debian-packaging
/
linux
8
0
Fork 0
Code Releases Activity
14,118 Commits 2 Branches 0 Tags 493 MiB
Commit Graph

3220 Commits

Author SHA1 Message Date
Salvatore Bonaccorso 2c376b16e6 vhost: Check docket sk_family instead of call getname (CVE-2020-10942) 2020-04-26 20:53:46 +02:00
Salvatore Bonaccorso 241912ed84 vfs: fix do_last() regression 2020-04-26 20:53:45 +02:00
Salvatore Bonaccorso d3e1b6996d do_last(): fetch directory ->i_mode and ->i_uid before it's too late (CVE-2020-8428) 2020-04-26 20:53:45 +02:00
Salvatore Bonaccorso a688ee48fb KVM: nVMX: Don't emulate instructions in guest mode (CVE-2020-2732) 2020-04-26 20:53:45 +02:00
Noah Meyerhans 428bd19863 random: try to actively add entropy rather than passively wait for it 
Cherry pick 50ee7529ec45 from mainline.  This addresses a lack of early entropy
in certain environments.

Closes: #948519
 2020-01-20 12:44:37 -08:00
Ben Hutchings 56dd5fa07e Add various security fixes not yet in 4.19-stable 
All of these are already fixed in jessie, and upgrades shouldn't
regress.
 2020-01-20 18:26:58 +00:00
Ben Hutchings 02a0b3eb56 Update to 4.19.91 
* Drop/refresh patches as appropriate
* Several ABI changes still need to be resolved
 2019-12-28 01:36:27 +00:00
Salvatore Bonaccorso 60468edbdf Drop 0028-RDMA-hns-Bugfix-for-the-scene-without-receiver-queue.patch 2019-12-17 16:56:40 +01:00
Salvatore Bonaccorso 9d10b57769 Drop 0027-RDMA-hns-Fix-the-bug-with-updating-rq-head-pointer-w.patch 2019-12-17 16:56:40 +01:00
Salvatore Bonaccorso f73fafb39e Revert "arm64: preempt: Fix big-endian when checking preempt count in assembly" 2019-12-17 16:56:40 +01:00
Aurelien Jarno 1a33bc2ef8 Update to 4.19.87 
Drop "net: ena: Fix Kconfig dependency on X86" applied upstream

Drop "scsi: hisi_sas: Feed back linkrate(max/min) when re-attached" applied upstream

Drop "scsi: hisi_sas: Fix the race between IO completion and timeout for SMP/internal IO" applied upstream

Drop "scsi: hisi_sas: Free slot later in slot_complete_vx_hw()" applied upstream

Drop "scsi: hisi_sas: Fix NULL pointer dereference" applied upstream

[rt] Refresh 0057-printk-Add-a-printk-kill-switch.patch (context changes in 4.19.87)

[rt] Refresh 0207-printk-Make-rt-aware.patch (context changes in 4.19.87)

Cleanup debian/changelog file
 2019-12-01 17:19:47 +01:00
Aurelien Jarno 5ba5b367b7 Update to 4.19.85 
Drop introduce is_pae_paging applied upstream

Cleanup debian/changelog file
 2019-12-01 13:29:09 +01:00
Salvatore Bonaccorso ea17f6edde Update to 4.19.84 
Drop TAA patches applied upstream

Drop ITLB_MULTIHIT patches applied upstream

Drop Intel i915 CVE fixes applied upstream

Add CVE id reference for CVE-2019-18813

Add CVE id reference for CVE-2019-19045

Add CVE id reference for CVE-2019-19052

Cleanup debian/changelog file
 2019-12-01 10:54:59 +01:00
Salvatore Bonaccorso a84ef0f6e4 [x86] KVM: x86: introduce is_pae_paging (Regression in 4.19.77) 
Fixes a regression in 4.19.81 while including backport of 16cfacc80857
("KVM: x86: Manually calculate reserved bits when loading PDPTRS") but
not  bf03d4f93347 ("KVM: x86: introduce is_pae_paging").
 2019-11-25 17:52:40 +01:00
Ben Hutchings 8c4ce65f70 Drop "MIPS: tlbex: Fix build_restore_pagemask KScratch restore" 
This was included in 4.19.81.
 2019-11-25 01:09:29 +00:00
Ben Hutchings beb8c412e8 Merge branch 'buster-4.19.81' into 'buster' 
Buster 4.19.81

See merge request kernel-team/linux!183
 2019-11-25 01:06:06 +00:00
Noah Meyerhans 43eae8169a Remove obsolete patch 
debian/abi/powerpc-avoid-abi-change-for-disabling-tm.patch let us postpone an
ABI bump. But with the 4.19.81 upstream release, we can no longer avoid it.
 2019-11-24 23:50:30 +00:00
Ben Hutchings fc769a9bb3 Merge branch 'bpoirier-guest/linux-buster' into buster 
tools/perf: Add python3 support to scripts

See merge request kernel-team/linux!184
 2019-11-24 19:25:28 +00:00
Aurelien Jarno 9397b7ea0e [mips*] tlbex: Fix build_restore_pagemask KScratch restore. 2019-11-23 22:23:57 +01:00
Noah Meyerhans 62e5e3199d Remove obsolete patches 2019-11-20 16:24:37 -08:00
Benjamin Poirier 016066336b tools/perf: Add python3 support to scripts 2019-11-20 15:04:24 +09:00
Salvatore Bonaccorso 3e9a6acd20 ipv4: Return -ENETUNREACH if we can't create route but saddr is valid 
Closes: #945023
 2019-11-19 08:00:10 +01:00
Salvatore Bonaccorso 014f165375 Release linux (4.19.67-2+deb10u2). 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAl3JkpgACgkQ57/I7JWG
 EQkwVhAAwN5/oNLjJcrhJjGvLW36QIcli05GoNH1hqLNlppwFwzxFYms5f4Y0uAn
 lu5wWo59jL2xqnZ0azNg7ukujVUyLuVEsBuShCBmkSWtt+3mXjKJay1lnwtEei1R
 w2WnXIsAFdSocpnCq7BfQi0sGgUetPJANkkXe019x8H7DmzugisnArp4hX7e7eU5
 JaRuugKTquYjPNN1mQaNS3/C6ODWRBZlTjafznZ3lTme9ku195oUAJWvyU6/AMDB
 +QB9lnaWVNsWkKt3Hx0yquY6sFHYhDhxxKXdULWDwjTW4r1Ye5DKJT433gbKjhTZ
 sILbbXMs2eEv9KM+NvMB96s32z+dc59q1KM3IeAKqQljsqngquqvBQtFRqJYtUCA
 k4HY0wO/2EapWnYnO0z7XekjolZlK7Nj6aldysZ8f6V1q13apPraYKscQyMLTAfy
 CXaUP3bsaxKZvEtlz4+x9OHIqKVrIzI8mLujcpgildz8E3bToXZCgK+CzIAFCdy+
 vY1wUoP5S/DCdgvAIzyT9g2VoFae3DNRNv2DSC53FMHaD1PRwE2wf4XgXSAc4hC+
 s3orsvA8PpHj7BpAa3D3JnrZbP/kAn+rFCqUha/6cs5npOUwpSs1SNdil60K130q
 dS9KcnWY2Do7fp6xc0T4WCRcR6osDJp3WzTmuHpHivfuP26VwXY=
 =aKic
 -----END PGP SIGNATURE-----

Merge tag 'debian/4.19.67-2+deb10u2' into buster

Release linux (4.19.67-2+deb10u2).
 2019-11-19 07:42:38 +01:00
Ben Hutchings 9a2df80e9d Drop "x86/cpu: Add Tremont to the cpu vulnerability whitelist" 
We don't have this CPU ID, and I don't see the point in adding it
right now.
 2019-11-11 00:29:38 +00:00
Ben Hutchings 6d8b0092bb [x86] drm/i915/cmdparser: Fix jump whitelist clearing 
Fix a flaw I found in the mitigation for CVE-2019-0155.
 2019-11-10 22:41:41 +00:00
Ben Hutchings feec1caa94 [x86] i915: Add mitigations for two hardware security flaws 2019-11-10 02:53:32 +00:00
Ben Hutchings c2443a2e97 [x86] Update TAA and NX fixes to pending stable backports 2019-11-09 20:17:15 +00:00
Salvatore Bonaccorso be004c1b69 x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs 2019-11-08 00:14:38 +01:00
Ben Hutchings 37baed7166 [x86] Update TAA (Borislav v2) and NX (v9) fixes 
The upstream commits for these are now finalised, so we shouldn't need
to replace patches after this (but might need to add more).
 2019-11-07 18:10:48 +00:00
Salvatore Bonaccorso cd92ab49c4 KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active 2019-11-07 17:32:14 +01:00
Noah Meyerhans 87c48ee54f drivers/net/ethernet/amazon: Backport ENA driver from Linux 5.4 2019-10-29 09:47:59 -07:00
Ben Hutchings 537ad2315a [x86] Update TAA patch set to v7 2019-10-24 22:52:37 +01:00
Ben Hutchings b2cc5e7f74 [x86] Update NX patch set to v7 2019-10-24 22:48:50 +01:00
Ben Hutchings 96c0e74c50 [x86] Add mitigation for TSX Asynchronous Abort (CVE-2019-11135) 
This is a backport of v6 of the TAA patch set, and will probably
require updates before release.  The subject lines for these patches
didn't come through.
 2019-10-20 14:51:55 +01:00
Ben Hutchings d9bd594144 [x86] KVM: Add mitigation for Machine Check Error on Page Size Change 
(aka iTLB multi-hit, CVE-2018-12207)

This is a backport of v6 of the "NX" patch set, and will probably
require updates before release.
 2019-10-20 14:46:13 +01:00
Ben Hutchings 9aee5ae400 debian/patches/series: Apply security fixes last (except ABI maintenance) 
The security fixes are where we have the greatest churn, so it's
convenient if they can be pushed/popped without having to go through
other patches.
 2019-10-20 14:37:29 +01:00
Romain Perier 1df282987d [armhf, arm64] Backport devicetree for enabling support for the Raspberry PI 3 A+ 
We already have everything we need inside the kernel 4.19.x for
supporting this board. backporting patches from upstream so we get
the support for buster.
 2019-10-16 20:07:45 +02:00
Salvatore Bonaccorso 530030f117 ixgbe: Fix secpath usage for IPsec TX offload 
Closes: #930443
 2019-10-15 22:57:58 +02:00
Salvatore Bonaccorso 942d6ddd3f KVM: coalesced_mmio: add bounds checking (CVE-2019-14821) 2019-09-19 17:16:06 +02:00
Salvatore Bonaccorso c0096a08f9 [x86] ptrace: fix up botched merge of spectrev1 fix (CVE-2019-15902) 2019-09-18 21:35:01 +02:00
Salvatore Bonaccorso 78f0b2574a vhost: make sure log_num < in_num (CVE-2019-14835) 2019-09-13 06:12:11 +02:00
Romain Perier 782d6ea880 ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term 
(CVE-2019-15118)
 2019-09-12 22:40:43 +02:00
Romain Perier aa8fb19232 ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit 
(CVE-2019-15117)

[carnil: Use 4.19.67-2+deb10u1 version for buster-security branch]
 2019-09-12 22:40:21 +02:00
Salvatore Bonaccorso a065e442e2 xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT 2019-08-24 20:51:54 +02:00
Cyril Brulebois 1b40f700ac [arm64] Backport DTB support for Rasperry Pi Compute Module 3. 
Tested-by: Charles Fendt <charles.fendt@me.com>
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
(cherry picked from commit de7501857cae4892f52d8c56c2184be548709052)
 2019-08-22 21:16:10 +02:00
Cyril Brulebois 10dd2b634c [arm] Backport DTB support for Rasperry Pi Compute Module 3. 
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
(cherry picked from commit 64801af590540b4494f408b95a31fbe07963784d)
 2019-08-22 21:16:10 +02:00
Ben Hutchings 57f74f6573 netfilter: conntrack: Use consistent ct id hash calculation 
This fixes a regression in 4.19.44.
 2019-08-22 20:04:20 +01:00
Ben Hutchings 00ee7f7173 [ppc64el] Avoid ABI change for disabling TM 
Ignore removal of TM functions that are exported for use by KVM.
 2019-08-22 20:03:54 +01:00
Salvatore Bonaccorso 9bf2130b62 dm: disable DISCARD if the underlying storage no longer supports it 
Closes: #934331
 2019-08-21 21:41:04 +02:00
Ben Hutchings f79aedcfab Bump ABI to 6 2019-08-20 01:51:35 +01:00