Salvatore Bonaccorso
51ce7dd8b3
Prepare to release linux (4.19.118-2+deb10u1).
2020-06-07 17:42:22 +02:00
Ben Hutchings
6a8dd1c6b0
Merge branch 'buster-security' into buster-security-embargoed
2020-06-07 01:35:25 +01:00
Salvatore Bonaccorso
da82e531d8
include/uapi/linux/swab.h: fix userspace breakage, use __BITS_PER_LONG for swap
...
Closes : #960271
(cherry picked from commit a4fb2a7b76
)
2020-06-07 01:32:53 +01:00
Ben Hutchings
22423990cd
Drop "KVM: VMX: Zero out *all* general purpose registers after VM-Exit"
...
This is not needed to fix CVE-2019-3016, and is addressing an issue
that's so far theoretical. It also needs a further fix to avoid
causing a more serious regression (depending on the compiler
behaviour).
2020-06-07 01:17:04 +01:00
Ben Hutchings
ff5ad5a3d1
propagate_one(): mnt_set_mountpoint() needs mount_lock
...
A similar issue to CVE-2020-12114.
2020-06-07 00:46:11 +01:00
Salvatore Bonaccorso
6e26711704
Add fixes for CVE-2019-3016
...
Cherry-pick 11 commits from the 4.19.118 including prerequisited to
adress CVE-2019-3016.
2020-06-06 10:35:47 +02:00
Salvatore Bonaccorso
789f116fbc
mm: Fix mremap not considering huge pmd devmap (CVE-2020-10757)
2020-06-05 12:34:34 +02:00
Salvatore Bonaccorso
50bf5b3b3d
kernel/relay.c: handle alloc_percpu returning NULL in relay_open (CVE-2019-19462)
2020-06-05 12:30:40 +02:00
Salvatore Bonaccorso
7fc7c96d6e
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() (CVE-2020-10732)
2020-06-03 07:42:07 +02:00
Salvatore Bonaccorso
2222852cc1
netlabel: cope with NULL catmap (CVE-2020-10711)
2020-06-02 20:27:49 +02:00
Salvatore Bonaccorso
888eb1f799
USB: gadget: fix illegal array access in binding with UDC (CVE-2020-13143)
2020-05-29 21:35:13 +02:00
Salvatore Bonaccorso
aefd886eef
scsi: sg: add sg_remove_request in sg_write (CVE-2020-12770)
2020-05-29 21:23:18 +02:00
Salvatore Bonaccorso
92ed2f689a
[x86] KVM: SVM: Fix potential memory leak in svm_cpu_init() (CVE-2020-12768)
2020-05-29 14:03:17 +02:00
Salvatore Bonaccorso
2fe68e87e7
USB: core: Fix free-while-in-use bug in the USB S-Glibrary (CVE-2020-12464)
2020-05-29 13:49:18 +02:00
Salvatore Bonaccorso
34284455a6
fs/namespace.c: fix mountpoint reference counter race (CVE-2020-12114)
2020-05-28 23:34:11 +02:00
Salvatore Bonaccorso
b3b40efebd
selinux: properly handle multiple messages in selinux_netlink_send() (CVE-2020-10751)
2020-05-28 23:02:50 +02:00
Ben Hutchings
195b1745c4
Avoid an ABI change for SRBDS
...
Adding the x86_cpu_id::steppings field is an ABI change. It doesn't
seem worth the trouble of another ABI bump just to be able to report
some potential future CPU steppings as invulnerable. Until we have
other change that require an ABI bump, we'll match the affected models
regardless of stepping.
Keep the reverted patch in the queue so that the reverting patch will
continue to be applied when we rebase onto a new stable update.
2020-05-05 02:21:33 +01:00
Ben Hutchings
0f2a83859c
[x86] Add support for mitigation of SRBDS (CVE-2020-0543)
...
Apply the current version of the backport to 4.19.
2020-05-05 02:07:33 +01:00
Salvatore Bonaccorso
136062cf83
Prepare to release linux (4.19.118-2).
2020-04-29 11:38:42 +02:00
Salvatore Bonaccorso
c977ce99a1
Release linux (4.19.98-1+deb10u1).
...
-----BEGIN PGP SIGNATURE-----
iQKmBAABCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl6maCdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EBtYP/1W8Y1dU9kCrJyK3Nz+HFwEKoe/ha1+t
vcjf4E1TOSUh30eaKaD6GVBp7iCK/tGDBxyfUerDltmilVRDt7f9mE/4CFt3e26y
S4DtsI5paoL1O/1uqbpG+53E5TPDw7CCJNkZ22/vjK++YzToaOjJIsTtZnHNNYwd
nMYtGqhn95NiZ//nNsV4wgSF9vXIgWuWvAEY80KdmfBYUVicUz8HyZB9Q5ErH1e7
/Fi9n7U/0F+PgcZSyLhS9vwlMY36HuuemYYMBzN48J2xL/73ttwoe0MU4Aieu1yX
iVMsrVc/X5JWjHiSpsrExCYvHrRXG9v4kWMOs+piD1yFi7oxD/fNy+043jJqmyOV
hu+3RX6BkNrw1jhLzDRYbOTz8Z09BXrUnXhyWLD5Z1ZgM1K5tQV0vCsiZBqyBHTK
owSVaOSDxHWTa9zSmIDTMPN6ljaQML2G1lF6F+AUKg4hqqjydlikgpJGSmjfs3Pd
YN2I9rfCpSuovYIUQXl38g4yLZC5onhEzLqFBBfxHJClND/nf27HARs6c0f72RlU
6aHrPgZpj2JPE/r1PoUej4lyhIbFzdJIOf2b26ZUvQC+sMUsxE0SonpFQqjDZggJ
cAqM5p80gbR8zGtBStwGGo0QljHdHbrzbnYfNQC/uGph0uYTvL+6BscUzO+RnYmx
9hKy2cqOWLez
=akKy
-----END PGP SIGNATURE-----
Merge tag 'debian/4.19.98-1+deb10u1' into buster
Release linux (4.19.98-1+deb10u1).
2020-04-28 23:07:38 +02:00
Salvatore Bonaccorso
f6cd3dfc5b
Prepare to release linux (4.19.98-1+deb10u1).
2020-04-27 07:05:40 +02:00
Salvatore Bonaccorso
a8fc50657f
[s390x] mm: fix page table upgrade vs 2ndary address mode accesses (CVE-2020-11884)
2020-04-26 21:03:38 +02:00
Salvatore Bonaccorso
3e765ace82
mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (CVE-2020-11565)
2020-04-26 20:58:02 +02:00
Salvatore Bonaccorso
2c376b16e6
vhost: Check docket sk_family instead of call getname (CVE-2020-10942)
2020-04-26 20:53:46 +02:00
Salvatore Bonaccorso
241912ed84
vfs: fix do_last() regression
2020-04-26 20:53:45 +02:00
Salvatore Bonaccorso
d3e1b6996d
do_last(): fetch directory ->i_mode and ->i_uid before it's too late (CVE-2020-8428)
2020-04-26 20:53:45 +02:00
Salvatore Bonaccorso
a688ee48fb
KVM: nVMX: Don't emulate instructions in guest mode (CVE-2020-2732)
2020-04-26 20:53:45 +02:00
Ben Hutchings
f142b431b1
Prepare to release linux (4.19.118-1).
2020-04-26 14:04:11 +01:00
Salvatore Bonaccorso
65ba05e78d
blktrace: fix dereference after null check
2020-04-26 11:28:32 +02:00
Salvatore Bonaccorso
a5acdf855d
blktrace: Protect q->blk_trace with RCU (CVE-2019-19768)
2020-04-26 11:25:38 +02:00
Salvatore Bonaccorso
6fe845e460
net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup (CVE-2020-1749)
2020-04-26 11:20:05 +02:00
Salvatore Bonaccorso
79c0009334
net: ipv6: add net argument to ip6_dst_lookup_flow
2020-04-26 11:14:36 +02:00
Salvatore Bonaccorso
cfa7bd0b02
f2fs: fix to avoid memory leakage in f2fs_listxattr (CVE-2020-0067)
2020-04-26 11:06:23 +02:00
Salvatore Bonaccorso
01ac87b05e
Add CVE id reference for CVE-2020-11494
2020-04-24 05:55:07 +02:00
Salvatore Bonaccorso
1e0b8b17f3
Update to 4.19.118
...
Cleanup debian/changelog file
Refresh "firmware: Remove redundant log messages from drivers" for context changes in 4.19.118
2020-04-23 20:41:14 +02:00
Ben Hutchings
37343cff01
Merge branch 'buster+ksm' into 'buster'
...
[buster] cloud: enable CONFIG_KSM for cloud
See merge request kernel-team/linux!229
2020-04-22 13:35:13 +00:00
Ben Hutchings
f248c110af
Merge branch 'carnil/linux-4.19-stable-updates' into buster
...
WIP: 4.19 stable updates
See merge request kernel-team/linux!213
2020-04-22 14:33:44 +01:00
Ben Hutchings
c2a32c869d
Bump ABI to 9
2020-04-22 04:04:25 +01:00
Ben Hutchings
efae16e787
debian/changelog: Comma-separate multiple CVE IDs for the same change
2020-04-22 04:02:55 +01:00
Ben Hutchings
9570b230d4
debian/changelog: Add/correct arch-qualifications for some stable changes
...
Model-specific quirks are only relevant to that model's CPU
architecture.
2020-04-22 04:02:01 +01:00
Ben Hutchings
c73c46766b
debian/changelog: Delete stable changes to disabled drivers
...
There's not much point in mentioning them.
2020-04-22 03:58:05 +01:00
Ben Hutchings
ee533a5333
debian/changelog: Delete stable changes that got reverted
...
There's no point in listing changes that didn't make it into this
release. Delete the summary lines for the original commits and revert
commits.
2020-04-22 03:03:04 +01:00
Ben Hutchings
dd8b268c15
debian/changelog: Summarise the rt changes
...
There is no need to list every update of the rt patch set, or
resolution of conflicts that have now been resolved upstream.
However, significant changes to the patch set should be listed,
so mention the patch that was dropped.
2020-04-22 02:54:36 +01:00
Salvatore Bonaccorso
6431292225
[rt] Update to 4.19.115-rt48
...
Refresh patch "pci/switchtec: Don't use completion's wait queue" which was
already done as well in previous rt patchset, due to context changes in
4.19.116 caused by 12ce9fd7fc87 ("PCI/switchtec: Fix init_completion race
condition with poll_wait()").
2020-04-21 22:25:37 +02:00
Salvatore Bonaccorso
6440db7ed1
Update to 4.19.117
...
Cleanup debian/changelog file
2020-04-21 22:08:20 +02:00
Noah Meyerhans
57cd8ee0e1
cloud: enable CONFIG_KSM for cloud
...
Closes: 955366
2020-04-20 14:23:43 -07:00
Salvatore Bonaccorso
72fdde5342
[rt] Refresh "pci/switchtec: Don't use completion's wait queue" for context changes in 4.19.116
2020-04-18 11:09:04 +02:00
Salvatore Bonaccorso
1fb0eb7956
Update to 4.19.116
...
Add CVE id reference for CVE-2020-11669
Cleanup debian/changelog file
2020-04-18 11:09:02 +02:00
Ben Hutchings
31d17e0e53
debian/README.source: Refer to upload checklist in kernel-team.git
...
(cherry picked from commit 68456ebc6bfabc94b05ca0771d502a2e1e5f8040)
2020-04-17 01:32:57 +01:00
Salvatore Bonaccorso
5d322cdf20
[rt] Refresh "workqueue: rework" for context changes in 4.19.114
2020-04-16 23:44:57 +02:00