167ecd4ada
scsi: libsas: fix a race condition when smp task timeout (CVE-2018-20836)
2019-07-22 14:01:45 +02:00
84b1bd80aa
Revert unwanted changes for buster-security
...
We need to be based onto 4.19.37-5+deb10u1, and only include security
related topics. Things or improvements added to 4.19.37-6 (that is
already in sid) should be removed because they should not be uploaded
to buster-security accidentaly.
2019-07-22 11:44:02 +02:00
01d9fffd29
Release linux (4.19.37-5+deb10u1).
...
-----BEGIN PGP SIGNATURE-----
iQKmBAABCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl0xhh1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E8nEP/iF7NUo1hvYNR/ueapgtpnMaHh/OeiGp
x5/4RQW9Lo+Y8djiJWr9Kh7DVT7zp2k6OOb6o2qypgpEpFGGZAf02E3kheTJMhJz
XxDHyGRflQpXDsEbPCcWCXvJjH/7puV/GWATPYo9qE/hs9rBAiFsOlOTqWSJf8Yd
rVxjRRXe9/qRcOV4OJyiuL2GbeL7eO3TqTEl1NVSNP4V1RjYFFy/CUelWAcGzUOI
tkk+NM7CEspQQhpIRkSGB+GyYMvOFNi2mkrz+mJbSUeb75uiZq3myJqHiQOKpwHe
OGJiVBD4Ce8pv3PvR9bFZwgOV2t1XTDOeyUcmh8C07SblwI6iM/vi/nWw7B9VUEH
X2EB/3/TuhKgJHtYpFZdi1mlRrt+6YYgDmbFVUyjojZhOONlVagwq2vaX0ep6yI4
FOQo4kpCG10yse4JxUS0Unv6hk7ShfLe/Kb9lOJvPSZM5dCutWTQrRO05gTyFaev
orMZou9lsXYDTzpFAICE2ZhCcySvYLqvPkkCoabiECMlJE2Ra/rsHiuQEcSNjG8E
A8EqJhElt+W8mvTkofG5yL3oguD6yg4Qf0luKOl0bEcZyBXDbK4nHtHAwcBNoR5X
zNfrikCyo7jPX3JGH3F8wYE9vc04SO+YEkvcyZcLTOUBiDIpZgC4r3IOyBDgzv1K
KDIBNpFCBL0Z
=794G
-----END PGP SIGNATURE-----
Merge tag 'debian/4.19.37-5+deb10u1' into buster
Release linux (4.19.37-5+deb10u1).
2019-07-20 23:07:45 +02:00
1e1ff4ce9c
binder: fix race between munmap() and direct reclaim (CVE-2019-1999)
2019-07-20 18:36:49 +02:00
091f76e86d
nfc: Ensure presence of required attributes in the deactivate_target handler (CVE-2019-12984)
2019-07-20 18:21:14 +02:00
fbe4322901
[powerpc*] mm/64s/hash: Reallocate context ids on fork (CVE-2019-12817)
2019-07-20 17:17:59 +02:00
7e902dbcd3
[x86] x86/insn-eval: Fix use-after-free access to LDT entry (CVE-2019-13233)
2019-07-20 17:17:43 +02:00
aa3c23fe0e
Release linux (4.19.37-5+deb10u1).
...
-----BEGIN PGP SIGNATURE-----
iQKmBAABCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl0xhh1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E8nEP/iF7NUo1hvYNR/ueapgtpnMaHh/OeiGp
x5/4RQW9Lo+Y8djiJWr9Kh7DVT7zp2k6OOb6o2qypgpEpFGGZAf02E3kheTJMhJz
XxDHyGRflQpXDsEbPCcWCXvJjH/7puV/GWATPYo9qE/hs9rBAiFsOlOTqWSJf8Yd
rVxjRRXe9/qRcOV4OJyiuL2GbeL7eO3TqTEl1NVSNP4V1RjYFFy/CUelWAcGzUOI
tkk+NM7CEspQQhpIRkSGB+GyYMvOFNi2mkrz+mJbSUeb75uiZq3myJqHiQOKpwHe
OGJiVBD4Ce8pv3PvR9bFZwgOV2t1XTDOeyUcmh8C07SblwI6iM/vi/nWw7B9VUEH
X2EB/3/TuhKgJHtYpFZdi1mlRrt+6YYgDmbFVUyjojZhOONlVagwq2vaX0ep6yI4
FOQo4kpCG10yse4JxUS0Unv6hk7ShfLe/Kb9lOJvPSZM5dCutWTQrRO05gTyFaev
orMZou9lsXYDTzpFAICE2ZhCcySvYLqvPkkCoabiECMlJE2Ra/rsHiuQEcSNjG8E
A8EqJhElt+W8mvTkofG5yL3oguD6yg4Qf0luKOl0bEcZyBXDbK4nHtHAwcBNoR5X
zNfrikCyo7jPX3JGH3F8wYE9vc04SO+YEkvcyZcLTOUBiDIpZgC4r3IOyBDgzv1K
KDIBNpFCBL0Z
=794G
-----END PGP SIGNATURE-----
Merge tag 'debian/4.19.37-5+deb10u1' into buster-security
Release linux (4.19.37-5+deb10u1).
2019-07-19 11:15:23 +02:00
786d73da80
Prepare to release linux (4.19.37-5+deb10u1).
2019-07-19 10:46:02 +02:00
c6f3814dc4
ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME (CVE-2019-13272)
2019-07-19 10:45:11 +02:00
faee94d2ad
[armhf] Add support for all i.MX6 variants.
2019-07-16 16:48:34 +02:00
c342a968c4
[sh4]: Check for kprobe trap number before trying to handle a kprobe trap
2019-06-23 18:59:55 +02:00
e2cc6dfed3
debian/changelog: Clean up entry for Huawei TaiShan support
2019-06-23 17:27:59 +01:00
c01ce3da12
Merge branch '93sam/linux-huawei-taishan-support' into sid
...
[arm64] Improve support for the Huawei TaiShan server platform
See merge request kernel-team/linux!151
2019-06-23 17:19:03 +01:00
eb5241a213
tcp: refine memory limit test in tcp_fragment()
...
Closes : #930904
2019-06-23 16:15:34 +02:00
2c3b28ea8f
[arm64] Improve support for the Huawei TaiShan server platform
...
Closes : #930554
Enable the HNS/ROCE Infiniband driver
Backport fixes from 4.20 and 4.21 for HNS3 networking, hisi_sas SAS
and HNS/ROCE Infiniband
Signed-off-by: Steve McIntyre <93sam@debian.org>
2019-06-23 10:58:07 +01:00
8fb3f0b24d
Prepare to release linux (4.19.37-5).
2019-06-19 23:16:58 +01:00
e60e81ccd9
debian/changelog: Wrap a >80-character line
2019-06-19 23:16:33 +01:00
0a8cb2b316
Add ABI reference for 4.19.0-5
...
This is based on version 4.19.37-1 and 4.19.37-3, which are
consistent except for the addition of two symbols related to the
MDS mitigation on x86.
2019-06-19 23:16:32 +01:00
ac648cc5be
debian/changelog: Record ABI fix that did *not* make it into 4.19.37-4
...
Thought I'd built with the ABI fix, but didn't. And there was
no ABI reference to catch this. :-(
2019-06-19 23:16:25 +01:00
d2962338d6
[sparc64] Fix device naming inconsistency between sunhv_console and sunhv_reg ( Closes : #926539 )
2019-06-19 16:30:43 +02:00
2536e21256
Prepare to release linux (4.19.37-4).
2019-06-17 20:00:30 +01:00
afceeb64fe
debian/changelog: List changes in 4.19.37-rt20
2019-06-17 20:00:14 +01:00
1e253edaa7
Add TCP DoS fixes
2019-06-17 19:46:08 +01:00
4ea468554d
mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (CVE-2019-10126)
2019-06-17 19:32:38 +01:00
e5664e23f5
mm/mincore.c: make mincore() more conservative (CVE-2019-5489)
2019-06-17 19:29:35 +01:00
1894e89399
mwifiex: Don't abort on small, spec-compliant vendor IEs
2019-06-17 19:29:14 +01:00
70b1e1a8fa
mwifiex: Abort at too short BSS descriptor element
2019-06-17 19:25:01 +01:00
54fa813858
mwifiex: Fix possible buffer overflows at parsing bss descriptor (CVE-2019-3846)
2019-06-17 19:24:10 +01:00
cc59373e08
[arm64] udeb: fb-modules: Include rockchipdrm, panel-simple, pwm_bl, pwm-cros-ec
...
Some ChromeOS devices need these for the display.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
2019-06-10 18:50:46 +03:00
c8cdb80b66
[arm64] udeb: mmc-modules: Include phy-rockchip-emmc
...
Needed for internal storage on some ChromeOS devices.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
2019-06-10 18:50:46 +03:00
cb05f8d52a
[arm64] udeb: usb-modules: Include phy-rockchip-typec, extcon-usbc-cros-ec
...
On Samsung Chromebook Plus (v1) trying to boot from a rootfs on a USB
storage device without these modules in the initramfs, it drops to an
initramfs shell with a non-working display. For the d-i netboot image,
the screen doesn't turn on, but the installer menu works.
A recent change to initramfs-tools includes extcon-usbc-cros-ec, so
include that and a relevant PHY module here as well.
Relevant:
https://salsa.debian.org/kernel-team/initramfs-tools/commit/994d698a
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
2019-06-10 18:50:45 +03:00
3c9e2d8dee
[arm64] udeb: kernel-image: Include phy-rockchip-pcie
...
On some ChromeOS devices, this is required to connect to a wireless
network via mwifiex_pcie.
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
2019-06-10 18:50:45 +03:00
b68c83d156
[arm64] udeb: kernel-image: Include cros_ec_spi and SPI drivers
...
The cros_ec multifunction device provides the keyboard services on some
ChromeOS devices, but requires a bus to be enabled to communicate with
it. On Samsung Chromebook Plus (v1), including spi-rockchip and
cros_ec_spi are enough. A recent change in initramfs-tools included all
SPI drivers, so include them here as well.
Relevant:
https://salsa.debian.org/kernel-team/initramfs-tools/commit/797e5fed
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
2019-06-10 18:50:45 +03:00
0114d125ba
udeb: input-modules: Include all keyboard driver modules
...
Some important modules like cros_ec_keyb are in input/keyboard. A recent
change in initramfs-tools also includes them, so include them here too.
Relevant:
https://salsa.debian.org/kernel-team/initramfs-tools/commit/40f66474
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
2019-06-10 18:50:45 +03:00
d7374fce1e
Merge branch 'sparc64-sid' into 'sid'
...
[sparc64] udeb: Disable suffix for kernel-image
See merge request kernel-team/linux!147
2019-06-09 23:28:08 +00:00
cbcfb20ce0
[mips] Correctly bounds check virt_addr_valid ( Closes : #929366 )
2019-06-09 00:06:52 +02:00
3b44df1499
Bluetooth: hidp: fix buffer overflow (CVE-2019-11884)
2019-06-07 15:25:30 +02:00
8910626bca
ext4: zero out the unused memory region in the extent tree block (CVE-2019-11833)
2019-06-07 14:53:07 +02:00
23527ae20b
brcmfmac: add subtype check for event handling in data path (CVE-2019-9503)
2019-06-07 14:49:05 +02:00
8970aaa563
brcmfmac: assure SSID length from firmware is limited (CVE-2019-9500)
2019-06-07 14:43:58 +02:00
c11ba60cce
[rt] Update to 4.19.37-rt20
2019-05-29 21:49:30 +02:00
92a96d298e
[x86] lockdown,sysrq: Enable ALLOW_LOCKDOWN_LIFT_BY_SYSRQ ( Closes : #929583 )
2019-05-26 18:13:59 +01:00
db249f2b52
[sparc64] udeb: Disable suffix for kernel-image
2019-05-21 14:29:31 +02:00
a8c3d89c71
README.source: Document the various makefiles and use of out-of-tree builds
2019-05-19 15:05:10 +01:00
a96bd61a2e
libbpf: Build out-of-tree
2019-05-19 14:49:48 +01:00
9b28931859
libbpf: Use only 2 components in soversion, matching package name
...
Debian policy says the package name must change when the soname
changes. We don't expect the ABI to change in a stable update,
so use only 2 components in both.
2019-05-19 14:48:13 +01:00
a6879552b5
Drop unnecessary changes from "libbpf: add SONAME to shared object"
...
It's not necessary to delete the definitions of the variables that
become unused. Nor is it necessary to move the definition of
LIBBPF_VERSION before LIB_FILES, because the latter is defined
as recursively expanded (i.e. its variable references are not
immediately expanded).
This makes the actual change we're making clearer, and should
reduce the future work to maintain this patch.
2019-05-19 14:36:25 +01:00
9329ccdf87
[powerpc*] 64s: Include cpu header (fixes FTBFS)
2019-05-15 23:07:44 +01:00
85eddd4dd2
Prepare to release linux (4.19.37-2).
2019-05-14 17:34:46 +01:00
4abc99e835
[x86] linux-cpupower: Update CPPFLAGS for change in <asm/msr-index.h>
2019-05-14 17:34:29 +01:00
1565dc00f4
[x86] Mitigate Microarchitectural Data Sampling (MDS) vulnerabilities
...
Together with a microcode update, this mitigates CVE-2018-12126,
CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091.
2019-05-10 12:03:12 +01:00
98cbc347d3
debian/bin: Fix Python static checker regressions ( Closes : #928618 )
2019-05-07 21:04:05 +01:00
5ece558b8d
Prepare to release linux (4.19.37-1).
2019-05-05 19:32:32 +01:00
ece5b4e4cd
mm,fs: Prevent page refcount overflow (CVE-2019-11487)
2019-05-05 15:44:05 +01:00
83f5e0f1ef
tracing: Fix buffer_ref pipe ops
...
This is preparation for fixing CVE-2019-11487.
2019-05-05 15:42:32 +01:00
4f3fa1e296
aio: Apply fixes from 4.19.38 (CVE-2019-10125)
2019-05-05 15:41:31 +01:00
55a23e404a
[amd64,arm64] vfio/type1: Limit DMA mappings per container (CVE-2019-3882)
2019-05-05 16:06:15 +02:00
2c62d20848
MODSIGN: Make shash allocation failure fatal
2019-05-05 13:47:00 +01:00
06cccfd2c3
Merge branch 'bluca/linux-mod_db' into sid
...
Add patches to enable loading db and MOK keys
See merge request kernel-team/linux!139
2019-05-05 13:16:03 +01:00
95f09d9f29
Merge branch 'sid' of salsa.debian.org:kernel-team/linux into sid
2019-05-05 13:15:29 +01:00
319a580681
Add Debian bug closer for #928457
2019-05-05 10:25:26 +02:00
5be0740b91
Add changelog entry for "gencontrol_signed.py: Sort list of modules..."
2019-05-04 18:39:31 -07:00
f79da03296
drivers/firmware/google: Adjust configuration for 4.19
2019-05-04 22:40:59 +01:00
88cad5a2fb
Merge branch 'sid' into 'sid'
...
[arm64] Enable configs for Samsung Chromebook Plus (v1) and other rk3399-gru based devices
See merge request kernel-team/linux!142
2019-05-04 21:34:02 +00:00
643cc8a41c
Add patches to enable loading dbx and MOKX blacklists
...
Import patches from:
https://lore.kernel.org/patchwork/cover/933178/
that allow to also load dbx and MOKX as blacklists for modules.
These patches also disable loading MOK/MOKX when secure boot is
not enabled, as the variables will not be safe, and to check the
variables attributes before accepting them.
2019-05-02 23:04:18 +01:00
188df85f5b
Add patches to enable loading db and MOK keys
...
Import patches from:
http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-uefi
that enable a new option that automatically loads keys from db
and MOK into the secondary keyring, so that they can be used to
verify the signature of kernel modules. Enable the required KCONFIGs.
Allows users to self-sign modules (eg: dkms).
2019-05-02 22:59:42 +01:00
40e420be45
[armhf] Disable MVNETA_BM_ENABLE again
2019-05-02 22:13:54 +02:00
ecc794295f
Remove annotation for one REJECTed CVE
...
Gbp-Dch: Ignore
2019-05-01 20:46:07 +02:00
b64a303c60
[arm64] Enable configs for Samsung Chromebook Plus (v1) and other rk3399-gru based devices
...
Signed-off-by: Alper Nebi Yasak <alpernebiyasak@gmail.com>
2019-05-01 17:40:56 +03:00
ca91c5f5f3
Note that upstream change closes #925496
2019-05-01 14:18:46 +01:00
0eb7489dad
Enable coreboot memconsole ( Closes : #872069 )
...
With this option enabled, the kernel will be able to retrieve firmware
logs by looking in the coreboot table. This can be accessed from
userspace via the sysfs file /sys/firmware/log.
2019-04-30 16:54:11 +02:00
82f685da41
[sparc64] linux-image: Install uncompressed kernel image
...
Requested by John Paul Adrian Glaubitz, with the explanation:
> GRUB doesn't really support compressed kernels with OpenFirmware, at
> least on SPARC. It used to work with 2.02+patches but it doesn't
> work with GRUB 2.04~rc1 and upstream said that it's not really
> supported.
2019-04-30 15:49:46 +01:00
fd064d4e63
[rt] Update to 4.19.37-rt19
2019-04-30 14:46:18 +02:00
e6b7661450
Replace CVE id for CVE-2019-11599
...
Originally CVE-2019-3892 appeared which was REJECTED as reservation
duplicate of CVE-2019-11599.
Gbp-Dch: Ignore
2019-04-30 10:37:56 +02:00
c72c0fff0a
[x86] platform: Enable INTEL_ATOMISP2_PM as module
2019-04-28 18:57:27 +01:00
7ebc9f9504
Update to 4.19.37
...
* Refresh/drop patches as appropriate
2019-04-28 18:55:53 +01:00
ad494c2131
tty: mark Siemens R3964 line discipline as BROKEN (CVE-2019-11486)
2019-04-26 16:11:56 +02:00
859ec5f504
[x86] Disable R3964 due to lack of security support
2019-04-26 16:08:19 +02:00
1c6240e692
inotify: Fix fsnotify_mark refcount leak in inotify_update_existing_watch() (CVE-2019-9857)
2019-04-26 14:54:14 +02:00
cda3581467
ntfs: Mark it as broken, and add CVE IDs that are being closed
2019-04-25 15:35:56 +01:00
becaca2c80
ntfs: Disable NTFS_FS due to lack of upstream security support
2019-04-25 15:27:49 +01:00
81f14e4fc0
udeb: Drop unused ntfs-modules packages
...
The installer uses ntfs-3g-udeb instead.
2019-04-25 15:27:49 +01:00
223d2f61ad
[mips] Fix indirect syscall tracing & seccomp filtering for big endian MIPS64 kernels with 32-bit userland.
2019-04-23 19:35:04 +02:00
8f20d53908
[armel/marvell,sh4] linux-image: Recommend apparmor, like all other configs
...
The "recommends" field set in the [image] section for these
configurations overrode the field at the top level. We want
gencontrol.py to concatenate the relations in this section at all
levels.
The ConfigCore.get_merge method supports doing this, but only with
list fields So we need to specify in the config schema that these
fields are comma-separated lists.
2019-04-22 00:30:48 +01:00
967b7d1987
linux-source: Recommend bison and flex, always needed to build the kernel
2019-04-21 23:59:50 +01:00
e6231a29a7
[i386] Add grub-efi-ia32 as an alternate recommended bootloader
2019-04-21 23:56:35 +01:00
25aadd8f22
[powerpc,ppc64,ppc64el] linux-image: Recommend grub-ieee1275
2019-04-21 23:56:01 +01:00
a828d99124
[sparc64] linux-image: Recommend grub-ieee1275 instead of (removed) silo
2019-04-21 23:55:01 +01:00
fb4777ce47
lockdown: Refer to Debian wiki until manual page exists
2019-04-21 00:22:20 +01:00
7c8c3551e1
udeb: Add all HWRNG drivers to kernel-image (see #923675 )
...
The installer will soon start using haveged to provide entropy if
needed, but an HWRNG is probably still preferable.
2019-04-21 00:09:41 +01:00
693aafefbb
[armel/marvell] Disable HW_RANDOM as no HWRNG drivers are usable here
...
We were building the omap-rng driver, because the same block is used
on some recent Marvell chips and HW_RANDOM_OMAP is enabled by default
if ARCH_MVEBU is enabled.
We were also building virtio-rng, but there isn't (so far as I know)
any publicly available emulation of the ARMv5 Marvell chips.
As we're about to include HWRNG drivers to the installer, disable the
whole subsystem for armel/marvell to avoid adding useless drivers.
2019-04-20 23:35:33 +01:00
ea0d63df90
[ia64] linux-image: Recommend grub-efi-ia64 instead of (removed) elilo
2019-04-20 23:04:54 +01:00
2dff862341
ACPICA: Namespace: remove address node from global list after method termination
2019-04-19 21:06:18 +02:00
c854151c38
[riscv64] linux-image-dbg: Include vdso debug symbols
2019-04-18 00:55:26 +01:00
90f48698a0
Fix typo: architecures -> architectures
...
Thanks: Cyril Brulebois
Gbp-Dch: Ignore
2019-04-15 21:05:02 +02:00
4eef18f8b7
xen/pciback: Don't disable PCI_COMMAND on PCI device reset. (CVE-2015-8553)
2019-04-14 22:39:31 +02:00
c4517a7e99
Don't longer recommend irqbalance
2019-04-13 08:32:35 +02:00
f73d6fa21b
Add bug closer for #923723
...
Gbp-Dch: Ignore
2019-04-12 23:39:23 +02:00
c859bfa672
Add bug closer for #919290
...
Gbp-Dch: Ignore
2019-04-12 23:29:37 +02:00
dde049bffb
Fix brackets for arch markes
...
Gbp-Dch: Ignore
2019-04-12 09:47:27 +02:00
5a39ad2910
Generate and install libbpf.pc
...
Backport patch from bpf-next and install libbpf.pc in libbpf-dev
2019-04-11 23:15:22 +01:00
1acfe734b7
Merge branch 'sf/linux-sid' into sid
...
Enable SND_SOC_SPDIF on armmp-lpae
See merge request kernel-team/linux!137
2019-04-09 01:19:39 +01:00
5ee30838da
re-eanble JUMP_LABEL for mips r6
...
[bwh: Cherry-picked onto the sid branch]
2019-04-09 01:07:11 +01:00
502148bb02
[armhf,arm64[ Revert "net: stmmac: Send TSO packets always from Queue 0"
2019-04-09 01:05:01 +01:00
a0366b7dd1
[rt] Update to 4.19.31-rt18
2019-04-09 00:53:38 +01:00
6fa9d66378
[rt] Add new signing subkey for Steven Rostedt
2019-04-09 00:47:01 +01:00
7935c22e07
Bump ABI to 5
...
There are too many ABI changes for me to cope with.
2019-04-09 00:33:21 +01:00
821ec1b181
Update to 4.19.34
...
* Drop/refresh patches as appropriate
2019-04-09 00:27:06 +01:00
5862c7e202
Enable SND_SOC_SPDIF on armmp-lpae
...
Needed for Cubietruck
2019-04-07 09:53:33 +02:00
6039118f59
[powerpc*] vdso: Make vdso32 installation conditional in vdso_install
...
Closes : #785065
This finally removes the need for the ppc64el compiler to support
32-bit code generation, and removes a useless file from debug
packages on ppc64el.
2019-03-22 04:28:49 +00:00
e3c916c6d7
debian/bin/abiupdate.py: Change default URLs to use https: scheme
...
Since we don't use the Release and Packages files to verify the
packages we download, it's worth using TLS to reduce the risk of
a man-in-the-middle corrupting them.
ftp.ports.debian.org and security.debian.org don't support TLS
in general, so use deb.debian.org for the ports and security
archives.
2019-03-18 23:11:23 +00:00
0e10941761
debian/bin/abiupdate.py: Automatically select the correct archive to fetch from
...
If the changelog distribution is *-security, fetch from the security
archive. Otherwise, try the main archive, ports, incoming, and
incoming.ports in that order.
2019-03-18 22:53:16 +00:00
926120d62f
Prepare to release linux (4.19.28-2).
2019-03-15 02:16:04 +00:00
88d725750b
Merge remote-tracking branch 'salsa/sid' into sid
2019-03-15 01:45:58 +00:00
44f134c2b9
Merge branch 'include-signing-cert' of salsa.debian.org:corsac/linux into sid
...
certs: include both root CA and direct signing certificate
See merge request kernel-team/linux!135
2019-03-14 21:26:12 +00:00
fb17e155b9
[arm64,armhf] Drop PHY_ROCKCHIP_INNO_HDMI, not available till linux
...
v4.20.
2019-03-14 13:32:38 -07:00
73f7977c15
[arm64,armhf] Enable PHY_ROCKCHIP_INNO_HDMI as built-ins, not
...
available as modules.
2019-03-14 13:10:29 -07:00
0664e4e069
Merge branch 'sid' of salsa.debian.org:kernel-team/linux into sid
2019-03-14 17:53:52 +00:00
0b67903203
[ppc64el] Disable PCMCIA (fixes FTBFS)
...
It appears to be technically possible to use PCMCIA cards on POWER8/9
systems through a PCI Express to PCI adapter and a PCI to
PCMCIA/CardBus adapter. But I can't believe anyone would want to.
So rather than adding a pcmcia-modules package or excluding the
drivers from udebs, disable PCMCIA altogether.
2019-03-14 17:49:45 +00:00
ae178b6c72
udeb: Make serial_cs optional in serial-modules
...
The next commit will stop building PCMCIA drivers on ppc64el.
2019-03-14 17:48:52 +00:00
af53d158a0
certs: include both root CA and direct signing certificate. closes : #924545
...
Module loading needs the issuer certificate to validate the signature,
and that certificate is not embedded in the signature itself.
For now embed both the signing certificate and the root CA.
2019-03-14 14:16:50 +01:00
2f067b01ec
[arm64] Enable MESON_EFUSE as a module.
2019-03-13 23:50:41 -07:00
32b309d27c
[arm64] Enable I2C_GPIO as a module.
2019-03-13 23:50:03 -07:00
22dd68875f
[arm64,armhf] Enable PHY_ROCKCHIP_INNO_HDMI as modules.
2019-03-13 23:49:26 -07:00
7adaffb5a6
[arm64] Enable DRM_SUN4I and DRM_SUN8I_DW_HDMI as modules.
2019-03-13 23:48:44 -07:00
20351317dd
[x86] Drop fix for #865303 , which no longer affects Debian's OpenJDK
...
This workaround is no longer needed for Debian's OpenJDK packages:
* OpenJDK 7 is unfixed (bug #876068 ) but is not present in stretch or
later suites
* OpenJDK 8 was fixed in unstable (bug #876051 ) and the fix was then
included in a stretch security update
* OpenJDK 9 and later were fixed (bug #876069 )
The workaround was never applied upstream and it also doesn't seem
like a good idea to have a Debian-specific VM quirk that weakens the
defence against Stack Clash. Therefore drop it now rather than
including it in another release.
2019-03-13 18:37:35 +00:00
7064a34f6e
[x86,alpha,m68k] binfmt: Disable BINFMT_AOUT, IA32_AOUT, OSF4_COMPAT
...
a.out support is now untested and occasionally results in security
bugs, and will be deprecated upstream (depends on BROKEN) for x86 in
5.1. Disable it completely.
See:
https://lore.kernel.org/lkml/CAG48ez1RVd5mQ_Pb6eygQESaZhpQz765OAZYSoPE0kPqfZEXQg@mail.gmail.com/
https://lore.kernel.org/lkml/20190305145717.GD8256@zn.tnic/
2019-03-13 18:31:13 +00:00
4895e487e1
Prepare to release linux (4.19.28-1).
2019-03-12 05:06:28 +00:00
fb875ddeb6
Bump ABI to 4
2019-03-10 23:34:30 +00:00
4454021eb3
debian/bin/gencontrol_signed.py: Put all files.json fields under "packages"
...
Follow the schema change made in
3a07a08a82
2019-03-10 22:46:07 +00:00
16e5e055ca
certs: Replace test signing certificate with production signing certificate
2019-03-10 22:28:08 +00:00
8a42d3ccb9
debian/changelog: Note upstream change closing bugs #913119 , #913138 .
2019-03-10 15:21:11 -07:00
3f14005d42
Merge branch 'sid' into 'sid'
...
MIPS related backports to 4.19
See merge request kernel-team/linux!131
2019-03-10 21:57:55 +00:00
224fd4bf26
debian/changelog: Note upstream change closing bug #921542
2019-03-10 21:49:26 +00:00
340ed90d8e
Update to 4.19.28
2019-03-10 16:57:21 +01:00
22610f2634
exec: Fix mem leak in kernel_read_file (CVE-2019-8980)
2019-03-10 09:00:43 +01:00
531357e266
debian/changelog: Only close #922182 once
2019-03-07 21:47:35 +00:00
3ebd4206bf
debian/changelog: Clean up 4.19.27 changes
...
* "svm" is AMD's virtualisation interface for x86 only
* We don't support the MIPS BCM63xx platform
2019-03-07 21:43:35 +00:00
e702b1ae75
debian/changelog: Added accidentaly removed entries and Closes #922182
2019-03-06 18:56:59 +01:00
a53ae83b62
Add CVE id reference for CVE-2019-9213
...
Gbp-Dch: Ignore
2019-03-06 17:33:45 +01:00
8864787e64
Update to 4.19.27
2019-03-06 16:38:16 +01:00
2357044444
[mipsel/mips64el] Backport loongson workarounds
...
MIPS: Loongson: Introduce and use loongson_llsc_mb()
2019-03-06 21:15:23 +08:00
40b0b77497
Enable some boston drivers
...
IMG_ASCII_LCD, I2C_EG20T, PCH_PHUB, MMC, PCIE_XILINX,
RTC_DRV_M41T80, SPI_TOPCLIFF_PCH
2019-03-06 21:15:22 +08:00
5ba611e17d
[mips r6] CPU and ASE related modify
...
Enable CPU_HAS_MSA, HIGHMEM, CRYPTO_CRC32_MIPS.
Set NR_CPUS to 16.
2019-03-06 21:15:22 +08:00
b710f665ba
[mips r6] enable SERIAL_OF_PLATFORM
...
If serial of platform is not enabled, userland shows nothing on console.
2019-03-06 21:15:22 +08:00
cf0de8585e
[mips r6]disable JUMP_LABLE: cause Reservered Instruction
2019-03-06 21:15:22 +08:00
df5732713c
Merge branch 'sid-cleanup-arm64-di' into 'sid'
...
Sid cleanup arm64 di
See merge request kernel-team/linux!130
2019-03-05 20:43:58 +00:00
c2a762a435
Merge branch 'rperier-guest/linux-armel_rpi' into sid
...
[armel/rpi] Add flavour for Raspberry Pi and Raspberry Pi Zero
See merge request kernel-team/linux!117
2019-03-05 20:39:14 +00:00
12c2125853
debian/changelog: Add missing architecture qualifications
2019-03-05 20:31:24 +00:00
Romain Perier
Romain Perier
Salvatore Bonaccorso
Uwe Kleine-König
John Paul Adrian Glaubitz
Ben Hutchings
Steve McIntyre
Alper Nebi Yasak
Aurelien Jarno
Vagrant Cascadian
Luca Boccassi
Bastian Blank
YunQiang Su
Stefan Fritsch
Yves-Alexis Perez