Salvatore Bonaccorso
1e0b8b17f3
Update to 4.19.118
...
Cleanup debian/changelog file
Refresh "firmware: Remove redundant log messages from drivers" for context changes in 4.19.118
2020-04-23 20:41:14 +02:00
Salvatore Bonaccorso
5a1d3e0c9e
Update to 4.19.112
...
Drop "wimax: i2400: fix memory leak"
Drop "wimax: i2400: Fix memory leak in i2400m_op_rfkill_sw_toggle"
Cleanup debian/changelog file
2020-04-09 21:46:10 +02:00
Salvatore Bonaccorso
c9a94477f2
Drop "tools/lib/api/fs/fs.c: Fix misuse of strncpy()"
2020-03-21 09:18:29 +01:00
Salvatore Bonaccorso
ffc4ceb049
Update to 4.19.102
...
Drop "vfs: fix do_last() regression"
Cleanup debian/changelog file
2020-03-21 09:18:28 +01:00
Salvatore Bonaccorso
f003f0dba9
Update to 4.19.101
...
Cleanup debian/changelog file
Drop "random: try to actively add entropy rather than passively wait for it"
2020-03-21 09:18:28 +01:00
Salvatore Bonaccorso
c2975cd055
Update to 4.19.100
...
Add CVE id reference for CVE-2020-8428
Drop "libertas: Fix two buffer overflows at parsing bss descriptor"
Drop "do_last(): fetch directory ->i_mode and ->i_uid before it's too late"
Cleanup debian/changelog file
2020-03-21 09:18:28 +01:00
Salvatore Bonaccorso
0e1bc339a1
vfs: fix do_last() regression
2020-02-01 21:15:56 +01:00
Salvatore Bonaccorso
ff2a1c5362
do_last(): fetch directory ->i_mode and ->i_uid before it's too late (CVE-2020-8428)
2020-01-29 06:57:18 +01:00
Salvatore Bonaccorso
b712c4f536
Adjust CVE id in patch header for CVE-2019-19051 patch
...
Gbp-Dch: Ignore
2020-01-26 20:59:38 +01:00
Noah Meyerhans
428bd19863
random: try to actively add entropy rather than passively wait for it
...
Cherry pick 50ee7529ec45 from mainline. This addresses a lack of early entropy
in certain environments.
Closes : #948519
2020-01-20 12:44:37 -08:00
Ben Hutchings
56dd5fa07e
Add various security fixes not yet in 4.19-stable
...
All of these are already fixed in jessie, and upgrades shouldn't
regress.
2020-01-20 18:26:58 +00:00
Ben Hutchings
beb8c412e8
Merge branch 'buster-4.19.81' into 'buster'
...
Buster 4.19.81
See merge request kernel-team/linux!183
2019-11-25 01:06:06 +00:00
Ben Hutchings
1b0a012af5
debian/patches: Fix broken Subject fields in the perf script patches
...
The Origin and Bug-Debian fields were inserted in the middle of the
word-wrapped Subject fields in a few patches.
2019-11-24 19:17:51 +00:00
Noah Meyerhans
8c9e9430c2
Refresh remaining patches
2019-11-20 16:24:37 -08:00
Noah Meyerhans
62e5e3199d
Remove obsolete patches
2019-11-20 16:24:37 -08:00
Benjamin Poirier
016066336b
tools/perf: Add python3 support to scripts
2019-11-20 15:04:24 +09:00
Salvatore Bonaccorso
3e9a6acd20
ipv4: Return -ENETUNREACH if we can't create route but saddr is valid
...
Closes : #945023
2019-11-19 08:00:10 +01:00
Salvatore Bonaccorso
530030f117
ixgbe: Fix secpath usage for IPsec TX offload
...
Closes : #930443
2019-10-15 22:57:58 +02:00
Salvatore Bonaccorso
942d6ddd3f
KVM: coalesced_mmio: add bounds checking (CVE-2019-14821)
2019-09-19 17:16:06 +02:00
Salvatore Bonaccorso
78f0b2574a
vhost: make sure log_num < in_num (CVE-2019-14835)
2019-09-13 06:12:11 +02:00
Romain Perier
782d6ea880
ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term
...
(CVE-2019-15118)
2019-09-12 22:40:43 +02:00
Romain Perier
aa8fb19232
ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit
...
(CVE-2019-15117)
[carnil: Use 4.19.67-2+deb10u1 version for buster-security branch]
2019-09-12 22:40:21 +02:00
Salvatore Bonaccorso
e10bab8d2e
Reference assigned CVE id for CVE-2019-15538
...
Gbp-Dch: Ignore
2019-08-25 17:31:05 +02:00
Salvatore Bonaccorso
a065e442e2
xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT
2019-08-24 20:51:54 +02:00
Ben Hutchings
57f74f6573
netfilter: conntrack: Use consistent ct id hash calculation
...
This fixes a regression in 4.19.44.
2019-08-22 20:04:20 +01:00
Salvatore Bonaccorso
9bf2130b62
dm: disable DISCARD if the underlying storage no longer supports it
...
Closes : #934331
2019-08-21 21:41:04 +02:00
Ben Hutchings
0899b0f554
Update to 4.19.67
...
* Drop patches which have been applied to 4.19-stable
* Drop "Revert "net: stmmac: Send TSO packets always from Queue 0"" in
favour of upstream fix "net: stmmac: Re-work the queue selection for
TSO packets"
* Refresh patches that became fuzzy
2019-08-20 01:51:22 +01:00
Ben Hutchings
64c3754b90
Merge branch 'buster-security' into buster
...
* Accept revert of "[sh4]: Check for kprobe trap number before trying
to handle a kprobe trap" and update debian/changelog accordingly, as
sh4 is not a release architecture
* Keep "[arm64] Improve support for the Huawei TaiShan server platform"
which was reverted on the buster-security branch
2019-08-18 19:29:59 +01:00
Salvatore Bonaccorso
07a6d57831
Add patchset for CVE-2019-1125
2019-08-07 08:34:30 +02:00
Romain Perier
3b76691d24
Bluetooth: hci_uart: check for missing tty operations (CVE-2019-10207)
2019-08-05 18:57:05 +02:00
Romain Perier
ec64cb4c87
floppy: fix div-by-zero in setup_format_params (CVE-2019-14284)
...
This retrieves the patch from the linux-4.19.y branch and refreshes the
previous one "floppy: fix out-of-bounds read in copy_buffer", because
this is firstly "floppy: fix div-by-zero in setup_format_params" that is
applied upstream, then the one regarding out-of-bounds read in copy_buffer.
The one for CVE-2019-14283 was previously refreshed because it was not
applicable directly. Now both patches are synchronized with upstream and
applied in the same order.
2019-08-05 17:56:29 +02:00
Romain Perier
24c58d8c20
inet: switch IP ID generator to siphash (CVE-2019-10638)
2019-07-30 11:20:38 +02:00
Romain Perier
4962cdb584
floppy: fix out-of-bounds read in copy_buffer (CVE-2019-14283)
2019-07-30 11:14:00 +02:00
Uwe Kleine-König
8da545ad5d
rtc-s35390a: backport fix to make hwclock able to read the time
2019-07-28 21:37:15 +02:00
Salvatore Bonaccorso
e890639fa7
Replace Origin reference with reachable reference
...
Gbp-Dch: Ignore
2019-07-27 14:24:32 +02:00
Romain Perier
8cb769111f
Input: gtco - bounds check collection indent level (CVE-2019-13631)
2019-07-27 13:15:59 +02:00
Romain Perier
167ecd4ada
scsi: libsas: fix a race condition when smp task timeout (CVE-2018-20836)
2019-07-22 14:01:45 +02:00
Salvatore Bonaccorso
869c89cb6d
Use patch headers as generated by git format-patch-for-debian
2019-07-20 21:14:38 +02:00
Romain Perier
1e1ff4ce9c
binder: fix race between munmap() and direct reclaim (CVE-2019-1999)
2019-07-20 18:36:49 +02:00
Romain Perier
091f76e86d
nfc: Ensure presence of required attributes in the deactivate_target handler (CVE-2019-12984)
2019-07-20 18:21:14 +02:00
Salvatore Bonaccorso
c6f3814dc4
ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME (CVE-2019-13272)
2019-07-19 10:45:11 +02:00
Salvatore Bonaccorso
eb5241a213
tcp: refine memory limit test in tcp_fragment()
...
Closes : #930904
2019-06-23 16:15:34 +02:00
Ben Hutchings
1e253edaa7
Add TCP DoS fixes
2019-06-17 19:46:08 +01:00
Ben Hutchings
4ea468554d
mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (CVE-2019-10126)
2019-06-17 19:32:38 +01:00
Ben Hutchings
e5664e23f5
mm/mincore.c: make mincore() more conservative (CVE-2019-5489)
2019-06-17 19:29:35 +01:00
Ben Hutchings
1894e89399
mwifiex: Don't abort on small, spec-compliant vendor IEs
2019-06-17 19:29:14 +01:00
Ben Hutchings
70b1e1a8fa
mwifiex: Abort at too short BSS descriptor element
2019-06-17 19:25:01 +01:00
Ben Hutchings
54fa813858
mwifiex: Fix possible buffer overflows at parsing bss descriptor (CVE-2019-3846)
2019-06-17 19:24:10 +01:00
Salvatore Bonaccorso
3b44df1499
Bluetooth: hidp: fix buffer overflow (CVE-2019-11884)
2019-06-07 15:25:30 +02:00
Salvatore Bonaccorso
8910626bca
ext4: zero out the unused memory region in the extent tree block (CVE-2019-11833)
2019-06-07 14:53:07 +02:00
Salvatore Bonaccorso
23527ae20b
brcmfmac: add subtype check for event handling in data path (CVE-2019-9503)
2019-06-07 14:49:05 +02:00
Salvatore Bonaccorso
8970aaa563
brcmfmac: assure SSID length from firmware is limited (CVE-2019-9500)
2019-06-07 14:43:58 +02:00
Ben Hutchings
9b28931859
libbpf: Use only 2 components in soversion, matching package name
...
Debian policy says the package name must change when the soname
changes. We don't expect the ABI to change in a stable update,
so use only 2 components in both.
2019-05-19 14:48:13 +01:00
Ben Hutchings
a6879552b5
Drop unnecessary changes from "libbpf: add SONAME to shared object"
...
It's not necessary to delete the definitions of the variables that
become unused. Nor is it necessary to move the definition of
LIBBPF_VERSION before LIB_FILES, because the latter is defined
as recursively expanded (i.e. its variable references are not
immediately expanded).
This makes the actual change we're making clearer, and should
reduce the future work to maintain this patch.
2019-05-19 14:36:25 +01:00
Ben Hutchings
9329ccdf87
[powerpc*] 64s: Include cpu header (fixes FTBFS)
2019-05-15 23:07:44 +01:00
Ben Hutchings
1565dc00f4
[x86] Mitigate Microarchitectural Data Sampling (MDS) vulnerabilities
...
Together with a microcode update, this mitigates CVE-2018-12126,
CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091.
2019-05-10 12:03:12 +01:00
Ben Hutchings
ece5b4e4cd
mm,fs: Prevent page refcount overflow (CVE-2019-11487)
2019-05-05 15:44:05 +01:00
Ben Hutchings
83f5e0f1ef
tracing: Fix buffer_ref pipe ops
...
This is preparation for fixing CVE-2019-11487.
2019-05-05 15:42:32 +01:00
Ben Hutchings
4f3fa1e296
aio: Apply fixes from 4.19.38 (CVE-2019-10125)
2019-05-05 15:41:31 +01:00
Salvatore Bonaccorso
55a23e404a
[amd64,arm64] vfio/type1: Limit DMA mappings per container (CVE-2019-3882)
2019-05-05 16:06:15 +02:00
Ben Hutchings
7ebc9f9504
Update to 4.19.37
...
* Refresh/drop patches as appropriate
2019-04-28 18:55:53 +01:00
Salvatore Bonaccorso
ad494c2131
tty: mark Siemens R3964 line discipline as BROKEN (CVE-2019-11486)
2019-04-26 16:11:56 +02:00
Salvatore Bonaccorso
1c6240e692
inotify: Fix fsnotify_mark refcount leak in inotify_update_existing_watch() (CVE-2019-9857)
2019-04-26 14:54:14 +02:00
Salvatore Bonaccorso
2dff862341
ACPICA: Namespace: remove address node from global list after method termination
2019-04-19 21:06:18 +02:00
Salvatore Bonaccorso
4eef18f8b7
xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (CVE-2015-8553)
2019-04-14 22:39:31 +02:00
Luca Boccassi
5a39ad2910
Generate and install libbpf.pc
...
Backport patch from bpf-next and install libbpf.pc in libbpf-dev
2019-04-11 23:15:22 +01:00
Ben Hutchings
502148bb02
[armhf,arm64[ Revert "net: stmmac: Send TSO packets always from Queue 0"
2019-04-09 01:05:01 +01:00
Ben Hutchings
821ec1b181
Update to 4.19.34
...
* Drop/refresh patches as appropriate
2019-04-09 00:27:06 +01:00
Ben Hutchings
515c2c91cf
Add Origin fields and update headers for patches that are applied upstream
2019-03-10 22:08:58 +00:00
Romain Perier
340ed90d8e
Update to 4.19.28
2019-03-10 16:57:21 +01:00
Salvatore Bonaccorso
22610f2634
exec: Fix mem leak in kernel_read_file (CVE-2019-8980)
2019-03-10 09:00:43 +01:00
Marcin Juszkiewicz
4a0b4cb79e
update to 4.19.21
2019-03-05 14:28:55 +01:00
Salvatore Bonaccorso
76a21e66e3
Btrfs: fix corruption reading shared and compressed extents after hole punching
...
Closes : #922306
2019-02-26 21:06:35 +01:00
Ben Hutchings
1d80b19d87
mt76: Use the correct hweight8() function (fixes FTBFS on ia64)
2019-02-12 15:39:34 +00:00
Salvatore Bonaccorso
5019a8394c
HID: debug: fix the ring buffer implementation (CVE-2019-3819)
2019-02-09 15:14:06 +01:00
Salvatore Bonaccorso
71aa687bf8
kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)
2019-02-08 10:01:58 +01:00
Ben Hutchings
f6cfd5f990
Merge branch 'hrw-guest/linux-sid' into sid
...
Update to 4.19.20
See merge request kernel-team/linux!116
2019-02-07 21:00:43 +00:00
Ben Hutchings
886c02b804
percpu: convert spin_lock_irq to spin_lock_irqsave
...
This fixes boot failure with the alpha-generic flavour, discussed in
https://lists.debian.org/debian-alpha/2018/12/msg00001.html and
https://salsa.debian.org/kernel-team/linux/merge_requests/79
2019-02-06 23:41:18 +00:00
Marcin Juszkiewicz
8f73ffdafe
Update to 4.19.20
2019-02-06 19:57:01 +00:00
Marcin Juszkiewicz
954102fe6b
Update to 4.19.19
2019-02-06 19:57:01 +00:00
Yves-Alexis Perez
bfc928ff1a
update to 4.19.14
2019-01-16 11:09:26 +01:00
Salvatore Bonaccorso
c2ac4cd321
posix-cpu-timers: Unbreak timer rearming
...
Closes : #919019
Closes : #919049
2019-01-12 11:25:48 +01:00
Salvatore Bonaccorso
c91e16558f
ipv6: Consider sk_bound_dev_if when binding a socket to an address
...
Closes : #918103
2019-01-04 10:33:34 +01:00
Yves-Alexis Perez
f58750e12d
smb3: fix large reads on encrypted connections
2019-01-02 10:39:19 +01:00
Salvatore Bonaccorso
fae8df0f68
Update to 4.19.13
...
Drop iomap-Revert-fs-iomap.c-get-put-the-page-in-iomap_pa.patch
Drop usb-hso-fix-oob-memory-access-in-hso_probe-hso_get_config_data.patch
Add bug closer for #917569
Cleanup debian/changelog file
2018-12-29 14:21:52 +01:00
Salvatore Bonaccorso
1c972fdf40
Update patch headers with git-format-patch-for-debian
...
Gbp-Dch: Ignore
2018-12-27 09:12:24 +01:00
Salvatore Bonaccorso
7fb96c41ce
USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data (CVE-2018-19985)
2018-12-27 09:00:59 +01:00
Salvatore Bonaccorso
6886800dea
iomap: Revert "fs/iomap.c: get/put the page in iomap_page_create/release()"
2018-12-21 23:14:53 +01:00
Salvatore Bonaccorso
dfa9b24000
Update to 4.19.9
...
Drop vhost-vsock-fix-use-after-free-in-network-stack-call.patch
Cleanup debian/changelog file
2018-12-13 09:42:28 +01:00
Ben Hutchings
17d52832bc
Merge branch 'libbpf-pr' into 'master'
...
Add libbpf0, libbpf-dev packages (#914428 )
See merge request kernel-team/linux!74
2018-12-09 21:40:33 +00:00
Salvatore Bonaccorso
d7534bd9b6
vhost/vsock: fix use-after-free in network stack callers (CVE-2018-14625)
2018-12-08 15:40:45 +01:00
Hilko Bengen
4f1f7c5735
Add patches to build libbpf.so with SONAME, link against libelf
2018-12-08 15:02:05 +01:00
Salvatore Bonaccorso
014c728272
Update to 4.19.8
...
Drop patches applied upstream in 4.19.8
Cleanup debian/changelog file
Add CVE id for CVE-2018-18397
2018-12-08 13:27:04 +01:00
Salvatore Bonaccorso
4237db03be
blk-mq: punt failed direct issue to dispatch list
2018-12-08 11:28:12 +01:00
Salvatore Bonaccorso
771f295a0f
blk-mq: fix corruption with direct issue
...
Closes : #915666
2018-12-06 17:39:15 +01:00
Ben Hutchings
64dab5b29a
libcpupower: Hide private function and drop it from .symbols file
...
This avoids an FTBFS after this function was renamed in 4.19.6.
2018-12-02 19:23:13 +00:00
Ben Hutchings
e6434a5655
Documentation/media: uapi: Explicitly say there are no Invariant Sections
...
Closes : #698668
This clarification has now been signed-off by the upstream authors.
2018-11-23 19:31:06 +00:00
Ben Hutchings
c20b784198
Release linux (4.18.20-1).
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAlv18cwACgkQ57/I7JWG
EQnmrBAA0cIq67bC0g/calV1FyAnByc88h15W2BCN8+dD25PKRlsRsbSvQLx/E6J
mEwPMu6bw/yJuIA8ADTFpjh4CmulBhQMC/cpQHy82F5umt/wNAPlhryDc0n96eRX
bJfh3dzboyFEWBOSUgb6EWEdWZX1tMblf4ZpX1LfP5L/pJyq/Jz1xrpz31nGcz9E
2m4mpovTAT2N34I9FF9PSuaYlPxljU/eZe7wyDmM+leMnmV4MGEOpV+CMNEohLsp
8APxTJim6ZJXJ4ppl/Qk7yW1glTL3q5OqI+s5YB4RBKI4KBN/N3FF0PwWQ+L76bj
B6b3nKT4PZA4V6Y6OEY8Q53NxjHmRJo5opG9Xp3Kr4HO0PZHH9Ih/YApaZipSDLg
t3i/C05I/Jss2e6FZ5Ocx9L/nhzoEv9Lt0K2P6nxMJgc5U7lcTaiehcrVqQ2oBhO
QZoEwUh9G8p5dnll/MTf3nj4UzZOimr2RSpktNT8w4kBEVAFFfZL5hGdk1UmBQTu
peAPksjndtfjWvvzlhnWu3JoFMZ+J5yA8l7t8HwKI5yIlfJaM4QbjOb8YqsZQRNR
qUxXxgn85o7QdSlCX/JFSK5fBxRphZHDtyWt9wTp1Ko0PjNtHLGv2oWj+SdvrJWu
X0otIjqlEMMVCcZDlrzXboU6Cxae9FGXk6yzM5QfE1/D7F4tEuI=
=E5AV
-----END PGP SIGNATURE-----
Merge tag 'debian/4.18.20-1'
Release linux (4.18.20-1).
* [rt] Drop all changes from 4.18-rt
* Drop added patches which are already in 4.19
* Drop ABI bump
2018-11-22 00:28:54 +00:00
Ben Hutchings
561dac67f3
Update to 4.18.20
...
* Drop patches applied upstream
* Refresh "arm64: add kernel config option to lock down when in Secure
Boot mode"
2018-11-21 20:41:44 +00:00
Salvatore Bonaccorso
7fb2e63e99
cdrom: fix improper type cast, which can leat to information leak (CVE-2018-18710)
2018-10-29 22:04:01 +01:00