Ben Hutchings
c3649501d0
Prepare to release linux (4.19.67-2+deb10u2).
2019-11-11 00:30:56 +00:00
Ben Hutchings
9a2df80e9d
Drop "x86/cpu: Add Tremont to the cpu vulnerability whitelist"
...
We don't have this CPU ID, and I don't see the point in adding it
right now.
2019-11-11 00:29:38 +00:00
Ben Hutchings
6d8b0092bb
[x86] drm/i915/cmdparser: Fix jump whitelist clearing
...
Fix a flaw I found in the mitigation for CVE-2019-0155.
2019-11-10 22:41:41 +00:00
Ben Hutchings
feec1caa94
[x86] i915: Add mitigations for two hardware security flaws
2019-11-10 02:53:32 +00:00
Ben Hutchings
c2443a2e97
[x86] Update TAA and NX fixes to pending stable backports
2019-11-09 20:17:15 +00:00
Salvatore Bonaccorso
be004c1b69
x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs
2019-11-08 00:14:38 +01:00
Ben Hutchings
37baed7166
[x86] Update TAA (Borislav v2) and NX (v9) fixes
...
The upstream commits for these are now finalised, so we shouldn't need
to replace patches after this (but might need to add more).
2019-11-07 18:10:48 +00:00
Salvatore Bonaccorso
cd92ab49c4
KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active
2019-11-07 17:32:14 +01:00
Ben Hutchings
537ad2315a
[x86] Update TAA patch set to v7
2019-10-24 22:52:37 +01:00
Ben Hutchings
b2cc5e7f74
[x86] Update NX patch set to v7
2019-10-24 22:48:50 +01:00
Ben Hutchings
96c0e74c50
[x86] Add mitigation for TSX Asynchronous Abort (CVE-2019-11135)
...
This is a backport of v6 of the TAA patch set, and will probably
require updates before release. The subject lines for these patches
didn't come through.
2019-10-20 14:51:55 +01:00
Ben Hutchings
d9bd594144
[x86] KVM: Add mitigation for Machine Check Error on Page Size Change
...
(aka iTLB multi-hit, CVE-2018-12207)
This is a backport of v6 of the "NX" patch set, and will probably
require updates before release.
2019-10-20 14:46:13 +01:00
Ben Hutchings
9aee5ae400
debian/patches/series: Apply security fixes last (except ABI maintenance)
...
The security fixes are where we have the greatest churn, so it's
convenient if they can be pushed/popped without having to go through
other patches.
2019-10-20 14:37:29 +01:00
Salvatore Bonaccorso
f13b3cd992
Prepare to release linux (4.19.67-2+deb10u1).
2019-09-20 12:51:56 +02:00
Salvatore Bonaccorso
942d6ddd3f
KVM: coalesced_mmio: add bounds checking (CVE-2019-14821)
2019-09-19 17:16:06 +02:00
Salvatore Bonaccorso
c0096a08f9
[x86] ptrace: fix up botched merge of spectrev1 fix (CVE-2019-15902)
2019-09-18 21:35:01 +02:00
Salvatore Bonaccorso
78f0b2574a
vhost: make sure log_num < in_num (CVE-2019-14835)
2019-09-13 06:12:11 +02:00
Romain Perier
782d6ea880
ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term
...
(CVE-2019-15118)
2019-09-12 22:40:43 +02:00
Romain Perier
aa8fb19232
ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit
...
(CVE-2019-15117)
[carnil: Use 4.19.67-2+deb10u1 version for buster-security branch]
2019-09-12 22:40:21 +02:00
Salvatore Bonaccorso
ff672b98a7
Prepare to release linux (4.19.67-2).
2019-08-28 06:20:22 +02:00
Salvatore Bonaccorso
e10bab8d2e
Reference assigned CVE id for CVE-2019-15538
...
Gbp-Dch: Ignore
2019-08-25 17:31:05 +02:00
Salvatore Bonaccorso
4bdf2132ff
Add ABI reference for 4.19.0-6 (for remaining architectures)
...
Gbp-Dch: Ignore
2019-08-24 21:07:35 +02:00
Salvatore Bonaccorso
a065e442e2
xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT
2019-08-24 20:51:54 +02:00
Ben Hutchings
c16e2b46f8
Merge branch 'buster-raspberry-pi-cm3' into 'buster'
...
buster: Raspberry Pi CM3 support
See merge request kernel-team/linux!169
2019-08-22 21:14:33 +00:00
Cyril Brulebois
1b40f700ac
[arm64] Backport DTB support for Rasperry Pi Compute Module 3.
...
Tested-by: Charles Fendt <charles.fendt@me.com>
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
(cherry picked from commit de7501857cae4892f52d8c56c2184be548709052)
2019-08-22 21:16:10 +02:00
Cyril Brulebois
10dd2b634c
[arm] Backport DTB support for Rasperry Pi Compute Module 3.
...
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
(cherry picked from commit 64801af590540b4494f408b95a31fbe07963784d)
2019-08-22 21:16:10 +02:00
Ben Hutchings
57f74f6573
netfilter: conntrack: Use consistent ct id hash calculation
...
This fixes a regression in 4.19.44.
2019-08-22 20:04:20 +01:00
Ben Hutchings
00ee7f7173
[ppc64el] Avoid ABI change for disabling TM
...
Ignore removal of TM functions that are exported for use by KVM.
2019-08-22 20:03:54 +01:00
Ben Hutchings
019113b013
[ppc64el] Disable PPC_TRANSACTIONAL_MEM ( Closes : #866122 )
2019-08-22 20:03:19 +01:00
Ben Hutchings
7ee3696c10
KVM: Ignore ABI changes
...
We already ignored most of them, but missed some. Group together
all the KVM patterns in debian/config/defines.
2019-08-22 20:02:52 +01:00
Ben Hutchings
4bd63c744d
Add ABI reference for 4.19.0-6 (only a few architectures)
2019-08-22 19:21:52 +01:00
Ben Hutchings
eaab250914
Merge remote-tracking branch 'salsa/buster' into buster
...
Since I've already uploaded 4.19.67-1, open a new changelog entry for
Salvatore's change.
2019-08-21 23:39:23 +01:00
Salvatore Bonaccorso
9bf2130b62
dm: disable DISCARD if the underlying storage no longer supports it
...
Closes : #934331
2019-08-21 21:41:04 +02:00
Salvatore Bonaccorso
8d3b3b09b9
Add CVE id for CVE-2019-15215
2019-08-21 21:30:17 +02:00
Salvatore Bonaccorso
2de12d5f21
Add CVE id for CVE-2019-15211
2019-08-21 21:29:45 +02:00
Salvatore Bonaccorso
71253bf604
Add CVE id for CVE-2019-15220
2019-08-21 21:28:17 +02:00
Salvatore Bonaccorso
d5720146ae
Add CVE id for CVE-2019-15221
2019-08-21 21:27:23 +02:00
Salvatore Bonaccorso
37487d12f3
Add CVE id for CVE-2019-15223
2019-08-21 21:24:47 +02:00
Salvatore Bonaccorso
0cde12d3b1
Add CVE id for CVE-2019-15219
2019-08-21 21:24:12 +02:00
Salvatore Bonaccorso
92583c3bcb
Add CVE id for CVE-2019-15218
2019-08-21 21:23:39 +02:00
Salvatore Bonaccorso
4d54b8bb16
Add CVE id for CVE-2019-15212
2019-08-21 21:22:59 +02:00
Salvatore Bonaccorso
8e8dc21337
Add CVE id reference for CVE-2019-15216
2019-08-21 21:13:31 +02:00
Ben Hutchings
889a9d1fb0
Prepare to release linux (4.19.67-1).
2019-08-21 17:44:57 +01:00
Ben Hutchings
4fc980faf5
Merge branch 'buster-wip' into 'buster'
...
Update to 4.19.67
See merge request kernel-team/linux!166
2019-08-21 16:44:07 +00:00
Ben Hutchings
f79aedcfab
Bump ABI to 6
2019-08-20 01:51:35 +01:00
Ben Hutchings
795d93f1ed
[rt] Update to 4.19.59-rt24
...
This mostly applied cleanly on 4.19.67. A few patches had 1 or 2
lines of fuzz which I've resolved.
2019-08-20 01:51:34 +01:00
Ben Hutchings
0899b0f554
Update to 4.19.67
...
* Drop patches which have been applied to 4.19-stable
* Drop "Revert "net: stmmac: Send TSO packets always from Queue 0"" in
favour of upstream fix "net: stmmac: Re-work the queue selection for
TSO packets"
* Refresh patches that became fuzzy
2019-08-20 01:51:22 +01:00
Ben Hutchings
64c3754b90
Merge branch 'buster-security' into buster
...
* Accept revert of "[sh4]: Check for kprobe trap number before trying
to handle a kprobe trap" and update debian/changelog accordingly, as
sh4 is not a release architecture
* Keep "[arm64] Improve support for the Huawei TaiShan server platform"
which was reverted on the buster-security branch
2019-08-18 19:29:59 +01:00
Ben Hutchings
92fee68e15
Prepare to release linux (4.19.37-5+deb10u2).
2019-08-08 03:02:38 +01:00
Ben Hutchings
95a59b0c5d
inet: Avoid ABI change for IP ID hash change
2019-08-08 03:01:19 +01:00