Salvatore Bonaccorso
1e3e001c12
apparmor: don't try to replace stale label in ptraceme check
...
Closes : #963493
2020-06-26 22:04:24 +02:00
Salvatore Bonaccorso
6da8aff445
[rt] Add new signing key for Tom Zanussi
2020-06-22 14:50:01 +02:00
Salvatore Bonaccorso
ec2ba4830d
Release linux (4.19.118-2+deb10u1).
...
-----BEGIN PGP SIGNATURE-----
iQKmBAABCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl7dP21fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89ENh0P/iBzOTwQQrbR2hhYjkf6/rOMmgt4/WRe
SX+YZO7YC2F63Cbz0eGJLa1Y7WMQkmPvrpwoKm8HtFq16SFXp2JMRMxI6NygEGcC
i3Z86z26ik+qLLqeSCIigfRTZfFRT6o3wIFaOUS5AKUMBIbneELk70FyyFJ5g6gs
BSjPsL0+9L3B8eqg7NK8E4ueiX791v9wyYqpMDfG+AkL5PTuL3XY2VmSs1Vzv63I
WUpV0Ekpdpx7+PgQkO0gJRb/wFTHZdjMn5GR247awwVD0uxecQCmMxevmw+yzmma
S9OSeBsIEhmvRqTUMChjJsLqfF5++1ywRdoAzxnczIi3VpfIkDoFxZ569AQPQA9R
RxGhM2QrlyzQYtAmnk6lnu5WzSNxSuesI9/Km5X+dBCAFegHMuhnwF+ti2D5WHhW
yzt6hz1Zk7tJe4UgURRQVSAHPwK1Xg9Jlp9jGB20AKAhgIFFvALMDoYXlAbYEfhf
s8m1u0UVdrNCW86JetfchlwSUNJOwFufTBrEnSrxLDr6qG9XWVCLO5xvIJUBjXx2
3AxCbsYtfZOFDMCBzYzVCWACJn9Nl/Q/59j8YzDiy3xTPTpUY4g5nyonWXyRuUrB
1tp4UCL9yQIRvhzHtp/NfecPdCCp8EkufAK3X2VOWmMUjwAT4VvxKck9fuxdixHo
FlU/U03e8vPT
=8WdB
-----END PGP SIGNATURE-----
Merge tag 'debian/4.19.118-2+deb10u1' into buster
Release linux (4.19.118-2+deb10u1).
2020-06-14 10:46:38 +02:00
Salvatore Bonaccorso
0da00be7e6
ALSA: pcm: oss: Place the plugin buffer overflow checks correctly
...
Closes : #960493
2020-06-14 10:40:03 +02:00
Salvatore Bonaccorso
51ce7dd8b3
Prepare to release linux (4.19.118-2+deb10u1).
2020-06-07 17:42:22 +02:00
Ben Hutchings
6a8dd1c6b0
Merge branch 'buster-security' into buster-security-embargoed
2020-06-07 01:35:25 +01:00
Salvatore Bonaccorso
da82e531d8
include/uapi/linux/swab.h: fix userspace breakage, use __BITS_PER_LONG for swap
...
Closes : #960271
(cherry picked from commit a4fb2a7b76
)
2020-06-07 01:32:53 +01:00
Ben Hutchings
22423990cd
Drop "KVM: VMX: Zero out *all* general purpose registers after VM-Exit"
...
This is not needed to fix CVE-2019-3016, and is addressing an issue
that's so far theoretical. It also needs a further fix to avoid
causing a more serious regression (depending on the compiler
behaviour).
2020-06-07 01:17:04 +01:00
Ben Hutchings
ff5ad5a3d1
propagate_one(): mnt_set_mountpoint() needs mount_lock
...
A similar issue to CVE-2020-12114.
2020-06-07 00:46:11 +01:00
Salvatore Bonaccorso
6e26711704
Add fixes for CVE-2019-3016
...
Cherry-pick 11 commits from the 4.19.118 including prerequisited to
adress CVE-2019-3016.
2020-06-06 10:35:47 +02:00
Salvatore Bonaccorso
789f116fbc
mm: Fix mremap not considering huge pmd devmap (CVE-2020-10757)
2020-06-05 12:34:34 +02:00
Salvatore Bonaccorso
50bf5b3b3d
kernel/relay.c: handle alloc_percpu returning NULL in relay_open (CVE-2019-19462)
2020-06-05 12:30:40 +02:00
Salvatore Bonaccorso
7fc7c96d6e
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() (CVE-2020-10732)
2020-06-03 07:42:07 +02:00
Salvatore Bonaccorso
2222852cc1
netlabel: cope with NULL catmap (CVE-2020-10711)
2020-06-02 20:27:49 +02:00
Salvatore Bonaccorso
888eb1f799
USB: gadget: fix illegal array access in binding with UDC (CVE-2020-13143)
2020-05-29 21:35:13 +02:00
Salvatore Bonaccorso
aefd886eef
scsi: sg: add sg_remove_request in sg_write (CVE-2020-12770)
2020-05-29 21:23:18 +02:00
Salvatore Bonaccorso
92ed2f689a
[x86] KVM: SVM: Fix potential memory leak in svm_cpu_init() (CVE-2020-12768)
2020-05-29 14:03:17 +02:00
Salvatore Bonaccorso
2fe68e87e7
USB: core: Fix free-while-in-use bug in the USB S-Glibrary (CVE-2020-12464)
2020-05-29 13:49:18 +02:00
Salvatore Bonaccorso
34284455a6
fs/namespace.c: fix mountpoint reference counter race (CVE-2020-12114)
2020-05-28 23:34:11 +02:00
Salvatore Bonaccorso
b3b40efebd
selinux: properly handle multiple messages in selinux_netlink_send() (CVE-2020-10751)
2020-05-28 23:02:50 +02:00
Salvatore Bonaccorso
a4fb2a7b76
include/uapi/linux/swab.h: fix userspace breakage, use __BITS_PER_LONG for swap
...
Closes : #960271
2020-05-13 17:45:56 +02:00
Ben Hutchings
195b1745c4
Avoid an ABI change for SRBDS
...
Adding the x86_cpu_id::steppings field is an ABI change. It doesn't
seem worth the trouble of another ABI bump just to be able to report
some potential future CPU steppings as invulnerable. Until we have
other change that require an ABI bump, we'll match the affected models
regardless of stepping.
Keep the reverted patch in the queue so that the reverting patch will
continue to be applied when we rebase onto a new stable update.
2020-05-05 02:21:33 +01:00
Ben Hutchings
0f2a83859c
[x86] Add support for mitigation of SRBDS (CVE-2020-0543)
...
Apply the current version of the backport to 4.19.
2020-05-05 02:07:33 +01:00
Salvatore Bonaccorso
136062cf83
Prepare to release linux (4.19.118-2).
2020-04-29 11:38:42 +02:00
Salvatore Bonaccorso
cfb6935a87
Add ABI reference for 4.19.0-9
...
Gbp-Dch: Ignore
2020-04-29 10:36:57 +02:00
Salvatore Bonaccorso
c977ce99a1
Release linux (4.19.98-1+deb10u1).
...
-----BEGIN PGP SIGNATURE-----
iQKmBAABCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl6maCdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EBtYP/1W8Y1dU9kCrJyK3Nz+HFwEKoe/ha1+t
vcjf4E1TOSUh30eaKaD6GVBp7iCK/tGDBxyfUerDltmilVRDt7f9mE/4CFt3e26y
S4DtsI5paoL1O/1uqbpG+53E5TPDw7CCJNkZ22/vjK++YzToaOjJIsTtZnHNNYwd
nMYtGqhn95NiZ//nNsV4wgSF9vXIgWuWvAEY80KdmfBYUVicUz8HyZB9Q5ErH1e7
/Fi9n7U/0F+PgcZSyLhS9vwlMY36HuuemYYMBzN48J2xL/73ttwoe0MU4Aieu1yX
iVMsrVc/X5JWjHiSpsrExCYvHrRXG9v4kWMOs+piD1yFi7oxD/fNy+043jJqmyOV
hu+3RX6BkNrw1jhLzDRYbOTz8Z09BXrUnXhyWLD5Z1ZgM1K5tQV0vCsiZBqyBHTK
owSVaOSDxHWTa9zSmIDTMPN6ljaQML2G1lF6F+AUKg4hqqjydlikgpJGSmjfs3Pd
YN2I9rfCpSuovYIUQXl38g4yLZC5onhEzLqFBBfxHJClND/nf27HARs6c0f72RlU
6aHrPgZpj2JPE/r1PoUej4lyhIbFzdJIOf2b26ZUvQC+sMUsxE0SonpFQqjDZggJ
cAqM5p80gbR8zGtBStwGGo0QljHdHbrzbnYfNQC/uGph0uYTvL+6BscUzO+RnYmx
9hKy2cqOWLez
=akKy
-----END PGP SIGNATURE-----
Merge tag 'debian/4.19.98-1+deb10u1' into buster
Release linux (4.19.98-1+deb10u1).
2020-04-28 23:07:38 +02:00
Salvatore Bonaccorso
f6cd3dfc5b
Prepare to release linux (4.19.98-1+deb10u1).
2020-04-27 07:05:40 +02:00
Salvatore Bonaccorso
a8fc50657f
[s390x] mm: fix page table upgrade vs 2ndary address mode accesses (CVE-2020-11884)
2020-04-26 21:03:38 +02:00
Salvatore Bonaccorso
3e765ace82
mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (CVE-2020-11565)
2020-04-26 20:58:02 +02:00
Salvatore Bonaccorso
2c376b16e6
vhost: Check docket sk_family instead of call getname (CVE-2020-10942)
2020-04-26 20:53:46 +02:00
Salvatore Bonaccorso
241912ed84
vfs: fix do_last() regression
2020-04-26 20:53:45 +02:00
Salvatore Bonaccorso
d3e1b6996d
do_last(): fetch directory ->i_mode and ->i_uid before it's too late (CVE-2020-8428)
2020-04-26 20:53:45 +02:00
Salvatore Bonaccorso
a688ee48fb
KVM: nVMX: Don't emulate instructions in guest mode (CVE-2020-2732)
2020-04-26 20:53:45 +02:00
Salvatore Bonaccorso
5cdd44bf16
Add ABI reference for 4.19.0-8
...
Gbp-Dch: Ignore
2020-04-26 20:53:45 +02:00
Ben Hutchings
f142b431b1
Prepare to release linux (4.19.118-1).
2020-04-26 14:04:11 +01:00
Salvatore Bonaccorso
65ba05e78d
blktrace: fix dereference after null check
2020-04-26 11:28:32 +02:00
Salvatore Bonaccorso
a5acdf855d
blktrace: Protect q->blk_trace with RCU (CVE-2019-19768)
2020-04-26 11:25:38 +02:00
Salvatore Bonaccorso
6fe845e460
net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup (CVE-2020-1749)
2020-04-26 11:20:05 +02:00
Salvatore Bonaccorso
79c0009334
net: ipv6: add net argument to ip6_dst_lookup_flow
2020-04-26 11:14:36 +02:00
Salvatore Bonaccorso
765258c0c8
Update commit message for f2fs patch to include note on backport
...
Gbp-Dch: Ignore
2020-04-26 11:13:27 +02:00
Salvatore Bonaccorso
cfa7bd0b02
f2fs: fix to avoid memory leakage in f2fs_listxattr (CVE-2020-0067)
2020-04-26 11:06:23 +02:00
Salvatore Bonaccorso
01ac87b05e
Add CVE id reference for CVE-2020-11494
2020-04-24 05:55:07 +02:00
Salvatore Bonaccorso
1e0b8b17f3
Update to 4.19.118
...
Cleanup debian/changelog file
Refresh "firmware: Remove redundant log messages from drivers" for context changes in 4.19.118
2020-04-23 20:41:14 +02:00
Ben Hutchings
37343cff01
Merge branch 'buster+ksm' into 'buster'
...
[buster] cloud: enable CONFIG_KSM for cloud
See merge request kernel-team/linux!229
2020-04-22 13:35:13 +00:00
Ben Hutchings
f248c110af
Merge branch 'carnil/linux-4.19-stable-updates' into buster
...
WIP: 4.19 stable updates
See merge request kernel-team/linux!213
2020-04-22 14:33:44 +01:00
Ben Hutchings
c2a32c869d
Bump ABI to 9
2020-04-22 04:04:25 +01:00
Ben Hutchings
efae16e787
debian/changelog: Comma-separate multiple CVE IDs for the same change
2020-04-22 04:02:55 +01:00
Ben Hutchings
9570b230d4
debian/changelog: Add/correct arch-qualifications for some stable changes
...
Model-specific quirks are only relevant to that model's CPU
architecture.
2020-04-22 04:02:01 +01:00
Ben Hutchings
c73c46766b
debian/changelog: Delete stable changes to disabled drivers
...
There's not much point in mentioning them.
2020-04-22 03:58:05 +01:00
Ben Hutchings
ee533a5333
debian/changelog: Delete stable changes that got reverted
...
There's no point in listing changes that didn't make it into this
release. Delete the summary lines for the original commits and revert
commits.
2020-04-22 03:03:04 +01:00