debian-packaging
/
linux
8
0
Fork 0
Code Releases Activity
14,015 Commits 2 Branches 0 Tags 493 MiB
Commit Graph

1557 Commits

Author SHA1 Message Date
Noah Meyerhans 62e5e3199d Remove obsolete patches 2019-11-20 16:24:37 -08:00
Salvatore Bonaccorso 3e9a6acd20 ipv4: Return -ENETUNREACH if we can't create route but saddr is valid 
Closes: #945023
 2019-11-19 08:00:10 +01:00
Salvatore Bonaccorso 530030f117 ixgbe: Fix secpath usage for IPsec TX offload 
Closes: #930443
 2019-10-15 22:57:58 +02:00
Salvatore Bonaccorso 942d6ddd3f KVM: coalesced_mmio: add bounds checking (CVE-2019-14821) 2019-09-19 17:16:06 +02:00
Salvatore Bonaccorso 78f0b2574a vhost: make sure log_num < in_num (CVE-2019-14835) 2019-09-13 06:12:11 +02:00
Romain Perier 782d6ea880 ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term 
(CVE-2019-15118)
 2019-09-12 22:40:43 +02:00
Romain Perier aa8fb19232 ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit 
(CVE-2019-15117)

[carnil: Use 4.19.67-2+deb10u1 version for buster-security branch]
 2019-09-12 22:40:21 +02:00
Salvatore Bonaccorso e10bab8d2e Reference assigned CVE id for CVE-2019-15538 
Gbp-Dch: Ignore
 2019-08-25 17:31:05 +02:00
Salvatore Bonaccorso a065e442e2 xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT 2019-08-24 20:51:54 +02:00
Ben Hutchings 57f74f6573 netfilter: conntrack: Use consistent ct id hash calculation 
This fixes a regression in 4.19.44.
 2019-08-22 20:04:20 +01:00
Salvatore Bonaccorso 9bf2130b62 dm: disable DISCARD if the underlying storage no longer supports it 
Closes: #934331
 2019-08-21 21:41:04 +02:00
Ben Hutchings 0899b0f554 Update to 4.19.67 
* Drop patches which have been applied to 4.19-stable
* Drop "Revert "net: stmmac: Send TSO packets always from Queue 0"" in
  favour of upstream fix "net: stmmac: Re-work the queue selection for
  TSO packets"
* Refresh patches that became fuzzy
 2019-08-20 01:51:22 +01:00
Ben Hutchings 64c3754b90 Merge branch 'buster-security' into buster 
* Accept revert of "[sh4]: Check for kprobe trap number before trying
  to handle a kprobe trap" and update debian/changelog accordingly, as
  sh4 is not a release architecture
* Keep "[arm64] Improve support for the Huawei TaiShan server platform"
  which was reverted on the buster-security branch
 2019-08-18 19:29:59 +01:00
Salvatore Bonaccorso 07a6d57831 Add patchset for CVE-2019-1125 2019-08-07 08:34:30 +02:00
Romain Perier 3b76691d24 Bluetooth: hci_uart: check for missing tty operations (CVE-2019-10207) 2019-08-05 18:57:05 +02:00
Romain Perier ec64cb4c87 floppy: fix div-by-zero in setup_format_params (CVE-2019-14284) 
This retrieves the patch from the linux-4.19.y branch and refreshes the
previous one "floppy: fix out-of-bounds read in copy_buffer", because
this is firstly "floppy: fix div-by-zero in setup_format_params" that is
applied upstream, then the one regarding out-of-bounds read in copy_buffer.
The one for CVE-2019-14283 was previously refreshed because it was not
applicable directly. Now both patches are synchronized with upstream and
applied in the same order.
 2019-08-05 17:56:29 +02:00
Romain Perier 24c58d8c20 inet: switch IP ID generator to siphash (CVE-2019-10638) 2019-07-30 11:20:38 +02:00
Romain Perier 4962cdb584 floppy: fix out-of-bounds read in copy_buffer (CVE-2019-14283) 2019-07-30 11:14:00 +02:00
Uwe Kleine-König 8da545ad5d rtc-s35390a: backport fix to make hwclock able to read the time 2019-07-28 21:37:15 +02:00
Salvatore Bonaccorso e890639fa7 Replace Origin reference with reachable reference 
Gbp-Dch: Ignore
 2019-07-27 14:24:32 +02:00
Romain Perier 8cb769111f Input: gtco - bounds check collection indent level (CVE-2019-13631) 2019-07-27 13:15:59 +02:00
Romain Perier 167ecd4ada scsi: libsas: fix a race condition when smp task timeout (CVE-2018-20836) 2019-07-22 14:01:45 +02:00
Salvatore Bonaccorso 869c89cb6d Use patch headers as generated by git format-patch-for-debian 2019-07-20 21:14:38 +02:00
Romain Perier 1e1ff4ce9c binder: fix race between munmap() and direct reclaim (CVE-2019-1999) 2019-07-20 18:36:49 +02:00
Romain Perier 091f76e86d nfc: Ensure presence of required attributes in the deactivate_target handler (CVE-2019-12984) 2019-07-20 18:21:14 +02:00
Salvatore Bonaccorso c6f3814dc4 ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME (CVE-2019-13272) 2019-07-19 10:45:11 +02:00
Salvatore Bonaccorso eb5241a213 tcp: refine memory limit test in tcp_fragment() 
Closes: #930904
 2019-06-23 16:15:34 +02:00
Ben Hutchings 1e253edaa7 Add TCP DoS fixes 2019-06-17 19:46:08 +01:00
Ben Hutchings 4ea468554d mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (CVE-2019-10126) 2019-06-17 19:32:38 +01:00
Ben Hutchings e5664e23f5 mm/mincore.c: make mincore() more conservative (CVE-2019-5489) 2019-06-17 19:29:35 +01:00
Ben Hutchings 1894e89399 mwifiex: Don't abort on small, spec-compliant vendor IEs 2019-06-17 19:29:14 +01:00
Ben Hutchings 70b1e1a8fa mwifiex: Abort at too short BSS descriptor element 2019-06-17 19:25:01 +01:00
Ben Hutchings 54fa813858 mwifiex: Fix possible buffer overflows at parsing bss descriptor (CVE-2019-3846) 2019-06-17 19:24:10 +01:00
Salvatore Bonaccorso 3b44df1499 Bluetooth: hidp: fix buffer overflow (CVE-2019-11884) 2019-06-07 15:25:30 +02:00
Salvatore Bonaccorso 8910626bca ext4: zero out the unused memory region in the extent tree block (CVE-2019-11833) 2019-06-07 14:53:07 +02:00
Salvatore Bonaccorso 23527ae20b brcmfmac: add subtype check for event handling in data path (CVE-2019-9503) 2019-06-07 14:49:05 +02:00
Salvatore Bonaccorso 8970aaa563 brcmfmac: assure SSID length from firmware is limited (CVE-2019-9500) 2019-06-07 14:43:58 +02:00
Ben Hutchings 9b28931859 libbpf: Use only 2 components in soversion, matching package name 
Debian policy says the package name must change when the soname
changes.  We don't expect the ABI to change in a stable update,
so use only 2 components in both.
 2019-05-19 14:48:13 +01:00
Ben Hutchings a6879552b5 Drop unnecessary changes from "libbpf: add SONAME to shared object" 
It's not necessary to delete the definitions of the variables that
become unused.  Nor is it necessary to move the definition of
LIBBPF_VERSION before LIB_FILES, because the latter is defined
as recursively expanded (i.e. its variable references are not
immediately expanded).

This makes the actual change we're making clearer, and should
reduce the future work to maintain this patch.
 2019-05-19 14:36:25 +01:00
Ben Hutchings 9329ccdf87 [powerpc*] 64s: Include cpu header (fixes FTBFS) 2019-05-15 23:07:44 +01:00
Ben Hutchings 1565dc00f4 [x86] Mitigate Microarchitectural Data Sampling (MDS) vulnerabilities 
Together with a microcode update, this mitigates CVE-2018-12126,
CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091.
 2019-05-10 12:03:12 +01:00
Ben Hutchings ece5b4e4cd mm,fs: Prevent page refcount overflow (CVE-2019-11487) 2019-05-05 15:44:05 +01:00
Ben Hutchings 83f5e0f1ef tracing: Fix buffer_ref pipe ops 
This is preparation for fixing CVE-2019-11487.
 2019-05-05 15:42:32 +01:00
Ben Hutchings 4f3fa1e296 aio: Apply fixes from 4.19.38 (CVE-2019-10125) 2019-05-05 15:41:31 +01:00
Salvatore Bonaccorso 55a23e404a [amd64,arm64] vfio/type1: Limit DMA mappings per container (CVE-2019-3882) 2019-05-05 16:06:15 +02:00
Ben Hutchings 7ebc9f9504 Update to 4.19.37 
* Refresh/drop patches as appropriate
 2019-04-28 18:55:53 +01:00
Salvatore Bonaccorso ad494c2131 tty: mark Siemens R3964 line discipline as BROKEN (CVE-2019-11486) 2019-04-26 16:11:56 +02:00
Salvatore Bonaccorso 1c6240e692 inotify: Fix fsnotify_mark refcount leak in inotify_update_existing_watch() (CVE-2019-9857) 2019-04-26 14:54:14 +02:00
Salvatore Bonaccorso 2dff862341 ACPICA: Namespace: remove address node from global list after method termination 2019-04-19 21:06:18 +02:00
Salvatore Bonaccorso 4eef18f8b7 xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (CVE-2015-8553) 2019-04-14 22:39:31 +02:00