Commit Graph

14071 Commits

Author SHA1 Message Date
Ben Hutchings cd6de28a92 Add new signing key for Sasha Levin
Sasha is now doing some stable releases.

(cherry picked from commit 82564c209edcd66efd55e121bf581f13fd9f988a)
2020-07-03 23:41:54 +02:00
Salvatore Bonaccorso 0c35cc337b nfsd: apply umask on fs without ACL support
Closes: #962254
2020-06-26 22:55:39 +02:00
Salvatore Bonaccorso 1e3e001c12 apparmor: don't try to replace stale label in ptraceme check
Closes: #963493
2020-06-26 22:04:24 +02:00
Salvatore Bonaccorso 6da8aff445 [rt] Add new signing key for Tom Zanussi 2020-06-22 14:50:01 +02:00
Salvatore Bonaccorso ec2ba4830d Release linux (4.19.118-2+deb10u1).
-----BEGIN PGP SIGNATURE-----
 
 iQKmBAABCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl7dP21fFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
 ZWJpYW4ub3JnAAoJEAVMuPMTQ89ENh0P/iBzOTwQQrbR2hhYjkf6/rOMmgt4/WRe
 SX+YZO7YC2F63Cbz0eGJLa1Y7WMQkmPvrpwoKm8HtFq16SFXp2JMRMxI6NygEGcC
 i3Z86z26ik+qLLqeSCIigfRTZfFRT6o3wIFaOUS5AKUMBIbneELk70FyyFJ5g6gs
 BSjPsL0+9L3B8eqg7NK8E4ueiX791v9wyYqpMDfG+AkL5PTuL3XY2VmSs1Vzv63I
 WUpV0Ekpdpx7+PgQkO0gJRb/wFTHZdjMn5GR247awwVD0uxecQCmMxevmw+yzmma
 S9OSeBsIEhmvRqTUMChjJsLqfF5++1ywRdoAzxnczIi3VpfIkDoFxZ569AQPQA9R
 RxGhM2QrlyzQYtAmnk6lnu5WzSNxSuesI9/Km5X+dBCAFegHMuhnwF+ti2D5WHhW
 yzt6hz1Zk7tJe4UgURRQVSAHPwK1Xg9Jlp9jGB20AKAhgIFFvALMDoYXlAbYEfhf
 s8m1u0UVdrNCW86JetfchlwSUNJOwFufTBrEnSrxLDr6qG9XWVCLO5xvIJUBjXx2
 3AxCbsYtfZOFDMCBzYzVCWACJn9Nl/Q/59j8YzDiy3xTPTpUY4g5nyonWXyRuUrB
 1tp4UCL9yQIRvhzHtp/NfecPdCCp8EkufAK3X2VOWmMUjwAT4VvxKck9fuxdixHo
 FlU/U03e8vPT
 =8WdB
 -----END PGP SIGNATURE-----

Merge tag 'debian/4.19.118-2+deb10u1' into buster

Release linux (4.19.118-2+deb10u1).
2020-06-14 10:46:38 +02:00
Salvatore Bonaccorso 0da00be7e6 ALSA: pcm: oss: Place the plugin buffer overflow checks correctly
Closes: #960493
2020-06-14 10:40:03 +02:00
Salvatore Bonaccorso 51ce7dd8b3 Prepare to release linux (4.19.118-2+deb10u1). 2020-06-07 17:42:22 +02:00
Ben Hutchings 6a8dd1c6b0 Merge branch 'buster-security' into buster-security-embargoed 2020-06-07 01:35:25 +01:00
Salvatore Bonaccorso da82e531d8 include/uapi/linux/swab.h: fix userspace breakage, use __BITS_PER_LONG for swap
Closes: #960271
(cherry picked from commit a4fb2a7b76)
2020-06-07 01:32:53 +01:00
Ben Hutchings 22423990cd Drop "KVM: VMX: Zero out *all* general purpose registers after VM-Exit"
This is not needed to fix CVE-2019-3016, and is addressing an issue
that's so far theoretical.  It also needs a further fix to avoid
causing a more serious regression (depending on the compiler
behaviour).
2020-06-07 01:17:04 +01:00
Ben Hutchings ff5ad5a3d1 propagate_one(): mnt_set_mountpoint() needs mount_lock
A similar issue to CVE-2020-12114.
2020-06-07 00:46:11 +01:00
Salvatore Bonaccorso 6e26711704 Add fixes for CVE-2019-3016
Cherry-pick 11 commits from the 4.19.118 including prerequisited to
adress CVE-2019-3016.
2020-06-06 10:35:47 +02:00
Salvatore Bonaccorso 789f116fbc mm: Fix mremap not considering huge pmd devmap (CVE-2020-10757) 2020-06-05 12:34:34 +02:00
Salvatore Bonaccorso 50bf5b3b3d kernel/relay.c: handle alloc_percpu returning NULL in relay_open (CVE-2019-19462) 2020-06-05 12:30:40 +02:00
Salvatore Bonaccorso 7fc7c96d6e fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() (CVE-2020-10732) 2020-06-03 07:42:07 +02:00
Salvatore Bonaccorso 2222852cc1 netlabel: cope with NULL catmap (CVE-2020-10711) 2020-06-02 20:27:49 +02:00
Salvatore Bonaccorso 888eb1f799 USB: gadget: fix illegal array access in binding with UDC (CVE-2020-13143) 2020-05-29 21:35:13 +02:00
Salvatore Bonaccorso aefd886eef scsi: sg: add sg_remove_request in sg_write (CVE-2020-12770) 2020-05-29 21:23:18 +02:00
Salvatore Bonaccorso 92ed2f689a [x86] KVM: SVM: Fix potential memory leak in svm_cpu_init() (CVE-2020-12768) 2020-05-29 14:03:17 +02:00
Salvatore Bonaccorso 2fe68e87e7 USB: core: Fix free-while-in-use bug in the USB S-Glibrary (CVE-2020-12464) 2020-05-29 13:49:18 +02:00
Salvatore Bonaccorso 34284455a6 fs/namespace.c: fix mountpoint reference counter race (CVE-2020-12114) 2020-05-28 23:34:11 +02:00
Salvatore Bonaccorso b3b40efebd selinux: properly handle multiple messages in selinux_netlink_send() (CVE-2020-10751) 2020-05-28 23:02:50 +02:00
Salvatore Bonaccorso a4fb2a7b76 include/uapi/linux/swab.h: fix userspace breakage, use __BITS_PER_LONG for swap
Closes: #960271
2020-05-13 17:45:56 +02:00
Ben Hutchings 195b1745c4 Avoid an ABI change for SRBDS
Adding the x86_cpu_id::steppings field is an ABI change.  It doesn't
seem worth the trouble of another ABI bump just to be able to report
some potential future CPU steppings as invulnerable.  Until we have
other change that require an ABI bump, we'll match the affected models
regardless of stepping.

Keep the reverted patch in the queue so that the reverting patch will
continue to be applied when we rebase onto a new stable update.
2020-05-05 02:21:33 +01:00
Ben Hutchings 0f2a83859c [x86] Add support for mitigation of SRBDS (CVE-2020-0543)
Apply the current version of the backport to 4.19.
2020-05-05 02:07:33 +01:00
Salvatore Bonaccorso 136062cf83 Prepare to release linux (4.19.118-2). 2020-04-29 11:38:42 +02:00
Salvatore Bonaccorso cfb6935a87 Add ABI reference for 4.19.0-9
Gbp-Dch: Ignore
2020-04-29 10:36:57 +02:00
Salvatore Bonaccorso c977ce99a1 Release linux (4.19.98-1+deb10u1).
-----BEGIN PGP SIGNATURE-----
 
 iQKmBAABCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl6maCdfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
 ZWJpYW4ub3JnAAoJEAVMuPMTQ89EBtYP/1W8Y1dU9kCrJyK3Nz+HFwEKoe/ha1+t
 vcjf4E1TOSUh30eaKaD6GVBp7iCK/tGDBxyfUerDltmilVRDt7f9mE/4CFt3e26y
 S4DtsI5paoL1O/1uqbpG+53E5TPDw7CCJNkZ22/vjK++YzToaOjJIsTtZnHNNYwd
 nMYtGqhn95NiZ//nNsV4wgSF9vXIgWuWvAEY80KdmfBYUVicUz8HyZB9Q5ErH1e7
 /Fi9n7U/0F+PgcZSyLhS9vwlMY36HuuemYYMBzN48J2xL/73ttwoe0MU4Aieu1yX
 iVMsrVc/X5JWjHiSpsrExCYvHrRXG9v4kWMOs+piD1yFi7oxD/fNy+043jJqmyOV
 hu+3RX6BkNrw1jhLzDRYbOTz8Z09BXrUnXhyWLD5Z1ZgM1K5tQV0vCsiZBqyBHTK
 owSVaOSDxHWTa9zSmIDTMPN6ljaQML2G1lF6F+AUKg4hqqjydlikgpJGSmjfs3Pd
 YN2I9rfCpSuovYIUQXl38g4yLZC5onhEzLqFBBfxHJClND/nf27HARs6c0f72RlU
 6aHrPgZpj2JPE/r1PoUej4lyhIbFzdJIOf2b26ZUvQC+sMUsxE0SonpFQqjDZggJ
 cAqM5p80gbR8zGtBStwGGo0QljHdHbrzbnYfNQC/uGph0uYTvL+6BscUzO+RnYmx
 9hKy2cqOWLez
 =akKy
 -----END PGP SIGNATURE-----

Merge tag 'debian/4.19.98-1+deb10u1' into buster

Release linux (4.19.98-1+deb10u1).
2020-04-28 23:07:38 +02:00
Salvatore Bonaccorso f6cd3dfc5b Prepare to release linux (4.19.98-1+deb10u1). 2020-04-27 07:05:40 +02:00
Salvatore Bonaccorso a8fc50657f [s390x] mm: fix page table upgrade vs 2ndary address mode accesses (CVE-2020-11884) 2020-04-26 21:03:38 +02:00
Salvatore Bonaccorso 3e765ace82 mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (CVE-2020-11565) 2020-04-26 20:58:02 +02:00
Salvatore Bonaccorso 2c376b16e6 vhost: Check docket sk_family instead of call getname (CVE-2020-10942) 2020-04-26 20:53:46 +02:00
Salvatore Bonaccorso 241912ed84 vfs: fix do_last() regression 2020-04-26 20:53:45 +02:00
Salvatore Bonaccorso d3e1b6996d do_last(): fetch directory ->i_mode and ->i_uid before it's too late (CVE-2020-8428) 2020-04-26 20:53:45 +02:00
Salvatore Bonaccorso a688ee48fb KVM: nVMX: Don't emulate instructions in guest mode (CVE-2020-2732) 2020-04-26 20:53:45 +02:00
Salvatore Bonaccorso 5cdd44bf16 Add ABI reference for 4.19.0-8
Gbp-Dch: Ignore
2020-04-26 20:53:45 +02:00
Ben Hutchings f142b431b1 Prepare to release linux (4.19.118-1). 2020-04-26 14:04:11 +01:00
Salvatore Bonaccorso 65ba05e78d blktrace: fix dereference after null check 2020-04-26 11:28:32 +02:00
Salvatore Bonaccorso a5acdf855d blktrace: Protect q->blk_trace with RCU (CVE-2019-19768) 2020-04-26 11:25:38 +02:00
Salvatore Bonaccorso 6fe845e460 net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup (CVE-2020-1749) 2020-04-26 11:20:05 +02:00
Salvatore Bonaccorso 79c0009334 net: ipv6: add net argument to ip6_dst_lookup_flow 2020-04-26 11:14:36 +02:00
Salvatore Bonaccorso 765258c0c8 Update commit message for f2fs patch to include note on backport
Gbp-Dch: Ignore
2020-04-26 11:13:27 +02:00
Salvatore Bonaccorso cfa7bd0b02 f2fs: fix to avoid memory leakage in f2fs_listxattr (CVE-2020-0067) 2020-04-26 11:06:23 +02:00
Salvatore Bonaccorso 01ac87b05e Add CVE id reference for CVE-2020-11494 2020-04-24 05:55:07 +02:00
Salvatore Bonaccorso 1e0b8b17f3 Update to 4.19.118
Cleanup debian/changelog file

Refresh "firmware: Remove redundant log messages from drivers" for context changes in 4.19.118
2020-04-23 20:41:14 +02:00
Ben Hutchings 37343cff01 Merge branch 'buster+ksm' into 'buster'
[buster] cloud: enable CONFIG_KSM for cloud

See merge request kernel-team/linux!229
2020-04-22 13:35:13 +00:00
Ben Hutchings f248c110af Merge branch 'carnil/linux-4.19-stable-updates' into buster
WIP: 4.19 stable updates

See merge request kernel-team/linux!213
2020-04-22 14:33:44 +01:00
Ben Hutchings c2a32c869d Bump ABI to 9 2020-04-22 04:04:25 +01:00
Ben Hutchings efae16e787 debian/changelog: Comma-separate multiple CVE IDs for the same change 2020-04-22 04:02:55 +01:00
Ben Hutchings 9570b230d4 debian/changelog: Add/correct arch-qualifications for some stable changes
Model-specific quirks are only relevant to that model's CPU
architecture.
2020-04-22 04:02:01 +01:00