Salvatore Bonaccorso: > Package: release.debian.org > Severity: normal > User: release.debian....@packages.debian.org > Usertags: unblock > > Hi > > Please unblock package linux >
Ok with me, CC'ing KiBi for a d-i ack. > The update includes stable releases 4.9.19 up to 4.9.25 with many > improvements, bugfixes, security issues fixed. On top of the stable > release the following additional changes were made: > >> [ Ben Hutchings ] >> * w1: Really enable W1_MASTER_GPIO as module (Closes: #858975) >> * debian/rules.real: Undefine $LANGUAGE, which can break debug symbols for >> vDSOs (Closes: #859807) >> * Bump ABI to 3 >> * [s390x] Set NR_CPUS=256 (Closes: #858731) >> * [x86] usbip: Increase USBIP_VHCI_NR_HCS to 8 and USBIP_VHCI_HC_PORTS to >> 31 >> (Closes: #859641) >> * [powerpc/powerpc64,ppc64*] target: Enable SCSI_IBMVSCSIS as module >> * cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores >> (Closes: #859978) >> * udeb: Include all AHCI drivers in sata-modules (Closes: #860335) >> * [powerpc/powerpc64,ppc64] Set NR_CPUS=2048, matching ppc64el >> * [powerpc*/*64*] Enable CPUMASK_OFFSTACK to reduce stack usage >> * [mips*el/loongson-3] Set NR_CPUS=16 to allow for Loongson 3B2000 >> * [mips*/octeon] Set NR_CPUS=64 to allow for Cavium CN7890 >> * [arm64] Set NR_CPUS=256 to allow for multi-SoC systems (Closes: #861209) >> * [powerpc/powerpc-smp,powerpcspe] Explicitly set NR_CPUS=4 >> * Move debug symbols back to the main archive, to avoid problems with the >> current handling in dak >> * linux-image: Disable signing until it's supported in dak >> * [rt] Update to 4.9.20-rt16: >> - rtmutex: Make lock_killable work >> - rtmutex: Provide rt_mutex_lock_state() >> - rtmutex: Provide locked slowpath >> - rwsem/rt: Lift single reader restriction >> * PCI: Enable PCIE_PTM (except on armel/marvell) >> * 6lowpan: Enable Generic Header Compression modules >> * net/sched: Enable NET_ACT_SKBMOD as module >> * ethernet: Enable NFP_NETVF as module >> * net/phy: Enable MICROSEMI_PHY as module >> * input/tablet: Enable TABLET_USB_PEGASUS as module >> * [x86] input/touchscreen: Enable TOUCHSCREEN_SURFACE3_SPI as module >> * serial/8250: Enable SERIAL_8250_MOXA as module >> * [x86] gpio: Enable GPIO_AMDPT as module >> * [x86] thermal: Enable INT3406_THERMAL as module >> * watchdog: Enable WATCHDOG_SYSFS >> * integrity: Enable IMA, IMA_DEFAULT_HASH_SHA256, IMA_APPRAISE, >> IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY, IMA_BLACKLIST_KEYRING >> (except on armel/marvell) (Closes: #788290) >> * media: Enable VIDEO_TW5864, VIDEO_TW686X as modules >> * [x86] amdgpu,sound/soc: Enable DRM_AMD_ACP; enable SND_SOC_AMD_ACP as >> module >> * hda: Set SND_HDA_PREALLOC_SIZE=2048 as recommended for PulseAudio >> * HID: Enable HID_SENSOR_CUSTOM_SENSOR as module >> * leds,USB: Enable USB_LEDS_TRIGGER_USBPORT as module >> * usbip: Enable USBIP_VUDC as module >> * USB/misc: Enable UCSI as module >> * leds: Enable LEDS_TRIGGER_DISK, LEDS_TRIGGER_MTD, LEDS_TRIGGER_PANIC >> * IB: Enable INFINIBAND_HFI1, INFINIBAND_I40IW, INFINIBAND_QEDR, RDMA_RXE >> as modules >> * [amd64] EDAC: Enable EDAC_SKX as module >> * [x86] comedi: Enable COMEDI_ADV_PCI1720, COMEDI_ADV_PCI1760 as modules >> * [x86] platform: Enable INTEL_HID_EVENT as module >> * [x86] hwtracing: Enable INTEL_TH, INTEL_TH_PCI, INTEL_TH_GTH, >> INTEL_TH_MSU, >> INTEL_TH_PTI as modules >> * [rt] tracing: Enable HWLAT_TRACER >> * [x86] crypto: Enable CRYPTO_DEV_QAT_C3XXX, CRYPTO_DEV_QAT_C62X, >> CRYPTO_DEV_QAT_C3XXXVF, CRYPTO_DEV_QAT_C62XVF as modules >> * crypto: Enable CRYPTO_DEV_CHELSIO as module >> * [arm64] Enable ARMV8_DEPRECATED, SWP_EMULATION, CP15_BARRIER_EMULATION, >> SETEND_EMULATION (Closes: #861384) >> * udeb: Add tifm_7xx1 to mmc-modules (Closes: #861195) >> * leds: Enable LEDS_GPIO as module for all configurations with GPIOs >> (Closes: #860569) >> * selinux: Set SECURITY_SELINUX_CHECKREQPROT_VALUE=0, per default. >> This may break some old applications if SELinux is enabled, and can be >> reverted using the kernel parameter: checkreqprot=1 >> * udeb: Move mfd-core to kernel-image, as both input-modules and >> mmc-modules need it >> * crypto: Change CRYPTO_SHA256 from module to built-in, as required by IMA >> . >> [ Salvatore Bonaccorso ] >> * ping: implement proper locking (CVE-2017-2671) >> * macsec: avoid heap overflow in skb_to_sgvec (CVE-2017-7477) >> * macsec: dynamically allocate space for sglist >> * nfsd: check for oversized NFSv2/v3 arguments (CVE-2017-7645) >> * nfsd4: minor NFSv2/v3 write decoding cleanup >> * nfsd: stricter decoding of write-like NFSv2/v3 ops (CVE-2017-7895) >> . >> [ Aurelien Jarno ] >> * [mips*/octeon] Drop obsolete patch adding support for the UBNT E200 >> board. >> * [mips*el/loongson-3] Disable PAGE_EXTENSION and PAGE_POISONING. >> . >> [ John Paul Adrian Glaubitz ] >> * [m68k] udeb: Enable suffix for kernel-image (Closes: #859366) > > There was need of an ABI bump for this update, which should possibly be the > last one before stretch release, but not completely ruled out. > > unblock linux/4.9.25-1 > > Regards, > Salvatore > Thanks, ~Niels