Ben Hutchings
9329ccdf87
[powerpc*] 64s: Include cpu header (fixes FTBFS)
2019-05-15 23:07:44 +01:00
Ben Hutchings
1565dc00f4
[x86] Mitigate Microarchitectural Data Sampling (MDS) vulnerabilities
...
Together with a microcode update, this mitigates CVE-2018-12126,
CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091.
2019-05-10 12:03:12 +01:00
Ben Hutchings
ece5b4e4cd
mm,fs: Prevent page refcount overflow (CVE-2019-11487)
2019-05-05 15:44:05 +01:00
Ben Hutchings
83f5e0f1ef
tracing: Fix buffer_ref pipe ops
...
This is preparation for fixing CVE-2019-11487.
2019-05-05 15:42:32 +01:00
Ben Hutchings
4f3fa1e296
aio: Apply fixes from 4.19.38 (CVE-2019-10125)
2019-05-05 15:41:31 +01:00
Salvatore Bonaccorso
55a23e404a
[amd64,arm64] vfio/type1: Limit DMA mappings per container (CVE-2019-3882)
2019-05-05 16:06:15 +02:00
Ben Hutchings
2c62d20848
MODSIGN: Make shash allocation failure fatal
2019-05-05 13:47:00 +01:00
Luca Boccassi
643cc8a41c
Add patches to enable loading dbx and MOKX blacklists
...
Import patches from:
https://lore.kernel.org/patchwork/cover/933178/
that allow to also load dbx and MOKX as blacklists for modules.
These patches also disable loading MOK/MOKX when secure boot is
not enabled, as the variables will not be safe, and to check the
variables attributes before accepting them.
2019-05-02 23:04:18 +01:00
Luca Boccassi
188df85f5b
Add patches to enable loading db and MOK keys
...
Import patches from:
http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-uefi
that enable a new option that automatically loads keys from db
and MOK into the secondary keyring, so that they can be used to
verify the signature of kernel modules. Enable the required KCONFIGs.
Allows users to self-sign modules (eg: dkms).
2019-05-02 22:59:42 +01:00
Ben Hutchings
7ebc9f9504
Update to 4.19.37
...
* Refresh/drop patches as appropriate
2019-04-28 18:55:53 +01:00
Salvatore Bonaccorso
ad494c2131
tty: mark Siemens R3964 line discipline as BROKEN (CVE-2019-11486)
2019-04-26 16:11:56 +02:00
Salvatore Bonaccorso
1c6240e692
inotify: Fix fsnotify_mark refcount leak in inotify_update_existing_watch() (CVE-2019-9857)
2019-04-26 14:54:14 +02:00
Ben Hutchings
cda3581467
ntfs: Mark it as broken, and add CVE IDs that are being closed
2019-04-25 15:35:56 +01:00
Aurelien Jarno
223d2f61ad
[mips] Fix indirect syscall tracing & seccomp filtering for big endian MIPS64 kernels with 32-bit userland.
2019-04-23 19:35:04 +02:00
Ben Hutchings
fb4777ce47
lockdown: Refer to Debian wiki until manual page exists
2019-04-21 00:22:20 +01:00
Salvatore Bonaccorso
2dff862341
ACPICA: Namespace: remove address node from global list after method termination
2019-04-19 21:06:18 +02:00
Salvatore Bonaccorso
4eef18f8b7
xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (CVE-2015-8553)
2019-04-14 22:39:31 +02:00
Luca Boccassi
5a39ad2910
Generate and install libbpf.pc
...
Backport patch from bpf-next and install libbpf.pc in libbpf-dev
2019-04-11 23:15:22 +01:00
Ben Hutchings
502148bb02
[armhf,arm64[ Revert "net: stmmac: Send TSO packets always from Queue 0"
2019-04-09 01:05:01 +01:00
Ben Hutchings
821ec1b181
Update to 4.19.34
...
* Drop/refresh patches as appropriate
2019-04-09 00:27:06 +01:00
Ben Hutchings
6039118f59
[powerpc*] vdso: Make vdso32 installation conditional in vdso_install
...
Closes : #785065
This finally removes the need for the ppc64el compiler to support
32-bit code generation, and removes a useless file from debug
packages on ppc64el.
2019-03-22 04:28:49 +00:00
Ben Hutchings
20351317dd
[x86] Drop fix for #865303 , which no longer affects Debian's OpenJDK
...
This workaround is no longer needed for Debian's OpenJDK packages:
* OpenJDK 7 is unfixed (bug #876068 ) but is not present in stretch or
later suites
* OpenJDK 8 was fixed in unstable (bug #876051 ) and the fix was then
included in a stretch security update
* OpenJDK 9 and later were fixed (bug #876069 )
The workaround was never applied upstream and it also doesn't seem
like a good idea to have a Debian-specific VM quirk that weakens the
defence against Stack Clash. Therefore drop it now rather than
including it in another release.
2019-03-13 18:37:35 +00:00
YunQiang Su
2357044444
[mipsel/mips64el] Backport loongson workarounds
...
MIPS: Loongson: Introduce and use loongson_llsc_mb()
2019-03-06 21:15:23 +08:00
Marcin Juszkiewicz
37e6c11924
update to 4.19.24
2019-03-05 14:28:55 +01:00
Marcin Juszkiewicz
4a0b4cb79e
update to 4.19.21
2019-03-05 14:28:55 +01:00
Vagrant Cascadian
5cb904c8a9
[arm64] Add patch from v4.20 to enable device-tree for Pine64-LTS.
2019-03-04 07:56:07 -08:00
Salvatore Bonaccorso
76a21e66e3
Btrfs: fix corruption reading shared and compressed extents after hole punching
...
Closes : #922306
2019-02-26 21:06:35 +01:00
Vagrant Cascadian
357888c75c
[arm64] Add patch from next-20190215 working around A64 timer issues.
2019-02-16 23:43:14 -08:00
Vagrant Cascadian
3f699085ff
[armhf] Add patch from upstream fixing cpufreq on Orange Pi Plus.
2019-02-16 19:54:39 -08:00
Ben Hutchings
1d80b19d87
mt76: Use the correct hweight8() function (fixes FTBFS on ia64)
2019-02-12 15:39:34 +00:00
Salvatore Bonaccorso
5019a8394c
HID: debug: fix the ring buffer implementation (CVE-2019-3819)
2019-02-09 15:14:06 +01:00
Salvatore Bonaccorso
00224672bb
[x86] KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221)
2019-02-08 10:32:39 +01:00
Salvatore Bonaccorso
fb1b32a316
[x86] KVM: work around leak of uninitialized stack contents (CVE-2019-7222)
2019-02-08 10:18:28 +01:00
Salvatore Bonaccorso
71aa687bf8
kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)
2019-02-08 10:01:58 +01:00
Ben Hutchings
f6cfd5f990
Merge branch 'hrw-guest/linux-sid' into sid
...
Update to 4.19.20
See merge request kernel-team/linux!116
2019-02-07 21:00:43 +00:00
Ben Hutchings
886c02b804
percpu: convert spin_lock_irq to spin_lock_irqsave
...
This fixes boot failure with the alpha-generic flavour, discussed in
https://lists.debian.org/debian-alpha/2018/12/msg00001.html and
https://salsa.debian.org/kernel-team/linux/merge_requests/79
2019-02-06 23:41:18 +00:00
Marcin Juszkiewicz
8f73ffdafe
Update to 4.19.20
2019-02-06 19:57:01 +00:00
Marcin Juszkiewicz
954102fe6b
Update to 4.19.19
2019-02-06 19:57:01 +00:00
Salvatore Bonaccorso
86ff06cd73
[x86] kvmclock: set offset for kvm unstable clock
...
Closes : #918036
2019-01-30 17:14:36 +01:00
Yves-Alexis Perez
fceb8a1734
update to 4.19.15
2019-01-16 11:09:49 +01:00
Yves-Alexis Perez
bfc928ff1a
update to 4.19.14
2019-01-16 11:09:26 +01:00
Salvatore Bonaccorso
c2ac4cd321
posix-cpu-timers: Unbreak timer rearming
...
Closes : #919019
Closes : #919049
2019-01-12 11:25:48 +01:00
Salvatore Bonaccorso
c91e16558f
ipv6: Consider sk_bound_dev_if when binding a socket to an address
...
Closes : #918103
2019-01-04 10:33:34 +01:00
Yves-Alexis Perez
f58750e12d
smb3: fix large reads on encrypted connections
2019-01-02 10:39:19 +01:00
John Paul Adrian Glaubitz
ce458bb4d5
[m68k] Add patch to build with -ffreestanding to fix FTBFS
2018-12-30 10:31:31 +01:00
Salvatore Bonaccorso
fae8df0f68
Update to 4.19.13
...
Drop iomap-Revert-fs-iomap.c-get-put-the-page-in-iomap_pa.patch
Drop usb-hso-fix-oob-memory-access-in-hso_probe-hso_get_config_data.patch
Add bug closer for #917569
Cleanup debian/changelog file
2018-12-29 14:21:52 +01:00
Salvatore Bonaccorso
7fb96c41ce
USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data (CVE-2018-19985)
2018-12-27 09:00:59 +01:00
Ben Hutchings
130a6a563b
[riscv64] tools uapi: fix RISC-V 64-bit support
...
Apply Aurelien's patch instead of mine.
2018-12-26 01:44:33 +00:00
Ben Hutchings
6a75ed21c7
[powerpcspe] Fix -mcpu= options for SPE-only compiler
2018-12-26 00:06:02 +00:00
Ben Hutchings
64e3d0683d
[riscv64] tools/include/.../bitsperlong.h: Add support for riscv
2018-12-25 23:02:20 +00:00