Salvatore Bonaccorso
6fe845e460
net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup (CVE-2020-1749)
2020-04-26 11:20:05 +02:00
Salvatore Bonaccorso
79c0009334
net: ipv6: add net argument to ip6_dst_lookup_flow
2020-04-26 11:14:36 +02:00
Salvatore Bonaccorso
cfa7bd0b02
f2fs: fix to avoid memory leakage in f2fs_listxattr (CVE-2020-0067)
2020-04-26 11:06:23 +02:00
Salvatore Bonaccorso
5a1d3e0c9e
Update to 4.19.112
...
Drop "wimax: i2400: fix memory leak"
Drop "wimax: i2400: Fix memory leak in i2400m_op_rfkill_sw_toggle"
Cleanup debian/changelog file
2020-04-09 21:46:10 +02:00
Salvatore Bonaccorso
c9a94477f2
Drop "tools/lib/api/fs/fs.c: Fix misuse of strncpy()"
2020-03-21 09:18:29 +01:00
Salvatore Bonaccorso
ffc4ceb049
Update to 4.19.102
...
Drop "vfs: fix do_last() regression"
Cleanup debian/changelog file
2020-03-21 09:18:28 +01:00
Salvatore Bonaccorso
f003f0dba9
Update to 4.19.101
...
Cleanup debian/changelog file
Drop "random: try to actively add entropy rather than passively wait for it"
2020-03-21 09:18:28 +01:00
Salvatore Bonaccorso
c2975cd055
Update to 4.19.100
...
Add CVE id reference for CVE-2020-8428
Drop "libertas: Fix two buffer overflows at parsing bss descriptor"
Drop "do_last(): fetch directory ->i_mode and ->i_uid before it's too late"
Cleanup debian/changelog file
2020-03-21 09:18:28 +01:00
Salvatore Bonaccorso
6465b7bcb4
Update to 4.19.99
...
Add CVE id reference for CVE-2019-19046
Drop "powerpc: vdso: Make vdso32 installation conditional in vdso_install"
Drop "net: ena: fix: Free napi resources when ena_up() fails"
Drop "net: ena: fix incorrect test of supported hash function"
Drop "net: ena: fix ena_com_fill_hash_function() implementation"
Drop "net: ena: fix swapped parameters when calling"
Cleanup debian/changelog file
2020-03-21 09:18:28 +01:00
Ben Hutchings
c0f84a03f2
[x86] Drop "Add a SysRq option to lift kernel lockdown" ( Closes : #947021 )
...
- This patch allowed remotely disabling lockdown using usbip
- Lockdown can be disabled by running "mokutil --disable-validation",
rebooting, and confirming the change when prompted
2020-03-21 09:00:35 +01:00
Salvatore Bonaccorso
0e1bc339a1
vfs: fix do_last() regression
2020-02-01 21:15:56 +01:00
Salvatore Bonaccorso
ff2a1c5362
do_last(): fetch directory ->i_mode and ->i_uid before it's too late (CVE-2020-8428)
2020-01-29 06:57:18 +01:00
Noah Meyerhans
428bd19863
random: try to actively add entropy rather than passively wait for it
...
Cherry pick 50ee7529ec45 from mainline. This addresses a lack of early entropy
in certain environments.
Closes : #948519
2020-01-20 12:44:37 -08:00
Ben Hutchings
56dd5fa07e
Add various security fixes not yet in 4.19-stable
...
All of these are already fixed in jessie, and upgrades shouldn't
regress.
2020-01-20 18:26:58 +00:00
Ben Hutchings
02a0b3eb56
Update to 4.19.91
...
* Drop/refresh patches as appropriate
* Several ABI changes still need to be resolved
2019-12-28 01:36:27 +00:00
Salvatore Bonaccorso
60468edbdf
Drop 0028-RDMA-hns-Bugfix-for-the-scene-without-receiver-queue.patch
2019-12-17 16:56:40 +01:00
Salvatore Bonaccorso
9d10b57769
Drop 0027-RDMA-hns-Fix-the-bug-with-updating-rq-head-pointer-w.patch
2019-12-17 16:56:40 +01:00
Salvatore Bonaccorso
f73fafb39e
Revert "arm64: preempt: Fix big-endian when checking preempt count in assembly"
2019-12-17 16:56:40 +01:00
Aurelien Jarno
1a33bc2ef8
Update to 4.19.87
...
Drop "net: ena: Fix Kconfig dependency on X86" applied upstream
Drop "scsi: hisi_sas: Feed back linkrate(max/min) when re-attached" applied upstream
Drop "scsi: hisi_sas: Fix the race between IO completion and timeout for SMP/internal IO" applied upstream
Drop "scsi: hisi_sas: Free slot later in slot_complete_vx_hw()" applied upstream
Drop "scsi: hisi_sas: Fix NULL pointer dereference" applied upstream
[rt] Refresh 0057-printk-Add-a-printk-kill-switch.patch (context changes in 4.19.87)
[rt] Refresh 0207-printk-Make-rt-aware.patch (context changes in 4.19.87)
Cleanup debian/changelog file
2019-12-01 17:19:47 +01:00
Aurelien Jarno
5ba5b367b7
Update to 4.19.85
...
Drop introduce is_pae_paging applied upstream
Cleanup debian/changelog file
2019-12-01 13:29:09 +01:00
Salvatore Bonaccorso
ea17f6edde
Update to 4.19.84
...
Drop TAA patches applied upstream
Drop ITLB_MULTIHIT patches applied upstream
Drop Intel i915 CVE fixes applied upstream
Add CVE id reference for CVE-2019-18813
Add CVE id reference for CVE-2019-19045
Add CVE id reference for CVE-2019-19052
Cleanup debian/changelog file
2019-12-01 10:54:59 +01:00
Salvatore Bonaccorso
a84ef0f6e4
[x86] KVM: x86: introduce is_pae_paging (Regression in 4.19.77)
...
Fixes a regression in 4.19.81 while including backport of 16cfacc80857
("KVM: x86: Manually calculate reserved bits when loading PDPTRS") but
not bf03d4f93347 ("KVM: x86: introduce is_pae_paging").
2019-11-25 17:52:40 +01:00
Ben Hutchings
8c4ce65f70
Drop "MIPS: tlbex: Fix build_restore_pagemask KScratch restore"
...
This was included in 4.19.81.
2019-11-25 01:09:29 +00:00
Ben Hutchings
beb8c412e8
Merge branch 'buster-4.19.81' into 'buster'
...
Buster 4.19.81
See merge request kernel-team/linux!183
2019-11-25 01:06:06 +00:00
Noah Meyerhans
43eae8169a
Remove obsolete patch
...
debian/abi/powerpc-avoid-abi-change-for-disabling-tm.patch let us postpone an
ABI bump. But with the 4.19.81 upstream release, we can no longer avoid it.
2019-11-24 23:50:30 +00:00
Ben Hutchings
fc769a9bb3
Merge branch 'bpoirier-guest/linux-buster' into buster
...
tools/perf: Add python3 support to scripts
See merge request kernel-team/linux!184
2019-11-24 19:25:28 +00:00
Aurelien Jarno
9397b7ea0e
[mips*] tlbex: Fix build_restore_pagemask KScratch restore.
2019-11-23 22:23:57 +01:00
Noah Meyerhans
62e5e3199d
Remove obsolete patches
2019-11-20 16:24:37 -08:00
Benjamin Poirier
016066336b
tools/perf: Add python3 support to scripts
2019-11-20 15:04:24 +09:00
Salvatore Bonaccorso
3e9a6acd20
ipv4: Return -ENETUNREACH if we can't create route but saddr is valid
...
Closes : #945023
2019-11-19 08:00:10 +01:00
Salvatore Bonaccorso
014f165375
Release linux (4.19.67-2+deb10u2).
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAl3JkpgACgkQ57/I7JWG
EQkwVhAAwN5/oNLjJcrhJjGvLW36QIcli05GoNH1hqLNlppwFwzxFYms5f4Y0uAn
lu5wWo59jL2xqnZ0azNg7ukujVUyLuVEsBuShCBmkSWtt+3mXjKJay1lnwtEei1R
w2WnXIsAFdSocpnCq7BfQi0sGgUetPJANkkXe019x8H7DmzugisnArp4hX7e7eU5
JaRuugKTquYjPNN1mQaNS3/C6ODWRBZlTjafznZ3lTme9ku195oUAJWvyU6/AMDB
+QB9lnaWVNsWkKt3Hx0yquY6sFHYhDhxxKXdULWDwjTW4r1Ye5DKJT433gbKjhTZ
sILbbXMs2eEv9KM+NvMB96s32z+dc59q1KM3IeAKqQljsqngquqvBQtFRqJYtUCA
k4HY0wO/2EapWnYnO0z7XekjolZlK7Nj6aldysZ8f6V1q13apPraYKscQyMLTAfy
CXaUP3bsaxKZvEtlz4+x9OHIqKVrIzI8mLujcpgildz8E3bToXZCgK+CzIAFCdy+
vY1wUoP5S/DCdgvAIzyT9g2VoFae3DNRNv2DSC53FMHaD1PRwE2wf4XgXSAc4hC+
s3orsvA8PpHj7BpAa3D3JnrZbP/kAn+rFCqUha/6cs5npOUwpSs1SNdil60K130q
dS9KcnWY2Do7fp6xc0T4WCRcR6osDJp3WzTmuHpHivfuP26VwXY=
=aKic
-----END PGP SIGNATURE-----
Merge tag 'debian/4.19.67-2+deb10u2' into buster
Release linux (4.19.67-2+deb10u2).
2019-11-19 07:42:38 +01:00
Ben Hutchings
9a2df80e9d
Drop "x86/cpu: Add Tremont to the cpu vulnerability whitelist"
...
We don't have this CPU ID, and I don't see the point in adding it
right now.
2019-11-11 00:29:38 +00:00
Ben Hutchings
6d8b0092bb
[x86] drm/i915/cmdparser: Fix jump whitelist clearing
...
Fix a flaw I found in the mitigation for CVE-2019-0155.
2019-11-10 22:41:41 +00:00
Ben Hutchings
feec1caa94
[x86] i915: Add mitigations for two hardware security flaws
2019-11-10 02:53:32 +00:00
Ben Hutchings
c2443a2e97
[x86] Update TAA and NX fixes to pending stable backports
2019-11-09 20:17:15 +00:00
Salvatore Bonaccorso
be004c1b69
x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs
2019-11-08 00:14:38 +01:00
Ben Hutchings
37baed7166
[x86] Update TAA (Borislav v2) and NX (v9) fixes
...
The upstream commits for these are now finalised, so we shouldn't need
to replace patches after this (but might need to add more).
2019-11-07 18:10:48 +00:00
Salvatore Bonaccorso
cd92ab49c4
KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active
2019-11-07 17:32:14 +01:00
Noah Meyerhans
87c48ee54f
drivers/net/ethernet/amazon: Backport ENA driver from Linux 5.4
2019-10-29 09:47:59 -07:00
Ben Hutchings
537ad2315a
[x86] Update TAA patch set to v7
2019-10-24 22:52:37 +01:00
Ben Hutchings
b2cc5e7f74
[x86] Update NX patch set to v7
2019-10-24 22:48:50 +01:00
Ben Hutchings
96c0e74c50
[x86] Add mitigation for TSX Asynchronous Abort (CVE-2019-11135)
...
This is a backport of v6 of the TAA patch set, and will probably
require updates before release. The subject lines for these patches
didn't come through.
2019-10-20 14:51:55 +01:00
Ben Hutchings
d9bd594144
[x86] KVM: Add mitigation for Machine Check Error on Page Size Change
...
(aka iTLB multi-hit, CVE-2018-12207)
This is a backport of v6 of the "NX" patch set, and will probably
require updates before release.
2019-10-20 14:46:13 +01:00
Ben Hutchings
9aee5ae400
debian/patches/series: Apply security fixes last (except ABI maintenance)
...
The security fixes are where we have the greatest churn, so it's
convenient if they can be pushed/popped without having to go through
other patches.
2019-10-20 14:37:29 +01:00
Romain Perier
1df282987d
[armhf, arm64] Backport devicetree for enabling support for the Raspberry PI 3 A+
...
We already have everything we need inside the kernel 4.19.x for
supporting this board. backporting patches from upstream so we get
the support for buster.
2019-10-16 20:07:45 +02:00
Salvatore Bonaccorso
530030f117
ixgbe: Fix secpath usage for IPsec TX offload
...
Closes : #930443
2019-10-15 22:57:58 +02:00
Salvatore Bonaccorso
942d6ddd3f
KVM: coalesced_mmio: add bounds checking (CVE-2019-14821)
2019-09-19 17:16:06 +02:00
Salvatore Bonaccorso
c0096a08f9
[x86] ptrace: fix up botched merge of spectrev1 fix (CVE-2019-15902)
2019-09-18 21:35:01 +02:00
Salvatore Bonaccorso
78f0b2574a
vhost: make sure log_num < in_num (CVE-2019-14835)
2019-09-13 06:12:11 +02:00
Romain Perier
782d6ea880
ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term
...
(CVE-2019-15118)
2019-09-12 22:40:43 +02:00