1e0b8b17f3
Update to 4.19.118
...
Cleanup debian/changelog file
Refresh "firmware: Remove redundant log messages from drivers" for context changes in 4.19.118
2020-04-23 20:41:14 +02:00
5a1d3e0c9e
Update to 4.19.112
...
Drop "wimax: i2400: fix memory leak"
Drop "wimax: i2400: Fix memory leak in i2400m_op_rfkill_sw_toggle"
Cleanup debian/changelog file
2020-04-09 21:46:10 +02:00
c9a94477f2
Drop "tools/lib/api/fs/fs.c: Fix misuse of strncpy()"
2020-03-21 09:18:29 +01:00
ffc4ceb049
Update to 4.19.102
...
Drop "vfs: fix do_last() regression"
Cleanup debian/changelog file
2020-03-21 09:18:28 +01:00
f003f0dba9
Update to 4.19.101
...
Cleanup debian/changelog file
Drop "random: try to actively add entropy rather than passively wait for it"
2020-03-21 09:18:28 +01:00
c2975cd055
Update to 4.19.100
...
Add CVE id reference for CVE-2020-8428
Drop "libertas: Fix two buffer overflows at parsing bss descriptor"
Drop "do_last(): fetch directory ->i_mode and ->i_uid before it's too late"
Cleanup debian/changelog file
2020-03-21 09:18:28 +01:00
0e1bc339a1
vfs: fix do_last() regression
2020-02-01 21:15:56 +01:00
ff2a1c5362
do_last(): fetch directory ->i_mode and ->i_uid before it's too late (CVE-2020-8428)
2020-01-29 06:57:18 +01:00
b712c4f536
Adjust CVE id in patch header for CVE-2019-19051 patch
...
Gbp-Dch: Ignore
2020-01-26 20:59:38 +01:00
428bd19863
random: try to actively add entropy rather than passively wait for it
...
Cherry pick 50ee7529ec45 from mainline. This addresses a lack of early entropy
in certain environments.
Closes : #948519
2020-01-20 12:44:37 -08:00
56dd5fa07e
Add various security fixes not yet in 4.19-stable
...
All of these are already fixed in jessie, and upgrades shouldn't
regress.
2020-01-20 18:26:58 +00:00
beb8c412e8
Merge branch 'buster-4.19.81' into 'buster'
...
Buster 4.19.81
See merge request kernel-team/linux!183
2019-11-25 01:06:06 +00:00
1b0a012af5
debian/patches: Fix broken Subject fields in the perf script patches
...
The Origin and Bug-Debian fields were inserted in the middle of the
word-wrapped Subject fields in a few patches.
2019-11-24 19:17:51 +00:00
8c9e9430c2
Refresh remaining patches
2019-11-20 16:24:37 -08:00
62e5e3199d
Remove obsolete patches
2019-11-20 16:24:37 -08:00
016066336b
tools/perf: Add python3 support to scripts
2019-11-20 15:04:24 +09:00
3e9a6acd20
ipv4: Return -ENETUNREACH if we can't create route but saddr is valid
...
Closes : #945023
2019-11-19 08:00:10 +01:00
530030f117
ixgbe: Fix secpath usage for IPsec TX offload
...
Closes : #930443
2019-10-15 22:57:58 +02:00
942d6ddd3f
KVM: coalesced_mmio: add bounds checking (CVE-2019-14821)
2019-09-19 17:16:06 +02:00
78f0b2574a
vhost: make sure log_num < in_num (CVE-2019-14835)
2019-09-13 06:12:11 +02:00
782d6ea880
ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term
...
(CVE-2019-15118)
2019-09-12 22:40:43 +02:00
aa8fb19232
ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit
...
(CVE-2019-15117)
[carnil: Use 4.19.67-2+deb10u1 version for buster-security branch]
2019-09-12 22:40:21 +02:00
e10bab8d2e
Reference assigned CVE id for CVE-2019-15538
...
Gbp-Dch: Ignore
2019-08-25 17:31:05 +02:00
a065e442e2
xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT
2019-08-24 20:51:54 +02:00
57f74f6573
netfilter: conntrack: Use consistent ct id hash calculation
...
This fixes a regression in 4.19.44.
2019-08-22 20:04:20 +01:00
9bf2130b62
dm: disable DISCARD if the underlying storage no longer supports it
...
Closes : #934331
2019-08-21 21:41:04 +02:00
0899b0f554
Update to 4.19.67
...
* Drop patches which have been applied to 4.19-stable
* Drop "Revert "net: stmmac: Send TSO packets always from Queue 0"" in
favour of upstream fix "net: stmmac: Re-work the queue selection for
TSO packets"
* Refresh patches that became fuzzy
2019-08-20 01:51:22 +01:00
64c3754b90
Merge branch 'buster-security' into buster
...
* Accept revert of "[sh4]: Check for kprobe trap number before trying
to handle a kprobe trap" and update debian/changelog accordingly, as
sh4 is not a release architecture
* Keep "[arm64] Improve support for the Huawei TaiShan server platform"
which was reverted on the buster-security branch
2019-08-18 19:29:59 +01:00
07a6d57831
Add patchset for CVE-2019-1125
2019-08-07 08:34:30 +02:00
3b76691d24
Bluetooth: hci_uart: check for missing tty operations (CVE-2019-10207)
2019-08-05 18:57:05 +02:00
ec64cb4c87
floppy: fix div-by-zero in setup_format_params (CVE-2019-14284)
...
This retrieves the patch from the linux-4.19.y branch and refreshes the
previous one "floppy: fix out-of-bounds read in copy_buffer", because
this is firstly "floppy: fix div-by-zero in setup_format_params" that is
applied upstream, then the one regarding out-of-bounds read in copy_buffer.
The one for CVE-2019-14283 was previously refreshed because it was not
applicable directly. Now both patches are synchronized with upstream and
applied in the same order.
2019-08-05 17:56:29 +02:00
24c58d8c20
inet: switch IP ID generator to siphash (CVE-2019-10638)
2019-07-30 11:20:38 +02:00
4962cdb584
floppy: fix out-of-bounds read in copy_buffer (CVE-2019-14283)
2019-07-30 11:14:00 +02:00
8da545ad5d
rtc-s35390a: backport fix to make hwclock able to read the time
2019-07-28 21:37:15 +02:00
e890639fa7
Replace Origin reference with reachable reference
...
Gbp-Dch: Ignore
2019-07-27 14:24:32 +02:00
8cb769111f
Input: gtco - bounds check collection indent level (CVE-2019-13631)
2019-07-27 13:15:59 +02:00
167ecd4ada
scsi: libsas: fix a race condition when smp task timeout (CVE-2018-20836)
2019-07-22 14:01:45 +02:00
869c89cb6d
Use patch headers as generated by git format-patch-for-debian
2019-07-20 21:14:38 +02:00
1e1ff4ce9c
binder: fix race between munmap() and direct reclaim (CVE-2019-1999)
2019-07-20 18:36:49 +02:00
091f76e86d
nfc: Ensure presence of required attributes in the deactivate_target handler (CVE-2019-12984)
2019-07-20 18:21:14 +02:00
c6f3814dc4
ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME (CVE-2019-13272)
2019-07-19 10:45:11 +02:00
eb5241a213
tcp: refine memory limit test in tcp_fragment()
...
Closes : #930904
2019-06-23 16:15:34 +02:00
1e253edaa7
Add TCP DoS fixes
2019-06-17 19:46:08 +01:00
4ea468554d
mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (CVE-2019-10126)
2019-06-17 19:32:38 +01:00
e5664e23f5
mm/mincore.c: make mincore() more conservative (CVE-2019-5489)
2019-06-17 19:29:35 +01:00
1894e89399
mwifiex: Don't abort on small, spec-compliant vendor IEs
2019-06-17 19:29:14 +01:00
70b1e1a8fa
mwifiex: Abort at too short BSS descriptor element
2019-06-17 19:25:01 +01:00
54fa813858
mwifiex: Fix possible buffer overflows at parsing bss descriptor (CVE-2019-3846)
2019-06-17 19:24:10 +01:00
3b44df1499
Bluetooth: hidp: fix buffer overflow (CVE-2019-11884)
2019-06-07 15:25:30 +02:00
8910626bca
ext4: zero out the unused memory region in the extent tree block (CVE-2019-11833)
2019-06-07 14:53:07 +02:00
23527ae20b
brcmfmac: add subtype check for event handling in data path (CVE-2019-9503)
2019-06-07 14:49:05 +02:00
8970aaa563
brcmfmac: assure SSID length from firmware is limited (CVE-2019-9500)
2019-06-07 14:43:58 +02:00
9b28931859
libbpf: Use only 2 components in soversion, matching package name
...
Debian policy says the package name must change when the soname
changes. We don't expect the ABI to change in a stable update,
so use only 2 components in both.
2019-05-19 14:48:13 +01:00
a6879552b5
Drop unnecessary changes from "libbpf: add SONAME to shared object"
...
It's not necessary to delete the definitions of the variables that
become unused. Nor is it necessary to move the definition of
LIBBPF_VERSION before LIB_FILES, because the latter is defined
as recursively expanded (i.e. its variable references are not
immediately expanded).
This makes the actual change we're making clearer, and should
reduce the future work to maintain this patch.
2019-05-19 14:36:25 +01:00
9329ccdf87
[powerpc*] 64s: Include cpu header (fixes FTBFS)
2019-05-15 23:07:44 +01:00
1565dc00f4
[x86] Mitigate Microarchitectural Data Sampling (MDS) vulnerabilities
...
Together with a microcode update, this mitigates CVE-2018-12126,
CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091.
2019-05-10 12:03:12 +01:00
ece5b4e4cd
mm,fs: Prevent page refcount overflow (CVE-2019-11487)
2019-05-05 15:44:05 +01:00
83f5e0f1ef
tracing: Fix buffer_ref pipe ops
...
This is preparation for fixing CVE-2019-11487.
2019-05-05 15:42:32 +01:00
4f3fa1e296
aio: Apply fixes from 4.19.38 (CVE-2019-10125)
2019-05-05 15:41:31 +01:00
55a23e404a
[amd64,arm64] vfio/type1: Limit DMA mappings per container (CVE-2019-3882)
2019-05-05 16:06:15 +02:00
7ebc9f9504
Update to 4.19.37
...
* Refresh/drop patches as appropriate
2019-04-28 18:55:53 +01:00
ad494c2131
tty: mark Siemens R3964 line discipline as BROKEN (CVE-2019-11486)
2019-04-26 16:11:56 +02:00
1c6240e692
inotify: Fix fsnotify_mark refcount leak in inotify_update_existing_watch() (CVE-2019-9857)
2019-04-26 14:54:14 +02:00
2dff862341
ACPICA: Namespace: remove address node from global list after method termination
2019-04-19 21:06:18 +02:00
4eef18f8b7
xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (CVE-2015-8553)
2019-04-14 22:39:31 +02:00
5a39ad2910
Generate and install libbpf.pc
...
Backport patch from bpf-next and install libbpf.pc in libbpf-dev
2019-04-11 23:15:22 +01:00
502148bb02
[armhf,arm64[ Revert "net: stmmac: Send TSO packets always from Queue 0"
2019-04-09 01:05:01 +01:00
821ec1b181
Update to 4.19.34
...
* Drop/refresh patches as appropriate
2019-04-09 00:27:06 +01:00
515c2c91cf
Add Origin fields and update headers for patches that are applied upstream
2019-03-10 22:08:58 +00:00
340ed90d8e
Update to 4.19.28
2019-03-10 16:57:21 +01:00
22610f2634
exec: Fix mem leak in kernel_read_file (CVE-2019-8980)
2019-03-10 09:00:43 +01:00
4a0b4cb79e
update to 4.19.21
2019-03-05 14:28:55 +01:00
76a21e66e3
Btrfs: fix corruption reading shared and compressed extents after hole punching
...
Closes : #922306
2019-02-26 21:06:35 +01:00
1d80b19d87
mt76: Use the correct hweight8() function (fixes FTBFS on ia64)
2019-02-12 15:39:34 +00:00
5019a8394c
HID: debug: fix the ring buffer implementation (CVE-2019-3819)
2019-02-09 15:14:06 +01:00
71aa687bf8
kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)
2019-02-08 10:01:58 +01:00
f6cfd5f990
Merge branch 'hrw-guest/linux-sid' into sid
...
Update to 4.19.20
See merge request kernel-team/linux!116
2019-02-07 21:00:43 +00:00
886c02b804
percpu: convert spin_lock_irq to spin_lock_irqsave
...
This fixes boot failure with the alpha-generic flavour, discussed in
https://lists.debian.org/debian-alpha/2018/12/msg00001.html and
https://salsa.debian.org/kernel-team/linux/merge_requests/79
2019-02-06 23:41:18 +00:00
8f73ffdafe
Update to 4.19.20
2019-02-06 19:57:01 +00:00
954102fe6b
Update to 4.19.19
2019-02-06 19:57:01 +00:00
bfc928ff1a
update to 4.19.14
2019-01-16 11:09:26 +01:00
c2ac4cd321
posix-cpu-timers: Unbreak timer rearming
...
Closes : #919019
Closes : #919049
2019-01-12 11:25:48 +01:00
c91e16558f
ipv6: Consider sk_bound_dev_if when binding a socket to an address
...
Closes : #918103
2019-01-04 10:33:34 +01:00
f58750e12d
smb3: fix large reads on encrypted connections
2019-01-02 10:39:19 +01:00
fae8df0f68
Update to 4.19.13
...
Drop iomap-Revert-fs-iomap.c-get-put-the-page-in-iomap_pa.patch
Drop usb-hso-fix-oob-memory-access-in-hso_probe-hso_get_config_data.patch
Add bug closer for #917569
Cleanup debian/changelog file
2018-12-29 14:21:52 +01:00
1c972fdf40
Update patch headers with git-format-patch-for-debian
...
Gbp-Dch: Ignore
2018-12-27 09:12:24 +01:00
7fb96c41ce
USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data (CVE-2018-19985)
2018-12-27 09:00:59 +01:00
6886800dea
iomap: Revert "fs/iomap.c: get/put the page in iomap_page_create/release()"
2018-12-21 23:14:53 +01:00
dfa9b24000
Update to 4.19.9
...
Drop vhost-vsock-fix-use-after-free-in-network-stack-call.patch
Cleanup debian/changelog file
2018-12-13 09:42:28 +01:00
17d52832bc
Merge branch 'libbpf-pr' into 'master'
...
Add libbpf0, libbpf-dev packages (#914428 )
See merge request kernel-team/linux!74
2018-12-09 21:40:33 +00:00
d7534bd9b6
vhost/vsock: fix use-after-free in network stack callers (CVE-2018-14625)
2018-12-08 15:40:45 +01:00
4f1f7c5735
Add patches to build libbpf.so with SONAME, link against libelf
2018-12-08 15:02:05 +01:00
014c728272
Update to 4.19.8
...
Drop patches applied upstream in 4.19.8
Cleanup debian/changelog file
Add CVE id for CVE-2018-18397
2018-12-08 13:27:04 +01:00
4237db03be
blk-mq: punt failed direct issue to dispatch list
2018-12-08 11:28:12 +01:00
771f295a0f
blk-mq: fix corruption with direct issue
...
Closes : #915666
2018-12-06 17:39:15 +01:00
64dab5b29a
libcpupower: Hide private function and drop it from .symbols file
...
This avoids an FTBFS after this function was renamed in 4.19.6.
2018-12-02 19:23:13 +00:00
e6434a5655
Documentation/media: uapi: Explicitly say there are no Invariant Sections
...
Closes : #698668
This clarification has now been signed-off by the upstream authors.
2018-11-23 19:31:06 +00:00
c20b784198
Release linux (4.18.20-1).
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAlv18cwACgkQ57/I7JWG
EQnmrBAA0cIq67bC0g/calV1FyAnByc88h15W2BCN8+dD25PKRlsRsbSvQLx/E6J
mEwPMu6bw/yJuIA8ADTFpjh4CmulBhQMC/cpQHy82F5umt/wNAPlhryDc0n96eRX
bJfh3dzboyFEWBOSUgb6EWEdWZX1tMblf4ZpX1LfP5L/pJyq/Jz1xrpz31nGcz9E
2m4mpovTAT2N34I9FF9PSuaYlPxljU/eZe7wyDmM+leMnmV4MGEOpV+CMNEohLsp
8APxTJim6ZJXJ4ppl/Qk7yW1glTL3q5OqI+s5YB4RBKI4KBN/N3FF0PwWQ+L76bj
B6b3nKT4PZA4V6Y6OEY8Q53NxjHmRJo5opG9Xp3Kr4HO0PZHH9Ih/YApaZipSDLg
t3i/C05I/Jss2e6FZ5Ocx9L/nhzoEv9Lt0K2P6nxMJgc5U7lcTaiehcrVqQ2oBhO
QZoEwUh9G8p5dnll/MTf3nj4UzZOimr2RSpktNT8w4kBEVAFFfZL5hGdk1UmBQTu
peAPksjndtfjWvvzlhnWu3JoFMZ+J5yA8l7t8HwKI5yIlfJaM4QbjOb8YqsZQRNR
qUxXxgn85o7QdSlCX/JFSK5fBxRphZHDtyWt9wTp1Ko0PjNtHLGv2oWj+SdvrJWu
X0otIjqlEMMVCcZDlrzXboU6Cxae9FGXk6yzM5QfE1/D7F4tEuI=
=E5AV
-----END PGP SIGNATURE-----
Merge tag 'debian/4.18.20-1'
Release linux (4.18.20-1).
* [rt] Drop all changes from 4.18-rt
* Drop added patches which are already in 4.19
* Drop ABI bump
2018-11-22 00:28:54 +00:00
561dac67f3
Update to 4.18.20
...
* Drop patches applied upstream
* Refresh "arm64: add kernel config option to lock down when in Secure
Boot mode"
2018-11-21 20:41:44 +00:00
7fb2e63e99
cdrom: fix improper type cast, which can leat to information leak (CVE-2018-18710)
2018-10-29 22:04:01 +01:00
Salvatore Bonaccorso
Noah Meyerhans
Ben Hutchings
Benjamin Poirier
Romain Perier
Romain Perier
Romain Perier
Uwe Kleine-König
Luca Boccassi
Marcin Juszkiewicz
Yves-Alexis Perez
Hilko Bengen