debian-packaging
/
linux
8
0
Fork 0
Code Releases Activity
13,886 Commits 2 Branches 0 Tags 493 MiB
Commit Graph

3131 Commits

Author SHA1 Message Date
Ben Hutchings 9329ccdf87 [powerpc*] 64s: Include cpu header (fixes FTBFS) 2019-05-15 23:07:44 +01:00
Ben Hutchings 1565dc00f4 [x86] Mitigate Microarchitectural Data Sampling (MDS) vulnerabilities 
Together with a microcode update, this mitigates CVE-2018-12126,
CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091.
 2019-05-10 12:03:12 +01:00
Ben Hutchings ece5b4e4cd mm,fs: Prevent page refcount overflow (CVE-2019-11487) 2019-05-05 15:44:05 +01:00
Ben Hutchings 83f5e0f1ef tracing: Fix buffer_ref pipe ops 
This is preparation for fixing CVE-2019-11487.
 2019-05-05 15:42:32 +01:00
Ben Hutchings 4f3fa1e296 aio: Apply fixes from 4.19.38 (CVE-2019-10125) 2019-05-05 15:41:31 +01:00
Salvatore Bonaccorso 55a23e404a [amd64,arm64] vfio/type1: Limit DMA mappings per container (CVE-2019-3882) 2019-05-05 16:06:15 +02:00
Ben Hutchings 2c62d20848 MODSIGN: Make shash allocation failure fatal 2019-05-05 13:47:00 +01:00
Luca Boccassi 643cc8a41c Add patches to enable loading dbx and MOKX blacklists 
Import patches from:

https://lore.kernel.org/patchwork/cover/933178/

that allow to also load dbx and MOKX as blacklists for modules.
These patches also disable loading MOK/MOKX when secure boot is
not enabled, as the variables will not be safe, and to check the
variables attributes before accepting them.
 2019-05-02 23:04:18 +01:00
Luca Boccassi 188df85f5b Add patches to enable loading db and MOK keys 
Import patches from:

http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-uefi

that enable a new option that automatically loads keys from db
and MOK into the secondary keyring, so that they can be used to
verify the signature of kernel modules. Enable the required KCONFIGs.
Allows users to self-sign modules (eg: dkms).
 2019-05-02 22:59:42 +01:00
Ben Hutchings 7ebc9f9504 Update to 4.19.37 
* Refresh/drop patches as appropriate
 2019-04-28 18:55:53 +01:00
Salvatore Bonaccorso ad494c2131 tty: mark Siemens R3964 line discipline as BROKEN (CVE-2019-11486) 2019-04-26 16:11:56 +02:00
Salvatore Bonaccorso 1c6240e692 inotify: Fix fsnotify_mark refcount leak in inotify_update_existing_watch() (CVE-2019-9857) 2019-04-26 14:54:14 +02:00
Ben Hutchings cda3581467 ntfs: Mark it as broken, and add CVE IDs that are being closed 2019-04-25 15:35:56 +01:00
Aurelien Jarno 223d2f61ad [mips] Fix indirect syscall tracing & seccomp filtering for big endian MIPS64 kernels with 32-bit userland. 2019-04-23 19:35:04 +02:00
Ben Hutchings fb4777ce47 lockdown: Refer to Debian wiki until manual page exists 2019-04-21 00:22:20 +01:00
Salvatore Bonaccorso 2dff862341 ACPICA: Namespace: remove address node from global list after method termination 2019-04-19 21:06:18 +02:00
Salvatore Bonaccorso 4eef18f8b7 xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (CVE-2015-8553) 2019-04-14 22:39:31 +02:00
Luca Boccassi 5a39ad2910 Generate and install libbpf.pc 
Backport patch from bpf-next and install libbpf.pc in libbpf-dev
 2019-04-11 23:15:22 +01:00
Ben Hutchings 502148bb02 [armhf,arm64[ Revert "net: stmmac: Send TSO packets always from Queue 0" 2019-04-09 01:05:01 +01:00
Ben Hutchings 821ec1b181 Update to 4.19.34 
* Drop/refresh patches as appropriate
 2019-04-09 00:27:06 +01:00
Ben Hutchings 6039118f59 [powerpc*] vdso: Make vdso32 installation conditional in vdso_install 
Closes: #785065

This finally removes the need for the ppc64el compiler to support
32-bit code generation, and removes a useless file from debug
packages on ppc64el.
 2019-03-22 04:28:49 +00:00
Ben Hutchings 20351317dd [x86] Drop fix for #865303, which no longer affects Debian's OpenJDK 
This workaround is no longer needed for Debian's OpenJDK packages:

* OpenJDK 7 is unfixed (bug #876068) but is not present in stretch or
  later suites
* OpenJDK 8 was fixed in unstable (bug #876051) and the fix was then
  included in a stretch security update
* OpenJDK 9 and later were fixed (bug #876069)

The workaround was never applied upstream and it also doesn't seem
like a good idea to have a Debian-specific VM quirk that weakens the
defence against Stack Clash.  Therefore drop it now rather than
including it in another release.
 2019-03-13 18:37:35 +00:00
YunQiang Su 2357044444 [mipsel/mips64el] Backport loongson workarounds 
MIPS: Loongson: Introduce and use loongson_llsc_mb()
 2019-03-06 21:15:23 +08:00
Marcin Juszkiewicz 37e6c11924 update to 4.19.24 2019-03-05 14:28:55 +01:00
Marcin Juszkiewicz 4a0b4cb79e update to 4.19.21 2019-03-05 14:28:55 +01:00
Vagrant Cascadian 5cb904c8a9 [arm64] Add patch from v4.20 to enable device-tree for Pine64-LTS. 2019-03-04 07:56:07 -08:00
Salvatore Bonaccorso 76a21e66e3 Btrfs: fix corruption reading shared and compressed extents after hole punching 
Closes: #922306
 2019-02-26 21:06:35 +01:00
Vagrant Cascadian 357888c75c [arm64] Add patch from next-20190215 working around A64 timer issues. 2019-02-16 23:43:14 -08:00
Vagrant Cascadian 3f699085ff [armhf] Add patch from upstream fixing cpufreq on Orange Pi Plus. 2019-02-16 19:54:39 -08:00
Ben Hutchings 1d80b19d87 mt76: Use the correct hweight8() function (fixes FTBFS on ia64) 2019-02-12 15:39:34 +00:00
Salvatore Bonaccorso 5019a8394c HID: debug: fix the ring buffer implementation (CVE-2019-3819) 2019-02-09 15:14:06 +01:00
Salvatore Bonaccorso 00224672bb [x86] KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221) 2019-02-08 10:32:39 +01:00
Salvatore Bonaccorso fb1b32a316 [x86] KVM: work around leak of uninitialized stack contents (CVE-2019-7222) 2019-02-08 10:18:28 +01:00
Salvatore Bonaccorso 71aa687bf8 kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974) 2019-02-08 10:01:58 +01:00
Ben Hutchings f6cfd5f990 Merge branch 'hrw-guest/linux-sid' into sid 
Update to 4.19.20

See merge request kernel-team/linux!116
 2019-02-07 21:00:43 +00:00
Ben Hutchings 886c02b804 percpu: convert spin_lock_irq to spin_lock_irqsave 
This fixes boot failure with the alpha-generic flavour, discussed in
https://lists.debian.org/debian-alpha/2018/12/msg00001.html and
https://salsa.debian.org/kernel-team/linux/merge_requests/79
 2019-02-06 23:41:18 +00:00
Marcin Juszkiewicz 8f73ffdafe Update to 4.19.20 2019-02-06 19:57:01 +00:00
Marcin Juszkiewicz 954102fe6b Update to 4.19.19 2019-02-06 19:57:01 +00:00
Salvatore Bonaccorso 86ff06cd73 [x86] kvmclock: set offset for kvm unstable clock 
Closes: #918036
 2019-01-30 17:14:36 +01:00
Yves-Alexis Perez fceb8a1734 update to 4.19.15 2019-01-16 11:09:49 +01:00
Yves-Alexis Perez bfc928ff1a update to 4.19.14 2019-01-16 11:09:26 +01:00
Salvatore Bonaccorso c2ac4cd321 posix-cpu-timers: Unbreak timer rearming 
Closes: #919019
Closes: #919049
 2019-01-12 11:25:48 +01:00
Salvatore Bonaccorso c91e16558f ipv6: Consider sk_bound_dev_if when binding a socket to an address 
Closes: #918103
 2019-01-04 10:33:34 +01:00
Yves-Alexis Perez f58750e12d smb3: fix large reads on encrypted connections 2019-01-02 10:39:19 +01:00
John Paul Adrian Glaubitz ce458bb4d5 [m68k] Add patch to build with -ffreestanding to fix FTBFS 2018-12-30 10:31:31 +01:00
Salvatore Bonaccorso fae8df0f68 Update to 4.19.13 
Drop iomap-Revert-fs-iomap.c-get-put-the-page-in-iomap_pa.patch

Drop usb-hso-fix-oob-memory-access-in-hso_probe-hso_get_config_data.patch

Add bug closer for #917569

Cleanup debian/changelog file
 2018-12-29 14:21:52 +01:00
Salvatore Bonaccorso 7fb96c41ce USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data (CVE-2018-19985) 2018-12-27 09:00:59 +01:00
Ben Hutchings 130a6a563b [riscv64] tools uapi: fix RISC-V 64-bit support 
Apply Aurelien's patch instead of mine.
 2018-12-26 01:44:33 +00:00
Ben Hutchings 6a75ed21c7 [powerpcspe] Fix -mcpu= options for SPE-only compiler 2018-12-26 00:06:02 +00:00
Ben Hutchings 64e3d0683d [riscv64] tools/include/.../bitsperlong.h: Add support for riscv 2018-12-25 23:02:20 +00:00