942d6ddd3f
KVM: coalesced_mmio: add bounds checking (CVE-2019-14821)
2019-09-19 17:16:06 +02:00
c0096a08f9
[x86] ptrace: fix up botched merge of spectrev1 fix (CVE-2019-15902)
2019-09-18 21:35:01 +02:00
78f0b2574a
vhost: make sure log_num < in_num (CVE-2019-14835)
2019-09-13 06:12:11 +02:00
782d6ea880
ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term
...
(CVE-2019-15118)
2019-09-12 22:40:43 +02:00
aa8fb19232
ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit
...
(CVE-2019-15117)
[carnil: Use 4.19.67-2+deb10u1 version for buster-security branch]
2019-09-12 22:40:21 +02:00
e10bab8d2e
Reference assigned CVE id for CVE-2019-15538
...
Gbp-Dch: Ignore
2019-08-25 17:31:05 +02:00
a065e442e2
xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT
2019-08-24 20:51:54 +02:00
57f74f6573
netfilter: conntrack: Use consistent ct id hash calculation
...
This fixes a regression in 4.19.44.
2019-08-22 20:04:20 +01:00
9bf2130b62
dm: disable DISCARD if the underlying storage no longer supports it
...
Closes : #934331
2019-08-21 21:41:04 +02:00
0899b0f554
Update to 4.19.67
...
* Drop patches which have been applied to 4.19-stable
* Drop "Revert "net: stmmac: Send TSO packets always from Queue 0"" in
favour of upstream fix "net: stmmac: Re-work the queue selection for
TSO packets"
* Refresh patches that became fuzzy
2019-08-20 01:51:22 +01:00
64c3754b90
Merge branch 'buster-security' into buster
...
* Accept revert of "[sh4]: Check for kprobe trap number before trying
to handle a kprobe trap" and update debian/changelog accordingly, as
sh4 is not a release architecture
* Keep "[arm64] Improve support for the Huawei TaiShan server platform"
which was reverted on the buster-security branch
2019-08-18 19:29:59 +01:00
07a6d57831
Add patchset for CVE-2019-1125
2019-08-07 08:34:30 +02:00
fc21f10317
Adjust Origin header in CVE-2019-13648 patch
...
Gbp-Dch: Ignore
2019-08-05 19:17:17 +02:00
65c2005956
[powerpc/tm] Fix oops on sigreturn on systems without TM (CVE-2019-13648)
2019-08-05 19:04:21 +02:00
3b76691d24
Bluetooth: hci_uart: check for missing tty operations (CVE-2019-10207)
2019-08-05 18:57:05 +02:00
ec64cb4c87
floppy: fix div-by-zero in setup_format_params (CVE-2019-14284)
...
This retrieves the patch from the linux-4.19.y branch and refreshes the
previous one "floppy: fix out-of-bounds read in copy_buffer", because
this is firstly "floppy: fix div-by-zero in setup_format_params" that is
applied upstream, then the one regarding out-of-bounds read in copy_buffer.
The one for CVE-2019-14283 was previously refreshed because it was not
applicable directly. Now both patches are synchronized with upstream and
applied in the same order.
2019-08-05 17:56:29 +02:00
24c58d8c20
inet: switch IP ID generator to siphash (CVE-2019-10638)
2019-07-30 11:20:38 +02:00
4962cdb584
floppy: fix out-of-bounds read in copy_buffer (CVE-2019-14283)
2019-07-30 11:14:00 +02:00
b394039686
[arm64] compat: Provide definition for COMPAT_SIGMINSTKSZ ( Closes : #904385 ).
2019-07-29 22:36:47 +02:00
8da545ad5d
rtc-s35390a: backport fix to make hwclock able to read the time
2019-07-28 21:37:15 +02:00
e890639fa7
Replace Origin reference with reachable reference
...
Gbp-Dch: Ignore
2019-07-27 14:24:32 +02:00
8cb769111f
Input: gtco - bounds check collection indent level (CVE-2019-13631)
2019-07-27 13:15:59 +02:00
167ecd4ada
scsi: libsas: fix a race condition when smp task timeout (CVE-2018-20836)
2019-07-22 14:01:45 +02:00
84b1bd80aa
Revert unwanted changes for buster-security
...
We need to be based onto 4.19.37-5+deb10u1, and only include security
related topics. Things or improvements added to 4.19.37-6 (that is
already in sid) should be removed because they should not be uploaded
to buster-security accidentaly.
2019-07-22 11:44:02 +02:00
01d9fffd29
Release linux (4.19.37-5+deb10u1).
...
-----BEGIN PGP SIGNATURE-----
iQKmBAABCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl0xhh1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E8nEP/iF7NUo1hvYNR/ueapgtpnMaHh/OeiGp
x5/4RQW9Lo+Y8djiJWr9Kh7DVT7zp2k6OOb6o2qypgpEpFGGZAf02E3kheTJMhJz
XxDHyGRflQpXDsEbPCcWCXvJjH/7puV/GWATPYo9qE/hs9rBAiFsOlOTqWSJf8Yd
rVxjRRXe9/qRcOV4OJyiuL2GbeL7eO3TqTEl1NVSNP4V1RjYFFy/CUelWAcGzUOI
tkk+NM7CEspQQhpIRkSGB+GyYMvOFNi2mkrz+mJbSUeb75uiZq3myJqHiQOKpwHe
OGJiVBD4Ce8pv3PvR9bFZwgOV2t1XTDOeyUcmh8C07SblwI6iM/vi/nWw7B9VUEH
X2EB/3/TuhKgJHtYpFZdi1mlRrt+6YYgDmbFVUyjojZhOONlVagwq2vaX0ep6yI4
FOQo4kpCG10yse4JxUS0Unv6hk7ShfLe/Kb9lOJvPSZM5dCutWTQrRO05gTyFaev
orMZou9lsXYDTzpFAICE2ZhCcySvYLqvPkkCoabiECMlJE2Ra/rsHiuQEcSNjG8E
A8EqJhElt+W8mvTkofG5yL3oguD6yg4Qf0luKOl0bEcZyBXDbK4nHtHAwcBNoR5X
zNfrikCyo7jPX3JGH3F8wYE9vc04SO+YEkvcyZcLTOUBiDIpZgC4r3IOyBDgzv1K
KDIBNpFCBL0Z
=794G
-----END PGP SIGNATURE-----
Merge tag 'debian/4.19.37-5+deb10u1' into buster
Release linux (4.19.37-5+deb10u1).
2019-07-20 23:07:45 +02:00
869c89cb6d
Use patch headers as generated by git format-patch-for-debian
2019-07-20 21:14:38 +02:00
1e1ff4ce9c
binder: fix race between munmap() and direct reclaim (CVE-2019-1999)
2019-07-20 18:36:49 +02:00
091f76e86d
nfc: Ensure presence of required attributes in the deactivate_target handler (CVE-2019-12984)
2019-07-20 18:21:14 +02:00
fbe4322901
[powerpc*] mm/64s/hash: Reallocate context ids on fork (CVE-2019-12817)
2019-07-20 17:17:59 +02:00
7e902dbcd3
[x86] x86/insn-eval: Fix use-after-free access to LDT entry (CVE-2019-13233)
2019-07-20 17:17:43 +02:00
aa3c23fe0e
Release linux (4.19.37-5+deb10u1).
...
-----BEGIN PGP SIGNATURE-----
iQKmBAABCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl0xhh1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E8nEP/iF7NUo1hvYNR/ueapgtpnMaHh/OeiGp
x5/4RQW9Lo+Y8djiJWr9Kh7DVT7zp2k6OOb6o2qypgpEpFGGZAf02E3kheTJMhJz
XxDHyGRflQpXDsEbPCcWCXvJjH/7puV/GWATPYo9qE/hs9rBAiFsOlOTqWSJf8Yd
rVxjRRXe9/qRcOV4OJyiuL2GbeL7eO3TqTEl1NVSNP4V1RjYFFy/CUelWAcGzUOI
tkk+NM7CEspQQhpIRkSGB+GyYMvOFNi2mkrz+mJbSUeb75uiZq3myJqHiQOKpwHe
OGJiVBD4Ce8pv3PvR9bFZwgOV2t1XTDOeyUcmh8C07SblwI6iM/vi/nWw7B9VUEH
X2EB/3/TuhKgJHtYpFZdi1mlRrt+6YYgDmbFVUyjojZhOONlVagwq2vaX0ep6yI4
FOQo4kpCG10yse4JxUS0Unv6hk7ShfLe/Kb9lOJvPSZM5dCutWTQrRO05gTyFaev
orMZou9lsXYDTzpFAICE2ZhCcySvYLqvPkkCoabiECMlJE2Ra/rsHiuQEcSNjG8E
A8EqJhElt+W8mvTkofG5yL3oguD6yg4Qf0luKOl0bEcZyBXDbK4nHtHAwcBNoR5X
zNfrikCyo7jPX3JGH3F8wYE9vc04SO+YEkvcyZcLTOUBiDIpZgC4r3IOyBDgzv1K
KDIBNpFCBL0Z
=794G
-----END PGP SIGNATURE-----
Merge tag 'debian/4.19.37-5+deb10u1' into buster-security
Release linux (4.19.37-5+deb10u1).
2019-07-19 11:15:23 +02:00
c6f3814dc4
ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME (CVE-2019-13272)
2019-07-19 10:45:11 +02:00
c342a968c4
[sh4]: Check for kprobe trap number before trying to handle a kprobe trap
2019-06-23 18:59:55 +02:00
c01ce3da12
Merge branch '93sam/linux-huawei-taishan-support' into sid
...
[arm64] Improve support for the Huawei TaiShan server platform
See merge request kernel-team/linux!151
2019-06-23 17:19:03 +01:00
eb5241a213
tcp: refine memory limit test in tcp_fragment()
...
Closes : #930904
2019-06-23 16:15:34 +02:00
2c3b28ea8f
[arm64] Improve support for the Huawei TaiShan server platform
...
Closes : #930554
Enable the HNS/ROCE Infiniband driver
Backport fixes from 4.20 and 4.21 for HNS3 networking, hisi_sas SAS
and HNS/ROCE Infiniband
Signed-off-by: Steve McIntyre <93sam@debian.org>
2019-06-23 10:58:07 +01:00
d2962338d6
[sparc64] Fix device naming inconsistency between sunhv_console and sunhv_reg ( Closes : #926539 )
2019-06-19 16:30:43 +02:00
1e253edaa7
Add TCP DoS fixes
2019-06-17 19:46:08 +01:00
4ea468554d
mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() (CVE-2019-10126)
2019-06-17 19:32:38 +01:00
e5664e23f5
mm/mincore.c: make mincore() more conservative (CVE-2019-5489)
2019-06-17 19:29:35 +01:00
1894e89399
mwifiex: Don't abort on small, spec-compliant vendor IEs
2019-06-17 19:29:14 +01:00
70b1e1a8fa
mwifiex: Abort at too short BSS descriptor element
2019-06-17 19:25:01 +01:00
54fa813858
mwifiex: Fix possible buffer overflows at parsing bss descriptor (CVE-2019-3846)
2019-06-17 19:24:10 +01:00
cbcfb20ce0
[mips] Correctly bounds check virt_addr_valid ( Closes : #929366 )
2019-06-09 00:06:52 +02:00
3b44df1499
Bluetooth: hidp: fix buffer overflow (CVE-2019-11884)
2019-06-07 15:25:30 +02:00
8910626bca
ext4: zero out the unused memory region in the extent tree block (CVE-2019-11833)
2019-06-07 14:53:07 +02:00
23527ae20b
brcmfmac: add subtype check for event handling in data path (CVE-2019-9503)
2019-06-07 14:49:05 +02:00
8970aaa563
brcmfmac: assure SSID length from firmware is limited (CVE-2019-9500)
2019-06-07 14:43:58 +02:00
9b28931859
libbpf: Use only 2 components in soversion, matching package name
...
Debian policy says the package name must change when the soname
changes. We don't expect the ABI to change in a stable update,
so use only 2 components in both.
2019-05-19 14:48:13 +01:00
a6879552b5
Drop unnecessary changes from "libbpf: add SONAME to shared object"
...
It's not necessary to delete the definitions of the variables that
become unused. Nor is it necessary to move the definition of
LIBBPF_VERSION before LIB_FILES, because the latter is defined
as recursively expanded (i.e. its variable references are not
immediately expanded).
This makes the actual change we're making clearer, and should
reduce the future work to maintain this patch.
2019-05-19 14:36:25 +01:00
Salvatore Bonaccorso
Romain Perier
Ben Hutchings
Romain Perier
Romain Perier
Aurelien Jarno
Uwe Kleine-König
John Paul Adrian Glaubitz
Steve McIntyre