0c35cc337b
nfsd: apply umask on fs without ACL support
...
Closes : #962254
2020-06-26 22:55:39 +02:00
1e3e001c12
apparmor: don't try to replace stale label in ptraceme check
...
Closes : #963493
2020-06-26 22:04:24 +02:00
ec2ba4830d
Release linux (4.19.118-2+deb10u1).
...
-----BEGIN PGP SIGNATURE-----
iQKmBAABCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl7dP21fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89ENh0P/iBzOTwQQrbR2hhYjkf6/rOMmgt4/WRe
SX+YZO7YC2F63Cbz0eGJLa1Y7WMQkmPvrpwoKm8HtFq16SFXp2JMRMxI6NygEGcC
i3Z86z26ik+qLLqeSCIigfRTZfFRT6o3wIFaOUS5AKUMBIbneELk70FyyFJ5g6gs
BSjPsL0+9L3B8eqg7NK8E4ueiX791v9wyYqpMDfG+AkL5PTuL3XY2VmSs1Vzv63I
WUpV0Ekpdpx7+PgQkO0gJRb/wFTHZdjMn5GR247awwVD0uxecQCmMxevmw+yzmma
S9OSeBsIEhmvRqTUMChjJsLqfF5++1ywRdoAzxnczIi3VpfIkDoFxZ569AQPQA9R
RxGhM2QrlyzQYtAmnk6lnu5WzSNxSuesI9/Km5X+dBCAFegHMuhnwF+ti2D5WHhW
yzt6hz1Zk7tJe4UgURRQVSAHPwK1Xg9Jlp9jGB20AKAhgIFFvALMDoYXlAbYEfhf
s8m1u0UVdrNCW86JetfchlwSUNJOwFufTBrEnSrxLDr6qG9XWVCLO5xvIJUBjXx2
3AxCbsYtfZOFDMCBzYzVCWACJn9Nl/Q/59j8YzDiy3xTPTpUY4g5nyonWXyRuUrB
1tp4UCL9yQIRvhzHtp/NfecPdCCp8EkufAK3X2VOWmMUjwAT4VvxKck9fuxdixHo
FlU/U03e8vPT
=8WdB
-----END PGP SIGNATURE-----
Merge tag 'debian/4.19.118-2+deb10u1' into buster
Release linux (4.19.118-2+deb10u1).
2020-06-14 10:46:38 +02:00
0da00be7e6
ALSA: pcm: oss: Place the plugin buffer overflow checks correctly
...
Closes : #960493
2020-06-14 10:40:03 +02:00
6a8dd1c6b0
Merge branch 'buster-security' into buster-security-embargoed
2020-06-07 01:35:25 +01:00
da82e531d8
include/uapi/linux/swab.h: fix userspace breakage, use __BITS_PER_LONG for swap
...
Closes : #960271
(cherry picked from commit a4fb2a7b76
2020-06-07 01:32:53 +01:00
22423990cd
Drop "KVM: VMX: Zero out *all* general purpose registers after VM-Exit"
...
This is not needed to fix CVE-2019-3016, and is addressing an issue
that's so far theoretical. It also needs a further fix to avoid
causing a more serious regression (depending on the compiler
behaviour).
2020-06-07 01:17:04 +01:00
ff5ad5a3d1
propagate_one(): mnt_set_mountpoint() needs mount_lock
...
A similar issue to CVE-2020-12114.
2020-06-07 00:46:11 +01:00
6e26711704
Add fixes for CVE-2019-3016
...
Cherry-pick 11 commits from the 4.19.118 including prerequisited to
adress CVE-2019-3016.
2020-06-06 10:35:47 +02:00
789f116fbc
mm: Fix mremap not considering huge pmd devmap (CVE-2020-10757)
2020-06-05 12:34:34 +02:00
50bf5b3b3d
kernel/relay.c: handle alloc_percpu returning NULL in relay_open (CVE-2019-19462)
2020-06-05 12:30:40 +02:00
7fc7c96d6e
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() (CVE-2020-10732)
2020-06-03 07:42:07 +02:00
2222852cc1
netlabel: cope with NULL catmap (CVE-2020-10711)
2020-06-02 20:27:49 +02:00
888eb1f799
USB: gadget: fix illegal array access in binding with UDC (CVE-2020-13143)
2020-05-29 21:35:13 +02:00
aefd886eef
scsi: sg: add sg_remove_request in sg_write (CVE-2020-12770)
2020-05-29 21:23:18 +02:00
92ed2f689a
[x86] KVM: SVM: Fix potential memory leak in svm_cpu_init() (CVE-2020-12768)
2020-05-29 14:03:17 +02:00
2fe68e87e7
USB: core: Fix free-while-in-use bug in the USB S-Glibrary (CVE-2020-12464)
2020-05-29 13:49:18 +02:00
34284455a6
fs/namespace.c: fix mountpoint reference counter race (CVE-2020-12114)
2020-05-28 23:34:11 +02:00
b3b40efebd
selinux: properly handle multiple messages in selinux_netlink_send() (CVE-2020-10751)
2020-05-28 23:02:50 +02:00
a4fb2a7b76
include/uapi/linux/swab.h: fix userspace breakage, use __BITS_PER_LONG for swap
...
Closes : #960271
2020-05-13 17:45:56 +02:00
195b1745c4
Avoid an ABI change for SRBDS
...
Adding the x86_cpu_id::steppings field is an ABI change. It doesn't
seem worth the trouble of another ABI bump just to be able to report
some potential future CPU steppings as invulnerable. Until we have
other change that require an ABI bump, we'll match the affected models
regardless of stepping.
Keep the reverted patch in the queue so that the reverting patch will
continue to be applied when we rebase onto a new stable update.
2020-05-05 02:21:33 +01:00
0f2a83859c
[x86] Add support for mitigation of SRBDS (CVE-2020-0543)
...
Apply the current version of the backport to 4.19.
2020-05-05 02:07:33 +01:00
c977ce99a1
Release linux (4.19.98-1+deb10u1).
...
-----BEGIN PGP SIGNATURE-----
iQKmBAABCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl6maCdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EBtYP/1W8Y1dU9kCrJyK3Nz+HFwEKoe/ha1+t
vcjf4E1TOSUh30eaKaD6GVBp7iCK/tGDBxyfUerDltmilVRDt7f9mE/4CFt3e26y
S4DtsI5paoL1O/1uqbpG+53E5TPDw7CCJNkZ22/vjK++YzToaOjJIsTtZnHNNYwd
nMYtGqhn95NiZ//nNsV4wgSF9vXIgWuWvAEY80KdmfBYUVicUz8HyZB9Q5ErH1e7
/Fi9n7U/0F+PgcZSyLhS9vwlMY36HuuemYYMBzN48J2xL/73ttwoe0MU4Aieu1yX
iVMsrVc/X5JWjHiSpsrExCYvHrRXG9v4kWMOs+piD1yFi7oxD/fNy+043jJqmyOV
hu+3RX6BkNrw1jhLzDRYbOTz8Z09BXrUnXhyWLD5Z1ZgM1K5tQV0vCsiZBqyBHTK
owSVaOSDxHWTa9zSmIDTMPN6ljaQML2G1lF6F+AUKg4hqqjydlikgpJGSmjfs3Pd
YN2I9rfCpSuovYIUQXl38g4yLZC5onhEzLqFBBfxHJClND/nf27HARs6c0f72RlU
6aHrPgZpj2JPE/r1PoUej4lyhIbFzdJIOf2b26ZUvQC+sMUsxE0SonpFQqjDZggJ
cAqM5p80gbR8zGtBStwGGo0QljHdHbrzbnYfNQC/uGph0uYTvL+6BscUzO+RnYmx
9hKy2cqOWLez
=akKy
-----END PGP SIGNATURE-----
Merge tag 'debian/4.19.98-1+deb10u1' into buster
Release linux (4.19.98-1+deb10u1).
2020-04-28 23:07:38 +02:00
a8fc50657f
[s390x] mm: fix page table upgrade vs 2ndary address mode accesses (CVE-2020-11884)
2020-04-26 21:03:38 +02:00
3e765ace82
mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (CVE-2020-11565)
2020-04-26 20:58:02 +02:00
2c376b16e6
vhost: Check docket sk_family instead of call getname (CVE-2020-10942)
2020-04-26 20:53:46 +02:00
241912ed84
vfs: fix do_last() regression
2020-04-26 20:53:45 +02:00
d3e1b6996d
do_last(): fetch directory ->i_mode and ->i_uid before it's too late (CVE-2020-8428)
2020-04-26 20:53:45 +02:00
a688ee48fb
KVM: nVMX: Don't emulate instructions in guest mode (CVE-2020-2732)
2020-04-26 20:53:45 +02:00
65ba05e78d
blktrace: fix dereference after null check
2020-04-26 11:28:32 +02:00
a5acdf855d
blktrace: Protect q->blk_trace with RCU (CVE-2019-19768)
2020-04-26 11:25:38 +02:00
6fe845e460
net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup (CVE-2020-1749)
2020-04-26 11:20:05 +02:00
79c0009334
net: ipv6: add net argument to ip6_dst_lookup_flow
2020-04-26 11:14:36 +02:00
cfa7bd0b02
f2fs: fix to avoid memory leakage in f2fs_listxattr (CVE-2020-0067)
2020-04-26 11:06:23 +02:00
5a1d3e0c9e
Update to 4.19.112
...
Drop "wimax: i2400: fix memory leak"
Drop "wimax: i2400: Fix memory leak in i2400m_op_rfkill_sw_toggle"
Cleanup debian/changelog file
2020-04-09 21:46:10 +02:00
c9a94477f2
Drop "tools/lib/api/fs/fs.c: Fix misuse of strncpy()"
2020-03-21 09:18:29 +01:00
ffc4ceb049
Update to 4.19.102
...
Drop "vfs: fix do_last() regression"
Cleanup debian/changelog file
2020-03-21 09:18:28 +01:00
f003f0dba9
Update to 4.19.101
...
Cleanup debian/changelog file
Drop "random: try to actively add entropy rather than passively wait for it"
2020-03-21 09:18:28 +01:00
c2975cd055
Update to 4.19.100
...
Add CVE id reference for CVE-2020-8428
Drop "libertas: Fix two buffer overflows at parsing bss descriptor"
Drop "do_last(): fetch directory ->i_mode and ->i_uid before it's too late"
Cleanup debian/changelog file
2020-03-21 09:18:28 +01:00
6465b7bcb4
Update to 4.19.99
...
Add CVE id reference for CVE-2019-19046
Drop "powerpc: vdso: Make vdso32 installation conditional in vdso_install"
Drop "net: ena: fix: Free napi resources when ena_up() fails"
Drop "net: ena: fix incorrect test of supported hash function"
Drop "net: ena: fix ena_com_fill_hash_function() implementation"
Drop "net: ena: fix swapped parameters when calling"
Cleanup debian/changelog file
2020-03-21 09:18:28 +01:00
c0f84a03f2
[x86] Drop "Add a SysRq option to lift kernel lockdown" ( Closes : #947021 )
...
- This patch allowed remotely disabling lockdown using usbip
- Lockdown can be disabled by running "mokutil --disable-validation",
rebooting, and confirming the change when prompted
2020-03-21 09:00:35 +01:00
0e1bc339a1
vfs: fix do_last() regression
2020-02-01 21:15:56 +01:00
ff2a1c5362
do_last(): fetch directory ->i_mode and ->i_uid before it's too late (CVE-2020-8428)
2020-01-29 06:57:18 +01:00
428bd19863
random: try to actively add entropy rather than passively wait for it
...
Cherry pick 50ee7529ec45 from mainline. This addresses a lack of early entropy
in certain environments.
Closes : #948519
2020-01-20 12:44:37 -08:00
56dd5fa07e
Add various security fixes not yet in 4.19-stable
...
All of these are already fixed in jessie, and upgrades shouldn't
regress.
2020-01-20 18:26:58 +00:00
02a0b3eb56
Update to 4.19.91
...
* Drop/refresh patches as appropriate
* Several ABI changes still need to be resolved
2019-12-28 01:36:27 +00:00
60468edbdf
Drop 0028-RDMA-hns-Bugfix-for-the-scene-without-receiver-queue.patch
2019-12-17 16:56:40 +01:00
9d10b57769
Drop 0027-RDMA-hns-Fix-the-bug-with-updating-rq-head-pointer-w.patch
2019-12-17 16:56:40 +01:00
f73fafb39e
Revert "arm64: preempt: Fix big-endian when checking preempt count in assembly"
2019-12-17 16:56:40 +01:00
1a33bc2ef8
Update to 4.19.87
...
Drop "net: ena: Fix Kconfig dependency on X86" applied upstream
Drop "scsi: hisi_sas: Feed back linkrate(max/min) when re-attached" applied upstream
Drop "scsi: hisi_sas: Fix the race between IO completion and timeout for SMP/internal IO" applied upstream
Drop "scsi: hisi_sas: Free slot later in slot_complete_vx_hw()" applied upstream
Drop "scsi: hisi_sas: Fix NULL pointer dereference" applied upstream
[rt] Refresh 0057-printk-Add-a-printk-kill-switch.patch (context changes in 4.19.87)
[rt] Refresh 0207-printk-Make-rt-aware.patch (context changes in 4.19.87)
Cleanup debian/changelog file
2019-12-01 17:19:47 +01:00
Salvatore Bonaccorso
Ben Hutchings
Ben Hutchings
Noah Meyerhans
Aurelien Jarno