an
host/guest numbers
- [x86] KVM/VMX: Add find_msr() helper function
- [x86] KVM/VMX: Separate the VMX AUTOLOAD guest/host number
accounting
- [x86] KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only
MSRs
- [x86] KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required
- cpu/hotplug: Online siblings when SMT control is turned on
- [x86] litf: Introduce vmx status variable
- [x86] kvm: Drop L1TF MSR list approach
- [x86] l1tf: Handle EPT disabled state proper
- [x86] kvm: Move l1tf setup function
- [x86] kvm: Add static key for flush always
- [x86] kvm: Serialize L1D flush parameter setter
- [x86] kvm: Allow runtime control of L1D flush
- cpu/hotplug: Expose SMT control init function
- cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early
- [x86] bugs, kvm: Introduce boot-time control of L1TF mitigations
- Documentation: Add section about CPU vulnerabilities
- [x86] KVM/VMX: Initialize the vmx_l1d_flush_pages' content
- Documentation/l1tf: Fix typos
- cpu/hotplug: detect SMT disabled by BIOS
- [x86] KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush()
- [x86] KVM/VMX: Replace 'vmx_l1d_flush_always' with
'vmx_l1d_flush_cond'
- [x86] KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush()
- [x86] irq: Demote irq_cpustat_t::__softirq_pending to u16
- [x86] KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d
- [x86] Don't include linux/irq.h from asm/hardirq.h
- [x86] irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d
- [x86] KVM/VMX: Don't set l1tf_flush_l1d from
vmx_handle_external_intr()
- Documentation/l1tf: Remove Yonah processors from not vulnerable
list
- [x86] KVM: x86: Add a framework for supporting MSR-based features
- KVM: SVM: Add MSR-based feature support for serializing LFENCE
- [x86] KVM: X86: Introduce kvm_get_msr_feature()
- [x86] KVM: X86: Allow userspace to define the microcode version
- KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR
- [x86] speculation: Simplify sysfs report of VMX L1TF vulnerability
- [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on
vmentry
- KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry
- cpu/hotplug: Fix SMT supported evaluation
- [x86] speculation/l1tf: Invert all not present mappings
- [x86] speculation/l1tf: Make pmd/pud_mknotpresent() invert
- [x86] mm/pat: Make set_memory_np() L1TF safe
- [x86] mm/kmmio: Make the tracer robust against L1TF
- tools headers: Synchronise x86 cpufeatures.h for L1TF additions
- [x86] microcode: Do not upload microcode if CPUs are offline
- [x86] microcode: Allow late microcode loading with SMT disabled
- [x86] smp: fix non-SMP broken build due to redefinition of
apic_id_is_primary_thread
- cpu/hotplug: Non-SMP machines do not make use of booted_once
- [x86] init: fix build with CONFIG_SWAP=n
- [x86] speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED
architectures
- [x86] cpu/amd: Limit cpu_core_id fixup to families older than F17h
- [x86] CPU/AMD: Have smp_num_siblings and cpu_llc_id always be
present
- [x86] l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled
- [x86] i8259: Add missing include file
- [x86] speculation/l1tf: Exempt zeroed PTEs from inversion
.
[ Yves-Alexis Perez ]
* [rt] refresh 0284-cpu-rt-Rework-cpu-down-for-PREEMPT_RT and
0286-kernel-cpu-fix-cpu-down-problem-if-kthread-s-cpu-is- context after
applying L1TF fixes.
* [rt] update 0281-random-Make-it-work-on-rt to fix builds with recent
compilers.
.
[ Ben Hutchings ]
* Bump ABI to 8
linux (4.9.110-3+deb9u2) stretch-security; urgency=high
.
* Revert "net: increase fragment memory usage limits"
linux (4.9.110-3+deb9u1) stretch-security; urgency=high
.
[ Romain Perier ]
* fs: Fix up non-directory creation in SGID directories (CVE-2018-13405)
.
[ Salvatore Bonaccorso ]
* tcp: free batches of packets in tcp_prune_ofo_queue()
* tcp: avoid collapses in tcp_prune_queue() if possible
* tcp: detect malicious patterns in tcp_collapse_ofo_queue()
* tcp: call tcp_drop() from tcp_data_queue_ofo()
linux (4.9.110-3) stretch; urgency=medium
.
[ Salvatore Bonaccorso ]
* cdc_ncm: avoid padding beyond end of skb (Closes: #893393)
* Revert "sit: reload iphdr in ipip6_rcv" (Closes: #903776)
linux (4.9.110-2) stretch; urgency=medium
.
[ Cyril Brulebois ]
* udeb: Add virtio_console to virtio-modules (Closes: #903122).
.
[ Ben Hutchings ]
* [x86] xen: Fix boot regression in PV domains (Closes: #903767):
- x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths
- x86/cpu: Re-apply forced caps every time CPU caps are re-read
* ext4: fix false negatives *and* false positives in ext4_check_descriptors()
(Closes: #903838)
* xen-netfront: Fix regressions in 4.9.104 (Closes: #903914):
- Fix mismatched rtnl_unlock
- Update features after registering netdev
linux-latest (80+deb9u6) stretch-security; urgency=high
.
* Update to 4.9.0-8
lxcfs (2.0.7-1+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* debian/patches/revert-the-virtualization-of-btime-field.patch: New patch,
reverts the uptime virtualiziation, fixing process start times, adopted
from upstream commit 72dd97f7 (Closes: #885542).
magicmaze (1.4.3.6+dfsg-3~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
.
magicmaze (1.4.3.6+dfsg-3) unstable; urgency=medium
.
[ Andreas Beckmann ]
* QA upload.
* Set Maintainer to Debian QA Group. (See: #869294)
.
[ Hans Joachim Desserud ]
* Depend on fonts-isabella now that ttf-isabella is a virtual package.
* Update isabella path in patch to new location,
closes: #747046, LP: #1360075.
mailman (1:2.1.23-1+deb9u4) stretch; urgency=medium
.
* Non-maintainer upload.
* Arbitrary text injection vulnerability in Mailman CGIs (CVE-2018-13796)
(Closes: #903674)
mailman (1:2.1.23-1+deb9u3) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* XSS vulnerability allows malicious listowners to inject scripts into
listinfo pages (CVE-2018-0618)
mbedtls (2.4.2-1+deb9u3) stretch-security; urgency=high
.
* Fix CVE-2018-0497:
Remote plaintext recovery on use of CBC based ciphersuites through a
timing side-channel. (Closes: #904821)
* Fix CVE-2018-0498:
Plaintext recovery on use of CBC based ciphersuites through a cache
based side-channel.
mediawiki (1:1.27.5-1~deb9u1) stretch-security; urgency=medium
.
* New upstream version 1.27.5 (security release), fixing
CVE-2018-0503, CVE-2018-0504, CVE-2018-0505.
mediawiki (1:1.27.4-3) unstable; urgency=medium
.
* Add basic tests via autopkgtest
* Document mediawiki-jobrunner systemd unit in README.Debian
mediawiki (1:1.27.4-2) unstable; urgency=medium
.
* Bump Standards-Version to 4.1.1
* Set Rules-Requires-Root: no
* Remove unused lintian overrides
* Upgrade php-apcu to a Recommends
* Use debhelper compat 10
* Add a systemd unit to run runJobs.php as a service
* Get rid of unnecessary dh_installdeb override
* Remove dead code to mess with $wgVersion
* Synchronise upstream/signing-key.asc
* Remove broken ConfirmEdit/Asirra.php & Vector/Vector.php symlinks
(Closes: #857773)
* Document descriptions and forwarded status for all patches
* Remove unused GPL-3.0 paragraph from debian/copyright
* Override composer-package-without-pkg-php-tools-builddep lintian warning
mediawiki (1:1.27.4-1) unstable; urgency=medium
.
* Imported Upstream version 1.27.4 (security release), fixing
CVE-2017-8809, CVE-2017-8810, CVE-2017-8808, CVE-2017-8811,
CVE-2017-8812, CVE-2017-8814, CVE-2017-8815.
* Users who used the default configuration should not be affected
by CVE-2017-9841, but an extra .htaccess file will restrict
web access to the vendor/ directory.
mgetty (1.1.36-3+deb9u1) stable-security; urgency=medium
.
* Apply upstream patch for CVE-2018-16741.
Harden faxq and faxrunq against attacks with shellmetacharacters in JOB files.
moin (1.9.9-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* XSS in GUI editor related code (CVE-2017-5934) (Closes: #910776)
mosquitto (1.4.10-3+deb9u2) stretch-security; urgency=medium
.
* Non-maintainer upload by the LTS Team.
* fix for CVE-2017-7654
* fix for CVE-2017-7653
* fix for CVE-2017-7652
* fix for CVE-2017-7651
multipath-tools (0.6.4-5+deb9u1) stretch; urgency=medium
.
[ Chris Hofstaedtler ]
* Apply patch to avoid deadlock in udev triggers, based on upstream
10704bae99cdcc809aaba0546017cb2eb416c551, with adaptions from
Alban Browaeys <prahal@yahoo.com> for 0.6.
(Closes: #859157)
* Add myself to Uploaders:.
.
[ Ritesh Raj Sarraf ]
* Use tracker as maintainer email address
* Switch packaging repository to Salsa (Closes: #899615)
mutt (1.7.2-1+deb9u1) stretch-security; urgency=high
.
* Initial changelog entries for security update (Closes: 904051)
* Patches provided by Roberto C. Sánchez <roberto@debian.org>
+ Fix arbitrary command execution by remote IMAP servers via backquote
characters, related to the mailboxes command associated with a manual
subscription or unsubscription (CVE-2018-14354)
+ Fix arbitrary command execution by remote IMAP servers via backquote
characters, related to the mailboxes command associated with an automatic
subscription (CVE-2018-14357)
+ Fix a stack-based buffer overflow caused by imap_quote_string() not
leaving room for quote characters (CVE-2018-14352)
+ Fix an integer underflow in imap_quote_string() (CVE-2018-14353)
+ Fix mishandling of zero-length UID in pop.c (CVE-2018-14356)
+ Fix unsafe interaction between message-cache pathnames and certain
characters in pop.c (CVE-2018-14362)
+ Fix mishandling of ".." directory traversal in IMAP mailbox name
(CVE-2018-14355)
+ Fix a stack-based buffer overflow for an IMAP FETCH response with a long
INTERNALDATE field (CVE-2018-14350)
+ Fix a stack-based buffer overflow for an IMAP FETCH response with a long
RFC822.SIZE field (CVE-2018-14358)
+ Fix mishandling of an IMAP NO response without a message (CVE-2018-14349)
+ Fix mishandling of long IMAP status mailbox literal count size
(CVE-2018-14351)
+ Fix a buffer overflow via base64 data (CVE-2018-14359)
+ Fix a stack-based buffer overflow because of incorrect sscanf usage
(CVE-2018-14360)
+ Fix a defect where processing continues if memory allocation fails for
NNTP messages (CVE-2018-14361)
* Fix unsafe interaction between message-cache pathnames and certain
characters in newsrc.c (CVE-2018-14363)
nagstamon (2.0.1-5+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Address IcingaWeb2 Basic auth issue.
Configuring a server with monitoring type "IcingaWeb2" using Basic
authentication crashes nagstamon with "TypeError: NoneType object is not
subscriptable". (Closes: #910717)
net-snmp (5.7.3+dfsg-1.7+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* snmpd crashes when receiving a GetNext PDU with multiple Varbinds
(CVE-2018-18065) (Closes: #910638)
network-manager (1.6.2-3+deb9u2) stretch; urgency=medium
.
* Cherry-pick various fixes for the sd-network based dhcp=internal plugin
- Make sure we have enough space for the DHCP6 option header.
Fixes out-of-bounds heap write in dhcpv6 option handling.
(CVE-2018-15688, LP: #1795921)
- Remove unreachable route after rebinding return NAK
- Make dhcp6_option_parse_domainname() not store empty domain
- Fix memleaks when releasing a dhcp lease
- Fix an off-by-one error in dhcp6_option_parse_domainname
- Fix assertion starting DHCP client without MAC address
- Fix incorrect clearing of ipv4ll probe conflict counter
network-manager (1.6.2-3+deb9u1) stretch; urgency=medium
.
* libnm: Fix accessing enabled and metered properties.
Those properties were proxied to the wrong object leading to a crash of
clients using libnm. (Closes: #892998)
network-manager-applet (1.4.4-1+deb9u1) stretch; urgency=medium
.
* libnma/pygobject: libnma/NMA must use libnm/NM instead of legacy
libraries.
libnma uses libnm, and not libnm-util/libnm-glib. Hence, the python
bindings must load "NM" and not "NMClient"/"NetworkManager". As it was,
the generated bindings for libnma were unusable and loading them
would fail. (Closes: #896818)
network-manager-vpnc (1.2.4-4+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* service: disallow newlinies in configuration values (CVE-2018-10900)
(Closes: #904255)
okular (4:16.08.2-1+deb9u1) stretch-security; urgency=medium
.
* CVE-2018-1000801, thanks to Thorsten Alzeholz for the patch
ola (0.10.3.nojsmin-2+deb9u1) stretch; urgency=medium
.
* Fix typo in /etc/init.d/rdm_test_server; Closes: #876251.
* Fix filename for jquery in rdm test server static HTML files;
Closes: #912713.
openafs (1.6.20-2+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Volume-level data replacement via unauthenticated butc connections
(CVE-2018-16947) (Closes: #908616)
* Information leakage from uninitialized RPC output variables
(CVE-2018-16948) (Closes: #908616)
* Denial of service due to excess resource consumption (CVE-2018-16949)
(Closes: #908616)
openjdk-8 (8u181-b13-2~deb9u1) stretch-security; urgency=medium
.
* Rebuild for stretch-security
openjdk-8 (8u181-b13-1) unstable; urgency=high
.
* Update to 8u181-b13.
* Remove the mauve test machinery.
* Build using GCC 8 in development releases.
openjdk-8 (8u181-b13-1~deb9u1) stretch-security; urgency=medium
.
* Rebuild for stretch-security
openjdk-8 (8u171-b11-2) unstable; urgency=medium
.
* Update the zero-architectures patch for ia64 (Adrian Glaubitz).
Closes: #897066.
* Fix zero build on ia64 (Adrian Glaubitz). Closes: #897068.
* Refresh patches.
openjdk-8 (8u171-b11-1) unstable; urgency=high
.
[ Tiago Stürmer Daitx ]
* Update to 8u171-b11. Hotspot 8u162-b12 for aarch32 with 8u171-b10 hotspot
security fixes and 8u171-b10 for aarch64.
- CVE-2018-2790,S8189969: Manifest better manifest entries.
- CVE-2018-2795,S8189977: Improve permission portability.
- CVE-2018-2796,S8189981: Improve queuing portability.
- CVE-2018-2797,S8189985: Improve tabular data portability.
- CVE-2018-2798,S8189989: Improve container portability.
- CVE-2018-2799,S8189993: Improve document portability.
- CVE-2018-2794,S8189997: Enhance keystore mechanisms.
- CVE-2018-2814,S8192025: Less referential references.
- CVE-2018-2815,S8192757: Improve stub classes implementation.
- CVE-2018-2800,S8193833: Better RMI connection support.
- S8169080: Improve documentation examples for crypto applications.
- S8180881: Better packaging of deserialization.
- S8182362: Update CipherOutputStream Usage.
- S8189123: More consistent classloading.
- S8190478: Improved interface method selection.
- S8190877: Better handling of abstract classes.
- S8191696: Better mouse positioning.
- S8192030: Better MTSchema support.
- S8193409: Improve AES supporting classes.
- S8193414: Improvements in MethodType lookups.
* d/p/aarch64-hotspot-8u162-b12.patch: removed, tarball has been updated to
8u171-b10.
* d/p/hotspot-S8185723-zero-ppc32-atomic_copy64-fix.patch,
d/p/hotspot-S8201509-zero-s390x-atomic_copy64-fix.patch: fix ppc32, s390x
javac segmentation fault caused by wrong inline assembler.
.
[ Matthias Klose ]
* Bump standards version.
opensc (0.16.0-3+deb9u1) stable; urgency=medium
.
* Backport patches from 0.19.0 to fix CVE-2018-16391, CVE-2018-16392,
CVE-2018-16393, CVE-2018-16418, CVE-2018-16419, CVE-2018-16420,
CVE-2018-16421, CVE-2018-16422, CVE-2018-16423, CVE-2018-16424,
CVE-2018-16425, CVE-2018-16426, CVE-2018-16427. (Closes: 909444)
openssh (1:7.4p1-10+deb9u4) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team
* CVE-2018-15473: fix username enumeration issue, initially reported
by Dariusz Tytko and Michal Sajdak (Closes: #906236)
otrs2 (5.0.16-1+deb9u6) stretch-security; urgency=high
.
* Add patch 21-OSA-2018-03:
This fixes OSA-2018-03, also known as CVE-2018-14593: An attacker who is
logged into OTRS as a user may escalate their privileges by accessing a
specially crafted URL.
* Add patch 22-OSA-2018-04:
This fixes OSA-2018-04, also known as CVE-2018-16587: An attacker could send
a malicious email to an OTRS system. If a user with admin permissions opens
it, it causes deletions of arbitrary files that the OTRS web server user has
write access to.
* Add patch 23-OSA-2018-05:
This fixes OSA-2018-05, also known as CVE-2018-16586: An attacker could send
a malicious email to an OTRS system. If a logged in user opens it, the email
could cause the browser to load external image or CSS resources.
php-horde-image (2.3.6-1+deb9u1) stretch-security; urgency=high
.
* CVE-2017-9773: Prevent a denial of service attack by ensuring an infinite
loop cannot be triggered by a malicious request. (Closes: #865504)
* CVE-2017-9774: Prevent a remote code execution vulnerability (RCE) that was
exploitable by a logged-in user sending a maliciously crafted HTTP GET
request to the image backends. Note that the fix applied upstream has a
regression in that it ignores the "force aspect ratio" option; see
<https://github.com/horde/Image/pull/1>. This has been remedied in this
fix. (Closes: #865505)
* CVE-2017-14650: Prevent another RCE that was exploitable by a logged-in
user sending a maliciously crafted GET request specifically to the "im"
image backend. (Closes: #876400)
pkgsel (0.45+deb9u2) stretch; urgency=medium
.
* Fix target suite
.
pkgsel (0.45+deb9u1) unstable; urgency=medium
.
* Install new dependencies when safe-upgrade (default) is selected
(Closes: #908711)
postgresql-9.6 (9.6.10-0+deb9u1) stretch-security; urgency=medium
.
* New upstream version.
+ Fix failure to reset libpq's state fully between connection attempts
.
An unprivileged user of dblink or postgres_fdw could bypass the checks
intended to prevent use of server-side credentials, such as a ~/.pgpass
file owned by the operating-system user running the server. Servers
allowing peer authentication on local connections are particularly
vulnerable. Other attacks such as SQL injection into a postgres_fdw
session are also possible. Attacking postgres_fdw in this way requires
the ability to create a foreign server object with selected connection
parameters, but any user with access to dblink could exploit the
problem. In general, an attacker with the ability to select the
connection parameters for a libpq-using application could cause
mischief, though other plausible attack scenarios are harder to think
of. Our thanks to Andrew Krasichkov for reporting this issue.
(CVE-2018-10915)
.
+ Fix INSERT ... ON CONFLICT UPDATE through a view that isn't just SELECT
FROM ...
.
Erroneous expansion of an updatable view could lead to crashes or
attribute ... has the wrong type errors, if the view's SELECT list
doesn't match one-to-one with the underlying table's columns.
Furthermore, this bug could be leveraged to allow updates of columns
that an attacking user lacks UPDATE privilege for, if that user has
INSERT and UPDATE privileges for some other column(s) of the table. Any
user could also use it for disclosure of server memory. (CVE-2018-10925)
.
* Add new pgtypes header and symbol.
* Refresh debian/patches/filter-debug-prefix-map.
* Update branch in Vcs-Git field.
publicsuffix (20181003.1334-0+deb9u1) stretch; urgency=medium
.
* new upstream publicsuffix data
publicsuffix (20180523.2326-2) unstable; urgency=medium
.
* d/changelog: drop trailing whitespace
* Standards-Version: bump to 4.1.4 (no changes needed)
publicsuffix (20180523.2326-1) unstable; urgency=medium
.
* new upstream version
publicsuffix (20180523.2326-0+deb9u1) stretch; urgency=medium
.
* new upstream publicsuffix data
publicsuffix (20180328.1055-1) unstable; urgency=medium
.
* new upstream version
publicsuffix (20180312.1505-1) unstable; urgency=medium
.
* new upstream version
publicsuffix (20180223.1310-1) unstable; urgency=medium
.
* new upstream version
publicsuffix (20180218.2049-1) unstable; urgency=medium
.
* new upstream version
python-django (1:1.10.7-2+deb9u3) stretch; urgency=medium
.
* Default to supporting Spatialite >= 4.2. (Closes: #910240)
python-django (1:1.10.7-2+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2018-14574: Fix an open redirect possibility in CommonMiddleware.
If the django.middleware.common.CommonMiddleware and the APPEND_SLASH
setting were both enabled, and if the project has a URL pattern that
accepted any path ending in a slash then a request to a maliciously crafted
URL of that site could lead to a redirect to another site, enabling
phishing and other attacks. (Closes: #905216)
* CVE-2017-12794: Fix a cross-site scripting attack in the technical HTTP 500
page. This vulnerability did not affect production sites as they typically
do not run with "DEBUG = True". (Closes: #874415)
python-imaplib2 (2.55-1+deb9u2) stretch; urgency=medium
.
* Install the correct module for Python 3.
Until now, python3-imaplib2 installed the Python 2 version of this module.
Thanks to Faidon Liambotis for reporting this (Closes: 902755)
* Apply patch to remove TIMEOUT_MAX variable.
On some architectures, using threading.TIMEOUT_MAX for the timeout
parameter can overflow causing Condition.wait() to return immediately.
Thanks to Maximilian Stein for reporting this (Closes: #899102)
python2.7 (2.7.13-2+deb9u3) stretch-security; urgency=medium
.
* CVE-2018-1000802, CVE-2018-1060, CVE-2018-1061, CVE-2018-14647
python3.5 (3.5.3-1+deb9u1) stretch-security; urgency=medium
.
* CVE-2017-1000158 CVE-2018-1060 CVE-2018-1061 CVE-2018-14647
ruby-json-jwt (1.6.2-1+deb9u1) stretch-security; urgency=medium
.
* Fixes: CVE-2018-1000539 (Closes: #902721)
ruby-rack-protection (1.5.3-2+deb9u1) stretch-security; urgency=medium
.
* CVE-2018-1000119 (Closes: #892250)
ruby-sprockets (3.7.0-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Do not respond to http requests asking for a `file://` (CVE-2018-3760)
(Closes: #901913)
rustc (1.24.1+dfsg1-1~deb9u4) stretch; urgency=medium
.
* i686-baseline.patch: don't use pentium4 as i686 baseline (closes: #908561)
rustc (1.24.1+dfsg1-1~deb9u3) stretch; urgency=medium
.
* Disable stage0 build.
samba (2:4.5.12+dfsg-2+deb9u3) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Confidential attribute disclosure from the AD LDAP server (CVE-2018-10919)
* Insufficient input validation on client directory listing in libsmbclient
(CVE-2018-10858)
sddm (0.14.0-4+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Honor PAM's ambient supplemental groups (Closes: #898191)
* Added missing utmp/wtmp/btmp handling (Closes: #878956)
serf (1.3.9-3+deb9u1) stretch; urgency=medium
.
* Backport r1712790 from upstream to fix NULL pointer dereference.
Thanks to Colin Watson for investigation and report (Closes: #893688)
* Backport create_certs.py from upstream to generate certs at test time
(Closes: #911714)
slurm-llnl (16.05.9-1+deb9u2) stretch-security; urgency=high
.
* Fix CVE-2018-10995 caused by mishandling user names (aka user_name
fields) and group ids (aka gid fields)
* Fix CVE-2018-7033 that can cause SQL Injection attacks against
SlurmDBD
soundconverter (3.0.0~alpha1+git20151209-1+deb9u1) stretch; urgency=medium
.
* debian/gbp.conf: Work on stretch branch.
* debian/patches: Apply upstream patch to fix opus vbr setting. (Closes:
#834598)
spamassassin (3.4.2-1~deb9u1) stretch; urgency=high
.
* New upstream release fixes multiple security vulnerabilities
- CVE-2017-15705: Denial of service issue in which certain unclosed
tags in emails cause markup to be handled incorrectly leading to
scan timeouts. (Closes: 908969)
- CVE-2016-1238: Unsafe usage of "." in @INC in a configuration
script.
- CVE-2018-11780: potential Remote Code Execution bug with the
PDFInfo plugin. (Closes: 908970)
- CVE-2018-11781: local user code injection in the meta rule syntax.
(Closes: 908971)
- BayesStore: bayes_expire table grows, remove_running_expire_tok not
called (Closes: 883775)
- Fix use of uninitialized variable warning in PDFInfo.pm
(Closes: 865924)
- Fix "failed to parse plugin" error in
Mail::SpamAssassin::Plugin::URILocalBL (Closes: 891041)
* Don't recursively chown /var/lib/spamassassin during postinst.
(Closes: 889501)
* Reload spamd after compiling rules in sa-compile.postinst.
* Update SysV init script to cope with upstream's change to $0.
* Remove compiled rules upon removal of the sa-compile package.
* Ensure that /var/lib/spamassassin/compiled doesn't change modes with
the cron job's execution. (Closes: 890650)
* Create /var/lib/spamassassin via dpkg, rather than the postinst.
(Closes: 891833)
* Add libbsd-resource-perl to Suggests (Closes: 910434)
.
spamassassin (3.4.1-8) unstable; urgency=medium
.
* Fix inappropriate invocation of invoke-rc.d in cron script.
(Closes: 865514)
* Update systemd unit dependencies to include network and syslog.
(Closes: 864810)
* Migrate packaging to git, finally.
* Apply upstream patch to fix regex error leading to warnings in perl
5.26+ (Closes: 869408)
* Update standards version to 4.1.0.0
* Remove references to the obsolete syslog.target dependency in the
systemd service file.
* Clarify the use of the perl-major-upgrade dpkg trigger.
* Fix spamd service management on package upgrades. (Closes: #865356)
.
spamassassin (3.4.1-7) unstable; urgency=medium
.
* Ensure that spamd doesn't automatically start upon initial
installation.
* Disable bb.barracudacentral.org (RCVD_IN_BRBL_LASTEXT), as
it requires users to register. (Closes: #861671)
* Update the systemd unit file to use the same pid file as was
used in the sysvinit script. (Closes: #808804)
* Update spamassassin docs to remove outdated gpg version
compatibility note. (Closes: #853913)
spamassassin (3.4.1-8) unstable; urgency=medium
.
* Fix inappropriate invocation of invoke-rc.d in cron script.
(Closes: 865514)
* Update systemd unit dependencies to include network and syslog.
(Closes: 864810)
* Migrate packaging to git, finally.
* Apply upstream patch to fix regex error leading to warnings in perl
5.26+ (Closes: 869408)
* Add Multi-Arch: foreign headers to package definitions (Closes:
#850454)
* Update standards version to 4.1.0.0
* Remove references to the obsolte syslog.target dependency in the
systemd service file.
* Clarify the use of the perl-major-upgrade dpkg trigger.
* Fix spamd service manage on upgrades. (Closes: #865356)
spamassassin (3.4.1-7) unstable; urgency=medium
.
* Ensure that spamd doesn't automatically start upon initial
installation.
* Disable bb.barracudacentral.org (RCVD_IN_BRBL_LASTEXT), as
it requires users to register. (Closes: #861671)
* Update the systemd unit file to use the same pid file as was
used in the sysvinit script. (Closes: #808804)
* Update spamassassin docs to remove outdated gpg version
compatibility note. (Closes: #853913)
spice (0.12.8-2.1+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix flexible array buffer overflow (CVE-2018-10873) (Closes: #906315)
spice-gtk (0.33-3.3+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Fix flexible array buffer overflow (CVE-2018-10873) (Closes: #906316)
sqlcipher (3.2.0-2+deb9u1) stretch; urgency=medium
.
[ Philipp Berger ]
* Fixup previous patch, to avoid a crash when opening file
(Closes: #863530)
strongswan (5.5.1-4+deb9u4) stretch-security; urgency=medium
.
* d/p/CVE-2018-17540_gmp-pkcs1-overflow added, fix an integer underflow and
subsequent heap buffer overflow vulnerability in the gmp plugin triggered
by crafted certificates with RSA keys with very small moduli
(CVE-2018-17540)
strongswan (5.5.1-4+deb9u3) stretch-security; urgency=medium
.
* d/p/CVE-2018-16151+CVE-2018-16152_gmp-pkcs1-verify added
fix potential Bleichenbacher's low-exponent attack (CVE-2018-16151,
CVE-2018-16152)
subversion (1.9.5-1+deb9u3) stretch; urgency=medium
.
* Backport r1827688, fixing a regression introduced in the fixes for SHA1
collisions, where commits would incorrectly fail with a "Filesystem is
corrupt" error if the delta length is a multiple of 16K.
symfony (2.8.7+dfsg-1.3+deb9u1) stretch-security; urgency=medium
.
* Use gbp pq to handle patches introduced in NMU
* Cherry-pick upstream commits to fix security issues
- [Security] Validate redirect targets using the session cookie domain
[CVE-2017-16652]
- [Security] Namespace generated CSRF tokens depending of the current
scheme [CVE-2017-16653]
- prevent bundle readers from breaking out of paths [CVE-2017-16654]
- [Form][DX] FileType "multiple" fixes
- ensure that submitted data are uploaded files [CVE-2017-16790]
- Adding session strategy to ALL listeners to avoid *any* possible
fixation [CVE-2018-11385]
- Adding session authentication strategy to Guard to avoid session
fixation [CVE-2018-11385]
- [HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL
is in loose mode [CVE-2018-11386]
- [Security] Fix logout
- do not mock the session in token storage tests
- clear CSRF tokens when the user is logged out [CVE-2018-11406]
- [Ldap] cast to string when checking empty passwords [CVE-2016-2403]
- [SecurityBundle] Fail if security.http_utils cannot be configured
[CVE-2018-11408]
sympa (6.2.16~dfsg-3+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
.
[ Salvatore Bonaccorso ]
* Directory traversal vulnerability (CVE-2018-1000550)
.
[ Emmanuel Bouthenot ]
* Fix shell function used to prefill debconf questions from Sympa
configuration file in debian/config. Values reinjected to Sympa config
file were false and led to serious configurations issues.
(Closes: #863631)
systemd (232-25+deb9u6) stretch; urgency=medium
.
* dhcp6: Make sure we have enough space for the DHCP6 option header.
Fixes out-of-bounds heap write in systemd-networkd dhcpv6 option
handling.
(CVE-2018-15688, LP: #1795921, Closes: #912008)
systemd (232-25+deb9u5) stretch; urgency=medium
.
* networkd: Do not fail manager_connect_bus() if dbus is not active yet
(Closes: #901834)
systraq (20160803-1+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* debian/20systraq: Invert logic in order to exit successfully in case
/e/s/Makefile is missing. (Closes: #867277)
teeworlds (0.6.5+dfsg-1~deb9u1) stretch-security; urgency=high
.
* Team upload.
* New upstream version 0.6.5+dfsg.
Fix CVE-2018-18541: remote denial-of-service vulnerability in
teeworlds-server. (Closes: #911487)
texlive-bin (2016.20160513.41080.dfsg-2+deb9u1) stretch-security; urgency=high
.
* fix buffer overflow in writet1
thunderbird (1:60.2.1-2~deb9u1) stretch-security; urgency=medium
.
[ Carsten Schoenert ]
* Rebuild for stretch-security
Resync binary packages to build against the version in unstable/testing:
Upstream isn't shipping localization for bn-bd and ta-lk for Thunderbird
60.x. Thus the packages {icedove,thunderbird}-l10n-bn-bd,
{icedove,thunderbird}-l10n-ta-lk got dropped. The localization for pa-in
was removed for Thunderbird earlier but the transitional packages
{icedove,iceowl}-l10n-pa-in aren't until now.
icedove-dev got dropped as we don't have also the referring package
thunderbird-dev since version 59.
Besides this localization for cy was added by upstream, reflecting this in
a new package thunderbird-l10n-cy.
(Closes: #911292, #911504)
thunderbird (1:60.2.1-1) unstable; urgency=medium
.
* [ba75ca3] logo: move old TB graphics into dedicated folder
* [ba47234] logo: adding new TB icon *.png graphics
Like Firefox Thunderbird has also got a reworked logo. As we use some own
icon created from a SVG graphic this commit adds the new icons in the
various sizes. The source of the SVG graphic is taken from
https://demo.identihub.co/thunderbird#/view/icon/element/612
(Closes: #909108)
* [0b16a87] d/source.filter: don't remove react files from source
(Closes: #909046)
* [d01dfd6] rebuild patch queue from patch-queue branch
added patches:
fixes/Bug-1479540-Accept-triplet-strings-with-only-two-parts-in.patch
fixes/Bug-1482248-don-t-crash-on-empty-file-name-in-nsMsgLocalS.patch
fixes/Bug-1492064-Disable-baseline-JIT-when-SSE2-is-not-support.patch
fixes/Bug-1492065-Use-Swizzle-fallback-when-SSE2-is-not-support.patch
(Closes: #909628, #909039, #906816)
* [bf64065] New upstream version 60.2.1
Fixed CVE issues in upstream version 60.2.1 (MFSA 2018-25)
CVE-2018-12377: Use-after-free in refresh driver timers
CVE-2018-12378: Use-after-free in IndexedDB
CVE-2018-12379: Out-of-bounds write with malicious MAR file
CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2
CVE-2018-12385: Crash in TransportSecurityInfo due to cached data
CVE-2018-12383: Setting a master password post-Firefox 58 does not delete
unencrypted previously stored passwords
* [b4712af] rebuild patch queue from patch-queue branch
removed patches (fixed upstream):
fixes/Bug-1482248-don-t-crash-on-empty-file-name-in-nsMsgLocalS.patch
* [79057f6] d/control: make lightning-l10n packages transitional
The l10n content for Lightning and a specific language is now much more
related to the Thunderbird l10n content. By this the existing lightning
l10n packages are not really useful any more as we move the Lightning
l10n content into the respective Thunderbird l10n package a we need to
turn the existing Lightning l10n packages into transitional packages.
* [a0ac3b7] d/control: adding Replaces, Breaks, Provides to thunderbird-l10n-*
Related to the previous commit the Thunderbird l10n packages need some
more fields in the control file so the transition from lightning-l10n into
thunderbird-l10n can work.
* [c82ee7c] d/rules: install lightning l10n into thunderbird-l10n-* packages
The content for the lightning l10n stuff needs now to be installed into
thunderbird-l10n packages.
* [72cd535] d/control: add thunderbird-l10n-cy
Oops, seems like we never have introduced this language for Thunderbird
before. Now required to provide the l10n content for Lightning.
* [510bea6] d/thunderbird-wrapper.sh: improve GDB switch
Since TB 60 upstream isn't installing the old wrapper script
run-mozilla.sh any more. By this we need to adjust our starting wrapper
so the call to start Thunderbird within the GDB debugger is working.
thunderbird (1:60.0-3) unstable; urgency=medium
.
* [daa0dd7] locale: use 'intl.locale.requested' correctly
Thanks to hint from Sven Joachim we can use the preference setting
'intl.locale.requested' in way that users don't need to use this setting
within their prefs.js to control the language of the Thunderbird UI.
'intl.locale.requested' is somehow the successor of 'intl.locale.matchOS'.
(Closes: #908034)
* [f8ac1b2] debian/control: increase Standards-Version to 4.2.1
No further changes needed.
* [a001579] d/control: remove empty 'Replaces' in thunderbird-l10n-da
We can remove that line of Replaces without any key.
thunderbird (1:60.0-2) unstable; urgency=medium
.
[ Carsten Schoenert ]
* [71ac5e7] rebuild patch queue from patch-queue branch
added patches:
porting-mips/Add-struct-ucred-for-Linux-on-MIPS.patch
porting-mips/Bug-1444303-MIPS-Fix-build-failures-after-Bug-1425580-par.patch
porting-mips/Bug-1444834-MIPS-Stubout-MacroAssembler-speculationBarrie.patch
* [d94e5dc] d/control: B-D on {lib}clang-6.0* and llvm-6.0-dev
(Closes: #906707)
thunderbird (1:60.0-2~deb9u1) stretch-security; urgency=medium
.
[ Carsten Schoenert ]
* Rebuild for stretch-security
* [fd4e834] d/mozconfig.default: use internal libraries
* [29621ed] d/control: remove no longer needed Build-Depends
thunderbird (1:60.0-1) unstable; urgency=medium
.
[ Cyril Brulebois ]
* [4f1fcd4] Bump B-D libsqlite3-dev version
Upstream requires a more recent version that is already available in
unstable but not in Stretch later e.g.
* [5a790c2] Add libicu-dev to Build-Depends (required for icu-i18n.pc)
This package was pulled from some other package already but we need this
explicit now again as we don't use the internal ICU version any more.
* [8c86207] Bump libhunspell-dev version
The same as for libsqlite3-dev, adding the correct B-D version.
(Closes: #905465)
.
[ Carsten Schoenert ]
* [901f257] New upstream version 60.0
Fixed CVE issues in upstream version 60.0 (MFSA 2018-19)
CVE-2018-12359: Buffer overflow using computed size of canvas element
CVE-2018-12360: Use-after-free when using focus()
CVE-2018-12361: Integer overflow in SwizzleData
CVE-2018-12362: Integer overflow in SSSE3 scaler
CVE-2018-5156: Media recorder segmentation fault when track type is
changed during capture
CVE-2018-12363: Use-after-free when appending DOM nodes
CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins
CVE-2018-12365: Compromised IPC child process can list local filenames
CVE-2018-12371: Integer overflow in Skia library during edge builder
allocation
CVE-2018-12366: Invalid data handling during QCMS transformations
CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming
CVE-2018-5187: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1,
and Thunderbird 60
CVE-2018-5188: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1,
Firefox ESR 52.9, and Thunderbird 60
* [44ab834] rebuild patch queue from patch-queue branch
removed patches (applied upstream):
porting-arm64/Bug-1453892-Only-use-SkJumper-s-arm64-half-float-optimiza.patch
porting-arm64/Bug-1463036-Use-HAVE_ARM_NEON-instead-of-BUILD_ARM_NEON-f.patch
porting-armel/Bug-1463036-Add-mfloat-abi-softfp-to-NEON_FLAGS-when-it-m.patch
* [3168b29] debian/control: increase Standards-Version to 4.2.0
No further changes needed.
* [f2f206e] d/rules: use MOZ_LANGPACK_ID instead of hard coding
* [996352a] d/rules: ensure l10n MOZ_LANGPACK_ID matches variable from
makefile
Previous beta versions for the thunderbird-l10n data have used
'@firefox.mozilla.org' within their application.id setting. Thunderbird
now expects '@thunderbird.mozilla.org' instead. Make the build more
flexible so we can detect mismatches here.
(Closes: #906176)
thunderbird (1:60.0~b10-1) experimental; urgency=medium
.
[ intrigeri ]
* [596869d] AppArmor: update profile from upstream (at commit edc9487)
(Closes: #901471)
.
[ Carsten Schoenert ]
* [57195ff] New upstream version 60.0~b10
* [770c9a6] rebuild patch queue from patch-queue branch
added patches:
porting-arm64/Bug-1463036-Use-HAVE_ARM_NEON-instead-of-BUILD_ARM_NEON-f.patch
porting-armel/Avoid-using-vmrs-vmsr-on-armel.patch
porting-armel/Bug-1463035-Remove-MOZ_SIGNAL_TRAMPOLINE.-r-darchons.patch
porting-armel/Bug-1463036-Add-mfloat-abi-softfp-to-NEON_FLAGS-when-it-m.patch
* [7fa6ebd] debian/control: increase Standards-Version to 4.1.5
No further changes needed.
* [22e701c] c-l-l10n-t.sh: adjust the path to the python helper
Adjust the shell script helper to use the changed path to makeversion.py.
* [90a1d9e] sticky prefs: use the new syntax in vendor.js
The syntax for locked preferences has been changed a while ago, it's
time to adjust the entry within vendor.js to disable automatic updates
for AddOns.
thunderbird (1:60.0~b9-2) experimental; urgency=medium
.
[ intrigeri ]
* [eb7cb44] Revert "apparmor: allow access to @{HOME}/.gnupg/tofu.db"
* [4cd8baf] AppArmor: update profile from upstream
(Closes: #900840)
* [807eb99] AppArmor: update profile from upstream (at commit 104da32)
.
[ Carsten Schoenert ]
* [c980546] rebuild patch queue from patch-queue branch
added patch:
porting-arm64/Bug-1453892-Only-use-SkJumper-s-arm64-half-float-optimiza.patch
thunderbird (1:60.0~b9-1) experimental; urgency=medium
.
* [be64a3e] d/source.filter: update due upstream changes
Writing the import filter file source.filter mostly complete new from
scratch. Needed because upstream has changed the structure of the source
completely.
* [c4b9113] New upstream version 60.0~b9
* [3dc900a] rebuild patch queue from patch-queue branch
Related to the changed source structure the patches for the patch queue
needs to be adjusted to the new folders and their structure. Thanks to
git this wasn't that painful as git did all of the job. Two new patches
are needed to add.
added patches:
fixes/Build-also-gdata-provider-as-xpi-file.patch
debian-hacks/Don-t-build-testing-suites-and-stuff-part-2.patch
* [e50ae04] d/rules: remove references to folder 'mozilla'
To get the source built some targets in debian/rules are needed to be
modified. All references to the old used folder 'mozilla/' are removed
now.
* [a650500] ICU: don't build the Paragraph Layout library
Disable the build of the Paragraph Layout library, we don't need them if
we need to built the ICU stuff. Cherry-picked from current ESR 52
packaging.
* [977b7fe] d/mozconfig.default: use the ICU package from system
The Debian packages of icu are recent enough so we don't need to build
own dedicated ICU binaries.
* [0c7ed7e] adjust the configuration of the built
Because of the modified source structure some more adjustments are needed
while going through the built targets like different paths, and built
calls of the Thunderbird source.
* [1c09011] adjust the install temporary folder
Upstream is now wrapping all internal make calls through a Python wrapper
called 'mach'. This also involves a changed behavior for installing the
Thunderbird files into the temporary folder we later use by the debhelper
sequencer.
* [bfbc9ca] d/s/lintian-overrides: update content due changed source.filter
The modified file debian/source.filter make some adjustments needed in
the lintian-overrides file for the source files related part.
* [44a4c5a] d/thunderbird.lintian-overrides: update after config changes
Like before some adjustments are needed for the lintian override rules
for the source files.
* [dd48091] d/copyright: adjust the content due folder changes
And one more file that needs to be adjusted due the changed source files.
thunderbird (1:60.0~b6-1) experimental; urgency=medium
.
[ Carsten Schoenert ]
* [3d91710] create-lightning-l10n: adjust folder structure
To build more easy lightning-l10n packages let's modify the helper script
for building the additional tarball. Change the content structure so we
can simple copy the needed l10n stuff into the l10n packages.
* [f1d6031] New upstream version 60.0~b6
* [6643c31] Revert the linking into /u/l/tb/d/extensions
Thunderbird in Debian won't detecting extension which are placed in
/usr/lib/thunderbird/distribution/extensions, going back to the old
folder /usr/lib/thunderbird/extensions to link extensions into
Thunderbird.
* [26549a3] lightning: turning package into Architecture all
Change the architecture for the lightning package from 'any' to 'all'.
Lightning is only build by Javascript, CSS, JSM and other text based
files and we don't need to build and install it as a architecture
dependent package.
* [86cd48f] mozconfig.default: disable webrtc build and inclusion
Let's drop the build of support for WebRTC, Thunderbird isn't able to use
this as there is no component which is depending on this. The chat
component would be a potential use case but right now it lacks any
functionality by webrtc features.
thunderbird (1:60.0~b5-1) experimental; urgency=medium
.
[ Carsten Schoenert ]
* [b8625ea] New upstream version 60.0~b5
thunderbird (1:60.0~b4-1) experimental; urgency=medium
.
[ Carsten Schoenert ]
* [62ae939] New upstream version 60.0~b4
thunderbird (1:60.0~b3-1) experimental; urgency=medium
.
[ Carsten Schoenert ]
* [94f8505] debian/control: increase Standards-Version to 4.1.4
No further changes needed.
* [3ba10c6] rebuild patch queue from patch-queue branch
added patches:
porting-sparc64/Bug-1434726-Early-startup-crash-on-Linux-sparc64-in-HashI.patch
fixes/Use-msse-2-fpmath-C-CXXFLAGS-only-on-x86_64-platforms.patch
fixes/Fix-big-endian-build-for-SKIA.patch (re-added)
Thanks Andreas Glaubitz for providing these patches!
* [dabf294] New upstream version 60.0~b3
* [24f8a38] re-enable usage of lib{nspr4,nss3}-dev while built
The available versions of these libraries now recent enough so we can
drop the usage of the embedded code copies.
thunderbird (1:60.0~b2-1) experimental; urgency=medium
.
[ Agustin Henze ]
* [3639717] apparmor: allow access to @{HOME}/.gnupg/tofu.db
(Closes: #894907)
.
[ intrigeri ]
* [3895bba] AppArmor: fix empty black windows in Thunderbird 58+
(Closes: #887973)
* [353ca25] AppArmor: update profile from upstream
(Closes: #882048, #882122)
.
[ Carsten Schoenert ]
* [37e0bbe] New upstream version 59.0~b1
* [d75c4be] rebuild patch queue from patch-queue branch
added patches:
fixes/Fix-build-against-libcairo2-dev-1.15.10.patch
patches/fixes/Fix-big-endian-build-for-SKIA.patch
.
removed patches:
debian-hacks/Allow-usage-of-libnspr4-dev-4.16.patch
fixes/Bug-1418598-Make-cargo-linker-properly-handle-quoted-stri.patch
thunderbird/Thunderbird-fix-installdir-for-icons.patch
* [9615d6a] New upstream version 60.0~b1
* [431006c] d/source.filter: update due upstream changes
Update the list of files we filter out, Upstream added various new files
mostly used for auto-testing we don't use.
* [2cb4635] d/s/lintian-overrides: remove entries about brace expansion
We can remove the override about brace expansion in dh sequencer files.
* [4c9f185] debian/rules: using 'rm -f' because probably non existing files
The file app.ini isn't existing in some l10n folders for lightning,
simply use '-f' for convenience.
* [ed00442] debian/rules: fix typo to grep app ID of calendar-g-p
* [4a993c5] adding additional packages to Breaks with thunderbird
The packages calendar-exchange-provider and enigmail
xul-ext-sogo-connector aren't compatible to the webextension interface
and we need to add a versioned Breaks.
* [9bd8286] adjust Breaks for enigmail
Also enigmail needs an adjusted version for Breaks.
* [24382c2] Revert "Use gcc-6 and g++-6 due broken GUI with GCC-7"
(Closes: #892404)
* [f0ac8a5] rebuild patch queue from patch-queue branch
removed patches:
debian-hacks/Allow-to-override-ICU_DATA_FILE-from-the-environment.patch
debian-hacks/remove-non-free-W3C-icon-valid.png.patch
fixes/Allow-.js-preference-files-to-set-locked-prefs-with-lockP.patch
fixes/Fix-build-against-libcairo2-dev-1.15.10.patch
.
modified patches:
debian-hacks/Build-against-system-libjsoncpp.patch
debian-hacks/Don-t-build-testing-suites-and-stuff.patch
porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch
porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch
* [6ab35ad] d/mozconfig.default: don't use nspr and nss from system
We need to switch back to the embedded source for NSS and NSPR, the
versions in unstable aren't usable.
* [055ed65] d/mozconfig.default: remove no longer alive option
The option '--enable-system-cairo' is gone with TB 60.
* [663d6f1] lightning-l10n-bn-bd: remove Bengali (Bangladesh) l10n package
* [02b21cb] lightning-l10n-pa-in: remove Punjabi (India) l10ng package
* [0cc0b5d] lightning-l10n-ta-lk: remove Tamil (Sri Lanka) l10n package
* [62f23a5] thunderbird-l10n-bn-bd: remove (Bangladesh) l10n package
* [61bfdf4] thunderbird-l10n-pa-in: remove Punjabi (India) l10n package
* [a361750] thunderbird-l10n-ta-lk: remove Tamil (Sri Lanka) l10n package
* [8ba5b0d] debian/control: add new packages for *-kk language
* [e4280ac] debian/control: add new packages for *-ms language
* [aaef9fe] adjust Vcs fields to salsa.debian.org
* [144c492, 009b145] debian/copyright: update after upstream changes
Upstream removed some files/folders, which reflects in needed adjustments
for the copyright file.
* [3623f84] d/thunderbird.lintian-overrides: add libnspr4.so and libnss3.so
We now need to ship (again) embedded libraries for NSPR and NSS.
* [0d3de65] lightning: move linking into /u/l/tb/distribution/extensions
Following upstream with the folder for the Lightning to not differ.
* [4d6cefe] New upstream version 60.0~b2
* [e1c40a7] rebuild patch queue from patch-queue branch
removed patches:
fixes/Fix-big-endian-build-for-SKIA.patch
* [4834a1d] add entries to README and NEWS for thunderbird
Adding notes about the current situation foe the l10n packages and their
integration into the UI of Thunderbird and Lightning.
thunderbird (1:58.0~b3-1) experimental; urgency=medium
.
[ Carsten Schoenert ]
* [d114338] d/source.filter: update due upstream changes
Update the filtering list for excluding some unwanted source files as
usual while preparing new major upstream versions.
* [91d23a9] New upstream version 58.0~b3
* [f34e555] rebuild patch queue from patch-queue branch
added patches:
debian-hacks/Allow-usage-of-libnspr4-dev-4.16.patch
debian-hacks/icu-use-locale.h-instead-of-xlocale.h.patch
debian-hacks/shellutil.py-ignore-tilde-as-special-character.patch
fixes/Bug-1418598-Make-cargo-linker-properly-handle-quoted-stri.patch
.
modified patches:
debian-hacks/Build-against-system-libjsoncpp.patch
debian-hacks/Don-t-build-testing-suites-and-stuff.patch
porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch
porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch
porting-m68k/Add-m68k-support-to-Thunderbird.patch
porting-sh4/Add-sh4-support-to-Thunderbird.patch
porting/Disable-optimization-on-alpha-for-the-url-classifier.patch
prefs/Don-t-auto-disable-extensions-in-system-directories.patch
prefs/Set-javascript.options.showInConsole.patch
.
obsolete patches (included somehow or fixed upstream):
debian-hacks/Force-use-the-i686-rust-target.patch
porting-alpha/FTBFS-alpha-adjust-some-source-to-prevent-build-issues.patch
patches/porting-alpha/fix-FTBFS-on-alpha.patch
patches/porting-arm64/Bug-1257055-Use-jit-arm64-Architecture-arm64.h-on-non-JIT.patch
patches/porting-hppa/FTBFS-hppa-xpcshell-segfaulting-during-make-install.patch
porting-kfreebsd-hurd/FTBFS-hurd-adding-GNU-Hurd-to-the-list-of-OS-systems.patch
porting-mips/FTBFS-mips-add-missing-char-variable.patch
porting/ppc-fix-divide-page-size-in-jemalloc.patch
thunderbird-l10n/thunderbird-l10n-disable-external-extension-update.patch
* [bd45d47] debian/control: adding new Build-Depends
Since this is the first version > 52 we need now cargo, clang, rustc and
llvm development files.
* [c63a03f] d/mozconfig.default: remove no longer alive options
Some old options like --disable-gnomeui, --enable-gio, and
--with-default-mozilla-five-home are history now.
* [609dbbe] l10n lightning: modify script to work with recent version
We still need to use the shellscript create-lightning-l10n-tarball.sh
(and also *-thunderbird-l10n-*) to create the additional tarballs.
* [2f276b7] thunderbird-l10n: change tb-l10n package installation
Due the changed structure from upstream for the thunderbird l10n files
the packaging needs also to be adopted.
* [ee476f8] d/thunderbird.install: update install sequencer file
Also small adjustments are needed for the installation of the thunderbird
binary files. The old script run-mozilla.sh (which we didn't have used
within the Debian packaging) isn't shipped now, and there is now a new
folder gtk2 which includes the libmozgtk library linked against GTK2.
* [ced9d18] thunderbird-dev: remove the package and adjustments on this
The complete content that was packaged previously in thunderbird-dev
isn't created and installed now. Thus makes the old package
thunderbird-dev obsolete.
* [484a142] autopkgtests: disable tests around thunderbird-dev
Disable all autopkgtests which have used thunderbird-dev.
* [0aa2546] switch to system libraries back
We can now use the system libararies libnspr4, libnss3 and libsqlite3
again, the version of libicu is still to old for usage within the
package build.
* [858ae82] d/control: thunderbird, remove variable ${gnome:Depends}
* [7c3a258] d/control: lightning, remove variable ${shlibs:Depends}
* [aabf0d4] debian/source/lintian-overrides: update entries
* [94b00db] debian/control: increase Standards-Version to 4.1.3
No further changes needed.
* [245e8c2] debian/copyright: update after upstream changes
Also almost needed with new major upstream versions reflect the
changes from upstream in the copyright file.
* [72507b2] d/control: enigmail < 1.9.9 isn't working with TB > 55
Due the new plugin interface some old plugins doesn't work with this
thunderbird version anymore, or behaving unexpected. Enigmal is one of
the this (known) plugins which needs to be at least in version 2.0a2pre
installed to work with Thunderbird.
* [6cf0133] lightning-l1on: change l10n installation
Related to [4abc7f2] the various thunderbird-l10n packages need to be
installed differently to old package installations.
* [6af7054] calendar-google-provider: tweak installation a bit
More a hack but the Mozilla plugin installation by mozilla-devscripts
isn't prepared for the new webextension logic by Mozilla. Symlinking the
c-g-p plugin for now directly from the thunderbird extension folder.
thunderbird (1:52.9.1-1) unstable; urgency=high
.
[ intrigeri ]
* [1259eaa] AppArmor: update profile from upstream (at commit edc9487)
(Closes: #901471)
.
[ Carsten Schoenert ]
* [d706f5b] debian/control: increase Standards-Version to 4.1.5
No further changes needed.
* [f5a3eb2] New upstream version 52.9.1
(Closes: #903160)
thunderbird (1:52.9.1-1~deb9u1) stretch-security; urgency=medium
.
[ Carsten Schoenert ]
* Rebuild for stretch-security
thunderbird (1:52.9.0-1) unstable; urgency=high
.
[ intrigeri ]
* [c33dba2] Revert "apparmor: allow access to @{HOME}/.gnupg/tofu.db"
* [cb64397] AppArmor: update profile from upstream (Closes: #900840)
* [b5d6545] AppArmor: update profile from upstream (at commit 104da32)
.
[ Carsten Schoenert ]
* [099b525] d/source.filter: add some more files to filter
There are some more files we want to filter out.
* [376e5f3] New upstream version 52.9.0
Fixed CVE issues in upstream version 52.9 (MFSA 2018-18)
CVE-2018-12359: Buffer overflow using computed size of canvas element
CVE-2018-12360: Use-after-free when using focus()
CVE-2018-12372: S/MIME and PGP decryption oracles can be built with HTML
emails
CVE-2018-12373: S/MIME plaintext can be leaked through HTML reply/forward
CVE-2018-12362: Integer overflow in SSSE3 scaler
CVE-2018-12363: Use-after-free when appending DOM nodes
CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins
CVE-2018-12365: Compromised IPC child process can list local filenames
CVE-2018-12366: Invalid data handling during QCMS transformations
CVE-2018-12374: Using form to exfiltrate encrypted mail part by pressing
enter in form field
CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1,
Firefox ESR 52.9, and Thunderbird 52.9
* [83a9c9b] rebuild patch queue from patch-queue branch
As we have filtered more files out from the source we need to modify the
list of tests we won't to built while built the source too so a small
adjustment on that.
Also fixing some spelling issues which Lintian has found.
modified patches:
debian-hacks/Don-t-build-testing-suites-and-stuff.patch
porting-alpha/fix-FTBFS-on-alpha.patch
porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch
porting-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-Hurd.patch
renamed patches:
Allow-to-override-ICU_DATA_FILE-from-the-environment.patch ->
Allow-one-to-override-ICU_DATA_FILE-from-the-environment.patch
fix-function-nsMsgComposeAndSend-to-to-respect-Replo.patch ->
fix-function-nsMsgComposeAndSend-to-respect-ReploToSend.patch
* [d5254e2] Removed unneded lintian override about brace expansion
thunderbird (1:52.8.0-1) unstable; urgency=high
.
[ intrigeri ]
* [4656ebf] AppArmor: update profile from upstream
(Closes: #882048, #882122)
.
[ Agustin Henze ]
* [840cbc8] apparmor: allow access to @{HOME}/.gnupg/tofu.db
(Closes: #894907)
.
[ Carsten Schoenert ]
* [514e9e8] New upstream version 52.8.0
Fixed CVE issues in upstream version 52.8 (MFSA 2018-13)
CVE-2018-5183: Backport critical security fixes in Skia
CVE-2018-5184: Full plaintext recovery in S/MIME via chosen-ciphertext
attack (aka Efail)
CVE-2018-5154: Use-after-free with SVG animations and clip paths
CVE-2018-5155: Use-after-free with SVG animations and text paths
CVE-2018-5159: Integer overflow and out-of-bounds write in Skia
CVE-2018-5161: Hang via malformed headers
CVE-2018-5162: Encrypted mail leaks plaintext through src attribute
(aka Efail)
CVE-2018-5170: Filename spoofing for external attachments
CVE-2018-5168: Lightweight themes can be installed without user
interaction
CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion
through legacy extension
CVE-2018-5185: Leaking plaintext through HTML forms (aka Efail)
CVE-2018-5150: Memory safety bugs fixed in Firefox 60, Firefox ESR 52.8,
and Thunderbird 52.8
(Closes: #898631)
* [7845229] ICU: don't build the Paragraph Layout library
Disable the build of the layout library in the internal ICU build as we
don't need this and can cause build issues.
* [e0a79fc] debian/control: increase Standards-Version to 4.1.4
No further changes needed.
tinc (1.0.31-1+deb9u1) stretch-security; urgency=high
.
* Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738).
* Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758).
tomcat-native (1.2.12-2+deb9u2) stretch; urgency=high
.
* Team upload.
* Fix CVE-2018-8019 and CVE-2018-8020.
When using an OCSP responder Tomcat Native did not correctly handle invalid
responses. This allowed for revoked client certificates to be incorrectly
identified. It was therefore possible for users to authenticate with
revoked certificates when using mutual TLS. Users not using OCSP checks are
not affected by this vulnerability.
tomcat8 (8.5.14-1+deb9u3) stretch-security; urgency=high
.
[ Emmanuel Bourg ]
* Fixed CVE-2018-1304: Security constraints mapped to context root are
ignored. The URL pattern of "" (the empty string) which exactly maps to the
context root was not correctly handled when used as part of a security
constraint definition. This caused the constraint to be ignored. It was,
therefore, possible for unauthorised users to gain access to web
application resources that should have been protected. Only security
constraints with a URL pattern of the empty string were affected.
* Fixed CVE-2018-1305: Security constraint annotations applied too late.
Security constraints defined by annotations of Servlets were only applied
once a Servlet had been loaded. Because security constraints defined in
this way apply to the URL pattern and any URLs below that point, it was
possible - depending on the order Servlets were loaded - for some security
constraints not to be applied. This could have exposed resources to users
who were not authorised to access them.
* Changed the Class-Path manifest entry of tomcat8-jasper.jar to use
the specification jars from libtomcat8-java instead of libservlet3.1-java
(Closes: #867247)
.
[ Markus Koschany ]
* Fix CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder
with supplementary characters can lead to an infinite loop in the decoder
causing a Denial of Service.
* Fix CVE-2018-8034: The host name verification when using TLS with the
WebSocket client was missing. It is now enabled by default.
* Fix CVE-2018-8037: If an async request was completed by the application at
the same time as the container triggered the async timeout, a race condition
existed that could result in a user seeing a response intended for a
different user. An additional issue was present in the NIO and NIO2
connectors that did not correctly track the closure of the connection when an
async request was completed by the application and timed out by the container
at the same time. This could also result in a user seeing a response intended
for another user.
tor (0.2.9.16-1) stretch; urgency=medium
.
* New upstream version, upload to stable (re: #903786).
- Directory authority changes.
tor (0.2.9.16-1~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
trafficserver (7.0.0-6+deb9u2) stretch-security; urgency=high
.
* Add patches for CVE-2108-1318, CVE-2108-8004, CVE-2108-8005, CVE-2108-8040
* Fixes trafficserver-dev dependencies. Closes: #877457
tzdata (2018g-0+deb9u1) stretch; urgency=medium
.
* New upstream version, affecting the following future timestamp:
- Morocco switches to permanent +01 on 2018-10-27.
tzdata (2018f-1) unstable; urgency=medium
.
* New upstream version, affecting the following future timestamp:
- Volgograd moves from +03 to +04 on 2018-10-28.
- Fiji ends DST 2019-01-13, not 2019-01-20.
- Most of Chile changes DST dates, effective 2019-04-06.
* Update French debconf translation, by Baptiste Jammet. Closes:
#903425.
* Drop debian/source/options.
* Set Rules-Requires-Root: no.
* debian/control: Update Standards-Version to 4.2.1.
tzdata (2018f-0+deb9u1) stretch; urgency=medium
.
* New upstream version, affecting the following future timestamp:
- Volgograd moves from +03 to +04 on 2018-10-28.
- Fiji ends DST 2019-01-13, not 2019-01-20.
- Most of Chile changes DST dates, effective 2019-04-06.
tzdata (2018e-1) unstable; urgency=medium
.
[ Aurelien Jarno ]
* New upstream version, affecting the following future timestamp:
- North Korea switches back to +09 on 2018-05-05.
ublock-origin (1.16.14+dfsg-2~deb9u1) stretch; urgency=medium
.
* Rebuild for Stretch.
ublock-origin (1.16.14+dfsg-1) unstable; urgency=medium
.
* New upstream version 1.16.14+dfsg-1.
* Add myself to Uploaders and remove Sean Whitton at his own request.
(Closes: #877041)
* Drop 0005-Fix-application-id.patch. Fixed upstream. Thanks to Laurent
Bigonville for the previous fix.
* Suggest ublock-origin-doc package. (Closes: #880533)
* Install the transition script ublock_migration.sh into
/usr/share/doc/webext-ublock-origin. Add a NEWS file and explain how users
can transition their data from the XUL extension to the new webext.
Thanks to david s for providing the script! (Closes: #877040)
* Declare compliance with Debian Policy 4.2.0.
ublock-origin (1.16.14+dfsg-1~deb9u1) stretch; urgency=medium
.
* Rebuild for Stretch.
* The XUL extension is no longer compatible with Firefox 60. Backport the new
WebExtension and restore functionality.
ublock-origin (1.16.6+dfsg-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Fix the incorrect value for applications.gecko.id in
platform/webext/manifest.json, this makes the extension work again with
firefox (Closes: #899365)
ublock-origin (1.16.6+dfsg-1) unstable; urgency=medium
.
[ Sean Whitton ]
* Build and install webextension in new binary package webext-ublock-
origin.
.
[ Michael Meskes ]
* New upstream version.
* Switch to webext package
* Updated VCS information.
* Bumped standards and debhelper version
ublock-origin (1.13.8+dfsg-1) unstable; urgency=medium
.
* New upstream release.
* Refresh 0004-patch-README-for-Debian.patch
ublock-origin (1.13.6+dfsg-1) unstable; urgency=medium
.
* New upstream release.
* Refresh patches.
ublock-origin (1.12.4+dfsg-1) unstable; urgency=medium
.
* New upstream release.
* Bump standards version to 4.0.0 (no changes required).
* Refresh 0001-Disable-nonfree-filters-by-default.patch.
.
ublock-origin (1.11.4+dfsg-2) experimental; urgency=high
.
* Add missing Breaks/Replaces of ublock-origin-doc (Closes: #859569).
Thanks Andreas Beckmann for reporting this error.
.
ublock-origin (1.11.4+dfsg-1) experimental; urgency=medium
.
* New upstream release.
* Move larger media files to new -doc package (Closes: #857797).
* Build the Chromium extension (Closes: #858526).
Thanks to James McCoy for the patch.
- New binary package: chromium-ublock-origin.
- Update 0003-patch-make-assets.sh-for-Debian.patch.
* Extend 0001-Disable-nonfree-filters-by-default.patch to apply to new
file assets/assets.json.
* Refresh other patches.
* Bump debhelper compat & build-dep to 10.
ublock-origin (1.11.4+dfsg-2) experimental; urgency=high
.
* Add missing Breaks/Replaces of ublock-origin-doc (Closes: #859569).
Thanks Andreas Beckmann for reporting this error.
ublock-origin (1.11.4+dfsg-1) experimental; urgency=medium
.
* New upstream release.
* Move larger media files to new -doc package (Closes: #857797).
* Build the Chromium extension (Closes: #858526).
Thanks to James McCoy for the patch.
- New binary package: chromium-ublock-origin.
- Update 0003-patch-make-assets.sh-for-Debian.patch.
* Extend 0001-Disable-nonfree-filters-by-default.patch to apply to new
file assets/assets.json.
* Refresh other patches.
* Bump debhelper compat & build-dep to 10.
unbound (1.6.0-3+deb9u2) stretch; urgency=high
.
* Cherry-pick upstream commit svn r4441, "patch for CVE-2017-15105:
vulnerability in the processing of wildcard synthesized NSEC records."
* Cherry-pick upstream commit svn r4528, "Added tests with wildcard
expanded NSEC records (CVE-2017-15105 test)".
vagrant (1.9.1+dfsg-1+deb9u2) stretch; urgency=medium
.
* Backport support for VirtualBox 5.2 (available in stretch-backports)
(Closes: #908826)
vim-syntastic (3.7.0-1+deb9u2) stretch-security; urgency=high
.
* Added missing functions to util.vim
vim-syntastic (3.7.0-1+deb9u1) stretch-security; urgency=high
.
* CVE-2018-11319 stretch backport
vlc (3.0.3-1-0+deb9u1) stretch-security; urgency=high
.
* New upstream bug fix release.
- mkv: Fix NULL pointer access. (CVE-2018-11529)
- Fix buffer over-read in avcodec audio encoding with non-default layouts.
* debian/control: Force libvlc5 to be upgraded. (Closes: #900979)
vlc (3.0.3-2) unstable; urgency=medium
.
* debian/patches: Fix build on riscv64 (Closes: #901577)
vlc (3.0.3-1) unstable; urgency=medium
.
* New upstream release.
vlc (3.0.2-1) unstable; urgency=medium
.
[ Felipe Sateler ]
* Change maintainer address to debian-multimedia@lists.debian.org
.
[ Sebastian Ramacher ]
* New upstream version.
* debian/rules: Install correct changelog.
* debian/control: Bump Standards-Version.
* debian/patches: Remove patched included upstream.
vmtk (1.3+dfsg-2.1+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* python-vmtk: Add the missing dependency on python-vtk6.
(Closes: #904763)
wesnoth-1.12 (1:1.12.6-1+deb9u1) stretch; urgency=low
.
* Security fix: disallow loading lua bytecode via load/dofile
(CVE-2018-1999023, closes: #912336)
wireshark (2.6.3-1~deb9u1) stretch-security; urgency=medium
.
* Rebuild for stretch
wireshark (2.6.2-2) unstable; urgency=medium
.
* Add missing autopkgtest dependencies (Closes: #904920)
* Use automatic xvfb server number in tests
* Add Lintian override for extra patch for backporting
wireshark (2.6.2-1) unstable; urgency=medium
.
* Fix shipping README.Debian (Closes: #903722)
* Drop unused 06_release-version.patch.
* Drop unused backport-to-qt4.patch.
* Refresh backport-to-old-gnutls.patch.
* Skip building users and developers guide on Trusty.
Asciidoctor does not accept --require option there and breaks the build
and people can read documentation on more recent releases if they wish to.
* Add autopkgtest for testing starting GUI.
* New upstream release
- release notes:
https://www.wireshark.org/docs/relnotes/wireshark-2.6.2.html
- security fixes:
- BGP dissector large loop (CVE-2018-14342)
- ISMP dissector crash (CVE-2018-14344)
- Multiple dissectors could crash (CVE-2018-14340)
- ASN.1 BER dissector crash (CVE-2018-14343)
- MMSE dissector infinite loop (CVE-2018-14339)
- DICOM dissector crash (CVE-2018-14341)
- Bazaar dissector infinite loop (CVE-2018-14368)
- HTTP2 dissector crash (CVE-2018-14369)
- CoAP dissector crash (CVE-2018-14367)
* Drop patches fixing shared library names, they are fixed upstream
* Refresh patches
* Update symbols files
wireshark (2.6.1-1) unstable; urgency=medium
.
[ Balint Reczey ]
* New upstream release
- release notes:
https://www.wireshark.org/docs/relnotes/wireshark-2.6.1.html
- security fixes (Closes: #900708):
- The LDSS dissector could crash. (CVE-2018-11362)
- The IEEE 1905.1a dissector could crash. (CVE-2018-11354)
- The RTCP dissector could crash. (CVE-2018-11355)
- Multiple dissectors could consume excessive memory. (CVE-2018-11357)
- The DNS dissector could crash. (CVE-2018-11356)
- The GSM A DTAP dissector could crash. (CVE-2018-11360)
- The Q.931 dissector could crash. (CVE-2018-11358)
- The IEEE 802.11 dissector could crash. (CVE-2018-11361)
- Multiple dissectors could crash. (CVE-2018-11359)
* debian/gbp.conf: describe repository layout
* Update Vcs-{Browser|Git} to point to Salsa
* Drop packaging changes for ipmap.html since it is also dropped upstream.
* Refresh patches.
* Switch to use asciidoctor instead of asciidoc
* Fix shared library symlink names.
* Update shared library package names and symbols files.
* Adjust packaging to upstream file name changes.
* Ship README.Debian in every binary package.
* Ship asn2deb and idl2deb documentation.
.
[ Peter Wu ]
* remove imagemagick build dependency and demote xdg-utils deps
xdg-utils is needed for xdg-open (opening websites) at runtime in GTK+,
but not for Qt nor during the build, remove it or mark it as optional.
* debian/rules: Skip installing icons and .desktop files.
They are now installed by CMake
.
[ Gerald Combs ]
* Transition from GeoIP Legacy to MaxMindDB.
MaxMind is discontinuing its legacy databases in April in favor of
GeoIP2, which use a newer database format (MaxMind DB). The reference C
library (libmaxminddb) is available under the Apache 2.0 license which
isn't quite compatible with ours.
.
[ Guy Harris ]
* Give more detailed information about capture permissions on Debian.
Indicate what you're supposed to do when running dpkg-reconfigure
wireshark-common, and indicate that you have to run it as root using
sudo.
Emphasize in README.Debian, and indicate in the permission failure
secondary message, that you have to add users to the "wireshark" group
after doing that, and that a user may have to log out and log in again
to make this change take effect.
wireshark (2.4.6-1) unstable; urgency=medium
.
[ Yuri Kozlov ]
* Updated Russian translation for debconf messages (Closes: #892902)
.
[ Balint Reczey ]
* New upstream release
- release notes:
https://www.wireshark.org/docs/relnotes/wireshark-2.4.6.html
- security fixes:
- The MP4 dissector could crash. (CVE-2018-9259)
- The ADB dissector could crash. (CVE-2018-9264)
- The IEEE 802.15.4 dissector could crash. ()
- The NBAP dissector could crash. (CVE-2018-9261)
- The VLAN dissector could crash. (CVE-2018-9262)
- The LWAPP dissector could crash. (CVE-2018-9256)
- The TCP dissector could crash. (CVE-2018-9258)
- The CQL dissector could to into an infinite loop. (CVE-2018-9257)
- The Kerberos dissector could crash. (CVE-2018-9263)
- Multiple dissectors and other modules could leak memory.
The TN3270 (CVE-2018-9265), ISUP (CVE-2018-9266),
LAPD (CVE-2018-9267), SMB2 (CVE-2018-9268),
GIOP (CVE-2018-9269), ASN.1 (CVE-2018-9270),
MIME multipart (CVE-2018-9271), H.223 (CVE-2018-9272),
and PCP (CVE-2018-9273) dissectors were susceptible along with
Wireshark (CVE-2018-9274) and TShark.
wireshark (2.4.5-1) unstable; urgency=medium
.
* New upstream release
- release notes:
https://www.wireshark.org/docs/relnotes/wireshark-2.4.5.html
- security fixes:
- The SIGCOMP dissector could crash (CVE-2018-7320, CVE-2018-7418)
- Multiple dissectors could go into large infinite loops.
All ASN.1 BER dissectors, along with the DICOM, DMP, LLTD, OpenFlow,
RELOAD, RPCoRDMA, RPKI-Router, S7COMM, SCCP, Thread, Thrift, USB,
and WCCP dissectors were susceptible. (CVE-2018-7321, CVE-2018-7322,
CVE-2018-7323, CVE-2018-7324, CVE-2018-7325, CVE-2018-7326,
CVE-2018-7327, CVE-2018-7328, CVE-2018-7329, CVE-2018-7330,
CVE-2018-7331, CVE-2018-7332, CVE-2018-7333)
- The UMTS MAC dissector could crash (CVE-2018-7334)
- The IEEE 802.11 dissector could crash (CVE-2018-7335)
- The FCP dissector could crash (CVE-2018-7336)
- The DOCSIS dissector could crash (CVE-2018-7337)
- The IPMI dissector could crash (CVE-2018-7417)
- The NBAP disssector could crash (CVE-2018-7419)
- The pcapng file parser could crash (CVE-2018-7420)
* Only recommend libjs-openlayers (Closes: #888744)
wireshark (2.4.4-1) unstable; urgency=medium
.
* New upstream release
- release notes:
https://www.wireshark.org/docs/relnotes/wireshark-2.4.4.html
- security fixes:
- Multiple dissectors could crash (CVE-2018-5336)
- The IxVeriWave file parser could crash (CVE-2018-5334)
- The WCP dissector could crash (CVE-2018-5335)
- Prior to this release dumpcap enabled the Linux kernel’s BPF JIT
compiler via the net.core.bpf_jit_enable sysctl. This could make
systems more vulnerable to Spectre variant 1 (CVE-2017-5753) and
this feature has been removed (Closes: #886619)
- There was a potential buffer underflow in File_read_line function
in epan/wslua/wslua_file.c file (CVE-2017-17935) (Closes: #885831)
* Update symbols files
* Fix dh_clean target in debian/rules
* Change wireshark-doc's priority to optional from extra following Policy
change
wireshark (2.4.3-1) unstable; urgency=medium
.
* Show version info instead of just "Git Rev Unknown from unknown"
* New upstream release
- release notes:
https://www.wireshark.org/docs/relnotes/wireshark-2.4.3.html
- security fixes:
- The IWARP_MPA dissector could crash (CVE-2017-17084)
- The NetBIOS dissector could crash (CVE-2017-17083)
Discovered by Kamil Frankowicz
- The CIP Safety dissector could crash (CVE-2017-17085)
wireshark (2.4.2-1) unstable; urgency=medium
.
[ Pedro Ribeiro ]
* Updated Portuguese translation for debconf messages (Closes: #874522)
.
[ Balint Reczey ]
* New upstream release
- release notes:
https://www.wireshark.org/docs/relnotes/wireshark-2.4.2.html
- security fixes:
- BT ATT dissector crash (CVE-2017-15192)
- MBIM dissector crash (CVE-2017-15193)
- DMP dissector crash (CVE-2017-15191)
- RTSP dissector crash (CVE-2017-15190)
- DOCSIS infinite loop (CVE-2017-15189)
[ Helge Kreutzmann ]
* Updated German translation for debconf messages (Closes: #877636)
.
[ Frans Spiesschaert ]
* Updated Dutch translation for debconf messages (Closes: #877244)
wireshark (2.4.1-1) unstable; urgency=medium
.
* New upstream release
- release notes:
https://www.wireshark.org/docs/relnotes/wireshark-2.4.1.html
- security fixes:
- MSDP dissector infinite loop (CVE-2017-13767)
- Profinet I/O buffer overrun (CVE-2017-13766)
- Modbus dissector crash (CVE-2017-13764)
- IrCOMM dissector buffer overrun (CVE-2017-13765)
* Refresh patches
* Drop 0001-Set-libwscodecs.so-s-version-to-1.1.0.patch which is now
integrated upstream
wireshark (2.4.0-1) unstable; urgency=medium
.
* Use debconf messages instead of "echo" in postinst/postrm (LP: #1687344)
* New upstream release
- release notes:
https://www.wireshark.org/docs/relnotes/wireshark-2.4.0.html
- security fixes:
- deeply nested DAAP data may cause stack exhaustion
(uncontrolled recursion) in the dissect_daap_one_tag function
(CVE-2017-9617) (Closes: #870174)
- PROFINET IO data with a high recursion depth allows remote
attackers to cause a denial of service (stack exhaustion)
in the dissect_IODWriteReq function. (CVE-2017-9766)
(Closes: #870175)
- the DOCSIS dissector could go into an infinite loop (CVE-2017-11406)
(Closes: #870172)
- the MQ dissector could crash (CVE-2017-11407) (Closes: #870172)
- the AMQP dissector could crash (CVE-2017-11408) (Closes: #870172)
- the WBXML dissector could go into an infinite loop, triggered
by packet injection or a malformed capture file (CVE-2017-11410)
(Closes: #870180)
- the openSAFETY dissector could crash or exhaust system memory
(CVE-2017-11411) (Closes: #870179)
* Update shared library package names to match new .so versions
* Refresh patches
* Drop workaround to use system's nghttp2 since upstream does not
ship the embedded copy anymore
* Add build-dependency on libparse-yapp-perl, liblz4-dev, libsnappy-dev,
libspandsp-dev, libxml2-dev and lynx to enable new upstream features
* Update PO files about debconf templates
wireshark (2.2.7-1) unstable; urgency=medium
.
[ Balint Reczey ]
* Convert d/copyright to machine readable format
* Download releases from GitHub excluding upstream's debian/ dir
* Use my @ubuntu.com email address in Maintainer field
* New upstream release
- release notes:
https://www.wireshark.org/docs/relnotes/wireshark-2.2.7.html
- security fixes (Closes: #864058):
- Bazaar dissector infinite loop (CVE-2017-9352)
- DOF dissector read overflow (CVE-2017-9348)
- DHCP dissector read overflow (CVE-2017-9351)
- SoulSeek dissector infinite loop (CVE-2017-9346)
- DNS dissector infinite loop (CVE-2017-9345)
- DICOM dissector infinite loop (CVE-2017-9349)
- openSAFETY dissector memory exhaustion (CVE-2017-9350)
- BT L2CAP dissector divide by zero (CVE-2017-9344)
- MSNIP dissector crash (CVE-2017-9343)
- ROS dissector crash (CVE-2017-9347)
- RGMP dissector crash (CVE-2017-9354)
- IPv6 dissector crash (CVE-2017-9353)
.
[ Alexander Gerasiov ]
* Fix pkg-config libdir (Closes: #857729)
wordpress (4.7.5+dfsg-2+deb9u4) stretch-security; urgency=high
.
* Backport security patch from 4.9.7 Closes: #902876
- CVE-2018-12895 Fix directory traversal in thumb parameter
wpa (2:2.4-1+deb9u2) stretch; urgency=high
.
* SECURITY UPDATE:
- CVE-2018-14526: Ignore unauthenticated encrypted EAPOL-Key data
(Closes: #905739)
x11vnc (0.9.13-2+deb9u1) stretch; urgency=medium
.
* Add two buffer overflow fixes from upstream. Closes: #851496, #859213.
xapian-core (1.4.3-2+deb9u2) stretch; urgency=medium
.
* fix-glass-cursor-bug.patch: Fix glass backend bug with long-lived cursors
on a table in a WritableDatabase which could incorrectly lead to
DatabaseCorruptError being thrown when the database was actually OK.
(Closes: #906007)
xen (4.8.4+xsa273+shim4.10.1+xsa273-1+deb9u10) stretch-security; urgency=medium
.
* Update to new upstream version 4.8.4+xsa273+shim4.10.1+xsa273.
XSA-273 (CVE-2018-3620,CVE-2018-3646)
XSA-272 (no CVE yet)
XSA-269 (no CVE yet)
XSA-268 (no CVE yet)
.
This version is, again, a combination of staging-4.8 and staging-4.10
for Xen and shim respectively as in previous versions.
xml-security-c (1.7.3-4+deb9u1) stretch-security; urgency=high
.
* [93b87c6] New patch: Default KeyInfo resolver doesn't check for empty
element content.
The Apache Santuario XML Security for C++ library contained a
number of code paths at risk of dereferencing null pointers when
processing various kinds of malformed KeyInfo hints typically found
in signed or encrypted XML. The usual effect is a crash, and in the
case of the Shibboleth SP software, a crash in the shibd daemon.
Upstream bug:
https://issues.apache.org/jira/projects/SANTUARIO/issues/SANTUARIO-491
CVE: not assigned yet
Thanks to Scott Cantor (Closes: #905332)
xmotd (1.17.3b-9+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* debian/patches/bugfix/fix-warnings-hardening-build.patch:
- Fix most compile time warnings and avoid crash with hardening
flags (acknowledgments to Christoph Pleger for the patch)
(Closes: #889740).
- Backported to stretch is a partial version of this patch
sufficient to fix the crash.
xorg-server (2:1.19.2-1+deb9u5) stretch; urgency=medium
.
* Cherry-pick c2954b16c (glx: do not pick sRGB config for 32-bit RGBA
visual) from upstream. Fixes various blending issues with kwin and
Mesa >= 18.0 (i.e. Mesa from stretch-backports) (Closes: #908601).
Thanks to Nicholas D Steeves and Robert Trebula for testing!
xorg-server (2:1.19.2-1+deb9u4) stretch-security; urgency=medium
.
* Disable -logfile and -modulepath when running with elevated privileges.
Addresses CVE-2018-14665.
xorg-server (2:1.19.2-1+deb9u3) stretch-security; urgency=high
.
* Disable -logfile when running with elevated privileges.
Addresses CVE-2018-14665.
znc (1.6.5-1+deb9u1) stretch-security; urgency=high
.
* Add patch 01-CVE-2018-14056 to fix a path traversal flaw as described in
CVE-2018-14056.
Closes: #903788
* Add patch 02-CVE-2018-14055 to fix a privilege escalation by injecting
rogue values in znc.conf as described in CVE-2018-14055.
Closes: #903787
zutils (1.5-5+deb9u1) stretch; urgency=medium
.
* Uploading to stretch.
* Adding patch from upstream to fix a buffer overrun in zcat
[CVE-2018-1000637] (Closes: #902936).
======================================
Sat, 14 Jul 2018 - Debian 9.5 released
======================================
=========================================================================
[Date: Sat, 14 Jul 2018 08:35:08 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
python-uniconvertor | 1.1.5-4 | source, amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
python-uniconvertor-dbg | 1.1.5-4 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
Closed bugs: 892749
------------------- Reason -------------------
RoQA; unusable due to missing (non-packaged) dependency
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 14 Jul 2018 08:36:24 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
singularity-container | 2.2-2 | source, amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
Closed bugs: 898154
------------------- Reason -------------------
RoST; unsupportable in a stable release
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 14 Jul 2018 08:37:25 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
libundertow-java | 1.4.8-1+deb9u1 | all
libundertow-java-doc | 1.4.8-1+deb9u1 | all
undertow | 1.4.8-1+deb9u1 | source
Closed bugs: 898188
------------------- Reason -------------------
RoM; unsupportable; several security issues; alternatives exist
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 14 Jul 2018 08:37:43 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
python-visionegg | 1.2.1-2 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
visionegg | 1.2.1-2 | source
Closed bugs: 902310
------------------- Reason -------------------
RoQA; unusable; requires no longer available numpy.oldnumeric
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 14 Jul 2018 08:37:57 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
mlbviewer | 2015.sf.1-2 | source, all
Closed bugs: 902346
------------------- Reason -------------------
RoQA; no longer works due to content provider changes in 2018
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 14 Jul 2018 08:39:54 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
libnet-whois-ripe-perl | 1.23-2 | source, all
Closed bugs: 896858
------------------- Reason -------------------
RoM; broken
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 14 Jul 2018 08:48:42 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
icedove | 1:52.3.0-4~deb9u1 | source
------------------- Reason -------------------
[auto-cruft] obsolete source package
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 14 Jul 2018 08:49:06 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
btrfs-modules-4.9.0-6-s390x-di | 4.9.88-1+deb9u1 | s390x
crc-modules-4.9.0-6-s390x-di | 4.9.88-1+deb9u1 | s390x
crypto-dm-modules-4.9.0-6-s390x-di | 4.9.88-1+deb9u1 | s390x
crypto-modules-4.9.0-6-s390x-di | 4.9.88-1+deb9u1 | s390x
dasd-extra-modules-4.9.0-6-s390x-di | 4.9.88-1+deb9u1 | s390x
dasd-modules-4.9.0-6-s390x-di | 4.9.88-1+deb9u1 | s390x
ext4-modules-4.9.0-6-s390x-di | 4.9.88-1+deb9u1 | s390x
fat-modules-4.9.0-6-s390x-di | 4.9.88-1+deb9u1 | s390x
fuse-modules-4.9.0-6-s390x-di | 4.9.88-1+deb9u1 | s390x
isofs-modules-4.9.0-6-s390x-di | 4.9.88-1+deb9u1 | s390x
kernel-image-4.9.0-6-s390x-di | 4.9.88-1+deb9u1 | s390x
linux-headers-4.9.0-6-all-s390x | 4.9.88-1+deb9u1 | s390x
linux-headers-4.9.0-6-s390x | 4.9.88-1+deb9u1 | s390x
linux-image-4.9.0-6-s390x | 4.9.88-1+deb9u1 | s390x
linux-image-4.9.0-6-s390x-dbg | 4.9.88-1+deb9u1 | s390x
loop-modules-4.9.0-6-s390x-di | 4.9.88-1+deb9u1 | s390x
md-modules-4.9.0-6-s390x-di | 4.9.88-1+deb9u1 | s390x
multipath-modules-4.9.0-6-s390x-di | 4.9.88-1+deb9u1 | s390x
nbd-modules-4.9.0-6-s390x-di | 4.9.88-1+deb9u1 | s390x
nic-modules-4.9.0-6-s390x-di | 4.9.88-1+deb9u1 | s390x
scsi-core-modules-4.9.0-6-s390x-di | 4.9.88-1+deb9u1 | s390x
scsi-modules-4.9.0-6-s390x-di | 4.9.88-1+deb9u1 | s390x
udf-modules-4.9.0-6-s390x-di | 4.9.88-1+deb9u1 | s390x
virtio-modules-4.9.0-6-s390x-di | 4.9.88-1+deb9u1 | s390x
xfs-modules-4.9.0-6-s390x-di | 4.9.88-1+deb9u1 | s390x
zlib-modules-4.9.0-6-s390x-di | 4.9.88-1+deb9u1 | s390x
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 14 Jul 2018 08:49:22 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
linux-headers-4.9.0-6-all-mipsel | 4.9.88-1+deb9u1 | mipsel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 14 Jul 2018 08:50:06 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
ata-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
btrfs-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
cdrom-core-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
crc-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
crypto-dm-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
crypto-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
event-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
ext4-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
fancontrol-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
fat-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
firewire-core-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
fuse-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
hypervisor-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
input-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
isofs-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
jfs-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
kernel-image-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
linux-headers-4.9.0-6-all-ppc64el | 4.9.88-1+deb9u1 | ppc64el
linux-headers-4.9.0-6-powerpc64le | 4.9.88-1+deb9u1 | ppc64el
linux-image-4.9.0-6-powerpc64le | 4.9.88-1+deb9u1 | ppc64el
linux-image-4.9.0-6-powerpc64le-dbg | 4.9.88-1+deb9u1 | ppc64el
loop-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
md-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
mouse-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
multipath-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
nbd-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
nic-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
nic-shared-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
ppp-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
sata-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
scsi-core-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
scsi-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
serial-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
squashfs-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
udf-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
uinput-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
usb-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
usb-serial-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
usb-storage-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
virtio-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
xfs-modules-4.9.0-6-powerpc64le-di | 4.9.88-1+deb9u1 | ppc64el
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 14 Jul 2018 08:50:43 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
acpi-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
ata-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
btrfs-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
cdrom-core-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
crc-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
crypto-dm-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
crypto-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
efi-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
event-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
ext4-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
fat-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
fb-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
firewire-core-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
fuse-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
hyperv-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
i2c-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
input-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
isofs-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
jfs-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
kernel-image-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
linux-headers-4.9.0-6-all-amd64 | 4.9.88-1+deb9u1 | amd64
linux-headers-4.9.0-6-amd64 | 4.9.88-1+deb9u1 | amd64
linux-headers-4.9.0-6-rt-amd64 | 4.9.88-1+deb9u1 | amd64
linux-image-4.9.0-6-amd64 | 4.9.88-1+deb9u1 | amd64
linux-image-4.9.0-6-amd64-dbg | 4.9.88-1+deb9u1 | amd64
linux-image-4.9.0-6-rt-amd64 | 4.9.88-1+deb9u1 | amd64
linux-image-4.9.0-6-rt-amd64-dbg | 4.9.88-1+deb9u1 | amd64
loop-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
md-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
mmc-core-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
mmc-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
mouse-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
multipath-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
nbd-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
nic-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
nic-pcmcia-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
nic-shared-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
nic-usb-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
nic-wireless-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
ntfs-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
pata-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
pcmcia-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
pcmcia-storage-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
ppp-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
sata-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
scsi-core-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
scsi-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
serial-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
sound-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
speakup-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
squashfs-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
udf-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
uinput-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
usb-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
usb-serial-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
usb-storage-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
virtio-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
xfs-modules-4.9.0-6-amd64-di | 4.9.88-1+deb9u1 | amd64
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 14 Jul 2018 08:51:06 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
linux-headers-4.9.0-6-all | 4.9.88-1+deb9u1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 14 Jul 2018 08:51:23 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
ata-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
btrfs-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
cdrom-core-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
crc-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
crypto-dm-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
crypto-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
efi-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
event-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
ext4-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
fat-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
fb-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
fuse-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
i2c-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
input-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
isofs-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
jfs-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
kernel-image-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
leds-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
linux-headers-4.9.0-6-all-arm64 | 4.9.88-1+deb9u1 | arm64
linux-headers-4.9.0-6-arm64 | 4.9.88-1+deb9u1 | arm64
linux-image-4.9.0-6-arm64 | 4.9.88-1+deb9u1 | arm64
linux-image-4.9.0-6-arm64-dbg | 4.9.88-1+deb9u1 | arm64
loop-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
md-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
mmc-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
multipath-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
nbd-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
nic-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
nic-shared-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
nic-usb-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
nic-wireless-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
ppp-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
sata-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
scsi-core-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
scsi-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
squashfs-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
udf-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
uinput-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
usb-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
usb-storage-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
virtio-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
xfs-modules-4.9.0-6-arm64-di | 4.9.88-1+deb9u1 | arm64
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 14 Jul 2018 08:51:38 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
btrfs-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
cdrom-core-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
crc-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
crypto-dm-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
crypto-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
event-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
ext4-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
fat-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
fb-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
fuse-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
input-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
ipv6-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
isofs-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
jffs2-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
jfs-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
kernel-image-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
leds-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
linux-headers-4.9.0-6-all-armel | 4.9.88-1+deb9u1 | armel
linux-headers-4.9.0-6-marvell | 4.9.88-1+deb9u1 | armel
linux-image-4.9.0-6-marvell | 4.9.88-1+deb9u1 | armel
linux-image-4.9.0-6-marvell-dbg | 4.9.88-1+deb9u1 | armel
loop-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
md-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
minix-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
mmc-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
mouse-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
mtd-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
multipath-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
nbd-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
nic-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
nic-shared-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
nic-usb-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
ppp-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
sata-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
scsi-core-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
squashfs-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
udf-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
uinput-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
usb-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
usb-serial-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
usb-storage-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
zlib-modules-4.9.0-6-marvell-di | 4.9.88-1+deb9u1 | armel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 14 Jul 2018 08:51:54 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
ata-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
btrfs-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
crc-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
crypto-dm-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
crypto-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
efi-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
event-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
ext4-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
fat-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
fb-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
fuse-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
i2c-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
input-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
isofs-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
jfs-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
kernel-image-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
leds-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
linux-headers-4.9.0-6-all-armhf | 4.9.88-1+deb9u1 | armhf
linux-headers-4.9.0-6-armmp | 4.9.88-1+deb9u1 | armhf
linux-headers-4.9.0-6-armmp-lpae | 4.9.88-1+deb9u1 | armhf
linux-image-4.9.0-6-armmp | 4.9.88-1+deb9u1 | armhf
linux-image-4.9.0-6-armmp-dbg | 4.9.88-1+deb9u1 | armhf
linux-image-4.9.0-6-armmp-lpae | 4.9.88-1+deb9u1 | armhf
linux-image-4.9.0-6-armmp-lpae-dbg | 4.9.88-1+deb9u1 | armhf
loop-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
md-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
mmc-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
mtd-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
multipath-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
nbd-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
nic-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
nic-shared-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
nic-usb-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
nic-wireless-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
pata-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
ppp-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
sata-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
scsi-core-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
scsi-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
squashfs-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
udf-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
uinput-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
usb-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
usb-storage-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
virtio-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
zlib-modules-4.9.0-6-armmp-di | 4.9.88-1+deb9u1 | armhf
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 14 Jul 2018 08:52:11 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
acpi-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
acpi-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
ata-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
ata-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
btrfs-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
btrfs-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
cdrom-core-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
cdrom-core-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
crc-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
crc-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
crypto-dm-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
crypto-dm-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
crypto-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
crypto-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
efi-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
efi-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
event-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
event-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
ext4-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
ext4-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
fat-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
fat-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
fb-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
fb-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
firewire-core-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
firewire-core-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
fuse-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
fuse-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
hyperv-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
hyperv-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
i2c-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
i2c-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
input-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
input-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
isofs-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
isofs-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
jfs-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
jfs-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
kernel-image-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
kernel-image-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
linux-headers-4.9.0-6-686 | 4.9.88-1+deb9u1 | i386
linux-headers-4.9.0-6-686-pae | 4.9.88-1+deb9u1 | i386
linux-headers-4.9.0-6-all-i386 | 4.9.88-1+deb9u1 | i386
linux-headers-4.9.0-6-rt-686-pae | 4.9.88-1+deb9u1 | i386
linux-image-4.9.0-6-686 | 4.9.88-1+deb9u1 | i386
linux-image-4.9.0-6-686-dbg | 4.9.88-1+deb9u1 | i386
linux-image-4.9.0-6-686-pae | 4.9.88-1+deb9u1 | i386
linux-image-4.9.0-6-686-pae-dbg | 4.9.88-1+deb9u1 | i386
linux-image-4.9.0-6-rt-686-pae | 4.9.88-1+deb9u1 | i386
linux-image-4.9.0-6-rt-686-pae-dbg | 4.9.88-1+deb9u1 | i386
loop-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
loop-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
md-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
md-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
mmc-core-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
mmc-core-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
mmc-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
mmc-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
mouse-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
mouse-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
multipath-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
multipath-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
nbd-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
nbd-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
nic-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
nic-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
nic-pcmcia-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
nic-pcmcia-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
nic-shared-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
nic-shared-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
nic-usb-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
nic-usb-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
nic-wireless-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
nic-wireless-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
ntfs-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
ntfs-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
pata-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
pata-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
pcmcia-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
pcmcia-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
pcmcia-storage-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
pcmcia-storage-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
ppp-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
ppp-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
sata-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
sata-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
scsi-core-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
scsi-core-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
scsi-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
scsi-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
serial-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
serial-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
sound-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
sound-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
speakup-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
speakup-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
squashfs-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
squashfs-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
udf-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
udf-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
uinput-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
uinput-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
usb-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
usb-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
usb-serial-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
usb-serial-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
usb-storage-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
usb-storage-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
virtio-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
virtio-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
xfs-modules-4.9.0-6-686-di | 4.9.88-1+deb9u1 | i386
xfs-modules-4.9.0-6-686-pae-di | 4.9.88-1+deb9u1 | i386
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 14 Jul 2018 08:52:25 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
linux-headers-4.9.0-6-all-mips | 4.9.88-1+deb9u1 | mips
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 14 Jul 2018 08:52:44 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
affs-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
btrfs-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
cdrom-core-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
crc-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
crypto-dm-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
crypto-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
event-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
ext4-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
fat-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
fuse-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
hfs-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
input-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
isofs-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
jfs-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
kernel-image-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
linux-headers-4.9.0-6-5kc-malta | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
linux-headers-4.9.0-6-octeon | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
linux-image-4.9.0-6-5kc-malta | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
linux-image-4.9.0-6-5kc-malta-dbg | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
linux-image-4.9.0-6-octeon | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
linux-image-4.9.0-6-octeon-dbg | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
loop-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
md-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
minix-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
multipath-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
nbd-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
nic-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
nic-shared-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
nic-usb-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
nic-wireless-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
ntfs-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
pata-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
ppp-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
rtc-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
sata-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
scsi-core-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
scsi-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
sound-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
squashfs-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
udf-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
usb-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
usb-serial-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
usb-storage-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
virtio-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
xfs-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
zlib-modules-4.9.0-6-octeon-di | 4.9.88-1+deb9u1 | mips, mips64el, mipsel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 14 Jul 2018 08:53:04 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
affs-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
ata-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
btrfs-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
cdrom-core-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
crc-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
crypto-dm-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
crypto-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
event-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
ext4-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
fat-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
fuse-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
hfs-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
i2c-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
input-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
isofs-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
jfs-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
kernel-image-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
linux-headers-4.9.0-6-4kc-malta | 4.9.88-1+deb9u1 | mips, mipsel
linux-image-4.9.0-6-4kc-malta | 4.9.88-1+deb9u1 | mips, mipsel
linux-image-4.9.0-6-4kc-malta-dbg | 4.9.88-1+deb9u1 | mips, mipsel
loop-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
md-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
minix-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
mmc-core-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
mmc-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
mouse-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
multipath-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
nbd-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
nic-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
nic-shared-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
nic-usb-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
nic-wireless-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
ntfs-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
pata-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
ppp-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
sata-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
scsi-core-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
scsi-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
sound-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
squashfs-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
udf-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
usb-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
usb-serial-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
usb-storage-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
virtio-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
xfs-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
zlib-modules-4.9.0-6-4kc-malta-di | 4.9.88-1+deb9u1 | mips, mipsel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 14 Jul 2018 08:53:28 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
affs-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
ata-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
btrfs-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
cdrom-core-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
crc-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
crypto-dm-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
crypto-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
event-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
ext4-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
fat-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
fuse-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
hfs-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
i2c-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
input-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
isofs-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
jfs-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
kernel-image-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
linux-headers-4.9.0-6-all-mips64el | 4.9.88-1+deb9u1 | mips64el
loop-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
md-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
minix-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
mmc-core-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
mmc-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
mouse-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
multipath-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
nbd-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
nic-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
nic-shared-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
nic-usb-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
nic-wireless-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
ntfs-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
pata-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
ppp-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
sata-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
scsi-core-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
scsi-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
sound-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
squashfs-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
udf-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
usb-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
usb-serial-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
usb-storage-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
virtio-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
xfs-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
zlib-modules-4.9.0-6-5kc-malta-di | 4.9.88-1+deb9u1 | mips64el
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 14 Jul 2018 08:53:44 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
affs-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
ata-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
btrfs-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
cdrom-core-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
crc-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
crypto-dm-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
crypto-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
event-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
ext4-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
fat-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
fb-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
firewire-core-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
fuse-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
hfs-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
input-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
isofs-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
jfs-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
kernel-image-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
linux-headers-4.9.0-6-loongson-3 | 4.9.88-1+deb9u1 | mips64el, mipsel
linux-image-4.9.0-6-loongson-3 | 4.9.88-1+deb9u1 | mips64el, mipsel
linux-image-4.9.0-6-loongson-3-dbg | 4.9.88-1+deb9u1 | mips64el, mipsel
loop-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
md-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
minix-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
multipath-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
nbd-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
nfs-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
nic-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
nic-shared-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
nic-usb-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
nic-wireless-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
ntfs-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
pata-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
ppp-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
sata-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
scsi-core-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
scsi-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
sound-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
speakup-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
squashfs-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
udf-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
usb-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
usb-serial-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
usb-storage-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
virtio-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
xfs-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
zlib-modules-4.9.0-6-loongson-3-di | 4.9.88-1+deb9u1 | mips64el, mipsel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 14 Jul 2018 08:55:07 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
libgldispatch0-nvidia | 375.82-1~deb9u1 | amd64, armhf, i386
libnvidia-egl-wayland | 375.82-1~deb9u1 | amd64, armhf, i386
libnvidia-ptxjitcompiler | 375.82-1~deb9u1 | amd64, armhf, i386
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by nvidia-graphics-drivers)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 14 Jul 2018 08:55:31 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
libstd-rust-1.14 | 1.14.0+dfsg1-3 | amd64
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by rustc)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 14 Jul 2018 08:55:49 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
libvlccore8 | 2.2.7-1~deb9u1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
vlc-plugin-sdl | 2.2.7-1~deb9u1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by vlc)
----------------------------------------------
=========================================================================
2ping (3.2.1-1+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Add the missing dependency on python-pkg-resources.
(Closes: #855972)
abiword (3.0.2-2+deb9u2) stretch; urgency=medium
.
* QA upload.
.
[ Simon Quigley ]
* Solve binary file conflict between abiword-dbgsym
and abiword-plugin-grammar-dbgsym (Closes: #868537).
adminer (4.2.5-3+deb9u1) stretch; urgency=high
.
* CVE-2018-7667: Adminer allowed unauthenticated connections to be initiated
to arbitrary systems and ports which could bypass external firewalls to
identify internal hosts and/or perform port scanning of other servers.
(Closes: #893668)
animals (201207131226-2+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Fix typo overwrite -> override in debian/rules that prevented the use of
correct file permissions and thus made the game unusable.
Thanks to Aaron Howell for the report. (Closes: #875547)
apache2 (2.4.25-3+deb9u5) stretch; urgency=medium
.
* Upgrade mod_http and mod_proxy_http2 to the versions from 2.4.33. This
fixes
- CVE-2018-1302: mod_http2: Potential crash w/ mod_http2
- Segfaults in mod_http2 (Closes: #873945)
- mod_http2 issue with option "Indexes" and directive "HeaderName"
(Closes: #850947)
Unfortunately, this also removes support for http2 when running on
mpm_prefork.
* mod_http2: Avoid high memory usage with large files, causing crashes on
32bit archs. Closes: #897218
* Make the apache-htcacheclean init script actually look into
/etc/default/apache-htcacheclean for its config. Closes: #898563
apache2 (2.4.25-3+deb9u4) stretch-security; urgency=medium
.
* CVE-2017-15710: mod_authnz_ldap: Out of bound write in mod_authnz_ldap
when using too small Accept-Language values.
* CVE-2017-15715: <FilesMatch> bypass with a trailing newline in the file
name.
Configure the regular expression engine to match '$' to the end of
the input string only, excluding matching the end of any embedded
newline characters. Behavior can be changed with new directive
'RegexDefaultOptions'.
* CVE-2018-1283: Tampering of mod_session data for CGI applications.
* CVE-2018-1301: Possible out of bound access after failure in reading the
HTTP request
* CVE-2018-1303: Possible out of bound read in mod_cache_socache
* CVE-2018-1312: mod_auth_digest: Weak Digest auth nonce generation
auto-complete-el (1.3.1-2+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Add upstream fix for emacs25. (Closes: #849240)
* Adjust the emacs dependencies to the emacs versions in stretch.
(Closes: #746982)
* Set auto-complete-el.emacsen-compat to silence installation warning.
awffull (3.10.2-4+deb9u1) stretch; urgency=medium
.
* QA upload.
* Don't use removed options in /etc/cron.daily/awffull,
thanks to Ludovic Rousseau. (Closes: #728362)
ax25-tools (0.0.10-rc4-1+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Add patch 02-ptsname-prototype.patch to fix segfault at runtime
- Closes: #878322
* Updated 01-spelling-fixes.patch to account for other spelling errors
base-files (9.9+deb9u5) stretch; urgency=medium
.
* Change /etc/debian_version to 9.5, for Debian 9.5 point release.
batik (1.8-4+deb9u1) stretch-security; urgency=high
.
* Team upload.
* Fix CVE-2017-5662: XXE information disclosure. (Closes: #860566)
* Fix CVE-2018-8013: information disclosure when deserializing a subclass of
AbstractDocument. (Closes: #899374)
beep (1.3-4+deb9u1) stretch-security; urgency=medium
.
* CVE-2018-0492
blktrace (1.1.0-2+deb9u1) stretch; urgency=high
.
* Fix buffer overflow in btt (CVE-2018-10689) (Closes: #897695)
bouncycastle (1.56-1+deb9u2) stretch-security; urgency=high
.
* Team upload.
* Fix CVE-2018-1000180. (Closes: #900843)
ca-certificates (20161130+nmu1+deb9u1) stretch; urgency=medium
.
* debian/ca-certificates.postinst:
Prevent postinst failure on read-only /usr/local. Closes: #843722
* debian/control:
Remove Christian Perrier from uploaders at his request. Closes: #894070
* mozilla/{certdata.txt,nssckbi.h}:
Update Mozilla certificate authority bundle to version 2.22.
Closes: #858064
The following certificate authorities were added (+):
+ "AC RAIZ FNMT-RCM"
+ "Amazon Root CA 1"
+ "Amazon Root CA 2"
+ "Amazon Root CA 3"
+ "Amazon Root CA 4"
+ "D-TRUST Root CA 3 2013"
+ "GDCA TrustAUTH R5 ROOT"
+ "LuxTrust Global Root 2"
+ "SSL.com EV Root Certification Authority ECC"
+ "SSL.com EV Root Certification Authority RSA R2"
+ "SSL.com Root Certification Authority ECC"
+ "SSL.com Root Certification Authority RSA"
+ "Symantec Class 1 Public Primary Certification Authority - G4"
+ "Symantec Class 1 Public Primary Certification Authority - G6"
+ "Symantec Class 2 Public Primary Certification Authority - G4"
+ "Symantec Class 2 Public Primary Certification Authority - G6"
+ "TrustCor ECA-1"
+ "TrustCor RootCert CA-1"
+ "TrustCor RootCert CA-2"
+ "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1"
The following certificate authorities were removed (-):
- "ACEDICOM Root"
- "AddTrust Public Services Root"
- "AddTrust Qualified Certificates Root"
- "ApplicationCA - Japanese Government"
- "Buypass Class 2 CA 1"
- "CA Disig Root R1"
- "Certinomis - Autorité Racine"
- "China Internet Network Information Center EV Certificates Root"
- "CNNIC ROOT"
- "Comodo Secure Services root"
- "Comodo Trusted Services root"
- "DST ACES CA X6"
- "EBG Elektronik Sertifika Hizmet Saglayicisi"
- "Equifax Secure CA"
- "Equifax Secure eBusiness CA 1"
- "Equifax Secure Global eBusiness CA"
- "GeoTrust Global CA 2"
- "IGC/A"
- "Juur-SK"
- "Microsec e-Szigno Root CA"
- "PSCProcert"
- "Root CA Generalitat Valenciana"
- "RSA Security 2048 v3"
- "Security Communication EV RootCA1"
- "S-TRUST Authentication and Encryption Root CA 2005 PN"
- "Swisscom Root CA 1"
- "Swisscom Root EV CA 2"
- "TUBITAK UEKAE Kok Sertifika Hizmet Saglayicisi - Surum 3"
- "TURKTRUST Certificate Services Provider Root 2007"
- "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6"
- "UTN USERFirst Hardware Root CA"
- "Verisign Class 1 Public Primary Certification Authority"
- "Verisign Class 2 Public Primary Certification Authority - G2"
- "Verisign Class 3 Public Primary Certification Authority"
- "WellsSecure Public Root Certificate Authority"
camo (2.3.0+dfsg-1.1~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
camo (2.3.0+dfsg-1.1) unstable; urgency=high
.
* Non-maintainer upload.
* Add the missing dependency on openssl. (Closes: #864620)
cffi (1:0.18.0-1+deb9u1) stretch; urgency=medium
.
* Add missing files for cffi-libffi and cffi-toolchain. (Closes: #894543)
* Add missing Depends on gcc (for cffi-toolchain), pkg-config and
libc6-dev | libc-dev (for cffi-grovel) and libffi-dev (for
cffi-libffi).
check-postgres (2.22.0-2+deb9u1) stretch; urgency=high
.
* PostgreSQL 9.6.8 changes pg_get_indexdef() to always include the schema
name. Cope with that in the testsuite. Closes: #897523.
chromium-browser (63.0.3239.84-1~deb9u1) stretch-security; urgency=medium
.
* New upstream stable release.
- CVE-2017-15407: Out of bounds write in QUIC. Reported by Ned Williamson
- CVE-2017-15408: Heap buffer overflow in PDFium. Reported by Ke Liu
- CVE-2017-15409: Out of bounds write in Skia. Reported by Anonymous
- CVE-2017-15410: Use after free in PDFium. Reported by Luáºt Nguyá»…n
- CVE-2017-15411: Use after free in PDFium. Reported by Luáºt Nguyá»…n
- CVE-2017-15413: Type confusion in WebAssembly. Reported by Gaurav Dewan
- CVE-2017-15415: Pointer information disclosure in IPC call. Reported by
Viktor Brange
- CVE-2017-15416: Out of bounds read in Blink. Reported by Ned Williamson
- CVE-2017-15417: Cross origin information disclosure in Skia . Reported by
Max May
- CVE-2017-15418: Use of uninitialized value in Skia. Reported by Kushal
Arvind Shah
- CVE-2017-15419: Cross origin leak of redirect URL in Blink. Reported by
Jun Kokatsu
- CVE-2017-15420: URL spoofing in Omnibox. Reported by WenXu Wu
- CVE-2017-15423: Issue with SPAKE implementation in BoringSSL. Reported by
Greg Hudson
- CVE-2017-15424: URL Spoof in Omnibox. Reported by Khalil Zhani
- CVE-2017-15425: URL Spoof in Omnibox. Reported by xisigr
- CVE-2017-15426: URL Spoof in Omnibox. Reported by WenXu Wu
- CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox. Reported
by Junaid Farhan
chromium-browser (63.0.3239.40-1) experimental; urgency=medium
.
* New upstream beta release.
* Disable chromium signin feature.
* Fix error in icon installation script.
* Update to the latest standards version.
* Indicate that the package can be built without root.
chromium-browser (63.0.3239.30-1) experimental; urgency=medium
.
* New upstream beta release.
* Install 16 and 32 pixel png icon files (closes: #857071).
* Improve description for --temp-profile (closes: #881040).
* Document Debian bug reports in the manpage (closes: #880965).
* Stricter breaks/replaces to support security uploads (closes: #877970).
chromium-browser (62.0.3202.89-1) unstable; urgency=medium
.
* New upstream security release.
- CVE-2017-15398: Stack buffer overflow in QUIC. Reported by Ned
Williamson
- CVE-2017-15399: Use after free in V8. Reported by Zhao Qixun
* Revert new dependency on gconf.
* Link against system lcms2 library (closes: #879153).
* Disable device notifications by default (closes: #856571).
* Remove icon extension from the desktop file (closes: #860256).
clamav (0.100.0+dfsg-0+deb9u2) stretch; urgency=medium
.
* Don't fail on recently removed config options (Closes: #902290).
clamav (0.100.0+dfsg-0+deb9u1) stretch; urgency=medium
.
[ Sebastian Andrzej Siewior ]
* New upstream release.
- remove various documentation files including Changelog from the file
list because they are no longer included in upstream archive.
- update symbol file
* Don't replace config file with sample config after debconf gets disabled
(in milter and daemon (Closes: #870253).
* Add bytecode.c(l|v)d to log clamav-freshclam.logcheck.ignore.server. Patch
by Václav OvsÃk <vaclav.ovsik@gmail.com> (Closes: #868766).
* Disable the freshclam service if changed to `manual' mode so it does not
start again after system reboot with systemd (Closes: #881780).
* Drop "demime = *" from Debian.README for clamav, this option is deprecated
and will be removed from exim (Closes: #881634).
* Point Vcs-* tags to salsa.
.
[ Scott Kitterman ]
* Update README.Debian to describe how to disable apparmor for clamav-daemon
and clamav-freshclam (Closes: #884707)
clamav (0.100.0+dfsg-0+deb8u1) jessie; urgency=medium
.
[ Sebastian Andrzej Siewior ]
* New upstream release.
- remove various documentation files including Changelog from the file
list because they are no longer included in upstream archive.
- update symbol file
* Don't replace config file with sample config after debconf gets disabled
(in milter and daemon (Closes: #870253).
* Add bytecode.c(l|v)d to log clamav-freshclam.logcheck.ignore.server. Patch
by Václav OvsÃk <vaclav.ovsik@gmail.com> (Closes: #868766).
* Disable the freshclam service if changed to `manual' mode so it does not
start again after system reboot with systemd (Closes: #881780).
* Drop "demime = *" from Debian.README for clamav, this option is deprecated
and will be removed from exim (Closes: #881634).
* Point Vcs-* tags to salsa.
.
[ Scott Kitterman ]
* Update README.Debian to describe how to disable apparmor for clamav-daemon
and clamav-freshclam (Closes: #884707)
clamav (0.100.0~beta+dfsg-2) unstable; urgency=medium
.
* Switch to pcre2 which is newer (Closes: #891195).
* Cherry pick patches referenced in bb#11973 and bb#11980 to fix
CVE-2018-0202.
* Use compat level 11.
clamav (0.100.0~beta+dfsg-1) unstable; urgency=medium
.
[ Scott Kitterman ]
* Only create clamav user during clamav-base install if it does not exist
(LP: #121872)
- Thanks to Shane Williams for the patch
* Add lintian override for clamav-freshclam: duplicate-updaterc.d-calls-in-
postinst clamav-freshclam
* New upstream beta release
* Bump standards-version to 4.1.3 without further change
* Update README.Debian to describe how to disable apparmor for clamav-daemon
and clamav-freshclam (Closes: #884707)
.
[ Sebastian Andrzej Siewior ]
* Point Vcs-* tags to salsa.
clustershell (1.7.3-2~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
clustershell (1.7.3-2) unstable; urgency=medium
.
* Add dependency python-pkg-resources (closes: Bug#870359)
* Debian policy 4.0.1, no changes required
corosync (2.4.2-3+deb9u1) stretch-security; urgency=high
.
* [c2ee7ce] New patch fixing CVE-2018-1084: integer overflow in
exec/totemcrypto.c.
An integer overflow leading to an out-of-bound read was found in
authenticate_nss_2_3() in Corosync. An attacker could craft a malicious
packet that would lead to a denial of service.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1084
Thanks to Jan Friesse
* [cfd0189] New patches fixing other vulnerabilities similar to CVE-2018-1084.
The msgio patch fixes a real problem when message length > 2^31, which
can't be mitigated by enabling encryption of the Corosync traffic.
The other patches fix buffer overflows resulting in stack corruption
and uses of unallocated memory; these can be mitigated by encryption.
* [2ce17dc] The security patches introduced a new symbol
corosync (2.4.2-3+deb9u1~bpo8+1) jessie-backports; urgency=high
.
* Rebuild for jessie-backports.
* [e44e00f] --restart-after-upgrade instead of stop in prerm and start in
postinst.
The previous stable security upgrade resulted in user complaints about
Pacemaker remaining stopped after the Corosync upgrade. This is what
systemd does with dependent services on stop+start. We can afford doing
a restart instead, which behaves more like users expect.
WARNING: on this upgrade the old prerm will still stop Corosync (and
consequently: its dependencies!) for one last time. Pure restart
behavior becomes effective for the forthcoming upgrades only.
(Closes: #887563)
.
corosync (2.4.2-3+deb9u1) stretch-security; urgency=high
.
* [c2ee7ce] New patch fixing CVE-2018-1084: integer overflow in
exec/totemcrypto.c.
An integer overflow leading to an out-of-bound read was found in
authenticate_nss_2_3() in Corosync. An attacker could craft a malicious
packet that would lead to a denial of service.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1084
Thanks to Jan Friesse
* [cfd0189] New patches fixing other vulnerabilities similar to CVE-2018-1084.
The msgio patch fixes a real problem when message length > 2^31, which
can't be mitigated by enabling encryption of the Corosync traffic.
The other patches fix buffer overflows resulting in stack corruption
and uses of unallocated memory; these can be mitigated by encryption.
* [2ce17dc] The security patches introduced a new symbol
curl (7.52.1-5+deb9u6) stretch-security; urgency=high
.
* Fix heap buffer over-read when parsing bad RTSP headers
as per CVE-2018-1000301
https://curl.haxx.se/docs/adv_2018-b138.html
curl (7.52.1-5+deb9u5) stretch-security; urgency=high
.
* Fix NIL byte out of bounds write due to FTP path trickery
as per CVE-2018-1000120
https://curl.haxx.se/docs/adv_2018-9cd6.html
* Fix LDAP NULL pointer dereference as per CVE-2018-1000121
https://curl.haxx.se/docs/adv_2018-97a2.html
* Fix RTSP RTP buffer over-read as per CVE-2018-1000122
https://curl.haxx.se/docs/adv_2018-b047.html
debian-installer (20170615+deb9u4) stretch; urgency=medium
.
* Bump Linux kernel version from 4.9.0-6 to 4.9.0-7.
debian-installer-netboot-images (20170615+deb9u4) stretch; urgency=medium
.
* Update to 20170615+deb9u4 images, from stretch-proposed-updates
* Set DISTRIBUTION_FALLBACK to stretch in debian/rules, and attempt a
build against this distribution instead of stretch-proposed-updates if
the first build against the latter doesn't succeed. This should fix
the FTBFS within stretch once the point release has happened, as d-i
disappears from s-p-u (Closes: #902226). With thanks to Santiago Vila
for the initial report.
* Make get-images.sh clean up temporary files on error and not only on
exit, to make sure they don't interfere with a later attempt against a
different distribution (see above).
debian-security-support (2018.01.29~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch
.
debian-security-support (2018.01.29) unstable; urgency=medium
.
[ Markus Koschany ]
* Add teamspeak to security-support-ended.deb7
* Add libstruts1.2-java to security-support-ended.deb7.
* Add nvidia-graphics-drivers to security-support-ended.deb7.
Non-free is not supported
* Add glassfish to security-support-ended.deb7
* Mark jbossas4 as end-of-life in Wheezy.
* Mark jasperreports as unsupported in Wheezy.
No sponsor users it. Targeted fixes not possible because detailed
information about the vulnerabilities and their solution (patches) is not
available.
.
[ Salvatore Bonaccorso ]
* Mark chromium-browser as end-of-life for Debian 8 (Jessie)
.
[ Raphaël Hertzog ]
* Mark libnet-ping-external-perl as unsupported in wheezy.
* Mark mp3gain as unsupported in wheezy.
.
[ Emilio Pozuelo Monfort ]
* Mark tor as unsupported in wheezy.
.
[ Guido Günther ]
* Add swftools to security support limited
swftools is orphaned (#885088) and the security tracker is currently
counting 25 open CVEs. It is a useful tool with trusted content though.
* Bump standards version to 4.1.3.
No changes needed
* Bump debhelper compat level to 9 which is available in oldoldstable
(wheezy).
debian-security-support (2018.01.29~deb8u1) oldstable-proposed-updates; urgency=medium
.
* Rebuild for jessie
dehydrated (0.3.1-3+deb9u2) stretch; urgency=medium
.
* Add patch from upstream to follow redirects on HTTP GET.
This fixes an error when creating the fullchain.pem after the LE API
introduced a new redirect. Closes: #892723
dehydrated (0.3.1-3+deb9u2~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
.
dehydrated (0.3.1-3+deb9u2) stretch; urgency=medium
.
* Add patch from upstream to follow redirects on HTTP GET.
This fixes an error when creating the fullchain.pem after the LE API
introduced a new redirect. Closes: #892723
devscripts (2.17.6+deb9u2) stretch; urgency=medium
.
[ Osamu Aoki ]
* uscan:
+ Fix the new package version regex for filenamemangle. Closes: #869150
.
[ Cyril Brulebois ]
* debsign: Fix bash completion by using file extensions instead of
using globs. Closes: #877440
.
[ Mattia Rizzolo ]
* bts:
+ Add the new 'ftbfs' tag to the list of known tags. Closes: #900963
* debchange:
+ Update the manpage to mention that --bpo now targets stretch-backports,
not jessie-backports. Closes: #877877
* uscan:
+ Apply patch from Stephen Kitt <skitt@debian.org> to support https in the
sf.net special redirector. Closes: #879207
* test/uscan_mangle:
+ Use a real newline instead of embedding \n in a shell variable, which
isn't portable between dash and bash, fixing FTBFS in systems using bash
as /bin/sh.
* debian/control:
+ Change maintainer email from alioth to devscripts@packages.debian.org.
+ Move the Git repository to salsa.debian.org.
.
[ Christoph Berg ]
* debcheckout:
+ Support salsa.debian.org.
.
[ Adam D. Barratt ]
* debdiff:
+ Sort shlibs files before comparing. The order of entries is not
significant.
.
[ Lev Lazinskiy ]
* uscan:
+ Handle --copy argument. Closes: #895209; MR !22
disc-cover (1.5.6-2+deb9u1) stretch; urgency=medium
.
* QA upload.
* Fix perl error when running disc-cover,
thanks to Frédéric Boiteux. (Closes: #879961)
discover (2.1.2-7.1+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Use correct type for the length parameter of the getline() call,
thanks to Anatoly Borodin and Simon Quigley for writing and for
forwarding the patch (Closes: #876388, LP: #1718687).
django-xmlrpc (0.1.5-6+deb9u1) stretch; urgency=medium
.
[ Andreas Beckmann ]
* Non-maintainer upload.
* Backport fix from 0.1.7-1 to stretch.
.
[ Brian May ]
* Fix Python 3 depends. Closes: #867403.
dosbox (0.74-4.2+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload:
* Fix crashes with core=dynamic (Closes: #857341)
dpdk (16.11.6-1+deb9u1) stretch; urgency=medium
.
* Merge stable update to 16.11.5; For a list of changes see
http://dpdk.org/ml/archives/announce/2018-March/000180.html
* Merge stable update to 16.11.6; For a list of changes see
https://dpdk.org/doc/guides-16.11/rel_notes/release_16_11.html
* Fixes CVE-2018-1059 (Closes: #896688).
* Drop patches merged upstream in 16.11.6.
dpkg (1.18.25) stretch; urgency=medium
.
[ Guillem Jover ]
* Parse start-stop-daemon usernames and groupnames starting with digits in
-u and -c correctly. Reported by Bodo Eggert <7eggert@online.de>.
* Always use the binary version for the .buildinfo filename in
dpkg-genbuildinfo. Reported by Raphaël Hertzog <hertzog@debian.org>.
Closes: #869236
* Fix integer overflow in deb(5) format version parser.
Closes: #868356
* Fix directory traversal with dpkg-deb --raw-extract, by guaranteeing
that the DEBIAN pathname does not exist. Closes: #879982
Reported by Jakub Wilk <jwilk@jwilk.net>.
* Do not try to recompute hashes for the .dsc file when signing binary-only
builds in dpkg-buildpackage. Reported by Ximin Luo <infinity0@debian.org>.
* Architecture support:
- Add support for riscv64 CPU. Closes: #822914
Thanks to Manuel A. Fernandez Montecelo <mafm@debian.org>
* Perl modules:
- Do not normalize args past a passthrough stop word in Dpkg::Getopt.
Some commands pass some arguments through to another command, and
those must not be normalized as that might break their invocation.
Reported by Helmut Grohne <helmut@subdivi.de>.
* Documentation:
- Update buildinfo information in dpkg-buildpackage man page to match
the current implementation.
- Use correct name for archname validator value in dpkg(1) man page.
Reported by Niels Thykier <niels@thykier.net.
- Update git URLs for move away from alioth.debian.org.
* Packaging:
- Add versioned Build-Depends on tar, due to the --clamp-mtime option
being used in Dpkg::Source::Archive which is used by dpkg-source,
used by the test suite. Closes: #877330
.
[ Updated programs translations ]
* Dutch (Frans Spiesschaert).
* German (Sven Joachim).
* Italian (Pietro Battiston, Milo Casagrande).
* Portuguese (Miguel Figueiredo).
* Simplified Chinese (Zhou Mo, Boyuan Yang).
* Spanish (Javier Fernandez-Sanguino).
* Turkish (Mert Dirik).
.
[ Updated man pages translations ]
* Dutch (Frans Spiesschaert).
* German (Helge Kreutzmann).
dput-ng (1.13+deb9u1) stretch; urgency=medium
.
[ Mattia Rizzolo ]
* Add jessie-backports-sloppy and stretch-backports targets. Closes: #878665
* Include 'testing' in the rm-managed suites.
* Fix some spelling errors in the manpages.
* Change the mentors.debian.net upload queue to the new recommended one.
* Move the git repository to salsa.debian.org.
* Add "oldstable" to the "protected distributions". Closes: #742136
* Change Maintainer email address to dput-ng@packages.debian.org.
Closes: #899487
.
[ James Clarke ]
* Add ports-master profile. Closes: #855154
.
[ Stephan Sürken ]
* dput/uploaders/ftp.py: Parse and use optional [:port] part for fqdn.
Closes: #814440
drupal7 (7.52-2+deb9u4) stretch-security; urgency=high
.
* Move repository from Alioth to Salsa; update Vcs-Git and Vcs-Browser
accordingly
* SA-CORE-2018-004: Fix remote code execution vulnerability (CVE-2018-
7602) (Closes: #896701)
drupal7 (7.52-2+deb9u3) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* SA-CORE-2018-002: Fix remote code execution vulnerability (CVE-2018-7600)
(Closes: #894259)
email2trac (2.10.0-2~deb9u1) stretch; urgency=medium
.
* QA upload.
* Rebuild for stretch.
.
email2trac (2.10.0-2) unstable; urgency=high
.
* QA upload.
* Set maintainer to Debian QA Group. (see #891353)
* Add upstream fix for Trac 1.2. (Closes: #858819)
* Install the upstream NOTICE.
exiv2 (0.25-3.1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2018-10958: denial of service through memory exhaustion and
application crash by a crafted PNG image.
* CVE-2018-10999: a heap-based buffer over-read via a crafted PNG image.
* CVE-2018-10998: denial of service through memory exhaustion and
application crash by a crafted image.
* CVE-2018-11531: a heap-based buffer overflow and application crash by a
crafted image.
* CVE-2018-12264: integer overflow leading to out of bounds read by a
crafted image. (Closes: #901707)
* CVE-2018-12265: integer overflow leading to out of bounds read by a
crafted image. (Closes: #901706)
faad2 (2.8.0~cvs20161113-1+deb9u1) stretch; urgency=high
.
* Non-maintainer upload.
* Fix CVE-2017-9218, CVE-2017-9219, CVE-2017-9220, CVE-2017-9221,
CVE-2017-9222, CVE-2017-9223, CVE-2017-9253, CVE-2017-9254, CVE-2017-9255,
CVE-2017-9256, CVE-2017-9257.
Various issues were discovered in faad2, a fast audio decoder, that could
cause a denial of service (large loop and CPU consumption) via a crafted
mp4 file. (Closes: #889915)
faker (0.7.7-2.1~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
faker (0.7.7-2.1) unstable; urgency=medium
.
* Non-maintainer upload.
* python-fake-factory: Add the missing dependency
on python-ipaddress. (Closes: #896403)
fastkml (0.11-2~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload with maintainer approval.
* Rebuild for stretch.
.
fastkml (0.11-2) unstable; urgency=medium
.
[ Ondřej Nový ]
* Fixed VCS URL (https)
.
[ Edward Betts ]
* debian/control: fix spelling mistake in description
* d/control: Set Vcs-* to salsa.debian.org
.
[ Sandro Tosi ]
* debian/control
- add pkg-resources to binary packages Depends; Closes: #896393, #896232
- bump Standards-Version to 4.1.4 (no changes needed)
* debian/copyright
- extend packaging copyright years
file (1:5.30-1+deb9u2) stable; urgency=high
.
* Avoid reading past the end of buffer. Closes: #901351
[CVE-2018-10360]
firefox-esr (52.9.0esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-17, also known as:
CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-5156,
CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366,
CVE-2018-12368, CVE-2018-5188.
.
* intl/icu_sources_data.py: Add --disable-layoutex when running ICU
configure. bz#1462859.
.
firefox-esr (52.8.1esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-14, also known as CVE-2018-6126.
.
* debian/control*: Update Maintainer and Vcs fields, moving off alioth.
Closes: #899509
.
firefox-esr (52.8.0esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-12, also known as
CVE-2018-5183, CVE-2018-5154, CVE-2018-5155, CVE-2018-5157,
CVE-2018-5158, CVE-2018-5159, CVE-2018-5168, CVE-2018-5178,
CVE-2018-5150.
.
firefox-esr (52.7.3esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-10, also known as CVE-2018-5148.
.
firefox-esr (52.7.2esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-08, also known as CVE-2018-5146, CVE-2018-5147.
.
firefox-esr (52.7.1esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-07, also known as
CVE-2018-5127, CVE-2018-5129, CVE-2018-5130, CVE-2018-5131,
CVE-2018-5144, CVE-2018-5125, CVE-2018-5145.
.
* intl/icu/source/i18n/digitlst.cpp: Apply part of
http://bugs.icu-project.org/trac/changeset/40603 to fix FTBFS with glibc
2.26 on big endian platforms.
firefox-esr (52.8.1esr-2) unstable; urgency=medium
.
* intl/icu_sources_data.py: Add --disable-layoutex when running ICU
configure. bz#1462859.
firefox-esr (52.8.1esr-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-14, also known as CVE-2018-6126.
.
* debian/control*: Update Maintainer and Vcs fields, moving off alioth.
Closes: #899509
firefox-esr (52.8.1esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-14, also known as CVE-2018-6126.
.
* debian/control*: Update Maintainer and Vcs fields, moving off alioth.
Closes: #899509
.
firefox-esr (52.8.0esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-12, also known as
CVE-2018-5183, CVE-2018-5154, CVE-2018-5155, CVE-2018-5157,
CVE-2018-5158, CVE-2018-5159, CVE-2018-5168, CVE-2018-5178,
CVE-2018-5150.
.
firefox-esr (52.7.3esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-10, also known as CVE-2018-5148.
.
firefox-esr (52.7.2esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-08, also known as CVE-2018-5146, CVE-2018-5147.
.
firefox-esr (52.7.1esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-07, also known as
CVE-2018-5127, CVE-2018-5129, CVE-2018-5130, CVE-2018-5131,
CVE-2018-5144, CVE-2018-5125, CVE-2018-5145.
.
* intl/icu/source/i18n/digitlst.cpp: Apply part of
http://bugs.icu-project.org/trac/changeset/40603 to fix FTBFS with glibc
2.26 on big endian platforms.
firefox-esr (52.8.1esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-14, also known as CVE-2018-6126.
.
* debian/control*: Update Maintainer and Vcs fields, moving off alioth.
Closes: #899509
.
firefox-esr (52.8.0esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-12, also known as
CVE-2018-5183, CVE-2018-5154, CVE-2018-5155, CVE-2018-5157,
CVE-2018-5158, CVE-2018-5159, CVE-2018-5168, CVE-2018-5178,
CVE-2018-5150.
.
firefox-esr (52.7.3esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-10, also known as CVE-2018-5148.
.
firefox-esr (52.7.2esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-08, also known as CVE-2018-5146, CVE-2018-5147.
.
firefox-esr (52.7.1esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-07, also known as
CVE-2018-5127, CVE-2018-5129, CVE-2018-5130, CVE-2018-5131,
CVE-2018-5144, CVE-2018-5125, CVE-2018-5145.
.
* intl/icu/source/i18n/digitlst.cpp: Apply part of
http://bugs.icu-project.org/trac/changeset/40603 to fix FTBFS with glibc
2.26 on big endian platforms.
.
firefox-esr (52.6.0esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-03, also known as
CVE-2018-5091, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097,
CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103,
CVE-2018-5104, CVE-2018-5117, CVE-2018-5089.
.
firefox-esr (52.5.2esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2017-28, also known as CVE-2017-7843.
firefox-esr (52.8.0esr-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-12, also known as
CVE-2018-5183, CVE-2018-5154, CVE-2018-5155, CVE-2018-5157,
CVE-2018-5158, CVE-2018-5159, CVE-2018-5168, CVE-2018-5178,
CVE-2018-5150.
firefox-esr (52.8.0esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-12, also known as
CVE-2018-5183, CVE-2018-5154, CVE-2018-5155, CVE-2018-5157,
CVE-2018-5158, CVE-2018-5159, CVE-2018-5168, CVE-2018-5178,
CVE-2018-5150.
.
firefox-esr (52.7.3esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-10, also known as CVE-2018-5148.
.
firefox-esr (52.7.2esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-08, also known as CVE-2018-5146, CVE-2018-5147.
.
firefox-esr (52.7.1esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-07, also known as
CVE-2018-5127, CVE-2018-5129, CVE-2018-5130, CVE-2018-5131,
CVE-2018-5144, CVE-2018-5125, CVE-2018-5145.
.
* intl/icu/source/i18n/digitlst.cpp: Apply part of
http://bugs.icu-project.org/trac/changeset/40603 to fix FTBFS with glibc
2.26 on big endian platforms.
firefox-esr (52.8.0esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-12, also known as
CVE-2018-5183, CVE-2018-5154, CVE-2018-5155, CVE-2018-5157,
CVE-2018-5158, CVE-2018-5159, CVE-2018-5168, CVE-2018-5178,
CVE-2018-5150.
.
firefox-esr (52.7.3esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-10, also known as CVE-2018-5148.
.
firefox-esr (52.7.2esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-08, also known as CVE-2018-5146, CVE-2018-5147.
.
firefox-esr (52.7.1esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-07, also known as
CVE-2018-5127, CVE-2018-5129, CVE-2018-5130, CVE-2018-5131,
CVE-2018-5144, CVE-2018-5125, CVE-2018-5145.
.
* intl/icu/source/i18n/digitlst.cpp: Apply part of
http://bugs.icu-project.org/trac/changeset/40603 to fix FTBFS with glibc
2.26 on big endian platforms.
.
firefox-esr (52.6.0esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-03, also known as
CVE-2018-5091, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097,
CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103,
CVE-2018-5104, CVE-2018-5117, CVE-2018-5089.
.
firefox-esr (52.5.2esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2017-28, also known as CVE-2017-7843.
firefox-esr (52.7.3esr-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-10, also known as CVE-2018-5148.
firefox-esr (52.7.3esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-10, also known as CVE-2018-5148.
.
firefox-esr (52.7.2esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-08, also known as CVE-2018-5146, CVE-2018-5147.
.
firefox-esr (52.7.1esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-07, also known as
CVE-2018-5127, CVE-2018-5129, CVE-2018-5130, CVE-2018-5131,
CVE-2018-5144, CVE-2018-5125, CVE-2018-5145.
.
* intl/icu/source/i18n/digitlst.cpp: Apply part of
http://bugs.icu-project.org/trac/changeset/40603 to fix FTBFS with glibc
2.26 on big endian platforms.
firefox-esr (52.7.3esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-10, also known as CVE-2018-5148.
.
firefox-esr (52.7.2esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-08, also known as CVE-2018-5146, CVE-2018-5147.
.
firefox-esr (52.7.1esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-07, also known as
CVE-2018-5127, CVE-2018-5129, CVE-2018-5130, CVE-2018-5131,
CVE-2018-5144, CVE-2018-5125, CVE-2018-5145.
.
* intl/icu/source/i18n/digitlst.cpp: Apply part of
http://bugs.icu-project.org/trac/changeset/40603 to fix FTBFS with glibc
2.26 on big endian platforms.
.
firefox-esr (52.6.0esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-03, also known as
CVE-2018-5091, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097,
CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103,
CVE-2018-5104, CVE-2018-5117, CVE-2018-5089.
.
firefox-esr (52.5.2esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2017-28, also known as CVE-2017-7843.
firefox-esr (52.7.2esr-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-08, also known as CVE-2018-5146, CVE-2018-5147.
firefox-esr (52.7.2esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-08, also known as CVE-2018-5146, CVE-2018-5147.
.
firefox-esr (52.7.1esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-07, also known as
CVE-2018-5127, CVE-2018-5129, CVE-2018-5130, CVE-2018-5131,
CVE-2018-5144, CVE-2018-5125, CVE-2018-5145.
.
* intl/icu/source/i18n/digitlst.cpp: Apply part of
http://bugs.icu-project.org/trac/changeset/40603 to fix FTBFS with glibc
2.26 on big endian platforms.
firefox-esr (52.7.2esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-08, also known as CVE-2018-5146, CVE-2018-5147.
.
firefox-esr (52.7.1esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-07, also known as
CVE-2018-5127, CVE-2018-5129, CVE-2018-5130, CVE-2018-5131,
CVE-2018-5144, CVE-2018-5125, CVE-2018-5145.
.
* intl/icu/source/i18n/digitlst.cpp: Apply part of
http://bugs.icu-project.org/trac/changeset/40603 to fix FTBFS with glibc
2.26 on big endian platforms.
.
firefox-esr (52.6.0esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-03, also known as
CVE-2018-5091, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097,
CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103,
CVE-2018-5104, CVE-2018-5117, CVE-2018-5089.
.
firefox-esr (52.5.2esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2017-28, also known as CVE-2017-7843.
firefox-esr (52.7.1esr-1) unstable; urgency=medium
.
* New upstream release.
- Fixes search engines in Italian locale.
firefox-esr (52.7.1esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-07, also known as
CVE-2018-5127, CVE-2018-5129, CVE-2018-5130, CVE-2018-5131,
CVE-2018-5144, CVE-2018-5125, CVE-2018-5145.
.
* intl/icu/source/i18n/digitlst.cpp: Apply part of
http://bugs.icu-project.org/trac/changeset/40603 to fix FTBFS with glibc
2.26 on big endian platforms.
firefox-esr (52.7.1esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-07, also known as
CVE-2018-5127, CVE-2018-5129, CVE-2018-5130, CVE-2018-5131,
CVE-2018-5144, CVE-2018-5125, CVE-2018-5145.
.
* intl/icu/source/i18n/digitlst.cpp: Apply part of
http://bugs.icu-project.org/trac/changeset/40603 to fix FTBFS with glibc
2.26 on big endian platforms.
.
firefox-esr (52.6.0esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-03, also known as
CVE-2018-5091, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097,
CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103,
CVE-2018-5104, CVE-2018-5117, CVE-2018-5089.
.
firefox-esr (52.5.2esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2017-28, also known as CVE-2017-7843.
firefox-esr (52.7.0esr-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-07, also known as
CVE-2018-5127, CVE-2018-5129, CVE-2018-5130, CVE-2018-5131,
CVE-2018-5144, CVE-2018-5125, CVE-2018-5145.
firefox-esr (52.7.0esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-07, also known as
CVE-2018-5127, CVE-2018-5129, CVE-2018-5130, CVE-2018-5131,
CVE-2018-5144, CVE-2018-5125, CVE-2018-5145.
.
* intl/icu/source/i18n/digitlst.cpp: Apply part of
http://bugs.icu-project.org/trac/changeset/40603 to fix FTBFS with glibc
2.26 on big endian platforms.
firefox-esr (52.7.0esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-07, also known as
CVE-2018-5127, CVE-2018-5129, CVE-2018-5130, CVE-2018-5131,
CVE-2018-5144, CVE-2018-5125, CVE-2018-5145.
.
* intl/icu/source/i18n/digitlst.cpp: Apply part of
http://bugs.icu-project.org/trac/changeset/40603 to fix FTBFS with glibc
2.26 on big endian platforms.
.
firefox-esr (52.6.0esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-03, also known as
CVE-2018-5091, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097,
CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103,
CVE-2018-5104, CVE-2018-5117, CVE-2018-5089.
.
firefox-esr (52.5.2esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2017-28, also known as CVE-2017-7843.
firefox-esr (52.6.0esr-2) unstable; urgency=medium
.
* intl/icu/source/i18n/digitlst.cpp: Apply part of
http://bugs.icu-project.org/trac/changeset/40603 to fix FTBFS with glibc
2.26 on big endian platforms.
firefox-esr (52.6.0esr-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-03, also known as
CVE-2018-5091, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097,
CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103,
CVE-2018-5104, CVE-2018-5117, CVE-2018-5089.
* Fixes FTBFS with glibc >= 2.26. Closes: #887778.
freedink-dfarc (3.12-1+deb9u1) stretch; urgency=high
.
* Fix directory traversal in D-Mod extractor (CVE-2018-0496)
freeplane (1.5.18-1+deb9u1) stretch-security; urgency=high
.
* Fix CVE-2018-1000069: Wojciech Reguła discovered that FreePlane was
affected by a XML External Entity (XXE) vulnerability in its mindmap
loader that could compromise a user's machine by opening a specially
crafted mind map file. (Closes: #893663)
ganeti (2.15.2-7+deb9u2) stretch; urgency=medium
.
* Properly verify SSL certificates during VM export (Closes: #895599)
ghostscript (9.20~dfsg-3.2+deb9u2) stretch; urgency=medium
.
* Non-maintainer upload.
* Segfault with fuzzing file in gxht_thresh_image_init
* Buffer overflow in fill_threshold_buffer (CVE-2016-10317)
(Closes: #860869)
* pdfwrite - Guard against trying to output an infinite number
(CVE-2018-10194) (Closes: #896069)
git (1:2.11.0-3+deb9u3) stretch-security; urgency=high
.
* Fix CVE-2018-11235, arbitrary code execution via submodule names
in .gitmodules file:
- submodule: verify submodule names as paths
- fsck: simplify ".git" check
- fsck: fsck blob data
- fsck: detect .gitmodules files
- fsck: check .gitmodules content
- fsck: call fsck_finish after fscking objects
- unpack-objects: call fsck_finish after fscking objects
- index-pack: check .gitmodules files with --strict
* Fix CVE-2018-11233, out-of-bounds read when validing NTFS paths:
- is_ntfs_dotgit: use a size_t for traversing string
* Do not allow .gitmodules to be a symlink:
- is_hfs_dotgit: match other .git* files
- is_ntfs_dotgit: match other .git* files
- is_{hfs,ntfs}_dotgitmodules: add tests
- skip_prefix: add case-insensitive variant
- verify_path: drop clever fallthrough
- verify_dotfile: mention case-insensitivity in comment
- update-index: stat updated files earlier
- verify_path: disallow .gitmodules symlinks
- fsck: complain when .gitmodules is a symlink
* debian/rules: make the new test executable.
.
Thanks to Brandon Williams, Etienne Stalmans, and Jeff King for
discovering and reporting these vulnerabilities and to Jeff King
and Johannes Schindelin for fixing them.
git-annex (6.20170101-1+deb9u2) stretch; urgency=high
.
[ Joey Hess ]
* CVE-2018-10857:
- Added annex.security.allowed-url-schemes setting, which defaults
to only allowing http, https, and ftp URLs. Note especially that file:/
is no longer enabled by default.
- Removed annex.web-download-command, since its interface does not allow
supporting annex.security.allowed-url-schemes across redirects.
If you used this setting, you may want to instead use annex.web-options
to pass options to curl.
- git-annex will refuse to download content from the web, to prevent
accidental exposure of data on private webservers on localhost and the
LAN. This can be overridden with the
annex.security.allowed-http-addresses setting.
(The S3, glacier, and webdav special remotes are still allowed to
download from the web.)
* CVE-2018-10857 and CVE-2018-10859:
- Refuse to download content, that cannot be verified with a hash,
from encrypted special remotes (for CVE-2018-10859),
and from all external special remotes (for CVE-2018-10857).
In particular, URL and WORM keys stored on such remotes won't
be downloaded. If this affects your files, you can run
`git-annex migrate` on the affected files, to convert them
to use a hash.
- Added annex.security.allow-unverified-downloads, which can override
the above.
.
git-annex (6.20170101-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2017-12976: git-annex before 6.20170818 allows remote attackers to
execute arbitrary commands via an ssh URL with an initial dash
character in the hostname, as demonstrated by an ssh://-eProxyCommand=
URL (Closes: #873088)
gitlab (8.13.11+dfsg1-8+deb9u3) stretch-security; urgency=high
.
* Fix regression in cve-2017-0920.patch (Closes: #900066)
(Thanks to kp666)
gitlab (8.13.11+dfsg1-8+deb9u2) stretch-security; urgency=medium
.
* Fixes CVE-2018-8971 (Closes: #893905)
* Fixes CVE-2017-0920 (Closes: #888508)
gitlab (8.13.11+dfsg1-8+deb9u1) stretch-security; urgency=high
.
* Fixes multiple security vulnerabilities (backported from 10.3.4 release)
CVE-2017-0916, CVE-2017-0918, CVE-2017-0925, CVE-2017-0926, CVE-2017-3710
glx-alternatives (0.8.3~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
* Revert to debhelper compat level 9.
.
glx-alternatives (0.8.3) unstable; urgency=medium
.
* Divert libGL.so.1.7.0, libGLESv1_CM.so.1.2.0, libGLESv2.so.2.1.0,
libEGL.so.1.1.0 that will be used by the next libglvnd upstream release.
* Update validation of the diverted libGL.so.1 symlink. (Closes: #879041)
.
glx-alternatives (0.8.2) unstable; urgency=medium
.
* Remove support for MESA libraries in /usr/lib/<triplet>/mesa/, the libs
never moved there.
* Remove support for libGLcore.so.1 and libnvidia-tls.so.1 alternatives,
only needed for 173xx and older legacy drivers.
* glx-alternative-nvidia: Provide the libnvidia-cfg.so.1 alternative for
bumblebee and cuda-only users. (Closes: #888461)
* Bump Standards-Version to 4.1.3. No changes needed.
* Switch to debhelper compat level 11.
* Switch Vcs-* URLs to salsa.debian.org.
.
glx-alternatives (0.8.1) unstable; urgency=medium
.
[ Andreas Beckmann ]
* Bump Standards-Version to 4.1.1. No changes needed.
* Set Rules-Requires-Root: no.
* Refresh debian/copyright from dh_make templates.
.
[ Russ Allbery ]
* Remove myself from Uploaders.
.
glx-alternatives (0.8.0) unstable; urgency=medium
.
[ Andreas Beckmann ]
* glx-diversions: Divert libGL.so.1.0.0 as shipped by libgl1 from
src:libglvnd.
* glx-alternative-nvidia: Preliminary support for libGL.so.1 from libglvnd.
* Use explicit interest-await triggers.
* Drop glx-alternative-fglrx.
* Switch to debhelper compat level 10.
* Bump Standards-Version to 4.0.1. No changes needed.
* Update Lintian overrides.
.
[ Luca Boccassi ]
* Add manpage for update-glx.
glx-alternatives (0.8.3~deb9u1~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
* Continue building glx-alternative-fglrx for jessie-backports.
.
glx-alternatives (0.8.3~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
* Revert to debhelper compat level 9.
.
glx-alternatives (0.8.3) unstable; urgency=medium
.
* Divert libGL.so.1.7.0, libGLESv1_CM.so.1.2.0, libGLESv2.so.2.1.0,
libEGL.so.1.1.0 that will be used by the next libglvnd upstream release.
* Update validation of the diverted libGL.so.1 symlink. (Closes: #879041)
.
glx-alternatives (0.8.2) unstable; urgency=medium
.
* Remove support for MESA libraries in /usr/lib/<triplet>/mesa/, the libs
never moved there.
* Remove support for libGLcore.so.1 and libnvidia-tls.so.1 alternatives,
only needed for 173xx and older legacy drivers.
* glx-alternative-nvidia: Provide the libnvidia-cfg.so.1 alternative for
bumblebee and cuda-only users. (Closes: #888461)
* Bump Standards-Version to 4.1.3. No changes needed.
* Switch to debhelper compat level 11.
* Switch Vcs-* URLs to salsa.debian.org.
.
glx-alternatives (0.8.1) unstable; urgency=medium
.
[ Andreas Beckmann ]
* Bump Standards-Version to 4.1.1. No changes needed.
* Set Rules-Requires-Root: no.
* Refresh debian/copyright from dh_make templates.
.
[ Russ Allbery ]
* Remove myself from Uploaders.
.
glx-alternatives (0.8.0) unstable; urgency=medium
.
[ Andreas Beckmann ]
* glx-diversions: Divert libGL.so.1.0.0 as shipped by libgl1 from
src:libglvnd.
* glx-alternative-nvidia: Preliminary support for libGL.so.1 from libglvnd.
* Use explicit interest-await triggers.
* Drop glx-alternative-fglrx.
* Switch to debhelper compat level 10.
* Bump Standards-Version to 4.0.1. No changes needed.
* Update Lintian overrides.
.
[ Luca Boccassi ]
* Add manpage for update-glx.
.
glx-alternatives (0.7.4) unstable; urgency=medium
.
* glx-alternative-nvidia: Bump some Breaks to account for newer
nvidia-driver(-legacy-*) releases in stretch. (Closes: #803793)
* glx-diversions: Depend on glx-alternative-mesa (and not the other way
around) to ensure we never end up with diversions but no alternatives.
(Closes: #807148)
* Stop using dh_installdocs --link-doc and clean up symlinks on upgrade.
glx-alternatives (0.8.3~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
glx-alternatives (0.8.3) unstable; urgency=medium
.
* Divert libGL.so.1.7.0, libGLESv1_CM.so.1.2.0, libGLESv2.so.2.1.0,
libEGL.so.1.1.0 that will be used by the next libglvnd upstream release.
* Update validation of the diverted libGL.so.1 symlink. (Closes: #879041)
.
glx-alternatives (0.8.2) unstable; urgency=medium
.
* Remove support for MESA libraries in /usr/lib/<triplet>/mesa/, the libs
never moved there.
* Remove support for libGLcore.so.1 and libnvidia-tls.so.1 alternatives,
only needed for 173xx and older legacy drivers.
* glx-alternative-nvidia: Provide the libnvidia-cfg.so.1 alternative for
bumblebee and cuda-only users. (Closes: #888461)
* Bump Standards-Version to 4.1.3. No changes needed.
* Switch to debhelper compat level 11.
* Switch Vcs-* URLs to salsa.debian.org.
.
glx-alternatives (0.8.1) unstable; urgency=medium
.
[ Andreas Beckmann ]
* Bump Standards-Version to 4.1.1. No changes needed.
* Set Rules-Requires-Root: no.
* Refresh debian/copyright from dh_make templates.
.
[ Russ Allbery ]
* Remove myself from Uploaders.
.
glx-alternatives (0.8.0) unstable; urgency=medium
.
[ Andreas Beckmann ]
* glx-diversions: Divert libGL.so.1.0.0 as shipped by libgl1 from
src:libglvnd.
* glx-alternative-nvidia: Preliminary support for libGL.so.1 from libglvnd.
* Use explicit interest-await triggers.
* Drop glx-alternative-fglrx.
* Switch to debhelper compat level 10.
* Bump Standards-Version to 4.0.1. No changes needed.
* Update Lintian overrides.
.
[ Luca Boccassi ]
* Add manpage for update-glx.
glx-alternatives (0.8.2) unstable; urgency=medium
.
* Remove support for MESA libraries in /usr/lib/<triplet>/mesa/, the libs
never moved there.
* Remove support for libGLcore.so.1 and libnvidia-tls.so.1 alternatives,
only needed for 173xx and older legacy drivers.
* glx-alternative-nvidia: Provide the libnvidia-cfg.so.1 alternative for
bumblebee and cuda-only users. (Closes: #888461)
* Bump Standards-Version to 4.1.3. No changes needed.
* Switch to debhelper compat level 11.
* Switch Vcs-* URLs to salsa.debian.org.
glx-alternatives (0.8.1) unstable; urgency=medium
.
[ Andreas Beckmann ]
* Bump Standards-Version to 4.1.1. No changes needed.
* Set Rules-Requires-Root: no.
* Refresh debian/copyright from dh_make templates.
.
[ Russ Allbery ]
* Remove myself from Uploaders.
glx-alternatives (0.8.0) unstable; urgency=medium
.
[ Andreas Beckmann ]
* glx-diversions: Divert libGL.so.1.0.0 as shipped by libgl1 from
src:libglvnd.
* glx-alternative-nvidia: Preliminary support for libGL.so.1 from libglvnd.
* Use explicit interest-await triggers.
* Drop glx-alternative-fglrx.
* Switch to debhelper compat level 10.
* Bump Standards-Version to 4.0.1. No changes needed.
* Update Lintian overrides.
.
[ Luca Boccassi ]
* Add manpage for update-glx.
gnupg1 (1.4.21-4+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* gpg: Sanitize diagnostic with the original file name (CVE-2018-12020)
(Closes: #901088)
gnupg2 (2.1.18-8~deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* gpg: Sanitize diagnostic with the original file name (CVE-2018-12020)
goldencheetah (4.0.0~DEV1607-2+deb9u1) stretch-security; urgency=medium
.
* debian/patches/dont-link-libvlccore.patch: Do not unnecessarily link
against libvlccore. (Closes: #884940)
gosa (2.7.4+reloaded2-13+deb9u1) stretch-security; urgency=medium
.
* debian/patches:
+ Add 0013_escape-html-entities-for-uid-to-avoid-code-execution-
CVE-2018-1000528.patch. Fixes code injection in password change dialog.
Resolves CVE-2018-1000528. (Closes: #902723).
gridengine (8.1.9+dfsg-4+deb9u2) stretch; urgency=low
.
* Fix FTBFS on armhf due to OpenJDK VM changes.
Thanks to Adam Barratt (Closes: #903406)
gridengine (8.1.9+dfsg-4+deb9u1) stretch; urgency=medium
.
* gridengine-qmon:
- Use correct paths to qmon pixmaps (Closes: #892296)
icu (57.1-6+deb9u2) stretch-security; urgency=high
.
* Backport upstream security fix for CVE-2017-15422: Persian calendar
integer overflow (closes: #892766).
intel-microcode (3.20180425.1~deb9u1) stretch; urgency=medium
.
* Upload to Debian stretch (no changes)
* RELEASE MANAGER INFORMATION: This update deploys the microcode side fix
for CVE-2017-5715 (Spectre v2). On the more recent processors, it also
fixes other unspecified errata. This microcode update pack has been
extensively tested in Debian unstable, testing, strech-backports and
jessie-backports. It has been extensively deployed by other distributions
to their stable branches without causing any issues, with one notable
exception (a distro-specific kernel bug, already fixed by that distro).
.
intel-microcode (3.20180425.1) unstable; urgency=medium
.
* New upstream microcode data file 20180425 (closes: #897443, #895878)
+ Updated Microcodes:
sig 0x000406f1, pf_mask 0xef, 2018-03-21, rev 0xb00002c, size 27648
sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728
+ Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation
+ Note that sig 0x000604f1 has been blacklisted from late-loading
since Debian release 3.20171117.1.
* source: remove undesired list files from microcode directories
* source: switch to microcode-<id>.d/ since Intel dropped .dat
support.
.
intel-microcode (3.20180312.1) unstable; urgency=medium
.
* New upstream microcode data file 20180312 (closes: #886367)
+ New Microcodes:
sig 0x00050653, pf_mask 0x97, 2018-01-29, rev 0x1000140, size 30720
sig 0x00050665, pf_mask 0x10, 2018-01-22, rev 0xe000009, size 18432
+ Updated Microcodes:
sig 0x000206a7, pf_mask 0x12, 2018-02-07, rev 0x002d, size 12288
sig 0x000206d6, pf_mask 0x6d, 2018-01-30, rev 0x061c, size 18432
sig 0x000206d7, pf_mask 0x6d, 2018-01-26, rev 0x0713, size 19456
sig 0x000306a9, pf_mask 0x12, 2018-02-07, rev 0x001f, size 13312
sig 0x000306c3, pf_mask 0x32, 2018-01-21, rev 0x0024, size 23552
sig 0x000306d4, pf_mask 0xc0, 2018-01-18, rev 0x002a, size 18432
sig 0x000306e4, pf_mask 0xed, 2018-01-25, rev 0x042c, size 15360
sig 0x000306e7, pf_mask 0xed, 2018-02-16, rev 0x0713, size 16384
sig 0x000306f2, pf_mask 0x6f, 2018-01-19, rev 0x003c, size 33792
sig 0x000306f4, pf_mask 0x80, 2018-01-22, rev 0x0011, size 17408
sig 0x00040651, pf_mask 0x72, 2018-01-18, rev 0x0023, size 21504
sig 0x00040661, pf_mask 0x32, 2018-01-21, rev 0x0019, size 25600
sig 0x00040671, pf_mask 0x22, 2018-01-21, rev 0x001d, size 12288
sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
sig 0x00050654, pf_mask 0xb7, 2018-01-26, rev 0x2000043, size 28672
sig 0x00050662, pf_mask 0x10, 2018-01-22, rev 0x0015, size 31744
sig 0x00050663, pf_mask 0x10, 2018-01-22, rev 0x7000012, size 22528
sig 0x00050664, pf_mask 0x10, 2018-01-22, rev 0xf000011, size 22528
sig 0x000506e3, pf_mask 0x36, 2017-11-16, rev 0x00c2, size 99328
sig 0x000806e9, pf_mask 0xc0, 2018-01-21, rev 0x0084, size 98304
sig 0x000806ea, pf_mask 0xc0, 2018-01-21, rev 0x0084, size 97280
sig 0x000906e9, pf_mask 0x2a, 2018-01-21, rev 0x0084, size 98304
sig 0x000906ea, pf_mask 0x22, 2018-01-21, rev 0x0084, size 96256
sig 0x000906eb, pf_mask 0x02, 2018-01-21, rev 0x0084, size 98304
+ Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation for:
Sandybridge, Ivy Bridge, Haswell, Broadwell, Skylake, Kaby Lake,
Coffee Lake
+ Missing production updates:
+ Broadwell-E/EX Xeons (sig 0x406f1)
+ Anniedale/Morefield, Apollo Lake, Avoton, Cherry Trail, Braswell,
Gemini Lake, Denverton
* Update past changelog entries with new information:
Intel already had all necessary semanthics in LFENCE, so the
Spectre-related Intel microcode changes did not need to enhance LFENCE.
* debian/control: update Vcs-* fields for the move to salsa.debian.org
.
intel-microcode (3.20180108.1+really20171117.1) unstable; urgency=critical
.
* Revert to release 20171117, as per Intel instructions issued to
the public in 2018-01-22 (closes: #886998)
* This effectively removes IBRS/IBPB/STIPB microcode support for
Spectre variant 2 mitigation.
.
intel-microcode (3.20180108.1) unstable; urgency=high
.
* New upstream microcode data file 20180108 (closes: #886367)
+ Updated Microcodes:
sig 0x000306c3, pf_mask 0x32, 2017-11-20, rev 0x0023, size 23552
sig 0x000306d4, pf_mask 0xc0, 2017-11-17, rev 0x0028, size 18432
sig 0x000306e4, pf_mask 0xed, 2017-12-01, rev 0x042a, size 15360
sig 0x000306f2, pf_mask 0x6f, 2017-11-17, rev 0x003b, size 33792
sig 0x000306f4, pf_mask 0x80, 2017-11-17, rev 0x0010, size 17408
sig 0x00040651, pf_mask 0x72, 2017-11-20, rev 0x0021, size 22528
sig 0x00040661, pf_mask 0x32, 2017-11-20, rev 0x0018, size 25600
sig 0x00040671, pf_mask 0x22, 2017-11-17, rev 0x001b, size 13312
sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
sig 0x00050654, pf_mask 0xb7, 2017-12-08, rev 0x200003c, size 27648
sig 0x00050662, pf_mask 0x10, 2017-12-16, rev 0x0014, size 31744
sig 0x00050663, pf_mask 0x10, 2017-12-16, rev 0x7000011, size 22528
sig 0x000506e3, pf_mask 0x36, 2017-11-16, rev 0x00c2, size 99328
sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728
sig 0x000806e9, pf_mask 0xc0, 2018-01-04, rev 0x0080, size 98304
sig 0x000806ea, pf_mask 0xc0, 2018-01-04, rev 0x0080, size 98304
sig 0x000906e9, pf_mask 0x2a, 2018-01-04, rev 0x0080, size 98304
sig 0x000906ea, pf_mask 0x22, 2018-01-04, rev 0x0080, size 97280
sig 0x000906eb, pf_mask 0x02, 2018-01-04, rev 0x0080, size 98304
+ Implements IBRS/IBPB support: mitigation against Spectre (CVE-2017-5715)
+ Very likely fixes several other errata on some of the processors
* supplementary-ucode-CVE-2017-5715.d/: remove.
+ Downgraded microcodes:
sig 0x000406f1, pf_mask 0xef, 2017-03-01, rev 0xb000021, size 26624
sig 0x000506c9, pf_mask 0x03, 2017-03-25, rev 0x002c, size 16384
+ Recall related to bug #886998
* source: remove superseded upstream data file: 20171117
* README.Debian, copyright: update download URLs (closes: #886368)
.
intel-microcode (3.20171215.1) unstable; urgency=high
.
* Add supplementary-ucode-CVE-2017-5715.d/: (closes: #886367)
New upstream microcodes to partially address CVE-2017-5715
+ Updated Microcodes:
sig 0x000306c3, pf_mask 0x32, 2017-11-20, rev 0x0023, size 23552
sig 0x000306d4, pf_mask 0xc0, 2017-11-17, rev 0x0028, size 18432
sig 0x000306f2, pf_mask 0x6f, 2017-11-17, rev 0x003b, size 33792
sig 0x00040651, pf_mask 0x72, 2017-11-20, rev 0x0021, size 22528
sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
sig 0x000406f1, pf_mask 0xef, 2017-11-18, rev 0xb000025, size 27648
sig 0x00050654, pf_mask 0xb7, 2017-11-21, rev 0x200003a, size 27648
sig 0x000506c9, pf_mask 0x03, 2017-11-22, rev 0x002e, size 16384
sig 0x000806e9, pf_mask 0xc0, 2017-12-03, rev 0x007c, size 98304
sig 0x000906e9, pf_mask 0x2a, 2017-12-03, rev 0x007c, size 98304
* Implements IBRS and IBPB support via new MSR (Spectre variant 2
mitigation, indirect branches). Support is exposed through cpuid(7).EDX.
.
intel-microcode (3.20171117.1) unstable; urgency=medium
.
* New upstream microcode data file 20171117
+ New Microcodes:
sig 0x000506c9, pf_mask 0x03, 2017-03-25, rev 0x002c, size 16384
sig 0x000706a1, pf_mask 0x01, 2017-10-31, rev 0x001e, size 72704
sig 0x000906ea, pf_mask 0x22, 2017-08-23, rev 0x0070, size 95232
sig 0x000906eb, pf_mask 0x02, 2017-09-20, rev 0x0072, size 97280
+ Updated Microcodes:
sig 0x00050654, pf_mask 0xb7, 2017-10-17, rev 0x2000035, size 26624
sig 0x000806ea, pf_mask 0xc0, 2017-08-03, rev 0x0070, size 96256
* source: remove superseded upstream data file: 20170707.
* source: remove unneeded intel-ucode/ directory for 20171117.
* debian/control: bump standards version to 4.1.1 (no changes)
* Makefile: rename microcode-extras.pbin to microcode-includes.pbin.
* README.source: fix IUC_EXCLUDE example and minor issues.
* Makefile, README.souce: support loading ucode from directories.
* debian/rules: switch to dh mode (debhelper v9)
* ucode-blacklist: blacklist sig 0x406f1 (Skylake-X H0) from late
loading.
intel-microcode (3.20180425.1~deb8u1) jessie; urgency=medium
.
* Upload to Debian jessie (no changes)
* RELEASE MANAGER INFORMATION: This update deploys the microcode side fix
for CVE-2017-5715 (Spectre v2). On the more recent processors, it also
fixes other unspecified errata. This microcode update pack has been
extensively tested in Debian unstable, testing, strech-backports and
jessie-backports. It has been extensively deployed by other distributions
to their stable branches without causing any issues, with one notable
exception (a distro-specific kernel bug, already fixed by that distro).
.
intel-microcode (3.20180425.1) unstable; urgency=medium
.
* New upstream microcode data file 20180425 (closes: #897443, #895878)
+ Updated Microcodes:
sig 0x000406f1, pf_mask 0xef, 2018-03-21, rev 0xb00002c, size 27648
sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728
+ Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation
+ Note that sig 0x000604f1 has been blacklisted from late-loading
since Debian release 3.20171117.1.
* source: remove undesired list files from microcode directories
* source: switch to microcode-<id>.d/ since Intel dropped .dat
support.
.
intel-microcode (3.20180312.1) unstable; urgency=medium
.
* New upstream microcode data file 20180312 (closes: #886367)
+ New Microcodes:
sig 0x00050653, pf_mask 0x97, 2018-01-29, rev 0x1000140, size 30720
sig 0x00050665, pf_mask 0x10, 2018-01-22, rev 0xe000009, size 18432
+ Updated Microcodes:
sig 0x000206a7, pf_mask 0x12, 2018-02-07, rev 0x002d, size 12288
sig 0x000206d6, pf_mask 0x6d, 2018-01-30, rev 0x061c, size 18432
sig 0x000206d7, pf_mask 0x6d, 2018-01-26, rev 0x0713, size 19456
sig 0x000306a9, pf_mask 0x12, 2018-02-07, rev 0x001f, size 13312
sig 0x000306c3, pf_mask 0x32, 2018-01-21, rev 0x0024, size 23552
sig 0x000306d4, pf_mask 0xc0, 2018-01-18, rev 0x002a, size 18432
sig 0x000306e4, pf_mask 0xed, 2018-01-25, rev 0x042c, size 15360
sig 0x000306e7, pf_mask 0xed, 2018-02-16, rev 0x0713, size 16384
sig 0x000306f2, pf_mask 0x6f, 2018-01-19, rev 0x003c, size 33792
sig 0x000306f4, pf_mask 0x80, 2018-01-22, rev 0x0011, size 17408
sig 0x00040651, pf_mask 0x72, 2018-01-18, rev 0x0023, size 21504
sig 0x00040661, pf_mask 0x32, 2018-01-21, rev 0x0019, size 25600
sig 0x00040671, pf_mask 0x22, 2018-01-21, rev 0x001d, size 12288
sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
sig 0x00050654, pf_mask 0xb7, 2018-01-26, rev 0x2000043, size 28672
sig 0x00050662, pf_mask 0x10, 2018-01-22, rev 0x0015, size 31744
sig 0x00050663, pf_mask 0x10, 2018-01-22, rev 0x7000012, size 22528
sig 0x00050664, pf_mask 0x10, 2018-01-22, rev 0xf000011, size 22528
sig 0x000506e3, pf_mask 0x36, 2017-11-16, rev 0x00c2, size 99328
sig 0x000806e9, pf_mask 0xc0, 2018-01-21, rev 0x0084, size 98304
sig 0x000806ea, pf_mask 0xc0, 2018-01-21, rev 0x0084, size 97280
sig 0x000906e9, pf_mask 0x2a, 2018-01-21, rev 0x0084, size 98304
sig 0x000906ea, pf_mask 0x22, 2018-01-21, rev 0x0084, size 96256
sig 0x000906eb, pf_mask 0x02, 2018-01-21, rev 0x0084, size 98304
+ Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation for:
Sandybridge, Ivy Bridge, Haswell, Broadwell, Skylake, Kaby Lake,
Coffee Lake
+ Missing production updates:
+ Broadwell-E/EX Xeons (sig 0x406f1)
+ Anniedale/Morefield, Apollo Lake, Avoton, Cherry Trail, Braswell,
Gemini Lake, Denverton
* Update past changelog entries with new information:
Intel already had all necessary semanthics in LFENCE, so the
Spectre-related Intel microcode changes did not need to enhance LFENCE.
* debian/control: update Vcs-* fields for the move to salsa.debian.org
.
intel-microcode (3.20180108.1+really20171117.1) unstable; urgency=critical
.
* Revert to release 20171117, as per Intel instructions issued to
the public in 2018-01-22 (closes: #886998)
* This effectively removes IBRS/IBPB/STIPB microcode support for
Spectre variant 2 mitigation.
.
intel-microcode (3.20180108.1) unstable; urgency=high
.
* New upstream microcode data file 20180108 (closes: #886367)
+ Updated Microcodes:
sig 0x000306c3, pf_mask 0x32, 2017-11-20, rev 0x0023, size 23552
sig 0x000306d4, pf_mask 0xc0, 2017-11-17, rev 0x0028, size 18432
sig 0x000306e4, pf_mask 0xed, 2017-12-01, rev 0x042a, size 15360
sig 0x000306f2, pf_mask 0x6f, 2017-11-17, rev 0x003b, size 33792
sig 0x000306f4, pf_mask 0x80, 2017-11-17, rev 0x0010, size 17408
sig 0x00040651, pf_mask 0x72, 2017-11-20, rev 0x0021, size 22528
sig 0x00040661, pf_mask 0x32, 2017-11-20, rev 0x0018, size 25600
sig 0x00040671, pf_mask 0x22, 2017-11-17, rev 0x001b, size 13312
sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
sig 0x00050654, pf_mask 0xb7, 2017-12-08, rev 0x200003c, size 27648
sig 0x00050662, pf_mask 0x10, 2017-12-16, rev 0x0014, size 31744
sig 0x00050663, pf_mask 0x10, 2017-12-16, rev 0x7000011, size 22528
sig 0x000506e3, pf_mask 0x36, 2017-11-16, rev 0x00c2, size 99328
sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728
sig 0x000806e9, pf_mask 0xc0, 2018-01-04, rev 0x0080, size 98304
sig 0x000806ea, pf_mask 0xc0, 2018-01-04, rev 0x0080, size 98304
sig 0x000906e9, pf_mask 0x2a, 2018-01-04, rev 0x0080, size 98304
sig 0x000906ea, pf_mask 0x22, 2018-01-04, rev 0x0080, size 97280
sig 0x000906eb, pf_mask 0x02, 2018-01-04, rev 0x0080, size 98304
+ Implements IBRS/IBPB support: mitigation against Spectre (CVE-2017-5715)
+ Very likely fixes several other errata on some of the processors
* supplementary-ucode-CVE-2017-5715.d/: remove.
+ Downgraded microcodes:
sig 0x000406f1, pf_mask 0xef, 2017-03-01, rev 0xb000021, size 26624
sig 0x000506c9, pf_mask 0x03, 2017-03-25, rev 0x002c, size 16384
+ Recall related to bug #886998
* source: remove superseded upstream data file: 20171117
* README.Debian, copyright: update download URLs (closes: #886368)
.
intel-microcode (3.20171215.1) unstable; urgency=high
.
* Add supplementary-ucode-CVE-2017-5715.d/: (closes: #886367)
New upstream microcodes to partially address CVE-2017-5715
+ Updated Microcodes:
sig 0x000306c3, pf_mask 0x32, 2017-11-20, rev 0x0023, size 23552
sig 0x000306d4, pf_mask 0xc0, 2017-11-17, rev 0x0028, size 18432
sig 0x000306f2, pf_mask 0x6f, 2017-11-17, rev 0x003b, size 33792
sig 0x00040651, pf_mask 0x72, 2017-11-20, rev 0x0021, size 22528
sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
sig 0x000406f1, pf_mask 0xef, 2017-11-18, rev 0xb000025, size 27648
sig 0x00050654, pf_mask 0xb7, 2017-11-21, rev 0x200003a, size 27648
sig 0x000506c9, pf_mask 0x03, 2017-11-22, rev 0x002e, size 16384
sig 0x000806e9, pf_mask 0xc0, 2017-12-03, rev 0x007c, size 98304
sig 0x000906e9, pf_mask 0x2a, 2017-12-03, rev 0x007c, size 98304
* Implements IBRS and IBPB support via new MSR (Spectre variant 2
mitigation, indirect branches). Support is exposed through cpuid(7).EDX.
.
intel-microcode (3.20171117.1) unstable; urgency=medium
.
* New upstream microcode data file 20171117
+ New Microcodes:
sig 0x000506c9, pf_mask 0x03, 2017-03-25, rev 0x002c, size 16384
sig 0x000706a1, pf_mask 0x01, 2017-10-31, rev 0x001e, size 72704
sig 0x000906ea, pf_mask 0x22, 2017-08-23, rev 0x0070, size 95232
sig 0x000906eb, pf_mask 0x02, 2017-09-20, rev 0x0072, size 97280
+ Updated Microcodes:
sig 0x00050654, pf_mask 0xb7, 2017-10-17, rev 0x2000035, size 26624
sig 0x000806ea, pf_mask 0xc0, 2017-08-03, rev 0x0070, size 96256
* source: remove superseded upstream data file: 20170707.
* source: remove unneeded intel-ucode/ directory for 20171117.
* debian/control: bump standards version to 4.1.1 (no changes)
* Makefile: rename microcode-extras.pbin to microcode-includes.pbin.
* README.source: fix IUC_EXCLUDE example and minor issues.
* Makefile, README.souce: support loading ucode from directories.
* debian/rules: switch to dh mode (debhelper v9)
* ucode-blacklist: blacklist sig 0x406f1 (Skylake-X H0) from late
loading.
intel-microcode (3.20180425.1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports (no changes)
.
intel-microcode (3.20180425.1) unstable; urgency=medium
.
* New upstream microcode data file 20180425 (closes: #897443, #895878)
+ Updated Microcodes:
sig 0x000406f1, pf_mask 0xef, 2018-03-21, rev 0xb00002c, size 27648
sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728
+ Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation
+ Note that sig 0x000604f1 has been blacklisted from late-loading
since Debian release 3.20171117.1.
* source: remove undesired list files from microcode directories
* source: switch to microcode-<id>.d/ since Intel dropped .dat
support.
intel-microcode (3.20180425.1~bpo8+1) jessie-backports-sloppy; urgency=medium
.
* Rebuild for jessie-backports-sloppy (no changes)
.
intel-microcode (3.20180425.1) unstable; urgency=medium
.
* New upstream microcode data file 20180425 (closes: #897443, #895878)
+ Updated Microcodes:
sig 0x000406f1, pf_mask 0xef, 2018-03-21, rev 0xb00002c, size 27648
sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728
+ Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation
+ Note that sig 0x000604f1 has been blacklisted from late-loading
since Debian release 3.20171117.1.
* source: remove undesired list files from microcode directories
* source: switch to microcode-<id>.d/ since Intel dropped .dat
support.
intel-microcode (3.20180312.1) unstable; urgency=medium
.
* New upstream microcode data file 20180312 (closes: #886367)
+ New Microcodes:
sig 0x00050653, pf_mask 0x97, 2018-01-29, rev 0x1000140, size 30720
sig 0x00050665, pf_mask 0x10, 2018-01-22, rev 0xe000009, size 18432
+ Updated Microcodes:
sig 0x000206a7, pf_mask 0x12, 2018-02-07, rev 0x002d, size 12288
sig 0x000206d6, pf_mask 0x6d, 2018-01-30, rev 0x061c, size 18432
sig 0x000206d7, pf_mask 0x6d, 2018-01-26, rev 0x0713, size 19456
sig 0x000306a9, pf_mask 0x12, 2018-02-07, rev 0x001f, size 13312
sig 0x000306c3, pf_mask 0x32, 2018-01-21, rev 0x0024, size 23552
sig 0x000306d4, pf_mask 0xc0, 2018-01-18, rev 0x002a, size 18432
sig 0x000306e4, pf_mask 0xed, 2018-01-25, rev 0x042c, size 15360
sig 0x000306e7, pf_mask 0xed, 2018-02-16, rev 0x0713, size 16384
sig 0x000306f2, pf_mask 0x6f, 2018-01-19, rev 0x003c, size 33792
sig 0x000306f4, pf_mask 0x80, 2018-01-22, rev 0x0011, size 17408
sig 0x00040651, pf_mask 0x72, 2018-01-18, rev 0x0023, size 21504
sig 0x00040661, pf_mask 0x32, 2018-01-21, rev 0x0019, size 25600
sig 0x00040671, pf_mask 0x22, 2018-01-21, rev 0x001d, size 12288
sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
sig 0x00050654, pf_mask 0xb7, 2018-01-26, rev 0x2000043, size 28672
sig 0x00050662, pf_mask 0x10, 2018-01-22, rev 0x0015, size 31744
sig 0x00050663, pf_mask 0x10, 2018-01-22, rev 0x7000012, size 22528
sig 0x00050664, pf_mask 0x10, 2018-01-22, rev 0xf000011, size 22528
sig 0x000506e3, pf_mask 0x36, 2017-11-16, rev 0x00c2, size 99328
sig 0x000806e9, pf_mask 0xc0, 2018-01-21, rev 0x0084, size 98304
sig 0x000806ea, pf_mask 0xc0, 2018-01-21, rev 0x0084, size 97280
sig 0x000906e9, pf_mask 0x2a, 2018-01-21, rev 0x0084, size 98304
sig 0x000906ea, pf_mask 0x22, 2018-01-21, rev 0x0084, size 96256
sig 0x000906eb, pf_mask 0x02, 2018-01-21, rev 0x0084, size 98304
+ Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation for:
Sandybridge, Ivy Bridge, Haswell, Broadwell, Skylake, Kaby Lake,
Coffee Lake
+ Missing production updates:
+ Broadwell-E/EX Xeons (sig 0x406f1)
+ Anniedale/Morefield, Apollo Lake, Avoton, Cherry Trail, Braswell,
Gemini Lake, Denverton
* Update past changelog entries with new information:
Intel already had all necessary semanthics in LFENCE, so the
Spectre-related Intel microcode changes did not need to enhance LFENCE.
* debian/control: update Vcs-* fields for the move to salsa.debian.org
intel-microcode (3.20180312.1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports (no changes)
.
intel-microcode (3.20180312.1) unstable; urgency=medium
.
* New upstream microcode data file 20180312 (closes: #886367)
+ New Microcodes:
sig 0x00050653, pf_mask 0x97, 2018-01-29, rev 0x1000140, size 30720
sig 0x00050665, pf_mask 0x10, 2018-01-22, rev 0xe000009, size 18432
+ Updated Microcodes:
sig 0x000206a7, pf_mask 0x12, 2018-02-07, rev 0x002d, size 12288
sig 0x000206d6, pf_mask 0x6d, 2018-01-30, rev 0x061c, size 18432
sig 0x000206d7, pf_mask 0x6d, 2018-01-26, rev 0x0713, size 19456
sig 0x000306a9, pf_mask 0x12, 2018-02-07, rev 0x001f, size 13312
sig 0x000306c3, pf_mask 0x32, 2018-01-21, rev 0x0024, size 23552
sig 0x000306d4, pf_mask 0xc0, 2018-01-18, rev 0x002a, size 18432
sig 0x000306e4, pf_mask 0xed, 2018-01-25, rev 0x042c, size 15360
sig 0x000306e7, pf_mask 0xed, 2018-02-16, rev 0x0713, size 16384
sig 0x000306f2, pf_mask 0x6f, 2018-01-19, rev 0x003c, size 33792
sig 0x000306f4, pf_mask 0x80, 2018-01-22, rev 0x0011, size 17408
sig 0x00040651, pf_mask 0x72, 2018-01-18, rev 0x0023, size 21504
sig 0x00040661, pf_mask 0x32, 2018-01-21, rev 0x0019, size 25600
sig 0x00040671, pf_mask 0x22, 2018-01-21, rev 0x001d, size 12288
sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
sig 0x00050654, pf_mask 0xb7, 2018-01-26, rev 0x2000043, size 28672
sig 0x00050662, pf_mask 0x10, 2018-01-22, rev 0x0015, size 31744
sig 0x00050663, pf_mask 0x10, 2018-01-22, rev 0x7000012, size 22528
sig 0x00050664, pf_mask 0x10, 2018-01-22, rev 0xf000011, size 22528
sig 0x000506e3, pf_mask 0x36, 2017-11-16, rev 0x00c2, size 99328
sig 0x000806e9, pf_mask 0xc0, 2018-01-21, rev 0x0084, size 98304
sig 0x000806ea, pf_mask 0xc0, 2018-01-21, rev 0x0084, size 97280
sig 0x000906e9, pf_mask 0x2a, 2018-01-21, rev 0x0084, size 98304
sig 0x000906ea, pf_mask 0x22, 2018-01-21, rev 0x0084, size 96256
sig 0x000906eb, pf_mask 0x02, 2018-01-21, rev 0x0084, size 98304
+ Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation for:
Sandybridge, Ivy Bridge, Haswell, Broadwell, Skylake, Kaby Lake,
Coffee Lake
+ Missing production updates:
+ Broadwell-E/EX Xeons (sig 0x406f1)
+ Anniedale/Morefield, Apollo Lake, Avoton, Cherry Trail, Braswell,
Gemini Lake, Denverton
* Update past changelog entries with new information:
Intel already had all necessary semanthics in LFENCE, so the
Spectre-related Intel microcode changes did not need to enhance LFENCE.
* debian/control: update Vcs-* fields for the move to salsa.debian.org
.
intel-microcode (3.20180108.1+really20171117.1) unstable; urgency=critical
.
* Revert to release 20171117, as per Intel instructions issued to
the public in 2018-01-22 (closes: #886998)
* This effectively removes IBRS/IBPB/STIPB microcode support for
Spectre variant 2 mitigation.
.
intel-microcode (3.20180108.1) unstable; urgency=high
.
* New upstream microcode data file 20180108 (closes: #886367)
+ Updated Microcodes:
sig 0x000306c3, pf_mask 0x32, 2017-11-20, rev 0x0023, size 23552
sig 0x000306d4, pf_mask 0xc0, 2017-11-17, rev 0x0028, size 18432
sig 0x000306e4, pf_mask 0xed, 2017-12-01, rev 0x042a, size 15360
sig 0x000306f2, pf_mask 0x6f, 2017-11-17, rev 0x003b, size 33792
sig 0x000306f4, pf_mask 0x80, 2017-11-17, rev 0x0010, size 17408
sig 0x00040651, pf_mask 0x72, 2017-11-20, rev 0x0021, size 22528
sig 0x00040661, pf_mask 0x32, 2017-11-20, rev 0x0018, size 25600
sig 0x00040671, pf_mask 0x22, 2017-11-17, rev 0x001b, size 13312
sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
sig 0x00050654, pf_mask 0xb7, 2017-12-08, rev 0x200003c, size 27648
sig 0x00050662, pf_mask 0x10, 2017-12-16, rev 0x0014, size 31744
sig 0x00050663, pf_mask 0x10, 2017-12-16, rev 0x7000011, size 22528
sig 0x000506e3, pf_mask 0x36, 2017-11-16, rev 0x00c2, size 99328
sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728
sig 0x000806e9, pf_mask 0xc0, 2018-01-04, rev 0x0080, size 98304
sig 0x000806ea, pf_mask 0xc0, 2018-01-04, rev 0x0080, size 98304
sig 0x000906e9, pf_mask 0x2a, 2018-01-04, rev 0x0080, size 98304
sig 0x000906ea, pf_mask 0x22, 2018-01-04, rev 0x0080, size 97280
sig 0x000906eb, pf_mask 0x02, 2018-01-04, rev 0x0080, size 98304
+ Implements IBRS/IBPB support: mitigation against Spectre (CVE-2017-5715)
+ Very likely fixes several other errata on some of the processors
* supplementary-ucode-CVE-2017-5715.d/: remove.
+ Downgraded microcodes:
sig 0x000406f1, pf_mask 0xef, 2017-03-01, rev 0xb000021, size 26624
sig 0x000506c9, pf_mask 0x03, 2017-03-25, rev 0x002c, size 16384
+ Recall related to bug #886998
* source: remove superseded upstream data file: 20171117
* README.Debian, copyright: update download URLs (closes: #886368)
.
intel-microcode (3.20171215.1) unstable; urgency=high
.
* Add supplementary-ucode-CVE-2017-5715.d/: (closes: #886367)
New upstream microcodes to partially address CVE-2017-5715
+ Updated Microcodes:
sig 0x000306c3, pf_mask 0x32, 2017-11-20, rev 0x0023, size 23552
sig 0x000306d4, pf_mask 0xc0, 2017-11-17, rev 0x0028, size 18432
sig 0x000306f2, pf_mask 0x6f, 2017-11-17, rev 0x003b, size 33792
sig 0x00040651, pf_mask 0x72, 2017-11-20, rev 0x0021, size 22528
sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
sig 0x000406f1, pf_mask 0xef, 2017-11-18, rev 0xb000025, size 27648
sig 0x00050654, pf_mask 0xb7, 2017-11-21, rev 0x200003a, size 27648
sig 0x000506c9, pf_mask 0x03, 2017-11-22, rev 0x002e, size 16384
sig 0x000806e9, pf_mask 0xc0, 2017-12-03, rev 0x007c, size 98304
sig 0x000906e9, pf_mask 0x2a, 2017-12-03, rev 0x007c, size 98304
* Implements IBRS and IBPB support via new MSR (Spectre variant 2
mitigation, indirect branches). Support is exposed through cpuid(7).EDX.
intel-microcode (3.20180312.1~bpo8+1) jessie-backports-sloppy; urgency=medium
.
* Rebuild for jessie-backports-sloppy (no changes)
.
intel-microcode (3.20180312.1) unstable; urgency=medium
.
* New upstream microcode data file 20180312 (closes: #886367)
+ New Microcodes:
sig 0x00050653, pf_mask 0x97, 2018-01-29, rev 0x1000140, size 30720
sig 0x00050665, pf_mask 0x10, 2018-01-22, rev 0xe000009, size 18432
+ Updated Microcodes:
sig 0x000206a7, pf_mask 0x12, 2018-02-07, rev 0x002d, size 12288
sig 0x000206d6, pf_mask 0x6d, 2018-01-30, rev 0x061c, size 18432
sig 0x000206d7, pf_mask 0x6d, 2018-01-26, rev 0x0713, size 19456
sig 0x000306a9, pf_mask 0x12, 2018-02-07, rev 0x001f, size 13312
sig 0x000306c3, pf_mask 0x32, 2018-01-21, rev 0x0024, size 23552
sig 0x000306d4, pf_mask 0xc0, 2018-01-18, rev 0x002a, size 18432
sig 0x000306e4, pf_mask 0xed, 2018-01-25, rev 0x042c, size 15360
sig 0x000306e7, pf_mask 0xed, 2018-02-16, rev 0x0713, size 16384
sig 0x000306f2, pf_mask 0x6f, 2018-01-19, rev 0x003c, size 33792
sig 0x000306f4, pf_mask 0x80, 2018-01-22, rev 0x0011, size 17408
sig 0x00040651, pf_mask 0x72, 2018-01-18, rev 0x0023, size 21504
sig 0x00040661, pf_mask 0x32, 2018-01-21, rev 0x0019, size 25600
sig 0x00040671, pf_mask 0x22, 2018-01-21, rev 0x001d, size 12288
sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
sig 0x00050654, pf_mask 0xb7, 2018-01-26, rev 0x2000043, size 28672
sig 0x00050662, pf_mask 0x10, 2018-01-22, rev 0x0015, size 31744
sig 0x00050663, pf_mask 0x10, 2018-01-22, rev 0x7000012, size 22528
sig 0x00050664, pf_mask 0x10, 2018-01-22, rev 0xf000011, size 22528
sig 0x000506e3, pf_mask 0x36, 2017-11-16, rev 0x00c2, size 99328
sig 0x000806e9, pf_mask 0xc0, 2018-01-21, rev 0x0084, size 98304
sig 0x000806ea, pf_mask 0xc0, 2018-01-21, rev 0x0084, size 97280
sig 0x000906e9, pf_mask 0x2a, 2018-01-21, rev 0x0084, size 98304
sig 0x000906ea, pf_mask 0x22, 2018-01-21, rev 0x0084, size 96256
sig 0x000906eb, pf_mask 0x02, 2018-01-21, rev 0x0084, size 98304
+ Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation for:
Sandybridge, Ivy Bridge, Haswell, Broadwell, Skylake, Kaby Lake,
Coffee Lake
+ Missing production updates:
+ Broadwell-E/EX Xeons (sig 0x406f1)
+ Anniedale/Morefield, Apollo Lake, Avoton, Cherry Trail, Braswell,
Gemini Lake, Denverton
* Update past changelog entries with new information:
Intel already had all necessary semanthics in LFENCE, so the
Spectre-related Intel microcode changes did not need to enhance LFENCE.
* debian/control: update Vcs-* fields for the move to salsa.debian.org
.
intel-microcode (3.20180108.1+really20171117.1) unstable; urgency=critical
.
* Revert to release 20171117, as per Intel instructions issued to
the public in 2018-01-22 (closes: #886998)
* This effectively removes IBRS/IBPB/STIPB microcode support for
Spectre variant 2 mitigation.
.
intel-microcode (3.20180108.1) unstable; urgency=high
.
* New upstream microcode data file 20180108 (closes: #886367)
+ Updated Microcodes:
sig 0x000306c3, pf_mask 0x32, 2017-11-20, rev 0x0023, size 23552
sig 0x000306d4, pf_mask 0xc0, 2017-11-17, rev 0x0028, size 18432
sig 0x000306e4, pf_mask 0xed, 2017-12-01, rev 0x042a, size 15360
sig 0x000306f2, pf_mask 0x6f, 2017-11-17, rev 0x003b, size 33792
sig 0x000306f4, pf_mask 0x80, 2017-11-17, rev 0x0010, size 17408
sig 0x00040651, pf_mask 0x72, 2017-11-20, rev 0x0021, size 22528
sig 0x00040661, pf_mask 0x32, 2017-11-20, rev 0x0018, size 25600
sig 0x00040671, pf_mask 0x22, 2017-11-17, rev 0x001b, size 13312
sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
sig 0x00050654, pf_mask 0xb7, 2017-12-08, rev 0x200003c, size 27648
sig 0x00050662, pf_mask 0x10, 2017-12-16, rev 0x0014, size 31744
sig 0x00050663, pf_mask 0x10, 2017-12-16, rev 0x7000011, size 22528
sig 0x000506e3, pf_mask 0x36, 2017-11-16, rev 0x00c2, size 99328
sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728
sig 0x000806e9, pf_mask 0xc0, 2018-01-04, rev 0x0080, size 98304
sig 0x000806ea, pf_mask 0xc0, 2018-01-04, rev 0x0080, size 98304
sig 0x000906e9, pf_mask 0x2a, 2018-01-04, rev 0x0080, size 98304
sig 0x000906ea, pf_mask 0x22, 2018-01-04, rev 0x0080, size 97280
sig 0x000906eb, pf_mask 0x02, 2018-01-04, rev 0x0080, size 98304
+ Implements IBRS/IBPB support: mitigation against Spectre (CVE-2017-5715)
+ Very likely fixes several other errata on some of the processors
* supplementary-ucode-CVE-2017-5715.d/: remove.
+ Downgraded microcodes:
sig 0x000406f1, pf_mask 0xef, 2017-03-01, rev 0xb000021, size 26624
sig 0x000506c9, pf_mask 0x03, 2017-03-25, rev 0x002c, size 16384
+ Recall related to bug #886998
* source: remove superseded upstream data file: 20171117
* README.Debian, copyright: update download URLs (closes: #886368)
.
intel-microcode (3.20171215.1) unstable; urgency=high
.
* Add supplementary-ucode-CVE-2017-5715.d/: (closes: #886367)
New upstream microcodes to partially address CVE-2017-5715
+ Updated Microcodes:
sig 0x000306c3, pf_mask 0x32, 2017-11-20, rev 0x0023, size 23552
sig 0x000306d4, pf_mask 0xc0, 2017-11-17, rev 0x0028, size 18432
sig 0x000306f2, pf_mask 0x6f, 2017-11-17, rev 0x003b, size 33792
sig 0x00040651, pf_mask 0x72, 2017-11-20, rev 0x0021, size 22528
sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
sig 0x000406f1, pf_mask 0xef, 2017-11-18, rev 0xb000025, size 27648
sig 0x00050654, pf_mask 0xb7, 2017-11-21, rev 0x200003a, size 27648
sig 0x000506c9, pf_mask 0x03, 2017-11-22, rev 0x002e, size 16384
sig 0x000806e9, pf_mask 0xc0, 2017-12-03, rev 0x007c, size 98304
sig 0x000906e9, pf_mask 0x2a, 2017-12-03, rev 0x007c, size 98304
* Implements IBRS and IBPB support via new MSR (Spectre variant 2
mitigation, indirect branches). Support is exposed through cpuid(7).EDX.
intel-microcode (3.20180108.1+really20171117.1) unstable; urgency=critical
.
* Revert to release 20171117, as per Intel instructions issued to
the public in 2018-01-22 (closes: #886998)
* This effectively removes IBRS/IBPB/STIPB microcode support for
Spectre variant 2 mitigation.
intel-microcode (3.20180108.1) unstable; urgency=high
.
* New upstream microcode data file 20180108 (closes: #886367)
+ Updated Microcodes:
sig 0x000306c3, pf_mask 0x32, 2017-11-20, rev 0x0023, size 23552
sig 0x000306d4, pf_mask 0xc0, 2017-11-17, rev 0x0028, size 18432
sig 0x000306e4, pf_mask 0xed, 2017-12-01, rev 0x042a, size 15360
sig 0x000306f2, pf_mask 0x6f, 2017-11-17, rev 0x003b, size 33792
sig 0x000306f4, pf_mask 0x80, 2017-11-17, rev 0x0010, size 17408
sig 0x00040651, pf_mask 0x72, 2017-11-20, rev 0x0021, size 22528
sig 0x00040661, pf_mask 0x32, 2017-11-20, rev 0x0018, size 25600
sig 0x00040671, pf_mask 0x22, 2017-11-17, rev 0x001b, size 13312
sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
sig 0x00050654, pf_mask 0xb7, 2017-12-08, rev 0x200003c, size 27648
sig 0x00050662, pf_mask 0x10, 2017-12-16, rev 0x0014, size 31744
sig 0x00050663, pf_mask 0x10, 2017-12-16, rev 0x7000011, size 22528
sig 0x000506e3, pf_mask 0x36, 2017-11-16, rev 0x00c2, size 99328
sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728
sig 0x000806e9, pf_mask 0xc0, 2018-01-04, rev 0x0080, size 98304
sig 0x000806ea, pf_mask 0xc0, 2018-01-04, rev 0x0080, size 98304
sig 0x000906e9, pf_mask 0x2a, 2018-01-04, rev 0x0080, size 98304
sig 0x000906ea, pf_mask 0x22, 2018-01-04, rev 0x0080, size 97280
sig 0x000906eb, pf_mask 0x02, 2018-01-04, rev 0x0080, size 98304
+ Implements IBRS/IBPB support and enhances LFENCE: mitigation
against Spectre (CVE-2017-5715)
+ Very likely fixes several other errata on some of the processors
* supplementary-ucode-CVE-2017-5715.d/: remove.
+ Downgraded microcodes:
sig 0x000406f1, pf_mask 0xef, 2017-03-01, rev 0xb000021, size 26624
sig 0x000506c9, pf_mask 0x03, 2017-03-25, rev 0x002c, size 16384
+ This removes IBRS/IBPB support for these two platforms when compared
with the previous (and unofficial) release, 20171215. We don't know
why Intel declined to include these microcode updates (as well as
several others) in the release.
* source: remove superseded upstream data file: 20171117
* README.Debian, copyright: update download URLs (closes: #886368)
intel-microcode (3.20171215.1) unstable; urgency=high
.
* Add supplementary-ucode-CVE-2017-5715.d/: (closes: #886367)
New upstream microcodes to partially address CVE-2017-5715
+ Updated Microcodes:
sig 0x000306c3, pf_mask 0x32, 2017-11-20, rev 0x0023, size 23552
sig 0x000306d4, pf_mask 0xc0, 2017-11-17, rev 0x0028, size 18432
sig 0x000306f2, pf_mask 0x6f, 2017-11-17, rev 0x003b, size 33792
sig 0x00040651, pf_mask 0x72, 2017-11-20, rev 0x0021, size 22528
sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
sig 0x000406f1, pf_mask 0xef, 2017-11-18, rev 0xb000025, size 27648
sig 0x00050654, pf_mask 0xb7, 2017-11-21, rev 0x200003a, size 27648
sig 0x000506c9, pf_mask 0x03, 2017-11-22, rev 0x002e, size 16384
sig 0x000806e9, pf_mask 0xc0, 2017-12-03, rev 0x007c, size 98304
sig 0x000906e9, pf_mask 0x2a, 2017-12-03, rev 0x007c, size 98304
* Implements IBRS and IBPB support via new MSR (Spectre variant 2
mitigation, indirect branches). Support is exposed through cpuid(7).EDX.
* LFENCE terminates all previous instructions (Spectre variant 2
mitigation, conditional branches).
intel-microcode (3.20171117.1) unstable; urgency=medium
.
* New upstream microcode data file 20171117
+ New Microcodes:
sig 0x000506c9, pf_mask 0x03, 2017-03-25, rev 0x002c, size 16384
sig 0x000706a1, pf_mask 0x01, 2017-10-31, rev 0x001e, size 72704
sig 0x000906ea, pf_mask 0x22, 2017-08-23, rev 0x0070, size 95232
sig 0x000906eb, pf_mask 0x02, 2017-09-20, rev 0x0072, size 97280
+ Updated Microcodes:
sig 0x00050654, pf_mask 0xb7, 2017-10-17, rev 0x2000035, size 26624
sig 0x000806ea, pf_mask 0xc0, 2017-08-03, rev 0x0070, size 96256
* source: remove superseded upstream data file: 20170707.
* source: remove unneeded intel-ucode/ directory for 20171117.
* debian/control: bump standards version to 4.1.1 (no changes)
* Makefile: rename microcode-extras.pbin to microcode-includes.pbin.
* README.source: fix IUC_EXCLUDE example and minor issues.
* Makefile, README.souce: support loading ucode from directories.
* debian/rules: switch to dh mode (debhelper v9)
* ucode-blacklist: blacklist sig 0x406f1 (Skylake-X H0) from late
loading.
intel-microcode (3.20171117.1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports (no changes)
.
intel-microcode (3.20171117.1) unstable; urgency=medium
.
* New upstream microcode data file 20171117
+ New Microcodes:
sig 0x000506c9, pf_mask 0x03, 2017-03-25, rev 0x002c, size 16384
sig 0x000706a1, pf_mask 0x01, 2017-10-31, rev 0x001e, size 72704
sig 0x000906ea, pf_mask 0x22, 2017-08-23, rev 0x0070, size 95232
sig 0x000906eb, pf_mask 0x02, 2017-09-20, rev 0x0072, size 97280
+ Updated Microcodes:
sig 0x00050654, pf_mask 0xb7, 2017-10-17, rev 0x2000035, size 26624
sig 0x000806ea, pf_mask 0xc0, 2017-08-03, rev 0x0070, size 96256
* source: remove superseded upstream data file: 20170707.
* source: remove unneeded intel-ucode/ directory for 20171117.
* debian/control: bump standards version to 4.1.1 (no changes)
* Makefile: rename microcode-extras.pbin to microcode-includes.pbin.
* README.source: fix IUC_EXCLUDE example and minor issues.
* Makefile, README.souce: support loading ucode from directories.
* debian/rules: switch to dh mode (debhelper v9)
* ucode-blacklist: blacklist sig 0x406f1 (Skylake-X H0) from late
loading.
.
intel-microcode (3.20170707.1~bpo9+1) stretch-backports; urgency=high
.
* Rebuild for stretch-backports (no changes)
.
intel-microcode (3.20170707.1) unstable; urgency=high
.
* New upstream microcode datafile 20170707
+ New Microcodes:
sig 0x00050654, pf_mask 0x97, 2017-06-01, rev 0x2000022, size 25600
sig 0x000806e9, pf_mask 0xc0, 2017-04-27, rev 0x0062, size 97280
sig 0x000806ea, pf_mask 0xc0, 2017-05-23, rev 0x0066, size 95232
sig 0x000906e9, pf_mask 0x2a, 2017-04-06, rev 0x005e, size 97280
+ This release fixes the nightmare-level errata SKZ7/SKW144/SKL150/
SKX150 (Skylake) KBL095/KBW095 (Kaby Lake) for all affected Kaby
Lake and Skylake processors: Skylake D0/R0 were fixed since the
previous upstream release (20170511). This new release adds the
fixes for Kaby Lake Y0/B0/H0 and Skylake H0 (Skylake-E/X).
+ Fix undisclosed errata in Skylake H0 (0x50654), Kaby Lake Y0
(0x806ea), Kaby Lake H0 (0x806e9), Kaby Lake B0 (0x906e9)
* source: remove unneeded intel-ucode/ directory
* source: remove superseded upstream data file: 20170511
.
intel-microcode (3.20170511.1) unstable; urgency=medium
.
* New upstream microcode datafile 20170511
+ Updated Microcodes:
sig 0x000306c3, pf_mask 0x32, 2017-01-27, rev 0x0022, size 22528
sig 0x000306d4, pf_mask 0xc0, 2017-01-27, rev 0x0025, size 17408
sig 0x000306f2, pf_mask 0x6f, 2017-01-30, rev 0x003a, size 32768
sig 0x000306f4, pf_mask 0x80, 2017-01-30, rev 0x000f, size 16384
sig 0x00040651, pf_mask 0x72, 2017-01-27, rev 0x0020, size 20480
sig 0x00040661, pf_mask 0x32, 2017-01-27, rev 0x0017, size 24576
sig 0x00040671, pf_mask 0x22, 2017-01-27, rev 0x0017, size 11264
sig 0x000406e3, pf_mask 0xc0, 2017-04-09, rev 0x00ba, size 98304
sig 0x000406f1, pf_mask 0xef, 2017-03-01, rev 0xb000021, size 26624
sig 0x000506e3, pf_mask 0x36, 2017-04-09, rev 0x00ba, size 98304
+ This release fixes undisclosed errata on the desktop, mobile and
server processor models from the Haswell, Broadwell, and Skylake
families, including even the high-end multi-socket server Xeons
+ Likely fix the TSC-Deadline LAPIC errata (BDF89, SKL142 and
similar) on several processor families
+ Fix erratum BDF90 on Xeon E7v4, E5v4(?) (closes: #862606)
+ Likely fix serious or critical Skylake errata: SKL138/144,
SKL137/145, SLK149
* Likely fix nightmare-level Skylake erratum SKL150. Fortunately,
either this erratum is very-low-hitting, or gcc/clang/icc/msvc
won't usually issue the affected opcode pattern and it ends up
being rare.
SKL150 - Short loops using both the AH/BH/CH/DH registers and
the corresponding wide register *may* result in unpredictable
system behavior. Requires both logical processors of the same
core (i.e. sibling hyperthreads) to be active to trigger, as
well as a "complex set of micro-architectural conditions"
* source: remove unneeded intel-ucode/ directory
Since release 20170511, upstream ships the microcodes both in .dat
format, and as Linux-style split /lib/firmware/intel-ucode files.
It is simpler to just use the .dat format file for now, so remove
the intel-ucode/ directory. Note: before removal, it was verified
that there were no discrepancies between the two microcode sets
(.dat and intel-ucode/)
* source: remove superseded upstream data file: 20161104
.
intel-microcode (3.20161104.1) unstable; urgency=medium
.
* New upstream microcode datafile 20161104
+ New Microcodes:
sig 0x00050663, pf_mask 0x10, 2016-10-12, rev 0x700000d, size 20480
sig 0x00050664, pf_mask 0x10, 2016-06-02, rev 0xf00000a, size 21504
+ Updated Microcodes:
sig 0x000306f2, pf_mask 0x6f, 2016-10-07, rev 0x0039, size 32768
sig 0x000406f1, pf_mask 0xef, 2016-10-07, rev 0xb00001f, size 25600
+ Removed Microcodes:
sig 0x000106e4, pf_mask 0x09, 2013-07-01, rev 0x0003, size 6144
+ This update fixes critical errata on Broadwell-DE V2/Y0 (Xeon
D-1500 family), including one that can crash VMWare ESXi 6 with
#PF (VMWare KB2146388), and could affect Linux as well. This same
issue was fixed for the E5v4 Xeons in release 20160607
+ This update fixes undisclosed (and likely critical) errata on
Broadwell-E Core i7-68xxK/69xxK/6950X, Broadwell-EP/EX B0/R0/M0
Xeon E5v4 and Xeon E7v4, and Haswell-EP Xeon E5v3
+ This release deletes the microcode update for the Jasper Forest
embedded Xeons (Xeon EC35xx/LC35xx/EC35xx/LC55xx), for undisclosed
reasons. The deleted microcode is outdated when compared with the
updates for the other Nehalem Xeons
* Makefile: always exclude microcode sig 0x206c2 just in case
Intel is quite clear in the Intel SA-00030 advisory text that recent
revisions (0x14 and later?) of the 0x206c2 microcode updates must be
installed along with updated SINIT ACM on vPro systems (i.e. through
an UEFI/BIOS firmware update). This is a defensive change so that we
don't ship such a microcode update in the future by mistake
* source: remove partially superseded upstream data file: 20160714
* source: remove superseded upstream data file: 20101123
* changelog: replace "pf mask" with "pf_mask"
* control, compat: switch debhelper compatibility level to 9
* control: bump standards-version, no changes required
.
intel-microcode (3.20160714.1) unstable; urgency=medium
.
* New upstream microcode datafile 20160714
+ Updated Microcodes:
sig 0x000306f4, pf mask 0x80, 2016-06-07, rev 0x000d, size 15360
sig 0x000406e3, pf mask 0xc0, 2016-06-22, rev 0x009e, size 97280
sig 0x000406f1, pf mask 0xef, 2016-06-06, rev 0xb00001d, size 25600
sig 0x000506e3, pf mask 0x36, 2016-06-22, rev 0x009e, size 97280
+ This release hopefully fixes a hang when updating the microcode on
some Skylake-U D-1/Skylake-Y D-1 (sig 0x406e3, pf 0x80) systems
* source: remove superseded upstream data file: 20160607
.
intel-microcode (3.20160607.2) unstable; urgency=low
.
* REMOVE microcode:
sig 0x000406e3, pf mask 0xc0, 2016-04-06, rev 0x008a, size 96256
(closes: #828819)
* The Core i7-6500U and m3-6Y30 processors (Skylake-UY D-1,
sig=0x406e3, pf=0x80) may hang while attempting an early microcode
update to revision 0x8a, apparently due to some sort of firmware
dependency. On affected systems, the only way to avoid the issue is
to get a firmware update that includes microcode revision 0x8a or
later. At this time, there are reports of both sucessful and failed
updates on the m3-6Y30, and only of failed updates on the i7-6500U.
There are no reports about Skylake-U K-1 (pf=0x40).
+ WARNING: it is unsafe to use a system based on an Intel Skylake-U/Y
processor with microcode earlier than revision 0x8a, due to several
critical errata that cause unpredictable behavior, data corruption,
and other problems. Users *must* update their firmware to get
microcode 0x8a or newer, and keep it up-to-date.
.
intel-microcode (3.20160607.1) unstable; urgency=medium
.
* New upstream microcode data file 20160607
+ New Microcodes:
sig 0x000406e3, pf mask 0xc0, 2016-04-06, rev 0x008a, size 96256
sig 0x000406f1, pf mask 0xef, 2016-05-20, rev 0xb00001c, size 25600
sig 0x00050662, pf mask 0x10, 2015-12-12, rev 0x000f, size 28672
sig 0x000506e3, pf mask 0x36, 2016-04-06, rev 0x008a, size 96256
+ Updated Microcodes:
sig 0x000306c3, pf mask 0x32, 2016-03-16, rev 0x0020, size 22528
sig 0x000306d4, pf mask 0xc0, 2016-04-29, rev 0x0024, size 17408
sig 0x000306f2, pf mask 0x6f, 2016-03-28, rev 0x0038, size 32768
sig 0x000306f4, pf mask 0x80, 2016-02-11, rev 0x000a, size 15360
sig 0x00040651, pf mask 0x72, 2016-04-01, rev 0x001f, size 20480
sig 0x00040661, pf mask 0x32, 2016-04-01, rev 0x0016, size 24576
sig 0x00040671, pf mask 0x22, 2016-04-29, rev 0x0016, size 11264
* source: remove superseded upstream data file: 20151106.
* control: change upstream URL to a search for "linux microcode"
Unfortunately, many of the per-processor-model feeds have not been
updated for microcode release 20160607. Switch to the general search
page as the upstream URL.
* README.Debian: fix duplicated word 'to'
intel-microcode (3.20171117.1~bpo8+1) jessie-backports-sloppy; urgency=medium
.
* Rebuild for jessie-backports-sloppy (no changes)
.
intel-microcode (3.20171117.1) unstable; urgency=medium
.
* New upstream microcode data file 20171117
+ New Microcodes:
sig 0x000506c9, pf_mask 0x03, 2017-03-25, rev 0x002c, size 16384
sig 0x000706a1, pf_mask 0x01, 2017-10-31, rev 0x001e, size 72704
sig 0x000906ea, pf_mask 0x22, 2017-08-23, rev 0x0070, size 95232
sig 0x000906eb, pf_mask 0x02, 2017-09-20, rev 0x0072, size 97280
+ Updated Microcodes:
sig 0x00050654, pf_mask 0xb7, 2017-10-17, rev 0x2000035, size 26624
sig 0x000806ea, pf_mask 0xc0, 2017-08-03, rev 0x0070, size 96256
* source: remove superseded upstream data file: 20170707.
* source: remove unneeded intel-ucode/ directory for 20171117.
* debian/control: bump standards version to 4.1.1 (no changes)
* Makefile: rename microcode-extras.pbin to microcode-includes.pbin.
* README.source: fix IUC_EXCLUDE example and minor issues.
* Makefile, README.souce: support loading ucode from directories.
* debian/rules: switch to dh mode (debhelper v9)
* ucode-blacklist: blacklist sig 0x406f1 (Skylake-X H0) from late
loading.
intel-microcode (3.20170707.1) unstable; urgency=high
.
* New upstream microcode datafile 20170707
+ New Microcodes:
sig 0x00050654, pf_mask 0x97, 2017-06-01, rev 0x2000022, size 25600
sig 0x000806e9, pf_mask 0xc0, 2017-04-27, rev 0x0062, size 97280
sig 0x000806ea, pf_mask 0xc0, 2017-05-23, rev 0x0066, size 95232
sig 0x000906e9, pf_mask 0x2a, 2017-04-06, rev 0x005e, size 97280
+ This release fixes the nightmare-level errata SKZ7/SKW144/SKL150/
SKX150 (Skylake) KBL095/KBW095 (Kaby Lake) for all affected Kaby
Lake and Skylake processors: Skylake D0/R0 were fixed since the
previous upstream release (20170511). This new release adds the
fixes for Kaby Lake Y0/B0/H0 and Skylake H0 (Skylake-E/X).
+ Fix undisclosed errata in Skylake H0 (0x50654), Kaby Lake Y0
(0x806ea), Kaby Lake H0 (0x806e9), Kaby Lake B0 (0x906e9)
* source: remove unneeded intel-ucode/ directory
* source: remove superseded upstream data file: 20170511
irssi (1.0.7-1~deb9u1) stretch-security; urgency=high
.
* Security update using upstream version 1.0.7. See changelog entries of
1.0.7-1 and 1.0.5-1 for the CVE lists.
* Remove pulled patches that were put on top of 1.0.2.
* Lower debhelper compat to 10.
.
irssi (1.0.7-1) unstable; urgency=high
.
* New upstream bugfix release (closes: #886475):
From 1.0.6:
- Fix invalid memory access when reading hilight configuration
(#787, #788).
- Fix null pointer dereference when the channel topic is set
without specifying a sender [CVE-2018-5206]
- Fix return of random memory when using incomplete escape
codes [CVE-2018-5205]
- Fix heap buffer overflow when completing certain strings
[CVE-2018-5208]
- Fix return of random memory when using an incomplete
variable argument [CVE-2018-5207]
.
From 1.0.7:
- Prevent use after free error during the execution of some
commands. Found by Joseph Bisch [CVE-2018-7054] (closes: #890674)
- Revert netsplit print optimisation due to crashes
- Fix use after free when SASL messages are received in
unexpected order [CVE-2018-7053] (closes: #890675)
- Fix null pointer dereference in the tab completion when an
empty nick is joined [CVE-2018-7050] (closes: #890678)
- Fix use after free when entering oper password
- Fix null pointer dereference when too many windows are
opened [CVE-2018-7052] (closes: #890676)
- Fix out of bounds access in theme strings when the last
escape is incomplete. Credit to Oss-Fuzz [CVE-2018-7051]
(closes: #890677)
- Fix out of bounds write when using negative counts on window
resize
- Minor help correction. By William Jackson
.
* Fix watch URL.
* Bump to debhelper compat 11, remove autotools-dev Build-Depends.
* Bump Standards-Version to 4.1.3.
* Add lintian overrides for the spelling of "hilight" in the changelog
mentioning the lintian overrides for the spelling of "hilight" in irssi
itself.
.
irssi (1.0.5-1) unstable; urgency=high
.
* New upstream bugfix release (closes: #879521):
- Fix missing -sasl_method '' in /NETWORK.
- Fix incorrect restoration of term state when hitting SUSP
inside screen.
- Fix out of bounds read when compressing colour
sequences. Found by Hanno Böck. [CVE-2017-15228]
- Fix use after free condition during a race condition when
waiting on channel sync during a rejoin [CVE-2017-15227]
- Fix null pointer dereference when parsing certain malformed
CTCP DCC messages. [CVE-2017-15721]
- Fix crash due to null pointer dereference when failing to
split messages due to overlong nick or target. [CVE-2017-15723]
- Fix out of bounds read when trying to skip a safe channel ID
without verifying that the ID is long enough. [CVE-2017-15722]
- Fix return of random memory when inet_ntop failed.
- Minor statusbar help update.
* Remove deprecated --with autotools_dev call to dh.
* Bump Standards-Version to 4.1.1.
* Change priority of irssi-dev from deprecated extra to optional.
* Use pkg-info.mk in debian/rules instead of calling dpkg-parsechangelog
directly.
irssi (1.0.7-1~deb9u1~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
.
irssi (1.0.7-1~deb9u1) stretch-security; urgency=high
.
* Security update using upstream version 1.0.7. See changelog entries of
1.0.7-1 and 1.0.5-1 for the CVE lists.
* Remove pulled patches that were put on top of 1.0.2.
* Lower debhelper compat to 10.
.
irssi (1.0.7-1) unstable; urgency=high
.
* New upstream bugfix release (closes: #886475):
From 1.0.6:
- Fix invalid memory access when reading hilight configuration
(#787, #788).
- Fix null pointer dereference when the channel topic is set
without specifying a sender [CVE-2018-5206]
- Fix return of random memory when using incomplete escape
codes [CVE-2018-5205]
- Fix heap buffer overflow when completing certain strings
[CVE-2018-5208]
- Fix return of random memory when using an incomplete
variable argument [CVE-2018-5207]
.
From 1.0.7:
- Prevent use after free error during the execution of some
commands. Found by Joseph Bisch [CVE-2018-7054] (closes: #890674)
- Revert netsplit print optimisation due to crashes
- Fix use after free when SASL messages are received in
unexpected order [CVE-2018-7053] (closes: #890675)
- Fix null pointer dereference in the tab completion when an
empty nick is joined [CVE-2018-7050] (closes: #890678)
- Fix use after free when entering oper password
- Fix null pointer dereference when too many windows are
opened [CVE-2018-7052] (closes: #890676)
- Fix out of bounds access in theme strings when the last
escape is incomplete. Credit to Oss-Fuzz [CVE-2018-7051]
(closes: #890677)
- Fix out of bounds write when using negative counts on window
resize
- Minor help correction. By William Jackson
.
* Fix watch URL.
* Bump to debhelper compat 11, remove autotools-dev Build-Depends.
* Bump Standards-Version to 4.1.3.
* Add lintian overrides for the spelling of "hilight" in the changelog
mentioning the lintian overrides for the spelling of "hilight" in irssi
itself.
.
irssi (1.0.5-1) unstable; urgency=high
.
* New upstream bugfix release (closes: #879521):
- Fix missing -sasl_method '' in /NETWORK.
- Fix incorrect restoration of term state when hitting SUSP
inside screen.
- Fix out of bounds read when compressing colour
sequences. Found by Hanno Böck. [CVE-2017-15228]
- Fix use after free condition during a race condition when
waiting on channel sync during a rejoin [CVE-2017-15227]
- Fix null pointer dereference when parsing certain malformed
CTCP DCC messages. [CVE-2017-15721]
- Fix crash due to null pointer dereference when failing to
split messages due to overlong nick or target. [CVE-2017-15723]
- Fix out of bounds read when trying to skip a safe channel ID
without verifying that the ID is long enough. [CVE-2017-15722]
- Fix return of random memory when inet_ntop failed.
- Minor statusbar help update.
* Remove deprecated --with autotools_dev call to dh.
* Bump Standards-Version to 4.1.1.
* Change priority of irssi-dev from deprecated extra to optional.
* Use pkg-info.mk in debian/rules instead of calling dpkg-parsechangelog
directly.
.
irssi (1.0.4-1) unstable; urgency=high
.
* New upstream bugfix release (closes: #867598):
- Fix null pointer dereference when parsing invalid timestamp.
Reported by Brian 'geeknik' Carpenter. [CVE-2017-10965]
- Fix use-after-free condition when removing nicks from the internal
nicklist. Reported by Brian 'geeknik' Carpenter. [CVE-2017-10966]
- Fix incorrect string comparison in DCC file names.
- Fix regression in Irssi 1.0.3 where it would claim "Invalid time '-1'".
- Fix a bug when using \n to separate lines with expand_escapes.
- Retain screen output on improper exit, to better see any error
messages.
- Minor help update.
.
irssi (1.0.3-1) unstable; urgency=high
.
* New upstream pure bugfix release.
.
irssi (1.0.2-1+deb9u2) stretch; urgency=high
.
* Security related update pulling upstream 5e26325317 (closes: 867598):
- Fix null pointer dereference (CVE-2017-10965)
- Fix use-after-free condition for nicklist (CVE-2017-10966)
.
irssi (1.0.2-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix dcc_request where addr is NULL (CVE-2017-9468) (Closes: #864400)
* Fix oob read of one byte in get_file_params_count{,_resume}
(CVE-2017-9469) (Closes: #864400)
irssi (1.0.5-1) unstable; urgency=high
.
* New upstream bugfix release (closes: #879521):
- Fix missing -sasl_method '' in /NETWORK.
- Fix incorrect restoration of term state when hitting SUSP
inside screen.
- Fix out of bounds read when compressing colour
sequences. Found by Hanno Böck. [CVE-2017-15228]
- Fix use after free condition during a race condition when
waiting on channel sync during a rejoin [CVE-2017-15227]
- Fix null pointer dereference when parsing certain malformed
CTCP DCC messages. [CVE-2017-15721]
- Fix crash due to null pointer dereference when failing to
split messages due to overlong nick or target. [CVE-2017-15723]
- Fix out of bounds read when trying to skip a safe channel ID
without verifying that the ID is long enough. [CVE-2017-15722]
- Fix return of random memory when inet_ntop failed.
- Minor statusbar help update.
* Remove deprecated --with autotools_dev call to dh.
* Bump Standards-Version to 4.1.1.
* Change priority of irssi-dev from deprecated extra to optional.
* Use pkg-info.mk in debian/rules instead of calling dpkg-parsechangelog
directly.
irssi (1.0.4-1) unstable; urgency=high
.
* New upstream bugfix release (closes: #867598):
- Fix null pointer dereference when parsing invalid timestamp.
Reported by Brian 'geeknik' Carpenter. [CVE-2017-10965]
- Fix use-after-free condition when removing nicks from the internal
nicklist. Reported by Brian 'geeknik' Carpenter. [CVE-2017-10966]
- Fix incorrect string comparison in DCC file names.
- Fix regression in Irssi 1.0.3 where it would claim "Invalid time '-1'".
- Fix a bug when using \n to separate lines with expand_escapes.
- Retain screen output on improper exit, to better see any error
messages.
- Minor help update.
irssi (1.0.3-1) unstable; urgency=high
.
* New upstream pure bugfix release.
isc-dhcp (4.3.5-3+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Plugs a socket descriptor leak in OMAPI (CVE-2017-3144) (Closes: #887413)
* Corrected refcnt loss in option parsing (CVE-2018-5733) (Closes: #891785)
* Correct buffer overrun in pretty_print_option (CVE-2018-5732)
(Closes: #891786)
jackson-databind (2.8.6-1+deb9u4) stretch-security; urgency=high
.
* Team upload.
* Fix CVE-2018-7489: allows unauthenticated remote code execution because of
an incomplete fix for the CVE-2017-7525 deserialization flaw. This is
exploitable by sending maliciously crafted JSON input to the readValue
method of the ObjectMapper, bypassing a blacklist that is ineffective if
the c3p0 libraries are available in the classpath. (Closes: #891614)
jdresolve (0.6.1-5.1~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
jdresolve (0.6.1-5.1) unstable; urgency=high
.
* Non-maintainer upload.
* Fix breakage with libnet-dns-perl in jessie and later,
thanks to Klaus Rein for reporting the bug and
Matt Johnston for forwarding the fix. (Closes: #801331)
jruby (1.7.26-1+deb9u1) stretch-security; urgency=high
.
* Team upload.
* Fix CVE-2018-1000073: Directory Traversal vulnerability in install_location
function of package.rb that can result in path traversal when writing to a
symlinked basedir outside of the root.
* Fix CVE-2018-1000074: possible Unsafe Object Deserialization Vulnerability
in gem owner.
* Fix CVE-2018-1000075: Strictly interpret octal fields in tar headers to
avoid infinite loop
* Fix CVE-2018-1000076: Raise a security error when there are duplicate
files in a package
* Fix CVE-2018-1000077: Enforce URL validation on spec homepage attribute.
* Fix CVE-2018-1000078: Mitigate XSS vulnerability in homepage attribute
when displayed via gem server.
* Fix CVE-2018-1000079: Directory Traversal vulnerability in gem installation
that can result in writing to arbitrary filesystem locations during
installation of malicious gems.
(Closes: #895778)
kamailio (4.4.4-2+deb9u1) stretch-security; urgency=high
.
* fixes from upstream related to security issues (tmx and lcr) CVE-2018-8828
https://www.kamailio.org/w/2018/03/kamailio-security-announcement-tmx-lcr/
kwallet-pam (5.8.4-1+deb9u2) stretch-security; urgency=high
.
* Add patch Avoid-giving-an-stderr-to-kwallet.patch.
The fixes for CVE-2018-10380 introduced a regression, the reorder of the
close calls and creating a new socket caused that the socket is always
assigned the file descriptor 2, aka stderr, causing kwalletd to break
the socket when printing something. This patch reorders the calls to avoid
having the socket in stderr.
kwallet-pam (5.8.4-1+deb9u1) stretch-security; urgency=high
.
* CVE-2018-10380 fix
Add upstream patches Move-salt-creation-to-an-unprivileged-process.patch
and Move-socket-creation-to-unprivileged-codepath.patch.
lava-server (2016.12-3) stretch-security; urgency=high
.
* Security upstream hot fix
* CVE-2018-12564 - Remove the ability to paste URLs in the submit page
* CVE-2018-12565 - Use yaml.safe_load when parsing user data
ldap-account-manager (5.5-1+deb9u1) stable-security; urgency=high
.
* XSS vulnerabilities CVE-2018-8763 and CSRF token in URL CVE-2018-8764
libdate-holidays-de-perl (1.9-1+deb9u2) stretch; urgency=medium
.
* Mark Reformation Day as a holiday in Niedersachsen and Bremen
from 2018 on
libdatetime-timezone-perl (1:2.09-1+2018e) stretch; urgency=medium
.
* Update to Olson database version 2018e.
This update contains contemporary changes for North Korea.
libdatetime-timezone-perl (1:2.09-1+2018d) stretch; urgency=medium
.
* Update to Olson database version 2018d.
This update contains contemporary changes for Palestine and Casey Station.
libevt (20170120-1+deb9u1) stretch-security; urgency=high
.
* Add patch to fix CVE-2018-8754 (Closes: #893431)
libextractor (1:1.3-4+deb9u1) stretch; urgency=medium
.
* Fix CVE-2017-15266, CVE-2017-15267, CVE-2017-15600, CVE-2017-15601,
CVE-2017-15602, CVE-2017-15922 and CVE-2017-17440. Leon Zhao discovered
several security vulnerabilities, NULL Pointer Dereferences, heap-based
buffer overflows, integer signedness errors and out-of-bounds read that
may lead to a denial-of-service (application crash) or have other
unspecified impact.
libgcrypt20 (1.7.6-2+deb9u3) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* ecc: Add blinding for ECDSA (CVE-2018-0495)
libipc-run-perl (0.94-1+deb9u1) stretch; urgency=medium
.
* Backport upstream patch to fix memory leak
liblouis (3.0.0-3+deb9u4) stretch; urgency=medium
.
* patches/cve-2018-11440: Fix another buffer overflow for CVE 2018-11440
(Closes: #900085).
* patches/cve-2018-11577: Fix another segfault for CVE 2018-11577
(Closes: #900607).
* patches/cve-2018-11683: Fix a buffer overflow for CVE 2018-11683.
* patches/cve-2018-11684: Fix a buffer overflow for CVE 2018-11684.
* patches/cve-2018-11685: Fix a buffer overflow for CVE 2018-11685.
* patches/cve-2018-12085: Fix another buffer overflow for CVE 2018-12085
(Closes: Bug#901202).
liblouis (3.0.0-3+deb9u2) stretch; urgency=medium
.
* patches/cve-2018-11410: Buffer overflow fix for CVE 2018-11410
(Closes: #899999).
libmad (0.15.1b-8+deb9u1) stretch-security; urgency=high
.
* Properly check the size of the main data. The previous patch
only checked that it could fit in the buffer, but didn't ensure there
was actually enough room free in the buffer. This was assigned both
CVE-2017-8372 and CVE-2017-8373, but they are really the same, just a
different way to detect it. (Closes: #287519)
* Rewrite patch to check the size of buffer. It now checks it before reading
it instead of afterwards checking that we did read too much. This now also
covers parsing the frame and layer3, not just layer 1 and 2. This was
original reported in #508133. CVE-2017-8374 mentions a case in layer 3.
libmad (0.15.1b-8+deb8u1) jessie-security; urgency=high
.
* Properly check the size of the main data. The previous patch
only checked that it could fit in the buffer, but didn't ensure there
was actually enough room free in the buffer. This was assigned both
CVE-2017-8372 and CVE-2017-8373, but they are really the same, just a
different way to detect it. (Closes: #287519)
* Rewrite patch to check the size of buffer. It now checks it before reading
it instead of afterwards checking that we did read too much. This now also
covers parsing the frame and layer3, not just layer 1 and 2. This was
original reported in #508133. CVE-2017-8374 mentions a case in layer 3.
libosmium (2.11.4-1) stretch; urgency=medium
.
* New upstream bugfix release.
- Output coordinate with value of -2^31 correctly.
- Buffers larger than 2^32 bytes do now work.
* Update branch in gbp.conf & Vcs-Git URL.
librelp (1.2.12-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Stack-based buffer overflow in relpTcpChkPeerName function
(CVE-2018-1000140)
libreoffice (1:5.2.7-1+deb9u4) stretch-security; urgency=high
.
* debian/patches/CVE-2018-10119.diff,
debian/patches/CVE-2018-10120.diff: as name says...
libreoffice (1:5.2.7-1+deb9u4~bpo8+1) jessie-backports; urgency=high
.
* Rebuild for jessie-backports.
.
* tarballs/*, debian/source/include-binaries: add tarballs for used
internal versions
.
libreoffice (1:5.2.7-1+deb9u4) stretch-security; urgency=high
.
* debian/patches/CVE-2018-10119.diff,
debian/patches/CVE-2018-10120.diff: as name says...
.
libreoffice (1:5.2.7-1+deb9u3) stretch; urgency=medium
.
* debian/patches/WEBSERVICE-DDE.diff:
- improve to not throw more errors than neccessary (use the right error
code) on WEBSERVICE() failures, thanks Jan-Marek Glogowski; do another
s/FormulaError::NoValue/formula::errNoValue/ for clarity
- backport 4a412bdf0387cc2cb59d656d0738a63a286ec497 from 5.4 branch
to let FunctionAccess execute WEBSERVICE
.
* debian/rules:
- do not run the tests except on i386 (notfatal) and amd64
- move dk.mk from -dev-common to -dev as it's not arch-indep, thanks
Rico Tzschichholz
libsdl2-image (2.0.1+dfsg-2+deb9u1) stretch-security; urgency=high
.
* Backport various security fixes:
- CVE-2017-2887
- CVE-2017-12122
- CVE-2017-14440
- CVE-2017-14441
- CVE-2017-14442
- CVE-2017-14448
- CVE-2017-14449
- CVE-2017-14450
- CVE-2018-3837
- CVE-2018-3838
- CVE-2018-3839
libsoup2.4 (2.56.0-2+deb9u2) stretch-security; urgency=high
.
* Fix out of bounds access in the cookie jar (CVE-2018-12910)
- debian/patches/0001-cookie-jar-bail-if-hostname-is-an-empty-string.patch,
debian/patches/0002-Add-soup_cookie_jar_get_cookies-with-empty-hostname-.patch:
Cherry-pick two patches from upstream: the actual fix and a test for it.
libvirt (3.0.0-4+deb9u3) stretch-security; urgency=high
.
* gbp: switch branch to stretch
* CVE-2018-1064: qemu: avoid denial of service reading from QEMU guest agent
* CVE-2018-6764: virlog: determine the hostname on startup
(Closes: #889839)
libvncserver (0.9.11+dfsg-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload.
* Fix CVE-2018-7225: Uninitialized and potentially sensitive data could be
accessed by remote attackers because the msg.cct.length in rfbserver.c was
not sanitized. (Closes: #894045)
libvorbis (1.3.5-4+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Prevent out-of-bounds write in codebook decoding (CVE-2018-5146)
libvorbis (1.3.5-4+deb9u1) stretch-security; urgency=medium
.
* CVE-2017-14632 CVE-2017-14633
libvorbisidec (1.0.2+svn18153-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Prevent out-of-bounds write in codebook decoding (CVE-2018-5147)
(Closes: #893132)
linux (4.9.110-1) stretch; urgency=medium
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.108
- tpm: do not suspend/resume if power stays on
- tpm: self test failure should not cause suspend to fail
- mmap: introduce sane default mmap limits
- mmap: relax file size limit for regular files
- btrfs: define SUPER_FLAG_METADUMP_V2
- drm: set FMODE_UNSIGNED_OFFSET for drm files
- bnx2x: use the right constant
- dccp: don't free ccid2_hc_tx_sock struct in dccp_disconnect()
- enic: set DMA mask to 47 bit
- ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds
- ipv4: remove warning in ip_recv_error
- isdn: eicon: fix a missing-check bug
- net/packet: refine check for priv area size
- net: usb: cdc_mbim: add flag FLAG_SEND_ZLP
- packet: fix reserve calculation
- qed: Fix mask for physical address in ILT entry
- sctp: not allow transport timeout value less than HZ/5 for hb_timer
- team: use netdev_features_t instead of u32
- vhost: synchronize IOTLB message with dev cleanup
- vrf: check the original netdevice for generating redirect
- net/mlx4: Fix irq-unsafe spinlock usage
- rtnetlink: validate attributes in do_setlink()
- net: phy: broadcom: Fix bcm_write_exp()
- net: metrics: add proper netlink validation
- dm bufio: avoid false-positive Wmaybe-uninitialized warning
- objtool: complete e390f9a port for v4.9.106
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.109
- [x86] fpu: Hard-disable lazy FPU mode
- bonding: correctly update link status during mii-commit phase
- bonding: fix active-backup transition
- bonding: require speed/duplex only for 802.3ad, alb and tlb
- nvme-pci: initialize queue memory before interrupts
- af_key: Always verify length of provided sadb_key
- [x86] crypto, x86/fpu: Remove X86_FEATURE_EAGER_FPU #ifdef from the
crc32c code
- nvmet: Move serial number from controller to subsystem
- nvmet: don't report 0-bytes in serial number
- nvmet: don't overwrite identify sn/fr with 0-bytes
- gpio: No NULL owner
- [x86] KVM: introduce linear_{read,write}_system
- [x86] KVM: pass kvm_vcpu to kvm_read_guest_virt and
kvm_write_guest_virt_system
- usbip: vhci_sysfs: fix potential Spectre v1 (CVE-2017-5753)
- [armhf] serial: samsung: fix maxburst parameter for DMA transactions
- [armhf] serial: 8250: omap: Fix idling of clocks for unused uarts
- [x86] vmw_balloon: fixing double free when batching mode is off
- [armhf,arm64] tty: pl011: Avoid spuriously stuck-off interrupts
- [x86] kvm: use correct privilege level for sgdt/sidt/fxsave/fxrstor
access (CVE-2018-10853)
- [powerpc*] crypto: vmx - Remove overly verbose printk from AES init
routines
- [armhf] crypto: omap-sham - fix memleak
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.110
- xfrm6: avoid potential infinite loop in _decode_session6()
- netfilter: ebtables: handle string from userspace with care
- ipvs: fix buffer overflow with sync daemon and service
- iwlwifi: pcie: compare with number of IRQs requested for, not number of
CPUs
- atm: zatm: fix memcmp casting
- [x86] platform: asus-wmi: Fix NULL pointer dereference
- Revert "Btrfs: fix scrub to repair raid6 corruption"
- tcp: do not overshoot window_clamp in tcp_rcv_space_adjust()
- Btrfs: make raid6 rebuild retry more
- [armhf] usb: musb: fix remote wakeup racing with suspend
- bonding: re-evaluate force_primary when the primary slave name changes
- ipv6: allow PMTU exceptions to local routes
- net/sched: act_simple: fix parsing of TCA_DEF_DATA
- tcp: verify the checksum of the first data segment in a new connection
- ext4: fix hole length detection in ext4_ind_map_blocks()
- ext4: update mtime in ext4_punch_hole even if no blocks are released
- ext4: fix fencepost error in check for inode count overflow during resize
- driver core: Don't ignore class_dir_create_and_add() failure.
- Btrfs: fix clone vs chattr NODATASUM race
- Btrfs: fix memory and mount leak in btrfs_ioctl_rm_dev_v2()
- btrfs: scrub: Don't use inode pages for device replace
- ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream()
- smb3: on reconnect set PreviousSessionId field
- cpufreq: Fix new policy initialization during limits updates via sysfs
- libata: zpodd: make arrays cdb static, reduces object code size
- libata: zpodd: small read overflow in eject_tray()
- libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk
- [x86] HID: intel_ish-hid: ipc: register more pm callbacks to support
hibernation
- vhost: fix info leak due to uninitialized memory (CVE-2018-1118)
- fs/binfmt_misc.c: do not allow offset overflow
.
[ Ben Hutchings ]
* netfilter: xt_hashlimit: Fix integer divide round to zero.
(Closes: #872907)
* [arm64,powerpc*,x86] drm/ast: Add support for new chips and boards
(Closes: #860900):
- drm/ast: const'ify mode setting tables
- drm/ast: Remove spurrious include
- drm/ast: Fix calculation of MCLK
- drm/ast: Base support for AST2500
- drm/ast: Fixed vram size incorrect issue on POWER
- drm/ast: Factor mmc_test code in POST code
- drm/ast: Rename ast_init_dram_2300 to ast_post_chip_2300
- drm/ast: POST code for the new AST2500
* ext4: add corruption check in ext4_xattr_set_entry() (CVE-2018-10879)
* ext4: always verify the magic number in xattr blocks (CVE-2018-10879)
* ext4: always check block group bounds in ext4_init_block_bitmap()
(CVE-2018-10878)
* ext4: make sure bitmaps and the inode table don't overlap with bg
descriptors (CVE-2018-10878)
* ext4: only look at the bg_flags field if it is valid (CVE-2018-10876)
* ext4: verify the depth of extent tree in ext4_find_extent()
(CVE-2018-10877)
* ext4: clear i_data in ext4_inode_info when removing inline data
(CVE-2018-10881)
* ext4: never move the system.data xattr out of the inode body
(CVE-2018-10880)
* jbd2: don't mark block as modified if the handle is out of credits
(CVE-2018-10883)
* ext4: avoid running out of journal credits when appending to an inline file
(CVE-2018-10883)
* ext4: add more inode number paranoia checks (CVE-2018-10882)
* sr: pass down correctly sized SCSI sense buffer (CVE-2018-11506)
* nvme: Ignore ABI changes
* tpm: Ignore ABI changes
.
[ Romain Perier ]
* jfs: Fix inconsistency between memory allocation and ea_buf->max_size
(CVE-2018-12233)
linux (4.9.107-1) stretch; urgency=medium
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.89
- drm: qxl: Don't alloc fbdev if emulation is not supported
- selinux: check for address length in selinux_socket_bind()
- [x86] x86/mm: Make mmap(MAP_32BIT) work correctly
- perf sort: Fix segfault with basic block 'cycles' sort dimension
- [x86] x86/mce: Handle broadcasted MCE gracefully with kexec
- ath10k: fix fetching channel during potential radar detection
- usb: misc: lvs: fix race condition in disconnect handling
- zd1211rw: fix NULL-deref at probe
- batman-adv: handle race condition for claims between gateways
- [x86] x86/boot/32: Defer resyncing initial_page_table until per-cpu is
set up
- media: i2c/soc_camera: fix ov6650 sensor getting wrong clock
- timers, sched_clock: Update timeout for clock wrap
- sched: act_csum: don't mangle TCP and UDP GSO packets
- PCI: hv: Properly handle PCI bus remove
- PCI: hv: Lock PCI bus on device eject
- i40e/i40evf: Fix use after free in Rx cleanup path
- scsi: be2iscsi: Check tag in beiscsi_mccq_compl_wait
- mm: Fix false-positive VM_BUG_ON() in page_cache_{get,add}_speculative()
- f2fs: relax node version check for victim data in gc
- drm/ttm: never add BO that failed to validate to the LRU list
- powerpc/mm/hugetlb: Filter out hugepage size not supported by page table
layout
- NFC: nfcmrvl: double free on error path
- [powerpc*] powerpc: Avoid taking a data miss on every userspace
instruction miss
- printk: Correctly handle preemption in console_unlock()
- drm: rcar-du: Handle event when disabling CRTCs
- apparmor: Make path_max parameter readonly
- iommu/iova: Fix underflow bug in __alloc_and_insert_iova_range
- kvm: nVMX: Disallow userspace-injected exceptions in guest mode
- [mips*] MIPS: BPF: Quit clobbering callee saved registers in JIT code.
- [mips*] MIPS: BPF: Fix multiple problems in JIT skb access helpers.
- [mips*] MIPS: r2-on-r6-emu: Fix BLEZL and BGTZL identification
- [mips*] MIPS: r2-on-r6-emu: Clear BLTZALL and BGEZALL debugfs counters
- v4l: vsp1: Prevent multiple streamon race commencing pipeline early
- regulator: isl9305: fix array size
- md/raid6: Fix anomily when recovering a single device in RAID6.
- [powerpc*] powerpc/nohash: Fix use of mmu_has_feature() in
setup_initial_memory_limit()
- usb: dwc2: Make sure we disconnect the gadget state
- [arm*] drivers/perf: arm_pmu: handle no platform_device
- [x86] kprobes/x86: Set kprobes pages read-only
- Bluetooth: Avoid bt_accept_unlink() double unlinking
- Bluetooth: 6lowpan: fix delay work init in add_peer_chan()
- wil6210: fix memory access violation in wil_memcpy_from/toio_32
- sched: Stop switched_to_rt() from sending IPIs to offline CPUs
- sched: Stop resched_cpu() from sending IPIs to offline CPUs
- mwifiex: cfg80211: do not change virtual interface during scan
processing
- media: cpia2: Fix a couple off by one bugs
- drm/amdkfd: Fix memory leaks in kfd topology
- [i386] x86/boot/32: Fix UP boot on Quark and possibly other platforms
- [i386] x86/vm86/32: Fix POPF emulation
- [i386] x86/speculation, objtool: Annotate indirect calls/jumps for
objtool on 32-bit kernels
- [x86] x86/speculation: Remove Skylake C2 from Speculation Control
microcode blacklist
- [x86] x86/mm: Fix vmalloc_fault to use pXd_large
- ALSA: pcm: Fix UAF in snd_pcm_oss_get_formats()
- ALSA: seq: Fix possible UAF in snd_seq_check_queue()
- fs: Teach path_connected to handle nfs filesystems with multiple roots.
- lock_parent() needs to recheck if dentry got __dentry_kill'ed under it
- btrfs: alloc_chunk: fix DUP stripe size handling
- btrfs: Fix use-after-free when cleaning up fs_devs with a single stale
device
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.90
- tpm: fix potential buffer overruns caused by bit glitches on the bus
- SMB3: Validate negotiate request must always be signed
- CIFS: Enable encryption during session setup phase (CVE-2018-1066)
- ath: Fix updating radar flags for coutry code India
- mwifiex: don't leak 'chan_stats' on reset
- [x86] x86/reboot: Turn off KVM when halting a CPU
- IB/ipoib: Fix deadlock between ipoib_stop and mcast join flow
- HSI: ssi_protocol: double free in ssip_pn_xmit()
- IB/mlx4: Take write semaphore when changing the vma struct
- IB/mlx4: Change vma from shared to private
- IB/mlx5: Take write semaphore when changing the vma struct
- IB/mlx5: Change vma from shared to private
- ibmvnic: Disable irq prior to close
- netfilter: xt_CT: fix refcnt leak on error path
- tipc: check return value of nlmsg_new
- wan: pc300too: abort path on failure
- qlcnic: fix unchecked return value
- infiniband/uverbs: Fix integer overflows
- pNFS: Fix use after free issues in pnfs_do_read()
- xprtrdma: Cancel refresh worker during buffer shutdown
- NFS: don't try to cross a mountpount when there isn't one there.
- mt7601u: check return value of alloc_skb
- libertas: check return value of alloc_workqueue
- rndis_wlan: add return value validation
- Btrfs: fix incorrect space accounting after failure to insert inline
extent
- Btrfs: send, fix file hole not being preserved due to inline extent
- Btrfs: fix extent map leak during fallocate error path
- mac80211: don't parse encrypted management frames in
ieee80211_frame_acked
- mtip32xx: use runtime tag to initialize command header
- [x86] x86/KASLR: Fix kexec kernel boot crash when KASLR randomization
fails
- mac80211: Fix possible sband related NULL pointer de-reference
- netfilter: x_tables: unlock on error in xt_find_table_lock()
- IB/hfi1: Fix softlockup issue
- ipmi/watchdog: fix wdog hang on panic waiting for ipmi response
- drm/amdgpu: fix gpu reset crash
- qed: Unlock on error in qed_vf_pf_acquire()
- bnx2x: Align RX buffers
- [ppc*] power: supply: isp1704: Fix unchecked return value of
devm_kzalloc
- [ppc*] power: supply: pda_power: move from timer to delayed_work
- md/raid10: skip spare disk as 'first' disk
- ACPI / power: Delay turning off unused power resources after suspend
- tcm_fileio: Prevent information leak for short reads
- video: fbdev: udlfb: Fix buffer on stack
- sm501fb: don't return zero on failure path in sm501fb_start()
- pNFS: Fix a deadlock when coalescing writes and returning the layout
- net: hns: fix ethtool_get_strings overflow in hns driver
- cifs: small underflow in cnvrtDosUnixTm()
- ath10k: fix out of bounds access to local buffer
- block/mq: Cure cpu hotplug lock inversion
- Bluetooth: btqcomsmd: Fix skb double free corruption
- media: c8sectpfe: fix potential NULL pointer dereference in
c8sectpfe_timer_interrupt
- drm/msm: fix leak in failed get_pages
- RDMA/iwpm: Fix uninitialized error code in iwpm_send_mapinfo()
- rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled.
- media: bt8xx: Fix err 'bt878_probe()'
- dmaengine: zynqmp_dma: Fix race condition in the probe
- drm/tilcdc: ensure nonatomic iowrite64 is not used
- mmc: avoid removing non-removable hosts during suspend
- IB/ipoib: Avoid memory leak if the SA returns a different DGID
- RDMA/cma: Use correct size when writing netlink stats
- iommu/vt-d: clean up pr_irq if request_threaded_irq fails
- RDMA/ocrdma: Fix permissions for OCRDMA_RESET_STATS
- IB/mlx5: Fix out-of-bounds read in create_raw_packet_qp_rq
- RDMA/ucma: Fix access to non-initialized CM_ID object
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.91
- libata: fix length validation of ATAPI-relayed SCSI commands
- libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs
- libata: disable LPM for Crucial BX100 SSD 500GB drive
- libata: Enable queued TRIM for Samsung SSD 860
- libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs
- libata: Make Crucial BX100 500GB LPM quirk apply to all firmware
versions
- libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version
- nfsd: remove blocked locks on client teardown
- mm/vmalloc: add interfaces to free unmapped page table
- drm: udl: Properly check framebuffer mmap offsets (CVE-2018-8781)
- mtd: nand: fsl_ifc: Fix eccstat array overflow for IFC ver >= 2.0.0
- staging: ncpfs: memory corruption in ncp_read_kernel() (CVE-2018-8822)
- can: cc770: Fix use after free in cc770_tx_interrupt()
- kvm/x86: fix icebp instruction handling (CVE-2018-1087)
- [x86] x86/entry/64: Don't use IST entry for #BP stack (CVE-2018-8897)
- bpf: skip unnecessary capability check
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.92
- scsi: sg: don't return bogus Sg_requests
- net sched actions: return explicit error when tunnel_key mode is not
specified
- ppp: avoid loop in xmit recursion detection code
- sch_netem: fix skb leak in netem_enqueue()
- ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event()
- net: Fix hlist corruptions in inet_evict_bucket()
- dccp: check sk for closed state in dccp_sendmsg() (CVE-2018-1130)
- ipv6: fix access to non-linear packet in
ndisc_fill_redirect_hdr_option()
- l2tp: do not accept arbitrary sockets
- net: ethernet: arc: Fix a potential memory leak if an optional regulator
is deferred
- netlink: avoid a double skb free in genlmsg_mcast()
- team: Fix double free in error path
- soc/fsl/qbman: fix issue in qman_delete_cgr_safe()
- net: hns: Fix a skb used after free bug
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.93
- mtd: jedec_probe: Fix crash in jedec_read_mfr()
- ALSA: pcm: potential uninitialized return values
- perf/hwbp: Simplify the perf-hwbp code, fix documentation
(CVE-2018-1000199)
- kprobes/x86: Fix to set RWX bits correctly before releasing trampoline
- arm64: avoid overflow in VA_START and PAGE_OFFSET
- xfrm_user: uncoditionally validate esn replay attribute struct
- RDMA/ucma: Check AF family prior resolving address
- RDMA/ucma: Fix use-after-free access in ucma_close
- RDMA/ucma: Ensure that CM_ID exists prior to access it
- RDMA/ucma: Check that device is connected prior to access it
- RDMA/ucma: Check that device exists prior to accessing it
- RDMA/ucma: Introduce safer rdma_addr_size() variants
- net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms()
- xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit
systems
- netfilter: bridge: ebt_among: add more missing match size checks
- Bluetooth: Fix missing encryption refresh on Security Request
- scsi: virtio_scsi: always read VPD pages for multiqueue too
- usb: dwc2: Improve gadget state disconnection handling
- [arm64] arm64: mm: Use non-global mappings for kernel space
- [arm64] arm64: mm: Move ASID from TTBR0 to TTBR1
- [arm64] arm64: mm: Allocate ASIDs in pairs
- [arm64] arm64: mm: Add arm64_kernel_unmapped_at_el0 helper
- [arm64] arm64: mm: Invalidate both kernel and user ASIDs when performing
TLBI
- [arm64] arm64: factor out entry stack manipulation
- module: extend 'rodata=off' boot cmdline parameter to module mappings
- [arm64] entry: Add exception trampoline page for exceptions from EL0
- [arm64] mm: Map entry trampoline into trampoline and kernel page tables
- [arm64] entry: Explicitly pass exception level to kernel_ventry macro
- [arm64] entry: Hook up entry trampoline to exception vectors
- [arm64] tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks
- [arm64] entry: Add fake CPU feature for unmapping the kernel at EL0
- [arm64] kaslr: Put kernel vectors address in separate data page
- [arm64] use RET instruction for exiting the trampoline
- [arm64] Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0
- [arm64] Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry
- [arm64] Take into account ID_AA64PFR0_EL1.CSV3
- [arm64] Allow checking of a CPU-local erratum
- [arm64] capabilities: Handle duplicate entries for a capability
- [arm64] cputype: Add MIDR values for Cavium ThunderX2 CPUs
- [arm64] Turn on KPTI only on CPUs that need it
- [arm64] kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0()
- [arm64] kpti: Add ->enable callback to remap swapper using nG mappings
- [arm64] Force KPTI to be disabled on Cavium ThunderX
- [arm64] entry: Reword comment about post_ttbr_update_workaround
- [arm64] idmap: Use "awx" flags for .idmap.text .pushsection directives
- media: usbtv: prevent double free in error case (CVE-2017-17975)
- crypto: ahash - Fix early termination in hash walk
- crypto: x86/cast5-avx - fix ECB encryption when long sg follows short
one
- net: hns: Fix ethtool private flags (CVE-2017-18222)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.94
- [x86] x86/asm: Don't use RBP as a temporary register in
csum_partial_copy_generic()
- IB/srpt: Avoid that aborting a command triggers a kernel warning
- af_key: Fix slab-out-of-bounds in pfkey_compile_policy.
- bna: Avoid reading past end of buffer
- qlge: Avoid reading past end of buffer
- ubi: fastmap: Fix slab corruption
- drivers/misc/vmw_vmci/vmci_queue_pair.c: fix a couple integer overflow
tests
- perf/callchain: Force USER_DS when invoking perf_callchain_user()
- Input: elan_i2c - check if device is there before really probing
- KVM: PPC: Book3S PR: Check copy_to/from_user return values
- [arm64] arm64: perf: Ignore exclude_hv when kernel is running in HYP
- [arm] KVM: arm: Restore banked registers and physical timer access on
hyp_panic()
- [arm64] KVM: arm64: Restore host physical timer access on hyp_panic()
- usb: dwc3: keystone: check return value
- ata: libahci: properly propagate return value of platform_get_irq()
- ipmr: vrf: Find VIFs using the actual device
- uio: fix incorrect memory leak cleanup
- net: x25: fix one potential use-after-free issue
- USB: ene_usb6250: fix SCSI residue overwriting
- net/wan/fsl_ucc_hdlc: fix unitialized variable warnings
- net/wan/fsl_ucc_hdlc: fix incorrect memory allocation
- mlxsw: spectrum: Avoid possible NULL pointer dereference
- scsi: csiostor: fix use after free in csio_hw_use_fwconfig()
- [powerpc*] powerpc/mm: Fix virt_addr_valid() etc. on 64-bit hash
- ath5k: fix memory leak on buf on failed eeprom read
- ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors
- md-cluster: fix potential lock issue in add_new_disk
- ray_cs: Avoid reading past end of buffer
- net/wan/fsl_ucc_hdlc: fix muram allocation error
- perf/core: Fix error handling in perf_event_alloc()
- selinux: do not check open permission on sockets
- block: fix an error code in add_partition()
- libceph: NULL deref on crush_decode() error path
- perf report: Fix off-by-one for non-activation frames
- netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize
- scsi: bnx2fc: fix race condition in bnx2fc_get_host_stats()
- fix race in drivers/char/random.c:get_reg()
- ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff()
- tcp: better validation of received ack sequences
- net: llc: add lock_sock in llc_ui_bind to avoid a race condition
- drm/msm: Take the mutex before calling msm_gem_new_impl
- thermal: power_allocator: fix one race condition issue for
thermal_instances list
- VFS: close race between getcwd() and d_move()
- PM / devfreq: Fix potential NULL pointer dereference in governor_store
- media: videobuf2-core: don't go out of the buffer range
- blk-mq: fix race between updating nr_hw_queues and switching io sched
- wl1251: check return from call to wl1251_acx_arp_ip_filter
- hdlcdrv: Fix divide by zero in hdlcdrv_ioctl
- [x86] x86/efi: Disable runtime services on kexec kernel if booted with
efi=old_map
- ovl: filter trusted xattr for non-admin
- dmaengine: imx-sdma: Handle return value of clk_prepare_enable
- backlight: Report error on failure
- [arm64] arm64: futex: Fix undefined behaviour with FUTEX_OP_OPARG_SHIFT
usage
- net: freescale: fix potential null pointer dereference
- KVM: SVM: do not zero out segment attributes if segment is unusable or
not present
- clk: scpi: fix return type of __scpi_dvfs_round_rate
- drm/amdkfd: NULL dereference involving create_process()
- qlcnic: Fix a sleep-in-atomic bug in qlcnic_82xx_hw_write_wx_2M and
qlcnic_82xx_hw_read_wx_2M
- [arm64] arm64: kernel: restrict /dev/mem read() calls to linear region
- mISDN: Fix a sleep-in-atomic bug
- RDMA/iw_cxgb4: Avoid touch after free error in ARP failure handlers
- RDMA/hfi1: fix array termination by appending NULL to attr array
- bio-integrity: Do not allocate integrity context for bio w/o data
- skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow
- macsec: check return value of skb_to_sgvec always
- e1000e: fix race condition around skb_tstamp_tx()
- igb: fix race condition with PTP_TX_IN_PROGRESS bits
- cx25840: fix unchecked return values
- mceusb: sporadic RX truncation corruption fix
- nvme: fix hang in remove path
- KVM: nVMX: Update vmcs12->guest_linear_address on nested VM-exit
- crypto: omap-sham - buffer handling fixes for hashing later
- crypto: omap-sham - fix closing of hash with separate finalize call
- net: ena: fix race condition between submit and completion admin command
- [s390x] s390/dasd: fix hanging safe offline
- drm/vc4: Fix resource leak in 'vc4_get_hang_state_ioctl()' in error
handling path
- scsi: libsas: fix memory leak in sas_smp_get_phy_events()
(CVE-2018-7757)
- blk-mq: fix kernel oops in blk_mq_tag_idle()
- ipv6: the entire IPv6 header chain must fit the first fragment
- net: fix possible out-of-bound read in skb_network_protocol()
- net/ipv6: Fix route leaking between VRFs
- net/ipv6: Increment OUTxxx counters after netfilter hook
- netlink: make sure nladdr has correct size in netlink_connect()
- net/sched: fix NULL dereference in the error path of tcf_bpf_init()
- pptp: remove a buggy dst release in pptp_connect()
- r8169: fix setting driver_data after register_netdev
- sctp: do not leak kernel memory to user space
- sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6
- net: fool proof dev_valid_name()
- ip_tunnel: better validate user provided tunnel names
- ipv6: sit: better validate user provided tunnel names
- ip6_gre: better validate user provided tunnel names
- ip6_tunnel: better validate user provided tunnel names
- vti6: better validate user provided tunnel names
- net/sched: fix NULL dereference in the error path of tunnel_key_init()
- net/sched: fix NULL dereference on the error path of tcf_skbmod_init()
- vhost: validate log when IOTLB is enabled
- vhost_net: add missing lock nesting notation
- net/mlx4_core: Fix memory leak while delete slave's resources
- vrf: Fix use after free and double free in vrf_finish_output
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.95
- media: v4l2-compat-ioctl32: don't oops on overlay
- parisc: Fix out of array access in match_pci_device()
- perf intel-pt: Fix overlap detection to identify consecutive buffers
correctly
- perf intel-pt: Fix timestamp following overflow
- perf/core: Fix use-after-free in uprobe_perf_close()
- [arm64] arm64: barrier: Add CSDB macros to control data-value prediction
- [arm64] arm64: Implement array_index_mask_nospec()
- [arm64] arm64: move TASK_* definitions to <asm/processor.h>
- [arm64] arm64: Make USER_DS an inclusive limit
- [arm64] arm64: Use pointer masking to limit uaccess speculation
- [arm64] arm64: entry: Ensure branch through syscall table is bounded
under speculation
- [arm64] arm64: uaccess: Prevent speculative use of the current
addr_limit
- [arm64] arm64: uaccess: Don't bother eliding access_ok checks in __{get,
put}_user
- [arm64] arm64: uaccess: Mask __user pointers for __arch_{clear,
copy_*}_user
- [arm64] arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early
- [arm64] arm64: Run enable method for errata work arounds on late CPUs
- [arm64] arm64: cpufeature: Pass capability structure to ->enable
callback
- [arm64] arm64: Factor out TTBR0_EL1 post-update workaround into a
specific asm macro
- [arm64] arm64: Move post_ttbr_update_workaround to C code
- [arm64] arm64: Add skeleton to harden the branch predictor against
aliasing attacks
- [arm64] arm64: Move BP hardening to check_and_switch_context
- [arm64] arm64: KVM: Use per-CPU vector when BP hardening is enabled
- [arm64] arm64: entry: Apply BP hardening for high-priority synchronous
exceptions
- [arm64] arm64: entry: Apply BP hardening for suspicious interrupts from
EL0
- [arm64] arm64: cputype: Add missing MIDR values for Cortex-A72 and
Cortex-A75
- [arm64] arm64: cpu_errata: Allow an erratum to be match for all
revisions of a core
- [arm64] arm64: Implement branch predictor hardening for affected
Cortex-A CPUs
- [arm64] arm64: Branch predictor hardening for Cavium ThunderX2
- [arm64] arm64: KVM: Increment PC after handling an SMC trap
- [arm64] arm/arm64: KVM: Consolidate the PSCI include files
- [arm64] arm/arm64: KVM: Add PSCI_VERSION helper
- [arm64] arm/arm64: KVM: Add smccc accessors to PSCI code
- [arm64] arm/arm64: KVM: Implement PSCI 1.0 support
- [arm64] arm/arm64: KVM: Advertise SMCCC v1.1
- [arm64] arm64: KVM: Make PSCI_VERSION a fast path
- [arm64] arm/arm64: KVM: Turn kvm_psci_version into a static inline
- [arm64] arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support
- [arm64] arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling
- [arm64] firmware/psci: Expose PSCI conduit
- [arm64] firmware/psci: Expose SMCCC version through psci_ops
- [arm64] arm/arm64: smccc: Make function identifiers an unsigned quantity
- [arm64] arm/arm64: smccc: Implement SMCCC v1.1 inline primitive
- [arm64] arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support
- [arm64] arm64: Kill PSCI_GET_VERSION as a variant-2 workaround
- block/loop: fix deadlock after loop_set_status
- rtl8187: Fix NULL pointer dereference in priv->conf_mutex
- hwmon: (ina2xx) Fix access to uninitialized mutex
- slip: Check if rstate is initialized before uncompressing
- [arm64] arm64: futex: Mask __user pointers prior to dereference
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.96
- tty: make n_tty_read() always abort if hangup is in progress
- ubifs: Check ubifs_wbuf_sync() return code
- ubi: Fix error for write access
- resource: fix integer overflow at reallocation
- ipc/shm: fix use-after-free of shm file via remap_file_pages()
- usb: musb: gadget: misplaced out of bounds check
- xen-netfront: Fix hang on device removal
- regmap: Fix reversed bounds check in regmap_raw_write()
- USB: gadget: f_midi: fixing a possible double-free in f_midi
- USB:fix USB3 devices behind USB3 hubs not resuming at hibernate thaw
- smb3: Fix root directory when server returns inode number of zero
- HID: i2c-hid: fix size check and type usage
- random: use a tighter cap in credit_entropy_bits_safe()
- ext4: fail ext4_iget for root directory if unallocated (CVE-2018-1092)
- RDMA/rxe: Fix an out-of-bounds read
- ALSA: pcm: Fix UAF at PCM release via PCM timer access
- dmaengine: at_xdmac: fix rare residue corruption
- libnvdimm, namespace: use a safe lookup for dimm device name
- iommu/vt-d: Fix a potential memory leak
- mmc: jz4740: Fix race condition in IRQ mask update
- pwm: rcar: Fix a condition to prevent mismatch value setting to duty
- thermal: imx: Fix race condition in imx_thermal_probe()
- ext4: don't allow r/w mounts if metadata blocks overlap the superblock
- drm/amdgpu: Fix always_valid bos multiple LRU insertions.
- drm/amdgpu: Fix PCIe lane width calculation
- drm/rockchip: Clear all interrupts before requesting the IRQ
- drm/radeon: Fix PCIe lane width calculation
- ALSA: line6: Use correct endpoint type for midi output
- ALSA: rawmidi: Fix missing input substream checks in compat ioctls
- ALSA: hda - New VIA controller suppor no-snoop path
- random: fix crng_ready() test (CVE-2018-1108)
- random: crng_reseed() should lock the crng instance that it is modifying
- random: add new ioctl RNDRESEEDCRNG
- HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device
- MIPS: uaccess: Add micromips clobbers to bzero invocation
- MIPS: memset.S: EVA & fault support for small_memset
- MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup
- MIPS: memset.S: Fix clobber of v1 in last_fixup
- [powerpc*] powerpc/eeh: Fix enabling bridge MMIO windows
- [powerpc*] powerpc/lib: Fix off-by-one in alternate feature patching
- udf: Fix leak of UTF-16 surrogates into encoded strings
- jffs2_kill_sb(): deal with failed allocations
- hypfs_kill_super(): deal with failed allocations
- orangefs_kill_sb(): deal with allocation failures
- rpc_pipefs: fix double-dput()
- Don't leak MNT_INTERNAL away from internal mounts
- autofs: mount point create should honour passed in mode
- mm/filemap.c: fix NULL pointer in page_cache_tree_insert()
- fanotify: fix logic of events on child
- writeback: safer lock nesting
- block/mq: fix potential deadlock during cpu hotplug
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.97
- cifs: do not allow creating sockets except with SMB1 posix exensions
- [x86] x86/tsc: Prevent 32bit truncation in calc_hpet_ref()
- drm/vc4: Fix memory leak during BO teardown
- drm/i915: Fix LSPCON TMDS output buffer enabling from low-power state
- power: supply: bq2415x: check for NULL acpi_id to avoid null pointer
dereference
- OF: Prevent unaligned access in of_alias_scan()
- jbd2: fix use after free in kjournald2()
- perf: Return proper values for user stack errors
- RDMA/mlx5: Fix NULL dereference while accessing XRC_TGT QPs
- mac80211_hwsim: fix use-after-free bug in hwsim_exit_net
- [s390] s390: introduce CPU alternatives
- [s390] s390: enable CPU alternatives unconditionally
- [s390] KVM: s390: wire up bpb feature
- [s390] s390: scrub registers on kernel entry and KVM exit
- [s390] s390: add optimized array_index_mask_nospec
- [s390] s390/alternative: use a copy of the facility bit mask
- [s390] s390: add options to change branch prediction behaviour for the
kernel
- [s390] s390: run user space and KVM guests with modified branch
prediction
- [s390] s390: introduce execute-trampolines for branches
- [s390] KVM: s390: force bp isolation for VSIE
- [s390] s390: Replace IS_ENABLED(EXPOLINE_*) with
IS_ENABLED(CONFIG_EXPOLINE_*)
- [s390] s390: do not bypass BPENTER for interrupt system calls
- [s390] s390/entry.S: fix spurious zeroing of r0
- [s390] s390: move nobp parameter functions to nospec-branch.c
- [s390] s390: add automatic detection of the spectre defense
- [s390] s390: report spectre mitigation via syslog
- [s390] s390: add sysfs attributes for spectre
- [s390] s390: correct nospec auto detection init order
- [s390] s390: correct module section names for expoline code revert
- KEYS: DNS: limit the length of option strings
- l2tp: check sockaddr length in pppol2tp_connect()
- net: validate attribute sizes in neigh_dump_table()
- llc: delete timers synchronously in llc_sk_free()
- tcp: don't read out-of-bounds opsize
- packet: fix bitfield update race
- pppoe: check sockaddr length in pppoe_connect()
- vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi
- sctp: do not check port in sctp_inet6_cmp_addr
- llc: hold llc_sap before release_sock()
- llc: fix NULL pointer deref for SOCK_ZAPPED
- net: fix deadlock while clearing neighbor proxy table
- net: af_packet: fix race in PACKET_{R|T}X_RING
- cdrom: information leak in cdrom_ioctl_media_changed() (CVE-2018-10940)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.98
- ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS
- ext4: set h_journal if there is a failure starting a reserved handle
- ext4: add validity checks for bitmap block numbers (CVE-2018-1093)
- ext4: fix bitmap position validation
- random: set up the NUMA crng instances after the CRNG is fully
initialized
- random: fix possible sleeping allocation from irq context
- random: rate limit unseeded randomness warnings
- usbip: usbip_event: fix to not print kernel pointer address
- usbip: usbip_host: fix to hold parent lock for device_attach() calls
- usbip: vhci_hcd: Fix usb device and sockfd leaks
- virtio_console: free buffers after reset
- drm/virtio: fix vq wait_event condition
- tty: Don't call panic() at tty_ldisc_init()
- tty: Use __GFP_NOFAIL for tty_ldisc_get()
- ALSA: dice: fix error path to destroy initialized stream data
- ALSA: opl3: Hardening for potential Spectre v1
- ALSA: asihpi: Hardening for potential Spectre v1
- ALSA: hdspm: Hardening for potential Spectre v1
- ALSA: rme9652: Hardening for potential Spectre v1
- ALSA: control: Hardening for potential Spectre v1
- ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device
- ALSA: seq: oss: Hardening for potential Spectre v1
- ALSA: hda: Hardening for potential Spectre v1
- ALSA: hda/realtek - Add some fixes for ALC233
- mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block.
- mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug.
- mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block.
- kobject: don't use WARN for registration failures
- PCI: aardvark: Fix PCIe Max Read Request Size setting
- ARM: amba: Fix race condition with driver_override
- ARM: amba: Don't read past the end of sysfs "driver_override" buffer
- crypto: drbg - set freed buffers to NULL
- libceph: un-backoff on tick when we have a authenticated session
- libceph: reschedule a tick in finish_hunting()
- libceph: validate con->state at the top of try_write()
- [powerpc*] cpufreq: powernv: Fix hardlockup due to synchronous smp_call
in timer interrupt
- [powerpc*] powerpc/eeh: Fix race with driver un/bind
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.99
- perf/core: Fix the perf_cpu_time_max_percent check (CVE-2018-18255)
- ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger()
- Input: leds - fix out of bound access
- xfs: prevent creating negative-sized file via INSERT_RANGE
- RDMA/cxgb4: release hw resources on device removal
- RDMA/mlx5: Protect from shift operand overflow
- IB/mlx5: Use unlimited rate when static rate is not supported
- IB/hfi1: Fix NULL pointer dereference when invalid num_vls is used
- drm/vmwgfx: Fix a buffer object leak
- drm/bridge: vga-dac: Fix edid memory leak
- usb: musb: host: fix potential NULL pointer dereference
- usb: musb: trace: fix NULL pointer dereference in musb_g_tx()
- platform/x86: asus-wireless: Fix NULL pointer dereference
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.100
- ipvs: fix rtnl_lock lockups caused by start_sync_thread
- crypto: af_alg - fix possible uninit-value in alg_bind()
- netlink: fix uninit-value in netlink_sendmsg
- net: fix rtnh_ok()
- net: initialize skb->peeked when cloning
- net: fix uninit-value in __hw_addr_add_ex()
- dccp: initialize ireq->ir_mark
- soreuseport: initialise timewait reuseport field
- tcp: fix TCP_REPAIR_QUEUE bound checking
- bdi: Fix oops in wb_workfn()
- [powerpc*] KVM: PPC: Book3S HV: Fix trap number return from
__kvmppc_vcore_entry
- f2fs: fix a dead loop in f2fs_fiemap() (CVE-2018-18257)
- arm64: Add work around for Arm Cortex-A55 Erratum 1024718
- gpioib: do not free unrequested descriptors
- rfkill: gpio: fix memory leak in probe error path
- net: atm: Fix potential Spectre v1
- atm: zatm: Fix potential Spectre v1
- tracing/uprobe_event: Fix strncpy corner case
- [x86] perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event
cache_*
- [x86] perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr
- [x86] perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver
- perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[]
- [x86] perf/x86: Fix possible Spectre-v1 indexing for
x86_pmu::event_map()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.101
- ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg
- llc: better deal with too small mtu
- net: ethernet: sun: niu set correct packet size in skb
- net: ethernet: ti: cpsw: fix packet leaking in dual_mac mode
- net/mlx4_en: Verify coalescing parameters are in range
- net_sched: fq: take care of throttled flows before reuse
- tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent().
- futex: Remove duplicated code and fix undefined behaviour
- proc: do not access cmdline nor environ from file-backed areas
(CVE-2018-1120)
- kernel/exit.c: avoid undefined behaviour when calling wait4()
(CVE-2018-10087)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.102
- usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
(CVE-2018-5814)
- [arm*] KVM: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with
SRCU lock
- [powerpc*] powerpc/powernv: Fix NVRAM sleep in invalid context when
crashing
- s390: remove indirect branch from do_softirq_own_stack
- efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32'
definition for mixed mode
- Btrfs: fix xattr loss after power failure
- btrfs: fix crash when trying to resume balance without the resume flag
- [x86] x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen
- btrfs: fix reading stale metadata blocks after degraded raid1 mounts
- [x86] x86/nospec: Simplify alternative_msr_write()
- [x86] x86/bugs: Concentrate bug detection into a separate function
- [x86] x86/bugs: Concentrate bug reporting into a separate function
- [x86] x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- [x86] x86/bugs, KVM: Support the combination of guest and host IBRS
- [x86] x86/bugs: Expose /sys/../spec_store_bypass
- [x86] x86/cpufeatures: Add X86_FEATURE_RDS
- [x86] x86/bugs: Provide boot parameters for the
spec_store_bypass_disable mitigation
- [x86] x86/bugs/intel: Set proper CPU features and setup RDS
- [x86] x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- [x86] x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if
requested
- [x86] x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- prctl: Add speculation control prctls
- [x86] process: Optimize TIF checks in __switch_to_xtra()
- [x86] process: Correct and optimize TIF_BLOCKSTEP switch
- [x86] process: Optimize TIF_NOTSC switch
- [x86] x86/process: Allow runtime control of Speculative Store Bypass
(CVE-2018-3639)
- [x86] x86/speculation: Add prctl for Speculative Store Bypass mitigation
- nospec: Allow getting/setting on non-current task
- proc: Provide details on speculation flaw mitigations
- seccomp: Enable speculation flaw mitigations
- [x86] x86/bugs: Make boot modes __ro_after_init
- prctl: Add force disable speculation
- seccomp: Use PR_SPEC_FORCE_DISABLE
- seccomp: Add filter flag to opt-out of SSB mitigation
- seccomp: Move speculation migitation control to arch code
- [x86] x86/speculation: Make "seccomp" the default mode for Speculative
Store Bypass
- KVM: SVM: Move spec control call after restore of GS
- [x86] x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
- [x86] x86/cpu/AMD: Fix erratum 1076 (CPB bit)
- [x86] x86/speculation: Add virtualized speculative store bypass disable
support
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.103
- net: test tailroom before appending to linear skb
- packet: in packet_snd start writing at link layer allocation
- sock_diag: fix use-after-free read in __sk_free
- ext2: fix a block leak
- [s390x] s390/crc32-vx: use expoline for indirect branches
- [s390x] s390/lib: use expoline for indirect branches
- [s390x] s390/ftrace: use expoline for indirect branches
- [s390x] s390/kernel: use expoline for indirect branches
- [s390x] s390: extend expoline to BC instructions
- [s390x] s390: use expoline thunks in the BPF JIT
- scsi: libsas: defer ata device eh commands to libata (CVE-2018-10021)
- scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()
(CVE-2018-1000204)
- scsi: zfcp: fix infinite iteration on ERP ready list
- cfg80211: limit wiphy names to 128 bytes
- [x86] x86/kexec: Avoid double free_page() upon do_kexec_load() failure
- usb: gadget: core: Fix use-after-free of usb_request
- usb: cdc_acm: prevent race at write to acm while system resumes
- USB: OHCI: Fix NULL dereference in HCDs using HCD_LOCAL_MEM
- usb: gadget: ffs: Execute copy_to_user() with USER_DS set
- usb: gadget: udc: change comparison to bitshift when dealing with a mask
- media: em28xx: USB bulk packet size fix
- scsi: fas216: fix sense buffer initialization
- scsi: sym53c8xx_2: iterator underflow in sym_getsync()
- scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo()
- scsi: qla2xxx: Avoid triggering undefined behavior in
qla2x00_mbx_completion()
- scsi: aacraid: fix shutdown crash when init fails
- scsi: aacraid: Insure command thread is not recursively stopped
- scsi: lpfc: Fix soft lockup in lpfc worker thread during LIP testing
- media: dmxdev: fix error code for invalid ioctls
- media: s3c-camif: fix out-of-bounds array access
- media: cx25821: prevent out-of-bounds read on array card
- serial: xuartps: Fix out-of-bounds access through DT alias
- serial: samsung: Fix out-of-bounds access through serial port index
- serial: mxs-auart: Fix out-of-bounds access through serial port index
- serial: imx: Fix out-of-bounds access through serial port index
- serial: fsl_lpuart: Fix out-of-bounds access through DT alias
- serial: arc_uart: Fix out-of-bounds access through DT alias
- rtc: hctosys: Ensure system time doesn't overflow time_t
- rtc: tx4939: avoid unintended sign extension on a 24 bit shift
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.104
- [mips] MIPS: c-r4k: Fix data corruption related to cache coherence
- affs_lookup(): close a race with affs_remove_link()
- aio: fix io_destroy(2) vs. lookup_ioctx() race
- do d_instantiate/unlock_new_inode combinations safely
- libata: Blacklist some Sandisk SSDs for NCQ
- libata: blacklist Micron 500IT SSD with MU01 firmware
- IB/hfi1: Use after free race condition in send context error path
- Revert "ipc/shm: Fix shmat mmap nil-page protection"
- ipc/shm: fix shmat() nil address after round-down when remapping
- kernel/sys.c: fix potential Spectre v1 issue
- kernel/signal.c: avoid undefined behaviour in kill_something_info
(CVE-2018-10124)
- KVM/VMX: Expose SSBD properly to guests
- firewire-ohci: work around oversized DMA reads on JMicron controllers
- i40iw: Zero-out consumer key on allocate stag for FMR
- iommu/vt-d: Use domain instead of cache fetching
- mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
(CVE-2018-8087)
- btrfs: Fix out of bounds access in btrfs_search_slot
- Btrfs: fix scrub to repair raid6 corruption
- HID: roccat: prevent an out of bounds read in
kovaplus_profile_activated()
- jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
- RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure
- gianfar: prevent integer wrapping in the rx handler
- tcp_nv: fix potential integer overflow in tcpnv_acked
- kvm: Map PFN-type memory regions as writable (if possible)
- mm/mempolicy: fix the check of nodemask from user
- mm/mempolicy: add nodes_empty check in SYSC_migrate_pages
- mm: pin address_space before dereferencing it while isolating an LRU
page
- mm/fadvise: discard partial page if endbyte is also EOF
- drm/nouveau/pmu/fuc: don't use movw directly anymore
- netfilter: ipv6: nf_defrag: Kill frag queue on RFC2460 failure
- [x86] x86/power: Fix swsusp_arch_resume prototype
- firmware: dmi_scan: Fix handling of empty DMI strings
- xen-netfront: Fix race between device setup and open
- xen/grant-table: Use put_page instead of free_page
- RDS: IB: Fix null pointer issue
- [arm64] arm64: spinlock: Fix theoretical trylock() A-B-A with LSE
atomics
- bcache: fix for allocator and register thread race
- bcache: fix for data collapse after re-attaching an attached device
- bcache: return attach error when no cache set exist
- [x86] vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall
user page
- ptr_ring: prevent integer overflow when calculating size
- [arm] ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt
- iwlwifi: mvm: fix security bug in PN checking
- rxrpc: Work around usercopy check
- mac80211: fix a possible leak of station stats
- mac80211: fix calling sleeping function in atomic context
- md raid10: fix NULL deference in handle_write_completed()
- locking/xchg/alpha: Add unconditional memory barrier to cmpxchg()
- md: raid5: avoid string overflow warning
- kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
- PKCS#7: fix direct verification of SignerInfo signature
- locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs
- macvlan: fix use-after-free in macvlan_common_newlink()
- md: fix a potential deadlock of raid5/raid10 reshape
- md/raid1: fix NULL pointer dereference
- ceph: fix dentry leak when failing to init debugfs
- [arm] ARM: orion5x: Revert commit 4904dbda41c8. closes: #892057
- dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3
- bcache: fix kcrashes with fio in RAID5 backend dev
- RDMA/qedr: Fix kernel panic when running fio over NFSoRDMA
- RDMA/qedr: Fix iWARP write and send with immediate
- IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs
- fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in
sbusfb_ioctl_helper(). (CVE-2018-6412)
- fsl/fman: avoid sleeping in atomic context while adding an address
- net: qcom/emac: Use proper free methods during TX
- net: smsc911x: Fix unload crash when link is up
- IB/core: Fix possible crash to access NULL netdev
- batman-adv: fix header size check in batadv_dbg_arp()
- batman-adv: Fix skbuff rcsum on packet reroute
- vti4: Don't count header length twice on tunnel setup
- vti4: Don't override MTU passed on link creation via IFLA_MTU
- brcmfmac: Fix check for ISO3166 code
- mm/mempolicy.c: avoid use uninitialized preferred_node
- mm, thp: do not cause memcg oom for thp
- [x86] x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init
- fs/proc/proc_sysctl.c: fix potential page fault while unregistering
sysctl table
- swap: divide-by-zero when zero length swap file on ssd
- mm: fix races between address_space dereference and free in
page_evicatable
- Btrfs: fix NULL pointer dereference in log_dir_items
- btrfs: Fix possible softlock on single core machines
- xen/acpi: off by one in read_acpi_id()
- ACPI: acpi_pad: Fix memory leak in power saving threads
- [powerpc*] powerpc/perf: Prevent kernel address leak to userspace via
BHRB buffer
- [powerpc*] powerpc/perf: Fix kernel address leak via sampling registers
- net/mlx5: Protect from command bit overflow
- ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk)
- ipmi_ssif: Fix kernel panic at msg_done_handler
- [powerpc*] powerpc: Add missing prototype for arch_irq_work_raise()
- f2fs: fix to check extent cache in f2fs_drop_extent_tree
- dmaengine: pl330: fix a race condition in case of threaded irqs
- audit: return on memory error to avoid null pointer dereference
- netlabel: If PF_INET6, check sk_buff ip header version
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.105
- Revert "vti4: Don't override MTU passed on link creation via IFLA_MTU"
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.106
- x86/xen: Add unwind hint annotations to xen_setup_gdt
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.107
- [arm64] arm64: lse: Add early clobbers to some input/output asm operands
- [powerpc*] powerpc/64s: Clear PCR on boot
- xfs: detect agfl count corruption and reset agfl
- tracing: Fix crash when freeing instances with event triggers
- selinux: KASAN: slab-out-of-bounds in xattr_getsecurity
- tcp: avoid integer overflows in tcp_rcv_space_adjust()
- [arm64] arm64: Add hypervisor safe helper for checking constant
capabilities
- [powerpc*] powerpc/rfi-flush: Move out of HARDLOCKUP_DETECTOR #ifdef
- [powerpc*] powerpc/pseries: Support firmware disable of RFI flush
- [powerpc*] powerpc/powernv: Support firmware disable of RFI flush
- [powerpc*] powerpc/rfi-flush: Always enable fallback flush on pseries
- [powerpc*] powerpc/rfi-flush: Differentiate enabled and patched flush
types
- [powerpc*] powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
- [powerpc*] powerpc: Add security feature flags for Spectre/Meltdown
- [powerpc*] powerpc/pseries: Set or clear security feature flags
- [powerpc*] powerpc/powernv: Set or clear security feature flags
- [powerpc*] powerpc/powernv: Use the security flags in
pnv_setup_rfi_flush()
- [powerpc*] powerpc/pseries: Use the security flags in
pseries_setup_rfi_flush()
- [powerpc*] powerpc/64s: Wire up cpu_show_spectre_v1()
- [powerpc*] powerpc/64s: Wire up cpu_show_spectre_v2()
- [powerpc*] powerpc/pseries: Fix clearing of security feature flags
- [powerpc*] powerpc: Move default security feature flags
- [powerpc*] powerpc/pseries: Restore default security feature flags on
setup
- [powerpc*] powerpc/64s: Fix section mismatch warnings from
setup_rfi_flush()
- [powerpc*] powerpc/64s: Add support for a store forwarding barrier at
kernel entry/exit
- net/mlx4_en: fix potential use-after-free with dma_unmap_page
- iio:kfifo_buf: check for uint overflow
- mm: fix the NULL mapping case in __isolate_lru_page()
- serial: pl011: add console matching function
.
[ Steve McIntyre ]
* Backports for Qualcomm Centriq machines. Closes: #896775
- [arm64] Backport support for Qualcomm Centriq onboard emac NIC
- [arm64] Backport workaround for erratum E1041
.
[ Romain Perier ]
* [armhf] MFD: Enable MFD_TPS65217 (Closes: #897590)
.
[ Salvatore Bonaccorso ]
* nfsd: increase DRC cache limit (Closes: #898137)
.
[ Yves-Alexis Perez ]
* [rt] Update patchset to 4.9.98-rt76
- don't apply "drivers/net: Use disable_irq_nosync() in 8139too" since
it's already included upstream
- removed "rtmutex: Fix PI chain order integrity"
- fs/aio: simple simple work
* Bump ABI to 7
- remove all ignored ABI changes since ABI 6
- remove all patches reverting ABI changes since ABI 6
* [rt] "fs/dcache: disable preemption on i_dir_seq's write side" edited for
fuzz after 4.9.106.
.
[ Ben Hutchings ]
* random: Make getranndom() ready earlier (see #897599)
linux (4.9.88-1+deb9u1) stretch-security; urgency=high
.
[ Salvatore Bonaccorso ]
* [x86] x86/entry/64: Don't use IST entry for #BP stack (CVE-2018-8897)
* [x86] kvm: fix icebp instruction handling (CVE-2018-1087)
.
[ Ben Hutchings ]
* Revert "random: fix crng_ready() test" (Closes: #897599), reopening
CVE-2018-1108
linux (4.9.88-1+deb9u1~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports:
- Revert "[x86] psmouse: Enable MOUSE_PS2_VMMOUSE", which breaks
xserver-xorg-input-vmmouse and several metapackages in jessie
- Revert changes to use gcc-6 compiler, not found in jessie
- Change ABI number to 0.bpo.6
- Revert changes to flex and asciidoc build-dependencies
- linux-image-dbg: Revert changes to packaging of debug symbols
- Revert "enable `perf data' support" as libbabeltrace is not available
- [mips*] Disable RELOCATABLE and RANDOMIZE_BASE.
- [x86] (Build-)depend on retpoline-capable versions of gcc-4.9
.
linux (4.9.88-1+deb9u1) stretch-security; urgency=high
.
[ Salvatore Bonaccorso ]
* [x86] x86/entry/64: Don't use IST entry for #BP stack (CVE-2018-8897)
* [x86] kvm: fix icebp instruction handling (CVE-2018-1087)
.
[ Ben Hutchings ]
* Revert "random: fix crng_ready() test" (Closes: #897599), reopening
CVE-2018-1108
linux (4.9.88-1) stretch-security; urgency=high
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.83
- ext4: fix a race in the ext4 shutdown path
- ext4: save error to disk in __ext4_grp_locked_error()
- console/dummy: leave .con_font_get set to NULL
- rtlwifi: rtl8821ae: Fix connection lost problem correctly
- target/iscsi: avoid NULL dereference in CHAP auth error path
- Btrfs: fix deadlock in run_delalloc_nocow
- Btrfs: fix crash due to not cleaning up tree log block's dirty bits
- Btrfs: fix extent state leak from tree log
- Btrfs: fix unexpected -EEXIST when creating new inode
- ALSA: seq: Fix racy pool initializations (CVE-2018-7566)
- ocfs2: try a blocking lock before return AOP_TRUNCATED_PAGE
- [s390] s390: fix handling of -1 in set{,fs}[gu]id16 syscalls
- [x86] x86/entry/64/compat: Clear registers for compat syscalls, to
reduce speculation attack surface (hardening for Spectre)
- [x86] x86/speculation: Update Speculation Control microcode blacklist
- [x86] x86/speculation: Correct Speculation Control microcode blacklist
again
- [x86] KVM/x86: Reduce retpoline performance impact in
slot_handle_level_range(), by always inlining iterator helper methods
- [x86] X86/nVMX: Properly set spec_ctrl and pred_cmd before merging MSRs
- vfs: don't do RCU lookup of empty pathnames
- media: r820t: fix r820t_write_reg for KASAN
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.84
- cfg80211: check dev_set_name() return value
- xfrm: skip policies marked as dead while rehashing
- mm,vmscan: Make unregister_shrinker() no-op if register_shrinker()
failed.
- xfrm: Fix stack-out-of-bounds read on socket policy lookup.
- xfrm: check id proto in validate_tmpl()
- sctp: set frag_point in sctp_setsockopt_maxseg correctly
- drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all
- selinux: ensure the context is NUL terminated in
security_context_to_sid_core()
- [x86] KVM: x86: fix escape of guest dr6 to the host
- netfilter: x_tables: fix int overflow in xt_alloc_table_info()
- netfilter: x_tables: avoid out-of-bounds reads in
xt_request_find_{match|target}
- netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in
clusterip_tg_check()
- netfilter: on sockopt() acquire sock lock only in the required scope
- netfilter: xt_cgroup: initialize info->priv in cgroup_mt_check_v1()
- netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
- crypto: hash - prevent using keyed hashes without setting key
- [arm*] ARM: dts: Fix omap4 hang with GPS connected to USB by using
wakeupgen
- sctp: only update outstanding_bytes for transmitted queue when doing
prsctp_prune
- net_sched: red: Avoid devision by zero
- net_sched: red: Avoid illegal values
- btrfs: Fix possible off-by-one in btrfs_search_path_in_tree
- 509: fix printing uninitialized stack memory when OID is empty
- dmaengine: at_hdmac: fix potential NULL pointer dereference in
atc_prep_dma_interleaved
- clk: fix a panic error caused by accessing NULL pointer
- xfrm: Fix stack-out-of-bounds with misconfigured transport mode
policies.
- drm/armada: fix leak of crtc structure
- [x86] mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep
- [x86] x86/mm/kmmio: Fix mmiotrace for page unaligned addresses
- hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close
- [powerpc*] powerpc/64s: Fix conversion of slb_miss_common to use
RFI_TO_USER/KERNEL
- [powerpc*] powerpc/64s: Simple RFI macro conversions
- [powerpc*] powerpc/64s: Improve RFI L1-D cache flush fallback
- crypto: talitos - fix Kernel Oops on hashing an empty file
- ALSA: hda/ca0132 - fix possible NULL pointer use
- [x86] KVM: async_pf: Fix #DF due to inject "Page not Present" and "Page
Ready" exceptions simultaneously
- crypto: s5p-sss - Fix kernel Oops in AES-ECB mode
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.85
- netfilter: drop outermost socket lock in getsockopt()
- X.509: fix BUG_ON() when hash algorithm is unsupported
- PKCS#7: fix certificate chain verification
- RDMA/uverbs: Protect from command mask overflow
- iio: buffer: check if a buffer has been set up when poll is called
- iio: adis_lib: Initialize trigger before requesting interrupt
- irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq()
- ohci-hcd: Fix race condition caused by ohci_urb_enqueue() and
io_watchdog_func()
- usb: ohci: Proper handling of ed_rm_list to handle race condition
between usb_kill_urb() and finish_unlinks()
- ]arm64] arm64: Disable unhandled signal log messages by default
- Revert "usb: musb: host: don't start next rx urb if current one failed"
- X.509: fix NULL dereference when restricting key with unsupported_sig
- mm: avoid spurious 'bad pmd' warning messages
- [x86] x86/entry/64: Clear extra registers beyond syscall arguments, to
reduce speculation attack surface
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.86
- i2c: designware: must wait for enable
- f2fs: fix a bug caused by NULL extent tree (CVE-2017-18193)
- mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM
- mtd: nand: brcmnand: Zero bitflip is not an error
- [arm*] ARM: 8731/1: Fix csum_partial_copy_from_user() stack mismatch
- sget(): handle failures of register_shrinker()
- drm/nouveau/pci: do a msi rearm on init
- mac80211_hwsim: Fix a possible sleep-in-atomic bug in hwsim_get_radio_nl
- tipc: error path leak fixes in tipc_enable_bearer()
- tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path
- tg3: Add workaround to restrict 5762 MRRS to 2048
- tg3: Enable PHY reset in MTU change path for 5720
- bnx2x: Improve reliability in case of nested PCI errors
- IB/mlx5: Fix mlx5_ib_alloc_mr error flow
- genirq: Guard handle_bad_irq log messages
- IB/mlx4: Fix mlx4_ib_alloc_mr error flow
- IB/ipoib: Fix race condition in neigh creation
- xfs: quota: fix missed destroy of qi_tree_lock
- xfs: quota: check result of register_shrinker()
- macvlan: Fix one possible double free
- e1000: fix disabling already-disabled warning
- drm/ttm: check the return value of kzalloc
- nl80211: Check for the required netlink attribute presence
- bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine.
- xen-netfront: enable device after manual module load
- mdio-sun4i: Fix a memory leak
- xen/gntdev: Fix off-by-one error when unmapping with holes
- xen/gntdev: Fix partial gntdev_mmap() cleanup
- sctp: make use of pre-calculated len
- net: gianfar_ptp: move set_fipers() to spinlock protecting area
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.87
- [x86] tpm: st33zp24: fix potential buffer overruns caused by bit
glitches on the bus
- [x86] tpm_i2c_infineon: fix potential buffer overruns caused by bit
glitches on the bus
- [x86] tpm_i2c_nuvoton: fix potential buffer overruns caused by bit
glitches on the bus
- [x86] tpm_tis: fix potential buffer overruns caused by bit glitches on
the bus
- [x86] tpm: constify transmit data pointers
- [x86] tpm-dev-common: Reject too short writes
- ALSA: usb-audio: Add a quirck for B&W PX headphones
- ALSA: hda: Add a power_save blacklist
- ALSA: hda - Fix pincfg at resume on Lenovo T470 dock
- timers: Forward timer base before migrating timers
- [hppa] parisc: Fix ordering of cache and TLB flushes
- dax: fix vma_is_fsdax() helper
- [x86] xen: Zero MSR_IA32_SPEC_CTRL before suspend
- [x86] platform/intel-mid: Handle Intel Edison reboot correctly
- media: m88ds3103: don't call a non-initalized function
- nospec: Allow index argument to have const-qualified type
- [armel,armhf] mvebu: Fix broken PL310_ERRATA_753970 selects
- KVM: mmu: Fix overlap between public and private memslots
- [x86] KVM: Remove indirect MSR op calls from SPEC_CTRL
- [x86] KVM/VMX: Optimize vmx_vcpu_run() and svm_vcpu_run() by marking the
RDMSR path as unlikely()
- PCI/ASPM: Deal with missing root ports in link state handling
- dm io: fix duplicate bio completion due to missing ref count
- [armhf] dts: LogicPD SOM-LV: Fix I2C1 pinmux
- [armhf] dts: LogicPD Torpedo: Fix I2C1 pinmux
- [x86] mm: Give each mm TLB flush generation a unique ID
- [x86] speculation: Use Indirect Branch Prediction Barrier in context
switch
- md: only allow remove_and_add_spares when no sync_thread running.
- netlink: put module reference if dump start fails
- [x86] apic/vector: Handle legacy irq data correctly
- bridge: check brport attr show in brport_show
- fib_semantics: Don't match route with mismatching tclassid
- hdlc_ppp: carrier detect ok, don't turn off negotiation
- ipv6 sit: work around bogus gcc-8 -Wrestrict warning
- net: fix race on decreasing number of TX queues
- net: ipv4: don't allow setting net.ipv4.route.min_pmtu below 68
- netlink: ensure to loop over all netns in genlmsg_multicast_allns()
- ppp: prevent unregistered channels from connecting to PPP units
- udplite: fix partial checksum initialization
- sctp: fix dst refcnt leak in sctp_v4_get_dst
- net: phy: fix phy_start to consider PHY_IGNORE_INTERRUPT
- tcp: Honor the eor bit in tcp_mtu_probe
- rxrpc: Fix send in rxrpc_send_data_packet()
- tcp_bbr: better deal with suboptimal GSO
- sctp: fix dst refcnt leak in sctp_v6_get_dst()
- [s390x] qeth: fix underestimated count of buffer elements
- [s390x] qeth: fix SETIP command handling
- [s390x] qeth: fix overestimated count of buffer elements
- [s390x] qeth: fix IP removal on offline cards
- [s390x] qeth: fix double-free on IP add/remove race
- [s390x] qeth: fix IP address lookup for L3 devices
- [s390x] qeth: fix IPA command submission race
- sctp: verify size of a new chunk in _sctp_make_chunk() (CVE-2018-5803)
- net: mpls: Pull common label check into helper
- mpls, nospec: Sanitize array index in mpls_label_ok()
- bpf: fix wrong exposure of map_flags into fdinfo for lpm
- bpf: fix mlock precharge on arraymaps
- bpf, x64: implement retpoline for tail call
- bpf, arm64: fix out of bounds access in tail call
- bpf: add schedule points in percpu arrays management
- bpf, ppc64: fix out of bounds access in tail call
- btrfs: preserve i_mode if __btrfs_set_acl() fails
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.88
- RDMA/ucma: Limit possible option size
- RDMA/ucma: Check that user doesn't overflow QP state
- RDMA/mlx5: Fix integer overflow while resizing CQ
- [x86] drm/i915: Try EDID bitbanging on HDMI after failed read
- scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS
- [x86] drm/i915: Always call to intel_display_set_init_power() in
resume_early.
- workqueue: Allow retrieval of current task's work struct
- drm: Allow determining if current task is output poll worker
- drm/nouveau: Fix deadlock on runtime suspend
- drm/radeon: Fix deadlock on runtime suspend
- drm/amdgpu: Fix deadlock on runtime suspend
- drm/amdgpu: Notify sbios device ready before send request
- drm/radeon: fix KV harvesting
- drm/amdgpu: fix KV harvesting
- drm/amdgpu:Correct max uvd handles
- drm/amdgpu:Always save uvd vcpu_bo in VM Mode
- [mips*/octeon] irq: Check for null return on kzalloc allocation
- loop: Fix lost writes caused by missing flag
- virtio_ring: fix num_free handling in error case
- [s390x] KVM: fix memory overwrites when not using SCA entries
- kbuild: Handle builtin dtb file names containing hyphens
- IB/mlx5: Fix incorrect size of klms in the memory region
- bcache: fix crashes in duplicate cache device register
- bcache: don't attach backing with duplicate UUID
- [x86] MCE: Serialize sysfs changes (CVE-2018-7995)
- perf tools: Fix trigger class trigger_on()
- [x86] spectre_v2: Don't check microcode versions when running under
hypervisors
- ALSA: hda/realtek: Limit mic boost on T480
- ALSA: hda/realtek - Fix dock line-out volume on Dell Precision 7520
- ALSA: hda/realtek - Make dock sound work on ThinkPad L570
- ALSA: seq: Don't allow resizing pool in use
- ALSA: seq: More protection for concurrent write and ioctl races
- ALSA: hda: add dock and led support for HP EliteBook 820 G3
- ALSA: hda: add dock and led support for HP ProBook 640 G2
- nospec: Kill array_index_nospec_mask_check()
- nospec: Include <asm/barrier.h> dependency
- Revert "x86/retpoline: Simplify vmexit_fill_RSB()"
- [x86] speculation: Use IBRS if available before calling into firmware
- [x86] retpoline: Support retpoline builds with Clang
- [x86] speculation, objtool: Annotate indirect calls/jumps for objtool
- [x86] boot, objtool: Annotate indirect jump in secondary_startup_64()
- [x86] speculation: Move firmware_restrict_branch_speculation_*() from C
to CPP
- [x86] paravirt, objtool: Annotate indirect calls
- watchdog: hpwdt: SMBIOS check
- watchdog: hpwdt: Check source of NMI
- watchdog: hpwdt: fix unused variable warning
- watchdog: hpwdt: Remove legacy NMI sourcing.
- [armhf] omap2: hide omap3_save_secure_ram on non-OMAP3 builds
- Input: tca8418_keypad - remove double read of key event register
- tc358743: fix register i2c_rd/wr function fix
- netfilter: add back stackpointer size checks (CVE-2018-1065)
- netfilter: x_tables: fix missing timer initialization in xt_LED
- netfilter: nat: cope with negative port range
- netfilter: IDLETIMER: be syzkaller friendly
- netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
(CVE-2018-1068)
- netfilter: bridge: ebt_among: add missing match size checks
- netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt
- netfilter: x_tables: pass xt_counters struct instead of packet counter
- netfilter: x_tables: pass xt_counters struct to counter allocator
- netfilter: x_tables: pack percpu counter allocations
- ext4: inplace xattr block update fails to deduplicate blocks
- ubi: Fix race condition between ubi volume creation and udev
- scsi: qla2xxx: Replace fcport alloc with qla2x00_alloc_fcport
- NFS: Fix an incorrect type in struct nfs_direct_req
- NFS: Fix unstable write completion
- [x86] module: Detect and skip invalid relocations
- [x86] Treat R_X86_64_PLT32 as R_X86_64_PC32
- serial: sh-sci: prevent lockup on full TTY buffers
- tty/serial: atmel: add new version check for usart
- uas: fix comparison for error code
- [x86] staging: comedi: fix comedi_nsamples_left.
- USB: storage: Add JMicron bridge 152d:2567 to unusual_devs.h
- usbip: vudc: fix null pointer dereference on udc->lock
- usb: quirks: add control message delay for 1b1c:1b20
- usb: usbmon: Read text within supplied buffer size
- usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb()
- serial: 8250_pci: Add Brainboxes UC-260 4 port serial device
- serial: core: mark port as initialized in autoconfig
- earlycon: add reg-offset to physical address before mapping
- PCI: dwc: Fix enumeration end when reaching root subordinate
.
[Yves-Alexis Perez]
* [powerpc*] drop RFI patches, now included upstream
.
[ Salvatore Bonaccorso ]
* [rt] Refresh 0001-timer-make-the-base-lock-raw.patch context
* [rt] Update to 4.9.84-rt62
* blkcg: fix double free of new_blkg in blkcg_init_queue (CVE-2018-7480)
* CIFS: Enable encryption during session setup phase (CVE-2018-1066)
* staging: ncpfs: memory corruption in ncp_read_kernel() (CVE-2018-8822)
* [arm64] net: hns: Fix a skb used after free bug (CVE-2017-18218)
* media: usbtv: prevent double free in error case (CVE-2017-17975)
* [arm64] net: hns: fix ethtool_get_strings overflow in hns driver
* [arm64] net: hns: Fix ethtool private flags (CVE-2017-18222)
* scsi: libsas: fix memory leak in sas_smp_get_phy_events() (CVE-2018-7757)
* ext4: add validity checks for bitmap block numbers (CVE-2018-1093)
* ext4: fix bitmap position validation
* ext4: fail ext4_iget for root directory if unallocated (CVE-2018-1092)
* random: fix crng_ready() test (CVE-2018-1108)
* random: set up the NUMA crng instances after the CRNG is fully initialized
* random: crng_reseed() should lock the crng instance that it is modifying
* random: fix possible sleeping allocation from irq context
* perf/hwbp: Simplify the perf-hwbp code, fix documentation
(CVE-2018-1000199)
.
[ Ben Hutchings ]
* [x86] Revert "x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping"
to avoid an ABI change
* [x86] mm: Avoid ABI change for addition of ctx_id
* [x86] cpu: Avoid ABI change in 4.9.83
* crypto: hash: Avoid ABI change in 4.9.84
* fs: Avoid ABI change in 4.9.85
* [x86] nospec: Ignore ABI change for removal of __clear_rsb and __fill_rsb,
previously exported for use by KVM
* [x86] Ignore ABI change for cpu_tlbstate, apparently not used externally
* jbd2: Ignore ABI changes
* tpm_tis: Ignore ABI changes
* ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent
(CVE-2017-18216)
* ocfs2: ip_alloc_sem should be taken in ocfs2_get_block() (CVE-2017-18224)
* f2fs: fix a panic caused by NULL flush_cmd_control (CVE-2017-18241)
* f2fs: fix a dead loop in f2fs_fiemap() (CVE-2017-18257)
* mm/hugetlb.c: don't call region_abort if region_chg fails
* hugetlbfs: fix offset overflow in hugetlbfs mmap
* hugetlbfs: check for pgoff value overflow (CVE-2018-7740)
* mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
(CVE-2018-8087)
* drm: udl: Properly check framebuffer mmap offsets (CVE-2018-8781)
* xfs: set format back to extents if xfs_bmap_extents_to_btree
(CVE-2018-10323)
* debian/lib/python/debian_linux/gencontrol.py: Allow uploads to *-security
with a simple revision
linux (4.9.88-1~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports:
- Revert "[x86] psmouse: Enable MOUSE_PS2_VMMOUSE", which breaks
xserver-xorg-input-vmmouse and several metapackages in jessie
- Revert changes to use gcc-6 compiler, not found in jessie
- Change ABI number to 0.bpo.6
- Revert changes to flex and asciidoc build-dependencies
- linux-image-dbg: Revert changes to packaging of debug symbols
- Revert "enable `perf data' support" as libbabeltrace is not available
- [mips*] Disable RELOCATABLE and RANDOMIZE_BASE.
- [x86] (Build-)depend on retpoline-capable versions of gcc-4.9
.
linux (4.9.88-1) stretch-security; urgency=high
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.83
- ext4: fix a race in the ext4 shutdown path
- ext4: save error to disk in __ext4_grp_locked_error()
- console/dummy: leave .con_font_get set to NULL
- rtlwifi: rtl8821ae: Fix connection lost problem correctly
- target/iscsi: avoid NULL dereference in CHAP auth error path
- Btrfs: fix deadlock in run_delalloc_nocow
- Btrfs: fix crash due to not cleaning up tree log block's dirty bits
- Btrfs: fix extent state leak from tree log
- Btrfs: fix unexpected -EEXIST when creating new inode
- ALSA: seq: Fix racy pool initializations (CVE-2018-7566)
- ocfs2: try a blocking lock before return AOP_TRUNCATED_PAGE
- [s390] s390: fix handling of -1 in set{,fs}[gu]id16 syscalls
- [x86] x86/entry/64/compat: Clear registers for compat syscalls, to
reduce speculation attack surface (hardening for Spectre)
- [x86] x86/speculation: Update Speculation Control microcode blacklist
- [x86] x86/speculation: Correct Speculation Control microcode blacklist
again
- [x86] KVM/x86: Reduce retpoline performance impact in
slot_handle_level_range(), by always inlining iterator helper methods
- [x86] X86/nVMX: Properly set spec_ctrl and pred_cmd before merging MSRs
- vfs: don't do RCU lookup of empty pathnames
- media: r820t: fix r820t_write_reg for KASAN
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.84
- cfg80211: check dev_set_name() return value
- xfrm: skip policies marked as dead while rehashing
- mm,vmscan: Make unregister_shrinker() no-op if register_shrinker()
failed.
- xfrm: Fix stack-out-of-bounds read on socket policy lookup.
- xfrm: check id proto in validate_tmpl()
- sctp: set frag_point in sctp_setsockopt_maxseg correctly
- drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all
- selinux: ensure the context is NUL terminated in
security_context_to_sid_core()
- [x86] KVM: x86: fix escape of guest dr6 to the host
- netfilter: x_tables: fix int overflow in xt_alloc_table_info()
- netfilter: x_tables: avoid out-of-bounds reads in
xt_request_find_{match|target}
- netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in
clusterip_tg_check()
- netfilter: on sockopt() acquire sock lock only in the required scope
- netfilter: xt_cgroup: initialize info->priv in cgroup_mt_check_v1()
- netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
- crypto: hash - prevent using keyed hashes without setting key
- [arm*] ARM: dts: Fix omap4 hang with GPS connected to USB by using
wakeupgen
- sctp: only update outstanding_bytes for transmitted queue when doing
prsctp_prune
- net_sched: red: Avoid devision by zero
- net_sched: red: Avoid illegal values
- btrfs: Fix possible off-by-one in btrfs_search_path_in_tree
- 509: fix printing uninitialized stack memory when OID is empty
- dmaengine: at_hdmac: fix potential NULL pointer dereference in
atc_prep_dma_interleaved
- clk: fix a panic error caused by accessing NULL pointer
- xfrm: Fix stack-out-of-bounds with misconfigured transport mode
policies.
- drm/armada: fix leak of crtc structure
- [x86] mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep
- [x86] x86/mm/kmmio: Fix mmiotrace for page unaligned addresses
- hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close
- [powerpc*] powerpc/64s: Fix conversion of slb_miss_common to use
RFI_TO_USER/KERNEL
- [powerpc*] powerpc/64s: Simple RFI macro conversions
- [powerpc*] powerpc/64s: Improve RFI L1-D cache flush fallback
- crypto: talitos - fix Kernel Oops on hashing an empty file
- ALSA: hda/ca0132 - fix possible NULL pointer use
- [x86] KVM: async_pf: Fix #DF due to inject "Page not Present" and "Page
Ready" exceptions simultaneously
- crypto: s5p-sss - Fix kernel Oops in AES-ECB mode
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.85
- netfilter: drop outermost socket lock in getsockopt()
- X.509: fix BUG_ON() when hash algorithm is unsupported
- PKCS#7: fix certificate chain verification
- RDMA/uverbs: Protect from command mask overflow
- iio: buffer: check if a buffer has been set up when poll is called
- iio: adis_lib: Initialize trigger before requesting interrupt
- irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq()
- ohci-hcd: Fix race condition caused by ohci_urb_enqueue() and
io_watchdog_func()
- usb: ohci: Proper handling of ed_rm_list to handle race condition
between usb_kill_urb() and finish_unlinks()
- ]arm64] arm64: Disable unhandled signal log messages by default
- Revert "usb: musb: host: don't start next rx urb if current one failed"
- X.509: fix NULL dereference when restricting key with unsupported_sig
- mm: avoid spurious 'bad pmd' warning messages
- [x86] x86/entry/64: Clear extra registers beyond syscall arguments, to
reduce speculation attack surface
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.86
- i2c: designware: must wait for enable
- f2fs: fix a bug caused by NULL extent tree (CVE-2017-18193)
- mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM
- mtd: nand: brcmnand: Zero bitflip is not an error
- [arm*] ARM: 8731/1: Fix csum_partial_copy_from_user() stack mismatch
- sget(): handle failures of register_shrinker()
- drm/nouveau/pci: do a msi rearm on init
- mac80211_hwsim: Fix a possible sleep-in-atomic bug in hwsim_get_radio_nl
- tipc: error path leak fixes in tipc_enable_bearer()
- tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path
- tg3: Add workaround to restrict 5762 MRRS to 2048
- tg3: Enable PHY reset in MTU change path for 5720
- bnx2x: Improve reliability in case of nested PCI errors
- IB/mlx5: Fix mlx5_ib_alloc_mr error flow
- genirq: Guard handle_bad_irq log messages
- IB/mlx4: Fix mlx4_ib_alloc_mr error flow
- IB/ipoib: Fix race condition in neigh creation
- xfs: quota: fix missed destroy of qi_tree_lock
- xfs: quota: check result of register_shrinker()
- macvlan: Fix one possible double free
- e1000: fix disabling already-disabled warning
- drm/ttm: check the return value of kzalloc
- nl80211: Check for the required netlink attribute presence
- bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine.
- xen-netfront: enable device after manual module load
- mdio-sun4i: Fix a memory leak
- xen/gntdev: Fix off-by-one error when unmapping with holes
- xen/gntdev: Fix partial gntdev_mmap() cleanup
- sctp: make use of pre-calculated len
- net: gianfar_ptp: move set_fipers() to spinlock protecting area
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.87
- [x86] tpm: st33zp24: fix potential buffer overruns caused by bit
glitches on the bus
- [x86] tpm_i2c_infineon: fix potential buffer overruns caused by bit
glitches on the bus
- [x86] tpm_i2c_nuvoton: fix potential buffer overruns caused by bit
glitches on the bus
- [x86] tpm_tis: fix potential buffer overruns caused by bit glitches on
the bus
- [x86] tpm: constify transmit data pointers
- [x86] tpm-dev-common: Reject too short writes
- ALSA: usb-audio: Add a quirck for B&W PX headphones
- ALSA: hda: Add a power_save blacklist
- ALSA: hda - Fix pincfg at resume on Lenovo T470 dock
- timers: Forward timer base before migrating timers
- [hppa] parisc: Fix ordering of cache and TLB flushes
- dax: fix vma_is_fsdax() helper
- [x86] xen: Zero MSR_IA32_SPEC_CTRL before suspend
- [x86] platform/intel-mid: Handle Intel Edison reboot correctly
- media: m88ds3103: don't call a non-initalized function
- nospec: Allow index argument to have const-qualified type
- [armel,armhf] mvebu: Fix broken PL310_ERRATA_753970 selects
- KVM: mmu: Fix overlap between public and private memslots
- [x86] KVM: Remove indirect MSR op calls from SPEC_CTRL
- [x86] KVM/VMX: Optimize vmx_vcpu_run() and svm_vcpu_run() by marking the
RDMSR path as unlikely()
- PCI/ASPM: Deal with missing root ports in link state handling
- dm io: fix duplicate bio completion due to missing ref count
- [armhf] dts: LogicPD SOM-LV: Fix I2C1 pinmux
- [armhf] dts: LogicPD Torpedo: Fix I2C1 pinmux
- [x86] mm: Give each mm TLB flush generation a unique ID
- [x86] speculation: Use Indirect Branch Prediction Barrier in context
switch
- md: only allow remove_and_add_spares when no sync_thread running.
- netlink: put module reference if dump start fails
- [x86] apic/vector: Handle legacy irq data correctly
- bridge: check brport attr show in brport_show
- fib_semantics: Don't match route with mismatching tclassid
- hdlc_ppp: carrier detect ok, don't turn off negotiation
- ipv6 sit: work around bogus gcc-8 -Wrestrict warning
- net: fix race on decreasing number of TX queues
- net: ipv4: don't allow setting net.ipv4.route.min_pmtu below 68
- netlink: ensure to loop over all netns in genlmsg_multicast_allns()
- ppp: prevent unregistered channels from connecting to PPP units
- udplite: fix partial checksum initialization
- sctp: fix dst refcnt leak in sctp_v4_get_dst
- net: phy: fix phy_start to consider PHY_IGNORE_INTERRUPT
- tcp: Honor the eor bit in tcp_mtu_probe
- rxrpc: Fix send in rxrpc_send_data_packet()
- tcp_bbr: better deal with suboptimal GSO
- sctp: fix dst refcnt leak in sctp_v6_get_dst()
- [s390x] qeth: fix underestimated count of buffer elements
- [s390x] qeth: fix SETIP command handling
- [s390x] qeth: fix overestimated count of buffer elements
- [s390x] qeth: fix IP removal on offline cards
- [s390x] qeth: fix double-free on IP add/remove race
- [s390x] qeth: fix IP address lookup for L3 devices
- [s390x] qeth: fix IPA command submission race
- sctp: verify size of a new chunk in _sctp_make_chunk() (CVE-2018-5803)
- net: mpls: Pull common label check into helper
- mpls, nospec: Sanitize array index in mpls_label_ok()
- bpf: fix wrong exposure of map_flags into fdinfo for lpm
- bpf: fix mlock precharge on arraymaps
- bpf, x64: implement retpoline for tail call
- bpf, arm64: fix out of bounds access in tail call
- bpf: add schedule points in percpu arrays management
- bpf, ppc64: fix out of bounds access in tail call
- btrfs: preserve i_mode if __btrfs_set_acl() fails
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.88
- RDMA/ucma: Limit possible option size
- RDMA/ucma: Check that user doesn't overflow QP state
- RDMA/mlx5: Fix integer overflow while resizing CQ
- [x86] drm/i915: Try EDID bitbanging on HDMI after failed read
- scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS
- [x86] drm/i915: Always call to intel_display_set_init_power() in
resume_early.
- workqueue: Allow retrieval of current task's work struct
- drm: Allow determining if current task is output poll worker
- drm/nouveau: Fix deadlock on runtime suspend
- drm/radeon: Fix deadlock on runtime suspend
- drm/amdgpu: Fix deadlock on runtime suspend
- drm/amdgpu: Notify sbios device ready before send request
- drm/radeon: fix KV harvesting
- drm/amdgpu: fix KV harvesting
- drm/amdgpu:Correct max uvd handles
- drm/amdgpu:Always save uvd vcpu_bo in VM Mode
- [mips*/octeon] irq: Check for null return on kzalloc allocation
- loop: Fix lost writes caused by missing flag
- virtio_ring: fix num_free handling in error case
- [s390x] KVM: fix memory overwrites when not using SCA entries
- kbuild: Handle builtin dtb file names containing hyphens
- IB/mlx5: Fix incorrect size of klms in the memory region
- bcache: fix crashes in duplicate cache device register
- bcache: don't attach backing with duplicate UUID
- [x86] MCE: Serialize sysfs changes (CVE-2018-7995)
- perf tools: Fix trigger class trigger_on()
- [x86] spectre_v2: Don't check microcode versions when running under
hypervisors
- ALSA: hda/realtek: Limit mic boost on T480
- ALSA: hda/realtek - Fix dock line-out volume on Dell Precision 7520
- ALSA: hda/realtek - Make dock sound work on ThinkPad L570
- ALSA: seq: Don't allow resizing pool in use
- ALSA: seq: More protection for concurrent write and ioctl races
- ALSA: hda: add dock and led support for HP EliteBook 820 G3
- ALSA: hda: add dock and led support for HP ProBook 640 G2
- nospec: Kill array_index_nospec_mask_check()
- nospec: Include <asm/barrier.h> dependency
- Revert "x86/retpoline: Simplify vmexit_fill_RSB()"
- [x86] speculation: Use IBRS if available before calling into firmware
- [x86] retpoline: Support retpoline builds with Clang
- [x86] speculation, objtool: Annotate indirect calls/jumps for objtool
- [x86] boot, objtool: Annotate indirect jump in secondary_startup_64()
- [x86] speculation: Move firmware_restrict_branch_speculation_*() from C
to CPP
- [x86] paravirt, objtool: Annotate indirect calls
- watchdog: hpwdt: SMBIOS check
- watchdog: hpwdt: Check source of NMI
- watchdog: hpwdt: fix unused variable warning
- watchdog: hpwdt: Remove legacy NMI sourcing.
- [armhf] omap2: hide omap3_save_secure_ram on non-OMAP3 builds
- Input: tca8418_keypad - remove double read of key event register
- tc358743: fix register i2c_rd/wr function fix
- netfilter: add back stackpointer size checks (CVE-2018-1065)
- netfilter: x_tables: fix missing timer initialization in xt_LED
- netfilter: nat: cope with negative port range
- netfilter: IDLETIMER: be syzkaller friendly
- netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
(CVE-2018-1068)
- netfilter: bridge: ebt_among: add missing match size checks
- netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt
- netfilter: x_tables: pass xt_counters struct instead of packet counter
- netfilter: x_tables: pass xt_counters struct to counter allocator
- netfilter: x_tables: pack percpu counter allocations
- ext4: inplace xattr block update fails to deduplicate blocks
- ubi: Fix race condition between ubi volume creation and udev
- scsi: qla2xxx: Replace fcport alloc with qla2x00_alloc_fcport
- NFS: Fix an incorrect type in struct nfs_direct_req
- NFS: Fix unstable write completion
- [x86] module: Detect and skip invalid relocations
- [x86] Treat R_X86_64_PLT32 as R_X86_64_PC32
- serial: sh-sci: prevent lockup on full TTY buffers
- tty/serial: atmel: add new version check for usart
- uas: fix comparison for error code
- [x86] staging: comedi: fix comedi_nsamples_left.
- USB: storage: Add JMicron bridge 152d:2567 to unusual_devs.h
- usbip: vudc: fix null pointer dereference on udc->lock
- usb: quirks: add control message delay for 1b1c:1b20
- usb: usbmon: Read text within supplied buffer size
- usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb()
- serial: 8250_pci: Add Brainboxes UC-260 4 port serial device
- serial: core: mark port as initialized in autoconfig
- earlycon: add reg-offset to physical address before mapping
- PCI: dwc: Fix enumeration end when reaching root subordinate
.
[Yves-Alexis Perez]
* [powerpc*] drop RFI patches, now included upstream
.
[ Salvatore Bonaccorso ]
* [rt] Refresh 0001-timer-make-the-base-lock-raw.patch context
* [rt] Update to 4.9.84-rt62
* blkcg: fix double free of new_blkg in blkcg_init_queue (CVE-2018-7480)
* CIFS: Enable encryption during session setup phase (CVE-2018-1066)
* staging: ncpfs: memory corruption in ncp_read_kernel() (CVE-2018-8822)
* [arm64] net: hns: Fix a skb used after free bug (CVE-2017-18218)
* media: usbtv: prevent double free in error case (CVE-2017-17975)
* [arm64] net: hns: fix ethtool_get_strings overflow in hns driver
* [arm64] net: hns: Fix ethtool private flags (CVE-2017-18222)
* scsi: libsas: fix memory leak in sas_smp_get_phy_events() (CVE-2018-7757)
* ext4: add validity checks for bitmap block numbers (CVE-2018-1093)
* ext4: fix bitmap position validation
* ext4: fail ext4_iget for root directory if unallocated (CVE-2018-1092)
* random: fix crng_ready() test (CVE-2018-1108)
* random: set up the NUMA crng instances after the CRNG is fully initialized
* random: crng_reseed() should lock the crng instance that it is modifying
* random: fix possible sleeping allocation from irq context
* perf/hwbp: Simplify the perf-hwbp code, fix documentation
(CVE-2018-1000199)
.
[ Ben Hutchings ]
* [x86] Revert "x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping"
to avoid an ABI change
* [x86] mm: Avoid ABI change for addition of ctx_id
* [x86] cpu: Avoid ABI change in 4.9.83
* crypto: hash: Avoid ABI change in 4.9.84
* fs: Avoid ABI change in 4.9.85
* [x86] nospec: Ignore ABI change for removal of __clear_rsb and __fill_rsb,
previously exported for use by KVM
* [x86] Ignore ABI change for cpu_tlbstate, apparently not used externally
* jbd2: Ignore ABI changes
* tpm_tis: Ignore ABI changes
* ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent
(CVE-2017-18216)
* ocfs2: ip_alloc_sem should be taken in ocfs2_get_block() (CVE-2017-18224)
* f2fs: fix a panic caused by NULL flush_cmd_control (CVE-2017-18241)
* f2fs: fix a dead loop in f2fs_fiemap() (CVE-2017-18257)
* mm/hugetlb.c: don't call region_abort if region_chg fails
* hugetlbfs: fix offset overflow in hugetlbfs mmap
* hugetlbfs: check for pgoff value overflow (CVE-2018-7740)
* mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
(CVE-2018-8087)
* drm: udl: Properly check framebuffer mmap offsets (CVE-2018-8781)
* xfs: set format back to extents if xfs_bmap_extents_to_btree
(CVE-2018-10323)
* debian/lib/python/debian_linux/gencontrol.py: Allow uploads to *-security
with a simple revision
linux-latest (80+deb9u5) stretch; urgency=medium
.
* Update to 4.9.0-7
llvm-toolchain-4.0 (1:4.0.1-10~deb9u2) stretch; urgency=medium
.
* Don't link with gold on s390x, not available in stretch.
llvm-toolchain-4.0 (1:4.0.1-10~deb9u1) stretch; urgency=medium
.
* Build for stretch-security to be used by Firefox ESR60
* Add Build-Conflicts: to golang-go (prevents build failure similar
to #840208)
llvm-toolchain-4.0 (1:4.0.1-9) unstable; urgency=medium
.
* Create clang-tools-4.0 and move the various clang tools into it
clang-tools-4.0 depends on clang-4.0. This might affect some packages.
(Closes: #836397)
* Update of the copyright file (Closes: #878502)
Thanks to Nicholas D Steeves for the work
* Take a patch for a stack alignment on sparc64 for rust
Thanks to John Paul Adrian Glaubitz for the work (Closes: #880221)
* Update of the clang description
* Standards-Version updated to 4.1.1
* Remove some old breaks/replaces/conflicts (<3.8)
* Fix some wrong-section-according-to-package-name and
priority-extra-is-replaced-by-priority-optional issues
* liblld-4.0-dev depends on liblld-4.0 (Closes: #856545)
* Use ?= for some variables declarations
* Remove the hardcoded declarations of llvm version in debian/rules
* add /usr/lib/cuda to the CUDA toolkit search paths
Thanks to Andreas Beckmann for the patch (Closes: #882505) (LP: #1706326)
* Fix the fix-scan-view-path.diff path (Closes: #885827)
* Move libomp-dev from Suggests to Recommends (Closes: #882781)
* Do not ship liblld-4.0-dbg for now (Closes: #889269)
llvm-toolchain-4.0 (1:4.0.1-8) unstable; urgency=medium
.
[ Ximin Luo ]
* Backport some patches (originally from rust, and upstreamed) to fix two
failing tests in rustc.
.
[ Sylvestre Ledru ]
* Try to fix the mipsel FTBFS (Closes: #877567)
I am trying the first option from the bug:
- gsplit-dward on 32 bits archs
- -g everywhere
Many thanks to Adrian Bunk for that
llvm-toolchain-4.0 (1:4.0.1-7) unstable; urgency=medium
.
* Force the deactivation of ocaml until the transition is done
* Standards-Version: 4.1.0
llvm-toolchain-4.0 (1:4.0.1-6) unstable; urgency=medium
.
* Remove the -Wl option to call gold instead of the normal linker
(Closes: #876787)
* For now, lld doesn't generate shared libs. Removing the files
(Closes: #857653)
* Add the missing lldb symlinks (Closes: #872237)
.
[ Gianfranco Costamagna ]
* Fixup previous upload, adding -NDEBUG to build flags,
lost in the -g -> -g1 switch
llvm-toolchain-4.0 (1:4.0.1-5) unstable; urgency=medium
.
* Backport of an arm patch for rust.
https://bugs.llvm.org/show_bug.cgi?id=32379
(Closes: #876072)
.
[ Matthias Klose ]
* Link with --no-keep-files-mapped --no-map-whole-files when using gold.
* Fix sanitizer build failure with glibc-2.26.
* build using gold on arm64 and s390x. For backports, arm64 might still
need the BFD linker, and building with only one or two processes in
parallel.
* On amd64, s390x, arm64 and ppc64el, build with -g1 instead of -g.
* Set CMAKE_CXX_FLAGS_RELWITHDEBINFO and pass opt_flags.
llvm-toolchain-4.0 (1:4.0.1-3) unstable; urgency=medium
.
* Fix the FTBFS because of -gsplit-dwarf:
- Only enable it on archs which needs it
- Only enable it when gcc supports it correctly
llvm-toolchain-4.0 (1:4.0.1-2) unstable; urgency=medium
.
* Rebuild with gcc 7 to fix a relocation error (Closes: #866354)
* Also add a missing include in ftfbs-gcc.diff to fix a ftbfs
with gcc 7
* ld.lld manpage wasn't installed
* Link LLDB with -latomic on powerpcspe (Closes: #872267)
* Disable -gsplit-dwarf when using gcc 7 for causing a linking issue
See https://bugs.llvm.org/show_bug.cgi?id=34140
(Closes: #853526)
* clang was producing unusable binaries on armv5tel (Closes #873305)
Thanks to Adrian Bunk for the patch
.
[ Katsuhiko Nishimra ]
* Ensure /usr/bin/g++-$(GCC_VERSION) exists (Closes: #871591)
llvm-toolchain-4.0 (1:4.0.1-1) unstable; urgency=medium
.
* New stable release
* Add libomp-dev to the suggests of clang
* Add the ld.lld manpage
* Add Provides on python-lldb-x.y & python-clang-x.y & libllvm-x.y-ocaml-dev
to avoid the recurring problem about conflicts
(Closes: #835546, #863739, #863742)
* Standards-Version => 4.0.0
* Generate the llvm-tblgen, clang-change-namespace, clang-offload-bundler
lld, clang++, clang-check, clang-cpp & clang-import-test manpages
* Remove the --no-discard-stderr option from help2man calls
llvm-toolchain-4.0 (1:4.0.1~+rc3-1) unstable; urgency=medium
.
[ Sylvestre Ledru ]
* Try to fix polly on hurd (missing PATH_MAX)
* New snapshot release
.
[ Gianfranco Costamagna ]
* Fix clang-doc generation
- there was a missing install file
llvm-toolchain-4.0 (1:4.0.1~+rc2-1) unstable; urgency=medium
.
* New snapshot release
* Remove clang-tblgen from clang-X.Y (done by upstream)
llvm-toolchain-4.0 (1:4.0.1~+rc1-1) unstable; urgency=medium
.
* New snapshot release
llvm-toolchain-4.0 (1:4.0-5) unstable; urgency=medium
.
* Really fix "use versioned symbols" for llvm
Thanks to Julien Cristau for the patch (Closes: #849098)
* Prepare version 4.0.1
* Tolerate if ocaml failed
* Just like with snapshot, add libncurses in the list of build deps
(Closes: #861170)
llvm-toolchain-4.0 (1:4.0-3) unstable; urgency=medium
.
* Explicit the dep of clang-tidy on same version of llvm to avoid
undefined symbols
* Add override_dh_makeshlibs for the libllvm or liblldb versions
Thanks to Julien Cristau for the patch
* change the min version of the libclang1 symbols to 1:4.0-3~
* Add override_dh_makeshlibs for the libllvm or liblldb versions
Thanks to Julien Cristau for the patch
* Fix the symlink on scan-build-py
.
[ Rebecca N. Palmer ]
* Use versioned symbols (Closes: #848368)
llvm-toolchain-4.0 (1:4.0-1) unstable; urgency=medium
.
* New upstream release
llvm-toolchain-4.0 (1:4.0~+rc4-1) unstable; urgency=medium
.
* New testing release
llvm-toolchain-4.0 (1:4.0~+rc3-1) unstable; urgency=medium
.
* New testing release
* Fix the C++ include path order (Closes: #855222)
Many thanks to Jason Rhinelander for investigating
llvm-toolchain-4.0 (1:4.0~+rc2-1) unstable; urgency=medium
.
* New testing release
* Fix the VCS-* links
llvm-toolchain-4.0 (1:4.0~+rc1-1) unstable; urgency=medium
.
* New testing release
llvm-toolchain-4.0 (1:4.0~svn292009-1~exp1) experimental; urgency=medium
.
* Upsream branched.
Snapshot is now 5.0, 4.0 is ongoing
* d/p/silent-amdgpu-test-failing.diff silent amdgpu tests failing
(see upstream bug 31610)
* d/p/lldb-server-link-issue.patch removed, merged upstream
* Also install python-lldb-4.0 when installing lldb-4.0 (Closes: #851171)
* Bring back the content of llvm-4.0-doc (Closes: #844616)
* d/p/pthread-link.diff Hardcode like to pthread which was missing for
libclang
local-apt-repository (0.4+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Backport changes from Joachim Breitner to stop breaking apt
when the package is removed but not purged. (Closes: #881753)
loook (0.8.4-1+deb9u1) stretch; urgency=medium
.
* Backported fix for handling password protected files (#884582)
* Change E-Mail address of Maintainer after becoming DD in control and
in changelog
lucene-solr (3.6.2+dfsg-10+deb9u2) stretch-security; urgency=high
.
* Team upload.
* Fix CVE-2018-1308: XML external entity expansion in Solr's
DataImportHandler. It can be used as XXE using file/ftp/http protocols in
order to read arbitrary local files from the Solr server or the internal
network. (Closes: #896604)
* Symlink /etc/solr/solr-jetty.xml into /var/lib/jetty9/webapps/solr.xml
to make solr-jetty work out-of-the-box. (Closes: #886090)
Thanks to J.P. Larocque for the report.
mbedtls (2.4.2-1+deb9u2) stretch-security; urgency=high
.
* Fix CVE-2017-18187:
Unsafe bounds check in ssl_parse_client_psk_identity().
* Fix CVE-2018-0487:
Buffer overflow when verifying RSASSA-PSS signatures. (Closes: #890288)
* Fix CVE-2018-0488:
Buffer overflow when truncated HMAC is enabled. (Closes: #890287)
memcached (1.4.33-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
.
[ Guillaume Delacour ]
* Fix CVE-2017-9951 by checking the integer length of commands that adds or
replaces key/value pair (Closes: #868701)
* Fix CVE-2018-1000115
+ debian/patches/10_CVE-2018-1000115.patch disable listening on UDP port
by default (from Ubuntu)
+ debian/NEWS add explanation and document how to re-enable UDP if
necessary.
.
[ Salvatore Bonaccorso ]
* Don't overflow item refcount on get (CVE-2018-1000127) (Closes: #894404)
miniupnpd (1.8.20140523-4.1+deb9u1) stretch; urgency=medium
.
* Apply patch from upstream for CVE-2017-1000494 (Closes: #887129).
mupdf (1.9a+ds1-4+deb9u3) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2018-6544, CVE-2018-1000051
add patches to fix use after free (Closes: #891245)
nss-pam-ldapd (0.9.7-2+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Increase size of hostname buffer.
This increases the host name buffer to support host names (that include
FQDNs) to 255 characters and removes the reliance on HOST_NAME_MAX and
_POSIX_HOST_NAME_MAX which may be smaller in some situations.
(Closes: #890508)
nvidia-graphics-drivers (384.130-1) stretch; urgency=medium
.
* New upstream long lived branch release 384.130 (2018-03-28).
* Fixed CVE-2018-6249, CVE-2018-6253.
https://nvidia.custhelp.com/app/answers/detail/a_id/4649
(Closes: #894338)
- Improved compatibility with recent Linux kernels.
- Fixed a string concatenation bug that caused libGL to accidentally try to
create the directory "$HOME.nv" rather than "$HOME/.nv" in some cases
where /tmp isn't accessible. (Closes: #888028)
- Increased the version numbers of the GLVND libGL, libGLESv1_CM,
libGLESv2, and libEGL libraries, to prevent concurrently installed
non-GLVND libraries from taking precedence in the dynamic linker
cache.
* New upstream release 340 series.
- Fixed a bug which could cause X servers that export a Video Driver
ABI earlier than 0.8 to crash when running X11 applications which
call XRenderAddTraps().
.
[ Luca Boccassi ]
* Install the renamed GLVND libraries and add SONAME symlinks.
.
[ Andreas Beckmann ]
* Bump the required glx-diversions/glx-alternative-nvidia version for the
renamed GLVND libraries.
* Upload to stretch
nvidia-graphics-drivers (384.130-1~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
.
nvidia-graphics-drivers (384.130-1) stretch; urgency=medium
.
* New upstream long lived branch release 384.130 (2018-03-28).
* Fixed CVE-2018-6249, CVE-2018-6253.
https://nvidia.custhelp.com/app/answers/detail/a_id/4649
(Closes: #894338)
- Improved compatibility with recent Linux kernels.
- Fixed a string concatenation bug that caused libGL to accidentally try to
create the directory "$HOME.nv" rather than "$HOME/.nv" in some cases
where /tmp isn't accessible. (Closes: #888028)
- Increased the version numbers of the GLVND libGL, libGLESv1_CM,
libGLESv2, and libEGL libraries, to prevent concurrently installed
non-GLVND libraries from taking precedence in the dynamic linker
cache.
* New upstream release 340 series.
- Fixed a bug which could cause X servers that export a Video Driver
ABI earlier than 0.8 to crash when running X11 applications which
call XRenderAddTraps().
.
[ Luca Boccassi ]
* Install the renamed GLVND libraries and add SONAME symlinks.
.
[ Andreas Beckmann ]
* Bump the required glx-diversions/glx-alternative-nvidia version for the
renamed GLVND libraries.
* Upload to stretch.
nvidia-graphics-drivers (384.111-4) unstable; urgency=medium
.
* nvidia-kernel-{dkms,source}: Mention the supported architecture(s) in the
long Description.
* Use dh_missing --fail-missing.
* Update lintian overrides.
nvidia-graphics-drivers (384.111-4~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
* Relax the libvulkan1 (build-)dependency.
* Do not conflict with *-glvnd-nvidia, there is no libglvnd in stretch.
* Continue recommending the GLESv1 library for stretch.
.
nvidia-graphics-drivers (384.111-4) unstable; urgency=medium
.
* nvidia-kernel-{dkms,source}: Mention the supported architecture(s) in the
long Description.
* Use dh_missing --fail-missing.
* Update lintian overrides.
.
nvidia-graphics-drivers (384.111-3) unstable; urgency=medium
.
* Add more Breaks to nvidia-driver-libs and nvidia-driver-libs-nonglvnd to
ease upgrade paths and switching.
* nvidia-alternative.prerm: Trigger register-glx-alternative-nvidia upon
removal. (Closes: #883637)
* libgl1-nvidia-glx.prerm: Do not forcibly remove the nvidia alternative,
this would reset it from manual mode to auto mode while it could still
be needed by other packages, e.g. libcuda1. Let the nvidia-alternative
triggers handle it instead.
* nvidia-kernel-dkms: Remove libelf-dev workaround, fixed in src:linux.
.
nvidia-graphics-drivers (384.111-2) unstable; urgency=medium
.
* Bump Standards-Version to 4.1.3. No changes needed.
* Add Breaks between nvidia-driver-libs and nvidia-driver-libs-nonglvnd.
.
nvidia-graphics-drivers (384.111-1) unstable; urgency=medium
.
* New upstream long lived branch release 384.111 (2018-01-04).
* Fixed CVE-2017-5753, CVE-2017-5715 (spectre), CVE-2017-5754 (meltdown).
https://nvidia.custhelp.com/app/answers/detail/a_id/4611
(Closes: #886852)
- Added support for the following GPUs: GeForce MX130, GeForce MX110,
GeForce GTX 1050 Ti with Max-Q Design, Quadro P500.
- Fixed a regression that prevented displays connected via some types of
passive adapters (e.g. DMS-59 to VGA or DVI) from working correctly.
The regression was introduced with driver version 384.98.
- Fixed a bug that caused Quadro M2200 GPUs to enter the lowest available
PowerMizer performance level when under load.
* Improved compatibility with recent Linux kernels. (Closes: #886470)
.
[ Andreas Beckmann ]
* Support easier and consistent switching between GLVND/non-GLVND variants.
* nvidia-driver-libs{,-i386}: Depend only on the GLVND variants.
* nvidia-driver-libs-nonglvnd{,-i386}: New metapackages depending only on
the non-GLVND variants. (Closes: #864497)
* nvidia-driver-libs: Stop recommending the GLES1 library, dropped by MESA.
* Stop shipping the classic libnvidia-tls.so.* and ship the modern one (for
Linux 2.6 onwards) in the regular libdir instead of the tls/ subdir.
(Closes: #883615)
* Add #tls# substitution for the tls/ source directory.
* Bump Standards-Version to 4.1.2. No changes needed.
.
[ Luca Boccassi ]
* Update nv-readme.ids.
* Update symbols files.
* nvidia-kernel-dkms: add dependency to libelf-dev [amd64] to fix kernel
modules builds failures due to new config used by the kernel.
Workaround for #886474.
* Update German debconf translation. Thank you Holger Wansing!
(Closes: #885925)
* Update Russian debconf translation. Thank you Lev Lamberov!
(Closes: #886005)
.
nvidia-graphics-drivers (384.98-3) unstable; urgency=medium
.
* Fix libnvidia-ptxjitcompiler.so.1 alternative link. (Closes: #883303)
.
nvidia-graphics-drivers (384.98-2) unstable; urgency=medium
.
* Merge changes from 381.22-3.
* Restrict watch file to releases from the 384.xx long lived branch.
* Fix circular dependency between stamp and generated nvidia_icd.json.
* Upload to unstable.
.
nvidia-graphics-drivers (384.98-1) experimental; urgency=medium
.
* New upstream long lived branch release 384.98 (2017-11-02).
- Added support for the following GPUs: P104-101, P106-090,
Tesla V100-SXM2-16GB, Tesla V100-PCIE-16GB.
- Fixed a bug that could cause some eDP G-SYNC displays to flicker at low
refresh rates.
- Fixed a bug that could cause OpenGL applications to crash after a
prolonged DPMS sleep state on a monitor driven with PRIME Sync.
- Fixed a bug that artificially limited the maximum pixel clock to 300 MHz
when using certain more capable DisplayPort to HDMI adapters.
- Fixed a bug that prevented the NVIDIA kernel modules from building for
non-SMP Linux kernels.
- Updated the output of `nvidia-smi nvlink --status` to include reporting
NVLink speed.
- Fixed a bug that caused incorrect PCI topology reporting in nvidia-smi
on Intel Skylake systems.
* Improved compatibility with recent Linux kernels.
.
[ Luca Boccassi ]
* Update nv-readme.ids.
* Drop nvidia-drm-master-dev.patch and nvidia-drm-crtc.patch, issues fixed
upstream.
.
[ Andreas Beckmann ]
* Merge changes from 375.82-8.
.
nvidia-graphics-drivers (384.90-2) experimental; urgency=medium
.
* Merge changes from 375.82-7. (Closes: #876766)
* libcuda1: Add Provides: libcuda-9.0-1{,-i386}.
.
nvidia-graphics-drivers (384.90-1) experimental; urgency=medium
.
* New upstream long lived branch release 384.90 (2017-09-21).
* Fixed CVE-2017-6266, CVE-2017-6267, CVE-2017-6272. (Closes: #876414)
https://nvidia.custhelp.com/app/answers/detail/a_id/4544
- Fixed a regression that caused display flickering at lower PowerMizer
performance levels on some GPUs.
- Fixed a regression that prevented console restoration after a VT switch
on some GPUs.
- Fixed a bug that could cause a system hang when resuming from suspend
with some GPUs.
- Fixed a bug that caused slow or stuttering frame rates in applications
that use GLX_EXT_swap_control_tear while G-SYNC is active.
- Added support for the following GPU: Quadro P5200.
- Fixed a bug in the NVIDIA VDPAU driver that caused
VdpVideoSurfaceGetBitsYCbCr() of H.265/HEVC content to have interlaced
artifacts.
- Fixed a bug that caused the X driver to not correctly report the
"BlendOrder" MetaMode token when querying the MetaMode through, e.g.,
`nvidia-settings --query CurrentMetaMode`.
* Closes: #877971.
.
[ Luca Boccassi ]
* Refresh man-fixes-nvidia-smi.patch.
* Update nv-readme.ids.
* Update symbols files.
.
[ Andreas Beckmann ]
* Merge changes from 375.82-5. (Closes: #878023)
.
nvidia-graphics-drivers (384.69-1) experimental; urgency=medium
.
* New upstream long lived branch release 384.69 (2017-08-22).
- Fixed an intermittent hang when using Vulkan to present directly to
display with the VK_KHR_display extension. SteamVR was particularly
affected by that hang.
- Added support for the following GPU: Quadro P4000 with Max-Q Design.
* New upstream long lived branch release 384.59 (2017-07-24).
* Fixed CVE-2017-6257, CVE-2017-6259. (Closes: #869783)
https://nvidia.custhelp.com/app/answers/detail/a_id/4525
- Added support for the following GPUs: GeForce GT 1030, GeForce MX150,
P104-100, P106-100.
- Fixed a bug that caused S4 suspend (also known as "hibernate") to hang
during suspend when SLI was enabled.
- Fixed a bug where devices would not be properly enumerated by
the Vulkan driver. See the "Known Issues" section of the README
for more details.
* New upstream beta 384.47 (2017-06-29).
- Fixed a bug that could cause OpenGL applications to crash after
calling glDeleteBuffers on VBOs that have been remapped with
ARB_vertex_attrib_binding.
- Fixed a bug that could sometimes cause OpenGL applications to
lock up until the X server receives input.
- Fixed a bug that caused VDPAU playback to be corrupted when
extended to coordinates beyond 16384 pixels.
- Restored several sanity checks that were inadvertently removed from
the kernel module build process in the 355.06 driver.
- Added support for a "Nearest" transform filter in the X driver.
This causes the X driver to use nearest neighbor filtering when
performing screen transformations. The filter can be requested
through the 'filter' argument to RandR's RRSetCrtcTransform,
or through the 'ResamplingMethod' MetaMode token.
* New upstream release 375 series.
- Disabled G-SYNC in desktop environments, such as Budgie, that use
libmutter-0.so.
An existing rule to disable G-SYNC for libmutter.so no longer applied
after the library was renamed to libmutter-0.so.
.
[ Luca Boccassi ]
* Refresh man-fixes-nvidia-smi.patch for 384.47.
* Update nv-readme.ids.
* Update symbols files.
.
[ Andreas Beckmann ]
* Rename libnvidia-ptxjitcompiler to libnvidia-ptxjitcompiler1, this library
gained a stable SONAME.
* Update lintian overrides.
* Upload to experimental.
.
nvidia-graphics-drivers (381.22-3) unstable; urgency=medium
.
* Merge changes from 378.13-3.
* Upload to unstable.
.
nvidia-graphics-drivers (381.22-2) experimental; urgency=medium
.
* Merge changes from 375.82-3.
.
nvidia-graphics-drivers (381.22-1) experimental; urgency=medium
.
* New upstream short lived branch release 381.22 (2017-05-09).
* Fixed CVE-2017-0350, CVE-2017-0351, CVE-2017-0352. (Closes: #863515)
https://nvidia.custhelp.com/app/answers/detail/a_id/4462
- Fixed a bug that caused the GLX_EXT_buffer_age buffer age extension to
return incorrect values for stereo drawables when using passive stereo
modes 5 through 9.
- Fixed a bug in Vulkan direct to display where DP1.2 monitors were not
being enumerated.
* New upstream beta 381.09 (2017-04-06).
- Improved compatibility with recent kernels.
- Fixed a bug that caused applications to crash in some situations when
calling glXMakeCurrent while OpenGL threaded optimizations were enabled.
This frequently occurred when Steam was attempting to make a video appear
full-screen.
- Fixed a bug that caused VDPAU applications to use the blit presentation
queue when a previous VDPAU application didn't shut down cleanly.
- Fixed hangs and crashes that could occur when an OpenGL context is created
while the system is out of available memory.
- Fixed a bug that caused corruption when OpenGL windows were moved or
resized.
- Fixed a bug that caused X screens that use Option "UseDisplayDevice"
"none" to be resized to 640x480 when using "xrandr -s" to change the
screen configuration.
- Fixed a kernel crash that occurred when attempting to map large user
memory allocations into CUDA.
- Disabled OpenGL threaded optimizations by default, initially
enabled in 378.09, due to various reports of instability.
- Added support for the following Vulkan extensions:
VK_EXT_acquire_xlib_display, VK_EXT_display_control,
VK_EXT_display_surface_counter, VK_EXT_direct_mode_display,
VK_KHX_external_memory, VK_KHX_external_memory_fd,
VK_KHX_external_semaphore, VK_KHX_external_semaphore_fd.
These extensions require a Vulkan loader version >= 1.0.42.
- Removed the X driver's logo splash screen and the corresponding NoLogo
and LogoPath xorg.conf options.
- Added the "ResamplingMethod" MetaMode option, adding support for
bicubic resampling methods when scaling screen transformations
are in use. See the README for more details.
.
[ Andreas Beckmann ]
* Bump libvulkan1 dependency to (>= 1.0.42).
* Add nvidia-nonglvnd-vulkan-icd and nvidia-nonglvnd-vulkan-common for the
non-GLVND variant of Vulkan support. (Closes: #864477)
* Use nvidia_icd.json as the template to generate the non-GLVND variant.
* Rename libgldispatch0-nvidia to libglvnd0-nvidia, matching libglvnd0.
* GLVND stub libs: Conflicts/Replaces/Provides the libglvnd package names.
* Use libglvnd libraries as preferred alternative dependencies.
* Restrict watch file to releases from the 381.xx short lived branch.
* Update lintian overrides.
* Upload to experimental.
.
nvidia-graphics-drivers (378.13-3) unstable; urgency=medium
.
* Merge changes from 375.82-9.
* Upload to unstable.
.
nvidia-graphics-drivers (378.13-2) experimental; urgency=medium
.
[ Andreas Beckmann ]
* Merge changes from 375.82-1.
.
[ Luca Boccassi ]
* Add fatal-signal.patch to fix kernel module build on Linux 4.11 and newer.
* Add kref-refcount.patch, drm-encoder.patch, drm-unload.patch,
drm-helper-mode.patch and drm-vma-fault.patch to fix kernel module build
on Linux 4.11 and newer. (Closes: #870677)
* Add set-memory.patch to fix kernel module build on Linux 4.12 and newer.
.
nvidia-graphics-drivers (378.13-1) experimental; urgency=medium
.
* New upstream short lived branch release 378.13 (2017-02-14).
- Disabled OpenGL threaded optimizations by default under Xinerama.
* New upstream beta 378.09 (2017-01-18).
- Added support for the ARB_parallel_shader_compile extension to allow
multi-threaded compilation of GLSL shaders.
- Updated the X driver to ignore any Virtual Reality Head Mounted
Displays (HMDs). See the "AllowHMD" X configuration option in the
README for details.
- The driver will now advertise GLX FBConfigs with no depth bits on depth 30
X screens.
- Added support in nvidia-settings to view configured PRIME displays. To
enable PRIME displays, see "Offloading Graphics Display with RandR 1.4"
in the README.
- Added infrastructure which enables the NVIDIA EGL driver to load EGL
external platform libraries that add client-side support for new window
systems, beyond the existing libnvidia-egl-wayland.so.1. For more
details, see:
- https://github.com/NVIDIA/eglexternalplatform
- https://github.com/NVIDIA/egl-wayland
- Added support for the following Vulkan extensions: VK_KHR_display,
VK_KHR_display_swapchain.
- Enabled OpenGL threaded optimizations by default in the driver. Refer to
the "Threaded Optimizations" section in the "Specifying OpenGL Environment
Variable Settings" chapter of the README for details. These optimizations
will self-disable when they are degrading performance. As a result,
performance should be unchanged for many applications, and increased for
those that benefit from threaded optimizations and were not already
forcing them enabled.
.
[ Luca Boccassi ]
* Refresh nvidia-drm-master-dev.patch for 378.09 to remove fuzz
* Update symbols files
* Add support and virtual provides for OpenCL 2.0 in the ICD loader library.
* Rename libnvidia-egl-wayland -> libnvidia-egl-wayland1 to follow SONAME
change
* Add new nvidia-egl-wayland-icd and nvidia-egl-wayland-common packages to
add support for the new EGL external platform infrastructure
* Add deprecated-cpu-events.patch, dma-fence-rename.patch and
vmf-address.patch to fix kernel module build on Linux 4.10 and newer.
.
[ Andreas Beckmann ]
* Restrict watch file to releases from the 378.xx short lived branch.
* Upload to experimental.
.
nvidia-graphics-drivers (375.82-9) unstable; urgency=medium
.
* B-D: dpkg-dev (>= 1.18.8) for SOURCE_DATE_EPOCH in pkg-info.mk.
* Set Rules-Requires-Root: no.
.
nvidia-graphics-drivers (375.82-8) unstable; urgency=medium
.
* Do not provide libglvnd package names at all.
* nvidia-driver-libs: Add Conflicts against *-glvnd-nvidia to force
switching to the libglvnd packages. (Closes: #878035, #879261, 875438)
* Use https:// URLs where possible.
.
nvidia-graphics-drivers (375.82-7) unstable; urgency=medium
.
* Use Conflicts+Replaces+Provides on the provided libglvnd package names,
Breaks does not work for M-A: same packages. (Closes: #879821)
* Use debian/substvars for substitutions by dpkg-genchanges (dpkg 1.19).
* nvidia-detect: Detect devices in PCI classes 0301 (XGA compatible
controller) and 0302 (3D controller), too. (Closes: #879792)
* bug-script: List these devices, too.
.
nvidia-graphics-drivers (375.82-6) unstable; urgency=high
.
[ Luca Boccassi ]
* Add use-kbuild-gcc-plugins.patch to fix kernel module build failure
when the kernel is built with CONFIG_GCC_PLUGIN*. (Closes: #878677)
.
[ Andreas Beckmann ]
* Provide libglvnd package names, mesa 17.x is now in testing.
(Closes: #876766, #389971)
* Do not provide libglvnd package names where the NVIDIA provided binaries
are missing symbols w.r.t. to the libglvnd packages.
(Closes: #879264, #879013)
.
nvidia-graphics-drivers (375.82-5) unstable; urgency=medium
.
[ Andreas Beckmann ]
* Use Priority: optional for transitional packages.
* Bump Standards-Version to 4.1.1.
* bug-control: Add arch qualification to M-A:same packages in report-with
list otherwise reportbug will ignore them if more than one is installed.
* bug-control: Report status of libglvnd packages.
* Simplify upstream changelog handling.
.
[ Luca Boccassi ]
* Add nvidia-drm-crtc.patch to fix nvidia-drm kernel module build failure
for Linux 4.14. (Closes: #878160)
.
nvidia-graphics-drivers (375.82-4) unstable; urgency=medium
.
* Prevent mixing libgl1-nvidia-glx with libgl1-nvidia-glvnd-glx.
* Use versioned Depends and Provides/Breaks/Replaces on the packages also
built from src:libglvnd s.t. they cannot be satisfied by virtual packages
provided from src:mesa (<< 17). (Closes: #875683, #876100)
* Do not yet provide the libglvnd package names that were also virtual
packages in mesa (for compatibility with mesa (<< 17) still in testing).
* Update lintian overrides.
.
nvidia-graphics-drivers (375.82-3) unstable; urgency=medium
.
* nvidia-legacy-check: Fix debconf errors if more than one legacy NVIDIA
device is present. (Closes: #869817, #864406, #812595)
* Mark GRID K1, GRID K2, GRID K340 as legacy GPUs supported only up to
nvidia-legacy-340xx-driver. (Closes: #873050)
* GLVND stub libs: Provide the libglvnd package names.
* Provide libglx-vendor, libegl-vendor for libglvnd compatibility.
.
nvidia-graphics-drivers (375.82-2) unstable; urgency=medium
.
[ Andreas Beckmann ]
* Bump Standards-Version to 4.1.0. No changes needed.
* nvidia-alternative: Explicitly use interest-await triggers.
* Switch from dh_install --list-missing to dh_missing.
* Use dpkg makefile snippets instead of manual changelog parsing.
* build-module-packages.sh: Order kernels by descending version.
Skip PREEMPT_RT (*-rt-*) kernels, unsupported upstream.
* Add nvidia-nonglvnd-vulkan-icd and nvidia-nonglvnd-vulkan-common for the
non-GLVND variant of Vulkan support. (Closes: #864477)
* Use nvidia_icd.json as the template to generate the non-GLVND variant.
* Rename libgldispatch0-nvidia to libglvnd0-nvidia, matching libglvnd0.
* Use libglvnd libraries as preferred alternative dependencies.
* GLVND stub libs: Conflicts/Replaces the corresponding libglvnd packages.
.
[ Luca Boccassi ]
* README.source: Add pointer to the wiki for instructions to build latest
packages from SVN.
* Switch to my debian.org email address in Uploaders.
.
[ Russ Allbery ]
* Remove myself from Uploaders.
nvidia-graphics-drivers (384.111-4~deb9u1~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
* Revert changelog parsing changes that require dpkg 1.18.
.
nvidia-graphics-drivers (384.111-4~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
* Relax the libvulkan1 (build-)dependency.
* Do not conflict with *-glvnd-nvidia, there is no libglvnd in stretch.
* Continue recommending the GLESv1 library for stretch.
.
nvidia-graphics-drivers (384.111-4) unstable; urgency=medium
.
* nvidia-kernel-{dkms,source}: Mention the supported architecture(s) in the
long Description.
* Use dh_missing --fail-missing.
* Update lintian overrides.
.
nvidia-graphics-drivers (384.111-3) unstable; urgency=medium
.
* Add more Breaks to nvidia-driver-libs and nvidia-driver-libs-nonglvnd to
ease upgrade paths and switching.
* nvidia-alternative.prerm: Trigger register-glx-alternative-nvidia upon
removal. (Closes: #883637)
* libgl1-nvidia-glx.prerm: Do not forcibly remove the nvidia alternative,
this would reset it from manual mode to auto mode while it could still
be needed by other packages, e.g. libcuda1. Let the nvidia-alternative
triggers handle it instead.
* nvidia-kernel-dkms: Remove libelf-dev workaround, fixed in src:linux.
.
nvidia-graphics-drivers (384.111-2) unstable; urgency=medium
.
* Bump Standards-Version to 4.1.3. No changes needed.
* Add Breaks between nvidia-driver-libs and nvidia-driver-libs-nonglvnd.
.
nvidia-graphics-drivers (384.111-1) unstable; urgency=medium
.
* New upstream long lived branch release 384.111 (2018-01-04).
* Fixed CVE-2017-5753, CVE-2017-5715 (spectre), CVE-2017-5754 (meltdown).
https://nvidia.custhelp.com/app/answers/detail/a_id/4611
(Closes: #886852)
- Added support for the following GPUs: GeForce MX130, GeForce MX110,
GeForce GTX 1050 Ti with Max-Q Design, Quadro P500.
- Fixed a regression that prevented displays connected via some types of
passive adapters (e.g. DMS-59 to VGA or DVI) from working correctly.
The regression was introduced with driver version 384.98.
- Fixed a bug that caused Quadro M2200 GPUs to enter the lowest available
PowerMizer performance level when under load.
* Improved compatibility with recent Linux kernels. (Closes: #886470)
.
[ Andreas Beckmann ]
* Support easier and consistent switching between GLVND/non-GLVND variants.
* nvidia-driver-libs{,-i386}: Depend only on the GLVND variants.
* nvidia-driver-libs-nonglvnd{,-i386}: New metapackages depending only on
the non-GLVND variants. (Closes: #864497)
* nvidia-driver-libs: Stop recommending the GLES1 library, dropped by MESA.
* Stop shipping the classic libnvidia-tls.so.* and ship the modern one (for
Linux 2.6 onwards) in the regular libdir instead of the tls/ subdir.
(Closes: #883615)
* Add #tls# substitution for the tls/ source directory.
* Bump Standards-Version to 4.1.2. No changes needed.
.
[ Luca Boccassi ]
* Update nv-readme.ids.
* Update symbols files.
* nvidia-kernel-dkms: add dependency to libelf-dev [amd64] to fix kernel
modules builds failures due to new config used by the kernel.
Workaround for #886474.
* Update German debconf translation. Thank you Holger Wansing!
(Closes: #885925)
* Update Russian debconf translation. Thank you Lev Lamberov!
(Closes: #886005)
.
nvidia-graphics-drivers (384.98-3) unstable; urgency=medium
.
* Fix libnvidia-ptxjitcompiler.so.1 alternative link. (Closes: #883303)
.
nvidia-graphics-drivers (384.98-2) unstable; urgency=medium
.
* Merge changes from 381.22-3.
* Restrict watch file to releases from the 384.xx long lived branch.
* Fix circular dependency between stamp and generated nvidia_icd.json.
* Upload to unstable.
.
nvidia-graphics-drivers (384.98-1) experimental; urgency=medium
.
* New upstream long lived branch release 384.98 (2017-11-02).
- Added support for the following GPUs: P104-101, P106-090,
Tesla V100-SXM2-16GB, Tesla V100-PCIE-16GB.
- Fixed a bug that could cause some eDP G-SYNC displays to flicker at low
refresh rates.
- Fixed a bug that could cause OpenGL applications to crash after a
prolonged DPMS sleep state on a monitor driven with PRIME Sync.
- Fixed a bug that artificially limited the maximum pixel clock to 300 MHz
when using certain more capable DisplayPort to HDMI adapters.
- Fixed a bug that prevented the NVIDIA kernel modules from building for
non-SMP Linux kernels.
- Updated the output of `nvidia-smi nvlink --status` to include reporting
NVLink speed.
- Fixed a bug that caused incorrect PCI topology reporting in nvidia-smi
on Intel Skylake systems.
* Improved compatibility with recent Linux kernels.
.
[ Luca Boccassi ]
* Update nv-readme.ids.
* Drop nvidia-drm-master-dev.patch and nvidia-drm-crtc.patch, issues fixed
upstream.
.
[ Andreas Beckmann ]
* Merge changes from 375.82-8.
.
nvidia-graphics-drivers (384.90-2) experimental; urgency=medium
.
* Merge changes from 375.82-7. (Closes: #876766)
* libcuda1: Add Provides: libcuda-9.0-1{,-i386}.
.
nvidia-graphics-drivers (384.90-1) experimental; urgency=medium
.
* New upstream long lived branch release 384.90 (2017-09-21).
* Fixed CVE-2017-6266, CVE-2017-6267, CVE-2017-6272. (Closes: #876414)
https://nvidia.custhelp.com/app/answers/detail/a_id/4544
- Fixed a regression that caused display flickering at lower PowerMizer
performance levels on some GPUs.
- Fixed a regression that prevented console restoration after a VT switch
on some GPUs.
- Fixed a bug that could cause a system hang when resuming from suspend
with some GPUs.
- Fixed a bug that caused slow or stuttering frame rates in applications
that use GLX_EXT_swap_control_tear while G-SYNC is active.
- Added support for the following GPU: Quadro P5200.
- Fixed a bug in the NVIDIA VDPAU driver that caused
VdpVideoSurfaceGetBitsYCbCr() of H.265/HEVC content to have interlaced
artifacts.
- Fixed a bug that caused the X driver to not correctly report the
"BlendOrder" MetaMode token when querying the MetaMode through, e.g.,
`nvidia-settings --query CurrentMetaMode`.
* Closes: #877971.
.
[ Luca Boccassi ]
* Refresh man-fixes-nvidia-smi.patch.
* Update nv-readme.ids.
* Update symbols files.
.
[ Andreas Beckmann ]
* Merge changes from 375.82-5. (Closes: #878023)
.
nvidia-graphics-drivers (384.69-1) experimental; urgency=medium
.
* New upstream long lived branch release 384.69 (2017-08-22).
- Fixed an intermittent hang when using Vulkan to present directly to
display with the VK_KHR_display extension. SteamVR was particularly
affected by that hang.
- Added support for the following GPU: Quadro P4000 with Max-Q Design.
* New upstream long lived branch release 384.59 (2017-07-24).
* Fixed CVE-2017-6257, CVE-2017-6259. (Closes: #869783)
https://nvidia.custhelp.com/app/answers/detail/a_id/4525
- Added support for the following GPUs: GeForce GT 1030, GeForce MX150,
P104-100, P106-100.
- Fixed a bug that caused S4 suspend (also known as "hibernate") to hang
during suspend when SLI was enabled.
- Fixed a bug where devices would not be properly enumerated by
the Vulkan driver. See the "Known Issues" section of the README
for more details.
* New upstream beta 384.47 (2017-06-29).
- Fixed a bug that could cause OpenGL applications to crash after
calling glDeleteBuffers on VBOs that have been remapped with
ARB_vertex_attrib_binding.
- Fixed a bug that could sometimes cause OpenGL applications to
lock up until the X server receives input.
- Fixed a bug that caused VDPAU playback to be corrupted when
extended to coordinates beyond 16384 pixels.
- Restored several sanity checks that were inadvertently removed from
the kernel module build process in the 355.06 driver.
- Added support for a "Nearest" transform filter in the X driver.
This causes the X driver to use nearest neighbor filtering when
performing screen transformations. The filter can be requested
through the 'filter' argument to RandR's RRSetCrtcTransform,
or through the 'ResamplingMethod' MetaMode token.
* New upstream release 375 series.
- Disabled G-SYNC in desktop environments, such as Budgie, that use
libmutter-0.so.
An existing rule to disable G-SYNC for libmutter.so no longer applied
after the library was renamed to libmutter-0.so.
.
[ Luca Boccassi ]
* Refresh man-fixes-nvidia-smi.patch for 384.47.
* Update nv-readme.ids.
* Update symbols files.
.
[ Andreas Beckmann ]
* Rename libnvidia-ptxjitcompiler to libnvidia-ptxjitcompiler1, this library
gained a stable SONAME.
* Update lintian overrides.
* Upload to experimental.
.
nvidia-graphics-drivers (381.22-3) unstable; urgency=medium
.
* Merge changes from 378.13-3.
* Upload to unstable.
.
nvidia-graphics-drivers (381.22-2) experimental; urgency=medium
.
* Merge changes from 375.82-3.
.
nvidia-graphics-drivers (381.22-1) experimental; urgency=medium
.
* New upstream short lived branch release 381.22 (2017-05-09).
* Fixed CVE-2017-0350, CVE-2017-0351, CVE-2017-0352. (Closes: #863515)
https://nvidia.custhelp.com/app/answers/detail/a_id/4462
- Fixed a bug that caused the GLX_EXT_buffer_age buffer age extension to
return incorrect values for stereo drawables when using passive stereo
modes 5 through 9.
- Fixed a bug in Vulkan direct to display where DP1.2 monitors were not
being enumerated.
* New upstream beta 381.09 (2017-04-06).
- Improved compatibility with recent kernels.
- Fixed a bug that caused applications to crash in some situations when
calling glXMakeCurrent while OpenGL threaded optimizations were enabled.
This frequently occurred when Steam was attempting to make a video appear
full-screen.
- Fixed a bug that caused VDPAU applications to use the blit presentation
queue when a previous VDPAU application didn't shut down cleanly.
- Fixed hangs and crashes that could occur when an OpenGL context is created
while the system is out of available memory.
- Fixed a bug that caused corruption when OpenGL windows were moved or
resized.
- Fixed a bug that caused X screens that use Option "UseDisplayDevice"
"none" to be resized to 640x480 when using "xrandr -s" to change the
screen configuration.
- Fixed a kernel crash that occurred when attempting to map large user
memory allocations into CUDA.
- Disabled OpenGL threaded optimizations by default, initially
enabled in 378.09, due to various reports of instability.
- Added support for the following Vulkan extensions:
VK_EXT_acquire_xlib_display, VK_EXT_display_control,
VK_EXT_display_surface_counter, VK_EXT_direct_mode_display,
VK_KHX_external_memory, VK_KHX_external_memory_fd,
VK_KHX_external_semaphore, VK_KHX_external_semaphore_fd.
These extensions require a Vulkan loader version >= 1.0.42.
- Removed the X driver's logo splash screen and the corresponding NoLogo
and LogoPath xorg.conf options.
- Added the "ResamplingMethod" MetaMode option, adding support for
bicubic resampling methods when scaling screen transformations
are in use. See the README for more details.
.
[ Andreas Beckmann ]
* Bump libvulkan1 dependency to (>= 1.0.42).
* Add nvidia-nonglvnd-vulkan-icd and nvidia-nonglvnd-vulkan-common for the
non-GLVND variant of Vulkan support. (Closes: #864477)
* Use nvidia_icd.json as the template to generate the non-GLVND variant.
* Rename libgldispatch0-nvidia to libglvnd0-nvidia, matching libglvnd0.
* GLVND stub libs: Conflicts/Replaces/Provides the libglvnd package names.
* Use libglvnd libraries as preferred alternative dependencies.
* Restrict watch file to releases from the 381.xx short lived branch.
* Update lintian overrides.
* Upload to experimental.
.
nvidia-graphics-drivers (378.13-3) unstable; urgency=medium
.
* Merge changes from 375.82-9.
* Upload to unstable.
.
nvidia-graphics-drivers (378.13-2) experimental; urgency=medium
.
[ Andreas Beckmann ]
* Merge changes from 375.82-1.
.
[ Luca Boccassi ]
* Add fatal-signal.patch to fix kernel module build on Linux 4.11 and newer.
* Add kref-refcount.patch, drm-encoder.patch, drm-unload.patch,
drm-helper-mode.patch and drm-vma-fault.patch to fix kernel module build
on Linux 4.11 and newer. (Closes: #870677)
* Add set-memory.patch to fix kernel module build on Linux 4.12 and newer.
.
nvidia-graphics-drivers (378.13-1) experimental; urgency=medium
.
* New upstream short lived branch release 378.13 (2017-02-14).
- Disabled OpenGL threaded optimizations by default under Xinerama.
* New upstream beta 378.09 (2017-01-18).
- Added support for the ARB_parallel_shader_compile extension to allow
multi-threaded compilation of GLSL shaders.
- Updated the X driver to ignore any Virtual Reality Head Mounted
Displays (HMDs). See the "AllowHMD" X configuration option in the
README for details.
- The driver will now advertise GLX FBConfigs with no depth bits on depth 30
X screens.
- Added support in nvidia-settings to view configured PRIME displays. To
enable PRIME displays, see "Offloading Graphics Display with RandR 1.4"
in the README.
- Added infrastructure which enables the NVIDIA EGL driver to load EGL
external platform libraries that add client-side support for new window
systems, beyond the existing libnvidia-egl-wayland.so.1. For more
details, see:
- https://github.com/NVIDIA/eglexternalplatform
- https://github.com/NVIDIA/egl-wayland
- Added support for the following Vulkan extensions: VK_KHR_display,
VK_KHR_display_swapchain.
- Enabled OpenGL threaded optimizations by default in the driver. Refer to
the "Threaded Optimizations" section in the "Specifying OpenGL Environment
Variable Settings" chapter of the README for details. These optimizations
will self-disable when they are degrading performance. As a result,
performance should be unchanged for many applications, and increased for
those that benefit from threaded optimizations and were not already
forcing them enabled.
.
[ Luca Boccassi ]
* Refresh nvidia-drm-master-dev.patch for 378.09 to remove fuzz
* Update symbols files
* Add support and virtual provides for OpenCL 2.0 in the ICD loader library.
* Rename libnvidia-egl-wayland -> libnvidia-egl-wayland1 to follow SONAME
change
* Add new nvidia-egl-wayland-icd and nvidia-egl-wayland-common packages to
add support for the new EGL external platform infrastructure
* Add deprecated-cpu-events.patch, dma-fence-rename.patch and
vmf-address.patch to fix kernel module build on Linux 4.10 and newer.
.
[ Andreas Beckmann ]
* Restrict watch file to releases from the 378.xx short lived branch.
* Upload to experimental.
.
nvidia-graphics-drivers (375.82-9) unstable; urgency=medium
.
* B-D: dpkg-dev (>= 1.18.8) for SOURCE_DATE_EPOCH in pkg-info.mk.
* Set Rules-Requires-Root: no.
.
nvidia-graphics-drivers (375.82-8) unstable; urgency=medium
.
* Do not provide libglvnd package names at all.
* nvidia-driver-libs: Add Conflicts against *-glvnd-nvidia to force
switching to the libglvnd packages. (Closes: #878035, #879261, 875438)
* Use https:// URLs where possible.
.
nvidia-graphics-drivers (375.82-7) unstable; urgency=medium
.
* Use Conflicts+Replaces+Provides on the provided libglvnd package names,
Breaks does not work for M-A: same packages. (Closes: #879821)
* Use debian/substvars for substitutions by dpkg-genchanges (dpkg 1.19).
* nvidia-detect: Detect devices in PCI classes 0301 (XGA compatible
controller) and 0302 (3D controller), too. (Closes: #879792)
* bug-script: List these devices, too.
.
nvidia-graphics-drivers (375.82-6) unstable; urgency=high
.
[ Luca Boccassi ]
* Add use-kbuild-gcc-plugins.patch to fix kernel module build failure
when the kernel is built with CONFIG_GCC_PLUGIN*. (Closes: #878677)
.
[ Andreas Beckmann ]
* Provide libglvnd package names, mesa 17.x is now in testing.
(Closes: #876766, #389971)
* Do not provide libglvnd package names where the NVIDIA provided binaries
are missing symbols w.r.t. to the libglvnd packages.
(Closes: #879264, #879013)
.
nvidia-graphics-drivers (375.82-5) unstable; urgency=medium
.
[ Andreas Beckmann ]
* Use Priority: optional for transitional packages.
* Bump Standards-Version to 4.1.1.
* bug-control: Add arch qualification to M-A:same packages in report-with
list otherwise reportbug will ignore them if more than one is installed.
* bug-control: Report status of libglvnd packages.
* Simplify upstream changelog handling.
.
[ Luca Boccassi ]
* Add nvidia-drm-crtc.patch to fix nvidia-drm kernel module build failure
for Linux 4.14. (Closes: #878160)
.
nvidia-graphics-drivers (375.82-4) unstable; urgency=medium
.
* Prevent mixing libgl1-nvidia-glx with libgl1-nvidia-glvnd-glx.
* Use versioned Depends and Provides/Breaks/Replaces on the packages also
built from src:libglvnd s.t. they cannot be satisfied by virtual packages
provided from src:mesa (<< 17). (Closes: #875683, #876100)
* Do not yet provide the libglvnd package names that were also virtual
packages in mesa (for compatibility with mesa (<< 17) still in testing).
* Update lintian overrides.
.
nvidia-graphics-drivers (375.82-3) unstable; urgency=medium
.
* nvidia-legacy-check: Fix debconf errors if more than one legacy NVIDIA
device is present. (Closes: #869817, #864406, #812595)
* Mark GRID K1, GRID K2, GRID K340 as legacy GPUs supported only up to
nvidia-legacy-340xx-driver. (Closes: #873050)
* GLVND stub libs: Provide the libglvnd package names.
* Provide libglx-vendor, libegl-vendor for libglvnd compatibility.
.
nvidia-graphics-drivers (375.82-2) unstable; urgency=medium
.
[ Andreas Beckmann ]
* Bump Standards-Version to 4.1.0. No changes needed.
* nvidia-alternative: Explicitly use interest-await triggers.
* Switch from dh_install --list-missing to dh_missing.
* Use dpkg makefile snippets instead of manual changelog parsing.
* build-module-packages.sh: Order kernels by descending version.
Skip PREEMPT_RT (*-rt-*) kernels, unsupported upstream.
* Add nvidia-nonglvnd-vulkan-icd and nvidia-nonglvnd-vulkan-common for the
non-GLVND variant of Vulkan support. (Closes: #864477)
* Use nvidia_icd.json as the template to generate the non-GLVND variant.
* Rename libgldispatch0-nvidia to libglvnd0-nvidia, matching libglvnd0.
* Use libglvnd libraries as preferred alternative dependencies.
* GLVND stub libs: Conflicts/Replaces the corresponding libglvnd packages.
.
[ Luca Boccassi ]
* README.source: Add pointer to the wiki for instructions to build latest
packages from SVN.
* Switch to my debian.org email address in Uploaders.
.
[ Russ Allbery ]
* Remove myself from Uploaders.
nvidia-graphics-drivers (384.111-3) unstable; urgency=medium
.
* Add more Breaks to nvidia-driver-libs and nvidia-driver-libs-nonglvnd to
ease upgrade paths and switching.
* nvidia-alternative.prerm: Trigger register-glx-alternative-nvidia upon
removal. (Closes: #883637)
* libgl1-nvidia-glx.prerm: Do not forcibly remove the nvidia alternative,
this would reset it from manual mode to auto mode while it could still
be needed by other packages, e.g. libcuda1. Let the nvidia-alternative
triggers handle it instead.
* nvidia-kernel-dkms: Remove libelf-dev workaround, fixed in src:linux.
nvidia-graphics-drivers (384.111-3~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
nvidia-graphics-drivers (384.111-3) unstable; urgency=medium
.
* Add more Breaks to nvidia-driver-libs and nvidia-driver-libs-nonglvnd to
ease upgrade paths and switching.
* nvidia-alternative.prerm: Trigger register-glx-alternative-nvidia upon
removal. (Closes: #883637)
* libgl1-nvidia-glx.prerm: Do not forcibly remove the nvidia alternative,
this would reset it from manual mode to auto mode while it could still
be needed by other packages, e.g. libcuda1. Let the nvidia-alternative
triggers handle it instead.
* nvidia-kernel-dkms: Remove libelf-dev workaround, fixed in src:linux.
nvidia-graphics-drivers (384.111-2) unstable; urgency=medium
.
* Bump Standards-Version to 4.1.3. No changes needed.
* Add Breaks between nvidia-driver-libs and nvidia-driver-libs-nonglvnd.
nvidia-graphics-drivers (384.111-1) unstable; urgency=medium
.
* New upstream long lived branch release 384.111 (2018-01-04).
- Added support for the following GPUs: GeForce MX130, GeForce MX110,
GeForce GTX 1050 Ti with Max-Q Design, Quadro P500
- Fixed a regression that prevented displays connected via some types of
passive adapters (e.g. DMS-59 to VGA or DVI) from working correctly.
The regression was introduced with driver version 384.98.
- Fixed a bug that caused Quadro M2200 GPUs to enter the lowest available
PowerMizer performance level when under load.
* Closes: #886470
.
[ Andreas Beckmann ]
* Support easier and consistent switching between GLVND/non-GLVND variants.
* nvidia-driver-libs{,-i386}: Depend only on the GLVND variants.
* nvidia-driver-libs-nonglvnd{,-i386}: New metapackages depending only on
the non-GLVND variants. (Closes: #864497)
* Stop shipping the classic libnvidia-tls.so.* and ship the modern one (for
Linux 2.6 onwards) in the regular libdir instead of the tls/ subdir.
(Closes: #883615)
* Add #tls# substitution for the tls/ source directory.
* Bump Standards-Version to 4.1.2. No changes needed.
.
[ Luca Boccassi ]
* Update nv-readme.ids.
* Update symbols files.
* nvidia-kernel-dkms: add dependency to libelf-dev [amd64] to fix kernel
modules builds failures due to new config used by the kernel.
Workaround for #886474
* Update German debconf translation. Thank you Holger Wansing!
(Closes: #885925)
* Update Russian debconf translation. Thank you Lev Lamberov!
(Closes: #886005)
nvidia-graphics-drivers (384.111-1~bpo9+2) stretch-backports; urgency=medium
.
* nvidia-driver-libs: Continue recommending the GLES1 library for stretch.
* nvidia-driver-libs-nonglvnd: Do not conflict with *-glvnd-nvidia, there is
no libglvnd in stretch.
.
nvidia-graphics-drivers (384.111-2) unstable; urgency=medium
.
* Bump Standards-Version to 4.1.3. No changes needed.
* Add Breaks between nvidia-driver-libs and nvidia-driver-libs-nonglvnd.
nvidia-graphics-drivers (384.111-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
* Relax the libvulkan1 build-dependency.
.
nvidia-graphics-drivers (384.111-1) unstable; urgency=medium
.
* New upstream long lived branch release 384.111 (2018-01-04).
* Fixed CVE-2017-5753, CVE-2017-5715 (spectre), CVE-2017-5754 (meltdown).
https://nvidia.custhelp.com/app/answers/detail/a_id/4611
(Closes: #886852)
- Added support for the following GPUs: GeForce MX130, GeForce MX110,
GeForce GTX 1050 Ti with Max-Q Design, Quadro P500.
- Fixed a regression that prevented displays connected via some types of
passive adapters (e.g. DMS-59 to VGA or DVI) from working correctly.
The regression was introduced with driver version 384.98.
- Fixed a bug that caused Quadro M2200 GPUs to enter the lowest available
PowerMizer performance level when under load.
* Improved compatibility with recent Linux kernels. (Closes: #886470)
.
[ Andreas Beckmann ]
* Support easier and consistent switching between GLVND/non-GLVND variants.
* nvidia-driver-libs{,-i386}: Depend only on the GLVND variants.
* nvidia-driver-libs-nonglvnd{,-i386}: New metapackages depending only on
the non-GLVND variants. (Closes: #864497)
* Stop shipping the classic libnvidia-tls.so.* and ship the modern one (for
Linux 2.6 onwards) in the regular libdir instead of the tls/ subdir.
(Closes: #883615)
* Add #tls# substitution for the tls/ source directory.
* Bump Standards-Version to 4.1.2. No changes needed.
.
[ Luca Boccassi ]
* Update nv-readme.ids.
* Update symbols files.
* nvidia-kernel-dkms: add dependency to libelf-dev [amd64] to fix kernel
modules builds failures due to new config used by the kernel.
Workaround for #886474.
* Update German debconf translation. Thank you Holger Wansing!
(Closes: #885925)
* Update Russian debconf translation. Thank you Lev Lamberov!
(Closes: #886005)
nvidia-graphics-drivers (384.98-3) unstable; urgency=medium
.
* Fix libnvidia-ptxjitcompiler.so.1 alternative link. (Closes: #883303)
nvidia-graphics-drivers (384.98-3~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
* Relax the libvulkan1 dependency.
.
nvidia-graphics-drivers (384.98-3) unstable; urgency=medium
.
* Fix libnvidia-ptxjitcompiler.so.1 alternative link. (Closes: #883303)
.
nvidia-graphics-drivers (384.98-2) unstable; urgency=medium
.
* Merge changes from 381.22-3.
* Restrict watch file to releases from the 384.xx long lived branch.
* Fix circular dependency between stamp and generated nvidia_icd.json.
* Upload to unstable.
.
nvidia-graphics-drivers (384.98-1) experimental; urgency=medium
.
* New upstream long lived branch release 384.98 (2017-11-02).
- Added support for the following GPUs: P104-101, P106-090,
Tesla V100-SXM2-16GB, Tesla V100-PCIE-16GB.
- Fixed a bug that could cause some eDP G-SYNC displays to flicker at low
refresh rates.
- Fixed a bug that could cause OpenGL applications to crash after a
prolonged DPMS sleep state on a monitor driven with PRIME Sync.
- Fixed a bug that artificially limited the maximum pixel clock to 300 MHz
when using certain more capable DisplayPort to HDMI adapters.
- Fixed a bug that prevented the NVIDIA kernel modules from building for
non-SMP Linux kernels.
- Updated the output of `nvidia-smi nvlink --status` to include reporting
NVLink speed.
- Fixed a bug that caused incorrect PCI topology reporting in nvidia-smi
on Intel Skylake systems.
* Improved compatibility with recent Linux kernels.
.
[ Luca Boccassi ]
* Update nv-readme.ids.
* Drop nvidia-drm-master-dev.patch and nvidia-drm-crtc.patch, issues fixed
upstream.
.
[ Andreas Beckmann ]
* Merge changes from 375.82-8.
.
nvidia-graphics-drivers (384.90-2) experimental; urgency=medium
.
* Merge changes from 375.82-7. (Closes: #876766)
* libcuda1: Add Provides: libcuda-9.0-1{,-i386}.
.
nvidia-graphics-drivers (384.90-1) experimental; urgency=medium
.
* New upstream long lived branch release 384.90 (2017-09-21).
* Fixed CVE-2017-6266, CVE-2017-6267, CVE-2017-6272. (Closes: #876414)
- Fixed a regression that caused display flickering at lower PowerMizer
performance levels on some GPUs.
- Fixed a regression that prevented console restoration after a VT switch
on some GPUs.
- Fixed a bug that could cause a system hang when resuming from suspend
with some GPUs.
- Fixed a bug that caused slow or stuttering frame rates in applications
that use GLX_EXT_swap_control_tear while G-SYNC is active.
- Added support for the following GPU: Quadro P5200.
- Fixed a bug in the NVIDIA VDPAU driver that caused
VdpVideoSurfaceGetBitsYCbCr() of H.265/HEVC content to have interlaced
artifacts.
- Fixed a bug that caused the X driver to not correctly report the
"BlendOrder" MetaMode token when querying the MetaMode through, e.g.,
`nvidia-settings --query CurrentMetaMode`.
* Closes: #877971.
.
[ Luca Boccassi ]
* Refresh man-fixes-nvidia-smi.patch.
* Update nv-readme.ids.
* Update symbols files.
.
[ Andreas Beckmann ]
* Merge changes from 375.82-5. (Closes: #878023)
.
nvidia-graphics-drivers (384.69-1) experimental; urgency=medium
.
* New upstream long lived branch release 384.69 (2017-08-22).
- Fixed an intermittent hang when using Vulkan to present directly to
display with the VK_KHR_display extension. SteamVR was particularly
affected by that hang.
- Added support for the following GPU: Quadro P4000 with Max-Q Design.
* New upstream long lived branch release 384.59 (2017-07-24).
* Fixed CVE-2017-6257, CVE-2017-6259. (Closes: #869783)
- Added support for the following GPUs: GeForce GT 1030, GeForce MX150,
P104-100, P106-100.
- Fixed a bug that caused S4 suspend (also known as "hibernate") to hang
during suspend when SLI was enabled.
- Fixed a bug where devices would not be properly enumerated by
the Vulkan driver. See the "Known Issues" section of the README
for more details.
* New upstream beta 384.47 (2017-06-29).
- Fixed a bug that could cause OpenGL applications to crash after
calling glDeleteBuffers on VBOs that have been remapped with
ARB_vertex_attrib_binding.
- Fixed a bug that could sometimes cause OpenGL applications to
lock up until the X server receives input.
- Fixed a bug that caused VDPAU playback to be corrupted when
extended to coordinates beyond 16384 pixels.
- Restored several sanity checks that were inadvertently removed from
the kernel module build process in the 355.06 driver.
- Added support for a "Nearest" transform filter in the X driver.
This causes the X driver to use nearest neighbor filtering when
performing screen transformations. The filter can be requested
through the 'filter' argument to RandR's RRSetCrtcTransform,
or through the 'ResamplingMethod' MetaMode token.
* New upstream release 375 series.
- Disabled G-SYNC in desktop environments, such as Budgie, that use
libmutter-0.so.
An existing rule to disable G-SYNC for libmutter.so no longer applied
after the library was renamed to libmutter-0.so.
.
[ Luca Boccassi ]
* Refresh man-fixes-nvidia-smi.patch for 384.47.
* Update nv-readme.ids.
* Update symbols files.
.
[ Andreas Beckmann ]
* Rename libnvidia-ptxjitcompiler to libnvidia-ptxjitcompiler1, this library
gained a stable SONAME.
* Update lintian overrides.
* Upload to experimental.
.
nvidia-graphics-drivers (381.22-3) unstable; urgency=medium
.
* Merge changes from 378.13-3.
* Upload to unstable.
.
nvidia-graphics-drivers (381.22-2) experimental; urgency=medium
.
* Merge changes from 375.82-3.
.
nvidia-graphics-drivers (381.22-1) experimental; urgency=medium
.
* New upstream short lived branch release 381.22 (2017-05-09).
* Fixed CVE-2017-0350, CVE-2017-0351, CVE-2017-0352. (Closes: #863515)
- Fixed a bug that caused the GLX_EXT_buffer_age buffer age extension to
return incorrect values for stereo drawables when using passive stereo
modes 5 through 9.
- Fixed a bug in Vulkan direct to display where DP1.2 monitors were not
being enumerated.
* New upstream beta 381.09 (2017-04-06).
- Improved compatibility with recent kernels.
- Fixed a bug that caused applications to crash in some situations when
calling glXMakeCurrent while OpenGL threaded optimizations were enabled.
This frequently occurred when Steam was attempting to make a video appear
full-screen.
- Fixed a bug that caused VDPAU applications to use the blit presentation
queue when a previous VDPAU application didn't shut down cleanly.
- Fixed hangs and crashes that could occur when an OpenGL context is created
while the system is out of available memory.
- Fixed a bug that caused corruption when OpenGL windows were moved or
resized.
- Fixed a bug that caused X screens that use Option "UseDisplayDevice"
"none" to be resized to 640x480 when using "xrandr -s" to change the
screen configuration.
- Fixed a kernel crash that occurred when attempting to map large user
memory allocations into CUDA.
- Disabled OpenGL threaded optimizations by default, initially
enabled in 378.09, due to various reports of instability.
- Added support for the following Vulkan extensions:
VK_EXT_acquire_xlib_display, VK_EXT_display_control,
VK_EXT_display_surface_counter, VK_EXT_direct_mode_display,
VK_KHX_external_memory, VK_KHX_external_memory_fd,
VK_KHX_external_semaphore, VK_KHX_external_semaphore_fd.
These extensions require a Vulkan loader version >= 1.0.42.
- Removed the X driver's logo splash screen and the corresponding NoLogo
and LogoPath xorg.conf options.
- Added the "ResamplingMethod" MetaMode option, adding support for
bicubic resampling methods when scaling screen transformations
are in use. See the README for more details.
.
[ Andreas Beckmann ]
* Bump libvulkan1 dependency to (>= 1.0.42).
* Add nvidia-nonglvnd-vulkan-icd and nvidia-nonglvnd-vulkan-common for the
non-GLVND variant of Vulkan support. (Closes: #864477)
* Use nvidia_icd.json as the template to generate the non-GLVND variant.
* Rename libgldispatch0-nvidia to libglvnd0-nvidia, matching libglvnd0.
* GLVND stub libs: Conflicts/Replaces/Provides the libglvnd package names.
* Use libglvnd libraries as preferred alternative dependencies.
* Restrict watch file to releases from the 381.xx short lived branch.
* Update lintian overrides.
* Upload to experimental.
.
nvidia-graphics-drivers (378.13-3) unstable; urgency=medium
.
* Merge changes from 375.82-9.
* Upload to unstable.
.
nvidia-graphics-drivers (378.13-2) experimental; urgency=medium
.
[ Andreas Beckmann ]
* Merge changes from 375.82-1.
.
[ Luca Boccassi ]
* Add fatal-signal.patch to fix kernel module build on Linux 4.11 and newer.
* Add kref-refcount.patch, drm-encoder.patch, drm-unload.patch,
drm-helper-mode.patch and drm-vma-fault.patch to fix kernel module build
on Linux 4.11 and newer. (Closes: #870677)
* Add set-memory.patch to fix kernel module build on Linux 4.12 and newer.
.
nvidia-graphics-drivers (378.13-1) experimental; urgency=medium
.
* New upstream short lived branch release 378.13 (2017-02-14).
- Disabled OpenGL threaded optimizations by default under Xinerama.
* New upstream beta 378.09 (2017-01-18).
- Added support for the ARB_parallel_shader_compile extension to allow
multi-threaded compilation of GLSL shaders.
- Updated the X driver to ignore any Virtual Reality Head Mounted
Displays (HMDs). See the "AllowHMD" X configuration option in the
README for details.
- The driver will now advertise GLX FBConfigs with no depth bits on depth 30
X screens.
- Added support in nvidia-settings to view configured PRIME displays. To
enable PRIME displays, see "Offloading Graphics Display with RandR 1.4"
in the README.
- Added infrastructure which enables the NVIDIA EGL driver to load EGL
external platform libraries that add client-side support for new window
systems, beyond the existing libnvidia-egl-wayland.so.1. For more
details, see:
- https://github.com/NVIDIA/eglexternalplatform
- https://github.com/NVIDIA/egl-wayland
- Added support for the following Vulkan extensions: VK_KHR_display,
VK_KHR_display_swapchain.
- Enabled OpenGL threaded optimizations by default in the driver. Refer to
the "Threaded Optimizations" section in the "Specifying OpenGL Environment
Variable Settings" chapter of the README for details. These optimizations
will self-disable when they are degrading performance. As a result,
performance should be unchanged for many applications, and increased for
those that benefit from threaded optimizations and were not already
forcing them enabled.
.
[ Luca Boccassi ]
* Refresh nvidia-drm-master-dev.patch for 378.09 to remove fuzz
* Update symbols files
* Add support and virtual provides for OpenCL 2.0 in the ICD loader library.
* Rename libnvidia-egl-wayland -> libnvidia-egl-wayland1 to follow SONAME
change
* Add new nvidia-egl-wayland-icd and nvidia-egl-wayland-common packages to
add support for the new EGL external platform infrastructure
* Add deprecated-cpu-events.patch, dma-fence-rename.patch and
vmf-address.patch to fix kernel module build on Linux 4.10 and newer.
* Restrict watch file to releases from the 378.xx short lived branch.
* Upload to experimental.
nvidia-graphics-drivers (384.98-2) unstable; urgency=medium
.
* Merge changes from 381.22-3.
* Restrict watch file to releases from the 384.xx long lived branch.
* Fix circular dependency between stamp and generated nvidia_icd.json.
* Upload to unstable.
nvidia-graphics-drivers (384.98-1) experimental; urgency=medium
.
* New upstream long lived branch release 384.98 (2017-11-02).
- Added support for the following GPUs: P104-101, P106-090,
Tesla V100-SXM2-16GB, Tesla V100-PCIE-16GB.
- Fixed a bug that could cause some eDP G-SYNC displays to flicker at low
refresh rates.
- Fixed a bug that could cause OpenGL applications to crash after a
prolonged DPMS sleep state on a monitor driven with PRIME Sync.
- Fixed a bug that artificially limited the maximum pixel clock to 300 MHz
when using certain more capable DisplayPort to HDMI adapters.
- Fixed a bug that prevented the NVIDIA kernel modules from building for
non-SMP Linux kernels.
- Updated the output of `nvidia-smi nvlink --status` to include reporting
NVLink speed.
- Fixed a bug that caused incorrect PCI topology reporting in nvidia-smi
on Intel Skylake systems.
* Improved compatibility with recent Linux kernels.
.
[ Luca Boccassi ]
* Update nv-readme.ids.
* Drop nvidia-drm-master-dev.patch and nvidia-drm-crtc.patch, issues fixed
upstream.
.
[ Andreas Beckmann ]
* Merge changes from 375.82-8.
nvidia-graphics-drivers (384.90-2) experimental; urgency=medium
.
* Merge changes from 375.82-7. (Closes: #876766)
* libcuda1: Add Provides: libcuda-9.0-1{,-i386}.
nvidia-graphics-drivers (384.90-1) experimental; urgency=medium
.
* New upstream long lived branch release 384.90 (2017-09-21).
* Fixed CVE-2017-6266, CVE-2017-6267, CVE-2017-6272. (Closes: #876414)
- Fixed a regression that caused display flickering at lower PowerMizer
performance levels on some GPUs.
- Fixed a regression that prevented console restoration after a VT switch
on some GPUs.
- Fixed a bug that could cause a system hang when resuming from suspend
with some GPUs.
- Fixed a bug that caused slow or stuttering frame rates in applications
that use GLX_EXT_swap_control_tear while G-SYNC is active.
- Added support for the following GPU: Quadro P5200.
- Fixed a bug in the NVIDIA VDPAU driver that caused
VdpVideoSurfaceGetBitsYCbCr() of H.265/HEVC content to have interlaced
artifacts.
- Fixed a bug that caused the X driver to not correctly report the
"BlendOrder" MetaMode token when querying the MetaMode through, e.g.,
`nvidia-settings --query CurrentMetaMode`.
.
[ Luca Boccassi ]
* Refresh man-fixes-nvidia-smi.patch.
* Update nv-readme.ids.
* Update symbols files.
.
[ Andreas Beckmann ]
* Merge changes from 375.82-5. (Closes: #878023)
nvidia-graphics-drivers (384.69-1) experimental; urgency=medium
.
* New upstream long lived branch release 384.69 (2017-08-22).
- Fixed an intermittent hang when using Vulkan to present directly to
display with the VK_KHR_display extension. SteamVR was particularly
affected by that hang.
- Added support for the following GPU: Quadro P4000 with Max-Q Design.
* New upstream long lived branch release 384.59 (2017-07-24).
* Fixed CVE-2017-6257, CVE-2017-6259. (Closes: #869783)
- Added support for the following GPUs: GeForce GT 1030, GeForce MX150,
P104-100, P106-100.
- Fixed a bug that caused S4 suspend (also known as "hibernate") to hang
during suspend when SLI was enabled.
- Fixed a bug where devices would not be properly enumerated by
the Vulkan driver. See the "Known Issues" section of the README
for more details.
* New upstream beta 384.47 (2017-06-29).
- Fixed a bug that could cause OpenGL applications to crash after
calling glDeleteBuffers on VBOs that have been remapped with
ARB_vertex_attrib_binding.
- Fixed a bug that could sometimes cause OpenGL applications to
lock up until the X server receives input.
- Fixed a bug that caused VDPAU playback to be corrupted when
extended to coordinates beyond 16384 pixels.
- Restored several sanity checks that were inadvertently removed from
the kernel module build process in the 355.06 driver.
- Added support for a "Nearest" transform filter in the X driver.
This causes the X driver to use nearest neighbor filtering when
performing screen transformations. The filter can be requested
through the 'filter' argument to RandR's RRSetCrtcTransform,
or through the 'ResamplingMethod' MetaMode token.
* New upstream release 375 series.
- Disabled G-SYNC in desktop environments, such as Budgie, that use
libmutter-0.so.
An existing rule to disable G-SYNC for libmutter.so no longer applied
after the library was renamed to libmutter-0.so.
.
[ Luca Boccassi ]
* Refresh man-fixes-nvidia-smi.patch for 384.47.
* Update nv-readme.ids.
* Update symbols files.
.
[ Andreas Beckmann ]
* Rename libnvidia-ptxjitcompiler to libnvidia-ptxjitcompiler1, this library
gained a stable SONAME.
* Update lintian overrides.
* Upload to experimental.
nvidia-graphics-drivers (381.22-3) unstable; urgency=medium
.
* Merge changes from 378.13-3.
* Upload to unstable.
nvidia-graphics-drivers (381.22-2) experimental; urgency=medium
.
* Merge changes from 375.82-3.
nvidia-graphics-drivers (381.22-1) experimental; urgency=medium
.
* New upstream short lived branch release 381.22 (2017-05-09).
* Fixed CVE-2017-0350, CVE-2017-0351, CVE-2017-0352. (Closes: #863515)
- Fixed a bug that caused the GLX_EXT_buffer_age buffer age extension to
return incorrect values for stereo drawables when using passive stereo
modes 5 through 9.
- Fixed a bug in Vulkan direct to display where DP1.2 monitors were not
being enumerated.
* New upstream beta 381.09 (2017-04-06).
- Improved compatibility with recent kernels.
- Fixed a bug that caused applications to crash in some situations when
calling glXMakeCurrent while OpenGL threaded optimizations were enabled.
This frequently occurred when Steam was attempting to make a video appear
full-screen.
- Fixed a bug that caused VDPAU applications to use the blit presentation
queue when a previous VDPAU application didn't shut down cleanly.
- Fixed hangs and crashes that could occur when an OpenGL context is created
while the system is out of available memory.
- Fixed a bug that caused corruption when OpenGL windows were moved or
resized.
- Fixed a bug that caused X screens that use Option "UseDisplayDevice"
"none" to be resized to 640x480 when using "xrandr -s" to change the
screen configuration.
- Fixed a kernel crash that occurred when attempting to map large user
memory allocations into CUDA.
- Disabled OpenGL threaded optimizations by default, initially
enabled in 378.09, due to various reports of instability.
- Added support for the following Vulkan extensions:
VK_EXT_acquire_xlib_display, VK_EXT_display_control,
VK_EXT_display_surface_counter, VK_EXT_direct_mode_display,
VK_KHX_external_memory, VK_KHX_external_memory_fd,
VK_KHX_external_semaphore, VK_KHX_external_semaphore_fd.
These extensions require a Vulkan loader version >= 1.0.42.
- Removed the X driver's logo splash screen and the corresponding NoLogo
and LogoPath xorg.conf options.
- Added the "ResamplingMethod" MetaMode option, adding support for
bicubic resampling methods when scaling screen transformations
are in use. See the README for more details.
.
[ Andreas Beckmann ]
* Bump libvulkan1 dependency to (>= 1.0.42).
* Add nvidia-nonglvnd-vulkan-icd and nvidia-nonglvnd-vulkan-common for the
non-GLVND variant of Vulkan support. (Closes: #864477)
* Use nvidia_icd.json as the template to generate the non-GLVND variant.
* Rename libgldispatch0-nvidia to libglvnd0-nvidia, matching libglvnd0.
* GLVND stub libs: Conflicts/Replaces/Provides the libglvnd package names.
* Use libglvnd libraries as preferred alternative dependencies.
* Restrict watch file to releases from the 381.xx short lived branch.
* Update lintian overrides.
* Upload to experimental.
nvidia-graphics-drivers (378.13-3) unstable; urgency=medium
.
* Merge changes from 375.82-9.
* Upload to unstable.
nvidia-graphics-drivers (378.13-2) experimental; urgency=medium
.
[ Andreas Beckmann ]
* Merge changes from 375.82-1.
.
[ Luca Boccassi ]
* Add fatal-signal.patch to fix kernel module build on Linux 4.11 and newer.
* Add kref-refcount.patch, drm-encoder.patch, drm-unload.patch,
drm-helper-mode.patch and drm-vma-fault.patch to fix kernel module build
on Linux 4.11 and newer. (Closes: #870677)
* Add set-memory.patch to fix kernel module build on Linux 4.12 and newer.
nvidia-graphics-drivers (378.13-1) experimental; urgency=medium
.
* New upstream short lived branch release 378.13 (2017-02-14).
- Disabled OpenGL threaded optimizations by default under Xinerama.
* New upstream beta 378.09 (2017-01-18).
- Added support for the ARB_parallel_shader_compile extension to allow
multi-threaded compilation of GLSL shaders.
- Updated the X driver to ignore any Virtual Reality Head Mounted
Displays (HMDs). See the "AllowHMD" X configuration option in the
README for details.
- The driver will now advertise GLX FBConfigs with no depth bits on depth 30
X screens.
- Added support in nvidia-settings to view configured PRIME displays. To
enable PRIME displays, see "Offloading Graphics Display with RandR 1.4"
in the README.
- Added infrastructure which enables the NVIDIA EGL driver to load EGL
external platform libraries that add client-side support for new window
systems, beyond the existing libnvidia-egl-wayland.so.1. For more
details, see:
- https://github.com/NVIDIA/eglexternalplatform
- https://github.com/NVIDIA/egl-wayland
- Added support for the following Vulkan extensions: VK_KHR_display,
VK_KHR_display_swapchain.
- Enabled OpenGL threaded optimizations by default in the driver. Refer to
the "Threaded Optimizations" section in the "Specifying OpenGL Environment
Variable Settings" chapter of the README for details. These optimizations
will self-disable when they are degrading performance. As a result,
performance should be unchanged for many applications, and increased for
those that benefit from threaded optimizations and were not already
forcing them enabled.
.
[ Luca Boccassi ]
* Refresh nvidia-drm-master-dev.patch for 378.09 to remove fuzz
* Update symbols files
* Add support and virtual provides for OpenCL 2.0 in the ICD loader library.
* Rename libnvidia-egl-wayland -> libnvidia-egl-wayland1 to follow SONAME
change
* Add new nvidia-egl-wayland-icd and nvidia-egl-wayland-common packages to
add support for the new EGL external platform infrastructure
* Add deprecated-cpu-events.patch, dma-fence-rename.patch and
vmf-address.patch to fix kernel module build on Linux 4.10 and newer.
* Restrict watch file to releases from the 378.xx short lived branch.
* Upload to experimental.
nvidia-graphics-drivers (375.82-9) unstable; urgency=medium
.
* B-D: dpkg-dev (>= 1.18.8) for SOURCE_DATE_EPOCH in pkg-info.mk.
* Set Rules-Requires-Root: no.
nvidia-graphics-drivers (375.82-9~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
nvidia-graphics-drivers (375.82-9) unstable; urgency=medium
.
* B-D: dpkg-dev (>= 1.18.8) for SOURCE_DATE_EPOCH in pkg-info.mk.
* Set Rules-Requires-Root: no.
nvidia-graphics-drivers (375.82-8) unstable; urgency=medium
.
* Do not provide libglvnd package names at all.
* nvidia-driver-libs: Add Conflicts against *-glvnd-nvidia to force
switching to the libglvnd packages. (Closes: #878035, #879261, 875438)
* Use https:// URLs where possible.
nvidia-graphics-drivers (375.82-8~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
* Do not conflict with *-glvnd-nvidia, there is no libglvnd in stretch.
.
nvidia-graphics-drivers (375.82-8) unstable; urgency=medium
.
* Do not provide libglvnd package names at all.
* nvidia-driver-libs: Add Conflicts against *-glvnd-nvidia to force
switching to the libglvnd packages. (Closes: #878035, #879261, 875438)
* Use https:// URLs where possible.
.
nvidia-graphics-drivers (375.82-7) unstable; urgency=medium
.
* Use Conflicts+Replaces+Provides on the provided libglvnd package names,
Breaks does not work for M-A: same packages. (Closes: #879821)
* Use debian/substvars for substitutions by dpkg-genchanges (dpkg 1.19).
* nvidia-detect: Detect devices in PCI classes 0301 (XGA compatible
controller) and 0302 (3D controller), too. (Closes: #879792)
* bug-script: List these devices, too.
.
nvidia-graphics-drivers (375.82-6) unstable; urgency=high
.
[ Luca Boccassi ]
* Add use-kbuild-gcc-plugins.patch to fix kernel module build failure
when the kernel is built with CONFIG_GCC_PLUGIN*. (Closes: #878677)
.
[ Andreas Beckmann ]
* Provide libglvnd package names, mesa 17.x is now in testing.
(Closes: #876766, #389971)
* Do not provide libglvnd package names where the NVIDIA provided binaries
are missing symbols w.r.t. to the libglvnd packages.
(Closes: #879264, #879013)
.
nvidia-graphics-drivers (375.82-5) unstable; urgency=medium
.
[ Andreas Beckmann ]
* Use Priority: optional for transitional packages.
* Bump Standards-Version to 4.1.1.
* bug-control: Add arch qualification to M-A:same packages in report-with
list otherwise reportbug will ignore them if more than one is installed.
* bug-control: Report status of libglvnd packages.
* Simplify upstream changelog handling.
.
[ Luca Boccassi ]
* Add nvidia-drm-crtc.patch to fix nvidia-drm kernel module build failure
for Linux 4.14. (Closes: #878160)
nvidia-graphics-drivers (375.82-7) unstable; urgency=medium
.
* Use Conflicts+Replaces+Provides on the provided libglvnd package names,
Breaks does not work for M-A: same packages. (Closes: #879821)
* Use debian/substvars for substitutions by dpkg-genchanges (dpkg 1.19).
* nvidia-detect: Detect devices in PCI classes 0301 (XGA compatible
controller) and 0302 (3D controller), too. (Closes: #879792)
* bug-script: List these devices, too.
nvidia-graphics-drivers (375.82-6) unstable; urgency=high
.
[ Luca Boccassi ]
* Add use-kbuild-gcc-plugins.patch to fix kernel module build failure
when the kernel is built with CONFIG_GCC_PLUGIN*. (Closes: #878677)
.
[ Andreas Beckmann ]
* Provide libglvnd package names, mesa 17.x is now in testing.
(Closes: #876766)
* Do not provide libglvnd package names where the NVIDIA provided binaries
are missing symbols w.r.t. to the libglvnd packages. (Closes: #879264)
nvidia-graphics-drivers (375.82-5) unstable; urgency=medium
.
[ Andreas Beckmann ]
* Use Priority: optional for transitional packages.
* Bump Standards-Version to 4.1.1.
* bug-control: report-with needs arch qualification for M-A:same packages.
* bug-control: Report status of libglvnd packages.
* Simplify upstream changelog handling.
.
[ Luca Boccassi ]
* Add nvidia-drm-crtc.patch to fix nvidia-drm kernel module build failure
for Linux 4.14. (Closes: #878160)
nvidia-graphics-drivers (375.82-4) unstable; urgency=medium
.
* Prevent mixing libgl1-nvidia-glx with libgl1-nvidia-glvnd-glx.
* Use versioned Provides/Breaks/Replaces on the packages also built from
src:libglvnd s.t. they cannot be satisfied by virtual packages provided
from src:mesa (<< 17). (Closes: #875683, #876100)
* Do not yet provide the libglvnd package names that were also virtual
packages in mesa (for compatibility with mesa (<< 17) still in testing).
* Update lintian overrides.
nvidia-graphics-drivers (375.82-4~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
nvidia-graphics-drivers (375.82-4) unstable; urgency=medium
.
* Prevent mixing libgl1-nvidia-glx with libgl1-nvidia-glvnd-glx.
* Use versioned Depends and Provides/Breaks/Replaces on the packages also
built from src:libglvnd s.t. they cannot be satisfied by virtual packages
provided from src:mesa (<< 17). (Closes: #875683, #876100)
* Do not yet provide the libglvnd package names that were also virtual
packages in mesa (for compatibility with mesa (<< 17) still in testing).
* Update lintian overrides.
.
nvidia-graphics-drivers (375.82-3) unstable; urgency=medium
.
* nvidia-legacy-check: Fix debconf errors if more than one legacy NVIDIA
device is present. (Closes: #869817, #864406, #812595)
* Mark GRID K1, GRID K2, GRID K340 as legacy GPUs supported only up to
nvidia-legacy-340xx-driver. (Closes: #873050)
* GLVND stub libs: Provide the libglvnd package names.
* Provide libglx-vendor, libegl-vendor for libglvnd compatibility.
.
nvidia-graphics-drivers (375.82-2) unstable; urgency=medium
.
[ Andreas Beckmann ]
* Bump Standards-Version to 4.1.0. No changes needed.
* nvidia-alternative: Explicitly use interest-await triggers.
* Switch from dh_install --list-missing to dh_missing.
* Use dpkg makefile snippets instead of manual parsing.
* build-module-packages.sh: Order kernels by descending version.
Skip PREEMPT_RT (*-rt-*) kernels, unsupported upstream.
* Add nvidia-nonglvnd-vulkan-icd and nvidia-nonglvnd-vulkan-common for the
non-GLVND variant of Vulkan support. (Closes: #864477)
* Use nvidia_icd.json as the template to generate the non-GLVND variant.
* Rename libgldispatch0-nvidia to libglvnd0-nvidia, matching libglvnd0.
* Use libglvnd libraries as preferred alternative dependencies.
* GLVND stub libs: Conflicts/Replaces the corresponding libglvnd packages.
.
[ Luca Boccassi ]
* README.source: Add pointer to the wiki for instructions to build latest
packages from SVN.
* Switch to my debian.org email address in Uploaders.
.
[ Russ Allbery ]
* Remove myself from Uploaders.
nvidia-graphics-drivers (375.82-3) unstable; urgency=medium
.
* nvidia-legacy-check: Fix debconf errors if more than one legacy NVIDIA
device is present. (Closes: #869817, #864406, #812595)
* Mark GRID K1, GRID K2, GRID K340 as legacy GPUs supported only up to
nvidia-legacy-340xx-driver. (Closes: #873050)
* GLVND stub libs: Provide the libglvnd package names.
* Provide libglx-vendor, libegl-vendor for libglvnd compatibility.
nvidia-graphics-drivers (375.82-2) unstable; urgency=medium
.
[ Andreas Beckmann ]
* Bump Standards-Version to 4.1.0. No changes needed.
* nvidia-alternative: Explicitly use interest-await triggers.
* Switch from dh_install --list-missing to dh_missing.
* Use dpkg makefile snippets instead of manual parsing.
* build-module-packages.sh: Order kernels by descending version.
* Add nvidia-nonglvnd-vulkan-icd and nvidia-nonglvnd-vulkan-common for the
non-GLVND variant of Vulkan support. (Closes: #864477)
* Use nvidia_icd.json as the template to generate the non-GLVND variant.
* Rename libgldispatch0-nvidia to libglvnd0-nvidia, matching libglvnd0.
* Use libglvnd libraries as preferred alternative dependencies.
* GLVND stub libs: Conflicts/Replaces the corresponding libglvnd packages.
.
[ Luca Boccassi ]
* README.source: Add pointer to the wiki for instructions to build latest
packages from SVN.
* Switch to my debian.org email address in Uploaders.
.
[ Russ Allbery ]
* Remove myself from Uploaders.
nvidia-graphics-drivers (375.82-1) unstable; urgency=high
.
* New upstream long lived branch release 375.82 (2017-07-24).
* Fixed CVE-2017-6257, CVE-2017-6259. (Closes: #869783)
- Fix a bug with GLX_EXT_buffer_age where incorrect buffer age values would
be reported for SLI AFR configurations. In such configurations buffer age
may now be greater than 3, the previous maximum buffer age.
- Fixed a bug that could cause hanging and Xids when performing RandR
transforms with Overlay and SLI enabled.
- Improved handling of framebuffer console restore on systems booted in
UEFI mode.
- Extended the information reported by the NVIDIA Xinerama X extension to
report PRIME displays in addition to directly-connected displays.
- Fixed a bug that caused HDMI audio devices to appear or disappear
inconsistently when HDMI devices were hotplugged or unplugged.
- Fixed a bug that could cause driver errors when setting modes on X
screens running at Depth 8 or Depth 15.
- Fixed a bug that could cause intermittent kernel panics when running with
PRIME Sync.
- Fixed a bug that caused a kernel panic when hotplugging HDMI displays on
some Zotac mini PCs.
- Updated nvidia-installer to label kernel modules with SELinux file type
'modules_object_t'. Some system SELinux policies only permit loading of
kernel modules with this SELinux file type.
- Removed support for checking for and downloading updated driver packages
and precompiled kernel interfaces from nvidia-installer. This
functionality was limited to unencrypted ftp and http, and was
implemented using code that is no longer actively maintained.
.
[ Andreas Beckmann ]
* nvidia-kernel-dkms: Honor parallel setting from dkms. (Closes: #864639)
* Do not prevent ccache usage. The bug was fixed in ccache 3.0 (in squeeze).
* Switch watch URL from ftp:// to https://. (Closes: #868815)
.
[ Luca Boccassi ]
* Add support for buster/sid in nvidia-detect. (Closes: #866126)
* Update symbols files.
obfsproxy (0.2.13-2+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Don't install the broken AppArmor profile. (Closes: #882103)
openjdk-8 (8u171-b11-1~deb9u1) stretch-security; urgency=medium
.
* Rebuild for stretch-security
openjdk-8 (8u171-b11-1~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
openjdk-8 (8u162-b12-1) unstable; urgency=high
.
[ Tiago Stürmer Daitx ]
* Update to 8u162-b12. Hotspot 8u162-b12 for aarch32 and 8u161-b16
for aarch64 (wth 8u162-b12 patches).
* Security updates:
- CVE-2018-2633,S8186606: Improve LDAP lookup robustness.
- CVE-2018-2637,S8186998: Improve JMX supportive features.
- CVE-2018-2634,S8186600: Improve property negotiations.
- CVE-2018-2582,S8174962: Better interface invocations.
- CVE-2018-2641,S8185325: Improve GTK initialization.
- CVE-2018-2618,S8185292: Stricter key generation.
- CVE-2018-2629,S8186212: Improve GSS handling.
- CVE-2018-2603,S8182387: Improve PKCS usage.
- CVE-2018-2599,S8182125: Improve reliability of DNS lookups.
- CVE-2018-2602,S8182601: Improve usage messages.
- CVE-2018-2588,S8178449: Improve LDAP logins.
- CVE-2018-2678,S8191142: More refactoring for naming deserialization
cases.
- CVE-2018-2677,S8190289: More refactoring for client deserialization
cases.
- CVE-2018-2663,S8189284: More refactoring for deserialization cases.
- CVE-2018-2579,S8172525: Improve key keying case.
* d/p/aarch64-hotspot-8u162-b12.patch: update aarch64 hotspot to 8u162-b12.
* d/p/icedtea-4953367.patch: removed, fixed upstream by "S8136570: Stop
changing user environment variables related to /usr/dt".
* d/p/gcc6.diff: removed, fixed upstream.
* d/p/jdk-getAccessibleValue.diff: updated, removed chunks fixed upstream
by "S8076249: NPE in AccessBridge while editing JList model" and
"S8145207: [macosx] JList, VO can't access non-visible list items".
* d/p/openjdk-ppc64el-S8170153.patch, d/p/8164293.diff,
d/p/hotspot-ppc64el-S8145913-montgomery-multiply-intrinsic.patch,
d/p/hotspot-ppc64el-S8168318-cmpldi.patch,
d/p/hotspot-ppc64el-S8170328-andis.patch,
d/p/hotspot-ppc64el-S8175813-mbind-invalid-argument.patch,
d/p/hotspot-ppc64el-S8181055-use-numa-v2-api.patch,
d/p/hotspot-ppc64el-S8181810-leverage-extrdi.patch: removed,
applied upstream.
* d/rules, d/control: depend on GKT3 instead of GTK2 for newer releases.
LP: #1735482.
* d/rules: wait 10 seconds before issuing SIGKILL to buildwatch.
* d/buildwatch.sh: find hs_err files and cat them to help debugging build
failures.
* S8173853: IllegalArgumentException in java.awt.image.ReplicateScaleFilter.
LP: #8173853.
.
[ Matthias Klose ]
* Disable Hotspot workaround for Exec Shield (Debian only).
Closes: #876051.
* Fix some lintian warnings.
openjdk-8 (8u162-b12-1~deb9u1) stretch-security; urgency=medium
.
* Rebuild for stretch-security
openjdk-8 (8u162-b12-1~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
openjdk-8 (8u151-b12-1) unstable; urgency=high
.
* Update to 8u151-b12. Hotspot 8u144-b01 for aarch32 with 8u151 hotspot
patches.
.
[ Tiago Stürmer Daitx ]
* Security patches:
- CVE-2017-10274, S8169026: Handle smartcard clean up better. If a
CardImpl can be recovered via finalization, then separate instances
pointing to the same device can be created.
- CVE-2017-10281, S8174109: Better queuing priorities. PriorityQueue's
readObject allocates an array based on data in the stream which could
cause an OOM.
- CVE-2017-10285, S8174966: Unreferenced references. RMI's Unreferenced
thread can be used as the root of a Trusted Method Chain.
- CVE-2017-10295, S8176751: Better URL connections. On Ubuntu (and
possibly other Linux flavors) CR-NL in the host field are ignored and
can be used to inject headers in an HTTP request stream.
- CVE-2017-10388, S8178794: Correct Kerberos ticket grants. Kerberos
implementations can incorrectly take information from the unencrypted
portion of the ticket from the KDC. This can lead to an MITM attack
impersonating Kerberos services.
- CVE-2017-10346, S8180711: Better alignment of special invocations. A
missing load constraint for some invokespecial cases can allow invoking
a method from an unrelated class.
- CVE-2017-10350, S8181100: Better Base Exceptions. An array is allocated
based on data in the serial stream without a limit onthe size.
- CVE-2017-10347, S8181323: Better timezone processing. An array is
allocated based on data in the serial stream without a limit on the
size.
- CVE-2017-10349, S8181327: Better Node predications. An array is
allocated based on data in the serial stream without a limit onthe size.
- CVE-2017-10345, S8181370: Better keystore handling. A malicious
serialized object in a keystore can cause a DoS when using keytool.
- CVE-2017-10348, S8181432: Better processing of unresolved permissions.
An array is allocated based on data in the serial stream without a limit
onthe size.
- CVE-2017-10357, S8181597: Process Proxy presentation. A malicious
serialized stream could cause an OOM due to lack on checking on the
number of interfaces read from the stream for a Proxy.
- CVE-2017-10355, S8181612: More stable connection processing. If an
attack can cause an application to open a connection to a malicious FTP
server (e.g., via XML), then a thread can be tied up indefinitely in
accept(2).
- CVE-2017-10356, S8181692: Update storage implementations. JKS and JCEKS
keystores should be retired from common use in favor of more modern
keystore protections.
- CVE-2016-10165, S8183028: Improve CMS header processing. Missing bounds
check could lead to leaked memory contents.
- CVE-2016-9841, S8184682: Upgrade compression library. There were four
off by one errors found in the zlib library. Two of them are long typed
which could lead to RCE.
* debian/rules:
- openjdk8 now ships limited and unlimited policy.jar files (S8157561)
into their own directories under jre/lib/security/policy.
* debian/rules, d/p/sec-webrev-8u151-hotspot-8179084.patch,
d/p/sec-webrev-8u151-hotspot-8180711.patch: Apply hotspot security updates
to both aarch32 and aarch64.
* d/p/gcc6.diff, d/p/aarch64.diff, d/p/aarch32.diff, d/p/m68k-support.diff,
d/p/system-libjpeg.diff: Remove hunks related to the generated configure
file generated during the build.
* d/p/hotspot-ppc64el-S8168318-cmpldi.patch: Use cmpldi instead of li/cmpld.
LP: #1723893.
* d/p/hotspot-ppc64el-S8170328-andis.patch: Use andis instead of lis/and.
LP: #1723862.
* d/p/hotspot-ppc64el-S8145913-montgomery-multiply-intrinsic.patch: Add
Montgomery multiply intrinsic. LP: #1723860.
* d/p/hotspot-ppc64el-S8181810-leverage-extrdi.patch: Leverage extrdi for
bitfield extract is absent in OpenJDK 8. LP: #1723861.
* d/p/jdk-S8165852-overlayfs.patch: Mount point not found for a file which
is present in overlayfs.
.
[ Matthias Klose ]
* Bump standards version.
openldap (2.4.44+dfsg-5+deb9u2) stretch; urgency=medium
.
* Import upstream patch to fix an out-of-sync issue with delta-syncrepl
replication in multi-master environments, resulting from changes losing
tracking information and being applied multiple times.
(ITS#8444) (Closes: #877166)
* Really fix upgrades when the config contains backslash-escaped special
characters. The previous fix was incomplete and didn't fully fix upgrades
involving a database reload. (Closes: #864719)
openssl (1.1.0f-3+deb9u2) stretch-security; urgency=high
.
* CVE-2017-3738 (rsaz_1024_mul_avx2 overflow bug on x86_64)
* CVE-2018-0733 (Incorrect CRYPTO_memcmp on HP-UX PA-RISC)
* CVE-2018-0739 (Constructed ASN.1 types with a recursive definition could
exceed the stack)
* Add patches to pass the testsuite:
- Fix-a-Proxy-race-condition.patch
- Fix-race-condition-in-TLSProxy.patch
openssl1.0 (1.0.2l-2+deb9u3) stretch-security; urgency=high
.
* CVE-2018-0739 (Constructed ASN.1 types with a recursive definition could
exceed the stack)
openstack-debian-images (1.20~deb9u2) stretch; urgency=medium
.
* Set CloudStack after OpenStack in the datasource_list, to avoid a 120s
delay in cloud-init when booting a machine in an OpenStack cloud.
packagekit (1.1.5-2+deb9u1) stretch-security; urgency=high
.
* Add 02_dont-set-just_reinstall-on-auth-failure.patch
- Resolves an authentication bypass flaw allowing users
without privileges to install local packages.
(Closes: #896703, CVE-2018-1106)
patch (2.7.5-1+deb9u1) stretch; urgency=medium
.
* Fix CVE-2018-1000156: arbitrary command execution in ed-style patches
(closes: #894993).
patch (2.7.5-1+deb8u1) jessie; urgency=medium
.
* Fix CVE-2018-1000156: arbitrary command execution in ed-style patches
(closes: #894993).
pcs (0.9.155+dfsg-2+deb9u1) stretch-security; urgency=high
.
* Add upstream fix for CVE-2018-1086: Debug parameter removal bypass,
allowing information disclosure.
perl (5.24.1-3+deb9u4) stretch-security; urgency=high
.
* [SECURITY] CVE-2018-12015: fix directory traversal vulnerability
in Archive-Tar (Closes: #900834)
perl (5.24.1-3+deb9u3) stretch-security; urgency=high
.
* [SECURITY] CVE-2018-6797: buffer overflow related to regex
unicode semantics.
* [SECURITY] CVE-2018-6798: heap buffer overflow when matching
malformed UTF-8 characters.
* [SECURITY] CVE-2018-6913: heap buffer overflow with large data blocks.
phonon-backend-vlc (0.9.0-2+deb9u1) stretch-security; urgency=medium
.
* debian/patches: Backport upstream patch to fix build with VLC 3.0.
* debian/control: Bump vlc B-Ds to ensure that its built against the new
version.
php7.0 (7.0.30-0+deb9u1) stretch-security; urgency=high
.
* New upstream version 7.0.30
* Fixed security bugs:
+ [CVE-2018-10549]: Heap Buffer Overflow (READ: 1786) in exif_iif_add_value
+ [CVE-2018-10546]: stream filter convert.iconv leads to infinite loop on invalid sequence
+ [CVE-2018-10548]: Malicious LDAP-Server Response causes Crash
+ [CVE-2018-10547]: fix for CVE-2018-5712 may not be complete
+ [CVE-2018-10545]: Dumpable FPM child processes allow bypassing opcache access controls
+ [CVE-2018-7584]: stack-buffer-overflow while parsing HTTP response
* Regenerate patches for PHP 7.0.30
php7.0 (7.0.29-1) unstable; urgency=medium
.
* New upstream version 7.0.29
* Rebase patches on top of new upstream release.
php7.0 (7.0.28-1) unstable; urgency=medium
.
* New upstream version 7.0.28
* Rebase patches on top of new upstream release.
php7.0 (7.0.27-1) unstable; urgency=medium
.
* Update the Vcs-* to salsa.d.o
* Remove defunct .gitlab-ci.yml
* New upstream version 7.0.27
* Rebase patches on top of new upstream release
piglit (0~git20150829-59d7066-1+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Add the missing dependency on python-mako. (Closes: #830145)
pjproject (2.5.5~dfsg-6+deb9u1) stretch-security; urgency=high
.
[ Bernhard Schmidt ]
* Fix various security issues
- CVE-2017-16872: Overflow when parsing numeric fileds in SIP messages
- CVE-2017-16875: Double key unregistration in ioqueue component
- CVE-2018-1000098: Integer overflow in SDP parsing
(also reported by the Asterisk project as AST-2018-002)
- CVE-2018-1000099: Null Pointer vulnerability in pjmedia SDP parsing
(also reported by the Asterisk project as AST-2018-003)
* Fix resolution of DNS SRV targets that do not have an AAAA record
(Closes: #881362)
plexus-archiver (2.2-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fail when trying to extract outside of dest dir (CVE-2018-1002200)
Fixes arbitrary file write vulnerability using a specially crafted zip
file. (Closes: #900953)
plexus-utils (1:1.5.15-4+deb9u1) stretch-security; urgency=medium
.
* CVE-2017-1000487
plexus-utils (1:1.5.15-4+deb8u1) jessie-security; urgency=medium
.
* CVE-2017-1000487
postgresql-9.6 (9.6.9-0+deb9u1) stretch; urgency=medium
.
* New upstream version.
+ Remove public execute privilege from contrib/adminpack's
pg_logfile_rotate() function. (CVE-2018-1115)
.
+ Fix incorrect volatility and parallel-safety markings on a few built-in
functions.
postgresql-9.6 (9.6.8-0+deb9u1) stretch; urgency=medium
.
* New upstream version.
.
If you run an installation in which not all users are mutually
trusting, or if you maintain an application or extension that is
intended for use in arbitrary situations, it is strongly recommended
that you read the documentation changes described in the first changelog
entry below, and take suitable steps to ensure that your installation or
code is secure.
.
Also, the changes described in the second changelog entry below may
cause functions used in index expressions or materialized views to fail
during auto-analyze, or when reloading from a dump. After upgrading,
monitor the server logs for such problems, and fix affected functions.
.
+ Document how to configure installations and applications to guard
against search-path-dependent trojan-horse attacks from other users
.
Using a search_path setting that includes any schemas writable by a
hostile user enables that user to capture control of queries and then
run arbitrary SQL code with the permissions of the attacked user. While
it is possible to write queries that are proof against such hijacking,
it is notationally tedious, and it's very easy to overlook holes.
Therefore, we now recommend configurations in which no untrusted schemas
appear in one's search path.
(CVE-2018-1058)
.
+ Avoid use of insecure search_path settings in pg_dump and other client
programs
.
pg_dump, pg_upgrade, vacuumdb and other PostgreSQL-provided applications
were themselves vulnerable to the type of hijacking described in the
previous changelog entry; since these applications are commonly run by
superusers, they present particularly attractive targets. To make them
secure whether or not the installation as a whole has been secured,
modify them to include only the pg_catalog schema in their search_path
settings. Autovacuum worker processes now do the same, as well.
.
In cases where user-provided functions are indirectly executed by these
programs -- for example, user-provided functions in index expressions --
the tighter search_path may result in errors, which will need to be
corrected by adjusting those user-provided functions to not assume
anything about what search path they are invoked under. That has always
been good practice, but now it will be necessary for correct behavior.
(CVE-2018-1058)
postgresql-common (181+deb9u2) stretch; urgency=medium
.
* maintscripts-functions: Use 'deb-systemd-invoke stop "postgresql@$ver-*"'
to prevent upgrading/removing server packages from stopping other major
version clusters when running systemd. (Closes: #809811)
(Use deb-systemd-invoke instead of invoke-rc.d; jessie's invoke-rc.d does
not support service patterns.)
procps (2:3.3.12-3+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* top: Do not default to the cwd in configs_read(). (CVE-2018-1122)
* ps/output.c: Fix outbuf overflows in pr_args() etc. (CVE-2018-1123)
* proc/readproc.c: Fix bugs and overflows in file2strvec(). (CVE-2018-1124)
* pgrep: Prevent a potential stack-based buffer overflow (CVE-2018-1125)
* proc/alloc.*: Use size_t, not unsigned int. (CVE-2018-1126)
prosody (0.9.12-2+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* mod_c2s: Do not allow the stream 'to' to change across stream restarts
(CVE-2018-10847) (Closes: #900524)
prosody (0.9.12-2+deb9u1) stretch-security; urgency=medium
.
* Add a patch by upstream which fixes prosody crashes in the c2s, s2s and
component modules (closes: #875829).
psad (2.4.3-1.2~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
psad (2.4.3-1.2) unstable; urgency=medium
.
* Non-maintainer upload.
* Add the missing dependency on iproute2. (Closes: #867914)
.
psad (2.4.3-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Add the missing dependency on net-tools. (Closes: #867914)
psad (2.4.3-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Add the missing dependency on net-tools. (Closes: #867914)
pysurfer (0.7-2.1~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
pysurfer (0.7-2.1) unstable; urgency=high
.
* Non-maintainer upload.
* Add the missing dependency on python-matplotlib. (Closes: #896208)
python-cluster (1.3.3-1.1~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
python-cluster (1.3.3-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Add the missing dependency on python-pkg-resources.
(Closes: #896298)
python-django (1:1.10.7-2+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the LTS Team.
* Fix CVE-2018-7536: Denial-of-service possibility in ``urlize`` and
``urlizetrunc`` template filters
* Fix CVE-2018-7537: Denial-of-service possibility in `truncatechars_html``
and ``truncatewords_html`` template filters
python-pyorick (1.4-2~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
python-pyorick (1.4-2) unstable; urgency=low
.
* Bug fix: "pyorick fails to import", thanks to Helmut Grohne (Closes:
#896329, #896237).
* Check against policy 4.1.4 (change priority from extra to optional,
use https for Format field of copyright file).
* Update VCS* fields to salsa.
python-scruffy (0.3.3-1.1~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
python-scruffy (0.3.3-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Add the missing dependencies on python{,3}-pkg-resources.
(Closes: #896207, #896374)
qemu (1:2.8+dfsg-6+deb9u4) stretch-security; urgency=high
.
* CVE-2017-5715 (spectre/meltdown) fixes for i386 and s390x:
CVE-2017-5715/i386-increase-X86CPUDefinition-model_id-to-49.patch
CVE-2017-5715/i386-add-support-for-SPEC_CTRL-MSR.patch
CVE-2017-5715/i386-add-spec-ctrl-CPUID-bit.patch
CVE-2017-5715/i386-add-FEAT_8000_0008_EBX-CPUID-feature-word.patch
CVE-2017-5715/i386-add-new-IBRS-versions-of-Intel-CPU-models.patch
CVE-2017-5715/s390x-kvm-introduce-branch-prediction-blocking-contr.patch
CVE-2017-5715/s390x-kvm-handle-bpb-feature.patch
Closes: #886532, CVE-2017-5715
* multiboot-bss_end_addr-can-be-zero-CVE-2018-7550.patch
Closes: #892041, CVE-2018-7550
* vga-check-the-validation-of-memory-addr-when-draw-text-CVE-2018-5683.patch
Closes: #887392, CVE-2018-5683
* osdep-fix-ROUND_UP-64-bit-32-bit-CVE-2017-18043.patch
Closes: CVE-2017-18043
* virtio-check-VirtQueue-Vring-object-is-set-CVE-2017-17381.patch
Closes: #883625, CVE-2017-17381
* ps2-check-PS2Queue-pointers-in-post_load-routine-CVE-2017-16845.patch
Closes: #882136, CVE-2017-16845
* cirrus-fix-oob-access-in-mode4and5-write-functions-CVE-2017-15289.patch
Closes: #880832, CVE-2017-15289
* io-monitor-encoutput-buffer-size-from-websocket-GSource-CVE-2017-15268.patch
Closes: #880836, CVE-2017-15268
* nbd-server-CVE-2017-15119-Reject-options-larger-than-32M.patch
Closes: #883399, CVE-2017-15119
* 9pfs-use-g_malloc0-to-allocate-space-for-xattr-CVE-2017-15038.patch
Closes: #877890, CVE-2017-15038
* CVE-2017-15124 (VNC server unbounded memory usage) fixes:
CVE-2017-15124/01-ui-remove-sync-parameter-from-vnc_update_client.patch
CVE-2017-15124/02-ui-remove-unreachable-code-in-vnc_update_client.patch
CVE-2017-15124/03-ui-remove-redundant-indentation-in-vnc_client_update.patch
CVE-2017-15124/04-ui-avoid-pointless-VNC-updates-if-framebuffer-isn-t-.patch
CVE-2017-15124/05-ui-track-how-much-decoded-data-we-consumed-when-doin.patch
CVE-2017-15124/06-ui-introduce-enum-to-track-VNC-client-framebuffer-up.patch
CVE-2017-15124/07-ui-correctly-reset-framebuffer-update-state-after-pr.patch
CVE-2017-15124/08-ui-refactor-code-for-determining-if-an-update-should.patch
CVE-2017-15124/09-ui-fix-VNC-client-throttling-when-audio-capture-is-a.patch
CVE-2017-15124/10-ui-fix-VNC-client-throttling-when-forced-update-is-r.patch
CVE-2017-15124/11-ui-place-a-hard-cap-on-VNC-server-output-buffer-size.patch
CVE-2017-15124/12-ui-add-trace-events-related-to-VNC-client-throttling.patch
CVE-2017-15124/13-ui-mix-misleading-comments-return-types-of-VNC-I-O-h.patch
Closes: #884806, CVE-2017-15124
quassel (1:0.12.4-2+deb9u1) stretch-security; urgency=high
.
* Backport upstream commit to implement a custom deserializer.
Fixes possible remote code execution. (Closes: #896914)
* Backport upstream commit to reject client logins before the core is
configured. Fixes a DoS vulnerability. (Closes: #896915)
* Backport upstream commit to fix OpenSSL detection with Qt 5.6 and GCC 5.
r-cran-mi (1.0-4+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Add the missing dependency on r-cran-arm. (Closes: #877433)
r-cran-readxl (0.1.1-1+deb9u1) stretch-security; urgency=high
.
* src/endian.c: Updated from libxls upstream (Closes: #895564)
* src/libxls/endian.h: Idem
* src/libxls/ole.h: Idem
* src/libxls/xls.h: Idem
* src/libxls/xlsstruct.h: Idem
* src/libxls/xlstool.h: Idem
* src/libxls/xlstypes.h: Idem
* src/ole.c: Idem
* src/xls.c: Idem
* src/xlstool.c: Idem
.
* This addresses
CVE-2017-2896
CVE-2017-2897
CVE-2017-2919
CVE-2017-12111
CVE-2017-12110
with corresponding upstream patches.
redis (3:3.2.6-3+deb9u2) stretch; urgency=medium
.
* Correct RunTimeDirectory -> RuntimeDirectory typo in systemd .service
files. (Closes: #850534, #880474)
.
redis (3:3.2.6-3+deb9u1) stretch-security; urgency=high
.
* CVE-2018-11218, CVE-2018-11219: Backport patches to fix multiple heap
corruption and integer overflow vulnerabilities. (Closes: #901495)
redis (3:3.2.6-3+deb9u1) stretch-security; urgency=high
.
* CVE-2018-11218, CVE-2018-11219: Backport patches to fix multiple heap
corruption and integer overflow vulnerabilities. (Closes: #901495)
redis (3:3.2.6-3) unstable; urgency=medium
.
* Don't ship a "duplicate" redis-server binary in redis-tools as
/usr/bin/redis-check-rdb (it checks argv to change its behaviour) by
replacing it with a symlink. Found by <https://dedup.debian.net/>.
redis (3:3.2.6-2) unstable; urgency=medium
.
* Rename RunTimeDirectory -> RuntimeDirectory in .service files.
(Closes: #850534)
* Refresh all patches with pq import -> pq export.
* Tidy all patches, updating descriptions and use Pq-Topic to organise.
redmine (3.3.1-4+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix backport of CVE-2017-15569 patch.
Rename one occurence of 'item' back to 'issue' as the renaming change
was introduced upstream in 3.4.0.
Thanks to Frank Hebold <frank.hebold@hiperscan.com> (Closes: #900283)
redmine (3.3.1-4+deb9u1) stretch-security; urgency=high
.
* Fix CVE-2017-15568: XSS exists in app/helpers/application_helper.rb via a
multi-value field with a crafted value that is mishandled during rendering
of issue history.
* Fix CVE-2017-15569: XSS exists in app/helpers/queries_helper.rb via a
multi-value field with a crafted value that is mishandled during rendering
of an issue list.
* Fix CVE-2017-15570: XSS exists in app/views/timelog/_list.html.erb via
crafted column data.
* Fix CVE-2017-15571: XSS exists in app/views/issues/_list.html.erb via
crafted column data.
* Fix CVE-2017-15572: remote attackers can obtain sensitive information
(password reset tokens) by reading a Referer log, because
account/lost_password does not use a redirect.
* Fix CVE-2017-15573: XSS exists because markup is mishandled in wiki
content.
* Fix CVE-2017-15574: stored XSS is possible by using an SVG document as an
attachment.
* Fix CVE-2017-15575: Redmine.pm lacks a check for whether the Repository
module is enabled in a project's settings, which might allow remote
attackers to obtain sensitive differences information or possibly have
unspecified other impact.
* Fix CVE-2017-15576: mishandle Time Entry rendering in activity views,
which allows remote attackers to obtain sensitive information.
* Fix CVE-2017-15577: mishandle the rendering of wiki links, which allows
remote attackers to obtain sensitive information.
* Fix CVE-2017-16804: the reminders function in app/models/mailer.rb does
not check whether an issue is visible, which allows remote authenticated
users to obtain sensitive information by reading e-mail reminder messages.
* Fix CVE-2017-18026: do not block the --config and --debugger flags to
the Mercurial hg program, which allows remote attackers to execute
arbitrary commands (through the Mercurial adapter) via vectors involving a
branch whose name begins with a --config= or --debugger= substring.
remctl (3.13-1+deb9u1) stretch-security; urgency=high
.
* CVE-2018-0493: Apply upstream patch to fix use-after-free
vulnerability in the remctld server for commands using the sudo
configuration option.
reportbug (7.1.7+deb9u2) stretch; urgency=medium
.
* Non-maintainer upload.
* Backport the fix for Debian bug #878088. Notify the security team or LTS
team about a possible regression if reporting a bug against a package
containing a security fix.
* python3-reportbug: Depend on python3-apt to fix #878088.
roundcube (1.2.3+dfsg.1-4+deb9u2) stretch-security; urgency=high
.
* Backport fix for CVE-2018-9846: When the archive plugin enabled and
configured, it's possible to exploit the unsanitized, user-controlled
"_uid" parameter to perform an MX (IMAP) injection attack.
https://github.com/roundcube/roundcubemail/issues/6238
(Closes: #895184).
* Backport fix for CVE-2018-1000071: Insecure Permissions vulnerability in
enigma plugin that can result in exfiltration of gpg private key.
https://github.com/roundcube/roundcubemail/issues/6173
ruby-loofah (2.0.3-2+deb9u1) stretch-security; urgency=high
.
* Introduce upstream patch to address a potential cross-site scripting
vulnerability caused by libxml2 >= 2.9.2. (Closes: #893596)
(CVE-2018-8048)
ruby-omniauth-auth0 (2.0.0-0+deb9u1) stretch-security; urgency=medium
.
* New upstream release (required for gitlab security update/CVE-2018-8971)
rustc (1.24.1+dfsg1-1~deb9u2) stretch; urgency=medium
.
* Add Build-Depends on rustc [!amd64] to prevent buildds from attempting
further builds, further supported architectures need to be cross-compiled
(Closes: #903118)
rustc (1.24.1+dfsg1-1~deb9u1) stretch; urgency=medium
.
* Build for stretch to be used by Firefox ESR60
* Enable stage0 build
* Disable -doc package, requires packages not found in stretch and
docs are available online anyway
rustc (1.23.0+dfsg1-1) unstable; urgency=medium
.
* Upload to unstable.
rustc (1.23.0+dfsg1-1~exp1) experimental; urgency=medium
.
* New upstream release.
* Update to latest Standards-Version; no changes required.
rustc (1.22.1+dfsg1-2) unstable; urgency=medium
.
* Fix B-D rustc version so this package can be built using itself.
rustc (1.22.1+dfsg1-1) unstable; urgency=medium
.
[ Ximin Luo ]
* Remove unimportant files that autoload remote resources from rust-src.
* Fix more symlinks in rust-doc.
* On armhf, only generate debuginfo for libstd and not the compiler itself.
This works around buildds running out of memory, see upstream #45854.
* Update to latest Standards-Version; no changes required.
.
[ Chris Coulson ]
* Fix some test failures that occur because we build rust without an rpath.
rustc (1.22.1+dfsg1-1~exp1) experimental; urgency=medium
.
* New upstream release.
* Fix symlink target. (Closes: #877276)
rustc (1.21.0+dfsg1-3) unstable; urgency=medium
.
* Add/fix detection for sparc64, thanks to John Paul Adrian Glaubitz.
* Workaround FTBFS when building docs. (Closes: #880262)
rustc (1.21.0+dfsg1-2) unstable; urgency=medium
.
* Upload to unstable.
* Fix bootstrapping using 1.21.0, which is more strict about redundant &mut
previously used in u-output-failed-commands.patch.
* Only allow up to 5 test failures.
rustc (1.21.0+dfsg1-1) experimental; urgency=medium
.
* New upstream release.
* Update changelog entry for 1.20.0+dfsg1-1 to reflect that it was actually
and accidentally uploaded to unstable. No harm, no foul.
* We are no longer failing the build when tests failure, see NEWS or
README.Debian for details.
* Fix the "install" target for cross-compilations; cross-compiling with
sbuild --host=$foreign-arch should work again.
* Update to latest Standards-Version; changes:
- Priority changed to optional from extra.
rustc (1.20.0+dfsg1-3) unstable; urgency=medium
.
* Disable jemalloc to fix FTBFS with 1.21 on armhf.
rustc (1.20.0+dfsg1-2) unstable; urgency=medium
.
* Update changelog entry for 1.20.0+dfsg1-1 to reflect that it was actually
and accidentally uploaded to unstable. No harm, no foul.
* We are no longer failing the build when tests fail, see NEWS or
README.Debian for details.
* Bump LLVM requirement to fix some failing tests.
rustc (1.20.0+dfsg1-1) experimental; urgency=medium
.
* New upstream release.
rustc (1.19.0+dfsg3-4) unstable; urgency=medium
.
* Bump LLVM requirement to pull in a fix for a FTBFS on ppc64el.
rustc (1.19.0+dfsg3-3) unstable; urgency=medium
.
* Fix a trailing whitespace for tidy.
rustc (1.19.0+dfsg3-2) unstable; urgency=medium
.
* Upload to unstable.
* Add a patch to print extra information when tests fail.
rustc (1.19.0+dfsg3-1) experimental; urgency=medium
.
* New upstream release.
* Upgrade to LLVM 4.0. (Closes: #873421)
* rust-src: install Debian patches as well
rustc (1.18.0+dfsg1-4) unstable; urgency=medium
.
* Support gperf 3.1. (Closes: #869610)
rustc (1.18.0+dfsg1-3) unstable; urgency=medium
.
* Upload to unstable.
* Disable failing run-make test on armhf.
rustc (1.18.0+dfsg1-2) experimental; urgency=medium
.
* Update to latest Standards-Version; no changes required.
* Change rustc to Multi-Arch: allowed and update Build-Depends with :native
annotations. Multi-Arch: foreign is typically for arch-indep packages that
might need to satisfy dependency chains of different architectures. Also
update instructions on cross-compiling to match this newer situation.
* Build debugging symbols for non-libstd parts of rustc.
rustc (1.18.0+dfsg1-1) experimental; urgency=medium
.
* New upstream release.
rustc (1.17.0+dfsg2-8) unstable; urgency=medium
.
* Workaround for linux #865549, fix FTBFS on ppc64el.
rustc (1.17.0+dfsg2-7) unstable; urgency=medium
.
* Show exception traceback in bootstrap.py to examine ppc64el build failure.
rustc (1.17.0+dfsg2-6) unstable; urgency=medium
.
* Upload to unstable.
rustc (1.17.0+dfsg2-5) experimental; urgency=medium
.
* More work-arounds for armhf test failures.
rustc (1.17.0+dfsg2-4) experimental; urgency=medium
.
* Fix arch-indep and arch-dep tests.
* Bump the LLVM requirement to fix FTBFS on armhf.
rustc (1.17.0+dfsg2-3) experimental; urgency=medium
.
* Try to force the real gdb package. Some resolvers like aspcud will select
gdb-minimal under some circumstances, but this causes the debuginfo-gdb
tests to break.
rustc (1.17.0+dfsg2-2) experimental; urgency=medium
.
* Support and document cross-compiling of rustc itself.
* Document cross-compiling other rust packages such as cargo.
* Work around upstream #39015 by disabling those tests rather than by
disabling optimisation, which causes FTBFS on 1.17.0 ppc64el. See
upstream #42476 and #42532 for details.
rustc (1.17.0+dfsg2-1) experimental; urgency=medium
.
[ Sylvestre Ledru ]
* New upstream release
.
[ Ximin Luo ]
* Adapt packaging for rustbuild, the new upstream cargo-based build system.
.
[ Matthijs van Otterdijk ]
* Add a binary package, rust-src. (Closes: #846177)
* Link to local Debian web resources in the docs, instead of remote ones.
rustc (1.16.0+dfsg1-1) unstable; urgency=medium
.
* Upload to unstable so we have something to build 1.17 with.
* Update u-ignoretest-powerpc.patch for 1.16.
rustc (1.16.0+dfsg1-1~exp2) experimental; urgency=medium
.
* Don't ignore test failures on Debian unstable.
* Re-fix ignoring armhf test, accidentally reverted in previous version.
* Try to fix buildd failure by swapping B-D alternatives.
rustc (1.16.0+dfsg1-1~exp1) experimental; urgency=medium
.
* New upstream release
* u-ignoretest-jemalloc.patch removed (applied upstream)
.
[ Matthias Klose ]
* Bootstrap using the rustc version in the archive, on all architectures.
* Work around a GCC 4.8 ICE on AArch64.
* Use alternative build dependencies on cmake3 and binutils-2.26 for
builds on 14.04 LTS (trusty).
* debian/make_orig*dl_tarball.sh: Include all Ubuntu architectures.
* debian/rules: Ignore test results for now.
rustc (1.15.1+dfsg1-1) unstable; urgency=medium
.
* Upload to unstable so we have something to build 1.16 with.
* Try to fix ignoring atomic-lock-free tests on armhf.
rustc (1.15.1+dfsg1-1~exp3) experimental; urgency=medium
.
* Ignore atomic-lock-free tests on armhf.
* Update ignoretest-armhf_03.patch for newer 1.15.1 behaviour.
* Tidy up some other patches to do with ignoring tests.
rustc (1.15.1+dfsg1-1~exp2) experimental; urgency=medium
.
* Update armhf ignoretest patch.
* Bootstrap armhf. (Closes: #809316, #834003)
* Bootstrap ppc4el. (Closes: #839643)
* Fix rust-lldb symlink. (Closes: #850639)
rustc (1.15.1+dfsg1-1~exp1) experimental; urgency=medium
.
* New upstream release (won't probably be in stretch).
see the 1.4 git branch for the follow up for stable
* Call to the test renamed from check-notidy => check
* d/p/u-destdir-support.diff: Apply upstream patch to support
destdir in the make install (for rustbuild, in later versions)
* Overrides the 'binary-or-shlib-defines-rpath' lintian warnings.
We need them for now
* Refresh of the patches
.
[ Sven Joachim ]
* Drop Pre-Depends on multiarch-support. (Closes: #856109)
.
[ Erwan Prioul ]
* Fix test and build failures for ppc64el. (Closes: #839643)
.
[ Ximin Luo ]
* Disable rustbuild for the time being (as it was in 1.14) and instead
bootstrap two new arches, armhf and ppc64el.
* Switch back to debhelper 9 to make backporting easier.
* Switch Build-Depends on binutils-multiarch back to binutils, the former is
no longer needed by the upstream tests.
.
[ Matthias Klose ]
* Compatibility fixes and improvements to help work better on Ubuntu.
salt (2016.11.2+ds-1+deb9u2) stretch; urgency=medium
.
* Fix CVE-2017-8109: salt-ssh minion copied over configuration from the
Salt Master without adjusting permissions (Closes: #861219)
samba (2:4.5.12+dfsg-2+deb9u2) stretch-security; urgency=high
.
* This is a security release in order to address the following defects:
- CVE-2018-1050: Codenomicon crashes in spoolss server code
- CVE-2018-1057: Unprivileged user can change any user (and admin) password
sdl-image1.2 (1.2.12-5+deb9u1) stretch-security; urgency=high
.
* Backport various security fixes:
- CVE-2017-2887
- CVE-2017-12122
- CVE-2017-14440
- CVE-2017-14441
- CVE-2017-14442
- CVE-2017-14448
- CVE-2017-14450
- CVE-2018-3837
- CVE-2018-3838
- CVE-2018-3839
sdl-image1.2 (1.2.12-5+deb8u1) jessie-security; urgency=high
.
* Backport various security fixes:
- CVE-2017-2887
- CVE-2017-12122
- CVE-2017-14440
- CVE-2017-14441
- CVE-2017-14442
- CVE-2017-14448
- CVE-2017-14450
- CVE-2018-3837
- CVE-2018-3838
- CVE-2018-3839
shared-mime-info (1.8-1+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Switch dpkg trigger to noawait. Closes: #864953.
sharutils (1:4.15.2-2+deb9u1) stretch-security; urgency=medium
.
* Apply patch from Petr Pisar to fix heap buffer overflow in unshar.
This is CVE-2018-1000097. Closes: #893525.
showq (0.4.1+git20161215~dfsg0-2+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Hack prefix to get app started. (Closes: #883636)
Thanks to James Cowgill <jcowgill@debian.org>
source-highlight (3.1.8-1.2~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
source-highlight (3.1.8-1.2) unstable; urgency=medium
.
* Non-maintainer upload.
* libsource-highlight-dev: Fix the dependency from
libboost-dev to libboost-regex-dev. (Closes: #877645)
spip (3.1.4-4~deb9u1) stretch-security; urgency=medium
.
* Upload previous fixes to stretch
.
spip (3.1.4-4) unstable; urgency=medium
.
* Update security screen to 1.3.6
* Backport security fixes from 3.1.7
- Do not disclose PHP version in headers
- Secure inserted URL in anchors
- Secure URLs sent by self()
- Escape charset in error message
- Allow filter mode to be passed in interdire_scripts()
- No onclick nor JS popup in footer
- Fix missing escapes
- Secure _T() and _L() arguments
- Provide a sanitize option for _T() and _L()
- Deactivate sanitization when calling _T() in affdate_debut_fin() that
uses secured data
- Cross-site scripting (XSS) vulnerability [CVE-2017-15736]
(Closes: #879954)
- [Privacy] add rel attribute (noopener noreferrer) in private footer
* Backport security fix from 3.1.8
- PHP injection via XML file
* Drop dead list from Maintainer (and Romain from Uploaders) (Closes: #899895)
* Move project repository to salsa.d.o
spip (3.1.4-3) unstable; urgency=high
.
* Track Stretch
* Backport security fix from 3.1.6
- Execution of arbitrary code
* Update security screen to 1.3.2
starplot (0.95.5-8.2+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Add patch from Bernhard Ãœbelacker to fix startup crash.
(Closes: #862065)
strongswan (5.5.1-4+deb9u2) stretch-security; urgency=medium
.
* debian/patches:
- CVE-2018-10811 added, fix missing initialization of a variable in IKEv2
key derivation (CVE-2018-10811)
- CVE-2018-5388 added, fix insufficient validation in the stroke plugin
(CVE-2018-5388)
subversion (1.9.5-1+deb9u2) stretch; urgency=medium
.
* Backport r1759116, working around an issue in APR's trunc API. This is a
prerequisite for the SHA1/shattered fixes.
* Backport r1794527 and r1796725 to prevent the possibility of rep-sharing
between a directory rep and a file/prop rep.
* Backport r1795993 and r1796470 to reject commits which would introduce
hash collisions with existing data, thus addressing the SHA1/shattered
issue.
sus (7.20180621~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
sus (7.20180621) unstable; urgency=medium
.
* New upstream release: technically identical to SUSv4 + TC1 + TC2;
update checksum (Closes: #900882)
| Thanks to Jakub Wilk for reporting
* urgency=medium since susv4 is no longer installable
* Change priority from extra to optional
| Thanks to Simon McVittie for reporting
* Properly purge old files (Closes: #866872)
| Thanks to Andreas Beckmann for reporting
| Thanks to Simon McVittie for patch
* debian/control:
- Update package description
| Thanks to Simon McVittie for patch
- Bump Standards-Version to 4.1.4 (No changes needed)
* debian/susv4.doc-base: Update doc-base description
| Thanks to Simon McVittie for patch
* Remove unnecessary calls to install-docs
systemd (232-25+deb9u4) stretch; urgency=medium
.
* core/load-fragment: Add RemoveIPC=
Allow RemoveIPC= to be set in the unit file not only via D-Bus.
(Closes: #892829)
* nspawn: Add missing -E to getopt_long.
The -E alias for --setenv in systemd-nspawn was not working as
documented. This commit fixes that by adding -E to getopt_long.
(Closes: #895798)
* login: Respect --no-wall when cancelling a shutdown request
(Closes: #897938)
systemd (232-25+deb9u3) stretch; urgency=medium
.
[ Cyril Brulebois ]
* networkd-ndisc: Handle missing mtu gracefully.
The previous upload made networkd respect the MTU field in IPv6 RA but
unfortunately broke setups where there's no such field. (Closes: #892794)
tclreadline (2.1.0-15+deb9u1) stretch; urgency=medium
.
* Add a patch by Breno Leitao which fixes building the shared library for
the ppc64el architecture (closes: #897429).
thefuck (3.11-2.1~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
thefuck (3.11-2.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Add the missing dependency on python-pkg-resources.
(Closes: #842393)
thunderbird (1:52.8.0-1~deb9u1) stretch-security; urgency=medium
.
[ Carsten Schoenert ]
* Rebuild for stretch-security
.
[ intrigeri ]
* [703c9ec] Revert "apparmor: allow access to @{HOME}/.gnupg/tofu.db"
(Cherry-picked from debian/sid to not differ the Apparmor settings
between the Debian releases)
thunderbird (1:52.8.0-1~deb8u1) jessie-security; urgency=medium
.
[ Carsten Schoenert ]
* Rebuild for jessie-security
.
[ intrigeri ]
* [acc3a6b] Revert "apparmor: allow access to @{HOME}/.gnupg/tofu.db"
(Cherry-picked from debian/sid to not differ the Apparmor settings
between the Debian releases)
thunderbird (1:52.7.0-1) unstable; urgency=medium
.
* [9eb2692] New upstream version 52.7.0
Fixed CVE issues in upstream version 52.7 (MFSA 2018-09)
CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList
CVE-2018-5129: Out-of-bounds write with malformed IPC messages
CVE-2018-5144: Integer overflow during Unicode conversion
CVE-2018-5146: Out of bounds memory write in libvorbis
CVE-2018-5125: Memory safety bugs fixed in Firefox 59, Firefox ESR 52.7,
and Thunderbird 52.7
CVE-2018-5145: Memory safety bugs fixed in Firefox ESR 52.7 and
Thunderbird 52.7
* [a01cf4b] Revert "Use gcc-6 and g++-6 due broken GUI with GCC-7"
Switching now back to GCC7 as we don't have any longer issues with
broken visuals in the GUI.
(Closes: #892404)
thunderbird (1:52.7.0-1~deb9u1) stretch-security; urgency=medium
.
[ Carsten Schoenert ]
* Rebuild for stretch-security
thunderbird (1:52.7.0-1~deb8u1) jessie-security; urgency=medium
.
[ Carsten Schoenert ]
* Rebuild for jessie-security
thunderbird (1:52.6.0-1) unstable; urgency=high
.
* [97e1cd7] New upstream version 52.6.0
Fixed CVE issues in upstream version 52.6 (MFSA 2018-04)
CVE-2018-5095: Integer overflow in Skia library during edge builder
allocation
CVE-2018-5096: Use-after-free while editing form elements
CVE-2018-5097: Use-after-free when source document is manipulated
during XSLT
CVE-2018-5098: Use-after-free while manipulating form input elements
CVE-2018-5099: Use-after-free with widget listener
CVE-2018-5102: Use-after-free in HTML media elements
CVE-2018-5103: Use-after-free during mouse event handling
CVE-2018-5104: Use-after-free during font face manipulation
CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right
CVE-2018-5089: Memory safety bugs fixed in Firefox 58, Firefox ESR 52.6,
and Thunderbird 52.6
* [0300242] rebuild patch queue from patch-queue branch
Added patch debian-hacks/icu-use-locale.h-instead-of-xlocale.h.patch
that fixes the build of the included ICU source against glibc 2.26.
(Closes: #887766)
* [4bf22e0] debian/control: increase Standards-Version to 4.1.3
No further changes needed.
* [3616443] adjust Vcs fields to salsa.debian.org
The Vcs for Thunderbird packaging live now on Salsa as Alioth will be
shutdown in the future.
* [c2f3e14] lintian: ignore non multiarch install folder for thunderbird.pc
Ignore a lintian warning about unavailable pkg-config file thunderbird.pc
as the ESR versions 52.x are the last series which will have a
thunderbird-dev. The next ESR version will be 60.x which uses
webextension and makes thunderbird-dev obsolete.
tinyproxy (1.8.4-3~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
tinyproxy (1.8.4-3) unstable; urgency=medium
.
* Add sighup_hang.patch: Fix Tinyproxy ceasing to listen to connections
after it receives a SIGHUP, something that happens daily in our default
setup (closes: #880427).
* Fix path to tinyproxy.conf in sysvinit script. Thanks, Guo Yixuan (éƒæº¢èž)
(closes: #870325).
* Add Depends on adduser.
* Update Standards-Version to 4.1.1, with no changes needed.
tlslite-ng (0.6.0-1+deb9u1) stretch; urgency=medium
.
* add verify-mac-even-if-the-padding-is-1-byte-long.patch,
providing fix for CVE-2018-1000159 (Closes: #895728).
tor (0.2.9.15-1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* New upstream version 0.2.9.15
- Fix a protocol-list handling bug that could be used to remotely
crash directory authorities with a null-pointer exception. Fixes
bug 25074; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001
and CVE-2018-0490.
tzdata (2018e-0+deb9u1) stretch; urgency=medium
.
[ Aurelien Jarno ]
* New upstream version, affecting the following future timestamp:
- North Korea switches back to +09 on 2018-05-05.
tzdata (2018e-0+deb8u1) jessie; urgency=medium
.
[ Aurelien Jarno ]
* New upstream version, affecting the following future timestamp:
- North Korea switches back to +09 on 2018-05-05.
tzdata (2018d-1) unstable; urgency=medium
.
[ Aurelien Jarno ]
* debian/control: Update Vcs-Git and Vcs-Browser fields following the move
to Salsa.
.
[ Clint Adams ]
* New upstream version.
* Remove Pacific-New as a choice. closes: #815200.
tzdata (2018d-0+deb9u1) stretch; urgency=medium
.
* New upstream version.
tzdata (2018d-0+deb8u1) jessie; urgency=medium
.
* New upstream version.
tzdata (2018c-1) unstable; urgency=medium
.
[ Aurelien Jarno ]
* New upstream version.
* debian/control: Update Standards-Version to 4.1.3.
* debian/patches/quiltrc: Remove.
util-linux (2.29.2-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* bash-completion: (umount) use findmnt, escape a space in paths
(CVE-2018-7738) (Closes: #892179)
uwsgi (2.0.14+20161117-3+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* enforce php default document_root behaviour, to not show external files
(CVE-2018-7490) (Closes: #891639)
variety (0.6.3-5+deb9u1) stretch; urgency=medium
.
* Backport various security fixes from Variety 0.6.6:
- Fix shell injection on deleting files to trash, from upstream commit
https://github.com/varietywalls/variety/commit/475a5e076b9c8c7c83176214f84455dc78834723
- Fix shell injection in filter and clock with specially crafted
filenames; upstream commit
https://github.com/varietywalls/variety/commit/65722237baa996b0ef2389cea693bfeeba62b224
- Harden ImageMagick calls against potential shell injection:
https://github.com/varietywalls/variety/commit/a7c134ecd494bb878c73df9f65cb838dbb57413a
vlc (3.0.2-0+deb9u1) stretch-security; urgency=high
.
* New upstream release following the LTS release branch.
- Install vlc_interface.h. (Closes: #768808)
- Fix stuttering with ALSA output. (Closes: #734100)
- Fix CRC errors in some FLAC files. (Closes: #772503)
- Add support for Wayland. (Closes: #857769)
- Better support for HLS. (Closes: #792647)
- Update VLSub. (Closes: #868236)
- Fix issues with green borders. (Closes: #765969)
* Remove embedded copy of ffmpeg.
* debian/: Adapt to vlc 3.0 packaging:
- Drop ffmpeg build dependencies.
- Remove unused build dependencies: libcdio-dev, libdirectfb-dev,
libgles1-mesa-dev.
- Add new build dependencies: bison, flex, libarchive-dev,
libharfbuzz-dev, libmicrodns-dev, libmpg123-dev, libnfs-dev,
libprotobuf-dev, libqt5svg5-dev, libsecret-1-dev, libsoxr-dev,
libsystemd-dev, protobuf-compiler, wayland-protocols.
- Drop vlc-plugin-sdl.
- Turn vlc-plugin-zvbi into a transitional package.
- Update Breaks+Replaces versions.
- Remove patches integrated upstream.
- Update copyright information.
- Add new symbols.
- Enable all hardening options.
- Update configure flags for 3.0.
- Update install files for new and removed plugins.
vlc (3.0.1-3) unstable; urgency=medium
.
* debian/control: Re-add some Breaks+Replaces to help Ubuntu reduce the diff
and be able to handle upgrades from 16.04 to 18.04. (LP: #1753111,
#1749916)
* debian/rules:
- Re-enable Chromecast plugin on Ubuntu. Apparently it works now.
- Fix typo to really build with all hardening options enabled.
vlc (3.0.1-2) unstable; urgency=medium
.
* debian/patch: Add missing files for arm64.
vlc (3.0.1-1) unstable; urgency=medium
.
* New upstream release.
* debian/control: Bump libplacebo-dev B-D to 0.2.1 (required by upstream).
vlc (3.0.0-1) unstable; urgency=medium
.
* New upstream release.
* debian/*.symbols:
- Bump all newly introduced symbols to version 3.0.0.
- Add new symbols.
vlc (3.0.0~rc8-1) unstable; urgency=medium
.
* New upstream release candidate.
vlc (3.0.0~rc7-2) unstable; urgency=medium
.
* debian/: Disable freerdp plugin. freerdp2 is currently not supported.
(Closes: #888323)
vlc (3.0.0~rc7-1) unstable; urgency=medium
.
* New upstream release candidate.
vlc (3.0.0~rc6-1) unstable; urgency=medium
.
[ Helmut Grohne ]
* debian/control: Annotate Build-Depends: python3 with :native. (Closes:
#887440)
.
[ Sebastian Ramacher ]
* New upstream release candidate.
* debian/rules:
- Handle vendor consistently.
- Remove workaround for some resources.
* debian/vlc-plugin-base.install: Install lua byte code.
* debian/libvlc-bin.postinst.in: Exit early if plugins directory does not
exist. (Closes: #887621)
vlc (3.0.0~rc5-1) unstable; urgency=medium
.
* New upstream release candidate.
- Fix crash in full-screen mode. (LP: #1740078)
* debian/copyright: Update copyright years.
* debian/patches: Removed, included upstream.
- debian/control: Demote vlc-l10n from Depends to Recommends.
vlc (3.0.0~rc4-3) unstable; urgency=medium
.
* debian/control:
- Move to salsa.debian.org
- Remove obsolete Pre-Depends.
* debian/NEWS: Remove old NEWS from pre 2.x.
* debian/:
- Move documentation to /usr/share/doc/$mainpkg as recommended by policy.
- Bump debhelper compat to 11.
* debian/copyright: Bump copyright years.
vlc (3.0.0~rc4-2) unstable; urgency=medium
.
* debian/control: Add Breaks on phonon-backend-vlc to ensure proper
upgrades.
* debian/rules: Do not build chromecast plugin on Ubuntu. It fails due to
issues involving Mir and protobuf.
* debian/: Enable libplacebo.
vlc (3.0.0~rc4-1) unstable; urgency=medium
.
* New upstream release candidate.
* debian/control: Bump Standards-Version.
vlc (3.0.0~rc2-2) unstable; urgency=medium
.
* debian/*.maintscript: Fix symlink to directory conversions.
vlc (3.0.0~rc2-1) unstable; urgency=medium
.
* Upload to unstable.
* New upstream release candidate.
* debian/tests/control: Update list of plugin packages.
* debian/patches: Removed, no longer needed.
* debian/vlc-plugin-access-extra.install: Drop no longer built plugin.
* debian/*.symbols: Add new symbols and bump versions of new symbols to
3.0.0~rc2.
vlc (3.0.0~rc1-1) experimental; urgency=medium
.
* New upstream release candidate.
* debian/control: Move Breaks+Replaces to correct package. (Closes: #884063)
* debian/:
- Mark more plugins only built on linux-any.
- Switch libnotify plugin to GTK+ 3.
vlc (3.0.0~rc1~20171210-2) experimental; urgency=medium
.
* debian/rules: Ensure tighter dependencies on libraries.
* debian/: Build wayland plugins only on linux-any.
vlc (3.0.0~rc1~20171210-1) experimental; urgency=medium
.
* New upstream snapshot.
* debian/: Install nfs plugin only on linux-any.
* debian/*.symbols: Add new symbols.
vlc (3.0.0~rc1~20171206-1) experimental; urgency=medium
.
* New upstream snapshot.
- Install vlc_interface.h. (Closes: #768808)
- Fix stuttering with ALSA output. (Closes: #734100) (LP: #1639479)
- Fix CRC errors in some FLAC files. (Closes: #772503)
- Add support for Wayland. (Closes: #857769) (LP: #1720901)
- Better support for HLS. (Closes: #792647)
- Update VLSub. (Closes: #868236)
- Re-write UPnP discovery. (LP: #977277, #1318262)
- Complete porting to Qt 5. (LP: #1576175)
- Fix issues with green borders. (Closes: #765969) (LP: #1405166)
* Remove embedded ffmpeg copy. (LP: #1546078)
* SONAME bump: libvlccore8 -> libvlccore9.
* debian/patches: Drop all patches.
* debian/libvlc-bin.postinst.in: Skip plugin cache generation if no plugins
are installed. (Closes: #878026)
* debian/:
- Drop vlc-plugin-zvbi package and merge into vlc-plugin-base. ffmpeg
already depends on libzvbi anyway.
- Update installed plugins.
- Track plugin ABI.
* debian/copyright:
- Convert to CF 1.0.
- Update copyright information.
* debian/control:
- Bump Standards-Versios.
- Set Rules-Requires-Root: no.
- Remove vlc-plugin-sdl.
- Turn vlc-plugin-zvbi into a transitional package.
- New Build-Depends: bison, flex, libarchive-dev, libaribb24-dev,
libharfbuzz-dev, libmicrodns-dev, libmpg123-dev, libnfs-dev,
libprotobuf-dev, libqt5svg5-dev, libsecret-1-dev, libsoxr-dev,
libsystemd-dev, protobuf-compiler, qtbase5-prive-dev, wayland-protocols.
- Removed Build-Depends: libcdio-dev.
* debian/*.symbols: Add new symbols.
vlc (2.2.8-2) unstable; urgency=medium
.
* debian/patches: Apply upstream patch to fix build with libupnp-dev
1.6.24-1.
vlc (2.2.8-1) unstable; urgency=medium
.
* New upstream release.
vlc (2.2.7-1) unstable; urgency=high
.
* New upstream release.
- Fix AVI read/write overflow.
* debian/control: Bump Standards-Version.
* debian/patches: Remove patches included upstream.
wavpack (5.0.0-2+deb9u2) stretch-security; urgency=medium
.
* CVE-2018-10536 CVE-2018-10537 CVE-2018-10538 CVE-2018-10539
CVE-2018-10540
wget (1.18-5+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix cookie injection (CVE-2018-0494) (Closes: #898076)
wireshark (2.2.6+g32dac6a-2+deb9u3) stretch-security; urgency=medium
.
* CVE-2017-9273 / CVE-2018-11358 / CVE-2018-11360 / CVE-2018-11362
CVE-2018-7320 / CVE-2018-7334 / CVE-2018-7335 / CVE-2018-7419
CVE-2018-9261 / CVE-2018-9264
wordpress (4.7.5+dfsg-2+deb9u3) stretch-security; urgency=high
.
* Backport security patches from 4.9.5 Closes: #895034
- CVE-2018-10101
Don't treat localhost as same host by default.
- CVE-2018-10100
Use safe redirects when redirecting login page if SSL is forced
- CVE-2018-10102
Make sure version string is correctly escaped for use in
generator tags
xapian-core (1.4.3-2+deb9u1) stretch; urgency=medium
.
* Fix MSet::snippet() to escape HTML in all cases (CVE-2018-499).
New patch: cve-2018-0499-mset-snippet-escaping.patch (Closes: #902886)
xdg-utils (1.1.1-1+deb9u1) stretch-security; urgency=high
.
* Fix CVE-2017-18266, closes: #898317.
- Avoid argument injection vulnerability in open_envvar()
xen (4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9) stretch-security; urgency=high
.
* Security upload [thanks to Wolodja Wentland]:
XSA-264 (no CVE yet)
XSA-265 (no CVE yet)
XSA-266 (no CVE yet)
xen (4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8) stretch-security; urgency=high
.
* Update to new upstream version 4.8.3+xsa267+shim4.10.1+xsa267.
XSA-267 CVE-2018-3665
.
I have actually taken upstream's staging-4.8 CI input branch, which is
identical to the CI-tested stable-4.8 except that it also has the
XSA-267 patches. There are additional patches in upstream's
stable-4.8 branch, beyond what was in the previous Debian stretch
security update, which are prerequisites for the XSA-267 patches.
.
For the shim, I have updated to upstream's staging-4.10, which is
identical to the CI-tested stable-4.10q except, again, for
XSA-267-related patches. The 4.10.0-comet branch lacks speculation
control entirely and has been superseded upstream.
xen (4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7) stretch-security; urgency=high
.
* Include upstream XSA-263 (speculative store bypass) fixes for x86.
I hear that ARM fixes will be forthcoming RSN. Ie,
XSA-263 CVE-2018-3639 (amd64/i386; armhf/arm64 still vuln.)
.
* Include a number of upstream bugfixes, including fixes to previous
security fixes, some of which are security-relevant:
x86: correct ordering of operations during S3 resume
x86: suppress BTI mitigations around S3 suspend/resume
x86/spec_ctrl: Updates to retpoline-safety decision making
x86/HPET: fix race triggering ASSERT(cpu < nr_cpu_ids)
x86/HVM: never retain emulated insn cache when exiting back to guest
xpti: fix bug in double fault handling
x86/cpuidle: don't init stats lock more than once
xen: Introduce vcpu_sleep_nosync_locked()
xen/schedule: Fix races in vcpu migration
x86: Fix "x86: further CPUID handling adjustments"
.
The result is very similar to upstream staging-4.8. However, as
upstream staging-4.8 has not yet passed upstream CI, I have chosen to
cherry pick fixes so that I can drop a couple that don't look
immediately important. We will expect to resynchronise with
upstream's 4.8 stable branch soon.
.
* Drop our patch `tools: fix arm build after bdf693ee61b48' (which was
needed to build the upstream 4.8 comet branch on ARM but is not needed
for the the upstream staging/stable branch). Closes:#898898.
.
* Update changelog for 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6 to
mention branch switch from upstream 4.8 comet to upstream main 4.8,
and add some missing CVEs.
xen (4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6) stretch-security; urgency=high
.
* Update to new upstream version 4.8.3+xsa262+shim4.10.0+comet3.
(This is the upstream staging-4.8 branch, which is ahead of the
upstream CI-tested stable-4.8 branch by precisely the three
most recent XSA fixes.)
.
* Resulting security fixes:
XSA-258 CVE-2018-10472
XSA-259 CVE-2018-10471
XSA-260 CVE-2018-8897
XSA-261 (No CVE yet)
XSA-262 (No CVE yet)
.
* Apply two further build fixes from upstream staging-4.8.
xerces-c (3.1.4+debian-2+deb9u1) stretch; urgency=medium
.
* Fix CVE-2017-12627: Alberto Garcia, Francisco Oca and Suleman Ali of
Offensive Research discovered that the Xerces-C XML parser mishandles
certain kinds of external DTD references, resulting in dereference of a
NULL pointer while processing the path to the DTD. The bug allows for a
denial of service attack in applications that allow DTD processing and do
not prevent external DTD usage, and could conceivably result in remote code
execution.
* Fix a regression that forced gcc to use SSE2, even on platforms that do not
support it (e.g., i386). This caused program crashes due to invalid CPU
instructions.
xrdp (0.9.1-9+deb9u3) stretch; urgency=high
.
* Fix patch for CVE-2017-16927. (Closes: #884702)
+ Off-by-one mistake could crash xrdp in some cases.
zookeeper (3.4.9-3+deb9u1) stretch-security; urgency=high
.
* Team upload.
* Fix CVE-2018-8012:
No authentication/authorization is enforced when a server attempts to join
a quorum in Apache ZooKeeper. As a result an arbitrary end point could join
the cluster and begin propagating counterfeit changes to the leader.
(Closes: #899332)
zookeeper (3.4.9-3+deb8u1) jessie-security; urgency=high
.
* Team upload.
* Fix CVE-2018-8012:
No authentication/authorization is enforced when a server attempts to join
a quorum in Apache ZooKeeper. As a result an arbitrary end point could join
the cluster and begin propagating counterfeit changes to the leader.
(Closes: #899332)
======================================
Sat, 10 Mar 2018 - Debian 9.4 released
======================================
=========================================================================
[Date: Sat, 10 Mar 2018 08:47:20 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
python-seelablet | 1.0.6-2 | all
python3-seelablet | 1.0.6-2 | all
seelablet | 1.0.6-2 | source, all
seelablet-common | 1.0.6-2 | all
seelablet-doc | 1.0.6-2 | all
Closed bugs: 886017
------------------- Reason -------------------
RoM: abandoned upstream; broken
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Mar 2018 08:48:03 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
electrum | 2.7.9-1 | source, all
python-electrum | 2.7.9-1 | all
Closed bugs: 887412
------------------- Reason -------------------
RoM; security issues; broken due to upstream changes
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Mar 2018 08:52:26 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
pgmodeler | 0.8.2-1 | source
pgmodeler | 0.8.2-1+b1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
pgmodeler-common | 0.8.2-1 | all
pgmodeler-dbg | 0.8.2-1+b1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
Closed bugs: 891120
------------------- Reason -------------------
RoM; incompatible with version of postgresql in stretch
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Mar 2018 08:53:15 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
jirc | 1.0-1 | source, all
Closed bugs: 891403
------------------- Reason -------------------
RoQA; broken with version of libpoe-filter-xml-perl in stretch
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Mar 2018 08:53:55 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
dolibarr | 4.0.2+dfsg4-2 | source, all
Closed bugs: 892024
------------------- Reason -------------------
RoM; too much work to maintain it properly in Debian
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Mar 2018 09:11:49 +0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:
acpi-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
acpi-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
ata-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
ata-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
btrfs-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
btrfs-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
cdrom-core-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
cdrom-core-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
crc-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
crc-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
crypto-dm-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
crypto-dm-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
crypto-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
crypto-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
efi-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
efi-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
event-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
event-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
ext4-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
ext4-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
fat-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
fat-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
fb-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
fb-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
firewire-core-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
firewire-core-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
fuse-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
fuse-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
hyperv-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
hyperv-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
i2c-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
i2c-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
input-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
input-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
isofs-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
isofs-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
jfs-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
jfs-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
kernel-image-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
kernel-image-4.9.0-5-amd64-di | 4.9.80-2 | amd64
linux-headers-4.9.0-4-all-amd64 | 4.9.65-3+deb9u1 | amd64
linux-headers-4.9.0-4-amd64 | 4.9.65-3+deb9u1 | amd64
linux-headers-4.9.0-4-rt-amd64 | 4.9.65-3+deb9u1 | amd64
linux-headers-4.9.0-5-all-amd64 | 4.9.80-2 | amd64
linux-headers-4.9.0-5-amd64 | 4.9.80-2 | amd64
linux-headers-4.9.0-5-rt-amd64 | 4.9.80-2 | amd64
linux-image-4.9.0-4-amd64 | 4.9.65-3+deb9u1 | amd64
linux-image-4.9.0-4-amd64-dbg | 4.9.65-3+deb9u1 | amd64
linux-image-4.9.0-4-rt-amd64 | 4.9.65-3+deb9u1 | amd64
linux-image-4.9.0-4-rt-amd64-dbg | 4.9.65-3+deb9u1 | amd64
linux-image-4.9.0-5-amd64 | 4.9.80-2 | amd64
linux-image-4.9.0-5-amd64-dbg | 4.9.80-2 | amd64
linux-image-4.9.0-5-rt-amd64 | 4.9.80-2 | amd64
linux-image-4.9.0-5-rt-amd64-dbg | 4.9.80-2 | amd64
loop-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
loop-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
md-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
md-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
mmc-core-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
mmc-core-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
mmc-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
mmc-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
mouse-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
mouse-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
multipath-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
multipath-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
nbd-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
nbd-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
nic-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
nic-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
nic-pcmcia-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
nic-pcmcia-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
nic-shared-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
nic-shared-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
nic-usb-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
nic-usb-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
nic-wireless-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
nic-wireless-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
ntfs-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
ntfs-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
pata-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
pata-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
pcmcia-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
pcmcia-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
pcmcia-storage-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
pcmcia-storage-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
ppp-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
ppp-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
sata-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
sata-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
scsi-core-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
scsi-core-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
scsi-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
scsi-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
serial-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
serial-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
sound-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
sound-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
speakup-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
speakup-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
squashfs-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
squashfs-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
udf-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
udf-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
uinput-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
uinput-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
usb-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
usb-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
usb-serial-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
usb-serial-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
usb-storage-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
usb-storage-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
virtio-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
virtio-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
xfs-modules-4.9.0-4-amd64-di | 4.9.65-3+deb9u1 | amd64
xfs-modules-4.9.0-5-amd64-di | 4.9.80-2 | amd64
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Mar 2018 09:12:13 +0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:
linux-headers-4.9.0-4-all | 4.9.65-3+deb9u1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
linux-headers-4.9.0-5-all | 4.9.80-2 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Mar 2018 09:12:33 +0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:
ata-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
ata-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
btrfs-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
btrfs-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
cdrom-core-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
cdrom-core-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
crc-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
crc-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
crypto-dm-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
crypto-dm-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
crypto-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
crypto-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
efi-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
efi-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
event-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
event-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
ext4-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
ext4-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
fat-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
fat-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
fb-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
fb-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
fuse-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
fuse-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
i2c-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
i2c-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
input-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
input-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
isofs-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
isofs-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
jfs-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
jfs-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
kernel-image-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
kernel-image-4.9.0-5-arm64-di | 4.9.80-2 | arm64
leds-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
leds-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
linux-headers-4.9.0-4-all-arm64 | 4.9.65-3+deb9u1 | arm64
linux-headers-4.9.0-4-arm64 | 4.9.65-3+deb9u1 | arm64
linux-headers-4.9.0-5-all-arm64 | 4.9.80-2 | arm64
linux-headers-4.9.0-5-arm64 | 4.9.80-2 | arm64
linux-image-4.9.0-4-arm64 | 4.9.65-3+deb9u1 | arm64
linux-image-4.9.0-4-arm64-dbg | 4.9.65-3+deb9u1 | arm64
linux-image-4.9.0-5-arm64 | 4.9.80-2 | arm64
linux-image-4.9.0-5-arm64-dbg | 4.9.80-2 | arm64
loop-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
loop-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
md-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
md-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
mmc-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
mmc-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
multipath-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
multipath-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
nbd-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
nbd-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
nic-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
nic-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
nic-shared-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
nic-shared-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
nic-usb-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
nic-usb-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
nic-wireless-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
nic-wireless-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
ppp-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
ppp-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
sata-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
sata-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
scsi-core-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
scsi-core-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
scsi-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
scsi-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
squashfs-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
squashfs-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
udf-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
udf-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
uinput-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
uinput-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
usb-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
usb-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
usb-storage-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
usb-storage-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
virtio-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
virtio-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
xfs-modules-4.9.0-4-arm64-di | 4.9.65-3+deb9u1 | arm64
xfs-modules-4.9.0-5-arm64-di | 4.9.80-2 | arm64
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Mar 2018 09:13:10 +0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:
btrfs-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
btrfs-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
cdrom-core-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
cdrom-core-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
crc-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
crc-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
crypto-dm-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
crypto-dm-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
crypto-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
crypto-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
event-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
event-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
ext4-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
ext4-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
fat-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
fat-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
fb-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
fb-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
fuse-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
fuse-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
input-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
input-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
ipv6-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
ipv6-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
isofs-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
isofs-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
jffs2-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
jffs2-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
jfs-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
jfs-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
kernel-image-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
kernel-image-4.9.0-5-marvell-di | 4.9.80-2 | armel
leds-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
leds-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
linux-headers-4.9.0-4-all-armel | 4.9.65-3+deb9u1 | armel
linux-headers-4.9.0-4-marvell | 4.9.65-3+deb9u1 | armel
linux-headers-4.9.0-5-all-armel | 4.9.80-2 | armel
linux-headers-4.9.0-5-marvell | 4.9.80-2 | armel
linux-image-4.9.0-4-marvell | 4.9.65-3+deb9u1 | armel
linux-image-4.9.0-4-marvell-dbg | 4.9.65-3+deb9u1 | armel
linux-image-4.9.0-5-marvell | 4.9.80-2 | armel
linux-image-4.9.0-5-marvell-dbg | 4.9.80-2 | armel
loop-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
loop-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
md-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
md-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
minix-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
minix-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
mmc-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
mmc-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
mouse-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
mouse-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
mtd-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
mtd-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
multipath-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
multipath-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
nbd-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
nbd-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
nic-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
nic-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
nic-shared-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
nic-shared-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
nic-usb-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
nic-usb-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
ppp-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
ppp-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
sata-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
sata-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
scsi-core-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
scsi-core-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
squashfs-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
squashfs-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
udf-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
udf-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
uinput-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
uinput-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
usb-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
usb-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
usb-serial-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
usb-serial-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
usb-storage-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
usb-storage-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
zlib-modules-4.9.0-4-marvell-di | 4.9.65-3+deb9u1 | armel
zlib-modules-4.9.0-5-marvell-di | 4.9.80-2 | armel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Mar 2018 09:13:32 +0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:
ata-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
ata-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
btrfs-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
btrfs-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
crc-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
crc-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
crypto-dm-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
crypto-dm-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
crypto-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
crypto-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
efi-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
efi-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
event-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
event-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
ext4-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
ext4-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
fat-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
fat-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
fb-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
fb-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
fuse-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
fuse-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
i2c-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
i2c-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
input-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
input-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
isofs-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
isofs-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
jfs-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
jfs-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
kernel-image-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
kernel-image-4.9.0-5-armmp-di | 4.9.80-2 | armhf
leds-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
leds-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
linux-headers-4.9.0-4-all-armhf | 4.9.65-3+deb9u1 | armhf
linux-headers-4.9.0-4-armmp | 4.9.65-3+deb9u1 | armhf
linux-headers-4.9.0-4-armmp-lpae | 4.9.65-3+deb9u1 | armhf
linux-headers-4.9.0-5-all-armhf | 4.9.80-2 | armhf
linux-headers-4.9.0-5-armmp | 4.9.80-2 | armhf
linux-headers-4.9.0-5-armmp-lpae | 4.9.80-2 | armhf
linux-image-4.9.0-4-armmp | 4.9.65-3+deb9u1 | armhf
linux-image-4.9.0-4-armmp-dbg | 4.9.65-3+deb9u1 | armhf
linux-image-4.9.0-4-armmp-lpae | 4.9.65-3+deb9u1 | armhf
linux-image-4.9.0-4-armmp-lpae-dbg | 4.9.65-3+deb9u1 | armhf
linux-image-4.9.0-5-armmp | 4.9.80-2 | armhf
linux-image-4.9.0-5-armmp-dbg | 4.9.80-2 | armhf
linux-image-4.9.0-5-armmp-lpae | 4.9.80-2 | armhf
linux-image-4.9.0-5-armmp-lpae-dbg | 4.9.80-2 | armhf
loop-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
loop-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
md-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
md-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
mmc-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
mmc-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
mtd-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
mtd-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
multipath-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
multipath-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
nbd-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
nbd-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
nic-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
nic-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
nic-shared-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
nic-shared-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
nic-usb-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
nic-usb-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
nic-wireless-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
nic-wireless-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
pata-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
pata-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
ppp-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
ppp-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
sata-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
sata-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
scsi-core-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
scsi-core-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
scsi-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
scsi-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
squashfs-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
squashfs-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
udf-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
udf-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
uinput-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
uinput-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
usb-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
usb-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
usb-storage-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
usb-storage-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
virtio-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
virtio-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
zlib-modules-4.9.0-4-armmp-di | 4.9.65-3+deb9u1 | armhf
zlib-modules-4.9.0-5-armmp-di | 4.9.80-2 | armhf
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Mar 2018 09:13:58 +0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:
acpi-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
acpi-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
acpi-modules-4.9.0-5-686-di | 4.9.80-2 | i386
acpi-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
ata-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
ata-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
ata-modules-4.9.0-5-686-di | 4.9.80-2 | i386
ata-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
btrfs-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
btrfs-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
btrfs-modules-4.9.0-5-686-di | 4.9.80-2 | i386
btrfs-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
cdrom-core-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
cdrom-core-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
cdrom-core-modules-4.9.0-5-686-di | 4.9.80-2 | i386
cdrom-core-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
crc-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
crc-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
crc-modules-4.9.0-5-686-di | 4.9.80-2 | i386
crc-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
crypto-dm-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
crypto-dm-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
crypto-dm-modules-4.9.0-5-686-di | 4.9.80-2 | i386
crypto-dm-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
crypto-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
crypto-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
crypto-modules-4.9.0-5-686-di | 4.9.80-2 | i386
crypto-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
efi-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
efi-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
efi-modules-4.9.0-5-686-di | 4.9.80-2 | i386
efi-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
event-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
event-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
event-modules-4.9.0-5-686-di | 4.9.80-2 | i386
event-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
ext4-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
ext4-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
ext4-modules-4.9.0-5-686-di | 4.9.80-2 | i386
ext4-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
fat-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
fat-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
fat-modules-4.9.0-5-686-di | 4.9.80-2 | i386
fat-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
fb-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
fb-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
fb-modules-4.9.0-5-686-di | 4.9.80-2 | i386
fb-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
firewire-core-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
firewire-core-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
firewire-core-modules-4.9.0-5-686-di | 4.9.80-2 | i386
firewire-core-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
fuse-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
fuse-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
fuse-modules-4.9.0-5-686-di | 4.9.80-2 | i386
fuse-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
hyperv-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
hyperv-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
hyperv-modules-4.9.0-5-686-di | 4.9.80-2 | i386
hyperv-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
i2c-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
i2c-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
i2c-modules-4.9.0-5-686-di | 4.9.80-2 | i386
i2c-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
input-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
input-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
input-modules-4.9.0-5-686-di | 4.9.80-2 | i386
input-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
isofs-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
isofs-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
isofs-modules-4.9.0-5-686-di | 4.9.80-2 | i386
isofs-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
jfs-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
jfs-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
jfs-modules-4.9.0-5-686-di | 4.9.80-2 | i386
jfs-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
kernel-image-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
kernel-image-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
kernel-image-4.9.0-5-686-di | 4.9.80-2 | i386
kernel-image-4.9.0-5-686-pae-di | 4.9.80-2 | i386
linux-headers-4.9.0-4-686 | 4.9.65-3+deb9u1 | i386
linux-headers-4.9.0-4-686-pae | 4.9.65-3+deb9u1 | i386
linux-headers-4.9.0-4-all-i386 | 4.9.65-3+deb9u1 | i386
linux-headers-4.9.0-4-rt-686-pae | 4.9.65-3+deb9u1 | i386
linux-headers-4.9.0-5-686 | 4.9.80-2 | i386
linux-headers-4.9.0-5-686-pae | 4.9.80-2 | i386
linux-headers-4.9.0-5-all-i386 | 4.9.80-2 | i386
linux-headers-4.9.0-5-rt-686-pae | 4.9.80-2 | i386
linux-image-4.9.0-4-686 | 4.9.65-3+deb9u1 | i386
linux-image-4.9.0-4-686-dbg | 4.9.65-3+deb9u1 | i386
linux-image-4.9.0-4-686-pae | 4.9.65-3+deb9u1 | i386
linux-image-4.9.0-4-686-pae-dbg | 4.9.65-3+deb9u1 | i386
linux-image-4.9.0-4-rt-686-pae | 4.9.65-3+deb9u1 | i386
linux-image-4.9.0-4-rt-686-pae-dbg | 4.9.65-3+deb9u1 | i386
linux-image-4.9.0-5-686 | 4.9.80-2 | i386
linux-image-4.9.0-5-686-dbg | 4.9.80-2 | i386
linux-image-4.9.0-5-686-pae | 4.9.80-2 | i386
linux-image-4.9.0-5-686-pae-dbg | 4.9.80-2 | i386
linux-image-4.9.0-5-rt-686-pae | 4.9.80-2 | i386
linux-image-4.9.0-5-rt-686-pae-dbg | 4.9.80-2 | i386
loop-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
loop-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
loop-modules-4.9.0-5-686-di | 4.9.80-2 | i386
loop-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
md-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
md-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
md-modules-4.9.0-5-686-di | 4.9.80-2 | i386
md-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
mmc-core-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
mmc-core-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
mmc-core-modules-4.9.0-5-686-di | 4.9.80-2 | i386
mmc-core-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
mmc-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
mmc-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
mmc-modules-4.9.0-5-686-di | 4.9.80-2 | i386
mmc-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
mouse-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
mouse-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
mouse-modules-4.9.0-5-686-di | 4.9.80-2 | i386
mouse-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
multipath-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
multipath-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
multipath-modules-4.9.0-5-686-di | 4.9.80-2 | i386
multipath-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
nbd-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
nbd-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
nbd-modules-4.9.0-5-686-di | 4.9.80-2 | i386
nbd-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
nic-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
nic-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
nic-modules-4.9.0-5-686-di | 4.9.80-2 | i386
nic-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
nic-pcmcia-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
nic-pcmcia-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
nic-pcmcia-modules-4.9.0-5-686-di | 4.9.80-2 | i386
nic-pcmcia-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
nic-shared-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
nic-shared-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
nic-shared-modules-4.9.0-5-686-di | 4.9.80-2 | i386
nic-shared-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
nic-usb-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
nic-usb-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
nic-usb-modules-4.9.0-5-686-di | 4.9.80-2 | i386
nic-usb-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
nic-wireless-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
nic-wireless-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
nic-wireless-modules-4.9.0-5-686-di | 4.9.80-2 | i386
nic-wireless-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
ntfs-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
ntfs-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
ntfs-modules-4.9.0-5-686-di | 4.9.80-2 | i386
ntfs-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
pata-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
pata-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
pata-modules-4.9.0-5-686-di | 4.9.80-2 | i386
pata-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
pcmcia-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
pcmcia-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
pcmcia-modules-4.9.0-5-686-di | 4.9.80-2 | i386
pcmcia-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
pcmcia-storage-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
pcmcia-storage-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
pcmcia-storage-modules-4.9.0-5-686-di | 4.9.80-2 | i386
pcmcia-storage-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
ppp-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
ppp-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
ppp-modules-4.9.0-5-686-di | 4.9.80-2 | i386
ppp-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
sata-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
sata-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
sata-modules-4.9.0-5-686-di | 4.9.80-2 | i386
sata-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
scsi-core-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
scsi-core-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
scsi-core-modules-4.9.0-5-686-di | 4.9.80-2 | i386
scsi-core-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
scsi-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
scsi-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
scsi-modules-4.9.0-5-686-di | 4.9.80-2 | i386
scsi-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
serial-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
serial-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
serial-modules-4.9.0-5-686-di | 4.9.80-2 | i386
serial-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
sound-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
sound-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
sound-modules-4.9.0-5-686-di | 4.9.80-2 | i386
sound-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
speakup-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
speakup-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
speakup-modules-4.9.0-5-686-di | 4.9.80-2 | i386
speakup-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
squashfs-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
squashfs-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
squashfs-modules-4.9.0-5-686-di | 4.9.80-2 | i386
squashfs-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
udf-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
udf-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
udf-modules-4.9.0-5-686-di | 4.9.80-2 | i386
udf-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
uinput-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
uinput-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
uinput-modules-4.9.0-5-686-di | 4.9.80-2 | i386
uinput-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
usb-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
usb-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
usb-modules-4.9.0-5-686-di | 4.9.80-2 | i386
usb-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
usb-serial-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
usb-serial-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
usb-serial-modules-4.9.0-5-686-di | 4.9.80-2 | i386
usb-serial-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
usb-storage-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
usb-storage-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
usb-storage-modules-4.9.0-5-686-di | 4.9.80-2 | i386
usb-storage-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
virtio-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
virtio-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
virtio-modules-4.9.0-5-686-di | 4.9.80-2 | i386
virtio-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
xfs-modules-4.9.0-4-686-di | 4.9.65-3+deb9u1 | i386
xfs-modules-4.9.0-4-686-pae-di | 4.9.65-3+deb9u1 | i386
xfs-modules-4.9.0-5-686-di | 4.9.80-2 | i386
xfs-modules-4.9.0-5-686-pae-di | 4.9.80-2 | i386
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Mar 2018 09:14:17 +0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:
linux-headers-4.9.0-4-all-mips | 4.9.65-3+deb9u1 | mips
linux-headers-4.9.0-5-all-mips | 4.9.80-2 | mips
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Mar 2018 09:14:48 +0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:
affs-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
affs-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
btrfs-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
btrfs-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
cdrom-core-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
cdrom-core-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
crc-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
crc-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
crypto-dm-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
crypto-dm-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
crypto-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
crypto-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
event-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
event-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
ext4-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
ext4-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
fat-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
fat-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
fuse-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
fuse-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
hfs-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
hfs-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
input-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
input-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
isofs-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
isofs-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
jfs-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
jfs-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
kernel-image-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
kernel-image-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
linux-headers-4.9.0-4-5kc-malta | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
linux-headers-4.9.0-4-octeon | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
linux-headers-4.9.0-5-5kc-malta | 4.9.80-2 | mips, mips64el, mipsel
linux-headers-4.9.0-5-octeon | 4.9.80-2 | mips, mips64el, mipsel
linux-image-4.9.0-4-5kc-malta | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
linux-image-4.9.0-4-5kc-malta-dbg | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
linux-image-4.9.0-4-octeon | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
linux-image-4.9.0-4-octeon-dbg | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
linux-image-4.9.0-5-5kc-malta | 4.9.80-2 | mips, mips64el, mipsel
linux-image-4.9.0-5-5kc-malta-dbg | 4.9.80-2 | mips, mips64el, mipsel
linux-image-4.9.0-5-octeon | 4.9.80-2 | mips, mips64el, mipsel
linux-image-4.9.0-5-octeon-dbg | 4.9.80-2 | mips, mips64el, mipsel
loop-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
loop-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
md-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
md-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
minix-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
minix-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
multipath-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
multipath-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
nbd-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
nbd-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
nic-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
nic-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
nic-shared-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
nic-shared-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
nic-usb-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
nic-usb-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
nic-wireless-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
nic-wireless-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
ntfs-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
ntfs-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
pata-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
pata-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
ppp-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
ppp-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
rtc-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
rtc-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
sata-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
sata-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
scsi-core-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
scsi-core-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
scsi-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
scsi-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
sound-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
sound-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
squashfs-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
squashfs-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
udf-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
udf-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
usb-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
usb-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
usb-serial-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
usb-serial-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
usb-storage-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
usb-storage-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
virtio-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
virtio-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
xfs-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
xfs-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
zlib-modules-4.9.0-4-octeon-di | 4.9.65-3+deb9u1 | mips, mips64el, mipsel
zlib-modules-4.9.0-5-octeon-di | 4.9.80-2 | mips, mips64el, mipsel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Mar 2018 09:15:09 +0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:
affs-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
affs-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
ata-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
ata-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
btrfs-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
btrfs-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
cdrom-core-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
cdrom-core-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
crc-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
crc-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
crypto-dm-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
crypto-dm-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
crypto-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
crypto-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
event-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
event-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
ext4-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
ext4-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
fat-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
fat-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
fuse-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
fuse-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
hfs-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
hfs-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
i2c-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
i2c-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
input-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
input-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
isofs-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
isofs-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
jfs-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
jfs-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
kernel-image-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
kernel-image-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
linux-headers-4.9.0-4-4kc-malta | 4.9.65-3+deb9u1 | mips, mipsel
linux-headers-4.9.0-5-4kc-malta | 4.9.80-2 | mips, mipsel
linux-image-4.9.0-4-4kc-malta | 4.9.65-3+deb9u1 | mips, mipsel
linux-image-4.9.0-4-4kc-malta-dbg | 4.9.65-3+deb9u1 | mips, mipsel
linux-image-4.9.0-5-4kc-malta | 4.9.80-2 | mips, mipsel
linux-image-4.9.0-5-4kc-malta-dbg | 4.9.80-2 | mips, mipsel
loop-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
loop-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
md-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
md-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
minix-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
minix-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
mmc-core-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
mmc-core-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
mmc-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
mmc-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
mouse-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
mouse-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
multipath-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
multipath-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
nbd-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
nbd-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
nic-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
nic-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
nic-shared-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
nic-shared-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
nic-usb-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
nic-usb-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
nic-wireless-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
nic-wireless-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
ntfs-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
ntfs-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
pata-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
pata-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
ppp-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
ppp-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
sata-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
sata-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
scsi-core-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
scsi-core-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
scsi-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
scsi-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
sound-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
sound-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
squashfs-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
squashfs-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
udf-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
udf-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
usb-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
usb-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
usb-serial-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
usb-serial-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
usb-storage-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
usb-storage-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
virtio-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
virtio-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
xfs-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
xfs-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
zlib-modules-4.9.0-4-4kc-malta-di | 4.9.65-3+deb9u1 | mips, mipsel
zlib-modules-4.9.0-5-4kc-malta-di | 4.9.80-2 | mips, mipsel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Mar 2018 09:15:31 +0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:
affs-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
affs-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
ata-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
ata-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
btrfs-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
btrfs-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
cdrom-core-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
cdrom-core-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
crc-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
crc-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
crypto-dm-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
crypto-dm-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
crypto-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
crypto-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
event-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
event-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
ext4-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
ext4-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
fat-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
fat-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
fuse-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
fuse-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
hfs-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
hfs-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
i2c-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
i2c-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
input-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
input-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
isofs-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
isofs-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
jfs-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
jfs-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
kernel-image-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
kernel-image-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
linux-headers-4.9.0-4-all-mips64el | 4.9.65-3+deb9u1 | mips64el
linux-headers-4.9.0-5-all-mips64el | 4.9.80-2 | mips64el
loop-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
loop-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
md-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
md-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
minix-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
minix-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
mmc-core-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
mmc-core-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
mmc-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
mmc-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
mouse-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
mouse-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
multipath-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
multipath-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
nbd-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
nbd-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
nic-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
nic-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
nic-shared-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
nic-shared-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
nic-usb-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
nic-usb-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
nic-wireless-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
nic-wireless-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
ntfs-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
ntfs-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
pata-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
pata-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
ppp-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
ppp-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
sata-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
sata-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
scsi-core-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
scsi-core-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
scsi-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
scsi-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
sound-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
sound-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
squashfs-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
squashfs-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
udf-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
udf-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
usb-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
usb-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
usb-serial-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
usb-serial-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
usb-storage-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
usb-storage-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
virtio-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
virtio-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
xfs-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
xfs-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
zlib-modules-4.9.0-4-5kc-malta-di | 4.9.65-3+deb9u1 | mips64el
zlib-modules-4.9.0-5-5kc-malta-di | 4.9.80-2 | mips64el
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Mar 2018 09:15:55 +0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:
affs-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
affs-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
ata-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
ata-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
btrfs-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
btrfs-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
cdrom-core-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
cdrom-core-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
crc-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
crc-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
crypto-dm-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
crypto-dm-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
crypto-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
crypto-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
event-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
event-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
ext4-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
ext4-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
fat-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
fat-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
fb-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
fb-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
firewire-core-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
firewire-core-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
fuse-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
fuse-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
hfs-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
hfs-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
input-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
input-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
isofs-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
isofs-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
jfs-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
jfs-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
kernel-image-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
kernel-image-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
linux-headers-4.9.0-4-loongson-3 | 4.9.65-3+deb9u1 | mips64el, mipsel
linux-headers-4.9.0-5-loongson-3 | 4.9.80-2 | mips64el, mipsel
linux-image-4.9.0-4-loongson-3 | 4.9.65-3+deb9u1 | mips64el, mipsel
linux-image-4.9.0-4-loongson-3-dbg | 4.9.65-3+deb9u1 | mips64el, mipsel
linux-image-4.9.0-5-loongson-3 | 4.9.80-2 | mips64el, mipsel
linux-image-4.9.0-5-loongson-3-dbg | 4.9.80-2 | mips64el, mipsel
loop-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
loop-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
md-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
md-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
minix-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
minix-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
multipath-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
multipath-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
nbd-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
nbd-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
nfs-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
nfs-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
nic-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
nic-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
nic-shared-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
nic-shared-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
nic-usb-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
nic-usb-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
nic-wireless-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
nic-wireless-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
ntfs-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
ntfs-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
pata-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
pata-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
ppp-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
ppp-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
sata-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
sata-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
scsi-core-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
scsi-core-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
scsi-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
scsi-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
sound-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
sound-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
speakup-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
speakup-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
squashfs-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
squashfs-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
udf-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
udf-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
usb-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
usb-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
usb-serial-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
usb-serial-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
usb-storage-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
usb-storage-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
virtio-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
virtio-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
xfs-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
xfs-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
zlib-modules-4.9.0-4-loongson-3-di | 4.9.65-3+deb9u1 | mips64el, mipsel
zlib-modules-4.9.0-5-loongson-3-di | 4.9.80-2 | mips64el, mipsel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Mar 2018 09:16:12 +0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:
linux-headers-4.9.0-4-all-mipsel | 4.9.65-3+deb9u1 | mipsel
linux-headers-4.9.0-5-all-mipsel | 4.9.80-2 | mipsel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Mar 2018 09:16:52 +0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:
ata-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
ata-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
btrfs-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
btrfs-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
cdrom-core-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
cdrom-core-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
crc-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
crc-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
crypto-dm-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
crypto-dm-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
crypto-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
crypto-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
event-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
event-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
ext4-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
ext4-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
fancontrol-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
fancontrol-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
fat-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
fat-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
firewire-core-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
firewire-core-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
fuse-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
fuse-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
hypervisor-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
hypervisor-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
input-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
input-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
isofs-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
isofs-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
jfs-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
jfs-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
kernel-image-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
kernel-image-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
linux-headers-4.9.0-4-all-ppc64el | 4.9.65-3+deb9u1 | ppc64el
linux-headers-4.9.0-4-powerpc64le | 4.9.65-3+deb9u1 | ppc64el
linux-headers-4.9.0-5-all-ppc64el | 4.9.80-2 | ppc64el
linux-headers-4.9.0-5-powerpc64le | 4.9.80-2 | ppc64el
linux-image-4.9.0-4-powerpc64le | 4.9.65-3+deb9u1 | ppc64el
linux-image-4.9.0-4-powerpc64le-dbg | 4.9.65-3+deb9u1 | ppc64el
linux-image-4.9.0-5-powerpc64le | 4.9.80-2 | ppc64el
linux-image-4.9.0-5-powerpc64le-dbg | 4.9.80-2 | ppc64el
loop-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
loop-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
md-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
md-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
mouse-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
mouse-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
multipath-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
multipath-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
nbd-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
nbd-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
nic-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
nic-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
nic-shared-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
nic-shared-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
ppp-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
ppp-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
sata-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
sata-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
scsi-core-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
scsi-core-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
scsi-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
scsi-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
serial-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
serial-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
squashfs-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
squashfs-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
udf-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
udf-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
uinput-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
uinput-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
usb-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
usb-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
usb-serial-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
usb-serial-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
usb-storage-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
usb-storage-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
virtio-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
virtio-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
xfs-modules-4.9.0-4-powerpc64le-di | 4.9.65-3+deb9u1 | ppc64el
xfs-modules-4.9.0-5-powerpc64le-di | 4.9.80-2 | ppc64el
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Mar 2018 09:17:18 +0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:
btrfs-modules-4.9.0-4-s390x-di | 4.9.65-3+deb9u1 | s390x
btrfs-modules-4.9.0-5-s390x-di | 4.9.80-2 | s390x
crc-modules-4.9.0-4-s390x-di | 4.9.65-3+deb9u1 | s390x
crc-modules-4.9.0-5-s390x-di | 4.9.80-2 | s390x
crypto-dm-modules-4.9.0-4-s390x-di | 4.9.65-3+deb9u1 | s390x
crypto-dm-modules-4.9.0-5-s390x-di | 4.9.80-2 | s390x
crypto-modules-4.9.0-4-s390x-di | 4.9.65-3+deb9u1 | s390x
crypto-modules-4.9.0-5-s390x-di | 4.9.80-2 | s390x
dasd-extra-modules-4.9.0-4-s390x-di | 4.9.65-3+deb9u1 | s390x
dasd-extra-modules-4.9.0-5-s390x-di | 4.9.80-2 | s390x
dasd-modules-4.9.0-4-s390x-di | 4.9.65-3+deb9u1 | s390x
dasd-modules-4.9.0-5-s390x-di | 4.9.80-2 | s390x
ext4-modules-4.9.0-4-s390x-di | 4.9.65-3+deb9u1 | s390x
ext4-modules-4.9.0-5-s390x-di | 4.9.80-2 | s390x
fat-modules-4.9.0-4-s390x-di | 4.9.65-3+deb9u1 | s390x
fat-modules-4.9.0-5-s390x-di | 4.9.80-2 | s390x
fuse-modules-4.9.0-4-s390x-di | 4.9.65-3+deb9u1 | s390x
fuse-modules-4.9.0-5-s390x-di | 4.9.80-2 | s390x
isofs-modules-4.9.0-4-s390x-di | 4.9.65-3+deb9u1 | s390x
isofs-modules-4.9.0-5-s390x-di | 4.9.80-2 | s390x
kernel-image-4.9.0-4-s390x-di | 4.9.65-3+deb9u1 | s390x
kernel-image-4.9.0-5-s390x-di | 4.9.80-2 | s390x
linux-headers-4.9.0-4-all-s390x | 4.9.65-3+deb9u1 | s390x
linux-headers-4.9.0-4-s390x | 4.9.65-3+deb9u1 | s390x
linux-headers-4.9.0-5-all-s390x | 4.9.80-2 | s390x
linux-headers-4.9.0-5-s390x | 4.9.80-2 | s390x
linux-image-4.9.0-4-s390x | 4.9.65-3+deb9u1 | s390x
linux-image-4.9.0-4-s390x-dbg | 4.9.65-3+deb9u1 | s390x
linux-image-4.9.0-5-s390x | 4.9.80-2 | s390x
linux-image-4.9.0-5-s390x-dbg | 4.9.80-2 | s390x
loop-modules-4.9.0-4-s390x-di | 4.9.65-3+deb9u1 | s390x
loop-modules-4.9.0-5-s390x-di | 4.9.80-2 | s390x
md-modules-4.9.0-4-s390x-di | 4.9.65-3+deb9u1 | s390x
md-modules-4.9.0-5-s390x-di | 4.9.80-2 | s390x
multipath-modules-4.9.0-4-s390x-di | 4.9.65-3+deb9u1 | s390x
multipath-modules-4.9.0-5-s390x-di | 4.9.80-2 | s390x
nbd-modules-4.9.0-4-s390x-di | 4.9.65-3+deb9u1 | s390x
nbd-modules-4.9.0-5-s390x-di | 4.9.80-2 | s390x
nic-modules-4.9.0-4-s390x-di | 4.9.65-3+deb9u1 | s390x
nic-modules-4.9.0-5-s390x-di | 4.9.80-2 | s390x
scsi-core-modules-4.9.0-4-s390x-di | 4.9.65-3+deb9u1 | s390x
scsi-core-modules-4.9.0-5-s390x-di | 4.9.80-2 | s390x
scsi-modules-4.9.0-4-s390x-di | 4.9.65-3+deb9u1 | s390x
scsi-modules-4.9.0-5-s390x-di | 4.9.80-2 | s390x
udf-modules-4.9.0-4-s390x-di | 4.9.65-3+deb9u1 | s390x
udf-modules-4.9.0-5-s390x-di | 4.9.80-2 | s390x
virtio-modules-4.9.0-4-s390x-di | 4.9.65-3+deb9u1 | s390x
virtio-modules-4.9.0-5-s390x-di | 4.9.80-2 | s390x
xfs-modules-4.9.0-4-s390x-di | 4.9.65-3+deb9u1 | s390x
xfs-modules-4.9.0-5-s390x-di | 4.9.80-2 | s390x
zlib-modules-4.9.0-4-s390x-di | 4.9.65-3+deb9u1 | s390x
zlib-modules-4.9.0-5-s390x-di | 4.9.80-2 | s390x
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Mar 2018 09:25:38 +0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:
linux-headers-4.9.0-4-common | 4.9.65-3+deb9u1 | all
------------------- Reason -------------------
[auto-cruft] no longer built from source
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Mar 2018 09:25:56 +0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:
linux-headers-4.9.0-4-common-rt | 4.9.65-3+deb9u1 | all
------------------- Reason -------------------
[auto-cruft] no longer built from source
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Mar 2018 09:26:10 +0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:
linux-headers-4.9.0-5-common | 4.9.80-2 | all
------------------- Reason -------------------
[auto-cruft] no longer built from source
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Mar 2018 09:26:25 +0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:
linux-headers-4.9.0-5-common-rt | 4.9.80-2 | all
------------------- Reason -------------------
[auto-cruft] no longer built from source
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Mar 2018 09:26:47 +0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:
linux-support-4.9.0-4 | 4.9.65-3+deb9u1 | all
------------------- Reason -------------------
[auto-cruft] no longer built from source
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 10 Mar 2018 09:27:03 +0000] [ftpmaster: Mark Hymers]
Removed the following packages from stable:
linux-support-4.9.0-5 | 4.9.80-2 | all
------------------- Reason -------------------
[auto-cruft] no longer built from source
----------------------------------------------
=========================================================================
acme-tiny (20160801-3+deb9u1) stretch; urgency=medium
.
* Fix outdated version of the subscriber agreement (Closes: #882693)
activity-log-manager (0.8.0-1.2~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
activity-log-manager (0.8.0-1.2) unstable; urgency=medium
.
* Non-maintainer upload.
* Add dependency against python-zeitgeist (Closes: #881438)
agenda.app (0.42.2-1+deb9u1) stretch; urgency=medium
.
* debian/patches/fix-editors-exception.patch: New, fixes creation of
tasks and appointments (Closes: #884098).
* debian/patches/series: New file.
apparmor (2.11.0-3+deb9u2) stretch; urgency=medium
.
* Move the features file to /usr/share/apparmor-features;
accordingly remove the old (now obsolete) '/etc/apparmor/features'
conffile (Closes: #883682).
* Configure gbp for DEP-14 and avoid gbp-pq prefixing patches
with numbers.
apparmor (2.11.0-3+deb9u1) stretch; urgency=medium
.
* Pin the AppArmor feature set to Stretch's kernel (Closes: #879585).
This ensures Stretch systems, even when running a newer kernel (e.g.
from backports), have their AppArmor feature set pinned to the one
supported by the AppArmor policy shipped in Stretch. Otherwise they
would experience breakage due to new AppArmor mediation features
introduced in recent kernels.
asterisk (1:13.14.1~dfsg-2+deb9u3) stretch-security; urgency=medium
.
[ Tzafrir Cohen ]
* AST-2017-009: ignored for the record.
* AST-2017-010 / CVE-2017-16671: Buffer overflow in CDRs (call logs)
(Closes: #881257)
* AST-2017-011 / CVE-2017-16672: Memory/File Descriptor/RTP leak in
pjsip session resource (Closes: #881256)
* AST-2017-012 / CVE-2017-17664: Remote Crash Vulnerability in RTCP Stack
(Closes: #884345)
* AST-2017-013 / CVE-2017-17090: DoS (memory leak) in chan_skinny
(Closes: #883342)
* ASTERISK-26606.patch: fix openssl error reporting (Closes: #883767)
* debian/.gitignore: typo
* gbp.conf: set branch name
.
[ Bernhard Schmidt ]
* Drop duplicate filter line from d/gbp.conf
auto-apt-proxy (2+deb9u1) stretch; urgency=medium
.
* Move apt configuration away on removal, and put it back on reinstalls
(Closes: #881751)
awstats (7.6+dfsg-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix traversal flaw in the handling of the "config" and "migrate"
parameters (CVE-2017-1000501) (Closes: #885835)
bareos (16.2.4-3+deb9u2) stretch; urgency=medium
.
* Fix backups failing with "No Volume name given". (Closes: #889040)
- Backport upstream commit: Don't return empty volname if volume is on
unwanted vols list.
base-files (9.9+deb9u4) stretch; urgency=medium
.
* Change /etc/debian_version to 9.4, for Debian 9.4 point release.
bind9 (1:9.10.3.dfsg.P4-12.3+deb9u4) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Addresses could be referenced after being freed in resolver.c, causing an
assertion failure. (CVE-2017-3145)
bouncycastle (1.56-1+deb9u1) stretch-security; urgency=medium
.
* CVE-2017-13098
cappuccino (0.5.1-6+deb9u1) stretch; urgency=medium
.
[ Andreas Beckmann ]
* Non-maintainer upload.
* Backport fix from 0.5.1-7 to stretch.
.
[ Breno Leitao ]
* Adding gir1.2-gtk-3.0 as a dependency. Closes: #879848
cerealizer (0.8.1-1+deb9u1) stretch; urgency=medium
.
[ Andreas Beckmann ]
* Non-maintainer upload.
* Backport fix from 0.8.1-2 to stretch.
.
[ Vincent Bernat ]
* Fix python3-cerealizer Depends field. Closes: #867396.
clamav (0.99.4+dfsg-1+deb9u1) stretch; urgency=medium
.
* Update to upstream 0.99.4:
Fixes for CVE: CVE-2018-1000085, CVE-2018-0202.
* Update the gpg signing key (the old DSA expired).
* Update version of private symbols due to version change.
* Bump symbol version of cl_retflevel because CL_FLEVEL changed.
clamav (0.99.4+dfsg-1+deb8u1) jessie; urgency=medium
.
* Update to upstream 0.99.4:
Fixes for CVE: CVE-2018-1000085, CVE-2018-0202.
* Update the gpg signing key (the old DSA expired).
* Update version of private symbols due to version change.
* Bump symbol version of cl_retflevel because CL_FLEVEL changed.
clamav (0.99.3~snapshot20170704+dfsg-1) experimental; urgency=medium
.
* Update to upstream snapshot (commit
144ef69462427b63a650294257c892b047601aac):
- add config options
- boost symbol file
- drop applied patches:
- Allow-M-suffix-for-PCREMaxFileSize.patch
- bb11549-fix-temp-file-cleanup-issue.patch
- clamav_add_private_fts_implementation.patch
- drop-AllowSupplementaryGroups-option-and-make-it-def.patch
- fix-ssize_t-size_t-off_t-printf-modifier.patch
- libclamav-use-libmspack.patch
- make_it_compile_against_openssl_1_1_0.patch
- add new ones:
- fts-no-use-AC_TRY_RUN.patch
- clamsubmit-add-JSON-libs-to-clamsubmit.patch
clamav (0.99.3~beta2+dfsg-1) unstable; urgency=medium
.
* Update upstream's signing gpg key
* Update to beta2:
- freshclam does not complain that clamav is outdated (Closes: #873401).
clamav (0.99.3~beta1+dfsg-4) unstable; urgency=medium
.
* Ignore errors from update-rc.d in freshclam postins (Closes: #882323).
* Drop dh-systemd & autoreconf from B-D.
clamav (0.99.3~beta1+dfsg-3) unstable; urgency=medium
.
* Drop "demime = *" from Debian.README for clamav, this option is gone from
exim (Closes: #881634).
* Use "ucf" instead "ucp" in clamav-milter's postinst.
* Disable LLVM support due to 3.8 removal (Closes: #873401).
* Disable the freshclam service if changed to `manual' mode so it does start
again after system reboot with systemd (Closes: #881780).
* Bump standards version to 4.1.1 without further change.
* Allow to build as non root user.
* Update dh compat level 10
clamav (0.99.3~beta1+dfsg-2) unstable; urgency=medium
.
* Build again against system's libmspack (dropped by accident)
(Closes: #872594).
* Don't replace config file with sample config after debconf gets disabled
(in milter and daemon (Closes: #870253).
* Update standards to 4.0.1
- use invoke-rc.d instead of /etc/init.d.
- drop priority extra from clamav-milter.
* Add bytecode.c(l|v)d to log clamav-freshclam.logcheck.ignore.server. Patch
by Václav OvsÃk <vaclav.ovsik@gmail.com> (Closes: #868766).
clamav (0.99.3~beta1+dfsg-1) unstable; urgency=medium
.
* Upload to unstable
* update to official beta1 release:
- drop fts-no-use-AC_TRY_RUN.patch, applied upstream.
clamav (0.99.2+dfsg-6+deb9u1) stretch; urgency=medium
.
* Apply security patches from 0.99.3 (Closes: #888484):
- fixes for the following CVE's: CVE-2017-6418, CVE-2017-6420,
CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377,
CVE-2017-12378, CVE-2017-12379, CVE-2017-12380.
* Bump symbol version of cl_retflevel because CL_FLEVEL changed.
cron (3.0pl1-128+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Properly transition system jobs to system_cronjob_t SELinux context and
stop relying on refpolicy specific identifiers (Closes: #857662)
cups (2.2.1-8+deb9u1) stretch; urgency=low
.
* CVE-2017-18190: Prevent an issue where remote attackers could execute
arbitrary IPP commands by sending POST requests to the CUPS daemon in
conjunction with DNS rebinding. This was caused by a whitelisted
"localhost.localdomain" entry.
curl (7.52.1-5+deb9u4) stretch-security; urgency=high
.
* Fix HTTP/2 trailer out-of-bounds read as per CVE-2018-1000005
https://curl.haxx.se/docs/adv_2018-824a.html
* Fix HTTP authentication leak in redirects as per CVE-2018-1000007
https://curl.haxx.se/docs/adv_2018-b3bf.html
dbus (1.10.26-0+deb9u1) stretch; urgency=medium
.
* New upstream stable release
- bus/bus.c: Raise file descriptor limit sooner, while we still can
(before we drop privileges), fixing a regression in 1.10.18 which
negated a previous fix for local denial of service via resource
exhaustion
- test/*, build system: Add a regression test for the above
* d/tests/root: Re-run test-dbus-daemon as root, since it now contains
tests that are skipped as non-root
* d/tests/root: Allow stderr output, because test-dbus-daemon emits
some (and it is not a problem)
debian-edu-config (1.929+deb9u1) stretch; urgency=medium
.
[ Wolfgang Schweer ]
* Rewrite wpad-extract tool to be independent from KDE related files.
(Closes: #888829).
* Adjust Samba configuration. Allow joining of Windows 10 clients to the
Samba NT4-style domain. (Closes: #864663).
.
[ Mike Gabriel ]
* debian/control: Drop libproxy-tools, add libpacparser1. (as part of
fixing #888829).
* Chromium: Pre-configure Chromium Webbrowser system-wide to auto-detect the
http proxy settings via WPAD (plus locking the proxy settings dialog for
users). (Closes: #891262).
debian-installer (20170615+deb9u3) stretch; urgency=medium
.
* Bump Linux kernel version from 4.9.0-4 to 4.9.0-6.
debian-installer-netboot-images (20170615+deb9u3) stretch; urgency=medium
.
* Update to 20170615+deb9u3 images, from stretch-proposed-updates
* Fix Vcs-Browser field.
directfb (1.2.10.0-8+deb9u1) stretch; urgency=medium
.
* debian/libdirectfb-1.2-9.install: Fix architecture-based filter to
actually install drivers. (Closes: #878324)
django-anymail (0.8-2+deb9u1) stretch-security; urgency=high
.
* Security fix for timing attack on WEBHOOK_AUTHORIZATION secret (CVE-2018-
6596) as described in https://github.com/anymail/django-anymail/releases/
tag/v1.2.1 (Closes: #889450)
dovecot (1:2.2.27-3+deb9u2) stretch-security; urgency=high
.
* [794e743] Fix CVE-2017-14461: rfc822_parse_domain information leak
vulnerability (Closes: #891819)
* [530ca6d] Fix CVE-2017-15130: TLS SNI config lookups are inefficient and
can be used for DoS (Closes: #891820)
+ Use dh-autoreconf, as src/Makefile.in needs to be regenerated. Also
disable dovecot_name.patch, since it changes dovecot's banner in
conjunction with dh_autoreconf.
* [68c2156] Fix CVE-2017-15132: memory leak on aborted SASL auth (Closes:
#888432)
dovecot (1:2.2.27-3+deb9u2~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
.
dovecot (1:2.2.27-3+deb9u2) stretch-security; urgency=high
.
* [794e743] Fix CVE-2017-14461: rfc822_parse_domain information leak
vulnerability (Closes: #891819)
* [530ca6d] Fix CVE-2017-15130: TLS SNI config lookups are inefficient and
can be used for DoS (Closes: #891820)
+ Use dh-autoreconf, as src/Makefile.in needs to be regenerated. Also
disable dovecot_name.patch, since it changes dovecot's banner in
conjunction with dh_autoreconf.
* [68c2156] Fix CVE-2017-15132: memory leak on aborted SASL auth (Closes:
#888432)
.
dovecot (1:2.2.27-3+deb9u1) stretch; urgency=medium
.
* [8b8226f] Fix fts-solr: escape {} chars when sending queries (Closes:
#865945)
* [a97cdab] Add basic usage DEP-8 tests, performing end-to-end testing using
LDA, IMAP and POP3.
dpdk (16.11.4-1+deb9u1) stretch; urgency=medium
.
[ Luca Boccassi ]
* Merge stable update to 16.11.4; For a list of changes see
http://dpdk.org/ml/archives/announce/2017-December/000163.html
* Merge stable update to 16.11.3; For a list of changes see
http://dpdk.org/ml/archives/announce/2017-August/000143.html
* Merge stable update to 16.11.2; For a list of changes
see http://dpdk.org/ml/archives/announce/2017-May/000131.html
* Merge stable update to 16.11.1; For a list of changes
see http://dpdk.org/ml/archives/dev/2017-March/058930.html
* Use HTTPS in debian/copyright and debian/control
* Switch to @debian.org email address.
.
[ Christian Ehrhardt ]
* d/p/dpdk-dev-v3-eal-sPAPR-IOMMU-support-in-pci-probing-for-vfio-pci-
in-ppc64le.patch: sPAPR IOMMU based pci probing enabled for vfio-pci
devices.
* d/p/fix-vhost-user-socket-permission.patch: updated to work with newer
openvswitch versions
* d/p/igb_uio-switch-to-new-irq-function-for-MSI-X.patch: fix dkms issue
in kernel 4.12 (LP: #1700768)
* ensure man pages are bundled with executables on all architectures
* dpdk.conf: add info about unwanted effects of multiple hugepage
mountpoints
.
[ Charles (Chas) Williams ]
* Fix upstream documentation links in d/control.
dpdk (16.11.4-1) unstable; urgency=medium
.
* Merge stable update to 16.11.4; For a list of changes see
http://dpdk.org/ml/archives/announce/2017-December/000163.html
* Drop kni-fix-ethtool-build-with-kernel-4.11.patch, merged upstream.
dpdk (16.11.4-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
dpdk (16.11.3-1) unstable; urgency=medium
.
[ Luca Boccassi ]
* Merge stable update to 16.11.3; For a list of changes see
http://dpdk.org/ml/archives/announce/2017-August/000143.html
* Fix reproducibility of librte-eal linuxapp.
* Mark build-dependencies needed for documentation builds with the <!nodoc>
build-profile to fully implement support for it.
* Bump Standards-Version to 4.1.0. Relevant changes are nodoc support and
build reprodicibility.
* Switch to debian.org email address.
* Build-Depend on debhelper (>= 9.20160709) rather than dh-systemd as
latter is deprecated. Fixes Lintian Error:
build-depends-on-obsolete-package
* Fix upstream version parsing in d/rules to account for -rcX.
* Build-Depend on debhelper (>= 9.20160709) | dh-systemd to keep
compatibility with Ubuntu 16.04, which does not yet have that
of debhelper.
* Revert: d/rules: use new dh option names - Ubuntu 16.04 does not
have a debhelper that supports the new option, so use the old
ones for now.
* Correctly parse upstream version when using ~rc instead of -rc.
* Bump Standards-Version to 4.1.1, no changes.
.
[ Christian Ehrhardt ]
* d/rules: use new dh option names
* d/rules: properly enable dpdk systemd service
* d/t/control: fix test dependencies for s390x.
dpdk (16.11.3-1~bpo9+1) stretch-backports; urgency=low
.
* Rebuild for stretch-backports
dpdk (16.11.2-4) unstable; urgency=medium
.
[ Christian Ehrhardt ]
* d/p/igb_uio-switch-to-new-irq-function-for-MSI-X.patch: fix dkms issue
in kernel 4.12 (LP: #1700768)
.
[ Luca Boccassi ]
* Add patches to make the documentation and linker script builds fully
reproducible.
* Add patches to make the libraries and PMDs builds fully reproducible,
by making the listing order of headers, source files and objects in
the makefiles stable (via sorting).
dpdk (16.11.2-3) unstable; urgency=medium
.
* Upload to unstable.
dpdk (16.11.2-2) experimental; urgency=medium
.
* Restore fixes by Santiago RR for typos in debian/control, accidentally
dropped in 16.11.2-1.
dpdk (16.11.2-1) experimental; urgency=medium
.
[ Christian Ehrhardt ]
* Merge stable update to 16.11.2; For a list of changes
see http://dpdk.org/ml/archives/announce/2017-May/000131.html
* Dropped changes - patches that were included in 16.11.2 stable:
- d/p/kni-fix-build-with-kernel-4.11.patch
- d/p/nicvf-0002-net-thunderx-fix-32-bit-build.patch
- d/p/nicvf-0006-mk-fix-lib-filtering-when-linking-app.patch
- d/p/nicvf-0008-net-thunderx-fix-stats-access-out-of-bounds.patch
- d/p/nicvf-0010-net-thunderx-fix-deadlock-in-Rx-path.patch
.
[ Luca Boccassi ]
* Optionally generate libdpdk-dbgsym metapackage that depends on every
librte/PMD binary package's dbgsym. Keep it disabled by default, and
let users choose to enable it by passing dbgsym_meta via DEB_BUILD_OPTIONS.
Thanks Jan Blunck for the patch!
* Generate dependency list of libdpdk-dev to all librte and PMDs packages
dynamically at build time.
* Generate list of recommends for dpdk dynamically at build time.
* dpdk-modules-$KVERS: depend on same kernel version used to build rather than
just recommend - in-kernel API/ABI is not stable.
* Support for building packages for the new mempool framework has been added.
In 17.05 and newer a mempool framework was added, that has to be loaded
like a PMD. So any "plugin" will be linked in RTE_EAL_PMD_PATH just like
the PMDs. No mempool plugins are built for now, so it is currently a no-op.
* Drop libethdev4, librte-cryptodev1 and librte-eal2 transitional packages,
no longer needed.
* Fix some upstream documentation links in the packages metadata.
Thanks Chas Williams!
* Fix building debugging symbols for -dbgsym packages. Thanks Chas Williams!
dpdk (16.11.1-2) experimental; urgency=medium
.
[ Christian Ehrhardt ]
* Merge stable update to 16.11.1; For a list of changes
see http://dpdk.org/ml/archives/dev/2017-March/058930.html
* dpdk.conf: add info about unwanted effects of multiple hugepage
mountpoints
* d/p/dpdk-dev-v3-eal-sPAPR-IOMMU-support-in-pci-probing-for-vfio-pci-
in-ppc64le.patch: sPAPR IOMMU based pci probing enabled for vfio-pci
devices.
* enable librte-pmd-i40e1 for ppc64el
- debian/control: enable arch onpackage
- d/p/dpdk-dev-v4-i40e-implement-vector-PMD-for-altivec.patch: add i40e
PMD / vector PMD implementation and enable by default on ppc64el
* fix library availability/dependency
- librte-kni is built on ppc64el, fix dependency from libdpdk-dev
- librte-pmd-fm10k1 is not built on ppc64el (empty pkg atm) adapt arch
- librte-pmd-i40e is built on all architectures now
* Fix up thunderx to make arm support useful on more devices (LP: #1691659)
- d/p/nicvf-00[01-10]* backports of 17.02/17.05 fixes for thunderx
- d/control: dependencies and package for librte-pmd-thunderx-nicvf
- d/librte-pmd-thunderx-nicvf1.symbols: tracking library symbols
* fix dpdk-rte-kni dkms issues with kernel 4.11 (LP: #1691830)
- d/p/kni-fix-build-with-kernel-4.11.patch: fix pci_enable_msix usage
- d/p/kni-fix-ethtool-build-with-kernel-4.11.patch: Use new signal header
* ensure man pages are bundled with executables on all architectures
* d/p/fix-vhost-user-socket-permission.patch: updated to work with newer
openvswitch versions
.
[ Luca Boccassi ]
* Simplify debian/rules by using upstream's install target
and Debian's multiarch dir. Thanks Jan Blunck!
* Clarify that only the kni and igb_uio kernel modules are
distributed exclusively under the GPL2 in debian/copyright
* Add new DEB_BUILD_OPTIONS "nodocs" to allow users to avoid
building the DPDK documentation
* Add new DEB_BUILD_OPTIONS "nostatic" to allow users to avoid
building the DPDK static libraries
drupal7 (7.52-2+deb9u2) stretch-security; urgency=high
.
* Added missing DEP5 header to SA-CORE-2017-003 patch
* Uncruft: Remove an unused .dpatch file still from the drupal6 era(!)
* Fixes multiple security vulnerabilities, grouped under Drupal's
SA-CORE-2018-001 (CVEs yet unassigned):
- External link injection on 404 pages when linking to the current
page (Closes: #891154)
- jQuery vulnerability with untrusted domains (Closes: #891153)
- Private file access bypass (Closes: #891152)
- JavaScript cross-site scripting prevention is incomplete (Closes:
#891150)
enigmail (2:1.9.9-1~deb9u1) stretch-security; urgency=high
.
* Rebuild for stretch-security
.
enigmail (2:1.9.9-1) unstable; urgency=medium
.
* new upstream release
* Standards-Version: bump to 4.1.2 (no changes needed)
* drop patch already upstreamed
* debian/changelog: drop trailing whitespace
.
enigmail (2:1.9.8.3-1) unstable; urgency=medium
.
* New upstream release
* Standards-Version: bump to 4.1.1 (no changes needed)
.
enigmail (2:1.9.8.2-2) unstable; urgency=medium
.
* fix memoryhole protected header force-display part
.
enigmail (2:1.9.8.2-1) unstable; urgency=medium
.
* New upstream bugfix release
* refresh patches
* clean up debian/copyright
* clean up licensing in About dialog box (from upstream)
* Standards-Version: bump to 4.1.0 (no changes needed)
.
enigmail (2:1.9.8.1-1) unstable; urgency=medium
.
* new upstream release
enigmail (2:1.9.8.3-1) unstable; urgency=medium
.
* New upstream release
* Standards-Version: bump to 4.1.1 (no changes needed)
enigmail (2:1.9.8.2-2) unstable; urgency=medium
.
* fix memoryhole protected header force-display part
enigmail (2:1.9.8.2-1) unstable; urgency=medium
.
* New upstream bugfix release
* refresh patches
* clean up debian/copyright
* clean up licensing in About dialog box (from upstream)
* Standards-Version: bump to 4.1.0 (no changes needed)
enigmail (2:1.9.8.1-1) unstable; urgency=medium
.
* new upstream release
erlang (1:19.2.1+dfsg-2+deb9u1) stretch-security; urgency=high
.
* Applied a patch from the upstream which fixes CVE-2017-1000385
vulnerability (TLS server vunlerable to Adaptive Chosen Ciphertext attack
allowing plaintext recovery ot MITM attack).
erlang (1:19.2.1+dfsg-2+deb9u1~bpo8+1) jessie-backports; urgency=medium
.
* Backport for jessie.
* Replaced libssl1.0-dev by libssl-dev for backport.
espeakup (1:0.80-5+deb9u1) stretch; urgency=medium
.
* debian/espeakup-udeb.start: Fix case where card 0 does not have an id or
where cards have non-contiguous indexes. Also make sure we load the
english language by default.
* debian/espeakup-udeb.finish-install: Use card id in installed system
to avoid issues with card detection ordering.
exam (0.10.5-1+deb9u1) stretch; urgency=medium
.
[ Andreas Beckmann ]
* Non-maintainer upload.
* Backport fixes from 0.10.5-2 to stretch.
.
[ Scott Kitterman ]
* Correct Vcs-* fields in debian/control to point to the correct package
name
* Use correct substitution variable for python3-exam so python3 interpreter
depends are correctly generated (Closes: #867404)
* Let dh_python determine the mock depends (corrects issue where python-
exam incorrectly depended on python-mock instead of python3-mock)
exim4 (4.89-2+deb9u3) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix base64d() buffer size (CVE-2018-6789) (Closes: #890000)
exim4 (4.89-2+deb9u3~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
* b-d on libmysqlclient-dev | libmysqlclient15-dev instead of
default-libmysqlclient-dev.
.
exim4 (4.89-2+deb9u3) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix base64d() buffer size (CVE-2018-6789) (Closes: #890000)
.
exim4 (4.89-2+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Avoid release of store if there have been later allocations
(CVE-2017-16943) (Closes: #882648)
* Chunking: do not treat the first lonely dot special (CVE-2017-16944)
(Closes: #882671)
ffmpeg (7:3.2.10-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
- avcodec/x86/mpegvideodsp: Fix signedness bug in need_emu.
(CVE-2017-17081)
- avformat/libssh: check the user provided a password before trying to
use it. (Closes: #886912)
* debian/patches:
- Drop CVE-2017-16840 patch - applied upstream.
ffmpeg (7:3.2.10-1~deb9u1~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
* Merge jessie specific changes:
- Build-depend on yasm to work around nasm issues in jessie.
- Disable building with libebur128 because jessie's version breaks the
build.
- Build-depend on libchromaprint-dev from jessie-backports.
- Disable OCR with Tesseract because it is missing the pkg-config file on
jessie.
- Omit -fstack-protector-strong from used CFLAGS, FFmpeg already sets
-fstack-protector-all.
- Use GCC 4.8 on i386 instead of disabling PIE.
- Revert switch from libmodplug to libopenmpt because libopenmpt is not
available in jessie-backports yet.
.
ffmpeg (7:3.2.10-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
- avcodec/x86/mpegvideodsp: Fix signedness bug in need_emu.
(CVE-2017-17081)
- avformat/libssh: check the user provided a password before trying to
use it. (Closes: #886912)
* debian/patches:
- Drop CVE-2017-16840 patch - applied upstream.
.
ffmpeg (7:3.2.9-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
- avcodec/x86/lossless_videoencdsp: Fix out of array access.
(CVE-2017-15186)
- avcodec/ffv1dec: Fix out of array read in slice counting.
(CVE-2017-15672)
* debian/patches: avcodec/vc2enc_dwt: Fix out of bounds read.
(CVE-2017-16840)
.
ffmpeg (7:3.2.8-1~deb9u1) stretch-security; urgency=high
.
* New upstream release.
- avformat/rmdec: Fix DoS due to lack of eof check. (CVE-2017-14054)
- avformat/mvdec: Fix DoS due to lack of eof check. (CVE-2017-14055)
- avformat/rl2: Fix DoS due to lack of eof check. (CVE-2017-14056)
- avformat/asfdec: Fix DoS due to lack of eof check. (CVE-2017-14057)
- avformat/hls: Fix DoS due to infinite loop. (CVE-2017-14058)
- avformat/cinedec: Fix DoS due to lack of eof check. (CVE-2017-14059)
- avformat/mxfdec: Fix Sign error. (CVE-2017-14169)
- avformat/mxfdec: Fix DoS issues. (CVE-2017-14170)
- avformat/nsvdec: Fix DoS due to lack of eof check. (CVE-2017-14171)
- avformat/mov: Fix DoS. (CVE-2017-14222)
- avformat/asfdec: Fix DoS. (CVE-2017-14223)
- ffprobe: Fix null pointer dereference with color primaries.
(CVE-2017-14225)
- avformat/rtpdec_h264: Fix heap-buffer-overflow. (CVE-2017-14767)
.
ffmpeg (7:3.2.7-1~deb9u1) stretch-security; urgency=high
.
* New upstream release.
- apadec: Fix integer overflow. (CVE-2016-11399)
- rtmppkt: Fix out-of-bound access. (CVE-2017-11665)
- dnxhddec: Fix out-of-bound access. (CVE-2017-11719)
- dnxhd_parser: Fix NULL pointer access. (CVE-2017-9608)
- hls, avidec: Check file extensions. (CVE-2017-9993)
firefox-esr (52.6.0esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-03, also known as
CVE-2018-5091, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097,
CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103,
CVE-2018-5104, CVE-2018-5117, CVE-2018-5089.
.
firefox-esr (52.5.2esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2017-28, also known as CVE-2017-7843.
firefox-esr (52.6.0esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2018-03, also known as
CVE-2018-5091, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097,
CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103,
CVE-2018-5104, CVE-2018-5117, CVE-2018-5089.
.
firefox-esr (52.5.2esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2017-28, also known as CVE-2017-7843.
firefox-esr (52.5.3esr-1) unstable; urgency=medium
.
* New upstream release.
firefox-esr (52.5.2esr-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2017-28, also known as CVE-2017-7843.
firefox-esr (52.5.2esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2017-28, also known as CVE-2017-7843.
.
firefox-esr (52.5.0esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2017-25, also known as:
CVE-2017-7828, CVE-2017-7830, CVE-2017-7826.
.
* debian/source/lintian-overrides: Add a lintian override for dotzlib.chm.
* debian/import-tar.py: Make python 3.6 happy.
firefox-esr (52.5.2esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2017-28, also known as CVE-2017-7843.
.
firefox-esr (52.5.0esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2017-25, also known as:
CVE-2017-7828, CVE-2017-7830, CVE-2017-7826.
.
* debian/source/lintian-overrides: Add a lintian override for dotzlib.chm.
* debian/import-tar.py: Make python 3.6 happy.
firefox-esr (52.5.0esr-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2017-25, also known as:
CVE-2017-7828, CVE-2017-7830, CVE-2017-7826.
.
* debian/import-tar.py: Make python 3.6 happy.
flatpak (0.8.9-0+deb9u1) stretch; urgency=medium
.
* New upstream release backporting the following fixes from 0.10.x:
- common/flatpak-run.c: Ignore unrecognised permission strings
instead of failing, for forwards compatibility
- dbus-proxy/flatpak-proxy.c: Fix a D-Bus filtering bypass in
flatpak-dbus-proxy (Closes: #888842)
- profile/flatpak.sh.in: Simplify and improve profile.d snippet
(already done in Debian since 0.8.4-1, no practical effect)
* Drop our patch to profile/flatpak.sh.in, no longer necessary
* debian/control: Update Vcs-* metadata for salsa.d.o migration
flatpak (0.8.9-0+deb9u1~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
- debian/gbp.conf: adjust for this branch
- debian/control: (build-)depend on libgtk-3-bin, not
gtk-update-icon-cache
- d/p/debian/Try-gtk-3.0-version-of-the-icon-cache-utility-first.patch:
try to use gtk-update-icon-cache-3.0 before gtk-update-icon-cache
- d/p/backport/*.patch, d/control: Relax GLib dependency to 2.42
.
flatpak (0.8.9-0+deb9u1) stretch; urgency=medium
.
* New upstream release backporting the following fixes from 0.10.x:
- common/flatpak-run.c: Ignore unrecognised permission strings
instead of failing, for forwards compatibility
- dbus-proxy/flatpak-proxy.c: Fix a D-Bus filtering bypass in
flatpak-dbus-proxy (Closes: #888842)
- profile/flatpak.sh.in: Simplify and improve profile.d snippet
(already done in Debian since 0.8.4-1, no practical effect)
* Drop our patch to profile/flatpak.sh.in, no longer necessary
* debian/control: Update Vcs-* metadata for salsa.d.o migration
.
flatpak (0.8.8-0+deb9u1~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
- debian/gbp.conf: adjust for this branch
- debian/control: (build-)depend on libgtk-3-bin, not
gtk-update-icon-cache
- d/p/debian/Try-gtk-3.0-version-of-the-icon-cache-utility-first.patch:
try to use gtk-update-icon-cache-3.0 before gtk-update-icon-cache
- d/p/backport/*.patch, d/control: Relax GLib dependency to 2.42
.
flatpak (0.8.8-0+deb9u1) stretch; urgency=medium
.
* d/watch: Watch for new 0.8.x versions
* New upstream release from 0.8.x branch, backporting the following
fixes from 0.10.x:
- Add compatibility with ostree ≥ 2017.7 (in Debian, the same
changes were already in 0.8.7-2)
- Security: Do not allow legacy eavesdropping on the D-Bus
session bus (Closes: #880451)
- Ensure that LD_LIBRARY_PATH is in the correct order, respecting
extensions' priorities
- Ensure that extensions are mounted in the correct order even if
they have differing priorities, fixing Steam
- Remove PYTHONPATH, PERLLIB, PERL5LIB, XCURSOR_PATH from the
environment given to sandboxed apps
- Give each app a persistent cache directory for fontconfig
- Make /usr/share/icons available in the sandbox so that sandboxed
apps can use the host's icon theme
- Disable debug-level FUSE logging for the document portal
- Make the * wildcard at the end of a D-Bus filtering rule match
zero or more components, so --talk="com.example.Foo.*" behaves
the same as D-Bus' arg0namespace="com.example.Foo". Previously,
it would only match exactly one component. This matches a proposed
design for integrating equivalent filtering into future dbus
versions.
* d/p/0.8.8/: Drop patches that added compatibility with
ostree ≥ 2017.7, no longer necessary
flatpak (0.8.8-0+deb9u1) stretch; urgency=medium
.
* d/watch: Watch for new 0.8.x versions
* New upstream release from 0.8.x branch, backporting the following
fixes from 0.10.x:
- Add compatibility with ostree ≥ 2017.7 (in Debian, the same
changes were already in 0.8.7-2)
- Security: Do not allow legacy eavesdropping on the D-Bus
session bus (Closes: #880451)
- Ensure that LD_LIBRARY_PATH is in the correct order, respecting
extensions' priorities
- Ensure that extensions are mounted in the correct order even if
they have differing priorities, fixing Steam
- Remove PYTHONPATH, PERLLIB, PERL5LIB, XCURSOR_PATH from the
environment given to sandboxed apps
- Give each app a persistent cache directory for fontconfig
- Make /usr/share/icons available in the sandbox so that sandboxed
apps can use the host's icon theme
- Disable debug-level FUSE logging for the document portal
- Make the * wildcard at the end of a D-Bus filtering rule match
zero or more components, so --talk="com.example.Foo.*" behaves
the same as D-Bus' arg0namespace="com.example.Foo". Previously,
it would only match exactly one component. This matches a proposed
design for integrating equivalent filtering into future dbus
versions.
* d/p/0.8.8/: Drop patches that added compatibility with
ostree ≥ 2017.7, no longer necessary
flatpak (0.8.8-0+deb9u1~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
- debian/gbp.conf: adjust for this branch
- debian/control: (build-)depend on libgtk-3-bin, not
gtk-update-icon-cache
- d/p/debian/Try-gtk-3.0-version-of-the-icon-cache-utility-first.patch:
try to use gtk-update-icon-cache-3.0 before gtk-update-icon-cache
- d/p/backport/*.patch, d/control: Relax GLib dependency to 2.42
.
flatpak (0.8.8-0+deb9u1) stretch; urgency=medium
.
* d/watch: Watch for new 0.8.x versions
* New upstream release from 0.8.x branch, backporting the following
fixes from 0.10.x:
- Add compatibility with ostree ≥ 2017.7 (in Debian, the same
changes were already in 0.8.7-2)
- Security: Do not allow legacy eavesdropping on the D-Bus
session bus (Closes: #880451)
- Ensure that LD_LIBRARY_PATH is in the correct order, respecting
extensions' priorities
- Ensure that extensions are mounted in the correct order even if
they have differing priorities, fixing Steam
- Remove PYTHONPATH, PERLLIB, PERL5LIB, XCURSOR_PATH from the
environment given to sandboxed apps
- Give each app a persistent cache directory for fontconfig
- Make /usr/share/icons available in the sandbox so that sandboxed
apps can use the host's icon theme
- Disable debug-level FUSE logging for the document portal
- Make the * wildcard at the end of a D-Bus filtering rule match
zero or more components, so --talk="com.example.Foo.*" behaves
the same as D-Bus' arg0namespace="com.example.Foo". Previously,
it would only match exactly one component. This matches a proposed
design for integrating equivalent filtering into future dbus
versions.
* d/p/0.8.8/: Drop patches that added compatibility with
ostree ≥ 2017.7, no longer necessary
flatpak (0.8.7-5) unstable; urgency=medium
.
* d/p/tests-Isolate-tests-from-real-home-directory-more-thoroug.patch:
Mark as upstreamed for 0.9.8, and move to d/p/0.9.8/ directory
* d/p/Improve-test-diagnostics.patch: Add patch to improve test
diagnostics (see #870312)
* Standards-Version: 4.0.1 (no changes required)
* d/p/testlibrary-Skip-tests-that-need-extended-attributes-if-n.patch:
Add patch to skip tests that need extended attributes if /var/tmp
does not support them (Closes: #870312)
flatpak (0.8.7-4) unstable; urgency=medium
.
* d/rules, d/autogen.sh: Run gtkdocize as well as autoreconf
(similar to upstream's autogen.sh but much simpler), replacing
gtk-doc.make at build time with the one in Debian's gtk-doc-tools
flatpak (0.8.7-3) unstable; urgency=medium
.
* d/patches/: Add patch backported from 0.9.4, and new patch sent
upstream to PR #894, to avoid using the real home directory in tests
* d/control: Add libglib2.0-doc, libostree-doc to Build-Depends-Indep
so that libflatpak-doc can cross-reference those documentation
packages
* debian/test.sh: Do not ignore build-time tests' exit status
* d/rules: Do not run build-time tests with DEB_BUILD_OPTIONS=nocheck
* d/control: Do not build-depend on gnome-desktop-testing. It is only
used for the installed-tests.
* d/control: Annotate test-only build-dependencies with <!nocheck>
* Standards-Version: 4.0.0
- Use https URL for format of debian/copyright
flatpak (0.8.7-2) unstable; urgency=medium
.
* Move upstreamed patch to debian/patches/0.9.1/ to make it obvious
when it can be dropped
* d/p/0.8.8/: add patches backported from upstream 0.9.4, 0.9.6,
together with a new patch to the tests, to restore compatibility
with libostree 2017.7 (all applied upstream already)
freexl (1.0.2-2+deb9u2) stretch-security; urgency=high
.
* Add upstream patch to fix various heap-buffer-overflows.
- heap-buffer-overflow in freexl::destroy_cell of FreeXL 1.0.4
https://bugzilla.redhat.com/show_bug.cgi?id=1547879
- heap-buffer-overflow in freexl.c:1805 parse_SST parse_SST
https://bugzilla.redhat.com/show_bug.cgi?id=1547883
- heap-buffer-overflow in freexl.c:1866 parse_SST of FreeXL 1.0.4
https://bugzilla.redhat.com/show_bug.cgi?id=1547885
- heap-buffer-overflow in freexl.c:383 parse_unicode_string of FreeXL
1.0.4
https://bugzilla.redhat.com/show_bug.cgi?id=1547889
- heap-buffer-overflow in freexl.c:3912 read_mini_biff_next_record of
FreeXL 1.0.4
https://bugzilla.redhat.com/show_bug.cgi?id=1547892
fuse-zip (0.4.0-2+deb9u1) stretch; urgency=medium
.
* Backport upstream commit 9b9c2f47cfe9 to fix writeback fail with libzip 1.0
gcab (0.7-2+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Do not crash when ncbytes is larger than the buffer size (CVE-2018-5345)
(Closes: #887776)
gcc-6 (6.3.0-18+deb9u1) stretch-security; urgency=medium
.
* Backport of retpoline support by HJ Lu
gdk-pixbuf (2.36.5-2+deb9u2) stretch-security; urgency=medium
.
* Fix CVE-2017-1000422 (and while we're add it also add patches for three
minor crash bugs (CVE-2017-6312, CVE-2017-6313.patch, CVE-2017-6314))
gifsicle (1.88-3+deb9u1) stretch-security; urgency=high
.
[ Herbert Parentes Fortes Neto ]
* Closes: CVE-2017-1000421
gifsicle (1.88-3+deb9u1~bpo8+1) jessie-backports; urgency=high
.
* Rebuild for jessie-backports.
- no changes
gimp (2.8.18-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Out of bounds read / heap overflow in TGA importer (CVE-2017-17786)
(Closes: #884862)
* plug-ins: TGA 16-bit RGB (without alpha bit) is also valid
* Heap buffer overflow in PSP importer (CVE-2017-17789) (Closes: #884837)
* heap overread in gbr parser / load_image (CVE-2017-17784)
(Closes: #884925)
* heap overread in psp importer (CVE-2017-17787) (Closes: #884927)
* Heap overflow while parsing FLI files (CVE-2017-17785) (Closes: #884836)
* buffer overread in XCF parser if version field has no null terminator
(CVE-2017-17788) (Closes: #885347)
glade (3.20.0-2+deb9u1) stretch; urgency=medium
.
* Team upload.
.
[ Sébastien Villemot ]
* fix-use-of-gtk-style-context-in-GladeDesignLayout.patch: new patch.
Fixes high CPU usage. (Closes: #859324)
.
[ Jeremy Bicha ]
* Update Vcs fields and add debian/gbp.conf
glibc (2.24-11+deb9u3) stretch; urgency=medium
.
[ Aurelien Jarno ]
* debian/rules.d/debhelper.mk: install the libc-otherbuild postinst and
postrm in the libc6-i686 transitional package, to make sure
/etc/ld.so.nohwcap is correctly removed after an upgrade. Closes:
#883394.
glibc (2.24-11+deb9u2) stretch; urgency=medium
.
[ Aurelien Jarno ]
* debian/control.in/x32: Add a gcc-multilib Recommends for libc6-dev-x32.
* debian/patches/git-updates.diff: update from upstream stable branch:
- debian/patches/any/submitted-perl-inc.diff: drop, merged upstream.
- debian/patches/any/cvs-remove-pid-tid-cache-clone.diff: drop, merged
upstream.
- debian/patches/any/local-CVE-2017-1000366-rtld-LD_LIBRARY_PATH.diff:
drop, merged upstream.
- debian/patches/any/local-CVE-2017-1000366-rtld-LD_PRELOAD.diff: drop,
merged upstream.
- debian/patches/any/local-CVE-2017-1000366-rtld-LD_AUDIT.diff: drop,
merged upstream.
- debian/patches/any/cvs-vectorized-strcspn-guards.diff: drop, merged
upstream.
- debian/patches/any/cvs-hwcap-AT_SECURE.diff: drop, merged upstream.
- Avoid use-after-free read access in clntudp_call (CVE-2017-12133).
Closes: #870648.
- Fix compatibility with Intel C++ __regcall calling convention. Closes:
#881850.
- Fix a buffer overrun in rpcgen.
- Fix strlen on null pointer in nss_nisplus.
- Fix invalid cast in group merging affecting ppc64 and s390x.
- Define collation for Malayalam chillu characters.
- Correct collation of U+0D36 and U+0D37 Malayalam characters.
* debian/script.in/nohwcap.sh: always check for all optimized packages
as multiarch allows one to install foreign architectures. Closes:
#882272.
.
[ Santiago Vila ]
* debian/debhelper.in/libc-bin.postinst: do not update /etc/nsswitch.conf
when its content already matches the default. Closes: #865144.
global (6.5.6-2+deb9u1) stretch; urgency=medium
.
* Backport fix for CVE-2017-17531 from 6.6.1 (Closes: #884912)
gnumail (1.2.2-1.1+deb9u1) stretch; urgency=medium
.
* debian/patches/link-libs.patch: Update to eradicate unnecessary
linking with OpenSSL (Closes: #886305).
golang-github-go-ldap-ldap (2.4.1-1+deb9u1) stretch; urgency=medium
.
* Team upload.
* Require explicit intention for empty password.
This is normally used for unauthenticated bind, and
https://tools.ietf.org/html/rfc4513#section-5.1.2 recommends:
"Clients SHOULD disallow an empty password input to a Name/Password
Authentication user interface"
This is (mostly) a cherry-pick of 95ede12 from upstream, except
the bit in ldap_test.go, which is unrelated to the security issue.
This fixes CVE-2017-14623. (Closes: #876404)
gosa-plugin-pwreset (0.99.4-1+deb9u1) stretch; urgency=medium
.
* debian/patches:
+ Add 0001_fix-deprecated-constructor-call.patch. (Closes: #886848).
grilo-plugins (0.3.3-1+deb9u1) stretch; urgency=medium
.
* debian/patches/radiofrance.patch:
- Fix Radio France source after website changes (Closes: #887469).
hdf5 (1.10.0-patch1+docs-3+deb9u1) stretch; urgency=medium
.
* debian/rules: fix javahelper invocation (closes: #871506)
heimdal (7.1.0+dfsg-13+deb9u2) stretch-security; urgency=high
.
* CVE-2017-17439: Remote unauthenticated DoS in Heimdal-KDC 7.1
(Closes: #878144)
inputlirc (23-2+deb9u1) stretch; urgency=medium
.
* Include input-event-codes.h instead of input.h. Closes: #879458
Thanks to Ingo Schneider for reporting the bug and providing the fix.
jackson-databind (2.8.6-1+deb9u3) stretch-security; urgency=high
.
* Team upload.
* Fix CVE-2017-17485 and CVE-2018-5968:
Bybass of deserialization blackist to disallow unauthenticated remote code
execution. These CVE exist due to an incomplete fix for CVE-2017-7525.
(Closes: #888316, #888318)
java-atk-wrapper (0.33.3-13+deb9u1) stretch; urgency=medium
.
* debian/patches/iter: Fix iterator initialization.
* debian/patches/child_add: Fix missing reference for children
(Closes: #837081).
kildclient (3.1.0-1+deb9u1) stretch; urgency=low
.
* Fix for CVE-2017-17511. New dependency 'desktop-file-utils' required
in order to use GTK+ function for opening URLs. Closes: #885007
libdate-holidays-de-perl (1.9-1+deb9u1) stretch; urgency=low
.
* Mark Reformation Day as a holiday in Hamburg and
Schleswig-Holstein from 2018 on
libdatetime-timezone-perl (1:2.09-1+2018b) stretch; urgency=medium
.
* Update to Olson database version 2018b.
This update contains contemporary changes for São Tomé and PrÃncipe,
Brazil, and Ireland.
libhibernate-validator-java (4.3.3-1+deb9u1) stretch; urgency=medium
.
* Team upload.
* Fix CVE-2017-7536: potential privilege escalation by circumventing security
manager permissions. (Closes: #885577)
libperlx-assert-perl (0.904-1+deb9u1) stretch; urgency=medium
.
[ Andreas Beckmann ]
* Non-maintainer upload.
* Backport fix from 0.905-1 to stretch.
.
[ gregor herrmann ]
* Add libkeyword-simple-perl, libdevel-declare-perl to Depends.
(Closes: #868075)
libreoffice (1:5.2.7-1+deb9u3) stretch; urgency=medium
.
* debian/patches/WEBSERVICE-DDE.diff:
- improve to not throw more errors than neccessary (use the right error
code) on WEBSERVICE() failures, thanks Jan-Marek Glogowski; do another
s/FormulaError::NoValue/formula::errNoValue/ for clarity
- backport 4a412bdf0387cc2cb59d656d0738a63a286ec497 from 5.4 branch
to let FunctionAccess execute WEBSERVICE
.
* debian/rules:
- do not run the tests except on i386 (notfatal) and amd64
- move dk.mk from -dev-common to -dev as it's not arch-indep, thanks
Rico Tzschichholz
libreoffice (1:5.2.7-1+deb9u2) stretch-security; urgency=high
.
* fix control
libreoffice (1:5.2.7-1+deb9u2~bpo8+1) jessie-backports; urgency=high
.
* Rebuild for jessie-backports.
.
* tarballs/*, debian/source/include-binaries: add tarballs for used
internal versions
.
libreoffice (1:5.2.7-1+deb9u2) stretch-security; urgency=high
.
* fix control
.
libreoffice (1:5.2.7-1+deb9u1) stretch-security; urgency=high
.
* debian/patches/WEBSERVICE-DDE.diff: backport fix for "Remote arbitrary
file disclosure vulnerability via WEBSERVICE formula" (CVE-2018-1055) from
5.4
* debian/patches/layout-footnote-use-after-free.diff: add; as name says.
possible patch for iDefense V-mct3ei5wml
.
* debian/rules:
- make i386 make check notfatal for now given the i386 Java Stack Clash
regression
libreoffice (1:5.2.7-1+deb9u1) stretch-security; urgency=high
.
* debian/patches/WEBSERVICE-DDE.diff: backport fix for "Remote arbitrary
file disclosure vulnerability via WEBSERVICE formula" (CVE-2018-1055) from
5.4
* debian/patches/layout-footnote-use-after-free.diff: add; as name says.
possible patch for iDefense V-mct3ei5wml
.
* debian/rules:
- make i386 make check notfatal for now given the i386 Java Stack Clash
regression
libtasn1-6 (4.10-1.1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* _asn1_check_identifier: safer access to values read (CVE-2017-10790)
(Closes: #867398)
* _asn1_decode_simple_ber: restrict the levels of recursion to 3
(CVE-2018-6003)
libvhdi (20160424-1+deb9u1) stretch; urgency=medium
.
* Add mising Python3 dependency, thanks to Adrian Bunk, Scott Kitterman
(Closes: #867409, #867610)
libvirt (3.0.0-4+deb9u2) stretch; urgency=medium
.
* CVE-2018-5748: qemu: avoid denial of service reading from QEMU monitor
(Closes: #887700)
* qemu: shared disks with cache=directsync should be safe for migration.
Thanks to Carsten Burkhardt (Closes: #883208)
libvpx (1.6.1-3+deb9u1) stretch-security; urgency=high
.
* Fix OOB caused by odd frame width (CVE-2017-13194)
libxcursor (1:1.1.14-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix heap overflows when parsing malicious files (CVE-2017-16612)
(Closes: #883792)
libxcursor (1:1.1.14-1+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix heap overflows when parsing malicious files (CVE-2017-16612)
(Closes: #883792)
libxml2 (2.9.4+dfsg1-2.2+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix XPath stack frame logic (CVE-2017-15412) (Closes: #883790)
linux (4.9.82-1+deb9u3) stretch-security; urgency=medium
.
* [powerpc] Backport more RFI flush related patches from 4.9.84. Closes:
#891249.
* [powerpc] Ignore ABI change in paca.
linux (4.9.82-1+deb9u2) stretch-security; urgency=high
.
* [x86] linux-headers: use correct version in linux-compiler-gcc-6-x86
dependency.
linux (4.9.80-2) stretch; urgency=medium
.
* scsi: ignore ABI change in hisi_sas.
linux (4.9.80-1) stretch; urgency=medium
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.66
- [s390x] fix transactional execution control register handling
- [s390x] runtime instrumention: fix possible memory corruption
- [s390x] disassembler: add missing end marker for e7 table
- [s390x] disassembler: increase show_code buffer size
- ACPI / EC: Fix regression related to triggering source of EC event
handling
- [x86] mm: fix use-after-free of vma during userfaultfd fault
- ipv6: only call ip6_route_dev_notify() once for NETDEV_UNREGISTER
- vsock: use new wait API for vsock_stream_sendmsg()
- sched: Make resched_cpu() unconditional
- lib/mpi: call cond_resched() from mpi_powm() loop
- [x86] decoder: Add new TEST instruction pattern
- [arm64] Implement arch-specific pte_access_permitted()
- [armhf/armmp-lpae] 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE
- [armhf/armmp-lpae] 8721/1: mm: dump: check hardware RO bit for LPAE
- [arm64] PCI: Set Cavium ACS capability quirk flags to assert RR/CR/SV/UF
- dm bufio: fix integer overflow when limiting maximum cache size
- dm: allocate struct mapped_device with kvzalloc
- [mips*] pci: Remove KERN_WARN instance inside the mt7620 driver
- dm: fix race between dm_get_from_kobject() and __dm_destroy()
- [mips*] Fix odd fp register warnings with MIPS64r2
- [mips*] Fix an n32 core file generation regset support regression
- rt2x00usb: mark device removed when get ENOENT usb error
- autofs: don't fail mount for transient error
- nilfs2: fix race condition that causes file system corruption
- eCryptfs: use after free in ecryptfs_release_messaging()
- libceph: don't WARN() if user tries to add invalid key
- bcache: check ca->alloc_thread initialized before wake up it
- isofs: fix timestamps beyond 2027
- NFS: Fix typo in nomigration mount option
- nfs: Fix ugly referral attributes
- NFS: Avoid RCU usage in tracepoints
- nfsd: deal with revoked delegations appropriately
- rtlwifi: rtl8192ee: Fix memory leak when loading firmware
- rtlwifi: fix uninitialized rtlhal->last_suspend_sec time
- ata: fixes kernel crash while tracing ata_eh_link_autopsy event
- ext4: fix interaction between i_size, fallocate, and delalloc after a
crash
- ALSA: pcm: update tstamp only if audio_tstamp changed
- ALSA: usb-audio: Add sanity checks to FE parser
- ALSA: usb-audio: Fix potential out-of-bound access at parsing SU
- ALSA: usb-audio: Add sanity checks in v2 clock parsers
- ALSA: timer: Remove kernel warning at compat ioctl error paths
- ALSA: hda: Fix too short HDMI/DP chmap reporting
- ALSA: hda/realtek - Fix ALC700 family no sound issue
- fix a page leak in vhost_scsi_iov_to_sgl() error recovery
- fs/9p: Compare qid.path in v9fs_test_inode
- iscsi-target: Fix non-immediate TMR reference leak
- target: Fix QUEUE_FULL + SCSI task attribute handling
- [armhf] mtd: nand: omap2: Fix subpage write
- mtd: nand: Fix writing mtdoops to nand flash.
- mtd: nand: mtk: fix infinite ECC decode IRQ issue
- p54: don't unregister leds when they are not initialized
- block: Fix a race between blk_cleanup_queue() and timeout handling
- [armhf,arm64] irqchip/gic-v3: Fix ppi-partitions lookup
- lockd: double unregister of inetaddr notifiers
- [x86] KVM: nVMX: set IDTR and GDTR limits when loading L1 host state
- [x86] KVM: SVM: obey guest PAT
- SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status
- [armhf] clk: ti: dra7-atl-clock: fix child-node lookups
- libnvdimm, pfn: make 'resource' attribute only readable by root
- libnvdimm, namespace: fix label initialization to use valid seq numbers
- libnvdimm, namespace: make 'resource' attribute only readable by root
- IB/srpt: Do not accept invalid initiator port names
- IB/srp: Avoid that a cable pull can trigger a kernel crash
- NFC: fix device-allocation error return
- fm10k,i40e,i40evf,igb,igbvf,ixgbe,ixgbevf: Use smp_rmb rather than
read_barrier_depends
- [powerpc*] signal: Properly handle return value from uprobe_deny_signal()
- media: Don't do DMA on stack for firmware upload in the AS102 driver
- media: rc: check for integer overflow
- media: v4l2-ctrl: Fix flags field on Control events
- sched/rt: Simplify the IPI based RT balancing logic
- fscrypt: lock mutex before checking for bounce page pool
- net/9p: Switch to wait_event_killable()
- PM / OPP: Add missing of_node_put(np)
- [x86] Revert "drm/i915: Do not rely on wm preservation for ILK watermarks" closes: #884001
- e1000e: Fix error path in link detection
- e1000e: Fix return value test
- e1000e: Separate signaling for link check/link up
- e1000e: Avoid receiver overrun interrupt bursts
- RDS: make message size limit compliant with spec
- RDS: RDMA: return appropriate error on rdma map failures
- RDS: RDMA: fix the ib_map_mr_sg_zbva() argument
- PCI: Apply _HPX settings only to relevant devices
- [armhf] clk: sunxi-ng: A31: Fix spdif clock register
- [armhf] clk: sunxi-ng: fix PLL_CPUX adjusting on A33
- fscrypt: use ENOKEY when file cannot be created w/o key
- fscrypt: use ENOTDIR when setting encryption policy on nondirectory
- net: Allow IP_MULTICAST_IF to set index to L3 slave
- net: 3com: typhoon: typhoon_init_one: fix incorrect return values
- rt2800: set minimum MPDU and PSDU lengths to sane values
- adm80211: return an error if adm8211_alloc_rings() fails
- mwifiex: sdio: fix use after free issue for save_adapter
- ath10k: fix incorrect txpower set by P2P_DEVICE interface
- ath10k: ignore configuring the incorrect board_id
- ath10k: fix potential memory leak in ath10k_wmi_tlv_op_pull_fw_stats()
- bnxt_en: Set default completion ring for async events.
- ath10k: set CTS protection VDEV param only if VDEV is up
- ALSA: hda - Apply ALC269_FIXUP_NO_SHUTUP on HDA_FIXUP_ACT_PROBE
- drm: Apply range restriction after color adjustment when allocation
- [arm64] clk: qcom: ipq4019: Add all the frequencies for apss cpu
- mac80211: Remove invalid flag operations in mesh TSF synchronization
- mac80211: Suppress NEW_PEER_CANDIDATE event if no room
- adm80211: add checks for dma mapping errors
- iio: light: fix improper return value
- netfilter: nft_queue: use raw_smp_processor_id()
- netfilter: nf_tables: fix oob access
- [armel,armhf] crypto: marvell - Copy IVDIG before launching partial DMA
ahash requests
- btrfs: return the actual error value from from btrfs_uuid_tree_iterate
- [s390x] kbuild: enable modversions for symbols exported from asm
- cec: when canceling a message, don't overwrite old status info
- cec: CEC_MSG_GIVE_FEATURES should abort for CEC version < 2
- cec: update log_addr[] before finishing configuration
- nvmet: fix KATO offset in Set Features
- xen: xenbus driver must not accept invalid transaction ids
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.67
- [armhf] dts: LogicPD Torpedo: Fix camera pin mux
- [armhf] dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio
- mm/cma: fix alloc_contig_range ret code/potential leak
- mm, hugetlbfs: introduce ->split() to vm_operations_struct
- mm/madvise.c: fix madvise() infinite loop under special circumstances
- btrfs: clear space cache inode generation always
- nfsd: Fix stateid races between OPEN and CLOSE
- nfsd: Fix another OPEN stateid race
- nfsd: fix panic in posix_unblock_lock called from nfs4_laundromat
- [armhf] mfd: twl4030-power: Fix pmic for boards that need vmmc1 on reboot
- [armhf] OMAP2+: Fix WL1283 Bluetooth Baud Rate
- [x86] KVM: pvclock: Handle first-time write to pvclock-page contains
random junk
- [x86] KVM: Exit to user-mode on #UD intercept when emulator requires
- [x86] KVM: inject exceptions produced by x86_decode_insn
- [x86] KVM: lapic: Split out x2apic ldr calculation
- [x86] KVM: lapic: Fixup LDR on load in x2apic
- mmc: core: Do not leave the block driver in a suspended state
- mmc: core: prepend 0x to OCR entry in sysfs
- eeprom: at24: fix reading from 24MAC402/24MAC602
- eeprom: at24: correctly set the size for at24mac402
- eeprom: at24: check at24_read/write arguments
- [x86,alpha] i2c: i801: Fix Failed to allocate irq -2147483648 error
- hwmon: (jc42) optionally try to disable the SMBUS timeout
- nvme-pci: add quirk for delay before CHK RDY for WDC SN200
- Revert "drm/radeon: dont switch vt on suspend"
- drm/amdgpu: potential uninitialized variable in amdgpu_vce_ring_parse_cs()
- drm/amdgpu: Potential uninitialized variable in
amdgpu_vm_update_directories()
- drm/radeon: fix atombios on big endian
- [armhf,arm64] drm/panel: simple: Add missing panel_simple_unprepare()
calls
- [arm64] drm/hisilicon: Ensure LDI regs are properly configured.
- drm/ttm: once more fix ttm_buffer_object_transfer
- drm/amd/pp: fix typecast error in powerplay.
- NFS: revalidate "." etc correctly on "open".
- [x86] drm/i915: Don't try indexed reads to alternate slave addresses
- [x86] drm/i915: Prevent zero length "index" write
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.68
- bcache: only permit to recovery read error when cache device is clean
- bcache: recover data from backing when data is clean
- Revert "crypto: caam - get rid of tasklet"
- mm, oom_reaper: gather each vma to prevent leaking TLB entry
- uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices
- usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub
- [s390x] runtime instrumentation: simplify task exit handling
- ima: fix hash algorithm initialization
- [s390x] pci: do not require AIS facility
- serial: 8250_fintek: Fix rs485 disablement on invalid ioctl()
- staging: rtl8188eu: avoid a null dereference on pmlmepriv
- [arm64] mmc: sdhci-msm: fix issue with power irq
- serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X
- [x86] entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt()
- [x86] EDAC, sb_edac: Fix missing break in switch
- [armel,armhf] sysrq : fix Show Regs call trace on ARM
- usbip: tools: Install all headers needed for libusbip development
- [x86] kprobes: Disable preemption in ftrace-based jprobes
- iio: adc: ti-ads1015: add 10% to conversion wait time
- dax: Avoid page invalidation races and unnecessary radix tree traversals
- net/mlx4_en: Fix type mismatch for 32-bit systems
- l2tp: take remote address into account in l2tp_ip and l2tp_ip6 socket
lookups
- usb: gadget: f_fs: Fix ExtCompat descriptor validation
- libcxgb: fix error check for ip6_route_output()
- [armhf] OMAP2+: Fix WL1283 Bluetooth Baud Rate
- vti6: fix device register to report IFLA_INFO_KIND
- be2net: fix accesses to unicast list
- be2net: fix unicast list filling
- net/appletalk: Fix kernel memory disclosure
- libfs: Modify mount_pseudo_xattr to be clear it is not a userspace mount
- mm: fix remote numa hits statistics
- mac80211: calculate min channel width correctly
- nfs: Don't take a reference on fl->fl_file for LOCK operation
- [armhf,arm64] KVM: Fix occasional warning from the timer work function
- mac80211: prevent skb/txq mismatch
- NFSv4: Fix client recovery when server reboots multiple times
- [x86] perf/intel: Account interrupts for PEBS errors
- [powerpc*] mm: Fix memory hotplug BUG() on radix
- qla2xxx: Fix wrong IOCB type assumption
- drm/amdgpu: fix bug set incorrect value to vce register
- net: sctp: fix array overrun read on sctp_timer_tbl
- [x86] fpu: Set the xcomp_bv when we fake up a XSAVES area
- drm/amdgpu: fix unload driver issue for virtual display
- mac80211: don't try to sleep in rate_control_rate_init()
- RDMA/qedr: Return success when not changing QP state
- RDMA/qedr: Fix RDMA CM loopback
- tipc: fix nametbl_lock soft lockup at module exit
- tipc: fix cleanup at module unload
- [armhf] dmaengine: pl330: fix double lock
- tcp: correct memory barrier usage in tcp_check_space()
- nvmet: cancel fatal error and flush async work before free controller
- gtp: clear DF bit on GTP packet tx
- gtp: fix cross netns recv on gtp socket
- net: phy: micrel: KSZ8795 do not set SUPPORTED_[Asym_]Pause
- [arm64] net: thunderx: avoid dereferencing xcv when NULL
- be2net: fix initial MAC setting
- [powerpc*] vfio/spapr: Fix missing mutex unlock when creating a window
- mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers
- xen-netfront: Improve error handling during initialization
- cec: initiator should be the same as the destination for, poll
- xen-netback: vif counters from int/long to u64
- net: fec: fix multicast filtering hardware setup
- dma-buf/dma-fence: Extract __dma_fence_is_later()
- dma-buf/sw-sync: Fix the is-signaled test to handle u32 wraparound
- dma-buf/sw-sync: Prevent user overflow on timeline advance
- dma-buf/sw-sync: sync_pt is private and of fixed size
- dma-buf/sw-sync: Fix locking around sync_timeline lists
- dma-buf/sw-sync: Use an rbtree to sort fences in the timeline
- dma-buf/sw_sync: move timeline_fence_ops around
- dma-buf/sw_sync: clean up list before signaling the fence
- dma-fence: Clear fence->status during dma_fence_init()
- dma-fence: Wrap querying the fence->status
- dma-fence: Introduce drm_fence_set_error() helper
- dma-buf/sw_sync: force signal all unsignaled fences on dying timeline
- dma-buf/sync_file: hold reference to fence when creating sync_file
- usb: hub: Cycle HUB power when initialization fails
- usb: xhci: fix panic in xhci_free_virt_devices_depth_first
- USB: core: Add type-specific length check of BOS descriptors
- USB: Increase usbfs transfer limit
- USB: devio: Prevent integer overflow in proc_do_submiturb()
- USB: usbfs: Filter flags passed in from user space
- usb: host: fix incorrect updating of offset
- xen-netfront: avoid crashing on resume after a failure in
talk_to_netback()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.69
- can: kvaser_usb: free buf in error paths
- can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback()
- can: kvaser_usb: ratelimit errors if incomplete messages are received
- can: kvaser_usb: cancel urb on -EPIPE and -EPROTO
- can: ems_usb: cancel urb on -EPIPE and -EPROTO
- can: esd_usb2: cancel urb on -EPIPE and -EPROTO
- can: usb_8dev: cancel urb on -EPIPE and -EPROTO
- virtio: release virtio index when fail to device_register
- [x86] hv: kvp: Avoid reading past allocated blocks from KVP file
- isa: Prevent NULL dereference in isa_bus driver callbacks
- scsi: dma-mapping: always provide dma_get_cache_alignment
- scsi: use dma_get_cache_alignment() as minimum DMA alignment
- scsi: libsas: align sata_device's rps_resp on a cacheline
- efi: Move some sysfs files to be read-only by root
- efi/esrt: Use memunmap() instead of kfree() to free the remapping
- ASN.1: fix out-of-bounds read when parsing indefinite length item
- ASN.1: check for error from ASN1_OP_END__ACT actions
- X.509: reject invalid BIT STRING for subjectPublicKey
- X.509: fix comparisons of ->pkey_algo
- [x86] PCI: Make broadcom_postcore_init() check acpi_disabled
- [x86] KVM: fix APIC page invalidation
- btrfs: fix missing error return in btrfs_drop_snapshot
- ALSA: pcm: prevent UAF in snd_pcm_info
- ALSA: seq: Remove spurious WARN_ON() at timer check
- ALSA: usb-audio: Fix out-of-bound error
- ALSA: usb-audio: Add check return value for usb_string()
- [x86] iommu/vt-d: Fix scatterlist offset handling
- smp/hotplug: Move step CPUHP_AP_SMPCFD_DYING to the correct place
- [s390x] fix compat system call table
- [s390x] KVM: Fix skey emulation permission check
- [powerpc*] 64s: Initialize ISAv3 MMU registers before setting partition
table
- brcmfmac: change driver unbind order of the sdio function devices
- media: dvb: i2c transfers over usb cannot be done from stack
- [armhf,arm64] KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one
- [armhf,arm64] KVM: Fix broken GICH_ELRSR big endian conversion
- [armhf,arm64] KVM: vgic-irqfd: Fix MSI entry allocation
- [armhf,arm64] KVM: vgic-its: Check result of allocation before use
- [arm64] fpsimd: Prevent registers leaking from dead tasks
- [armhf] bus: arm-cci: Fix use of smp_processor_id() in preemptible context
- usb: f_fs: Force Reserved1=1 in OS_DESC_EXT_COMPAT
- [armel,armhf] BUG if jumping to usermode address in kernel mode
- [armel,armhf] avoid faulting on qemu
- thp: reduce indentation level in change_huge_pmd()
- thp: fix MADV_DONTNEED vs. numa balancing race
- mm: drop unused pmdp_huge_get_and_clear_notify()
- [armel,armhf] 8657/1: uaccess: consistently check object sizes
- vti6: Don't report path MTU below IPV6_MIN_MTU.
- [armhf] OMAP2+: gpmc-onenand: propagate error on initialization failure
- [x86] platform/uv/BAU: Fix HUB errors by remove initial write to sw-ack
register
- sched/fair: Make select_idle_cpu() more aggressive
- [x86] hpet: Prevent might sleep splat on resume
- [powerpc*] 64: Invalidate process table caching after setting process
table
- lirc: fix dead lock between open and wakeup_filter
- module: set __jump_table alignment to 8
- [powerpc*] 64: Fix checksum folding in csum_add()
- [armhf] OMAP2+: Fix device node reference counts
- [armhf] OMAP2+: Release device node after it is no longer needed.
- usb: gadget: configs: plug memory leak
- USB: gadgetfs: Fix a potential memory leak in 'dev_config()'
- [armhf,arm64] usb: dwc3: gadget: Fix system suspend/resume on TI platforms
- usb: gadget: udc: net2280: Fix tmp reusage in net2280 driver
- [x86] kvm: nVMX: VMCLEAR should not cause the vCPU to shut down
- libata: drop WARN from protocol error in ata_sff_qc_issue()
- workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq
- scsi: qla2xxx: Fix ql_dump_buffer
- scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters
- [armhf] irqchip/crossbar: Fix incorrect type of register size
- [x86] KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset
- [armhf,arm64] KVM: Survive unknown traps from guests
- [armhf,arm64] KVM: VGIC: Fix command handling while ITS being disabled
- bnx2x: prevent crash when accessing PTP with interface down
- bnx2x: fix possible overrun of VFPF multicast addresses array
- bnx2x: fix detection of VLAN filtering feature for VF
- bnx2x: do not rollback VF MAC/VLAN filters we did not configure
- rds: tcp: Sequence teardown of listen and acceptor sockets to avoid races
- [powerpc*] ibmvnic: Fix overflowing firmware/hardware TX queue
- [powerpc*] ibmvnic: Allocate number of rx/tx buffers agreed on by firmware
- ipv6: reorder icmpv6_init() and ip6_mr_init()
- blk-mq: initialize mq kobjects in blk_mq_init_allocated_queue()
- zram: set physical queue limits to avoid array out of bounds accesses
- netfilter: don't track fragmented packets
- [powerpc*] axonram: Fix gendisk handling
- drm/amd/amdgpu: fix console deadlock if late init failed
- [powerpc*] powernv/ioda2: Gracefully fail if too many TCE levels requested
- [x86] EDAC, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro
- [x86] EDAC, i5000, i5400: Fix definition of NRECMEMB register
- kbuild: pkg: use --transform option to prefix paths in tar
- coccinelle: fix parallel build with CHECK=scripts/coccicheck
- mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl()
- gre6: use log_ecn_error module parameter in ip6_tnl_rcv()
- route: also update fnhe_genid when updating a route cache
- route: update fnhe_expires for redirect when the fnhe exists
- NFS: Fix a typo in nfs_rename()
- sunrpc: Fix rpc_task_begin trace point
- xfs: fix forgotten rcu read unlock when skipping inode reclaim
- block: wake up all tasks blocked in get_request()
- zsmalloc: calling zs_map_object() from irq is a bug
- sctp: do not free asoc when it is already dead in sctp_sendmsg
- sctp: use the right sk after waking up from wait_buf sleep
- bpf: fix lockdep splat
- atm: horizon: Fix irq release error
- xfrm: Copy policy family in clone_policy
- IB/mlx4: Increase maximal message size under UD QP
- IB/mlx5: Assign send CQ and recv CQ of UMR QP
- afs: Connect up the CB.ProbeUuid
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.70
- [s390x] qeth: fix early exit from error path
- tipc: fix memory leak in tipc_accept_from_sock()
- rds: Fix NULL pointer dereference in __rds_rdma_map
- sit: update frag_off info
- packet: fix crash in fanout_demux_rollover()
- net/packet: fix a race in packet_bind() and packet_notifier()
- usbnet: fix alignment for frames with no ethernet header
- stmmac: reset last TSO segment size after device open
- tcp/dccp: block bh before arming time_wait timer
- [s390x] qeth: build max size GSO skbs on L2 devices
- [s390x] qeth: fix GSO throughput regression
- [s390x] qeth: fix thinko in IPv4 multicast address tracking
- tipc: call tipc_rcv() only if bearer is up in tipc_udp_recv()
- Fix handling of verdicts after NF_QUEUE
- ipmi: Stop timers before cleaning up the module
- [s390x] always save and restore all registers on context switch
- usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping
- fix kcm_clone()
- [armhf,arm64] KVM: vgic-its: Preserve the revious read from the pending
table
- [powerpc*] 64: Fix checksum folding in csum_tcpudp_nofold and
ip_fast_csum_nofold
- kbuild: do not call cc-option before KBUILD_CFLAGS initialization
- ipvlan: fix ipv6 outbound device
- audit: ensure that 'audit=1' actually enables audit for PID 1
- md: free unused memory after bitmap resize
- RDMA/cxgb4: Annotate r2 and stag as __be32
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71
- mfd: fsl-imx25: Clean up irq settings during removal
- crypto: rsa - fix buffer overread when stripping leading zeroes
- autofs: fix careless error in recent commit
- tracing: Allocate mask_str buffer dynamically
- USB: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID
- usbip: fix stub_rx: get_pipe() to validate endpoint number
(CVE-2017-16912)
- usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input
(CVE-2017-16913)
- usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer
(CVE-2017-16914)
- ceph: drop negative child dentries before try pruning inode's alias
- usb: xhci: fix TDS for MTK xHCI1.1
- xhci: Don't add a virt_dev to the devs array before it's fully allocated
- nfs: don't wait on commit in nfs_commit_inode() if there were no commit
requests
- sched/rt: Do not pull from current CPU if only one CPU to pull
- eeprom: at24: change nvmem stride to 1
- dmaengine: dmatest: move callback wait queue to thread context
- ext4: fix fdatasync(2) after fallocate(2) operation
- ext4: fix crash when a directory's i_size is too small
- mac80211: Fix addition of mesh configuration element
- [x86] KVM: nVMX: do not warn when MSR bitmap address is not backed
- md-cluster: free md_cluster_info if node leave cluster
- userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE
- userfaultfd: selftest: vm: allow to build in vm/ directory
- net: initialize msg.msg_flags in recvfrom
- bnxt_en: Ignore 0 value in autoneg supported speed from firmware.
- net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values
- net: bcmgenet: correct MIB access of UniMAC RUNT counters
- net: bcmgenet: reserved phy revisions must be checked first
- net: bcmgenet: power down internal phy if open or resume fails
- net: bcmgenet: synchronize irq0 status between the isr and task
- net: bcmgenet: Power up the internal PHY before probing the MII
- rxrpc: Wake up the transmitter if Rx window size increases on the peer
- net/mlx5: Fix create autogroup prev initializer
- net/mlx5: Don't save PCI state when PCI error is detected
- drm/amdgpu: fix parser init error path to avoid crash in parser fini
- NFSD: fix nfsd_minorversion(.., NFSD_AVAIL)
- NFSD: fix nfsd_reset_versions for NFSv4.
- [armhf] drm/omap: fix dmabuf mmap for dma_alloc'ed buffers
- netfilter: bridge: honor frag_max_size when refragmenting
- blk-mq: Fix tagset reinit in the presence of cpu hot-unplug
- writeback: fix memory leak in wb_queue_work()
- net: wimax/i2400m: fix NULL-deref at probe
- dmaengine: Fix array index out of bounds warning in __get_unmap_pool()
- irqchip/mvebu-odmi: Select GENERIC_MSI_IRQ_DOMAIN
- net: Resend IGMP memberships upon peer notification.
- qed: Align CIDs according to DORQ requirement
- qed: Fix mapping leak on LL2 rx flow
- qed: Fix interrupt flags on Rx LL2
- scsi: hpsa: update check for logical volume status
- scsi: hpsa: limit outstanding rescans
- scsi: hpsa: do not timeout reset operations
- fjes: Fix wrong netdevice feature flags
- drm/radeon/si: add dpm quirk for Oland
- [x86] Drivers: hv: util: move waiting for release to hv_utils_transport
itself
- iwlwifi: mvm: cleanup pending frames in DQA mode
- sched/deadline: Add missing update_rq_clock() in dl_task_timer()
- sched/deadline: Make sure the replenishment timer fires in the next period
- sched/deadline: Throttle a constrained deadline task activated after the
deadline
- sched/deadline: Use deadline instead of period when calculating overflow
- drm/radeon: reinstate oland workaround for sclk
- afs: Fix missing put_page()
- afs: Populate group ID from vnode status
- afs: Adjust mode bits processing
- afs: Deal with an empty callback array
- afs: Flush outstanding writes when an fd is closed
- afs: Migrate vlocation fields to 64-bit
- afs: Prevent callback expiry timer overflow
- afs: Fix the maths in afs_fs_store_data()
- afs: Invalid op ID should abort with RXGEN_OPCODE
- afs: Better abort and net error handling
- afs: Populate and use client modification time
- afs: Fix page leak in afs_write_begin()
- afs: Fix afs_kill_pages()
- afs: Fix abort on signal while waiting for call completion
- nvme-loop: fix a possible use-after-free when destroying the admin queue
- nvmet: confirm sq percpu has scheduled and switched to atomic
- nvmet-rdma: Fix a possible uninitialized variable dereference
- net/mlx4_core: Avoid delays during VF driver device shutdown
- net: mpls: Fix nexthop alive tracking on down events
- rxrpc: Ignore BUSY packets on old calls
- tty: don't panic on OOM in tty_set_ldisc()
- tty: fix data race in tty_ldisc_ref_wait()
- perf symbols: Fix symbols__fixup_end heuristic for corner cases
- efi/esrt: Cleanup bad memory map log messages
- NFSv4.1 respect server's max size in CREATE_SESSION
- btrfs: add missing memset while reading compressed inline extents
- target: Use system workqueue for ALUA transitions
- target: fix ALUA transition timeout handling
- target: fix race during implicit transition work flushes
- [x86] Revert "x86/acpi: Set persistent cpuid <-> nodeid mapping when
booting"
- HID: cp2112: fix broken gpio_direction_input callback
- sfc: don't warn on successful change of MAC
- video: udlfb: Fix read EDID timeout
- rtc: pcf8563: fix output clock rate
- [x86] ASoC: Intel: Skylake: Fix uuid_module memory leak in failure case
- [armhf] dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type
- PCI/PME: Handle invalid data when reading Root Status
- powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo
- PCI: Do not allocate more buses than available in parent
- netfilter: ipvs: Fix inappropriate output of procfs
- [powerpc*] opal: Fix EBUSY bug in acquiring tokens
- [powerpc*] ipic: Fix status get and status clear
- [x86] platform: intel_punit_ipc: Fix resource ioremap warning
- target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd()
- iscsi-target: fix memory leak in lio_target_tiqn_addtpg()
- target:fix condition return in core_pr_dump_initiator_port()
- target/file: Do not return error for UNMAP if length is zero
- badblocks: fix wrong return value in badblocks_set if badblocks are
disabled
- [x86] iommu/amd: Limit the IOVA page range to the specified addresses
- xfs: truncate pagecache before writeback in xfs_setattr_size()
- crypto: tcrypt - fix buffer lengths in test_aead_speed()
- mm: Handle 0 flags in _calc_vm_trans() macro
- [armhf] clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6
SoCs w/o VPU
- [arm64] clk: hi6220: mark clock cs_atb_syspll as critical
- [armhf,arm64] clk: tegra: Fix cclk_lp divisor register
- ppp: Destroy the mutex when cleanup
- thermal/drivers/step_wise: Fix temperature regulation misbehavior
- scsi: scsi_debug: write_same: fix error report
- GFS2: Take inode off order_write list when setting jdata flag
- bcache: explicitly destroy mutex while exiting
- bcache: fix wrong cache_misses statistics
- Ib/hfi1: Return actual operational VLs in port info query
- [x86] platform: hp_accel: Add quirk for HP ProBook 440 G4
- nvme: use kref_get_unless_zero in nvme_find_get_ns
- l2tp: cleanup l2tp_tunnel_delete calls
- xfs: fix log block underflow during recovery cycle verification
- xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real
- RDMA/cxgb4: Declare stag as __be32
- PCI: Detach driver before procfs & sysfs teardown on device remove
- scsi: hpsa: cleanup sas_phy structures in sysfs when unloading
- scsi: hpsa: destroy sas transport properties before scsi_host
- [powerpc*] perf/hv-24x7: Fix incorrect comparison in memord
- tty fix oops when rmmod 8250
- raid5: Set R5_Expanded on parity devices as well as data.
- scsi: scsi_devinfo: Add REPORTLUN2 to EMC SYMMETRIX blacklist entry
- IB/core: Fix calculation of maximum RoCE MTU
- vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend
- rtl8188eu: Fix a possible sleep-in-atomic bug in rtw_createbss_cmd
- rtl8188eu: Fix a possible sleep-in-atomic bug in rtw_disassoc_cmd
- scsi: sd: change manage_start_stop to bool in sysfs interface
- scsi: sd: change allow_restart to bool in sysfs interface
- scsi: bfa: integer overflow in debugfs
- udf: Avoid overflow when session starts at large offset
- macvlan: Only deliver one copy of the frame to the macvlan interface
- RDMA/cma: Avoid triggering undefined behavior
- IB/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop
- icmp: don't fail on fragment reassembly time exceeded
- ath9k: fix tx99 potential info leak
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.72
- cxl: Check if vphb exists before iterating over AFU devices
- [arm64] Initialise high_memory global variable earlier
- kvm: fix usage of uninit spinlock in avic_vm_destroy()
- [armhf] kprobes: Fix the return address of multiple kretprobes
- [armhf] kprobes: Align stack to 8-bytes in test code
- nvme-loop: handle cpu unplug when re-establishing the controller
- cpuidle: Validate cpu_dev in cpuidle_add_sysfs()
- r8152: fix the list rx_done may be used without initialization
- crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex
- vsock: track pkt owner vsock
- vhost-vsock: add pkt cancel capability
- vsock: cancel packets when failing to connect
- sch_dsmark: fix invalid skb_cow() usage
- bna: integer overflow bug in debugfs
- sctp: out_qlen should be updated when pruning unsent queue
- usb: gadget: f_uvc: Sanity check wMaxPacketSize for SuperSpeed
- usb: gadget: udc: remove pointer dereference after free
- netfilter: nfnl_cthelper: fix runtime expectation policy updates
- netfilter: nfnl_cthelper: Fix memory leak
- [armhf] iommu/exynos: Workaround FLPD cache flush issues for SYSMMU v5
- r8152: fix the rx early size of RTL8153
- tipc: fix nametbl deadlock at tipc_nametbl_unsubscribe
- inet: frag: release spinlock before calling icmp_send()
- scsi: lpfc: Fix PT2PT PRLI reject
- [x86] kvm: vmx: Flush TLB when the APIC-access address changes
- [x86] KVM: correct async page present tracepoint
- [x86] KVM: VMX: Fix enable VPID conditions
- [armhf] dts: ti: fix PCI bus dtc warnings
- [x86] hwmon: (asus_atk0110) fix uninitialized data access
- HID: xinmo: fix for out of range for THT 2P arcade controller.
- ASoC: STI: Fix reader substream pointer set
- r8152: prevent the driver from transmitting packets with carrier off
- [s390x] qeth: size calculation outbound buffers
- [s390x] qeth: no ETH header for outbound AF_IUCV
- bna: avoid writing uninitialized data into hw registers
- i40iw: Receive netdev events post INET_NOTIFIER state
- IB/core: Protect against self-requeue of a cq work item
- infiniband: Fix alignment of mmap cookies to support VIPT caching
- nbd: set queue timeout properly
- net: Do not allow negative values for busy_read and busy_poll sysctl
interfaces
- IB/rxe: double free on error
- IB/rxe: increment msn only when completing a request
- i40e: Do not enable NAPI on q_vectors that have no rings
- RDMA/iser: Fix possible mr leak on device removal event
- irda: vlsi_ir: fix check for DMA mapping errors
- netfilter: nfnl_cthelper: fix a race when walk the nf_ct_helper_hash table
- netfilter: nf_nat_snmp: Fix panic when snmp_trap_helper fails to register
- [armhf] dts: am335x-evmsk: adjust mmc2 param to allow suspend
- cpufreq: Fix creation of symbolic links to policy directories
- net: ipconfig: fix ic_close_devs() use-after-free
- [x86] KVM: pci-assign: do not map smm memory slot pages in vt-d page
tables
- virtio-balloon: use actual number of stats for stats queue buffers
- virtio_balloon: prevent uninitialized variable use
- isdn: kcapi: avoid uninitialized data
- xhci: plat: Register shutdown for xhci_plat
- netfilter: nfnetlink_queue: fix secctx memory leak
- Btrfs: fix an integer overflow check
- [armel,armhf] dma-mapping: disallow dma_get_sgtable() for non-kernel
managed memory
- [powerpc*] cpuidle: powernv: Pass correct drv->cpumask for registration
- bnxt_en: Fix NULL pointer dereference in reopen failure path
- [armhf,arm64] backlight: pwm_bl: Fix overflow condition
- [armhf,arm64] rtc: pl031: make interrupt optional
- kvm, mm: account kvm related kmem slabs to kmemcg
- net: phy: at803x: Change error to EINVAL for invalid MAC
- PCI: Avoid bus reset if bridge itself is broken
- scsi: cxgb4i: fix Tx skb leak
- scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1
volume created on two SATA drive
- PCI: Create SR-IOV virtfn/physfn links before attaching driver
- PM / OPP: Move error message to debug level
- igb: check memory allocation failure
- ixgbe: fix use of uninitialized padding
- IB/rxe: check for allocation failure on elem
- PCI/AER: Report non-fatal errors only to the affected endpoint
- tracing: Exclude 'generic fields' from histograms
- fm10k: fix mis-ordered parameters in declaration for .ndo_set_vf_bw
- scsi: lpfc: Fix secure firmware updates
- scsi: lpfc: PLOGI failures during NPIV testing
- vfio/pci: Virtualize Maximum Payload Size
- fm10k: ensure we process SM mbx when processing VF mbx
- net: ipv6: send NS for DAD when link operationally up
- [armhf] clk: sunxi-ng: sun6i: Rename HDMI DDC clock to avoid name
collision
- tcp: fix under-evaluated ssthresh in TCP Vegas
- rtc: set the alarm to the next expiring timer
- cpuidle: fix broadcast control when broadcast can not be entered
- [arm64] thermal: hisilicon: Handle return value of clk_prepare_enable
- [arm64] thermal/drivers/hisi: Fix missing interrupt enablement
- [arm64] thermal/drivers/hisi: Fix kernel panic on alarm interrupt
- [arm64] thermal/drivers/hisi: Simplify the temperature/step computation
- [arm64] thermal/drivers/hisi: Fix multiple alarm interrupts firing
- [mips*] math-emu: Fix final emulation phase for certain instructions
- [x86] platform: asus-wireless: send an EV_SYN/SYN_REPORT between state
changes
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.73
- ACPI: APEI / ERST: Fix missing error handling in erst_reader()
- ALSA: rawmidi: Avoid racy info ioctl via ctl device
- spi: xilinx: Detect stall with Unknown commands
- [x86] KVM: X86: Fix load RFLAGS w/o the fixed bit
- [x86] kvm: x86: fix RSM when PCID is non-zero
- [armhf] clk: sunxi: sun9i-mmc: Implement reset callback for reset controls
- [powerpc*] powerpc/perf: Dereference BHRB entries safely
- bpf/verifier: Fix states_equal() comparison of pointer and UNKNOWN
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.74
- tracing: Remove extra zeroing out of the ring buffer page
- tracing: Fix possible double free on failure of allocating trace buffer
- tracing: Fix crash when it fails to alloc ring buffer
- ring-buffer: Mask out the info bits when returning buffer page length
- ASoC: wm_adsp: Fix validation of firmware and coeff lengths
- [x86] x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly()
- [x86] x86/mm: Remove flush_tlb() and flush_tlb_current_task()
- [x86] x86/mm: Make flush_tlb_mm_range() more predictable
- [x86] x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range()
- [x86] x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code
- [x86] x86/mm: Disable PCID on 32-bit kernels
- [x86] x86/mm: Add the 'nopcid' boot option to turn off PCID
- [x86] x86/mm: Enable CR4.PCIDE on supported systems
- [amd64] x86/mm/64: Fix reboot interaction with CR4.PCIDE
- kbuild: add '-fno-stack-check' to kernel build options
- ipv4: igmp: guard against silly MTU values
- ipv6: mcast: better catch silly mtu values
- ptr_ring: add barriers
- RDS: Check cmsg_len before dereferencing CMSG_DATA
- tg3: Fix rx hang on MTU change with 5717/5719
- net: ipv4: fix for a race condition in raw_sendmsg
- ipv4: Fix use-after-free when flushing FIB tables
- net: bridge: fix early call to br_stp_change_bridge_id and plug newlink leaks
- net: Fix double free and memory corruption in get_net_ns_by_id() (CVE-2017-15129)
- net/mlx5e: Fix possible deadlock of VXLAN lock
- net/mlx5e: Prevent possible races in VXLAN control flow
- usbip: fix usbip bind writing random string after command in match_busid
- usbip: prevent leaking socket pointer address in messages
- usbip: stub: stop printing kernel pointer addresses in messages
- usbip: vhci: stop printing kernel pointer addresses in messages
- USB: Fix off by one in type-specific length check of BOS SSP capability
- nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick()
- [x86] x86/smpboot: Remove stale TLB flush invocations
- n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.75
- [x86] x86/boot: Add early cmdline parsing for options with arguments
- [amd64] KAISER: Kernel Address Isolation
- [amd64] kaiser: merged update
- [amd64] kaiser: do not set _PAGE_NX on pgd_none
- [amd64] kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE
- [amd64] kaiser: fix build and FIXME in alloc_ldt_struct()
- [amd64] kaiser: KAISER depends on SMP
- [amd64] kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER
- [amd64] kaiser: fix perf crashes
- [amd64] kaiser: ENOMEM if kaiser_pagetable_walk() NULL
- [amd64] kaiser: tidied up asm/kaiser.h somewhat
- [amd64] kaiser: tidied up kaiser_add/remove_mapping slightly
- [amd64] kaiser: align addition to x86/mm/Makefile
- [amd64] kaiser: cleanups while trying for gold link
- [amd64] kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET
- [amd64] kaiser: delete KAISER_REAL_SWITCH option
- [amd64] kaiser: vmstat show NR_KAISERTABLE as nr_overhead
- [amd64] kaiser: enhanced by kernel and user PCIDs
- [amd64] kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user
- [amd64] kaiser: PCID 0 for kernel and 128 for user
- [amd64] kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user
- [amd64] kaiser: paranoid_entry pass cr3 need to paranoid_exit
- [amd64] kaiser: kaiser_remove_mapping() move along the pgd
- [amd64] kaiser: fix unlikely error in alloc_ldt_struct()
- [amd64] kaiser: add "nokaiser" boot option, using ALTERNATIVE
- [amd64] x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling
- [amd64] x86/kaiser: Check boottime cmdline params
- [amd64] kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush
- [amd64] kaiser: drop is_atomic arg to kaiser_pagetable_walk()
- [amd64] kaiser: asm/tlbflush.h handle noPGE at lower level
- [amd64] kaiser: kaiser_flush_tlb_on_return_to_user() check PCID
- [amd64] x86/paravirt: Dont patch flush_tlb_single
- [amd64] x86/kaiser: Reenable PARAVIRT
- [amd64] kaiser: disabled on Xen PV
- [amd64] x86/kaiser: Move feature detection up
- [amd64] KPTI: Rename to PAGE_TABLE_ISOLATION
- [amd64] KPTI: Report when enabled
- [amd64] kaiser: Set _PAGE_NX only if supported
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.76
- crypto: n2 - cure use after free
- crypto: chacha20poly1305 - validate the digest size
- crypto: pcrypt - fix freeing pcrypt instances (CVE-2017-18075)
- nbd: fix use-after-free of rq/bio in the xmit path
- [arm] iommu/arm-smmu-v3: Don't free page table ops twice
- [arm] iommu/arm-smmu-v3: Cope with duplicated Stream IDs
- [x86] x86/microcode/AMD: Add support for fam17h microcode loading
- [hppa] parisc: Fix alignment of pa_tlb_lock in assembly on 32-bit SMP kernel
- [x86] Map the vsyscall page with _PAGE_USER
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.77
- mac80211: Add RX flag to indicate ICV stripped
- ath10k: rebuild crypto header in rx data frames
- [x86] KVM: Fix stack-out-of-bounds read in write_mmio
- [mips] MIPS: Fix an FCSR access API regression with NT_PRFPREG and MSA
- [x86] kvm: vmx: Scrub hardware GPRs at VM-exit (mitigates Spectre /
CVE-2017-5715 and CVE-2017-5753)
- ALSA: pcm: Remove incorrect snd_BUG_ON() usages
- RDS: Heap OOB write in rds_message_alloc_sgs() (CVE-2018-5332)
- RDS: null pointer dereference in rds_atomic_free_op (CVE-2018-5333)
- ipv6: fix possible mem leaks in ipv6_make_skb()
- mlxsw: spectrum_router: Fix NULL pointer deref
- crypto: algapi - fix NULL dereference in crypto_remove_spawns()
- [x86] x86/microcode/intel: Extend BDW late-loading with a revision check
- [x86] KVM: x86: Add memory barrier on vmcs field lookup (mitigates
Spectre#2 / CVE-2017-5715)
- [x86] kaiser: Set _PAGE_NX only if supported
- bpf: prevent out-of-bounds speculation (mitigates Spectre#1 /
CVE-2017-5753)
- bpf, array: fix overflow in max_entries and undefined behavior in index_mask
- USB: fix usbmon BUG trigger
- usbip: remove kernel addresses from usb device and urb debug msgs
- usbip: fix vudc_rx: harden CMD_SUBMIT path to handle malicious input
- usbip: vudc_tx: fix v_send_ret_submit() vulnerability to null xfer buffer
- Bluetooth: Prevent stack info leak from the EFS element.(CVE-2017-1000410)
- [x86] x86/retpoline: Add initial retpoline support (mitigates Spectre#2 /
CVE-2017-5715)
- [x86] x86/spectre: Add boot time option to select Spectre v2 mitigation
- [x86] x86/retpoline/crypto: Convert crypto assembler indirect jumps
- [x86] x86/retpoline/entry: Convert entry assembler indirect jumps
- [x86] x86/retpoline/ftrace: Convert ftrace assembler indirect jumps
- [x86] x86/retpoline/hyperv: Convert assembler indirect jumps
- [x86] x86/retpoline/xen: Convert Xen hypercall indirect jumps
- [x86] x86/retpoline/checksum32: Convert assembler indirect jumps
- [x86] x86/retpoline/irq32: Convert assembler indirect jumps
- [x86] x86/retpoline: Fill return stack buffer on vmexit
- [x86] x86/pti/efi: broken conversion from efi to kernel page table
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.78
- futex: Prevent overflow by strengthen input validation
- ALSA: seq: Make ioctls race-free
- af_key: fix buffer overread in verify_address_len()
- af_key: fix buffer overread in parse_exthdrs()
- iser-target: Fix possible use-after-free in connection establishment error
- [x86] x86/retpoline: Fill RSB on context switch for affected CPUs
- [x86] x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros
- module: Add retpoline tag to VERMAGIC
- [x86] x86/mm/pkeys: Fix fill_sig_info_pkey
- [x86] x86/tsc: Fix erroneous TSC rate on Skylake Xeon
- pipe: avoid round_pipe_size() nr_pages overflow on 32-bit
- [x86] x86/apic/vector: Fix off by one in error path
- Input: ALPS - fix multi-touch decoding on SS4 plus touchpads
- Input: 88pm860x-ts - fix child-node lookup
- Input: twl6040-vibra - fix child-node lookup
- Input: twl4030-vibra - fix sibling-node lookup
- proc: fix coredump vs read /proc/*/stat race
- libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
- workqueue: avoid hard lockups in show_workqueue_state()
- dm btree: fix serious bug in btree_split_beneath()
- dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6
- [arm64] arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
- [x86] x86/cpu, x86/pti: Do not enable PTI on AMD processors
- usbip: fix warning in vhci_hcd_probe/lockdep_init_map
- [x86] x86/mce: Make machine check speculation protected
- [x86] retpoline: Introduce start/end markers of indirect thunk
- [x86] x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.79
- [i386] x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels
- usbip: prevent vhci_hcd driver from leaking a socket pointer address (CVE-2017-16911)
- usbip: Fix potential format overflow in userspace tools
- [arm*] KVM: arm/arm64: Check pagesize when allocating a hugepage at Stage 2
- [amd64] Prevent timer value 0 for MWAITX
- drivers: base: cacheinfo: fix boot error message when acpi is enabled
- mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
- ACPICA: Namespace: fix operand cache leak
- netfilter: nfnetlink_cthelper: Add missing permission checks
- netfilter: xt_osf: Add missing permission checks
- fs/fcntl: f_setown, avoid undefined behaviour
- Revert "module: Add retpoline tag to VERMAGIC"
- orangefs: fix deadlock; do not write i_size in read_iter
- um: link vmlinux with -no-pie
- vsyscall: Fix permissions for emulate mode with KAISER/PTI
- ipv6: fix udpv6 sendmsg crash caused by too small MTU
- ipv6: ip6_make_skb() needs to clear cork.base.dst
- net: igmp: fix source address check for IGMPv3 reports
- net: qdisc_pkt_len_init() should be more robust
- net: tcp: close sock if net namespace is exiting
- pppoe: take ->needed_headroom of lower device into account on xmit
- r8169: fix memory corruption on retrieval of hardware statistics.
- sctp: do not allow the v4 socket to bind a v4mapped v6 address
- sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf
- flow_dissector: properly cap thoff field
- perf/x86/amd/power: Do not load AMD power module on !AMD platforms
- x86/microcode/intel: Extend BDW late-loading further with LLC size check
- bpf: fix bpf_tail_call() x64 JIT
- bpf: avoid false sharing of map refcount with max_entries
- bpf: fix divides by zero
- bpf: fix 32-bit divide by zero
- nfsd: auth: Fix gid sorting when rootsquash enabled
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.80
- loop: fix concurrent lo_open/lo_release (CVE-2018-5344)
- gpio: Fix kernel stack leak to userspace
- crypto: aesni - handle zero length dst buffer
- crypto: sha3-generic - fixes for alignment and big endian operation
- HID: wacom: EKR: ensure devres groups at higher indexes are released
- igb: Free IRQs when device is hotplugged
- drm/vc4: Account for interrupts in flight
- [x86] KVM: x86: emulator: Return to user-mode on L1 CPL=0 emulation failure
- [x86] KVM: x86: Don't re-execute instruction when not passing CR2 value
- [x86] KVM: X86: Fix operand/address-size during instruction decoding
- [x86] KVM: x86: ioapic: Fix level-triggered EOI and IOAPIC reconfigure race
- [x86] KVM: x86: ioapic: Clear Remote IRR when entry is switched to edge-triggered
- ACPI / bus: Leave modalias empty for devices which are not present
- [x86] KVM: x86: ioapic: Preserve read-only values in the redirection table
- btrfs: fix deadlock when writing out space cache
- [x86] KVM: X86: Fix softlockup when get the current kvmclock
- KVM: VMX: Fix rflags cache during vCPU reset
- xfs: always free inline data before resetting inode fork during ifree
- kmemleak: add scheduling point to kmemleak_scan()
- scsi: aacraid: Prevent crash in case of free interrupt during scsi EH path
- scsi: ufs: ufshcd: fix potential NULL pointer dereference in ufshcd_config_vreg
- usb: gadget: don't dereference g until after it has been null checked
- tty: fix data race between tty_init_dev and flush of buf
- USB: serial: io_edgeport: fix possible sleep-in-atomic
- usbip: prevent bind loops on devices attached to vhci_hcd
.
[ Ben Hutchings ]
* [rt] Update to 4.9.68-rt60:
- Revert "memcontrol: Prevent scheduling while atomic in cgroup code"
- Revert "fs: jbd2: pull your plug when waiting for space"
- rtmutex: Fix lock stealing logic
- cpu_pm: replace raw_notifier to atomic_notifier
- PM / CPU: replace raw_notifier with atomic_notifier (fixup)
- kernel/hrtimer: migrate deferred timer on CPU down
- net: take the tcp_sk_lock lock with BH disabled
- kernel/hrtimer: don't wakeup a process while holding the hrtimer base lock
- kernel/hrtimer/hotplug: don't wake ktimersoftd while holding the hrtimer
base lock
- Bluetooth: avoid recursive locking in hci_send_to_channel()
- iommu/amd: Use raw_cpu_ptr() instead of get_cpu_ptr() for ->flush_queue
- rt/locking: allow recursive local_trylock()
- locking/rtmutex: don't drop the wait_lock twice
- net: use trylock in icmp_sk
* e1000e: Fix e1000_check_for_copper_link_ich8lan return value.
(see bug #885348)
* [s390x] Un-revert upstream change moving exports to assembly sources
.
[ Yves-Alexis Perez ]
* mm, hugetlbfs: Avoid ABI change in 4.9.67.
* dma-fence: Avoid ABI change in 4.9.68.
* lib/genalloc: Avoid ABI change in 4.9.69.
* Ignore ABI changes in inet_diag, SCTP, vsock, NVME, MD and libsas drivers,
prevent FTBFS.
* debian/patches: drop patches included upstream:
- bugfix/all/e1000e-fix-e1000_check_for_copper_link_ich8lan-return-value.patch
- bugfix/all/kvm-fix-stack-out-of-bounds-read-in-write_mmio.patch
- bugfix/all/bluetooth-prevent-stack-info-leak-from-the-efs-element.patch
- bugfix/all/mm-mmap.c-do-not-blow-on-prot_none-map_fixed-holes-i.patch
- bugfix/all/netfilter-nfnetlink_cthelper-add-missing-permission-.patch
- bugfix/all/netfilter-xt_osf-add-missing-permission-checks.patch
- bugfix/all/nfsd-auth-Fix-gid-sorting-when-rootsquash-enabled.patch
* bpf: avoid ABI changes in 4.9.77 and 4.9.79.
* Ignore ABI change for cpu_tlbstate (symbol not exported _GPL anymore)
* sched/rt: Avoid ABI change in 4.9.66.
* Ignore ABI change for tcp_cong_avoid_ai and tcp_slow_start.
* RT patchset:
- fix context against 4.9.78 (164, 165, 229, 230)
- refresh for fuzz (228)
* mm: Avoid ABI change in 4.9.79.
* usbip: ignore ABI change in 4.9.79.
* cpupower: check for CPU existence has been fixed upstream, although a bit
differently than the included patch.
.
[ Salvatore Bonaccorso ]
* nfsd: auth: Fix gid sorting when rootsquash enabled (CVE-2018-1000028)
linux (4.9.65-3+deb9u2) stretch-security; urgency=high
.
* x86: setup PCID, preparation work for KPTI.
- x86/mm/64: Fix reboot interaction with CR4.PCIDE
- x86/mm: Add the 'nopcid' boot option to turn off PCID
- x86/mm: Disable PCID on 32-bit kernels
- x86/mm: Enable CR4.PCIDE on supported systems
* [amd64] Implement Kernel Page Table Isolation (KPTI, aka KAISER)
(CVE-2017-5754)
- kaiser: add "nokaiser" boot option, using ALTERNATIVE
- kaiser: align addition to x86/mm/Makefile
- kaiser: asm/tlbflush.h handle noPGE at lower level
- kaiser: cleanups while trying for gold link
- kaiser: delete KAISER_REAL_SWITCH option
- kaiser: disabled on Xen PV
- kaiser: do not set _PAGE_NX on pgd_none
- kaiser: drop is_atomic arg to kaiser_pagetable_walk()
- kaiser: enhanced by kernel and user PCIDs
- kaiser: ENOMEM if kaiser_pagetable_walk() NULL
- kaiser: fix build and FIXME in alloc_ldt_struct()
- kaiser: fix perf crashes
- kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER
- kaiser: fix unlikely error in alloc_ldt_struct()
- kaiser: KAISER depends on SMP
- kaiser: kaiser_flush_tlb_on_return_to_user() check PCID
- kaiser: kaiser_remove_mapping() move along the pgd
- KAISER: Kernel Address Isolation
- x86_64: KAISER - do not map kernel in user mode
- kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user
- kaiser: merged update
- kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET
- kaiser: paranoid_entry pass cr3 need to paranoid_exit
- kaiser: PCID 0 for kernel and 128 for user
- kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE
- kaiser: tidied up asm/kaiser.h somewhat
- kaiser: tidied up kaiser_add/remove_mapping slightly
- kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush
- kaiser: vmstat show NR_KAISERTABLE as nr_overhead
- kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user
- KPTI: Rename to PAGE_TABLE_ISOLATION
- KPTI: Report when enabled
- x86/boot: Add early cmdline parsing for options with arguments
- x86/kaiser: Check boottime cmdline params
- x86/kaiser: Move feature detection up
- x86/kaiser: Reenable PARAVIRT
- x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling
- x86/paravirt: Dont patch flush_tlb_single
* Bump ABI to 5.
linux (4.9.65-3+deb9u2~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports:
- Revert "[x86] psmouse: Enable MOUSE_PS2_VMMOUSE", which breaks
xserver-xorg-input-vmmouse and several metapackages in jessie
- Revert changes to use gcc-6 compiler, not found in jessie
- Change ABI number to 0.bpo.5
- Revert changes to flex and asciidoc build-dependencies
- linux-image-dbg: Revert changes to packaging of debug symbols
- Revert "enable `perf data' support" as libbabeltrace is not available
- [mips*] Disable RELOCATABLE and RANDOMIZE_BASE.
linux (4.9.65-3+deb9u1) stretch-security; urgency=high
.
* dccp: CVE-2017-8824: use-after-free in DCCP code
* media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
(CVE-2017-16538)
* media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
(CVE-2017-16538)
* media: hdpvr: Fix an error handling path in hdpvr_probe() (CVE-2017-16644)
* bpf/verifier: Fix multiple security issues:
- adjust insn_aux_data when patching insns
- fix branch pruning logic
- reject out-of-bounds stack pointer calculation
- fix incorrect sign extension in check_alu_op() (CVE-2017-16995)
- Fix states_equal() comparison of pointer and UNKNOWN
* netfilter: nfnetlink_cthelper: Add missing permission checks
(CVE-2017-17448)
* netlink: Add netns check on taps (CVE-2017-17449)
* netfilter: xt_osf: Add missing permission checks (CVE-2017-17450)
* USB: core: prevent malicious bNumInterfaces overflow (CVE-2017-17558)
* net: ipv4: fix for a race condition in raw_sendmsg (CVE-2017-17712)
* [armhf,arm64,x86] KVM: Fix stack-out-of-bounds read in write_mmio
(CVE-2017-17741)
* crypto: salsa20 - fix blkcipher_walk API usage (CVE-2017-17805)
* crypto: hmac - require that the underlying hash algorithm is unkeyed
(CVE-2017-17806)
* KEYS: add missing permission check for request_key() destination
(CVE-2017-17807)
* [x86] KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
(CVE-2017-1000407)
* bluetooth: Prevent stack info leak from the EFS element.
(CVE-2017-1000410)
linux (4.9.65-3+deb9u1~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports:
- Revert "[x86] psmouse: Enable MOUSE_PS2_VMMOUSE", which breaks
xserver-xorg-input-vmmouse and several metapackages in jessie
- Revert changes to use gcc-6 compiler, not found in jessie
- Change ABI number to 0.bpo.4
- Revert changes to flex and asciidoc build-dependencies
- linux-image-dbg: Revert changes to packaging of debug symbols
- Revert "enable `perf data' support" as libbabeltrace is not available
- [mips*] Disable RELOCATABLE and RANDOMIZE_BASE.
.
linux (4.9.65-3+deb9u1) stretch-security; urgency=high
.
* dccp: CVE-2017-8824: use-after-free in DCCP code
* media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
(CVE-2017-16538)
* media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
(CVE-2017-16538)
* media: hdpvr: Fix an error handling path in hdpvr_probe() (CVE-2017-16644)
* bpf/verifier: Fix multiple security issues:
- adjust insn_aux_data when patching insns
- fix branch pruning logic
- reject out-of-bounds stack pointer calculation
- fix incorrect sign extension in check_alu_op() (CVE-2017-16995)
- Fix states_equal() comparison of pointer and UNKNOWN
* netfilter: nfnetlink_cthelper: Add missing permission checks
(CVE-2017-17448)
* netlink: Add netns check on taps (CVE-2017-17449)
* netfilter: xt_osf: Add missing permission checks (CVE-2017-17450)
* USB: core: prevent malicious bNumInterfaces overflow (CVE-2017-17558)
* net: ipv4: fix for a race condition in raw_sendmsg (CVE-2017-17712)
* [armhf,arm64,x86] KVM: Fix stack-out-of-bounds read in write_mmio
(CVE-2017-17741)
* crypto: salsa20 - fix blkcipher_walk API usage (CVE-2017-17805)
* crypto: hmac - require that the underlying hash algorithm is unkeyed
(CVE-2017-17806)
* KEYS: add missing permission check for request_key() destination
(CVE-2017-17807)
* [x86] KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
(CVE-2017-1000407)
* bluetooth: Prevent stack info leak from the EFS element.
(CVE-2017-1000410)
linux-latest (80+deb9u4) stretch-security; urgency=high
.
* Update to 4.9.0-6
linux-latest (80+deb9u3) stretch-security; urgency=high
.
* Update to 4.9.0-5
lucene-solr (3.6.2+dfsg-10+deb9u1) stretch-security; urgency=high
.
* Team upload.
* Fix CVE-2017-12629: possible remote code execution by exploiting XXE. For
security reasons the RunExecutableListener class was permanently removed.
* Update debian/conf/solrconfig.xml and remove example configuration for
RunExecutableListener which had to be removed for security reasons.
* CVE-2017-3163: fix ReplicationHandler path traversal vulnerability.
(Closes: #867712)
lxc (1:2.0.7-2+deb9u2) stretch; urgency=medium
.
* 0005-debian-Use-iproute2-instead-of-iproute.patch: pull iproute2 instead
of iproute, fixing the creation of testing and unstable containers after
the iproute binary package was dropped.
mailman (1:2.1.23-1+deb9u2) stretch-security; urgency=high
.
* CVE-2018-5950: XSS and information leak in user options.
(Closes: #888201)
mapproxy (1.9.0-3+deb9u1) stretch; urgency=medium
.
* Update branch in gbp.conf & Vcs-Git URL.
* Add upstream patch to fix Cross Site Scripting (XSS) issue in demo service.
Fixes CVE-2017-1000426.
mosquitto (1.4.10-3+deb9u1) stretch; urgency=medium
.
* SECURITY UPDATE: Mosquitto persistence file is world readable.
- debian/patches/mosquitto-1.4.x_cve-2017-9868.patch: Set umask to limit
read permissions.
- CVE-2017-9868
mpi4py (2.0.0-2.1+deb9u1) stretch; urgency=medium
.
[ Andreas Beckmann ]
* Non-maintainer upload.
* Backport fix from 2.0.0-3 to stretch.
.
[ Stuart Prescott ]
* Fix sover list used in dlopen so that current libmpi.so is found
(Closes: #860476)
mpv (0.23.0-2+deb9u2) stretch-security; urgency=high
.
* debian/patches/08_ytdl-hook-whitelist-protocols.patch:
- Fix regression in CVE-2018-6360 patch which broke youtube playlists.
(Closes: #889892)
mpv (0.23.0-2+deb9u1) stretch-security; urgency=high
.
* debian/patches/08_ytdl-hook-whitelist-protocols.patch:
- Add patch which whitelists protocols received from youtube-dl.
Fixes CVE-2018-6360. (Closes: #888654)
ncurses (6.0+20161126-1+deb9u2) stretch; urgency=medium
.
* Cherry-pick upstream fix from the 20171125 patchlevel to fix
a buffer overflow in the _nc_write_entry function
(CVE-2017-16879, Closes: #882620).
needrestart (2.11-3+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Fix switching to list mode if debconf is run non-interactively.
(Closes: #876459)
nova (2:14.0.0-4+deb9u1) stretch-security; urgency=medium
.
* CVE-2017-16239 / OSSA-2017-005: Nova Filter Scheduler bypass through
rebuild action. Applied upstream patch: Validate new image via scheduler
during rebuild (Closes: #882009).
* Fixed nova-placement-api init to use uwsgi. The old init file was simply
not working at all.
* Add CVE-2017-17051_Refined_fix_for_validating_image_on_rebuild.patch.
ntp (1:4.2.8p10+dfsg-3+deb9u2) stretch; urgency=medium
.
* Cherry-pick patch from upstream to increase stack size.
Thanks to Frederic Endner-Dühr for testing (Closes: #887385)
* Add d/gbp.conf for stretch branch
nvidia-graphics-drivers-legacy-304xx (304.137-5~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
.
nvidia-graphics-drivers-legacy-304xx (304.137-5) unstable; urgency=medium
.
* The 304.xx legacy driver series has been declared as End-of-Life by
NVIDIA. No further updates fixing security issues, critical bugs, or
adding support for new Xorg or Linux releases will be issued.
https://nvidia.custhelp.com/app/answers/detail/a_id/3142
.
[ Andreas Beckmann ]
* Add NEWS entry for End-of-Life status.
* Include again the amd64 blob to build amd64 kernel modules on i386.
(Closes: #887651)
* nvidia-kernel-{dkms,source}: Mention the supported architecture(s) in the
long Description (384.111-4).
* Use dh_missing --fail-missing (384.111-4).
* Update lintian overrides.
.
nvidia-graphics-drivers-legacy-304xx (304.137-4) unstable; urgency=medium
.
[ Andreas Beckmann ]
* Bump Standards-Version to 4.1.3. No changes needed.
* Stop shipping the classic libnvidia-tls.so.* and ship the modern one (for
Linux 2.6 onwards) in the regular libdir instead of the tls/ subdir
(384.111-1). (Closes: #883615)
* nvidia-legacy-304xx-alternative.prerm: Trigger register-glx-alternative-
nvidia upon removal (384.111-3). (Closes: #883637)
* libgl1-nvidia-legacy-304xx-glx.prerm: Do not forcibly remove the nvidia
alternative, this would reset it from manual mode to auto mode while it
could still be needed by other packages, e.g. libcuda1. Let the
nvidia-legacy-304xx-alternative triggers handle it instead (384.111-3).
.
[ Luca Boccassi ]
* Add timer.patch to fix kernel module build on Linux 4.15 and newer.
.
nvidia-graphics-drivers-legacy-304xx (304.137-3) unstable; urgency=medium
.
* B-D: dpkg-dev (>= 1.18.8) for SOURCE_DATE_EPOCH in pkg-info.mk (375.82-9).
* Set Rules-Requires-Root: no (375.82-9).
.
nvidia-graphics-drivers-legacy-304xx (304.137-2) unstable; urgency=medium
.
* Use debian/substvars for substitutions by dpkg-genchanges (dpkg 1.19)
(375.82-7).
* nvidia-detect: Detect devices in PCI classes 0301 (XGA compatible
controller) and 0302 (3D controller), too (375.82-7).
* bug-script: List these devices, too (375.82-7).
* Use https:// URLs where possible (375.82-8).
.
nvidia-graphics-drivers-legacy-304xx (304.137-1) unstable; urgency=medium
.
* New upstream legacy 304xx branch release 304.137 (2017-09-19).
- Improved compatibility with recent Linux kernels.
.
[ Andreas Beckmann ]
* Bump Standards-Version to 4.1.1. No changes needed.
* bug-control: Add arch qualification to M-A:same packages in report-with
list otherwise reportbug will ignore them if more than one is installed
(375.82-5).
* Simplify upstream changelog handling (375.82-5).
.
[ Luca Boccassi ]
* Drop drm-driver-legacy.patch, deprecated-cpu-events.patch and
drm-unload.patch, fixed upstream.
* Refresh disable-mtrr.patch to remove fuzz from upstream changes.
* Add nvidia-drm-pci-init.patch to fix kernel module build on Linux 4.14
and newer.
.
nvidia-graphics-drivers-legacy-304xx (304.135-5) unstable; urgency=medium
.
[ Andreas Beckmann ]
* Bump Standards-Version to 4.1.0. No changes needed.
.
[ Luca Boccassi ]
* Switch to my debian.org email address in Uploaders.
* Update pud-offset.patch to fix runtime error on Linux 4.12 and newer.
Original patch: https://bugzilla.rpmfusion.org/show_bug.cgi?id=4629#c11
(Closes: #875425)
.
[ Russ Allbery ]
* Remove myself from Uploaders.
.
nvidia-graphics-drivers-legacy-304xx (304.135-4) unstable; urgency=medium
.
[ Andreas Beckmann ]
* Bump Standards-Version to 4.0.1. No changes needed.
* nvidia-alternative: Explicitly use interest-await triggers (375.82-2).
* Switch from dh_install --list-missing to dh_missing (375.82-2).
* Use dpkg makefile snippets instead of manual changelog parsing (375.82-2).
* build-module-packages.sh: Order kernels by descending version (375.82-2).
* Switch watch URL from ftp:// to https:// (375.82-1).
* Update lintian overrides.
.
[ Luca Boccassi ]
* Add pud-offset.patch to fix kernel module build on Linux 4.12 and newer.
.
nvidia-graphics-drivers-legacy-304xx (304.135-3) unstable; urgency=medium
.
[ Andreas Beckmann ]
* Merge changes from 304.135-1 (jessie).
* Do not prevent ccache usage. The bug was fixed in ccache 3.0 (in squeeze)
(375.82-1).
* not-parallel.patch: New, prevent parallel module build.
.
[ Luca Boccassi ]
* Add drm-unload.patch to fix kernel module build on Linux 4.11 and newer.
(Closes: #865964)
nvidia-graphics-drivers-legacy-304xx (304.137-5~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
nvidia-graphics-drivers-legacy-304xx (304.137-5) unstable; urgency=medium
.
* The 304.xx legacy driver series has been declared as End-of-Life by
NVIDIA. No further updates fixing security issues, critical bugs, or
adding support for new Xorg or Linux releases will be issued.
https://nvidia.custhelp.com/app/answers/detail/a_id/3142
.
[ Andreas Beckmann ]
* Add NEWS entry for End-of-Life status.
* Include again the amd64 blob to build amd64 kernel modules on i386.
(Closes: #887651)
* nvidia-kernel-{dkms,source}: Mention the supported architecture(s) in the
long Description (384.111-4).
* Use dh_missing --fail-missing (384.111-4).
* Update lintian overrides.
.
nvidia-graphics-drivers-legacy-304xx (304.137-4) unstable; urgency=medium
.
[ Andreas Beckmann ]
* Bump Standards-Version to 4.1.3. No changes needed.
* Stop shipping the classic libnvidia-tls.so.* and ship the modern one (for
Linux 2.6 onwards) in the regular libdir instead of the tls/ subdir
(384.111-1). (Closes: #883615)
* nvidia-legacy-304xx-alternative.prerm: Trigger register-glx-alternative-
nvidia upon removal (384.111-3). (Closes: #883637)
* libgl1-nvidia-legacy-304xx-glx.prerm: Do not forcibly remove the nvidia
alternative, this would reset it from manual mode to auto mode while it
could still be needed by other packages, e.g. libcuda1. Let the
nvidia-legacy-304xx-alternative triggers handle it instead (384.111-3).
.
[ Luca Boccassi ]
* Add timer.patch to fix kernel module build on Linux 4.15 and newer.
nvidia-graphics-drivers-legacy-304xx (304.137-4) unstable; urgency=medium
.
[ Andreas Beckmann ]
* Bump Standards-Version to 4.1.3. No changes needed.
* Stop shipping the classic libnvidia-tls.so.* and ship the modern one (for
Linux 2.6 onwards) in the regular libdir instead of the tls/ subdir
(384.111-1). (Closes: #883615)
* nvidia-legacy-304xx-alternative.prerm: Trigger register-glx-alternative-
nvidia upon removal (384.111-3). (Closes: #883637)
* libgl1-nvidia-legacy-304xx-glx.prerm: Do not forcibly remove the nvidia
alternative, this would reset it from manual mode to auto mode while it
could still be needed by other packages, e.g. libcuda1. Let the
nvidia-legacy-304xx-alternative triggers handle it instead (384.111-3).
.
[ Luca Boccassi ]
* Add timer.patch to fix kernel module build on Linux 4.15 and newer.
nvidia-graphics-drivers-legacy-304xx (304.137-3) unstable; urgency=medium
.
* Set Rules-Requires-Root: no (375.82-9).
* B-D: dpkg-dev (>= 1.18.8) for SOURCE_DATE_EPOCH in pkg-info.mk (375.82-9).
nvidia-graphics-drivers-legacy-304xx (304.137-3~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
nvidia-graphics-drivers-legacy-304xx (304.137-3) unstable; urgency=medium
.
* Set Rules-Requires-Root: no (375.82-9).
* B-D: dpkg-dev (>= 1.18.8) for SOURCE_DATE_EPOCH in pkg-info.mk (375.82-9).
.
nvidia-graphics-drivers-legacy-304xx (304.137-2) unstable; urgency=medium
.
* Use debian/substvars for substitutions by dpkg-genchanges (dpkg 1.19)
(375.82-7).
* nvidia-detect: Detect devices in PCI classes 0301 (XGA compatible
controller) and 0302 (3D controller), too (375.82-7).
* bug-script: List these devices, too (375.82-7).
* Use https:// URLs where possible (375.82-8).
.
nvidia-graphics-drivers-legacy-304xx (304.137-1) unstable; urgency=medium
.
* New upstream legacy 304xx branch release 304.137 (2017-09-19).
- Improved compatibility with recent Linux kernels.
.
[ Andreas Beckmann ]
* Bump Standards-Version to 4.1.1. No changes needed.
* bug-control: Add arch qualification to M-A:same packages in report-with
list otherwise reportbug will ignore them if more than one is installed
(375.82-5).
* Simplify upstream changelog handling (375.82-5).
.
[ Luca Boccassi ]
* Drop drm-driver-legacy.patch, deprecated-cpu-events.patch and
drm-unload.patch, fixed upstream.
* Refresh disable-mtrr.patch to remove fuzz from upstream changes.
* Add nvidia-drm-pci-init.patch to fix kernel module build on Linux 4.14
and newer.
.
nvidia-graphics-drivers-legacy-304xx (304.135-5) unstable; urgency=medium
.
[ Andreas Beckmann ]
* Bump Standards-Version to 4.1.0. No changes needed.
.
[ Luca Boccassi ]
* Switch to my debian.org email address in Uploaders.
* Update pud-offset.patch to fix runtime error on Linux 4.12 and newer.
Original patch: https://bugzilla.rpmfusion.org/show_bug.cgi?id=4629#c11
(Closes: #875425)
.
[ Russ Allbery ]
* Remove myself from Uploaders.
.
nvidia-graphics-drivers-legacy-304xx (304.135-4) unstable; urgency=medium
.
[ Andreas Beckmann ]
* Bump Standards-Version to 4.0.1. No changes needed.
* nvidia-alternative: Explicitly use interest-await triggers (375.82-2).
* Switch from dh_install --list-missing to dh_missing (375.82-2).
* Use dpkg makefile snippets instead of manual changelog parsing (375.82-2).
* build-module-packages.sh: Order kernels by descending version (375.82-2).
* Switch watch URL from ftp:// to https:// (375.82-1).
* Update lintian overrides.
.
[ Luca Boccassi ]
* Add pud-offset.patch to fix kernel module build on Linux 4.12 and newer.
.
nvidia-graphics-drivers-legacy-304xx (304.135-3) unstable; urgency=medium
.
[ Andreas Beckmann ]
* Merge changes from 304.135-1 (jessie).
* Do not prevent ccache usage. The bug was fixed in ccache 3.0 (in squeeze)
(375.82-1).
* not-parallel.patch: New, prevent parallel module build.
.
[ Luca Boccassi ]
* Add drm-unload.patch to fix kernel module build on Linux 4.11 and newer.
(Closes: #865964)
nvidia-graphics-drivers-legacy-304xx (304.137-2) unstable; urgency=medium
.
* Use debian/substvars for substitutions by dpkg-genchanges (dpkg 1.19)
(375.82-7).
* nvidia-detect: Detect devices in PCI classes 0301 (XGA compatible
controller) and 0302 (3D controller), too (375.82-7).
* bug-script: List these devices, too (375.82-7).
* Use https:// URLs where possible (375.82-8).
nvidia-graphics-drivers-legacy-304xx (304.137-1) unstable; urgency=medium
.
* New upstream legacy 304xx branch release 304.137 (2017-09-19).
- Improved compatibility with recent Linux kernels.
.
[ Andreas Beckmann ]
* Bump Standards-Version to 4.1.1. No changes needed.
* bug-control: Add arch qualification to M-A:same packages in report-with
list otherwise reportbug will ignore them if more than one is installed
(375.82-5).
* Simplify upstream changelog handling (375.82-5).
.
[ Luca Boccassi ]
* Drop drm-driver-legacy.patch, deprecated-cpu-events.patch and
drm-unload.patch, fixed upstream.
* Refresh disable-mtrr.patch to remove fuzz from upstream changes.
* Add nvidia-drm-pci-init.patch to fix kernel module build on Linux 4.14
and newer.
nvidia-graphics-drivers-legacy-304xx (304.135-5) unstable; urgency=medium
.
[ Andreas Beckmann ]
* Bump Standards-Version to 4.1.0. No changes needed.
.
[ Luca Boccassi ]
* Switch to my debian.org email address in Uploaders.
* Update pud-offset.patch to fix runtime error on Linux 4.12 and newer.
Original patch: https://bugzilla.rpmfusion.org/show_bug.cgi?id=4629#c11
(Closes: #875425)
.
[ Russ Allbery ]
* Remove myself from Uploaders.
nvidia-graphics-drivers-legacy-304xx (304.135-4) unstable; urgency=medium
.
[ Andreas Beckmann ]
* Bump Standards-Version to 4.0.1. No changes needed.
* nvidia-alternative: Explicitly use interest-await triggers.
* Switch from dh_install --list-missing to dh_missing.
* Use dpkg makefile snippets instead of manual parsing.
* build-module-packages.sh: Order kernels by descending version.
* Switch watch URL from ftp:// to https:// (375.82-1).
* Update lintian overrides.
.
[ Luca Boccassi ]
* Add pud-offset.patch to fix kernel module build on Linux 4.12 and newer.
nvidia-graphics-drivers-legacy-304xx (304.135-3) unstable; urgency=medium
.
[ Andreas Beckmann ]
* Merge changes from 304.135-1 (jessie).
* Do not prevent ccache usage. The bug was fixed in ccache 3.0 (in squeeze).
* not-parallel.patch: New, prevent parallel module build.
.
[ Luca Boccassi ]
* Add drm-unload.patch to fix kernel module build on Linux 4.11 and newer.
(Closes: #865964)
nvidia-graphics-drivers-legacy-340xx (340.106-2~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
.
nvidia-graphics-drivers-legacy-340xx (340.106-2) unstable; urgency=medium
.
* nvidia-kernel-{dkms,source}: Mention the supported architecture(s) in the
long Description (384.111-4).
* Use dh_missing --fail-missing (384.111-4).
* Update lintian overrides.
.
nvidia-graphics-drivers-legacy-340xx (340.106-1) unstable; urgency=medium
.
* New upstream legacy 340xx branch release 340.106 (2018-01-16).
* Fixed CVE-2017-5753, CVE-2017-5715 (spectre), CVE-2017-5754 (meltdown).
https://nvidia.custhelp.com/app/answers/detail/a_id/4611
(Closes: #886852)
- Fixed a compatibility problem between the nvidia.ko's Page Attribute
Table (PAT) support and the kernel Page Table Isolation (PTI) patches.
To optimize stores to memory, nvidia.ko contains support for
configuring the CPU's PAT registers, as a fallback for Linux kernels
that predate kernel native PAT support. On any recent kernel
with CONFIG_X86_PAT enabled, the driver will detect that setup has
already been done and skip its PAT setup. However, a static inline
function called by nvidia.ko's PAT fallback support was updated in
the PTI patches to use the EXPORT_SYMBOL_GPL symbol 'cpu_tlbstate'.
nvidia.ko was updated to only contain its PAT fallback support,
at build time, on kernels without CONFIG_X86_PAT.
* Improved compatibility with recent Linux kernels.
.
[ Luca Boccassi ]
* Drop nvidia-drm-pci-init.patch and timer.patch, fixed upstream.
.
nvidia-graphics-drivers-legacy-340xx (340.104-4) unstable; urgency=medium
.
[ Andreas Beckmann ]
* Bump Standards-Version to 4.1.3. No changes needed.
* Stop shipping the classic libnvidia-tls.so.* and ship the modern one (for
Linux 2.6 onwards) in the regular libdir instead of the tls/ subdir
(384.111-1). (Closes: #883615)
* Add #tls# substitution for the tls/ source directory (384.111-1).
* nvidia-legacy-340xx-alternative.prerm: Trigger register-glx-alternative-
nvidia upon removal (384.111-3). (Closes: #883637)
* libgl1-nvidia-legacy-340xx-glx.prerm: Do not forcibly remove the nvidia
alternative, this would reset it from manual mode to auto mode while it
could still be needed by other packages, e.g. libcuda1. Let the
nvidia-legacy-340xx-alternative triggers handle it instead (384.111-3).
.
[ Luca Boccassi ]
* Add timer.patch to fix kernel module build on Linux 4.15 and newer.
.
nvidia-graphics-drivers-legacy-340xx (340.104-3) unstable; urgency=medium
.
* B-D: dpkg-dev (>= 1.18.8) for SOURCE_DATE_EPOCH in pkg-info.mk (375.82-9).
* Set Rules-Requires-Root: no (375.82-9).
.
nvidia-graphics-drivers-legacy-340xx (340.104-2) unstable; urgency=medium
.
* Use debian/substvars for substitutions by dpkg-genchanges (dpkg 1.19)
(375.82-7).
* nvidia-detect: Detect devices in PCI classes 0301 (XGA compatible
controller) and 0302 (3D controller), too (375.82-7).
* bug-script: List these devices, too (375.82-7).
* Use https:// URLs where possible (375.82-8).
.
nvidia-graphics-drivers-legacy-340xx (340.104-1) unstable; urgency=medium
.
* New upstream legacy 340xx branch release 340.104 (2017-09-19).
* Improved compatibility with recent Linux kernels.
.
[ Andreas Beckmann ]
* Add GRID K1/K2/K340 to EoL models, no longer supported from 375.xx on.
* Bump Standards-Version to 4.1.1. No changes needed.
* bug-control: Add arch qualification to M-A:same packages in report-with
list otherwise reportbug will ignore them if more than one is installed
(375.82-5).
* Simplify upstream changelog handling (375.82-5).
.
[ Luca Boccassi ]
* Switch to my debian.org email address in Uploaders.
* Drop drm-driver-legacy.patch, deprecated-cpu-events.patch,
vmf-address.patch, drm-unload.patch, fatal-signal.patch and
set-memory.patch, fixed upstream.
* Refresh vm-fault.patch to remove fuzz from upstream changes.
* Add nvidia-drm-pci-init.patch to fix kernel module build on Linux 4.14
and newer.
.
[ Russ Allbery ]
* Remove myself from Uploaders.
.
nvidia-graphics-drivers-legacy-340xx (340.102-3) unstable; urgency=medium
.
[ Andreas Beckmann ]
* disable-preempt_rt_sanity_check.patch: Remove, unsupported upstream.
* Bump Standards-Version to 4.0.1. No changes needed.
* nvidia-alternative: Explicitly use interest-await triggers (375.82-2).
* Switch from dh_install --list-missing to dh_missing (375.82-2).
* Use dpkg makefile snippets instead of manual changelog parsing (375.82-2).
* build-module-packages.sh: Order kernels by descending version.
Skip PREEMPT_RT (*-rt-*) kernels, unsupported upstream (375.82-2).
* Switch watch URL from ftp:// to https:// (375.82-1).
* Update lintian overrides.
.
[ Luca Boccassi ]
* Add set-memory.patch to fix kernel module build on Linux 4.12 and newer.
(Closes: #872330)
.
nvidia-graphics-drivers-legacy-340xx (340.102-2) unstable; urgency=medium
.
[ Andreas Beckmann ]
* nvidia-kernel-dkms: Honor parallel setting from dkms (375.82-1).
* Do not prevent ccache usage. The bug was fixed in ccache 3.0 (in squeeze)
(375.82-1).
.
[ Luca Boccassi ]
* Add drm-unload.patch, fatal-signal.patch, and vm-fault.patch to fix kernel
module build on Linux 4.11 and newer. (Closes: #865964)
nvidia-graphics-drivers-legacy-340xx (340.106-1) unstable; urgency=medium
.
* New upstream legacy 340xx branch release 340.106 (2018-01-16).
* Fixed CVE-2017-5753, CVE-2017-5715 (spectre), CVE-2017-5754 (meltdown).
https://nvidia.custhelp.com/app/answers/detail/a_id/4611
(Closes: #886852)
* Improved compatibility with recent Linux kernels.
.
[ Luca Boccassi ]
* Drop nvidia-drm-pci-init.patch and timer.patch, fixed upstream.
nvidia-graphics-drivers-legacy-340xx (340.106-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
nvidia-graphics-drivers-legacy-340xx (340.106-1) unstable; urgency=medium
.
* New upstream legacy 340xx branch release 340.106 (2018-01-16).
* Fixed CVE-2017-5753, CVE-2017-5715 (spectre), CVE-2017-5754 (meltdown).
https://nvidia.custhelp.com/app/answers/detail/a_id/4611
(Closes: #886852)
* Improved compatibility with recent Linux kernels.
.
[ Luca Boccassi ]
* Drop nvidia-drm-pci-init.patch and timer.patch, fixed upstream.
.
nvidia-graphics-drivers-legacy-340xx (340.104-4) unstable; urgency=medium
.
[ Andreas Beckmann ]
* Bump Standards-Version to 4.1.3. No changes needed.
* Stop shipping the classic libnvidia-tls.so.* and ship the modern one (for
Linux 2.6 onwards) in the regular libdir instead of the tls/ subdir
(384.111-1). (Closes: #883615)
* Add #tls# substitution for the tls/ source directory (384.111-1).
* nvidia-legacy-340xx-alternative.prerm: Trigger register-glx-alternative-
nvidia upon removal (384.111-3). (Closes: #883637)
* libgl1-nvidia-legacy-340xx-glx.prerm: Do not forcibly remove the nvidia
alternative, this would reset it from manual mode to auto mode while it
could still be needed by other packages, e.g. libcuda1. Let the
nvidia-legacy-340xx-alternative triggers handle it instead (384.111-3).
.
[ Luca Boccassi ]
* Add timer.patch to fix kernel module build on Linux 4.15 and newer.
nvidia-graphics-drivers-legacy-340xx (340.104-4) unstable; urgency=medium
.
[ Andreas Beckmann ]
* Bump Standards-Version to 4.1.3. No changes needed.
* Stop shipping the classic libnvidia-tls.so.* and ship the modern one (for
Linux 2.6 onwards) in the regular libdir instead of the tls/ subdir
(384.111-1). (Closes: #883615)
* Add #tls# substitution for the tls/ source directory (384.111-1).
* nvidia-legacy-340xx-alternative.prerm: Trigger register-glx-alternative-
nvidia upon removal (384.111-3). (Closes: #883637)
* libgl1-nvidia-legacy-340xx-glx.prerm: Do not forcibly remove the nvidia
alternative, this would reset it from manual mode to auto mode while it
could still be needed by other packages, e.g. libcuda1. Let the
nvidia-legacy-340xx-alternative triggers handle it instead (384.111-3).
.
[ Luca Boccassi ]
* Add timer.patch to fix kernel module build on Linux 4.15 and newer.
nvidia-graphics-drivers-legacy-340xx (340.104-3) unstable; urgency=medium
.
* B-D: dpkg-dev (>= 1.18.8) for SOURCE_DATE_EPOCH in pkg-info.mk (375.82-9).
* Set Rules-Requires-Root: no (375.82-9).
nvidia-graphics-drivers-legacy-340xx (340.104-3~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
nvidia-graphics-drivers-legacy-340xx (340.104-3) unstable; urgency=medium
.
* B-D: dpkg-dev (>= 1.18.8) for SOURCE_DATE_EPOCH in pkg-info.mk (375.82-9).
* Set Rules-Requires-Root: no (375.82-9).
.
nvidia-graphics-drivers-legacy-340xx (340.104-2) unstable; urgency=medium
.
* Use debian/substvars for substitutions by dpkg-genchanges (dpkg 1.19)
(375.82-7).
* nvidia-detect: Detect devices in PCI classes 0301 (XGA compatible
controller) and 0302 (3D controller), too (375.82-7).
* bug-script: List these devices, too (375.82-7).
* Use https:// URLs where possible (375.82-8).
.
nvidia-graphics-drivers-legacy-340xx (340.104-1) unstable; urgency=medium
.
* New upstream legacy 340xx branch release 340.104 (2017-09-19).
* Improved compatibility with recent Linux kernels.
.
[ Andreas Beckmann ]
* Add GRID K1/K2/K340 to EoL models, no longer supported from 375.xx on.
* Bump Standards-Version to 4.1.1. No changes needed.
* bug-control: Add arch qualification to M-A:same packages in report-with
list otherwise reportbug will ignore them if more than one is installed
(375.82-5).
* Simplify upstream changelog handling (375.82-5).
.
[ Luca Boccassi ]
* Switch to my debian.org email address in Uploaders.
* Drop drm-driver-legacy.patch, deprecated-cpu-events.patch,
vmf-address.patch, drm-unload.patch, fatal-signal.patch and
set-memory.patch, fixed upstream.
* Refresh vm-fault.patch to remove fuzz from upstream changes.
* Add nvidia-drm-pci-init.patch to fix kernel module build on Linux 4.14
and newer.
.
[ Russ Allbery ]
* Remove myself from Uploaders.
.
nvidia-graphics-drivers-legacy-340xx (340.102-3) unstable; urgency=medium
.
[ Andreas Beckmann ]
* disable-preempt_rt_sanity_check.patch: Remove, unsupported upstream.
* Bump Standards-Version to 4.0.1. No changes needed.
* nvidia-alternative: Explicitly use interest-await triggers (375.82-2).
* Switch from dh_install --list-missing to dh_missing (375.82-2).
* Use dpkg makefile snippets instead of manual changelog parsing (375.82-2).
* build-module-packages.sh: Order kernels by descending version.
Skip PREEMPT_RT (*-rt-*) kernels, unsupported upstream (375.82-2).
* Switch watch URL from ftp:// to https:// (375.82-1).
* Update lintian overrides.
.
[ Luca Boccassi ]
* Add set-memory.patch to fix kernel module build on Linux 4.12 and newer.
(Closes: #872330)
.
nvidia-graphics-drivers-legacy-340xx (340.102-2) unstable; urgency=medium
.
[ Andreas Beckmann ]
* nvidia-kernel-dkms: Honor parallel setting from dkms (375.82-1).
* Do not prevent ccache usage. The bug was fixed in ccache 3.0 (in squeeze)
(375.82-1).
.
[ Luca Boccassi ]
* Add drm-unload.patch, fatal-signal.patch, and vm-fault.patch to fix kernel
module build on Linux 4.11 and newer. (Closes: #865964)
nvidia-graphics-drivers-legacy-340xx (340.104-2) unstable; urgency=medium
.
* Use debian/substvars for substitutions by dpkg-genchanges (dpkg 1.19)
(375.82-7).
* nvidia-detect: Detect devices in PCI classes 0301 (XGA compatible
controller) and 0302 (3D controller), too (375.82-7).
* bug-script: List these devices, too (375.82-7).
* Use https:// URLs where possible (375.82-8).
nvidia-graphics-drivers-legacy-340xx (340.104-1) unstable; urgency=medium
.
* New upstream legacy 340xx branch release 340.104 (2017-09-19).
* Improved compatibility with recent Linux kernels.
.
[ Andreas Beckmann ]
* Add GRID K1/K2/K340 to EoL models, no longer supported from 375.xx on.
* Bump Standards-Version to 4.1.1. No changes needed.
* bug-control: Add arch qualification to M-A:same packages in report-with
list otherwise reportbug will ignore them if more than one is installed
(375.82-5).
* Simplify upstream changelog handling (375.82-5).
.
[ Luca Boccassi ]
* Switch to my debian.org email address in Uploaders.
* Drop drm-driver-legacy.patch, deprecated-cpu-events.patch,
vmf-address.patch, drm-unload.patch, fatal-signal.patch and
set-memory.patch, fixed upstream.
* Refresh vm-fault.patch to remove fuzz from upstream changes.
* Add nvidia-drm-pci-init.patch to fix kernel module build on Linux 4.14
and newer.
.
[ Russ Allbery ]
* Remove myself from Uploaders.
nvidia-graphics-drivers-legacy-340xx (340.102-3) unstable; urgency=medium
.
[ Andreas Beckmann ]
* disable-preempt_rt_sanity_check.patch: Remove, unsupported upstream.
* Bump Standards-Version to 4.0.1. No changes needed.
* nvidia-alternative: Explicitly use interest-await triggers.
* Switch from dh_install --list-missing to dh_missing.
* Use dpkg makefile snippets instead of manual parsing.
* build-module-packages.sh: Order kernels by descending version.
* Switch watch URL from ftp:// to https:// (375.82-1).
* Update lintian overrides.
.
[ Luca Boccassi ]
* Add set-memory.patch to fix kernel module build on Linux 4.12 and newer.
(Closes: #872330)
nvidia-graphics-drivers-legacy-340xx (340.102-2) unstable; urgency=medium
.
[ Andreas Beckmann ]
* nvidia-kernel-dkms: Honor parallel setting from dkms. (Closes: #864639)
* Do not prevent ccache usage. The bug was fixed in ccache 3.0 (in squeeze).
.
[ Luca Boccassi ]
* Add drm-unload.patch, fatal-signal.patch, and vm-fault.patch to fix kernel
module build on Linux 4.11 and newer. (Closes: #865964)
nvidia-modprobe (384.111-2~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
.
nvidia-modprobe (384.111-2) unstable; urgency=medium
.
* Add setuid.patch to run setuid(0) before forking modprobe to preserve
privileges through shell invocations and recursive modprobe calls.
Thanks to Hiromasa YOSHIMOTO for intensive debugging and the final patch!
(Closes: #888952)
* Add debian/upstream/metadata.
* Fix new Lintian issues.
* Switch Vcs-* URLs to salsa.debian.org.
.
nvidia-modprobe (384.111-1) unstable; urgency=medium
.
* New upstream release.
* Bump Standards-Version to 4.1.3. No changes needed.
.
nvidia-modprobe (384.98-1) unstable; urgency=medium
.
* New upstream release.
* Switch to https:// URLs.
* Bump Standards-Version to 4.1.1. No changes needed.
* Set Rules-Requires-Root: binary-targets.
* Use dpkg makefile snippets instead of manual changelog parsing.
* B-D: dpkg-dev (>= 1.18.8) for SOURCE_DATE_EPOCH in pkg-info.mk.
* Use a fixed OUTPUTDIR for improved reproducibility.
nvidia-modprobe (384.111-1) unstable; urgency=medium
.
* New upstream release.
* Bump Standards-Version to 4.1.3. No changes needed.
nvidia-modprobe (384.111-1~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
.
nvidia-modprobe (384.111-1) unstable; urgency=medium
.
* New upstream release.
* Bump Standards-Version to 4.1.3. No changes needed.
.
nvidia-modprobe (384.98-1) unstable; urgency=medium
.
* New upstream release.
* Switch to https:// URLs.
* Bump Standards-Version to 4.1.1. No changes needed.
* Set Rules-Requires-Root: binary-targets.
* Use dpkg makefile snippets instead of manual changelog parsing.
* B-D: dpkg-dev (>= 1.18.8) for SOURCE_DATE_EPOCH in pkg-info.mk.
* Use a fixed OUTPUTDIR for improved reproducibility.
nvidia-modprobe (384.111-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
nvidia-modprobe (384.111-1) unstable; urgency=medium
.
* New upstream release.
* Bump Standards-Version to 4.1.3. No changes needed.
.
nvidia-modprobe (384.98-1) unstable; urgency=medium
.
* New upstream release.
* Switch to https:// URLs.
* Bump Standards-Version to 4.1.1. No changes needed.
* Set Rules-Requires-Root: binary-targets.
* Use dpkg makefile snippets instead of manual changelog parsing.
* B-D: dpkg-dev (>= 1.18.8) for SOURCE_DATE_EPOCH in pkg-info.mk.
* Use a fixed OUTPUTDIR for improved reproducibility.
nvidia-modprobe (384.98-1) unstable; urgency=medium
.
* New upstream release.
* Switch to https:// URLs.
* Bump Standards-Version to 4.1.1. No changes needed.
* Set Rules-Requires-Root: binary-targets.
* Use dpkg makefile snippets instead of manual changelog parsing.
* B-D: dpkg-dev (>= 1.18.8) for SOURCE_DATE_EPOCH in pkg-info.mk.
* Use a fixed OUTPUTDIR for improved reproducibility.
nvidia-persistenced (384.111-1~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
.
nvidia-persistenced (384.111-1) unstable; urgency=medium
.
* New upstream release.
* B-D: dpkg-dev (>= 1.18.8) for SOURCE_DATE_EPOCH in pkg-info.mk.
* Bump Standards-Version to 4.1.3. No changes needed.
.
nvidia-persistenced (384.98-1) unstable; urgency=medium
.
* New upstream release.
* Use https:// URL in the watch file.
* Bump Standards-Version to 4.1.1. No changes needed.
* Set Rules-Requires-Root: no.
* Use dpkg makefile snippets instead of manual changelog parsing.
* Use a fixed OUTPUTDIR for improved reproducibility.
nvidia-persistenced (384.111-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
nvidia-persistenced (384.111-1) unstable; urgency=medium
.
* New upstream release.
* B-D: dpkg-dev (>= 1.18.8) for SOURCE_DATE_EPOCH in pkg-info.mk.
* Bump Standards-Version to 4.1.3. No changes needed.
.
nvidia-persistenced (384.98-1) unstable; urgency=medium
.
* New upstream release.
* Use https:// URL in the watch file.
* Bump Standards-Version to 4.1.1. No changes needed.
* Set Rules-Requires-Root: no.
* Use dpkg makefile snippets instead of manual changelog parsing.
* Use a fixed OUTPUTDIR for improved reproducibility.
nvidia-persistenced (384.98-1) unstable; urgency=medium
.
* New upstream release.
* Use https:// URL in the watch file.
* Bump Standards-Version to 4.1.1. No changes needed.
* Set Rules-Requires-Root: no.
* Use dpkg makefile snippets instead of manual changelog parsing.
* Use a fixed OUTPUTDIR for improved reproducibility.
nvidia-settings (384.111-1~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
.
nvidia-settings (384.111-1) unstable; urgency=medium
.
* New upstream release 384.111.
* Bump Standards-Version to 4.1.3. No changes needed.
.
nvidia-settings (384.98-1) unstable; urgency=medium
.
* New upstream release 384.98.
* New upstream release 384.59.
- Fixed a bug that prevented changes to stereo eye assignment from
getting applied from the nvidia-settings control panel.
* New upstream release 384.47.
- Fixed a bug that caused nvidia-settings to drop device BusID
values when making changes to an existing X configuration file.
.
nvidia-settings (381.22-1) unstable; urgency=medium
.
* New upstream release 381.22.
* New upstream release 381.09.
- Fixed a bug that caused "nvidia-settings --query all" to print many
duplicate entries.
.
nvidia-settings (378.13-1) unstable; urgency=medium
.
* New upstream release 378.13.
- Added support in nvidia-settings to view configured PRIME displays. To
enable PRIME displays, see "Offloading Graphics Display with RandR 1.4"
in the README.
.
nvidia-settings (375.82-2) unstable; urgency=medium
.
* Set Rules-Requires-Root: no.
* Use dh_missing --list-missing.
* 13_clean.diff: Remove, fixed upstream since 337.12.
* Use debian/substvars for substitutions by dpkg-genchanges (dpkg 1.19).
* Remove support for versions predating 304.xx.
* Remove Breaks/Replaces against packages older than jessie.
.
nvidia-settings (375.82-1) unstable; urgency=medium
.
* New upstream release 375.82.
* Use GPL notice without FSF street address.
* Bump Standards-Version to 4.1.1. No changes needed.
* Use Luca's @debian.org address.
* Remove Fathi Boudra from Uploaders, thanks for your work on
nvidia-settings! (Closes: #879413)
.
nvidia-settings (375.66-3) unstable; urgency=medium
.
[ Luca Boccassi ]
* Use https for links in debian/copyright.
* Remove Debian menu system entry, deprecated in favour of Free Desktop
entry.
* Bump Standards-Version to 4.0.1.
* Set build directory to _out/debian to make the build reproducible,
instead of the upstream default of _out/($uname)_($uname -m).
.
[ Russ Allbery ]
* Remove myself from Uploaders.
.
nvidia-settings (375.66-2) unstable; urgency=medium
.
* Add patches to make the build reproducible:
SOURCE_DATE_EPOCH-for-manpage.patch, SOURCE_DATE_EPOCH-for-STAMP_C.patch
and dummy-hostname-user-for-STAMP_C.patch
* Remove workarounds in d/rules for date/user, it is fixed in the
upstream makefiles.
nvidia-settings (384.111-1~deb9u1~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
* Reinstate the PIE workarounds.
.
nvidia-settings (384.111-1~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
.
nvidia-settings (384.111-1) unstable; urgency=medium
.
* New upstream release 384.111.
* Bump Standards-Version to 4.1.3. No changes needed.
.
nvidia-settings (384.98-1) unstable; urgency=medium
.
* New upstream release 384.98.
* New upstream release 384.59.
- Fixed a bug that prevented changes to stereo eye assignment from
getting applied from the nvidia-settings control panel.
* New upstream release 384.47.
- Fixed a bug that caused nvidia-settings to drop device BusID
values when making changes to an existing X configuration file.
.
nvidia-settings (381.22-1) unstable; urgency=medium
.
* New upstream release 381.22.
* New upstream release 381.09.
- Fixed a bug that caused "nvidia-settings --query all" to print many
duplicate entries.
.
nvidia-settings (378.13-1) unstable; urgency=medium
.
* New upstream release 378.13.
- Added support in nvidia-settings to view configured PRIME displays. To
enable PRIME displays, see "Offloading Graphics Display with RandR 1.4"
in the README.
.
nvidia-settings (375.82-2) unstable; urgency=medium
.
* Set Rules-Requires-Root: no.
* Use dh_missing --list-missing.
* 13_clean.diff: Remove, fixed upstream since 337.12.
* Use debian/substvars for substitutions by dpkg-genchanges (dpkg 1.19).
* Remove support for versions predating 304.xx.
* Remove Breaks/Replaces against packages older than jessie.
.
nvidia-settings (375.82-1) unstable; urgency=medium
.
* New upstream release 375.82.
* Use GPL notice without FSF street address.
* Bump Standards-Version to 4.1.1. No changes needed.
* Use Luca's @debian.org address.
* Remove Fathi Boudra from Uploaders, thanks for your work on
nvidia-settings! (Closes: #879413)
.
nvidia-settings (375.66-3) unstable; urgency=medium
.
[ Luca Boccassi ]
* Use https for links in debian/copyright.
* Remove Debian menu system entry, deprecated in favour of Free Desktop
entry.
* Bump Standards-Version to 4.0.1.
* Set build directory to _out/debian to make the build reproducible,
instead of the upstream default of _out/($uname)_($uname -m).
.
[ Russ Allbery ]
* Remove myself from Uploaders.
.
nvidia-settings (375.66-2) unstable; urgency=medium
.
* Add patches to make the build reproducible:
SOURCE_DATE_EPOCH-for-manpage.patch, SOURCE_DATE_EPOCH-for-STAMP_C.patch
and dummy-hostname-user-for-STAMP_C.patch
* Remove workarounds in d/rules for date/user, it is fixed in the
upstream makefiles.
.
nvidia-settings (375.66-1) unstable; urgency=medium
.
* New upstream release 375.66.
- Updated the display configuration page in the nvidia-settings
control panel to accurately reflect HDMI 3D refresh rates.
nvidia-settings (384.111-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
nvidia-settings (384.111-1) unstable; urgency=medium
.
* New upstream release 384.111.
* Bump Standards-Version to 4.1.3. No changes needed.
.
nvidia-settings (384.98-1) unstable; urgency=medium
.
* New upstream release 384.98.
* New upstream release 384.59.
- Fixed a bug that prevented changes to stereo eye assignment from
getting applied from the nvidia-settings control panel.
* New upstream release 384.47.
- Fixed a bug that caused nvidia-settings to drop device BusID
values when making changes to an existing X configuration file.
.
nvidia-settings (381.22-1) unstable; urgency=medium
.
* New upstream release 381.22.
* New upstream release 381.09.
- Fixed a bug that caused "nvidia-settings --query all" to print many
duplicate entries.
.
nvidia-settings (378.13-1) unstable; urgency=medium
.
* New upstream release 378.13.
- Added support in nvidia-settings to view configured PRIME displays. To
enable PRIME displays, see "Offloading Graphics Display with RandR 1.4"
in the README.
.
nvidia-settings (375.82-2) unstable; urgency=medium
.
* Set Rules-Requires-Root: no.
* Use dh_missing --list-missing.
* 13_clean.diff: Remove, fixed upstream since 337.12.
* Use debian/substvars for substitutions by dpkg-genchanges (dpkg 1.19).
* Remove support for versions predating 304.xx.
* Remove Breaks/Replaces against packages older than jessie.
.
nvidia-settings (375.82-1) unstable; urgency=medium
.
* New upstream release 375.82.
* Use GPL notice without FSF street address.
* Bump Standards-Version to 4.1.1. No changes needed.
* Use Luca's @debian.org address.
* Remove Fathi Boudra from Uploaders, thanks for your work on
nvidia-settings! (Closes: #879413)
.
nvidia-settings (375.66-3) unstable; urgency=medium
.
[ Luca Boccassi ]
* Use https for links in debian/copyright.
* Remove Debian menu system entry, deprecated in favour of Free Desktop
entry.
* Bump Standards-Version to 4.0.1.
* Set build directory to _out/debian to make the build reproducible,
instead of the upstream default of _out/($uname)_($uname -m).
.
[ Russ Allbery ]
* Remove myself from Uploaders.
.
nvidia-settings (375.66-2) unstable; urgency=medium
.
* Add patches to make the build reproducible:
SOURCE_DATE_EPOCH-for-manpage.patch, SOURCE_DATE_EPOCH-for-STAMP_C.patch
and dummy-hostname-user-for-STAMP_C.patch
* Remove workarounds in d/rules for date/user, it is fixed in the
upstream makefiles.
nvidia-settings (384.98-1) unstable; urgency=medium
.
* New upstream release 384.98.
* New upstream release 384.59.
- Fixed a bug that prevented changes to stereo eye assignment from
getting applied from the nvidia-settings control panel.
* New upstream release 384.47.
- Fixed a bug that caused nvidia-settings to drop device BusID
values when making changes to an existing X configuration file.
nvidia-settings (381.22-1) unstable; urgency=medium
.
* New upstream release 381.22.
* New upstream release 381.09.
- Fixed a bug that caused "nvidia-settings --query all" to print many
duplicate entries.
* typos.diff: Fix more typos found by lintian.
nvidia-settings (378.13-1) unstable; urgency=medium
.
* New upstream release 378.13.
- Added support in nvidia-settings to view configured PRIME displays. To
enable PRIME displays, see "Offloading Graphics Display with RandR 1.4"
in the README.
nvidia-settings (375.82-2) unstable; urgency=medium
.
* Set Rules-Requires-Root: no.
* Use dh_missing --list-missing.
* 13_clean.diff: Remove, fixed upstream since 337.12.
* Use debian/substvars for substitutions by dpkg-genchanges (dpkg 1.19).
* Remove support for versions predating 304.xx.
* Remove Breaks/Replaces against packages older than jessie.
nvidia-settings (375.82-1) unstable; urgency=medium
.
* New upstream release 375.82.
* Use GPL notice without FSF street address.
* Bump Standards-Version to 4.1.1. No changes needed.
* Use Luca's @debian.org address.
* Remove Fathi Boudra from Uploaders, thanks for your work on
nvidia-settings! (Closes: #879413)
nvidia-settings (375.66-3) unstable; urgency=medium
.
[ Luca Boccassi ]
* Use https for links in debian/copyright.
* Remove Debian menu system entry, deprecated in favour of Free Desktop
entry.
* Bump Standards-Version to 4.0.1.
.
[ Russ Allbery ]
* Remove myself from Uploaders.
.
[ Luca Boccassi ]
* Set build directory to _out/debian to make the build reproducible,
instead of the upstream default of _out/($uname)_($uname -m).
nvidia-settings (375.66-2) unstable; urgency=medium
.
* Add patches to make the build reproducible:
SOURCE_DATE_EPOCH-for-manpage.patch, SOURCE_DATE_EPOCH-for-STAMP_C.patch
and dummy-hostname-user-for-STAMP_C.patch
* Remove workarounds in d/rules for date/user, it is fixed in the
upstream makefiles.
nvidia-xconfig (384.111-1~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
.
nvidia-xconfig (384.111-1) unstable; urgency=medium
.
* New upstream release.
* Bump Standards-Version to 4.1.3. No changes needed.
.
nvidia-xconfig (384.98-1) unstable; urgency=medium
.
* New upstream release.
- Fixed a regression that prevented nvidia-xconfig from querying
some GPUs, e.g. when running `nvidia-xconfig -a`.
.
nvidia-xconfig (381.22-1) unstable; urgency=medium
.
* New upstream release.
.
nvidia-xconfig (378.13-1) unstable; urgency=medium
.
* New upstream release.
* Add B-D: dpkg-dev (>= 1.18.8) for SOURCE_DATE_EPOCH in pkg-info.mk.
* Set Rules-Requires-Root: no.
.
nvidia-xconfig (375.82-1) unstable; urgency=medium
.
[ Andreas Beckmann ]
* New upstream release.
* Switch to https:// URLs.
* Set Priority to optional.
* Bump Standards-Version to 4.1.1.
* Use GPL notices without FSF street address.
* Use dpkg makefile snippets instead of manual changelog parsing.
* Use a fixed OUTPUTDIR for improved reproducibility.
.
[ Russ Allbery ]
* Remove myself from Uploaders.
nvidia-xconfig (384.111-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
nvidia-xconfig (384.111-1) unstable; urgency=medium
.
* New upstream release.
* Bump Standards-Version to 4.1.3. No changes needed.
.
nvidia-xconfig (384.98-1) unstable; urgency=medium
.
* New upstream release.
- Fixed a regression that prevented nvidia-xconfig from querying
some GPUs, e.g. when running `nvidia-xconfig -a`.
.
nvidia-xconfig (381.22-1) unstable; urgency=medium
.
* New upstream release.
.
nvidia-xconfig (378.13-1) unstable; urgency=medium
.
* New upstream release.
* Add B-D: dpkg-dev (>= 1.18.8) for SOURCE_DATE_EPOCH in pkg-info.mk.
* Set Rules-Requires-Root: no.
.
nvidia-xconfig (375.82-1) unstable; urgency=medium
.
[ Andreas Beckmann ]
* New upstream release.
* Switch to https:// URLs.
* Set Priority to optional.
* Bump Standards-Version to 4.1.1.
* Use GPL notices without FSF street address.
* Use dpkg makefile snippets instead of manual changelog parsing.
* Use a fixed OUTPUTDIR for improved reproducibility.
.
[ Russ Allbery ]
* Remove myself from Uploaders.
nvidia-xconfig (384.98-1) unstable; urgency=medium
.
* New upstream release.
- Fixed a regression that prevented nvidia-xconfig from querying
some GPUs, e.g. when running `nvidia-xconfig -a`.
nvidia-xconfig (381.22-1) unstable; urgency=medium
.
* New upstream release.
nvidia-xconfig (378.13-1) unstable; urgency=medium
.
* New upstream release.
* Add B-D: dpkg-dev (>= 1.18.8) for SOURCE_DATE_EPOCH in pkg-info.mk.
* Set Rules-Requires-Root: no.
nvidia-xconfig (375.82-1) unstable; urgency=medium
.
[ Andreas Beckmann ]
* New upstream release.
* Switch to https:// URLs.
* Set Priority to optional.
* Bump Standards-Version to 4.1.1.
* Use GPL notices without FSF street address.
* Use dpkg makefile snippets instead of manual changelog parsing.
* Use a fixed OUTPUTDIR for improved reproducibility.
.
[ Russ Allbery ]
* Remove myself from Uploaders.
ocfs2-tools (1.8.4-4+deb9u1) stretch; urgency=medium
.
* Migrate from using rcS to standard runlevels (Closes: #876195)
openafs (1.6.20-2+deb9u1) stretch-security; urgency=high
.
* Apply upstream patch for OPENAFS-SA-2017-001 (CVE-2017-17432).
(Closes: #883602)
opendmarc (1.3.2-2+deb9u1) stretch; urgency=medium
.
* Update opendmarc service file so changes in opendmarc.conf are used and
update opendmarc.conf to match values previously hard-coded in the service
file (Closes: #863612)
- Thanks to Jack Bates for the patch
openocd (0.9.0-1+deb8u1) stretch-security; urgency=high
.
* Update debian/gbp.conf to deal with stretch
* Pull "bindto" command from upstream
* Bind to localhost by default
* Prevent some forms of Cross Protocol Scripting attacks (CVE-2018-5704)
(Closes: #887488)
openssh (1:7.4p1-10+deb9u3) stretch; urgency=medium
.
* CVE-2017-15906: sftp-server(8): In read-only mode, sftp-server was
incorrectly permitting creation of zero-length files. Reported by Michal
Zalewski.
openssl1.0 (1.0.2l-2+deb9u2) stretch-security; urgency=high
.
* CVE-2017-3737 (Read/write after SSL object in error state)
* Add a testcase for CVE-2017-3737
* CVE-2017-3738 (rsaz_1024_mul_avx2 overflow bug on x86_64)
optipng (0.7.6-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Prevent integer overflow in minitiff_read_info() (CVE-2017-1000229)
(Closes: #882032)
* gifread: Detect indirect circular dependencies in LZW tables
(CVE-2017-16938) (Closes: #878839)
osinfo-db (0.20180226-1~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
.
sinfo-db (0.20180226-1) unstable; urgency=medium
.
* Test that we can generate install scripts
* New upstream git snapshot (Closes: #884521)
* Update debian/watch URL. We're using git snapshots anyway but it's better
to have this correct. (Closes: #884520)
osinfo-db (0.20170811-1) unstable; urgency=medium
.
* [596e960] Fix vcs git url
* [226d475] New upstream version 0.20170811
* [1cfe3ae] Drop debian-switch-to-archive-URLs-for-stretch.patch applied
upstream
otrs2 (5.0.16-1+deb9u5) stretch-security; urgency=high
.
* Add patch 20-OSA-2017-10:
This fixes OSA-2017-10: An attacker can send a specially prepared email to
an OTRS system. If this system has cookie support disabled, and a logged in
agent clicks a link in this email, the session information could be leaked
to external systems, allowing the attacker to take over the agent’s
session.
otrs2 (5.0.16-1+deb9u4) stretch-security; urgency=high
.
* Add patch 19-CVE-2017-16921:
This fixes OSA-2017-09, also known as CVE-2017-16921: An attacker who is
logged into OTRS as an agent can manipulate form parameters and execute
arbitrary shell commands with the permissions of the OTRS or web server
user.
Closes: #883774
* Add patch 18-CVE-2017-16854:
This fixes OSA-2017-08, also known as CVE-2017-16854: An attacker who is
logged into OTRS as a customer can use the ticket search form to disclose
internal article information of their customer tickets.
p7zip (16.02+dfsg-3+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Heap-based buffer overflow in 7zip/Compress/ShrinkDecoder.cpp
(CVE-2017-17969)
Thanks to Antoine Beaupré (Closes: #888297)
pdns-recursor (4.0.4-1+deb9u3) stretch-security; urgency=high
.
* Security upload, including fix for CVE-2017-15120.
pdns-recursor (4.0.4-1+deb9u3~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
php7.0 (7.0.27-0+deb9u1) stretch-security; urgency=high
.
* New upstream version 7.0.27
* Rebase patches on top of new upstream release
* Kill extra TAB character in the ini file that was causing insserv
troubles
* Add signature support to d/watch
* Add Ferenc Kovacs signing key to upstream GPG keyring
php7.0 (7.0.26-1) unstable; urgency=medium
.
* New upstream version 7.0.26
* Rebase patches for new upstream version.
php7.0 (7.0.25-1) unstable; urgency=medium
.
* New upstream version 7.0.25
* Rebase patches for new upstream release.
php7.0 (7.0.22-3) unstable; urgency=medium
.
* Allow libgcrypt11-dev when it's not a transitional package
* Correct the --extend-diff-ignore to ignore custom .gitlab-ci.yml in the root
* Switch from curl-config to pkg-config for curl extension (Courtesy of Remi Collet)
php7.0 (7.0.22-2) unstable; urgency=medium
.
* Update Vcs-* links to https://gitlab.com/deb.sury.org/...
* Stop depending on obsolete automake1.11 (Closes: #865135)
* Switch build-depends to libgcrypt20-dev (Closes: #864128)
php7.0 (7.0.22-1) unstable; urgency=medium
.
* New upstream version 7.0.22
* Rebase patches for PHP 7.0.22
php7.0 (7.0.20-2) unstable; urgency=medium
.
* Add Ferenc Kovacs signing key to upstream GPG keyring
* Add upstream patch to fix broken support for HOST/PATH ini sections
php7.0 (7.0.20-1) unstable; urgency=medium
.
* Kill extra TAB character in the ini file that was causing insserv
troubles
* Add signature support to d/watch
* New upstream version 7.0.20
* Refresh patches on top of PHP 7.0.20 release
plasma-workspace (4:5.8.6-2.1+deb9u1) stretch-security; urgency=medium
.
* CVE-2018-6791
poco (1.7.6+dfsg1-5+deb9u1) stretch-security; urgency=high
.
* Add backported patch for CVE-2017-1000472
poppler (0.48.0-2+deb9u2) stretch-security; urgency=medium
.
* Fix regression in fix for CVE-2017-14519
* CVE-2017-1000456
* CVE-2017-14929
poppler (0.48.0-2+deb9u1) stretch-security; urgency=medium
.
* Fix CVE-2017-9406: a memory leak vulnerability was found in the function
gmalloc in gmem.cc, which allows attackers to cause a denial of service
via a crafted file.
* Fix CVE-2017-9408: memory leak in the function Object::initArray in
Object.cc that allows attackers to cause a DoS via a crafted file.
* Fix CVE-2017-9775: Stack buffer overflow in GfxState.cc in pdftocairo that
allows remote attackers to cause a denial of service (application crash)
via a crafted PDF document.
* Fix CVE-2017-9776: Integer overflow leading to Heap buffer overflow in
JBIG2Stream.cc in pdftocairo allows remote attackers to cause a denial of
service (application crash) or possibly have unspecified other impact via a
crafted PDF document.
* Fix CVE-2017-9865: The function GfxImageColorMap::getGray in GfxState.cc
allows remote attackers to cause a denial of service (stack-based buffer
over-read and application crash) via a crafted PDF document
* Fix CVE-2017-14517: NULL pointer dereference vulnerability in the
XRef::parseEntry() function in XRef.cc
* Fix CVE-2017-14518: Floating point exception in the
isImageInterpolationRequired() function in Splash.cc
* Fix CVE-2017-14519: A memory corruption may occur in a call to
Object::streamGetChar
* Fix CVE-2017-14520: Floating point exception in Splash::scaleImageYuXd()
* Fix CVE-2017-14617: Floating point exception in the ImageStream class in
Stream.cc
* Fix CVE-2017-14975: NULL pointer dereference vulnerability in the
FoFiType1C::convertToType0 function in FoFiType1C.cc
* Fix CVE-2017-14976: Heap-based buffer over-read vulnerability in the
FoFiType1C::convertToType0 function in FoFiType1C.cc
* Fix CVE-2017-14977: NULL pointer dereference vulnerability in the
FoFiTrueType::getCFFBlock function in FoFiTrueType.cc
* Fix CVE-2017-15565: NULL Pointer Dereference in the
GfxImageColorMap::getGrayLine() function in GfxState.cc
postfix (3.1.8-0+deb9u1) stretch; urgency=medium
.
[Scott Kitterman]
.
* Rewrite debian/postfix-instance-generator to avoid use of postmulti to fix
failures when inet_interfaces != all. Closes: #882141
* Refresh patches
* Add postfix 3.1 specific watch file
.
[Wietse Venema]
.
* 3.1.7
- Bugfix (introduced: Postfix 3.1): DANE support. Postfix
builds with OpenSSL 1.0.0 or 1.0.1 failed to send email to
some sites with "TLSA 2 X X" records associated with an
intermediate CA certificate. Problem report and initial
fix by Erwan Legrand. File: src/tls/tls_dane.c.
- Bugfix (introduced: Postfix 3.0) missing dynamicmaps support
in the Postfix sendmail command broke authorized_submit_users
with a dynamically-loaded map type. File: sendmail/sendmail.c.
* 3.1.8
- Bugfix (introduced: Postfix 2.1): don't log warnings
that some restriction returns OK, when the access map
DISCARD feature is in effect. File: smtpd/smtpd_check.c.
- Bugfix (introduced: 20170611): the DB_CONFIG bugfix broke
Berkeley DB configurations with a relative pathname. File:
util/dict_db.c. Closes: #879200
- Workaround: reportedly, some res_query(3) implementation
can return -1 with h_errno==0. Instead of terminating with
a panic, the Postfix DNS client now logs a warning and sets
h_errno to TRY_AGAIN. File: dns/dns_lookup.c.
- Documentation patches by Sven Neuhaus. Files:
proto/FORWARD_SECRECY_README.html, proto/SMTPD_ACCESS_README.html.
- Cleanup: missing mailbox seek-to-end error check in the
local(8) delivery agent. File: local/mailbox.c.
- Cleanup: incorrect mailbox seek-to-end error message in the
virtual(8) delivery agent. File: virtual/mailbox.c.
postgresql-9.6 (9.6.7-0+deb9u1) stretch; urgency=medium
.
* New upstream version.
+ Ensure that all temporary files made by pg_upgrade are
non-world-readable (CVE-2018-1053)
.
+ Change the behavior of contrib/cube's cube ~> int operator to make it
compatible with KNN search.
.
The meaning of the second argument (the dimension selector) has been
changed to make it predictable which value is selected even when
dealing with cubes of varying dimensionalities.
.
This is an incompatible change, but since the point of the operator
was to be used in KNN searches, it seems rather useless as-is.
After installing this update, any expression indexes or materialized
views using this operator will need to be reindexed/refreshed.
publicsuffix (20180218.2049-0+deb9u1) stretch; urgency=medium
.
* new upstream publicsuffix data
.
publicsuffix (20180125.0922-0+deb9u1) stretch; urgency=medium
.
* new upstream publicsuffix data
publicsuffix (20180125.0922-1) unstable; urgency=medium
.
* new upstream version
publicsuffix (20171228.1526-2) unstable; urgency=medium
.
* standards-version: bump to 4.1.3 (no changes needed)
* move to debhelper 11
* move debian revision control to salsa.debian.org
publicsuffix (20171228.1526-1) unstable; urgency=medium
.
* new upstream version
publicsuffix (20171028.2055-1) unstable; urgency=medium
.
* new upstream version
python-evtx (0.5.3b-3+deb9u1) stretch; urgency=medium
.
* Fix Python3 dependencies (Closes: #867428)
python-hacking (0.11.0-2.1~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
python-hacking (0.11.0-2.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Fix the python3-hacking dependencies. (Closes: #867431)
python-hkdf (0.0.3-3~deb9u1) stretch; urgency=medium
.
* QA upload.
* Rebuild for stretch.
.
python-hkdf (0.0.3-3) unstable; urgency=medium
.
* QA upload.
* Fix the python3-hkdf dependencies. (Closes: #867433)
.
python-hkdf (0.0.3-2) unstable; urgency=medium
.
* Add missing URL to package descriptions. closes: #864149.
* Set maintainer to Debian QA Group.
python-hkdf (0.0.3-2) unstable; urgency=medium
.
* Add missing URL to package descriptions. closes: #864149.
* Set maintainer to Debian QA Group.
python-mimeparse (0.1.4-3.1~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
python-mimeparse (0.1.4-3.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Fix the python3-mimeparse dependencies. (Closes: #867439)
python-pyperclip (1.5.27-3~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
python-pyperclip (1.5.27-3) unstable; urgency=medium
.
* Fix typo in Depends for python3 package (Closes: #867450)
python-spake2 (0.7-3~deb9u1) stretch; urgency=medium
.
* QA upload.
* Rebuild for stretch.
.
python-spake2 (0.7-3) unstable; urgency=high
.
* QA upload.
* Set maintainer to Debian QA Group. (see #833947)
* Fix the python3-spake2 dependencies. (Closes: #867457)
qtpass (1.1.6-1+deb9u1) stretch; urgency=medium
.
* Fix insecure built-in password generator (Fixes: CVE-2017-18021)
quagga (1.1.1-3+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* bgpd/security: invalid attr length sends NOTIFY with data overrun
(CVE-2018-5378)
Security issue: Quagga-2018-0543
* bgpd/security: Fix double free of unknown attribute (CVE-2018-5379)
Security issue: Quagga-2018-1114
* bgpd/security: debug print of received NOTIFY data can over-read msg array
(CVE-2018-5380)
Security issue: Quagga-2018-1550
* bgpd/security: fix infinite loop on certain invalid OPEN messages
(CVE-2018-5381)
Security issue: Quagga-2018-1975
quota (4.03-2+deb9u1) stretch; urgency=medium
.
* Prevent quotacheck from running into an endless loop.
Thanks to Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
reportbug (7.1.7+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Don't CC secure-testing-team@lists.alioth.debian.org anymore.
The testing security team didn't exist for a long time and the
mailinglist will disappear when Alioth will be decomissioned.
Thanks to Moritz Muehlenhoff (Closes: #888832)
rsync (3.1.2-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Enforce trailing \0 when receiving xattr name values (CVE-2017-16548)
(Closes: #880954)
* Check fname in recv_files sooner (CVE-2017-17433) (Closes: #883667)
* Sanitize xname in read_ndx_and_attrs (CVE-2017-17434) (Closes: #883665)
* Check daemon filter against fnamecmp in recv_files() (CVE-2017-17434)
(Closes: #883665)
ruby-omniauth (1.3.1-1+deb9u1) stretch-security; urgency=high
.
* Fix security issue in returning post parameters from session in callback
phase (CVE-2017-18076) (Closes: #888523)
ruby-redis-store (1.1.6-1+deb9u1) stretch; urgency=high
.
* Team upload
* Add upstream patch to fix CVE-2017-1000248, allowing unsafe objects to be
loaded from redis (Closes: #882034)
salt (2016.11.2+ds-1+deb9u1) stretch; urgency=medium
.
* Fix CVE-2017-12791: Directory traversal vulnerability on salt-master
via crafted minion IDs (Closes: #872399)
* Fix CVE-2017-14695: Directory traversal vulnerability in minion id
validation in SaltStack (Closes: #879089)
* Fix CVE-2017-14696: Remote Denial of Service with a specially crafted
authentication request (Closes: #879090)
* Check if data[return] is dict type (Closes: #887724)
* Do not require sphinx-build for cleaning docs (Closes: #851559)
sensible-utils (0.0.9+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Argument injection in sensible-browser (CVE-2017-17512)
Thanks to Gabriel Corona (Closes: #881767)
sensible-utils (0.0.9+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Argument injection in sensible-browser (CVE-2017-17512)
Thanks to Gabriel Corona (Closes: #881767)
simplesamlphp (1.14.11-1+deb9u1) stretch-security; urgency=high
.
* Update by the security team for stretch.
CVE-2017-12867 CVE-2017-12869
CVE-2017-12874 CVE-2017-18121 CVE-2017-18122
CVE-2018-6519 CVE-2018-6521 SSPSA-201802-01
(closes: #889286).
slic3r (1.2.9+dfsg-9~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
slic3r (1.2.9+dfsg-9) unstable; urgency=medium
.
* [1ae29f4] Patch "use lib" line in all installed binaries (Closes: #886125)
.
slic3r (1.2.9+dfsg-8) unstable; urgency=medium
.
* [c1b29a0] Acknowledge NMU (Closes: #869360)
.
slic3r (1.2.9+dfsg-7) unstable; urgency=medium
.
* [e77c05d] Fill up slic3r.desktop so that it can be used to open stl files
* [9438384] Import patches to fix bugs.
- Workaround missing GL_MULTISAMPLE macro (Closes: #872273)
- Fix importing binary STLs on big-endian architectures
* [99cbb39] Bump Standards-Version
slic3r (1.2.9+dfsg-8) unstable; urgency=medium
.
* [c1b29a0] Acknowledge NMU (Closes: #869360)
slic3r (1.2.9+dfsg-7) unstable; urgency=medium
.
* [e77c05d] Fill up slic3r.desktop so that it can be used to open stl files
* [9438384] Import patches to fix bugs.
- Workaround missing GL_MULTISAMPLE macro (Closes: #872273)
- Fix importing binary STLs on big-endian architectures
* [99cbb39] Bump Standards-Version
slic3r (1.2.9+dfsg-6.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Fix "missing dependency on perlapi-*":
add override_dh_perl in debian/rules to make dh_perl search for perl
modules in the private directory as well.
(Closes: #869360)
smarty3 (3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u1) stretch-security; urgency=medium
.
* debian/patches:
+ Add 0001_CVE-2017-1000480.patch. Fixes CVE-2017-1000480. (Closes:
#886460).
soundtouch (1.9.2-2+deb9u1) stretch; urgency=medium
.
[ Gabor Karsay ]
* Add patch to fix
- CVE-2017-9258 (Closes: #870854)
- CVE-2017-9259 (Closes: #870856)
- CVE-2017-9260 (Closes: #870857)
squid3 (3.5.23-5+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* ESI: make sure endofName never exceeds tagEnd (CVE-2018-1000024)
(Closes: #888719)
* Fix indirect IP logging for transactions without a client connection
(CVE-2018-1000027) (Closes: #888720)
systemd (232-25+deb9u2) stretch; urgency=medium
.
* networkd: Handle MTU field in IPv6 RA (Closes: #878162)
* shared: Add a linker script so that all functions are tagged @SD_SHARED
instead of @Base.
This helps prevent symbol collisions with other programs and libraries.
In particular, because PAM modules are loaded into the process that is
creating the session, and systemd creates PAM sessions, the potential
for collisions is high. (Closes: #873708)
* resolved: Fix loop on packets with pseudo dns types.
CVE-2017-15908 (Closes: #880026)
* machinectl: Don't output "No machines." with --no-legend option
(Closes: #880158)
thunderbird (1:52.6.0-1~deb9u1) stretch-security; urgency=medium
.
[ Carsten Schoenert ]
* Rebuild for stretch-security
thunderbird (1:52.6.0-1~deb8u1) jessie-security; urgency=medium
.
[ Vincas Dargis ]
* [e418a50] AppArmor: Fix Jessie AppArmor syntax error (Closes: #884217)
.
[ Carsten Schoenert ]
* [edba169] debian/rules: override target dh_autoreconf
Don't use dh_autoreconf, Mozilla uses wrapper around the autotools and we
care about the needed files in debian/rules for long time anyway.
* Rebuild for jessie-security
thunderbird (1:52.5.2-2) unstable; urgency=medium
.
[ Carsten Schoenert ]
* [f597157] Revert "d/thunderbird.postinst: reload AA profile on updates"
The trigger automatics for appamor already is handling the
needed reload on profile updates for the applications.
(Closes: #885158)
* [8ebdb96] debian/control: increase Standards-Version to 4.1.2
No further changes needed.
* [81a8c00] use inverse logic on version for AA profile status check
By this change we don't enforce the disabled profile from the
previous version in some cases and can also handle possible
version strings from -security and -backports.
(Closes: #885157)
thunderbird (1:52.5.2-2~deb9u1) stretch-security; urgency=medium
.
[ Carsten Schoenert ]
* Rebuild for stretch-security
thunderbird (1:52.5.2-2~deb8u1) jessie-security; urgency=medium
.
[ Carsten Schoenert ]
* Rebuild for jessie-security
thunderbird (1:52.5.2-1) unstable; urgency=high
.
[ intrigeri ]
* [b791221] AppArmor: support new thunderbird executable path
(Closes: #883561, #884217)
.
[ Carsten Schoenert ]
* [1f46308] New upstream version 52.5.2
Fixed CVE issues in upstream version 52.5 (MFSA 2017-30)
CVE-2017-7829: Mailsploit part 1: From address with encoded null character
is cut off in message header display
CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin
CVE-2017-7847: Local path string can be leaked from RSS feed
CVE-2017-7848: RSS Feed vulnerable to new line Injection
* [0dd21b9] d/thunderbird.postinst: reload AA profile on updates
* [8c57218] don't disable AA profile on package updates
As people want to re-enable the AA profile a update of
thunderbird doesn't have to disable this again.
(Closes: #884191)
thunderbird (1:52.5.0-1) unstable; urgency=high
.
[ intrigeri ]
* [48e6b65] AppArmor: fix the Crash Reporter and avoid noisy denial logs
(Closes: #880953)
* [ad8b3b5] AppArmor: fix compatibility with NVIDIA hardware
(Closes: #880532)
* [d8ff6b6] Disable the AppArmor profile by default
Due the various side effects by the enabled AppArmor profile in
Thunderbird it's currently better for a user experience we
disabling the AppArmor profile for to not get people get mad with
to many broken things.
Users can always enable the profile by themselves again.
(Closes: #882672)
* [e50eac5] README.Debian: document how to opt-in for AppArmor confinement
* [860d325] README.Debian: document how one can debug the AppArmor profile
.
[Guido Günther]
* [50a8f60] Drop myself from maintainers
Thank you Guido for always helping out if we had some questions!
.
[ Carsten Schoenert ]
* [b64509b] New upstream version 52.5.0
Fixed CVE issues in upstream version 52.5 (MFSA 2017-26)
CVE-2017-7828: Use-after-free of PressShell while restyling layout
CVE-2017-7830: Cross-origin URL information leak through Resource Timing API
CVE-2017-7826: Memory safety bugs fixed in Firefox 57, Firefox ESR 52.5,
and Thunderbird 52.5
* [3166018] thunderbird.links: let thunderbird pointing to thunderbird-bin
(Closes: #856492)
* [6fff70c] [buster] tb-wrapper: searching the correct dbgsym package
* [4763ca6] adding a NEWS file for thunderbird package
Giving a note about the now disabled AppArmor profile.
* [0b9d656] disabling crashreporter for now
Also don't build and ship the Crashreporter any more, it's useless
until we can collect all symbols correctly.
* [a285647] move AppArmor specific things into own README file
Put all AppArmor related information into one dedicated file.
* [5d56439] d/thunderbird.js: prepare a line for extra X-Debbugs-Cc
A really old bug report ... building a compromise and put the
requested extra header config into the configuration file but keep
it deactivated as default.
(Closes: #379304)
thunderbird (1:52.5.0-1~deb9u1) stretch-security; urgency=medium
.
[ Carsten Schoenert ]
* Rebuild for stretch-security
.
* [9fb0603] Revert "[buster] tb-wrapper: searching the correct dbgsym package"
* [3ba70b8] Revert "[buster] move thunderbird-dbg into *-dbgsym package"
* [b16725e] Revert "[buster] remove Replace and Breaks for icedove"
* [9cf7315] Revert "[buster] remove transitional icedove package"
* [a1b62c0] Revert "[buster] remove Replace, Breaks and Provides for icedove-dev"
* [435f016] Revert "[buster] remove transitional icedove-dev package"
* [43c5ec2] Revert "[buster] remove transitional icedove-dbg package"
* [f014c58] Revert "[buster] remove Replace, Breaks and Provides for iceowl-extension"
* [5db94a1] Revert "[buster] remove transitional iceowl-extension package"
* [2860355] Revert "[buster] remove Replace, Breaks and Provides for icedove-l10n-*"
* [f148d56] Revert "[buster] remove transitional icedove-l10n-* packages"
* [b7debd2] Revert "[buster] remove Replace, Breaks and Provides for iceowl-l10n-*"
* [e89d082] Revert "[buster] remove transitional iceowl-l10n-* packages"
thunderbird (1:52.5.0-1~deb8u1) jessie-security; urgency=medium
.
[ Carsten Schoenert ]
* Rebuild for jessie-security
.
* [d07b29f] Revert "[buster] tb-wrapper: searching the correct dbgsym package"
* [6bd3655] Revert "[buster] move thunderbird-dbg into *-dbgsym package"
* [5f1fa71] Revert "[buster] remove Replace and Breaks for icedove"
* [17d9c31] Revert "[buster] remove transitional icedove package"
* [c194e27] Revert "[buster] remove Replace, Breaks and Provides for icedove-dev"
* [1118358] Revert "[buster] remove transitional icedove-dev package"
* [14fefb8] Revert "[buster] remove transitional icedove-dbg package"
* [d1f914b] Revert "[buster] remove Replace, Breaks and Provides for iceowl-extension"
* [6f70669] Revert "[buster] remove transitional iceowl-extension package"
* [d3976d0] Revert "[buster] remove Replace, Breaks and Provides for icedove-l10n-*"
* [cb2c710] Revert "[buster] remove transitional icedove-l10n-* packages"
* [7df3bd7] Revert "[buster] remove Replace, Breaks and Provides for iceowl-l10n-*"
* [62617ed] Revert "[buster] remove transitional iceowl-l10n-* packages"
thunderbird (1:52.4.0-2~exp1) experimental; urgency=medium
.
[ Carsten Schoenert ]
* [a3e73e9] disable usage of libgnomeui parts
The libgnomeui stuff (only relevant for GTK+2) is deprecated
for a long time and will be removed in buster, and we don't need
this at all.
See https://lists.debian.org/debian-devel/2017/10/msg00299.html
* [9efc5c9] debian/watch: switch to https
* [bd5a635] rebuild patch queue from patch-queue branch
Fixup for [da3c5cc], add ppc64 to the list of BE architectures.
Thanks Adrian Glaubitz for pointing the issue. (Closes: #879270)
* [42f5ab5] apparmor: update profile from upstream (Closes: #876333, #855346)
.
[ intrigeri ]
* [d7febc8, b026d28] AppArmor: update profile from upstream
(Closes: #880425, #877324)
* [377e7b5] README.Debian: fixing small typo
* [3b0a63a] AppArmor: fix importing public OpenPGP keys from file
(Closes: #880715)
.
[ Carsten Schoenert ]
* [241690e] d/control: s/Icedove/Thunderbird in desc's for lightning-l10n-*
The lightning-l10n package were still using the name 'Icdeove'
instead of 'Thunderbird'.
* [f17f735] debian/control: moving transitional packages at bottom
* [91f9897] autopkg: adjust icedove to thunderbird depends
Now move over to depend in favor of thunderbird for some of
the autopkg tests.
* [8ae2ad7] autopkg: adjust icedove-dev to thunderbird-dev depends
Doing the same as before for thunderbird-dev as the native
replacement for icedove-dev.
* [fa0134c] bump debhelper >= 10.2.5
* [8752789] debian/rules: try to build extensions reproducible
The two extensions (lightning and calendar-google-provider)
don't build reproducible right now. Trying to fix this by using
the timestamp from the changelog entry for the files. May not
work correctly and we need to tune more.
* [1496368] d/thunderbird.install: also install the fonts folder
Recent versions of Thunderbird needing the font EmojiOne which
isn't provided by any other package.
(Closes: #881299)
.
The following changes are take effect in removing all transitional packages
related to the old icedove packaging only for buster. We still need all the
transitional packages in wheezy, jessie and stretch!
* [54c8a9b] [buster] remove transitional iceowl-l10n-* packages
* [c338630] [buster] remove Replace, Breaks and Provides for iceowl-l10n-*
* [4311683] [buster] remove transitional icedove-l10n-* packages
* [f6e3a01] [buster] remove Replace, Breaks and Provides for icedove-l10n-*
* [a9117e4] [buster] remove transitional iceowl-extension package
* [5aed012] [buster] remove Replace, Breaks and Provides for iceowl-extension
* [27fc04b] [buster] remove transitional icedove-dbg package
* [53b4825] [buster] remove transitional icedove-dev package
* [e2d808f] [buster] remove Replace, Breaks and Provides for icedove-dev
* [97edfbe] [buster] remove transitional icedove package
* [3748054] [buster] remove Replace and Breaks for icedove
* [611a704] [buster] move thunderbird-dbg into *-dbgsym package
thunderbird (1:52.4.0-1) unstable; urgency=medium
.
[ Guido Günther ]
* [da3c5cc] Simplify endianness selection for ICU
Since we need to build ICU on the various Debian releases we
need to ensure the architecture detection isn't to strict.
Thanks Guido for helping out here!
.
[ Carsten Schoenert ]
* [47748ca] debian/control: be more relaxed on Breaks for enigmail
* [6a54666] thunderbird-wrapper: fix small typo in help output
A small typo was happen in the example call with the JS console.
* [6d5266e] README.Debian: update info around tls fallback-limit
The default behavior on the TLS fallback has changed some
versions ago, document this accordingly.
* [24ad883] debian/control: change maintainer
Thanks Christoph for the work over the past years!
* [c78200e] debian/control: move src pkg name to thunderbird
By this version we move the source package name also back to
thunderbird. This follows the changes that are already made to
the binary package names and we can call the source package now
also again thunderbird.
(Closes: #857075)
* [c26133d] debian/gbp.conf: rename components to real used names
Due the changes of the source package the names for the
sub-folders within the additional tarballs can also be changed
to be closer on the real upstream used names.
* [a5ce4f7] New upstream version 52.4.0
(Closes: #878845, #878870)
Fixed CVE issues in upstream version 52.0 (MFSA 2017-23)
CVE-2017-7793: Use-after-free with Fetch API
CVE-2017-7818: Use-after-free during ARIA array manipulation
CVE-2017-7819: Use-after-free while resizing images in design mode
CVE-2017-7824: Buffer overflow when drawing and validating elements with
ANGLE
CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes
CVE-2017-7814: Blob and data URLs bypass phishing and malware protection
warnings
CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters
as spaces
CVE-2017-7823: CSP sandbox directive did not create a unique origin
CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4,
and Thunderbird 52.4
* [104b4e5] rebuild patch queue from patch-queue branch
* [d63662a] lintian: move oldlibs/extra -> oldlibs/optional
By moving all transitional package to oldlibs/optional we can
help deborphan to detect better not needed packages.
* [fb56001] d/rules: reflect changes from renamed component tarballs
The additional tarballs are stored in folders which reflect
the upstream names of those components. This also needs to be
respected for the build instructions of the package.
* [61288fb] debian/control: change Vcs* fields due the src name change
Addressing the changed source package name in the Git Vcs urls.
* [ef95ab5] debian/control: increase Standards-Version to 4.1.1
No further changes needed.
* [45e8fe2] apparmor: update profile from upstream
Thanks to Simon Deziel and intrigeri we can simply use the
apparmor profile changes done for the Ubuntu releases.
* [6b1649c] lintian: adding a override for thunderbird-l10n-all
* [ceab93f] debian/README.source: reflect src package name change
tiff (4.0.8-2+deb9u2) stretch-security; urgency=high
.
* Fix CVE-2017-11335: heap based buffer write overflow in tiff2pdf
(closes: #868513).
* Fix CVE-2017-12944: OOM prevention in TIFFReadDirEntryArray()
(closes: #872607).
* Fix CVE-2017-13726: reachable assertion abort in TIFFWriteDirectorySec()
(closes: #873880).
* Fix CVE-2017-13727: reachable assertion abort in
TIFFWriteDirectoryTagSubifd() (closes: #873879).
* Fix CVE-2017-18013: NULL pointer dereference in TIFFPrintDirectory()
(closes: #885985).
* Fix CVE-2017-9935: heap-based buffer overflow in the t2p_write_pdf()
function (closes: #866109).
tomcat-native (1.2.12-2+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2017-15698:
When parsing the AIA-Extension field of a client certificate, Apache Tomcat
Native did not correctly handle fields longer than 127 bytes. The result of
the parsing error was to skip the OCSP check. It was therefore possible for
client certificates that should have been rejected (if the OCSP check had
been made) to be accepted. Users not using OCSP checks are not affected by
this vulnerability.
tor (0.2.9.14-1) stretch-security; urgency=medium
.
* New upstream version, including among others:
- Fix an issue causing DNS to fail on high-bandwidth exit nodes,
making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
identifying and finding a workaround to this bug and to Moritz,
Arthur Edelstein, and Roger for helping to track it down and
analyze it.
- Fix a denial of service bug where an attacker could use a
malformed directory object to cause a Tor instance to pause while
OpenSSL would try to read a passphrase from the terminal. (Tor
instances run without a terminal, which is the case for most Tor
packages, are not impacted.) Fixes bug 24246; bugfix on every
version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
Found by OSS-Fuzz as testcase 6360145429790720.
- Fix a denial of service issue where an attacker could crash a
directory authority using a malformed router descriptor. Fixes bug
24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
and CVE-2017-8820.
- When checking for replays in the INTRODUCE1 cell data for a
(legacy) onion service, correctly detect replays in the RSA-
encrypted part of the cell. We were previously checking for
replays on the entire cell, but those can be circumvented due to
the malleability of Tor's legacy hybrid encryption. This fix helps
prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
and CVE-2017-8819.
- Fix a use-after-free error that could crash v2 Tor onion services
when they failed to open circuits while expiring introduction
points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
also tracked as TROVE-2017-013 and CVE-2017-8823.
- When running as a relay, make sure that we never build a path
through ourselves, even in the case where we have somehow lost the
version of our descriptor appearing in the consensus. Fixes part
of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
as TROVE-2017-012 and CVE-2017-8822.
tor (0.2.9.14-1~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
* Build-depend on dh-apparmor version >= 2.10.95, which is in backports,
to avoid running into Bug #822349.
trafficserver (7.0.0-6+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Add patch for CVE-2017-5660
* Add patch for CVE-2017-7671
transmission (2.92-2+deb9u1) stretch-security; urgency=medium
.
* Fix RPC vulnerability discovered by Tavis Ormandy
tzdata (2018c-0+deb9u1) stretch; urgency=medium
.
* New upstream version, affecting the following past and future timestamps:
- São Tomé and PrÃncipe switched from +00 to +01 on 2018-01-01 at 01:00.
- Southern Brazil will begin DST on 2018-11-04 instead of 2018-10-21.
* debian/control: Update Vcs-Git and Vcs-Browser fields following the move
to Salsa.
tzdata (2018c-0+deb8u1) jessie; urgency=medium
.
* New upstream version, affecting the following past and future timestamps:
- São Tomé and PrÃncipe switched from +00 to +01 on 2018-01-01 at 01:00.
- Southern Brazil will begin DST on 2018-11-04 instead of 2018-10-21.
tzdata (2018b-1) unstable; urgency=medium
.
[ Aurelien Jarno ]
* Update Russian debconf translation, by Lev Lamberov. Closes:
#883876.
* Update German debconf translation, by Holger Wansing. Closes:
#884811.
.
[ Clint Adams ]
* New upstream version.
tzdata (2017c-1) unstable; urgency=medium
.
* New upstream version, affecting the following future timestamp:
- Northern Cyprus resumed EU rules starting 2017-10-29.
- Namibia will switch from +01 with DST to +02 all year, affecting
UT offsets starting 2018-04-01.
- Sudan will switch from +03 to +02 on 2017-11-01.
- Tonga will not observe DST on 2017-11-05.
- Turks & Caicos will switch from -04 all year to -05 with US DST,
affecting UT offset starting 2018-11-04.
* debian/control, debian/copyright: update upstream links to use https.
* debian/upstream/signing-key.asc: new file.
* debian/watch: update watch file to version 4, add check for the OpenPGP
signatures.
* debian/control: Update Standards-Version to 4.1.1.
ust (2.9.0-2+deb9u1) stable; urgency=medium
.
* [5ffa17d] Set gbp branch config
* [8e770e4] Fix python3-lttngust load un-versioned library (Closes: #882366)
uwsgi (2.0.14+20161117-3+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Stack-based buffer overflow in uwsgi_expand_path function (CVE-2018-6758)
(Closes: #889753)
vagrant (1.9.1+dfsg-1+deb9u1) stretch; urgency=medium
.
* 0008-Convert-atlas-references-to-vagrant-cloud.patch: backport upstream
patch to download boxes from app.vagrantcloud.com instead of the
deprecated atlas.hashicorp.com (Closes: #889873)
vdirsyncer (0.14.1-1+deb9u1) stretch; urgency=medium
.
* Backport fix for discovering Google contacts (Closes: #883299)
virt-what (1.15-1+deb9u1) stable-proposed-updates; urgency=medium
.
* Unbreak virt detection on arm/aarch64 (Closes: #888690)
w3m (0.5.3-34+deb9u1) stretch; urgency=medium
.
* New patch 955_tbl-indent.patch to fix stack overflow [CVE-2018-6196]
* New patch 956_columnpos.patch to fix null deref [CVE-2018-6197]
* New patch 957_mkdtemp.patch to fix /tmp file races [CVE-2018-6198]
(closes: #888097)
waagent (2.2.18-3~deb9u1) stretch; urgency=high
.
* Upload to stretch.
waagent (2.2.18-2) unstable; urgency=medium
.
* Create /var/lib/waagent with mode 0700. (closes: #878951)
waagent (2.2.18-1) unstable; urgency=medium
.
* New upstream version.
waagent (2.2.14-1) unstable; urgency=medium
.
* New upstream version.
wavpack (5.0.0-2+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2018-6767, CVE-2018-7253, CVE-2018-7254
several vulnerabilities allow a remote attacker to cause a
denial-of-service or have unspecified other impact via
maliciously crafted files (RF64, DSDIFF, CAF)
webkit2gtk (2.18.6-1~deb9u1) stretch; urgency=medium
.
* Team upload.
* New security and bugfix release backported from Buster.
webkit2gtk (2.18.6-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
webkit2gtk (2.18.6-1) unstable; urgency=high
.
* New upstream release.
+ This fixes CVE-2018-4088, CVE-2017-13885, CVE-2017-7165,
CVE-2017-13884, CVE-2017-7160, CVE-2017-7153, CVE-2017-7153,
CVE-2017-7161 and CVE-2018-4096.
webkit2gtk (2.18.6-1~bpo8+1) jessie-backports-sloppy; urgency=medium
.
* Rebuild for jessie-backports-sloppy.
* debian/control:
+ Build using libgeoclue-dev instead of libgeoclue-2-dev.
+ Build depend on clang-3.8.
+ Use ruby instead of ruby:native.
* debian/rules:
+ Pass CC and CXX to dh_auto_configure so it uses clang instead of
gcc.
.
webkit2gtk (2.18.6-1) unstable; urgency=high
.
* New upstream release.
+ This fixes CVE-2018-4088, CVE-2017-13885, CVE-2017-7165,
CVE-2017-13884, CVE-2017-7160, CVE-2017-7153, CVE-2017-7153,
CVE-2017-7161 and CVE-2018-4096.
webkit2gtk (2.18.5-1) unstable; urgency=high
.
* New upstream release.
+ This includes fixes to mitigate the effects of the Spectre
vulnerability (CVE-2017-5753 and CVE-2017-5715).
webkit2gtk (2.18.5-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
webkit2gtk (2.18.5-1) unstable; urgency=high
.
* New upstream release.
+ This includes fixes to mitigate the effects of the Spectre
vulnerability (CVE-2017-5753 and CVE-2017-5715).
webkit2gtk (2.18.5-1~bpo8+1) jessie-backports-sloppy; urgency=medium
.
* Rebuild for jessie-backports-sloppy.
* debian/control:
+ Build using libgeoclue-dev instead of libgeoclue-2-dev.
+ Build depend on clang-3.8.
+ Use ruby instead of ruby:native.
* debian/rules:
+ Pass CC and CXX to dh_auto_configure so it uses clang instead of
gcc.
.
webkit2gtk (2.18.5-1) unstable; urgency=high
.
* New upstream release.
+ This includes fixes to mitigate the effects of the Spectre
vulnerability (CVE-2017-5753 and CVE-2017-5715).
webkit2gtk (2.18.4-1) unstable; urgency=high
.
[ Alberto Garcia ]
* New upstream release.
+ This fixes CVE-2017-13866, CVE-2017-13870, CVE-2017-7156 and
CVE-2017-13856.
* Refresh all patches.
* debian/control:
+ Request native version of the Ruby package (thanks, Helmut Grohne)
(Closes: #881637).
* Instead of passing -DUSE_GSTREAMER_GL=OFF explicitly, let CMake do it
if libgstreamer-plugins-bad1.0-dev is not installed.
+ debian/patches/detect-gstreamer-gl.patch:
- Disable USE_GSTREAMER_GL if GStreamerGL is not found.
+ debian/rules:
- Remove the list of architectures that are not using GStreamerGL.
* debian/control:
+ Don't require libgstreamer-plugins-bad1.0-dev in hppa, m68k,
powerpcspe, sh4 or x32.
.
[ Jeremy Bicha ]
* debian/control: Update Vcs-Git to point to correct branch.
* Allow setting the distributor name in the User Agent string. Ubuntu
wants this patch, but since it makes it easier to identify the user
let's leave it disabled in Debian (Closes: #883712).
+ debian/patches/user-agent-branding.patch:
- Patch to support updating the User-Agent string.
+ debian/rules:
- Pass -DUSER_AGENT_GTK_DISTRIBUTOR_NAME when building for Ubuntu.
webkit2gtk (2.18.4-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
webkit2gtk (2.18.4-1) unstable; urgency=high
.
[ Alberto Garcia ]
* New upstream release.
+ This fixes CVE-2017-13866, CVE-2017-13870, CVE-2017-7156 and
CVE-2017-13856.
* Refresh all patches.
* debian/control:
+ Request native version of the Ruby package (thanks, Helmut Grohne)
(Closes: #881637).
* Instead of passing -DUSE_GSTREAMER_GL=OFF explicitly, let CMake do it
if libgstreamer-plugins-bad1.0-dev is not installed.
+ debian/patches/detect-gstreamer-gl.patch:
- Disable USE_GSTREAMER_GL if GStreamerGL is not found.
+ debian/rules:
- Remove the list of architectures that are not using GStreamerGL.
* debian/control:
+ Don't require libgstreamer-plugins-bad1.0-dev in hppa, m68k,
powerpcspe, sh4 or x32.
.
[ Jeremy Bicha ]
* debian/control: Update Vcs-Git to point to correct branch.
* Allow setting the distributor name in the User Agent string. Ubuntu
wants this patch, but since it makes it easier to identify the user
let's leave it disabled in Debian (Closes: #883712).
+ debian/patches/user-agent-branding.patch:
- Patch to support updating the User-Agent string.
+ debian/rules:
- Pass -DUSER_AGENT_GTK_DISTRIBUTOR_NAME when building for Ubuntu.
webkit2gtk (2.18.4-1~bpo8+1) jessie-backports-sloppy; urgency=medium
.
* Rebuild for jessie-backports-sloppy.
* debian/control:
+ Build using libgeoclue-dev instead of libgeoclue-2-dev.
+ Build depend on clang-3.8.
+ Use ruby instead of ruby:native.
* debian/rules:
+ Pass CC and CXX to dh_auto_configure so it uses clang instead of
gcc.
.
webkit2gtk (2.18.4-1) unstable; urgency=high
.
[ Alberto Garcia ]
* New upstream release.
+ This fixes CVE-2017-13866, CVE-2017-13870, CVE-2017-7156 and
CVE-2017-13856.
* Refresh all patches.
* debian/control:
+ Request native version of the Ruby package (thanks, Helmut Grohne)
(Closes: #881637).
* Instead of passing -DUSE_GSTREAMER_GL=OFF explicitly, let CMake do it
if libgstreamer-plugins-bad1.0-dev is not installed.
+ debian/patches/detect-gstreamer-gl.patch:
- Disable USE_GSTREAMER_GL if GStreamerGL is not found.
+ debian/rules:
- Remove the list of architectures that are not using GStreamerGL.
* debian/control:
+ Don't require libgstreamer-plugins-bad1.0-dev in hppa, m68k,
powerpcspe, sh4 or x32.
.
[ Jeremy Bicha ]
* debian/control: Update Vcs-Git to point to correct branch.
* Allow setting the distributor name in the User Agent string. Ubuntu
wants this patch, but since it makes it easier to identify the user
let's leave it disabled in Debian (Closes: #883712).
+ debian/patches/user-agent-branding.patch:
- Patch to support updating the User-Agent string.
+ debian/rules:
- Pass -DUSER_AGENT_GTK_DISTRIBUTOR_NAME when building for Ubuntu.
webkit2gtk (2.18.3-1) unstable; urgency=high
.
* New upstream release.
* The WebKitGTK+ security advisory WSA-2017-0009 lists the following
security fixes in the latest versions of WebKitGTK+:
+ CVE-2017-13783, CVE-2017-13784, CVE-2017-13785, CVE-2017-13791,
CVE-2017-13792, CVE-2017-13793, CVE-2017-13794, CVE-2017-13795,
CVE-2017-13796 and CVE-2017-13802 (fixed in 2.18.1).
+ CVE-2017-13788, CVE-2017-13798, CVE-2017-13803 (fixed in 2.18.3)
* Several cross-compilation fixes in debian/rules (thanks, Helmut
Grohne) (Closes: #881341):
+ Include /usr/share/dpkg/architecture.mk instead of calling
dpkg-architecture manually to set the DEB_*_ARCH variables.
+ Use DEB_BUILD_ARCH_BITS to decide whether to pass --no-keep-memory
to the linker.
+ Use DEB_HOST_ARCH to decide whether to use -g1, -DENABLE_JIT=OFF and
-DUSE_GSTREAMER_GL=OFF.
+ Remove the --no-relax flag for alpha, this was a workaround for a 10
year old binutils bug.
webkit2gtk (2.18.3-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
webkit2gtk (2.18.3-1) unstable; urgency=high
.
* New upstream release.
* The WebKitGTK+ security advisory WSA-2017-0009 lists the following
security fixes in the latest versions of WebKitGTK+:
+ CVE-2017-13783, CVE-2017-13784, CVE-2017-13785, CVE-2017-13791,
CVE-2017-13792, CVE-2017-13793, CVE-2017-13794, CVE-2017-13795,
CVE-2017-13796 and CVE-2017-13802 (fixed in 2.18.1).
+ CVE-2017-13788, CVE-2017-13798, CVE-2017-13803 (fixed in 2.18.3)
* Several cross-compilation fixes in debian/rules (thanks, Helmut
Grohne) (Closes: #881341):
+ Include /usr/share/dpkg/architecture.mk instead of calling
dpkg-architecture manually to set the DEB_*_ARCH variables.
+ Use DEB_BUILD_ARCH_BITS to decide whether to pass --no-keep-memory
to the linker.
+ Use DEB_HOST_ARCH to decide whether to use -g1, -DENABLE_JIT=OFF and
-DUSE_GSTREAMER_GL=OFF.
+ Remove the --no-relax flag for alpha, this was a workaround for a 10
year old binutils bug.
webkit2gtk (2.18.3-1~bpo8+1) jessie-backports-sloppy; urgency=medium
.
* Rebuild for jessie-backports-sloppy.
* debian/control:
+ Build using libgeoclue-dev instead of libgeoclue-2-dev.
+ Build depend on clang-3.8.
* debian/rules:
+ Pass CC and CXX to dh_auto_configure so it uses clang instead of
gcc.
.
webkit2gtk (2.18.3-1) unstable; urgency=high
.
* New upstream release.
* The WebKitGTK+ security advisory WSA-2017-0009 lists the following
security fixes in the latest versions of WebKitGTK+:
+ CVE-2017-13783, CVE-2017-13784, CVE-2017-13785, CVE-2017-13791,
CVE-2017-13792, CVE-2017-13793, CVE-2017-13794, CVE-2017-13795,
CVE-2017-13796 and CVE-2017-13802 (fixed in 2.18.1).
+ CVE-2017-13788, CVE-2017-13798, CVE-2017-13803 (fixed in 2.18.3)
* Several cross-compilation fixes in debian/rules (thanks, Helmut
Grohne) (Closes: #881341):
+ Include /usr/share/dpkg/architecture.mk instead of calling
dpkg-architecture manually to set the DEB_*_ARCH variables.
+ Use DEB_BUILD_ARCH_BITS to decide whether to pass --no-keep-memory
to the linker.
+ Use DEB_HOST_ARCH to decide whether to use -g1, -DENABLE_JIT=OFF and
-DUSE_GSTREAMER_GL=OFF.
+ Remove the --no-relax flag for alpha, this was a workaround for a 10
year old binutils bug.
webkit2gtk (2.18.2-1) unstable; urgency=medium
.
* New upstream release.
* debian/control:
+ Set the minimum versions of these build dependencies: cmake >= 3.3,
libcairo2-dev >= 1.10.2, libfontconfig1-dev >= 2.8, and
libgcrypt20-dev >= 1.7.0, libxml2-dev >= 2.8.
webkit2gtk (2.18.2-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
webkit2gtk (2.18.2-1~bpo8+1) jessie-backports-sloppy; urgency=medium
.
* Rebuild for jessie-backports-sloppy.
* debian/control:
+ Build using libgeoclue-dev instead of libgeoclue-2-dev.
+ Build depend on clang-3.8.
* debian/rules:
+ Pass CC and CXX to dh_auto_configure so it uses clang instead of
gcc.
webkit2gtk (2.18.1-1) unstable; urgency=medium
.
* New upstream release.
* The WebKitGTK+ security advisory WSA-2017-0008 lists the following
security fixes in the latest versions of WebKitGTK+:
+ CVE-2017-7081 and CVE-2017-7142 (fixed in 2.16.1).
+ CVE-2017-7094 (fixed in 2.16.3).
+ CVE-2017-7099 (fixed in 2.16.4).
+ CVE-2017-7087, CVE-2017-7089, CVE-2017-7090, CVE-2017-7091,
CVE-2017-7092, CVE-2017-7093, CVE-2017-7095, CVE-2017-7096,
CVE-2017-7098, CVE-2017-7100, CVE-2017-7102, CVE-2017-7104,
CVE-2017-7107, CVE-2017-7109, CVE-2017-7111, CVE-2017-7117,
CVE-2017-7120 (fixed in 2.18.0).
* debian/control:
+ Recommend the Pulseaudio or ALSA GStreamer plugins, since they're
needed for audio playback (Closes: #877281).
* debian/patches/fix-ftbfs-alpha.patch:
+ This patch is no longer needed, drop it.
* Refresh all other patches.
* debian/control:
+ Remove 'Priority: extra' fields, all packages have optional priority
now (the 'extra' priority has been deprecated).
* debian/copyright:
+ Use https for the Format URL.
webkit2gtk (2.18.1-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
webkit2gtk (2.18.1-1~bpo8+1) jessie-backports-sloppy; urgency=medium
.
* Rebuild for jessie-backports-sloppy.
* debian/control:
+ Build using libgeoclue-dev instead of libgeoclue-2-dev.
+ Build depend on clang-3.8, cmake >= 3.3 and libgcrypt20-dev >= 1.7.0
(we need to use the backports of all these packages)
* debian/rules:
+ Pass CC and CXX to dh_auto_configure so it uses clang instead of
gcc.
webkit2gtk (2.18.0-2) unstable; urgency=medium
.
* Upload to unstable.
* debian/gbp.conf:
+ Update upstream branch name.
* The WebKitGTK+ security advisory WSA-2017-0007 lists the following
security fixes in WebKitGTK+ 2.16.3:
+ CVE-2017-1000121.
+ CVE-2017-1000122.
webkit2gtk (2.18.0-1) experimental; urgency=medium
.
* New upstream release.
webkit2gtk (2.17.92-1) experimental; urgency=medium
.
* New upstream development release.
* Disable GStreamerGL in the Hurd:
+ Pass -DUSE_GSTREAMER_GL=OFF in debian/rules.
+ Remove build dependency on libgstreamer-plugins-bad1.0-dev from
debian/control.
* debian/control:
+ Recommmend libgl1-mesa-dri (Closes: #873084).
* debian/patches/fix-ftbfs-m68k.patch:
+ Refresh.
webkit2gtk (2.17.91-1) experimental; urgency=medium
.
* New upstream development release.
* Refresh all patches and remove no-whole-archive.patch.
* debian/patches/fix-ftbfs-hurd.patch:
+ Work around missing PATH_MAX definition in ConfigFile.h
* Disable GStreamerGL in kFreeBSD and sparc64:
+ Pass -DUSE_GSTREAMER_GL=OFF in debian/rules.
+ Remove build dependency on libgstreamer-plugins-bad1.0-dev from
debian/control.
webkit2gtk (2.17.90-1) experimental; urgency=medium
.
* New upstream development release.
* Refresh all patches.
* debian/control:
+ Add build dependency on libtasn1-6-dev (for Web Crypto).
* debian/libwebkit2gtk-4.0-37.symbols:
+ Update symbols.
* Disable GStreamerGL in armel and armhf, the usage of two different GL
implementations causes a build failure (see WebKit but #175127).
+ debian/control: Don't install libgstreamer-plugins-bad1.0-dev in
those architectures.
+ debian/rules: Pass -DUSE_GSTREAMER_GL=OFF.
* debian/patches/no-whole-archive.patch:
+ Don't use --whole-archive for the WebKit2 target libraries.
webkit2gtk (2.17.5-2) experimental; urgency=medium
.
* debian/rules:
+ Don't pass -DENABLE_DISASSEMBLER=0, this is no longer necessary.
+ Don't disable JIT in arm64.
+ Don't disable the gold linker in any architecture.
* debian/control:
+ Add build dependency on mesa-common-dev (GStreamerGL needs GL/gl.h),
this is automatically pulled in some architectures by
libgl1-mesa-dev, but without it the build fails in all others.
* Refresh debian/patches/fix-ftbfs-m68k.patch.
webkit2gtk (2.17.5-1) experimental; urgency=medium
.
* New upstream development release.
* Refresh all patches.
* debian/source/lintian-overrides:
+ Update source-is-missing overrides.
* debian/patches/fix-ftbfs-m68k.patch:
+ Fix FTBFS in m68k.
* debian/control:
+ Add build dependency on libgstreamer-plugins-bad1.0-dev for
GStreamerGL and bump all GStreamer dependencies to >= 1.2.3.
+ Add build dependency on libgles2-mesa-dev for all
architectures (GStreamerGL needs GLES3/gl3.h).
* debian/libwebkit2gtk-4.0-37.symbols:
+ Update symbols.
* Override typelib-package-name-does-not-match and
gir-missing-typelib-dependency lintian warnings in
gir1.2-javascriptcoregtk-4.0, gir1.2-webkit2-4.0,
libjavascriptcoregtk-4.0-dev and libwebkit2gtk-4.0-dev.
webkit2gtk (2.17.4-1) experimental; urgency=medium
.
* New upstream development release.
* debian/patches/fix-ftbfs-sparc64.patch:
+ Refresh.
* debian/patches/fix-ftbfs-x86.patch:
+ Update to fix build in x86_64.
* debian/libwebkit2gtk-4.0-37.symbols:
+ Update symbols.
webkit2gtk (2.17.3-1) experimental; urgency=medium
.
* New upstream development release.
* Refresh all patches.
* debian/patches/fix-ftbfs-x86.patch:
+ Fix FTBFS in x86.
* debian/watch, debian/gbp.conf:
+ Update for 2.17.x packages in experimental.
* debian/libwebkit2gtk-4.0-37.symbols:
+ Update symbols.
webkit2gtk (2.16.6-1) unstable; urgency=high
.
* New upstream release.
* The WebKitGTK+ security advisory WSA-2017-0006 lists the following
security fixes in the latest versions of WebKitGTK+:
+ CVE-2017-7020 (fixed in 2.16.1).
+ CVE-2017-7006, CVE-2017-7012, CVE-2017-7019, CVE-2017-7038,
CVE-2017-7041, CVE-2017-7042, CVE-2017-7043, CVE-2017-7049
(fixed in 2.16.2).
+ CVE-2017-7011, CVE-2017-7040, CVE-2017-7059 (fixed in 2.16.3).
+ CVE-2017-7052 (fixed in 2.16.4).
+ CVE-2017-7018, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037,
CVE-2017-7039, CVE-2017-7046, CVE-2017-7048, CVE-2017-7055,
CVE-2017-7056, CVE-2017-7061, CVE-2017-7064 (fixed in 2.16.6).
* debian/patches/fix-ftbfs-m68k.patch:
+ Fix FTBFS in m68k (Closes: #868126).
* Override typelib-package-name-does-not-match and
gir-missing-typelib-dependency lintian warnings in
gir1.2-javascriptcoregtk-4.0, gir1.2-webkit2-4.0,
libjavascriptcoregtk-4.0-dev and libwebkit2gtk-4.0-dev.
webkit2gtk (2.16.6-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
webkit2gtk (2.16.6-1) unstable; urgency=high
.
* New upstream release.
* The WebKitGTK+ security advisory WSA-2017-0006 lists the following
security fixes in the latest versions of WebKitGTK+:
+ CVE-2017-7020 (fixed in 2.16.1).
+ CVE-2017-7006, CVE-2017-7012, CVE-2017-7019, CVE-2017-7038,
CVE-2017-7041, CVE-2017-7042, CVE-2017-7043, CVE-2017-7049
(fixed in 2.16.2).
+ CVE-2017-7011, CVE-2017-7040, CVE-2017-7059 (fixed in 2.16.3).
+ CVE-2017-7052 (fixed in 2.16.4).
+ CVE-2017-7018, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037,
CVE-2017-7039, CVE-2017-7046, CVE-2017-7048, CVE-2017-7055,
CVE-2017-7056, CVE-2017-7061, CVE-2017-7064 (fixed in 2.16.6).
* debian/patches/fix-ftbfs-m68k.patch:
+ Fix FTBFS in m68k (Closes: #868126).
* Override typelib-package-name-does-not-match and
gir-missing-typelib-dependency lintian warnings in
gir1.2-javascriptcoregtk-4.0, gir1.2-webkit2-4.0,
libjavascriptcoregtk-4.0-dev and libwebkit2gtk-4.0-dev.
webkit2gtk (2.16.6-1~bpo8+1) jessie-backports-sloppy; urgency=medium
.
* Rebuild for jessie-backports-sloppy.
* debian/control:
+ Build using libgeoclue-dev instead of libgeoclue-2-dev.
.
webkit2gtk (2.16.6-1) unstable; urgency=high
.
* New upstream release.
* The WebKitGTK+ security advisory WSA-2017-0006 lists the following
security fixes in the latest versions of WebKitGTK+:
+ CVE-2017-7020 (fixed in 2.16.1).
+ CVE-2017-7006, CVE-2017-7012, CVE-2017-7019, CVE-2017-7038,
CVE-2017-7041, CVE-2017-7042, CVE-2017-7043, CVE-2017-7049
(fixed in 2.16.2).
+ CVE-2017-7011, CVE-2017-7040, CVE-2017-7059 (fixed in 2.16.3).
+ CVE-2017-7052 (fixed in 2.16.4).
+ CVE-2017-7018, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037,
CVE-2017-7039, CVE-2017-7046, CVE-2017-7048, CVE-2017-7055,
CVE-2017-7056, CVE-2017-7061, CVE-2017-7064 (fixed in 2.16.6).
* debian/patches/fix-ftbfs-m68k.patch:
+ Fix FTBFS in m68k (Closes: #868126).
* Override typelib-package-name-does-not-match and
gir-missing-typelib-dependency lintian warnings in
gir1.2-javascriptcoregtk-4.0, gir1.2-webkit2-4.0,
libjavascriptcoregtk-4.0-dev and libwebkit2gtk-4.0-dev.
wireshark (2.2.6+g32dac6a-2+deb9u2) stretch-security; urgency=medium
.
* Non-maintainer upload by the Wheezy LTS Team.
* fix for CVE-2018-5334
* fix for CVE-2018-5335
* fix for CVE-2018-5336
Several parsers of wireshark could be crashed by malformed packets.
wireshark (2.2.6+g32dac6a-2+deb9u1) stretch-security; urgency=medium
.
* CVE-2017-11408 / CVE-2017-13766 / CVE-2017-17083.patch / CVE-2017-17084.patch
CVE-2017-17085
wordpress (4.7.5+dfsg-2+deb9u2) stretch-security; urgency=high
.
* Backport security patches from 4.9.1 Closes: #883314
- CVE-2017-17091
Use a properly generated hash for the newbloguser key instead
of a determinate substring.
Changeset 42272
- CVE-2017-17092
Remove the ability to upload JavaScript files for users who
do not have the unfiltered_html capability
Changeset 42275
- CVE-2017-17093
Add escaping to the language attributes used on html elements
Changeset 42273
- CVE-2017-17094
Ensure the attributes of enclosures are correctly escaped in
RSS and Atom feeds
Changeset 42274
* Also backport patch for $wpdb->prepare CVE-2017-16510
Closes: 880528
wordpress (4.7.5+dfsg-2+deb9u2~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
* Several security issues fixed
xchain (1.0.1-9~deb9u1) stretch; urgency=medium
.
* QA upload.
* Rebuild for stretch.
.
xchain (1.0.1-9) unstable; urgency=medium
.
* QA upload.
* Revert path change, depend on "wish" only. Re-closes: #878090
.
xchain (1.0.1-8) unstable; urgency=medium
.
* QA upload.
* Update path to wish (it's /usr/bin/wish8.5 now). Closes: #878090
* Priority optional.
xchain (1.0.1-8) unstable; urgency=medium
.
* QA upload.
* Update path to wish (it's /usr/bin/wish8.5 now). Closes: #878090
* Priority optional.
xen (4.8.3+comet2+shim4.10.0+comet3-1+deb9u5) stretch-security; urgency=high
.
* Security fixes from upstream XSAs:
XSA-252 CVE-2018-7540
XSA-255 CVE-2018-7541
XSA-256 CVE-2018-7542
The upstream BTI changes from XSA-254 (Spectre v2 mitigation)
are *not* included. They are currently failing in upstream CI.
* init scripts: Do not kill per-domain qemu processes. Closes:#879751.
* Install Meltdown READMEs on all architectures. Closes:#890488.
* Ship xen-diag (by cherry-picking the appropriate commits from
upstream). This can help with diagnosis of #880554.
xen (4.8.3+comet2+shim4.10.0+comet3-1+deb9u4.1) stretch-security; urgency=high
.
* Fix builds on other than amd64.
.
xen (4.8.3+comet2+shim4.10.0+comet3-1+deb9u4) stretch-security; urgency=high
.
* Update to new upstream version 4.8.3+comet2+shim4.10.0+comet3.
Specifically, this is two upstreams:
- Upstream Xen 4.8.3 "git merge"d with upstream
Xen Security Team (XSA-254) 4.8.3pre-shim-comet-2, in `.'
- Upstream Xen 4.10.0-shim-comet-3 in `shim'.
The upstream tarballs are from `git archive' with the
gitattributes for mangling .gitarchive-info disabled.
Therefore, we include these security fixes:
XSA-254 CVE-2017-5754 but SP3 "Meltdown" only
XSA-253 CVE-2018-5244
XSA-251 CVE-2017-17565
XSA-250 CVE-2017-17564
XSA-249 CVE-2017-17563
XSA-248 CVE-2017-17566
* Ship README.pti and README.comet from the upstream XSA-254
advisory in /usr/share/doc/xen-utils/common/.
xen (4.8.3+comet2+shim4.10.0+comet3-1+deb9u4) stretch-security; urgency=high
.
* Update to new upstream version 4.8.3+comet2+shim4.10.0+comet3.
Specifically, this is two upstreams:
- Upstream Xen 4.8.3 "git merge"d with upstream
Xen Security Team (XSA-254) 4.8.3pre-shim-comet-2, in `.'
- Upstream Xen 4.10.0-shim-comet-3 in `shim'.
The upstream tarballs are from `git archive' with the
gitattributes for mangling .gitarchive-info disabled.
Therefore, we include these security fixes:
XSA-254 CVE-2017-5754 but SP3 "Meltdown" only
XSA-253 CVE-2018-5244
XSA-251 CVE-2017-17565
XSA-250 CVE-2017-17564
XSA-249 CVE-2017-17563
XSA-248 CVE-2017-17566
* Ship README.pti and README.comet from the upstream XSA-254
advisory in /usr/share/doc/xen-utils/common/.
xmltooling (1.6.0-4+deb9u1) stretch-security; urgency=high
.
[ Russ Allbery ]
* [4e7dec2] Remove myself from Uploaders
.
[ Ferenc Wágner ]
* [2e5cad6] New patch fixing CVE-2018-0486: vulnerability to forged user
attribute data.
The Service Provider software relies on a generic XML parser to process
SAML responses and there are limitations in older versions of the parser
that make it impossible to fully disable Document Type Definition (DTD)
processing.
Through addition/manipulation of a DTD, it's possible to make changes
to an XML document that do not break a digital signature but are
mishandled by the SP and its libraries. These manipulations can alter
the user data passed through to applications behind the SP and result
in impersonation attacks and exposure of protected information.
While the use of XML Encryption can serve as a mitigation for this bug,
it may still be possible to construct attacks in such cases, and the SP
does not provide a means to enforce its use.
https://shibboleth.net/community/advisories/secadv_20180112.txt
CPPXT-127 - Block entity reference nodes during unmarshalling.
https://issues.shibboleth.net/jira/browse/CPPXT-127
* [91c50ae] New patches fixing CVE-2018-0489: additional data forgery flaws.
These flaws allow for changes to an XML document that do not break a
digital signature but alter the user data passed through to applications
enabling impersonation attacks and exposure of protected information.
https://shibboleth.net/community/advisories/secadv_20180227.txt
https://issues.shibboleth.net/jira/browse/CPPXT-128
The Add-disallowDoctype-to-parser-configuration.patch is not effective
under Xerces 3.1 in stretch, but provides more generic protection under
Xerces 3.2 against issues like CVE-2018-0486. It's included here for
completeness and to avoid a conflict applying the CVE-2018-0489 patch.
xmltooling (1.6.0-4+deb9u1~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
xrdp (0.9.1-9+deb9u2) stretch; urgency=medium
.
* Fix CVE-2017-16927. (Closes: #882463)
* Fix high CPU load on ssl_tls_accept. (Closes: #884453)
======================================
Sat, 09 Dec 2017 - Debian 9.3 released
======================================
=========================================================================
[Date: Sat, 09 Dec 2017 08:35:43 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
libnet-ping-external-perl | 0.13-1 | source, all
Closed bugs: 881203
------------------- Reason -------------------
unmaintained, security issues
----------------------------------------------
=========================================================================
abiword (3.0.2-2+deb9u1) stretch; urgency=medium
.
* QA upload.
* Fix flickering (Closes: #851052, #848838) (LP: #1574278).
asterisk (1:13.14.1~dfsg-2+deb9u2) stretch-security; urgency=high
.
* CVE-2017-14603 / AST-2017-008
This is a follow-up for AST-2017-005: RTP/RTCP information leak
improving robustness of the security fix and fixing a regression
with re-INVITEs (Closes: #876328)
* Fix one-way audio with chan_sip when transcoding (Closes: #875450)
base-files (9.9+deb9u3) stretch; urgency=medium
.
* Change /etc/debian_version to 9.3, for Debian 9.3 point release.
base-files (9.9+deb9u2) stretch; urgency=medium
.
* Change /etc/debian_version to 9.2, for Debian 9.2 point release.
bchunk (1.2.0-12+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload.
* Fix CVE-2017-15953, CVE-2017-15954 and CVE-2017-15955.
bchunk was vulnerable to a heap-based buffer overflow with an resultant
invalid free when processing a malformed CUE (.cue) file that may lead to
the execution of arbitrary code or a application crash. (Closes: #880116)
bchunk (1.2.0-12+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload.
* Fix CVE-2017-15953, CVE-2017-15954 and CVE-2017-15955.
bchunk was vulnerable to a heap-based buffer overflow with an resultant
invalid free when processing a malformed CUE (.cue) file that may lead to
the execution of arbitrary code or a application crash. (Closes: #880116)
berusky (1.7-1+deb9u1) stretch; urgency=medium
.
* Add crash-on-startup.patch and fix the startup crash with certain
video card configurations. (Closes: #877979)
bzr (2.7.0+bzr6619-7+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Use 'localhost' rather than '127.0.0.1' in SSL certificates, as the latter
trips up pycurl (Closes: #868966)
* Ship a refreshed copy of the ssl certs used in testsuite
* Prevent SSH command line options from being specified in bzr+ssh:// URLs
(CVE-2017-14176) (Closes: #874429)
charmtimetracker (1.11.4-1+deb9u1) stretch; urgency=medium
.
* Fix "Missing binary dependency on libqt5sql5-sqlite" (Closes: #873918)
- Adding libqt5sql5-sqlite to depends list of charmtimetracker.
* Fix "Please drop "Cross-Platform" from package description" rewrite
discription for the pacakge (Closes: #873917)
chromium-browser (62.0.3202.89-1~deb9u1) stretch-security; urgency=medium
.
* New upstream security release.
- CVE-2017-15398: Stack buffer overflow in QUIC. Reported by Ned
Williamson
- CVE-2017-15399: Use after free in V8. Reported by Zhao Qixun
chromium-browser (62.0.3202.75-1) unstable; urgency=medium
.
* New upstream stable release (closes: #879451).
- CVE-2017-5124: UXSS with MHTML. Reported by Anonymous
- CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous
- CVE-2017-5126: Use after free in PDFium. Reported by Luat Nguyen
- CVE-2017-5127: Use after free in PDFium. Reported by Luat Nguyen
- CVE-2017-5128: Heap overflow in WebGL. Reported by Omair
- CVE-2017-5129: Use after free in WebAudio. Reported by Omair
- CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous
- CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by
Gaurav Dewan
- CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar
Nikolic
- CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu
- CVE-2017-15387: Content security bypass. Reported by Jun Kokatsu
- CVE-2017-15388: Out of bounds read in Skia. Reported by Kushal Arvind
Shah
- CVE-2017-15389: URL spoofing in OmniBox. Reported by xisigr
- CVE-2017-15390: URL spoofing in OmniBox. Reported by Haosheng Wang
- CVE-2017-15391: Extension limitation bypass in Extensions. Reported by
João Lucas Melo Brasio
- CVE-2017-15392: Incorrect registry key handling in PlatformIntegration.
Reported by Xiaoyin Liu
- CVE-2017-15393: Referrer leak in Devtools. Reported by Svyat Mitin
- CVE-2017-15394: URL spoofing in extensions UI. Reported by Sam
- CVE-2017-15395: Null pointer dereference in ImageCapture. Reported by
Johannes Bergman
- CVE-2017-15396: Stack overflow in V8. Reported by Yuan Deng
* Enable chromecast feature switch (closes: #878244).
chromium-browser (62.0.3202.75-1~deb9u1) stretch-security; urgency=medium
.
* New upstream stable release.
- CVE-2017-5124: UXSS with MHTML. Reported by Anonymous
- CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous
- CVE-2017-5126: Use after free in PDFium. Reported by Luat Nguyen
- CVE-2017-5127: Use after free in PDFium. Reported by Luat Nguyen
- CVE-2017-5128: Heap overflow in WebGL. Reported by Omair
- CVE-2017-5129: Use after free in WebAudio. Reported by Omair
- CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous
- CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by
Gaurav Dewan
- CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar
Nikolic
- CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu
- CVE-2017-15387: Content security bypass. Reported by Jun Kokatsu
- CVE-2017-15388: Out of bounds read in Skia. Reported by Kushal Arvind
Shah
- CVE-2017-15389: URL spoofing in OmniBox. Reported by xisigr
- CVE-2017-15390: URL spoofing in OmniBox. Reported by Haosheng Wang
- CVE-2017-15391: Extension limitation bypass in Extensions. Reported by
João Lucas Melo Brasio
- CVE-2017-15392: Incorrect registry key handling in PlatformIntegration.
Reported by Xiaoyin Liu
- CVE-2017-15393: Referrer leak in Devtools. Reported by Svyat Mitin
- CVE-2017-15394: URL spoofing in extensions UI. Reported by Sam
- CVE-2017-15395: Null pointer dereference in ImageCapture. Reported by
Johannes Bergman
- CVE-2017-15396: Stack overflow in V8. Reported by Yuan Deng
chromium-browser (61.0.3163.100-2) unstable; urgency=medium
.
* Add liblcms2-dev as a build dependency (closes: #876804).
chromium-browser (61.0.3163.100-1) unstable; urgency=medium
.
* New upstream stable release (closes: #876030).
- CVE-2017-5111: Use after free in PDFium. Reported by Luáºt Nguyá»…n
- CVE-2017-5112: Heap buffer overflow in WebGL. Reported by Tobias Kleini
- CVE-2017-5113: Heap buffer overflow in Skia. Reported by Anonymous
- CVE-2017-5114: Memory lifecycle issue in PDFium. Reported by Ke Liu
- CVE-2017-5115: Type confusion in V8. Reported by Marco Giovannini
- CVE-2017-5116: Type confusion in V8. Reported by Anonymous
- CVE-2017-5117: Use of uninitialized value in Skia. Reported by Tobias
Klein
- CVE-2017-5118: Bypass of Content Security Policy in Blink. Reported by
WenXu Wu
- CVE-2017-5119: Use of uninitialized value in Skia. Reported by Anonymous
- CVE-2017-5120: Potential HTTPS downgrade during redirect navigation.
Reported by Xiaoyin Liu
- CVE-2017-5121: Out-of-bounds access in V8. Reported by Jordan Rabet
- CVE-2017-5122: Out-of-bounds access in V8. Reported by Choongwoo Han
- Adds support for gcc7 (closes: #853347).
* Update standards version.
* Use system libstdc++ instead of chromium's bundled custom libc++.
* Improve error message when network is unreachable (closes: #864539).
* Fix a mistake that lead to unstripped binary files (closes: #870531).
corebird (1.4.1-1+deb9u1) stretch; urgency=medium
.
* Allow 280 characters per tweet
curl (7.52.1-5+deb9u3) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix NTLM buffer overflow via integer overflow as per CVE-2017-8816
https://curl.haxx.se/docs/adv_2017-11e7.html
* Fix FTP wildcard out of bounds read as per CVE-2017-8817
https://curl.haxx.se/docs/adv_2017-ae72.html
curl (7.52.1-5+deb9u2) stretch-security; urgency=medium
.
* Fix IMAP FETCH response out of bounds read as per CVE-2017-1000257
https://curl.haxx.se/docs/adv_20171023.html
curl (7.52.1-5+deb9u1) stretch-security; urgency=medium
.
* Fix TFTP sends more than buffer size as per CVE-2017-1000100
https://curl.haxx.se/docs/adv_20170809B.html
* Fix URL globbing out of bounds read as per CVE-2017-1000101
https://curl.haxx.se/docs/adv_20170809A.html
* Fix FTP PWD response parser out of bounds read as per CVE-2017-1000254
https://curl.haxx.se/docs/adv_20171004.html
dbus (1.10.24-0+deb9u1) stretch; urgency=medium
.
* New upstream stable release
- dbus/dbus-sysdeps-unix.c: Increase listen() backlog of
AF_UNIX sockets to the maximum possible, minimizing failed
connections under heavy load (Closes: #872144)
- bus/config-loader-expat.c: When parsing dbus-daemon
configuration, don't delay startup if high-quality entropy
is not yet available: we trust the configuration anyway, so
algorithmic complexity attacks via hash table collisions
are not a concern
- bus/*: When using the Monitoring interface, match message
filters that specify a destination correctly
- test/monitor.c: Add test-cases for this
- tools/dbus-send.c: Avoid a compiler warning when gcc gets
confused about a conditionally-initialized variable
- dbus/dbus-sysdeps-unix.c: Avoid a compiler warning on Solaris
(not relevant to Debian)
dbus (1.10.22-1) unstable; urgency=medium
.
* New upstream stable release
* Run build-time tests (Closes: #630152)
- Skip build-time tests when only building Architecture: all.
Once per architecture is enough.
* Build-depend on python3{,-dbus,-gi} if we will run build-time tests.
This is a circular dependency, but is flagged as
<!nocheck !pkg.dbus.minimal> so it can be omitted when
cross-compiling or bootstrapping.
* Enable valgrind integration in the debug build on mips64
* Replace stage1 build profile with pkg.dbus.minimal
* Drop explicit dependency on autotools-dev, implied by debhelper 10
* debian/upstream/signing-key.asc: Update subkeys and uids
debian-edu-doc (1.921~20170603+deb9u3) stretch; urgency=medium
.
[ Holger Levsen ]
* Merge stretch related documentation and translation updates from the
debian-edu-doc package in sid:
* Update Debian Edu Stretch manual from the wiki.
.
[ Stretch manual translation updates ]
* Dutch: Frans Spiesschaert.
* German: Wolfgang Schweer.
* Italian: Claudio Carboncini.
* Japanese: Victory.
* Norwegian Bokmål: Petter Reinholdtsen.
* Simplified Chinese: Ma Yong.
.
[ Frans Spiesschaert ]
* images/nl: add a Dutch images folder and Dutch screenshots for the manual.
.
[ Wolfgang Schweer ]
* documentation/common/edu.css.xml: improve HTML manual readability.
.
[ ITIL manual translation updates ]
* Dutch: Frans Spiesschaert.
debian-installer-netboot-images (20170615+deb9u2.b1) stretch; urgency=medium
.
* Update to 20170615+deb9u2+b1 images, from stretch-proposed-updates
dehydrated (0.3.1-3+deb9u1) stretch; urgency=medium
.
* Update the default License Subscriber Agreement URL. Closes: #881974
dnsmasq (2.76-5+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2017-14491: DNS heap buffer overflow
* CVE-2017-14492: DHCPv6 RA heap overflow
* CVE-2017-14493: DHCPv6 - Stack buffer overflow
* CVE-2017-14494: Infoleak handling DHCPv6 forwarded requests
* CVE-2017-14496: Integer underflow in DNS response creation
* CVE-2017-14495: OOM in DNS response creation
* Misc code cleanups arising from Google analysis
* CVE-2017-14491: DNS heap buffer overflow (further fix)
doit (0.28.0-1+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* python-doit: Add Breaks: nikola (<< 7.6.0-1~). nikola is not in stretch
(or even in sid any longer) and the jessie version needs doit <= 0.27.
(Closes: #870162)
exim4 (4.89-2+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Avoid release of store if there have been later allocations
(CVE-2017-16943) (Closes: #882648)
* Chunking: do not treat the first lonely dot special (CVE-2017-16944)
(Closes: #882671)
ffmpeg (7:3.2.9-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
- avcodec/x86/lossless_videoencdsp: Fix out of array access.
(CVE-2017-15186)
- avcodec/ffv1dec: Fix out of array read in slice counting.
(CVE-2017-15672)
* debian/patches: avcodec/vc2enc_dwt: Fix out of bounds read.
(CVE-2017-16840)
ffmpeg (7:3.2.8-1~deb9u1) stretch-security; urgency=high
.
* New upstream release.
- avformat/rmdec: Fix DoS due to lack of eof check. (CVE-2017-14054)
- avformat/mvdec: Fix DoS due to lack of eof check. (CVE-2017-14055)
- avformat/rl2: Fix DoS due to lack of eof check. (CVE-2017-14056)
- avformat/asfdec: Fix DoS due to lack of eof check. (CVE-2017-14057)
- avformat/hls: Fix DoS due to infinite loop. (CVE-2017-14058)
- avformat/cinedec: Fix DoS due to lack of eof check. (CVE-2017-14059)
- avformat/mxfdec: Fix Sign error. (CVE-2017-14169)
- avformat/mxfdec: Fix DoS issues. (CVE-2017-14170)
- avformat/nsvdec: Fix DoS due to lack of eof check. (CVE-2017-14171)
- avformat/mov: Fix DoS. (CVE-2017-14222)
- avformat/asfdec: Fix DoS. (CVE-2017-14223)
- ffprobe: Fix null pointer dereference with color primaries.
(CVE-2017-14225)
- avformat/rtpdec_h264: Fix heap-buffer-overflow. (CVE-2017-14767)
fig2dev (1:3.2.6a-2+deb9u1) stretch; urgency=medium
.
* CVE-2017-16899: 31_input_sanitizing: Some input sanitizing on FIG
files (Closes: #881143, #881144).
* 32_fill-style-overflow: Sanitize input of fill patterns
(Closes: #881396).
firefox-esr (52.5.0esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2017-25, also known as:
CVE-2017-7828, CVE-2017-7830, CVE-2017-7826.
.
* debian/source/lintian-overrides: Add a lintian override for dotzlib.chm.
* debian/import-tar.py: Make python 3.6 happy.
firefox-esr (52.5.0esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2017-25, also known as:
CVE-2017-7828, CVE-2017-7830, CVE-2017-7826.
.
* debian/source/lintian-overrides: Add a lintian override for dotzlib.chm.
* debian/import-tar.py: Make python 3.6 happy.
firefox-esr (52.4.0esr-2) unstable; urgency=medium
.
* debian/source/lintian-overrides: Add a lintian override for dotzlib.chm.
flickcurl (1.26-2+deb9u1) stable; urgency=medium
.
* Apply patch from upstream to fix oauth token fetching
* Apply patch from upstream to prevent double free corruption
during authentication (Closes: #875800)
* Remove broken devhelp link in flickcurl-doc (Closes: #859019)
flightgear (1:2016.4.4+dfsg-3+deb9u1) stretch; urgency=medium
.
* Add patches init-allowed-paths-earlier-secu-fix-f372d7.patch and
prevent-arbitrary-file-writes-secu-fix-58d8e1.patch: prevent
malicious add-ons from overriding arbitrary files.
Closes: #873439 (CVE-2017-13709)
ganeti (2.15.2-7+deb9u1) stretch; urgency=medium
.
* Depend on lsb-base (>= 3.0.6) for init-functions.
* Backport upstream support for non-DSA SSH keys (Closes: #853129).
+ non-DSA-SSH-key-support.patch: backport upstream work from the
(unreleased as of today) stable-2.16 branch.
+ fix-ssh-key-renewal-on-single-node-clusters.patch: fix gnt-cluster
renew-crypto --new-ssh-keys on single-node clusters.
+ set-defaults-for-ssh-type-bits.patch: transparently handle the new SSH
key type/length parameters without running cfgupgrade.
* Fix failover from dead nodes when using extstorage (Closes: #864756).
* Fix pre-migration version compatibility check that would always fail when
different HV versions were detected. Note that this does not mean that
migrations between different KVM versions are safe and/or supported!
* Fix instance import/export/move with current socat versions, by letting
socat decide the best TLS method to use (Closes: #871771).
gdm3 (3.22.3-3+deb9u1) stretch; urgency=medium
.
* Backports a bunch of patches to fix XDMCP support including a potential
cracher (Closes: #873199, #814989)
getmail4 (4.53.0-1+deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
* This patch fixes a single error in the getmail_fetch command
introduced in 4.53.0 and fixed in 4.54.0. This also contains the
patch for the upstream version used in the source to be bump to
4.54.0 . This should make users not to complain about the buggy
version in stable. Closes: #877916
grok (1.20110708.1-4.3~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
* Drop the gperf 3.1 patches
.
grok (1.20110708.1-4.3) unstable; urgency=medium
.
* Non-maintainer upload.
* libgrok-dev: Add the missing dependencies on:
- libgrok1 (Closes: #875422)
- libtokyocabinet-dev (Closes: #779034)
.
grok (1.20110708.1-4.2) unstable; urgency=medium
.
* Non-maintainer upload.
* Apply Steve Langasek's fix for wrong pointer alias bug
(Closes: #841668)
* Apply patches to allow build grok with gperf >= 3.1
grok (1.20110708.1-4.2) unstable; urgency=medium
.
* Non-maintainer upload.
* Apply Steve Langasek's fix for wrong pointer alias bug
(Closes: #841668)
* Apply patches to allow build grok with gperf >= 3.1
(Closes: #869594)
gunicorn (19.6.0-10+deb9u1) stretch; urgency=medium
.
* Drop unnecessary "Pre-Depends" on dpkg-dev which was causing gunicorn and
python-gunicorn to bring in a compiler as a dependency.
.
It was orignally added as dpkg-maintscript-helper(1) was being used in the
preinst script requiring a pre-dependency to ensure that the version of
dpkg has been unpacked.
.
However, this version of dpkg-dev is now satisfiable in squeeze, jessie
and stretch and can thus be safely dropped. Thanks to Neil Williams for
the bug report. (Closes: #877712)
icu (57.1-6+deb9u1) stretch; urgency=high
.
* Backport upstream security fix for CVE-2017-14952: double free in
createMetazoneMappings() (closes: #878840).
imagemagick (8:6.9.7.4+dfsg-11+deb9u3) stretch-security; urgency=medium
.
* CVE-2017-12983 (Closes: #873134)
* CVE-2017-13134 (Closes: #873099)
* CVE-2017-13758 (Closes: #878508)
* CVE-2017-13769 (Closes: #878507)
* CVE-2017-14224 (Closes: #876097)
* CVE-2017-14607 (Closes: #878527)
* CVE-2017-14682 (Closes: #876488)
* CVE-2017-14989 (Closes: #878562)
* CVE-2017-15277 (Closes: #878578)
imagemagick (8:6.9.7.4+dfsg-11+deb9u2) stretch-security; urgency=high
.
* Avoid unbounded loop in pwp coder
(Closes: #870526)
* Fix memory exhaustion in PCX coder
(Closes: #870491)
* Fix double free in RelinquishMagickMemory
(Closes: #870119)
* coders/png.c: Memory leak Fix Issue 600
(Closes: #870116)
* Fix hard lock in LockSemaphoreInfo
after reading a png with width==MAGICK_WIDTH_LIMIT
(Closes: #870111)
* Fix out-of-bounds read with the MNG CLIP chunk.
(Closes: #870109)
* Fix heap buffer overflow in ReadOneMNGImage
(Closes: #870106)
* Detect corrupted png early and avoid a crash
(Closes: #870105)
* CVE-2017-11640
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can
lead to an address access exception in the WritePTIFImage() function
in coders/tiff.c.
(Closes: #870067)
* CVE-2017-11639
When ImageMagick processes a crafted file in convert,
it can lead to a heap-based buffer over-read
in the WriteCIPImage() function in coders/cip.c,
related to the GetPixelLuma function in MagickCore/pixel-accessor.h.
(Closes: #870065)
* Fix assertion failed in DestroyImageInfo
(Closes: #870014)
* CVE-2017-11523: endless loop in ReadTXTImage
(Closes: #869210)
* Fix use of uninitialized data in ImageMagick/coders/mat.c
(Closes: #870012)
* CVE-2017-11533
heap buffer overflow in uil coder
(Closes: #869834)
* Fix a crash in jp2 codec
(Closes: #869830)
* CVE-2017-11535
Fix heap based overflow in ps.c
(Closes: #869827)
* CVE-2017-11446
The ReadPESImage function in coders\pes.c has an infinite loop
vulnerability that can cause CPU exhaustion via a crafted PES file.
(Closes: #868950)
* Avoid a crash in mpc coder
(Closes: #869728)
* CVE-2017-11537
Fix a palm coder FPE
(Closes: #869712)
* Fix a use after free in ReadWMFImage
(Closes: #869715)
* Fix a wmf file memory leak in CloneDrawInfo
(Closes: #869713)
* Fix CVE-2017-9500:
An assertion failure was found in the function ResetImageProfileIterator,
which allows attackers to cause a denial of service via a crafted file.
(Closes: #867778)
* Add README.Debian.security.
iproute2 (4.9.0-1+deb9u1) stretch; urgency=medium
.
* Backport upstream commit 97a02cabef to fix segfault with iptables 1.6;
the xtables_globals structure needs to have its new member compat_rev
initialized. (Closes: #868059)
* Sync include/xtables.h from iptables to make sure the right offset is
used when accessing structure members defined in libxtables. One could
get “Extension does not know id …†otherwise. (See also: #868059)
irssi (1.0.2-1+deb9u3) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Address IRSSI-SA-2017-10.
- CVE-2017-15228: Unterminated colour formatting sequences may cause
data access beyond the end of the buffer.
- CVE-2017-15227: Failure to remove destroyed channels from
the query list while waiting for the channel synchronisation
may result in use after free conditions when updating the
state later on.
- CVE-2017-15721: Certain incorrectly formatted DCC CTCP messages
could cause NULL pointer dereference.
- CVE-2017-15723: Overlong nicks or targets may result in a NULL
pointer dereference while splitting the message.
- CVE-2017-15722: Read beyond end of buffer may occur if a Safe
channel ID is not long enough.
(Closes: #879521)
jackson-databind (2.8.6-1+deb9u2) stretch-security; urgency=high
.
* Team upload
* CVE-2017-15095: incomplete fixes for CVE-2017-7525
jackson-databind (2.8.6-1+deb9u1) stretch-security; urgency=high
.
* Team upload.
* Fix CVE-2017-7525: Deserialization vulnerability via readValue
method of ObjectMapper. (Closes: #870848)
jdcal (1.0-1.2~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
jdcal (1.0-1.2) unstable; urgency=medium
.
* Non-maintainer upload.
* Fix a mistake in ${python:Depends} for Python3 (needs to be
${python3:Depends}). Thanks again to Adrian Bunk. (Closes: #867406)
.
jdcal (1.0-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Added ${python:Depends} variable to Depends field in all packages.
Thanks to Adrian Bunk <bunk@debian.org>. (Closes: #867406)
jdcal (1.0-1.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Added ${python:Depends} variable to Depends field in all packages.
Thanks to Adrian Bunk <bunk@debian.org>. (Closes: #867406)
kde-gtk-config (4:5.8.6-1+deb9u1) stretch; urgency=medium
.
* Update debian/rules:
set DATA_INSTALL_DIR variable in configuration options: it is required
for correct search of preview.ui file in gtk*_preview programs.
(These programs have not been working since version 4:5.1.95-0ubuntu1)
* Add patch fix-search-of-gtk-preview-executables.
It is required for showing preview buttons in KDE-GTK-config UI.
(These buttons have not been working since version 4:5.1.95-0ubuntu1)
konversation (1.6.2-2+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2017-15923: Crash in parsing IRC color formatting codes
(Closes: #881586)
lasi (1.1.0-2~deb9u1) stretch; urgency=medium
.
* QA upload.
* Rebuild for stretch.
.
lasi (1.1.0-2) unstable; urgency=medium
.
* QA upload.
* Set maintainer to Debian QA Group. (see #867050)
* Add the missing libpango1.0-dev and libfreetype6-dev
dependencies to liblasi-dev. (Closes: #845497)
* Add ${misc:Depends} to the package dependencies.
libdatetime-timezone-perl (1:2.09-1+2017c) stretch; urgency=medium
.
* Update to Olson database version 2017c.
This update contains contemporary changes for Northern Cyprus, Fiji,
Namibia, Sudan, Tonga, and Turks & Caicos.
libdbd-firebird-perl (1.24-1+deb9u1) stretch; urgency=medium
.
* add upstream patch fixing fetching of decimal(x,y) values between -1 and 0
(Closes: #877720)
libdbi (0.9.0-4+deb9u1) stretch; urgency=medium
.
* Backport fix to re-enable a call to _error_handler() that was commented
out for no obvious reason in dbi_result_next_row() .
libdbi (0.9.0-4+deb8u1) jessie; urgency=medium
.
* Backport fix to re-enable a call to _error_handler() that was commented
out for no obvious reason in dbi_result_next_row() .
liblog-log4perl-perl (1.48-1+deb9u1) stretch; urgency=medium
.
* Team upload.
* Workaround for Perl 5.24 no longer allowing syswrite and utf8 together
(Closes: #855894)
liblouis (3.0.0-3+deb9u1) stretch; urgency=medium
.
Fix buffer overflow and use-after-free CVEs.
.
* debian/patches/CVE-2017-13738-and-2017-13744.patch: New patch.
* debian/patches/CVE-2017-13739-and-2017-13740-and-2017-13742.patch: New
patch
* debian/patches/CVE-2017-13741.patch: New patch.
* debian/patches/CVE-2017-13741-2.patch: New patch.
* debian/patches/CVE-2017-13743.patch: New patch.
libmpd (0.20.0-2~deb9u1) stretch; urgency=medium
.
* QA upload.
* Rebuild for stretch.
.
libmpd (0.20.0-2) unstable; urgency=medium
.
* QA upload.
* Set maintainer to Debian QA Group. (see #876951)
* libmpd-dev: Add the missing dependency on libglib2.0-dev.
(Closes: #518429)
libofx (1:0.9.10-2+deb9u1) stretch; urgency=medium
.
* Add upstream patches to fix:
- CVE-2017-2816 (Closes: #875801).
- CVE-2017-14731 (Closes: #877442).
libpam4j (1.4-2+deb9u1) stretch-security; urgency=high
.
* Team upload.
* Fix CVE-2017-12197 (Closes: #879001):
It was discovered that libpam4j does not call pam_acct_mgmt().
As a consequence, the PAM account is not properly
verified. Any user with a valid password but with deactivated or
disabled account was able to log in.
libpam4j (1.4-2+deb8u1) jessie-security; urgency=high
.
* Team upload.
* Fix CVE-2017-12197 (Closes: #879001):
It was discovered that libpam4j does not call pam_acct_mgmt().
As a consequence, the PAM account is not properly
verified. Any user with a valid password but with deactivated or
disabled account was able to log in.
libvirt (3.0.0-4+deb9u1) stretch-security; urgency=high
.
* CVE-2017-1000256: qemu: ensure TLS clients always verify the server
certificate (Closes: #878799)
libxfont (1:2.0.1-3+deb9u1) stretch-security; urgency=medium
.
* Check for end of string in PatternMatch (CVE-2017-13720)
* pcfGetProperties: Check string boundaries (CVE-2017-13722)
libxkbcommon (0.7.1-2~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
libxkbcommon (0.7.1-2) unstable; urgency=medium
.
* Remove Cyril from Uploaders.
* Add missing dependency libxkbcommon-x11-dev → libxkbcommon-dev
(closes: #872874).
libxml-libxml-perl (2.0128+dfsg-1+deb9u1) stretch-security; urgency=high
.
* Team upload.
* CVE-2017-10672: Use-after-free by controlling the arguments to a
replaceChild call (Closes: #866676)
libxsettings-client (0.17-9~deb9u1) stretch; urgency=medium
.
* QA upload.
* Rebuild for stretch.
.
libxsettings-client (0.17-9) unstable; urgency=medium
.
* QA upload.
* Add the missing libxsettings-client-dev -> libxsettings-dev
dependency. (Closes: #695584)
linux (4.9.65-3) stretch; urgency=medium
.
[ Salvatore Bonaccorso ]
* xen/time: do not decrease steal time after live migration on xen
(Closes: #871608)
linux (4.9.65-2) stretch; urgency=medium
.
* [s390x] qeth: Ignore ABI changes (fixes FTBFS)
linux (4.9.65-1) stretch; urgency=medium
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.52
- mm: prevent double decrease of nr_reserved_highatomic
- IB/{qib, hfi1}: Avoid flow control testing for RDMA write operation
- IB/addr: Fix setting source address in addr6_resolve()
- tty: improve tty_insert_flip_char() fast path
- tty: improve tty_insert_flip_char() slow path
- tty: fix __tty_insert_flip_char regression
- [x86] pinctrl/amd: save pin registers over suspend/resume
- [mips*] math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix quiet NaN propagation
- [mips*] math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix cases of both inputs zero
- [mips*] math-emu: <MAX|MIN>.<D|S>: Fix cases of both inputs negative
- [mips*] math-emu: <MAXA|MINA>.<D|S>: Fix cases of input values with
opposite signs
- [mips*] math-emu: <MAXA|MINA>.<D|S>: Fix cases of both infinite inputs
- [mips*] math-emu: MINA.<D|S>: Fix some cases of infinity and zero inputs
- [mips*] math-emu: Handle zero accumulator case in MADDF and MSUBF
separately
- [mips*] math-emu: <MADDF|MSUBF>.<D|S>: Fix NaN propagation
- [mips*] math-emu: <MADDF|MSUBF>.<D|S>: Fix some cases of infinite inputs
- [mips*] math-emu: <MADDF|MSUBF>.<D|S>: Fix some cases of zero inputs
- [mips*] math-emu: <MADDF|MSUBF>.<D|S>: Clean up "maddf_flags" enumeration
- [mips*] math-emu: <MADDF|MSUBF>.S: Fix accuracy (32-bit case)
- [mips*] math-emu: <MADDF|MSUBF>.D: Fix accuracy (64-bit case)
- [x86] crypto: ccp - Fix XTS-AES-128 support on v5 CCPs
- crypto: AF_ALG - remove SGL terminator indicator when chaining
- ext4: fix incorrect quotaoff if the quota feature is enabled
- ext4: fix quota inconsistency during orphan cleanup for read-only mounts
- [powerpc*] Fix DAR reporting when alignment handler faults
- block: Relax a check in blk_start_queue()
- md/bitmap: disable bitmap_resize for file-backed bitmaps.
- skd: Avoid that module unloading triggers a use-after-free
- skd: Submit requests to firmware before triggering the doorbell
- [s390x] scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled
- [s390x] scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress
path
- [s390x] scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace
records
- [s390x] scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate
with HBA
- [s390x] scsi: zfcp: fix missing trace records for early returns in TMF eh
handlers
- [s390x] scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records
- [s390x] scsi: zfcp: trace HBA FSF response by default on dismiss or
timedout late response
- [s390x] scsi: zfcp: trace high part of "new" 64 bit SCSI LUN
- scsi: megaraid_sas: set minimum value of resetwaittime to be 1 secs
- scsi: megaraid_sas: Check valid aen class range to avoid kernel panic
- scsi: megaraid_sas: Return pended IOCTLs with cmd_status
MFI_STAT_WRONG_STATE in case adapter is dead
- [x86] scsi: storvsc: fix memory leak on ring buffer busy
- scsi: sg: remove 'save_scat_len'
- scsi: sg: use standard lists for sg_requests
- scsi: sg: off by one in sg_ioctl()
- scsi: sg: factor out sg_fill_request_table()
- scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE
- scsi: qla2xxx: Correction to vha->vref_count timeout
- ftrace: Fix selftest goto location on error
- ftrace: Fix memleak when unregistering dynamic ops when tracing disabled
- tracing: Add barrier to trace_printk() buffer nesting modification
- tracing: Apply trace_clock changes to instance max buffer
- [x86] PCI: shpchp: Enable bridge bus mastering if MSI is enabled
- PCI: pciehp: Report power fault only once until we clear it
- net/netfilter/nf_conntrack_core: Fix net_conntrack_lock()
- [s390x] mm: fix local TLB flushing vs. detach of an mm address space
- [s390x] mm: fix race on mm->context.flush_mm
- media: v4l2-compat-ioctl32: Fix timespec conversion
- media: uvcvideo: Prevent heap overflow when accessing mapped controls
- PM / devfreq: Fix memory leak when fail to register device
- bcache: initialize dirty stripes in flash_dev_run()
- bcache: Fix leak of bdev reference
- bcache: do not subtract sectors_to_gc for bypassed IO
- bcache: correct cache_dirty_target in __update_writeback_rate()
- bcache: Correct return value for sysfs attach errors
- bcache: fix for gc and write-back race
- bcache: fix bch_hprint crash and improve output
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.53
- cifs: release cifs root_cred after exit_cifs
- cifs: release auth_key.response for reconnect.
- fs/proc: Report eip/esp in /prod/PID/stat for coredumping
- mac80211: fix VLAN handling with TXQs
- mac80211_hwsim: Use proper TX power
- mac80211: flush hw_roc_start work before cancelling the ROC
- genirq: Make sparse_irq_lock protect what it should protect
- [powerpc*] KVM: Book3S: Fix race and leak in
kvm_vm_ioctl_create_spapr_tce()
- [powerpc*] KVM: Book3S HV: Protect updates to spapr_tce_tables list
- tracing: Fix trace_pipe behavior for instance traces
- tracing: Erase irqsoff trace with empty write
- md/raid5: fix a race condition in stripe batch
- md/raid5: preserve STRIPE_ON_UNPLUG_LIST in break_stripe_batch_list
- drm/radeon: disable hard reset in hibernate for APUs
- crypto: drbg - fix freeing of resources
- security/keys: properly zero out sensitive key material in big_key
- security/keys: rewrite all of big_key crypto
- KEYS: fix writing past end of user-supplied buffer in keyring_read()
- KEYS: prevent creating a different user's keyrings
- KEYS: prevent KEYCTL_READ on negative key (CVE-2017-12192)
- [powerpc*] pseries: Fix parent_dn reference leak in add_dt_node()
- [powerpc*] tm: Flush TM only if CPU has TM feature
- [powerpc*] ftrace: Pass the correct stack pointer for
DYNAMIC_FTRACE_WITH_REGS
- [s390x] mm: fix write access check in gup_huge_pmd()
- PM: core: Fix device_pm_check_callbacks()
- cifs: Fix SMB3.1.1 guest authentication to Samba
- SMB3: Warn user if trying to sign connection that authenticated as guest
- SMB: Validate negotiate (to protect against downgrade) even if signing off
- SMB3: Don't ignore O_SYNC/O_DSYNC and O_DIRECT flags
- vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA offsets
- iw_cxgb4: remove the stid on listen create failure
- iw_cxgb4: put ep reference in pass_accept_req()
- seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter()
- [arm64] Make sure SPsel is always set
- [arm64] fault: Route pte translation faults via do_translation_fault
- [x86] KVM: VMX: extract __pi_post_block
- [x86] KVM: VMX: avoid double list add with VT-d posted interrupts
- [x86] KVM: VMX: simplify and fix vmx_vcpu_pi_load
- [x86] kvm: Handle async PF in RCU read-side critical sections
- xfs: validate bdev support for DAX inode flag
- [armhf] etnaviv: fix gem object list corruption
- PCI: Fix race condition with driver_override
- btrfs: fix NULL pointer dereference from free_reloc_roots()
- btrfs: propagate error to btrfs_cmp_data_prepare caller
- btrfs: prevent to set invalid default subvolid
- [x86] mm: Fix fault error path using unsafe vma pointer
- [x86] fpu: Don't let userspace set bogus xcomp_bv
- gfs2: Fix debugfs glocks dump
- timer/sysctl: Restrict timer migration sysctl values to 0 and 1
- [x86] KVM: VMX: do not change SN bit in vmx_update_pi_irte()
- [x86] KVM: VMX: remove WARN_ON_ONCE in kvm_vcpu_trigger_posted_interrupt
- [powerpc*] cxl: Fix driver use count
- [x86] KVM: VMX: use cmpxchg64
- swiotlb-xen: implement xen_swiotlb_dma_mmap callback
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.54
- drm_fourcc: Fix DRM_FORMAT_MOD_LINEAR #define
- drm: bridge: add DT bindings for TI ths8135
- GFS2: Fix reference to ERR_PTR in gfs2_glock_iter_next
- [x86] drm/i915: Fix the overlay frontbuffer tracking
- [armhf] dts: exynos: Add CPU OPPs for Exynos4412 Prime
- [armhf] clk: sunxi-ng: fix PLL_CPUX adjusting on H3
- RDS: RDMA: Fix the composite message user notification
- [mips*] Ensure bss section ends on a long-aligned address
- scsi: be2iscsi: Add checks to validate CID alloc/free
- [armhf] dts: am335x-chilisom: Wakeup from RTC-only state by power on event
- igb: re-assign hw address pointer on reset after PCI error
- hwmon: (gl520sm) Fix overflows and crash seen when writing into limit
attributes
- IB/rxe: Add a runtime check in alloc_index()
- IB/rxe: Fix a MR reference leak in check_rkey()
- [x86] drm/i915/psr: disable psr2 for resolution greater than 32X20
- serial: 8250: moxa: Store num_ports in brd
- serial: 8250_port: Remove dangerous pr_debug()
- IB/ipoib: Fix deadlock over vlan_mutex
- IB/ipoib: rtnl_unlock can not come after free_netdev
- IB/ipoib: Replace list_del of the neigh->list with list_del_init
- [amd64] drm/amdkfd: fix improper return value on error
- USB: serial: mos7720: fix control-message error handling
- USB: serial: mos7840: fix control-message error handling
- sfc: get PIO buffer size from the NIC
- partitions/efi: Fix integer overflow in GPT size calculation
- ASoC: dapm: handle probe deferrals
- audit: log 32-bit socketcalls
- ath10k: prevent sta pointer rcu violation
- [armhf,arm64] iommu/arm-smmu: Set privileged attribute to 'default'
instead of 'unprivileged'
- [armhf,arm64] usb: chipidea: vbus event may exist before starting gadget
- ASoC: dapm: fix some pointer error handling
- [arm64] drm: mali-dp: Fix destination size handling when rotating
- [arm64] drm: mali-dp: Fix transposed horizontal/vertical flip
- HID: wacom: release the resources before leaving despite devm
- net: core: Prevent from dereferencing null pointer when releasing SKB
- net/packet: check length in getsockopt() called with PACKET_HDRLEN
- team: fix memory leaks
- udp: disable inner UDP checksum offloads in IPsec case
- qed: Fix possible system hang in the dcbnl-getdcbx() path.
- mmc: sdio: fix alignment issue in struct sdio_func
- bridge: netlink: register netdevice before executing changelink
- Btrfs: fix segmentation fault when doing dio read
- Btrfs: fix potential use-after-free for cloned bio
- sata_via: Enable hotplug only on VT6421
- hugetlbfs: initialize shared policy as part of inode allocation
- netfilter: invoke synchronize_rcu after set the _hook_ to NULL
- [mips*] IRQ Stack: Unwind IRQ stack onto task stack
- nvme-rdma: handle cpu unplug when re-establishing the controller
- netfilter: nfnl_cthelper: fix incorrect helper->expect_class_max
- nfs: make nfs4_cb_sv_ops static
- [x86] cpufreq: intel_pstate: Update pid_params.sample_rate_ns in
pid_param_set()
- [x86] acpi: Restore the order of CPU IDs
- [armhf,arm64] iommu/io-pgtable-arm: Check for leaf entry before
dereferencing it
- mm/cgroup: avoid panic when init with low memory
- rds: ib: add error handle
- md/raid10: submit bio directly to replacement disk
- netfilter: nf_tables: set pktinfo->thoff at AH header if found
- [arm64] i2c: meson: fix wrong variable usage in meson_i2c_put_data
- xfs: remove kmem_zalloc_greedy
- libata: transport: Remove circular dependency at free time
- tools/power turbostat: bugfix: GFXMHz column not changing
- IB/qib: fix false-postive maybe-uninitialized warning
- ttpci: address stringop overflow warning
- [s390x] mm: make pmdp_invalidate() do invalidation only
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.55
- USB: gadgetfs: Fix crash caused by inadequate synchronization
- USB: gadgetfs: fix copy_to_user while holding spinlock
- usb-storage: unusual_devs entry to fix write-access regression for
Seagate external drives
- usb-storage: fix bogus hardware error messages for ATA pass-thru devices
- ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor
(CVE-2017-16529)
- usb: pci-quirks.c: Corrected timeout values used in handshake
- USB: cdc-wdm: ignore -EPIPE from GetEncapsulatedResponse
- USB: dummy-hcd: fix connection failures (wrong speed)
- USB: dummy-hcd: fix infinite-loop resubmission bug
- USB: dummy-hcd: Fix erroneous synchronization change
- usb: gadget: mass_storage: set msg_registered after msg registered
- USB: g_mass_storage: Fix deadlock when driver is unbound
- USB: uas: fix bug in handling of alternate settings (CVE-2017-16530)
- USB: core: harden cdc_parse_cdc_header (CVE-2017-16534)
- usb: Increase quirk delay for USB devices
- USB: fix out-of-bounds in usb_set_configuration (CVE-2017-16531)
- xhci: fix finding correct bus_state structure for USB 3.1 hosts
- xhci: Fix sleeping with spin_lock_irq() held in ASmedia 1042A workaround
- xhci: set missing SuperSpeedPlus Link Protocol bit in roothub descriptor
- [x86] Revert "xhci: Limit USB2 port wake support for AMD Promontory hosts"
- [armhf] iio: adc: twl4030: Fix an error handling path in
'twl4030_madc_probe()'
- [armhf] iio: adc: twl4030: Disable the vusb3v1 rugulator in the error
handling path of 'twl4030_madc_probe()'
- iio: core: Return error for failed read_reg
- uwb: properly check kthread_run return value (CVE-2017-16526)
- uwb: ensure that endpoint is interrupt
- mm, oom_reaper: skip mm structs with mmu notifiers
- lib/ratelimit.c: use deferred printk() version
- Revert "ALSA: echoaudio: purge contradictions between dimension matrix
members and total number of members"
- ALSA: usx2y: Suppress kernel warning at page allocation failures
- net: sched: fix use-after-free in tcf_action_destroy and tcf_del_walker
- sctp: potential read out of bounds in sctp_ulpevent_type_enabled()
- tcp: update skb->skb_mstamp more carefully
- bpf/verifier: reject BPF_ALU64|BPF_END
- tcp: fix data delivery rate
- udpv6: Fix the checksum computation when HW checksum does not apply
- ip6_gre: skb_push ipv6hdr before packing the header in ip6gre_header
- net: phy: Fix mask value write on gmii2rgmii converter speed register
- ip6_tunnel: do not allow loading ip6_tunnel if ipv6 is disabled in cmdline
- net/sched: cls_matchall: fix crash when used with classful qdisc
- tcp: fastopen: fix on syn-data transmit failure
- [powerpc,ppc64] net: emac: Fix napi poll list corruption
- packet: hold bind lock when rebinding to fanout hook (CVE-2017-15649)
- bpf: one perf event close won't free bpf program attached by another perf
event
- net_sched: always reset qdisc backlog in qdisc_reset()
- vti: fix use after free in vti_tunnel_xmit/vti6_tnl_xmit
- l2tp: Avoid schedule while atomic in exit_net
- l2tp: fix race condition in l2tp_tunnel_delete
- tun: bail out from tun_get_user() if the skb is empty
- net: dsa: Fix network device registration order
- packet: in packet_do_bind, test fanout with bind_lock held
(CVE-2017-15649)
- packet: only test po->has_vnet_hdr once in packet_snd
- net: Set sk_prot_creator when cloning sockets to the right proto
- netlink: do not proceed if dump's start() errs
- ip6_gre: ip6gre_tap device should keep dst
- ip6_tunnel: update mtu properly for ARPHRD_ETHER tunnel device in tx path
- tipc: use only positive error codes in messages
- net: rtnetlink: fix info leak in RTM_GETSTATS call
- [powerpc*/*64*]: Use emergency stack for kernel TM Bad Thing program
checks (CVE-2017-1000255)
- [powerpc*] tm: Fix illegal TM state in signal handler (CVE-2017-1000255)
- percpu: make this_cpu_generic_read() atomic w.r.t. interrupts
- driver core: platform: Don't read past the end of "driver_override" buffer
- [x86] Drivers: hv: fcopy: restore correct transfer length
- ftrace: Fix kmemleak in unregister_ftrace_graph
- HID: i2c-hid: allocate hid buffers for real worst case
- HID: wacom: leds: Don't try to control the EKR's read-only LEDs
- HID: wacom: Always increment hdev refcount within wacom_get_hdev_data
- HID: wacom: bits shifted too much for 9th and 10th buttons
- netlink: fix nla_put_{u8,u16,u32} for KASAN
- iwlwifi: mvm: use IWL_HCMD_NOCOPY for MCAST_FILTER_CMD
- iwlwifi: add workaround to disable wide channels in 5GHz
- scsi: sd: Do not override max_sectors_kb sysfs setting
- brcmfmac: add length check in brcmf_cfg80211_escan_handler()
(CVE-2017-0786)
- brcmfmac: setup passive scan if requested by user-space
- [x86] drm/i915/bios: ignore HDMI on port A
- nvme-pci: Use PCI bus address for data/queues in CMB
- mmc: core: add driver strength selection when selecting hs400es
- sched/cpuset/pm: Fix cpuset vs. suspend-resume bugs
- vfs: deny copy_file_range() for non regular files
- ext4: fix data corruption for mmap writes
- ext4: don't allow encrypted operations without keys
- f2fs: don't allow encrypted operations without keys
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.56
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.57
- ext4: in ext4_seek_{hole,data}, return -ENXIO for negative offsets
- CIFS: Reconnect expired SMB sessions
- nl80211: Define policy for packet pattern attributes
- rcu: Allow for page faults in NMI handlers
- USB: dummy-hcd: Fix deadlock caused by disconnect detection
- [mips*] math-emu: Remove pr_err() calls from fpu_emu()
- [armhf] dmaengine: edma: Align the memcpy acnt array size with the
transfer
- [armhf] dmaengine: ti-dma-crossbar: Fix possible race condition with
dma_inuse
- HID: usbhid: fix out-of-bounds bug (CVE-2017-16533)
- crypto: shash - Fix zero-length shash ahash digest crash
- [x86] KVM: MMU: always terminate page walks at level 1
- [x86] KVM: nVMX: fix guest CR4 loading when emulating L2 to L1 exit
- [x86] iommu/amd: Finish TLB flush in amd_iommu_unmap()
- device property: Track owner device of device property
- fs/mpage.c: fix mpage_writepage() for pages with buffers
- ALSA: usb-audio: Kill stray URB at exiting (CVE-2017-16527)
- ALSA: seq: Fix use-after-free at creating a port (CVE-2017-15265)
- ALSA: seq: Fix copy_from_user() call inside lock
- ALSA: caiaq: Fix stray URB at probe error path
- ALSA: line6: Fix missing initialization before error path
- ALSA: line6: Fix leftover URB at error-path during probe
- [x86] drm/i915/edp: Get the Panel Power Off timestamp after panel is off
- [x86] drm/i915: Read timings from the correct transcoder in
intel_crtc_mode_get()
- [x86] drm/i915/bios: parse DDI ports also for CHV for HDMI DDC pin and DP
AUX channel
- usb: gadget: configfs: Fix memory leak of interface directory data
- usb: gadget: composite: Fix use-after-free in
usb_composite_overwrite_options
- direct-io: Prevent NULL pointer access in submit_page_section
- fix unbalanced page refcounting in bio_map_user_iov (CVE-2017-12190)
- more bio_map_user_iov() leak fixes
- bio_copy_user_iov(): don't ignore ->iov_offset
- USB: serial: console: fix use-after-free after failed setup
(CVE-2017-16525)
- [x86] alternatives: Fix alt_max_short macro to really be a max()
- [x86] KVM: nVMX: update last_nonleaf_level when initializing nested EPT
(CVE-2017-12188)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.58
- [mips*] Fix minimum alignment requirement of IRQ stack
- xen-netback: Use GFP_ATOMIC to allocate hash
- irqchip/crossbar: Fix incorrect type of local variables
- initramfs: finish fput() before accessing any binary from initramfs
- mac80211_hwsim: check HWSIM_ATTR_RADIO_NAME length
- qed: Don't use attention PTT for configuring BW
- mac80211: fix power saving clients handling in iwlwifi
- net/mlx4_en: fix overflow in mlx4_en_init_timestamp()
- netfilter: nf_ct_expect: Change __nf_ct_expect_check() return value.
- f2fs: do SSR for data when there is enough free space
- sched/fair: Update rq clock before changing a task's CPU affinity
- Btrfs: send, fix failure to rename top level inode due to name collision
- f2fs: do not wait for writeback in write_begin
- md/linear: shutup lockdep warnning
- net/mlx4_core: Fix VF overwrite of module param which disables DMFS on new
probed PFs
- mm/memory_hotplug: set magic number to page->freelist instead of
page->lru.next
- ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock
- scsi: scsi_dh_emc: return success in clariion_std_inquiry()
- drm/amdgpu: refuse to reserve io mem for split VRAM buffers
- [armhf] net: mvpp2: release reference to txq_cpu[] entry after unmapping
- qede: Prevent index problems in loopback test
- qed: Reserve doorbell BAR space for present CPUs
- qed: Read queue state before releasing buffer
- ceph: don't update_dentry_lease unless we actually got one
- ceph: fix bogus endianness change in ceph_ioctl_set_layout
- ceph: clean up unsafe d_parent accesses in build_dentry_path
- uapi: fix linux/mroute6.h userspace compilation errors
- [amd64] IB/hfi1: Use static CTLE with Preset 6 for integrated HFIs
- [amd64] IB/hfi1: Allocate context data on memory node
- target/iscsi: Fix unsolicited data seq_end_offset calculation
- hrtimer: Catch invalid clockids again
- nfsd/callback: Cleanup callback cred on shutdown
- [powerpc*] perf: Add restrictions to PMC5 in power9 DD1
- drm/nouveau/gr/gf100-: fix ccache error logging
- regulator: core: Resolve supplies before disabling unused regulators
- btmrvl: avoid double-disable_irq() race
- [x86] EDAC, mce_amd: Print IPID and Syndrome on a separate line
- usb: dwc3: gadget: Correct ISOC DATA PIDs for short packets
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.59
- USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor()
(CVE-2017-16535)
- usb: hub: Allow reset retry for USB2 devices on connect bounce
- can: gs_usb: fix busy loop if no more TX context is available
- iio: dummy: events: Add missing break
- [armhf] usb: musb: sunxi: Explicitly release USB PHY on exit
- [armhf] usb: musb: Check for host-mode using is_host_active() on reset
interrupt
- xhci: Identify USB 3.1 capable hosts by their port protocol capability
- can: esd_usb2: Fix can_dlc value for received RTR, frames
- drm/nouveau/bsp/g92: disable by default
- drm/nouveau/mmu: flush tlbs before deleting page tables
- ALSA: seq: Enable 'use' locking in all configurations
- ALSA: hda: Remove superfluous '-' added by printk conversion
- ALSA: hda: Abort capability probe at invalid register read
- [x86] i2c: ismt: Separate I2C block read from SMBus block read
- i2c: piix4: Fix SMBus port selection for AMD Family 17h chips
- brcmfmac: Add check for short event packets
- brcmsmac: make some local variables 'static const' to reduce stack size
- [armel,armhf] bus: mbus: fix window size calculation for 4GB windows
- [i386] clockevents/drivers/cs5535: Improve resilience to spurious
interrupts
- rtlwifi: rtl8821ae: Fix connection lost problem
- [x86] microcode/intel: Disable late loading on model 79
- KEYS: encrypted: fix dereference of NULL user_key_payload
- lib/digsig: fix dereference of NULL user_key_payload
- KEYS: don't let add_key() update an uninstantiated key (CVE-2017-15299)
- pkcs7: Prevent NULL pointer dereference, since sinfo is not always set.
- [x86] vmbus: fix missing signaling in hv_signal_on_read()
- xfs: don't unconditionally clear the reflink flag on zero-block files
- xfs: evict CoW fork extents when performing finsert/fcollapse
- fs/xfs: Use %pS printk format for direct addresses
- xfs: report zeroed or not correctly in xfs_zero_range()
- xfs: update i_size after unwritten conversion in dio completion
- xfs: perag initialization should only touch m_ag_max_usable for AG 0
- xfs: Capture state of the right inode in xfs_iflush_done
- xfs: always swap the cow forks when swapping extents
- xfs: handle racy AIO in xfs_reflink_end_cow
- xfs: Don't log uninitialised fields in inode structures
- xfs: move more RT specific code under CONFIG_XFS_RT
- xfs: don't change inode mode if ACL update fails
- xfs: reinit btree pointer on attr tree inactivation walk
- xfs: handle error if xfs_btree_get_bufs fails
- xfs: cancel dirty pages on invalidation
- xfs: trim writepage mapping to within eof
- fscrypt: fix dereference of NULL user_key_payload
- KEYS: Fix race between updating and finding a negative key
(CVE-2017-15951)
- FS-Cache: fix dereference of NULL user_key_payload
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.60
- workqueue: replace pool->manager_arb mutex with a flag
- ceph: unlock dangling spinlock in try_flush_caps()
- usb: xhci: Handle error condition in xhci_stop_device()
- [powerpc*] KVM: Fix oops when checking KVM_CAP_PPC_HTM (CVE-2017-15306)
- fuse: fix READDIRPLUS skipping an entry
- xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap()
- Input: gtco - fix potential out-of-bound access (CVE-2017-16643)
- assoc_array: Fix a buggy node-splitting case
- [s390x] scsi: zfcp: fix erp_action use-before-initialize in REC action
trace
- scsi: sg: Re-fix off by one in sg_fill_request_table()
- drm/amd/powerplay: fix uninitialized variable
- [armhf] can: sun4i: fix loopback mode
- can: kvaser_usb: Correct return value in printout
- can: kvaser_usb: Ignore CMD_FLUSH_QUEUE_REPLY messages
- cfg80211: fix connect/disconnect edge cases
- ipsec: Fix aborted xfrm policy dump crash (CVE-2017-16939)
- [armhf] regulator: fan53555: fix I2C device ids
- ecryptfs: fix dereference of NULL user_key_payload
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.61
- ALSA: timer: Add missing mutex lock for compat ioctls
- ALSA: seq: Fix nested rwsem annotation for lockdep splat
- cifs: check MaxPathNameComponentLength != 0 before using it
(Closes: #880504)
- KEYS: return full count in keyring_read() if buffer is too small
- KEYS: fix out-of-bounds read during ASN.1 parsing
- [arm64] ensure __dump_instr() checks addr_limit
- [armhf,arm64] KVM: set right LR register value for 32 bit guest when
inject abort
- [armhf,arm64] kvm: Disable branch profiling in HYP code
- [armel,armhf] 8715/1: add a private asm/unaligned.h
- drm/amdgpu: return -ENOENT from uvd 6.0 early init for harvesting
- ocfs2: fstrim: Fix start offset of first cluster group during fstrim
- [x86] drm/i915/edp: read edp display control registers unconditionally
- [arm64] drm/msm: Fix potential buffer overflow issue
- [arm64] drm/msm: fix an integer overflow test
- cpufreq: Do not clear real_cpus mask on policy init
- [x86] crypto: ccp - Set the AES size field for all modes
- IB/mlx5: Assign DSCP for R-RoCE QPs Address Path
- PM / wakeirq: report a wakeup_event on dedicated wekup irq
- scsi: megaraid_sas: Do not set fp_possible if TM capable for non-RW
syspdIO, change fp_possible to bool
- [armhf] mfd: axp20x: Fix axp288 PEK_DBR and PEK_DBF irqs being swapped
- bnxt_en: Added PCI IDs for BCM57452 and BCM57454 ASICs
- staging: rtl8712u: Fix endian settings for structs describing network
packets
- PCI/MSI: Return failure when msix_setup_entries() fails
- ext4: fix stripe-unaligned allocations
- ext4: do not use stripe_width if it is not set
- [x86] net/ena: change driver's default timeouts
- drm/amdgpu: when dpm disabled, also need to stop/start vce.
- perf tools: Only increase index if perf_evsel__new_idx() succeeds
- iwlwifi: mvm: use the PROBE_RESP_QUEUE to send deauth to unknown station
- [armhf,arm64] clocksource/drivers/arm_arch_timer: Add dt binding for
hisilicon-161010101 erratum
- net: phy: dp83867: Recover from "port mirroring" N/A MODE4
- cx231xx: Fix I2C on Internal Master 3 Bus
- ath10k: fix reading sram contents for QCA4019
- [armhf] clk: sunxi-ng: Check kzalloc() for errors and cleanup error path
- [armhf] mtd: nand: sunxi: Fix the non-polling case in
sunxi_nfc_wait_events()
- xen/manage: correct return value check on xenbus_scanf()
- scsi: aacraid: Process Error for response I/O
- [x86] platform: intel_mid_thermal: Fix module autoload
- [x86] staging: lustre: llite: don't invoke direct_IO for the EOF case
- [x86] staging: lustre: hsm: stack overrun in hai_dump_data_field
- [x86] staging: lustre: ptlrpc: skip lock if export failed
- [x86] staging: lustre: lmv: Error not handled for lmv_find_target
- brcmfmac: check brcmf_bus_get_memdump result for error
- vfs: open() with O_CREAT should not create inodes with unknown ids
- [x86] ASoC: Intel: boards: remove .pm_ops in all Atom/DPCM machine drivers
- [armhf] exynos4-is: fimc-is: Unmap region obtained by of_iomap()
- [x86] mei: return error on notification request to a disconnected client
- [s390x] dasd: check for device error pointer within state change
interrupts
- [s390x] prng: Adjust generation of entropy to produce real 256 bits.
- [s390x] crypto: Extend key length check for AES-XTS in fips mode.
- bt8xx: fix memory leak
- [armhf] drm/exynos: g2d: prevent integer overflow in
- PCI: Avoid possible deadlock on pci_lock and p->pi_lock
- [powerpc*/*64*]: Don't try to use radix MMU under a hypervisor
- xen: don't print error message in case of missing Xenstore entry
- [armel,armhf] dts: mvebu: pl310-cache disable double-linefill
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.62
- [armel,armhf] PCI: mvebu: Handle changes to the bridge windows while
enabled
- sched/core: Add missing update_rq_clock() call in sched_move_task()
- xen/netback: set default upper limit of tx/rx queues to 8
- [x86] EDAC, amd64: Add x86cpuid sanity check during init
- PM / OPP: Error out on failing to add static OPPs for v1 bindings
- [armhf] clk: samsung: exynos5433: Add IDs for PHYCLK_MIPIDPHY0_* clocks
- drm: drm_minor_register(): Clean up debugfs on failure
- [powerpc*] KVM: Book 3S: XICS: correct the real mode ICP rejecting counter
- [armhf,arm64] iommu/arm-smmu-v3: Clear prior settings when updating STEs
- [x86] pinctrl: baytrail: Fix debugfs offset output
- [powerpc*] corenet: explicitly disable the SDHC controller on kmcoge4
- [powerpc*] cxl: Force psl data-cache flush during device shutdown
- [arm64] dma-mapping: Only swizzle DMA ops for IOMMU_DOMAIN_DMA
- [powerpc*] crypto: vmx - disable preemption to enable vsx in aes_ctr.c
- [arm64] drm: mali-dp: fix Lx_CONTROL register fields clobber
- iio: trigger: free trigger resource correctly
- [x86] iio: proximity: sx9500: claim direct mode during raw proximity reads
- libertas: fix improper return value
- usb: hcd: initialize hcd->flags to 0 when rm hcd
- netfilter: nft_meta: deal with PACKET_LOOPBACK in netdev family
- brcmfmac: setup wiphy bands after registering it first
- rt2800usb: mark tx failure on timeout
- apparmor: fix undefined reference to `aa_g_hash_policy'
- IPsec: do not ignore crypto err in ah4 input
- [x86] EDAC, amd64: Save and return err code from probe_one_instance()
- [s390x] topology: make "topology=off" parameter work
- [powerpc] sched/cputime: Fix stale scaled stime on context switch
- IB/ipoib: Change list_del to list_del_init in the tx object
- [armhf] dts: STiH410-family: fix wrong parent clock frequency
- [s390x] qeth: fix retrieval of vipa and proxy-arp addresses
- [s390x] qeth: issue STARTLAN as first IPA command
- [arm64] wcn36xx: Don't use the destroyed hal_mutex
- IB/rxe: Fix reference leaks in memory key invalidation code
- [armhf] clk: mvebu: adjust AP806 CPU clock frequencies to production chip
- [x86] platform: hp-wmi: Fix detection for dock and tablet mode
- cdc_ncm: Set NTB format again after altsetting switch for Huawei devices
- KEYS: trusted: sanitize all key material
- KEYS: trusted: fix writing past end of buffer in trusted_read()
- [x86] platform: hp-wmi: Fix error value for hp_wmi_tablet_state
- [x86] platform: hp-wmi: Do not shadow error values
- [x86] uaccess, sched/preempt: Verify access_ok() context
- workqueue: Fix NULL pointer dereference
- crypto: ccm - preserve the IV buffer
- [x86] crypto: sha1-mb - fix panic due to unaligned access
- [x86] crypto: sha256-mb - fix panic due to unaligned access
- KEYS: fix NULL pointer dereference during ASN.1 parsing [ver #2]
- [armel,armhf] 8720/1: ensure dump_instr() checks addr_limit
- ALSA: seq: Fix OSS sysex delivery in OSS emulation
- [x86] drm/i915: Do not rely on wm preservation for ILK watermarks
- [mips*] Fix CM region target definitions
- [mips*] SMP: Use a completion event to signal CPU up
- [mips*] Fix race on setting and getting cpu_online_mask
- [mips*] SMP: Fix deadlock & online race
- [armhf] ASoC: sun4i-spdif: remove legacy dapm components
- rbd: use GFP_NOIO for parent stat and data requests
- [x86] drm/vmwgfx: Fix Ubuntu 17.10 Wayland black screen issue
- [arm64] drm/bridge: adv7511: Rework adv7511_power_on/off() so they can be
reused internally
- [arm64] drm/bridge: adv7511: Reuse __adv7511_power_on/off() when probing
EDID
- [arm64] drm/bridge: adv7511: Re-write the i2c address before EDID probing
- [armhf] can: sun4i: handle overrun in RX FIFO
- [x86] smpboot: Make optimization of delay calibration work correctly
- [x86] oprofile/ppro: Do not use __this_cpu*() in preemptible context
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.63
- gso: fix payload length when gso_size is zero
- tun/tap: sanitize TUNSETSNDBUF input
- ipv6: addrconf: increment ifp refcount before ipv6_del_addr()
- netlink: do not set cb_running if dump's start() errs
- net: call cgroup_sk_alloc() earlier in sk_clone_lock()
- tcp: fix tcp_mtu_probe() vs highest_sack
- l2tp: check ps->sock before running pppol2tp_session_ioctl()
- tun: call dev_get_valid_name() before register_netdevice()
- sctp: add the missing sock_owned_by_user check in sctp_icmp_redirect
- tcp/dccp: fix ireq->opt races
- packet: avoid panic in packet_getsockopt()
- soreuseport: fix initialization race
- ipv6: flowlabel: do not leave opt->tot_len with garbage
- sctp: full support for ipv6 ip_nonlocal_bind & IP_FREEBIND
- tcp/dccp: fix lockdep splat in inet_csk_route_req()
- tcp/dccp: fix other lockdep splats accessing ireq_opt
- net/unix: don't show information about sockets from other namespaces
- tap: double-free in error path in tap_open()
- ipip: only increase err_count for some certain type icmp in ipip_err
- ip6_gre: only increase err_count for some certain type icmpv6 in
ip6gre_err
- ip6_gre: update dst pmtu if dev mtu has been updated by toobig in
__gre6_xmit
- tun: allow positive return values on dev_get_valid_name() call
- sctp: reset owner sk for data chunks on out queues when migrating a sock
- net_sched: avoid matching qdisc with zero handle
- ppp: fix race in ppp device destruction
- mac80211: accept key reinstall without changing anything (CVE-2017-13080)
- mac80211: use constant time comparison with keys
- mac80211: don't compare TKIP TX MIC key in reinstall prevention
(CVE-2017-13080)
- usb: usbtest: fix NULL pointer dereference (CVE-2017-16532)
- Input: ims-psu - check if CDC union descriptor is sane (CVE-2017-16645)
- ALSA: seq: Cancel pending autoload work at unbinding device
(CVE-2017-16528)
- netfilter: nat: avoid use of nf_conn_nat extension
- netfilter: nat: Revert "netfilter: nat: convert nat bysrc hash to
rhashtable"
- brcmfmac: remove setting IBSS mode when stopping AP
- [arm64,mips*] security/keys: add CONFIG_KEYS_COMPAT to Kconfig
(Closes: #881830)
- target/iscsi: Fix iSCSI task reassignment handling
- qla2xxx: Fix incorrect tcm_qla2xxx_free_cmd use during TMR ABORT (v2)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.64
- media: imon: Fix null-ptr-deref in imon_probe (CVE-2017-16537)
- media: dib0700: fix invalid dvb_detach argument (CVE-2017-16646)
- [armel,armhf] crypto: reduce priority of bit-sliced AES cipher
- Bluetooth: btusb: fix QCA Rome suspend/resume
- [armhf,arm64] extcon: Remove potential problem when calling
extcon_register_notifier()
- [armhf] extcon: palmas: Check the parent instance to prevent the NULL
- fm10k: request reset when mbx->state changes
- [armhf] dts: Fix compatible for ti81xx uarts for 8250
- [armhf] dts: Fix am335x and dm814x scm syscon to probe children
- [armhf] OMAP2+: Fix init for multiple quirks for the same SoC
- [armhf] dts: Fix omap3 off mode pull defines
- [armhf] dts: omap5-uevm: Allow bootloader to configure USB Ethernet MAC
- igb: reset the PHY before reading the PHY ID
- igb: close/suspend race in netif_device_detach
- igb: Fix hw_dbg logging in igb_update_flash_i210
- scsi: ufs: add capability to keep auto bkops always enabled
- tcp: provide timestamps for partial writes
- staging: rtl8188eu: fix incorrect ERROR tags from logs
- [x86] irq, trace: Add __irq_entry annotation to x86's platform IRQ
handlers
- scsi: lpfc: Add missing memory barrier
- scsi: lpfc: FCoE VPort enable-disable does not bring up the VPort
- scsi: lpfc: Correct host name in symbolic_name field
- scsi: lpfc: Correct issue leading to oops during link reset
- scsi: lpfc: Clear the VendorVersion in the PLOGI/PLOGI ACC payload
- ALSA: vx: Don't try to update capture stream before running
- ALSA: vx: Fix possible transfer overflow
- [armhf] drm/omap: panel-sony-acx565akm.c: Add MODULE_ALIAS
- [x86] gpu: drm: mgag200: mgag200_main:- Handle error from pci_iomap
- [arm64] dts: NS2: reserve memory for Nitro firmware
- ixgbe: Configure advertised speeds correctly for KR/KX backplane
- ixgbe: fix AER error handling
- ixgbe: handle close/suspend race with netif_device_detach/present
- ixgbe: Fix reporting of 100Mb capability
- ixgbe: Reduce I2C retry count on X550 devices
- ixgbe: add mask for 64 RSS queues
- ixgbe: do not disable FEC from the driver
- [mips*] End asm function prologue macros with .insn
- [mips*] init: Ensure bootmem does not corrupt reserved memory
- [mips*] init: Ensure reserved memory regions are not added to bootmem
- [mips*] traps: Ensure L1 & L2 ECC checking match for CM3 systems
- crypto: dh - Don't permit 'p' to be 0
- crypto: dh - Don't permit 'key' or 'g' size longer than 'p'
- USB: usbfs: compute urb->actual_length for isochronous
- usb: gadget: f_fs: Fix use-after-free in ffs_free_inst
- USB: serial: garmin_gps: fix I/O after failed probe and remove
- USB: serial: garmin_gps: fix memory leak on probe errors
- [x86] MCE/AMD: Always give panic severity for UC errors in kernel context
- brcmfmac: don't preset all channels as disabled
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.65
- tcp_nv: fix division by zero in tcpnv_acked()
- net: vrf: correct FRA_L3MDEV encode type
- tcp: do not mangle skb->cb[] in tcp_make_synack()
- netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed
- bonding: discard lowest hash bit for 802.3ad layer3+4
- net: cdc_ether: fix divide by 0 on bad descriptors (CVE-2017-16649)
- net: qmi_wwan: fix divide by 0 on bad descriptors (CVE-2017-16650)
- qmi_wwan: Add missing skb_reset_mac_header-call
- net: usb: asix: fill null-ptr-deref in asix_suspend (CVE-2017-16647)
- vlan: fix a use-after-free in vlan_device_event()
- af_netlink: ensure that NLMSG_DONE never fails in dumps
- sctp: do not peel off an assoc from one netns to another one
(CVE-2017-15115)
- net/sctp: Always set scope_id in sctp_inet6_skb_msgname
- crypto: dh - fix memleak in setkey
- crypto: dh - Fix double free of ctx->p
- ima: do not update security.ima if appraisal status is not INTEGRITY_PASS
- [armhf] serial: omap: Fix EFR write on RTS deassertion
- serial: 8250_fintek: Fix finding base_port with activated SuperIO
- ocfs2: fix cluster hang after a node dies
- ocfs2: should wait dio before inode lock in ocfs2_setattr()
- ipmi: fix unsigned long underflow
- mm/page_alloc.c: broken deferred calculation
- coda: fix 'kernel memory exposure attempt' in fsync
- mm/pagewalk.c: report holes in hugetlb ranges
.
[ Ben Hutchings ]
* [armhf] dts: exynos: Add dwc3 SUSPHY quirk (Closes: #843448)
* [mips*] Remove pt_regs adjustments in indirect syscall handler
(Closes: #867358)
* [arm64] brcmfmac: Enable BRCMFMAC_SDIO (Closes: #877911)
* l2tp: Ignore ABI change
* [armel,armhf] mbus: Ignore ABI change
* usb: gadget: Ignore ABI change
* [s390x] mm: Avoid ABI change in 4.9.52
* mac80211: Avoid ABI change in 4.9.53
* mmc: sdio: Avoid ABI change in 4.9.54
* KEYS: Limit ABI change in 4.9.59
* netfilter: nat: Avoid ABI change in 4.9.63
* mm/page_alloc: Avoid ABI change in 4.9.65
* Revert "phy: increase size of MII_BUS_ID_SIZE and bus_id" to avoid ABI
change
* Revert "bpf: one perf event close won't free bpf program attached ..." to
avoid ABI change
* [rt] Add new signing subkey for Steven Rostedt
* [rt] Update to 4.9.61-rt52:
- Revert "pci: Use __wake_up_all_locked in pci_unblock_user_cfg_access()"
- drivers/zram: fix zcomp_stream_get() smp_processor_id() use in
preemptible code
- fs/dcache: disable preemption on i_dir_seq's write side
- tpm_tis: fix stall after iowrite*()s
- fs: convert two more BH_Uptodate_Lock related bitspinlocks
- locking/rt-mutex: fix deadlock in device mapper / block-IO
- md/raid5: do not disable interrupts
* mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
(Closes: #865416)
* mm/mmap.c: expand_downwards: don't require the gap if !vm_prev
* mmap: Remember the MAP_FIXED flag as VM_FIXED
* [x86] mmap: Add an exception to the stack gap for Hotspot JVM compatibility
(Closes: #865303)
.
[ Salvatore Bonaccorso ]
* media: cx231xx-cards: fix NULL-deref on missing association descriptor
(CVE-2017-16536)
* mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d()
(CVE-2017-1000405)
live-config (5.20170112+deb9u1) stretch; urgency=medium
.
[ Cyril Brulebois ]
* Cherry-pick the change below to improve KDE live images.
.
[ ÐлекÑей Шилин ]
* Add components/0085-sddm to configure autologin for KDE / Plasma live
images. Closes: #865382.
lxc (1:2.0.7-2+deb9u1) stretch; urgency=medium
.
* 0003-lxc-debian-don-t-hardcode-valid-releases.patch: don't
hardcode list of valid Debian releases. Allows creating stable, buster,
testing, and unstable containers.
* 0004-lxc-debian-don-t-write-C.-locales-to-etc-locale.gen.patch: don't
insert C.* locales into /etc/locale.gen (Closes: #879595)
mediawiki (1:1.27.4-1~deb9u1) stretch-security; urgency=high
.
* Imported Upstream version 1.27.4 (security release), fixing
CVE-2017-8809, CVE-2017-8810, CVE-2017-8808, CVE-2017-8811,
CVE-2017-8812, CVE-2017-8814, CVE-2017-8815.
* Users who used the default configuration should not be affected
by CVE-2017-9841, but an extra .htaccess file will restrict
web access to the vendor/ directory.
mediawiki (1:1.27.4-1~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
mongodb (1:3.2.11-2+deb9u1) stretch; urgency=medium
.
* Fix segfault/FTBFS on ARM64 with 48-bit virtual addresses (Closes: #871906)
* Fix spidermonkey GC segfault when built with GCC 6 (Closes: #876755)
* mongodb.service: start after network.target (Closes: #864407)
mupdf (1.9a+ds1-4+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* A compiler optimization was removing the fix for CVE-2017-15587
mupdf (1.9a+ds1-4+deb9u1) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix CVE-2017-14685, CVE-2017-14686, CVE-2017-14687, and CVE-2017-15587
(Closes: #877379, #879055)
nautilus (3.22.3-1+deb9u1) stretch-security; urgency=high
.
[ Phil Wyett ]
* CVE-2017-14604: desktop_file_trust.patch
+ Spoof a file type by using the .desktop file extension, as demonstrated
by an attack in which a .desktop file's Name field ends in .pdf but
this file's Exec field launches a malicious "sh -c" command.
(Closes: #860268).
- Initial patch by Phil Wyett <philwyett@kathenas.org>
- Translations additions by Donncha O'Cearbhaill <donncha@donncha.is>
.
[ Yves-Alexis Perez ]
* Non-maintainer upload by the Security Team.
nss (2:3.26.2-1.1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2017-7805: Potential use-after-free in TLS 1.2 server when verifying
client authentication
openjdk-8 (8u151-b12-1~deb9u1) stretch-security; urgency=medium
.
* Rebuild for stretch-security
openjdk-8 (8u144-b01-2) unstable; urgency=medium
.
[ Matthias Klose ]
* Don't regenerate the control file during the build.
* Enable systemtap on sh4.
* Bump standards version to 4.1.0.
* Build using GCC 7 on recent development versions.
.
[ Tiago Stürmer Daitx ]
* debian/rules:
- when zero/shark alternate vm is build, add '-zero KNOWN' to jvm.cfg.
- for non-hotspot builds add '-zero ALIASED_TO -server' to jvm.cfg.
- enable zero alternate vm on armhf.
* debian/jvm.cfg-client_default: aarch32 only builds the client
compiler and requires its own default jvm. Closes: #874434.
openjdk-8 (8u144-b01-1) unstable; urgency=medium
.
* Update to 8u144-b01.
- fix regression introduced by security fix S8169392. LP: #1707082.
.
[ Matthias Klose ]
* Fix libjvm.so's .debug file names. LP: #1548434.
* Remove dependency on multiarch-support. Closes: #870520.
.
[ Tiago Stürmer Daitx ]
* debian/apport-hook.py:
- truncate hs_err if bigger than 100 KiB instead of ignoring it.
- add message if hs_err file is not found at expected location.
- report file size in human readble SI units.
* debian/control.in:
- move 'Breaks:' from openjdk-8-jdk-headless to openjdk-8-jre-headless.
- remove jamvm references.
* debian/control.jamvm-jre: removed.
* debian/control.jamvm-trans: transactional package for jamvm.
* debian/rules:
- add aarch32 hotspot support.
- build aarch32 using client jvm-variant (no server in aarch32 port).
- use DEB_HOST_ARCH instead of DEB_HOST_ARCH_CPU as armel and armhf
are both reported as arm.
- explicitly add kfreebsd-i386, kfreebsd-amd64, hurd-i386 to arch_map
and archdir_map due to usage of DEB_HOST_ARCH.
- avoid building zero as an alternative vm for aarch32.
- disable precompiled headers on Trusty to minimize g++-4.8 segfaults.
- don't build zero alternate vm on Trusty, avoid g++-4.8 segfaults.
- add a 'Breaks:' entry to ca-certificates-java for all releases
except Trusty. LP: #1706567.
- remove jamvm.
* debian/patches/aarch64.diff: remove unnecessary chunks as aarch64 is
now upstream.
* debian/patches/aarch32.diff: add required changes to root and jdk to
build aarch32.
* debian/patches/hotspot-libpath-aarch32.diff: copied from
hotspot-libpath-default.diff.
* debian/patches/ppc64le-8036767.diff: updated.
* debian/patches/jdk-ppc64el-S8170153.patch: updated to include aarch64.
* debian/patches/jdk-java-nio-bits-unligned-aarch64.diff: Check for
"aarch64" along with other unaligned access supporting architectures.
openjdk-8 (8u141-b15-3) unstable; urgency=high
.
* Fix building the javadocs, build error introduced by the m68k changes.
* Update the kfreebsd patches (Adrian Glaubitz). Closes: #869643, #869672.
openjdk-8 (8u141-b15-2) unstable; urgency=high
.
[ Matthias Klose ]
* Update the m68k-support patch (Adrian Glaubitz). Closes: #864180.
* Disable generation of jvmti.html on m68k (Adrian Glaubitz).
Closes: #864205.
* Disable the jamvm autopkg tests.
* CVE-2017-10243 is also fixed in 8u141-b15 (S8182054).
.
[ Tiago Stürmer Daitx ]
* patches/hotspot-ppc64el-S8181055-use-numa-v2-api.patch: mbind invalid
argument message is still seen after S8175813; use numa_interleave_memory
v2 api when available. LP: #1705763.
openjdk-8 (8u141-b15-1) unstable; urgency=high
.
* Update to 8u141-b15, Hotspot 8u141-b16 for AArch64.
* Security fixes from 8u141:
- CVE-2017-10102, S8163958: Improved garbage collection.
- CVE-2017-10053, S8169209: Improved image post-processing steps.
- CVE-2017-10067, S8169392: Additional jar validation steps.
- CVE-2017-10081, S8170966: Right parenthesis issue.
- CVE-2017-10078, S8171539: Better script accessibility for JavaScript.
- CVE-2017-10087, S8172204: Better Thread Pool execution.
- CVE-2017-10089, S8172461: Service Registration Lifecycle.
- CVE-2017-10090, S8172465: Better handling of channel groups.
- CVE-2017-10096, S8172469: Transform Transformer Exceptions.
- CVE-2017-10101, S8173286: Better reading of text catalogs.
- CVE-2017-10107, S8173697: Less Active Activations.
- CVE-2017-10074, S8173770: Image conversion improvements.
- CVE-2017-10110, S8174098: Better image fetching.
- CVE-2017-10108, S8174105: Better naming attribution.
- CVE-2017-10109, S8174113: Better sourcing of code.
- CVE-2017-10115, S8175106: Higher quality DSA operations.
- CVE-2017-10118, S8175110: Higher quality ECDSA operations.
- CVE-2017-10116, S8176067: Proper directory lookup processing.
- CVE-2017-10135, S8176760: Better handling of PKCS8 material.
- CVE-2017-10176, S8178135: Additional elliptic curve support.
- CVE-2017-10193, S8179101: Improve algorithm constraints implementation.
- CVE-2017-10198, S8179998: Clear certificate chain connections.
- S8174770: Check registry registration location.
- S8174873: Improved certificate procesing.
- S8176055: JMX diagnostic improvements.
- S8176536: Improved algorithm constraints checking.
- S8181420: PPC: Image conversion improvements.
- S8182054: Improve wsdl support.
- S8184185: Rearrange MethodHandle arrangements.
.
[ Matthias Klose ]
* Provide jvmdir symlink in /usr/lib/debug. Closes: #867314.
* Fix pt_BR translation in awt message. Closes: #863331.
.
[ Tiago Stürmer Daitx ]
* debian/rules:
- enable apport hook on Ubuntu and derivatives only.
- remove with_zenhai logic.
- remove unused with_tzdata logic, move tzdata build dependency
to control.in.
- add Breaks:tzdata-java except for wheezy, jessie or trusty.
- re-enable jamvm for Xenial only.
- run debian/control before build so we won't build with a invalid
control file.
- remove logic to select between ttf or font packages and depend
on fonts-wqy-microhei and fonts-wqy-zenhei instead
* debian/apport-hook.py: add an apport hook to include conffiles
modified by the user on any report and the hs_err log file on
crash report only. LP: #1696886.
* patches/fontconfig-arphic-uming.diff: only enabled when with_zenhai
was false; not required since lenny.
* patches/hotspot-ppc64el-S8175813-mbind-invalid-argument.patch: prevent
invalid argument message when invoking UseNUMA on a system with
non-consecutive numa topology. LP: #1697348.
openjpeg2 (2.1.2-1.1+deb9u2) stretch-security; urgency=medium
.
* Fix whitespace/indent mess
* CVE-2017-14039: CVE-2017-14039.patch
* CVE-2017-14040: 2cd30c2b06ce332dede81cccad8b334cde997281.patch
* CVE-2017-14041: e5285319229a5d77bf316bb0d3a6cbd3cb8666d9.patch
* CVE-2017-14151: afb308b9ccbe129608c9205cf3bb39bbefad90b9.patch
* CVE-2017-14152: dcac91b8c72f743bda7dbfa9032356bc8110098a.patch
openjpeg2 (2.1.2-1.1+deb9u1) stretch-security; urgency=medium
.
* CVE-2016-9118: c22cbd8bdf8ff2ae372f94391a4be2d322b36b41.patch
* CVE-2016-5152: 3fbe71369019df0b47c7a2be4fab8c05768f2f32.patch
* CVE-2016-1628: 11445eddad7e7fa5b273d1c83c91011c44e5d586.patch
* CVE-2016-10504: 397f62c0a838e15d667ef50e27d5d011d2c79c04.patch
opensaml2 (2.6.0-4+deb9u1) stretch-security; urgency=high
.
* [9e2c41f] New patch: Security fix from V2.6.1 (CPPOST-105)
Thanks to Scott Cantor
opensaml2 (2.6.0-4+deb9u1~bpo8+1) jessie-backports; urgency=high
.
* Rebuild for jessie-backports.
openssh (1:7.4p1-10+deb9u2) stretch; urgency=medium
.
* Test configuration before starting or reloading sshd under systemd
(closes: #865770).
* Adjust compatibility patterns for WinSCP to correctly identify versions
that implement only the legacy DH group exchange scheme (closes:
#877800).
* Make "--" before the hostname terminate argument processing after the
hostname too (closes: #873201).
openssl (1.1.0f-3+deb9u1) stretch-security; urgency=medium
.
* Fix CVE-2017-3735
* Fix CVE-2017-3736
openssl1.0 (1.0.2l-2+deb9u1) stretch-security; urgency=medium
.
* Fix CVE-2017-3735
* Fix CVE-2017-3736
otrs2 (5.0.16-1+deb9u3) stretch-security; urgency=high
.
* Add patch 17-CVE-2017-16664:
This fixes OSA-2017-07, also known as CVE-2017-16664: An attacker who is
logged into OTRS as an agent can request special URLs from OTRS which can
lead to the execution of shell commands with the permissions of the web
server user.
Closes: #882370
otrs2 (5.0.16-1+deb9u2) stretch-security; urgency=high
.
* Add patch 16-CVE-2017-14635:
This fixes OSA-2017-04, also known as CVE-2017-14635: An attacker who is
logged into OTRS as an agent with write permissions for statistics can
inject arbitrary code into the system. This can lead to serious problems
like privilege escalation, data loss, and denial of service.
Closes: #876462
pdns (4.0.3-1+deb9u2) stretch; urgency=medium
.
* Add upstream patch fixing security issue:
* Missing check on API operations. CVE-2017-15091
pdns (4.0.3-1+deb9u1) stretch; urgency=medium
.
* Fix incorrect qname casing in NSEC3 generation (Closes: #869222)
pdns-recursor (4.0.4-1+deb9u2) stretch; urgency=medium
.
* Add upstream patches fixing security issues:
* Insufficient validation of DNSSEC signatures. CVE-2017-15090
* Cross-Site Scripting in the web interface. CVE-2017-15092
* Configuration file injection in the API. CVE-2017-15093
* Memory leak in DNSSEC parsing. CVE-2017-15094
postgresql-9.6 (9.6.6-0+deb9u1) stretch-security; urgency=medium
.
* New upstream version.
.
+ Ensure that INSERT ... ON CONFLICT DO UPDATE checks table permissions
and RLS policies in all cases (Dean Rasheed)
.
The update path of INSERT ... ON CONFLICT DO UPDATE requires SELECT
permission on the columns of the arbiter index, but it failed to check
for that in the case of an arbiter specified by constraint name. In
addition, for a table with row level security enabled, it failed to
check updated rows against the table's SELECT policies (regardless of
how the arbiter index was specified). (CVE-2017-15099)
.
+ Fix crash due to rowtype mismatch in json{b}_populate_recordset()
(Michael Paquier, Tom Lane)
.
These functions used the result rowtype specified in the FROM ... AS
clause without checking that it matched the actual rowtype of the
supplied tuple value. If it didn't, that would usually result in a
crash, though disclosure of server memory contents seems possible as
well. (CVE-2017-15098)
.
+ Fix BRIN index summarization to handle concurrent table extension
correctly (Ãlvaro Herrera)
.
Previously, a race condition allowed some table rows to be omitted from
the index. It may be necessary to reindex existing BRIN indexes to
recover from past occurrences of this problem.
postgresql-9.6 (9.6.5-1) unstable; urgency=medium
.
* Team upload.
* New upstream version.
postgresql-9.6 (9.6.5-0+deb9u1) stretch; urgency=medium
.
* New upstream bugfix release.
postgresql-9.6 (9.6.5-0+deb9u1~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
.
postgresql-9.6 (9.6.5-0+deb9u1) stretch; urgency=medium
.
* New upstream bugfix release.
.
postgresql-9.6 (9.6.4-0+deb9u1) stretch-security; urgency=high
.
* New upstream security release.
.
+ Further restrict visibility of pg_user_mappings.umoptions, to protect
passwords stored as user mapping options. See the release notes for
instructions for applying the fix to existing database clusters.
(CVE-2017-7547; extends fix for CVE-2017-7484)
+ Disallow empty passwords in all password-based authentication methods.
(CVE-2017-7546)
+ Make lo_put() check for UPDATE privilege on the target large object.
(CVE-2017-7548)
.
* Remove debian/patches/s390x-fpic, implemented upstream.
.
postgresql-9.6 (9.6.3-3) unstable; urgency=medium
.
* pg_config: Unbreak CFLAGS_SL on sparc64.
.
postgresql-9.6 (9.6.3-2) unstable; urgency=medium
.
* pg_config: Set CFLAGS_SL=-fPIC on s390x. (Closes: #862948)
postgresql-9.6 (9.6.4-1) unstable; urgency=medium
.
* Team upload.
* New upstream version.
.
+ Further restrict visibility of pg_user_mappings.umoptions, to protect
passwords stored as user mapping options. See the release notes for
instructions for applying the fix to existing database clusters.
(CVE-2017-7547; extends fix for CVE-2017-7484)
+ Disallow empty passwords in all password-based authentication methods.
(CVE-2017-7546)
+ Make lo_put() check for UPDATE privilege on the target large object.
(CVE-2017-7548)
.
* debian/rules: Unconditionally use DEB_BUILD_MAINT_OPTIONS=hardening=+all.
The old logic is kept around for compiling on older distributions.
* Remove long obsolete --with-krb5 and move c/ldflags to configure switches.
postgresql-common (181+deb9u1) stretch-security; urgency=medium
.
* pg_ctlcluster, pg_createcluster, pg_upgradecluster: Use lchown instead
of chown to mitigate privilege escalation via symlinks. (CVE-2017-8806.
Related to CVE-2017-12172 in PostgreSQL; extends our earlier fix for
CVE-2016-1255.)
procmail (3.22-25+deb9u1) stretch-security; urgency=high
.
* Fix buffer overflow in loadbuf(). Closes: #876511.
Reported by Jakub Wilk using American Fuzzy Lop.
For reference, this is CVE-2017-16844.
publicsuffix (20171028.2055-0+deb9u1) stable; urgency=medium
.
* new upstream publicsuffix data
publicsuffix (20170910.1557-1) unstable; urgency=medium
.
* new upstream version
publicsuffix (20170910.1557-0+deb9u1) stable; urgency=medium
.
* new upstream publicsuffix data
publicsuffix (20170828.2009-1) unstable; urgency=medium
.
* new upstream version
publicsuffix (20170809.0951-1) unstable; urgency=medium
.
* new upstream version
* Standards-Version: bump to 4.0.1 (Priority: extra → optional)
* wrap-and-sort -ast
* bump to debhelper 10
publicsuffix (20170713.1023-1) unstable; urgency=medium
.
* new upstream version
publicsuffix (20170711.1723-1) unstable; urgency=medium
.
* new upstream version
publicsuffix (20170622.1007-1) unstable; urgency=medium
.
* new upstream version
publicsuffix (20170616.1637-1) unstable; urgency=medium
.
* new upstream version
pyosmium (2.11.3-1) stretch; urgency=medium
.
* New upstream bugfix release.
- handler functions not called when using replication service (#38)
- handler functions not called when using Reader instead of file
python-diff-match-patch (20121119-3~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
python-diff-match-patch (20121119-3) unstable; urgency=medium
.
* Add missing python3 dependency on Python 3 package, with thanks to
Adrian Bunk for the report (Closes: #867424).
* Update Standards-Version to 4.0.0 (no changes required)
python-inflect (0.2.5-1.1~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
python-inflect (0.2.5-1.1) unstable; urgency=medium
.
* Non-maintainer Upload
* Apply patch from Adrian Bunk to correctly generate dependencies for
the python 3 package (Closes: #867438)
python-tablib (0.9.11-2+deb9u1) stretch; urgency=low
.
* CVE-2017-2810: apply upstream patch: use safe load (Closes: #864818).
python-tablib (0.9.11-2+deb8u1) jessie; urgency=low
.
* CVE-2017-2810: apply upstream patch: use safe load (Closes: #864818).
python2.7 (2.7.13-2+deb9u2) stretch; urgency=medium
.
* Backport c3c9db89273fabc62ea1b48389d9a3000c1c03ae to address
CVE-2017-1000158 / https://bugs.python.org/issue30657
python2.7 (2.7.13-2+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload with maintainer's permission
* Support all groups in TLS communication (Closes: #868143)
qemu (1:2.8+dfsg-6+deb9u3) stretch-security; urgency=high
.
* xhci-dont-kick-in-xhci_submit-and-xhci_fire_ctl_transfer.patch
This is a pre-required patch for the next patch to work right.
Closes: #869945
* xhci-guard-xhci_kick_epctx-against-recursive-calls-CVE-2017-9375.patch
After applying previous patch, this one can be applied again
Closes: #864219, CVE-2017-9375
* ide-do-not-flush-empty-CDROM-drives-CVE-2017-12809.patch
Closes: #873849, CVE-2017-12809
* vga-stop-passing-pointers-to-vga_draw_line-functions-CVE-2017-13672.patch
Closes: #873851, CVE-2017-13672
* multiboot-validate-multiboot-header-address-values-CVE-2017-14167.patch
Closes: #874606, CVE-2017-14167
* slirp-fix-clearing-ifq_so-from-pending-packets-CVE-2017-13711.patch
Closes: #873875, CVE-2017-13711
* exec-add-lock-parameter-to-qemu_ram_ptr_length.patch
upstream patch fixing memory leak after
exec-use-qemu_ram_ptr_length-to-access-guest-ram-CVE-2017-11334.patch
Closes: #871648, #871702, #872257
qtcurve (1.8.18+git20160320-3d8622c-3+deb9u1) stable; urgency=medium
.
* Add patch replace-memcmp-with-strncmp. It fixes crash when using QtCurve
widget style and Breeze preset. (Closes: #865765)
[Thanks to Sergey Sharybin]
quagga (1.1.1-3+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* bgpd: Fix AS_PATH size calculation for long paths (CVE-2017-16227)
(Closes: #879474)
roundcube (1.2.3+dfsg.1-4+deb9u1) stretch-security; urgency=high
.
* Backport fix for CVE-2017-16651: File disclosure vulnerability caused by
insufficient input validation in conjunction with file-based attachment
plugins, which are used by default.
https://github.com/roundcube/roundcubemail/issues/6026
ruby-httparty (0.13.7-1+deb9u1) stretch; urgency=medium
.
* Relax dependency version in gem dependency on json.
This fixes loading httparty with the gem command (Closes: #864723)
ruby-ox (2.1.1-2+deb9u1) stretch; urgency=medium
.
* Team upload
* Add fix_parse_obj_segfault.patch picked from upstream
+ fix CVE-2017-15928: segmentation fault in parse_obj
(Closes: #881445)
ruby-ox (2.1.1-2+deb8u1) jessie; urgency=medium
.
* Team upload
* Add fix_parse_obj_segfault.patch picked from upstream
+ fix CVE-2017-15928: segmentation fault in parse_obj
(Closes: #881445)
ruby-pygments.rb (0.6.3-2+deb9u1) stretch; urgency=medium
.
* Team upload
* Add Set-reasonable-upper-limit-to-RLIMIT_NOFILE.patch
to avoid closing too many files when mentos starts
(Closes: #876768)
ruby2.3 (2.3.3-1+deb9u2) stretch-security; urgency=high
.
* asn1: fix out-of-bounds read in decoding constructed objects
[CVE-2017-14033] (Closes: #875928)
Original patch by Kazuki Yamaguchi; backported from the standalone openssl package
* lib/webrick/log.rb: sanitize any type of logs
[CVE-2017-10784] (Closes: #875931)
Original patch by Yusuke Endoh; backported to Ruby 2.3 by Usaku NAKAMURA
* fix Buffer underrun vulnerability in Kernel.sprintf
[CVE-2017-0898] (Closes: #875936)
Backported to Ruby 2.3 by Usaku NAKAMURA
* Whitelist classes and symbols that are in Gem spec YAML
[CVE-2017-0903] (Closes: #879231)
Original patch by Aaron Patterson; backported from the standalone Rubygems
package
* thread_pthread.c: do not wakeup inside child processes
Avoid child Ruby processed being stuck in a busy loop (Closes: #876377)
Original patch by Eric Wong
samba (2:4.5.12+dfsg-2+deb9u1) stretch-security; urgency=high
.
* This is a security release in order to address the following defects:
- CVE-2017-15275: s3: smbd: Chain code can return uninitialized memory when
talloc buffer is grown.
- CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug.
schroot (1.6.10-3+deb9u1) stretch; urgency=medium
.
* Fix up bash completion file. Closes: #855283
* Add systemd service file with Type=oneshot to avoid issues with timeouts
when you have many schroot sessions open. Closes: #835104
Thanks to Laurent Bigonville for the patch.
* Add missing Homepage field.
shadowsocks-libev (2.6.3+ds-3+deb9u1) stretch-security; urgency=high
.
* debian/patches:
- Backport a few patches from upstream.
+ [c67d275] Fix potential local exploit issue.
Thanks to X41 D-Sec GmbH, Niklas Abel, for the reporting:
https://www.x41-dsec.de/lab/advisories/x41-2017-010-shadowsocks-libev/
shadowsocks-libev (2.6.3+ds-3+deb9u1~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
shibboleth-sp2 (2.6.0+dfsg1-4+deb9u1) stretch-security; urgency=high
.
* [bf25c5f] New patch: Security fix from V2.6.1 (SSPCPP-763)
Thanks to Scott Cantor
shibboleth-sp2 (2.6.0+dfsg1-4+deb9u1~bpo8+1) jessie-backports; urgency=high
.
* Rebuild for jessie-backports.
.
shibboleth-sp2 (2.6.0+dfsg1-4+deb9u1) stretch-security; urgency=high
.
* [bf25c5f] New patch: Security fix from V2.6.1 (SSPCPP-763)
Thanks to Scott Cantor
simutrans (120.1.3+repack-3+deb9u1) stretch; urgency=medium
.
* Team upload.
* Enable sound for simutrans again. Switch from SDL to mixer_sdl backend.
(Closes: #869029)
sitesummary (0.1.28+deb9u1) stretch; urgency=medium
.
[ Wolfgang Schweer ]
* Adjust nagios kernel version checking module to work with 4.x kernels.
(Closes: #883323)
slic3r (1.2.9+dfsg-6.1~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch.
.
slic3r (1.2.9+dfsg-6.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Fix "missing dependency on perlapi-*":
add override_dh_perl in debian/rules to make dh_perl search for perl
modules in the private directory as well.
(Closes: #869360)
slurm-llnl (16.05.9-1+deb9u1) stretch-security; urgency=high
.
* Fix CVE-2017-15566 caused by insecure SPANK environment variable
handling, allowing privilege escalation to root during Prolog or
Epilog execution (Closes: #880530)
spamassassin (3.4.1-6+deb9u1) stretch; urgency=medium
.
* Ensure that spamd doesn't automatically start upon initial
installation.
* Disable bb.barracudacentral.org (RCVD_IN_BRBL_LASTEXT), as
it requires users to register. (Closes: #861671)
* Update the systemd unit file to use the same pid file as was
used in the sysvinit script. (Closes: #808804)
* Update spamassassin docs to remove outdated gpg version
compatibility note. (Closes: #853913)
* Update systemd unit dependencies to include network and syslog.
(Closes: 864810)
* Fix inappropriate invocation of invoke-rc.d in cron script.
(Closes: 865514)
* Fix spamd service manage on upgrades. (Closes: #865356)
sqldeveloper-package (0.2.4+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Add required '--' before debian/rules target (Closes: #868673)
* Add --no-tgz-check as sqldeveloper is non-free
sqlite3 (3.16.2-5+deb9u1) stretch; urgency=medium
.
* Fix CVE-2017-10989 , heap-based buffer over-read via undersized RTree
blobs (closes: #867618).
swauth (1.2.0-2+deb9u1) stretch-security; urgency=high
.
* Hash token before storing it in Swift
(CVE-2017-16613, Closes: #882314)
swauth (1.2.0-2+deb9u1~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
.
swauth (1.2.0-2+deb9u1) stretch-security; urgency=high
.
* Hash token before storing it in Swift
(CVE-2017-16613, Closes: #882314)
syslinux (3:6.03+dfsg-14.1+deb9u1) stretch; urgency=medium
.
* Add patch from upstream to fix btrfs logical to physical block address
mapping (Closes: #865462).
* Add patch from upstream to fix boot problem for old BIOS firmware from
around 2005 by correcting the C/H/S order (thanks Thomas Schmitt,
Closes: #879004).
* Add patch 0018-ext4-Fix-64bit-feature.patch from upstream to support ext4
64bit feature (Closes: #833057).
tdbcodbc (1.0.4-2+deb9u1) stretch; urgency=medium
.
* Fixed bug in odbc libraries search as it caused a non existing
symbol to be loaded
thunderbird (1:52.4.0-1~deb9u1) stretch-security; urgency=medium
.
[ Carsten Schoenert ]
* Rebuild for stretch-security
.
[ Guido Günther ]
* [da3c5cc] Simplify endianness selection for ICU
Since we need to build ICU on the various Debian releases we
need to ensure the architecture detection isn't to strict.
Thanks Guido for helping out here!
.
[ Carsten Schoenert ]
* [47748ca] debian/control: be more relaxed on Breaks for enigmail
* [6a54666] thunderbird-wrapper: fix small typo in help output
A small typo was happen in the example call with the JS console.
* [6d5266e] README.Debian: update info around tls fallback-limit
The default behavior on the TLS fallback has changed some
versions ago, document this accordingly.
* [24ad883] debian/control: change maintainer
Thanks Christoph for the work over the past years!
* [c78200e] debian/control: move src pkg name to thunderbird
By this version we move the source package name also back to
thunderbird. This follows the changes that are already made to
the binary package names and we can call the source package now
also again thunderbird.
(Closes: #857075)
* [c26133d] debian/gbp.conf: rename components to real used names
Due the changes of the source package the names for the
sub-folders within the additional tarballs can also be changed
to be closer on the real upstream used names.
* [a5ce4f7] New upstream version 52.4.0
(Closes: #878845, #878870)
Fixed CVE issues in upstream version 52.0 (MFSA 2017-23)
CVE-2017-7793: Use-after-free with Fetch API
CVE-2017-7818: Use-after-free during ARIA array manipulation
CVE-2017-7819: Use-after-free while resizing images in design mode
CVE-2017-7824: Buffer overflow when drawing and validating elements with
ANGLE
CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes
CVE-2017-7814: Blob and data URLs bypass phishing and malware protection
warnings
CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters
as spaces
CVE-2017-7823: CSP sandbox directive did not create a unique origin
CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4,
and Thunderbird 52.4
* [104b4e5] rebuild patch queue from patch-queue branch
* [d63662a] lintian: move oldlibs/extra -> oldlibs/optional
By moving all transitional package to oldlibs/optional we can
help deborphan to detect better not needed packages.
* [fb56001] d/rules: reflect changes from renamed component tarballs
The additional tarballs are stored in folders which reflect
the upstream names of those components. This also needs to be
respected for the build instructions of the package.
* [61288fb] debian/control: change Vcs* fields due the src name change
Addressing the changed source package name in the Git Vcs urls.
* [ef95ab5] debian/control: increase Standards-Version to 4.1.1
No further changes needed.
* [45e8fe2] apparmor: update profile from upstream
Thanks to Simon Deziel and intrigeri we can simply use the
apparmor profile changes done for the Ubuntu releases.
* [6b1649c] lintian: adding a override for thunderbird-l10n-all
* [ceab93f] debian/README.source: reflect src package name change
thunderbird (1:52.4.0-1~deb8u1) jessie-security; urgency=medium
.
[ Carsten Schoenert ]
* Rebuild for jessie-security
.
[ Guido Günther ]
* [da3c5cc] Simplify endianness selection for ICU
Since we need to build ICU on the various Debian releases we
need to ensure the architecture detection isn't to strict.
Thanks Guido for helping out here!
.
[ Carsten Schoenert ]
* [47748ca] debian/control: be more relaxed on Breaks for enigmail
* [6a54666] thunderbird-wrapper: fix small typo in help output
A small typo was happen in the example call with the JS console.
* [6d5266e] README.Debian: update info around tls fallback-limit
The default behavior on the TLS fallback has changed some
versions ago, document this accordingly.
* [24ad883] debian/control: change maintainer
Thanks Christoph for the work over the past years!
* [c78200e] debian/control: move src pkg name to thunderbird
By this version we move the source package name also back to
thunderbird. This follows the changes that are already made to
the binary package names and we can call the source package now
also again thunderbird.
(Closes: #857075)
* [c26133d] debian/gbp.conf: rename components to real used names
Due the changes of the source package the names for the
sub-folders within the additional tarballs can also be changed
to be closer on the real upstream used names.
* [a5ce4f7] New upstream version 52.4.0
(Closes: #878845, #878870)
Fixed CVE issues in upstream version 52.0 (MFSA 2017-23)
CVE-2017-7793: Use-after-free with Fetch API
CVE-2017-7818: Use-after-free during ARIA array manipulation
CVE-2017-7819: Use-after-free while resizing images in design mode
CVE-2017-7824: Buffer overflow when drawing and validating elements with
ANGLE
CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes
CVE-2017-7814: Blob and data URLs bypass phishing and malware protection
warnings
CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters
as spaces
CVE-2017-7823: CSP sandbox directive did not create a unique origin
CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4,
and Thunderbird 52.4
* [104b4e5] rebuild patch queue from patch-queue branch
* [d63662a] lintian: move oldlibs/extra -> oldlibs/optional
By moving all transitional package to oldlibs/optional we can
help deborphan to detect better not needed packages.
* [fb56001] d/rules: reflect changes from renamed component tarballs
The additional tarballs are stored in folders which reflect
the upstream names of those components. This also needs to be
respected for the build instructions of the package.
* [61288fb] debian/control: change Vcs* fields due the src name change
Addressing the changed source package name in the Git Vcs urls.
* [ef95ab5] debian/control: increase Standards-Version to 4.1.1
No further changes needed.
* [45e8fe2] apparmor: update profile from upstream
Thanks to Simon Deziel and intrigeri we can simply use the
apparmor profile changes done for the Ubuntu releases.
* [6b1649c] lintian: adding a override for thunderbird-l10n-all
* [ceab93f] debian/README.source: reflect src package name change
thunderbird (1.5.0.7-2) unstable; urgency=low
* go through new upload ... reenable thunderbird-dbg
* increase reference count for fontconfig charset
91_fontconfig_reference_increment_388739 (Closes: 388739)
thunderbird (1.5.0.7-1) unstable; urgency=high
* disabled new package to avoid queue new: thunderbird-dbg
* new upstream release fixes security issues:
+ MFSA 2006-64 - CVE-2006-4571
+ MFSA 2006-63 - CVE-2006-4570
+ MFSA 2006-62 - CVE-2006-4569
+ MFSA 2006-61 - CVE-2006-4568
+ MFSA 2006-60 - CVE-2006-4340 (related to CVE-2006-4339)
+ MFSA 2006-59 - CVE-2006-4253
+ MFSA 2006-58 - CVE-2006-4567
+ MFSA 2006-57 - CVE-2006-4565, CVE-2006-4566
* disable patch 90_gcc-extern-fix, because it has been pulled in upstream
* disable 91_271815.overthespot.v1.2, because applied upstream
thunderbird (1.5.0.5-1) unstable; urgency=high
* new upstream release fixes various security flaws:
+ MFSA 2006-44, CVE-2006-3801
+ MFSA 2006-46, CVE-2006-3113
+ MFSA 2006-47, CVE-2006-3802
+ MFSA 2006-48, CVE-2006-3803
+ MFSA 2006-49, CVE-2006-3804
+ MFSA 2006-50, CVE-2006-3805, CVE-2006-3806
+ MFSA 2006-51, CVE-2006-3807
+ MFSA 2006-52, CVE-2006-3808
+ MFSA 2006-53, CVE-2006-3809
+ MFSA 2006-54, CVE-2006-3810
+ MFSA 2006-55, CVE-2006-3811
* including patch 91_271815.overthespot.v1.2.dpatch
(Closes: 379936, 363814)
* improve manpage: Document -g, --debug options (Closes: 381096)
* update for ja.po, contributed by Kenshi Muto <kmuto@debian.org>
(Closes: 379946)
* update for pt.po, contributed by Rui Branco <ruipb@debianpt.org>
(Closes: 381444)
* Provide virtual package news-reader (Closes: 363834)
* Apply patch which introduces ReplyToList MessageType. This is
the base to allow extensions that provide ReplyToList button to
get installed. Thanks to Armin Berres <trigger@space-based.de>
for pointing out this unintrusive patch. (Closes: 381273)
* fix README.Debian for firefox integration as well as example of
global pref.js (firefox.js.tmpl) (Closes: 363723)
* further improvements for README.Debian
* fix gnome integration program path in a hard-coded fashion
in 91_gnome_path_fix.dpatch (Closes: 365610)
thunderbird (1.5.0.4-3) unstable; urgency=critical
* fixing gcc-4.1 ftbfs (Closes: 377176)
* improved manpage by Bastian Kleineidam <calvin@debian.org>
documenting -safe-mode option (Closes: 370254)
* include *no xgot* patch for mips/mipsel contributed by
Thiemo Seufer <ths@networkno.de> (Closes: 374882)
thunderbird (1.5.0.4-2) unstable; urgency=critical
* fix version in install.rdf for inspector and
typeaheafind (Closes: 374382)
* (last one was a new upstream release fixing
various security issues (Closes: 373878, 373553)
* urgency=critical
thunderbird (1.5.0.4-1) unstable; urgency=low
* new upstream release fixing various security issues:
MFSA 2006-42, CVE-2006-2783: Web site XSS using BOM on UTF-8 pages
MFSA 2006-40, CVE-2006-2781: Double-free on malformed VCard
MFSA 2006-38, CVE-2006-2778: Buffer overflow in crypto.signText()
MFSA 2006-37, CVE-2006-2776: Remote compromise via content-defined
setter on object prototypes
MFSA 2006-35, CVE-2006-2775: Privilege escalation through XUL persist
MFSA 2006-33, CVE-2006-2786: HTTP response smuggling
MFSA 2006-32, CVE-2006-2779, CVE-2006-2780: Fixes for crashes with
potential memory corruption
MFSA 2006-31, CVE-2006-2787: EvalInSandbox escape (Proxy Autoconfig,
Greasemonkey)
* build depends:
+ xorg-dev -> libx11-dev, libxt-dev, libxinerama-dev,
libxft-dev, libfreetype6-dev, libxrender-dev
+ removed binutils, coreutils and po-debconf
* enable xinerama in debian/rules
* fixed lintian errors:
+ do not depend on xorg dev meta package
+ debhelper depend is now versioned
+ changed package description(s) to not start with 'thunderbird'
thunderbird (1.5.0.2-3) unstable; urgency=low
* patch-robbery from firefox package:
+ removed old mips and arm patches
+ added 50_arch_arm_fix
+ added 50_arch_alpha_fix
+ added 50_arch_m68k_fix
+ added 50_arch_mips_Makefile_fix
+ added 50_arch_mips_fix (Closes: 357755)
+ added 50_arch_parisc_Makefile_fix
+ added 50_arch_parisc_fix
* included install.rdf for default theme in extensions dir
(Closes: 363956)
* removed chrome.d locales.d extensions.d from var/lib/thunderbird
thunderbird (1.5.0.2-2) unstable; urgency=critical
* debian/thunderbird.sgml. Greatly improved manpage for thunderbird,
thanks to Sam Morris <sam@robots.org.uk> for contributing this
(Closes: 361069)
* add missing build depend to sharutils to fix ftbfs (Closes: 365539)
* fix gnome-support package removing gnome dependencies from
pure thunderbird package.
* set urgency to critical which I forgot to set properly
for the last upload
thunderbird (1.5.0.2-1) unstable; urgency=low
* removed enable xprint in order to build after X11R7 transition.
* removed xprint recommends from control file.
* 91_fontsfix_359763.dpatch: fix for 'thunderbird shows text illegibly'
for some encodings. (Closes: 359763)
* myspell is now depends (Closes: 357623)
* (re-)including 10_mips_optimization_patch
* debian/patches/90_ppc64-build-fix.dpatch: patch for
'FTBFS (ppc64)', thanks to Andreas Jochens <aj@andaco.de>
for adding the final patch to the report. (Closes: 361036)
* Thanks to Bastian Kleineidam <calvin@debian.org> for
contributing:
* Standards version 3.6.2.1
* Use debhelper v5 with debian/compat
* Remove unneeded thunderbird.conffiles now that debhelper v5 is used
* Remove CVS directories in debian/
* Fix debian/changelog syntax errors, and convert to UTF-8
* Fix bashism in debian/thunderbird.postrm, using 2> instead of &>.
* Add ${misc:Depends} to thunderbird* dependencies, fixing a missing
dependency on debconf
* Move db_input commands from postinst into a separate thunderbird.config
file.
* distinct gnome-support package added. adds a good bunch
of gnome build depends to allow module linking against
gnome libs.
* added new fhunderbird-branding in debian/fhunderbird-branding.tmpl
(Closes: 358198)
* use only one profile directory in configure
(Closes: 358378)
* Various security issues are fixed in this release. Namely:
CVE-2006-1741 CVE-2006-1742 CVE-2006-1737 CVE-2006-1738
CVE-2006-1739 CVE-2006-1740 CVE-2006-1736 CVE-2006-1735
CVE-2006-1734 CVE-2006-1733 CVE-2006-1732 CVE-2006-0749
CVE-2006-1731 CVE-2006-1724 CVE-2006-0884 CVE-2006-1730
CVE-2006-1729 CVE-2006-1728 CVE-2006-1727 CVE-2006-1045
CVE-2006-0748 CVE-2006-1726 CVE-2006-1725 CVE-2005-2353
CVE-2006-1529 CVE-2006-1530 CVE-2006-1531 CVE-2006-1723
CVE-2006-0292/CVE-2006-0293 (Closes: 349242)
CVE-2006-0294 CVE-2006-0295 CVE-2006-0296 CVE-2006-0297
CVE-2006-0298 CVE-2006-0299
tor (0.2.9.13-1) stretch; urgency=medium
.
* New upstream version:
- update directory authority set
tor (0.2.9.12-1) stretch-security; urgency=medium
.
* New upstream version:
- CVE-2017-0380 (TROVE-2017-008): Stack disclosure in hidden services logs
when SafeLogging disabled
- other maintenance and security related fixes, see upstream changelog.
tor (0.2.9.12-1~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
* Build-depend on dh-apparmor version >= 2.10.95, which is in backports,
to avoid running into Bug #822349.
tor (0.2.9.11-1) unstable; urgency=high
.
* New upstream version.
- Fix a remotely triggerable assertion failure caused by receiving a
BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
on 0.2.2.1-alpha. (closes: #864424)
tzdata (2017c-0+deb9u1) stretch; urgency=medium
.
* New upstream version, affecting the following future timestamp:
- Northern Cyprus resumed EU rules starting 2017-10-29.
- Namibia will switch from +01 with DST to +02 all year, affecting
UT offsets starting 2018-04-01.
- Sudan will switch from +03 to +02 on 2017-11-01.
- Tonga will not observe DST on 2017-11-05.
- Turks & Caicos will switch from -04 all year to -05 with US DST,
affecting UT offset starting 2018-11-04.
tzdata (2017c-0+deb8u1) jessie; urgency=medium
.
* New upstream version, affecting the following future timestamp:
- Northern Cyprus resumed EU rules starting 2017-10-29.
- Namibia will switch from +01 with DST to +02 all year, affecting
UT offsets starting 2018-04-01.
- Sudan will switch from +03 to +02 on 2017-11-01.
- Tonga will not observe DST on 2017-11-05.
- Turks & Caicos will switch from -04 all year to -05 with US DST,
affecting UT offset starting 2018-11-04.
tzdata (2017b-2) unstable; urgency=medium
.
[ Aurelien Jarno ]
* Update Dutch debconf translation, by Frans Spiesschaert. Closes:
#861700.
* debian/control: provide tzdata-buster instead of tzdata-stretch.
udftools (1.3-2~deb9u1) stretch; urgency=low
.
* Fix path to pktsetup in udftools init script
varnish (5.0.0-7+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Avoid buffer read overflow on vcl_error and -sfile (CVE-2017-8807)
vlc (2.2.7-1~deb9u1) stretch-security; urgency=high
.
* New upstream release.
- Fix crash in libavcodec module (heap write out-of band). (CVE-2017-10699)
- Fix flac heap write overflow on format change. (CVE-2017-9300)
- Fix AVI read/write overflow.
* Update ffmpeg to 2.8.13.
* debian/{control,*.maintscript}: Bump versions to ensure proper upgrades
from jessie.
vlc (2.2.7-1~deb8u1) jessie-security; urgency=high
.
* New upstream release.
- Fix crash in libavcodec module (heap write out-of band). (CVE-2017-10699)
- Fix flac heap write overflow on format change. (CVE-2017-9300)
- Fix AVI read/write overflow.
vlc (2.2.6-6) unstable; urgency=medium
.
* Update to ffmpeg 2.8.13.
vlc (2.2.6-5) unstable; urgency=medium
.
* debian/control: Bump Standards-Version.
* debian/patches: Add support for libupnp 1.8. (Closes: #868936)
vlc (2.2.6-4) unstable; urgency=medium
.
* debian/upstream: Add DEP-12 metadata.
* debian/control:
- Restrict Recommends on vlc-plugin-samba to linux-any kfreebsd-any.
- Switch to timgm6mb-soundfont. (Closes: #870790)
- Bump Standards-Version.
* debian/{rules,control,vlc-plugin-base}: No longer build directfb plugin.
directfb upstream is inactive and the plugin got removed for vlc 3.0.
* debian/vlc-plugin-base.lintian-overrides: Override
shlibs-with-non-pic-code. See lintian overrides of ffmpeg for more
details.
vlc (2.2.6-3) unstable; urgency=medium
.
[ Mateusz Åukasik ]
* debian/patches: avcodec: Check visible sizes (CVE-2017-10699).
.
[ Sebastian Ramacher ]
* debian/patches: flac: Fix heap write overflow on frame format change.
(CVE-2017-9300)
vlc (2.2.6-2) unstable; urgency=medium
.
* Upload to unstable.
* Update to ffmpeg 2.8.12.
* debian/control:
- Remove Build-Conflicts.
- Bump Standards-Version.
* debian/rules: Build with hardening=+all.
vlc (2.2.6-1) experimental; urgency=medium
.
* New upstream release.
- demuxer: Fix heap buffer overflows (CVE-2017-8312).
weechat (1.6-1+deb9u2) stretch; urgency=medium
.
* Non-maintainer upload.
* logger: call strftime before replacing buffer local variables
(CVE-2017-14727) (Closes: #876553)
wget (1.18-5+deb9u1) stretch-security; urgency=medium
.
* CVE-2017-13089 / CVE-2017-13090
wordpress (4.7.5+dfsg-2+deb9u1) stretch-security; urgency=medium
.
* Backport patches from 4.8.2 Closes: #876274
- CVE-2017-14723
$wpdb->prepare() can create unexpected and unsafe queries leading to
potential SQL injection (SQLi)
Changeset 41472, 41498
- CVE-2017-14724
Cross-site scripting (XSS) vulnerability in the oEmbed discovery
Changeset 41451
- CVE-2017-14726
Cross-site scripting (XSS) vulnerability in the visual editor
Changeset 41436
- CVE-2017-14719
Path traversal vulnerability in the file unzipping code
Changeset 41459
- CVE-2017-14721
Cross-site scripting (XSS) vulnerability in the plugin editor
Changeset 41413
- CVE-2017-14725
Open redirect in the user and term edit screens
Changeset 41418
- CVE-2017-14722
Path traversal vulnerability in the customizer
Changeset 41430
- CVE-2017-14720
Cross-site scripting (XSS) vulnerability in template names
Changeset 41413 (same as plugin editor)
- CVE-2017-14718
Cross-site scripting (XSS) vulnerability in the link modal
* Hash user activation key Closes: #877629
Fixes CVE-2017-14990
wordpress (4.7.5+dfsg-2+deb9u1~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild stretch version for jessie-backports.
* Fixes security issues, see 4.7.5+dfsg-2+deb9u1 entry
.
wordpress (4.7.5+dfsg-2+deb9u1) stretch-security; urgency=medium
.
* Backport patches from 4.8.2 Closes: #876274
- CVE-2017-14723
$wpdb->prepare() can create unexpected and unsafe queries leading to
potential SQL injection (SQLi)
Changeset 41472, 41498
- CVE-2017-14724
Cross-site scripting (XSS) vulnerability in the oEmbed discovery
Changeset 41451
- CVE-2017-14726
Cross-site scripting (XSS) vulnerability in the visual editor
Changeset 41436
- CVE-2017-14719
Path traversal vulnerability in the file unzipping code
Changeset 41459
- CVE-2017-14721
Cross-site scripting (XSS) vulnerability in the plugin editor
Changeset 41413
- CVE-2017-14725
Open redirect in the user and term edit screens
Changeset 41418
- CVE-2017-14722
Path traversal vulnerability in the customizer
Changeset 41430
- CVE-2017-14720
Cross-site scripting (XSS) vulnerability in template names
Changeset 41413 (same as plugin editor)
- CVE-2017-14718
Cross-site scripting (XSS) vulnerability in the link modal
* Hash user activation key Closes: #877629
Fixes CVE-2017-14990
wpa (2:2.4-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix multiple issues in WPA protocol (CVE-2017-13077, CVE-2017-13078,
CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,
CVE-2017-13086, CVE-2017-13087, CVE-2017-13088):
- hostapd: Avoid key reinstallation in FT handshake
- Prevent reinstallation of an already in-use group key
- Extend protection of GTK/IGTK reinstallation of
- Fix TK configuration to the driver in EAPOL-Key 3/4
- Prevent installation of an all-zero TK
- Fix PTK rekeying to generate a new ANonce
- TDLS: Reject TPK-TK reconfiguration
- WNM: Ignore WNM-Sleep Mode Response if WNM-Sleep Mode
- WNM: Ignore WNM-Sleep Mode Response without pending
- FT: Do not allow multiple Reassociation Response frames
- TDLS: Ignore incoming TDLS Setup Response retries
xen (4.8.2+xsa245-0+deb9u1) stretch-security; urgency=high
.
* Update to upstream stable 4.8 branch, which is currently at Xen 4.8.2
plus a number of bugfixes and security fixes.
Result is that we now include security fixes for:
XSA-231 CVE-2017-14316
XSA-232 CVE-2017-14318
XSA-233 CVE-2017-14317
XSA-234 CVE-2017-14319
(235 already included in 4.8.1-1+deb9u3)
XSA-236 CVE-2017-15597
XSA-237 CVE-2017-15590
XSA-238 (no CVE yet)
XSA-239 CVE-2017-15589
XSA-240 CVE-2017-15595
XSA-241 CVE-2017-15588
XSA-242 CVE-2017-15593
XSA-243 CVE-2017-15592
XSA-244 CVE-2017-15594
XSA-245 (no CVE yet)
and a number of upstream functionality fixes, which are not easily
disentangled from the security fixes.
* Apply two more security fixes:
XSA-246 (no CVE yet)
XSA-247 (no CVE yet)
xml2 (0.4-3.1+deb9u1) stretch; urgency=medium
.
* QA upload.
* Set maintainer to Debian QA Group.
* Backport patch to fix corruption when dealing with UTF-8 files.
(Closes: #506805; Closes: #698072)
* Backport patch to fix usage string for 2csv tool.
(Closes: #506788)
xorg-server (2:1.19.2-1+deb9u2) stretch-security; urgency=high
.
* Unvalidated extra length in ProcEstablishConnection (CVE-2017-12176)
* dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo
(CVE-2017-12177)
* Xi: fix wrong extra length check in ProcXIChangeHierarchy (CVE-2017-12178)
* Xi: integer overflow and unvalidated length in
(S)ProcXIBarrierReleasePointer (CVE-2017-12179)
* Unvalidated lengths in
- XFree86-VidModeExtension (CVE-2017-12180)
- XFree86-DGA (CVE-2017-12181)
- XFree86-DRI (CVE-2017-12182)
- XFIXES (CVE-2017-12183)
- XINERAMA (CVE-2017-12184
- MIT-SCREEN-SAVER (CVE-2017-12185
- X-Resource (CVE-2017-12186
- RENDER (CVE-2017-12187)
* os: Make sure big requests have sufficient length.
* Xext/shm: Validate shmseg resource id (CVE-2017-13721)
* xkb: Handle xkb formated string output safely (CVE-2017-13723)
* xkb: Escape non-printable characters correctly.
* render: Fix out of boundary heap access
xrdp (0.9.1-9+deb9u1) stretch; urgency=medium
.
* Fix high CPU load on SSL shutdown. (Closes: #876976)
+ xrdp could in some situations cause permanent high load on a
system if an SSL shutdown got into an endless loop.
yadifa (2.2.3-1+deb9u1) stretch-security; urgency=medium
.
* Fixes an issue where a maliciously crafted message may block the server.
Closes: #876315, CVE-2017-14339
* Update build dependency for debhelper.
======================================
Sat, 07 Oct 2017 - Debian 9.2 released
======================================
=========================================================================
[Date: Sat, 07 Oct 2017 08:28:33 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
clapack | 3.2.1+dfsg-1 | source
libcblas-dev | 3.2.1+dfsg-1 | amd64, arm64, armel, armhf, mips, mips64el, mipsel, ppc64el, s390x
libcblas3 | 3.2.1+dfsg-1 | amd64, arm64, armel, armhf, mips, mips64el, mipsel, ppc64el, s390x
libclapack-dev | 3.2.1+dfsg-1 | amd64, arm64, armel, armhf, mips, mips64el, mipsel, ppc64el, s390x
libclapack3 | 3.2.1+dfsg-1 | amd64, arm64, armel, armhf, mips, mips64el, mipsel, ppc64el, s390x
libctmg-dev | 3.2.1+dfsg-1 | amd64, arm64, armel, armhf, mips, mips64el, mipsel, ppc64el, s390x
libctmg3 | 3.2.1+dfsg-1 | amd64, arm64, armel, armhf, mips, mips64el, mipsel, ppc64el, s390x
Closed bugs: 875565
------------------- Reason -------------------
outdated and unmaintained fork of lapack
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 07 Oct 2017 08:42:28 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
btrfs-modules-4.9.0-3-s390x-di | 4.9.30-2+deb9u3 | s390x
crc-modules-4.9.0-3-s390x-di | 4.9.30-2+deb9u3 | s390x
crypto-dm-modules-4.9.0-3-s390x-di | 4.9.30-2+deb9u3 | s390x
crypto-modules-4.9.0-3-s390x-di | 4.9.30-2+deb9u3 | s390x
dasd-extra-modules-4.9.0-3-s390x-di | 4.9.30-2+deb9u3 | s390x
dasd-modules-4.9.0-3-s390x-di | 4.9.30-2+deb9u3 | s390x
ext4-modules-4.9.0-3-s390x-di | 4.9.30-2+deb9u3 | s390x
fat-modules-4.9.0-3-s390x-di | 4.9.30-2+deb9u3 | s390x
fuse-modules-4.9.0-3-s390x-di | 4.9.30-2+deb9u3 | s390x
isofs-modules-4.9.0-3-s390x-di | 4.9.30-2+deb9u3 | s390x
kernel-image-4.9.0-3-s390x-di | 4.9.30-2+deb9u3 | s390x
linux-headers-4.9.0-3-all-s390x | 4.9.30-2+deb9u3 | s390x
linux-headers-4.9.0-3-s390x | 4.9.30-2+deb9u3 | s390x
linux-image-4.9.0-3-s390x | 4.9.30-2+deb9u3 | s390x
linux-image-4.9.0-3-s390x-dbg | 4.9.30-2+deb9u3 | s390x
loop-modules-4.9.0-3-s390x-di | 4.9.30-2+deb9u3 | s390x
md-modules-4.9.0-3-s390x-di | 4.9.30-2+deb9u3 | s390x
multipath-modules-4.9.0-3-s390x-di | 4.9.30-2+deb9u3 | s390x
nbd-modules-4.9.0-3-s390x-di | 4.9.30-2+deb9u3 | s390x
nic-modules-4.9.0-3-s390x-di | 4.9.30-2+deb9u3 | s390x
scsi-core-modules-4.9.0-3-s390x-di | 4.9.30-2+deb9u3 | s390x
scsi-modules-4.9.0-3-s390x-di | 4.9.30-2+deb9u3 | s390x
udf-modules-4.9.0-3-s390x-di | 4.9.30-2+deb9u3 | s390x
virtio-modules-4.9.0-3-s390x-di | 4.9.30-2+deb9u3 | s390x
xfs-modules-4.9.0-3-s390x-di | 4.9.30-2+deb9u3 | s390x
zlib-modules-4.9.0-3-s390x-di | 4.9.30-2+deb9u3 | s390x
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 07 Oct 2017 08:42:53 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
acpi-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
ata-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
btrfs-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
cdrom-core-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
crc-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
crypto-dm-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
crypto-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
efi-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
event-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
ext4-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
fat-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
fb-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
firewire-core-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
fuse-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
hyperv-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
i2c-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
input-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
isofs-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
jfs-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
kernel-image-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
linux-headers-4.9.0-3-all-amd64 | 4.9.30-2+deb9u3 | amd64
linux-headers-4.9.0-3-amd64 | 4.9.30-2+deb9u3 | amd64
linux-headers-4.9.0-3-rt-amd64 | 4.9.30-2+deb9u3 | amd64
linux-image-4.9.0-3-amd64 | 4.9.30-2+deb9u3 | amd64
linux-image-4.9.0-3-amd64-dbg | 4.9.30-2+deb9u3 | amd64
linux-image-4.9.0-3-rt-amd64 | 4.9.30-2+deb9u3 | amd64
linux-image-4.9.0-3-rt-amd64-dbg | 4.9.30-2+deb9u3 | amd64
loop-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
md-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
mmc-core-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
mmc-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
mouse-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
multipath-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
nbd-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
nic-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
nic-pcmcia-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
nic-shared-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
nic-usb-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
nic-wireless-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
ntfs-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
pata-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
pcmcia-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
pcmcia-storage-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
ppp-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
sata-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
scsi-core-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
scsi-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
serial-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
sound-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
speakup-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
squashfs-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
udf-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
uinput-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
usb-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
usb-serial-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
usb-storage-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
virtio-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
xfs-modules-4.9.0-3-amd64-di | 4.9.30-2+deb9u3 | amd64
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 07 Oct 2017 08:43:38 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
ata-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
btrfs-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
cdrom-core-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
crc-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
crypto-dm-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
crypto-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
event-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
ext4-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
fancontrol-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
fat-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
firewire-core-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
fuse-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
hypervisor-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
input-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
isofs-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
jfs-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
kernel-image-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
linux-headers-4.9.0-3-all-ppc64el | 4.9.30-2+deb9u3 | ppc64el
linux-headers-4.9.0-3-powerpc64le | 4.9.30-2+deb9u3 | ppc64el
linux-image-4.9.0-3-powerpc64le | 4.9.30-2+deb9u3 | ppc64el
linux-image-4.9.0-3-powerpc64le-dbg | 4.9.30-2+deb9u3 | ppc64el
loop-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
md-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
mouse-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
multipath-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
nbd-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
nic-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
nic-shared-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
ppp-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
sata-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
scsi-core-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
scsi-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
serial-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
squashfs-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
udf-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
uinput-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
usb-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
usb-serial-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
usb-storage-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
virtio-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
xfs-modules-4.9.0-3-powerpc64le-di | 4.9.30-2+deb9u3 | ppc64el
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 07 Oct 2017 08:43:53 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
linux-headers-4.9.0-3-all-mipsel | 4.9.30-2+deb9u3 | mipsel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 07 Oct 2017 08:44:12 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
affs-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
ata-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
btrfs-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
cdrom-core-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
crc-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
crypto-dm-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
crypto-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
event-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
ext4-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
fat-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
fb-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
firewire-core-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
fuse-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
hfs-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
input-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
isofs-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
jfs-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
kernel-image-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
linux-headers-4.9.0-3-loongson-3 | 4.9.30-2+deb9u3 | mips64el, mipsel
linux-image-4.9.0-3-loongson-3 | 4.9.30-2+deb9u3 | mips64el, mipsel
linux-image-4.9.0-3-loongson-3-dbg | 4.9.30-2+deb9u3 | mips64el, mipsel
loop-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
md-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
minix-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
multipath-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
nbd-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
nfs-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
nic-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
nic-shared-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
nic-usb-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
nic-wireless-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
ntfs-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
pata-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
ppp-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
sata-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
scsi-core-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
scsi-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
sound-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
speakup-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
squashfs-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
udf-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
usb-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
usb-serial-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
usb-storage-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
virtio-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
xfs-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
zlib-modules-4.9.0-3-loongson-3-di | 4.9.30-2+deb9u3 | mips64el, mipsel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 07 Oct 2017 08:44:36 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
affs-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
ata-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
btrfs-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
cdrom-core-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
crc-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
crypto-dm-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
crypto-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
event-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
ext4-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
fat-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
fuse-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
hfs-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
i2c-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
input-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
isofs-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
jfs-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
kernel-image-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
linux-headers-4.9.0-3-all-mips64el | 4.9.30-2+deb9u3 | mips64el
loop-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
md-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
minix-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
mmc-core-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
mmc-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
mouse-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
multipath-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
nbd-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
nic-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
nic-shared-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
nic-usb-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
nic-wireless-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
ntfs-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
pata-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
ppp-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
sata-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
scsi-core-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
scsi-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
sound-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
squashfs-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
udf-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
usb-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
usb-serial-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
usb-storage-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
virtio-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
xfs-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
zlib-modules-4.9.0-3-5kc-malta-di | 4.9.30-2+deb9u3 | mips64el
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 07 Oct 2017 08:45:01 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
affs-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
ata-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
btrfs-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
cdrom-core-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
crc-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
crypto-dm-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
crypto-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
event-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
ext4-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
fat-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
fuse-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
hfs-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
i2c-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
input-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
isofs-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
jfs-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
kernel-image-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
linux-headers-4.9.0-3-4kc-malta | 4.9.30-2+deb9u3 | mips, mipsel
linux-image-4.9.0-3-4kc-malta | 4.9.30-2+deb9u3 | mips, mipsel
linux-image-4.9.0-3-4kc-malta-dbg | 4.9.30-2+deb9u3 | mips, mipsel
loop-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
md-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
minix-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
mmc-core-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
mmc-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
mouse-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
multipath-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
nbd-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
nic-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
nic-shared-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
nic-usb-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
nic-wireless-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
ntfs-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
pata-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
ppp-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
sata-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
scsi-core-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
scsi-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
sound-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
squashfs-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
udf-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
usb-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
usb-serial-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
usb-storage-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
virtio-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
xfs-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
zlib-modules-4.9.0-3-4kc-malta-di | 4.9.30-2+deb9u3 | mips, mipsel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 07 Oct 2017 08:45:23 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
affs-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
btrfs-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
cdrom-core-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
crc-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
crypto-dm-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
crypto-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
event-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
ext4-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
fat-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
fuse-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
hfs-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
input-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
isofs-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
jfs-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
kernel-image-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
linux-headers-4.9.0-3-5kc-malta | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
linux-headers-4.9.0-3-octeon | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
linux-image-4.9.0-3-5kc-malta | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
linux-image-4.9.0-3-5kc-malta-dbg | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
linux-image-4.9.0-3-octeon | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
linux-image-4.9.0-3-octeon-dbg | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
loop-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
md-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
minix-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
multipath-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
nbd-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
nic-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
nic-shared-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
nic-usb-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
nic-wireless-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
ntfs-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
pata-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
ppp-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
rtc-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
sata-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
scsi-core-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
scsi-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
sound-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
squashfs-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
udf-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
usb-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
usb-serial-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
usb-storage-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
virtio-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
xfs-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
zlib-modules-4.9.0-3-octeon-di | 4.9.30-2+deb9u3 | mips, mips64el, mipsel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 07 Oct 2017 08:45:45 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
linux-headers-4.9.0-3-all-mips | 4.9.30-2+deb9u3 | mips
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 07 Oct 2017 08:46:25 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
acpi-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
acpi-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
ata-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
ata-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
btrfs-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
btrfs-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
cdrom-core-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
cdrom-core-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
crc-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
crc-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
crypto-dm-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
crypto-dm-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
crypto-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
crypto-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
efi-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
efi-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
event-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
event-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
ext4-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
ext4-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
fat-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
fat-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
fb-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
fb-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
firewire-core-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
firewire-core-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
fuse-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
fuse-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
hyperv-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
hyperv-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
i2c-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
i2c-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
input-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
input-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
isofs-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
isofs-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
jfs-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
jfs-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
kernel-image-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
kernel-image-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
linux-headers-4.9.0-3-686 | 4.9.30-2+deb9u3 | i386
linux-headers-4.9.0-3-686-pae | 4.9.30-2+deb9u3 | i386
linux-headers-4.9.0-3-all-i386 | 4.9.30-2+deb9u3 | i386
linux-headers-4.9.0-3-rt-686-pae | 4.9.30-2+deb9u3 | i386
linux-image-4.9.0-3-686 | 4.9.30-2+deb9u3 | i386
linux-image-4.9.0-3-686-dbg | 4.9.30-2+deb9u3 | i386
linux-image-4.9.0-3-686-pae | 4.9.30-2+deb9u3 | i386
linux-image-4.9.0-3-686-pae-dbg | 4.9.30-2+deb9u3 | i386
linux-image-4.9.0-3-rt-686-pae | 4.9.30-2+deb9u3 | i386
linux-image-4.9.0-3-rt-686-pae-dbg | 4.9.30-2+deb9u3 | i386
loop-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
loop-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
md-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
md-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
mmc-core-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
mmc-core-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
mmc-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
mmc-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
mouse-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
mouse-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
multipath-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
multipath-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
nbd-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
nbd-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
nic-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
nic-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
nic-pcmcia-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
nic-pcmcia-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
nic-shared-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
nic-shared-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
nic-usb-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
nic-usb-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
nic-wireless-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
nic-wireless-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
ntfs-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
ntfs-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
pata-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
pata-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
pcmcia-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
pcmcia-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
pcmcia-storage-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
pcmcia-storage-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
ppp-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
ppp-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
sata-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
sata-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
scsi-core-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
scsi-core-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
scsi-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
scsi-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
serial-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
serial-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
sound-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
sound-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
speakup-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
speakup-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
squashfs-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
squashfs-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
udf-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
udf-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
uinput-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
uinput-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
usb-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
usb-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
usb-serial-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
usb-serial-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
usb-storage-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
usb-storage-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
virtio-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
virtio-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
xfs-modules-4.9.0-3-686-di | 4.9.30-2+deb9u3 | i386
xfs-modules-4.9.0-3-686-pae-di | 4.9.30-2+deb9u3 | i386
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 07 Oct 2017 08:46:42 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
ata-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
btrfs-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
crc-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
crypto-dm-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
crypto-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
efi-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
event-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
ext4-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
fat-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
fb-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
fuse-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
i2c-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
input-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
isofs-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
jfs-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
kernel-image-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
leds-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
linux-headers-4.9.0-3-all-armhf | 4.9.30-2+deb9u3 | armhf
linux-headers-4.9.0-3-armmp | 4.9.30-2+deb9u3 | armhf
linux-headers-4.9.0-3-armmp-lpae | 4.9.30-2+deb9u3 | armhf
linux-image-4.9.0-3-armmp | 4.9.30-2+deb9u3 | armhf
linux-image-4.9.0-3-armmp-dbg | 4.9.30-2+deb9u3 | armhf
linux-image-4.9.0-3-armmp-lpae | 4.9.30-2+deb9u3 | armhf
linux-image-4.9.0-3-armmp-lpae-dbg | 4.9.30-2+deb9u3 | armhf
loop-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
md-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
mmc-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
mtd-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
multipath-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
nbd-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
nic-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
nic-shared-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
nic-usb-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
nic-wireless-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
pata-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
ppp-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
sata-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
scsi-core-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
scsi-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
squashfs-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
udf-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
uinput-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
usb-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
usb-storage-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
virtio-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
zlib-modules-4.9.0-3-armmp-di | 4.9.30-2+deb9u3 | armhf
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 07 Oct 2017 08:47:25 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
btrfs-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
cdrom-core-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
crc-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
crypto-dm-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
crypto-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
event-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
ext4-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
fat-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
fb-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
fuse-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
input-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
ipv6-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
isofs-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
jffs2-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
jfs-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
kernel-image-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
leds-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
linux-headers-4.9.0-3-all-armel | 4.9.30-2+deb9u3 | armel
linux-headers-4.9.0-3-marvell | 4.9.30-2+deb9u3 | armel
linux-image-4.9.0-3-marvell | 4.9.30-2+deb9u3 | armel
linux-image-4.9.0-3-marvell-dbg | 4.9.30-2+deb9u3 | armel
loop-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
md-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
minix-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
mmc-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
mouse-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
mtd-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
multipath-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
nbd-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
nic-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
nic-shared-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
nic-usb-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
ppp-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
sata-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
scsi-core-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
squashfs-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
udf-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
uinput-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
usb-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
usb-serial-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
usb-storage-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
zlib-modules-4.9.0-3-marvell-di | 4.9.30-2+deb9u3 | armel
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 07 Oct 2017 08:47:44 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
ata-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
btrfs-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
cdrom-core-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
crc-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
crypto-dm-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
crypto-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
efi-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
event-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
ext4-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
fat-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
fb-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
fuse-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
i2c-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
input-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
isofs-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
jfs-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
kernel-image-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
leds-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
linux-headers-4.9.0-3-all-arm64 | 4.9.30-2+deb9u2 | arm64
linux-headers-4.9.0-3-arm64 | 4.9.30-2+deb9u2 | arm64
linux-image-4.9.0-3-arm64 | 4.9.30-2+deb9u2 | arm64
linux-image-4.9.0-3-arm64-dbg | 4.9.30-2+deb9u2 | arm64
loop-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
md-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
mmc-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
multipath-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
nbd-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
nic-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
nic-shared-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
nic-usb-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
nic-wireless-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
ppp-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
sata-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
scsi-core-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
scsi-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
squashfs-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
udf-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
uinput-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
usb-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
usb-storage-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
virtio-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
xfs-modules-4.9.0-3-arm64-di | 4.9.30-2+deb9u2 | arm64
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 07 Oct 2017 08:48:06 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
linux-headers-4.9.0-3-all | 4.9.30-2+deb9u2 | arm64
linux-headers-4.9.0-3-all | 4.9.30-2+deb9u3 | amd64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by linux)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 07 Oct 2017 08:49:10 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
firefox-esr-dbg | 45.9.0esr-1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
------------------- Reason -------------------
[auto-cruft] NBS (no longer built by firefox-esr)
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 07 Oct 2017 08:57:04 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
firefox-esr-l10n-be | 45.9.0esr-1 | all
------------------- Reason -------------------
[auto-cruft] no longer built from source
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 07 Oct 2017 08:57:35 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
iceweasel-dbg | 45.9.0esr-1 | all
------------------- Reason -------------------
[auto-cruft] no longer built from source
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 07 Oct 2017 08:57:46 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
iceweasel-l10n-be | 1:45.9.0esr-1 | all
------------------- Reason -------------------
[auto-cruft] no longer built from source
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 07 Oct 2017 08:57:59 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
linux-headers-4.9.0-3-common | 4.9.30-2+deb9u3 | all
------------------- Reason -------------------
[auto-cruft] no longer built from source
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 07 Oct 2017 08:58:10 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
linux-headers-4.9.0-3-common-rt | 4.9.30-2+deb9u3 | all
------------------- Reason -------------------
[auto-cruft] no longer built from source
----------------------------------------------
=========================================================================
=========================================================================
[Date: Sat, 07 Oct 2017 08:58:23 +0000] [ftpmaster: Ansgar Burchardt]
Removed the following packages from stable:
linux-support-4.9.0-3 | 4.9.30-2+deb9u3 | all
------------------- Reason -------------------
[auto-cruft] no longer built from source
----------------------------------------------
=========================================================================
aodh (3.0.0-4+deb9u1) stretch-security; urgency=medium
.
* CVE-2017-12440: apply upstream patch (Closes: #872605).
apache2 (2.4.25-3+deb9u3) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2017-9798: Use-after-free by limiting unregistered HTTP method
(Closes: #876109)
apache2 (2.4.25-3+deb9u2) stretch-security; urgency=medium
.
* CVE-2017-9788: mod_auth_digest: Fix leak of uninitialized memory
apt (1.4.8) stretch; urgency=medium
.
[ Balint Reczey ]
* Gracefully terminate process when stopping apt-daily-upgrade (LP: #1690980)
.
[ David Kalnischkies ]
* don't ask an uninit _system for supported archs, this
crashes the mirror method (LP: #1613184)
.
[ Julian Andres Klode ]
* Do not warn about duplicate "legacy" targets (Closes: #839259)
(LP: #1697120)
* apt-daily: Pull in network-online.target in service, not timer
- this can cause a severe boot performance regression / hang
(LP: #1716973)
asterisk (1:13.14.1~dfsg-2+deb9u1) stretch-security; urgency=high
.
* CVE-2017-14099 / AST-2017-005
Media takeover in RTP stack ("RTP bleed") (Closes: #873907)
* CVE-2017-14100 / AST-2017-006
Shell access command injection in app_minivm (Closes: #873908)
at-spi2-core (2.22.0-6+deb9u1) stretch; urgency=medium
.
* patches/accessible_get_parent.diff: Upstream fix for crash on switching
between windows (Closes: Bug#872912).
atril (1.16.1-2+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload
* Add 0001-CVE-2017-1000083-comics-Remove-support-for-tar-and-tar-like-command.patch
Fixes a command injection vulnerability in CBT handler. CVE-2017-1000083
(Closes: #868500)
augeas (1.8.0-1+deb9u1) stretch-security; urgency=high
.
* Add patch to fix CVE-2017-7555 (Closes: #872400)
bareos (16.2.4-3+deb9u1) stretch; urgency=medium
.
* Fix permissions of bareos-dir logrotate config on upgrade. (Closes: #864926)
* Remove duplicate config check call in the init script.
- Avoids (harmless) warning when /etc/bareos/bareos-dir.conf doesn't exist.
* Fix file corruption when using SHA1 signature. (Closes: #869608)
* Add autopkgtest for SHA1 signature.
bind9 (1:9.10.3.dfsg.P4-12.3+deb9u3) stretch; urgency=medium
.
[ Bernhard Schmidt ]
* Import upcoming DNSSEC KSK-2017 from 9.10.5
.
[ Ondřej Surý ]
* Non-maintainer upload.
bind9 (1:9.10.3.dfsg.P4-12.3+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* debian/patches:
- CVE-2017-3142_regression added, fix a regression introduced in with the
correction for CVE-2017-3142.
bluez (5.43-2+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2017-1000250: information disclosure vulnerability in
service_search_attr_req (Closes: #875633)
bridge-utils (1.5-13+deb9u1) stretch; urgency=low
.
* Fix a problem with some vlan interfaces not being created.
Closes: #866687.
caja (1.16.6-1+deb9u1) stretch; urgency=medium
.
[ Pablo Barciela ]
* debian/patches:
+ Add 0001_fix-high-cpu-while-loading-background-image.patch. (Closes:
#875717).
catdoc (1:0.94.3~git20160113.dbc9ec6+dfsg-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2017-11110: Heap buffer overflow in ole_init (Closes: #867717)
chromium-browser (61.0.3163.100-1~deb9u1) stretch-security; urgency=medium
.
* New upstream stable release
- CVE-2017-5111: Use after free in PDFium. Reported by Luáºt Nguyá»…n
- CVE-2017-5112: Heap buffer overflow in WebGL. Reported by Tobias Klein
- CVE-2017-5113: Heap buffer overflow in Skia. Reported by Anonymous
- CVE-2017-5114: Memory lifecycle issue in PDFium. Reported by Ke Liu
- CVE-2017-5115: Type confusion in V8. Reported by Marco Giovannini
- CVE-2017-5116: Type confusion in V8. Reported by Anonymous
- CVE-2017-5117: Use of uninitialized value in Skia. Reported by Tobias
Klein
- CVE-2017-5118: Bypass of Content Security Policy in Blink. Reported by
WenXu Wu
- CVE-2017-5119: Use of uninitialized value in Skia. Reported by Anonymous
- CVE-2017-5120: Potential HTTPS downgrade during redirect navigation.
Reported by Xiaoyin Liu
- CVE-2017-5121: Out-of-bounds access in V8. Reported by Jordan Rabet
- CVE-2017-5122: Out-of-bounds access in V8. Reported by Choongwoo Han
chromium-browser (60.0.3112.78-1) unstable; urgency=medium
.
* New upstream stable release:
- CVE-2017-5091: Use after free in IndexedDB. Reported by Ned Williamson
- CVE-2017-5092: Use after free in PPAPI. Reported by Yu Zhou, Yuan Deng
- CVE-2017-5093: UI spoofing in Blink. Reported by Luan Herrera
- CVE-2017-5094: Type confusion in extensions. Reported by Anonymous
- CVE-2017-5095: Out-of-bounds write in PDFium. Reported by Anonymous
- CVE-2017-5096: User information leak via Android intents. Reported by
Takeshi Terada
- CVE-2017-5097: Out-of-bounds read in Skia. Reported by Anonymous
- CVE-2017-5098: Use after free in V8. Reported by Jihoon Kim
- CVE-2017-5099: Out-of-bounds write in PPAPI. Reported by Yuan Deng, Yu
Zhou
- CVE-2017-5100: Use after free in Chrome Apps. Reported by Anonymous
- CVE-2017-5101: URL spoofing in OmniBox. Reported by Luan Herrera
- CVE-2017-5102: Uninitialized use in Skia. Reported by Anonymous
- CVE-2017-5103: Uninitialized use in Skia. Reported by Anonymous
- CVE-2017-5104: UI spoofing in browser. Reported by Khalil Zhani
- CVE-2017-7000: Pointer disclosure in SQLite. Reported by Chaitin Security
Research Lab
- CVE-2017-5105: URL spoofing in OmniBox. Reported by Rayyan Bijoora
- CVE-2017-5106: URL spoofing in OmniBox. Reported by Jack Zac
- CVE-2017-5107: User information leak via SVG. Reported by David
Kohlbrenner
- CVE-2017-5108: Type confusion in PDFium. Reported by Guang Gong
- CVE-2017-5109: UI spoofing in browser. Reported by José MarÃa Acuña
Morgado
- CVE-2017-5110: UI spoofing in payments dialog. Reported by xisigr
chromium-browser (60.0.3112.78-1~deb9u1) stretch-security; urgency=medium
.
* New upstream stable release.
- CVE-2017-5087: Sandbox Escape in IndexedDB. Reported by Ned Williamson
- CVE-2017-5088: Out of bounds read in V8. Reported by Xiling Gong
- CVE-2017-5089: Domain spoofing in Omnibox. Reported by Michał Bentkowski
- CVE-2017-5091: Use after free in IndexedDB. Reported by Ned Williamson
- CVE-2017-5092: Use after free in PPAPI. Reported by Yu Zhou, Yuan Deng
- CVE-2017-5093: UI spoofing in Blink. Reported by Luan Herrera
- CVE-2017-5094: Type confusion in extensions. Reported by Anonymous
- CVE-2017-5095: Out-of-bounds write in PDFium. Reported by Anonymous
- CVE-2017-5096: User information leak via Android intents. Reported by
Takeshi Terada
- CVE-2017-5097: Out-of-bounds read in Skia. Reported by Anonymous
- CVE-2017-5098: Use after free in V8. Reported by Jihoon Kim
- CVE-2017-5099: Out-of-bounds write in PPAPI. Reported by Yuan Deng, Yu
Zhou
- CVE-2017-5100: Use after free in Chrome Apps. Reported by Anonymous
- CVE-2017-5101: URL spoofing in OmniBox. Reported by Luan Herrera
- CVE-2017-5102: Uninitialized use in Skia. Reported by Anonymous
- CVE-2017-5103: Uninitialized use in Skia. Reported by Anonymous
- CVE-2017-5104: UI spoofing in browser. Reported by Khalil Zhani
- CVE-2017-5105: URL spoofing in OmniBox. Reported by Rayyan Bijoora
- CVE-2017-5106: URL spoofing in OmniBox. Reported by Jack Zac
- CVE-2017-5107: User information leak via SVG. Reported by David
Kohlbrenner
- CVE-2017-5108: Type confusion in PDFium. Reported by Guang Gong
- CVE-2017-5109: UI spoofing in browser. Reported by José MarÃa Acuña
Morgado
- CVE-2017-5110: UI spoofing in payments dialog. Reported by xisigr
- CVE-2017-7000: Pointer disclosure in SQLite. Reported by Chaitin Security
Research Lab
chromium-browser (60.0.3112.72-1) unstable; urgency=medium
.
* New upstream beta release.
- Adds support for gcc 6.4 (closes: #868926).
* Update to debhelper version 10.
* Update to standards version 4.0.0.
* Only include pak files that are needed.
* Drop chromedriver transitional package.
* Drop ffmpeg.patch, now applied upstream.
* Drop libgnome-keyring-dev build dependency (closes: #867917).
* Install chromium-shell to /usr/lib/chromium (closes: #864565).
- Thanks to Bert Schulze.
chromium-browser (59.0.3071.104-1) unstable; urgency=medium
.
* New upstream security release.
- CVE-2017-5087: Sandbox Escape in IndexedDB. Reported by Ned Williamson
- CVE-2017-5088: Out of bounds read in V8. Reported by Xiling Gong
- CVE-2017-5089: Domain spoofing in Omnibox. Reported by Michał Bentkowski
* Update get-orig-source to support really long arguments to tar --delete.
chrony (3.0-4+deb9u1) stretch; urgency=medium
.
* debian/chrony.if-up:
- Do not pass the “burst†command to chronyc as the script could return an
error in certain situations. As a consequence, that would prevent ifupdown
from writing the current state of the interfaces in /run/network/ifstate.
Thanks to John Eikenberry <jae@zhar.net> for reporting that issue.
(Closes: #868491)
.
* debian/chrony.ppp.ip-up:
- Take the same action as for the “chrony.if-up†script as a precautionary
measure.
connman (1.33-3+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2017-12865: Fix crash on malformed DNS response (Closes: #872844)
cross-gcc (113+deb9u1) stretch; urgency=medium
.
* Fixup outdated patch for gcc 6.3.0-18 in stable (Closes: 865493)
cvs (2:1.12.13+real-22+deb9u1) stretch-security; urgency=high
.
* Fix CVE-2017-12836 (Closes: #871810)
cvxopt (1.1.4-1.5+deb9u1) stretch; urgency=medium
.
* Team upload.
* d/p/glpk-4.49.diff: remove the compatibility layer for lpx_main(), it is
not needed and uses a missing symbol. (Closes: #840159)
db5.3 (5.3.28-12+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* CVE-2017-10140: Reads DB_CONFIG from the current working directory.
Do not access DB_CONFIG when db_home is not set. (Closes: #872436)
dbus (1.10.22-0+deb9u1) stretch; urgency=medium
.
* New upstream stable release
- d/copyright: Update
- Drop Doxygen reproducibility patch, applied upstream
- d/p/backports/Replace-DBUS_USE_TEST_BINARY-(etc.).patch:
Update backported patch to apply to 1.10.22
* debian/gbp.conf: Set git branch to debian/stretch
dbus (1.10.20-1) unstable; urgency=medium
.
* New upstream stable release
- Drop Doxygen reproducibility patch, applied upstream
* Merge packaging from experimental:
- Don't capture build directory in the debug build, using a patch
backported from upstream git master
- Move doxygen and xsltproc to Build-Depends-Indep, and don't
build documentation when not building dbus-1-doc. This speeds
up architecture-specific builds.
- Remove support for DEB_BUILD_OPTIONS="nodoc noudeb". Use build
profiles instead; support nocheck, nodoc, noudeb and stage1 profiles
(Closes: #728820)
- Simplify the layout of the debug build.
- Drop the dbus-1-dbg binary package. Move the debug build to
dbus-tests, and the debug symbols to automatically generated
-dbgsym packages.
- Don't run the installed-tests two different ways, just use
gnome-desktop-testing.
- Configure the debug build with --enable-embedded-tests rather than
--enable-tests. The latter requires python, python-dbus and python-gi,
but only for build-time tests that we do not actually run (#630152).
+ Drop build-dependencies on python, python-dbus and python-gi
+ This should make dbus much easier to cross-compile (Closes: #560834)
- gnome-desktop-testing: Require xauth and xvfb-run for better test
coverage
- Clean up upgrade/compatibility code that is no longer needed:
+ Stop creating the symlinks required to keep dbus-daemon 1.8
from Debian 8 'jessie' able to reload configuration after
an upgrade to dbus 1.10 in Debian 9 'stretch'. Upgrades that
skip a stable release are not supported.
+ On upgrade, remove compatibility symlinks created by that
upgrade, if they exist.
+ Stop cleaning those symlinks up during package removal.
- Stop patching system.conf, session.conf to load
/etc/dbus-1/*.conf.dpkg-bak.
- debian/copyright: Use https for Format and Source
- debian/dbus.triggers: Add a trigger on /usr/share/dbus-1/system.d
to reload the dbus-daemon
- Unversion (build)-dependencies that are satisfied in oldstable
- Declare Policy 4.0.0 compliance
- Use the debug-build binaries to run the debug-build tests
debian-edu-doc (1.921~20170603+deb9u2) stretch; urgency=medium
.
* Merge stretch related documentation and translation updates from the
debian-edu-doc package in sid:
* Update Debian Edu Stretch manual from the wiki.
.
[ Wolfgang Schweer ]
* Replace existing boot menu screenshots with recent ones from the wiki.
* documentation/debian-edu-stretch: Add Debian_Edu_Network_Stretch.odg
as source for the related (en|fr|de) PNG files.
.
[ Stretch Manual translation updates ]
* Simplified Chinese: Ma Yong.
* Italian: Claudio Carboncini.
* German: Wolfgang Schweer.
* Japanese: Victory, also provided screenshots in Japanese.
* Norwegian Bokmål: Petter Reinholdtsen.
* Dutch: Frans Spiesschaert.
debian-installer (20170615+deb9u2) stretch; urgency=medium
.
* Bump Linux kernel version from 4.9.0-3 to 4.9.0-4. This is unusual,
but the linux kernel ABI got bumped in stable.
debian-installer-netboot-images (20170615+deb9u2) stretch; urgency=medium
.
* Update to 20170615+deb9u2 images, from stretch-proposed-updates
desktop-base (9.0.2+deb9u1) stretch; urgency=medium
.
* Ensure postinst doesn’t fails on upgrade even when an incomplete theme pack
is active. (Closes: #858643)
* Fix XML syntax errors in gnome wallpaper description files making Joy
wallpapers unavailable by default. (Closes: #862228)
dns-root-data (2017072601~deb9u1) stretch; urgency=high
.
* Update root.hints to 2017072601 version
* Add gbp.conf for master-stretch branch
* Change the state of KSK-2017 to VALID
dns-root-data (2017072601~deb8u1) jessie; urgency=high
.
* Add KSK-2017 to root.key file
* Update root.hints to 2017072601 version
* Add gbp.conf for master-jessie branch
dns-root-data (2017071401) unstable; urgency=medium
.
* Update the root.hints to 2017060102 version
* Change the state of KSK-2017 to VALID
dnsdist (1.1.0-2+deb9u1) stretch; urgency=medium
.
* Fix CVE-2016-7069, CVE-2017-7557 using patches from upstream
(Closes: #872854)
dnsviz (0.6.4-1+deb9u1) stretch; urgency=medium
.
* Cherry-pick upstream fixes related to root.hints and root.keys changes
* Update gbp.conf for debian/stretch branch
dose3 (5.0.1-8+deb9u1) stretch; urgency=medium
.
* patch virtual_provides: packages that provide the same virtual package
in different versions, or that provide the same versioned virtual package
as a real package, are co-installable (closes: #867104).
* add test-case for versioned virtual packages
ecl (15.3.7+dfsg1-2+deb9u1) stretch; urgency=medium
.
* Team upload.
* Add dependency on libffi-dev for ecl (Closes: #873091).
emacs24 (24.5+1-11+deb9u1) stretch-security; urgency=medium
.
* Remove unsafe enriched mode translations
emacs25 (25.1+1-4+deb9u1) stretch-security; urgency=high
.
* Block remote code execution via enriched text. Add
0012-A-remote-execution-exploit-via-enriched-text-has-bee.patch to
fix the problem. Thanks to David Bremner for the alert and
Salvatore Bonaccorso for reporting the problem to Debian.
(Closes: 875447)
enigmail (2:1.9.8.1-1~deb9u1) stretch-security; urgency=medium
.
* Rebuild for stretch-security (Closes: #869774)
.
enigmail (2:1.9.8.1-1) unstable; urgency=medium
.
* new upstream release
.
enigmail (2:1.9.8-1) unstable; urgency=medium
.
* New upstream release.
* Standards-Version to 4.0.0 (no changes needed)
* use dpkg/pkg-info.mk instead of dpkg-parsechangelog
* use wrap-and-sort -ast
enigmail (2:1.9.8.1-1~deb8u1) jessie-security; urgency=medium
.
* Rebuild for jessie-security (Closes: #869774)
.
enigmail (2:1.9.8.1-1) unstable; urgency=medium
.
* new upstream release
.
enigmail (2:1.9.8-1) unstable; urgency=medium
.
* New upstream release.
* Standards-Version to 4.0.0 (no changes needed)
* use dpkg/pkg-info.mk instead of dpkg-parsechangelog
* use wrap-and-sort -ast
.
enigmail (2:1.9.7-2) unstable; urgency=medium
.
* enable re-certifying keys with expired certs (Closes: #863273)
.
enigmail (2:1.9.7-1) unstable; urgency=medium
.
* new upstream bugfix release
.
enigmail (2:1.9.6-2) unstable; urgency=medium
.
* pulled a bugfix from upstream, refreshed patches
.
enigmail (2:1.9.6-1) unstable; urgency=medium
.
* new upstream release
.
enigmail (2:1.9.5-7) unstable; urgency=medium
.
* fix "exchange repair" variant format of e-mail
.
enigmail (2:1.9.5-6) unstable; urgency=medium
.
* refresh patches from upstream enigmail-1.9-branch
.
enigmail (2:1.9.5-5) unstable; urgency=medium
.
* fix query for getKeyFileType (Closes: #842212)
.
enigmail (2:1.9.5-4) unstable; urgency=medium
.
* avoid parallel build failures
.
enigmail (2:1.9.5-3) unstable; urgency=medium
.
* more patches from upstream
* bump to debhelper 10 (no changes needed)
.
enigmail (2:1.9.5-2) unstable; urgency=medium
.
* include two patches from upstream
.
enigmail (2:1.9.5-1) unstable; urgency=medium
.
* new upstream release
.
enigmail (2:1.9.4-1) unstable; urgency=medium
.
* new upstream release
.
enigmail (2:1.9.3-2) unstable; urgency=medium
.
* pulled more fixes from upstream
.
enigmail (2:1.9.3-1) unstable; urgency=medium
.
* new upstream release
.
enigmail (2:1.9.2-1) unstable; urgency=medium
.
* new upstream release
* drop old upstream patches, pull more fixes from upstream
.
enigmail (2:1.9.1-2) unstable; urgency=medium
.
* changed dependencies to acknowledge newer versions of gnupg.
* bumped Standards-Version to 3.9.8 (no changes needed)
.
enigmail (2:1.9.1-1) unstable; urgency=medium
.
* new upstream release
* incorporated some additional minor patches from upstream's
enigmial-1.9-branch as well.
.
enigmail (2:1.9-1) unstable; urgency=medium
.
* new upstream release
* include upstream fix for excessive dumping
* bumped Standards-Version to 3.9.7 (no changes needed)
.
enigmail (2:1.9~beta2+16.gd99b-1) experimental; urgency=medium
.
* new upstream snapshot
.
enigmail (2:1.9~beta2-1) experimental; urgency=medium
.
* new upstream beta release.
* depend directly on gnupg2 -- 1.9 and later won't work with gpg1.
.
enigmail (2:1.9~beta1-1) experimental; urgency=medium
.
* package new upstream beta for experimental.
.
enigmail (2:1.8.2-4) unstable; urgency=medium
.
* pass through {GTK,QT}_IM_MODULE, XMODIFIERS, and
DBUS_SESSION_BUS_ADDRESS so that modern pinentry works. (Closes: #794627)
* correct reported version number of enigmail
enigmail (2:1.9.8-1) unstable; urgency=medium
.
* New upstream release.
* Standards-Version to 4.0.0 (no changes needed)
* use dpkg/pkg-info.mk instead of dpkg-parsechangelog
* use wrap-and-sort -ast
erlang-p1-tls (1.0.7-2+deb9u1) stretch; urgency=medium
.
* Added backported upstream patch to "use openssl built-in function for
setting up ECDH curves" (Closes: 871264)
Thanks Adrien Dorsaz for reporting and providing the patch.
evolution (3.22.6-1+deb9u1) stretch; urgency=medium
.
[ Phil Wyett ]
* Added debian/patches/20_composer_hangs_right_click.patch.
- Backport patch from git - Fix hangs on right click in composer window.
(Closes: #871626)
expat (2.2.0-2+deb9u1) stretch-security; urgency=high
.
* Replace the Mozilla CVE-2016-9063 fix with the more complete, upstream
one.
* Fix CVE-2017-9233: external entity infinite loop DoS.
expect (5.45-7+deb9u1) stretch; urgency=medium
.
* Added a patch by Georg-Johann Lay which now properly checks for EOF
and doesn't lose input when there are some characters in the input buffer
and EOF flag happens.
ffmpeg (7:3.2.7-1~deb9u1) stretch-security; urgency=high
.
* New upstream release.
- apadec: Fix integer overflow. (CVE-2016-11399)
- rtmppkt: Fix out-of-bound access. (CVE-2017-11665)
- dnxhddec: Fix out-of-bound access. (CVE-2017-11719)
- dnxhd_parser: Fix NULL pointer access. (CVE-2017-9608)
- hls, avidec: Check file extensions. (CVE-2017-9993)
ffmpeg (7:3.2.6-1) unstable; urgency=medium
.
* Team upload.
* New upstream release.
* debian/control: Bump Standards-Version.
fife (0.4.0-3+deb9u1) stretch; urgency=medium
.
* Team upload.
* Add 1000-icon-mem-leak.patch and fix a memory leak.
Thanks to Petter Reinholdtsen for the report and testing and LinuxDonald
for the patch. (Closes: #871782)
file (1:5.30-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2017-1000249: stack based buffer overflow via specially crafted .notes
section in an ELF binary
firefox-esr (52.4.0esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2017-22, also known as:
CVE-2017-7793, CVE-2017-7818, CVE-2017-7819, CVE-2017-7824,
CVE-2017-7805, CVE-2017-7814, CVE-2017-7823, CVE-2017-7810.
* debian/rules: Really build with gcc 6 on unstable. Closes: #871583.
.
* js/src/jsmath.cpp: Add GETRANDOM_NR definition for powerpc and mips.
bz#1389281.
* media/libcubeb/tests/moz.build: Fixup workaround for binutil assertion on
mips.
firefox-esr (52.4.0esr-1~deb8u1) jessie-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2017-22, also known as:
CVE-2017-7793, CVE-2017-7818, CVE-2017-7819, CVE-2017-7824,
CVE-2017-7805, CVE-2017-7814, CVE-2017-7823, CVE-2017-7810.
* debian/rules: Really build with gcc 6 on unstable. Closes: #871583.
firefox-esr (52.3.0esr-2) unstable; urgency=medium
.
* debian/rules: Really build with gcc 6. Closes: #871583.
firefox-esr (52.3.0esr-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2017-19, also known as:
CVE-2017-7798, CVE-2017-7800, CVE-2017-7801, CVE-2017-7784,
CVE-2017-7802, CVE-2017-7785, CVE-2017-7786, CVE-2017-7753,
CVE-2017-7787, CVE-2017-7807, CVE-2017-7792, CVE-2017-7791,
CVE-2017-7803, CVE-2017-7779.
.
* debian/upstream.mk: Set DIST differently for experimental.
* debian/control*, debian/rules: Build with gcc 6 because display is broken
with gcc 7.
.
* FTBFS fixes:
- js/src/jsmath.cpp: Define GETRANDOM_NR on more artitectures. bz#1352236,
bz#1357874.
- media/libyuv/source/row_mips.cc: Only use the perf opcode on mips arches
that support it. bz#1012232.
firefox-esr (52.3.0esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2017-19, also known as:
CVE-2017-7798, CVE-2017-7800, CVE-2017-7801, CVE-2017-7784,
CVE-2017-7802, CVE-2017-7785, CVE-2017-7786, CVE-2017-7753,
CVE-2017-7787, CVE-2017-7807, CVE-2017-7792, CVE-2017-7791,
CVE-2017-7803, CVE-2017-7779.
.
* debian/upstream.mk:
- Consider testing/unstable as buster, which implies build depending on
system nspr, nss and sqlite again.
- Support DEB_DISTRIBUTION being bustersomething or sid.
Closes: #865650.
.
* debian/upstream.mk: Set DIST differently for experimental.
* debian/control*, debian/rules: Build with gcc 6 because display is broken
with gcc 7.
.
* FTBFS fixes:
- js/src/jsmath.cpp: Define GETRANDOM_NR on more artitectures. bz#1352236,
bz#1357874.
- media/libyuv/source/row_mips.cc: Only use the perf opcode on mips arches
that support it. bz#1012232.
firefox-esr (52.3.0esr-1~deb8u2) jessie-security; urgency=medium
.
* js/src/jsmath.cpp: Add GETRANDOM_NR definition for powerpc and mips.
bz#1389281.
* media/libcubeb/tests/moz.build: Fixup workaround for binutil assertion on
mips.
firefox-esr (52.2.0esr-2) unstable; urgency=medium
.
* debian/upstream.mk:
- Consider testing/unstable as buster, which implies build depending on
system nspr, nss and sqlite again.
- Support DEB_DISTRIBUTION being bustersomething or sid.
Closes: #865650.
firefox-esr (52.2.0esr-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2017-16, also known as:
CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751,
CVE-2017-7752, CVE-2017-7754, CVE-2017-7756, CVE-2017-7757,
CVE-2017-7778, CVE-2017-7758, CVE-2017-7764, CVE-2017-5470.
.
* debian/rules, debian/control.in: Switch to GCC 4.8 on wheezy.
* debian/rules: Don't remove debian/control on clean. Thanks to
Emilio Pozuelo Monfort for those two changes for wheezy LTS support.
* debian/control.in: Bump nss build dependency.
* debian/control.in, debian/rules, debian/symbols.mk, debian/upstream.mk:
Rename the BACKPORT variable to DIST, and set it to "stretch" for
unstable/testing targetted builds.
* debian/rules: Normalize the system libraries used depending on the Debian
version.
firefox-esr (52.2.0esr-1~deb9u1) stretch-security; urgency=medium
.
* New upstream release.
* Fixes for mfsa2017-16, also known as:
CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751,
CVE-2017-7752, CVE-2017-7754, CVE-2017-7756, CVE-2017-7757,
CVE-2017-7778, CVE-2017-7758, CVE-2017-7764, CVE-2017-5470.
.
* debian/rules, debian/control.in: Switch to GCC 4.8 on wheezy.
* debian/rules: Don't remove debian/control on clean. Thanks to
Emilio Pozuelo Monfort for those two changes for wheezy LTS support.
* debian/control.in: Bump nss build dependency.
* debian/control.in, debian/rules, debian/symbols.mk, debian/upstream.mk:
Rename the BACKPORT variable to DIST, and set it to "stretch" for
unstable/testing targetted builds.
* debian/rules: Normalize the system libraries used depending on the Debian
version.
.
firefox-esr (52.1.0esr-1) experimental; urgency=medium
.
* New upstream release.
* Fixes for mfsa2017-12, also known as:
CVE-2017-5433, CVE-2017-5435, CVE-2017-5436, CVE-2017-5459,
CVE-2017-5466, CVE-2017-5434, CVE-2017-5432, CVE-2017-5460,
CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441,
CVE-2017-5442, CVE-2017-5464, CVE-2017-5443, CVE-2017-5444,
CVE-2017-5446, CVE-2017-5447, CVE-2017-5465, CVE-2017-5448,
CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5469,
CVE-2017-5445, CVE-2017-5449, CVE-2017-5451, CVE-2017-5462,
CVE-2017-5467, CVE-2017-5430, CVE-2017-5429.
.
firefox-esr (52.0.2esr-1) experimental; urgency=medium
.
* New upstream release.
* debian/browser.mozconfig.in, debian/mls.key: Enable geolocation using
Mozilla's Location Service. Closes: #726230.
.
* browser/app/profile/firefox.js: Use the Mozilla Location Service when
the Google Key is not there.
.
firefox-esr (52.0.1esr-1) experimental; urgency=medium
.
* New upstream release.
* Fix for mfsa2017-08, also known as CVE-2017-5428.
.
* debian/browser.mozconfig.in: Build with --enable-alsa. Closes: #857281.
.
firefox-esr (52.0esr-1) experimental; urgency=medium
.
* New upstream release.
* Fixes for mfsa2017-05, also known as:
CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5403,
CVE-2017-5404, CVE-2017-5406, CVE-2017-5407, CVE-2017-5410,
CVE-2017-5408, CVE-2017-5412, CVE-2017-5413, CVE-2017-5414,
CVE-2017-5415, CVE-2017-5416, CVE-2017-5417, CVE-2017-5426,
CVE-2017-5427, CVE-2017-5418, CVE-2017-5419, CVE-2017-5420,
CVE-2017-5405, CVE-2017-5421, CVE-2017-5422, CVE-2017-5399,
CVE-2017-5398.
.
* debian/control*:
- Bump nss and sqlite build dependencies.
- Build depend on libjsoncpp-dev.
* debian/rules:
- Update ICU_DATA_FILE version.
- Don't build against system sqlite until we have the right version in
Debian.
* debian/browser.lintian-overrides.in: Add a lintian override for NSPR and
NSS.
* debian/browser.install.in:
- Install chrome.manifest, libmozsandbox.so and minidump-analyzer.
- Remove browser/components.
.
* browser/installer/allowed-dupes.mn,
toolkit/mozapps/installer/find-dupes.py,
toolkit/mozapps/installer/packager.mk: Preprocess find-dupes exception
list. bz#1315309.
* config/system-headers, toolkit/crashreporter/jsoncpp/src/lib_json/moz.build,
toolkit/crashreporter/minidump-analyzer/moz.build: Build against system
libjsoncpp.
.
firefox (51.0.1-3) unstable; urgency=medium
.
* js/src/jit/mips-shared/Assembler-mips-shared.h,
js/src/jit/mips-shared/CodeGenerator-mips-shared.cpp,
js/src/jit/mips-shared/CodeGenerator-mips-shared.h,
js/src/jit/mips-shared/MacroAssembler-mips-shared-inl.h,
js/src/jit/mips-shared/MacroAssembler-mips-shared.cpp,
js/src/jit/mips-shared/MacroAssembler-mips-shared.h,
js/src/jit/mips32/MacroAssembler-mips32-inl.h,
js/src/jit/mips32/MacroAssembler-mips32.cpp,
js/src/jit/mips32/MacroAssembler-mips32.h,
js/src/jit/mips64/MacroAssembler-mips64-inl.h,
js/src/jit/mips64/MacroAssembler-mips64.cpp,
js/src/jit/mips64/MacroAssembler-mips64.h: Apply patch from
bz#1303688 hopefully fixing the FTBFS on mips*.
.
firefox (51.0.1-2) unstable; urgency=medium
.
* debian/symbols.mk:
- Better handle downloading symbols from packages with epochs.
- Don't filter file names when getting symbols.
- Add experimental buildd apt source for symbols download.
- Avoid apt-get download being re-run when the file is already there.
- Adjust DBGTYPE depending on package version, not whether it's a
backport.
- Only dump symbols for files of type application/x-sharedlib.
This covers binary executables too because they are PIE and
undistinguishable from shared libraries as a consequence.
* debian/rules:
- Add -fno-schedule-insns2 back. Closes: #854258.
- Build with -fno-schedule-insns on armel and armhf when building with
GCC6. Closes: #854640.
- Hack to disable --gc-sections when building NSS, working around bug
#844357 again. Should fix FTBFS on mips*.
* debian/browser.desktop.in, debian/rules: Followup for the StartupWMClass
changes in 51.0.1-1: Use the same name in desktop file and
application.ini RemotingName. Closes: #854397.
.
firefox (51.0.1-1) unstable; urgency=medium
.
* New upstream release.
.
* debian/browser.desktop.in:
- Use the application name as StartupWMClass in the desktop file.
Along the change to nsAppRunner.cpp, this prevents e.g. GNOME Shell
from making Firefox appear as Firefox ESR when both are used.
- Remove Encoding key from desktop file. Closes: #812493
* debian/rules: Remove -fno-schedule-insns2 and add -fno-lifetime-dse
when building with GCC6.
* debian/rules, debian/control*: Build with GCC6 on arm*.
Closes: #852009. AFAIK, that will lead to FTBFS on at least armhf,
but let's already see how it goes.
* debian/upstream.mk: Use pkg-info.mk to figure out source name and version.
Closes: #850720.
* debian/control*:
- Remove build dependency and suggest on libgnome*. It hasn't actually
been used for a long time. Closes: #850265.
- Bump Standards-Version to 3.9.8. No changes required.
- Bump libvpx build dependency.
* debian/rules: Resize the symbolic icon.
* Move the -l10n-all package to the metapackages section. Closes: #824784.
* debian/browser.postrm.in, debian/browser.preinst.in, debian/rules: Don't
install preinst and postrm at all for the firefox package.
* debian/symbols.apt.conf, debian/symbols.mk, debian/symbols.sources.list:
Add scripts to create symbols archive to upload to Mozilla crash servers.
* debian/browser-dev.links.in, debian/browser.install.in,
debian/browser.mozconfig.in, debian/control*, debian/make.mk, debian/rules:
Add more granularity as to what system libraries are used
and only disable NSPR/NSS until we have the right versions in Debian.
.
* gfx/2d/BorrowedContext.h, gfx/layers/composite/LayerManagerComposite.*,
gfx/layers/moz.build: Fix --disable-skia builds. bz#1319374.
* gfx/skia/moz.build: Build Skia NEON code on arm64.
* toolkit/xre/nsAppRunner.cpp: Set program name from the remoting name.
* config/recurse.mk: Work around race condition between building NSPR and
NSS. bz#1115944, bz#1315882.
.
firefox (51.0-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2017-01, also known as:
CVE-2017-5375, CVE-2017-5376, CVE-2017-5377, CVE-2017-5378,
CVE-2017-5379, CVE-2017-5380, CVE-2017-5390, CVE-2017-5389,
CVE-2017-5396, CVE-2017-5381, CVE-2017-5382, CVE-2017-5383,
CVE-2017-5384, CVE-2017-5385, CVE-2017-5386, CVE-2017-5391,
CVE-2017-5393, CVE-2017-5387, CVE-2017-5388, CVE-2017-5374,
CVE-2017-5373.
.
* debian/upstream.mk: Don't rely on FIREFOX_*_RELEASE tags to pull some
files to determine all source urls.
* debian/browser.bug-presubj.in: Add a note about submitting crash reports
upstream and pasting the url to Debian bug reports.
* debian/rules, debian/control*: Adjust rust build configure to new
upstream. It requires rustc >= 1.10 and cargo, the latter of which is
not available on arm64. Also depend on cargo >= 0.13, that doesn't access
the network with the Cargo.toml files in the source. Note rust code is
still not enabled unless building a beta release.
* debian/control*: Bump nspr, nss and sqlite build dependencies.
* debian/rules, debian/control: Use more embedded libraries until the
required versions of NSPR and NSS can be in unstable.
.
* build/moz.configure/rust.configure: Force use the i686 rust target.
* gfx/skia/skia/include/core/SkPreConfig.h: Generically set
SK_CPU_[BL]ENDIAN based on __BYTE_ORDER__ when available. bz#1319389.
.
firefox (50.1.0-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2016-95, also known as:
CVE-2016-9894, CVE-2016-9899, CVE-2016-9895, CVE-2016-9896,
CVE-2016-9897, CVE-2016-9898, CVE-2016-9900, CVE-2016-9904,
CVE-2016-9901, CVE-2016-9902, CVE-2016-9903, CVE-2016-9080,
CVE-2016-9893.
.
firefox (50.0.2-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2016-{91-92}, also known as:
CVE-2016-9078, CVE-2016-9079.
.
* widget/gtk/mozgtk/mozgtk.c: work around race in system Cairo's XShm usage.
bz#1271100.
.
firefox (50.0-3) unstable; urgency=medium
.
* media/libjpeg/simd/jsimd_mips.c: Pull libjpeg-turbo upstream fix for FTBFS
on mips.
* widget/gtk/mozgtk/gtk3/moz.build: Work around Debian bug #844357.
.
firefox (50.0-2) unstable; urgency=medium
.
* debian/rules: Use mach to run icu_source_data.py. This should fix FTBFS
on big endian platforms.
.
* js/src/jit/mips64/CodeGenerator-mips64.cpp: Fix
CodeGenerator::visitAsmSelectI64. bz#1290811.
.
firefox (50.0-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2016-{87,89} also known as:
CVE-2016-5287, CVE-2016-5288, CVE-2016-5296, CVE-2016-5292,
CVE-2016-5297, CVE-2016-9064, CVE-2016-9066, CVE-2016-9067,
CVE-2016-9068, CVE-2016-9075, CVE-2016-9077, CVE-2016-5291,
CVE-2016-9070, CVE-2016-9073, CVE-2016-9076, CVE-2016-9063,
CVE-2016-9071, CVE-2016-5289, CVE-2016-5290.
.
* debian/rules: Only generate configure files on nightlies, and use
client.mk to generate them instead of using autoconf manually (which,
while compatible, is wrong nowadays).
* debian/control*:
- Remove outdated alternative build dependencies.
- Bump sqlite and nss build dependency.
- Add build dependency on libx11-xcb-dev.
* debian/browser.mozconfig.in, debian/control*, debian/rules: Enable rust on
non-release/ESR.
* debian/browser.install.in: Add the EmojiOneMozilla font.
.
firefox (49.0-5) unstable; urgency=medium
.
* debian/rules:
- Don't install crashreporter files on arm64, where it's not built. Should
fix FTBFS on arm64.
- Ship a symbolic icon from the silhouette icon from branding.
Closes: #832297.
- Remove old workaround for GCC 4.5 on armel.
- Remove old workarounds for ia64.
- Remove GENSYMBOLS_FLAGS, which hasn't been used for 5 years.
- Remove CMP_AWK, which hasn't been used since xulrunner packages were
removed.
- Remove dh_builddeb override forcing xz compression, which is the default
since dpkg 1.15.6.
- Remove old workaround for ppc64.
- Disable both baseline JIT and ion on mips via prefs.
* debian/rules, debian/control: Re-enable Gtk+3 to see how it goes.
Closes: #832301.
.
* security/sandbox/linux/SandboxFilter.cpp: Allow media plugins to call
madvise with MADV_FREE. bz#1303813. Closes: #838911.
* js/src/jit/AtomicOperations.h: Fix crashes in AtomicOperations-none on
s390x. Should fix FTBFS on s390x.
.
firefox (49.0-4) unstable; urgency=medium
.
* debian/rules, dbeian/browser.install.in: Always install GMP clearkey.
Should fix FTBFSes on non-x86/x86-64, this time.
* debian/browser.js.in: Unset media.gmp-manager.url.override.
Closes: #838902.
* debian/compat, debian/control*: Bump debhelper compat and dependency to 9.
* debian/rules, debian/control*: Generate debug symbols debs when not
backporting.
* debian/browser.install.in, browser.mozconfig.in, debian/rules: Don't
disable the crash reporter.
.
firefox (49.0-3) unstable; urgency=medium
.
* debian/browser.desktop.in: Use the full path to the real Firefox
executable in the .desktop file. Closes: #832298
.
* toolkit/moz.configure: Ensure we don't enable Widevine unintentionally.
bz#1299694. Should fix FTBFSes on non-x86/x86-64.
.
firefox (49.0-2) unstable; urgency=medium
.
* debian/rules, debian/control*: Only force GCC 5 on arm when building for
stretch+.
* debian/browser.mozconfig.in, debian/browser.install.in, debian/rules:
Do not disable EME. Closes: #838478.
* debian/rules, debian/browser.install.in: Build and use big-endian ICU data
on big-endian architectures. Fixes FTBFS on big-endian architectures.
.
* build/autoconf/icu.m4: Allow to override ICU_DATA_FILE from the
environment.
* js/src/jit/mips-shared/MacroAssembler-mips-shared.cpp: OdinMonkey: MIPS:
Fix nop-jump patching code. bz#1277478. Fixes FTBFS on mips*el.
* media/libjpeg/moz.build: Fix CPU_ARCH test for libjpeg on mips. Fixes
FTBFS on mips.
.
firefox (49.0-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa-2016-85, also known as:
CVE-2016-2827, CVE-2016-5270, CVE-2016-5271, CVE-2016-5272,
CVE-2016-5273, CVE-2016-5276, CVE-2016-5274, CVE-2016-5277,
CVE-2016-5275, CVE-2016-5278, CVE-2016-5279, CVE-2016-5280,
CVE-2016-5281, CVE-2016-5282, CVE-2016-5283, CVE-2016-5284,
CVE-2016-5256, CVE-2016-5257.
.
* debian/control*, debian/rules: Compile with GCC 5 on testing/unstable
on arm* because of crashes when building with GCC 6. (FTBFS)
* debian/control*: Force build against libnss3-dev >= 2:3.26-2~, which fixed
its symbols file. Closes: #833719.
.
* build/gyp.mozbuild: Disable libyuv assembly on mips64. (FTBFS)
.
firefox (48.0-2) unstable; urgency=medium
.
* debian/rules: Build with -fno-schedule-insns2 and
-fno-delete-null-pointer-checks with GCC >= 6 because it miscompiles
Firefox. Closes: #836533.
.
firefox (48.0-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa-2016-{62-68,70-81,83-84}, also known as:
CVE-2016-2836, CVE-2016-2835, CVE-2016-2830, CVE-2016-2838,
CVE-2016-2839, CVE-2016-5251, CVE-2016-5252, CVE-2016-0718,
CVE-2016-5254, CVE-2016-5255, CVE-2016-5258, CVE-2016-5259,
CVE-2016-5260, CVE-2016-5261, CVE-2016-5262, CVE-2016-2837,
CVE-2016-5263, CVE-2016-5264, CVE-2016-5265, CVE-2016-5266,
CVE-2016-5268, CVE-2016-5250.
.
* debian/control*: Bump nss and sqlite build dependencies.
* debian/rules: Remove --build from configure invocation.
* debian/browser.mozconfig.in: s/NATIVE/SYSTEM/. The variables set for
--enable-system flags have changed upstream.
* debian/browser.install.in, debian/browser.links.in: Don't install webapprt
files, they are gone.
* debian/browser.install.in:
- Install ICU data file.
- libfreebl3 changed name.
- Take mozicon128.png from dist/firefox instead of dist/bin.
.
firefox (47.0.1-1) unstable; urgency=medium
.
* New upstream release.
.
firefox (47.0-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa-2016-{49-52,54,56-60}, also known as:
CVE-2016-2815, CVE-2016-2818, CVE-2016-2819, CVE-2016-2821,
CVE-2016-2822, CVE-2016-2825, CVE-2016-2828, CVE-2016-2829,
CVE-2016-2831, CVE-2016-2832, CVE-2016-2833.
.
* debian/rules: Read default toolkit from old-configure.in, but still keep
Gtk+3 disabled.
* debian/upstream.mk: Use l10n_changesets.txt from last candidate build for
L10N_REV.
.
firefox (46.0.1-1) unstable; urgency=medium
.
* New upstream release.
.
* debian/control*: Remove build dependencies that were only required for the
iceweasel branding.
* debian/control*, debian/browser.mozconfig.in: Remove configure flags and
build dependencies related to gnomevfs. They have been ignored for close
to a year.
* debian/browser.mozconfig.in:
- Remove configure flags explicitly enabling gio, it has been enabled by
default for more than 3 years.
- Remove --enable-svg, the option has been ignored for more than 5 years.
- Remove --enable-mathml, the option has been ignored for more than 4
years.
- Remove --enable-pango, the option has been ignored for 2 years.
- Remove --disable-pedantic, the option has been ignored for 3 years.
- Remove --disable-long-long-warning, the option has been ignored for
almost 5 years.
- Remove --disable-gnomeui, it is the default.
- Remove --disable-mochitest, the option has been ignored for more than 7
years.
- Remove --disable-debug, it is the default.
- Remove --enable-canvas, the option has been ignored for more than 6
years.
- Remove --disable-installer, the option has been ignored for close to 4
years.
- Remove --disable-javaxpcom, the option has been ignored for close to 5
years.
- Remove --disable-elf-dynstr-gc, the option has been ignored for more
than 2 years.
- Remove --enable-url-classifier, it is the default.
- Remove --with-user-appdir=.mozilla, it is the default.
- Remove --enable-single-profile, the option has been ignored for more
than 7 years.
- Remove --disable-profilesharing, the option has been ignored for more
than 7 years.
* debian/rules: Use the mach compare-locales command for l10n.
* debian/upstream.mk, debian/watch: Remove "mozilla.org" from path in
archive.mozilla.org urls.
* debian/upstream.mk: Don't use get a separate source tarball for
compare-locales. There is a copy in-tree that we now use.
* debian/browser.desktop.in, debian/control*, debian/rules: Allow to
distinguish between firefox and firefox-esr. Closes: #821952.
* debian/control, debian/rules: Disable Gtk+3 for now. Closes: #822807.
.
firefox (46.0-1) unstable; urgency=medium
.
* New upstream release.
* Fixes for mfsa2016-{39,42,44-48}, also known as:
CVE-2016-2807, CVE-2016-2806, CVE-2016-2804, CVE-2016-2811,
CVE-2016-2812, CVE-2016-2814, CVE-2016-2816, CVE-2016-2817,
CVE-2016-2808, CVE-2016-2820.
.
* debian/browser.install.in: Add ffmpeg vp9 libraries.
* debian/browser.lintian-overrides.in: Add a lintian override for
libmozavutil.so, which is not exactly libavutil.
* debian/control*: Bump nss and sqlite3 build dependencies.
* debian/browser.mozconfig.in, debian/control*, debian/rules: Remove
gstreamer dependencies and such, gstreamer support was removed upstream.
firefox-esr (52.1.0esr-1) experimental; urgency=medium
.
* New upstream release.
* Fixes for mfsa2017-12, also known as:
CVE-2017-5433, CVE-2017-5435, CVE-2017-5436, CVE-2017-5459,
CVE-2017-5466, CVE-2017-5434, CVE-2017-5432, CVE-2017-5460,
CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441,
CVE-2017-5442, CVE-2017-5464, CVE-2017-5443, CVE-2017-5444,
CVE-2017-5446, CVE-2017-5447, CVE-2017-5465, CVE-2017-5448,
CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5469,
CVE-2017-5445, CVE-2017-5449, CVE-2017-5451, CVE-2017-5462,
CVE-2017-5467, CVE-2017-5430, CVE-2017-5429.
firefox-esr (52.0.2esr-1) experimental; urgency=medium
.
* New upstream release.
* debian/browser.mozconfig.in, debian/mls.key: Enable geolocation using
Mozilla's Location Service. Closes: #726230.
.
* browser/app/profile/firefox.js: Use the Mozilla Location Service when
the Google Key is not there.
firefox-esr (52.0.1esr-1) experimental; urgency=medium
.
* New upstream release.
* Fix for mfsa2017-08, also known as CVE-2017-5428.
.
* debian/browser.mozconfig.in: Build with --enable-alsa. Closes: #857281.
firefox-esr (52.0esr-1) experimental; urgency=medium
.
* New upstream release.
* Fixes for mfsa2017-05, also known as:
CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5403,
CVE-2017-5404, CVE-2017-5406, CVE-2017-5407, CVE-2017-5410,
CVE-2017-5408, CVE-2017-5412, CVE-2017-5413, CVE-2017-5414,
CVE-2017-5415, CVE-2017-5416, CVE-2017-5417, CVE-2017-5426,
CVE-2017-5427, CVE-2017-5418, CVE-2017-5419, CVE-2017-5420,
CVE-2017-5405, CVE-2017-5421, CVE-2017-5422, CVE-2017-5399,
CVE-2017-5398.
.
* debian/control*:
- Bump nss and sqlite build dependencies.
- Build depend on libjsoncpp-dev.
* debian/rules:
- Update ICU_DATA_FILE version.
- Don't build against system sqlite until we have the right version in
Debian.
* debian/browser.lintian-overrides.in: Add a lintian override for NSPR and
NSS.
* debian/browser.install.in:
- Install chrome.manifest, libmozsandbox.so and minidump-analyzer.
- Remove browser/components.
.
* browser/installer/allowed-dupes.mn,
toolkit/mozapps/installer/find-dupes.py,
toolkit/mozapps/installer/packager.mk: Preprocess find-dupes exception
list. bz#1315309.
* config/system-headers, toolkit/crashreporter/jsoncpp/src/lib_json/moz.build,
toolkit/crashreporter/minidump-analyzer/moz.build: Build against system
libjsoncpp.
flatpak (0.8.7-2~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch
* Merge changelog from stretch-security
* debian/gbp.conf: Switch branch to debian/stretch
flatpak (0.8.7-1) unstable; urgency=high
.
* New upstream stable release
- Security: prevent deploying files with inappropriate permissions
(world-writable, setuid, etc.) (Closes: #865413)
- Security: make ~/.local/share/flatpak private to user to defend
against app vendors that might have released files with
inappropriate permissions in the past
- If an error occurs during pull, do not double-set an error,
which is considered to be invalid
- Increase some arbitrary timeouts in a test to make it more
reliable
flatpak (0.8.6-1) unstable; urgency=medium
.
* New upstream release
- Fix the return value type for filtered NameHasOwner() D-Bus calls
(upstream issue 817)
- Security hardening: Only export .desktop files, D-Bus session
services and icons, but not other files that an app might try to
export
- Allow remote repositories to specify a new GPG key (for key rollover)
or a new URL (for location migration) in their signed metadata
- Let KDE apps bind-mount ~/.config/kdeglobals into the sandbox:
+ Allow bind-mounting regular files in the XDG cache, config or data
directories, not just directories
+ Allow bind-mounting files in the XDG directories read-only, not
just read/write
- Close a race condition in app identification by portals
- Cope with a non-default WAYLAND_DISPLAY
- Cope with /tmp on the host being a symlink
- Clear TMPDIR in the sandbox, fixing sandboxed Spotify
- Add X-Flatpak=$app_id to exported .desktop files
so that the desktop environment can identify what will be launched
- Make the host's /etc/hosts and /etc/host.conf available in the sandbox,
fixing sandboxed Spotify
- Update Hungarian translation
fontforge (1:20161005~dfsg-4+deb9u1) stretch-security; urgency=high
.
* Import upstream patches fixing following CVE's
CVE-2017-11577, CVE-2017-11576, CVE-2017-11575, CVE-2017-11574,
CVE-2017-11572, CVE-2017-11571, CVE-2017-11569, CVE-2017-11568.
freeradius (3.0.12+dfsg-5+deb9u1) stretch-security; urgency=high
.
* Apply upstream patches:
fr-ad-001.patch
fr-gv-201.patch (CVE-2017-10978)
fr-gv-206.patch (CVE-2017-10983)
fr-gv-301.patch (CVE-2017-10984)
fr-gv-302.patch (CVE-2017-10985)
fr-gv-303.patch (CVE-2017-10986)
fr-gv-304.patch (CVE-2017-10987)
fr-gv-305.patch
(Closes: #868765)
freerdp (1.1.0~git20140921.1.440916e+dfsg1-13+deb9u2) stretch; urgency=medium
.
[ Bernhard Miklautz ]
* debian/patches:
+ Add 0009-enable-TLS-12.patch. Enable TLS 1+ support. (Closes: #871478).
freerdp (1.1.0~git20140921.1.440916e+dfsg1-13+deb9u1) stretch-security; urgency=high
.
[ Bernhard Miklautz ]
* debian/patches:
+ Add fix for CVE-2017-2834, CVE-2017-2835, CVE-2017-2836,
CVE-2017-2837, CVE-2017-2838, CVE-2017-2839 (Closes: #869880)
freexl (1.0.2-2+deb9u1) stretch-security; urgency=high
.
* Update branch in gbp.conf & Vcs-Git URL.
* Add upstream patch to fix CVE-2017-2923 & CVE-2017-2924.
(closes: #875690, #875691)
gdk-pixbuf (2.36.5-2+deb9u1) stretch-security; urgency=medium
.
* CVE-2017-2862
ghostscript (9.20~dfsg-3.2+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Bounds check the array allocations methods (CVE-2017-9835)
(Closes: #869907)
* Bounds check zone pointer in Ins_MIRP() (CVE-2017-9611) (Closes: #869917)
* Bounds check zone pointers in Ins_IP() (CVE-2017-9612) (Closes: #869916)
* Bounds check zone pointer in Ins_MDRP (CVE-2017-9726) (Closes: #869915)
* Make bounds check in gx_ttfReader__Read more robust (CVE-2017-9727)
(Closes: #869913)
* Bounds check Ins_JMPR (CVE-2017-9739) (Closes: #869910)
* Prevent trying to reloc a freed object (CVE-2017-11714) (Closes: #869977)
git (1:2.11.0-3+deb9u2) stretch-security; urgency=high
.
* Fix remote shell command execution via CVS protocol:
- git-shell: drop cvsserver support by default
- git-cvsserver: harden backtick captures against user input
* Avoid shell command injection in other commands as well:
- git-cvsimport: harden backtick captures against user input
- git-archimport: harden backtick captures against user input
.
Thanks to joernchen of Phenoelit for discovering, reporting, and
fixing this vulnerability, and to Junio C Hamano and Jeff King for
the fixes to related issues.
git (1:2.11.0-3+deb9u1) stretch-security; urgency=high
.
* Fix CVE-2017-1000117, arbitrary code execution issues via URLs:
- reject ssh hostname that begins with a dash
- add test for hostname starting with dash to the testsuite
- factor out "looks like command line option" check
- reject dashed arguments to $GIT_PROXY_COMMAND
- ssh:// and local URLs: reject path to repositories that look
like command line options
.
Thanks to Joern Schneeweisz of Recurity Labs for discovering this
vulnerability, Brian Neel at GitLab for reporting it to the Git
project, and Junio Hamano and Jeff King for writing the patches to
address it.
gnome-exe-thumbnailer (0.9.4-2+deb9u1) stretch; urgency=high
.
* Add patch switch-to-msiinfo.patch:
- Switch to msitools' msiinfo for ProductVersion fetching, replacing the
insecure VBScript-based parsing as described at
http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html
(Closes: #868705; LP: #651610; CVE-2017-11421)
* Add msitools to recommends; it is now used to fetch .msi version info.
* Add patch fix-version-label-readability.patch backported from
https://github.com/gnome-exe-thumbnailer/gnome-exe-thumbnailer/commit/1cf4df81836985d9660f950287232b3255ee17bb
to fix unreadable white-on-white text on version labels.
gnupg2 (2.1.18-8~deb9u1) stretch; urgency=medium
.
* Bugfix update for debian stretch point release.
.
gnupg2 (2.1.18-8) unstable; urgency=medium
.
* updated scdaemon fix from gniibe (Closes: #862032)
.
gnupg2 (2.1.18-7) unstable; urgency=medium
.
* scdaemon fixes from gniibe
* more upstream fixes (Closes: #854359, #854829)
* skip over missing signing keys (Closes: #834922)
* drop all skel files (Closes: #858082)
* Avoid spurious warnings when sharing a keybox with gpg >= 2.1.20
gnupg2 (2.1.18-7) unstable; urgency=medium
.
* scdaemon fixes from gniibe
* more upstream fixes (Closes: #854359, #854829)
* skip over missing signing keys (Closes: #834922)
* drop all skel files (Closes: #858082)
* Avoid spurious warnings when sharing a keybox with gpg >= 2.1.20
gnutls28 (3.5.8-5+deb9u3) stretch; urgency=medium
.
* 38_01-OCSP-check-the-subject-public-key-identifier-field-t.patch
38_02-OCSP-find_signercert-improved-DER-length-calculation.patch from
gnutls 3.5.14: Fix OCSP verification errors, especially with ecdsa
signatures.
https://gitlab.com/gnutls/gnutls/issues/223
Thanks to Nikos Mavrogiannopoulos for the suggestion.
gosa-plugin-mailaddress (0.99.5-2+deb9u1) stretch; urgency=medium
.
* debian/patches:
+ Add 0001_php-7-compat-fix-parent-constructor-calls.patch. Fix parent
constructor calls. (Closes: #869214).
* debian/control:
+ Update versioned D (gosa-plugin-mailaddress): gosa
(>= 2.7.4+reloaded2-12~). Reason: since rev 12, gosa in Debian uses the
new constructor API required for PHP 7.
gsoap (2.8.35-4+deb9u1) stretch; urgency=medium
.
* Fix for CVE-2017-9765
Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x
before 2.8.48, allows remote attackers to execute arbitrary code or cause
a denial of service (stack-based buffer overflow and application crash)
via a large XML document.
haveged (1.9.1-5+deb9u1) stretch; urgency=medium
.
* Start haveged.service after systemd-tmpfiles-setup.service has been run.
Many thanks to Jan Echternach for reporting the problem and suggesting
a fix. (Closes: #858134)
icedove (1:52.3.0-4~deb9u1) stretch-security; urgency=medium
.
[ Carsten Schoenert ]
* Rebuild for stretch-security
* [9e08bf9] debian/control: be more relaxed on Breaks for enigmail
icedove (1:52.3.0-4~deb8u2) jessie-security; urgency=medium
.
[ Guido Günther ]
* [6214253] Simplify endianess selection for ICU
icedove (1:52.3.0-4~deb8u1) jessie-security; urgency=medium
.
[ Carsten Schoenert ]
* Rebuild for jessie-security
* [7f05741] debian/control: be more relaxed on Breaks for enigmail
* [72e63f8] debian/mozconfig.default: stay on GTK2 toolkit for Jessie
(Closes: #871438, #870719)
icedove (1:52.3.0-3) unstable; urgency=medium
.
[ Carsten Schoenert ]
* [c08f005] rebuild patch queue from patch-queue branch
* [f658cab] debian/rules: enable verbose build for ICU
icedove (1:52.3.0-2) unstable; urgency=medium
.
[ Carsten Schoenert ]
* [d544a01] debian/rules: correct icu build sequence
icedove (1:52.3.0-1) unstable; urgency=medium
.
[ Carsten Schoenert ]
* [8e852be] New upstream version 52.3.0
Fixed CVE issues in upstream version 52.0 (MFSA 2017-20)
CVE-2017-7800: Use-after-free in WebSockets during disconnection
CVE-2017-7801: Use-after-free with marquee during window resizing
CVE-2017-7809: Use-after-free while deleting attached editor DOM node
CVE-2017-7784: Use-after-free with image observers
CVE-2017-7802: Use-after-free resizing image elements
CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM
CVE-2017-7786: Buffer overflow while painting non-displayable SVG
CVE-2017-7753: Out-of-bounds read with cached style data and
pseudo-elements
CVE-2017-7787: Same-origin policy bypass with iframes through page reloads
CVE-2017-7807: Domain hijacking through AppCache fallback
CVE-2017-7792: Buffer overflow viewing certificates with an extremely
long OID
CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher
CVE-2017-7791: Spoofing following page navigation with data: protocol and
modal alerts
CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP
protections
CVE-2017-7803: CSP containing 'sandbox' improperly applied
CVE-2017-7779: Memory safety bugs fixed in Firefox 55, Firefox ESR 52.3,
and Thunderbird 52.3
* [0b7243b] debian/rules: build icudt5*.dat on our own if needed
If we need to use the internal sources of ICU (triggered by
using --with-system-icu) we need to build the platform depended file
icudt*[b,l].dat before we can call the configure run.
This is needed as Mozilla only ships a precompiled little endian version
of the file icudt*.dat and all platforms with big endianness are failing
later due issues related to the wrong endianness.
* [1964469] debian/mozconfig.default: enable i18n on big endian
* [6b58ac5] debian/control: increase Standards-Version to 4.0.1
* [e59cf81] rebuild patch queue from patch-queue branch
removed patche(s) (applied upstream):
- fixes/Bug-1308908-Compare-the-whole-accessible-name-when-checki.patch
updated/refreshed patches (no changes):
- porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch
.
[ Simon Deziel ]
* [a574010] apparmor/usr.bin.thunderbird: small update to avoid noise
icedove (1:52.2.1-5) unstable; urgency=high
.
[ Carsten Schoenert ]
* [133a574] Use gcc-6 and g++-6 due broken GUI with GCC-7
The usage of the GCC-7 suite introduces a broken GUI currently that make
using thunderbird mostly impossible.
(Closes: #871629)
* [3ebacd1] d/rules: use DEB_* variables for entries from changelog
By using variables that are prepared by dpkg we don't need to manually
search for dates and versions. etc.
* [52c2b83] d/copyright: MPL-1.1 and MPL-2.0 now provided by common-licenses
Since policy 4.0.0 the two Mozilla related licenses are included and don't
need to be added extra.
* [3f37967] adjust X-Debian-Homepage to existing Thunderbird page
* [41b5c03] debian/control: increase Standards-Version to 4.0.0
* [e3c3994] mozconfig.default: use proper disabled options
* [2d4b846] debian/control: increase Breaks for enigmail version
(Closes: #869789)
.
[ John Paul Adrian Glaubitz ]
* [4879401] sh4: disable option --disable-pie (Closes: #867553)
.
[ Carsten Schoenert ]
* [2646f3f] autpkgtests: disable the idlTest.sh test case
icedove (1:52.2.1-4) unstable; urgency=medium
.
[ Guido Günther ]
* [04de899] Don't use different profile folder for jessie and wheezy
.
[ Carsten Schoenert ]
* [692d3ce] rebuild patch queue from patch-queue branch (Closes: #867013)
added patch (provided by Adrian):
- porting-alpha/FTBFS-alpha-adjust-some-source-to-prevent-build-issues.patch
removed patch:
- porting-hurd/FTBFS-hurd-adding-GNU-to-the-configure-platform-detection.patch
(wrong approach, the Python wrapper around configure isn't yet smart enough)
.
[ John Paul Adrian Glaubitz ]
* [5153ce2] mips: final fixups to prevent FTBFS
icedove (1:52.2.1-3) unstable; urgency=medium
.
[ John Paul Adrian Glaubitz ]
* [99b323a] d/mozconfig.default: fixups for --without-intl-api
icedove (1:52.2.1-2) unstable; urgency=medium
.
[ Carsten Schoenert ]
* [e8ce299] disabling ICU support on some big endian systems
This hack should enable at least successful building of all RC platforms
and needs to be solved in a not such agressive way without loosing ICU
support on the problematic platforms.
Thanks John Paul Adrian Glaubitz for catching the root of the issue.
* [a66e812] rebuild patch queue from patch-queue branch
Adding a small needed fix for getting mips* out od FTBFS. Also GNU/Hurd
should pass the configure script now.
icedove (1:52.2.1-1) unstable; urgency=medium
.
[ Guido Günther ]
* [4e87d6b] d/rules: Make sure DIST is not passed on to configure
.
[ Carsten Schoenert ]
* [35b84ef] rebuild patch queue from patch-queue branch
added patches:
- porting-mips/Fix-CPU_ARCH-test-for-libjpeg-on-mips.patch
- porting-s390x/FTBFS-s390x-Use-jit-none-AtomicOperations-sparc.h-on-s390.patch
(Closes: #864974)
* [c818874] New upstream version 52.2.1
(Closes: #861840)
* [8c776c9] Icedove2Thunderbird: add opt out for dialogue pop-up
(Closes: #860381)
icedove (1:52.2.0-1) unstable; urgency=medium
.
[ Christoph Goehre ]
* [9ebc11d] mozconfig.default: remove configure option
'--disable-methodjit' on armel
This options isn't alive any more and was forgotten to removed on the
previous upload.
[ Simon Deziel ]
* [d8e5d42] usr.bin.thunderbird: merge gpg(1) and gpg2 subprofiles
(Closes: #859179)
* [f18884e] usr.bin.thunderbird: allow accessing gpgconf in gpg subprofile
* [e73afbb] usr.bin.thunderbird: allow accessing any gpg2keys providers
.
[ Carsten Schoenert ]
* [066ddb9] mozconfig.default: switch back to internal libjpeg
Going back and using the libjpeg library that's shipped by Mozilla, the
system library probably provoking broken builds on various platforms.
As we prepare the uploads for (old-)stable-security we need to use the
internal libjpeg library at all.
* [ff92bfa] rebuild patch queue from patch-queue branch
modified patches:
- porting-m68k/Add-m68k-support-to-Thunderbird.patch
- porting-sh4/Add-sh4-support-to-Thunderbird.patch
(Closes: #859271, #859508)
* [0a89f76] New upstream version 52.2.0
Fixed CVE issues in upstream version 52.0 (MFSA 2017-17)
CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
CVE-2017-7749: Use-after-free during docshell reloading
CVE-2017-7750: Use-after-free with track elements
CVE-2017-7751: Use-after-free with content viewer listeners
CVE-2017-7752: Use-after-free with IME input
CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
CVE-2017-7756: Use-after-free and use-after-scope logging XHR header
errors
CVE-2017-7757: Use-after-free in IndexedDB
CVE-2017-7778: Vulnerabilities in the Graphite 2 library
CVE-2017-7758: Out-of-bounds read in Opus encoder
CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and
other unicode blocks
CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2,
and Thunderbird 52
* [e03380e] rebuild patch queue from patch-queue branch
modified patch:
- porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch
icedove (1:52.1.1-1) experimental; urgency=medium
.
[ Guido Günther ]
* [db8d0db] Tighten meta package dependencies
Be more strict on depends and add a version to all related
Thunderbird specific packages.
* [defb689] Copy-edit thunderbird-wrapper-helper.sh
* [54b35d4] Allow one to override the location of the wrapper-helper
Make $TB_HELPER more flexible and give the variable a default value, so a
user can override it with it's own.
* [a187364] dh-exec: avoid multiple spaces around filenames
* [a85bc7a] thunderbird-wrapper: robustness when sourcing helper
* [eee56ab] Drop replaces on packages no longer in any release
.
[ Carsten Schoenert ]
* [1d85980] rebuild patch queue from patch-queue branch
added patches:
- porting-mk68/Add-m68k-support-to-Thunderbird.patch
- porting-sparc64/Add-sparc64-support-to-Thunderbird.patch
(Closes: #859151, #859271)
* [2717849] tb-wrapper: call thunderbird starting with exec
(Closes: #858100)
* [8afa31b] d/gbp.conf: adjust upstream branch to new ESR version
* [43d2e70] New upstream version 52.1.1
Fixed CVE issues in upstream version 52.0 (MFSA 2017-09)
CVE-2017-5413: Segmentation fault during bidirectional operations
CVE-2017-5414: File picker can choose incorrect default directory
CVE-2017-5416: Null dereference crash in HttpChannel
CVE-2017-5426: Gecko Media Plugin sandbox is not started if seccomp-bpf
filter is running
CVE-2017-5418: Out of bounds read when parsing HTTP digest authorization
responses
CVE-2017-5419: Repeated authentication prompts lead to DOS attack
CVE-2017-5405: FTP response codes can cause use of uninitialized values
for ports
CVE-2017-5421: Print preview spoofing
CVE-2017-5422: DOS attack by using view-source: protocol repeatedly in one
hyperlink
CVE-2017-5399: Memory safety bugs fixed in Thunderbird 52
Fixed CVE issues in upstream version 52.1.0 (MFSA 2017-13)
CVE-2017-5433: Use-after-free in SMIL animation functions
CVE-2017-5435: Use-after-free during transaction processing in the editor
CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2
CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
CVE-2017-5459: Buffer overflow in WebGL
CVE-2017-5466: Origin confusion when reloading isolated data:text/html URLs
CVE-2017-5434: Use-after-free during focus handling
CVE-2017-5432: Use-after-free in text input selection
CVE-2017-5460: Use-after-free in frame selection
CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing
CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing
CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT
processing
CVE-2017-5441: Use-after-free with selection during scroll events
CVE-2017-5442: Use-after-free during style changes
CVE-2017-5464: Memory corruption with accessibility and DOM manipulation
CVE-2017-5443: Out-of-bounds write during BinHex decoding
CVE-2017-5444: Buffer overflow while parsing application/http-index-format
contents
CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with
incorrect data
CVE-2017-5447: Out-of-bounds read during glyph processing
CVE-2017-5465: Out-of-bounds read in ConvolvePixel
CVE-2016-10196: Vulnerabilities in Libevent library
CVE-2017-5454: Sandbox escape allowing file system read access through
file picker
CVE-2017-5469: Potential Buffer overflow in flex-generated code
CVE-2017-5445: Uninitialized values used while parsing
application/http-index-format content
CVE-2017-5449: Crash during bidirectional unicode manipulation with
animation
CVE-2017-5451: Addressbar spoofing with onblur event
CVE-2017-5462: DRBG flaw in NSS
CVE-2017-5467: Memory corruption when drawing Skia content
CVE-2017-5430: Memory safety bugs fixed in Firefox 53, Firefox ESR 52.1,
Thunderbird 52.1
CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9,
Firefox ESR 52.1, and Thunderbird 52.1
(Closes: #855344, #495372, #861480, #682208, #698244, #859909, #857593,
#837771)
* [de561ef] rebuild patch queue from patch-queue branch
added patches:
- debian-hacks/Allow-to-override-ICU_DATA_FILE-from-the-environment.patch
- debian-hacks/Build-against-system-libjsoncpp.patch
- debian-hacks/Don-t-build-testing-suites-and-stuff.patch
- debian-hacks/Force-use-the-i686-rust-target.patch
- fixes/Bug-1308908-Compare-the-whole-accessible-name-when-checki.patch
(Closes: #826325)
- porting-sh4/Add-sh4-support-to-Thunderbird.patch
(Closes: #859508)
removed patches (obsoleted by upstream changes):
- debian-hacks/Don-t-build-example-component.patch
- debian-hacks/fix-identification-of-ObjdirMismatchException.patch
- fixes/Bug-1245076-Don-t-include-mozalloc.h-from-the-cstdlib-wra.patch
- fixes/Bug-1273020-Add-missing-null-checks-in-ApplicationAccessi.patch
- fixes/Bug-1277295-Remove-obsolete-reference-to-storage-service-.patch
- fixes/Bug-1340724-fix-SMTP-server-name-output-in-SMTP-logging.-.patch
- fixes/Bug-497488-Implement-verify-mode-in-the-subscribe-dialog-.patch
- fixes/Bug-497488-RSS-feeds-with-an-invalid-certificate-fail-wit-1.patch
- fixes/Bug-497488-RSS-feeds-with-an-invalid-certificate-fail-wit.patch
- porting-arm64/Bug-1091515-Don-t-set-64KB-page-size-on-aarch64.-r-glandi.patch
- porting-kfreebsd-hurd/CrossProcessMutex.h-fix-build-on-kfreebsd-and-GNU-hurd.patch
- porting-kfreebsd-hurd/FTBFS-hurd-adding-the-HURD-platform-to-the-configure.patch
- porting-kfreebsd-hurd/correcting-file-inclusion-for-kfreebsd-and-hurd.patch
- porting-mips/Fix-build-error-in-MIPS-SIMD-when-compiling-with-mfp.patch
- porting-mips/libyuv_disable-mips-assembly-for-MIPS64.patch
- porting-powerpcspe/FTBFS-powerpcspe-disable-AltiVec-instructions.patch
- porting-sparc64/Add-sparc64-support-to-Thunderbird.patch
(unclear state, will be added later again)
- porting/Add-xptcall-support-for-SH4-processors.patch
(Closes: #859362)
- debian-hacks/Move-profile.patch
modified or adjusted patches:
- debian-hacks/changing-the-default-search-engine.patch
- debian-hacks/stop-configure-if-with-system-bz2-was-passed-but-no-.patch
- icedove-l10n/disable-extension-update-extension-is-managed-by-apt.patch
--> icedove-l10n/thunderbird-l10n-disable-external-extension-update.patch
(renamed to and modified due new languages)
- icedove/fix-installdir.patch
--> debian-hacks/Thunderbird-fix-installdir-for-icons.patch
* [684ad58] d/source.filter: update due upstream changes
* [d005649] debian/control: modify various B-D
* [7a8a98d] debian/rules: add some extra C*FLAGS
Adding '-fno-lifetime-dse' to not enable dead store elimination of
objects within their lifetime, some parts of the source is relying
on the persistent values of such objects.
Some other distributions as Ubuntu, Fedora and Arch e.g. use this flag too
(at least with ESR52) to prevent possible segfaults.
* [56f8f4b] debian/rules: adding hack to preserve correct config.status
* [fb500a6] mozconfig.default: remove no longer existing options
* [c9a3e60] mozconfig.default: some minor adjustments to configure options
* [f584857] mozconfig.default: enable GTK3 theme explicit
(Closes: #857593)
* [3cbe1fb] debian/control: add packages for *-dsb language
* [8317735] debian/control: add packages for *-hsb language
* [39d90c1] debian/control: add packages for *-kab language
* [82b4f50] debian/control: add missing packages for *-ast language
* [0edde96] debian/rules: include also l10n folder with 3 characters
* [47f17a4] lintian-overrides: modify the list for the js files to ignore
* [8872d34] debian/copyright: update after upstream changes
* [6755547] mozconfig.default: use some internal libraries
Use libicu-dev, libnspr4-dev, libnss3-dev, libsqlite3-dev from
shipped source as Stretch versions not recent enough.
* [5b04b32] thunderbird.install: pick up icu*.dat if around
* [edf24d7] debian/control: mark thunderbird-dbg as Multi-Arch: same
* [5d5392b] apparmor/usr.bin.thunderbird: update for version 52
(cherry-picked from upstream)
(Closes: #859179)
* [f49ad79] apparmor/usr.bin.thunderbird: grant access to commonly used
locations (cherry-picked from upstream)
* [510fd6f] debian/rules: install lightning-l10n files into correct place
* [d70ade4] lightning-l10n: adjust min/max version for ESR 52 cycle
With the new ESR version tweaking the extension version of l10n packages
for lightning > 52.0 and < 52.*.
* [c0dd18f] debian/rules: install icudt5*.dat file more flexible
* [b5136f7] autopkg: improve the output of idlTest.sh
* [7ac04f6] autopkg: add extra test icudatfileTest.sh
.
[ Christoph Goehre ]
* [13f5178] lintian-overrides: we build against internal nspr and nss
* [56bbf23] rebuild patch queue from patch-queue branch
added patches:
- porting-sparc64/Add-sparc64-support-to-Thunderbird.patch
(Closes: #859151)
modified patches:
- porting-mk68/Add-m68k-support-to-Thunderbird.patch
-> porting-m68k/Add-m68k-support-to-Thunderbird.patch (renamed)
* [6a7ef60] tests/idlTest.sh: remove duplicated 'done' output
* [42bf8e1] debian/rules: remove duplicate .so files in thunderbird-dev
* [5dc08bc] tests/soSymlinkTest.sh: check for symlinked .so files
imagemagick (8:6.9.7.4+dfsg-11+deb9u1) stretch-security; urgency=high
.
* Fix security bugs:
+ Previous CVE-2017-9144 fix was incomplete.
A crafted RLE image can trigger a crash because of incorrect
EOF handling in coders/rle.c
(Closes: #863126)
+ CVE-2017-10928:
A heap-based buffer over-read in the GetNextToken
function in token.c allows remote attackers to obtain
sensitive information from process memory or possibly have
unspecified other impact via a crafted SVG document
that is mishandled in the GetUserSpaceCoordinateValue
function in coders/svg.c.
(Closes: #867367).
+ CVE-2017-9500:
An assertion failure was found in the function
ResetImageProfileIterator, which allows attackers to cause
a denial of service via a crafted file.
(Closes: #867778).
+ CVE-2017-9501:
An assertion failure was found in the function LockSemaphoreInfo,
which allows attackers to cause a denial of service via a crafted
file.
(Closes: #867721).
+ CVE-2017-9440:
A memory leak was found in the function ReadPSDChannel
in coders/psd.c, which allows attackers to cause a denial
of service via a crafted file.
(Closes: 864273).
+ CVE-2017-9439:
A memory leak was found in the function ReadPDBImage in
coders/pdb.c, which allows attackers to cause a denial of
service via a crafted file.
(Closes: #864274).
+ CVE-2017-11188: CPU exhaustion in ReadDPXImage
Because dpx.file.image_offset is a unsigned int, it can be controlled
as large as 4294967295.
This will cause ImageMagick spend a lot of time to process a crafted
DPX imagefile, even if the imagefile is very small.
(Closes: #867806)
+ CVE-2017-11141: memory exhaustion in ReadMATImage
When identify MAT file, imagemagick will allocate memory to store data
in function ReadMATImage.
Modifying MAT's MATLAB_HDR field can cause ImageMagick to allocate
a anysize amount of memory, this may cause a memory exhaustion
(Closes: #868264)
+ CVE-2017-11170: memory exhaustion in ReadTGAImage
When identify VST file, imagemagick will allocate memory to store
data in function ReadTGAImage in coders/tga.c
using tga_info.bits_per_pixel field diretly from VST file without
checking in tga.c
By review the founction code, tga_info.bits_per_pixel max valid
value is 32.
On 32bit os, size_t one will be 32bit, so image->colors can be
overflow to 0.
On 64bit os, size_t one will be 64bit, so image->colors
can be large as 0x100000000(64GB).
(Closes: #868184)
+ Memory exhaustion in ReadCINImage
When identify CIN file that contains User defined data,
imagemagick will allocate memory to store the
data in function ReadCINImage in coders\inc.c
There is a security checking in the function SetImageExtent,
but it after memory allocation, so IM can not control the memory usage
(Closes: #867810)
+ CPU exhaustion in ReadRLEImage
A corrupted rle file could trigger a DOS
(Closes: #867808)
+ Memory leak in ReadDIBImage in dib.c
The ReadDIBImage function in dib.c allows attackers
to cause a denial of service (memory leak)
via a small crafted dib file.
(Closes: #867811)
+ Memory exhaustion in ReadDPXImage in dpx.c
When identify DPX file that contains user header data,
imagemagick will allocate memory to store the data in function
ReadDPXImage in coders\dpx.c
There is a security checking in the function SetImageExtent,
but it is too late, so IM can not control the memory usage.
(Closes: #867812)
+ Enable heap overflow check for stdin for mpc files
Enabling seekable streams is required to ensure checking
the blob size works when an image is streamed on stdin.
(Closes: #867896)
+ Assertion failure in WriteBlob
A crafted file revealed an assertion failure in blob.c.
(Closes: #867798)
+ Memory exhaustion in ReadEPTImage in ept.c
When identify EPT file , imagemagick will allocate memory
to store the data.
There is a security checking in the function SetImageExtent,
but it is not used in the allocation function,
so IM can not control the memory usage.
(Closes: #867821)
+ CPU exhaustion in ReadOneJNGImage
Due to lack of validation of PNG format, imagemagick could loop
2^32 in a CPU intensive loop.
(Closes: #867824, #867825).
+ CPU exhaustion in ReadOneDJVUImag
Due to lack of format validation, a crafted file will cause a
loop to run endless.
(Closes: #867826).
+ Zero pixel buffer
Avoid a data leak in case of incorrect file by clearing a buffer
(Closes: #867893).
+ memory leak in ReadMATImage in mat.c
The ReadMATImage function in mat.c allows attackers to cause a
denial of service (memory leak) via a small crafted mat file.
(Closes: #867823).
+ Avoid heap based overflow for jpeg
A corrupted jpeg file could trigger an heap overflow
(Closes: #867894).
+ Fix a memory leak in screenshot coder
(Closes: #867897)
ioquake3 (1.36+u20161101+dfsg1-2+deb9u1) stretch-security; urgency=medium
.
* Reference CVE-2017-6903 in previous changelog entry
* Add patch from upstream:
+ Address read buffer overflow in
MSG_ReadBits (CVE-2017-11721) (Closes: #870725)
+ Check buffer boundary exactly in MSG_WriteBits, instead of
potentially failing with a few bytes still available
iortcw (1.50a+dfsg1-3+deb9u1) stretch-security; urgency=medium
.
* d/p/security/All-Fix-improve-buffer-overflow-in-MSG_ReadBits-MSG_Write.patch:
Add patch (from ioquake3 via upstream) to fix a read buffer overflow
in MSG_ReadBits (CVE-2017-11721)
ipsec-tools (1:0.8.2+20140711-8+deb9u1) stable; urgency=medium
.
* Import NetBSD's patch to address CVE-2016-10396 (Closes: #867986)
irssi (1.0.2-1+deb9u2) stretch; urgency=high
.
* Security related update pulling upstream 5e26325317 (closes: 867598):
- Fix null pointer dereference (CVE-2017-10965)
- Fix use-after-free condition for nicklist (CVE-2017-10966)
kanatest (0.4.8-3+deb9u1) stretch; urgency=medium
.
* Team upload.
* Apply remove-DISABLE_DEPRECATED-flags.patch because those flags cause
implicit pointer conversion and thus a segmentation fault on startup.
(Closes: #868315)
kdepim (4:16.04.3-4~deb9u1) stretch; urgency=high
.
* Team upload.
.
[ Sandro Knauß ]
* Fix CVE-2017-9604: Send Later with Delay bypasses OpenPGP (Closes: #864804)
- Added upstream patch fix-CVE-2017-9604.patch
kf5-messagelib (4:16.04.3-3~deb9u1) stretch; urgency=high
.
* Team upload.
.
[ Sandro Knauß ]
* Fix CVE-2017-9604: Send Later with Delay bypasses OpenPGP (Closes: #864803)
- Added upstream patch fix-CVE-2017-9604.patch
krb5 (1.15-1+deb9u1) stretch; urgency=high
.
* CVE-2017-11368: Remote authenticated attackers can crash the KDC,
Closes: #869260
* Upstream patches to fix startup if getaddrinfo() returns a wildcard v6
address, and to fix handling of explicitly specified v4 wildcard
address; regression over previous versions, Closes: #860767
* Fix SRV lookups to respect udp_preference_limit, regression over
previous versions with OTP, Closes: #856307
lava-tool (0.21-1+deb9u1) stretch; urgency=medium
.
* Add missing dependency: python-simplejson. (Closes: #872782)
libgcrypt20 (1.7.6-2+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* ecc: Add input validation for X25519 [CVE-2017-0379]
Mitigate a local side-channel attack on Curve25519 dubbed "May the
Fourth be With You". (Closes: #873383)
libgd2 (2.2.4-2+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2017-6362: Double-free in gdImagePngPtr()
libgd2 (2.2.4-2+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2017-7890: Fix unitialized memory read vulnerability in GIF reading
(Closes: #869263)
libidn2-0 (0.16-1+deb9u1) stretch-security; urgency=high
.
* CVE-2017-14062: Fix integer overflow in decode_digit (Closes: #873902)
* Add myself to Uploaders:
libmspack (0.5-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload.
* Correct rejection of empty strings.
* Fix mis-handling of sys->read() errors in cabd_read_string()
(CVE-2017-11423) (Closes: #868956).
* Reject negative output length in SpanInfo (CVE-2017-6419)
(Closes: #871263).
libmspack (0.5-1+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload.
* Correct rejection of empty strings.
* Fix mis-handling of sys->read() errors in cabd_read_string()
(CVE-2017-11423) (Closes: #868956).
* Reject negative output length in SpanInfo (CVE-2017-6419)
(Closes: #871263).
libraw (0.17.2-6+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* New patch for fixing CVE-2017-6886 and CVE-2017-6887:
CVE-2017-6886_6887.patch
librsb (1.2.0-rc5-3+deb9u1) stretch; urgency=medium
.
* d/p/fix-numerical-computation.patch: New patch.
This minimal patch backports the fixes to a few severe bugs leading to
numerically wrong results. These bugs are fixed in the upstream
version 1.2.0-rc7.
Thanks to Michele Martone for the patch (Closes: #870137)
* Add unit test for numerical bug fixed in version 1.2.0-rc7.
Thanks to Michele Martone for the source file
libsolv (0.6.24-1+deb9u1) stretch; urgency=medium
.
* debian/control:
+ Fix typo in D (python3-solv): Change ${python:Depends} to
${python3:Depends}. Spotted by Adrian Bunk. (Closes: #867407).
libsoup2.4 (2.56.0-2+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix chunked decoding buffer overrun (CVE-2017-2885)
libwpd (0.10.1-5+deb9u1) stretch; urgency=medium
.
* debian/patches/libwpd-tdf112269.diff: backport patch to fix
CVE-2017-14226 (closes: #876001)
libxml2 (2.9.4+dfsg1-2.2+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Increase buffer space for port in HTTP redirect support (CVE-2017-7376)
Incorrect limit was used for port values. (Closes: #870865)
* Prevent unwanted external entity reference (CVE-2017-7375)
Missing validation for external entities in xmlParsePEReference.
(Closes: #870867)
* Fix handling of parameter-entity references (CVE-2017-9049, CVE-2017-9050)
- Heap-based buffer over-read in function xmlDictComputeFastKey
(CVE-2017-9049).
- Heap-based buffer over-read in function xmlDictAddString
(CVE-2017-9050).
(Closes: #863019, #863018)
* Fix buffer size checks in xmlSnprintfElementContent (CVE-2017-9047,
CVE-2017-9048)
- Buffer overflow in function xmlSnprintfElementContent (CVE-2017-9047).
- Stack-based buffer overflow in function xmlSnprintfElementContent
(CVE-2017-9048).
(Closes: #863022, #863021)
* Fix type confusion in xmlValidateOneNamespace (CVE-2017-0663)
Heap buffer overflow in xmlAddID. (Closes: #870870)
linux (4.9.51-1) stretch; urgency=medium
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.48
- [x86] i2c: ismt: Don't duplicate the receive length for block reads
- [x86] i2c: ismt: Return EMSGSIZE for block reads with bogus length
- crypto: algif_skcipher - only call put_page on referenced and used pages
- mm, uprobes: fix multiple free of ->uprobes_state.xol_area
- mm, madvise: ensure poisoned pages are removed from per-cpu lists
- ceph: fix readpage from fscache
- cpumask: fix spurious cpumask_of_node() on non-NUMA multi-node configs
- cpuset: Fix incorrect memory_pressure control file mapping
- CIFS: Fix maximum SMB2 header size
- lib/mpi: kunmap after finishing accessing buffer
- drm/ttm: Fix accounting error when fail to get pages for pool
- [armhf,arm64] kvm: Force reading uncached stage2 PGD
- epoll: fix race between ep_poll_callback(POLLFREE) and
ep_free()/ep_remove()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.49
- usb:xhci:Fix regression when ATI chipsets detected
- [armhf] USB: musb: fix external abort on suspend
- USB: core: Avoid race of async_completed() w/ usbdev_release()
- [x86] staging/rts5208: fix incorrect shift to extract upper nybble
- driver core: bus: Fix a potential double free
- ath10k: fix memory leak in rx ring buffer allocation
- Input: trackpoint - assume 3 buttons when buttons detection fails
- rtlwifi: rtl_pci_probe: Fix fail path of _rtl_pci_find_adapter
- dlm: avoid double-free on error path in dlm_device_{register,unregister}
- mwifiex: correct channel stat buffer overflows
- [s390x] mm: avoid empty zero pages for KVM guests to avoid postcopy hangs
- drm/nouveau/pci/msi: disable MSI on big-endian platforms by default
- scsi: sg: protect against races between mmap() and SG_SET_RESERVED_SIZE
- scsi: sg: recheck MMAP_IO request length with lock held
- [arm64] drm/bridge: adv7511: Use work_struct to defer hotplug handing to
out of irq context
- [arm64] drm/bridge: adv7511: Switch to using
drm_kms_helper_hotplug_event()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.50
- [armhf] mtd: nand: mxc: Fix mxc_v1 ooblayout
- nvme-fabrics: generate spec-compliant UUID NQNs
- btrfs: resume qgroup rescan on rw remount
- mm/memory.c: fix mem_cgroup_oom_disable() call missing
- ALSA: msnd: Optimize / harden DSP and MIDI loops
- [arm64] dts: marvell: armada-37xx: Fix GIC maintenance interrupt
- [armhf] 8692/1: mm: abort uaccess retries upon fatal signal
- NFS: Fix 2 use after free issues in the I/O code
- NFS: Sync the correct byte range during synchronous writes
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.51
- ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt()
- ipv6: add rcu grace period before freeing fib6_node
- macsec: add genl family module alias
- udp: on peeking bad csum, drop packets even if not at head
- qlge: avoid memcpy buffer overflow
- [x86] netvsc: fix deadlock betwen link status and removal
- cxgb4: Fix stack out-of-bounds read due to wrong size to t4_record_mbox()
- kcm: do not attach PF_KCM sockets to avoid deadlock
- Revert "net: phy: Correctly process PHY_HALTED in phy_stop_machine()"
- bridge: switchdev: Clear forward mark when transmitting packet
- Revert "net: use lib/percpu_counter API for fragmentation mem accounting"
- Revert "net: fix percpu memory leaks"
- gianfar: Fix Tx flow control deactivation
- vhost_net: correctly check tx avail during rx busy polling
- ip6_gre: update mtu properly in ip6gre_err
- ipv6: fix memory leak with multiple tables during netns destruction
- ipv6: fix typo in fib6_net_exit()
- sctp: fix missing wake ups in some situations
- ip_tunnel: fix setting ttl and tos value in collect_md mode
- f2fs: let fill_super handle roll-forward errors
- f2fs: check hot_data for roll-forward recovery
- [amd64] fsgsbase: Fully initialize FS and GS state in start_thread_common
- [amd64] fsgsbase: Report FSBASE and GSBASE correctly in core dumps
- [amd64] switch_to: Rewrite FS/GS switching yet again to fix AMD CPUs
- xfs: fix spurious spin_is_locked() assert failures on non-smp kernels
- xfs: push buffer of flush locked dquot to avoid quotacheck deadlock
- xfs: try to avoid blowing out the transaction reservation when bunmaping
a shared extent
- xfs: release bli from transaction properly on fs shutdown
- xfs: remove bli from AIL before release on transaction abort
- xfs: don't allow bmap on rt files
- xfs: free uncommitted transactions during log recovery
- xfs: free cowblocks and retry on buffered write ENOSPC
- xfs: don't crash on unexpected holes in dir/attr btrees
- xfs: check _btree_check_block value
- xfs: set firstfsb to NULLFSBLOCK before feeding it to _bmapi_write
- xfs: check _alloc_read_agf buffer pointer before using
- xfs: fix quotacheck dquot id overflow infinite loop
- xfs: fix multi-AG deadlock in xfs_bunmapi
- xfs: Fix per-inode DAX flag inheritance
- xfs: fix inobt inode allocation search optimization
- xfs: clear MS_ACTIVE after finishing log recovery
- xfs: don't leak quotacheck dquots when cow recovery
- iomap: fix integer truncation issues in the zeroing and dirtying helpers
- xfs: write unmount record for ro mounts
- xfs: toggle readonly state around xfs_log_mount_finish
- xfs: Properly retry failed inode items in case of error during buffer
writeback
- xfs: fix recovery failure when log record header wraps log end
- xfs: always verify the log tail during recovery
- xfs: fix log recovery corruption error due to tail overwrite
- xfs: handle -EFSCORRUPTED during head/tail verification
- xfs: stop searching for free slots in an inode chunk when there are none
- xfs: evict all inodes involved with log redo item
- xfs: check for race with xfs_reclaim_inode() in xfs_ifree_cluster()
- xfs: don't log dirty ranges for ordered buffers
- xfs: skip bmbt block ino validation during owner change
- xfs: move bmbt owner change to last step of extent swap
- xfs: disallow marking previously dirty buffers as ordered
- xfs: relog dirty buffers during swapext bmbt owner change
- xfs: disable per-inode DAX flag
- xfs: fix incorrect log_flushed on fsync
- xfs: don't set v3 xflags for v2 inodes
- xfs: open code end_buffer_async_write in xfs_finish_page_writeback
- md/raid5: release/flush io in raid5_do_work()
- ipv6: Fix may be used uninitialized warning in rt6_check
.
[ Ben Hutchings ]
* Fix regressions caused by fix for CVE-2016-7097 (Closes: #873026):
- ext4: preserve i_mode if __ext4_set_acl() fails
- ext4: Don't clear SGID when inheriting ACLs
* [mips{,64}el/loongson-3] Add support for Loongson-3A/B 3000 CPUs, thanks to
YunQiang Su (Closes: #871701):
- Add Loongson-3A R3 basic support
- Add NMI handler support
- Support 4 packages in CPU Hwmon driver
- IRQ balancing for PCI devices
- support irq_set_affinity() in i8259 chip
- Make enum loongson_cpu_type more clear
* [ppc64el] Invalidate ERAT on powersave wakeup for POWER9, thanks to
Michael Neuling (Closes: #868887)
* ip6_fib: Avoid ABI change in 4.9.51
* inet_frag: Limit ABI change in 4.9.51
* nfs: Ignore ABI change in 4.9.50
linux (4.9.47-1) stretch; urgency=medium
.
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.31
- driver: vrf: Fix one possible use-after-free issue
- [s390x] qeth: handle sysfs error during initialization
- [s390x] qeth: unbreak OSM and OSN support
- [s390x] qeth: avoid null pointer dereference on OSN
- [s390x] qeth: add missing hash table initializations
- [arm64] bpf: fix faulty emission of map access in tail calls
- netem: fix skb_orphan_partial()
- net: fix compile error in skb_orphan_partial()
- tcp: avoid fragmenting peculiar skbs in SACK
- sctp: fix src address selection if using secondary addresses for ipv6
- net/packet: fix missing net_device reference release
- net/mlx5e: Use the correct pause values for ethtool advertising
- net/mlx5e: Fix ethtool pause support and advertise reporting
- tcp: eliminate negative reordering in tcp_clean_rtx_queue
- net: Improve handling of failures on link and route dumps
- bridge: netlink: check vlan_default_pvid range
- qmi_wwan: add another Lenovo EM74xx device ID
- bridge: start hello_timer when enabling KERNEL_STP in br_stp_start
- bonding: fix accounting of active ports in 3ad
- net/mlx5: Avoid using pending command interface slots
- net: phy: marvell: Limit errata to 88m1101
- vlan: Fix tcp checksum offloads in Q-in-Q vlans
- be2net: Fix offload features for Q-in-Q packets
- virtio-net: enable TSO/checksum offloads for Q-in-Q vlans
- tcp: avoid fastopen API to be used on AF_UNSPEC
- sctp: fix ICMP processing if skb is non-linear
- ipv4: add reference counting to metrics
- bpf: add bpf_clone_redirect to bpf_helper_changes_pkt_data
- fs/ufs: Set UFS default maximum bytes per file
- [powerpc*] spufs: Fix hash faults for kernel regions
- drivers/tty: 8250: only call fintek_8250_probe when doing port I/O
- i2c: i2c-tiny-usb: fix buffer not being DMA capable
- [x86] MCE: Export memory_error()
- acpi, nfit: Fix the memory error check in nfit_handle_mce()
- Revert "ACPI / button: Change default behavior to lid_init_state=open"
- mmc: sdhci-iproc: suppress spurious interrupt with Multiblock read
- iscsi-target: Always wait for kthread_should_stop() before kthread exit
- ibmvscsis: Clear left-over abort_cmd pointers
- ibmvscsis: Fix the incorrect req_lim_delta
- HID: wacom: Have wacom_tpc_irq guard against possible NULL dereference
- nvme-rdma: support devices with queue size < 32
- nvme: use blk_mq_start_hw_queues() in nvme_kill_queues()
- nvme: avoid to use blk_mq_abort_requeue_list()
- scsi: mpt3sas: Force request partial completion alignment
- drm/radeon/ci: disable mclk switching for high refresh rates (v2)
- drm/radeon: Unbreak HPD handling for r600+
- drm/radeon: Fix vram_size/visible values in DRM_RADEON_GEM_INFO ioctl
- pcmcia: remove left-over %Z format
- ALSA: hda - apply STAC_9200_DELL_M22 quirk for Dell Latitude D430
- mm/migrate: fix refcount handling when !hugepage_migration_supported()
- mlock: fix mlock count can not decrease in race condition
- mm: consider memblock reservations for deferred memory initialization
sizing
- RDMA/qib,hfi1: Fix MR reference count leak on write with immediate
- [x86] boot: Use CROSS_COMPILE prefix for readelf
- ksm: prevent crash after write_protect_page fails
- slub/memcg: cure the brainless abuse of sysfs attributes
- mm/slub.c: trace free objects at KERN_INFO
- [x86] drm/gma500/psb: Actually use VBT mode when it is found
- xfs: Fix missed holes in SEEK_HOLE implementation
- xfs: use ->b_state to fix buffer I/O accounting release race
- xfs: fix off-by-one on max nr_pages in xfs_find_get_desired_pgoff()
- xfs: verify inline directory data forks
- xfs: rework the inline directory verifiers
- xfs: fix kernel memory exposure problems
- xfs: use dedicated log worker wq to avoid deadlock with cil wq
- xfs: fix over-copying of getbmap parameters from userspace
- xfs: actually report xattr extents via iomap
- xfs: drop iolock from reclaim context to appease lockdep
- xfs: fix integer truncation in xfs_bmap_remap_alloc
- xfs: handle array index overrun in xfs_dir2_leaf_readbuf()
- xfs: prevent multi-fsb dir readahead from reading random blocks
- xfs: fix up quotacheck buffer list error handling
- xfs: support ability to wait on new inodes
- xfs: update ag iterator to support wait on new inodes
- xfs: wait on new inodes during quotaoff dquot release
- xfs: reserve enough blocks to handle btree splits when remapping
- xfs: fix use-after-free in xfs_finish_page_writeback
- xfs: fix indlen accounting error on partial delalloc conversion
- xfs: BMAPX shouldn't barf on inline-format directories
- xfs: bad assertion for delalloc an extent that start at i_size
- xfs: xfs_trans_alloc_empty
- xfs: avoid mount-time deadlock in CoW extent recovery
- xfs: fix unaligned access in xfs_btree_visit_blocks
- xfs: Fix off-by-in in loop termination in xfs_find_get_desired_pgoff()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.32
- bnx2x: Fix Multi-Cos
- vxlan: eliminate cached dst leak
- cxgb4: avoid enabling napi twice to the same queue
- tcp: disallow cwnd undo when switching congestion control
- vxlan: fix use-after-free on deletion
- net: ping: do not abuse udp_poll()
- net/ipv6: Fix CALIPSO causing GPF with datagram support
- net: ethoc: enable NAPI before poll may be scheduled
- net: stmmac: fix completely hung TX when using TSO
- net: bridge: start hello timer only if device is up
- serial: ifx6x60: fix use-after-free on module unload
- ptrace: Properly initialize ptracer_cred on fork
- crypto: asymmetric_keys - handle EBUSY due to backlog correctly
- KEYS: fix dereferencing NULL payload with nonzero length
- KEYS: fix freeing uninitialized memory in key_update()
- KEYS: encrypted: avoid encrypting/decrypting stack buffers
- crypto: drbg - wait for crypto op not signal safe
- crypto: gcm - wait for crypto op not signal safe
- drm/amdgpu/ci: disable mclk switching for high refresh rates (v2)
- nfsd4: fix null dereference on replay
- nfsd: Fix up the "supattr_exclcreat" attributes
- efi: Don't issue error message when booted under Xen
- kvm: async_pf: fix rcu_irq_enter() with irqs enabled
- [x86] KVM: cpuid: Fix read/write out-of-bounds vulnerability in cpuid
emulation
- [arm64] KVM: Preserve RES1 bits in SCTLR_EL2
- [arm64] KVM: Allow unaligned accesses at EL2
- [armhf] KVM: Allow unaligned accesses at HYP
- KVM: async_pf: avoid async pf injection when in guest mode
- [armhf,arm64] KVM: vgic-v3: Do not use Active+Pending state for a HW
interrupt
- [armhf,arm64] KVM: vgic-v2: Do not use Active+Pending state for a HW
interrupt
- dmaengine: usb-dmac: Fix DMAOR AE bit definition
- dmaengine: ep93xx: Always start from BASE0
- dmaengine: ep93xx: Don't drain the transfers in terminate_all()
- dmaengine: mv_xor_v2: handle mv_xor_v2_prep_sw_desc() error properly
- dmaengine: mv_xor_v2: properly handle wrapping in the array of HW
descriptors
- dmaengine: mv_xor_v2: do not use descriptors not acked by async_tx
- dmaengine: mv_xor_v2: enable XOR engine after its configuration
- dmaengine: mv_xor_v2: fix tx_submit() implementation
- dmaengine: mv_xor_v2: remove interrupt coalescing
- dmaengine: mv_xor_v2: set DMA mask to 40 bits
- cfq-iosched: fix the delay of cfq_group's vdisktime under iops mode
- xen/privcmd: Support correctly 64KB page granularity when mapping memory
- ext4: fix SEEK_HOLE
- ext4: keep existing extra fields when inode expands
- ext4: fix data corruption with EXT4_GET_BLOCKS_ZERO
- ext4: fix fdatasync(2) after extent manipulation operations
- drm: Fix oops + Xserver hang when unplugging USB drm devices
- usb: gadget: f_mass_storage: Serialize wake and sleep execution
- usb: chipidea: udc: fix NULL pointer dereference if udc_start failed
- usb: chipidea: debug: check before accessing ci_role
- staging/lustre/lov: remove set_fs() call from lov_getstripe()
- iio: adc: bcm_iproc_adc: swap primary and secondary isr handler's
- iio: light: ltr501 Fix interchanged als/ps register field
- iio: proximity: as3935: fix AS3935_INT mask
- iio: proximity: as3935: fix iio_trigger_poll issue
- mei: make sysfs modalias format similar as uevent modalias
- cpufreq: cpufreq_register_driver() should return -ENODEV if init fails
- target: Re-add check to reject control WRITEs with overflow data
- [arm64] drm/msm: Expose our reservation object when exporting a dmabuf.
- ahci: Acer SA5-271 SSD Not Detected Fix
- cgroup: Prevent kill_css() from being called more than once
- Input: elantech - add Fujitsu Lifebook E546/E557 to force crc_enabled
- cpuset: consider dying css as offline
- fs: add i_blocksize()
- ufs: restore proper tail allocation
- fix ufs_isblockset()
- ufs: restore maintaining ->i_blocks
- ufs: set correct ->s_maxsize
- ufs_extend_tail(): fix the braino in calling conventions of
ufs_new_fragments()
- ufs_getfrag_block(): we only grab ->truncate_mutex on block creation path
- cxl: Fix error path on bad ioctl
- cxl: Avoid double free_irq() for psl,slice interrupts
- btrfs: use correct types for page indices in btrfs_page_exists_in_range
- btrfs: fix memory leak in update_space_info failure path
- [armhf,arm64] KVM: Handle possible NULL stage2 pud when ageing pages
- scsi: qla2xxx: don't disable a not previously enabled PCI device
- scsi: qla2xxx: Modify T262 FW dump template to specify same start/end to
debug customer issues
- scsi: qla2xxx: Set bit 15 for DIAG_ECHO_TEST MBC
- scsi: qla2xxx: Fix mailbox pointer error in fwdump capture
- [powerpc*] sysdev/simple_gpio: Fix oops in gpio save_regs function
- [powerpc*] numa: Fix percpu allocations to be NUMA aware
- [powerpc*] hotplug-mem: Fix missing endian conversion of aa_index
- [powerpc*] kernel: Fix FP and vector register restoration
(Closes: #868902)
- [powerpc*] kernel: Initialize load_tm on task creation
- [x86] drm/vmwgfx: Handle vmalloc() failure in vmw_local_fifo_reserve()
- drm/nouveau/tmr: fully separate alarm execution/pending lists
- ALSA: timer: Fix race between read and ioctl (CVE-2017-1000380)
- ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT
(CVE-2017-1000380)
- ASoC: Fix use-after-free at card unregistration
- cpu/hotplug: Drop the device lock on error
- drivers: char: mem: Fix wraparound check to allow mappings up to the end
- serial: sh-sci: Fix panic when serial console and DMA are enabled
- [arm64] traps: fix userspace cache maintenance emulation on a tagged
pointer
- [arm64] hw_breakpoint: fix watchpoint matching for tagged pointers
- [arm64] entry: improve data abort handling of tagged pointers
- [armel,armhf] 8637/1: Adjust memory boundaries after reservations
- usercopy: Adjust tests to deal with SMAP/PAN
- [x86] drm/i915/vbt: don't propagate errors from intel_bios_init()
- [x86] drm/i915/vbt: split out defaults that are set when there is no VBT
- cpufreq: schedutil: move cached_raw_freq to struct sugov_policy
- cpufreq: schedutil: Fix per-CPU structure initialization in sugov_start()
- netfilter: nft_set_rbtree: handle element re-addition after deletion
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.33
- PCI/PM: Add needs_resume flag to avoid suspend complete optimization
- [x86] drm/i915: Prevent the system suspend complete optimization
- partitions/msdos: FreeBSD UFS2 file systems are not recognized
- netfilter: nf_conntrack_sip: fix wrong memory initialisation
- ibmvnic: Fix endian errors in error reporting output
- ibmvnic: Fix endian error when requesting device capabilities
- net: xilinx_emaclite: fix freezes due to unordered I/O
- net: xilinx_emaclite: fix receive buffer overflow
- tcp: tcp_probe: use spin_lock_bh()
- ipv6: Handle IPv4-mapped src to in6addr_any dst.
- ipv6: Inhibit IPv4-mapped src address on the wire.
- tipc: Fix tipc_sk_reinit race conditions
- gfs2: Use rhashtable walk interface in glock_hash_walk
- NET: Fix /proc/net/arp for AX.25
- ibmvnic: Call napi_disable instead of napi_enable in failure path
- ibmvnic: Initialize completion variables before starting work
- NET: mkiss: Fix panic
- net: hns: Fix the device being used for dma mapping during TX
- sierra_net: Skip validating irrelevant fields for IDLE LSIs
- sierra_net: Add support for IPv6 and Dual-Stack Link Sense Indications
- i2c: piix4: Request the SMBUS semaphore inside the mutex
- i2c: piix4: Fix request_region size
- [powerpc*] powernv: Properly set "host-ipi" on IPIs
- kernel/ucount.c: mark user_header with kmemleak_ignore()
- net: thunderx: Fix PHY autoneg for SGMII QLM mode
- ipv6: addrconf: fix generation of new temporary addresses
- vfio/spapr_tce: Set window when adding additional groups to container
- ipv6: Fix IPv6 packet loss in scenarios involving roaming + snooping
switches
- PM / runtime: Avoid false-positive warnings from might_sleep_if()
- jump label: pass kbuild_cflags when checking for asm goto support
- shmem: fix sleeping from atomic context
- kasan: respect /proc/sys/kernel/traceoff_on_warning
- log2: make order_base_2() behave correctly on const input value zero
- ethtool: do not vzalloc(0) on registers dump
- net: phy: Fix lack of reference count on PHY driver
- net: phy: Fix PHY module checks and NULL deref in phy_attach_direct()
- net: fix ndo_features_check/ndo_fix_features comment ordering
- fscache: Fix dead object requeue
- fscache: Clear outstanding writes when disabling a cookie
- FS-Cache: Initialise stores_lock in netfs cookie
- ipv6: fix flow labels when the traffic class is non-0
- drm/nouveau: prevent userspace from deleting client object
- drm/nouveau/fence/g84-: protect against concurrent access to semaphore
buffers
- net/mlx4_core: Avoid command timeouts during VF driver device shutdown
- gianfar: synchronize DMA API usage by free_skb_rx_queue w/ gfar_new_page
- [x86] pinctrl: baytrail: Rectify debounce support (part 2)
- cec: fix wrong last_la determination
- drm: prevent double-(un)registration for connectors
- drm: Don't race connector registration
- net: adaptec: starfire: add checks for dma mapping errors
- [x86] drm/i915: Check for NULL i915_vma in intel_unpin_fb_obj()
- net/mlx5: E-Switch, Err when retrieving steering name-space fails
- net/mlx5: Return EOPNOTSUPP when failing to get steering name-space
- net: phy: micrel: add support for KSZ8795
- gtp: add genl family modules alias
- drm/nouveau: Intercept ACPI_VIDEO_NOTIFY_PROBE
- drm/nouveau: Rename acpi_work to hpd_work
- drm/nouveau: Handle fbcon suspend/resume in seperate worker
- drm/nouveau: Don't enabling polling twice on runtime resume
- drm/nouveau: Fix drm poll_helper handling
- drm/ast: Fixed system hanged if disable P2A
- ravb: unmap descriptors when freeing rings
- nfs: Fix "Don't increment lock sequence ID after NFS4ERR_MOVED"
- nvmet-rdma: Fix missing dma sync to nvme data structures
- r8152: avoid start_xmit to call napi_schedule during autosuspend
- r8152: check rx after napi is enabled
- r8152: re-schedule napi for tx
- r8152: fix rtl8152_post_reset function
- r8152: avoid start_xmit to schedule napi when napi is disabled
- bnxt_en: Fix bnxt_reset() in the slow path task.
- bnxt_en: Enhance autoneg support.
- bnxt_en: Fix RTNL lock usage on bnxt_update_link().
- bnxt_en: Fix RTNL lock usage on bnxt_get_port_module_status().
- sctp: sctp gso should set feature with NETIF_F_SG when calling skb_segment
- sctp: sctp_addr_id2transport should verify the addr before looking up
assoc
- usb: musb: Fix external abort on non-linefetch for musb_irq_work()
- romfs: use different way to generate fsid for BLOCK or MTD
- frv: add atomic64_add_unless()
- frv: add missing atomic64 operations
- proc: add a schedule point in proc_pid_readdir()
- userfaultfd: fix SIGBUS resulting from false rwsem wakeups
- kernel/watchdog.c: move hardlockup detector to separate file
- kernel/watchdog.c: move shared definitions to nmi.h
- kernel/watchdog: prevent false hardlockup on overloaded system
- [x86] vhost/vsock: handle vhost_vq_init_access() error
- tipc: ignore requests when the connection state is not CONNECTED
- tipc: fix connection refcount error
- tipc: add subscription refcount to avoid invalid delete
- tipc: fix nametbl_lock soft lockup at node/link events
- netfilter: nf_tables: fix set->nelems counting with no NLM_F_EXCL
- netfilter: nft_log: restrict the log prefix length to 127
- RDMA/qedr: Dispatch port active event from qedr_add
- RDMA/qedr: Fix and simplify memory leak in PD alloc
- RDMA/qedr: Don't reset QP when queues aren't flushed
- RDMA/qedr: Don't spam dmesg if QP is in error state
- RDMA/qedr: Return max inline data in QP query result
- [s390x] kvm: do not rely on the ILC on kvm host protection fauls
- [x86] drm/i915: Workaround VLV/CHV DSI scanline counter hardware fail
- [x86] drm/i915: Always recompute watermarks when distrust_bios_wm is set,
v2.
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.34
- fs: pass on flags in compat_writev
- configfs: Fix race between create_link and configfs_rmdir
- can: gs_usb: fix memory leak in gs_cmd_reset()
- ila_xlat: add missing hash secret initialization
- cpufreq: conservative: Allow down_threshold to take values from 1 to 10
- vb2: Fix an off by one error in 'vb2_plane_vaddr'
- mac80211: don't look at the PM bit of BAR frames
- mac80211/wpa: use constant time memory comparison for MACs
- drm/amdgpu: Fix overflow of watermark calcs at > 4k resolutions.
- [x86] drm/i915: Fix GVT-g PVINFO version compatibility check
- usb: musb: dsps: keep VBUS on for host-only mode
- mac80211: fix CSA in IBSS mode
- mac80211: fix packet statistics for fast-RX
- mac80211: fix IBSS presp allocation size
- mac80211: strictly check mesh address extension mode
- mac80211: fix dropped counter in multiqueue RX
- mac80211: don't send SMPS action frame in AP mode when not needed
- [armhf,arm64] drm/vc4: Fix OOPSes from trying to cache a partially
constructed BO.
- serial: efm32: Fix parity management in 'efm32_uart_console_get_options()'
- serial: sh-sci: Fix late enablement of AUTORTS
- [i386] mm: Set the '__vmalloc_start_set' flag in initmem_init()
- mfd: omap-usb-tll: Fix inverted bit use for USB TLL mode
- staging: rtl8188eu: prevent an underflow in rtw_check_beacon_data()
- staging: iio: tsl2x7x_core: Fix standard deviation calculation
- iio: st_pressure: Fix data sign
- iio: proximity: as3935: recalibrate RCO after resume
- iio: adc: ti_am335x_adc: allocating too much in probe
- IB/mlx5: Fix kernel to user leak prevention logic
- usb: gadget: udc: renesas_usb3: fix pm_runtime functions calling
- usb: gadget: udc: renesas_usb3: fix deadlock by spinlock
- usb: gadget: udc: renesas_usb3: lock for PN_ registers access
- USB: hub: fix SS max number of ports
- usb: core: fix potential memory leak in error path during hcd creation
- USB: usbip: fix nonconforming hub descriptor
- pvrusb2: reduce stack usage pvr2_eeprom_analyze()
- USB: gadget: dummy_hcd: fix hub-descriptor removable fields
- usb: r8a66597-hcd: select a different endpoint on timeout
- usb: r8a66597-hcd: decrease timeout
- ath10k: fix napi crash during rmmod when probe firmware fails
- misc: mic: double free on ioctl error path
- drivers/misc/c2port/c2port-duramar2150.c: checking for NULL instead of
IS_ERR()
- usb: xhci: Fix USB 3.1 supported protocol parsing
- usb: xhci: ASMedia ASM1042A chipset need shorts TX quirk
- USB: gadget: fix GPF in gadgetfs
- USB: gadgetfs, dummy-hcd, net2280: fix locking for callbacks
- mm/memory-failure.c: use compound_head() flags for huge pages
- swap: cond_resched in swap_cgroup_prepare()
- iio: imu: inv_mpu6050: add accel lpf setting for chip >= MPU6500
- sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off()
- genirq: Release resources in __setup_irq() error path
- alarmtimer: Prevent overflow of relative timers
- usb: gadget: composite: Fix function used to free memory
- usb: dwc3: exynos fix axius clock error path to do cleanup
- [mips*] Fix bnezc/jialc return address calculation
- [mips*] .its targets depend on vmlinux
- vTPM: Fix missing NULL check
- alarmtimer: Rate limit periodic intervals
- Allow stack to grow up to address space limit
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.35
- clk: sunxi-ng: a31: Correct lcd1-ch1 clock register offset
- xen/blkback: fix disconnect while I/Os in flight
- ALSA: firewire-lib: Fix stall of process context at packet error
- ALSA: pcm: Don't treat NULL chmap as a fatal error
- [powerpc*] perf: Fix oops when kthread execs user process
- autofs: sanity check status reported with AUTOFS_DEV_IOCTL_FAIL
- lib/cmdline.c: fix get_options() overflow while parsing ranges
- [x86] perf/intel: Add 1G DTLB load/store miss support for SKL
- [s390x] KVM: gaccess: fix real-space designation asce handling for gmap
shadows
- [powerpc*] KVM: Book3S HV: Preserve userspace HTM state properly
- [powerpc*] KVM: Book3S HV: Context-switch EBB registers properly
- CIFS: Improve readdir verbosity
- cxgb4: notify uP to route ctrlq compl to rdma rspq
- HID: Add quirk for Dell PIXART OEM mouse
- signal: Only reschedule timers on signals timers have sent
- [powerpc*] kprobes: Pause function_graph tracing during jprobes handling
- powerpc/64s: Handle data breakpoints in Radix mode
- Input: i8042 - add Fujitsu Lifebook AH544 to notimeout list
- brcmfmac: add parameter to pass error code in firmware callback
- brcmfmac: use firmware callback upon failure to load
- brcmfmac: unbind all devices upon failure in firmware callback
- time: Fix clock->read(clock) race around clocksource changes
- time: Fix CLOCK_MONOTONIC_RAW sub-nanosecond accounting
- [arm64] vdso: Fix nsec handling for CLOCK_MONOTONIC_RAW
- target: Fix kref->refcount underflow in transport_cmd_finish_abort
- iscsi-target: Fix delayed logout processing greater than
SECONDS_FOR_LOGOUT_COMP
- iscsi-target: Reject immediate data underflow larger than SCSI transfer
length
- drm/radeon: add a PX quirk for another K53TK variant
- drm/radeon: add a quirk for Toshiba Satellite L20-183
- drm/amdgpu/atom: fix ps allocation size for EnableDispPowerGating
- drm/amdgpu: adjust default display clock
- of: Add check to of_scan_flat_dt() before accessing initial_boot_params
- mtd: spi-nor: fix spansion quad enable
- usb: gadget: f_fs: avoid out of bounds access on comp_desc
- rt2x00: avoid introducing a USB dependency in the rt2x00lib module
- net: phy: Initialize mdio clock at probe function
- dmaengine: bcm2835: Fix cyclic DMA period splitting
- spi: double time out tolerance
- net: phy: fix marvell phy status reading
- jump label: fix passing kbuild_cflags when checking for asm goto support
- brcmfmac: fix uninitialized warning in brcmf_usb_probe_phase2()
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.36
- ipv6: release dst on error in ip6_dst_lookup_tail
- net: don't call strlen on non-terminated string in dev_set_alias()
- decnet: dn_rtmsg: Improve input length sanitization in
dnrmg_receive_user_skb
- net: Zero ifla_vf_info in rtnl_fill_vfinfo()
- net: vrf: Make add_fib_rules per network namespace flag
- af_unix: Add sockaddr length checks before accessing sa_family in bind
and connect handlers
- Fix an intermittent pr_emerg warning about lo becoming free.
- sctp: disable BH in sctp_for_each_endpoint
- net: caif: Fix a sleep-in-atomic bug in cfpkt_create_pfx
- net: tipc: Fix a sleep-in-atomic bug in tipc_msg_reverse
- net/mlx5e: Added BW check for DIM decision mechanism
- net/mlx5e: Fix wrong indications in DIM due to counter wraparound
- proc: snmp6: Use correct type in memset
- igmp: acquire pmc lock for ip_mc_clear_src()
- igmp: add a missing spin_lock_init()
- ipv6: fix calling in6_ifa_hold incorrectly for dad work
- sctp: return next obj by passing pos + 1 into sctp_transport_get_idx
- net/mlx5e: Avoid doing a cleanup call if the profile doesn't have it
- net/mlx5: Wait for FW readiness before initializing command interface
- net/mlx5e: Fix timestamping capabilities reporting
- decnet: always not take dst->__refcnt when inserting dst into hash table
- net: 8021q: Fix one possible panic caused by BUG_ON in free_netdev
- sfc: provide dummy definitions of vswitch functions
- ipv6: Do not leak throw route references
- rtnetlink: add IFLA_GROUP to ifla_policy
- netfilter: xt_TCPMSS: add more sanity tests on tcph->doff
- netfilter: synproxy: fix conntrackd interaction
- NFSv4: fix a reference leak caused WARNING messages
- xen/blkback: don't use xen_blkif_get() in xen-blkback kthread
- drm/ast: Handle configuration without P2A bridge
- mm, swap_cgroup: reschedule when neeed in swap_cgroup_swapoff()
- [mips*] head: Reorder instructions missing a delay slot
- [mips*] Avoid accidental raw backtrace
- [mips*] pm-cps: Drop manual cache-line alignment of ready_count
- [mips*] Fix IRQ tracing & lockdep when rescheduling
- ALSA: hda - Fix endless loop of codec configure
- ALSA: hda - set input_path bitmap to zero after moving it to new place
- NFSv4.1: Fix a race in nfs4_proc_layoutget
- gpiolib: fix filtering out unwanted events
- [x86] drm/vmwgfx: Free hash table allocated by cmdbuf managed res mgr
- dm thin: do not queue freed thin mapping for next stage processing
- [x86] mm: Fix boot crash caused by incorrect loop count calculation in
sync_global_pgds()
- usb: gadget: f_fs: Fix possibe deadlock
- l2tp: fix race in l2tp_recv_common()
- l2tp: ensure session can't get removed during pppol2tp_session_ioctl()
- l2tp: fix duplicate session creation
- l2tp: hold session while sending creation notifications
- l2tp: take a reference on sessions used in genetlink handlers
- mm: numa: avoid waiting on freed migrated pages
- net: ethtool: add support for 2500BaseT and 5000BaseT link modes
- net: phy: add an option to disable EEE advertisement
- dt-bindings: net: add EEE capability constants
- net: phy: fix sign type error in genphy_config_eee_advert
- net: phy: use boolean dt properties for eee broken modes
- dt: bindings: net: use boolean dt properties for eee broken modes
- [arm64] dts: meson-gxbb-odroidc2: fix GbE tx link breakage
- xen/blkback: don't free be structure too early
- [x86] KVM: fix fixing of hypercalls
- scsi: sd: Fix wrong DPOFUA disable in sd_read_cache_type
- stmmac: add missing of_node_put
- scsi: lpfc: Set elsiocb contexts to NULL after freeing it
- qla2xxx: Terminate exchange if corrupted
- qla2xxx: Fix erroneous invalid handle message
- drm/amdgpu: fix program vce instance logic error.
- drm/amdgpu: add support for new hainan variants
- net: phy: dp83848: add DP83620 PHY support
- [x86] perf/intel: Handle exclusive threadid correctly on CPU hotplug
- net: korina: Fix NAPI versus resources freeing
- [powerpc*] eeh: Enable IO path on permanent error
- net: ethtool: Initialize buffer when querying device channel settings
- xen-netback: fix memory leaks on XenBus disconnect
- xen-netback: protect resource cleaning on XenBus disconnect
- bnxt_en: Fix "uninitialized variable" bug in TPA code path.
- bpf: don't trigger OOM killer under pressure with map alloc
- objtool: Fix IRET's opcode
- gianfar: Do not reuse pages from emergency reserve
- Btrfs: Fix deadlock between direct IO and fast fsync
- Btrfs: fix truncate down when no_holes feature is enabled
- virtio_console: fix a crash in config_work_handler
- swiotlb-xen: update dev_addr after swapping pages
- xen-netfront: Fix Rx stall during network stress and OOM
- scsi: virtio_scsi: Reject commands when virtqueue is broken
- iwlwifi: fix kernel crash when unregistering thermal zone
- [x86] platform: ideapad-laptop: handle ACPI event 1
- amd-xgbe: Check xgbe_init() return code
- net: dsa: Check return value of phy_connect_direct()
- drm/amdgpu: check ring being ready before using
- vfio/spapr: fail tce_iommu_attach_group() when iommu_data is null
- mlxsw: spectrum_router: Correctly reallocate adjacency entries
- virtio_net: fix PAGE_SIZE > 64k
- ip6_tunnel: must reload ipv6h in ip6ip6_tnl_xmit()
- vxlan: do not age static remote mac entries
- ibmveth: Add a proper check for the availability of the checksum features
- kernel/panic.c: add missing \n
- [x86] perf/intel/uncore: Fix hardcoded socket 0 assumption in the Haswell
init code
- [x86] pinctrl: intel: Set pin direction properly
- net: phy: marvell: fix Marvell 88E1512 used in SGMII mode
- mac80211: recalculate min channel width on VHT opmode changes
- [x86] perf/intel: Use ULL constant to prevent undefined shift behaviour
- HID: i2c-hid: Add sleep between POWER ON and RESET
- scsi: lpfc: avoid double free of resource identifiers
- spi: davinci: use dma_mapping_error()
- [arm64] assembler: make adr_l work in modules under KASLR
- net: thunderx: acpi: fix LMAC initialization
- drm/radeon/si: load special ucode for certain MC configs
- drm/amd/powerplay: fix vce cg logic error on CZ/St.
- drm/amd/powerplay: refine vce dpm update code on Cz.
- pmem: return EIO on read_pmem() failure
- mac80211: initialize SMPS field in HT capabilities
- [x86] tsc: Add the Intel Denverton Processor to native_calibrate_tsc()
- [x86] mpx: Use compatible types in comparison to fix sparse error
- perf/core: Fix sys_perf_event_open() vs. hotplug
- [x86] perf: Reject non sampling events with precise_ip
- aio: fix lock dep warning
- coredump: Ensure proper size of sparse core files
- swiotlb: ensure that page-sized mappings are page-aligned
- [s390x] ctl_reg: make __ctl_load a full memory barrier
- usb: dwc2: gadget: Fix GUSBCFG.USBTRDTIM value
- be2net: fix status check in be_cmd_pmac_add()
- be2net: don't delete MAC on close on unprivileged BE3 VFs
- be2net: fix MAC addr setting on privileged BE3 VFs
- perf probe: Fix to show correct locations for events on modules
- net: phy: dp83867: allow RGMII_TXID/RGMII_RXID interface types
- tipc: allocate user memory with GFP_KERNEL flag
- perf probe: Fix to probe on gcc generated functions in modules
- net/mlx4_core: Eliminate warning messages for SRQ_LIMIT under SRIOV
- sctp: check af before verify address in sctp_addr_id2transport
- ip6_tunnel, ip6_gre: fix setting of DSCP on encapsulated packets
- ravb: Fix use-after-free on `ifconfig eth0 down`
- mm/vmalloc.c: huge-vmap: fail gracefully on unexpected huge vmap mappings
- xfrm: fix stack access out of bounds with CONFIG_XFRM_SUB_POLICY
- xfrm: NULL dereference on allocation failure
- xfrm: Oops on error in pfkey_msg2xfrm_state()
- netfilter: use skb_to_full_sk in ip_route_me_harder
- watchdog: bcm281xx: Fix use of uninitialized spinlock.
- sched/loadavg: Avoid loadavg spikes caused by delayed NO_HZ accounting
- spi: When no dma_chan map buffers with spi_master's parent
- spi: fix device-node leaks
- regulator: tps65086: Fix expected switch DT node names
- regulator: tps65086: Fix DT node referencing in of_parse_cb
- [armhf] OMAP2+: omap_device: Sync omap_device and pm_runtime after probe
defer
- [armhf] dts: OMAP3: Fix MFG ID EEPROM
- [arm64] ACPI: Fix BAD_MADT_GICC_ENTRY() macro implementation
- [armel,armhf] 8685/1: ensure memblock-limit is pmd-aligned
- [x86] tools arch: Sync arch/x86/lib/memcpy_64.S with the kernel
- [x86] boot/KASLR: Fix kexec crash due to 'virt_addr' calculation bug
- [x86] mpx: Correctly report do_mpx_bt_fault() failures to user-space
- [x86] mm: Fix flush_tlb_page() on Xen
- ocfs2: o2hb: revert hb threshold to keep compatible
- iommu/vt-d: Don't over-free page table directories
- iommu: Handle default domain attach failure
- iommu/dma: Don't reserve PCI I/O windows
- iommu/amd: Fix incorrect error handling in amd_iommu_bind_pasid()
- iommu/amd: Fix interrupt remapping when disable guest_mode
- cpufreq: s3c2416: double free on driver init error path
- clk: scpi: don't add cpufreq device if the scpi dvfs node is disabled
- brcmfmac: avoid writing channel out of allocated array
- i2c: brcmstb: Fix START and STOP conditions
- mtd: nand: brcmnand: Check flash #WP pin status before nand erase/program
- [arm64] fix NULL dereference in have_cpu_die()
- [x86] KVM: fix emulation of RSM and IRET instructions
- [x86] KVM: vPMU: fix undefined shift in intel_pmu_refresh()
- [x86] KVM: zero base3 of unusable segments
- [x86] KVM: nVMX: Fix exception injection
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.37
- fs: add a VALID_OPEN_FLAGS
- fs: completely ignore unknown open flags
- driver core: platform: fix race condition with driver_override
(CVE-2017-12146)
- ceph: choose readdir frag based on previous readdir reply
- tracing/kprobes: Allow to create probe with a module name starting with a
digit
- media: entity: Fix stream count check
- usb: dwc3: replace %p with %pK
- USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick
- Add USB quirk for HVR-950q to avoid intermittent device resets
- usb: usbip: set buffer pointers to NULL after free
- usb: Fix typo in the definition of Endpoint[out]Request
- USB: core: fix device node leak
- mac80211_hwsim: Replace bogus hrtimer clockid
- sysctl: don't print negative flag for proc_douintvec
- sysctl: report EINVAL if value is larger than UINT_MAX for proc_douintvec
- [arm64] pinctrl: qcom: ipq4019: add missing pingroups for pins > 70
- [arm64] pinctrl: meson: meson8b: fix the NAND DQS pins
- [x86] pinctrl: cherryview: Add terminate entry for dmi_system_id tables
- [armhf] pinctrl: sunxi: Fix SPDIF function name for A83T
- xhci: Limit USB2 port wake support for AMD Promontory hosts
- gfs2: Fix glock rhashtable rcu bug
- tpm: fix a kernel memory leak in tpm-sysfs.c
- [x86] uaccess: Optimize copy_user_enhanced_fast_string() for short strings
- ath10k: override CE5 config for QCA9377
- KEYS: Fix an error code in request_master_key()
- crypto: drbg - Fixes panic in wait_for_completion call
- RDMA/uverbs: Check port number supplied by user verbs cmds
- rt286: add Thinkpad Helix 2 to force_combo_jack_table
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.38
- Add "shutdown" to "struct class".
- tpm: Issue a TPM2_Shutdown for TPM2 devices.
- perf thread_map: Correctly size buffer used with dirent->dt_name
- perf tests: Avoid possible truncation with dirent->d_name + snprintf
- perf bench numa: Avoid possible truncation when using snprintf()
- perf header: Fix handling of PERF_EVENT_UPDATE__SCALE
- perf scripting perl: Fix compile error with some perl5 versions
- perf probe: Fix to probe on gcc generated symbols for offline kernel
- perf probe: Add error checks to offline probe post-processing
- md: fix incorrect use of lexx_to_cpu in does_sb_need_changing
- md: fix super_offset endianness in super_1_rdev_size_change
- locking/rwsem-spinlock: Fix EINTR branch in __down_write_common()
- staging: vt6556: vnt_start Fix missing call to vnt_key_init_table.
- staging: comedi: fix clean-up of comedi_class in comedi_init()
- crypto: caam - fix gfp allocation flags (part I)
- crypto: rsa-pkcs1pad - use constant time memory comparison for MACs
- ext4: check return value of kstrtoull correctly in reserved_clusters_store
- [x86] mm/pat: Don't report PAT on CPUs that don't support it
- saa7134: fix warm Medion 7134 EEPROM read
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.39
- xen-netfront: Rework the fix for Rx stall during OOM and network stress
- net_sched: fix error recovery at qdisc creation
- net: sched: Fix one possible panic when no destroy callback
- net/phy: micrel: configure intterupts after autoneg workaround
- ipv6: avoid unregistering inet6_dev for loopback
- net: dp83640: Avoid NULL pointer dereference.
- tcp: reset sk_rx_dst in tcp_disconnect()
- net: prevent sign extension in dev_get_stats()
- bridge: mdb: fix leak on complete_info ptr on fail path
- rocker: move dereference before free
- bpf: prevent leaking pointer via xadd on unpriviledged
- net: handle NAPI_GRO_FREE_STOLEN_HEAD case also in napi_frags_finish()
- net/mlx5: Cancel delayed recovery work when unloading the driver
- liquidio: fix bug in soft reset failure detection
- net/mlx5e: Fix TX carrier errors report in get stats ndo
- ipv6: dad: don't remove dynamic addresses if link is down
- vxlan: fix hlist corruption
- net: core: Fix slab-out-of-bounds in netdev_stats_to_stats64
- net: ipv6: Compare lwstate in detecting duplicate nexthops
- vrf: fix bug_on triggered by rx when destroying a vrf
- rds: tcp: use sock_create_lite() to create the accept socket
- brcmfmac: Fix a memory leak in error handling path in
'brcmf_cfg80211_attach'
- brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain
- sfc: don't read beyond unicast address list
- cfg80211: Define nla_policy for NL80211_ATTR_LOCAL_MESH_POWER_MODE
- cfg80211: Validate frequencies nested in NL80211_ATTR_SCAN_FREQUENCIES
- cfg80211: Check if PMKID attribute is of expected size
- cfg80211: Check if NAN service ID is of expected size
- irqchip/gic-v3: Fix out-of-bound access in gic_set_affinity
- thp, mm: fix crash due race in MADV_FREE handling
- kernel/extable.c: mark core_kernel_text notrace
- mm/list_lru.c: fix list_lru_count_node() to be race free
- fs/dcache.c: fix spin lockup issue on nlru->lock
- binfmt_elf: use ELF_ET_DYN_BASE only for PIE (CVE-2017-1000370,
CVE-2017-1000371)
- [armel,armhf] move ELF_ET_DYN_BASE to 4MB
- [arm64] move ELF_ET_DYN_BASE to 4GB / 4MB
- [powerpc*] move ELF_ET_DYN_BASE to 4GB / 4MB
- [s390x] reduce ELF_ET_DYN_BASE
- exec: Limit arg stack to at most 75% of _STK_LIM
- [arm64] dts: marvell: armada37xx: Fix timer interrupt specifiers
- vt: fix unchecked __put_user() in tioclinux ioctls
- rcu: Add memory barriers for NOCB leader wakeup
- nvmem: core: fix leaks on registration errors
- mnt: In umount propagation reparent in a separate pass
- mnt: In propgate_umount handle visiting mounts in any order
- mnt: Make propagate_umount less slow for overlapping mount propagation
trees
- selftests/capabilities: Fix the test_execve test
- mm: fix overflow check in expand_upwards()
- crypto: talitos - Extend max key length for SHA384/512-HMAC and AEAD
- [x86] crypto: sha1-ssse3 - Disable avx2
- crypto: caam - properly set IV after {en,de}crypt
- crypto: caam - fix signals handling
- Revert "sched/core: Optimize SCHED_SMT"
- sched/fair, cpumask: Export for_each_cpu_wrap()
- sched/topology: Fix building of overlapping sched-groups
- sched/topology: Optimize build_group_mask()
- sched/topology: Fix overlapping sched_group_mask
- PM / wakeirq: Convert to SRCU
- PM / QoS: return -EINVAL for bogus strings
- tracing: Use SOFTIRQ_OFFSET for softirq dectection for more accurate
results
- [x86] kvm: vmx: Do not disable intercepts for BNDCFGS
- [x86] kvm: Guest BNDCFGS requires guest MPX support
- [x86] kvm: vmx: Check value written to IA32_BNDCFGS
- [x86] kvm: vmx: allow host to access guest MSR_IA32_BNDCFGS
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.40
- dm mpath: cleanup -Wbool-operation warning in choose_pgpath()
- s5p-jpeg: don't return a random width/height
- thermal: max77620: fix device-node reference imbalance
- thermal: cpu_cooling: Avoid accessing potentially freed structures
- ath9k: fix tx99 use after free
- ath9k: fix tx99 bus error
- ath9k: fix an invalid pointer dereference in ath9k_rng_stop()
- NFC: fix broken device allocation
- NFC: nfcmrvl_uart: add missing tty-device sanity check
- NFC: nfcmrvl: do not use device-managed resources
- NFC: nfcmrvl: use nfc-device for firmware download
- NFC: nfcmrvl: fix firmware-management initialisation
- nfc: Ensure presence of required attributes in the activate_target handler
- nfc: Fix the sockaddr length sanitization in llcp_sock_connect
- NFC: Add sockaddr length checks before accessing sa_family in bind
handlers
- [x86] perf intel-pt: Move decoder error setting into one condition
- [x86] perf intel-pt: Improve sample timestamp
- [x86] perf intel-pt: Fix missing stack clear
- [x86] perf intel-pt: Ensure IP is zero when state is INTEL_PT_STATE_NO_IP
- [x86] perf intel-pt: Fix last_ip usage
- [x86] perf intel-pt: Ensure never to set 'last_ip' when packet 'count' is
zero
- [x86] perf intel-pt: Use FUP always when scanning for an IP
- [x86] perf intel-pt: Clear FUP flag on error
- Bluetooth: use constant time memory comparison for secret values
- wlcore: fix 64K page support
- btrfs: Don't clear SGID when inheriting ACLs
- igb: Explicitly select page 0 at initialization
- ASoC: compress: Derive substream from stream based on direction
- PM / Domains: Fix unsafe iteration over modified list of device links
- PM / Domains: Fix unsafe iteration over modified list of domain providers
- PM / Domains: Fix unsafe iteration over modified list of domains
- scsi: ses: do not add a device to an enclosure if enclosure_add_links()
fails.
- scsi: Add STARGET_CREATED_REMOVE state to scsi_target_state
- iscsi-target: Add login_keys_workaround attribute for non RFC initiators
- xen/scsiback: Fix a TMR related use-after-free
- [powerpc*] pseries: Fix passing of pp0 in updatepp() and updateboltedpp()
- [powerpc*/*64*] Fix atomic64_inc_not_zero() to return an int
- [powerpc*] Fix emulation of mcrf in emulate_step()
- [powerpc*] Fix emulation of mfocrf in emulate_step()
- [powerpc*] asm: Mark cr0 as clobbered in mftb()
- [powerpc*] mm/radix: Properly clear process table entry
- af_key: Fix sadb_x_ipsecrequest parsing
- PCI: Work around poweroff & suspend-to-RAM issue on Macbook Pro 11
- PCI: rockchip: Use normal register bank for config accessors
- PCI/PM: Restore the status of PCI devices across hibernation
- ipvs: SNAT packet replies only for NATed connections
- xhci: fix 20000ms port resume timeout
- xhci: Fix NULL pointer dereference when cleaning up streams for removed
host
- xhci: Bad Ethernet performance plugged in ASM1042A host
- mxl111sf: Fix driver to use heap allocate buffers for USB messages
- usb: storage: return on error to avoid a null pointer dereference
- USB: cdc-acm: add device-id for quirky printer
- usb: renesas_usbhs: fix usbhsc_resume() for !USBHSF_RUNTIME_PWCTRL
- usb: renesas_usbhs: gadget: disable all eps when the driver stops
- md: don't use flush_signals in userspace processes
- [x86] xen: allow userspace access during hypercalls
- cx88: Fix regression in initial video standard setting
- libnvdimm, btt: fix btt_rw_page not returning errors
- libnvdimm: fix badblock range handling of ARS range
- Raid5 should update rdev->sectors after reshape
- [s390x] syscalls: Fix out of bounds arguments access
- drm/amd/amdgpu: Return error if initiating read out of range on vram
- drm/radeon/ci: disable mclk switching for high refresh rates (v2)
- drm/radeon: Fix eDP for single-display iMac10,1 (v2)
- ipmi: use rcu lock around call to intf->handlers->sender()
- ipmi:ssif: Add missing unlock in error branch
- xfs: Don't clear SGID when inheriting ACLs
- f2fs: sanity check size of nat and sit cache
- f2fs: Don't clear SGID when inheriting ACLs
- drm/ttm: Fix use-after-free in ttm_bo_clean_mm
- ovl: drop CAP_SYS_RESOURCE from saved mounter's credentials
- vfio: Fix group release deadlock
- vfio: New external user group/file match
- nvme-rdma: remove race conditions from IB signalling
- ftrace: Fix uninitialized variable in match_records()
- [mips*] Fix mips_atomic_set() retry condition
- [mips*] Fix mips_atomic_set() with EVA
- [mips*] Negate error syscall return in trace
- ubifs: Don't leak kernel memory to the MTD
- ACPI / EC: Drop EC noirq hooks to fix a regression
- Revert "ACPI / EC: Enable event freeze mode..." to fix a regression
- [x86] acpi: Prevent out of bound access caused by broken ACPI tables
- [x86] ioapic: Pass the correct data to unmask_ioapic_irq()
- [mips*] Fix MIPS I ISA /proc/cpuinfo reporting
- [mips*] Save static registers before sysmips
- [mips*] Actually decode JALX in `__compute_return_epc_for_insn'
- [mips*] Fix unaligned PC interpretation in `compute_return_epc'
- [mips*] math-emu: Prevent wrong ISA mode instruction emulation
- [mips*] Send SIGILL for BPOSGE32 in `__compute_return_epc_for_insn'
- [mips*] Send SIGILL for linked branches in `__compute_return_epc_for_insn'
- [mips*] Send SIGILL for R6 branches in `__compute_return_epc_for_insn'
- [mips*] Fix a typo: s/preset/present/ in r2-to-r6 emulation error message
- Input: i8042 - fix crash at boot time
- IB/iser: Fix connection teardown race condition
- IB/core: Namespace is mandatory input for address resolution
- sunrpc: use constant time memory comparison for mac
- NFS: only invalidate dentrys that are clearly invalid.
- udf: Fix deadlock between writeback and udf_setsize()
- target: Fix COMPARE_AND_WRITE caw_sem leak during se_cmd quiesce
- iser-target: Avoid isert_conn->cm_id dereference in isert_login_recv_done
- perf annotate: Fix broken arrow at row 0 connecting jmp instruction to
its target
- staging: rtl8188eu: add TL-WN722N v2 support
- staging: comedi: ni_mio_common: fix AO timer off-by-one regression
- staging: sm750fb: avoid conflicting vesafb
- staging: lustre: ko2iblnd: check copy_from_iter/copy_to_iter return code
- ceph: fix race in concurrent readdir
- RDMA/core: Initialize port_num in qp_attr
- drm/mst: Fix error handling during MST sideband message reception
- drm/mst: Avoid dereferencing a NULL mstb in drm_dp_mst_handle_up_req()
- drm/mst: Avoid processing partially received up/down message transactions
- mlx5: Avoid that mlx5_ib_sg_to_klms() overflows the klms[] array
- hfsplus: Don't clear SGID when inheriting ACLs
- ovl: fix random return value on mount
- acpi/nfit: Fix memory corruption/Unregister mce decoder on failure
- of: device: Export of_device_{get_modalias, uvent_modalias} to modules
- spmi: Include OF based modalias in device uevent
- reiserfs: Don't clear SGID when inheriting ACLs
- PM / Domains: defer dev_pm_domain_set() until genpd->attach_dev succeeds
if present
- tracing: Fix kmemleak in instance_rmdir
- alarmtimer: don't rate limit one-shot timers
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.41
- af_key: Add lock to key dump
- pstore: Make spinlock per zone instead of global
- net: reduce skb_warn_bad_offload() noise
- jfs: Don't clear SGID when inheriting ACLs
- ALSA: fm801: Initialize chip after IRQ handler is registered
- ALSA: hda - Add missing NVIDIA GPU codec IDs to patch table
- [powerpc*] pseries: Fix of_node_put() underflow during reconfig remove
- NFS: invalidate file size when taking a lock.
- NFSv4.1: Fix a race where CB_NOTIFY_LOCK fails to wake a waiter
- crypto: authencesn - Fix digest_null crash
- [powerpc*] KVM: Book3S HV: Enable TM before accessing TM registers
- md/raid5: add thread_group worker async_tx_issue_pending_all
- drm/nouveau/disp/nv50-: bump max chans to 21
- drm/nouveau/bar/gf100: fix access to upper half of BAR2
- [powerpc*] KVM: Book3S HV: Restore critical SPRs to host values on guest
exit
- [powerpc*] KVM: Book3S HV: Save/restore host values of debug registers
- [powerpc*] Revert "powerpc/numa: Fix percpu allocations to be NUMA aware"
- Staging: comedi: comedi_fops: Avoid orphaned proc entry
- smp/hotplug: Move unparking of percpu threads to the control CPU
- smp/hotplug: Replace BUG_ON and react useful
- nfc: Fix hangup of RC-S380* in port100_send_ack()
- nfc: fdp: fix NULL pointer dereference
- net: phy: Do not perform software reset for Generic PHY
- isdn: Fix a sleep-in-atomic bug
- ath10k: fix null deref on wmi-tlv when trying spectral scan
- wil6210: fix deadlock when using fw_no_recovery option
- mailbox: always wait in mbox_send_message for blocking Tx mode
- mailbox: skip complete wait event if timer expired
- mailbox: handle empty message in tx_tick
- sched/cgroup: Move sched_online_group() back into css_online() to fix
crash
- RDMA/uverbs: Fix the check for port number
- ipmi/watchdog: fix watchdog timeout set on reboot
- v4l: s5c73m3: fix negation operator
- pstore: Allow prz to control need for locking
- pstore: Correctly initialize spinlock and flags
- pstore: Use dynamic spinlock initializer
- net: skb_needs_check() accepts CHECKSUM_NONE for tx
- device-dax: fix sysfs duplicate warnings
- [x86] mce/AMD: Make the init code more robust
- r8169: add support for RTL8168 series add-on card.
- [armhf] omap2+: fixing wrong strcat for Non-NULL terminated string
- dt-bindings: power/supply: Update TPS65217 properties
- dt-bindings: input: Specify the interrupt number of TPS65217 power button
- [armhf] dts: n900: Mark eMMC slot with no-sdio and no-sd flags
- net/mlx5: Disable RoCE on the e-switch management port under switchdev
mode
- ipv6: Should use consistent conditional judgement for ip6 fragment
between __ip6_append_data and ip6_finish_output
- net/mlx4_core: Use-after-free causes a resource leak in flow-steering
detach
- net/mlx4: Remove BUG_ON from ICM allocation routine
- net/mlx4_core: Fix raw qp flow steering rules under SRIOV
- [arm64] drm/msm: Ensure that the hardware write pointer is valid
- [arm64] drm/msm: Put back the vaddr in submit_reloc()
- [arm64] drm/msm: Verify that MSM_SUBMIT_BO_FLAGS are set
- irqchip/keystone: Fix "scheduling while atomic" on rt
- ASoC: tlv320aic3x: Mark the RESET register as volatile
- spi: dw: Make debugfs name unique between instances
- ASoC: nau8825: fix invalid configuration in Pre-Scalar of FLL
- irqchip/mxs: Enable SKIP_SET_WAKE and MASK_ON_SUSPEND
- openrisc: Add _text symbol to fix ksym build error
- dmaengine: ioatdma: Add Skylake PCI Dev ID
- dmaengine: ioatdma: workaround SKX ioatdma version
- l2tp: consider '::' as wildcard address in l2tp_ip6 socket lookup
- dmaengine: ti-dma-crossbar: Add some 'of_node_put()' in error path.
- usb: dwc3: omap: fix race of pm runtime with irq handler in probe
- [arm64] zynqmp: Fix W=1 dtc 1.4 warnings
- [arm64] zynqmp: Fix i2c node's compatible string
- perf probe: Fix to get correct modname from elf header
- ACPI / scan: Prefer devices without _HID/_CID for _ADR matching
- usb: gadget: Fix copy/pasted error message
- Btrfs: use down_read_nested to make lockdep silent
- Btrfs: fix lockdep warning about log_mutex
- benet: stricter vxlan offloading check in be_features_check
- Btrfs: adjust outstanding_extents counter properly when dio write is split
- [armhf] Xen: Zero reserved fields of xatp before making hypervisor call
- tools lib traceevent: Fix prev/next_prio for deadline tasks
- xfrm: Don't use sk_family for socket policy lookups
- perf tools: Install tools/lib/traceevent plugins with install-bin
- perf symbols: Robustify reading of build-id from sysfs
- video: fbdev: cobalt_lcdfb: Handle return NULL error from devm_ioremap
- vfio-pci: Handle error from pci_iomap
- [arm64] mm: fix show_pte KERN_CONT fallout
- nvmem: imx-ocotp: Fix wrong register size
- net: usb: asix_devices: add .reset_resume for USB PM
- ASoC: fsl_ssi: set fifo watermark to more reliable value
- sh_eth: enable RX descriptor word 0 shift on SH7734
- ALSA: usb-audio: test EP_FLAG_RUNNING at urb completion
- [x86] platform/intel-mid: Rename 'spidev' to 'mrfld_spidev'
- [x86] perf: Set pmu->module in Intel PMU modules
- [x86] ASoC: Intel: bytcr-rt5640: fix settings in internal clock mode
- HID: ignore Petzl USB headlamp
- scsi: fnic: Avoid sending reset to firmware when another reset is in
progress
- scsi: snic: Return error code on memory allocation failure
- scsi: bfa: Increase requested firmware version to 3.2.5.1
- [x86] ASoC: Intel: Skylake: Release FW ctx in cleanup
- ASoC: dpcm: Avoid putting stream state to STOP when FE stream is paused
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.42
- cgroup: create dfl_root files on subsys registration
- cgroup: fix error return value from cgroup_subtree_control()
- libata: array underflow in ata_find_dev()
- workqueue: restore WQ_UNBOUND/max_active==1 to be ordered
- iwlwifi: dvm: prevent an out of bounds access
- brcmfmac: fix memleak due to calling brcmf_sdiod_sgtable_alloc() twice
- NFSv4: Fix EXCHANGE_ID corrupt verifier issue
- device property: Make dev_fwnode() public
- mmc: core: Fix access to HS400-ES devices
- mm, mprotect: flush TLB if potentially racing with a parallel reclaim
leaving stale TLB entries
- cpuset: fix a deadlock due to incomplete patching of cpusets_enabled()
- ALSA: hda - Fix speaker output from VAIO VPCL14M1R
- drm/amdgpu: Fix undue fallthroughs in golden registers initialization
- ASoC: do not close shared backend dailink
- KVM: async_pf: make rcu irq exit if not triggered from idle task
- mm/page_alloc: Remove kernel address exposure in free_reserved_area()
- timers: Fix overflow in get_next_timer_interrupt
- [powerpc*] tm: Fix saving of TM SPRs in core dump
- [powerpc*/*64*] Fix __check_irq_replay missing decrementer interrupt
- iommu/amd: Enable ga_log_intr when enabling guest_mode
- gpiolib: skip unwanted events, don't convert them to opposite edge
- ext4: fix SEEK_HOLE/SEEK_DATA for blocksize < pagesize
- ext4: fix overflow caused by missing cast in ext4_resize_fs()
- [armhf] dts: armada-38x: Fix irq type for pca955
- media: platform: davinci: return -EINVAL for VPFE_CMD_S_CCDC_RAW_PARAMS
ioctl
- iscsi-target: Fix initial login PDU asynchronous socket close OOPs
- mmc: dw_mmc: Use device_property_read instead of of_property_read
- mmc: core: Use device_property_read instead of of_property_read
- media: lirc: LIRC_GET_REC_RESOLUTION should return microseconds
- f2fs: sanity check checkpoint segno and blkoff (CVE-2017-10663)
- Btrfs: fix early ENOSPC due to delalloc
- saa7164: fix double fetch PCIe access condition (CVE-2017-8831)
- tcp_bbr: cut pacing rate only if filled pipe
- tcp_bbr: introduce bbr_bw_to_pacing_rate() helper
- tcp_bbr: introduce bbr_init_pacing_rate_from_rtt() helper
- tcp_bbr: remove sk_pacing_rate=0 transient during init
- tcp_bbr: init pacing rate on first RTT sample
- ipv4: ipv6: initialize treq->txhash in cookie_v[46]_check()
- net: Zero terminate ifr_name in dev_ifname().
- net: dsa: b53: Add missing ARL entries for BCM53125
- ipv4: initialize fib_trie prior to register_netdev_notifier call.
- rtnetlink: allocate more memory for dev_set_mac_address()
- mcs7780: Fix initialization when CONFIG_VMAP_STACK is enabled
- openvswitch: fix potential out of bound access in parse_ct
- packet: fix use-after-free in prb_retire_rx_blk_timer_expired()
- ipv6: Don't increase IPSTATS_MIB_FRAGFAILS twice in ip6_fragment()
- net: ethernet: nb8800: Handle all 4 RGMII modes identically
- dccp: fix a memleak that dccp_ipv6 doesn't put reqsk properly
- dccp: fix a memleak that dccp_ipv4 doesn't put reqsk properly
- dccp: fix a memleak for dccp_feat_init err process
- sctp: don't dereference ptr before leaving _sctp_walk_{params, errors}()
- sctp: fix the check for _sctp_walk_params and _sctp_walk_errors
- net/mlx5: Consider tx_enabled in all modes on remap
- net/mlx5: Fix command bad flow on command entry allocation failure
- net/mlx5e: Fix outer_header_zero() check size
- net/mlx5e: Fix wrong delay calculation for overflow check scheduling
- net/mlx5e: Schedule overflow check work to mlx5e workqueue
- net: phy: Correctly process PHY_HALTED in phy_stop_machine()
- xen-netback: correctly schedule rate-limited queues
- wext: handle NULL extra data in iwe_stream_add_point better
- sh_eth: fix EESIPR values for SH77{34|63}
- sh_eth: R8A7740 supports packet shecksumming
- net: phy: dp83867: fix irq generation
- tg3: Fix race condition in tg3_get_stats64().
- [x86] boot: Add missing declaration of string functions
- spi: spi-axi: Free resources on error path
- ASoC: rt5645: set sel_i2s_pre_div1 to 2
- netfilter: use fwmark_reflect in nf_send_reset
- phy state machine: failsafe leave invalid RUNNING state
- ipv4: make tcp_notsent_lowat sysctl knob behave as true unsigned int
- clk/samsung: exynos542x: mark some clocks as critical
- scsi: qla2xxx: Get mutex lock before checking optrom_state
- drm/virtio: fix framebuffer sparse warning
- [armhf] dts: sunxi: Change node name for pwrseq pin on
Olinuxino-lime2-emmc
- iw_cxgb4: do not send RX_DATA_ACK CPLs after close/abort
- nbd: blk_mq_init_queue returns an error code on failure, not NULL
- virtio_blk: fix panic in initialization error path
- [armel,armhf] 8632/1: ftrace: fix syscall name matching
- mm, slab: make sure that KMALLOC_MAX_SIZE will fit into MAX_ORDER
- lib/Kconfig.debug: fix frv build failure
- signal: protect SIGNAL_UNKILLABLE from unintentional clearing.
- mm: don't dereference struct page fields of invalid pages
- net/mlx5: E-Switch, Re-enable RoCE on mode change only after FDB destroy
- net: phy: Fix PHY unbind crash
- workqueue: implicit ordered attribute should be overridable
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.43
- ppp: Fix false xmit recursion detect with two ppp devices
- ppp: fix xmit recursion detection on ppp channels
- tcp: avoid setting cwnd to invalid ssthresh after cwnd reduction states
- net: fix keepalive code vs TCP_FASTOPEN_CONNECT
- [s390x] bpf: fix jit branch offset related to ldimm64
- net/mlx4_en: don't set CHECKSUM_COMPLETE on SCTP packets
- net: sched: set xt_tgchk_param par.nft_compat as 0 in ipt_init_target
- tcp: fastopen: tcp_connect() must refresh the route
- net: avoid skb_warn_bad_offload false positives on UFO
- igmp: Fix regression caused by igmp sysctl namespace code.
- packet: fix tp_reserve race in packet_set_ring (CVE-2017-1000111)
- udp: consistently apply ufo or fragmentation (CVE-2017-1000112)
- [armhf,arm64] KVM: Handle hva aging while destroying the vm
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.44
- mm: ratelimit PFNs busy info message
- mm: fix list corruptions on shmem shrinklist
- futex: Remove unnecessary warning from get_futex_key
- mtd: nand: Fix timing setup for NANDs that do not support SET FEATURES
- iscsi-target: fix memory leak in iscsit_setup_text_cmd()
- iscsi-target: Fix iscsi_np reset hung task during parallel delete
- target: Fix node_acl demo-mode + uncached dynamic shutdown regression
- fuse: initialize the flock flag in fuse_file on allocation
- nand: fix wrong default oob layout for small pages using soft ecc
- mmc: mmc: correct the logic for setting HS400ES signal voltage
- nfs/flexfiles: fix leak of nfs4_ff_ds_version arrays
- drm/etnaviv: Fix off-by-one error in reloc checking
- [x86] drm/i915: Fix out-of-bounds array access in bdw_load_gamma_lut
- USB: serial: option: add D-Link DWM-222 device ID
- USB: serial: cp210x: add support for Qivicon USB ZigBee dongle
- USB: serial: pl2303: add new ATEN device id
- usb: musb: fix tx fifo flush handling again
- USB: hcd: Mark secondary HCD as dead if the primary one died
- staging:iio:resolver:ad2s1210 fix negative IIO_ANGL_VEL read
- iio: accel: bmc150: Always restore device to normal mode after
suspend-resume
- iio: light: tsl2563: use correct event code
- staging: comedi: comedi_fops: do not call blocking ops when !TASK_RUNNING
- uas: Add US_FL_IGNORE_RESIDUE for Initio Corporation INIC-3069
- usb: gadget: udc: renesas_usb3: Fix usb_gadget_giveback_request() calling
- usb: renesas_usbhs: Fix UGCTRL2 value for R-Car Gen3
- USB: Check for dropped connection before switching to full speed
- usb: core: unlink urbs from the tail of the endpoint's urb_list
- usb: quirks: Add no-lpm quirk for Moshi USB to Ethernet Adapter
- usb:xhci:Add quirk for Certain failing HP keyboard on reset after resume
- iio: adc: vf610_adc: Fix VALT selection value for REFSEL bits
- pnfs/blocklayout: require 64-bit sector_t
- [armhf] pinctrl: sunxi: add a missing function of A10/A20 pinctrl driver
- [x86] pinctrl: intel: merrifield: Correct UART pin lists
- [armhf] pinctrl: samsung: Remove bogus irq_[un]mask from resource
management
- [arm64] pinctrl: meson-gxbb: Add missing GPIODV_18 pin entry
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.45
- netfilter: nf_ct_ext: fix possible panic after nf_ct_extend_unregister
- audit: Fix use after free in audit_remove_watch_rule()
- [x86] crypto: sha1 - Fix reads beyond the number of blocks passed
- Input: elan_i2c - add ELAN0608 to the ACPI table
- Input: elan_i2c - Add antoher Lenovo ACPI ID for upcoming Lenovo NB
- ALSA: seq: 2nd attempt at fixing race creating a queue
- ALSA: usb-audio: Apply sample rate quirk to Sennheiser headset
- ALSA: usb-audio: Add mute TLV for playback volumes on C-Media devices
- mm: discard memblock data later
- mm: fix double mmap_sem unlock on MMF_UNSTABLE enforced SIGBUS
- mm/mempolicy: fix use after free when calling get_mempolicy
- [amd64,arm64] mm: revert x86_64 and arm64 ELF_ET_DYN_BASE base changes
- xen: fix bio vec merging (CVE-2017-12134) (Closes: #866511)
- blk-mq-pci: add a fallback when pci_irq_get_affinity returns NULL
- [powerpc*] Fix VSX enabling/flushing to also test MSR_FP and MSR_VEC
- xen-blkfront: use a right index when checking requests
- [amd64] asm: Clear AC on NMI entries
- genirq: Restore trigger settings in irq_modify_status()
- genirq/ipi: Fixup checks against nr_cpu_ids
- Sanitize 'move_pages()' permission checks
- pids: make task_tgid_nr_ns() safe
- usb: optimize acpi companion search for usb port devices
- usb: qmi_wwan: add D-Link DWM-222 device ID
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.46
- af_key: do not use GFP_KERNEL in atomic contexts
- dccp: purge write queue in dccp_destroy_sock()
- dccp: defer ccid_hc_tx_delete() at dismantle time
- ipv4: fix NULL dereference in free_fib_info_rcu()
- net_sched/sfq: update hierarchical backlog when drop packet
- net_sched: remove warning from qdisc_hash_add
- bpf: fix bpf_trace_printk on 32 bit archs
- openvswitch: fix skb_panic due to the incorrect actions attrlen
- ptr_ring: use kmalloc_array()
- ipv4: better IP_MAX_MTU enforcement
- nfp: fix infinite loop on umapping cleanup
- sctp: fully initialize the IPv6 address in sctp_v6_to_addr()
- tipc: fix use-after-free
- ipv6: reset fn->rr_ptr when replacing route
- ipv6: repair fib6 tree in failure case
- tcp: when rearming RTO, if RTO time is in past then fire RTO ASAP
- net/mlx4_core: Enable 4K UAR if SRIOV module parameter is not enabled
- irda: do not leak initialized list.dev to userspace
- net: sched: fix NULL pointer dereference when action calls some targets
- net_sched: fix order of queue length updates in qdisc_replace()
- bpf, verifier: add additional patterns to evaluate_reg_imm_alu
- bpf: adjust verifier heuristics
- bpf, verifier: fix alu ops against map_value{, _adj} register types
- bpf: fix mixed signed/unsigned derived min/max value bounds
- bpf/verifier: fix min/max handling in BPF_SUB
- Input: trackpoint - add new trackpoint firmware ID
- Input: elan_i2c - add ELAN0602 ACPI ID to support Lenovo Yoga310
- Input: ALPS - fix two-finger scroll breakage in right side on ALPS
touchpad
- [s390x] KVM: sthyi: fix sthyi inline assembly
- [s390x] KVM: sthyi: fix specification exception detection
- [x86] KVM: block guest protection keys unless the host has them enabled
- ALSA: usb-audio: Add delay quirk for H650e/Jabra 550a USB headsets
- ALSA: core: Fix unexpected error at replacing user TLV
- ALSA: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978)
- ALSA: firewire: fix NULL pointer dereference when releasing uninitialized
data of iso-resource
- mm, shmem: fix handling /sys/kernel/mm/transparent_hugepage/shmem_enabled
- i2c: designware: Fix system suspend
- mm/madvise.c: fix freeing of locked page with MADV_FREE
- fork: fix incorrect fput of ->exe_file causing use-after-free
- mm/memblock.c: reversed logic in memblock_discard()
- drm: Release driver tracking before making the object available again
- drm/atomic: If the atomic check fails, return its value first
- tracing: Call clear_boot_tracer() at lateinit_sync
- tracing: Fix kmemleak in tracing_map_array_free()
- tracing: Fix freeing of filter in create_filter() when set_str is false
- kbuild: linker script do not match C names unless
LD_DEAD_CODE_DATA_ELIMINATION is configured
- cifs: Fix df output for users with quota limits
- cifs: return ENAMETOOLONG for overlong names in cifs_open()/cifs_lookup()
- nfsd: Limit end of page list when decoding NFSv4 WRITE
- ftrace: Check for null ret_stack on profile function graph entry function
- perf/core: Fix group {cpu,task} validation
- perf probe: Fix --funcs to show correct symbols for offline module
- [x86] perf/intel/rapl: Make package handling more robust
- timers: Fix excessive granularity of new timers after a nohz idle
- [x86] mm: Fix use-after-free of ldt_struct
- net: sunrpc: svcsock: fix NULL-pointer exception
- Revert "leds: handle suspend/resume in heartbeat trigger"
- netfilter: nat: fix src map lookup
- Bluetooth: hidp: fix possible might sleep error in hidp_session_thread
- Bluetooth: cmtp: fix possible might sleep error in cmtp_session
- Bluetooth: bnep: fix possible might sleep error in bnep_session
- iio: imu: adis16480: Fix acceleration scale factor for adis16480
- iio: hid-sensor-trigger: Fix the race with user space powering up sensors
- staging: rtl8188eu: add RNX-N150NUB support
- Clarify (and fix) MAX_LFS_FILESIZE macros
- ntb_transport: fix qp count bug
- ntb_transport: fix bug calculating num_qps_mw
- NTB: ntb_test: fix bug printing ntb_perf results
- ntb: no sleep in ntb_async_tx_submit
- ntb: ntb_test: ensure the link is up before trying to configure the mws
- ntb: transport shouldn't disable link due to bogus values in SPADs
- ACPI: ioapic: Clear on-stack resource before using it
- ACPI / APEI: Add missing synchronize_rcu() on NOTIFY_SCI removal
- ACPI: EC: Fix regression related to wrong ECDT initialization order
- [powerpc*] mm: Ensure cpumask update is ordered
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.47
- p54: memset(0) whole array
- [armhf,arm64] kvm: Fix race in resetting stage2 PGD
- [arm64] mm: abort uaccess retries upon fatal signal
- [arm64] fpsimd: Prevent registers leaking across exec
- scsi: sg: protect accesses to 'reserved' page array
- scsi: sg: reset 'res_in_use' after unlinking reserved array
.
[ Ben Hutchings ]
* [x86] KVM: fix singlestepping over syscall (CVE-2017-7518)
* xfrm: policy: check policy direction value (CVE-2017-11600)
* [armhf] udeb: Add sunxi_wdt to kernel-image (Closes: #866130)
* udeb: Add dm-raid to md-modules (Closes: #868251)
* [arm64] sound: Enable SND_HDA_INTEL as module (Closes: #867611)
* [x86] ideapad-laptop: Add various IdeaPad models to no_hw_rfkill list
(Closes: #866706)
* firmware: dmi: Add DMI_PRODUCT_FAMILY identification string
* firmware: dmi: Avoid ABI break for DMI_PRODUCT_FAMILY
* [x86] pinctrl: cherryview: Extend the Chromebook DMI quirk to Intel_Strago
systems (Closes: #862723)
* [armhf] Add ARM Mali Midgard device tree bindings and gpu node for rk3288
(thanks to Guillaume Tucker) (Closes: #865646)
* workqueue: Fix flag collision
* Bump ABI to 4
* [mips*el/loongson-3] Select MIPS_L1_CACHE_SHIFT_6 (deferred from 4.9.30)
* [rt] Update to 4.9.47-rt37:
- sched: Prevent task state corruption by spurious lock wakeup
- sched: Remove TASK_ALL
- kernel/locking: use an exclusive wait_q for sleepers
- sched/migrate disable: handle updated task-mask mg-dis section
.
[ Cyril Brulebois ]
* [arm64,armhf] udeb: Ship usb3503 module in usb-modules, needed for
e.g. Arndale development boards, thanks to Wei Liu (Closes: #865645).
linux (4.9.30-2+deb9u5~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports:
- Revert "[x86] psmouse: Enable MOUSE_PS2_VMMOUSE", which breaks
xserver-xorg-input-vmmouse and several metapackages in jessie
- Revert changes to use gcc-6 compiler, not found in jessie
- Change ABI number to 0.bpo.3
- Revert changes to flex and asciidoc build-dependencies
- linux-image-dbg: Revert changes to packaging of debug symbols
- Revert "enable `perf data' support" as libbabeltrace is not available
- [mips*] Disable RELOCATABLE and RANDOMIZE_BASE.
.
linux (4.9.30-2+deb9u5) stretch-security; urgency=medium
.
* [amd64] mm: revert ELF_ET_DYN_BASE base changes (fixes regression of ASan)
.
linux (4.9.30-2+deb9u4) stretch-security; urgency=high
.
* [x86] KVM: fix singlestepping over syscall (CVE-2017-7518)
* binfmt_elf: use ELF_ET_DYN_BASE only for PIE (CVE-2017-1000370,
CVE-2017-1000371)
* ALSA: timer: Fix race between read and ioctl (CVE-2017-1000380)
* ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT
(CVE-2017-1000380)
* xfrm: policy: check policy direction value (CVE-2017-11600)
* packet: fix tp_reserve race in packet_set_ring (CVE-2017-1000111)
* ipv6: Should use consistent conditional judgement for ip6 fragment
between __ip6_append_data and ip6_finish_output
* udp: consistently apply ufo or fragmentation (CVE-2017-1000112)
* sctp: Avoid out-of-bounds reads from address storage (CVE-2017-7558)
* xen: fix bio vec merging (CVE-2017-12134) (Closes: #866511)
* driver core: platform: fix race condition with driver_override
(CVE-2017-12146)
* nl80211: check for the required netlink attributes presence (CVE-2017-12153)
* [x86] kvm: nVMX: Don't allow L2 to access the hardware CR8 (CVE-2017-12154)
* scsi: qla2xxx: Fix an integer overflow in sysfs code (CVE-2017-14051)
* tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (CVE-2017-14106)
* Sanitize 'move_pages()' permission checks (CVE-2017-14140)
* video: fbdev: aty: do not leak uninitialized padding in clk to userspace
(CVE-2017-14156)
* xfs: XFS_IS_REALTIME_INODE() should be false if no rt device present
(CVE-2017-14340)
* scsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly
(CVE-2017-14489)
* packet: Don't write vnet header beyond end of buffer (CVE-2017-14497)
* Bluetooth: Properly check L2CAP config option output buffer length
(CVE-2017-1000251) (Closes: #875881)
* [x86] KVM: VMX: Do not BUG() on out-of-bounds guest IRQ (CVE-2017-1000252)
.
linux (4.9.30-2+deb9u3) stretch-security; urgency=high
.
* [x86] drm/vmwgfx: limit the number of mip levels in
vmw_gb_surface_define_ioctl() (CVE-2017-7346)
* rxrpc: Fix several cases where a padded len isn't checked in ticket decode
(CVE-2017-7482)
* brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx()
(CVE-2017-7541)
* ipv6: avoid overflow of offset in ip6_find_1stfragopt (CVE-2017-7542)
* [x86] drm/vmwgfx: Make sure backup_handle is always valid (CVE-2017-9605)
* drm/virtio: don't leak bo on drm_gem_object_init failure (CVE-2017-10810)
* xen-blkback: don't leak stack data via response ring (CVE-2017-10911)
* mqueue: fix a use-after-free in sys_mq_notify() (CVE-2017-11176)
* fs/exec.c: account for argv/envp pointers (CVE-2017-1000365)
* dentry name snapshots (CVE-2017-7533)
linux (4.9.30-2+deb9u3) stretch-security; urgency=high
.
* [x86] drm/vmwgfx: limit the number of mip levels in
vmw_gb_surface_define_ioctl() (CVE-2017-7346)
* rxrpc: Fix several cases where a padded len isn't checked in ticket decode
(CVE-2017-7482)
* brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx()
(CVE-2017-7541)
* ipv6: avoid overflow of offset in ip6_find_1stfragopt (CVE-2017-7542)
* [x86] drm/vmwgfx: Make sure backup_handle is always valid (CVE-2017-9605)
* drm/virtio: don't leak bo on drm_gem_object_init failure (CVE-2017-10810)
* xen-blkback: don't leak stack data via response ring (CVE-2017-10911)
* mqueue: fix a use-after-free in sys_mq_notify() (CVE-2017-11176)
* fs/exec.c: account for argv/envp pointers (CVE-2017-1000365)
* dentry name snapshots (CVE-2017-7533)
linux-latest (80+deb9u2) stretch; urgency=medium
.
* Update to 4.9.0-4
mailman (1:2.1.23-1+deb9u1) stretch; urgency=medium
.
* Fixed broken dependencies in SpamAssassin.py (Closes: #838288).
Thanks Stephen Rothwell for the patch.
mariadb-10.1 (10.1.26-0+deb9u1) stretch-security; urgency=high
.
* New upstream version 10.1.26. Includes fixes for the following
security vulnerabilities:
- CVE-2017-3636
- CVE-2017-3641
- CVE-2017-3653
* Explicitly add dh_systemd_start snippets to mariadb-server-10.1
because it's all messed up with different name for sysvinit ('mysql')
and systemd ('mariadb') (Closes: #865870)
* gbp.conf: Ignore upstream debian/ directory when importing upstream
tarball
* Refresh patches on top of MariaDB 10.1.26
mariadb-10.1 (10.1.25-1) unstable; urgency=medium
.
* New upstream version 10.1.25
* Update quilt patches on top of mariadb-10.1.25 release
* Explicitly add dh_systemd_start snippets to mariadb-server-10.1
because it's all messed up with different name for sysvinit ('mysql')
and systemd ('mariadb') (Closes: #865870)
* Don't disable PIE, it's enabled by upstream anyway (Closes: #865737)
* Add default socket location for client (Closes: #864662)
mariadb-10.1 (10.1.24-6) unstable; urgency=medium
.
* Run invoke-rc.d mysql maintscript snippets only when running under
sysvinit (Closes: #864593)
mariadb-10.1 (10.1.24-5) unstable; urgency=medium
.
* Add @SYSTEMD_EXECSTARTPOST@ replacement token to mariadb@.service, so
the /var/run/mysqld directory is created even for multi-server setup
(Closes: #865083)
mariadb-10.1 (10.1.24-4) unstable; urgency=medium
.
[ James Cowgill ]
* Disable jemalloc on mips*. (Closes: #864340)
* Update C11 atomics to have correct semantics (Closes: #864774)
.
[ Ondřej Surý ]
* Refresh patches after C11 atomics patch update
* Merge mytop script improvements from src:mytop package (Original
patches by Philipp Matthias Hahn, Werner Detter, Olaf van der Spek,
and Steffen Zieger) (Closes: #864762)
.
[ Svante Signell ]
* Fix FTBFS on Debian GNU/Hurd (Closes: #861166)
mariadb-10.1 (10.1.24-3) unstable; urgency=medium
.
* Team upload.
* Add mips-innobase-atomic.patch, fixing FTBFS on 32-bit mips*, thanks to
James Cowgill. (Closes: #864298)
mariadb-10.1 (10.1.24-2) unstable; urgency=medium
.
* Add Breaks: cqrlog (<< 1.9.0-5~) to ensure correct upgrade order
(Closes: #864159)
mariadb-10.1 (10.1.24-1) unstable; urgency=medium
.
* New upstream version 10.1.24, includes fixes for the following
high-priority regression fixes:
+ MDEV-11842: Fail to insert on a table where a field has no default
+ MDEV-12075: innodb_use_fallocate does not work in MariaDB
Server 10.1.21
* Refresh patches on top of MariaDB 10.1.24
* Fix FTBFS in tests: Add cracklib-runtime to Build-Depends
mate-power-manager (1.16.2-1+deb9u1) stretch; urgency=medium
.
[ Martin Wimpress ]
* debian/patches:
+ Add 0001_do_not_abort_on_unknown_DBus_signal_name.patch. (Closes:
#870121).
mate-themes (3.22.11-1+deb9u1) stretch; urgency=medium
.
* debian/patches:
+ Add 0001_BlackMATE_change-menuitem-accelerator-font-color_b471395.patch
and 0002_BlackMATE_fix-font-color-in-url-bar-of-google-
chrome_bb1f13b.patch. Fix URL bar's font color in Google Chrome. (Closes:
#864618).
mate-tweak (16.10.5-1+deb9u1) stretch; urgency=medium
.
* debian/control:
+ Add D (mate-tweak): python3-gi. (Closes: #867976).
mbedtls (2.4.2-1+deb9u1) stretch-security; urgency=high
.
* Fix CVE-2017-14032:
If optional authentication is configured, allows remote attackers to
bypass peer authentication via an X.509 certificate chain with many
intermediates. (Closes: #873557)
mbedtls (2.4.2-1+deb9u1~bpo8+1) jessie-backports; urgency=high
.
* Rebuild for jessie-backports.
.
mbedtls (2.4.2-1+deb9u1) stretch-security; urgency=high
.
* Fix CVE-2017-14032:
If optional authentication is configured, allows remote attackers to
bypass peer authentication via an X.509 certificate chain with many
intermediates. (Closes: #873557)
mercurial (4.0-1+deb9u1) stretch-security; urgency=high
.
* CVE-2017-1000116: command injection on clients through malicious ssh URLs
* CVE-2017-1000115: path traversal via symlink
* CVE-2017-9462: protect against malicious 'hg serve --stdio' invocations
ncurses (6.0+20161126-1+deb9u1) stretch; urgency=medium
.
* Cherry-pick upstream fixes from the 20170701 and 20170708 patchlevels
for various crash bugs in the tic library and the tic binary
(CVE-2017-10684, CVE-2017-10685, CVE-2017-11112, CVE-2017-11113).
* Backport termcap-format fix from the 20170715 patchlevel, repairing a
regression from the above security fixes (see #868266).
* Cherry-pick upstream fixes from the 20170826 patchlevel for more
crash bugs in the tic library (CVE-2017-13728, CVE-2017-13729,
CVE-2017-13730, CVE-2017-13731, CVE-2017-13732, CVE-2017-13734,
Closes: #873723).
* Cherry-pick upstream fixes from the 20170902 patchlevel to fix
another crash bug in the tic program (CVE-2017-13733, Closes: #873746).
newsbeuter (2.9-5+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Work around shell code in podcast names (CVE-2017-14500)
Remote code execution in podbeuter. (Closes: #876004)
newsbeuter (2.9-5+deb9u1) stretch-security; urgency=high
.
* Fix RCE vulnerability on bookmark. (CVE-2017-12904)
node-brace-expansion (1.1.6-1+deb9u1) stretch; urgency=medium
.
* Fix regular expression denial of service issue (Closes: 862712)
node-dateformat (1.0.11-3+deb9u1) stretch; urgency=medium
.
[ Pirate Praveen ]
* Set TZ=UTC for tests to fix FTBFS (Closes: #863934)
ntp (1:4.2.8p10+dfsg-3+deb9u1) stretch; urgency=medium
.
* Build and install /usr/bin/sntp (Closes: #793837)
sntp (the successor of ntpdate as general purpose NTP client) has
been accidentally included in Jessie, dropped after Jessie,
reintroduced too late for Stretch and is now included in Buster.
Fix regression by building sntp and shipping it in ntp:any
nvidia-graphics-drivers (375.82-1~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
.
nvidia-graphics-drivers (375.82-1) unstable; urgency=high
.
* New upstream long lived branch release 375.82 (2017-07-24).
* Fixed CVE-2017-6257, CVE-2017-6259. (Closes: #869783)
- Fix a bug with GLX_EXT_buffer_age where incorrect buffer age values
would be reported for SLI AFR configurations. In such configurations
buffer age may now be greater than 3, the previous maximum buffer age.
- Fixed a bug that could cause hanging and Xids when performing RandR
transforms with Overlay and SLI enabled.
- Extended the information reported by the NVIDIA Xinerama X extension to
report PRIME displays in addition to directly-connected displays.
- Fixed a bug that caused HDMI audio devices to appear or disappear
inconsistently when HDMI devices were hotplugged or unplugged.
- Fixed a bug that could cause driver errors when setting modes on X
screens running at Depth 8 or Depth 15.
- Added support for the following GPUs: GeForce GTX 1080 with Max-Q
Design, GeForce GTX 1070 with Max-Q Design,
GeForce GTX 1060 with Max-Q Design.
- Fixed a bug that could cause intermittent kernel panics when running with
PRIME Sync.
- Fixed a bug that caused a kernel panic when hotplugging HDMI displays
on some Zotac mini PCs.
.
[ Andreas Beckmann ]
* nvidia-kernel-dkms: Honor parallel setting from dkms. (Closes: #864639)
* Do not prevent ccache usage. The bug was fixed in ccache 3.0 (in squeeze).
* Switch watch URL from ftp:// to https://. (Closes: #868815)
.
[ Luca Boccassi ]
* Add support for buster in nvidia-detect. (Closes: #866126)
* Update symbols files.
nvidia-graphics-drivers (375.82-1~deb9u1~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
.
nvidia-graphics-drivers (375.82-1~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
.
nvidia-graphics-drivers (375.82-1) unstable; urgency=high
.
* New upstream long lived branch release 375.82 (2017-07-24).
* Fixed CVE-2017-6257, CVE-2017-6259. (Closes: #869783)
- Fix a bug with GLX_EXT_buffer_age where incorrect buffer age values
would be reported for SLI AFR configurations. In such configurations
buffer age may now be greater than 3, the previous maximum buffer age.
- Fixed a bug that could cause hanging and Xids when performing RandR
transforms with Overlay and SLI enabled.
- Extended the information reported by the NVIDIA Xinerama X extension to
report PRIME displays in addition to directly-connected displays.
- Fixed a bug that caused HDMI audio devices to appear or disappear
inconsistently when HDMI devices were hotplugged or unplugged.
- Fixed a bug that could cause driver errors when setting modes on X
screens running at Depth 8 or Depth 15.
- Added support for the following GPUs: GeForce GTX 1080 with Max-Q
Design, GeForce GTX 1070 with Max-Q Design,
GeForce GTX 1060 with Max-Q Design.
- Fixed a bug that could cause intermittent kernel panics when running with
PRIME Sync.
- Fixed a bug that caused a kernel panic when hotplugging HDMI displays
on some Zotac mini PCs.
.
[ Andreas Beckmann ]
* nvidia-kernel-dkms: Honor parallel setting from dkms. (Closes: #864639)
* Do not prevent ccache usage. The bug was fixed in ccache 3.0 (in squeeze).
* Switch watch URL from ftp:// to https://. (Closes: #868815)
.
[ Luca Boccassi ]
* Add support for buster in nvidia-detect. (Closes: #866126)
* Update symbols files.
.
nvidia-graphics-drivers (375.66-2~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
.
nvidia-graphics-drivers (375.66-2) unstable; urgency=medium
.
[ Andreas Beckmann ]
* nvidia-vulkan-common: Add Conflicts: libgl1-nvidia-glx as a workaround for
#864477 (wrong library referenced in nvidia_icd.json in non-GLVND setups).
* nvidia-legacy-check.preinst: Verbose debug output can be enabled by
setting DEBUG_NVIDIA_LEGACY_CHECK=yes in the environment.
* nvidia-legacy-check: Bump Pre-Depends: nvidia-installer-cleanup to
(>= 20151021) for smoother upgrades from jessie. (See: #864775)
* Clean up upstream changelog entries.
.
[ Luca Boccassi ]
* nvidia-driver.README.Debian: Add notes about GLVND vs non-GLVND flavours.
nvidia-graphics-drivers (375.66-2) unstable; urgency=medium
.
[ Andreas Beckmann ]
* nvidia-vulkan-common: Add Conflicts: libgl1-nvidia-glx as a workaround for
#864477 (wrong library referenced in nvidia_icd.json in non-GLVND setups).
* nvidia-legacy-check.preinst: Verbose debug output can be enabled by
setting DEBUG_NVIDIA_LEGACY_CHECK=yes in the environment.
* nvidia-legacy-check: Bump Pre-Depends: nvidia-installer-cleanup to
(>= 20151021) for smoother upgrades from jessie. (See: #864775)
* Clean up upstream changelog entries.
.
[ Luca Boccassi ]
* nvidia-driver.README.Debian: Add notes about GLVND vs non-GLVND flavours.
open-vm-tools (2:10.1.5-5055683-4+deb9u1) stretch; urgency=medium
.
* [dec8df6] Upstream fix for CVE-2015-5191 (Closes: #869633)
* [ff10dcb] Update gbp.conf for stretch.
open-vm-tools (2:10.1.5-5055683-4+deb9u1~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
* Adding debian/gbp.conf for jessie-backports.
* Revert "Stay with libssl1.0 for now."
opendkim (2.11.0~alpha-10+deb9u1) stretch; urgency=medium
.
* Update opendkim service file so that /etc/opendkim.conf is used (Closes:
#864162)
* Start as root and drop privileges in opendkim so proper key file
ownership works correctly
* Add new options to /etc/opendkim.conf to match the above service file
changes
* Add an item in opendkim.NEWS to explain the changes
* Correct the previous opendkim.NEWS item (to match the change in
2.11.0~alpha-10)
openjdk-8 (8u141-b15-1~deb9u1) stretch-security; urgency=medium
.
* Rebuild for stretch-security
openldap (2.4.44+dfsg-5+deb9u1) stretch; urgency=medium
.
* Relax the dependency of libldap-2.4-2 on libldap-common to also permit
later versions. (Closes: #860774)
* Disable test060-mt-hot on ppc64el temporarily to avoid failing tests until
the underlying kernel bug #866122 is fixed.
* Fix upgrade failure when olcSuffix contains a backslash. (Closes: #864719)
* Import upstream patch to avoid reading the value of the
LDAP_OPT_X_TLS_REQUIRE_CERT option from previously freed memory.
(ITS#8385) (Closes: #820244)
* Import upstream patch to fix potential endless replication loop in a
multi-master delta-syncrepl scenario with 3 or more nodes.
(ITS#8432) (Closes: #868753)
* Import upstream patches to fix memory corruption caused by calling
sasl_client_init() multiple times and possibly concurrently.
(ITS#8648) (Closes: #860947)
openvpn (2.4.0-6+deb9u2) stretch; urgency=medium
.
* Fix broken reconnect on connection loss due to wrong push digest calculation.
Thanks to Patrick Matthäi for testing (Closes: #863110)
osinfo-db (0.20170811-1~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch
osinfo-db (0.20170707-2) unstable; urgency=medium
.
* [c821b78] debian: switch to archive URLs for stretch
osinfo-db (0.20170707-1) unstable; urgency=medium
.
* [1428d41] New upstream version 0.20170707
* [1f875ee] Run make check during
* [a906220] Drop all patches - all appplied upstream
osinfo-db (0.20170225-3) unstable; urgency=medium
.
* [c058963] Update Jessie DVD links.
* [745d2f5] Add Debian Stretch (Closes: #864923)
pcb-rnd (1.1.4-2) stable; urgency=high
.
* security patch from upstream to eliminate execution of code from a
maliciously formed design file
perl (5.24.1-3+deb9u2) stretch-security; urgency=high
.
* Update upstream base.pm no-dot-in-inc fix patch description.
* [SECURITY] CVE-2017-12837: Fix a heap buffer overflow in regular
expression compiler. (Closes: #875596)
* [SECURITY] CVE-2017-12883: Fix a buffer over-read in regular
expression parser. (Closes: #875597)
postfix (3.1.6-0+deb9u1) stretch; urgency=medium
.
[Wietse Venema]
.
* New Upstream 3.1.5
- Compatibility fix (introduced: Postfix 3.1): some Milter
applications do not recognize macros sent as {name} when
macros have single-character names. Postfix now sends such
macros without {} as it has done historically. Viktor
Dukhovni. File: milter/milter.c.
- Safety net: append a null byte to vstring buffers, so that
C-style string operations won't scribble past the end. File:
vstring.c.
- Workaround (introduced: Postfix 3.0 20140718): prevent MIME
downgrade of Postfix-generated message/delivery status.
It's supposed to be 7bit, therefore quoted-printable encoding
is not expected. Problem reported by Griff. File:
bounce/bounce_notify_util.c.
* New Upstream 3.1.6
- Security: Berkeley DB 2 and later try to read settings from
a file DB_CONFIG in the current directory. This undocumented
feature may introduce undisclosed vulnerabilities resulting
in privilege escalation with Postfix set-gid programs
(postdrop, postqueue) before they chdir to the Postfix queue
directory, and with the postmap and postalias commands
depending on whether the user's current directory is writable
by other users. This fix does not change Postfix behavior
for Berkeley DB < 3, but reduces file create performance
for Berkeley DB 3 .. 4.6. File: util/dict_db.c. Closes: #864942
.
[Scott Kitterman]
.
* Refresh debian/patches/11_postmap_update.diff
* Use full path to main.cf in postfix-instance-generator. Closes: #873957
postgresql-9.6 (9.6.4-0+deb9u1) stretch-security; urgency=high
.
* New upstream security release.
.
+ Further restrict visibility of pg_user_mappings.umoptions, to protect
passwords stored as user mapping options. See the release notes for
instructions for applying the fix to existing database clusters.
(CVE-2017-7547; extends fix for CVE-2017-7484)
+ Disallow empty passwords in all password-based authentication methods.
(CVE-2017-7546)
+ Make lo_put() check for UPDATE privilege on the target large object.
(CVE-2017-7548)
.
* Remove debian/patches/s390x-fpic, implemented upstream.
postgresql-9.6 (9.6.3-4) unstable; urgency=medium
.
* 69db3b0c: Fix hstore_plperlu test failure. (Closes: #865020)
* On regression test failure, show newest three log files instead of relying
on file age = 0 min.
pyjwt (1.4.2-1+deb9u1) stretch-security; urgency=medium
.
* CVE-2017-11424
python-pampy (1.8.2-1+deb9u1) stretch; urgency=medium
.
[ Ondřej Nový ]
* debian/control:
+ Fix typo in D (python3-pampy): Change ${python:Depends} to
${python3:Depends}. Spotted by Adrian Bunk. (Closes: #867447).
qemu (1:2.8+dfsg-6+deb9u2) stretch-security; urgency=high
.
* actually apply the nbd server patches, not only include in debian/patches/
Really closes: #865755, CVE-2017-9524
* slirp-check-len-against-dhcp-options-array-end-CVE-2017-11434.patch
Closes: #869171, CVE-2017-11434
* exec-use-qemu_ram_ptr_length-to-access-guest-ram-CVE-2017-11334.patch
Closes: #869173, CVE-2017-11334
* usb-redir-fix-stack-overflow-in-usbredir_log_data-CVE-2017-10806.patch
Closes: #867751, CVE-2017-10806
* add reference to #869706 to
xen-disk-don-t-leak-stack-data-via-response-ring-CVE-2017-10911.patch
* disable xhci recursive calls fix for now, as it causes instant crash
(xhci-guard-xhci_kick_epctx-against-recursive-calls-CVE-2017-9375.patch)
Reopens: #864219, CVE-2017-9375
Closes: #869945
qemu (1:2.8+dfsg-6+deb9u1) stretch-security; urgency=high
.
* net-e1000e-fix-an-infinite-loop-issue-CVE-2017-9310.patch
Closes: #863840, CVE-2017-9310
* usb-ohci-fix-error-return-code-in-servicing-iso-td-CVE-2017-9330.patch
Closes: #863943, CVE-2017-9330
* ide-ahci-call-cleanup-function-in-ahci-unit-CVE-2017-9373.patch
Closes: #864216, CVE-2017-9373
* xhci-guard-xhci_kick_epctx-against-recursive-calls-CVE-2017-9375.patch
Closes: #864219, CVE-2017-9375
* usb-ehci-fix-memory-leak-in-ehci-CVE-2017-9374.patch
Closes: #864568, CVE-2017-9374
* nbd-ignore-SIGPIPE-CVE-2017-10664.patch
Closes: #866674, CVE-2017-10664
* nbd-fully-initialize-client-in-case-of-failed-negotiation-CVE-2017-9524.patch
nbd-fix-regression-on-resiliency-to-port-scan-CVE-2017-9524.patch
Closes: #865755, CVE-2017-9524
* xen-disk-don-t-leak-stack-data-via-response-ring-CVE-2017-10911.patch
Closes: CVE-2017-10911
request-tracker4 (4.4.1-3+deb9u3) stretch; urgency=medium
.
* Fix regression in previous security release where incorrect
SHA256 passwords could trigger an error
ruby-gnome2 (3.1.0-1+deb9u1) stretch; urgency=medium
.
* Team upload.
.
[ HIGUCHI Daisuke (VDR dai) ]
* ruby-{gdk3,gtksourceview2,pango,poppler}: Add missing dependencies
(Closes: #874365).
ruby-mixlib-archive (0.2.0-1+deb9u1) stretch-security; urgency=high
.
* Prevent directory traversal attack CVE-2017-1000026 (Closes: #868572)
ruby-rack-cors (0.4.0-1+deb9u1) stretch-security; urgency=medium
.
* CVE-2017-11173
ruby2.3 (2.3.3-1+deb9u1) stretch-security; urgency=high
.
* Fix arbitrary heap exposure problem in the JSON library (Closes: #873906)
[CVE-2017-14064]
- Backported for Ruby 2.3 by Hiroshi SHIBATA <hsbt@ruby-lang.org>
https://bugs.ruby-lang.org/issues/13853
* Fix multiple security vulnerabilities in Rubygems (Closes: #873802)
- Fix a DNS request hijacking vulnerability. Discovered by Jonathan
Claudius, fix by Samuel Giddins.
[CVE-2017-0902]
- Fix an ANSI escape sequence vulnerability. Discovered by Yusuke Endoh,
fix by Evan Phoenix.
[CVE-2017-0899]
- Fix a DOS vulernerability in the query command. Discovered by Yusuke
Endoh, fix by Samuel Giddins.
[CVE-2017-0900]
- Fix a vulnerability in the gem installer that allowed a malicious gem to
overwrite arbitrary files. Discovered by Yusuke Endoh, fix by Samuel
Giddins.
[CVE-2017-0901]
* Fix SMTP comment injection (Closes: #864860)
Patch by Shugo Maeda <shugo@ruby-lang.org>
[CVE-2015-9096]
* Fix IV Reuse in GCM Mode (Closes: #842432)
Patch by Kazuki Yamaguchi <k@rhe.jp>
[CVE-2016-7798]
samba (2:4.5.12+dfsg-2) stretch; urgency=high
.
* This is a security release in order to address the following defects:
- CVE-2017-12150: Some code path don't enforce smb signing, when they should
- CVE-2017-12151: Keep required encryption across SMB3 dfs redirects
- CVE-2017-12163: Server memory information leak over SMB1
samba (2:4.5.12+dfsg-1) stretch; urgency=medium
.
* gbp.conf: change debian-branch to stretch
* New upstream version
- Remove CVE-2017-11103-Orpheus-Lyre-KDC-REP-service-name-val.patch, merged
- Remove CVE-2017-7494.patch, merged
- Fix "Non-kerberos logins fails on winbind 4.X when krb5_auth is
configured in PAM" (Closes: #739768)
* Stability fixes backported from sid:
- Properly quote subshell invocation in samba-common.preinst
(Closes: #771689)
- Fix typo s/DESTIDR/DESTDIR/ in d/rules
- sysv: Use --pidfile in addition to --exec to avoid matching daemons in
containers (Closes: #810794)
- Fix libpam-winbind.prerm to be multiarch-safe (Closes: #647430)
- Add missing logrotate for /var/log/samba/log.samba (Closes: #803924)
- Fix outdated DNS Root servers (Closes: #865406)
- Fix logrotate for /var/log/samba/log.samba to send SIGHUP to all processes
of the service (systemd only)
- Fix samba.logrotate (Thanks Thomas A. Reim)
samba (2:4.5.8+dfsg-2+deb9u1) stretch-security; urgency=high
.
* This is a security release in order to address the following defect:
- CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
(Closes: #868209)
smplayer (16.11.0~ds0-1+deb9u1) stretch; urgency=high
.
* Merge from upstream fix connections to youtube. (Closes: #869411)
speech-dispatcher (0.8.6-4+deb9u1) stretch; urgency=medium
.
* patches/spd-conf: Fix spd-conf (Closes: #860898).
strongswan (5.5.1-4+deb9u1) stretch-security; urgency=medium
.
* debian/patches:
- CVE-2017-11185 added, fix insufficient input validation in gmp plugin
which could lead to denial of service (CVE-2017-11185)
- convert CVE-2017-9022_insufficient_input_validation_gmp_plugin and
CVE-2017-9023_incorrect_handling_of_choice_types_in_asn1_parser to the
UNIX file format.
subversion (1.9.5-1+deb9u1) stretch-security; urgency=high
.
* patches/CVE-2017-9800: Arbitrary code execution on clients through
malicious svn+ssh URLs in svn:externals and svn:sync-from-url
supervisor (3.3.1-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Disable object traversal in XML-RPC dispatch (CVE-2017-11610)
(Closes: #870187)
suricata (3.2.1-1+deb9u1) stretch; urgency=medium
.
* [c1260ec] suricata: add patch "asn1/der: limit recursion"
swift (2.10.2-1~deb9u1) stretch; urgency=medium
.
* New upstream stable release
* Removed patches applied upstream:
- Quarantine_malformed_database_schema_SQLite_errors.patch
- For_any_part_only_one_replica_can_move_in_a_rebalance.patch
- FTBFS_i386.patch
tbdialout (1.7.2-1+deb9u1) stretch; urgency=medium
.
* Include leading plus symbol with tel: URI scheme. (Closes: #865961)
* Remove Dm-Upload-Allowed.
* Add missing detalls to debian/copyright
* Update watch file.
tcpdump (4.9.2-1~deb9u1) stretch-security; urgency=high
.
* New upstream release, fixing 90 new CVEs. See the upstream changelog
for the full list (closes: #867718, #873804, #873805, #873806).
tcpdump (4.9.2-1~deb8u1) jessie-security; urgency=high
.
* New upstream release, fixing 90 new CVEs. See the upstream changelog
for the full list (closes: #867718, #873804, #873805, #873806).
tcpdump (4.9.1-3) unstable; urgency=high
.
* Cherry-pick three upstream commits to fix the following:
+ CVE-2017-11541: buffer over-read in safeputs() (closes: #873804)
+ CVE-2017-11542: buffer over-read in pimv1_print() (closes: #873805)
+ CVE-2017-11543: buffer overflow in sliplink_print() (closes: #873806)
* Urgency high due to security fixes.
tcpdump (4.9.1-2) unstable; urgency=medium
.
* Disable IKEv2 test which mysteriously fails on ppc64el (closes: #873377).
tcpdump (4.9.1-1) unstable; urgency=medium
.
* New upstream release, fixes CVE-2017-11108 (closes: #867718).
* Bump Standards-Version to 4.1.0.
* debian/watch: add pgpsigurlmangle option.
* Add upstream signing key in debian/upstream.
tcpdump (4.9.0-3) unstable; urgency=medium
.
[ intrigeri ]
* Include AppArmor profile from Ubuntu (closes: #866682).
.
[ Romain Francoise ]
* Bump Standards-Version to 4.0.0.
tiny-initramfs (0.1-4~deb9u1) stretch; urgency=medium
.
* Add Depends: cpio to tiny-initramfs-core. (Closes: #869668)
tomcat8 (8.5.14-1+deb9u2) stretch-security; urgency=high
.
* Team upload.
* Fix CVE-2017-7674:
The CORS Filter did not add an HTTP Vary header indicating that the
response varies depending on Origin. This permitted client and server side
cache poisoning in some circumstances.
* Fix CVE-2017-7675:
The HTTP/2 implementation bypassed a number of security checks that
prevented directory traversal attacks. It was therefore possible to bypass
security constraints using a specially crafted URL.
topal (75-2.1+deb9u1) stretch; urgency=medium
.
* Fix misuse of sed character class syntax which stops topal
working. (Closes: #870825.)
torsocks (2.2.0-1+deb9u1) stretch; urgency=medium
.
* Fix-check_addr-to-return-either-0-or-1.patch: new patch, from upstream
maint-0.2.x branch, to fix a serious bug reported many times upstream
and to me (privately) since the Stretch release
(http://bugs.torproject.org/20871).
* Adjust debian/gbp.conf to ease working on our Git branch dedicated
to Stretch.
trace-cmd (2.6-0.1+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Fix segfault while processing certain trace files (Closes: #867440).
unbound (1.6.0-3+deb9u1) stretch; urgency=high
.
* Cherry-pick upstream commit svn r4301, "Fix install of trust anchor
when two anchors are present, makes both valid. Checks hash of DS but
not signature of new key. This fixes installs between sep11 and oct11
2017."
* debian/control: unbound: Add versioned dependency on dns-root-data (>=
2017072601~) for KSK-2017 in RFC 5011 state VALID.
unknown-horizons (2017.1+ds-2+deb9u1) stretch; urgency=medium
.
* Team upload.
* Add 1000-icon-mem-leak.patch and fix a memory leak.
Thanks to Petter Reinholdtsen for the report and testing and LinuxDonald
for the patch. (Closes: #871037)
up-imapproxy (1.2.8~svn20161210-2+deb9u1) stretch; urgency=medium
.
* Correct the service file.
Thanks to Marc Dequènes (Duck) (Closes: 868150)
* Move the pidfile to /run
varnish (5.0.0-7+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Correctly handle bogusly large chunk sizes.
This fixes a denial of service attack vector where bogusly large chunk
sizes in requests could be used to force restarts of the Varnish server.
vim (2:8.0.0197-4+deb9u1) stretch; urgency=medium
.
* Backport upstream patches to fix CVE-2017-11109 (Closes: #867720)
+ 8.0.0703: Illegal memory access with empty :doau command
+ 8.0.0706: Crash when cancelling the cmdline window in Ex mode
+ 8.0.0707: Freeing wrong memory when manipulating buffers in autocommands
waagent (2.2.14-1~deb9u1) stretch; urgency=medium
.
* Upload to stretch.
waagent (2.2.14-1~deb9u1~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
waagent (2.2.12-3) unstable; urgency=medium
.
* Revert waagent2.0 handling.
* Add Vcs source entries.
* Add minimal mirror selection for apt sources.list.
waagent (2.2.12-2) unstable; urgency=medium
.
* Install waagent2.0 in /usr/lib.
* Disable byte-code writing in extentions handlers.
waagent (2.2.12-1) unstable; urgency=medium
.
* New upstream version.
webkit2gtk (2.16.6-0+deb9u1) stretch; urgency=medium
.
* Team upload.
* New upstream security and bugfix release.
* Fixes these security issues reported in WSA-2017-0005 and
WSA-2017-0006:
+ CVE-2017-2538, CVE-2017-7052 (fixed in 2.16.4)
+ CVE-2017-7018, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037,
CVE-2017-7039, CVE-2017-7046, CVE-2017-7048, CVE-2017-7055,
CVE-2017-7056, CVE-2017-7061, CVE-2017-7064 (fixed in 2.16.6).
* Add debian/patches/fix-ftbfs-m68k.patch:
+ Fix FTBFS in m68k (Closes: #868126).
webkit2gtk (2.16.5-1) unstable; urgency=medium
.
* New upstream release (Closes: #865772).
webkit2gtk (2.16.5-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
webkit2gtk (2.16.5-1) unstable; urgency=medium
.
* New upstream release (Closes: #865772).
.
webkit2gtk (2.16.4-1) unstable; urgency=high
.
* New upstream release.
+ This fixes CVE-2017-2538.
webkit2gtk (2.16.5-1~bpo8+1) jessie-backports-sloppy; urgency=medium
.
* Rebuild for jessie-backports-sloppy.
* debian/control:
+ Build using libgeoclue-dev instead of libgeoclue-2-dev.
.
webkit2gtk (2.16.5-1) unstable; urgency=medium
.
* New upstream release (Closes: #865772).
.
webkit2gtk (2.16.4-1) unstable; urgency=high
.
* New upstream release.
+ This fixes CVE-2017-2538.
webkit2gtk (2.16.4-1) unstable; urgency=high
.
* New upstream release.
+ This fixes CVE-2017-2538.
whois (5.2.17~deb9u1) stretch; urgency=high
.
* Rebuilt for stretch. (Closes: #869920)
whois (5.2.16) unstable; urgency=medium
.
* Fixed parsing of 6to4 addresses broken in 5.2.15.
* Updated the .do TLD server.
* Updated the list of new gTLDs.
wordpress-shibboleth (1.4-2+deb9u1) stretch-security; urgency=high
.
* [CVE-2017-14313]: Fix XSS in login form (Closes: #874416)
wordpress-shibboleth (1.4-2+deb8u1) jessie-security; urgency=high
.
* [CVE-2017-14313]: Fix XSS in login form (Closes: #874416)
wrk (4.0.2-2~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
.
wrk (4.0.2-2) unstable; urgency=medium
.
[ Christos Trochalakis ]
* Modify previous mips FTBFS patch rendering wrk unusable in all
architectures. Thanks to Rinat Ibragimov (Closes: #855118)
* Fix build on mips architectures (Closes: #801881)
xen (4.8.1-1+deb9u3) stretch-security; urgency=high
.
* Security fixes for
XSA-226 CVE-2017-12135
XSA-227 CVE-2017-12137
XSA-228 CVE-2017-12136
XSA-230 CVE-2017-12855
XSA-235 (no CVE yet)
* Adjust changelog entry for 4.8.1-1+deb9u2 to record
that XSA-225 fix was indeed included.
* Security fix for XSA-229 not included as that bug is in Linux, not Xen.
* Security fixes for XSA-231..234 inc. not inclued as still embargoed.
xen (4.8.1-1+deb9u2) stretch-security; urgency=high
.
* Security fixes for
XSA-216 XSA-217 XSA-218 XSA-219 XSA-220
XSA-221 XSA-222 XSA-223 XSA-224
xfonts-ayu (1:1.7a-1+deb9u1) stable-proposed-updates; urgency=low
.
* debian/rules
- fix regression instroduced in 1:1.7a-1, wildcards evaluation is too
early and as a result, bold and italic was not produced (Closes: #870320)
Thanks to Takeshi Soejima <sohet@mbox.kyoto-inet.or.jp>
xkeyboard-config (2.19-1+deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Revert blacklisting of Indic layouts (Closes: #865316)
Now Indic keyboards can be selected from list of available keyboard layouts
like in previous stable releases. This was reverted upstream as well.
yadm (1.06-1+deb9u1) stretch; urgency=high
.
* Backport for CVE-2017-11353.
======================================
Sat, 22 Jul 2017 - Debian 9.1 released
======================================
=========================================================================
[Date: Sat, 22 Jul 2017 07:58:35 +0000] [ftpmaster: Archive Administrator]
Removed the following packages from stable:
aiccu | 20070115-17 | source
aiccu | 20070115-17+b1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
Closed bugs: 864783
------------------- Reason -------------------
RoM; useless since shutdown of SixXS
----------------------------------------------
=========================================================================
3dchess (0.8.1-19+deb9u1) stretch; urgency=medium
.
* Team upload.
* Add wasteful-CPU-consumption.patch. The game always consumed 100 % CPU
resources due to a missing sleep call in its main loop. (Closes: #866378)
adwaita-icon-theme (3.22.0-1+deb9u1) stretch; urgency=medium
.
* debian/patches/01_fix_send-to-symbolic.patch: Fix malformed
send-to-symbolic icon (Closes: #838961)
anope (2.0.4-1+deb9u1) stretch; urgency=medium
.
* Correct Recommends typo tranport -> transport to stop Exim taking
over from already-installed MTAs (Closes: #864668)
apache2 (2.4.25-3+deb9u1) stretch-security; urgency=high
.
* Backport security fixes from 2.4.26:
* CVE-2017-3167: Authentication bypass with ap_get_basic_auth_pw()
* CVE-2017-3169: mod_ssl NULL pointer dereference
* CVE-2017-7668: Buffer overrun in ap_find_token()
* CVE-2017-7679: mod_mime buffer overread
* CVE-2017-7659: mod_http2 NULL pointer dereference
apt (1.4.7) stretch; urgency=medium
.
* New release with important fixes up to 1.5~beta1; also see LP: #1702326
.
[ Robert Luberda ]
* fix a "critical" typo in old changelog entry (Closes: 866358)
.
[ David Kalnischkies ]
* test suite/travis CI: ignore profiling warning in progress lines
* use port from SRV record instead of initial port
.
[ Julian Andres Klode ]
* Reset failure reason when connection was successful, so later errors are
reported as such and not as "connection failure" warnings.
* debian/gbp.conf: Set debian-branch to 1.4.y
* http: A response with Content-Length: 0 has no content, so don't try to
read it - it will either timeout or the server closes the connection.
* travis CI: Migrate to Docker
avogadro (1.2.0-1+deb9u1) stretch; urgency=medium
.
[ Anton Gladky ]
* Update eigen3 patches, pull them from upstream. (Closes: #865085)
base-files (9.9+deb9u1) stable; urgency=low
.
* Change /etc/debian_version to 9.1, for Debian 9.1 point release.
bind9 (1:9.10.3.dfsg.P4-12.3+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* debian/patches:
- debian/patches/CVE-2017-3142+CVE-2017-3143 added, fix TSIG bypasses
CVE-2017-3142: error in TSIG authentication can permit unauthorized zone
transfers. An attacker may be able to circumvent TSIG authentication of
AXFR and Notify requests.
CVE-2017-3143: error in TSIG authentication can permit unauthorized
dynamic updates. An attacker may be able to forge a valid TSIG or SIG(0)
signature for a dynamic update.
c-ares (1.12.0-1+deb9u1) stretch; urgency=medium
.
* Add patch for CVE-2017-1000381 (Closes: #865360)
debian-edu-doc (1.921~20170603+deb9u1) stretch; urgency=medium
.
[ Holger Levsen ]
* Update Debian Edu Stretch manual from the wiki.
.
[ Wolfgang Schweer ]
* Update Debian Edu Stretch manual from the wiki.
.
[ Stretch Manual translation updates ]
* Polish: Stanisław Krukowski.
* Simplified Chinese: Ma Yong.
* German: Wolfgang Schweer.
* Norwegian Bokmål: Petter Reinholdtsen.
* Italian: Claudio Carboncini.
* Dutch: Frans Spiesschaert.
debian-installer (20170615+deb9u1) stretch; urgency=medium
.
* Enable proposed-updates for the stretch stable branch.
debian-installer-netboot-images (20170615+deb9u1) stretch; urgency=medium
.
* Update to 20170615+deb9u1 images, from stretch-proposed-updates
debsecan (0.4.19~deb9u1) stretch; urgency=medium
.
* Non-maintainer upload.
* Rebuild for stretch
devscripts (2.17.6+deb9u1) stretch; urgency=medium
.
[ Mattia Rizzolo ]
* debchange:
+ Target stretch-backports with --bpo. Closes: #867662
+ Support $codename{,-{proposed-updates,security}} as well. Closes: #789587
* bts:
+ Add patch from Samuel Thibault <sthibault@debian.org> to add support for
the new 'a11y' tag. Closes: #867416
dgit (3.11~deb9u1) stretch; urgency=high
.
* Rebuild and upload to stretch.
.
dgit (3.11) unstable; urgency=high
.
Important bugfixes to dgit:
* Fix rpush+buildinfo: Transfer buildinfos for signing. Closes:#867693.
* Cope if the archive server sends an HTTP redirect,
by passing -L to curl. Closes:#867185,#867309.
* Cope with newer git which hates --local outside a tree. Closes:#865863.
* rpush: Honour local git config from build host working tree.
* Tolerate compressor terminating with SIGPIPE. Closes:#857694.
* Honour more pre-tree git config options in our private trees sharing
the user's object store. In particular, core.sharedRepository.
Prompted by #867603.
* Clone multisuite works even without --no-rm-on-error. Closes:#867434.
* Work if "git init" does not create $GIT/info. Closes:#858054.
* Actually understand foo,-security (!) Closes:#867189.
.
Important bugfixes to other components:
* dgit-badcommit-fixup: Honour core.sharedRepository. Closes:#867603.
* infrastructure: Cope with new git-receive-pack which has
quarantine feature: ie, work around #867702.
.
Test suite:
* Cope with git restricting ext:: protocols.
* multisuite: Test clone without --rm-on-error.
dovecot (1:2.2.27-3+deb9u1) stretch; urgency=medium
.
* [8b8226f] Fix fts-solr: escape {} chars when sending queries (Closes:
#865945)
* [a97cdab] Add basic usage DEP-8 tests, performing end-to-end testing using
LDA, IMAP and POP3.
drupal7 (7.52-2+deb9u1) stretch-security; urgency=high
.
* Backported from 7.56: SA-CORE-2017-003: Files uploaded by anonymous
users into a private file system can be accessed by other anonymous
users. (CVE-2017-6922) (Closes: #865498)
dwarfutils (20161124-1+deb9u1) stretch; urgency=medium
.
* Add patch 02-fix-CVE-2017-9052.patch to fix CVE-2017-9052 and
CVE-2017-9055 (Closes: #864064).
* Add patch 03-fix-CVE-2017-9053.patch to fix CVE-2017-9053.
* Add patch 04-fix-CVE-2017-9054.patch to fix CVE-2017-9054.
* Add patch 05-fix-CVE-2017-9998.patch to fix CVE-2017-9998
(Closes: #866968).
evince (3.22.1-3+deb9u1) stretch-security; urgency=medium
.
* CVE-2017-1000083
exim4 (4.89-2+deb9u1) stretch-security; urgency=medium
.
* CVE-2017-100369
exim4 (4.89-2+deb9u1~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
* b-d on libmysqlclient-dev | libmysqlclient15-dev instead of
default-libmysqlclient-dev.
.
exim4 (4.89-2+deb9u1) stretch-security; urgency=medium
.
* CVE-2017-100369
.
exim4 (4.89-2) unstable; urgency=medium
.
* Revert addition of header "# pidfile: /var/run/exim4/exim.pid" to
initscript (#844178). It breaks when the initscript does not start a
daemon but only runs update-exim4.conf. (inetd or QUEUERUNNER='nodaemon').
Closes: #860317
* When reporting bugs also attach /etc/default/exim4 by default.
flatpak (0.8.5-2+deb9u1) stretch-security; urgency=high
.
* d/p/Ensure-we-don-t-install-world-writable-dirs-or-setuid-fil.patch:
Patch from upstream stable release 0.8.7.
Prevent deploying files with inappropriate permissions
(world-writable, setuid, etc.) (Closes: #865413)
* d/p/dir-Ensure-.local-share-flatpak-is-0700.patch:
Patch from upstream stable release 0.8.7.
Make ~/.local/share/flatpak private to user to defend against app
vendors that might have released files with inappropriate permissions
in the past
flatpak (0.8.5-2+deb9u1~bpo8+1) jessie-backports; urgency=medium
.
* Backport to jessie
- debian/gbp.conf: adjust for this branch
- debian/control: (build-)depend on libgtk-3-bin, not
gtk-update-icon-cache
- d/p/debian/Try-gtk-3.0-version-of-the-icon-cache-utility-first.patch:
try to use gtk-update-icon-cache-3.0 before gtk-update-icon-cache
- d/p/backport/*.patch, d/control: Relax GLib dependency to 2.42
.
flatpak (0.8.5-2+deb9u1) stretch-security; urgency=high
.
* d/p/Ensure-we-don-t-install-world-writable-dirs-or-setuid-fil.patch:
Patch from upstream stable release 0.8.7.
Prevent deploying files with inappropriate permissions
(world-writable, setuid, etc.) (Closes: #865413)
* d/p/dir-Ensure-.local-share-flatpak-is-0700.patch:
Patch from upstream stable release 0.8.7.
Make ~/.local/share/flatpak private to user to defend against app
vendors that might have released files with inappropriate permissions
in the past
.
flatpak (0.8.5-2) unstable; urgency=medium
.
* flatpak Recommends xdg-desktop-portal-gtk | xdg-desktop-portal-backend,
so that sandboxed apps can communicate with the outside world
(Closes: #861068)
fpc (3.0.0+dfsg-11+deb9u1) stretch; urgency=medium
.
* Fix "[fp-units-rtl-3.0.0] Incorrect conversion from local time to
UTC". Backported fix from 3.0.2 (Closes: #864148)
galternatives (0.13.5+nmu4+deb9u1) stretch; urgency=medium
.
* Adopt and switch maintainer information.
* Fix the bug which causes properties window blank. Closes: #325172
geolinks (0.2.0-1+deb9u1) stretch; urgency=medium
.
* Team upload.
* Update branch in gbp.conf & Vcs-Git URL.
* Fix dependencies for Python 3 package.
(closes: #867405)
glibc (2.24-11+deb9u1) stretch-security; urgency=medium
.
* debian/patches/any/local-CVE-2017-1000366-rtld-LD_AUDIT.diff,
debian/patches/any/local-CVE-2017-1000366-rtld-LD_LIBRARY_PATH.diff,
debian/patches/any/local-CVE-2017-1000366-rtld-LD_PRELOAD.diff: add
patches to protect the dynamic linker against stack clashes
(CVE-2017-1000366).
* debian/patches/any/cvs-vectorized-strcspn-guards.diff: patch backported
from upstream to allow usage of strcspn in ld.so.
* debian/patches/any/cvs-hwcap-AT_SECURE.diff: patch backported from
upstream to disable HWCAP for AT_SECURE programs.
gnats (4.1.0-3+deb9u1) stretch; urgency=medium
.
* QA upload.
* gnats-user.postrm: Do not fail to purge if /var/lib/gnats/gnats-db is not
empty. (Closes: #661015)
gnats (4.1.0-3+deb8u1) jessie; urgency=medium
.
* QA upload.
* gnats-user.postrm: Do not fail to purge if /var/lib/gnats/gnats-db is not
empty. (Closes: #661015)
gnome-settings-daemon (3.22.2-2+deb9u2) stretch; urgency=medium
.
* d/p/keyboard-Only-add-the-us-layout-if-the-system-config.patch:
Do not add the "US" keyboard layout by default for new users, for some
reasons, this keyboard was prefered over the system configured one on the
first login. (Closes: #859268)
gnome-settings-daemon (3.22.2-2+deb9u1) stretch; urgency=medium
.
* Remove debian/gnome-settings-daemon.gsettings-override to remember the
NumLock state between sessions by default (Closes: #649587)
gnuplot (5.0.5+dfsg1-6+deb9u1) stretch; urgency=high
.
* [02931b6] Fix memory corruption vulnerability. CVE-2017-9670.
(Closes: #864901)
gnutls28 (3.5.8-5+deb9u2) stretch; urgency=medium
.
* 37_aarch64-fix-AES-GCM-in-place-encryption-and-decrypti.patch from
upstream 3.5.x branch: Fix breakage if AES-GCM in-place encryption and
decryption on aarch64. Closes: #867581
gnutls28 (3.5.8-5+deb9u1) stretch-security; urgency=high
.
* 36_CVE-2017-7507_*.patch: Pulled from 3.5.13, fix crash upon receiving
well-formed status_request extension. GNUTLS-SA-2017-4/CVE-2017-7507
Closes: #864560
* Upload is identical to 3.5.8-6 except for the version number.
grub-installer (1.140+deb9u1) stretch; urgency=medium
.
* Apply another patch by Hideki Yamane to fix support for systems with a
large number of disks, since the regression fix in the previous upload
was incomplete (Closes: #839894).
heimdal (7.1.0+dfsg-13+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation
(Closes: #868208)
intel-microcode (3.20170707.1~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch (no changes)
.
intel-microcode (3.20170707.1) unstable; urgency=high
.
* New upstream microcode datafile 20170707
+ New Microcodes:
sig 0x00050654, pf_mask 0x97, 2017-06-01, rev 0x2000022, size 25600
sig 0x000806e9, pf_mask 0xc0, 2017-04-27, rev 0x0062, size 97280
sig 0x000806ea, pf_mask 0xc0, 2017-05-23, rev 0x0066, size 95232
sig 0x000906e9, pf_mask 0x2a, 2017-04-06, rev 0x005e, size 97280
+ This release fixes the nightmare-level errata SKZ7/SKW144/SKL150/
SKX150 (Skylake) KBL095/KBW095 (Kaby Lake) for all affected Kaby
Lake and Skylake processors: Skylake D0/R0 were fixed since the
previous upstream release (20170511). This new release adds the
fixes for Kaby Lake Y0/B0/H0 and Skylake H0 (Skylake-E/X).
+ Fix undisclosed errata in Skylake H0 (0x50654), Kaby Lake Y0
(0x806ea), Kaby Lake H0 (0x806e9), Kaby Lake B0 (0x906e9)
* source: remove unneeded intel-ucode/ directory
* source: remove superseded upstream data file: 20170511
intel-microcode (3.20170707.1~deb8u1) jessie; urgency=high
.
* Upload to jessie (no changes)
.
intel-microcode (3.20170707.1) unstable; urgency=high
.
* New upstream microcode datafile 20170707
+ New Microcodes:
sig 0x00050654, pf_mask 0x97, 2017-06-01, rev 0x2000022, size 25600
sig 0x000806e9, pf_mask 0xc0, 2017-04-27, rev 0x0062, size 97280
sig 0x000806ea, pf_mask 0xc0, 2017-05-23, rev 0x0066, size 95232
sig 0x000906e9, pf_mask 0x2a, 2017-04-06, rev 0x005e, size 97280
+ This release fixes the nightmare-level errata SKZ7/SKW144/SKL150/
SKX150 (Skylake) KBL095/KBW095 (Kaby Lake) for all affected Kaby
Lake and Skylake processors: Skylake D0/R0 were fixed since the
previous upstream release (20170511). This new release adds the
fixes for Kaby Lake Y0/B0/H0 and Skylake H0 (Skylake-E/X).
+ Fix undisclosed errata in Skylake H0 (0x50654), Kaby Lake Y0
(0x806ea), Kaby Lake H0 (0x806e9), Kaby Lake B0 (0x906e9)
* source: remove unneeded intel-ucode/ directory
* source: remove superseded upstream data file: 20170511
.
intel-microcode (3.20170511.1) unstable; urgency=medium
.
* New upstream microcode datafile 20170511
+ Updated Microcodes:
sig 0x000306c3, pf_mask 0x32, 2017-01-27, rev 0x0022, size 22528
sig 0x000306d4, pf_mask 0xc0, 2017-01-27, rev 0x0025, size 17408
sig 0x000306f2, pf_mask 0x6f, 2017-01-30, rev 0x003a, size 32768
sig 0x000306f4, pf_mask 0x80, 2017-01-30, rev 0x000f, size 16384
sig 0x00040651, pf_mask 0x72, 2017-01-27, rev 0x0020, size 20480
sig 0x00040661, pf_mask 0x32, 2017-01-27, rev 0x0017, size 24576
sig 0x00040671, pf_mask 0x22, 2017-01-27, rev 0x0017, size 11264
sig 0x000406e3, pf_mask 0xc0, 2017-04-09, rev 0x00ba, size 98304
sig 0x000406f1, pf_mask 0xef, 2017-03-01, rev 0xb000021, size 26624
sig 0x000506e3, pf_mask 0x36, 2017-04-09, rev 0x00ba, size 98304
+ This release fixes undisclosed errata on the desktop, mobile and
server processor models from the Haswell, Broadwell, and Skylake
families, including even the high-end multi-socket server Xeons
+ Likely fix the TSC-Deadline LAPIC errata (BDF89, SKL142 and
similar) on several processor families
+ Fix erratum BDF90 on Xeon E7v4, E5v4(?) (closes: #862606)
+ Likely fix serious or critical Skylake errata: SKL138/144,
SKL137/145, SLK149
* Likely fix nightmare-level Skylake erratum SKL150. Fortunately,
either this erratum is very-low-hitting, or gcc/clang/icc/msvc
won't usually issue the affected opcode pattern and it ends up
being rare.
SKL150 - Short loops using both the AH/BH/CH/DH registers and
the corresponding wide register *may* result in unpredictable
system behavior. Requires both logical processors of the same
core (i.e. sibling hyperthreads) to be active to trigger, as
well as a "complex set of micro-architectural conditions"
* source: remove unneeded intel-ucode/ directory
Since release 20170511, upstream ships the microcodes both in .dat
format, and as Linux-style split /lib/firmware/intel-ucode files.
It is simpler to just use the .dat format file for now, so remove
the intel-ucode/ directory. Note: before removal, it was verified
that there were no discrepancies between the two microcode sets
(.dat and intel-ucode/)
* source: remove superseded upstream data file: 20161104
intel-microcode (3.20170707.1~bpo9+1) stretch-backports; urgency=high
.
* Rebuild for stretch-backports (no changes)
.
intel-microcode (3.20170707.1) unstable; urgency=high
.
* New upstream microcode datafile 20170707
+ New Microcodes:
sig 0x00050654, pf_mask 0x97, 2017-06-01, rev 0x2000022, size 25600
sig 0x000806e9, pf_mask 0xc0, 2017-04-27, rev 0x0062, size 97280
sig 0x000806ea, pf_mask 0xc0, 2017-05-23, rev 0x0066, size 95232
sig 0x000906e9, pf_mask 0x2a, 2017-04-06, rev 0x005e, size 97280
+ This release fixes the nightmare-level errata SKZ7/SKW144/SKL150/
SKX150 (Skylake) KBL095/KBW095 (Kaby Lake) for all affected Kaby
Lake and Skylake processors: Skylake D0/R0 were fixed since the
previous upstream release (20170511). This new release adds the
fixes for Kaby Lake Y0/B0/H0 and Skylake H0 (Skylake-E/X).
+ Fix undisclosed errata in Skylake H0 (0x50654), Kaby Lake Y0
(0x806ea), Kaby Lake H0 (0x806e9), Kaby Lake B0 (0x906e9)
* source: remove unneeded intel-ucode/ directory
* source: remove superseded upstream data file: 20170511
intel-microcode (3.20170707.1~bpo8+1) jessie-backports-sloppy; urgency=medium
.
* Rebuild for jessie-backports-sloppy (no changes).
.
intel-microcode (3.20170707.1) unstable; urgency=high
.
* New upstream microcode datafile 20170707
+ New Microcodes:
sig 0x00050654, pf_mask 0x97, 2017-06-01, rev 0x2000022, size 25600
sig 0x000806e9, pf_mask 0xc0, 2017-04-27, rev 0x0062, size 97280
sig 0x000806ea, pf_mask 0xc0, 2017-05-23, rev 0x0066, size 95232
sig 0x000906e9, pf_mask 0x2a, 2017-04-06, rev 0x005e, size 97280
+ This release fixes the nightmare-level errata SKZ7/SKW144/SKL150/
SKX150 (Skylake) KBL095/KBW095 (Kaby Lake) for all affected Kaby
Lake and Skylake processors: Skylake D0/R0 were fixed since the
previous upstream release (20170511). This new release adds the
fixes for Kaby Lake Y0/B0/H0 and Skylake H0 (Skylake-E/X).
+ Fix undisclosed errata in Skylake H0 (0x50654), Kaby Lake Y0
(0x806ea), Kaby Lake H0 (0x806e9), Kaby Lake B0 (0x906e9)
* source: remove unneeded intel-ucode/ directory
* source: remove superseded upstream data file: 20170511
irssi (1.0.2-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix dcc_request where addr is NULL (CVE-2017-9468) (Closes: #864400)
* Fix oob read of one byte in get_file_params_count{,_resume}
(CVE-2017-9469) (Closes: #864400)
jabberd2 (2.4.0-3+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fixed offered SASL mechanism check (CVE-2017-10807)
Thanks to Sergey Korobitsin for the report. (Closes: #867032)
jython (2.5.3-16+deb9u1) stretch-security; urgency=high
.
* Team upload.
* Fix CVE-2016-4000: (Closes: #864859)
Unsafe deserialization may lead to arbitrary code execution.
knot (2.4.0-3+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* debian/patches:
- 0001-tsig-move-signature-validity-period-check-after-the- added, fix
TSIG signature validation bypass (CVE-2017-11104) closes: #865678
libclamunrar (0.99-3+deb9u1) stretch; urgency=medium
.
* Team upload.
.
[ Sebastian Andrzej Siewior ]
* Cherry pick fix for arbitrary memory write. CVE-2012-6706
(Closes: #867223).
libgcrypt20 (1.7.6-2+deb9u1) stretch-security; urgency=high
.
* 31_CVE-2017-752*.patch from upstream 1.7.8 release: Mitigate a
flush+reload side-channel attack on RSA secret keys dubbed "Sliding right
into disaster". For details see <https://eprint.iacr.org/2017/627>.
[CVE-2017-7526]
libopenmpt (0.2.7386~beta20.3-3+deb9u2) stretch; urgency=medium
.
* Add security patches (Closes: #867579).
- up8: Out-of-bounds read while loading a malfomed PLM file.
- up10: CVE-2017-11311: Arbitrary code execution by a crafted PSM file.
libopenmpt (0.2.7386~beta20.3-3+deb9u1) stretch; urgency=medium
.
* Add various security patches (Closes: #864195).
- up1: Division by zero in temp calculation.
- up2: Infinite loop with cyclic plugin routing.
- up3: Excessive CPU consumption on malformed DMF and MDL files.
- up5: Excessive CPU consumption on malformed AMS files.
- up6: Invalid memory read when applying NNAs to effect plugins.
libquicktime (2:1.2.4-10+deb9u1) stretch; urgency=medium
.
* Fix CVE-2017-9122 to CVE-2017-9128, patch from 1.2.4-11 in unstable
(Closes: #864664)
linux (4.9.30-2+deb9u2) stretch-security; urgency=high
.
* Revert changes in version 4.9.30-2+deb9u1 (Closes: #865303)
* mm: larger stack guard gap, between vmas (CVE-2017-1000364)
* mm: fix new crash in unmapped_area_topdown()
linux (4.9.30-2+deb9u2~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports:
- Revert "[x86] psmouse: Enable MOUSE_PS2_VMMOUSE", which breaks
xserver-xorg-input-vmmouse and several metapackages in jessie
- Revert changes to use gcc-6 compiler, not found in jessie
- Change ABI number to 0.bpo.3
- Revert changes to flex and asciidoc build-dependencies
- linux-image-dbg: Revert changes to packaging of debug symbols
- Revert "enable `perf data' support" as libbabeltrace is not available
- [mips*] Disable RELOCATABLE and RANDOMIZE_BASE.
.
linux (4.9.30-2+deb9u2) stretch-security; urgency=high
.
* Revert changes in version 4.9.30-2+deb9u1 (Closes: #865303)
* mm: larger stack guard gap, between vmas (CVE-2017-1000364)
* mm: fix new crash in unmapped_area_topdown()
linux (4.9.30-2+deb9u1) stretch-security; urgency=high
.
* mm: enlarge stack guard gap (CVE-2017-1000364)
* mm: allow to configure stack gap size
* mm, proc: cap the stack gap for unpopulated growing vmas
* mm, proc: drop priv parameter from is_stack
* mm: do not collapse stack gap into THP
* fold me "mm: allow to configure stack gap size"
linux-latest (80+deb9u1) stretch; urgency=medium
.
* Revert changes to debug symbol meta-packages (Closes: #866691)
nagios-nrpe (3.0.1-3+deb9u1) stretch; urgency=medium
.
* Update branch in gbp.conf & Vcs-Git URL.
* Fix 11_reproducible_dh.h.patch to not leave USE_SSL_DH undefined.
Thanks to Johan Carlquist for pointing out this issue.
* Re-enable SSL support by default.
Compatibility with older versions has been fixed.
nginx (1.10.3-1+deb9u1) stretch-security; urgency=high
.
* Handle CVE-2017-7529 Integer overflow in the range filter (Closes: #868109)
nginx (1.10.3-1+deb9u1~bpo8+2) jessie-backports; urgency=medium
.
* Rebuild on a jessie box.
.
nginx (1.10.3-1+deb9u1~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
* Build against openssl 1.0.2 enabling ALPN support for http/2.
* Fix PIE issues for jessie.
* Disable ec-x25519 test.
.
nginx (1.10.3-1+deb9u1) stretch-security; urgency=high
.
* Handle CVE-2017-7529 Integer overflow in the range filter (Closes: #868109)
nginx (1.10.3-1+deb9u1~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
* Build against openssl 1.0.2 enabling ALPN support for http/2.
* Fix PIE issues for jessie.
* Disable ec-x25519 test.
.
nginx (1.10.3-1+deb9u1) stretch-security; urgency=high
.
* Handle CVE-2017-7529 Integer overflow in the range filter (Closes: #868109)
nvidia-graphics-drivers (375.66-2~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
octave-ocs (0.1.5-2+deb9u1) stretch; urgency=medium
.
* d/p/set_nonarch_path_for_pkg_add: refresh for this upstream version.
Fixes loading of package functions into Octave path. (Closes: #865282)
open-iscsi (2.0.874-3~deb9u1) stretch; urgency=medium
.
* [8de3092] udeb: don't update initramfs when iSCSI is not used.
(Closes: #863435)
openssh (1:7.4p1-10+deb9u1) stretch; urgency=medium
.
* Fix incoming compression statistics (thanks, Russell Coker; closes:
#797964).
openstack-debian-images (1.20~deb9u1) stretch-proposed-updates; urgency=medium
.
* Also add security updates for non wheezy/jessie.
* Update debian/gbp.conf to use debian/stretch as packaging branch.
openvpn (2.4.0-6+deb9u1) stretch-security; urgency=high
.
* SECURITY UPDATE: (Closes: #865480)
- CVE-2017-7508.patch. Fix remotely-triggerable ASSERT() on malformed IPv6
packet.
- CVE-2017-7520.patch. Prevent two kinds of stack buffer OOB reads and a
crash for invalid input data.
- CVE-2017-7521.patch. Fix potential double-free in --x509-alt-username.
- CVE-2017-7521bis.patch. Fix remote-triggerable memory leaks.
openvpn (2.4.0-6+deb9u1~bpo8+1) jessie-backports; urgency=high
.
* Rebuild for jessie-backports.
- change build-dep: libssl1.0-dev to libssl-dev
.
openvpn (2.4.0-6+deb9u1) stretch-security; urgency=high
.
* SECURITY UPDATE: (Closes: #865480)
- CVE-2017-7508.patch. Fix remotely-triggerable ASSERT() on malformed IPv6
packet.
- CVE-2017-7520.patch. Prevent two kinds of stack buffer OOB reads and a
crash for invalid input data.
- CVE-2017-7521.patch. Fix potential double-free in --x509-alt-username.
- CVE-2017-7521bis.patch. Fix remote-triggerable memory leaks.
os-prober (1.76~deb9u1) stretch; urgency=medium
.
* Rebuild for stretch.
osinfo-db (0.20170225-3~deb9u1) stretch; urgency=medium
.
* [17d85a0] Adjust gbp.conf for stretch
otrs2 (5.0.16-1+deb9u1) stretch-security; urgency=high
.
* Add patch 15-CVE-2017-9324:
This fixes OSA-2017-03, also known as CVE-2017-9324: An attacker with
agent permission is capable by opening a specific URL in a browser to
gain administrative privileges / full access. Afterward, all system
settings can be read and changed.
Closes: #864319
partman-base (191+deb9u1) stretch; urgency=medium
.
[ Karsten Merker ]
* For systems that are known to have their boot firmware on an mmcblk
device, protect the firmware area on all mmcblk devices (and not
only on mmcblk0) from being clobbered during guided partitioning
and add missing whitespace to the corresponding log output.
(Closes: #854822)
pdns-recursor (4.0.4-1+deb9u1) stretch; urgency=medium
.
* Add new root trust anchor KSK-2017 to embedded root trust list.
(Closes: #866112)
perl (5.24.1-3+deb9u1) stretch; urgency=medium
.
* Backport various Getopt-Long fixes from upstream 2.49..2.51.
(Closes: #855532, #864544)
* Backport upstream patch fixing regexp "Malformed UTF-8 character"
crashes. (Closes: #864782)
* Apply upstream base.pm no-dot-in-inc fix (from 5.24.2-RC1)
(Closes: #867170)
phpunit (5.4.6-2~deb9u1) stretch; urgency=high
.
* Team upload
* Upload previous fix to Stretch
.
phpunit (5.4.6-2) unstable; urgency=high
.
* Team upload
* Fix arbitrary PHP code execution via HTTP POST [CVE-2017-9841]
(Closes: #866200)
protozero (1.5.1-1+deb9u1) stretch; urgency=medium
.
* Update branch in gbp.conf & Vcs-Git URL.
* Include upstream patch to fix data_view equality operator.
This fixes a rather embarrassing bug in the equality operator of the
data_view class. The equality operator is actually never used in the
protozero code itself, but users of protozero might use it. This is a
serious bug that could lead to buffer overrun type problems.
pulseaudio (10.0-1+deb9u1) stretch; urgency=medium
.
[ Balint Reczey ]
* Removing myself from Uploaders.
I made a few changes to the package when it badly needed help
but now it is well maintained and I haven't contributed to it
for years. Thanks to everyone in the packaging team and everyone
who improved the package!
.
[ Scott Leggett ]
* Move AGPL-3 text into copyright file (Closes: #863082)
pykde4 (4:4.14.3-2+deb9u1) stable; urgency=medium
.
* Team upload.
* Drop bindings for plasma webview bindings: No longer functional due to
QtWebKit being dropped from PyQt4 and obsolete (Closes: #865861)
- Add debian/patches/no_webview_webkit.patch
- Drop libqtwebkit-dev from build-depends
python-colorlog (2.10.0-1+deb9u1) stretch; urgency=medium
.
* Fix python3 dependencies (Closes: #867422)
python-imaplib2 (2.55-1+deb9u1) stretch; urgency=medium
.
* Fix typo that resulted in missing dependencies for python3-imaplib2.
Thanks to Adrian Bunk for reporting this (Closes: #867437)
python-plumbum (1.6.2-1+deb9u1) stretch; urgency=medium
.
* Fix python3 dependencies (Closes: #867449)
qgis (2.14.11+dfsg-3+deb9u1) stretch; urgency=medium
.
* Add Breaks/Replaces to python-qgis-common for qgis_customwidgets.py move.
(closes: #864695)
request-tracker4 (4.4.1-3+deb9u2) stretch; urgency=medium
.
* Handle configuration permissions correctly following
RT_SiteConfig.d changes (Closes: #862426)
request-tracker4 (4.4.1-3+deb9u1) stretch-security; urgency=high
.
* Fix multiple security issues:
- [CVE-2017-5943] CSRF verification token information leak
- [CVE-2016-6127] XSS in file uploads
- [CVE-2017-5361] Timing side-channel vulnerability in password
verification
- [CVE-2017-5944] Remote code execution in dashboard interface
- Add check for incorrect RestrictLoginReferrer configuration setting
* Work around a DoS vulnerability in Email::Address (CVE-2015-7686)
retext (6.0.2-2+deb9u1) stretch; urgency=medium
.
* Backport upstream fix for crash in XSettings code (closes: #863640).
* Backport upstream patch to fix syntax in appdata XML file.
rkhunter (1.4.2-6+deb9u1) stable; urgency=high
.
* Disable remote updates to fix CVE-2017-7480 and prevent bugs like
it in the future (closes: #765895, #866677)
socat (1.7.3.1-2+deb9u1) stretch; urgency=medium
.
* Backport upstream fix for SIGSEGV and other signals could lead to a
100% CPU loop.
spice (0.12.8-2.1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2017-7506: Possible buffer overflow via invalid monitor configurations
spip (3.1.4-3~deb9u1) stretch-security; urgency=high
.
* Upload previous fixes to Stretch
* Update previous changelog entry with CVE and bug report
.
spip (3.1.4-3) unstable; urgency=high
.
* Track Stretch
* Backport security fix from 3.1.6
- Execution of arbitrary code [CVE-2017-9736] (Closes: #864921)
* Update security screen to 1.3.2
squashfs-tools (1:4.3-3+deb9u1) stretch; urgency=medium
.
* Backport patch to fix rare race in fragment waiting in filesystem
finalisation.
* Backport fix for 2GB-limit of the is_fragment(...) function
(closes: #788185).
systemd (232-25+deb9u1) stretch; urgency=medium
.
[ Dimitri John Ledkov ]
* Fix out-of-bounds write in systemd-resolved.
CVE-2017-9445 (Closes: #866147, LP: #1695546)
.
[ Michael Biebl ]
* Be truly quiet in systemctl -q is-enabled (Closes: #866579)
* Improve RLIMIT_NOFILE handling.
Use /proc/sys/fs/nr_open to find the current limit of open files
compiled into the kernel instead of using a hard-coded value of 65536
for RLIMIT_NOFILE. (Closes: #865449)
.
[ Nicolas Braud-Santoni ]
* debian/extra/rules: Use updated U2F ruleset.
This ruleset comes from Yubico's libu2f-host. (Closes: #824532)
thermald (1.5.4-2.1) stretch; urgency=medium
.
* add Broadwell-GT3E and Kabylake support (Closes: #864707)
- upstream fix 405dcc0a6 ("Add Kabylake and Broadwell-GT
processor models")
tiff (4.0.8-2+deb9u1) stretch-security; urgency=high
.
* Backport security fixes:
- CVE-2017-9936, memory leak in error code path of JBIGDecode()
(closes: #866113),
- prevent out of memory in gtTileContig() on corrupted files,
- CVE-2017-10688, assertion failure in TIFFWriteDirectoryTagCheckedXXXX()
(closes: #866611).
* Add required _TIFFReadEncodedStripAndAllocBuffer@LIBTIFF_4.0 symbol to the
libtiff5 package.
tomcat8 (8.5.14-1+deb9u1) stretch-security; urgency=high
.
* Team upload.
* Fixed CVE-2017-5664: Static error pages can be overwritten if the
DefaultServlet is configured to permit writes (Closes: #864447)
tor (0.2.9.11-1~deb9u1) stretch-security; urgency=high
.
* Get fix for CVE-2017-0376 into stretch via -security.
tor (0.2.9.11-1~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
* Build-depend on dh-apparmor version >= 2.10.95, which is in backports,
to avoid running into Bug #822349.
undertow (1.4.8-1+deb9u1) stretch-security; urgency=high
.
* Fix CVE-2017-2666 and CVE-2017-2670:
- CVE-2017-2666:
Prevent HTTP smuggling attacks by making sure messages do not contain
invalid headers.
- CVE-2017-2670:
Fix possible DoS attack. The websocket non clean close can cause IO
thread to get stuck in a loop.
(Closes: #864405)
unrar-nonfree (1:5.3.2-1+deb9u1) stretch; urgency=medium
.
* Add bound checks for VMSF_DELTA, VMSF_RGB and VMSF_AUDIO paramters.
- Backported from 5.5.5
- CVE-2012-6706
- Closes: #865461
win32-loader (0.8.3+deb9u1) stretch; urgency=medium
.
* Drop bz2 compression for source
* Replace all mirror urls with deb.debian.org
xorg-server (2:1.19.2-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2017-10971: stack buffer overflow in X Event structures handling
(Closes: #867492)
* CVE-2017-10972: information leak due to an uninitialized stack area when
swapping endianess.
(Closes: #867492)
=========================================
Sat, 17 Jun 2017 - Debian 9.0 released
=========================================