debian-packaging
/
linux
8
0
Fork 0
Code Releases Activity
13,921 Commits 2 Branches 0 Tags 493 MiB
Commit Graph

3145 Commits

Author SHA1 Message Date
Steve McIntyre 2c3b28ea8f [arm64] Improve support for the Huawei TaiShan server platform 
Closes: #930554

Enable the HNS/ROCE Infiniband driver

Backport fixes from 4.20 and 4.21 for HNS3 networking, hisi_sas SAS
and HNS/ROCE Infiniband

Signed-off-by: Steve McIntyre <93sam@debian.org>
 2019-06-23 10:58:07 +01:00
Romain Perier d2962338d6 [sparc64] Fix device naming inconsistency between sunhv_console and sunhv_reg (Closes: #926539) 2019-06-19 16:30:43 +02:00
Ben Hutchings 8533f7d9e6 tcp: Avoid ABI change for DoS fixes 2019-06-18 11:43:52 +01:00
Ben Hutchings 1e253edaa7 Add TCP DoS fixes 2019-06-17 19:46:08 +01:00
Ben Hutchings 4ea468554d mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (CVE-2019-10126) 2019-06-17 19:32:38 +01:00
Ben Hutchings e5664e23f5 mm/mincore.c: make mincore() more conservative (CVE-2019-5489) 2019-06-17 19:29:35 +01:00
Ben Hutchings 1894e89399 mwifiex: Don't abort on small, spec-compliant vendor IEs 2019-06-17 19:29:14 +01:00
Ben Hutchings 70b1e1a8fa mwifiex: Abort at too short BSS descriptor element 2019-06-17 19:25:01 +01:00
Ben Hutchings 54fa813858 mwifiex: Fix possible buffer overflows at parsing bss descriptor (CVE-2019-3846) 2019-06-17 19:24:10 +01:00
Aurelien Jarno cbcfb20ce0 [mips] Correctly bounds check virt_addr_valid (Closes: #929366) 2019-06-09 00:06:52 +02:00
Salvatore Bonaccorso 3b44df1499 Bluetooth: hidp: fix buffer overflow (CVE-2019-11884) 2019-06-07 15:25:30 +02:00
Salvatore Bonaccorso 8910626bca ext4: zero out the unused memory region in the extent tree block (CVE-2019-11833) 2019-06-07 14:53:07 +02:00
Salvatore Bonaccorso 23527ae20b brcmfmac: add subtype check for event handling in data path (CVE-2019-9503) 2019-06-07 14:49:05 +02:00
Salvatore Bonaccorso 8970aaa563 brcmfmac: assure SSID length from firmware is limited (CVE-2019-9500) 2019-06-07 14:43:58 +02:00
Ben Hutchings 9329ccdf87 [powerpc*] 64s: Include cpu header (fixes FTBFS) 2019-05-15 23:07:44 +01:00
Ben Hutchings 1565dc00f4 [x86] Mitigate Microarchitectural Data Sampling (MDS) vulnerabilities 
Together with a microcode update, this mitigates CVE-2018-12126,
CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091.
 2019-05-10 12:03:12 +01:00
Ben Hutchings ece5b4e4cd mm,fs: Prevent page refcount overflow (CVE-2019-11487) 2019-05-05 15:44:05 +01:00
Ben Hutchings 83f5e0f1ef tracing: Fix buffer_ref pipe ops 
This is preparation for fixing CVE-2019-11487.
 2019-05-05 15:42:32 +01:00
Ben Hutchings 4f3fa1e296 aio: Apply fixes from 4.19.38 (CVE-2019-10125) 2019-05-05 15:41:31 +01:00
Salvatore Bonaccorso 55a23e404a [amd64,arm64] vfio/type1: Limit DMA mappings per container (CVE-2019-3882) 2019-05-05 16:06:15 +02:00
Ben Hutchings 2c62d20848 MODSIGN: Make shash allocation failure fatal 2019-05-05 13:47:00 +01:00
Luca Boccassi 643cc8a41c Add patches to enable loading dbx and MOKX blacklists 
Import patches from:

https://lore.kernel.org/patchwork/cover/933178/

that allow to also load dbx and MOKX as blacklists for modules.
These patches also disable loading MOK/MOKX when secure boot is
not enabled, as the variables will not be safe, and to check the
variables attributes before accepting them.
 2019-05-02 23:04:18 +01:00
Luca Boccassi 188df85f5b Add patches to enable loading db and MOK keys 
Import patches from:

http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-uefi

that enable a new option that automatically loads keys from db
and MOK into the secondary keyring, so that they can be used to
verify the signature of kernel modules. Enable the required KCONFIGs.
Allows users to self-sign modules (eg: dkms).
 2019-05-02 22:59:42 +01:00
Ben Hutchings 7ebc9f9504 Update to 4.19.37 
* Refresh/drop patches as appropriate
 2019-04-28 18:55:53 +01:00
Salvatore Bonaccorso ad494c2131 tty: mark Siemens R3964 line discipline as BROKEN (CVE-2019-11486) 2019-04-26 16:11:56 +02:00
Salvatore Bonaccorso 1c6240e692 inotify: Fix fsnotify_mark refcount leak in inotify_update_existing_watch() (CVE-2019-9857) 2019-04-26 14:54:14 +02:00
Ben Hutchings cda3581467 ntfs: Mark it as broken, and add CVE IDs that are being closed 2019-04-25 15:35:56 +01:00
Aurelien Jarno 223d2f61ad [mips] Fix indirect syscall tracing & seccomp filtering for big endian MIPS64 kernels with 32-bit userland. 2019-04-23 19:35:04 +02:00
Ben Hutchings fb4777ce47 lockdown: Refer to Debian wiki until manual page exists 2019-04-21 00:22:20 +01:00
Salvatore Bonaccorso 2dff862341 ACPICA: Namespace: remove address node from global list after method termination 2019-04-19 21:06:18 +02:00
Salvatore Bonaccorso 4eef18f8b7 xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (CVE-2015-8553) 2019-04-14 22:39:31 +02:00
Luca Boccassi 5a39ad2910 Generate and install libbpf.pc 
Backport patch from bpf-next and install libbpf.pc in libbpf-dev
 2019-04-11 23:15:22 +01:00
Ben Hutchings 502148bb02 [armhf,arm64[ Revert "net: stmmac: Send TSO packets always from Queue 0" 2019-04-09 01:05:01 +01:00
Ben Hutchings 821ec1b181 Update to 4.19.34 
* Drop/refresh patches as appropriate
 2019-04-09 00:27:06 +01:00
Ben Hutchings 6039118f59 [powerpc*] vdso: Make vdso32 installation conditional in vdso_install 
Closes: #785065

This finally removes the need for the ppc64el compiler to support
32-bit code generation, and removes a useless file from debug
packages on ppc64el.
 2019-03-22 04:28:49 +00:00
Ben Hutchings 20351317dd [x86] Drop fix for #865303, which no longer affects Debian's OpenJDK 
This workaround is no longer needed for Debian's OpenJDK packages:

* OpenJDK 7 is unfixed (bug #876068) but is not present in stretch or
  later suites
* OpenJDK 8 was fixed in unstable (bug #876051) and the fix was then
  included in a stretch security update
* OpenJDK 9 and later were fixed (bug #876069)

The workaround was never applied upstream and it also doesn't seem
like a good idea to have a Debian-specific VM quirk that weakens the
defence against Stack Clash.  Therefore drop it now rather than
including it in another release.
 2019-03-13 18:37:35 +00:00
YunQiang Su 2357044444 [mipsel/mips64el] Backport loongson workarounds 
MIPS: Loongson: Introduce and use loongson_llsc_mb()
 2019-03-06 21:15:23 +08:00
Marcin Juszkiewicz 37e6c11924 update to 4.19.24 2019-03-05 14:28:55 +01:00
Marcin Juszkiewicz 4a0b4cb79e update to 4.19.21 2019-03-05 14:28:55 +01:00
Vagrant Cascadian 5cb904c8a9 [arm64] Add patch from v4.20 to enable device-tree for Pine64-LTS. 2019-03-04 07:56:07 -08:00
Salvatore Bonaccorso 76a21e66e3 Btrfs: fix corruption reading shared and compressed extents after hole punching 
Closes: #922306
 2019-02-26 21:06:35 +01:00
Vagrant Cascadian 357888c75c [arm64] Add patch from next-20190215 working around A64 timer issues. 2019-02-16 23:43:14 -08:00
Vagrant Cascadian 3f699085ff [armhf] Add patch from upstream fixing cpufreq on Orange Pi Plus. 2019-02-16 19:54:39 -08:00
Ben Hutchings 1d80b19d87 mt76: Use the correct hweight8() function (fixes FTBFS on ia64) 2019-02-12 15:39:34 +00:00
Salvatore Bonaccorso 5019a8394c HID: debug: fix the ring buffer implementation (CVE-2019-3819) 2019-02-09 15:14:06 +01:00
Salvatore Bonaccorso 00224672bb [x86] KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221) 2019-02-08 10:32:39 +01:00
Salvatore Bonaccorso fb1b32a316 [x86] KVM: work around leak of uninitialized stack contents (CVE-2019-7222) 2019-02-08 10:18:28 +01:00
Salvatore Bonaccorso 71aa687bf8 kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974) 2019-02-08 10:01:58 +01:00
Ben Hutchings f6cfd5f990 Merge branch 'hrw-guest/linux-sid' into sid 
Update to 4.19.20

See merge request kernel-team/linux!116
 2019-02-07 21:00:43 +00:00
Ben Hutchings 886c02b804 percpu: convert spin_lock_irq to spin_lock_irqsave 
This fixes boot failure with the alpha-generic flavour, discussed in
https://lists.debian.org/debian-alpha/2018/12/msg00001.html and
https://salsa.debian.org/kernel-team/linux/merge_requests/79
 2019-02-06 23:41:18 +00:00