b4817400ed
Add CVE id reference for CVE-2019-19767
2019-12-17 17:15:13 +01:00
96a8136906
[rt] Refresh 0199-net-move-xmit_recursion-to-per-task-variable-on-RT.patch (Context changes in 4.19.88)
2019-12-17 16:56:40 +01:00
60468edbdf
Drop 0028-RDMA-hns-Bugfix-for-the-scene-without-receiver-queue.patch
2019-12-17 16:56:40 +01:00
9d10b57769
Drop 0027-RDMA-hns-Fix-the-bug-with-updating-rq-head-pointer-w.patch
2019-12-17 16:56:40 +01:00
b9568ec214
Refresh powerpc-fix-mcpu-options-for-spe-only-compiler.patch (Context changes in 4.19.88)
2019-12-17 16:56:40 +01:00
f73fafb39e
Revert "arm64: preempt: Fix big-endian when checking preempt count in assembly"
2019-12-17 16:56:40 +01:00
278eae7330
Update to 4.19.88
2019-12-14 22:00:25 +01:00
873d71775d
[buster] [cloud-amd64] tpm: Enable TPM drivers for Cloud ( Closes : #946237 )
...
The bug has most of the context for this fix. Basically, the cloud image
disables TPM drives, and we want to reenable them.
I added the virt and hardware-agnostic drivers (TIS/CRB/XEN/VTPM), and
I explictly didn't add the hardware-specific drivers. I also didn't
bother with CONFIG_HW_RANDOM_TPM as we already set
CONFIG_RANDOM_TRUST_CPU=y which handles any early-boot RNG issues.
Signed-off-by: Joe Richey <joerichey@google.com>
2019-12-06 00:39:32 -08:00
80865194b5
Prepare to release linux (4.19.87-1).
2019-12-03 06:58:41 +01:00
f9c7775f72
Add CVE id reference for CVE-2019-18683
2019-12-01 17:23:58 +01:00
34cf1b0258
Add CVE id reference for CVE-2019-18660
2019-12-01 17:23:29 +01:00
1a33bc2ef8
Update to 4.19.87
...
Drop "net: ena: Fix Kconfig dependency on X86" applied upstream
Drop "scsi: hisi_sas: Feed back linkrate(max/min) when re-attached" applied upstream
Drop "scsi: hisi_sas: Fix the race between IO completion and timeout for SMP/internal IO" applied upstream
Drop "scsi: hisi_sas: Free slot later in slot_complete_vx_hw()" applied upstream
Drop "scsi: hisi_sas: Fix NULL pointer dereference" applied upstream
[rt] Refresh 0057-printk-Add-a-printk-kill-switch.patch (context changes in 4.19.87)
[rt] Refresh 0207-printk-Make-rt-aware.patch (context changes in 4.19.87)
Cleanup debian/changelog file
2019-12-01 17:19:47 +01:00
c5c04abfa4
Update to 4.19.86
...
[rt] Refresh 0025-NFSv4-replace-seqcount_t-with-a-seqlock_t.patch (context changes in 4.19.86)
[rt] Refresh 0202-net-Qdisc-use-a-seqlock-instead-seqcount.patch (context changes in 4.19.86)
Cleanup debian/changelog file
2019-12-01 15:02:01 +01:00
f78694b110
debian/changelog: wrap long 4.85 changelog entries
2019-12-01 13:43:12 +01:00
5ba5b367b7
Update to 4.19.85
...
Drop introduce is_pae_paging applied upstream
Cleanup debian/changelog file
2019-12-01 13:29:09 +01:00
b62aac68b4
[rt] Refresh 0011-sched-fair-Robustify-CFS-bandwidth-timer-locking.patch (context changes in 4.19.84)
2019-12-01 10:55:02 +01:00
ea17f6edde
Update to 4.19.84
...
Drop TAA patches applied upstream
Drop ITLB_MULTIHIT patches applied upstream
Drop Intel i915 CVE fixes applied upstream
Add CVE id reference for CVE-2019-18813
Add CVE id reference for CVE-2019-19045
Add CVE id reference for CVE-2019-19052
Cleanup debian/changelog file
2019-12-01 10:54:59 +01:00
b69b28370c
Update to 4.19.83
...
Add CVE id reference for CVE-2019-19049
Cleanup debian/changelog file
2019-11-30 17:30:31 +01:00
1867067696
Update to 4.19.82
...
Add CVE id reference for CVE-2019-15098
Add CVE id reference for CVE-2019-17666
Add CVE id reference for CVE-2019-19048
Add CVE id reference for CVE-2019-19060
Add CVE id reference for CVE-2019-19065
Cleanup debian/changelog file
2019-11-30 14:42:27 +01:00
a84ef0f6e4
[x86] KVM: x86: introduce is_pae_paging (Regression in 4.19.77)
...
Fixes a regression in 4.19.81 while including backport of 16cfacc80857
("KVM: x86: Manually calculate reserved bits when loading PDPTRS") but
not bf03d4f93347 ("KVM: x86: introduce is_pae_paging").
2019-11-25 17:52:40 +01:00
098172cdc1
debian/changelog: Clean up list of changes from stable
...
* Delete changes that are irrelevant, were previously cherry-picked by
us, or that cancel each other out
* Add architecture/flavour/featureset-qualifications
* Add CVE IDs
* Word-wrap
2019-11-25 03:26:11 +00:00
8c4ce65f70
Drop "MIPS: tlbex: Fix build_restore_pagemask KScratch restore"
...
This was included in 4.19.81.
2019-11-25 01:09:29 +00:00
beb8c412e8
Merge branch 'buster-4.19.81' into 'buster'
...
Buster 4.19.81
See merge request kernel-team/linux!183
2019-11-25 01:06:06 +00:00
baa617cd99
[rt] Update to 4.19.82-rt30
2019-11-25 00:15:05 +00:00
0965371222
debian/bin/genpatch-rt: Fix series generation from git
2019-11-24 23:58:14 +00:00
6f6f98f0d9
Bump ABI to 7
2019-11-24 23:50:30 +00:00
fc769a9bb3
Merge branch 'bpoirier-guest/linux-buster' into buster
...
tools/perf: Add python3 support to scripts
See merge request kernel-team/linux!184
2019-11-24 19:25:28 +00:00
9397b7ea0e
[mips*] tlbex: Fix build_restore_pagemask KScratch restore.
2019-11-23 22:23:57 +01:00
016066336b
tools/perf: Add python3 support to scripts
2019-11-20 15:04:24 +09:00
c064eca42f
New upstream version 4.19.81
2019-11-19 16:03:48 -08:00
3e9a6acd20
ipv4: Return -ENETUNREACH if we can't create route but saddr is valid
...
Closes : #945023
2019-11-19 08:00:10 +01:00
014f165375
Release linux (4.19.67-2+deb10u2).
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAl3JkpgACgkQ57/I7JWG
EQkwVhAAwN5/oNLjJcrhJjGvLW36QIcli05GoNH1hqLNlppwFwzxFYms5f4Y0uAn
lu5wWo59jL2xqnZ0azNg7ukujVUyLuVEsBuShCBmkSWtt+3mXjKJay1lnwtEei1R
w2WnXIsAFdSocpnCq7BfQi0sGgUetPJANkkXe019x8H7DmzugisnArp4hX7e7eU5
JaRuugKTquYjPNN1mQaNS3/C6ODWRBZlTjafznZ3lTme9ku195oUAJWvyU6/AMDB
+QB9lnaWVNsWkKt3Hx0yquY6sFHYhDhxxKXdULWDwjTW4r1Ye5DKJT433gbKjhTZ
sILbbXMs2eEv9KM+NvMB96s32z+dc59q1KM3IeAKqQljsqngquqvBQtFRqJYtUCA
k4HY0wO/2EapWnYnO0z7XekjolZlK7Nj6aldysZ8f6V1q13apPraYKscQyMLTAfy
CXaUP3bsaxKZvEtlz4+x9OHIqKVrIzI8mLujcpgildz8E3bToXZCgK+CzIAFCdy+
vY1wUoP5S/DCdgvAIzyT9g2VoFae3DNRNv2DSC53FMHaD1PRwE2wf4XgXSAc4hC+
s3orsvA8PpHj7BpAa3D3JnrZbP/kAn+rFCqUha/6cs5npOUwpSs1SNdil60K130q
dS9KcnWY2Do7fp6xc0T4WCRcR6osDJp3WzTmuHpHivfuP26VwXY=
=aKic
-----END PGP SIGNATURE-----
Merge tag 'debian/4.19.67-2+deb10u2' into buster
Release linux (4.19.67-2+deb10u2).
2019-11-19 07:42:38 +01:00
c3649501d0
Prepare to release linux (4.19.67-2+deb10u2).
2019-11-11 00:30:56 +00:00
9a2df80e9d
Drop "x86/cpu: Add Tremont to the cpu vulnerability whitelist"
...
We don't have this CPU ID, and I don't see the point in adding it
right now.
2019-11-11 00:29:38 +00:00
6d8b0092bb
[x86] drm/i915/cmdparser: Fix jump whitelist clearing
...
Fix a flaw I found in the mitigation for CVE-2019-0155.
2019-11-10 22:41:41 +00:00
feec1caa94
[x86] i915: Add mitigations for two hardware security flaws
2019-11-10 02:53:32 +00:00
c2443a2e97
[x86] Update TAA and NX fixes to pending stable backports
2019-11-09 20:17:15 +00:00
be004c1b69
x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs
2019-11-08 00:14:38 +01:00
37baed7166
[x86] Update TAA (Borislav v2) and NX (v9) fixes
...
The upstream commits for these are now finalised, so we shouldn't need
to replace patches after this (but might need to add more).
2019-11-07 18:10:48 +00:00
cd92ab49c4
KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active
2019-11-07 17:32:14 +01:00
87c48ee54f
drivers/net/ethernet/amazon: Backport ENA driver from Linux 5.4
2019-10-29 09:47:59 -07:00
02d8d0c5b0
Merge branch 'rpi3_a_plus' into 'buster'
...
[armhf, arm64] Add patches from 5.1 for enabling support for the Raspberry PI 3 A+
See merge request kernel-team/linux!134
2019-10-27 14:24:25 +00:00
dbb59eba34
[amd64/cloud-amd64] Re-enable RTC drivers
2019-10-25 23:30:18 +02:00
537ad2315a
[x86] Update TAA patch set to v7
2019-10-24 22:52:37 +01:00
96c0e74c50
[x86] Add mitigation for TSX Asynchronous Abort (CVE-2019-11135)
...
This is a backport of v6 of the TAA patch set, and will probably
require updates before release. The subject lines for these patches
didn't come through.
2019-10-20 14:51:55 +01:00
d9bd594144
[x86] KVM: Add mitigation for Machine Check Error on Page Size Change
...
(aka iTLB multi-hit, CVE-2018-12207)
This is a backport of v6 of the "NX" patch set, and will probably
require updates before release.
2019-10-20 14:46:13 +01:00
1df282987d
[armhf, arm64] Backport devicetree for enabling support for the Raspberry PI 3 A+
...
We already have everything we need inside the kernel 4.19.x for
supporting this board. backporting patches from upstream so we get
the support for buster.
2019-10-16 20:07:45 +02:00
530030f117
ixgbe: Fix secpath usage for IPsec TX offload
...
Closes : #930443
2019-10-15 22:57:58 +02:00
63680f3314
Release linux (4.19.67-2+deb10u1).
...
-----BEGIN PGP SIGNATURE-----
iQKmBAABCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl2EsyhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89ErG0QAKEp2inuWb4xyie24D6ZDbpTWi/37uWW
2E8bYiMguHGv3tJgqBKkz0YQ0BdPYcSk8Jxx9SrHNPvA6TQ8eUup17a9lrPucruj
TcLGyK+d5RG8YX+8ssyrGuC6uG+tO4oYUf4y/Tb+jYH1VOTBasUs3RF0l0bVq33e
BvGJZ4ITkkITmuPv+0/EJs5cbhxtshZ0g63Ojkq1KkcpJI9ZORhgYeOEzMca3qkN
3OkPvl2AcGE027aXQpigvPxfg0S2MpdGLf0aqmpifZbfB69G0f8QihmJ0PEaX72w
1cxFqePBV/noLq9acXOVtdWts2Ufldm8ytn7/BMu+s5utX/jQU/WVCorBWNCVN58
yYLBiLE6hatjhShKDvj20g4aiF8hHzErdlyrs+3jtkElvKvQhw/h8MDyNsvVD70H
UhQH8kdMf3VJ0y4J/PkWXKiBvQJAbUosGFz0LRJUuhoys7CQEP0CGB/iJsIbLMZ9
eRovrwxM2zJNtPFE0R80pZXsb0e2WJHsPY9Ta2OHZHaDEGP2wwnD/wvWo+zIFx9K
YJNYDsnChGwqWqIEvpf3nJVObUfQFOkpWuG3QeFRr3xAujIjOsHMjH8UGdRQMNen
8w0mGMcbnclAHZ7zk3GEHp83qsyH7tCFj37W0ZO8YHj2nMrFMc9D3RGPjvoZ//jM
gRJoAn5pdfE+
=QEEi
-----END PGP SIGNATURE-----
Merge tag 'debian/4.19.67-2+deb10u1' into buster
Release linux (4.19.67-2+deb10u1).
2019-10-15 22:48:01 +02:00
ae1a40e9a5
[armel/rpi] Enable CONFIG_BRCMFMAC_SDIO ( Closes : #940530 )
2019-09-30 16:55:52 +02:00
f13b3cd992
Prepare to release linux (4.19.67-2+deb10u1).
2019-09-20 12:51:56 +02:00
942d6ddd3f
KVM: coalesced_mmio: add bounds checking (CVE-2019-14821)
2019-09-19 17:16:06 +02:00
c0096a08f9
[x86] ptrace: fix up botched merge of spectrev1 fix (CVE-2019-15902)
2019-09-18 21:35:01 +02:00
78f0b2574a
vhost: make sure log_num < in_num (CVE-2019-14835)
2019-09-13 06:12:11 +02:00
782d6ea880
ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term
...
(CVE-2019-15118)
2019-09-12 22:40:43 +02:00
aa8fb19232
ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit
...
(CVE-2019-15117)
[carnil: Use 4.19.67-2+deb10u1 version for buster-security branch]
2019-09-12 22:40:21 +02:00
484d0b5f4b
ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term
...
(CVE-2019-15118)
2019-08-28 13:38:41 +02:00
80e547b069
ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit
...
(CVE-2019-15117)
2019-08-28 13:38:34 +02:00
ff672b98a7
Prepare to release linux (4.19.67-2).
2019-08-28 06:20:22 +02:00
e10bab8d2e
Reference assigned CVE id for CVE-2019-15538
...
Gbp-Dch: Ignore
2019-08-25 17:31:05 +02:00
a065e442e2
xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT
2019-08-24 20:51:54 +02:00
1b40f700ac
[arm64] Backport DTB support for Rasperry Pi Compute Module 3.
...
Tested-by: Charles Fendt <charles.fendt@me.com>
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
(cherry picked from commit de7501857cae4892f52d8c56c2184be548709052)
2019-08-22 21:16:10 +02:00
10dd2b634c
[arm] Backport DTB support for Rasperry Pi Compute Module 3.
...
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
(cherry picked from commit 64801af590540b4494f408b95a31fbe07963784d)
2019-08-22 21:16:10 +02:00
57f74f6573
netfilter: conntrack: Use consistent ct id hash calculation
...
This fixes a regression in 4.19.44.
2019-08-22 20:04:20 +01:00
00ee7f7173
[ppc64el] Avoid ABI change for disabling TM
...
Ignore removal of TM functions that are exported for use by KVM.
2019-08-22 20:03:54 +01:00
019113b013
[ppc64el] Disable PPC_TRANSACTIONAL_MEM ( Closes : #866122 )
2019-08-22 20:03:19 +01:00
7ee3696c10
KVM: Ignore ABI changes
...
We already ignored most of them, but missed some. Group together
all the KVM patterns in debian/config/defines.
2019-08-22 20:02:52 +01:00
eaab250914
Merge remote-tracking branch 'salsa/buster' into buster
...
Since I've already uploaded 4.19.67-1, open a new changelog entry for
Salvatore's change.
2019-08-21 23:39:23 +01:00
9bf2130b62
dm: disable DISCARD if the underlying storage no longer supports it
...
Closes : #934331
2019-08-21 21:41:04 +02:00
8d3b3b09b9
Add CVE id for CVE-2019-15215
2019-08-21 21:30:17 +02:00
2de12d5f21
Add CVE id for CVE-2019-15211
2019-08-21 21:29:45 +02:00
71253bf604
Add CVE id for CVE-2019-15220
2019-08-21 21:28:17 +02:00
d5720146ae
Add CVE id for CVE-2019-15221
2019-08-21 21:27:23 +02:00
37487d12f3
Add CVE id for CVE-2019-15223
2019-08-21 21:24:47 +02:00
0cde12d3b1
Add CVE id for CVE-2019-15219
2019-08-21 21:24:12 +02:00
92583c3bcb
Add CVE id for CVE-2019-15218
2019-08-21 21:23:39 +02:00
4d54b8bb16
Add CVE id for CVE-2019-15212
2019-08-21 21:22:59 +02:00
8e8dc21337
Add CVE id reference for CVE-2019-15216
2019-08-21 21:13:31 +02:00
889a9d1fb0
Prepare to release linux (4.19.67-1).
2019-08-21 17:44:57 +01:00
f79aedcfab
Bump ABI to 6
2019-08-20 01:51:35 +01:00
795d93f1ed
[rt] Update to 4.19.59-rt24
...
This mostly applied cleanly on 4.19.67. A few patches had 1 or 2
lines of fuzz which I've resolved.
2019-08-20 01:51:34 +01:00
0899b0f554
Update to 4.19.67
...
* Drop patches which have been applied to 4.19-stable
* Drop "Revert "net: stmmac: Send TSO packets always from Queue 0"" in
favour of upstream fix "net: stmmac: Re-work the queue selection for
TSO packets"
* Refresh patches that became fuzzy
2019-08-20 01:51:22 +01:00
64c3754b90
Merge branch 'buster-security' into buster
...
* Accept revert of "[sh4]: Check for kprobe trap number before trying
to handle a kprobe trap" and update debian/changelog accordingly, as
sh4 is not a release architecture
* Keep "[arm64] Improve support for the Huawei TaiShan server platform"
which was reverted on the buster-security branch
2019-08-18 19:29:59 +01:00
92fee68e15
Prepare to release linux (4.19.37-5+deb10u2).
2019-08-08 03:02:38 +01:00
95a59b0c5d
inet: Avoid ABI change for IP ID hash change
2019-08-08 03:01:19 +01:00
f02f2890aa
[x86] cpufeatures: Avoid ABI change for swapgs mitigations
...
- Move swapgs feature bits to existing scattered words
- Revert "x86/cpufeatures: Combine word 11 and 12 into a new scattered
features word"
2019-08-08 02:49:24 +01:00
07a6d57831
Add patchset for CVE-2019-1125
2019-08-07 08:34:30 +02:00
65c2005956
[powerpc/tm] Fix oops on sigreturn on systems without TM (CVE-2019-13648)
2019-08-05 19:04:21 +02:00
3b76691d24
Bluetooth: hci_uart: check for missing tty operations (CVE-2019-10207)
2019-08-05 18:57:05 +02:00
ec64cb4c87
floppy: fix div-by-zero in setup_format_params (CVE-2019-14284)
...
This retrieves the patch from the linux-4.19.y branch and refreshes the
previous one "floppy: fix out-of-bounds read in copy_buffer", because
this is firstly "floppy: fix div-by-zero in setup_format_params" that is
applied upstream, then the one regarding out-of-bounds read in copy_buffer.
The one for CVE-2019-14283 was previously refreshed because it was not
applicable directly. Now both patches are synchronized with upstream and
applied in the same order.
2019-08-05 17:56:29 +02:00
24c58d8c20
inet: switch IP ID generator to siphash (CVE-2019-10638)
2019-07-30 11:20:38 +02:00
4962cdb584
floppy: fix out-of-bounds read in copy_buffer (CVE-2019-14283)
2019-07-30 11:14:00 +02:00
b394039686
[arm64] compat: Provide definition for COMPAT_SIGMINSTKSZ ( Closes : #904385 ).
2019-07-29 22:36:47 +02:00
8da545ad5d
rtc-s35390a: backport fix to make hwclock able to read the time
2019-07-28 21:37:15 +02:00
ed5659c4e4
Merge branch 'imx6' of salsa.debian.org:ukleinek/linux into buster
2019-07-28 21:23:53 +02:00
8cb769111f
Input: gtco - bounds check collection indent level (CVE-2019-13631)
2019-07-27 13:15:59 +02:00
167ecd4ada
scsi: libsas: fix a race condition when smp task timeout (CVE-2018-20836)
2019-07-22 14:01:45 +02:00
84b1bd80aa
Revert unwanted changes for buster-security
...
We need to be based onto 4.19.37-5+deb10u1, and only include security
related topics. Things or improvements added to 4.19.37-6 (that is
already in sid) should be removed because they should not be uploaded
to buster-security accidentaly.
2019-07-22 11:44:02 +02:00
01d9fffd29
Release linux (4.19.37-5+deb10u1).
...
-----BEGIN PGP SIGNATURE-----
iQKmBAABCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl0xhh1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E8nEP/iF7NUo1hvYNR/ueapgtpnMaHh/OeiGp
x5/4RQW9Lo+Y8djiJWr9Kh7DVT7zp2k6OOb6o2qypgpEpFGGZAf02E3kheTJMhJz
XxDHyGRflQpXDsEbPCcWCXvJjH/7puV/GWATPYo9qE/hs9rBAiFsOlOTqWSJf8Yd
rVxjRRXe9/qRcOV4OJyiuL2GbeL7eO3TqTEl1NVSNP4V1RjYFFy/CUelWAcGzUOI
tkk+NM7CEspQQhpIRkSGB+GyYMvOFNi2mkrz+mJbSUeb75uiZq3myJqHiQOKpwHe
OGJiVBD4Ce8pv3PvR9bFZwgOV2t1XTDOeyUcmh8C07SblwI6iM/vi/nWw7B9VUEH
X2EB/3/TuhKgJHtYpFZdi1mlRrt+6YYgDmbFVUyjojZhOONlVagwq2vaX0ep6yI4
FOQo4kpCG10yse4JxUS0Unv6hk7ShfLe/Kb9lOJvPSZM5dCutWTQrRO05gTyFaev
orMZou9lsXYDTzpFAICE2ZhCcySvYLqvPkkCoabiECMlJE2Ra/rsHiuQEcSNjG8E
A8EqJhElt+W8mvTkofG5yL3oguD6yg4Qf0luKOl0bEcZyBXDbK4nHtHAwcBNoR5X
zNfrikCyo7jPX3JGH3F8wYE9vc04SO+YEkvcyZcLTOUBiDIpZgC4r3IOyBDgzv1K
KDIBNpFCBL0Z
=794G
-----END PGP SIGNATURE-----
Merge tag 'debian/4.19.37-5+deb10u1' into buster
Release linux (4.19.37-5+deb10u1).
2019-07-20 23:07:45 +02:00
1e1ff4ce9c
binder: fix race between munmap() and direct reclaim (CVE-2019-1999)
2019-07-20 18:36:49 +02:00
091f76e86d
nfc: Ensure presence of required attributes in the deactivate_target handler (CVE-2019-12984)
2019-07-20 18:21:14 +02:00
fbe4322901
[powerpc*] mm/64s/hash: Reallocate context ids on fork (CVE-2019-12817)
2019-07-20 17:17:59 +02:00
7e902dbcd3
[x86] x86/insn-eval: Fix use-after-free access to LDT entry (CVE-2019-13233)
2019-07-20 17:17:43 +02:00
aa3c23fe0e
Release linux (4.19.37-5+deb10u1).
...
-----BEGIN PGP SIGNATURE-----
iQKmBAABCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl0xhh1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E8nEP/iF7NUo1hvYNR/ueapgtpnMaHh/OeiGp
x5/4RQW9Lo+Y8djiJWr9Kh7DVT7zp2k6OOb6o2qypgpEpFGGZAf02E3kheTJMhJz
XxDHyGRflQpXDsEbPCcWCXvJjH/7puV/GWATPYo9qE/hs9rBAiFsOlOTqWSJf8Yd
rVxjRRXe9/qRcOV4OJyiuL2GbeL7eO3TqTEl1NVSNP4V1RjYFFy/CUelWAcGzUOI
tkk+NM7CEspQQhpIRkSGB+GyYMvOFNi2mkrz+mJbSUeb75uiZq3myJqHiQOKpwHe
OGJiVBD4Ce8pv3PvR9bFZwgOV2t1XTDOeyUcmh8C07SblwI6iM/vi/nWw7B9VUEH
X2EB/3/TuhKgJHtYpFZdi1mlRrt+6YYgDmbFVUyjojZhOONlVagwq2vaX0ep6yI4
FOQo4kpCG10yse4JxUS0Unv6hk7ShfLe/Kb9lOJvPSZM5dCutWTQrRO05gTyFaev
orMZou9lsXYDTzpFAICE2ZhCcySvYLqvPkkCoabiECMlJE2Ra/rsHiuQEcSNjG8E
A8EqJhElt+W8mvTkofG5yL3oguD6yg4Qf0luKOl0bEcZyBXDbK4nHtHAwcBNoR5X
zNfrikCyo7jPX3JGH3F8wYE9vc04SO+YEkvcyZcLTOUBiDIpZgC4r3IOyBDgzv1K
KDIBNpFCBL0Z
=794G
-----END PGP SIGNATURE-----
Merge tag 'debian/4.19.37-5+deb10u1' into buster-security
Release linux (4.19.37-5+deb10u1).
2019-07-19 11:15:23 +02:00
786d73da80
Prepare to release linux (4.19.37-5+deb10u1).
2019-07-19 10:46:02 +02:00
c6f3814dc4
ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME (CVE-2019-13272)
2019-07-19 10:45:11 +02:00
faee94d2ad
[armhf] Add support for all i.MX6 variants.
2019-07-16 16:48:34 +02:00
c342a968c4
[sh4]: Check for kprobe trap number before trying to handle a kprobe trap
2019-06-23 18:59:55 +02:00
e2cc6dfed3
debian/changelog: Clean up entry for Huawei TaiShan support
2019-06-23 17:27:59 +01:00
c01ce3da12
Merge branch '93sam/linux-huawei-taishan-support' into sid
...
[arm64] Improve support for the Huawei TaiShan server platform
See merge request kernel-team/linux!151
2019-06-23 17:19:03 +01:00
eb5241a213
tcp: refine memory limit test in tcp_fragment()
...
Closes : #930904
2019-06-23 16:15:34 +02:00
2c3b28ea8f
[arm64] Improve support for the Huawei TaiShan server platform
...
Closes : #930554
Enable the HNS/ROCE Infiniband driver
Backport fixes from 4.20 and 4.21 for HNS3 networking, hisi_sas SAS
and HNS/ROCE Infiniband
Signed-off-by: Steve McIntyre <93sam@debian.org>
2019-06-23 10:58:07 +01:00
8fb3f0b24d
Prepare to release linux (4.19.37-5).
2019-06-19 23:16:58 +01:00
e60e81ccd9
debian/changelog: Wrap a >80-character line
2019-06-19 23:16:33 +01:00
0a8cb2b316
Add ABI reference for 4.19.0-5
...
This is based on version 4.19.37-1 and 4.19.37-3, which are
consistent except for the addition of two symbols related to the
MDS mitigation on x86.
2019-06-19 23:16:32 +01:00
ac648cc5be
debian/changelog: Record ABI fix that did *not* make it into 4.19.37-4
...
Thought I'd built with the ABI fix, but didn't. And there was
no ABI reference to catch this. :-(
2019-06-19 23:16:25 +01:00
d2962338d6
[sparc64] Fix device naming inconsistency between sunhv_console and sunhv_reg ( Closes : #926539 )
2019-06-19 16:30:43 +02:00
2536e21256
Prepare to release linux (4.19.37-4).
2019-06-17 20:00:30 +01:00
afceeb64fe
debian/changelog: List changes in 4.19.37-rt20
2019-06-17 20:00:14 +01:00
1e253edaa7
Add TCP DoS fixes
2019-06-17 19:46:08 +01:00
4ea468554d
mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (CVE-2019-10126)
2019-06-17 19:32:38 +01:00
e5664e23f5
mm/mincore.c: make mincore() more conservative (CVE-2019-5489)
2019-06-17 19:29:35 +01:00
1894e89399
mwifiex: Don't abort on small, spec-compliant vendor IEs
2019-06-17 19:29:14 +01:00
70b1e1a8fa
mwifiex: Abort at too short BSS descriptor element
2019-06-17 19:25:01 +01:00
54fa813858
mwifiex: Fix possible buffer overflows at parsing bss descriptor (CVE-2019-3846)
2019-06-17 19:24:10 +01:00
cc59373e08
[arm64] udeb: fb-modules: Include rockchipdrm, panel-simple, pwm_bl, pwm-cros-ec
...
Some ChromeOS devices need these for the display.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
2019-06-10 18:50:46 +03:00
c8cdb80b66
[arm64] udeb: mmc-modules: Include phy-rockchip-emmc
...
Needed for internal storage on some ChromeOS devices.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
2019-06-10 18:50:46 +03:00
cb05f8d52a
[arm64] udeb: usb-modules: Include phy-rockchip-typec, extcon-usbc-cros-ec
...
On Samsung Chromebook Plus (v1) trying to boot from a rootfs on a USB
storage device without these modules in the initramfs, it drops to an
initramfs shell with a non-working display. For the d-i netboot image,
the screen doesn't turn on, but the installer menu works.
A recent change to initramfs-tools includes extcon-usbc-cros-ec, so
include that and a relevant PHY module here as well.
Relevant:
https://salsa.debian.org/kernel-team/initramfs-tools/commit/994d698a
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
2019-06-10 18:50:45 +03:00
3c9e2d8dee
[arm64] udeb: kernel-image: Include phy-rockchip-pcie
...
On some ChromeOS devices, this is required to connect to a wireless
network via mwifiex_pcie.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
2019-06-10 18:50:45 +03:00
b68c83d156
[arm64] udeb: kernel-image: Include cros_ec_spi and SPI drivers
...
The cros_ec multifunction device provides the keyboard services on some
ChromeOS devices, but requires a bus to be enabled to communicate with
it. On Samsung Chromebook Plus (v1), including spi-rockchip and
cros_ec_spi are enough. A recent change in initramfs-tools included all
SPI drivers, so include them here as well.
Relevant:
https://salsa.debian.org/kernel-team/initramfs-tools/commit/797e5fed
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
2019-06-10 18:50:45 +03:00
0114d125ba
udeb: input-modules: Include all keyboard driver modules
...
Some important modules like cros_ec_keyb are in input/keyboard. A recent
change in initramfs-tools also includes them, so include them here too.
Relevant:
https://salsa.debian.org/kernel-team/initramfs-tools/commit/40f66474
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
2019-06-10 18:50:45 +03:00
d7374fce1e
Merge branch 'sparc64-sid' into 'sid'
...
[sparc64] udeb: Disable suffix for kernel-image
See merge request kernel-team/linux!147
2019-06-09 23:28:08 +00:00
cbcfb20ce0
[mips] Correctly bounds check virt_addr_valid ( Closes : #929366 )
2019-06-09 00:06:52 +02:00
3b44df1499
Bluetooth: hidp: fix buffer overflow (CVE-2019-11884)
2019-06-07 15:25:30 +02:00
8910626bca
ext4: zero out the unused memory region in the extent tree block (CVE-2019-11833)
2019-06-07 14:53:07 +02:00
23527ae20b
brcmfmac: add subtype check for event handling in data path (CVE-2019-9503)
2019-06-07 14:49:05 +02:00
8970aaa563
brcmfmac: assure SSID length from firmware is limited (CVE-2019-9500)
2019-06-07 14:43:58 +02:00
c11ba60cce
[rt] Update to 4.19.37-rt20
2019-05-29 21:49:30 +02:00
92a96d298e
[x86] lockdown,sysrq: Enable ALLOW_LOCKDOWN_LIFT_BY_SYSRQ ( Closes : #929583 )
2019-05-26 18:13:59 +01:00
db249f2b52
[sparc64] udeb: Disable suffix for kernel-image
2019-05-21 14:29:31 +02:00
a8c3d89c71
README.source: Document the various makefiles and use of out-of-tree builds
2019-05-19 15:05:10 +01:00
a96bd61a2e
libbpf: Build out-of-tree
2019-05-19 14:49:48 +01:00
9b28931859
libbpf: Use only 2 components in soversion, matching package name
...
Debian policy says the package name must change when the soname
changes. We don't expect the ABI to change in a stable update,
so use only 2 components in both.
2019-05-19 14:48:13 +01:00
a6879552b5
Drop unnecessary changes from "libbpf: add SONAME to shared object"
...
It's not necessary to delete the definitions of the variables that
become unused. Nor is it necessary to move the definition of
LIBBPF_VERSION before LIB_FILES, because the latter is defined
as recursively expanded (i.e. its variable references are not
immediately expanded).
This makes the actual change we're making clearer, and should
reduce the future work to maintain this patch.
2019-05-19 14:36:25 +01:00
9329ccdf87
[powerpc*] 64s: Include cpu header (fixes FTBFS)
2019-05-15 23:07:44 +01:00
85eddd4dd2
Prepare to release linux (4.19.37-2).
2019-05-14 17:34:46 +01:00
4abc99e835
[x86] linux-cpupower: Update CPPFLAGS for change in <asm/msr-index.h>
2019-05-14 17:34:29 +01:00
1565dc00f4
[x86] Mitigate Microarchitectural Data Sampling (MDS) vulnerabilities
...
Together with a microcode update, this mitigates CVE-2018-12126,
CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091.
2019-05-10 12:03:12 +01:00
98cbc347d3
debian/bin: Fix Python static checker regressions ( Closes : #928618 )
2019-05-07 21:04:05 +01:00
5ece558b8d
Prepare to release linux (4.19.37-1).
2019-05-05 19:32:32 +01:00
ece5b4e4cd
mm,fs: Prevent page refcount overflow (CVE-2019-11487)
2019-05-05 15:44:05 +01:00
83f5e0f1ef
tracing: Fix buffer_ref pipe ops
...
This is preparation for fixing CVE-2019-11487.
2019-05-05 15:42:32 +01:00
4f3fa1e296
aio: Apply fixes from 4.19.38 (CVE-2019-10125)
2019-05-05 15:41:31 +01:00
55a23e404a
[amd64,arm64] vfio/type1: Limit DMA mappings per container (CVE-2019-3882)
2019-05-05 16:06:15 +02:00
2c62d20848
MODSIGN: Make shash allocation failure fatal
2019-05-05 13:47:00 +01:00
06cccfd2c3
Merge branch 'bluca/linux-mod_db' into sid
...
Add patches to enable loading db and MOK keys
See merge request kernel-team/linux!139
2019-05-05 13:16:03 +01:00
95f09d9f29
Merge branch 'sid' of salsa.debian.org:kernel-team/linux into sid
2019-05-05 13:15:29 +01:00
319a580681
Add Debian bug closer for #928457
2019-05-05 10:25:26 +02:00
5be0740b91
Add changelog entry for "gencontrol_signed.py: Sort list of modules..."
2019-05-04 18:39:31 -07:00
f79da03296
drivers/firmware/google: Adjust configuration for 4.19
2019-05-04 22:40:59 +01:00
88cad5a2fb
Merge branch 'sid' into 'sid'
...
[arm64] Enable configs for Samsung Chromebook Plus (v1) and other rk3399-gru based devices
See merge request kernel-team/linux!142
2019-05-04 21:34:02 +00:00
643cc8a41c
Add patches to enable loading dbx and MOKX blacklists
...
Import patches from:
https://lore.kernel.org/patchwork/cover/933178/
that allow to also load dbx and MOKX as blacklists for modules.
These patches also disable loading MOK/MOKX when secure boot is
not enabled, as the variables will not be safe, and to check the
variables attributes before accepting them.
2019-05-02 23:04:18 +01:00
188df85f5b
Add patches to enable loading db and MOK keys
...
Import patches from:
http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-uefi
that enable a new option that automatically loads keys from db
and MOK into the secondary keyring, so that they can be used to
verify the signature of kernel modules. Enable the required KCONFIGs.
Allows users to self-sign modules (eg: dkms).
2019-05-02 22:59:42 +01:00
40e420be45
[armhf] Disable MVNETA_BM_ENABLE again
2019-05-02 22:13:54 +02:00
ecc794295f
Remove annotation for one REJECTed CVE
...
Gbp-Dch: Ignore
2019-05-01 20:46:07 +02:00
b64a303c60
[arm64] Enable configs for Samsung Chromebook Plus (v1) and other rk3399-gru based devices
...
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
2019-05-01 17:40:56 +03:00
ca91c5f5f3
Note that upstream change closes #925496
2019-05-01 14:18:46 +01:00
0eb7489dad
Enable coreboot memconsole ( Closes : #872069 )
...
With this option enabled, the kernel will be able to retrieve firmware
logs by looking in the coreboot table. This can be accessed from
userspace via the sysfs file /sys/firmware/log.
2019-04-30 16:54:11 +02:00
82f685da41
[sparc64] linux-image: Install uncompressed kernel image
...
Requested by John Paul Adrian Glaubitz, with the explanation:
> GRUB doesn't really support compressed kernels with OpenFirmware, at
> least on SPARC. It used to work with 2.02+patches but it doesn't
> work with GRUB 2.04~rc1 and upstream said that it's not really
> supported.
2019-04-30 15:49:46 +01:00
fd064d4e63
[rt] Update to 4.19.37-rt19
2019-04-30 14:46:18 +02:00
e6b7661450
Replace CVE id for CVE-2019-11599
...
Originally CVE-2019-3892 appeared which was REJECTED as reservation
duplicate of CVE-2019-11599.
Gbp-Dch: Ignore
2019-04-30 10:37:56 +02:00
c72c0fff0a
[x86] platform: Enable INTEL_ATOMISP2_PM as module
2019-04-28 18:57:27 +01:00
7ebc9f9504
Update to 4.19.37
...
* Refresh/drop patches as appropriate
2019-04-28 18:55:53 +01:00
ad494c2131
tty: mark Siemens R3964 line discipline as BROKEN (CVE-2019-11486)
2019-04-26 16:11:56 +02:00
859ec5f504
[x86] Disable R3964 due to lack of security support
2019-04-26 16:08:19 +02:00
1c6240e692
inotify: Fix fsnotify_mark refcount leak in inotify_update_existing_watch() (CVE-2019-9857)
2019-04-26 14:54:14 +02:00
cda3581467
ntfs: Mark it as broken, and add CVE IDs that are being closed
2019-04-25 15:35:56 +01:00
becaca2c80
ntfs: Disable NTFS_FS due to lack of upstream security support
2019-04-25 15:27:49 +01:00
81f14e4fc0
udeb: Drop unused ntfs-modules packages
...
The installer uses ntfs-3g-udeb instead.
2019-04-25 15:27:49 +01:00
223d2f61ad
[mips] Fix indirect syscall tracing & seccomp filtering for big endian MIPS64 kernels with 32-bit userland.
2019-04-23 19:35:04 +02:00
8f20d53908
[armel/marvell,sh4] linux-image: Recommend apparmor, like all other configs
...
The "recommends" field set in the [image] section for these
configurations overrode the field at the top level. We want
gencontrol.py to concatenate the relations in this section at all
levels.
The ConfigCore.get_merge method supports doing this, but only with
list fields So we need to specify in the config schema that these
fields are comma-separated lists.
2019-04-22 00:30:48 +01:00
967b7d1987
linux-source: Recommend bison and flex, always needed to build the kernel
2019-04-21 23:59:50 +01:00
e6231a29a7
[i386] Add grub-efi-ia32 as an alternate recommended bootloader
2019-04-21 23:56:35 +01:00
25aadd8f22
[powerpc,ppc64,ppc64el] linux-image: Recommend grub-ieee1275
2019-04-21 23:56:01 +01:00
a828d99124
[sparc64] linux-image: Recommend grub-ieee1275 instead of (removed) silo
2019-04-21 23:55:01 +01:00
fb4777ce47
lockdown: Refer to Debian wiki until manual page exists
2019-04-21 00:22:20 +01:00
7c8c3551e1
udeb: Add all HWRNG drivers to kernel-image (see #923675 )
...
The installer will soon start using haveged to provide entropy if
needed, but an HWRNG is probably still preferable.
2019-04-21 00:09:41 +01:00
693aafefbb
[armel/marvell] Disable HW_RANDOM as no HWRNG drivers are usable here
...
We were building the omap-rng driver, because the same block is used
on some recent Marvell chips and HW_RANDOM_OMAP is enabled by default
if ARCH_MVEBU is enabled.
We were also building virtio-rng, but there isn't (so far as I know)
any publicly available emulation of the ARMv5 Marvell chips.
As we're about to include HWRNG drivers to the installer, disable the
whole subsystem for armel/marvell to avoid adding useless drivers.
2019-04-20 23:35:33 +01:00
ea0d63df90
[ia64] linux-image: Recommend grub-efi-ia64 instead of (removed) elilo
2019-04-20 23:04:54 +01:00
2dff862341
ACPICA: Namespace: remove address node from global list after method termination
2019-04-19 21:06:18 +02:00
c854151c38
[riscv64] linux-image-dbg: Include vdso debug symbols
2019-04-18 00:55:26 +01:00
90f48698a0
Fix typo: architecures -> architectures
...
Thanks: Cyril Brulebois
Gbp-Dch: Ignore
2019-04-15 21:05:02 +02:00
4eef18f8b7
xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (CVE-2015-8553)
2019-04-14 22:39:31 +02:00
c4517a7e99
Don't longer recommend irqbalance
2019-04-13 08:32:35 +02:00
f73d6fa21b
Add bug closer for #923723
...
Gbp-Dch: Ignore
2019-04-12 23:39:23 +02:00
c859bfa672
Add bug closer for #919290
...
Gbp-Dch: Ignore
2019-04-12 23:29:37 +02:00
dde049bffb
Fix brackets for arch markes
...
Gbp-Dch: Ignore
2019-04-12 09:47:27 +02:00
5a39ad2910
Generate and install libbpf.pc
...
Backport patch from bpf-next and install libbpf.pc in libbpf-dev
2019-04-11 23:15:22 +01:00
1acfe734b7
Merge branch 'sf/linux-sid' into sid
...
Enable SND_SOC_SPDIF on armmp-lpae
See merge request kernel-team/linux!137
2019-04-09 01:19:39 +01:00
5ee30838da
re-eanble JUMP_LABEL for mips r6
...
[bwh: Cherry-picked onto the sid branch]
2019-04-09 01:07:11 +01:00
502148bb02
[armhf,arm64[ Revert "net: stmmac: Send TSO packets always from Queue 0"
2019-04-09 01:05:01 +01:00
a0366b7dd1
[rt] Update to 4.19.31-rt18
2019-04-09 00:53:38 +01:00
6fa9d66378
[rt] Add new signing subkey for Steven Rostedt
2019-04-09 00:47:01 +01:00
7935c22e07
Bump ABI to 5
...
There are too many ABI changes for me to cope with.
2019-04-09 00:33:21 +01:00
821ec1b181
Update to 4.19.34
...
* Drop/refresh patches as appropriate
2019-04-09 00:27:06 +01:00
5862c7e202
Enable SND_SOC_SPDIF on armmp-lpae
...
Needed for Cubietruck
2019-04-07 09:53:33 +02:00
6039118f59
[powerpc*] vdso: Make vdso32 installation conditional in vdso_install
...
Closes : #785065
This finally removes the need for the ppc64el compiler to support
32-bit code generation, and removes a useless file from debug
packages on ppc64el.
2019-03-22 04:28:49 +00:00
e3c916c6d7
debian/bin/abiupdate.py: Change default URLs to use https: scheme
...
Since we don't use the Release and Packages files to verify the
packages we download, it's worth using TLS to reduce the risk of
a man-in-the-middle corrupting them.
ftp.ports.debian.org and security.debian.org don't support TLS
in general, so use deb.debian.org for the ports and security
archives.
2019-03-18 23:11:23 +00:00
0e10941761
debian/bin/abiupdate.py: Automatically select the correct archive to fetch from
...
If the changelog distribution is *-security, fetch from the security
archive. Otherwise, try the main archive, ports, incoming, and
incoming.ports in that order.
2019-03-18 22:53:16 +00:00
926120d62f
Prepare to release linux (4.19.28-2).
2019-03-15 02:16:04 +00:00
88d725750b
Merge remote-tracking branch 'salsa/sid' into sid
2019-03-15 01:45:58 +00:00
44f134c2b9
Merge branch 'include-signing-cert' of salsa.debian.org:corsac/linux into sid
...
certs: include both root CA and direct signing certificate
See merge request kernel-team/linux!135
2019-03-14 21:26:12 +00:00
fb17e155b9
[arm64,armhf] Drop PHY_ROCKCHIP_INNO_HDMI, not available till linux
...
v4.20.
2019-03-14 13:32:38 -07:00
73f7977c15
[arm64,armhf] Enable PHY_ROCKCHIP_INNO_HDMI as built-ins, not
...
available as modules.
2019-03-14 13:10:29 -07:00
0664e4e069
Merge branch 'sid' of salsa.debian.org:kernel-team/linux into sid
2019-03-14 17:53:52 +00:00
0b67903203
[ppc64el] Disable PCMCIA (fixes FTBFS)
...
It appears to be technically possible to use PCMCIA cards on POWER8/9
systems through a PCI Express to PCI adapter and a PCI to
PCMCIA/CardBus adapter. But I can't believe anyone would want to.
So rather than adding a pcmcia-modules package or excluding the
drivers from udebs, disable PCMCIA altogether.
2019-03-14 17:49:45 +00:00
ae178b6c72
udeb: Make serial_cs optional in serial-modules
...
The next commit will stop building PCMCIA drivers on ppc64el.
2019-03-14 17:48:52 +00:00
af53d158a0
certs: include both root CA and direct signing certificate. closes : #924545
...
Module loading needs the issuer certificate to validate the signature,
and that certificate is not embedded in the signature itself.
For now embed both the signing certificate and the root CA.
2019-03-14 14:16:50 +01:00
2f067b01ec
[arm64] Enable MESON_EFUSE as a module.
2019-03-13 23:50:41 -07:00
32b309d27c
[arm64] Enable I2C_GPIO as a module.
2019-03-13 23:50:03 -07:00
22dd68875f
[arm64,armhf] Enable PHY_ROCKCHIP_INNO_HDMI as modules.
2019-03-13 23:49:26 -07:00
7adaffb5a6
[arm64] Enable DRM_SUN4I and DRM_SUN8I_DW_HDMI as modules.
2019-03-13 23:48:44 -07:00
20351317dd
[x86] Drop fix for #865303 , which no longer affects Debian's OpenJDK
...
This workaround is no longer needed for Debian's OpenJDK packages:
* OpenJDK 7 is unfixed (bug #876068 ) but is not present in stretch or
later suites
* OpenJDK 8 was fixed in unstable (bug #876051 ) and the fix was then
included in a stretch security update
* OpenJDK 9 and later were fixed (bug #876069 )
The workaround was never applied upstream and it also doesn't seem
like a good idea to have a Debian-specific VM quirk that weakens the
defence against Stack Clash. Therefore drop it now rather than
including it in another release.
2019-03-13 18:37:35 +00:00
7064a34f6e
[x86,alpha,m68k] binfmt: Disable BINFMT_AOUT, IA32_AOUT, OSF4_COMPAT
...
a.out support is now untested and occasionally results in security
bugs, and will be deprecated upstream (depends on BROKEN) for x86 in
5.1. Disable it completely.
See:
https://lore.kernel.org/lkml/CAG48ez1RVd5mQ_Pb6eygQESaZhpQz765OAZYSoPE0kPqfZEXQg@mail.gmail.com/
https://lore.kernel.org/lkml/20190305145717.GD8256@zn.tnic/
2019-03-13 18:31:13 +00:00
4895e487e1
Prepare to release linux (4.19.28-1).
2019-03-12 05:06:28 +00:00
fb875ddeb6
Bump ABI to 4
2019-03-10 23:34:30 +00:00
4454021eb3
debian/bin/gencontrol_signed.py: Put all files.json fields under "packages"
...
Follow the schema change made in
3a07a08a82
2019-03-10 22:46:07 +00:00
16e5e055ca
certs: Replace test signing certificate with production signing certificate
2019-03-10 22:28:08 +00:00
8a42d3ccb9
debian/changelog: Note upstream change closing bugs #913119 , #913138 .
2019-03-10 15:21:11 -07:00
3f14005d42
Merge branch 'sid' into 'sid'
...
MIPS related backports to 4.19
See merge request kernel-team/linux!131
2019-03-10 21:57:55 +00:00
224fd4bf26
debian/changelog: Note upstream change closing bug #921542
2019-03-10 21:49:26 +00:00
340ed90d8e
Update to 4.19.28
2019-03-10 16:57:21 +01:00
22610f2634
exec: Fix mem leak in kernel_read_file (CVE-2019-8980)
2019-03-10 09:00:43 +01:00
531357e266
debian/changelog: Only close #922182 once
2019-03-07 21:47:35 +00:00
3ebd4206bf
debian/changelog: Clean up 4.19.27 changes
...
* "svm" is AMD's virtualisation interface for x86 only
* We don't support the MIPS BCM63xx platform
2019-03-07 21:43:35 +00:00
e702b1ae75
debian/changelog: Added accidentaly removed entries and Closes #922182
2019-03-06 18:56:59 +01:00
a53ae83b62
Add CVE id reference for CVE-2019-9213
...
Gbp-Dch: Ignore
2019-03-06 17:33:45 +01:00
8864787e64
Update to 4.19.27
2019-03-06 16:38:16 +01:00
2357044444
[mipsel/mips64el] Backport loongson workarounds
...
MIPS: Loongson: Introduce and use loongson_llsc_mb()
2019-03-06 21:15:23 +08:00
40b0b77497
Enable some boston drivers
...
IMG_ASCII_LCD, I2C_EG20T, PCH_PHUB, MMC, PCIE_XILINX,
RTC_DRV_M41T80, SPI_TOPCLIFF_PCH
2019-03-06 21:15:22 +08:00
5ba611e17d
[mips r6] CPU and ASE related modify
...
Enable CPU_HAS_MSA, HIGHMEM, CRYPTO_CRC32_MIPS.
Set NR_CPUS to 16.
2019-03-06 21:15:22 +08:00
b710f665ba
[mips r6] enable SERIAL_OF_PLATFORM
...
If serial of platform is not enabled, userland shows nothing on console.
2019-03-06 21:15:22 +08:00
cf0de8585e
[mips r6]disable JUMP_LABLE: cause Reservered Instruction
2019-03-06 21:15:22 +08:00
df5732713c
Merge branch 'sid-cleanup-arm64-di' into 'sid'
...
Sid cleanup arm64 di
See merge request kernel-team/linux!130
2019-03-05 20:43:58 +00:00
c2a762a435
Merge branch 'rperier-guest/linux-armel_rpi' into sid
...
[armel/rpi] Add flavour for Raspberry Pi and Raspberry Pi Zero
See merge request kernel-team/linux!117
2019-03-05 20:39:14 +00:00
12c2125853
debian/changelog: Add missing architecture qualifications
2019-03-05 20:31:24 +00:00
e1259b5b3a
debian/changelog: Delete some stable changes that don't affect us
...
These drivers/features don't seem to be enabled in any configuration.
2019-03-05 20:30:51 +00:00
e8890b92b6
[arm64] udeb: Remove redundant lines from nic-modules
...
All drivers listed were Ethernet ones and such are added by global
config already.
2019-03-05 21:23:02 +01:00
3afa55a954
[arm64] udeb: Use generic ata-modules
...
arm64 does not have any special ata drivers so instead of listing
'libata' we can just reuse global ones.
2019-03-05 21:23:01 +01:00
6b175bc9fd
Enable STRICT_MODULE_RWX
...
With this option set, module text and rodata memory areas will be made
read-only. Moreover, non-text memory will be made non-executable. This
provides protection against certain security exploits. Currently, this
option is implicitly enabled in Kconfig for most configurations where it
is possible to enable it. This commit enables the option by default
explictly for all supported targets (except marvell to keep it small)
2019-03-05 21:10:12 +01:00
693bbd783d
[armel, armhf] Enable CRASH_DUMP
...
When set, this generates crash dump after being started by kexec. Useful
for debugging purpose on ARM. As this is already enabled for other arch,
enable it for ARM, as well (except marvell to keep it small).
2019-03-05 21:00:28 +01:00
1ef9b5a41e
debian/changelog: List changes in 4.19.25-rt16
2019-03-05 19:56:21 +00:00
f24c6b7b60
[armel/rpi] Add flavour for Raspberry Pi and Raspberry Pi Zero
...
Nowadays, Raspberry Pi 2 and Rasberry Pi 3 works perfectly fine with
Debian (including the official kernel package or the userland). RPi 1
and RPi Zero have an SoC that contains an armv6-based CPU, this means
that it cannot work with an hardfloat ABI, that is armv7 based. So we
have to use the Debian armel userland for this reason. Both boards are
supported in the mainline linux kernel and not being supported in the
debian-kernel package is the only blocking point that prevent RPI 1 and
RPI Zero from being well supported in an official Debian distribution.
This commit add a new kernel flavour for enabling support for the both
platforms.
2019-03-05 20:55:45 +01:00
ad9f27e1eb
Merge branch 'sid-4.19.21-wip' into 'sid'
...
4.19.26
See merge request kernel-team/linux!126
2019-03-05 19:49:02 +00:00
96e3ed26a7
debian/bin/gencontrol.py: Add rules to build debian/build/config.*
...
It is no longer possible to run the "setup" rules without a compiler,
because Kconfig symbols can depend on compiler properties. Add a way
to invoke just the first step of setup, which merges the kconfig files
and overrides together.
2019-03-05 19:11:48 +00:00
2ef57b8ec9
[rt] Update to 4.19.25-rt16
2019-03-05 14:29:38 +01:00
8e3ab60ac6
update to 4.19.26
2019-03-05 14:28:55 +01:00
1b33d3e00b
update to 4.19.25
2019-03-05 14:28:55 +01:00
37e6c11924
update to 4.19.24
2019-03-05 14:28:55 +01:00
493801a88a
update to 4.19.23
2019-03-05 14:28:55 +01:00
ee5b6f81c6
update to 4.19.22
2019-03-05 14:28:55 +01:00
4a0b4cb79e
update to 4.19.21
2019-03-05 14:28:55 +01:00
5cb904c8a9
[arm64] Add patch from v4.20 to enable device-tree for Pine64-LTS.
2019-03-04 07:56:07 -08:00
76a21e66e3
Btrfs: fix corruption reading shared and compressed extents after hole punching
...
Closes : #922306
2019-02-26 21:06:35 +01:00
5d94872d0b
Add changelog entry for A64-timer patch.
2019-02-19 12:30:18 -08:00
1ebd53abbf
arm64: lockdown: Move init_lockdown() call after efi_init()
...
The lockdown code for arm64 currently fails to engage when in Secure Boot
mode. Seth Forshee noticed that this is because init_lockdown() checks
for efi_enabled(EFI_BOOT), but that bit doesn't get set until uefi_init()
is called.
2019-02-17 06:09:47 -07:00
95c2cd3378
[armhf] Enable REGULATOR_SY8106A as module.
2019-02-16 22:10:56 -08:00
e078163694
Clarify changelog entry regarding orange pi plus cpufreq issue.
2019-02-16 22:09:09 -08:00
3f699085ff
[armhf] Add patch from upstream fixing cpufreq on Orange Pi Plus.
2019-02-16 19:54:39 -08:00
26e9f62e39
Revert "usbip: depend on usb.ids instead of usbutils."
...
This reverts commit b95a83a3ec
2019-02-13 19:36:49 +01:00
b95a83a3ec
usbip: depend on usb.ids instead of usbutils.
...
usbip depends on usbutils only to get /usr/share/misc/usb.ids. It's
better to directly depend on the new usb.ids package.
2019-02-13 19:18:24 +01:00
a6b15ac2c4
debian/changelog: Wrap an over-long line
2019-02-13 16:53:32 +00:00
36c3e46992
Merge branch 'wookey/linux-sid' into sid
...
Sid: Add support for coresight (libopencsd) to perf
See merge request kernel-team/linux!123
2019-02-13 16:52:49 +00:00
1bfee96fd0
udeb: Move crc7 to crc-modules to avoid duplication
2019-02-13 15:10:54 +00:00
deaca48d3c
[sparc64] udeb: Use standard module list in nic-modules
2019-02-13 15:04:23 +00:00
f43b9851eb
Add support for coresight (libopencsd) to perf
2019-02-13 03:00:18 +00:00
f98f9b5dcf
udeb: Move drivers from {hyperv,virtio}-modules to {fb,input,nic,scsi}-modules
...
Now that the shared dependencies of these drivers are in kernel-image,
we can safely move them into the packages for each driver class.
2019-02-13 01:23:11 +00:00
cb01662a3e
udeb: Move basic PV modules from {hyperv,virtio}-modules to kernel-image
...
These modules will end up in every installer build, one way or
another. Move them into kernel-image, which all other packages
depend on, so we can then split up the remaining PV drivers.
2019-02-13 01:23:11 +00:00
9235dbdde8
udeb: Add fb-modules and include drm and drm_kms_helper on most architecures
...
The previous version failed to build on alpha:
debian/virtio-modules-4.19.0-3-alpha-generic-di lib/modules/4.19.0-3-alpha-generic/kernel/drivers/i2c/i2c-core.ko
debian/i2c-modules-4.19.0-3-alpha-generic-di lib/modules/4.19.0-3-alpha-generic/kernel/drivers/i2c/i2c-core.ko
and sparc64:
debian/virtio-modules-4.19.0-3-sparc64-di lib/modules/4.19.0-3-sparc64/kernel/drivers/i2c/i2c-core.ko
debian/nic-modules-4.19.0-3-sparc64-di lib/modules/4.19.0-3-sparc64/kernel/drivers/i2c/i2c-core.ko
sparc64 was missing a i2c-modules package, but adding that just gets
it to the same state as alpha. On both architectures drm_kms_helper
is included in the virtio-modules package as a dependency of
virtio-gpu, and then i2c-core is included as a dependency of
drm_kms_helper.
I don't think it makes sense to make virtio-modules directly depend on
i2c-modules. (In fact I think virtio-modules was a mistake entirely.)
Instead, for all configurations that enable both DRM and virtio:
1. Add an fb-modules package if it doesn't already exist
2. Include drm and drm_kms_helper in it
2019-02-13 01:23:11 +00:00
722cef58bc
[powerpc*] udeb: Add i2c-modules
2019-02-13 01:23:11 +00:00
93dd52b2a0
[arm64,armhf] udeb: Add mmc-core-modules to Provides of kernel-image
...
CONFIG_MMC is built-in for some reason, which I won't change right
now.
2019-02-13 00:22:08 +00:00
1eff5d823e
udeb: Make nic-wireless-modules depend on mmc-core-modules, not mmc-modules
2019-02-13 00:21:25 +00:00
f5c38df428
[armel] udeb: Add mmc-core-modules
2019-02-13 00:21:24 +00:00
1d8da34a80
[powerpc*] udeb: Add mmc-core-modules and nic-wireless-modules
...
* Move airport into nic-wireless-modules
* Remove overrides for Depends field of nic-pcmcia-modules
2019-02-12 22:07:51 +00:00
1d80b19d87
mt76: Use the correct hweight8() function (fixes FTBFS on ia64)
2019-02-12 15:39:34 +00:00
300cb820cd
[sparc64] udeb: Add i2c-modules and nic-shared-modules to avoid duplication
2019-02-12 12:51:59 +00:00
9050e91ac0
Prepare to release linux (4.19.20-1).
2019-02-11 16:56:00 +00:00
b4995d6607
video: Disable FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER again
...
It won't work nicely unless we make the boot loader completely silent,
and we might need to update themes as well.
<https://fedoraproject.org/wiki/Changes/FlickerFreeBoot > has the full
details.
2019-02-11 16:55:58 +00:00
fd527676dd
rmi4: Disable RMI_F54
...
Enabling this symbol makes rmi4_core depend on the media/v4l2
subsystem which is not only weird but also results in duplicate
modules at kernel-wedge time.
2019-02-11 14:06:39 +00:00
07c5106918
udeb: Add scsi-nic-modules containing Chelsio and Qlogic iSCSI/FC drivers
...
These drivers depend on the corresponding net drivers, or at least
common modules built under drivers/net/ethernet, currently leading
to duplicate modules.
I don't want to resolve this by adding a dependency between
nic-modules and scsi-modules, as that would pull in both into
installer images that previously only needed one set of drivers. I
also don't want to add the common modules into kernel-image as that
would bloat all installer images. Instead, put the drivers in a new
package and we can work out which installer images should include it
later.
Build scsi-nic-modules for all architectures/flavours that build
scsi-modules using the common module list now.
2019-02-11 14:00:58 +00:00
b7a2d1a5e6
debian/changelog: Close more bugs that requested config changes
2019-02-11 01:49:14 +00:00
4a73a700d4
[armhf,riscv64,s390x] udeb: Add cdrom-core-modules
2019-02-11 01:40:18 +00:00
1a8256e0fb
Enable some more new(ish) kconfig options
...
* [arm64,armhf] drm: Enable DRM_PANEL_RASPBERRYPI_TOUCHSCREEN as module
* dvb-usb-v2: Enable DVB_USB_ZD1301 as module
* gpio: Enable GPIO_EXAR, GPIO_PCI_IDIO_16, GPIO_PCIE_IDIO_24 as modules
* HID: Enable HID_ACCUTOUCH, HID_COUGAR, HID_ELAN, HID_ITE, HID_JABRA,
HID_MAYFLASH, HID_REDRAGON, HID_RETRODE, HID_STEAM, HID_UDRAW_PS3 as
modules
* [x86] i2c: Enable I2C_DESIGNWARE_BAYTRAIL
* media/rc: Enable IR_IMON_DECODER, IR_IMON_RAW as modules
* [x86] mfd: Enable INTEL_SOC_PMIC_BXTWC, INTEL_SOC_PMIC_CHTDC_TI as modules
* [x86] pinctrl: Enable PINCTRL_CANNONLAKE, PINCTRL_CEDARFORK,
PINCTRL_DENVERTON, PINCTRL_GEMINILAKE, PINCTRL_ICELAKE, PINCTRL_LEWISBURG
* ptp: Change PTP_1588_CLOCK_KVM from built-in to module
* serial: Enable USB_SERIAL_F8153X, USB_SERIAL_UPD78F0730 as modules
* sound: Enable SND_FIREWIRE_MOTU, SND_FIREFACE, SND_XEN_FRONTEND as modules
* [x86] sound: Enable SND_SOC_AMD_CZ_DA7219MX98357_MACH,
SND_SOC_AMD_CZ_RT5645_MACH, SND_SOC_INTEL_CHT_BSW_NAU8824_MACH,
SND_SOC_INTEL_BYT_CHT_DA7213_MACH, SND_SOC_INTEL_KBL_RT5663_MAX98927_MACH,
SND_SOC_INTEL_KBL_RT5663_RT5514_MAX98927_MACH,
SND_SOC_INTEL_KBL_DA7219_MAX98357A_MACH,
SND_SOC_INTEL_GLK_RT5682_MAX98357A_MACH as modules
* thermal: Enable DEVFREQ_THERMAL, THERMAL_STATISTICS
* video: Enable FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER
* watchdog: Enable WATCHDOG_PRETIMEOUT_GOV, WATCHDOG_PRETIMEOUT_GOV_NOOP,
WATCHDOG_PRETIMEOUT_DEFAULT_GOV_NOOP; WATCHDOG_PRETIMEOUT_GOV_PANIC,
WDAT_WDT as modules
* [x86] watchdog: Enable INTEL_MEI_WDT, NI903X_WDT, NIC7018_WDT as modules
2019-02-11 01:35:14 +00:00
9954895622
Enable lots of new(ish) kconfig options
...
* 9p: Enable NET_9P_XEN as module
* ACPI: Enable ACPI_TAD as module
* amd-xgbe: Enable AMD_XGBE_DCB
* ath9k: Enable ATH9K_CHANNEL_CONTEXT
* block: Enable BLK_DEV_ZONED (except armel/marvell)
* bluetooth: Enable BT_HCIUART_RTL; BT_HCIUART_NOKIA, BT_MTKUART as modules
* bnxt: Enable BNXT_DCB
* ethernet: Enable HINIC, ICE, LAN743X, LIQUIDIO_VF as modules
* can: Enable CAN_VXCAN, CAN_MCBA_USB, CAN_UCAN as modules
* dm: Enable DM_UNSTRIPED, DM_WRITECACHE, DM_ZONED as modules
* gnss: Enable GNSS, GNSS_SIRF_SERIAL, GNSS_UBX_SERIAL as modules
* IB: Enable CGROUP_RDMA (except armel/marvell)
* ieee802154: Enable IEEE802154_HWSIM as module
* inet: Enable INET_RAW_DIAG as module
* input: Enable INPUT_AXP20X_PEK as module
* IPMI: Enable IPMI_SSIF as module
* joystick: Enable JOYSTICK_PXRC as module
* mlx5: Enable MLX5_FPGA, MLX5_CORE_IPOIB; MLXFW as module
* net: Enable BPF_STREAM_PARSER, XDP_SOCKETS (except armel/marvell);
NET_FAILOVER, SMC, SMC_DIAG, VSOCKMON as modules
* net/phy: Enable LED_TRIGGER_PHY; CORTINA_PHY, DP83822_PHY, DP83TC811_PHY,
MARVELL_10G_PHY, MICROCHIP_T1_PHY, RENESAS_PHY, ROCKCHIP_PHY as modules
* net/sched: Enable NET_SCH_CBS, NET_SCH_ETF, NET_SCH_SKBPRIO, NET_EMATCH_IPT
as modules
* PCMCIA: Enable SCR24X as module
* [x86] rmi4: Re-enable RMI4_CORE, RMI4_SMB as modules (Closes : #875621 );
RMI4_F03, RMI4_F11, RMI4_F12, RMI4_F30, RMI4_F34, RMI4_F54, RMI4_F55
* xfrm: Enable XFRM_INTERFACE as module
* PCI: Enable PCI_PF_STUB as module
* random: Enable RANDOM_TRUST_CPU. This can be reverted using the kernel
parameter: random.trust_cpu=off
* SCSI: Enable QEDF, QEDI as modules
* serial: Enable SERIAL_8250_EXAR as module
* tpm: Enable TCG_TIS_SPI, TCG_VTPM_PROXY as modules
* usbtouchscreen: Enable TOUCHSCREEN_USB_EASYTOUCH
* wireless: Enable MT76x0U, MT76x2E, MT76x2U, QTNFMAC_PEARL_PCIE as modules
* zram: Enable ZRAM_WRITEBACK, ZRAM_MEMORY_TRACKING
2019-02-10 23:16:32 +00:00
d73ca07047
[powerpc*,sparc64] udeb: Add nic-usb-modules
2019-02-10 18:13:34 +00:00
e62943f64c
[arm64,armhf,ia64,riscv64,sparc64] udeb: Add usb-serial-modules
...
Closes : #903824
2019-02-10 18:13:34 +00:00
1ca5094557
drivers/firmware: Enable FW_CFG_SYSFS as module ( Closes : #882208 )
2019-02-10 18:13:34 +00:00
3efa0022ac
arm64: Enable ARM64_ERRATUM_843419 ( Closes : #920866 )
2019-02-10 00:26:21 +01:00
5019a8394c
HID: debug: fix the ring buffer implementation (CVE-2019-3819)
2019-02-09 15:14:06 +01:00
9c88b474fe
Merge branch 'henrich/ARM_ARMADA_37XX_CPUFREQ' into sid
...
enable CONFIG_ARM_ARMADA_37XX_CPUFREQ for arm64 (Closes : #917939 )
See merge request kernel-team/linux!121
2019-02-08 23:12:46 +00:00
Salvatore Bonaccorso
Joe Richey
Aurelien Jarno
Ben Hutchings
Noah Meyerhans
Benjamin Poirier
Bastian Blank
Romain Perier
Romain Perier
Cyril Brulebois
Romain Perier
Uwe Kleine-König
John Paul Adrian Glaubitz
Steve McIntyre
Alper Nebi Yasak
Vagrant Cascadian
Luca Boccassi
YunQiang Su
Stefan Fritsch
Yves-Alexis Perez
Marcin Juszkiewicz
dann frazier
Wookey