dgit.raspbian.org Git - linux.git/log

fs: Add MODULE_SOFTDEP declarations for hard-coded crypto drivers

This helps initramfs builders and other tools to find the full
dependencies of a module.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
[Lukas Wunner: Forward-ported to 4.11: drop parts applied upstream]

Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name fs-add-module_softdep-declarations-for-hard-coded-cr.patch

phy/marvell: disable 4-port phys

The Marvell PHY was originally disabled because it can cause networking
failures on some systems. According to Lennert Buytenhek this is because some
of the variants added did not share the same register layout. Since the known
cases are all 4-ports disable those variants (indicated by a 4 in the
penultimate position of the model name) until they can be audited for
correctness.

[bwh: Also #if-out the init functions for these PHYs to avoid
compiler warnings]

Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name disable-some-marvell-phys.patch

kbuild: Use -nostdinc in compile tests

gcc 4.8 and later include <stdc-predef.h> by default.  In some
versions of eglibc that includes <bits/predefs.h>, but that may be
missing when building with a biarch compiler.  Also <stdc-predef.h>
itself could be missing as we are only trying to build a kernel, not
userland.

The -nostdinc option disables this, though it isn't explicitly
documented.  This option is already used when actually building
the kernel, but not by cc-option and other tests.  This can result
in silently miscompiling the kernel.

References: https://bugs.debian.org/717557
References: https://bugs.debian.org/726861
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name kbuild-use-nostdinc-in-compile-tests.patch

x86: Make x32 syscall support conditional on a kernel parameter

Enabling x32 in the standard amd64 kernel would increase its attack
surface while provide no benefit to the vast majority of its users.
No-one seems interested in regularly checking for vulnerabilities
specific to x32 (at least no-one with a white hat).

Still, adding another flavour just to turn on x32 seems wasteful. And
the only differences on syscall entry are a few instructions that mask
out the x32 flag and compare the syscall number.

Use a static key to control whether x32 syscalls are really enabled, a
Kconfig parameter to set its default value and a kernel parameter
"syscall.x32" to change it at boot time.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/x86
Gbp-Pq: Name x86-make-x32-syscall-support-conditional.patch

x86: memtest: WARN if bad RAM found

Since this is not a particularly thorough test, if we find any bad
bits of RAM then there is a fair chance that there are other bad bits
we fail to detect.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/x86
Gbp-Pq: Name x86-memtest-WARN-if-bad-RAM-found.patch

MIPS: Loongson 3: Add Loongson LS3A RS780E 1-way machine definition

Add a Loongson LS3A RS780E 1-way machine definition, which only differs
from other Loongson 3 based machines by the UART base clock speed.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
[bwh: Forward-ported to 4.2]

Gbp-Pq: Topic features/mips
Gbp-Pq: Name MIPS-Loongson-3-Add-Loongson-LS3A-RS780E-1-way-machi.patch

MIPS: increase MAX_PHYSMEM_BITS on Loongson 3 only

Commit c4617318 broke Loongson-2 support and maybe even more by increasing
the value of MAX_PHYSMEM_BITS. At it is currently only needed on
Loongson-3, define it conditionally.

Note: this should be replace by upstream fix when available.

Gbp-Pq: Topic features/mips
Gbp-Pq: Name MIPS-increase-MAX-PHYSMEM-BITS-on-Loongson-3-only.patch

mmap: Add an exception to the stack gap for Hotspot JVM compatibility

The Hotspot JVM can easily exhaust the default stack, and has a
SIGSEGV handler to cope with this by switching to a new stack segment.

However, on i386 it creates a single writable and executable page just
under the stack limit as a workaround for a bug in Exec Shield. That
together with the enlarged stack gap causes the SIGSEGV handler to be
triggered when the stack pointer is further away from the stack limit,
and it doesn't recognise this as being a stack overflow.

This specifically affects programs that use JNI. Hotspot doesn't
normally run Java code on the initial thread.

Reduce the effective stack guard gap on x86 if the previous vma is
a single page allocated as MAP_FIXED.

References: https://bugs.debian.org/865303
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/x86
Gbp-Pq: Name mmap-add-an-exception-to-the-stack-gap-for-hotspot-jvm.patch

mmap: Remember the MAP_FIXED flag as VM_FIXED

Since 4.15 there are no spare bits, but we can use VM_ARCH_1 as
VM_FIXED wil only be needed on x86.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/x86
Gbp-Pq: Name mmap-remember-the-map_fixed-flag-as-vm_fixed.patch

sh: Do not use hyphen in exported variable names

arch/sh/Makefile defines and exports ld-bfd to be used by
arch/sh/boot/Makefile and arch/sh/boot/compressed/Makefile.  Similarly
arch/sh/boot/Makefile defines and exports suffix-y to be used by
arch/sh/boot/compressed/Makefile.  However some shells, including
dash, will not pass through environment variables whose name includes
a hyphen.  Usually GNU make does not use a shell to recurse, but if
e.g. $(srctree) contains '~' it will use a shell here.

Rename these variables to ld_bfd and suffix_y.

References: https://buildd.debian.org/status/fetch.php?pkg=linux&arch=sh4&ver=4.13%7Erc5-1%7Eexp1&stamp=1502943967&raw=0
Fixes: ef9b542fce00 ("sh: bzip2/lzma uImage support.")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/sh
Gbp-Pq: Name sh-boot-do-not-use-hyphen-in-exported-variable-name.patch

perf tools: Fix unwind build on i386

EINVAL may not be defined when building unwind-libunwind.c with
REMOTE_UNWIND_LIBUNWIND, resulting in a compiler error in
LIBUNWIND__ARCH_REG_ID(). Its only caller, access_reg(), only checks
for a negative return value and doesn't care what it is. So change
-EINVAL to -1.

Fixes: 52ffe0ff02fc ("Support x86(32-bit) cross platform callchain unwind.")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/x86
Gbp-Pq: Name perf-tools-fix-unwind-build-on-i386.patch

Revert "gpu: host1x: Add IOMMU support"

This reverts commit 404bfb78daf3bedafb0bfab24947059575cbea3d, which
resulted in a build failure:

drivers/gpu/host1x/cdma.c: In function 'host1x_pushbuffer_init':
drivers/gpu/host1x/cdma.c:94:48: error: passing argument 3 of 'dma_alloc_wc' from incompatible pointer type [-Werror=incompatible-pointer-types]
   pb->mapped = dma_alloc_wc(host1x->dev, size, &pb->phys,
                                                ^
In file included from drivers/gpu/host1x/cdma.c:22:0:
include/linux/dma-mapping.h:773:21: note: expected 'dma_addr_t * {aka long long unsigned int *}' but argument is of type 'phys_addr_t * {aka unsigned int *}'
static inline void *dma_alloc_wc(struct device *dev, size_t size,
                     ^~~~~~~~~~~~

This code is mixing up dma_addr_t and phys_addr_t, and this looks had
to avoid when combining the two address mapping APIs.  But with XEN
enabled and ARM_LPAE not enabled, as in the armmp config, dma_addr_t
is 64-bit while phys_addr_t is 32-bit.

It also reverts commit fea20995976f4b2e8968f852a18e280487d42f0d
"gpu: host1x: Free the IOMMU domain when there is no device to attach"
and commit 8b3f5ac6b55f5f3f60723a58f14ec235a5b8cfe
"gpu: host1x: Don't fail on NULL bo physical address" which depend on it.

Gbp-Pq: Topic debian
Gbp-Pq: Name revert-gpu-host1x-add-iommu-support.patch

platform/x86: ideapad-laptop: Add several models to no_hw_rfkill

Some Lenovo ideapad models do not have hardware rfkill switches, but
trying to read the rfkill switches through the ideapad-laptop module.
It caused to always reported blocking breaking wifi.

Fix it by adding those models to no_hw_rfkill_list.

Signed-off-by: Yang Jiaxun <yjx@flygoat.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Gbp-Pq: Topic bugfix/x86
Gbp-Pq: Name platform-x86-ideapad-laptop-add-several-models-to-no.patch

platform/x86: ideapad-laptop: Add IdeaPad V510-15IKB to no_hw_rfkill

Like other Lenovo models the IdeaPad V510-15IKB does not have an hw
rfkill switch. This results in hard-blocked radios after boot, resulting
in always blocked radios rendering them unusable.

Add the IdeaPad V510-15IKB to the no_hw_rfkill DMI list and allows using
the built-in radios.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Gbp-Pq: Topic bugfix/x86
Gbp-Pq: Name platform-x86-ideapad-laptop-add-ideapad-v510-15ikb-t.patch

platform/x86: ideapad-laptop: Add Y720-15IKBN to no_hw_rfkill

Lenovo Legion Y720-15IKBN is yet another Lenovo model that does not
have an hw rfkill switch, resulting in wifi always reported as hard
blocked.

Add the model to the list of models without rfkill switch.

Signed-off-by: Olle Liljenzin <olle@liljenzin.se>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Gbp-Pq: Topic bugfix/x86
Gbp-Pq: Name platform-x86-ideapad-laptop-add-y720-15ikbn-to-no_hw.patch

platform/x86: ideapad-laptop: Add Y520-15IKBN to no_hw_rfkill

Lenovo Legion Y520-15IKBN is yet another Lenovo model that does not
have an hw rfkill switch, resulting in wifi always reported as hard
blocked.

Add the model to the list of models without rfkill switch.

Signed-off-by: Olle Liljenzin <olle@liljenzin.se>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Gbp-Pq: Topic bugfix/x86
Gbp-Pq: Name platform-x86-ideapad-laptop-add-y520-15ikbn-to-no_hw.patch

platform/x86: ideapad-laptop: Add IdeaPad V310-15ISK to no_hw_rfkill

Like other Lenovo models the IdeaPad V310-15ISK does not have an hw
rfkill switch. This results in hard-blocked radios after boot, resulting
in always blocked radios rendering them unusable.

Add the IdeaPad V310-15ISK to the no_hw_rfkill DMI list and allows using
the built-in radios.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Gbp-Pq: Topic bugfix/x86
Gbp-Pq: Name platform-x86-ideapad-laptop-add-ideapad-v310-15isk-t.patch

platform/x86: ideapad-laptop: Add IdeaPad 310-15IKB to no_hw_rfkill

Like other Lenovo models the IdeaPad 310-15IKB does not have an hw rfkill
switch. This results in hard-blocked radios after boot, resulting in
always blocked radios rendering them unusable.

Add the IdeaPad 310-15IKB to the no_hw_rfkill DMI list and allows using
the built-in radios.

Signed-off-by: Sven Rebhan <Sven.Rebhan@googlemail.com>
[andy: massaged commit message]
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Gbp-Pq: Topic bugfix/x86
Gbp-Pq: Name platform-x86-ideapad-laptop-add-ideapad-310-15ikb-to.patch

ARM: dts: kirkwood: Fix SATA pinmux-ing for TS419

The old board code for the TS419 assigns MPP pins 15 and 16 as SATA
activity signals (and none as SATA presence signals). Currently the
device tree assigns the SoC's default pinmux groups for SATA, which
conflict with the second Ethernet port.

Reported-by: gmbh@gazeta.pl
Tested-by: gmbh@gazeta.pl
References: https://bugs.debian.org/855017
Cc: stable@vger.kernel.org # 3.15+
Fixes: 934b524b3f49 ("ARM: Kirkwood: Add DT description of QNAP 419")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/arm
Gbp-Pq: Name arm-dts-kirkwood-fix-sata-pinmux-ing-for-ts419.patch

Don't WARN about expected W+X pages on Xen

Currently Xen PV domains (or at least dom0) on amd64 tend to have a
large number of low kernel pages with W+X permissions. It's not
obvious how to fix this, and we're not going to get any new
information by WARNing about this, but we do still want to hear about
other W+X cases. So add a condition to the WARN_ON.

Gbp-Pq: Topic debian
Gbp-Pq: Name amd64-don-t-warn-about-expected-w+x-pages-on-xen.patch

btrfs: warn about RAID5/6 being experimental at mount time

Too many people come complaining about losing their data -- and indeed,
there's no warning outside a wiki and the mailing list tribal knowledge.
Message severity chosen for consistency with XFS -- "alert" makes dmesg
produce nice red background which should get the point across.

Signed-off-by: Adam Borowski <kilobyte@angband.pl>
[bwh: Also add_taint() so this is flagged in bug reports]

Gbp-Pq: Topic debian
Gbp-Pq: Name btrfs-warn-about-raid5-6-being-experimental-at-mount.patch

fanotify: Taint on use of FANOTIFY_ACCESS_PERMISSIONS

Various free and proprietary AV products use this feature and users
apparently want it. But punting access checks to userland seems like
an easy way to deadlock the system, and there will be nothing we can
do about that. So warn and taint the kernel if this feature is
actually used.

Gbp-Pq: Topic debian
Gbp-Pq: Name fanotify-taint-on-use-of-fanotify_access_permissions.patch

fjes: Disable auto-loading

fjes matches a generic ACPI device ID, and relies on its probe
function to distinguish whether that really corresponds to a supported
device. Very few system will need the driver and it wastes memory on
all the other systems where the same device ID appears, so disable
auto-loading.

Gbp-Pq: Topic debian
Gbp-Pq: Name fjes-disable-autoload.patch

viafb: Autoload on OLPC XO 1.5 only

It appears that viafb won't work automatically on all the boards for
which it has a PCI device ID match. Currently, it is blacklisted by
udev along with most other framebuffer drivers, so this doesn't matter
much.

However, this driver is required for console support on the XO 1.5.
We need to allow it to be autoloaded on this model only, and then
un-blacklist it in udev.

Gbp-Pq: Topic bugfix/x86
Gbp-Pq: Name viafb-autoload-on-olpc-xo1.5-only.patch

snd-pcsp: Disable autoload

There are two drivers claiming the platform:pcspkr device:
- pcspkr creates an input(!) device that can only beep
- snd-pcsp creates an equivalent input device plus a PCM device that can
  play barely recognisable renditions of sampled sound

snd-pcsp is blacklisted by the alsa-base package, but not everyone
installs that.  On PCs where no sound is wanted at all, both drivers
will still be loaded and one or other will complain that it couldn't
claim the relevant I/O range.

In case anyone finds snd-pcsp useful, we continue to build it.  But
remove the alias, to ensure it's not loaded where it's not wanted.

Gbp-Pq: Topic debian
Gbp-Pq: Name snd-pcsp-disable-autoload.patch

cdc_ncm,cdc_mbim: Use NCM by default

Devices that support both NCM and MBIM modes should be kept in NCM
mode unless there is userland support for MBIM.

Set the default value of cdc_ncm.prefer_mbim to false and leave it to
userland (modem-manager) to override this with a modprobe.conf file
once it's ready to speak MBIM.

Gbp-Pq: Topic debian
Gbp-Pq: Name cdc_ncm-cdc_mbim-use-ncm-by-default.patch

security,perf: Allow further restriction of perf_event_open

When kernel.perf_event_open is set to 3 (or greater), disallow all
access to performance events by users without CAP_SYS_ADMIN.
Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that
makes this value the default.

This is based on a similar feature in grsecurity
(CONFIG_GRKERNSEC_PERF_HARDEN). This version doesn't include making
the variable read-only. It also allows enabling further restriction
at run-time regardless of whether the default is changed.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/all
Gbp-Pq: Name security-perf-allow-further-restriction-of-perf_event_open.patch

add sysctl to disallow unprivileged CLONE_NEWUSER by default

add sysctl to disallow unprivileged CLONE_NEWUSER by default

This is a short-term patch. Unprivileged use of CLONE_NEWUSER
is certainly an intended feature of user namespaces. However
for at least saucy we want to make sure that, if any security
issues are found, we have a fail-safe.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
[bwh: Remove unneeded binary sysctl bits]

Gbp-Pq: Topic debian
Gbp-Pq: Name add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch

yama: Disable by default

Gbp-Pq: Topic debian
Gbp-Pq: Name yama-disable-by-default.patch

sched: Do not enable autogrouping by default

We want to provide the option of autogrouping but without enabling
it by default yet.

Gbp-Pq: Topic debian
Gbp-Pq: Name sched-autogroup-disabled.patch

fs: Enable link security restrictions by default

This reverts commit 561ec64ae67ef25cac8d72bb9c4bfc955edfd415
('VFS: don't do protected {sym,hard}links by default').

Gbp-Pq: Topic debian
Gbp-Pq: Name fs-enable-link-security-restrictions-by-default.patch

dccp: Disable auto-loading as mitigation against local exploits

We can mitigate the effect of vulnerabilities in obscure protocols by
preventing unprivileged users from loading the modules, so that they
are only exploitable on systems where the administrator has chosen to
load the protocol.

The 'dccp' protocol is not actively maintained or widely used.
Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name dccp-disable-auto-loading-as-mitigation-against-local-exploits.patch

decnet: Disable auto-loading as mitigation against local exploits

Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.

The 'decnet' protocol is unmaintained and of mostly historical
interest, and the user-space support package 'dnet-common' loads the
module explicitly. Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name decnet-Disable-auto-loading-as-mitigation-against-lo.patch

rds: Disable auto-loading as mitigation against local exploits

Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.

The 'rds' protocol is one such protocol that has been found to be
vulnerable, and which was not present in the 'lenny' kernel.
Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name rds-Disable-auto-loading-as-mitigation-against-local.patch

af_802154: Disable auto-loading as mitigation against local exploits

Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.

The 'af_802154' (IEEE 802.15.4) protocol is not widely used, was
not present in the 'lenny' kernel, and seems to receive only sporadic
maintenance. Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name af_802154-Disable-auto-loading-as-mitigation-against.patch

SPDX-License-Identifier: GPL-2.0

Patch headers added by debian/patches/features/all/aufs4/gen-patch

SPDX-License-Identifier: GPL-2.0
aufs4.x-rcN standalone patch

Gbp-Pq: Topic features/all/aufs4
Gbp-Pq: Name aufs4-standalone.patch

SPDX-License-Identifier: GPL-2.0

Patch headers added by debian/patches/features/all/aufs4/gen-patch

SPDX-License-Identifier: GPL-2.0
aufs4.x-rcN mmap patch

Gbp-Pq: Topic features/all/aufs4
Gbp-Pq: Name aufs4-mmap.patch

SPDX-License-Identifier: GPL-2.0

Patch headers added by debian/patches/features/all/aufs4/gen-patch

SPDX-License-Identifier: GPL-2.0
aufs4.x-rcN base patch

Gbp-Pq: Topic features/all/aufs4
Gbp-Pq: Name aufs4-base.patch

radeon: Firmware is required for DRM and KMS on R600 onward

radeon requires firmware/microcode for the GPU in all chips, but for
newer chips (apparently R600 'Evergreen' onward) it also expects
firmware for the memory controller and other sub-blocks.

radeon attempts to gracefully fall back and disable some features if
the firmware is not available, but becomes unstable - the framebuffer
and/or system memory may be corrupted, or the display may stay black.

Therefore, perform a basic check for the existence of
/lib/firmware/radeon when a device is probed, and abort if it is
missing, except for the pre-R600 case.

Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name radeon-firmware-is-required-for-drm-and-kms-on-r600-onward.patch

firmware: Remove redundant log messages from drivers

Now that firmware_class logs every success and failure consistently,
many other log messages can be removed from drivers.

This will probably need to be split up into multiple patches prior to
upstream submission.

Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name firmware-remove-redundant-log-messages-from-drivers.patch

firmware_class: Log every success and failure against given device

The hundreds of users of request_firmware() have nearly as many
different log formats for reporting failures.  They also have only the
vaguest hint as to what went wrong; only firmware_class really knows
that.  Therefore, add specific log messages for the failure modes that
aren't currently logged.

In case of a driver that tries multiple names, this may result in the
impression that it failed to initialise.  Therefore, also log successes.

This makes many error messages in drivers redundant, which will be
removed in later patches.

This does not cover the case where we fall back to a user-mode helper
(which is no longer enabled in Debian).

NOTE: hw-detect will depend on the "firmware: failed to load %s (%d)\n"
format to detect missing firmware.

Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name firmware_class-log-every-success-and-failure.patch

iwlwifi: Do not request unreleased firmware for IWL6000

The iwlwifi driver currently supports firmware API versions 4-6 for
these devices.  It will request the file for the latest supported
version and then fall back to earlier versions.  However, the latest
version that has actually been released is 4, so we expect the
requests for versions 6 and then 5 to fail.

The installer appears to report any failed request, and it is probably
not easy to detect that this particular failure is harmless.  So stop
requesting the unreleased firmware.

Gbp-Pq: Topic debian
Gbp-Pq: Name iwlwifi-do-not-request-unreleased-firmware.patch

af9005: Use request_firmware() to load register init script

Read the register init script from the Windows driver. This is sick
but should avoid the potential copyright infringement in distributing
a version of the script which is directly derived from the driver.

Gbp-Pq: Topic features/all
Gbp-Pq: Name drivers-media-dvb-usb-af9005-request_firmware.patch

Install perf scripts non-executable

[bwh: Forward-ported to 4.13]

Gbp-Pq: Topic debian
Gbp-Pq: Name tools-perf-install.patch

Create manpages and binaries including the version

[bwh: Fix version insertion in perf man page cross-references and perf
man page title. Install bash_completion script for perf with a
version-dependent name. And do the same for trace.]

Gbp-Pq: Topic debian
Gbp-Pq: Name tools-perf-version.patch

modpost symbol prefix setting

[bwh: The original version of this was added by Bastian Blank. The
upstream code includes <generated/autoconf.h> so that <linux/export.h>
can tell whether C symbols have an underscore prefix. Since we build
modpost separately from the kernel, <generated/autoconf.h> won't exist.
However, no Debian Linux architecture uses the symbol prefix, so we
can simply omit it.]

Gbp-Pq: Topic debian
Gbp-Pq: Name modpost-symbol-prefix.patch

Kbuild: kconfig: Verbose version of --listnewconfig

If the KBUILD_VERBOSE environment variable is set to non-zero, show
the default values of new symbols and not just their names.

Based on work by Bastian Blank <waldi@debian.org> and
maximilian attems <max@stro.at>. Simplified by Michal Marek
<mmarek@suse.cz>.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/all
Gbp-Pq: Name Kbuild-kconfig-Verbose-version-of-listnewconfig.patch

powerpcspe-omit-uimage

Gbp-Pq: Topic debian
Gbp-Pq: Name powerpcspe-omit-uimage.patch

Fix uImage build

[bwh: This was added without a description, but I think it is dealing
with a similar issue to powerpcspe-omit-uimage.patch]

Gbp-Pq: Topic debian
Gbp-Pq: Name arch-sh4-fix-uimage-build.patch

Partially revert "MIPS: Add -Werror to arch/mips/Kbuild"

This reverts commits 66f9ba101f54bda63ab1db97f9e9e94763d0651b and
5373633cc9253ba82547473e899cab141c54133e.

We really don't want to add -Werror anywhere.

Gbp-Pq: Topic debian
Gbp-Pq: Name mips-disable-werror.patch

Tweak gitignore for Debian pkg-kernel using git svn.

[bwh: Tweak further for pure git]

Gbp-Pq: Topic debian
Gbp-Pq: Name gitignore.patch

kbuild: Make the toolchain variables easily overwritable

Allow make variables to be overridden for each flavour by a file in
the build tree, .kernelvariables.

We currently use this for ARCH, KERNELRELEASE, CC, and in some cases
also CROSS_COMPILE, CFLAGS_KERNEL and CFLAGS_MODULE.

This file can only be read after we establish the build tree, and all
use of $(ARCH) needs to be moved after this.

Gbp-Pq: Topic debian
Gbp-Pq: Name kernelvariables.patch

Make mkcompile_h accept an alternate timestamp string

We want to include the Debian version in the utsname::version string
instead of a full timestamp string. However, we still need to provide
a standard timestamp string for gen_initramfs_list.sh to make the
kernel image reproducible.

Make mkcompile_h use $KBUILD_BUILD_VERSION_TIMESTAMP in preference to
$KBUILD_BUILD_TIMESTAMP.

Gbp-Pq: Topic debian
Gbp-Pq: Name uname-version-timestamp.patch

Include package version along with kernel release in stack traces

For distribution binary packages we assume
$DISTRIBUTION_OFFICIAL_BUILD, $DISTRIBUTOR and $DISTRIBUTION_VERSION
are set.

Gbp-Pq: Topic debian
Gbp-Pq: Name version.patch

linux (4.15.4-1) unstable; urgency=medium

  * New upstream release: https://kernelnewbies.org/Linux_4.15
  * New upstream stable update:
    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.1
    - Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops
    - tools/gpio: Fix build error with musl libc
    - gpio: stmpe: i2c transfer are forbiden in atomic context
    - gpio: Fix kernel stack leak to userspace
    - scsi: storvsc: missing error code in storvsc_probe()
    - staging: lustre: separate a connection destroy from free struct kib_conn
    - staging: ccree: NULLify backup_info when unused
    - staging: ccree: fix fips event irq handling build
    - usb: option: Add support for FS040U modem
    - serial: 8250_dw: Revert "Improve clock rate setting"
  * New upstream stable update:
    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.2
    - [x86] KVM: Make indirect calls in emulator speculation safe
    - [x86] KVM: VMX: Make indirect call speculation safe
    - module/retpoline: Warn about missing retpoline in module
    - [x86] cpufeatures: Add CPUID_7_EDX CPUID leaf
    - [x86] cpufeatures: Add Intel feature bits for Speculation Control
    - [x86] cpufeatures: Add AMD feature bits for Speculation Control
    - [x86] msr: Add definitions for new speculation control MSRs
    - [x86] pti: Do not enable PTI on CPUs which are not vulnerable to
      Meltdown
    - [x86] cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2
      microcodes
    - [x86] speculation: Add basic IBPB (Indirect Branch Prediction Barrier)
      support
    - [x86] alternative: Print unadorned pointers
    - [x86] nospec: Fix header guards names
    - [x86] bugs: Drop one "mitigation" from dmesg
    - [x86] cpu/bugs: Make retpoline module warning conditional
    - [x86] cpufeatures: Clean up Spectre v2 related CPUID flags
    - [x86] retpoline: Simplify vmexit_fill_RSB()
    - [x86] speculation: Simplify indirect_branch_prediction_barrier()
    - [x86] KVM: nVMX: Eliminate vmcs02 pool
    - [x86] KVM: VMX: introduce alloc_loaded_vmcs
    - objtool: Improve retpoline alternative handling
    - objtool: Add support for alternatives at the end of a section
    - objtool: Warn on stripped section symbol
    - [x86] mm: Fix overlap of i386 CPU_ENTRY_AREA with FIX_BTMAP
    - [x86] spectre: Check CONFIG_RETPOLINE in command line parser
    - [x86] entry/64: Remove the SYSCALL64 fast path
    - [x86] entry/64: Push extra regs right away
    - [x86] asm: Move 'status' from thread_struct to thread_info
    - Documentation: Document array_index_nospec
    - array_index_nospec: Sanitize speculative array de-references
    - [x86] Implement array_index_mask_nospec
    - [x86] Introduce barrier_nospec
    - [x86] Introduce __uaccess_begin_nospec() and uaccess_try_nospec
    - [x86] usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
    - [x86] uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
    - [x86] get_user: Use pointer masking to limit speculation
    - [x86] syscall: Sanitize syscall table de-references under speculation
    - vfs, fdtable: Prevent bounds-check bypass via speculative execution
    - nl80211: Sanitize array index in parse_txq_params
    - [x86] spectre: Report get_user mitigation for spectre_v1
    - [x86] spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
    - [x86] cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
    - [x86] speculation: Use Indirect Branch Prediction Barrier in context
      switch
    - [x86] paravirt: Remove 'noreplace-paravirt' cmdline option
    - [x86] KVM: VMX: make MSR bitmaps per-VCPU
    - [x86] kvm: Update spectre-v1 mitigation
    - [x86] retpoline: Avoid retpolines for built-in __init functions
    - [x86] spectre: Simplify spectre_v2 command line parsing
    - [x86] pti: Mark constant arrays as __initconst
    - [x86] speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
    - [x86] KVM: Update the reverse_cpuid list to include CPUID_7_EDX
    - [x86] KVM: Add IBPB support
    - [x86] KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES
    - [x86] KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL
    - [x86] KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL
    - serial: core: mark port as initialized after successful IRQ change
    - fpga: region: release of_parse_phandle nodes after use
  * New upstream stable update:
    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.3
    - ip6mr: fix stale iterator
    - net: igmp: add a missing rcu locking section
    - qlcnic: fix deadlock bug
    - qmi_wwan: Add support for Quectel EP06
    - r8169: fix RTL8168EP take too long to complete driver initialization.
    - tcp: release sk_frag.page in tcp_disconnect
    - vhost_net: stop device during reset owner
    - ipv6: addrconf: break critical section in addrconf_verify_rtnl()
    - ipv6: change route cache aging logic
    - Revert "defer call to mem_cgroup_sk_alloc()"
    - net: ipv6: send unsolicited NA after DAD
    - rocker: fix possible null pointer dereference in
      rocker_router_fib_event_work
    - tcp_bbr: fix pacing_gain to always be unity when using lt_bw
    - cls_u32: add missing RCU annotation.
    - ipv6: Fix SO_REUSEPORT UDP socket with implicit sk_ipv6only
    - soreuseport: fix mem leak in reuseport_add_sock()
    - net_sched: get rid of rcu_barrier() in tcf_block_put_ext()
    - net: sched: fix use-after-free in tcf_block_put_ext
    - crypto: tcrypt - fix S/G table for test_aead_speed()
  * New upstream stable update:
    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.4
    - cifs: Fix missing put_xid in cifs_file_strict_mmap
    - cifs: Fix autonegotiate security settings mismatch
    - CIFS: zero sensitive data when freeing
    - cpufreq: mediatek: add mediatek related projects into blacklist
    - [arm64] watchdog: gpio_wdt: set WDOG_HW_RUNNING in gpio_wdt_stop
    - Revert "drm/i915: mark all device info struct with __initconst"
    - sched/rt: Use container_of() to get root domain in
      rto_push_irq_work_func()
    - sched/rt: Up the root domain ref count when passing it around via IPIs
    - [arm64] mm: Use non-global mappings for kernel space
    - [arm64] mm: Temporarily disable ARM64_SW_TTBR0_PAN
    - [arm64] mm: Move ASID from TTBR0 to TTBR1
    - [arm64] mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003
    - [arm64] mm: Rename post_ttbr0_update_workaround
    - [arm64] mm: Fix and re-enable ARM64_SW_TTBR0_PAN
    - [arm64] mm: Allocate ASIDs in pairs
    - [arm64] mm: Add arm64_kernel_unmapped_at_el0 helper
    - [arm64] mm: Invalidate both kernel and user ASIDs when performing TLBI
    - [arm64] entry: Add exception trampoline page for exceptions from EL0
    - [arm64] mm: Map entry trampoline into trampoline and kernel page tables
    - [arm64] entry: Explicitly pass exception level to kernel_ventry macro
    - [arm64] entry: Hook up entry trampoline to exception vectors
    - [arm64] erratum: Work around Falkor erratum #E1003 in trampoline code
    - [arm64] cpu_errata: Add Kryo to Falkor 1003 errata
    - [arm64] tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks
    - [arm64] entry: Add fake CPU feature for unmapping the kernel at EL0
    - [arm64] kaslr: Put kernel vectors address in separate data page
    - [arm64] use RET instruction for exiting the trampoline
    - [arm64] Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0
    - [arm64] Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry
    - [arm64] Take into account ID_AA64PFR0_EL1.CSV3
    - [arm64] capabilities: Handle duplicate entries for a capability
    - [arm64] mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR
    - [arm64] kpti: Fix the interaction between ASID switching and software PAN
    - [arm64] cputype: Add MIDR values for Cavium ThunderX2 CPUs
    - [arm64] Turn on KPTI only on CPUs that need it
    - [arm64] kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0()
    - [arm64] mm: Permit transitioning from Global to Non-Global without BBM
    - [arm64] kpti: Add ->enable callback to remap swapper using nG mappings
    - [arm64] Force KPTI to be disabled on Cavium ThunderX
    - [arm64] entry: Reword comment about post_ttbr_update_workaround
    - [arm64] idmap: Use "awx" flags for .idmap.text .pushsection directives
    - [arm64] barrier: Add CSDB macros to control data-value prediction
    - [arm64] Implement array_index_mask_nospec()
    - [arm64] Make USER_DS an inclusive limit
    - [arm64] Use pointer masking to limit uaccess speculation
    - [arm64] entry: Ensure branch through syscall table is bounded under
      speculation
    - [arm64] uaccess: Prevent speculative use of the current addr_limit
    - [arm64] uaccess: Don't bother eliding access_ok checks in __{get,
      put}_user
    - [arm64] uaccess: Mask __user pointers for __arch_{clear, copy_*}_user
    - [arm64] futex: Mask __user pointers prior to dereference
    - [arm64] cpufeature: __this_cpu_has_cap() shouldn't stop early
    - [arm64] Run enable method for errata work arounds on late CPUs
    - [arm64] cpufeature: Pass capability structure to ->enable callback
    - drivers/firmware: Expose psci_get_version through psci_ops structure
    - [arm64] Move post_ttbr_update_workaround to C code
    - [arm64] Add skeleton to harden the branch predictor against aliasing
      attacks
    - [arm64] Move BP hardening to check_and_switch_context
    - [arm64] KVM: Use per-CPU vector when BP hardening is enabled
    - [arm64] entry: Apply BP hardening for high-priority synchronous
      exceptions
    - [arm64] entry: Apply BP hardening for suspicious interrupts from EL0
    - [arm64] cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75
    - [arm64] Implement branch predictor hardening for affected Cortex-A CPUs
    - [arm64] Implement branch predictor hardening for Falkor
    - [arm64] Branch predictor hardening for Cavium ThunderX2
    - [arm64] KVM: Increment PC after handling an SMC trap
    - [armhf,arm64] KVM: Consolidate the PSCI include files
    - [armhf,arm64] KVM: Add PSCI_VERSION helper
    - [armhf,arm64] KVM: Add smccc accessors to PSCI code
    - [armhf,arm64] KVM: Implement PSCI 1.0 support
    - [armhf,arm64] KVM: Advertise SMCCC v1.1
    - [arm64] KVM: Make PSCI_VERSION a fast path
    - [armhf,arm64] KVM: Turn kvm_psci_version into a static inline
    - [arm64] KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support
    - [arm64] KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling
    - firmware/psci: Expose PSCI conduit
    - firmware/psci: Expose SMCCC version through psci_ops
    - arm/arm64: smccc: Make function identifiers an unsigned quantity
    - arm/arm64: smccc: Implement SMCCC v1.1 inline primitive
    - [arm64] Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support
    - [arm64] Kill PSCI_GET_VERSION as a variant-2 workaround
    - mtd: cfi: convert inline functions to macros
    - mtd: nand: brcmnand: Disable prefetch by default
    - mtd: nand: Fix nand_do_read_oob() return value
    - mtd: nand: sunxi: Fix ECC strength choice
    - ubi: Fix race condition between ubi volume creation and udev
    - ubi: fastmap: Erase outdated anchor PEBs during attach
    - ubi: block: Fix locking for idr_alloc/idr_remove
    - ubifs: free the encrypted symlink target
    - nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds
    - nfs41: do not return ENOMEM on LAYOUTUNAVAILABLE
    - NFS: Add a cond_resched() to nfs_commit_release_pages()
    - NFS: Fix nfsstat breakage due to LOOKUPP
    - NFS: commit direct writes even if they fail partially
    - NFS: reject request for id_legacy key without auxdata
    - NFS: Fix a race between mmap() and O_DIRECT
    - nfsd: Detect unhashed stids in nfsd4_verify_open_stid()
    - kernfs: fix regression in kernfs_fop_write caused by wrong type
    - ahci: Annotate PCI ids for mobile Intel chipsets as such
    - ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI
    - ahci: Add Intel Cannon Lake PCH-H PCI ID
    - crypto: hash - introduce crypto_hash_alg_has_setkey()
    - crypto: cryptd - pass through absence of ->setkey()
    - crypto: mcryptd - pass through absence of ->setkey()
    - crypto: poly1305 - remove ->setkey() method
    - crypto: hash - annotate algorithms taking optional key
    - crypto: hash - prevent using keyed hashes without setting key
    - media: v4l2-ioctl.c: use check_fmt for enum/g/s/try_fmt
    - media: v4l2-ioctl.c: don't copy back the result for -ENOTTY
    - media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF
    - media: v4l2-compat-ioctl32.c: fix the indentation
    - media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32
    - media: v4l2-compat-ioctl32.c: avoid sizeof(type)
    - media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32
    - media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer
    - media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32
    - media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type
    - media: v4l2-compat-ioctl32.c: don't copy back the result for certain errors
    - media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic
    - media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs
    - crypto: caam - fix endless loop when DECO acquire fails
    - crypto: sha512-mb - initialize pending lengths correctly
    - crypto: talitos - fix Kernel Oops on hashing an empty file
    - [armhf,arm64 KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
    - [x86] KVM: nVMX: Fix races when sending nested PI while dest
      enters/leaves L2
    - [x86] KVM: nVMX: Fix bug of injecting L2 exception into L1
    - [powerpc*] KVM: PPC: Book3S HV: Make sure we don't re-enter guest
      without XIVE loaded
    - [powerpc*] KVM: PPC: Book3S HV: Drop locks before reading guest memory
    - [armhf,arm64] KVM: Handle CPU_PM_ENTER_FAILED
    - [powerpc*] KVM: PPC: Book3S PR: Fix broken select due to misspelling
    - watchdog: imx2_wdt: restore previous timeout after suspend+resume
    - afs: Add missing afs_put_cell()
    - afs: Need to clear responded flag in addr cursor
    - afs: Fix missing cursor clearance
    - afs: Fix server list handling
    - btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker
    - Btrfs: raid56: iterate raid56 internal bio with bio_for_each_segment_all
    - kasan: don't emit builtin calls when sanitization is off
    - kasan: rework Kconfig settings
    - media: dvb_frontend: be sure to init dvb_frontend_handle_ioctl() return
      code
    - media: dvb-frontends: fix i2c access helpers for KASAN
    - media: dt-bindings/media/cec-gpio.txt: mention the CEC/HPD max voltages
    - media: ts2020: avoid integer overflows on 32 bit machines
    - media: vivid: fix module load error when enabling fb and no_error_inj=1
    - media: cxusb, dib0700: ignore XC2028_I2C_FLUSH
    - fs/proc/kcore.c: use probe_kernel_read() instead of memcpy()
    - kernel/async.c: revert "async: simplify lowest_in_progress()"
    - kernel/relay.c: revert "kernel/relay.c: fix potential memory leak"
    - pipe: actually allow root to exceed the pipe buffer limits
    - pipe: fix off-by-one error when checking buffer limits
    - HID: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working
    - Bluetooth: btsdio: Do not bind to non-removable BCM43341
    - Revert "Bluetooth: btusb: fix QCA Rome suspend/resume"
    - Bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten"
      version
    - ipmi: use dynamic memory for DMI driver override
    - signal/openrisc: Fix do_unaligned_access to send the proper signal
    - signal/sh: Ensure si_signo is initialized in do_divide_error
    - alpha: fix crash if pthread_create races with signal delivery
    - alpha: osf_sys.c: fix put_tv32 regression
    - alpha: Fix mixed up args in EXC macro in futex operations
    - alpha: fix reboot on Avanti platform
    - alpha: fix formating of stack content
    - xtensa: fix futex_atomic_cmpxchg_inatomic
    - EDAC, octeon: Fix an uninitialized variable warning
    - genirq: Make legacy autoprobing work again
    - pinctrl: intel: Initialize GPIO properly when used through irqchip
    - pinctrl: mcp23s08: fix irq setup order
    - pinctrl: sx150x: Unregister the pinctrl on release
    - pinctrl: sx150x: Register pinctrl before adding the gpiochip
    - pinctrl: sx150x: Add a static gpio/pinctrl pin range mapping
    - pktcdvd: Fix pkt_setup_dev() error path
    - pktcdvd: Fix a recently introduced NULL pointer dereference
    - blk-mq: quiesce queue before freeing queue
    - clocksource/drivers/stm32: Fix kernel panic with multiple timers
    - lib/ubsan.c: s/missaligned/misaligned/
    - lib/ubsan: add type mismatch handler for new GCC/Clang
    - objtool: Fix switch-table detection
    - [arm64] dts: marvell: add Ethernet aliases
    - drm/i915: Avoid PPS HW/SW state mismatch due to rounding
    - ACPI: sbshc: remove raw pointer from printk() message (CVE-2018-5750)
    - acpi, nfit: fix register dimm error handling
    - ovl: force r/o mount when index dir creation fails
    - ovl: fix failure to fsync lower dir
    - ovl: take mnt_want_write() for work/index dir setup
    - ovl: take mnt_want_write() for removing impure xattr
    - ovl: hash directory inodes for fsnotify
    - devpts: fix error handling in devpts_mntget()
    - ftrace: Remove incorrect setting of glob search field
    - scsi: core: Ensure that the SCSI error handler gets woken up
    - scsi: lpfc: Fix crash after bad bar setup on driver attachment
    - scsi: cxlflash: Reset command ioasc
    - rcu: Export init_rcu_head() and destroy_rcu_head() to GPL modules

  [ Bastian Blank ]
  * Add cloud-amd64 kernel flavour.
    - Support Microsoft Azure.
    - Support Amazon EC2.
    - Support Google Compute Engine.
  * Enable NUMA_BALANCING_DEFAULT_ENABLED, enabled by all others.
  * Enable INET_ESP_OFFLOAD, INET6_ESP_OFFLOAD, IPV6_SEG6_LWTUNNEL,
    IPV6_SEG6_HMAC, NF_LOG_NETDEV, IP_SET_HASH_IPMAC, NET_ACT_SAMPLE,
    IPVTAP, VIRTIO_MMIO, CRYPTO_RSA, CRYPTO_DH, CRYPTO_ECDH.
  * x86: Enable SCHED_MC_PRIO, HYPERV_VSOCKETS.
  * Enable NVME_MULTIPATH, NVME_FC, NVME_TARGET_FC, move nvme module into
    scsi-modules installer udeb.
  * Switch to SLUB as kernel allocator. (Closes: #862718)
    - Enable SLUB_DEBUG, SLAB_FREELIST_HARDENED except on armel/marvell.
      (Closes: #883069)
  * Fix building of liblockdep.

  [ Uwe Kleine-König ]
  * [arm64] enable I2C_PXA for espressobin (Closes: #886983)

  [ Ben Hutchings ]
  * Enable CGROUP_BPF (except for armel) (Closes: #872560)
  * usb: Enable USBIP_CORE, USBIP_VHCI_HCD, USBIP_HOST, USBIP_VUDC as
    modules on all architectures (Closes: #888042)
  * [x86] Rewrite "Make x32 syscall support conditional on a kernel parameter"
    to use a static key

  [ Salvatore Bonaccorso ]
  * (Temporarily) disable armel kernel image build.
    The armel/marvell kernel size is growing to large and the compressed
    image is over the limit.
    Given the armel architecture will most likely not be part of Buster,
    disable the image build.
    Cf. https://lists.debian.org/debian-kernel/2018/01/msg00278.html
  * Set ABI to 1

[dgit import unpatched linux 4.15.4-1]

Import linux_4.15.4.orig.tar.xz

[dgit import orig linux_4.15.4.orig.tar.xz]

Import linux_4.15.4-1.debian.tar.xz

[dgit import tarball linux 4.15.4-1 linux_4.15.4-1.debian.tar.xz]