debian-packaging
/
linux
8
0
Fork 0
Code Releases Activity
14,260 Commits 2 Branches 0 Tags 493 MiB
Commit Graph

300 Commits

Author SHA1 Message Date
Salvatore Bonaccorso 1049f4bd25 Drop "x86/cpu: Add a steppings field to struct x86_cpu_id" 2020-07-04 00:01:02 +02:00
Salvatore Bonaccorso ce4504d627 Drop "KVM: SVM: Fix potential memory leak in svm_cpu_init()" 2020-07-04 00:01:02 +02:00
Salvatore Bonaccorso 576d33f2b5 Drop pre-requisites and patches for CVE-2019-3016 2020-07-04 00:01:01 +02:00
Ben Hutchings 6a8dd1c6b0 Merge branch 'buster-security' into buster-security-embargoed 2020-06-07 01:35:25 +01:00
Ben Hutchings 22423990cd Drop "KVM: VMX: Zero out *all* general purpose registers after VM-Exit" 
This is not needed to fix CVE-2019-3016, and is addressing an issue
that's so far theoretical.  It also needs a further fix to avoid
causing a more serious regression (depending on the compiler
behaviour).
 2020-06-07 01:17:04 +01:00
Salvatore Bonaccorso 6e26711704 Add fixes for CVE-2019-3016 
Cherry-pick 11 commits from the 4.19.118 including prerequisited to
adress CVE-2019-3016.
 2020-06-06 10:35:47 +02:00
Salvatore Bonaccorso 92ed2f689a [x86] KVM: SVM: Fix potential memory leak in svm_cpu_init() (CVE-2020-12768) 2020-05-29 14:03:17 +02:00
Ben Hutchings 0f2a83859c [x86] Add support for mitigation of SRBDS (CVE-2020-0543) 
Apply the current version of the backport to 4.19.
 2020-05-05 02:07:33 +01:00
Aurelien Jarno 5ba5b367b7 Update to 4.19.85 
Drop introduce is_pae_paging applied upstream

Cleanup debian/changelog file
 2019-12-01 13:29:09 +01:00
Salvatore Bonaccorso ea17f6edde Update to 4.19.84 
Drop TAA patches applied upstream

Drop ITLB_MULTIHIT patches applied upstream

Drop Intel i915 CVE fixes applied upstream

Add CVE id reference for CVE-2019-18813

Add CVE id reference for CVE-2019-19045

Add CVE id reference for CVE-2019-19052

Cleanup debian/changelog file
 2019-12-01 10:54:59 +01:00
Salvatore Bonaccorso a84ef0f6e4 [x86] KVM: x86: introduce is_pae_paging (Regression in 4.19.77) 
Fixes a regression in 4.19.81 while including backport of 16cfacc80857
("KVM: x86: Manually calculate reserved bits when loading PDPTRS") but
not  bf03d4f93347 ("KVM: x86: introduce is_pae_paging").
 2019-11-25 17:52:40 +01:00
Noah Meyerhans 8c9e9430c2 Refresh remaining patches 2019-11-20 16:24:37 -08:00
Noah Meyerhans 62e5e3199d Remove obsolete patches 2019-11-20 16:24:37 -08:00
Ben Hutchings 9a2df80e9d Drop "x86/cpu: Add Tremont to the cpu vulnerability whitelist" 
We don't have this CPU ID, and I don't see the point in adding it
right now.
 2019-11-11 00:29:38 +00:00
Ben Hutchings 6d8b0092bb [x86] drm/i915/cmdparser: Fix jump whitelist clearing 
Fix a flaw I found in the mitigation for CVE-2019-0155.
 2019-11-10 22:41:41 +00:00
Ben Hutchings feec1caa94 [x86] i915: Add mitigations for two hardware security flaws 2019-11-10 02:53:32 +00:00
Ben Hutchings c2443a2e97 [x86] Update TAA and NX fixes to pending stable backports 2019-11-09 20:17:15 +00:00
Salvatore Bonaccorso be004c1b69 x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs 2019-11-08 00:14:38 +01:00
Ben Hutchings 37baed7166 [x86] Update TAA (Borislav v2) and NX (v9) fixes 
The upstream commits for these are now finalised, so we shouldn't need
to replace patches after this (but might need to add more).
 2019-11-07 18:10:48 +00:00
Salvatore Bonaccorso cd92ab49c4 KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active 2019-11-07 17:32:14 +01:00
Ben Hutchings 537ad2315a [x86] Update TAA patch set to v7 2019-10-24 22:52:37 +01:00
Ben Hutchings b2cc5e7f74 [x86] Update NX patch set to v7 2019-10-24 22:48:50 +01:00
Ben Hutchings 96c0e74c50 [x86] Add mitigation for TSX Asynchronous Abort (CVE-2019-11135) 
This is a backport of v6 of the TAA patch set, and will probably
require updates before release.  The subject lines for these patches
didn't come through.
 2019-10-20 14:51:55 +01:00
Ben Hutchings d9bd594144 [x86] KVM: Add mitigation for Machine Check Error on Page Size Change 
(aka iTLB multi-hit, CVE-2018-12207)

This is a backport of v6 of the "NX" patch set, and will probably
require updates before release.
 2019-10-20 14:46:13 +01:00
Salvatore Bonaccorso c0096a08f9 [x86] ptrace: fix up botched merge of spectrev1 fix (CVE-2019-15902) 2019-09-18 21:35:01 +02:00
Ben Hutchings 0899b0f554 Update to 4.19.67 
* Drop patches which have been applied to 4.19-stable
* Drop "Revert "net: stmmac: Send TSO packets always from Queue 0"" in
  favour of upstream fix "net: stmmac: Re-work the queue selection for
  TSO packets"
* Refresh patches that became fuzzy
 2019-08-20 01:51:22 +01:00
Salvatore Bonaccorso 07a6d57831 Add patchset for CVE-2019-1125 2019-08-07 08:34:30 +02:00
Salvatore Bonaccorso 869c89cb6d Use patch headers as generated by git format-patch-for-debian 2019-07-20 21:14:38 +02:00
Romain Perier 7e902dbcd3 [x86] x86/insn-eval: Fix use-after-free access to LDT entry (CVE-2019-13233) 2019-07-20 17:17:43 +02:00
Ben Hutchings 20351317dd [x86] Drop fix for #865303, which no longer affects Debian's OpenJDK 
This workaround is no longer needed for Debian's OpenJDK packages:

* OpenJDK 7 is unfixed (bug #876068) but is not present in stretch or
  later suites
* OpenJDK 8 was fixed in unstable (bug #876051) and the fix was then
  included in a stretch security update
* OpenJDK 9 and later were fixed (bug #876069)

The workaround was never applied upstream and it also doesn't seem
like a good idea to have a Debian-specific VM quirk that weakens the
defence against Stack Clash.  Therefore drop it now rather than
including it in another release.
 2019-03-13 18:37:35 +00:00
Marcin Juszkiewicz 4a0b4cb79e update to 4.19.21 2019-03-05 14:28:55 +01:00
Salvatore Bonaccorso 00224672bb [x86] KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221) 2019-02-08 10:32:39 +01:00
Salvatore Bonaccorso fb1b32a316 [x86] KVM: work around leak of uninitialized stack contents (CVE-2019-7222) 2019-02-08 10:18:28 +01:00
Salvatore Bonaccorso 86ff06cd73 [x86] kvmclock: set offset for kvm unstable clock 
Closes: #918036
 2019-01-30 17:14:36 +01:00
Yves-Alexis Perez fceb8a1734 update to 4.19.15 2019-01-16 11:09:49 +01:00
Hans van Kranenburg edc7c6ee64 [x86] Fix booting as Xen dom0 
This patch is from the tip repo, and will show up in 4.19 later.
 2018-12-12 15:57:21 +01:00
Romain Perier 5222653db6 Update to 4.19.7 2018-12-05 19:59:32 +01:00
Salvatore Bonaccorso 37094dbb55 [x86] KVM: LAPIC: Fix pv ipis use-before-initialization (CVE-2018-19406) 2018-12-03 21:11:24 +01:00
Romain Perier 8008ae41de Update to 4.19.2 2018-11-16 21:22:52 +01:00
Ben Hutchings 79ecbb0832 Release linux (4.18.10-1). 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAluyLtYACgkQ57/I7JWG
 EQkvcBAAl2AxUxQKDRyS4mgohOa881NpHGdwfcxIXyEVIsPVVtUE+Dg5dzGku/J2
 C1iA6R8tbOZuxOWQbNkGTFZml3JjfcikH21EGD1aqq5z1PmRudA/XBXdl2aItMUi
 lV6HMQcG4GWTjMC/cwrxW5D7rrIqGfp+CCAiACheGbK7mrwAwpioCP3u4JUQm0+F
 kGU4znfQbCScXtoegAwRBHB5nUWRbKZMHMe4vNgVl4Na5wTy4dL4Eh3qWulwOzGx
 94OiJPsV9thctA6vusqrub5DpABjQveDPJyHt2EgvAt2W8MrE/NUiU+4ol2tTNcT
 Ev4P66Jz2bmr3pisx5Cz+3fUXcesrllvWJx5RxPV8f4gCj4/A3zNNz0UdcqcIR/h
 ptTMM9fDC8srz6bnKSYWSii3cmnxMVx5OjNztaoeJMFY6M7rn58rW9e53pkVWeJf
 eKZ27T7RvNMoGDr99u10ca+zb8qBygxQBQea1rKL49T2Jl/5ROkkPvoQ0SNT5kIe
 DL9Z7MDwBI5H5kQW7e9jCiOH65PG/DeVwddko3FeHQy9INxgd6toKiiU0HM4U+8Y
 lsUbuAHRHeVsuLQ1U5YTFHrG56CjqYeU10A7UnxRbqvIOd2MTfp/4fAcM4X+15yZ
 2Q1MRd/fCXIlRBMGfGRnNMX9327/I+XQ8kamktE5H55JWF+KyeI=
 =eMi7
 -----END PGP SIGNATURE-----

Merge tag 'debian/4.18.10-1'

Release linux (4.18.10-1).

- Drop new patches that are already included upstream
- Keep ABI number set to "trunk"
- Refresh arm64 APEI workaround patch for 4.19
 2018-10-01 15:37:28 +01:00
Romain Perier 14d9845760 Update to 4.18.10 
This updates the debian changelog for listing changes of this stable
update. It also removes patches applied upstream and refreshes a patch
that is part of 4.18.7-rt5.
 2018-09-30 16:01:44 +02:00
Romain Perier 1353758acf Update to 4.19-rc5 
This updates the changelogs and removes patches that have been applied
upstream.
 2018-09-26 12:17:37 +02:00
Ben Hutchings 5a77952e41 [i386/686] Enable MGEODE_LX instead of M686 (regression in 4.16) 
- x86-32: Disable 3D-Now in generic config
 2018-09-25 21:55:43 +01:00
Ben Hutchings 337682dc35 Release linux (4.18.8-1). 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAluhDZUACgkQ57/I7JWG
 EQkLvQ//QqqAfJXjwZt3Iy+dcYieLqmhy4/KtjVvFP8EKSyfdeWl0awb3szbmMs5
 cy2p5q17mafVZTx9MCppp4y1modMBZrMC6hmB9UAoU0j1GnKHNbtddzA3+uo1dmw
 i2LudGseb8LSL5z6g95P4SozSNNeFPIOLSYxkGVnlG3sUdlhlRYCvYf9k8BKUEbx
 sU0yDXQOhf0kBLsRXW8QfJEBHv5ivr9/Q+s9e71NUpVWaEOZwgfJacM/QWcY8+J4
 2o0XlHtS9+r0Ik0RK5Zyt8eun1sH1cb4Lta9LZjvRLWpCqXNpPSus6V8qENngcyw
 X9ZGWi3nMiR4OOuEMGMxbzXXzWreg9MNPyM5/kVfJKlsLi1xP7ufhnstR+j2/tTJ
 guVLDw73B4RyOwH2p4Kh1Pk0hACagI9AeKfjSBTMMlv2rD6FDfuJlSgEYUIK/NLl
 lsefkkKu2EZVdhIBEGDnu80+V2AuoTYXpEknvbnvlYZ1wLNXb73GIFptWu18dfOy
 fZ4cEWDxuKd52nbsjKlQmaxlFGSfjmmWliorhrU84FZsRjvFARGWWPwnjk8fwcpD
 +D0GASqx37iw1gQK8yNQER3dxHzVh1blIKhADgEWJXsaeHcfyDHziShX7FZ8n6G5
 HQBaynaG0Qc9fWd8O6xmX6wsP/vGRFJchbWwa5Gd7L2cCmur1Vk=
 =lopf
 -----END PGP SIGNATURE-----

Merge tag 'debian/4.18.8-1'

Release linux (4.18.8-1).

- Drop ABI reference files and ABI maintenance patch
- Replace ccp driver patch with upstream version that applies to 4.19
 2018-09-18 15:49:53 +01:00
Ben Hutchings cdba06ffc2 debian/patches: Add Forwarded fields to several patches 2018-09-16 16:27:59 +01:00
Romain Perier 2943a959c9 [x86] crypto: ccp: add timeout support in the SEV command (Closes: #908248) 2018-09-16 01:58:12 +01:00
Ben Hutchings 824debfd2e tools: turbostat: Add checks for failure of fgets() and fscanf() 2018-09-11 04:17:46 +01:00
Ben Hutchings 605745f58f tools: x86_energy_perf_policy: Fix "uninitialized variable" warnings at -O2 2018-09-11 04:17:45 +01:00
Ben Hutchings c74e5d6fe7 [x86] boot: Fix EFI stub alignment 2018-09-05 17:55:25 +01:00
Ben Hutchings c3b8d670c3 Update to 4.19-rc2 2018-09-03 21:34:30 +01:00