diff --git a/debian/changelog b/debian/changelog index d8862b908..e5f9c3999 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,79 @@ -linux (4.19.13-2) UNRELEASED; urgency=medium +linux (4.19.14-1) UNRELEASED; urgency=medium + + * New upstream stable update: + https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.14 + - ax25: fix a use-after-free in ax25_fillin_cb() + - gro_cell: add napi_disable in gro_cells_destroy + - ip6mr: Fix potential Spectre v1 vulnerability + - ipv4: Fix potential Spectre v1 vulnerability + - ipv6: explicitly initialize udp6_addr in udp_sock_create6() + - ipv6: tunnels: fix two use-after-free + - ip: validate header length on virtual device xmit + - isdn: fix kernel-infoleak in capi_unlocked_ioctl + - net/wan: fix a double free in x25_asy_open_tty() + - packet: validate address length + - packet: validate address length if non-zero + - ptr_ring: wrap back ->producer in __ptr_ring_swap_queue() + - sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event + - tipc: compare remote and local protocols in tipc_udp_enable() + - tipc: fix a double free in tipc_enable_bearer() + - tipc: fix a double kfree_skb() + - ipv6: frags: Fix bogus skb->sk in reassembled packets + - ipv6: route: Fix return value of ip6_neigh_lookup() on neigh_create() + error + - ALSA: rme9652: Fix potential Spectre v1 vulnerability + - ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities + - ALSA: pcm: Fix potential Spectre v1 vulnerability + - ALSA: emux: Fix potential Spectre v1 vulnerabilities + - powerpc/fsl: Fix spectre_v2 mitigations reporting + - usb: r8a66597: Fix a possible concurrency use-after-free bug in + r8a66597_endpoint_disable() + - [s390x] s390/pci: fix sleeping in atomic during hotplug + - [x86] x86/speculation/l1tf: Drop the swap storage limit restriction when + l1tf=off + - [x86] x86/mm: Drop usage of __flush_tlb_all() in + kernel_physical_mapping_init() + - [x86] KVM: x86: Use jmp to invoke kvm_spurious_fault() from .fixup + - [arm64] arm64: KVM: Make VHE Stage-2 TLB invalidation operations + non-interruptible + - perf pmu: Suppress potential format-truncation warning + - perf env: Also consider env->arch == NULL as local operation + - ext4: fix possible use after free in ext4_quota_enable + - ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() + - ext4: include terminating u32 in size of xattr entries when expanding + inodes + - ext4: force inode writes when nfsd calls commit_metadata() + - ext4: check for shutdown and r/o file system in ext4_write_inode() + - [armhf,arm64] spi: bcm2835: Fix race on DMA termination + - [armhf,arm64] spi: bcm2835: Fix book-keeping of DMA termination + - [armhf,arm64] spi: bcm2835: Avoid finishing transfer prematurely in IRQ + mode + - btrfs: dev-replace: go back to suspended state if target device is missing + - btrfs: dev-replace: go back to suspend state if another EXCL_OP is running + - btrfs: skip file_extent generation check for free_space_inode in + run_delalloc_nocow + - Btrfs: fix fsync of files with multiple hard links in new directories + - btrfs: run delayed items before dropping the snapshot + - Btrfs: send, fix race with transaction commits that create snapshots + - brcmfmac: Fix out of bounds memory access during fw load + - dax: Don't access a freed inode + - f2fs: read page index before freeing + - f2fs: sanity check of xattr entry size + - media: imx274: fix stack corruption in imx274_read_reg + - media: v4l2-tpg: array index could become negative + - tools lib traceevent: Fix processing of dereferenced args in bprintk + events + - [mips*] MIPS: math-emu: Write-protect delay slot emulation pages + - [mips*] MIPS: Ensure pmd_present() returns false after pmd_mknotpresent() + - [mips*] MIPS: Align kernel load address to 64KB + - [mips*] MIPS: Expand MIPS32 ASIDs to 64 bits + - CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock + problem + - smb3: fix large reads on encrypted connections + - [arm*] KVM: arm/arm64: vgic: Cap SPIs to the VM-defined maximum + - [arm*] KVM: arm/arm64: vgic-v2: Set active_source to 0 when restoring + state + - [arm*] KVM: arm/arm64: vgic: Fix off-by-one bug in vgic_get_irq() [ John Paul Adrian Glaubitz ] * [m68k] Add patch to build with -ffreestanding to fix FTBFS @@ -10,7 +85,7 @@ linux (4.19.13-2) UNRELEASED; urgency=medium packages [ Yves-Alexis Perez ] - * smb3: fix large reads on encrypted connections + * Bump ABI to 2 because of changes in struct sock_common from 60f05dddf1eb [ Salvatore Bonaccorso ] * ipv6: Consider sk_bound_dev_if when binding a socket to an address diff --git a/debian/config/defines b/debian/config/defines index f713a80cb..962e0b7fa 100644 --- a/debian/config/defines +++ b/debian/config/defines @@ -1,5 +1,5 @@ [abi] -abiname: 1 +abiname: 2 ignore-changes: __cpuhp_* __xive_vm_h_* diff --git a/debian/patches/bugfix/all/smb3-fix-large-reads-on-encrypted-connections.patch b/debian/patches/bugfix/all/smb3-fix-large-reads-on-encrypted-connections.patch deleted file mode 100644 index bf0bc4fd8..000000000 --- a/debian/patches/bugfix/all/smb3-fix-large-reads-on-encrypted-connections.patch +++ /dev/null @@ -1,41 +0,0 @@ -From: Paul Aurich -Date: Mon, 31 Dec 2018 14:13:34 -0800 -Subject: smb3: fix large reads on encrypted connections -Origin: https://git.samba.org/?p=sfrench/cifs-2.6.git;a=commit;h=1f4b6df1eaa55d2dcedd7a3351568c7a2aa42d2d - -When passing a large read to receive_encrypted_read(), ensure that the -demultiplex_thread knows that a MID was processed. Without this, those -operations never complete. - -This is a similar issue/fix to lease break handling: -commit 7af929d6d05ba5564139718e30d5bc96bdbc716a -("smb3: fix lease break problem introduced by compounding") - -CC: Stable # 4.19+ -Fixes: b24df3e30cbf ("cifs: update receive_encrypted_standard to handle compounded responses") -Signed-off-by: Paul Aurich -Tested-by: Yves-Alexis Perez -Signed-off-by: Steve French ---- - fs/cifs/smb2ops.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c -index 33100ef74d7f..cf7eb891804f 100644 ---- a/fs/cifs/smb2ops.c -+++ b/fs/cifs/smb2ops.c -@@ -3472,8 +3472,10 @@ smb3_receive_transform(struct TCP_Server_Info *server, - } - - /* TODO: add support for compounds containing READ. */ -- if (pdu_length > CIFSMaxBufSize + MAX_HEADER_SIZE(server)) -+ if (pdu_length > CIFSMaxBufSize + MAX_HEADER_SIZE(server)) { -+ *num_mids = 1; - return receive_encrypted_read(server, &mids[0]); -+ } - - return receive_encrypted_standard(server, mids, bufs, num_mids); - } --- -2.20.1 - diff --git a/debian/patches/series b/debian/patches/series index 56da1c4e6..b12a608fb 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -100,7 +100,6 @@ bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch bugfix/all/partially-revert-usb-kconfig-using-select-for-usb_co.patch bugfix/all/kbuild-include-addtree-remove-quotes-before-matching-path.patch debian/revert-objtool-fix-config_stack_validation-y-warning.patch -bugfix/all/smb3-fix-large-reads-on-encrypted-connections.patch bugfix/all/ipv6-Consider-sk_bound_dev_if-when-binding-a-socket-.patch bugfix/all/posix-cpu-timers-Unbreak-timer-rearming.patch