Commit Graph

14216 Commits

Author SHA1 Message Date
Noah Meyerhans 62e5e3199d Remove obsolete patches 2019-11-20 16:24:37 -08:00
Benjamin Poirier 016066336b tools/perf: Add python3 support to scripts 2019-11-20 15:04:24 +09:00
Noah Meyerhans c064eca42f New upstream version 4.19.81 2019-11-19 16:03:48 -08:00
Salvatore Bonaccorso 3e9a6acd20 ipv4: Return -ENETUNREACH if we can't create route but saddr is valid
Closes: #945023
2019-11-19 08:00:10 +01:00
Salvatore Bonaccorso 014f165375 Release linux (4.19.67-2+deb10u2).
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAl3JkpgACgkQ57/I7JWG
 EQkwVhAAwN5/oNLjJcrhJjGvLW36QIcli05GoNH1hqLNlppwFwzxFYms5f4Y0uAn
 lu5wWo59jL2xqnZ0azNg7ukujVUyLuVEsBuShCBmkSWtt+3mXjKJay1lnwtEei1R
 w2WnXIsAFdSocpnCq7BfQi0sGgUetPJANkkXe019x8H7DmzugisnArp4hX7e7eU5
 JaRuugKTquYjPNN1mQaNS3/C6ODWRBZlTjafznZ3lTme9ku195oUAJWvyU6/AMDB
 +QB9lnaWVNsWkKt3Hx0yquY6sFHYhDhxxKXdULWDwjTW4r1Ye5DKJT433gbKjhTZ
 sILbbXMs2eEv9KM+NvMB96s32z+dc59q1KM3IeAKqQljsqngquqvBQtFRqJYtUCA
 k4HY0wO/2EapWnYnO0z7XekjolZlK7Nj6aldysZ8f6V1q13apPraYKscQyMLTAfy
 CXaUP3bsaxKZvEtlz4+x9OHIqKVrIzI8mLujcpgildz8E3bToXZCgK+CzIAFCdy+
 vY1wUoP5S/DCdgvAIzyT9g2VoFae3DNRNv2DSC53FMHaD1PRwE2wf4XgXSAc4hC+
 s3orsvA8PpHj7BpAa3D3JnrZbP/kAn+rFCqUha/6cs5npOUwpSs1SNdil60K130q
 dS9KcnWY2Do7fp6xc0T4WCRcR6osDJp3WzTmuHpHivfuP26VwXY=
 =aKic
 -----END PGP SIGNATURE-----

Merge tag 'debian/4.19.67-2+deb10u2' into buster

Release linux (4.19.67-2+deb10u2).
2019-11-19 07:42:38 +01:00
Ben Hutchings c3649501d0 Prepare to release linux (4.19.67-2+deb10u2). 2019-11-11 00:30:56 +00:00
Ben Hutchings 9a2df80e9d Drop "x86/cpu: Add Tremont to the cpu vulnerability whitelist"
We don't have this CPU ID, and I don't see the point in adding it
right now.
2019-11-11 00:29:38 +00:00
Ben Hutchings 6d8b0092bb [x86] drm/i915/cmdparser: Fix jump whitelist clearing
Fix a flaw I found in the mitigation for CVE-2019-0155.
2019-11-10 22:41:41 +00:00
Ben Hutchings feec1caa94 [x86] i915: Add mitigations for two hardware security flaws 2019-11-10 02:53:32 +00:00
Ben Hutchings c2443a2e97 [x86] Update TAA and NX fixes to pending stable backports 2019-11-09 20:17:15 +00:00
Salvatore Bonaccorso be004c1b69 x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs 2019-11-08 00:14:38 +01:00
Ben Hutchings 37baed7166 [x86] Update TAA (Borislav v2) and NX (v9) fixes
The upstream commits for these are now finalised, so we shouldn't need
to replace patches after this (but might need to add more).
2019-11-07 18:10:48 +00:00
Salvatore Bonaccorso cd92ab49c4 KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active 2019-11-07 17:32:14 +01:00
Ben Hutchings 7dc63644f2 Merge branch 'ena-backport-from-5.4' into 'buster'
drivers/net/ethernet/amazon: Backport ENA driver from Linux 5.4

See merge request kernel-team/linux!172
2019-10-30 15:27:16 +00:00
Noah Meyerhans 87c48ee54f drivers/net/ethernet/amazon: Backport ENA driver from Linux 5.4 2019-10-29 09:47:59 -07:00
Ben Hutchings 02d8d0c5b0 Merge branch 'rpi3_a_plus' into 'buster'
[armhf, arm64] Add patches from 5.1 for enabling support for the Raspberry PI 3 A+

See merge request kernel-team/linux!134
2019-10-27 14:24:25 +00:00
Bastian Blank dbb59eba34 [amd64/cloud-amd64] Re-enable RTC drivers 2019-10-25 23:30:18 +02:00
Ben Hutchings 537ad2315a [x86] Update TAA patch set to v7 2019-10-24 22:52:37 +01:00
Ben Hutchings b2cc5e7f74 [x86] Update NX patch set to v7 2019-10-24 22:48:50 +01:00
Ben Hutchings 96c0e74c50 [x86] Add mitigation for TSX Asynchronous Abort (CVE-2019-11135)
This is a backport of v6 of the TAA patch set, and will probably
require updates before release.  The subject lines for these patches
didn't come through.
2019-10-20 14:51:55 +01:00
Ben Hutchings d9bd594144 [x86] KVM: Add mitigation for Machine Check Error on Page Size Change
(aka iTLB multi-hit, CVE-2018-12207)

This is a backport of v6 of the "NX" patch set, and will probably
require updates before release.
2019-10-20 14:46:13 +01:00
Ben Hutchings 9aee5ae400 debian/patches/series: Apply security fixes last (except ABI maintenance)
The security fixes are where we have the greatest churn, so it's
convenient if they can be pushed/popped without having to go through
other patches.
2019-10-20 14:37:29 +01:00
Romain Perier 1df282987d [armhf, arm64] Backport devicetree for enabling support for the Raspberry PI 3 A+
We already have everything we need inside the kernel 4.19.x for
supporting this board. backporting patches from upstream so we get
the support for buster.
2019-10-16 20:07:45 +02:00
Salvatore Bonaccorso 530030f117 ixgbe: Fix secpath usage for IPsec TX offload
Closes: #930443
2019-10-15 22:57:58 +02:00
Salvatore Bonaccorso 63680f3314 Release linux (4.19.67-2+deb10u1).
-----BEGIN PGP SIGNATURE-----
 
 iQKmBAABCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl2EsyhfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
 ZWJpYW4ub3JnAAoJEAVMuPMTQ89ErG0QAKEp2inuWb4xyie24D6ZDbpTWi/37uWW
 2E8bYiMguHGv3tJgqBKkz0YQ0BdPYcSk8Jxx9SrHNPvA6TQ8eUup17a9lrPucruj
 TcLGyK+d5RG8YX+8ssyrGuC6uG+tO4oYUf4y/Tb+jYH1VOTBasUs3RF0l0bVq33e
 BvGJZ4ITkkITmuPv+0/EJs5cbhxtshZ0g63Ojkq1KkcpJI9ZORhgYeOEzMca3qkN
 3OkPvl2AcGE027aXQpigvPxfg0S2MpdGLf0aqmpifZbfB69G0f8QihmJ0PEaX72w
 1cxFqePBV/noLq9acXOVtdWts2Ufldm8ytn7/BMu+s5utX/jQU/WVCorBWNCVN58
 yYLBiLE6hatjhShKDvj20g4aiF8hHzErdlyrs+3jtkElvKvQhw/h8MDyNsvVD70H
 UhQH8kdMf3VJ0y4J/PkWXKiBvQJAbUosGFz0LRJUuhoys7CQEP0CGB/iJsIbLMZ9
 eRovrwxM2zJNtPFE0R80pZXsb0e2WJHsPY9Ta2OHZHaDEGP2wwnD/wvWo+zIFx9K
 YJNYDsnChGwqWqIEvpf3nJVObUfQFOkpWuG3QeFRr3xAujIjOsHMjH8UGdRQMNen
 8w0mGMcbnclAHZ7zk3GEHp83qsyH7tCFj37W0ZO8YHj2nMrFMc9D3RGPjvoZ//jM
 gRJoAn5pdfE+
 =QEEi
 -----END PGP SIGNATURE-----

Merge tag 'debian/4.19.67-2+deb10u1' into buster

Release linux (4.19.67-2+deb10u1).
2019-10-15 22:48:01 +02:00
Romain Perier ae1a40e9a5 [armel/rpi] Enable CONFIG_BRCMFMAC_SDIO (Closes: #940530) 2019-09-30 16:55:52 +02:00
Salvatore Bonaccorso f13b3cd992 Prepare to release linux (4.19.67-2+deb10u1). 2019-09-20 12:51:56 +02:00
Salvatore Bonaccorso 942d6ddd3f KVM: coalesced_mmio: add bounds checking (CVE-2019-14821) 2019-09-19 17:16:06 +02:00
Salvatore Bonaccorso c0096a08f9 [x86] ptrace: fix up botched merge of spectrev1 fix (CVE-2019-15902) 2019-09-18 21:35:01 +02:00
Salvatore Bonaccorso 78f0b2574a vhost: make sure log_num < in_num (CVE-2019-14835) 2019-09-13 06:12:11 +02:00
Romain Perier 782d6ea880 ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term
(CVE-2019-15118)
2019-09-12 22:40:43 +02:00
Romain Perier aa8fb19232 ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit
(CVE-2019-15117)

[carnil: Use 4.19.67-2+deb10u1 version for buster-security branch]
2019-09-12 22:40:21 +02:00
Romain Perier 484d0b5f4b ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term
(CVE-2019-15118)
2019-08-28 13:38:41 +02:00
Romain Perier 80e547b069 ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit
(CVE-2019-15117)
2019-08-28 13:38:34 +02:00
Salvatore Bonaccorso ff672b98a7 Prepare to release linux (4.19.67-2). 2019-08-28 06:20:22 +02:00
Salvatore Bonaccorso e10bab8d2e Reference assigned CVE id for CVE-2019-15538
Gbp-Dch: Ignore
2019-08-25 17:31:05 +02:00
Salvatore Bonaccorso 4bdf2132ff Add ABI reference for 4.19.0-6 (for remaining architectures)
Gbp-Dch: Ignore
2019-08-24 21:07:35 +02:00
Salvatore Bonaccorso a065e442e2 xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT 2019-08-24 20:51:54 +02:00
Ben Hutchings c16e2b46f8 Merge branch 'buster-raspberry-pi-cm3' into 'buster'
buster: Raspberry Pi CM3 support

See merge request kernel-team/linux!169
2019-08-22 21:14:33 +00:00
Cyril Brulebois 1b40f700ac [arm64] Backport DTB support for Rasperry Pi Compute Module 3.
Tested-by: Charles Fendt <charles.fendt@me.com>
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
(cherry picked from commit de7501857cae4892f52d8c56c2184be548709052)
2019-08-22 21:16:10 +02:00
Cyril Brulebois 10dd2b634c [arm] Backport DTB support for Rasperry Pi Compute Module 3.
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
(cherry picked from commit 64801af590540b4494f408b95a31fbe07963784d)
2019-08-22 21:16:10 +02:00
Ben Hutchings 57f74f6573 netfilter: conntrack: Use consistent ct id hash calculation
This fixes a regression in 4.19.44.
2019-08-22 20:04:20 +01:00
Ben Hutchings 00ee7f7173 [ppc64el] Avoid ABI change for disabling TM
Ignore removal of TM functions that are exported for use by KVM.
2019-08-22 20:03:54 +01:00
Ben Hutchings 019113b013 [ppc64el] Disable PPC_TRANSACTIONAL_MEM (Closes: #866122) 2019-08-22 20:03:19 +01:00
Ben Hutchings 7ee3696c10 KVM: Ignore ABI changes
We already ignored most of them, but missed some.  Group together
all the KVM patterns in debian/config/defines.
2019-08-22 20:02:52 +01:00
Ben Hutchings 4bd63c744d Add ABI reference for 4.19.0-6 (only a few architectures) 2019-08-22 19:21:52 +01:00
Ben Hutchings eaab250914 Merge remote-tracking branch 'salsa/buster' into buster
Since I've already uploaded 4.19.67-1, open a new changelog entry for
Salvatore's change.
2019-08-21 23:39:23 +01:00
Salvatore Bonaccorso 9bf2130b62 dm: disable DISCARD if the underlying storage no longer supports it
Closes: #934331
2019-08-21 21:41:04 +02:00
Salvatore Bonaccorso 8d3b3b09b9 Add CVE id for CVE-2019-15215 2019-08-21 21:30:17 +02:00
Salvatore Bonaccorso 2de12d5f21 Add CVE id for CVE-2019-15211 2019-08-21 21:29:45 +02:00