======================================= Sun, 08 Sep 2019 - Debian 9.11 released ======================================= base-files (9.9+deb9u11) stretch; urgency=emergency . * Non-maintainer upload. * Change /etc/debian_version to 9.11, for Debian 9.11 point release. bogl (0.1.18-11+deb9u1) stretch; urgency=high . * bogl-term.c: Call iswspace instead of isspace, fixes crash on U+FEFF. debian-installer-netboot-images (20170615+deb9u7.b2) stretch; urgency=emergency . * Update to 20170615+deb9u2+b2, from stretch-proposed-updates ======================================= Sat, 07 Sep 2019 - Debian 9.10 released ======================================= ========================================================================== [Date: Sat, 07 Sep 2019 10:45:07 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: icedove-dev | 1:60.0-2~deb9u1 | all icedove-l10n-bn-bd | 1:60.0-2~deb9u1 | all icedove-l10n-pa-in | 1:60.0-2~deb9u1 | all icedove-l10n-ta-lk | 1:60.0-2~deb9u1 | all iceowl-l10n-bn-bd | 1:60.0-2~deb9u1 | all iceowl-l10n-pa-in | 1:60.0-2~deb9u1 | all iceowl-l10n-ta-lk | 1:60.0-2~deb9u1 | all lightning-l10n-bn-bd | 1:60.0-2~deb9u1 | all lightning-l10n-pa-in | 1:60.0-2~deb9u1 | all lightning-l10n-ta-lk | 1:60.0-2~deb9u1 | all thunderbird-l10n-bn-bd | 1:60.0-2~deb9u1 | all thunderbird-l10n-pa-in | 1:60.0-2~deb9u1 | all thunderbird-l10n-ta-lk | 1:60.0-2~deb9u1 | all Maintainer: Carsten Schoenert ------------------- Reason ------------------- [auto-cruft] obsoleted ---------------------------------------------- linux-headers-4.9.0-9-common | 4.9.168-1+deb9u3 | all linux-headers-4.9.0-9-common-rt | 4.9.168-1+deb9u3 | all linux-support-4.9.0-9 | 4.9.168-1+deb9u3 | all Maintainer: Debian Kernel Team ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- linux-headers-4.9.0-10-common | 4.9.185-1 | all linux-headers-4.9.0-10-common-rt | 4.9.185-1 | all linux-support-4.9.0-10 | 4.9.185-1 | all Maintainer: Debian Kernel Team ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- libclamav7 | 0.100.3+dfsg-0+deb9u1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x Maintainer: ClamAV Team ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by clamav) ---------------------------------------------- libclamunrar7 | 0.100.1-0+deb9u1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x Maintainer: ClamAV Team ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by libclamunrar) ---------------------------------------------- ata-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 ata-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 btrfs-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 btrfs-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 cdrom-core-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 cdrom-core-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 crc-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 crc-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 crypto-dm-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 crypto-dm-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 crypto-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 crypto-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 efi-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 efi-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 event-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 event-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 ext4-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 ext4-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 fat-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 fat-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 fb-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 fb-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 fuse-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 fuse-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 i2c-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 i2c-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 input-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 input-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 isofs-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 isofs-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 jfs-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 jfs-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 kernel-image-4.9.0-10-arm64-di | 4.9.185-1 | arm64 kernel-image-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 leds-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 leds-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 linux-headers-4.9.0-10-all-arm64 | 4.9.185-1 | arm64 linux-headers-4.9.0-10-arm64 | 4.9.185-1 | arm64 linux-headers-4.9.0-9-all-arm64 | 4.9.168-1+deb9u3 | arm64 linux-headers-4.9.0-9-arm64 | 4.9.168-1+deb9u3 | arm64 linux-image-4.9.0-10-arm64 | 4.9.185-1 | arm64 linux-image-4.9.0-10-arm64-dbg | 4.9.185-1 | arm64 linux-image-4.9.0-9-arm64 | 4.9.168-1+deb9u3 | arm64 linux-image-4.9.0-9-arm64-dbg | 4.9.168-1+deb9u3 | arm64 loop-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 loop-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 md-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 md-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 mmc-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 mmc-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 multipath-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 multipath-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 nbd-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 nbd-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 nic-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 nic-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 nic-shared-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 nic-shared-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 nic-usb-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 nic-usb-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 nic-wireless-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 nic-wireless-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 ppp-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 ppp-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 sata-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 sata-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 scsi-core-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 scsi-core-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 scsi-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 scsi-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 squashfs-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 squashfs-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 udf-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 udf-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 uinput-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 uinput-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 usb-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 usb-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 usb-storage-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 usb-storage-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 virtio-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 virtio-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 xfs-modules-4.9.0-10-arm64-di | 4.9.185-1 | arm64 xfs-modules-4.9.0-9-arm64-di | 4.9.168-1+deb9u3 | arm64 Maintainer: Debian Kernel Team ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- btrfs-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel btrfs-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel cdrom-core-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel cdrom-core-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel crc-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel crc-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel crypto-dm-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel crypto-dm-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel crypto-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel crypto-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel event-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel event-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel ext4-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel ext4-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel fat-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel fat-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel fb-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel fb-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel fuse-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel fuse-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel input-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel input-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel ipv6-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel ipv6-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel isofs-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel isofs-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel jffs2-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel jffs2-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel jfs-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel jfs-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel kernel-image-4.9.0-10-marvell-di | 4.9.185-1 | armel kernel-image-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel leds-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel leds-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel linux-headers-4.9.0-10-all-armel | 4.9.185-1 | armel linux-headers-4.9.0-10-marvell | 4.9.185-1 | armel linux-headers-4.9.0-9-all-armel | 4.9.168-1+deb9u3 | armel linux-headers-4.9.0-9-marvell | 4.9.168-1+deb9u3 | armel linux-image-4.9.0-10-marvell | 4.9.185-1 | armel linux-image-4.9.0-10-marvell-dbg | 4.9.185-1 | armel linux-image-4.9.0-9-marvell | 4.9.168-1+deb9u3 | armel linux-image-4.9.0-9-marvell-dbg | 4.9.168-1+deb9u3 | armel loop-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel loop-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel md-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel md-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel minix-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel minix-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel mmc-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel mmc-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel mouse-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel mouse-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel mtd-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel mtd-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel multipath-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel multipath-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel nbd-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel nbd-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel nic-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel nic-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel nic-shared-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel nic-shared-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel nic-usb-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel nic-usb-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel ppp-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel ppp-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel sata-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel sata-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel scsi-core-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel scsi-core-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel squashfs-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel squashfs-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel udf-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel udf-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel uinput-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel uinput-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel usb-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel usb-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel usb-serial-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel usb-serial-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel usb-storage-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel usb-storage-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel zlib-modules-4.9.0-10-marvell-di | 4.9.185-1 | armel zlib-modules-4.9.0-9-marvell-di | 4.9.168-1+deb9u3 | armel Maintainer: Debian Kernel Team ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ata-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf ata-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf btrfs-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf btrfs-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf crc-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf crc-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf crypto-dm-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf crypto-dm-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf crypto-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf crypto-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf efi-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf efi-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf event-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf event-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf ext4-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf ext4-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf fat-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf fat-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf fb-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf fb-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf fuse-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf fuse-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf i2c-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf i2c-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf input-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf input-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf isofs-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf isofs-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf jfs-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf jfs-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf kernel-image-4.9.0-10-armmp-di | 4.9.185-1 | armhf kernel-image-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf leds-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf leds-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf linux-headers-4.9.0-10-all-armhf | 4.9.185-1 | armhf linux-headers-4.9.0-10-armmp | 4.9.185-1 | armhf linux-headers-4.9.0-10-armmp-lpae | 4.9.185-1 | armhf linux-headers-4.9.0-9-all-armhf | 4.9.168-1+deb9u3 | armhf linux-headers-4.9.0-9-armmp | 4.9.168-1+deb9u3 | armhf linux-headers-4.9.0-9-armmp-lpae | 4.9.168-1+deb9u3 | armhf linux-image-4.9.0-10-armmp | 4.9.185-1 | armhf linux-image-4.9.0-10-armmp-dbg | 4.9.185-1 | armhf linux-image-4.9.0-10-armmp-lpae | 4.9.185-1 | armhf linux-image-4.9.0-10-armmp-lpae-dbg | 4.9.185-1 | armhf linux-image-4.9.0-9-armmp | 4.9.168-1+deb9u3 | armhf linux-image-4.9.0-9-armmp-dbg | 4.9.168-1+deb9u3 | armhf linux-image-4.9.0-9-armmp-lpae | 4.9.168-1+deb9u3 | armhf linux-image-4.9.0-9-armmp-lpae-dbg | 4.9.168-1+deb9u3 | armhf loop-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf loop-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf md-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf md-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf mmc-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf mmc-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf mtd-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf mtd-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf multipath-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf multipath-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf nbd-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf nbd-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf nic-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf nic-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf nic-shared-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf nic-shared-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf nic-usb-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf nic-usb-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf nic-wireless-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf nic-wireless-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf pata-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf pata-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf ppp-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf ppp-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf sata-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf sata-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf scsi-core-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf scsi-core-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf scsi-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf scsi-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf squashfs-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf squashfs-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf udf-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf udf-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf uinput-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf uinput-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf usb-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf usb-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf usb-storage-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf usb-storage-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf virtio-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf virtio-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf zlib-modules-4.9.0-10-armmp-di | 4.9.185-1 | armhf zlib-modules-4.9.0-9-armmp-di | 4.9.168-1+deb9u3 | armhf Maintainer: Debian Kernel Team ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- acpi-modules-4.9.0-10-686-di | 4.9.185-1 | i386 acpi-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 acpi-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 acpi-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 ata-modules-4.9.0-10-686-di | 4.9.185-1 | i386 ata-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 ata-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 ata-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 btrfs-modules-4.9.0-10-686-di | 4.9.185-1 | i386 btrfs-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 btrfs-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 btrfs-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 cdrom-core-modules-4.9.0-10-686-di | 4.9.185-1 | i386 cdrom-core-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 cdrom-core-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 cdrom-core-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 crc-modules-4.9.0-10-686-di | 4.9.185-1 | i386 crc-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 crc-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 crc-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 crypto-dm-modules-4.9.0-10-686-di | 4.9.185-1 | i386 crypto-dm-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 crypto-dm-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 crypto-dm-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 crypto-modules-4.9.0-10-686-di | 4.9.185-1 | i386 crypto-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 crypto-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 crypto-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 efi-modules-4.9.0-10-686-di | 4.9.185-1 | i386 efi-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 efi-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 efi-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 event-modules-4.9.0-10-686-di | 4.9.185-1 | i386 event-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 event-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 event-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 ext4-modules-4.9.0-10-686-di | 4.9.185-1 | i386 ext4-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 ext4-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 ext4-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 fat-modules-4.9.0-10-686-di | 4.9.185-1 | i386 fat-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 fat-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 fat-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 fb-modules-4.9.0-10-686-di | 4.9.185-1 | i386 fb-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 fb-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 fb-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 firewire-core-modules-4.9.0-10-686-di | 4.9.185-1 | i386 firewire-core-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 firewire-core-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 firewire-core-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 fuse-modules-4.9.0-10-686-di | 4.9.185-1 | i386 fuse-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 fuse-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 fuse-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 hyperv-modules-4.9.0-10-686-di | 4.9.185-1 | i386 hyperv-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 hyperv-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 hyperv-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 i2c-modules-4.9.0-10-686-di | 4.9.185-1 | i386 i2c-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 i2c-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 i2c-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 input-modules-4.9.0-10-686-di | 4.9.185-1 | i386 input-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 input-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 input-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 isofs-modules-4.9.0-10-686-di | 4.9.185-1 | i386 isofs-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 isofs-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 isofs-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 jfs-modules-4.9.0-10-686-di | 4.9.185-1 | i386 jfs-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 jfs-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 jfs-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 kernel-image-4.9.0-10-686-di | 4.9.185-1 | i386 kernel-image-4.9.0-10-686-pae-di | 4.9.185-1 | i386 kernel-image-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 kernel-image-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 linux-headers-4.9.0-10-686 | 4.9.185-1 | i386 linux-headers-4.9.0-10-686-pae | 4.9.185-1 | i386 linux-headers-4.9.0-10-all-i386 | 4.9.185-1 | i386 linux-headers-4.9.0-10-rt-686-pae | 4.9.185-1 | i386 linux-headers-4.9.0-9-686 | 4.9.168-1+deb9u3 | i386 linux-headers-4.9.0-9-686-pae | 4.9.168-1+deb9u3 | i386 linux-headers-4.9.0-9-all-i386 | 4.9.168-1+deb9u3 | i386 linux-headers-4.9.0-9-rt-686-pae | 4.9.168-1+deb9u3 | i386 linux-image-4.9.0-10-686 | 4.9.185-1 | i386 linux-image-4.9.0-10-686-dbg | 4.9.185-1 | i386 linux-image-4.9.0-10-686-pae | 4.9.185-1 | i386 linux-image-4.9.0-10-686-pae-dbg | 4.9.185-1 | i386 linux-image-4.9.0-10-rt-686-pae | 4.9.185-1 | i386 linux-image-4.9.0-10-rt-686-pae-dbg | 4.9.185-1 | i386 linux-image-4.9.0-9-686 | 4.9.168-1+deb9u3 | i386 linux-image-4.9.0-9-686-dbg | 4.9.168-1+deb9u3 | i386 linux-image-4.9.0-9-686-pae | 4.9.168-1+deb9u3 | i386 linux-image-4.9.0-9-686-pae-dbg | 4.9.168-1+deb9u3 | i386 linux-image-4.9.0-9-rt-686-pae | 4.9.168-1+deb9u3 | i386 linux-image-4.9.0-9-rt-686-pae-dbg | 4.9.168-1+deb9u3 | i386 loop-modules-4.9.0-10-686-di | 4.9.185-1 | i386 loop-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 loop-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 loop-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 md-modules-4.9.0-10-686-di | 4.9.185-1 | i386 md-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 md-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 md-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 mmc-core-modules-4.9.0-10-686-di | 4.9.185-1 | i386 mmc-core-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 mmc-core-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 mmc-core-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 mmc-modules-4.9.0-10-686-di | 4.9.185-1 | i386 mmc-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 mmc-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 mmc-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 mouse-modules-4.9.0-10-686-di | 4.9.185-1 | i386 mouse-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 mouse-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 mouse-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 multipath-modules-4.9.0-10-686-di | 4.9.185-1 | i386 multipath-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 multipath-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 multipath-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 nbd-modules-4.9.0-10-686-di | 4.9.185-1 | i386 nbd-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 nbd-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 nbd-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 nic-modules-4.9.0-10-686-di | 4.9.185-1 | i386 nic-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 nic-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 nic-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 nic-pcmcia-modules-4.9.0-10-686-di | 4.9.185-1 | i386 nic-pcmcia-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 nic-pcmcia-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 nic-pcmcia-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 nic-shared-modules-4.9.0-10-686-di | 4.9.185-1 | i386 nic-shared-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 nic-shared-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 nic-shared-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 nic-usb-modules-4.9.0-10-686-di | 4.9.185-1 | i386 nic-usb-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 nic-usb-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 nic-usb-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 nic-wireless-modules-4.9.0-10-686-di | 4.9.185-1 | i386 nic-wireless-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 nic-wireless-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 nic-wireless-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 ntfs-modules-4.9.0-10-686-di | 4.9.185-1 | i386 ntfs-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 ntfs-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 ntfs-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 pata-modules-4.9.0-10-686-di | 4.9.185-1 | i386 pata-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 pata-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 pata-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 pcmcia-modules-4.9.0-10-686-di | 4.9.185-1 | i386 pcmcia-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 pcmcia-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 pcmcia-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 pcmcia-storage-modules-4.9.0-10-686-di | 4.9.185-1 | i386 pcmcia-storage-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 pcmcia-storage-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 pcmcia-storage-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 ppp-modules-4.9.0-10-686-di | 4.9.185-1 | i386 ppp-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 ppp-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 ppp-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 sata-modules-4.9.0-10-686-di | 4.9.185-1 | i386 sata-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 sata-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 sata-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 scsi-core-modules-4.9.0-10-686-di | 4.9.185-1 | i386 scsi-core-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 scsi-core-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 scsi-core-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 scsi-modules-4.9.0-10-686-di | 4.9.185-1 | i386 scsi-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 scsi-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 scsi-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 serial-modules-4.9.0-10-686-di | 4.9.185-1 | i386 serial-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 serial-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 serial-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 sound-modules-4.9.0-10-686-di | 4.9.185-1 | i386 sound-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 sound-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 sound-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 speakup-modules-4.9.0-10-686-di | 4.9.185-1 | i386 speakup-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 speakup-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 speakup-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 squashfs-modules-4.9.0-10-686-di | 4.9.185-1 | i386 squashfs-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 squashfs-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 squashfs-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 udf-modules-4.9.0-10-686-di | 4.9.185-1 | i386 udf-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 udf-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 udf-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 uinput-modules-4.9.0-10-686-di | 4.9.185-1 | i386 uinput-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 uinput-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 uinput-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 usb-modules-4.9.0-10-686-di | 4.9.185-1 | i386 usb-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 usb-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 usb-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 usb-serial-modules-4.9.0-10-686-di | 4.9.185-1 | i386 usb-serial-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 usb-serial-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 usb-serial-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 usb-storage-modules-4.9.0-10-686-di | 4.9.185-1 | i386 usb-storage-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 usb-storage-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 usb-storage-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 virtio-modules-4.9.0-10-686-di | 4.9.185-1 | i386 virtio-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 virtio-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 virtio-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 xfs-modules-4.9.0-10-686-di | 4.9.185-1 | i386 xfs-modules-4.9.0-10-686-pae-di | 4.9.185-1 | i386 xfs-modules-4.9.0-9-686-di | 4.9.168-1+deb9u3 | i386 xfs-modules-4.9.0-9-686-pae-di | 4.9.168-1+deb9u3 | i386 Maintainer: Debian Kernel Team ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- linux-headers-4.9.0-10-all-mips | 4.9.185-1 | mips linux-headers-4.9.0-9-all-mips | 4.9.168-1+deb9u3 | mips Maintainer: Debian Kernel Team ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- affs-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel affs-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel btrfs-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel btrfs-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel cdrom-core-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel cdrom-core-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel crc-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel crc-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel crypto-dm-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel crypto-dm-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel crypto-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel crypto-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel event-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel event-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel ext4-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel ext4-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel fat-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel fat-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel fuse-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel fuse-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel hfs-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel hfs-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel input-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel input-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel isofs-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel isofs-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel jfs-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel jfs-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel kernel-image-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel kernel-image-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel linux-headers-4.9.0-10-5kc-malta | 4.9.185-1 | mips, mips64el, mipsel linux-headers-4.9.0-10-octeon | 4.9.185-1 | mips, mips64el, mipsel linux-headers-4.9.0-9-5kc-malta | 4.9.168-1+deb9u3 | mips, mips64el, mipsel linux-headers-4.9.0-9-octeon | 4.9.168-1+deb9u3 | mips, mips64el, mipsel linux-image-4.9.0-10-5kc-malta | 4.9.185-1 | mips, mips64el, mipsel linux-image-4.9.0-10-5kc-malta-dbg | 4.9.185-1 | mips, mips64el, mipsel linux-image-4.9.0-10-octeon | 4.9.185-1 | mips, mips64el, mipsel linux-image-4.9.0-10-octeon-dbg | 4.9.185-1 | mips, mips64el, mipsel linux-image-4.9.0-9-5kc-malta | 4.9.168-1+deb9u3 | mips, mips64el, mipsel linux-image-4.9.0-9-5kc-malta-dbg | 4.9.168-1+deb9u3 | mips, mips64el, mipsel linux-image-4.9.0-9-octeon | 4.9.168-1+deb9u3 | mips, mips64el, mipsel linux-image-4.9.0-9-octeon-dbg | 4.9.168-1+deb9u3 | mips, mips64el, mipsel loop-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel loop-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel md-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel md-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel minix-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel minix-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel multipath-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel multipath-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel nbd-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel nbd-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel nic-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel nic-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel nic-shared-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel nic-shared-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel nic-usb-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel nic-usb-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel nic-wireless-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel nic-wireless-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel ntfs-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel ntfs-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel pata-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel pata-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel ppp-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel ppp-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel rtc-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel rtc-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel sata-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel sata-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel scsi-core-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel scsi-core-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel scsi-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel scsi-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel sound-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel sound-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel squashfs-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel squashfs-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel udf-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel udf-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel usb-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel usb-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel usb-serial-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel usb-serial-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel usb-storage-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel usb-storage-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel virtio-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel virtio-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel xfs-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel xfs-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel zlib-modules-4.9.0-10-octeon-di | 4.9.185-1 | mips, mips64el, mipsel zlib-modules-4.9.0-9-octeon-di | 4.9.168-1+deb9u3 | mips, mips64el, mipsel Maintainer: Debian Kernel Team ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- affs-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel affs-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel ata-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel ata-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel btrfs-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel btrfs-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel cdrom-core-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel cdrom-core-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel crc-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel crc-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel crypto-dm-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel crypto-dm-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel crypto-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel crypto-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel event-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel event-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel ext4-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel ext4-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel fat-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel fat-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel fuse-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel fuse-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel hfs-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel hfs-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel i2c-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel i2c-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel input-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel input-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel isofs-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel isofs-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel jfs-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel jfs-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel kernel-image-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel kernel-image-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel linux-headers-4.9.0-10-4kc-malta | 4.9.185-1 | mips, mipsel linux-headers-4.9.0-9-4kc-malta | 4.9.168-1+deb9u3 | mips, mipsel linux-image-4.9.0-10-4kc-malta | 4.9.185-1 | mips, mipsel linux-image-4.9.0-10-4kc-malta-dbg | 4.9.185-1 | mips, mipsel linux-image-4.9.0-9-4kc-malta | 4.9.168-1+deb9u3 | mips, mipsel linux-image-4.9.0-9-4kc-malta-dbg | 4.9.168-1+deb9u3 | mips, mipsel loop-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel loop-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel md-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel md-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel minix-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel minix-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel mmc-core-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel mmc-core-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel mmc-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel mmc-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel mouse-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel mouse-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel multipath-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel multipath-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel nbd-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel nbd-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel nic-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel nic-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel nic-shared-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel nic-shared-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel nic-usb-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel nic-usb-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel nic-wireless-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel nic-wireless-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel ntfs-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel ntfs-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel pata-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel pata-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel ppp-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel ppp-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel sata-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel sata-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel scsi-core-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel scsi-core-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel scsi-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel scsi-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel sound-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel sound-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel squashfs-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel squashfs-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel udf-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel udf-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel usb-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel usb-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel usb-serial-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel usb-serial-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel usb-storage-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel usb-storage-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel virtio-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel virtio-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel xfs-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel xfs-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel zlib-modules-4.9.0-10-4kc-malta-di | 4.9.185-1 | mips, mipsel zlib-modules-4.9.0-9-4kc-malta-di | 4.9.168-1+deb9u3 | mips, mipsel Maintainer: Debian Kernel Team ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- affs-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el affs-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el ata-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el ata-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el btrfs-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el btrfs-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el cdrom-core-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el cdrom-core-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el crc-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el crc-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el crypto-dm-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el crypto-dm-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el crypto-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el crypto-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el event-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el event-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el ext4-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el ext4-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el fat-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el fat-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el fuse-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el fuse-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el hfs-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el hfs-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el i2c-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el i2c-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el input-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el input-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el isofs-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el isofs-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el jfs-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el jfs-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el kernel-image-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el kernel-image-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el linux-headers-4.9.0-10-all-mips64el | 4.9.185-1 | mips64el linux-headers-4.9.0-9-all-mips64el | 4.9.168-1+deb9u3 | mips64el loop-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el loop-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el md-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el md-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el minix-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el minix-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el mmc-core-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el mmc-core-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el mmc-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el mmc-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el mouse-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el mouse-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el multipath-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el multipath-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el nbd-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el nbd-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el nic-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el nic-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el nic-shared-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el nic-shared-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el nic-usb-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el nic-usb-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el nic-wireless-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el nic-wireless-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el ntfs-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el ntfs-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el pata-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el pata-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el ppp-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el ppp-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el sata-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el sata-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el scsi-core-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el scsi-core-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el scsi-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el scsi-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el sound-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el sound-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el squashfs-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el squashfs-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el udf-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el udf-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el usb-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el usb-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el usb-serial-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el usb-serial-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el usb-storage-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el usb-storage-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el virtio-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el virtio-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el xfs-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el xfs-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el zlib-modules-4.9.0-10-5kc-malta-di | 4.9.185-1 | mips64el zlib-modules-4.9.0-9-5kc-malta-di | 4.9.168-1+deb9u3 | mips64el Maintainer: Debian Kernel Team ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- affs-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel affs-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel ata-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel ata-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel btrfs-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel btrfs-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel cdrom-core-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel cdrom-core-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel crc-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel crc-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel crypto-dm-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel crypto-dm-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel crypto-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel crypto-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel event-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel event-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel ext4-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel ext4-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel fat-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel fat-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel fb-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel fb-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel firewire-core-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel firewire-core-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel fuse-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel fuse-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel hfs-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel hfs-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel input-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel input-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel isofs-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel isofs-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel jfs-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel jfs-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel kernel-image-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel kernel-image-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel linux-headers-4.9.0-10-loongson-3 | 4.9.185-1 | mips64el, mipsel linux-headers-4.9.0-9-loongson-3 | 4.9.168-1+deb9u3 | mips64el, mipsel linux-image-4.9.0-10-loongson-3 | 4.9.185-1 | mips64el, mipsel linux-image-4.9.0-10-loongson-3-dbg | 4.9.185-1 | mips64el, mipsel linux-image-4.9.0-9-loongson-3 | 4.9.168-1+deb9u3 | mips64el, mipsel linux-image-4.9.0-9-loongson-3-dbg | 4.9.168-1+deb9u3 | mips64el, mipsel loop-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel loop-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel md-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel md-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel minix-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel minix-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel multipath-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel multipath-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel nbd-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel nbd-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel nfs-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel nfs-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel nic-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel nic-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel nic-shared-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel nic-shared-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel nic-usb-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel nic-usb-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel nic-wireless-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel nic-wireless-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel ntfs-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel ntfs-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel pata-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel pata-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel ppp-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel ppp-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel sata-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel sata-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel scsi-core-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel scsi-core-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel scsi-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel scsi-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel sound-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel sound-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel speakup-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel speakup-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel squashfs-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel squashfs-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel udf-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel udf-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel usb-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel usb-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel usb-serial-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel usb-serial-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel usb-storage-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel usb-storage-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel virtio-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel virtio-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel xfs-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel xfs-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel zlib-modules-4.9.0-10-loongson-3-di | 4.9.185-1 | mips64el, mipsel zlib-modules-4.9.0-9-loongson-3-di | 4.9.168-1+deb9u3 | mips64el, mipsel Maintainer: Debian Kernel Team ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- linux-headers-4.9.0-10-all-mipsel | 4.9.185-1 | mipsel linux-headers-4.9.0-9-all-mipsel | 4.9.168-1+deb9u3 | mipsel Maintainer: Debian Kernel Team ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ata-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el ata-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el btrfs-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el btrfs-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el cdrom-core-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el cdrom-core-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el crc-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el crc-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el crypto-dm-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el crypto-dm-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el crypto-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el crypto-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el event-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el event-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el ext4-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el ext4-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el fancontrol-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el fancontrol-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el fat-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el fat-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el firewire-core-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el firewire-core-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el fuse-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el fuse-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el hypervisor-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el hypervisor-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el input-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el input-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el isofs-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el isofs-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el jfs-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el jfs-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el kernel-image-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el kernel-image-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el linux-headers-4.9.0-10-all-ppc64el | 4.9.185-1 | ppc64el linux-headers-4.9.0-10-powerpc64le | 4.9.185-1 | ppc64el linux-headers-4.9.0-9-all-ppc64el | 4.9.168-1+deb9u3 | ppc64el linux-headers-4.9.0-9-powerpc64le | 4.9.168-1+deb9u3 | ppc64el linux-image-4.9.0-10-powerpc64le | 4.9.185-1 | ppc64el linux-image-4.9.0-10-powerpc64le-dbg | 4.9.185-1 | ppc64el linux-image-4.9.0-9-powerpc64le | 4.9.168-1+deb9u3 | ppc64el linux-image-4.9.0-9-powerpc64le-dbg | 4.9.168-1+deb9u3 | ppc64el loop-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el loop-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el md-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el md-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el mouse-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el mouse-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el multipath-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el multipath-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el nbd-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el nbd-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el nic-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el nic-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el nic-shared-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el nic-shared-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el ppp-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el ppp-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el sata-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el sata-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el scsi-core-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el scsi-core-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el scsi-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el scsi-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el serial-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el serial-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el squashfs-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el squashfs-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el udf-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el udf-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el uinput-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el uinput-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el usb-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el usb-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el usb-serial-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el usb-serial-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el usb-storage-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el usb-storage-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el virtio-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el virtio-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el xfs-modules-4.9.0-10-powerpc64le-di | 4.9.185-1 | ppc64el xfs-modules-4.9.0-9-powerpc64le-di | 4.9.168-1+deb9u3 | ppc64el Maintainer: Debian Kernel Team ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- acpi-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 acpi-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 ata-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 ata-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 btrfs-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 btrfs-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 cdrom-core-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 cdrom-core-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 crc-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 crc-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 crypto-dm-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 crypto-dm-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 crypto-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 crypto-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 efi-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 efi-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 event-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 event-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 ext4-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 ext4-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 fat-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 fat-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 fb-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 fb-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 firewire-core-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 firewire-core-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 fuse-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 fuse-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 hyperv-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 hyperv-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 i2c-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 i2c-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 input-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 input-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 isofs-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 isofs-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 jfs-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 jfs-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 kernel-image-4.9.0-10-amd64-di | 4.9.185-1 | amd64 kernel-image-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 linux-headers-4.9.0-10-all-amd64 | 4.9.185-1 | amd64 linux-headers-4.9.0-10-amd64 | 4.9.185-1 | amd64 linux-headers-4.9.0-10-rt-amd64 | 4.9.185-1 | amd64 linux-headers-4.9.0-9-all-amd64 | 4.9.168-1+deb9u3 | amd64 linux-headers-4.9.0-9-amd64 | 4.9.168-1+deb9u3 | amd64 linux-headers-4.9.0-9-rt-amd64 | 4.9.168-1+deb9u3 | amd64 linux-image-4.9.0-10-amd64 | 4.9.185-1 | amd64 linux-image-4.9.0-10-amd64-dbg | 4.9.185-1 | amd64 linux-image-4.9.0-10-rt-amd64 | 4.9.185-1 | amd64 linux-image-4.9.0-10-rt-amd64-dbg | 4.9.185-1 | amd64 linux-image-4.9.0-9-amd64 | 4.9.168-1+deb9u3 | amd64 linux-image-4.9.0-9-amd64-dbg | 4.9.168-1+deb9u3 | amd64 linux-image-4.9.0-9-rt-amd64 | 4.9.168-1+deb9u3 | amd64 linux-image-4.9.0-9-rt-amd64-dbg | 4.9.168-1+deb9u3 | amd64 loop-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 loop-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 md-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 md-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 mmc-core-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 mmc-core-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 mmc-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 mmc-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 mouse-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 mouse-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 multipath-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 multipath-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 nbd-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 nbd-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 nic-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 nic-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 nic-pcmcia-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 nic-pcmcia-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 nic-shared-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 nic-shared-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 nic-usb-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 nic-usb-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 nic-wireless-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 nic-wireless-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 ntfs-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 ntfs-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 pata-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 pata-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 pcmcia-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 pcmcia-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 pcmcia-storage-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 pcmcia-storage-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 ppp-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 ppp-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 sata-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 sata-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 scsi-core-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 scsi-core-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 scsi-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 scsi-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 serial-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 serial-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 sound-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 sound-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 speakup-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 speakup-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 squashfs-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 squashfs-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 udf-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 udf-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 uinput-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 uinput-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 usb-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 usb-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 usb-serial-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 usb-serial-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 usb-storage-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 usb-storage-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 virtio-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 virtio-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 xfs-modules-4.9.0-10-amd64-di | 4.9.185-1 | amd64 xfs-modules-4.9.0-9-amd64-di | 4.9.168-1+deb9u3 | amd64 Maintainer: Debian Kernel Team ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- btrfs-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x btrfs-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x crc-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x crc-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x crypto-dm-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x crypto-dm-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x crypto-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x crypto-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x dasd-extra-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x dasd-extra-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x dasd-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x dasd-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x ext4-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x ext4-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x fat-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x fat-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x fuse-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x fuse-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x isofs-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x isofs-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x kernel-image-4.9.0-10-s390x-di | 4.9.185-1 | s390x kernel-image-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x linux-headers-4.9.0-10-all-s390x | 4.9.185-1 | s390x linux-headers-4.9.0-10-s390x | 4.9.185-1 | s390x linux-headers-4.9.0-9-all-s390x | 4.9.168-1+deb9u3 | s390x linux-headers-4.9.0-9-s390x | 4.9.168-1+deb9u3 | s390x linux-image-4.9.0-10-s390x | 4.9.185-1 | s390x linux-image-4.9.0-10-s390x-dbg | 4.9.185-1 | s390x linux-image-4.9.0-9-s390x | 4.9.168-1+deb9u3 | s390x linux-image-4.9.0-9-s390x-dbg | 4.9.168-1+deb9u3 | s390x loop-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x loop-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x md-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x md-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x multipath-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x multipath-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x nbd-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x nbd-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x nic-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x nic-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x scsi-core-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x scsi-core-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x scsi-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x scsi-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x udf-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x udf-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x virtio-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x virtio-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x xfs-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x xfs-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x zlib-modules-4.9.0-10-s390x-di | 4.9.185-1 | s390x zlib-modules-4.9.0-9-s390x-di | 4.9.168-1+deb9u3 | s390x Maintainer: Debian Kernel Team ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- linux-headers-4.9.0-10-all | 4.9.185-1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x linux-headers-4.9.0-9-all | 4.9.168-1+deb9u3 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x Maintainer: Debian Kernel Team ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- rust-doc | 1.14.0+dfsg1-3 | all Maintainer: Rust Maintainers Will also close bugs: 928423 ------------------- Reason ------------------- RoQA; outdated cruft package ---------------------------------------------- teeworlds | 0.6.5+dfsg-1~deb9u1 | source, amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x teeworlds-data | 0.6.5+dfsg-1~deb9u1 | all teeworlds-server | 0.6.5+dfsg-1~deb9u1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x Maintainer: Debian Games Team Will also close bugs: 935596 ------------------- Reason ------------------- RoST; security issues; incompatible with current servers ---------------------------------------------- pump | 0.8.24-7 | source pump | 0.8.24-7+b2 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x Maintainer: Philippe Coval Will also close bugs: 938932 ------------------- Reason ------------------- RoST; unmaintained; security issues ---------------------------------------------- ========================================================================= apache2 (2.4.25-3+deb9u8) stretch-security; urgency=high . [ Xavier Guimard ] * Add patch to limit cross-site scripting in mod_proxy (Closes: CVE-2019-10092) * Import http2 modules from 2.4.41 (Closes: CVE-2019-9517, CVE-2019-10082, CVE-2019-10081) * Add patch to set PCRE_DOTALL by default (Closes: CVE-2019-10098) . [ Stefan Fritsch ] * Add -Werror=implicit-function-declaration to compile options to catch problems with backports. atftp (0.7.git20120829-3.1~deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Rebuild for stretch-security. . atftp (0.7.git20120829-3.1) unstable; urgency=high . * Non-maintainer upload. * Fix concurrency issue denial of service (CVE-2019-11366) (Closes: #927553) * Fix error handler stack overflow (CVE-2019-11365) (Closes: #927553) base-files (9.9+deb9u10) stretch; urgency=medium . * Change /etc/debian_version to 9.10, for Debian 9.10 point release. * Add VERSION_CODENAME to os-release. Closes: #829245. Please note that this is only for stable releases. basez (1.6-3+deb9u1) stretch; urgency=medium . * Properly decode base64url encoded strings (closes: #931041) bind9 (1:9.10.3.dfsg.P4-12.3+deb9u5) stretch-security; urgency=high . [ Marc Deslauriers (Ubuntu) ] * CVE-2018-5743: limiting simultaneous TCP clients is ineffective. Thanks to Marc Deslauriers of Ubuntu (Closes: #927932) . [ Ondřej Surý ] * Sync Maintainer and Uploaders with unstable * [CVE-2019-6465]: Zone transfer for DLZs are executed though not permitted by ACLs. (Closes: #922955) * [CVE-2018-5745]: Avoid assertion and thus causing named to deliberately exit when a trust anchor's key is replaced with a key which uses an unsupported algorithm. (Closes: #922954) biomaj-watcher (1.2.2-4+deb9u1) stretch; urgency=medium . * Bump (Build-)Depends to default-jdk (>= 2:1.8) (aka openjdk-8). Prevent partial upgrades from jessie (openjdk-7): biomaj-watcher needs to be run with the same jdk version that was used for building. (Closes: #866980) c-icap-modules (1:0.4.4-1+deb9u1) stretch; urgency=medium . * Non-maintainer upload. * Add support for clamav 0.101.1 (Closes: #919814). chaosreader (0.96-2+deb9u1) stretch; urgency=medium . * Non-maintainer upload. * Added libnet-dns-perl to Depends field. (Closes: #890589) clamav (0.101.4+dfsg-0+deb9u1) stretch; urgency=medium . * Import 0.101.4 (Closes: 921190) - CVE-2019-12625 (Add scan time limit to limit the processing zip-bombs) (Closes:934359) - CVE-2019-12900 (An out of bounds write was possible within ClamAV's NSIS bzip) - update symbols file (bump to 101.4 and drop unused cli_strnstr). clamav (0.101.2+dfsg-3) unstable; urgency=medium . * Cherry-pick a fix from 0.101.3 to address a vulnerability to non-recursive zip bombs. clamav (0.101.2+dfsg-2) unstable; urgency=medium . * Remove python from build-depends: - Only needed for llvm, which is currently (and probably permanently) disabled - Support python2 removal, if this comes back, it will need to be python3 clamav (0.101.2+dfsg-1+deb10u1) buster; urgency=medium . * Cherry-pick a fix from 0.101.3 to address a vulnerability to non-recursive zip bombs. clamav (0.101.2+dfsg-1) unstable; urgency=high . * Import 0.101.2 - CVE-2019-1787 (An out-of-bounds heap read condition may occur when scanning PDF documents) - CVE-2019-1789 (An out-of-bounds heap read condition may occur when scanning PE files) - CVE-2019-1788 (An out-of-bounds heap write condition may occur when scanning OLE2 files) - CVE-2019-1786 (An out-of-bounds heap read condition may occur when scanning malformed PDF documents) - CVE-2019-1785 (A path-traversal write condition may occur as a result of improper input validation when scanning RAR archives) - CVE-2019-1798 (A use-after-free condition may occur as a result of improper error handling when scanning nested RAR archives) - update symbols file - Remove DetectBrokenExecutables option from clamd template, it is deprecated. * Drop the dbgsym migration line. * Bump standards-version to 4.3.0 without further change clamav (0.101.2+dfsg-0+deb9u1) stretch; urgency=medium . * Import 0.101.2 - CVE-2019-1787 (An out-of-bounds heap read condition may occur when scanning PDF documents) - CVE-2019-1789 (An out-of-bounds heap read condition may occur when scanning PE files) - CVE-2019-1788 (An out-of-bounds heap write condition may occur when scanning OLE2 files) - CVE-2019-1786 (An out-of-bounds heap read condition may occur when scanning malformed PDF documents) - CVE-2019-1785 (A path-traversal write condition may occur as a result of improper input validation when scanning RAR archives) - CVE-2019-1798 (A use-after-free condition may occur as a result of improper error handling when scanning nested RAR archives) - update symbols file - Remove DetectBrokenExecutables option from clamd template, it is deprecated. clamav (0.101.1+dfsg-3) unstable; urgency=medium . * Upload to unstable. clamav (0.101.1+dfsg-2) experimental; urgency=medium . [ Scott Kitterman ] * Add information to README.Debian on configuring clamav-milter's socket to work with postfix . [ Sebastian Andrzej Siewior ] * debian/libclamav-dev.install: also install clamav-types.h clamav (0.101.1+dfsg-1) experimental; urgency=medium . [ Scott Kitterman ] * Update debian/copyright * Add Build-Depends-Package to libclamav9.symbols * Update clamav-docs.doc-base for re-organized documentation * Add lintian override for source-is-missing on test file that happens to have long line length * Drop build-depends on electric-fence, upstream no longer ships the relevant tests that used it . [ Sebastian Andrzej Siewior ] * Import 0.101.1 - update symbol file - add back the json/curl configure options (don't rely on autodetect). * Add abstractions/openssl to apparmor's profile. Thanks to intrigeri for the help (Closes: #913020). * Load the apparmor profile before starting the daemon. Thanks to intrigeri for the help (Closes: #903834). * Add attach_disconnected to freshclam's apparmor profile to hopefully get it properly working in overlayfs enviroment. Thanks to Vincas Dargis (Closes: #917648). clamav (0.101.0+dfsg-1) experimental; urgency=medium . [ Scott Kitterman ] * Increase clamd socket command read timeout to 30 seconds (Closes: #915098) . [ Sebastian Andrzej Siewior ] * Import new upstream release. - update symbol file. - add new options to the config file. - package libclamav9 corekeeper (1.7~deb9u1) stretch; urgency=medium . * Backport security hardening fixes to stretch . corekeeper (1.7) unstable; urgency=medium . * Do not use a world-writable /var/crash with the dumper script and fix the permissions on upgrade as dpkg doesn't do that. (Closes: #924397) (See-also: #515211) * Handle older versions of the Linux kernel in a safer way (Closes: #924398) * Harden ownership determination and core file names * Do not truncate core names for executables with spaces * Update VCS URLs from alioth to salsa cups (2.2.1-8+deb9u4) stretch; urgency=low . * Fix multiple security/disclosure issues (Closes: #934957) - CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows - Fixed IPP buffer overflow - Fixed memory disclosure issue in the scheduler - Fixed DoS issues in the scheduler cups-filters (1.11.6-3+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * foomatic-rip: Changed Ghostscript call to count pages in a PDF file to use "runpdfbegin" and not the undocumented Ghostscript internal "pdfdict". (Closes: #926576, #928936) cyrus-imapd (2.5.10-3+deb9u1) stretch-security; urgency=high . * Add patch to fix arbitrary code execution via CalDAV (Closes: CVE-2019-11356) dansguardian (2.10.1.1-5.1+deb9u2) stretch; urgency=medium . * Non-maintainer upload. * Add support for clamav 0.101 (Closes: #923981). dbus (1.10.28-0+deb9u1) stretch-security; urgency=medium . * New upstream stable release - CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1 authentication for identities that differ from the user running the DBusServer. Previously, a local attacker could manipulate symbolic links in their own home directory to bypass authentication and connect to a DBusServer with elevated privileges. The standard system and session dbus-daemons in their default configuration were immune to this attack because they did not allow DBUS_COOKIE_SHA1, but third-party users of DBusServer such as Upstart could be vulnerable. - Prevent reading up to 3 bytes beyond the end of a truncated message. This could in principle be an information leak or denial of service on the system bus, but is not believed to be exploitable to crash the system bus or leak interesting information in practice. - Stop the dbus-daemon leaking memory (an error message) if delivering the message that triggered auto-activation is forbidden. This is technically a denial of service because the dbus-daemon will run out of memory eventually, but it's a very slow and noisy one, because all the rejected messages are also very likely to have been logged to the system log, and its scope is typically limited by the finite number of activatable services available. - Remove __attribute__((__malloc__)) attribute on dbus_realloc(), which does not meet the criteria for that attribute in gcc 4.7+, potentially leading to miscompilation. - Fix build with gcc 8 -Werror=cast-function-type - Fix warning from gcc 8 about suspicious use of strncpy() when populating struct sockaddr_un - Fix installation of Ducktype documentation with newer yelp-build versions * d/control: Update Vcs-Git, Vcs-Browser debian-archive-keyring (2017.5+deb9u1) stretch; urgency=medium . * Team upload. . [ Philipp Kern ] * Remove Wheezy's keys (automatic and stable release). (Closes: #901320) . [ Adam D. Barratt ] * Add Vcs-* headers. * Ensure fragments for Wheezy keys are removed. . [ Jonathan Wiltshire ] * Add my own key to the team-members keyring * Add Debian Stable Release key (10/buster) (ID: DCC9EFBF77E11517) (Closes: #917536) * Add Debian Archive Automatic Signing Key (10/buster) (ID: BCDDDC30D7C23CBBABEE) and Debian Security Archive Automatic Signing Key (10/buster) (ID: C5FF4DFAB270CAA96DFA) (Closes: #917535) debian-installer (20170615+deb9u7) stretch; urgency=medium . [ Samuel Thibault ] * Keep grub resolution in EFI boot, to avoid tiny fonts (closes: #910227). . [ Julien Cristau ] * Bump linux ABI to 4.9.0-11. debian-installer-netboot-images (20170615+deb9u7) stretch; urgency=medium . * Update to 20170615+deb9u7 images, from stretch-proposed-updates dosbox (0.74-4.2+deb9u2) stretch-security; urgency=medium . * Apply upstream fixes for two security issues: - CVE-2019-7165: long lines in batch files would overflow the parsing buffer; - CVE-2019-12594: programs running inside DOSBox could access /proc. Closes: #931222. dovecot (1:2.2.27-3+deb9u5) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix CVE-2019-11500 - lib-imap: Don't accept strings with NULs - lib-imap: Make sure str_unescape() won't be writing past allocated memory - lib-managesieve: Don't accept strings with NULs - lib-managesieve: Make sure str_unescape() won't be writing past allocated memory drupal7 (7.52-2+deb9u9) stretch-security; urgency=high . * SA-CORE-2019-006: Fixes bundled library's insecure management of deserialization (Closes: #928688) evolution (3.22.6-1+deb9u2) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2018-15587: backport patches to mitigate possible signature/encryption spoofing in PGP encrypted mail. (Closes: #924616) + [GPG] Mails that are not encrypted look encrypted + Show security bar above message headers exim4 (4.89-2+deb9u5) stretch-security; urgency=high . * Fix remote command execution vulnerability related to "${sort}"-expansion. CVE-2019-13917 OVE-20190718-0006 exim4 (4.89-2+deb9u4) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix remote command execution vulnerability (CVE-2019-10149) expat (2.2.0-2+deb9u2) stretch-security; urgency=high . * Fix extraction of namespace prefix from XML name (CVE-2018-20843) (closes: #931031). fence-agents (4.0.25-1+deb9u1) stretch; urgency=medium . * fence_rhevm: add patch for CVE-2019-10153 (Closes: #930887) ffmpeg (7:3.2.14-1~deb9u1) stretch-security; urgency=medium . * New upstream release(s). - avcodec/htmlsubtitles: Fixes denial of service due to use of sscanf in inner loop for handling braces (CVE-2019-9718) - avcodec/hevcdec: Avoid only partly skiping duplicate first slices (CVE-2019-11338) - avformat/asfdec_o: Check size_bmp more fully (CVE-2018-1999011) - avformat/flvenc: Check audio packet size (CVE-2018-15822) fig2dev (1:3.2.6a-2+deb9u2) stretch; urgency=medium . * 40_circle_arrowhead: Do not segfault on circle/half circle arrowheads with a magnification larger 42. This fixes CVE-2019-14275. (Closes: #933075). * Adapt salsa CI pipeline to stretch release. firefox-esr (60.7.1esr-1~deb9u1) stretch-security; urgency=medium . * New upstream release. * Fixes for mfsa2019-18, also known as CVE-2019-11707. firefox-esr (60.7.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2019-14, also known as: CVE-2019-9816, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820, CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-7317, CVE-2019-9797, CVE-2018-18511, CVE-2019-11698, CVE-2019-5798, CVE-2019-9800. . * debian/rules: Avoid rust build errors with newer versions of rustc by capping lints to warnings. firefox-esr (60.7.0esr-1~deb9u1) stretch-security; urgency=medium . * New upstream release. * Fixes for mfsa2019-14, also known as: CVE-2019-9816, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820, CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-7317, CVE-2019-9797, CVE-2018-18511, CVE-2019-11698, CVE-2019-5798, CVE-2019-9800. . * debian/rules: Avoid rust build errors with newer versions of rustc by capping lints to warnings. firefox-esr (60.6.3esr-1) unstable; urgency=medium . * New upstream release. - Additional fixes for addon signature validation. firefox-esr (60.6.3esr-1~deb9u1) stretch; urgency=medium . * New upstream release. - Additional fixes for addon signature validation. firefox-esr (60.6.2esr-1) unstable; urgency=medium . * New upstream release. - Fixes issues with addon signature validation. Closes: #928415, #928449. Note: this didn't affect addons installed via Debian packages. firefox-esr (60.6.2esr-1~deb9u1) stretch-security; urgency=medium . * New upstream release. - Fixes issues with addon signature validation. Closes: #928415, #928449. Note: this didn't affect addons installed via Debian packages. firefox-esr (60.6.1esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2019-10, also known as: CVE-2019-9810, CVE-2019-9813. fribidi (0.19.7-1+deb9u1) stretch; urgency=medium . * Non-maintainer upload. * libfribidi0-udeb: Fix right-to-left output in textual version of d-i by installing the shared library files into a multi-arch libdir (Closes: #917909). fusiondirectory (1.0.19-1+deb9u1) stretch; urgency=medium . * debian/patches: + Add 0001_CVE-2019-11187_stricter-ldap-error-check.patch. Perform stricter check on LDAP success/failure (CVE-2019-11187). * debian/control: + Add to D (fusiondirectory): php-xml. (Closes: #931959). gettext (0.19.8.1-2+deb9u1) stretch; urgency=medium . * Stop xgettext() from crashing when run with --its=FILE option. Patch taken from Debian 10, which in turn was extracted from upstream git. Should help the inkscape project. Closes: #891347. See https://gitlab.com/inkscape/inkscape/issues/271 for details. ghostscript (9.26a~dfsg-0+deb9u4) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * protect use of .forceput with executeonly (CVE-2019-10216) ghostscript (9.26a~dfsg-0+deb9u3) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Hide pdfdict and GS_PDF_ProcSet (internal stuff for the PDF interp) (CVE-2019-3839) * Fix lib/pdf2dsc.ps to use documented Ghostscript pdf procedures glib2.0 (2.50.3-2+deb9u1) stretch; urgency=medium . * Team upload * d/gbp.conf: Add GNOME team configuration * d/p/gfile-Limit-access-to-files-when-copying.patch: When copying files, give the temporary partial copy of the file suitably restrictive permissions (Closes: #929753; CVE-2019-12450) * d/p/keyfile-settings-Use-tighter-permissions.patch: Create directory and file with restrictive permissions when using the GKeyfileSettingsBackend. Mitigation: in this version of GLib, the GKeyfileSettingsBackend can only be used explicitly by code, and is never selected automatically. (Closes: #931234; CVE-2019-13012) * d/p/gmarkup-Fix-unvalidated-UTF-8-read-in-markup-parsing-erro.patch, d/p/gmarkup-Avoid-reading-off-the-end-of-a-buffer-when-non-nu.patch: Avoid buffer read overrun when formatting error messages for invalid UTF-8 in GMarkup (CVE-2018-16429) * d/p/gmarkup-Fix-crash-in-error-handling-path-for-closing-elem.patch: Avoid NULL dereference when parsing invalid GMarkup with a malformed closing tag not paired with an opening tag (CVE-2018-16429) gocode (20150303-3+deb9u2) stretch; urgency=medium . * Non-maintainer upload. * gocode-auto-complete-el: Make Pre-Depends: auto-complete-el versioned to fix upgrades from jessie to stretch. groonga (6.1.5-1+deb9u1) stretch; urgency=medium . * debian/groonga-httpd.logrotate debian/groonga-server-gqtp.logrotate - Mitigate privilege escalation by changing the owner and group of logs with "su" option. Reported by Wolfgang Hotwagner. (Closes: #928304) (CVE-2019-11675) grub2 (2.02~beta3-5+deb9u2) stretch; urgency=medium . * Cherry-pick upstream patches for Xen UEFI support (closes: #930028): - i386/relocator: Add grub_relocator64_efi relocator - multiboot2: Add tags used to pass ImageHandle to loaded image - multiboot2: Do not pass memory maps to image if EFI boot services are enabled - multiboot2: Add support for relocatable images - Use grub-file to figure out whether multiboot2 should be used for Xen.gz gsoap (2.8.35-4+deb9u2) stretch; urgency=medium . * Fix for CVE-2019-7659 Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service (application abort) or possibly have unspecified other impact if a server application is built with the -DWITH_COOKIES flag. This affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ libraries, as these are built with that flag. * Fix issue with DIME protocol receiver and malformed DIME headers This patch addresses a critical issue with the DIME protocol receiver that may cause the receiver to become unresponsive when a malformed DIME protocol message is received. -- https://www.genivia.com/advisory.html gst-plugins-base1.0 (1.10.4-1+deb9u1) stretch-security; urgency=medium . * CVE-2019-9928 (Closes: #927978) gthumb (3:3.4.4.1-5+deb9u1) stretch; urgency=medium . * debian/patches/ - cve-2018-18718.patch file (Closes: #912290) CVE-2018-18718 - CWE-415: Double Free The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations. . There is a suspected double-free bug with static void add_themes_from_dir() dlg-contact-sheet.c. This method involves two successive calls of g_free(buffer) (line 354 and 373), and is likely to cause double-free of the buffer. One possible fix could be directly assigning the buffer to NULL after the first call of g_free(buffer). Thanks Tianjun Wu https://gitlab.gnome.org/GNOME/gthumb/issues/18 havp (0.92a-4+deb9u1) stretch; urgency=medium . * Add support for clamav 0.101 (Closes: #920865). * Bump libclamav-dev build-depends to match heimdal (7.1.0+dfsg-13+deb9u3) stretch-security; urgency=medium . * CVE-2018-16860: Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum. Closes: #928966. * CVE-2019-12098: Always confirm PA-PKINIT-KX for anon PKINIT. Closes: #929064. * Update test certificates to pre 2038 expiry. icu (57.1-6+deb9u3) stretch; urgency=medium . * Fix pkgdata command segfault (closes: #893009). imagemagick (8:6.9.7.4+dfsg-11+deb9u7) stretch-security; urgency=medium . * CVE-2019-10650 (Closes: #926091) * CVE-2019-9956 (Closes: #925395) intel-microcode (3.20190618.1~deb9u1) stretch-security; urgency=medium . * Rebuild for stretch-security (no changes) * Refer to DSA 4447-1 for details . intel-microcode (3.20190618.1) unstable; urgency=medium . * New upstream microcode datafile 20190618 + SECURITY UPDATE Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223 CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 for Sandybridge server and Core-X processors + Updated Microcodes: sig 0x000206d6, pf_mask 0x6d, 2019-05-21, rev 0x061f, size 18432 sig 0x000206d7, pf_mask 0x6d, 2019-05-21, rev 0x0718, size 19456 * Add some missing (minor) changelog entries to 3.20190514.1 * Reformat 3.20190514.1 changelog entry to match rest of changelog intel-microcode (3.20190514.1) unstable; urgency=high . * New upstream microcode datafile 20190514 * SECURITY UPDATE Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223 CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 * New Microcodes: sig 0x00030678, pf_mask 0x02, 2019-04-22, rev 0x0838, size 52224 sig 0x00030678, pf_mask 0x0c, 2019-04-22, rev 0x0838, size 52224 sig 0x00030679, pf_mask 0x0f, 2019-04-23, rev 0x090c, size 52224 sig 0x000406c3, pf_mask 0x01, 2019-04-23, rev 0x0368, size 69632 sig 0x000406c4, pf_mask 0x01, 2019-04-23, rev 0x0411, size 68608 sig 0x00050657, pf_mask 0xbf, 2019-02-27, rev 0x5000021, size 47104 * Updated Microcodes: sig 0x000206a7, pf_mask 0x12, 2019-02-17, rev 0x002f, size 12288 sig 0x000306a9, pf_mask 0x12, 2019-02-13, rev 0x0021, size 14336 sig 0x000306c3, pf_mask 0x32, 2019-02-26, rev 0x0027, size 23552 sig 0x000306d4, pf_mask 0xc0, 2019-03-07, rev 0x002d, size 19456 sig 0x000306e4, pf_mask 0xed, 2019-03-14, rev 0x042e, size 16384 sig 0x000306e7, pf_mask 0xed, 2019-03-14, rev 0x0715, size 17408 sig 0x000306f2, pf_mask 0x6f, 2019-03-01, rev 0x0043, size 34816 sig 0x000306f4, pf_mask 0x80, 2019-03-01, rev 0x0014, size 18432 sig 0x00040651, pf_mask 0x72, 2019-02-26, rev 0x0025, size 21504 sig 0x00040661, pf_mask 0x32, 2019-02-26, rev 0x001b, size 25600 sig 0x00040671, pf_mask 0x22, 2019-03-07, rev 0x0020, size 14336 sig 0x000406e3, pf_mask 0xc0, 2019-04-01, rev 0x00cc, size 100352 sig 0x000406f1, pf_mask 0xef, 2019-03-02, rev 0xb000036, size 30720 sig 0x00050654, pf_mask 0xb7, 2019-04-02, rev 0x200005e, size 32768 sig 0x00050662, pf_mask 0x10, 2019-03-23, rev 0x001a, size 32768 sig 0x00050663, pf_mask 0x10, 2019-03-23, rev 0x7000017, size 24576 sig 0x00050664, pf_mask 0x10, 2019-03-23, rev 0xf000015, size 23552 sig 0x00050665, pf_mask 0x10, 2019-03-23, rev 0xe00000d, size 19456 sig 0x000506c9, pf_mask 0x03, 2019-01-15, rev 0x0038, size 17408 sig 0x000506ca, pf_mask 0x03, 2019-03-01, rev 0x0016, size 15360 sig 0x000506e3, pf_mask 0x36, 2019-04-01, rev 0x00cc, size 100352 sig 0x000506f1, pf_mask 0x01, 2019-03-21, rev 0x002e, size 11264 sig 0x000706a1, pf_mask 0x01, 2019-01-02, rev 0x002e, size 73728 sig 0x000806e9, pf_mask 0x10, 2019-04-01, rev 0x00b4, size 98304 sig 0x000806e9, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328 sig 0x000806ea, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328 sig 0x000806eb, pf_mask 0xd0, 2019-03-30, rev 0x00b8, size 98304 sig 0x000806ec, pf_mask 0x94, 2019-03-30, rev 0x00b8, size 97280 sig 0x000906e9, pf_mask 0x2a, 2019-04-01, rev 0x00b4, size 99328 sig 0x000906ea, pf_mask 0x22, 2019-04-01, rev 0x00b4, size 98304 sig 0x000906eb, pf_mask 0x02, 2019-04-01, rev 0x00b4, size 99328 sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304 sig 0x000906ed, pf_mask 0x22, 2019-03-17, rev 0x00b8, size 97280 intel-microcode (3.20190514.1~deb9u1) stretch-security; urgency=high . * Rebuild for stretch-security (no changes) . intel-microcode (3.20190514.1) unstable; urgency=high . * New upstream microcode datafile 20190514 * SECURITY UPDATE Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223 CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 * New Microcodes: sig 0x00030678, pf_mask 0x02, 2019-04-22, rev 0x0838, size 52224 sig 0x00030678, pf_mask 0x0c, 2019-04-22, rev 0x0838, size 52224 sig 0x00030679, pf_mask 0x0f, 2019-04-23, rev 0x090c, size 52224 sig 0x000406c3, pf_mask 0x01, 2019-04-23, rev 0x0368, size 69632 sig 0x000406c4, pf_mask 0x01, 2019-04-23, rev 0x0411, size 68608 sig 0x00050657, pf_mask 0xbf, 2019-02-27, rev 0x5000021, size 47104 * Updated Microcodes: sig 0x000206a7, pf_mask 0x12, 2019-02-17, rev 0x002f, size 12288 sig 0x000306a9, pf_mask 0x12, 2019-02-13, rev 0x0021, size 14336 sig 0x000306c3, pf_mask 0x32, 2019-02-26, rev 0x0027, size 23552 sig 0x000306d4, pf_mask 0xc0, 2019-03-07, rev 0x002d, size 19456 sig 0x000306e4, pf_mask 0xed, 2019-03-14, rev 0x042e, size 16384 sig 0x000306e7, pf_mask 0xed, 2019-03-14, rev 0x0715, size 17408 sig 0x000306f2, pf_mask 0x6f, 2019-03-01, rev 0x0043, size 34816 sig 0x000306f4, pf_mask 0x80, 2019-03-01, rev 0x0014, size 18432 sig 0x00040651, pf_mask 0x72, 2019-02-26, rev 0x0025, size 21504 sig 0x00040661, pf_mask 0x32, 2019-02-26, rev 0x001b, size 25600 sig 0x00040671, pf_mask 0x22, 2019-03-07, rev 0x0020, size 14336 sig 0x000406e3, pf_mask 0xc0, 2019-04-01, rev 0x00cc, size 100352 sig 0x000406f1, pf_mask 0xef, 2019-03-02, rev 0xb000036, size 30720 sig 0x00050654, pf_mask 0xb7, 2019-04-02, rev 0x200005e, size 32768 sig 0x00050662, pf_mask 0x10, 2019-03-23, rev 0x001a, size 32768 sig 0x00050663, pf_mask 0x10, 2019-03-23, rev 0x7000017, size 24576 sig 0x00050664, pf_mask 0x10, 2019-03-23, rev 0xf000015, size 23552 sig 0x00050665, pf_mask 0x10, 2019-03-23, rev 0xe00000d, size 19456 sig 0x000506c9, pf_mask 0x03, 2019-01-15, rev 0x0038, size 17408 sig 0x000506ca, pf_mask 0x03, 2019-03-01, rev 0x0016, size 15360 sig 0x000506e3, pf_mask 0x36, 2019-04-01, rev 0x00cc, size 100352 sig 0x000506f1, pf_mask 0x01, 2019-03-21, rev 0x002e, size 11264 sig 0x000706a1, pf_mask 0x01, 2019-01-02, rev 0x002e, size 73728 sig 0x000806e9, pf_mask 0x10, 2019-04-01, rev 0x00b4, size 98304 sig 0x000806e9, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328 sig 0x000806ea, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328 sig 0x000806eb, pf_mask 0xd0, 2019-03-30, rev 0x00b8, size 98304 sig 0x000806ec, pf_mask 0x94, 2019-03-30, rev 0x00b8, size 97280 sig 0x000906e9, pf_mask 0x2a, 2019-04-01, rev 0x00b4, size 99328 sig 0x000906ea, pf_mask 0x22, 2019-04-01, rev 0x00b4, size 98304 sig 0x000906eb, pf_mask 0x02, 2019-04-01, rev 0x00b4, size 99328 sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304 sig 0x000906ed, pf_mask 0x22, 2019-03-17, rev 0x00b8, size 97280 . intel-microcode (3.20190312.1) unstable; urgency=medium . * New upstream microcode datafile 20190312 + Removed Microcodes: sig 0x00050653, pf_mask 0x97, 2018-01-29, rev 0x1000140, size 30720 + New Microcodes: sig 0x000806e9, pf_mask 0x10, 2018-10-18, rev 0x009e, size 98304 sig 0x000806eb, pf_mask 0xd0, 2018-10-25, rev 0x00a4, size 99328 sig 0x000806ec, pf_mask 0x94, 2019-02-12, rev 0x00b2, size 98304 sig 0x000906ec, pf_mask 0x22, 2018-09-29, rev 0x00a2, size 98304 sig 0x000906ed, pf_mask 0x22, 2019-02-04, rev 0x00b0, size 97280 + Updated Microcodes: sig 0x000306f2, pf_mask 0x6f, 2018-11-20, rev 0x0041, size 34816 sig 0x000306f4, pf_mask 0x80, 2018-11-06, rev 0x0013, size 17408 sig 0x00050654, pf_mask 0xb7, 2019-01-28, rev 0x200005a, size 33792 sig 0x00050662, pf_mask 0x10, 2018-12-06, rev 0x0019, size 32768 sig 0x00050663, pf_mask 0x10, 2018-12-06, rev 0x7000016, size 23552 sig 0x00050664, pf_mask 0x10, 2018-11-17, rev 0xf000014, size 23552 sig 0x00050665, pf_mask 0x10, 2018-11-17, rev 0xe00000c, size 19456 sig 0x000506c9, pf_mask 0x03, 2018-09-14, rev 0x0036, size 17408 sig 0x000506ca, pf_mask 0x03, 2018-09-20, rev 0x0010, size 15360 sig 0x000706a1, pf_mask 0x01, 2018-09-21, rev 0x002c, size 73728 sig 0x000806e9, pf_mask 0xc0, 2018-07-16, rev 0x009a, size 98304 sig 0x000806ea, pf_mask 0xc0, 2018-10-18, rev 0x009e, size 98304 sig 0x000906e9, pf_mask 0x2a, 2018-07-16, rev 0x009a, size 98304 sig 0x000906ea, pf_mask 0x22, 2018-12-12, rev 0x00aa, size 98304 sig 0x000906eb, pf_mask 0x02, 2018-12-12, rev 0x00aa, size 99328 intel-microcode (3.20190312.1) unstable; urgency=medium . * New upstream microcode datafile 20190312 + Removed Microcodes: sig 0x00050653, pf_mask 0x97, 2018-01-29, rev 0x1000140, size 30720 + New Microcodes: sig 0x000806e9, pf_mask 0x10, 2018-10-18, rev 0x009e, size 98304 sig 0x000806eb, pf_mask 0xd0, 2018-10-25, rev 0x00a4, size 99328 sig 0x000806ec, pf_mask 0x94, 2019-02-12, rev 0x00b2, size 98304 sig 0x000906ec, pf_mask 0x22, 2018-09-29, rev 0x00a2, size 98304 sig 0x000906ed, pf_mask 0x22, 2019-02-04, rev 0x00b0, size 97280 + Updated Microcodes: sig 0x000306f2, pf_mask 0x6f, 2018-11-20, rev 0x0041, size 34816 sig 0x000306f4, pf_mask 0x80, 2018-11-06, rev 0x0013, size 17408 sig 0x00050654, pf_mask 0xb7, 2019-01-28, rev 0x200005a, size 33792 sig 0x00050662, pf_mask 0x10, 2018-12-06, rev 0x0019, size 32768 sig 0x00050663, pf_mask 0x10, 2018-12-06, rev 0x7000016, size 23552 sig 0x00050664, pf_mask 0x10, 2018-11-17, rev 0xf000014, size 23552 sig 0x00050665, pf_mask 0x10, 2018-11-17, rev 0xe00000c, size 19456 sig 0x000506c9, pf_mask 0x03, 2018-09-14, rev 0x0036, size 17408 sig 0x000506ca, pf_mask 0x03, 2018-09-20, rev 0x0010, size 15360 sig 0x000706a1, pf_mask 0x01, 2018-09-21, rev 0x002c, size 73728 sig 0x000806e9, pf_mask 0xc0, 2018-07-16, rev 0x009a, size 98304 sig 0x000806ea, pf_mask 0xc0, 2018-10-18, rev 0x009e, size 98304 sig 0x000906e9, pf_mask 0x2a, 2018-07-16, rev 0x009a, size 98304 sig 0x000906ea, pf_mask 0x22, 2018-12-12, rev 0x00aa, size 98304 sig 0x000906eb, pf_mask 0x02, 2018-12-12, rev 0x00aa, size 99328 intel-microcode (3.20190312.1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports (no changes) . intel-microcode (3.20190312.1) unstable; urgency=medium . * New upstream microcode datafile 20190312 + Removed Microcodes: sig 0x00050653, pf_mask 0x97, 2018-01-29, rev 0x1000140, size 30720 + New Microcodes: sig 0x000806e9, pf_mask 0x10, 2018-10-18, rev 0x009e, size 98304 sig 0x000806eb, pf_mask 0xd0, 2018-10-25, rev 0x00a4, size 99328 sig 0x000806ec, pf_mask 0x94, 2019-02-12, rev 0x00b2, size 98304 sig 0x000906ec, pf_mask 0x22, 2018-09-29, rev 0x00a2, size 98304 sig 0x000906ed, pf_mask 0x22, 2019-02-04, rev 0x00b0, size 97280 + Updated Microcodes: sig 0x000306f2, pf_mask 0x6f, 2018-11-20, rev 0x0041, size 34816 sig 0x000306f4, pf_mask 0x80, 2018-11-06, rev 0x0013, size 17408 sig 0x00050654, pf_mask 0xb7, 2019-01-28, rev 0x200005a, size 33792 sig 0x00050662, pf_mask 0x10, 2018-12-06, rev 0x0019, size 32768 sig 0x00050663, pf_mask 0x10, 2018-12-06, rev 0x7000016, size 23552 sig 0x00050664, pf_mask 0x10, 2018-11-17, rev 0xf000014, size 23552 sig 0x00050665, pf_mask 0x10, 2018-11-17, rev 0xe00000c, size 19456 sig 0x000506c9, pf_mask 0x03, 2018-09-14, rev 0x0036, size 17408 sig 0x000506ca, pf_mask 0x03, 2018-09-20, rev 0x0010, size 15360 sig 0x000706a1, pf_mask 0x01, 2018-09-21, rev 0x002c, size 73728 sig 0x000806e9, pf_mask 0xc0, 2018-07-16, rev 0x009a, size 98304 sig 0x000806ea, pf_mask 0xc0, 2018-10-18, rev 0x009e, size 98304 sig 0x000906e9, pf_mask 0x2a, 2018-07-16, rev 0x009a, size 98304 sig 0x000906ea, pf_mask 0x22, 2018-12-12, rev 0x00aa, size 98304 sig 0x000906eb, pf_mask 0x02, 2018-12-12, rev 0x00aa, size 99328 intel-microcode (3.20180807a.2) unstable; urgency=medium . * Makefile: unblacklist 0x206c2 (Westmere EP) According to pragyansri.pathi@intel.com, on message to LP#1795594 on 2018-10-09, we can ship 0x206c2 updates without restrictions. Also, there are no reports in the field about this update causing issues (closes: #907402) (LP: #1795594) jackson-databind (2.8.6-1+deb9u5) stretch-security; urgency=high . * Team upload. * Fix CVE-2018-11307, CVE-2018-12022, CVE-2018-12023, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720, CVE-2018-14721, CVE-2018-19360, CVE-2018-19361, CVE-2018-19362 and CVE-2019-12086. Several deserialization flaws were discovered in jackson-databind which could allow an unauthenticated user to perform code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization. kconfig (5.28.0-2+deb9u1) stretch-security; urgency=medium . * CVE-2019-14744 koji (1.10.0-1+deb9u1) stretch; urgency=medium . * Team upload. * Add patch based on upstream commit bdec8c7399 to fix CVE-2018-1002161, an SQL injection issue in multiple remote calls. Closes: #922922. * Add patch based on upstream commit ba7b5a3cbe to fix CVE-2017-1002153, to properly validate SCM pathes. Closes: #877921. lemonldap-ng (1.9.7-3+deb9u2) stretch; urgency=medium . * Fix CDA regression introduced in 1.9.7-3+deb9u1 * Fix XXE vulnerability (Closes: #931117) lemonldap-ng (1.9.7-3+deb9u1) stretch-security; urgency=medium . * Add patch to fix token security (Closes: #928944, CVE-2019-12046) libcaca (0.99.beta19-2.1~deb9u1) stretch; urgency=medium . * Non-maintainer upload. * Rebuild for stretch. . libcaca (0.99.beta19-2.1) unstable; urgency=medium . * Non-maintainer upload. * Cherry-Pick fixes from upstream git repository: - CVE-2018-20545, CVE-2018-20546, CVE-2018-20547,CVE-2018-20548 and CVE-2018-20549 (Closes: #917807) libclamunrar (0.101.2-0+deb9u1) stretch; urgency=high . * Import 0.101.2 - CVE-2019-1785 (A path-traversal write condition may occur as a result of improper input validation when scanning RAR archives) - CVE-2019-1798 (A use-after-free condition may occur as a result of improper error handling when scanning nested RAR archives) libclamunrar (0.101.1-2) unstable; urgency=medium . * Upload to unstable. libclamunrar (0.101.1-1) experimental; urgency=medium . * Update to new upstream version. - ABI changes from 7 to 9, some symbols changed. * Bumped standards version to 4.3.0 without any changes. libclamunrar (0.100.1-1) unstable; urgency=medium . [ Scott Kitterman ] * Delete symlinks to files no longer shipped in libclamav7 (Closes: #903792) . [ Sebastian Andrzej Siewior ] * Update to upstream version. - Buffer over-read in unRAR code due to missing max value checks in table initialization. Reported by Rui Reis. libconvert-units-perl (1:0.43-11~deb9u1) stretch; urgency=medium . * Non-maintainer upload. * Rebuild for stretch. . libconvert-units-perl (1:0.43-11) unstable; urgency=medium . * Team upload. * Re-upload with version bumped to 1:0.43-11 in order to avoid filename clashes between 1:0.43-2 and the pre-epoch 0.43-2 version. Thanks: Andreas Beckmann for the bug report. Closes: #929615 libdatetime-timezone-perl (1:2.09-1+2019b) stretch; urgency=medium . * Update to Olson database version 2019b. This update contains contemporary changes for Brazil and Palestine. libebml (1.3.4-1+deb9u1) stretch; urgency=medium . * debian/patches: Apply upstream fixes for heap-based buffer over-reads. (CVE-2019-13615) (Closes: #932241) libevent-rpc-perl (1.08-2+deb9u1) stretch; urgency=medium . * Team upload. * Fix FTBFS due to expired test SSL certificates (Closes: #903124) libgd2 (2.2.4-2+deb9u5) stretch; urgency=high . * Fix CVE-2019-11038: Uninitialized read in gdImageCreateFromXbm (Closes: #929821) libgovirt (0.3.4-2+deb9u1) stretch; urgency=medium . * Non-maintainer upload. * Regenerate test certificates with expiration date far in the future to fix test failures (closes: #915270). libpng1.6 (1.6.28-1+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Call png_image_free_function without guarding it with png_safe_execute (CVE-2019-7317) (Closes: #921355) libpng1.6 (1.6.28-1exp4) experimental; urgency=medium . * Override autoreconf due to debhelper bug 844504 libpng1.6 (1.6.28-1exp3) experimental; urgency=medium . * No-autoreconf for cmake builds libpng1.6 (1.6.28-1exp2) experimental; urgency=medium . * Readd multiarch patch, it was merged by upstream on master but not on 1.6 branch libpng1.6 (1.6.28-1exp1) experimental; urgency=medium . * Switch to cmake librecad (2.1.2-1+deb9u1) stretch; urgency=high . * Non-maintainer upload. * Fix CVE-2018-19105: A vulnerability was found in LibreCAD, a computer-aided design system, which could be exploited to crash the application or cause other unspecified impact when opening a specially crafted file. (Closes: #928477) libreoffice (1:5.2.7-1+deb9u10) stretch-security; urgency=high . * debian/patches/expand-LibreLogo-checks-to-global-events.diff, debian/patches/decode-url-escape-codes-and-check-each-path-segment.diff: debian/patches/keep-name-percent-encoded.diff debian/patches/Properly-obtain-location.diff: backport from libreoffice-6-3-0 branch - more fixes for CVE-2019-9848 and CVE-2018-16858 (CVE-2019-9850/CVE-2019-9851) libreoffice (1:5.2.7-1+deb9u9) stretch-security; urgency=high . * debian/patches/More-uses-of-referer-URL-with-SvxBrushItem.diff: backport patch from libreoffice-6-2 branch to fix CVE-2019-9849 libreoffice (1:5.2.7-1+deb9u8) stretch-security; urgency=high . * debian/patches/sanitize-LibreLogo-calls.diff, debian/patches/explictly-exclude-LibreLogo-from-XScript-usage.diff: add from git; fixing CVE-2019-9848 libsdl2-image (2.0.1+dfsg-2+deb9u2) stretch; urgency=medium . * Non-maintainer upload. * Multiple security issues (Closes: #932754): - CVE-2018-3977: buffer overflow in do_layer_surface (IMG_xcf.c). - CVE-2019-5052: integer overflow and subsequent buffer overflow in IMG_pcx.c. - CVE-2019-7635: heap buffer overflow in Blit1to4 (IMG_bmp.c). - CVE-2019-12216, CVE-2019-12217, CVE-2019-12218, CVE-2019-12219, CVE-2019-12220, CVE-2019-12221, CVE-2019-12222, CVE-2019-5051: OOB R/W in IMG_LoadPCX_RW (IMG_pcx.c). libthrift-java (0.9.1-2.1~deb9u1) stretch; urgency=medium . * Non-maintainer upload. * Rebuild for stretch. . libthrift-java (0.9.1-2.1) unstable; urgency=high . * Non-maintainer upload. * Fix CVE-2018-1320: It was discovered that it was possible to bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete. (Closes: #918736) libtk-img (1:1.4.6+dfsg-1+deb9u1) stretch; urgency=medium . * Switch from the internal copies of Jpeg, Zlib and PixarLog codecs to the libtiff ones (closes: #931422). libu2f-host (1.1.2-2+deb9u2) stretch; urgency=medium . * Backport fix for CVE-2019-9578 (Closes: #923874) * Configure git-buildpackage for stretch libvirt (3.0.0-4+deb9u4) stretch-security; urgency=medium . * Fix CVEs related to privilege escalations on R/O connections. - CVE-2019-10161: CVE-2019-10161-api-disallow-virDomainSaveImageGetXMLDesc-.patch - CVE-2019-10167: api-disallow-virConnectGetDomainCapabilities-on-read-only.patch * cpu_map: Define md-clear CPUID bit. CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 * Add spec-ctrl and ibpb CPU features and ibrs CPU models. CVE-2017-5753, CVE-2017-5715 * Add ssbd CPU feature. CVE-2018-3639 libxslt (1.1.29-2.1+deb9u1) stretch; urgency=medium . * Non-maintainer upload. * Fix security framework bypass (CVE-2019-11068) (Closes: #926895, #933743) * Fix uninitialized read of xsl:number token (CVE-2019-13117) (Closes: #931321, #933743) * Fix uninitialized read with UTF-8 grouping chars (CVE-2019-13118) (Closes: #931320, #933743) linux (4.9.189-3) stretch; urgency=medium . * tcp: fix tcp_rtx_queue_tail in case of empty retransmit queue linux (4.9.189-2) stretch; urgency=medium . [ Salvatore Bonaccorso ] * xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (CVE-2019-15538) . [ Ben Hutchings ] * [s390x] Revert "perf test 6: Fix missing kvm module load for s390" (fixes FTBFS) linux (4.9.189-1) stretch; urgency=medium . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.186 - [x86] Input: elantech - enable middle button support on 2 ThinkPads - mac80211: mesh: fix RCU warning - mac80211: free peer keys before vif down in mesh - netfilter: ipv6: nf_defrag: fix leakage of unqueued fragments - netfilter: ipv6: nf_defrag: accept duplicate fragments again - [armhf] Input: imx_keypad - make sure keyboard can always wake up system - [arm64] KVM: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy - mac80211: only warn once on chanctx_conf being NULL - md: fix for divide error in status_resync - bnx2x: Check if transceiver implements DDM before access - ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL - net :sunrpc :clnt :Fix xps refcount imbalance on the error path - udf: Fix incorrect final NOT_ALLOCATED (hole) extent length - [x86] ptrace: Fix possible spectre-v1 in ptrace_get_debugreg() - [x86] tls: Fix possible spectre-v1 in do_get_thread_area() - fscrypt: don't set policy for a dead directory - USB: serial: ftdi_sio: add ID for isodebug v1 - USB: serial: option: add support for GosunCn ME3630 RNDIS mode - Revert "serial: 8250: Don't service RX FIFO if interrupts are disabled" - p54usb: Fix race between disconnect and firmware loading (CVE-2019-15220) - usb: gadget: ether: Fix race between gether_disconnect and rx_submit - [i386] staging: comedi: dt282x: fix a null pointer deref on interrupt - [x86] staging: comedi: amplc_pci230: fix null pointer deref on interrupt - carl9170: fix misuse of device driver API - [x86] VMCI: Fix integer overflow in VMCI handle arrays - Revert "e1000e: fix cyclic resets at link up with active tx" - e1000e: start network tx queue only when link is up - [arm64] crypto: remove accidentally backported files - perf/core: Fix perf_sample_regs_user() mm check - [armhf] omap2: remove incorrect __init annotation - be2net: fix link failure after ethtool offline test - ppp: mppe: Add softdep to arc4 - sis900: fix TX completion - dm verity: use message limit for data block corruption message - [s390x] fix stfle zero padding - [s390x] qdio: (re-)initialize tiqdio list entries - [s390x] qdio: don't touch the dsci in tiqdio_add_input_queues() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.187 - [arm64] efi: Mark __efistub_stext_offset as an absolute symbol explicitly - [armhf] dmaengine: imx-sdma: fix use-after-free on probe error path - ath10k: Do not send probe response template for mesh - ath9k: Check for errors when reading SREV register - ath6kl: add some bounds checking - ath: DFS JP domain W56 fixed pulse type 3 RADAR detection - batman-adv: fix for leaked TVLV handler. - media: dvb: usb: fix use after free in dvb_usb_device_exit - media: marvell-ccic: fix DMA s/g desc number calculation - media: media_device_enum_links32: clean a reserved field - [armhf,arm64] net: stmmac: dwmac1000: Clear unused address entries - [armhf,arm64] net: stmmac: dwmac4/5: Clear unused address entries - signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig - af_key: fix leaks in key_pol_get_resp and dump_sp. - xfrm: Fix xfrm sel prefix length validation - media: mc-device.c: don't memset __user pointer contents - net: phy: Check against net_device being NULL - tua6100: Avoid build warnings. - [armhf] media: wl128x: Fix some error handling in fm_v4l2_init_video_device() - cpupower : frequency-set -r option misses the last cpu in related cpu list - [s390x] qdio: handle PENDING state for QEBSM devices - perf cs-etm: Properly set the value of 'old' and 'head' in snapshot mode - [armhf] gpio: omap: fix lack of irqstatus_raw0 for OMAP4 - [armhf] gpio: omap: ensure irq is enabled before wakeup - regmap: fix bulk writes on paged registers - bpf: silence warning messages in core - rcu: Force inlining of rcu_read_lock() - blkcg, writeback: dead memcgs shouldn't contribute to writeback ownership arbitration - xfrm: fix sa selector validation - perf evsel: Make perf_evsel__name() accept a NULL argument - vhost_net: disable zerocopy by default - ipoib: correcly show a VF hardware address - EDAC/sysfs: Fix memory leak when creating a csrow object - ipsec: select crypto ciphers for xfrm_algo - media: i2c: fix warning same module names - ntp: Limit TAI-UTC offset - timer_list: Guard procfs specific code - [arm64] acpi: ignore 5.1 FADTs that are reported as 5.0 - mt7601u: do not schedule rx_tasklet when the device has been disconnected - mt7601u: fix possible memory leak when the device is disconnected - ath10k: fix PCIE device wake up failed - perf tools: Increase MAX_NR_CPUS and MAX_CACHES - libata: don't request sense data on !ZAC ATA devices - [armhf] clocksource/drivers/exynos_mct: Increase priority over ARM arch timer - rslib: Fix decoding of shortened codes - rslib: Fix handling of of caller provided syndrome - ixgbe: Check DDM existence in transceiver before access - crypto: asymmetric_keys - select CRYPTO_HASH where needed - EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec - bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() - iwlwifi: mvm: Drop large non sta frames - net: usb: asix: init MAC address buffers - gpiolib: Fix references to gpiod_[gs]et_*value_cansleep() variants - Bluetooth: hci_bcsp: Fix memory leak in rx_skb - Bluetooth: 6lowpan: search for destination address in all peers - Bluetooth: Check state in l2cap_disconnect_rsp - Bluetooth: validate BLE connection interval updates - gtp: fix Illegal context switch in RCU read-side critical section. - gtp: fix use-after-free in gtp_newlink() - crypto: ghash - fix unaligned memory access in ghash_setkey() - [arm64] crypto: sha1-ce - correct digest for empty data in finup - [arm64] crypto: sha2-ce - correct digest for empty data in finup - crypto: chacha20poly1305 - fix atomic sleep when using async algorithm - [armhf] regulator: s2mps11: Fix buck7 and buck8 wrong voltages - [arm64] tegra: Update Jetson TX1 GPU regulator timings - iwlwifi: pcie: don't service an interrupt that was masked - tracing/snapshot: Resize spare buffer if size changed - NFSv4: Handle the special Linux file open access mode - lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE - ALSA: seq: Break too long mutex context in the write loop - [x86] ALSA: hda/realtek: apply ALC891 headset fixup to one Dell machine - media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom() - [x86] KVM: vPMU: refine kvm_pmu err msg when event creation failed - [arm64] tegra: Fix AGIC register range - fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes. - drm/nouveau/i2c: Enable i2c pads & busses during preinit - padata: use smp_mb in padata_reorder to avoid orphaned padata jobs - 9p/virtio: Add cleanup path in p9_virtio_init - PCI: Do not poll for PME if the device is in D3cold - Btrfs: add missing inode version, ctime and mtime updates when punching hole - libnvdimm/pfn: fix fsdax-mode namespace info-block zero-fields - take floppy compat ioctls to floppy.c - [x86] crypto: ccp - Validate the the error value used to index error messages - [x86] PCI: hv: Delete the device earlier from hbus->children for hot- remove - [x86] PCI: hv: Fix a use-after-free bug in hv_eject_device_work() - [ppc64el] watchpoint: Restore NV GPRs while returning from exception - eCryptfs: fix a couple type promotion bugs - [x86] intel_th: msu: Fix single mode with disabled IOMMU - Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug - usb: Handle USB3 remote wakeup for LPM enabled devices correctly - dm bufio: fix deadlock with loop device - compiler.h: Add read_word_at_a_time() function. - ext4: allow directory holes - bnx2x: Prevent load reordering in tx completion processing - bnx2x: Prevent ptp_task to be rescheduled indefinitely - igmp: fix memory leak in igmpv3_del_delrec() - ipv4: don't set IPv6 only flags to IPv4 addresses - [armhf] net: dsa: mv88e6xxx: wait after reset deactivation - net: neigh: fix multiple neigh timer scheduling - net: openvswitch: fix csum updates for MPLS actions - nfc: fix potential illegal memory access - rxrpc: Fix send on a connected, but unbound socket - [x86] sky2: Disable MSI on ASUS P6T - vrf: make sure skb->data contains ip header to make routing - macsec: fix use-after-free of skb during RX - macsec: fix checksumming after decryption - netrom: fix a memory leak in nr_rx_frame() - netrom: hold sock when setting skb->destructor - bonding: validate ip header before check IPPROTO_IGMP - tcp: Reset bytes_acked and bytes_received when disconnecting - net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling - net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query - net: bridge: stp: don't cache eth dest pointer before skb pull - [x86] perf/amd/uncore: Rename 'L2' to 'LLC' - [x86] perf/amd/uncore: Get correct number of cores sharing last level cache - [x86] perf/events/amd/uncore: Fix amd_uncore_llc ID to use pre-defined cpu_llc_id - NFSv4: Fix open create exclusive when the server reboots - nfsd: give out fewer session slots as limit approaches - nfsd: fix performance-limiting session calculation - nfsd: Fix overflow causing non-working mounts on 1 TB machines - [armhf,arm64] drm/panel: simple: Fix panel_simple_dsi_probe - usb: core: hub: Disable hub-initiated U1/U2 - [armhf] pinctrl: rockchip: fix leaked of_node references - memstick: Fix error cleanup path of memstick_init - [arm64] tty: serial: msm_serial: avoid system lockup condition - serial: 8250: Fix TX interrupt handling condition - drm/virtio: Add memory barriers for capset cache. - phy: renesas: rcar-gen2: Fix memory leak at error paths - [armhf] drm/rockchip: Properly adjust to a true clock in adjusted_mode - tty: serial_core: Set port active bit in uart_port_activate - usb: gadget: Zero ffs_io_data - [ppc64el] pci/of: Fix OF flags parsing for 64bit BARs - PCI: sysfs: Ignore lockdep for remove attribute - iio: iio-utils: Fix possible incorrect mask calculation - [ppc64el] recordmcount: Fix spurious mcount entries on powerpc - mfd: core: Set fwnode for created devices - [arm64] mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk - RDMA/i40iw: Set queue pair state when being queried - perf test mmap-thread-lookup: Initialize variable to suppress memory sanitizer warning - RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM - [ppc64el] boot: add {get, put}_unaligned_be32 to xz_config.h - f2fs: avoid out-of-range memory access - mailbox: handle failed named mailbox channel request - [ppc64el] eeh: Handle hugepages in ioremap space - 9p: pass the correct prototype to read_cache_page - mm/mmu_notifier: use hlist_add_head_rcu() - usb: wusbcore: fix unbalanced get/put cluster_id - [x86] usb: pci-quirks: Correct AMD PLL quirk detection - [x86] sysfb_efi: Add quirks for some devices with swapped width and height - [x86] speculation/mds: Apply more accurate check on hypervisor platform - [x86] hpet: Fix division by zero in hpet_time_div() - ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1 - ALSA: hda - Add a conexant codec entry to let mute led work - access: avoid the RCU grace period for the temporary subjective credentials - [arm64] dts: marvell: Fix A37xx UART0 register size - i2c: qup: fixed releasing dma without flush operation completion - [arm64] compat: Provide definition for COMPAT_SIGMINSTKSZ (Closes: #904385) - ISDN: hfcsusb: checking idx of ep configuration - media: au0828: fix null dereference in error path - media: cpia2_usb: first wake up, then free in disconnect - media: radio-raremono: change devm_k*alloc to k*alloc - sched/fair: Don't free p->numa_faults with concurrent readers - drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl - ceph: hold i_ceph_lock when removing caps for freeing inode https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.188 - [armhf] dts: rockchip: Make rk3288-veyron-minnie run at hs200 - [armhf] dts: rockchip: Make rk3288-veyron-mickey's emmc work again - [armhf] dts: rockchip: Mark that the rk3288 timer might stop in suspend - ftrace: Enable trampoline when rec count returns back to one - kernel/module.c: Only return -EEXIST for modules that have finished loading - fs/adfs: super: fix use-after-free bug - btrfs: fix minimum number of chunk errors for DUP - ceph: fix improper use of smp_mb__before_atomic() - ceph: return -ERANGE if virtual xattr value didn't fit in buffer - [s390x] scsi: zfcp: fix GCC compiler warning emitted with -Wmaybe-uninitialized - ACPI: fix false-positive -Wuninitialized warning - be2net: Signal that the device cannot transmit during reconfiguration - [x86] apic: Silence -Wtype-limits compiler warnings - mm/cma.c: fail if fixed declaration can't be honored - coda: add error handling for fget - coda: fix build using bare-metal toolchain - uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side headers - drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings - ipc/mqueue.c: only perform resource calculation if user valid - [x86] kvm: Don't call kvm_spurious_fault() from .fixup - [x86] boot: Remove multiple copy of static function sanitize_boot_params() - Btrfs: fix incremental send failure after deduplication - [armhf,arm64] mmc: dw_mmc: Fix occasional hang after tuning on eMMC - gpiolib: fix incorrect IRQ requesting of an active-low lineevent - selinux: fix memory leak in policydb_init() - [s390x] dasd: fix endless loop after read unit address configuration - [arm*] drivers/perf: arm_pmu: Fix failure path in PM notifier - xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() - IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification - infiniband: fix race condition between infiniband mlx4, mlx5 driver and core dumping - coredump: fix race condition between collapse_huge_page() and core dumping - eeprom: at24: make spd world-readable again - Backport minimal compiler_attributes.h to support GCC 9 - include/linux/module.h: copy __init/__exit attrs to init/cleanup_module - objtool: Support GCC 9 cold subfunction naming scheme - [x86] mm, gup: prevent get_page() race with munmap in paravirt guest https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.189 - scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure - [armhf] dts: Add pinmuxing for i2c2 and i2c3 for LogicPD SOM-LV - [armhf] dts: Add pinmuxing for i2c2 and i2c3 for LogicPD torpedo - [armhf] dts: logicpd-som-lv: Fix Audio Mute - [arm64] cpufeature: Fix CTR_EL0 field definitions - [arm64] cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG} - tcp: be more careful in tcp_fragment() - HID: wacom: fix bit shift for Cintiq Companion 2 - HID: Add quirk for HP X1200 PIXART OEM mouse - RDMA: Directly cast the sockaddr union to sockaddr - IB: directly cast the sockaddr union to aockaddr - objtool: Add machine_real_restart() to the noreturn list - objtool: Add rewind_stack_do_exit() to the noreturn list - libceph: use kbasename() and kill ceph_file_part() - atm: iphase: Fix Spectre v1 vulnerability - net: bridge: delete local fdb on device init failure - net: bridge: mcast: don't delete permanent entries when fast leave is enabled - net: fix ifindex collision during namespace removal - net/mlx5: Use reversed order when unregister devices - net: sched: Fix a possible null-pointer dereference in dequeue_func() - tipc: compat: allow tipc commands without arguments - compat_ioctl: pppoe: fix PPPOEIOCSFWD handling - ip6_tunnel: fix possible use-after-free on xmit - ife: error out when nla attributes are empty - bnx2x: Disable multi-cos feature. - [armhf,arm64] spi: bcm2835: Fix 3-wire mode if DMA is enabled . [ Ben Hutchings ] * Bump ABI to 11 * siphash: implement HalfSipHash1-3 for hash tables (Closes: #935134) * netfilter: conntrack: Use consistent ct id hash calculation (fixes regression in 4.9.168-1+deb9u5) linux (4.9.185-1) stretch; urgency=medium . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.185 - [arm64,armhf] usb: chipidea: udc: workaround for endpoint conflict issue - [amd64] IB/hfi1: Silence txreq allocation warnings - Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD - apparmor: enforce nullbyte at end of tag string - parport: Fix mem leak in parport_register_dev_model - [amd64] IB/hfi1: Insure freeze_work work_struct is canceled on shutdown - IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value - [mips*] uprobes: remove set but not used variable 'epc' - [armhf] net: dsa: mv88e6xxx: avoid error message on remove from VLAN 0 - [arm64] net: hns: Fix loopback test failed at copper ports - [arm64] drm/arm/hdlcd: Allow a bit of clock tolerance - scsi: ufs: Check that space was properly alloced in copy_query_response - [s390x] qeth: fix VLAN attribute in bridge_hostnotify udev event - nvme: Fix u32 overflow in the number of namespace list calculation - btrfs: start readahead also in seed devices - can: purge socket error queue on sock destruct - [ppc64el] powerpc/bpf: use unsigned division instruction for 64-bit operations - Bluetooth: Align minimum encryption key size for LE and BR/EDR connections - Bluetooth: Fix regression with minimum encryption key size alignment - cfg80211: fix memory leak of wiphy device name - mac80211: drop robust management frames from unknown TA - mac80211: Do not use stack memory with scatterlist for GMAC - [amd64] IB/hfi1: Avoid hardlockup with flushlist_lock - 9p/rdma: do not disconnect on down_interruptible EAGAIN - 9p: acl: fix uninitialized iattr access - 9p/rdma: remove useless check in cm_event_handler - 9p: p9dirent_read: check network-provided name length - fs/proc/array.c: allow reporting eip/esp for all coredumping threads - [x86] scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() - [x86] x86/speculation: Allow guests to use SSBD even if host does not - NFS/flexfiles: Use the correct TCP timeout for flexfiles I/O - cpu/speculation: Warn on unsupported mitigations= parameter - af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET - [arm64,armhf] net: stmmac: fixed new system time seconds value calculation - sctp: change to hold sk after auth shkey is created successfully - tipc: change to use register_pernet_device - tipc: check msg->req data len in tipc_nl_compat_bearer_disable - tun: wake up waitqueues after IFF_UP is set - team: Always enable vlan tx offload - bonding: Always enable vlan tx offload - ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop - net: check before dereferencing netdev_ops during busy poll - bpf: udp: Avoid calling reuseport's bpf_prog from udp_gro - bpf: udp: ipv6: Avoid running reuseport's bpf_prog from __udp6_lib_err - tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb - Bluetooth: Fix faulty expression for minimum encryption key size check - ASoC: soc-pcm: BE dai needs prepare when pause release after resume - spi: bitbang: Fix NULL pointer dereference in spi_unregister_master - ASoC: max98090: remove 24-bit format support if RJ is 0 - scsi: hpsa: correct ioaccel2 chaining - mm/mlock.c: change count_mm_mlocked_page_nr return type - [mips*] math-emu: do not use bools for arithmetic - [armhf] mfd: omap-usb-tll: Fix register offsets - [armhf] clk: sunxi: fix uninitialized access - [x86] KVM: degrade WARN to pr_warn_ratelimited - [x86] drm/i915/dmc: protect against reading random memory - ALSA: firewire-lib/fireworks: fix miss detection of received MIDI messages - ALSA: line6: Fix write on zero-sized buffer - ALSA: usb-audio: fix sign unintended sign extension on left shifts - [x86] lib/mpi: Fix karactx leak in mpi_powm - [armhf] drm/imx: notify drm core before sending event during crtc disable - [armhf] drm/imx: only send event on crtc disable if kept disabled - btrfs: Ensure replaced device doesn't have pending chunk allocation - [x86] tty: rocket: fix incorrect forward declaration of 'rp_init()' - [arm64] vdso: Define vdso_{start,end} as array - [x86] KVM: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC - [amd64] IB/hfi1: Close PSM sdma_progress sleep window - [mips*] Add missing EHB in mtc0 -> mfc0 sequence. - [armhf] dmaengine: imx-sdma: remove BD_INTR for channel0 linux (4.9.184-1) stretch; urgency=medium . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.169 - [x86] power: Fix some ordering bugs in __restore_processor_context() - [amd64] power/64: Use struct desc_ptr for the IDT in struct saved_context - [i386] power/32: Move SYSENTER MSR restoration to fix_processor_context() - [x86] power: Make restore_processor_context() sane - [ppc64el] powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM - [ppc64el] Fix invalid use of register expressions - [ppc64el] powerpc/64s: Add barrier_nospec - [ppc64el] powerpc/64s: Add support for ori barrier_nospec patching - [ppc64el] Avoid code patching freed init sections - [ppc64el] powerpc/64s: Patch barrier_nospec in modules - [ppc64el] powerpc/64s: Enable barrier_nospec based on firmware settings - [ppc64el] Use barrier_nospec in copy_from_user() - [ppc64el] powerpc/64: Use barrier_nospec in syscall entry - [ppc64el] powerpc/64s: Enhance the information in cpu_show_spectre_v1() - [ppc64el] powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 - [ppc64el] powerpc/64: Disable the speculation barrier from the command line - [ppc64el] powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. - [ppc64el] powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC - [ppc64el] powerpc/64: Call setup_barrier_nospec() from setup_arch() - [ppc64el] powerpc/64: Make meltdown reporting Book3S 64 specific - [ppc64el] asm: Add a patch_site macro & helpers for patching instructions - [ppc64el] powerpc/64s: Add new security feature flags for count cache flush - [ppc64el] powerpc/64s: Add support for software count cache flush - [ppc64el] powerpc/pseries: Query hypervisor for count cache flush settings - [ppc64el] powerpc/powernv: Query firmware for count cache flush settings - [ppc64el] security: Fix spectre_v2 reporting - [arm64] kaslr: Reserve size of ARM64_MEMSTART_ALIGN in linear region - tty: ldisc: add sysctl to prevent autoloading of ldiscs - ipv6: Fix dangling pointer when ipv6 fragment - ipv6: sit: reset ip header pointer in ipip6_rcv - openvswitch: fix flow actions reallocation - qmi_wwan: add Olicard 600 - sctp: initialize _pad of sockaddr_in before copying to user memory - tcp: Ensure DCTCP reacts to losses - vrf: check accept_source_route on the original netdevice - bnxt_en: Reset device on RX buffer errors. - bnxt_en: Improve RX consumer index validity check. - net/mlx5e: Add a lock on tir list - netns: provide pure entropy for net_hash_mix() - net: ethtool: not call vzalloc for zero sized memory request - ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type - ALSA: seq: Fix OOB-reads from strlcpy - Btrfs: do not allow trimming when a fs is mounted with the nologreplay option - block: do not leak memory in bio_copy_user_iov() - genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() - virtio: Honour 'may_reduce_num' in vring_create_virtqueue - [arm64] futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value - [x86] xen: Prevent buffer overflow in privcmd ioctl - sched/fair: Do not re-read ->h_load_next during hierarchical load calculation - PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.170 - perf/core: Restore mmap record type correctly - ext4: add missing brelse() in add_new_gdb_meta_bg() - ext4: report real fs size after failed resize - [i386] ALSA: sb8: add a check for request_region - IB/mlx4: Fix race condition between catas error reset and aliasguid flows - [x86] thermal/int340x_thermal: Add additional UUIDs - [x86] thermal/int340x_thermal: fix mode setting - perf config: Fix an error in the config template documentation - perf config: Fix a memory leak in collect_config() - perf build-id: Fix memory leak in print_sdt_events() - perf top: Fix error handling in cmd_top() - perf hist: Add missing map__put() in error case - perf evsel: Free evsel->counts in perf_evsel__exit() - [arm64] irqchip/mbigen: Don't clear eventid when freeing an MSI - [x86] hpet: Prevent potential NULL pointer dereference - [i386] x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors - [amd64] iommu/vt-d: Check capability before disabling protected memory - [x86] hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return an error - fix incorrect error code mapping for OBJECTID_NOT_FOUND - ext4: prohibit fstrim in norecovery mode - rsi: improve kernel thread handling to fix kernel panic - 9p: do not trust pdu content for stat item size - 9p locks: add mount option for lock retry interval - f2fs: fix to do sanity check with current segment number - [arm64] serial: uartps: console_setup() can't be placed to init section - HID: i2c-hid: override HID descriptors for certain devices - [x86] ACPI / SBS: Fix GPE storm on recent MacBookPro's - cifs: fallback to older infolevels on findfirst queryinfo retry - kernel: hung_task.c: disable on suspend - [armhf] crypto: sha256/arm - fix crash bug in Thumb2 build - [armhf] crypto: sha512/arm - fix crash bug in Thumb2 build - [amd64] iommu/dmar: Fix buffer overflow during PCI bus notification - [arm64,armhf] soc/tegra: pmc: Drop locking from tegra_powergate_is_powered() - [armel,armhf] 8839/1: kprobe: make patch_lock a raw_spinlock_t - appletalk: Fix use-after-free in atalk_proc_exit - lib/div64.c: off by one in shift - include/linux/swap.h: use offsetof() instead of custom __swapoffset macro - [x86] tpm/tpm_crb: Avoid unaligned reads in crb_recv() - [arm64,armhf] net: stmmac: Set dma ring length before enabling the DMA https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.171 - bonding: fix event handling for stacked bonds - net: atm: Fix potential Spectre v1 vulnerabilities - net: bridge: fix per-port af_packet sockets - net: bridge: multicast: use rcu to access port list from br_multicast_start_querier - net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv - tcp: tcp_grow_window() needs to respect tcp_space() - team: set slave to promisc if team is already in promisc mode - vhost: reject zero size iova range - ipv4: recompile ip options in ipv4_link_failure - ipv4: ensure rcu_read_lock() in ipv4_link_failure() - mmc: sdhci: Fix data command CRC error handling - [x86] tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete - CIFS: keep FileInfo handle live during oplock break - [x86] KVM: Don't clear EFER during SMM transitions for 32-bit vCPU - [x86] iio/gyro/bmg160: Use millidegrees for temperature scale - [x86] io: accel: kxcjk1013: restore the range after resume. - [x86] staging: comedi: vmk80xx: Fix use of uninitialized semaphore - [x86] staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf - [x86] staging: comedi: ni_usb6501: Fix use of uninitialized mutex - [x86] staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf - ALSA: core: Fix card races between register and disconnect - Revert "scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO" - [x86] Revert "svm: Fix AVIC incomplete IPI emulation" - [x86] crypto: x86/poly1305 - fix overflow during partial reduction - [x86] kprobes: Verify stack frame on kretprobe - kprobes: Mark ftrace mcount handler functions nokprobe - kprobes: Fix error check when reusing optimized probes - rt2x00: do not increment sequence number while re-transmitting - mac80211: do not call driver wake_tx_queue op during reconfig - [x86] perf/x86/amd: Add event map for AMD Family 17h - sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup - device_cgroup: fix RCU imbalance in error case - ALSA: info: Fix racy addition/deletion of nodes - percpu: stop printing kernel addresses (CVE-2018-5995) - [x86] i2c-hid: properly terminate i2c_hid_dmi_desc_override_table[] array - kernel/sysctl.c: fix out-of-bounds access when setting file-max https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.172 - kbuild: simplify ld-option implementation - cifs: do not attempt cifs operation on smb2+ rename error - tracing: Fix a memory leak by early error exit in trace_pid_write() - [mips*] scall64-o32: Fix indirect syscall number load - trace: Fix preempt_enable_no_resched() abuse - IB/rdmavt: Fix frwr memory registration - sched/numa: Fix a possible divide-by-zero - ceph: ensure d_name stability in ceph_dentry_hash() - ceph: fix ci->i_head_snapc leak - nfsd: Don't release the callback slot unless it was actually held - sunrpc: don't mark uninitialised items as VALID. - [arm64,armhf] drm/vc4: Fix memory leak during gpu reset. - [arm64,armhf] drm/vc4: Fix compilation error reported by kbuild test bot - USB: Add new USB LPM helpers - USB: Consolidate LPM checks to avoid enabling LPM twice - vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock - tipc: handle the err returned from cmd header function - slip: make slhc_free() silently accept an error pointer - [x86] intel_th: gth: Fix an off-by-one in output unassigning - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference - NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family. - netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON - tipc: check bearer name with right length in tipc_nl_compat_bearer_enable - tipc: check link name with right length in tipc_nl_compat_link_set - ipv4: add sanity checks in ipv4_link_failure() - net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query - net: rds: exchange of 8K and 1M pool - team: fix possible recursive locking when add slaves - [arm64,armhf] net: stmmac: move stmmac_check_ether_addr() to driver probe - ipv4: set the tcp_min_rtt_wlen range from 0 to one day - ipv6: frags: fix a lockdep false positive - net: IP defrag: encapsulate rbtree defrag code into callable functions - ipv6: remove dependency of nf_defrag_ipv6 on ipv6 module - net: IP6 defrag: use rbtrees for IPv6 defrag - net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c - Documentation: Add nospectre_v1 parameter https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.173 - usbnet: ipheth: prevent TX queue timeouts when device not ready - usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set - media: vivid: check if the cec_adapter is valid - [armhf] dts: bcm283x: Fix hdmi hpd gpio pull - [s390x] limit brk randomization to 32MB - qlcnic: Avoid potential NULL pointer dereference - netfilter: nft_set_rbtree: check for inactive element after flag mismatch - netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING - usb: gadget: net2280: Fix overrun of OUT messages - usb: gadget: net2280: Fix net2280_dequeue() - staging: rtl8712: uninitialized memory in read_bbreg_hdl() - NFS: Fix a typo in nfs_init_timeout_values() - scsi: qla4xxx: fix a potential NULL pointer dereference - usb: u132-hcd: fix resource leak - ceph: fix use-after-free on symlink traversal - [s390x] scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN - [x86,arm64] libata: fix using DMA buffers on stack - gpio: of: Fix of_gpiochip_add() error path - [amd64] vfio/type1: Limit DMA mappings per container (CVE-2019-3882) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.174 - ALSA: line6: use dynamic buffers - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation - ipv6/flowlabel: wait rcu grace period before put_pid() - ipv6: invert flowlabel sharing check in process and user mode - packet: validate msg_namelen in send directly - bnxt_en: Improve multicast address setup logic. - net: phy: marvell: Fix buffer overrun with stats counters - [arm64] proc: Set PTE_NG for table entries to avoid traversing them twice - [arm64] mm: print out correct page table entries - [arm64] mm: don't print out page table entries on EL0 faults - USB: yurex: Fix protection fault after device removal - USB: w1 ds2490: Fix bug caused by improper use of altsetting array - [x86] usb: usbip: fix isoc packet num validation in get_pipe - USB: core: Fix unterminated string returned by usb_string() - USB: core: Fix bug caused by duplicate interface PM usage counter - nvme-loop: init nvmet_ctrl fatal_err_work when allocate - HID: logitech: check the return value of create_singlethread_workqueue - HID: debug: fix race condition with between rdesc_show() and device removal - batman-adv: Reduce claim hash refcnt only for removed entry - batman-adv: Reduce tt_local hash refcnt only for removed entry - batman-adv: Reduce tt_global hash refcnt only for removed entry - igb: Fix WARN_ONCE on runtime suspend - net/mlx5: E-Switch, Fix esw manager vport indication for more vport commands - bonding: show full hw address in sysfs for slave entries - [arm64,armhf] net: stmmac: don't overwrite discard_frame status - [arm64,armhf] net: stmmac: fix dropping of multi-descriptor RX frames - [arm64,armhf] net: stmmac: don't log oversized frames - jffs2: fix use-after-free on symlink traversal - debugfs: fix use-after-free on symlink traversal - [amd64,ppc64el] vfio/pci: use correct format characters - scsi: core: add new RDAC LENOVO/DE_Series device - [x86] scsi: storvsc: Fix calculation of sub-channel count - [arm64] net: hns: fix KASAN: use-after-free in hns_nic_net_xmit_hw() - [arm64] net: hns: Use NAPI_POLL_WEIGHT for hns driver - [arm64] net: hns: Fix WARNING when remove HNS driver with SMMU enabled - hugetlbfs: fix memory leak for resv_map - [armel] orion: don't use using 64-bit DMA masks - [x86] perf/x86/amd: Update generic hardware cache events for Family 17h - scsi: RDMA/srpt: Fix a credit leak for aborted commands - selinux: never allow relabeling on context mounts - [x86] mce: Improve error message when kernel cannot recover, p2 - media: v4l2: i2c: ov7670: Fix PLL bypass register values https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.175 - scsi: libsas: fix a race condition when smp task timeout (CVE-2018-20836) - ASoC:soc-pcm:fix a codec fixup issue in TDM case - [amd64] IB/hfi1: Eliminate opcode tests on mr deref - [x86] perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS - scsi: csiostor: fix missing data copy in csio_scsi_err_handler() - virtio-blk: limit number of hw queues by nr_cpu_ids - [amd64] iommu/amd: Set exclusion range correctly - mm: add 'try_get_page()' helper function - genirq: Prevent use-after-free and work list corruption - [arm64,armhf] usb: dwc3: Fix default lpm_nyet_threshold value - USB: serial: f81232: fix interrupt worker not stop - usb-storage: Set virt_boundary_mask to avoid SG overflows - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines - UAS: fix alignment of scatter/gather segments - [x86] ASoC: Intel: avoid Oops if DMA setup fails - timer/debug: Change /proc/timer_stats from 0644 to 0600 (CVE-2017-5967) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.176 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.177 - netfilter: compat: initialize all fields in xt_init - bpf: fix struct htab_elem layout - bpf: convert htab map to hlist_nulls - [x86] platform/x86: sony-laptop: Fix unintentional fall-through - USB: serial: fix unthrottle races - [x86] libnvdimm/namespace: Fix a potential NULL pointer dereference - HID: input: add mapping for Expose/Overview key - HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys - HID: input: add mapping for "Toggle Display" key - [x86] libnvdimm/btt: Fix a kmemdup failure check - [s390x] dasd: Fix capacity calculation for large volumes - mac80211: fix unaligned access in mesh table hash function - [s390x] 3270: fix lockdep false positive on view->lock - mISDN: Check address length before reading address family - [x86] reboot, efi: Use EFI reboot for Acer TravelMate X514-51T - [x86] KVM: avoid misreporting level-triggered irqs as edge-triggered in tracing - init: initialize jump labels before command line option parsing - ipvs: do not schedule icmp errors from tunnels - [s390x] ctcm: fix ctcm_new_device error return code - [armhf] gpu: ipu-v3: dp: fix CSC handling - rtlwifi: rtl8723ae: Fix missing break in switch statement - md/raid5: Don't jump to compute_result state from check_result state - bridge: Fix error path for kobject_init_and_add() - fib_rules: return 0 directly if an exactly same rule exists when NLM_F_EXCL not supplied - packet: Fix error path in packet_init - vlan: disable SIOCSHWTSTAMP in container - vrf: sit mtu should not be updated when vrf netdev is the link - ipv4: Fix raw socket lookup for local traffic - bonding: fix arp_validate toggling in active-backup mode https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.178 - net: core: another layer of lists, around PF_MEMALLOC skb handling - locking/rwsem: Prevent decrement of reader count before increment - [amd64] PCI: hv: Fix a memory leak in hv_eject_device_work() - [x86] speculation/mds: Revert CPU buffer clear on double fault exit - [x86] speculation/mds: Improve CPU buffer clear documentation - [armhf] exynos: Fix a leaked reference by adding missing of_node_put - [arm64] compat: Reduce address limit - [arm64] Clear OSDLR_EL1 on CPU boot - [x86] sched/x86: Save [ER]FLAGS on context switch - crypto: chacha20poly1305 - set cra_name correctly - [ppc64el] crypto: vmx - fix copy-paste error in CTR mode - crypto: crct10dif-generic - fix use via crypto_shash_digest() - [amd64] crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest() - ALSA: usb-audio: Fix a memory leak bug - ALSA: hda/hdmi - Read the pin sense from register when repolling - ALSA: hda/hdmi - Consider eld_valid when reporting jack event - ALSA: hda/realtek - EAPD turn on later - ASoC: max98090: Fix restore of DAPM Muxes - ASoC: RT5677-SPI: Disable 16Bit SPI Transfers - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget - [arm64] mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler - jbd2: check superblock mapped prior to committing - ext4: actually request zeroing of inode table after grow - ext4: fix ext4_show_options for file systems w/o journal - Btrfs: do not start a transaction at iterate_extent_inodes() - bcache: fix a race between cache register and cacheset unregister - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() - [arm64] ipmi:ssif: compare block number correctly for multi-part return messages - crypto: gcm - Fix error return code in crypto_gcm_create_common() - crypto: gcm - fix incompatibility between "gcm" and "gcm_base" - crypto: salsa20 - don't access already-freed walk.iv - fib_rules: fix error in backport of e9919a24d302 ("fib_rules: return 0...") - writeback: synchronize sync(2) against cgroup writeback membership switches - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount - ext4: fix data corruption caused by overlapping unaligned and aligned IO - [x86] ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug - [x86] KVM: Skip EFER vs. guest CPUID checks for host-initiated writes https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.179 - net: avoid weird emergency message - net/mlx4_core: Change the error print to info print - ppp: deflate: Fix possible crash in deflate_init - tipc: switch order of device registration to fix a crash - vsock/virtio: free packets during the socket release - tipc: fix modprobe tipc failed after switch order of device registration - vsock/virtio: Initialize core virtio vsock before registering the driver - md: add mddev->pers to avoid potential NULL pointer dereference - [x86] intel_th: msu: Fix single mode with IOMMU - p54: drop device reference count if fails to enable device - cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() - NFS4: Fix v4.0 client state corruption when mount - [arm64,armhf] clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider - fuse: fix writepages on 32bit - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate - [arm64,armhf] iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114 - ceph: flush dirty inodes before proceeding with remount - tracing: Fix partial reading of trace event's id file - [arm64,armhf] memory: tegra: Fix integer overflow on tick value calculation - [x86] perf intel-pt: Fix instructions sampling rate - [x86] perf intel-pt: Fix improved sample timestamp - [x86] perf intel-pt: Fix sample timestamp wrt non-taken branches - PCI: Mark Atheros AR9462 to avoid bus reset - PCI: Work around Pericom PCIe-to-PCI bridge Retrain Link erratum - dm delay: fix a crash when invalid device is specified - xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink - xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module - vti4: ipip tunnel deregistration fixes. - xfrm4: Fix uninitialized memory read in _decode_session4 - mac80211: Fix kernel panic due to use of txq after free - [arm64,armhf] KVM: arm/arm64: Ensure vcpu target is unset on reset failure - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour - Revert "Don't jump to compute_result state from check_result state" - md/raid: raid5 preserve the writeback action after the parity check - btrfs: Honour FITRIM range constraints during free space trim https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.180 - ext4: do not delete unlinked inode from orphan list on failed truncate - [x86] KVM: fix return value for reserved EFER - bio: fix improper use of smp_mb__before_atomic() - Revert "scsi: sd: Keep disk read-only when re-reading partition" - [ppc64el] crypto: vmx - CTR: always increment IV as quadword - [x86] kvm: svm/avic: fix off-by-one in checking host APIC ID - [x86] libnvdimm/namespace: Fix label tracking error - [arm64] Save and restore OSDLR_EL1 across suspend/resume - gfs2: Fix sign extension bug in gfs2_update_stats - Btrfs: do not abort transaction at btrfs_update_root() after failure to COW path - Btrfs: fix race between ranged fsync and writeback of adjacent ranges - btrfs: sysfs: don't leak memory when failing add fsid - fbdev: fix divide error in fb_var_to_videomode - hugetlb: use same fault hash key for shared and private mappings - fbdev: fix WARNING in __alloc_pages_nodemask bug - media: cpia2: Fix use-after-free in cpia2_exit - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap - [x86,ppc64el] ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit - at76c50x-usb: Don't register led_trigger if usb_register_driver failed - Revert "btrfs: Honour FITRIM range constraints during free space trim" - gfs2: Fix lru_count going negative - cxgb4: Fix error path in cxgb4_init_module - mmc: core: Verify SD bus width - [arm64] dmaengine: tegra210-dma: free dma controller in remove() - [arm64,armhf] ASoC: hdmi-codec: unlock the device on startup errors - [ppc64el] boot: Fix missing check of lseek() return value - brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() - [armel,armhf] vdso: Remove dependency with the arch_timer driver internals - sched/cpufreq: Fix kobject memleak - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path - iwlwifi: pcie: don't crash on invalid RX interrupt - w1: fix the resume command API - [armhf] dmaengine: pl330: _stop: clear interrupt status - mac80211/cfg80211: update bss channel on channel switch - mwifiex: prevent an array overflow - [armhf] crypto: sun4i-ss - Fix invalid calculation of hash end - bcache: return error immediately in bch_journal_replay() - bcache: fix failure in journal relplay - bcache: add failure check to run_cache_set() for journal replay - [x86] build: Move _etext to actual end of .text - smpboot: Place the __percpu annotation correctly - [amd64] mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault() - HID: logitech-hidpp: use RAP instead of FAP to get the protocol version - media: au0828: stop video streaming only when last user stops - audit: fix a memory leak bug - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() - media: pvrusb2: Prevent a buffer overflow - [ppc64el] numa: improve control of topology updates - sched/core: Check quota and period overflow at usec to nsec conversion - sched/core: Handle overflow in cpu_shares_write_u64 - USB: core: Don't unbind interfaces following device reset failure - [amd64] irq: Limit IST stack overflow check to #DB stack - i40e: don't allow changes to HW VLAN stripping on active port VLANs - [arm64] vdso: Fix clock_getres() for CLOCK_REALTIME - RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses - [x86] hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses - [x86] hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses - [x86] hwmon: (f71805f) Use request_muxed_region for Super-IO accesses - scsi: libsas: Do discovery on empty PHY to update PHY info - mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers - [arm64] mmc_spi: add a status check for spi_sync_locked - PM / core: Propagate dev->power.wakeup_path when no callbacks - rtlwifi: fix a potential NULL pointer dereference - mwifiex: Fix mem leak in mwifiex_tm_cmd - brcmfmac: fix missing checks for kmemdup - brcmfmac: convert dev_init_lock mutex to completion - brcmfmac: fix race during disconnect when USB completion is in progress - brcmfmac: fix Oops when bringing up interface during USB disconnect - scsi: ufs: Fix regulator load and icc-level configuration - scsi: ufs: Avoid configuring regulator with undefined voltage range - [arm64] cpu_ops: fix a leaked reference by adding missing of_node_put - [x86] uaccess, signal: Fix AC=1 bloat - [amd64] x86/ia32: Fix ia32_restore_sigcontext() AC leak - chardev: add additional check for minor range overlap - HID: core: move Usage Page concatenation to Main item - [armhf] ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put - [armhf] ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put - cxgb3/l2t: Fix undefined behaviour - [arm64,armhf] spi: tegra114: reset controller on probe - [armhf] media: wl128x: prevent two potential buffer overflows - virtio_console: initialize vtermno value for ports - [x86,ppc64el] tty: ipwireless: fix missing checks for ioremap - [x86] mce: Fix machine_check_poll() tests for error types - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown - scsi: qla4xxx: avoid freeing unallocated dma memory - [arm64] dmaengine: tegra210-adma: use devm_clk_*() helpers - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend - scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices - [i386] spi : spi-topcliff-pch: Fix to handle empty DMA buffers - spi: Fix zero length xfer bug - drm: Wake up next in drm_read() chain if we are forced to putback the event https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.181 - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address - llc: fix skb leak in llc_build_and_send_ui_pkt() - [armhf] net: fec: fix the clk mismatch in failed_reset path - net-gro: fix use-after-free read in napi_gro_frags() - [arm64,armhf] net: stmmac: fix reset gpio free missing - usbnet: fix kernel crash after disconnect - tipc: Avoid copying bytes beyond the supplied data - bnxt_en: Fix aggregation buffer leak under OOM condition. - ipv4/igmp: fix another memory leak in igmpv3_del_delrec() - ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST - [armhf] net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT - [armhf] net: mvneta: Fix err code path of probe - [armhf] net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value - [ppc64el] crypto: vmx - ghash: do nosimd fallback manually - xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (CVE-2015-8553) - Revert "tipc: fix modprobe tipc failed after switch order of device registration" - tipc: fix modprobe tipc failed after switch order of device registration - xhci: update bounce buffer with correct sg num - xhci: Use %zu for printing size_t type - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() - usb: xhci: avoid null pointer deref when bos field is NULL - [x86] usbip: usbip_host: fix BUG: sleeping function called from invalid context - [x86] usbip: usbip_host: fix stub_dev lock context imbalance regression - USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor - USB: sisusbvga: fix oops in error path of sisusb_probe - USB: Add LPM quirk for Surface Dock GigE adapter - USB: rio500: refuse more than one device at a time - USB: rio500: fix memory leak in close after disconnect - media: usb: siano: Fix general protection fault in smsusb - media: usb: siano: Fix false-positive "uninitialized variable" warning - media: smsusb: better handle optional alignment - [s390x] scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove - [s390x] scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) - Btrfs: fix race updating log root item during fsync - [ppc64el] powerpc/perf: Fix MMCRA corruption by bhrb_filter - ALSA: hda/realtek - Set default power save node to 0 - drm/nouveau/i2c: Disable i2c bus access after ->fini() - [arm64] tty: serial: msm_serial: Fix XON/XOFF - memcg: make it work on sparse non-0-node systems - kernel/signal.c: trace_signal_deliver when signal_group_exit - CIFS: cifs_read_allocate_pages: don't iterate through whole page array on ENOMEM - [x86] drm/vmwgfx: Don't send drm sysfs hotplug events on initial master set - binder: Replace "%p" with "%pK" for stable (CVE-2018-20509) - binder: replace "%p" with "%pK" (CVE-2018-20510) - fs: prevent page refcount overflow in pipe_buf_get (CVE-2019-11487) - mm, gup: remove broken VM_BUG_ON_PAGE compound check for hugepages - mm, gup: ensure real head page is ref-counted when using hugepages - mm: prevent get_user_pages() from overflowing page refcount (CVE-2019-11487) - mm: make page ref count overflow check tighter and more explicit (CVE-2019-11487) - media: uvcvideo: Fix uvc_alloc_entity() allocation alignment - ethtool: fix potential userspace buffer overflow - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query - net: rds: fix memory leak in rds_ib_flush_mr_pool - pktgen: do not sleep with the thread lock held. - ipv6: fix EFAULT on sendto with icmpv6 and hdrincl - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4 - Revert "fib_rules: fix error in backport of e9919a24d302 ("fib_rules: return 0...")" - Revert "fib_rules: return 0 directly if an exactly same rule exists when NLM_F_EXCL not supplied" - rcu: locking and unlocking need to always be at least barriers - fuse: fallocate: fix return with locked inode - [x86] power: Fix 'nosmt' vs hibernation triple fault during resume - [ppc64el] genwqe: Prevent an integer overflow in the ioctl - [x86] drm/gma500/cdv: Check vbt config bits when detecting lvds panels - drm/radeon: prefer lower reference dividers - [x86] drm/i915: Fix I915_EXEC_RING_MASK - TTY: serial_core, add ->install - fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock - fuse: Add FOPEN_STREAM to use stream_open() - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled - ethtool: check the return value of get_regs_len https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.182 - tcp: reduce tcp_fastretrans_alert() verbosity https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.183 - fs/fat/file.c: issue flush after the writeback of FAT - sysctl: return -EINVAL if val violates minmax - ipc: prevent lockup on alloc_msg and free_msg - [armhf] prevent tracing IPI_CPU_BACKTRACE - hugetlbfs: on restore reserve error path retain subpool reservation - mem-hotplug: fix node spanned pages when we have a node with only ZONE_MOVABLE - [armhf,ppc64el] mm/cma.c: fix crash on CMA allocation if bitmap allocation fails - mm/slab.c: fix an infinite loop in leaks_show() - kernel/sys.c: prctl: fix false positive in validate_prctl_map() - [arm64] drivers: thermal: tsens: Don't print error message on -EPROBE_DEFER - [x86] mfd: intel-lpss: Set the device in reset state when init - mfd: twl6040: Fix device init errors for ACCCTL register - [x86] perf/intel: Allow PEBS multi-entry in watermark mode - [arm64] drm/bridge: adv7511: Fix low refresh rate selection - objtool: Don't use ignore flag for fake jumps - [arm64] pwm: meson: Use the spin-lock only to protect register modifications - ntp: Allow TAI-UTC offset to be set to zero - f2fs: fix to avoid panic in do_recover_data() - f2fs: fix to clear dirty inode in error path of f2fs_iget() - f2fs: fix to do sanity check on valid block count of segment - configfs: fix possible use-after-free in configfs_register_group - [armhf] watchdog: imx2_wdt: Fix set_timeout for big timeout values - watchdog: fix compile time error of pretimeout governors - [x86] iommu/vt-d: Set intel_iommu_gfx_mapped correctly - ALSA: hda - Register irq handler after the chip initialization - nvmem: core: fix read buffer in place - fuse: retrieve: cap requested size to negotiated max_write - nfsd: allow fh_want_write to be called twice - [x86] PCI: Fix PCI IRQ routing table memory leak - platform/chrome: cros_ec_proto: check for NULL transfer function - [armhf] clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 - [armhf] dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA - [armhf] dts: imx7d: Specify IMX7D_CLK_IPG as "ipg" clock to SDMA - [armhf] dts: imx6ul: Specify IMX6UL_CLK_IPG as "ipg" clock to SDMA - [armhf] dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA - [armhf] dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA - [ppc64el] PCI: rpadlpar: Fix leaked device_node references in add/remove paths - [x86] platform: intel_pmc_ipc: adding error handling - [x86] video: hgafb: fix potential NULL pointer dereference - [arm64] PCI: xilinx: Check for __get_free_pages() failure - [armhf] gpio: gpio-omap: add check for off wake capable gpios - [x86] dmaengine: idma64: Use actual device for DMA transfers - [armhf] pwm: tiehrpwm: Update shadow register for disabling PWMs - [armhf] dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on Arndale Octa - pwm: Fix deadlock warning when removing PWM device - [armhf] exynos: Fix undefined instruction during Exynos5422 resume - ALSA: seq: Cover unsubscribe_port() in list_mutex - ALSA: oxfw: allow PCM capture for Stanton SCS.1m - libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk - mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node - fs/ocfs2: fix race in ocfs2_dentry_attach_lock() - signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO - ptrace: restore smp_rmb() in __ptrace_may_access() - media: v4l2-ioctl: clear fields in s_parm - bcache: fix stack corruption by PRECEDING_KEY() - cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() - [x86] uaccess, kcov: Disable stack protector - ALSA: seq: Fix race of get-subscription call vs port-delete ioctls - Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var - scsi: lpfc: add check for loss of ndlp when sending RRQ - [arm64] mm: Inhibit huge-vmap with ptdump - scsi: bnx2fc: fix incorrect cast to u64 on shift operation - usbnet: ipheth: fix racing condition - [x86] KVM: pmu: do not mask the value that is written to fixed PMUs - [s390x] KVM: fix memory slot handling for KVM_SET_USER_MEMORY_REGION - [x86] drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read - [x86] drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() - [arm64,armhf] usb: dwc2: Fix DMA cache alignment issues - USB: Fix chipmunk-like voice when using Logitech C270 for recording audio. - USB: usb-storage: Add new ID to ums-realtek - USB: serial: pl2303: add Allied Telesis VT-Kit3 - USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode - USB: serial: option: add Telit 0x1260 and 0x1261 compositions - [armhf] rtc: pcf8523: don't return invalid date when battery is low - ax25: fix inconsistent lock state in ax25_destroy_timer - be2net: Fix number of Rx queues used for flow hashing - ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero - lapb: fixed leak of control-blocks. - neigh: fix use-after-free read in pneigh_get_next - [x86] perf/intel/ds: Fix EVENT vs. UEVENT PEBS constraints - mISDN: make sure device name is NUL terminated - [x86] CPU/AMD: Don't force the CPB cap when running under a hypervisor - perf/ring_buffer: Fix exposing a temporarily decreased data_head - perf/ring_buffer: Add ordering to rb->nest increment - i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr - configfs: Fix use-after-free when accessing sd->s_dentry - perf data: Fix 'strncat may truncate' build failure with recent gcc - perf record: Fix s390 missing module symbol and warning for non-root users - [ppc64el] KVM: Book3S: Use new mutex to synchronize access to rtas token list - [ppc64el] KVM: Book3S HV: Don't take kvm->lock around kvm_for_each_vcpu - scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route() - scsi: smartpqi: properly set both the DMA mask and the coherent DMA mask - scsi: libsas: delete sas port if expander discover failed - vfs: Abort file_remove_privs() for non-reg. files https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.184 - tcp: refine memory limit test in tcp_fragment() (Closes: #930904) . [ Salvatore Bonaccorso ] * [x86] Disable R3964 due to lack of security support * Refresh version.patch for context changes in 4.9.170 * [rt] Drop 0053-arm-kprobe-replace-patch_lock-to-raw-lock.patch applied in 4.9.170 * Revert "x86: stop exporting msr-index.h to userland" * [rt] Add new signing subkey for Steven Rostedt * [rt] Update to 4.9.178-rt131: - futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock() - Update "kernel/hotplug: restore original cpu mask oncpu/down" to always call arch_smt_update() * Refresh 0058-net-ena-complete-host-info-to-match-latest-ENA-spec.patch for context changes in 4.9.180 * Drop efi-libstub-unify-command-line-param-parsing.patch * Refresh arm64-add-kernel-config-option-to-set-securelevel-wh.patch for context changes in 4.9.181 . [ Ben Hutchings ] * Drop "kbuild: Use -nostdinc in compile tests", which is no longer needed. * [rt] Fix build failure after "genirq: Prevent use-after-free and work list corruption": - kthread: Convert worker lock to raw spinlock - kthread: add a global worker thread. - genirq: convert affinity_notify swork to kthread * Bump ABI to 10 and apply deferred changes: - genirq: Avoid summation loops for /proc/stat * [ppc64el] Disable PPC_TRANSACTIONAL_MEM (Closes: #866122) linux (4.9.168-1+deb9u3) stretch-security; urgency=high . [ Salvatore Bonaccorso ] * tcp: limit payload size of sacked skbs (CVE-2019-11477) * tcp: tcp_fragment() should apply sane memory limits (CVE-2019-11478) * tcp: add tcp_min_snd_mss sysctl (CVE-2019-11479) * tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() * tcp: fix fack_count accounting on tcp_shift_skb_data() . [ Ben Hutchings ] * tcp: Avoid ABI change for DoS fixes * mm/mincore.c: make mincore() more conservative (CVE-2019-5489) * brcmfmac: add length checks in scheduled scan result handler * brcmfmac: assure SSID length from firmware is limited (CVE-2019-9500) * brcmfmac: add subtype check for event handling in data path (CVE-2019-9503) * tty: mark Siemens R3964 line discipline as BROKEN (CVE-2019-11486) * coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599) * net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock(). (CVE-2019-11815) (Closes: #928989) * ext4: zero out the unused memory region in the extent tree block (CVE-2019-11833) * Bluetooth: hidp: fix buffer overflow (CVE-2019-11884) * mwifiex: Fix possible buffer overflows at parsing bss descriptor (CVE-2019-3846) * mwifiex: Abort at too short BSS descriptor element * mwifiex: Don't abort on small, spec-compliant vendor IEs * mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (CVE-2019-10126) linux (4.9.168-1+deb9u2) stretch-security; urgency=high . [ Salvatore Bonaccorso ] * Revert "block/loop: Use global lock for ioctl() operation." (Closes: #928125) . linux (4.9.168-1+deb9u1) stretch-security; urgency=high . * [x86] Update speculation mitigations: - x86/MCE: Save microcode revision in machine check records - x86/cpufeatures: Hide AMD-specific speculation flags - x86/bugs: Add AMD's variant of SSB_NO - x86/bugs: Add AMD's SPEC_CTRL MSR usage - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR - x86/microcode/intel: Add a helper which gives the microcode revision - x86/microcode/intel: Check microcode revision before updating sibling threads - x86/microcode: Make sure boot_cpu_data.microcode is up-to-date - x86/microcode: Update the new microcode revision unconditionally - x86/mm: Use WRITE_ONCE() when setting PTEs - bitops: avoid integer overflow in GENMASK(_ULL) - x86/speculation: Simplify the CPU bug detection logic - locking/atomics, asm-generic: Move some macros from to a new file - x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation - x86/cpu: Sanitize FAM6_ATOM naming - Documentation/l1tf: Fix small spelling typo - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation - x86/speculation: Propagate information about RSB filling mitigation to sysfs - x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off - x86/speculation: Update the TIF_SSBD comment - x86/speculation: Clean up spectre_v2_parse_cmdline() - x86/speculation: Remove unnecessary ret variable in cpu_show_common() - x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() - x86/speculation: Disable STIBP when enhanced IBRS is in use - x86/speculation: Rename SSBD update functions - x86/speculation: Reorganize speculation control MSRs update - x86/Kconfig: Select SCHED_SMT if SMP enabled - sched: Add sched_smt_active() - x86/speculation: Rework SMT state change - x86/l1tf: Show actual SMT state - x86/speculation: Reorder the spec_v2 code - x86/speculation: Mark string arrays const correctly - x86/speculataion: Mark command line parser data __initdata - x86/speculation: Unify conditional spectre v2 print functions - x86/speculation: Add command line control for indirect branch speculation - x86/speculation: Prepare for per task indirect branch speculation control - x86/process: Consolidate and simplify switch_to_xtra() code - x86/speculation: Avoid __switch_to_xtra() calls - x86/speculation: Prepare for conditional IBPB in switch_mm() - x86/speculation: Split out TIF update - x86/speculation: Prepare arch_smt_update() for PRCTL mode - x86/speculation: Prevent stale SPEC_CTRL msr content - x86/speculation: Add prctl() control for indirect branch speculation - x86/speculation: Enable prctl mode for spectre_v2_user - x86/speculation: Add seccomp Spectre v2 user space protection mode - x86/speculation: Provide IBPB always command line options - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID - x86/msr-index: Cleanup bit defines - x86/speculation: Consolidate CPU whitelists - Documentation: Move L1TF to separate directory - cpu/speculation: Add 'mitigations=' cmdline option - x86/speculation: Support 'mitigations=' cmdline option - x86/speculation/mds: Add 'mitigations=' support for MDS - x86/cpu/bugs: Use __initconst for 'const' init data * [x86] Mitigate Microarchitectural Data Sampling (MDS) vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091): - x86/speculation/mds: Add basic bug infrastructure for MDS - x86/speculation/mds: Add BUG_MSBDS_ONLY - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests - x86/speculation/mds: Add mds_clear_cpu_buffers() - x86/speculation/mds: Clear CPU buffers on exit to user - x86/kvm/vmx: Add MDS protection when L1D Flush is not active - x86/speculation/mds: Conditionally clear CPU buffers on idle entry - x86/speculation/mds: Add mitigation control for MDS - x86/speculation/mds: Add sysfs reporting for MDS - x86/speculation/mds: Add mitigation mode VMWERV - Documentation: Add MDS vulnerability documentation - x86/speculation/mds: Add mds=full,nosmt cmdline option - x86/speculation: Move arch_smt_update() call to after mitigation decisions - x86/speculation/mds: Add SMT warning message - x86/speculation/mds: Fix comment - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off - x86/mds: Add MDSUM variant to the MDS documentation - Documentation: Correct the possible MDS sysfs values - x86/speculation/mds: Fix documentation typo * [x86] msr-index: Remove dependency on * [rt] Update patches to apply on top of the speculation mitigation changes * [x86] mce, tlb: Ignore ABI changes linux-latest (80+deb9u9) stretch; urgency=medium . * Update to 4.9.0-11 linux-latest (80+deb9u8) stretch; urgency=medium . * Update to 4.9.0-10 liquidsoap (1.1.1-7.2+deb9u1) stretch; urgency=medium . * Fix compilation with Ocaml 4.02 (Closes: #812591) * Add new uploader llvm-toolchain-7 (1:7.0.1-8~deb9u2) stretch; urgency=medium . * Disable ocaml on ppc64el and s390x. llvm-toolchain-7 (1:7.0.1-8~deb9u1) stretch; urgency=medium . * Backport to stretch. llvm-toolchain-7 (1:7.0.1-7) unstable; urgency=medium . * Fix an ABI issue introduced with the kfreebsd support (Closes: #922731) * kfreebsd/kfreebsd-triple-clang.diff: update of the patch to fix the kfreebsd FTBFS (Closes: #921246) * Enable ld gold for kfreebsd-amd64 and kfreebsd-i386 Many thanks to Svante Signell for the three updates . [ Matthias Klose ] * Remove the autopkg test for a genuine LLVM bug. llvm-toolchain-7 (1:7.0.1-6) unstable; urgency=medium . * Add support for kfreebsd (Closes: #921246) Many thanks to Svante Signell for all patches llvm-toolchain-7 (1:7.0.1-4) unstable; urgency=medium . * Remove dbgsym packages from debci because of bug #917528 . [ Gianfranco Costamagna ] * Ignore a test result on i386, due to upstream bug 26580#c18 llvm-toolchain-7 (1:7.0.1-3) unstable; urgency=medium . * Also install clang-7-dbgsym libclang1-7-dbgsym in autopkgtest to verify that debug symbols are present * Cherry-pick upstream fix D52340 to address a rustc debuginfo (Closes: #917209) * Change the jit debug path from $HOME/.debug/jit/ to $TMPDIR/.debug/jit/ (Closes: #916393) * Document in README.source some Debian/Ubuntu specific changes llvm-toolchain-7 (1:7.0.1-2) unstable; urgency=medium . * Enable -DENABLE_LINKER_BUILD_ID:BOOL=ON as, unlike gcc, isn't enabled by default in clang. Thanks to Adrian Bunk for the patch. Once more, thanks to Rebecca Palmer (Closes: #916975) * Build with -g1 also on 64bit architectures (thanks to Adrian too) llvm-toolchain-7 (1:7.0.1-1) unstable; urgency=medium . * New release * Remove the dbg workaround. Hopefully, the new version of binutils will fix it (Closes: #913946) llvm-toolchain-7 (1:7.0.1~+rc3-2) unstable; urgency=medium . * Fix llvm-config by stripping unnecessary flags See also https://bugs.llvm.org/show_bug.cgi?id=8220 (Closes: #697755, #914838) * Try to workaround the debug issues by adding -fno-addrsig to the *FLAGS One more time, thanks to Rebecca Palmer (Closes: #913946) The goal is to provide correct debug packages. Workaround https://sourceware.org/bugzilla/show_bug.cgi?id=23788 * Force the chmod +x on llvm-X/bin/* because it was sometimes removed by the strip process * Force the link to atomic also for i386 as it fails on Debian jessie too * Improved the debian/patches/series presentation by creating categories * Improve the separation between *FLAGS for gcc and clang. This is done for -fno-addrsig as it doesn't exit for gcc This can be done with the BOOTSTRAP_CMAKE_CXX_FLAGS option llvm-toolchain-7 (1:7.0.1~+rc3-1) unstable; urgency=medium . * New testing release * disable the llvm-strip as it created too big llvm lib . [ John Paul Adrian Glaubitz ] * Add patch to add powerpcspe support to clang * Add patch to fix register spilling on powerpcspe * Add patch to optimize double parameter calling setup on powerpcspe llvm-toolchain-7 (1:7.0.1~+rc2-8) unstable; urgency=medium . * Use llvm-strip instead of binutils strip. Two reasons: - with clang stage2, the dbg packages were not generated - strip fails on stretch and other ubuntu on some archives For this, I had to silent the --enable-deterministic-archives option (https://bugs.llvm.org/show_bug.cgi?id=39789). Thanks to Rebecca Palmer for the idea (Closes: #913946) * Change the i386 base line to avoid using sse2 extension This is more important now that llvm is built with clang instead of gcc. Thanks to Fanael Linithien for the patch (Closes: #914770, #894840) llvm-toolchain-7 (1:7.0.1~+rc2-7) unstable; urgency=medium . * Bring back mips-rdhwr.diff as it isn't in rc2 llvm-toolchain-7 (1:7.0.1~+rc2-6) unstable; urgency=medium . [ Samuel Thibault ] * D53557-hurd-self-exe-realpath.diff: Fix paths returned by llvm-config (See Bug#911817). . [ Sylvestre Ledru ] * Fix the FTBFS on armel for real! Thanks to Adrian Bunk Force the activation of FeatureVFP3 & FeatureD16 llvm-toolchain-7 (1:7.0.1~+rc2-5) unstable; urgency=medium . [ Samuel Thibault ] * D54079-hurd-openmp.diff, D54338-hurd-libcxx-threads-build.diff, D54339-hurd-libcxx-threads-detection.diff, D54378-hurd-triple.diff, D54379-hurd-triple-clang.diff, D54677-hurd-path_max.diff, hurd-cxx-paths.diff: New patches to fix hurd build. . [ Sylvestre Ledru ] * Remove mips-rdhwr.diff as it has been applied upstream * Fix a baseline violation on armhf (Closes: #914268) clang-arm-default-vfp3-on-armv7a.patch has been updated to disable neon in another place llvm-toolchain-7 (1:7.0.1~+rc2-4) unstable; urgency=medium . * Workaround the build issues on armhf Thanks to Adrian Bunk for the idea * Remove useless symlink /usr/include/c++ -> ../lib/llvm-7/include/c++ (Closes: #913400) llvm-toolchain-7 (1:7.0.1~+rc2-3) unstable; urgency=medium . * Disable gold for sparc* (Closes: #913260) * Hide a symbol in openmp for mips64el * Try to integrate a pach to make pch reproducible Thanks to Rebecca Palmer for the patch (Closes: #877359) * Fix the misscompilation issue causing rustc to crash (Closes: #913271) Might cause some ABI issues but no real good solution. See https://bugs.llvm.org/show_bug.cgi?id=39427 llvm-toolchain-7 (1:7.0.1~+rc2-2) unstable; urgency=medium . * Fix a non-break space in a patch (Closes: #913213) llvm-toolchain-7 (1:7.0.1~+rc2-1) unstable; urgency=medium . * Upload of 7.0.1 rc2 into unstable * New testing release * Enable the stage2 bootstrap: - stage1 = build clang with gcc - stage2 = clang building itself (Closes: #909234) * Bring back the Disable NEON generation on armhf patch which was gone Should fix the FTBFS on armhf (Closes: #842142) * Update the clang manpage to remove osx specific options and to add -arch (Closes: #743133) * Bring back usr/lib/@DEB_HOST_MULTIARCH@/{libiomp5.so, libomp5.so} symlink for gcc (Closes: #912641) llvm-toolchain-7 (1:7.0.1~+rc2-1~exp1) experimental; urgency=medium . * New testing release llvm-toolchain-7 (1:7-9~exp1) experimental; urgency=medium . * Remove the dump of cmake error file (too confusing) * Try to fix the bootstrap FTBFS : - on armel by forcing the link to -latomic - mips-rdhwr.diff: backport D51773 to fix an assembly issue on mips. Thanks to jrtc27 for finding the issue. llvm-toolchain-7 (1:7-8) unstable; urgency=medium . * Update the watch file to display the right version (even if the download will fail) * clang-7 suggests libomp-7-dev instead of libomp-dev * Make sure that we don't conflict openmp & libc++ with llvm-defaults's (Closes: #912544) * Handle better the non coinstability of openmp & libc++ (like we are doing with python-clang-*) * Backport upstream fix D51749 to address a rust aarch64 issues (Closes: #909705) * Add tests from old bugs to make sure they don't come back (Closes: #889832, #827866) * The sanitizers use the versionned llvm-symbolizer provided by the llvm-X package (Closes: #753572) llvm-toolchain-7 (1:7-7~exp2) experimental; urgency=medium . * clangd-atomic-cmake.patch: Link against atomic for clangd in i386 * When the cmake configure of the stage2 is failing, dump the cmake error log * Declare some variables (-Wno-*) for all platforms (was failing on mips) * Update the watch file to display the right version (even if the download will fail) llvm-toolchain-7 (1:7-7~exp1) experimental; urgency=medium . * Experiment the clang bootstrap * Try to boostrap clang using clang llvm-toolchain-7 (1:7-6) unstable; urgency=medium . * Team upload * Upload to unstable llvm-toolchain-7 (1:7-6~exp2) experimental; urgency=medium . * Disable for now the bootstrapping clang patches llvm-toolchain-7 (1:7-6~exp1) experimental; urgency=medium . * Add python-pygments as dep of llvm-7-tools because opt-viewer.py needs it * Add back libomp5-X.Y.symbols.in (untested) * Start the work on bootstraping clang - bootstrap-with-openmp-version-export-missing.diff: fix a link issue https://bugs.llvm.org/show_bug.cgi?id=39200 - bootstrap-fix-include-next.diff: Fix an include issue at bootstrap phase https://bugs.llvm.org/show_bug.cgi?id=39162 * Fix the install of clang bash completion . [ Gianfranco Costamagna ] * Take option two in bug #877567 to fix FTBFS on mips and mipsel llvm-toolchain-7 (1:7-5) unstable; urgency=medium . * In debci, run qualify-clang.sh in verbose mode * Only run the g++ test if g++ exist . [ Reshabh Sharma ] * Run check-openmp to test OpenMP llvm-toolchain-7 (1:7-4) unstable; urgency=medium . * Backport a fix to improve scan-build code error. Thanks to Roman Lebedev for the fix(Closes: #909662) * Remove bat files https://bugs.llvm.org/show_bug.cgi?id=30755 * Install bash-completion for clang * Disable ocaml on armel llvm-toolchain-7 (1:7-3) unstable; urgency=medium . * Fix a syntax issue in a scan-build patch * Fix the autopkgtest script (no gcc in the test) * remove dep from lld to llvm-7-dev because lld doesn't use LLVM LTO * remove old Replaces/Breaks * Standards-Version: 4.2.1 llvm-toolchain-7 (1:7-2) unstable; urgency=medium . * Fix the ftbfs under armel on libc++ and enable openmp on armel. Thanks to Adrian Bunk for the patch * Make libc++, libc++abi & openmp NOT co-installable Rational: the benefits are limited compared to the drawback. We should have issues like: - built with libc++-8-dev - run with libc++1-7 (Closes: #903802) * Remove circular dependency by removing python-lldb-7: Depends: liblldb-7-dev (Closes: #888889) llvm-toolchain-7 (1:7-1) unstable; urgency=medium . * Stable release * Also manages clang-X as tool for scan-build see https://reviews.llvm.org/D52151 llvm-toolchain-7 (1:7~+rc3-5) unstable; urgency=medium . [ John Paul Adrian Glaubitz ] * Add patch to fix missing include and library paths on x32 . [ Sylvestre Ledru ] * Only rename libomp when openmp is built llvm-toolchain-7 (1:7~+rc3-4) unstable; urgency=medium . [ Sylvestre Ledru ] * libc++-7-dev doesn't provide libstdc++-dev anymore (Closes: #908738) . [ Gianfranco Costamagna ] * Force polly cmake removal on arch:all because of --fail-missing . [ Reshabh Sharma ] * Make OpenMP packages coinstallable from version 7 * Make libc++ packages coinstallable from version 7 . [ John Paul Adrian Glaubitz ] * Add patch to fix missing MultiArch include dir on powerpcspe (Closes: #908791) * Disable LLDB on riscv64 llvm-toolchain-7 (1:7~+rc3-3) unstable; urgency=medium . [ John Paul Adrian Glaubitz ] * Disable OpenMP on unsupported architecture x32 . [ Sylvestre Ledru ] * Build llvm using -DLLVM_USE_PERF=yes (Closes: #908707) . [ Gianfranco Costamagna ] * Install polly only on arch:all packages llvm-toolchain-7 (1:7~+rc3-2) unstable; urgency=medium . [ John Paul Adrian Glaubitz ] * Fix inverted logic in ifeq statement for POLLY_ENABLE and OPENMP_ENABLE (Closes: #908646) . [ Gianfranco Costamagna ] * Drop gnustep and gnustep-devel suggestions (Closes: #902847) * Enable polly on s390x * Disable omp on armel mips and mipsel for now llvm-toolchain-7 (1:7~+rc3-1) unstable; urgency=medium . [ John Paul Adrian Glaubitz ] * Disable OpenMP on unsupported architectures powerpc, powerpcspe, riscv64 and sparc64 (Closes: #907912) . [ Sylvestre Ledru ] * New snapshot release llvm-toolchain-7 (1:7~+rc2-1~exp3) experimental; urgency=medium . * Remove libtool flex, bison, dejagnu, tcl, expect, and perl from the build deps (testing) * Disable force-gcc-header-obj.diff as it is introducing some regressions in the search headers (Closes: #903709) . [ Gianfranco Costamagna ] * Fix build on armhf, by removing some installed package * Fix build on s390x, by disabling OpenMP * Add liblldb-7-dev to python-lldb runtime dependencies, needed to import it * Enable lld on arm64, mips64el * Enable lldb on mips64el . [ Reshabh Sharma ] * Add version for libc++ and OpenMP packages breaks/replaces * Remove libc++-helpers package - No real value - Just two scripts - Command line arguments aren't that complex * Fix autopkgtest support llvm-toolchain-7 (1:7~+rc2-1~exp2) experimental; urgency=medium . * Force sphinx to be >> 1.2.3 * also ignore libc++experimental.a on dh_strip (fails on stretch) * Make libc++-7-dev & libc++abi-7-dev coinstallable . [ John Paul Adrian Glaubitz ] * Don't build with ld.gold on powerpcspe * Disable polly on powerpcspe * Add upstream patch to make rustc build on powerpc . [ Gianfranco Costamagna ] * Enable lld on ppc64el llvm-toolchain-7 (1:7~+rc2-1~exp1) experimental; urgency=medium . * New snapshot release * dh_strip should be verbose * On Stretch (binutils 2.28), do not run strip on libFuzzer.a, libc++.a & libc++abi.a because it segfaults * Fixed "weak-library-dev-dependency libc++-7-dev on libc++-7-helpers" * Fixed "libomp5-7: shlibs-declares-dependency-on-other-package libomp5-7) (>= 1:7~svn298832-1~)" * Also use the local cmake binary if available (for trusty) and take in account the PRE_PROCESS_CONF option . [ Reshabh Sharma ] * Fixed "Lintian warnings for libc++abi-7-dev package" - Warning: libc++abi-7-dev: breaks-without-version libc++-dev - Warning: libc++abi-7-dev: breaks-without-version libc++abi-dev - Warning: llvm-toolchain-7 source: binaries-have-file-conflict libc++abi-7-dev libc++abi1-7 usr/lib/llvm-7/lib/libc++abi.so llvm-toolchain-7 (1:7~+rc1-1~exp2) experimental; urgency=medium . * Disable force-gcc-header-obj.diff as it is introducing some regressions in the search headers (Closes: #903709) * libc++-7-dev should depend on libc++-7-helpers (and not libc++-helpers) * Fix the links in the helper package . [ Reshabh Sharma ] * Fix the path to libc++ header * libc++.so was in two packages llvm-toolchain-7 (1:7~+rc1-1~exp1) experimental; urgency=medium . * First testing release of 7 - Rename packages - Update the VCS-* URL * Standards-Version to 4.2.0 . [ Dimitri John Ledkov ] * Enable lldb on ppc64el LP: #1777136 . [ Reshabh Sharma ] * Integrate libcxx and libcxxabi as part of the llvm-toolchain packages Very similar to the previous packages except that libc++abi-7-test & libc++-7-test are no longer shipped Outcome of the LLVM GSoC 2018 (Closes: #813673) mariadb-10.1 (10.1.41-0+deb9u1) stretch; urgency=medium . * SECURITY UPDATE: New upstream version 10.1.41. Includes fixes for the following security vulnerabilities: - CVE-2019-2737 - CVE-2019-2739 - CVE-2019-2740 - CVE-2019-2805 * Previous release 10.1.39 includes fixes for the following security vulnerabilities: - CVE-2019-2627 - CVE-2019-2614 * Amend previous changelog entries to include newly released CVE numbers. * Gitlab-CI: Sync latest version from Debian Sid but with Stretch adaptions * Uses respolveip from correct path as per upstream fix (Closes: #928758) mediawiki (1:1.27.7-1~deb9u1) stretch-security; urgency=medium . * New upstream version 1.27.6 and 1.27.7 (security release), fixing CVE-2019-12466, CVE-2019-12467, CVE-2019-12468, CVE-2019-12469, CVE-2019-12470, CVE-2019-12471, CVE-2019-12472, CVE-2019-12473, CVE-2019-12474. The bundled jQuery was also updated, fixing CVE-2019-11358. mediawiki (1:1.27.6-1~deb9u1) stretch-security; urgency=medium . * New upstream version 1.27.6 (security release), fixing CVE-2019-12466, CVE-2019-12467, CVE-2019-12468, CVE-2019-12469, CVE-2019-12470, CVE-2019-12471, CVE-2019-12472, CVE-2019-12473, CVE-2019-12474. The bundled jQuery was also updated, fixing CVE-2019-11358. minissdpd (1.2.20130907-4.1+deb9u1) stretch; urgency=medium . * CVE-2019-12106: Prevent a use-after-free vulnerability that would allow a remote attacker to crash the process. (Closes: #929297) miniupnpd (1.8.20140523-4.1+deb9u2) stretch; urgency=medium . * Applied upstream patches for CVE-2019-12107, CVE-2019-12108, CVE-2019-12109, CVE-2019-12110. This version looks like not affected by CVE-2019-12111. (Closes: #930050). mitmproxy (0.18.2-6+deb9u2) stretch; urgency=medium . * Prevent insertion of unwanted upper-bound versioned dependencies mitmproxy (0.18.2-6+deb9u1) stretch; urgency=medium . * Blacklist tests that require internet access (Closes: #934033) * Add d/gbp.conf monkeysphere (0.41-1+deb9u1) stretch; urgency=medium . * Prevent a FTBFS by updating the tests to accommodate an updated GnuPG in stretch now producing a different output. (Closes: #934034) nasm-mozilla (2.14-1~deb9u1) stretch; urgency=medium . * Non-maintainer upload. * Backport to stretch as nasm-mozilla, required by Firefox ESR 68. * Lower debhelper compat to 10. ncbi-tools6 (6.1.20170106+dfsg1-0+deb9u1) stretch; urgency=medium . * Belatedly repackage without data/UniVec.*, some portions of which turned out to be non-free (with copyright held by Invitrogen Corporation, which requires a license for commercial use thereof). * debian/copyright: - Cover previously overlooked third-party code (all DFSG-free). - Update authors and dates for debian/*. - Set Files-Excluded to reflect repackaging. * debian/rules: Introduce NCBI_VERSION_SHLIB, with +dfsg1 stripped off. * debian/watch: Reflect usage of +dfsg1. * make/makeshlb.unx: NCBI_VERSION -> NCBI_VERSION_SHLIB. * Temporarily revert ncbi-cn3d splitout to expedite the above fixes. ncbi-tools6 (6.1.20170106-6) unstable; urgency=medium . * debian/rules: Find indirectly needed libraries via -rpath-link rather than LD_LIBRARY_PATH; the -rpath-link approach is generally saner, and in particular has a decent shot at fully fixing cross-building. ncbi-tools6 (6.1.20170106-5) unstable; urgency=medium . [ Andreas Tille ] * Improve cross building: Don't force the build architecture compiler (Thanks for the patch to Helmut Grohne) Closes: #908353 * cme fix dpkg-control . [ Aaron M. Ucko ] * debian/control: libvibrant6b Recommends: sensible-utils (no longer guaranteed present, per #871260). * Standards-Version: 4.3.0 (already compliant). ncbi-tools6 (6.1.20170106-4) unstable; urgency=medium . * debian/compat: Advance to Debhelper 11. * debian/control: - Mark *-data reshuffling with Breaks, not just Replaces. (Closes: #902364.) - Build-Depends: Advance to debhelper (>= 11~). * debian/copyright: Fix years (packaging through 2018, upstream through 2017). ncbi-tools6 (6.1.20170106-3) unstable; urgency=medium . [ Liubov Chuprikova ] * Added autopkgtest for ncbi-tools-bin. Closes: #879619 . [ Aaron M. Ucko ] * debian/{*.gif,ncbi2.css}: Add local copies of NCBI resources used by HTML docs. * debian/control: - Repoint Vcs-* at salsa.debian.org. - Standards-Version: 4.1.4 (already compliant). - Rules-Requires-Root: no (confirmed safe). * debian/{libncbi6,ncbi-tools-x11}.docs: Install resources from debian/ as needed. * debian/source/format: Set to 3.0 (quilt) to accommodate binary test data. * debian/source/include-binaries: List debian/tests/test-data/nc0305.aso.gz and (individually) debian/*.gif. * debian/source/options: single-debian-patch (tracking changes purely with git for now). * debian/source/patch-header: "Combined patches from git." * demo/{findspl,taxblast_main}.c: Call SOCK_SetupSSL (accidentally missed earlier). * doc/{dispatcher,firewall}.html: Patch to use (newly supplied) local resources, addressing a generic privacy breach caught by Lintian. * make/make{demo,net}.unx: Link findspl and taxblast against $(LIBTLS) and $(GNUTLS_LIBS). neovim (0.1.7-4+deb9u1) stretch-security; urgency=high . * Backport upstream patches to address CVE-2019-12735 (Closes: #930024) + vim-patch-8.0.0649 and vim-patch-8.0.0650: autocmd open help 2 times + vim-patch:8.1.0066: nasty autocommand causes using freed memory + vim-patch:8.1.0067: syntax highlighting not working when re-entering a buffer + vim-patch:8.1.0177: defining function in sandbox is inconsistent + vim-patch:8.1.0189: function defined in sandbox not tested + vim-patch:8.1.0205: invalid memory access with invalid modeline + vim-patch:8.1.0506: modeline test fails when run by root + vim-patch:8.1.0538: evaluating a modeline might invoke using a shell command + vim-patch:8.1.0539: cannot build without the sandbox + vim-patch:8.1.0540: may evaluate insecure value when appending to option + vim-patch:8.1.0544: setting 'filetype' in a modeline causes an error + vim-patch:8.1.0546: modeline test with keymap fails + vim-patch:8.1.0547: modeline test with keymap still fails + vim-patch:8.1.0613: when executing an insecure function the secure flag is stuck + vim-patch:8.1.1046: the "secure" variable is used inconsistently + vim-patch:8.1.1365: :source should check sandbox + vim-patch:8.1.1366: using expressions in a modeline is unsafe + vim-patch:8.1.1367: can set 'modelineexpr' in modeline + vim-patch:8.1.1368: modeline test fails with python but without pythonhome + vim-patch:8.1.1382: error when editing test file + vim-patch:8.1.1401: misspelled mkspellmem as makespellmem nginx (1.10.3-1+deb9u3) stretch-security; urgency=high . * Backport upstream fixes for 3 CVEs (Closes: #935037) Those fixes affect Nginx HTTP/2 implementation, which might cause excessive memory consumption and CPU usage. (CVE-2019-9511, CVE-2019-9513, CVE-2019-9516). node-growl (1.7.0-1+deb9u1) stretch; urgency=medium . * Team upload * Sanitize input before passing it to exec. This embeds shell-escape little module (Closes: #900868, CVE-2017-16042) node-ws (1.1.0+ds1.e6ddaae4-3+deb9u1) stretch; urgency=medium . * Team upload * Add patch to fix upload size to a sane value (Closes: #927671, CVE-2016-10542) open-vm-tools (2:10.1.5-5055683-4+deb9u2) stable; urgency=medium . * [34db05f] /tmp/VMwareDnD permissions security fix. Fix possible security issue with the permissions of the intermediate staging directory and path /tmp/VMwareDnD is a staging directory used for DnD and CnP. It should be a regular directory, but malicious code or user may create the /tmp/VMwareDnD as a symbolic link which points elsewhere on the system. This may provide user access to user B's files. Do not set the permission of the root directory if the root directory already exists and has the wrong permission. The permission of the directory must be 1777 if it is created by the VMToolsi. If not, then the directory has been created or modified by malicious code or user, so just cancel the host to guest DnD or CnP operation. (Closes: #925959) openjdk-8 (8u222-b10-1~deb9u1) stretch-security; urgency=medium . * Rebuild for stretch openjdk-8 (8u222-b07-3) unstable; urgency=medium . * Upload to unstable. openjdk-8 (8u222-b07-2) experimental; urgency=medium . * Remove AArch32 patches, applied upstream. * Fix build dependencies for Ubuntu precise builds. openjdk-8 (8u222-b07-1) experimental; urgency=medium . * Update to 8u222-b07. openjdk-8 (8u222-b05-1) experimental; urgency=medium . [ Matthias Klose ] * Update to 8u222-b05 (except for AArch32). * Apply suggested hotspot fixes for AArch32. * Re-enable running the testsuite. . [ Tiago Stürmer Daitx ] * Find any hs_err_pid files generated during the build and send to stdout. openjdk-8 (8u222-b04-3) experimental; urgency=medium . * Update ARM32 to jdk8u222-b04-aarch32-190603. * Regenerate the ppc64el patch. * Remove unused patches ppc64le-8036767 and zero-opt. openjdk-8 (8u222-b04-1) experimental; urgency=medium . * Update to 8u222-b04. * Update ARM32 to jdk8u212-b04-aarch32-190430. * Fix 32bit zero builds. openjdk-8 (8u212-b03-2) unstable; urgency=medium . * Don't apply the 8221355 fix for ARM builds. * Don't configure --with-vendor-name on stable releases. * Fix the jpeg runtime dependency for the build in unstable. openjdk-8 (8u212-b03-2~deb9u1) stretch-security; urgency=medium . * Rebuild for stretch-security openjdk-8 (8u212-b03-1) unstable; urgency=medium . [ Matthias Klose ] * Configure --with-vendor-name. * 8221355: Fix performance regression after JDK-8155635 backport into 8u. . [ Tiago Stürmer Daitx ] * Update to 8u212-b03. LP: #1826001. * Security fixes: - S8211936, CVE-2019-2602: Better String parsing. - S8218453, CVE-2019-2684: More dynamic RMI interactions. - S8219066, CVE-2019-2698: Fuzzing TrueType fonts: setCurrGlyphID(). * Revert to GTK2 as default since GTK3 still has padding and component issues: - debian/rules: always Build-Depends on libgtk2.0-dev and Depends on libgtk2.0-0 instead of relying on gtk3 for some releases. * debian/control: add missing dependency on testng (required by the testsuites). . [ Andrej Shadura ] * debian/rules: check for nodoc instead of nodocs in DEB_BUILD_OPTIONS. Closes: 922757. . [ Matthias Klose ] * debian/rules, debian/tests/jtdiff-autopkgtest.sh, debian/tests/jtreg-autopkgtest.in, debian/tests/jtreg-autopkgtest.sh: only set the JDK under test and allow jtreg to use its default JDK for running the tests. . [ Thorsten Glaser ] * Improve compatibility with older releases. Closes: #925407. - debian/rules: determine source date using backwards-compatible dpkg-parsechangelog call. - debian/control.in: put @bd_cross@ onto same line as @bd_nss@ as it can be empty. openjdk-8 (8u212-b01-1) unstable; urgency=medium . * Update to 8u212-b01. * Enable SA on AArch64. openldap (2.4.44+dfsg-5+deb9u3) stretch; urgency=medium . * Fix slapd to restrict rootDN proxyauthz to its own databases (CVE-2019-13057) (ITS#9038) (Closes: #932997) * Fix slapd to enforce sasl_ssf ACL statement on every connection (CVE-2019-13565) (ITS#9052) (Closes: #932998) * Fix slapo-rwm to not free original filter when rewritten filter is invalid (ITS#8964) (Closes: #934277, LP: #1838370) openssh (1:7.4p1-10+deb9u7) stretch; urgency=medium . * Fix deadlock when the keys/principals command produces a lot of output and a key is matched early (upstream commit ddd3d34e5c7979ca6f4a3a98a7d219a4ed3d98c2). (Closes: #905226) openssl (1.1.0k-1~deb9u1) stretch-security; urgency=medium . * Import 1.1.0k - CVE-2019-1543 (Prevent over long nonces in ChaCha20-Poly1305) openssl1.0 (1.0.2s-1~deb9u1) stretch-security; urgency=medium . * New upstream version passwordsafe (1.00+dfsg-1+deb9u1) stretch; urgency=medium . * Don't install localization files under an extra subdirectory. Closes: 932626 patch (2.7.5-1+deb9u2) stretch-security; urgency=high . * Fix CVE-2019-13636: mishandled following of symlinks (closes: #932401). * Fix CVE-2019-13638: shell command injection. * Fix CVE-2018-1000156 regression, temporary file leak on failed ed-style patches (closes: #933140). pdns (4.0.3-1+deb9u5) stretch-security; urgency=medium . * Fix CVE-2019-10162 and CVE-2019-10163 both in MASTER operation. Patches supplied by upstream and backported by Debian. php-horde-form (2.0.15-1+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Prevent directory traversal vulnerability (CVE-2019-9858) (Closes: #930321) postgresql-9.6 (9.6.15-0+deb9u1) stretch-security; urgency=medium . * New upstream security release. + Fixes regression in ALTER TABLE on multiple columns. (Closes: #932247) . + Require schema qualification to cast to a temporary type when using functional cast syntax (Noah Misch) . We have long required invocations of temporary functions to explicitly specify the temporary schema, that is pg_temp.func_name(args). Require this as well for casting to temporary types using functional notation, for example pg_temp.type_name(arg). Otherwise it's possible to capture a function call using a temporary object, allowing privilege escalation in much the same ways that we blocked in CVE-2007-2138. (CVE-2019-10208) . * On purge, ask the user if they want to remove clusters. (Closes: #911940, #933368) postgresql-9.6 (9.6.13-0+deb9u1) stretch-security; urgency=medium . * New upstream version. + Prevent row-level security policies from being bypassed via selectivity estimators (Dean Rasheed) . Some of the planner's selectivity estimators apply user-defined operators to values found in pg_statistic (e.g., most-common values). A leaky operator therefore can disclose some of the entries in a data column, even if the calling user lacks permission to read that column. In CVE-2017-7484 we added restrictions to forestall that, but we failed to consider the effects of row-level security. A user who has SQL permission to read a column, but who is forbidden to see certain rows due to RLS policy, might still learn something about those rows' contents via a leaky operator. This patch further tightens the rules, allowing leaky operators to be applied to statistics data only when there is no relevant RLS policy. (CVE-2019-10130) . * Move maintainer address to tracker. pound (2.7-1.3+deb9u1) stretch; urgency=medium . * Fix request smuggling via crafted headers, CVE-2016-10711 (Closes: #888786). proftpd-dfsg (1.3.5b-4+deb9u1) stretch-security; urgency=high . * proftpd-1.3.5e-CVE-2019-12815.patch by Paul Howarth to solve CVE-2019-12815 (Closes: #932453). python-clamav (0.4.1-8+deb9u1) stretch; urgency=medium . [ Scott Kitterman ] * Add d/p/python-clamav-add-support-for-clamav-0.101.0.patch to that python-clamav builds/works with clamav 101.1 and newer (Closes: #920959) * Bump libclamav-dev build-depends to match python-django (1:1.10.7-2+deb9u6) stretch-security; urgency=high . * Backport four security patches from upstream. (Closes: #934026) . - CVE-2019-14232: Denial-of-service possibility in django.utils.text.Truncator . If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. . The regular expressions used by Truncator have been simplified in order to avoid potential backtracking issues. As a consequence, trailing punctuation may now at times be included in the truncated output. . - CVE-2019-14233: Denial-of-service possibility in strip_tags() . Due to the behavior of the underlying HTMLParser, django.utils.html.strip_tags() would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities. The strip_tags() method is used to implement the corresponding striptags template filter, which was thus also vulnerable. . strip_tags() now avoids recursive calls to HTMLParser when progress removing tags, but necessarily incomplete HTML entities, stops being made. . Remember that absolutely NO guarantee is provided about the results of strip_tags() being HTML safe. So NEVER mark safe the result of a strip_tags() call without escaping it first, for example with django.utils.html.escape(). . - CVE-2019-14234: SQL injection possibility in key and index lookups for JSONField/HStoreField . Key and index lookups for django.contrib.postgres.fields.JSONField and key lookups for django.contrib.postgres.fields.HStoreField were subject to SQL injection, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to QuerySet.filter(). . - CVE-2019-14235: Potential memory exhaustion in django.utils.encoding.uri_to_iri() . If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to excessive recursion when re-percent-encoding invalid UTF-8 octet sequences. . uri_to_iri() now avoids recursion when re-percent-encoding invalid UTF-8 octet sequences. python-django (1:1.10.7-2+deb9u5) stretch-security; urgency=high . * CVE-2019-6975: Fix memory exhaustion in utils.numberformat.format. (Closes: #922027) * CVE-2019-12308: Prevent a XSS vulnerability in the Django admin via the AdminURLFieldWidget. (Closes: #929927) * CVE-2019-12781: Prevent incorrect HTTPS detection with reverse-proxies connecting via HTTPS. (Closes: #931316) qemu (1:2.8+dfsg-6+deb9u8) stretch-security; urgency=medium . [ Michal Arbet ] * Fix improper backport of CVE-2017-9524 fix that caused NBD connections to hang (Closes: #873012). Thanks to Geoffrey Thomas. - nbd-fully-initialize-client-in-case-of-failed-negotiation-CVE-2017-9524.patch: Don't move nbd_set_handlers before nbd_negotiate. - nbd-fix-regression-on-resiliency-to-port-scan-CVE-2017-9524.patch: Refresh. . [ Michael Tokarev ] * slirp-fix-heap-overflow-in-ip_reass-on-big-packet-input-CVE-2019-14378.patch bugfix in user-level networking Closes: #933741, CVE-2019-14378 * qemu-bridge-helper-restrict-interface-name-to-IFNAMSIZ-CVE-2019-13164.patch Closes: #931351, CVE-2019-13164 * integrate fix-md-clear-backport.patch into enable-md-clear.patch Thanks Moritz Mühlenhoff and Vincent Tondellier * device_tree-dont-use-load_image-CVE-2018-20815.patch fix unlikely overflow via saved image file size Closes: CVE-2018-20815 qemu (1:2.8+dfsg-6+deb9u7) stretch-security; urgency=medium . * Fix the md_clear backport, thanks to Vincent Tondellier (Closes: #929067) qemu (1:2.8+dfsg-6+deb9u6) stretch-security; urgency=medium . [ Moritz Mühlenhoff ] * slirp-correct-size-computation-concatenating-mbuf-CVE-2018-11806.patch (Closes: #901017, CVE-2018-11806) * qga-check-bytes-count-read-by-guest-file-read-CVE-2018-12617.patch (Closes: #902725, CVE-2018-12617) * usb-mtp-use-O_NOFOLLOW-and-O_CLOEXEC-CVE-2018-16872.patch (Closes: #916397, CVE-2018-16872) * rtl8139-fix-possible-out-of-bound-access-CVE-2018-17958.patch (Closes: #911499, CVE-2018-17958) * lsi53c895a-check-message-length-value-is-valid-CVE-2018-18849.patch (Closes: #912535, CVE-2018-18849) * ppc-pnv-check-size-before-data-buffer-access-CVE-2018-18954.patch (Closes: #914604, CVE-2018-18954) * 9p-write-lock-path-in-v9fs-co_open2.patch 9p-take-write-lock-on-fid-path-updates-CVE-2018-19364.patch (Closes: #914599, CVE-2018-19364) * 9p-fix-QEMU-crash-when-renaming-files-CVE-2018-19489.patch (Closes: #914727, CVE-2018-19489) * i2c-ddc-fix-oob-read-CVE-2019-3812.patch (Closes: #922635, CVE-2019-3812) * slirp-check-data-length-while-emulating-ident-function-CVE-2019-6778.patch (Closes: #921525, CVE-2019-6778) * slirp-check-sscanf-result-when-emulating-ident-CVE-2019-9824.patch (Closes: CVE-2019-9824) . [ Michael Tokarev ] * enable-md-clear.patch define new CPUID for MDS (Closes: #929067) (Closes: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091) * qxl-check-release-info-object-CVE-2019-12155.patch fixes null-pointer deref in qxl cleanup code (Closes: #929353, CVE-2019-12155) rdesktop (1.8.6-2~deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Rebuild for stretch-security * Relax debhelper build dependency * Relax Standards-Version to 3.9.8 . rdesktop (1.8.6-2) unstable; urgency=medium . * Backport fixed version number and typo. * Backport sec_decrypt() the correct amount of data (closes: #930511). . rdesktop (1.8.6-1) unstable; urgency=high . * New upstream release, including many security fixes. rdesktop (1.8.6-1) unstable; urgency=high . * New upstream release, including many security fixes. rdesktop (1.8.4-1) unstable; urgency=high . * New upstream release, including many security fixes: - fix possible integer overflow in s_check_rem() on 32bit arch, - CVE-2018-8791: fix minor information leak in rdpdr_process(), - CVE-2018-8792: fix denial of service in cssp_read_tsrequest(), - CVE-2018-8793: fix remote code execution in cssp_read_tsrequest(), - CVE-2018-8794: fix memory corruption in process_bitmap_data(), - CVE-2018-8795: fix remote code execution in process_bitmap_data(), - CVE-2018-8796: fix denial of service in process_bitmap_data(), - CVE-2018-8797: fix remote code execution in process_plane(), - CVE-2018-8798: fix minor information leak in rdpsnd_process_ping(), - CVE-2018-8799: fix denial of service in process_secondary_order(), - CVE-2018-8800: fix remote code execution in ui_clip_handle_data(), - CVE-2018-20174: fix major information leak in ui_clip_handle_data(), - CVE-2018-20175: fix denial of service in mcs_recv_connect_response() and in mcs_parse_domain_params(), - CVE-2018-20176: fix denial of service in sec_parse_crypt_info() and in sec_recv(), - CVE-2018-20177: fix memory corruption in rdp_in_unistr(), - CVE-2018-20178: fix denial of service in process_demand_active(), - CVE-2018-20179: fix remote code execution in lspci_process(), - CVE-2018-20180: fix remote code execution in rdpsnddbg_process(), - CVE-2018-20181: fix remote code execution in seamless_process(), - CVE-2018-20182: fix remote code execution in seamless_process_line(). * Update debhelper level to 11 . * Update Standards-Version to 4.3.0 . redis (3:3.2.6-3+deb9u3) stretch-security; urgency=high . * CVE-2019-10192: Fix two heap buffer overflows in the Hyperloglog functionality. (Closes: #931625) reportbug (7.1.7+deb9u3) stretch; urgency=medium . * Non-maintainer upload. * Exclude *.pyc from source package. * reportbug/utils.py - update release names, following Buster releases, patch by Nicolas Braud-Santoni; Closes: #932524, #931609 resiprocate (1:1.11.0~beta1-3+deb9u1) stretch; urgency=medium . * Non-maintainer upload. * libresiprocate-1.11-dev: Add Breaks: libssl-dev (>= 1.1) to help apt finding a valid installation set with --install-recommends enabled. ruby-mini-magick (4.5.1-1+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Don't allow remote shell execution (CVE-2019-13574) (Closes: #931932) samba (2:4.5.16+dfsg-1+deb9u2) stretch-security; urgency=high . * This is a security release in order to address the following defect: - CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum sdl-image1.2 (1.2.12-5+deb9u2) stretch; urgency=medium . * Non-maintainer upload. * CVE-2018-3977, CVE-2019-5058: buffer overflow in do_layer_surface (IMG_xcf.c) (Closes: #932755). * CVE-2019-5052: integer overflow and subsequent buffer overflow in IMG_pcx.c. * CVE-2019-7635: heap buffer overflow in Blit1to4 (IMG_bmp.c). * CVE-2019-12216, CVE-2019-12217, CVE-2019-12218, CVE-2019-12219, CVE-2019-12220, CVE-2019-12221, CVE-2019-12222, CVE-2019-5051: OOB R/W in IMG_LoadPCX_RW (IMG_pcx.c). signing-party (2.5-1+deb9u1) stretch; urgency=medium . * Backport security fix for CVE-2019-11627: unsafe shell call enabling shell injection via a User ID. Use Perl's (core) module Encode.pm instead of shelling out to `iconv`. (Closes: #928256.) slurm-llnl (16.05.9-1+deb9u4) stretch; urgency=medium . * Fix build regression on 32-bits architecture (Closes: #929600) slurm-llnl (16.05.9-1+deb9u3) stretch; urgency=medium . * Fix CVE-2019-6438 by adding mitigation for a potential heap-overflow on 32-bit systems (Closes: #920997) sox (14.4.1-5+deb9u2) stretch; urgency=medium . * Sync up patches with 14.4.1-5+deb8u4 (sans some uncommented patches) CVE-2019-8354 CVE-2019-8355 CVE-2019-8356 CVE-2019-8357 (Closes: #927906) CVE-2019-1010004 CVE-2017-18189 (Closes: #881121) CVE-2017-15642 (Closes: #882144) CVE-2017-15372 (Closes: #878808) CVE-2017-15371 (Closes: #878809) CVE-2017-15370 (Closes: #878810) CVE-2017-11359 CVE-2017-11358 CVE-2017-11332 (Closes: #870328) subversion (1.9.5-1+deb9u4) stretch-security; urgency=high . * Backport security fixes from upstream: + CVE-2018-11782: Remotely triggerable DoS vulnerability in svnserve 'get-deleted-rev'. + CVE-2018-0203: Remote unauthenticated denial-of-service in Subversion svnserve. symfony (2.8.7+dfsg-1.3+deb9u2) stretch-security; urgency=medium . * Cherry-pick upstream commits to fix security issues - [HttpFoundation] Remove support for legacy and risky HTTP headers [CVE-2018-14773] - [Form] Filter file uploads out of regular form types [CVE-2018-19789] - [Security\Http] detect bad redirect targets using backslashes [CVE-2018-19790] - [FrameworkBundle][Form] Fix XSS issues in the form theme of the PHP templating engine [CVE-2019-10909] - [DI] Check service IDs are valid [CVE-2019-10910] - [Security] Add a separator in the remember me cookie hash [CVE-2019-10911] - [PHPUnit Bridge] Prevent destructors with side-effects from being unserialized [CVE-2019-10912] - [HttpFoundation] fixed using _method parameter with invalid type - [HttpFoundation] reject invalid method override [CVE-2019-10913] systemd (232-25+deb9u12) stretch; urgency=medium . * networkd: Do not stop ndisc client in case of conf error. When an NDisc error happens, e.g. in case of a prefix change, do not shut down the dhcp client. Instead log about it and continue. Otherwise networkd might fail to renew the DHCPv4 address and lose IPv4 connectivity. (Closes: #930353) t-digest (1:3.0-1+deb9u1) stretch; urgency=medium . * Non-maintainer upload. * No-change rebuild to avoid reuse of pre-epoch version 3.0-1 (Closes: #929618) tenshi (0.13-2.1~deb9u1) stretch; urgency=medium . * Non-maintainer upload. * Rebuild for stretch. . tenshi (0.13-2.1) unstable; urgency=medium . * Non-maintainer upload. * Upload to unstable. * Drop DMUA. . tenshi (0.13-2+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the Debian LTS team. * Fix CVE-2017-11746: PID file issue allows local users to kill arbitrary processes (Closes: #871321) thunderbird (1:60.8.0-1~deb9u1) stretch-security; urgency=medium . [ Carsten Schoenert ] * Rebuild for stretch-security thunderbird (1:60.7.2-1) unstable; urgency=medium . * [d6c79ed] New upstream version 60.7.2 Fixed CVE issues in upstream version 60.7.2 (MFSA 2019-20 CVE-2019-11707: Type confusion in Array.pop CVE-2019-11708: sandbox escape using Prompt:Open thunderbird (1:60.7.2-1~deb9u1) stretch-security; urgency=medium . [ Carsten Schoenert ] * Rebuild for stretch-security thunderbird (1:60.7.1-1) unstable; urgency=high . * [f791dee] New upstream version 60.7.1 Fixed CVE issues in upstream version 60.7.1 (MFSA 2019-17) CVE-2019-11703: Heap buffer overflow in icalparser.c CVE-2019-11704: Heap buffer overflow in icalvalue.c CVE-2019-11705: Stack buffer overflow in icalrecur.c CVE-2019-11706: Type confusion in icalproperty.c thunderbird (1:60.7.1-1~deb9u1) stretch-security; urgency=medium . [ Carsten Schoenert ] * Rebuild for stretch-security thunderbird (1:60.7.0-1) unstable; urgency=medium . * [f6dd130] New upstream version 60.7.0 Fixed CVE issues in upstream version 60.7.0 (MFSA 2019-15) CVE-2019-9816: Type confusion with object groups and UnboxedObjects CVE-2019-9817: Stealing of cross-domain images using canvas CVE-2019-9819: Compartment mismatch with fetch API CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell CVE-2019-11691: Use-after-free in XMLHttpRequest CVE-2019-11692: Use-after-free removing listeners in the event listener manager CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux CVE-2019-7317: Use-after-free in png_image_free of libpng library CVE-2019-9797: Cross-origin theft of images with createImageBitmap CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks CVE-2019-5798: Out-of-bounds read in Skia CVE-2019-9800: Memory safety bugs fixed in Firefox 67, Firefox ESR 60.7, and Thunderbird 60.7 * [4106d54] rebuild patch queue from patch-queue branch added patch: fixes/rust-ignore-not-available-documentation.patch thunderbird (1:60.7.0-1~deb9u1) stretch-security; urgency=medium . [ Carsten Schoenert ] * Rebuild for stretch-security thunderbird (1:60.6.1-1) unstable; urgency=medium . [ intrigeri ] * [2013645] d/rules: drop useless usage of dpkg-parsechangelog . [ Carsten Schoenert ] * [daf1252] New upstream version 60.6.1 Fixed CVE issues in upstream version 60.6.0 (MFSA 2019-11) CVE-2019-9790: Use-after-free when removing in-use DOM elements CVE-2019-9791: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey CVE-2019-9792: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script CVE-2019-9793: Improper bounds checks when Spectre mitigations are disabled CVE-2019-9794: Command line arguments not discarded during execution CVE-2019-9795: Type-confusion in IonMonkey JIT compiler CVE-2019-9796: Use-after-free with SMIL animation controller CVE-2018-18506: Proxy Auto-Configuration file can define localhost access to be proxied CVE-2019-9788: Memory safety bugs fixed in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6 Fixed CVE issues in upstream version 60.6.1 (MFSA 2019-12) CVE-2019-9810: IonMonkey MArraySlice has incorrect alias information CVE-2019-9813: Ionmonkey type confusion with __proto__ mutations * [f88a505] rebuild patch queue from patch-queue branch added patch: fixes/Bug-1526744-find-dupes.py-Calculate-md5-by-chunk.patch tzdata (2019b-0+deb9u1) stretch; urgency=medium . * New upstream version, affecting the following past and future timestamps: - Brazil has canceled DST and will stay on standard time indefinitely. - Predictions for Morocco now go through 2087 instead of 2037. - Palestine's 2019 spring transition was 03-29 at 00:00, not 03-30 at 01:00. Guess future transitions to be March's last Friday at 00:00. - Many corrections to historical Hong Kong transitions from 1941 to 1947. tzdata (2019a-1) unstable; urgency=medium . * New upstream version, affecting the following past and future timestamps: - Palestine will not start DST until 2019-03-30, instead of 2019-03-23 as previously predicted. - Metlakatla ended its observance of Pacific standard time, rejoining Alaska Time, on 2019-01-20 at 02:00. unzip (6.0-21+deb9u2) stretch; urgency=medium . * Fix incorrect parsing of 64-bit values in fileio.c. Closes: #929502. * Apply three patches by Mark Adler to fix CVE-2019-13232. - Fix bug in undefer_input() that misplaced the input state. - Detect and reject a zip bomb using overlapped entries. Bug discovered by David Fifield. Closes: #931433. - Do not raise a zip bomb alert for a misplaced central directory. Reported by Peter Green. Closes: #932404. usbutils (1:007-4+deb9u1) stretch; urgency=medium . * Update usb.ids. Closes: #927365. vim (2:8.0.0197-4+deb9u3) stretch-security; urgency=medium . * Backport patch 8.1.0067 to fix loss of syntax highlighting (Closes: #930718) + 8.1.0067: syntax highlighting not working when re-entering a buffer vim (2:8.0.0197-4+deb9u2) stretch-security; urgency=high . * Backport patches to address CVE-2019-12735 (Closes: #930020) + 8.0.0649: when opening a help file the filetype is set several times + 8.0.0651: build failure without the auto command feature + 8.1.0066: nasty autocommand causes using freed memory + 8.1.0177: defining function in sandbox is inconsistent + 8.1.0189: function defined in sandbox not tested + 8.1.0205: invalid memory access with invalid modeline + 8.1.0206: duplicate test function name + 8.1.0208: file left behind after running individual test + 8.1.0506: modelinen test fails when run by root + 8.1.0538: evaluating a modeline might invoke using a shell command + 8.1.0539: cannot build without the sandbox + 8.1.0540: may evaluate insecure value when appending to option + 8.1.0544: setting 'filetype' in a modeline causes an error + 8.1.0546: modeline test with keymap fails + 8.1.0547: modeline test with keymap still fails + 8.1.0613: when executing an insecure function the secure flag is stuck + 8.1.1046: the "secure" variable is used inconsistently + 8.1.1365: source command doesn't check for the sandbox + 8.1.1366: using expressions in a modeline is unsafe + 8.1.1367: can set 'modelineexpr' in modeline + 8.1.1368: modeline test fails with python but without pythonhome + 8.1.1382: error when editing test files + 8.1.1401: misspelled mkspellmem and makespellmem * gbp.conf: Set debian-branch to debian/stretch * gbp.conf: Set upstream-tag to v%(version)s vlc (3.0.8-0+deb9u1) stretch-security; urgency=high . * New upstream release. - Fix a buffer overflow in the MKV demuxer (CVE-2019-14970) - Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962) - Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438) - Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776) - Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778) - Fix a use after free in the ASF demuxer (CVE-2019-14533) - Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602) (Closes: #932131) - Fix a null dereference in the ASF demuxer (CVE-2019-14534) - Fix a division by zero in the CAF demuxer (CVE-2019-14498) - Fix a division by zero in the ASF demuxer (CVE-2019-14535) - Fix a division by zero when playing DVDs. (Closes: #929491, #923017, #932182) * debian/patches: - Revert modplug version bump. We use the libopenmpt compat layer anyway. - Revert libebml version bump. libebml has been fixed separately. vlc (3.0.7.1-3) unstable; urgency=medium . * debian/patches: Apply upstream patch to fix SIGFPE when playing DVDs. (Closes: #929491, #923017, #932182) vlc (3.0.7.1-2) unstable; urgency=medium . * debian/: Remove obsolete maintscripts. * debian/control: - Remove obsolete transitional package. - Remove obsolete Breaks+Replaces. - Bump Standards-Version. * debian/patches: Apply upstream patches to - unbreak rendering in subsvtt. - fix integer underflows in mp4. (CVE-2019-13602) (Closes: #932131) vlc (3.0.7.1-1) unstable; urgency=medium . * New upstream release. vlc (3.0.7-1) unstable; urgency=high . * New upstream release. - Fix multiple integer overflows. - Fix multiple buffer overflows. - Fix use-after-free issue. - Fix NULL pointer dereference. - Fix other memory access bugs and infinite loops. * debian/rules: Be explicit about --enable-debug/disable-debug. vlc (3.0.7-0+deb9u1) stretch-security; urgency=medium . * New upstream bug fix release. (Closes: #930276) - Fix multiple integer overflows. - Fix multiple buffer overflows. - Fix use-after-free issue. - Fix NULL pointer dereference. - Fix other memory access bugs and infinite loops. * debian/patches: Removed, included upstream. vlc (3.0.6-1) unstable; urgency=medium . * New upstream release. wpa (2:2.4-1+deb9u4) stretch-security; urgency=high . * SECURITY UPDATE (2019-5): - CVE-2019-11555: EAP-pwd message reassembly issue with unexpected fragment (Closes: #927463). xymon (4.3.28-2+deb9u1) stretch; urgency=high . * Apply minimal upstream security patch to fix several (server-only) vulnerabilities reported upstream by Graham Rymer: + CVE-2019-13451: service overflows histlogfn in history.c. + CVE-2019-13452: service overflows histlogfn in reportlog.c. + CVE-2019-13273: srdb overflows dbfn in csvinfo.c. + CVE-2019-13274: reflected XSS in csvinfo.c. + CVE-2019-13455: htmlquoted(hostname) overflows msgline in acknowledge.c. + CVE-2019-13484: htmlquoted(xymondreq) overflows errtxt appfeed.c. + CVE-2019-13485: hostname overflows selfurl in history.c. + CVE-2019-13486: htmlquoted(xymondreq) overflows errtxt in svcstatus.c. + Closes: #935470 * Include hostname validation regression fixes from 4.3.30, too. yubico-piv-tool (1.4.2-2+deb9u2) stretch; urgency=high . * Remove cruft that was included in the source package by mistake. yubico-piv-tool (1.4.2-2+deb9u1) stretch-proposed-updates; urgency=high . * Team upload. * Backport the fix for CVE-2018-14779 & CVE-2018-14780 Closes: #906128 z3 (4.4.1-1~deb9u1) stretch; urgency=medium . * Non-maintainer upload. * Rebuild for stretch. . z3 (4.4.1-1~deb10u1) buster; urgency=medium . * Non-maintainer upload. * Rebuild for buster. . z3 (4.4.1-1) unstable; urgency=medium . [ Gianfranco Costamagna ] * Team Upload * Upload to unstable . [ Andreas Beckmann ] * Do not set the SONAME of libz3java.so to libz3.so.4. (Closes: #842892) . z3 (4.4.1-0.5~exp1) experimental; urgency=medium . * Package moved to salsa (Closes: #926939) * Standards-Version updated to 4.2.1 * Fix priority-extra-is-replaced-by-priority-optional warning * Moved under the llvm umbrella z3 (4.4.1-0.5~exp1) experimental; urgency=medium . * Package moved to salsa (Closes: #926939) * Standards-Version updated to 4.2.1 * Fix priority-extra-is-replaced-by-priority-optional warning * Moved under the llvm umbrella z3 (4.4.1-0.4) unstable; urgency=medium . * Non-maintainer upload. * Remove the incorrect Multi-Arch: same of python-z3, thanks to Helmut Grohne. (Closes: #874237) zeromq3 (4.2.1-4+deb9u2) stretch-security; urgency=high . [ Luca Boccassi ] * Fix CVE-2019-13132: application metadata not parsed correctly when using CURVE. zfs-auto-snapshot (1.2.1-1+deb9u1) stretch; urgency=medium . * Backported from 1.2.4: - Make cronjobs exit silently after package removal. (Closes: #850776) znc (1.6.5-1+deb9u2) stretch-security; urgency=high . * Add upstream patch 03-CVE-2019-12816 to fix a remote code execution by elevating privileges as described in CVE-2019-12816. * Add patch 04-CVE-2019-9917 to fix CVE-2019-9917: Denial of Service (crash) via invalid encoding. Much thanks to Santiago Ruano Rincón for this patch! Closes: #925285 zookeeper (3.4.9-3+deb9u2) stretch-security; urgency=high . * CVE-2019-0201: Prevent an information disclosure vulnerability where users who were not authorised to read data were able to view the access control list. (Closes: #929283) ====================================== Sat, 27 Apr 2019 - Debian 9.9 released ====================================== ========================================================================= ========================================================================= [Date: Sat, 27 Apr 2019 08:24:04 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: mozilla-gnome-keyring | 0.12-1 | source xul-ext-gnome-keyring | 0.12-1 | all Closed bugs: 922791 ------------------- Reason ------------------- RoQA; incompatible with newer firefox-esr versions ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Apr 2019 08:24:24 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: gcontactsync | 2.0.5-1 | source xul-ext-gcontactsync | 2.0.5-1 | all Closed bugs: 922792 ------------------- Reason ------------------- RoQA; incompatible with newer firefox-esr versions ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Apr 2019 08:24:44 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: google-tasks-sync | 0.5.3-1 | source xul-ext-google-tasks-sync | 0.5.3-1 | all Closed bugs: 922793 ------------------- Reason ------------------- RoQA; incompatible with newer firefox-esr versions ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Apr 2019 08:25:23 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: timeline | 0.5-4 | source xul-ext-timeline | 0.5-4 | all Closed bugs: 925504 ------------------- Reason ------------------- RoQA; incompatible with newer thunderbird versions ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Apr 2019 08:25:43 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: tbdialout | 1.7.2-1+deb9u1 | source xul-ext-tbdialout | 1.7.2-1+deb9u1 | all Closed bugs: 926048 ------------------- Reason ------------------- RoQA; incompatible with newer thunderbird versions ---------------------------------------------- ========================================================================= ========================================================================= ========================================================================= [Date: Sat, 27 Apr 2019 08:32:58 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: gcu-plugin | 0.14.15-1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by gnome-chemistry-utils) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Apr 2019 08:33:24 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: icedtea-8-plugin | 1.6.2-3.1 | amd64, arm64, armel, armhf, i386, ppc64el, s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by icedtea-web) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Apr 2019 08:33:48 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: default-java-plugin | 2:1.8-58 | amd64, arm64, armel, armhf, i386, ppc64el, s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by java-common) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Apr 2019 08:35:29 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: btrfs-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel cdrom-core-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel crypto-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel event-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel ext4-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel fat-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel fb-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel fuse-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel input-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel ipv6-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel isofs-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel jffs2-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel jfs-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel kernel-image-4.9.0-8-marvell-di | 4.9.144-3.1 | armel leds-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel linux-headers-4.9.0-8-all-armel | 4.9.144-3.1 | armel linux-headers-4.9.0-8-marvell | 4.9.144-3.1 | armel linux-image-4.9.0-8-marvell | 4.9.144-3.1 | armel linux-image-4.9.0-8-marvell-dbg | 4.9.144-3.1 | armel loop-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel md-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel minix-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel mmc-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel mouse-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel mtd-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel multipath-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel nbd-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel nic-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel nic-shared-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel nic-usb-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel ppp-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel sata-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel scsi-core-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel squashfs-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel udf-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel usb-serial-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel usb-storage-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel zlib-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Apr 2019 08:36:49 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: ata-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf btrfs-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf crc-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf crypto-dm-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf crypto-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf efi-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf event-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf ext4-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf fat-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf fb-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf fuse-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf i2c-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf input-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf isofs-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf jfs-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf kernel-image-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf leds-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf linux-headers-4.9.0-8-all-armhf | 4.9.144-3.1 | armhf linux-headers-4.9.0-8-armmp | 4.9.144-3.1 | armhf linux-headers-4.9.0-8-armmp-lpae | 4.9.144-3.1 | armhf linux-image-4.9.0-8-armmp | 4.9.144-3.1 | armhf linux-image-4.9.0-8-armmp-dbg | 4.9.144-3.1 | armhf linux-image-4.9.0-8-armmp-lpae | 4.9.144-3.1 | armhf linux-image-4.9.0-8-armmp-lpae-dbg | 4.9.144-3.1 | armhf loop-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf md-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf mmc-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf mtd-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf multipath-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf nbd-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf nic-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf nic-shared-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf nic-usb-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf nic-wireless-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf pata-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf ppp-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf sata-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf scsi-core-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf scsi-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf squashfs-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf udf-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf uinput-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf usb-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf usb-storage-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf virtio-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf zlib-modules-4.9.0-8-armmp-di | 4.9.144-3.1 | armhf ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Apr 2019 08:37:31 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: acpi-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 acpi-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 ata-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 ata-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 btrfs-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 btrfs-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 cdrom-core-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 cdrom-core-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 crc-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 crc-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 crypto-dm-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 crypto-dm-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 crypto-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 crypto-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 efi-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 efi-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 event-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 event-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 ext4-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 ext4-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 fat-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 fat-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 fb-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 fb-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 firewire-core-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 firewire-core-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 fuse-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 fuse-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 hyperv-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 hyperv-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 i2c-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 i2c-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 input-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 input-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 isofs-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 isofs-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 jfs-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 jfs-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 kernel-image-4.9.0-8-686-di | 4.9.144-3.1 | i386 kernel-image-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 linux-headers-4.9.0-8-686 | 4.9.144-3.1 | i386 linux-headers-4.9.0-8-686-pae | 4.9.144-3.1 | i386 linux-headers-4.9.0-8-all-i386 | 4.9.144-3.1 | i386 linux-headers-4.9.0-8-rt-686-pae | 4.9.144-3.1 | i386 linux-image-4.9.0-8-686 | 4.9.144-3.1 | i386 linux-image-4.9.0-8-686-dbg | 4.9.144-3.1 | i386 linux-image-4.9.0-8-686-pae | 4.9.144-3.1 | i386 linux-image-4.9.0-8-686-pae-dbg | 4.9.144-3.1 | i386 linux-image-4.9.0-8-rt-686-pae | 4.9.144-3.1 | i386 linux-image-4.9.0-8-rt-686-pae-dbg | 4.9.144-3.1 | i386 loop-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 loop-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 md-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 md-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 mmc-core-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 mmc-core-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 mmc-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 mmc-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 mouse-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 mouse-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 multipath-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 multipath-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 nbd-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 nbd-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 nic-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 nic-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 nic-pcmcia-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 nic-pcmcia-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 nic-shared-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 nic-shared-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 nic-usb-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 nic-usb-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 nic-wireless-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 nic-wireless-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 ntfs-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 ntfs-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 pata-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 pata-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 pcmcia-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 pcmcia-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 pcmcia-storage-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 pcmcia-storage-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 ppp-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 ppp-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 sata-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 sata-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 scsi-core-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 scsi-core-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 scsi-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 scsi-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 serial-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 serial-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 sound-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 sound-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 speakup-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 speakup-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 squashfs-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 squashfs-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 udf-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 udf-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 uinput-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 uinput-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 usb-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 usb-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 usb-serial-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 usb-serial-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 usb-storage-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 usb-storage-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 virtio-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 virtio-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 xfs-modules-4.9.0-8-686-di | 4.9.144-3.1 | i386 xfs-modules-4.9.0-8-686-pae-di | 4.9.144-3.1 | i386 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Apr 2019 08:37:50 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-headers-4.9.0-8-all-mips | 4.9.144-3.1 | mips ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Apr 2019 08:38:37 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: affs-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel btrfs-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel cdrom-core-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel crc-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel crypto-dm-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel crypto-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel event-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel ext4-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel fat-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel fuse-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel hfs-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel input-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel isofs-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel jfs-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel kernel-image-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel linux-headers-4.9.0-8-5kc-malta | 4.9.144-3.1 | mips, mips64el, mipsel linux-headers-4.9.0-8-octeon | 4.9.144-3.1 | mips, mips64el, mipsel linux-image-4.9.0-8-5kc-malta | 4.9.144-3.1 | mips, mips64el, mipsel linux-image-4.9.0-8-5kc-malta-dbg | 4.9.144-3.1 | mips, mips64el, mipsel linux-image-4.9.0-8-octeon | 4.9.144-3.1 | mips, mips64el, mipsel linux-image-4.9.0-8-octeon-dbg | 4.9.144-3.1 | mips, mips64el, mipsel loop-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel md-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel minix-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel multipath-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel nbd-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel nic-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel nic-shared-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel nic-usb-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel nic-wireless-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel ntfs-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel pata-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel ppp-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel rtc-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel sata-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel scsi-core-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel scsi-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel sound-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel squashfs-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel udf-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel usb-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel usb-serial-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel usb-storage-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel virtio-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel xfs-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel zlib-modules-4.9.0-8-octeon-di | 4.9.144-3.1 | mips, mips64el, mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Apr 2019 08:39:01 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: acpi-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 ata-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 btrfs-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 cdrom-core-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 crc-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 crypto-dm-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 crypto-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 efi-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 event-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 ext4-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 fat-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 fb-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 firewire-core-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 fuse-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 hyperv-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 i2c-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 input-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 isofs-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 jfs-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 kernel-image-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 linux-headers-4.9.0-8-all-amd64 | 4.9.144-3.1 | amd64 linux-headers-4.9.0-8-amd64 | 4.9.144-3.1 | amd64 linux-headers-4.9.0-8-rt-amd64 | 4.9.144-3.1 | amd64 linux-image-4.9.0-8-amd64 | 4.9.144-3.1 | amd64 linux-image-4.9.0-8-amd64-dbg | 4.9.144-3.1 | amd64 linux-image-4.9.0-8-rt-amd64 | 4.9.144-3.1 | amd64 linux-image-4.9.0-8-rt-amd64-dbg | 4.9.144-3.1 | amd64 loop-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 md-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 mmc-core-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 mmc-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 mouse-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 multipath-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 nbd-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 nic-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 nic-pcmcia-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 nic-shared-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 nic-usb-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 nic-wireless-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 ntfs-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 pata-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 pcmcia-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 pcmcia-storage-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 ppp-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 sata-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 scsi-core-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 scsi-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 serial-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 sound-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 speakup-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 squashfs-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 udf-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 uinput-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 usb-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 usb-serial-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 usb-storage-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 virtio-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 xfs-modules-4.9.0-8-amd64-di | 4.9.144-3.1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Apr 2019 08:39:17 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: btrfs-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x crc-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x crypto-dm-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x crypto-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x dasd-extra-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x dasd-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x ext4-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x fat-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x fuse-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x isofs-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x kernel-image-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x linux-headers-4.9.0-8-all-s390x | 4.9.144-3.1 | s390x linux-headers-4.9.0-8-s390x | 4.9.144-3.1 | s390x linux-image-4.9.0-8-s390x | 4.9.144-3.1 | s390x linux-image-4.9.0-8-s390x-dbg | 4.9.144-3.1 | s390x loop-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x md-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x multipath-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x nbd-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x nic-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x scsi-core-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x scsi-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x udf-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x virtio-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x xfs-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x zlib-modules-4.9.0-8-s390x-di | 4.9.144-3.1 | s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Apr 2019 08:39:52 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-headers-4.9.0-8-all | 4.9.144-3.1 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Apr 2019 08:40:18 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: ata-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 btrfs-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 cdrom-core-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 crc-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 crypto-dm-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 crypto-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 efi-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 event-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 ext4-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 fat-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 fb-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 fuse-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 i2c-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 input-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 isofs-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 jfs-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 kernel-image-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 leds-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 linux-headers-4.9.0-8-all-arm64 | 4.9.144-3.1 | arm64 linux-headers-4.9.0-8-arm64 | 4.9.144-3.1 | arm64 linux-image-4.9.0-8-arm64 | 4.9.144-3.1 | arm64 linux-image-4.9.0-8-arm64-dbg | 4.9.144-3.1 | arm64 loop-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 md-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 mmc-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 multipath-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 nbd-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 nic-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 nic-shared-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 nic-usb-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 nic-wireless-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 ppp-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 sata-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 scsi-core-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 scsi-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 squashfs-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 udf-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 uinput-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 usb-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 usb-storage-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 virtio-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 xfs-modules-4.9.0-8-arm64-di | 4.9.144-3.1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Apr 2019 08:41:38 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: crc-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel crypto-dm-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Apr 2019 08:42:04 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: affs-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel ata-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel btrfs-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel cdrom-core-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel crc-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel crypto-dm-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel crypto-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel event-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel ext4-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel fat-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel fuse-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel hfs-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel i2c-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel input-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel isofs-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel jfs-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel kernel-image-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel linux-headers-4.9.0-8-4kc-malta | 4.9.144-3.1 | mips, mipsel linux-image-4.9.0-8-4kc-malta | 4.9.144-3.1 | mips, mipsel linux-image-4.9.0-8-4kc-malta-dbg | 4.9.144-3.1 | mips, mipsel loop-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel md-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel minix-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel mmc-core-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel mmc-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel mouse-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel multipath-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel nbd-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel nic-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel nic-shared-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel nic-usb-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel nic-wireless-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel ntfs-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel pata-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel ppp-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel sata-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel scsi-core-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel scsi-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel sound-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel squashfs-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel udf-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel usb-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel usb-serial-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel usb-storage-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel virtio-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel xfs-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel zlib-modules-4.9.0-8-4kc-malta-di | 4.9.144-3.1 | mips, mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Apr 2019 08:42:36 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: affs-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el ata-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el btrfs-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el cdrom-core-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el crc-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el crypto-dm-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el crypto-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el event-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el ext4-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el fat-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el fuse-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el hfs-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el i2c-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el input-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el isofs-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el jfs-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el kernel-image-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el linux-headers-4.9.0-8-all-mips64el | 4.9.144-3.1 | mips64el loop-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el md-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el minix-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el mmc-core-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el mmc-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el mouse-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el multipath-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el nbd-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el nic-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el nic-shared-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el nic-usb-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el nic-wireless-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el ntfs-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el pata-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el ppp-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el sata-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el scsi-core-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el scsi-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el sound-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el squashfs-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el udf-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el usb-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el usb-serial-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el usb-storage-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el virtio-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el xfs-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el zlib-modules-4.9.0-8-5kc-malta-di | 4.9.144-3.1 | mips64el ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Apr 2019 08:43:12 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: affs-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel ata-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel btrfs-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel cdrom-core-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel crc-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel crypto-dm-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel crypto-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel event-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel ext4-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel fat-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel fb-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel firewire-core-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel fuse-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel hfs-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel input-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel isofs-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel jfs-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel kernel-image-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel linux-headers-4.9.0-8-loongson-3 | 4.9.144-3.1 | mips64el, mipsel linux-image-4.9.0-8-loongson-3 | 4.9.144-3.1 | mips64el, mipsel linux-image-4.9.0-8-loongson-3-dbg | 4.9.144-3.1 | mips64el, mipsel loop-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel md-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel nbd-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel nfs-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel nic-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel nic-shared-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel nic-usb-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel nic-wireless-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel ntfs-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel pata-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel ppp-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel sata-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel scsi-core-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel scsi-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel sound-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel speakup-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel squashfs-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel udf-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel usb-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel usb-serial-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel usb-storage-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel virtio-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel xfs-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel zlib-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Apr 2019 08:43:33 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-headers-4.9.0-8-all-mipsel | 4.9.144-3.1 | mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Apr 2019 08:43:58 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: ata-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el btrfs-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el cdrom-core-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el crc-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el crypto-dm-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el crypto-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el event-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el ext4-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el fancontrol-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el fat-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el firewire-core-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el fuse-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el hypervisor-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el input-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el isofs-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el jfs-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el kernel-image-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el linux-headers-4.9.0-8-all-ppc64el | 4.9.144-3.1 | ppc64el linux-headers-4.9.0-8-powerpc64le | 4.9.144-3.1 | ppc64el linux-image-4.9.0-8-powerpc64le | 4.9.144-3.1 | ppc64el linux-image-4.9.0-8-powerpc64le-dbg | 4.9.144-3.1 | ppc64el loop-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el md-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el mouse-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el multipath-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el nbd-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el nic-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el nic-shared-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el ppp-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el sata-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el scsi-core-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el scsi-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el serial-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el squashfs-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el udf-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el uinput-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el usb-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el usb-serial-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el usb-storage-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el virtio-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el xfs-modules-4.9.0-8-powerpc64le-di | 4.9.144-3.1 | ppc64el ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Apr 2019 08:44:40 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: uinput-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel usb-modules-4.9.0-8-marvell-di | 4.9.144-3.1 | armel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Apr 2019 08:44:51 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: minix-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel multipath-modules-4.9.0-8-loongson-3-di | 4.9.144-3.1 | mips64el, mipsel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Apr 2019 08:47:33 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-headers-4.9.0-8-common | 4.9.144-3.1 | all linux-headers-4.9.0-8-common-rt | 4.9.144-3.1 | all ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Apr 2019 08:49:07 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: icedtea-plugin | 1.6.2-3.1 | all ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by icedtea-web) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Apr 2019 08:49:49 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-support-4.9.0-8 | 4.9.144-3.1 | all ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Apr 2019 08:56:57 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: linux-doc-4.9 | 4.9.144-3.1 | all linux-manual-4.9 | 4.9.144-3.1 | all linux-source-4.9 | 4.9.144-3.1 | all ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 27 Apr 2019 08:58:11 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: java-common | 0.58 | all ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by java-common) ---------------------------------------------- ========================================================================= ansible (2.2.1.0-2+deb9u1) stretch-security; urgency=high . * Add patch to fix CVE 2018-10855. * Add patch to fix CVE 2018-16837. * Add patch to fix CVE 2018-10875. * Add patch to fix CVE 2018-16876. * Add patch to fix CVE 2019-3828. apache2 (2.4.25-3+deb9u7) stretch-security; urgency=medium . [ Xavier Guimard ] * CVE-2018-17199: mode_session: Fix missing check for session expiry time. Closes: #920303 . [ Stefan Fritsch ] * mod_http2: Fix keepalive timeout behavior. This fixes a regression with Safari web browsers, introduced in 2.4.25-3+deb9u6. Closes: #915103 * Fix typo in apache2_switch_mpm() in apache2-maintscript-helper. Closes: #904150 * CVE-2018-17189: mod_http2: Fix DoS via slow, unneeded request bodies. Closes: #920302 * CVE-2019-0196: mod_http2: Fix read after free * CVE-2019-0211: All MPMs: privilege escalation from www-data user to root. * CVE-2019-0217: mod_auth_digest: Access control bypass * CVE-2019-0220: URL normalization inconsistincy. Consecutive slashes in URL's are now merged before use in LocationMatch and RewriteRule. The old behavior can be restored with the new directive "MergeSlashes off". audiofile (0.3.6-4+deb9u1) stretch; urgency=medium . * CVE-2018-13440 (Closes: #903499) * CVE-2018-17095 (Closes: #913166) base-files (9.9+deb9u9) stretch; urgency=medium . * Change /etc/debian_version to 9.9, for Debian 9.9 point release. bwa (0.7.15-2+deb9u1) stretch; urgency=medium . * Team upload * Add patch from upstream to fix CVE-2019-10269. (Closes: #926014) ca-certificates-java (20170929~deb9u3) stretch; urgency=medium . * Team upload. * Fix printf syntax problem introduced in 20170929~deb9u2 ca-certificates-java (20170929~deb9u2) stretch; urgency=medium . * Team upload. * Address bashisms in postinst and jks-keystore (Closes: #922720) cernlib (20061220+dfsg3-4.3+deb9u2) stretch; urgency=medium . * Update patch 304-update-Imake-config-files.dpatch to force -no-pie when linking Fortran executables (workaround for #863152 being in the way of the previous fix) cernlib (20061220+dfsg3-4.3+deb9u1) stretch; urgency=medium . * Backport for stretch of the fix for #922453 bringed by 20061220+dfsg3-4.4 * 126-fix-patchy-compile-flags.dpatch 304-update-Imake-config-files.dpatch: fix these patches to apply optimization flag -O to fortran modules instead of -O2 which generates broken code (closes: #922453; thanks to Jacek M. Holeczek ) choose-mirror (2.79+deb9u1) stretch; urgency=medium . [ Cyril Brulebois ] * Update MIRRORLISTURL to point to salsa. . [ Julien Cristau ] * Update Mirrors.masterlist. chrony (3.0-4+deb9u2) stretch; urgency=medium . * debian/patches/*: - Add allow-_llseek-in-seccomp-filter.patch. Needed on various 32-bit plateforms to log the {raw}measurements and statistics information when the seccomp filter is enabled. Thanks a lot to Francesco Poli (wintermute) for the report. (Closes: #923137) - Add allow-waitpid-in-seccomp-filter.patch. Needed to correctly stop chronyd on some plateforms when the seccomp filter is enabled. ckermit (302-5.3+deb9u1) stretch; urgency=medium . * Non-maintainer upload. * Drop check openssl compile time version vs runtime version (Closes: #917485). clamav (0.100.3+dfsg-0+deb9u1) stretch; urgency=medium . * New upstream security release - Fixes for the following vulnerabilities: - [CVE-2019-1787]: An out-of-bounds heap read condition may occur when scanning PDF documents. The defect is a failure to correctly keep track of the number of bytes remaining in a buffer when indexing file data. - [CVE-2019-1789]: An out-of-bounds heap read condition may occur when scanning PE files (i.e. Windows EXE and DLL files) that have been packed using Aspack as a result of inadequate bound-checking. - [CVE-2019-1788]: An out-of-bounds heap write condition may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. The invalid write happens when an invalid pointer is mistakenly used to initialize a 32bit integer to zero. This is likely to crash the application. * Update debian/copyright * Update private symbols for new upstream release clamav (0.100.2+dfsg-2) unstable; urgency=medium . * Increase clamd socket command read timeout to 30 seconds (Closes: #915098) clamav (0.100.2+dfsg-1) unstable; urgency=medium . * Import new upstream - Bump symbol version due to new version. - CVE-2018-15378 (Closes: #910430). * add NEWS.md and README.md from upstream * Fix infinite loop in dpkg-reconfigure, Patch by Santiago Ruano Rincón (Closes: #905044). coturn (4.5.0.5-1+deb9u1) stretch-security; urgency=high . * HotFix: for 3 vulnerabilities . For more details see: - CVE-2018-4056 coTURN Administrator Web Portal SQL injection vulnerability . Fix: Disable (hardcocded) web admin interface until 4.5.1.0, where it will be fixed more correctly. . - CVE-2018-4058 coTURN TURN server unsafe loopback forwarding default configuration vulnerability . Fix: Disable loopback-peer functionality by default. . - CVE-2018-4059 coTURN server unsafe telnet admin portal default configuration vulnerability . Fix: Disable telnet cli if the cli-password is empty. dansguardian (2.10.1.1-5.1+deb9u1) stretch; urgency=medium . * Non-maintainer upload. * Add 'missingok' to logrotate config. (Closes: #916566) debian-installer (20170615+deb9u6) stretch; urgency=medium . * Bump Linux kernel version from 4.9.0-8 to 4.9.0-9. debian-installer-netboot-images (20170615+deb9u6) stretch; urgency=medium . * Update to 20170615+deb9u6 images, from stretch-proposed-update debian-security-support (2019.02.02~deb9u1) stretch; urgency=medium . * Team upload. * Rebuild for stretch. * Re-add debian/compat and depend on debhelper instead of debhelper-compat. debian-security-support (2019.02.01) unstable; urgency=medium . * Team upload. * mark enigmail as unsupported in jessie diffoscope (78+deb9u1) stretch; urgency=medium . * tests: + Fix ps tests to pass with the new ghostscript 9.26. Closes: #925051 dns-root-data (2019031302~deb9u1) stretch; urgency=medium . * Rebuild for stretch. * d/control: move Vcs-* to salsa.debian.org * d/control: use dns-root-data@packages.debian.org as Maintainer * sort generated .ds files by key tag * Update root.hints to 2018013001 * Update order of root.key to follow output of unbound-anchor * use DEP-14 branches * update root data to 2019031302 * parse-root-anchors.sh: account for validity windows * check: deliberately skip the TTL generated by ldns-key2ds * add myself to uploaders dns-root-data (2018091102) unstable; urgency=medium . * new upstream version of root.hints, 2018091102 * use DEP-14 branches * Standards-Version: 4.2.1 (no changes needed) * add Rules-Requires-Root: no * add baseline autopkgtest dns-root-data (2018013001) unstable; urgency=medium . * new upstream version of root.hints, 2018013001 * use wrap-and-sort -ast * added myself to uploaders * d/control: use dns-root-data@packages.debian.org as Maintainer * Standards-Version: bump to 4.1.3 (no changes needed) * d/control: move Vcs-* to salsa.debian.org * move to debhelper 11 * d/rules: clean up get_orig_source * sort generated .ds files by key tag * d/rules: trim trailing whitespace * d/copyright: Format: use https * d/copyright: add my own copyright to debian/* * d/copyright: name upstream data grant "ICANN-Public" * d/copyright: Source: use https: * update README.source to cover the different origins of the data * Update order of root.key to follow output of unbound-anchor dns-root-data (2017072601) unstable; urgency=medium . * Update root.hints to 2017072601 version dnsruby (1.54-2+deb9u1) stretch; urgency=medium . * Non-maintainer upload. * add new root key (KSK-2017). upstream commit 55edc31a2150e4617edb6664d440e6141f535e6a (Closes: #908887) * ruby 2.3.0 deprecates TimeoutError, use Timeout::Error (Closes: #910754) dovecot (1:2.2.27-3+deb9u4) stretch-security; urgency=high . * [d402493] Fix two buffer overflows when reading oversized FTS headers and/or oversized POP3-UIDL headers (CVE-2019-7524). dovecot (1:2.2.27-3+deb9u3) stretch-security; urgency=high . * [1fb4e06] Fix CVE-2019-3814: TLS client auth username handling dpdk (16.11.9-1+deb9u1) stretch; urgency=medium . * Merge stable update to 16.11.9; For a list of changes see https://mails.dpdk.org/archives/announce/2019-March/000252.html drupal7 (7.52-2+deb9u8) stretch-security; urgency=high . * SA-CORE-2019-006: Fix XSS vulnerability (Closes: #927330) drupal7 (7.52-2+deb9u7) stretch-security; urgency=high . * SA-CORE-2019-004: Fix XSS vulnerability edk2 (0~20161202.7bbe0b3e-1+deb9u1) stretch; urgency=medium . * Security fixes (Closes: #924615): - Fix buffer overflow in BlockIo service (CVE-2018-12180) - DNS: Check received packet size before using (CVE-2018-12178) - Fix stack overflow with corrupted BMP (CVE-2018-12181) firefox-esr (60.6.1esr-1~deb9u1) stretch-security; urgency=medium . * New upstream release. * Fixes for mfsa2019-10, also known as: CVE-2019-9810, CVE-2019-9813. firefox-esr (60.6.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2019-08, also known as: CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9793, CVE-2019-9795, CVE-2019-9796, CVE-2018-18506, CVE-2019-9788. . * debian/rules: Disable debug symbols on mips/mipsel on buster. The rust compiler can't deal with them in the available address space. * debian/browser.mozconfig.in: Adjust to the upstream change wrt Google API key configure options. firefox-esr (60.6.0esr-1~deb9u1) stretch-security; urgency=medium . * New upstream release. * Fixes for mfsa2019-08, also known as: CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9793, CVE-2019-9795, CVE-2019-9796, CVE-2018-18506, CVE-2019-9788. . * debian/rules: Disable debug symbols on mips/mipsel on buster. The rust compiler can't deal with them in the available address space. * debian/browser.mozconfig.in: Adjust to the upstream change wrt Google API key configure options. firefox-esr (60.5.1esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2019-05, also known as: CVE-2018-18356, CVE-2019-5785. . * debian/rules, debian/upstream.mk: Manually set the update channel. Closes: #921381, #921121, #921654. * debian/rules: Disable ion JIT on mips and mipsel. This should fix the FTBFS. firefox-esr (60.5.1esr-1~deb9u1) stretch-security; urgency=medium . * New upstream release. * Fixes for mfsa2019-05, also known as: CVE-2018-18356, CVE-2019-5785. . * debian/rules, debian/upstream.mk: Manually set the update channel. Closes: #921381, #921121, #921654. * debian/rules: Disable ion JIT on mips and mipsel. This should fix the FTBFS. firefox-esr (60.5.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2019-02, also known as: CVE-2018-18500, CVE-2018-18505, CVE-2018-18501. firmware-nonfree (20161130-5) stretch; urgency=medium . [ Emilio Pozuelo Monfort ] * CVE-2018-5383: - atheros: Update BT firmware files for QCA ROME chip. - iwlwifi: Update Intel BT firmware to 20.60.0.2. flatpak (0.8.9-0+deb9u3) stretch; urgency=medium . * d/p/run-Only-compare-the-lowest-32-ioctl-arg-bits-for-TIOCSTI.patch: Reject all ioctls that the kernel will interpret as TIOCSTI, including those where the high 32 bits in a 64-bit word are nonzero. (Closes: #925541, CVE-2019-10063) flatpak (0.8.9-0+deb9u2) stretch-security; urgency=medium . * d/p/Don-t-expose-proc-when-running-apply_extra.patch: Backport patch from upstream v1.2.3: do not let the apply_extra script for a system installation modify the host-side executable via /proc/self/exe, similar to CVE-2019-5736 in runc (Closes: #922059) ghostscript (9.26a~dfsg-0+deb9u2) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Have gs_cet.ps run from gs_init.ps * Undef /odef in gs_init.ps * Restrict superexec and remove it from internals and gs_cet.ps (CVE-2019-3835) (Closes: #925256) * Obliterate "superexec". We don't need it, nor do any known apps (CVE-2019-3835) (Closes: #925256) * Make a transient proc executeonly (in DefineResource) (CVE-2019-3838) (Closes: #925257) * an extra transient proc needs executeonly'ed (CVE-2019-3838) (Closes: #925257) gnome-chemistry-utils (0.14.15-1+deb9u1) stretch; urgency=medium . [ Andreas Beckmann ] * Non-maintainer upload. . [ Adrian Bunk ] * Drop the obsolete gcu-plugin. (Closes: #906855, #890980) gocode (20150303-3+deb9u1) stretch; urgency=medium . * Non-maintainer upload. * gocode-auto-complete-el: Promote auto-complete-el to Pre-Depends. (Closes: #911590) gpac (0.5.2-426-gc5ad4e4+dfsg5-3+deb9u1) stretch; urgency=medium . * CVE-2018-7752 (Closes: #892526) * CVE-2018-13005, CVE-2018-13006 (Closes: #902782) * CVE-2018-20760, CVE-2018-20761, CVE-2018-20762, CVE-2018-20763 (Closes: #921969) icedtea-web (1.6.2-3.1+deb9u1) stretch; urgency=medium . * Stop building the browser plugin, no longer works with Firefox 60 igraph (0.7.1-2.1+deb9u1) stretch; urgency=medium . * Team upload. * Add patch from upstream to fix CVE-2018-20349. (Closes: #917211) ikiwiki (3.20170111.1) stretch-security; urgency=high . * aggregate: Use LWPx::ParanoidAgent if available. Previously blogspam, openid and pinger used this module if available, but aggregate did not. This prevents server-side request forgery or local file disclosure, and mitigates denial of service when slow "tarpit" URLs are accessed. (CVE-2019-9187) * blogspam, openid, pinger: Use a HTTP proxy if configured, even if LWPx::ParanoidAgent is installed. Previously, only aggregate would obey proxy configuration. If a proxy is used, the proxy (not ikiwiki) is responsible for preventing attacks like CVE-2019-9187. * aggregate, blogspam, openid, pinger: Do not access non-http, non-https URLs. Previously, these plugins would have allowed non-HTTP-based requests if LWPx::ParanoidAgent was not installed. Preventing file URIs avoids local file disclosure, and preventing other rarely-used URI schemes like gopher mitigates request forgery attacks. * aggregate, openid, pinger: Document LWPx::ParanoidAgent as strongly recommended. These plugins can request attacker-controlled URLs in some site configurations. * blogspam: Document LWPx::ParanoidAgent as desirable. This plugin doesn't request attacker-controlled URLs, so it's non-critical here. * blogspam, openid, pinger: Consistently use cookiejar if configured. Previously, these plugins would only obey this configuration if LWPx::ParanoidAgent was not installed, but this appears to have been unintended. jabref (3.8.1+ds-3+deb9u1) stretch; urgency=medium . [ gregor herrmann & tony mancill ] * Add patch from upstream commit to fix CVE-2018-1000652: XML External Entity attack. Thanks to Moritz Muehlenhoff for the bug report. (Closes: #921772) java-common (0.58+deb9u1) stretch; urgency=medium . * Remove default-java-plugin as the icedtea-web Xul plugin is going away * Also drop the Recommends: to default-java-plugin in default-jre jquery (3.1.1-2+deb9u1) stretch; urgency=medium . * Team upload * Add patch to prevent Object.prototype pollution (Closes: #927385, CVE-2019-11358) * Disable check-against-upstream-build test (autopkgtest) since file is now patched kauth (5.28.0-2+deb9u1) stretch; urgency=medium . * CVE-2019-7443 (Closes: #921995) ldb (2:1.1.27-1+deb9u1) stretch-security; urgency=high . * Fixes CVE-2019-3824: "Out of bound read in ldb_wildcard_compare" - Add CVE-2019-3824-master-v4-5-02.patch from upstream's bug 13773 - Update path in CVE-2019-3824-master-v4-5-02.patch libapache2-mod-auth-mellon (0.12.0-2+deb9u1) stretch-security; urgency=high . * Upload to stable-security (closes: #925197) - Auth bypass when used with reverse proxy [CVE-2019-3878] - Open redirect vulnerability in logout [CVE-2019-3877] libdate-holidays-de-perl (1.9-1+deb9u3) stretch; urgency=medium . * Mark Mar 8th (from 2019) and May 8th (only 2020) as public holidays (Berlin only). libdatetime-timezone-perl (1:2.09-1+2019a) stretch; urgency=medium . * Update to Olson database version 2019a. This update contains contemporary changes for Palestine and Metlakatla. liblivemedia (2016.11.28-1+deb9u2) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2019-6256: denial of service when processing get and post with identical x-session-cookie within the same tcp session. * CVE-2019-7314: use-after-free during RTSP stream termination. * CVE-2019-9215: malformed headers lead to invalid memory access in the parseAuthorizationHeader function. libreoffice (1:5.2.7-1+deb9u7) stretch; urgency=medium . * debian/patches/mention-java-common-package.diff: update message to reflect current config dir... * debian/patches/disableClassPathURLCheck.diff: revert openjdk is fixed . * debian/control.in: - make -core conflict against openjdk-8-jre-headless (= 8u181-b13-2~deb9u1) (closes: 913641#) and build-conflict against it libreoffice (1:5.2.7-1+deb9u6) stable; urgency=medium . * debian/patches/jp-JP-Reiwa.diff: Introduce next Japanese gengou era 'Reiwa', from libreoffice-6-1 branch libssh2 (1.7.0-1+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Possible integer overflow in transport read allows out-of-bounds write (CVE-2019-3855) (Closes: #924965) * Possible integer overflow in keyboard interactive handling allows out-of-bounds write (CVE-2019-3856) (Closes: #924965) * Possible integer overflow leading to zero-byte allocation and out-of-bounds write (CVE-2019-3857) (Closes: #924965) * Possible zero-byte allocation leading to an out-of-bounds read (CVE-2019-3858) (Closes: #924965) * Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (CVE-2019-3859) (Closes: #924965) * Out-of-bounds reads with specially crafted SFTP packets (CVE-2019-3860) (Closes: #924965) * Out-of-bounds reads with specially crafted SSH packets (CVE-2019-3861) (Closes: #924965) * Out-of-bounds memory comparison (CVE-2019-3862) (Closes: #924965) * Integer overflow in user authenicate keyboard interactive allows out-of-bounds writes (CVE-2019-3863) (Closes: #924965) * Fixed misapplied patch for user auth. * moved MAX size declarations libu2f-host (1.1.2-2+deb9u1) stretch-security; urgency=high . * Backport patch for CVE-2018-20340 (Closes: #921725) linux (4.9.168-1) stretch; urgency=medium . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.162 - Revert "loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()" - Revert "loop: Get rid of loop_index_mutex" - Revert "loop: Fold __loop_release into loop_release" - scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached - [arm64] drm/msm: Unblock writer if reader closes file - [x86] ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field - [x86] ALSA: compress: prevent potential divide by zero bugs - [x86] thermal: int340x_thermal: Fix a NULL vs IS_ERR() check - [arm64,armhf] usb: dwc3: gadget: synchronize_irq dwc irq in suspend - [arm64,armhf] usb: dwc3: gadget: Fix the uninitialized link_state when udc starts - usb: gadget: Potential NULL dereference on allocation error - ASoC: dapm: change snprintf to scnprintf for possible overflow - [armhf] ASoC: imx-audmux: change snprintf to scnprintf for possible overflow - [x86] drivers: thermal: int340x_thermal: Fix sysfs race condition - mac80211: fix miscounting of ttl-dropped frames - locking/rwsem: Fix (possible) missed wakeup - direct-io: allow direct writes to empty inodes - scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state() - net: usb: asix: ax88772_bind return error when hw_reset fail - [ppc64el] ibmveth: Do not process frames after calling napi_reschedule - mac80211: don't initiate TDLS connection if station is not associated to AP - mac80211: Add attribute aligned(2) to struct 'action' - cfg80211: extend range deviation for DMG - [x86] svm: Fix AVIC incomplete IPI emulation - [x86] KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1 - [powerpc*] Always initialize input array when calling epapr_hypercall() - [arm64] mmc: spi: Fix card detection during probe - mm: enforce min addr even if capable() in expand_downwards() (CVE-2019-9213) - [x86] uaccess: Don't leak the AC flag into __put_user() value evaluation https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.163 - USB: serial: option: add Telit ME910 ECM composition - USB: serial: cp210x: add ID for Ingenico 3070 - USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 - cpufreq: Use struct kobj_attribute instead of struct global_attr - ncpfs: fix build warning of strncpy - [x86] staging: comedi: ni_660x: fix missing break in switch statement - ip6mr: Do not call __IP6_INC_STATS() from preemptible context - net-sysfs: Fix mem leak in netdev_register_kobject - sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79 - team: Free BPF filter when unregistering netdev - bnxt_en: Drop oversize TX packets to prevent errors. - [x86] hv_netvsc: Fix IP header checksum for coalesced packets - [armhf] net: dsa: mv88e6xxx: Fix u64 statistics - net: netem: fix skb length BUG_ON in __skb_to_sgvec - net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails - net: sit: fix memory leak in sit_init_net() - xen-netback: don't populate the hash cache on XenBus disconnect - xen-netback: fix occasional leak of grant ref mappings under memory pressure - net: Add __icmp_send helper. - tun: fix blocking read - tun: remove unnecessary memory barrier - net: phy: Micrel KSZ8061: link failure after cable connect - [x86] CPU/AMD: Set the CPB bit unconditionally on F17h - applicom: Fix potential Spectre v1 vulnerabilities - [mips*] irq: Allocate accurate order pages for irq stack - hugetlbfs: fix races and page leaks during migration - exec: Fix mem leak in kernel_read_file (CVE-2019-8980) - media: uvcvideo: Fix 'type' check leading to overflow - vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel - perf core: Fix perf_proc_update_handler() bug - perf tools: Handle TOPOLOGY headers with no CPU - IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM - [amd64] iommu/amd: Call free_iova_fast with pfn in map_sg - [amd64] iommu/amd: Unmap all mapped pages in error path of map_sg - ipvs: Fix signed integer overflow when setsockopt timeout - [amd64] iommu/amd: Fix IOMMU page flush when detach device from a domain - [arm64] net: hns: Fix for missing of_node_put() after of_parse_phandle() - [arm64] net: hns: Fix wrong read accesses via Clause 45 MDIO protocol - [armhf] net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup() - nfs: Fix NULL pointer dereference of dev_name - qed: Fix VF probe failure while FLR - scsi: libfc: free skb when receiving invalid flogi resp - [x86] platform: Fix unmet dependency warning for SAMSUNG_Q10 - cifs: fix computation for MAX_SMB2_HDR_SIZE - [arm64] kprobe: Always blacklist the KVM world-switch code - [x86] kexec: Don't setup EFI info if EFI runtime is not enabled - mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone - mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone - fs/drop_caches.c: avoid softlockups in drop_pagecache_sb() - autofs: drop dentry reference only when it is never used - autofs: fix error return in autofs_fill_super() - vsock/virtio: fix kernel panic after device hot-unplug - vsock/virtio: reset connected sockets on device removal - netfilter: nf_nat: skip nat clash resolution for same-origin entries - [s390x] qeth: fix use-after-free in error path - perf symbols: Filter out hidden symbols from labels - [mips*] Remove function size check in get_frame_info() - fs: ratelimit __find_get_block_slow() failure message. - Input: wacom_serial4 - add support for Wacom ArtPad II tablet - Input: elan_i2c - add id for touchpad found in Lenovo s21e-20 - [x86] iscsi_ibft: Fix missing break in switch statement - scsi: aacraid: Fix missing break in switch statement - futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock() - [armhf] dts: exynos: Fix pinctrl definition for eMMC RTSN line on Odroid X2/U3 - drm: disable uncached DMA optimization for ARM and arm64 - [armhf] dts: exynos: Do not ignore real-world fuse values for thermal zone 0 on Exynos5420 - [x86] perf/x86/intel: Make cpuc allocations consistent - [x86] perf/x86/intel: Generalize dynamic constraint creation - [x86] Add TSX Force Abort CPUID/MSR https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.164 - ACPICA: Reference Counts: increase max to 0x4000 for large servers - KEYS: restrict /proc/keys by credentials at open time - l2tp: fix infoleak in l2tp_ip6_recvmsg() - net: sit: fix UBSAN Undefined behaviour in check_6rd - pptp: dst_release sk_dst_cache in pptp_sock_destruct - route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race - tcp: handle inet_csk_reqsk_queue_add() failures - vxlan: test dev->flags & IFF_UP before calling gro_cells_receive() - net/mlx4_core: Fix reset flow when in command polling mode - net/mlx4_core: Fix locking in SRIOV mode when switching between events and polling - net/mlx4_core: Fix qp mtt size calculation - mdio_bus: Fix use-after-free on device_register fails - net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 - af_unix: missing barriers in some of unix_sock ->addr and ->path accesses - ipvlan: disallow userns cap_net_admin to change global mode/flags - vxlan: Fix GRO cells race condition between receive and link delete - rxrpc: Fix client call queueing, waiting for channel - gro_cells: make sure device is up in gro_cells_receive() - tcp/dccp: remove reqsk_put() from inet_child_forget() - [x86] perf: Fixup typo in stub functions - ALSA: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56 - md: It's wrong to add len to sector_nr in raid10 reshape twice - of: Support const and non-const use for to_of_node() - vhost/vsock: fix vhost vsock cid hashing inconsistent https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.165 - media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused() - 9p: use inode->i_lock to protect i_size_write() under 32-bit - 9p/net: fix memory leak in p9_client_create - [armhf] iio: adc: exynos-adc: Fix NULL pointer exception on unbind - crypto: ahash - fix another early termination in hash walk - [armhf] gpu: ipu-v3: Fix i.MX51 CSI control registers offset - [armhf] gpu: ipu-v3: Fix CSI offsets for imx53 - [s390x] dasd: fix using offset into zero size array error - [armhf] OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized - floppy: check_events callback should not return a negative number - mm/gup: fix gup_pmd_range() for dax - mm: page_alloc: fix ref bias in page_frag_alloc() for 1-byte allocs - [arm64] net: hns: Fix object reference leaks in hns_dsaf_roce_reset() - [armhf] clk: sunxi: A31: Fix wrong AHB gate number - assoc_array: Fix shortcut creation - scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task - [arm64] pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins - qmi_wwan: apply SET_DTR quirk to Sierra WP7607 - [armel] net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe() - [x86] ASoC: topology: free created components in tplg load error - [arm64] Relax GIC version check during early boot - [armhf] net: marvell: mvneta: fix DMA debug warning - tmpfs: fix link accounting when a tmpfile is linked in - mac80211_hwsim: propagate genlmsg_reply return code - [arm64] net: thunderx: make CFG_DONE message to run through generic send-ack sequence - nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K - nfp: bpf: fix ALU32 high bits clearance bug - net: set static variable an initial value in atl2_probe() - tmpfs: fix uninitialized return value in shmem_link - [x86] libnvdimm/label: Clear 'updating' flag after label-set update - [x86] libnvdimm/pmem: Honor force_raw for legacy pmem regions - [amd64] libnvdimm: Fix altmap reservation size calculation - crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails - [arm64] crypto: aes-ccm - fix logical bug in AAD MAC handling - CIFS: Do not reset lease state to NONE on lease break - CIFS: Fix read after write for files with read caching - tracing: Do not free iter->trace in fail path of tracing_open_pipe() - [amd64,arm64,i386] ACPI / device_sysfs: Avoid OF modalias creation for removed device - [armhf] spi: ti-qspi: Fix mmap read when more than one CS in use - [armhf] regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 - [armhf] regulator: s2mpa01: Fix step values for some LDOs - [armhf] clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR - [armhf] clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown - [s390x] virtio: handle find on invalid queue gracefully - scsi: virtio_scsi: don't send sc payload with tmfs - scsi: sd: Optimal I/O size should be a multiple of physical block size - scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock - fs/devpts: always delete dcache dentry-s in dput() - splice: don't merge into linked buffers - btrfs: ensure that a DUP or RAID1 block group has exactly two stripes - crypto: pcbc - remove bogus memcpy()s with src == dest - libertas_tf: don't set URB_ZERO_PACKET on IN USB transfer - [arm64,armhf] cpufreq: tegra124: add missing of_node_put() - ext4: fix crash during online resizing - [armhf] clk: clk-twl6040: Fix imprecise external abort for pdmclk - [x86] nfit: acpi_nfit_ctl(): Check out_obj->type in the right place - mm: hwpoison: fix thp split handing in soft_offline_in_use_page() (CVE-2019-10124) - mm/vmalloc: fix size check for remap_vmalloc_range_partial() - kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv - device property: Fix the length used in PROPERTY_ENTRY_STRING() - [x86] intel_th: Don't reference unassigned outputs - parport_pc: fix find_superio io compare code, should use equal test. - [arm64,armhf] i2c: tegra: fix maximum transfer size - [x86] drm/i915: Relax mmap VMA check - [arm64] serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO - serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart - 8250: FIX Fourth port offset of Pericom PI7C9X7954 boards - serial: 8250_pci: Fix number of ports for ACCES serial cards - serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() - jbd2: clear dirty flag when revoking a buffer from an older transaction - jbd2: fix compile warning when using JBUFFER_TRACE - [powerpc] Clear on-stack exception marker upon exception return - [ppc64el] powernv: Make opal log only readable by root - [ppc64el] Fix 32-bit KVM-PR lockup and host crash with MacOS guest - [ppc64el] ptrace: Simplify vr_get/set() to avoid GCC warning - dm: fix to_sector() for 32bit - NFS: Fix I/O request leakages - NFS: Fix an I/O request leakage in nfs_do_recoalesce - NFS: Don't recoalesce on error in nfs_pageio_complete_mirror() - nfsd: fix memory corruption caused by readdir - nfsd: fix wrong check in write_v4_end_grace() - PM / wakeup: Rework wakeup source timer cancellation - bcache: never writeback a discard operation - [x86] perf intel-pt: Fix CYC timestamp calculation after OVF - perf auxtrace: Define auxtrace record alignment - [x86] perf intel-pt: Fix overlap calculation for padding - [x86] perf intel-pt: Fix divide by zero when TSC is not available - md: Fix failed allocation of md_register_thread - rcu: Do RCU GP kthread self-wakeup from softirq and interrupt - media: uvcvideo: Avoid NULL pointer dereference at the end of streaming - drm/radeon/evergreen_cs: fix missing break in switch statement - [x86] KVM: nVMX: Sign extend displacements of VMX instr's mem operands - [x86] KVM: nVMX: Ignore limit checks on VMX instructions using flat segments - [x86] KVM: Fix residual mmio emulation request to userspace https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.166 - [x86] drm/vmwgfx: Don't double-free the mode stored in par->set_mode - [amd64] iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE - libceph: wait for latest osdmap in ceph_monc_blacklist_add() - udf: Fix crash on IO error during truncate - [mips*] Ensure ELF appended dtb is relocated - [mips*] Fix kernel crash for R6 in jump label branch function - futex: Ensure that futex address is aligned in handle_futex_death() - objtool: Move objtool_file struct off the stack - ext4: fix NULL pointer dereference while journal is aborted - ext4: fix data corruption caused by unaligned direct AIO - ext4: brelse all indirect buffer in ext4_ind_remove_space() - media: v4l2-ctrls.c/uvc: zero v4l2_event - Bluetooth: Fix decrementing reference count twice in releasing socket - ALSA: hda - Record the current power state before suspend/resume calls - ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec - tcp/dccp: drop SYN packets if accept queue is full - vfs: Hang/soft lockup in d_invalidate with simultaneous calls - [arm64] traps: disable irq in die() - lib/int_sqrt: optimize small argument - scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 - rtc: Fix overflow when converting time64_t to rtc_time - [armhf] pwm-backlight: Enable/disable the PWM before/after LCD enable toggle. - ath10k: avoid possible string overflow https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.167 - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (CVE-2019-3460) - Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer (CVE-2019-3459) - cfg80211: size various nl80211 messages correctly - [arm64,armhf] stmmac: copy unicast mac address to MAC registers - dccp: do not use ipv6 header for ipv4 flow - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec - net: rose: fix a possible stack overflow - packets: Always register packet sk in the same order - tcp: do not use ipv6 header for ipv4 flow - vxlan: Don't call gro_cells_destroy() before device is unregistered - sctp: get sctphdr by offset in sctp_compute_cksum - tun: properly test for IFF_UP - tun: add a missing rcu_read_unlock() in error path - btrfs: remove WARN_ON in log_dir_items - btrfs: raid56: properly unmap parity page in finish_parity_scrub() - [powerpc*] bpf: Fix generation of load/store DW instructions - NFSv4.1 don't free interrupted slot on open - ALSA: rawmidi: Fix potential Spectre v1 vulnerability - ALSA: pcm: Fix possible OOB access in PCM oss plugins - ALSA: pcm: Don't suspend stream in unrecoverable PCM state - fs/open.c: allow opening only regular files during execve() - scsi: sd: Fix a race between closing an sd device and sd I/O - scsi: sd: Quiesce warning if device does not report optimal I/O size - [s390x] scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host - [s390x] scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices - [x86] staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest - USB: serial: cp210x: add new device id - USB: serial: ftdi_sio: add additional NovaTech products - USB: serial: mos7720: fix mos_parport refcount imbalance on error path - USB: serial: option: set driver_info for SIM5218 and compatibles - USB: serial: option: add Olicard 600 - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links - usb: common: Consider only available nodes for dr_mode - [x86] perf intel-pt: Fix TSC slip - cpu/hotplug: Prevent crash when CPU bringup fails on CONFIG_HOTPLUG_CPU=n - KVM: Reject device ioctls from processes other than the VM's creator - [x86] KVM: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts - USB: gadget: f_hid: fix deadlock in f_hidg_write() - xhci: Fix port resume done detection for SS ports with LPM enabled - [arm64] support keyctl() system call in 32-bit mode https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.168 - [arm64] debug: Don't propagate UNKNOWN FAR into si_code for debug signals - ext4: cleanup bh release code in ext4_ind_remove_space() - lib/int_sqrt: optimize initial value compute - mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified - i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA - CIFS: fix POSIX lock leak and invalid ptr deref - tracing: kdb: Fix ftdump to not sleep - [armhf] gpio: gpio-omap: fix level interrupt idling - include/linux/relay.h: fix percpu annotation in struct rchan - sysctl: handle overflow for file-max - [arm64] scsi: hisi_sas: Set PHY linkrate when disconnected - [armhf,ppc64el] mm/cma.c: cma_declare_contiguous: correct err handling - mm/page_ext.c: fix an imbalance with kmemleak - mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512! - mm/slab.c: kmemleak no scan alien caches - ocfs2: fix a panic problem caused by o2cb_ctl - fs/file.c: initialize init_files.resize_wait - cifs: use correct format characters - dm thin: add sanity checks to thin-pool and external snapshot creation - cifs: Fix NULL pointer dereference of devname - jbd2: fix invalid descriptor block checksum - fs: fix guard_bio_eod to check for real EOD errors - wil6210: check null pointer in _wil_cfg80211_merge_extra_ies - [arm64,armhf] usb: chipidea: Grab the (legacy) USB PHY by phandle first - scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c - [armel,armhf] 8840/1: use a raw_spinlock_t in unwind - [armhf] mmc: omap: fix the maximum timeout setting - e1000e: Fix -Wformat-truncation warnings - IB/mlx4: Increase the timeout for CM cache - scsi: megaraid_sas: return error when create DMA pool failed - [armhf] SoC: imx-sgtl5000: add missing put_device() - vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset == -1 - [amd64] HID: intel-ish-hid: avoid binding wrong ishtp_cl_device - [armhf] leds: lp55xx: fix null deref on firmware load failure - iwlwifi: pcie: fix emergency path - [x86] ACPI / video: Refactor and fix dmi_is_desktop() - kprobes: Prohibit probing on bsearch() - ALSA: PCM: check if ops are defined before suspending PCM - usb: f_fs: Avoid crash due to out-of-scope stack ptr access - bcache: fix input overflow to cache set sysfs file io_error_halflife - bcache: fix input overflow to sequential_cutoff - bcache: improve sysfs_strtoul_clamp() - genirq: Avoid summation loops for /proc/stat - iw_cxgb4: fix srqidx leak during connection abort - fbdev: fbmem: fix memory access if logo is bigger than the screen - cdrom: Fix race condition in cdrom_sysctl_register - e1000e: fix cyclic resets at link up with active tx - efi/memattr: Don't bail on zero VA if it equals the region's PA - [arm64] soc: qcom: gsbi: Fix error handling in gsbi_probe() - [armhf] avoid Cortex-A9 livelock on tight dmb loops - tty: increase the default flip buffer limit to 2*640K - [ppc64el] powerpc/pseries: Perform full re-add of CPU for topology update post-migration - hwrng: virtio - Avoid repeated init of completion - [arm64,armhf] soc/tegra: fuse: Fix illegal free of IO base address - [amd64] HID: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit - [x86] hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable - [armhf] dmaengine: imx-dma: fix warning comparison of distinct pointer types - [arm64] dmaengine: qcom_hidma: assign channel cookie correctly - netfilter: physdev: relax br_netfilter dependency - [armhf] regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting - drm/nouveau: Stop using drm_crtc_force_disable - selinux: do not override context on context mounts - [arm64,armhf] wlcore: Fix memory leak in case wl12xx_fetch_firmware failure - [arm64,armhf] dmaengine: tegra: avoid overflow of byte tracking - drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers - [x86] ACPI / video: Extend chassis-type detection with a "Lunch Box" check . [ Ben Hutchings ] * debian/bin/abiupdate.py: Change default URLs to use https: scheme. * Resolve kernel ABI changes: - Revert "genirq: Avoid summation loops for /proc/stat" - tracing: ring_buffer: Avoid ABI change in 4.9.168 - net: icmp: Avoid ABI change in 4.9.163 - Revert "phonet: fix building with clang" - netfilter: Ignore removal of br_netfilter_enable() . [ Salvatore Bonaccorso ] * Refresh mm-mmap.c-expand_downwards-don-t-require-the-gap-if-.patch for context changes in 4.9.162 * [rt] Refresh 0008-futex-rt_mutex-Provide-futex-specific-rt_mutex-API.patch for context changes in 4.9.163 * [rt] Drop 0014-futex-rt_mutex-Restructure-rt_mutex_finish_proxy_loc.patch applied upstream in 4.9.163 * [rt] Refresh 0171-arm-include-definition-for-cpumask_t.patch for context changes in 4.9.165 * [rt] Drop 0256-arm-unwind-use-a-raw_spin_lock.patch linux (4.9.161-1) stretch; urgency=medium . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.145 - [armhf] media: omap3isp: Unregister media device as first - [amd64] iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() - brcmutil: really fix decoding channel info for 160 MHz bandwidth - HID: input: Ignore battery reported by Symbol DS4308 - batman-adv: Expand merged fragment buffer for full packet - bnx2x: Assign unique DMAE channel number for FW DMAE transactions. - qed: Fix PTT leak in qed_drain() - qed: Fix reading wrong value in loop condition - net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command - net/mlx4_core: Fix uninitialized variable compilation warning - net/mlx4: Fix UBSAN warning of signed integer overflow - [amd64] iommu/vt-d: Use memunmap to free memremap - team: no need to do team_notify_peers or team_mcast_rejoin when disabling port - mm: don't warn about allocations which stall for too long - usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device - usb: appledisplay: Add 27" Apple Cinema Display - USB: check usb_get_extra_descriptor for proper size (CVE-2018-20169) - ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c (CVE-2018-19824) - [x86] ALSA: hda: Add support for AMD Stoney Ridge - ALSA: pcm: Fix starvation on down_write_nonblock() - ALSA: pcm: Call snd_pcm_unlink() conditionally at closing - ALSA: pcm: Fix interval evaluation with openmin/max - [x86] ALSA: hda/realtek - Fix speaker output regression on Thinkpad T570 - [s390x] virtio: avoid race on vcdev->config - [s390x] virtio: fix race in ccw_io_helper() - SUNRPC: Fix leak of krb5p encode pages - [armhf] dmaengine: cppi41: delete channel from pending list when stop channel - xhci: Prevent U1/U2 link pm states if exit latency is too long - swiotlb: clean up reporting - vsock: lookup and setup guest_cid inside vhost_vsock_lock - vhost/vsock: fix use-after-free in network stack callers (CVE-2018-14625) - cifs: Fix separator when building path from dentry - staging: rtl8712: Fix possible buffer overrun - tty: do not set TTY_IO_ERROR flag if console port - mac80211_hwsim: Timer should be initialized before device registered - mac80211: Clear beacon_int in ieee80211_do_stop - mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext - mac80211: fix reordering of buffered broadcast packets - mac80211: ignore NullFunc frames in the duplicate detection https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.146 - ipv6: Check available headroom in ip6_xmit() even without options - net: 8139cp: fix a BUG triggered by changing mtu with network traffic - net/mlx4_core: Correctly set PFC param if global pause is turned off. - net: phy: don't allow __set_phy_supported to add unsupported modes - net: Prevent invalid access to skb->prev in __qdisc_drop_all - rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices - tcp: fix NULL ref in tail loss probe - tun: forbid iface creation with rtnl ops - neighbour: Avoid writing before skb->head in neigh_hh_output() - [armhf] OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup - sysv: return 'err' instead of 0 in __sysv_write_inode - [s390x] cpum_cf: Reject request for sampling in event initialization - [armhf] ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing - ASoC: dapm: Recalculate audio map forcely when card instantiated - hwmon: (w83795) temp4_type has writable permission - objtool: Fix double-free in .cold detection error path - objtool: Fix segfault in .cold detection with -ffunction-sections - Btrfs: send, fix infinite loop due to directory rename dependencies - RDMA/mlx5: Fix fence type for IB_WR_LOCAL_INV WR - [armhf] ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE - [armhf] ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE - exportfs: do not read dentry after free - bpf: fix check of allowed specifiers in bpf_trace_printk - ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf - [arm64] net: thunderx: fix NULL pointer dereference in nic_remove - cachefiles: Fix page leak in cachefiles_read_backing_file while vmscan is active - igb: fix uninitialized variables - ixgbe: recognize 1000BaseLX SFP modules as 1Gbps - [arm64] net: hisilicon: remove unexpected free_netdev - drm/ast: fixed reading monitor EDID not stable issue - fscache: fix race between enablement and dropping of object - ocfs2: fix deadlock caused by ocfs2_defrag_extent() - hfs: do not free node before using - hfsplus: do not free node before using - ocfs2: fix potential use after free - pstore: Convert console write to use ->write_buf - staging: speakup: Replace strncpy with memcpy https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.147 - signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack (Closes: #904385) - timer/debug: Change /proc/timer_list from 0444 to 0400 - [armhf] pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11 - aio: fix spectre gadget in lookup_ioctx - [armhf] MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 - [arm*] ARM: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt - tracing: Fix memory leak in set_trigger_filter() - tracing: Fix memory leak of instance function hash filters - [powerpc*] msi: Fix NULL pointer access in teardown code - Revert "drm/rockchip: Allow driver to be shutdown on reboot/kexec" - [x86] drm/i915/execlists: Apply a full mb before execution for Braswell - mac80211: don't WARN on bad WMM parameters from buggy APs - mac80211: Fix condition validating WMM IE - [amd64] IB/hfi1: Remove race conditions in user_sdma send path - [x86] locking: Remove smp_read_barrier_depends() from queued_spin_lock_slowpath() - [x86] locking/qspinlock: Ensure node is initialised before updating prev->next - [x86] locking/qspinlock: Bound spinning on pending->locked transition in slowpath - [x86] locking/qspinlock: Merge 'struct __qspinlock' into 'struct qspinlock' - [x86] locking/qspinlock: Remove unbounded cmpxchg() loop from locking slowpath - [x86] locking/qspinlock: Remove duplicate clear_pending() function from PV code - [x86] locking/qspinlock: Kill cmpxchg() loop when claiming lock from head of queue - [x86] locking/qspinlock: Re-order code - [x86] locking/qspinlock/x86: Increase _Q_PENDING_LOOPS upper bound - [x86] locking/qspinlock, x86: Provide liveness guarantee - [x86] locking/qspinlock: Fix build for anonymous union in older GCC compilers - mac80211_hwsim: fix module init error paths for netlink - scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset - [x86] scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq during unload - [x86] earlyprintk/efi: Fix infinite loop on some screen widths - [arm64] drm/msm: Grab a vblank reference when waiting for commit_done - bonding: fix 802.3ad state sent to partner when unbinding slave - nfs: don't dirty kernel pages read by direct-io - SUNRPC: Fix a potential race in xprt_connect() - [arm64] clk: mvebu: Off by one bugs in cp110_of_clk_get() - [armhf] Input: omap-keypad - fix keyboard debounce configuration - libata: whitelist all SAMSUNG MZ7KM* solid-state disks - [armhf] mv88e6060: disable hardware level MAC learning - net/mlx4_en: Fix build break when CONFIG_INET is off - bpf: check pending signals while verifying programs - [arm*] 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling - [arm*] 8815/1: V7M: align v7m_dma_inv_range() with v7 counterpart - drm/ast: Fix connector leak during driver unload - cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) - vhost/vsock: fix reset orphans race with close timeout - [x86] i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node - nvmet-rdma: fix response use after free - [armhf] rtc: snvs: add a missing write sync - [armhf] rtc: snvs: Add timeouts to avoid kernel lockups https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.148 - block: break discard submissions into the user defined size - block: fix infinite loop if the device loses discard capability - ib_srpt: Fix a use-after-free in __srpt_close_all_ch() - USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data (CVE-2018-19985) - xhci: Don't prevent USB2 bus suspend in state check intended for USB3 only - USB: serial: option: add GosunCn ZTE WeLink ME3630 - USB: serial: option: add HP lt4132 - USB: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) - USB: serial: option: add Fibocom NL668 series - USB: serial: option: add Telit LN940 series - mmc: core: Reset HPI enabled state during re-init and in case of errors - mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support - mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl - [armhf] mmc: omap_hsmmc: fix DMA API warning - [x86] Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels - [x86] mtrr: Don't copy uninitialized gentry fields back to userspace - [x86] fpu: Disable bottom halves while loading FPU registers - ubifs: Handle re-linking of inodes correctly while recovery - panic: avoid deadlocks in re-entrant console drivers - proc/sysctl: don't return ENOMEM on lookup when a table is unregistering - drm/ioctl: Fix Spectre v1 vulnerabilities https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.149 - ip6mr: Fix potential Spectre v1 vulnerability - ipv4: Fix potential Spectre v1 vulnerability - ax25: fix a use-after-free in ax25_fillin_cb() - [ppc64el] ibmveth: fix DMA unmap error in ibmveth_xmit_start error path - ieee802154: lowpan_header_create check must check daddr - ipv6: explicitly initialize udp6_addr in udp_sock_create6() - ipv6: tunnels: fix two use-after-free - isdn: fix kernel-infoleak in capi_unlocked_ioctl - net: ipv4: do not handle duplicate fragments as overlapping - net: phy: Fix the issue that netif always links up after resuming - netrom: fix locking in nr_find_socket() - packet: validate address length - packet: validate address length if non-zero - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event - tipc: fix a double kfree_skb() - vhost: make sure used idx is seen before log in vhost_add_used_n() - [x86] VSOCK: Send reset control packet when socket is partially bound - xen/netfront: tolerate frags with no data - tipc: use lock_sock() in tipc_sk_reinit() - tipc: compare remote and local protocols in tipc_udp_enable() - gro_cell: add napi_disable in gro_cells_destroy - net/mlx5e: Remove the false indication of software timestamping support - net/mlx5: Typo fix in del_sw_hw_rule - sock: Make sock->sk_stamp thread-safe - ptr_ring: wrap back ->producer in __ptr_ring_swap_queue() - ALSA: rme9652: Fix potential Spectre v1 vulnerability - ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities - ALSA: pcm: Fix potential Spectre v1 vulnerability - ALSA: emux: Fix potential Spectre v1 vulnerabilities - ALSA: hda: add mute LED support for HP EliteBook 840 G4 - [arm64,armhf] ALSA: hda/tegra: clear pending irq handlers - USB: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays - USB: serial: option: add Fibocom NL678 series - qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID - Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G - [x86] KVM: Use jmp to invoke kvm_spurious_fault() from .fixup - platform-msi: Free descriptors in platform_msi_domain_free() - perf pmu: Suppress potential format-truncation warning - ext4: fix possible use after free in ext4_quota_enable - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() - ext4: fix EXT4_IOC_GROUP_ADD ioctl - ext4: include terminating u32 in size of xattr entries when expanding inodes - ext4: force inode writes when nfsd calls commit_metadata() - [arm64,armhf] spi: bcm2835: Fix race on DMA termination - [arm64,armhf] spi: bcm2835: Fix book-keeping of DMA termination - [arm64,armhf] spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode - [armhf] clk: rockchip: fix typo in rk3188 spdif_frac parent - cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader. - f2fs: fix validation of the block count in sanity_check_raw_super - media: vivid: free bitmap_cap when updating std/timings/etc. - media: v4l2-tpg: array index could become negative - [mips*] Ensure pmd_present() returns false after pmd_mknotpresent() - [mips*] OCTEON: mark RGMII interface disabled on OCTEON III - CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem - [x86] kvm/vmx: do not use vm-exit instruction length for fast MMIO when running nested - [arm64] KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1 - [armhf] rtc: m41t80: Correct alarm month range with RTC reads - [x86] tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x - [arm64,armhf] spi: bcm2835: Unbreak the build of esoteric configs https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.150 - [arm64] pinctrl: meson: fix pull enable register calculation - Input: restore EV_ABS ABS_RESERVED - xfrm: Fix bucket count reported to userspace - netfilter: seqadj: re-load tcp header pointer after possible head reallocation - scsi: bnx2fc: Fix NULL dereference in error handling - [armhf] Input: omap-keypad - fix idle configuration to not block SoC idle states - netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel - bnx2x: Clear fip MAC when fcoe offload support is disabled - bnx2x: Remove configured vlans as part of unload sequence. - bnx2x: Send update-svid ramrod with retry/poll flags enabled - scsi: target: iscsi: cxgbit: fix csk leak - scsi: target: iscsi: cxgbit: add missing spin_lock_init() - [arm64] net: hns: Incorrect offset address used for some registers. - [arm64] net: hns: All ports can not work when insmod hns ko after rmmod. - [arm64] net: hns: Some registers use wrong address according to the datasheet. - [arm64] net: hns: Fixed bug that netdev was opened twice - [arm64] net: hns: Clean rx fbd when ae stopped. - [arm64] net: hns: Free irq when exit from abnormal branch - [arm64] net: hns: Avoid net reset caused by pause frames storm - [arm64] net: hns: Fix ntuple-filters status error. - net: hns: Add mac pcs config when enable|disable mac - SUNRPC: Fix a race with XPRT_CONNECTING - lan78xx: Resolve issue with changing MAC address - vxge: ensure data0 is initialized in when fetching firmware version information - net: netxen: fix a missing check and an uninitialized use - [s390x] scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown - libceph: fix CEPH_FEATURE_CEPHX_V2 check in calc_signature() - fork: record start_time late - hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined - mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL - mm, devm_memremap_pages: kill mapping "System RAM" support - sunrpc: fix cache_head leak due to queued request - sunrpc: use SVC_NET() in svcauth_gss_* functions - [mips*] math-emu: Write-protect delay slot emulation pages - [amd64] crypto: x86/chacha20 - avoid sleeping with preemption disabled - vhost/vsock: fix uninitialized vhost_vsock->guest_cid - [amd64] IB/hfi1: Incorrect sizing of sge for PIO will OOPs - ALSA: cs46xx: Potential NULL dereference in probe - ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit() - ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks - dlm: fixed memory leaks after failed ls_remove_names allocation - dlm: possible memory leak on error path in create_lkb() - dlm: lost put_lkb on error path in receive_convert() and receive_unlock() - dlm: memory leaks on error path in dlm_user_request() - gfs2: Get rid of potential double-freeing in gfs2_create_inode - gfs2: Fix loop in gfs2_rbm_find - b43: Fix error in cordic routine - [powerpc*] tm: Set MSR[TS] just prior to recheckpoint - 9p/net: put a lower bound on msize - rxe: fix error completion wr_id and qp_num - [amd64] iommu/vt-d: Handle domain agaw being less than iommu agaw - ceph: don't update importing cap's mseq when handing cap export - [ppc64el] genwqe: Fix size check - [x86] intel_th: msu: Fix an off-by-one in attribute store - [i386] power: supply: olpc_battery: correct the temperature units - [arm64,armhf] drm/vc4: Set ->is_yuv to false when num_planes == 1 - bnx2x: Fix NULL pointer dereference in bnx2x_del_all_vlans() on some hw https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.151 - ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 - CIFS: Do not hide EINTR after sending network packets - cifs: Fix potential OOB access of lock element array - usb: cdc-acm: send ZLP for Telit 3G Intel based modems - USB: storage: don't insert sane sense for SPC3+ when bad sense specified - USB: storage: add quirk for SMI SM3350 - USB: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB - slab: alien caches must not be initialized if the allocation of the alien cache failed - mm: page_mapped: don't assume compound page is huge or THP - ACPI: power: Skip duplicate power resource references in _PRx - i2c: dev: prevent adapter retries and timeout being set as minus value - rbd: don't return 0 on unmap if RBD_DEV_FLAG_REMOVING is set - ext4: make sure enough credits are reserved for dioread_nolock writes - ext4: fix a potential fiemap/page fault deadlock w/ inline_data - ext4: avoid kernel warning when writing the superblock to a dead device - sunrpc: use-after-free in svc_process_common() (CVE-2018-16884) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.152 - tty/ldsem: Wake up readers after timed out down_write() - tty: Hold tty_ldisc_lock() during tty_reopen() - tty: Simplify tty->count math in tty_reopen() - tty: Don't hold ldisc lock in tty_reopen() if ldisc present - can: gw: ensure DLC boundaries after CAN frame modification (CVE-2019-3701) - Revert "f2fs: do not recover from previous remained wrong dnodes" - media: em28xx: Fix misplaced reset of dev->v4l::field_count - proc: Remove empty line in /proc/self/status - [arm64] kvm: consistently handle host HCR_EL2 flags - [arm64] Don't trap host pointer auth use to EL2 - ipv6: fix kernel-infoleak in ipv6_local_error() - net: bridge: fix a bug on using a neighbour cache entry without checking its state - packet: Do not leak dev refcounts on error exit - bonding: update nest level on unlink - ip: on queued skb use skb_header_pointer instead of pskb_may_pull - crypto: authencesn - Avoid twice completion call in decrypt path - crypto: authenc - fix parsing key with misaligned rta_len - btrfs: wait on ordered extents on abort cleanup - Yama: Check for pid death before checking ancestry - scsi: core: Synchronize request queue PM status only on successful resume - scsi: sd: Fix cache_type_store() - [arm64] kaslr: ensure randomized quantities are clean to the PoC - [mips*] Disable MSI also when pcie-octeon.pcie_disable on - media: vivid: fix error handling of kthread_run - media: vivid: set min width/height to a value > 0 - LSM: Check for NULL cred-security on free - media: vb2: vb2_mmap: move lock up - sunrpc: handle ENOMEM in rpcb_getport_async - netfilter: ebtables: account ebt_table_info to kmemcg - selinux: fix GPF on invalid policy - blockdev: Fix livelocks on loop device - sctp: allocate sctp_sockaddr_entry with kzalloc - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats - tipc: fix uninit-value in tipc_nl_compat_bearer_enable - tipc: fix uninit-value in tipc_nl_compat_link_set - tipc: fix uninit-value in tipc_nl_compat_name_table_dump - tipc: fix uninit-value in tipc_nl_compat_doit - block/loop: Use global lock for ioctl() operation. - loop: Fold __loop_release into loop_release - loop: Get rid of loop_index_mutex - loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl() - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock - mm, memcg: fix reclaim deadlock with writeback - media: vb2: be sure to unlock mutex on errors - nbd: set the logical and physical blocksize properly - nbd: Use set_blocksize() to set device blocksize https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.153 - r8169: Add support for new Realtek Ethernet - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses - [x86] platform: asus-wmi: Tell the EC the OS will handle the display off hotkey - e1000e: allow non-monotonic SYSTIM readings - writeback: don't decrement wb->refcnt if !wb->bdi - [arm64,armhf] serial: set suppress_bind_attrs flag only if builtin - ALSA: oxfw: add support for APOGEE duet FireWire - [arm64] perf: set suppress_bind_attrs flag to true - selinux: always allow mounting submounts - rxe: IB_WR_REG_MR does not capture MR's iova field - jffs2: Fix use of uninitialized delayed_work, lockdep breakage - pstore/ram: Do not treat empty buffers as valid - [ppc64el] powerpc/xmon: Fix invocation inside lock region - [powerpc*] powerpc/pseries/cpuidle: Fix preempt warning - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info - net: call sk_dst_reset when set SO_DONTROUTE - scsi: target: use consistent left-aligned ASCII INQUIRY data - [armhf] clk: imx6q: reset exclusive gates on init - tty/serial: do not free trasnmit buffer page under port lock - [x86] perf intel-pt: Fix error with config term "pt=0" - perf svghelper: Fix unchecked usage of strncpy() - perf parse-events: Fix unchecked usage of strncpy() - dm kcopyd: Fix bug causing workqueue stalls - dm snapshot: Fix excessive memory usage and workqueue stalls - ALSA: bebob: fix model-id of unit for Apogee Ensemble - sysfs: Disable lockdep for driver bind/unbind files - scsi: smartpqi: correct lun reset issues - scsi: megaraid: fix out-of-bound array accesses - ocfs2: fix panic due to unrecovered local alloc - mm/page-writeback.c: don't break integrity writeback on ->writepage() error - mm, proc: be more verbose about unstable VMA flags in /proc//smaps - [arm64] ipmi:ssif: Fix handling of multi-part return messages - locking/qspinlock: Pull in asm/byteorder.h to ensure correct endianness https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.154 - net: bridge: Fix ethernet header pointer before check skb forwardable - net: Fix usage of pskb_trim_rcsum - openvswitch: Avoid OOB read when parsing flow nlattrs - vhost: log dirty page correctly - net: ipv4: Fix memory leak in network namespace dismantle - net_sched: refetch skb protocol for each filter - ipfrag: really prevent allocation on netns exit - USB: serial: simple: add Motorola Tetra TPG2200 device id - USB: serial: pl2303: add new PID to support PL2303TB - [x86] ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages - [s390x] early: improve machine detection - [s390x] smp: fix CPU hotplug deadlock with CPU rescan - [x86] char/mwave: fix potential Spectre v1 vulnerability - staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 - tty: Handle problem if line discipline does not have receive_buf - uart: Fix crash in uart_write and uart_put_char - [x86] tty/n_hdlc: fix __might_sleep warning - CIFS: Fix possible hang during async MTU reads and writes - Input: xpad - add support for SteelSeries Stratus Duo - compiler.h: enable builtin overflow checkers and add fallback code - Input: uinput - fix undefined behavior in uinput_validate_absinfo() - [x86] acpi/nfit: Block function zero DSMs - [x86] acpi/nfit: Fix command-supported detection - dm thin: fix passdown_double_checking_shared_status() - [x86] KVM: Fix single-step debugging - [x86] kaslr: Fix incorrect i8254 outb() parameters - can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it - can: bcm: check timer values before ktime conversion - vt: invoke notifier on screen size change - perf unwind: Unwind with libdw doesn't take symfs into account - perf unwind: Take pgoff into account when reporting elf to libdwfl - [arm64] irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size - [s390x] smp: Fix calling smp_call_ipl_cpu() from ipl CPU - nvmet-rdma: Add unlikely for response allocated check - nvmet-rdma: fix null dereference under heavy load - f2fs: read page index before freeing - btrfs: fix error handling in btrfs_dev_replace_start - btrfs: dev-replace: go back to suspended state if target device is missing https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.155 - Fix "net: ipv4: do not handle duplicate fragments as overlapping" - fs: add the fsnotify call to vfs_iter_write - ipv6: Consider sk_bound_dev_if when binding a socket to an address (Closes: #918103) - l2tp: copy 4 more bytes to linear part if necessary - net/mlx4_core: Add masking for a few queries on HCA caps - netrom: switch to sock timer API - net/rose: fix NULL ax25_cb kernel panic - net/mlx5e: Allow MAC invalidation while spoofchk is ON - l2tp: remove l2specific_len dependency in l2tp_core - l2tp: fix reading optional fields of L2TPv3 - ipvlan, l3mdev: fix broken l3s mode wrt local routes - CIFS: Do not count -ENODATA as failure for query directory - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() - [arm64] kaslr: ensure randomized quantities are clean also when kaslr is off - [arm64] hyp-stub: Forbid kprobing of the hyp-stub - [arm64] hibernate: Clean the __hyp_text to PoC after resume - gfs2: Revert "Fix loop in gfs2_rbm_find" - [x86] platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK - [x86] platform/x86: asus-nb-wmi: Drop mapping of 0x33 and 0x34 scan codes - [arm64,armhf] mmc: sdhci-iproc: handle mmc_of_parse() errors during probe - kernel/exit.c: release ptraced tasks before zap_pid_ns_processes - mm, oom: fix use-after-free in oom_kill_process - mm: hwpoison: use do_send_sig_info() instead of force_sig() - mm: migrate: don't rely on __PageMovable() of newpage after unlocking it - cifs: Always resolve hostname before reconnecting - drivers: core: Remove glue dirs from sysfs earlier - fs: don't scan the inode cache before SB_BORN is set - fanotify: fix handling of events on child sub-directory https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.156 - drm/bufs: Fix Spectre v1 vulnerability - [x86] ASoC: Intel: mrfld: fix uninitialized variable access - [armhf] gpu: ipu-v3: image-convert: Prevent race between run and unprepare - scsi: lpfc: Correct LCB RJT handling - [armhf] 8808/1: kexec:offline panic_smp_self_stop CPU - dlm: Don't swamp the CPU with callbacks queued during recovery - [x86] PCI: Fix Broadcom CNB20LE unintended sign extension (redux) - [ppc64el] powerpc/pseries: add of_node_put() in dlpar_detach_node() - [arm64,armhf] drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl - [arm64,armhf] soc/tegra: Don't leak device tree node reference - [x86] iio: accel: kxcjk1013: Add KIOX010A ACPI Hardware-ID - media: adv*/tc358743/ths8200: fill in min width/height/pixelclock - f2fs: move dir data flush to write checkpoint process - f2fs: fix wrong return value of f2fs_acl_create - nfsd4: fix crash on writing v4_end_grace before nfsd startup - Thermal: do not clear passive state during system sleep - firmware/efi: Add NULL pointer checks in efivars API functions - [arm64] ftrace: don't adjust the LR value - [x86] fpu: Add might_fault() to user_insn() - smack: fix access permissions for keyring - usb: hub: delay hub autosuspend if USB3 port is still link training - timekeeping: Use proper seqcount initializer - [armhf] clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module clocks - [amd64] iommu/amd: Fix amd_iommu=force_isolation - [armhf] dts: Fix OMAP4430 SDP Ethernet startup - [mips*] bpf: fix encoding bug for mm_srlv32_op - [arm64,armhf] iommu/arm-smmu: Add support for qcom,smmu-v2 variant - [arm64] iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer - udf: Fix BUG on corrupted inode - memstick: Prevent memstick host from getting runtime suspended during card detection - [armhf] tty: serial: samsung: Properly set flags in autoCTS mode - perf header: Fix unchecked usage of strncpy() - perf probe: Fix unchecked usage of strncpy() - [arm64] KVM: Skip MMIO insn after emulation - mac80211: fix radiotap vendor presence bitmap handling - xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi - Bluetooth: Fix unnecessary error message for HCI request completion - scsi: smartpqi: correct host serial num for ssa - scsi: smartpqi: correct volume status - drbd: narrow rcu_read_lock in drbd_sync_handshake - drbd: disconnect, if the wrong UUIDs are attached on a connected peer - drbd: skip spurious timeout (ping-timeo) when failing promote - fbdev: fbmem: behave better with small rotated displays and many CPUs - i40e: define proper net_device::neigh_priv_len - igb: Fix an issue that PME is not enabled during runtime suspend - fbdev: fbcon: Fix unregister crash when more than one framebuffer - [arm64] pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins - [arm64] pinctrl: meson: meson8b: fix the GPIO function for the GPIOAO pins - [x86] KVM: svm: report MSR_IA32_MCG_EXT_CTL as unsupported - NFS: nfs_compare_mount_options always compare auth flavors. - hwmon: (lm80) fix a missing check of the status of SMBus read - hwmon: (lm80) fix a missing check of bus read in lm80 probe - seq_buf: Make seq_buf_puts() null-terminate the buffer - cifs: check ntwrk_buf_start for NULL before dereferencing it - um: Avoid marking pages with "changed protection" - niu: fix missing checks of niu_pci_eeprom_read - f2fs: fix sbi->extent_list corruption issue - ocfs2: don't clear bh uptodate for block read - HID: lenovo: Add checks to fix of_led_classdev_register - kernel/hung_task.c: break RCU locks based on jiffies - proc/sysctl: fix return error for proc_doulongvec_minmax() - fs/epoll: drop ovflist branch prediction - exec: load_script: don't blindly truncate shebang string - dccp: fool proof ccid_hc_[rt]x_parse_options() - rxrpc: bad unlock balance in rxrpc_recvmsg - skge: potential memory corruption in skge_get_regs() - rds: fix refcount bug in rds_sock_addref - net/mlx5e: Force CHECKSUM_UNNECESSARY for short ethernet frames - [armhf] net: dsa: slave: Don't propagate flag changes on down slave interfaces - enic: fix checksum validation for IPv6 - ALSA: compress: Fix stop handling on compressed capture streams - ALSA: hda - Serialize codec registrations - fuse: call pipe_buf_release() under pipe lock - fuse: decrement NR_WRITEBACK_TEMP on the right page - fuse: handle zero sized retrieve correctly - [arm64,armhf] dmaengine: bcm2835: Fix interrupt race on RT - [arm64,armhf] dmaengine: bcm2835: Fix abort of transactions - [armhf] dmaengine: imx-dma: fix wrong callback invoke - [armhf] usb: phy: am335x: fix race condition in _probe - [armhf] usb: gadget: musb: fix short isoc packets with inventra dma - scsi: aic94xx: fix module loading - [x86] KVM: work around leak of uninitialized stack contents (CVE-2019-7222) - kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974) - [x86] KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221) - [x86] perf/x86/intel/uncore: Add Node ID mask - [x86] MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() - perf/core: Don't WARN() for impossible ring-buffer sizes - perf tests evsel-tp-sched: Fix bitwise operator - serial: fix race between flush_to_ldisc and tty_open - oom, oom_reaper: do not enqueue same task twice - [amd64] PCI: vmd: Free up IRQs on suspend path - [amd64] IB/hfi1: Add limit test for RC/UC send via loopback - [x86] perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.157 - [armhf] mtd: rawnand: gpmi: fix MX28 bus master lockup problem - signal: Always notice exiting tasks - signal: Better detection of synchronous signals - [arm64,armhf] misc: vexpress: Off by one in vexpress_syscfg_exec() - debugfs: fix debugfs_rename parameter checking - [mips*] cm: reprime error cause - [mips*] OCTEON: don't set octeon_dma_bar_type if PCI is disabled - mac80211: ensure that mgmt tx skbs have tailroom for encryption - drm/modes: Prevent division by zero htotal - [x86] drm/vmwgfx: Fix setting of dma masks - [x86] drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user - nfsd4: fix cached replies to solo SEQUENCE compounds - nfsd4: catch some false session retries - HID: debug: fix the ring buffer implementation (CVE-2019-3819) - Revert "cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs)" - libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() - xfrm: refine validation of template and selector families - batman-adv: Avoid WARN on net_device without parent in netns - batman-adv: Force mac header to start of data on xmit https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.158 - Revert "exec: load_script: don't blindly truncate shebang string" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.159 - dt-bindings: eeprom: at24: add "atmel,24c2048" compatible string - eeprom: at24: add support for 24c2048 - uapi/if_ether.h: prevent redefinition of struct ethhdr - [armel,armhf] 8789/1: signal: copy registers using __copy_to_user() - [armel,armhf] 8791/1: vfp: use __copy_to_user() when saving VFP state - [armel,armhf] 8793/1: signal: replace __put_user_error with __put_user - [armel,armhf] 8794/1: uaccess: Prevent speculative use of the current addr_limit - [armel,armhf] 8795/1: spectre-v1.1: use put_user() for __put_user() - [armel,armhf] 8796/1: spectre-v1,v1.1: provide helpers for address sanitization - [armel,armhf] 8797/1: spectre-v1.1: harden __copy_to_user - [armel,armhf] 8810/1: vfp: Fix wrong assignement to ufp_exc - [armel,armhf] make lookup_processor_type() non-__init - [armel,armhf] split out processor lookup - [armel,armhf] clean up per-processor check_bugs method call - [armel,armhf] add PROC_VTABLE and PROC_TABLE macros - [armel,armhf] spectre-v2: per-CPU vtables to work around big.Little systems - [armel,armhf] ensure that processor vtables is not lost after boot - [armel,armhf] fix the cockup in the previous patch - net: create skb_gso_validate_mac_len() (CVE-2018-1000026) - bnx2x: disable GSO where gso_size is too big for hardware (CVE-2018-1000026) - [i386] ACPI: NUMA: Use correct type for printing addresses on i386-PAE - cpufreq: check if policy is inactive early in __cpufreq_get() - [armel] dts: kirkwood: Fix polarity of GPIO fan lines - cifs: Limit memory used by lock request calls to a page - perf report: Include partial stacks unwound with libdw - Revert "Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G" - Input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK - perf/core: Fix impossible ring-buffer sizes warning - [x86] perf: Add check_period PMU callback - ALSA: hda - Add quirk for HP EliteBook 840 G5 - ALSA: usb-audio: Fix implicit fb endpoint setup by quirk - [x86] kvm: vmx: Fix entry number check for add_atomic_switch_msr() - Input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 - [alpha] fix page fault handling for r16-r18 targets - [alpha] Fix Eiger NR_IRQS to 128 - tracing/uprobes: Fix output for multiple string arguments - signal: Restore the stop PTRACE_EVENT_EXIT - [amd64] x86/a.out: Clear the dump structure initially - dm thin: fix bug where bio that overwrites thin block ignores FUA - [x86] drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set - smsc95xx: Use skb_cow_head to deal with cloned skbs - ch9200: use skb_cow_head() to deal with cloned skbs - kaweth: use skb_cow_head() to deal with cloned skbs - [arm64,armhf] usb: dwc2: Remove unnecessary kfree - netfilter: nf_tables: fix mismatch in big-endian system - [arm64] pinctrl: msm: fix gpio-hog related boot issues - mm: stop leaking PageTables - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define - Revert "scsi: aic94xx: fix module loading" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.160 - net: fix IPv6 prefix route residue - [x86] vsock: cope with memory allocation failure at socket creation time - hwmon: (lm80) Fix missing unlock on error in set_fan_div() - net: Fix for_each_netdev_feature on Big endian - [arm64,armhf] net: stmmac: handle endianness in dwmac4_get_timestamp - sky2: Increase D3 delay again - vhost: correctly check the return value of translate_desc() in log_used() - net: Add header for usage of fls64() - tcp: tcp_v4_err() should be more careful - net: Do not allocate page fragments that are not skb aligned - tcp: clear icsk_backoff in tcp_write_queue_purge() - vxlan: test dev->flags & IFF_UP before calling netif_rx() - [arm64,armhf] net: stmmac: Fix a race in EEE enable callback - net: ipv4: use a dedicated counter for icmp_v4 redirect packets - btrfs: Remove false alert when fiemap range is smaller than on-disk extent - mISDN: fix a race in dev_expire_timer() - ax25: fix possible use-after-free https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.161 - mac80211: Free mpath object when rhashtable insertion fails - libceph: handle an empty authorize reply - ceph: avoid repeatedly adding inode to mdsc->snap_flush_list - numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES - proc, oom: do not report alien mms when setting oom_score_adj - KEYS: allow reaching the keys quotas exactly - [armhf] mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells - [armhf] mfd: twl-core: Fix section annotations on {,un}protect_pm_master - [arm64] mfd: qcom_rpm: write fw_version to CTRL_REG - [armhf] mfd: mc13xxx: Fix a missing check of a register-read failure - qed: Fix qed_ll2_post_rx_buffer_notify_fw() by adding a write memory barrier - [arm64] net: hns: Fix use after free identified by SLUB debug - scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param - [x86] scsi: isci: initialize shost fully before calling scsi_add_host() - atm: he: fix sign-extension overflow on large shift - [armhf] leds: lp5523: fix a missing check of return value of lp55xx_read - net/mlx5e: Fix wrong (zero) TX drop counter indication for representor - RDMA/srp: Rework SCSI device reset handling - KEYS: user: Align the payload buffer - KEYS: always initialize keyring_index_key::desc_len - batman-adv: fix uninit-value in batadv_interface_tx() - net/packet: fix 4gb buffer limit due to overflow check - team: avoid complex list operations in team_nl_cmd_options_set() - sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach() - sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment - net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames - [hppa/parisc] Fix ptrace syscall number modification - [x86] hpet: Make cmd parameter of hpet_ioctl_common() unsigned - clocksource: Use GENMASK_ULL in definition of CLOCKSOURCE_MASK - netpoll: Fix device name check in netpoll_setup() - tracing: Use cpumask_available() to check if cpumask variable may be used - [x86] boot: Disable the address-of-packed-member compiler warning - [x86] drm/i915: Consistently use enum pipe for PCH transcoders - [x86] drm/i915: Fix enum pipe vs. enum transcoder for the PCH transcoder - [arm64] irqchip/gic-v3: Convert arm64 GIC accessors to {read,write}_sysreg_s - mm/zsmalloc.c: change stat type parameter to int - mm/zsmalloc.c: fix -Wunneeded-internal-declaration warning - Revert "bridge: do not add port to router list when receives query with source 0.0.0.0" - netfilter: nf_tables: fix flush after rule deletion in the same batch - [arm64] pinctrl: max77620: Use define directive for max77620_pinconf_param values - [arm64,armhf] phy: tegra: remove redundant self assignment of 'map' - sched/sysctl: Fix attributes of some extern declarations . [ Salvatore Bonaccorso ] * Refresh kbuild-use-nostdinc-in-compile-tests.patch for context changes in 4.9.145 * [rt] Update to 4.9.146-rt125 - seqlock: provide the same ordering semantics as mainline - squashfs: make use of local lock in multi_cpu decompressor - locallock: provide {get,put}_locked_ptr() variants - posix-timers: move the rcu head out of the union - alarmtimer: Prevent live lock in alarm_cancel() - block: blk-mq: move blk_queue_usage_counter_release() into process context - Revert "block: blk-mq: Use swait" - Revert "rt,ntp: Move call to schedule_delayed_work() to helper thread" - net: use task_struct instead of CPU number as the queue owner on -RT - locking: add types.h - mm/slub: close possible memory-leak in kmem_cache_alloc_bulk() - crypto: limit more FPU-enabled sections - sched, tracing: Fix trace_sched_pi_setprio() for deboosting - rcu: Suppress lockdep false-positive ->boost_mtx complaints - rcu: Do not include rtmutex_common.h unconditionally - rtmutex: Make rt_mutex_futex_unlock() safe for irq-off callsites - futex: Fix OWNER_DEAD fixup - futex: Avoid violating the 10th rule of futex - futex: Fix more put_pi_state() vs. exit_pi_state_list() races - futex: Fix pi_state->owner serialization * [rt] Refresh 0366-posix-timers-move-the-rcu-head-out-of-the-union.patch. Refresh for context changes caused by a Debian specific patch to avoid ABI change in 4.9.136: "posix-timers: Avoid ABI change in 4.9.136" * [rt] Refresh 0280-random-Make-it-work-on-rt.patch * [rt] Refresh 0198-fs-aio-simple-simple-work.patch for context changes in 4.9.147 * Btrfs: fix corruption reading shared and compressed extents after hole punching (Closes: #922306) . [ Ben Hutchings ] * Bump ABI to 9 and apply deferred changes: - netfilter: ipv6: nf_defrag: reduce struct net memory waste - proc/sysctl: prune stale dentries during unregistering - proc/sysctl: Don't grab i_lock under sysctl_lock. - proc: Fix proc_sys_prune_dcache to hold a sb reference - [mips*] Correct the 64-bit DSP accumulator register size - inet: frags: fix ip6frag_low_thresh boundary - inet: frags: reorganize struct netns_frags - rhashtable: reorganize struct rhashtable layout - inet: frags: break the 2GB limit for frags storage - elevator: fix truncation of icq_cache_name linux (4.9.144-3.1) stretch; urgency=high . * Non-maintainer upload. * Fix boot breakage on 32-bit arm (closes: #922478). Thanks to Adrian Bunk for spotting the mistake. linux-latest (80+deb9u7) stretch; urgency=medium . * Update to 4.9.0-9 mariadb-10.1 (10.1.38-0+deb9u1) stretch; urgency=medium . * SECURITY UPDATE: New upstream release 10.1.38. Includes fixes for the following security vulnerabilities (Closes: #920933): - CVE-2019-2537 - CVE-2019-2529 * Update correct branch name in gbp.conf * Disable test unit.pcre_test on s390x that was failing in stretch-security (Closes: #920854) * Limit build test suite to 'main' like in mariadb-10.3 to make unnecessary build failures less likely in lifetime of Stretch. * Fix mips compilation failure (__bss_start symbol missing) (Closes: #920855) * Extend the server README to clarify common misunderstandings (Closes: #878215) * Enable ccache in CMake path so it can be used automatically where available * Heavily refactor and unify gitlab-ci.yml MariaDB install/upgrade steps. This ensures uploads to Stretch are much more safer to do now than in the past. mariadb-10.1 (10.1.37-0+deb9u1) stretch-security; urgency=high . * SECURITY UPDATE: New upstream release 10.1.37. Includes fixes for the following security vulnerabilities (Closes: #912848); - CVE-2018-3282 - CVE-2018-3251 - CVE-2018-3174 - CVE-2018-3156 - CVE-2018-3143 - CVE-2016-9843 * Add (and rename) new man pages * Add Gitlab-CI definition file that can test each commit to this repository * Fix d/control metadata to match status for Debian Stretch * Physically remove patches no longer in series and not applied anyway * Fix wrong-path-for-interpreter in innotop script to make package Lintian error free as pass CI systems fully * Previous upstream version 10.1.35 included fixes for the following security vulnerabilities: - CVE-2018-3066 - CVE-2018-3064 - CVE-2018-3063 - CVE-2018-3058 * Previous upstream version 10.1.33 included fixes for the following security vulnerabilities: - CVE-2018-2819 - CVE-2018-2817 - CVE-2018-2813 - CVE-2018-2787 - CVE-2018-2784 - CVE-2018-2782 - CVE-2018-2781 - CVE-2018-2771 - CVE-2018-2767 - CVE-2018-2766 - CVE-2018-2761 - CVE-2018-2755 * Previous upstream version 10.1.31 included fixes for the following security vulnerabilities: - CVE-2018-2668 - CVE-2018-2665 - CVE-2018-2640 - CVE-2018-2622 - CVE-2018-2612 - CVE-2018-2562 * Revert "Update d/gbp.conf to track stretch branches" * New upstream version 10.1.30. Includes fixes for the following security vulnerabilities (Closes: #885345): - CVE-2017-15365 * Amend previous Debian changelog entries to contain new CVE identifiers * Refresh patches for MariaDB 10.1.30 and again for .34 * Delete unnecessary systemd files introduced by upstream * Add new files introduced by upstream to correct packages * Use list-missing instead of fail in d/rules so builds pass . [ Ondřej Surý ] * New upstream version 10.1.29. Includes fixes for the following security vulnerabilities: - CVE-2017-10378 - CVE-2017-10268 - MDEV-13819 * Add libconfig-inifiles-perl to mariadb-client-10.1 depends to fix mytop * Add mips64el to the list of platforms that are allowed to fail test suite * Handle new and/or missing files * Ignore failed tests on more non-release platforms (kfreebsd-i386, kfreebsd-amd64 and sparc64) * Rebase patches for MariaDB 10.1.29 . [ Christian Ehrhardt ] * d/t/upstream: skip func_regexp_pcre on s390x . [ Vicentiu Ciorbaru ] * Fix Mroonga compilation failure on arm64 * Extend libmariadbclient-rename.patch to cover TokuDB as well * Disable disks.disks test mariadb-10.1 (10.1.29-1) unstable; urgency=medium . * New upstream version 10.1.29 * Remove the mariadb-test-* packages as they are now provided by mariadb-10.2 (Closes: #881898) * Rebase patches for new upstream version. mariadb-10.1 (10.1.28-2) unstable; urgency=high . * Add libconfig-inifiles-perl to mariadb-client-10.1 depends to fix mytop (Closes: #875708) * Add mips64el to the list of platforms that are allowed to fail test suite (Closes: #879637) mariadb-10.1 (10.1.28-1) unstable; urgency=medium . * New upstream version 10.1.28 * Rebase patches on top of MariaDB 10.1.28 * Add extra symbols aliases for libmariadbclient_16 mariadb-10.1 (10.1.26-1) unstable; urgency=medium . * Ignore upstream debian/ directory when importing upstream tarball * New upstream version 10.1.26 * Refresh patches for MariaDB 10.1.26 * Remove unstable tests patches for unstable build, so we see what is really failing and what is not mosquitto (1.4.10-3+deb9u4) stretch-security; urgency=high . * Fix potential crash when reloading persistence file. (closes: #922071). mosquitto (1.4.10-3+deb9u3) stretch-security; urgency=high . * SECURITY UPDATE: If Mosquitto is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authentication and get access to the broker by using the malformed username. In particular, a blank line will be treated as a valid empty username. Other security measures are unaffected. Users who have only used the mosquitto_passwd utility to create and modify their password files are unaffected by this vulnerability. - debian/patches/mosquitto-1.4.x-cve-2018-12551.patch: this fix introduces more stringent parsing tests on the password file data. - CVE-2018-12551 * SECURITY UPDATE: If an ACL file is empty, or has only blank lines or comments, then mosquitto treats the ACL file as not being defined, which means that no topic access is denied. Although denying access to all topics is not a useful configuration, this behaviour is unexpected and could lead to access being incorrectly granted in some circumstances. - debian/patches/mosquitto-1.4.x-cve-2018-12550.patch: this fix ensures that if an ACL file is defined but no rules are defined, then access will be denied. - CVE-2018-12550 * SECURITY UPDATE: If a client publishes a retained message to a topic that they have access to, and then their access to that topic is revoked, the retained message will still be delivered to future subscribers. This behaviour may be undesirable in some applications, so a configuration option `check_retain_source` has been introduced to enforce checking of the retained message source on publish. - debian/patches/mosquitto-1.4.9-1.4.14-cve-2018-12546.patch: this patch stores the originator of the retained message, so security checking can be carried out before re-publishing. The complexity of the patch is due to the need to save this information across broker restarts. - CVE-2018-12546 mumble (1.2.18-1+deb9u1) stretch-security; urgency=high . * debian/patches: - Add 60-fix-message-flood.diff to fix instability and crash due to message flooding Thanks to "the zombi community" for finding the bug, committing a fix upstream, and contacting me to fix the issue in Debian - Add 61-configurable-rate-limit.diff to make message rate limit configurable ncmpc (0.25-0.1+deb9u1) stretch; urgency=medium . * Non-maintainer upload. * Fix CVE-2018-9240 (Closes: #894724) neutron (2:9.1.1-3+deb9u1) stretch-security; urgency=medium . * CVE-2019-9735: it's possible to add a security group rule for VRRP with a dport. Apply upstream patch: When converting sg rules to iptables, do not emit dport if not supported. (Closes: #924508). node-superagent (0.20.0+dfsg-1+deb9u2) stretch; urgency=medium . * Fix incompatible instruction in CVE-2017-16129 patch node-superagent (0.20.0+dfsg-1+deb9u1) stretch; urgency=medium . * Team upload * Add patch to fix ZIP bomb attacks (Closes: CVE-2017-16129) ntfs-3g (1:2016.2.22AR.1+dfsg-1+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix heap-based buffer overflow (CVE-2019-9755) nvidia-graphics-drivers (390.116-1) stretch; urgency=medium . * New upstream legacy branch release 390.116 (2019-02-22). * Fixed CVE‑2018‑6260. (Closes: #913467) https://nvidia.custhelp.com/app/answers/detail/a_id/4772 - Fixed build failures which resulted in errors like "implicit declaration of function drm_...", when building the NVIDIA DRM kernel module for Linux kernel 5.0 release candidates. - Fixed a bug which could cause VK_KHR_external_semaphore_fd operations to fail. - Fixed a build failure, "implicit declaration of function 'vm_insert_pfn'", when building the NVIDIA DRM kernel module for Linux kernel 4.20 release candidates. - Fixed a build failure, "unknown type name 'ipmi_user_t'", when building the NVIDIA kernel module for Linux kernel 4.20 release candidates. - Fixed a bug that caused mode switches to fail when an SDI output board was connected. - Fixed a bug that could cause rendering corruption in Vulkan programs. - Fixed a bug that caused vkGetPhysicalDeviceDisplayPropertiesKHR() to occasionally return incorrect values for physicalResolution. * New upstream legacy branch release 340 series. - Fixed a build failure, "too many arguments to function 'get_user_pages'", when building the NVIDIA kernel module for Linux kernel v4.4.168. - Fixed a build failure, "implicit declaration of function do_gettimeofday", when building the NVIDIA kernel module for Linux kernel 5.0 release candidates. - Added a new kernel module parameter, NVreg_RestrictProfilingToAdminUsers, to allow restricting the use of GPU performance counters to system administrators only. . [ Luca Boccassi ] * Drop kmem_cache_create_usercopy.patch, drm-mode.patch, ipmi-user.patch, vm-insert-pfn.patch: fixed upstream. * Update symbols files. . [ Andreas Beckmann ] * nvidia-detect: stretch now has a 390.xx driver. * nvidia-kernel-source: Bump debhelper dependency to match Build-Depends. * Upload to stretch. nvidia-graphics-drivers (390.87-8) unstable; urgency=medium . * Tune more package relationships to prevent that installing packages from nvidia-graphics-drivers-legacy-390xx driver pulls in packages from nvidia-graphics-drivers via Recommends. nvidia-settings (390.116-1) stretch; urgency=medium . * New upstream release 390.116. - Added the synchronization state for PRIME Displays to nvidia-settings. - Fixed a bug that could prevent nvidia-xconfig from disabling the X Composite extension on version 1.20 of the X.org X server. * Upload to stretch. nvidia-settings (390.87-2) unstable; urgency=medium . * Drop versioned constraints that are satisfied in wheezy. * Switch to debhelper-compat (= 12). nvidia-settings (390.87-1) unstable; urgency=medium . * New upstream release 390.87. * Add Build-Depends-Package field to symbols file. * Bump Standards-Version to 4.3.0. No changes needed. obs-build (20160921-1+deb9u1) stretch; urgency=medium . * CVE-2017-14804 (Closes: #887306) - Improve extractbuild to avoid write to files in the host system. - debian/patches/Improve-sanity-checks-in-extractbuild.patch: add new openjdk-8 (8u212-b01-1~deb9u1) stretch-security; urgency=medium . * Rebuild for stretch openjdk-8 (8u202-b26-3) unstable; urgency=medium . * Fix the 8u202 merge for aarch32, not using SA. openjdk-8 (8u202-b26-2) unstable; urgency=medium . * Fix builds using the aarch32 hotspot version. openjdk-8 (8u202-b26-1) unstable; urgency=high . * Update to 8u202-b26. * Security fixes: - CVE-2019-2422, S8206290: Better FileChannel transfer performance. - CVE-2019-2426, S8209094: Improve web server connections. - S8199156: Better route routing. - S8199552: Update to build scripts. - S8200659: Improve BigDecimal support. - S8203955: Improve robot support. - S8204895: Better icon support. - S8205709: Proper allocation handling. - S8205714: Initial class initialization. - S8210094: Better loading of classloader classes. - S8210606: Improved data set handling. - S8210866: Improve JPEG processing. . [ Tiago Stürmer Daitx ] * Update DEP8 tests: - debian/tests/control: updated to allow stderr output and to remove dpkg-dev dependency. - debian/tests/jtdiff-autopkgtest.sh: use dpkg --print-architecture instead of dpkg-architecture; log script name on any output. - debian/tests/jtreg-autopkgtest.in: use dpkg --print-architecture instead of dpkg-architecture; do not retain test temporary files; log script name on any output. - debian/tests/jtreg-autopkgtest.sh: regenerated. openjdk-8 (8u191-b12-2) unstable; urgency=high . * Upload to unstable. * Remove the "Team upload" for the last upload to experimental. openjdk-8 (8u191-b12-1) experimental; urgency=medium . * Team upload * Update to 8u191-b12. (Closes: #911925, Closes: #912333, LP: #1800792) * debian/excludelist.jdk.jtx: no longer needed, using ProblemsList.txt from upstream now. * debian/excludelist.langtools.jtx: upstream testing does not use any exclusion list. * debian/patches/sec-webrev-8u191-b12*: removed, applied upstream. * debian/patches/jdk-8132985-backport-double-free.patch, debian/patches/jdk-8139803-backport-warning.patch: fix crash in freetypescaler due to double free, thanks to Heikki Aitakangas for the report and patches. (Closes: #911847) * debian/rules: - tar and save JTreport directory. - run the same limited set of tests as upstream does. - call the same testsuites scripts used for autopkgtest. - reenable jdk testsuite. - simplified and moved xvfb logic into check-jdk rule. - removed jtreg and xvfb build dependency logic and moved the bdeps into debian/control.in. - added rules to generate autopkgtest scripts from templates. * updated dep8 tests: - debian/test/control: run hotspot, langtools, and jdk testsuites. - debian/tests/hotspot, debian/tests/jdk, debian/tests/langtools: add scripts for each testsuite to be run. - debian/tests/jtreg-autopkgtest.sh: template to generate the jtreg script used by the autopkgtest tests. - debian/tests/jtdiff-autopkgtest.sh: used by the scripts to report any differences between the autopkgtest and the tests results generated during the openjdk package build. - debian/tests/jtreg-autopkgtest.sh: used by the scripts to run jtreg and put the resulting artifacts in the right places. - debian/tests/valid-tests: removed, no longer needed. openjdk-8 (8u181-b13-2) unstable; urgency=high . [ Tiago Stürmer Daitx ] * Apply patches from 8u191-b12 security update. - CVE-2018-3136, S8194534: Manifest better support. - CVE-2018-3139, S8196902: Better HTTP Redirection. - CVE-2018-3149, S8199177: Enhance JNDI lookups. - CVE-2018-3169, S8199226: Improve field accesses. - CVE-2018-3180, S8202613: Improve TLS connections stability. - CVE-2018-3183, S8202936: Improve script engine support. - CVE-2018-3214, S8205361: Better RIFF reading support. - CVE-2018-3211: Unspecified vulnerability in the Serviceability component. - S8195868: Address Internet Addresses. - S8195874: Improve jar specification adherence. - S8201756: Improve cipher inputs. - S8203654: Improve cypher state updates. - S8204497: Better formatting of decimals. * debian/patches/jdk-freetypeScaler-crash.diff: removed as this patch causes a memory leak; upstream fixed it in openjdk-7, albeit in a different way. Closes: #910672. . [ Matthias Klose ] * Bump standards version. openjpeg2 (2.1.2-1.1+deb9u3) stretch-security; urgency=medium . * Non-maintainer upload by the Security Team. * CVE-2018-14423: Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl (closes: #904873). * CVE-2018-6616: Excessive Iteration in opj_t1_encode_cblks (closes: #889683). * CVE-2017-17480: Write stack buffer overflow due to missing buffer length formatter in fscanf call (closes: #884738). * CVE-2018-18088: Null pointer dereference caused by null image components in imagetopnm (closes: #910763). * CVE-2018-5785: Integer overflow in convertbmp.c (closes: #888533). openssh (1:7.4p1-10+deb9u6) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Apply upstream patch to make scp handle shell-style brace expansions when checking that filenames sent by the server match what the client requested (closes: #923486). openssl1.0 (1.0.2r-1~deb9u1) stretch-security; urgency=medium . [ Kurt Roeckx ] * New upstream version - Fixes CVE-2019-1559 . [ Sebastian Andrzej Siewior ] * Use openssl.cnf from the build directory for the testsuite. openssl1.0 (1.0.2q-2) unstable; urgency=medium . * User openssl.cnf from the build directory for the testsuite. openssl1.0 (1.0.2q-1) unstable; urgency=medium . * Correct typo in the riscv64 target (Closes: #891799). * Update to policy 4.1.4 - drop Priority: important. - use signing-key.asc and a https links for downloads. - point the VCS-* to salsa. * Import upstream version 1.0.2q - CVE-2018-5407 (Microarchitecture timing vulnerability in ECC scalar multiplication) - CVE-2018-0734 (Timing vulnerability in DSA signature generation) - CVE-2018-0732 (Client DoS due to large DH parameter) - CVE-2018-0737 (Cache timing vulnerability in RSA Key Generation) (Closes: #895845) passenger (5.0.30-1+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * arbitrary file read via REVISION symlink (CVE-2017-16355) (Closes: #884463) * Fix privilege escalation in the Nginx module (CVE-2018-12029) (Closes: #921767) pdns (4.0.3-1+deb9u4) stretch-security; urgency=medium . * Insufficient validation in the HTTP remote backend (CVE-2019-3871) Thanks to Salvatore Bonaccorso (Closes: #924966) perlbrew (0.78-1+deb9u1) stretch; urgency=medium . * Backport upstream fix for CPAN URLs. CPAN URLs have changed to use HTTPS, which makes perlbrew fail to detect perl tarballs. This patch changes the regexp to allow both HTTP and HTTPS. (Closes: #927065) php7.0 (7.0.33-0+deb9u3) stretch-security; urgency=medium . * Pull security fixes from https://github.com/Microsoft/php-src, a shared effort by Remi Collet and Anatol Belski to keep up with security issues in PHP 5.6.40 after EOL. * Security Issues Fixed: + Core: - Fixed bug #77630 (rename() across the device may allow unwanted access during processing). + EXIF: - Fixed bug #77509 (Uninitialized read in exif_process_IFD_in_TIFF). - Fixed bug #77540 (Invalid Read on exif_process_SOFn). - Fixed bug #77563 (Uninitialized read in exif_process_IFD_in_MAKERNOTE). - Fixed bug #77659 (Uninitialized read in exif_process_IFD_in_MAKERNOTE). + PHAR: - Fixed bug #77396 (Null Pointer Dereference in phar_create_or_parse_filename). - Fixed bug #77586 (phar_tar_writeheaders_int() buffer overflow). + SPL: - Fixed bug #77431 (openFile() silently truncates after a null byte). php7.0 (7.0.33-0+deb9u2) stretch-security; urgency=medium . * CVE-2019-9020 * CVE-2019-9021 * CVE-2019-9022 (plus backport for CAA support) * CVE-2019-9023 * CVE-2019-9024 postfix (3.1.12-0+deb9u1) stretch; urgency=medium . [Scott Kitterman] . * Add detailed smarthost instructions to README.Debian. Thanks to Celejar for the input. Closes: #919444 * Refresh patches . [Wietse Venema] . * 3.1.10 - Bugfix (introduced: Postfix 2.11): minor memory leak when minting issuer certs. This affects a tiny minority of use cases. Viktor Dukhovni, based on a fix by Juan Altmayer Pizzorno for the ssl_dane library. File: tls/tls_dane.c. - Bugfix (introduced: Postfix 3.0): with smtputf8_enable=yes, table lookups could casefold the search string when searching a lookup table that does not use fixed-string keys (regexp, pcre, tcp, etc.). Historically, Postfix would not case-fold the search string with such tables. File: util/dict_utf8.c. Closes: #917512 - Multiple 'bit rot' fixes for OpenSSL API changes, including support to disable TLSv1.3, to avoid issuing multiple session tickets. Viktor Dukhovni. Files: proto/postconf.proto, proto/TLS_README.html, tls/tls.h, tls/tls_server.c, tls/tls_misc.c. - Bugfix (introduced: 3.0): smtpd_discard_ehlo_keywords could not disable "SMTPUTF8". because the lookup table was using "EHLO_MASK_SMTPUTF8" instead. File: global/ehlo_mask.c. - Documentation: update documentation for Postfix versions that support disabling TLS 1.3. File: proto/postconf.proto. - Improved logging of TLS 1.3 summary information, and improved reporting of the same info in Received: message headers. Viktor Dukhovni. Files: proto/FORWARD_SECRECY_README.html, posttls-finger/posttls-finger.c, smtpd/smtpd.c, tls/tls.h, tls/tls_client.c, tls/tls_misc.c, tls/tls_proxy.h, tls/tls_proxy_context_print.c, tls/tls_proxy_context_scan.c, tls/tls_server.c. * 3.1.11 - Bugfix (introduced: postfix-2.11): with posttls-finger, connections to unix-domain servers always resulted in "Failed to establish session" even after a connection was established. Jaroslav Skarva. File: posttls-finger/posttls-finger.c. * 3.1.12 - Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce has been producing false rejects starting with the Postfix 2.2 smtpd_end_of_data_restrictons, and for the same reasons, did the same with the Postfix 3.4 BDAT command. The latter was reported by Andreas Schulze. File: smtpd/smtpd_check.c. - Bugfix (introduced: Postfix 3.0): LMTP connections over UNIX-domain sockets were cached but not reused, due to a cache lookup key mismatch. Therefore, idle cached connections could exhaust LMTP server resources, resulting in two-second pauses between email deliveries. This problem was investigated by Juliana Rodrigueiro. File: smtp/smtp_connect.c. postgresql-9.6 (9.6.12-0+deb9u1) stretch; urgency=medium . * New upstream version. * Revert upstream patch "Disallow setting client_min_messages higher than ERROR", it causes to much disruption to existing (test) scripts. psk31lx (2.1-1+deb9u1) stretch; urgency=medium . * Non-maintainer upload. * Make the version of the binary package 2.1+2.2really2.1-1+deb9u1 s.t. this sorts after the package in lenny (2.1+2.2beta1-8, built from src:twpsk) and before the the package in buster (2.2-1). (Closes: #911780) publicsuffix (20190415.1030-0+deb9u1) stretch; urgency=medium . * new upstream publicsuffix data publicsuffix (20190329.0756-1) unstable; urgency=medium . * new upstream version publicsuffix (20190221.0923-1) unstable; urgency=medium . * new upstream version publicsuffix (20190221.0923-0+deb9u1) stretch; urgency=medium . * new upstream publicsuffix data publicsuffix (20190128.1516-1) unstable; urgency=medium . * new upstream version publicsuffix (20181227.1630-1) unstable; urgency=medium . * new upstream version publicsuffix (20181108.2228-1) unstable; urgency=medium . * new upstream version publicsuffix (20181030.1007-1) unstable; urgency=medium . * new upstream version publicsuffix (20181003.1334-3) unstable; urgency=medium . * correct name of diff package for autopkgtest publicsuffix (20181003.1334-2) unstable; urgency=medium . * Standards-Version: bump to 4.2.1 (no changes needed) * add debian/watch to look at git, despite #910762 * added simple autopkgtest (borrowed from libpsl) publicsuffix (20181003.1334-1) unstable; urgency=medium . * new upstream version putty (0.67-3+deb9u1) stretch-security; urgency=high . * Backport security fixes from 0.71: - In random_add_noise, put the hashed noise into the pool, not the raw noise. - New facility for removing pending toplevel callbacks. - CVE-2019-9898: Fix one-byte buffer overrun in random_add_noise(). - uxnet: clean up callbacks when closing a NetSocket. - sk_tcp_close: fix memory leak of output bufchain. - Fix handling of bad RSA key with n=p=q=0. - Sanity-check the 'Public-Lines' field in ppk files. - Introduce an enum of the uxsel / select_result flags. - CVE-2019-9895: Switch to using poll(2) in place of select(2). - CVE-2019-9894: RSA kex: enforce the minimum key length. - CVE-2019-9897: Fix crash on ESC#6 + combining chars + GTK + odd-width terminal. - CVE-2019-9897: Limit the number of combining chars per terminal cell. - minibidi: fix read past end of line in rule W5. - CVE-2019-9897: Fix crash printing a width-2 char in a width-1 terminal. pyca (20031119-0.1~deb9u1) stretch; urgency=medium . * Non-maintainer upload. * Rebuild for stretch. . pyca (20031119-0.1) unstable; urgency=medium . * Non-maintainer upload. * Add 'missingok' to logrotate config. (Closes: #914836) * Add dummy binary-arch target. python-certbot (0.28.0-1~deb9u2) stretch; urgency=high . * The previous stable update incorrectly disabled systemd timer due to a change in debhelper compat version. This release drops the compat level back to debhelper 9, thus forcing a restart of the systemd timer. (Closes: #922031) . The behavior of dh_systemd_start changed between compat v9 and compat v10; in v9, timers were stopped in postrm and started in postinst, but in v10 timers were only started in postinst if they were running. Switching back to v9 will unilaterally start the timer in postinst once more. * Fix an FTBFS due to sbuild not considering or'ed dependencies. (Closes: #922543) python-cryptography (1.7.1-3+deb9u1) stretch; urgency=medium . * Remove BIO_callback_ctrl: The prototype differs with the OpenSSL's definition of it after it was changed (fixed) within OpenSSL. It has no users. python-django-casclient (1.2.0-2+deb9u1) stretch; urgency=medium . [ William Blough ] * Team upload * Apply django 1.10 middleware fix from upstream (Closes: #926350) . [ Adrian Bunk ] * python-django-casclient: Add the missing dependency on python-django. (Closes: #896317) * python3-django-casclient: Add the missing dependency on python3-django. (Closes: #896404) python-mode (1:6.2.3-1.1~deb9u1) stretch; urgency=medium . * Non-maintainer upload * Rebuild for stretch. . python-mode (1:6.2.3-1.1) unstable; urgency=medium . * Non-maintainer upload * Drop xemacs21 support (Closes: #909383, #680578, #837991) python-pip (9.0.1-2+deb9u1) stretch; urgency=medium . * Team upload. * Add Properly_catch_requests_HTTPError_in_index.py.patch, which fixes --extra-index-url results in "HTTPError: 404 Client Error: NOT FOUND". The patch makes works even with the unbundled requests. (Closes: #837764). python-pykmip (0.5.0-4+deb9u1) stretch; urgency=medium . * CVE-2018-1000872: Resource Management Errors (similar issue to CVE-2015-5262) vulnerability in PyKMIP server that can result in DOS: the server can be made unavailable by one or more clients opening all of the available sockets. Applied upstream patch: Fix a denial-of-service bug by setting the server socket timeout (Closes: #917030). qtbase-opensource-src (5.7.1+dfsg-3+deb9u1) stretch-security; urgency=medium . * Backport fixes for: - CVE-2018-15518: “double free or corruption” in QXmlStreamReader - CVE-2018-19873: QBmpHandler segfault on malformed BMP file - CVE-2018-19870: Check for QImage allocation failure in qgifhandler * Backport ensure_pixel_density_of_at_least_1.patch in order to fix VLC after it's security update (Closes: #907139). r-cran-igraph (1.0.1-1+deb9u1) stretch; urgency=medium . * Add upstream patch to fix: CVE-2018-20349 (Closes: #917212). rails (2:4.2.7.1-1+deb9u1) stretch; urgency=medium . * CVE-2018-16476 (Closes: #914847) * CVE-2019-5418 / CVE-2019-5419 (Closes: #924520) rdesktop (1.8.4-1~deb9u1) stretch-security; urgency=medium . * Security backport for Stretch. * Relax debhelper build dependency. * Relax Standards-Version to 3.9.8 . rssh (2.3.4-5+deb9u4) stretch-security; urgency=high . * The fix for the scp security vulnerability in 2.3.4-9 combined with the regression fix in 2.3.4-10 rejected the -pf and -pt options, which are sent by libssh2's scp support. Add support for those variants. (LP #1815935) rsync (3.1.2-1+deb9u2) stretch; urgency=medium . * Apply CVEs from 2016 to the zlib code. closes:#924509 ruby-i18n (0.7.0-2+deb9u1) stretch; urgency=medium . * CVE-2014-10077: Prevent a remote denial-of-service vulnerability via an application crash by engineering a situation where `:some_key` is present in `keep_keys` but not present in the hash. (Closes: #913093) ruby2.3 (2.3.3-1+deb9u6) stretch-security; urgency=medium . * CVE-2019-8320, CVE-2019-8321, CVE-2019-8322, CVE-2019-8323, CVE-2019-8324 * CVE-2019-8325 ruby2.3 (2.3.3-1+deb9u5) stretch; urgency=medium . * Backport upstream patches to fix FTBFS due to expired SSL certificate and timezone changes (Closes: #919999) - imap: update test certificate - timezone changes for Japan and Kiritimati * test/ruby/test_gc.rb: skip entirely; some tests in there can fail unpredictably on buildds (Closes: #912740) ruby2.3 (2.3.3-1+deb9u4) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * OpenSSL::X509::Name equality check does not work correctly (CVE-2018-16395) * pack.c: avoid returning uninitialized String * Tainted flags are not propagated in Array#pack and String#unpack with some directives (CVE-2018-16396) ruby2.3 (2.3.3-1+deb9u3) stretch-security; urgency=medium . [ Santiago R.R. ] * Fix Command injection vulnerability in Net::FTP. [CVE-2017-17405] * webrick: use IO.copy_stream for multipart response. Required changes in WEBrick to fix CVE-2017-17742 and CVE-2018-8777 * Fix HTTP response splitting in WEBrick. [CVE-2017-17742] * Fix Command Injection in Hosts::new() by use of Kernel#open. [CVE-2017-17790] * Fix Unintentional directory traversal by poisoned NUL byte in Dir [CVE-2018-8780] * Fix multiple vulnerabilities in RubyGems. CVE-2018-1000073: Prevent Path Traversal issue during gem installation. CVE-2018-1000074: Fix possible Unsafe Object Deserialization Vulnerability in gem owner. CVE-2018-1000075: Strictly interpret octal fields in tar headers. CVE-2018-1000076: Raise a security error when there are duplicate files in a package. CVE-2018-1000077: Enforce URL validation on spec homepage attribute. CVE-2018-1000078: Mitigate XSS vulnerability in homepage attribute when displayed via gem server. CVE-2018-1000079: Prevent path traversal when writing to a symlinked basedir outside of the root. * Fix directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library [CVE-2018-6914] * Fix Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket [CVE-2018-8779] * Fix Buffer under-read in String#unpack [CVE-2018-8778] * Fix tests to cope with updates in tzdata (Closes: #889117) * Exclude Rinda TestRingFinger and TestRingServer test units requiring network access (Closes: #898694) . [ Antonio Terceiro ] * debian/tests/excludes/any/TestTimeTZ.rb: ignore tests failing due to assumptions that don't hold on newer tzdata update. Upstream bug: https://bugs.ruby-lang.org/issues/14655 runc (0.1.1+dfsg1-2+deb9u1) stretch; urgency=medium . * Team upload. * Add patch to address CVE-2019-5736 (Closes: #922050) samba (2:4.5.16+dfsg-1+deb9u1) stretch-security; urgency=high . * This is a security release in order to address the following defect: - CVE-2019-3880 Save registry file outside share as unprivileged user spip (3.1.4-4~deb9u2) stretch-security; urgency=medium . * Update security screen to 1.3.11 * Backport security fix from 3.1.10 - Arbitrary code execution for any identified visitor (Closes: #926764) systemd (232-25+deb9u11) stretch-security; urgency=high . * pam-systemd: use secure_getenv() rather than getenv() Fixes a vulnerability in the systemd PAM module which insecurely uses the environment and lacks seat verification permitting spoofing an active session to PolicyKit. (CVE-2019-3842) systemd (232-25+deb9u10) stretch; urgency=medium . * journald: fix assertion failure on journal_file_link_data (Closes: #916880) * tmpfiles: fix "e" to support shell style globs (Closes: #918400) * mount-util: accept that name_to_handle_at() might fail with EPERM. Container managers frequently block name_to_handle_at(), returning EACCES or EPERM when this is issued. Accept that, and simply fall back to fdinfo-based checks. (Closes: #917122) * automount: ack automount requests even when already mounted. Fixes a race condition in systemd which could result in automount requests not being serviced and processes using them to hang, causing denial of service. (CVE-2018-1049) * core: when deserializing state always use read_line(…, LONG_LINE_MAX, …) Fixes improper serialization on upgrade which can influence systemd execution environment and lead to root privilege escalation. (CVE-2018-15686, Closes: #912005) systemd (232-25+deb9u9) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Refuse dbus message paths longer than BUS_PATH_SIZE_MAX limit (CVE-2019-6454) * Allocate temporary strings to hold dbus paths on the heap (CVE-2019-6454) * sd-bus: if we receive an invalid dbus message, ignore and proceeed (CVE-2019-6454) thunderbird (1:60.6.1-1~deb9u1) stretch-security; urgency=medium . [ Carsten Schoenert ] * Rebuild for stretch-security thunderbird (1:60.5.1-1) unstable; urgency=medium . [ Alexander Nitsch ] * [c9775d4] Make the logo SVG square The original SVG source isn't completely square, modifying the SVG file so all generated other files from the input are also exactly square. * [6096812] Add script for generating PNGs from logo SVG * [4e9e5cc] Update icon PNGs to be properly scaled . [ Carsten Schoenert ] * [9e5527d] d/source.filter: add some configure scripts Filter out some files that are named 'configure', they are rebuild later anyway. The filtering of these files is moved from gbp.conf to source.filter. * [b63f2a2] Revert "d/gbp.conf: ignore configure script while importing" Reverting this commit as we need to move the files to filter to source.filter as the behaviour wasn't the expected outcome. * [4965c2a] New upstream version 60.5.1 Fixed CVE issues in upstream version 60.5.0 (MFSA 2019-06) CVE-2018-18356: Use-after-free in Skia CVE-2019-5785: Integer overflow in Skia CVE-2018-18335: Buffer overflow in Skia with accelerated Canvas 2D CVE-2018-18509: S/MIME signature spoofing thunderbird (1:60.5.1-1~deb9u1) stretch-security; urgency=medium . [ Carsten Schoenert ] * Rebuild for stretch-security thunderbird (1:60.5.0-3) unstable; urgency=medium . * [3e274d8] d/rules: move disable debug option into configure step Adding the option '--disable-debug-symbols' to the file mozconfig.default in case the build is running on a 32bit architecture instead of expanding the variable 'CONFIGURE_FLAGS'. The configuration approach for this option taken from firefox-esr was not working for the thunderbird package. * [b3d82d3] d/rules: reorder LDFLAGS for better readability Make the used additional options for LDFLAGS better readable by reordering the various used options. Also adding the option '-Wl, --as-needed' to the list of used options here. * [62d11e3] d/rules: use 'compress-debug-sections' only on 64bit Do not set 'LDFLAGS += -Wl,--compress-debug-sections=zlib' globally, lets use this option only if we are on a 64bit architecture as otherwise the build is failing on 32bit architectures again. We don't want to build any debug information on 32bit anyway so we don't need this option on these platforms. * [6225c44] d/mozconfig.default: adding option for mipsel We don't have set up any options for the mipsel platform before, but the build needs some additional options too on this platform to succeed. * [4e348d9] d/mozconfig.default: disable ion on mips and mipsel The build will fail on mips{,el} if we have enabled ION, the JaveScript JIT compiler on these platforms will loose some performance by this. thunderbird (1:60.5.0-2) unstable; urgency=medium . * [aa2dbe3] d/changelog: update MFSA information for 60.5.0 The MFSA gut published shortly after the upload of the previous version. Adding the CVE numbers for MFSA 2019-03 to the changelog accordingly like happen for 1:60.4.0-1 too. * [71807dc] rebuild patch queue from patch-queue branch Due greater changes to the source the previous rebuild and refreshing of the patch queue wasn't correctly nor complete. Some more rework was needed and some patches got cherry-picked from firefox-esr. readded patches (not included upstream): porting-mips/Bug-1444303-MIPS-Fix-build-failures-after-Bug-1425580-par.patch porting-mips/Bug-1444834-MIPS-Stubout-MacroAssembler-speculationBarrie.patch cherry-picked from firefox-esr: fixes/Bug-1470701-Use-run-time-page-size-when-changing-map.patch fixes/Bug-1505608-Try-to-ensure-the-bss-section-of-the-elf.patch porting-powerpc/powerpc-Don-t-use-static-page-sizes-on-powerpc.patch removed patches (included upstream): porting-s390x/FTBFS-s390x-Use-jit-none-AtomicOperations-sparc.h-on-s390.patch * [eaa065b] apparmor: update profile from upstream (commit 7ace41b1) * [c761425] d/rules: make dh_clean more robust Remove some regenerated files in dh_clean to the build will not fail in case the buils needs to be started twice within the same build environment. * [aa7b033] d/gbp.conf: ignore configure script while importing The shipped scripts '*configure' in the toplevel folder and also in js/src aren't needed and we can them filter out while importing the tarballs. These scripts got (re)created by dh_auto_configure nevertheless. * [9f0acb2] d/rules: tweek LDFLAGS more to reduce RAM usage Reduce RAM usage while linking by using compressed sections. (picked from firefox-esr) * [62f195d] d/rules: Don't build debug symbols on non 64bit platforms Reduce even more RAM usage while linking by don't build debugging symbols if we build on non 64bit architectures. (picked from firefox-esr) thunderbird (1:60.5.0-1) unstable; urgency=medium . * d/source.filter: update filter list Updating the list of files to filter out while repacking the upstream tarball based on recent work done in debian/experimental. Unfortunately a lot of semi minimized *.js files from the original upstream tarball are later needed within some integrated consoles like the AddOn debugger or the error console. Don't filter out such files for now. (Closes: #911198) * [edab34d] d/changelog: update MFSA information for 60.4.0 While releasing and uploading the Debian version 1:60.4.0-1 no MFSA information was available, adding this information now into the changelog entry for 1:60.4.0-1. * [f3f44a3] New upstream version 60.5.0 No dedicated MFSA announcement for this Thunderbird version provided. * [ccac089] rebuild patch queue from patch-queue branch removed patches (included upstream): porting-mips/Bug-1444303-MIPS-Fix-build-failures-after-Bug-1425580-par.patch porting-mips/Bug-1444834-MIPS-Stubout-MacroAssembler-speculationBarrie.patch removed patches (dropped by us): debian-hacks/Don-t-build-testing-suites-and-stuff.patch debian-hacks/Don-t-build-testing-suites-and-stuff-part-2.patch refreshed patches: debian-hacks/Add-another-preferences-directory-for-applications-p.patch porting-armel/Bug-1463035-Remove-MOZ_SIGNAL_TRAMPOLINE.-r-darchons.patch porting-kfreebsd-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch porting-kfreebsd-hurd/adding-missed-HURD-adoptions.patch porting-kfreebsd-hurd/ipc-chromium-fix-if-define-for-kFreeBSD-and-Hurd.patch porting-m68k/Add-m68k-support-to-Thunderbird.patch porting-s390x/FTBFS-s390x-Use-jit-none-AtomicOperations-sparc.h-on-s390.patch porting-sparc64/Bug-1434726-Early-startup-crash-on-Linux-sparc64-in-HashI.patch * [43c28c2] d/s/lintian-overrides: more files to ignore Related to [4201f43] the override list for the source needs to be adjusted as we have now more files included there Lintian is complaining about missing source. These files are no 'real' minimized JS files, but the have mostly some long lines that are triggered the Lintian check. thunderbird (1:60.4.0-1) unstable; urgency=medium . * [2e5a9d0] d/control: don't hard code LLVM packages in B-D (Closes: #912797) * [3aaa4a6] New upstream version 60.4.0 No MFSA published yet by Mozilla Security while packaging this version. (Closes: #913645) * [12d3be3] debian/control: increase Standards-Version to 4.3.0 No further changes needed. tryton-server (4.2.1-2+deb9u1) stretch-security; urgency=high . * Include patches for CVE-2019-10868. * Add 03_sec_issue7766_check_read_access_in_search_domain.patch. This patch fixes security issue http://bugs.tryton.org/issue7766: Check read access on field in search domain. It is possible for an authenticated user to guess the value of a field for which he has no access right no matter if it is at the model or the field level. The procedure is to make dichotomous search queries on the model using a domain clause on the field equals value until the search returns the id. See also https://discuss.tryton.org/t/security-release-for-issue7766/ . * Add 04_sec_issue8189_check_read_access_on_search_order.patch. This patch fixes security issue http://bugs.tryton.org/issue8189: Check read access on field in search_order. An authenticated user can order records based on a field for which he has no access right. This may allow the user to guess values. See also https://discuss.tryton.org/t/security-release-for-issue8189/ twig (1.24.0-2+deb9u1) stretch-security; urgency=medium . * Team upload * Stick to v1 for stretch * Backport fix from 1.38: security issue in the sandbox [CVE-2019-9942] twitter-bootstrap3 (3.3.7+dfsg-2+deb9u2) stretch; urgency=medium . * Add patch to fix CVE-2019-8331: XSS in tooltip or popover tzdata (2019a-0+deb9u1) stretch; urgency=medium . * New upstream version, affecting the following past and future timestamps: - Palestine will not start DST until 2019-03-30, instead of 2019-03-23 as previously predicted. - Metlakatla ended its observance of Pacific standard time, rejoining Alaska Time, on 2019-01-20 at 02:00. tzdata (2018i-2) unstable; urgency=medium . * Update German debconf translation, by Holger Wansing. Closes: #918455. * Update Dutch debconf translation, by Frans Spiesschaert. Closes: #920427. * Update Russian debconf translation, by Lev Lamberov. Closes: #920598. * Update Danish debconf translation, by Joe Hansen. Closes: #923061. tzdata (2018i-1) unstable; urgency=high . * New upstream version, affecting the following future timestamps: - São Tomé and Príncipe switches from +01 to +00 on 2019-01-01. unzip (6.0-21+deb9u1) stretch; urgency=medium . * Fix buffer overflow in password protected ZIP archives. Closes: #889838. Patch borrowed from SUSE. For reference, this is CVE-2018-1000035. vcftools (0.1.14+dfsg-4+deb9u1) stretch; urgency=medium . * Team upload. * Add patch from upstream to fix CVE-2018-11099, CVE-2018-11129 and CVE-2018-11130 (Closes: #902190). vips (8.4.5-1+deb9u1) stretch; urgency=medium . * Fix CVE-2018-7998: NULL function pointer dereference vulnerability in the vips_region_generate() function. * Fix CVE-2019-6976: zero memory on malloc to prevent write of uninit memory under some error conditions. waagent (2.2.34-3~deb9u1) stretch; urgency=medium . * Upload to stretch. waagent (2.2.34-2) unstable; urgency=medium . * Disable all tests, they need a real system. (closes: #918943) waagent (2.2.34-1) unstable; urgency=medium . * New upstream version. waagent (2.2.26-1) unstable; urgency=medium . * New upstream version. * Update Vcs entries to point to salsa.debian.org. * Disable agent auto update. (closes: #887704) waagent (2.2.18-3) unstable; urgency=medium . * Move udev rules to /lib/udev. (closes: #856065) * Set priority to optional. waagent (2.2.18-3~deb9u2) stretch-security; urgency=high . * Set proper access rights on swap file. CVE-2019-0804 wget (1.18-5+deb9u3) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix a buffer overflow vulnerability (CVE-2019-5953) (Closes: #926389) wireshark (2.6.7-1~deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Rebuild for stretch(-security). wireshark (2.6.6-1) unstable; urgency=medium . [ Jean-Philippe MENGUAL ] * French debconf translation update (Closes: #915161) . [ Balint Reczey ] * New upstream version 2.6.6 - security fixes: - The P_MUL dissector could crash. (CVE-2019-5717) - The RTSE dissector and other dissectors could crash. (CVE-2019-5718) - The ISAKMP dissector could crash. (CVE-2019-5719) - The 6LoWPAN dissector could crash. (CVE-2019-5716) * Mention GPLv3+ code snippet in tools/pidl/idl.yp (Closes: #918089) wireshark (2.6.5-1) unstable; urgency=medium . * Add debian/gitlab-ci.yml * New upstream version 2.6.5 - release notes: https://www.wireshark.org/docs/relnotes/wireshark-2.6.5.html - security fixes: - The Wireshark dissection engine could crash. (CVE-2018-19625) - The DCOM dissector could crash. (CVE-2018-19626) - The LBMPDM dissector could crash. (CVE-2018-19623) - The MMSE dissector could go into an infinite loop. (CVE-2018-19622) - The IxVeriWave file parser could crash. (CVE-2018-19627) - The PVFS dissector could crash. (CVE-2018-19624) - The ZigBee ZCL dissector could crash. (CVE-2018-19628) * Update symbols wordpress (4.7.5+dfsg-2+deb9u5) stretch-security; urgency=medium . * Backport security patches from wordpress 5.0.1 Closes: #916403 - CVE-2018-20147 Delete files through altered meta data - CVE-2018-20152 Create posts of unauthorized post types - CVE-2018-20148 PHP object injection through crafted meta data - CVE-2018-20153 Edit other users comments, leading to XSS - CVE-2018-20150 XSS in plugins through crafted URL inputs - CVE-2018-20151 User activation screen visible to search engines - CVE-2018-20149 Bypass MIME verification causing XSS - CVE-2019-8942 Remote Code Execution (RCE) in uploaded image files wpa (2:2.4-1+deb9u3) stretch-security; urgency=high . * Apply a partial security fix for CVE-2019-9495: - OpenSSL: Use constant time operations for private bignums. - See https://w1.fi/security/2019-2/ for more details. * Apply security fixes: - EAP-pwd server: Detect reflection attacks (CVE-2019-9497) - EAP-pwd client: Verify received scalar and element (partial fix for CVE-2019-9498) - EAP-pwd server: Verify received scalar and element (partial fix for CVE-2019-9499) - See https://w1.fi/security/2019-4/ for more details. * Add an upstream patch to add crypto_ec_point_cmp() required by the fixes for CVE-2019-9497. * Forcefully enable compilation of the ECC code. . wpa (2:2.4-1+deb9u2) stretch; urgency=high . * SECURITY UPDATE: - CVE-2018-14526: Ignore unauthenticated encrypted EAPOL-Key data (Closes: #905739) xmltooling (1.6.0-4+deb9u2) stretch-security; urgency=high . * [2f0c065] New patch fixing CVE-2019-9628: uncaught exception on malformed XML declaration. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type. This generally manifests as a crash in the calling code, which in the Service Provider software's case is usually the shibd daemon process, but can be Apache in some cases. Note that the crash occurs prior to evaluation of a message's authenticity, so can be exploited by an untrusted attacker. https://shibboleth.net/community/advisories/secadv_20190311.txt https://issues.shibboleth.net/jira/browse/CPPXT-143 Thanks to Scott Cantor (Closes: #924346) yorick-av (0.0.4-2~deb9u1) stable; urgency=low . * Rebuild for stretch. zziplib (0.13.62-3.2~deb9u1) stretch; urgency=medium . * Rebuild for stretch. ====================================== Sat, 16 Feb 2019 - Debian 9.8 released ====================================== ========================================================================= [Date: Sat, 16 Feb 2019 09:45:34 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: debian-parl | 1.9.10 | source parl-data | 1.9.10 | all parl-desktop | 1.9.10 | all parl-desktop-eu | 1.9.10 | all parl-desktop-strict | 1.9.10 | all parl-desktop-world | 1.9.10 | all Closed bugs: 921749 ------------------- Reason ------------------- RoQA; depends on broken / removed Firefox plugins ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 16 Feb 2019 09:45:56 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: xul-ext-y-u-no-validate | 2013052407-3 | all y-u-no-validate | 2013052407-3 | source Closed bugs: 908405 ------------------- Reason ------------------- RoQA; incompatible with newer firefox-esr versions ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 16 Feb 2019 09:46:28 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: mozvoikko | 2.2-0.1 | source xul-ext-mozvoikko | 2.2-0.1 | all Closed bugs: 912465 ------------------- Reason ------------------- RoQA; incompatible with newer firefox-esr versions ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 16 Feb 2019 09:47:19 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: personasplus | 1.7.8-1 | source xul-ext-personasplus | 1.7.8-1 | all Closed bugs: 913436 ------------------- Reason ------------------- RoQA; incompatible with newer firefox-esr versions ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 16 Feb 2019 09:48:00 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: corebird | 1.4.1-1+deb9u1 | source, amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x Closed bugs: 915292 ------------------- Reason ------------------- RoM; broken by Twitter API changes ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 16 Feb 2019 09:49:19 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: firefox-branding-iceweasel | 0.4.0 | source xul-ext-iceweasel-branding | 0.4.0 | all Closed bugs: 918160 ------------------- Reason ------------------- RoQA; incompatible with newer firefox-esr versions ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 16 Feb 2019 09:49:37 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: imap-acl-extension | 0.2.7-1 | source xul-ext-imap-acl | 0.2.7-1 | all Closed bugs: 918254 ------------------- Reason ------------------- RoQA; incompatible with newer firefox-esr versions ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 16 Feb 2019 09:50:26 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: toggle-proxy | 1.9-2 | source xul-ext-toggle-proxy | 1.9-2 | all Closed bugs: 918257 ------------------- Reason ------------------- RoQA; incompatible with newer firefox-esr versions ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 16 Feb 2019 09:51:21 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: mozilla-password-editor | 2.10.3-1 | source xul-ext-password-editor | 2.10.3-1 | all Closed bugs: 918258 ------------------- Reason ------------------- RoQA; incompatible with newer firefox-esr versions ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 16 Feb 2019 09:52:30 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: firefox-kwallet5 | 1.0-2 | source xul-ext-kwallet5 | 1.0-2 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x Closed bugs: 918346 ------------------- Reason ------------------- RoQA; incompatible with newer firefox-esr versions ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 16 Feb 2019 09:55:34 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: adblock-plus | 2.7.3+dfsg-1 | source xul-ext-adblock-plus | 2.7.3+dfsg-1 | all Closed bugs: 918347 ------------------- Reason ------------------- RoQA; incompatible with newer firefox-esr versions ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 16 Feb 2019 09:56:40 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: mozilla-dom-inspector | 1:2.0.16-2 | source xul-ext-dom-inspector | 1:2.0.16-2 | all Closed bugs: 918349 ------------------- Reason ------------------- RoQA; incompatible with newer firefox-esr versions ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 16 Feb 2019 09:56:54 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: browser-plugin-spice | 2.8.90-5 | amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x spice-xpi | 2.8.90-5 | source Closed bugs: 918350 ------------------- Reason ------------------- RoQA; incompatible with newer firefox-esr versions ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 16 Feb 2019 09:57:26 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: flickrbackup | 0.2-3.1 | source, all Closed bugs: 919797 ------------------- Reason ------------------- RoM; ancient; abandoned upstream; deprecated ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 16 Feb 2019 09:57:46 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: python-formalchemy | 1.4.2-1 | source, amd64, arm64, armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x Closed bugs: 920560 ------------------- Reason ------------------- RoQA; unusable, fails to import in python ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 16 Feb 2019 09:58:01 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: flashblock | 1.5.20-2 | source xul-ext-flashblock | 1.5.20-2 | all Closed bugs: 920717 ------------------- Reason ------------------- RoQA; incompatible with newer firefox-esr versions ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 16 Feb 2019 09:58:19 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: refcontrol | 0.8.17-3 | source xul-ext-refcontrol | 0.8.17-3 | all Closed bugs: 920718 ------------------- Reason ------------------- RoQA; incompatible with newer firefox-esr versions ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 16 Feb 2019 09:58:54 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: cookie-monster | 1.3.0.5-1 | source xul-ext-cookie-monster | 1.3.0.5-1 | all Closed bugs: 920719 ------------------- Reason ------------------- RoQA; incompatible with newer firefox-esr versions ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 16 Feb 2019 09:59:38 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: requestpolicy | 1.0.0~beta12.3+dfsg-1 | source xul-ext-requestpolicy | 1.0.0~beta12.3+dfsg-1 | all Closed bugs: 920722 ------------------- Reason ------------------- RoQA; incompatible with newer firefox-esr versions ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 16 Feb 2019 09:59:59 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: mozilla-noscript | 2.9.0.14-1 | source xul-ext-noscript | 2.9.0.14-1 | all Closed bugs: 920724 ------------------- Reason ------------------- RoQA; incompatible with newer firefox-esr versions ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 16 Feb 2019 10:00:15 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: debianbuttons | 1.11-3 | source xul-ext-debianbuttons | 1.11-3 | all Closed bugs: 921129 ------------------- Reason ------------------- RoQA; incompatible with newer firefox-esr versions ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 16 Feb 2019 10:00:33 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: calendar-exchange-provider | 3.9.0-4 | source, all Closed bugs: 921932 ------------------- Reason ------------------- RoM; incompatible with newer Thunderbird versions ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 16 Feb 2019 10:00:50 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: libwww-topica-perl | 0.6-5 | source, all Closed bugs: 922110 ------------------- Reason ------------------- RoQA; useless due to Topica site removal ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 16 Feb 2019 10:14:07 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: libnvidia-egl-wayland1 | 384.130-1 | amd64, armhf, i386 nvidia-egl-wayland-common | 384.130-1 | amd64, armhf, i386 nvidia-egl-wayland-icd | 384.130-1 | amd64, armhf, i386 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by nvidia-graphics-drivers) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 16 Feb 2019 10:25:58 +0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: python-certbot | 0.10.2-1 | all ------------------- Reason ------------------- [cruft] NBS (no longer built by python-certbot) ---------------------------------------------- ========================================================================= arc (5.21q-4+deb9u1) stretch; urgency=medium . * Non-maintainer upload. * Fix version 1 arc header reading * Fix arcdie crash when called with more then 1 variable argument * Fix directory traversal bugs (CVE-2015-9275) Thanks to Hans de Goede (Closes: #774527) astroml-addons (0.2.2-4~deb9u1) stretch; urgency=medium . * Non-maintainer upload. * Rebuild for stretch. . astroml-addons (0.2.2-4) unstable; urgency=medium . * Push Standards-Version to 4.0.0. No changes needed. . [ Scott Kitterman ] * Correct substitution variable for python3 binary so correct python3 interpreter depends are provided. Closes: #867243 base-files (9.9+deb9u8) stretch; urgency=medium . * Change /etc/debian_version to 9.8, for Debian 9.8 point release. c3p0 (0.9.1.2-9+deb9u1) stretch; urgency=medium . * Team upload. * Fix CVE-2018-20433. A XML External Entity (XXE) vulnerability was discovered in c3p0 that may be used to resolve information outside of the intended sphere of control. (Closes: #917257) ca-certificates-java (20170929~deb9u1) stretch; urgency=medium . * Rebuild for stretch. . ca-certificates-java (20170929) unstable; urgency=low . [ Gianfranco Costamagna ] * Team upload. * Ack previous NMU, thanks . [ Rico Tzschichholz ] * Fix temporary jvm-*.cfg generation on armhf (Closes: #874276) - the armhf installation path is different from other architectures. ceph (10.2.11-2) stretch-security; urgency=medium . [ James Page ] * [d34d35] Fix build on i386 (Closes: #913909) ceph (10.2.11-1) stretch-security; urgency=medium . * [1aebf9] New upstream version 10.2.11 Fixes the following security vulnerabilities: - CVE-2017-7519: libradosstripper printf format string injection vulnerability - CVE-2018-1128: The cephx authentication protocol was vulnerable to a replay attack. - CVE-2018-1129: Cephx signature calculation did not cover the whole message being sent. This allowed an attacker to alter parts of the message. - CVE-2018-1086: A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. * [20b8e7] Replace sleep-recover.patch by reconnect-after-mds-reset.patch * [33f8d2] Remove CVE-2016-9597 patch applied upstream * [a9c2ee] Remove disable-openssl-linking.patch fixed upstream The upstream solution requires a build dependency on libssl-dev to be able to look up the sonames. The resulting code is not linked against libssl but can dlopen it at runtime. * [edc23d] Remove osd-limit-omap-data-in-push-op.patch applied upstream * [9dd30c] Remove rgw_rados-creation_time.patch applied upstream * [fff91f] Refresh patches * [c2925f] Update symbols for librbd1 (added in 10.2.6) ceph (10.2.7-0exp1) experimental; urgency=medium . [ James Page ] * [585f53] New upstream version 10.2.6 . [ Gaudenz Steinlin ] * [41b6fd] New upstream version 10.2.7 * [916972] Remove patch "cve-2016-9579_short_cors_request" applied upstream * [541204] Remove patch "disable-openssl-linking" sovled upstream * [60cc3d] Remove patch "osd-limit-omap-data-in-push-op" applied upstream * [ee0f76] Remove patch "rgw_rados-creation_time" applied upstream * [f07cb0] Refresh patches for 10.2.7 * [be7663] Build depend on libssl-dev. This is only needed to satisfy the build system checks the resulting binary is not linked against openssl and only dlopens it at runtime. So there is no GPL violation. chkrootkit (0.50-4+deb9u1) stretch; urgency=medium . * Non-maintainer upload. * Backport fix for regular expression for filtering out dhcpd and dhclient as false positives from the packet sniffer test. . [ Lorenzo "Palinuro" Faletra ] * Update /etc/cron.daily/chkrootkit (Closes: #600109) chromium-browser (70.0.3538.110-1~deb9u1) stretch-security; urgency=medium . * New upstream security release. - CVE-2018-17479: Use-after-free in GPU. chromium-browser (70.0.3538.102-1) unstable; urgency=medium . * New upstream security release. - CVE-2018-17478: Out of bounds memory access in V8. Reported by cloudfuzzer * Fix new lintian warnings. * Drop libjs-excanvas build dependency. * Add support for building with harfbuzz 2.1.1. * Document how to run chromium as root (closes: #838534). * Output debian specific instructions when no working sandbox is available. * Do not rely on transitive recommendation for the sandbox (closes: #913116). chromium-browser (70.0.3538.102-1~deb9u1) stretch-security; urgency=medium . * New upstream security release. - CVE-2018-17478: Out of bounds memory access in V8. Reported by cloudfuzzer * Eliminate unintended dependency on gconf-service (closes: #913926). * Restore arm64 crashpad patch mistakenly dropped in the previous upload. chromium-browser (70.0.3538.67-3) unstable; urgency=medium . * Fix a compiler warning. * Move the setuid sandbox into a separate package (closes: #839277). chromium-browser (70.0.3538.67-2) unstable; urgency=medium . * Restore support for building with gtk2. chromium-browser (70.0.3538.67-1) unstable; urgency=medium . * New upstream stable release. - CVE-2018-17462: Sandbox escape in AppCache. Reported by Ned Williamson and Niklas Baumstark - CVE-2018-17463: Remote code execution in V8. Reported by Ned Williamson and Niklas Baumstark - Heap buffer overflow in Little CMS in PDFium. Reported by Quang Nguyễn - CVE-2018-17464: URL spoof in Omnibox. Reported by xisigr - CVE-2018-17465: Use after free in V8. Reported by Lin Zuojian - CVE-2018-17466: Memory corruption in Angle. Reported by Omair - CVE-2018-17467: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-17468: Cross-origin URL disclosure in Blink. Reported by James Lee - CVE-2018-17469: Heap buffer overflow in PDFium. Reported by Zhen Zhou - CVE-2018-17470: Memory corruption in GPU Internals. Reported by Zhe Jin - CVE-2018-17471: Security UI occlusion in full screen mode. Reported by Lnyas Zhang - CVE-2018-17473: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-17474: Use after free in Blink. Reported by Zhe Jin - CVE-2018-17475: URL spoof in Omnibox. Reported by Vladimir Metnew - CVE-2018-17476: Security UI occlusion in full screen mode. Reported by Khalil Zhani - CVE-2018-5179: Lack of limits on update() in ServiceWorker. Reported by Yannic Bonenberger - CVE-2018-17477: UI spoof in Extensions. Reported by Aaron Muir Hamilton * Fix build failure on i386. * Fix installation path of the master preferences file (closes: #911056). chromium-browser (70.0.3538.67-1~deb9u1) stretch-security; urgency=medium . * New upstream stable release. - CVE-2018-17462: Sandbox escape in AppCache. Reported by Ned Williamson and Niklas Baumstark - CVE-2018-17463: Remote code execution in V8. Reported by Ned Williamson and Niklas Baumstark - Heap buffer overflow in Little CMS in PDFium. Reported by Quang Nguyễn - CVE-2018-17464: URL spoof in Omnibox. Reported by xisigr - CVE-2018-17465: Use after free in V8. Reported by Lin Zuojian - CVE-2018-17466: Memory corruption in Angle. Reported by Omair - CVE-2018-17467: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-17468: Cross-origin URL disclosure in Blink. Reported by James Lee - CVE-2018-17469: Heap buffer overflow in PDFium. Reported by Zhen Zhou - CVE-2018-17470: Memory corruption in GPU Internals. Reported by Zhe Jin - CVE-2018-17471: Security UI occlusion in full screen mode. Reported by Lnyas Zhang - CVE-2018-17473: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-17474: Use after free in Blink. Reported by Zhe Jin - CVE-2018-17475: URL spoof in Omnibox. Reported by Vladimir Metnew - CVE-2018-17476: Security UI occlusion in full screen mode. Reported by Khalil Zhani - CVE-2018-5179: Lack of limits on update() in ServiceWorker. Reported by Yannic Bonenberger - CVE-2018-17477: UI spoof in Extensions. Reported by Aaron Muir Hamilton chromium-browser (70.0.3538.54-2) unstable; urgency=medium . * Build with gcc 8 (closes: #901368). * Move the master preferences file to /etc/chromium (closes: #891232). chromium-browser (70.0.3538.54-1) unstable; urgency=medium . * New upstream beta release. chromium-browser (69.0.3497.100-1) unstable; urgency=medium . * New upstream stable release. * Update standards version to 4.2.1. * Clarify debugging section in README.debian (closes: #910842). * Remove ConvertUTF from the upstream tarball (closes: #900596). * Load all extensions installed to /usr/share/chromium/extensions. - Thanks to Michael Meskes (closes: #890392). * Remove audio_capture_enable setting from the default preferences (closes: #884887). chromium-browser (69.0.3497.92-1) unstable; urgency=medium . * New upstream security release. - Function signature mismatch in WebAssembly. Reported by Kevin Cheung - URL Spoofing in Omnibox. Reported by evi1m0 compactheader (2.1.6-1~deb9u1) stretch; urgency=medium . [ Carsten Schoenert ] * Rebuild for Stretch (Closes: #918167) * [93f8afe] debhelper: decrease to version available in stretch * [8fd6a50] d/compat: decrease accordingly to version 10 compactheader (2.1.5-1) unstable; urgency=medium . [ David Prévot ] * [faa4ffb] Drop Icedove from description * [58353f3] Update Standards-Version to 3.9.7 . [ Carsten Schoenert ] * [c9d19db] Adding debian/gbp.conf to make life easier * [5e31e42] New upstream version 2.1.5 (Closes: #891433) * [a7e96da] Add a patch queue * [15ea418] d/rules: don't install unneeded files and folder Don't install and ship files from the folder test and the files Readme.md build.xml which aren't needed for the use of the package. * [6d45fe5] d/rules: remove the get-orig-source target The old get-orig-source Makefile target isn't needed and can be dropped in favor of using uscan directly. * [449a5e1] bumping debhelper and compat to version 11 Let's use a recent debhelper version. * [27ff6a3] d/control: increase Standards-Version to 4.1.4 No further changes needed. * [8a365a5] d/control: move package over to pkg-mozext-team on salsa Alioth will be going offline and the successor platform is Salsa. * [891ab67] d/control: adding myself as uploader Thanks to William for working on compactheader in the past! (Closes: #892410) * [23957a9] d/control: adjust Maintainer field due changed email address Due changes for the Alioth host the Maintainer email is also changing to a new domain. compactheader (2.1.1~beta1-1) experimental; urgency=medium . * Team upload . [ jmozmoz ] * Add Portuguese translation courier (0.76.3-5+deb9u1) stretch; urgency=medium . [ Andreas Beckmann ] * Non-maintainer upload. * Backport @piddir@ substitution from 1.0.5-1. . [ Markus Wanner ] * Extend patch 0018-Fix-default-configuration-for-Debian.patch with the piddir addition proposed by Willi Mann. Closes: #875696. cups (2.2.1-8+deb9u3) stretch; urgency=low . * Backport upstream fixes for: - CVE-2017-18248: DBUS notifications could crash the scheduler - CVE-2018-4700: Linux session cookies used a predictable random number seed (Closes: #915909) curl (7.52.1-5+deb9u9) stretch-security; urgency=high . * Fix NTLM type-2 out-of-bounds buffer read as per CVE-2018-16890 https://curl.haxx.se/docs/CVE-2018-16890.html * Fix NTLMv2 type-3 header stack buffer overflow as per CVE-2019-3822 https://curl.haxx.se/docs/CVE-2019-3822.html * Fix SMTP end-of-response out-of-bounds read as per CVE-2019-3823 https://curl.haxx.se/docs/CVE-2019-3823.html debian-edu-config (1.929+deb9u3) stretch; urgency=medium . [ Wolfgang Schweer ] * debian-edu-config.chromium-ldapconf: Remove slapd start requirement. . debian-edu-config (1.929+deb9u2) stretch; urgency=medium . [ Wolfgang Schweer ] * Fix configuration of personal web pages. (Closes: #866228). - Set right order of linking in cf/cf.apache2. - Add conditional code to d/d-e-c.postinst to fix the wrong configuration generated via the cfengine run during main server installation (introduced in version 1.926). * Re-enable offline installation of a combi server including diskless workstation support. (Closes: #867271, #904331). - 015-edu-apt-source: fix apt-get options to be able to use a repo of type 'file://'. As 'media/cdrom/' in the LTSP chroot is treated as such a repo, add 'acquire::check-valid-until=0' to APT_GET_OPTS; otherwise installation fails because the Release file is expired. - 032-edu-pkgs: Move all diskless workstation installation parts to the finalization stage of LTSP chroot installation. * Enable Chromium homepage setting at installation time and via LDAP as further improvements for the fix for bug #891262 in version 1.929+deb9u1: - Add cf/cf.chromium (cfengine). - Add debian/debian-edu-config.chromium-ldapconf (init script). - Add share/debian-edu-config/tools/update-chromium-homepage (used by both cfengine and the init script). - Adjust Makefile and debian/rules. . [ Mike Gabriel ] * update-chromium-homepage: - Don't complain about non-existing config file when attempting its removal. - Don't statically set http://www as homepage, use detected homepage instead. (Closes: #911790) debian-edu-config (1.929+deb9u2) stretch; urgency=medium . [ Wolfgang Schweer ] * Fix configuration of personal web pages. (Closes: #866228). - Set right order of linking in cf/cf.apache2. - Add conditional code to d/d-e-c.postinst to fix the wrong configuration generated via the cfengine run during main server installation (introduced in version 1.926). * Re-enable offline installation of a combi server including diskless workstation support. (Closes: #867271, #904331). - 015-edu-apt-source: fix apt-get options to be able to use a repo of type 'file://'. As 'media/cdrom/' in the LTSP chroot is treated as such a repo, add 'acquire::check-valid-until=0' to APT_GET_OPTS; otherwise installation fails because the Release file is expired. - 032-edu-pkgs: Move all diskless workstation installation parts to the finalization stage of LTSP chroot installation. * Enable Chromium homepage setting at installation time and via LDAP as further improvements for the fix for bug #891262 in version 1.929+deb9u1: - Add cf/cf.chromium (cfengine). - Add debian/debian-edu-config.chromium-ldapconf (init script). - Add share/debian-edu-config/tools/update-chromium-homepage (used by both cfengine and the init script). - Adjust Makefile and debian/rules. . [ Mike Gabriel ] * update-chromium-homepage: - Don't complain about non-existing config file when attempting its removal. - Don't statically set http://www as homepage, use detected homepage instead. (Closes: #911790) debian-installer-netboot-images (20170615+deb9u5.b2) stretch; urgency=medium . * Update to 20170615+deb9u5+b2 images, from stretch-proposed-update debian-security-support (2019.02.01~deb9u1) stretch; urgency=medium . * Team upload. * Rebuild for stretch, without d/control changes. debian-security-support (2019.01.19) unstable; urgency=medium . * Team upload. . [ Holger Levsen ] * d/control: - bump standards version to 4.3.0. - bump debhelper compat to 11, use the new debhelper-compat(=11) notation and drop d/compat. - add "Rules-Requires-Root: no" to support building as non-root. debian-security-support (2018.11.25) unstable; urgency=medium . * Team upload. . [ Markus Koschany ] * Mark jasperreports as end-of-life in Jessie. . [ Salvatore Bonaccorso ] * Mark webkit2gtk as unsupported in all releases. (Closes: #914567) . [ Holger Levsen ] * Bump standards version to 4.2.1. . [ Ondřej Nový ] * d/copyright: Use https protocol in Format field. * d/changelog: Remove trailing whitespaces. debian-security-support (2018.11.25~deb9u1) stretch; urgency=medium . * Team upload. * Rebuild for stretch. . debian-security-support (2018.11.25) unstable; urgency=medium . * Team upload. . [ Markus Koschany ] * Mark jasperreports as end-of-life in Jessie. . [ Salvatore Bonaccorso ] * Mark webkit2gtk as unsupported in all releases. (Closes: #914567) . [ Holger Levsen ] * Bump standards version to 4.2.1. . [ Ondřej Nový ] * d/copyright: Use https protocol in Format field. * d/changelog: Remove trailing whitespaces. . debian-security-support (2018.06.08) unstable; urgency=medium . * Add .gitlab-ci.yml configuration * Mark jruby in jessie as end-of-life as per DSA-4219-1 (Closes: #901032) . debian-security-support (2018.05.20) unstable; urgency=medium . * Mark vlc in jessie as end-of-life as per DSA 4203-1 . debian-security-support (2018.05.17) unstable; urgency=medium . [ Antoine Beaupré ] * mark frontaccounting as unsupported . [ Markus Koschany ] * Add xulrunner to security-support-ended.deb7 . [ Salvatore Bonaccorso ] * Mark redmine as end-of-life for Debian 8 (jessie) (Closes: #897609) * Update Vcs-* headers for switch to salsa.debian.org * Update German translations. Thanks to Chris Leick (Closes: #878321) . debian-security-support (2018.01.29) unstable; urgency=medium . [ Markus Koschany ] * Add teamspeak to security-support-ended.deb7 * Add libstruts1.2-java to security-support-ended.deb7. * Add nvidia-graphics-drivers to security-support-ended.deb7. Non-free is not supported * Add glassfish to security-support-ended.deb7 * Mark jbossas4 as end-of-life in Wheezy. * Mark jasperreports as unsupported in Wheezy. No sponsor users it. Targeted fixes not possible because detailed information about the vulnerabilities and their solution (patches) is not available. . [ Salvatore Bonaccorso ] * Mark chromium-browser as end-of-life for Debian 8 (Jessie) . [ Raphaël Hertzog ] * Mark libnet-ping-external-perl as unsupported in wheezy. * Mark mp3gain as unsupported in wheezy. . [ Emilio Pozuelo Monfort ] * Mark tor as unsupported in wheezy. . [ Guido Günther ] * Add swftools to security support limited swftools is orphaned (#885088) and the security tracker is currently counting 25 open CVEs. It is a useful tool with trusted content though. * Bump standards version to 4.1.3. No changes needed * Bump debhelper compat level to 9 which is available in oldoldstable (wheezy). debian-security-support (2018.06.08) unstable; urgency=medium . * Add .gitlab-ci.yml configuration * Mark jruby in jessie as end-of-life as per DSA-4219-1 (Closes: #901032) debian-security-support (2018.05.20) unstable; urgency=medium . * Mark vlc in jessie as end-of-life as per DSA 4203-1 debian-security-support (2018.05.17) unstable; urgency=medium . [ Antoine Beaupré ] * mark frontaccounting as unsupported . [ Markus Koschany ] * Add xulrunner to security-support-ended.deb7 . [ Salvatore Bonaccorso ] * Mark redmine as end-of-life for Debian 8 (jessie) (Closes: #897609) * Update Vcs-* headers for switch to salsa.debian.org * Update German translations. Thanks to Chris Leick (Closes: #878321) debian-security-support (2018.01.29) unstable; urgency=medium . [ Markus Koschany ] * Add teamspeak to security-support-ended.deb7 * Add libstruts1.2-java to security-support-ended.deb7. * Add nvidia-graphics-drivers to security-support-ended.deb7. Non-free is not supported * Add glassfish to security-support-ended.deb7 * Mark jbossas4 as end-of-life in Wheezy. * Mark jasperreports as unsupported in Wheezy. No sponsor users it. Targeted fixes not possible because detailed information about the vulnerabilities and their solution (patches) is not available. . [ Salvatore Bonaccorso ] * Mark chromium-browser as end-of-life for Debian 8 (Jessie) . [ Raphaël Hertzog ] * Mark libnet-ping-external-perl as unsupported in wheezy. * Mark mp3gain as unsupported in wheezy. . [ Emilio Pozuelo Monfort ] * Mark tor as unsupported in wheezy. . [ Guido Günther ] * Add swftools to security support limited swftools is orphaned (#885088) and the security tracker is currently counting 25 open CVEs. It is a useful tool with trusted content though. * Bump standards version to 4.1.3. No changes needed * Bump debhelper compat level to 9 which is available in oldoldstable (wheezy). dnspython (1.15.0-1+deb9u1) stretch; urgency=medium . * Add debian/patches/0002-fix-error-when-parsing-nsec3-bitmap-from- text.patch from upstream (Closes: #915866) drupal7 (7.52-2+deb9u6) stretch-security; urgency=high . [ William Blough ] * Add upstream fix for DATE_RFC7231 conflict with php7 (Closes: #911791) . [ Gunnar Wolf ] * SA-CORE-2019-001: Vulnerability in a third-party library (related to CVE-2018-1000888) * SA-CORE-2019-002: Arbitrary PHP code execution egg (4.2.0-1.1+deb9u1) stretch; urgency=medium . * Non-maintainer upload. * Skip emacsen-install for unsupported xemacs21. (Closes: #900812) erlang (1:19.2.1+dfsg-2+deb9u2) stretch; urgency=medium . [ Andreas Beckmann ] * Non-maintainer upload. * Backport removal of xemacs21 support from 1:21.2+dfsg-2. . [ Sergei Golovan ] * Do not install Erlang mode for XEmacs since it isn't supposed to work with it (closes: #909387). espeakup (1:0.80-5+deb9u3) stretch; urgency=high . * debian/espeakup.service: Fix compatibility with older versions of systemd (Closes: Bug#913453). Also fix starting with empty voice language. firefox-esr (60.5.0esr-1~deb9u1) stretch-security; urgency=medium . * New upstream release. * Fixes for mfsa2019-02, also known as: CVE-2018-18500, CVE-2018-18505, CVE-2018-18501. firefox-esr (60.4.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2018-30, also known as: CVE-2018-17466, CVE-2018-18492, CVE-2018-18493, CVE-2018-18494, CVE-2018-18498, CVE-2018-12405. firefox-esr (60.4.0esr-1~deb9u1) stretch-security; urgency=medium . * New upstream release. * Fixes for mfsa2018-30, also known as: CVE-2018-17466, CVE-2018-18492, CVE-2018-18493, CVE-2018-18494, CVE-2018-18498, CVE-2018-12405. . * debian/rules: Use embedded libevent in backports. Closes: #910397. * debian/browser.install.in, debian/rules: Properly copy the watermark to /usr/share/icons/hicolor/symbolic/apps. * debian/rules: Pass compiler and compiler flags environment variables down to ICU configure. That will make it use GCC instead of defaulting to clang now it's in PATH, avoiding the failing to build the ICU data file on big endian platforms because clang doesn't know some of the GCC flags it somehow got from the environment. . * build/unix/elfhack/test.c: Try to ensure the bss section of the elfhack testcase stays large enough. bz#1505608. * memory/build/mozjemalloc.cpp: Fix run sizes for size classes >= 16KB on systems with large pages. bz#1507035. Closes: #911898. firefox-esr (60.3.0esr-3) unstable; urgency=medium . * debian/browser.install.in, debian/rules: Properly copy the watermark to /usr/share/icons/hicolor/symbolic/apps. * debian/rules: Pass compiler and compiler flags environment variables down to ICU configure. That will make it use GCC instead of defaulting to clang now it's in PATH, avoiding the failing to build the ICU data file on big endian platforms because clang doesn't know some of the GCC flags it somehow got from the environment. firefox-esr (60.3.0esr-2) unstable; urgency=medium . * debian/control*: Build depend on unversioned clang/llvm. Closes: #912804. * debian/rules: Use embedded libevent in backports. Closes: #910397. . * build/unix/elfhack/test.c: Try to ensure the bss section of the elfhack testcase stays large enough. bz#1505608. * memory/build/mozjemalloc.cpp: Fix run sizes for size classes >= 16KB on systems with large pages. bz#1507035. Closes: #911898. firefox-esr (60.3.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2018-27, also known as: CVE-2018-12392, CVE-2018-12393, CVE-2018-12395, CVE-2018-12396, CVE-2018-12397, CVE-2018-12389, CVE-2018-12390. . * debian/rules: Work around armel FTBFS from conflicting __sync_* symbols between libgcc and rust's compiler_builtins. freerdp (1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3) stretch; urgency=medium . * debian/patches: Add security patches. - CVE-2018-8786.patch: The count variable in update_read_bitmap() needs to be UINT32 (not UINT16). - CVE-2018-8787.patch: In gdi_Bitmap_Decompress, check for invalid bpp, width and height before decompressing. CVE-2018-8788.patch: In NSC encode/decode functions, catch data flawed in various ways and bail out with failure. CVE-2018-8789.patch: In ntlm_read_message_fields_buffer, check buffer offset vs. Stream_Length and bail out if not appropriate. - Thanks to Alex Murray for backporting them to FreeRDP 1.1. * debian/patches: + Add 0010_add-support-for-credssp-v3-and-rdpproto-v6.patch. Add CredSSP v3 and RDP proto v6 support. This allows users to connect to recently (since March 2018) updated Microsoft RDP servers again. Thanks to Bernhard Miklautz and Martin Fleisz for helping out with backporting this patch. Much appreciated! * debian/control: + Update Vcs-*: URLs. * debian/lib{freerdp-core1.1,winpr-sspi0.1}.symbols: Update symbols. ganeti-os-noop (0.2-1+deb9u1) stretch; urgency=medium . * debian/control: + Update Vcs-*: fields. VCS repo has been migrated to salsa.debian.org. + Priority extra -> optional. + Update Maintainer: field to 'Debian Ganeti Team ' * debian/patches: + Add 1001_fix-export-script-for-non-block-devices.patch. Fix size detection for non-block devices. Thanks to Bastian Blank for providing the patch. (Closes: #895602). ghostscript (9.26a~dfsg-0+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * New upstream version 9.26a~dfsg + Includes fix for CVE-2019-6116 * Temporarily split ABI at ~ (not a). * Update symbols: 1 private added ghostscript (9.26~dfsg-2) unstable; urgency=high . * Add patches cherry-picked upstream to fix segfault with certain PDFs with -dLastPage=1. Closes: Bug#915832. Thanks to Salvatore Bonaccorso. * Set urgency=high as this is fixes regression in 9.26~dfsg-1. ghostscript (9.26~dfsg-1) unstable; urgency=high . [ upstream ] * New security and bugfix release. . [ Jonas Smedegaard ] * Drop patches cherry-picked upstream now applied. * Unfuzz patch 2009. * Set urgency=high due to high potential for security fixes (beyond those already included as cherry-picked patches). * Update symbols: 12 private added. ghostscript (9.26~dfsg-0+deb9u2) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Add patches cherry-picked upstream to fix segfault with certain PDFs with -dLastPage=1. (Closes: #915832) ghostscript (9.26~dfsg-0+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * New upstream version 9.26~dfsg + Includes fixes for the following security vulnerabilities: CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 * Drop patches cherry-picked upstream now applied * Unfuzz patch 2009. * Update symbols: 12 private added. ghostscript (9.25~dfsg-7) unstable; urgency=medium . * drop obsolete preinst migrations. * Quote variables in package helper update-gsfontmap. * Fix typos in previous changelog entries. * Disable parallel building. Closes: Bug#912847. Thanks to Matthias Klose. ghostscript (9.25~dfsg-6) unstable; urgency=medium . * Add patch cherry-picket upstream to fix cups get/put_params LeadingEdge logic. Closes: Bug#912664. Thanks to Salvatore Bonaccorso. ghostscript (9.25~dfsg-5) unstable; urgency=medium . * Add patch cherry-picket upstream to fix openjpeg segfault if size too large. ghostscript (9.25~dfsg-4) unstable; urgency=high . * Re-release with urgency=high, due to CVE fixes. ghostscript (9.25~dfsg-3) unstable; urgency=medium . * Add patches cherry-picked upstream to fix execution issues. + Implement .currentoutputdevice operator + Change "executeonly" to throw typecheck on gstatetype and devicetype objects + Undefine some additional internal operators. + Fix handling of .needinput if used from interpreter + Ensure all errors are included from initialization + setundercolorremoval memory corruption + copydevice fails after stack device copies invalidated + add operand checking to .setnativefontmapbuilt + add object type check for AES key + Add parameter type checking on .bigstring + zparse_dsc_comments can crash with invalid dsc_state + Catch errors in setpagesize, .setpagesize and setpagedevice and cleanup + Catch errors and cleanup stack on statusdict page size definitions + Add parameter checking in setresolution + device subclass open_device call must return child code + fix DSC comment parsing in pdfwrite + Check all uses of dict_find* to ensure 0 return properly handled + permit Mod and CreDate pdfmarks in PDF 2.0 in pdfwrite + Avoid overrunning non terminated string buffer. + Prevent SEGV in gs_setdevice_no_erase. + Fix uninitialised value for render_cond. + Hide the .needinput operator + filenameforall calls bad iodev with insufficent scratch + Improve hiding of security critical custom operators + Prevent SEGV after calling gs_image_class_1_simple. + don't push userdict in preparation for Type 1 fonts + add control over hiding error handlers. + For hidden operators, pass a name object to error handler. + Explicitly exclude /unknownerror from the SAFERERRORLIST + don't include operator arrays in execstack output + Make .forceput unavailable from '.policyprocs' helper dictionary + .loadfontloop must be an operator + font parsing - prevent SEGV in .cffparse Closes: Bug#910678, #910758, #911175 (CVE-2018-17961, CVE-2018-18073, CVE-2018-18284). Thanks to Salvatore Bonaccorso. * Unfuzz patches. * Declare compliance with Debian Policy 4.2.1. * Update symbols: 1 private added. ghostscript (9.25~dfsg-2) unstable; urgency=high . * Add/correct bug-closures for previous releases 9.25~dfsg-1, 9.25~dfsg-1~exp1, 9.24~~rc2~dfsg-1, 9.21~dfsg-1. * Set urgency=high due to recent CVE fixes. ghostscript (9.25~dfsg-1) unstable; urgency=medium . * Stop needlessly install symlinks handled upstream since ~9.05. * Tidy control file: + Wrap-and-sort. + Drop support for auto-resolving package relations or major version. * Update package relations: + Stop needlessly depend on debconf. + Stop build-depend on dh-buildinfo: Effectively unused. + Stop build-depend on libtrio: Unused upstream since 9.18. * Update copyright info: + Wrap-and-sort. + Extend coverage of Debian packaging. Drop unneeded copyrigh signs. + Fix files section licensed as AGPL-3+ (no longer GPL-3+). + Use semantic linefeeds. * Update symbols tracking: + Drop 19 private symbols. + Add 59 private symbols. * Add more bug-closures to previous release 9.25~dfsg-1~exp1. ghostscript (9.25~dfsg-1~exp1) experimental; urgency=medium . [ upstream ] * New bugfix release(s). Closes: Bug#907703, #908300, #908303, #908304, #908305 (CVE-2018-16509, CVE-2018-16543, CVE-2018-16510, CVE-2018-16585). Thanks to Salvatore Bonaccorso. . * Update copyright info: + Stop exclude image containing non-DFSG ICC profile when repackaging upstream source: Fixed upstream. + Fix cover license FTL. * Set Rules-Requires-Root: no. * Update symbols: + Drop commented out obsolete symbols. + Flag as optional symbols not declared in public header files. * Avoid privacy breach linking documentation to jquery: + Add patch 2009 to use local jquery. + Add symlink from relative link to system-shared jquery library. + Have ghostscript-doc depend on libjs-jquery. * Avoid privacy breach linking documentation to font: + Avoid linking to remote fonts in documentation. * Avoid privacy breach linking documentation with Google: + Strip googletagmanager code from documentation. ghostscript (9.25~dfsg-0+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * New upstream version 9.25~dfsg + Fixes regression using ps2ascii after fix for CVE-2018-17183 (Closes: #909076) + status operator honour SAFER option (CVE-2018-11645) * Drop patches applied upstream * Rebase 2001_docdir_fix_for_debian.patch for 9.25 * Rebase 2010_add_build_timestamp_setting.patch for 9.25 * Add patches cherry-picked upstream to fix execution issues. + Implement .currentoutputdevice operator + Change "executeonly" to throw typecheck on gstatetype and devicetype objects + Undefine some additional internal operators. + Fix handling of .needinput if used from interpreter + Ensure all errors are included from initialization + setundercolorremoval memory corruption + copydevice fails after stack device copies invalidated + add operand checking to .setnativefontmapbuilt + add object type check for AES key + Add parameter type checking on .bigstring + zparse_dsc_comments can crash with invalid dsc_state + Catch errors in setpagesize, .setpagesize and setpagedevice and cleanup + Catch errors and cleanup stack on statusdict page size definitions + Add parameter checking in setresolution + device subclass open_device call must return child code + fix DSC comment parsing in pdfwrite + Check all uses of dict_find* to ensure 0 return properly handled + permit Mod and CreDate pdfmarks in PDF 2.0 in pdfwrite + Avoid overrunning non terminated string buffer. + Prevent SEGV in gs_setdevice_no_erase. + Fix uninitialised value for render_cond. + Hide the .needinput operator + filenameforall calls bad iodev with insufficent scratch + Improve hiding of security critical custom operators (CVE-2018-17961) (Closes: #911175) + Prevent SEGV after calling gs_image_class_1_simple. + don't push userdict in preparation for Type 1 fonts + add control over hiding error handlers. (Closes: #909929) + For hidden operators, pass a name object to error handler. (CVE-2018-17961) (Closes: #911175) + Explicitly exclude /unknownerror from the SAFERERRORLIST + don't include operator arrays in execstack output (CVE-2018-18073) (Closes: #910758) + Make .forceput unavailable from '.policyprocs' helper dictionary (CVE-2018-18284) (Closes: #911175) + .loadfontloop must be an operator (CVE-2018-17961) (Closes: #911175) + font parsing - prevent SEGV in .cffparse * openjpeg allocator must return NULL if size too large * debian/copyright: Refresh with version from 9.25~dfsg-5 * debian/libgs9.symbols: Update (and sync from 9.25~dfsg-5) for new version. Adjust version for errorexec_find@Base. * Fix cups get/put_params LeadingEdge logic (cf. #912664) * Avoid privacy breach linking documentation to jquery: + Add patch 2009 to use local jquery. + Add symlink from relative link to system-shared jquery library. + Have ghostscript-doc depend on libjs-jquery. * Avoid privacy breach linking documentation to font: + Avoid linking to remote fonts in documentation. * Avoid privacy breach linking documentation with Google: + Strip googletagmanager code from documentation. ghostscript (9.24~~rc2~dfsg-1) experimental; urgency=medium . [ upstream ] * New prerelease. . * Update copyright info: + Exclude convenience code copy of lcms2mt (not lcms2) and image containing non-DFSG ICC profile when repackaging upstream source. * Update copyright-check maintainer script: Extract metadata from png files. * Update copyright info: + Extend coverage for main upstream author. + Extend coverage for Adobe. * Drop patches cherry-picked upstream since applied. * Unfuzz patches. ghostscript (9.22~dfsg-3) unstable; urgency=high . * Add patches cherry-picked upstream to fix execution issues: + Properly apply file permissions to .tempfile. + Don't just assume an object is a t_(a)struct. + Fix handling of pre-SAFER opened files. + Properly check return value when getting value from a dictionary. + Handle LockDistillerParams not being a boolean. + Fix shading_param incomplete type checking. + Ensure the correct is in place before cleanup. + Check the restore operand type. + Fix memory corruption in aesdecode. + Fix handle stack overflow during error handling. + Avoid sharing pointers between pdf14 compositors. + Improve restore robustness. + Hide the .shfill operator. Closes: Bug#907332. Thanks to Nicolas Braud-Santoni. * Use package section optional (not extra). * Extend lintian overrides regarding License-Reference. * Declare compliance with Debian Policy 4.2.0. ghostscript (9.22~dfsg-2.1) unstable; urgency=medium . * Non-maintainer upload. * Buffer overflow in fill_threshold_buffer (CVE-2016-10317) (Closes: #860869) * pdfwrite - Guard against trying to output an infinite number (CVE-2018-10194) (Closes: #896069) ghostscript (9.22~dfsg-2) unstable; urgency=medium . * Update Vcs-* fields for the move to salsa.d.o ghostscript (9.22~dfsg-1) unstable; urgency=medium . [ upstream ] * New release. Highlights: + Ghostscript can now consume and produce (via the pdfwrite device) PDF 2.0 compliant files. + The main focus of this release has been security and code cleanliness. Hence many AddressSanitizer, Valgrind and Coverity issues have been addressed. + The usual round of bug fixes, compatibility changes, and incremental improvements. . [ Jonas Smedegaard ] * Update copyright info: + Update paths of files to strip from upstream source. + Stop strip ConvertUTF files when repackaging upstream source: No longer included upstream. * Update watch file: Use substitution strings. * Update package relations: + Relax to build-depend unversioned on liblcms2-dev d-shlibs cdbs: Needed versions satisfied even in oldstable * Tighten lintian overrides regarding License-Reference. * Use https protocol for upstream Homepage. * Declare compliance with Debian Policy 4.1.1. * Drop patches applied upstream. * Unfuzz patches. * Update symbols file. ghostscript (9.22~~rc1~dfsg-1) experimental; urgency=medium . [ upstream ] * New release. Highlights: + Ghostscript can now consume and produce (via the pdfwrite device) PDF 2.0 compliant files. + The main focus of this release has been security and code cleanliness. Hence many AddressSanitizer, Valgrind and Coverity issues have been addressed. + The usual round of bug fixes, compatibility changes, and incremental improvements. . * Update copyright info: + Update paths of files to strip from upstream source. + Stop strip ConvertUTF files when repackaging upstream source: No longer included upstream. * Update watch file: Use substitution strings. * Update package relations: + Relax to build-depend unversioned on liblcms2-dev d-shlibs cdbs: Needed versions satisfied even in oldstable * Tighten lintian overrides regarding License-Reference. * Use https protocol for upstream Homepage. * Declare compliance with Debian Policy 4.1.0. * Drop patches applied upstream. * Unfuzz patches. ghostscript (9.21~dfsg-1) unstable; urgency=medium . [ upstream ] * New release. Highlights: + pdfwrite preserves annotations from input PDFs where possible. + GhostXPS pass required data to pdfwrite to emit a ToUnicode CMap, resulting in fully searchable PDFs created from XPS in most cases. + Allow default color space for PDF transparency blends. + Improved support for cross-compiling in configure script. + tiffscaled and tiffscaled4 supports ETS (Even Tone Screening). + toolbin/pdf_info.ps utility emits PDF XML metadata. + New scan converter, more performant with large and complex paths. . [ Jonas Smedegaard ] * Modernize cdbs: + Do copyright-check in maintainer script (not during build). * Avoid compressing pdf documentation. * Revive git-ignore file, lost importing NMUs. * Update watch file: Fix track releases (not tags). * Update copyright info: + Fix update main Files section to include all directory wildcards declared in root LICENSE file. + Stop track files no longer shipped upstream. + Add copyright holder Raph Levien. + Extend coverage for main upstream author. + Use https protocol in format string. * Update patches: + Drop patches applied upstream. + Normalize patch names. + Tidy DEP3 patch headers. + Add patch cherry-picked upstream to fix the shared openjpeg build. + Add patch cherry-picked upstream to fix shared lib build with openjpeg >= 2.1.1, replacing patch 1001. * Update package relations: + Relax build-dependency on cdbs. + Stop build-depend on licensecheck libregexp-assemble-perl libimage-exiftool-perl libfont-ttf-perl. * Relax symbols check when targeting experimental. * Update symbols: 16 dropped. 37 added. * Declare compliance with Debian Policy 4.0.0. ghostscript (9.21~dfsg-1~exp1) experimental; urgency=medium . [ upstream ] * New release. Highlights: + pdfwrite preserves annotations from input PDFs where possible. + GhostXPS pass required data to pdfwrite to emit a ToUnicode CMap, resulting in fully searchable PDFs created from XPS in most cases. + Allow default color space for PDF transparency blends. + Improved support for cross-compiling in configure script. + tiffscaled and tiffscaled4 supports ETS (Even Tone Screening). + toolbin/pdf_info.ps utility emits PDF XML metadata. + New scan converter, more performant with large and complex paths. . [ Jonas Smedegaard ] * Modernize cdbs: + Do copyright-check in maintainer script (not during build). * Avoid compressing pdf documentation. * Revive git-ignore file, lost importing NMUs. * Update watch file: Fix track releases (not tags). * Update copyright info: + Stop track files no longer shipped upstream. + Add copyright holder Raph Levien. + Extend coverage for main upstream author. * Update patches: + Drop patches applied upstream. + Normalize patch names. + Tidy DEP3 patch headers. + Add patch cherry-picked upstream to fix the shared openjpeg build. + Add patch cherry-picked upstream to fix shared lib build with openjpeg >= 2.1.1, replacing patch 1001. * Update package relations: + Relax build-dependency on cdbs. + Stop build-depend on licensecheck libregexp-assemble-perl libimage-exiftool-perl libfont-ttf-perl. * Relax symbols check when targeting experimental. glibc (2.24-11+deb9u4) stretch; urgency=medium . [ Aurelien Jarno ] * debian/patches/git-updates.diff: update from upstream stable branch: - Fix buffer overflow in glob with GLOB_TILDE (CVE-2017-15670). Closes: #879501. - Fix memory leak in glob with GLOB_TILDE (CVE-2017-15671). Closes: #879500. - Fix a buffer overflow in glob with GLOB_TILDE in unescaping (CVE-2017-15804). Closes: #879955. - Fix a memory leak in ld.so (CVE-2017-1000408). Closes: #884132. - Fix a buffer overflow in ld.so (CVE-2017-1000409). Closes: #884133. - Fixes incorrect RPATH/RUNPATH handling for SUID binaries (CVE-2017-16997). Closes: #884615. - Fix a data corruption in SSE2-optimized memmove implementation for i386 (CVE-2017-18269). - Fix a stack-based buffer overflow in the realpath function (CVE-2018-11236). Closes: #899071. - Fix a buffer overflow in the AVX-512-optimized implementation of the mempcpy function (CVE-2018-11237). Closes: #899070. - Fix stack guard size accounting and reduce stack usage during unwinding to avoid segmentation faults on CPUs with AVX512-F. Closes: #903554. - Fix a use after free in pthread_create(). Closes: #916925. * debian/debhelper.in/libc.postinst, script.in/nsscheck.sh: check for postgresql in NSS check. Closes: #710275. . [ Sebastian Andrzej Siewior ] * patches/any/local-condvar-do-not-use-requeue-for-pshared-condvars.patch: patch to fix pthread_cond_wait() in the pshared case on non-x86. Closes: #904158. glx-alternatives (0.8.8~deb9u2) stretch; urgency=medium . * Revert dpkg-trigger changes from 0.8.8 as it may cause an exception thrown in apt. (Closes: #922210) glx-alternatives (0.8.8~deb9u1) stretch; urgency=medium . * Rebuild for stretch. . glx-alternatives (0.8.8) unstable; urgency=medium . * glx-diversions: Put all packages that had shared libraries diverted into triggers-awaited state to ensure the triggers in glx-alternative-mesa setting up the glx alternative get processed earlier. (Closes: #905908) * Bump Standards-Version to 4.2.1. No changes needed. . glx-alternatives (0.8.7) unstable; urgency=medium . * Update validation of the diverted libGL.so symlink. . glx-alternatives (0.8.6) unstable; urgency=medium . * glx-alternative-mesa: libGLX_mesa.so.0 is not diverted and therefore not an indicator to install the alternative. (Closes: #904486) . glx-alternatives (0.8.5) unstable; urgency=medium . * Avoid confusing diagnostic message if no nvidia alternative is available. . glx-alternatives (0.8.4) unstable; urgency=medium . * Add diversion and alternative for libGLX_indirect.so.0. * Bump Standards-Version to 4.1.5. No changes needed. glx-alternatives (0.8.8~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . glx-alternatives (0.8.8) unstable; urgency=medium . * glx-diversions: Put all packages that had shared libraries diverted into triggers-awaited state to ensure the triggers in glx-alternative-mesa setting up the glx alternative get processed earlier. (Closes: #905908) * Bump Standards-Version to 4.2.1. No changes needed. glx-alternatives (0.8.7) unstable; urgency=medium . * Update validation of the diverted libGL.so symlink. glx-alternatives (0.8.7~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . glx-alternatives (0.8.7) unstable; urgency=medium . * Update validation of the diverted libGL.so symlink. . glx-alternatives (0.8.6) unstable; urgency=medium . * glx-alternative-mesa: libGLX_mesa.so.0 is not diverted and therefore not an indicator to install the alternative. (Closes: #904486) . glx-alternatives (0.8.5) unstable; urgency=medium . * Avoid confusing diagnostic message if no nvidia alternative is available. . glx-alternatives (0.8.4) unstable; urgency=medium . * Add diversion and alternative for libGLX_indirect.so.0. * Bump Standards-Version to 4.1.5. No changes needed. glx-alternatives (0.8.6) unstable; urgency=medium . * glx-alternative-mesa: libGLX_mesa.so.0 is not diverted and therefore not an indicator to install the alternative. (Closes: #904486) glx-alternatives (0.8.5) unstable; urgency=medium . * Avoid confusing diagnostic message if no nvidia alternative is available. glx-alternatives (0.8.4) unstable; urgency=medium . * Add diversion and alternative for libGLX_indirect.so.0. * Bump Standards-Version to 4.1.5. No changes needed. glx-alternatives (0.8.3) unstable; urgency=medium . * Divert libGL.so.1.7.0, libGLESv1_CM.so.1.2.0, libGLESv2.so.2.1.0, libEGL.so.1.1.0 that will be used by the next libglvnd upstream release. * Update validation of the diverted libGL.so.1 symlink. (Closes: #879041) gnulib (20140202+stable-2+deb9u1) stretch; urgency=medium . * Non-maintainer upload. * vasnprintf: Fix heap memory overrun bug (CVE-2018-17942) (Closes: #910757) gnupg2 (2.1.18-8~deb9u4) stretch; urgency=medium . * Avoid crash when importing without a TTY (Closes: #913614) graphite-api (1.1.3-2+deb9u1) stretch; urgency=medium . [ Andreas Beckmann ] * Non-maintainer upload. * Backport spelling fix from 1.1.3-3. (Closes: #826020) . [ Vincent Bernat ] * d/service: fix RequiresMountsFor spelling. grokmirror (1.0.0-1.1~deb9u1) stretch; urgency=medium . * Non-maintainer upload. * Rebuild for stretch. . grokmirror (1.0.0-1.1) unstable; urgency=medium . * Non-maintainer upload. * Add the missing dependency on python-pkg-resources. (Closes: #888847) gvrng (4.4-3~deb9u1) stretch; urgency=medium . * QA upload. * Rebuild for stretch. . gvrng (4.4-3) unstable; urgency=high . * QA upload. * Fix the permissions problem that prevented starting gvrng. (Closes: #850516) * Tell dh_python2 where to find the files to generate dependencies. ibus (1.5.14-3+deb9u1) stretch; urgency=medium . * Non-maintainer upload. * Remove the dependency of the gir package against python, it breaks multiarch installation. (Closes: #889053) icecast2 (2.4.2-1+deb9u1) stretch-security; urgency=high . * d/p/CVE-2018-18820.patch: - Cherry-pick upstream commits fixing buffer overflow in URL authentication - Closes: #912611, CVE-2018-18820 icinga2 (2.6.0-2+deb9u1) stretch; urgency=medium . * [0eb3cad] Fix timestamps being stored as local time in PostgreSQL. intel-microcode (3.20180807a.2~deb9u1) stretch; urgency=medium . * Release managers: This update is being distributed by Debian in unstable, testing and jessie- and stretch-backports since 2018-10-30 without issues, and by most distros since 2018-08/2018-09, with no known reports of regressions on Westmere EP processors (Spectre mitigations are very expensive on Nehalem and Westmere, though). * SECURITY FIX: this update adds the accumulated fixes for Westmere EP (signature 0x206c2) from nearly a decade, including but likely not limited to: + Implements L1D_FLUSH support (L1TF "Foreshadow/-NG" mitigation) Intel SA-00161, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 + Implements SSBD support (Spectre v4 mitigation), Disable speculation for (some) RDMSR/WRMSR (Spectre v3a fix) Intel SA-00115, CVE-2018-3639, CVE-2018-3640 + Implements IBRS/IBPB/STIPB support, Spectre v2 mitigation. Intel SA-0088, CVE-2017-5753, CVE-2017-5754 + Very likely implements LAPIC sinkhole fix + Fixes AAK167/BT248: Virtual APIC accesses with 32-bit PAE paging may cause system crash * This Westmere EP microcode update has been explicitly approved by Intel for general distribution by operating systems, refer to the changelog entry for 3.20180807a.2 below . intel-microcode (3.20180807a.2) unstable; urgency=medium . * Makefile: unblacklist 0x206c2 (Westmere EP) According to pragyansri.pathi@intel.com, on message to LP#1795594 on 2018-10-09, we can ship 0x206c2 updates without restrictions. Also, there are no reports in the field about this update causing issues (closes: #907402) (LP: #1795594) intel-microcode (3.20180807a.2~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports (no changes) . intel-microcode (3.20180807a.2) unstable; urgency=medium . * Makefile: unblacklist 0x206c2 (Westmere EP) According to pragyansri.pathi@intel.com, on message to LP#1795594 on 2018-10-09, we can ship 0x206c2 updates without restrictions. Also, there are no reports in the field about this update causing issues (closes: #907402) (LP: #1795594) intel-microcode (3.20180807a.2~bpo8+1) jessie-backports-sloppy; urgency=medium . * Rebuild for jessie-backports-sloppy (no changes) . intel-microcode (3.20180807a.2) unstable; urgency=medium . * Makefile: unblacklist 0x206c2 (Westmere EP) According to pragyansri.pathi@intel.com, on message to LP#1795594 on 2018-10-09, we can ship 0x206c2 updates without restrictions. Also, there are no reports in the field about this update causing issues (closes: #907402) (LP: #1795594) intel-microcode (3.20180807a.1) unstable; urgency=high . [ Henrique de Moraes Holschuh ] * New upstream microcode datafile 20180807a (closes: #906158, #906160, #903135, #903141) + New Microcodes: sig 0x000206c2, pf_mask 0x03, 2018-05-08, rev 0x001f, size 11264 sig 0x000206e6, pf_mask 0x04, 2018-05-15, rev 0x000d, size 9216 sig 0x000506c2, pf_mask 0x01, 2018-05-11, rev 0x0014, size 15360 sig 0x000506ca, pf_mask 0x03, 2018-05-11, rev 0x000c, size 14336 sig 0x000506f1, pf_mask 0x01, 2018-05-11, rev 0x0024, size 10240 + Updated Microcodes: sig 0x000106a5, pf_mask 0x03, 2018-05-11, rev 0x001d, size 12288 sig 0x000106e5, pf_mask 0x13, 2018-05-08, rev 0x000a, size 9216 sig 0x00020652, pf_mask 0x12, 2018-05-08, rev 0x0011, size 9216 sig 0x00020655, pf_mask 0x92, 2018-04-23, rev 0x0007, size 4096 sig 0x000206a7, pf_mask 0x12, 2018-04-10, rev 0x002e, size 12288 sig 0x000206f2, pf_mask 0x05, 2018-05-16, rev 0x003b, size 14336 sig 0x000306a9, pf_mask 0x12, 2018-04-10, rev 0x0020, size 13312 sig 0x000306c3, pf_mask 0x32, 2018-04-02, rev 0x0025, size 23552 sig 0x000306d4, pf_mask 0xc0, 2018-03-22, rev 0x002b, size 18432 sig 0x00040651, pf_mask 0x72, 2018-04-02, rev 0x0024, size 22528 sig 0x00040661, pf_mask 0x32, 2018-04-02, rev 0x001a, size 25600 sig 0x00040671, pf_mask 0x22, 2018-04-03, rev 0x001e, size 13312 sig 0x000406e3, pf_mask 0xc0, 2018-04-17, rev 0x00c6, size 99328 sig 0x00050662, pf_mask 0x10, 2018-05-25, rev 0x0017, size 31744 sig 0x00050663, pf_mask 0x10, 2018-04-20, rev 0x7000013, size 22528 sig 0x00050664, pf_mask 0x10, 2018-04-20, rev 0xf000012, size 22528 sig 0x000506c9, pf_mask 0x03, 2018-05-11, rev 0x0032, size 16384 sig 0x000506e3, pf_mask 0x36, 2018-04-17, rev 0x00c6, size 99328 sig 0x000706a1, pf_mask 0x01, 2018-05-22, rev 0x0028, size 73728 sig 0x000806e9, pf_mask 0xc0, 2018-03-24, rev 0x008e, size 98304 sig 0x000806ea, pf_mask 0xc0, 2018-05-15, rev 0x0096, size 98304 sig 0x000906e9, pf_mask 0x2a, 2018-03-24, rev 0x008e, size 98304 sig 0x000906ea, pf_mask 0x22, 2018-05-02, rev 0x0096, size 97280 sig 0x000906eb, pf_mask 0x02, 2018-03-24, rev 0x008e, size 98304 + Implements L1D_FLUSH support (L1TF "Foreshadow/-NG" mitigation) Intel SA-00161, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 + Implements SSBD support (Spectre v4 mitigation), Disable speculation for (some) RDMSR/WRMSR (Spectre v3a fix) Intel SA-00115, CVE-2018-3639, CVE-2018-3640 + Implements IBRS/IBPB/STIPB support, Spectre v2 mitigation for older processors with signatures 0x106a5, 0x106e5, 0x20652, 0x20655. Intel SA-0088, CVE-2017-5753, CVE-2017-5754 * source: update symlinks to reflect id of the latest release, 20180807a * debian/intel-microcode.docs: ship license and releasenote upstream files. * debian/changelog: update entry for 3.20180703.1 with L1TF information . [ Julian Andres Klode ] * initramfs: include all microcode for MODULES=most. Default to early instead of auto, and install all of the microcode, not just the one matching the current CPU, if MODULES=most is set in the initramfs-tools config (LP: #1778738) isort (4.2.5+ds1-2+deb9u1) stretch; urgency=medium . * Non-maintainer upload. * Add missing dependency on python3-pkg-resources. Thanks to Andreas Beckmann for reporting the issue. (Closes: #902327) * Fix dependencies of the python2 package by using the correct ${python:Depends} substvar instead of ${python3:Depends}. Thanks to Paul Wise for catching it. (Closes: #884682) jdupes (1.7-2+deb9u1) stretch; urgency=medium . * debian/patches/20_fix-crash-arm.patch: add to fix a potential crash in ARM. Thanks to Jody Bruchon . (Closes: #914078) kmodpy (0.1.10-2.1~deb9u1) stretch; urgency=medium . * Non-maintainer upload. * Rebuild for stretch. . kmodpy (0.1.10-2.1) unstable; urgency=high . * Non-maintainer upload. * Remove the incorrect Multi-Arch: same. (Closes: #897223) libapache-mod-jk (1:1.2.46-0+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * New upstream version 1.2.46 + CVE-2018-11759: fix information disclosure and privilege escalation libapache-mod-jk (1:1.2.44-3) unstable; urgency=medium . * Remove conf/httpd-jk.conf from debian/clean to fix a FTBFS when building binary-arch target. libapache-mod-jk (1:1.2.44-2) unstable; urgency=medium . * Fix broken httpd-jk symlink. Thanks to Andreas Beckmann for the report. (Closes: #910160) libapache-mod-jk (1:1.2.44-1) unstable; urgency=medium . * New upstream version 1.2.44. * Declare compliance with Debian Policy 4.2.1. * Remove Damien Raude-Morvan from Uploaders. Add myself to Uploaders. (Closes: #889461) * Suggest alternative tomcat9 package. * Drop obsolete libapache2-mod-jk.NEWS. * Install new httpd-jk.conf file which follows Apache 2.4 syntax. (Closes: #786635) libapache-mod-jk (1:1.2.43-1) unstable; urgency=medium . * Team upload. * New upstream release - Refreshed the patches * Standards-Version updated to 4.1.3 * Switch to debhelper level 11 libapache2-mod-perl2 (2.0.10-2+deb9u1) stretch; urgency=medium . * [SECURITY] CVE-2011-2767: don't allow sections in user controlled configuration (Closes: #644169) libarchive (3.2.2-2+deb9u1) stretch-security; urgency=high . * Non-maintainer upload. * Fix the following security vulnerabilities: CVE-2016-10209, CVE-2016-10349, CVE-2016-10350, CVE-2017-14166, CVE-2017-14501, CVE-2017-14502, CVE-2017-14503, CVE-2018-1000877, CVE-2018-1000878, CVE-2018-1000879 and CVE-2018-1000880. Multiple security vulnerabilities were found in libarchive, a multi-format archive and compression library. Heap-based buffer over-reads, NULL pointer dereferences, use-after-frees and out-of-bounds reads allow remote attackers to cause a denial-of-service (application crash) via specially crafted archive files. (Closes: #859456, #861609, #874539, #875966, #875974, #875960, #916964, #916963, #916960) libb2 (0.97-2+deb9u1) stretch; urgency=medium . * debian/patches/60ea749837362c226e8501718f505ab138e5c19d.patch: detect if the system can use AVX before actually using it (Closes: #884958) libdatetime-timezone-perl (1:2.09-1+2018i) stretch; urgency=medium . * Update to Olson database version 2018i. This update contains contemporary changes for São Tomé and Príncipe. libdatetime-timezone-perl (1:2.09-1+2018h) stretch; urgency=medium . * Update to Olson database version 2018h. This update contains contemporary changes for Kazakhstan, Alaska, Morocco, and Iran. libemail-address-list-perl (0.05-1+deb9u1) stretch; urgency=medium . * [SECURITY] Fix DoS vulnerability CVE-2018-18898 libemail-address-perl (1.908-1+deb9u1) stretch; urgency=medium . * Team upload. * [SECURITY]: Fix DoS vulnerabilities CVE-2015-7686 and CVE-2018-12558 libextractor (1:1.3-4+deb9u3) stretch-security; urgency=high . * Fix out-of-bounds read vulnerability in common/convert.c (Closes: #917214, CVE-2018-20430). * Fix NULL pointer dereference in OLE2 extractor (Closes: #917213, CVE-2018-20431). libgd2 (2.2.4-2+deb9u4) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Heap-based buffer overflow in gdImageColorMatch (CVE-2019-6977) (Closes: #920645) * Potential double-free in gdImage*Ptr() (CVE-2019-6978) (Closes: #920728) libgpod (0.8.3-8.2+deb9u1) stretch; urgency=high . * QA upload. * debian/control: Replace defunct Vcs-* fields with correct ones. * python-gpod: Add missing dependency on python-gobject-2. (Closes: #896230) liblivemedia (2016.11.28-1+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2018-4013: stack-based buffer overflow in the HTTP packet-parsing functionality, potentially resulting in code execution. libphp-phpmailer (5.2.14+dfsg-2.3+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * object injection vulnerability (CVE-2018-19296) (Closes: #913912) libreoffice (1:5.2.7-1+deb9u5) stretch-security; urgency=high . * debian/patches/disableClassPathURLCheck.diff: add workaround to fix build with openjdks with S8195874 included - add -Djdk.net.URLClassPath.disableClassPathURLCheck=true to JAVAIFLAGS; see https://gerrit.libreoffice.org/#/c/63118/2 . * debian/patches/keep-pyuno-script-processing-below-base-uri.diff: as name says (CVE-2018-16858) * debian/patches/show-partial-signatures-even-if-cert-validation-fails.diff: as name says (CERT-Bund#2018100828000257), but backport the non-UI parts only - the "signing already existing PDFs" feature doesn't exist here yet libssh (0.7.3-2+deb9u2) stretch; urgency=medium . * Non-maintainer upload. * Fix broken server-side keyboard-interactive authentication. Thanks to Martin Pitt (Closes: #913870) libvncserver (0.9.11+dfsg-1.3~deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Rebuild for stretch-security. libvncserver (0.9.11+dfsg-1.2) unstable; urgency=high . * Non-maintainer upload. * Fix multiple security vulnerabilities (Closes: #916941) - Use-after-free in file transfer extension allows for potential code execution (CVE-2018-15126) - Heap out-of-bounds write in rfbserver.c:rfbProcessFileTransferReadBuffer() allows for potential code execution (CVE-2018-15127) - Multiple heap out-of-bound writes in VNC client code (CVE-2018-20019) - Heap out-of-bound write inside structure in VNC client code allows for potential code execution (CVE-2018-20020) - Infinite loop in VNC client code allows for denial of service (CVE-2018-20021) - Improper initialization in VNC client code allows for information disclosure (CVE-2018-20022) - Improper initialization in VNC Repeater client code allows for information disclosure (CVE-2018-20023) - NULL pointer dereference in VNC client code allows for denial of service (CVE-2018-20024) - Use-after-free in file transfer extension server code allows for potential code execution (CVE-2018-6307) * Update symbols file for libvncserver1. The fix for CVE-2018-15126 removes CloseUndoneFileTransfer and introduces new CloseUndoneFileDownload and CloseUndoneFileUpload. libvncserver (0.9.11+dfsg-1.1) unstable; urgency=high . * Non-maintainer upload. * Fix CVE-2018-7225: Uninitialized and potentially sensitive data could be accessed by remote attackers because the msg.cct.length in rfbserver.c was not sanitized. (Closes: #894045) linux (4.9.144-3) stretch; urgency=medium . * libceph: fix CEPH_FEATURE_CEPHX_V2 check in calc_signature() (regression in 4.9.144) linux (4.9.144-2) stretch; urgency=medium . * [mips*] inst: Avoid ABI change in 4.9.136 (fixes FTBFS) * efi/libstub: Unify command line param parsing (fixes FTBFS on arm64) linux (4.9.144-1) stretch; urgency=medium . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.136 - xfrm: Validate address prefix lengths in the xfrm selector. - xfrm6: call kfree_skb when skb is toobig - mac80211: Always report TX status - cfg80211: reg: Init wiphy_idx in regulatory_hint_core() - mac80211: fix pending queue hang due to TX_DROP - cfg80211: Address some corner cases in scan result channel updating - mac80211: TDLS: fix skb queue/priority assignment - [armel,armhf] 8799/1: mm: fix pci_ioremap_io() offset check - xfrm: validate template mode - nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT - mac80211_hwsim: do not omit multicast announce of first added radio - Bluetooth: SMP: fix crash in unpairing - qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor - qed: Avoid constant logical operation warning in qed_vf_pf_acquire - asix: Check for supported Wake-on-LAN modes - ax88179_178a: Check for supported Wake-on-LAN modes - lan78xx: Check for supported Wake-on-LAN modes - sr9800: Check for supported Wake-on-LAN modes - r8152: Check for supported Wake-on-LAN Modes - smsc75xx: Check for Wake-on-LAN modes - smsc95xx: Check for Wake-on-LAN modes - perf/ring_buffer: Prevent concurent ring buffer access - [x86] perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX - [armhf] net: fec: fix rare tx timeout - net: cxgb3_main: fix a missing-check bug - perf symbols: Fix memory corruption because of zero length symbols - mm/memory_hotplug.c: fix overflow in test_pages_in_a_zone() - [mips*] microMIPS: Fix decoding of swsp16 instruction - [mips*] Handle non word sized instructions when examining frame - scsi: aacraid: Fix typo in blink status - f2fs: fix multiple f2fs_add_link() having same name for inline dentry - igb: Remove superfluous reset to PHY and page 0 selection - ACPI: sysfs: Make ACPI GPE mask kernel parameter cover all GPEs - PCI: Disable MSI for HiSilicon Hip06/Hip07 only in Root Port mode - [arm64,armhf] i2c: bcm2835: Avoid possible NULL ptr dereference - efi/fb: Correct PCI_STD_RESOURCE_END usage - ipv6: set rt6i_protocol properly in the route when it is installed - [x86] platform: acer-wmi: setup accelerometer when ACPI device was found - IB/ipoib: Do not warn if IPoIB debugfs doesn't exist - IB/core: Fix the validations of a multicast LID in attach or detach operations - rxe: Fix a sleep-in-atomic bug in post_one_send - nvme-pci: fix CMB sysfs file removal in reset path - net: phy: marvell: Limit 88m1101 autoneg errata to 88E1145 as well. - net/mlx5: Fix command completion after timeout access invalid structure - tipc: Fix tipc_sk_reinit handling of -EAGAIN - tipc: fix a race condition of releasing subscriber object - bnxt_en: Don't use rtnl lock to protect link change logic in workqueue. - [armhf] dts: bcm283x: Reserve first page for firmware - btrfs: fiemap: Cache and merge fiemap extent before submit it to user - [arm64] reset: hi6220: Set module license so that it can be loaded - [x86] ASoC: Intel: Skylake: Fix to parse consecutive string tkns in manifest - mac80211: fix TX aggregation start/stop callback race - libata: fix error checking in in ata_parse_force_one() - [armhf] net: ethernet: stmmac: Fix altr_tse_pcs SGMII Initialization - [i386] x86/cpu/cyrix: Add alternative Device ID of Geode GX1 SoC - [armhf] gpu: ipu-v3: Fix CSI selection for VDIC - [arm64,armhf] net: stmmac: ensure jumbo_frm error return is correctly checked for -ve value - Btrfs: clear EXTENT_DEFRAG bits in finish_ordered_io - ufs: we need to sync inode before freeing it - net/mlx5e: Fix fixpoint divide exception in mlx5e_am_stats_compare - ip6_tunnel: Correct tos value in collect_md mode - net/mlx5: Fix driver load error flow when firmware is stuck - perf evsel: Fix probing of precise_ip level for default cycles event - perf probe: Fix probe definition for inlined functions - net/mlx5: Fix health work queue spin lock to IRQ safe - [armhf] usb: dwc3: omap: remove IRQ_NOAUTOEN used with shared irq - [armhf] clk: samsung: Fix m2m scaler clock on Exynos542x - rds: ib: Fix missing call to rds_ib_dev_put in rds_ib_setup_qp - qed: Warn PTT usage by wrong hw-function - ocfs2: fix deadlock caused by recursive locking in xattr - net: cdc_ncm: GetNtbFormat endian fix - sctp: use right member as the param of list_for_each_entry - ALSA: hda - No loopback on ALC299 codec - ath10k: convert warning about non-existent OTP board id to debug message - ipv6: fix cleanup ordering for ip6_mr failure - IB/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush - IB/rxe: put the pool on allocation failure - nbd: only set MSG_MORE when we have more to send - mm/frame_vector.c: release a semaphore in 'get_vaddr_frames()' - IB/mlx5: Avoid passing an invalid QP type to firmware - scsi: qla2xxx: Avoid double completion of abort command - drm: bochs: Don't remove uninitialized fbdev framebuffer - i40e: avoid NVM acquire deadlock during NVM update - Revert "IB/ipoib: Update broadcast object if PKey value was changed in index 0" - Btrfs: incremental send, fix invalid memory access - [arm64] drm/msm: Fix possible null dereference on failure of get_pages() - l2tp: remove configurable payload offset - macsec: fix memory leaks when skb_to_sgvec fails - perf/core: Fix locking for children siblings group read - cifs: Use ULL suffix for 64-bit constant - futex: futex_wake_op, do not fail on invalid op - ALSA: hda - Fix incorrect usage of IS_REACHABLE() - enic: do not overwrite error code - bonding: ratelimit failed speed/duplex update warning - nvmet: fix space padding in serial number - iio: buffer: fix the function signature to match implementation - [x86] paravirt: Fix some warning messages - IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()' - libertas: call into generic suspend code before turning off power - xhci: Fix USB3 NULL pointer dereference at logical disconnect. - [armhf] dts: imx53-qsb: disable 1.2GHz OPP - rxrpc: Don't check RXRPC_CALL_TX_LAST after calling rxrpc_rotate_tx_window() - rxrpc: Only take the rwind and mtu values from latest ACK - [x86] net: ena: fix NULL dereference due to untimely napi initialization - fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters() - mtd: spi-nor: Add support for is25wp series chips - Revert "netfilter: ipv6: nf_defrag: drop skb dst before queueing" - bridge: do not add port to router list when receives query with source 0.0.0.0 - net: bridge: remove ipv6 zero address check in mcast queries - ipv6: mcast: fix a use-after-free in inet6_mc_check - ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called - llc: set SOCK_RCU_FREE in llc_sap_add_socket() - net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs - net: sched: gred: pass the right attribute to gred_change_table_def() - net: socket: fix a missing-check bug - [arm64,armhf] net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules - net: udp: fix handling of CHECKSUM_COMPLETE packets - r8169: fix NAPI handling under high load - sctp: fix race on sctp_id2asoc - vhost: Fix Spectre V1 vulnerability - ethtool: fix a privilege escalation bug - bonding: fix length of actor system - net: drop skb on failure in ip_check_defrag() - net: fix pskb_trim_rcsum_slow() with odd trim offset - rtnetlink: Disallow FDB configuration for non-Ethernet device - ip6_tunnel: Fix encapsulation layout - crypto: shash - Fix a sleep-in-atomic bug in shash_setkey_unaligned - ahci: don't ignore result code of ahci_reset_controller() - xfs: truncate transaction does not modify the inobt - cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) - ptp: fix Spectre v1 vulnerability - drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl - RDMA/ucma: Fix Spectre v1 vulnerability - IB/ucm: Fix Spectre v1 vulnerability - cdc-acm: correct counting of UART states in serial state notification - usb: gadget: storage: Fix Spectre v1 vulnerability - USB: fix the usbfs flag sanitization for control transfers - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM - sched/fair: Fix throttle_list starvation with low CFS quota - [x86] percpu: Fix this_cpu_read() - [x86] time: Correct the attribute on jiffies' definition - posix-timers: Sanitize overrun handling (CVE-2018-12896) https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.137 - bcache: fix miss key refill->end in writeback - jffs2: free jffs2_sb_info through jffs2_kill_sb() - pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges - [arm64] ipmi: Fix timer race with module unload - [hppa/parisc] Fix address in HPMC IVA - [hppa/parisc] Fix map_pages() to not overwrite existing pte entries - ALSA: hda - Add quirk for ASUS G751 laptop - ALSA: hda - Fix headphone pin config for ASUS G751 - ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) - ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops - [x86] speculation: Enable cross-hyperthread spectre v2 STIBP mitigation - [x86] corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided - [x86] speculation: Support Enhanced IBRS on future CPUs - Revert "perf tools: Fix PMU term format max value calculation" - xfrm: policy: use hlist rcu variants on insert - sched/fair: Fix the min_vruntime update logic in dequeue_entity() - perf cpu_map: Align cpu map synthesized events properly. - [x86] fpu: Remove second definition of fpu in __fpu__restore_sig() - net: qla3xxx: Remove overflowing shift statement - locking/lockdep: Fix debug_locks off performance problem - tun: Consistently configure generic netdev params via rtnetlink - [s390x] sthyi: Fix machine name validity indication - [armhf] hwmon: (pwm-fan) Set fan speed to 0 on suspend - perf tools: Free temporary 'sys' string in read_event_files() - perf tools: Cleanup trace-event-info 'tdata' leak - perf strbuf: Match va_{add,copy} with va_end - mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 - iwlwifi: pcie: avoid empty free RB queue - [i386] x86/olpc: Indicate that legacy PC XO-1 platform should not register RTC - [arm64,armhf] cpufreq: dt: Try freeing static OPPs only if we have added them - Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth - [arm64] pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux - brcmfmac: fix for proper support of 160MHz bandwidth - kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() - ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers - [arm64] pinctrl: qcom: spmi-mpp: Fix drive strength setting - [arm64] pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant - [arm64] pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant - ixgbevf: VF2VF TCP RSS - ath10k: schedule hardware restart if WMI command times out - cgroup, netclassid: add a preemption point to write_classid - scsi: esp_scsi: Track residual for PIO transfers - scsi: megaraid_sas: fix a missing-check bug - RDMA/core: Do not expose unsupported counters - IB/ipoib: Clear IPCB before icmp_send - tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated - [x86] VMCI: Resource wildcard match fixed - ext4: fix argument checking in EXT4_IOC_MOVE_EXT - MD: fix invalid stored role for a disk - PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice - [arm64,armhf] usb: chipidea: Prevent unbalanced IRQ disable - [amd64] driver/dma/ioat: Call del_timer_sync() without holding prep_lock - uio: ensure class is registered before devices - scsi: lpfc: Correct soft lockup when running mds diagnostics - signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init - ALSA: hda: Check the non-cached stream buffers more explicitly - [armhf] dts: exynos: Remove "cooling-{min|max}-level" for CPU nodes - [armhf] dts: exynos: Add missing cooling device properties for CPUs - [armhf] dts: exynos: Convert exynos5250.dtsi to opp-v2 bindings - [armhf] dts: exynos: Mark 1 GHz CPU OPP as suspend OPP on Exynos5250 - xen-swiotlb: use actually allocated size on check physical continuous - [x86] tpm: Restore functionality to xen vtpm driver. - xen/blkfront: avoid NULL blkfront_info dereference on device removal - [x86] xen: fix race in xen_qlock_wait() - [x86] xen: make xen_qlock_wait() nestable - libertas: don't set URB_ZERO_PACKET on IN USB transfer - [x86] usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten - iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() - [x86] libnvdimm: Hold reference on parent while scheduling async init - [x86] ASoC: intel: skylake: Add missing break in skl_tplg_get_token() - jbd2: fix use after free in jbd2_log_do_checkpoint() - gfs2_meta: ->mount() can get NULL dev_name - ext4: initialize retries variable in ext4_da_write_inline_data_begin() - ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR - HID: hiddev: fix potential Spectre v1 - EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting - [amd64] EDAC, skx_edac: Fix logical channel intermediate decoding - PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk - [ppc64el] signal/GenWQE: Fix sending of SIGKILL - crypto: lrw - Fix out-of bounds access on counter overflow - crypto: tcrypt - fix ghash-generic speed test - ima: fix showing large 'violations' or 'runtime_measurements_count' - hugetlbfs: dirty pages as they are added to pagecache - [armhf] w1: omap-hdq: fix missing bus unregister at removal - smb3: allow stats which track session and share reconnects to be reset - smb3: do not attempt cifs operation in smb3 query info error path - smb3: on kerberos mount if server doesn't specify auth type use krb5 - printk: Fix panic caused by passing log_buf_len to command line - genirq: Fix race on spurious interrupt detection - NFSv4.1: Fix the r/wsize checking - nfsd: Fix an Oops in free_session() - lockd: fix access beyond unterminated strings in prints - dm ioctl: harden copy_params()'s copy_from_user() from malicious users - [powerpc*] msi: Fix compile error on mpc83xx - [mips*] OCTEON: fix out of bounds array access on CN68XX - media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD - [x86] xen: fix xen_qlock_wait() - media: em28xx: use a default format if TRY_FMT fails - media: tvp5150: avoid going past array on v4l2_querymenu() - media: em28xx: fix input name for Terratec AV 350 - media: em28xx: make v4l2-compliance happier by starting sequence on zero - [arm64] lse: remove -fcall-used-x0 flag - rpmsg: smd: fix memory leak on channel create - Cramfs: fix abad comparison when wrap-arounds occur - [arm64,armhf] soc/tegra: pmc: Fix child-node lookup - btrfs: Handle owner mismatch gracefully when walking up tree - btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid deadlock - btrfs: fix error handling in free_log_tree - btrfs: iterate all devices during trim, instead of fs_devices::alloc_list - btrfs: don't attempt to trim devices that don't support it - btrfs: wait on caching when putting the bg cache - btrfs: reset max_extent_size on clear in a bitmap - btrfs: make sure we create all new block groups - Btrfs: fix wrong dentries after fsync of file that got its parent replaced - btrfs: qgroup: Dirty all qgroups before rescan - Btrfs: fix null pointer dereference on compressed write path error - btrfs: set max_extent_size properly - MD: fix invalid stored role for a disk - try2 https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.138 - [powerpc*] powerpc/eeh: Fix possible null deref in eeh_dump_dev_log() - tty: check name length in tty_find_polling_driver() - [powerpc*] nohash: fix undefined behaviour when testing page size support - [armhf] drm/omap: fix memory barrier bug in DMM driver - media: pci: cx23885: handle adding to list failure - [mips*] kexec: Mark CPU offline before disabling local IRQ - [powerpc*] boot: Ensure _zimage_start is a weak symbol - [mips*] PCI: Call pcie_bus_configure_settings() to set MPS/MRRS - media: tvp5150: fix width alignment during set_selection() - 9p locks: fix glock.client_id leak in do_lock - 9p: clear dangling pointers in p9stat_free - cdrom: fix improper type cast, which can leat to information leak. (CVE-2018-18710) - scsi: qla2xxx: Fix incorrect port speed being set for FC adapters - scsi: qla2xxx: shutdown chip if reset fail - fuse: Fix use-after-free in fuse_dev_do_read() - fuse: Fix use-after-free in fuse_dev_do_write() - fuse: fix blocked_waitq wakeup - fuse: set FR_SENT while locked - mm: do not bug_on on incorrect length in __mm_populate() - e1000: avoid null pointer dereference on invalid stat type - e1000: fix race condition between e1000_down() and e1000_watchdog - bna: ethtool: Avoid reading past end of buffer - [hppa/parisc] Align os_hpmc_size on word boundary - [hppa/parisc] Fix HPMC handler by increasing size to multiple of 16 bytes - [hppa/parisc] Fix exported address of os_hpmc handler - [mips64el,mipsel] Loongson-3: Fix CPU UART irq delivery problem - [mips64le,mipsel] Loongson-3: Fix BRIDGE irq delivery problem - [armhf] clk: s2mps11: Fix matching when built as module and DT node contains compatible - [armhf] clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call - libceph: bump CEPH_MSG_MAX_DATA_LEN - Revert "ceph: fix dentry leak in splice_dentry()" - mach64: fix display corruption on big endian machines - mach64: fix image corruption due to reading accelerator registers - [arm64] reset: hisilicon: fix potential NULL pointer dereference - vhost/scsi: truncate T10 PI iov_iter to prot_bytes - ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry - mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings - netfilter: conntrack: fix calculation of next bucket number in early_drop - termios, tty/tty_baudrate.c: fix buffer overrun - Btrfs: fix cur_offset in the error case for nocow - Btrfs: fix data corruption due to cloning of eof block - clockevents/drivers/i8253: Add support for PIT shutdown quirk - ext4: add missing brelse() update_backups()'s error path - ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path - ext4: add missing brelse() add_new_gdb_meta_bg()'s error path - ext4: avoid potential extra brelse in setup_new_flex_group_blocks() - ext4: fix possible inode leak in the retry loop of ext4_resize_fs() - ext4: avoid buffer leak in ext4_orphan_add() after prior errors - ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing - ext4: avoid possible double brelse() in add_new_gdb() on error path - ext4: fix possible leak of sbi->s_group_desc_leak in error path - ext4: fix possible leak of s_journal_flag_rwsem in error path - ext4: release bs.bh before re-using in ext4_xattr_block_find() - ext4: fix buffer leak in ext4_xattr_move_to_block() on error path - ext4: fix buffer leak in __ext4_read_dirblock() on error path - mount: Retest MNT_LOCKED in do_umount - mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts - mount: Prevent MNT_DETACH from disconnecting locked mounts - sunrpc: correct the computation for page_ptr when truncating - nfsd: COPY and CLONE operations require the saved filehandle to be set - rtc: hctosys: Add missing range error reporting - fuse: fix use-after-free in fuse_direct_IO() - fuse: fix leaked notify reply - configfs: replace strncpy with memcpy - lib/ubsan.c: don't mark __ubsan_handle_builtin_unreachable as noreturn - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! - mm: migration: fix migration of huge PMD shared pages - [armhf] drm/rockchip: Allow driver to be shutdown on reboot/kexec - drm/dp_mst: Check if primary mstb is null - [x86] drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values - [x86] drm/i915/execlists: Force write serialisation into context image vs execution - [arm64] KVM: Fix caching of host MDCR_EL2 value https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.139 - flow_dissector: do not dissect l4 ports for fragments - ip_tunnel: don't force DF when MTU is locked - net-gro: reset skb->pkt_type in napi_reuse_skb() - sctp: not allow to set asoc prsctp_enable by sockopt - tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths - usbnet: smsc95xx: disable carrier check while suspending - inet: frags: better deal with smp races - ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF - kbuild: Add better clang cross build support - kbuild: clang: add -no-integrated-as to KBUILD_[AC]FLAGS - kbuild: Consolidate header generation from ASM offset information - kbuild: consolidate redundant sed script ASM offset generation - kbuild: fix asm-offset generation to work with clang - kbuild: drop -Wno-unknown-warning-option from clang options - kbuild, LLVMLinux: Add -Werror to cc-option to support clang - kbuild: use -Oz instead of -Os when using clang - kbuild: Add support to generate LLVM assembly files - modules: mark __inittest/__exittest as __maybe_unused - [x86] kbuild: Use cc-option to enable -falign-{jumps/loops} - [amd64] crypto, x86: aesni - fix token pasting for clang - kbuild: Add __cc-option macro - [x86] build: Use __cc-option for boot code compiler options - [x86] build: Specify stack alignment for clang - kbuild: clang: Disable 'address-of-packed-member' warning - [arm64] crypto: arm64/sha - avoid non-standard inline asm tricks - [x86] boot: #undef memcpy() et al in string.c - [arm64] efi/libstub/arm64: Use hidden attribute for struct screen_info reference - [arm64] efi/libstub/arm64: Force 'hidden' visibility for section markers - efi/libstub: Preserve .debug sections after absolute relocation check - [arm64] efi/libstub/arm64: Set -fpie when building the EFI stub - [x86] build: Fix stack alignment for CLang - [x86] build: Use cc-option to validate stack alignment parameter - Kbuild: use -fshort-wchar globally - [arm64] uaccess: suppress spurious clang warning - [armel,armhf] add more CPU part numbers for Cortex and Brahma B15 CPUs - [armel,armhf] bugs: prepare processor bug infrastructure - [armel,armhf] bugs: hook processor bug checking into SMP and suspend paths - [armel,armhf] bugs: add support for per-processor bug checking - [armel,armhf] spectre: add Kconfig symbol for CPUs vulnerable to Spectre - [armel,armhf] spectre-v2: harden branch predictor on context switches - [armel,armhf] spectre-v2: add Cortex A8 and A15 validation of the IBE bit - [armel,armhf] spectre-v2: harden user aborts in kernel space - [armel,armhf] spectre-v2: add firmware based hardening - [armel,armhf] spectre-v2: warn about incorrect context switching functions - [armel,armhf] KVM: invalidate BTB on guest exit for Cortex-A12/A17 - [armel,armhf] KVM: invalidate icache on guest exit for Cortex-A15 - [armel,armhf] spectre-v2: KVM: invalidate icache on guest exit for Brahma B15 - [armel,armhf] KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling - [armel,armhf] KVM: report support for SMCCC_ARCH_WORKAROUND_1 - [armel,armhf] spectre-v1: add speculation barrier (csdb) macros - [armel,armhf] spectre-v1: add array_index_mask_nospec() implementation - [armel,armhf] spectre-v1: fix syscall entry - [armel,armhf] signal: copy registers using __copy_from_user() - [armel,armhf] vfp: use __copy_from_user() when restoring VFP state - [armel,armhf] oabi-compat: copy semops using __copy_from_user() - [armel,armhf] use __inttype() in get_user() - [armel,armhf] spectre-v1: use get_user() for __get_user() - [armel,armhf] spectre-v1: mitigate user accesses https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.140 - Revert "x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation" - Revert "ipv6: set rt6i_protocol properly in the route when it is installed" https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.141 - cifs: don't dereference smb_file_target before null check - reiserfs: propagate errors from fill_with_dentries() properly - hfs: prevent btree data loss on root split - hfsplus: prevent btree data loss on root split - drm/edid: Add 6 bpc quirk for BOE panel. - clk: fixed-rate: fix of_node_get-put imbalance - fs/exofs: fix potential memory leak in mount option parsing - [armhf] clk: samsung: exynos5420: Enable PERIS clocks for suspend - [x86] platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 - [arm64] percpu: Initialize ret in the default case - netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net - netfilter: ipset: Correct rcu_dereference() call in ip_set_put_comment() - netfilter: xt_IDLETIMER: add sysfs filename checking routine - [s390x] qeth: fix HiperSockets sniffer - [ppc64el] hwmon: (ibmpowernv) Remove bogus __init annotations - clk: fixed-factor: fix of_node_get-put imbalance - qed: Fix memory/entry leak in qed_init_sp_request() - qed: Fix blocking/unlimited SPQ entries leak - zram: close udev startup race condition as default groups - SUNRPC: drop pointless static qualifier in xdr_get_next_encode_buffer() - gfs2: Put bitmap buffers in put_super - btrfs: Enhance btrfs_trim_fs function to handle error better - btrfs: Ensure btrfs_trim_fs can trim the whole filesystem - btrfs: fix pinned underflow after transaction aborted - Revert "media: videobuf2-core: don't call memop 'finish' when queueing" - Revert "Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV" - media: v4l: event: Add subscription to list before calling "add" operation - uio: Fix an Oops on load - usb: cdc-acm: add entry for Hiro (Conexant) modem - USB: quirks: Add no-lpm quirk for Raydium touchscreens - usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB - USB: misc: appledisplay: add 20" Apple Cinema Display - [x86] ACPI / platform: Add SMB0001 HID to forbidden_id_list - HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges - libceph: fall back to sendmsg for slab pages https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.142 - usb: core: Fix hub port connection events lost - [arm64,armhf] usb: dwc3: core: Clean up ULPI device - usb: xhci: fix timeout for transition from RExit to U0 - MAINTAINERS: Add Sasha as a stable branch maintainer - gpio: don't free unallocated ida on gpiochip_add_data_with_key() error path - iwlwifi: mvm: support sta_statistics() even on older firmware - iwlwifi: mvm: fix regulatory domain update when the firmware starts - brcmfmac: fix reporting support for 160 MHz channels - tools/power/cpupower: fix compilation with STATIC=true - v9fs_dir_readdir: fix double-free on p9stat_read error - selinux: Add __GFP_NOWARN to allocation at str_read() - bfs: add sanity check at bfs_fill_super() - sctp: clear the transport of some out_chunk_list chunks in sctp_assoc_rm_peer - gfs2: Don't leave s_fs_info pointing to freed memory in init_sbd - llc: do not use sk_eat_skb() - mm: don't warn about large allocations for slab - drm/ast: change resolution may cause screen blurred - drm/ast: fixed cursor may disappear sometimes - drm/ast: Remove existing framebuffers before loading driver - can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() - can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length - can: dev: __can_get_echo_skb(): Don't crash the kernel if can_priv::echo_skb is accessed out of bounds - can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb - IB/core: Fix for core panic - [amd64] IB/hfi1: Eliminate races in the SDMA send error path - usb: xhci: Prevent bus suspend if a port connect change or polling state is detected - [arm64] pinctrl: meson: fix pinconf bias disable - [armhf] cpufreq: imx6q: add return value check for voltage scale - floppy: fix race condition in __floppy_read_block_0() - [powerpc*] io: Fix the IO workarounds code to work with Radix - [x86] perf/x86/intel/uncore: Add more IMC PCI IDs for KabyLake and CoffeeLake CPUs - SUNRPC: Fix a bogus get/put in generic_key_to_expire() - [powerpc*] numa: Suppress "VPHN is not supported" messages - [arm64,armhf] efi/arm: Revert deferred unmap of early memmap mapping - tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset - of: add helper to lookup compatible child node - ath10k: fix kernel panic due to race in accessing arvif list - Input: xpad - add product ID for Xbox One S pad - Input: xpad - fix Xbox One rumble stopping after 2.5 secs - Input: xpad - correctly sort vendor id's - Input: xpad - move reporting xbox one home button to common function - Input: xpad - simplify error condition in init_output - Input: xpad - don't depend on endpoint order - Input: xpad - fix stuck mode button on Xbox One S pad - Input: xpad - restore LED state after device resume - Input: xpad - support some quirky Xbox One pads - Input: xpad - sort supported devices by USB ID - Input: xpad - sync supported devices with xboxdrv - Input: xpad - add USB IDs for Mad Catz Brawlstick and Razer Sabertooth - Input: xpad - sync supported devices with 360Controller - Input: xpad - sync supported devices with XBCD - Input: xpad - constify usb_device_id - Input: xpad - fix PowerA init quirk for some gamepad models - Input: xpad - validate USB endpoint type during probe - Input: xpad - add support for PDP Xbox One controllers - Input: xpad - add PDP device id 0x02a4 - Input: xpad - fix some coding style issues - Input: xpad - avoid using __set_bit() for capabilities - Input: xpad - add GPD Win 2 Controller USB IDs - Input: xpad - fix GPD Win 2 controller name - Input: xpad - add support for Xbox1 PDP Camo series gamepad - mwifiex: prevent register accesses after host is sleeping - mwifiex: report error to PCIe for suspend failure - mwifiex: Fix NULL pointer dereference in skb_dequeue() - mwifiex: fix p2p device doesn't find in scan problem - scsi: ufs: fix bugs related to null pointer access and array size - scsi: ufshcd: Fix race between clk scaling and ungate work - scsi: ufs: fix race between clock gating and devfreq scaling work - scsi: ufshcd: release resources if probe fails - tty: wipe buffer. - tty: wipe buffer if not echoing data - usb: xhci: fix uninitialized completion when USB3 port got wrong status - sched/core: Allow __sched_setscheduler() in interrupts when PI is not used - namei: allow restricted O_CREAT of FIFOs and regular files - lan78xx: Read MAC address from DT if present - [s390x] mm: Check for valid vma before zapping in gmap_discard - net: ieee802154: 6lowpan: fix frag reassembly - Revert "evm: Translate user/group ids relative to s_user_ns when computing HMAC" - ima: always measure and audit files in policy - ima: re-introduce own integrity cache lock - ima: re-initialize iint->atomic_flags https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.143 - mm/huge_memory: rename freeze_page() to unmap_page() - mm/huge_memory.c: reorder operations in __split_huge_page_tail() - mm/huge_memory: splitting set mapping+index before unfreeze - mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() - mm/khugepaged: collapse_shmem() stop if punched or truncated - shmem: shmem_charge: verify max_block is not exceeded before inode update - shmem: introduce shmem_inode_acct_block - mm/khugepaged: fix crashes due to misaccounted holes - mm/khugepaged: collapse_shmem() remember to clear holes - mm/khugepaged: minor reorderings in collapse_shmem() - mm/khugepaged: collapse_shmem() without freezing new_page - mm/khugepaged: collapse_shmem() do not crash on Compound - media: em28xx: Fix use-after-free when disconnecting - [arm64,armhf] Revert "wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()" - net: skb_scrub_packet(): Scrub offload_fwd_mark - [s390x] qeth: fix length check in SNMP processing - usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2 - [x86] kvm: mmu: Fix race in emulated page table writes - [x86] kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb - [x86] KVM: Fix scan ioapic use-before-initialization (CVE-2018-19407) - Btrfs: ensure path name is null terminated at btrfs_control_ioctl - [x86] perf/x86/intel: Move branch tracing setup to the Intel-specific source file - [x86] perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts() - fs: fix lost error code in dio_complete - [i386] ALSA: wss: Fix invalid snd_free_pages() at error path - ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write - ALSA: control: Fix race between adding and removing a user element - [sparc] ALSA: sparc: Fix invalid snd_free_pages() at error path - ext2: fix potential use after free - btrfs: release metadata before running delayed refs - USB: usb-storage: Add new IDs to ums-realtek - usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series - Revert "usb: dwc3: gadget: skip Set/Clear Halt when invalid" - mm: use swp_offset as key in shmem_replace_page() - [x86] Drivers: hv: vmbus: check the creation_status in vmbus_establish_gpadl() - [amd64] misc: mic/scif: fix copy-paste error in scif_create_remote_lookup - [armhf] bus: arm-cci: remove unnecessary unreachable() - [armhf] trusted_foundations: do not use naked function - [x86] efi/libstub: Make file I/O chunking x86-specific https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.144 - kernfs: Replace strncpy with memcpy - ip_tunnel: Fix name string concatenate in __ip_tunnel_create() - scsi: bfa: convert to strlcpy/strlcat - [x86] staging: rts5208: fix gcc-8 logic error warning - [amd64] x86/power/64: Use char arrays for asm function names - iser: set sector for ambiguous mr status errors - uprobes: Fix handle_swbp() vs. unregister() + register() race once more - [mips*] fix mips_get_syscall_arg o32 check - IB/mlx5: Avoid load failure due to unknown link width - drm/ast: Fix incorrect free on ioregs - drm: set is_master to 0 upon drm_new_set_master() failure - scsi: scsi_devinfo: cleanly zero-pad devinfo strings - scsi: csiostor: Avoid content leaks and casts - [x86] svm: Add mutex_lock to protect apic_access_page_done on AMD systems - Input: xpad - quirk all PDP Xbox One gamepads - Input: elan_i2c - add ELAN0620 to the ACPI table - Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR - Input: elan_i2c - add support for ELAN0621 touchpad - btrfs: Always try all copies when reading extent buffers - Btrfs: fix use-after-free when dumping free space - udf: Allow mounting volumes with incorrect identification strings - [arm64,armhf] reset: make optional functions really optional - [arm64,armhf] reset: core: fix reset_control_put - reset: fix optional reset_control_get stubs to return NULL - [arm64,armhf] reset: add exported __reset_control_get, return NULL if optional - [arm64,armhf] reset: make device_reset_optional() really optional - reset: remove remaining WARN_ON() in - mm: cleancache: fix corruption on missed inode invalidation (CVE-2018-16862) - net: qed: use correct strncpy() size - tipc: use destination length for copy string - libceph: drop len argument of *verify_authorizer_reply() - libceph: no need to drop con->mutex for ->get_authorizer() - libceph: store ceph_auth_handshake pointer in ceph_connection - libceph: factor out __prepare_write_connect() - libceph: factor out __ceph_x_decrypt() - libceph: factor out encrypt_authorizer() - libceph: add authorizer challenge (CVE-2018-1128) - libceph: implement CEPHX_V2 calculation mode (CVE-2018-1129) - libceph: weaken sizeof check in ceph_x_verify_authorizer_reply() - libceph: check authorizer reply/challenge length before reading - bpf: Prevent memory disambiguation attack (CVE-2018-3639) - wil6210: missing length check in wmi_set_ie (CVE-2018-5848) - btrfs: validate type when reading a chunk (CVE-2018-14611) - btrfs: Verify that every chunk has corresponding block group at mount time (CVE-2018-14612) - btrfs: Refactor check_leaf function for later expansion - btrfs: Check if item pointer overlaps with the item itself - btrfs: Add sanity check for EXTENT_DATA when reading out leaf - btrfs: Add checker for EXTENT_CSUM - btrfs: Move leaf and node validation checker to tree-checker.c - btrfs: struct-funcs, constify readers - btrfs: tree-checker: Enhance btrfs_check_node output - btrfs: tree-checker: Fix false panic for sanity test - btrfs: tree-checker: Add checker for dir item - btrfs: tree-checker: use %zu format string for size_t - btrfs: tree-check: reduce stack consumption in check_dir_item - btrfs: tree-checker: Verify block_group_item (CVE-2018-14613) - btrfs: tree-checker: Detect invalid and empty essential trees (CVE-2018-14612) - btrfs: Check that each block group has corresponding chunk at mount time (CVE-2018-14610) - btrfs: tree-checker: Check level for leaves and nodes - btrfs: tree-checker: Fix misleading group system information - f2fs: fix race condition in between free nid allocator/initializer (CVE-2017-18249) - f2fs: detect wrong layout - f2fs: return error during fill_super - f2fs: check blkaddr more accuratly before issue a bio - f2fs: sanity check on sit entry - f2fs: enhance sanity_check_raw_super() to avoid potential overflow - f2fs: clean up with is_valid_blkaddr() - f2fs: introduce and spread verify_blkaddr - f2fs: fix to do sanity check with secs_per_zone (CVE-2018-13100) - f2fs: fix to do sanity check with user_block_count (CVE-2018-13097) - f2fs: Add sanity_check_inode() function - f2fs: fix to do sanity check with node footer and iblocks (CVE-2018-13096) - f2fs: fix to do sanity check with block address in main area - f2fs: fix missing up_read - f2fs: fix to do sanity check with block address in main area v2 (CVE-2018-14616) - f2fs: free meta pages if sanity check for ckpt is failed - f2fs: fix to do sanity check with cp_pack_start_sum (CVE-2018-14614) - xfs: don't fail when converting shortform attr to long form during ATTR_REPLACE (CVE-2018-18690) - hugetlbfs: fix bug in pgoff overflow checking . [ Ben Hutchings ] * drivers/net/ethernet: Ignore ABI changes (fixes FTBFS on arm64; Closes: #914556) * libcpupower: Hide private function and drop it from .symbols file * Revert "elevator: fix truncation of icq_cache_name" to avoid ABI change * reset: Avoid ABI changes in 4.9.144 * esp_scsi: Ignore ABI changes * snd-hda: Ignore ABI changes * posix-timers: Avoid ABI change in 4.9.136 * sched: Avoid ABI change in 4.9.136 * [armel,armhf] Avoid ABI change in 4.9.139 . [ Noah Meyerhans ] * [arm64] PCI: Enable HOTPLUG_PCI and HOTPLUG_PCI_ACPI (Closes: #915231) * drivers/net/ethernet/amazon: Backport ENA 2.0.2 network driver (Closes: #915229) . [ Salvatore Bonaccorso ] * [rt] Refresh 0159-genirq-Allow-disabling-of-softirq-processing-in-irq-.patch for context changes in 4.9.137 * Refresh mips-loongson-3-support-irq_set_affinity-in-i8259-ch.patch for context changes in 4.9.138 * Refresh kbuild-use-nostdinc-in-compile-tests.patch for context changes in 4.9.139 * Refresh inet-frags-avoid-abi-change-in-4.9.134.patch for context changes in 4.9.139 * scripts/mod: Update modpost wrapper for 4.9.139. Upstream commit cf0c3e68aa81 "kbuild: fix asm-offset generation to work with clang" changed the macros used by devicetable-offsets.c. Copy the new sed code from upstream scripts/Makefile.lib. Originates from the same change for 4.12 done by Ben Hutchings. * Refresh media-v4l-avoid-abi-change-in-4.9.131.patch for context changes in 4.9.141 * Refresh fs-enable-link-security-restrictions-by-default.patch for context changes in 4.9.142 * Refresh inet-frags-avoid-abi-change-in-4.9.134.patch for context changes in 4.9.142 . [ Michal Simek ] * [arm64] Enable Xilinx ZynqMP SoC and drivers linux (4.9.135-1) stretch; urgency=medium . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.131 - crypto: skcipher - Fix -Wstringop-truncation warnings - tsl2550: fix lux1_input error in low light - [x86] vmci: type promotion bug in qp_host_get_user_memory() - [amd64] numa_emulation: Fix emulated-to-physical node mapping - [x86] staging: rts5208: fix missing error check on call to rtsx_write_register - uwb: hwa-rc: fix memory leak at probe - [arm64,armhf] power: vexpress: fix corruption in notifier registration - [amd64] iommu/amd: make sure TLB to be flushed before IOVA freed - Bluetooth: Add a new Realtek 8723DE ID 0bda:b009 - USB: serial: kobil_sct: fix modem-status error handling - 6lowpan: iphc: reset mac_header after decompress to fix panic - [s390x] mm: correct allocate_pgste proc_handler callback - power: remove possible deadlock when unregistering power_supply - IB/core: type promotion bug in rdma_rw_init_one_mr() - [powerpc*] kdump: Handle crashkernel memory reservation failure - [x86] tsc: Add missing header to tsc_msr.c - [armhf] hwmod: RTC: Don't assume lock/unlock will be called with irq enabled - [x86] entry/64: Add two more instruction suffixes - scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size - scsi: klist: Make it safe to use klists in atomic context - [powerpc/powerpc64,ppc64*] scsi: ibmvscsi: Improve strings handling - usb: wusbcore: security: cast sizeof to int for comparison - [ppc64el] powerpc/powernv/ioda2: Reduce upper limit for DMA window size - alarmtimer: Prevent overflow for relative nanosleep (CVE-2018-13053) - [s390x] extmem: fix gcc 8 stringop-overflow warning - [armhf] media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data - drivers/tty: add error handling for pcmcia_loop_config - [x86] media: tm6000: add error handling for dvb_register_adapter - ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge - ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock - rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() - [arm64,armhf] wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() - [armhf] mvebu: declare asm symbols as character arrays in pmsu.c - HID: hid-ntrig: add error handling for sysfs_create_group - [x86] perf/x86/intel/lbr: Fix incomplete LBR call stack - scsi: bnx2i: add error handling for ioremap_nocache - scsi: megaraid_sas: Update controller info during resume - [x86] EDAC, i7core: Fix memleaks and use-after-free on probe and remove - ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs - nfsd: fix corrupted reply to badly ordered compound - EDAC: Fix memleak in module init error path - [armhf] dts: dra7: fix DCAN node addresses - [arm64] spi: tegra20-slink: explicitly enable/disable clock - [arm*] regulator: fix crash caused by null driver data - USB: fix error handling in usb_driver_claim_interface() - USB: handle NULL config in usb_find_alt_setting() - slub: make ->cpu_partial unsigned int - media: uvcvideo: Support realtek's UVC 1.5 device - USB: usbdevfs: sanitize flags more - USB: usbdevfs: restore warning for nonsensical flags - Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()" - USB: remove LPM management from usb_driver_claim_interface() - Input: elantech - enable middle button of touchpad on ThinkPad P72 - IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop - [amd64] IB/hfi1: Invalid user input can result in crash - [amd64] IB/hfi1: Fix context recovery when PBC has an UnsupportedVL - scsi: target: iscsi: Use bin2hex instead of a re-implementation - [armhf] serial: imx: restore handshaking irq for imx1 - [amd64] IB/hfi1: Fix SL array bounds check - qed: Wait for ready indication before rereading the shmem - qed: Wait for MCP halt and resume commands to take place - [arm*] thermal: of-thermal: disable passive polling when thermal zone is disabled - [arm64] net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES - [arm64] net: hns: fix skb->truesize underestimation - e1000: check on netif_running() before calling e1000_up() - e1000: ensure to free old tx/rx rings in set_ringparam() - hwmon: (adt7475) Make adt7475_read_word() return errors - [x86] drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode - [arm*] smccc-1.1: Make return values unsigned long - [arm*] smccc-1.1: Handle function result as parameters - [x86] i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus - media: v4l: event: Prevent freeing event subscriptions while accessed https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.132 - [arm64] serial: mvebu-uart: Fix reporting of effective CSIZE to userspace - time: Introduce jiffies64_to_nsecs() - mac80211: Run TXQ teardown code before de-registering interfaces - [ppc64el] KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function - mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X - mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X - mac80211: mesh: fix HWMP sequence numbering to follow standard - [arm64] net: hns: add netif_carrier_off before change speed and duplex - cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE - gpio: Fix crash due to registration race - RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 - fs/cifs: don't translate SFM_SLASH (U+F026) to backslash - cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() - mac80211: fix a race between restart and CSA flows - mac80211: Fix station bandwidth setting after channel switch - mac80211: don't Tx a deauth frame if the AP forbade Tx - mac80211: shorten the IBSS debug messages - mm: madvise(MADV_DODUMP): allow hugetlbfs pages - HID: add support for Apple Magic Keyboards - HID: hid-saitek: Add device ID for RAT 7 Contagion - perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() - [ppc64el] perf probe powerpc: Ignore SyS symbols irrespective of endianness - RDMA/ucma: check fd type in ucma_migrate_id() - USB: yurex: Check for truncation in yurex_read() - nvmet-rdma: fix possible bogus dereference under heavy load - net/mlx5: Consider PCI domain in search for next dev - drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS - dm raid: fix rebuild of specific devices by updating superblock - fs/cifs: suppress a string overflow warning - [x86] net: ena: fix driver when PAGE_SIZE == 64kB - [x86] perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs - dm thin metadata: try to avoid ever aborting transactions - [arm64] jump_label.h: use asm_volatile_goto macro instead of "asm goto" - r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED - [s390x] qeth: use vzalloc for QUERY OAT buffer - [s390x] qeth: don't dump past end of unknown HW header - cifs: read overflow in is_valid_oplock_break() - xen/manage: don't complain about an empty value in control/sysrq node - xen: avoid crash in disable_hotplug_cpu - xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage - sysfs: Do not return POSIX ACL xattrs via listxattr - smb2: fix missing files in root share directory listing - ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 - [x86] crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() - gpiolib: Free the last requested descriptor - proc: restrict kernel stack dumps to root (CVE-2018-17972) - ocfs2: fix locking for res->tracking and dlm->tracking_list - dm thin metadata: fix __udivdi3 undefined on 32-bit https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.133 - mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly - [amd64] x86/vdso: Fix asm constraints on vDSO syscall fallbacks - [amd64] x86/vdso: Fix vDSO syscall fallback asm constraint regression - PCI: Reprogram bridge prefetch registers on resume - mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys - PM / core: Clear the direct_complete flag on errors - dm cache metadata: ignore hints array being too small during resize - dm cache: fix resize crash if user doesn't reload cache table - xhci: Add missing CAS workaround for Intel Sunrise Point xHCI - USB: serial: simple: add Motorola Tetra MTP6550 id - tty: Drop tty->count on tty_reopen() failure - cgroup: Fix deadlock in cpu hotplug path - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait - ath10k: fix kernel panic issue during pci probe - f2fs: fix invalid memory access - ucma: fix a use-after-free in ucma_resolve_ip() - ubifs: Check for name being NULL while mounting - ath10k: fix scan crash due to incorrect length calculation - ebtables: arpreply: Add the standard target sanity check - [x86] fpu: Remove use_eager_fpu() - [x86] fpu: Remove struct fpu::counter - Revert "perf: sync up x86/.../cpufeatures.h" - [x86] fpu: Finish excising 'eagerfpu' https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.134 - [armhf] mfd: omap-usb-host: Fix dts probe of children - scsi: iscsi: target: Don't use stack buffer for scatterlist - scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted() - sound: enable interrupt after dma buffer initialization - [arm64,armhf] stmmac: fix valid numbers of unicast filter entries - [x86] kvm/lapic: always disable MMIO interface in x2APIC mode - ext4: Fix error code in ext4_xattr_set_entry() - mm/vmstat.c: fix outdated vmstat_text - mach64: detect the dot clock divider correctly on sparc - [x86] i2c: i2c-scmi: fix for i2c_smbus_write_block_data - xhci: Don't print a warning when setting link state for disabled ports - bnxt_en: Fix TX timeout during netpoll. - bonding: avoid possible dead-lock - ip6_tunnel: be careful when accessing the inner header - ip_tunnel: be careful when accessing the inner header - ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() - ipv6: take rcu lock in rawv6_send_hdrinc() - [armhf] net: dsa: bcm_sf2: Call setup during switch resume - ]arm64] net: hns: fix for unmapping problem when SMMU is on - net: ipv4: update fnhe_pmtu when first hop's MTU changes - net/ipv6: Display all addresses in output of /proc/net/if_inet6 - net/usb: cancel pending work when unbinding smsc75xx - qlcnic: fix Tx descriptor corruption on 82xx devices - qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface - team: Forbid enslaving team device to itself - [armhf] net: dsa: bcm_sf2: Fix unbind ordering - [armhf] net: mvpp2: Extract the correct ethtype from the skb for tx csum offload - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 - tcp/dccp: fix lockdep issue when SYN is backlogged - inet: make sure to grab rcu_read_lock before using ireq->ireq_opt - inet: frags: change inet_frags_init_net() return value - inet: frags: add a pointer to struct netns_frags - inet: frags: refactor ipfrag_init() - inet: frags: refactor ipv6_frag_init() - inet: frags: refactor lowpan_net_frag_init() - ipv6: export ip6 fragments sysctl to unprivileged users - rhashtable: add schedule points - inet: frags: use rhashtables for reassembly units - inet: frags: remove some helpers - inet: frags: get rif of inet_frag_evicting() - inet: frags: remove inet_frag_maybe_warn_overflow() - inet: frags: do not clone skb in ip_expire() - ipv6: frags: rewrite ip6_expire_frag_queue() - inet: frags: get rid of ipfrag_skb_cb/FRAG_CB - ip: discard IPv4 datagrams with overlapping segments. - net: speed up skb_rbtree_purge() - net: modify skb_rbtree_purge to return the truesize of all purged skbs. - ipv6: defrag: drop non-last frags smaller than min mtu - net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends - net: add rb_to_skb() and other rb tree helpers - ip: use rb trees for IP frag queue. - ip: add helpers to process in-order fragments faster. - ip: process in-order fragments efficiently - ip: frags: fix crash in ip_do_fragment() - ipv4: frags: precedence bug in ip_expire() https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.135 - media: af9035: prevent buffer overflow on write - batman-adv: Fix segfault when writing to throughput_override - batman-adv: Fix segfault when writing to sysfs elp_interval - batman-adv: Prevent duplicated nc_node entry - batman-adv: Prevent duplicated softif_vlan entry - batman-adv: Prevent duplicated global TT entry - batman-adv: Prevent duplicated tvlv handler - batman-adv: fix backbone_gw refcount on queue_work() failure - batman-adv: fix hardif_neigh refcount on queue_work() failure - [armhf] clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs - [powerpc*/*64*] scsi: ibmvscsis: Fix a stringop-overflow warning - [powerpc*/*64*] scsi: ibmvscsis: Ensure partition name is properly NUL terminated - [arm64] drm: mali-dp: Call drm_crtc_vblank_reset on device init - scsi: sd: don't crash the host on invalid commands - net/mlx4: Use cpumask_available for eq->affinity_mask - [powerpc*] tm: Fix userspace r13 corruption - [powerpc*] tm: Avoid possible userspace r1 corruption on reclaim - [amd64] iommu/amd: Return devid as alias for ACPI HID devices - mremap: properly flush TLB before releasing the page (CVE-2018-18281) - mm: Preserve _PAGE_DEVMAP across mprotect() calls - netfilter: check for seqadj ext existence before adding it in nf_nat_setup_info - HID: quirks: fix support for Apple Magic Keyboards - usb: gadget: serial: fix oops when data rx'd after close - sched/cputime: Convert kcpustat to nsecs - sched/cputime: Increment kcpustat directly on irqtime account - sched/cputime: Fix ksoftirqd cputime accounting regression - [x86] HV: properly delay KVP packets when negotiation is in progress . [ Ben Hutchings ] * Resolve ABI changes caused by upstream fix for CVE-2018-5391: - Revert "inet: frags: fix ip6frag_low_thresh boundary" - Revert "inet: frags: reorganize struct netns_frags" - Revert "rhashtable: reorganize struct rhashtable layout" - Revert "inet: frags: break the 2GB limit for frags storage" - inet: frags: Avoid ABI change in 4.9.134 - sk_buff: Avoid ABI change in 4.9.134 - snmp: Remove the ReasmOverlaps statistic - ipv6: Ignore ABI changes in fragment reassembly functions * [x86] fpu: Avoid ABI change in 4.9.133 * power: Avoid ABI change in 4.9.131 * slub: Avoid ABI change in 4.9.131 * media: v4l: Avoid ABI change in 4.9.131 * netdev: Hide netdev_notifier_info_ext from modules * [x86] Revert "x86/mm: Expand static page table for fixmap space" linux-igd (1.0+cvs20070630-5+deb9u1) stretch; urgency=medium . * QA upload. * Set maintainer to the QA group. * Make the init script require $network; patch by Nye Liu (Closes: #885826) lttng-modules (2.9.0-1+deb9u1) stable; urgency=medium . * [c3d8eab] Stretch gbp branch config * [ee40323] Fix build on linux-rt 4.9 kernels. (Closes: #864404) * [b20f74a] Fix build on >= 4.9.0-3 kernels (Closes: #889901) mistral (3.0.0-4+deb9u1) stretch; urgency=medium . * CVE-2018-16849: std.ssh action may disclose presence of arbitrary files, applied upstream patch: remove extra information from std.ssh action. (Closes: #912714). monkeysign (2.2.3+deb9u1) stretch; urgency=medium . * upload to Debian stable mpqc (2.3.1-18+deb9u1) stretch; urgency=medium . [ Andreas Beckmann ] * Non-maintainer upload. * Backport the sc-libtool fix from 2.3.1-19. . [ Michael Banck ] * debian/libsc-dev.install: Install sc-libtool as well, thanks to Hideki Yamane (closes: #873719). mupdf (1.9a+ds1-4+deb9u4) stretch-security; urgency=high . * Fix CVE-2017-17866, CVE-2018-1000037, CVE-2018-1000040, CVE-2018-5686, CVE-2018-6187, and CVE-2018-6192 (Closes: #885120, #887130, #888464, #888487) netatalk (2.2.5-2+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Unauthenticated remote code execution in Netatalk (CVE-2018-1160) nginx (1.10.3-1+deb9u2) stretch-security; urgency=high . * Backport http2_max_requests directive needed for CVE-2018-16844 mitigation * Backport upstream fixes for 3 CVEs (Closes: #913090) + CVE-2018-16843 Excessive memory usage in HTTP/2 + CVE-2018-16844 Excessive CPU usage in HTTP/2 This change limits the maximum allowed number of idle state switches to 10 * http2_max_requests (i.e., 10000 by default). This limits possible CPU usage in one connection, and also imposes a limit on the maximum lifetime of a connection + CVE-2018-16845 Memory disclosure in the ngx_http_mp4_module nvidia-graphics-drivers (390.87-8~deb9u1) stretch; urgency=medium . * Rebuild for stretch. . nvidia-graphics-drivers (390.87-8) unstable; urgency=medium . * Tune more package relationships to prevent that installing packages from nvidia-graphics-drivers-legacy-390xx driver pulls in packages from nvidia-graphics-drivers via Recommends. . nvidia-graphics-drivers (390.87-7) unstable; urgency=medium . * Updated French (fr) debconf translations by Quentin Lejard. (Closes: #920940) * Use d/control.md5sum to keep track of d/control being up-to-date. * Tune package relationships to prevent that installing packages from nvidia-graphics-drivers-legacy-390xx driver pulls in packages from nvidia-graphics-drivers via Recommends. * Drop versioned constraints that are satisfied in wheezy. . nvidia-graphics-drivers (390.87-6) unstable; urgency=medium . [ Luca Boccassi ] * Add ipmi-user.patch and vm-insert-pfn.patch to fix kernel module build for Linux 4.20 and newer. (Closes: #917586) * Update Swedish (sv) debconf translation. Thank you Martin Bagge! (Closes: #918018) . nvidia-graphics-drivers (390.87-5) unstable; urgency=medium . * Prefer KBUILD_LDFLAGS (used since 4.19) over LDFLAGS. (Closes: #916883) * Work around update-alternatives bug #916799 and re-register the alternative to clean-up leftover slaves. * Bump Standards-Version to 4.3.0. No changes needed. * Update lintian overrides. . nvidia-graphics-drivers (390.87-4) unstable; urgency=medium . [ Andreas Beckmann ] * Drop libnvidia-egl-wayland1, nvidia-egl-wayland-{common,icd} packages. These will be provided by src:egl-wayland. (Closes: #915824) * Add more Conflicts between GLVND/non-GLVND packages to smoothen some install paths with --install-recommends enabled. . [ Philipp Kern ] * debian/gen-control.pl: Generate debian/control from debian/control.in. . nvidia-graphics-drivers (390.87-3) unstable; urgency=medium . * Make libgles-nvidia1 a full citizen again, libglvnd now builds libgles1. * libnvidia-fatbinaryloader: Prevent co-installation with the same upstream version of libnvidia-legacy-390xx-fatbinaryloader. * Pass the private library directory to dh_shlibdeps using the -l option instead of LD_LIBRARY_PATH, fixing FTBFS with dpkg 1.19.1. * Add Build-Depends-Package to symbols files where appropriate and override symbols-file-missing-build-depends-package-field elsewhere. * Clean up and unify rule style in debian/rules. * Add debian/rules targets for archiving the tarballs in a separate repository using sparse checkouts and git-lfs as storage backend. . nvidia-graphics-drivers (390.87-2) unstable; urgency=medium . * Reinstate cc_version_check-gcc5.patch. (Closes: #908568) * nvidia-kernel-dkms.README.Debian: Document that using a mismatching binutils version may result in modules failing to load with errors like "Invalid module format", "Unknown rela relocation: 4". . nvidia-graphics-drivers (390.87-1) unstable; urgency=medium . * New upstream long lived branch release 390.87 (2018-08-27). - Fixed a resource leak introduced in the 390 series of drivers that could lead to reduced performance after starting and stopping several OpenGL and/or Vulkan applications. . [ Luca Boccassi ] * Update nv-readme.ids. * Add drm-mode.patch to fix nvidia-drm build for Linux 4.19. (Closes: #908359) . [ Andreas Beckmann ] * Remove cc_version_check-gcc5.patch and re-enable strict version checks, using mismatching compiler versions may create unloadable modules due to unsupported relocations. * Refresh patches. * Synchronize the module build debhelper sequence with debhelper 10. * Bump Standards-Version to 4.2.1. No changes needed. . nvidia-graphics-drivers (390.77-1) unstable; urgency=medium . * New upstream long lived branch release 390.77 (2018-07-16). - Improved compatibility with recent Linux kernels. - Fixed an intermittent hang of Vulkan applications running fullscreen when flipping is allowed. - Removed informational messages that were printed by nvidia-modeset.ko whenever a GPU device was allocated or freed. - Fixed a bug that caused kwin OpenGL compositing to crash when launching certain OpenGL applications. * New upstream release 367 series. - Updated the OpenGL driver to allow the use of integer format (SINT/UINT) color attachments with depth attachments in Frame Buffer Objects. . nvidia-graphics-drivers (390.67-3) unstable; urgency=medium . [ Luca Boccassi ] * Add drm_control_allow.patch to fix kernel module build for Linux 4.18 and newer. . [ Andreas Beckmann ] * The libGLX_indirect.so.0 alternative is now handled by glx-alternatives. * Bump Standards-Version to 4.1.5. No changes needed. . nvidia-graphics-drivers (390.67-2) unstable; urgency=high . * Add kmem_cache_create_usercopy.patch from Red Hat, fixing "Bad or missing usercopy whitelist? Kernel memory exposure attempt detected from SLUB object 'nvidia_stack_cache'" on Linux kernels that have disabled CONFIG_HARDENED_USERCOPY_FALLBACK (i.e. linux-image-4.16.0-2-* or newer). (Closes: #901919) . nvidia-graphics-drivers (390.67-1) unstable; urgency=medium . * New upstream long lived branch release 390.67 (2018-06-05). - Fixed a bug that could cause kernel panics when using Quadro SDI Capture hardware. - Fixed an intermittent crash when launching Vulkan applications. - Fixed an intermittent crash when launching applications through Wine. - Fixed a bug that caused the driver, in some low bandwidth DisplayPort configurations, to not implicitly enable display dithering. This resulted in visible banding. * (Closes: #884917) . [ Andreas Beckmann ] * Convert packaging repository from SVN to GIT. * Update nv-readme.ids. * nvidia-detect: Drop support for wheezy(-lts) (EoL). * Add NEWS entry for using the driver on Linux 4.16.16-1 or newer, which may require the kernel boot option slab_common.usercopy_fallback=y as a workaround. (See #901919 for details.) * nvidia-drm-outputclass.conf: Prepend (in a backwards-compatible way) ModulePath "/usr/lib/xorg/modules/linux" since xserver 1.20 no longer does that. (Closes: #900248, #900264, #900378, #900766) . nvidia-graphics-drivers (390.59-1) unstable; urgency=medium . * New upstream long lived branch release 390.59 (2018-05-16). - Fixed intermittent hangs of fullscreen Vulkan applications when focused away (e.g., by using the alt-tab key combination) on non-composited desktops. - Added support for the following GPUs: GeForce GTX 1050 with Max-Q Design, Tesla V100-FHHL-16GB, Quadro P3200, Quadro P4200. . [ Luca Boccassi ] * Drop swiotlb.patch, fixed upstream. * Update nv-readme.ids. * Update symbols files. * Add xorg-video-abi-24 as alternative dependency. * Bump xserver-xorg-core dependency to << 2:1.20.99 for ABI 24. (Closes: #900112, #902375) . nvidia-graphics-drivers (390.48-3) unstable; urgency=medium . * Prepare nvidia-detect for the upcoming nvidia-legacy-390xx packages. * Prepare for the removal of i386/armhf support in 396.xx. * Support renamed variants of libnvidia-egl-wayland1/nvidia-egl-wayland-icd in legacy drivers. * Restrict watch file to releases from the 390.xx legacy branch. . nvidia-graphics-drivers (390.48-2) unstable; urgency=medium . [ Luca Boccassi ] * Fix loading nvidia kernel module on Linux 4.16 due to missing symbol. (Closes: #895429) . [ Andreas Beckmann ] * Bump Standards-Version to 4.1.4. No changes needed. . nvidia-graphics-drivers (390.48-1) unstable; urgency=medium . * New upstream long lived branch release 390.48 (2018-03-28). * Fixed CVE-2018-6249, CVE-2018-6253. (Closes: #894338) https://nvidia.custhelp.com/app/answers/detail/a_id/4649 - Added support for the following GPUs: Quadro GV100, Tesla V100-SXM2-32GB, Tesla V100-PCIE-32GB, Tesla V100-DGXS-32GB. - Updated the driver to prevent G-SYNC from being enabled when a Quadro Sync board is installed. G-SYNC and Quadro Sync were always mutually incompatible features, and this change makes it easier to use G-SYNC capable monitors on Quadro Sync configurations, as it is now no longer necessary to manually disable G-SYNC. - Further improved the fix for occasional flicker when using the X driver's composition pipeline. This was mostly fixed in 390.42, but now the fix should be more complete. . [ Luca Boccassi ] * Update nv-readme.ids. * Drop linux-4.15.patch, merged upstream. . [ Andreas Beckmann ] * Merge changes from 384.130-1 (UNRELEASED). * Update lintian overrides. . nvidia-graphics-drivers (390.42-1) unstable; urgency=medium . * New upstream long lived branch release 390.42 (2018-03-12). - Fixed a regression, introduced in 390.12, that caused occasional flicker when using the X driver's composition pipeline, for example when using screen transformations like rotation, or the "ForceCompositionPipeline" or "ForceFullCompositionPipeline" options." . [ Andreas Beckmann ] * Install the renamed GLVND libraries and add SONAME symlinks. * Update symbols files. * Add linux-4.15 patch from Archlinux. (Closes: #892413) * Remove obsolete bits from README.source. . nvidia-graphics-drivers (390.25-2) unstable; urgency=medium . * Merge changes from 387.34-4. * Upload to unstable. . nvidia-graphics-drivers (390.25-1) experimental; urgency=medium . * New upstream long lived branch release 390.25 (2018-01-29). - Fixed a regression introduced in 390.12 that prevented displays from working normally when running multiple X screens with emulated overlays. - Added support for the following GPUs: GeForce GTX 1060 5GB, Quadro P620. - Fixed a regression introduced in 390.12 that caused occasional hangs and hard lockup messages in the system log when screen transformations are in use. * (Closes: #872988) . [ Luca Boccassi ] * Update nv-readme.ids. * Update symbols files. * Refresh nvidia-use-ARCH.o_binary.patch to remove fuzz. . [ Andreas Beckmann ] * libcuda1: Add Provides: libcuda-9.1-1{,-i386}. * Merge changes from 384.111-4. * nvidia-detect: Report devices only supported on amd64. * nvidia-detect: Add PCI ID list for 384.111 in stretch. . nvidia-graphics-drivers (390.12-1) experimental; urgency=medium . * New upstream beta 390.12 (2018-01-04). * Fixed CVE-2017-5753, CVE-2017-5715 (spectre), CVE-2017-5754 (meltdown). https://nvidia.custhelp.com/app/answers/detail/a_id/4611 (Closes: #886852) - Added new application profile settings, "EGLVisibleDGPUDevices" and "EGLVisibleTegraDevices", to control which discrete and Tegra GPU devices, respectively, may be enumerated by EGL. See the "Application Profiles" appendix of the driver README for more details. - Corrected the SONAME of the copy of the libnvidia-egl-wayland library included in the .run installer package to libnvidia-egl-wayland.so.1. The SONAME had previously been versioned incorrectly with the full version number of the library. - Updated nvidia.ko to veto the ACPI_VIDEO_NOTIFY_PROBE event on kernels that allow the handler for this event to be overridden, to improve interaction between the NVIDIA driver and acpi_video on display hotplug events. - Fixed a bug that prevented Xinerama Info from being handled properly in SLI or Base Mosaic layouts with more than 24 displays. - Updated the X driver's composition pipeline (used for rotation, warp and blend, transformation matrices, etc) to also support stereo. - Fixed a bug where GetTexSubImage() would read incorrect data into a pixel buffer object when supplied with a target of GL_TEXTURE_1D_ARRAY and a non-zero yoffset value. - Added support for generic active stereo with in-band DisplayPort signaling. The X configuration option "InbandStereoSignaling" is deprecated in favor of this stereo mode. See "Appendix B. X Config Options" in the README for more information. - Modified the driver to avoid restoring framebuffer console modes on virtual reality head-mounted displays. * New upstream release 387 series. - Added support for the following GPUs: TITAN Xp COLLECTORS EDITION, GeForce GTX 1070 Ti, TITAN V [amd64]. - Fixed a bug that could cause a system crash when using the new NVreg_EnableBacklightHandler kernel module parameter on GPUs with no displays connected. . [ Luca Boccassi ] * Update nv-readme.ids. * Update symbols files. * Update lintian overrides. . [ Andreas Beckmann ] * Split nv-readme.ids into nv-readme.ids.common and nv-readme.ids.$ARCH, the Volta GPUs (VDPAU feature set I), e.g. Tesla V100 and Titan V, are only supported on amd64. * Upload to experimental. . nvidia-graphics-drivers (387.34-4) unstable; urgency=medium . * libcuda1: Add Provides: libcuda-9.1-1{,-i386}. * nvidia-modprobe.conf: Consistently handle nvidia-modeset. * Merge changes from 384.111-4 (unstable), 384.111-4~deb9u1 (stretch). * Update lintian overrides. * Upload to unstable. . nvidia-graphics-drivers (387.34-3) experimental; urgency=medium . [ Luca Boccassi ] * Add timer.patch to fix kernel module build for Linux 4.15 and newer. . [ Andreas Beckmann ] * Merge changes from 384.111-1. * Restrict watch file to releases from the 387.xx short lived branch. . nvidia-graphics-drivers (387.34-2) experimental; urgency=medium . * Support easier and consistent switching between GLVND/non-GLVND variants. * nvidia-driver-libs{,-i386}: Depend only on the GLVND variants. * nvidia-driver-libs-nonglvnd{,-i386}: New metapackages depending only on the non-GLVND variants. (Closes: #864497) * Stop shipping the classic libnvidia-tls.so.* and ship the modern one (for Linux 2.6 onwards) in the regular libdir instead of the tls/ subdir. (Closes: #883615) * Add #tls# substitution for the tls/ source directory. * Bump Standards-Version to 4.1.2. No changes needed. . nvidia-graphics-drivers (387.34-1) experimental; urgency=medium . * New upstream short lived branch release 387.34 (2017-11-24). (Closes: #881164) - Fixed a bug that caused Vulkan X11 swapchains to fail on GPUs without a display engine, such as some Tesla-branded graphics cards and some Optimus laptops. - Fixed a bug that caused fullscreen Vulkan applications to hang on some Kepler GPUs, such as the GeForce GTX 680. - Fixed a bug where the G-SYNC indicator was reporting "normal" instead of "G-SYNC" on Vulkan applications when G-SYNC was enabled. * New upstream short lived branch release 387.22 (2017-10-30). - Fixed a regression that could cause driver errors when setting modes that include DisplayPort Multi-Stream Transport devices. - Added an nvidia.ko kernel module parameter, NVreg_EnableBacklightHandler, which can be used to enable experimental handling of laptop backlight brightness through /sys/class/backlight/. This handler overrides the ACPI-based one provided by the video.ko kernel module. NVreg_EnableBacklightHandler is disabled by default. - Added G-SYNC to all supported Vulkan swapchains for Maxwell and up. G-SYNC is enabled by default when using G-SYNC-ready monitors. For direct-to-display swapchains, an application profile with "GLGSYNCAllowed" setting set to 'false' can be used to disable this feature: { "rules" : [ { "pattern" : [], "profile" : [ "GLGSYNCAllowed", false ] } ] } * New upstream beta 387.12 (2017-10-03). - Fixed a regression that caused some display connectors on some GPUs to not report a connected HDMI or DisplayPort audio device even if the connected monitor supports audio. - Fixed a race condition that could lead to crashes when OpenGL programs manipulated vertex buffer objects from multiple threads simultaneously. - Improved performance of fullscreen Vulkan applications using X11 swapchains. This optimization will cause more events that trigger an out-of-date swapchain, such as when entering or leaving fullscreen mode. (This is commonly encountered when using the alt-tab key combination, for example.) Applications that do not properly respond to the VK_ERROR_OUT_OF_DATE_KHR return code may not function properly when these events occur. See section 30.8 of the Vulkan specification. - Added support for YUV 4:2:0 compression for monitors connected via DisplayPort in configurations where either the display or GPU is incapable of driving the current mode in RGB 4:4:4. See the description in the "Programming Modes" appendix for details. - Added framebuffer console hot plug handling to nvidia-modeset. Note that hot plugging is only handled when nvidia-modeset is initialized; for example, when Xorg or nvidia-persistenced is running or when nvidia-drm is loaded with the "modeset=1" parameter. - Added an "AllowGSYNC" MetaMode attribute that can be used to disable G-SYNC completely. This can be use to allow enabling features that are incompatible with G-SYNC, such as Ultra Low Motion Blur or Frame Lock. - Fixed several problems that prevented the "cc_version_check" sanity test from running correctly when building the NVIDIA kernel modules. As these problems would have masked mismatches between the compiler versions used to build the kernel and the NVIDIA kernel modules for an extended period of time, nvidia-installer has been updated to ignore CC version mismatches by default when they are detected. - Tiled monitors formerly resulted in a separate Xinerama screen being reported for each tile. They will now, by default, be combined into a single large Xinerama screen. - The individual panels in a tiled monitor will now be arranged based on the layout information provided in the monitor's EDID. This can be overridden by either manually specifying offsets or using the "MetaModeOrientation" option. - Disabled interlaced modes over DisplayPort by default due to incomplete support in the GPU. Added "AllowDpInterlaced" mode validation token to override this default behavior and allow interlaced modes over DisplayPort protocol anyway. . [ Luca Boccassi ] * Update d/copyright with new 6.3 paragraph in NVIDIA's license, which warns that the drivers are licensed for usage with NVIDIA hardware. * Drop nvidia-drm-crtc.patch, fixed upstream, and refresh nvidia-drm-master-dev.patch and use-kbuild-compiler.patch to remove fuzz. * Adjust filenames for new minor ABI revision of libnvidia-egl-wayland1 (libnvidia-egl-wayland.so.1.0.1 -> libnvidia-egl-wayland.so.1.0.2). * Update symbols files. * Update nv-readme.ids. * Refresh nvidia-use-ARCH.o_binary.patch to remove fuzz from 387.22. . [ Andreas Beckmann ] * Update lintian overrides. * Upload to experimental. nvidia-graphics-drivers (390.87-8~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . nvidia-graphics-drivers (390.87-8) unstable; urgency=medium . * Tune more package relationships to prevent that installing packages from nvidia-graphics-drivers-legacy-390xx driver pulls in packages from nvidia-graphics-drivers via Recommends. . nvidia-graphics-drivers (390.87-7) unstable; urgency=medium . * Updated French (fr) debconf translations by Quentin Lejard. (Closes: #920940) * Use d/control.md5sum to keep track of d/control being up-to-date. * Tune package relationships to prevent that installing packages from nvidia-graphics-drivers-legacy-390xx driver pulls in packages from nvidia-graphics-drivers via Recommends. * Drop versioned constraints that are satisfied in wheezy. * Drop versioned constraints that are satisfied in jessie. nvidia-graphics-drivers (390.87-7) unstable; urgency=medium . * Updated French (fr) debconf translations by Quentin Lejard. (Closes: #920940) * Use d/control.md5sum to keep track of d/control being up-to-date. * Tune package relationships to prevent that installing packages from nvidia-graphics-drivers-legacy-390xx driver pulls in packages from nvidia-graphics-drivers via Recommends. * Drop versioned constraints that are satisfied in wheezy. * Drop versioned constraints that are satisfied in jessie. nvidia-graphics-drivers (390.87-6) unstable; urgency=medium . [ Luca Boccassi ] * Add ipmi-user.patch and vm-insert-pfn.patch to fix kernel module build for Linux 4.20 and newer. (Closes: #917586) * Update Swedish (sv) debconf translation. Thank you Martin Bagge! (Closes: #918018) . [ Andreas Beckmann ] * Switch to debhelper-compat (= 12). nvidia-graphics-drivers (390.87-6~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . nvidia-graphics-drivers (390.87-6) unstable; urgency=medium . [ Luca Boccassi ] * Add ipmi-user.patch and vm-insert-pfn.patch to fix kernel module build for Linux 4.20 and newer. (Closes: #917586) * Update Swedish (sv) debconf translation. Thank you Martin Bagge! (Closes: #918018) . [ Andreas Beckmann ] * Switch to debhelper-compat (= 12). . nvidia-graphics-drivers (390.87-5) unstable; urgency=medium . * Prefer KBUILD_LDFLAGS (used since 4.19) over LDFLAGS. (Closes: #916883) * Work around update-alternatives bug #916799 and re-register the alternative to clean-up leftover slaves. * Bump Standards-Version to 4.3.0. No changes needed. * Update lintian overrides. nvidia-graphics-drivers (390.87-5) unstable; urgency=medium . * Prefer KBUILD_LDFLAGS (used since 4.19) over LDFLAGS. (Closes: #916883) * Work around update-alternatives bug #916799 and re-register the alternative to clean-up leftover slaves. * Bump Standards-Version to 4.3.0. No changes needed. * Update lintian overrides. nvidia-graphics-drivers (390.87-4) unstable; urgency=medium . [ Andreas Beckmann ] * Drop libnvidia-egl-wayland1, nvidia-egl-wayland-{common,icd} packages. These will be provided by src:egl-wayland. (Closes: #915824) * Add more Conflicts between GLVND/non-GLVND packages to smoothen some install paths with --install-recommends enabled. . [ Philipp Kern ] * debian/gen-control.pl: Generate debian/control from debian/control.in. nvidia-graphics-drivers (390.87-4~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . nvidia-graphics-drivers (390.87-4) unstable; urgency=medium . [ Andreas Beckmann ] * Drop libnvidia-egl-wayland1, nvidia-egl-wayland-{common,icd} packages. These will be provided by src:egl-wayland. (Closes: #915824) * Add more Conflicts between GLVND/non-GLVND packages to smoothen some install paths with --install-recommends enabled. . [ Philipp Kern ] * debian/gen-control.pl: Generate debian/control from debian/control.in. . nvidia-graphics-drivers (390.87-3) unstable; urgency=medium . * Make libgles-nvidia1 a full citizen again, libglvnd now builds libgles1. * libnvidia-fatbinaryloader: Prevent co-installation with the same upstream version of libnvidia-legacy-390xx-fatbinaryloader. * Pass the private library directory to dh_shlibdeps using the -l option instead of LD_LIBRARY_PATH, fixing FTBFS with dpkg 1.19.1. * Add Build-Depends-Package to symbols files where appropriate and override symbols-file-missing-build-depends-package-field elsewhere. * Clean up and unify rule style in debian/rules. * Add debian/rules targets for archiving the tarballs in a separate repository using sparse checkouts and git-lfs as storage backend. * Switch to debhelper-compat (= 11). nvidia-graphics-drivers (390.87-3) unstable; urgency=medium . * Make libgles-nvidia1 a full citizen again, libglvnd now builds libgles1. * libnvidia-fatbinaryloader: Prevent co-installation with the same upstream version of libnvidia-legacy-390xx-fatbinaryloader. * Pass the private library directory to dh_shlibdeps using the -l option instead of LD_LIBRARY_PATH, fixing FTBFS with dpkg 1.19.1. * Add Build-Depends-Package to symbols files where appropriate and override symbols-file-missing-build-depends-package-field elsewhere. * Clean up and unify rule style in debian/rules. * Add debian/rules targets for archiving the tarballs in a separate repository using sparse checkouts and git-lfs as storage backend. * Switch to debhelper-compat (= 11). nvidia-graphics-drivers (390.87-2) unstable; urgency=medium . * Reinstate cc_version_check-gcc5.patch. (Closes: #908568) * nvidia-kernel-dkms.README.Debian: Document that using a mismatching binutils version may result in modules failing to load with errors like "Invalid module format", "Unknown rela relocation: 4". nvidia-graphics-drivers (390.87-2~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . nvidia-graphics-drivers (390.87-2) unstable; urgency=medium . * Reinstate cc_version_check-gcc5.patch. (Closes: #908568) * nvidia-kernel-dkms.README.Debian: Document that using a mismatching binutils version may result in modules failing to load with errors like "Invalid module format", "Unknown rela relocation: 4". . nvidia-graphics-drivers (390.87-1) unstable; urgency=medium . * New upstream long lived branch release 390.87 (2018-08-27). - Fixed a resource leak introduced in the 390 series of drivers that could lead to reduced performance after starting and stopping several OpenGL and/or Vulkan applications. . [ Luca Boccassi ] * Update nv-readme.ids. * Add drm-mode.patch to fix nvidia-drm build for Linux 4.19. (Closes: #908359) . [ Andreas Beckmann ] * Remove cc_version_check-gcc5.patch and re-enable strict version checks, using mismatching compiler versions may create unloadable modules due to unsupported relocations. * Refresh patches. * Synchronize the module build debhelper sequence with debhelper 10. * Bump Standards-Version to 4.2.1. No changes needed. nvidia-graphics-drivers (390.87-1) unstable; urgency=medium . * New upstream long lived branch release 390.87 (2018-08-27). - Fixed a resource leak introduced in the 390 series of drivers that could lead to reduced performance after starting and stopping several OpenGL and/or Vulkan applications. . [ Luca Boccassi ] * Update nv-readme.ids. * Add drm-mode.patch to fix nvidia-drm build for Linux 4.19. (Closes: #908359) . [ Andreas Beckmann ] * Remove cc_version_check-gcc5.patch and re-enable strict version checks, using mismatching compiler versions may create unloadable modules due to mismatching symvers. * Refresh patches. * Synchronize the module build debhelper sequence with debhelper 10. * Bump Standards-Version to 4.2.1. No changes needed. nvidia-graphics-drivers (390.77-1) unstable; urgency=medium . * New upstream long lived branch release 390.77 (2018-07-16). - Improved compatibility with recent Linux kernels. - Fixed an intermittent hang of Vulkan applications running fullscreen when flipping is allowed. - Removed informational messages that were printed by nvidia-modeset.ko whenever a GPU device was allocated or freed. * New upstream release 367 series. - Updated the OpenGL driver to allow the use of integer format (SINT/UINT) color attachments with depth attachments in Frame Buffer Objects. nvidia-graphics-drivers (390.77-1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. * Use vulkan from stretch-backports. . nvidia-graphics-drivers (390.77-1) unstable; urgency=medium . * New upstream long lived branch release 390.77 (2018-07-16). - Improved compatibility with recent Linux kernels. - Fixed an intermittent hang of Vulkan applications running fullscreen when flipping is allowed. - Removed informational messages that were printed by nvidia-modeset.ko whenever a GPU device was allocated or freed. * New upstream release 367 series. - Updated the OpenGL driver to allow the use of integer format (SINT/UINT) color attachments with depth attachments in Frame Buffer Objects. . nvidia-graphics-drivers (390.67-3) unstable; urgency=medium . [ Luca Boccassi ] * Add drm_control_allow.patch to fix kernel module build for Linux 4.18 and newer. . [ Andreas Beckmann ] * The libGLX_indirect.so.0 alternative is now handled by glx-alternatives. * Bump Standards-Version to 4.1.5. No changes needed. nvidia-graphics-drivers (390.67-3) unstable; urgency=medium . [ Luca Boccassi ] * Add drm_control_allow.patch to fix kernel module build for Linux 4.18 and newer. . [ Andreas Beckmann ] * The libGLX_indirect.so.0 alternative is now handled by glx-alternatives. * Bump Standards-Version to 4.1.5. No changes needed. nvidia-graphics-drivers (390.67-2) unstable; urgency=high . * Add kmem_cache_create_usercopy.patch from Red Hat, fixing "Bad or missing usercopy whitelist? Kernel memory exposure attempt detected from SLUB object 'nvidia_stack_cache'" on Linux kernels that have disabled CONFIG_HARDENED_USERCOPY_FALLBACK (i.e. linux-image-4.16.0-2-* or newer). (Closes: #901919) nvidia-graphics-drivers (390.67-2~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. * Use libglvnd and MESA from stretch-backports. . nvidia-graphics-drivers (390.67-2) unstable; urgency=high . * Add kmem_cache_create_usercopy.patch from Red Hat, fixing "Bad or missing usercopy whitelist? Kernel memory exposure attempt detected from SLUB object 'nvidia_stack_cache'" on Linux kernels that have disabled CONFIG_HARDENED_USERCOPY_FALLBACK (i.e. linux-image-4.16.0-2-* or newer). (Closes: #901919) . nvidia-graphics-drivers (390.67-1) unstable; urgency=medium . * New upstream long lived branch release 390.67 (2018-06-05). - Fixed a bug that could cause kernel panics when using Quadro SDI Capture hardware. - Fixed an intermittent crash when launching Vulkan applications. - Fixed an intermittent crash when launching applications through Wine. - Fixed a bug that caused the driver, in some low bandwidth DisplayPort configurations, to not implicitly enable display dithering. This resulted in visible banding. . [ Andreas Beckmann ] * Convert packaging repository from SVN to GIT. * Update nv-readme.ids. * nvidia-detect: Drop support for wheezy(-lts) (EoL). * Add NEWS entry for using the driver on Linux 4.16.16-1 or newer, which may require the kernel boot option slab_common.usercopy_fallback=y as a workaround. (See #901919 for details.) * nvidia-drm-outputclass.conf: Prepend (in a backwards-compatible way) ModulePath "/usr/lib/xorg/modules/linux" since xserver 1.20 no longer does that. (Closes: #900248, #900264, #900378, #900766) . nvidia-graphics-drivers (390.59-1) unstable; urgency=medium . * New upstream long lived branch release 390.59 (2018-05-16). - Fixed intermittent hangs of fullscreen Vulkan applications when focused away (e.g., by using the alt-tab key combination) on non-composited desktops. - Added support for the following GPUs: GeForce GTX 1050 with Max-Q Design, Tesla V100-FHHL-16GB, Quadro P3200, Quadro P4200. . [ Luca Boccassi ] * Drop swiotlb.patch, fixed upstream. * Update nv-readme.ids. * Update symbols files. * Add xorg-video-abi-24 as alternative dependency. * Bump xserver-xorg-core dependency to << 2:1.20.99 for ABI 24. (Closes: #900112) . nvidia-graphics-drivers (390.48-4) UNRELEASED; urgency=medium . * Stop building lib*-glvnd-nvidia, now built from the 390xx legacy driver. * Switch to debhelper compat level 11. . nvidia-graphics-drivers (390.48-3) unstable; urgency=medium . * Prepare nvidia-detect for the upcoming nvidia-legacy-390xx packages. * Prepare for the removal of i386/armhf support in 396.xx. * Support renamed variants of libnvidia-egl-wayland1/nvidia-egl-wayland-icd in legacy drivers. * Restrict watch file to releases from the 390.xx legacy branch. nvidia-graphics-drivers (390.67-1) unstable; urgency=medium . * New upstream long lived branch release 390.67 (2018-06-05). - Fixed a bug that could cause kernel panics when using Quadro SDI Capture hardware. - Fixed an intermittent crash when launching Vulkan applications. - Fixed an intermittent crash when launching applications through Wine. - Fixed a bug that caused the driver, in some low bandwidth DisplayPort configurations, to not implicitly enable display dithering. This resulted in visible banding. . [ Andreas Beckmann ] * Convert packaging repository from SVN to GIT. * Update nv-readme.ids. * nvidia-detect: Drop support for wheezy(-lts) (EoL). * Add NEWS entry for using the driver on Linux 4.16.16-1 or newer, which may require the kernel boot option slab_common.usercopy_fallback=y as a workaround. (See #901919 for details.) * nvidia-drm-outputclass.conf: Prepend (in a backwards-compatible way) ModulePath "/usr/lib/xorg/modules/linux" since xserver 1.20 no longer does that. (Closes: #900248, #900264, #900378, #900766) nvidia-graphics-drivers (390.59-1) unstable; urgency=medium . * New upstream long lived branch release 390.59 (2018-05-16). - Added support for the following GPUs: GeForce GTX 1050 with Max-Q Design, Tesla V100-FHHL-16GB, Quadro P3200, Quadro P4200. . [ Andreas Beckmann ] * Stop building lib*-glvnd-nvidia, now built from the 390xx legacy driver. * Switch to debhelper compat level 11. . [ Luca Boccassi ] * Drop swiotlb.patch, fixed upstream. * Update nv-readme.ids. * Update symbols files. * Add xorg-video-abi-24 as alternative dependency. * Bump xserver-xorg-core dependency to << 2:1.20.99 for ABI 24. (Closes: #900112) nvidia-graphics-drivers (390.48-3) unstable; urgency=medium . * Prepare nvidia-detect for the upcoming nvidia-legacy-390xx packages. * Prepare for the removal of i386/armhf support in 396.xx. * Support renamed variants of libnvidia-egl-wayland1/nvidia-egl-wayland-icd in legacy drivers. * Restrict watch file to releases from the 390.xx legacy branch. nvidia-graphics-drivers (390.48-2) unstable; urgency=medium . [ Luca Boccassi ] * Fix loading nvidia kernel module on Linux 4.16 due to missing symbol. (Closes: #895429) . [ Andreas Beckmann ] * Bump Standards-Version to 4.1.4. No changes needed. nvidia-graphics-drivers (390.48-2~bpo9+3) stretch-backports; urgency=medium . * Add Conflicts against glvnd-aware MESA >= 17 from stretch-backports. * Fix some upgrade issues from older versions in stretch. nvidia-graphics-drivers (390.48-2~bpo9+2) stretch-backports; urgency=medium . * Disable alternative dependencies and add Conflicts against libglvnd from stretch-backports. nvidia-graphics-drivers (390.48-2~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . nvidia-graphics-drivers (390.48-2) unstable; urgency=medium . [ Luca Boccassi ] * Fix loading nvidia kernel module on Linux 4.16 due to missing symbol. (Closes: #895429) . [ Andreas Beckmann ] * Bump Standards-Version to 4.1.4. No changes needed. . nvidia-graphics-drivers (390.48-1) unstable; urgency=medium . * New upstream long lived branch release 390.48 (2018-03-28). * Fixed CVE-2018-6249, CVE-2018-6253. https://nvidia.custhelp.com/app/answers/detail/a_id/4649 (Closes: #894338) - Added support for the following GPUs: Quadro GV100, Tesla V100-SXM2-32GB, Tesla V100-PCIE-32GB, Tesla V100-DGXS-32GB. - Updated the driver to prevent G-SYNC from being enabled when a Quadro Sync board is installed. G-SYNC and Quadro Sync were always mutually incompatible features, and this change makes it easier to use G-SYNC capable monitors on Quadro Sync configurations, as it is now no longer necessary to manually disable G-SYNC. - Further improved the fix for occasional flicker when using the X driver's composition pipeline. This was mostly fixed in 390.42, but now the fix should be more complete. . [ Luca Boccassi ] * Update nv-readme.ids. * Drop linux-4.15.patch, merged upstream. . [ Andreas Beckmann ] * Merge changes from 384.130-1 (UNRELEASED). * Update lintian overrides. . nvidia-graphics-drivers (390.42-1) unstable; urgency=medium . * New upstream long lived branch release 390.42 (2018-03-12). - Fixed a regression, introduced in 390.12, that caused occasional flicker when using the X driver's composition pipeline, for example when using screen transformations like rotation, or the "ForceCompositionPipeline" or "ForceFullCompositionPipeline" options." . [ Andreas Beckmann ] * Install the renamed GLVND libraries and add SONAME symlinks. * Update symbols files. * Add linux-4.15 patch from Archlinux. (Closes: #892413) * Remove obsolete bits from README.source. . nvidia-graphics-drivers (390.25-2) unstable; urgency=medium . * Merge changes from 387.34-4. * Upload to unstable. . nvidia-graphics-drivers (390.25-1) experimental; urgency=medium . * New upstream long lived branch release 390.25 (2018-01-29). - Fixed a regression introduced in 390.12 that prevented displays from working normally when running multiple X screens with emulated overlays. - Added support for the following GPUs: GeForce GTX 1060 5GB, Quadro P620. - Fixed a regression introduced in 390.12 that caused occasional hangs and hard lockup messages in the system log when screen transformations are in use. . [ Luca Boccassi ] * Update nv-readme.ids. * Update symbols files. * Refresh nvidia-use-ARCH.o_binary.patch to remove fuzz. . [ Andreas Beckmann ] * libcuda1: Add Provides: libcuda-9.1-1{,-i386}. * Merge changes from 384.111-4. * nvidia-detect: Report devices only supported on amd64. * nvidia-detect: Add PCI ID list for 384.111 in stretch. . nvidia-graphics-drivers (390.12-1) experimental; urgency=medium . * New upstream beta 390.12 (2018-01-04). * Fixed CVE-2017-5753, CVE-2017-5715 (spectre), CVE-2017-5754 (meltdown). https://nvidia.custhelp.com/app/answers/detail/a_id/4611 (Closes: #886852) - Added new application profile settings, "EGLVisibleDGPUDevices" and "EGLVisibleTegraDevices", to control which discrete and Tegra GPU devices, respectively, may be enumerated by EGL. See the "Application Profiles" appendix of the driver README for more details. - Corrected the SONAME of the copy of the libnvidia-egl-wayland library included in the .run installer package to libnvidia-egl-wayland.so.1. The SONAME had previously been versioned incorrectly with the full version number of the library. - Updated nvidia.ko to veto the ACPI_VIDEO_NOTIFY_PROBE event on kernels that allow the handler for this event to be overridden, to improve interaction between the NVIDIA driver and acpi_video on display hotplug events. - Fixed a bug that prevented Xinerama Info from being handled properly in SLI or Base Mosaic layouts with more than 24 displays. - Updated the X driver's composition pipeline (used for rotation, warp and blend, transformation matrices, etc) to also support stereo. - Fixed a bug where GetTexSubImage() would read incorrect data into a pixel buffer object when supplied with a target of GL_TEXTURE_1D_ARRAY and a non-zero yoffset value. - Added support for generic active stereo with in-band DisplayPort signaling. The X configuration option "InbandStereoSignaling" is deprecated in favor of this stereo mode. See "Appendix B. X Config Options" in the README for more information. - Modified the driver to avoid restoring framebuffer console modes on virtual reality head-mounted displays. * New upstream release 387 series. - Added support for the following GPUs: TITAN Xp COLLECTORS EDITION, GeForce GTX 1070 Ti, TITAN V [amd64]. - Fixed a bug that could cause a system crash when using the new NVreg_EnableBacklightHandler kernel module parameter on GPUs with no displays connected. . [ Luca Boccassi ] * Update nv-readme.ids. * Update symbols files. * Update lintian overrides. . [ Andreas Beckmann ] * Split nv-readme.ids into nv-readme.ids.common and nv-readme.ids.$ARCH, the Volta GPUs (VDPAU feature set I), e.g. Tesla V100 and Titan V, are only supported on amd64. * Upload to experimental. . nvidia-graphics-drivers (387.34-4) unstable; urgency=medium . * libcuda1: Add Provides: libcuda-9.1-1{,-i386}. * nvidia-modprobe.conf: Consistently handle nvidia-modeset. * Merge changes from 384.111-4 (unstable), 384.111-4~deb9u1 (stretch). * Update lintian overrides. * Upload to unstable. . nvidia-graphics-drivers (387.34-3) experimental; urgency=medium . [ Luca Boccassi ] * Add timer.patch to fix kernel module build on Linux 4.15 and newer. . [ Andreas Beckmann ] * Merge changes from 384.111-1. * Restrict watch file to releases from the 387.xx short lived branch. . nvidia-graphics-drivers (387.34-2) experimental; urgency=medium . * Support easier and consistent switching between GLVND/non-GLVND variants. * nvidia-driver-libs{,-i386}: Depend only on the GLVND variants. * nvidia-driver-libs-nonglvnd{,-i386}: New metapackages depending only on the non-GLVND variants. (Closes: #864497) * Stop shipping the classic libnvidia-tls.so.* and ship the modern one (for Linux 2.6 onwards) in the regular libdir instead of the tls/ subdir. (Closes: #883615) * Add #tls# substitution for the tls/ source directory. * Bump Standards-Version to 4.1.2. No changes needed. . nvidia-graphics-drivers (387.34-1) experimental; urgency=medium . * New upstream short lived branch release 387.34 (2017-11-24). (Closes: #881164) - Fixed a bug that caused Vulkan X11 swapchains to fail on GPUs without a display engine, such as some Tesla-branded graphics cards and some Optimus laptops. - Fixed a bug that caused fullscreen Vulkan applications to hang on some Kepler GPUs, such as the GeForce GTX 680. - Fixed a bug where the G-SYNC indicator was reporting "normal" instead of "G-SYNC" on Vulkan applications when G-SYNC was enabled. * New upstream short lived branch release 387.22 (2017-10-30). - Fixed a regression that could cause driver errors when setting modes that include DisplayPort Multi-Stream Transport devices. - Added an nvidia.ko kernel module parameter, NVreg_EnableBacklightHandler, which can be used to enable experimental handling of laptop backlight brightness through /sys/class/backlight/. This handler overrides the ACPI-based one provided by the video.ko kernel module. NVreg_EnableBacklightHandler is disabled by default. - Added G-SYNC to all supported Vulkan swapchains for Maxwell and up. G-SYNC is enabled by default when using G-SYNC-ready monitors. For direct-to-display swapchains, an application profile with "GLGSYNCAllowed" setting set to 'false' can be used to disable this feature: { "rules" : [ { "pattern" : [], "profile" : [ "GLGSYNCAllowed", false ] } ] } * New upstream beta 387.12 (2017-10-03). - Fixed a regression that caused some display connectors on some GPUs to not report a connected HDMI or DisplayPort audio device even if the connected monitor supports audio. - Fixed a race condition that could lead to crashes when OpenGL programs manipulated vertex buffer objects from multiple threads simultaneously. - Improved performance of fullscreen Vulkan applications using X11 swapchains. This optimization will cause more events that trigger an out-of-date swapchain, such as when entering or leaving fullscreen mode. (This is commonly encountered when using the alt-tab key combination, for example.) Applications that do not properly respond to the VK_ERROR_OUT_OF_DATE_KHR return code may not function properly when these events occur. See section 30.8 of the Vulkan specification. - Added support for YUV 4:2:0 compression for monitors connected via DisplayPort in configurations where either the display or GPU is incapable of driving the current mode in RGB 4:4:4. See the description in the "Programming Modes" appendix for details. - Added framebuffer console hot plug handling to nvidia-modeset. Note that hot plugging is only handled when nvidia-modeset is initialized; for example, when Xorg or nvidia-persistenced is running or when nvidia-drm is loaded with the "modeset=1" parameter. - Added an "AllowGSYNC" MetaMode attribute that can be used to disable G-SYNC completely. This can be use to allow enabling features that are incompatible with G-SYNC, such as Ultra Low Motion Blur or Frame Lock. - Fixed several problems that prevented the "cc_version_check" sanity test from running correctly when building the NVIDIA kernel modules. As these problems would have masked mismatches between the compiler versions used to build the kernel and the NVIDIA kernel modules for an extended period of time, nvidia-installer has been updated to ignore CC version mismatches by default when they are detected. - Tiled monitors formerly resulted in a separate Xinerama screen being reported for each tile. They will now, by default, be combined into a single large Xinerama screen. - The individual panels in a tiled monitor will now be arranged based on the layout information provided in the monitor's EDID. This can be overridden by either manually specifying offsets or using the "MetaModeOrientation" option. - Disabled interlaced modes over DisplayPort by default due to incomplete support in the GPU. Added "AllowDpInterlaced" mode validation token to override this default behavior and allow interlaced modes over DisplayPort protocol anyway. . [ Luca Boccassi ] * Update d/copyright with new 6.3 paragraph in NVIDIA's license, which warns that the drivers are licensed for usage with NVIDIA hardware. * Drop nvidia-drm-crtc.patch, fixed upstream, and refresh nvidia-drm-master-dev.patch and use-kbuild-compiler.patch to remove fuzz. * Adjust filenames for new minor ABI revision of libnvidia-egl-wayland1 (libnvidia-egl-wayland.so.1.0.1 -> libnvidia-egl-wayland.so.1.0.2). * Update symbols files. * Update nv-readme.ids. * Refresh nvidia-use-ARCH.o_binary.patch to remove fuzz from 387.22. . [ Andreas Beckmann ] * Update lintian overrides. * Upload to experimental. . nvidia-graphics-drivers (384.130-1) stretch; urgency=medium . * New upstream long lived branch release 384.130 (2018-03-28). * Fixed CVE-2018-6249, CVE-2018-6253. https://nvidia.custhelp.com/app/answers/detail/a_id/4649 (Closes: #894338) - Improved compatibility with recent Linux kernels. - Fixed a string concatenation bug that caused libGL to accidentally try to create the directory "$HOME.nv" rather than "$HOME/.nv" in some cases where /tmp isn't accessible. (Closes: #888028) - Increased the version numbers of the GLVND libGL, libGLESv1_CM, libGLESv2, and libEGL libraries, to prevent concurrently installed non-GLVND libraries from taking precedence in the dynamic linker cache. * New upstream release 340 series. - Fixed a bug which could cause X servers that export a Video Driver ABI earlier than 0.8 to crash when running X11 applications which call XRenderAddTraps(). . [ Luca Boccassi ] * Install the renamed GLVND libraries and add SONAME symlinks. . [ Andreas Beckmann ] * Bump the required glx-diversions/glx-alternative-nvidia version for the renamed GLVND libraries. * Upload to stretch . nvidia-graphics-drivers (384.111-4~deb9u1) stretch; urgency=medium . * Rebuild for stretch. * Relax the libvulkan1 (build-)dependency. * Do not conflict with *-glvnd-nvidia, there is no libglvnd in stretch. * Continue recommending the GLESv1 library for stretch. . nvidia-graphics-drivers (384.111-4) unstable; urgency=medium . * nvidia-kernel-{dkms,source}: Mention the supported architecture(s) in the long Description. * Use dh_missing --fail-missing. * Update lintian overrides. nvidia-graphics-drivers (390.48-1) unstable; urgency=medium . * New upstream long lived branch release 390.48 (2018-03-28). * Fixed CVE-2018-6249, CVE-2018-625. https://nvidia.custhelp.com/app/answers/detail/a_id/4649 (Closes: #894338) - Added support for the following GPUs: Quadro GV100, Tesla V100-SXM2-32GB, Tesla V100-PCIE-32GB, Tesla V100-DGXS-32GB. - Updated the driver to prevent G-SYNC from being enabled when a Quadro Sync board is installed. G-SYNC and Quadro Sync were always mutually incompatible features, and this change makes it easier to use G-SYNC capable monitors on Quadro Sync configurations, as it is now no longer necessary to manually disable G-SYNC. - Further improved the fix for occasional flicker when using the X driver's composition pipeline. This was mostly fixed in 390.42, but now the fix should be more complete. . [ Luca Boccassi ] * Update nv-readme.ids. * Drop linux-4.15.patch, merged upstream. . [ Andreas Beckmann ] * Merge changes from 384.130-1 (UNRELEASED). * Update lintian overrides. nvidia-graphics-drivers (390.42-1) unstable; urgency=medium . * New upstream long lived branch release 390.42 (2018-03-12). - Fixed a regression, introduced in 390.12, that caused occasional flicker when using the X driver's composition pipeline, for example when using screen transformations like rotation, or the "ForceCompositionPipeline" or "ForceFullCompositionPipeline" options." * New upstream release 384 series. - Fixed a string concatenation bug that caused libGL to accidentally try to create the directory "$HOME.nv" rather than "$HOME/.nv" in some cases where /tmp isn't accessible. (Closes: #888028) - Increased the version numbers of the GLVND libGL, libGLESv1_CM, libGLESv2, and libEGL libraries, to prevent concurrently installed non-GLVND libraries from taking precedence in the dynamic linker cache. * Install the renamed GLVND libraries and add SONAME symlinks. * Update symbols files. * Add linux-4.15 patch from Archlinux. (Closes: #892413) * Remove obsolete bits from README.source. nvidia-graphics-drivers (390.25-2) unstable; urgency=medium . * Merge changes from 387.34-4. * Upload to unstable. nvidia-graphics-drivers (390.25-1) experimental; urgency=medium . * New upstream long lived branch release 390.25 (2018-01-29). - Fixed a regression introduced in 390.12 that prevented displays from working normally when running multiple X screens with emulated overlays. - Added support for the following GPUs: GeForce GTX 1060 5GB, Quadro P620. - Fixed a regression introduced in 390.12 that caused occasional hangs and hard lockup messages in the system log when screen transformations are in use. * New upstream release 340 series. - Fixed a bug which could cause X servers that export a Video Driver ABI earlier than 0.8 to crash when running X11 applications which call XRenderAddTraps(). . [ Luca Boccassi ] * Update nv-readme.ids. * Update symbols files. * Refresh nvidia-use-ARCH.o_binary.patch to remove fuzz. . [ Andreas Beckmann ] * libcuda1: Add Provides: libcuda-9.1-1{,-i386}. * Merge changes from 384.111-4. * nvidia-detect: Report devices only supported on amd64. * nvidia-detect: Add PCI ID list for 384.111 in stretch. nvidia-graphics-drivers (390.12-1) experimental; urgency=medium . * New upstream beta 390.12 (2018-01-04). * Fixed CVE-2017-5753, CVE-2017-5715 (spectre), CVE-2017-5754 (meltdown). https://nvidia.custhelp.com/app/answers/detail/a_id/4611 (Closes: #886852) - Added new application profile settings, "EGLVisibleDGPUDevices" and "EGLVisibleTegraDevices", to control which discrete and Tegra GPU devices, respectively, may be enumerated by EGL. See the "Application Profiles" appendix of the driver README for more details. - Corrected the SONAME of the copy of the libnvidia-egl-wayland library included in the .run installer package to libnvidia-egl-wayland.so.1. The SONAME had previously been versioned incorrectly with the full version number of the library. - Updated nvidia.ko to veto the ACPI_VIDEO_NOTIFY_PROBE event on kernels that allow the handler for this event to be overridden, to improve interaction between the NVIDIA driver and acpi_video on display hotplug events. - Fixed a bug that prevented Xinerama Info from being handled properly in SLI or Base Mosaic layouts with more than 24 displays. - Updated the X driver's composition pipeline (used for rotation, warp and blend, transformation matrices, etc) to also support stereo. - Fixed a bug where GetTexSubImage() would read incorrect data into a pixel buffer object when supplied with a target of GL_TEXTURE_1D_ARRAY and a non-zero yoffset value. - Added support for generic active stereo with in-band DisplayPort signaling. The X configuration option "InbandStereoSignaling" is deprecated in favor of this stereo mode. See "Appendix B. X Config Options" in the README for more information. - Modified the driver to avoid restoring framebuffer console modes on virtual reality head-mounted displays. * New upstream release 387 series. - Added support for the following GPUs: TITAN Xp COLLECTORS EDITION, GeForce GTX 1070 Ti, TITAN V [amd64]. - Fixed a bug that could cause a system crash when using the new NVreg_EnableBacklightHandler kernel module parameter on GPUs with no displays connected. . [ Luca Boccassi ] * Update nv-readme.ids. * Update symbols files. * Update lintian overrides. . [ Andreas Beckmann ] * Split nv-readme.ids into nv-readme.ids.common and nv-readme.ids.$ARCH, the GPUs with VDPAU feature set I, e.g. Tesla V100 and Titan V, are only supported on amd64. * Upload to experimental. nvidia-graphics-drivers (387.34-4) unstable; urgency=medium . * libcuda1: Add Provides: libcuda-9.1-1{,-i386}. * nvidia-modprobe.conf: Consistently handle nvidia-modeset. * Merge changes from 384.111-4. * Merge changes from 384.111-4~deb9u1 (stretch). * Update lintian overrides. * Upload to unstable. nvidia-graphics-drivers (387.34-3) experimental; urgency=medium . [ Luca Boccassi ] * Add timer.patch to fix kernel module build on Linux 4.15 and newer. . [ Andreas Beckmann ] * Merge changes from 384.111-1. * Restrict watch file to releases from the 387.xx long lived branch. nvidia-graphics-drivers (387.34-2) experimental; urgency=medium . * Support easier and consistent switching between GLVND/non-GLVND variants. * nvidia-driver-libs{,-i386}: Depend only on the GLVND variants. * nvidia-driver-libs-nonglvnd{,-i386}: New metapackages depending only on the non-GLVND variants. (Closes: #864497) * Stop shipping the classic libnvidia-tls.so.* and ship the modern one (for Linux 2.6 onwards) in the regular libdir instead of the tls/ subdir. (Closes: #883615) * Add #tls# substitution for the tls/ source directory. * Bump Standards-Version to 4.1.2. No changes needed. nvidia-graphics-drivers (387.34-1) experimental; urgency=medium . * New upstream short lived branch release 387.34 (2017-11-24). - Fixed a bug that caused Vulkan X11 swapchains to fail on GPUs without a display engine, such as some Tesla-branded graphics cards and some Optimus laptops. - Fixed a bug that caused fullscreen Vulkan applications to hang on some Kepler GPUs, such as the GeForce GTX 680. - Fixed a bug where the G-SYNC indicator was reporting "normal" instead of "G-SYNC" on Vulkan applications when G-SYNC was enabled. * New upstream short lived branch release 387.22 (2017-10-30). - Fixed a regression that could cause driver errors when setting modes that include DisplayPort Multi-Stream Transport devices. - Added an nvidia.ko kernel module parameter, NVreg_EnableBacklightHandler, which can be used to enable experimental handling of laptop backlight brightness through /sys/class/backlight/. This handler overrides the ACPI-based one provided by the video.ko kernel module. NVreg_EnableBacklightHandler is disabled by default. - Added G-SYNC to all supported Vulkan swapchains for Maxwell and up. G-SYNC is enabled by default when using G-SYNC-ready monitors. For direct-to-display swapchains, an application profile with "GLGSYNCAllowed" setting set to 'false' can be used to disable this feature: { "rules" : [ { "pattern" : [], "profile" : [ "GLGSYNCAllowed", false ] } ] } * New upstream beta 387.12 (2017-10-03). - Fixed a regression that caused some display connectors on some GPUs to not report a connected HDMI or DisplayPort audio device even if the connected monitor supports audio. - Fixed a race condition that could lead to crashes when OpenGL programs manipulated vertex buffer objects from multiple threads simultaneously. - Improved performance of fullscreen Vulkan applications using X11 swapchains. This optimization will cause more events that trigger an out-of-date swapchain, such as when entering or leaving fullscreen mode. (This is commonly encountered when using the alt-tab key combination, for example.) Applications that do not properly respond to the VK_ERROR_OUT_OF_DATE_KHR return code may not function properly when these events occur. See section 30.8 of the Vulkan specification. - Added support for YUV 4:2:0 compression for monitors connected via DisplayPort in configurations where either the display or GPU is incapable of driving the current mode in RGB 4:4:4. See the description in the "Programming Modes" appendix for details. - Added framebuffer console hot plug handling to nvidia-modeset. Note that hot plugging is only handled when nvidia-modeset is initialized; for example, when Xorg or nvidia-persistenced is running or when nvidia-drm is loaded with the "modeset=1" parameter. - Added an "AllowGSYNC" MetaMode attribute that can be used to disable G-SYNC completely. This can be use to allow enabling features that are incompatible with G-SYNC, such as Ultra Low Motion Blur or Frame Lock. - Fixed several problems that prevented the "cc_version_check" sanity test from running correctly when building the NVIDIA kernel modules. As these problems would have masked mismatches between the compiler versions used to build the kernel and the NVIDIA kernel modules for an extended period of time, nvidia-installer has been updated to ignore CC version mismatches by default when they are detected. - Tiled monitors formerly resulted in a separate Xinerama screen being reported for each tile. They will now, by default, be combined into a single large Xinerama screen. - The individual panels in a tiled monitor will now be arranged based on the layout information provided in the monitor's EDID. This can be overridden by either manually specifying offsets or using the "MetaModeOrientation" option. - Disabled interlaced modes over DisplayPort by default due to incomplete support in the GPU. Added "AllowDpInterlaced" mode validation token to override this default behavior and allow interlaced modes over DisplayPort protocol anyway. * New upstream release 384 series. - Fixed a regression that prevented displays connected via some types of passive adapters (e.g. DMS-59 to VGA or DVI) from working correctly. The regression was introduced with driver version 384.98. - Fixed a bug that caused Quadro M2200 GPUs to enter the lowest available PowerMizer performance level when under load. . [ Luca Boccassi ] * Update d/copyright with new 6.3 paragraph in Nvidia's license, which warns that the drivers are licensed for usage with Nvidia hardware. * Drop nvidia-drm-crtc.patch, fixed upstream, and refresh nvidia-drm-master-dev.patch and use-kbuild-compiler.patch to remove fuzz. * Adjust filenames for new minor ABI revision of libnvidia-egl-wayland1 (libnvidia-egl-wayland.so.1.0.1 -> libnvidia-egl-wayland.so.1.0.2). * Update symbols files. * Update nv-readme.ids. * Refresh nvidia-use-ARCH.o_binary.patch to remove fuzz from 387.22. . [ Andreas Beckmann ] * Update lintian overrides. * Upload to experimental. nvidia-modprobe (390.87-1~deb9u1) stretch; urgency=medium . * Rebuild for stretch. . nvidia-modprobe (390.87-1) unstable; urgency=medium . * New upstream release. * Bump Standards-Version to 4.3.0. No changes needed. . nvidia-modprobe (390.25-1) unstable; urgency=medium . * New upstream release. nvidia-modprobe (390.87-1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . nvidia-modprobe (390.87-1) unstable; urgency=medium . * New upstream release. * Bump Standards-Version to 4.3.0. No changes needed. . nvidia-modprobe (390.25-1) unstable; urgency=medium . * New upstream release. . nvidia-modprobe (384.111-2~deb9u1) stretch; urgency=medium . * Rebuild for stretch. . nvidia-modprobe (384.111-2) unstable; urgency=medium . * Add setuid.patch to run setuid(0) before forking modprobe to preserve privileges through shell invocations and recursive modprobe calls. Thanks to Hiromasa YOSHIMOTO for intensive debugging and the final patch! (Closes: #888952) * Add debian/upstream/metadata. * Fix new Lintian issues. * Switch Vcs-* URLs to salsa.debian.org. nvidia-modprobe (390.25-1) unstable; urgency=medium . * New upstream release. nvidia-modprobe (384.111-2) unstable; urgency=medium . * Add setuid.patch to run setuid(0) before forking modprobe to preserve privileges through shell invocations and recursive modprobe calls. Thanks to Hiromasa YOSHIMOTO for intensive debugging and the final patch! (Closes: #888952) * Add debian/upstream/metadata. * Fix new Lintian issues. * Switch Vcs-* URLs to salsa.debian.org. nvidia-persistenced (390.87-1~deb9u1) stretch; urgency=medium . * Rebuild for stretch. . nvidia-persistenced (390.87-1) unstable; urgency=medium . * New upstream release. * Bump Standards-Version to 4.3.0. No changes needed. . nvidia-persistenced (390.25-1) unstable; urgency=medium . * New upstream release. * Add debian/upstream/metadata. * Fix new Lintian issues. * Switch Vcs-* URLs to salsa.debian.org. nvidia-persistenced (390.87-1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . nvidia-persistenced (390.87-1) unstable; urgency=medium . * New upstream release. * Bump Standards-Version to 4.3.0. No changes needed. . nvidia-persistenced (390.25-1) unstable; urgency=medium . * New upstream release. * Add debian/upstream/metadata. * Fix new Lintian issues. * Switch Vcs-* URLs to salsa.debian.org. . nvidia-persistenced (384.111-1~deb9u1) stretch; urgency=medium . * Rebuild for stretch. nvidia-persistenced (390.25-1) unstable; urgency=medium . * New upstream release. * Add debian/upstream/metadata. * Fix new Lintian issues. * Switch Vcs-* URLs to salsa.debian.org. nvidia-persistenced (384.111-1) unstable; urgency=medium . * New upstream release. * B-D: dpkg-dev (>= 1.18.8) for SOURCE_DATE_EPOCH in pkg-info.mk. * Bump Standards-Version to 4.1.3. No changes needed. nvidia-settings (390.87-1~deb9u1) stretch; urgency=medium . * Rebuild for stretch. * Revert to debhelper compat level 10. . nvidia-settings (390.87-1) unstable; urgency=medium . * New upstream release 390.87. * Add Build-Depends-Package field to symbols file. * Bump Standards-Version to 4.3.0. No changes needed. . nvidia-settings (390.67-1) unstable; urgency=medium . * New upstream release 390.67. * Use reproducibility patches from upstream. * Bump Standards-Version to 4.1.5. No changes needed. . nvidia-settings (390.48-2) unstable; urgency=medium . * Add Provides+Conflicts: nvidia-settings-gtk-${nvidia:Version} to prevent file conflicts with the legacy package built from the same upstream version. * Use dh_missing --fail-missing. . nvidia-settings (390.48-1) unstable; urgency=medium . * New upstream release 390.48. * Bump Standards-Version to 4.1.4. No changes needed. * Switch to debhelper compat level 11. . nvidia-settings (390.25-1) unstable; urgency=medium . * New upstream release 390.25. * Only build nvidia-settings on platforms where it is going to be used. (Closes: #892184) * Upload to unstable. . nvidia-settings (390.12-1) experimental; urgency=medium . * New upstream release 390.12. - Updated the SLI Mosaic layout page in the nvidia-settings control panel to support topologies with up to 32 displays. - Added an OpenGL stereo preview feature to the screen page in nvidia-settings. * Merge changes from 384.111. * Upload to experimental. . nvidia-settings (387.34-2) unstable; urgency=medium . * Generate the GTK3|GTK2 dependency dynamically. (Closes: #885709) * Merge changes from 384.111-1 (unstable), 384.111-1~deb9u1 (stretch). * Add debian/upstream/metadata. * Fix new Lintian issues. * Switch Vcs-* URLs to salsa.debian.org. * Upload to unstable. . nvidia-settings (387.34-1) experimental; urgency=medium . * New upstream release 387.34. * New upstream release 387.12. - Fixed a bug that sometimes prevented the "Reset Default Configuration" button in the nvidia-settings "ECC Settings" page from being available when the ECC configuration is set to a non-default state. - Fixed a bug that caused nvidia-settings to enforce overly aggressive limits on display positions in the "X Server Display Configuration" page under some circumstances. - Fixed a bug that could cause the "Enable Base Mosaic (Surround)" checkbox in nvidia-settings to disappear when an X screen, rather than a display, is selected in the "X Server Display Configuration" page. - Fixed a bug that caused the nvidia-settings control panel to retain some settings that had been applied, but not confirmed. This resulted in unwanted settings being applied to subsequent settings changes. * Refresh patches. * Bump Standards-Version to 4.1.2. No changes needed. * Upload to experimental. nvidia-settings (390.87-1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . nvidia-settings (390.87-1) unstable; urgency=medium . * New upstream release 390.87. * Add Build-Depends-Package field to symbols file. * Bump Standards-Version to 4.3.0. No changes needed. . nvidia-settings (390.67-1) unstable; urgency=medium . * New upstream release 390.67. * Use reproducibility patches from upstream. * Bump Standards-Version to 4.1.5. No changes needed. nvidia-settings (390.67-1) unstable; urgency=medium . * New upstream release 390.67. * Use reproducibility patches from upstream. * Bump Standards-Version to 4.1.5. No changes needed. nvidia-settings (390.48-2) unstable; urgency=medium . * Add Provides+Conflicts: nvidia-settings-gtk-${nvidia:Version} to prevent file conflicts with the legacy package built from the same upstream version. * Use dh_missing --fail-missing. nvidia-settings (390.48-2~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . nvidia-settings (390.48-2) unstable; urgency=medium . * Add Provides+Conflicts: nvidia-settings-gtk-${nvidia:Version} to prevent file conflicts with the legacy package built from the same upstream version. * Use dh_missing --fail-missing. . nvidia-settings (390.48-1) unstable; urgency=medium . * New upstream release 390.48. * Bump Standards-Version to 4.1.4. No changes needed. * Switch to debhelper compat level 11. . nvidia-settings (390.25-1) unstable; urgency=medium . * New upstream release 390.25. * Only build nvidia-settings on platforms where it is going to be used. (Closes: #892184) * Upload to unstable. . nvidia-settings (390.12-1) experimental; urgency=medium . * New upstream release 390.12. - Updated the SLI Mosaic layout page in the nvidia-settings control panel to support topologies with up to 32 displays. - Added an OpenGL stereo preview feature to the screen page in nvidia-settings. * Merge changes from 384.111. * Upload to experimental. . nvidia-settings (387.34-2) unstable; urgency=medium . * Generate the GTK3|GTK2 dependency dynamically. (Closes: #885709) * Merge changes from 384.111-1 (unstable), 384.111-1~deb9u1 (stretch). * Add debian/upstream/metadata. * Fix new Lintian issues. * Switch Vcs-* URLs to salsa.debian.org. * Upload to unstable. . nvidia-settings (387.34-1) experimental; urgency=medium . * New upstream release 387.34. * New upstream release 387.12. - Fixed a bug that sometimes prevented the "Reset Default Configuration" button in the nvidia-settings "ECC Settings" page from being available when the ECC configuration is set to a non-default state. - Fixed a bug that caused nvidia-settings to enforce overly aggressive limits on display positions in the "X Server Display Configuration" page under some circumstances. - Fixed a bug that could cause the "Enable Base Mosaic (Surround)" checkbox in nvidia-settings to disappear when an X screen, rather than a display, is selected in the "X Server Display Configuration" page. - Fixed a bug that caused the nvidia-settings control panel to retain some settings that had been applied, but not confirmed. This resulted in unwanted settings being applied to subsequent settings changes. * Refresh patches. * Bump Standards-Version to 4.1.2. No changes needed. * Upload to experimental. . nvidia-settings (384.111-1~deb9u1) stretch; urgency=medium . * Rebuild for stretch. nvidia-settings (390.48-1) unstable; urgency=medium . * New upstream release 390.48. * Bump Standards-Version to 4.1.4. No changes needed. * Switch to debhelper compat level 11. nvidia-settings (390.25-1) unstable; urgency=medium . * New upstream release 390.25. * Only build nvidia-settings on platforms where it is going to be used. (Closes: #892184) * Upload to unstable. nvidia-settings (390.12-1) experimental; urgency=medium . * New upstream release 390.12. - Updated the SLI Mosaic layout page in the nvidia-settings control panel to support topologies with up to 32 displays. - Added an OpenGL stereo preview feature to the screen page in nvidia-settings. * Merge changes from 384.111. nvidia-settings (387.34-2) unstable; urgency=medium . * Generate the GTK3|GTK2 dependency dynamically. (Closes: #885709) * Merge changes from 384.111-1 (unstable), 384.111-1~deb9u1 (stretch). * Add debian/upstream/metadata. * Fix new Lintian issues. * Switch Vcs-* URLs to salsa.debian.org. * Upload to unstable. nvidia-settings (387.34-1) experimental; urgency=medium . * New upstream release 387.34. * New upstream release 387.12. - Fixed a bug that sometimes prevented the "Reset Default Configuration" button in the nvidia-settings "ECC Settings" page from being available when the ECC configuration is set to a non-default state. - Fixed a bug that caused nvidia-settings to enforce overly aggressive limits on display positions in the "X Server Display Configuration" page under some circumstances. - Fixed a bug that could cause the "Enable Base Mosaic (Surround)" checkbox in nvidia-settings to disappear when an X screen, rather than a display, is selected in the "X Server Display Configuration" page. - Fixed a bug that caused the nvidia-settings control panel to retain some settings that had been applied, but not confirmed. This resulted in unwanted settings being applied to subsequent settings changes. * Refresh patches. * Bump Standards-Version to 4.1.2. No changes needed. * Upload to experimental. nvidia-settings (384.111-1) unstable; urgency=medium . * New upstream release 384.111. * Bump Standards-Version to 4.1.3. No changes needed. nvidia-xconfig (390.87-1~deb9u1) stretch; urgency=medium . * Rebuild for stretch. . nvidia-xconfig (390.87-1) unstable; urgency=medium . * New upstream release. * Bump Standards-Version to 4.3.0. No changes needed. . nvidia-xconfig (390.25-1) unstable; urgency=medium . * New upstream release. . nvidia-xconfig (387.34-1) unstable; urgency=medium . * New upstream release. * Add debian/upstream/metadata. * Fix new Lintian issues. * Switch Vcs-* URLs to salsa.debian.org. nvidia-xconfig (390.87-1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . nvidia-xconfig (390.87-1) unstable; urgency=medium . * New upstream release. * Bump Standards-Version to 4.3.0. No changes needed. . nvidia-xconfig (390.25-1) unstable; urgency=medium . * New upstream release. . nvidia-xconfig (387.34-1) unstable; urgency=medium . * New upstream release. * Add debian/upstream/metadata. * Fix new Lintian issues. * Switch Vcs-* URLs to salsa.debian.org. . nvidia-xconfig (384.111-1~deb9u1) stretch; urgency=medium . * Rebuild for stretch. nvidia-xconfig (390.25-1) unstable; urgency=medium . * New upstream release. nvidia-xconfig (387.34-1) unstable; urgency=medium . * New upstream release. * Add debian/upstream/metadata. * Fix new Lintian issues. * Switch Vcs-* URLs to salsa.debian.org. nvidia-xconfig (384.111-1) unstable; urgency=medium . * New upstream release. * Bump Standards-Version to 4.1.3. No changes needed. openni2 (2.2.0.33+dfsg-7+deb9u1) stretch; urgency=medium . * Non-maintainer upload. * Fix armhf baseline violation and armel FTBFS caused by NEON usage. (Closes: #874220) openssh (1:7.4p1-10+deb9u5) stretch; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2018-20685: disallow empty filenames or ones that refer to the current directory (Closes: #919101) * CVE-2019-6109: sanitize scp filenames via snmprintf (Closes: #793412) * CVE-2019-6111: check in scp client that filenames sent during remote->local directory copies satisfy the wildcards specified by the user openssl (1.1.0j-1~deb9u1) stretch-security; urgency=medium . * Import 1.1.0j - CVE-2018-0734 (Timing vulnerability in DSA signature generation) - CVE-2018-0735 (Timing vulnerability in ECDSA signature generation) - add new symbols . openssl (1.1.0i-1~deb9u1) stretch; urgency=medium . * Import 1.1.0i - Fix segfault ERR_clear_error (Closes: #903566) - Fix commandline option for CAengine (Closes: #907457) - CVE-2018-0732 (Client DoS due to large DH parameter) - CVE-2018-0737 (Cache timing vulnerability in RSA Key Generation) * Abort the build if symbols are discovered which are not part of the symbols file. * use signing-key.asc and a https links for downloads openssl (1.1.0h-4) unstable; urgency=medium . * Build the binary in indep mode again, so we can install the documentation again. * Drop @echo in flavour so it builds again on Alpha * Add a 25-test_verify.t for autopkgtest which runs against intalled openssl binary. openssl (1.1.0h-3) unstable; urgency=medium . * Drop afalgeng on kfreebsd-* which go enabled because they inherit from the linux target. * Fix regression with session cache use by clients (See: #895035). * openssl rehash: exit 0 on warnings, same as c_rehash (See: #895473 and #895482). * Fix debian-rules-sets-dpkg-architecture-variable. * Let VCS-* point to salsa.d.o. * Don't build the binary package in binary-indep mode. * Update to policy 4.1.4 - only Suggest: libssl-doc instead Recommends (only documentation and example code is shipped). - drop Priority: important. - use signing-key.asc and a https links for downloads * Use compat 11. - this moves the examples to /usr/share/doc/libssl-{doc->dev}/demos but it seems to make sense. * Fix CVE-2018-0737 (Closes: #895844). openssl (1.1.0h-2) unstable; urgency=high . * Revert "only quote stuff that actually needs quoting" so c_rehash has the quotes again (Closes: #894282). openssl (1.1.0h-1) unstable; urgency=medium . * Abort the build if symbols are discovered which are not part of the symbols file. * Add config support for MIPS R6, patch by YunQiang Su (Closes: #882007). * Enable afalgeng on Linux targets (Closes: #888305) * Add riscv64 target (Closes: #891797). * New upstream release 1.1.0h - Drop applied patches: aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-binut.patch - Update symbols file. - Fix CVE-2017-3738 (rsaz_1024_mul_avx2 overflow bug on x86_64) - Fix CVE-2018-0733 (Incorrect CRYPTO_memcmp on HP-UX PA-RISC) - Fix CVE-2018-0739 (Constructed ASN.1 types with a recursive definition could exceed the stack) * Correct lhash typo in header file (Closes: #892276). openssl (1.1.0g-2) unstable; urgency=high . * Avoid problems with aes assembler on armhf using binutils 2.29 openssl (1.1.0g-1) unstable; urgency=medium . * New upstream version - Fixes CVE-2017-3735 - Fixes CVE-2017-3736 * Remove patches applied upstream * Temporary enable TLS 1.0 and 1.1 again (#875423) * Attempt to fix testsuite race condition * update no-symbolic.patch to apply openssl (1.1.0f-5) unstable; urgency=medium . * Instead of completly disabling TLS 1.0 and 1.1, just set the minimum version to TLS 1.2 by default. TLS 1.0 and 1.1 can be enabled again by calling SSL_CTX_set_min_proto_version() or SSL_set_min_proto_version(). openssl (1.1.0f-4) unstable; urgency=medium . [ Sebastian Andrzej Siewior ] * Add support for arm64ilp32, patch by Wookey (Closes: #867240) . [ Kurt Roeckx ] * Disable TLS 1.0 and 1.1, leaving 1.2 as the only supported SSL/TLS version. This will likely break things, but the hope is that by the release of Buster everything will speak at least TLS 1.2. This will be reconsidered before the Buster release. * Fix a race condition in the test suite (Closes: #869856) openssl1.0 (1.0.2q-1~deb9u1) stretch-security; urgency=medium . * use signing-key.asc and a https links for downloads * Import 1.0.2q stable release. - CVE-2018-0737 (Cache timing vulnerability in RSA Key Generation) - CVE-2018-0732 (Client DoS due to large DH parameter) - CVE-2018-0734 (Timing vulnerability in DSA signature generation) - CVE-2018-5407 (Microarchitecture timing vulnerability in ECC scalar multiplication) openssl1.0 (1.0.2o-1) unstable; urgency=medium . * Add riscv64 (Closes: #891799). * New upstream version 1.0.2o: - Fixes CVE-2018-0739 (Constructed ASN.1 types with a recursive definition could exceed the stack) openssl1.0 (1.0.2n-1) unstable; urgency=medium . * New upstream version 1.0.2n - drop patches which applied upstream: - 0001-Fix-no-ssl3-build.patch - 0001-aes-armv4-bsaes-armv7-sha256-armv4-.pl-make-it-work-.patch - Fixes CVE-2017-3737 (Read/write after SSL object in error state) - Fixes CVE-2017-3738 (rsaz_1024_mul_avx2 overflow bug on x86_64) * move to gbp * Abort the build if symbols are discovered which are not part of the symbols file. openssl1.0 (1.0.2m-3) unstable; urgency=medium . * Avoid problems with aes and sha256 assembler on armhf using binutils 2.29 openssl1.0 (1.0.2m-2) unstable; urgency=medium . * Fix no-ssl3-method build openssl1.0 (1.0.2m-1) unstable; urgency=high . [ Kurt Roeckx ] * New upstream version - Fixes CVE-2017-3735 - Fixes CVE-2017-3736 . [ Sebastian Andrzej Siewior] * Add support for arm64ilp32, Patch by Wookey (Closes: #874709). openvpn (2.4.0-6+deb9u3) stretch; urgency=medium . * Fix NCP behaviour on TLS reconnect, causing "AEAD Decrypt error: cipher final failed" errors (Closes: #909430, #910937) parsedatetime (2.1-3+deb9u1) stretch; urgency=medium . * Rebuild to add python3 version for certbot stable update. pdns (4.0.3-1+deb9u3) stretch; urgency=medium . * Fix (security) bugs, partially using upstream patches: * CVE-2018-1046 in dnsreplay (Closes: #898255) * CVE-2018-10851 (Closes: #913163) * MySQL queries with stored procedures (Closes: #889798) * ldap, lua, opendbx backend not finding domains (Closes: #911659) pdns-recursor (4.0.4-1+deb9u4) stretch; urgency=high . * Security upload for CVE-2018-10851 CVE-2018-14626 CVE-2018-14644. perl (5.24.1-3+deb9u5) stretch-security; urgency=high . * [SECURITY] CVE-2018-18311: Integer overflow leading to buffer overflow and segmentation fault * [SECURITY] CVE-2018-18312: Heap-buffer-overflow write in S_regatom (regcomp.c) * [SECURITY] CVE-2018-18313: Heap-buffer-overflow read in regcomp.c * [SECURITY] CVE-2018-18314: Heap-based buffer overflow in extended character classes photocollage (1.4.3-2.1~deb9u1) stretch; urgency=medium . * Non-maintainer upload. * Rebuild for stretch. . photocollage (1.4.3-2.1) unstable; urgency=medium . * Non-maintainer upload. * Add the missing dependency on gir1.2-gtk-3.0. (Closes: #914440) php-pear (1:1.10.1+submodules+notgz-9+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Don't allow filenames to start with phar:// (CVE-2018-1000888) (Closes: #919147) php7.0 (7.0.33-0+deb9u1) stretch-security; urgency=high . * New upstream version 7.0.33 * Fixed security bugs: + [CVE-2018-19518]: imap_open() function command injection + [CVE-2018-14851]: heap-buffer-overflow (READ of size 48) while reading exif data + [CVE-2018-14883]: Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c + [CVE-2018-17082]: XSS due to the header Transfer-Encoding: chunked php7.0 (7.0.32-1) unstable; urgency=medium . * New upstream version 7.0.32 * Rebase patches for PHP 7.0.32 php7.0 (7.0.31-1) unstable; urgency=medium . [ Ondřej Surý ] * New upstream version 7.0.31 * Fix the Vcs-Browser link php7.0 (7.0.30-2) unstable; urgency=medium . * Update Vcs-* links to salsa.d.o * Update maintainer address to team+pkg-php@tracker.d.o php7.0 (7.0.30-1) unstable; urgency=medium . * New upstream version 7.0.30 * Rebase patches for PHP 7.0.30 policykit-1 (0.105-18+deb9u1) stretch-security; urgency=medium . * CVE-2018-19788 (Closes: #915332) postfix (3.1.9-0+deb9u2) stretch; urgency=medium . * Update debian/watch to point to the 3.1 series used in stretch . postfix (3.1.9-0+deb9u1) stretch; urgency=medium . [Scott Kitterman] . * Unset inet_interfaces in postfix-instance-generator to avoid postconf failures when the generator runs during boot (Thanks to Stefan Anders for the patch). Closes: #896155 * Also fix use of postmulti in debian/configure-instance.sh since postfix-instance-generator uses it before the network is up. Closes: #882141 . [Wietse Venema] . * 3.1.9 - Cleanup: added 21 missing *_maps parameters to the default proxy_read_maps setting. Files: global/mail_params.h. . - Bugfix (introduced: 20120117): postconf should scan only built-in or service-defined parameters for ldap, *sql, etc. database names. Files: postconf/postconf_user.c. . - Bugfix (introduced: 19990302): when luser_relay specifies a non-existent local address, the luser_relay feature becomes a black hole. Reported by Jørgen Thomsen. File: local/unknown.c. . - Bugfix (introduced: Postfix 2.8): missing tls_server_start() error propagation in tlsproxy(8) resulting in segfault after TLS handshake error. Found during code maintenance. File: tlsproxy/tlsproxy.c. postfix (3.1.9-0+deb9u1) stretch; urgency=medium . [Scott Kitterman] . * Unset inet_interfaces in postfix-instance-generator to avoid postconf failures when the generator runs during boot (Thanks to Stefan Anders for the patch). Closes: #896155 * Also fix use of postmulti in debian/configure-instance.sh since postfix-instance-generator uses it before the network is up. Closes: #882141 . [Wietse Venema] . * 3.1.9 - Cleanup: added 21 missing *_maps parameters to the default proxy_read_maps setting. Files: global/mail_params.h. . - Bugfix (introduced: 20120117): postconf should scan only built-in or service-defined parameters for ldap, *sql, etc. database names. Files: postconf/postconf_user.c. . - Bugfix (introduced: 19990302): when luser_relay specifies a non-existent local address, the luser_relay feature becomes a black hole. Reported by Jørgen Thomsen. File: local/unknown.c. . - Bugfix (introduced: Postfix 2.8): missing tls_server_start() error propagation in tlsproxy(8) resulting in segfault after TLS handshake error. Found during code maintenance. File: tlsproxy/tlsproxy.c. postgresql-9.6 (9.6.11-0+deb9u1) stretch; urgency=medium . * New upstream version. postgrey (1.36-3+deb9u2) stretch; urgency=medium . * Non-maintainer upload. * Revert the 1.36-3+deb9u1 change due to regression. (see #880047) . postgrey (1.36-3+deb9u1) stretch; urgency=medium . * Non-maintainer upload. * debian/postgrey.init: create /var/run/postgrey if it does not exist, patch provided by Laurent Bigonville . (Closes: 756813, 880047) postgrey (1.36-3+deb9u1) stretch; urgency=medium . * Non-maintainer upload. * debian/postgrey.init: create /var/run/postgrey if it does not exist, patch provided by Laurent Bigonville . (Closes: 756813, 880047) pylint-django (0.7.2-1+deb9u1) stretch; urgency=medium . * Non-maintainer upload. * Fix the python3-pylint-django dependencies. (Closes: #867413) python-acme (0.28.0-1~deb9u1) stretch; urgency=medium . * This stretch update is to cure the problem caused by the deprecation and disabling of the upstream TLS-SNI-01 certificate verification protocol due to a security vulnerability. Note, the security vulnerability isn't in this package; rather, earlier versions of certbot are no longer functional due to changes in the interface that certbot uses to retrieve certificates. * Pull in unreleased version bump of josepy to fix deprecation warnings. * Pull in two patches to help fix josepy compatibility problems. * Pull in a Breaks to require upgrade in a single move. python-acme (0.28.0-1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. * Pull in unreleased version bump of josepy to fix deprecation warnings. python-acme (0.27.0-1) unstable; urgency=medium . * New upstream release. * Bump S-V; no changes needed. python-acme (0.26.0-1) unstable; urgency=medium . * New upstream version 0.26.0 * Bump S-V; add Rules-Require-Root: no python-acme (0.25.1-1) unstable; urgency=medium . * New upstream version 0.25.1 python-acme (0.25.1-1~bpo9+1) stretch-backports; urgency=high . * Rebuild for stretch-backports. . python-acme (0.25.1-1) unstable; urgency=medium . * New upstream version 0.25.1 . python-acme (0.25.0-1) unstable; urgency=medium . * New upstream version 0.25.0 * Add new dependency on requests-toolbelt * Drop unnecessary X-Python-Version fields * Add pytest as build-time dep only. . python-acme (0.24.0-2) unstable; urgency=medium . * Update team email address. (Closes: #895863) . python-acme (0.24.0-1) unstable; urgency=medium . * New upstream release. * Bump S-V; no changes needed. python-acme (0.25.0-1) unstable; urgency=medium . * New upstream version 0.25.0 * Add new dependency on requests-toolbelt * Drop unnecessary X-Python-Version fields * Add pytest as build-time dep only. python-acme (0.24.0-2) unstable; urgency=medium . * Update team email address. (Closes: #895863) python-acme (0.24.0-1) unstable; urgency=medium . * New upstream release. * Bump S-V; no changes needed. python-acme (0.22.2-1) unstable; urgency=medium . * New upstream release. python-acme (0.22.2-1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. python-acme (0.22.0-1) unstable; urgency=medium . * New upstream release -- now with wildcards! python-acme (0.21.1-1) unstable; urgency=high . * New upstream release. * Cleanup from josepy separation. python-acme (0.21.1-1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. python-acme (0.20.0-1) unstable; urgency=low . * New upstream release. * Add new dependencies introduced upstream. * Bump S-V, debhelper versions. * Move doc-base ref to package instead of package-doc. python-acme (0.19.0-1) unstable; urgency=medium . * New upstream release. python-acme (0.19.0-1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . python-acme (0.19.0-1) unstable; urgency=medium . * New upstream release. . python-acme (0.18.2-1) unstable; urgency=medium . * New upstream release. * Bump S-V; no changes needed. * Switch to python3-sphinx for docs. . python-acme (0.17.0-1) unstable; urgency=medium . * New upstream release. * Reduce dependency on python-requests, following upstream. * Increase priority to optional to comply with Policy v4.0.1.0 * Declare Testsuite using simple autopkgtest. * Bump S-V to 4.0.1. . python-acme (0.14.2-1) experimental; urgency=medium . * Team upload. * New upstream release. . python-acme (0.12.0-1) experimental; urgency=medium . * New upstream release. . python-acme (0.11.1-1) unstable; urgency=medium . * New upstream release. * Drop dep on python3?-dnspython removed upstream python-acme (0.18.2-1) unstable; urgency=medium . * New upstream release. * Bump S-V; no changes needed. * Switch to python3-sphinx for docs. python-acme (0.17.0-1) unstable; urgency=medium . * New upstream release. * Reduce dependency on python-requests, following upstream. * Increase priority to optional to comply with Policy v4.0.1.0 * Declare Testsuite using simple autopkgtest. * Bump S-V to 4.0.1. python-acme (0.14.2-1) experimental; urgency=medium . * Team upload. * New upstream release. python-acme (0.12.0-1) experimental; urgency=medium . * New upstream release. python-acme (0.11.1-1) unstable; urgency=medium . * New upstream release. * Drop dep on python3?-dnspython removed upstream python-arpy (1.1.1-3~deb9u1) stretch; urgency=medium . * Non-maintainer upload. * Rebuild for stretch. . python-arpy (1.1.1-3) unstable; urgency=low . * Team upload. . [ Christoph Egger ] * Add VCS-* headers . [ Ondřej Nový ] * Fixed homepage (https) * Fixed VCS URL (https) . [ Scott Kitterman ] * Correct substitution variable for python3 interpreter depends (Closes: #867418) * Remove unneeded python:Provides * Update homepage for move to github * Add debian/watch python-certbot (0.28.0-1~deb9u1) stretch; urgency=medium . * This stretch update is to cure the problem caused by the deprecation and disabling of the upstream TLS-SNI-01 certificate verification protocol due to a security vulnerability. Note, the security vulnerability isn't in this package; rather, earlier versions of certbot are no longer functional due to changes in the interface that certbot uses to retrieve certificates. (Closes: #887399) python-certbot (0.28.0-1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. python-certbot (0.27.0-1) unstable; urgency=medium . * New upstream version 0.27.0 * Refresh patch after upstream migration to codecov * Bump python-sphinx requirement defensively; bump S-V with no changes * Bump dep on python-acme to 0.26.0~ python-certbot (0.26.1-1) unstable; urgency=medium . * New upstream release. python-certbot (0.26.0-1) unstable; urgency=medium . * New upstream version 0.26.0 * Bump S-V; add R-R-R: no python-certbot (0.25.0-1) unstable; urgency=medium . * New upstream version 0.25.0 * Bump python-acme dep version. python-certbot (0.25.0-1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. python-certbot (0.24.0-2) unstable; urgency=medium . * Update team email address. (Closes: #899858) python-certbot (0.24.0-1) unstable; urgency=medium . * Add OR to dep on python-distutils for stretch-bpo * New upstream version 0.24.0 * Bump version dep on python3-acme python-certbot (0.23.0-1) unstable; urgency=medium . * New upstream release. * Add testdata back in to prevent test failure in RDeps. (Closes: #894025) * Bump S-V; no changes needed. python-certbot (0.23.0-1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. python-certbot (0.22.2-2) unstable; urgency=medium . * Change the way we remove testdata for better downstream support * Add dep on python3-distutils (Closes: #893775) python-certbot (0.22.2-1) unstable; urgency=medium . * New upstream release. python-certbot (0.22.0-1) unstable; urgency=medium . * New upstream release -- now with wildcards! * Break the strict dependency relationship between certbot packages. python-certbot (0.21.1-1) unstable; urgency=high . * New upstream release. * Move d/copyright format to HTTPS python-certbot (0.21.1-1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . python-certbot (0.21.1-1) unstable; urgency=high . * New upstream release. * Move d/copyright format to HTTPS . python-certbot (0.20.0-3) unstable; urgency=medium . * Setup logrotation for certbot log files. (Closes: #873581, #881176) . python-certbot (0.20.0-2) unstable; urgency=low . * Add additional Breaks on py2 variants of libs. . python-certbot (0.20.0-1) unstable; urgency=low . * New upstream release. * Switch to python3! * Update to debhelper 11, bump S-V. . python-certbot (0.19.0-1) unstable; urgency=medium . * New upstream release. (Closes: #838548) python-certbot (0.20.0-3) unstable; urgency=medium . * Setup logrotation for certbot log files. (Closes: #873581, #881176) python-certbot (0.20.0-2) unstable; urgency=low . * Add additional Breaks on py2 variants of libs. python-certbot (0.20.0-1) unstable; urgency=low . * New upstream release. * Switch to python3! * Update to debhelper 11, bump S-V. python-certbot (0.19.0-1) unstable; urgency=medium . * New upstream release. (Closes: #838548) python-certbot (0.19.0-1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . python-certbot (0.19.0-1) unstable; urgency=medium . * New upstream release. (Closes: #838548) . python-certbot (0.18.2-1) unstable; urgency=medium . * New upstream release. * Bump S-V; no changes needed. * Switch from python-sphinx to python3-sphinx . python-certbot (0.17.0-2) unstable; urgency=high . * Revert d/rules for systemd cleanup. (Closes: #872090) . python-certbot (0.17.0-1) unstable; urgency=medium . [ Mattia Rizzolo ] * d/control: rename git repository to python-certbot too . [ Harlan Lieberman-Berg ] * New upstream version 0.17.0 * Bump S-V to 4.0.1, changing Priority to optional. * Bump B-D on python-cryptography * Add very basic autopkgtest. * Refresh patches. * Fix merge failure. * Tweak d/rules for systemd cleanup, raise compat to 10. . python-certbot (0.14.2-1) experimental; urgency=medium . * Team upload. * New upstream release. . python-certbot (0.12.0-1) experimental; urgency=medium . * New upstream release. * Add python-ipdb as build dependency. * Drop unnecessary dependency on dh-systemd (Closes: #856239) . python-certbot (0.11.1-1) unstable; urgency=medium . * New upstream release. * Add .pc to gitignore * Drop python-psutil dep no longer needed python-certbot (0.18.2-1) unstable; urgency=medium . * New upstream release. * Bump S-V; no changes needed. * Switch from python-sphinx to python3-sphinx python-certbot (0.17.0-2) unstable; urgency=high . * Revert d/rules for systemd cleanup. (Closes: #872090) python-certbot (0.17.0-1) unstable; urgency=medium . [ Mattia Rizzolo ] * d/control: rename git repository to python-certbot too . [ Harlan Lieberman-Berg ] * New upstream version 0.17.0 * Bump S-V to 4.0.1, changing Priority to optional. * Bump B-D on python-cryptography * Add very basic autopkgtest. * Refresh patches. * Fix merge failure. * Tweak d/rules for systemd cleanup, raise compat to 10. python-certbot (0.14.2-1) experimental; urgency=medium . * Team upload. * New upstream release. python-certbot (0.12.0-1) experimental; urgency=medium . * New upstream release. * Add python-ipdb as build dependency. python-certbot (0.11.1-1) unstable; urgency=medium . * New upstream release. * Add .pc to gitignore * Drop python-psutil dep no longer needed python-certbot-apache (0.28.0-1~deb9u1) stretch; urgency=medium . * This stretch update is to cure the problem caused by the deprecation and disabling of the upstream TLS-SNI-01 certificate verification protocol due to a security vulnerability. Note, the security vulnerability isn't in this package; rather, earlier versions of certbot are no longer functional due to changes in the interface that certbot uses to retrieve certificates. python-certbot-apache (0.28.0-1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. python-certbot-apache (0.27.1-1) unstable; urgency=medium . * New upstream release. python-certbot-apache (0.27.0-1) unstable; urgency=medium . * New upstream version 0.27.0 * Bump S-V; no changes needed * Add lintian-override for cross-python version dep. python-certbot-apache (0.26.0-1) unstable; urgency=medium . * New upstream version 0.26.0 * Bump deps on certbot, add acme dep explicitly * Bump S-V with R-R-R: no python-certbot-apache (0.25.0-2) unstable; urgency=medium . * Fix incorrect version dependency. python-certbot-apache (0.25.0-2~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. python-certbot-apache (0.25.0-1) unstable; urgency=medium . * New upstream version 0.25.0 * Bump dep on certbot python-certbot-apache (0.24.0-2) unstable; urgency=medium . * Update team email address to tracker.d.o. (Closes: #899667) python-certbot-apache (0.24.0-1) unstable; urgency=medium . * New upstream version 0.24.0 * Bump S-V; no changes needed. python-certbot-apache (0.23.0-1) unstable; urgency=medium . * New upstream release. python-certbot-apache (0.23.0-1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. python-certbot-apache (0.22.0-1) unstable; urgency=medium . * New upstream release -- now with wildcards! * Break strict dependency requirements. * Drop patches applied upstream. python-certbot-apache (0.21.1-1) unstable; urgency=high . * New upstream release. * Update Vcs-Git URL to be HTTPS. * Switch d/copyright URL to HTTPS. python-certbot-apache (0.21.1-1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . python-certbot-apache (0.21.1-1) unstable; urgency=high . * New upstream release. * Update Vcs-Git URL to be HTTPS. * Switch d/copyright URL to HTTPS. . python-certbot-apache (0.20.0-3) unstable; urgency=medium . * Add version restriction on the Breaks of the dummy. . python-certbot-apache (0.20.0-2) unstable; urgency=low . * Add transitional dummy package. . python-certbot-apache (0.20.0-1) unstable; urgency=low . * New upstream release. * Convert to python3! * Upgrade to debhelper 11. . python-certbot-apache (0.19.0-1) unstable; urgency=medium . * New upstream release. python-certbot-apache (0.20.0-3) unstable; urgency=medium . * Add version restriction on the Breaks of the dummy. python-certbot-apache (0.20.0-2) unstable; urgency=low . * Add transitional dummy package. python-certbot-apache (0.20.0-1) unstable; urgency=low . * New upstream release. * Convert to python3! * Upgrade to debhelper 11. python-certbot-apache (0.19.0-1) unstable; urgency=medium . * New upstream release. python-certbot-apache (0.19.0-1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . python-certbot-apache (0.19.0-1) unstable; urgency=medium . * New upstream release. . python-certbot-apache (0.18.2-1) unstable; urgency=medium . * New upstream release. * Move to python3-sphinx. * Bump S-V; no changes needed. * Drop unnecessary Testsuite header. . python-certbot-apache (0.17.0-1) unstable; urgency=medium . * New upstream release. * Move experimental to unstable now that the freeze is over. * Upgrade to v4.0.1 of Debian policy . python-certbot-apache (0.14.2-1) experimental; urgency=medium . * Team upload. * New upstream release. * Add dep8 smoke test. . python-certbot-apache (0.12.0-1) experimental; urgency=medium . * New usptream release. . python-certbot-apache (0.11.1-1) unstable; urgency=medium . * New upstream release. python-certbot-apache (0.18.2-1) unstable; urgency=medium . * New upstream release. * Move to python3-sphinx. * Bump S-V; no changes needed. * Drop unnecessary Testsuite header. python-certbot-apache (0.17.0-1) unstable; urgency=medium . * New upstream release. * Move experimental to unstable now that the freeze is over. * Upgrade to v4.0.1 of Debian policy python-certbot-apache (0.14.2-1) experimental; urgency=medium . * Team upload. * New upstream release. * Add dep8 smoke test. python-certbot-apache (0.12.0-1) experimental; urgency=medium . * New usptream release. python-certbot-apache (0.11.1-1) unstable; urgency=medium . * New upstream release. python-certbot-nginx (0.28.0-1~deb9u1) stretch; urgency=medium . * This stretch update is to cure the problem caused by the deprecation and disabling of the upstream TLS-SNI-01 certificate verification protocol due to a security vulnerability. Note, the security vulnerability isn't in this package; rather, earlier versions of certbot are no longer functional due to changes in the interface that certbot uses to retrieve certificates. python-certbot-nginx (0.28.0-1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. python-certbot-nginx (0.26.0-1) unstable; urgency=medium . * New upstream version 0.26.0 * Bump dependencies to match setup.py * Bump S-V; add R-R-R: no python-certbot-nginx (0.25.0-2) unstable; urgency=medium . * Bump version requirement for acme and release -2 python-certbot-nginx (0.25.0-2~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. python-certbot-nginx (0.25.0-1) unstable; urgency=medium . * New upstream version 0.25.0 python-certbot-nginx (0.23.0-2) unstable; urgency=medium . * Switch maintainer email to tracker.d.o (Closes: #899674) python-certbot-nginx (0.23.0-1) unstable; urgency=medium . * New upstream release. * Bump S-V; no chnages needed. python-certbot-nginx (0.23.0-1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. python-certbot-nginx (0.22.0-1) unstable; urgency=medium . * New upstream release -- now with wildcards! * Break strict dependency requirement. python-certbot-nginx (0.21.1-1) unstable; urgency=high . * New upstream release. * Change Vcs-Git to use HTTPS. * Change d/copyright to use HTTPS python-certbot-nginx (0.21.1-1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . python-certbot-nginx (0.21.1-1) unstable; urgency=high . * New upstream release. * Change Vcs-Git to use HTTPS. * Change d/copyright to use HTTPS . python-certbot-nginx (0.20.0-3) unstable; urgency=medium . * Add version restriction to Breaks/Replaces for dummy. (Closes: #886954) . python-certbot-nginx (0.20.0-2) unstable; urgency=low . * Add transitional dummy package. . python-certbot-nginx (0.20.0-1) unstable; urgency=low . * New upstream release. * Switch to python3! * Update to debhelper 11, bump S-V. . python-certbot-nginx (0.19.0-1) unstable; urgency=medium . * New upstream release. python-certbot-nginx (0.20.0-3) unstable; urgency=medium . * Add version restriction to Breaks/Replaces for dummy. (Closes: #886954) python-certbot-nginx (0.20.0-2) unstable; urgency=low . * Add transitional dummy package. python-certbot-nginx (0.20.0-1) unstable; urgency=low . * New upstream release. * Switch to python3! * Update to debhelper 11, bump S-V. python-certbot-nginx (0.19.0-1) unstable; urgency=medium . * New upstream release. python-certbot-nginx (0.19.0-1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . python-certbot-nginx (0.19.0-1) unstable; urgency=medium . * New upstream release. . python-certbot-nginx (0.18.2-1) unstable; urgency=medium . * New upstream release. * Move to python3-sphinx; bump S-V without changes. * Drop unnecessary Testsuite. . python-certbot-nginx (0.17.0-1) unstable; urgency=medium . * New upstream release. * Move to unstable from experimental, now that the freeze is over. * Update to latest Debian policy. . python-certbot-nginx (0.14.2-1) experimental; urgency=medium . * Team upload. * New upstream release. * Add dep8 smoke test. . python-certbot-nginx (0.12.0-1) experimental; urgency=medium . * New upstream release. . python-certbot-nginx (0.11.1-1) unstable; urgency=medium . * New upstream release. python-certbot-nginx (0.18.2-1) unstable; urgency=medium . * New upstream release. * Move to python3-sphinx; bump S-V without changes. * Drop unnecessary Testsuite. python-certbot-nginx (0.17.0-1) unstable; urgency=medium . * New upstream release. * Move to unstable from experimental, now that the freeze is over. * Update to latest Debian policy. python-certbot-nginx (0.14.2-1) experimental; urgency=medium . * Team upload. * New upstream release. * Add dep8 smoke test. python-certbot-nginx (0.12.0-1) experimental; urgency=medium . * New upstream release. python-certbot-nginx (0.11.1-1) unstable; urgency=medium . * New upstream release. python-django (1:1.10.7-2+deb9u4) stretch-security; urgency=high . * CVE-2019-3498: Prevent a content-spoofing vulnerability in the default 404 page. (Closes: #918230) python-hypothesis (3.6.1-1+deb9u1) stretch; urgency=medium . [ Andreas Beckmann ] * Non-maintainer upload. * Backport fix from 3.12.0-1 to stretch. . [ Tristan Seligmann ] * Fix permuted python3-hypothesis and python-hypothesis-doc Depends stanzas (closes: #867435). python-josepy (1.1.0-2~deb9u1) stretch; urgency=medium . * Backport to stable as a dependency for python-acme. python-josepy (1.1.0-2~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. python-josepy (1.1.0-1) unstable; urgency=medium . * New upstream release. python-josepy (1.0.1-1) unstable; urgency=medium . * Initial release. (Closes: #888624) * To prevent breaking downstream libs that may be using python-acme, we also have to build the Python 2 version. python-josepy (1.0.1-1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. pyzo (4.3.1-1+deb9u1) stretch; urgency=medium . [ Andreas Beckmann] * Non-maintainer upload. * Backport dependency fix from 4.4.3-1.2. . [ Adrian Bunk ] * Add the missing dependency on python3-pkg-resources, thanks to Julien Cervelle. (Closes: #917085) qemu (1:2.8+dfsg-6+deb9u5) stretch-security; urgency=medium . * Backport SSBD support (Closes: #908682) * CVE-2018-10839 (Closes: #910431) * CVE-2018-17962 (Closes: #911468) * CVE-2018-17963 (Closes: #911469) r-cran-readxl (0.1.1-1+deb9u2) stretch; urgency=high . * src/libxls/ole.h: Updated from readxl upstream (Closes: #920804) * libxls/xlstool.h: Idem * ole.c: Idem * xls.c: Idem * xlstool.c: Idem . * This addresses CVE-2018-20450 CVE-2018-20452 with corresponding upstream patch in libxls and readxl roundcube (1.2.3+dfsg.1-4+deb9u3) stretch-security; urgency=high . * Backport fix for CVE-2018-19206: XSS vulnerability via crafted use of