Commit graph

270 commits

Author SHA1 Message Date
Thomas Lamprecht
90eff7b943 bump version to 4.15.18-37
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-04-13 22:00:24 +02:00
Thomas Lamprecht
a4ea6fb33c bump version to 4.15.18-36
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-04-11 13:06:49 +02:00
Thomas Lamprecht
61f33dc8f2 bump version to 4.15.18-35
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-03-13 08:40:24 +01:00
Fabian Grünbichler
62307a081a ZFS/SPL: rework submodule and build
to follow changes made to our zfsonlinux repository.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2019-02-27 15:38:52 +01:00
Thomas Lamprecht
9bd09ca97a bump version to 4.15.18-34
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-02-25 15:31:07 +01:00
Thomas Lamprecht
c47b16cb68 bump version to 4.15.18-33
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-02-06 11:43:04 +01:00
Thomas Lamprecht
4adf30b011 bump version to 4.15.18-32
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-01-19 12:11:14 +01:00
Thomas Lamprecht
da7def12fd bump version to 4.15.18-31
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-01-14 14:00:25 +01:00
Stoiko Ivanov
3db86f1084 bump version to 4.15.18-30
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-11-15 13:33:28 +01:00
Thomas Lamprecht
89a09f9102 bump version to 4.15.18-29
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-11-12 16:01:40 +01:00
Thomas Lamprecht
645ef9e161 bump version to 4.15.18-28
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-10-31 16:28:06 +01:00
Thomas Lamprecht
d7571cfde0 update ABI and firmware
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-10-31 16:27:22 +01:00
Thomas Lamprecht
b8885eda75 bump version to 4.15.18-27
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-10-10 14:23:25 +02:00
Fabian Grünbichler
e25e851963 build: remove leftover ZoL workaround
the executable bit is now properly tracked in our submodule, so this is
no longer needed.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-10-05 14:10:00 +02:00
Thomas Lamprecht
3f14e60dfb bump version to 4.15.18-26
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-10-04 11:38:16 +02:00
Thomas Lamprecht
70b29d94c2 bump version to 4.15.18-25
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-10-03 15:42:30 +02:00
Thomas Lamprecht
83848cd1db bump version to 4.15.18-24
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-09-17 11:46:43 +02:00
Thomas Lamprecht
8cfff66691 bump version to Ubuntu-4.15.0-34.37
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-08-30 13:05:06 +02:00
Thomas Lamprecht
2b76f08c16 bump version to 4.15.18-22
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-08-24 11:13:18 +02:00
Thomas Lamprecht
0fbf7de6c8 bump version to 4.15.18-21
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-08-23 11:50:21 +02:00
Stoiko Ivanov
1bffa5165f bump version to 4.15.18-20
and bump ABI/KREL

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2018-08-16 13:21:59 +02:00
Dietmar Maurer
beb9b8695d add -X to upload target 2018-08-13 08:29:09 +02:00
Dietmar Maurer
b6fe45e6d5 bump version to 4.15.18-19 2018-08-13 07:51:40 +02:00
Stoiko Ivanov
8b4e1fa9c6 Add short documentation about bumping the ABI
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2018-08-13 07:41:59 +02:00
Stoiko Ivanov
80a7ba6436 bump version to 4.15.18-18
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2018-08-08 12:10:37 +02:00
Thomas Lamprecht
eea72d300f bump version to 4.15.18-17
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-07-30 12:55:38 +02:00
Thomas Lamprecht
64fc80e3b7 bump version to 4.15.18-16
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-07-23 15:59:51 +02:00
Thomas Lamprecht
75af7c34e3 bump version to 4.15.18-15 2018-07-04 15:44:15 +02:00
Thomas Lamprecht
b5e86998ea use intree NIC driver for 10G IXGBE drivers
no problems had been reported with it, in contrary to igb and e1000e
so use the newer and better supported in tree driver.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-07-04 15:42:14 +02:00
Thomas Lamprecht
93a8ca28fc bump version to 4.15.17-14
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-06-27 17:48:40 +02:00
Thomas Lamprecht
5d6c3ffa8e buildsys: print out which patch we apply
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-06-27 17:48:40 +02:00
Thomas Lamprecht
d069b13f84 bump version to 4.15-13 2018-06-18 17:18:35 +02:00
Thomas Lamprecht
e8834e95a2 igb: ensure setting MTU sets also max_frame_size
This is a regression from the out-of-tree Intel IGB driver happened
between 5.3.5.10 and 5.3.5.18.
The condition here should be actually reveresed, but as we always can
be sure to have a MAX/MIN MTU defined we can just remove it,
essentially going back to the previous code state (which also works
with our current 4.15 kernel).

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-06-18 17:07:01 +02:00
Thomas Lamprecht
75b315d492 bsys: clarify when to bump meta package
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-06-08 14:39:31 +02:00
Thomas Lamprecht
4379131c79 bump version to 4.15-12
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-06-08 12:01:57 +02:00
Thomas Lamprecht
515973635b renenable out-of-tree intel ethernet driver (e1000e, igb, ixgbe)
There where just to much issues with the 4.15 in tree drivers for our
users [1]. The updated igb and ixgbe drivers are compatible with
4.15, the e1000e driver needed to be ported to the new internal
kernel timer API, which is pretty straight forward.

[1]: https://forum.proxmox.com/threads/4-15-based-test-kernel-for-pve-5-x-available.42097/page-5

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-06-08 11:58:18 +02:00
Thomas Lamprecht
f61496936e update out-of-tree intel ethernet drivers
update OOT Intel ethernet driver for e1000e, igb and ixgbe backed
NICs from: https://sourceforge.net/projects/e1000/

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-06-08 11:35:11 +02:00
Stoiko Ivanov
5fd5ec0e77 refactor variable names and remove hardcoded major.minor version
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2018-05-30 08:24:13 +02:00
Thomas Lamprecht
cd69f5e8ed bump version to 4.15-10 2018-05-23 13:16:05 +02:00
Thomas Lamprecht
9952c40c8a buildsys: also cleanup *.{deb,changes,buildinfo} files 2018-05-23 11:43:21 +02:00
Fabian Grünbichler
7361c770af bump version to 4.15-9 2018-05-09 13:32:39 +02:00
Thomas Lamprecht
9552bb6dee bump version to 4.15-8 2018-05-04 13:14:39 +02:00
Fabian Grünbichler
679a836a3a bump version to 4.15-7, bump ABI to 4.15.17-1-pve
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-04-20 14:55:21 +02:00
Fabian Grünbichler
f060990aa5 bump version to 4.15-6 2018-04-09 12:25:32 +02:00
Fabian Grünbichler
4afcfa3a6f bump version to 4.15-5, bump ABI to 4.15.15-1-pve
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-04-04 15:43:07 +02:00
Fabian Grünbichler
aac513414d update SPL/ZFS to 0.7.7
and manually set the executable build on this new helper script

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-04-04 15:43:07 +02:00
Fabian Grünbichler
4794f3cd69 bump version to 4.15.10-4 2018-03-28 15:47:55 +02:00
Fabian Grünbichler
498bdfe5e5 bump version to 4.15.10-3 2018-03-28 11:07:58 +02:00
Fabian Grünbichler
b4ecde23e8 build: add abiupdate target
to automatically extract and commit the ABI data from a built
pve-headers binary package.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-03-22 11:12:48 +01:00
Fabian Grünbichler
330d1c9ea1 bump version to 4.15-2, bump ABI to 4.15.10-1-pve
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-03-22 11:12:48 +01:00
Fabian Grünbichler
faa3d7515d build: rename ABI file
to track previous ABI to automatically skip ABI checks on ABI bumps.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-03-22 11:12:48 +01:00
Fabian Grünbichler
2454b79d7a switch to in-tree intel drivers
as the out-of-tree ones are not compatible with 4.15
2018-03-09 15:28:03 +01:00
Fabian Grünbichler
1e99f45be0 build: replace 4.13 with 4.15
as well as artful with bionic, and reset KREL/PKGREL accordingly
2018-03-09 14:47:21 +01:00
Fabian Grünbichler
320c823e91 bump version to 4.13.13-42 2018-03-09 11:57:49 +01:00
Fabian Grünbichler
44403fcc69 update README 2018-03-09 11:57:24 +01:00
Fabian Grünbichler
12aaf1a2f7 build: cleanup directory handling 2018-03-09 11:56:22 +01:00
Fabian Grünbichler
66aed5b89f build: remove exported variables
in favor of generated rules.d snippet. this allows calling
dpkg-buildpackage in the build directory manually without setting up the
environment to match.
2018-03-09 11:56:22 +01:00
Fabian Grünbichler
f3acafc70e build: add pmg to upload target 2018-03-09 09:19:58 +01:00
Fabian Grünbichler
e96d2ab3a1 build: move build and packaging to debian/
the top-level Makefile now only prepares the build directory by copying
and patching sources and generating the real files from debian/*.in

the actual build and packaging happens in debian/rules
2018-03-09 09:19:58 +01:00
Fabian Grünbichler
89102957f9 bump version to 4.13-41 2018-02-21 10:08:20 +01:00
Fabian Grünbichler
8a8c16e218 bump version to 4.13-40 2018-02-16 09:58:12 +01:00
Fabian Grünbichler
eb7f659548 bump version to 4.13-39, bump ABI to 4.13.13-6-pve 2018-02-16 09:58:12 +01:00
Fabian Grünbichler
7f4d14b06f buildsys: check for indirect/RETPOLINE gcc support
copied from arch/x86/Makefile
2018-02-16 09:58:12 +01:00
Fabian Grünbichler
57ff4c945b bump version to 4.13-38 2018-01-26 10:48:16 +01:00
Fabian Grünbichler
c1178a874f bump version to 4.13-37 2018-01-19 12:45:45 +01:00
Fabian Grünbichler
5c85c0455e bump version to 4.13-36, bump ABI to 4.13.13-5-pve 2018-01-15 14:05:27 +01:00
Fabian Grünbichler
9c34463e8c bump version to 4.13-35, bump ABI to 4.13.13-4-pve 2018-01-08 11:51:24 +01:00
Fabian Grünbichler
597fd67073 bump version to 4.13-34, bump ABI to 4.13.13-3-pve 2018-01-07 13:21:02 +01:00
Fabian Grünbichler
6ecf746bac enable KPTI 2018-01-07 13:18:22 +01:00
Fabian Grünbichler
e414beae5f default to FRAME_POINTER unwinder again
the new default was changed in 4.14 and was cherry-picked together with
KPTI, but the ORC_UNWINDER seems to break ZFS
2018-01-07 13:18:22 +01:00
Fabian Grünbichler
4536c7a7ed bump version to 4.13-33 2018-01-02 10:04:21 +01:00
Fabian Grünbichler
f783f68d2c bump version to 4.13-32, bump ABI to 4.13.13-2-pve 2017-12-21 10:22:24 +01:00
Fabian Grünbichler
bfd0cd3fe0 bump version to 4.13-31, bump ABI to 4.13.13-1-pve 2017-12-11 11:24:58 +01:00
Fabian Grünbichler
cba3f72b57 bump version to 4.13-30 2017-12-05 13:07:11 +01:00
Fabian Grünbichler
6eb123031d revert igb to 5.3.5.10
because 5.3.5.12 broke JUMBO_FRAMES (again)
2017-12-05 13:05:16 +01:00
Fabian Grünbichler
6749ef5ad2 bump version to 4.13-29, bump ABI to 4.13.8-3-pve 2017-12-04 09:36:58 +01:00
Fabian Grünbichler
8345558924 bump version to 4.13-28, bump ABI to 4.13.8-2-pve 2017-11-29 10:23:18 +01:00
Fabian Grünbichler
350f641023 bump version to 4.13-27, bump ABI to 4.13.8-1-pve 2017-11-22 09:47:25 +01:00
Fabian Grünbichler
25c35b26a1 update intel drivers to latest upstream releases 2017-11-22 09:47:25 +01:00
Fabian Grünbichler
d060c84f4d drop patches applied upstream 2017-11-17 11:59:22 +01:00
Fabian Grünbichler
2a26cde588 bump version to 4.13-26 2017-11-06 11:24:17 +01:00
Fabian Grünbichler
3572537ff8 bump version to 5.1-25 2017-10-23 09:39:36 +02:00
Fabian Grünbichler
da64a9b95a bump version to 4.13-25, bump ABI to 4.13.4-1-pve 2017-10-13 11:33:03 +02:00
Fabian Grünbichler
0e3176e76f fix CVE-2017-12188: nested KVM stack overflow 2017-10-13 11:33:03 +02:00
Fabian Grünbichler
2e38f6f987 update ZFS/SPL to 0.7.2
and switch submodule to simplify patch handling
2017-10-13 11:33:03 +02:00
Fabian Grünbichler
a6dd515e43 build: rename submodules target to submodule 2017-10-13 08:41:42 +02:00
Fabian Grünbichler
2a1d389df6 bump version to 4.13-2, bump ABI to 4.13.3-1 2017-09-27 14:32:08 +02:00
Fabian Grünbichler
262ff4236b bump version to 4.13.1-1
kernel and header only, no meta packages
2017-09-27 10:08:57 +02:00
Fabian Grünbichler
d84d9cdc47 ZFS/SPL: add 4.13 compat patches 2017-09-27 10:06:33 +02:00
Fabian Grünbichler
a8ee21761c ixgbe: add 4.13 compat patch 2017-09-26 10:46:35 +02:00
Fabian Grünbichler
628004c405 igb: add 4.12 compat patch 2017-09-26 10:46:35 +02:00
Fabian Grünbichler
8021de509c intel: drop patches which are no longer needed 2017-09-26 10:46:35 +02:00
Fabian Grünbichler
85507ee2c5 update igb to 5.3.5.10 2017-09-26 10:46:35 +02:00
Fabian Grünbichler
f3bad6d2b0 update ixgbe to 5.2.3 2017-09-26 10:46:35 +02:00
Fabian Grünbichler
b46edee600 update e1000e to 3.3.5.10 2017-09-26 10:46:35 +02:00
Fabian Grünbichler
2f7beffd96 build: move intel NIC patches 2017-09-26 10:46:35 +02:00
Fabian Grünbichler
b9e76370ab build: rebase and refactor kernel patches 2017-09-26 10:46:35 +02:00
Fabian Grünbichler
6c7fba28d9 drop cpuset patch
to be replaced with backport of cgroup v2 functionality
2017-09-26 10:46:35 +02:00
Fabian Grünbichler
a350540ee9 drop patches applied upstream 2017-09-26 10:46:35 +02:00
Fabian Grünbichler
0194915336 build: update for 4.13/artful 2017-09-26 10:38:27 +02:00
Fabian Grünbichler
54a9e5a210 bump version to 4.10.17-23 2017-09-19 09:44:04 +02:00
Fabian Grünbichler
6aebbe9122 drop patches applied upstream 2017-09-19 09:43:03 +02:00
Fabian Grünbichler
212d9d415f revert LP#1705447 fix
see https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1715609
2017-09-19 09:41:58 +02:00
Fabian Grünbichler
3e1f7b2f8e bump version to 4.10.17-22 2017-09-18 10:39:28 +02:00
Fabian Grünbichler
6029760ee4 cherry-pick tcp reset bug fix 2017-09-18 10:38:27 +02:00
Fabian Grünbichler
d799ad3bc2 bump version to 4.10.17-21, bump ABI to 4.10.17-3-pve 2017-09-01 09:03:47 +02:00
Fabian Grünbichler
d6a36c6f72 bump version to 4.10.17-20 2017-08-14 11:23:56 +02:00
Fabian Grünbichler
ca36280078 zfs/spl: update to 0.6.5.11-1, switch submodules 2017-08-14 11:19:31 +02:00
Fabian Grünbichler
07dcf16338 bump version to 4.10.17-19, bump ABI to 4.10.17-2-pve 2017-08-04 14:08:58 +02:00
Fabian Grünbichler
11ce3c4a4b drop patches applied upstream 2017-08-04 13:39:30 +02:00
Fabian Grünbichler
c1fc04f4d1 add follow-up fix for NVME driver
fixes a BUG_ON triggered by Samsung SM960 Pro NVME devices
2017-08-04 13:09:45 +02:00
Fabian Grünbichler
1e9f438872 build: drop bash from fwcheck target 2017-08-02 14:46:11 +02:00
Fabian Grünbichler
bdfc6d28fc build: add deb target 2017-08-02 14:45:53 +02:00
Fabian Grünbichler
7153d8134a build: dynamically choose number of jobs 2017-08-02 14:45:36 +02:00
Thomas Lamprecht
5aecf10b77 bump version to 4.10.17-18
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Changed-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
  * fixed changelog user name
  * adapt wording of nic driver change message to the one from
    the release originally removing them
  * removed duplicate 'Ubuntu' text
2017-07-28 14:09:06 +02:00
Thomas Lamprecht
22fa3dbdcc drop patches applied upstream
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2017-07-28 14:02:26 +02:00
Thomas Lamprecht
9722965770 Revert "remove outdated intel nic drivers"
This reverts commit 7beee5f3eb.

While they repositories of those drivers state that the in kernel one
should be used, as they are newer, it seems they do not provide the
same functionallity. So revert to the out of tree drivers for now.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2017-07-28 14:02:26 +02:00
Wolfgang Bumiller
0ee4a967cb bump version to 4.10.17-17 2017-07-19 12:38:48 +02:00
Wolfgang Bumiller
58a18ce39d buildsys: fix parallel builds 2017-07-19 12:38:48 +02:00
Thomas Lamprecht
4c390211d8 add CVE fixes
CVE-2017-1000364 (rather bugfix for the original CVE fix):
 * mm/mmap.c: expand_downwards: don't require the gap if !vm_prev
 * mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack

CVE-2017-1000365: fs/exec.c: account for argv/envp pointers

CVE-2017-10810: drm/virtio: don't leak bo on drm_gem_object_init
 failure

CVE-2017-7482: rxrpc: Fix several cases where a padded len isn't
 checked in ticket decode

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2017-07-19 09:46:19 +02:00
Thomas Lamprecht
a7f181d4b0 bump version to 4.10.17-16, bump ABI to 4.10.17-1-pve
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2017-07-13 09:07:40 +02:00
Dietmar Maurer
7beee5f3eb remove outdated intel nic drivers 2017-07-13 09:06:03 +02:00
Thomas Lamprecht
d513484f62 add CVE fixes
CVE-2014-9900: net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol()
CVE-2017-7346: drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl()
CVE-2017-9605: drm/vmwgfx: Make sure backup_handle is always valid
CVE-2017-1000380:
 * ALSA: timer: Fix race between read and ioctl
 * ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2017-07-13 06:04:17 +02:00
Thomas Lamprecht
ea91ce10d6 drop patches applied upstream
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2017-07-13 06:04:17 +02:00
Fabian Grünbichler
dc2b2ba06c bump version to 4.10.15-15 2017-06-23 08:58:04 +02:00
Fabian Grünbichler
b4b8080506 replace Stack-Clash fix with upstream version
sicne the Ubuntu / Suse one seems to have some segfaulting
issues.
2017-06-23 08:57:04 +02:00
Fabian Grünbichler
02ad7886ad bump version to 4.10.15-14 2017-06-22 09:24:04 +02:00
Fabian Grünbichler
7c01aa8df7 add follow-up fix for CVE-2017-100364 fix 2017-06-22 09:23:11 +02:00
Fabian Grünbichler
3905cd6842 bump version to 4.10.15-13 2017-06-20 09:58:25 +02:00
Fabian Grünbichler
97d6ca37ca build: use git to get GITVERSION 2017-06-20 09:51:41 +02:00
Fabian Grünbichler
47d1503892 bump version to 4.10.15-12 2017-06-12 13:25:16 +02:00
Fabian Grünbichler
5aa54b7501 fix #1366: pinctl fix for AMD Ryzen on Gigabyte MBs 2017-06-12 13:24:57 +02:00
Fabian Grünbichler
d8cc30e0cd bump version to 4.10.15-11 2017-06-09 11:40:10 +02:00
Fabian Grünbichler
c1f358be22 add fix for CVE-2017-9074 fix 2017-06-09 11:39:33 +02:00
Fabian Grünbichler
05806a84a3 bump version to 4.10.15-10, bump ABI to 4.10.15-1-pve 2017-06-08 14:22:03 +02:00
Fabian Grünbichler
0f831b3cf2 add CVE fixes
CVE-2017-8890: dccp/tcp: do not inherit mc_list from parent
CVE-2017-9074: ipv6: Prevent overrun when parsing v6 header options
CVE-2017-9075: sctp: do not inherit ipv6_{mc|ac|fl}_list from parent
CVE-2017-9076/CVE-2017-9077: ipv6/dccp: do not inherit ipv6_mc_list from parent
CVE-2017-9242: ipv6: fix out of bound writes in __ip6_append_data()
2017-06-08 14:22:03 +02:00
Fabian Grünbichler
674abe87c8 drop patches applied upstream 2017-06-07 10:35:40 +02:00
Fabian Grünbichler
fd5c21692a bump version to 4.10.11-9 2017-05-22 10:00:43 +02:00
Fabian Grünbichler
88582bb094 add fix for DoS via nftables 2017-05-22 09:59:35 +02:00
Fabian Grünbichler
c73cc23929 bump version to 4.10.11-8, bump ABI to 4.10.11-1-pve 2017-05-18 11:22:00 +02:00
Fabian Grünbichler
1e165a112f drop patches applied upstream 2017-05-18 11:22:00 +02:00
Thomas Lamprecht
6490543bf7 add mapping from DEB_BUILD_ARCH to kernel arch subdirectory
and fix the rest of the architecture-hardcoded paths
2017-05-11 08:50:39 +02:00
Thomas Lamprecht
37d1225d09 build-sys: replace fixed architecture use where possible 2017-05-11 08:50:39 +02:00
Fabian Grünbichler
aa785972db bump version to 4.10.8-7 2017-05-05 09:19:50 +02:00
Fabian Grünbichler
2b834b083d add proposed fix for LP#1674838
Patches and rationale by Seth Forshee[1]:

My testing shows that the "POWER9: Additional power9
patches" patches are responsible, two of them in particular:

 - mm: introduce page_vma_mapped_walk()
 - mm, ksm: convert write_protect_page() to use page_vma_mapped_walk()

These patches don't appear to be included for any
functionality they provide, but rather to make "mm/ksm:
handle protnone saved writes when making page write protect"
a clean cherry pick instead of a backport. But the backport
isn't that difficult, so as far as I can tell we can do away
with the other two patches.

1: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1674838/comments/108
2017-05-05 09:12:20 +02:00
Fabian Grünbichler
7f0f6370be update fix for CVE-2017-7979 to final version
cherry-picked from Ubuntu Zesty's master-next
2017-05-05 09:06:44 +02:00
Fabian Grünbichler
95cebd4144 build: export SOURCE_DATE_EPOCH
SOURCE_DATE_EPOCH is used to set various timestamps in build
products, and was introduced as part of the reproducible
builds efforts.

this is a great help for future build system restructuring,
as the "diffoscope"-diff of the produced .debs is now small
enough to catch unintended changes.
2017-05-04 15:40:21 +02:00
Fabian Grünbichler
a6c22e7b57 build: re-add kernel build symlink check
but in a way which works for regular users, not only root
2017-05-04 09:14:55 +02:00
Fabian Grünbichler
5f99d7c8cb build: remove unused parts of Makefile 2017-05-04 09:14:46 +02:00
Fabian Grünbichler
973ac1a4ef fix #1343: add MTU patches for intel drivers
ported from upstream / in-tree commits
91c527a55664ddf4bee26673a35f91748dae4142
and
45693bcb00cbd379c373ab22ccd9a9d4755cc7ed
2017-05-03 14:05:03 +02:00